diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 6cddad8..5d1da99 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -18,5 +18,7 @@ jobs: ./configure make sudo cp mkp224o /usr/local/bin + - name: Install other dependencies + run: sudo apt install whois - name: Run unit tests run: ./test/bats/bin/bats ./test/test-finalize-nakamochi.bats diff --git a/README.md b/README.md index 708ebfd..afaf87c 100644 --- a/README.md +++ b/README.md @@ -191,7 +191,25 @@ shutdown the device with `poweroff`, plug the SD card into a PC and make an imag mount the image; the `offset` is the beginning of the second partition in sectors multiplied by the sector unit, typically 512 bytes: - mount -o loop -o offset=68157440 path/to/sdcard.img /mnt/img + mount -o loop -o offset=269484032 path/to/sdcard.img /mnt/img + +correct `offset` value changes between Void Linux releases, can be calculated by +looking at `fdisk -l` output and then multiplying `Start` value with logical +`Sector size`. + + $ fdisk -l path/to/sdcard.img + Disk sdcard.img: 1.88 GiB, 2014314496 bytes, 3934208 sectors + Units: sectors of 1 * 512 = 512 bytes + Sector size (logical/physical): 512 bytes / 512 bytes + I/O size (minimum/optimal): 512 bytes / 512 bytes + Disklabel type: dos + Disk identifier: 0x67e94b25 + + Device Boot Start End Sectors Size Id Type + sdcard.img1 * 2048 526335 524288 256M b W95 FAT32 + sdcard.img2 526336 3934174 3407839 1.6G 83 Linux + $ echo $((526336*512)) + 269484032 once mounted, clear logs, shell history, ssh keys and networks from `/etc/wpa/wpa_supplicant.conf`. diff --git a/rootfiles/etc/wpa_supplicant/wpa_supplicant.conf b/rootfiles/etc/wpa_supplicant/wpa_supplicant.conf new file mode 100644 index 0000000..d8ceac9 --- /dev/null +++ b/rootfiles/etc/wpa_supplicant/wpa_supplicant.conf @@ -0,0 +1,12 @@ +# Default configuration file for wpa_supplicant.conf(5). + +ctrl_interface=/run/wpa_supplicant +ctrl_interface_group=wheel +eapol_version=1 +ap_scan=1 +fast_reauth=1 +update_config=1 +passive_scan=1 + +# Add here your networks. + diff --git a/tools/finalize-nakamochi.sh b/tools/finalize-nakamochi.sh index f84e94e..e503329 100755 --- a/tools/finalize-nakamochi.sh +++ b/tools/finalize-nakamochi.sh @@ -271,16 +271,16 @@ run_main() sed -i "s/^#?PermitRootLogin.*/PermitRootLogin yes/" "$USD_MOUNT_POINT"/etc/ssh/sshd_config sed -i "s/^#?PasswordAuthentication.*/PasswordAuthentication yes/" "$USD_MOUNT_POINT"/etc/ssh/sshd_config root_pass="nakamochi" - crypted_root_pass="$(mkpasswd "$root_pass")" - sed -i "s/^root:[^:]*:/root:$crypted_root_pass:/" "$USD_MOUNT_POINT"/etc/shadow + crypted_root_pass="$(mkpasswd "$root_pass" | sed 's/\$/\\\$/g')" + sed -i "s|^root:[^:]*:|root:$crypted_root_pass:|" "$USD_MOUNT_POINT"/etc/shadow echo "done." echo "Test image root password is $root_pass, ssh root login allowed." else echo -n "Finalizing image for production ... " sed -i "s/^#?PermitRootLogin.*/PermitRootLogin no/" "$USD_MOUNT_POINT"/etc/ssh/sshd_config sed -i "s/^#?PasswordAuthentication.*/PasswordAuthentication no/" "$USD_MOUNT_POINT"/etc/ssh/sshd_config - crypted_root_pass="$(mkpasswd "$(tr -dc 'A-Za-z0-9' < /dev/urandom | head -c 13; echo)")" - sed -i "s/^root:[^:]*:/root:$crypted_root_pass:/" "$USD_MOUNT_POINT"/etc/shadow + crypted_root_pass="$(mkpasswd "$(tr -dc 'A-Za-z0-9' < /dev/urandom | head -c 13; echo)" | sed 's/\$/\\\$/g')" + sed -i "s|^root:[^:]*:|root:$crypted_root_pass:|" "$USD_MOUNT_POINT"/etc/shadow echo "done." fi @@ -292,6 +292,15 @@ run_main() echo "done." fi + # clear logs, shell history, ssh keys and networks + echo -n "Clearing logs, shell history, ssh keys and networks ... " + rm -f "$USD_MOUNT_POINT"/var/log/* 2> /dev/null + for d in "$USD_MOUNT_POINT"/var/log/socklog/*; do echo > "$d/current"; done + rm "$USD_MOUNT_POINT"/root/.bash_history + echo > "$USD_MOUNT_POINT"/root/.ssh/authorized_keys + cp "$(dirname "$0")"/../rootfiles/etc/wpa_supplicant/wpa_supplicant.conf "$USD_MOUNT_POINT"/etc/wpa_supplicant/wpa_supplicant.conf + echo "done." + sync echo "All DONE, Nakamochi uSD and SSD should be ready!" }