From 4b0de60ca6dc0b0c3eb2e720965e16c24d0113c0 2020-01-08 01:12:51 From: g-vidal Date: 2020-01-08 01:12:51 Subject: [PATCH] Merge branch 'master' of git://github.com/drtyhlpr/rpi23-gen-image into drtyhlpr-master --- diff --git a/README.md b/README.md index 8fd9fcb..9cf40d3 100644 --- a/README.md +++ b/README.md @@ -1,17 +1,24 @@ # rpi23-gen-image ## Introduction +<<<<<<< HEAD `rpi23-gen-image.sh` is an advanced Debian Linux bootstrapping shell script for generating Debian OS images for Raspberry Pi 2 (RPi2) and Raspberry Pi 3 (RPi3) computers. The script at this time supports the bootstrapping of the Debian (armhf) releases `jessie`, `stretch` and `buster`. Raspberry Pi 3 images are generated for 32-bit mode only. Raspberry Pi 3 64-bit images can be generated using custom configuration parameters (```templates/rpi3-stretch-arm64-4.11.y```). +======= +`rpi23-gen-image.sh` is an advanced Debian Linux bootstrapping shell script for generating Debian OS images for all Raspberry Pi computers. The script at this time supports the bootstrapping of the Debian (armhf/armel) releases `stretch` and `buster`. Raspberry Pi 0/1/2/3/4 images are generated for 32-bit mode only. Raspberry Pi 3 supports 64-bit images that can be generated using custom configuration parameters (```templates/rpi3-stretch-arm64-4.14.y```). +>>>>>>> af203dbe173e4e5ca755058b3284dc61375ca579 ## Build dependencies The following list of Debian packages must be installed on the build system because they are essentially required for the bootstrapping process. The script will check if all required packages are installed and missing packages will be installed automatically if confirmed by the user. ```debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git bc psmisc dbus sudo``` +<<<<<<< HEAD It is recommended to configure the `rpi23-gen-image.sh` script to build and install the latest Raspberry Pi Linux kernel. For the Raspberry 3 this is mandatory. Kernel compilation and linking will be performed on the build system using an ARM (armhf/armel) cross-compiler toolchain. +======= +>>>>>>> af203dbe173e4e5ca755058b3284dc61375ca579 It is recommended to configure the `rpi23-gen-image.sh` script to build and install the latest Raspberry Pi Linux kernel. For the Raspberry 3 this is mandatory. Kernel compilation and linking will be performed on the build system using an ARM (armhf/armel/aarch64) cross-compiler toolchain. The script has been tested using the default `crossbuild-essential-armhf` and `crossbuild-essential-armel` toolchain meta packages on Debian Linux `stretch` build systems. Please check the [Debian CrossToolchains Wiki](https://wiki.debian.org/CrossToolchains) for further information. @@ -66,7 +73,10 @@ A comma-separated list of additional packages to be installed by apt after boots #### General system settings: ##### `SET_ARCH`=32 +<<<<<<< HEAD Set Architecture to default 32bit. If you want to compile 64-bit (RPI3 or RPI3+) set it to `64`. This option will set every needed cross-compiler or board specific option for a successful build. +======= +>>>>>>> af203dbe173e4e5ca755058b3284dc61375ca579 Set Architecture to default 32bit. If you want to compile 64-bit (RPI3/RPI3+/RPI4) set it to `64`. This option will set every needed cross-compiler or board specific option for a successful build. ##### `RPI_MODEL`=2 @@ -321,7 +331,10 @@ Add SSH (v2) public key(s) from specified file to `authorized_keys` file to enab #### Kernel compilation: ##### `BUILD_KERNEL`=true +<<<<<<< HEAD Build and install the latest RPi 0/1/2/3 Linux kernel. Currently only the default RPi 0/1/2/3 kernel configuration is used. +======= +>>>>>>> af203dbe173e4e5ca755058b3284dc61375ca579 Build and install the latest RPi 0/1/2/3/4 Linux kernel. The default RPi 0/1/2/3/ kernel configuration is used most of the time. ENABLE_NEXMON - Changes Kernel Source to [https://github.com/Re4son/](Kali Linux Kernel) Precompiled 32bit kernel for RPI0/1/2/3 by [https://github.com/hypriot/](hypriot) @@ -456,7 +469,10 @@ Set password of the encrypted root partition. This parameter is mandatory if `EN ##### `CRYPTFS_MAPPING`="secure" Set name of dm-crypt managed device-mapper mapping. +<<<<<<< HEAD ##### `CRYPTFS_CIPHER`="aes-xts-plain64:sha512" +======= +>>>>>>> af203dbe173e4e5ca755058b3284dc61375ca579 ##### `CRYPTFS_CIPHER`="aes-xts-plain64" Set cipher specification string. `aes-xts*` ciphers are strongly recommended. diff --git a/bootstrap.d/13-kernel.sh b/bootstrap.d/13-kernel.sh index 536ced0..2802792 100644 --- a/bootstrap.d/13-kernel.sh +++ b/bootstrap.d/13-kernel.sh @@ -52,6 +52,11 @@ if [ "$BUILD_KERNEL" = true ] ; then if [ "$KERNEL_THREADS" = "1" ] && [ -r /proc/cpuinfo ] ; then KERNEL_THREADS=$(grep -c processor /proc/cpuinfo) fi + + #Copy 32bit config to 64bit + if [ "$ENABLE_QEMU" = true ] && [ "$KERNEL_ARCH" = arm64 ]; then + cp "${KERNEL_DIR}"/arch/arm/configs/vexpress_defconfig "${KERNEL_DIR}"/arch/arm64/configs/ + fi # Configure and build kernel if [ "$KERNELSRC_PREBUILT" = false ] ; then @@ -98,13 +103,38 @@ if [ "$BUILD_KERNEL" = true ] ; then #Switch to KERNELSRC_DIR so we can use set_kernel_config cd "${KERNEL_DIR}" || exit - if [ "$KERNEL_ARCH" = arm64 ] ; then + # Enable RPI POE HAT fan + if [ "$KERNEL_POEHAT" = true ]; then + set_kernel_config CONFIG_SENSORS_RPI_POE_FAN m + fi + + # Enable per-interface network priority control + # (for systemd-nspawn) + if [ "$KERNEL_NSPAN" = true ]; then + set_kernel_config CONFIG_CGROUP_NET_PRIO y + fi + + # Compile in BTRFS + if [ "$KERNEL_BTRFS" = true ]; then + set_kernel_config CONFIG_BTRFS_FS y + set_kernel_config CONFIG_BTRFS_FS_POSIX_ACL y + set_kernel_config CONFIG_BTRFS_FS_REF_VERIFY y + fi + + # Diffie-Hellman operations on retained keys + # (required for >keyutils-1.6) + if [ "$KERNEL_DHKEY" = true ]; then + set_kernel_config CONFIG_KEY_DH_OPERATIONS y + fi + + if [ "$KERNEL_ARCH" = arm64 ] && [ "$ENABLE_QEMU" = false ]; then + # Mask this temporarily during switch to rpi-4.19.y #Fix SD_DRIVER upstream and downstream mess in 64bit RPIdeb_config # use correct driver MMC_BCM2835_MMC instead of MMC_BCM2835_SDHOST - see https://www.raspberrypi.org/forums/viewtopic.php?t=210225 - set_kernel_config CONFIG_MMC_BCM2835 n - set_kernel_config CONFIG_MMC_SDHCI_IPROC n - set_kernel_config CONFIG_USB_DWC2 n - sed -i "s|depends on MMC_BCM2835_MMC && MMC_BCM2835_DMA|depends on MMC_BCM2835_MMC|" "${KERNEL_DIR}"/drivers/mmc/host/Kconfig + #set_kernel_config CONFIG_MMC_BCM2835 n + #set_kernel_config CONFIG_MMC_SDHCI_IPROC n + #set_kernel_config CONFIG_USB_DWC2 n + #sed -i "s|depends on MMC_BCM2835_MMC && MMC_BCM2835_DMA|depends on MMC_BCM2835_MMC|" "${KERNEL_DIR}"/drivers/mmc/host/Kconfig #VLAN got disabled without reason in arm64bit set_kernel_config CONFIG_IPVLAN m @@ -118,12 +148,234 @@ if [ "$BUILD_KERNEL" = true ] ; then set_kernel_config CONFIG_Z3FOLD y set_kernel_config CONFIG_ZSMALLOC y set_kernel_config CONFIG_PGTABLE_MAPPING y - set_kernel_config CONFIG_LZO_COMPRESS y - + set_kernel_config CONFIG_LZO_COMPRESS y + fi + + if [ "$RPI_MODEL" = 4 ] ; then + # Following are set in current 32-bit LPAE kernel + set_kernel_config CONFIG_CGROUP_PIDS y + set_kernel_config CONFIG_NET_IPVTI m + set_kernel_config CONFIG_NF_TABLES_SET m + set_kernel_config CONFIG_NF_TABLES_INET y + set_kernel_config CONFIG_NF_TABLES_NETDEV y + set_kernel_config CONFIG_NF_FLOW_TABLE m + set_kernel_config CONFIG_NFT_FLOW_OFFLOAD m + set_kernel_config CONFIG_NFT_CONNLIMIT m + set_kernel_config CONFIG_NFT_TUNNEL m + set_kernel_config CONFIG_NFT_OBJREF m + set_kernel_config CONFIG_NFT_FIB_IPV4 m + set_kernel_config CONFIG_NFT_FIB_IPV6 m + set_kernel_config CONFIG_NFT_FIB_INET m + set_kernel_config CONFIG_NFT_SOCKET m + set_kernel_config CONFIG_NFT_OSF m + set_kernel_config CONFIG_NFT_TPROXY m + set_kernel_config CONFIG_NF_DUP_NETDEV m + set_kernel_config CONFIG_NFT_DUP_NETDEV m + set_kernel_config CONFIG_NFT_FWD_NETDEV m + set_kernel_config CONFIG_NFT_FIB_NETDEV m + set_kernel_config CONFIG_NF_FLOW_TABLE_INET m + set_kernel_config CONFIG_NF_FLOW_TABLE m + set_kernel_config CONFIG_NETFILTER_XT_MATCH_SOCKET m + set_kernel_config CONFIG_NFT_CHAIN_ROUTE_IPV6 m + set_kernel_config CONFIG_NFT_CHAIN_NAT_IPV6 m + set_kernel_config CONFIG_NFT_MASQ_IPV6 m + set_kernel_config CONFIG_NFT_REDIR_IPV6 m + set_kernel_config CONFIG_NFT_REJECT_IPV6 m + set_kernel_config CONFIG_NFT_DUP_IPV6 m + set_kernel_config CONFIG_NFT_FIB_IPV6 m + set_kernel_config CONFIG_NF_FLOW_TABLE_IPV6 m + set_kernel_config CONFIG_NF_TABLES_BRIDGE m + set_kernel_config CONFIG_NFT_BRIDGE_REJECT m + set_kernel_config CONFIG_NF_LOG_BRIDGE m + set_kernel_config CONFIG_MT76_CORE m + set_kernel_config CONFIG_MT76_LEDS m + set_kernel_config CONFIG_MT76_USB m + set_kernel_config CONFIG_MT76x2_COMMON m + set_kernel_config CONFIG_MT76x0U m + set_kernel_config CONFIG_MT76x2U m + set_kernel_config CONFIG_TOUCHSCREEN_ILI210X m + set_kernel_config CONFIG_BCM_VC_SM m + set_kernel_config CONFIG_BCM2835_SMI_DEV m + set_kernel_config CONFIG_RPIVID_MEM m + set_kernel_config CONFIG_HW_RANDOM_BCM2835 y + set_kernel_config CONFIG_TCG_TPM m + set_kernel_config CONFIG_HW_RANDOM_TPM y + set_kernel_config CONFIG_TCG_TIS m + set_kernel_config CONFIG_TCG_TIS_SPI m + set_kernel_config CONFIG_I2C_MUX m + set_kernel_config CONFIG_I2C_MUX_GPMUX m + set_kernel_config CONFIG_I2C_MUX_PCA954x m + set_kernel_config CONFIG_SPI_GPIO m + set_kernel_config CONFIG_BATTERY_MAX17040 m + set_kernel_config CONFIG_SENSORS_GPIO_FAN m + set_kernel_config CONFIG_SENSORS_RASPBERRYPI_HWMON m + set_kernel_config CONFIG_BCM2835_THERMAL y + set_kernel_config CONFIG_RC_CORE y + set_kernel_config CONFIG_RC_MAP y + set_kernel_config CONFIG_LIRC y + set_kernel_config CONFIG_RC_DECODERS y + set_kernel_config CONFIG_IR_NEC_DECODER m + set_kernel_config CONFIG_IR_RC5_DECODER m + set_kernel_config CONFIG_IR_RC6_DECODER m + set_kernel_config CONFIG_IR_JVC_DECODER m + set_kernel_config CONFIG_IR_SONY_DECODER m + set_kernel_config CONFIG_IR_SANYO_DECODER m + set_kernel_config CONFIG_IR_SHARP_DECODER m + set_kernel_config CONFIG_IR_MCE_KBD_DECODER m + set_kernel_config CONFIG_IR_XMP_DECODER m + set_kernel_config CONFIG_IR_IMON_DECODER m + set_kernel_config CONFIG_RC_DEVICES y + set_kernel_config CONFIG_RC_ATI_REMOTE m + set_kernel_config CONFIG_IR_IMON m + set_kernel_config CONFIG_IR_MCEUSB m + set_kernel_config CONFIG_IR_REDRAT3 m + set_kernel_config CONFIG_IR_STREAMZAP m + set_kernel_config CONFIG_IR_IGUANA m + set_kernel_config CONFIG_IR_TTUSBIR m + set_kernel_config CONFIG_RC_LOOPBACK m + set_kernel_config CONFIG_IR_GPIO_CIR m + set_kernel_config CONFIG_IR_GPIO_TX m + set_kernel_config CONFIG_IR_PWM_TX m + set_kernel_config CONFIG_VIDEO_V4L2_SUBDEV_API y + set_kernel_config CONFIG_VIDEO_AU0828_RC y + set_kernel_config CONFIG_VIDEO_CX231XX m + set_kernel_config CONFIG_VIDEO_CX231XX_RC y + set_kernel_config CONFIG_VIDEO_CX231XX_ALSA m + set_kernel_config CONFIG_VIDEO_CX231XX_DVB m + set_kernel_config CONFIG_VIDEO_TM6000 m + set_kernel_config CONFIG_VIDEO_TM6000_ALSA m + set_kernel_config CONFIG_VIDEO_TM6000_DVB m + set_kernel_config CONFIG_DVB_USB m + set_kernel_config CONFIG_DVB_USB_DIB3000MC m + set_kernel_config CONFIG_DVB_USB_A800 m + set_kernel_config CONFIG_DVB_USB_DIBUSB_MB m + set_kernel_config CONFIG_DVB_USB_DIBUSB_MB_FAULTY y + set_kernel_config CONFIG_DVB_USB_DIBUSB_MC m + set_kernel_config CONFIG_DVB_USB_DIB0700 m + set_kernel_config CONFIG_DVB_USB_UMT_010 m + set_kernel_config CONFIG_DVB_USB_CXUSB m + set_kernel_config CONFIG_DVB_USB_M920X m + set_kernel_config CONFIG_DVB_USB_DIGITV m + set_kernel_config CONFIG_DVB_USB_VP7045 m + set_kernel_config CONFIG_DVB_USB_VP702X m + set_kernel_config CONFIG_DVB_USB_GP8PSK m + set_kernel_config CONFIG_DVB_USB_NOVA_T_USB2 m + set_kernel_config CONFIG_DVB_USB_TTUSB2 m + set_kernel_config CONFIG_DVB_USB_DTT200U m + set_kernel_config CONFIG_DVB_USB_OPERA1 m + set_kernel_config CONFIG_DVB_USB_AF9005 m + set_kernel_config CONFIG_DVB_USB_AF9005_REMOTE m + set_kernel_config CONFIG_DVB_USB_PCTV452E m + set_kernel_config CONFIG_DVB_USB_DW2102 m + set_kernel_config CONFIG_DVB_USB_CINERGY_T2 m + set_kernel_config CONFIG_DVB_USB_DTV5100 m + set_kernel_config CONFIG_DVB_USB_AZ6027 m + set_kernel_config CONFIG_DVB_USB_TECHNISAT_USB2 m + set_kernel_config CONFIG_DVB_USB_AF9015 m + set_kernel_config CONFIG_DVB_USB_LME2510 m + set_kernel_config CONFIG_DVB_USB_RTL28XXU m + set_kernel_config CONFIG_VIDEO_EM28XX_RC m + set_kernel_config CONFIG_SMS_SIANO_RC m + set_kernel_config CONFIG_VIDEO_IR_I2C m + set_kernel_config CONFIG_VIDEO_ADV7180 m + set_kernel_config CONFIG_VIDEO_TC358743 m + set_kernel_config CONFIG_VIDEO_OV5647 m + set_kernel_config CONFIG_DVB_M88DS3103 m + set_kernel_config CONFIG_DVB_AF9013 m + set_kernel_config CONFIG_DVB_RTL2830 m + set_kernel_config CONFIG_DVB_RTL2832 m + set_kernel_config CONFIG_DVB_SI2168 m + set_kernel_config CONFIG_DVB_GP8PSK_FE m + set_kernel_config CONFIG_DVB_USB m + set_kernel_config CONFIG_DVB_LGDT3306A m + set_kernel_config CONFIG_FB_SIMPLE y + set_kernel_config CONFIG_SND_BCM2708_SOC_IQAUDIO_CODEC m + set_kernel_config CONFIG_SND_BCM2708_SOC_I_SABRE_Q2M m + set_kernel_config CONFIG_SND_AUDIOSENSE_PI m + set_kernel_config CONFIG_SND_SOC_AD193X m + set_kernel_config CONFIG_SND_SOC_AD193X_SPI m + set_kernel_config CONFIG_SND_SOC_AD193X_I2C m + set_kernel_config CONFIG_SND_SOC_CS4265 m + set_kernel_config CONFIG_SND_SOC_DA7213 m + set_kernel_config CONFIG_SND_SOC_ICS43432 m + set_kernel_config CONFIG_SND_SOC_TLV320AIC32X4 m + set_kernel_config CONFIG_SND_SOC_TLV320AIC32X4_I2C m + set_kernel_config CONFIG_SND_SOC_I_SABRE_CODEC m + set_kernel_config CONFIG_HID_BIGBEN_FF m + #set_kernel_config CONFIG_USB_XHCI_PLATFORM y + set_kernel_config CONFIG_USB_TMC m + set_kernel_config CONFIG_USB_UAS y + set_kernel_config CONFIG_USBIP_VUDC m + set_kernel_config CONFIG_USB_CONFIGFS m + set_kernel_config CONFIG_USB_CONFIGFS_SERIAL y + set_kernel_config CONFIG_USB_CONFIGFS_ACM y + set_kernel_config CONFIG_USB_CONFIGFS_OBEX y + set_kernel_config CONFIG_USB_CONFIGFS_NCM y + set_kernel_config CONFIG_USB_CONFIGFS_ECM y + set_kernel_config CONFIG_USB_CONFIGFS_ECM_SUBSET y + set_kernel_config CONFIG_USB_CONFIGFS_RNDIS y + set_kernel_config CONFIG_USB_CONFIGFS_EEM y + set_kernel_config CONFIG_USB_CONFIGFS_MASS_STORAGE y + set_kernel_config CONFIG_USB_CONFIGFS_F_LB_SS y + set_kernel_config CONFIG_USB_CONFIGFS_F_FS y + set_kernel_config CONFIG_USB_CONFIGFS_F_UAC1 y + set_kernel_config CONFIG_USB_CONFIGFS_F_UAC2 y + set_kernel_config CONFIG_USB_CONFIGFS_F_MIDI y + set_kernel_config CONFIG_USB_CONFIGFS_F_HID y + set_kernel_config CONFIG_USB_CONFIGFS_F_UVC y + set_kernel_config CONFIG_USB_CONFIGFS_F_PRINTER y + set_kernel_config CONFIG_LEDS_PCA963X m + set_kernel_config CONFIG_LEDS_IS31FL32XX m + set_kernel_config CONFIG_LEDS_TRIGGER_NETDEV m + set_kernel_config CONFIG_RTC_DRV_RV3028 m + set_kernel_config CONFIG_AUXDISPLAY y + set_kernel_config CONFIG_HD44780 m + set_kernel_config CONFIG_FB_TFT_SH1106 m + set_kernel_config CONFIG_VIDEO_CODEC_BCM2835 m + set_kernel_config CONFIG_BCM2835_POWER y + set_kernel_config CONFIG_INV_MPU6050_IIO m + set_kernel_config CONFIG_INV_MPU6050_I2C m + set_kernel_config CONFIG_SECURITYFS y + + # Safer to build this in + set_kernel_config CONFIG_BINFMT_MISC y + + # pulseaudio wants a buffer of at least this size + set_kernel_config CONFIG_SND_HDA_PREALLOC_SIZE 2048 + + # PR#3063: enable 3D acceleration with 64-bit kernel on RPi4 + # set the appropriate kernel configs unlocked by this PR + set_kernel_config CONFIG_ARCH_BCM y + set_kernel_config CONFIG_ARCH_BCM2835 y + set_kernel_config CONFIG_DRM_V3D m + set_kernel_config CONFIG_DRM_VC4 m + set_kernel_config CONFIG_DRM_VC4_HDMI_CEC y + + # PR#3144: add arm64 pcie bounce buffers; enables 4GiB on RPi4 + # required by PR#3144; should already be applied, but just to be safe + set_kernel_config CONFIG_PCIE_BRCMSTB y + set_kernel_config CONFIG_BCM2835_MMC y + + # Snap needs squashfs. The ubuntu eoan-preinstalled-server image at + # http://cdimage.ubuntu.com/ubuntu-server/daily-preinstalled/current/ uses snap + # during cloud-init setup at first boot. Without this the login accounts are not + # created and the user can not login. + set_kernel_config CONFIG_SQUASHFS y + + # Ceph support for Block Device (RBD) and Filesystem (FS) + # https://docs.ceph.com/docs/master/ + set_kernel_config CONFIG_CEPH_LIB m + set_kernel_config CONFIG_CEPH_LIB_USE_DNS_RESOLVER y + set_kernel_config CONFIG_CEPH_FS m + set_kernel_config CONFIG_CEPH_FSCACHE y + set_kernel_config CONFIG_CEPH_FS_POSIX_ACL y + set_kernel_config CONFIG_BLK_DEV_RBD m fi # enable basic KVM support; see https://www.raspberrypi.org/forums/viewtopic.php?f=63&t=210546&start=25#p1300453 - if [ "$KERNEL_VIRT" = true ] && { [ "$RPI_MODEL" = 2 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; } ; then + if [ "$KERNEL_VIRT" = true ] && { [ "$RPI_MODEL" = 2 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] || [ "$RPI_MODEL" = 4 ]; } ; then + set_kernel_config CONFIG_HAVE_KVM y + set_kernel_config CONFIG_HIGH_RES_TIMERS y set_kernel_config CONFIG_HAVE_KVM_IRQCHIP y set_kernel_config CONFIG_HAVE_KVM_ARCH_TLB_FLUSH_ALL y set_kernel_config CONFIG_HAVE_KVM_CPU_RELAX_INTERCEPT y @@ -138,11 +390,13 @@ if [ "$BUILD_KERNEL" = true ] ; then set_kernel_config CONFIG_KVM_GENERIC_DIRTYLOG_READ_PROTECT y set_kernel_config CONFIG_KVM_MMIO y set_kernel_config CONFIG_KVM_VFIO y + set_kernel_config CONFIG_KVM_MMU_AUDIT y set_kernel_config CONFIG_VHOST m set_kernel_config CONFIG_VHOST_CROSS_ENDIAN_LEGACY y set_kernel_config CONFIG_VHOST_NET m set_kernel_config CONFIG_VIRTUALIZATION y - + set_kernel_config CONFIG_SLAB_FREELIST_RANDOM=y + set_kernel_config CONFIG_SLAB_FREELIST_HARDENED=y set_kernel_config CONFIG_MMU_NOTIFIER y # erratum @@ -193,12 +447,6 @@ if [ "$BUILD_KERNEL" = true ] ; then set_kernel_config CONFIG_SECURITY_PATH y set_kernel_config CONFIG_SECURITY_YAMA n - # New Options - if [ "$KERNEL_NF" = true ] ; then - set_kernel_config CONFIG_IP_NF_SECURITY m - set_kernel_config CONFIG_NETLABEL y - set_kernel_config CONFIG_IP6_NF_SECURITY m - fi set_kernel_config CONFIG_SECURITY_SELINUX n set_kernel_config CONFIG_SECURITY_SMACK n set_kernel_config CONFIG_SECURITY_TOMOYO n @@ -211,7 +459,6 @@ if [ "$BUILD_KERNEL" = true ] ; then set_kernel_config CONFIG_NFSD_V4_SECURITY_LABEL y set_kernel_config CONFIG_PKCS7_MESSAGE_PARSER y set_kernel_config CONFIG_SYSTEM_TRUSTED_KEYRING y - set_kernel_config CONFIG_SYSTEM_TRUSTED_KEYS y set_kernel_config CONFIG_SYSTEM_EXTRA_CERTIFICATE y set_kernel_config CONFIG_SECONDARY_TRUSTED_KEYRING y set_kernel_config CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY n @@ -233,11 +480,13 @@ if [ "$BUILD_KERNEL" = true ] ; then set_kernel_config CONFIG_CRYPTO_AES_ARM64_NEON_BLK m set_kernel_config CONFIG_CRYPTO_CHACHA20_NEON m set_kernel_config CONFIG_CRYPTO_AES_ARM64_BS m - set_kernel_config SYSTEM_TRUSTED_KEYS fi # Netfilter kernel support See https://github.com/raspberrypi/linux/issues/2177#issuecomment-354647406 if [ "$KERNEL_NF" = true ] ; then + set_kernel_config CONFIG_IP_NF_SECURITY m + set_kernel_config CONFIG_NETLABEL y + set_kernel_config CONFIG_IP6_NF_SECURITY m set_kernel_config CONFIG_IP_NF_TARGET_SYNPROXY m set_kernel_config CONFIG_NETFILTER_XT_TARGET_AUDIT m set_kernel_config CONFIG_NETFILTER_XT_MATCH_CGROUP m @@ -263,7 +512,6 @@ if [ "$BUILD_KERNEL" = true ] ; then set_kernel_config CONFIG_IP6_NF_NAT m set_kernel_config CONFIG_IP6_NF_TARGET_MASQUERADE m set_kernel_config CONFIG_IP6_NF_TARGET_NPT m - set_kernel_config CONFIG_IP_NF_SECURITY m set_kernel_config CONFIG_IP_SET_BITMAP_IPMAC m set_kernel_config CONFIG_IP_SET_BITMAP_PORT m set_kernel_config CONFIG_IP_SET_HASH_IP m @@ -326,11 +574,11 @@ if [ "$BUILD_KERNEL" = true ] ; then set_kernel_config CONFIG_NF_LOG_IPV6 m set_kernel_config CONFIG_NF_NAT_IPV4 m set_kernel_config CONFIG_NF_NAT_IPV6 m - set_kernel_config CONFIG_NF_NAT_MASQUERADE_IPV4 m - set_kernel_config CONFIG_NF_NAT_MASQUERADE_IPV6 m + set_kernel_config CONFIG_NF_NAT_MASQUERADE_IPV4 y + set_kernel_config CONFIG_NF_NAT_MASQUERADE_IPV6 y set_kernel_config CONFIG_NF_NAT_PPTP m set_kernel_config CONFIG_NF_NAT_PROTO_GRE m - set_kernel_config CONFIG_NF_NAT_REDIRECT m + set_kernel_config CONFIG_NF_NAT_REDIRECT y set_kernel_config CONFIG_NF_NAT_SIP m set_kernel_config CONFIG_NF_NAT_SNMP_BASIC m set_kernel_config CONFIG_NF_NAT_TFTP m @@ -340,17 +588,35 @@ if [ "$BUILD_KERNEL" = true ] ; then set_kernel_config CONFIG_NF_TABLES_ARP m set_kernel_config CONFIG_NF_TABLES_BRIDGE m set_kernel_config CONFIG_NF_TABLES_INET m - set_kernel_config CONFIG_NF_TABLES_IPV4 m - set_kernel_config CONFIG_NF_TABLES_IPV6 m + set_kernel_config CONFIG_NF_TABLES_IPV4 y + set_kernel_config CONFIG_NF_TABLES_IPV6 y set_kernel_config CONFIG_NF_TABLES_NETDEV m + set_kernel_config CONFIG_NF_TABLES_SET m + set_kernel_config CONFIG_NF_TABLES_INET y + set_kernel_config CONFIG_NF_TABLES_NETDEV y + set_kernel_config CONFIG_NFT_CONNLIMIT m + set_kernel_config CONFIG_NFT_TUNNEL m + set_kernel_config CONFIG_NFT_SOCKET m + set_kernel_config CONFIG_NFT_TPROXY m + set_kernel_config CONFIG_NF_FLOW_TABLE m + set_kernel_config CONFIG_NFT_FLOW_OFFLOAD m + set_kernel_config CONFIG_NF_FLOW_TABLE_INET m + set_kernel_config CONFIG_NF_TABLES_ARP y + set_kernel_config CONFIG_NF_FLOW_TABLE_IPV4 y + set_kernel_config CONFIG_NF_FLOW_TABLE_IPV6 y + set_kernel_config CONFIG_NF_TABLES_BRIDGE y + set_kernel_config CONFIG_NF_CT_NETLINK_TIMEOUT m + set_kernel_config CONFIG_NFT_OSF m + fi # Enables BPF syscall for systemd-journald see https://github.com/torvalds/linux/blob/master/init/Kconfig#L848 or https://groups.google.com/forum/#!topic/linux.gentoo.user/_2aSc_ztGpA if [ "$KERNEL_BPF" = true ] ; then set_kernel_config CONFIG_BPF_SYSCALL y - set_kernel_config CONFIG_BPF_EVENTS y - set_kernel_config CONFIG_BPF_STREAM_PARSER y + set_kernel_config CONFIG_BPF_EVENTS y + set_kernel_config CONFIG_BPF_STREAM_PARSER y set_kernel_config CONFIG_CGROUP_BPF y + set_kernel_config CONFIG_XDP_SOCKETS y fi # KERNEL_DEFAULT_GOV was set by user @@ -358,10 +624,10 @@ if [ "$BUILD_KERNEL" = true ] ; then case "$KERNEL_DEFAULT_GOV" in performance) - set_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_PERFORMANCE y + set_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_PERFORMANCE y ;; userspace) - set_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_USERSPACE y + set_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_USERSPACE y ;; ondemand) set_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_ONDEMAND y @@ -537,20 +803,28 @@ if [ "$BUILD_KERNEL" = true ] ; then fi else # BUILD_KERNEL=false - if [ "$SET_ARCH" = 64 ] && { [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; } ; then - - # Use Sakakis modified kernel if ZSWAP is active - if [ "$KERNEL_ZSWAP" = true ] || [ "$KERNEL_VIRT" = true ] || [ "$KERNEL_NF" = true ] || [ "$KERNEL_BPF" = true ] ; then - RPI3_64_KERNEL_URL="${RPI3_64_BIS_KERNEL_URL}" - fi + if [ "$SET_ARCH" = 64 ] ; then + if [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then + # Use Sakakis modified kernel if ZSWAP is active + if [ "$KERNEL_ZSWAP" = true ] || [ "$KERNEL_VIRT" = true ] || [ "$KERNEL_NF" = true ] || [ "$KERNEL_BPF" = true ] ; then + RPI3_64_KERNEL_URL="${RPI3_64_BIS_KERNEL_URL}" + fi - # Create temporary directory for dl - temp_dir=$(as_nobody mktemp -d) + # Create temporary directory for dl + temp_dir=$(as_nobody mktemp -d) - # Fetch kernel dl - as_nobody wget -O "${temp_dir}"/kernel.tar.xz -c "$RPI3_64_KERNEL_URL" + # Fetch kernel dl + as_nobody wget -O "${temp_dir}"/kernel.tar.xz -c "$RPI3_64_KERNEL_URL" + fi + if [ "$SET_ARCH" = 64 ] && [ "$RPI_MODEL" = 4 ] ; then + # Create temporary directory for dl + temp_dir=$(as_nobody mktemp -d) - #extract download + # Fetch kernel dl + as_nobody wget -O "${temp_dir}"/kernel.tar.xz -c "$RPI4_64_KERNEL_URL" + fi + + #extract download tar -xJf "${temp_dir}"/kernel.tar.xz -C "${temp_dir}" #move extracted kernel to /boot/firmware @@ -566,15 +840,15 @@ else # BUILD_KERNEL=false chown -R root:root "${R}/lib/modules" fi - # Install Kernel from hypriot comptabile with all Raspberry PI - if [ "$SET_ARCH" = 32 ] ; then + # Install Kernel from hypriot comptabile with all Raspberry PI (dunno if its compatible with RPI4 - better compile your own kernel) + if [ "$SET_ARCH" = 32 ] && [ "$RPI_MODEL" != 4 ] ; then # Create temporary directory for dl temp_dir=$(as_nobody mktemp -d) # Fetch kernel as_nobody wget -O "${temp_dir}"/kernel.deb -c "$RPI_32_KERNEL_URL" - # Copy downloaded U-Boot sources + # Copy downloaded kernel package mv "${temp_dir}"/kernel.deb "${R}"/tmp/kernel.deb # Set permissions diff --git a/bootstrap.d/14-fstab.sh b/bootstrap.d/14-fstab.sh index 2ca1567..55f201c 100644 --- a/bootstrap.d/14-fstab.sh +++ b/bootstrap.d/14-fstab.sh @@ -92,11 +92,17 @@ if [ "$ENABLE_INITRAMFS" = true ] ; then fi # Add cryptsetup modules to initramfs +<<<<<<< HEAD printf "#\n# CRYPTSETUP: [ y | n ]\n#\n\nCRYPTSETUP=y\n" >> "${ETC_DIR}/initramfs-tools/conf-hook" #printf "#\n# CRYPTSETUP: [ y | n ]\n#\n\nCRYPTSETUP=y\n" >> "${ETC_DIR}/initramfs-tools/conf-hook" # Dummy mapping required by mkinitramfs echo "0 1 crypt $(echo "${CRYPTFS_CIPHER}" | cut -d ':' -f 1) ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff 0 7:0 4096" | chroot_exec dmsetup create "${CRYPTFS_MAPPING}" +======= + #printf "#\n# CRYPTSETUP: [ y | n ]\n#\n\nCRYPTSETUP=y\n" >> "${ETC_DIR}/initramfs-tools/conf-hook" + + # Dummy mapping required by mkinitramfs +>>>>>>> af203dbe173e4e5ca755058b3284dc61375ca579 echo "0 1 crypt "${CRYPTFS_CIPHER}" ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff 0 7:0 4096" | chroot_exec dmsetup create "${CRYPTFS_MAPPING}" # Generate initramfs with encrypted root partition support diff --git a/bootstrap.d/15-rpi-config.sh b/bootstrap.d/15-rpi-config.sh index a35279e..b146efe 100644 --- a/bootstrap.d/15-rpi-config.sh +++ b/bootstrap.d/15-rpi-config.sh @@ -112,7 +112,10 @@ if [ "$ENABLE_TURBO" = true ] ; then echo "boot_delay=1" >> "${BOOT_DIR}/config.txt" fi +<<<<<<< HEAD if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then +======= +>>>>>>> af203dbe173e4e5ca755058b3284dc61375ca579 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] || [ "$RPI_MODEL" = 4 ]; then # Bluetooth enabled @@ -126,10 +129,6 @@ if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] || [ "$ # Copy downloaded sources mv "${temp_dir}/pi-bluetooth" "${R}/tmp/" - # Bluetooth firmware from arch aur https://aur.archlinux.org/packages/pi-bluetooth/ - as_nobody wget -q -O "${R}/tmp/pi-bluetooth/LICENCE.broadcom_bcm43xx" https://aur.archlinux.org/cgit/aur.git/plain/LICENCE.broadcom_bcm43xx?h=pi-bluetooth - as_nobody wget -q -O "${R}/tmp/pi-bluetooth/BCM43430A1.hcd" https://raw.githubusercontent.com/RPi-Distro/bluez-firmware/master/broadcom/BCM43430A1.hcd - # Set permissions chown -R root:root "${R}/tmp/pi-bluetooth" @@ -215,7 +214,10 @@ if [ "$ENABLE_SYSTEMDSWAP" = true ] ; then # Change into downloaded src dir cd "${R}/tmp/systemd-swap" || exit +<<<<<<< HEAD +======= +>>>>>>> af203dbe173e4e5ca755058b3284dc61375ca579 # Get Verion VERSION=$(git tag | tail -n 1) @@ -231,7 +233,10 @@ if [ "$ENABLE_SYSTEMDSWAP" = true ] ; then chown -R root:root "${R}/tmp/systemd-swap" # Install package - IMPROVE AND MAKE IT POSSIBLE WITHOUT VERSION NR. +<<<<<<< HEAD chroot_exec dpkg -i /tmp/systemd-swap/systemd-swap_4.0.1_any.deb +======= +>>>>>>> af203dbe173e4e5ca755058b3284dc61375ca579 chroot_exec dpkg -i /tmp/systemd-swap/systemd-swap_"$VERSION"_all.deb # Enable service diff --git a/bootstrap.d/20-networking.sh b/bootstrap.d/20-networking.sh index 2b9450c..d698a1f 100644 --- a/bootstrap.d/20-networking.sh +++ b/bootstrap.d/20-networking.sh @@ -106,7 +106,10 @@ if [ "$ENABLE_WIRELESS" = true ] ; then temp_dir=$(as_nobody mktemp -d) # Fetch firmware binary blob for RPI3B+ +<<<<<<< HEAD if [ "$RPI_MODEL" = 3P ] ; then +======= +>>>>>>> af203dbe173e4e5ca755058b3284dc61375ca579 if [ "$RPI_MODEL" = 3P ] || [ "$RPI_MODEL" = 4 ] ; then # Fetch firmware binary blob for RPi3P as_nobody wget -q -O "${temp_dir}/brcmfmac43455-sdio.bin" "${WLAN_FIRMWARE_URL}/brcmfmac43455-sdio.bin" diff --git a/bootstrap.d/43-videocore.sh b/bootstrap.d/43-videocore.sh index 9cf856f..59baa30 100644 --- a/bootstrap.d/43-videocore.sh +++ b/bootstrap.d/43-videocore.sh @@ -34,12 +34,18 @@ if [ "$ENABLE_VIDEOCORE" = true ] ; then cd "${R}"/tmp/userland/build if [ "$RELEASE_ARCH" = "arm64" ] ; then +<<<<<<< HEAD cmake -DCMAKE_SYSTEM_NAME=Linux -DCMAKE_BUILD_TYPE=release -DARM64=ON -DCMAKE_C_COMPILER=aarch64-linux-gnu-gcc -DCMAKE_CXX_COMPILER=aarch64-linux-gnu-g++ -DCMAKE_ASM_COMPILER=aarch64-linux-gnu-gcc -DCMAKE_C_FLAGS="${CMAKE_C_FLAGS} -U_FORTIFY_SOURCE" -DCMAKE_ASM_FLAGS="${CMAKE_ASM_FLAGS} -c" -DVIDEOCORE_BUILD_DIR="${R}" "${R}/tmp/userland" +======= +>>>>>>> af203dbe173e4e5ca755058b3284dc61375ca579 cmake -DCMAKE_SYSTEM_NAME=Linux -DCMAKE_BUILD_TYPE=release -DCMAKE_TOOLCHAIN_FILE="${R}"/tmp/userland/makefiles/cmake/toolchains/aarch64-linux-gnu.cmake -DARM64=ON -DCMAKE_C_COMPILER=aarch64-linux-gnu-gcc -DCMAKE_CXX_COMPILER=aarch64-linux-gnu-g++ -DCMAKE_ASM_COMPILER=aarch64-linux-gnu-gcc -DCMAKE_C_FLAGS="${CMAKE_C_FLAGS} -U_FORTIFY_SOURCE" -DCMAKE_ASM_FLAGS="${CMAKE_ASM_FLAGS} -c" -DVIDEOCORE_BUILD_DIR="${R}" "${R}/tmp/userland" fi if [ "$RELEASE_ARCH" = "armel" ] ; then +<<<<<<< HEAD cmake -DCMAKE_SYSTEM_NAME=Linux -DCMAKE_BUILD_TYPE=release -DCMAKE_C_COMPILER=arm-linux-gnueabi-gcc -DCMAKE_CXX_COMPILER=arm-linux-gnueabi-g++ -DCMAKE_ASM_COMPILER=arm-linux-gnueabi-gcc -DCMAKE_C_FLAGS="${CMAKE_C_FLAGS} -U_FORTIFY_SOURCE" -DCMAKE_ASM_FLAGS="${CMAKE_ASM_FLAGS} -c" -DCMAKE_SYSTEM_PROCESSOR="arm" -DVIDEOCORE_BUILD_DIR="${R}" "${R}/tmp/userland" +======= +>>>>>>> af203dbe173e4e5ca755058b3284dc61375ca579 cmake -DCMAKE_SYSTEM_NAME=Linux -DCMAKE_BUILD_TYPE=release -DCMAKE_TOOLCHAIN_FILE="${R}"/tmp/userland/makefiles/cmake/toolchains/arm-linux-gnueabihf.cmake -DCMAKE_C_COMPILER=arm-linux-gnueabi-gcc -DCMAKE_CXX_COMPILER=arm-linux-gnueabi-g++ -DCMAKE_ASM_COMPILER=arm-linux-gnueabi-gcc -DCMAKE_C_FLAGS="${CMAKE_C_FLAGS} -U_FORTIFY_SOURCE" -DCMAKE_ASM_FLAGS="${CMAKE_ASM_FLAGS} -c" -DCMAKE_SYSTEM_PROCESSOR="arm" -DVIDEOCORE_BUILD_DIR="${R}" "${R}/tmp/userland" fi diff --git a/bootstrap.d/44-nexmon_monitor_patch.sh b/bootstrap.d/44-nexmon_monitor_patch.sh index 3479c93..f01733b 100644 --- a/bootstrap.d/44-nexmon_monitor_patch.sh +++ b/bootstrap.d/44-nexmon_monitor_patch.sh @@ -74,7 +74,10 @@ if [ "$ENABLE_NEXMON" = true ] && [ "$ENABLE_WIRELESS" = true ]; then cp -f "${NEXMON_ROOT}"/patches/bcm43430a1/7_45_41_46/nexmon/brcmfmac43430-sdio.bin "${WLAN_FIRMWARE_DIR}"/brcmfmac43430-sdio.bin fi +<<<<<<< HEAD if [ "$RPI_MODEL" = 3P ] ; then +======= +>>>>>>> af203dbe173e4e5ca755058b3284dc61375ca579 if [ "$RPI_MODEL" = 3P ] || [ "$RPI_MODEL" = 4 ] ; then cd "${NEXMON_ROOT}"/patches/bcm43455c0/7_45_154/nexmon || exit sed -i -e 's/all:.*/all: $(RAM_FILE)/g' ${NEXMON_ROOT}/patches/bcm43455c0/7_45_154/nexmon/Makefile diff --git a/rpi23-gen-image.sh b/rpi23-gen-image.sh index 74766eb..e26a8e7 100755 --- a/rpi23-gen-image.sh +++ b/rpi23-gen-image.sh @@ -55,7 +55,6 @@ KERNEL_BRANCH=${KERNEL_BRANCH:=""} KERNEL_URL=${KERNEL_URL:=https://github.com/raspberrypi/linux} FIRMWARE_URL=${FIRMWARE_URL:=https://github.com/raspberrypi/firmware/raw/master/boot} WLAN_FIRMWARE_URL=${WLAN_FIRMWARE_URL:=https://github.com/RPi-Distro/firmware-nonfree/raw/master/brcm} -COLLABORA_URL=${COLLABORA_URL:=https://repositories.collabora.co.uk/debian} FBTURBO_URL=${FBTURBO_URL:=https://github.com/ssvb/xf86-video-fbturbo.git} UBOOT_URL=${UBOOT_URL:=https://git.denx.de/u-boot.git} VIDEOCORE_URL=${VIDEOCORE_URL:=https://github.com/raspberrypi/userland} @@ -67,10 +66,15 @@ SYSTEMDSWAP_URL=${SYSTEMDSWAP_URL:=https://github.com/Nefelim4ag/systemd-swap.gi RPI_32_KERNEL_URL=${RPI_32_KERNEL_URL:=https://github.com/hypriot/rpi-kernel/releases/download/v4.14.34/raspberrypi-kernel_20180422-141901_armhf.deb} RPI_32_KERNELHEADER_URL=${RPI_32_KERNELHEADER_URL:=https://github.com/hypriot/rpi-kernel/releases/download/v4.14.34/raspberrypi-kernel-headers_20180422-141901_armhf.deb} # Kernel has KVM and zswap enabled - use if KERNEL_* parameters and precompiled kernel are used +<<<<<<< HEAD RPI3_64_BIS_KERNEL_URL=${RPI3_64_BIS_KERNEL_URL:=https://github.com/sakaki-/bcmrpi3-kernel-bis/releases/download/4.14.80.20181113/bcmrpi3-kernel-bis-4.14.80.20181113.tar.xz} RPI3_64_BIS_KERNEL_URL=${RPI3_64_BIS_KERNEL_URL:=https://github.com/sakaki-/bcmrpi3-kernel-bis/releases/download/4.19.80.20191022/bcmrpi3-kernel-bis-4.19.80.20191022.tar.xz} # Default precompiled 64bit kernel RPI3_64_DEF_KERNEL_URL=${RPI3_64_DEF_KERNEL_URL:=https://github.com/sakaki-/bcmrpi3-kernel/releases/download/4.14.80.20181113/bcmrpi3-kernel-4.14.80.20181113.tar.xz} +======= +RPI3_64_BIS_KERNEL_URL=${RPI3_64_BIS_KERNEL_URL:=https://github.com/sakaki-/bcmrpi3-kernel-bis/releases/download/4.19.80.20191022/bcmrpi3-kernel-bis-4.19.80.20191022.tar.xz} +# Default precompiled 64bit kernel +>>>>>>> af203dbe173e4e5ca755058b3284dc61375ca579 RPI3_64_DEF_KERNEL_URL=${RPI3_64_DEF_KERNEL_URL:=https://github.com/sakaki-/bcmrpi3-kernel/releases/download/4.19.80.20191022/bcmrpi3-kernel-4.19.80.20191022.tar.xz} # Sakaki BIS Kernel RPI4 - https://github.com/sakaki-/bcm2711-kernel-bis RPI4_64_BIS_KERNEL_URL=${RPI4_64_BIS_KERNEL_URL:=https://github.com/sakaki-/bcm2711-kernel-bis/releases/download/4.19.59.20190724/bcm2711-kernel-bis-4.19.59.20190724.tar.xz} @@ -226,7 +230,10 @@ REDUCE_LOCALE=${REDUCE_LOCALE:=true} ENABLE_CRYPTFS=${ENABLE_CRYPTFS:=false} CRYPTFS_PASSWORD=${CRYPTFS_PASSWORD:=""} CRYPTFS_MAPPING=${CRYPTFS_MAPPING:="secure"} +<<<<<<< HEAD CRYPTFS_CIPHER=${CRYPTFS_CIPHER:="aes-xts-plain64:sha512"} +======= +>>>>>>> af203dbe173e4e5ca755058b3284dc61375ca579 CRYPTFS_CIPHER=${CRYPTFS_CIPHER:="aes-xts-plain64"} CRYPTFS_HASH=${CRYPTFS_HASH:="sha512"} CRYPTFS_XTSKEYSIZE=${CRYPTFS_XTSKEYSIZE:=512} @@ -240,14 +247,20 @@ CHROOT_SCRIPTS=${CHROOT_SCRIPTS:=""} # Packages required in the chroot build environment APT_INCLUDES=${APT_INCLUDES:=""} +<<<<<<< HEAD APT_INCLUDES="${APT_INCLUDES},apt-transport-https,apt-utils,ca-certificates,debian-archive-keyring,dialog,sudo,systemd,sysvinit-utils,locales,keyboard-configuration,console-setup,libnss-systemd" +======= +>>>>>>> af203dbe173e4e5ca755058b3284dc61375ca579 APT_INCLUDES="${APT_INCLUDES},flex,bison,libssl-dev,apt-transport-https,apt-utils,ca-certificates,debian-archive-keyring,dialog,sudo,systemd,sysvinit-utils,locales,keyboard-configuration,console-setup,libnss-systemd" # Packages to exclude from chroot build environment APT_EXCLUDES=${APT_EXCLUDES:=""} # Packages required for bootstrapping +<<<<<<< HEAD REQUIRED_PACKAGES="debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git bc psmisc dbus sudo" +======= +>>>>>>> af203dbe173e4e5ca755058b3284dc61375ca579 REQUIRED_PACKAGES="debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git bc psmisc dbus bison flex libssl-dev sudo" MISSING_PACKAGES="" @@ -315,7 +328,10 @@ if [ -n "$SET_ARCH" ] ; then REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-armhf" RELEASE_ARCH=${RELEASE_ARCH:=armhf} +<<<<<<< HEAD KERNEL_IMAGE=${KERNEL_IMAGE:=kernel7.img} +======= +>>>>>>> af203dbe173e4e5ca755058b3284dc61375ca579 CROSS_COMPILE=${CROSS_COMPILE:=arm-linux-gnueabihf-} fi @@ -406,7 +422,10 @@ fi # Add deps for nexmon if [ "$ENABLE_NEXMON" = true ] ; then +<<<<<<< HEAD REQUIRED_PACKAGES="${REQUIRED_PACKAGES} libgmp3-dev gawk qpdf bison flex make autoconf automake build-essential libtool" +======= +>>>>>>> af203dbe173e4e5ca755058b3284dc61375ca579 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} libgmp3-dev gawk qpdf make autoconf automake build-essential libtool" fi @@ -423,7 +442,10 @@ fi # Add cryptsetup package to enable filesystem encryption if [ "$ENABLE_CRYPTFS" = true ] && [ "$BUILD_KERNEL" = true ] ; then REQUIRED_PACKAGES="${REQUIRED_PACKAGES} cryptsetup" +<<<<<<< HEAD APT_INCLUDES="${APT_INCLUDES},cryptsetup,busybox,console-setup" +======= +>>>>>>> af203dbe173e4e5ca755058b3284dc61375ca579 APT_INCLUDES="${APT_INCLUDES},cryptsetup,busybox,console-setup,cryptsetup-initramfs" # If cryptfs,dropbear and initramfs are enabled include dropbear-initramfs package @@ -493,7 +515,10 @@ if [ -n "$MISSING_PACKAGES" ] ; then [ "$confirm" != "y" ] && exit 1 # Make sure all missing required packages are installed +<<<<<<< HEAD apt-get -qq -y install `echo "${MISSING_PACKAGES}" | sed "s/ //"` +======= +>>>>>>> af203dbe173e4e5ca755058b3284dc61375ca579 apt-get update && apt-get -qq -y install `echo "${MISSING_PACKAGES}" | sed "s/ //"` fi @@ -846,7 +871,10 @@ if [ "$ENABLE_CRYPTFS" = true ] ; then echo -n ${CRYPTFS_PASSWORD} > .password # Initialize encrypted partition +<<<<<<< HEAD echo "YES" | cryptsetup luksFormat "${ROOT_LOOP}" -c "${CRYPTFS_CIPHER}" -s "${CRYPTFS_XTSKEYSIZE}" .password +======= +>>>>>>> af203dbe173e4e5ca755058b3284dc61375ca579 cryptsetup --verbose --debug -q luksFormat "${ROOT_LOOP}" -c "${CRYPTFS_CIPHER}" -h "${CRYPTFS_HASH}" -s "${CRYPTFS_XTSKEYSIZE}" .password # Open encrypted partition and setup mapping