From 4551fcf06923ac69b4f362152c71639c34916682 2020-02-15 22:30:12 From: Unknown Date: 2020-02-15 22:30:12 Subject: [PATCH] -Enable_nonfree no longer enables non-free packages while install. now it enables non free packacges in sources.list -Fix: check for kernel_threads -Fix: Cryptfs Kernel parameters -Renamed: Kernel_reduce renamed for better varaible grouping to Reduce_kernel -Fix: defaultgov check in 13-kernel.sh -Dropped: Enable_DHCP - now seperated in Enable_eth_dhcp and enable_wifi_dhcp -Feature: Dhcp and static configuration of both wired and wifi interface -Feature: added uart_2ndstage=1 for even more uart output in early stages -Renamed: eth.network and wlan.network to eth0 and wlan0 -Improve: sanity check for stattic ip -Renamed: Enable_SSHD to SSH_Enable for better variable gouping -Renamed PASSWORD to ROOT_PASSWORD for better distinction with USER_PASSWORD -Improved: Enable_dbus check on firstboot (generate-machineid) -improved: Reduce if ipv6 disable remove xtables -Improved: recomend $Release if xorg is enabled on some rpi models -Install wpasupplicant if Enabled_wireless is true -Reorder key:value in rpi23-gen-image.sh -fixing some wrong var assingments and missing declarations in rpi23-gen-image.sh -updated precompiled kernel links - changed the following default values: "Reduce_*,cryptfs_keysize (support for 0 and 1),rpi_model" - added a complete config (rpi3buster-fullconfig) in sync with new order of key:value in rpi23-gen-image.sh thx to trampeltier@fsfe for testing a lot! --- diff --git a/bootstrap.d/10-bootstrap.sh b/bootstrap.d/10-bootstrap.sh index d8cfb69..2be3e8c 100644 --- a/bootstrap.d/10-bootstrap.sh +++ b/bootstrap.d/10-bootstrap.sh @@ -9,7 +9,8 @@ VARIANT="" COMPONENTS="main" # Use non-free Debian packages if needed -if [ "$ENABLE_NONFREE" = true ] ; then +# One use variable which is only needed by wifi firmware blob => reworked to use non free in /etc/apt/sources.list - we could just use ENABLE_WIRELESS here +if [ "$ENABLE_WIRELESS" = true ] ; then COMPONENTS="main,non-free,contrib" fi diff --git a/bootstrap.d/13-kernel.sh b/bootstrap.d/13-kernel.sh index 2802792..442fa3d 100644 --- a/bootstrap.d/13-kernel.sh +++ b/bootstrap.d/13-kernel.sh @@ -49,10 +49,16 @@ if [ "$BUILD_KERNEL" = true ] ; then fi # Calculate optimal number of kernel building threads - if [ "$KERNEL_THREADS" = "1" ] && [ -r /proc/cpuinfo ] ; then + if [ -n "$KERNEL_THREADS" ] && [ -r /proc/cpuinfo ] ; then KERNEL_THREADS=$(grep -c processor /proc/cpuinfo) fi +# TODO: Check if defined Threadcount is higher than actual cores +# if [ "$KERNEL_THREADS" > grep -c processor /proc/cpuinfo] ; then +# echo "Defined more Threads than core assigned to this system" +# exit 1 +# fi + #Copy 32bit config to 64bit if [ "$ENABLE_QEMU" = true ] && [ "$KERNEL_ARCH" = arm64 ]; then cp "${KERNEL_DIR}"/arch/arm/configs/vexpress_defconfig "${KERNEL_DIR}"/arch/arm64/configs/ @@ -61,7 +67,7 @@ if [ "$BUILD_KERNEL" = true ] ; then # Configure and build kernel if [ "$KERNELSRC_PREBUILT" = false ] ; then # Remove device, network and filesystem drivers from kernel configuration - if [ "$KERNEL_REDUCE" = true ] ; then + if [ "$REDUCE_KERNEL" = true ] ; then make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" "${KERNEL_DEFCONFIG}" sed -i\ -e "s/\(^CONFIG_SND.*\=\).*/\1n/"\ @@ -464,8 +470,24 @@ if [ "$BUILD_KERNEL" = true ] ; then set_kernel_config CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY n set_kernel_config CONFIG_SYSTEM_TRUSTED_KEYS m set_kernel_config CONFIG_SYSTEM_EXTRA_CERTIFICATE_SIZE 4096 - - set_kernel_config CONFIG_ARM64_CRYPTO y + fi + + if [ "$ENABLE_CRYPTFS" = true ] ; then + set_kernel_config CONFIG_EMBEDDED y + set_kernel_config CONFIG_EXPERT y + set_kernel_config CONFIG_DAX y + set_kernel_config CONFIG_MD y + set_kernel_config CONFIG_BLK_DEV_MD y + set_kernel_config CONFIG_MD_AUTODETECT y + set_kernel_config CONFIG_BLK_DEV_DM y + set_kernel_config CONFIG_BLK_DEV_DM_BUILTIN y + set_kernel_config CONFIG_DM_CRYPT y + set_kernel_config CONFIG_CRYPTO_BLKCIPHER y + set_kernel_config CONFIG_CRYPTO_CBC y + set_kernel_config CONFIG_CRYPTO_XTS y + set_kernel_config CONFIG_CRYPTO_SHA512 y + set_kernel_config CONFIG_CRYPTO_MANAGER y + set_kernel_config CONFIG_ARM64_CRYPTO y set_kernel_config CONFIG_CRYPTO_SHA256_ARM64 m set_kernel_config CONFIG_CRYPTO_SHA512_ARM64 m set_kernel_config CONFIG_CRYPTO_SHA1_ARM64_CE m @@ -620,8 +642,7 @@ if [ "$BUILD_KERNEL" = true ] ; then fi # KERNEL_DEFAULT_GOV was set by user - if [ "$KERNEL_DEFAULT_GOV" != powersave ] && [ -n "$KERNEL_DEFAULT_GOV" ] ; then - + if [ "$KERNEL_DEFAULT_GOV" != ondemand ] && [ -n "$KERNEL_DEFAULT_GOV" ] ; then case "$KERNEL_DEFAULT_GOV" in performance) set_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_PERFORMANCE y @@ -643,9 +664,8 @@ if [ "$BUILD_KERNEL" = true ] ; then exit 1 ;; esac - - # unset previous default governor - unset_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_POWERSAVE + # unset previous default governor + unset_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_ONDEMAND fi #Revert to previous directory @@ -655,25 +675,6 @@ if [ "$BUILD_KERNEL" = true ] ; then if [ "$ENABLE_QEMU" = true ] ; then echo "CONFIG_FHANDLE=y" >> "${KERNEL_DIR}"/.config echo "CONFIG_LBDAF=y" >> "${KERNEL_DIR}"/.config - - if [ "$ENABLE_CRYPTFS" = true ] ; then - { - echo "CONFIG_EMBEDDED=y" - echo "CONFIG_EXPERT=y" - echo "CONFIG_DAX=y" - echo "CONFIG_MD=y" - echo "CONFIG_BLK_DEV_MD=y" - echo "CONFIG_MD_AUTODETECT=y" - echo "CONFIG_BLK_DEV_DM=y" - echo "CONFIG_BLK_DEV_DM_BUILTIN=y" - echo "CONFIG_DM_CRYPT=y" - echo "CONFIG_CRYPTO_BLKCIPHER=y" - echo "CONFIG_CRYPTO_CBC=y" - echo "CONFIG_CRYPTO_XTS=y" - echo "CONFIG_CRYPTO_SHA512=y" - echo "CONFIG_CRYPTO_MANAGER=y" - } >> "${KERNEL_DIR}"/.config - fi fi # Copy custom kernel configuration file @@ -734,7 +735,7 @@ if [ "$BUILD_KERNEL" = true ] ; then fi # Install kernel headers - if [ "$KERNEL_HEADERS" = true ] && [ "$KERNEL_REDUCE" = false ] ; then + if [ "$KERNEL_HEADERS" = true ] && [ "$REDUCE_KERNEL" = false ] ; then make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_HDR_PATH=../.. headers_install fi @@ -886,4 +887,4 @@ else # BUILD_KERNEL=false cleanup exit 1 fi -fi +fi \ No newline at end of file diff --git a/bootstrap.d/14-fstab.sh b/bootstrap.d/14-fstab.sh index e59063f..e408758 100644 --- a/bootstrap.d/14-fstab.sh +++ b/bootstrap.d/14-fstab.sh @@ -38,17 +38,17 @@ if [ "$ENABLE_INITRAMFS" = true ] ; then sed -i "s/mmcblk0p2/sda1/" "${ETC_DIR}/crypttab" fi - if [ "$CRYPTFS_DROPBEAR" = true ]; then - if [ "$ENABLE_DHCP" = false ] ; then + if [ "$CRYPTFS_DROPBEAR" = true ] ; then + if [ "$ENABLE_ETH_DHCP" = false ] ; then # Get cdir from NET_ADDRESS e.g. 24 - cdir=$(printf "%s" "${NET_ADDRESS}" | cut -d '/' -f2) + cdir=$(printf "%s" "${NET_ETH_ADDRESS}" | cut -d '/' -f2) # Convert cdir ro netmask e.g. 24 to 255.255.255.0 NET_MASK=$(cdr2mask "$cdir") # Write static ip settings to "${ETC_DIR}"/initramfs-tools/initramfs.conf - # ip=:::::: - sed -i "\$a\nIP=${NET_ADDRESS}::${NET_GATEWAY}:${NET_MASK}:${HOSTNAME}:" "${ETC_DIR}"/initramfs-tools/initramfs.conf + # ip=:::::: + sed -i "\$a\nIP=${NET_ETH_ADDRESS}::${NET_ETH_GATEWAY}:${NET_MASK}:${HOSTNAME}:" "${ETC_DIR}"/initramfs-tools/initramfs.conf else sed -i "\$a\nIP=::::${HOSTNAME}::dhcp" "${ETC_DIR}"/initramfs-tools/initramfs.conf fi diff --git a/bootstrap.d/15-rpi-config.sh b/bootstrap.d/15-rpi-config.sh index 6a00889..e3e7c08 100644 --- a/bootstrap.d/15-rpi-config.sh +++ b/bootstrap.d/15-rpi-config.sh @@ -176,7 +176,10 @@ fi # may need sudo systemctl disable hciuart if [ "$ENABLE_CONSOLE" = true ] ; then - echo "enable_uart=1" >> "${BOOT_DIR}/config.txt" + echo "enable_uart=1" >> "${BOOT_DIR}/config.txt" + #More debug output on early but with serial console + echo "uart_2ndstage=1" >> "${BOOT_DIR}/config.txt" + # add string to cmdline CMDLINE="${CMDLINE} console=serial0,115200" diff --git a/bootstrap.d/20-networking.sh b/bootstrap.d/20-networking.sh index a1213db..3ae980d 100644 --- a/bootstrap.d/20-networking.sh +++ b/bootstrap.d/20-networking.sh @@ -14,8 +14,8 @@ install_readonly files/network/hosts "${ETC_DIR}/hosts" sed -i "s/RaspberryPI/${HOSTNAME}/" "${ETC_DIR}/hosts" # Setup hostname entry with static IP -if [ "$NET_ADDRESS" != "" ] ; then - NET_IP=$(echo "${NET_ADDRESS}" | cut -f 1 -d'/') +if [ "$NET_ETH_ADDRESS" != "" ] ; then + NET_IP=$(echo "${NET_ETH_ADDRESS}" | cut -f 1 -d'/') sed -i "s/^127.0.1.1/${NET_IP}/" "${ETC_DIR}/hosts" fi @@ -28,52 +28,102 @@ fi install_readonly files/network/interfaces "${ETC_DIR}/network/interfaces" # Install configuration for interface eth0 -install_readonly files/network/eth.network "${ETC_DIR}/systemd/network/eth.network" +install_readonly files/network/eth0.network "${ETC_DIR}/systemd/network/eth0.network" if [ "$RPI_MODEL" = 3P ] ; then -printf "\n[Link]\nGenericReceiveOffload=off\nTCPSegmentationOffload=off\nGenericSegmentationOffload=off" >> "${ETC_DIR}/systemd/network/eth.network" +printf "\n[Link]\nGenericReceiveOffload=off\nTCPSegmentationOffload=off\nGenericSegmentationOffload=off" >> "${ETC_DIR}/systemd/network/eth0.network" fi # Install configuration for interface wl* -install_readonly files/network/wlan.network "${ETC_DIR}/systemd/network/wlan.network" +install_readonly files/network/wlan0.network "${ETC_DIR}/systemd/network/wlan0.network" #always with dhcp since wpa_supplicant integration is missing -sed -i -e "s/DHCP=.*/DHCP=yes/" -e "/DHCP/q" "${ETC_DIR}/systemd/network/wlan.network" +sed -i -e "s/DHCP=.*/DHCP=yes/" -e "/DHCP/q" "${ETC_DIR}/systemd/network/wlan0.network" -if [ "$ENABLE_DHCP" = true ] ; then +if [ "$ENABLE_ETH_DHCP" = true ] ; then # Enable DHCP configuration for interface eth0 - sed -i -e "s/DHCP=.*/DHCP=yes/" -e "/DHCP/q" "${ETC_DIR}/systemd/network/eth.network" + sed -i -e "s/DHCP=.*/DHCP=yes/" -e "/DHCP/q" "${ETC_DIR}/systemd/network/eth0.network" # Set DHCP configuration to IPv4 only if [ "$ENABLE_IPV6" = false ] ; then - sed -i "s/DHCP=.*/DHCP=v4/" "${ETC_DIR}/systemd/network/eth.network" + sed -i "s/DHCP=.*/DHCP=v4/" "${ETC_DIR}/systemd/network/eth0.network" + sed '/IPv6PrivacyExtensions=true/d' "${ETC_DIR}/systemd/network/eth0.network" fi -else # ENABLE_DHCP=false +else # ENABLE_ETH_DHCP=false # Set static network configuration for interface eth0 - sed -i\ - -e "s|DHCP=.*|DHCP=no|"\ - -e "s|Address=\$|Address=${NET_ADDRESS}|"\ - -e "s|Gateway=\$|Gateway=${NET_GATEWAY}|"\ - -e "0,/DNS=\$/ s|DNS=\$|DNS=${NET_DNS_1}|"\ - -e "0,/DNS=\$/ s|DNS=\$|DNS=${NET_DNS_2}|"\ - -e "s|Domains=\$|Domains=${NET_DNS_DOMAINS}|"\ - -e "0,/NTP=\$/ s|NTP=\$|NTP=${NET_NTP_1}|"\ - -e "0,/NTP=\$/ s|NTP=\$|NTP=${NET_NTP_2}|"\ - "${ETC_DIR}/systemd/network/eth.network" + if [ -n NET_ETH_ADDRESS ] && [ -n NET_ETH_GATEWAY ] && [ -n NET_ETH_DNS_1 ] ; then + sed -i\ + -e "s|DHCP=.*|DHCP=no|"\ + -e "s|Address=\$|Address=${NET_ETH_ADDRESS}|"\ + -e "s|Gateway=\$|Gateway=${NET_ETH_GATEWAY}|"\ + -e "0,/DNS=\$/ s|DNS=\$|DNS=${NET_ETH_DNS_1}|"\ + -e "0,/DNS=\$/ s|DNS=\$|DNS=${NET_ETH_DNS_2}|"\ + -e "s|Domains=\$|Domains=${NET_ETH_DNS_DOMAINS}|"\ + -e "0,/NTP=\$/ s|NTP=\$|NTP=${NET_ETH_NTP_1}|"\ + -e "0,/NTP=\$/ s|NTP=\$|NTP=${NET_ETH_NTP_2}|"\ + "${ETC_DIR}/systemd/network/eth0.network" + fi fi -# Remove empty settings from network configuration -sed -i "/.*=\$/d" "${ETC_DIR}/systemd/network/eth.network" -# Remove empty settings from wlan configuration -sed -i "/.*=\$/d" "${ETC_DIR}/systemd/network/wlan.network" -# Move systemd network configuration if required by Debian release -mv -v "${ETC_DIR}/systemd/network/eth.network" "${LIB_DIR}/systemd/network/10-eth.network" -# If WLAN is enabled copy wlan configuration too if [ "$ENABLE_WIRELESS" = true ] ; then - mv -v "${ETC_DIR}/systemd/network/wlan.network" "${LIB_DIR}/systemd/network/11-wlan.network" + if [ "$ENABLE_WIFI_DHCP" = true ] ; then + # Enable DHCP configuration for interface eth0 + sed -i -e "s/DHCP=.*/DHCP=yes/" -e "/DHCP/q" "${ETC_DIR}/systemd/network/wlan0.network" + + # Set DHCP configuration to IPv4 only + if [ "$ENABLE_IPV6" = false ] ; then + sed -i "s/DHCP=.*/DHCP=v4/" "${ETC_DIR}/systemd/network/wlan0.network" + sed '/IPv6PrivacyExtensions=true/d' "${ETC_DIR}/systemd/network/wlan0.network" + fi + + else # ENABLE_WIFI_DHCP=false + # Set static network configuration for interface eth0 + if [ -n NET_WIFI_ADDRESS ] && [ -n NET_WIFI_GATEWAY ] && [ -n NET_WIFI_DNS_1 ] ; then + sed -i\ + -e "s|DHCP=.*|DHCP=no|"\ + -e "s|Address=\$|Address=${NET_WIFI_ADDRESS}|"\ + -e "s|Gateway=\$|Gateway=${NET_WIFI_GATEWAY}|"\ + -e "0,/DNS=\$/ s|DNS=\$|DNS=${NET_WIFI_DNS_1}|"\ + -e "0,/DNS=\$/ s|DNS=\$|DNS=${NET_WIFI_DNS_2}|"\ + -e "s|Domains=\$|Domains=${NET_WIFI_DNS_DOMAINS}|"\ + -e "0,/NTP=\$/ s|NTP=\$|NTP=${NET_WIFI_NTP_1}|"\ + -e "0,/NTP=\$/ s|NTP=\$|NTP=${NET_WIFI_NTP_2}|"\ + "${ETC_DIR}/systemd/network/wlan0.network" + fi + fi + + if [ -z "$NET_WIFI_SSID" ] && [ -z "$NET_WIFI_PSK" ] ; then + printf " + ctrl_interface=/run/wpa_supplicant + ctrl_interface_group=wheel + update_config=1 + eapol_version=1 + ap_scan=1 + fast_reauth=1 + + " > /etc/wpa_supplicant/wpa_supplicant-wlan0.conf + + #Configure WPA_supplicant + chroot_exec wpa_passphrase "$NET_SSID" "$NET_WPAPSK" >> /etc/wpa_supplicant/wpa_supplicant-wlan0.conf + + chroot_exec systemctl enable wpa_supplicant.service + chroot_exec systemctl enable wpa_supplicant@wlan0.service + fi + # Remove empty settings from wlan configuration + sed -i "/.*=\$/d" "${ETC_DIR}/systemd/network/wlan0.network" + # If WLAN is enabled copy wlan configuration too + mv -v "${ETC_DIR}/systemd/network/wlan0.network" "${LIB_DIR}/systemd/network/11-wlan0.network" fi + +# Remove empty settings from network configuration +sed -i "/.*=\$/d" "${ETC_DIR}/systemd/network/eth0.network" + +# Move systemd network configuration if required by Debian release +mv -v "${ETC_DIR}/systemd/network/eth0.network" "${LIB_DIR}/systemd/network/10-eth0.network" + +#Clean up rm -fr "${ETC_DIR}/systemd/network" # Enable systemd-networkd service diff --git a/bootstrap.d/21-firewall.sh b/bootstrap.d/21-firewall.sh index ee9831d..e8e9707 100644 --- a/bootstrap.d/21-firewall.sh +++ b/bootstrap.d/21-firewall.sh @@ -46,7 +46,7 @@ if [ "$ENABLE_IPTABLES" = true ] ; then chroot_exec systemctl enable ip6tables.service fi - if [ "$ENABLE_SSHD" = false ] ; then + if [ "$SSH_ENABLE" = false ] ; then # Remove SSHD related iptables rules sed -i "/^#/! {/SSH/ s/^/# /}" "${ETC_DIR}/iptables/iptables.rules" 2> /dev/null sed -i "/^#/! {/SSH/ s/^/# /}" "${ETC_DIR}/iptables/ip6tables.rules" 2> /dev/null diff --git a/bootstrap.d/30-security.sh b/bootstrap.d/30-security.sh index 75e3625..16d78c3 100644 --- a/bootstrap.d/30-security.sh +++ b/bootstrap.d/30-security.sh @@ -6,7 +6,7 @@ . ./functions.sh # Generate crypt(3) password string -ENCRYPTED_PASSWORD=$(mkpasswd -m sha-512 "${PASSWORD}") +ENCRYPTED_PASSWORD=$(mkpasswd -m sha-512 "${ROOT_PASSWORD}") ENCRYPTED_USER_PASSWORD=$(mkpasswd -m sha-512 "${USER_PASSWORD}") # Setup default user diff --git a/bootstrap.d/32-sshd.sh b/bootstrap.d/32-sshd.sh index 9d28d51..c439a1e 100644 --- a/bootstrap.d/32-sshd.sh +++ b/bootstrap.d/32-sshd.sh @@ -5,7 +5,7 @@ # Load utility functions . ./functions.sh -if [ "$ENABLE_SSHD" = true ] ; then +if [ "$SSH_ENABLE" = true ] ; then DROPBEAR_ARGS="" if [ "$SSH_ENABLE_ROOT" = false ] ; then diff --git a/bootstrap.d/50-firstboot.sh b/bootstrap.d/50-firstboot.sh index 1b17876..dedec4a 100644 --- a/bootstrap.d/50-firstboot.sh +++ b/bootstrap.d/50-firstboot.sh @@ -24,12 +24,14 @@ if [ "$EXPANDROOT" = true ] ; then fi # Ensure openssh server host keys are regenerated on first boot -if [ "$ENABLE_SSHD" = true ] ; then +if [ "$SSH_ENABLE" = true ] ; then cat files/firstboot/30-generate-ssh-keys.sh >> "${ETC_DIR}/rc.firstboot" fi +if [ "$ENABLE_DBUS" = true ] ; then # Ensure that dbus machine-id exists cat files/firstboot/40-generate-machineid.sh >> "${ETC_DIR}/rc.firstboot" +fi # Create /etc/resolv.conf symlink cat files/firstboot/41-create-resolv-symlink.sh >> "${ETC_DIR}/rc.firstboot" diff --git a/bootstrap.d/99-reduce.sh b/bootstrap.d/99-reduce.sh index 9576bd6..3b7fc57 100644 --- a/bootstrap.d/99-reduce.sh +++ b/bootstrap.d/99-reduce.sh @@ -5,6 +5,28 @@ # Load utility functions . ./functions.sh +if [ "$ENABLE_IPV6" = false ] ; then +"$LIB_DIR"/xtables/libip6t_ah.so +"$LIB_DIR"/xtables/libip6t_dst.so +"$LIB_DIR"/xtables/libip6t_eui64.so +"$LIB_DIR"/xtables/libip6t_frag.so +"$LIB_DIR"/xtables/libip6t_hbh.so +"$LIB_DIR"/xtables/libip6t_hl.so +"$LIB_DIR"/xtables/libip6t_HL.so +"$LIB_DIR"/xtables/libip6t_icmp6.so +"$LIB_DIR"/xtables/libip6t_ipv6header.so +"$LIB_DIR"/xtables/libip6t_LOG.so +"$LIB_DIR"/xtables/libip6t_mh.so +"$LIB_DIR"/xtables/libip6t_REJECT.so +"$LIB_DIR"/xtables/libip6t_rt.so +"$LIB_DIR"/xtables/libip6t_DNAT.so +"$LIB_DIR"/xtables/libip6t_DNPT.so +"$LIB_DIR"/xtables/libip6t_MASQUERADE.so +"$LIB_DIR"/xtables/libip6t_NETMAP.so +"$LIB_DIR"/xtables/libip6t_REDIRECT.so +"$LIB_DIR"/xtables/libip6t_SNAT.so +"$LIB_DIR"/xtables/libip6t_SNPT.so +fi # Reduce the image size by various operations if [ "$ENABLE_REDUCE" = true ] ; then if [ "$REDUCE_APT" = true ] ; then diff --git a/files/firstboot/42-config-ifnames.sh b/files/firstboot/42-config-ifnames.sh index 9724155..5de911e 100644 --- a/files/firstboot/42-config-ifnames.sh +++ b/files/firstboot/42-config-ifnames.sh @@ -1,13 +1,32 @@ logger -t "rc.firstboot" "Configuring network interface name" -INTERFACE_NAME=$(dmesg | grep "renamed from eth0" | awk -F ":| " '{ print $9 }') +INTERFACE_NAME_ETH=$(dmesg | grep "renamed from eth0" | awk -F ":| " '{ print $9 }') +INTERFACE_NAME_WIFI=$(dmesg | grep "renamed from wlan0" | awk -F ":| " '{ print $9 }') -if [ ! -z INTERFACE_NAME ] ; then - if [ -r "/etc/systemd/network/eth.network" ] ; then - sed -i "s/eth0/${INTERFACE_NAME}/" /etc/systemd/network/eth.network +if [ ! -z INTERFACE_NAME_ETH ] ; then + if [ -r "/etc/systemd/network/eth0.network" ] ; then + sed -i "s/eth0/${INTERFACE_NAME_ETH}/" /etc/systemd/network/eth0.network fi - if [ -r "/lib/systemd/network/10-eth.network" ] ; then - sed -i "s/eth0/${INTERFACE_NAME}/" /lib/systemd/network/10-eth.network + if [ -r "/lib/systemd/network/10-eth0.network" ] ; then + sed -i "s/eth0/${INTERFACE_NAME_ETH}/" /lib/systemd/network/10-eth0.network fi + # Move config to new interface name + mv /etc/systemd/network/eth0.network /etc/systemd/network/"${INTERFACE_NAME_ETH}".network +fi + +if [ ! -z INTERFACE_NAME_WIFI ] ; then + if [ -r "/etc/systemd/network/wlan0.network" ] ; then + sed -i "s/wlan0/${INTERFACE_NAME_WIFI}/" /etc/systemd/network/wlan0.network + fi + + if [ -r "/lib/systemd/network/11-wlan0.network" ] ; then + sed -i "s/wlan0/${INTERFACE_NAME_WIFI}/" /lib/systemd/network/11-wlan0.network + fi + # Move config to new interface name + mv /etc/systemd/network/wlan0.network /etc/systemd/network/"${INTERFACE_NAME_WIFI}".network + + systemctl disable wpa_supplicant@wlan0.service + systemctl enable wpa_supplicant@"${INTERFACE_NAME_WIFI}".service + systemctl start wpa_supplicant@"${INTERFACE_NAME_WIFI}".service fi diff --git a/files/network/eth0.network b/files/network/eth0.network new file mode 100644 index 0000000..143ca4b --- /dev/null +++ b/files/network/eth0.network @@ -0,0 +1,14 @@ +[Match] +Name=eth0 + +[Network] +RouteMetric=10 +IPv6PrivacyExtensions=true +DHCP=no +Address= +Gateway= +DNS= +DNS= +Domains= +NTP= +NTP= diff --git a/files/network/wlan0.network b/files/network/wlan0.network new file mode 100644 index 0000000..49091fe --- /dev/null +++ b/files/network/wlan0.network @@ -0,0 +1,14 @@ +[Match] +Name=wlan0 + +[Network] +RouteMetric=20 +IPv6PrivacyExtensions=true +DHCP=no +Address= +Gateway= +DNS= +DNS= +Domains= +NTP= +NTP= diff --git a/rpi23-gen-image.sh b/rpi23-gen-image.sh index e52225e..586860f 100755 --- a/rpi23-gen-image.sh +++ b/rpi23-gen-image.sh @@ -36,11 +36,11 @@ fi # Introduce settings set -e -echo -n -e "\n#\n# RPi 0/1/2/3 Bootstrap Settings\n#\n" +echo -n -e "\n#\n# RPi 0/1/2/3/4 Bootstrap Settings\n#\n" set -x # Raspberry Pi model configuration -RPI_MODEL=${RPI_MODEL:=2} +RPI_MODEL=${RPI_MODEL:=3P} # Debian release RELEASE=${RELEASE:=buster} @@ -66,13 +66,13 @@ SYSTEMDSWAP_URL=${SYSTEMDSWAP_URL:=https://github.com/Nefelim4ag/systemd-swap.gi RPI_32_KERNEL_URL=${RPI_32_KERNEL_URL:=https://github.com/hypriot/rpi-kernel/releases/download/v4.14.34/raspberrypi-kernel_20180422-141901_armhf.deb} RPI_32_KERNELHEADER_URL=${RPI_32_KERNELHEADER_URL:=https://github.com/hypriot/rpi-kernel/releases/download/v4.14.34/raspberrypi-kernel-headers_20180422-141901_armhf.deb} # Kernel has KVM and zswap enabled - use if KERNEL_* parameters and precompiled kernel are used -RPI3_64_BIS_KERNEL_URL=${RPI3_64_BIS_KERNEL_URL:=https://github.com/sakaki-/bcmrpi3-kernel-bis/releases/download/4.19.80.20191022/bcmrpi3-kernel-bis-4.19.80.20191022.tar.xz} +RPI3_64_BIS_KERNEL_URL=${RPI3_64_BIS_KERNEL_URL:=https://github.com/sakaki-/bcmrpi3-kernel-bis/releases/download/4.19.102.20200211/bcmrpi3-kernel-bis-4.19.102.20200211.tar.xz} # Default precompiled 64bit kernel -RPI3_64_DEF_KERNEL_URL=${RPI3_64_DEF_KERNEL_URL:=https://github.com/sakaki-/bcmrpi3-kernel/releases/download/4.19.80.20191022/bcmrpi3-kernel-4.19.80.20191022.tar.xz} +RPI3_64_DEF_KERNEL_URL=${RPI3_64_DEF_KERNEL_URL:=https://github.com/sakaki-/bcmrpi3-kernel/releases/download/4.19.102.20200211/bcmrpi3-kernel-4.19.102.20200211.tar.xz} # Sakaki BIS Kernel RPI4 - https://github.com/sakaki-/bcm2711-kernel-bis -RPI4_64_BIS_KERNEL_URL=${RPI4_64_BIS_KERNEL_URL:=https://github.com/sakaki-/bcm2711-kernel-bis/releases/download/4.19.59.20190724/bcm2711-kernel-bis-4.19.59.20190724.tar.xz} +RPI4_64_BIS_KERNEL_URL=${RPI4_64_BIS_KERNEL_URL:=https://github.com/sakaki-/bcm2711-kernel-bis/releases/download/4.19.102.20200211/bcm2711-kernel-bis-4.19.102.20200211.tar.xz} # Default precompiled 64bit kernel - https://github.com/sakaki-/bcm2711-kernel -RPI4_64_DEF_KERNEL_URL=${RPI4_64_DEF_KERNEL_URL:=https://github.com/sakaki-/bcm2711-kernel-bis/releases/download/4.19.59.20190724/bcm2711-kernel-bis-4.19.59.20190724.tar.xz} +RPI4_64_DEF_KERNEL_URL=${RPI4_64_DEF_KERNEL_URL:=https://github.com/sakaki-/bcm2711-kernel-bis/releases/download/4.19.102.20200211/bcm2711-kernel-bis-4.19.102.20200211.tar.xz} # Generic RPI3_64_KERNEL_URL=${RPI3_64_KERNEL_URL:=$RPI3_64_DEF_KERNEL_URL} RPI4_64_KERNEL_URL=${RPI4_64_KERNEL_URL:=$RPI4_64_DEF_KERNEL_URL} @@ -93,18 +93,28 @@ KERNEL_DIR="${R}/usr/src/linux" WLAN_FIRMWARE_DIR="${LIB_DIR}/firmware/brcm" BLUETOOTH_FIRMWARE_DIR="${ETC_DIR}/firmware/bt" -# Firmware directory: Blank if download from github -RPI_FIRMWARE_DIR=${RPI_FIRMWARE_DIR:=""} +# APT settings +APT_SERVER=${APT_SERVER:="ftp.debian.org"} +APT_PROXY=${APT_PROXY:=""} +KEEP_APT_PROXY=${KEEP_APT_PROXY:=false} +# Packages required in the chroot build environment +APT_INCLUDES=${APT_INCLUDES:=""} +APT_INCLUDES="${APT_INCLUDES},apt-transport-https,apt-utils,ca-certificates,debian-archive-keyring,dialog,sudo,systemd,sysvinit-utils,locales,keyboard-configuration,console-setup,libnss-systemd" +# Packages to exclude from chroot build environment +APT_EXCLUDES=${APT_EXCLUDES:=""} # General settings SET_ARCH=${SET_ARCH:=32} HOSTNAME=${HOSTNAME:=rpi${RPI_MODEL}-${RELEASE}} -PASSWORD=${PASSWORD:=raspberry} -USER_PASSWORD=${USER_PASSWORD:=raspberry} DEFLOCAL=${DEFLOCAL:="en_US.UTF-8"} TIMEZONE=${TIMEZONE:="Europe/Berlin"} EXPANDROOT=${EXPANDROOT:=true} -ENABLE_DPHYSSWAP=${ENABLE_DPHYSSWAP:=true} + +ENABLE_ROOT=${ENABLE_ROOT:=false} +ROOT_PASSWORD=${ROOT_PASSWORD:=raspberry} +ENABLE_USER=${ENABLE_USER:=true} +USER_NAME=${USER_NAME:="pi"} +USER_PASSWORD=${USER_PASSWORD:=raspberry} # Keyboard settings XKB_MODEL=${XKB_MODEL:=""} @@ -112,135 +122,139 @@ XKB_LAYOUT=${XKB_LAYOUT:=""} XKB_VARIANT=${XKB_VARIANT:=""} XKB_OPTIONS=${XKB_OPTIONS:=""} +# Networking settings: +ENABLE_IPV6=${ENABLE_IPV6:=true} +ENABLE_WIRELESS=${ENABLE_WIRELESS:=false} +ENABLE_IPTABLES=${ENABLE_IPTABLES:=false} +ENABLE_HARDNET=${ENABLE_HARDNET:=false} +ENABLE_IFNAMES=${ENABLE_IFNAMES:=true} + # Network settings (DHCP) -ENABLE_DHCP=${ENABLE_DHCP:=true} +ENABLE_ETH_DHCP=${ENABLE_ETH_DHCP:=true} +ENABLE_WIFI_DHCP=${ENABLE_ETH_DHCP:=true} # Network settings (static) -NET_ADDRESS=${NET_ADDRESS:=""} -NET_GATEWAY=${NET_GATEWAY:=""} -NET_DNS_1=${NET_DNS_1:=""} -NET_DNS_2=${NET_DNS_2:=""} -NET_DNS_DOMAINS=${NET_DNS_DOMAINS:=""} -NET_NTP_1=${NET_NTP_1:=""} -NET_NTP_2=${NET_NTP_2:=""} +NET_ETH_ADDRESS=${NET_ETH_ADDRESS:=""} +NET_ETH_GATEWAY=${NET_ETH_GATEWAY:=""} +NET_ETH_DNS_1=${NET_ETH_DNS_1:=""} +NET_ETH_DNS_2=${NET_ETH_DNS_2:=""} +NET_ETH_DNS_DOMAINS=${NET_ETH_DNS_DOMAINS:=""} +NET_ETH_NTP_1=${NET_ETH_NTP_1:=""} +NET_ETH_NTP_2=${NET_ETH_NTP_2:=""} + +# Networking settings (WIFI): +NET_WIFI_SSID=${NET_WIFI_SSID:=""} +NET_WIFI_PSK=${NET_WIFI_PSK:=""} -# APT settings -APT_PROXY=${APT_PROXY:=""} -APT_SERVER=${APT_SERVER:="ftp.debian.org"} -KEEP_APT_PROXY=${KEEP_APT_PROXY:=false} +# Network settings (static) +NET_WIFI_ADDRESS=${NET_WIFI_ADDRESS:=""} +NET_WIFI_GATEWAY=${NET_WIFI_GATEWAY:=""} +NET_WIFI_DNS_1=${NET_WIFI_DNS_1:=""} +NET_WIFI_DNS_2=${NET_WIFI_DNS_2:=""} +NET_WIFI_DNS_DOMAINS=${NET_WIFI_DNS_DOMAINS:=""} +NET_WIFI_NTP_1=${NET_WIFI_NTP_1:=""} +NET_WIFI_NTP_2=${NET_WIFI_NTP_2:=""} # Feature settings +ENABLE_CONSOLE=${ENABLE_CONSOLE:=false} ENABLE_PRINTK=${ENABLE_PRINTK:=false} ENABLE_BLUETOOTH=${ENABLE_BLUETOOTH:=false} ENABLE_MINIUART_OVERLAY=${ENABLE_MINIUART_OVERLAY:=false} -ENABLE_CONSOLE=${ENABLE_CONSOLE:=true} +ENABLE_TURBO=${ENABLE_TURBO:=false} ENABLE_I2C=${ENABLE_I2C:=false} ENABLE_SPI=${ENABLE_SPI:=false} -ENABLE_IPV6=${ENABLE_IPV6:=true} -ENABLE_SSHD=${ENABLE_SSHD:=true} + ENABLE_NONFREE=${ENABLE_NONFREE:=false} -ENABLE_WIRELESS=${ENABLE_WIRELESS:=false} -ENABLE_SOUND=${ENABLE_SOUND:=true} -ENABLE_DBUS=${ENABLE_DBUS:=true} +ENABLE_RSYSLOG=${ENABLE_RSYSLOG:=true} +ENABLE_SOUND=${ENABLE_SOUND:=false} ENABLE_HWRANDOM=${ENABLE_HWRANDOM:=true} ENABLE_MINGPU=${ENABLE_MINGPU:=false} ENABLE_XORG=${ENABLE_XORG:=false} ENABLE_WM=${ENABLE_WM:=""} -ENABLE_RSYSLOG=${ENABLE_RSYSLOG:=true} -ENABLE_USER=${ENABLE_USER:=true} -USER_NAME=${USER_NAME:="pi"} -ENABLE_ROOT=${ENABLE_ROOT:=false} -ENABLE_QEMU=${ENABLE_QEMU:=false} ENABLE_SYSVINIT=${ENABLE_SYSVINIT:=false} - -# SSH settings -SSH_ENABLE_ROOT=${SSH_ENABLE_ROOT:=false} -SSH_DISABLE_PASSWORD_AUTH=${SSH_DISABLE_PASSWORD_AUTH:=false} -SSH_LIMIT_USERS=${SSH_LIMIT_USERS:=false} -SSH_ROOT_PUB_KEY=${SSH_ROOT_PUB_KEY:=""} -SSH_USER_PUB_KEY=${SSH_USER_PUB_KEY:=""} +ENABLE_SPLASH=${ENABLE_SPLASH:=true} +ENABLE_LOGO=${ENABLE_LOGO:=true} +ENABLE_SILENT_BOOT=${ENABLE_SILENT_BOOT=false} +DISABLE_UNDERVOLT_WARNINGS=${DISABLE_UNDERVOLT_WARNINGS:=} # Advanced settings +ENABLE_DPHYSSWAP=${ENABLE_DPHYSSWAP:=true} ENABLE_SYSTEMDSWAP=${ENABLE_SYSTEMDSWAP:=false} +ENABLE_QEMU=${ENABLE_QEMU:=false} +ENABLE_KEYGEN=${ENABLE_KEYGEN:=false} ENABLE_MINBASE=${ENABLE_MINBASE:=false} -ENABLE_REDUCE=${ENABLE_REDUCE:=false} +ENABLE_SPLITFS=${ENABLE_SPLITFS:=false} +ENABLE_INITRAMFS=${ENABLE_INITRAMFS:=false} +ENABLE_DBUS=${ENABLE_DBUS:=true} +ENABLE_USBBOOT=${ENABLE_USBBOOT=false} +CHROOT_SCRIPTS=${CHROOT_SCRIPTS:=""} ENABLE_UBOOT=${ENABLE_UBOOT:=false} UBOOTSRC_DIR=${UBOOTSRC_DIR:=""} -ENABLE_USBBOOT=${ENABLE_USBBOOT=false} ENABLE_FBTURBO=${ENABLE_FBTURBO:=false} +FBTURBOSRC_DIR=${FBTURBOSRC_DIR:=""} ENABLE_VIDEOCORE=${ENABLE_VIDEOCORE:=false} -ENABLE_NEXMON=${ENABLE_NEXMON:=false} VIDEOCORESRC_DIR=${VIDEOCORESRC_DIR:=""} -FBTURBOSRC_DIR=${FBTURBOSRC_DIR:=""} +ENABLE_NEXMON=${ENABLE_NEXMON:=false} NEXMONSRC_DIR=${NEXMONSRC_DIR:=""} -ENABLE_HARDNET=${ENABLE_HARDNET:=false} -ENABLE_IPTABLES=${ENABLE_IPTABLES:=false} -ENABLE_SPLITFS=${ENABLE_SPLITFS:=false} -ENABLE_INITRAMFS=${ENABLE_INITRAMFS:=false} -ENABLE_IFNAMES=${ENABLE_IFNAMES:=true} -ENABLE_SPLASH=${ENABLE_SPLASH:=true} -ENABLE_LOGO=${ENABLE_LOGO:=true} -ENABLE_SILENT_BOOT=${ENABLE_SILENT_BOOT=false} -DISABLE_UNDERVOLT_WARNINGS=${DISABLE_UNDERVOLT_WARNINGS:=} + +# SSH settings +SSH_ENABLE=${SSH_ENABLE:=true} +SSH_ENABLE_ROOT=${SSH_ENABLE_ROOT:=false} +SSH_DISABLE_PASSWORD_AUTH=${SSH_DISABLE_PASSWORD_AUTH:=false} +SSH_LIMIT_USERS=${SSH_LIMIT_USERS:=false} +SSH_ROOT_PUB_KEY=${SSH_ROOT_PUB_KEY:=""} +SSH_USER_PUB_KEY=${SSH_USER_PUB_KEY:=""} # Kernel compilation settings BUILD_KERNEL=${BUILD_KERNEL:=true} -KERNEL_REDUCE=${KERNEL_REDUCE:=false} KERNEL_THREADS=${KERNEL_THREADS:=1} KERNEL_HEADERS=${KERNEL_HEADERS:=true} KERNEL_MENUCONFIG=${KERNEL_MENUCONFIG:=false} -KERNEL_REMOVESRC=${KERNEL_REMOVESRC:=true} KERNEL_OLDDEFCONFIG=${KERNEL_OLDDEFCONFIG:=false} KERNEL_CCACHE=${KERNEL_CCACHE:=false} -KERNEL_ZSWAP=${KERNEL_ZSWAP:=false} +KERNEL_REMOVESRC=${KERNEL_REMOVESRC:=true} +KERNELSRC_DIR=${KERNELSRC_DIR:=""} +KERNELSRC_CLEAN=${KERNELSRC_CLEAN:=false} +KERNELSRC_CONFIG=${KERNELSRC_CONFIG:=true} +KERNELSRC_USRCONFIG=${KERNELSRC_USRCONFIG:=""} +KERNELSRC_PREBUILT=${KERNELSRC_PREBUILT:=false} +# Firmware directory: Blank if download from github +RPI_FIRMWARE_DIR=${RPI_FIRMWARE_DIR:=""} +KERNEL_DEFAULT_GOV=${KERNEL_DEFAULT_GOV:=ondemand} +KERNEL_NF=${KERNEL_NF:=false} KERNEL_VIRT=${KERNEL_VIRT:=false} +KERNEL_ZSWAP=${KERNEL_ZSWAP:=false} KERNEL_BPF=${KERNEL_BPF:=false} -KERNEL_DEFAULT_GOV=${KERNEL_DEFAULT_GOV:=ondemand} KERNEL_SECURITY=${KERNEL_SECURITY:=false} -KERNEL_NF=${KERNEL_NF:=false} -KERNEL_DHKEY=${KERNEL_DHKEY:=true} KERNEL_BTRFS=${KERNEL_BTRFS:=false} -KERNEL_NSPAN=${KERNEL_NSPAN:=false} KERNEL_POEHAT=${KERNEL_POEHAT:=false} - -# Kernel compilation from source directory settings -KERNELSRC_DIR=${KERNELSRC_DIR:=""} -KERNELSRC_CLEAN=${KERNELSRC_CLEAN:=false} -KERNELSRC_CONFIG=${KERNELSRC_CONFIG:=true} -KERNELSRC_PREBUILT=${KERNELSRC_PREBUILT:=false} +KERNEL_NSPAN=${KERNEL_NSPAN:=false} +KERNEL_DHKEY=${KERNEL_DHKEY:=true} # Reduce disk usage settings +ENABLE_REDUCE=${ENABLE_REDUCE:=false} REDUCE_APT=${REDUCE_APT:=true} -REDUCE_DOC=${REDUCE_DOC:=true} -REDUCE_MAN=${REDUCE_MAN:=true} +REDUCE_DOC=${REDUCE_DOC:=false} +REDUCE_MAN=${REDUCE_MAN:=false} REDUCE_VIM=${REDUCE_VIM:=false} REDUCE_BASH=${REDUCE_BASH:=false} -REDUCE_HWDB=${REDUCE_HWDB:=true} -REDUCE_SSHD=${REDUCE_SSHD:=true} -REDUCE_LOCALE=${REDUCE_LOCALE:=true} +REDUCE_HWDB=${REDUCE_HWDB:=false} +REDUCE_SSHD=${REDUCE_SSHD:=false} +REDUCE_LOCALE=${REDUCE_LOCALE:=false} +REDUCE_KERNEL=${REDUCE_KERNEL:=false} # Encrypted filesystem settings ENABLE_CRYPTFS=${ENABLE_CRYPTFS:=false} CRYPTFS_PASSWORD=${CRYPTFS_PASSWORD:=""} CRYPTFS_MAPPING=${CRYPTFS_MAPPING:="secure"} CRYPTFS_CIPHER=${CRYPTFS_CIPHER:="aes-xts-plain64"} -CRYPTFS_HASH=${CRYPTFS_HASH:="sha512"} -CRYPTFS_XTSKEYSIZE=${CRYPTFS_XTSKEYSIZE:=512} +CRYPTFS_HASH=${CRYPTFS_HASH:="sha256"} +CRYPTFS_XTSKEYSIZE=${CRYPTFS_XTSKEYSIZE:=256} #Dropbear-initramfs supports unlocking encrypted filesystem via SSH on bootup CRYPTFS_DROPBEAR=${CRYPTFS_DROPBEAR:=false} #Provide your own Dropbear Public RSA-OpenSSH Key otherwise it will be generated CRYPTFS_DROPBEAR_PUBKEY=${CRYPTFS_DROPBEAR_PUBKEY:=""} -# Chroot scripts directory -CHROOT_SCRIPTS=${CHROOT_SCRIPTS:=""} - -# Packages required in the chroot build environment -APT_INCLUDES=${APT_INCLUDES:=""} -APT_INCLUDES="${APT_INCLUDES},flex,bison,libssl-dev,apt-transport-https,apt-utils,ca-certificates,debian-archive-keyring,dialog,sudo,systemd,sysvinit-utils,locales,keyboard-configuration,console-setup,libnss-systemd" - -# Packages to exclude from chroot build environment -APT_EXCLUDES=${APT_EXCLUDES:=""} - # Packages required for bootstrapping REQUIRED_PACKAGES="debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git bc psmisc dbus bison flex libssl-dev sudo" MISSING_PACKAGES="" @@ -295,8 +309,17 @@ if [ -n "$SET_ARCH" ] ; then RELEASE_ARCH=${RELEASE_ARCH:=armel} KERNEL_IMAGE=${KERNEL_IMAGE:=kernel.img} CROSS_COMPILE=${CROSS_COMPILE:=arm-linux-gnueabi-} + + if [ $ENABLE_XORG = true ] ; then + if [$RELEASE = "stretch" ] || [$RELEASE = "oldstable" ] ; then + printf "\nBest support for armel architecture is provided under Debian stretch/oldstable. Choose yes to change release to Debian stretch[y/n] " + read -r confirm + if [ "$confirm" = "y" ] ; then + $RELEASE = "stretch" + fi + fi + fi fi - # Raspberry Pi model specific settings if [ "$RPI_MODEL" = 2 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] || [ "$RPI_MODEL" = 4 ] ; then if [ "$RPI_MODEL" != 4 ] ; then @@ -361,7 +384,7 @@ if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] || [ "$ APT_INCLUDES="${APT_INCLUDES},bluetooth,bluez" fi if [ "$ENABLE_WIRELESS" = true ] ; then - APT_INCLUDES="${APT_INCLUDES},wireless-tools,crda,wireless-regdb" + APT_INCLUDES="${APT_INCLUDES},wireless-tools,crda,wireless-regdb,wpasupplicant" fi else # Raspberry PI 1,1P,2 without Wifi and bluetooth onboard # Check if the internal wireless interface is not supported by the RPi model @@ -436,7 +459,7 @@ fi # Add device-tree-compiler required for building the U-Boot bootloader if [ "$ENABLE_UBOOT" = true ] ; then - APT_INCLUDES="${APT_INCLUDES},device-tree-compiler,bison,flex,bc" + APT_INCLUDES="${APT_INCLUDES},device-tree-compiler,bc" fi if [ "$ENABLE_USBBOOT" = true ] ; then @@ -591,7 +614,7 @@ if [ "$KERNEL_SECURITY" = true ] ; then fi # Add openssh server package -if [ "$ENABLE_SSHD" = true ] ; then +if [ "$SSH_ENABLE" = true ] ; then APT_INCLUDES="${APT_INCLUDES},openssh-server" fi diff --git a/templates/rpi3buster-fullconfig b/templates/rpi3buster-fullconfig new file mode 100644 index 0000000..01255e3 --- /dev/null +++ b/templates/rpi3buster-fullconfig @@ -0,0 +1,188 @@ +############################ +########APT settings######## +############################ +APT_SERVER=ftp.debian.org +APT_PROXY= +KEEP_APT_PROXY=false +APT_INCLUDES_LATE= +APT_INCLUDES= +############################ +##General system settings### +############################ +SET_ARCH=32 +RPI_MODEL=3P +RELEASE=buster +HOSTNAME= +DEFLOCAL=en_US.UTF-8 +TIMEZONE=Europe/Berlin +EXPANDROOT=true +############################ +#######User settings######## +############################ +ENABLE_ROOT=false +ROOT_PASSWORD=raspberry +ENABLE_USER=true +USER_NAME=pi +USER_PASSWORD=raspberry +############################ +####Keyboard settings####### +############################ +XKB_MODEL= +XKB_LAYOUT= +XKB_VARIANT= +XKB_OPTIONS= +############################ +######Network settings###### +############################ +ENABLE_IPV6=true +ENABLE_WIRELESS=false +ENABLE_IPTABLES=false +ENABLE_HARDNET=false +ENABLE_IFNAMES=true +############################ +# Network settings (DHCP) +ENABLE_ETH_DHCP=true +ENABLE_WIFI_DHCP=true +############################ +# Network settings (static) +NET_ETH_ADDRESS= +NET_ETH_GATEWAY= +NET_ETH_DNS_1= +NET_ETH_DNS_2= +NET_ETH_DNS_DOMAINS= +NET_ETH_NTP_1= +NET_ETH_NTP_2= +############################ +NET_WIFI_SSID= +NET_WIFI_PSK= +############################ +# Network settings (static) +NET_WIFI_ADDRESS= +NET_WIFI_GATEWAY= +NET_WIFI_DNS_1= +NET_WIFI_DNS_2= +NET_WIFI_DNS_DOMAINS= +NET_WIFI_NTP_1= +NET_WIFI_NTP_2= +############################ +###Basic system settings#### +############################ +ENABLE_CONSOLE=false +ENABLE_PRINTK=false +ENABLE_BLUETOOTH=false +ENABLE_MINIUART_OVERLAY=false +ENABLE_TURBO=false +ENABLE_I2C=true +ENABLE_SPI=true +ENABLE_NONFREE=false +ENABLE_RSYSLOG=false +ENABLE_SOUND=false +ENABLE_HWRANDOM=true +ENABLE_MINGPU=false +ENABLE_XORG=false +ENABLE_WM= +ENABLE_SYSVINIT=false +ENABLE_SPLASH=true +ENABLE_LOGO=true +ENABLE_SILENT_BOOT=false +############################ +#1=disable overlay,2=turbo+overlay, otherwise leave unset +DISABLE_UNDERVOLT_WARNINGS= +############################ +##Advanced system settings## +############################ +ENABLE_DPHYSSWAP=true +ENABLE_SYSTEMDSWAP=false +############################ +ENABLE_QEMU=false +QEMU_BINARY= +ENABLE_KEYGEN=false +ENABLE_MINBASE=false +ENABLE_SPLITFS=false +ENABLE_INITRAMFS=false +ENABLE_DBUS=true +ENABLE_USBBOOT=false +############################ +CHROOT_SCRIPTS= +############################ +ENABLE_UBOOT=false +UBOOTSRC_DIR= +############################ +ENABLE_FBTURBO=false +FBTURBOSRC_DIR= +############################ +ENABLE_VIDEOCORE=false +VIDEOCORESRC_DIR= +############################ +ENABLE_NEXMON=false +NEXMONSRC_DIR= +############################ +########SSH settings######## +############################ +SSH_ENABLE=true +SSH_ENABLE_ROOT=false +SSH_DISABLE_PASSWORD_AUTH=false +SSH_LIMIT_USERS=false +SSH_ROOT_PUB_KEY= +SSH_USER_PUB_KEY= +############################ +#####Kernel settings######## +############################ +BUILD_KERNEL=true +CROSS_COMPILE= +KERNEL_ARCH= +KERNEL_IMAGE= +KERNEL_BRANCH= +KERNEL_DEFCONFIG= + +KERNEL_THREADS=1 +KERNEL_HEADERS=true +KERNEL_MENUCONFIG=false +KERNEL_OLDDEFCONFIG=false +KERNEL_CCACHE=false +KERNEL_REMOVESRC=true +KERNELSRC_DIR= +KERNELSRC_CLEAN=false +KERNELSRC_CONFIG=true +KERNELSRC_USRCONFIG= +KERNELSRC_PREBUILT=false +RPI_FIRMWARE_DIR= +KERNEL_DEFAULT_GOV=ondemand +KERNEL_NF=false +KERNEL_VIRT=false +KERNEL_ZSWAP=false +KERNEL_BPF=true +KERNEL_SECURITY=false +KERNEL_BTRFS=false +KERNEL_POEHAT=false +KERNEL_NSPAWN=false +KERNEL_DHKEY=true +############################ +#######Save diskspace####### +############################ +ENABLE_REDUCE=false +REDUCE_APT=true +REDUCE_DOC=false +REDUCE_MAN=false +REDUCE_VIM=false +REDUCE_BASH=false +REDUCE_HWDB=false +REDUCE_SSHD=false +REDUCE_LOCALE=false +REDUCE_KERNEL=false +############################ +######CryptFS Settings###### +############################ +ENABLE_CRYPTFS=false +CRYPTFS_PASSWORD= +CRYPTFS_MAPPING=secure +CRYPTFS_CIPHER=aes-xts-plain64 +CRYPTFS_HASH=sha256 +CRYPTFS_XTSKEYSIZE=256 +CRYPTFS_DROPBEAR=false +CRYPTFS_DROPBEAR_PUBKEY= +############################ +#######Build settings####### +############################ +BASEDIR= +IMAGE_NAME= \ No newline at end of file