Novena Image script

In order to generate the Novena factory disk image from scratch, we use a script called novena-image.sh. This script takes care of bootstrapping and installing a good set of packages, and optionally partitioning the disk image, installing the bootloader, and installing any supplementary packages. It supports partitioning both MMC cards and SATA drives.

Usage
To speed up repeat installations, you probably should install apt-cacher-ng. By default, the script tries to access a mirror in Hong Kong via a local apt-cacher-ng mirror. The program requires no configuration, simply install it:

sudo apt-get install apt-cacher-ng

To use the novena-image.sh script, it is recommended you create wrapper scripts that contain things such as package lists and disk paths. One example of the script used to create the bare board image can be found at the above repo, and is called mmc-install.sh:

#!/bin/bash if [ -z $1 ] then echo "Usage: $0 [device]" echo "E.g. $0 /dev/mmcblk1" exit 1 fi   echo "Constructing a disk image on $1" time sudo ./novena-image.sh \ -d $1 \ -t mmc \ -s jessie \ -k kosagi.key \ -a pulseaudio-novena_1.0-1_all.deb \ -a irqbalance_0.56-1ubuntu4-rmk1_armhf.deb \ -a novena-disable-ssp_1.1-1_armhf.deb \ -a novena-firstrun_1.0-r1_all.deb \ -a u-boot-novena_2014.10-novena-rc5_armhf.deb \ -a linux-image-3.17.0-rc5-00054-g8a738b8_1.4_armhf.deb \ -l "sudo openssh-server ntp ntpdate dosfstools novena-eeprom \               xserver-xorg-video-modesetting arandr user-setup vim emacs \    	    hicolor-icon-theme gnome-icon-theme keychain locales \    	    avahi-daemon avahi-dnsconfd libnss-mdns debootstrap \    	    python build-essential xscreensaver console-data \    	    x11-xserver-utils usbutils unzip xz-utils subversion git make \    	    screen tmux read-edid powertop powermgmt-base pavucontrol \    	    p7zip-full paprefs pciutils nmap ntfs-3g network-manager-vpnc \    	    network-manager-pptp network-manager-openvpn bash-completion \    	    network-manager-iodine hexchat icedove iceweasel gnupg2 \    	    git-email git-man fuse enigmail dc curl clang bridge-utils \    	    bluez bluez-tools bluez-hcidump bison bc automake autoconf \    	    pidgin alsa-utils i2c-tools hwinfo android-tools-adb \    	    android-tools-fastboot android-tools-fsutils smartmontools \ xfce4-goodies xfce4-power-manager xfce4-mixer xfce4-terminal \ mousepad orage dbus-x11 quodlibet evince-gtk irssi strace \ tango-icon-theme network-manager-gnome synaptic pkg-config \ gnome-orca ncurses-dev gdb lzop lzop gawk bison g++ gcc flex"

Run this script and pass it the path to your SD card (either /dev/sdb if it's in a USB reader, or /dev/disk/by-path/platform-2194000.usdhc if it's in the side slot.

Supplementary packages will be installed in the order specified. In the above example, u-boot-novena is installed before the kernel, because u-boot-novena contains hook scripts required to move the kernel into place.

Once the script has completed, you will have a fully-bootable disk image.

Kosagi Repo Packages
A simple package named [kosagi-repo] installs a new package repository hosted at http://repo.novena.io/repo/. This repo contains a small set of Kosagi-built Novena-specific Debian packages.

When runnning novena-image at the moment, the packages specified in "-a" have to be either hand-built (sources available from http://github.com/xobs/) or downloaded from the above repository URL.

Signing Key
The kosagi-repo packages are all signed with Kosagi's Debian signing key. The novena-image scripts refer to a "kosagi.key" signing key which is this same key file.

You can possibly edit the scripts to run without the "-k kosagi.key" signing key option (maybe?) but alternatively you can get the key so your built image will trust packages from repo.novena.io.

The key is available from the Ubuntu keyserver with the ID 03C7B7EC and description "Kosagi Debian Signing Key". You can grab it and export it to a file as follows:

gpg --keyserver keyserver.ubuntu.com --recv-keys 03C7B7EC gpg --export 03C7B7EC > kosagi.key

'''IMPORTANT: There are currently no signatures uploaded to the keyserver for this key, so it's impossible to validate/trust the key or any of the key-related information on this insecure wiki page. Please consider that if security is important to you.'''