From af0382b2425d0ff0acb603c1cce2a237f983f64e 2017-01-24 11:52:24 From: drtyhlpr Date: 2017-01-24 11:52:24 Subject: [PATCH] Updated: Moved RPi2/3 related configs to new file 14-rpi-config.sh --- diff --git a/README.md b/README.md index c87a6f2..27f0c10 100644 --- a/README.md +++ b/README.md @@ -320,6 +320,7 @@ The functions of this script that are required for the different stages of the b | `11-apt.sh` | Setup APT repositories | | `12-locale.sh` | Setup Locales and keyboard settings | | `13-kernel.sh` | Build and install RPi2/3 Kernel | +| `14-rpi-config.sh` | Setup RPi2/3 config and cmdline | | `20-networking.sh` | Setup Networking | | `21-firewall.sh` | Setup Firewall | | `30-security.sh` | Setup Users and Security settings | diff --git a/bootstrap.d/13-kernel.sh b/bootstrap.d/13-kernel.sh index ada4691..3b2065f 100644 --- a/bootstrap.d/13-kernel.sh +++ b/bootstrap.d/13-kernel.sh @@ -71,8 +71,8 @@ if [ "$BUILD_KERNEL" = true ] ; then # Load default raspberry kernel configuration make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" "${KERNEL_DEFCONFIG}" - if [ ! -z "$KERNELSRC_USRCONFIG" ] ; then - cp $KERNELSRC_USRCONFIG ${KERNEL_DIR}/.config + if [ ! -z "$KERNELSRC_USRCONFIG" ] ; then + cp $KERNELSRC_USRCONFIG ${KERNEL_DIR}/.config fi # Start menu-driven kernel configuration (interactive) @@ -134,29 +134,7 @@ if [ "$BUILD_KERNEL" = true ] ; then if [ "$KERNEL_REMOVESRC" = true ] ; then rm -fr "${KERNEL_DIR}" else - #make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" oldconfig make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" modules_prepare - #make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" mrproper - fi - - if [ -n "$RPI_FIRMWARE_DIR" ] && [ -d "$RPI_FIRMWARE_DIR" ] ; then - # Install boot binaries from local directory - cp ${RPI_FIRMWARE_DIR}/boot/bootcode.bin ${BOOT_DIR}/bootcode.bin - cp ${RPI_FIRMWARE_DIR}/boot/fixup.dat ${BOOT_DIR}/fixup.dat - cp ${RPI_FIRMWARE_DIR}/boot/fixup_cd.dat ${BOOT_DIR}/fixup_cd.dat - cp ${RPI_FIRMWARE_DIR}/boot/fixup_x.dat ${BOOT_DIR}/fixup_x.dat - cp ${RPI_FIRMWARE_DIR}/boot/start.elf ${BOOT_DIR}/start.elf - cp ${RPI_FIRMWARE_DIR}/boot/start_cd.elf ${BOOT_DIR}/start_cd.elf - cp ${RPI_FIRMWARE_DIR}/boot/start_x.elf ${BOOT_DIR}/start_x.elf - else - # Install latest boot binaries from raspberry/firmware github - wget -q -O "${BOOT_DIR}/bootcode.bin" "${FIRMWARE_URL}/bootcode.bin" - wget -q -O "${BOOT_DIR}/fixup.dat" "${FIRMWARE_URL}/fixup.dat" - wget -q -O "${BOOT_DIR}/fixup_cd.dat" "${FIRMWARE_URL}/fixup_cd.dat" - wget -q -O "${BOOT_DIR}/fixup_x.dat" "${FIRMWARE_URL}/fixup_x.dat" - wget -q -O "${BOOT_DIR}/start.elf" "${FIRMWARE_URL}/start.elf" - wget -q -O "${BOOT_DIR}/start_cd.elf" "${FIRMWARE_URL}/start_cd.elf" - wget -q -O "${BOOT_DIR}/start_x.elf" "${FIRMWARE_URL}/start_x.elf" fi else # BUILD_KERNEL=false @@ -177,105 +155,9 @@ else # BUILD_KERNEL=false install_readonly "${VMLINUZ}" "${BOOT_DIR}/${KERNEL_IMAGE}" fi -# Setup firmware boot cmdline -if [ "$ENABLE_SPLITFS" = true ] ; then - CMDLINE="dwc_otg.lpm_enable=0 root=/dev/sda1 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline rootwait console=tty1" -else - CMDLINE="dwc_otg.lpm_enable=0 root=/dev/mmcblk0p2 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline rootwait console=tty1" -fi - -# Add encrypted root partition to cmdline.txt -if [ "$ENABLE_CRYPTFS" = true ] ; then - if [ "$ENABLE_SPLITFS" = true ] ; then - CMDLINE=$(echo ${CMDLINE} | sed "s/sda1/mapper\/${CRYPTFS_MAPPING} cryptdevice=\/dev\/sda1:${CRYPTFS_MAPPING}/") - else - CMDLINE=$(echo ${CMDLINE} | sed "s/mmcblk0p2/mapper\/${CRYPTFS_MAPPING} cryptdevice=\/dev\/mmcblk0p2:${CRYPTFS_MAPPING}/") - fi -fi - -# Add serial console support -if [ "$ENABLE_CONSOLE" = true ] ; then - CMDLINE="${CMDLINE} console=ttyAMA0,115200 kgdboc=ttyAMA0,115200" -fi - -# Remove IPv6 networking support -if [ "$ENABLE_IPV6" = false ] ; then - CMDLINE="${CMDLINE} ipv6.disable=1" -fi - -# Automatically assign predictable network interface names -if [ "$ENABLE_IFNAMES" = false ] ; then - CMDLINE="${CMDLINE} net.ifnames=0" -else - CMDLINE="${CMDLINE} net.ifnames=1" -fi - -# Set init to systemd if required by Debian release -if [ "$RELEASE" = "stretch" ] ; then - CMDLINE="${CMDLINE} init=/bin/systemd" -fi - -# Install firmware boot cmdline -echo "${CMDLINE}" > "${BOOT_DIR}/cmdline.txt" - -# Install firmware config -install_readonly files/boot/config.txt "${BOOT_DIR}/config.txt" - -# Setup minimal GPU memory allocation size: 16MB (no X) -if [ "$ENABLE_MINGPU" = true ] ; then - echo "gpu_mem=16" >> "${BOOT_DIR}/config.txt" -fi - -# Setup boot with initramfs -if [ "$ENABLE_INITRAMFS" = true ] ; then - echo "initramfs initramfs-${KERNEL_VERSION} followkernel" >> "${BOOT_DIR}/config.txt" -fi - -# Disable RPi3 Bluetooth and restore ttyAMA0 serial device -if [ "$RPI_MODEL" = 3 ] ; then - if [ "$ENABLE_CONSOLE" = true ] && [ "$ENABLE_UBOOT" = false ] ; then - echo "dtoverlay=pi3-disable-bt" >> "${BOOT_DIR}/config.txt" - echo "enable_uart=1" >> "${BOOT_DIR}/config.txt" - fi -fi - -# Create firmware configuration and cmdline symlinks -ln -sf firmware/config.txt "${R}/boot/config.txt" -ln -sf firmware/cmdline.txt "${R}/boot/cmdline.txt" - -# Install and setup kernel modules to load at boot -mkdir -p "${R}/lib/modules-load.d/" -install_readonly files/modules/rpi2.conf "${R}/lib/modules-load.d/rpi2.conf" - -# Load hardware random module at boot -if [ "$ENABLE_HWRANDOM" = true ] && [ "$BUILD_KERNEL" = false ] ; then - sed -i "s/^# bcm2708_rng/bcm2708_rng/" "${R}/lib/modules-load.d/rpi2.conf" -fi - -# Load sound module at boot -if [ "$ENABLE_SOUND" = true ] ; then - sed -i "s/^# snd_bcm2835/snd_bcm2835/" "${R}/lib/modules-load.d/rpi2.conf" -fi - -# Enable I2C interface -if [ "$ENABLE_I2C" = true ] ; then - echo "dtparam=i2c_arm=on" >> "${BOOT_DIR}/config.txt" - sed -i "s/^# i2c-bcm2708/i2c-bcm2708/" "${R}/lib/modules-load.d/rpi2.conf" - sed -i "s/^# i2c-dev/i2c-dev/" "${R}/lib/modules-load.d/rpi2.conf" -fi - -# Enable SPI interface -if [ "$ENABLE_SPI" = true ] ; then - echo "dtparam=spi=on" >> "${BOOT_DIR}/config.txt" - echo "spi-bcm2708" >> "${R}/lib/modules-load.d/rpi2.conf" - if [ "$RPI_MODEL" = 3 ] ; then - sed -i "s/spi-bcm2708/spi-bcm2835/" "${R}/lib/modules-load.d/rpi2.conf" - fi -fi - -# Install kernel modules blacklist -mkdir -p "${ETC_DIR}/modprobe.d/" -install_readonly files/modules/raspi-blacklist.conf "${ETC_DIR}/modprobe.d/raspi-blacklist.conf" +# Create symlinks for kernel modules +ln -sf "${KERNEL_DIR}" "${R}/lib/modules/${KERNEL_VERSION}/build" +ln -sf "${KERNEL_DIR}" "${R}/lib/modules/${KERNEL_VERSION}/source" # Install and setup fstab install_readonly files/mount/fstab "${ETC_DIR}/fstab" @@ -326,11 +208,3 @@ if [ "$ENABLE_INITRAMFS" = true ] ; then chroot_exec mkinitramfs -o "/boot/firmware/initramfs-${KERNEL_VERSION}" "${KERNEL_VERSION}" fi fi - -# Install sysctl.d configuration files -install_readonly files/sysctl.d/81-rpi-vm.conf "${ETC_DIR}/sysctl.d/81-rpi-vm.conf" - -# make symlinks -ln -sf "${KERNEL_DIR}" "${R}/lib/modules/${KERNEL_VERSION}/build" -ln -sf "${KERNEL_DIR}" "${R}/lib/modules/${KERNEL_VERSION}/source" - diff --git a/bootstrap.d/14-rpi-config.sh b/bootstrap.d/14-rpi-config.sh new file mode 100644 index 0000000..3e17345 --- /dev/null +++ b/bootstrap.d/14-rpi-config.sh @@ -0,0 +1,131 @@ +# +# Setup RPi2/3 config and cmdline +# + +# Load utility functions +. ./functions.sh + +if [ "$BUILD_KERNEL" = true ] ; then + if [ -n "$RPI_FIRMWARE_DIR" ] && [ -d "$RPI_FIRMWARE_DIR" ] ; then + # Install boot binaries from local directory + cp ${RPI_FIRMWARE_DIR}/boot/bootcode.bin ${BOOT_DIR}/bootcode.bin + cp ${RPI_FIRMWARE_DIR}/boot/fixup.dat ${BOOT_DIR}/fixup.dat + cp ${RPI_FIRMWARE_DIR}/boot/fixup_cd.dat ${BOOT_DIR}/fixup_cd.dat + cp ${RPI_FIRMWARE_DIR}/boot/fixup_x.dat ${BOOT_DIR}/fixup_x.dat + cp ${RPI_FIRMWARE_DIR}/boot/start.elf ${BOOT_DIR}/start.elf + cp ${RPI_FIRMWARE_DIR}/boot/start_cd.elf ${BOOT_DIR}/start_cd.elf + cp ${RPI_FIRMWARE_DIR}/boot/start_x.elf ${BOOT_DIR}/start_x.elf + else + # Install latest boot binaries from raspberry/firmware github + wget -q -O "${BOOT_DIR}/bootcode.bin" "${FIRMWARE_URL}/bootcode.bin" + wget -q -O "${BOOT_DIR}/fixup.dat" "${FIRMWARE_URL}/fixup.dat" + wget -q -O "${BOOT_DIR}/fixup_cd.dat" "${FIRMWARE_URL}/fixup_cd.dat" + wget -q -O "${BOOT_DIR}/fixup_x.dat" "${FIRMWARE_URL}/fixup_x.dat" + wget -q -O "${BOOT_DIR}/start.elf" "${FIRMWARE_URL}/start.elf" + wget -q -O "${BOOT_DIR}/start_cd.elf" "${FIRMWARE_URL}/start_cd.elf" + wget -q -O "${BOOT_DIR}/start_x.elf" "${FIRMWARE_URL}/start_x.elf" + fi +fi + +# Setup firmware boot cmdline +if [ "$ENABLE_SPLITFS" = true ] ; then + CMDLINE="dwc_otg.lpm_enable=0 root=/dev/sda1 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline rootwait console=tty1" +else + CMDLINE="dwc_otg.lpm_enable=0 root=/dev/mmcblk0p2 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline rootwait console=tty1" +fi + +# Add encrypted root partition to cmdline.txt +if [ "$ENABLE_CRYPTFS" = true ] ; then + if [ "$ENABLE_SPLITFS" = true ] ; then + CMDLINE=$(echo ${CMDLINE} | sed "s/sda1/mapper\/${CRYPTFS_MAPPING} cryptdevice=\/dev\/sda1:${CRYPTFS_MAPPING}/") + else + CMDLINE=$(echo ${CMDLINE} | sed "s/mmcblk0p2/mapper\/${CRYPTFS_MAPPING} cryptdevice=\/dev\/mmcblk0p2:${CRYPTFS_MAPPING}/") + fi +fi + +# Add serial console support +if [ "$ENABLE_CONSOLE" = true ] ; then + CMDLINE="${CMDLINE} console=ttyAMA0,115200 kgdboc=ttyAMA0,115200" +fi + +# Remove IPv6 networking support +if [ "$ENABLE_IPV6" = false ] ; then + CMDLINE="${CMDLINE} ipv6.disable=1" +fi + +# Automatically assign predictable network interface names +if [ "$ENABLE_IFNAMES" = false ] ; then + CMDLINE="${CMDLINE} net.ifnames=0" +else + CMDLINE="${CMDLINE} net.ifnames=1" +fi + +# Set init to systemd if required by Debian release +if [ "$RELEASE" = "stretch" ] ; then + CMDLINE="${CMDLINE} init=/bin/systemd" +fi + +# Install firmware boot cmdline +echo "${CMDLINE}" > "${BOOT_DIR}/cmdline.txt" + +# Install firmware config +install_readonly files/boot/config.txt "${BOOT_DIR}/config.txt" + +# Setup minimal GPU memory allocation size: 16MB (no X) +if [ "$ENABLE_MINGPU" = true ] ; then + echo "gpu_mem=16" >> "${BOOT_DIR}/config.txt" +fi + +# Setup boot with initramfs +if [ "$ENABLE_INITRAMFS" = true ] ; then + echo "initramfs initramfs-${KERNEL_VERSION} followkernel" >> "${BOOT_DIR}/config.txt" +fi + +# Disable RPi3 Bluetooth and restore ttyAMA0 serial device +if [ "$RPI_MODEL" = 3 ] ; then + if [ "$ENABLE_CONSOLE" = true ] && [ "$ENABLE_UBOOT" = false ] ; then + echo "dtoverlay=pi3-disable-bt" >> "${BOOT_DIR}/config.txt" + echo "enable_uart=1" >> "${BOOT_DIR}/config.txt" + fi +fi + +# Create firmware configuration and cmdline symlinks +ln -sf firmware/config.txt "${R}/boot/config.txt" +ln -sf firmware/cmdline.txt "${R}/boot/cmdline.txt" + +# Install and setup kernel modules to load at boot +mkdir -p "${R}/lib/modules-load.d/" +install_readonly files/modules/rpi2.conf "${R}/lib/modules-load.d/rpi2.conf" + +# Load hardware random module at boot +if [ "$ENABLE_HWRANDOM" = true ] && [ "$BUILD_KERNEL" = false ] ; then + sed -i "s/^# bcm2708_rng/bcm2708_rng/" "${R}/lib/modules-load.d/rpi2.conf" +fi + +# Load sound module at boot +if [ "$ENABLE_SOUND" = true ] ; then + sed -i "s/^# snd_bcm2835/snd_bcm2835/" "${R}/lib/modules-load.d/rpi2.conf" +fi + +# Enable I2C interface +if [ "$ENABLE_I2C" = true ] ; then + echo "dtparam=i2c_arm=on" >> "${BOOT_DIR}/config.txt" + sed -i "s/^# i2c-bcm2708/i2c-bcm2708/" "${R}/lib/modules-load.d/rpi2.conf" + sed -i "s/^# i2c-dev/i2c-dev/" "${R}/lib/modules-load.d/rpi2.conf" +fi + +# Enable SPI interface +if [ "$ENABLE_SPI" = true ] ; then + echo "dtparam=spi=on" >> "${BOOT_DIR}/config.txt" + echo "spi-bcm2708" >> "${R}/lib/modules-load.d/rpi2.conf" + if [ "$RPI_MODEL" = 3 ] ; then + sed -i "s/spi-bcm2708/spi-bcm2835/" "${R}/lib/modules-load.d/rpi2.conf" + fi +fi + +# Install kernel modules blacklist +mkdir -p "${ETC_DIR}/modprobe.d/" +install_readonly files/modules/raspi-blacklist.conf "${ETC_DIR}/modprobe.d/raspi-blacklist.conf" + +# Install sysctl.d configuration files +install_readonly files/sysctl.d/81-rpi-vm.conf "${ETC_DIR}/sysctl.d/81-rpi-vm.conf"