Added OctoPrint user, improved security, fixed GUI

Added OctoPrint user to run OctoPrint daemon (not implemented yet)
Really removed LightDM
Fixed OctoPrint not building

stage1/00-boot-files/files/config.txt

@@ -56,6 +56,9 @@ disable_overscan=1
 # Enable audio (loads snd_bcm2835)
 dtparam=audio=on
 
+# Memory split
+gpu_mem=128
+
 [pi4]
 # Enable DRM VC4 V3D driver on top of the dispmanx display stack
 dtoverlay=vc4-fkms-v3d
@@ -63,3 +66,4 @@ max_framebuffers=2
 
 [all]
 #dtoverlay=vc4-fkms-v3d
+

stage1/01-sys-tweaks/00-run.sh

@@ -11,8 +11,8 @@ on_chroot << EOF
 if ! id -u ${FIRST_USER_NAME} >/dev/null 2>&1; then
 	adduser --disabled-password --gecos "" ${FIRST_USER_NAME}
 fi
+adduser --disabled-password --gecos "" octoprint
 echo "${FIRST_USER_NAME}:${FIRST_USER_PASS}" | chpasswd
-echo "root:root" | chpasswd
+echo "octoprint:$(cat /dev/urandom | tr -dc _A-Z-a-z-0-9 | head -c20)" | chpasswd 
+echo "root:$(cat /dev/urandom | tr -dc _A-Z-a-z-0-9 | head -c20)" | chpasswd
 EOF
-
-

stage2/01-sys-tweaks/01-run.sh

@@ -40,9 +40,12 @@ on_chroot <<EOF
 for GRP in input spi i2c gpio; do
 	groupadd -f -r "\$GRP"
 done
-for GRP in adm dialout tty cdrom audio users sudo video games plugdev input gpio spi i2c netdev; do
+for GRP in adm cdrom audio users sudo video games plugdev input gpio spi i2c netdev; do
   adduser $FIRST_USER_NAME \$GRP
 done
+for GRP in dialout plugdev video users; do
+  adduser octoprint \$GRP
+done
 EOF
 
 on_chroot << EOF

stage2/04-octoprint/01-run.sh

@@ -1,7 +1,7 @@
 #!/bin/bash -e
 
-if [ -d /home/${FIRST_USER_NAME} ];
+if [ -d /home/octoprint ];
-  cd /home/${FIRST_USER_NAME} || exit 1
+  cd /home/octoprint || exit 1
   mkdir OctoPrint || exit 1
   cd OctoPrint || exit 1
   virtualenv venv || exit 1

stage3/00-install-packages/01-run.sh

@@ -1,6 +1,6 @@
 #!/bin/bash -e
 
-install -m 644 files/nodm.conf /etc/nodm.conf
+echo -n -e "NODM_USER=${FIRST_USER_NAME}\nNODM_XSESSION=/home/${FIRST_USER_NAME}/.xinitrc" > /etc/nodm.conf
 
 on_chroot << EOF
 update-alternatives --install /usr/bin/x-www-browser \

stage3/01-tweaks/00-run.sh

@@ -2,4 +2,3 @@
 
 #rm -f "${ROOTFS_DIR}/etc/systemd/system/dhcpcd.service.d/wait.conf"
 
-install -m 644 files/lightdm.conf "${ROOTFS_DIR}/etc/lightdm/lightdm.conf"

stage3/01-tweaks/files/lightdm.conf

@@ -1,164 +0,0 @@
-#
-# General configuration
-#
-# start-default-seat = True to always start one seat if none are defined in the configuration
-# greeter-user = User to run greeter as
-# minimum-display-number = Minimum display number to use for X servers
-# minimum-vt = First VT to run displays on
-# lock-memory = True to prevent memory from being paged to disk
-# user-authority-in-system-dir = True if session authority should be in the system location
-# guest-account-script = Script to be run to setup guest account
-# logind-check-graphical = True to on start seats that are marked as graphical by logind
-# log-directory = Directory to log information to
-# run-directory = Directory to put running state in
-# cache-directory = Directory to cache to
-# sessions-directory = Directory to find sessions
-# remote-sessions-directory = Directory to find remote sessions
-# greeters-directory = Directory to find greeters
-# backup-logs = True to move add a .old suffix to old log files when opening new ones
-# dbus-service = True if LightDM provides a D-Bus service to control it
-#
-[LightDM]
-#start-default-seat=true
-#greeter-user=lightdm
-#minimum-display-number=0
-#minimum-vt=7 # Setting this to a value < 7 implies security issues, see FS#46799
-#lock-memory=true
-#user-authority-in-system-dir=false
-#guest-account-script=guest-account
-#logind-check-graphical=false
-#log-directory=/var/log/lightdm
-run-directory=/run/lightdm
-#cache-directory=/var/cache/lightdm
-#sessions-directory=/usr/share/lightdm/sessions:/usr/share/xsessions:/usr/share/wayland-sessions
-#remote-sessions-directory=/usr/share/lightdm/remote-sessions
-#greeters-directory=$XDG_DATA_DIRS/lightdm/greeters:$XDG_DATA_DIRS/xgreeters
-#backup-logs=true
-#dbus-service=true
-
-#
-# Seat configuration
-#
-# Seat configuration is matched against the seat name glob in the section, for example:
-# [Seat:*] matches all seats and is applied first.
-# [Seat:seat0] matches the seat named "seat0".
-# [Seat:seat-thin-client*] matches all seats that have names that start with "seat-thin-client".
-#
-# type = Seat type (local, xremote)
-# pam-service = PAM service to use for login
-# pam-autologin-service = PAM service to use for autologin
-# pam-greeter-service = PAM service to use for greeters
-# xserver-command = X server command to run (can also contain arguments e.g. X -special-option)
-# xmir-command = Xmir server command to run (can also contain arguments e.g. Xmir -special-option)
-# xserver-config = Config file to pass to X server
-# xserver-layout = Layout to pass to X server
-# xserver-allow-tcp = True if TCP/IP connections are allowed to this X server
-# xserver-share = True if the X server is shared for both greeter and session
-# xserver-hostname = Hostname of X server (only for type=xremote)
-# xserver-display-number = Display number of X server (only for type=xremote)
-# xdmcp-manager = XDMCP manager to connect to (implies xserver-allow-tcp=true)
-# xdmcp-port = XDMCP UDP/IP port to communicate on
-# xdmcp-key = Authentication key to use for XDM-AUTHENTICATION-1 (stored in keys.conf)
-# greeter-session = Session to load for greeter
-# greeter-hide-users = True to hide the user list
-# greeter-allow-guest = True if the greeter should show a guest login option
-# greeter-show-manual-login = True if the greeter should offer a manual login option
-# greeter-show-remote-login = True if the greeter should offer a remote login option
-# user-session = Session to load for users
-# allow-user-switching = True if allowed to switch users
-# allow-guest = True if guest login is allowed
-# guest-session = Session to load for guests (overrides user-session)
-# session-wrapper = Wrapper script to run session with
-# greeter-wrapper = Wrapper script to run greeter with
-# guest-wrapper = Wrapper script to run guest sessions with
-# display-setup-script = Script to run when starting a greeter session (runs as root)
-# display-stopped-script = Script to run after stopping the display server (runs as root)
-# greeter-setup-script = Script to run when starting a greeter (runs as root)
-# session-setup-script = Script to run when starting a user session (runs as root)
-# session-cleanup-script = Script to run when quitting a user session (runs as root)
-# autologin-guest = True to log in as guest by default
-# autologin-user = User to log in with by default (overrides autologin-guest)
-# autologin-user-timeout = Number of seconds to wait before loading default user
-# autologin-session = Session to load for automatic login (overrides user-session)
-# autologin-in-background = True if autologin session should not be immediately activated
-# exit-on-failure = True if the daemon should exit if this seat fails
-#
-[Seat:*]
-#type=local
-#pam-service=lightdm
-#pam-autologin-service=lightdm-autologin
-#pam-greeter-service=lightdm-greeter
-#xserver-command=X
-#xmir-command=Xmir
-#xserver-config=
-#xserver-layout=
-#xserver-allow-tcp=false
-#xserver-share=true
-#xserver-hostname=
-#xserver-display-number=
-#xdmcp-manager=
-#xdmcp-port=177
-#xdmcp-key=
-#greeter-session=example-gtk-gnome
-#greeter-hide-users=false
-#greeter-allow-guest=true
-#greeter-show-manual-login=false
-#greeter-show-remote-login=true
-#user-session=default
-#allow-user-switching=true
-#allow-guest=true
-#guest-session=
-session-wrapper=/etc/lightdm/Xsession
-#greeter-wrapper=
-#guest-wrapper=
-#display-setup-script=
-#display-stopped-script=
-#greeter-setup-script=
-#session-setup-script=
-#session-cleanup-script=
-#autologin-guest=false
-autologin-user=pi
-autologin-user-timeout=0
-#autologin-in-background=false
-#autologin-session=openbox
-#exit-on-failure=false
-
-#
-# XDMCP Server configuration
-#
-# enabled = True if XDMCP connections should be allowed
-# port = UDP/IP port to listen for connections on
-# listen-address = Host/address to listen for XDMCP connections (use all addresses if not present)
-# key = Authentication key to use for XDM-AUTHENTICATION-1 or blank to not use authentication (stored in keys.conf)
-# hostname = Hostname to report to XDMCP clients (defaults to system hostname if unset)
-#
-# The authentication key is a 56 bit DES key specified in hex as 0xnnnnnnnnnnnnnn.  Alternatively
-# it can be a word and the first 7 characters are used as the key.
-#
-[XDMCPServer]
-#enabled=false
-#port=177
-#listen-address=
-#key=
-#hostname=
-
-#
-# VNC Server configuration
-#
-# enabled = True if VNC connections should be allowed
-# command = Command to run Xvnc server with
-# port = TCP/IP port to listen for connections on
-# listen-address = Host/address to listen for VNC connections (use all addresses if not present)
-# width = Width of display to use
-# height = Height of display to use
-# depth = Color depth of display to use
-#
-[VNCServer]
-#enabled=false
-#command=Xvnc
-#port=5900
-#listen-address=
-#width=1024
-#height=768
-#depth=8
-