Merge branch 'rootfs' into 'master'

rootfs subdirectory

See merge request raspi-team/image-specs!12

rootfs/boot/firmware/sysconf.txt

@@ -0,0 +1,35 @@
+# This file will be automatically evaluated and installed at next boot
+# time, and regenerated (to avoid leaking passwords and such information).
+#
+# To force it to be evaluated immediately, you can run (as root):
+#
+#     /usr/sbin/rpi-set-sysconf
+#
+# You can disable the file evaluation by disabling the rpi-set-sysconf
+# service in systemd:
+#
+#     systemctl disable rpi-set-sysconf
+#
+# Comments (all portions of a line following a '#' character) are
+# ignored. This file is read line by line. Valid
+# configuration lines are of the form 'key=value'. Whitespace around
+# 'key' and 'value' is ignored. This file will be _regenerated_ every
+# time it is evaluated.
+#
+# We follow the convention to indent with one space comments, and
+# leave no space to indicate the line is an example that could be
+# uncommented.
+
+# root_pw - Set a password for the root user (by default, it allows
+# for a passwordless login)
+#root_pw=FooBar
+
+# root_authorized_key - Set an authorized key for a root ssh login
+#root_authorized_key=
+
+# hostname - Set the system hostname.
+#hostname=rpi
+
+# We found the following unhandled keys - That means, the
+# configuration script does not know how to handle them. Please
+# double-check them!

rootfs/etc/fstab

@@ -0,0 +1,5 @@
+# The root file system has fs_passno=1 as per fstab(5) for automatic fsck.
+LABEL=RASPIROOT / ext4 rw 0 1
+# All other file systems have fs_passno=2 as per fstab(5) for automatic fsck.
+LABEL=RASPIFIRM /boot/firmware vfat rw 0 2
+proc /proc proc defaults 0 0

rootfs/etc/network/interfaces.d/eth0

@@ -0,0 +1,7 @@
+auto eth0
+
+# TODO: switch back to iptables-persistent once it re-enters testing
+iface eth0 inet dhcp
+# We don't currently support setup of firewalls here.
+#	pre-up iptables-restore < /etc/iptables/rules.v4 || true
+#	pre-up ip6tables-restore < /etc/iptables/rules.v6 || ture

rootfs/etc/systemd/system/rpi-generate-ssh-host-keys.service

@@ -0,0 +1,10 @@
+[Unit]
+Description=generate SSH host keys
+ConditionPathExistsGlob=!/etc/ssh/ssh_host_*_key
+
+[Service]
+Type=oneshot
+ExecStart=/usr/sbin/dpkg-reconfigure -fnoninteractive openssh-server
+
+[Install]
+RequiredBy=multi-user.target

rootfs/etc/systemd/system/rpi-resizerootfs.service

@@ -0,0 +1,13 @@
+[Unit]
+Description=resize root file system
+Before=local-fs-pre.target
+DefaultDependencies=no
+
+[Service]
+Type=oneshot
+TimeoutSec=infinity
+ExecStart=/usr/sbin/rpi-resizerootfs
+ExecStart=/bin/systemctl --no-reload disable %n
+
+[Install]
+RequiredBy=local-fs-pre.target

rootfs/etc/systemd/system/rpi-set-sysconf.service

@@ -0,0 +1,9 @@
+[Unit]
+Description=Set up system configuration
+
+[Service]
+Type=oneshot
+ExecStart=/usr/local/sbin/rpi-set-sysconf
+
+[Install]
+RequiredBy=basic.target

rootfs/usr/local/sbin/rpi-set-sysconf

@@ -0,0 +1,157 @@
+#!/usr/bin/perl
+use strict;
+use warnings;
+use IO::File;
+use IO::Pipe;
+use feature 'switch';
+
+my ($filename, $conf);
+
+$filename = '/boot/firmware/sysconf.txt';
+
+logger('info', "Reading the system configuration settings from $filename");
+$conf = read_conf($filename);
+
+if (my $pass = delete($conf->{root_pw})) {
+    my $pipe;
+    logger('debug', 'Resetting root password');
+    unless (open($pipe, '|-', '/usr/sbin/chpasswd')) {
+	my $err = $!;
+	logger('error', "Could not run chpasswd: $err");
+	die $err;
+    }
+    $pipe->print("root:$pass");
+    close($pipe);
+}
+
+if (my $root_authorized_key = delete($conf->{root_authorized_key})) {
+    my $fh;
+    logger('debug', "Adding key to root's authorized_keys");
+    if(! -d "/root/.ssh") {
+        if(!mkdir("/root/.ssh", 0700)) {
+            my $err = sprintf("Could not create /root/.ssh directory: %s", $!);
+            logger('error', $err);
+            die $err;
+        }
+    }
+
+    unless ($fh = IO::File->new('/root/.ssh/authorized_keys', 'w', 0600)) {
+        my $err = $!;
+        logger('error', "Could not write /root/.ssh/authorized_keys: $err");
+        die $err;
+    }
+    $fh->print($root_authorized_key);
+    $fh->close;
+}
+
+if (my $name = delete($conf->{hostname})) {
+    my $fh;
+    logger('debug', "Setting hostname to '$name'");
+    unless ($fh = IO::File->new('/etc/hostname', 'w')) {
+	my $err = $!;
+	logger('error', "Could not write hostname '$name': $err");
+	die $err;
+    }
+    $fh->print($name);
+    $fh->close;
+    system('hostname', '--file', '/etc/hostname');
+}
+
+rewrite_conf_file($filename, $conf);
+
+exit 0;
+
+sub read_conf {
+    my ($file, $conf, $fh);
+    $file = shift;
+
+    $conf = {};
+    unless ($fh = IO::File->new($filename, 'r')) {
+	my $err = $!;
+	logger('error', "Could not read from configuration file '$filename': $err");
+	# Not finding the config file is not fatal: there is just
+	# nothing to configure!
+	return $conf;
+    }
+    while (my $line = $fh->getline) {
+	my ($key, $value);
+	# Allow for comments, and properly ignore them
+	$line =~ s/#.+//;
+	if ( ($key, $value) = ($line =~ m/^\s*([^=]+)\s*=\s*(.*)\s*$/)) {
+	    $key = lc($key);
+	    if (exists($conf->{$key})) {
+		logger('warn',
+		       "Repeated configuration key: $key. " .
+		       "Overwriting with new value ($value)");
+	    }
+	    $conf->{$key} = $value;
+	}
+    }
+    $fh->close;
+
+    return $conf;
+}
+
+sub logger {
+    my ($prio, $msg) = @_;
+    system('logger', '-p', "daemon.$prio",
+	   '-t', 'rpi-set-sysconf', $msg);
+}
+
+sub rewrite_conf_file {
+    my ($filename, $conf) = @_;
+    my $fh;
+    unless ($fh = IO::File->new($filename, 'w')) {
+	my $err = $!;
+	logger('error', "Could not write to configuration file '$filename': $err");
+	die $err;
+    }
+    $fh->print(
+q(# This file will be automatically evaluated and installed at next boot
+# time, and regenerated (to avoid leaking passwords and such information).
+#
+# To force it to be evaluated immediately, you can run (as root):
+#
+#     /usr/sbin/rpi-set-sysconf
+#
+# You can disable the file evaluation by disabling the rpi-set-sysconf
+# service in systemd:
+#
+#     systemctl disable rpi-set-sysconf
+#
+# Comments (all portions of a line following a '#' character) are
+# ignored. This file is read line by line. Valid
+# configuration lines are of the form 'key=value'. Whitespace around
+# 'key' and 'value' is ignored. This file will be _regenerated_ every
+# time it is evaluated.
+#
+# We follow the convention to indent with one space comments, and
+# leave no space to indicate the line is an example that could be
+# uncommented.
+
+# root_pw - Set a password for the root user (by default, it allows
+# for a passwordless login)
+#root_pw=FooBar
+
+# root_authorized_key - Set an authorized key for a root ssh login
+#root_authorized_key=
+
+# hostname - Set the system hostname.
+#hostname=rpi
+));
+
+    if (scalar keys %$conf) {
+	logger('warn', 'Unprocessed keys left in $filename: ' .
+	       join(', ', sort keys %$conf));
+	$fh->print(
+q(
+# We found the following unhandled keys - That means, the
+# configuration script does not know how to handle them. Please
+# double-check them!
+));
+	$fh->print(join('', map {sprintf("%s=%s\n", $_, $conf->{$_})} sort keys %$conf));
+    }
+    $fh->close;
+}
+
+

rootfs/usr/sbin/rpi-resizerootfs

@@ -0,0 +1,22 @@
+#!/bin/sh
+
+rootpart="$(findmnt -n -o SOURCE /)"
+rootdev="/dev/$(lsblk -no pkname "$rootpart")"
+
+flock $rootdev sfdisk -f $rootdev -N 2 <<EOF
+,+
+EOF
+
+sleep 5
+
+udevadm settle
+
+sleep 5
+
+flock $rootdev partprobe $rootdev
+
+mount -o remount,rw $rootpart
+
+resize2fs $rootpart
+
+exit 0