##// END OF EJS Templates
Merge pull request #3 from drtyhlpr/master...
burnbabyburn -
r329:02f0baa56ac1 Fusion
parent child
Show More
@@ -1,490 +1,493
1 1 # rpi23-gen-image
2 2 ## Introduction
3 3 `rpi23-gen-image.sh` is an advanced Debian Linux bootstrapping shell script for generating Debian OS images for Raspberry Pi 2 (RPi2) and Raspberry Pi 3 (RPi3) computers. The script at this time supports the bootstrapping of the Debian (armhf) releases `jessie`, `stretch` and `buster`. Raspberry Pi 3 images are generated for 32-bit mode only. Raspberry Pi 3 64-bit images can be generated using custom configuration parameters (```templates/rpi3-stretch-arm64-4.11.y```).
4 4
5 5 ## Build dependencies
6 6 The following list of Debian packages must be installed on the build system because they are essentially required for the bootstrapping process. The script will check if all required packages are installed and missing packages will be installed automatically if confirmed by the user.
7 7
8 8 ```debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git bc psmisc dbus sudo```
9 9
10 10 It is recommended to configure the `rpi23-gen-image.sh` script to build and install the latest Raspberry Pi Linux kernel. For the RPi3 this is mandatory. Kernel compilation and linking will be performed on the build system using an ARM (armhf) cross-compiler toolchain.
11 11
12 12 The script has been tested using the default `crossbuild-essential-armhf` toolchain meta package on Debian Linux `jessie` and `stretch` build systems. Please check the [Debian CrossToolchains Wiki](https://wiki.debian.org/CrossToolchains) for further information.
13 13
14 14 If a Debian Linux `jessie` build system is used it will be required to add the [Debian Cross-toolchains repository](http://emdebian.org/tools/debian/) first:
15 15
16 16 ```
17 17 echo "deb http://emdebian.org/tools/debian/ jessie main" > /etc/apt/sources.list.d/crosstools.list
18 18 sudo -u nobody wget -O - http://emdebian.org/tools/debian/emdebian-toolchain-archive.key | apt-key add -
19 19 dpkg --add-architecture armhf
20 20 apt-get update
21 21 ```
22 22
23 23 ## Command-line parameters
24 24 The script accepts certain command-line parameters to enable or disable specific OS features, services and configuration settings. These parameters are passed to the `rpi23-gen-image.sh` script via (simple) shell-variables. Unlike environment shell-variables (simple) shell-variables are defined at the beginning of the command-line call of the `rpi23-gen-image.sh` script.
25 25
26 26 ##### Command-line examples:
27 27 ```shell
28 28 ENABLE_UBOOT=true ./rpi23-gen-image.sh
29 29 ENABLE_CONSOLE=false ENABLE_IPV6=false ./rpi23-gen-image.sh
30 30 ENABLE_WM=xfce4 ENABLE_FBTURBO=true ENABLE_MINBASE=true ./rpi23-gen-image.sh
31 31 ENABLE_HARDNET=true ENABLE_IPTABLES=true /rpi23-gen-image.sh
32 32 APT_SERVER=ftp.de.debian.org APT_PROXY="http://127.0.0.1:3142/" ./rpi23-gen-image.sh
33 33 ENABLE_MINBASE=true ./rpi23-gen-image.sh
34 34 BUILD_KERNEL=true ENABLE_MINBASE=true ENABLE_IPV6=false ./rpi23-gen-image.sh
35 35 BUILD_KERNEL=true KERNELSRC_DIR=/tmp/linux ./rpi23-gen-image.sh
36 36 ENABLE_MINBASE=true ENABLE_REDUCE=true ENABLE_MINGPU=true BUILD_KERNEL=true ./rpi23-gen-image.sh
37 37 ENABLE_CRYPTFS=true CRYPTFS_PASSWORD=changeme EXPANDROOT=false ENABLE_MINBASE=true ENABLE_REDUCE=true ENABLE_MINGPU=true BUILD_KERNEL=true ./rpi23-gen-image.sh
38 38 RELEASE=stretch BUILD_KERNEL=true ./rpi23-gen-image.sh
39 39 RPI_MODEL=3 ENABLE_WIRELESS=true ENABLE_MINBASE=true BUILD_KERNEL=true ./rpi23-gen-image.sh
40 40 RELEASE=stretch RPI_MODEL=3 ENABLE_WIRELESS=true ENABLE_MINBASE=true BUILD_KERNEL=true ./rpi23-gen-image.sh
41 41 ```
42 42
43 43 ## Configuration template files
44 44 To avoid long lists of command-line parameters and to help to store the favourite parameter configurations the `rpi23-gen-image.sh` script supports so called configuration template files (`CONFIG_TEMPLATE`=template). These are simple text files located in the `./templates` directory that contain the list of configuration parameters that will be used. New configuration template files can be added to the `./templates` directory.
45 45
46 46 ##### Command-line examples:
47 47 ```shell
48 48 CONFIG_TEMPLATE=rpi3stretch ./rpi23-gen-image.sh
49 49 CONFIG_TEMPLATE=rpi2stretch ./rpi23-gen-image.sh
50 50 ```
51 51
52 52 ## Supported parameters and settings
53 53 #### APT settings:
54 54 ##### `APT_SERVER`="ftp.debian.org"
55 55 Set Debian packages server address. Choose a server from the list of Debian worldwide [mirror sites](https://www.debian.org/mirror/list). Using a nearby server will probably speed-up all required downloads within the bootstrapping process.
56 56
57 57 ##### `APT_PROXY`=""
58 58 Set Proxy server address. Using a local Proxy-Cache like `apt-cacher-ng` will speed-up the bootstrapping process because all required Debian packages will only be downloaded from the Debian mirror site once.
59 59
60 60 ##### `APT_INCLUDES`=""
61 61 A comma separated list of additional packages to be installed by debootstrap during bootstrapping.
62 62
63 63 ##### `APT_INCLUDES_LATE`=""
64 64 A comma separated list of additional packages to be installed by apt after bootstrapping and after APT sources are set up. This is useful for packages with pre-depends, which debootstrap do not handle well.
65 65
66 66 ---
67 67
68 68 #### General system settings:
69 69 ##### `RPI_MODEL`=2
70 70 Specifiy the target Raspberry Pi hardware model. The script at this time supports the following Raspberry Pi models:
71 71 `0` = Used for Raspberry Pi 0 and Raspberry Pi 0 W
72 72 `1` = Used for Pi 1 model A and B
73 73 `1P` = Used for Pi 1 model B+ and A+
74 74 `2` = Used for Pi 2 model B
75 75 `3` = Used for Pi 3 model B
76 76 `3P` = Used for Pi 3 model B+
77 77 `BUILD_KERNEL`=true will automatically be set if the Raspberry Pi model `3` or `3P` is used.
78 78
79 79 ##### `RELEASE`="jessie"
80 80 Set the desired Debian release name. The script at this time supports the bootstrapping of the Debian releases "jessie", "stretch" and "buster". `BUILD_KERNEL`=true will automatically be set if the Debian releases `stretch` or `buster` are used.
81 81
82 82 ##### `RELEASE_ARCH`="armhf"
83 83 Set the desired Debian release architecture.
84 84
85 85 ##### `HOSTNAME`="rpi$RPI_MODEL-$RELEASE"
86 86 Set system host name. It's recommended that the host name is unique in the corresponding subnet.
87 87
88 88 ##### `PASSWORD`="raspberry"
89 89 Set system `root` password. It's **STRONGLY** recommended that you choose a custom password.
90 90
91 91 ##### `USER_PASSWORD`="raspberry"
92 92 Set password for the created non-root user `USER_NAME`=pi. Ignored if `ENABLE_USER`=false. It's **STRONGLY** recommended that you choose a custom password.
93 93
94 94 ##### `DEFLOCAL`="en_US.UTF-8"
95 95 Set default system locale. This setting can also be changed inside the running OS using the `dpkg-reconfigure locales` command. Please note that on using this parameter the script will automatically install the required packages `locales`, `keyboard-configuration` and `console-setup`.
96 96
97 97 ##### `TIMEZONE`="Europe/Berlin"
98 98 Set default system timezone. All available timezones can be found in the `/usr/share/zoneinfo/` directory. This setting can also be changed inside the running OS using the `dpkg-reconfigure tzdata` command.
99 99
100 100 ##### `EXPANDROOT`=true
101 101 Expand the root partition and filesystem automatically on first boot.
102 102
103 103 ##### `ENABLE_QEMU`=false
104 104 Generate kernel (`vexpress_defconfig`), file system image (`qcow2`) and DTB files that can be used for QEMU full system emulation (`vexpress-A15`). The output files are stored in the `$(pwd)/images/qemu` directory. You can find more information about running the generated image in the QEMU section of this readme file.
105 105
106 106 ---
107 107
108 108 #### Keyboard settings:
109 109 These options are used to configure keyboard layout in `/etc/default/keyboard` for console and Xorg. These settings can also be changed inside the running OS using the `dpkg-reconfigure keyboard-configuration` command.
110 110
111 111 ##### `XKB_MODEL`=""
112 112 Set the name of the model of your keyboard type.
113 113
114 114 ##### `XKB_LAYOUT`=""
115 115 Set the supported keyboard layout(s).
116 116
117 117 ##### `XKB_VARIANT`=""
118 118 Set the supported variant(s) of the keyboard layout(s).
119 119
120 120 ##### `XKB_OPTIONS`=""
121 121 Set extra xkb configuration options.
122 122
123 123 ---
124 124
125 125 #### Networking settings (DHCP):
126 126 This parameter is used to set up networking auto configuration in `/etc/systemd/network/eth.network`. The default location of network configuration files in the Debian `stretch` release was changed to `/lib/systemd/network`.`
127 127
128 128 ##### `ENABLE_DHCP`=true
129 129 Set the system to use DHCP. This requires an DHCP server.
130 130
131 131 ---
132 132
133 133 #### Networking settings (static):
134 134 These parameters are used to set up a static networking configuration in `/etc/systemd/network/eth.network`. The following static networking parameters are only supported if `ENABLE_DHCP` was set to `false`. The default location of network configuration files in the Debian `stretch` release was changed to `/lib/systemd/network`.
135 135
136 136 ##### `NET_ADDRESS`=""
137 137 Set a static IPv4 or IPv6 address and its prefix, separated by "/", eg. "192.169.0.3/24".
138 138
139 139 ##### `NET_GATEWAY`=""
140 140 Set the IP address for the default gateway.
141 141
142 142 ##### `NET_DNS_1`=""
143 143 Set the IP address for the first DNS server.
144 144
145 145 ##### `NET_DNS_2`=""
146 146 Set the IP address for the second DNS server.
147 147
148 148 ##### `NET_DNS_DOMAINS`=""
149 149 Set the default DNS search domains to use for non fully qualified host names.
150 150
151 151 ##### `NET_NTP_1`=""
152 152 Set the IP address for the first NTP server.
153 153
154 154 ##### `NET_NTP_2`=""
155 155 Set the IP address for the second NTP server.
156 156
157 157 ---
158 158
159 159 #### Basic system features:
160 160 ##### `ENABLE_CONSOLE`=true
161 161 Enable serial console interface. Recommended if no monitor or keyboard is connected to the RPi2/3. In case of problems fe. if the network (auto) configuration failed - the serial console can be used to access the system.
162 162
163 163 ##### `ENABLE_I2C`=false
164 164 Enable I2C interface on the RPi2/3. Please check the [RPi2/3 pinout diagrams](https://elinux.org/RPi_Low-level_peripherals) to connect the right GPIO pins.
165 165
166 166 ##### `ENABLE_SPI`=false
167 167 Enable SPI interface on the RPi2/3. Please check the [RPi2/3 pinout diagrams](https://elinux.org/RPi_Low-level_peripherals) to connect the right GPIO pins.
168 168
169 169 ##### `ENABLE_IPV6`=true
170 170 Enable IPv6 support. The network interface configuration is managed via systemd-networkd.
171 171
172 172 ##### `ENABLE_SSHD`=true
173 173 Install and enable OpenSSH service. The default configuration of the service doesn't allow `root` to login. Please use the user `pi` instead and `su -` or `sudo` to execute commands as root.
174 174
175 175 ##### `ENABLE_NONFREE`=false
176 176 Allow the installation of non-free Debian packages that do not comply with the DFSG. This is required to install closed-source firmware binary blobs.
177 177
178 178 ##### `ENABLE_WIRELESS`=false
179 Download and install the [closed-source firmware binary blob](https://github.com/RPi-Distro/firmware-nonfree/tree/master/brcm80211/brcm) that is required to run the internal wireless interface of the Raspberry Pi model `3`. This parameter is ignored if the specified `RPI_MODEL` is not `3`.
179 Download and install the [closed-source firmware binary blob](https://github.com/RPi-Distro/firmware-nonfree/raw/master/brcm) that is required to run the internal wireless interface of the Raspberry Pi model `3`. This parameter is ignored if the specified `RPI_MODEL` is not `3`.
180 180
181 181 ##### `ENABLE_RSYSLOG`=true
182 182 If set to false, disable and uninstall rsyslog (so logs will be available only
183 183 in journal files)
184 184
185 185 ##### `ENABLE_SOUND`=true
186 186 Enable sound hardware and install Advanced Linux Sound Architecture.
187 187
188 188 ##### `ENABLE_HWRANDOM`=true
189 189 Enable Hardware Random Number Generator. Strong random numbers are important for most network based communications that use encryption. It's recommended to be enabled.
190 190
191 191 ##### `ENABLE_MINGPU`=false
192 192 Minimize the amount of shared memory reserved for the GPU. It doesn't seem to be possible to fully disable the GPU.
193 193
194 194 ##### `ENABLE_DBUS`=true
195 195 Install and enable D-Bus message bus. Please note that systemd should work without D-bus but it's recommended to be enabled.
196 196
197 197 ##### `ENABLE_XORG`=false
198 198 Install Xorg open-source X Window System.
199 199
200 200 ##### `ENABLE_WM`=""
201 201 Install a user defined window manager for the X Window System. To make sure all X related package dependencies are getting installed `ENABLE_XORG` will automatically get enabled if `ENABLE_WM` is used. The `rpi23-gen-image.sh` script has been tested with the following list of window managers: `blackbox`, `openbox`, `fluxbox`, `jwm`, `dwm`, `xfce4`, `awesome`.
202 202
203 ##### `ENABLE_SYSVINIT`=false
204 Support for halt,init,poweroff,reboot,runlevel,shutdown,telinit commands
205
203 206 ---
204 207
205 208 #### Advanced system features:
206 209 ##### `ENABLE_MINBASE`=false
207 210 Use debootstrap script variant `minbase` which only includes essential packages and apt. This will reduce the disk usage by about 65 MB.
208 211
209 212 ##### `ENABLE_REDUCE`=false
210 213 Reduce the disk space usage by deleting packages and files. See `REDUCE_*` parameters for detailed information.
211 214
212 215 ##### `ENABLE_UBOOT`=false
213 216 Replace the default RPi2/3 second stage bootloader (bootcode.bin) with [U-Boot bootloader](https://git.denx.de/?p=u-boot.git;a=summary). U-Boot can boot images via the network using the BOOTP/TFTP protocol.
214 217
215 218 ##### `UBOOTSRC_DIR`=""
216 219 Path to a directory (`u-boot`) of [U-Boot bootloader sources](https://git.denx.de/?p=u-boot.git;a=summary) that will be copied, configured, build and installed inside the chroot.
217 220
218 221 ##### `ENABLE_FBTURBO`=false
219 222 Install and enable the [hardware accelerated Xorg video driver](https://github.com/ssvb/xf86-video-fbturbo) `fbturbo`. Please note that this driver is currently limited to hardware accelerated window moving and scrolling.
220 223
221 224 ##### `FBTURBOSRC_DIR`=""
222 225 Path to a directory (`xf86-video-fbturbo`) of [hardware accelerated Xorg video driver sources](https://github.com/ssvb/xf86-video-fbturbo) that will be copied, configured, build and installed inside the chroot.
223 226
224 227 ##### `ENABLE_IPTABLES`=false
225 228 Enable iptables IPv4/IPv6 firewall. Simplified ruleset: Allow all outgoing connections. Block all incoming connections except to OpenSSH service.
226 229
227 230 ##### `ENABLE_USER`=true
228 231 Create non-root user with password `USER_PASSWORD`=raspberry. Unless overridden with `USER_NAME`=user, username will be `pi`.
229 232
230 233 ##### `USER_NAME`=pi
231 234 Non-root user to create. Ignored if `ENABLE_USER`=false
232 235
233 236 ##### `ENABLE_ROOT`=false
234 237 Set root user password so root login will be enabled
235 238
236 239 ##### `ENABLE_HARDNET`=false
237 240 Enable IPv4/IPv6 network stack hardening settings.
238 241
239 242 ##### `ENABLE_SPLITFS`=false
240 243 Enable having root partition on an USB drive by creating two image files: one for the `/boot/firmware` mount point, and another for `/`.
241 244
242 245 ##### `CHROOT_SCRIPTS`=""
243 246 Path to a directory with scripts that should be run in the chroot before the image is finally built. Every executable file in this directory is run in lexicographical order.
244 247
245 248 ##### `ENABLE_INITRAMFS`=false
246 249 Create an initramfs that that will be loaded during the Linux startup process. `ENABLE_INITRAMFS` will automatically get enabled if `ENABLE_CRYPTFS`=true. This parameter will be ignored if `BUILD_KERNEL`=false.
247 250
248 251 ##### `ENABLE_IFNAMES`=true
249 252 Enable automatic assignment of predictable, stable network interface names for all local Ethernet, WLAN interfaces. This might create complex and long interface names. This parameter is only supported if the Debian releases `stretch` or `buster` are used.
250 253
251 254 ##### `DISABLE_UNDERVOLT_WARNINGS`=
252 255 Disable RPi2/3 under-voltage warnings and overlays. Setting the parameter to `1` will disable the warning overlay. Setting it to `2` will additionally allow RPi2/3 turbo mode when low-voltage is present.
253 256
254 257 ---
255 258
256 259 #### SSH settings:
257 260 ##### `SSH_ENABLE_ROOT`=false
258 261 Enable password root login via SSH. This may be a security risk with default password, use only in trusted environments. `ENABLE_ROOT` must be set to `true`.
259 262
260 263 ##### `SSH_DISABLE_PASSWORD_AUTH`=false
261 264 Disable password based SSH authentication. Only public key based SSH (v2) authentication will be supported.
262 265
263 266 ##### `SSH_LIMIT_USERS`=false
264 267 Limit the users that are allowed to login via SSH. Only allow user `USER_NAME`=pi and root if `SSH_ENABLE_ROOT`=true to login. This parameter will be ignored if `dropbear` SSH is used (`REDUCE_SSHD`=true).
265 268
266 269 ##### `SSH_ROOT_PUB_KEY`=""
267 270 Add SSH (v2) public key(s) from specified file to `authorized_keys` file to enable public key based SSH (v2) authentication of user `root`. The specified file can also contain multiple SSH (v2) public keys. SSH protocol version 1 is not supported. `ENABLE_ROOT` **and** `SSH_ENABLE_ROOT` must be set to `true`.
268 271
269 272 ##### `SSH_USER_PUB_KEY`=""
270 273 Add SSH (v2) public key(s) from specified file to `authorized_keys` file to enable public key based SSH (v2) authentication of user `USER_NAME`=pi. The specified file can also contain multiple SSH (v2) public keys. SSH protocol version 1 is not supported.
271 274
272 275 ---
273 276
274 277 #### Kernel compilation:
275 278 ##### `BUILD_KERNEL`=false
276 279 Build and install the latest RPi2/3 Linux kernel. Currently only the default RPi2/3 kernel configuration is used. `BUILD_KERNEL`=true will automatically be set if the Raspberry Pi model `3` is used.
277 280
278 281 ##### `CROSS_COMPILE`="arm-linux-gnueabihf-"
279 282 This sets the cross compile enviornment for the compiler.
280 283
281 284 ##### `KERNEL_ARCH`="arm"
282 285 This sets the kernel architecture for the compiler.
283 286
284 287 ##### `KERNEL_IMAGE`="kernel7.img"
285 288 Name of the image file in the boot partition. If not set, `KERNEL_IMAGE` will be set to "kernel8.img" automatically if building for arm64.
286 289
287 290 ##### `KERNEL_BRANCH`=""
288 291 Name of the requested branch from the GIT location for the RPi Kernel. Default is using the current default branch from the GIT site.
289 292
290 293 ##### `QEMU_BINARY`="/usr/bin/qemu-arm-static"
291 294 Sets the QEMU enviornment for the Debian archive. If not set, `QEMU_BINARY` will be set to "/usr/bin/qemu-aarch64-static" automatically if building for arm64.
292 295
293 296 ##### `KERNEL_DEFCONFIG`="bcm2709_defconfig"
294 297 Sets the default config for kernel compiling. If not set, `KERNEL_DEFCONFIG` will be set to "bcmrpi3\_defconfig" automatically if building for arm64.
295 298
296 299 ##### `KERNEL_REDUCE`=false
297 300 Reduce the size of the generated kernel by removing unwanted device, network and filesystem drivers (experimental).
298 301
299 302 ##### `KERNEL_THREADS`=1
300 303 Number of parallel kernel building threads. If the parameter is left untouched the script will automatically determine the number of CPU cores to set the number of parallel threads to speed the kernel compilation.
301 304
302 305 ##### `KERNEL_HEADERS`=true
303 306 Install kernel headers with built kernel.
304 307
305 308 ##### `KERNEL_MENUCONFIG`=false
306 309 Start `make menuconfig` interactive menu-driven kernel configuration. The script will continue after `make menuconfig` was terminated.
307 310
308 311 ##### `KERNEL_OLDDEFCONFIG`=false
309 312 Run `make olddefconfig` to automatically set all new kernel configuration options to their recommended default values.
310 313
311 314 ##### `KERNEL_CCACHE`=false
312 315 Compile the kernel using ccache. This speeds up kernel recompilation by caching previous compilations and detecting when the same compilation is being done again.
313 316
314 317 ##### `KERNEL_REMOVESRC`=true
315 318 Remove all kernel sources from the generated OS image after it was built and installed.
316 319
317 320 ##### `KERNELSRC_DIR`=""
318 321 Path to a directory (`linux`) of [RaspberryPi Linux kernel sources](https://github.com/raspberrypi/linux) that will be copied, configured, build and installed inside the chroot.
319 322
320 323 ##### `KERNELSRC_CLEAN`=false
321 324 Clean the existing kernel sources directory `KERNELSRC_DIR` (using `make mrproper`) after it was copied to the chroot and before the compilation of the kernel has started. This parameter will be ignored if no `KERNELSRC_DIR` was specified or if `KERNELSRC_PREBUILT`=true.
322 325
323 326 ##### `KERNELSRC_CONFIG`=true
324 327 Run `make bcm2709_defconfig` (and optional `make menuconfig`) to configure the kernel sources before building. This parameter is automatically set to `true` if no existing kernel sources directory was specified using `KERNELSRC_DIR`. This parameter is ignored if `KERNELSRC_PREBUILT`=true.
325 328
326 329 ##### `KERNELSRC_USRCONFIG`=""
327 330 Copy own config file to kernel `.config`. If `KERNEL_MENUCONFIG`=true then running after copy.
328 331
329 332 ##### `KERNELSRC_PREBUILT`=false
330 333 With this parameter set to true the script expects the existing kernel sources directory to be already successfully cross-compiled. The parameters `KERNELSRC_CLEAN`, `KERNELSRC_CONFIG`, `KERNELSRC_USRCONFIG` and `KERNEL_MENUCONFIG` are ignored and no kernel compilation tasks are performed.
331 334
332 335 ##### `RPI_FIRMWARE_DIR`=""
333 336 The directory (`firmware`) containing a local copy of the firmware from the [RaspberryPi firmware project](https://github.com/raspberrypi/firmware). Default is to download the latest firmware directly from the project.
334 337
335 338 ---
336 339
337 340 #### Reduce disk usage:
338 341 The following list of parameters is ignored if `ENABLE_REDUCE`=false.
339 342
340 343 ##### `REDUCE_APT`=true
341 344 Configure APT to use compressed package repository lists and no package caching files.
342 345
343 346 ##### `REDUCE_DOC`=true
344 347 Remove all doc files (harsh). Configure APT to not include doc files on future `apt-get` package installations.
345 348
346 349 ##### `REDUCE_MAN`=true
347 350 Remove all man pages and info files (harsh). Configure APT to not include man pages on future `apt-get` package installations.
348 351
349 352 ##### `REDUCE_VIM`=false
350 353 Replace `vim-tiny` package by `levee` a tiny vim clone.
351 354
352 355 ##### `REDUCE_BASH`=false
353 356 Remove `bash` package and switch to `dash` shell (experimental).
354 357
355 358 ##### `REDUCE_HWDB`=true
356 359 Remove PCI related hwdb files (experimental).
357 360
358 361 ##### `REDUCE_SSHD`=true
359 362 Replace `openssh-server` with `dropbear`.
360 363
361 364 ##### `REDUCE_LOCALE`=true
362 365 Remove all `locale` translation files.
363 366
364 367 ---
365 368
366 369 #### Encrypted root partition:
367 370 ##### `ENABLE_CRYPTFS`=false
368 371 Enable full system encryption with dm-crypt. Setup a fully LUKS encrypted root partition (aes-xts-plain64:sha512) and generate required initramfs. The /boot directory will not be encrypted. This parameter will be ignored if `BUILD_KERNEL`=false. `ENABLE_CRYPTFS` is experimental. SSH-to-initramfs is currently not supported but will be soon - feel free to help.
369 372
370 373 ##### `CRYPTFS_PASSWORD`=""
371 374 Set password of the encrypted root partition. This parameter is mandatory if `ENABLE_CRYPTFS`=true.
372 375
373 376 ##### `CRYPTFS_MAPPING`="secure"
374 377 Set name of dm-crypt managed device-mapper mapping.
375 378
376 379 ##### `CRYPTFS_CIPHER`="aes-xts-plain64:sha512"
377 380 Set cipher specification string. `aes-xts*` ciphers are strongly recommended.
378 381
379 382 ##### `CRYPTFS_XTSKEYSIZE`=512
380 383 Sets key size in bits. The argument has to be a multiple of 8.
381 384
382 385 ---
383 386
384 387 #### Build settings:
385 388 ##### `BASEDIR`=$(pwd)/images/${RELEASE}
386 389 Set a path to a working directory used by the script to generate an image.
387 390
388 391 ##### `IMAGE_NAME`=${BASEDIR}/${DATE}-${KERNEL_ARCH}-${KERNEL_BRANCH}-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}
389 392 Set a filename for the output file(s). Note: the script will create $IMAGE_NAME.img if `ENABLE_SPLITFS`=false or $IMAGE_NAME-frmw.img and $IMAGE_NAME-root.img if `ENABLE_SPLITFS`=true. Note 2: If the KERNEL_BRANCH is not set, the word "CURRENT" is used.
390 393
391 394 ## Understanding the script
392 395 The functions of this script that are required for the different stages of the bootstrapping are split up into single files located inside the `bootstrap.d` directory. During the bootstrapping every script in this directory gets executed in lexicographical order:
393 396
394 397 | Script | Description |
395 398 | --- | --- |
396 399 | `10-bootstrap.sh` | Debootstrap basic system |
397 400 | `11-apt.sh` | Setup APT repositories |
398 401 | `12-locale.sh` | Setup Locales and keyboard settings |
399 402 | `13-kernel.sh` | Build and install RPi2/3 Kernel |
400 403 | `14-fstab.sh` | Setup fstab and initramfs |
401 404 | `15-rpi-config.sh` | Setup RPi2/3 config and cmdline |
402 405 | `20-networking.sh` | Setup Networking |
403 406 | `21-firewall.sh` | Setup Firewall |
404 407 | `30-security.sh` | Setup Users and Security settings |
405 408 | `31-logging.sh` | Setup Logging |
406 409 | `32-sshd.sh` | Setup SSH and public keys |
407 410 | `41-uboot.sh` | Build and Setup U-Boot |
408 411 | `42-fbturbo.sh` | Build and Setup fbturbo Xorg driver |
409 412 | `50-firstboot.sh` | First boot actions |
410 413 | `99-reduce.sh` | Reduce the disk space usage |
411 414
412 415 All the required configuration files that will be copied to the generated OS image are located inside the `files` directory. It is not recommended to modify these configuration files manually.
413 416
414 417 | Directory | Description |
415 418 | --- | --- |
416 419 | `apt` | APT management configuration files |
417 420 | `boot` | Boot and RPi2/3 configuration files |
418 421 | `dpkg` | Package Manager configuration |
419 422 | `etc` | Configuration files and rc scripts |
420 423 | `firstboot` | Scripts that get executed on first boot |
421 424 | `initramfs` | Initramfs scripts |
422 425 | `iptables` | Firewall configuration files |
423 426 | `locales` | Locales configuration |
424 427 | `modules` | Kernel Modules configuration |
425 428 | `mount` | Fstab configuration |
426 429 | `network` | Networking configuration files |
427 430 | `sysctl.d` | Swapping and Network Hardening configuration |
428 431 | `xorg` | fbturbo Xorg driver configuration |
429 432
430 433 ## Custom packages and scripts
431 434 Debian custom packages, i.e. those not in the debian repositories, can be installed by placing them in the `packages` directory. They are installed immediately after packages from the repositories are installed. Any dependencies listed in the custom packages will be downloaded automatically from the repositories. Do not list these custom packages in `APT_INCLUDES`.
432 435
433 436 Scripts in the custom.d directory will be executed after all other installation is complete but before the image is created.
434 437
435 438 ## Logging of the bootstrapping process
436 439 All information related to the bootstrapping process and the commands executed by the `rpi23-gen-image.sh` script can easily be saved into a logfile. The common shell command `script` can be used for this purpose:
437 440
438 441 ```shell
439 442 script -c 'APT_SERVER=ftp.de.debian.org ./rpi23-gen-image.sh' ./build.log
440 443 ```
441 444
442 445 ## Flashing the image file
443 446 After the image file was successfully created by the `rpi23-gen-image.sh` script it can be copied to the microSD card that will be used by the RPi2/3 computer. This can be performed by using the tools `bmaptool` or `dd`. Using `bmaptool` will probably speed-up the copy process because `bmaptool` copies more wisely than `dd`.
444 447
445 448 ##### Flashing examples:
446 449 ```shell
447 450 bmaptool copy ./images/jessie/2017-01-23-rpi3-jessie.img /dev/mmcblk0
448 451 dd bs=4M if=./images/jessie/2017-01-23-rpi3-jessie.img of=/dev/mmcblk0
449 452 ```
450 453 If you have set `ENABLE_SPLITFS`, copy the `-frmw` image on the microSD card, then the `-root` one on the USB drive:
451 454 ```shell
452 455 bmaptool copy ./images/jessie/2017-01-23-rpi3-jessie-frmw.img /dev/mmcblk0
453 456 bmaptool copy ./images/jessie/2017-01-23-rpi3-jessie-root.img /dev/sdc
454 457 ```
455 458
456 459 ## QEMU emulation
457 460 Start QEMU full system emulation:
458 461 ```shell
459 462 qemu-system-arm -m 2048M -M vexpress-a15 -cpu cortex-a15 -kernel kernel7.img -no-reboot -dtb vexpress-v2p-ca15_a7.dtb -sd ${IMAGE_NAME}.qcow2 -append "root=/dev/mmcblk0p2 rw rootfstype=ext4 console=tty1"
460 463 ```
461 464
462 465 Start QEMU full system emulation and output to console:
463 466 ```shell
464 467 qemu-system-arm -m 2048M -M vexpress-a15 -cpu cortex-a15 -kernel kernel7.img -no-reboot -dtb vexpress-v2p-ca15_a7.dtb -sd ${IMAGE_NAME}.qcow2 -append "root=/dev/mmcblk0p2 rw rootfstype=ext4 console=ttyAMA0,115200 init=/bin/systemd" -serial stdio
465 468 ```
466 469
467 470 Start QEMU full system emulation with SMP and output to console:
468 471 ```shell
469 472 qemu-system-arm -m 2048M -M vexpress-a15 -cpu cortex-a15 -smp cpus=2,maxcpus=2 -kernel kernel7.img -no-reboot -dtb vexpress-v2p-ca15_a7.dtb -sd ${IMAGE_NAME}.qcow2 -append "root=/dev/mmcblk0p2 rw rootfstype=ext4 console=ttyAMA0,115200 init=/bin/systemd" -serial stdio
470 473 ```
471 474
472 475 Start QEMU full system emulation with cryptfs, initramfs and output to console:
473 476 ```shell
474 477 qemu-system-arm -m 2048M -M vexpress-a15 -cpu cortex-a15 -kernel kernel7.img -no-reboot -dtb vexpress-v2p-ca15_a7.dtb -sd ${IMAGE_NAME}.qcow2 -initrd "initramfs-${KERNEL_VERSION}" -append "root=/dev/mapper/secure cryptdevice=/dev/mmcblk0p2:secure rw rootfstype=ext4 console=ttyAMA0,115200 init=/bin/systemd" -serial stdio
475 478 ```
476 479
477 480 ## Weekly image builds
478 481 The image files are provided by JRWR'S I/O PORT and are built once a Sunday at midnight UTC!
479 482 * [Debian Stretch Raspberry Pi2/3 Weekly Image Builds](https://jrwr.io/doku.php?id=projects:debianpi)
480 483
481 484 ## External links and references
482 485 * [Debian worldwide mirror sites](https://www.debian.org/mirror/list)
483 486 * [Debian Raspberry Pi 2 Wiki](https://wiki.debian.org/RaspberryPi2)
484 487 * [Debian CrossToolchains Wiki](https://wiki.debian.org/CrossToolchains)
485 488 * [Official Raspberry Pi Firmware on github](https://github.com/raspberrypi/firmware)
486 489 * [Official Raspberry Pi Kernel on github](https://github.com/raspberrypi/linux)
487 490 * [U-BOOT git repository](https://git.denx.de/?p=u-boot.git;a=summary)
488 491 * [Xorg DDX driver fbturbo](https://github.com/ssvb/xf86-video-fbturbo)
489 492 * [RPi3 Wireless interface firmware](https://github.com/RPi-Distro/firmware-nonfree/tree/master/brcm80211/brcm)
490 493 * [Collabora RPi2 Kernel precompiled](https://repositories.collabora.co.uk/debian/)
@@ -1,47 +1,41
1 1 #
2 2 # Debootstrap basic system
3 3 #
4 4
5 5 # Load utility functions
6 6 . ./functions.sh
7 7
8 8 VARIANT=""
9 9 COMPONENTS="main"
10 EXCLUDES=""
11 10
12 11 # Use non-free Debian packages if needed
13 12 if [ "$ENABLE_NONFREE" = true ] ; then
14 13 COMPONENTS="main,non-free,contrib"
15 14 fi
16 15
17 16 # Use minbase bootstrap variant which only includes essential packages
18 17 if [ "$ENABLE_MINBASE" = true ] ; then
19 18 VARIANT="--variant=minbase"
20 19 fi
21 20
22 # Exclude packages if required by Debian release
23 if [ "$RELEASE" = "stretch" ] || [ "$RELEASE" = "buster" ] ; then
24 EXCLUDES="--exclude=init,systemd-sysv"
25 fi
26
27 21 # Base debootstrap (unpack only)
28 http_proxy=${APT_PROXY} debootstrap ${EXCLUDES} --arch="${RELEASE_ARCH}" --foreign ${VARIANT} --components="${COMPONENTS}" --include="${APT_INCLUDES}" "${RELEASE}" "${R}" "http://${APT_SERVER}/debian"
22 http_proxy=${APT_PROXY} debootstrap ${APT_EXCLUDES} --arch="${RELEASE_ARCH}" --foreign ${VARIANT} --components="${COMPONENTS}" --include="${APT_INCLUDES}" "${RELEASE}" "${R}" "http://${APT_SERVER}/debian"
29 23
30 24 # Copy qemu emulator binary to chroot
31 25 install -m 755 -o root -g root "${QEMU_BINARY}" "${R}${QEMU_BINARY}"
32 26
33 27 # Copy debian-archive-keyring.pgp
34 28 mkdir -p "${R}/usr/share/keyrings"
35 29 install_readonly /usr/share/keyrings/debian-archive-keyring.gpg "${R}/usr/share/keyrings/debian-archive-keyring.gpg"
36 30
37 31 # Complete the bootstrapping process
38 32 chroot_exec /debootstrap/debootstrap --second-stage
39 33
40 34 # Mount required filesystems
41 35 mount -t proc none "${R}/proc"
42 36 mount -t sysfs none "${R}/sys"
43 37
44 38 # Mount pseudo terminal slave if supported by Debian release
45 39 if [ -d "${R}/dev/pts" ] ; then
46 40 mount --bind /dev/pts "${R}/dev/pts"
47 41 fi
@@ -1,58 +1,58
1 1 #
2 2 # Setup Locales and keyboard settings
3 3 #
4 4
5 5 # Load utility functions
6 6 . ./functions.sh
7 7
8 8 # Install and setup timezone
9 9 echo ${TIMEZONE} > "${ETC_DIR}/timezone"
10 10 chroot_exec dpkg-reconfigure -f noninteractive tzdata
11 11
12 12 # Install and setup default locale and keyboard configuration
13 13 if [ $(echo "$APT_INCLUDES" | grep ",locales") ] ; then
14 14 # Set locale choice in debconf db, even though dpkg-reconfigure ignores and overwrites them due to some bug
15 15 # https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=684134 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=685957
16 16 # ... so we have to set locales manually
17 17 if [ "$DEFLOCAL" = "en_US.UTF-8" ] ; then
18 18 chroot_exec echo "locales locales/locales_to_be_generated multiselect ${DEFLOCAL} UTF-8" | debconf-set-selections
19 19 else
20 20 # en_US.UTF-8 should be available anyway : https://www.debian.org/doc/manuals/debian-reference/ch08.en.html#_the_reconfiguration_of_the_locale
21 21 chroot_exec echo "locales locales/locales_to_be_generated multiselect en_US.UTF-8 UTF-8, ${DEFLOCAL} UTF-8" | debconf-set-selections
22 22 sed -i "/en_US.UTF-8/s/^#//" "${ETC_DIR}/locale.gen"
23 23 fi
24 24
25 25 sed -i "/${DEFLOCAL}/s/^#//" "${ETC_DIR}/locale.gen"
26 26 chroot_exec echo "locales locales/default_environment_locale select ${DEFLOCAL}" | debconf-set-selections
27 27 chroot_exec locale-gen
28 28 chroot_exec update-locale LANG="${DEFLOCAL}"
29 29
30 30 # Install and setup default keyboard configuration
31 if [ "$XKB_MODEL" != "" ] ; then
31 if [ "$XKB_MODEL" != "pc105" ] ; then
32 32 sed -i "s/^XKBMODEL.*/XKBMODEL=\"${XKB_MODEL}\"/" "${ETC_DIR}/default/keyboard"
33 33 fi
34 if [ "$XKB_LAYOUT" != "" ] ; then
34 if [ "$XKB_LAYOUT" != "us" ] ; then
35 35 sed -i "s/^XKBLAYOUT.*/XKBLAYOUT=\"${XKB_LAYOUT}\"/" "${ETC_DIR}/default/keyboard"
36 36 fi
37 37 if [ "$XKB_VARIANT" != "" ] ; then
38 38 sed -i "s/^XKBVARIANT.*/XKBVARIANT=\"${XKB_VARIANT}\"/" "${ETC_DIR}/default/keyboard"
39 39 fi
40 40 if [ "$XKB_OPTIONS" != "" ] ; then
41 41 sed -i "s/^XKBOPTIONS.*/XKBOPTIONS=\"${XKB_OPTIONS}\"/" "${ETC_DIR}/default/keyboard"
42 42 fi
43 43 chroot_exec dpkg-reconfigure -f noninteractive keyboard-configuration
44 44
45 45 # Install and setup font console
46 46 case "${DEFLOCAL}" in
47 47 *UTF-8)
48 48 sed -i 's/^CHARMAP.*/CHARMAP="UTF-8"/' "${ETC_DIR}/default/console-setup"
49 49 ;;
50 50 *)
51 51 sed -i 's/^CHARMAP.*/CHARMAP="guess"/' "${ETC_DIR}/default/console-setup"
52 52 ;;
53 53 esac
54 54 chroot_exec dpkg-reconfigure -f noninteractive console-setup
55 55 else # (no locales were installed)
56 56 # Install POSIX default locale
57 57 install_readonly files/locales/locale "${ETC_DIR}/default/locale"
58 58 fi
1 NO CONTENT: modified file
@@ -1,134 +1,134
1 1 #
2 2 # Setup Networking
3 3 #
4 4
5 5 # Load utility functions
6 6 . ./functions.sh
7 7
8 8 # Install and setup hostname
9 9 install_readonly files/network/hostname "${ETC_DIR}/hostname"
10 10 sed -i "s/^rpi2-jessie/${HOSTNAME}/" "${ETC_DIR}/hostname"
11 11
12 12 # Install and setup hosts
13 13 install_readonly files/network/hosts "${ETC_DIR}/hosts"
14 14 sed -i "s/rpi2-jessie/${HOSTNAME}/" "${ETC_DIR}/hosts"
15 15
16 16 # Setup hostname entry with static IP
17 17 if [ "$NET_ADDRESS" != "" ] ; then
18 18 NET_IP=$(echo "${NET_ADDRESS}" | cut -f 1 -d'/')
19 19 sed -i "s/^127.0.1.1/${NET_IP}/" "${ETC_DIR}/hosts"
20 20 fi
21 21
22 22 # Remove IPv6 hosts
23 23 if [ "$ENABLE_IPV6" = false ] ; then
24 24 sed -i -e "/::[1-9]/d" -e "/^$/d" "${ETC_DIR}/hosts"
25 25 fi
26 26
27 27 # Install hint about network configuration
28 28 install_readonly files/network/interfaces "${ETC_DIR}/network/interfaces"
29 29
30 30 # Install configuration for interface eth0
31 31 install_readonly files/network/eth.network "${ETC_DIR}/systemd/network/eth.network"
32 32
33 33 # Install configuration for interface wl*
34 34 install_readonly files/network/wlan.network "${ETC_DIR}/systemd/network/wlan.network"
35 35
36 36 #always with dhcp since wpa_supplicant integration is missing
37 37 sed -i -e "s/DHCP=.*/DHCP=yes/" -e "/DHCP/q" "${ETC_DIR}/systemd/network/wlan.network"
38 38
39 39 if [ "$ENABLE_DHCP" = true ] ; then
40 40 # Enable DHCP configuration for interface eth0
41 41 sed -i -e "s/DHCP=.*/DHCP=yes/" -e "/DHCP/q" "${ETC_DIR}/systemd/network/eth.network"
42 42
43 43 # Set DHCP configuration to IPv4 only
44 44 if [ "$ENABLE_IPV6" = false ] ; then
45 45 sed -i "s/DHCP=.*/DHCP=v4/" "${ETC_DIR}/systemd/network/eth.network"
46 46 fi
47 47
48 48 else # ENABLE_DHCP=false
49 49 # Set static network configuration for interface eth0
50 50 sed -i\
51 51 -e "s|DHCP=.*|DHCP=no|"\
52 52 -e "s|Address=\$|Address=${NET_ADDRESS}|"\
53 53 -e "s|Gateway=\$|Gateway=${NET_GATEWAY}|"\
54 54 -e "0,/DNS=\$/ s|DNS=\$|DNS=${NET_DNS_1}|"\
55 55 -e "0,/DNS=\$/ s|DNS=\$|DNS=${NET_DNS_2}|"\
56 56 -e "s|Domains=\$|Domains=${NET_DNS_DOMAINS}|"\
57 57 -e "0,/NTP=\$/ s|NTP=\$|NTP=${NET_NTP_1}|"\
58 58 -e "0,/NTP=\$/ s|NTP=\$|NTP=${NET_NTP_2}|"\
59 59 "${ETC_DIR}/systemd/network/eth.network"
60 60 fi
61 61
62 62 # Remove empty settings from network configuration
63 63 sed -i "/.*=\$/d" "${ETC_DIR}/systemd/network/eth.network"
64 64 # Remove empty settings from wlan configuration
65 65 sed -i "/.*=\$/d" "${ETC_DIR}/systemd/network/wlan.network"
66 66
67 67 # Move systemd network configuration if required by Debian release
68 68 if [ "$RELEASE" = "stretch" ] || [ "$RELEASE" = "buster" ] ; then
69 69 mv -v "${ETC_DIR}/systemd/network/eth.network" "${LIB_DIR}/systemd/network/10-eth.network"
70 70 if [ "$ENABLE_WIRELESS" = true ] ; then
71 71 mv -v "${ETC_DIR}/systemd/network/wlan.network" "${LIB_DIR}/systemd/network/11-wlan.network"
72 72 fi
73 73 rm -fr "${ETC_DIR}/systemd/network"
74 74 fi
75 75
76 76 # Enable systemd-networkd service
77 77 chroot_exec systemctl enable systemd-networkd
78 78
79 79 # Install host.conf resolver configuration
80 80 install_readonly files/network/host.conf "${ETC_DIR}/host.conf"
81 81
82 82 # Enable network stack hardening
83 83 if [ "$ENABLE_HARDNET" = true ] ; then
84 84 # Install sysctl.d configuration files
85 85 install_readonly files/sysctl.d/82-rpi-net-hardening.conf "${ETC_DIR}/sysctl.d/82-rpi-net-hardening.conf"
86 86
87 87 # Setup resolver warnings about spoofed addresses
88 88 sed -i "s/^# spoof warn/spoof warn/" "${ETC_DIR}/host.conf"
89 89 fi
90 90
91 91 # Enable time sync
92 92 if [ "NET_NTP_1" != "" ] ; then
93 93 chroot_exec systemctl enable systemd-timesyncd.service
94 94 fi
95 95
96 96 # Download the firmware binary blob required to use the RPi3 wireless interface
97 97 if [ "$ENABLE_WIRELESS" = true ] ; then
98 98 if [ ! -d ${WLAN_FIRMWARE_DIR} ] ; then
99 99 mkdir -p ${WLAN_FIRMWARE_DIR}
100 100 fi
101 101
102 102 # Create temporary directory for firmware binary blob
103 103 temp_dir=$(as_nobody mktemp -d)
104 104
105 105 # Fetch firmware binary blob for RPI3B+
106 106 if [ "$RPI_MODEL" = 3P ] ; then
107 107 as_nobody wget -q -O "${temp_dir}/brcmfmac43455-sdio.bin" "${WLAN_FIRMWARE_URL}/brcmfmac43455-sdio.bin"
108 108 as_nobody wget -q -O "${temp_dir}/brcmfmac43455-sdio.txt" "${WLAN_FIRMWARE_URL}/brcmfmac43455-sdio.txt"
109 109 as_nobody wget -q -O "${temp_dir}/brcmfmac43455-sdio.clm_blob" "${WLAN_FIRMWARE_URL}/brcmfmac43455-sdio.clm_blob"
110 else
110 elif [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 0 ] ; then
111 111 # Fetch firmware binary blob for RPI3
112 112 as_nobody wget -q -O "${temp_dir}/brcmfmac43430-sdio.bin" "${WLAN_FIRMWARE_URL}/brcmfmac43430-sdio.bin"
113 113 as_nobody wget -q -O "${temp_dir}/brcmfmac43430-sdio.txt" "${WLAN_FIRMWARE_URL}/brcmfmac43430-sdio.txt"
114 114 fi
115 115
116 116 # Move downloaded firmware binary blob
117 117 if [ "$RPI_MODEL" = 3P ] ; then
118 118 mv "${temp_dir}/brcmfmac43455-sdio."* "${WLAN_FIRMWARE_DIR}/"
119 else
119 elif [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 0 ] ; then
120 120 mv "${temp_dir}/brcmfmac43430-sdio."* "${WLAN_FIRMWARE_DIR}/"
121 121 fi
122 122
123 123 # Remove temporary directory for firmware binary blob
124 124 rm -fr "${temp_dir}"
125 125
126 126 # Set permissions of the firmware binary blob
127 127 if [ "$RPI_MODEL" = 3P ] ; then
128 128 chown root:root "${WLAN_FIRMWARE_DIR}/brcmfmac43455-sdio."*
129 129 chmod 600 "${WLAN_FIRMWARE_DIR}/brcmfmac43455-sdio."*
130 else
130 elif [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 0 ] ; then
131 131 chown root:root "${WLAN_FIRMWARE_DIR}/brcmfmac43430-sdio."*
132 132 chmod 600 "${WLAN_FIRMWARE_DIR}/brcmfmac43430-sdio."*
133 133 fi
134 134 fi
@@ -1,49 +1,49
1 1 #
2 2 # Setup Firewall
3 3 #
4 4
5 5 # Load utility functions
6 6 . ./functions.sh
7 7
8 8 if [ "$ENABLE_IPTABLES" = true ] ; then
9 9 # Create iptables configuration directory
10 10 mkdir -p "${ETC_DIR}/iptables"
11 11
12 12 # make sure iptables-legacy,iptables-legacy-restore and iptables-legacy-save are the used alternatives
13 chroot_exec update-alternatives --verbose --set iptables /usr/bin/iptables-legacy
14 chroot_exec update-alternatives --verbose --set iptables-save /usr/bin/iptables-legacy-save
15 chroot_exec update-alternatives --verbose --set iptables-restore /usr/bin/iptables-legacy-restore
13 chroot_exec update-alternatives --verbose --set iptables /usr/sbin/iptables-legacy
14 chroot_exec update-alternatives --verbose --set iptables-save /usr/sbin/iptables-legacy-save
15 chroot_exec update-alternatives --verbose --set iptables-restore /usr/sbin/iptables-legacy-restore
16 16
17 17 # Install iptables systemd service
18 18 install_readonly files/iptables/iptables.service "${ETC_DIR}/systemd/system/iptables.service"
19 19
20 20 # Install flush-table script called by iptables service
21 21 install_exec files/iptables/flush-iptables.sh "${ETC_DIR}/iptables/flush-iptables.sh"
22 22
23 23 # Install iptables rule file
24 24 install_readonly files/iptables/iptables.rules "${ETC_DIR}/iptables/iptables.rules"
25 25
26 26 # Reload systemd configuration and enable iptables service
27 27 chroot_exec systemctl daemon-reload
28 28 chroot_exec systemctl enable iptables.service
29 29
30 30 if [ "$ENABLE_IPV6" = true ] ; then
31 31 # Install ip6tables systemd service
32 32 install_readonly files/iptables/ip6tables.service "${ETC_DIR}/systemd/system/ip6tables.service"
33 33
34 34 # Install ip6tables file
35 35 install_exec files/iptables/flush-ip6tables.sh "${ETC_DIR}/iptables/flush-ip6tables.sh"
36 36
37 37 install_readonly files/iptables/ip6tables.rules "${ETC_DIR}/iptables/ip6tables.rules"
38 38
39 39 # Reload systemd configuration and enable iptables service
40 40 chroot_exec systemctl daemon-reload
41 41 chroot_exec systemctl enable ip6tables.service
42 42 fi
43 43
44 44 if [ "$ENABLE_SSHD" = false ] ; then
45 45 # Remove SSHD related iptables rules
46 46 sed -i "/^#/! {/SSH/ s/^/# /}" "${ETC_DIR}/iptables/iptables.rules" 2> /dev/null
47 47 sed -i "/^#/! {/SSH/ s/^/# /}" "${ETC_DIR}/iptables/ip6tables.rules" 2> /dev/null
48 48 fi
49 49 fi
@@ -1,774 +1,783
1 1 #!/bin/sh
2 2
3 3 ########################################################################
4 4 # rpi23-gen-image.sh 2015-2017
5 5 #
6 6 # Advanced Debian "jessie", "stretch" and "buster" bootstrap script for RPi2/3
7 7 #
8 8 # This program is free software; you can redistribute it and/or
9 9 # modify it under the terms of the GNU General Public License
10 10 # as published by the Free Software Foundation; either version 2
11 11 # of the License, or (at your option) any later version.
12 12 #
13 13 # Copyright (C) 2015 Jan Wagner <mail@jwagner.eu>
14 14 #
15 15 # Big thanks for patches and enhancements by 20+ github contributors!
16 16 ########################################################################
17 17
18 18 # Are we running as root?
19 19 if [ "$(id -u)" -ne "0" ] ; then
20 20 echo "error: this script must be executed with root privileges!"
21 21 exit 1
22 22 fi
23 23
24 24 # Check if ./functions.sh script exists
25 25 if [ ! -r "./functions.sh" ] ; then
26 26 echo "error: './functions.sh' required script not found!"
27 27 exit 1
28 28 fi
29 29
30 30 # Load utility functions
31 31 . ./functions.sh
32 32
33 33 # Load parameters from configuration template file
34 34 if [ ! -z "$CONFIG_TEMPLATE" ] ; then
35 35 use_template
36 36 fi
37 37
38 38 # Introduce settings
39 39 set -e
40 40 echo -n -e "\n#\n# RPi2/3 Bootstrap Settings\n#\n"
41 41 set -x
42 42
43 43 # Raspberry Pi model configuration
44 44 RPI_MODEL=${RPI_MODEL:=2}
45 45
46 46 #bcm2708-rpi-0-w.dtb (Used for Pi 0 and PI 0W)
47 47 RPI0_DTB_FILE=${RPI0_DTB_FILE:=bcm2708-rpi-0-w.dtb}
48 48 RPI0_UBOOT_CONFIG=${RPI0_UBOOT_CONFIG:=rpi_defconfig}
49 49
50 50 #bcm2708-rpi-b.dtb (Used for Pi 1 model A and B)
51 51 RPI1_DTB_FILE=${RPI1_DTB_FILE:=bcm2708-rpi-b.dtb}
52 52 RPI1_UBOOT_CONFIG=${RPI1_UBOOT_CONFIG:=rpi_defconfig}
53 53
54 54 #bcm2708-rpi-b-plus.dtb (Used for Pi 1 model B+ and A+)
55 55 RPI1P_DTB_FILE=${RPI1P_DTB_FILE:=bcm2708-rpi-b-plus.dtb}
56 56 RPI1P_UBOOT_CONFIG=${RPI1P_UBOOT_CONFIG:=rpi_defconfig}
57 57
58 58 #bcm2709-rpi-2-b.dtb (Used for Pi 2 model B)
59 59 RPI2_DTB_FILE=${RPI2_DTB_FILE:=bcm2709-rpi-2-b.dtb}
60 60 RPI2_UBOOT_CONFIG=${RPI2_UBOOT_CONFIG:=rpi_2_defconfig}
61 61
62 62 #bcm2710-rpi-3-b.dtb (Used for Pi 3 model B)
63 63 RPI3_DTB_FILE=${RPI3_DTB_FILE:=bcm2710-rpi-3-b.dtb}
64 64 RPI3_UBOOT_CONFIG=${RPI3_UBOOT_CONFIG:=rpi_3_32b_defconfig}
65 65
66 66 #bcm2710-rpi-3-b-plus.dtb (Used for Pi 3 model B+)
67 67 RPI3P_DTB_FILE=${RPI3P_DTB_FILE:=bcm2710-rpi-3-b-plus.dtb}
68 68 RPI3P_UBOOT_CONFIG=${RPI3P_UBOOT_CONFIG:=rpi_3_32b_defconfig}
69 69
70 70 # Debian release
71 71 RELEASE=${RELEASE:=jessie}
72 72 KERNEL_ARCH=${KERNEL_ARCH:=arm}
73 73 RELEASE_ARCH=${RELEASE_ARCH:=armhf}
74 74 CROSS_COMPILE=${CROSS_COMPILE:=arm-linux-gnueabihf-}
75 75 COLLABORA_KERNEL=${COLLABORA_KERNEL:=3.18.0-trunk-rpi2}
76 76 if [ "$KERNEL_ARCH" = "arm64" ] ; then
77 77 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcmrpi3_defconfig}
78 78 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel8.img}
79 79 fi
80 80
81 81 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 1 ] || [ "$RPI_MODEL" = 1P ] ; then
82 82 #RASPBERRY PI 1, PI ZERO, PI ZERO W, AND COMPUTE MODULE DEFAULT Kernel BUILD CONFIGURATION
83 83 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcmrpi_defconfig}
84 84 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel7.img}
85 85 else
86 86 #RASPBERRY PI 2, PI 3, PI 3+, AND COMPUTE MODULE 3 DEFAULT Kernel BUILD CONFIGURATION
87 87 #https://www.raspberrypi.org/documentation/linux/kernel/building.md
88 88 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcm2709_defconfig}
89 89 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel7.img}
90 90 fi
91 91
92 92 if [ "$RELEASE_ARCH" = "arm64" ] ; then
93 93 QEMU_BINARY=${QEMU_BINARY:=/usr/bin/qemu-aarch64-static}
94 94 else
95 95 QEMU_BINARY=${QEMU_BINARY:=/usr/bin/qemu-arm-static}
96 96 fi
97 97 KERNEL_BRANCH=${KERNEL_BRANCH:=""}
98 98
99 99 # URLs
100 100 KERNEL_URL=${KERNEL_URL:=https://github.com/raspberrypi/linux}
101 101 FIRMWARE_URL=${FIRMWARE_URL:=https://github.com/raspberrypi/firmware/raw/master/boot}
102 102 WLAN_FIRMWARE_URL=${WLAN_FIRMWARE_URL:=https://github.com/RPi-Distro/firmware-nonfree/raw/master/brcm}
103 103 COLLABORA_URL=${COLLABORA_URL:=https://repositories.collabora.co.uk/debian}
104 104 FBTURBO_URL=${FBTURBO_URL:=https://github.com/ssvb/xf86-video-fbturbo.git}
105 105 UBOOT_URL=${UBOOT_URL:=https://git.denx.de/u-boot.git}
106 106
107 107 # Build directories
108 108 BASEDIR=${BASEDIR:=$(pwd)/images/${RELEASE}}
109 109 BUILDDIR="${BASEDIR}/build"
110 110
111 111 # Prepare date string for default image file name
112 112 DATE="$(date +%Y-%m-%d)"
113 113 if [ -z "$KERNEL_BRANCH" ] ; then
114 114 IMAGE_NAME=${IMAGE_NAME:=${BASEDIR}/${DATE}-${KERNEL_ARCH}-CURRENT-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}}
115 115 else
116 116 IMAGE_NAME=${IMAGE_NAME:=${BASEDIR}/${DATE}-${KERNEL_ARCH}-${KERNEL_BRANCH}-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}}
117 117 fi
118 118
119 119 # Chroot directories
120 120 R="${BUILDDIR}/chroot"
121 121 ETC_DIR="${R}/etc"
122 122 LIB_DIR="${R}/lib"
123 123 BOOT_DIR="${R}/boot/firmware"
124 124 KERNEL_DIR="${R}/usr/src/linux"
125 125 WLAN_FIRMWARE_DIR="${R}/lib/firmware/brcm"
126 126
127 127 # Firmware directory: Blank if download from github
128 128 RPI_FIRMWARE_DIR=${RPI_FIRMWARE_DIR:=""}
129 129
130 130 # General settings
131 131 HOSTNAME=${HOSTNAME:=rpi${RPI_MODEL}-${RELEASE}}
132 132 PASSWORD=${PASSWORD:=raspberry}
133 133 USER_PASSWORD=${USER_PASSWORD:=raspberry}
134 134 DEFLOCAL=${DEFLOCAL:="en_US.UTF-8"}
135 135 TIMEZONE=${TIMEZONE:="Europe/Berlin"}
136 136 EXPANDROOT=${EXPANDROOT:=true}
137 137
138 138 # Keyboard settings
139 139 XKB_MODEL=${XKB_MODEL:=""}
140 140 XKB_LAYOUT=${XKB_LAYOUT:=""}
141 141 XKB_VARIANT=${XKB_VARIANT:=""}
142 142 XKB_OPTIONS=${XKB_OPTIONS:=""}
143 143
144 144 # Network settings (DHCP)
145 145 ENABLE_DHCP=${ENABLE_DHCP:=true}
146 146
147 147 # Network settings (static)
148 148 NET_ADDRESS=${NET_ADDRESS:=""}
149 149 NET_GATEWAY=${NET_GATEWAY:=""}
150 150 NET_DNS_1=${NET_DNS_1:=""}
151 151 NET_DNS_2=${NET_DNS_2:=""}
152 152 NET_DNS_DOMAINS=${NET_DNS_DOMAINS:=""}
153 153 NET_NTP_1=${NET_NTP_1:=""}
154 154 NET_NTP_2=${NET_NTP_2:=""}
155 155
156 156 # APT settings
157 157 APT_PROXY=${APT_PROXY:=""}
158 158 APT_SERVER=${APT_SERVER:="ftp.debian.org"}
159 159
160 160 # Feature settings
161 161 ENABLE_CONSOLE=${ENABLE_CONSOLE:=true}
162 162 ENABLE_I2C=${ENABLE_I2C:=false}
163 163 ENABLE_SPI=${ENABLE_SPI:=false}
164 164 ENABLE_IPV6=${ENABLE_IPV6:=true}
165 165 ENABLE_SSHD=${ENABLE_SSHD:=true}
166 166 ENABLE_NONFREE=${ENABLE_NONFREE:=false}
167 167 ENABLE_WIRELESS=${ENABLE_WIRELESS:=false}
168 168 ENABLE_SOUND=${ENABLE_SOUND:=true}
169 169 ENABLE_DBUS=${ENABLE_DBUS:=true}
170 170 ENABLE_HWRANDOM=${ENABLE_HWRANDOM:=true}
171 171 ENABLE_MINGPU=${ENABLE_MINGPU:=false}
172 172 ENABLE_XORG=${ENABLE_XORG:=false}
173 173 ENABLE_WM=${ENABLE_WM:=""}
174 174 ENABLE_RSYSLOG=${ENABLE_RSYSLOG:=true}
175 175 ENABLE_USER=${ENABLE_USER:=true}
176 176 USER_NAME=${USER_NAME:="pi"}
177 177 ENABLE_ROOT=${ENABLE_ROOT:=false}
178 178 ENABLE_QEMU=${ENABLE_QEMU:=false}
179 ENABLE_SYSVINIT=${ENABLE_SYSVINIT:=false}
179 180
180 181 # SSH settings
181 182 SSH_ENABLE_ROOT=${SSH_ENABLE_ROOT:=false}
182 183 SSH_DISABLE_PASSWORD_AUTH=${SSH_DISABLE_PASSWORD_AUTH:=false}
183 184 SSH_LIMIT_USERS=${SSH_LIMIT_USERS:=false}
184 185 SSH_ROOT_PUB_KEY=${SSH_ROOT_PUB_KEY:=""}
185 186 SSH_USER_PUB_KEY=${SSH_USER_PUB_KEY:=""}
186 187
187 188 # Advanced settings
188 189 ENABLE_MINBASE=${ENABLE_MINBASE:=false}
189 190 ENABLE_REDUCE=${ENABLE_REDUCE:=false}
190 191 ENABLE_UBOOT=${ENABLE_UBOOT:=false}
191 192 UBOOTSRC_DIR=${UBOOTSRC_DIR:=""}
192 193 ENABLE_FBTURBO=${ENABLE_FBTURBO:=false}
193 194 FBTURBOSRC_DIR=${FBTURBOSRC_DIR:=""}
194 195 ENABLE_HARDNET=${ENABLE_HARDNET:=false}
195 196 ENABLE_IPTABLES=${ENABLE_IPTABLES:=false}
196 197 ENABLE_SPLITFS=${ENABLE_SPLITFS:=false}
197 198 ENABLE_INITRAMFS=${ENABLE_INITRAMFS:=false}
198 199 ENABLE_IFNAMES=${ENABLE_IFNAMES:=true}
199 200 DISABLE_UNDERVOLT_WARNINGS=${DISABLE_UNDERVOLT_WARNINGS:=}
200 201
201 202 # Kernel compilation settings
202 203 BUILD_KERNEL=${BUILD_KERNEL:=false}
203 204 KERNEL_REDUCE=${KERNEL_REDUCE:=false}
204 205 KERNEL_THREADS=${KERNEL_THREADS:=1}
205 206 KERNEL_HEADERS=${KERNEL_HEADERS:=true}
206 207 KERNEL_MENUCONFIG=${KERNEL_MENUCONFIG:=false}
207 208 KERNEL_REMOVESRC=${KERNEL_REMOVESRC:=true}
208 209 KERNEL_OLDDEFCONFIG=${KERNEL_OLDDEFCONFIG:=false}
209 210 KERNEL_CCACHE=${KERNEL_CCACHE:=false}
210 211
211 212 if [ "$KERNEL_ARCH" = "arm64" ] ; then
212 213 KERNEL_BIN_IMAGE=${KERNEL_BIN_IMAGE:="Image"}
213 214 else
214 215 KERNEL_BIN_IMAGE=${KERNEL_BIN_IMAGE:="zImage"}
215 216 fi
216 217
217 218 # Kernel compilation from source directory settings
218 219 KERNELSRC_DIR=${KERNELSRC_DIR:=""}
219 220 KERNELSRC_CLEAN=${KERNELSRC_CLEAN:=false}
220 221 KERNELSRC_CONFIG=${KERNELSRC_CONFIG:=true}
221 222 KERNELSRC_PREBUILT=${KERNELSRC_PREBUILT:=false}
222 223
223 224 # Reduce disk usage settings
224 225 REDUCE_APT=${REDUCE_APT:=true}
225 226 REDUCE_DOC=${REDUCE_DOC:=true}
226 227 REDUCE_MAN=${REDUCE_MAN:=true}
227 228 REDUCE_VIM=${REDUCE_VIM:=false}
228 229 REDUCE_BASH=${REDUCE_BASH:=false}
229 230 REDUCE_HWDB=${REDUCE_HWDB:=true}
230 231 REDUCE_SSHD=${REDUCE_SSHD:=true}
231 232 REDUCE_LOCALE=${REDUCE_LOCALE:=true}
232 233
233 234 # Encrypted filesystem settings
234 235 ENABLE_CRYPTFS=${ENABLE_CRYPTFS:=false}
235 236 CRYPTFS_PASSWORD=${CRYPTFS_PASSWORD:=""}
236 237 CRYPTFS_MAPPING=${CRYPTFS_MAPPING:="secure"}
237 238 CRYPTFS_CIPHER=${CRYPTFS_CIPHER:="aes-xts-plain64:sha512"}
238 239 CRYPTFS_XTSKEYSIZE=${CRYPTFS_XTSKEYSIZE:=512}
239 240
240 241 # Chroot scripts directory
241 242 CHROOT_SCRIPTS=${CHROOT_SCRIPTS:=""}
242 243
243 244 # Packages required in the chroot build environment
244 245 APT_INCLUDES=${APT_INCLUDES:=""}
245 246 APT_INCLUDES="${APT_INCLUDES},apt-transport-https,apt-utils,ca-certificates,debian-archive-keyring,dialog,sudo,systemd,sysvinit-utils"
246 247
248 #Packages to exclude from chroot build environment
249 APT_EXCLUDES=${APT_EXCLUDES:=""}
250
247 251 # Packages required for bootstrapping
248 252 REQUIRED_PACKAGES="debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git bc psmisc dbus sudo"
249 253 MISSING_PACKAGES=""
250 254
251 255 # Packages installed for c/c++ build environment in chroot (keep empty)
252 256 COMPILER_PACKAGES=""
253 257
254 258 set +x
255 259
260 #If init and systemd-sysv are wanted e.g. halt/reboot/shutdown scripts
261 if [ "$ENABLE_SYSVINIT" = false ] ; then
262 APT_EXCLUDES="--exclude=${APT_EXCLUDES},init,systemd-sysv"
263 fi
264
256 265 # Set Raspberry Pi model specific configuration
257 266 if [ "$RPI_MODEL" = 0 ] ; then
258 267 DTB_FILE=${RPI0_DTB_FILE}
259 268 UBOOT_CONFIG=${RPI0_UBOOT_CONFIG}
260 269 elif [ "$RPI_MODEL" = 1 ] ; then
261 270 DTB_FILE=${RPI1_DTB_FILE}
262 271 UBOOT_CONFIG=${RPI1_UBOOT_CONFIG}
263 272 elif [ "$RPI_MODEL" = 1P ] ; then
264 273 DTB_FILE=${RPI1P_DTB_FILE}
265 274 UBOOT_CONFIG=${RPI1P_UBOOT_CONFIG}
266 275 elif [ "$RPI_MODEL" = 2 ] ; then
267 276 DTB_FILE=${RPI2_DTB_FILE}
268 277 UBOOT_CONFIG=${RPI2_UBOOT_CONFIG}
269 278 elif [ "$RPI_MODEL" = 3 ] ; then
270 279 DTB_FILE=${RPI3_DTB_FILE}
271 280 UBOOT_CONFIG=${RPI3_UBOOT_CONFIG}
272 281 elif [ "$RPI_MODEL" = 3P ] ; then
273 282 DTB_FILE=${RPI3P_DTB_FILE}
274 283 UBOOT_CONFIG=${RPI3P_UBOOT_CONFIG}
275 284 else
276 285 echo "error: Raspberry Pi model ${RPI_MODEL} is not supported!"
277 286 exit 1
278 287 fi
279 288
280 289 # Check if the internal wireless interface is supported by the RPi model
281 290 if [ "$ENABLE_WIRELESS" = true ] && ([ "$RPI_MODEL" = 1 ] || [ "$RPI_MODEL" = 1P ] || [ "$RPI_MODEL" = 2 ]); then
282 291
283 292 echo "error: The selected Raspberry Pi model has no internal wireless interface"
284 293 exit 1
285 294 fi
286 295
287 296 # Check if DISABLE_UNDERVOLT_WARNINGS parameter value is supported
288 297 if [ ! -z "$DISABLE_UNDERVOLT_WARNINGS" ] ; then
289 298 if [ "$DISABLE_UNDERVOLT_WARNINGS" != 1 ] && [ "$DISABLE_UNDERVOLT_WARNINGS" != 2 ] ; then
290 299 echo "error: DISABLE_UNDERVOLT_WARNINGS=${DISABLE_UNDERVOLT_WARNINGS} is not supported"
291 300 exit 1
292 301 fi
293 302 fi
294 303
295 304 # Build RPi2/3 Linux kernel if required by Debian release
296 305 if [ "$RELEASE" = "stretch" ] || [ "$RELEASE" = "buster" ] ; then
297 306 BUILD_KERNEL=true
298 307 fi
299 308
300 309 # Add packages required for kernel cross compilation
301 310 if [ "$BUILD_KERNEL" = true ] ; then
302 311 if [ "$KERNEL_ARCH" = "arm" ] ; then
303 312 if [ "$RELEASE_ARCH" = "armel" ]; then
304 313 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-armel"
305 314 fi
306 315 if [ "$RELEASE_ARCH" = "armhf" ]; then
307 316 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-armhf"
308 317 fi
318 fi
309 319 if [ "$RELEASE_ARCH" = "arm64" ]; then
310 320 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-arm64"
311 321 fi
312 322 fi
313 fi
314 323
315 324 # Add libncurses5 to enable kernel menuconfig
316 325 if [ "$KERNEL_MENUCONFIG" = true ] ; then
317 326 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} libncurses5-dev"
318 327 fi
319 328
320 329 # Add ccache compiler cache for (faster) kernel cross (re)compilation
321 330 if [ "$KERNEL_CCACHE" = true ] ; then
322 331 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} ccache"
323 332 fi
324 333
325 334 # Add cryptsetup package to enable filesystem encryption
326 335 if [ "$ENABLE_CRYPTFS" = true ] && [ "$BUILD_KERNEL" = true ] ; then
327 336 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} cryptsetup"
328 337 APT_INCLUDES="${APT_INCLUDES},cryptsetup,busybox,console-setup"
329 338
330 339 if [ -z "$CRYPTFS_PASSWORD" ] ; then
331 340 echo "error: no password defined (CRYPTFS_PASSWORD)!"
332 341 exit 1
333 342 fi
334 343 ENABLE_INITRAMFS=true
335 344 fi
336 345
337 346 # Add initramfs generation tools
338 347 if [ "$ENABLE_INITRAMFS" = true ] && [ "$BUILD_KERNEL" = true ] ; then
339 348 APT_INCLUDES="${APT_INCLUDES},initramfs-tools"
340 349 fi
341 350
342 351 # Add device-tree-compiler required for building the U-Boot bootloader
343 352 if [ "$ENABLE_UBOOT" = true ] ; then
344 353 APT_INCLUDES="${APT_INCLUDES},device-tree-compiler,bison,flex"
345 354 fi
346 355
347 356 # Check if root SSH (v2) public key file exists
348 357 if [ ! -z "$SSH_ROOT_PUB_KEY" ] ; then
349 358 if [ ! -f "$SSH_ROOT_PUB_KEY" ] ; then
350 359 echo "error: '$SSH_ROOT_PUB_KEY' specified SSH public key file not found (SSH_ROOT_PUB_KEY)!"
351 360 exit 1
352 361 fi
353 362 fi
354 363
355 364 # Check if $USER_NAME SSH (v2) public key file exists
356 365 if [ ! -z "$SSH_USER_PUB_KEY" ] ; then
357 366 if [ ! -f "$SSH_USER_PUB_KEY" ] ; then
358 367 echo "error: '$SSH_USER_PUB_KEY' specified SSH public key file not found (SSH_USER_PUB_KEY)!"
359 368 exit 1
360 369 fi
361 370 fi
362 371
363 372 # Check if all required packages are installed on the build system
364 373 for package in $REQUIRED_PACKAGES ; do
365 374 if [ "`dpkg-query -W -f='${Status}' $package`" != "install ok installed" ] ; then
366 375 MISSING_PACKAGES="${MISSING_PACKAGES} $package"
367 376 fi
368 377 done
369 378
370 379 # If there are missing packages ask confirmation for install, or exit
371 380 if [ -n "$MISSING_PACKAGES" ] ; then
372 381 echo "the following packages needed by this script are not installed:"
373 382 echo "$MISSING_PACKAGES"
374 383
375 384 echo -n "\ndo you want to install the missing packages right now? [y/n] "
376 385 read confirm
377 386 [ "$confirm" != "y" ] && exit 1
378 387
379 388 # Make sure all missing required packages are installed
380 389 apt-get -qq -y install ${MISSING_PACKAGES}
381 390 fi
382 391
383 392 # Check if ./bootstrap.d directory exists
384 393 if [ ! -d "./bootstrap.d/" ] ; then
385 394 echo "error: './bootstrap.d' required directory not found!"
386 395 exit 1
387 396 fi
388 397
389 398 # Check if ./files directory exists
390 399 if [ ! -d "./files/" ] ; then
391 400 echo "error: './files' required directory not found!"
392 401 exit 1
393 402 fi
394 403
395 404 # Check if specified KERNELSRC_DIR directory exists
396 405 if [ -n "$KERNELSRC_DIR" ] && [ ! -d "$KERNELSRC_DIR" ] ; then
397 406 echo "error: '${KERNELSRC_DIR}' specified directory not found (KERNELSRC_DIR)!"
398 407 exit 1
399 408 fi
400 409
401 410 # Check if specified UBOOTSRC_DIR directory exists
402 411 if [ -n "$UBOOTSRC_DIR" ] && [ ! -d "$UBOOTSRC_DIR" ] ; then
403 412 echo "error: '${UBOOTSRC_DIR}' specified directory not found (UBOOTSRC_DIR)!"
404 413 exit 1
405 414 fi
406 415
407 416 # Check if specified FBTURBOSRC_DIR directory exists
408 417 if [ -n "$FBTURBOSRC_DIR" ] && [ ! -d "$FBTURBOSRC_DIR" ] ; then
409 418 echo "error: '${FBTURBOSRC_DIR}' specified directory not found (FBTURBOSRC_DIR)!"
410 419 exit 1
411 420 fi
412 421
413 422 # Check if specified CHROOT_SCRIPTS directory exists
414 423 if [ -n "$CHROOT_SCRIPTS" ] && [ ! -d "$CHROOT_SCRIPTS" ] ; then
415 424 echo "error: ${CHROOT_SCRIPTS} specified directory not found (CHROOT_SCRIPTS)!"
416 425 exit 1
417 426 fi
418 427
419 428 # Check if specified device mapping already exists (will be used by cryptsetup)
420 429 if [ -r "/dev/mapping/${CRYPTFS_MAPPING}" ] ; then
421 430 echo "error: mapping /dev/mapping/${CRYPTFS_MAPPING} already exists, not proceeding"
422 431 exit 1
423 432 fi
424 433
425 434 # Don't clobber an old build
426 435 if [ -e "$BUILDDIR" ] ; then
427 436 echo "error: directory ${BUILDDIR} already exists, not proceeding"
428 437 exit 1
429 438 fi
430 439
431 440 # Setup chroot directory
432 441 mkdir -p "${R}"
433 442
434 443 # Check if build directory has enough of free disk space >512MB
435 444 if [ "$(df --output=avail ${BUILDDIR} | sed "1d")" -le "524288" ] ; then
436 445 echo "error: ${BUILDDIR} not enough space left to generate the output image!"
437 446 exit 1
438 447 fi
439 448
440 449 set -x
441 450
442 451 # Call "cleanup" function on various signals and errors
443 452 trap cleanup 0 1 2 3 6
444 453
445 454 # Add required packages for the minbase installation
446 455 if [ "$ENABLE_MINBASE" = true ] ; then
447 456 APT_INCLUDES="${APT_INCLUDES},vim-tiny,netbase,net-tools,ifupdown"
448 457 fi
449 458
450 459 # Add required locales packages
451 if [ "$DEFLOCAL" != "en_US.UTF-8" ] ; then
460 if [ "$DEFLOCAL" != "en_US.UTF-8" ] || ([ -n XKB_MODEL ] || [ -n XKB_LAYOUT ] || [ -n XKB_VARIANT ] || [ -n XKB_OPTIONS ]); then
452 461 APT_INCLUDES="${APT_INCLUDES},locales,keyboard-configuration,console-setup"
453 462 fi
454 463
455 464 # Add parted package, required to get partprobe utility
456 465 if [ "$EXPANDROOT" = true ] ; then
457 466 APT_INCLUDES="${APT_INCLUDES},parted"
458 467 fi
459 468
460 469 # Add dbus package, recommended if using systemd
461 470 if [ "$ENABLE_DBUS" = true ] ; then
462 471 APT_INCLUDES="${APT_INCLUDES},dbus"
463 472 fi
464 473
465 474 # Add iptables IPv4/IPv6 package
466 475 if [ "$ENABLE_IPTABLES" = true ] ; then
467 APT_INCLUDES="${APT_INCLUDES},iptables"
476 APT_INCLUDES="${APT_INCLUDES},iptables,iptables-persistent"
468 477 fi
469 478
470 479 # Add openssh server package
471 480 if [ "$ENABLE_SSHD" = true ] ; then
472 481 APT_INCLUDES="${APT_INCLUDES},openssh-server"
473 482 fi
474 483
475 484 # Add alsa-utils package
476 485 if [ "$ENABLE_SOUND" = true ] ; then
477 486 APT_INCLUDES="${APT_INCLUDES},alsa-utils"
478 487 fi
479 488
480 489 # Add rng-tools package
481 490 if [ "$ENABLE_HWRANDOM" = true ] ; then
482 491 APT_INCLUDES="${APT_INCLUDES},rng-tools"
483 492 fi
484 493
485 494 # Add fbturbo video driver
486 495 if [ "$ENABLE_FBTURBO" = true ] ; then
487 496 # Enable xorg package dependencies
488 497 ENABLE_XORG=true
489 498 fi
490 499
491 500 # Add user defined window manager package
492 501 if [ -n "$ENABLE_WM" ] ; then
493 502 APT_INCLUDES="${APT_INCLUDES},${ENABLE_WM}"
494 503
495 504 # Enable xorg package dependencies
496 505 ENABLE_XORG=true
497 506 fi
498 507
499 508 # Add xorg package
500 509 if [ "$ENABLE_XORG" = true ] ; then
501 510 APT_INCLUDES="${APT_INCLUDES},xorg,dbus-x11"
502 511 fi
503 512
504 513 # Replace selected packages with smaller clones
505 514 if [ "$ENABLE_REDUCE" = true ] ; then
506 515 # Add levee package instead of vim-tiny
507 516 if [ "$REDUCE_VIM" = true ] ; then
508 517 APT_INCLUDES="$(echo ${APT_INCLUDES} | sed "s/vim-tiny/levee/")"
509 518 fi
510 519
511 520 # Add dropbear package instead of openssh-server
512 521 if [ "$REDUCE_SSHD" = true ] ; then
513 522 APT_INCLUDES="$(echo ${APT_INCLUDES} | sed "s/openssh-server/dropbear/")"
514 523 fi
515 524 fi
516 525
517 526 if [ "$RELEASE" != "jessie" ] ; then
518 527 APT_INCLUDES="${APT_INCLUDES},libnss-systemd"
519 528 fi
520 529
521 530 # Configure kernel sources if no KERNELSRC_DIR
522 531 if [ "$BUILD_KERNEL" = true ] && [ -z "$KERNELSRC_DIR" ] ; then
523 532 KERNELSRC_CONFIG=true
524 533 fi
525 534
526 535 # Configure reduced kernel
527 536 if [ "$KERNEL_REDUCE" = true ] ; then
528 537 KERNELSRC_CONFIG=false
529 538 fi
530 539
531 540 # Configure qemu compatible kernel
532 541 if [ "$ENABLE_QEMU" = true ] ; then
533 542 DTB_FILE=vexpress-v2p-ca15_a7.dtb
534 543 UBOOT_CONFIG=vexpress_ca15_tc2_defconfig
535 544 KERNEL_DEFCONFIG="vexpress_defconfig"
536 545 if [ "$KERNEL_MENUCONFIG" = false ] ; then
537 546 KERNEL_OLDDEFCONFIG=true
538 547 fi
539 548 fi
540 549
541 550 # Execute bootstrap scripts
542 551 for SCRIPT in bootstrap.d/*.sh; do
543 552 head -n 3 "$SCRIPT"
544 553 . "$SCRIPT"
545 554 done
546 555
547 556 ## Execute custom bootstrap scripts
548 557 if [ -d "custom.d" ] ; then
549 558 for SCRIPT in custom.d/*.sh; do
550 559 . "$SCRIPT"
551 560 done
552 561 fi
553 562
554 563 # Execute custom scripts inside the chroot
555 564 if [ -n "$CHROOT_SCRIPTS" ] && [ -d "$CHROOT_SCRIPTS" ] ; then
556 565 cp -r "${CHROOT_SCRIPTS}" "${R}/chroot_scripts"
557 566 chroot_exec /bin/bash -x <<'EOF'
558 567 for SCRIPT in /chroot_scripts/* ; do
559 568 if [ -f $SCRIPT -a -x $SCRIPT ] ; then
560 569 $SCRIPT
561 570 fi
562 571 done
563 572 EOF
564 573 rm -rf "${R}/chroot_scripts"
565 574 fi
566 575
567 576 # Remove c/c++ build environment from the chroot
568 577 chroot_remove_cc
569 578
570 579 # Remove apt-utils
571 580 if [ "$RELEASE" = "jessie" ] ; then
572 581 chroot_exec apt-get purge -qq -y --force-yes apt-utils
573 582 fi
574 583
575 584 # Generate required machine-id
576 585 MACHINE_ID=$(dbus-uuidgen)
577 586 echo -n "${MACHINE_ID}" > "${R}/var/lib/dbus/machine-id"
578 587 echo -n "${MACHINE_ID}" > "${ETC_DIR}/machine-id"
579 588
580 589 # APT Cleanup
581 590 chroot_exec apt-get -y clean
582 591 chroot_exec apt-get -y autoclean
583 592 chroot_exec apt-get -y autoremove
584 593
585 594 # Unmount mounted filesystems
586 595 umount -l "${R}/proc"
587 596 umount -l "${R}/sys"
588 597
589 598 # Clean up directories
590 599 rm -rf "${R}/run/*"
591 600 rm -rf "${R}/tmp/*"
592 601
593 602 # Clean up files
594 603 rm -f "${ETC_DIR}/ssh/ssh_host_*"
595 604 rm -f "${ETC_DIR}/dropbear/dropbear_*"
596 605 rm -f "${ETC_DIR}/apt/sources.list.save"
597 606 rm -f "${ETC_DIR}/resolvconf/resolv.conf.d/original"
598 607 rm -f "${ETC_DIR}/*-"
599 608 rm -f "${ETC_DIR}/apt/apt.conf.d/10proxy"
600 609 rm -f "${ETC_DIR}/resolv.conf"
601 610 rm -f "${R}/root/.bash_history"
602 611 rm -f "${R}/var/lib/urandom/random-seed"
603 612 rm -f "${R}/initrd.img"
604 613 rm -f "${R}/vmlinuz"
605 614 rm -f "${R}${QEMU_BINARY}"
606 615
607 616 if [ "$ENABLE_QEMU" = true ] ; then
608 617 # Setup QEMU directory
609 618 mkdir "${BASEDIR}/qemu"
610 619
611 620 # Copy kernel image to QEMU directory
612 621 install_readonly "${BOOT_DIR}/${KERNEL_IMAGE}" "${BASEDIR}/qemu/${KERNEL_IMAGE}"
613 622
614 623 # Copy kernel config to QEMU directory
615 624 install_readonly "${R}/boot/config-${KERNEL_VERSION}" "${BASEDIR}/qemu/config-${KERNEL_VERSION}"
616 625
617 626 # Copy kernel dtbs to QEMU directory
618 627 for dtb in "${BOOT_DIR}/"*.dtb ; do
619 628 if [ -f "${dtb}" ] ; then
620 629 install_readonly "${dtb}" "${BASEDIR}/qemu/"
621 630 fi
622 631 done
623 632
624 633 # Copy kernel overlays to QEMU directory
625 634 if [ -d "${BOOT_DIR}/overlays" ] ; then
626 635 # Setup overlays dtbs directory
627 636 mkdir "${BASEDIR}/qemu/overlays"
628 637
629 638 for dtb in "${BOOT_DIR}/overlays/"*.dtb ; do
630 639 if [ -f "${dtb}" ] ; then
631 640 install_readonly "${dtb}" "${BASEDIR}/qemu/overlays/"
632 641 fi
633 642 done
634 643 fi
635 644
636 645 # Copy u-boot files to QEMU directory
637 646 if [ "$ENABLE_UBOOT" = true ] ; then
638 647 if [ -f "${BOOT_DIR}/u-boot.bin" ] ; then
639 648 install_readonly "${BOOT_DIR}/u-boot.bin" "${BASEDIR}/qemu/u-boot.bin"
640 649 fi
641 650 if [ -f "${BOOT_DIR}/uboot.mkimage" ] ; then
642 651 install_readonly "${BOOT_DIR}/uboot.mkimage" "${BASEDIR}/qemu/uboot.mkimage"
643 652 fi
644 653 if [ -f "${BOOT_DIR}/boot.scr" ] ; then
645 654 install_readonly "${BOOT_DIR}/boot.scr" "${BASEDIR}/qemu/boot.scr"
646 655 fi
647 656 fi
648 657
649 658 # Copy initramfs to QEMU directory
650 659 if [ -f "${BOOT_DIR}/initramfs-${KERNEL_VERSION}" ] ; then
651 660 install_readonly "${BOOT_DIR}/initramfs-${KERNEL_VERSION}" "${BASEDIR}/qemu/initramfs-${KERNEL_VERSION}"
652 661 fi
653 662 fi
654 663
655 664 # Calculate size of the chroot directory in KB
656 665 CHROOT_SIZE=$(expr `du -s "${R}" | awk '{ print $1 }'`)
657 666
658 667 # Calculate the amount of needed 512 Byte sectors
659 668 TABLE_SECTORS=$(expr 1 \* 1024 \* 1024 \/ 512)
660 669 FRMW_SECTORS=$(expr 64 \* 1024 \* 1024 \/ 512)
661 670 ROOT_OFFSET=$(expr ${TABLE_SECTORS} + ${FRMW_SECTORS})
662 671
663 672 # The root partition is EXT4
664 673 # This means more space than the actual used space of the chroot is used.
665 674 # As overhead for journaling and reserved blocks 35% are added.
666 675 ROOT_SECTORS=$(expr $(expr ${CHROOT_SIZE} + ${CHROOT_SIZE} \/ 100 \* 35) \* 1024 \/ 512)
667 676
668 677 # Calculate required image size in 512 Byte sectors
669 678 IMAGE_SECTORS=$(expr ${TABLE_SECTORS} + ${FRMW_SECTORS} + ${ROOT_SECTORS})
670 679
671 680 # Prepare image file
672 681 if [ "$ENABLE_SPLITFS" = true ] ; then
673 682 dd if=/dev/zero of="$IMAGE_NAME-frmw.img" bs=512 count=${TABLE_SECTORS}
674 683 dd if=/dev/zero of="$IMAGE_NAME-frmw.img" bs=512 count=0 seek=${FRMW_SECTORS}
675 684 dd if=/dev/zero of="$IMAGE_NAME-root.img" bs=512 count=${TABLE_SECTORS}
676 685 dd if=/dev/zero of="$IMAGE_NAME-root.img" bs=512 count=0 seek=${ROOT_SECTORS}
677 686
678 687 # Write firmware/boot partition tables
679 688 sfdisk -q -L -uS -f "$IMAGE_NAME-frmw.img" 2> /dev/null <<EOM
680 689 ${TABLE_SECTORS},${FRMW_SECTORS},c,*
681 690 EOM
682 691
683 692 # Write root partition table
684 693 sfdisk -q -L -uS -f "$IMAGE_NAME-root.img" 2> /dev/null <<EOM
685 694 ${TABLE_SECTORS},${ROOT_SECTORS},83
686 695 EOM
687 696
688 697 # Setup temporary loop devices
689 698 FRMW_LOOP="$(losetup -o 1M --sizelimit 64M -f --show $IMAGE_NAME-frmw.img)"
690 699 ROOT_LOOP="$(losetup -o 1M -f --show $IMAGE_NAME-root.img)"
691 700 else # ENABLE_SPLITFS=false
692 701 dd if=/dev/zero of="$IMAGE_NAME.img" bs=512 count=${TABLE_SECTORS}
693 702 dd if=/dev/zero of="$IMAGE_NAME.img" bs=512 count=0 seek=${IMAGE_SECTORS}
694 703
695 704 # Write partition table
696 705 sfdisk -q -L -uS -f "$IMAGE_NAME.img" 2> /dev/null <<EOM
697 706 ${TABLE_SECTORS},${FRMW_SECTORS},c,*
698 707 ${ROOT_OFFSET},${ROOT_SECTORS},83
699 708 EOM
700 709
701 710 # Setup temporary loop devices
702 711 FRMW_LOOP="$(losetup -o 1M --sizelimit 64M -f --show $IMAGE_NAME.img)"
703 712 ROOT_LOOP="$(losetup -o 65M -f --show $IMAGE_NAME.img)"
704 713 fi
705 714
706 715 if [ "$ENABLE_CRYPTFS" = true ] ; then
707 716 # Create dummy ext4 fs
708 717 mkfs.ext4 "$ROOT_LOOP"
709 718
710 719 # Setup password keyfile
711 720 touch .password
712 721 chmod 600 .password
713 722 echo -n ${CRYPTFS_PASSWORD} > .password
714 723
715 724 # Initialize encrypted partition
716 725 echo "YES" | cryptsetup luksFormat "${ROOT_LOOP}" -c "${CRYPTFS_CIPHER}" -s "${CRYPTFS_XTSKEYSIZE}" .password
717 726
718 727 # Open encrypted partition and setup mapping
719 728 cryptsetup luksOpen "${ROOT_LOOP}" -d .password "${CRYPTFS_MAPPING}"
720 729
721 730 # Secure delete password keyfile
722 731 shred -zu .password
723 732
724 733 # Update temporary loop device
725 734 ROOT_LOOP="/dev/mapper/${CRYPTFS_MAPPING}"
726 735
727 736 # Wipe encrypted partition (encryption cipher is used for randomness)
728 737 dd if=/dev/zero of="${ROOT_LOOP}" bs=512 count=$(blockdev --getsz "${ROOT_LOOP}")
729 738 fi
730 739
731 740 # Build filesystems
732 741 mkfs.vfat "$FRMW_LOOP"
733 742 mkfs.ext4 "$ROOT_LOOP"
734 743
735 744 # Mount the temporary loop devices
736 745 mkdir -p "$BUILDDIR/mount"
737 746 mount "$ROOT_LOOP" "$BUILDDIR/mount"
738 747
739 748 mkdir -p "$BUILDDIR/mount/boot/firmware"
740 749 mount "$FRMW_LOOP" "$BUILDDIR/mount/boot/firmware"
741 750
742 751 # Copy all files from the chroot to the loop device mount point directory
743 752 rsync -a "${R}/" "$BUILDDIR/mount/"
744 753
745 754 # Unmount all temporary loop devices and mount points
746 755 cleanup
747 756
748 757 # Create block map file(s) of image(s)
749 758 if [ "$ENABLE_SPLITFS" = true ] ; then
750 759 # Create block map files for "bmaptool"
751 760 bmaptool create -o "$IMAGE_NAME-frmw.bmap" "$IMAGE_NAME-frmw.img"
752 761 bmaptool create -o "$IMAGE_NAME-root.bmap" "$IMAGE_NAME-root.img"
753 762
754 763 # Image was successfully created
755 764 echo "$IMAGE_NAME-frmw.img ($(expr \( ${TABLE_SECTORS} + ${FRMW_SECTORS} \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
756 765 echo "$IMAGE_NAME-root.img ($(expr \( ${TABLE_SECTORS} + ${ROOT_SECTORS} \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
757 766 else
758 767 # Create block map file for "bmaptool"
759 768 bmaptool create -o "$IMAGE_NAME.bmap" "$IMAGE_NAME.img"
760 769
761 770 # Image was successfully created
762 771 echo "$IMAGE_NAME.img ($(expr \( ${TABLE_SECTORS} + ${FRMW_SECTORS} + ${ROOT_SECTORS} \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
763 772
764 773 # Create qemu qcow2 image
765 774 if [ "$ENABLE_QEMU" = true ] ; then
766 775 QEMU_IMAGE=${QEMU_IMAGE:=${BASEDIR}/qemu/${DATE}-${KERNEL_ARCH}-CURRENT-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}}
767 776 QEMU_SIZE=16G
768 777
769 778 qemu-img convert -f raw -O qcow2 $IMAGE_NAME.img $QEMU_IMAGE.qcow2
770 779 qemu-img resize $QEMU_IMAGE.qcow2 $QEMU_SIZE
771 780
772 781 echo "$QEMU_IMAGE.qcow2 ($QEMU_SIZE)" ": successfully created"
773 782 fi
774 783 fi
General Comments 0
Vous devez vous connecter pour laisser un commentaire. Se connecter maintenant