raspiblitz/build_sdcard.sh

800 lines
29 KiB
Bash
Raw Normal View History

2018-08-06 01:03:17 +02:00
#!/bin/bash
2019-01-27 11:03:07 +01:00
#########################################################################
# Build your SD card image based on:
2020-06-01 20:06:42 +02:00
# Raspbian Buster Desktop (2020-05-27)
2019-01-30 13:16:25 +01:00
# https://www.raspberrypi.org/downloads/raspbian/
2020-06-01 20:06:42 +02:00
# SHA256: b9a5c5321b3145e605b3bcd297ca9ffc350ecb1844880afd8fb75a7589b7bd04
2019-01-27 11:03:07 +01:00
##########################################################################
2019-06-04 11:01:52 +02:00
# setup fresh SD card with image above - login per SSH and run this script:
2019-01-27 11:03:07 +01:00
##########################################################################
2018-08-06 11:46:22 +02:00
echo ""
2018-12-10 00:50:50 +01:00
echo "*****************************************"
2020-06-01 20:22:12 +02:00
echo "* RASPIBLITZ SD CARD IMAGE SETUP v1.6 *"
2018-12-10 00:50:50 +01:00
echo "*****************************************"
2018-08-06 11:46:22 +02:00
echo ""
2018-12-22 13:57:49 +01:00
# 1st optional parameter is the BRANCH to get code from when
2018-12-10 00:50:50 +01:00
# provisioning sd card with raspiblitz assets/scripts later on
echo "*** CHECK INPUT PARAMETERS ***"
wantedBranch="$1"
if [ ${#wantedBranch} -eq 0 ]; then
wantedBranch="master"
fi
echo "will use code from branch --> '${wantedBranch}'"
2018-12-22 13:57:49 +01:00
# 2nd optional parameter is the GITHUB-USERNAME to get code from when
2018-12-22 13:57:49 +01:00
# provisioning sd card with raspiblitz assets/scripts later on
# if 2nd parameter is used - 1st is mandatory
2018-12-22 13:57:49 +01:00
echo "*** CHECK INPUT PARAMETERS ***"
githubUser="$2"
if [ ${#githubUser} -eq 0 ]; then
githubUser="rootzoll"
fi
echo "will use code from user --> '${githubUser}'"
2018-12-10 00:50:50 +01:00
sleep 3
2018-08-06 11:46:22 +02:00
echo ""
2018-10-13 22:43:07 +02:00
echo "*** CHECK BASE IMAGE ***"
# armv7=32Bit , armv8=64Bit
2019-06-04 11:01:52 +02:00
echo "Detect CPU architecture ..."
2018-10-13 22:43:07 +02:00
isARM=$(uname -m | grep -c 'arm')
2019-04-14 12:08:18 +02:00
isAARCH64=$(uname -m | grep -c 'aarch64')
2019-05-07 02:42:51 +02:00
isX86_64=$(uname -m | grep -c 'x86_64')
2020-06-04 14:33:01 +02:00
if [ ${isARM} -eq 0 ] && [ ${isAARCH64} -eq 0 ] && [ ${isX86_64} -eq 0 ] ; then
2018-10-13 22:43:07 +02:00
echo "!!! FAIL !!!"
echo "Can only build on ARM, aarch64, x86_64 or i386 not on:"
2018-10-13 22:43:07 +02:00
uname -m
exit 1
2019-04-14 12:08:18 +02:00
else
echo "OK running on $(uname -m) architecture."
2018-10-13 22:43:07 +02:00
fi
2018-11-11 13:42:46 +01:00
# keep in mind that DietPi for Raspberry is also a stripped down Raspbian
2019-06-04 11:01:52 +02:00
echo "Detect Base Image ..."
2018-10-13 22:43:07 +02:00
baseImage="?"
isDietPi=$(uname -n | grep -c 'DietPi')
isRaspbian=$(cat /etc/os-release 2>/dev/null | grep -c 'Raspbian')
2019-04-14 12:08:18 +02:00
isArmbian=$(cat /etc/os-release 2>/dev/null | grep -c 'Debian')
isUbuntu=$(cat /etc/os-release 2>/dev/null | grep -c 'Ubuntu')
isNvidia=$(uname -a | grep -c 'tegra')
2018-10-13 22:43:07 +02:00
if [ ${isRaspbian} -gt 0 ]; then
baseImage="raspbian"
fi
2019-04-14 12:08:18 +02:00
if [ ${isArmbian} -gt 0 ]; then
baseImage="armbian"
2019-06-04 11:01:52 +02:00
fi
2019-04-14 12:08:18 +02:00
if [ ${isUbuntu} -gt 0 ]; then
baseImage="ubuntu"
fi
2018-10-13 22:43:07 +02:00
if [ ${isDietPi} -gt 0 ]; then
baseImage="dietpi"
fi
if [ "${baseImage}" = "?" ]; then
cat /etc/os-release 2>/dev/null
echo "!!! FAIL !!!"
echo "Base Image cannot be detected or is not supported."
exit 1
else
echo "OK running ${baseImage}"
fi
2019-04-14 12:08:18 +02:00
if [ "${baseImage}" = "raspbian" ] || [ "${baseImage}" = "dietpi" ] ; then
# fixing locales for build
# https://github.com/rootzoll/raspiblitz/issues/138
# https://daker.me/2014/10/how-to-fix-perl-warning-setting-locale-failed-in-raspbian.html
# https://stackoverflow.com/questions/38188762/generate-all-locales-in-a-docker-image
echo ""
echo "*** FIXING LOCALES FOR BUILD ***"
2019-08-07 23:11:45 +02:00
2019-04-14 12:08:18 +02:00
sudo sed -i "s/^# en_US.UTF-8 UTF-8.*/en_US.UTF-8 UTF-8/g" /etc/locale.gen
sudo sed -i "s/^# en_US ISO-8859-1.*/en_US ISO-8859-1/g" /etc/locale.gen
sudo locale-gen
2020-01-20 20:37:30 +01:00
export LANGUAGE=en_US.UTF-8
export LANG=en_US.UTF-8
export LC_ALL=en_US.UTF-8
2019-08-07 23:11:45 +02:00
# https://github.com/rootzoll/raspiblitz/issues/684
sudo sed -i "s/^ SendEnv LANG LC.*/# SendEnv LANG LC_*/g" /etc/ssh/ssh_config
# remove unneccesary files
sudo rm -rf /home/pi/MagPi
2019-04-14 12:08:18 +02:00
fi
2018-12-01 22:33:18 +01:00
2019-11-27 08:49:11 +01:00
# remove some (big) packages that are not needed
sudo apt-get remove -y --purge libreoffice* oracle-java* chromium-browser nuscratch scratch sonic-pi minecraft-pi plymouth python2
sudo apt-get clean
sudo apt-get -y autoremove
if [ -f "/usr/bin/python3.7" ]; then
# make sure /usr/bin/python exists (and calls Python3.7 in Debian Buster)
sudo update-alternatives --install /usr/bin/python python /usr/bin/python3.7 1
echo "python calls python3.7"
elif [ -f "/usr/bin/python3.8" ]; then
# use python 3.8 if available
sudo update-alternatives --install /usr/bin/python python /usr/bin/python3.8 1
echo "python calls python3.8"
else
echo "!!! FAIL !!!"
echo "There is no tested version of python present"
exit 1
fi
2019-11-27 08:49:11 +01:00
2018-10-13 22:43:07 +02:00
# update debian
echo ""
echo "*** UPDATE DEBIAN ***"
2019-08-11 23:28:53 +02:00
sudo apt-get update -y
2019-08-11 23:23:38 +02:00
sudo apt-get upgrade -f -y
2018-10-13 22:43:07 +02:00
2019-04-14 12:08:18 +02:00
echo ""
echo "*** PREPARE ${baseImage} ***"
2018-10-13 22:43:07 +02:00
# special prepare when DietPi
if [ "${baseImage}" = "dietpi" ]; then
echo "renaming dietpi user to pi"
sudo usermod -l pi dietpi
2018-10-13 22:43:07 +02:00
fi
# special prepare when Raspbian
if [ "${baseImage}" = "raspbian" ]; then
# do memory split (16MB)
sudo raspi-config nonint do_memory_split 16
# set to wait until network is available on boot (0 seems to yes)
sudo raspi-config nonint do_boot_wait 0
2018-10-19 15:35:38 +02:00
# set WIFI country so boot does not block
sudo raspi-config nonint do_wifi_country US
2019-03-14 13:14:04 +01:00
# see https://github.com/rootzoll/raspiblitz/issues/428#issuecomment-472822840
echo "max_usb_current=1" | sudo tee -a /boot/config.txt
# run fsck on sd boot partition on every startup to prevent "maintenance login" screen
# see: https://github.com/rootzoll/raspiblitz/issues/782#issuecomment-564981630
2019-12-12 13:33:37 +01:00
# use command to check last fsck check: sudo tune2fs -l /dev/mmcblk0p2
sudo tune2fs -c 1 /dev/mmcblk0p2
2020-03-19 06:57:12 +01:00
# see https://github.com/rootzoll/raspiblitz/issues/1053#issuecomment-600878695
sudo sed -i 's/^/fsck.mode=force fsck.repair=yes /g' /boot/cmdline.txt
2018-10-13 22:43:07 +02:00
fi
2019-04-14 12:08:18 +02:00
# special prepare when Ubuntu or Armbian
if [ "${baseImage}" = "ubuntu" ] || [ "${baseImage}" = "armbian" ]; then
2019-06-04 11:01:52 +02:00
# make user pi and add to sudo
2019-04-14 12:08:18 +02:00
sudo adduser --disabled-password --gecos "" pi
sudo adduser pi sudo
fi
2019-10-06 12:57:48 +02:00
# special prepare when Nvidia Jetson Nano
if [ ${isNvidia} -eq 1 ] ; then
# disable GUI on boot
sudo systemctl set-default multi-user.target
fi
2018-10-13 22:43:07 +02:00
echo ""
echo "*** CONFIG ***"
2018-08-06 01:03:17 +02:00
# based on https://github.com/Stadicus/guides/blob/master/raspibolt/raspibolt_20_pi.md#raspi-config
2018-10-13 22:43:07 +02:00
# set new default passwort for root user
2018-08-06 01:03:17 +02:00
echo "root:raspiblitz" | sudo chpasswd
echo "pi:raspiblitz" | sudo chpasswd
2019-03-18 11:20:33 +01:00
if [ "${baseImage}" = "raspbian" ]; then
# set Raspi to boot up automatically with user pi (for the LCD)
# https://www.raspberrypi.org/forums/viewtopic.php?t=21632
sudo raspi-config nonint do_boot_behaviour B2
sudo bash -c "echo '[Service]' >> /etc/systemd/system/getty@tty1.service.d/autologin.conf"
sudo bash -c "echo 'ExecStart=' >> /etc/systemd/system/getty@tty1.service.d/autologin.conf"
sudo bash -c "echo 'ExecStart=-/sbin/agetty --autologin pi --noclear %I 38400 linux' >> /etc/systemd/system/getty@tty1.service.d/autologin.conf"
fi
if [ "${baseImage}" = "dietpi" ]; then
2019-03-24 23:07:32 +01:00
# set DietPi to boot up automatically with user pi (for the LCD)
# requires AUTO_SETUP_AUTOSTART_TARGET_INDEX=7 in the dietpi.txt
# /DietPi/dietpi/dietpi-autostart overwrites /etc/systemd/system/getty@tty1.service.d/dietpi-autologin.conf on reboot
sudo sed -i 's/agetty --autologin root %I $TERM/agetty --autologin pi --noclear %I 38400 linux/' /DietPi/dietpi/dietpi-autostart
2019-03-18 11:20:33 +01:00
fi
2018-08-06 01:03:17 +02:00
2019-04-14 12:08:18 +02:00
if [ "${baseImage}" = "ubuntu" ] || [ "${baseImage}" = "armbian" ]; then
sudo bash -c "echo '[Service]' >> /lib/systemd/system/getty@.service"
sudo bash -c "echo 'ExecStart=' >> /lib/systemd/system/getty@.service"
sudo bash -c "echo 'ExecStart=-/sbin/agetty --autologin pi --noclear %I 38400 linux' >> /lib/systemd/system/getty@.service"
fi
2019-03-13 17:00:44 +01:00
# change log rotates
# see https://github.com/rootzoll/raspiblitz/issues/394#issuecomment-471535483
2019-03-25 23:17:14 +01:00
echo "/var/log/syslog" >> ./rsyslog
echo "{" >> ./rsyslog
echo " rotate 7" >> ./rsyslog
echo " daily" >> ./rsyslog
echo " missingok" >> ./rsyslog
echo " notifempty" >> ./rsyslog
echo " delaycompress" >> ./rsyslog
echo " compress" >> ./rsyslog
echo " postrotate" >> ./rsyslog
echo " invoke-rc.d rsyslog rotate > /dev/null" >> ./rsyslog
echo " endscript" >> ./rsyslog
echo "}" >> ./rsyslog
echo "" >> ./rsyslog
echo "/var/log/mail.info" >> ./rsyslog
echo "/var/log/mail.warn" >> ./rsyslog
echo "/var/log/mail.err" >> ./rsyslog
echo "/var/log/mail.log" >> ./rsyslog
echo "/var/log/daemon.log" >> ./rsyslog
echo "{" >> ./rsyslog
echo " rotate 4" >> ./rsyslog
echo " size=100M" >> ./rsyslog
echo " missingok" >> ./rsyslog
echo " notifempty" >> ./rsyslog
echo " compress" >> ./rsyslog
echo " delaycompress" >> ./rsyslog
echo " sharedscripts" >> ./rsyslog
echo " postrotate" >> ./rsyslog
echo " invoke-rc.d rsyslog rotate > /dev/null" >> ./rsyslog
echo " endscript" >> ./rsyslog
echo "}" >> ./rsyslog
echo "" >> ./rsyslog
echo "/var/log/kern.log" >> ./rsyslog
echo "/var/log/auth.log" >> ./rsyslog
2019-03-13 17:00:44 +01:00
echo "{" >> ./rsyslog
echo " rotate 4" >> ./rsyslog
echo " size=100M" >> ./rsyslog
echo " missingok" >> ./rsyslog
echo " notifempty" >> ./rsyslog
echo " compress" >> ./rsyslog
echo " delaycompress" >> ./rsyslog
echo " sharedscripts" >> ./rsyslog
echo " postrotate" >> ./rsyslog
echo " invoke-rc.d rsyslog rotate > /dev/null" >> ./rsyslog
echo " endscript" >> ./rsyslog
echo "}" >> ./rsyslog
echo "" >> ./rsyslog
2019-03-25 23:17:14 +01:00
echo "/var/log/user.log" >> ./rsyslog
echo "/var/log/lpr.log" >> ./rsyslog
echo "/var/log/cron.log" >> ./rsyslog
echo "/var/log/debug" >> ./rsyslog
echo "/var/log/messages" >> ./rsyslog
echo "{" >> ./rsyslog
echo " rotate 4" >> ./rsyslog
echo " weekly" >> ./rsyslog
echo " missingok" >> ./rsyslog
echo " notifempty" >> ./rsyslog
echo " compress" >> ./rsyslog
echo " delaycompress" >> ./rsyslog
echo " sharedscripts" >> ./rsyslog
echo " postrotate" >> ./rsyslog
echo " invoke-rc.d rsyslog rotate > /dev/null" >> ./rsyslog
echo " endscript" >> ./rsyslog
echo "}" >> ./rsyslog
2019-03-13 17:00:44 +01:00
sudo mv ./rsyslog /etc/logrotate.d/rsyslog
sudo chown root:root /etc/logrotate.d/rsyslog
sudo service rsyslog restart
2018-08-06 11:46:22 +02:00
echo ""
echo "*** SOFTWARE UPDATE ***"
2018-08-06 01:03:17 +02:00
# based on https://github.com/Stadicus/guides/blob/master/raspibolt/raspibolt_20_pi.md#software-update
# installs like on RaspiBolt
2020-01-27 02:05:53 +01:00
sudo apt-get install -y htop git curl bash-completion vim jq dphys-swapfile bsdmainutils
2018-08-06 01:03:17 +02:00
2019-01-15 15:54:20 +01:00
# installs bandwidth monitoring for future statistics
sudo apt-get install -y vnstat
2019-03-25 23:17:14 +01:00
# prepare for BTRFS data drive raid
2020-05-28 17:44:07 +02:00
sudo apt-get install -y btrfs-progs btrfs-tools
2019-03-25 23:17:14 +01:00
2020-06-03 19:05:21 +02:00
# network tools
sudo apt-get install -y autossh telnet
2019-03-25 23:17:14 +01:00
2019-03-14 13:03:11 +01:00
# prepare for display graphics mode
# see https://github.com/rootzoll/raspiblitz/pull/334
sudo apt-get install -y fbi
2019-04-10 01:56:48 +02:00
# prepare for powertest
sudo apt install -y sysbench
2019-04-14 12:08:18 +02:00
# check for dependencies on DietPi, Ubuntu, Armbian
sudo apt install -y build-essential
# add armbian-config
if [ "${baseImage}" = "armbian" ]; then
# add armbian config
sudo apt install armbian-config -y
fi
# dependencies for python
sudo apt install -y python3-venv python3-dev python3-wheel python3-jinja2 python3-pip
# make sure /usr/bin/pip exists (and calls pip3 in Debian Buster)
sudo update-alternatives --install /usr/bin/pip pip /usr/bin/pip3 1
2019-04-14 12:08:18 +02:00
# rsync is needed to copy from HDD
sudo apt install -y rsync
# install ifconfig
sudo apt install -y net-tools
#to display hex codes
sudo apt install -y xxd
# setuptools needed for Nyx
sudo pip install setuptools
# netcat for 00infoBlitz.sh
sudo apt install -y netcat
# install OpenSSH client + server
sudo apt install -y openssh-client
sudo apt install -y openssh-sftp-server
# install killall, fuser
sudo apt-get install -y psmisc
2019-05-30 14:46:20 +02:00
2019-04-14 12:08:18 +02:00
sudo apt-get clean
sudo apt-get -y autoremove
2018-08-06 11:46:22 +02:00
echo ""
echo "*** ADDING MAIN USER admin ***"
2018-08-06 01:03:17 +02:00
# based on https://github.com/Stadicus/guides/blob/master/raspibolt/raspibolt_20_pi.md#adding-main-user-admin
# using the default password 'raspiblitz'
sudo adduser --disabled-password --gecos "" admin
echo "admin:raspiblitz" | sudo chpasswd
sudo adduser admin sudo
sudo chsh admin -s /bin/bash
# configure sudo for usage without password entry
2018-08-06 21:33:16 +02:00
echo '%sudo ALL=(ALL) NOPASSWD:ALL' | sudo EDITOR='tee -a' visudo
2018-08-06 01:03:17 +02:00
2019-04-14 12:08:18 +02:00
echo ""
2018-08-06 11:46:22 +02:00
echo "*** ADDING SERVICE USER bitcoin"
2018-08-06 01:03:17 +02:00
# based on https://github.com/Stadicus/guides/blob/master/raspibolt/raspibolt_20_pi.md#adding-the-service-user-bitcoin
# create user and set default password for user
sudo adduser --disabled-password --gecos "" bitcoin
echo "bitcoin:raspiblitz" | sudo chpasswd
echo ""
echo "*** ADDING GROUPS FOR CREDENTIALS STORE ***"
# access to credentials (e.g. macaroon files) in a central location is managed with unix groups and permissions
sudo /usr/sbin/groupadd --force --gid 9700 lndadmin
sudo /usr/sbin/groupadd --force --gid 9701 lndinvoice
sudo /usr/sbin/groupadd --force --gid 9702 lndreadonly
2018-08-06 11:46:22 +02:00
echo ""
echo "*** SWAP FILE ***"
2018-08-06 01:03:17 +02:00
# based on https://github.com/Stadicus/guides/blob/master/raspibolt/raspibolt_20_pi.md#moving-the-swap-file
# but just deactivating and deleting old (will be created alter when user adds HDD)
sudo dphys-swapfile swapoff
sudo dphys-swapfile uninstall
2018-08-06 11:46:22 +02:00
echo ""
echo "*** INCREASE OPEN FILE LIMIT ***"
2018-08-06 01:03:17 +02:00
# based on https://github.com/Stadicus/guides/blob/master/raspibolt/raspibolt_20_pi.md#increase-your-open-files-limit
sudo sed --in-place -i "56s/.*/* soft nofile 128000/" /etc/security/limits.conf
sudo bash -c "echo '* hard nofile 128000' >> /etc/security/limits.conf"
sudo bash -c "echo 'root soft nofile 128000' >> /etc/security/limits.conf"
sudo bash -c "echo 'root hard nofile 128000' >> /etc/security/limits.conf"
sudo bash -c "echo '# End of file' >> /etc/security/limits.conf"
sudo sed --in-place -i "23s/.*/session required pam_limits.so/" /etc/pam.d/common-session
sudo sed --in-place -i "25s/.*/session required pam_limits.so/" /etc/pam.d/common-session-noninteractive
sudo bash -c "echo '# end of pam-auth-update config' >> /etc/pam.d/common-session-noninteractive"
2019-05-07 02:42:51 +02:00
# "*** BITCOIN ***"
2018-08-06 01:03:17 +02:00
# based on https://github.com/Stadicus/guides/blob/master/raspibolt/raspibolt_30_bitcoin.md#installation
2019-08-12 02:48:11 +02:00
echo ""
echo "*** PREPARING BITCOIN & Co ***"
2018-08-06 01:03:17 +02:00
# set version (change if update is available)
# https://bitcoincore.org/en/download/
bitcoinVersion="0.20.0"
2018-11-18 19:35:39 +01:00
# needed to check code signing
laanwjPGP="01EA5486DE18A882D4C2684590C8019E36C2E964"
2019-08-12 02:48:11 +02:00
# prepare directories
2019-11-27 08:49:11 +01:00
sudo rm -rf /home/admin/download
2019-08-12 02:48:11 +02:00
sudo -u admin mkdir /home/admin/download
cd /home/admin/download
# download, check and import signer key
sudo -u admin wget https://bitcoin.org/laanwj-releases.asc
if [ ! -f "./laanwj-releases.asc" ]
then
echo "!!! FAIL !!! Download laanwj-releases.asc not success."
exit 1
fi
gpg ./laanwj-releases.asc
fingerprint=$(gpg ./laanwj-releases.asc 2>/dev/null | grep "${laanwjPGP}" -c)
if [ ${fingerprint} -lt 1 ]; then
echo ""
echo "!!! BUILD WARNING --> Bitcoin PGP author not as expected"
echo "Should contain laanwjPGP: ${laanwjPGP}"
echo "PRESS ENTER to TAKE THE RISK if you think all is OK"
read key
fi
gpg --import ./laanwj-releases.asc
# download signed binary sha256 hash sum file and check
sudo -u admin wget https://bitcoin.org/bin/bitcoin-core-${bitcoinVersion}/SHA256SUMS.asc
verifyResult=$(gpg --verify SHA256SUMS.asc 2>&1)
goodSignature=$(echo ${verifyResult} | grep 'Good signature' -c)
echo "goodSignature(${goodSignature})"
correctKey=$(echo ${verifyResult} | grep "using RSA key ${laanwjPGP: -16}" -c)
echo "correctKey(${correctKey})"
if [ ${correctKey} -lt 1 ] || [ ${goodSignature} -lt 1 ]; then
echo ""
echo "!!! BUILD FAILED --> PGP Verify not OK / signature(${goodSignature}) verify(${correctKey})"
exit 1
2019-09-04 13:31:01 +02:00
else
echo ""
echo "****************************************"
echo "OK --> BITCOIN MANIFEST IS CORRECT"
echo "****************************************"
echo ""
fi
# get the sha256 value for the corresponding platform from signed hash sum file
2019-04-14 12:08:18 +02:00
if [ ${isARM} -eq 1 ] ; then
2019-04-14 22:42:23 +02:00
bitcoinOSversion="arm-linux-gnueabihf"
2019-04-14 12:08:18 +02:00
fi
if [ ${isAARCH64} -eq 1 ] ; then
2019-04-14 22:42:23 +02:00
bitcoinOSversion="aarch64-linux-gnu"
2019-04-14 12:08:18 +02:00
fi
2019-05-07 02:42:51 +02:00
if [ ${isX86_64} -eq 1 ] ; then
bitcoinOSversion="x86_64-linux-gnu"
2019-10-06 12:57:48 +02:00
fi
2019-08-12 03:12:43 +02:00
bitcoinSHA256=$(grep -i "$bitcoinOSversion" SHA256SUMS.asc | cut -d " " -f1)
2019-05-07 02:42:51 +02:00
echo ""
echo "*** BITCOIN v${bitcoinVersion} for ${bitcoinOSversion} ***"
2018-11-18 19:35:39 +01:00
2018-08-06 01:03:17 +02:00
# download resources
2019-04-14 22:42:23 +02:00
binaryName="bitcoin-${bitcoinVersion}-${bitcoinOSversion}.tar.gz"
2018-11-18 19:35:39 +01:00
sudo -u admin wget https://bitcoin.org/bin/bitcoin-core-${bitcoinVersion}/${binaryName}
if [ ! -f "./${binaryName}" ]
2018-08-27 23:26:44 +02:00
then
echo "!!! FAIL !!! Download BITCOIN BINARY not success."
exit 1
fi
2018-11-18 19:35:39 +01:00
# check binary checksum test
2018-11-18 19:35:39 +01:00
binaryChecksum=$(sha256sum ${binaryName} | cut -d " " -f1)
if [ "${binaryChecksum}" != "${bitcoinSHA256}" ]; then
echo "!!! FAIL !!! Downloaded BITCOIN BINARY not matching SHA256 checksum: ${bitcoinSHA256}"
exit 1
2019-09-04 13:31:01 +02:00
else
echo ""
echo "****************************************"
echo "OK --> VERIFIED BITCOIN CHECKSUM CORRECT"
echo "****************************************"
echo ""
2018-08-27 23:26:44 +02:00
fi
2018-11-18 19:35:39 +01:00
2018-08-06 01:03:17 +02:00
# install
2018-11-18 20:01:43 +01:00
sudo -u admin tar -xvf ${binaryName}
2018-11-18 23:44:30 +01:00
sudo install -m 0755 -o root -g root -t /usr/local/bin/ bitcoin-${bitcoinVersion}/bin/*
2018-08-06 01:03:17 +02:00
sleep 3
2018-08-06 11:46:22 +02:00
installed=$(sudo -u admin bitcoind --version | grep "${bitcoinVersion}" -c)
2018-08-06 01:03:17 +02:00
if [ ${installed} -lt 1 ]; then
echo ""
echo "!!! BUILD FAILED --> Was not able to install bitcoind version(${bitcoinVersion})"
exit 1
fi
2019-05-07 02:42:51 +02:00
# "*** LND ***"
## based on https://github.com/Stadicus/guides/blob/master/raspibolt/raspibolt_40_lnd.md#lightning-lnd
2019-04-11 22:03:08 +02:00
## see LND releases: https://github.com/lightningnetwork/lnd/releases
2020-06-03 22:42:13 +02:00
lndVersion="0.10.1-beta"
2019-04-14 12:08:18 +02:00
# olaoluwa
2020-01-22 19:14:49 +01:00
PGPpkeys="https://keybase.io/roasbeef/pgp_keys.asc"
PGPcheck="9769140D255C759B1EB77B46A96387A57CAAE94D"
# bitconner
#PGPpkeys="https://keybase.io/bitconner/pgp_keys.asc"
#PGPcheck="9C8D61868A7C492003B2744EE7D737B67FA592C7"
2020-01-22 18:50:56 +01:00
# Joost Jager
2020-01-22 19:14:49 +01:00
#PGPpkeys="https://keybase.io/joostjager/pgp_keys.asc"
#PGPcheck="D146D0F68939436268FA9A130E26BB61B76C4D3A"
# get LND resources
cd /home/admin/download
# download lnd binary checksum manifest
sudo -u admin wget -N https://github.com/lightningnetwork/lnd/releases/download/v${lndVersion}/manifest-v${lndVersion}.txt
# check if checksums are signed by lnd dev team
sudo -u admin wget -N https://github.com/lightningnetwork/lnd/releases/download/v${lndVersion}/manifest-v${lndVersion}.txt.sig
sudo -u admin wget --no-check-certificate -N -O "pgp_keys.asc" ${PGPpkeys}
gpg ./pgp_keys.asc
fingerprint=$(sudo gpg "pgp_keys.asc" 2>/dev/null | grep "${PGPcheck}" -c)
if [ ${fingerprint} -lt 1 ]; then
echo ""
echo "!!! BUILD WARNING --> LND PGP author not as expected"
echo "Should contain PGP: ${PGPcheck}"
echo "PRESS ENTER to TAKE THE RISK if you think all is OK"
read key
fi
gpg --import ./pgp_keys.asc
sleep 3
verifyResult=$(gpg --verify manifest-v${lndVersion}.txt.sig 2>&1)
goodSignature=$(echo ${verifyResult} | grep 'Good signature' -c)
echo "goodSignature(${goodSignature})"
correctKey=$(echo ${verifyResult} | tr -d " \t\n\r" | grep "${GPGcheck}" -c)
echo "correctKey(${correctKey})"
if [ ${correctKey} -lt 1 ] || [ ${goodSignature} -lt 1 ]; then
echo ""
echo "!!! BUILD FAILED --> LND PGP Verify not OK / signature(${goodSignature}) verify(${correctKey})"
exit 1
2019-09-04 13:31:01 +02:00
else
echo ""
echo "****************************************"
echo "OK --> SIGNATURE LND MANIFEST IS CORRECT"
echo "****************************************"
echo ""
fi
# get the lndSHA256 for the corresponding platform from manifest file
2019-04-14 12:08:18 +02:00
if [ ${isARM} -eq 1 ] ; then
lndOSversion="armv7"
lndSHA256=$(grep -i "linux-$lndOSversion" manifest-v$lndVersion.txt | cut -d " " -f1)
2019-04-14 12:08:18 +02:00
fi
if [ ${isAARCH64} -eq 1 ] ; then
lndOSversion="arm64"
lndSHA256=$(grep -i "linux-$lndOSversion" manifest-v$lndVersion.txt | cut -d " " -f1)
fi
2019-05-07 02:42:51 +02:00
if [ ${isX86_64} -eq 1 ] ; then
lndOSversion="amd64"
lndSHA256=$(grep -i "linux-$lndOSversion" manifest-v$lndVersion.txt | cut -d " " -f1)
2019-10-06 12:57:48 +02:00
fi
2019-05-07 02:42:51 +02:00
echo ""
2019-05-07 14:00:40 +02:00
echo "*** LND v${lndVersion} for ${lndOSversion} ***"
echo "SHA256 hash: $lndSHA256"
echo ""
2019-04-09 14:53:42 +02:00
# get LND binary
2019-04-14 12:08:18 +02:00
binaryName="lnd-linux-${lndOSversion}-v${lndVersion}.tar.gz"
sudo -u admin wget -N https://github.com/lightningnetwork/lnd/releases/download/v${lndVersion}/${binaryName}
# check binary was not manipulated (checksum test)
2019-01-27 00:21:26 +01:00
binaryChecksum=$(sha256sum ${binaryName} | cut -d " " -f1)
2018-11-18 23:44:30 +01:00
if [ "${binaryChecksum}" != "${lndSHA256}" ]; then
echo "!!! FAIL !!! Downloaded LND BINARY not matching SHA256 checksum: ${lndSHA256}"
exit 1
2019-09-04 13:31:01 +02:00
else
echo ""
echo "****************************************"
echo "OK --> VERIFIED LND CHECKSUM IS CORRECT"
echo "****************************************"
echo ""
fi
2018-11-18 23:44:30 +01:00
# install
sudo -u admin tar -xzf ${binaryName}
2019-04-14 12:08:18 +02:00
sudo install -m 0755 -o root -g root -t /usr/local/bin lnd-linux-${lndOSversion}-v${lndVersion}/*
2018-11-18 23:44:30 +01:00
sleep 3
installed=$(sudo -u admin lnd --version)
if [ ${#installed} -eq 0 ]; then
echo ""
echo "!!! BUILD FAILED --> Was not able to install LND"
exit 1
fi
2019-04-12 12:48:51 +02:00
# prepare python for lnd api use
# https://dev.lightning.community/guides/python-grpc/
2019-11-27 08:49:11 +01:00
2019-04-12 12:48:51 +02:00
echo ""
echo "*** LND API for Python ***"
2019-05-29 01:06:51 +02:00
sudo chown -R admin /home/admin
2019-11-15 21:25:12 +01:00
# This Python3 virtualenv includes the site-packages because access to the PyQt5
# libs - which are installed system-wide (via apt-get) - is needed for TouchUI.
2019-11-27 08:49:11 +01:00
sudo -u admin bash -c "cd; python3 -m venv --system-site-packages python3-env-lnd"
sudo -u admin bash -c "/home/admin/python3-env-lnd/bin/python3 -m pip install grpcio grpcio-tools googleapis-common-protos pathlib2"
2019-04-12 12:48:51 +02:00
echo ""
2020-05-24 17:48:33 +02:00
echo "*** Python DEFAULT libs & depenedencies ***"
2018-08-06 01:03:17 +02:00
# for setup schell scripts
2020-05-22 19:24:46 +02:00
sudo apt-get -y install dialog bc python3-dialog
2018-08-06 01:03:17 +02:00
2020-05-26 02:32:21 +02:00
# libs (for global python scripts)
2020-06-02 23:40:35 +02:00
sudo -H python3 -m pip install grpcio==1.29.0
sudo -H python3 -m pip install googleapis-common-protos==1.51.0
sudo -H python3 -m pip install toml==0.10.1
sudo -H python3 -m pip install j2cli==0.3.10
2020-05-24 17:48:33 +02:00
echo ""
echo "*** RASPIBLITZ EXTRAS ***"
2018-08-06 01:03:17 +02:00
# enable copy of blockchain from 2nd HDD formatted with exFAT
sudo apt-get -y install exfat-fuse
# for blockchain torrent download
sudo apt-get -y install transmission-cli
2018-11-18 18:02:35 +01:00
sudo apt-get -y install rtorrent
2019-04-14 21:17:51 +02:00
sudo apt-get -y install cpulimit
2018-08-06 01:03:17 +02:00
# for background downloading
sudo apt-get -y install screen
2019-09-22 15:34:03 +02:00
# for multiple (detachable/background) sessions when using SSH
2020-01-20 21:18:24 +01:00
# https://github.com/rootzoll/raspiblitz/issues/990
2019-09-22 15:34:03 +02:00
sudo apt-get -y install tmux
2018-08-06 01:03:17 +02:00
# optimization for torrent download
sudo bash -c "echo 'net.core.rmem_max = 4194304' >> /etc/sysctl.conf"
sudo bash -c "echo 'net.core.wmem_max = 1048576' >> /etc/sysctl.conf"
2019-07-26 22:05:43 +02:00
# install a command-line fuzzy finder (https://github.com/junegunn/fzf)
sudo apt-get -y install fzf
sudo bash -c "echo 'source /usr/share/doc/fzf/examples/key-bindings.bash' >> /home/admin/.bashrc"
2018-08-06 01:03:17 +02:00
# *** SHELL SCRIPTS AND ASSETS
# move files from gitclone
cd /home/admin/
2018-12-22 13:57:49 +01:00
sudo -u admin git clone -b ${wantedBranch} https://github.com/${githubUser}/raspiblitz.git
2018-09-21 21:33:13 +02:00
sudo -u admin cp /home/admin/raspiblitz/home.admin/*.* /home/admin
sudo -u admin cp /home/admin/raspiblitz/home.admin/.tmux.conf /home/admin
2018-08-06 01:03:17 +02:00
sudo -u admin chmod +x *.sh
sudo -u admin cp -r /home/admin/raspiblitz/home.admin/assets /home/admin/
2018-12-02 20:57:27 +01:00
sudo -u admin cp -r /home/admin/raspiblitz/home.admin/config.scripts /home/admin/
sudo -u admin chmod +x /home/admin/config.scripts/*.sh
2018-08-06 01:03:17 +02:00
2020-05-23 17:29:46 +02:00
# install newest version of BlitzPy
blitzpy_wheel=$(ls -trR /home/admin/raspiblitz/home.admin/BlitzPy/dist | grep -E "*any.whl" | tail -n 1)
blitzpy_version=$(echo ${blitzpy_wheel} | grep -oE "([0-9]\.[0-9]\.[0-9])")
echo ""
echo "*** INSTALLING BlitzPy Version: ${blitzpy_version} ***"
sudo -H /usr/bin/python -m pip install "/home/admin/raspiblitz/home.admin/BlitzPy/dist/${blitzpy_wheel}" >/dev/null 2>&1
2019-11-24 18:35:47 +01:00
# make sure lndlibs are patched for compatibility for both Python2 and Python3
if ! grep -Fxq "from __future__ import absolute_import" /home/admin/config.scripts/lndlibs/rpc_pb2_grpc.py; then
sed -i -E '1 a from __future__ import absolute_import' /home/admin/config.scripts/lndlibs/rpc_pb2_grpc.py
fi
if ! grep -Eq "^from . import.*" /home/admin/config.scripts/lndlibs/rpc_pb2_grpc.py; then
sed -i -E 's/^(import.*_pb2)/from . \1/' /home/admin/config.scripts/lndlibs/rpc_pb2_grpc.py
fi
2019-01-30 13:16:25 +01:00
# add /sbin to path for all
sudo bash -c "echo 'PATH=\$PATH:/sbin' >> /etc/profile"
2019-01-17 22:40:26 +01:00
# bash autostart for admin
2018-12-24 01:03:02 +01:00
sudo bash -c "echo '# shortcut commands' >> /home/admin/.bashrc"
sudo bash -c "echo 'source /home/admin/_commands.sh' >> /home/admin/.bashrc"
2019-09-22 15:34:03 +02:00
sudo bash -c "echo '# automatically start main menu for admin unless' >> /home/admin/.bashrc"
sudo bash -c "echo '# when running in a tmux session' >> /home/admin/.bashrc"
sudo bash -c "echo 'if [ -z \"\$TMUX\" ]; then' >> /home/admin/.bashrc"
sudo bash -c "echo ' ./00raspiblitz.sh' >> /home/admin/.bashrc"
sudo bash -c "echo 'fi' >> /home/admin/.bashrc"
2018-08-28 00:04:41 +02:00
2019-04-14 12:08:18 +02:00
if [ "${baseImage}" = "raspbian" ] || [ "${baseImage}" = "armbian" ] || [ "${baseImage}" = "ubuntu" ]; then
2019-03-18 11:20:33 +01:00
# bash autostart for pi
# run as exec to dont allow easy physical access by keyboard
# see https://github.com/rootzoll/raspiblitz/issues/54
sudo bash -c 'echo "# automatic start the LCD info loop" >> /home/pi/.bashrc'
sudo bash -c 'echo "SCRIPT=/home/admin/00infoLCD.sh" >> /home/pi/.bashrc'
sudo bash -c 'echo "# replace shell with script => logout when exiting script" >> /home/pi/.bashrc'
sudo bash -c 'echo "exec \$SCRIPT" >> /home/pi/.bashrc'
2019-04-14 12:08:18 +02:00
fi
2019-03-18 11:20:33 +01:00
if [ "${baseImage}" = "dietpi" ]; then
# bash autostart for dietpi
sudo bash -c 'echo "# automatic start the LCD info loop" >> /home/dietpi/.bashrc'
sudo bash -c 'echo "SCRIPT=/home/admin/00infoLCD.sh" >> /home/dietpi/.bashrc'
sudo bash -c 'echo "# replace shell with script => logout when exiting script" >> /home/dietpi/.bashrc'
sudo bash -c 'echo "exec \$SCRIPT" >> /home/dietpi/.bashrc'
fi
2019-01-27 14:25:30 +01:00
2018-10-13 23:15:17 +02:00
echo ""
echo "*** HARDENING ***"
2020-01-19 14:20:49 +01:00
# based on https://stadicus.github.io/RaspiBolt/raspibolt_21_security.html
2018-10-13 23:15:17 +02:00
# fail2ban (no config required)
2020-06-02 23:40:35 +02:00
sudo apt-get install -y --no-install-recommends python3-systemd fail2ban
2018-10-13 23:15:17 +02:00
if [ "${baseImage}" = "raspbian" ]; then
echo ""
echo "*** DISABLE BLUETOOTH ***"
# disable bluetooth module
sudo sh -c "echo 'dtoverlay=pi3-disable-bt' >> /boot/config.txt"
sudo sh -c "echo 'dtoverlay=disable-bt' >> /boot/config.txt"
# remove bluetooth services
sudo systemctl disable bluetooth.service
sudo systemctl disable hciuart.service
# remove bluetooth packages
sudo apt remove -y --purge pi-bluetooth bluez bluez-firmware
fi
# *** CACHE DISK IN RAM ***
echo "Activating CACHE RAM DISK ... "
sudo /home/admin/config.scripts/blitz.cache.sh on
# *** BOOTSTRAP ***
# see background README for details
echo ""
2020-05-28 17:44:07 +02:00
echo "*** RASPI BOOTSTRAP SERVICE ***"
sudo chmod +x /home/admin/_bootstrap.sh
sudo cp ./assets/bootstrap.service /etc/systemd/system/bootstrap.service
sudo systemctl enable bootstrap
2019-02-13 03:30:49 +01:00
# *** BACKGROUND ***
echo ""
echo "*** RASPI BACKGROUND SERVICE ***"
sudo chmod +x /home/admin/_background.sh
sudo cp ./assets/background.service /etc/systemd/system/background.service
sudo systemctl enable background
2019-02-09 15:58:11 +01:00
# *** TOR Prepare ***
echo "*** Prepare TOR source+keys ***"
sudo /home/admin/config.scripts/internet.tor.sh prepare
2019-02-09 17:02:20 +01:00
echo ""
2018-12-11 13:33:22 +01:00
2019-12-10 14:27:51 +01:00
# *** RASPIBLITZ LCD DRIVER (do last - because makes a reboot) ***
# based on https://www.elegoo.com/tutorial/Elegoo%203.5%20inch%20Touch%20Screen%20User%20Manual%20V1.00.2017.10.09.zip
if [ "${baseImage}" = "raspbian" ] || [ "${baseImage}" = "dietpi" ]; then
echo "*** LCD DRIVER ***"
echo "--> Downloading LCD Driver from Github"
cd /home/admin/
sudo -u admin git clone https://github.com/goodtft/LCD-show.git
sudo -u admin chmod -R 755 LCD-show
sudo -u admin chown -R admin:admin LCD-show
cd LCD-show/
# set comit hard to old version - that seemed to run better
#
sudo -u admin git reset --hard ce52014
# install xinput calibrator package
echo "--> install xinput calibrator package"
sudo dpkg -i xinput-calibrator_0.7.5-1_armhf.deb
fi
2019-12-10 14:27:51 +01:00
# make dietpi preparations
2019-03-20 13:22:32 +01:00
if [ "${baseImage}" = "dietpi" ]; then
2019-12-10 14:27:51 +01:00
echo "--> dietpi preparations"
2019-03-20 13:22:32 +01:00
sudo rm -rf /etc/X11/xorg.conf.d/40-libinput.conf
sudo mkdir /etc/X11/xorg.conf.d
sudo cp ./usr/tft35a-overlay.dtb /boot/overlays/
sudo cp ./usr/tft35a-overlay.dtb /boot/overlays/tft35a.dtbo
sudo cp -rf ./usr/99-calibration.conf-35 /etc/X11/xorg.conf.d/99-calibration.conf
sudo cp -rf ./usr/99-fbturbo.conf /usr/share/X11/xorg.conf.d/
2019-03-21 14:36:10 +01:00
sudo cp ./usr/cmdline.txt /DietPi/
2019-03-20 13:22:32 +01:00
sudo cp ./usr/inittab /etc/
sudo cp ./boot/config-35.txt /DietPi/config.txt
# make LCD screen rotation correct
sudo sed -i "s/dtoverlay=tft35a/dtoverlay=tft35a:rotate=270/" /DietPi/config.txt
2019-12-10 14:27:51 +01:00
fi
2019-12-10 14:27:51 +01:00
# *** RASPIBLITZ IMAGE READY ***
echo ""
echo "**********************************************"
echo "SD CARD BUILD DONE"
echo "**********************************************"
echo ""
echo "Your SD Card Image for RaspiBlitz is almost ready."
if [ "${baseImage}" = "raspbian" ]; then
echo "Last step is to install LCD drivers. This will reboot your Pi when done."
echo ""
fi
2019-12-10 14:27:51 +01:00
echo "Take the chance & look thru the output above if you can spot any errror."
echo ""
echo "After final reboot - your SD Card Image is ready."
echo ""
echo "IMPORTANT IF WANT TO MAKE A RELEASE IMAGE FROM THIS BUILD:"
echo "login once after reboot without external HDD/SSD and run 'XXprepareRelease.sh'"
echo "REMEMBER for login now use --> user:admin password:raspiblitz"
echo ""
2019-12-10 14:27:51 +01:00
# activate LCD and trigger reboot
# dont do this on dietpi to allow for automatic build
if [ "${baseImage}" = "raspbian" ]; then
2020-03-19 08:05:31 +01:00
sudo chmod +x -R /home/admin/LCD-show
2019-12-10 14:27:51 +01:00
cd /home/admin/LCD-show/
sudo apt-mark hold raspberrypi-bootloader
sudo ./LCD35-show
else
echo "Use 'sudo reboot' to restart manually."
2020-01-27 02:05:53 +01:00
fi