diff --git a/Makefile b/Makefile index eaf682f0..8376bc75 100644 --- a/Makefile +++ b/Makefile @@ -38,10 +38,10 @@ $(PWN_RELEASE).img: | $(PACKER) # If the packer or ansible files are updated, rebuild the image. $(PWN_RELEASE).img: $(SDIST) builder/pwnagotchi.json builder/pwnagotchi.yml $(shell find builder/data -type f) - sudo $(PACKER) plugins install github.com/solo-io/arm-image - cd builder && sudo $(UNSHARE) $(PACKER) build -var "pwn_hostname=$(PWN_HOSTNAME)" -var "pwn_version=$(PWN_VERSION)" pwnagotchi.json - sudo chown -R $$USER:$$USER builder/output-pwnagotchi - mv builder/output-pwnagotchi/image $@ + # $(PACKER) plugins install github.com/mkaczanowski/builder-arm + cd builder/packer-builder-arm/packer-builder-arm && sudo $(UNSHARE) $(PACKER) build -var "pwn_hostname=$(PWN_HOSTNAME)" -var "pwn_version=$(PWN_VERSION)" ../../pwnagotchi.json + sudo chown -R $$USER:$$USER ../../builder/output-pwnagotchi + mv ../../builder/output-pwnagotchi/image $@ # If any of these files are updated, rebuild the checksums. $(PWN_RELEASE).sha256: $(PWN_RELEASE).img @@ -57,6 +57,6 @@ image: $(PWN_RELEASE).zip clean: - python3 setup.py clean --all - rm -rf dist pwnagotchi.egg-info - - rm -f $(PACKER) - - rm -f $(PWN_RELEASE).* + - rm -rf $(PACKER) + - rm -rf $(PWN_RELEASE).* - sudo rm -rf builder/output-pwnagotchi builder/packer_cache diff --git a/builder/pwnagotchi.json b/builder/pwnagotchi.json index f045ed95..fdbe78a6 100644 --- a/builder/pwnagotchi.json +++ b/builder/pwnagotchi.json @@ -1,27 +1,65 @@ -{ "builders": [ +{ + "builders": [ { "name": "pwnagotchi", - "type": "arm-image", - "iso_url": "https://downloads.raspberrypi.org/raspios_lite_arm64/images/raspios_lite_arm64-2023-05-03/2023-05-03-raspios-bullseye-arm64-lite.img.xz", - "iso_checksum": "sha256:bf982e56b0374712d93e185780d121e3f5c3d5e33052a95f72f9aed468d58fa7", - "target_image_size": 9368709120, - "qemu_args": [ - "-m 8G" - ] + "type": "arm", + "file_urls": "https://downloads.raspberrypi.org/raspios_lite_arm64/images/raspios_lite_arm64-2023-05-03/2023-05-03-raspios-bullseye-arm64-lite.img.xz", + "file_checksum_url": "https://downloads.raspberrypi.org/raspios_lite_arm64/images/raspios_lite_arm64-2023-05-03/2023-05-03-raspios-bullseye-arm64-lite.img.xz.sha256", + "file_checksum_type": "sha256", + "file_target_extension": "xz", + "file_unarchive_cmd": ["xz", "--decompress", "$ARCHIVE_PATH"], + "image_path": "pwnagotchi.img.tar.gz", + "image_size": "10G", + "image_type": "dos", + "qemu_binary_destination_path": "/usr/bin/qemu-aarch64-static", + "qemu_binary_source_path": "/usr/bin/qemu-aarch64-static", + "image_build_method": "resize", + "image_partitions": [ + { + "name": "boot", + "type": "c", + "start_sector": "2048", + "filesystem": "fat", + "size": "256M", + "mountpoint": "/boot/firmware" + }, + { + "name": "root", + "type": "83", + "start_sector": "526336", + "filesystem": "ext4", + "size": "0", + "mountpoint": "/" + } + ], + "image_chroot_env": ["PATH=/usr/local/bin:/usr/local/sbin:/usr/bin:/usr/sbin:/bin:/sbin"] } ], "provisioners": [ + { + "inline": ["mkdir -p /usr/local/src/pwnagotchi"], + "type": "shell" + }, { "type": "file", "sources": [ - "../dist/pwnagotchi-{{user `pwn_version`}}.tar.gz" + "../../../dist/pwnagotchi-{{user `pwn_version`}}.tar.gz" ], "destination": "/usr/local/src/pwnagotchi/" }, + { + "type": "shell", + "inline": [ + "apt-get -y --allow-releaseinfo-change update", + "apt-get install -y --no-install-recommends ansible" + ] + }, { "type": "ansible-local", - "playbook_file": "pwnagotchi.yml", - "extra_arguments": [ "--extra-vars \"ansible_python_interpreter=/usr/bin/python3\"" ], + "playbook_file": "../../../builder/pwnagotchi.yml", + "extra_arguments": [ + "--extra-vars \"ansible_python_interpreter=/usr/bin/python3\"" + ], "command": "ANSIBLE_FORCE_COLOR=1 PYTHONUNBUFFERED=1 PWN_VERSION={{user `pwn_version`}} PWN_HOSTNAME={{user `pwn_hostname`}} ansible-playbook" } ] diff --git a/builder/pwnagotchi.yml b/builder/pwnagotchi.yml index 9b16eae1..a636167a 100644 --- a/builder/pwnagotchi.yml +++ b/builder/pwnagotchi.yml @@ -1,7 +1,7 @@ --- - hosts: - - 127.0.0.1 - become: yes + - all + become: true vars: pwnagotchi: hostname: "{{ lookup('env', 'PWN_HOSTNAME') | default('pwnagotchi', true) }}" @@ -48,7 +48,6 @@ - libpcap0.8-dev remove: - raspberrypi-net-mods - - dhcpcd5 - triggerhappy - wpa_supplicant - nfs-common @@ -138,8 +137,11 @@ tasks: - name: change hostname - hostname: - name: "{{pwnagotchi.hostname}}" + lineinfile: + dest: /etc/hostname + regexp: '^raspberrypi' + line: "{{pwnagotchi.hostname}}" + state: present when: lookup('file', '/etc/hostname') == "raspberrypi" register: hostname @@ -163,25 +165,23 @@ update_cache: yes - name: remove unnecessary apt packages + become_user: root apt: name: "{{ packages.apt.remove }}" state: absent purge: yes - name: upgrade apt distro + become_user: root apt: upgrade: dist - name: install packages + become_user: root apt: name: "{{ packages.apt.install }}" state: present - - name: configure dphys-swapfile - file: - path: /etc/dphys-swapfile - content: "CONF_SWAPSIZE=1024" - - name: clone papirus repository git: repo: https://github.com/repaper/gratis.git @@ -335,18 +335,21 @@ # Raspberry Pi Zero 2w (chipset 43436b0) - name: make firmware patch (bcm43436b0) + become_user: root shell: "source ./setup_env.sh && cd /usr/local/src/nexmon/patches/bcm43436b0/9_88_4_65/nexmon/ && make" args: executable: /bin/bash chdir: /usr/local/src/nexmon/ - name: backup original firmware + become_user: root shell: "source ./setup_env.sh && cd /usr/local/src/nexmon/patches/bcm43436b0/9_88_4_65/nexmon/ && make backup-firmware" args: executable: /bin/bash chdir: /usr/local/src/nexmon/ - name: install new firmware + become_user: root shell: "source ./setup_env.sh && cd /usr/local/src/nexmon/patches/bcm43436b0/9_88_4_65/nexmon/ && make install-firmware" args: executable: /bin/bash @@ -355,18 +358,21 @@ # Raspberry Pi zero 2w (chipset 43430a1) - name: make firmware patch (bcm43430a1) + become_user: root shell: "source ./setup_env.sh && cd /usr/local/src/nexmon/patches/bcm43430a1/7_45_41_46/nexmon/ && make" args: executable: /bin/bash chdir: /usr/local/src/nexmon/ - name: backup original firmware + become_user: root shell: "source ./setup_env.sh && cd /usr/local/src/nexmon/patches/bcm43430a1/7_45_41_46/nexmon/ && make backup-firmware" args: executable: /bin/bash chdir: /usr/local/src/nexmon/ - name: install new firmware + become_user: root shell: "source ./setup_env.sh && cd /usr/local/src/nexmon/patches/bcm43430a1/7_45_41_46/nexmon/ && make install-firmware" args: executable: /bin/bash @@ -375,29 +381,34 @@ # Raspberry Pi 4 - name: make firmware patch (bcm43455c0) + become_user: root shell: "source ./setup_env.sh && cd /usr/local/src/nexmon/patches/bcm43455c0/7_45_206/nexmon/ && make" args: executable: /bin/bash chdir: /usr/local/src/nexmon/ - name: backup original firmware + become_user: root shell: "source ./setup_env.sh && cd /usr/local/src/nexmon/patches/bcm43455c0/7_45_206/nexmon/ && make backup-firmware" args: executable: /bin/bash chdir: /usr/local/src/nexmon/ - name: install new firmware + become_user: root shell: "source ./setup_env.sh && cd /usr/local/src/nexmon/patches/bcm43455c0/7_45_206/nexmon/ && make install-firmware" args: executable: /bin/bash chdir: /usr/local/src/nexmon/ - name: copy modified driver + become_user: root copy: src: /usr/local/src/nexmon/patches/driver/brcmfmac_6.1.y-nexmon/brcmfmac.ko dest: "/lib/modules/{{ ansible_kernel }}/kernel/drivers/net/wireless/broadcom/brcm80211/brcmfmac/brcmfmac.ko" - name: "Update kernel modules" + become_user: root command: /sbin/depmod -a # To shrink the final image, remove the nexmon directory (takes 2.5G of space) post build and installation @@ -429,16 +440,19 @@ fi - name: create /etc/pwnagotchi folder + become_user: root file: path: /etc/pwnagotchi state: directory - name: check if user configuration exists + become_user: root stat: path: /etc/pwnagotchi/config.toml register: user_config - name: create /etc/pwnagotchi/config.toml + become_user: root copy: dest: /etc/pwnagotchi/config.toml content: | @@ -449,11 +463,13 @@ when: not user_config.stat.exists - name: enable ssh on boot + become_user: root file: path: /boot/ssh state: touch - name: adjust /boot/config.txt + become_user: root lineinfile: dest: /boot/config.txt insertafter: EOF @@ -461,6 +477,7 @@ with_items: "{{system.boot_options}}" - name: adjust /etc/modules + become_user: root lineinfile: dest: /etc/modules insertafter: EOF @@ -468,6 +485,7 @@ with_items: "{{system.modules}}" - name: change root partition + become_user: root replace: dest: /boot/cmdline.txt backup: no @@ -475,6 +493,7 @@ replace: "root=/dev/mmcblk0p2" - name: configure /boot/cmdline.txt + become_user: root lineinfile: path: /boot/cmdline.txt backrefs: True @@ -484,6 +503,7 @@ line: '\1 modules-load=dwc2,g_ether' - name: configure motd + become_user: root copy: dest: /etc/motd content: | @@ -516,6 +536,7 @@ when: hostname.changed - name: clean apt cache + become_user: root apt: autoclean: yes @@ -533,12 +554,14 @@ - libpcap-dev_1.9.1-3_arm64.deb - name: install old libpcap packages + become_user: root apt: deb: /usr/local/src/libpcap* args: allow-downgrades register: libpcap - name: add firmware packages to hold + become_user: root dpkg_selections: name: "{{ item }}" selection: hold @@ -546,6 +569,7 @@ when: libpcap.changed - name: enable services + become_user: root systemd: name: "{{ item }}" state: started @@ -553,6 +577,7 @@ with_items: "{{ services.enable }}" - name: disable unecessary services + become_user: root systemd: name: "{{ item }}" state: stopped @@ -560,6 +585,7 @@ with_items: "{{ services.disable }}" - name: remove ssh keys + become_user: root file: state: absent path: "{{item}}" @@ -568,5 +594,6 @@ handlers: - name: reload systemd services + become_user: root systemd: daemon_reload: yes