From c719221f3056c4a90d73746650a78fa9bdace7fa Mon Sep 17 00:00:00 2001 From: Benjamin Braatz Date: Wed, 13 Apr 2022 04:50:58 +0200 Subject: [PATCH] Latest process. --- .gitignore | 1 + README | 179 -------------------- boot/config.txt | 14 ++ doc/index.md | 132 +++++++++++++++ etc/modules-load.d/i2c.conf | 1 + etc/ssh/sshd_config.d/NoRootNoPassword.conf | 2 + etc/systemd/resolved.conf.d/NoNegCache.conf | 2 + home/pi/resize-fs.sh | 4 + 8 files changed, 156 insertions(+), 179 deletions(-) create mode 100644 .gitignore delete mode 100644 README create mode 100644 boot/config.txt create mode 100644 doc/index.md create mode 100644 etc/modules-load.d/i2c.conf create mode 100644 etc/ssh/sshd_config.d/NoRootNoPassword.conf create mode 100644 etc/systemd/resolved.conf.d/NoNegCache.conf create mode 100755 home/pi/resize-fs.sh diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..7538c78 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +home/pi/.ssh/authorized_keys diff --git a/README b/README deleted file mode 100644 index 7399221..0000000 --- a/README +++ /dev/null @@ -1,179 +0,0 @@ -Install statically linked qemu to allow chroot to ARM: -$ aur sync --chroot qemu-arm-static -$ sudo pacman -Sy -$ sudo pacman -S qemu-arm-static - -Get and unpack Arch Linux ARM for Pi 2/3: -$ cd /tmp -$ wget http://archlinuxarm.org/os/ArchLinuxARM-rpi-2-latest.tar.gz -$ sudo mkdir controlpi -$ sudo mount -t tmpfs none controlpi/ -$ sudo tar -xpf ArchLinuxARM-rpi-2-latest.tar.gz -C controlpi/ - -First upgrade: -$ TERM=xterm sudo arch-chroot controlpi/ -# pacman-key --init -# pacman-key --populate archlinuxarm -# pacman -Syu - -Package management until: -# pacman -Q --explicit -base -binutils -fakeroot -gcc -git -linux-rpi -make -openssh -pacman-contrib -parted -python -raspberrypi-bootloader-x -raspberrypi-firmware -sudo -vim -# pacman -Q --deps --unrequired --unrequired -Nothing - -Clean up /etc/systemd/system/: -# rm /etc/systemd/system/multi-user.target.wants/remote-fs.target -# rm /etc/systemd/system/sysinit.target.wants/haveged.service - -Clean up /var/log: -# rm -r /var/log/journal # Makes journal volatile -# rm /var/log/lastlog - -Change timezone to Europe/Berlin: -# ln -s /usr/share/zoneinfo/Europe/Berlin /etc/localtime - -Rename standard user: -# mv /home/alarm /home/pi -# sed -i 's/alarm/pi/g' /etc/passwd /etc/shadow /etc/group /etc/gshadow - -Change passwords to well-known password: -# passwd -# passwd pi - -Enable sudo for standard user (all in group 'wheel'): -# echo '%wheel ALL=(ALL) NOPASSWD: ALL' > /etc/sudoers.d/wheel -# chmod o-r etc/sudoers.d/wheel - -Safe settings for sshd: -# sed -i 's/#PermitRootLogin prohibit-password/PermitRootLogin no/g' /etc/ssh/sshd_config -# sed -i 's/#PasswordAuthentication yes/PasswordAuthentication no/g' /etc/ssh/sshd_config - -Install ssh keys: -# su - pi -$ mkdir .ssh -Put accompanying authorized_keys file in /home/pi/.ssh/authorized_keys. -$ chmod -R go-rx .ssh/ -$ exit - -Script for resizing to full SD card: -# su - pi -$ cat << EOF > resize-fs.sh -#!/bin/sh -sudo parted /dev/mmcblk0 resizepart 2 100% -sudo partprobe /dev/mmcblk0 -sudo resize2fs /dev/mmcblk0p2 -EOF -$ chmod +x resize-fs.sh -$ exit - -Enable I2C: -# echo 'dtparam=i2c_arm=on' >> /boot/config.txt -# echo 'i2c-dev' >> /etc/modules-load.d/raspberrypi.conf - -Install pigpio from the AUR: -# su - pi -$ git clone https://aur.archlinux.org/pigpio.git -$ cd pigpio/ -$ makepkg -s -$ exit -# pacman -U /home/pi/pigpio/pigpio-XX-X-armv7h.pkg.tar.xz -# ln -s /usr/lib/systemd/system/pigpiod.service /etc/systemd/system/multi-user.target.wants/ -# mkdir /etc/systemd/system/pigpiod.service.d -# cat << EOF > /etc/systemd/system/pigpiod.service.d/override.conf -[Service] -ExecStart= -ExecStart=/usr/bin/pigpiod -l -EOF - -Clear package cache: -# paccache -rk0 - -Install ControlPi system: -# su - pi -$ python -m venv controlpi-venv -$ source controlpi-venv/bin/activate -$ pip install -U pip setuptools wheel -$ pip install git+git://git.graph-it.com/graphit/controlpi.git -$ pip install git+git://git.graph-it.com/graphit/controlpi-pinio.git -$ pip install git+git://git.graph-it.com/graphit/controlpi-modbus.git -$ pip install git+git://git.graph-it.com/graphit/controlpi-wsclient.git -$ pip install git+git://git.graph-it.com/graphit/controlpi-wsserver.git -$ pip install git+git://git.graph-it.com/graphit/controlpi-statemachine.git -$ exit -# cat << EOF > /etc/systemd/system/controlpi.service -[Unit] -Description=ControlPi Service -Wants=network-online.target -After=network-online.target -After=pigpiod.service -StartLimitIntervalSec=300 -StartLimitBurst=5 - -[Service] -WorkingDirectory=/home/pi -Environment=PYTHONUNBUFFERED=1 -ExecStart=/home/pi/controlpi-venv/bin/python -m controlpi conf.json -Restart=on-failure -RestartSec=5 - -[Install] -WantedBy=multi-user.target -EOF -# ln -s /etc/systemd/system/controlpi.service /etc/systemd/system/multi-user.target.wants/ - -Change hostname to 'pi': -# sed -i 's/alarmpi/pi/g' /etc/hostname - -Create -specific conf.json -# su - pi -$ cat << EOF > conf.json -{ - "Pi-Master": { - "plugin": "WSClient", - "url": "ws://graph.example.com:8080", - "interface": "eth0", - "up filter": [ ], - "down filter": [ { "target": { "const": "" } } ] - } -} -EOF -$ exit - -Exit chroot and build archive: -# exit -$ sudo tar -czf pi.tar.gz -C controlpi/ . - -Create image: -$ fallocate -l 2G 20YY-MM-DD-pi-arch-controlpi.img -$ sudo losetup --find --show 20YY-MM-DD-pi-arch-controlpi.img -$ sudo parted --script /dev/loop0 mklabel msdos -$ sudo parted --script /dev/loop0 mkpart primary fat32 0% 100M -$ sudo parted --script /dev/loop0 mkpart primary ext4 100M 100% -$ sudo mkfs.vfat -F32 /dev/loop0p1 -$ sudo mkfs.ext4 -F /dev/loop0p2 -$ sudo mount /dev/loop0p2 /mnt -$ sudo mkdir /mnt/boot -$ sudo mount /dev/loop0p1 /mnt/boot -$ sudo tar -xpf pi.tar.gz -C /mnt/ -$ sudo umount /mnt/boot -$ sudo umount /mnt -$ sudo losetup --detach /dev/loop0 -$ scp 20YY-MM-DD-pi-arch-controlpi.img root@graph-de-screwerk-com.castle:sdimages/ - -Flash image to SD card: -$ sudo dd if=20YY-MM-DD-pi-arch-controlpi.img of=/dev/mmcblk0 bs=1M diff --git a/boot/config.txt b/boot/config.txt new file mode 100644 index 0000000..4c419ad --- /dev/null +++ b/boot/config.txt @@ -0,0 +1,14 @@ +# See /boot/overlays/README for all available options + +dtoverlay=vc4-kms-v3d +initramfs initramfs-linux.img followkernel + +# Uncomment to enable bluetooth +#dtparam=krnbt=on + +# Enable I2C bus: +dtparam=i2c_arm=on + +[pi4] +# Run as fast as firmware / board allows +arm_boost=1 diff --git a/doc/index.md b/doc/index.md new file mode 100644 index 0000000..faddb2b --- /dev/null +++ b/doc/index.md @@ -0,0 +1,132 @@ +# Erstellen eines ControlPi-Images + +## Voraussetzungen +Die Pakete `binfmt-qemu-static` und `qemu-user-static` werden für das +chroot in das Raspberry-Pi-System benötigt. + +## Installation des Grundsystems +Herunterladen und in temporäres Dateisystem entpacken: +```console +$ cd /tmp +$ wget http://archlinuxarm.org/os/ArchLinuxARM-rpi-armv7-latest.tar.gz +$ sudo mkdir controlpi +$ sudo mount -t tmpfs none controlpi/ +$ sudo tar -xpf ArchLinuxARM-rpi-armv7-latest.tar.gz -C controlpi/ +``` + +In chroot wechseln und erstes Upgrade: +```console +$ TERM=xterm sudo arch-chroot controlpi/ +# pacman-key --init +# pacman-key --populate archlinuxarm +# pacman -Syu +``` + +Pakete entfernen und hinzufügen bis folgendes Minimalsystem erreicht ist: +```console +# pacman -Q --deps --unrequired --unrequired +# pacman -Q --explicit +base +fakeroot +gcc +git +i2c-tools +linux-rpi +make +openssh +pacman-contrib +parted +python +raspberrypi-bootloader-x +raspberrypi-firmware +sudo +vim +``` + +Das Journal soll nicht auf der SD-Karte gespeichert werden: +```console +# rm -r /var/log/journal /var/log/lastlog +``` + +Standard-Benutzer von `alarm` zu `pi` umbenennen und Passwörter vergeben: +```console +# mv /home/alarm /home/pi +# sed -i 's/alarm/pi/g' /etc/passwd /etc/shadow /etc/group /etc/gshadow +# passwd +# passwd pi +``` + +## Installation von pigpio +Bauen des Paketes als Benutzer: +```console +# su - pi +$ git clone https://aur.archlinux.org/pigpio.git +$ cd pigpio/ +$ makepkg -s +$ exit +``` + +Installation des gebauten Pakets: +```console +# pacman -U /home/pi/pigpio/pigpio-XX-X-armv7h.pkg.tar.xz +``` + +Paket-Cache leeren: +```console +# paccache -rk0 +``` + +## Installation des ControlPi-Systems: +Python-Virtual-Environment unter `pi`-Benutzer einrichten: +```console +# su - pi +$ python -m venv controlpi-venv +$ source controlpi-venv/bin/activate +$ pip install -U pip setuptools wheel +``` + +ControlPi-Pakete installieren: +```console +$ pip install git+git://git.graph-it.com/graphit/controlpi.git +$ pip install git+git://git.graph-it.com/graphit/controlpi-pinio.git +$ pip install git+git://git.graph-it.com/graphit/controlpi-modbus.git +$ pip install git+git://git.graph-it.com/graphit/controlpi-wsclient.git +$ pip install git+git://git.graph-it.com/graphit/controlpi-wsserver.git +$ pip install git+git://git.graph-it.com/graphit/controlpi-statemachine.git +$ exit +``` + +## Konfiguration aus git-Repository aufspielen +Von außerhalb des chroot: +```console +$ sudo rsync -rlp etc /tmp/controlpi/ +$ sudo rsync -rlp boot /tmp/controlpi/ +$ rsync -rlp home/pi /tmp/controlpi/home/ +``` + +Innerhalb des chroot eventuell Berechtigungen und Eigentürmer reparieren: +```console +# chmod o-r /etc/sudoers.d/wheel +$ chmod -R go-rx .ssh/ +``` + +## Image erstellen und aufspielen +Von außerhalb des chroot: +```console +$ sudo tar -czf contolpi.tar.gz -C controlpi/ . +$ fallocate -l 4G 20YY-MM-DD-controlpi-arch.img +$ sudo losetup --find --show 20YY-MM-DD-controlpi-arch.img +$ sudo parted --script /dev/loop0 mklabel msdos +$ sudo parted --script /dev/loop0 mkpart primary fat32 0% 100M +$ sudo parted --script /dev/loop0 mkpart primary ext4 100M 100% +$ sudo mkfs.vfat -F32 /dev/loop0p1 +$ sudo mkfs.ext4 -F /dev/loop0p2 +$ sudo mount /dev/loop0p2 /mnt +$ sudo mkdir /mnt/boot +$ sudo mount /dev/loop0p1 /mnt/boot +$ sudo tar -xpf controlpi.tar.gz -C /mnt/ +$ sudo umount /mnt/boot +$ sudo umount /mnt +$ sudo losetup --detach /dev/loop0 +$ sudo dd if=20YY-MM-DD-controlpi-arch.img of=/dev/mmcblk0 bs=1M +``` diff --git a/etc/modules-load.d/i2c.conf b/etc/modules-load.d/i2c.conf new file mode 100644 index 0000000..0cdf71f --- /dev/null +++ b/etc/modules-load.d/i2c.conf @@ -0,0 +1 @@ +i2c-dev diff --git a/etc/ssh/sshd_config.d/NoRootNoPassword.conf b/etc/ssh/sshd_config.d/NoRootNoPassword.conf new file mode 100644 index 0000000..d3b3049 --- /dev/null +++ b/etc/ssh/sshd_config.d/NoRootNoPassword.conf @@ -0,0 +1,2 @@ +PermitRootLogin no +PasswordAuthentication no diff --git a/etc/systemd/resolved.conf.d/NoNegCache.conf b/etc/systemd/resolved.conf.d/NoNegCache.conf new file mode 100644 index 0000000..4284468 --- /dev/null +++ b/etc/systemd/resolved.conf.d/NoNegCache.conf @@ -0,0 +1,2 @@ +[Resolve] +Cache=no-negative diff --git a/home/pi/resize-fs.sh b/home/pi/resize-fs.sh new file mode 100755 index 0000000..cb792a6 --- /dev/null +++ b/home/pi/resize-fs.sh @@ -0,0 +1,4 @@ +#!/bin/sh +sudo parted /dev/mmcblk0 resizepart 2 100% +sudo partprobe /dev/mmcblk0 +sudo resize2fs /dev/mmcblk0p2 -- 2.34.1