From bf57bfb56e3d68bd60ad6153b69063c9974f8cff 2018-11-19 10:23:20 From: drtyhlpr Date: 2018-11-19 10:23:20 Subject: [PATCH] Merge pull request #157 from burnbabyburn/test Added Raspberry Userland thanks to burn --- diff --git a/README.md b/README.md index 04723a1..b232d33 100644 --- a/README.md +++ b/README.md @@ -224,6 +224,12 @@ Install and enable the [hardware accelerated Xorg video driver](https://github.c ##### `FBTURBOSRC_DIR`="" Path to a directory (`xf86-video-fbturbo`) of [hardware accelerated Xorg video driver sources](https://github.com/ssvb/xf86-video-fbturbo) that will be copied, configured, build and installed inside the chroot. +##### `ENABLE_VIDEOCORE`=false +Install and enable the [Source code for ARM side libraries for interfacing to Raspberry Pi GPU](https://github.com/raspberrypi/userland) `vcgencmd`. Please note that this driver is currently limited to hardware accelerated window moving and scrolling. + +##### `VIDEOCORESRC_DIR`="" +Path to a directory (`userland`) of [Source code for ARM side libraries for interfacing to Raspberry Pi GPU](https://github.com/raspberrypi/userland) that will be copied, configured, build and installed inside the chroot. + ##### `ENABLE_IPTABLES`=false Enable iptables IPv4/IPv6 firewall. Simplified ruleset: Allow all outgoing connections. Block all incoming connections except to OpenSSH service. diff --git a/bootstrap.d/10-bootstrap.sh b/bootstrap.d/10-bootstrap.sh index d8cfb69..8776997 100644 --- a/bootstrap.d/10-bootstrap.sh +++ b/bootstrap.d/10-bootstrap.sh @@ -19,7 +19,7 @@ if [ "$ENABLE_MINBASE" = true ] ; then fi # Base debootstrap (unpack only) -http_proxy=${APT_PROXY} debootstrap ${APT_EXCLUDES} --arch="${RELEASE_ARCH}" --foreign ${VARIANT} --components="${COMPONENTS}" --include="${APT_INCLUDES}" "${RELEASE}" "${R}" "http://${APT_SERVER}/debian" +http_proxy=${APT_PROXY} debootstrap "${APT_EXCLUDES}" --arch="${RELEASE_ARCH}" --foreign ${VARIANT} --components="${COMPONENTS}" --include="${APT_INCLUDES}" "${RELEASE}" "${R}" "http://${APT_SERVER}/debian" # Copy qemu emulator binary to chroot install -m 755 -o root -g root "${QEMU_BINARY}" "${R}${QEMU_BINARY}" diff --git a/bootstrap.d/11-apt.sh b/bootstrap.d/11-apt.sh index 3c9b2a0..f511f43 100644 --- a/bootstrap.d/11-apt.sh +++ b/bootstrap.d/11-apt.sh @@ -41,13 +41,13 @@ chroot_exec apt-get -qq -y update chroot_exec apt-get -qq -y -u dist-upgrade if [ "$APT_INCLUDES_LATE" ] ; then - chroot_exec apt-get -qq -y install $(echo $APT_INCLUDES_LATE |tr , ' ') + chroot_exec apt-get -qq -y install "$(echo "$APT_INCLUDES_LATE" |tr , ' ')" fi if [ -d packages ] ; then for package in packages/*.deb ; do - cp $package ${R}/tmp - chroot_exec dpkg --unpack /tmp/$(basename $package) + cp "$package" "${R}"/tmp + chroot_exec dpkg --unpack /tmp/"$(basename "$package")" done fi chroot_exec apt-get -qq -y -f install diff --git a/bootstrap.d/12-locale.sh b/bootstrap.d/12-locale.sh index ac342ef..c469ec3 100644 --- a/bootstrap.d/12-locale.sh +++ b/bootstrap.d/12-locale.sh @@ -6,11 +6,11 @@ . ./functions.sh # Install and setup timezone -echo ${TIMEZONE} > "${ETC_DIR}/timezone" +echo "${TIMEZONE}" > "${ETC_DIR}/timezone" chroot_exec dpkg-reconfigure -f noninteractive tzdata # Install and setup default locale and keyboard configuration -if [ $(echo "$APT_INCLUDES" | grep ",locales") ] ; then +if [ "$(echo "$APT_INCLUDES" | grep ",locales")" ] ; then # Set locale choice in debconf db, even though dpkg-reconfigure ignores and overwrites them due to some bug # https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=684134 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=685957 # ... so we have to set locales manually diff --git a/bootstrap.d/13-kernel.sh b/bootstrap.d/13-kernel.sh index a3c2e0c..e86ae33 100644 --- a/bootstrap.d/13-kernel.sh +++ b/bootstrap.d/13-kernel.sh @@ -8,12 +8,12 @@ # Fetch and build latest raspberry kernel if [ "$BUILD_KERNEL" = true ] ; then # Setup source directory - mkdir -p "${R}/usr/src/linux" + mkdir -p "${KERNEL_DIR}" # Copy existing kernel sources into chroot directory if [ -n "$KERNELSRC_DIR" ] && [ -d "$KERNELSRC_DIR" ] ; then # Copy kernel sources and include hidden files - cp -r "${KERNELSRC_DIR}/". "${R}/usr/src/linux" + cp -r "${KERNELSRC_DIR}/". "${KERNEL_DIR}" # Clean the kernel sources if [ "$KERNELSRC_CLEAN" = true ] && [ "$KERNELSRC_PREBUILT" = false ] ; then @@ -28,10 +28,10 @@ if [ "$BUILD_KERNEL" = true ] ; then as_nobody -H git -C "${temp_dir}" clone --depth=1 "${KERNEL_URL}" linux else as_nobody -H git -C "${temp_dir}" clone --depth=1 --branch "${KERNEL_BRANCH}" "${KERNEL_URL}" linux - fi - + fi + # Copy downloaded kernel sources - cp -r "${temp_dir}/linux/"* "${R}/usr/src/linux/" + cp -r "${temp_dir}/linux/"* "${KERNEL_DIR}" # Remove temporary directory for kernel sources rm -fr "${temp_dir}" @@ -89,30 +89,32 @@ if [ "$BUILD_KERNEL" = true ] ; then # Set kernel configuration parameters to enable qemu emulation if [ "$ENABLE_QEMU" = true ] ; then - echo "CONFIG_FHANDLE=y" >> ${KERNEL_DIR}/.config - echo "CONFIG_LBDAF=y" >> ${KERNEL_DIR}/.config + echo "CONFIG_FHANDLE=y" >> "${KERNEL_DIR}"/.config + echo "CONFIG_LBDAF=y" >> "${KERNEL_DIR}"/.config if [ "$ENABLE_CRYPTFS" = true ] ; then - echo "CONFIG_EMBEDDED=y" >> ${KERNEL_DIR}/.config - echo "CONFIG_EXPERT=y" >> ${KERNEL_DIR}/.config - echo "CONFIG_DAX=y" >> ${KERNEL_DIR}/.config - echo "CONFIG_MD=y" >> ${KERNEL_DIR}/.config - echo "CONFIG_BLK_DEV_MD=y" >> ${KERNEL_DIR}/.config - echo "CONFIG_MD_AUTODETECT=y" >> ${KERNEL_DIR}/.config - echo "CONFIG_BLK_DEV_DM=y" >> ${KERNEL_DIR}/.config - echo "CONFIG_BLK_DEV_DM_BUILTIN=y" >> ${KERNEL_DIR}/.config - echo "CONFIG_DM_CRYPT=y" >> ${KERNEL_DIR}/.config - echo "CONFIG_CRYPTO_BLKCIPHER=y" >> ${KERNEL_DIR}/.config - echo "CONFIG_CRYPTO_CBC=y" >> ${KERNEL_DIR}/.config - echo "CONFIG_CRYPTO_XTS=y" >> ${KERNEL_DIR}/.config - echo "CONFIG_CRYPTO_SHA512=y" >> ${KERNEL_DIR}/.config - echo "CONFIG_CRYPTO_MANAGER=y" >> ${KERNEL_DIR}/.config - fi + { + echo "CONFIG_EMBEDDED=y" + echo "CONFIG_EXPERT=y" + echo "CONFIG_DAX=y" + echo "CONFIG_MD=y" + echo "CONFIG_BLK_DEV_MD=y" + echo "CONFIG_MD_AUTODETECT=y" + echo "CONFIG_BLK_DEV_DM=y" + echo "CONFIG_BLK_DEV_DM_BUILTIN=y" + echo "CONFIG_DM_CRYPT=y" + echo "CONFIG_CRYPTO_BLKCIPHER=y" + echo "CONFIG_CRYPTO_CBC=y" + echo "CONFIG_CRYPTO_XTS=y" + echo "CONFIG_CRYPTO_SHA512=y" + echo "CONFIG_CRYPTO_MANAGER=y" + } >> ${KERNEL_DIR}/.config + fi fi # Copy custom kernel configuration file - if [ ! -z "$KERNELSRC_USRCONFIG" ] ; then - cp $KERNELSRC_USRCONFIG ${KERNEL_DIR}/.config + if [ -n "$KERNELSRC_USRCONFIG" ] ; then + cp "$KERNELSRC_USRCONFIG" "${KERNEL_DIR}"/.config fi # Set kernel configuration parameters to their default values @@ -134,11 +136,11 @@ if [ "$BUILD_KERNEL" = true ] ; then fi # Cross compile kernel and dtbs - make -C "${KERNEL_DIR}" -j${KERNEL_THREADS} ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" CC="${cc}" "${KERNEL_BIN_IMAGE}" dtbs + make -C "${KERNEL_DIR}" -j"${KERNEL_THREADS}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" CC="${cc}" "${KERNEL_BIN_IMAGE}" dtbs # Cross compile kernel modules - if [ $(grep "CONFIG_MODULES=y" "${KERNEL_DIR}/.config") ] ; then - make -C "${KERNEL_DIR}" -j${KERNEL_THREADS} ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" CC="${cc}" modules + if [ "$(grep "CONFIG_MODULES=y" "${KERNEL_DIR}/.config")" ] ; then + make -C "${KERNEL_DIR}" -j"${KERNEL_THREADS}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" CC="${cc}" modules fi fi @@ -151,16 +153,16 @@ if [ "$BUILD_KERNEL" = true ] ; then # Install kernel modules if [ "$ENABLE_REDUCE" = true ] ; then - if [ $(grep "CONFIG_MODULES=y" "${KERNEL_DIR}/.config") ] ; then + if [ "$(grep "CONFIG_MODULES=y" "${KERNEL_DIR}/.config")" ] ; then make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_MOD_STRIP=1 INSTALL_MOD_PATH=../../.. modules_install fi else - if [ $(grep "CONFIG_MODULES=y" "${KERNEL_DIR}/.config") ] ; then + if [ "$(grep "CONFIG_MODULES=y" "${KERNEL_DIR}/.config")" ] ; then make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_MOD_PATH=../../.. modules_install fi # Install kernel firmware - if [ $(grep "^firmware_install:" "${KERNEL_DIR}/Makefile") ] ; then + if [ "$(grep "^firmware_install:" "${KERNEL_DIR}/Makefile")" ] ; then make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_FW_PATH=../../../lib firmware_install fi fi @@ -174,14 +176,14 @@ if [ "$BUILD_KERNEL" = true ] ; then mkdir "${BOOT_DIR}" # Get kernel release version - KERNEL_VERSION=`cat "${KERNEL_DIR}/include/config/kernel.release"` + KERNEL_VERSION=$(cat "${KERNEL_DIR}/include/config/kernel.release") # Copy kernel configuration file to the boot directory install_readonly "${KERNEL_DIR}/.config" "${R}/boot/config-${KERNEL_VERSION}" # Prepare device tree directory mkdir "${BOOT_DIR}/overlays" - + # Ensure the proper .dtb is located if [ "$KERNEL_ARCH" = "arm" ] ; then for dtb in "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/"*.dtb ; do @@ -223,8 +225,8 @@ if [ "$BUILD_KERNEL" = true ] ; then rm -fr "${KERNEL_DIR}" else # Prepare compiled kernel modules - if [ $(grep "CONFIG_MODULES=y" "${KERNEL_DIR}/.config") ] ; then - if [ $(grep "^modules_prepare:" "${KERNEL_DIR}/Makefile") ] ; then + if [ "$(grep "CONFIG_MODULES=y" "${KERNEL_DIR}/.config")" ] ; then + if [ "$(grep "^modules_prepare:" "${KERNEL_DIR}/Makefile")" ] ; then make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" modules_prepare fi @@ -242,7 +244,7 @@ else # BUILD_KERNEL=false chroot_exec apt-get -qq -y install flash-kernel # Check if kernel installation was successful - VMLINUZ="$(ls -1 ${R}/boot/vmlinuz-* | sort | tail -n 1)" + VMLINUZ="$(ls -1 "${R}"/boot/vmlinuz-* | sort | tail -n 1)" if [ -z "$VMLINUZ" ] ; then echo "error: kernel installation failed! (/boot/vmlinuz-* not found)" cleanup diff --git a/bootstrap.d/14-fstab.sh b/bootstrap.d/14-fstab.sh index 0a8eb19..2f68cdf 100644 --- a/bootstrap.d/14-fstab.sh +++ b/bootstrap.d/14-fstab.sh @@ -45,7 +45,7 @@ if [ "$BUILD_KERNEL" = true ] && [ "$ENABLE_INITRAMFS" = true ] ; then printf "#\n# CRYPTSETUP: [ y | n ]\n#\n\nCRYPTSETUP=y\n" >> "${ETC_DIR}/initramfs-tools/conf-hook" # Dummy mapping required by mkinitramfs - echo "0 1 crypt $(echo ${CRYPTFS_CIPHER} | cut -d ':' -f 1) ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff 0 7:0 4096" | chroot_exec dmsetup create "${CRYPTFS_MAPPING}" + echo "0 1 crypt $(echo "${CRYPTFS_CIPHER}" | cut -d ':' -f 1) ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff 0 7:0 4096" | chroot_exec dmsetup create "${CRYPTFS_MAPPING}" # Generate initramfs with encrypted root partition support chroot_exec mkinitramfs -o "/boot/firmware/initramfs-${KERNEL_VERSION}" "${KERNEL_VERSION}" diff --git a/bootstrap.d/15-rpi-config.sh b/bootstrap.d/15-rpi-config.sh index b84de23..031776b 100644 --- a/bootstrap.d/15-rpi-config.sh +++ b/bootstrap.d/15-rpi-config.sh @@ -8,13 +8,13 @@ if [ "$BUILD_KERNEL" = true ] ; then if [ -n "$RPI_FIRMWARE_DIR" ] && [ -d "$RPI_FIRMWARE_DIR" ] ; then # Install boot binaries from local directory - cp ${RPI_FIRMWARE_DIR}/boot/bootcode.bin ${BOOT_DIR}/bootcode.bin - cp ${RPI_FIRMWARE_DIR}/boot/fixup.dat ${BOOT_DIR}/fixup.dat - cp ${RPI_FIRMWARE_DIR}/boot/fixup_cd.dat ${BOOT_DIR}/fixup_cd.dat - cp ${RPI_FIRMWARE_DIR}/boot/fixup_x.dat ${BOOT_DIR}/fixup_x.dat - cp ${RPI_FIRMWARE_DIR}/boot/start.elf ${BOOT_DIR}/start.elf - cp ${RPI_FIRMWARE_DIR}/boot/start_cd.elf ${BOOT_DIR}/start_cd.elf - cp ${RPI_FIRMWARE_DIR}/boot/start_x.elf ${BOOT_DIR}/start_x.elf + cp "${RPI_FIRMWARE_DIR}"/boot/bootcode.bin "${BOOT_DIR}"/bootcode.bin + cp "${RPI_FIRMWARE_DIR}"/boot/fixup.dat "${BOOT_DIR}"/fixup.dat + cp "${RPI_FIRMWARE_DIR}"/boot/fixup_cd.dat "${BOOT_DIR}"/fixup_cd.dat + cp "${RPI_FIRMWARE_DIR}"/boot/fixup_x.dat "${BOOT_DIR}"/fixup_x.dat + cp "${RPI_FIRMWARE_DIR}"/boot/start.elf "${BOOT_DIR}"/start.elf + cp "${RPI_FIRMWARE_DIR}"/boot/start_cd.elf "${BOOT_DIR}"/start_cd.elf + cp "${RPI_FIRMWARE_DIR}"/boot/start_x.elf "${BOOT_DIR}"/start_x.elf else # Create temporary directory for boot binaries temp_dir=$(as_nobody mktemp -d) @@ -50,9 +50,9 @@ fi # Add encrypted root partition to cmdline.txt if [ "$ENABLE_CRYPTFS" = true ] ; then if [ "$ENABLE_SPLITFS" = true ] ; then - CMDLINE=$(echo ${CMDLINE} | sed "s/sda1/mapper\/${CRYPTFS_MAPPING} cryptdevice=\/dev\/sda1:${CRYPTFS_MAPPING}/") + CMDLINE=$(echo "${CMDLINE}" | sed "s/sda1/mapper\/${CRYPTFS_MAPPING} cryptdevice=\/dev\/sda1:${CRYPTFS_MAPPING}/") else - CMDLINE=$(echo ${CMDLINE} | sed "s/mmcblk0p2/mapper\/${CRYPTFS_MAPPING} cryptdevice=\/dev\/mmcblk0p2:${CRYPTFS_MAPPING}/") + CMDLINE=$(echo "${CMDLINE}" | sed "s/mmcblk0p2/mapper\/${CRYPTFS_MAPPING} cryptdevice=\/dev\/mmcblk0p2:${CRYPTFS_MAPPING}/") fi fi @@ -139,7 +139,7 @@ if [ "$ENABLE_SPI" = true ] ; then fi # Disable RPi2/3 under-voltage warnings -if [ ! -z "$DISABLE_UNDERVOLT_WARNINGS" ] ; then +if [ -n "$DISABLE_UNDERVOLT_WARNINGS" ] ; then echo "avoid_warnings=${DISABLE_UNDERVOLT_WARNINGS}" >> "${BOOT_DIR}/config.txt" fi diff --git a/bootstrap.d/16-videocore.sh b/bootstrap.d/16-videocore.sh new file mode 100644 index 0000000..8621560 --- /dev/null +++ b/bootstrap.d/16-videocore.sh @@ -0,0 +1,33 @@ +# +# Setup videocore - Raspberry Userland +# + +# Load utility functions +. ./functions.sh + +if [ "$ENABLE_VIDEOCORE" = true ] ; then + # Copy existing videocore sources into chroot directory + if [ -n "$VIDEOCORESRC_DIR" ] && [ -d "$VIDEOCORESRC_DIR" ] ; then + # Copy local U-Boot sources + cp -r "${VIDEOCORESRC_DIR}" "${R}/tmp" + else + # Create temporary directory for U-Boot sources + temp_dir=$(as_nobody mktemp -d) + + # Fetch U-Boot sources + as_nobody git -C "${temp_dir}" clone "${VIDEOCORE_URL}" + + # Copy downloaded U-Boot sources + mv "${temp_dir}/userland" "${R}/tmp/" + + # Set permissions of the U-Boot sources + chown -R root:root "${R}/tmp/userland" + + # Remove temporary directory for U-Boot sources + rm -fr "${temp_dir}" + fi + + cmake -DCMAKE_SYSTEM_NAME=Linux -DCMAKE_BUILD_TYPE=release -DARM64=ON -DCMAKE_C_COMPILER=aarch64-linux-gnu-gcc -DCMAKE_CXX_COMPILER=aarch64-linux-gnu-g++ -DCMAKE_ASM_COMPILER=aarch64-linux-gnu-gcc -DVIDEOCORE_BUILD_DIR="${R}"/opt/vc + make -j "$(nproc)" + chroot_exec PATH="${PATH}":/opt/vc/bin +fi diff --git a/bootstrap.d/20-networking.sh b/bootstrap.d/20-networking.sh index c386754..d53b78b 100644 --- a/bootstrap.d/20-networking.sh +++ b/bootstrap.d/20-networking.sh @@ -89,14 +89,14 @@ if [ "$ENABLE_HARDNET" = true ] ; then fi # Enable time sync -if [ "NET_NTP_1" != "" ] ; then +if [ "$NET_NTP_1" != "" ] ; then chroot_exec systemctl enable systemd-timesyncd.service fi # Download the firmware binary blob required to use the RPi3 wireless interface if [ "$ENABLE_WIRELESS" = true ] ; then - if [ ! -d ${WLAN_FIRMWARE_DIR} ] ; then - mkdir -p ${WLAN_FIRMWARE_DIR} + if [ ! -d "${WLAN_FIRMWARE_DIR}" ] ; then + mkdir -p "${WLAN_FIRMWARE_DIR}" fi # Create temporary directory for firmware binary blob diff --git a/bootstrap.d/21-firewall.sh b/bootstrap.d/21-firewall.sh index 1cabec2..d078ba1 100644 --- a/bootstrap.d/21-firewall.sh +++ b/bootstrap.d/21-firewall.sh @@ -9,10 +9,11 @@ if [ "$ENABLE_IPTABLES" = true ] ; then # Create iptables configuration directory mkdir -p "${ETC_DIR}/iptables" - # make sure iptables-legacy,iptables-legacy-restore and iptables-legacy-save are the used alternatives - chroot_exec update-alternatives --verbose --set iptables /usr/sbin/iptables-legacy - chroot_exec update-alternatives --verbose --set iptables-save /usr/sbin/iptables-legacy-save - chroot_exec update-alternatives --verbose --set iptables-restore /usr/sbin/iptables-legacy-restore + # make sure iptables-legacy is the used alternatives + #iptables-save and -restore are slaves of iptables and thus are set accordingly + if ! [ "$RELEASE" = jessie ] ; then + chroot_exec update-alternatives --verbose --set iptables /usr/sbin/iptables-legacy + fi # Install iptables systemd service install_readonly files/iptables/iptables.service "${ETC_DIR}/systemd/system/iptables.service" diff --git a/bootstrap.d/30-security.sh b/bootstrap.d/30-security.sh index 8b0e464..5fbfc7a 100644 --- a/bootstrap.d/30-security.sh +++ b/bootstrap.d/30-security.sh @@ -6,8 +6,8 @@ . ./functions.sh # Generate crypt(3) password string -ENCRYPTED_PASSWORD=`mkpasswd -m sha-512 "${PASSWORD}"` -ENCRYPTED_USER_PASSWORD=`mkpasswd -m sha-512 "${USER_PASSWORD}"` +ENCRYPTED_PASSWORD=$(mkpasswd -m sha-512 "${PASSWORD}") +ENCRYPTED_USER_PASSWORD=$(mkpasswd -m sha-512 "${USER_PASSWORD}") # Setup default user if [ "$ENABLE_USER" = true ] ; then diff --git a/bootstrap.d/32-sshd.sh b/bootstrap.d/32-sshd.sh index 162fdb2..9d28d51 100644 --- a/bootstrap.d/32-sshd.sh +++ b/bootstrap.d/32-sshd.sh @@ -28,7 +28,7 @@ if [ "$ENABLE_SSHD" = true ] ; then fi # Add SSH (v2) public key for user root - if [ ! -z "$SSH_ROOT_PUB_KEY" ] ; then + if [ -n "$SSH_ROOT_PUB_KEY" ] ; then # Create root SSH config directory mkdir -p "${R}/root/.ssh" @@ -52,20 +52,20 @@ if [ "$ENABLE_SSHD" = true ] ; then if [ "$ENABLE_USER" = true ] ; then # Add SSH (v2) public key for user $USER_NAME - if [ ! -z "$SSH_USER_PUB_KEY" ] ; then + if [ -n "$SSH_USER_PUB_KEY" ] ; then # Create $USER_NAME SSH config directory mkdir -p "${R}/home/${USER_NAME}/.ssh" # Set permissions of $USER_NAME SSH config directory chroot_exec chmod 700 "/home/${USER_NAME}/.ssh" - chroot_exec chown ${USER_NAME}:${USER_NAME} "/home/${USER_NAME}/.ssh" + chroot_exec chown "${USER_NAME}":"${USER_NAME}" "/home/${USER_NAME}/.ssh" # Add SSH (v2) public key(s) to authorized_keys file cat "$SSH_USER_PUB_KEY" >> "${R}/home/${USER_NAME}/.ssh/authorized_keys" # Set permissions of $USER_NAME SSH config directory chroot_exec chmod 600 "/home/${USER_NAME}/.ssh/authorized_keys" - chroot_exec chown ${USER_NAME}:${USER_NAME} "/home/${USER_NAME}/.ssh/authorized_keys" + chroot_exec chown "${USER_NAME}":"${USER_NAME}" "/home/${USER_NAME}/.ssh/authorized_keys" if [ "$ENABLE_REDUCE" = false ] || [ "$REDUCE_SSHD" = false ] ; then # Allow SSH public key authentication @@ -85,7 +85,7 @@ if [ "$ENABLE_SSHD" = true ] ; then allowed_users="${allowed_users} ${USER_NAME}" fi - if [ ! -z "$allowed_users" ] ; then + if [ -n "$allowed_users" ] ; then echo "AllowUsers ${allowed_users}" >> "${ETC_DIR}/ssh/sshd_config" fi fi @@ -113,4 +113,4 @@ if [ "$ENABLE_SSHD" = true ] ; then if [ "$ENABLE_REDUCE" = true ] && [ "$REDUCE_SSHD" = true ] ; then sed "s|^DROPBEAR_EXTRA_ARGS=.*|DROPBEAR_EXTRA_ARGS=\"${DROPBEAR_ARGS}\"|g" "${ETC_DIR}/default/dropbear" fi -fi +fi \ No newline at end of file diff --git a/bootstrap.d/41-uboot.sh b/bootstrap.d/41-uboot.sh index a7f4709..940d317 100644 --- a/bootstrap.d/41-uboot.sh +++ b/bootstrap.d/41-uboot.sh @@ -32,7 +32,7 @@ if [ "$ENABLE_UBOOT" = true ] ; then fi # Build and install U-Boot inside chroot - chroot_exec make -j${KERNEL_THREADS} -C /tmp/u-boot/ ${UBOOT_CONFIG} all + chroot_exec make -j"${KERNEL_THREADS}" -C /tmp/u-boot/ "${UBOOT_CONFIG}" all # Copy compiled bootloader binary and set config.txt to load it install_exec "${R}/tmp/u-boot/tools/mkimage" "${R}/usr/sbin/mkimage" @@ -65,6 +65,16 @@ if [ "$ENABLE_UBOOT" = true ] ; then printf "\nbootz \${kernel_addr_r} - \${fdt_addr_r}" >> "${BOOT_DIR}/uboot.mkimage" fi fi + + if [ "$KERNEL_ARCH" = "arm64" ] ; then + echo "Setting up config.txt to boot 64bit uboot" + + printf "\n# 64bit-mode" >> "${BOOT_DIR}/config.txt" + printf "\n# arm_control=0x200 is deprecated https://www.raspberrypi.org/documentation/configuration/config-txt/misc.md" >> "${BOOT_DIR}/config.txt" + printf "\narm_64bit=1" >> "${BOOT_DIR}/config.txt" + #in 64bit uboot booti is used instead of bootz [like in KERNEL_BIN_IMAGE=zImage (armv7)|| Image(armv8)] + sed -i "s|bootz|booti|g" "${BOOT_DIR}/uboot.mkimage" + fi # Set mkfile to use the correct dtb file sed -i "s/^\(setenv dtbfile \).*/\1${DTB_FILE}/" "${BOOT_DIR}/uboot.mkimage" diff --git a/bootstrap.d/99-reduce.sh b/bootstrap.d/99-reduce.sh index c339e0d..25ec9fe 100644 --- a/bootstrap.d/99-reduce.sh +++ b/bootstrap.d/99-reduce.sh @@ -25,8 +25,8 @@ if [ "$ENABLE_REDUCE" = true ] ; then # Remove all doc files if [ "$REDUCE_DOC" = true ] ; then - find "${R}/usr/share/doc" -depth -type f ! -name copyright | xargs rm || true - find "${R}/usr/share/doc" -empty | xargs rmdir || true + find "${R}/usr/share/doc" -depth -type f ! -name copyright -print0 | xargs -0 rm || true + find "${R}/usr/share/doc" -empty -print0 | xargs -0 rmdir || true fi # Remove all man pages and info files @@ -36,7 +36,7 @@ if [ "$ENABLE_REDUCE" = true ] ; then # Remove all locale translation files if [ "$REDUCE_LOCALE" = true ] ; then - find "${R}/usr/share/locale" -mindepth 1 -maxdepth 1 ! -name 'en' | xargs rm -r + find "${R}/usr/share/locale" -mindepth 1 -maxdepth 1 ! -name 'en' -print0 | xargs -0 rm -r fi # Remove hwdb PCI device classes (experimental) diff --git a/files/boot/uboot.mkimage b/files/boot/uboot.mkimage index 6ce6500..13267f6 100644 --- a/files/boot/uboot.mkimage +++ b/files/boot/uboot.mkimage @@ -8,6 +8,7 @@ setenv machid 0x00000c42 saveenv # Load the existing Linux kernel into RAM +mmc dev 0 fatload mmc 0:1 ${kernel_addr_r} kernel7.img fatload mmc 0:1 ${fdt_addr_r} ${dtbfile} fatload mmc 0:1 ${ramdisk_addr_r} ${initramfs} diff --git a/rpi23-gen-image.sh b/rpi23-gen-image.sh index 103e58f..04de63a 100755 --- a/rpi23-gen-image.sh +++ b/rpi23-gen-image.sh @@ -31,7 +31,7 @@ fi . ./functions.sh # Load parameters from configuration template file -if [ ! -z "$CONFIG_TEMPLATE" ] ; then +if [ -n "$CONFIG_TEMPLATE" ] ; then use_template fi @@ -103,6 +103,7 @@ WLAN_FIRMWARE_URL=${WLAN_FIRMWARE_URL:=https://github.com/RPi-Distro/firmware-no COLLABORA_URL=${COLLABORA_URL:=https://repositories.collabora.co.uk/debian} FBTURBO_URL=${FBTURBO_URL:=https://github.com/ssvb/xf86-video-fbturbo.git} UBOOT_URL=${UBOOT_URL:=https://git.denx.de/u-boot.git} +VIDEOCORE_URL=${VIDEOCORE_URL=https://github.com/raspberrypi/userland} # Build directories BASEDIR=${BASEDIR:=$(pwd)/images/${RELEASE}} @@ -122,7 +123,7 @@ ETC_DIR="${R}/etc" LIB_DIR="${R}/lib" BOOT_DIR="${R}/boot/firmware" KERNEL_DIR="${R}/usr/src/linux" -WLAN_FIRMWARE_DIR="${R}/lib/firmware/brcm" +WLAN_FIRMWARE_DIR="${LIB_DIR}/firmware/brcm" # Firmware directory: Blank if download from github RPI_FIRMWARE_DIR=${RPI_FIRMWARE_DIR:=""} @@ -191,6 +192,8 @@ ENABLE_REDUCE=${ENABLE_REDUCE:=false} ENABLE_UBOOT=${ENABLE_UBOOT:=false} UBOOTSRC_DIR=${UBOOTSRC_DIR:=""} ENABLE_FBTURBO=${ENABLE_FBTURBO:=false} +ENABLE_VIDEOCORE=${ENABLE_VIDEOCORE:=true} +VIDEOCORESRC_DIR=${VIDEOCORESRC_DIR:=""} FBTURBOSRC_DIR=${FBTURBOSRC_DIR:=""} ENABLE_HARDNET=${ENABLE_HARDNET:=false} ENABLE_IPTABLES=${ENABLE_IPTABLES:=false} @@ -294,7 +297,7 @@ if [ "$ENABLE_WIRELESS" = true ] && ([ "$RPI_MODEL" = 1 ] || [ "$RPI_MODEL" = 1P fi # Check if DISABLE_UNDERVOLT_WARNINGS parameter value is supported -if [ ! -z "$DISABLE_UNDERVOLT_WARNINGS" ] ; then +if [ -n "$DISABLE_UNDERVOLT_WARNINGS" ] ; then if [ "$DISABLE_UNDERVOLT_WARNINGS" != 1 ] && [ "$DISABLE_UNDERVOLT_WARNINGS" != 2 ] ; then echo "error: DISABLE_UNDERVOLT_WARNINGS=${DISABLE_UNDERVOLT_WARNINGS} is not supported" exit 1 @@ -321,9 +324,13 @@ if [ "$BUILD_KERNEL" = true ] ; then fi fi +if [ "$ENABLE_VIDEOCORE" = true ] ; then + REQUIRED_PACKAGES="${REQUIRED_PACKAGES} cmake" +fi + # Add libncurses5 to enable kernel menuconfig if [ "$KERNEL_MENUCONFIG" = true ] ; then - REQUIRED_PACKAGES="${REQUIRED_PACKAGES} libncurses5-dev" + REQUIRED_PACKAGES="${REQUIRED_PACKAGES} libncurses-dev" fi # Add ccache compiler cache for (faster) kernel cross (re)compilation @@ -354,7 +361,7 @@ if [ "$ENABLE_UBOOT" = true ] ; then fi # Check if root SSH (v2) public key file exists -if [ ! -z "$SSH_ROOT_PUB_KEY" ] ; then +if [ -n "$SSH_ROOT_PUB_KEY" ] ; then if [ ! -f "$SSH_ROOT_PUB_KEY" ] ; then echo "error: '$SSH_ROOT_PUB_KEY' specified SSH public key file not found (SSH_ROOT_PUB_KEY)!" exit 1 @@ -362,7 +369,7 @@ if [ ! -z "$SSH_ROOT_PUB_KEY" ] ; then fi # Check if $USER_NAME SSH (v2) public key file exists -if [ ! -z "$SSH_USER_PUB_KEY" ] ; then +if [ -n "$SSH_USER_PUB_KEY" ] ; then if [ ! -f "$SSH_USER_PUB_KEY" ] ; then echo "error: '$SSH_USER_PUB_KEY' specified SSH public key file not found (SSH_USER_PUB_KEY)!" exit 1 @@ -371,7 +378,7 @@ fi # Check if all required packages are installed on the build system for package in $REQUIRED_PACKAGES ; do - if [ "`dpkg-query -W -f='${Status}' $package`" != "install ok installed" ] ; then + if [ "$(dpkg-query -W -f='${Status}' $package)" != "install ok installed" ] ; then MISSING_PACKAGES="${MISSING_PACKAGES} $package" fi done @@ -381,12 +388,12 @@ if [ -n "$MISSING_PACKAGES" ] ; then echo "the following packages needed by this script are not installed:" echo "$MISSING_PACKAGES" - echo -n "\ndo you want to install the missing packages right now? [y/n] " - read confirm + printf "\ndo you want to install the missing packages right now? [y/n] " + read -r confirm [ "$confirm" != "y" ] && exit 1 # Make sure all missing required packages are installed - apt-get -qq -y install ${MISSING_PACKAGES} + apt-get -qq -y install "${MISSING_PACKAGES}" fi # Check if ./bootstrap.d directory exists @@ -413,6 +420,12 @@ if [ -n "$UBOOTSRC_DIR" ] && [ ! -d "$UBOOTSRC_DIR" ] ; then exit 1 fi +# Check if specified VIDEOCORESRC_DIR directory exists +if [ -n "$VIDEOCORESRC_DIR" ] && [ ! -d "$VIDEOCORESRC_DIR" ] ; then + echo "error: '${VIDEOCORESRC_DIR}' specified directory not found (VIDEOCORESRC_DIR)!" + exit 1 +fi + # Check if specified FBTURBOSRC_DIR directory exists if [ -n "$FBTURBOSRC_DIR" ] && [ ! -d "$FBTURBOSRC_DIR" ] ; then echo "error: '${FBTURBOSRC_DIR}' specified directory not found (FBTURBOSRC_DIR)!" @@ -441,7 +454,7 @@ fi mkdir -p "${R}" # Check if build directory has enough of free disk space >512MB -if [ "$(df --output=avail ${BUILDDIR} | sed "1d")" -le "524288" ] ; then +if [ "$(df --output=avail "${BUILDDIR}" | sed "1d")" -le "524288" ] ; then echo "error: ${BUILDDIR} not enough space left to generate the output image!" exit 1 fi @@ -519,7 +532,7 @@ if [ "$ENABLE_REDUCE" = true ] ; then # Add dropbear package instead of openssh-server if [ "$REDUCE_SSHD" = true ] ; then - APT_INCLUDES="$(echo ${APT_INCLUDES} | sed "s/openssh-server/dropbear/")" + APT_INCLUDES="$(echo "${APT_INCLUDES}" | sed "s/openssh-server/dropbear/")" fi fi @@ -662,27 +675,27 @@ if [ "$ENABLE_QEMU" = true ] ; then fi # Calculate size of the chroot directory in KB -CHROOT_SIZE=$(expr `du -s "${R}" | awk '{ print $1 }'`) +CHROOT_SIZE=$(expr "$(du -s "${R}" | awk '{ print $1 }')") # Calculate the amount of needed 512 Byte sectors TABLE_SECTORS=$(expr 1 \* 1024 \* 1024 \/ 512) FRMW_SECTORS=$(expr 64 \* 1024 \* 1024 \/ 512) -ROOT_OFFSET=$(expr ${TABLE_SECTORS} + ${FRMW_SECTORS}) +ROOT_OFFSET=$(expr "${TABLE_SECTORS}" + "${FRMW_SECTORS}") # The root partition is EXT4 # This means more space than the actual used space of the chroot is used. # As overhead for journaling and reserved blocks 35% are added. -ROOT_SECTORS=$(expr $(expr ${CHROOT_SIZE} + ${CHROOT_SIZE} \/ 100 \* 35) \* 1024 \/ 512) +ROOT_SECTORS=$(expr "$(expr "${CHROOT_SIZE}" + "${CHROOT_SIZE}" \/ 100 \* 35)" \* 1024 \/ 512) # Calculate required image size in 512 Byte sectors -IMAGE_SECTORS=$(expr ${TABLE_SECTORS} + ${FRMW_SECTORS} + ${ROOT_SECTORS}) +IMAGE_SECTORS=$(expr "${TABLE_SECTORS}" + "${FRMW_SECTORS}" + "${ROOT_SECTORS}") # Prepare image file if [ "$ENABLE_SPLITFS" = true ] ; then - dd if=/dev/zero of="$IMAGE_NAME-frmw.img" bs=512 count=${TABLE_SECTORS} - dd if=/dev/zero of="$IMAGE_NAME-frmw.img" bs=512 count=0 seek=${FRMW_SECTORS} - dd if=/dev/zero of="$IMAGE_NAME-root.img" bs=512 count=${TABLE_SECTORS} - dd if=/dev/zero of="$IMAGE_NAME-root.img" bs=512 count=0 seek=${ROOT_SECTORS} + dd if=/dev/zero of="$IMAGE_NAME-frmw.img" bs=512 count="${TABLE_SECTORS}" + dd if=/dev/zero of="$IMAGE_NAME-frmw.img" bs=512 count=0 seek="${FRMW_SECTORS}" + dd if=/dev/zero of="$IMAGE_NAME-root.img" bs=512 count="${TABLE_SECTORS}" + dd if=/dev/zero of="$IMAGE_NAME-root.img" bs=512 count=0 seek="${ROOT_SECTORS}" # Write firmware/boot partition tables sfdisk -q -L -uS -f "$IMAGE_NAME-frmw.img" 2> /dev/null < /dev/null <