diff --git a/FAQ.dev.md b/FAQ.dev.md index 189a6771c..4eb0a64e2 100644 --- a/FAQ.dev.md +++ b/FAQ.dev.md @@ -1,6 +1,22 @@ ## FAQ Development -### What is the process of creating a new SD card image release? +### Steps to create RaspberryPi images with Packer? + +* Start [`Debian LIVE`](https://cdimage.debian.org/debian-cd/current-live/amd64/iso-hybrid/debian-live-12.4.0-amd64-cinnamon.iso) from USB stick + * On USB boot be sure to start the "LIVE_SYSTEM" image + * Connect a additional 128GB USB with NFTS formatted +* Using Filemanager open the 128GB-USBDrive and right-click "Open in Terminal" +* Make sure the packer script is in root of the 128GB-USBDrive + * If it is not there download: + * `curl -O -L https://raw.githubusercontent.com/raspiblitz/raspiblitz/dev/ci/packer.sh` +* Security read/check script and then start build with (replace parameters): +* `sudo bash ./packer.sh [BRANCH] [arm|x86] [min|fat] [?LASTCOMMITHASH]` + * `BRANCH` = the branch name on this repo of which the image should be build + * `[arm|x86]` = The architecture the image is targeting (RaspberryPi = `arm`) + * `[min|fat]` = lean or fatpack (fatpack prepackages lots of apps already with the image) + * `LASTCOMMITHASH` (optional) = security check & copy the latest commit hash of the branch you want to build + +### What is the process of creating a new RaspberryPi SD card image release manually? Checklist before making a SD card image release: diff --git a/Makefile b/Makefile index 9dc57cef1..785c73cde 100644 --- a/Makefile +++ b/Makefile @@ -5,7 +5,7 @@ GITHUB_HEAD_REF = $(shell git rev-parse --abbrev-ref HEAD) amd64-lean-desktop-uefi-image: # Run the build script cd ci/amd64 && \ - bash packer.build.amd64-debian.sh \ + sudo bash packer.build.amd64-debian.sh \ --pack lean \ --github_user $(GITHUB_ACTOR) \ --branch $(GITHUB_HEAD_REF) \ @@ -31,7 +31,7 @@ amd64-lean-desktop-uefi-image: amd64-lean-server-legacyboot-image: # Run the build script cd ci/amd64 && \ - bash packer.build.amd64-debian.sh \ + sudo bash packer.build.amd64-debian.sh \ --pack lean \ --github_user $(GITHUB_ACTOR) \ --branch $(GITHUB_HEAD_REF) \ @@ -57,7 +57,7 @@ amd64-lean-server-legacyboot-image: amd64-fatpack-desktop-uefi-image: # Run the build script cd ci/amd64 && \ - bash packer.build.amd64-debian.sh \ + sudo bash packer.build.amd64-debian.sh \ --pack fatpack \ --github_user $(GITHUB_ACTOR) \ --branch $(GITHUB_HEAD_REF) \ @@ -83,7 +83,7 @@ amd64-fatpack-desktop-uefi-image: arm64-rpi-lean-image: # Run the build script cd ci/arm64-rpi && \ - bash packer.build.arm64-rpi.local.sh \ + sudo bash packer.build.arm64-rpi.local.sh \ --pack lean \ --github_user $(GITHUB_ACTOR) \ --branch $(GITHUB_HEAD_REF) diff --git a/ci/arm64-rpi/packer.build.arm64-rpi.local.sh b/ci/arm64-rpi/packer.build.arm64-rpi.local.sh index c18640bfc..3386ad337 100644 --- a/ci/arm64-rpi/packer.build.arm64-rpi.local.sh +++ b/ci/arm64-rpi/packer.build.arm64-rpi.local.sh @@ -59,7 +59,8 @@ go build || exit 1 # set vars echo "# Setting the variables: $*" -source ../set_variables.sh +# running from the ci/arm64-rpi/packer-builder-arm directory +source ../../set_variables.sh set_variables "$@" cp ../build.arm64-rpi.pkr.hcl ./ diff --git a/ci/packer.sh b/ci/packer.sh new file mode 100644 index 000000000..46c5cdf1a --- /dev/null +++ b/ci/packer.sh @@ -0,0 +1,259 @@ +#!/usr/bin/env bash + +######################################################################### +# script to trigger packer image build on a debian LIVE system +# see FAQ.dev.md for instructions +########################################################################## + +# YOUR REPO (REPLACE WITH YOUR OWN FORK IF NEEDED) +REPO="https://github.com/raspiblitz/raspiblitz" + +# folders to store the build results +BUILDFOLDER="images" + +echo "Build RaspiBlitz install images on a Debian LIVE system" +echo "From repo (change in script is needed):" +echo $REPO +echo "Results will be stored in:" +echo $BUILDFOLDER + +# give info if not started with parameters +if [ $# -eq 0 ] || [ "$1" = "-h" ] || [ "$1" = "-help" ]; then + echo "Start this script in the root of an writable 128GB NTFS formatted USB drive:" + echo "packer.sh [BRANCH] [arm|x86] [min|fat] [?lastcommithash]" + exit 1 +fi + +BRANCH=$1 +ARCH=$2 +TYPE=$3 +COMMITHASH=$4 + +# check if branch is set +if [ "$BRANCH" == "[BRANCH]" ]; then + echo "error='branch not set'" + exit 1 +fi + +# check if output is set +if [ -z "$ARCH" ]; then + echo "error='ARCH not set'" + exit 1 +fi + +# check if output is set +if [ -z "TYPE" ]; then + echo "error='TYPE not set'" + exit 1 +fi + +# check if started with sudo +if [ "$EUID" -ne 0 ]; then + echo "error='run as root / may use sudo'" + exit 1 +fi + +# install git and make +apt update && apt install -y git make + +# clean old repo +rm -rf raspiblitz 2>/dev/null + +# download the repo +git clone $REPO +if [ $? -gt 0 ]; then + echo "# REPO: ${REPO}" + echo "error='git clone failed'" + exit 1 +fi + +cd raspiblitz + +# checkout the desired branch +git checkout $BRANCH + +# check commit hash if set +if [ ${#COMMITHASH} -gt 0 ]; then + echo "# CHECKING COMMITHASH" + actualCOMMITHASH=$(git log -1 --format=%H) + echo "# actual(${actualCOMMITHASH}) ?= wanted(${COMMITHASH})" + matches=$(echo "${actualCOMMITHASH}" | grep -c "${COMMITHASH}") + if [ ${matches} -eq 0 ]; then + echo "error='COMMITHASH of branch does not match'" + exit 1 + fi + echo "# COMMITHASH CHECK OK" +else + echo "# NO COMMITHASH CHECK" +fi + +# get code version +codeVersion=$(cat ./home.admin/_version.info | grep 'codeVersion="' | cut -d'"' -f2) +if [ ${#codeVersion} -eq 0 ]; then + echo "error='codeVersion not found'" + exit 1 +fi +echo "# RaspiBlitz Version: ${codeVersion}" + +# get date as string formatted like YEAR-MONTH-DAY +dateString=$(date +%Y-%m-%d) +echo "# Date: ${dateString}" + +if [ "${ARCH}" == "arm" ] && [ "${TYPE}" == "min" ]; then + PACKERTARGET="arm64-rpi-lean-image" + PACKERBUILDPATH="./raspiblitz/ci/arm64-rpi/packer-builder-arm/raspiblitz-arm64-rpi-lean.img" + PACKERFINALFILE="raspiblitz-min-${codeVersion}-${dateString}.img" +elif [ "${ARCH}" == "arm" ] && [ "${TYPE}" == "fat" ]; then + PACKERTARGET="arm64-rpi-fatpack-image" + PACKERBUILDPATH="./raspiblitz/ci/arm64-rpi/packer-builder-arm/TODO" #TODO + PACKERFINALFILE="raspiblitz-fat-${codeVersion}-${dateString}.img" +elif [ "${ARCH}" == "x86" ] && [ "${TYPE}" == "min" ]; then + PACKERTARGET="amd64-lean-server-legacyboot-image" + PACKERBUILDPATH="./raspiblitz/ci/amd64/builds/raspiblitz-amd64-debian-lean-qemu/raspiblitz-amd64-debian-lean.qcow2" + PACKERFINALFILE="raspiblitz-amd64-min-${codeVersion}-${dateString}.qcow2" +else + echo "error='$ARCH-$TYPE not supported'" + exit 1 +fi + +echo "# PACKER TARGET: ${PACKERTARGET}" +echo "# PACKER BUILD PATH: ${PACKERBUILDPATH}" +echo "# PACKER FINAL FILE: ${PACKERFINALFILE}" + +# check if file already exists +if [ -f "./${BUILDFOLDER}/${PACKERFINALFILE}.img.gz" ]; then + echo "error='image already exists'" + echo "# delete ./${BUILDFOLDER}/${PACKERFINALFILE}.img.gz (and all .sha256 & .sig) before trying again" + exit 1 +fi + +# prevent monitor to go to sleep during long non-interactive build +xset s off +gsettings set org.gnome.desktop.screensaver idle-activation-enabled false + +echo "# BUILDING '${PACKERTARGET}' ###########################################" +make $PACKERTARGET + +# check if build was successful +if [ $? -gt 0 ]; then + echo "# BUILDING FAILED ###########################################" + echo "# Check the output above for errors." + exit 1 +fi + +echo "# BUILDING SUCCESS ###########################################" + +echo "# moving build to timestamped folder ./${BUILDFOLDER}" +cd .. +mkdir "${BUILDFOLDER}" 2>/dev/null + +#check that Build folder exists +if [ ! -d "./${BUILDFOLDER}" ]; then + echo "# FAILED CREATING BUILD FOLDER: ./${BUILDFOLDER}" + exit 1 +fi + +# move .gz file to build folder +mv "${PACKERBUILDPATH}.gz" "./${BUILDFOLDER}/${PACKERFINALFILE}.gz" +if [ $? -gt 0 ]; then + echo "# FAILED MOVING .gz" + exit 1 +fi + +# move gz.sha256 file to build folder +mv "${PACKERBUILDPATH}.gz.sha256" "./${BUILDFOLDER}/${PACKERFINALFILE}.gz.sha256" +if [ $? -gt 0 ]; then + echo "# FAILED MOVING .gz.sha256" + exit 1 +fi + +# move sha256 file to build folder +mv "${PACKERBUILDPATH}.sha256" "./${BUILDFOLDER}/${PACKERFINALFILE}.sha256" +if [ $? -gt 0 ]; then + echo "# FAILED MOVING .sha256" + exit 1 +fi + +# special handling for qcow2 +if [ "${ARCH}" == "x86" ]; then + echo "# decompressing qcow2" + gunzip "./${BUILDFOLDER}/${PACKERFINALFILE}.gz" + echo "# converting qcow2 to raw" + qemu-img convert -f qcow2 -O raw "./${BUILDFOLDER}/${PACKERFINALFILE}.qcow2" "./${BUILDFOLDER}/${PACKERFINALFILE}.img" + if [ $? -gt 0 ]; then + echo "# FAILED CONVERTING qcow2 to raw" + exit 1 + fi + echo "# compressing raw" + gzip -9 "./${BUILDFOLDER}/${PACKERFINALFILE}.img" + if [ $? -gt 0 ]; then + echo "# FAILED COMPRESSING raw" + exit 1 + fi + echo "# removing raw" + rm "./${BUILDFOLDER}/${PACKERFINALFILE}.img" + if [ $? -gt 0 ]; then + echo "# FAILED REMOVING raw" + exit 1 + fi +fi + + +echo "# clean up" +rm -rf raspiblitz 2>/dev/null + +echo "# SIGN & SECURE IMAGE ###########################################" +echo + +# security check that internet is cut +echo "# MANUAL ACTION NEEDED:" +echo "# Cut the connection to the internet before signing the image." +echo +echo "# Press RETURN to continue..." +read -r -p "" key +if ping -c 1 "1.1.1.1" &> /dev/null; then + echo "# FAIL - Internet connection is up - EXITING SCRIPT" + exit 1 +else + echo "# OK - Internet connection is cut" +fi +echo + +# Note down the SHA256 checksum of the image +echo "# MANUAL ACTION NEEDED:" +echo "# Note down the SHA256 checksum of the image:" +echo +cat ./${BUILDFOLDER}/${PACKERFINALFILE}.gz.sha256 +echo +echo "# Press RETURN to continue..." +read -r -p "" key + +# import the signer keys +echo "# MANUAL ACTION NEEDED:" +echo "# Keep this terminal open and the 128GB stick connected." +echo "# Additionalley connect and unlock the USB device with the signer keys." +echo "# Open in Filemanager and use right-click 'Open in Termonal' and run:" +echo "# sudo gpg --import ./sub.key" +echo "# Close that second terminal and remove USB device with signer keys." +echo +echo "# Press RETURN to continue..." +read -r -p "" key + +# signing instructions +echo "# MANUAL ACTION NEEDED:" +echo "# Please wait infront of the screen until the signing process is asks you for the password." +echo +cd "${BUILDFOLDER}" +gpg --output ${PACKERFINALFILE}.gz.sig --detach-sign ${PACKERFINALFILE}.gz +if [ $? -gt 0 ]; then + echo "# !!!!!!! SIGNING FAILED - redo manual before closing this terminbal !!!!!!!" + echo "gpg --output ${PACKERFINALFILE}.gz.sig --detach-sign ${PACKERFINALFILE}.gz" +else + echo "# OK Signing successful." +fi + +# last notes +echo +echo "Close this terminal and eject your 128GB usb device." +echo "Have fun with your build image on it under:" +echo "${BUILDFOLDER}/${PACKERFINALFILE}.gz"