From 5a07e0ab6bd88c8656c3ed296c18b8b5b6411036 2018-12-16 23:13:19 From: Unknown Date: 2018-12-16 23:13:19 Subject: [PATCH] rebase master testing --- diff --git a/README.md b/README.md index d322e0c..01021c5 100644 --- a/README.md +++ b/README.md @@ -42,12 +42,15 @@ CONFIG_TEMPLATE=rpi2stretch ./rpi23-gen-image.sh ## Supported parameters and settings #### APT settings: -##### `APT_SERVER`="ftp.debian.org/debian" +##### `APT_SERVER`="ftp.debian.org" Set Debian packages server address. Choose a server from the list of Debian worldwide [mirror sites](https://www.debian.org/mirror/list). Using a nearby server will probably speed-up all required downloads within the bootstrapping process. ##### `APT_PROXY`="" Set Proxy server address. Using a local Proxy-Cache like `apt-cacher-ng` will speed-up the bootstrapping process because all required Debian packages will only be downloaded from the Debian mirror site once. If `apt-cacher-ng` is running on default `http://127.0.0.1:3142` it is autodetected and you don't need to set this. +##### `KEEP_APT_PROXY`=false +Keep the APT_PROXY settings used in the bootsrapping process in the generated image. + ##### `APT_INCLUDES`="" A comma-separated list of additional packages to be installed by debootstrap during bootstrapping. @@ -270,6 +273,15 @@ Create an initramfs that that will be loaded during the Linux startup process. ` ##### `ENABLE_IFNAMES`=true Enable automatic assignment of predictable, stable network interface names for all local Ethernet, WLAN interfaces. This might create complex and long interface names. +##### `ENABLE_SPLASH`=true +Enable default Raspberry Pi boot up rainbow splash screen. + +##### `ENABLE_LOGO`=true +Enable default Raspberry Pi console logo (image of four raspberries in the top left corner). + +##### `ENABLE_SILENT_BOOT`=false +Set the verbosity of console messages shown during boot up to a strict minimum. + ##### `DISABLE_UNDERVOLT_WARNINGS`= Disable RPi2/3 under-voltage warnings and overlays. Setting the parameter to `1` will disable the warning overlay. Setting it to `2` will additionally allow RPi2/3 turbo mode when low-voltage is present. diff --git a/bootstrap.d/13-kernel.sh b/bootstrap.d/13-kernel.sh index daa40b2..1a82ada 100644 --- a/bootstrap.d/13-kernel.sh +++ b/bootstrap.d/13-kernel.sh @@ -99,8 +99,8 @@ if [ "$BUILD_KERNEL" = true ] ; then cd "${KERNEL_DIR}" || exit if [ "$KERNEL_ARCH" = arm64 ] ; then - #Fix SD_DRIVER mess in 64bit config - # use correct driver MMC_BCM2835_MMC instead of MMC_BCM2835_SDHOST - variable naming is bs + #Fix SD_DRIVER upstream and downstream mess in 64bit RPIdeb_config + # use correct driver MMC_BCM2835_MMC instead of MMC_BCM2835_SDHOST - see https://www.raspberrypi.org/forums/viewtopic.php?t=210225 set_kernel_config CONFIG_MMC_BCM2835 n set_kernel_config CONFIG_MMC_SDHCI_IPROC n set_kernel_config CONFIG_USB_DWC2 n @@ -198,7 +198,6 @@ if [ "$BUILD_KERNEL" = true ] ; then set_kernel_config CONFIG_INTEGRITY_AUDIT y set_kernel_config CONFIG_INTEGRITY_SIGNATURE y set_kernel_config CONFIG_INTEGRITY_TRUSTED_KEYRING y - set_kernel_config CONFIG_SYSTEM_TRUSTED_KEYS "" # This option provides support for retaining authentication tokens and access keys in the kernel. set_kernel_config CONFIG_KEYS y diff --git a/bootstrap.d/14-fstab.sh b/bootstrap.d/14-fstab.sh index 6677540..a8c521f 100644 --- a/bootstrap.d/14-fstab.sh +++ b/bootstrap.d/14-fstab.sh @@ -21,11 +21,6 @@ if [ "$ENABLE_CRYPTFS" = true ] ; then # Add encrypted partition to crypttab and fstab install_readonly files/mount/crypttab "${ETC_DIR}/crypttab" echo "${CRYPTFS_MAPPING} /dev/mmcblk0p2 none luks,initramfs" >> "${ETC_DIR}/crypttab" - - if [ "$ENABLE_USBBOOT" = true ] ; then - # Add usb/sda2 disk to crypttab - sed -i "s/mmcblk0p2/sda2/" "${ETC_DIR}/crypttab" - fi if [ "$ENABLE_SPLITFS" = true ] ; then # Add usb/sda1 disk to crypttab @@ -36,6 +31,9 @@ fi if [ "$ENABLE_USBBOOT" = true ] ; then sed -i "s/mmcblk0p1/sda1/" "${ETC_DIR}/fstab" sed -i "s/mmcblk0p2/sda2/" "${ETC_DIR}/fstab" + + # Add usb/sda2 disk to crypttab + sed -i "s/mmcblk0p2/sda2/" "${ETC_DIR}/crypttab" fi # Generate initramfs file diff --git a/bootstrap.d/15-rpi-config.sh b/bootstrap.d/15-rpi-config.sh index 92a28a6..40c8736 100644 --- a/bootstrap.d/15-rpi-config.sh +++ b/bootstrap.d/15-rpi-config.sh @@ -102,9 +102,24 @@ else CMDLINE="${CMDLINE} net.ifnames=1" fi +# Disable Raspberry Pi console logo +if [ "$ENABLE_LOGO" = false ] ; then + CMDLINE="${CMDLINE} logo.nologo" +fi + +# Strictly limit verbosity of boot up console messages +if [ "$ENABLE_SILENT_BOOT" = true ] ; then + CMDLINE="${CMDLINE} quiet loglevel=0 rd.systemd.show_status=auto rd.udev.log_priority=0" +fi + # Install firmware config install_readonly files/boot/config.txt "${BOOT_DIR}/config.txt" +# Disable Raspberry Pi console logo +if [ "$ENABLE_SLASH" = false ] ; then + echo "disable_splash=1" >> "${BOOT_DIR}/config.txt" +fi + # Locks CPU frequency at maximum if [ "$ENABLE_TURBO" = true ] ; then echo "force_turbo=1" >> "${BOOT_DIR}/config.txt" @@ -158,7 +173,7 @@ if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then if [ "$ENABLE_MINIUART_OVERLAY" = true ] ; then # set overlay to swap ttyAMA0 and ttyS0 echo "dtoverlay=pi3-miniuart-bt" >> "${BOOT_DIR}/config.txt" - + if [ "$ENABLE_TURBO" = false ] ; then echo "core_freq=250" >> "${BOOT_DIR}/config.txt" fi diff --git a/bootstrap.d/21-firewall.sh b/bootstrap.d/21-firewall.sh index d198eb5..ee9831d 100644 --- a/bootstrap.d/21-firewall.sh +++ b/bootstrap.d/21-firewall.sh @@ -29,9 +29,10 @@ if [ "$ENABLE_IPTABLES" = true ] ; then if [ "$ENABLE_IPV6" = true ] ; then if [ "$KERNEL_NF" = false ] ; then - # iptables-save and -restore are slaves of iptables and thus are set accordingly - chroot_exec update-alternatives --verbose --set ip6tables /usr/sbin/ip6tables-legacy + # iptables-save and -restore are slaves of iptables and thus are set accordingly + chroot_exec update-alternatives --verbose --set ip6tables /usr/sbin/ip6tables-legacy fi + # Install ip6tables systemd service install_readonly files/iptables/ip6tables.service "${ETC_DIR}/systemd/system/ip6tables.service" diff --git a/functions.sh b/functions.sh index fc0b612..4733375 100644 --- a/functions.sh +++ b/functions.sh @@ -1,4 +1,3 @@ -#!/bin/sh # This file contains utility functions used by rpi23-gen-image.sh cleanup (){ @@ -87,6 +86,16 @@ chroot_remove_cc() { COMPILER_PACKAGES="" fi } + +# https://serverfault.com/a/682849 - converts e.g. /24 to 255.255.255.0 +cdr2mask () +{ + # Number of args to shift, 255..255, first non-255 byte, zeroes + set -- $(( 5 - ($1 / 8) )) 255 255 255 255 $(( (255 << (8 - ($1 % 8))) & 255 )) 0 0 0 + [ $1 -gt 1 ] && shift $1 || shift + echo ${1-0}.${2-0}.${3-0}.${4-0} +} + # GPL v2.0 - #https://github.com/sakaki-/bcmrpi3-kernel-bis/blob/master/conform_config.sh set_kernel_config() { # flag as $1, value to set as $2, config must exist at "./.config" @@ -98,18 +107,10 @@ set_kernel_config() { echo "${TGT}"="${2}" >> .config fi } + # unset kernel config parameter unset_kernel_config() { # unsets flag with the value of $1, config must exist at "./.config" TGT="CONFIG_${1#CONFIG_}" sed -i "s/^${TGT}=.*/# ${TGT} is not set/" .config -} - -# https://serverfault.com/a/682849 - converts e.g. /24 to 255.255.255.0 -cdr2mask () -{ - # Number of args to shift, 255..255, first non-255 byte, zeroes - set -- $(( 5 - ($1 / 8) )) 255 255 255 255 $(( (255 << (8 - ($1 % 8))) & 255 )) 0 0 0 - [ $1 -gt 1 ] && shift $1 || shift - echo ${1-0}.${2-0}.${3-0}.${4-0} } \ No newline at end of file diff --git a/rpi23-gen-image.sh b/rpi23-gen-image.sh index 51d8907..50d0c86 100755 --- a/rpi23-gen-image.sh +++ b/rpi23-gen-image.sh @@ -60,7 +60,6 @@ BLUETOOTH_URL=${BLUETOOTH_URL:=https://github.com/RPi-Distro/pi-bluetooth.git} NEXMON_URL=${NEXMON_URL:=https://github.com/seemoo-lab/nexmon.git} SYSTEMDSWAP_URL=${SYSTEMDSWAP_URL:=https://github.com/Nefelim4ag/systemd-swap.git} - # Kernel deb packages for 32bit kernel RPI_32_KERNEL_URL=${RPI_32_KERNEL_URL:=https://github.com/hypriot/rpi-kernel/releases/download/v4.14.34/raspberrypi-kernel_20180422-141901_armhf.deb} RPI_32_KERNELHEADER_URL=${RPI_32_KERNELHEADER_URL:=https://github.com/hypriot/rpi-kernel/releases/download/v4.14.34/raspberrypi-kernel-headers_20180422-141901_armhf.deb} @@ -120,6 +119,7 @@ NET_NTP_2=${NET_NTP_2:=""} # APT settings APT_PROXY=${APT_PROXY:=""} APT_SERVER=${APT_SERVER:="ftp.debian.org"} +KEEP_APT_PROXY=${KEEP_APT_PROXY:=false} # Feature settings ENABLE_PRINTK=${ENABLE_PRINTK:=false} @@ -171,6 +171,9 @@ ENABLE_IPTABLES=${ENABLE_IPTABLES:=false} ENABLE_SPLITFS=${ENABLE_SPLITFS:=false} ENABLE_INITRAMFS=${ENABLE_INITRAMFS:=false} ENABLE_IFNAMES=${ENABLE_IFNAMES:=true} +ENABLE_SPLASH=${ENABLE_SPLASH:=true} +ENABLE_LOGO=${ENABLE_LOGO:=true} +ENABLE_SILENT_BOOT=${ENABLE_SILENT_BOOT=false} DISABLE_UNDERVOLT_WARNINGS=${DISABLE_UNDERVOLT_WARNINGS:=} # Kernel compilation settings @@ -227,7 +230,8 @@ APT_INCLUDES="${APT_INCLUDES},apt-transport-https,apt-utils,ca-certificates,debi APT_EXCLUDES=${APT_EXCLUDES:=""} # Packages required for bootstrapping -REQUIRED_PACKAGES="debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git bc psmisc dbus sudo netselect-apt" +REQUIRED_PACKAGES="debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git bc psmisc dbus sudo" +#Requierd=netselect-apt MISSING_PACKAGES="" # Packages installed for c/c++ build environment in chroot (keep empty) @@ -700,13 +704,17 @@ umount -l "${R}/sys" rm -rf "${R}/run/*" rm -rf "${R}/tmp/*" +# Clean up APT proxy settings +if [ "$KEEP_APT_PROXY" = false ] ; then + rm -f "${ETC_DIR}/apt/apt.conf.d/10proxy" +fi + # Clean up files rm -f "${ETC_DIR}/ssh/ssh_host_*" rm -f "${ETC_DIR}/dropbear/dropbear_*" rm -f "${ETC_DIR}/apt/sources.list.save" rm -f "${ETC_DIR}/resolvconf/resolv.conf.d/original" rm -f "${ETC_DIR}/*-" -rm -f "${ETC_DIR}/apt/apt.conf.d/10proxy" rm -f "${ETC_DIR}/resolv.conf" rm -f "${R}/root/.bash_history" rm -f "${R}/var/lib/urandom/random-seed"