diff --git a/.gitignore b/.gitignore
index 239ef3c..a65ad1d 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,5 +1,6 @@
 images
 custom.d
+packages
 *.swp
 *.bak
 *.log
diff --git a/README.md b/README.md
index f02d286..3179047 100644
--- a/README.md
+++ b/README.md
@@ -144,7 +144,10 @@ Install and enable the hardware accelerated Xorg video driver `fbturbo`. Please 
 Enable iptables IPv4/IPv6 firewall. Simplified ruleset: Allow all outgoing connections. Block all incoming connections except to OpenSSH service.
 
 ##### `ENABLE_USER`=true
-Create pi user with password raspberry
+Create non-root user with password raspberry. Unless overridden with `USER_NAME`=user, username will be `pi`.
+
+##### `USER_NAME`=pi
+Non-root user to create.  Ignored if `ENABLE_USER`=false
 
 ##### `ENABLE_ROOT`=true
 Set root user password so root login will be enabled
@@ -196,6 +199,9 @@ Run `make bcm2709_defconfig` (and optional `make menuconfig`) to configure the k
 ##### `KERNELSRC_PREBUILT`=false
 With this parameter set to true the script expects the existing kernel sources directory to be already successfully cross-compiled. The parameters `KERNELSRC_CLEAN`, `KERNELSRC_CONFIG` and `KERNEL_MENUCONFIG` are ignored and no kernel compilation tasks are performed.
 
+##### `FIRMWAREDIR`=""
+The directory containing a local copy of the firmware from the [RaspberryPi firmware project](https://github.com/raspberrypi/firmware). Default is to download the latest firmware directly from the project.
+
 #### Reduce disk usage:
 The following list of parameters is ignored if `ENABLE_REDUCE`=false.
 
@@ -275,6 +281,10 @@ All the required configuration files that will be copied to the generated OS ima
 | `sysctl.d` | Swapping and Network Hardening configuration |
 | `xorg` | fbturbo Xorg driver configuration |
 
+Debian custom packages, i.e. those not in the debian repositories, can be installed by placing them in the `packages` directory. They are installed immediately after packages from the repositories are installed. Any dependencies listed in the custom packages will be downloaded automatically from the repositories. Do not list these custom packages in `APT_INCLUDES`.
+
+Scripts in the custom.d directory will be executed after all other installation is complete but before the image is created.
+
 ## Logging of the bootstrapping process
 All information related to the bootstrapping process and the commands executed by the `rpi2-gen-image.sh` script can easily be saved into a logfile. The common shell command `script` can be used for this purpose:
 
diff --git a/bootstrap.d/11-apt.sh b/bootstrap.d/11-apt.sh
index 1d32051..991e7e1 100644
--- a/bootstrap.d/11-apt.sh
+++ b/bootstrap.d/11-apt.sh
@@ -34,4 +34,13 @@ fi
 # Upgrade package index and update all installed packages and changed dependencies
 chroot_exec apt-get -qq -y update
 chroot_exec apt-get -qq -y -u dist-upgrade
+
+if [ -d packages ] ; then
+  for package in packages/*.deb ; do
+    cp $package ${R}/tmp
+    chroot_exec dpkg --unpack /tmp/$(basename $package)
+  done
+fi
+chroot_exec apt-get -qq -y -f install
+
 chroot_exec apt-get -qq -y check
diff --git a/bootstrap.d/13-kernel.sh b/bootstrap.d/13-kernel.sh
index 2652142..c6b43c6 100644
--- a/bootstrap.d/13-kernel.sh
+++ b/bootstrap.d/13-kernel.sh
@@ -131,14 +131,25 @@ if [ "$BUILD_KERNEL" = true ] ; then
     rm -fr "${KERNELDIR}"
   fi
 
-  # Install latest boot binaries from raspberry/firmware github
-  wget -q -O "${BOOTDIR}/bootcode.bin" https://github.com/raspberrypi/firmware/raw/master/boot/bootcode.bin
-  wget -q -O "${BOOTDIR}/fixup.dat" https://github.com/raspberrypi/firmware/raw/master/boot/fixup.dat
-  wget -q -O "${BOOTDIR}/fixup_cd.dat" https://github.com/raspberrypi/firmware/raw/master/boot/fixup_cd.dat
-  wget -q -O "${BOOTDIR}/fixup_x.dat" https://github.com/raspberrypi/firmware/raw/master/boot/fixup_x.dat
-  wget -q -O "${BOOTDIR}/start.elf" https://github.com/raspberrypi/firmware/raw/master/boot/start.elf
-  wget -q -O "${BOOTDIR}/start_cd.elf" https://github.com/raspberrypi/firmware/raw/master/boot/start_cd.elf
-  wget -q -O "${BOOTDIR}/start_x.elf" https://github.com/raspberrypi/firmware/raw/master/boot/start_x.elf
+  if [ -n "$FIRMWAREDIR" ] && [ -d "$FIRMWAREDIR" ] ; then
+    # Install boot binaries from local directory
+    cp ${FIRMWAREDIR}/boot/bootcode.bin ${BOOTDIR}/bootcode.bin
+    cp ${FIRMWAREDIR}/boot/fixup.dat ${BOOTDIR}/fixup.dat
+    cp ${FIRMWAREDIR}/boot/fixup_cd.dat ${BOOTDIR}/fixup_cd.dat
+    cp ${FIRMWAREDIR}/boot/fixup_x.dat ${BOOTDIR}/fixup_x.dat
+    cp ${FIRMWAREDIR}/boot/start.elf ${BOOTDIR}/start.elf
+    cp ${FIRMWAREDIR}/boot/start_cd.elf ${BOOTDIR}/start_cd.elf
+    cp ${FIRMWAREDIR}/boot/start_x.elf ${BOOTDIR}/start_x.elf
+  else
+    # Install latest boot binaries from raspberry/firmware github
+    wget -q -O "${BOOTDIR}/bootcode.bin" https://github.com/raspberrypi/firmware/raw/master/boot/bootcode.bin
+    wget -q -O "${BOOTDIR}/fixup.dat" https://github.com/raspberrypi/firmware/raw/master/boot/fixup.dat
+    wget -q -O "${BOOTDIR}/fixup_cd.dat" https://github.com/raspberrypi/firmware/raw/master/boot/fixup_cd.dat
+    wget -q -O "${BOOTDIR}/fixup_x.dat" https://github.com/raspberrypi/firmware/raw/master/boot/fixup_x.dat
+    wget -q -O "${BOOTDIR}/start.elf" https://github.com/raspberrypi/firmware/raw/master/boot/start.elf
+    wget -q -O "${BOOTDIR}/start_cd.elf" https://github.com/raspberrypi/firmware/raw/master/boot/start_cd.elf
+    wget -q -O "${BOOTDIR}/start_x.elf" https://github.com/raspberrypi/firmware/raw/master/boot/start_x.elf
+  fi
 
 else # BUILD_KERNEL=false
   # Kernel installation
diff --git a/bootstrap.d/20-networking.sh b/bootstrap.d/20-networking.sh
index 16e06f2..b64b8ca 100644
--- a/bootstrap.d/20-networking.sh
+++ b/bootstrap.d/20-networking.sh
@@ -70,3 +70,8 @@ if [ "$ENABLE_HARDNET" = true ] ; then
   # Setup resolver warnings about spoofed addresses
   sed -i "s/^# spoof warn/spoof warn/" "${ETCDIR}/host.conf"
 fi
+
+# Enable time sync
+if [ "NET_NTP_1" != "" ] ; then
+  chroot_exec systemctl enable systemd-timesyncd.service
+fi
diff --git a/bootstrap.d/30-security.sh b/bootstrap.d/30-security.sh
index a5b558b..a2435b9 100644
--- a/bootstrap.d/30-security.sh
+++ b/bootstrap.d/30-security.sh
@@ -10,8 +10,9 @@ ENCRYPTED_PASSWORD=`mkpasswd -m sha-512 "${PASSWORD}"`
 
 # Setup default user
 if [ "$ENABLE_USER" = true ] ; then
-  chroot_exec adduser --gecos pi --add_extra_groups --disabled-password pi
-  chroot_exec usermod -a -G sudo -p "${ENCRYPTED_PASSWORD}" pi
+  chroot_exec adduser --gecos $USER_NAME --add_extra_groups \
+	--disabled-password $USER_NAME 
+  chroot_exec usermod -a -G sudo -p "${ENCRYPTED_PASSWORD}" $USER_NAME
 fi
 
 # Setup root password or not
diff --git a/rpi2-gen-image.sh b/rpi2-gen-image.sh
index a04c8e3..fad70cf 100755
--- a/rpi2-gen-image.sh
+++ b/rpi2-gen-image.sh
@@ -57,6 +57,9 @@ ETCDIR="${R}/etc"
 BOOTDIR="${R}/boot/firmware"
 KERNELDIR="${R}/usr/src/linux"
 
+# Firmware directory: Blank if download from github
+FIRMWAREDIR=${FIRMWAREDIR:=""}
+
 # General settings
 HOSTNAME=${HOSTNAME:=rpi2-${RELEASE}}
 PASSWORD=${PASSWORD:=raspberry}
@@ -98,6 +101,7 @@ ENABLE_XORG=${ENABLE_XORG:=false}
 ENABLE_WM=${ENABLE_WM:=""}
 ENABLE_RSYSLOG=${ENABLE_RSYSLOG:=true}
 ENABLE_USER=${ENABLE_USER:=true}
+USER_NAME=${USER_NAME:="pi"}
 ENABLE_ROOT=${ENABLE_ROOT:=false}
 ENABLE_ROOT_SSH=${ENABLE_ROOT_SSH:=false}