olavmrk/build-root.sh

## build-root.sh
#!/bin/bash
set -e

WORK_DIR="$(mktemp --directory --tmpdir build-root.XXXXXXXX)"
trap 'rm -rf "${WORK_DIR}"' EXIT

if [ -f rootcache.tar.gz ]; then
    tar --extract --numeric-owner --gzip --file rootcache.tar.gz --directory "${WORK_DIR}"
else
    debootstrap --variant=minbase --include=linux-image-amd64,ifupdown,isc-dhcp-client,openssh-server,less,nano,python,lvm2,debootstrap jessie "${WORK_DIR}" http://httpredir.debian.org/debian
    tar --create --numeric-owner --gzip --file rootcache.tar.gz --directory "${WORK_DIR}" .
fi


# Clean up file with misleading information from host
rm "${WORK_DIR}/etc/hostname"

# Disable installation of recommended packages
echo 'APT::Install-Recommends "false";' >"${WORK_DIR}/etc/apt/apt.conf.d/50norecommends"

# Configure networking
cat >>"${WORK_DIR}/etc/network/interfaces" <<'EOF'
auto lo
iface lo inet loopback
auto eth0
iface eth0 inet dhcp
EOF
cat >>"${WORK_DIR}/etc/resolv.conf" <<'EOF'
nameserver 8.8.8.8
nameserver 8.8.4.4
EOF


# Set up initramfs for booting with squashfs+aufs
cat >> "${WORK_DIR}/etc/initramfs-tools/modules" <<'EOF'
squashfs
aufs
EOF
cat >"${WORK_DIR}/etc/initramfs-tools/scripts/init-bottom/aufs" <<'EOF'
#!/bin/sh -e
case $1 in
  prereqs)
    exit 0
    ;;
esac
mkdir /ro
mkdir /rw
mount -n -o mode=0755 -t tmpfs root-rw /rw
mount -n -o move ${rootmnt} /ro
mount -n -o dirs=/rw:/ro=ro -t aufs root-aufs ${rootmnt}
mkdir ${rootmnt}/ro
mkdir ${rootmnt}/rw
mount -n -o move /ro ${rootmnt}/ro
mount -n -o move /rw ${rootmnt}/rw
EOF
chmod +x "${WORK_DIR}/etc/initramfs-tools/scripts/init-bottom/aufs"
chroot "${WORK_DIR}" update-initramfs -u


# Implement insecurity
chroot "${WORK_DIR}" passwd -d root # remove password on root account
sed -i 's/pam_unix.so nullok_secure/pam_unix.so nullok/' "${WORK_DIR}/etc/pam.d/common-auth"
sed -i 's/PermitRootLogin without-password/PermitRootLogin yes/' "${WORK_DIR}/etc/ssh/sshd_config"
sed -i 's/PermitEmptyPasswords no/PermitEmptyPasswords yes/' "${WORK_DIR}/etc/ssh/sshd_config"


# Clean up temporary files
rm -rf "${WORK_DIR}"/var/cache/apt/*


# Build the root filesystem image, and extract the accompanying kernel and initramfs
mksquashfs "${WORK_DIR}" br.sqashfs.new -noappend; mv br.sqashfs.new br.sqashfs
cp -p "${WORK_DIR}/boot"/vmlinuz-* br.vmlinuz.new; mv br.vmlinuz.new br.vmlinuz
cp -p "${WORK_DIR}/boot"/initrd.img-* br.initrd.new; mv br.initrd.new br.initrd
	#!/bin/bash
	set -e

	WORK_DIR="$(mktemp --directory --tmpdir build-root.XXXXXXXX)"
	trap 'rm -rf "${WORK_DIR}"' EXIT

	if [ -f rootcache.tar.gz ]; then
	tar --extract --numeric-owner --gzip --file rootcache.tar.gz --directory "${WORK_DIR}"
	else
	debootstrap --variant=minbase --include=linux-image-amd64,ifupdown,isc-dhcp-client,openssh-server,less,nano,python,lvm2,debootstrap jessie "${WORK_DIR}" http://httpredir.debian.org/debian
	tar --create --numeric-owner --gzip --file rootcache.tar.gz --directory "${WORK_DIR}" .
	fi


	# Clean up file with misleading information from host
	rm "${WORK_DIR}/etc/hostname"

	# Disable installation of recommended packages
	echo 'APT::Install-Recommends "false";' >"${WORK_DIR}/etc/apt/apt.conf.d/50norecommends"

	# Configure networking
	cat >>"${WORK_DIR}/etc/network/interfaces" <<'EOF'
	auto lo
	iface lo inet loopback
	auto eth0
	iface eth0 inet dhcp
	EOF
	cat >>"${WORK_DIR}/etc/resolv.conf" <<'EOF'
	nameserver 8.8.8.8
	nameserver 8.8.4.4
	EOF


	# Set up initramfs for booting with squashfs+aufs
	cat >> "${WORK_DIR}/etc/initramfs-tools/modules" <<'EOF'
	squashfs
	aufs
	EOF
	cat >"${WORK_DIR}/etc/initramfs-tools/scripts/init-bottom/aufs" <<'EOF'
	#!/bin/sh -e
	case $1 in
	prereqs)
	exit 0
	;;
	esac
	mkdir /ro
	mkdir /rw
	mount -n -o mode=0755 -t tmpfs root-rw /rw
	mount -n -o move ${rootmnt} /ro
	mount -n -o dirs=/rw:/ro=ro -t aufs root-aufs ${rootmnt}
	mkdir ${rootmnt}/ro
	mkdir ${rootmnt}/rw
	mount -n -o move /ro ${rootmnt}/ro
	mount -n -o move /rw ${rootmnt}/rw
	EOF
	chmod +x "${WORK_DIR}/etc/initramfs-tools/scripts/init-bottom/aufs"
	chroot "${WORK_DIR}" update-initramfs -u


	# Implement insecurity
	chroot "${WORK_DIR}" passwd -d root # remove password on root account
	sed -i 's/pam_unix.so nullok_secure/pam_unix.so nullok/' "${WORK_DIR}/etc/pam.d/common-auth"
	sed -i 's/PermitRootLogin without-password/PermitRootLogin yes/' "${WORK_DIR}/etc/ssh/sshd_config"
	sed -i 's/PermitEmptyPasswords no/PermitEmptyPasswords yes/' "${WORK_DIR}/etc/ssh/sshd_config"


	# Clean up temporary files
	rm -rf "${WORK_DIR}"/var/cache/apt/*


	# Build the root filesystem image, and extract the accompanying kernel and initramfs
	mksquashfs "${WORK_DIR}" br.sqashfs.new -noappend; mv br.sqashfs.new br.sqashfs
	cp -p "${WORK_DIR}/boot"/vmlinuz-* br.vmlinuz.new; mv br.vmlinuz.new br.vmlinuz
	cp -p "${WORK_DIR}/boot"/initrd.img-* br.initrd.new; mv br.initrd.new br.initrd