diff --git a/README.md b/README.md index edff6eb..fa11713 100644 --- a/README.md +++ b/README.md @@ -45,9 +45,15 @@ $ ./rpi.sh --help # Desktop manager (xfce, gnome, kde, i3, lxde, mate, e17 or none) ./rpi.sh --desktop kde -# Enable debug & log file +# Minimal image - no desktop manager & default tools +./rpi.sh --minimal + +# Enable debug & log file (./logs/.log) ./rpi.sh --debug +# Perform extra checks on the images build +./rpi.sh --extra + # Help screen (this) ./rpi.sh --help $ @@ -65,4 +71,4 @@ $ echo 'mirror="http://192.168.1.100/kali"' > ./builder.txt - - - -Sat Sep 19 03:34:36 UTC 2021 +Tue Oct 12 20:48:42 UTC 2021 diff --git a/banana-pi.sh b/banana-pi.sh index 9bbf06b..59984cb 100755 --- a/banana-pi.sh +++ b/banana-pi.sh @@ -1,20 +1,12 @@ #!/usr/bin/env bash # # Kali Linux ARM build-script for Banana Pi (32-bit) -# Source: https://gitlab.com/kalilinux/build-scripts/kali-arm +# https://gitlab.com/kalilinux/build-scripts/kali-arm # -# This is a supported device - which you can find pre-generated images for: https://www.kali.org/get-kali/ +# This is a supported device - which you can find pre-generated images for # More information: https://www.kali.org/docs/arm/banana-pi/ # -# Stop on error -set -e - -# shellcheck disable=SC2154 -# Load general functions -# shellcheck source=/dev/null -source ./common.d/functions.sh - # Hardware model hw_model=${hw_model:-"banana-pi"} # Architecture @@ -24,101 +16,21 @@ variant=${variant:-"${architecture}"} # Desktop manager (xfce, gnome, i3, kde, lxde, mate, e17 or none) desktop=${desktop:-"xfce"} -# Load common variables -include variables -# Checks script environment -include check -# Packages build list -include packages -# Execute initial debootstrap -debootstrap_exec http://http.kali.org/kali -# Enable eatmydata in compilation -include eatmydata -# debootstrap second stage -systemd-nspawn_exec eatmydata /debootstrap/debootstrap --second-stage -# Define sources.list -include sources.list -# APT options -include apt_options -# So X doesn't complain, we add kali to hosts -include hosts -# Set hostname -set_hostname "${hostname}" +# Load default base_image configs +source ./common.d/base_image.sh + # Network configs include network add_interface eth0 -# Copy directory bsp into build dir -status "Copy directory bsp into build dir" -cp -rp bsp "${work_dir}" - # Third stage -cat < "${work_dir}"/third-stage -#!/usr/bin/env bash -set -e -status_3i=0 -status_3t=\$(grep '^status_stage3 ' \$0 | wc -l) - -status_stage3() { - status_3i=\$((status_3i+1)) - echo " [i] Stage 3 (\${status_3i}/\${status_3t}): \$1" -} - -status_stage3 'Update apt' -export DEBIAN_FRONTEND=noninteractive -eatmydata apt-get update - -status_stage3 'Install core packages' -eatmydata apt-get -y install ${third_stage_pkgs} - -status_stage3 'Install packages' -eatmydata apt-get install -y ${packages} || eatmydata apt-get install -y --fix-broken - -status_stage3 'Install desktop packages' -eatmydata apt-get install -y ${desktop_pkgs} ${extra} || eatmydata apt-get install -y --fix-broken - -status_stage3 'ntp doesn't always sync the date, but systemd's timesyncd does, so we remove ntp and reinstall it with this' -eatmydata apt-get install -y systemd-timesyncd --autoremove - -status_stage3 'Clean up' -eatmydata apt-get -y --purge autoremove - -status_stage3 'Linux console/keyboard configuration' -echo 'console-common console-data/keymap/policy select Select keymap from full list' | debconf-set-selections -echo 'console-common console-data/keymap/full select en-latin1-nodeadkeys' | debconf-set-selections - -status_stage3 'Copy all services' -cp -p /bsp/services/all/*.service /etc/systemd/system/ +cat <> "${work_dir}"/third-stage +status_stage3 'Copy rpi services' cp -p /bsp/services/rpi/*.service /etc/systemd/system/ status_stage3 'Install the kernel packages' eatmydata apt-get install -y linux-image-armmp u-boot-menu u-boot-sunxi -status_stage3 'Regenerated the shared-mime-info database on the first boot since it fails to do so properly in a chroot' -systemctl enable smi-hack - -status_stage3 'Copy script rpi-resizerootfs' -install -m755 /bsp/scripts/rpi-resizerootfs /usr/sbin/ -install -m755 /bsp/scripts/growpart /usr/local/bin/ - -status_stage3 'Enable rpi-resizerootfs first boot' -systemctl enable rpi-resizerootfs - -status_stage3 'Generate SSH host keys on first run' -systemctl enable regenerate_ssh_host_keys - -status_stage3 'Enable ssh' -systemctl enable ssh - -status_stage3 'Allow users to use NetworkManager over ssh' -install -m644 /bsp/polkit/10-NetworkManager.pkla /var/lib/polkit-1/localauthority/50-local.d - -status_stage3 'Set a REGDOMAIN' -sed -i -e 's/REGDOM.*/REGDOMAIN=00/g' /etc/default/crda - -status_stage3 'Enable login over serial' -echo "T0:23:respawn:/sbin/agetty -L ttyS0 115200 vt100" >> /etc/inittab - status_stage3 'Load the ethernet module since it does not load automatically at boot' echo "sunxi_emac" >> /etc/modules @@ -126,27 +38,12 @@ status_stage3 'Create xorg config snippet to use fbdev driver' mkdir -p /etc/X11/xorg.conf.d/ cp /bsp/xorg/20-fbdev.conf /etc/X11/xorg.conf.d/ -status_stage3 'Try and make the console a bit nicer. Set the terminus font for a bit nicer display' -sed -i -e 's/FONTFACE=.*/FONTFACE="Terminus"/' /etc/default/console-setup -sed -i -e 's/FONTSIZE=.*/FONTSIZE="6x12"/' /etc/default/console-setup - -status_stage3 'Fix startup time from 5 minutes to 15 secs on raise interface wlan0' -sed -i 's/^TimeoutStartSec=5min/TimeoutStartSec=15/g' "/usr/lib/systemd/system/networking.service" - -status_stage3 'Enable runonce' -install -m755 /bsp/scripts/runonce /usr/sbin/ -cp -rf /bsp/runonce.d /etc -systemctl enable runonce - -status_stage3 'Clean up dpkg.eatmydata' -rm -f /usr/bin/dpkg -dpkg-divert --remove --rename /usr/bin/dpkg +status_stage3 'Enable login over serial (No password)' +echo "T0:23:respawn:/sbin/agetty -L ttyS0 115200 vt100" >> /etc/inittab EOF # Run third stage -chmod 0755 "${work_dir}"/third-stage -status "Run third stage" -systemd-nspawn_exec /third-stage +include third_stage # Clean system include clean_system @@ -176,8 +73,8 @@ mkfs -O "$features" -t "$fstype" -L ROOTFS "${rootp}" # Create the dirs for the partitions and mount them status "Create the dirs for the partitions and mount them" -mkdir -p ${base_dir}/root -mount ${rootp} ${base_dir}/root +mkdir -p "${base_dir}"/root +mount ${rootp} "${base_dir}"/root # Create an fstab so that we don't mount / read-only status "Fix rootfs entry in /etc/fstab" @@ -195,36 +92,12 @@ status "Set the default options in /etc/default/u-boot" echo 'U_BOOT_MENU_LABEL="Kali Linux"' >> ${work_dir}/etc/default/u-boot echo 'U_BOOT_PARAMETERS="console=tty1 consoleblank=0 ro rootwait"' >> ${work_dir}/etc/default/u-boot -status "Rsyncing rootfs to image file" +status "Rsyncing rootfs into image file" rsync -HPavz -q ${work_dir}/ ${base_dir}/root/ sync -# Flush buffers and bytes - this is nicked from the Devuan arm-sdk -blockdev --flushbufs "${loopdevice}" -python3 -c 'import os; os.fsync(open("'${loopdevice}'", "r+b"))' - -# Unmount filesystem -status "Unmount filesystem" -umount -l "${rootp}" - +status "dd to ${loopdevice} (u-boot bootloader)" dd if=${work_dir}/usr/lib/u-boot/Bananapi/u-boot-sunxi-with-spl.bin of=${loopdevice} bs=1024 seek=8 -# Check filesystem -status "Check filesystem" -e2fsck -y -f "${rootp}" - -# Remove loop devices -status "Remove loop devices" -kpartx -dv "${loopdevice}" -losetup -d "${loopdevice}" - -# Compress image compilation -include compress_img - -# Clean up all the temporary build stuff and remove the directories -# Comment this out to keep things around if you want to see what may have gone wrong -clean_build - -# Quit -log "Done" green -exit 0 +# Load default finish_image configs +include finish_image diff --git a/banana-pro.sh b/banana-pro.sh index 21b10c6..8416f6a 100755 --- a/banana-pro.sh +++ b/banana-pro.sh @@ -1,20 +1,12 @@ #!/usr/bin/env bash # # Kali Linux ARM build-script for Banana Pro (32-bit) -# Source: https://gitlab.com/kalilinux/build-scripts/kali-arm +# https://gitlab.com/kalilinux/build-scripts/kali-arm # -# This is a supported device - which you can find pre-generated images for: https://www.kali.org/get-kali/ +# This is a supported device - which you can find pre-generated images for # More information: https://www.kali.org/docs/arm/banana-pro/ # -# Stop on error -set -e - -# shellcheck disable=SC2154 -# Load general functions -# shellcheck source=/dev/null -source ./common.d/functions.sh - # Hardware model hw_model=${hw_model:-"banana-pro"} # Architecture @@ -24,119 +16,27 @@ variant=${variant:-"${architecture}"} # Desktop manager (xfce, gnome, i3, kde, lxde, mate, e17 or none) desktop=${desktop:-"xfce"} -# Load common variables -include variables -# Checks script environment -include check -# Packages build list -include packages -# Execute initial debootstrap -debootstrap_exec http://http.kali.org/kali -# Enable eatmydata in compilation -include eatmydata -# debootstrap second stage -systemd-nspawn_exec eatmydata /debootstrap/debootstrap --second-stage -# Define sources.list -include sources.list -# APT options -include apt_options -# So X doesn't complain, we add kali to hosts -include hosts -# Set hostname -set_hostname "${hostname}" +# Load default base_image configs +source ./common.d/base_image.sh + # Network configs include network add_interface eth0 -# Copy directory bsp into build dir -status "Copy directory bsp into build dir" -cp -rp bsp "${work_dir}" - # Third stage -cat < "${work_dir}"/third-stage -#!/usr/bin/env bash -set -e -status_3i=0 -status_3t=\$(grep '^status_stage3 ' \$0 | wc -l) - -status_stage3() { - status_3i=\$((status_3i+1)) - echo " [i] Stage 3 (\${status_3i}/\${status_3t}): \$1" -} - -status_stage3 'Update apt' -export DEBIAN_FRONTEND=noninteractive -eatmydata apt-get update - -status_stage3 'Install core packages' -eatmydata apt-get -y install ${third_stage_pkgs} - -status_stage3 'Install packages' -eatmydata apt-get install -y ${packages} || eatmydata apt-get install -y --fix-broken - -status_stage3 'Install desktop packages' -eatmydata apt-get install -y ${desktop_pkgs} ${extra} || eatmydata apt-get install -y --fix-broken - -status_stage3 'ntp doesn't always sync the date, but systemd's timesyncd does, so we remove ntp and reinstall it with this' -eatmydata apt-get install -y systemd-timesyncd --autoremove - -status_stage3 'Clean up' -eatmydata apt-get -y --purge autoremove - -status_stage3 'Linux console/keyboard configuration' -echo 'console-common console-data/keymap/policy select Select keymap from full list' | debconf-set-selections -echo 'console-common console-data/keymap/full select en-latin1-nodeadkeys' | debconf-set-selections - -status_stage3 'Copy all services' -cp -p /bsp/services/all/*.service /etc/systemd/system/ +cat <> "${work_dir}"/third-stage +status_stage3 'Copy rpi services' cp -p /bsp/services/rpi/*.service /etc/systemd/system/ status_stage3 'Install the kernel packages' eatmydata apt-get install -y linux-image-armmp u-boot-menu u-boot-sunxi -status_stage3 'Copy script rpi-resizerootfs' -install -m755 /bsp/scripts/rpi-resizerootfs /usr/sbin/ -install -m755 /bsp/scripts/growpart /usr/local/bin/ - -status_stage3 'Enable rpi-resizerootfs first boot' -systemctl enable rpi-resizerootfs - -status_stage3 'Generate SSH host keys on first run' -systemctl enable regenerate_ssh_host_keys - -status_stage3 'Enable ssh' -systemctl enable ssh - -status_stage3 'Allow users to use NetworkManager over ssh' -install -m644 /bsp/polkit/10-NetworkManager.pkla /var/lib/polkit-1/localauthority/50-local.d - -status_stage3 'Set a REGDOMAIN' -sed -i -e 's/REGDOM.*/REGDOMAIN=00/g' /etc/default/crda - -status_stage3 'Enable login over serial' +status_stage3 'Enable login over serial (No password)' echo "T0:23:respawn:/sbin/agetty -L ttyAMA0 115200 vt100" >> /etc/inittab - -status_stage3 'Try and make the console a bit nicer. Set the terminus font for a bit nicer display' -sed -i -e 's/FONTFACE=.*/FONTFACE="Terminus"/' /etc/default/console-setup -sed -i -e 's/FONTSIZE=.*/FONTSIZE="6x12"/' /etc/default/console-setup - -status_stage3 'Fix startup time from 5 minutes to 15 secs on raise interface wlan0' -sed -i 's/^TimeoutStartSec=5min/TimeoutStartSec=15/g' "/usr/lib/systemd/system/networking.service" - -status_stage3 'Enable runonce' -install -m755 /bsp/scripts/runonce /usr/sbin/ -cp -rf /bsp/runonce.d /etc -systemctl enable runonce - -status_stage3 'Clean up dpkg.eatmydata' -rm -f /usr/bin/dpkg -dpkg-divert --remove --rename /usr/bin/dpkg EOF # Run third stage -chmod 0755 "${work_dir}"/third-stage -status "Run third stage" -systemd-nspawn_exec /third-stage +include third_stage # Clean system include clean_system @@ -189,32 +89,8 @@ status "Rsyncing rootfs into image file" rsync -HPavz -q ${work_dir}/ ${base_dir}/root/ sync -# Flush buffers and bytes - this is nicked from the Devuan arm-sdk -blockdev --flushbufs "${loopdevice}" -python3 -c 'import os; os.fsync(open("'${loopdevice}'", "r+b"))' - -# Unmount filesystem -status "Unmount filesystem" -umount -l "${rootp}" - +status "dd to ${loopdevice} (u-boot bootloader)" dd if=${work_dir}/usr/lib/u-boot/Bananapro/u-boot-sunxi-with-spl.bin of=${loopdevice} bs=1024 seek=8 -# Check filesystem -status "Check filesystem" -e2fsck -y -f "${rootp}" - -# Remove loop devices -status "Remove loop devices" -kpartx -dv "${loopdevice}" -losetup -d "${loopdevice}" - -# Compress image compilation -include compress_img - -# Clean up all the temporary build stuff and remove the directories -# Comment this out to keep things around if you want to see what may have gone wrong -clean_build - -# Quit -log "Done" green -exit 0 +# Load default finish_image configs +include finish_image diff --git a/beaglebone-black.sh b/beaglebone-black.sh index 6c22ca7..c997e54 100755 --- a/beaglebone-black.sh +++ b/beaglebone-black.sh @@ -1,20 +1,12 @@ #!/usr/bin/env bash # -# Kali Linux ARM build-script for BeagleBone Black (32-bit) -# Source: https://gitlab.com/kalilinux/build-scripts/kali-arm +# Kali Linux ARM build-script for Beaglebone Black (32-bit) +# https://gitlab.com/kalilinux/build-scripts/kali-arm # # This is a community script - you will need to generate your own image to use # More information: https://www.kali.org/docs/arm/beaglebone-black/ # -# Stop on error -set -e - -# shellcheck disable=SC2154 -# Load general functions -# shellcheck source=/dev/null -source ./common.d/functions.sh - # Hardware model hw_model=${hw_model:-"beaglebone-black"} # Architecture @@ -24,95 +16,18 @@ variant=${variant:-"${architecture}"} # Desktop manager (xfce, gnome, i3, kde, lxde, mate, e17 or none) desktop=${desktop:-"xfce"} -# Load common variables -include variables -# Checks script environment -include check -# Packages build list -include packages -# Execute initial debootstrap -debootstrap_exec http://http.kali.org/kali -# Enable eatmydata in compilation -include eatmydata -# debootstrap second stage -systemd-nspawn_exec eatmydata /debootstrap/debootstrap --second-stage -# Define sources.list -include sources.list -# APT options -include apt_options -# So X doesn't complain, we add kali to hosts -include hosts -# Set hostname -set_hostname "${hostname}" +# Load default base_image configs +source ./common.d/base_image.sh + # Network configs include network add_interface eth0 -# Copy directory bsp into build dir -status "Copy directory bsp into build dir" -cp -rp bsp "${work_dir}" - # Third stage -cat < "${work_dir}"/third-stage -#!/usr/bin/env bash -set -e -status_3i=0 -status_3t=\$(grep '^status_stage3 ' \$0 | wc -l) - -status_stage3() { - status_3i=\$((status_3i+1)) - echo " [i] Stage 3 (\${status_3i}/\${status_3t}): \$1" -} - -status_stage3 'Update apt' -export DEBIAN_FRONTEND=noninteractive -eatmydata apt-get update - -status_stage3 'Install core packages' -eatmydata apt-get -y install ${third_stage_pkgs} - -status_stage3 'Install packages' -eatmydata apt-get install -y ${packages} || eatmydata apt-get install -y --fix-broken - -status_stage3 'Install desktop packages' -eatmydata apt-get install -y ${desktop_pkgs} ${extra} || eatmydata apt-get install -y --fix-broken - -status_stage3 'ntp doesn't always sync the date, but systemd's timesyncd does, so we remove ntp and reinstall it with this' -eatmydata apt-get install -y systemd-timesyncd --autoremove - -status_stage3 'Clean up' -eatmydata apt-get -y --purge autoremove - -status_stage3 'Linux console/keyboard configuration' -echo 'console-common console-data/keymap/policy select Select keymap from full list' | debconf-set-selections -echo 'console-common console-data/keymap/full select en-latin1-nodeadkeys' | debconf-set-selections - -status_stage3 'Copy all services' -cp -p /bsp/services/all/*.service /etc/systemd/system/ +cat <> "${work_dir}"/third-stage +status_stage3 'Copy rpi services' cp -p /bsp/services/rpi/*.service /etc/systemd/system/ -status_stage3 'Copy script rpi-resizerootfs' -install -m755 /bsp/scripts/rpi-resizerootfs /usr/sbin/ -install -m755 /bsp/scripts/growpart /usr/local/bin/ - -status_stage3 'Enable rpi-resizerootfs first boot' -systemctl enable rpi-resizerootfs - -status_stage3 'Generate SSH host keys on first run' -systemctl enable regenerate_ssh_host_keys - -status_stage3 'Enable ssh' -systemctl enable ssh - -status_stage3 'Allow users to use NetworkManager over ssh' -install -m644 /bsp/polkit/10-NetworkManager.pkla /var/lib/polkit-1/localauthority/50-local.d - -status_stage3 'Set a REGDOMAIN' -sed -i -e 's/REGDOM.*/REGDOMAIN=00/g' /etc/default/crda || true - -status_stage3 'Enable login over serial' -echo "T0:23:respawn:/sbin/agetty -L ttyO0 115200 vt100" >> /etc/inittab - status_stage3 'Enable ttyO0 in udev links config' cat << _EOF_ >> /etc/udev/links.conf M ttyO0 c 5 1 @@ -123,27 +38,12 @@ cat << _EOF_ >> /etc/securetty ttyO0 _EOF_ -status_stage3 'Try and make the console a bit nicer. Set the terminus font for a bit nicer display' -sed -i -e 's/FONTFACE=.*/FONTFACE="Terminus"/' /etc/default/console-setup -sed -i -e 's/FONTSIZE=.*/FONTSIZE="6x12"/' /etc/default/console-setup - -status_stage3 'Fix startup time from 5 minutes to 15 secs on raise interface wlan0' -sed -i 's/^TimeoutStartSec=5min/TimeoutStartSec=15/g' "/usr/lib/systemd/system/networking.service" - -status_stage3 'Enable runonce' -install -m755 /bsp/scripts/runonce /usr/sbin/ -cp -rf /bsp/runonce.d /etc -systemctl enable runonce - -status_stage3 'Clean up dpkg.eatmydata' -rm -f /usr/bin/dpkg -dpkg-divert --remove --rename /usr/bin/dpkg +status_stage3 'Enable login over serial (No password)' +echo "T0:23:respawn:/sbin/agetty -L ttyO0 115200 vt100" >> /etc/inittab EOF # Run third stage -chmod 0755 "${work_dir}"/third-stage -status "Run third stage" -systemd-nspawn_exec /third-stage +include third_stage # Clean system include clean_system @@ -304,35 +204,11 @@ echo "UUID=$UUID / $fstype errors=remount-ro 0 1" >> ${wo status "Rsyncing rootfs into image file" rsync -HPavz -q --exclude boot "${work_dir}"/ "${base_dir}"/root/ +sync + status "Rsyncing rootfs into image file (/boot)" rsync -rtx -q "${work_dir}"/boot "${base_dir}"/root sync -cd "${current_dir}/" - -# Flush buffers and bytes - this is nicked from the Devuan arm-sdk -blockdev --flushbufs "${loopdevice}" -python3 -c 'import os; os.fsync(open("'${loopdevice}'", "r+b"))' - -# Unmount filesystem -status "Unmount filesystem" -umount -l "${rootp}" - -# Check filesystem -status "Check filesystem" -e2fsck -y -f "${rootp}" - -# Remove loop devices -status "Remove loop devices" -losetup -d "${loopdevice}" - -# Compress image compilation -include compress_img - -# Clean up all the temporary build stuff and remove the directories -# Comment this out to keep things around if you want to see what may have gone wrong -clean_build - -# Quit -log "Done" green -exit 0 +# Load default finish_image configs +include finish_image diff --git a/common.d/apt_options.sh b/common.d/apt_options.sh old mode 100755 new mode 100644 diff --git a/common.d/base_image.sh b/common.d/base_image.sh new file mode 100644 index 0000000..e05d0a8 --- /dev/null +++ b/common.d/base_image.sh @@ -0,0 +1,122 @@ +#!/usr/bin/env bash +# +# Every Kali ARM image starts with this +# + +# Stop on error +set -e + +# shellcheck disable=SC2154 +# Load general functions +# shellcheck source=/dev/null +source ./common.d/functions.sh + +# Load common variables +include variables +# Checks script environment +include check +# Packages build list +include packages +# Execute initial debootstrap +debootstrap_exec http://http.kali.org/kali +# Enable eatmydata in compilation +include eatmydata +# debootstrap second stage +systemd-nspawn_exec eatmydata /debootstrap/debootstrap --second-stage +# Define sources.list +include sources.list +# APT options +include apt_options +# So X doesn't complain, we add kali to hosts +include hosts +# Set hostname +set_hostname "${hostname}" +# Network configs +include network + +# Disable suspend/resume - speeds up boot massively +mkdir -p "${work_dir}/etc/initramfs-tools/conf.d/" +echo "RESUME=none" > "${work_dir}/etc/initramfs-tools/conf.d/resume" + +# Copy directory bsp into build dir +status "Copy directory bsp into build dir" +cp -rp bsp "${work_dir}" + +# Third stage +cat < "${work_dir}/third-stage" +#!/usr/bin/env bash +# Stop on error +set -e + +status_3i=0 +status_3t=\$(grep '^status_stage3 ' \$0 | wc -l) + +status_stage3() { + status_3i=\$((status_3i+1)) + echo " [i] Stage 3 (\${status_3i}/\${status_3t}): \$1" +} + +status_stage3 'Update apt' +export DEBIAN_FRONTEND=noninteractive +eatmydata apt-get update + +status_stage3 'Install core packages' +eatmydata apt-get -y install ${third_stage_pkgs} + +status_stage3 'Install packages' +eatmydata apt-get install -y ${packages} || eatmydata apt-get install -y --fix-broken +EOF + +if [ "${desktop}" != "none" ]; then + log "Desktop mode enabled: ${desktop}" green + cat <> "${work_dir}/third-stage" +status_stage3 'Install desktop packages' +eatmydata apt-get install -y ${desktop_pkgs} ${extra} || eatmydata apt-get install -y --fix-broken +EOF +fi + +cat <> "${work_dir}/third-stage" +status_stage3 'ntp does not always sync the date, but systemd-timesyncd does, so we remove ntp and reinstall it with this' +eatmydata apt-get install -y systemd-timesyncd --autoremove + +status_stage3 'Linux console/keyboard configuration' +echo 'console-common console-data/keymap/policy select Select keymap from full list' | debconf-set-selections +echo 'console-common console-data/keymap/full select en-latin1-nodeadkeys' | debconf-set-selections + +status_stage3 'Copy all services' +cp -p /bsp/services/all/*.service /etc/systemd/system/ + +status_stage3 'Enable SSH service' +systemctl enable ssh + +status_stage3 'Generate SSH host keys on first run' +systemctl enable regenerate_ssh_host_keys + +status_stage3 'Allow users to use NetworkManager over SSH' +install -m644 /bsp/polkit/10-NetworkManager.pkla /var/lib/polkit-1/localauthority/50-local.d + +status_stage3 'Copy script growpart' +install -m755 /bsp/scripts/growpart /usr/local/bin/ + +status_stage3 'Copy script rpi-resizerootfs' +install -m755 /bsp/scripts/rpi-resizerootfs /usr/sbin/ + +status_stage3 'Enable rpi-resizerootfs first boot' +systemctl enable rpi-resizerootfs + +status_stage3 'Enable runonce script' +install -m755 /bsp/scripts/runonce /usr/sbin/ +cp -rf /bsp/runonce.d /etc +systemctl enable runonce + +status_stage3 'Set a REGDOMAIN' +# This needs to be done or wireless doesnt work correctly on the RPi 3B+ +sed -i -e 's/REGDOM.*/REGDOMAIN=00/g' /etc/default/crda || true + +status_stage3 'Try and make the console a bit nicer. Set the terminus font for a bit nicer display' +sed -i -e 's/FONTFACE=.*/FONTFACE="Terminus"/' /etc/default/console-setup +sed -i -e 's/FONTSIZE=.*/FONTSIZE="6x12"/' /etc/default/console-setup + +status_stage3 'Fix startup time from 5 minutes to 15 secs on raise interface' +sed -i 's/^TimeoutStartSec=5min/TimeoutStartSec=15/g' "/usr/lib/systemd/system/networking.service" +EOF diff --git a/common.d/clean_system.sh b/common.d/clean_system.sh index 27b4e1e..8722ac8 100644 --- a/common.d/clean_system.sh +++ b/common.d/clean_system.sh @@ -1,6 +1,11 @@ #!/usr/bin/env bash # shellcheck disable=SC2154 +if [ "${debug}" = 1 ]; then + log "Skipping due to debug mode ($0 -d) being enabled" yellow + return +fi + log "clean system" green # Clean system @@ -43,5 +48,5 @@ rm -f "${work_dir}"/etc/machine-id || true touch "${work_dir}"/etc/machine-id rm -f "${work_dir}"/var/lib/dbus/machine-id || true -# Define DNS server after last running systemd-nspawn. +# Define DNS server after last running systemd-nspawn echo "nameserver ${nameserver}" >"${work_dir}"/etc/resolv.conf diff --git a/common.d/finish_image.sh b/common.d/finish_image.sh new file mode 100644 index 0000000..26f9fde --- /dev/null +++ b/common.d/finish_image.sh @@ -0,0 +1,59 @@ +#!/usr/bin/env bash +# +# Every Kali ARM image finishes with this +# + +# Stop on error +set -e + +# Say where we are +log "finish_image" green + +# Make sure we are somewhere we are not going to unmount +cd "${current_dir}/" + +# Flush buffers and bytes - this is nicked from the Devuan arm-sdk +blockdev --flushbufs "${loopdevice}" +python3 -c 'import os; os.fsync(open("'${loopdevice}'", "r+b"))' + +# Unmount filesystem +status "Unmount filesystem" +[ -n "${bootp}" ] \ + && umount -l "${bootp}" \ + || true +umount -l "${rootp}" + +# Check filesystem +#status "Check filesystem (dosfsck)" +#dosfsck -w -r -a -t "${bootp}" +if [ -n "${bootp}" ] && [ "${extra}" = 1 ]; then + fstype=$(blkid -o export "${bootp}" | grep '^TYPE' | cut -d"=" -f2) + status "Check filesystem (dosfsck ${fstype})" + if [ "$fstype" = "vfat" ]; then + dosfsck -w -r -a -t "${bootp}" + else + e2fsck -y -f "${bootp}" + fi +fi + +status "Check filesystem (e2fsck)" +e2fsck -y -f "${rootp}" + +# Remove loop devices +status "Remove loop devices" +[ -n "${bootp}" ] \ + && dmsetup clear "${bootp}" \ + || true +dmsetup clear "${rootp}" || true +kpartx -dsv "${loopdevice}" +losetup -d "${loopdevice}" + +# Compress image compilation +include compress_img + +# Clean up all the temporary build stuff and remove the directories +clean_build + +# Quit +log "Done" green +exit 0 diff --git a/common.d/functions.sh b/common.d/functions.sh index 5f12ffc..440f547 100644 --- a/common.d/functions.sh +++ b/common.d/functions.sh @@ -12,7 +12,9 @@ function log() { cyan) color=$(tput setaf 6) ;; *) text="$1" ;; esac - [ -z "$text" ] && echo "$color $1 $(tput sgr0)" || echo "$text" + [ -z "$text" ] \ + && echo "$color $1 $(tput sgr0)" \ + || echo "$text" } # Usage function @@ -24,9 +26,15 @@ function usage() { echo "# Desktop manager (xfce, gnome, kde, i3, lxde, mate, e17 or none)" echo "$0 --desktop kde" echo "" - echo "# Enable debug & log file" + echo "# Minimal image - no desktop manager & default tools" + echo "$0 --minimal" + echo "" + echo "# Enable debug & log file (./logs/.log)" echo "$0 --debug" echo "" + echo "# Perform extra checks on the images build" + echo "$0 --extra" + echo "" echo "# Help screen (this)" echo "$0 --help" @@ -42,6 +50,25 @@ function debug_enable() { exec &> >(tee -a "${log}") 2>&1 # Print all commands inside of script set -x + debug=1 + extra=1 +} + +# Extra checks function +function extra_enable() { + log "Extra Checks: Enabled" green + extra=1 +} + +# Minimal variant mode +function minimal_mode() { + log "Minimal image mode" green + + # Variant name for image and dir build + variant="minimal-${architecture}" + + # Disable Desktop Manager + desktop="none" } # Arguments function @@ -59,15 +86,21 @@ function arguments() { desktop="$1"; shift;; --desktop=*) desktop="${opt#*=}";; + --minimal) + minimal_mode;; -d | --debug) debug_enable;; - -h | --help) + -x | --extra) + extra_enable;; + -h | -help | --help) usage;; *) log "Unknown option: ${opt}" red; exit 1;; esac done } +debug=0 +extra=0 arguments $* # Function to include common files @@ -81,12 +114,13 @@ function include() { else log " ⚠️ Fail to load ${file} file" red [ "${debug}" = 1 ] \ - && pwd + && pwd \ + || true exit 1 fi } -# systemd-nspawn enviroment +# systemd-nspawn environment # Putting quotes around $extra_args causes systemd-nspawn to pass the extra arguments as 1, so leave it unquoted. function systemd-nspawn_exec() { log "systemd-nspawn_exec" green @@ -107,6 +141,8 @@ function disable_proxy() { log "Disable proxy" green unset http_proxy rm -rf "${work_dir}"/etc/apt/apt.conf.d/66proxy + elif [ "${debug}" = 1 ]; then + log "Proxy enabled" yellow fi } @@ -120,8 +156,13 @@ function restore_mirror() { log "Mirror & suite replacement" green # For now, restore_mirror will put the default kali mirror in, fix after 2021.3 - echo "deb http://http.kali.org/kali kali-rolling main contrib non-free" > "${work_dir}"/etc/apt/sources.list - echo "#deb-src http://http.kali.org/kali kali-rolling main contrib non-free" >> "${work_dir}"/etc/apt/sources.list + cat < "${work_dir}"/etc/apt/sources.list +# See https://www.kali.org/docs/general-use/kali-linux-sources-list-repositories/ +deb http://http.kali.org/kali kali-rolling main contrib non-free + +# Additional line for source packages +# deb-src http://http.kali.org/kali kali-rolling main contrib non-free +EOF } # Limit CPU function @@ -213,6 +254,8 @@ function make_swap() { echo 'vm.swappiness = 50' >>"${work_dir}"/etc/sysctl.conf systemd-nspawn_exec apt-get install -y dphys-swapfile >/dev/null 2>&1 #sed -i 's/#CONF_SWAPSIZE=/CONF_SWAPSIZE=128/g' ${work_dir}/etc/dphys-swapfile + else + log "Make Swap: Disabled" yellow fi } @@ -247,7 +290,7 @@ function make_image() { # Clean up all the temporary build stuff and remove the directories. function clean_build() { - log "Cleaning up the temporary build files..." yellow + log "Cleaning up the temporary build files" green #rm -rf "${base_dir}" rm -rf "${work_dir}" log "Done" green @@ -261,4 +304,4 @@ status() { log "[i] ${status_i}/${status_t}: $1" green } status_i=0 -status_t=$(grep '^status ' $0 | wc -l) +status_t=$(grep '^status ' $0 common.d/*.sh | wc -l) diff --git a/common.d/rpi_firmware.sh b/common.d/rpi_firmware.sh index a968d40..09ede69 100644 --- a/common.d/rpi_firmware.sh +++ b/common.d/rpi_firmware.sh @@ -11,28 +11,28 @@ EOF # they go to add something when they are following instructions on a website. cp ./bsp/firmware/rpi/config.txt "${work_dir}"/boot/config.txt -# To boot 64bit, these lines *have* to be in config.txt +# To boot 64-bit, these lines *have* to be in config.txt if [[ "${architecture}" == "arm64" ]]; then # Remove repeat conditional filters [all] in config.txt sed -i "59,66d" "${work_dir}"/boot/config.txt cat <>"${work_dir}"/boot/config.txt [pi2] -# Pi2 is 64bit only on v1.2+ -# 64bit kernel for Raspberry Pi 2 is called kernel8 (armv8a) +# Pi2 is 64-bit only on v1.2+ +# 64-bit kernel for Raspberry Pi 2 is called kernel8 (armv8a) kernel=kernel8-alt.img [pi3] -# 64bit kernel for Raspberry Pi 3 is called kernel8 (armv8a) +# 64-bit kernel for Raspberry Pi 3 is called kernel8 (armv8a) kernel=kernel8-alt.img [pi4] # Enable DRM VC4 V3D driver on top of the dispmanx display stack #dtoverlay=vc4-fkms-v3d #max_framebuffers=2 -# 64bit kernel for Raspberry Pi 4 is called kernel8l (armv8a) +# 64-bit kernel for Raspberry Pi 4 is called kernel8l (armv8a) kernel=kernel8l-alt.img [all] #dtoverlay=vc4-fkms-v3d -# Tell firmware to go 64bit mode. +# Tell firmware to go 64-bit mode arm_64bit=1 EOF fi diff --git a/common.d/third_stage.sh b/common.d/third_stage.sh new file mode 100644 index 0000000..4dd8996 --- /dev/null +++ b/common.d/third_stage.sh @@ -0,0 +1,18 @@ +#!/usr/bin/env bash + +log "third stage" green + +# Third stage +cat <> "${work_dir}"/third-stage +status_stage3 'Clean up apt-get' +eatmydata apt-get -y --purge autoremove + +status_stage3 'Clean up dpkg.eatmydata' +rm -f /usr/bin/dpkg +dpkg-divert --remove --rename /usr/bin/dpkg +EOF + +# Run third stage +chmod 0755 "${work_dir}/third-stage" +status "Run third stage" +systemd-nspawn_exec /third-stage diff --git a/common.d/variables.sh b/common.d/variables.sh index 7fb15a4..aa7d14d 100644 --- a/common.d/variables.sh +++ b/common.d/variables.sh @@ -17,6 +17,8 @@ image_name=${image_name:-"kali-linux-${version}-${hw_model}-${variant}"} machine=$(dbus-uuidgen) # Custom hostname variable hostname=${hostname:-kali} +# If hw_model is set, add it to hostname +[ -n "${hw_model:=}" ] && [ "${hostname:=}" = "kali" ] && hostname="kali-${hw_model}" # Suite to use, valid options are: # kali-rolling, kali-dev, kali-bleeding-edge, kali-dev-only, kali-experimental, kali-last-snapshot suite=${suite:-"kali-rolling"} @@ -63,4 +65,9 @@ if [ -f "${current_dir}"/builder.txt ]; then echo "Loading: "${current_dir}"/builder.txt" # shellcheck source=/dev/null source "${current_dir}"/builder.txt + + [ "${debug}" = 1 ] \ + && grep -v '#' "${current_dir}"/builder.txt \ + | sort -u \ + || true fi diff --git a/cubox-i4pro.sh b/cubox-i4pro.sh index 1f58971..022f62f 100755 --- a/cubox-i4pro.sh +++ b/cubox-i4pro.sh @@ -1,20 +1,12 @@ #!/usr/bin/env bash # -# Kali Linux ARM build-script for CuBox-i4Pro (32-bit) - Freescale based NOT the original Marvell based -# Source: https://gitlab.com/kalilinux/build-scripts/kali-arm +# Kali Linux ARM build-script for CuBox-i4Pro - Freescale based NOT the original Marvell based +# https://gitlab.com/kalilinux/build-scripts/kali-arm # # This is a community script - you will need to generate your own image to use # More information: https://www.kali.org/docs/arm/cubox-i4pro/ # -# Stop on error -set -e - -# shellcheck disable=SC2154 -# Load general functions -# shellcheck source=/dev/null -source ./common.d/functions.sh - # Hardware model hw_model=${hw_model:-"cubox-i4pro"} # Architecture @@ -24,119 +16,21 @@ variant=${variant:-"${architecture}"} # Desktop manager (xfce, gnome, i3, kde, lxde, mate, e17 or none) desktop=${desktop:-"xfce"} -# Load common variables -include variables -# Checks script environment -include check -# Packages build list -include packages -# Execute initial debootstrap -debootstrap_exec http://http.kali.org/kali -# Enable eatmydata in compilation -include eatmydata -# debootstrap second stage -systemd-nspawn_exec eatmydata /debootstrap/debootstrap --second-stage -# Define sources.list -include sources.list -# APT options -include apt_options -# So X doesn't complain, we add kali to hosts -include hosts -# Set hostname -set_hostname "${hostname}" +# Load default base_image configs +source ./common.d/base_image.sh + # Network configs include network add_interface eth0 -# Copy directory bsp into build dir -status "Copy directory bsp into build dir" -cp -rp bsp "${work_dir}" - # Third stage -cat < "${work_dir}"/third-stage -#!/usr/bin/env bash -set -e -status_3i=0 -status_3t=\$(grep '^status_stage3 ' \$0 | wc -l) - -status_stage3() { - status_3i=\$((status_3i+1)) - echo " [i] Stage 3 (\${status_3i}/\${status_3t}): \$1" -} - -status_stage3 'Update apt' -export DEBIAN_FRONTEND=noninteractive -eatmydata apt-get update - -status_stage3 'Install core packages' -eatmydata apt-get -y install ${third_stage_pkgs} - -status_stage3 'Install packages' -eatmydata apt-get install -y ${packages} || eatmydata apt-get install -y --fix-broken - -status_stage3 'Install desktop packages' -eatmydata apt-get install -y ${desktop_pkgs} ${extra} || eatmydata apt-get install -y --fix-broken - -status_stage3 'ntp doesn't always sync the date, but systemd's timesyncd does, so we remove ntp and reinstall it with this' -eatmydata apt-get install -y systemd-timesyncd --autoremove - -status_stage3 'Install the kernel packages' -eatmydata apt-get install -y linux-image-armmp u-boot-menu u-boot-imx - -status_stage3 'Clean up' -eatmydata apt-get -y --purge autoremove - -status_stage3 'Linux console/keyboard configuration' -echo 'console-common console-data/keymap/policy select Select keymap from full list' | debconf-set-selections -echo 'console-common console-data/keymap/full select en-latin1-nodeadkeys' | debconf-set-selections - -status_stage3 'Copy all services' -cp -p /bsp/services/all/*.service /etc/systemd/system/ -cp -p /bsp/services/rpi/*.service /etc/systemd/system/ - -status_stage3 'Copy script rpi-resizerootfs' -install -m755 /bsp/scripts/rpi-resizerootfs /usr/sbin/ -install -m755 /bsp/scripts/growpart /usr/local/bin/ - -status_stage3 'Enable rpi-resizerootfs first boot' -systemctl enable rpi-resizerootfs - -status_stage3 'Generate SSH host keys on first run' -systemctl enable regenerate_ssh_host_keys - -status_stage3 'Enable ssh' -systemctl enable ssh - -status_stage3 'Allow users to use NetworkManager over ssh' -install -m644 /bsp/polkit/10-NetworkManager.pkla /var/lib/polkit-1/localauthority/50-local.d - -status_stage3 'Set a REGDOMAIN' -sed -i -e 's/REGDOM.*/REGDOMAIN=00/g' /etc/default/crda - -status_stage3 'Enable login over serial' +cat <> "${work_dir}"/third-stage +status_stage3 'Enable login over serial (No password)' echo "T0:23:respawn:/sbin/agetty -L ttymxc0 115200 vt100" >> /etc/inittab - -status_stage3 'Try and make the console a bit nicer. Set the terminus font for a bit nicer display' -sed -i -e 's/FONTFACE=.*/FONTFACE="Terminus"/' /etc/default/console-setup -sed -i -e 's/FONTSIZE=.*/FONTSIZE="6x12"/' /etc/default/console-setup - -status_stage3 'Fix startup time from 5 minutes to 15 secs on raise interface wlan0' -sed -i 's/^TimeoutStartSec=5min/TimeoutStartSec=15/g' "/usr/lib/systemd/system/networking.service" - -status_stage3 'Enable runonce' -install -m755 /bsp/scripts/runonce /usr/sbin/ -cp -rf /bsp/runonce.d /etc -systemctl enable runonce - -status_stage3 'Clean up dpkg.eatmydata' -rm -f /usr/bin/dpkg -dpkg-divert --remove --rename /usr/bin/dpkg EOF # Run third stage -chmod 0755 "${work_dir}"/third-stage -status "Run third stage" -systemd-nspawn_exec /third-stage +include third_stage # Clean system include clean_system @@ -197,33 +91,9 @@ status "Rsyncing rootfs into image file" rsync -HPavz -q ${work_dir}/ ${base_dir}/root/ sync -# Flush buffers and bytes - this is nicked from the Devuan arm-sdk -blockdev --flushbufs "${loopdevice}" -python3 -c 'import os; os.fsync(open("'${loopdevice}'", "r+b"))' - -# Unmount filesystem -status "Unmount filesystem" -umount -l "${rootp}" - +status "dd to ${loopdevice} (u-boot bootloader)" dd conv=fsync,notrunc if=${work_dir}/usr/lib/u-boot/mx6cuboxi/SPL of=${loopdevice} bs=1k seek=1 dd conv=fsync,notrunc if=${work_dir}/usr/lib/u-boot/mx6cuboxi/u-boot.img of=${loopdevice} bs=1k seek=69 -# Check filesystem -status "Check filesystem" -e2fsck -y -f "${rootp}" - -# Remove loop devices -status "Remove loop devices" -kpartx -dv "${loopdevice}" -losetup -d "${loopdevice}" - -# Compress image compilation -include compress_img - -# Clean up all the temporary build stuff and remove the directories -# Comment this out to keep things around if you want to see what may have gone wrong -clean_build - -# Quit -log "Done" green -exit 0 +# Load default finish_image configs +include finish_image diff --git a/gateworks-newport.sh b/gateworks-newport.sh index 832360a..fe6002b 100755 --- a/gateworks-newport.sh +++ b/gateworks-newport.sh @@ -1,20 +1,12 @@ #!/usr/bin/env bash # # Kali Linux ARM build-script for Gateworks Newport (64-bit) - Cavium Octeon -# Source: https://gitlab.com/kalilinux/build-scripts/kali-arm +# https://gitlab.com/kalilinux/build-scripts/kali-arm # # This is a community script - you will need to generate your own image to use # More information: https://www.kali.org/docs/arm/gateworks-newport/ # -# Stop on error -set -e - -# shellcheck disable=SC2154 -# Load general functions -# shellcheck source=/dev/null -source ./common.d/functions.sh - # Hardware model hw_model=${hw_model:-"gateworks-newport"} # Architecture @@ -24,118 +16,27 @@ variant=${variant:-"${architecture}"} # Desktop manager (xfce, gnome, i3, kde, lxde, mate, e17 or none) desktop=${desktop:-"xfce"} -# Load common variables -include variables -# Checks script environment -include check -# Packages build list -include packages -# Execute initial debootstrap -debootstrap_exec http://http.kali.org/kali -# Enable eatmydata in compilation -include eatmydata -# debootstrap second stage -systemd-nspawn_exec eatmydata /debootstrap/debootstrap --second-stage -# Define sources.list -include sources.list -# APT options -include apt_options -# So X doesn't complain, we add kali to hosts -include hosts -# Set hostname -set_hostname "${hostname}" +# Load default base_image configs +source ./common.d/base_image.sh + # Network configs include network add_interface eth0 -# Copy directory bsp into build dir -status "Copy directory bsp into build dir" -cp -rp bsp "${work_dir}" - # Third stage -cat < "${work_dir}"/third-stage -#!/usr/bin/env bash -set -e -status_3i=0 -status_3t=\$(grep '^status_stage3 ' \$0 | wc -l) - -status_stage3() { - status_3i=\$((status_3i+1)) - echo " [i] Stage 3 (\${status_3i}/\${status_3t}): \$1" -} - -status_stage3 'Update apt' -export DEBIAN_FRONTEND=noninteractive -eatmydata apt-get update - -status_stage3 'Install core packages' -eatmydata apt-get -y install ${third_stage_pkgs} - -status_stage3 'Install packages' -eatmydata apt-get install -y ${packages} || eatmydata apt-get install -y --fix-broken - -status_stage3 'Install desktop packages' -eatmydata apt-get install -y ${desktop_pkgs} ${extra} || eatmydata apt-get install -y --fix-broken - -status_stage3 'Clean up' -eatmydata apt-get -y --purge autoremove - -status_stage3 'Linux console/keyboard configuration' -echo 'console-common console-data/keymap/policy select Select keymap from full list' | debconf-set-selections -echo 'console-common console-data/keymap/full select en-latin1-nodeadkeys' | debconf-set-selections - -status_stage3 'Copy all services' -cp -p /bsp/services/all/*.service /etc/systemd/system/ - -status_stage3 'Copy script rpi-resizerootfs' -install -m755 /bsp/scripts/rpi-resizerootfs /usr/sbin/ - -status_stage3 'Enable rpi-resizerootfs first boot' -systemctl enable rpi-resizerootfs - -status_stage3 'Generate SSH host keys on first run' -systemctl enable regenerate_ssh_host_keys - -status_stage3 'Allow users to use NetworkManager over ssh' -install -m644 /bsp/polkit/10-NetworkManager.pkla /var/lib/polkit-1/localauthority/50-local.d - -status_stage3 'Install ca-certificate' -cd /root -apt download -o APT::Sandbox::User=root ca-certificates 2>/dev/null - -status_stage3 'Set a REGDOMAIN' -sed -i -e 's/REGDOM.*/REGDOMAIN=00/g' /etc/default/crda - +cat <> "${work_dir}"/third-stage status_stage3 'We replace the u-boot menu defaults here so we can make sure the build system does not poison it' # We use _EOF_ so that the third-stage script doesn't end prematurely cat << '_EOF_' > /etc/default/u-boot -U_BOOT_PARAMETERS="console=ttyS0,115200 console=tty1 root=/dev/mmcblk0p1 rootwait panic=10 rw rootfstype=$fstype net.ifnames=0" +U_BOOT_PARAMETERS="console=ttymxc1,115200 console=tty1 root=/dev/mmcblk0p1 rootwait panic=10 rw rootfstype=$fstype net.ifnames=0" _EOF_ -status_stage3 'Enable login over serial' +status_stage3 'Enable login over serial (No password)' echo "T1:12345:respawn:/sbin/getty -L ttymxc1 115200 vt100" >> /etc/inittab - -status_stage3 'Try and make the console a bit nicer. Set the terminus font for a bit nicer display' -sed -i -e 's/FONTFACE=.*/FONTFACE="Terminus"/' /etc/default/console-setup -sed -i -e 's/FONTSIZE=.*/FONTSIZE="6x12"/' /etc/default/console-setup - -status_stage3 'Fix startup time from 5 minutes to 15 secs on raise interface wlan0' -sed -i 's/^TimeoutStartSec=5min/TimeoutStartSec=15/g' "/usr/lib/systemd/system/networking.service" - -status_stage3 'Enable runonce' -install -m755 /bsp/scripts/runonce /usr/sbin/ -cp -rf /bsp/runonce.d /etc -systemctl enable runonce - -status_stage3 'Clean up dpkg.eatmydata' -rm -f /usr/bin/dpkg -dpkg-divert --remove --rename /usr/bin/dpkg EOF # Run third stage -chmod 0755 "${work_dir}"/third-stage -status "Run third stage" -systemd-nspawn_exec /third-stage +include third_stage # Clean system include clean_system @@ -233,26 +134,6 @@ echo "UUID=$UUID / $fstype errors=remount-ro 0 1" >> ${wo status "Rsyncing rootfs into image file" rsync -HPavz -q ${work_dir}/ ${base_dir}/root/ sync -# Flush buffers and bytes - this is nicked from the Devuan arm-sdk -blockdev --flushbufs "${loopdevice}" -python -c 'import os; os.fsync(open("'${loopdevice}'", "r+b"))' -# Unmount filesystem -status "Unmount filesystem" -umount -l "${rootp}" - -# Remove loop devices -status "Remove loop devices" -kpartx -dv "${loopdevice}" -losetup -d "${loopdevice}" - -# Compress image compilation -include compress_img - -# Clean up all the temporary build stuff and remove the directories -# Comment this out to keep things around if you want to see what may have gone wrong -clean_build - -# Quit -log "Done" green -exit 0 +# Load default finish_image configs +include finish_image diff --git a/gateworks-ventana.sh b/gateworks-ventana.sh index 583ac90..a0f3a04 100755 --- a/gateworks-ventana.sh +++ b/gateworks-ventana.sh @@ -1,20 +1,12 @@ #!/usr/bin/env bash # # Kali Linux ARM build-script for Gateworks Ventana (32-bit) - Freescale based -# Source: https://gitlab.com/kalilinux/build-scripts/kali-arm +# https://gitlab.com/kalilinux/build-scripts/kali-arm # -# This is a supported device - which you can find pre-generated images for: https://www.kali.org/get-kali/ +# This is a supported device - which you can find pre-generated images for # More information: https://www.kali.org/docs/arm/gateworks-ventana/ # -# Stop on error -set -e - -# shellcheck disable=SC2154 -# Load general functions -# shellcheck source=/dev/null -source ./common.d/functions.sh - # Hardware model hw_model=${hw_model:-"gateworks-ventana"} # Architecture @@ -24,122 +16,28 @@ variant=${variant:-"${architecture}"} # Desktop manager (xfce, gnome, i3, kde, lxde, mate, e17 or none) desktop=${desktop:-"xfce"} -# Load common variables -include variables -# Checks script environment -include check -# Packages build list -include packages -# Execute initial debootstrap -debootstrap_exec http://http.kali.org/kali -# Enable eatmydata in compilation -include eatmydata -# debootstrap second stage -systemd-nspawn_exec eatmydata /debootstrap/debootstrap --second-stage -# Define sources.list -include sources.list -# APT options -include apt_options -# So X doesn't complain, we add kali to hosts -include hosts -# Set hostname -set_hostname "${hostname}" +# Load default base_image configs +source ./common.d/base_image.sh + # Network configs include network add_interface eth0 -# Copy directory bsp into build dir -status "Copy directory bsp into build dir" -cp -rp bsp "${work_dir}" - # Third stage -cat < "${work_dir}"/third-stage -#!/usr/bin/env bash -set -e -status_3i=0 -status_3t=\$(grep '^status_stage3 ' \$0 | wc -l) - -status_stage3() { - status_3i=\$((status_3i+1)) - echo " [i] Stage 3 (\${status_3i}/\${status_3t}): \$1" -} - -status_stage3 'Update apt' -export DEBIAN_FRONTEND=noninteractive -eatmydata apt-get update - -status_stage3 'Install core packages' -eatmydata apt-get -y install ${third_stage_pkgs} - -status_stage3 'Install packages' -eatmydata apt-get install -y ${packages} || eatmydata apt-get install -y --fix-broken - -status_stage3 'Install desktop packages' -eatmydata apt-get install -y ${desktop_pkgs} ${extra} || eatmydata apt-get install -y --fix-broken - -status_stage3 'ntp doesn't always sync the date, but systemd's timesyncd does, so we remove ntp and reinstall it with this' -eatmydata apt-get install -y systemd-timesyncd --autoremove - +cat <> "${work_dir}"/third-stage status_stage3 'Install dhcp server' eatmydata apt-get install -y isc-dhcp-server || eatmydata apt-get install -y --fix-broken -status_stage3 'Clean up' -eatmydata apt-get -y --purge autoremove - -status_stage3 'Linux console/keyboard configuration' -echo 'console-common console-data/keymap/policy select Select keymap from full list' | debconf-set-selections -echo 'console-common console-data/keymap/full select en-latin1-nodeadkeys' | debconf-set-selections - -status_stage3 'Copy all services' -cp -p /bsp/services/all/*.service /etc/systemd/system/ - -status_stage3 'Copy script rpi-resizerootfs' -install -m755 /bsp/scripts/rpi-resizerootfs /usr/sbin/ -install -m755 /bsp/scripts/growpart /usr/local/bin/ - -status_stage3 'Enable rpi-resizerootfs first boot' -systemctl enable rpi-resizerootfs - -status_stage3 'Generate SSH host keys on first run' -systemctl enable regenerate_ssh_host_keys - -status_stage3 'Enable ssh' -systemctl enable ssh - -status_stage3 'Allow users to use NetworkManager over ssh' -install -m644 /bsp/polkit/10-NetworkManager.pkla /var/lib/polkit-1/localauthority/50-local.d - -status_stage3 'Set a REGDOMAIN' -sed -i -e 's/REGDOM.*/REGDOMAIN=00/g' /etc/default/crda - -status_stage3 'Enable login over serial' -echo "T1:12345:respawn:/sbin/getty -L ttymxc1 115200 vt100" >> /etc/inittab - -status_stage3 'Try and make the console a bit nicer. Set the terminus font for a bit nicer display' -sed -i -e 's/FONTFACE=.*/FONTFACE="Terminus"/' /etc/default/console-setup -sed -i -e 's/FONTSIZE=.*/FONTSIZE="6x12"/' /etc/default/console-setup - -status_stage3 'Fix startup time from 5 minutes to 15 secs on raise interface wlan0' -sed -i 's/^TimeoutStartSec=5min/TimeoutStartSec=15/g' "/usr/lib/systemd/system/networking.service" - status_stage3 'Bootloader' install -m644 /bsp/bootloader/gateworks-ventana/6x_bootscript-ventana.script /boot/6x_bootscript-ventana.script mkimage -A arm -T script -C none -d /boot/6x_bootscript-ventana.script /boot/6x_bootscript-ventana -status_stage3 'Enable runonce' -install -m755 /bsp/scripts/runonce /usr/sbin/ -cp -rf /bsp/runonce.d /etc -systemctl enable runonce - -status_stage3 'Clean up dpkg.eatmydata' -rm -f /usr/bin/dpkg -dpkg-divert --remove --rename /usr/bin/dpkg +status_stage3 'Enable login over serial (No password)' +echo "T1:12345:respawn:/sbin/getty -L ttymxc1 115200 vt100" >> /etc/inittab EOF # Run third stage -chmod 0755 "${work_dir}"/third-stage -status "Run third stage" -systemd-nspawn_exec /third-stage +include third_stage # Clean system include clean_system @@ -252,31 +150,7 @@ EOF status "Rsyncing rootfs into image file" rsync -HPavz -q "${work_dir}"/ "${base_dir}"/root/ +sync -# Flush buffers and bytes - this is nicked from the Devuan arm-sdk -blockdev --flushbufs "${loopdevice}" -python3 -c 'import os; os.fsync(open("'${loopdevice}'", "r+b"))' - -# Unmount filesystem -status "Unmount filesystem" -umount -l "${rootp}" - -# Check filesystem -status "Check filesystem" -e2fsck -y -f "${rootp}" - -# Remove loop devices -status "Remove loop devices" -kpartx -dv "${loopdevice}" -losetup -d "${loopdevice}" - -# Compress image compilation -include compress_img - -# Clean up all the temporary build stuff and remove the directories -# Comment this out to keep things around if you want to see what may have gone wrong -clean_build - -# Quit -log "Done" green -exit 0 +# Load default finish_image configs +include finish_image diff --git a/nanopc-t.sh b/nanopc-t.sh index 1338d5d..c492233 100755 --- a/nanopc-t.sh +++ b/nanopc-t.sh @@ -1,20 +1,12 @@ #!/usr/bin/env bash # # Kali Linux ARM build-script for NanoPC-T3/T4 (64-bit) -# Source: https://gitlab.com/kalilinux/build-scripts/kali-arm +# https://gitlab.com/kalilinux/build-scripts/kali-arm # -# This is a supported device - which you can find pre-generated images for: https://www.kali.org/get-kali/ +# This is a supported device - which you can find pre-generated images for # More information: https://www.kali.org/docs/arm/nanopc-t3/ # -# Stop on error -set -e - -# shellcheck disable=SC2154 -# Load general functions -# shellcheck source=/dev/null -source ./common.d/functions.sh - # Hardware model hw_model=${hw_model:-"nanopc-t"} # Architecture @@ -24,122 +16,22 @@ variant=${variant:-"${architecture}"} # Desktop manager (xfce, gnome, i3, kde, lxde, mate, e17 or none) desktop=${desktop:-"xfce"} -# Load common variables -include variables -# Checks script environment -include check -# Packages build list -include packages -# Execute initial debootstrap -debootstrap_exec http://http.kali.org/kali -# Enable eatmydata in compilation -include eatmydata -# debootstrap second stage -systemd-nspawn_exec eatmydata /debootstrap/debootstrap --second-stage -# Define sources.list -include sources.list -# APT options -include apt_options -# So X doesn't complain, we add kali to hosts -include hosts -# Set hostname -set_hostname "${hostname}" +# Load default base_image configs +source ./common.d/base_image.sh + # Network configs include network add_interface eth0 #add_interface wlan0 -# Copy directory bsp into build dir -status "Copy directory bsp into build dir" -cp -rp bsp "${work_dir}" - -# Disable RESUME (suspend/resume is currently broken anyway!) which speeds up boot massively -mkdir -p ${work_dir}/etc/initramfs-tools/conf.d/ -cat << EOF > ${work_dir}/etc/initramfs-tools/conf.d/resume -RESUME=none -EOF - # Third stage -cat < "${work_dir}"/third-stage -#!/usr/bin/env bash -set -e -status_3i=0 -status_3t=\$(grep '^status_stage3 ' \$0 | wc -l) - -status_stage3() { - status_3i=\$((status_3i+1)) - echo " [i] Stage 3 (\${status_3i}/\${status_3t}): \$1" -} - -status_stage3 'Update apt' -export DEBIAN_FRONTEND=noninteractive -eatmydata apt-get update - -status_stage3 'Install core packages' -eatmydata apt-get -y install ${third_stage_pkgs} - -status_stage3 'Install packages' -eatmydata apt-get install -y ${packages} || eatmydata apt-get install -y --fix-broken - -status_stage3 'Install desktop packages' -eatmydata apt-get install -y ${desktop_pkgs} ${extra} || eatmydata apt-get install -y --fix-broken - -status_stage3 'ntp doesn't always sync the date, but systemd's timesyncd does, so we remove ntp and reinstall it with this' -eatmydata apt-get install -y systemd-timesyncd --autoremove - -status_stage3 'Clean up' -eatmydata apt-get -y --purge autoremove - -status_stage3 'Linux console/keyboard configuration' -echo 'console-common console-data/keymap/policy select Select keymap from full list' | debconf-set-selections -echo 'console-common console-data/keymap/full select en-latin1-nodeadkeys' | debconf-set-selections - -status_stage3 'Copy all services' -cp -p /bsp/services/all/*.service /etc/systemd/system/ - -status_stage3 'Copy script rpi-resizerootfs' -install -m755 /bsp/scripts/rpi-resizerootfs /usr/sbin/ -install -m755 /bsp/scripts/growpart /usr/local/bin/ - -status_stage3 'Enable rpi-resizerootfs first boot' -systemctl enable rpi-resizerootfs - -status_stage3 'Generate SSH host keys on first run' -systemctl enable regenerate_ssh_host_keys - -status_stage3 'Enable ssh' -systemctl enable ssh - -status_stage3 'Allow users to use NetworkManager over ssh' -install -m644 /bsp/polkit/10-NetworkManager.pkla /var/lib/polkit-1/localauthority/50-local.d - -status_stage3 'Set a REGDOMAIN' -sed -i -e 's/REGDOM.*/REGDOMAIN=00/g' /etc/default/crda - -status_stage3 'Enable login over serial' +cat <> "${work_dir}"/third-stage +status_stage3 'Enable login over serial (No password)' echo "T0:23:respawn:/sbin/agetty -L ttyAMA0 115200 vt100" >> /etc/inittab - -status_stage3 'Try and make the console a bit nicer. Set the terminus font for a bit nicer display' -sed -i -e 's/FONTFACE=.*/FONTFACE="Terminus"/' /etc/default/console-setup -sed -i -e 's/FONTSIZE=.*/FONTSIZE="6x12"/' /etc/default/console-setup - -status_stage3 'Fix startup time from 5 minutes to 15 secs on raise interface wlan0' -sed -i 's/^TimeoutStartSec=5min/TimeoutStartSec=15/g' "/usr/lib/systemd/system/networking.service" - -status_stage3 'Enable runonce' -install -m755 /bsp/scripts/runonce /usr/sbin/ -cp -rf /bsp/runonce.d /etc -systemctl enable runonce - -status_stage3 'Clean up dpkg.eatmydata' -rm -f /usr/bin/dpkg -dpkg-divert --remove --rename /usr/bin/dpkg EOF # Run third stage -chmod 0755 "${work_dir}"/third-stage -status "Run third stage" -systemd-nspawn_exec /third-stage +include third_stage # Clean system include clean_system @@ -273,32 +165,5 @@ sync #make CROSS_COMPILE=aarch64-linux-gnu- #dd if=fip-nonsecure.img of=$loopdevice bs=512 seek=3841 -cd "${current_dir}/" - -# Flush buffers and bytes - this is nicked from the Devuan arm-sdk -blockdev --flushbufs "${loopdevice}" -python3 -c 'import os; os.fsync(open("'${loopdevice}'", "r+b"))' - -# Unmount filesystem -status "Unmount filesystem" -umount -l "${rootp}" - -# Check filesystem -status "Check filesystem" -e2fsck -y -f "${rootp}" - -# Remove loop devices -status "Remove loop devices" -kpartx -dv "${loopdevice}" -losetup -d "${loopdevice}" - -# Compress image compilation -include compress_img - -# Clean up all the temporary build stuff and remove the directories -# Comment this out to keep things around if you want to see what may have gone wrong -clean_build - -# Quit -log "Done" green -exit 0 +# Load default finish_image configs +include finish_image diff --git a/nanopi-neo-plus2.sh b/nanopi-neo-plus2.sh index 74967ff..83c2501 100755 --- a/nanopi-neo-plus2.sh +++ b/nanopi-neo-plus2.sh @@ -1,20 +1,12 @@ #!/usr/bin/env bash # -# Kali Linux ARM build-script for NanoPi NEO Plus2 (64-bit) -# Source: https://gitlab.com/kalilinux/build-scripts/kali-arm +# Kali Linux ARM build-script for NanoPi NEO Plus2 +# https://gitlab.com/kalilinux/build-scripts/kali-arm # -# This is a supported device - which you can find pre-generated images for: https://www.kali.org/get-kali/ +# This is a supported device - which you can find pre-generated images for # More information: https://www.kali.org/docs/arm/nanopi-neo-plus2/ # -# Stop on error -set -e - -# shellcheck disable=SC2154 -# Load general functions -# shellcheck source=/dev/null -source ./common.d/functions.sh - # Hardware model hw_model=${hw_model:-"nanopi-neo-plus2"} # Architecture @@ -24,121 +16,27 @@ variant=${variant:-"${architecture}"} # Desktop manager (xfce, gnome, i3, kde, lxde, mate, e17 or none) desktop=${desktop:-"xfce"} -# Load common variables -include variables -# Checks script environment -include check -# Packages build list -include packages -# Execute initial debootstrap -debootstrap_exec http://http.kali.org/kali -# Enable eatmydata in compilation -include eatmydata -# debootstrap second stage -systemd-nspawn_exec eatmydata /debootstrap/debootstrap --second-stage -# Define sources.list -include sources.list -# APT options -include apt_options -# So X doesn't complain, we add kali to hosts -include hosts -# Set hostname -set_hostname "${hostname}" +# Load default base_image configs +source ./common.d/base_image.sh + # Network configs include network add_interface eth0 -# Copy directory bsp into build dir -status "Copy directory bsp into build dir" -cp -rp bsp "${work_dir}" - # Third stage -cat < "${work_dir}"/third-stage -#!/usr/bin/env bash -set -e -status_3i=0 -status_3t=\$(grep '^status_stage3 ' \$0 | wc -l) - -status_stage3() { - status_3i=\$((status_3i+1)) - echo " [i] Stage 3 (\${status_3i}/\${status_3t}): \$1" -} - -status_stage3 'Update apt' -export DEBIAN_FRONTEND=noninteractive -eatmydata apt-get update - -status_stage3 'Install core packages' -eatmydata apt-get -y install ${third_stage_pkgs} - -status_stage3 'Install packages' -eatmydata apt-get install -y ${packages} || eatmydata apt-get install -y --fix-broken - -status_stage3 'Install desktop packages' -eatmydata apt-get install -y ${desktop_pkgs} ${extra} || eatmydata apt-get install -y --fix-broken - -status_stage3 'ntp doesn't always sync the date, but systemd's timesyncd does, so we remove ntp and reinstall it with this' -eatmydata apt-get install -y systemd-timesyncd --autoremove - +cat <> "${work_dir}"/third-stage status_stage3 'Install kernel and bootloader packages' eatmydata apt-get install -y linux-image-arm64 u-boot-menu u-boot-sunxi firmware-brcm80211 -status_stage3 'Clean up' -eatmydata apt-get -y --purge autoremove - -status_stage3 'Linux console/keyboard configuration' -echo 'console-common console-data/keymap/policy select Select keymap from full list' | debconf-set-selections -echo 'console-common console-data/keymap/full select en-latin1-nodeadkeys' | debconf-set-selections - -status_stage3 'Copy all services' -cp -p /bsp/services/all/*.service /etc/systemd/system/ - -status_stage3 'Copy script rpi-resizerootfs' -install -m755 /bsp/scripts/rpi-resizerootfs /usr/sbin/ -install -m755 /bsp/scripts/growpart /usr/local/bin - -status_stage3 'Enable rpi-resizerootfs first boot' -systemctl enable rpi-resizerootfs - -status_stage3 'Generate SSH host keys on first run' -systemctl enable regenerate_ssh_host_keys - -status_stage3 'Enable ssh' -systemctl enable ssh - status_stage3 'Theres no graphical output on this device' systemctl set-default multi-user -status_stage3 'Allow users to use NetworkManager over ssh' -install -m644 /bsp/polkit/10-NetworkManager.pkla /var/lib/polkit-1/localauthority/50-local.d - -status_stage3 'Set a REGDOMAIN' -sed -i -e 's/REGDOM.*/REGDOMAIN=00/g' /etc/default/crda - -status_stage3 'Enable login over serial' +status_stage3 'Enable login over serial (No password)' echo "T0:23:respawn:/sbin/agetty -L ttyAMA0 115200 vt100" >> /etc/inittab - -status_stage3 'Try and make the console a bit nicer. Set the terminus font for a bit nicer display' -sed -i -e 's/FONTFACE=.*/FONTFACE="Terminus"/' /etc/default/console-setup -sed -i -e 's/FONTSIZE=.*/FONTSIZE="6x12"/' /etc/default/console-setup - -status_stage3 'Fix startup time from 5 minutes to 15 secs on raise interface wlan0' -sed -i 's/^TimeoutStartSec=5min/TimeoutStartSec=15/g' "/usr/lib/systemd/system/networking.service" - -status_stage3 'Enable runonce' -install -m755 /bsp/scripts/runonce /usr/sbin/ -cp -rf /bsp/runonce.d /etc -systemctl enable runonce - -status_stage3 'Clean up dpkg.eatmydata' -rm -f /usr/bin/dpkg -dpkg-divert --remove --rename /usr/bin/dpkg EOF # Run third stage -chmod 0755 "${work_dir}"/third-stage -status "Run third stage" -systemd-nspawn_exec /third-stage +include third_stage # Clean system include clean_system @@ -204,32 +102,5 @@ sync status "Write u-boot to the loopdevice" TARGET="${work_dir}/usr/lib/u-boot/nanopi_neo_plus2" "${work_dir}"/usr/bin/u-boot-install-sunxi64 ${loopdevice} -cd "${current_dir}/" - -# Flush buffers and bytes - this is nicked from the Devuan arm-sdk -blockdev --flushbufs "${loopdevice}" -python3 -c 'import os; os.fsync(open("'${loopdevice}'", "r+b"))' - -# Unmount filesystem -status "Unmount filesystem" -umount -l "${rootp}" - -# Check filesystem -status "Check filesystem" -e2fsck -y -f "${rootp}" - -# Remove loop devices -status "Remove loop devices" -kpartx -dv "${loopdevice}" -losetup -d "${loopdevice}" - -# Compress image compilation -include compress_img - -# Clean up all the temporary build stuff and remove the directories -# Comment this out to keep things around if you want to see what may have gone wrong -clean_build - -# Quit -log "Done" green -exit 0 +# Load default finish_image configs +include finish_image diff --git a/odroid-c2.sh b/odroid-c2.sh index efaf9f1..cf75ecc 100755 --- a/odroid-c2.sh +++ b/odroid-c2.sh @@ -1,20 +1,12 @@ #!/usr/bin/env bash # # Kali Linux ARM build-script for ODROID-C2 (64-bit) -# Source: https://gitlab.com/kalilinux/build-scripts/kali-arm +# https://gitlab.com/kalilinux/build-scripts/kali-arm # -# This is a supported device - which you can find pre-generated images for: https://www.kali.org/get-kali/ +# This is a supported device - which you can find pre-generated images for # More information: https://www.kali.org/docs/arm/odroid-c2/ # -# Stop on error -set -e - -# shellcheck disable=SC2154 -# Load general functions -# shellcheck source=/dev/null -source ./common.d/functions.sh - # Hardware model hw_model=${hw_model:-"odroid-c2"} # Architecture @@ -24,77 +16,16 @@ variant=${variant:-"${architecture}"} # Desktop manager (xfce, gnome, i3, kde, lxde, mate, e17 or none) desktop=${desktop:-"xfce"} -# Load common variables -include variables -# Checks script environment -include check -# Packages build list -include packages -# Execute initial debootstrap -debootstrap_exec http://http.kali.org/kali -# Enable eatmydata in compilation -include eatmydata -# debootstrap second stage -systemd-nspawn_exec eatmydata /debootstrap/debootstrap --second-stage -# Define sources.list -include sources.list -# APT options -include apt_options -# So X doesn't complain, we add kali to hosts -include hosts -# Set hostname -set_hostname "${hostname}" +# Load default base_image configs +source ./common.d/base_image.sh + # Network configs include network add_interface eth0 -# Copy directory bsp into build dir -status "Copy directory bsp into build dir" -cp -rp bsp "${work_dir}" - -# Disable RESUME (suspend/resume is currently broken anyway!) which speeds up boot massively -mkdir -p ${work_dir}/etc/initramfs-tools/conf.d/ -cat << EOF > ${work_dir}/etc/initramfs-tools/conf.d/resume -RESUME=none -EOF - # Third stage -cat < "${work_dir}"/third-stage -#!/usr/bin/env bash -set -e -status_3i=0 -status_3t=\$(grep '^status_stage3 ' \$0 | wc -l) - -status_stage3() { - status_3i=\$((status_3i+1)) - echo " [i] Stage 3 (\${status_3i}/\${status_3t}): \$1" -} - -status_stage3 'Update apt' -export DEBIAN_FRONTEND=noninteractive -eatmydata apt-get update - -status_stage3 'Install core packages' -eatmydata apt-get -y install ${third_stage_pkgs} - -status_stage3 'Install packages' -eatmydata apt-get install -y ${packages} || eatmydata apt-get install -y --fix-broken - -status_stage3 'Install desktop packages' -eatmydata apt-get install -y ${desktop_pkgs} ${extra} || eatmydata apt-get install -y --fix-broken - -status_stage3 'ntp doesn't always sync the date, but systemd's timesyncd does, so we remove ntp and reinstall it with this' -eatmydata apt-get install -y systemd-timesyncd --autoremove - -status_stage3 'Clean up' -eatmydata apt-get -y --purge autoremove - -status_stage3 'Linux console/keyboard configuration' -echo 'console-common console-data/keymap/policy select Select keymap from full list' | debconf-set-selections -echo 'console-common console-data/keymap/full select en-latin1-nodeadkeys' | debconf-set-selections - -status_stage3 'Copy all services' -cp -p /bsp/services/all/*.service /etc/systemd/system/ +cat <> "${work_dir}"/third-stage +status_stage3 'Copy odroid-c2 services' cp -p /bsp/services/odroid-c2/*.service /etc/systemd/system/ # For some reason the latest modesetting driver (part of xorg server) seems to cause a lot of jerkiness @@ -109,49 +40,12 @@ eatmydata apt-get install -y dkms linux-image-arm64 u-boot-menu status_stage3 'Run u-boot-update to generate the extlinux.conf file' u-boot-update -status_stage3 'Copy script rpi-resizerootfs' -install -m755 /bsp/scripts/rpi-resizerootfs /usr/sbin/ -install -m755 /bsp/scripts/growpart /usr/local/bin/ - -status_stage3 'Enable rpi-resizerootfs first boot' -systemctl enable rpi-resizerootfs - -status_stage3 'Generate SSH host keys on first run' -systemctl enable regenerate_ssh_host_keys - -status_stage3 'Enable ssh' -systemctl enable ssh - -status_stage3 'Allow users to use NetworkManager over ssh' -install -m644 /bsp/polkit/10-NetworkManager.pkla /var/lib/polkit-1/localauthority/50-local.d - -status_stage3 'Set a REGDOMAIN' -sed -i -e 's/REGDOM.*/REGDOMAIN=00/g' /etc/default/crda - -status_stage3 'Enable login over serial' +status_stage3 'Enable login over serial (No password)' echo "T0:23:respawn:/sbin/agetty -L ttyAMA0 115200 vt100" >> /etc/inittab - -status_stage3 'Try and make the console a bit nicer. Set the terminus font for a bit nicer display' -sed -i -e 's/FONTFACE=.*/FONTFACE="Terminus"/' /etc/default/console-setup -sed -i -e 's/FONTSIZE=.*/FONTSIZE="6x12"/' /etc/default/console-setup - -status_stage3 'Fix startup time from 5 minutes to 15 secs on raise interface wlan0' -sed -i 's/^TimeoutStartSec=5min/TimeoutStartSec=15/g' "/usr/lib/systemd/system/networking.service" - -status_stage3 'Enable runonce' -install -m755 /bsp/scripts/runonce /usr/sbin/ -cp -rf /bsp/runonce.d /etc -systemctl enable runonce - -status_stage3 'Clean up dpkg.eatmydata' -rm -f /usr/bin/dpkg -dpkg-divert --remove --rename /usr/bin/dpkg EOF # Run third stage -chmod 0755 "${work_dir}"/third-stage -status "Run third stage" -systemd-nspawn_exec /third-stage +include third_stage # Clean system include clean_system @@ -289,32 +183,5 @@ cd ./u-boot-hk/sd_fuse ./sd_fusing.sh ${loopdevice} sync -cd "${current_dir}/" - -# Flush buffers and bytes - this is nicked from the Devuan arm-sdk -blockdev --flushbufs "${loopdevice}" -python3 -c 'import os; os.fsync(open("'${loopdevice}'", "r+b"))' - -# Unmount filesystem -status "Unmount filesystem" -umount -l "${rootp}" - -# Check filesystem -status "Check filesystem" -e2fsck -y -f "${rootp}" - -# Remove loop devices -status "Remove loop devices" -kpartx -dv "${loopdevice}" -losetup -d "${loopdevice}" - -# Compress image compilation -include compress_img - -# Clean up all the temporary build stuff and remove the directories -# Comment this out to keep things around if you want to see what may have gone wrong -clean_build - -# Quit -log "Done" green -exit 0 +# Load default finish_image configs +include finish_image diff --git a/odroid-u2.sh b/odroid-u2.sh index 909eefb..fe06ea1 100755 --- a/odroid-u2.sh +++ b/odroid-u2.sh @@ -442,7 +442,7 @@ rootp=${device}p2 # Create file systems mkfs.vfat -n BOOT ${bootp} -# Disable 64bit on ext3/4 because the u-boot from 2010 is too old +# Disable 64-bit on ext3/4 because the u-boot from 2010 is too old if [[ $fstype == ext4 ]]; then features="-O ^64bit,^metadata_csum" elif [[ $fstype == ext3 ]]; then diff --git a/odroid-xu3.sh b/odroid-xu3.sh index 4973c62..730e921 100755 --- a/odroid-xu3.sh +++ b/odroid-xu3.sh @@ -1,20 +1,12 @@ #!/usr/bin/env bash # # Kali Linux ARM build-script for ODROID-XU3 (32-bit) -# Source: https://gitlab.com/kalilinux/build-scripts/kali-arm +# https://gitlab.com/kalilinux/build-scripts/kali-arm # -# This is a supported device - which you can find pre-generated images for: https://www.kali.org/get-kali/ +# This is a supported device - which you can find pre-generated images for # More information: https://www.kali.org/docs/arm/odroid-xu3/ # -# Stop on error -set -e - -# shellcheck disable=SC2154 -# Load general functions -# shellcheck source=/dev/null -source ./common.d/functions.sh - # Hardware model hw_model=${hw_model:-"odroid-xu3"} # Architecture @@ -24,111 +16,21 @@ variant=${variant:-"${architecture}"} # Desktop manager (xfce, gnome, i3, kde, lxde, mate, e17 or none) desktop=${desktop:-"xfce"} -# Load common variables -include variables -# Checks script environment -include check -# Packages build list -include packages -# Execute initial debootstrap -debootstrap_exec http://http.kali.org/kali -# Enable eatmydata in compilation -include eatmydata -# debootstrap second stage -systemd-nspawn_exec eatmydata /debootstrap/debootstrap --second-stage -# Define sources.list -include sources.list -# APT options -include apt_options -# So X doesn't complain, we add kali to hosts -include hosts -# Set hostname -set_hostname "${hostname}" +# Load default base_image configs +source ./common.d/base_image.sh + # Network configs include network add_interface eth0 -# Copy directory bsp into build dir -status "Copy directory bsp into build dir" -cp -rp bsp "${work_dir}" - -# Disable RESUME (suspend/resume is currently broken anyway!) which speeds up boot massively -mkdir -p ${work_dir}/etc/initramfs-tools/conf.d/ -cat << EOF > ${work_dir}/etc/initramfs-tools/conf.d/resume -RESUME=none -EOF - # Third stage -cat < "${work_dir}"/third-stage -#!/usr/bin/env bash -set -e -status_3i=0 -status_3t=\$(grep '^status_stage3 ' \$0 | wc -l) - -status_stage3() { - status_3i=\$((status_3i+1)) - echo " [i] Stage 3 (\${status_3i}/\${status_3t}): \$1" -} - -status_stage3 'Update apt' -export DEBIAN_FRONTEND=noninteractive -eatmydata apt-get update - -status_stage3 'Install core packages' -eatmydata apt-get -y install ${third_stage_pkgs} - -status_stage3 'Install packages' -eatmydata apt-get install -y ${packages} || eatmydata apt-get install -y --fix-broken - -status_stage3 'Install desktop packages' -eatmydata apt-get install -y ${desktop_pkgs} ${extra} || eatmydata apt-get install -y --fix-broken - -status_stage3 'ntp doesn't always sync the date, but systemd's timesyncd does, so we remove ntp and reinstall it with this' -eatmydata apt-get install -y systemd-timesyncd --autoremove - -status_stage3 'Clean up' -eatmydata apt-get -y --purge autoremove - -status_stage3 'Linux console/keyboard configuration' -echo 'console-common console-data/keymap/policy select Select keymap from full list' | debconf-set-selections -echo 'console-common console-data/keymap/full select en-latin1-nodeadkeys' | debconf-set-selections - -status_stage3 'Copy all services' -cp -p /bsp/services/all/*.service /etc/systemd/system/ - -status_stage3 'Copy script rpi-resizerootfs' -install -m755 /bsp/scripts/rpi-resizerootfs /usr/sbin/ -install -m755 /bsp/scripts/growpart /usr/local/bin/ - -status_stage3 'Enable rpi-resizerootfs first boot' -systemctl enable rpi-resizerootfs - -status_stage3 'Generate SSH host keys on first run' -systemctl enable regenerate_ssh_host_keys - -status_stage3 'Enable ssh' -systemctl enable ssh - -status_stage3 'Allow users to use NetworkManager over ssh' -install -m644 /bsp/polkit/10-NetworkManager.pkla /var/lib/polkit-1/localauthority/50-local.d - -status_stage3 'Set a REGDOMAIN' -sed -i -e 's/REGDOM.*/REGDOMAIN=00/g' /etc/default/crda - -status_stage3 'Enable login over serial' -echo "T0:23:respawn:/sbin/agetty -L ttySAC2 115200 vt100" >> /etc/inittab - -status_stage3 'Try and make the console a bit nicer. Set the terminus font for a bit nicer display' -sed -i -e 's/FONTFACE=.*/FONTFACE="Terminus"/' /etc/default/console-setup -sed -i -e 's/FONTSIZE=.*/FONTSIZE="6x12"/' /etc/default/console-setup - -status_stage3 'Fix startup time from 5 minutes to 15 secs on raise interface wlan0' -sed -i 's/^TimeoutStartSec=5min/TimeoutStartSec=15/g' "/usr/lib/systemd/system/networking.service" - +cat <> "${work_dir}"/third-stage +status_stage3 'Enable ttySAC2 in udev links config' cat << __EOF__ >> /etc/udev/links.conf M ttySAC2 c 5 1 __EOF__ +status_stage3 'Enable root login on serial' cat << _EOF_ >> /etc/securetty ttySAC0 ttySAC1 @@ -143,20 +45,12 @@ status_stage3 'Serial console settings' # Make sure ttySACX is in root/etc/securetty so root can login on serial console below echo 'T1:12345:respawn:/bin/login -f root ttySAC2 /dev/ttySAC2 2>&1' >> /etc/inittab -status_stage3 'Enable runonce' -install -m755 /bsp/scripts/runonce /usr/sbin/ -cp -rf /bsp/runonce.d /etc -systemctl enable runonce - -status_stage3 'Clean up dpkg.eatmydata' -rm -f /usr/bin/dpkg -dpkg-divert --remove --rename /usr/bin/dpkg +status_stage3 'Enable login over serial (No password)' +echo "T0:23:respawn:/sbin/agetty -L ttySAC2 115200 vt100" >> /etc/inittab EOF # Run third stage -chmod 0755 "${work_dir}"/third-stage -status "Run third stage" -systemd-nspawn_exec /third-stage +include third_stage # Clean system include clean_system @@ -306,32 +200,5 @@ make cd sd_fuse sh sd_fusing.sh ${loopdevice} -cd "${current_dir}/" - -# Flush buffers and bytes - this is nicked from the Devuan arm-sdk -blockdev --flushbufs "${loopdevice}" -python3 -c 'import os; os.fsync(open("'${loopdevice}'", "r+b"))' - -# Unmount filesystem -status "Unmount filesystem" -umount -l "${rootp}" - -# Check filesystem -status "Check filesystem" -e2fsck -y -f "${rootp}" - -# Remove loop devices -status "Remove loop devices" -kpartx -dv "${loopdevice}" -losetup -d "${loopdevice}" - -# Compress image compilation -include compress_img - -# Clean up all the temporary build stuff and remove the directories -# Comment this out to keep things around if you want to see what may have gone wrong -clean_build - -# Quit -log "Done" green -exit 0 +# Load default finish_image configs +include finish_image diff --git a/pinebook-pro.sh b/pinebook-pro.sh index 4ba8d7b..0a1659f 100755 --- a/pinebook-pro.sh +++ b/pinebook-pro.sh @@ -1,20 +1,12 @@ #!/usr/bin/env bash # -# Kali Linux ARM build-script for Pinebook Pro (64-bit) -# Source: https://gitlab.com/kalilinux/build-scripts/kali-arm +# Kali Linux ARM build-script for Pinebook Pro +# https://gitlab.com/kalilinux/build-scripts/kali-arm # -# This is a supported device - which you can find pre-generated images for: https://www.kali.org/get-kali/ +# This is a supported device - which you can find pre-generated images for # More information: https://www.kali.org/docs/arm/pinebook-pro/ # -# Stop on error -set -e - -# shellcheck disable=SC2154 -# Load general functions -# shellcheck source=/dev/null -source ./common.d/functions.sh - # Hardware model hw_model=${hw_model:-"pinebook-pro"} # Architecture @@ -24,90 +16,20 @@ variant=${variant:-"${architecture}"} # Desktop manager (xfce, gnome, i3, kde, lxde, mate, e17 or none) desktop=${desktop:-"xfce"} -# Load common variables -include variables -# Checks script environment -include check -# Packages build list -include packages -# Execute initial debootstrap -debootstrap_exec http://http.kali.org/kali -# Enable eatmydata in compilation -include eatmydata -# debootstrap second stage -systemd-nspawn_exec eatmydata /debootstrap/debootstrap --second-stage -# Define sources.list -include sources.list -# APT options -include apt_options -# So X doesn't complain, we add kali to hosts -include hosts -# Set hostname -set_hostname "${hostname}" -# Network configs -include network +# Load default base_image configs +source ./common.d/base_image.sh + # Do *NOT* include wlan0 if using a desktop otherwise NetworkManager will ignore it +# Network configs +#include network #add_interface wlan0 -# Copy directory bsp into build dir -status "Copy directory bsp into build dir" -cp -rp bsp "${work_dir}" - # Third stage -cat < "${work_dir}"/third-stage -#!/usr/bin/env bash -set -e -status_3i=0 -status_3t=\$(grep '^status_stage3 ' \$0 | wc -l) - -status_stage3() { - status_3i=\$((status_3i+1)) - echo " [i] Stage 3 (\${status_3i}/\${status_3t}): \$1" -} - -status_stage3 'Update apt' -export DEBIAN_FRONTEND=noninteractive -eatmydata apt-get update - -status_stage3 'Install core packages' -eatmydata apt-get -y install ${third_stage_pkgs} - -eatmydata apt-get install -y ${packages} || eatmydata apt-get install -y --fix-broken -eatmydata apt-get install -y ${desktop_pkgs} ${extra} || eatmydata apt-get install -y --fix-broken - -status_stage3 'ntp doesn't always sync the date, but systemd's timesyncd does, so we remove ntp and reinstall it with this' -eatmydata apt-get install -y systemd-timesyncd --autoremove - +cat <> "${work_dir}"/third-stage # Commented out for now, we don't want to install them due to the wifi device crashing # and causing kernel panics, even with the latest from unstable Debian #eatmydata apt-get install -y dkms linux-image-arm64 u-boot-menu u-boot-rockchip -status_stage3 'Clean up' -eatmydata apt-get -y --purge autoremove - -status_stage3 'Linux console/keyboard configuration' -echo 'console-common console-data/keymap/policy select Select keymap from full list' | debconf-set-selections -echo 'console-common console-data/keymap/full select en-latin1-nodeadkeys' | debconf-set-selections - -status_stage3 'Copy all services' -cp -p /bsp/services/all/*.service /etc/systemd/system/ - -status_stage3 'Copy script rpi-resizerootfs' -install -m755 /bsp/scripts/rpi-resizerootfs /usr/sbin/ -install -m755 /bsp/scripts/growpart /usr/local/bin/ - -status_stage3 'Enable rpi-resizerootfs first boot' -systemctl enable rpi-resizerootfs - -status_stage3 'Generate SSH host keys on first run' -systemctl enable regenerate_ssh_host_keys - -status_stage3 'Enable ssh' -systemctl enable ssh - -status_stage3 'Allow users to use NetworkManager over ssh' -install -m644 /bsp/polkit/10-NetworkManager.pkla /var/lib/polkit-1/localauthority/50-local.d - status_stage3 'Touchpad settings' install -m644 /bsp/xorg/50-pine64-pinebook-pro.touchpad.conf /etc/X11/xorg.conf.d/ @@ -122,33 +44,12 @@ systemctl enable bluetooth status_stage3 'Enable suspend2idle' sed -i s/"#SuspendState=mem standby freeze"/"SuspendState=freeze"/g /etc/systemd/sleep.conf -status_stage3 'Set a REGDOMAIN' -sed -i -e 's/REGDOM.*/REGDOMAIN=00/g' /etc/default/crda - -status_stage3 'Enable login over serial' +status_stage3 'Enable login over serial (No password)' echo "T0:23:respawn:/sbin/agetty -L ttyAMA0 115200 vt100" >> /etc/inittab - -status_stage3 'Try and make the console a bit nicer. Set the terminus font for a bit nicer display' -sed -i -e 's/FONTFACE=.*/FONTFACE="Terminus"/' /etc/default/console-setup -sed -i -e 's/FONTSIZE=.*/FONTSIZE="6x12"/' /etc/default/console-setup - -status_stage3 'Fix startup time from 5 minutes to 15 secs on raise interface wlan0' -sed -i 's/^TimeoutStartSec=5min/TimeoutStartSec=15/g' "/usr/lib/systemd/system/networking.service" - -status_stage3 'Enable runonce' -install -m755 /bsp/scripts/runonce /usr/sbin/ -cp -rf /bsp/runonce.d /etc -systemctl enable runonce - -status_stage3 'Clean up dpkg.eatmydata' -rm -f /usr/bin/dpkg -dpkg-divert --remove --rename /usr/bin/dpkg EOF # Run third stage -chmod 0755 "${work_dir}"/third-stage -status "Run third stage" -systemd-nspawn_exec /third-stage +include third_stage # Clean system include clean_system @@ -325,8 +226,8 @@ status "Rsyncing rootfs into image file" rsync -HPavz -q "${work_dir}"/ "${base_dir}"/root/ sync -## Nick the u-boot from Manjaro ARM to see if my compilation was somehow -## screwing things up +# Nick the u-boot from Manjaro ARM to see if my compilation was somehow screwing things up +status "dd to ${loopdevice} (u-boot bootloader)" cp ${current_dir}/bsp/bootloader/pinebook-pro/idbloader.img ${current_dir}/bsp/bootloader/pinebook-pro/trust.img ${current_dir}/bsp/bootloader/pinebook-pro/uboot.img ${base_dir}/root/boot/ dd if=${current_dir}/bsp/bootloader/pinebook-pro/idbloader.img of=${loopdevice} seek=64 conv=notrunc dd if=${current_dir}/bsp/bootloader/pinebook-pro/uboot.img of=${loopdevice} seek=16384 conv=notrunc @@ -334,30 +235,5 @@ dd if=${current_dir}/bsp/bootloader/pinebook-pro/trust.img of=${loopdevice} seek #TARGET="/usr/lib/u-boot/pinebook-pro-rk3399" /usr/bin/u-boot-install-rockchip ${loopdevice} -# Flush buffers and bytes - this is nicked from the Devuan arm-sdk -blockdev --flushbufs "${loopdevice}" -python3 -c 'import os; os.fsync(open("'${loopdevice}'", "r+b"))' - -# Unmount filesystem -status "Unmount filesystem" -umount -l "${rootp}" - -# Check filesystem -status "Check filesystem" -e2fsck -y -f "${rootp}" - -# Remove loop devices -status "Remove loop devices" -kpartx -dv "${loopdevice}" -losetup -d "${loopdevice}" - -# Compress image compilation -include compress_img - -# Clean up all the temporary build stuff and remove the directories -# Comment this out to keep things around if you want to see what may have gone wrong -clean_build - -# Quit -log "Done" green -exit 0 +# Load default finish_image configs +include finish_image diff --git a/pinebook.sh b/pinebook.sh index d95a75e..d4c2c3b 100755 --- a/pinebook.sh +++ b/pinebook.sh @@ -1,20 +1,12 @@ #!/usr/bin/env bash # # Kali Linux ARM build-script for Pinebook (64-bit) -# Source: https://gitlab.com/kalilinux/build-scripts/kali-arm +# https://gitlab.com/kalilinux/build-scripts/kali-arm # -# This is a supported device - which you can find pre-generated images for: https://www.kali.org/get-kali/ +# This is a supported device - which you can find pre-generated images for # More information: https://www.kali.org/docs/arm/pinebook/ # -# Stop on error -set -e - -# shellcheck disable=SC2154 -# Load general functions -# shellcheck source=/dev/null -source ./common.d/functions.sh - # Hardware model hw_model=${hw_model:-"pinebook"} # Architecture @@ -24,122 +16,23 @@ variant=${variant:-"${architecture}"} # Desktop manager (xfce, gnome, i3, kde, lxde, mate, e17 or none) desktop=${desktop:-"xfce"} -# Load common variables -include variables -# Checks script environment -include check -# Packages build list -include packages -# Execute initial debootstrap -debootstrap_exec http://http.kali.org/kali -# Enable eatmydata in compilation -include eatmydata -# debootstrap second stage -systemd-nspawn_exec eatmydata /debootstrap/debootstrap --second-stage -# Define sources.list -include sources.list -# APT options -include apt_options -# So X doesn't complain, we add kali to hosts -include hosts -# Set hostname -set_hostname "${hostname}" -# Network configs -include network +# Load default base_image configs +source ./common.d/base_image.sh + # Do not include wlan0 on a wireless only device, otherwise NetworkManager won't run # wlan0 requires special editing of the /etc/network/interfaces.d/wlan0 file, to add the wireless network and ssid +# Network configs +#include network #add_interface wlan0 -# Copy directory bsp into build dir -status "Copy directory bsp into build dir" -cp -rp bsp "${work_dir}" - -# Disable RESUME (suspend/resume is currently broken anyway!) which speeds up boot massively -mkdir -p ${work_dir}/etc/initramfs-tools/conf.d/ -cat << EOF > ${work_dir}/etc/initramfs-tools/conf.d/resume -RESUME=none -EOF - # Third stage -cat < "${work_dir}"/third-stage -#!/usr/bin/env bash -set -e -status_3i=0 -status_3t=\$(grep '^status_stage3 ' \$0 | wc -l) - -status_stage3() { - status_3i=\$((status_3i+1)) - echo " [i] Stage 3 (\${status_3i}/\${status_3t}): \$1" -} - -status_stage3 'Update apt' -export DEBIAN_FRONTEND=noninteractive -eatmydata apt-get update - -status_stage3 'Install core packages' -eatmydata apt-get -y install ${third_stage_pkgs} - -status_stage3 'Install packages' -eatmydata apt-get install -y ${packages} || eatmydata apt-get install -y --fix-broken - -status_stage3 'Install desktop packages' -eatmydata apt-get install -y ${desktop_pkgs} ${extra} || eatmydata apt-get install -y --fix-broken - -status_stage3 'ntp doesn't always sync the date, but systemd's timesyncd does, so we remove ntp and reinstall it with this' -eatmydata apt-get install -y systemd-timesyncd --autoremove - -status_stage3 'Clean up' -eatmydata apt-get -y --purge autoremove - -status_stage3 'Linux console/keyboard configuration' -echo 'console-common console-data/keymap/policy select Select keymap from full list' | debconf-set-selections -echo 'console-common console-data/keymap/full select en-latin1-nodeadkeys' | debconf-set-selections - -status_stage3 'Copy all services' -cp -p /bsp/services/all/*.service /etc/systemd/system/ +cat <> "${work_dir}"/third-stage +status_stage3 'Copy rpi services' cp -p /bsp/services/rpi/*.service /etc/systemd/system/ -status_stage3 'Script mode wlan monitor START/STOP' -install -m755 /bsp/scripts/monstart /usr/bin/ -install -m755 /bsp/scripts/monstop /usr/bin/ - status_stage3 'Install the kernel packages' eatmydata apt-get install -y dkms linux-image-arm64 u-boot-menu u-boot-sunxi -status_stage3 'Copy script pinebook-resizerootfs' -install -m755 /bsp/scripts/rpi-resizerootfs /usr/sbin/ -install -m755 /bsp/scripts/growpart /usr/local/bin/ - -status_stage3 'Enable rpi-resizerootfs first boot' -systemctl enable rpi-resizerootfs - -status_stage3 'Generate SSH host keys on first run' -systemctl enable regenerate_ssh_host_keys - -status_stage3 'Enable ssh' -systemctl enable ssh - -status_stage3 'Allow users to use NetworkManager over ssh' -install -m644 /bsp/polkit/10-NetworkManager.pkla /var/lib/polkit-1/localauthority/50-local.d - -status_stage3 'Set a REGDOMAIN' -sed -i -e 's/REGDOM.*/REGDOMAIN=00/g' /etc/default/crda || true - -status_stage3 'Enable login over serial' -echo "T0:23:respawn:/sbin/agetty -L ttyAMA0 115200 vt100" >> /etc/inittab - -status_stage3 'Try and make the console a bit nicer. Set the terminus font for a bit nicer display' -sed -i -e 's/FONTFACE=.*/FONTFACE="Terminus"/' /etc/default/console-setup -sed -i -e 's/FONTSIZE=.*/FONTSIZE="6x12"/' /etc/default/console-setup - -status_stage3 'Fix startup time from 5 minutes to 15 secs on raise interface wlan0' -sed -i 's/^TimeoutStartSec=5min/TimeoutStartSec=15/g' "/usr/lib/systemd/system/networking.service" - -status_stage3 'Enable runonce' -install -m755 /bsp/scripts/runonce /usr/sbin/ -cp -rf /bsp/runonce.d /etc -systemctl enable runonce - status_stage3 'Install touchpad config file' install -m644 /bsp/xorg/50-pine64-pinebook.touchpad.conf /etc/X11/xorg.conf.d/ @@ -178,15 +71,12 @@ dkms install rtl8723cs/2020.02.27 -k 5.10.0-kali9-arm64 status_stage3 'Replace the conf file after we have built the module and hope for the best' cp /bsp/configs/pinebook-dkms.conf /usr/src/rtl8723cs-2020.02.27/dkms.conf -status_stage3 'Clean up dpkg.eatmydata' -rm -f /usr/bin/dpkg -dpkg-divert --remove --rename /usr/bin/dpkg +status_stage3 'Enable login over serial (No password)' +echo "T0:23:respawn:/sbin/agetty -L ttyAMA0 115200 vt100" >> /etc/inittab EOF # Run third stage -chmod 0755 "${work_dir}"/third-stage -status "Run third stage" -systemd-nspawn_exec /third-stage +include third_stage # Clean system include clean_system @@ -262,32 +152,5 @@ dd conv=notrunc if=${work_dir}/usr/lib/u-boot/pinebook/sunxi-spl.bin of=${loopde dd conv=notrunc if=${work_dir}/usr/lib/u-boot/pinebook/u-boot-sunxi-with-spl.fit.itb of=${loopdevice} bs=8k seek=5 sync -cd "${current_dir}/" - -# Flush buffers and bytes - this is nicked from the Devuan arm-sdk -blockdev --flushbufs "${loopdevice}" -python3 -c 'import os; os.fsync(open("'${loopdevice}'", "r+b"))' - -# Unmount filesystem -status "Unmount filesystem" -umount -l "${rootp}" - -# Check filesystem -status "Check filesystem" -e2fsck -y -f "${rootp}" - -# Remove loop devices -status "Remove loop devices" -kpartx -dv "${loopdevice}" -losetup -d "${loopdevice}" - -# Compress image compilation -include compress_img - -# Clean up all the temporary build stuff and remove the directories -# Comment this out to keep things around if you want to see what may have gone wrong -clean_build - -# Quit -log "Done" green -exit 0 +# Load default finish_image configs +include finish_image diff --git a/rpi-64bit-minimal.sh b/rpi-64bit-minimal.sh deleted file mode 100755 index 15a65ce..0000000 --- a/rpi-64bit-minimal.sh +++ /dev/null @@ -1,236 +0,0 @@ -#!/usr/bin/env bash -# -# Kali Linux ARM build-script for Raspberry Pi 2 1.2/3/4/400 (64-bit) (Minimal) -# Source: https://gitlab.com/kalilinux/build-scripts/kali-arm -# -# This is a community script - you will need to generate your own image to use -# More information: https://www.kali.org/docs/arm/raspberry-pi-2-1.2/ -# - -# Stop on error -set -e - -# shellcheck disable=SC2154 -# Load general functions -# shellcheck source=/dev/null -source ./common.d/functions.sh - -# Hardware model -hw_model=${hw_model:-"rpi4"} -# Architecture -architecture=${architecture:-"arm64"} -# Variant name for image and dir build -variant=${variant:-"minimal-${architecture}"} -# Desktop manager (xfce, gnome, i3, kde, lxde, mate, e17 or none) -desktop=${desktop:-"none"} - -# Load common variables -include variables -# Checks script environment -include check -# Packages build list -include packages -# Execute initial debootstrap -debootstrap_exec http://http.kali.org/kali -# Enable eatmydata in compilation -include eatmydata -# debootstrap second stage -systemd-nspawn_exec eatmydata /debootstrap/debootstrap --second-stage -# Define sources.list -include sources.list -# APT options -include apt_options -# So X doesn't complain, we add kali to hosts -include hosts -# Set hostname -set_hostname "${hostname}" -# Network configs -include network -add_interface eth0 - -# Copy directory bsp into build dir -status "Copy directory bsp into build dir" -cp -rp bsp "${work_dir}" - -# Third stage -cat < "${work_dir}"/third-stage -#!/usr/bin/env bash -set -e -status_3i=0 -status_3t=\$(grep '^status_stage3 ' \$0 | wc -l) - -status_stage3() { - status_3i=\$((status_3i+1)) - echo " [i] Stage 3 (\${status_3i}/\${status_3t}): \$1" -} - -status_stage3 'Update apt' -export DEBIAN_FRONTEND=noninteractive -eatmydata apt-get update - -status_stage3 'Install core packages' -eatmydata apt-get -y install ${third_stage_pkgs} - -status_stage3 'Install packages' -eatmydata apt-get install -y ${packages} || eatmydata apt-get install -y --fix-broken - -status_stage3 'Install desktop packages' -eatmydata apt-get install -y ${desktop_pkgs} ${extra} || eatmydata apt-get install -y --fix-broken - -status_stage3 'Clean up' -eatmydata apt-get -y --purge autoremove - -status_stage3 'Linux console/keyboard configuration' -echo 'console-common console-data/keymap/policy select Select keymap from full list' | debconf-set-selections -echo 'console-common console-data/keymap/full select en-latin1-nodeadkeys' | debconf-set-selections - -status_stage3 'Copy all services' -cp -p /bsp/services/all/*.service /etc/systemd/system/ -cp -p /bsp/services/rpi/*.service /etc/systemd/system/ - -status_stage3 'Script mode wlan monitor START/STOP' -install -m755 /bsp/scripts/monstart /usr/bin/ -install -m755 /bsp/scripts/monstop /usr/bin/ - -status_stage3 'Copy script for handling wpa_supplicant file' -install -m755 /bsp/scripts/copy-user-wpasupplicant.sh /usr/bin/ - -status_stage3 'Install the kernel packages' -echo "deb http://http.re4son-kernel.com/re4son kali-pi main" > /etc/apt/sources.list.d/re4son.list -wget -qO /etc/apt/trusted.gpg.d/kali_pi-archive-keyring.gpg https://re4son-kernel.com/keys/http/kali_pi-archive-keyring.gpg -eatmydata apt-get update -eatmydata apt-get install -y ${re4son_pkgs} - -status_stage3 'Copy script rpi-resizerootfs' -install -m755 /bsp/scripts/rpi-resizerootfs /usr/sbin/ -install -m755 /bsp/scripts/growpart /usr/local/bin/ - -status_stage3 'Enable rpi-resizerootfs first boot' -systemctl enable rpi-resizerootfs - -status_stage3 'Generate SSH host keys on first run' -systemctl enable regenerate_ssh_host_keys - -status_stage3 'Enable ssh' -systemctl enable ssh - -status_stage3 'Enable copying of user wpa_supplicant.conf file' -systemctl enable copy-user-wpasupplicant - -status_stage3 'Enabling ssh by putting ssh or ssh.txt file in /boot' -systemctl enable enable-ssh - -status_stage3 'Allow users to use NetworkManager over ssh' -install -m644 /bsp/polkit/10-NetworkManager.pkla /var/lib/polkit-1/localauthority/50-local.d - -status_stage3 '# Set a REGDOMAIN' -sed -i -e 's/REGDOM.*/REGDOMAIN=00/g' /etc/default/crda || true - -status_stage3 'Try and make the console a bit nicer. Set the terminus font for a bit nicer display' -sed -i -e 's/FONTFACE=.*/FONTFACE="Terminus"/' /etc/default/console-setup -sed -i -e 's/FONTSIZE=.*/FONTSIZE="6x12"/' /etc/default/console-setup - -status_stage3 'Fix startup time from 5 minutes to 15 secs on raise interface wlan0' -sed -i 's/^TimeoutStartSec=5min/TimeoutStartSec=15/g' "/usr/lib/systemd/system/networking.service" - -status_stage3 'Enable runonce' -install -m755 /bsp/scripts/runonce /usr/sbin/ -cp -rf /bsp/runonce.d /etc -systemctl enable runonce - -status_stage3 'Clean up dpkg.eatmydata' -rm -f /usr/bin/dpkg -dpkg-divert --remove --rename /usr/bin/dpkg -EOF - -# Run third stage -chmod 0755 "${work_dir}"/third-stage -status "Run third stage" -systemd-nspawn_exec /third-stage - -# Configure Raspberry PI firmware -include rpi_firmware -# Compile Raspberry PI userland -include rpi_userland -# Finish tunning and clean system -include clean_system -trap clean_build ERR SIGTERM SIGINT - -# systemd doesn't seem to be generating the fstab properly for some people, so let's create one -status "/etc/fstab" -cat < "${work_dir}"/etc/fstab -# -proc /proc proc defaults 0 0 -LABEL=BOOT /boot vfat defaults 0 2 -EOF - -# Calculate the space to create the image and create -make_image - -# Create the disk partitions -status "Create the disk partitions" -parted -s "${image_dir}/${image_name}.img" mklabel msdos -parted -s "${image_dir}/${image_name}.img" mkpart primary fat32 1MiB "${bootsize}"MiB -parted -s -a minimal "${image_dir}/${image_name}.img" mkpart primary "$fstype" "${bootsize}"MiB 100% - -# Set the partition variables -loopdevice=$(losetup --show -fP "${image_dir}/${image_name}.img") -bootp="${loopdevice}p1" -rootp="${loopdevice}p2" - -# Create file systems -status "Formatting partitions" -mkfs.vfat -n BOOT -F 32 "${bootp}" -if [[ "$fstype" == "ext4" ]]; then - features="^64bit,^metadata_csum" -elif [[ "$fstype" == "ext3" ]]; then - features="^64bit" -fi -mkfs -O "$features" -t "$fstype" -L ROOTFS "${rootp}" - -# Create the dirs for the partitions and mount them -status "Create the dirs for the partitions and mount them" -mkdir -p "${base_dir}"/root/ -mount "${rootp}" "${base_dir}"/root -mkdir -p "${base_dir}"/root/boot -mount "${bootp}" "${base_dir}"/root/boot - -# Create an fstab so that we don't mount / read-only -status "/etc/fstab" -UUID=$(blkid -s UUID -o value ${rootp}) -echo "UUID=$UUID / $fstype errors=remount-ro 0 1" >> ${work_dir}/etc/fstab - -status "Rsyncing rootfs into image file" -rsync -HPavz -q --exclude boot "${work_dir}"/ "${base_dir}"/root/ -status "Rsyncing rootfs into image file (/boot)" -rsync -rtx -q "${work_dir}"/boot "${base_dir}"/root -sync - -# Flush buffers and bytes - this is nicked from the Devuan arm-sdk -blockdev --flushbufs "${loopdevice}" -python3 -c 'import os; os.fsync(open("'${loopdevice}'", "r+b"))' - -# Unmount filesystem -status "Unmount filesystem" -umount -l "${bootp}" -umount -l "${rootp}" - -# Check filesystem -status "Check filesystem" -dosfsck -w -r -a -t "$bootp" -e2fsck -y -f "${rootp}" - -# Remove loop devices -status "Remove loop devices" -losetup -d "${loopdevice}" - -# Compress image compilation -include compress_img - -# Clean up all the temporary build stuff and remove the directories -# Comment this out to keep things around if you want to see what may have gone wrong -clean_build - -# Quit -log "Done" green -exit 0 diff --git a/rpi-64bit.sh b/rpi-64bit.sh index f2d37ab..9201d32 100755 --- a/rpi-64bit.sh +++ b/rpi-64bit.sh @@ -1,20 +1,12 @@ #!/usr/bin/env bash # # Kali Linux ARM build-script for Raspberry Pi 2 1.2/3/4/400 (64-bit) -# Source: https://gitlab.com/kalilinux/build-scripts/kali-arm +# https://gitlab.com/kalilinux/build-scripts/kali-arm # -# This is a supported device - which you can find pre-generated images for: https://www.kali.org/get-kali/ +# This is a supported device - which you can find pre-generated images for # More information: https://www.kali.org/docs/arm/raspberry-pi-2-1.2/ # -# Stop on error -set -e - -# shellcheck disable=SC2154 -# Load general functions -# shellcheck source=/dev/null -source ./common.d/functions.sh - # Hardware model hw_model=${hw_model:-"rpi"} # Architecture @@ -24,71 +16,16 @@ variant=${variant:-"${architecture}"} # Desktop manager (xfce, gnome, i3, kde, lxde, mate, e17 or none) desktop=${desktop:-"xfce"} -# Load common variables -include variables -# Checks script environment -include check -# Packages build list -include packages -# Execute initial debootstrap -debootstrap_exec http://http.kali.org/kali -# Enable eatmydata in compilation -include eatmydata -# debootstrap second stage -systemd-nspawn_exec eatmydata /debootstrap/debootstrap --second-stage -# Define sources.list -include sources.list -# APT options -include apt_options -# So X doesn't complain, we add kali to hosts -include hosts -# Set hostname -set_hostname "${hostname}" +# Load default base_image configs +source ./common.d/base_image.sh + # Network configs include network add_interface eth0 -# Copy directory bsp into build dir -status "Copy directory bsp into build dir" -cp -rp bsp "${work_dir}" - # Third stage -cat < "${work_dir}"/third-stage -#!/usr/bin/env bash -set -e -status_3i=0 -status_3t=\$(grep '^status_stage3 ' \$0 | wc -l) - -status_stage3() { - status_3i=\$((status_3i+1)) - echo " [i] Stage 3 (\${status_3i}/\${status_3t}): \$1" -} - -status_stage3 'Update apt' -export DEBIAN_FRONTEND=noninteractive -eatmydata apt-get update - -status_stage3 'Install core packages' -eatmydata apt-get -y install ${third_stage_pkgs} - -status_stage3 'Install packages' -eatmydata apt-get install -y ${packages} || eatmydata apt-get install -y --fix-broken - -status_stage3 'Install desktop packages' -eatmydata apt-get install -y ${desktop_pkgs} ${extra} || eatmydata apt-get install -y --fix-broken - -status_stage3 'ntp doesn't always sync the date, but systemd's timesyncd does, so we remove ntp and reinstall it with this' -eatmydata apt-get install -y systemd-timesyncd --autoremove - -status_stage3 'Clean up' -eatmydata apt-get -y --purge autoremove - -status_stage3 'Linux console/keyboard configuration' -echo 'console-common console-data/keymap/policy select Select keymap from full list' | debconf-set-selections -echo 'console-common console-data/keymap/full select en-latin1-nodeadkeys' | debconf-set-selections - -status_stage3 'Copy all services' -cp -p /bsp/services/all/*.service /etc/systemd/system/ +cat <> "${work_dir}"/third-stage +status_stage3 'Copy rpi services' cp -p /bsp/services/rpi/*.service /etc/systemd/system/ status_stage3 'Script mode wlan monitor START/STOP' @@ -101,63 +38,28 @@ wget -qO /etc/apt/trusted.gpg.d/kali_pi-archive-keyring.gpg https://re4son-kerne eatmydata apt-get update eatmydata apt-get install -y ${re4son_pkgs} -status_stage3 'Copy script rpi-resizerootfs' -install -m755 /bsp/scripts/rpi-resizerootfs /usr/sbin/ -install -m755 /bsp/scripts/growpart /usr/local/bin/ - status_stage3 'Copy script for handling wpa_supplicant file' install -m755 /bsp/scripts/copy-user-wpasupplicant.sh /usr/bin/ -status_stage3 'Enable rpi-resizerootfs first boot' -systemctl enable rpi-resizerootfs - -status_stage3 'Generate SSH host keys on first run' -systemctl enable regenerate_ssh_host_keys - -status_stage3 'Enable ssh' -systemctl enable ssh - status_stage3 'Enable copying of user wpa_supplicant.conf file' systemctl enable copy-user-wpasupplicant status_stage3 'Enabling ssh by putting ssh or ssh.txt file in /boot' systemctl enable enable-ssh -status_stage3 'Allow users to use NetworkManager over ssh' -install -m644 /bsp/polkit/10-NetworkManager.pkla /var/lib/polkit-1/localauthority/50-local.d - -status_stage3 'Set a REGDOMAIN' -sed -i -e 's/REGDOM.*/REGDOMAIN=00/g' /etc/default/crda - -status_stage3 'Enable login over serial' +status_stage3 'Enable login over serial (No password)' echo "T0:23:respawn:/sbin/agetty -L ttyAMA0 115200 vt100" >> /etc/inittab - -status_stage3 'Try and make the console a bit nicer. Set the terminus font for a bit nicer display' -sed -i -e 's/FONTFACE=.*/FONTFACE="Terminus"/' /etc/default/console-setup -sed -i -e 's/FONTSIZE=.*/FONTSIZE="6x12"/' /etc/default/console-setup - -status_stage3 'Fix startup time from 5 minutes to 15 secs on raise interface wlan0' -sed -i 's/^TimeoutStartSec=5min/TimeoutStartSec=15/g' "/usr/lib/systemd/system/networking.service" - -status_stage3 'Enable runonce' -install -m755 /bsp/scripts/runonce /usr/sbin/ -cp -rf /bsp/runonce.d /etc -systemctl enable runonce - -status_stage3 'Clean up dpkg.eatmydata' -rm -f /usr/bin/dpkg -dpkg-divert --remove --rename /usr/bin/dpkg EOF # Run third stage -chmod 0755 "${work_dir}"/third-stage -status "Run third stage" -systemd-nspawn_exec /third-stage +include third_stage -# Configure RaspberryPi firmware (set config.txt to 64bit) +# Configure Raspberry Pi firmware (set config.txt to 64-bit) include rpi_firmware -# Compile RaspberryPi userland + +# Compile Raspberry Pi userland include rpi_userland + # Clean system include clean_system trap clean_build ERR SIGTERM SIGINT @@ -208,35 +110,11 @@ echo "UUID=$UUID / $fstype errors=remount-ro 0 1" >> ${wo status "Rsyncing rootfs into image file" rsync -HPavz -q --exclude boot "${work_dir}"/ "${base_dir}"/root/ +sync + status "Rsyncing rootfs into image file (/boot)" rsync -rtx -q "${work_dir}"/boot "${base_dir}"/root sync -# Flush buffers and bytes - this is nicked from the Devuan arm-sdk -blockdev --flushbufs "${loopdevice}" -python3 -c 'import os; os.fsync(open("'${loopdevice}'", "r+b"))' - -# Unmount filesystem -status "Unmount filesystem" -umount -l "${bootp}" -umount -l "${rootp}" - -# Check filesystem -status "Check filesystem" -dosfsck -w -r -a -t "$bootp" -e2fsck -y -f "${rootp}" - -# Remove loop devices -status "Remove loop devices" -losetup -d "${loopdevice}" - -# Compress image compilation -include compress_img - -# Clean up all the temporary build stuff and remove the directories -# Comment this out to keep things around if you want to see what may have gone wrong -clean_build - -# Quit -log "Done" green -exit 0 +# Load default finish_image configs +include finish_image diff --git a/rpi.sh b/rpi.sh index 2b1ebcb..76d5ba7 100755 --- a/rpi.sh +++ b/rpi.sh @@ -1,20 +1,12 @@ #!/usr/bin/env bash # # Kali Linux ARM build-script for Raspberry Pi 2/3/4/400 (32-bit) -# Source: https://gitlab.com/kalilinux/build-scripts/kali-arm +# https://gitlab.com/kalilinux/build-scripts/kali-arm # -# This is a supported device - which you can find pre-generated images for: https://www.kali.org/get-kali/ +# This is a supported device - which you can find pre-generated images for # More information: https://www.kali.org/docs/arm/raspberry-pi-2/ # -# Stop on error -set -e - -# shellcheck disable=SC2154 -# Load general functions -# shellcheck source=/dev/null -source ./common.d/functions.sh - # Hardware model hw_model=${hw_model:-"rpi"} # Architecture @@ -24,71 +16,16 @@ variant=${variant:-"${architecture}"} # Desktop manager (xfce, gnome, i3, kde, lxde, mate, e17 or none) desktop=${desktop:-"xfce"} -# Load common variables -include variables -# Checks script environment -include check -# Packages build list -include packages -# Execute initial debootstrap -debootstrap_exec http://http.kali.org/kali -# Enable eatmydata in compilation -include eatmydata -# debootstrap second stage -systemd-nspawn_exec eatmydata /debootstrap/debootstrap --second-stage -# Define sources.list -include sources.list -# APT options -include apt_options -# So X doesn't complain, we add kali to hosts -include hosts -# Set hostname -set_hostname "${hostname}" +# Load default base_image configs +source ./common.d/base_image.sh + # Network configs include network add_interface eth0 -# Copy directory bsp into build dir -status "Copy directory bsp into build dir" -cp -rp bsp "${work_dir}" - # Third stage -cat < "${work_dir}"/third-stage -#!/usr/bin/env bash -set -e -status_3i=0 -status_3t=\$(grep '^status_stage3 ' \$0 | wc -l) - -status_stage3() { - status_3i=\$((status_3i+1)) - echo " [i] Stage 3 (\${status_3i}/\${status_3t}): \$1" -} - -status_stage3 'Update apt' -export DEBIAN_FRONTEND=noninteractive -eatmydata apt-get update - -status_stage3 'Install core packages' -eatmydata apt-get -y install ${third_stage_pkgs} - -status_stage3 'Install packages' -eatmydata apt-get install -y ${packages} || eatmydata apt-get install -y --fix-broken - -status_stage3 'Install desktop packages' -eatmydata apt-get install -y ${desktop_pkgs} ${extra} || eatmydata apt-get install -y --fix-broken - -status_stage3 'ntp doesn't always sync the date, but systemd's timesyncd does, so we remove ntp and reinstall it with this' -eatmydata apt-get install -y systemd-timesyncd --autoremove - -status_stage3 'Clean up' -eatmydata apt-get -y --purge autoremove - -status_stage3 'Linux console/keyboard configuration' -echo 'console-common console-data/keymap/policy select Select keymap from full list' | debconf-set-selections -echo 'console-common console-data/keymap/full select en-latin1-nodeadkeys' | debconf-set-selections - -status_stage3 'Copy all services' -cp -p /bsp/services/all/*.service /etc/systemd/system/ +cat <> "${work_dir}"/third-stage +status_stage3 'Copy rpi services' cp -p /bsp/services/rpi/*.service /etc/systemd/system/ status_stage3 'Script mode wlan monitor START/STOP' @@ -101,64 +38,28 @@ wget -qO /etc/apt/trusted.gpg.d/kali_pi-archive-keyring.gpg https://re4son-kerne eatmydata apt-get update eatmydata apt-get install -y ${re4son_pkgs} -status_stage3 'Copy script rpi-resizerootfs' -install -m755 /bsp/scripts/rpi-resizerootfs /usr/sbin/ -install -m755 /bsp/scripts/growpart /usr/local/bin/ - status_stage3 'Copy script for handling wpa_supplicant file' install -m755 /bsp/scripts/copy-user-wpasupplicant.sh /usr/bin/ -status_stage3 'Enable rpi-resizerootfs first boot' -systemctl enable rpi-resizerootfs - -status_stage3 'Generate SSH host keys on first run' -systemctl enable regenerate_ssh_host_keys - -status_stage3 'Enable ssh' -systemctl enable ssh - status_stage3 'Enable copying of user wpa_supplicant.conf file' systemctl enable copy-user-wpasupplicant status_stage3 'Enabling ssh by putting ssh or ssh.txt file in /boot' systemctl enable enable-ssh -status_stage3 'Allow users to use NetworkManager over ssh' -install -m644 /bsp/polkit/10-NetworkManager.pkla /var/lib/polkit-1/localauthority/50-local.d - -status_stage3 'Set a REGDOMAIN. This needs to be done or wireless doesnt work correctly on the RPi 3B+' -sed -i -e 's/REGDOM.*/REGDOMAIN=00/g' /etc/default/crda - -status_stage3 'Enable login over serial' -echo "T0:23:respawn:/sbin/agetty -L ttyAMA0 115200 vt100" >> /etc/inittab - -status_stage3 'Try and make the console a bit nicer. Set the terminus font for a bit nicer display' -sed -i -e 's/FONTFACE=.*/FONTFACE="Terminus"/' /etc/default/console-setup -sed -i -e 's/FONTSIZE=.*/FONTSIZE="6x12"/' /etc/default/console-setup - -status_stage3 'Fix startup time from 5 minutes to 15 secs on raise interface wlan0' -sed -i 's/^TimeoutStartSec=5min/TimeoutStartSec=15/g' "/usr/lib/systemd/system/networking.service" - status_stage3 'Disable haveged daemon' systemctl disable haveged -status_stage3 'Enable runonce' -install -m755 /bsp/scripts/runonce /usr/sbin/ -cp -rf /bsp/runonce.d /etc -systemctl enable runonce - -status_stage3 'Clean up dpkg.eatmydata' -rm -f /usr/bin/dpkg -dpkg-divert --remove --rename /usr/bin/dpkg +status_stage3 'Enable login over serial (No password)' +echo "T0:23:respawn:/sbin/agetty -L ttyAMA0 115200 vt100" >> /etc/inittab EOF # Run third stage -chmod 0755 "${work_dir}"/third-stage -status "Run third stage" -systemd-nspawn_exec /third-stage +include third_stage -# Configure Raspberry Pi firmware (set config.txt to 64-bit) +# Configure Raspberry Pi firmware include rpi_firmware + # Clean system include clean_system trap clean_build ERR SIGTERM SIGINT @@ -215,31 +116,5 @@ status "Rsyncing rootfs into image file (/boot)" rsync -rtx -q "${work_dir}"/boot "${base_dir}"/root sync -# Flush buffers and bytes - this is nicked from the Devuan arm-sdk -blockdev --flushbufs "${loopdevice}" -python3 -c 'import os; os.fsync(open("'${loopdevice}'", "r+b"))' - -# Unmount filesystem -status "Unmount filesystem" -umount -l "${bootp}" -umount -l "${rootp}" - -# Check filesystem -status "Check filesystem" -dosfsck -w -r -a -t "$bootp" -e2fsck -y -f "${rootp}" - -# Remove loop devices -status "Remove loop devices" -losetup -d "${loopdevice}" - -# Compress image compilation -include compress_img - -# Clean up all the temporary build stuff and remove the directories -# Comment this out to keep things around if you want to see what may have gone wrong -clean_build - -# Quit -log "Done" green -exit 0 +# Load default finish_image configs +include finish_image diff --git a/rpi0w-pitail.sh b/rpi0w-pitail.sh index cafe08f..1e5d6d3 100755 --- a/rpi0w-pitail.sh +++ b/rpi0w-pitail.sh @@ -1,20 +1,12 @@ #!/usr/bin/env bash # -# Kali Linux ARM build-script for Raspberry Pi Zero W (Pi-Tail) (32-bit) -# Source: https://gitlab.com/kalilinux/build-scripts/kali-arm +# Kali Linux ARM build-script for Raspberry Pi Zero W (Pi-Tail) +# https://gitlab.com/kalilinux/build-scripts/kali-arm # -# This is a supported device - which you can find pre-generated images for: https://www.kali.org/get-kali/ +# This is a supported device - which you can find pre-generated images for # More information: https://www.kali.org/docs/arm/raspberry-pi-zero-w-pi-tail/ # -# Stop on error -set -e - -# shellcheck disable=SC2154 -# Load general functions -# shellcheck source=/dev/null -source ./common.d/functions.sh - # Hardware model hw_model=${hw_model:-"rpi0w-pitail"} # Architecture @@ -24,33 +16,8 @@ variant=${variant:-"${architecture}"} # Desktop manager (xfce, gnome, i3, kde, lxde, mate, e17 or none) desktop=${desktop:-"xfce"} -# Load common variables -include variables -# Checks script environment -include check -# Packages build list -include packages -# Execute initial debootstrap -debootstrap_exec http://http.kali.org/kali -# Enable eatmydata in compilation -include eatmydata -# debootstrap second stage -systemd-nspawn_exec eatmydata /debootstrap/debootstrap --second-stage -# Define sources.list -include sources.list -# APT options -include apt_options -# So X doesn't complain, we add kali to hosts -include hosts -# Set hostname -set_hostname "${hostname}" -# Network configs -#include network -#add_interface wlan0 - -# Copy directory bsp into build dir -status "Copy directory bsp into build dir" -cp -rp bsp "${work_dir}" +# Load default base_image configs +source ./common.d/base_image.sh # Download Pi-Tail files git clone --depth 1 https://github.com/re4son/Kali-Pi ${work_dir}/opt/Kali-Pi @@ -87,17 +54,7 @@ chmod 0750 ${work_dir}/etc/skel/.vnc/xstartup # Third stage -cat < "${work_dir}"/third-stage -#!/usr/bin/env bash -set -e -status_3i=0 -status_3t=\$(grep '^status_stage3 ' \$0 | wc -l) - -status_stage3() { - status_3i=\$((status_3i+1)) - echo " [i] Stage 3 (\${status_3i}/\${status_3t}): \$1" -} - +cat <> "${work_dir}"/third-stage status_stage3 'Create kali user' # Normally this would be done by runonce, however, because this image is special, and needs the kali home directory # to exist before the first boot, we create it here, and remove the script that does it in the runonce stuff later. @@ -114,34 +71,10 @@ groupadd -g 1000 kali useradd -m -u 1000 -g 1000 -G sudo,audio,bluetooth,cdrom,dialout,dip,lpadmin,netdev,plugdev,scanner,video,kali -s /bin/bash kali echo "kali:kali" | chpasswd -status_stage3 'Update apt' -export DEBIAN_FRONTEND=noninteractive -eatmydata apt-get update - -status_stage3 'Install core packages' -eatmydata apt-get -y install ${third_stage_pkgs} - -status_stage3 'Install packages' -eatmydata apt-get install -y ${packages} || eatmydata apt-get install -y --fix-broken - -status_stage3 'Install desktop packages' -eatmydata apt-get install -y ${desktop_pkgs} ${extra} || eatmydata apt-get install -y --fix-broken - status_stage3 'Install PiTail packages' eatmydata apt-get install -y ${pitail_pkgs} || eatmydata apt-get install -y --fix-broken -status_stage3 'ntp does not always sync the date, but systemd-timesyncd does, so we remove ntp and reinstall it with this' -eatmydata apt-get install -y systemd-timesyncd --autoremove - -status_stage3 'Clean up' -eatmydata apt-get -y --purge autoremove - -status_stage3 'Linux console/keyboard configuration' -echo 'console-common console-data/keymap/policy select Select keymap from full list' | debconf-set-selections -echo 'console-common console-data/keymap/full select en-latin1-nodeadkeys' | debconf-set-selections - -status_stage3 'Copy all services' -cp -p /bsp/services/all/*.service /etc/systemd/system/ +status_stage3 'Copy rpi services' cp -p /bsp/services/rpi/*.service /etc/systemd/system/ status_stage3 'Script mode wlan monitor START/STOP' @@ -154,36 +87,17 @@ wget -qO /etc/apt/trusted.gpg.d/kali_pi-archive-keyring.gpg https://re4son-kerne eatmydata apt-get update eatmydata apt-get install -y ${re4son_pkgs} -status_stage3 'Copy script rpi-resizerootfs' -install -m755 /bsp/scripts/rpi-resizerootfs /usr/sbin/ -install -m755 /bsp/scripts/growpart /usr/local/bin/ - status_stage3 'Copy script for handling wpa_supplicant file' install -m755 /bsp/scripts/copy-user-wpasupplicant.sh /usr/bin/ -status_stage3 'Enable rpi-resizerootfs first boot' -systemctl enable rpi-resizerootfs - -status_stage3 'Generate SSH host keys on first run' -systemctl enable regenerate_ssh_host_keys - -status_stage3 'Enable ssh' -systemctl enable ssh - status_stage3 'Enable copying of user wpa_supplicant.conf file' systemctl enable copy-user-wpasupplicant status_stage3 'Enabling ssh by putting ssh or ssh.txt file in /boot' systemctl enable enable-ssh -status_stage3 'Allow users to use NetworkManager over ssh' -install -m644 /bsp/polkit/10-NetworkManager.pkla /var/lib/polkit-1/localauthority/50-local.d - -status_stage3 'Set a REGDOMAIN' -sed -i -e 's/REGDOM.*/REGDOMAIN=00/g' /etc/default/crda - -status_stage3 'Enable login over serial' -echo "T0:23:respawn:/sbin/agetty -L ttyAMA0 115200 vt100" >> /etc/inittab +status_stage3 'Disable haveged daemon' +systemctl disable haveged status_stage3 'Whitelist /dev/ttyGS0 so that users can login over the gadget serial device if they enable it' # https://github.com/offensive-security/kali-arm-build-scripts/issues/151 @@ -204,8 +118,9 @@ echo "dmesg -D" >> /etc/rc.local echo "exit 0" >> /etc/rc.local chmod +x /etc/rc.local -status_stage3 'Copy bashrc for root user' -cp /etc/skel/.bashrc /root/.bashrc +status_stage3 'Copy bashrc for root and kali users' +cp /etc/skel/.bashrc /root/.bashrc +cp /etc/skel/.bashrc /home/kali/.bashrc status_stage3 'Copy xstartup for root and kali users' cp -r /etc/skel/.vnc /root/ @@ -241,29 +156,15 @@ echo kalikali | vncpasswd -f > /home/kali/.vnc/passwd chown -R kali:kali /home/kali/.vnc chmod 0600 /home/kali/.vnc/passwd -status_stage3 'Try and make the console a bit nicer. Set the terminus font for a bit nicer display' -sed -i -e 's/FONTFACE=.*/FONTFACE="Terminus"/' /etc/default/console-setup -sed -i -e 's/FONTSIZE=.*/FONTSIZE="6x12"/' /etc/default/console-setup - -status_stage3 'Fix startup time from 5 minutes to 15 secs on raise interface wlan0' -sed -i 's/^TimeoutStartSec=5min/TimeoutStartSec=15/g' "/usr/lib/systemd/system/networking.service" - -status_stage3 'Enable runonce' -install -m755 /bsp/scripts/runonce /usr/sbin/ -cp -rf /bsp/runonce.d /etc -# As noted above, remove the creation of the kali user, since we do it above. +status_stage3 'Remove the creation of the kali user, since we do it above' rm /etc/runonce.d/00-add-user -systemctl enable runonce -status_stage3 'Clean up dpkg.eatmydata' -rm -f /usr/bin/dpkg -dpkg-divert --remove --rename /usr/bin/dpkg +status_stage3 'Enable login over serial (No password)' +echo "T0:23:respawn:/sbin/agetty -L ttyAMA0 115200 vt100" >> /etc/inittab EOF # Run third stage -chmod 0755 "${work_dir}"/third-stage -status "Run third stage" -systemd-nspawn_exec /third-stage +include third_stage ## Fix the the infamous “Authentication Required to Create Managed Color Device” in vnc cat << EOF > ${work_dir}/etc/polkit-1/localauthority/50-local.d/45-allow-colord.pkla @@ -335,35 +236,11 @@ mount "${bootp}" "${base_dir}"/root/boot status "Rsyncing rootfs into image file" rsync -HPavz -q --exclude boot "${work_dir}"/ "${base_dir}"/root/ +sync + status "Rsyncing rootfs into image file (/boot)" rsync -rtx -q "${work_dir}"/boot "${base_dir}"/root sync -# Flush buffers and bytes - this is nicked from the Devuan arm-sdk -blockdev --flushbufs "${loopdevice}" -python3 -c 'import os; os.fsync(open("'${loopdevice}'", "r+b"))' - -# Unmount filesystem -status "Unmount filesystem" -umount -l "${bootp}" -umount -l "${rootp}" - -# Check filesystem -status "Check filesystem" -dosfsck -w -r -a -t "$bootp" -e2fsck -y -f "${rootp}" - -# Remove loop devices -status "Remove loop devices" -losetup -d "${loopdevice}" - -# Compress image compilation -include compress_img - -# Clean up all the temporary build stuff and remove the directories -# Comment this out to keep things around if you want to see what may have gone wrong -clean_build - -# Quit -log "Done" green -exit 0 +# Load default finish_image configs +include finish_image diff --git a/rpi0w.sh b/rpi0w.sh index 9bfc4eb..cfc277b 100755 --- a/rpi0w.sh +++ b/rpi0w.sh @@ -1,20 +1,12 @@ #!/usr/bin/env bash # # Kali Linux ARM build-script for Raspberry Pi Zero W (32-bit) -# Source: https://gitlab.com/kalilinux/build-scripts/kali-arm +# https://gitlab.com/kalilinux/build-scripts/kali-arm # -# This is a supported device - which you can find pre-generated images for: https://www.kali.org/get-kali/ +# This is a supported device - which you can find pre-generated images for # More information: https://www.kali.org/docs/arm/raspberry-pi-zero-w/ # -# Stop on error -set -e - -# shellcheck disable=SC2154 -# Load general functions -# shellcheck source=/dev/null -source ./common.d/functions.sh - # Hardware model hw_model=${hw_model:-"rpi0w"} # Architecture @@ -24,71 +16,12 @@ variant=${variant:-"${architecture}"} # Desktop manager (xfce, gnome, i3, kde, lxde, mate, e17 or none) desktop=${desktop:-"xfce"} -# Load common variables -include variables -# Checks script environment -include check -# Packages build list -include packages -# Execute initial debootstrap -debootstrap_exec http://http.kali.org/kali -# Enable eatmydata in compilation -include eatmydata -# debootstrap second stage -systemd-nspawn_exec eatmydata /debootstrap/debootstrap --second-stage -# Define sources.list -include sources.list -# APT options -include apt_options -# So X doesn't complain, we add kali to hosts -include hosts -# Set hostname -set_hostname "${hostname}" -# Network configs -#include network -#add_interface wlan0 - -# Copy directory bsp into build dir -status "Copy directory bsp into build dir" -cp -rp bsp "${work_dir}" +# Load default base_image configs +source ./common.d/base_image.sh # Third stage -cat < "${work_dir}"/third-stage -#!/usr/bin/env bash -set -e -status_3i=0 -status_3t=\$(grep '^status_stage3 ' \$0 | wc -l) - -status_stage3() { - status_3i=\$((status_3i+1)) - echo " [i] Stage 3 (\${status_3i}/\${status_3t}): \$1" -} - -status_stage3 'Update apt' -export DEBIAN_FRONTEND=noninteractive -eatmydata apt-get update - -status_stage3 'Install core packages' -eatmydata apt-get -y install ${third_stage_pkgs} - -status_stage3 'Install packages' -eatmydata apt-get install -y ${packages} || eatmydata apt-get install -y --fix-broken - -status_stage3 'Install desktop packages' -eatmydata apt-get install -y ${desktop_pkgs} ${extra} || eatmydata apt-get install -y --fix-broken - -status_stage3 'ntp doesn't always sync the date, but systemd's timesyncd does, so we remove ntp and reinstall it with this' -eatmydata apt-get install -y systemd-timesyncd --autoremove - -status_stage3 'Clean up' -eatmydata apt-get -y --purge autoremove - -status_stage3 'Linux console/keyboard configuration' -echo 'console-common console-data/keymap/policy select Select keymap from full list' | debconf-set-selections -echo 'console-common console-data/keymap/full select en-latin1-nodeadkeys' | debconf-set-selections - -status_stage3 'Copy all services' -cp -p /bsp/services/all/*.service /etc/systemd/system/ +cat <> "${work_dir}"/third-stage +status_stage3 'Copy rpi services' cp -p /bsp/services/rpi/*.service /etc/systemd/system/ status_stage3 'Script mode wlan monitor START/STOP' @@ -101,64 +34,28 @@ wget -qO /etc/apt/trusted.gpg.d/kali_pi-archive-keyring.gpg https://re4son-kerne eatmydata apt-get update eatmydata apt-get install -y ${re4son_pkgs} -status_stage3 'Copy script rpi-resizerootfs' -install -m755 /bsp/scripts/rpi-resizerootfs /usr/sbin/ -install -m755 /bsp/scripts/growpart /usr/local/bin/ - status_stage3 'Copy script for handling wpa_supplicant file' install -m755 /bsp/scripts/copy-user-wpasupplicant.sh /usr/bin/ -status_stage3 'Enable rpi-resizerootfs first boot' -systemctl enable rpi-resizerootfs - -status_stage3 'Generate SSH host keys on first run' -systemctl enable regenerate_ssh_host_keys - -status_stage3 'Enable ssh' -systemctl enable ssh - status_stage3 'Enable copying of user wpa_supplicant.conf file' systemctl enable copy-user-wpasupplicant status_stage3 'Enabling ssh by putting ssh or ssh.txt file in /boot' systemctl enable enable-ssh -status_stage3 'Allow users to use NetworkManager over ssh' -install -m644 /bsp/polkit/10-NetworkManager.pkla /var/lib/polkit-1/localauthority/50-local.d - -status_stage3 'Set a REGDOMAIN' -sed -i -e 's/REGDOM.*/REGDOMAIN=00/g' /etc/default/crda - -status_stage3 'Enable login over serial' -echo "T0:23:respawn:/sbin/agetty -L ttyAMA0 115200 vt100" >> /etc/inittab - -status_stage3 'Try and make the console a bit nicer. Set the terminus font for a bit nicer display' -sed -i -e 's/FONTFACE=.*/FONTFACE="Terminus"/' /etc/default/console-setup -sed -i -e 's/FONTSIZE=.*/FONTSIZE="6x12"/' /etc/default/console-setup - -status_stage3 'Fix startup time from 5 minutes to 15 secs on raise interface wlan0' -sed -i 's/^TimeoutStartSec=5min/TimeoutStartSec=15/g' "/usr/lib/systemd/system/networking.service" - status_stage3 'Disable haveged daemon' systemctl disable haveged -status_stage3 'Enable runonce' -install -m755 /bsp/scripts/runonce /usr/sbin/ -cp -rf /bsp/runonce.d /etc -systemctl enable runonce - -status_stage3 'Clean up dpkg.eatmydata' -rm -f /usr/bin/dpkg -dpkg-divert --remove --rename /usr/bin/dpkg +status_stage3 'Enable login over serial (No password)' +echo "T0:23:respawn:/sbin/agetty -L ttyAMA0 115200 vt100" >> /etc/inittab EOF # Run third stage -chmod 0755 "${work_dir}"/third-stage -status "Run third stage" -systemd-nspawn_exec /third-stage +include third_stage -# Configure RaspberryPi firmware (set config.txt to 64bit) +# Configure Raspberry Pi firmware include rpi_firmware + # Clean system include clean_system trap clean_build ERR SIGTERM SIGINT @@ -209,35 +106,11 @@ echo "UUID=$UUID / $fstype errors=remount-ro 0 1" >> ${wo status "Rsyncing rootfs into image file" rsync -HPavz -q --exclude boot "${work_dir}"/ "${base_dir}"/root/ +sync + status "Rsyncing rootfs into image file (/boot)" rsync -rtx -q "${work_dir}"/boot "${base_dir}"/root sync -# Flush buffers and bytes - this is nicked from the Devuan arm-sdk -blockdev --flushbufs "${loopdevice}" -python3 -c 'import os; os.fsync(open("'${loopdevice}'", "r+b"))' - -# Unmount filesystem -status "Unmount filesystem" -umount -l "${bootp}" -umount -l "${rootp}" - -# Check filesystem -status "Check filesystem" -dosfsck -w -r -a -t "$bootp" -e2fsck -y -f "${rootp}" - -# Remove loop devices -status "Remove loop devices" -losetup -d "${loopdevice}" - -# Compress image compilation -include compress_img - -# Clean up all the temporary build stuff and remove the directories -# Comment this out to keep things around if you want to see what may have gone wrong -clean_build - -# Quit -log "Done" green -exit 0 +# Load default finish_image configs +include finish_image diff --git a/rpi1.sh b/rpi1.sh index 6856ed0..fbea2f6 100755 --- a/rpi1.sh +++ b/rpi1.sh @@ -1,20 +1,12 @@ #!/usr/bin/env bash # # Kali Linux ARM build-script for Raspberry Pi 1 (Original) (32-bit) -# Source: https://gitlab.com/kalilinux/build-scripts/kali-arm +# https://gitlab.com/kalilinux/build-scripts/kali-arm # -# This is a supported device - which you can find pre-generated images for: https://www.kali.org/get-kali/ +# This is a supported device - which you can find pre-generated images for # More information: https://www.kali.org/docs/arm/raspberry-pi/ # -# Stop on error -set -e - -# shellcheck disable=SC2154 -# Load general functions -# shellcheck source=/dev/null -source ./common.d/functions.sh - # Hardware model hw_model=${hw_model:-"rpi1"} # Architecture @@ -24,71 +16,16 @@ variant=${variant:-"${architecture}"} # Desktop manager (xfce, gnome, i3, kde, lxde, mate, e17 or none) desktop=${desktop:-"xfce"} -# Load common variables -include variables -# Checks script environment -include check -# Packages build list -include packages -# Execute initial debootstrap -debootstrap_exec http://http.kali.org/kali -# Enable eatmydata in compilation -include eatmydata -# debootstrap second stage -systemd-nspawn_exec eatmydata /debootstrap/debootstrap --second-stage -# Define sources.list -include sources.list -# APT options -include apt_options -# So X doesn't complain, we add kali to hosts -include hosts -# Set hostname -set_hostname "${hostname}" +# Load default base_image configs +source ./common.d/base_image.sh + # Network configs include network add_interface eth0 -# Copy directory bsp into build dir -status "Copy directory bsp into build dir" -cp -rp bsp "${work_dir}" - # Third stage -cat < "${work_dir}"/third-stage -#!/usr/bin/env bash -set -e -status_3i=0 -status_3t=\$(grep '^status_stage3 ' \$0 | wc -l) - -status_stage3() { - status_3i=\$((status_3i+1)) - echo " [i] Stage 3 (\${status_3i}/\${status_3t}): \$1" -} - -status_stage3 'Update apt' -export DEBIAN_FRONTEND=noninteractive -eatmydata apt-get update - -status_stage3 'Install core packages' -eatmydata apt-get -y install ${third_stage_pkgs} - -status_stage3 'Install packages' -eatmydata apt-get install -y ${packages} || eatmydata apt-get install -y --fix-broken - -status_stage3 'Install desktop packages' -eatmydata apt-get install -y ${desktop_pkgs} ${extra} || eatmydata apt-get install -y --fix-broken - -status_stage3 'ntp doesn't always sync the date, but systemd's timesyncd does, so we remove ntp and reinstall it with this' -eatmydata apt-get install -y systemd-timesyncd --autoremove - -status_stage3 'Clean up' -eatmydata apt-get -y --purge autoremove - -status_stage3 'Linux console/keyboard configuration' -echo 'console-common console-data/keymap/policy select Select keymap from full list' | debconf-set-selections -echo 'console-common console-data/keymap/full select en-latin1-nodeadkeys' | debconf-set-selections - -status_stage3 'Copy all services' -cp -p /bsp/services/all/*.service /etc/systemd/system/ +cat <> "${work_dir}"/third-stage +status_stage3 'Copy rpi services' cp -p /bsp/services/rpi/*.service /etc/systemd/system/ status_stage3 'Script mode wlan monitor START/STOP' @@ -101,69 +38,32 @@ wget -qO /etc/apt/trusted.gpg.d/kali_pi-archive-keyring.gpg https://re4son-kerne eatmydata apt-get update eatmydata apt-get install -y ${re4son_pkgs} -status_stage3 'Copy script rpi-resizerootfs' -install -m755 /bsp/scripts/rpi-resizerootfs /usr/sbin/ -install -m755 /bsp/scripts/growpart /usr/local/bin/ - -status_stage3 'Enable rpi-resizerootfs first boot' -systemctl enable rpi-resizerootfs - -status_stage3 'Generate SSH host keys on first run' -systemctl enable regenerate_ssh_host_keys - -status_stage3 'Enable ssh' -systemctl enable ssh - status_stage3 'Enable copying of user wpa_supplicant.conf file' systemctl enable copy-user-wpasupplicant -status_stage3 'Enabling ssh by putting ssh or ssh.txt file in /boot' -systemctl enable enable-ssh - status_stage3 'Set default to cli since the system is slow and has low memory' systemctl set-default multi-user -status_stage3 'Allow users to use NetworkManager over ssh' -install -m644 /bsp/polkit/10-NetworkManager.pkla /var/lib/polkit-1/localauthority/50-local.d - -status_stage3 'Set a REGDOMAIN' -sed -i -e 's/REGDOM.*/REGDOMAIN=00/g' /etc/default/crda - -status_stage3 'Enable login over serial' -echo "T0:23:respawn:/sbin/agetty -L ttyAMA0 115200 vt100" >> /etc/inittab - -status_stage3 'Try and make the console a bit nicer. Set the terminus font for a bit nicer display' -sed -i -e 's/FONTFACE=.*/FONTFACE="Terminus"/' /etc/default/console-setup -sed -i -e 's/FONTSIZE=.*/FONTSIZE="6x12"/' /etc/default/console-setup - -status_stage3 'Fix startup time from 5 minutes to 15 secs on raise interface wlan0' -sed -i 's/^TimeoutStartSec=5min/TimeoutStartSec=15/g' "/usr/lib/systemd/system/networking.service" +status_stage3 'Enabling ssh by putting ssh or ssh.txt file in /boot' +systemctl enable enable-ssh status_stage3 'Disable haveged daemon' systemctl disable haveged -status_stage3 'Enable runonce' -install -m755 /bsp/scripts/runonce /usr/sbin/ -cp -rf /bsp/runonce.d /etc -systemctl enable runonce - -status_stage3 'Clean up dpkg.eatmydata' -rm -f /usr/bin/dpkg -dpkg-divert --remove --rename /usr/bin/dpkg +status_stage3 'Enable login over serial (No password)' +echo "T0:23:respawn:/sbin/agetty -L ttyAMA0 115200 vt100" >> /etc/inittab EOF # Run third stage -chmod 0755 "${work_dir}"/third-stage -status "Run third stage" -systemd-nspawn_exec /third-stage +include third_stage -# Configure RaspberryPi firmware (set config.txt to 64bit) +# Configure Raspberry Pi firmware include rpi_firmware + # Clean system include clean_system trap clean_build ERR SIGTERM SIGINT - # systemd doesn't seem to be generating the fstab properly for some people, so let's create one status "/etc/fstab" cat < "${work_dir}"/etc/fstab @@ -210,35 +110,11 @@ echo "UUID=$UUID / $fstype errors=remount-ro 0 1" >> ${wo status "Rsyncing rootfs into image file" rsync -HPavz -q --exclude boot "${work_dir}"/ "${base_dir}"/root/ +sync + status "Rsyncing rootfs into image file (/boot)" rsync -rtx -q "${work_dir}"/boot "${base_dir}"/root sync -# Flush buffers and bytes - this is nicked from the Devuan arm-sdk -blockdev --flushbufs "${loopdevice}" -python3 -c 'import os; os.fsync(open("'${loopdevice}'", "r+b"))' - -# Unmount filesystem -status "Unmount filesystem" -umount -l "${bootp}" -umount -l "${rootp}" - -# Check filesystem -status "Check filesystem" -dosfsck -w -r -a -t "$bootp" -e2fsck -y -f "${rootp}" - -# Remove loop devices -status "Remove loop devices" -losetup -d "${loopdevice}" - -# Compress image compilation -include compress_img - -# Clean up all the temporary build stuff and remove the directories -# Comment this out to keep things around if you want to see what may have gone wrong -clean_build - -# Quit -log "Done" green -exit 0 +# Load default finish_image configs +include finish_image diff --git a/trimslice.sh b/trimslice.sh index ff8c9fc..5d3c5e5 100755 --- a/trimslice.sh +++ b/trimslice.sh @@ -1,20 +1,12 @@ #!/usr/bin/env bash # -# Kali Linux ARM build-script for Trimslice (32-bit) -# Source: https://gitlab.com/kalilinux/build-scripts/kali-arm +# Kali Linux ARM build-script for Trimslice +# https://gitlab.com/kalilinux/build-scripts/kali-arm # # This is a community script - you will need to generate your own image to use # More information: https://www.kali.org/docs/arm/trimslice/ # -# Stop on error -set -e - -# shellcheck disable=SC2154 -# Load general functions -# shellcheck source=/dev/null -source ./common.d/functions.sh - # Hardware model hw_model=${hw_model:-"trimslice"} # Architecture @@ -24,119 +16,27 @@ variant=${variant:-"${architecture}"} # Desktop manager (xfce, gnome, i3, kde, lxde, mate, e17 or none) desktop=${desktop:-"xfce"} -# Load common variables -include variables -# Checks script environment -include check -# Packages build list -include packages -# Execute initial debootstrap -debootstrap_exec http://http.kali.org/kali -# Enable eatmydata in compilation -include eatmydata -# debootstrap second stage -systemd-nspawn_exec eatmydata /debootstrap/debootstrap --second-stage -# Define sources.list -include sources.list -# APT options -include apt_options -# So X doesn't complain, we add kali to hosts -include hosts -# Set hostname -set_hostname "${hostname}" +# Load default base_image configs +source ./common.d/base_image.sh + # Network configs include network add_interface eth0 -# Copy directory bsp into build dir -status "Copy directory bsp into build dir" -cp -rp bsp "${work_dir}" - # Third stage -cat < "${work_dir}"/third-stage -#!/usr/bin/env bash -set -e -status_3i=0 -status_3t=\$(grep '^status_stage3 ' \$0 | wc -l) - -status_stage3() { - status_3i=\$((status_3i+1)) - echo " [i] Stage 3 (\${status_3i}/\${status_3t}): \$1" -} - -status_stage3 'Update apt' -export DEBIAN_FRONTEND=noninteractive -eatmydata apt-get update - -status_stage3 'Install core packages' -eatmydata apt-get -y install ${third_stage_pkgs} - -status_stage3 'Install packages' -eatmydata apt-get install -y ${packages} || eatmydata apt-get install -y --fix-broken - -status_stage3 'Install desktop packages' -eatmydata apt-get install -y ${desktop_pkgs} ${extra} || eatmydata apt-get install -y --fix-broken - +cat <> "${work_dir}"/third-stage status_stage3 'Install kernel and u-boot packages' eatmydata apt-get install -y linux-image-armmp u-boot-menu -status_stage3 'Install systemd-timesyncd instead of ntp' -eatmydata apt-get install --autoremove -y systemd-timesyncd - -status_stage3 'Clean up' -eatmydata apt-get -y --purge autoremove - -status_stage3 'Linux console/keyboard configuration' -echo 'console-common console-data/keymap/policy select Select keymap from full list' | debconf-set-selections -echo 'console-common console-data/keymap/full select en-latin1-nodeadkeys' | debconf-set-selections - -status_stage3 'Copy all services' -cp -p /bsp/services/all/*.service /etc/systemd/system/ +status_stage3 'Copy rpi services' cp -p /bsp/services/rpi/*.service /etc/systemd/system/ -status_stage3 'Copy script rpi-resizerootfs' -install -m755 /bsp/scripts/rpi-resizerootfs /usr/sbin/ - -status_stage3 'Enable rpi-resizerootfs first boot' -systemctl enable rpi-resizerootfs - -status_stage3 'Generate SSH host keys on first run' -systemctl enable regenerate_ssh_host_keys - -status_stage3 'Allow users to use NetworkManager over ssh' -install -m644 /bsp/polkit/10-NetworkManager.pkla /var/lib/polkit-1/localauthority/50-local.d - -status_stage3 'Install ca-certificate' -cd /root -apt download -o APT::Sandbox::User=root ca-certificates 2>/dev/null - -status_stage3 'Set a REGDOMAIN' -sed -i -e 's/REGDOM.*/REGDOMAIN=00/g' /etc/default/crda - -status_stage3 'Enable login over serial' +status_stage3 'Enable login over serial (No password)' echo "T0:23:respawn:/sbin/agetty -L ttyS0 115200 vt100" >> /etc/inittab - -status_stage3 'Try and make the console a bit nicer. Set the terminus font for a bit nicer display' -sed -i -e 's/FONTFACE=.*/FONTFACE="Terminus"/' /etc/default/console-setup -sed -i -e 's/FONTSIZE=.*/FONTSIZE="6x12"/' /etc/default/console-setup - -status_stage3 'Fix startup time from 5 minutes to 15 secs on raise interface wlan0' -sed -i 's/^TimeoutStartSec=5min/TimeoutStartSec=15/g' "/usr/lib/systemd/system/networking.service" - -status_stage3 'Enable runonce' -install -m755 /bsp/scripts/runonce /usr/sbin/ -cp -rf /bsp/runonce.d /etc -systemctl enable runonce - -status_stage3 'Clean up dpkg.eatmydata' -rm -f /usr/bin/dpkg -dpkg-divert --remove --rename /usr/bin/dpkg EOF # Run third stage -chmod 0755 "${work_dir}"/third-stage -status "Run third stage" -systemd-nspawn_exec /third-stage +include third_stage # Clean system include clean_system @@ -201,32 +101,5 @@ status "Rsyncing rootfs into image file" rsync -HPavz -q ${work_dir}/ ${base_dir}/root/ sync -# Flush buffers and bytes - this is nicked from the Devuan arm-sdk -blockdev --flushbufs "${loopdevice}" -python -c 'import os; os.fsync(open("'${loopdevice}'", "r+b"))' - -# Unmount filesystem -status "Unmount filesystem" -umount -l "${bootp}" -umount -l "${rootp}" - -# Check filesystem -status "Check filesystem" -e2fsck -y -f "${bootp}" -e2fsck -y -f "${rootp}" - -# Remove loop devices -status "Remove loop devices" -kpartx -dv "${loopdevice}" -losetup -d "${loopdevice}" - -# Compress image compilation -include compress_img - -# Clean up all the temporary build stuff and remove the directories -# Comment this out to keep things around if you want to see what may have gone wrong -clean_build - -# Quit -log "Done" green -exit 0 +# Load default finish_image configs +include finish_image diff --git a/usb-armory-mki.sh b/usb-armory-mki.sh index 9bfa9b0..641ff35 100755 --- a/usb-armory-mki.sh +++ b/usb-armory-mki.sh @@ -1,20 +1,12 @@ #!/usr/bin/env bash # # Kali Linux ARM build-script for USB Armory MKI (32-bit) -# Source: https://gitlab.com/kalilinux/build-scripts/kali-arm +# https://gitlab.com/kalilinux/build-scripts/kali-arm # # This is a community script - you will need to generate your own image to use -# More information: https://www.kali.org/docs/arm/usb-armory-mki/ +# More information: https://www.kali.org/docs/arm/usb-armory-mkii/ # -# Stop on error -set -e - -# shellcheck disable=SC2154 -# Load general functions -# shellcheck source=/dev/null -source ./common.d/functions.sh - # Hardware model hw_model=${hw_model:-"usbarmory-mki"} # Architecture @@ -24,88 +16,18 @@ variant=${variant:-"${architecture}"} # Desktop manager (xfce, gnome, i3, kde, lxde, mate, e17 or none) desktop=${desktop:-"xfce"} -# Load common variables -include variables -# Checks script environment -include check -# Packages build list -include packages -# Execute initial debootstrap -debootstrap_exec http://http.kali.org/kali -# Enable eatmydata in compilation -include eatmydata -# debootstrap second stage -systemd-nspawn_exec eatmydata /debootstrap/debootstrap --second-stage -# Define sources.list -include sources.list -# APT options -include apt_options -# So X doesn't complain, we add kali to hosts -include hosts -# Set hostname -set_hostname "${hostname}" +# Load default base_image configs +source ./common.d/base_image.sh + # Network configs include network add_interface eth0 -# Copy directory bsp into build dir -status "Copy directory bsp into build dir" -cp -rp bsp "${work_dir}" - # Third stage -cat < "${work_dir}"/third-stage -#!/usr/bin/env bash -set -e -status_3i=0 -status_3t=\$(grep '^status_stage3 ' \$0 | wc -l) - -status_stage3() { - status_3i=\$((status_3i+1)) - echo " [i] Stage 3 (\${status_3i}/\${status_3t}): \$1" -} - -status_stage3 'Update apt' -export DEBIAN_FRONTEND=noninteractive -eatmydata apt-get update - -status_stage3 'Install core packages' -eatmydata apt-get -y install ${third_stage_pkgs} - -status_stage3 'Enable dhcp server' -eatmydata apt-get install -y ${packages} || eatmydata apt-get install -y --fix-broken - -status_stage3 'Install desktop packages' -eatmydata apt-get install -y ${desktop_pkgs} ${extra} || eatmydata apt-get install -y --fix-broken - -status_stage3 'ntp doesn't always sync the date, but systemd's timesyncd does, so we remove ntp and reinstall it with this' -eatmydata apt-get install -y systemd-timesyncd --autoremove - +cat <> "${work_dir}"/third-stage status_stage3 'Install dhcp and vnc servers' eatmydata apt-get install -y isc-dhcp-server tightvncserver || eatmydata apt-get install -y --fix-broken -status_stage3 'Clean up' -eatmydata apt-get -y --purge autoremove - -status_stage3 'Linux console/keyboard configuration' -echo 'console-common console-data/keymap/policy select Select keymap from full list' | debconf-set-selections -echo 'console-common console-data/keymap/full select en-latin1-nodeadkeys' | debconf-set-selections - -status_stage3 'Copy all services' -cp -p /bsp/services/all/*.service /etc/systemd/system/ - -status_stage3 'Copy script rpi-resizerootfs' -install -m755 /bsp/scripts/rpi-resizerootfs /usr/sbin/ -install -m755 /bsp/scripts/growpart /usr/local/bin/ - -status_stage3 'Enable rpi-resizerootfs first boot' -systemctl enable rpi-resizerootfs - -status_stage3 'Generate SSH host keys on first run' -systemctl enable regenerate_ssh_host_keys - -status_stage3 'Enable ssh' -systemctl enable ssh - status_stage3 'Allow users to use NetworkManager over ssh' install -m644 /bsp/polkit/10-NetworkManager.pkla /var/lib/polkit-1/localauthority/50-local.d @@ -113,7 +35,6 @@ status_stage3 'Remove /etc/modules*' rm /etc/modules rm /etc/modules-load.d/modules.conf - status_stage3 'Add our /etc/modules-load.d/' cat << __EOF__ > /etc/modules-load.d/modules.conf ledtrig_heartbeat @@ -141,7 +62,6 @@ netmask 255.255.255.0 gateway 10.0.0.2 __EOF__ - status_stage3 'Add our /etc/dhcp/dhcpd.conf' # Debian reads the config from inside /etc/dhcp cp /etc/dhcp/dhcpd.conf /etc/dhcp/dhcpd.conf.old @@ -168,31 +88,10 @@ sed -i -e 's/INTERFACES.*/INTERFACES="usb0"/g' /etc/default/isc-dhcp-server status_stage3 'Enable dhcp server' update-rc.d isc-dhcp-server enable - -status_stage3 'Set a REGDOMAIN' -sed -i -e 's/REGDOM.*/REGDOMAIN=00/g' /etc/default/crda - -status_stage3 'Try and make the console a bit nicer. Set the terminus font for a bit nicer display' -sed -i -e 's/FONTFACE=.*/FONTFACE="Terminus"/' /etc/default/console-setup -sed -i -e 's/FONTSIZE=.*/FONTSIZE="6x12"/' /etc/default/console-setup - -status_stage3 'Fix startup time from 5 minutes to 15 secs on raise interface wlan0' -sed -i 's/^TimeoutStartSec=5min/TimeoutStartSec=15/g' "/usr/lib/systemd/system/networking.service" - -status_stage3 'Enable runonce' -install -m755 /bsp/scripts/runonce /usr/sbin/ -cp -rf /bsp/runonce.d /etc -systemctl enable runonce - -status_stage3 'Clean up dpkg.eatmydata' -rm -f /usr/bin/dpkg -dpkg-divert --remove --rename /usr/bin/dpkg EOF # Run third stage -chmod 0755 "${work_dir}"/third-stage -status "Run third stage" -systemd-nspawn_exec /third-stage +include third_stage # Clean system include clean_system @@ -282,31 +181,5 @@ make usbarmory_config make ARCH=arm dd if=u-boot.imx of=${loopdevice} bs=512 seek=2 conv=fsync -cd "${current_dir}/" - -# Flush buffers and bytes - this is nicked from the Devuan arm-sdk -blockdev --flushbufs "${loopdevice}" -python3 -c 'import os; os.fsync(open("'${loopdevice}'", "r+b"))' - -# Unmount filesystem -status "Unmount filesystem" -umount -l "${rootp}" - -# Check filesystem -status "Check filesystem" -e2fsck -y -f "${rootp}" - -# Remove loop devices -status "Remove loop devices" -losetup -d "${loopdevice}" - -# Compress image compilation -include compress_img - -# Clean up all the temporary build stuff and remove the directories -# Comment this out to keep things around if you want to see what may have gone wrong -clean_build - -# Quit -log "Done" green -exit 0 +# Load default finish_image configs +include finish_image diff --git a/usb-armory-mkii.sh b/usb-armory-mkii.sh index ae9d2ed..d50cd5b 100755 --- a/usb-armory-mkii.sh +++ b/usb-armory-mkii.sh @@ -1,20 +1,12 @@ #!/usr/bin/env bash # # Kali Linux ARM build-script for USB Armory MKII (32-bit) -# Source: https://gitlab.com/kalilinux/build-scripts/kali-arm +# https://gitlab.com/kalilinux/build-scripts/kali-arm # # This is a community script - you will need to generate your own image to use # More information: https://www.kali.org/docs/arm/usb-armory-mkii/ # -# Stop on error -set -e - -# shellcheck disable=SC2154 -# Load general functions -# shellcheck source=/dev/null -source ./common.d/functions.sh - # Hardware model hw_model=${hw_model:-"usbarmory-mkii"} # Architecture @@ -24,96 +16,22 @@ variant=${variant:-"${architecture}"} # Desktop manager (xfce, gnome, i3, kde, lxde, mate, e17 or none) desktop=${desktop:-"xfce"} -# Load common variables -include variables -# Checks script environment -include check -# Packages build list -include packages -# Execute initial debootstrap -debootstrap_exec http://http.kali.org/kali -# Enable eatmydata in compilation -include eatmydata -# debootstrap second stage -systemd-nspawn_exec eatmydata /debootstrap/debootstrap --second-stage -# Define sources.list -include sources.list -# APT options -include apt_options -# So X doesn't complain, we add kali to hosts -include hosts -# Set hostname -set_hostname "${hostname}" +# Load default base_image configs +source ./common.d/base_image.sh + # Network configs include network add_interface eth0 -# Copy directory bsp into build dir -status "Copy directory bsp into build dir" -cp -rp bsp "${work_dir}" - # Third stage -cat < "${work_dir}"/third-stage -#!/usr/bin/env bash -set -e -status_3i=0 -status_3t=\$(grep '^status_stage3 ' \$0 | wc -l) - -status_stage3() { - status_3i=\$((status_3i+1)) - echo " [i] Stage 3 (\${status_3i}/\${status_3t}): \$1" -} - -status_stage3 'Update apt' -export DEBIAN_FRONTEND=noninteractive -eatmydata apt-get update - -status_stage3 'Install core packages' -eatmydata apt-get -y install ${third_stage_pkgs} - -status_stage3 'Enable dhcp server' -eatmydata apt-get install -y ${packages} || eatmydata apt-get install -y --fix-broken - -status_stage3 'Install desktop packages' -eatmydata apt-get install -y ${desktop_pkgs} ${extra} || eatmydata apt-get install -y --fix-broken - -status_stage3 'ntp doesn't always sync the date, but systemd's timesyncd does, so we remove ntp and reinstall it with this' -eatmydata apt-get install -y systemd-timesyncd --autoremove - +cat <> "${work_dir}"/third-stage status_stage3 'Install dhcp and vnc server' eatmydata apt-get install -y isc-dhcp-server tightvncserver || eatmydata apt-get install -y --fix-broken -status_stage3 'Clean up' -eatmydata apt-get -y --purge autoremove - -status_stage3 'Linux console/keyboard configuration' -echo 'console-common console-data/keymap/policy select Select keymap from full list' | debconf-set-selections -echo 'console-common console-data/keymap/full select en-latin1-nodeadkeys' | debconf-set-selections - -status_stage3 'Copy all services' -cp -p /bsp/services/all/*.service /etc/systemd/system/ - -status_stage3 'Copy script rpi-resizerootfs' -install -m755 /bsp/scripts/rpi-resizerootfs /usr/sbin/ -install -m755 /bsp/scripts/growpart /usr/local/bin/ - -status_stage3 'Enable rpi-resizerootfs first boot' -systemctl enable rpi-resizerootfs - -status_stage3 'Generate SSH host keys on first run' -systemctl enable regenerate_ssh_host_keys - -status_stage3 'Enable ssh' -systemctl enable ssh - -status_stage3 'Allow users to use NetworkManager over ssh' -install -m644 /bsp/polkit/10-NetworkManager.pkla /var/lib/polkit-1/localauthority/50-local.d - status_stage3 'Remove /etc/modules*' rm /etc/modules rm /etc/modules-load.d/modules.conf - status_stage3 'Add our /etc/modules-load.d/' cat << __EOF__ > /etc/modules-load.d/modules.conf ledtrig_heartbeat @@ -141,7 +59,6 @@ netmask 255.255.255.0 gateway 10.0.0.2 __EOF__ - status_stage3 'Add our /etc/dhcp/dhcpd.conf' # Debian reads the config from inside /etc/dhcp cp /etc/dhcp/dhcpd.conf /etc/dhcp/dhcpd.conf.old @@ -168,31 +85,10 @@ sed -i -e 's/INTERFACES.*/INTERFACES="usb0"/g' /etc/default/isc-dhcp-server status_stage3 'Enable dhcp server' update-rc.d isc-dhcp-server enable - -status_stage3 'Set a REGDOMAIN' -sed -i -e 's/REGDOM.*/REGDOMAIN=00/g' /etc/default/crda - -status_stage3 'Try and make the console a bit nicer. Set the terminus font for a bit nicer display' -sed -i -e 's/FONTFACE=.*/FONTFACE="Terminus"/' /etc/default/console-setup -sed -i -e 's/FONTSIZE=.*/FONTSIZE="6x12"/' /etc/default/console-setup - -status_stage3 'Fix startup time from 5 minutes to 15 secs on raise interface wlan0' -sed -i 's/^TimeoutStartSec=5min/TimeoutStartSec=15/g' "/usr/lib/systemd/system/networking.service" - -status_stage3 'Enable runonce' -install -m755 /bsp/scripts/runonce /usr/sbin/ -cp -rf /bsp/runonce.d /etc -systemctl enable runonce - -status_stage3 'Clean up dpkg.eatmydata' -rm -f /usr/bin/dpkg -dpkg-divert --remove --rename /usr/bin/dpkg EOF # Run third stage -chmod 0755 "${work_dir}"/third-stage -status "Run third stage" -systemd-nspawn_exec /third-stage +include third_stage # Clean system include clean_system @@ -279,31 +175,5 @@ make usbarmory_config make ARCH=arm dd if=u-boot.imx of=${loopdevice} bs=512 seek=2 conv=fsync -cd "${current_dir}/" - -# Flush buffers and bytes - this is nicked from the Devuan arm-sdk -blockdev --flushbufs "${loopdevice}" -python3 -c 'import os; os.fsync(open("'${loopdevice}'", "r+b"))' - -# Unmount filesystem -status "Unmount filesystem" -umount -l "${rootp}" - -# Check filesystem -status "Check filesystem" -e2fsck -y -f "${rootp}" - -# Remove loop devices -status "Remove loop devices" -losetup -d "${loopdevice}" - -# Compress image compilation -include compress_img - -# Clean up all the temporary build stuff and remove the directories -# Comment this out to keep things around if you want to see what may have gone wrong -clean_build - -# Quit -log "Done" green -exit 0 +# Load default finish_image configs +include finish_image