Last active
April 28, 2023 10:20
-
-
Save olavmrk/a0367b0b2b759dfcba02 to your computer and use it in GitHub Desktop.
Create Debian Jessie squashfs & initramfs image
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
set -e | |
WORK_DIR="$(mktemp --directory --tmpdir build-root.XXXXXXXX)" | |
trap 'rm -rf "${WORK_DIR}"' EXIT | |
if [ -f rootcache.tar.gz ]; then | |
tar --extract --numeric-owner --gzip --file rootcache.tar.gz --directory "${WORK_DIR}" | |
else | |
debootstrap --variant=minbase --include=linux-image-amd64,ifupdown,isc-dhcp-client,openssh-server,less,nano,python,lvm2,debootstrap jessie "${WORK_DIR}" http://httpredir.debian.org/debian | |
tar --create --numeric-owner --gzip --file rootcache.tar.gz --directory "${WORK_DIR}" . | |
fi | |
# Clean up file with misleading information from host | |
rm "${WORK_DIR}/etc/hostname" | |
# Disable installation of recommended packages | |
echo 'APT::Install-Recommends "false";' >"${WORK_DIR}/etc/apt/apt.conf.d/50norecommends" | |
# Configure networking | |
cat >>"${WORK_DIR}/etc/network/interfaces" <<'EOF' | |
auto lo | |
iface lo inet loopback | |
auto eth0 | |
iface eth0 inet dhcp | |
EOF | |
cat >>"${WORK_DIR}/etc/resolv.conf" <<'EOF' | |
nameserver 8.8.8.8 | |
nameserver 8.8.4.4 | |
EOF | |
# Set up initramfs for booting with squashfs+aufs | |
cat >> "${WORK_DIR}/etc/initramfs-tools/modules" <<'EOF' | |
squashfs | |
aufs | |
EOF | |
cat >"${WORK_DIR}/etc/initramfs-tools/scripts/init-bottom/aufs" <<'EOF' | |
#!/bin/sh -e | |
case $1 in | |
prereqs) | |
exit 0 | |
;; | |
esac | |
mkdir /ro | |
mkdir /rw | |
mount -n -o mode=0755 -t tmpfs root-rw /rw | |
mount -n -o move ${rootmnt} /ro | |
mount -n -o dirs=/rw:/ro=ro -t aufs root-aufs ${rootmnt} | |
mkdir ${rootmnt}/ro | |
mkdir ${rootmnt}/rw | |
mount -n -o move /ro ${rootmnt}/ro | |
mount -n -o move /rw ${rootmnt}/rw | |
EOF | |
chmod +x "${WORK_DIR}/etc/initramfs-tools/scripts/init-bottom/aufs" | |
chroot "${WORK_DIR}" update-initramfs -u | |
# Implement insecurity | |
chroot "${WORK_DIR}" passwd -d root # remove password on root account | |
sed -i 's/pam_unix.so nullok_secure/pam_unix.so nullok/' "${WORK_DIR}/etc/pam.d/common-auth" | |
sed -i 's/PermitRootLogin without-password/PermitRootLogin yes/' "${WORK_DIR}/etc/ssh/sshd_config" | |
sed -i 's/PermitEmptyPasswords no/PermitEmptyPasswords yes/' "${WORK_DIR}/etc/ssh/sshd_config" | |
# Clean up temporary files | |
rm -rf "${WORK_DIR}"/var/cache/apt/* | |
# Build the root filesystem image, and extract the accompanying kernel and initramfs | |
mksquashfs "${WORK_DIR}" br.sqashfs.new -noappend; mv br.sqashfs.new br.sqashfs | |
cp -p "${WORK_DIR}/boot"/vmlinuz-* br.vmlinuz.new; mv br.vmlinuz.new br.vmlinuz | |
cp -p "${WORK_DIR}/boot"/initrd.img-* br.initrd.new; mv br.initrd.new br.initrd |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment