diff --git a/.github/workflows/build_image.yml b/.github/workflows/build_image.yml index ac257c8d..7d238f95 100644 --- a/.github/workflows/build_image.yml +++ b/.github/workflows/build_image.yml @@ -7,6 +7,7 @@ on: paths: - 'odysseus/Dockerfile' - 'odysseus/docker_scripts/**' + - '.github/workflows/build_image.yml' workflow_dispatch: # Defines two custom environment variables for the workflow. These are used for the Container registry domain, and a name for the Docker image that this workflow builds. @@ -48,7 +49,7 @@ jobs: ODY_TPU_ROOT_PASSWORD: ${{ secrets.ODY_TPU_ROOT_PASSWORD }} ODY_IROH_ROOT_PASSWORD: ${{ secrets.ODY_IROH_ROOT_PASSWORD }} MASTER_PASSWORD: ${{ secrets.ODY_MASTER_PASSWORD }} - run: for i in ODY_AP_ROOT_PASSWORD ODY_TPU_ROOT_PASSWORD ODY_IROH_ROOT_PASSWORD; do echo "$i=${!i}" >> SECRETS.env; done && gpg --batch --symmetric --passphrase "$MASTER_PASSWORD" --no-symkey-cache --cipher-algo AES256 SECRETS.env + run: for i in ODY_AP_ROOT_PASSWORD ODY_TPU_ROOT_PASSWORD ODY_IROH_ROOT_PASSWORD ODY_BASE_WIFI_PASSWORD; do echo "$i=${!i}" >> SECRETS.env; done && gpg --batch --symmetric --passphrase "$MASTER_PASSWORD" --no-symkey-cache --cipher-algo AES256 SECRETS.env # This step uses the `docker/build-push-action` action to build the image, based on your repository's `Dockerfile`. If the build succeeds, it pushes the image to GitHub Packages. # It uses the `context` parameter to define the build's context as the set of files located in the specified path. For more information, see "[Usage](https://github.com/docker/build-push-action#usage)" in the README of the `docker/build-push-action` repository. # It uses the `tags` and `labels` parameters to tag and label the image with the output from the "meta" step. diff --git a/odysseus/Dockerfile b/odysseus/Dockerfile index b1cac4b6..69de7bd0 100644 --- a/odysseus/Dockerfile +++ b/odysseus/Dockerfile @@ -5,7 +5,7 @@ RUN apt-get update && \ apt-get -y install tzdata -RUN apt-get install -y \ +RUN apt-get update && apt-get install -y \ make \ binutils \ build-essential \ @@ -31,10 +31,11 @@ RUN apt-get install -y \ python3-matplotlib \ graphviz \ git-lfs \ - util-linux + util-linux \ + wpasupplicant # just for calypso require ruamel.yaml -RUN apt-get install -y python3-pip && pip install "ruamel.yaml<0.18.0" +RUN apt-get update && apt-get install -y python3-pip && pip install "ruamel.yaml<0.18.0" # add all buildroot files there WORKDIR /home/odysseus/build diff --git a/odysseus/compose-compat.yml b/odysseus/compose-compat.yml index aff6bd9f..fab2cd66 100644 --- a/odysseus/compose-compat.yml +++ b/odysseus/compose-compat.yml @@ -17,6 +17,11 @@ services: environment: - BR2_DL_DIR=/home/odysseus/shared_data/dl - BR2_CCACHE_DIR=/home/odysseus/shared_data/ccache + - ODY_TPU_ROOT_PASSWORD=password + - ODY_IROH_ROOT_PASSWORD=password + - ODY_AP_ROOT_PASSWORD=password + - ODY_BASE_WIFI_PASSWORD=password + volumes: # required for mac as no hard linking:( outputs: diff --git a/odysseus/compose.yml b/odysseus/compose.yml index 98b37a6b..c2d3959b 100644 --- a/odysseus/compose.yml +++ b/odysseus/compose.yml @@ -23,6 +23,7 @@ services: - ODY_TPU_ROOT_PASSWORD=password - ODY_IROH_ROOT_PASSWORD=password - ODY_AP_ROOT_PASSWORD=password + - ODY_BASE_WIFI_PASSWORD=password volumes: shared_data: diff --git a/odysseus/odysseus_tree/configs/raspberrypi3_64_iroh_defconfig b/odysseus/odysseus_tree/configs/raspberrypi3_64_iroh_defconfig index e22ea0ba..221274b0 100644 --- a/odysseus/odysseus_tree/configs/raspberrypi3_64_iroh_defconfig +++ b/odysseus/odysseus_tree/configs/raspberrypi3_64_iroh_defconfig @@ -11,7 +11,7 @@ BR2_TARGET_GENERIC_ROOT_PASSWD="$(ODY_IROH_ROOT_PASSWORD)" BR2_TARGET_TZ_INFO=y BR2_TARGET_LOCALTIME="America/New_York" BR2_ROOTFS_OVERLAY="$(BR2_EXTERNAL_ODY_TREE_PATH)/overlays/rootfs_overlay_iroh" -BR2_ROOTFS_POST_BUILD_SCRIPT="$(BR2_EXTERNAL_ODY_TREE_PATH)/post-build-os-release.sh board/raspberrypi3-64/post-build.sh" +BR2_ROOTFS_POST_BUILD_SCRIPT="$(BR2_EXTERNAL_ODY_TREE_PATH)/post-build-os-release.sh $(BR2_EXTERNAL_ODY_TREE_PATH)/post-build-base-connect.sh board/raspberrypi3-64/post-build.sh" BR2_ROOTFS_POST_IMAGE_SCRIPT="board/raspberrypi3-64/post-image.sh" BR2_ROOTFS_POST_SCRIPT_ARGS="IROH" BR2_LINUX_KERNEL=y diff --git a/odysseus/odysseus_tree/configs/raspberrypi4_64_tpu_defconfig b/odysseus/odysseus_tree/configs/raspberrypi4_64_tpu_defconfig index f0c97865..c85a3668 100644 --- a/odysseus/odysseus_tree/configs/raspberrypi4_64_tpu_defconfig +++ b/odysseus/odysseus_tree/configs/raspberrypi4_64_tpu_defconfig @@ -12,7 +12,7 @@ BR2_TARGET_GENERIC_ROOT_PASSWD="$(ODY_TPU_ROOT_PASSWORD)" BR2_TARGET_TZ_INFO=y BR2_TARGET_LOCALTIME="America/New_York" BR2_ROOTFS_OVERLAY="$(BR2_EXTERNAL_ODY_TREE_PATH)/overlays/rootfs_overlay_common $(BR2_EXTERNAL_ODY_TREE_PATH)/overlays/rootfs_overlay_nrc_common $(BR2_EXTERNAL_ODY_TREE_PATH)/overlays/rootfs_overlay_tpu" -BR2_ROOTFS_POST_BUILD_SCRIPT="$(BR2_EXTERNAL_ODY_TREE_PATH)/post-build-sta.sh $(BR2_EXTERNAL_ODY_TREE_PATH)/post-build-os-release.sh board/raspberrypi4-64/post-build.sh" +BR2_ROOTFS_POST_BUILD_SCRIPT="$(BR2_EXTERNAL_ODY_TREE_PATH)/post-build-sta.sh $(BR2_EXTERNAL_ODY_TREE_PATH)/post-build-os-release.sh $(BR2_EXTERNAL_ODY_TREE_PATH)/post-build-base-connect.sh board/raspberrypi4-64/post-build.sh" BR2_ROOTFS_POST_IMAGE_SCRIPT="board/raspberrypi4-64/post-image.sh" BR2_ROOTFS_POST_SCRIPT_ARGS="TPU" BR2_LINUX_KERNEL=y diff --git a/odysseus/odysseus_tree/overlays/rootfs_overlay_iroh/etc/wpa_supplicant_base.conf b/odysseus/odysseus_tree/overlays/rootfs_overlay_iroh/etc/wpa_supplicant_base.conf index 3da40e13..18c63299 100755 --- a/odysseus/odysseus_tree/overlays/rootfs_overlay_iroh/etc/wpa_supplicant_base.conf +++ b/odysseus/odysseus_tree/overlays/rootfs_overlay_iroh/etc/wpa_supplicant_base.conf @@ -4,7 +4,7 @@ ctrl_interface=/var/run/wpa_supplicant_base country=US network={ ssid="H68K" - scan_ssid=1 - key_mgmt=NONE + key_mgmt=WPA-PSK + psk="password" } ignore_old_scan_res=1 diff --git a/odysseus/odysseus_tree/overlays/rootfs_overlay_tpu/etc/wpa_supplicant_base.conf b/odysseus/odysseus_tree/overlays/rootfs_overlay_tpu/etc/wpa_supplicant_base.conf index 3da40e13..18c63299 100755 --- a/odysseus/odysseus_tree/overlays/rootfs_overlay_tpu/etc/wpa_supplicant_base.conf +++ b/odysseus/odysseus_tree/overlays/rootfs_overlay_tpu/etc/wpa_supplicant_base.conf @@ -4,7 +4,7 @@ ctrl_interface=/var/run/wpa_supplicant_base country=US network={ ssid="H68K" - scan_ssid=1 - key_mgmt=NONE + key_mgmt=WPA-PSK + psk="password" } ignore_old_scan_res=1 diff --git a/odysseus/odysseus_tree/overlays/rootfs_overlay_tpu/etc/wpa_supplicant_halow.conf b/odysseus/odysseus_tree/overlays/rootfs_overlay_tpu/etc/wpa_supplicant_halow.conf index 3d059b8e..f7ec9eb9 100755 --- a/odysseus/odysseus_tree/overlays/rootfs_overlay_tpu/etc/wpa_supplicant_halow.conf +++ b/odysseus/odysseus_tree/overlays/rootfs_overlay_tpu/etc/wpa_supplicant_halow.conf @@ -4,7 +4,6 @@ ctrl_interface=/var/run/wpa_supplicant_halow country=US network={ ssid="NER_Halow" - scan_ssid=1 key_mgmt=NONE scan_freq= 2412 freq_list= 2412 diff --git a/odysseus/odysseus_tree/post-build-base-connect.sh b/odysseus/odysseus_tree/post-build-base-connect.sh new file mode 100755 index 00000000..7d18d35d --- /dev/null +++ b/odysseus/odysseus_tree/post-build-base-connect.sh @@ -0,0 +1,8 @@ +#!/bin/sh + +# hashes the password so it cannot be read in a dsitributed image (does not secure wifi!) +# this regex extras the part after psk= +hashed_block=$(wpa_passphrase "H68K" "$ODY_BASE_WIFI_PASSWORD" | sed -n -e 's/^.*[[:space:]]psk=//p') + +# this replaces the psk in the target directory with the hashed block found above +sed -i "s/\(psk=\)\(.*\)/\1$hashed_block/" "$TARGET_DIR"/etc/wpa_supplicant_base.conf diff --git a/odysseus/odysseus_tree/post-build-sta.sh b/odysseus/odysseus_tree/post-build-sta.sh index 95c3b6b3..70a4ee87 100755 --- a/odysseus/odysseus_tree/post-build-sta.sh +++ b/odysseus/odysseus_tree/post-build-sta.sh @@ -1,3 +1,4 @@ #!/bin/sh +# add nrc modprobe based on ini config python3 "$BR2_EXTERNAL_ODY_TREE_PATH"/overlays/rootfs_overlay_nrc_common/usr/bin/build_nrc_params.py 0 "$BR2_EXTERNAL_ODY_TREE_PATH"/overlays/rootfs_overlay_tpu/etc/nrc_opts_sta.ini "$TARGET_DIR"/etc/modprobe.d/nrc.conf