From b9bb59c237b79d65d507feaf36865152c437a67e Mon Sep 17 00:00:00 2001 From: Serge Schneider Date: Wed, 13 May 2020 13:09:03 +0100 Subject: [PATCH 01/15] Bookshelf PDF download --- stage4/03-bookshelf/00-run.sh | 15 +++++++++++++++ .../{03-magpi => 03-bookshelf}/files/.gitignore | 0 stage4/03-magpi/00-run.sh | 15 --------------- 3 files changed, 15 insertions(+), 15 deletions(-) create mode 100755 stage4/03-bookshelf/00-run.sh rename stage4/{03-magpi => 03-bookshelf}/files/.gitignore (100%) delete mode 100755 stage4/03-magpi/00-run.sh diff --git a/stage4/03-bookshelf/00-run.sh b/stage4/03-bookshelf/00-run.sh new file mode 100755 index 0000000..5bd9885 --- /dev/null +++ b/stage4/03-bookshelf/00-run.sh @@ -0,0 +1,15 @@ +#!/bin/sh -e + +BOOKSHELF_URL="https://magpi.raspberrypi.org/bookshelf.xml" +GUIDE_URL="$(curl -s "$BOOKSHELF_URL" | awk -F '[<>]' "/Raspberry Pi Beginner's Guide v3<\/TITLE>/ {f=1; next} f==1 && /PDF/ {print \$3; exit}")" +OUTPUT="$(basename "$GUIDE_URL" | cut -f1 -d'?')" + +if [ ! -f "files/$OUTPUT" ]; then + rm files/*.pdf -f + curl -s "$GUIDE_URL" -o "files/$OUTPUT" +fi + +file "files/$OUTPUT" | grep -q "PDF document" + +install -v -o 1000 -g 1000 -d "${ROOTFS_DIR}/home/${FIRST_USER_NAME}/Bookshelf" +install -v -o 1000 -g 1000 -m 644 "files/$OUTPUT" "${ROOTFS_DIR}/home/${FIRST_USER_NAME}/Bookshelf/" diff --git a/stage4/03-magpi/files/.gitignore b/stage4/03-bookshelf/files/.gitignore similarity index 100% rename from stage4/03-magpi/files/.gitignore rename to stage4/03-bookshelf/files/.gitignore diff --git a/stage4/03-magpi/00-run.sh b/stage4/03-magpi/00-run.sh deleted file mode 100755 index b27b85f..0000000 --- a/stage4/03-magpi/00-run.sh +++ /dev/null @@ -1,15 +0,0 @@ -#!/bin/sh -e - -magpi_regex="MagPi[[:digit:]]*.pdf" -magpi_loc="$(curl -s https://magpi.raspberrypi.org/latest-pdf)" -magpi_latest="$(echo "$magpi_loc" | grep "$magpi_regex" -m 1 -o)" - -if [ ! -f "files/$magpi_latest" ]; then - find files/ -regextype grep -regex "files/$magpi_regex" -delete - wget "$magpi_loc" -O "files/$magpi_latest" -fi - -file "files/$magpi_latest" | grep -q "PDF document" - -install -v -o 1000 -g 1000 -d "${ROOTFS_DIR}/home/${FIRST_USER_NAME}/MagPi" -install -v -o 1000 -g 1000 -m 644 "files/$magpi_latest" "${ROOTFS_DIR}/home/${FIRST_USER_NAME}/MagPi/" From 825107f04027269db77426046f5085475b1ea22f Mon Sep 17 00:00:00 2001 From: Serge Schneider <serge@raspberrypi.org> Date: Wed, 13 May 2020 13:51:36 +0100 Subject: [PATCH 02/15] Update release notes --- .../00-release/files/release_notes.txt | 34 +++++++++++++++++++ 1 file changed, 34 insertions(+) diff --git a/export-noobs/00-release/files/release_notes.txt b/export-noobs/00-release/files/release_notes.txt index 8d7f014..bac8091 100644 --- a/export-noobs/00-release/files/release_notes.txt +++ b/export-noobs/00-release/files/release_notes.txt @@ -1,4 +1,38 @@ UNRELEASED: + * Added Bookshelf application + * Added Raspberry Pi Diagnostics application + * Added magnifier plugin to taskbar - needs magnifier application installed from Recommended Software to enable + * Added Magnifier application to Recommended Software + * Added marketing questionnaire as initial Chromium tab + * Version 0.25 of Scratch 2 included - uses external application to access IMU on SenseHAT + * Version 1.0.5 of Scratch 3 included - uses external application to access IMU on SenseHAT + * Version 32.0.0.371 of Flash player included + * Version 1.0.6 of Node-RED included + * Version 6.7.1 of VNC Server included + * Version 6.20.113 of VNC Client included + * Internal audio outputs enabled as separate ALSA devices + * MagPi preinstall removed and replaced with Beginner’s Guide + * MagPi weblink removed from main menu + * Chromium made default application for PDF files + * Common icon loading code for lxpanel plugins used + * Italian translations added + * Initial move of mouse pointer to menu button disabled + * Padding at left of menu button removed + * Focus behaviour changed so that focus moves to desktop if no windows are opened - improves reliability of Orca screen reader + * Bug fix - focus bug in volume plugin + * Bug fix - keyboard repeat interval bug in Mouse & Keyboard Settings + * Bug fix - battery detection bug in battery plugin + * Bug fix - spurious active areas on taskbar when plugins are hidden + * Bug fix - occasional crash in file manager on file selection + * Disk ID is now regenerated on first boot + * Updated udev rules + - Remove unused argon rule + - Add vcsm-cma to video group + - Add pwm to gpio group + * i2cprobe: More flexible I2C/SPI alias mapping + * Raspberry Pi firmware 21e1fe3477ffb708a5736ed61a924fd650031136 + * Linux kernel 4.19.118 +2020-02-13: * Raspberry Pi Configuration - screen blanking setting disabled if Xscreensaver is installed * Bug fix - switch to turn off VNC server in Raspberry Pi Configuration has no effect * Bug fix - fix %20 characters in file names From f663d4c6d124258362b955580e4f2b91dce0ddc8 Mon Sep 17 00:00:00 2001 From: Serge Schneider <serge@raspberrypi.com> Date: Mon, 22 Jun 2020 03:54:38 +0100 Subject: [PATCH 03/15] Add new changelog entry --- export-noobs/00-release/files/release_notes.txt | 2 ++ 1 file changed, 2 insertions(+) diff --git a/export-noobs/00-release/files/release_notes.txt b/export-noobs/00-release/files/release_notes.txt index bac8091..bde0861 100644 --- a/export-noobs/00-release/files/release_notes.txt +++ b/export-noobs/00-release/files/release_notes.txt @@ -1,4 +1,6 @@ UNRELEASED: + * +2020-05-27 * Added Bookshelf application * Added Raspberry Pi Diagnostics application * Added magnifier plugin to taskbar - needs magnifier application installed from Recommended Software to enable From 9a3a10bf1019ebb2d59053564dc6b90068bad27d Mon Sep 17 00:00:00 2001 From: Serge Schneider <serge@raspberrypi.com> Date: Mon, 22 Jun 2020 05:33:42 +0100 Subject: [PATCH 04/15] stage2: install raspinfo --- stage2/01-sys-tweaks/00-packages | 1 + 1 file changed, 1 insertion(+) diff --git a/stage2/01-sys-tweaks/00-packages b/stage2/01-sys-tweaks/00-packages index 16b9350..83ec74c 100644 --- a/stage2/01-sys-tweaks/00-packages +++ b/stage2/01-sys-tweaks/00-packages @@ -28,3 +28,4 @@ vl805fw ntfs-3g pciutils rpi-eeprom +raspinfo From 930d86115d5f3e51ba81e5e9031a555d47f5ae80 Mon Sep 17 00:00:00 2001 From: Serge Schneider <serge@raspberrypi.com> Date: Thu, 20 Aug 2020 11:22:33 +0100 Subject: [PATCH 05/15] Update release notes --- export-noobs/00-release/files/release_notes.txt | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/export-noobs/00-release/files/release_notes.txt b/export-noobs/00-release/files/release_notes.txt index bde0861..693eb49 100644 --- a/export-noobs/00-release/files/release_notes.txt +++ b/export-noobs/00-release/files/release_notes.txt @@ -1,6 +1,21 @@ UNRELEASED: * -2020-05-27 +2020-08-20: + * raspi-config - added selection of boot device order + * raspi-config - added selection of boot EEPROM version + * SD Card Copier - copy is now immediately aborted if drives are connected or disconnected while copying + * Version 32.0.0.414 of Flash player included + * User feedback survey removed from first run of Chromium + * Recommended Software - now allows multiple install and reinstall operations without having to close between each one + * Bug fix - misleading file browser from panel menu icon selection dialog - icons must now be in icon theme rather than arbitrary files + * Bug fix - items in main menu not being translated + * Bug fix - raspi-config not detecting audio devices in non-English locales + * Bug fix - Bookshelf claiming no disk space in non-English locales + * Bug fix - failed installation of both 32 and 64 bit versions of packages by Recommended Software on 64-bit images + * Italian translations added (thanks to Emanuele Goldoni and the Italian translation team) + * Raspberry Pi firmware ef72c17bcaaeb89093d87bcf71f3228e1b5e1fff + * Linux kernel 5.4.51 +2020-05-27: * Added Bookshelf application * Added Raspberry Pi Diagnostics application * Added magnifier plugin to taskbar - needs magnifier application installed from Recommended Software to enable From 78c9e2cf02c312069701dc21f0496a2091b351f4 Mon Sep 17 00:00:00 2001 From: Serge Schneider <serge@raspberrypi.com> Date: Mon, 24 Aug 2020 15:45:57 +0100 Subject: [PATCH 06/15] Raspbian -> Raspberry Pi OS --- stage2/EXPORT_NOOBS | 2 +- stage4/EXPORT_NOOBS | 2 +- stage5/EXPORT_NOOBS | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/stage2/EXPORT_NOOBS b/stage2/EXPORT_NOOBS index 136cc77..0d78ecf 100644 --- a/stage2/EXPORT_NOOBS +++ b/stage2/EXPORT_NOOBS @@ -1,2 +1,2 @@ -NOOBS_NAME="Raspbian Lite" +NOOBS_NAME="Raspberry Pi OS Lite (32-bit)" NOOBS_DESCRIPTION="A port of Debian with no desktop environment" diff --git a/stage4/EXPORT_NOOBS b/stage4/EXPORT_NOOBS index 2ef6d7b..f197ee1 100644 --- a/stage4/EXPORT_NOOBS +++ b/stage4/EXPORT_NOOBS @@ -1,2 +1,2 @@ -NOOBS_NAME="Raspbian" +NOOBS_NAME="Raspberry Pi OS (32-bit)" NOOBS_DESCRIPTION="A port of Debian with the Raspberry Pi Desktop" diff --git a/stage5/EXPORT_NOOBS b/stage5/EXPORT_NOOBS index cb10203..ac7051f 100644 --- a/stage5/EXPORT_NOOBS +++ b/stage5/EXPORT_NOOBS @@ -1,2 +1,2 @@ -NOOBS_NAME="Raspbian Full" +NOOBS_NAME="Raspberry Pi OS Full (32-bit)" NOOBS_DESCRIPTION="A port of Debian with desktop and recommended applications" From d6207a620a10ba0ec25f95a637d3fdd272b47e84 Mon Sep 17 00:00:00 2001 From: Serge Schneider <serge@raspberrypi.com> Date: Mon, 24 Aug 2020 17:01:54 +0100 Subject: [PATCH 07/15] Update OS.png --- export-noobs/00-release/files/OS.png | Bin 1399 -> 1752 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/export-noobs/00-release/files/OS.png b/export-noobs/00-release/files/OS.png index 02b67cf7e9fa5352b828649bb11f5a135a0e91f0..3091bf95064eeb6364b8d1e22faae101eaf1ecf5 100644 GIT binary patch delta 1747 zcmV;^1}ypa3fK*h8Gi-<004~sxNQIc010qNS#tmY3labT3lag+-G2N400xRlL_t(o zg{@g%OjB1J{#~SEp|;g(T9pOZz$p(FLX3N;vh870Uo_FVM{&vCMA_rqgYE^lrvdu7 z==Q2E!6ln)$u<?1Y!8bq$&>|LS*+SlK`1R1i=5><JqHf=-hXp%#eK<@_Vk|L?>oOg z-#PbcFviFUhGDc2(Lo}5Q{2{0MAJlcU0nT)v2i;ShGEnzbAzUz<=nWVe>;MLR1Xo= zZ)pkDVQkypTH4$aqQ_%ds`6FROuE27-;Yn=?+qgAlFsD(Dxaqvb1)ZJ8}U+=&qK+f zG~JI+(z9HV9)I7>-kX~#{;ke0hv1opSmbo{a6N5~h8!b2lPS=H_yqm*SprdQ5ySD= z@#X-?ZFtS^IR8Onf)ZE8LHbk1*ctQh6`Fb1XVSB-<bbtdFTMV5E$!^s8W2(Mi5_kU z>^RimN)CVz_!23%Ku3_~az%QUpSO(LjR8B4HX(fnh=1t7&W^3F#N6yj=m<I%F4Bt2 zj17%`eyy&lw2(k5bwDt5K5Ypy#-?V{g{z4xNy~3=j<mvP^4E+d0>arMhQCQt)}dTR z2JWHZuEJ;81O<AAuOw|F1)#pRw1fzYczicYfBlf+9gXhBXUzNg^8{_%`--*}u{aTg z9vuls9e*?o<Ew^P<Y?@8Gmn}Mmp&ZilA{8W^8S~5Ea_Is4W0j!Mg~$}GsZe}ww)pf zbR~z<(@v3uBSg&%jAcvRY5grz;E@{{NI{yqoCuV=lRy^_yc!F0Ns&O|51qeliJk;R z8PQkg$Wj;?NL_{9740N8B!i;M>QHw8NXdq1t$zy95nnwut}fNu*t0BsKbxY#LT1s1 zY2H5&bzNh;5J3^a{z#>_?gM`l?O79{nu=0gotwHtjjPwvzUo@rxz}b>bS;0M`Zn(3 z-_y?vbZc&cE@Ve3JzoIHgD(|98M!8pzwX?|Hx`Kj@wrLro4QRG!ZF7Mc0U=W)~fZ( z7Jrdnn5WK1ztLzh>l#V7CP8=Aod`Bt$bCHV2R(dV;LhC8Jvq#yDFIvE8`|)#PWaHm zjo`s1kDpqq)-Mjg5mujDDDn%Rhm=~AKsr$Z*YYJ|W|EOrUfS&qlQ@oPVJ}ikXpdAb z=^q?k$|ZSI?5o*An^slR!{@VfDL2j|ihprnw3y{-J>qMi&fxZCwRdZ7l1>In8NuQQ z3z>E&0@@lB_4fp;++STwz0<cTw=hp9g4=DI0<|Wig*n}!Hp@M-_GVa-lLT2Tn26Tt z>QHwc42t7VR2@IHeuuVW;rwv=7oPUZo8ICnbh{4`L>=cAiV2*$?MQ0RgT4w+^nYSF zMgyDQAzy{3lvWKn5`_<kC<z@oc^@<rHlYCU(d6+*%RUbphJmh%o(;88qsPDKSQPaC z0xT9bNi+*G1E0dTYXrMsK<!*W8gv5EmY#Q)9<%Mnr2ts=Wjlh=R+9k$-RcB%D!LcA z`84f#FLV@(u?axbe6O1hazG-`aeq$0t|HMlb%zsnvL_eg20Mb&4;ABM!Vn}Rt|1AD zDQRDbUz=8WxtxsIkbqc24^`X5GsJyPoA0+1>i)q(=4d`J&l^NNk-+J`np&=lBn0`p ze2Th)&2(zrj%7x$80;SCYFWRyU$uvWL}$>?YgUZ+o5@&oP`nLDf(TA8$A2<IeB4|! z5|D{TO#{Jk$G?NTaU?((cCib6o4-eIdn0u7X-0~CgZV9mPN>mMUyzBw<=i+=k0gsl zm?LKfQi@2*`{gz#7qIuik8;LGj4{iziLOa_sF4~qI`8@F>D<O$Tx5ysnYG)^K%~^g zsHY-)R`z;JdbI>am=ltS3V#qjYqQTf0VEJPhXo{bFQA-crXO-(2M8@9;wC*L^b<9w zMoxv08{6o)62w1tXFXugnlLYHJ1LPsjX@Lfm|zFY74`h$1jVz$4XIgX$Ooj(N53yS zh)O_a<iS=KJ&=bFr{@y4XA(RxUEl2u2R>OBUFHa@ml8yx&SXP?lz+NY4A$<q*cRu< zX>rV289|j~q|zI}30aCR4w_PQOFPK&j>h2@donZ-&omHs98{I3I#+UK5u~L9EVS{o zIu5dU_;EV_UCfS>O_}tHhj!QJ;<644FeKi7wn7r*I3njn4lqd-=C(4%y2>F}HbI4G zoH2%!AA>Wb*{(q(piBTFdLVWTbKO#EMp-G=PBsi|O(*564>SrQW_tC}i-@h*2?)N- pCH{*6I)*Rmg)ub2%Iz~o{{i3Q1??G5KNkQ1002ovPDHLkV1fkNI|Kj# delta 1391 zcmV-#1(5pK4fhI=8Gix*000A=FFF7K010qNS#tmY4s-wj4s-!)B(v54000McNliru z;{^^5Aqf28ixdC=1r|v}K~z}7?N}{%BRLFxz3+gA*(`>JQ<h;3oU(*9YzMaN$~J5Z zyDZ1Htbr+OS;9InWeJN}4K>VW7TW{UpY-pp$$j4~IkB;2J%3AnlI+?0`ST}!h5UwJ zB)<&!_rIU62E)etAQG7YD5WW*OsU)DVpHv8Sb67?NW)A-L>T~W)a`Qlk>$OQ&iG_l zEf;r!K$gfr+YEq2Bu>!_nEJ!P`0}zk9JsZM5>!rlKcfx+NQ1CU0K~)QcD7h-;qlt7 zU{Zc;w0$*05P$GOZYI}6)G$*ob<5Xk_J~qMQ;VCr?Lr+nP>u(40tld<p-oA`dVW2Z zEc7Y^+F1FhoGFmno?LlRNF#_3NC3E&u(A72Niha<pr27AcrJmTw-{Wq)@}!EIz|}5 z%fq*VDG4I$i;x%qG7SKvAH4K8;%8z?dX9NSbV5pRM}IB=hx<iPT#WQ)Boo731XE_g zrKT1#$p0{Y8caVkz0HV&Yw?q`4!m_9=iNda{IzTjW(LJbyGdwj0U(Uk8JqGoYH;w= zkQe*A6p$a&%U;>@^Wdj1u!9%87(iI1&5^JYcfrQw*SEJ@=kb%ARwwm*1`;#W5QKG# zD*=!b8Gix`oCp9iFbA3pxK7bYp69dWV)x1gz`M1G<e+j6BFq_v=*((M53%(k=RT-} z-U{&!i+~8256JvkkE_A(uCBjYJyZ%n0FIrX<n|R)12A&@BR3fUVA8}1hofpZzP#MA zNx0?ei+M&pb-odJk#{sjP8}xzz;Q?Q71gtP$A9ir4Tdp>s-pm`MUI_svwGxs?75Dz z7Fmi+nt1Gdhu}p{oM!=mBco#sqtnw}&bVPFKm*ezPB?TGom;(66o6?H&-_Dz9x0mU zHUkoH)5K%vN7j^z0N}mY`~z@3uOT8pf8`_4S9E4gJEeisj*2PGqvS-R$MFoPI?528 zd4IM90IS9F`{?Z3_<V~{e;<t!`*UjmDB$a(^(Q$p8bD8Huf|J72Z{)EnH#X5-P~+( z#)IA=d;h03rJ_Pn-@Gvow1t%3Ti(-|CF~Q8t&PmpVE9>JiJ?@~W@>xPZ-pTMTuS(0 zPXG*|uc%@EEN}=he{@m+e$V<12LN>xet$!tfagK0v%t+~fhnUWKCVUPQNl}wS&Vgj z&=`5YIh%kfho@YR0<G0&S)D0ba;TtK&<Fq=JAZ0SP81+F9Gu8kt1VF!%tEMEerR+% zd&Qw$vKHAVT7(4K`E1GjK02FRTzs?oE~F>VHhFvglH}7SUU1k{=ww-wQYXu<IDg!y zutlvt+%LTMIng*bt?4TcE!SpU`<CR#j-7}C&T~@`0l1FwPapDbF<abjk;eyR*(Qd5 ztQg;{Zo6Ujo_<$n*g$PH0d#xa?P~S;kFk1rT^cC$#psXpC8aM$KcPO`8IQMa654du zFB7TiC@1gc59%mwJK5}4q-dA!)PF6CyD008LazZ!H1dA4GX~(yG0}@U(<YTQcE^jr zVNoRS&#l>ijA8ZI91j#}AONc<?QMVFwVPY<I$Pe~?|$cM>0K)7>Wl?f90=$svRT#! zk_C4mctKxLt}_=>9fg!$^8M~tpXUeM>MlN}(=@l{&DnkRd=~|PGP>v<TxecT|J5_K zmDb9j=sD*EV93kY5?J7(0LZ)fyKloCJ$@B=_P#Q@uau#d&vD{|w)S?t{JfpL9sYrw x42R3bD#nLGNJPD|cX@rim65&wf4=-z@)y5C*d=ZYi=6-f002ovPDHLkV1ll4n5X~% From c1a7dae113ce943abe8bf5d5ab36fb7aac829fd2 Mon Sep 17 00:00:00 2001 From: "Daniel F. Dickinson" <cshored@danielfdickinson.ca> Date: Tue, 8 Sep 2020 16:16:07 -0400 Subject: [PATCH 08/15] Enable adding SSH pubkey and setting pubkey only (#380) This commit add the ability to specify an SSH public key as well as the option to disable password authentication and only allow public key authentication for SSH. Signed-off-by: Daniel F. Dickinson <cshored@thecshore.com> --- README.md | 12 ++++++++++++ build.sh | 8 ++++++++ stage2/01-sys-tweaks/01-run.sh | 12 ++++++++++++ 3 files changed, 32 insertions(+) diff --git a/README.md b/README.md index 29d8166..e7f224a 100644 --- a/README.md +++ b/README.md @@ -130,6 +130,18 @@ The following environment variables are supported: Setting to `1` will enable ssh server for remote log in. Note that if you are using a common password such as the defaults there is a high risk of attackers taking over you Raspberry Pi. + * `PUBKEY_SSH_FIRST_USER` (Default: unset) + + Setting this to a value will make that value the contents of the FIRST_USER_NAME's ~/.ssh/authorized_keys. Obviously the value should + therefore be a valid authorized_keys file. Note that this does not + automatically enable SSH. + + * `PUBKEY_ONLY_SSH` (Default: `0`) + + * Setting to `1` will disable password authentication for SSH and enable + public key authentication. Note that if SSH is not enabled this will take + effect when SSH becomes enabled. + * `STAGE_LIST` (Default: `stage*`) If set, then instead of working through the numeric stages in order, this list will be followed. For example setting to `"stage0 stage1 mystage stage2"` will run the contents of `mystage` before stage2. Note that quotes are needed around the list. An absolute or relative path can be given for stages outside the pi-gen directory. diff --git a/build.sh b/build.sh index a8247ab..6f720b1 100755 --- a/build.sh +++ b/build.sh @@ -171,6 +171,7 @@ export WPA_ESSID export WPA_PASSWORD export WPA_COUNTRY export ENABLE_SSH="${ENABLE_SSH:-0}" +export PUBKEY_ONLY_SSH="${PUBKEY_ONLY_SSH:-0}" export LOCALE_DEFAULT="${LOCALE_DEFAULT:-en_GB.UTF-8}" @@ -181,6 +182,8 @@ export TIMEZONE_DEFAULT="${TIMEZONE_DEFAULT:-Europe/London}" export GIT_HASH=${GIT_HASH:-"$(git rev-parse HEAD)"} +export PUBKEY_SSH_FIRST_USER + export CLEAN export IMG_NAME export APT_PROXY @@ -226,6 +229,11 @@ if [[ -n "${WPA_PASSWORD}" && ${#WPA_PASSWORD} -lt 8 || ${#WPA_PASSWORD} -gt 63 exit 1 fi +if [[ "${PUBKEY_ONLY_SSH}" = "1" && -z "${PUBKEY_SSH_FIRST_USER}" ]]; then + echo "Must set 'PUBKEY_SSH_FIRST_USER' to a valid SSH public key if using PUBKEY_ONLY_SSH" + exit 1 +fi + mkdir -p "${WORK_DIR}" log "Begin ${BASE_DIR}" diff --git a/stage2/01-sys-tweaks/01-run.sh b/stage2/01-sys-tweaks/01-run.sh index 8d28adc..c1836f9 100755 --- a/stage2/01-sys-tweaks/01-run.sh +++ b/stage2/01-sys-tweaks/01-run.sh @@ -11,6 +11,18 @@ install -m 644 files/console-setup "${ROOTFS_DIR}/etc/default/" install -m 755 files/rc.local "${ROOTFS_DIR}/etc/" +if [ -n "${PUBKEY_SSH_FIRST_USER}" ]; then + install -v -m 0700 -o 1000 -g 1000 -d "${ROOTFS_DIR}"/home/"${FIRST_USER_NAME}"/.ssh + echo "${PUBKEY_SSH_FIRST_USER}" >"${ROOTFS_DIR}"/home/"${FIRST_USER_NAME}"/.ssh/authorized_keys + chown 1000:1000 "${ROOTFS_DIR}"/home/"${FIRST_USER_NAME}"/.ssh/authorized_keys + chmod 0600 "${ROOTFS_DIR}"/home/"${FIRST_USER_NAME}"/.ssh/authorized_keys +fi + +if [ "${PUBKEY_ONLY_SSH}" = "1" ]; then + sed -i -Ee 's/^#?[[:blank:]]*PubkeyAuthentication[[:blank:]]*no[[:blank:]]*$/PubkeyAuthentication yes/ +s/^#?[[:blank:]]*PasswordAuthentication[[:blank:]]*yes[[:blank:]]*$/PasswordAuthentication no/' "${ROOTFS_DIR}"/etc/ssh/sshd_config +fi + on_chroot << EOF systemctl disable hwclock.sh systemctl disable nfs-common From d6ee1e5469184e0a88c22e6c8f5d209350a34723 Mon Sep 17 00:00:00 2001 From: andrum99 <58046090+andrum99@users.noreply.github.com> Date: Wed, 16 Sep 2020 20:46:56 +0100 Subject: [PATCH 09/15] Update README.md --- README.md | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index e7f224a..8b7f875 100644 --- a/README.md +++ b/README.md @@ -1,16 +1,16 @@ # pi-gen -_Tool used to create the raspberrypi.org Raspbian images_ +Tool used to create Raspberry Pi OS images. (Previously known as Raspbian). ## Dependencies -pi-gen runs on Debian based operating systems. Currently it is only supported on +pi-gen runs on Debian-based operating systems. Currently it is only supported on either Debian Buster or Ubuntu Xenial and is known to have issues building on earlier releases of these systems. On other Linux distributions it may be possible to use the Docker build described below. -To install the required dependencies for pi-gen you should run: +To install the required dependencies for `pi-gen` you should run: ```bash apt-get install coreutils quilt parted qemu-user-static debootstrap zerofree zip \ @@ -68,7 +68,7 @@ The following environment variables are supported: system for each build stage, amounting to tens of gigabytes in the case of Raspbian. - **CAUTION**: If your working directory is on an NTFS partition you probably won't be able to build. Make sure this is a proper Linux filesystem. + **CAUTION**: If your working directory is on an NTFS partition you probably won't be able to build: make sure this is a proper Linux filesystem. * `DEPLOY_DIR` (Default: `"$BASE_DIR/deploy"`) @@ -124,7 +124,7 @@ The following environment variables are supported: * `WPA_ESSID`, `WPA_PASSWORD` and `WPA_COUNTRY` (Default: unset) - If these are set, they are use to configure `wpa_supplicant.conf`, so that the Raspberry Pi can automatically connect to a wifi network on first boot. If `WPA_ESSID` is set and `WPA_PASSWORD` is unset an unprotected wifi network will be configured. If set, `WPA_PASSWORD` must be between 8 and 63 characters. + If these are set, they are use to configure `wpa_supplicant.conf`, so that the Raspberry Pi can automatically connect to a wireless network on first boot. If `WPA_ESSID` is set and `WPA_PASSWORD` is unset an unprotected wireless network will be configured. If set, `WPA_PASSWORD` must be between 8 and 63 characters. * `ENABLE_SSH` (Default: `0`) @@ -276,7 +276,7 @@ maintenance and allows for more easy customization. - **Stage 2** - lite system. This stage produces the Raspbian-Lite image. It installs some optimized memory functions, sets timezone and charmap - defaults, installs fake-hwclock and ntp, wifi and bluetooth support, + defaults, installs fake-hwclock and ntp, wireless LAN and bluetooth support, dphys-swapfile, and other basics for managing the hardware. It also creates necessary groups and gives the pi user access to sudo and the standard console hardware permission groups. From be8daaa7210d8a8df77792e7bcb3ec509d8e995e Mon Sep 17 00:00:00 2001 From: Raphael Nestler <raphael.nestler@gmail.com> Date: Fri, 18 Sep 2020 15:40:33 +0200 Subject: [PATCH 10/15] Only disable wifi if WPA_COUNTRY is not set (#416) * Only disable wifi if WPA_COUNTRY is not set * Use '-n' instead of '-v' to test if WPA_COUNTRY is set Apparently -v doesn't work in all shells. --- stage2/02-net-tweaks/01-run.sh | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/stage2/02-net-tweaks/01-run.sh b/stage2/02-net-tweaks/01-run.sh index 0929755..d82381b 100755 --- a/stage2/02-net-tweaks/01-run.sh +++ b/stage2/02-net-tweaks/01-run.sh @@ -25,7 +25,12 @@ network={ EOL fi -# Disable wifi on 5GHz models +# Disable wifi on 5GHz models if WPA_COUNTRY is not set mkdir -p "${ROOTFS_DIR}/var/lib/systemd/rfkill/" -echo 1 > "${ROOTFS_DIR}/var/lib/systemd/rfkill/platform-3f300000.mmcnr:wlan" -echo 1 > "${ROOTFS_DIR}/var/lib/systemd/rfkill/platform-fe300000.mmcnr:wlan" +if [ -n "$WPA_COUNTRY" ]; then + echo 0 > "${ROOTFS_DIR}/var/lib/systemd/rfkill/platform-3f300000.mmcnr:wlan" + echo 0 > "${ROOTFS_DIR}/var/lib/systemd/rfkill/platform-fe300000.mmcnr:wlan" +else + echo 1 > "${ROOTFS_DIR}/var/lib/systemd/rfkill/platform-3f300000.mmcnr:wlan" + echo 1 > "${ROOTFS_DIR}/var/lib/systemd/rfkill/platform-fe300000.mmcnr:wlan" +fi From d1596451b9d81c360c6cf89a10ed1c30e19e4e02 Mon Sep 17 00:00:00 2001 From: kdoren <kevind@avaya.com> Date: Wed, 23 Sep 2020 11:54:37 -0700 Subject: [PATCH 11/15] workaround build failure on AWS M6g instances (#449) --- export-image/prerun.sh | 28 ++++++++++++++++++++++++++-- export-noobs/prerun.sh | 28 ++++++++++++++++++++++++++-- 2 files changed, 52 insertions(+), 4 deletions(-) diff --git a/export-image/prerun.sh b/export-image/prerun.sh index 8bbc566..4b5cf8c 100755 --- a/export-image/prerun.sh +++ b/export-image/prerun.sh @@ -39,8 +39,32 @@ BOOT_LENGTH=$(echo "$PARTED_OUT" | grep -e '^1:' | cut -d':' -f 4 | tr -d B) ROOT_OFFSET=$(echo "$PARTED_OUT" | grep -e '^2:' | cut -d':' -f 2 | tr -d B) ROOT_LENGTH=$(echo "$PARTED_OUT" | grep -e '^2:' | cut -d':' -f 4 | tr -d B) -BOOT_DEV=$(losetup --show -f -o "${BOOT_OFFSET}" --sizelimit "${BOOT_LENGTH}" "${IMG_FILE}") -ROOT_DEV=$(losetup --show -f -o "${ROOT_OFFSET}" --sizelimit "${ROOT_LENGTH}" "${IMG_FILE}") +echo "Mounting BOOT_DEV..." +cnt=0 +until BOOT_DEV=$(losetup --show -f -o "${BOOT_OFFSET}" --sizelimit "${BOOT_LENGTH}" "${IMG_FILE}"); do + if [ $cnt -lt 5 ]; then + cnt=$((cnt + 1)) + echo "Error in losetup for BOOT_DEV. Retrying..." + sleep 5 + else + echo "ERROR: losetup for BOOT_DEV failed; exiting" + exit 1 + fi +done + +echo "Mounting ROOT_DEV..." +cnt=0 +until ROOT_DEV=$(losetup --show -f -o "${ROOT_OFFSET}" --sizelimit "${ROOT_LENGTH}" "${IMG_FILE}"); do + if [ $cnt -lt 5 ]; then + cnt=$((cnt + 1)) + echo "Error in losetup for ROOT_DEV. Retrying..." + sleep 5 + else + echo "ERROR: losetup for ROOT_DEV failed; exiting" + exit 1 + fi +done + echo "/boot: offset $BOOT_OFFSET, length $BOOT_LENGTH" echo "/: offset $ROOT_OFFSET, length $ROOT_LENGTH" diff --git a/export-noobs/prerun.sh b/export-noobs/prerun.sh index 54e0c59..c161ee6 100755 --- a/export-noobs/prerun.sh +++ b/export-noobs/prerun.sh @@ -16,8 +16,32 @@ BOOT_LENGTH=$(echo "$PARTED_OUT" | grep -e '^1:' | cut -d':' -f 4 | tr -d B) ROOT_OFFSET=$(echo "$PARTED_OUT" | grep -e '^2:' | cut -d':' -f 2 | tr -d B) ROOT_LENGTH=$(echo "$PARTED_OUT" | grep -e '^2:' | cut -d':' -f 4 | tr -d B) -BOOT_DEV=$(losetup --show -f -o "${BOOT_OFFSET}" --sizelimit "${BOOT_LENGTH}" "${IMG_FILE}") -ROOT_DEV=$(losetup --show -f -o "${ROOT_OFFSET}" --sizelimit "${ROOT_LENGTH}" "${IMG_FILE}") +echo "Mounting BOOT_DEV..." +cnt=0 +until BOOT_DEV=$(losetup --show -f -o "${BOOT_OFFSET}" --sizelimit "${BOOT_LENGTH}" "${IMG_FILE}"); do + if [ $cnt -lt 5 ]; then + cnt=$((cnt + 1)) + echo "Error in losetup for BOOT_DEV. Retrying..." + sleep 5 + else + echo "ERROR: losetup for BOOT_DEV failed; exiting" + exit 1 + fi +done + +echo "Mounting ROOT_DEV..." +cnt=0 +until ROOT_DEV=$(losetup --show -f -o "${ROOT_OFFSET}" --sizelimit "${ROOT_LENGTH}" "${IMG_FILE}"); do + if [ $cnt -lt 5 ]; then + cnt=$((cnt + 1)) + echo "Error in losetup for ROOT_DEV. Retrying..." + sleep 5 + else + echo "ERROR: losetup for ROOT_DEV failed; exiting" + exit 1 + fi +done + echo "/boot: offset $BOOT_OFFSET, length $BOOT_LENGTH" echo "/: offset $ROOT_OFFSET, length $ROOT_LENGTH" From dd96ca1c8629da6589b381546e2b7677c7611744 Mon Sep 17 00:00:00 2001 From: Ani <aniongithub@users.noreply.github.com> Date: Tue, 6 Oct 2020 02:58:18 -0700 Subject: [PATCH 12/15] Automagically use i386/debian:buster (#415) * Autmagically use 1386/debian:buster when running on 64-bit host to prevent error #271 --- Dockerfile | 3 ++- build-docker.sh | 12 +++++++++++- 2 files changed, 13 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index 2e53149..3d5874d 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,5 @@ -FROM debian:buster +ARG BASE_IMAGE=debian:buster +FROM ${BASE_IMAGE} ENV DEBIAN_FRONTEND noninteractive diff --git a/build-docker.sh b/build-docker.sh index b6a9ea3..350f722 100755 --- a/build-docker.sh +++ b/build-docker.sh @@ -73,7 +73,17 @@ fi # Modify original build-options to allow config file to be mounted in the docker container BUILD_OPTS="$(echo "${BUILD_OPTS:-}" | sed -E 's@\-c\s?([^ ]+)@-c /config@')" -${DOCKER} build -t pi-gen "${DIR}" +# Check the arch of the machine we're running on. If it's 64-bit, use a 32-bit base image instead +case "$(uname -m)" in + x86_64|aarch64) + BASE_IMAGE=i386/debian:buster + ;; + *) + BASE_IMAGE=debian:buster + ;; +esac +${DOCKER} build --build-arg BASE_IMAGE=${BASE_IMAGE} -t pi-gen "${DIR}" + if [ "${CONTAINER_EXISTS}" != "" ]; then trap 'echo "got CTRL+C... please wait 5s" && ${DOCKER} stop -t 5 ${CONTAINER_NAME}_cont' SIGINT SIGTERM time ${DOCKER} run --rm --privileged \ From 6c21cc1e4ddcf177b7bcf584e23cad734ea5d7e3 Mon Sep 17 00:00:00 2001 From: Serge Schneider <serge@raspberrypi.com> Date: Tue, 17 Nov 2020 15:13:18 +0000 Subject: [PATCH 13/15] stage4: add printing support --- stage4/05-print-support/00-packages | 2 ++ stage4/05-print-support/01-run.sh | 5 +++++ 2 files changed, 7 insertions(+) create mode 100644 stage4/05-print-support/00-packages create mode 100755 stage4/05-print-support/01-run.sh diff --git a/stage4/05-print-support/00-packages b/stage4/05-print-support/00-packages new file mode 100644 index 0000000..e9c36bd --- /dev/null +++ b/stage4/05-print-support/00-packages @@ -0,0 +1,2 @@ +cups +system-config-printer diff --git a/stage4/05-print-support/01-run.sh b/stage4/05-print-support/01-run.sh new file mode 100755 index 0000000..dc9e2b2 --- /dev/null +++ b/stage4/05-print-support/01-run.sh @@ -0,0 +1,5 @@ +#!/bin/bash -e + +on_chroot <<EOF +adduser "$FIRST_USER_NAME" lpadmin +EOF From 0f59f0085a6ae8a60abbb97e27f944281a1b425f Mon Sep 17 00:00:00 2001 From: Serge Schneider <serge@raspberrypi.com> Date: Tue, 17 Nov 2020 15:22:12 +0000 Subject: [PATCH 14/15] export-image: get apt lists from public repo --- export-image/01-set-sources/01-run.sh | 2 ++ export-image/04-finalise/01-run.sh | 1 - 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/export-image/01-set-sources/01-run.sh b/export-image/01-set-sources/01-run.sh index 86dea2d..5f51209 100755 --- a/export-image/01-set-sources/01-run.sh +++ b/export-image/01-set-sources/01-run.sh @@ -1,5 +1,7 @@ #!/bin/bash -e +rm -f "${ROOTFS_DIR}/etc/apt/apt.conf.d/51cache" +find "${ROOTFS_DIR}/var/lib/apt/lists/" -type f -delete on_chroot << EOF apt-get update apt-get -y dist-upgrade diff --git a/export-image/04-finalise/01-run.sh b/export-image/04-finalise/01-run.sh index 0864639..91264e5 100755 --- a/export-image/04-finalise/01-run.sh +++ b/export-image/04-finalise/01-run.sh @@ -16,7 +16,6 @@ if [ -d "${ROOTFS_DIR}/home/${FIRST_USER_NAME}/.config" ]; then chmod 700 "${ROOTFS_DIR}/home/${FIRST_USER_NAME}/.config" fi -rm -f "${ROOTFS_DIR}/etc/apt/apt.conf.d/51cache" rm -f "${ROOTFS_DIR}/usr/bin/qemu-arm-static" if [ "${USE_QEMU}" != "1" ]; then From cce27bd6f44a3b2e83855645986b3e21f771e852 Mon Sep 17 00:00:00 2001 From: Serge Schneider <serge@raspberrypi.com> Date: Fri, 27 Nov 2020 15:50:50 +0000 Subject: [PATCH 15/15] Update release notes --- .../00-release/files/release_notes.txt | 23 ++++++++++++++++++- 1 file changed, 22 insertions(+), 1 deletion(-) diff --git a/export-noobs/00-release/files/release_notes.txt b/export-noobs/00-release/files/release_notes.txt index 693eb49..be998d9 100644 --- a/export-noobs/00-release/files/release_notes.txt +++ b/export-noobs/00-release/files/release_notes.txt @@ -1,5 +1,26 @@ UNRELEASED: - * + * PulseAudio now included and running by default + * Bluealsa Bluetooth interface removed - Bluetooth audio is now handled by PulseAudio + * LXPanel volume control plugin replaced with PulseAudio version + * Version 84.0.4147.105 of Chromium web browser included + * Version 3.3.0 of Thonny included + * Version 32.0.0.453 of Flash player included - note that this will be the final release of Flash, as it is end-of-lifed at the end of 2020 + * CUPS printer system included, along with system-config-printer CUPS GUI and HP printer drivers + * raspi-config menu structure rearranged to match Raspberry Pi Configuration tabs + * Control for GPIO-connected fans added to raspi-config and Raspberry Pi Configuration + * Control for power / activity LED on Pi 400 and Pi Zero added to raspi-config and Raspberry Pi Configuration + * Improved screen reader voice prompts in several applications + * Added ctrl-alt-space shortcut to install Orca screen reader at any point + * Low voltage warnings added to battery monitor plugin + * Magnifier plugin zoom can now be changed with scroll wheel when pointer is over icon + * Change to notification popups - now will only close when clicked on directly, not by clicking anywhere + * Bookshelf now made compatible with translated versions of books and magazines, and will offer translated versions where available, based on system language setting + * Bug fix - crash in CPU temperature plugin when throttling detection fails + * Bug fix - if Orca is running, shutdown commands and shutdown dialog will force kill it to prevent it locking up the reboot or shutdown process + * Various additional language translations added + * Various minor bug fixes and UI tweaks + * Raspberry Pi firmware b324aea801f669b6ab18441f970e74a5a7346684 + * Linux kernel 5.4.79 2020-08-20: * raspi-config - added selection of boot device order * raspi-config - added selection of boot EEPROM version