-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy path101strap_img
222 lines (185 loc) · 9.03 KB
/
101strap_img
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
#!/bin/bash
set -ex
chdo() {
chroot "$ROOT" "$@"
}
enserv() {
chroot "$ROOT" systemctl enable "$@"
}
inspkg() {
DEBIAN_FRONTEND=noninteractive chroot "$ROOT" apt-get install --no-install-recommends --yes "$@"
}
cleanup() {
if [ -n "$DEBUG" ]; then
echo "Quit this bash if this is a successful run, to avoid filesystem integrity issues"
/bin/bash
fi
umount "$EFI" || true
umount -R "$ROOT" || true
qemu-nbd -d "$NBD" || true
}
trap cleanup EXIT
WORKSPACE="/target"
USER="ustc"
PASSWORD="ustc"
if [ ! -d "$WORKSPACE" ]; then
echo "$WORKSPACE is not a directory."
exit 1
elif [ "$(id -u)" -ne 0 ]; then
echo "You are not root!"
exit 1
elif [ ! -b "$NBD" ]; then
echo "$NBD is not block device"
exit 1
fi
# Create image file, EFI got 256M, and rootfs got remaining space
qemu-img create -f qcow2 "$WORKSPACE"/root.qcow2 10G
qemu-nbd -c "$NBD" --discard=unmap --detect-zeroes=unmap "$WORKSPACE"/root.qcow2
parted --script -a optimal "$NBD" mklabel gpt mkpart '"EFI System"' fat32 0% 256M set 1 esp on mkpart '"Linux system"' ext4 256M 100%
# Linux does not support device isolation (namespace), so you need to bind your /dev/ or mount devtmpfs to continue
EFIPART="$NBD"p1
ROOTPART="$NBD"p2
# Sanity check. TODO: automatically calc the real partition size
if [ "$(blockdev --getsize64 "$EFIPART")" != 254803968 ]; then
echo "Sanity check failed: EFI size unexpected"
qemu-nbd -d "$NBD"
exit 1
fi
# echo $(blockdev --getsize64 "$ROOTPART")
if [ "$(blockdev --getsize64 "$ROOTPART")" != 10480517120 ]; then
echo "Sanity check failed: rootfs size unexpected"
qemu-nbd -d "$NBD"
exit 1
fi
# Format
mkfs.fat -nEFI -F32 "$EFIPART"
mkfs.ext4 -I 256 -L "Linux system" -M / "$ROOTPART"
# Mount EFI partition and rootfs
EFI="/mnt/rootfs/boot/efi"
ROOT="/mnt/rootfs"
mkdir -p "$ROOT"
mount -o defaults,discard "$ROOTPART" "$ROOT"
mkdir -p "$EFI"
mount "$EFIPART" "$EFI"
debootstrap noble "$ROOT" http://mirrors.ustc.edu.cn/ubuntu/
mount proc "$ROOT/proc" -t proc
mount sysfs "$ROOT/sys" -t sysfs
echo "# 默认注释了源码镜像以提高 apt update 速度,如有需要可自行取消注释
deb https://mirrors.ustc.edu.cn/ubuntu/ noble main restricted universe multiverse
#deb-src https://mirrors.ustc.edu.cn/ubuntu/ noble main restricted universe multiverse
deb https://mirrors.ustc.edu.cn/ubuntu/ noble-updates main restricted universe multiverse
#deb-src https://mirrors.ustc.edu.cn/ubuntu/ noble-updates main restricted universe multiverse
deb https://mirrors.ustc.edu.cn/ubuntu/ noble-security main restricted universe multiverse
#deb-src https://mirrors.ustc.edu.cn/ubuntu/ noble-security main restricted universe multiverse" > "$ROOT/etc/apt/sources.list"
chdo apt update
chdo sh -c 'dpkg --get-selections | cut -f1 | xargs apt-mark auto'
# Note: xfce4-statusnotifier is no longer needed.
inspkg desktop-base xubuntu-core dpkg vim htop strace bash-completion xserver-xorg-video-vmware xserver-xorg-video-fbdev xserver-xorg-video-qxl open-vm-tools open-vm-tools-desktop \
virtualbox-guest-x11 network-manager-gnome xfce4-terminal xfce4-indicator-plugin xfce4-whiskermenu-plugin mugshot \
software-properties-gtk language-pack-zh-hans language-pack-gnome-zh-hans fonts-noto-cjk fcitx5 fcitx5-chinese-addons fcitx5-config-qt im-config \
language-selector-gnome fcitx5-frontend-gtk2 fcitx5-frontend-gtk3 fcitx5-frontend-gtk4 fcitx5-frontend-qt5 \
mate-calc mousepad build-essential eog file-roller baobab evince synaptic \
adwaita-icon-theme-full command-not-found gparted policykit-1-gnome \
iputils-ping netplan.io wget gdb git flatpak xdg-desktop-portal-gtk \
gnome-software gnome-software-plugin-flatpak libgles2
# Update command-not-found database and upgrade packages
chdo apt update
chdo apt upgrade -y
# Use mirrored flatpak remote.
chdo flatpak remote-add --if-not-exists flathub https://flathub.org/repo/flathub.flatpakrepo
chdo flatpak remote-modify flathub --url=https://mirrors.ustc.edu.cn/flathub
chdo flatpak update
# Set xdg-user-dirs to English
mkdir -p "$ROOT/etc/skel/.config"
cat << 'EOF' > "$ROOT/etc/skel/.config/user-dirs.dirs"
# This file is written by xdg-user-dirs-update
# If you want to change or add directories, just edit the line you're
# interested in. All local changes will be retained on the next run.
# Format is XDG_xxx_DIR="$HOME/yyy", where yyy is a shell-escaped
# homedir-relative path, or XDG_xxx_DIR="/yyy", where /yyy is an
# absolute path. No other format is supported.
#
XDG_DESKTOP_DIR="$HOME/Desktop"
XDG_DOWNLOAD_DIR="$HOME/Downloads"
XDG_TEMPLATES_DIR="$HOME/Templates"
XDG_PUBLICSHARE_DIR="$HOME/Public"
XDG_DOCUMENTS_DIR="$HOME/Documents"
XDG_MUSIC_DIR="$HOME/Music"
XDG_PICTURES_DIR="$HOME/Pictures"
XDG_VIDEOS_DIR="$HOME/Videos"
EOF
echo "zh_CN" > "$ROOT/etc/skel/.config/user-dirs.locale"
mkdir -p "$ROOT/etc/skel/Desktop" "$ROOT/etc/skel/Downloads" "$ROOT/etc/skel/Templates" \
"$ROOT/etc/skel/Public" "$ROOT/etc/skel/Documents" "$ROOT/etc/skel/Music" \
"$ROOT/etc/skel/Pictures" "$ROOT/etc/skel/Videos"
chdo echo "---- Install web browser ---"
chdo install -d -m 0755 /etc/apt/keyrings
chdo wget -q https://packages.mozilla.org/apt/repo-signing-key.gpg -O- | chdo tee /etc/apt/keyrings/packages.mozilla.org.asc > /dev/null
chdo gpg -n -q --import --import-options import-show /etc/apt/keyrings/packages.mozilla.org.asc | chdo awk '/pub/{getline; gsub(/^ +| +$/,""); if($0 == "35BAA0B33E9EB396F59CA838C0BA5CE6DC6315A3") print "\nThe key fingerprint matches ("$0").\n"; else print "\nVerification failed: the fingerprint ("$0") does not match the expected one.\n"}'
# chdo echo "deb [signed-by=/etc/apt/keyrings/packages.mozilla.org.asc] https://packages.mozilla.org/apt mozilla main" | chdo tee -a /etc/apt/sources.list.d/mozilla.list > /dev/null
chdo echo "deb [arch=amd64 signed-by=/etc/apt/keyrings/packages.mozilla.org.asc] https://mirrors.ustc.edu.cn/mozilla/apt mozilla main" | chdo tee -a /etc/apt/sources.list.d/mozilla.list > /dev/null
chdo echo '
Package: *
Pin: release a=mozilla
Pin-Priority: 1000
' | chdo tee /etc/apt/preferences.d/mozilla
chdo apt-get update && chdo apt-get install -y firefox
chdo apt-get install -y firefox-l10n-zh-cn
# Support trash bin
chdo apt install -y --no-install-recommends gvfs
# Adjust xfce clock to display date in correct format
# By default it would look like "11 3月, 12:34", which is a bit weird in Chinese
sed -i "s/%d %b/%x/" "$ROOT/etc/xdg/xdg-xubuntu/xfce4/panel/default.xml"
# Remove "Mail reader"
sed -i "/mail-reader/d" "$ROOT/etc/xdg/xdg-xubuntu/menus/xfce-applications.menu"
sed -i "s/,xfce4-mail-reader.desktop//" "$ROOT/etc/xdg/xdg-xubuntu/xfce4/whiskermenu/defaults.rc"
# Remove help (not working in epiphany, and taking space)
sed -i "s/,xfhelp4.desktop//" "$ROOT/etc/xdg/xdg-xubuntu/xfce4/whiskermenu/defaults.rc"
# Set default browser to debian default browser (here it is epiphany)
sed -i "s/firefox/debian-sensible-browser/g" "$ROOT/etc/xdg/xdg-xubuntu/xfce4/helpers.rc"
# Use default selection color in xfce4-terminal
sed -i "/ColorSelectionUseDefault/d" "$ROOT/etc/xdg/xdg-xubuntu/xfce4/terminal/terminalrc"
# User and host configuration
ln -sf /usr/share/zoneinfo/Asia/Shanghai "$ROOT/etc/localtime"
chdo dpkg-reconfigure --frontend noninteractive tzdata
echo "en_US.UTF-8 UTF-8" > "$ROOT/etc/locale.gen"
echo 'LANG=zh_CN.UTF-8
LANGUAGE="zh_CN.UTF-8"
LC_ALL="zh_CN.UTF-8"' > "$ROOT/etc/default/locale"
# /var/lib/locales/supported.d/zh-hans contains zh_CN.UTF-8
chdo locale-gen
chdo adduser --disabled-password --gecos "" "$USER"
echo "$USER:$PASSWORD" | chdo chpasswd
chdo adduser "$USER" sudo
echo "ustclug-linux101" > "$ROOT/etc/hostname"
echo "127.0.0.1 ustclug-linux101" >> "$ROOT/etc/hosts"
ROOTUUID=$(blkid -o export "$ROOTPART" | grep -e ^UUID | cut -d'=' -f2)
EFIUUID=$(blkid -o export "$EFIPART" | grep -e ^UUID | cut -d '=' -f2)
echo -e "UUID=$ROOTUUID\t/\text4\trw,relatime\t0\t1
UUID=$EFIUUID\t/boot/efi\tvfat\trw,relatime\t0\t1" > "$ROOT/etc/fstab"
# Let NetworkManager manage networking
echo "network:
version: 2
renderer: NetworkManager" > "$ROOT/etc/netplan/01-netcfg.yaml"
# guest's udev messes up with host's /dev (files like /dev/kvm will have their group owners set to a wrong value)
# so don't mount /dev inside chroot rootfs until last moment
mount --rbind --make-rslave /dev "$ROOT/dev"
# Install kernel and configure grub
inspkg linux-image-virtual grub-efi initramfs-tools cloud-initramfs-growroot
# GRUB requires available initrd to use root=UUID=xxx
chdo update-initramfs -k all -c
# Note that grub-install is executed within chroot, so we don't use $ROOT and $EFI here.
chdo grub-install --target=x86_64-efi "$NBD" --no-nvram
# Let grub show menu for convenience of debugging
sed -i "s/GRUB_TIMEOUT_STYLE=hidden/GRUB_TIMEOUT_STYLE=menu/" "$ROOT/etc/default/grub"
sed -i "s/GRUB_TIMEOUT=0/GRUB_TIMEOUT=5/" "$ROOT/etc/default/grub"
# Show kernal messages at startup, instead of XUbuntu logo
chdo sed -i 's/quiet//g; s/splash//g; s/ / /g; s/="\s/="/g; s/\s"/"/g' /etc/default/grub
chdo update-grub
# Cleanup
chdo apt autoremove -y && apt clean
rm -rf "$ROOT/var/cache"/*
# Trim filesystems
sync
fstrim -v "$EFI"
fstrim -v "$ROOT"