13-kernel.sh
602 lines
| 23.7 KiB
| application/x-sh
|
BashLexer
/ bootstrap.d / 13-kernel.sh
Filip Pytloun
|
r56 | # | ||
drtyhlpr
|
r94 | # Build and Setup RPi2/3 Kernel | ||
|
Filip Pytloun
|
r56 | # | ||
|
Jan Wagner
|
r67 | # Load utility functions | ||
|
Filip Pytloun
|
r56 | . ./functions.sh | ||
Unknown
|
r482 | # Need to use kali kernel src if nexmon is enabled | ||
|
Unknown
|
r480 | if [ "$ENABLE_NEXMON" = true ] ; then | ||
|
Unknown
|
r490 | KERNEL_URL="${KALI_KERNEL_URL}" | ||
|
Unknown
|
r524 | # Clear Branch and KernelSRC_DIR if using nexmon. Everyone will forget to clone kali kernel instead of nomrla kernel | ||
|
Unknown
|
r494 | KERNEL_BRANCH="" | ||
|
Unknown
|
r516 | KERNELSRC_DIR="" | ||
|
Unknown
|
r480 | fi | ||
|
Filip Pytloun
|
r56 | # Fetch and build latest raspberry kernel | ||
| if [ "$BUILD_KERNEL" = true ] ; then | ||||
|
Jan Wagner
|
r72 | # Setup source directory | ||
|
Unknown
|
r356 | mkdir -p "${KERNEL_DIR}" | ||
|
Filip Pytloun
|
r56 | |||
|
Jan Wagner
|
r72 | # Copy existing kernel sources into chroot directory | ||
|
Jan Wagner
|
r75 | if [ -n "$KERNELSRC_DIR" ] && [ -d "$KERNELSRC_DIR" ] ; then | ||
drtyhlpr
|
r227 | # Copy kernel sources and include hidden files | ||
|
Unknown
|
r352 | cp -r "${KERNELSRC_DIR}/". "${KERNEL_DIR}" | ||
|
Jan Wagner
|
r72 | |||
| # Clean the kernel sources | ||||
|
Jan Wagner
|
r75 | if [ "$KERNELSRC_CLEAN" = true ] && [ "$KERNELSRC_PREBUILT" = false ] ; then | ||
|
drtyhlpr
|
r94 | make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" mrproper | ||
|
Jan Wagner
|
r72 | fi | ||
|
Jan Wagner
|
r75 | else # KERNELSRC_DIR="" | ||
|
drtyhlpr
|
r142 | # Create temporary directory for kernel sources | ||
Petter Reinholdtsen
|
r174 | temp_dir=$(as_nobody mktemp -d) | ||
|
burnbabyburn
|
r508 | |||
|
Unknown
|
r472 | # Fetch current RPi2/3 kernel sources | ||
| if [ -z "${KERNEL_BRANCH}" ] ; then | ||||
| as_nobody -H git -C "${temp_dir}" clone --depth=1 "${KERNEL_URL}" linux | ||||
Bobberty
|
r147 | else | ||
|
Unknown
|
r472 | as_nobody -H git -C "${temp_dir}" clone --depth=1 --branch "${KERNEL_BRANCH}" "${KERNEL_URL}" linux | ||
|
Unknown
|
r471 | fi | ||
|
Unknown
|
r472 | |||
|
drtyhlpr
|
r142 | # Copy downloaded kernel sources | ||
|
Unknown
|
r352 | cp -r "${temp_dir}/linux/"* "${KERNEL_DIR}" | ||
|
drtyhlpr
|
r142 | |||
| # Remove temporary directory for kernel sources | ||||
| rm -fr "${temp_dir}" | ||||
| # Set permissions of the kernel sources | ||||
| chown -R root:root "${R}/usr/src" | ||||
|
Jan Wagner
|
r72 | fi | ||
|
Jan Wagner
|
r67 | |||
| # Calculate optimal number of kernel building threads | ||||
|
Jan Wagner
|
r75 | if [ "$KERNEL_THREADS" = "1" ] && [ -r /proc/cpuinfo ] ; then | ||
| KERNEL_THREADS=$(grep -c processor /proc/cpuinfo) | ||||
|
Jan Wagner
|
r67 | fi | ||
|
Filip Pytloun
|
r56 | |||
|
Jan Wagner
|
r76 | # Configure and build kernel | ||
|
Jan Wagner
|
r75 | if [ "$KERNELSRC_PREBUILT" = false ] ; then | ||
|
Jan Wagner
|
r76 | # Remove device, network and filesystem drivers from kernel configuration | ||
| if [ "$KERNEL_REDUCE" = true ] ; then | ||||
|
drtyhlpr
|
r94 | make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" "${KERNEL_DEFCONFIG}" | ||
|
Jan Wagner
|
r76 | sed -i\ | ||
| -e "s/\(^CONFIG_SND.*\=\).*/\1n/"\ | ||||
| -e "s/\(^CONFIG_SOUND.*\=\).*/\1n/"\ | ||||
| -e "s/\(^CONFIG_AC97.*\=\).*/\1n/"\ | ||||
| -e "s/\(^CONFIG_VIDEO_.*\=\).*/\1n/"\ | ||||
| -e "s/\(^CONFIG_MEDIA_TUNER.*\=\).*/\1n/"\ | ||||
| -e "s/\(^CONFIG_DVB.*\=\)[ym]/\1n/"\ | ||||
| -e "s/\(^CONFIG_REISERFS.*\=\).*/\1n/"\ | ||||
| -e "s/\(^CONFIG_JFS.*\=\).*/\1n/"\ | ||||
| -e "s/\(^CONFIG_XFS.*\=\).*/\1n/"\ | ||||
| -e "s/\(^CONFIG_GFS2.*\=\).*/\1n/"\ | ||||
| -e "s/\(^CONFIG_OCFS2.*\=\).*/\1n/"\ | ||||
| -e "s/\(^CONFIG_BTRFS.*\=\).*/\1n/"\ | ||||
| -e "s/\(^CONFIG_HFS.*\=\).*/\1n/"\ | ||||
| -e "s/\(^CONFIG_JFFS2.*\=\)[ym]/\1n/"\ | ||||
| -e "s/\(^CONFIG_UBIFS.*\=\).*/\1n/"\ | ||||
| -e "s/\(^CONFIG_SQUASHFS.*\=\)[ym]/\1n/"\ | ||||
| -e "s/\(^CONFIG_W1.*\=\)[ym]/\1n/"\ | ||||
| -e "s/\(^CONFIG_HAMRADIO.*\=\).*/\1n/"\ | ||||
| -e "s/\(^CONFIG_CAN.*\=\).*/\1n/"\ | ||||
| -e "s/\(^CONFIG_IRDA.*\=\).*/\1n/"\ | ||||
| -e "s/\(^CONFIG_BT_.*\=\).*/\1n/"\ | ||||
| -e "s/\(^CONFIG_WIMAX.*\=\)[ym]/\1n/"\ | ||||
| -e "s/\(^CONFIG_6LOWPAN.*\=\).*/\1n/"\ | ||||
| -e "s/\(^CONFIG_IEEE802154.*\=\).*/\1n/"\ | ||||
| -e "s/\(^CONFIG_NFC.*\=\).*/\1n/"\ | ||||
| -e "s/\(^CONFIG_FB_TFT=.*\=\).*/\1n/"\ | ||||
| -e "s/\(^CONFIG_TOUCHSCREEN.*\=\).*/\1n/"\ | ||||
| -e "s/\(^CONFIG_USB_GSPCA_.*\=\).*/\1n/"\ | ||||
| -e "s/\(^CONFIG_DRM.*\=\).*/\1n/"\ | ||||
|
Unknown
|
r408 | "${KERNEL_DIR}/.config" | ||
|
Jan Wagner
|
r76 | fi | ||
|
Unknown
|
r389 | |||
|
Unknown
|
r358 | if [ "$KERNELSRC_CONFIG" = true ] ; then | ||
| # Load default raspberry kernel configuration | ||||
| make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" "${KERNEL_DEFCONFIG}" | ||||
|
Unknown
|
r524 | |||
|
Unknown
|
r453 | #Switch to KERNELSRC_DIR so we can use set_kernel_config | ||
|
Unknown
|
r457 | cd "${KERNEL_DIR}" || exit | ||
|
Unknown
|
r390 | |||
|
Unknown
|
r443 | # enable ZSWAP see https://askubuntu.com/a/472227 or https://wiki.archlinux.org/index.php/zswap | ||
|
Unknown
|
r459 | if [ "$KERNEL_ZSWAP" = true ] ; then | ||
|
Unknown
|
r456 | set_kernel_config CONFIG_ZPOOL y | ||
| set_kernel_config CONFIG_ZSWAP y | ||||
| set_kernel_config CONFIG_ZBUD y | ||||
| set_kernel_config CONFIG_Z3FOLD y | ||||
| set_kernel_config CONFIG_ZSMALLOC y | ||||
| set_kernel_config CONFIG_PGTABLE_MAPPING y | ||||
|
Unknown
|
r526 | set_kernel_config CONFIG_LZO_COMPRESS y | ||
|
Unknown
|
r358 | fi | ||
|
burnbabyburn
|
r508 | |||
|
Unknown
|
r443 | # enable basic KVM support; see https://www.raspberrypi.org/forums/viewtopic.php?f=63&t=210546&start=25#p1300453 | ||
|
Unknown
|
r456 | if [ "$KERNEL_VIRT" = true ] && { [ "$RPI_MODEL" = 2 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; } ; then | ||
|
Unknown
|
r525 | set_kernel_config CONFIG_HAVE_KVM_IRQCHIP y | ||
| set_kernel_config CONFIG_HAVE_KVM_ARCH_TLB_FLUSH_ALL y | ||||
| set_kernel_config CONFIG_HAVE_KVM_CPU_RELAX_INTERCEPT y | ||||
| set_kernel_config CONFIG_HAVE_KVM_EVENTFD y | ||||
| set_kernel_config CONFIG_HAVE_KVM_IRQFD y | ||||
| set_kernel_config CONFIG_HAVE_KVM_IRQ_ROUTING y | ||||
| set_kernel_config CONFIG_HAVE_KVM_MSI y | ||||
|
Unknown
|
r456 | set_kernel_config CONFIG_KVM y | ||
|
Unknown
|
r525 | set_kernel_config CONFIG_KVM_ARM_HOST y | ||
| set_kernel_config CONFIG_KVM_ARM_PMU y | ||||
| set_kernel_config CONFIG_KVM_COMPAT y | ||||
| set_kernel_config CONFIG_KVM_GENERIC_DIRTYLOG_READ_PROTECT y | ||||
| set_kernel_config CONFIG_KVM_MMIO y | ||||
| set_kernel_config CONFIG_KVM_VFIO y | ||||
| set_kernel_config CONFIG_VHOST m | ||||
|
Unknown
|
r456 | set_kernel_config CONFIG_VHOST_CROSS_ENDIAN_LEGACY y | ||
|
Unknown
|
r525 | set_kernel_config CONFIG_VHOST_NET m | ||
| set_kernel_config CONFIG_VIRTUALIZATION y | ||||
|
Unknown
|
r526 | |||
| set_kernel_config CONFIG_MMU_NOTIFIER y | ||||
| # erratum | ||||
| set_kernel_config ARM64_ERRATUM_834220 y | ||||
| # https://sourceforge.net/p/kvm/mailman/message/18440797/ | ||||
| set_kernel_config CONFIG_PREEMPT_NOTIFIERS y | ||||
|
Unknown
|
r358 | fi | ||
|
burnbabyburn
|
r508 | |||
|
Unknown
|
r497 | # enable apparmor,integrity audit, | ||
| if [ "$KERNEL_SECURITY" = true ] ; then | ||||
| # security filesystem, security models and audit | ||||
|
Unknown
|
r509 | set_kernel_config CONFIG_SECURITYFS y | ||
|
burnbabyburn
|
r508 | set_kernel_config CONFIG_SECURITY y | ||
|
Unknown
|
r497 | set_kernel_config CONFIG_AUDIT y | ||
|
Unknown
|
r509 | # harden strcpy and memcpy | ||
|
Unknown
|
r497 | set_kernel_config CONFIG_HARDENED_USERCOPY=y | ||
| set_kernel_config CONFIG_HAVE_HARDENED_USERCOPY_ALLOCATOR=y | ||||
|
Unknown
|
r509 | set_kernel_config CONFIG_FORTIFY_SOURCE=y | ||
|
burnbabyburn
|
r508 | |||
|
Unknown
|
r509 | # integrity sub-system | ||
|
Unknown
|
r497 | set_kernel_config CONFIG_INTEGRITY=y | ||
| set_kernel_config CONFIG_INTEGRITY_ASYMMETRIC_KEYS=y | ||||
| set_kernel_config CONFIG_INTEGRITY_AUDIT=y | ||||
| set_kernel_config CONFIG_INTEGRITY_SIGNATURE=y | ||||
| set_kernel_config CONFIG_INTEGRITY_TRUSTED_KEYRING=y | ||||
|
burnbabyburn
|
r508 | |||
|
Unknown
|
r509 | # This option provides support for retaining authentication tokens and access keys in the kernel. | ||
|
Unknown
|
r497 | set_kernel_config CONFIG_KEYS=y | ||
| set_kernel_config CONFIG_KEYS_COMPAT=y | ||||
|
burnbabyburn
|
r508 | |||
|
Unknown
|
r509 | # Apparmor | ||
|
Unknown
|
r499 | set_kernel_config CONFIG_SECURITY_APPARMOR_BOOTPARAM_VALUE 0 | ||
|
Unknown
|
r497 | set_kernel_config CONFIG_SECURITY_APPARMOR_HASH_DEFAULT y | ||
|
Unknown
|
r509 | set_kernel_config CONFIG_DEFAULT_SECURITY_APPARMOR y | ||
| set_kernel_config CONFIG_SECURITY_APPARMOR y | ||||
| set_kernel_config CONFIG_SECURITY_APPARMOR_HASH y | ||||
| set_kernel_config CONFIG_DEFAULT_SECURITY "apparmor" | ||||
|
burnbabyburn
|
r508 | |||
|
Unknown
|
r509 | # restrictions on unprivileged users reading the kernel | ||
|
Unknown
|
r497 | set_kernel_config CONFIG_SECURITY_DMESG_RESTRICT=y | ||
|
burnbabyburn
|
r508 | |||
|
Unknown
|
r509 | # network security hooks | ||
|
Unknown
|
r497 | set_kernel_config CONFIG_SECURITY_NETWORK y | ||
| set_kernel_config CONFIG_SECURITY_NETWORK_XFRM=y | ||||
| set_kernel_config CONFIG_SECURITY_PATH=y | ||||
| set_kernel_config CONFIG_SECURITY_YAMA=y | ||||
|
burnbabyburn
|
r508 | |||
|
Unknown
|
r509 | # New Options | ||
| if [ "$KERNEL_NF" = true ] ; then | ||||
| set_kernel_config CONFIG_IP_NF_SECURITY m | ||||
|
Unknown
|
r510 | set_kernel_config CONFIG_NETLABEL y | ||
|
Unknown
|
r509 | set_kernel_config CONFIG_IP6_NF_SECURITY m | ||
| fi | ||||
| set_kernel_config CONFIG_SECURITY_SELINUX n | ||||
| set_kernel_config CONFIG_SECURITY_SMACK n | ||||
| set_kernel_config CONFIG_SECURITY_TOMOYO n | ||||
| set_kernel_config CONFIG_SECURITY_APPARMOR_DEBUG n | ||||
| set_kernel_config CONFIG_SECURITY_LOADPIN n | ||||
| set_kernel_config CONFIG_HARDENED_USERCOPY_PAGESPAN n | ||||
| set_kernel_config CONFIG_IMA n | ||||
| set_kernel_config CONFIG_EVM n | ||||
| set_kernel_config CONFIG_FANOTIFY_ACCESS_PERMISSIONS y | ||||
| set_kernel_config CONFIG_NFSD_V4_SECURITY_LABEL y | ||||
| set_kernel_config CONFIG_PKCS7_MESSAGE_PARSER y | ||||
| set_kernel_config CONFIG_SYSTEM_TRUSTED_KEYRING y | ||||
| set_kernel_config CONFIG_SYSTEM_TRUSTED_KEYS y | ||||
| set_kernel_config CONFIG_SYSTEM_EXTRA_CERTIFICATE y | ||||
| set_kernel_config CONFIG_SECONDARY_TRUSTED_KEYRING y | ||||
| set_kernel_config CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY n | ||||
|
Unknown
|
r510 | set_kernel_config CONFIG_SYSTEM_TRUSTED_KEYS m | ||
| set_kernel_config CONFIG_SYSTEM_EXTRA_CERTIFICATE_SIZE 4096 | ||||
|
burnbabyburn
|
r508 | |||
|
Unknown
|
r509 | set_kernel_config CONFIG_ARM64_CRYPTO y | ||
| set_kernel_config CONFIG_CRYPTO_SHA256_ARM64 m | ||||
|
Unknown
|
r505 | set_kernel_config CONFIG_CRYPTO_SHA512_ARM64 m | ||
|
Unknown
|
r509 | set_kernel_config CONFIG_CRYPTO_SHA1_ARM64_CE m | ||
| set_kernel_config CRYPTO_GHASH_ARM64_CE m | ||||
| set_kernel_config CRYPTO_SHA2_ARM64_CE m | ||||
| set_kernel_config CONFIG_CRYPTO_CRCT10DIF_ARM64_CE m | ||||
| set_kernel_config CONFIG_CRYPTO_CRC32_ARM64_CE m | ||||
| set_kernel_config CONFIG_CRYPTO_AES_ARM64 m | ||||
| set_kernel_config CONFIG_CRYPTO_AES_ARM64_CE m | ||||
| set_kernel_config CONFIG_CRYPTO_AES_ARM64_CE_CCM y | ||||
| set_kernel_config CONFIG_CRYPTO_AES_ARM64_CE_BLK y | ||||
| set_kernel_config CONFIG_CRYPTO_AES_ARM64_NEON_BLK m | ||||
| set_kernel_config CONFIG_CRYPTO_CHACHA20_NEON m | ||||
| set_kernel_config CONFIG_CRYPTO_AES_ARM64_BS m | ||||
|
Unknown
|
r526 | echo SYSTEM_TRUSTED_KEYS >> .config | ||
|
burnbabyburn
|
r508 | fi | ||
|
Unknown
|
r443 | # Netfilter kernel support See https://github.com/raspberrypi/linux/issues/2177#issuecomment-354647406 | ||
|
burnbabyburn
|
r508 | if [ "$KERNEL_NF" = true ] ; then | ||
| set_kernel_config CONFIG_IP_NF_TARGET_SYNPROXY m | ||||
| set_kernel_config CONFIG_NETFILTER_XT_TARGET_AUDIT m | ||||
| set_kernel_config CONFIG_NETFILTER_XT_MATCH_CGROUP m | ||||
| set_kernel_config CONFIG_NETFILTER_XT_MATCH_IPCOMP m | ||||
| set_kernel_config CONFIG_NETFILTER_XT_MATCH_SOCKET m | ||||
| set_kernel_config CONFIG_NFT_FIB_INET m | ||||
| set_kernel_config CONFIG_NFT_FIB_IPV4 m | ||||
| set_kernel_config CONFIG_NFT_FIB_IPV6 m | ||||
| set_kernel_config CONFIG_NFT_FIB_NETDEV m | ||||
| set_kernel_config CONFIG_NFT_OBJREF m | ||||
| set_kernel_config CONFIG_NFT_RT m | ||||
| set_kernel_config CONFIG_NFT_SET_BITMAP m | ||||
| set_kernel_config CONFIG_NF_CONNTRACK_TIMEOUT y | ||||
| set_kernel_config CONFIG_NF_LOG_ARP m | ||||
| set_kernel_config CONFIG_NF_SOCKET_IPV4 m | ||||
| set_kernel_config CONFIG_NF_SOCKET_IPV6 m | ||||
|
Unknown
|
r362 | set_kernel_config CONFIG_BRIDGE_EBT_BROUTE m | ||
|
burnbabyburn
|
r380 | set_kernel_config CONFIG_BRIDGE_EBT_T_FILTER m | ||
|
Unknown
|
r362 | set_kernel_config CONFIG_BRIDGE_NF_EBTABLES m | ||
| set_kernel_config CONFIG_IP6_NF_IPTABLES m | ||||
| set_kernel_config CONFIG_IP6_NF_MATCH_AH m | ||||
| set_kernel_config CONFIG_IP6_NF_MATCH_EUI64 m | ||||
| set_kernel_config CONFIG_IP6_NF_NAT m | ||||
| set_kernel_config CONFIG_IP6_NF_TARGET_MASQUERADE m | ||||
| set_kernel_config CONFIG_IP6_NF_TARGET_NPT m | ||||
|
burnbabyburn
|
r508 | set_kernel_config CONFIG_IP_NF_SECURITY m | ||
|
Unknown
|
r358 | set_kernel_config CONFIG_IP_SET_BITMAP_IPMAC m | ||
| set_kernel_config CONFIG_IP_SET_BITMAP_PORT m | ||||
| set_kernel_config CONFIG_IP_SET_HASH_IP m | ||||
| set_kernel_config CONFIG_IP_SET_HASH_IPMARK m | ||||
| set_kernel_config CONFIG_IP_SET_HASH_IPPORT m | ||||
| set_kernel_config CONFIG_IP_SET_HASH_IPPORTIP m | ||||
| set_kernel_config CONFIG_IP_SET_HASH_IPPORTNET m | ||||
| set_kernel_config CONFIG_IP_SET_HASH_MAC m | ||||
| set_kernel_config CONFIG_IP_SET_HASH_NET m | ||||
|
Unknown
|
r362 | set_kernel_config CONFIG_IP_SET_HASH_NETIFACE m | ||
|
Unknown
|
r358 | set_kernel_config CONFIG_IP_SET_HASH_NETNET m | ||
| set_kernel_config CONFIG_IP_SET_HASH_NETPORT m | ||||
|
Unknown
|
r362 | set_kernel_config CONFIG_IP_SET_HASH_NETPORTNET m | ||
|
Unknown
|
r358 | set_kernel_config CONFIG_IP_SET_LIST_SET m | ||
|
Unknown
|
r456 | set_kernel_config CONFIG_NETFILTER_XTABLES m | ||
| set_kernel_config CONFIG_NETFILTER_XTABLES m | ||||
|
Unknown
|
r362 | set_kernel_config CONFIG_NFT_BRIDGE_META m | ||
| set_kernel_config CONFIG_NFT_BRIDGE_REJECT m | ||||
| set_kernel_config CONFIG_NFT_CHAIN_NAT_IPV4 m | ||||
| set_kernel_config CONFIG_NFT_CHAIN_NAT_IPV6 m | ||||
| set_kernel_config CONFIG_NFT_CHAIN_ROUTE_IPV4 m | ||||
| set_kernel_config CONFIG_NFT_CHAIN_ROUTE_IPV6 m | ||||
| set_kernel_config CONFIG_NFT_COMPAT m | ||||
| set_kernel_config CONFIG_NFT_COUNTER m | ||||
| set_kernel_config CONFIG_NFT_CT m | ||||
| set_kernel_config CONFIG_NFT_DUP_IPV4 m | ||||
| set_kernel_config CONFIG_NFT_DUP_IPV6 m | ||||
| set_kernel_config CONFIG_NFT_DUP_NETDEV m | ||||
| set_kernel_config CONFIG_NFT_EXTHDR m | ||||
| set_kernel_config CONFIG_NFT_FWD_NETDEV m | ||||
| set_kernel_config CONFIG_NFT_HASH m | ||||
| set_kernel_config CONFIG_NFT_LIMIT m | ||||
| set_kernel_config CONFIG_NFT_LOG m | ||||
| set_kernel_config CONFIG_NFT_MASQ m | ||||
| set_kernel_config CONFIG_NFT_MASQ_IPV4 m | ||||
| set_kernel_config CONFIG_NFT_MASQ_IPV6 m | ||||
| set_kernel_config CONFIG_NFT_META m | ||||
| set_kernel_config CONFIG_NFT_NAT m | ||||
| set_kernel_config CONFIG_NFT_NUMGEN m | ||||
| set_kernel_config CONFIG_NFT_QUEUE m | ||||
| set_kernel_config CONFIG_NFT_QUOTA m | ||||
| set_kernel_config CONFIG_NFT_REDIR m | ||||
| set_kernel_config CONFIG_NFT_REDIR_IPV4 m | ||||
| set_kernel_config CONFIG_NFT_REDIR_IPV6 m | ||||
| set_kernel_config CONFIG_NFT_REJECT m | ||||
| set_kernel_config CONFIG_NFT_REJECT_INET m | ||||
| set_kernel_config CONFIG_NFT_REJECT_IPV4 m | ||||
| set_kernel_config CONFIG_NFT_REJECT_IPV6 m | ||||
| set_kernel_config CONFIG_NFT_SET_HASH m | ||||
| set_kernel_config CONFIG_NFT_SET_RBTREE m | ||||
| set_kernel_config CONFIG_NF_CONNTRACK_IPV4 m | ||||
| set_kernel_config CONFIG_NF_CONNTRACK_IPV6 m | ||||
| set_kernel_config CONFIG_NF_DEFRAG_IPV4 m | ||||
| set_kernel_config CONFIG_NF_DEFRAG_IPV6 m | ||||
| set_kernel_config CONFIG_NF_DUP_IPV4 m | ||||
| set_kernel_config CONFIG_NF_DUP_IPV6 m | ||||
|
Unknown
|
r456 | set_kernel_config CONFIG_NF_DUP_NETDEV m | ||
|
Unknown
|
r358 | set_kernel_config CONFIG_NF_LOG_BRIDGE m | ||
|
Unknown
|
r362 | set_kernel_config CONFIG_NF_LOG_IPV4 m | ||
| set_kernel_config CONFIG_NF_LOG_IPV6 m | ||||
| set_kernel_config CONFIG_NF_NAT_IPV4 m | ||||
| set_kernel_config CONFIG_NF_NAT_IPV6 m | ||||
| set_kernel_config CONFIG_NF_NAT_MASQUERADE_IPV4 m | ||||
| set_kernel_config CONFIG_NF_NAT_MASQUERADE_IPV6 m | ||||
| set_kernel_config CONFIG_NF_NAT_PPTP m | ||||
| set_kernel_config CONFIG_NF_NAT_PROTO_GRE m | ||||
| set_kernel_config CONFIG_NF_NAT_REDIRECT m | ||||
|
Unknown
|
r456 | set_kernel_config CONFIG_NF_NAT_SIP m | ||
|
Unknown
|
r362 | set_kernel_config CONFIG_NF_NAT_SNMP_BASIC m | ||
| set_kernel_config CONFIG_NF_NAT_TFTP m | ||||
| set_kernel_config CONFIG_NF_REJECT_IPV4 m | ||||
| set_kernel_config CONFIG_NF_REJECT_IPV6 m | ||||
|
Unknown
|
r456 | set_kernel_config CONFIG_NF_TABLES m | ||
| set_kernel_config CONFIG_NF_TABLES_ARP m | ||||
| set_kernel_config CONFIG_NF_TABLES_BRIDGE m | ||||
|
Unknown
|
r362 | set_kernel_config CONFIG_NF_TABLES_INET m | ||
| set_kernel_config CONFIG_NF_TABLES_IPV4 m | ||||
| set_kernel_config CONFIG_NF_TABLES_IPV6 m | ||||
| set_kernel_config CONFIG_NF_TABLES_NETDEV m | ||||
|
Unknown
|
r358 | fi | ||
|
burnbabyburn
|
r380 | |||
|
Unknown
|
r443 | # Enables BPF syscall for systemd-journald see https://github.com/torvalds/linux/blob/master/init/Kconfig#L848 or https://groups.google.com/forum/#!topic/linux.gentoo.user/_2aSc_ztGpA | ||
|
Unknown
|
r459 | if [ "$KERNEL_BPF" = true ] ; then | ||
|
Unknown
|
r404 | set_kernel_config CONFIG_BPF_SYSCALL y | ||
|
Unknown
|
r453 | set_kernel_config CONFIG_BPF_EVENTS y | ||
|
Unknown
|
r456 | set_kernel_config CONFIG_BPF_STREAM_PARSER y | ||
|
Unknown
|
r358 | set_kernel_config CONFIG_CGROUP_BPF y | ||
| fi | ||||
|
burnbabyburn
|
r508 | |||
|
Unknown
|
r455 | # KERNEL_DEFAULT_GOV was set by user | ||
|
Unknown
|
r509 | if [ "$KERNEL_DEFAULT_GOV" != powersave ] && [ -n "$KERNEL_DEFAULT_GOV" ] ; then | ||
|
burnbabyburn
|
r508 | |||
|
Unknown
|
r455 | case "$KERNEL_DEFAULT_GOV" in | ||
|
Unknown
|
r494 | performance) | ||
|
Unknown
|
r455 | set_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_PERFORMANCE y | ||
| ;; | ||||
|
Unknown
|
r494 | userspace) | ||
|
Unknown
|
r455 | set_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_USERSPACE y | ||
| ;; | ||||
|
Unknown
|
r494 | ondemand) | ||
|
Unknown
|
r455 | set_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_ONDEMAND y | ||
| ;; | ||||
|
Unknown
|
r494 | conservative) | ||
|
Unknown
|
r455 | set_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_CONSERVATIVE y | ||
| ;; | ||||
|
Unknown
|
r494 | shedutil) | ||
|
Unknown
|
r455 | set_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_SCHEDUTIL y | ||
| ;; | ||||
| *) | ||||
| echo "error: unsupported default cpu governor" | ||||
| exit 1 | ||||
| ;; | ||||
| esac | ||||
|
burnbabyburn
|
r508 | |||
| # unset previous default governor | ||||
|
Unknown
|
r494 | unset_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_POWERSAVE | ||
|
Unknown
|
r455 | fi | ||
|
Unknown
|
r358 | #Revert to previous directory | ||
|
Unknown
|
r457 | cd "${WORKDIR}" || exit | ||
|
Jan Wagner
|
r72 | |||
|
drtyhlpr
|
r259 | # Set kernel configuration parameters to enable qemu emulation | ||
| if [ "$ENABLE_QEMU" = true ] ; then | ||||
|
burnbabyburn
|
r310 | echo "CONFIG_FHANDLE=y" >> "${KERNEL_DIR}"/.config | ||
| echo "CONFIG_LBDAF=y" >> "${KERNEL_DIR}"/.config | ||||
|
drtyhlpr
|
r263 | |||
| if [ "$ENABLE_CRYPTFS" = true ] ; then | ||||
|
burnbabyburn
|
r312 | { | ||
| echo "CONFIG_EMBEDDED=y" | ||||
| echo "CONFIG_EXPERT=y" | ||||
| echo "CONFIG_DAX=y" | ||||
| echo "CONFIG_MD=y" | ||||
| echo "CONFIG_BLK_DEV_MD=y" | ||||
| echo "CONFIG_MD_AUTODETECT=y" | ||||
| echo "CONFIG_BLK_DEV_DM=y" | ||||
| echo "CONFIG_BLK_DEV_DM_BUILTIN=y" | ||||
| echo "CONFIG_DM_CRYPT=y" | ||||
| echo "CONFIG_CRYPTO_BLKCIPHER=y" | ||||
| echo "CONFIG_CRYPTO_CBC=y" | ||||
| echo "CONFIG_CRYPTO_XTS=y" | ||||
| echo "CONFIG_CRYPTO_SHA512=y" | ||||
|
burnbabyburn
|
r327 | echo "CONFIG_CRYPTO_MANAGER=y" | ||
|
Unknown
|
r421 | } >> "${KERNEL_DIR}"/.config | ||
|
burnbabyburn
|
r310 | fi | ||
|
drtyhlpr
|
r259 | fi | ||
|
drtyhlpr
|
r248 | # Copy custom kernel configuration file | ||
|
burnbabyburn
|
r310 | if [ -n "$KERNELSRC_USRCONFIG" ] ; then | ||
| cp "$KERNELSRC_USRCONFIG" "${KERNEL_DIR}"/.config | ||||
root
|
r101 | fi | ||
|
drtyhlpr
|
r248 | # Set kernel configuration parameters to their default values | ||
| if [ "$KERNEL_OLDDEFCONFIG" = true ] ; then | ||||
| make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" olddefconfig | ||||
| fi | ||||
|
Jan Wagner
|
r75 | # Start menu-driven kernel configuration (interactive) | ||
| if [ "$KERNEL_MENUCONFIG" = true ] ; then | ||||
|
drtyhlpr
|
r94 | make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" menuconfig | ||
|
Jan Wagner
|
r75 | fi | ||
|
Unknown
|
r455 | # end if "$KERNELSRC_CONFIG" = true | ||
|
Jan Wagner
|
r72 | fi | ||
|
Jan Wagner
|
r71 | |||
|
drtyhlpr
|
r248 | # Use ccache to cross compile the kernel | ||
| if [ "$KERNEL_CCACHE" = true ] ; then | ||||
| cc="ccache ${CROSS_COMPILE}gcc" | ||||
| else | ||||
| cc="${CROSS_COMPILE}gcc" | ||||
| fi | ||||
| # Cross compile kernel and dtbs | ||||
|
burnbabyburn
|
r310 | make -C "${KERNEL_DIR}" -j"${KERNEL_THREADS}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" CC="${cc}" "${KERNEL_BIN_IMAGE}" dtbs | ||
|
drtyhlpr
|
r248 | |||
| # Cross compile kernel modules | ||||
|
Unknown
|
r382 | if grep -q "CONFIG_MODULES=y" "${KERNEL_DIR}/.config" ; then | ||
|
burnbabyburn
|
r310 | make -C "${KERNEL_DIR}" -j"${KERNEL_THREADS}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" CC="${cc}" modules | ||
|
drtyhlpr
|
r248 | fi | ||
|
Unknown
|
r455 | # end if "$KERNELSRC_PREBUILT" = false | ||
|
Jan Wagner
|
r75 | fi | ||
|
Filip Pytloun
|
r56 | |||
|
Jan Wagner
|
r72 | # Check if kernel compilation was successful | ||
|
Bobberty
|
r147 | if [ ! -r "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/${KERNEL_BIN_IMAGE}" ] ; then | ||
| echo "error: kernel compilation failed! (kernel image not found)" | ||||
|
Jan Wagner
|
r72 | cleanup | ||
| exit 1 | ||||
| fi | ||||
|
Filip Pytloun
|
r56 | # Install kernel modules | ||
|
Jan Wagner
|
r73 | if [ "$ENABLE_REDUCE" = true ] ; then | ||
|
Unknown
|
r382 | if grep -q "CONFIG_MODULES=y" "${KERNEL_DIR}/.config" ; then | ||
|
drtyhlpr
|
r248 | make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_MOD_STRIP=1 INSTALL_MOD_PATH=../../.. modules_install | ||
| fi | ||||
|
Jan Wagner
|
r73 | else | ||
|
Unknown
|
r382 | if grep -q "CONFIG_MODULES=y" "${KERNEL_DIR}/.config" ; then | ||
|
drtyhlpr
|
r248 | make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_MOD_PATH=../../.. modules_install | ||
| fi | ||||
|
Jan Wagner
|
r75 | |||
| # Install kernel firmware | ||||
|
Unknown
|
r382 | if grep -q "^firmware_install:" "${KERNEL_DIR}/Makefile" ; then | ||
|
drtyhlpr
|
r244 | make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_FW_PATH=../../../lib firmware_install | ||
| fi | ||||
|
Jan Wagner
|
r73 | fi | ||
|
Filip Pytloun
|
r60 | |||
| # Install kernel headers | ||||
|
Jan Wagner
|
r76 | if [ "$KERNEL_HEADERS" = true ] && [ "$KERNEL_REDUCE" = false ] ; then | ||
|
drtyhlpr
|
r94 | make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_HDR_PATH=../.. headers_install | ||
|
Filip Pytloun
|
r60 | fi | ||
|
Filip Pytloun
|
r56 | |||
|
Jan Wagner
|
r75 | # Prepare boot (firmware) directory | ||
|
drtyhlpr
|
r94 | mkdir "${BOOT_DIR}" | ||
|
Jan Wagner
|
r75 | |||
| # Get kernel release version | ||||
|
burnbabyburn
|
r310 | KERNEL_VERSION=$(cat "${KERNEL_DIR}/include/config/kernel.release") | ||
|
Jan Wagner
|
r75 | |||
| # Copy kernel configuration file to the boot directory | ||||
|
drtyhlpr
|
r94 | install_readonly "${KERNEL_DIR}/.config" "${R}/boot/config-${KERNEL_VERSION}" | ||
|
Jan Wagner
|
r75 | |||
|
drtyhlpr
|
r248 | # Prepare device tree directory | ||
|
drtyhlpr
|
r94 | mkdir "${BOOT_DIR}/overlays" | ||
|
burnbabyburn
|
r327 | |||
|
Bobberty
|
r147 | # Ensure the proper .dtb is located | ||
| if [ "$KERNEL_ARCH" = "arm" ] ; then | ||||
|
drtyhlpr
|
r248 | for dtb in "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/"*.dtb ; do | ||
| if [ -f "${dtb}" ] ; then | ||||
| install_readonly "${dtb}" "${BOOT_DIR}/" | ||||
| fi | ||||
| done | ||||
|
Bobberty
|
r147 | else | ||
|
drtyhlpr
|
r248 | for dtb in "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/broadcom/"*.dtb ; do | ||
| if [ -f "${dtb}" ] ; then | ||||
| install_readonly "${dtb}" "${BOOT_DIR}/" | ||||
| fi | ||||
| done | ||||
|
Bobberty
|
r147 | fi | ||
|
drtyhlpr
|
r248 | # Copy compiled dtb device tree files | ||
| if [ -d "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays" ] ; then | ||||
| for dtb in "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays/"*.dtb ; do | ||||
| if [ -f "${dtb}" ] ; then | ||||
| install_readonly "${dtb}" "${BOOT_DIR}/overlays/" | ||||
| fi | ||||
| done | ||||
| if [ -f "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays/README" ] ; then | ||||
| install_readonly "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays/README" "${BOOT_DIR}/overlays/README" | ||||
| fi | ||||
| fi | ||||
|
Jan Wagner
|
r82 | |||
| if [ "$ENABLE_UBOOT" = false ] ; then | ||||
|
Bobberty
|
r147 | # Convert and copy kernel image to the boot directory | ||
| "${KERNEL_DIR}/scripts/mkknlimg" "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/${KERNEL_BIN_IMAGE}" "${BOOT_DIR}/${KERNEL_IMAGE}" | ||||
|
Jan Wagner
|
r82 | else | ||
|
Bobberty
|
r147 | # Copy kernel image to the boot directory | ||
| install_readonly "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/${KERNEL_BIN_IMAGE}" "${BOOT_DIR}/${KERNEL_IMAGE}" | ||||
|
Jan Wagner
|
r82 | fi | ||
|
Jan Wagner
|
r67 | |||
| # Remove kernel sources | ||||
|
Jan Wagner
|
r75 | if [ "$KERNEL_REMOVESRC" = true ] ; then | ||
|
drtyhlpr
|
r94 | rm -fr "${KERNEL_DIR}" | ||
Michal Svamberg
|
r104 | else | ||
|
drtyhlpr
|
r248 | # Prepare compiled kernel modules | ||
|
Unknown
|
r382 | if grep -q "CONFIG_MODULES=y" "${KERNEL_DIR}/.config" ; then | ||
| if grep -q "^modules_prepare:" "${KERNEL_DIR}/Makefile" ; then | ||||
|
drtyhlpr
|
r248 | make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" modules_prepare | ||
| fi | ||||
|
drtyhlpr
|
r141 | |||
|
drtyhlpr
|
r248 | # Create symlinks for kernel modules | ||
| chroot_exec ln -sf /usr/src/linux "/lib/modules/${KERNEL_VERSION}/build" | ||||
| chroot_exec ln -sf /usr/src/linux "/lib/modules/${KERNEL_VERSION}/source" | ||||
| fi | ||||
Stephen A. Brandli
|
r83 | fi | ||
|
Unknown
|
r341 | |||
| else # BUILD_KERNEL=false | ||||
|
Unknown
|
r460 | if [ "$SET_ARCH" = 64 ] && { [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; } ; then | ||
|
burnbabyburn
|
r508 | |||
|
Unknown
|
r469 | # Use Sakakis modified kernel if ZSWAP is active | ||
|
Unknown
|
r470 | if [ "$KERNEL_ZSWAP" = true ] || [ "$KERNEL_VIRT" = true ] || [ "$KERNEL_NF" = true ] || [ "$KERNEL_BPF" = true ] ; then | ||
|
Unknown
|
r481 | RPI3_64_KERNEL_URL="${RPI3_64_BIS_KERNEL_URL}" | ||
|
Unknown
|
r460 | fi | ||
|
burnbabyburn
|
r508 | |||
|
Unknown
|
r346 | # Create temporary directory for dl | ||
| temp_dir=$(as_nobody mktemp -d) | ||||
|
Unknown
|
r390 | |||
|
Unknown
|
r382 | # Fetch kernel dl | ||
| as_nobody wget -O "${temp_dir}"/kernel.tar.xz -c "$RPI3_64_KERNEL_URL" | ||||
|
burnbabyburn
|
r508 | |||
|
Unknown
|
r382 | #extract download | ||
|
Unknown
|
r383 | tar -xJf "${temp_dir}"/kernel.tar.xz -C "${temp_dir}" | ||
|
Unknown
|
r390 | |||
| #move extracted kernel to /boot/firmware | ||||
| mkdir "${R}/boot/firmware" | ||||
| cp "${temp_dir}"/boot/* "${R}"/boot/firmware/ | ||||
| cp -r "${temp_dir}"/lib/* "${R}"/lib/ | ||||
|
Unknown
|
r346 | # Remove temporary directory for kernel sources | ||
| rm -fr "${temp_dir}" | ||||
|
burnbabyburn
|
r508 | |||
|
Unknown
|
r346 | # Set permissions of the kernel sources | ||
|
Unknown
|
r381 | chown -R root:root "${R}/boot/firmware" | ||
|
Unknown
|
r383 | chown -R root:root "${R}/lib/modules" | ||
|
Unknown
|
r382 | fi | ||
|
burnbabyburn
|
r508 | |||
|
Unknown
|
r482 | # Install Kernel from hypriot comptabile with all Raspberry PI | ||
|
Unknown
|
r460 | if [ "$SET_ARCH" = 32 ] ; then | ||
|
Unknown
|
r462 | # Create temporary directory for dl | ||
| temp_dir=$(as_nobody mktemp -d) | ||||
|
Unknown
|
r460 | # Fetch kernel | ||
|
Unknown
|
r462 | as_nobody wget -O "${temp_dir}"/kernel.deb -c "$RPI_32_KERNEL_URL" | ||
|
Unknown
|
r469 | |||
|
Unknown
|
r462 | # Copy downloaded U-Boot sources | ||
|
Unknown
|
r463 | mv "${temp_dir}"/kernel.deb "${R}"/tmp/kernel.deb | ||
|
Unknown
|
r462 | |||
| # Set permissions | ||||
|
Unknown
|
r463 | chown -R root:root "${R}"/tmp/kernel.deb | ||
|
burnbabyburn
|
r508 | |||
|
Unknown
|
r462 | # Install kernel | ||
|
Unknown
|
r467 | chroot_exec dpkg -i /tmp/kernel.deb | ||
|
Unknown
|
r460 | |||
|
Unknown
|
r469 | # move /boot to /boot/firmware to fit script env. | ||
| #mkdir "${BOOT_DIR}" | ||||
| mkdir "${temp_dir}"/firmware | ||||
| mv "${R}"/boot/* "${temp_dir}"/firmware/ | ||||
| mv "${temp_dir}"/firmware "${R}"/boot/ | ||||
|
burnbabyburn
|
r508 | |||
|
Unknown
|
r469 | #same for kernel headers | ||
| if [ "$KERNEL_HEADERS" = true ] ; then | ||||
| # Fetch kernel header | ||||
| as_nobody wget -O "${temp_dir}"/kernel-header.deb -c "$RPI_32_KERNELHEADER_URL" | ||||
| mv "${temp_dir}"/kernel-header.deb "${R}"/tmp/kernel-header.deb | ||||
| chown -R root:root "${R}"/tmp/kernel-header.deb | ||||
| # Install kernel header | ||||
| chroot_exec dpkg -i /tmp/kernel-header.deb | ||||
| rm -f "${R}"/tmp/kernel-header.deb | ||||
| fi | ||||
|
burnbabyburn
|
r508 | |||
|
Unknown
|
r463 | # Remove temporary directory and files | ||
|
Unknown
|
r460 | rm -fr "${temp_dir}" | ||
|
Unknown
|
r463 | rm -f "${R}"/tmp/kernel.deb | ||
|
Unknown
|
r460 | fi | ||
|
Unknown
|
r346 | |||
|
burnbabyburn
|
r310 | # Check if kernel installation was successful | ||
|
Unknown
|
r390 | KERNEL="$(ls -1 "${R}"/boot/firmware/kernel* | sort | tail -n 1)" | ||
|
Unknown
|
r346 | if [ -z "$KERNEL" ] ; then | ||
| echo "error: kernel installation failed! (/boot/kernel* not found)" | ||||
|
burnbabyburn
|
r310 | cleanup | ||
| exit 1 | ||||
| fi | ||||
|
Unknown
|
r469 | fi | ||
