Changed to Debian 10 Buster

Author: hilschernetpi

Dockerfile

@@ -1,5 +1,5 @@
 #use armv7hf compatible base image
-FROM balenalib/armv7hf-debian:stretch
+FROM balenalib/armv7hf-debian:buster
 
 #dynamic build arguments coming from the /hook/build file
 ARG BUILD_DATE
@@ -10,11 +10,11 @@ LABEL org.label-schema.build-date=$BUILD_DATE \
       org.label-schema.vcs-url="https://github.com/HilscherAutomation/netPI-raspbian" \
       org.label-schema.vcs-ref=$VCS_REF
 
-#enable building ARM container on x86 machinery on the web (comment out next line if built on Raspberry)
+#enable cross compiling (comment out next line if built on Raspberry Pi) 
 RUN [ "cross-build-start" ]
 
 #version
-ENV HILSCHERNETPI_RASPBIAN_VERSION 1.0.2
+ENV HILSCHERNETPI_RASPBIAN_VERSION 1.1.0
 
 #labeling
 LABEL maintainer="netpi@hilscher.com" \
@@ -29,45 +29,41 @@ ENV PASSWD=raspberry
 COPY "./init.d/*" /etc/init.d/
 
 RUN apt-get update \
-    && apt-get install wget \
-    && wget https://archive.raspbian.org/raspbian.public.key -O - | apt-key add - \
-    && echo 'deb http://raspbian.raspberrypi.org/raspbian/ stretch main contrib non-free rpi' | tee -a /etc/apt/sources.list \
-    && wget -O - http://archive.raspberrypi.org/debian/raspberrypi.gpg.key | sudo apt-key add - \
-    && echo 'deb http://archive.raspberrypi.org/debian/ stretch main ui' | tee -a /etc/apt/sources.list.d/raspi.list \
-    && apt-get update  \
-    && apt-get install -y openssh-server \
-    && mkdir /var/run/sshd \
-    # && sed -i -e 's;#Port 22;Port 23;' /etc/ssh/sshd_config \ #Comment in if SSH port other than 22 is needed (22->23)
-    && sed -i 's@#force_color_prompt=yes@force_color_prompt=yes@g' -i /etc/skel/.bashrc \
-    && useradd --create-home --shell /bin/bash pi \
-    && echo $USER:$PASSWD | chpasswd \
-    && adduser $USER sudo \
-    && echo $USER " ALL=(ALL) NOPASSWD: ALL" > /etc/sudoers.d/010_pi-nopasswd \
-    && groupadd spi \
-    && groupadd gpio \
-    && adduser $USER dialout \
-    && adduser $USER cdrom \
-    && adduser $USER audio \
-    && adduser $USER video \
-    && adduser $USER plugdev \
-    && adduser $USER games \
-    && adduser $USER users \
-    && adduser $USER input \
-    && adduser $USER spi \
-    && adduser $USER gpio \
-    && apt-get install -y --no-install-recommends \
+ && apt-get install wget \
+ && wget https://archive.raspbian.org/raspbian.public.key -O - | apt-key add - \
+ && echo 'deb http://raspbian.raspberrypi.org/raspbian/ buster main contrib non-free rpi' | tee -a /etc/apt/sources.list \
+ && wget -O - http://archive.raspberrypi.org/debian/raspberrypi.gpg.key | sudo apt-key add - \
+ && echo 'deb http://archive.raspberrypi.org/debian/ buster main ui' | tee -a /etc/apt/sources.list.d/raspi.list \
+ && apt-get update  \
+ && apt-get install -y openssh-server \
+ && mkdir /var/run/sshd \
+# && sed -i -e 's;#Port 22;Port 23;' /etc/ssh/sshd_config \ #Comment in if SSH port other than 22 is needed (22->23)
+ && sed -i 's@#force_color_prompt=yes@force_color_prompt=yes@g' -i /etc/skel/.bashrc \
+ && useradd --create-home --shell /bin/bash pi \
+ && echo $USER:$PASSWD | chpasswd \
+ && adduser $USER sudo \
+ && groupadd spi \
+ && groupadd gpio \
+ && adduser $USER dialout \
+ && adduser $USER cdrom \
+ && adduser $USER audio \
+ && adduser $USER video \
+ && adduser $USER plugdev \
+ && adduser $USER games \
+ && adduser $USER users \
+ && adduser $USER input \
+ && adduser $USER spi \
+ && adduser $USER gpio \
+ && apt-get install -y --no-install-recommends \
                 less \
                 kmod \
                 nano \
                 net-tools \
                 ifupdown \
                 iputils-ping \
-                i2c-tools \
                 usbutils \
                 build-essential \
-                git \
                 python \
-                aptitude \
                 unzip \
                 info \
                 htop \
@@ -85,13 +81,11 @@ RUN apt-get update \
                 avahi-daemon \
                 bash-completion \
                 bind9-host \
-                blends-tasks \
                 bluez \
                 bsdmainutils \
                 cifs-utils \
                 console-setup \
                 console-setup-linux \
-                dh-python \
                 cpio \
                 crda \
                 cron \
@@ -110,21 +104,16 @@ RUN apt-get update \
                 dphys-swapfile \
                 groff-base \
                 hardlink \
-                initramfs-tools \
-                initramfs-tools-core \
                 iso-codes \
                 keyutils \
-                klibc-utils \   
                 locales \
                 logrotate \
                 lsb-release \
                 lua5.1 \
                 luajit \
-                makedev \
                 man-db  \
                 manpages \
                 manpages-dev \
-                mountall \
                 ncdu \
                 ncurses-term \
                 netcat-openbsd \
@@ -133,16 +122,12 @@ RUN apt-get update \
                 openresolv \
                 paxctld \
                 pkg-config \
-                plymouth \
                 policykit-1 \
-                rename \
                 rfkill \
                 rpcbind \
-                sgml-base \
                 shared-mime-info \
                 ssh \
                 strace \
-                tcpd \
                 traceroute \
                 triggerhappy \
                 usb-modeswitch \
@@ -154,24 +139,39 @@ RUN apt-get update \
                 wpasupplicant \
                 xauth \
                 xdg-user-dirs \
-                xml-core  \
                 xxd \
                 zlib1g-dev:armhf \
-                autotools-dev \
-                autoconf \
-                automake \ 
-                cmake \
-                bison \
-                flex \
-                libtool \
-                python-dev \
-                python-pip \
-    && git clone --depth 1 https://github.com/raspberrypi/firmware /tmp/firmware \
-    && mv /tmp/firmware/hardfp/opt/vc /opt \
-    && echo "/opt/vc/lib" >/etc/ld.so.conf.d/00-vmcs.conf \
-    && /sbin/ldconfig \
-    && rm -rf /tmp/* \
-    && rm -rf /var/lib/apt/lists/*
+                ethtool \
+                geoip-database \
+                libalgorithm-diff-perl \
+                parted \
+                pi-bluetooth \
+                psmisc \
+                freetype2-doc \
+                publicsuffix \
+                python-rpi.gpio \
+                python3-pkg-resources \
+                python3-requests \
+                python3-six \
+                python3-urllib3 \
+                rng-tools \
+                rsync \
+                rsyslog \
+                ssh-import-id \
+                gdbm-l10n \
+                javascript-common \
+                multiarch-support \ 
+                tasksel \
+                libraspberrypi-bin \
+                libraspberrypi-dev \
+                libraspberrypi-doc \
+                libsigc++-1.2-dev \
+                raspberrypi-kernel \
+                raspi-copies-and-fills \
+ && apt-get remove git \
+ && apt-get autoremove \
+ && rm -rf /tmp/* \
+ && rm -rf /var/lib/apt/lists/*
 
 #set the entrypoint
 ENTRYPOINT ["/etc/init.d/entrypoint.sh"]
@@ -182,5 +182,5 @@ EXPOSE 22
 #set STOPSGINAL
 STOPSIGNAL SIGTERM
 
-#stop processing ARM emulation (comment out next line if built on Raspberry)
+#disable cross compiling (comment out next line if built on Raspberry Pi) 
 RUN [ "cross-build-end" ]

README.md

@@ -7,31 +7,41 @@
 
 Made for [netPI](https://www.netiot.com/netpi/), the Raspberry Pi 3B Architecture based industrial suited Open Edge Connectivity Ecosystem
 
-### Raspbian with SSH and user pi
+### Secured netPI Docker
+
+netPI features a restricted Docker protecting the system software's integrity by maximum. The restrictions are 
+
+* privileged mode is not automatically adding all host devices `/dev/` to a container
+* volume bind mounts to rootfs is not supported
+* the devices `/dev`,`/dev/mem`,`/dev/sd*`,`/dev/dm*`,`/dev/mapper`,`/dev/mmcblk*` cannot be added to a container
+
+### Container features 
+
+The image provided hereunder deploys a container with Debian, SSH server, Raspberry Pi userland tool and created user pi.
 
 Base of this image builds [debian](https://www.balena.io/docs/reference/base-images/base-images/) with enabled [SSH](https://en.wikipedia.org/wiki/Secure_Shell), created user 'pi' and preinstalled packages of a headless Raspbian lite.
 
-#### Container prerequisites
+### Container setup
 
-##### Port mapping
+#### Port mapping
 
-For remote login to the container across SSH the container's SSH port `22` needs to be mapped to any free netPI Host port.
+For a SSH login to the container any unused netPI host port needs to be added to the container port `22` (SSH).
 
-##### Hostname 
+#### Hostname (optional)
 
-A normal Raspberry Pi has the default hostname `raspberrypi`. For equal conditions set the container's hostname to the same string.
+For an equal standard Raspberry Pi condition set the container hostname to `raspberrypi`.
 
-##### Privileged mode (optional)
+#### Privileged mode (optional)
 
 The privileged mode option needs to be activated to lift the standard Docker enforced container limitations. With this setting the container and the applications inside are the getting (almost) all capabilities as if running on the Host directly. 
 
 netPI's secure reference software architecture prohibits root access to the Host system always. Even if priviledged mode is activated the intrinsic security of the Host Linux Kernel can not be compromised.
 
-##### Host device (optional)
+#### Host device (optional)
 
-The container includes the [userland](https://github.com/raspberrypi/userland) tools you find installed in standard Raspbian OS too. To grant access of tools like [vcmailbox](https://github.com/raspberrypi/userland/blob/master/host_applications/linux/apps/vcmailbox/vcmailbox.c) the `/dev/vcio` and `/dev/vchiq` and `/dev/vc-mem` host devices need to be exposed to the container. (Prerequisite is running the container in privileged mode).
+The container includes the [userland](https://github.com/raspberrypi/userland) tools installed with original Raspbian OS too. To grant access of tools like [vcmailbox](https://github.com/raspberrypi/userland/blob/master/host_applications/linux/apps/vcmailbox/vcmailbox.c) the `/dev/vcio` and `/dev/vchiq` and `/dev/vc-mem` host devices need to be exposed to the container. (Prerequisite is running the container in privileged mode).
 
-#### Getting started
+### Container deployment
 
 STEP 1. Open netPI's website in your browser (https).
 
@@ -42,7 +52,7 @@ STEP 3. Enter the following parameters under *Containers > + Add Container*
 Parameter | Value | Remark
 :---------|:------ |:------
 *Image* | **hilschernetpi/netpi-raspbian**
-*Network > Hostname* | **raspberrypi**
+*Network > Hostname* | **raspberrypi** | optional
 *Port mapping* | *host* **22** -> *container* **22** | *host*=any unused
 *Restart policy* | **always**
 *Runtime > Devices > +add device* | *Host path* **/dev/vcio** -> *Container path* **/dev/vcio** | optional
@@ -54,25 +64,29 @@ STEP 4. Press the button *Actions > Start/Deploy container*
 
 Pulling the image may take a while (5-10mins). Sometimes it may take too long and a time out is indicated. In this case repeat STEP 4.
 
-#### Accessing
+### Container access
 
-The container starts the SSH server automatically. Open a terminal connection to it with an SSH client such as [putty](http://www.putty.org/) using netPI's IP address at your mapped port.
+The container automatically starts the SSH server. For a SSH session use a SSH client such as [putty](http://www.putty.org/) with the netPI IP address (@mapped SSH host port number).
 
-As with a Raspberry Pi use the default credentials `pi` as user and `raspberry` as password when asked and you are logged in as non-root user `pi`.
+Use the credentials `pi` as user and `raspberry` as password when asked and you are logged in as non-root user `pi`.
 
 Continue to use [Linux commands](https://www.raspberrypi.org/documentation/linux/usage/commands.md) in the terminal as usual.
 
-#### Youtube
+### Container on Youtube
 
 [![Tutorial](https://img.youtube.com/vi/A-asfhl7b0c/0.jpg)](https://youtu.be/A-asfhl7b0c)
 
-#### Automated build
+### Container tips & tricks
+
+For additional help or information visit the Hilscher Forum at https://forum.hilscher.com/
+
+### Contaner automated build
 
 The project complies with the scripting based [Dockerfile](https://docs.docker.com/engine/reference/builder/) method to build the image output file. Using this method is a precondition for an [automated](https://docs.docker.com/docker-hub/builds/) web based build process on DockerHub platform.
 
-DockerHub web platform is x86 CPU based, but an ARM CPU coded output file is needed for Raspberry systems. This is why the Dockerfile includes the [balena.io](https://balena.io/blog/building-arm-containers-on-any-x86-machine-even-dockerhub/) steps.
+DockerHub web platform is x86 CPU based, but an ARM CPU coded output file is needed for Raspberry Pi systems. This is why the Dockerfile includes the [balena.io](https://balena.io/blog/building-arm-containers-on-any-x86-machine-even-dockerhub/) steps.
 
-#### License
+### License
 
 View the license information for the software in the project. As with all Docker images, these likely also contain other software which may be under other licenses (such as Bash, etc from the base distribution, along with any direct or indirect dependencies of the primary software being contained).
 As for any pre-built image usage, it is the image user's responsibility to ensure that any use of this image complies with any relevant licenses for all software contained within.

init.d/entrypoint.sh

@@ -16,6 +16,10 @@ trap 'kill ${!}; term_handler' SIGINT SIGKILL SIGTERM SIGQUIT SIGTSTP SIGSTOP SI
 echo "starting ssh ..."
 sudo /etc/init.d/ssh start
 
+# start dbus deamon
+echo "starting dbus ..."
+/etc/init.d/dbus start
+
 # wait forever not to exit the container
 while true
 do