Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place. Commercial Alternative to JupyterHub.
Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place. Commercial Alternative to JupyterHub.
Path: blob/next/scripts/debootstrap.sh
Views: 3960
#!/bin/bash1#2# Copyright (c) 2013-2021 Igor Pecovnik, igor.pecovnik@gma**.com3#4# This file is licensed under the terms of the GNU General Public5# License version 2. This program is licensed "as is" without any6# warranty of any kind, whether express or implied.789# Functions:1011# debootstrap_ng12# create_rootfs_cache13# prepare_partitions14# update_initramfs15# create_image1617181920# debootstrap_ng21#22debootstrap_ng()23{24display_alert "Starting rootfs and image building process for" "${BRANCH} ${BOARD} ${RELEASE} ${DESKTOP_APPGROUPS_SELECTED:-null} ${DESKTOP_ENVIRONMENT:-null} ${BUILD_MINIMAL}" "info"2526[[ $ROOTFS_TYPE != ext4 ]] && display_alert "Assuming $BOARD $BRANCH kernel supports $ROOTFS_TYPE" "" "wrn"2728# trap to unmount stuff in case of error/manual interruption29trap unmount_on_exit INT TERM EXIT3031# stage: clean and create directories32rm -rf $SDCARD $MOUNT33mkdir -p $SDCARD $MOUNT $DEST/images $EXTER/cache/rootfs3435# stage: verify tmpfs configuration and mount36# CLI needs ~1.5GiB, desktop - ~3.5GiB37# calculate and set tmpfs mount to use 9/10 of available RAM+SWAP38local phymem=$(( (($(awk '/MemTotal/ {print $2}' /proc/meminfo) + $(awk '/SwapTotal/ {print $2}' /proc/meminfo))) / 1024 * 9 / 10 )) # MiB39if [[ $BUILD_DESKTOP == yes ]]; then local tmpfs_max_size=3500; else local tmpfs_max_size=1500; fi # MiB40if [[ $FORCE_USE_RAMDISK == no ]]; then local use_tmpfs=no41elif [[ $FORCE_USE_RAMDISK == yes || $phymem -gt $tmpfs_max_size ]]; then42local use_tmpfs=yes43fi44[[ -n $FORCE_TMPFS_SIZE ]] && phymem=$FORCE_TMPFS_SIZE4546[[ $use_tmpfs == yes ]] && mount -t tmpfs -o size=${phymem}M tmpfs $SDCARD4748# stage: prepare basic rootfs: unpack cache or create from scratch49create_rootfs_cache5051call_extension_method "pre_install_distribution_specific" "config_pre_install_distribution_specific" << 'PRE_INSTALL_DISTRIBUTION_SPECIFIC'52*give config a chance to act before install_distribution_specific*53Called after `create_rootfs_cache` (_prepare basic rootfs: unpack cache or create from scratch_) but before `install_distribution_specific` (_install distribution and board specific applications_).54PRE_INSTALL_DISTRIBUTION_SPECIFIC5556# stage: install kernel and u-boot packages57# install distribution and board specific applications5859if [[ ${RELEASE} == "raspi" ]]; then60install_opi_specific61else62install_distribution_specific63install_common6465# install locally built packages or install pre-built packages from orangepi66[[ $EXTERNAL_NEW == compile || $EXTERNAL_NEW == prebuilt ]] && chroot_installpackages_local6768#[[ $EXTERNAL_NEW == prebuilt ]] && chroot_installpackages "yes"6970# stage: user customization script71# NOTE: installing too many packages may fill tmpfs mount72customize_image7374# remove packages that are no longer needed. Since we have intrudoced uninstall feature, we might want to clean things that are no longer needed75display_alert "No longer needed packages" "purge" "info"76chroot $SDCARD /bin/bash -c "apt-get autoremove -y" >/dev/null 2>&17778# create list of installed packages for debug purposes79chroot $SDCARD /bin/bash -c "dpkg --get-selections" | grep -v deinstall | awk '{print $1}' | cut -f1 -d':' > $DEST/${LOG_SUBPATH}/installed-packages-${RELEASE}$([[ ${BUILD_MINIMAL} == yes ]] && echo "-minimal")$([[ ${BUILD_DESKTOP} == yes ]] && echo "-desktop").list 2>&18081fi8283# clean up / prepare for making the image84umount_chroot "$SDCARD"85post_debootstrap_tweaks8687if [[ $ROOTFS_TYPE == fel ]]; then88FEL_ROOTFS=$SDCARD/89display_alert "Starting FEL boot" "$BOARD" "info"90source $SRC/scripts/fel-load.sh91else92prepare_partitions93create_image94fi9596# stage: unmount tmpfs97umount $SDCARD 2>&198if [[ $use_tmpfs = yes ]]; then99while grep -qs "$SDCARD" /proc/mounts100do101umount $SDCARD102sleep 5103done104fi105rm -rf $SDCARD106107# remove exit trap108trap - INT TERM EXIT109} #############################################################################110111bootstrap(){112local BOOTSTRAP_CMD=debootstrap113local BOOTSTRAP_ARGS=()114115export CAPSH_ARG="--drop=cap_setfcap"116export http_proxy=${APT_PROXY}117118BOOTSTRAP_ARGS+=(--arch arm64)119BOOTSTRAP_ARGS+=(--include gnupg)120#BOOTSTRAP_ARGS+=(--components "main,contrib,non-free")121BOOTSTRAP_ARGS+=(--components "main")122BOOTSTRAP_ARGS+=(--exclude=info)123BOOTSTRAP_ARGS+=(--include=ca-certificates)124BOOTSTRAP_ARGS+=("$@")125printf -v BOOTSTRAP_STR '%q ' "${BOOTSTRAP_ARGS[@]}"126127${BOOTSTRAP_CMD} $BOOTSTRAP_STR || true128}129export -f bootstrap130131# create_rootfs_cache132#133# unpacks cached rootfs for $RELEASE or creates one134#135create_rootfs_cache()136{137138local packages_hash=$(get_package_list_hash "$ROOTFSCACHE_VERSION")139local cache_type="cli"140[[ ${BUILD_DESKTOP} == yes ]] && local cache_type="xfce-desktop"141[[ -n ${DESKTOP_ENVIRONMENT} ]] && local cache_type="${DESKTOP_ENVIRONMENT}"142[[ ${BUILD_MINIMAL} == yes ]] && local cache_type="minimal"143local cache_name=${RELEASE}-${cache_type}-${ARCH}.$packages_hash.tar.lz4144local cache_fname=${EXTER}/cache/rootfs/${cache_name}145local display_name=${RELEASE}-${cache_type}-${ARCH}.${packages_hash:0:3}...${packages_hash:29}.tar.lz4146147if [[ -f $cache_fname && "$ROOT_FS_CREATE_ONLY" != "force" ]]; then148local date_diff=$(( ($(date +%s) - $(stat -c %Y $cache_fname)) / 86400 ))149display_alert "Extracting $display_name" "$date_diff days old" "info"150pv -p -b -r -c -N "[ .... ] $display_name" "$cache_fname" | lz4 -dc | tar xp --xattrs -C $SDCARD/151[[ $? -ne 0 ]] && rm $cache_fname && exit_with_error "Cache $cache_fname is corrupted and was deleted. Restart."152rm $SDCARD/etc/resolv.conf153echo "nameserver $NAMESERVER" >> $SDCARD/etc/resolv.conf154create_sources_list "$RELEASE" "$SDCARD/"155elif [[ $RELEASE == "raspi" ]]; then156display_alert "local not found" "Creating new rootfs cache for $RELEASE" "info"157158cd $SDCARD # this will prevent error sh: 0: getcwd() failed159160bootstrap bullseye "$SDCARD" "https://mirrors.ustc.edu.cn/debian/"161162mount_chroot "$SDCARD"163164display_alert "Diverting" "initctl/start-stop-daemon" "info"165# policy-rc.d script prevents starting or reloading services during image creation166printf '#!/bin/sh\nexit 101' > $SDCARD/usr/sbin/policy-rc.d167LC_ALL=C LANG=C chroot $SDCARD /bin/bash -c "dpkg-divert --quiet --local --rename --add /sbin/initctl" &> /dev/null168LC_ALL=C LANG=C chroot $SDCARD /bin/bash -c "dpkg-divert --quiet --local --rename --add /sbin/start-stop-daemon" &> /dev/null169printf '#!/bin/sh\necho "Warning: Fake start-stop-daemon called, doing nothing"' > $SDCARD/sbin/start-stop-daemon170printf '#!/bin/sh\necho "Warning: Fake initctl called, doing nothing"' > $SDCARD/sbin/initctl171chmod 755 $SDCARD/usr/sbin/policy-rc.d172chmod 755 $SDCARD/sbin/initctl173chmod 755 $SDCARD/sbin/start-stop-daemon174175install_raspi_specific176177umount_chroot "$SDCARD"178179tar cp --xattrs --directory=$SDCARD/ --exclude='./dev/*' --exclude='./proc/*' --exclude='./run/*' --exclude='./tmp/*' \180--exclude='./sys/*' . | pv -p -b -r -s $(du -sb $SDCARD/ | cut -f1) -N "$display_name" | lz4 -5 -c > $cache_fname181else182display_alert "local not found" "Creating new rootfs cache for $RELEASE" "info"183184# stage: debootstrap base system185if [[ $NO_APT_CACHER != yes ]]; then186# apt-cacher-ng apt-get proxy parameter187local apt_extra="-o Acquire::http::Proxy=\"http://${APT_PROXY_ADDR:-localhost:3142}\""188local apt_mirror="http://${APT_PROXY_ADDR:-localhost:3142}/$APT_MIRROR"189else190local apt_mirror="http://$APT_MIRROR"191fi192193# fancy progress bars194[[ -z $OUTPUT_DIALOG ]] && local apt_extra_progress="--show-progress -o DPKG::Progress-Fancy=1"195196# Ok so for eval+PIPESTATUS.197# Try this on your bash shell:198# ONEVAR="testing" eval 'bash -c "echo value once $ONEVAR && false && echo value twice $ONEVAR"' '| grep value' '| grep value' ; echo ${PIPESTATUS[*]}199# Notice how PIPESTATUS has only one element. and it is always true, although we failed explicitly with false in the middle of the bash.200# That is because eval itself is considered a single command, no matter how many pipes you put in there, you'll get a single value, the return code of the LAST pipe.201# Lets export the value of the pipe inside eval so we know outside what happened:202# ONEVAR="testing" eval 'bash -e -c "echo value once $ONEVAR && false && echo value twice $ONEVAR"' '| grep value' '| grep value' ';EVALPIPE=(${PIPESTATUS[@]})' ; echo ${EVALPIPE[*]}203204local release_version=${RELEASE}205206if [[ ${RELEASE} == "sid" ]]; then207release_version=unstable208apt_mirror="https://snapshot.debian.org/archive/debian-ports/20221225T084846Z"209DEBOOTSTRAP_OPTION="--no-check-gpg --no-merged-usr"210PACKAGE_LIST_EXCLUDE="usr-is-merged"211fi212213display_alert "Installing base system" "Stage 1/2" "info"214cd $SDCARD # this will prevent error sh: 0: getcwd() failed215216eval 'debootstrap --variant=minbase --include=${DEBOOTSTRAP_LIST// /,} ${PACKAGE_LIST_EXCLUDE:+ --exclude=${PACKAGE_LIST_EXCLUDE// /,}} \217--arch=$ARCH --components=${DEBOOTSTRAP_COMPONENTS} $DEBOOTSTRAP_OPTION --foreign ${release_version} $SDCARD/ ${apt_mirror}' \218${PROGRESS_LOG_TO_FILE:+' | tee -a $DEST/${LOG_SUBPATH}/debootstrap.log'} \219${OUTPUT_DIALOG:+' | dialog --backtitle "$backtitle" --progressbox "Debootstrap (stage 1/2)..." $TTY_Y $TTY_X'} \220${OUTPUT_VERYSILENT:+' >/dev/null 2>/dev/null'} ';EVALPIPE=(${PIPESTATUS[@]})'221222[[ ${EVALPIPE[0]} -ne 0 || ! -f $SDCARD/debootstrap/debootstrap ]] && exit_with_error "Debootstrap base system for ${BRANCH} ${BOARD} ${RELEASE} ${DESKTOP_APPGROUPS_SELECTED} ${DESKTOP_ENVIRONMENT} ${BUILD_MINIMAL} first stage failed"223224cp /usr/bin/$QEMU_BINARY $SDCARD/usr/bin/225226mkdir -p $SDCARD/usr/share/keyrings/227cp /usr/share/keyrings/*-archive-keyring.gpg $SDCARD/usr/share/keyrings/228229display_alert "Installing base system" "Stage 2/2" "info"230eval 'LC_ALL=C LANG=C chroot $SDCARD /bin/bash -e -c "/debootstrap/debootstrap --second-stage"' \231${PROGRESS_LOG_TO_FILE:+' | tee -a $DEST/${LOG_SUBPATH}/debootstrap.log'} \232${OUTPUT_DIALOG:+' | dialog --backtitle "$backtitle" --progressbox "Debootstrap (stage 2/2)..." $TTY_Y $TTY_X'} \233${OUTPUT_VERYSILENT:+' >/dev/null 2>/dev/null'} ';EVALPIPE=(${PIPESTATUS[@]})'234235[[ ${EVALPIPE[0]} -ne 0 || ! -f $SDCARD/bin/bash ]] && exit_with_error "Debootstrap base system for ${BRANCH} ${BOARD} ${RELEASE} ${DESKTOP_APPGROUPS_SELECTED} ${DESKTOP_ENVIRONMENT} ${BUILD_MINIMAL} second stage failed"236237mount_chroot "$SDCARD"238239if [[ ${RELEASE} == "sid" ]]; then240mkdir -p $SDCARD/etc/apt/apt.conf.d/241echo "Acquire::Check-Valid-Until no;" > $SDCARD/etc/apt/apt.conf.d/99-no-check-valid-until242wget -qnc -P ${EXTER}/cache/debs/ https://snapshot.debian.org/archive/debian-ports/20220616T194833Z/pool-riscv64/main/i/icu/libicu71_71.1-3_riscv64.deb243cp -v ${EXTER}/cache/debs/libicu71_71.1-3_riscv64.deb $SDCARD/244LC_ALL=C LANG=C chroot $SDCARD /bin/bash -c "dpkg -i /libicu71_71.1-3_riscv64.deb" &> /dev/null245fi246247display_alert "Diverting" "initctl/start-stop-daemon" "info"248# policy-rc.d script prevents starting or reloading services during image creation249printf '#!/bin/sh\nexit 101' > $SDCARD/usr/sbin/policy-rc.d250LC_ALL=C LANG=C chroot $SDCARD /bin/bash -c "dpkg-divert --quiet --local --rename --add /sbin/initctl" &> /dev/null251LC_ALL=C LANG=C chroot $SDCARD /bin/bash -c "dpkg-divert --quiet --local --rename --add /sbin/start-stop-daemon" &> /dev/null252printf '#!/bin/sh\necho "Warning: Fake start-stop-daemon called, doing nothing"' > $SDCARD/sbin/start-stop-daemon253printf '#!/bin/sh\necho "Warning: Fake initctl called, doing nothing"' > $SDCARD/sbin/initctl254chmod 755 $SDCARD/usr/sbin/policy-rc.d255chmod 755 $SDCARD/sbin/initctl256chmod 755 $SDCARD/sbin/start-stop-daemon257258# stage: configure language and locales259display_alert "Configuring locales" "$DEST_LANG" "info"260261[[ -f $SDCARD/etc/locale.gen ]] && sed -i "s/^# $DEST_LANG/$DEST_LANG/" $SDCARD/etc/locale.gen262eval 'LC_ALL=C LANG=C chroot $SDCARD /bin/bash -c "locale-gen $DEST_LANG"' ${OUTPUT_VERYSILENT:+' >/dev/null 2>/dev/null'}263eval 'LC_ALL=C LANG=C chroot $SDCARD /bin/bash -c "update-locale LANG=$DEST_LANG LANGUAGE=$DEST_LANG LC_MESSAGES=$DEST_LANG"' \264${OUTPUT_VERYSILENT:+' >/dev/null 2>/dev/null'}265266if [[ -f $SDCARD/etc/default/console-setup ]]; then267sed -e 's/CHARMAP=.*/CHARMAP="UTF-8"/' -e 's/FONTSIZE=.*/FONTSIZE="8x16"/' \268-e 's/CODESET=.*/CODESET="guess"/' -i $SDCARD/etc/default/console-setup269eval 'LC_ALL=C LANG=C chroot $SDCARD /bin/bash -c "setupcon --save --force"'270fi271272# stage: create apt-get sources list273create_sources_list "$RELEASE" "$SDCARD/"274275# add armhf arhitecture to arm64, unless configured not to do so.276if [[ "a${ARMHF_ARCH}" != "askip" ]]; then277[[ $ARCH == arm64 ]] && eval 'LC_ALL=C LANG=C chroot $SDCARD /bin/bash -c "dpkg --add-architecture armhf"'278fi279280# this should fix resolvconf installation failure in some cases281chroot $SDCARD /bin/bash -c 'echo "resolvconf resolvconf/linkify-resolvconf boolean false" | debconf-set-selections'282283# stage: update packages list284display_alert "Updating package list" "$RELEASE" "info"285eval 'LC_ALL=C LANG=C chroot $SDCARD /bin/bash -e -c "apt-get -q -y $apt_extra update"' \286${PROGRESS_LOG_TO_FILE:+' | tee -a $DEST/${LOG_SUBPATH}/debootstrap.log'} \287${OUTPUT_DIALOG:+' | dialog --backtitle "$backtitle" --progressbox "Updating package lists..." $TTY_Y $TTY_X'} \288${OUTPUT_VERYSILENT:+' >/dev/null 2>/dev/null'} ';EVALPIPE=(${PIPESTATUS[@]})'289290[[ ${EVALPIPE[0]} -ne 0 ]] && display_alert "Updating package lists" "failed" "wrn"291292# stage: upgrade base packages from xxx-updates and xxx-backports repository branches293display_alert "Upgrading base packages" "Orange Pi" "info"294eval 'LC_ALL=C LANG=C chroot $SDCARD /bin/bash -e -c "DEBIAN_FRONTEND=noninteractive apt-get -y -q \295$apt_extra $apt_extra_progress upgrade"' \296${PROGRESS_LOG_TO_FILE:+' | tee -a $DEST/${LOG_SUBPATH}/debootstrap.log'} \297${OUTPUT_DIALOG:+' | dialog --backtitle "$backtitle" --progressbox "Upgrading base packages..." $TTY_Y $TTY_X'} \298${OUTPUT_VERYSILENT:+' >/dev/null 2>/dev/null'} ';EVALPIPE=(${PIPESTATUS[@]})'299300# Myy: Dividing the desktop packages installation steps into multiple301# ones. We first install the "ADDITIONAL_PACKAGES" in order to get302# access to software-common-properties installation.303# THEN we add the APT sources and install the Desktop packages.304# TODO : Find a way to add APT sources WITHOUT software-common-properties305306[[ ${EVALPIPE[0]} -ne 0 ]] && display_alert "Upgrading base packages" "failed" "wrn"307308# stage: install additional packages309display_alert "Installing the main packages for" "Orange Pi" "info"310eval 'LC_ALL=C LANG=C chroot $SDCARD /bin/bash -e -c "DEBIAN_FRONTEND=noninteractive apt-get -y -q \311$apt_extra $apt_extra_progress --no-install-recommends install $PACKAGE_MAIN_LIST"' \312${PROGRESS_LOG_TO_FILE:+' | tee -a $DEST/${LOG_SUBPATH}/debootstrap.log'} \313${OUTPUT_DIALOG:+' | dialog --backtitle "$backtitle" --progressbox "Installing Orange Pi main packages..." $TTY_Y $TTY_X'} \314${OUTPUT_VERYSILENT:+' >/dev/null 2>/dev/null'} ';EVALPIPE=(${PIPESTATUS[@]})'315316[[ ${PIPESTATUS[0]} -ne 0 ]] && exit_with_error "Installation of Orange Pi main packages for ${BRANCH} ${BOARD} ${RELEASE} ${DESKTOP_APPGROUPS_SELECTED} ${DESKTOP_ENVIRONMENT} ${BUILD_MINIMAL} failed"317318if [[ $BUILD_DESKTOP == "yes" ]]; then319# FIXME Myy : Are we keeping this only for Desktop users,320# or should we extend this to CLI users too ?321# There might be some clunky boards that require Debian packages from322# specific repos...323display_alert "Adding apt sources for Desktop packages"324add_desktop_package_sources325326local apt_desktop_install_flags=""327if [[ ! -z ${DESKTOP_APT_FLAGS_SELECTED+x} ]]; then328for flag in ${DESKTOP_APT_FLAGS_SELECTED}; do329apt_desktop_install_flags+=" --install-${flag}"330done331else332# Myy : Using the previous default option, if the variable isn't defined333# And ONLY if it's not defined !334apt_desktop_install_flags+=" --no-install-recommends"335fi336337display_alert "Installing the desktop packages for" "Orange Pi" "info"338eval 'LC_ALL=C LANG=C chroot $SDCARD /bin/bash -e -c "DEBIAN_FRONTEND=noninteractive apt-get -y -q \339$apt_extra $apt_extra_progress install ${apt_desktop_install_flags} $PACKAGE_LIST_DESKTOP"' \340${PROGRESS_LOG_TO_FILE:+' | tee -a $DEST/${LOG_SUBPATH}/debootstrap.log'} \341${OUTPUT_DIALOG:+' | dialog --backtitle "$backtitle" --progressbox "Installing Orange Pi desktop packages..." $TTY_Y $TTY_X'} \342${OUTPUT_VERYSILENT:+' >/dev/null 2>/dev/null'} ';EVALPIPE=(${PIPESTATUS[@]})'343344[[ ${PIPESTATUS[0]} -ne 0 ]] && exit_with_error "Installation of Orange Pi desktop packages for ${BRANCH} ${BOARD} ${RELEASE} ${DESKTOP_APPGROUPS_SELECTED} ${DESKTOP_ENVIRONMENT} ${BUILD_MINIMAL} failed"345fi346347install_docker348[[ ${BOARDFAMILY} == "starfive2" ]] && jh7110_install_libs349350# Remove packages from packages.uninstall351352display_alert "Uninstall packages" "$PACKAGE_LIST_UNINSTALL" "info"353eval 'LC_ALL=C LANG=C chroot $SDCARD /bin/bash -e -c "DEBIAN_FRONTEND=noninteractive apt-get -y -qq \354$apt_extra $apt_extra_progress purge $PACKAGE_LIST_UNINSTALL"' \355${PROGRESS_LOG_TO_FILE:+' >> $DEST/${LOG_SUBPATH}/debootstrap.log'} \356${OUTPUT_DIALOG:+' | dialog --backtitle "$backtitle" --progressbox "Removing packages.uninstall packages..." $TTY_Y $TTY_X'} \357${OUTPUT_VERYSILENT:+' >/dev/null 2>/dev/null'} ';EVALPIPE=(${PIPESTATUS[@]})'358359[[ ${EVALPIPE[0]} -ne 0 ]] && exit_with_error "Installation of Orange Pi packages failed"360361# stage: purge residual packages362display_alert "Purging residual packages for" "Orange Pi" "info"363PURGINGPACKAGES=$(chroot $SDCARD /bin/bash -c "dpkg -l | grep \"^rc\" | awk '{print \$2}' | tr \"\n\" \" \"")364eval 'LC_ALL=C LANG=C chroot $SDCARD /bin/bash -e -c "DEBIAN_FRONTEND=noninteractive apt-get -y -q \365$apt_extra $apt_extra_progress remove --purge $PURGINGPACKAGES"' \366${PROGRESS_LOG_TO_FILE:+' | tee -a $DEST/${LOG_SUBPATH}/debootstrap.log'} \367${OUTPUT_DIALOG:+' | dialog --backtitle "$backtitle" --progressbox "Purging residual Orange Pi packages..." $TTY_Y $TTY_X'} \368${OUTPUT_VERYSILENT:+' >/dev/null 2>/dev/null'} ';EVALPIPE=(${PIPESTATUS[@]})'369370[[ ${EVALPIPE[0]} -ne 0 ]] && exit_with_error "Purging of residual Orange Pi packages failed"371372# stage: remove downloaded packages373chroot $SDCARD /bin/bash -c "apt-get -y autoremove; apt-get clean"374375# DEBUG: print free space376local freespace=$(LC_ALL=C df -h)377echo $freespace >> $DEST/${LOG_SUBPATH}/debootstrap.log378display_alert "Free SD cache" "$(echo -e "$freespace" | grep $SDCARD | awk '{print $5}')" "info"379display_alert "Mount point" "$(echo -e "$freespace" | grep $MOUNT | head -1 | awk '{print $5}')" "info"380381# create list of installed packages for debug purposes382chroot $SDCARD /bin/bash -c "dpkg --get-selections" | grep -v deinstall | awk '{print $1}' | cut -f1 -d':' > ${cache_fname}.list 2>&1383384# creating xapian index that synaptic runs faster385if [[ $BUILD_DESKTOP == yes ]]; then386display_alert "Recreating Synaptic search index" "Please wait" "info"387chroot $SDCARD /bin/bash -c "[[ -f /usr/sbin/update-apt-xapian-index ]] && /usr/sbin/update-apt-xapian-index -u"388fi389390# this is needed for the build process later since resolvconf generated file in /run is not saved391rm $SDCARD/etc/resolv.conf392echo "nameserver $NAMESERVER" >> $SDCARD/etc/resolv.conf393394# stage: make rootfs cache archive395display_alert "Ending debootstrap process and preparing cache" "$RELEASE" "info"396sync397# the only reason to unmount here is compression progress display398# based on rootfs size calculation399umount_chroot "$SDCARD"400401tar cp --xattrs --directory=$SDCARD/ --exclude='./dev/*' --exclude='./proc/*' --exclude='./run/*' --exclude='./tmp/*' \402--exclude='./sys/*' --exclude='./home/*' --exclude='./root/*' . | pv -p -b -r -s $(du -sb $SDCARD/ | cut -f1) -N "$display_name" | lz4 -5 -c > $cache_fname403404# sign rootfs cache archive that it can be used for web cache once. Internal purposes405if [[ -n "${GPG_PASS}" && "${SUDO_USER}" ]]; then406[[ -n ${SUDO_USER} ]] && sudo chown -R ${SUDO_USER}:${SUDO_USER} "${DEST}"/images/407echo "${GPG_PASS}" | sudo -H -u ${SUDO_USER} bash -c "gpg --passphrase-fd 0 --armor --detach-sign --pinentry-mode loopback --batch --yes ${cache_fname}" || exit 1408fi409410# needed for backend to keep current only411touch $cache_fname.current412413fi414415# used for internal purposes. Faster rootfs cache rebuilding416if [[ -n "$ROOT_FS_CREATE_ONLY" ]]; then417umount --lazy "$SDCARD"418rm -rf $SDCARD419420display_alert "Rootfs build done" "@host" "info"421display_alert "Target directory" "${EXTER}/cache/rootfs" "info"422display_alert "File name" "${cache_name}" "info"423424# remove exit trap425trap - INT TERM EXIT426exit427fi428429mount_chroot "$SDCARD"430} #############################################################################431432# prepare_partitions433#434# creates image file, partitions and fs435# and mounts it to local dir436# FS-dependent stuff (boot and root fs partition types) happens here437#438prepare_partitions() {439display_alert "Preparing image file for rootfs" "$BOARD $RELEASE" "info"440441# possible partition combinations442# /boot: none, ext4, ext2, fat (BOOTFS_TYPE)443# root: ext4, btrfs, f2fs, nfs (ROOTFS_TYPE)444445# declare makes local variables by default if used inside a function446# NOTE: mountopts string should always start with comma if not empty447448# array copying in old bash versions is tricky, so having filesystems as arrays449# with attributes as keys is not a good idea450declare -A parttype mkopts mkopts_label mkfs mountopts451452parttype[ext4]=ext4453parttype[ext2]=ext2454parttype[fat]=fat16455parttype[f2fs]=ext4 # not a copy-paste error456parttype[btrfs]=btrfs457parttype[xfs]=xfs458# parttype[nfs] is empty459460# metadata_csum and 64bit may need to be disabled explicitly when migrating to newer supported host OS releases461if [[ $HOSTRELEASE =~ buster|bullseye|bookworm|bionic|focal|jammy|noble|kinetic|sid ]]; then462mkopts[ext4]="-q -m 2 -O ^64bit,^metadata_csum"463fi464# mkopts[fat] is empty465mkopts[ext2]='-q'466# mkopts[f2fs] is empty467mkopts[btrfs]='-m dup'468# mkopts[xfs] is empty469# mkopts[nfs] is empty470471mkopts_label[ext4]='-L '472mkopts_label[ext2]='-L '473mkopts_label[fat]='-n '474mkopts_label[f2fs]='-l '475mkopts_label[btrfs]='-L '476mkopts_label[xfs]='-L '477# mkopts_label[nfs] is empty478479mkfs[ext4]=ext4480mkfs[ext2]=ext2481mkfs[fat]=vfat482mkfs[f2fs]=f2fs483mkfs[btrfs]=btrfs484mkfs[xfs]=xfs485# mkfs[nfs] is empty486487mountopts[ext4]=',commit=600,errors=remount-ro'488# mountopts[ext2] is empty489# mountopts[fat] is empty490# mountopts[f2fs] is empty491mountopts[btrfs]=',commit=600'492# mountopts[xfs] is empty493# mountopts[nfs] is empty494495# default BOOTSIZE to use if not specified496DEFAULT_BOOTSIZE=1024 # MiB497# size of UEFI partition. 0 for no UEFI. Don't mix UEFISIZE>0 and BOOTSIZE>0498UEFISIZE=${UEFISIZE:-0}499BIOSSIZE=${BIOSSIZE:-0}500UEFI_MOUNT_POINT=${UEFI_MOUNT_POINT:-/boot/efi}501UEFI_FS_LABEL="${UEFI_FS_LABEL:-opi_efi}"502ROOT_FS_LABEL="${ROOT_FS_LABEL:-opi_root}"503BOOT_FS_LABEL="${BOOT_FS_LABEL:-opi_boot}"504505call_extension_method "pre_prepare_partitions" "prepare_partitions_custom" << 'PRE_PREPARE_PARTITIONS'506*allow custom options for mkfs*507Good time to change stuff like mkfs opts, types etc.508PRE_PREPARE_PARTITIONS509510# stage: determine partition configuration511local next=1512# Check if we need UEFI partition513if [[ $UEFISIZE -gt 0 ]]; then514# Check if we need BIOS partition515[[ $BIOSSIZE -gt 0 ]] && local biospart=$((next++))516local uefipart=$((next++))517fi518# Check if we need boot partition519if [[ -n $BOOTFS_TYPE || $ROOTFS_TYPE != ext4 || $CRYPTROOT_ENABLE == yes ]]; then520local bootpart=$((next++))521local bootfs=${BOOTFS_TYPE:-ext4}522[[ -z $BOOTSIZE || $BOOTSIZE -le 8 ]] && BOOTSIZE=${DEFAULT_BOOTSIZE}523else524BOOTSIZE=0525fi526# Check if we need root partition527[[ $ROOTFS_TYPE != nfs ]] &&528local rootpart=$((next++))529530# stage: calculate rootfs size531export rootfs_size=$(du -sm $SDCARD/ | cut -f1) # MiB532display_alert "Current rootfs size" "$rootfs_size MiB" "info"533534call_extension_method "prepare_image_size" "config_prepare_image_size" << 'PREPARE_IMAGE_SIZE'535*allow dynamically determining the size based on the $rootfs_size*536Called after `${rootfs_size}` is known, but before `${FIXED_IMAGE_SIZE}` is taken into account.537A good spot to determine `FIXED_IMAGE_SIZE` based on `rootfs_size`.538UEFISIZE can be set to 0 for no UEFI partition, or to a size in MiB to include one.539Last chance to set `USE_HOOK_FOR_PARTITION`=yes and then implement create_partition_table hook_point.540PREPARE_IMAGE_SIZE541542if [[ -n $FIXED_IMAGE_SIZE && $FIXED_IMAGE_SIZE =~ ^[0-9]+$ ]]; then543display_alert "Using user-defined image size" "$FIXED_IMAGE_SIZE MiB" "info"544local sdsize=$FIXED_IMAGE_SIZE545# basic sanity check546if [[ $ROOTFS_TYPE != nfs && $sdsize -lt $rootfs_size ]]; then547exit_with_error "User defined image size is too small" "$sdsize <= $rootfs_size"548fi549else550local imagesize=$(($rootfs_size + $OFFSET + $BOOTSIZE + $UEFISIZE + $EXTRA_ROOTFS_MIB_SIZE)) # MiB551# Hardcoded overhead +25% is needed for desktop images,552# for CLI it could be lower. Align the size up to 4MiB553if [[ $BUILD_DESKTOP == yes ]]; then554local sdsize=$(bc -l <<< "scale=0; ((($imagesize * 1.35) / 1 + 0) / 4 + 1) * 4")555else556local sdsize=$(bc -l <<< "scale=0; ((($imagesize * 1.30) / 1 + 0) / 4 + 1) * 4")557fi558fi559560# stage: create blank image561display_alert "Creating blank image for rootfs" "$sdsize MiB" "info"562if [[ $FAST_CREATE_IMAGE == yes ]]; then563truncate --size=${sdsize}M ${SDCARD}.raw # sometimes results in fs corruption, revert to previous know to work solution564sync565else566dd if=/dev/zero bs=1M status=none count=$sdsize | pv -p -b -r -s $(($sdsize * 1024 * 1024)) -N "[ .... ] dd" | dd status=none of=${SDCARD}.raw567fi568569# stage: create partition table570display_alert "Creating partitions" "${bootfs:+/boot: $bootfs }root: $ROOTFS_TYPE" "info"571if [[ "${USE_HOOK_FOR_PARTITION}" == "yes" ]]; then572{573[[ "$IMAGE_PARTITION_TABLE" == "msdos" ]] &&574echo "label: dos" ||575echo "label: $IMAGE_PARTITION_TABLE"576} | sfdisk ${SDCARD}.raw >> "${DEST}/${LOG_SUBPATH}/install.log" 2>&1 ||577exit_with_error "Create partition table fail. Please check" "${DEST}/${LOG_SUBPATH}/install.log"578579call_extension_method "create_partition_table" <<- 'CREATE_PARTITION_TABLE'580*only called when USE_HOOK_FOR_PARTITION=yes to create the complete partition table*581Finally, we can get our own partition table. You have to partition ${SDCARD}.raw582yourself. Good luck.583CREATE_PARTITION_TABLE584else585{586[[ "$IMAGE_PARTITION_TABLE" == "msdos" ]] &&587echo "label: dos" ||588echo "label: $IMAGE_PARTITION_TABLE"589590local next=$OFFSET591if [[ -n "$biospart" ]]; then592# gpt: BIOS boot593local type="21686148-6449-6E6F-744E-656564454649"594echo "$biospart : name=\"bios\", start=${next}MiB, size=${BIOSSIZE}MiB, type=${type}"595local next=$(($next + $BIOSSIZE))596fi597if [[ -n "$uefipart" ]]; then598# dos: EFI (FAT-12/16/32)599# gpt: EFI System600[[ "$IMAGE_PARTITION_TABLE" != "gpt" ]] &&601local type="ef" ||602local type="C12A7328-F81F-11D2-BA4B-00A0C93EC93B"603echo "$uefipart : name=\"efi\", start=${next}MiB, size=${UEFISIZE}MiB, type=${type}"604local next=$(($next + $UEFISIZE))605fi606if [[ -n "$bootpart" ]]; then607# Linux extended boot608[[ "$IMAGE_PARTITION_TABLE" != "gpt" ]] &&609local type="ea" ||610local type="BC13C2FF-59E6-4262-A352-B275FD6F7172"611if [[ -n "$rootpart" ]]; then612echo "$bootpart : name=\"bootfs\", start=${next}MiB, size=${BOOTSIZE}MiB, type=${type}"613local next=$(($next + $BOOTSIZE))614else615# no `size` argument mean "as much as possible"616echo "$bootpart : name=\"bootfs\", start=${next}MiB, type=${type}"617fi618fi619if [[ -n "$rootpart" ]]; then620# dos: Linux621# gpt: Linux filesystem622[[ "$IMAGE_PARTITION_TABLE" != "gpt" ]] &&623local type="83" ||624local type="0FC63DAF-8483-4772-8E79-3D69D8477DE4"625# no `size` argument mean "as much as possible"626echo "$rootpart : name=\"rootfs\", start=${next}MiB, type=${type}"627fi628} | sfdisk ${SDCARD}.raw >> "${DEST}/${LOG_SUBPATH}/install.log" 2>&1 ||629exit_with_error "Partition fail. Please check" "${DEST}/${LOG_SUBPATH}/install.log"630fi631632call_extension_method "post_create_partitions" <<- 'POST_CREATE_PARTITIONS'633*called after all partitions are created, but not yet formatted*634POST_CREATE_PARTITIONS635636# stage: mount image637# lock access to loop devices638exec {FD}> /var/lock/orangepi-debootstrap-losetup639flock -x $FD640641LOOP=$(losetup -f)642[[ -z $LOOP ]] && exit_with_error "Unable to find free loop device"643644check_loop_device "$LOOP"645646losetup $LOOP ${SDCARD}.raw647648# loop device was grabbed here, unlock649flock -u $FD650651partprobe $LOOP652653# stage: create fs, mount partitions, create fstab654rm -f $SDCARD/etc/fstab655if [[ -n $rootpart ]]; then656local rootdevice="${LOOP}p${rootpart}"657658if [[ $CRYPTROOT_ENABLE == yes ]]; then659display_alert "Encrypting root partition with LUKS..." "cryptsetup luksFormat $rootdevice" ""660echo -n $CRYPTROOT_PASSPHRASE | cryptsetup luksFormat $CRYPTROOT_PARAMETERS $rootdevice -661echo -n $CRYPTROOT_PASSPHRASE | cryptsetup luksOpen $rootdevice $ROOT_MAPPER -662display_alert "Root partition encryption complete." "" "ext"663# TODO: pass /dev/mapper to Docker664rootdevice=/dev/mapper/$ROOT_MAPPER # used by `mkfs` and `mount` commands665fi666667check_loop_device "$rootdevice"668display_alert "Creating rootfs" "$ROOTFS_TYPE on $rootdevice"669mkfs.${mkfs[$ROOTFS_TYPE]} ${mkopts[$ROOTFS_TYPE]} ${mkopts_label[$ROOTFS_TYPE]:+${mkopts_label[$ROOTFS_TYPE]}"$ROOT_FS_LABEL"} $rootdevice >> "${DEST}"/${LOG_SUBPATH}/install.log 2>&1670[[ $ROOTFS_TYPE == ext4 ]] && tune2fs -o journal_data_writeback $rootdevice > /dev/null671if [[ $ROOTFS_TYPE == btrfs && $BTRFS_COMPRESSION != none ]]; then672local fscreateopt="-o compress-force=${BTRFS_COMPRESSION}"673fi674mount ${fscreateopt} $rootdevice $MOUNT/675# create fstab (and crypttab) entry676if [[ $CRYPTROOT_ENABLE == yes ]]; then677# map the LUKS container partition via its UUID to be the 'cryptroot' device678echo "$ROOT_MAPPER UUID=$(blkid -s UUID -o value ${LOOP}p${rootpart}) none luks" >> $SDCARD/etc/crypttab679local rootfs=$rootdevice # used in fstab680else681local rootfs="UUID=$(blkid -s UUID -o value $rootdevice)"682fi683echo "$rootfs / ${mkfs[$ROOTFS_TYPE]} defaults,noatime${mountopts[$ROOTFS_TYPE]} 0 1" >> $SDCARD/etc/fstab684else685# update_initramfs will fail if /lib/modules/ doesn't exist686mount --bind --make-private $SDCARD $MOUNT/687echo "/dev/nfs / nfs defaults 0 0" >> $SDCARD/etc/fstab688fi689if [[ -n $bootpart ]]; then690display_alert "Creating /boot" "$bootfs on ${LOOP}p${bootpart}"691check_loop_device "${LOOP}p${bootpart}"692mkfs.${mkfs[$bootfs]} ${mkopts[$bootfs]} ${mkopts_label[$bootfs]:+${mkopts_label[$bootfs]}"$BOOT_FS_LABEL"} ${LOOP}p${bootpart} >> "${DEST}"/${LOG_SUBPATH}/install.log 2>&1693mkdir -p $MOUNT/boot/694mount ${LOOP}p${bootpart} $MOUNT/boot/695echo "UUID=$(blkid -s UUID -o value ${LOOP}p${bootpart}) /boot ${mkfs[$bootfs]} defaults${mountopts[$bootfs]} 0 2" >> $SDCARD/etc/fstab696fi697if [[ -n $uefipart ]]; then698display_alert "Creating EFI partition" "FAT32 ${UEFI_MOUNT_POINT} on ${LOOP}p${uefipart} label ${UEFI_FS_LABEL}"699check_loop_device "${LOOP}p${uefipart}"700mkfs.fat -F32 -n "${UEFI_FS_LABEL}" ${LOOP}p${uefipart} >> "${DEST}"/debug/install.log 2>&1701mkdir -p "${MOUNT}${UEFI_MOUNT_POINT}"702mount ${LOOP}p${uefipart} "${MOUNT}${UEFI_MOUNT_POINT}"703echo "UUID=$(blkid -s UUID -o value ${LOOP}p${uefipart}) ${UEFI_MOUNT_POINT} vfat defaults 0 2" >> $SDCARD/etc/fstab704fi705echo "tmpfs /tmp tmpfs defaults,nosuid 0 0" >> $SDCARD/etc/fstab706707call_extension_method "format_partitions" <<- 'FORMAT_PARTITIONS'708*if you created your own partitions, this would be a good time to format them*709The loop device is mounted, so ${LOOP}p1 is it's first partition etc.710FORMAT_PARTITIONS711712# stage: adjust boot script or boot environment713if [[ -f $SDCARD/boot/orangepiEnv.txt ]]; then714if [[ $CRYPTROOT_ENABLE == yes ]]; then715echo "rootdev=$rootdevice cryptdevice=UUID=$(blkid -s UUID -o value ${LOOP}p${rootpart}):$ROOT_MAPPER" >> $SDCARD/boot/orangepiEnv.txt716else717echo "rootdev=$rootfs" >> $SDCARD/boot/orangepiEnv.txt718fi719echo "rootfstype=$ROOTFS_TYPE" >> $SDCARD/boot/orangepiEnv.txt720elif [[ $rootpart != 1 ]] && [[ $SRC_EXTLINUX != yes ]]; then721local bootscript_dst=${BOOTSCRIPT##*:}722sed -i 's/mmcblk0p1/mmcblk0p2/' $SDCARD/boot/$bootscript_dst723sed -i -e "s/rootfstype=ext4/rootfstype=$ROOTFS_TYPE/" \724-e "s/rootfstype \"ext4\"/rootfstype \"$ROOTFS_TYPE\"/" $SDCARD/boot/$bootscript_dst725fi726727# if we have boot.ini = remove orangepiEnv.txt and add UUID there if enabled728if [[ -f $SDCARD/boot/boot.ini ]]; then729sed -i -e "s/rootfstype \"ext4\"/rootfstype \"$ROOTFS_TYPE\"/" $SDCARD/boot/boot.ini730if [[ $CRYPTROOT_ENABLE == yes ]]; then731local rootpart="UUID=$(blkid -s UUID -o value ${LOOP}p${rootpart})"732sed -i 's/^setenv rootdev .*/setenv rootdev "\/dev\/mapper\/'$ROOT_MAPPER' cryptdevice='$rootpart':'$ROOT_MAPPER'"/' $SDCARD/boot/boot.ini733else734sed -i 's/^setenv rootdev .*/setenv rootdev "'$rootfs'"/' $SDCARD/boot/boot.ini735fi736if [[ $LINUXFAMILY != meson64 ]]; then737[[ -f $SDCARD/boot/orangepiEnv.txt ]] && rm $SDCARD/boot/orangepiEnv.txt738fi739fi740741# if we have a headless device, set console to DEFAULT_CONSOLE742if [[ -n $DEFAULT_CONSOLE && -f $SDCARD/boot/orangepiEnv.txt ]]; then743if grep -lq "^console=" $SDCARD/boot/orangepiEnv.txt; then744sed -i "s/^console=.*/console=$DEFAULT_CONSOLE/" $SDCARD/boot/orangepiEnv.txt745else746echo "console=$DEFAULT_CONSOLE" >> $SDCARD/boot/orangepiEnv.txt747fi748fi749750# recompile .cmd to .scr if boot.cmd exists751752if [[ -f $SDCARD/boot/boot.cmd ]]; then753if [ -z $BOOTSCRIPT_OUTPUT ]; then BOOTSCRIPT_OUTPUT=boot.scr; fi754mkimage -C none -A arm -T script -d $SDCARD/boot/boot.cmd $SDCARD/boot/$BOOTSCRIPT_OUTPUT > /dev/null 2>&1755fi756757# create extlinux config758if [[ -f $SDCARD/boot/extlinux/extlinux.conf ]]; then759echo " append root=$rootfs $SRC_CMDLINE $MAIN_CMDLINE" >> $SDCARD/boot/extlinux/extlinux.conf760[[ -f $SDCARD/boot/orangepiEnv.txt ]] && rm $SDCARD/boot/orangepiEnv.txt761fi762763}764765# update_initramfs766#767# this should be invoked as late as possible for any modifications by768# customize_image (userpatches) and prepare_partitions to be reflected in the769# final initramfs770#771# especially, this needs to be invoked after /etc/crypttab has been created772# for cryptroot-unlock to work:773# https://serverfault.com/questions/907254/cryproot-unlock-with-dropbear-timeout-while-waiting-for-askpass774#775# since Debian buster, it has to be called within create_image() on the $MOUNT776# path instead of $SDCARD (which can be a tmpfs and breaks cryptsetup-initramfs).777#778update_initramfs()779{780local chroot_target=$1781local target_dir=$(782find ${chroot_target}/lib/modules/ -maxdepth 1 -type d -name "*${VER}*"783)784if [ "$target_dir" != "" ]; then785update_initramfs_cmd="update-initramfs -uv -k $(basename $target_dir)"786else787exit_with_error "No kernel installed for the version" "${VER}"788fi789display_alert "Updating initramfs..." "$update_initramfs_cmd" ""790cp /usr/bin/$QEMU_BINARY $chroot_target/usr/bin/791mount_chroot "$chroot_target/"792793chroot $chroot_target /bin/bash -c "$update_initramfs_cmd" >> $DEST/${LOG_SUBPATH}/install.log 2>&1 || {794display_alert "Updating initramfs FAILED, see:" "$DEST/${LOG_SUBPATH}/install.log" "err"795exit 23796}797display_alert "Updated initramfs." "for details see: $DEST/${LOG_SUBPATH}/install.log" "info"798799display_alert "Re-enabling" "initramfs-tools hook for kernel"800chroot $chroot_target /bin/bash -c "chmod -v +x /etc/kernel/postinst.d/initramfs-tools" >> "${DEST}"/${LOG_SUBPATH}/install.log 2>&1801802umount_chroot "$chroot_target/"803rm $chroot_target/usr/bin/$QEMU_BINARY804805} #############################################################################806807# create_image808#809# finishes creation of image from cached rootfs810#811create_image()812{813# stage: create file name814if [[ $SELECTED_CONFIGURATION == "cli_standard" ]]; then815IMAGE_TYPE=server816elif [[ $SELECTED_CONFIGURATION == "cli_minimal" ]]; then817IMAGE_TYPE=minimal818else819IMAGE_TYPE=desktop820fi821822local version="${BOARD^}_${REVISION}_${DISTRIBUTION,}_${RELEASE}_${IMAGE_TYPE}"${DESKTOP_ENVIRONMENT:+_$DESKTOP_ENVIRONMENT}"_linux$(grab_version "$LINUXSOURCEDIR")"823824if [[ ${RELEASE} == "raspi" ]]; then825local version="${BOARD^}_${REVISION}_raspios_bullseye_${IMAGE_TYPE}"${DESKTOP_ENVIRONMENT:+_$DESKTOP_ENVIRONMENT}"_linux$(grab_version "$LINUXSOURCEDIR")"826fi827828[[ $ROOTFS_TYPE == nfs ]] && version=${version}_nfsboot829830destimg=$DEST/images/${version}831rm -rf $destimg832mkdir -p $destimg833834if [[ $ROOTFS_TYPE != nfs ]]; then835display_alert "Copying files to" "/"836echo -e "\nCopying files to [/]" >>"${DEST}"/${LOG_SUBPATH}/install.log837rsync -aHWXh \838--exclude="/boot/*" \839--exclude="/dev/*" \840--exclude="/proc/*" \841--exclude="/run/*" \842--exclude="/tmp/*" \843--exclude="/sys/*" \844--info=progress0,stats1 $SDCARD/ $MOUNT/ >> "${DEST}"/${LOG_SUBPATH}/install.log 2>&1845else846display_alert "Creating rootfs archive" "rootfs.tgz" "info"847tar cp --xattrs --directory=$SDCARD/ --exclude='./boot/*' --exclude='./dev/*' --exclude='./proc/*' --exclude='./run/*' --exclude='./tmp/*' \848--exclude='./sys/*' . | pv -p -b -r -s $(du -sb $SDCARD/ | cut -f1) -N "rootfs.tgz" | gzip -c > $destimg/${version}-rootfs.tgz849fi850851# stage: rsync /boot852display_alert "Copying files to" "/boot"853echo -e "\nCopying files to [/boot]" >>"${DEST}"/${LOG_SUBPATH}/install.log854if [[ $(findmnt --target $MOUNT/boot -o FSTYPE -n) == vfat ]]; then855# fat32856rsync -rLtWh \857--info=progress0,stats1 \858--log-file="${DEST}"/${LOG_SUBPATH}/install.log $SDCARD/boot $MOUNT >> "${DEST}"/${LOG_SUBPATH}/install.log 2>&1859else860# ext4861rsync -aHWXh \862--info=progress0,stats1 \863--log-file="${DEST}"/${LOG_SUBPATH}/install.log $SDCARD/boot $MOUNT >> "${DEST}"/${LOG_SUBPATH}/install.log 2>&1864fi865866call_extension_method "pre_update_initramfs" "config_pre_update_initramfs" << 'PRE_UPDATE_INITRAMFS'867*allow config to hack into the initramfs create process*868Called after rsync has synced both `/root` and `/root` on the target, but before calling `update_initramfs`.869PRE_UPDATE_INITRAMFS870871# stage: create final initramfs872[[ -n $KERNELSOURCE ]] && {873update_initramfs $MOUNT874}875876# DEBUG: print free space877local freespace=$(LC_ALL=C df -h)878echo $freespace >> $DEST/${LOG_SUBPATH}/debootstrap.log879display_alert "Free SD cache" "$(echo -e "$freespace" | grep $SDCARD | awk '{print $5}')" "info"880display_alert "Mount point" "$(echo -e "$freespace" | grep $MOUNT | head -1 | awk '{print $5}')" "info"881882# stage: write u-boot883write_uboot $LOOP884885# fix wrong / permissions886chmod 755 $MOUNT887888call_extension_method "pre_umount_final_image" "config_pre_umount_final_image" << 'PRE_UMOUNT_FINAL_IMAGE'889*allow config to hack into the image before the unmount*890Called before unmounting both `/root` and `/boot`.891PRE_UMOUNT_FINAL_IMAGE892893# unmount /boot/efi first, then /boot, rootfs third, image file last894sync895[[ $UEFISIZE != 0 ]] && umount -l "${MOUNT}${UEFI_MOUNT_POINT}"896[[ $BOOTSIZE != 0 ]] && umount -l $MOUNT/boot897[[ $ROOTFS_TYPE != nfs ]] && umount -l $MOUNT898[[ $CRYPTROOT_ENABLE == yes ]] && cryptsetup luksClose $ROOT_MAPPER899900call_extension_method "post_umount_final_image" "config_post_umount_final_image" << 'POST_UMOUNT_FINAL_IMAGE'901*allow config to hack into the image after the unmount*902Called after unmounting both `/root` and `/boot`.903POST_UMOUNT_FINAL_IMAGE904905# to make sure its unmounted906while grep -Eq '(${MOUNT}|${DESTIMG})' /proc/mounts907do908display_alert "Wait for unmount" "${MOUNT}" "info"909sleep 5910done911912losetup -d $LOOP913rm -rf --one-file-system $DESTIMG $MOUNT914915mkdir -p $DESTIMG916mv ${SDCARD}.raw $DESTIMG/${version}.img917918FINALDEST=${destimg}919920# custom post_build_image_modify hook to run before fingerprinting and compression921[[ $(type -t post_build_image_modify) == function ]] && display_alert "Custom Hook Detected" "post_build_image_modify" "info" && post_build_image_modify "${DESTIMG}/${version}.img"922923if [[ $BUILD_ALL != yes ]]; then924925if [[ $COMPRESS_OUTPUTIMAGE == "" || $COMPRESS_OUTPUTIMAGE == no ]]; then926COMPRESS_OUTPUTIMAGE="sha,gpg,img"927elif [[ $COMPRESS_OUTPUTIMAGE == yes ]]; then928COMPRESS_OUTPUTIMAGE="sha,gpg,7z"929fi930931if [[ $COMPRESS_OUTPUTIMAGE == *gz* ]]; then932display_alert "Compressing" "${DESTIMG}/${version}.img.gz" "info"933pigz -3 < $DESTIMG/${version}.img > $DESTIMG/${version}.img.gz934compression_type=".gz"935fi936937if [[ $COMPRESS_OUTPUTIMAGE == *xz* ]]; then938display_alert "Compressing" "${DESTIMG}/${version}.img.xz" "info"939# compressing consumes a lot of memory we don't have. Waiting for previous packing job to finish helps to run a lot more builds in parallel940available_cpu=$(grep -c 'processor' /proc/cpuinfo)941[[ ${BUILD_ALL} == yes ]] && available_cpu=$(( $available_cpu * 30 / 100 )) # lets use 20% of resources in case of build-all942[[ ${available_cpu} -gt 8 ]] && available_cpu=8 # using more cpu cores for compressing is pointless943available_mem=$(LC_ALL=c free | grep Mem | awk '{print $4/$2 * 100.0}' | awk '{print int($1)}') # in percentage944# build optimisations when memory drops below 5%945if [[ ${BUILD_ALL} == yes && ( ${available_mem} -lt 15 || $(ps -uax | grep "pixz" | wc -l) -gt 4 )]]; then946while [[ $(ps -uax | grep "pixz" | wc -l) -gt 2 ]]947do echo -en "#"948sleep 20949done950fi951pixz -7 -p ${available_cpu} -f $(expr ${available_cpu} + 2) < $DESTIMG/${version}.img > ${DESTIMG}/${version}.img.xz952compression_type=".xz"953fi954955if [[ $COMPRESS_OUTPUTIMAGE == *img* || $COMPRESS_OUTPUTIMAGE == *7z* ]]; then956# mv $DESTIMG/${version}.img ${FINALDEST}/${version}.img || exit 1957compression_type=""958fi959960if [[ $COMPRESS_OUTPUTIMAGE == *sha* ]]; then961cd ${DESTIMG}962display_alert "SHA256 calculating" "${version}.img${compression_type}" "info"963sha256sum -b ${version}.img${compression_type} > ${version}.img${compression_type}.sha964fi965966if [[ $COMPRESS_OUTPUTIMAGE == *gpg* ]]; then967cd ${DESTIMG}968if [[ -n $GPG_PASS ]]; then969display_alert "GPG signing" "${version}.img${compression_type}" "info"970[[ -n ${SUDO_USER} ]] && sudo chown -R ${SUDO_USER}:${SUDO_USER} "${DESTIMG}"/971echo "${GPG_PASS}" | sudo -H -u ${SUDO_USER} bash -c "gpg --passphrase-fd 0 --armor --detach-sign --pinentry-mode loopback --batch --yes ${DESTIMG}/${version}.img${compression_type}" || exit 1972#else973# display_alert "GPG signing skipped - no GPG_PASS" "${version}.img" "wrn"974fi975fi976977#fingerprint_image "${DESTIMG}/${version}.img${compression_type}.txt" "${version}"978979if [[ $COMPRESS_OUTPUTIMAGE == *7z* ]]; then980display_alert "Compressing" "${DESTIMG}/${version}.7z" "info"9817za a -t7z -bd -m0=lzma2 -mx=3 -mfb=64 -md=32m -ms=on \982${DESTIMG}/${version}.7z ${version}.key ${version}.img* >/dev/null 2>&1983find ${DESTIMG}/ -type \984f \( -name "${version}.img" -o -name "${version}.img.asc" -o -name "${version}.img.txt" -o -name "${version}.img.sha" \) -print0 \985>/dev/null 2>&1986fi987988fi989#display_alert "Done building" "${DESTIMG}/${version}.img" "info"990display_alert "Done building" "${FINALDEST}/${version}.img" "info"991992# call custom post build hook993[[ $(type -t post_build_image) == function ]] && post_build_image "${DESTIMG}/${version}.img"994995# move artefacts from temporally directory to its final destination996[[ -n $compression_type ]] && rm $DESTIMG/${version}.img997mv $DESTIMG/${version}* ${FINALDEST}998rm -rf $DESTIMG9991000# write image to SD card1001if [[ $(lsblk "$CARD_DEVICE" 2>/dev/null) && -f ${FINALDEST}/${version}.img ]]; then10021003# make sha256sum if it does not exists. we need it for comparisson1004if [[ -f "${FINALDEST}/${version}".img.sha ]]; then1005local ifsha=$(cat ${FINALDEST}/${version}.img.sha | awk '{print $1}')1006else1007local ifsha=$(sha256sum -b "${FINALDEST}/${version}".img | awk '{print $1}')1008fi10091010display_alert "Writing image" "$CARD_DEVICE ${readsha}" "info"10111012# write to SD card1013pv -p -b -r -c -N "[ .... ] dd" ${FINALDEST}/${version}.img | dd of=$CARD_DEVICE bs=1M iflag=fullblock oflag=direct status=none10141015call_extension_method "post_write_sdcard" <<- 'POST_BUILD_IMAGE'1016*run after writing img to sdcard*1017After the image is written to `$CARD_DEVICE`, but before verifying it.1018You can still set SKIP_VERIFY=yes to skip verification.1019POST_BUILD_IMAGE10201021if [[ "${SKIP_VERIFY}" != "yes" ]]; then1022# read and compare1023display_alert "Verifying. Please wait!"1024local ofsha=$(dd if=$CARD_DEVICE count=$(du -b ${FINALDEST}/${version}.img | cut -f1) status=none iflag=count_bytes oflag=direct | sha256sum | awk '{print $1}')1025if [[ $ifsha == $ofsha ]]; then1026display_alert "Writing verified" "${version}.img" "info"1027else1028display_alert "Writing failed" "${version}.img" "err"1029fi1030fi1031elif [[ `systemd-detect-virt` == 'docker' && -n $CARD_DEVICE ]]; then1032# display warning when we want to write sd card under Docker1033display_alert "Can't write to $CARD_DEVICE" "Enable docker privileged mode in config-docker.conf" "wrn"1034fi10351036} #############################################################################103710381039