olavmrk · April 28, 2023 10:20
diff --git a/build-root.sh b/build-root.sh
 #!/bin/bash
 set -e

 WORK_DIR="$(mktemp --directory --tmpdir build-root.XXXXXXXX)"
 trap 'rm -rf "${WORK_DIR}"' EXIT

 if [ -f rootcache.tar.gz ]; then
    tar --extract --numeric-owner --gzip --file rootcache.tar.gz --directory "${WORK_DIR}" 
 else
    debootstrap --variant=minbase --include=linux-image-amd64,ifupdown,isc-dhcp-client,openssh-server,less,nano,python,lvm2,debootstrap jessie "${WORK_DIR}" http://httpredir.debian.org/debian
    tar --create --numeric-owner --gzip --file rootcache.tar.gz --directory "${WORK_DIR}" .
 fi


 # Clean up file with misleading information from host
 rm "${WORK_DIR}/etc/hostname"

 # Disable installation of recommended packages
 echo 'APT::Install-Recommends "false";' >"${WORK_DIR}/etc/apt/apt.conf.d/50norecommends"

 # Configure networking
 cat >>"${WORK_DIR}/etc/network/interfaces" <<'EOF'
 auto lo
 iface lo inet loopback
 auto eth0
 iface eth0 inet dhcp
 EOF
 cat >>"${WORK_DIR}/etc/resolv.conf" <<'EOF'
 nameserver 8.8.8.8
 nameserver 8.8.4.4
 EOF


 # Set up initramfs for booting with squashfs+aufs
 cat >> "${WORK_DIR}/etc/initramfs-tools/modules" <<'EOF'
 squashfs
 aufs
 EOF
 cat >"${WORK_DIR}/etc/initramfs-tools/scripts/init-bottom/aufs" <<'EOF'
 #!/bin/sh -e
 case $1 in
  prereqs)
    exit 0
    ;;
 esac
 mkdir /ro
 mkdir /rw
 mount -n -o mode=0755 -t tmpfs root-rw /rw
 mount -n -o move ${rootmnt} /ro
 mount -n -o dirs=/rw:/ro=ro -t aufs root-aufs ${rootmnt}
 mkdir ${rootmnt}/ro
 mkdir ${rootmnt}/rw
 mount -n -o move /ro ${rootmnt}/ro
 mount -n -o move /rw ${rootmnt}/rw
 EOF
 chmod +x "${WORK_DIR}/etc/initramfs-tools/scripts/init-bottom/aufs"
 chroot "${WORK_DIR}" update-initramfs -u


 # Implement insecurity
 chroot "${WORK_DIR}" passwd -d root # remove password on root account
 sed -i 's/pam_unix.so nullok_secure/pam_unix.so nullok/' "${WORK_DIR}/etc/pam.d/common-auth"
 sed -i 's/PermitRootLogin without-password/PermitRootLogin yes/' "${WORK_DIR}/etc/ssh/sshd_config"
 sed -i 's/PermitEmptyPasswords no/PermitEmptyPasswords yes/' "${WORK_DIR}/etc/ssh/sshd_config"


 # Clean up temporary files
 rm -rf "${WORK_DIR}"/var/cache/apt/*


 # Build the root filesystem image, and extract the accompanying kernel and initramfs
 mksquashfs "${WORK_DIR}" br.sqashfs.new -noappend; mv br.sqashfs.new br.sqashfs
 cp -p "${WORK_DIR}/boot"/vmlinuz-* br.vmlinuz.new; mv br.vmlinuz.new br.vmlinuz
 cp -p "${WORK_DIR}/boot"/initrd.img-* br.initrd.new; mv br.initrd.new br.initrd
	#!/bin/bash
	set -e

	WORK_DIR="$(mktemp --directory --tmpdir build-root.XXXXXXXX)"
	trap 'rm -rf "${WORK_DIR}"' EXIT

	if [ -f rootcache.tar.gz ]; then
	tar --extract --numeric-owner --gzip --file rootcache.tar.gz --directory "${WORK_DIR}"
	else
	debootstrap --variant=minbase --include=linux-image-amd64,ifupdown,isc-dhcp-client,openssh-server,less,nano,python,lvm2,debootstrap jessie "${WORK_DIR}" http://httpredir.debian.org/debian
	tar --create --numeric-owner --gzip --file rootcache.tar.gz --directory "${WORK_DIR}" .
	fi


	# Clean up file with misleading information from host
	rm "${WORK_DIR}/etc/hostname"

	# Disable installation of recommended packages
	echo 'APT::Install-Recommends "false";' >"${WORK_DIR}/etc/apt/apt.conf.d/50norecommends"

	# Configure networking
	cat >>"${WORK_DIR}/etc/network/interfaces" <<'EOF'
	auto lo
	iface lo inet loopback
	auto eth0
	iface eth0 inet dhcp
	EOF
	cat >>"${WORK_DIR}/etc/resolv.conf" <<'EOF'
	nameserver 8.8.8.8
	nameserver 8.8.4.4
	EOF


	# Set up initramfs for booting with squashfs+aufs
	cat >> "${WORK_DIR}/etc/initramfs-tools/modules" <<'EOF'
	squashfs
	aufs
	EOF
	cat >"${WORK_DIR}/etc/initramfs-tools/scripts/init-bottom/aufs" <<'EOF'
	#!/bin/sh -e
	case $1 in
	prereqs)
	exit 0
	;;
	esac
	mkdir /ro
	mkdir /rw
	mount -n -o mode=0755 -t tmpfs root-rw /rw
	mount -n -o move ${rootmnt} /ro
	mount -n -o dirs=/rw:/ro=ro -t aufs root-aufs ${rootmnt}
	mkdir ${rootmnt}/ro
	mkdir ${rootmnt}/rw
	mount -n -o move /ro ${rootmnt}/ro
	mount -n -o move /rw ${rootmnt}/rw
	EOF
	chmod +x "${WORK_DIR}/etc/initramfs-tools/scripts/init-bottom/aufs"
	chroot "${WORK_DIR}" update-initramfs -u


	# Implement insecurity
	chroot "${WORK_DIR}" passwd -d root # remove password on root account
	sed -i 's/pam_unix.so nullok_secure/pam_unix.so nullok/' "${WORK_DIR}/etc/pam.d/common-auth"
	sed -i 's/PermitRootLogin without-password/PermitRootLogin yes/' "${WORK_DIR}/etc/ssh/sshd_config"
	sed -i 's/PermitEmptyPasswords no/PermitEmptyPasswords yes/' "${WORK_DIR}/etc/ssh/sshd_config"


	# Clean up temporary files
	rm -rf "${WORK_DIR}"/var/cache/apt/*


	# Build the root filesystem image, and extract the accompanying kernel and initramfs
	mksquashfs "${WORK_DIR}" br.sqashfs.new -noappend; mv br.sqashfs.new br.sqashfs
	cp -p "${WORK_DIR}/boot"/vmlinuz-* br.vmlinuz.new; mv br.vmlinuz.new br.vmlinuz
	cp -p "${WORK_DIR}/boot"/initrd.img-* br.initrd.new; mv br.initrd.new br.initrd