##### file: ./scripts/kiosk-check-update.sh #!/bin/bash$ $ ipfound=false$ while ! ${ipfound}; do$ $ interfaces=$(ip -o link show | awk -F': ' '{print $2}' | grep -vw\ lo)$ $ for iface in ${interfaces}; do$ echo checking interface ${iface}$ echo $(ip -4 addr show ${iface} | grep "inet " || echo)$ $ if ip -4 addr show ${iface} | grep -q "inet "; then$ $ ipfound=true$ break$ fi$ done$ $ sleep 1$ done$ $ $ ip a >/root/network.txt$ date >> /root/network.txt$ ##### file: ./scripts/build-iso.sh #!/usr/bin/bash$ # Script to build a custom Debian Live ISO$ # Inspired by:$ # - https://github.com/nuvious/debian-live-nano$ # - https://github.com/dpowers86/debian-live$ # - https://willhaley.com/blog/custom-debian-live-environment/$ $ set -e$ source /opt/scripts/execute_chroot.sh$ $ export DEBIAN_FRONTEND=noninteractive$ export KIOSK_CONFIG="https://kiosk.xz.pl/config.json"$ $ export LAYER01=/opt/overlay/01_base$ export LAYER02=/opt/overlay/02_boot$ export LAYER03=/opt/overlay/03_settings$ export LAYER04=/opt/overlay/04_core$ export LAYER05=/opt/overlay/05_wifi$ export LAYER06=/opt/overlay/06_update$ export LAYER07=/opt/overlay/07_ssh$ export LAYER08=/opt/overlay/08_gui$ export LAYER09=/opt/overlay/09_vnc$ export OVERLAYWORK=/opt/overlay/_workdir$ export OVERLAYMERGED=/opt/overlay/_merged$ $ mkdir -p $LAYER01 $LAYER02 $LAYER03 $LAYER04 $LAYER05 $LAYER06 $LAYER\ 07 $LAYER08 $LAYER09 $OVERLAYWORK $OVERLAYMERGED$ $ main_directory="/opt/scripts/build-iso.d"$ $ # Function to run scripts in a given directory$ $ # Iterate through each subdirectory in the main directory$ for subdir in "$main_directory"/*; do$ if [ -d "$subdir" ]; then$ $ echo "=============================="$ echo "Step: $(basename $subdir)"$ echo "=============================="$ $ $ $ if [ -f "${subdir}/10-prepare.sh" ] && [ -f "${subdir}/50-chr\ oot.sh" ] && [ -f "${subdir}/90-post.sh" ]; then$ sh ${subdir}/10-prepare.sh$ execute_chroot ${OVERLAYMERGED} ${subdir}/50-chroot.sh$ sh ${subdir}/90-post.sh$ fi$ fi$ done$ $ #find /opt/overlay/*/var/cache/{apt,} $ $ $ $ $ # Creating directory for building the live image$ mkdir -p /opt/iso/{EFI/boot,boot/grub/x86_64-efi,isolinux,live,module\ s}$ $ mksquashfs ${LAYER01} /opt/iso/modules/$(basename $LAYER01).squashfs \ -comp xz -e boot$ mksquashfs ${LAYER02} /opt/iso/modules/$(basename $LAYER02).squashfs \ -comp xz -e boot$ mksquashfs ${LAYER03} /opt/iso/modules/$(basename $LAYER03).squashfs \ -comp xz -e boot$ mksquashfs ${LAYER04} /opt/iso/modules/$(basename $LAYER04).squashfs \ -comp xz -e boot$ mksquashfs ${LAYER05} /opt/iso/modules/$(basename $LAYER05).squashfs \ -comp xz -e boot$ mksquashfs ${LAYER06} /opt/iso/modules/$(basename $LAYER06).squashfs \ -comp xz -e boot$ mksquashfs ${LAYER07} /opt/iso/modules/$(basename $LAYER07).squashfs \ -comp xz -e boot$ mksquashfs ${LAYER08} /opt/iso/modules/$(basename $LAYER08).squashfs \ -comp xz -e boot$ mksquashfs ${LAYER09} /opt/iso/modules/$(basename $LAYER09).squashfs \ -comp xz -e boot$ $ cd /opt/iso/modules/$ ln ./$(basename $LAYER01).squashfs ../live/$(basename $LAYER01).squas\ hfs$ ln ./$(basename $LAYER02).squashfs ../live/$(basename $LAYER02).squas\ hfs$ ln ./$(basename $LAYER03).squashfs ../live/$(basename $LAYER03).squas\ hfs$ ln ./$(basename $LAYER04).squashfs ../live/$(basename $LAYER04).squas\ hfs$ ln ./$(basename $LAYER05).squashfs ../live/$(basename $LAYER05).squas\ hfs$ ln ./$(basename $LAYER06).squashfs ../live/$(basename $LAYER06).squas\ hfs$ ln ./$(basename $LAYER07).squashfs ../live/$(basename $LAYER07).squas\ hfs$ # ln ./$(basename $LAYER08).squashfs ../live/$(basename $LAYER08).squ\ ashfs$ # ln ./$(basename $LAYER09).squashfs ../live/$(basename $LAYER09).squ\ ashfs$ $ # Copying the kernel and initrd from the chroot environment$ cp -v ${LAYER02}/boot/vmlinuz-* /opt/iso/live/vmlinuz$ cp -v ${LAYER02}/boot/initrd.img-* /opt/iso/live/initrd$ $ # Copying bootloader configuration files$ cp -v /opt/configs/isolinux.cfg /opt/iso/isolinux/isolinux.cfg$ cp -v /opt/configs/grub.cfg /opt/iso/boot/grub/grub.cfg$ cp -v /opt/configs/grub-standalone.cfg /opt/tmp/grub-standalone.cfg$ touch /opt/iso/DEBIAN_CUSTOM$ $ # Copying bootloader binaries and modules$ cp -v /usr/lib/ISOLINUX/isolinux.bin "/opt/iso/isolinux/"$ cp -v /usr/lib/syslinux/modules/bios/* "/opt/iso/isolinux/"$ cp -v -r /usr/lib/grub/x86_64-efi/* "/opt/iso/boot/grub/x86_64-efi/"$ $ # Creating UEFI GRUB bootloader files$ grub-mkstandalone --format=x86_64-efi --output=/opt/tmp/bootx64.efi -\ -locales="" --fonts="" "boot/grub/grub.cfg=/opt/tmp/grub-standalone.c\ fg"$ $ # Creating EFI boot image$ cd /opt/iso/EFI/boot$ SIZE=$(expr $(stat --format=%s /opt/tmp/bootx64.efi) + 65536)$ dd if=/dev/zero of=efiboot.img bs=$SIZE count=1$ /sbin/mkfs.vfat efiboot.img$ mmd -i efiboot.img efi efi/boot$ mcopy -vi efiboot.img /opt/tmp/bootx64.efi ::efi/boot/$ $ # Building the final ISO image$ xorriso \\$ -as mkisofs \\$ -iso-level 3 \\$ -J -R -r \\$ -o "/opt/output/${OUT_FILE}.iso" \\$ -full-iso9660-filenames \\$ -volid "DEBIAN_CUSTOM" \\$ -isohybrid-mbr /usr/lib/ISOLINUX/isohdpfx.bin \\$ -eltorito-boot isolinux/isolinux.bin \\$ -no-emul-boot \\$ -boot-load-size 4 \\$ -boot-info-table \\$ --eltorito-catalog isolinux/isolinux.cat \\$ -eltorito-alt-boot \\$ -e /EFI/boot/efiboot.img \\$ -no-emul-boot \\$ -isohybrid-gpt-basdat \\$ -append_partition 2 0xef /opt/iso/EFI/boot/efiboot.img \\$ "/opt/iso"$ $ # Listing the contents of the output directory$ ls -lh --sort=time /opt/output$ ##### file: ./scripts/kiosk-settings.sh #!/bin/bash$ $ env > /root/env.txt$ date >> /root/env.txt$ ##### file: ./scripts/build-iso.d/93_cleanup-ssh/50-chroot.sh #!/bin/bash$ apt-get clean$ #apt-get remove --allow-remove-essential --purge -y man-db locales ap\ t$ ##### file: ./scripts/build-iso.d/93_cleanup-ssh/90-post.sh #!/bin/bash$ umount ${OVERLAYMERGED}/etc/$ umount ${OVERLAYMERGED}$ ##### file: ./scripts/build-iso.d/93_cleanup-ssh/10-prepare.sh #!/bin/bash$ mount \\$ -t overlay \\$ overlay \\$ -o lowerdir=${LAYER06}:${LAYER05}:${LAYER04}:${LAYER03}:${LAYER02\ }:${LAYER01},upperdir=${LAYER07},workdir=${OVERLAYWORK} \\$ ${OVERLAYMERGED}$ mount -o bind ${LAYER01}/etc/ ${OVERLAYMERGED}/etc/$ ##### file: ./scripts/build-iso.d/99_cleanup-base/50-chroot.sh #!/bin/bash$ apt-get clean$ #apt-get remove --allow-remove-essential --purge -y man-db locales ap\ t$ ##### file: ./scripts/build-iso.d/99_cleanup-base/90-post.sh #!/bin/bash$ $ umount ${OVERLAYMERGED}$ ##### file: ./scripts/build-iso.d/99_cleanup-base/10-prepare.sh #!/bin/bash$ mount -o bind ${LAYER01} ${OVERLAYMERGED}$ ##### file: ./scripts/build-iso.d/07_ssh/50-chroot.sh #!/bin/bash$ $ apt-get install -y --no-install-recommends openssh-server$ systemctl enable ssh$ $ echo "PermitRootLogin yes" > /etc/ssh/sshd_config.d/permit-root-login\ .conf$ $ ##### file: ./scripts/build-iso.d/07_ssh/90-post.sh #!/bin/bash$ umount ${OVERLAYMERGED}/etc/$ umount ${OVERLAYMERGED}$ ##### file: ./scripts/build-iso.d/07_ssh/10-prepare.sh #!/bin/bash$ mount \\$ -t overlay \\$ overlay \\$ -o lowerdir=${LAYER06}:${LAYER05}:${LAYER04}:${LAYER03}:${LAYER02\ }:${LAYER01},upperdir=${LAYER07},workdir=${OVERLAYWORK} \\$ ${OVERLAYMERGED}$ mount -o bind ${LAYER01}/etc/ ${OVERLAYMERGED}/etc/$ ##### file: ./scripts/build-iso.d/04_core/50-chroot.sh #!/bin/bash$ $ $ $ apt-get install -y --no-install-recommends \\$ systemd-sysv \\$ dbus \\$ iputils-ping \\$ curl \\$ iproute2 \\$ procps \\$ dkms \\$ r8125-dkms \\$ linux-headers-$(dpkg-query -l | grep linux-image-amd64|awk '{prin\ t $3}'|awk -F '-' '{print $1}')-amd64 \\$ fdisk$ $ $ $ $ #curl -s -L -o /tmp/realtek-r8125-dkms.deb https://github.com/awesome\ tic/realtek-r8125-dkms/releases/download/9.015.00-1/realtek-r8125-dkm\ s_9.015.00-1_amd64.deb$ #dpkg -i /tmp/realtek-r8125-dkms.deb $ #rm -f /tmp/realtek-r8125-dkms.deb $ #apt --fix-broken install$ #bash$ $ $ $ #curl -s -L -o /tmp/r8125_amd64.deb https://github.com/MONaH-Rasta/r8\ 125/releases/latest/download/r8125_amd64.deb$ # Install the r8125 driver package$ #dpkg -i /tmp/r8125_amd64.deb$ #rm -f /tmp/r8125_amd64.deb$ # Blacklist the r8169 driver$ $ $ echo "blacklist r8169" >> /etc/modprobe.d/r8169.conf$ $ $ #depmod -ae$ #echo "Updating the initramfs..."$ #update-initramfs -u$ $ # Reboot the system$ #echo "Rebooting the system..."$ #reboot$ ##### file: ./scripts/build-iso.d/04_core/90-post.sh #!/bin/bash$ umount ${OVERLAYMERGED}/etc/$ umount ${OVERLAYMERGED}$ ##### file: ./scripts/build-iso.d/04_core/10-prepare.sh #!/bin/bash$ mount \\$ -t overlay \\$ overlay \\$ -o lowerdir=${LAYER03}:${LAYER02}:${LAYER01},upperdir=${LAYER04},\ workdir=${OVERLAYWORK} \\$ ${OVERLAYMERGED}$ mount -o bind ${LAYER01}/etc/ ${OVERLAYMERGED}/etc/$ $ $ mkdir -p ${OVERLAYMERGED}/etc/systemd/$ $ cat > /etc/systemd/timesyncd.conf << EOF$ [Time]$ NTP=varcznjdc02.varroclighting.com$ FallbackNTP=ntp.ubuntu.com$ EOF$ ##### file: ./scripts/build-iso.d/03_settings/50-chroot.sh #!/bin/bash$ $ # Setting the hostname for the live system$ echo "debian-live-mini" > /etc/hostname$ # Setting the root password$ echo "root:toor" | chpasswd$ # Removing machine-id to ensure a unique ID is generated on first boo\ t$ rm -f -v /etc/machine-id$ $ $ systemctl enable kiosk-settings.service$ ##### file: ./scripts/build-iso.d/03_settings/90-post.sh #!/bin/bash$ umount ${OVERLAYMERGED}/etc/$ umount ${OVERLAYMERGED}$ ##### file: ./scripts/build-iso.d/03_settings/10-prepare.sh #!/bin/bash$ mount \\$ -t overlay \\$ overlay \\$ -o lowerdir=${LAYER02}:${LAYER01},upperdir=${LAYER03},workdir=${O\ VERLAYWORK} \\$ ${OVERLAYMERGED}$ mount -o bind ${LAYER01}/etc/ ${OVERLAYMERGED}/etc/$ $ $ $ echo "KIOSK_CONFIG=\\"$KIOSK_CONFIG\\"" | tee -a ${OVERLAYMERGED}/etc\ /environment$ $ $ $ $ $ $ cp -v /opt/scripts/kiosk-settings.sh ${OVERLAYMERGED}/usr/local/bin/k\ iosk-settings.sh$ chmod -v +x ${OVERLAYMERGED}/usr/local/bin/kiosk-settings.sh$ $ cp -v /opt/configs/kiosk-settings.service ${OVERLAYMERGED}/etc/system\ d/system/kiosk-settings.service$ ##### file: ./scripts/build-iso.d/10_wifi/50-chroot.sh #!/bin/bash$ #echo add wifi$ #bash$ apt-get install -y --no-install-recommends wpasupplicant iw wireless-\ tools firmware-iwlwifi wireless-regdb$ $ # Enabling autostart of Wifi$ #systemctl enable wpa_supplicant@wlp2s0$ systemctl enable wifi-autoconnect.service$ ##### file: ./scripts/build-iso.d/10_wifi/90-post.sh #!/bin/bash$ umount ${OVERLAYMERGED}/etc/$ umount ${OVERLAYMERGED}$ ##### file: ./scripts/build-iso.d/10_wifi/10-prepare.sh #!/bin/bash$ mount \\$ -t overlay \\$ overlay \\$ -o lowerdir=${LAYER04}:${LAYER03}:${LAYER02}:${LAYER01},upperdir=\ ${LAYER05},workdir=${OVERLAYWORK} \\$ ${OVERLAYMERGED}$ mount -o bind ${LAYER01}/etc/ ${OVERLAYMERGED}/etc/$ $ # Copying systemd-networkd configuration for WiFi$ mkdir -p ${OVERLAYMERGED}/etc/systemd/network/$ $ cp -v /opt/configs/99-dhcp-wifi.network ${OVERLAYMERGED}/etc/systemd/\ network/99-dhcp-wifi.network$ chown -v root:root ${OVERLAYMERGED}/etc/systemd/network/99-dhcp-wifi.\ network$ chmod -v 644 ${OVERLAYMERGED}/etc/systemd/network/99-dhcp-wifi.networ\ k$ $ mkdir -p ${OVERLAYMERGED}/etc/wpa_supplicant/$ cp -v /opt/configs/wpa_supplicant.conf ${OVERLAYMERGED}/etc/wpa_suppl\ icant/wpa_supplicant.conf$ chown -v root:root ${OVERLAYMERGED}/etc/wpa_supplicant/wpa_supplicant\ .conf$ chmod -v 600 ${OVERLAYMERGED}/etc/wpa_supplicant/wpa_supplicant.conf$ $ cp -v /opt/configs/wifi-autoconnect.service ${OVERLAYMERGED}/etc/syst\ emd/system/wifi-autoconnect.service$ chown -v root:root ${OVERLAYMERGED}/etc/systemd/system/wifi-autoconne\ ct.service$ chmod -v 644 ${OVERLAYMERGED}/etc/systemd/system/wifi-autoconnect.ser\ vice$ ##### file: ./scripts/build-iso.d/97_cleanup-settings/50-chroot.sh #!/bin/bash$ apt-get clean$ #apt-get remove --allow-remove-essential --purge -y man-db locales ap\ t$ $ ##### file: ./scripts/build-iso.d/97_cleanup-settings/90-post.sh #!/bin/bash$ umount ${OVERLAYMERGED}/etc/$ umount ${OVERLAYMERGED}$ ##### file: ./scripts/build-iso.d/97_cleanup-settings/10-prepare.sh #!/bin/bash$ mount \\$ -t overlay \\$ overlay \\$ -o lowerdir=${LAYER02}:${LAYER01},upperdir=${LAYER03},workdir=${O\ VERLAYWORK} \\$ ${OVERLAYMERGED}$ mount -o bind ${LAYER01}/etc/ ${OVERLAYMERGED}/etc/$ ##### file: ./scripts/build-iso.d/96_cleanup-core/50-chroot.sh #!/bin/bash$ apt-get clean$ #apt-get remove --allow-remove-essential --purge -y man-db locales ap\ t$ ##### file: ./scripts/build-iso.d/96_cleanup-core/90-post.sh #!/bin/bash$ umount ${OVERLAYMERGED}/etc/$ umount ${OVERLAYMERGED}$ ##### file: ./scripts/build-iso.d/96_cleanup-core/10-prepare.sh #!/bin/bash$ mount \\$ -t overlay \\$ overlay \\$ -o lowerdir=${LAYER03}:${LAYER02}:${LAYER01},upperdir=${LAYER04},\ workdir=${OVERLAYWORK} \\$ ${OVERLAYMERGED}$ mount -o bind ${LAYER01}/etc/ ${OVERLAYMERGED}/etc/$ ##### file: ./scripts/build-iso.d/08_gui/50-chroot.sh #!/bin/bash$ $ # be new$ apt-get update$ $ # get software$ apt-get install -y \\$ unclutter \\$ xorg \\$ chromium \\$ openbox \\$ lightdm \\$ locales \\$ $ $ # dir$ mkdir -p /home/kiosk/.config/openbox$ $ # create group$ groupadd -f kiosk$ $ # create user if not exists$ id -u kiosk &>/dev/null || useradd -m kiosk -g kiosk -s /bin/bash $ $ # rights$ chown -R kiosk:kiosk /home/kiosk$ $ # remove virtual consoles$ if [ -e "/etc/X11/xorg.conf" ]; then$ mv /etc/X11/xorg.conf /etc/X11/xorg.conf.backup$ fi$ cat > /etc/X11/xorg.conf << EOF$ Section "ServerFlags"$ Option "DontVTSwitch" "true"$ EndSection$ EOF$ $ # create config$ if [ -e "/etc/lightdm/lightdm.conf" ]; then$ mv /etc/lightdm/lightdm.conf /etc/lightdm/lightdm.conf.backup$ fi$ cat > /etc/lightdm/lightdm.conf << EOF$ [Seat:*]$ xserver-command=X -nocursor -nolisten tcp$ autologin-user=kiosk$ autologin-session=openbox$ EOF$ $ # create autostart$ if [ -e "/home/kiosk/.config/openbox/autostart" ]; then$ mv /home/kiosk/.config/openbox/autostart /home/kiosk/.config/openbo\ x/autostart.backup$ fi$ cat > /home/kiosk/.config/openbox/autostart << EOF$ #!/bin/bash$ $ KIOSK_URL="http://sx05novwp0005.varroclighting.com:10002/device/0001"$ $ unclutter -idle 0.1 -grab -root &$ $ while :$ do$ xrandr --auto$ chromium \\$ --noerrdialogs \\$ --no-memcheck \\$ --no-first-run \\$ --start-maximized \\$ --disable \\$ --disable-translate \\$ --disable-infobars \\$ --disable-suggestions-service \\$ --disable-save-password-bubble \\$ --disable-session-crashed-bubble \\$ --incognito \\$ --kiosk \\$KIOSK_URL$ sleep 5$ done &$ EOF$ $ echo "Done!"$ ##### file: ./scripts/build-iso.d/08_gui/90-post.sh #!/bin/bash$ umount ${OVERLAYMERGED}/etc/$ umount ${OVERLAYMERGED}$ ##### file: ./scripts/build-iso.d/08_gui/10-prepare.sh #!/bin/bash$ mount \\$ -t overlay \\$ overlay \\$ -o lowerdir=${LAYER07}:${LAYER06}:${LAYER05}:${LAYER04}:${LAYER03}\ :${LAYER02}:${LAYER01},upperdir=${LAYER08},workdir=${OVERLAYWORK} \\$ ${OVERLAYMERGED}$ mount -o bind ${LAYER01}/etc/ ${OVERLAYMERGED}/etc/$ ##### file: ./scripts/build-iso.d/98_cleanup-boot/50-chroot.sh #!/bin/bash$ apt-get clean$ #apt-get remove --allow-remove-essential --purge -y man-db locales ap\ t$ $ ##### file: ./scripts/build-iso.d/98_cleanup-boot/90-post.sh #!/bin/bash$ umount ${OVERLAYMERGED}/etc/$ umount ${OVERLAYMERGED}$ ##### file: ./scripts/build-iso.d/98_cleanup-boot/10-prepare.sh #!/bin/bash$ mount \\$ -t overlay \\$ overlay \\$ -o lowerdir=${LAYER01},upperdir=${LAYER02},workdir=${OVERLAYWORK} \ \\$ ${OVERLAYMERGED}$ mount -o bind ${LAYER01}/etc/ ${OVERLAYMERGED}/etc/$ ##### file: ./scripts/build-iso.d/11-core-network/50-chroot.sh #!/bin/bash$ $ #apt-get install -y --no-install-recommends -t bookworm-backports sys\ temd-resolved systemd-timesyncd$ apt-get install -y --no-install-recommends systemd-resolved systemd-t\ imesyncd$ $ # Enabling systemd-networkd to manage network interfaces$ systemctl enable systemd-networkd$ $ # Enabling systemd-resolved to manage DNS resolution$ systemctl enable systemd-resolved$ $ # Enabling systemd-timesyncd to synchronize system time$ systemctl enable systemd-timesyncd$ ##### file: ./scripts/build-iso.d/11-core-network/90-post.sh #!/bin/bash$ umount ${OVERLAYMERGED}/etc/$ umount ${OVERLAYMERGED}$ ##### file: ./scripts/build-iso.d/11-core-network/10-prepare.sh #!/bin/bash$ mount \\$ -t overlay \\$ overlay \\$ -o lowerdir=${LAYER03}:${LAYER02}:${LAYER01},upperdir=${LAYER04},\ workdir=${OVERLAYWORK} \\$ ${OVERLAYMERGED}$ mount -o bind ${LAYER01}/etc/ ${OVERLAYMERGED}/etc/$ $ # Copying systemd-networkd configuration for DHCP$ mkdir -p ${OVERLAYMERGED}/etc/systemd/network/$ cp -v /opt/configs/99-dhcp-eth.network ${OVERLAYMERGED}/etc/systemd/n\ etwork/99-dhcp-eth.network$ chown -v root:root ${OVERLAYMERGED}/etc/systemd/network/99-dhcp-eth.n\ etwork$ chmod -v 644 ${OVERLAYMERGED}/etc/systemd/network/99-dhcp-eth.network$ ##### file: ./scripts/build-iso.d/92_cleanup-gui/50-chroot.sh #!/bin/bash$ apt-get clean$ #apt-get remove --allow-remove-essential --purge -y man-db locales ap\ t$ ##### file: ./scripts/build-iso.d/92_cleanup-gui/90-post.sh #!/bin/bash$ umount ${OVERLAYMERGED}/etc/$ umount ${OVERLAYMERGED}$ ##### file: ./scripts/build-iso.d/92_cleanup-gui/10-prepare.sh #!/bin/bash$ mount \\$ -t overlay \\$ overlay \\$ -o lowerdir=${LAYER07}:${LAYER06}:${LAYER05}:${LAYER04}:${LAYER03}\ :${LAYER02}:${LAYER01},upperdir=${LAYER08},workdir=${OVERLAYWORK} \\$ ${OVERLAYMERGED}$ mount -o bind ${LAYER01}/etc/ ${OVERLAYMERGED}/etc/$ ##### file: ./scripts/build-iso.d/01_base/50-chroot.sh #!/bin/bash$ # Updating package lists and installing security updates$ apt-get update$ apt-get -y upgrade$ $ $ ##### file: ./scripts/build-iso.d/01_base/90-post.sh #!/bin/bash$ umount ${OVERLAYMERGED}$ ##### file: ./scripts/build-iso.d/01_base/10-prepare.sh #!/bin/bash$ mount -o bind ${LAYER01} ${OVERLAYMERGED}$ $ apt-get update$ apt-get install -y \\$ debootstrap \\$ dosfstools \\$ grub-efi-amd64-bin \\$ grub-pc-bin \\$ isolinux \\$ mtools \\$ squashfs-tools \\$ syslinux-efi \\$ xorriso$ $ # Installing a minimal Debian system into the chroot environment$ debootstrap \\$ --arch=amd64 \\$ --variant=minbase \\$ --exclude=man-db,locales \\$ --include=curl,ca-certificates \\$ trixie \\$ ${OVERLAYMERGED} http://deb.debian.org/debian/$ $ mkdir -p ${OVERLAYMERGED}/etc/dpkg/dpkg.cfg.d/$ echo "$ path-exclude=/usr/share/man/*$ path-exclude=/usr/share/locale/*$ path-exclude=/usr/share/doc/*$ path-include=/usr/share/doc/*/copyright" >${OVERLAYMERGED}/etc/dpkg/d\ pkg.cfg.d/01_nodoc$ $ #Copying configuration files into the chroot environment$ $ #bash$ rm -v -f ${OVERLAYMERGED}/etc/apt/sources.list$ find ${OVERLAYMERGED}/etc/apt/sources.list.d/ -type f -delete$ $ cp -v /opt/configs/apt/trixie.sources ${OVERLAYMERGED}/etc/\ apt/sources.list.d/trixie.sources$ cp -v /opt/configs/apt/trixie-updates.sources ${OVERLAYMERGED}/etc/\ apt/sources.list.d/trixie-updates.sources$ cp -v /opt/configs/apt/trixie-security.sources ${OVERLAYMERGED}/etc/\ apt/sources.list.d/trixie-security.sources$ cp -v /opt/configs/apt/trixie-backports.sources ${OVERLAYMERGED}/etc/\ apt/sources.list.d/trixie-backports.sources$ ##### file: ./scripts/build-iso.d/02_boot/50-chroot.sh #!/bin/bash$ $ apt-get install -y --no-install-recommends \\$ dmsetup \\$ firmware-intel-graphics \\$ firmware-intel-misc \\$ firmware-iwlwifi \\$ firmware-linux \\$ ifupdown \\$ intel-microcode \\$ linux-image-amd64 \\$ live-boot \\$ pciutils \\$ usbutils \\$ xz-utils$ $ $ $ $ $ $ $ mkdir -p /usr/src/initramfs/{bin,dev,etc,lib,lib64,mnt/root,proc,root\ ,sbin,sys}$ cp -a /bin/busybox /usr/src/initramfs/bin/$ cp -a /lib/x86_64-linux-gnu/* /usr/src/initramfs/lib/$ cp -a /lib64/* /usr/src/initramfs/lib64/$ $ $ $ cat < ${OVERLAYMERGED}/usr/src/initramfs/init$ #!/bin/sh$ $ $ check_for_updates() {$ echo "$(date) check for upsdates" >> /root/init.log$ $ return true;$ }$ update_system() {$ $ echo "$(date) check for upsdate system" >> /root/init.log$ }$ $ $ $ $ # Mount necessary filesystems$ mount -t proc proc /proc$ mount -t sysfs sys /sys$ mount -t devtmpfs dev /dev$ $ # Check for updates$ if check_for_updates; then$ # Perform the update$ update_system$ reboot$ else$ # No updates, boot from the secondary SquashFS$ mount -o loop /path/to/target2.squashfs /mnt$ exec switch_root /mnt /sbin/init$ fi$ $ EOT$ $ chmod +x /usr/src/initramfs/init$ cd /usr/src/initramfs$ find . -print0 | cpio --null -ov --format=newc | gzip -9 > /boot/cust\ om-initramfs.cpio.gz$ $ ##### file: ./scripts/build-iso.d/02_boot/90-post.sh #!/bin/bash$ umount ${OVERLAYMERGED}/etc/$ umount ${OVERLAYMERGED}$ ##### file: ./scripts/build-iso.d/02_boot/10-prepare.sh #!/bin/bash$ $ mkdir -p ${OVERLAYMERGED}/etc$ $ mount \\$ -t overlay \\$ overlay \\$ -o lowerdir=${LAYER01},upperdir=${LAYER02},workdir=${OVERLAYWORK} \ \\$ ${OVERLAYMERGED}$ mount -o bind ${LAYER01}/etc/ ${OVERLAYMERGED}/etc/$ $ $ $ $ $ $ mkdir -p ${OVERLAYMERGED}/etc/initramfs-tools/conf.d/$ echo "COMPRESS=xz" > ${OVERLAYMERGED}/etc/initramfs-tools/conf.d/comp\ ress$ chown -v root:root ${OVERLAYMERGED}/etc/initramfs-tools/conf.d/comp\ ress$ chmod -v 644 ${OVERLAYMERGED}/etc/initramfs-tools/conf.d/comp\ ress$ $ $ $ $ # Add content to /etc/default/grub$ cat < ${OVERLAYMERGED}/etc/default/grub$ GRUB_DEFAULT=0$ GRUB_TIMEOUT=5$ GRUB_DISTRIBUTOR=`lsb_release -i -s 2> /dev/null || echo Debian`$ GRUB_CMDLINE_LINUX_DEFAULT="quiet"$ GRUB_CMDLINE_LINUX="net.ifnames=0 biosdevname=0"$ EOT$ $ ##### file: ./scripts/build-iso.d/95_cleanup-wifi/50-chroot.sh #!/bin/bash$ apt-get clean$ #apt-get remove --allow-remove-essential --purge -y man-db locales ap\ t$ ##### file: ./scripts/build-iso.d/95_cleanup-wifi/90-post.sh #!/bin/bash$ umount ${OVERLAYMERGED}/etc/$ umount ${OVERLAYMERGED}$ ##### file: ./scripts/build-iso.d/95_cleanup-wifi/10-prepare.sh #!/bin/bash$ mount \\$ -t overlay \\$ overlay \\$ -o lowerdir=${LAYER04}:${LAYER03}:${LAYER02}:${LAYER01},upperdir=\ ${LAYER05},workdir=${OVERLAYWORK} \\$ ${OVERLAYMERGED}$ mount -o bind ${LAYER01}/etc/ ${OVERLAYMERGED}/etc/$ ##### file: ./scripts/kiosk-pivot2.sh #!/bin/bash$ $ # Wait for the network to be ready$ #echo "Waiting for network to be ready..."$ #while ! ping -c 1 -W 1 sx05novwp0007.varroclighting.com; do$ # sleep 1$ #done$ $ # Download the file$ #echo "Downloading logo..."$ #wget -O /opt/logo.jpg http://sx05novwp0007.varroclighting.com:10002/\ logo_opmobility_fullscreen.jpg$ $ # Check the size of the squashfs file$ SQUASHFS_FILE="/run/live/medium/modules/01_base.squashfs"$ SQUASHFS_SIZE=$(stat -c%s "$SQUASHFS_FILE")$ echo "Size of squashfs file: $SQUASHFS_SIZE bytes"$ $ NEWROOT=/mnt/ramdisk$ mkdir -p /mnt/squashfs$ mkdir -p ${NEWROOT}$ mount ${SQUASHFS_FILE} /mnt/squashfs$ $ mount -o size=1G -t tmpfs none ${NEWROOT}$ $ cp -Rv /mnt/squashfs/* /mnt/ramdisk/$ $ $ # debootstrap \\$ # --arch=amd64 \\$ # --variant=minbase \\$ # --exclude=man-db,locales \\$ # --include=curl,ca-certificates \\$ # trixie \\$ # ${NEWROOT} http://deb.debian.org/debian/$ $ $ $ $ mkdir -p ${NEWROOT}/proc && mount -t proc none ${NEWROOT}/proc$ mkdir -p ${NEWROOT}/dev && mount -o bind /dev ${NEWROOT}/dev$ mkdir -p ${NEWROOT}/sys && mount -o bind /sys ${NEWROOT}/sys$ mkdir -p ${NEWROOT}/run && mount -o bind /run ${NEWROOT}/run$ $ mount $ df $ exec switch_root ${NEWROOT} /sbin/init$ mount $ df $ ##### file: ./scripts/kiosk-check-update-org.sh #!/bin/bash$ echo generating settings$ export DEBIAN_FRONTEND=noninteractive$ apt update -y$ apt install -y jq $ $ $ $ $ $ # URL to your JSON config file$ KIOSK_CONFIG="https://kiosk.xz.pl/config.json"$ $ echo Download the JSON config file$ if curl -s --head --fail "$KIOSK_CONFIG" > /dev/null 2>&1 ; then$ curl -s "$KIOSK_CONFIG" -o /tmp/config.json$ $ echo Calculate the hash of the config file$ CONFIG_HASH=$(sha256sum /tmp/config.json | awk '{ print $1 }')$ $ echo Get the current config hash$ CURRENT_HASH=$(grep 'KIOSK_CONFIG_HASH' /etc/environment | cut -d '\ =' -f 2)$ $ echo Compare the hashes$ if [ "$CONFIG_HASH" != "$CURRENT_HASH" ]; then$ echo Clear the existing environment file$ > /etc/environment$ $ echo Read the JSON file and set environment variables$ jq -r 'to_entries | .[] | "export KIOSK_\\(.key | ascii_upcase)=\ \\(.value)"' /tmp/config.json | while read -r line; do$ echo $line$ eval "$line"$ echo "$line" >> /etc/environment$ done$ $ echo Set the config hash as an environment variable$ echo "export KIOSK_CONFIG_HASH=$CONFIG_HASH" >> /etc/environment$ fi$ else$ echo "Failed to download the config file from $KIOSK_CONFIG"$ fi$ ##### file: ./scripts/kiosk-gui.sh #!/bin/bash$ $ # be new$ apt-get update$ $ # get software$ apt-get install \\$ unclutter \\$ xorg \\$ chromium \\$ openbox \\$ lightdm \\$ locales \\$ -y$ $ # dir$ mkdir -p /home/kiosk/.config/openbox$ $ # create group$ groupadd -f kiosk$ $ # create user if not exists$ id -u kiosk &>/dev/null || useradd -m kiosk -g kiosk -s /bin/bash $ $ # rights$ chown -R kiosk:kiosk /home/kiosk$ $ # remove virtual consoles$ if [ -e "/etc/X11/xorg.conf" ]; then$ mv /etc/X11/xorg.conf /etc/X11/xorg.conf.backup$ fi$ cat > /etc/X11/xorg.conf << EOF$ Section "ServerFlags"$ Option "DontVTSwitch" "true"$ EndSection$ EOF$ $ # create config$ if [ -e "/etc/lightdm/lightdm.conf" ]; then$ mv /etc/lightdm/lightdm.conf /etc/lightdm/lightdm.conf.backup$ fi$ cat > /etc/lightdm/lightdm.conf << EOF$ [Seat:*]$ xserver-command=X -nocursor -nolisten tcp$ autologin-user=kiosk$ autologin-session=openbox$ EOF$ $ # create autostart$ if [ -e "/home/kiosk/.config/openbox/autostart" ]; then$ mv /home/kiosk/.config/openbox/autostart /home/kiosk/.config/openbo\ x/autostart.backup$ fi$ cat > /home/kiosk/.config/openbox/autostart << EOF$ #!/bin/bash$ $ KIOSK_URL="https://kiosk.xz.pl/homepage.html"$ $ unclutter -idle 0.1 -grab -root &$ $ while :$ do$ xrandr --auto$ chromium \\$ --noerrdialogs \\$ --no-memcheck \\$ --no-first-run \\$ --start-maximized \\$ --disable \\$ --disable-translate \\$ --disable-infobars \\$ --disable-suggestions-service \\$ --disable-save-password-bubble \\$ --disable-session-crashed-bubble \\$ --incognito \\$ --kiosk \\$KIOSK_URL$ sleep 5$ done &$ EOF$ $ echo "Done!"$ ##### file: ./scripts/kiosk-pivot.sh #!/bin/bash$ MEDIUM=/run/live/medium$ RAMDISK=/mnt/ramdisk$ $ mkdir -v -p ${RAMDISK}$ mount -v -o size=1G -t tmpfs none ${RAMDISK}$ mkdir -v -p ${RAMDISK}/{modules,squash,ro,rw,wrk,up}$ $ $ $ for module in 01_base 02_boot 03_settings 04_core 05_wifi 07_ssh 08_g\ ui 09_vnc; do$ cp -v ${MEDIUM}/modules/${module}.squashfs ${RAMDISK}/modules/$ mkdir -v -p ${RAMDISK}/squash/${module}$ mount -v ${RAMDISK}/modules/${module}.squashfs ${RAMDISK}/squash/\ ${module}$ done$ $ $ mount -t overlay overlay -o lowerdir=${RAMDISK}/squash/09_vnc:${RAMDI\ SK}/squash/08_gui:${RAMDISK}/squash/07_ssh:${RAMDISK}/squash/05_wifi:\ ${RAMDISK}/squash/04_core:${RAMDISK}/squash/03_settings:${RAMDISK}/sq\ uash/02_boot:${RAMDISK}/squash/01_base ${RAMDISK}/ro$ mount -t overlay overlay -o lowerdir=${RAMDISK}/ro,upperdir=${RAMDISK\ }/up,workdir=${RAMDISK}/wrk ${RAMDISK}/rw$ $ NEWROOT=${RAMDISK}/ro$ $ # Bind mount necessary directories rw$ for dir in tmp var/log etc/systemd var/lib/systemd var/tmp; do$ mount -o bind ${RAMDISK}/rw/${dir} ${NEWROOT}/${dir}$ done$ $ # Mount proc, dev, and sys$ mkdir -p ${NEWROOT}/proc$ mkdir -p ${NEWROOT}/dev$ mkdir -p ${NEWROOT}/sys$ mkdir -p ${NEWROOT}/run$ mount -t proc none ${NEWROOT}/proc$ mount -o bind /dev ${NEWROOT}/dev$ mount -o bind /sys ${NEWROOT}/sys$ mount -o bind /run ${NEWROOT}/run$ $ # Switch root$ exec switch_root ${NEWROOT} /sbin/init$ ##### file: ./scripts/execute_chroot.sh #!/bin/bash$ $ execute_chroot() {$ local dir="$1"$ local script="$2"$ $ if [[ ! -d "$dir" ]]; then$ echo "Error: Directory '$dir' does not exist."$ return 1$ fi$ $ if [[ ! -f "$script" ]]; then$ echo "Error: Script file '$script' does not exist."$ return 1$ fi$ $ $ $ $ # Mounting /dev, /proc, and /sys in the chroot environment$ mkdir -p ${dir}/proc && mount -t proc none ${dir}/proc$ mkdir -p ${dir}/dev && mount -o bind /dev ${dir}/dev$ mkdir -p ${dir}/sys && mount -o bind /sys ${dir}/sys$ mkdir -p ${dir}/opt/scripts &&$ mount -o bind /opt/scripts ${dir}/opt/scripts$ $ $ $ #execute script in chroot$ $ chroot "$dir" "$script"$ # Unmounting /dev, /proc, and /sys from the chroot environment$ umount ${dir}/proc$ umount ${dir}/dev$ umount ${dir}/sys$ $ umount ${dir}/opt/scripts$ rmdir ${dir}/opt/scripts$ $ $ }$ ##### file: ./build.sh #!/bin/bash$ # ============================================================$ # Script: build.sh$ # Description: This script builds a Debian live ISO image using Docke\ r.$ # Author: Piotr Siudak$ # Email: piotr.siudak@gmail.com$ # Date: 2025-03-30$ # ============================================================$ $ NAME="image-builder-$(printf "%03d" $((RANDOM % 1000)))"$ FORMATTED_DATE=$(date +"%Y-%m-%d_%H-%M-%S")$ OUTPUT_NAME=$(basename $(dirname $(realpath $0)))$ $ OUTPUT_DIR=$(realpath "../!output")$ HOST_DIR=$(realpath "${HOME}/.local/live_boot/")$ $ # Creating necessary directories..."$ mkdir -p "${OUTPUT_DIR}" ${HOST_DIR}/{iso,overlay,tmp}$ $ # Step 2: Cleaning up old iso, overlay and tmp contents...$ sudo find ${HOST_DIR}/{iso,overlay,tmp} -mindepth 1 -delete$ $ # Step 3: Running Docker container to build the ISO...$ docker run \\$ --privileged \\$ -it \\$ --rm \\$ --name ${NAME} \\$ --hostname ${NAME} \\$ -v "${HOST_DIR}/overlay":/opt/overlay \\$ -v "${HOST_DIR}/iso":/opt/iso \\$ -v "${HOST_DIR}/tmp":/opt/tmp \\$ -v "$(pwd)/scripts":/opt/scripts:ro \\$ -v "$(pwd)/configs":/opt/configs:ro \\$ -v "${OUTPUT_DIR}":/opt/output \\$ -e OUT_FILE="${OUTPUT_NAME}_${FORMATTED_DATE}" \\$ debian:stable \\$ /opt/scripts/build-iso.sh$ $ ##### file: ./configs/wifi-autoconnect.service [Unit]$ Description=Auto-connect to WiFi$ After=network.target$ $ [Service]$ ExecStart=/bin/bash -c 'iw dev | grep Interface | awk "{print \\$2}" \ | xargs -I{} wpa_supplicant -i{} -c/etc/wpa_supplicant/wpa_supplicant\ .conf'$ Restart=always$ $ [Install]$ WantedBy=multi-user.target$ ##### file: ./configs/sources.list # Main repository$ deb [signed-by=/usr/share/keyrings/debian-archive-keyring.gpg] http:/\ /deb.debian.org/debian trixie main contrib non-free non-free-firmware$ $ # Security updates$ deb [signed-by=/usr/share/keyrings/debian-archive-keyring.gpg] http:/\ /security.debian.org/debian-security trixie-security main contrib non\ -free non-free-firmware$ $ # Updates$ deb [signed-by=/usr/share/keyrings/debian-archive-keyring.gpg] http:/\ /deb.debian.org/debian trixie-updates main contrib non-free non-free-\ firmware$ $ # Backports$ deb [signed-by=/usr/share/keyrings/debian-archive-keyring.gpg] http:/\ /deb.debian.org/debian trixie-backports main contrib non-free non-fre\ e-firmware$ ##### file: ./configs/kiosk-check-update.service [Unit]$ Description=Kiosk Check Update Script$ After=network-online.target$ $ [Service]$ EnvironmentFile=/etc/environment$ ExecStart=/usr/local/bin/kiosk-check-update.sh$ Restart=on-failure$ $ [Install]$ WantedBy=multi-user.target$ $ ##### file: ./configs/timesyncd.conf [Time]$ NTP=192.168.1.1$ FallbackNTP=ntp.ubuntu.com$ ##### file: ./configs/isolinux.cfg UI vesamenu.c32$ $ MENU TITLE Boot Menu$ DEFAULT linux$ TIMEOUT 300$ MENU RESOLUTION 640 480$ MENU COLOR border 30;44 #40ffffff #a0000000 std$ MENU COLOR title 1;36;44 #9033ccff #a0000000 std$ MENU COLOR sel 7;37;40 #e0ffffff #20ffffff all$ MENU COLOR unsel 37;44 #50ffffff #a0000000 std$ MENU COLOR help 37;40 #c0ffffff #a0000000 std$ MENU COLOR timeout_msg 37;40 #80ffffff #00000000 std$ MENU COLOR timeout 1;37;40 #c0ffffff #00000000 std$ MENU COLOR msg07 37;40 #90ffffff #a0000000 std$ MENU COLOR tabmsg 31;40 #30ffffff #00000000 std$ $ LABEL linux$ MENU LABEL Debian Live$ MENU DEFAULT$ KERNEL /live/vmlinuz$ APPEND initrd=/live/initrd boot=live$ $ LABEL linux-nomodeset$ MENU LABEL Debian Live (nomodeset)$ MENU DEFAULT$ KERNEL /live/vmlinuz$ APPEND initrd=/live/initrd boot=live nomodeset$ $ LABEL linux-toram$ MENU LABEL Debian Live (toram)$ MENU DEFAULT$ KERNEL /live/vmlinuz$ APPEND initrd=/live/initrd boot=live toram$ ##### file: ./configs/grub.cfg search --set=root --file /DEBIAN_CUSTOM\r$ \r$ set default="0"\r$ set timeout=1\r$ \r$ # If X has issues finding screens, experiment with/without nomodeset.\ \r$ # Load EFI video drivers. This device is EFI so keep the\r$ # video mode while booting the linux kernel.\r$ \r$ insmod efi_gop\r$ insmod font\r$ if loadfont ${prefix}/fonts/unicode.pf2\r$ then\r$ insmod gfxterm\r$ set gfxmode=auto\r$ set gfxpayload=keep\r$ terminal_output gfxterm\r$ fi\r$ menuentry "Debian Live [EFI/GRUB] quiet splash" {\r$ linux ($root)/live/vmlinuz boot=live ro --- quiet splash net.ifna\ mes=0 biosdevname=0 edac_core.disable=1\r$ initrd ($root)/live/initrd\r$ }\r$ \r$ \r$ menuentry "Custom OS" {\r$ \302\240\302\240\302\240 linux /boot/vmlinuz\r$ \302\240\302\240\302\240 initrd /boot/custom-initramfs.cpio.gz\r$ }\r$ \r$ \r$ menuentry "Debian Live [EFI/GRUB] verbose" {\r$ linux ($root)/live/vmlinuz boot=live\r$ initrd ($root)/live/initrd\r$ }\r$ \r$ menuentry "Debian Live [EFI/GRUB] (nomodeset)" {\r$ linux ($root)/live/vmlinuz boot=live nomodeset\r$ initrd ($root)/live/initrd\r$ }\r$ \r$ menuentry "Debian Live [EFI/GRUB] (toram)" {\r$ linux ($root)/live/vmlinuz boot=live toram\r$ initrd ($root)/live/initrd\r$ }\r$ ##### file: ./configs/kiosk-settings.service [Unit]$ Description=Run settings script on disk mount$ After=local-fs.target$ $ [Service]$ EnvironmentFile=/etc/environment$ Type=oneshot$ ExecStart=/usr/local/bin/kiosk-settings.sh$ $ [Install]$ WantedBy=local-fs.target$ $ ##### file: ./configs/wpa_supplicant.conf ctrl_interface=DIR=/run/wpa_supplicant GROUP=netdev$ update_config=1$ country=CZ$ $ network={$ ssid="PO_MANUFACTURING"$ psk="m7jW20pi&1Jq"$ key_mgmt=WPA-PSK$ }$ ##### file: ./configs/apt/trixie.sources # Modernized from /etc/apt/sources.list$ Types: deb$ URIs: http://deb.debian.org/debian/$ Suites: trixie$ Components: main contrib non-free non-free-firmware$ Signed-By: /usr/share/keyrings/debian-archive-keyring.gpg$ ##### file: ./configs/apt/trixie-security.sources # Modernized from /etc/apt/sources.list$ Types: deb$ URIs: http://security.debian.org/debian-security/$ Suites: trixie-security$ Components: main contrib non-free non-free-firmware$ Signed-By: /usr/share/keyrings/debian-archive-keyring.gpg$ ##### file: ./configs/apt/trixie-updates.sources # Modernized from /etc/apt/sources.list$ Types: deb$ URIs: http://deb.debian.org/debian/$ Suites: trixie-updates$ Components: main contrib non-free non-free-firmware$ Signed-By: /usr/share/keyrings/debian-archive-keyring.gpg$ ##### file: ./configs/apt/trixie-backports.sources # Modernized from /etc/apt/sources.list$ Types: deb$ URIs: http://deb.debian.org/debian/$ Suites: trixie-backports$ Components: main contrib non-free non-free-firmware$ Signed-By: /usr/share/keyrings/debian-archive-keyring.gpg$ ##### file: ./configs/kiosk-config.json {$ "config": "https://kiosk.xz.pl/config.json"$ }$ ##### file: ./configs/grub-standalone.cfg search --set=root --file /DEBIAN_CUSTOM$ set prefix=($root)/boot/grub/$ configfile /boot/grub/grub.cfg$ ##### file: ./configs/99-dhcp-eth.network [Match]$ Name=e*$ $ [Network]$ DHCP=ipv4$ $ [DHCP]$ ClientIdentifier=mac$ $ ##### file: ./configs/99-dhcp-wifi.network [Match]$ Name=w*$ $ [Network]$ DHCP=ipv4$ $ [DHCP]$ ClientIdentifier=mac$