updated comments

bootstrap-bookworm.sh

@@ -3,19 +3,19 @@
 # Interactive installation steps for debian bookworm from GRML using debootstrap
 
 # Design decisions
-# - Fokus on a simple setup, primarly for VMs
-# - One disk, one partion, swap-file in the same partion as safety net
+# - Fokus on a small and simple setup
 # - Use systemd whereever possible (network, ntp, cron, journald logging)
-# - Minimal number of packages & cloud kernel
-# - support for grub-pc and grub-efi
-# - random root and admin user password generation
-# - ssh on port 50101 limited to the admin user
+# - Minimal number of packages
+# - One disk
+# - Schema VM: single ext4 partition, cloud kernel, grub-pc
+# - Schema Physical Server partitions for efi, os and luks data container
+# - Random root and admin user password generation
+# - Swap-file as safety net
+# - SSH on port 50101 limited to the admin user
 
 # Usage
-# # Boot grml
-# passwd root
-# grml-network
-# Start ssh
+# Boot grml or run from an existing debian/ubuntu installation
+# grml: passwd root; grml-network; Start ssh
 # git clone https://git.in-ulm.de/ulpeters/bootstrap.git
 # cp config.sh.template config.sh                    # copy template
 # config-get-netconf-eth0.sh                         # get running grml network config
@@ -41,14 +41,14 @@ netDNS2="198.51.100.10"
 netNTP="pool.ntp.org"
 pwdAdmin=""                         # "" blank for auto-generation
 pwdRoot=""                          # "" blank for auto-generation
+debootstrap="native"                # docker, to run in docker container
 extraPackages="qemu-guest-agent"    # additional packages to install, e.g. cryptsetup
 
 # Overwrite default variables from config file
 [ -f ./config.sh ] && source config.sh
 
 
-
-# Setup network in grml
+# Setup network in grml based on config.sh
 grmlnetwork(){
 ip link show # list interfaces
 ip addr add $netAddress dev $netDev
@@ -60,31 +60,34 @@ echo nameserver $netDNS2 >> /etc/resolv.conf
 
 
 install(){
-# Wipe existing partition table
+#----------
+# Prepare disk
+
+echo "Wipe existing partition table to supress warnings from parted"
 dd if=/dev/zero of=$disk bs=512 count=34
 
 # Parition disks -- pkg: parted
 # Prepare partition tables and partitions
 # -parted --script does not accept blanks in partition names
 
+# Prepare disks with a single mbr partition
 if [ "$partition" = "mbr-single" ]
 then
-  #----------
-  # Prepare disks with a single partition
+  echo "Prepare mbr partition table with a single partition"
   parted $disk --script \
   mklabel msdos \
   mkpart primary ext4 512M 100% toggle 1 boot \
   print
 fi
 
+# Prepare disks with gpt/efi
 if [ "$partition" = "efi-crypt" ]
 then
-  #----------
-  # Prepare disks with following layout
-  # - 301 MB partition for EFI                          --> p1
-  # - 50  GB root partition for the OS (includes /boot) --> p2
-  # - Remaining disk left to create a luks container    --> p3
-  parted $disk --script                                \
+  echo "Prepare gpt partition table with following layout:"
+  echo "- 301 MB partition for EFI                          --> p1"
+  echo "- 50  GB root partition for the OS (includes /boot) --> p2"
+  echo "- Remaining disk left to create a luks container    --> p3"
+  parted $disk --script                              \
   mklabel gpt                                        \
   mkpart EFI_system_partition  fat32    1MiB 301MiB  \
   set  1 esp  on                                     \
@@ -100,17 +103,17 @@ then
   # Inform OS about partition table change
   partprobe $disk && sleep 1
   
-  # Format EFI disk -- pkg: e2fsprogs dosfstools and to file system check
+  # Format EFI partition -- pkg: dosfstools e2fsprogs
   mkfs.fat  -v -F 32 -n EFIBOOT $disk0 && fsck $disk0
 fi
 
 # Create swapfile
 swapfile=$mnt/swapfile
-dd if=/dev/zero of=$swapfile bs=1M count=1024 status=progress # create 1GB  file
-chmod 600 $swapfile #restric permissions
-mkswap $swapfile #format file
+dd if=/dev/zero of=$swapfile bs=1M count=1024 status=progress # create 1GB file
+chmod 600 $swapfile # restric permissions
+mkswap $swapfile    # format file
 
-# Format OS disk -- pkg: e2fsprogs dosfstools and to file system check
+# Format OS disk -- pkg: e2fsprogs
 mkfs.ext4 -v -F               $disk1 && fsck $disk1
 
 # Prepare mount points and mount
@@ -119,11 +122,19 @@ mount $disk1 $mnt
 
 #----------
 # Bootstrap -- pkg: debootstrap
-# Remark: Debootstrap does not install recommands!! 
-# debootstrap --variant=minbase --arch=amd64 bookworm $mnt http://ftp2.de.debian.org/debian/
-# Alternatively bootstrap from a docker container, e.g. if no recent debootstrap is available
-docker run -it --rm --cap-add=SYS_CHROOT --name debootstrap -v $mnt:$mnt -e mnt=$mnt \debian /bin/sh -c \
-"apt-get update && apt-get install --yes debootstrap && debootstrap --variant=minbase --arch=amd64 bookworm $mnt http://ftp2.de.debian.org/debian/"
+# Remark: Debootstrap does not install recommands!!
+case "$debootstrap" in
+   native)   debootstrap --variant=minbase --arch=amd64 bookworm $mnt http://ftp2.de.debian.org/debian/
+             ;;
+   # Alternatively bootstrap from a docker container, e.g. if no recent debootstrap is available
+   docker)   docker run -it --rm --cap-add=SYS_CHROOT --name debootstrap \
+                        -v $mnt:$mnt -e mnt=$mnt debian /bin/sh -c \
+                        "apt-get update && apt-get install --yes debootstrap \
+                        && debootstrap --variant=minbase --arch=amd64 bookworm \
+                        $mnt http://ftp2.de.debian.org/debian/"
+             ;;
+esac
+
 
 # Configure disk mounts
 # Or get UUID from blkid...
@@ -162,7 +173,6 @@ chroot $mnt /bin/bash /installer/bootstrap-bookworm.sh install2
 
 # Install bootloader
 $0 bootloader
-
 }
 
 
@@ -175,11 +185,10 @@ case "$partition" in
    mbr-single)   grubPkg="grub-pc"   ;;
    efi-crypt)    grubPkg="grub-efi"  ;;
 esac
-# Install basic system
 
+# Install basic system
 apt-get update
 export DEBIAN_FRONTEND=noninteractive
-echo ------installing $grubPkg
 apt-get install --yes \
   apt-utils dialog msmtp-mta \
   systemd-sysv locales tzdata haveged \
@@ -211,7 +220,6 @@ sed -i -e 's/#Port 22/Port 50101/g' /etc/ssh/sshd_config
 sed -i -e 's/#PubkeyAuthentication yes/PubkeyAuthentication yes/g' /etc/ssh/sshd_config
 # https://infosec.mozilla.org/guidelines/openssh.html
 
-
 # Allow admin to sudo without password
 echo AllowUsers admin >> /etc/ssh/sshd_config
 echo "admin ALL=(ALL) NOPASSWD:ALL" > /etc/sudoers.d/admin
@@ -306,13 +314,13 @@ esac
 
 unmount(){
 # Unmount if mounted
-! mountpoint -q $mnt/proc     || umount $mnt/proc
-! mountpoint -q $mnt/sys      || umount $mnt/sys
-! mountpoint -q $mnt/dev/pts  || umount $mnt/dev/pts
-! mountpoint -q $mnt/dev      || umount $mnt/dev
-! mountpoint -q $mnt          || umount $mnt
+! mountpoint -q $mnt/proc     || umount -v $mnt/proc
+! mountpoint -q $mnt/sys      || umount -v $mnt/sys
+! mountpoint -q $mnt/dev/pts  || umount -v $mnt/dev/pts
+! mountpoint -q $mnt/dev      || umount -v $mnt/dev
+! mountpoint -q $mnt          || umount -v $mnt
 # Delete mount-point if empty and not mounted
-[ -d $mnt ]          && [ -z "$(ls -A $mnt)"          ] &&  ! mountpoint -q $mnt           && rm -R $mnt
+[ -d $mnt ] && [ -z "$(ls -A $mnt)" ] && ! mountpoint -q $mnt && rm -R $mnt
 }