Kodi Standalone Minimal CLI installation script (ubuntu/jammy)

[Dantes]

This was fun but its still a bit flaky/unstable now and then but overall it seems to work.

 

What is it:

• KODI multimedia player standalone installation script.

 

Features:

• Boots directly into KODI with KODI standalone service
• Enabled Hardware decoding by liujianfeng1994
• Encrypted rootfs partition with auto-decrypt on boot
• Encryption key is randomly generated during installation and inserted into initramfs/crypttab
• Tested with EXT4 only
• Installed on Minimal CLI Ubuntu/Jammy installation

 

How to:

1. Download Ubuntu-Jammy-Minimal CLI
2. Copy 'kodi-minimal-cli' to sdcard /root
3. chmod +x /root/kodi-minimal-cli
4. boot from sdcard
5. fill out Armbian questionnaire
6. run ./kodi-minimal-cli
7. install to emmc and choose EXIT after
8. fill out wifi details in network manager if you need it
9. reboot

 

 

#!/bin/sh -vxe
# GPLv3 just in case anyone cares

# 0. boot from sdcard (ubuntu/jammy) minimal cli

# 1. remove Ubuntu Telemetry/Spyware if any
cd /tmp
apt \
  update \
  --yes
apt \
  purge\
  --yes \
  ubuntu-report \
  popularity-contest \
  apport \
  whoopsie \
  apport-symptoms
apt-mark \
  hold \
  ubuntu-report \
  popularity-contest \
  apport \
  whoopsie \
  apport-symptoms
  
cat << 'EOF' >> /etc/hosts
127.0.0.1   popcon.ubuntu.com
127.0.0.1   metrics.ubuntu.com
EOF

# format /dev/mmcblk2p1 ext4 bootfs
format(){ 
  case $2 in
    ext4)  mkfs.ext4  -F -L rootfs $1;;
    btrfs) mkfs.btrfs -f -L rootfs $1;;
    f2fs)  mkfs.f2fs  -f -l rootfs $1;;
    *)     false;;
  esac
}

#WORKDIR=/mnt                           #slower running from storage
WORKDIR=$(mktemp -d -p /dev/shm)        #faster running from memory
TARGET=/dev/mmcblk2
FSTYPE=ext4

grep -q "${TARGET}.*/boot" /proc/mounts && {
	echo "error: not booted from sdcard"
	exit 1
}

# 2. update and install:
apt update --yes && apt upgrade --yes
apt install --yes cryptsetup-bin gdisk

# 3. run armbian-install and install to emmc, when done choose: exit
armbian-install || true

# 4. backup data
mkdir -p ${WORKDIR}/emmcdata
mount ${TARGET}p1 ${WORKDIR}/emmcdata
rsync \
  --archive \
  --info=progress2 \
  ${WORKDIR}/emmcdata/ \
  ${WORKDIR}/backup
sync
umount ${TARGET}p1
rmdir ${WORKDIR}/emmcdata

# 5. create new partition layout and encrypt disk
sgdisk -og ${TARGET}
sgdisk -n 1:32768:+512M -t 0:8300 ${TARGET}
sgdisk -n 0:0:0 -t 0:8300 ${TARGET}

############################################
#NAME         SIZE RO TYPE  MOUNTPOINTS
#mmcblk2     28,9G  0 disk  
#├─mmcblk2p1  512M  0 part  /boot
#└─mmcblk2p2 28,4G  0 part  
#  └─rootfs  28,4G  0 crypt /var/log.hdd
#                           /
############################################

# format 1st/boot partition
format ${TARGET}p1 ${FSTYPE} bootfs

# create encryption key
KEYFILE=/dev/shm/rootfs.keyfile
dd if=/dev/urandom bs=$((4096/8)) count=1 of=${KEYFILE}
chmod u=r,go-rwx ${KEYFILE}

# encrypt 2nd/root partition
cryptsetup \
  luksFormat \
  --batch-mode \
  --cipher=aes-xts-plain64 \
  --key-size=512 \
  --hash=sha512 ${TARGET}p2 \
  ${KEYFILE}
ROOTFS=/dev/mapper/rootfs
cryptsetup \
  open \
  --key-file=${KEYFILE} \
  ${TARGET}p2 \
  rootfs

# format root partition
format ${ROOTFS} ${FSTYPE} rootfs

# 6. mount partitions
ROOT=${WORKDIR}/restore
mkdir -p ${ROOT}
mount ${ROOTFS} ${ROOT}
mkdir -p ${ROOT}/boot
mount ${TARGET}p1 ${ROOT}/boot

# 7. restore from backup
rsync \
  --archive \
  --info=progress2 \
  ${WORKDIR}/backup/ \
  ${ROOT}
sync

# 8. enable network in chrooted environment
cd ${ROOT}
touch root/.no_rootfs_resize
cp -p /etc/resolv.conf etc/resolv.conf
cp -p /etc/hosts etc/hosts
cp -p /etc/apt/sources.list etc/apt/sources.list
cp -p /etc/apt/sources.list.d/armbian.list etc/apt/sources.list.d/armbian.list

# 9. update initramfs-modules, crypttab, fstab
sed -i "/^rootdev=/s,=.*,=${ROOTFS}," boot/armbianEnv.txt
awk '{print $1}' /proc/modules > etc/initramfs-tools/modules
cat << EOF > etc/fstab
${ROOTFS} / ${FSTYPE} defaults,noatime,nodiratime,commit=600,errors=remount-ro 0 1
UUID=$(lsblk ${TARGET}p1 --noheadings -o UUID) /boot ${FSTYPE} defaults,noatime,nodiratime,commit=600,errors=remount-ro 0 2
tmpfs /tmp tmpfs defaults,nosuid 0 0
EOF
KEYDIR=${ROOT}/etc/luks
mkdir -p ${KEYDIR}
chmod u=rx,go-rwx ${KEYDIR}
mv ${KEYFILE} ${KEYDIR}
cat << EOF > ${ROOT}/etc/crypttab
rootfs UUID=$(blkid -s UUID -o value ${TARGET}p2) /etc/luks/rootfs.keyfile luks,discard
EOF

#10. chrooted environment
mount -o rbind /dev dev
mount -t proc proc proc
mount -t sysfs sys sys
CONFIG=/dev/shm/config
cat << 'EOF' > ${CONFIG}
#!/bin/sh -vxe
apt update --yes
apt -o Dpkg::Options::="--force-confdef" --yes install cryptsetup-initramfs

### embed keyfile
KEYDIR=/etc/luks
KEYFILE=${KEYDIR}/rootfs.keyfile
echo "KEYFILE_PATTERN=${KEYDIR}/*.keyfile" >> /etc/cryptsetup-initramfs/conf-hook
echo "UMASK=0077" >> /etc/initramfs-tools/initramfs.conf
update-initramfs -u

### network manager
apt install --yes network-manager ufw


### kodi
echo kodi >/etc/hostname
hostname -F /etc/hostname

PPA='https://ppa.launchpadcontent.net/liujianfeng1994/panfork-mesa/ubuntu'
GPG='/etc/apt/trusted.gpg.d/liujianfeng1994_ubuntu_panfork-mesa.gpg'
LIST='/etc/apt/sources.list.d/liujianfeng1994-ubuntu-panfork-mesa.list'
URL='https://keyserver.ubuntu.com/pks/lookup?op=get&search=0x'
KEY='0B2F0747E3BD546820A639B68065BE1FC67AABDE'

curl -S "${URL}${KEY}" | gpg --batch --yes --dearmor --output "${GPG}"
echo "deb ${PPA} $(lsb_release -sc) main" | tee ${LIST}

apt update --yes
apt install --yes mali-g610-firmware
apt install --yes xserver-xorg xinit kodi unzip make

useradd kodi --no-create-home --home-dir /var/lib/kodi
echo "kodi:kodi" | chpasswd
# cec-adapter
usermod kodi -a -G dialout
mkdir /etc/sysusers.d/

URL=https://codeload.github.com/graysky2/kodi-standalone-service/zip/refs/heads/master
wget ${URL} -O /dev/shm/master.zip
unzip /dev/shm/master.zip -d/dev/shm
cd /dev/shm/kodi-standalone-service-master/
make install
systemd-sysusers
systemd-tmpfiles --create || true
systemctl enable kodi.service 

# disable the local resolver and use the one provided by DHCP
#systemctl disable systemd-resolved

# cat << EOF >> /etc/sysctl.conf
# # disable ipv6
# net.ipv6.conf.all.disable_ipv6=1
# net.ipv6.conf.default.disable_ipv6=1
# net.ipv6.conf.lo.disable_ipv6=1
# EOF
# sed -i '/#ListenAddress 0.0.0.0/s,^#,,' /etc/ssh/sshd_config

# network manager to setup wifi
nmtui

exit
EOF
chmod +x ${CONFIG}
chroot . ${CONFIG}
cd ${WORKDIR}

#awk -v WD=${WORKDIR} '$0 ~ WD {print $2}' /proc/mounts | sort -r | xargs umount || true

 

kodi-minimal-cli

Edited June 12, 2023 by Dantes

[Dantes]

Update:

 

Use the 'Armbian Jammy CLI' image as a base for now. The 'Armbian Jammy Minimal CLI' does not detect the USB 3.0 port. Fixed some small bugs in the script and opted to run the wireless network setup in the end.

minimal_cli_kodi_fde