#!/usr/bin/env bash ######################################################################### # script to trigger packer image build on a debian LIVE system # see FAQ.dev.md for instructions ########################################################################## # YOUR REPO (REPLACE WITH YOUR OWN FORK IF NEEDED) REPO="https://github.com/raspiblitz/raspiblitz" # folders to store the build results BUILDFOLDER="images" echo "Build RaspiBlitz install images on a Debian LIVE system" echo "From repo (change in script is needed):" echo $REPO echo "Results will be stored in:" echo $BUILDFOLDER # give info if not started with parameters if [ $# -eq 0 ] || [ "$1" = "-h" ] || [ "$1" = "-help" ]; then echo "Start this script in the root of an writable 128GB NTFS formatted USB drive:" echo "packer.sh [BRANCH] [arm|x86] [min|fat] [?lastcommithash]" exit 1 fi BRANCH=$1 ARCH=$2 TYPE=$3 COMMITHASH=$4 # check if branch is set if [ "$BRANCH" == "[BRANCH]" ]; then echo "error='branch not set'" exit 1 fi # check if output is set if [ -z "$ARCH" ]; then echo "error='ARCH not set'" exit 1 fi # check if output is set if [ -z "TYPE" ]; then echo "error='TYPE not set'" exit 1 fi # check if started with sudo if [ "$EUID" -ne 0 ]; then echo "error='run as root / may use sudo'" exit 1 fi # install git and make apt update && apt install -y git make # clean old repo rm -rf raspiblitz 2>/dev/null # download the repo git clone $REPO if [ $? -gt 0 ]; then echo "# REPO: ${REPO}" echo "error='git clone failed'" exit 1 fi cd raspiblitz # checkout the desired branch git checkout $BRANCH # check commit hash if set if [ ${#COMMITHASH} -gt 0 ]; then echo "# CHECKING COMMITHASH" actualCOMMITHASH=$(git log -1 --format=%H) echo "# actual(${actualCOMMITHASH}) ?= wanted(${COMMITHASH})" matches=$(echo "${actualCOMMITHASH}" | grep -c "${COMMITHASH}") if [ ${matches} -eq 0 ]; then echo "error='COMMITHASH of branch does not match'" exit 1 fi echo "# COMMITHASH CHECK OK" else echo "# NO COMMITHASH CHECK" fi # get code version codeVersion=$(cat ./home.admin/_version.info | grep 'codeVersion="' | cut -d'"' -f2) if [ ${#codeVersion} -eq 0 ]; then echo "error='codeVersion not found'" exit 1 fi echo "# RaspiBlitz Version: ${codeVersion}" # get date as string formatted like YEAR-MONTH-DAY dateString=$(date +%Y-%m-%d) echo "# Date: ${dateString}" if [ "${ARCH}" == "arm" ] && [ "${TYPE}" == "min" ]; then PACKERTARGET="arm64-rpi-lean-image" PACKERBUILDPATH="./raspiblitz/ci/arm64-rpi/packer-builder-arm/raspiblitz-arm64-rpi-lean.img" PACKERFINALFILE="raspiblitz-min-${codeVersion}-${dateString}.img" elif [ "${ARCH}" == "arm" ] && [ "${TYPE}" == "fat" ]; then PACKERTARGET="arm64-rpi-fatpack-image" PACKERBUILDPATH="./raspiblitz/ci/arm64-rpi/packer-builder-arm/TODO" #TODO PACKERFINALFILE="raspiblitz-fat-${codeVersion}-${dateString}.img" elif [ "${ARCH}" == "x86" ] && [ "${TYPE}" == "min" ]; then PACKERTARGET="amd64-lean-server-legacyboot-image" PACKERBUILDPATH="./raspiblitz/ci/amd64/builds/raspiblitz-amd64-debian-lean-qemu/raspiblitz-amd64-debian-lean.qcow2" PACKERFINALFILE="raspiblitz-amd64-min-${codeVersion}-${dateString}.qcow2" else echo "error='$ARCH-$TYPE not supported'" exit 1 fi echo "# PACKER TARGET: ${PACKERTARGET}" echo "# PACKER BUILD PATH: ${PACKERBUILDPATH}" echo "# PACKER FINAL FILE: ${PACKERFINALFILE}" # check if file already exists if [ -f "./${BUILDFOLDER}/${PACKERFINALFILE}.img.gz" ]; then echo "error='image already exists'" echo "# delete ./${BUILDFOLDER}/${PACKERFINALFILE}.img.gz (and all .sha256 & .sig) before trying again" exit 1 fi # prevent monitor to go to sleep during long non-interactive build xset s off gsettings set org.gnome.desktop.screensaver idle-activation-enabled false echo "# BUILDING '${PACKERTARGET}' ###########################################" make $PACKERTARGET # check if build was successful if [ $? -gt 0 ]; then echo "# BUILDING FAILED ###########################################" echo "# Check the output above for errors." exit 1 fi echo "# BUILDING SUCCESS ###########################################" echo "# moving build to timestamped folder ./${BUILDFOLDER}" cd .. mkdir "${BUILDFOLDER}" 2>/dev/null #check that Build folder exists if [ ! -d "./${BUILDFOLDER}" ]; then echo "# FAILED CREATING BUILD FOLDER: ./${BUILDFOLDER}" exit 1 fi # move .gz file to build folder mv "${PACKERBUILDPATH}.gz" "./${BUILDFOLDER}/${PACKERFINALFILE}.gz" if [ $? -gt 0 ]; then echo "# FAILED MOVING .gz" exit 1 fi # move gz.sha256 file to build folder mv "${PACKERBUILDPATH}.gz.sha256" "./${BUILDFOLDER}/${PACKERFINALFILE}.gz.sha256" if [ $? -gt 0 ]; then echo "# FAILED MOVING .gz.sha256" exit 1 fi # move sha256 file to build folder mv "${PACKERBUILDPATH}.sha256" "./${BUILDFOLDER}/${PACKERFINALFILE}.sha256" if [ $? -gt 0 ]; then echo "# FAILED MOVING .sha256" exit 1 fi # special handling for qcow2 if [ "${ARCH}" == "x86" ]; then echo "# decompressing qcow2" gunzip "./${BUILDFOLDER}/${PACKERFINALFILE}.gz" echo "# converting qcow2 to raw" qemu-img convert -f qcow2 -O raw "./${BUILDFOLDER}/${PACKERFINALFILE}.qcow2" "./${BUILDFOLDER}/${PACKERFINALFILE}.img" if [ $? -gt 0 ]; then echo "# FAILED CONVERTING qcow2 to raw" exit 1 fi echo "# compressing raw" gzip -9 "./${BUILDFOLDER}/${PACKERFINALFILE}.img" if [ $? -gt 0 ]; then echo "# FAILED COMPRESSING raw" exit 1 fi echo "# removing raw" rm "./${BUILDFOLDER}/${PACKERFINALFILE}.img" if [ $? -gt 0 ]; then echo "# FAILED REMOVING raw" exit 1 fi fi echo "# clean up" rm -rf raspiblitz 2>/dev/null echo "# SIGN & SECURE IMAGE ###########################################" echo # security check that internet is cut echo "# MANUAL ACTION NEEDED:" echo "# Cut the connection to the internet before signing the image." echo echo "# Press RETURN to continue..." read -r -p "" key if ping -c 1 "1.1.1.1" &> /dev/null; then echo "# FAIL - Internet connection is up - EXITING SCRIPT" exit 1 else echo "# OK - Internet connection is cut" fi echo # Note down the SHA256 checksum of the image echo "# MANUAL ACTION NEEDED:" echo "# Note down the SHA256 checksum of the image:" echo cat ./${BUILDFOLDER}/${PACKERFINALFILE}.gz.sha256 echo echo "# Press RETURN to continue..." read -r -p "" key # import the signer keys echo "# MANUAL ACTION NEEDED:" echo "# Keep this terminal open and the 128GB stick connected." echo "# Additionalley connect and unlock the USB device with the signer keys." echo "# Open in Filemanager and use right-click 'Open in Termonal' and run:" echo "# sudo gpg --import ./sub.key" echo "# Close that second terminal and remove USB device with signer keys." echo echo "# Press RETURN to continue..." read -r -p "" key # signing instructions echo "# MANUAL ACTION NEEDED:" echo "# Please wait infront of the screen until the signing process is asks you for the password." echo cd "${BUILDFOLDER}" gpg --output ${PACKERFINALFILE}.gz.sig --detach-sign ${PACKERFINALFILE}.gz if [ $? -gt 0 ]; then echo "# !!!!!!! SIGNING FAILED - redo manual before closing this terminbal !!!!!!!" echo "gpg --output ${PACKERFINALFILE}.gz.sig --detach-sign ${PACKERFINALFILE}.gz" else echo "# OK Signing successful." fi # last notes echo echo "Close this terminal and eject your 128GB usb device." echo "Have fun with your build image on it under:" echo "${BUILDFOLDER}/${PACKERFINALFILE}.gz"