##// END OF EJS Templates
Added ENABLE_SPLITFS option to produce distinct /boot/firmware and root images
Vincent Knecht -
r66:061173da65b0 Fusion
parent child
Show More
@@ -0,0 +1,3
1 images
2 custom.d
3 *.swp
@@ -0,0 +1,27
1 #
2 # Debootstrap basic system
3 #
4
5 . ./functions.sh
6
7 # Base debootstrap (unpack only)
8 if [ "$ENABLE_MINBASE" = true ] ; then
9 http_proxy=${APT_PROXY} debootstrap --arch=armhf --variant=minbase --foreign --include=${APT_INCLUDES} $RELEASE $R http://${APT_SERVER}/debian
10 else
11 http_proxy=${APT_PROXY} debootstrap --arch=armhf --foreign --include=${APT_INCLUDES} $RELEASE $R http://${APT_SERVER}/debian
12 fi
13
14 # Copy qemu emulator binary to chroot
15 cp /usr/bin/qemu-arm-static $R/usr/bin
16
17 # Copy debian-archive-keyring.pgp
18 mkdir -p $R/usr/share/keyrings
19 cp /usr/share/keyrings/debian-archive-keyring.gpg $R/usr/share/keyrings/debian-archive-keyring.gpg
20
21 # Complete the bootstrapping process
22 chroot_exec /debootstrap/debootstrap --second-stage
23
24 # Mount required filesystems
25 mount -t proc none $R/proc
26 mount -t sysfs none $R/sys
27 mount --bind /dev/pts $R/dev/pts
@@ -0,0 +1,40
1 #
2 # Setup APT repositories
3 #
4
5 . ./functions.sh
6
7 # Use proxy inside chroot
8 if [ -z "$APT_PROXY" ] ; then
9 echo "Acquire::http::Proxy \"$APT_PROXY\";" >> $R/etc/apt/apt.conf.d/10proxy
10 fi
11
12 # Pin package flash-kernel to repositories.collabora.co.uk
13 cat <<EOM >$R/etc/apt/preferences.d/flash-kernel
14 Package: flash-kernel
15 Pin: origin repositories.collabora.co.uk
16 Pin-Priority: 1000
17 EOM
18
19 # Upgrade collabora package index and install collabora keyring
20 echo "deb https://repositories.collabora.co.uk/debian ${RELEASE} rpi2" >$R/etc/apt/sources.list
21 chroot_exec apt-get -qq -y update
22 chroot_exec apt-get -qq -y --force-yes install collabora-obs-archive-keyring
23
24 # Set up initial sources.list
25 cat <<EOM >$R/etc/apt/sources.list
26 deb http://${APT_SERVER}/debian ${RELEASE} main contrib
27 #deb-src http://${APT_SERVER}/debian ${RELEASE} main contrib
28
29 deb http://${APT_SERVER}/debian/ ${RELEASE}-updates main contrib
30 #deb-src http://${APT_SERVER}/debian/ ${RELEASE}-updates main contrib
31
32 deb http://security.debian.org/ ${RELEASE}/updates main contrib
33 #deb-src http://security.debian.org/ ${RELEASE}/updates main contrib
34
35 deb https://repositories.collabora.co.uk/debian ${RELEASE} rpi2
36 EOM
37
38 # Upgrade package index and update all installed packages and changed dependencies
39 chroot_exec apt-get -qq -y update
40 chroot_exec apt-get -qq -y -u dist-upgrade
@@ -0,0 +1,52
1 #
2 # Setup locales and keyboard settings
3 #
4
5 . ./functions.sh
6
7 # Set up timezone
8 echo ${TIMEZONE} >$R/etc/timezone
9 chroot_exec dpkg-reconfigure -f noninteractive tzdata
10
11 # Set up default locale and keyboard configuration
12 if [ "$ENABLE_MINBASE" = false ] ; then
13 # Set locale choice in debconf db, even though dpkg-reconfigure ignores and overwrites them due to some bug
14 # https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=684134 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=685957
15 # ... so we have to set locales manually
16 if [ "$DEFLOCAL" = "en_US.UTF-8" ] ; then
17 chroot_exec echo "locales locales/locales_to_be_generated multiselect ${DEFLOCAL} UTF-8" | debconf-set-selections
18 else
19 # en_US.UTF-8 should be available anyway : https://www.debian.org/doc/manuals/debian-reference/ch08.en.html#_the_reconfiguration_of_the_locale
20 chroot_exec echo "locales locales/locales_to_be_generated multiselect en_US.UTF-8 UTF-8, ${DEFLOCAL} UTF-8" | debconf-set-selections
21 chroot_exec sed -i "/en_US.UTF-8/s/^#//" /etc/locale.gen
22 fi
23 chroot_exec sed -i "/${DEFLOCAL}/s/^#//" /etc/locale.gen
24 chroot_exec echo "locales locales/default_environment_locale select ${DEFLOCAL}" | debconf-set-selections
25 chroot_exec locale-gen
26 chroot_exec update-locale LANG=${DEFLOCAL}
27
28 # Keyboard configuration, if requested
29 if [ "$XKBMODEL" != "" ] ; then
30 chroot_exec sed -i "s/^XKBMODEL.*/XKBMODEL=\"${XKBMODEL}\"/" /etc/default/keyboard
31 fi
32 if [ "$XKBLAYOUT" != "" ] ; then
33 chroot_exec sed -i "s/^XKBLAYOUT.*/XKBLAYOUT=\"${XKBLAYOUT}\"/" /etc/default/keyboard
34 fi
35 if [ "$XKBVARIANT" != "" ] ; then
36 chroot_exec sed -i "s/^XKBVARIANT.*/XKBVARIANT=\"${XKBVARIANT}\"/" /etc/default/keyboard
37 fi
38 if [ "$XKBOPTIONS" != "" ] ; then
39 chroot_exec sed -i "s/^XKBOPTIONS.*/XKBOPTIONS=\"${XKBOPTIONS}\"/" /etc/default/keyboard
40 fi
41 chroot_exec dpkg-reconfigure -f noninteractive keyboard-configuration
42 # Set up font console
43 case "${DEFLOCAL}" in
44 *UTF-8)
45 chroot_exec sed -i 's/^CHARMAP.*/CHARMAP="UTF-8"/' /etc/default/console-setup
46 ;;
47 *)
48 chroot_exec sed -i 's/^CHARMAP.*/CHARMAP="guess"/' /etc/default/console-setup
49 ;;
50 esac
51 chroot_exec dpkg-reconfigure -f noninteractive console-setup
52 fi
@@ -0,0 +1,109
1 #
2 # Kernel installation
3 #
4
5 . ./functions.sh
6
7 # Fetch and build latest raspberry kernel
8 if [ "$BUILD_KERNEL" = true ] ; then
9 # Fetch current raspberrypi kernel sources
10 git -C $R/usr/local/src clone --depth=1 https://github.com/raspberrypi/linux
11
12 # Load default raspberry kernel configuration
13 make -C $R/usr/local/src/linux ARCH=arm CROSS_COMPILE=arm-linux-gnueabihf- bcm2709_defconfig
14
15 # Cross compile kernel and modules
16 make -C $R/usr/local/src/linux -j$(grep -c processor /proc/cpuinfo) ARCH=arm CROSS_COMPILE=arm-linux-gnueabihf- zImage modules dtbs
17
18 # Install kernel modules
19 make -C $R/usr/local/src/linux ARCH=arm CROSS_COMPILE=arm-linux-gnueabihf- INSTALL_MOD_PATH=../.. modules_install
20
21 # Install kernel headers
22 if [ "$KERNEL_HEADERS" = true ]; then
23 make -C $R/usr/local/src/linux ARCH=arm CROSS_COMPILE=arm-linux-gnueabihf- INSTALL_HDR_PATH=../../usr headers_install
24 fi
25
26 # Copy and rename compiled kernel to boot directory
27 mkdir $R/boot/firmware/
28 $R/usr/local/src/linux/scripts/mkknlimg $R/usr/local/src/linux/arch/arm/boot/zImage $R/boot/firmware/kernel7.img
29
30 # Copy dts and dtb device definitions
31 mkdir $R/boot/firmware/overlays/
32 cp $R/usr/local/src/linux/arch/arm/boot/dts/*.dtb $R/boot/firmware/
33 cp $R/usr/local/src/linux/arch/arm/boot/dts/overlays/*.dtb* $R/boot/firmware/overlays/
34 cp $R/usr/local/src/linux/arch/arm/boot/dts/overlays/README $R/boot/firmware/overlays/
35
36 # Install raspberry bootloader and flash-kernel
37 chroot_exec apt-get -qq -y --no-install-recommends install raspberrypi-bootloader-nokernel
38 else
39 # Kernel installation
40 chroot_exec apt-get -qq -y --no-install-recommends install linux-image-${KERNEL} raspberrypi-bootloader-nokernel
41
42 # Install flash-kernel last so it doesn't try (and fail) to detect the platform in the chroot
43 chroot_exec apt-get -qq -y install flash-kernel
44
45 VMLINUZ="$(ls -1 $R/boot/vmlinuz-* | sort | tail -n 1)"
46 [ -z "$VMLINUZ" ] && exit 1
47 cp $VMLINUZ $R/boot/firmware/kernel7.img
48 fi
49
50 # Set up firmware boot cmdline
51 if [ "$ENABLE_SPLITFS" = true ] ; then
52 CMDLINE="dwc_otg.lpm_enable=0 root=/dev/sda1 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline rootwait net.ifnames=1 console=tty1 ${CMDLINE}"
53 else
54 CMDLINE="dwc_otg.lpm_enable=0 root=/dev/mmcblk0p2 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline rootwait net.ifnames=1 console=tty1 ${CMDLINE}"
55 fi
56
57 # Set up serial console support (if requested)
58 if [ "$ENABLE_CONSOLE" = true ] ; then
59 CMDLINE="${CMDLINE} console=ttyAMA0,115200 kgdboc=ttyAMA0,115200"
60 fi
61
62 # Set up IPv6 networking support
63 if [ "$ENABLE_IPV6" = false ] ; then
64 CMDLINE="${CMDLINE} ipv6.disable=1"
65 fi
66
67 echo "${CMDLINE}" >$R/boot/firmware/cmdline.txt
68
69 # Set up firmware config
70 install -o root -g root -m 644 files/config.txt $R/boot/firmware/config.txt
71
72 # Load snd_bcm2835 kernel module at boot time
73 if [ "$ENABLE_SOUND" = true ] ; then
74 echo "snd_bcm2835" >>$R/etc/modules
75 fi
76
77 # Set smallest possible GPU memory allocation size: 16MB (no X)
78 if [ "$ENABLE_MINGPU" = true ] ; then
79 echo "gpu_mem=16" >>$R/boot/firmware/config.txt
80 fi
81
82 # Create symlinks
83 ln -sf firmware/config.txt $R/boot/config.txt
84 ln -sf firmware/cmdline.txt $R/boot/cmdline.txt
85
86 # Prepare modules-load.d directory
87 mkdir -p $R/lib/modules-load.d/
88
89 # Load random module on boot
90 if [ "$ENABLE_HWRANDOM" = true ] ; then
91 cat <<EOM >$R/lib/modules-load.d/rpi2.conf
92 bcm2708_rng
93 EOM
94 fi
95
96 # Prepare modprobe.d directory
97 mkdir -p $R/etc/modprobe.d/
98
99 # Blacklist sound modules
100 install -o root -g root -m 644 files/modprobe.d/raspi-blacklist.conf $R/etc/modprobe.d/raspi-blacklist.conf
101
102 # Create default fstab
103 install -o root -g root -m 644 files/fstab $R/etc/fstab
104 if [ "$ENABLE_SPLITFS" = true ] ; then
105 sed -i 's/mmcblk0p2/sda1/' $R/etc/fstab
106 fi
107
108 # Avoid swapping and increase cache sizes
109 install -o root -g root -m 644 files/sysctl.d/81-rpi-vm.conf $R/etc/sysctl.d/81-rpi-vm.conf
@@ -0,0 +1,78
1 #
2 # Setup networking
3 #
4
5 . ./functions.sh
6
7 # Set up IPv4 hosts
8 echo ${HOSTNAME} >$R/etc/hostname
9 cat <<EOM >$R/etc/hosts
10 127.0.0.1 localhost
11 127.0.1.1 ${HOSTNAME}
12 EOM
13
14 if [ "$NET_ADDRESS" != "" ] ; then
15 NET_IP=$(echo ${NET_ADDRESS} | cut -f 1 -d'/')
16 sed -i "s/^127.0.1.1/${NET_IP}/" $R/etc/hosts
17 fi
18
19 # Set up IPv6 hosts
20 if [ "$ENABLE_IPV6" = true ] ; then
21 cat <<EOM >>$R/etc/hosts
22
23 ::1 localhost ip6-localhost ip6-loopback
24 ff02::1 ip6-allnodes
25 ff02::2 ip6-allrouters
26 EOM
27 fi
28
29 # Place hint about network configuration
30 cat <<EOM >$R/etc/network/interfaces
31 # Debian switched to systemd-networkd configuration files.
32 # please configure your networks in '/etc/systemd/network/'
33 source /etc/interfaces.d/*.conf
34 EOM
35
36 if [ "$ENABLE_DHCP" = true ] ; then
37 # Enable systemd-networkd DHCP configuration for interface eth0
38 cat <<EOM >$R/etc/systemd/network/eth.network
39 [Match]
40 Name=eth0
41
42 [Network]
43 DHCP=yes
44 EOM
45
46 # Set DHCP configuration to IPv4 only
47 if [ "$ENABLE_IPV6" = false ] ; then
48 sed -i "s/^DHCP=yes/DHCP=v4/" $R/etc/systemd/network/eth.network
49 fi
50 else # ENABLE_DHCP=false
51 cat <<EOM >$R/etc/systemd/network/eth.network
52 [Match]
53 Name=eth0
54
55 [Network]
56 DHCP=no
57 Address=${NET_ADDRESS}
58 Gateway=${NET_GATEWAY}
59 DNS=${NET_DNS_1}
60 DNS=${NET_DNS_2}
61 Domains=${NET_DNS_DOMAINS}
62 NTP=${NET_NTP_1}
63 NTP=${NET_NTP_2}
64 EOM
65 fi
66
67 # Enable systemd-networkd service
68 chroot_exec systemctl enable systemd-networkd
69
70 # Enable network stack hardening
71 if [ "$ENABLE_HARDNET" = true ] ; then
72 install -o root -g root -m 644 files/sysctl.d/82-rpi-net-hardening.conf $R/etc/sysctl.d/82-rpi-net-hardening.conf
73
74 # Enable resolver warnings about spoofed addresses
75 cat <<EOM >>$R/etc/host.conf
76 spoof warn
77 EOM
78 fi
@@ -0,0 +1,43
1 #
2 # Enable firewall based on iptables started by systemd service
3 #
4
5 . ./functions.sh
6
7 if [ "$ENABLE_IPTABLES" = true ] ; then
8 # Create iptables configuration directory
9 mkdir -p "$R/etc/iptables"
10
11 # Create iptables systemd service
12 install -o root -g root -m 644 files/iptables/iptables.service $R/etc/systemd/system/iptables.service
13
14 # Create flush-table script called by iptables service
15 install -o root -g root -m 755 files/iptables/flush-iptables.sh $R/etc/iptables/flush-iptables.sh
16
17 # Create iptables rule file
18 install -o root -g root -m 644 files/iptables/iptables.rules $R/etc/iptables/iptables.rules
19
20 # Reload systemd configuration and enable iptables service
21 chroot_exec systemctl daemon-reload
22 chroot_exec systemctl enable iptables.service
23
24 if [ "$ENABLE_IPV6" = true ] ; then
25 # Create ip6tables systemd service
26 install -o root -g root -m 644 files/iptables/ip6tables.service $R/etc/systemd/system/ip6tables.service
27
28 # Create ip6tables file
29 install -o root -g root -m 755 files/iptables/flush-ip6tables.sh $R/etc/iptables/flush-ip6tables.sh
30
31 install -o root -g root -m 644 files/iptables/ip6tables.rules $R/etc/iptables/ip6tables.rules
32
33 # Reload systemd configuration and enable iptables service
34 chroot_exec systemctl daemon-reload
35 chroot_exec systemctl enable ip6tables.service
36 fi
37 fi
38
39 # Remove SSHD related iptables rules
40 if [ "$ENABLE_SSHD" = false ] ; then
41 sed -e '/^#/! {/SSH/ s/^/# /}' -i $R/etc/iptables/iptables.rules 2> /dev/null
42 sed -e '/^#/! {/SSH/ s/^/# /}' -i $R/etc/iptables/ip6tables.rules 2> /dev/null
43 fi
@@ -0,0 +1,30
1 #
2 # Setup users and security settings
3 #
4
5 . ./functions.sh
6
7 # Generate crypt(3) password string
8 ENCRYPTED_PASSWORD=`mkpasswd -m sha-512 ${PASSWORD}`
9
10 # Set up default user
11 if [ "$ENABLE_USER" = true ] ; then
12 chroot_exec adduser --gecos pi --add_extra_groups --disabled-password pi
13 chroot_exec usermod -a -G sudo -p "${ENCRYPTED_PASSWORD}" pi
14 fi
15
16 # Set up root password or not
17 if [ "$ENABLE_ROOT" = true ]; then
18 chroot_exec usermod -p "${ENCRYPTED_PASSWORD}" root
19
20 if [ "$ENABLE_ROOT_SSH" = true ]; then
21 sed -i 's|[#]*PermitRootLogin.*|PermitRootLogin yes|g' $R/etc/ssh/sshd_config
22 fi
23 else
24 chroot_exec usermod -p \'!\' root
25 fi
26
27 # Enable serial console systemd style
28 if [ "$ENABLE_CONSOLE" = true ] ; then
29 chroot_exec systemctl enable serial-getty\@ttyAMA0.service
30 fi
@@ -0,0 +1,12
1 #
2 # Setup logging
3 #
4
5 . ./functions.sh
6
7 # Disable rsyslog
8 if [ "$ENABLE_RSYSLOG" = false ]; then
9 sed -i 's|[#]*ForwardToSyslog=yes|ForwardToSyslog=no|g' $R/etc/systemd/journald.conf
10 chroot_exec systemctl disable rsyslog
11 chroot_exec apt-get purge -q -y --force-yes rsyslog
12 fi
@@ -0,0 +1,44
1 #
2 # Setup Uboot
3 #
4
5 . ./functions.sh
6
7 # Install gcc/c++ build environment inside the chroot
8 if [ "$ENABLE_UBOOT" = true ] || [ "$ENABLE_FBTURBO" = true ]; then
9 chroot_exec apt-get install -q -y --force-yes --no-install-recommends linux-compiler-gcc-4.9-arm g++ make bc
10 fi
11
12 # Fetch and build U-Boot bootloader
13 if [ "$ENABLE_UBOOT" = true ] ; then
14 # Fetch U-Boot bootloader sources
15 git -C $R/tmp clone git://git.denx.de/u-boot.git
16
17 # Build and install U-Boot inside chroot
18 chroot_exec make -C /tmp/u-boot/ rpi_2_defconfig all
19
20 # Copy compiled bootloader binary and set config.txt to load it
21 cp $R/tmp/u-boot/u-boot.bin $R/boot/firmware/
22 printf "\n# boot u-boot kernel\nkernel=u-boot.bin\n" >> $R/boot/firmware/config.txt
23
24 # Set U-Boot command file
25 cat <<EOM >$R/boot/firmware/uboot.mkimage
26 # Tell Linux that it is booting on a Raspberry Pi2
27 setenv machid 0x00000c42
28
29 # Set the kernel boot command line
30 setenv bootargs "earlyprintk ${CMDLINE}"
31
32 # Save these changes to u-boot's environment
33 saveenv
34
35 # Load the existing Linux kernel into RAM
36 fatload mmc 0:1 \${kernel_addr_r} kernel7.img
37
38 # Boot the kernel we have just loaded
39 bootz \${kernel_addr_r}
40 EOM
41
42 # Generate U-Boot image from command file
43 chroot_exec mkimage -A arm -O linux -T script -C none -a 0x00000000 -e 0x00000000 -n "RPi2 Boot Script" -d /boot/firmware/uboot.mkimage /boot/firmware/boot.scr
44 fi
@@ -0,0 +1,34
1 #
2 # Fetch and build fbturbo Xorg driver
3 #
4
5 . ./functions.sh
6
7 if [ "$ENABLE_FBTURBO" = true ] ; then
8 # Fetch fbturbo driver sources
9 git -C $R/tmp clone https://github.com/ssvb/xf86-video-fbturbo.git
10
11 # Install Xorg build dependencies
12 chroot_exec apt-get install -q -y --no-install-recommends xorg-dev xutils-dev x11proto-dri2-dev libltdl-dev libtool automake libdrm-dev
13
14 # Build and install fbturbo driver inside chroot
15 chroot_exec /bin/bash -c "cd /tmp/xf86-video-fbturbo; autoreconf -vi; ./configure --prefix=/usr; make; make install"
16
17 # Add fbturbo driver to Xorg configuration
18 cat <<EOM >$R/usr/share/X11/xorg.conf.d/99-fbturbo.conf
19 Section "Device"
20 Identifier "Allwinner A10/A13 FBDEV"
21 Driver "fbturbo"
22 Option "fbdev" "/dev/fb0"
23 Option "SwapbuffersWait" "true"
24 EndSection
25 EOM
26
27 # Remove Xorg build dependencies
28 chroot_exec apt-get -q -y purge --auto-remove xorg-dev xutils-dev x11proto-dri2-dev libltdl-dev libtool automake libdrm-dev
29 fi
30
31 # Remove gcc/c++ build environment from the chroot
32 if [ "$ENABLE_UBOOT" = true ] || [ "$ENABLE_FBTURBO" = true ]; then
33 chroot_exec apt-get -y -q purge --auto-remove bc binutils cpp cpp-4.9 g++ g++-4.9 gcc gcc-4.9 libasan1 libatomic1 libc-dev-bin libc6-dev libcloog-isl4 libgcc-4.9-dev libgomp1 libisl10 libmpc3 libmpfr4 libstdc++-4.9-dev libubsan0 linux-compiler-gcc-4.9-arm linux-libc-dev make
34 fi
@@ -0,0 +1,24
1 #
2 # First boot actions
3 #
4
5 . ./functions.sh
6
7 cat files/firstboot/10-begin.sh > $R/etc/rc.firstboot
8
9 # Ensure openssh server host keys are regenerated on first boot
10 if [ "$ENABLE_SSHD" = true ] ; then
11 cat files/firstboot/21-generate-ssh-keys.sh >> $R/etc/rc.firstboot
12 rm -f $R/etc/ssh/ssh_host_*
13 fi
14
15 if [ "$EXPANDROOT" = true ] ; then
16 cat files/firstboot/22-expandroot.sh >> $R/etc/rc.firstboot
17 fi
18
19 cat files/firstboot/99-finish.sh >> $R/etc/rc.firstboot
20 chmod +x $R/etc/rc.firstboot
21
22 sed -i '/exit 0/d' $R/etc/rc.local
23 echo /etc/rc.firstboot >> $R/etc/rc.local
24 echo exit 0 >> $R/etc/rc.local
@@ -0,0 +1,23
1 cleanup (){
2 # Clean up all temporary mount points
3 set +x
4 set +e
5 echo "killing processes using mount point ..."
6 fuser -k $R
7 sleep 3
8 fuser -9 -k -v $R
9 echo "removing temporary mount points ..."
10 umount -l $R/proc 2> /dev/null
11 umount -l $R/sys 2> /dev/null
12 umount -l $R/dev/pts 2> /dev/null
13 umount "$BUILDDIR/mount/boot/firmware" 2> /dev/null
14 umount "$BUILDDIR/mount" 2> /dev/null
15 losetup -d "$ROOT_LOOP" 2> /dev/null
16 losetup -d "$FRMW_LOOP" 2> /dev/null
17 trap - 0 1 2 3 6
18 }
19
20 chroot_exec() {
21 # Exec command in chroot
22 LANG=C LC_ALL=C DEBIAN_FRONTEND=noninteractive chroot $R $*
23 }
@@ -1,177 +1,214
1 # rpi2-gen-image
1 # rpi2-gen-image
2 ## Introduction
2 ## Introduction
3 `rpi2-gen-image.sh` is an advanced Debian Linux bootstrapping shell script for generating Debian OS images for the Raspberry 2 (RPi2) computer. The script at this time only supports the bootstrapping of the current stable Debian 8 "jessie" release.
3 `rpi2-gen-image.sh` is an advanced Debian Linux bootstrapping shell script for generating Debian OS images for the Raspberry 2 (RPi2) computer. The script at this time only supports the bootstrapping of the current stable Debian 8 "jessie" release.
4
4
5 ## Build dependencies
5 ## Build dependencies
6 The following list of Debian packages must be installed on the build system because they are essentially required for the bootstrapping process. The script will check if all required packages are installed and missing packages will be installed automatically if confirmed by the user.
6 The following list of Debian packages must be installed on the build system because they are essentially required for the bootstrapping process. The script will check if all required packages are installed and missing packages will be installed automatically if confirmed by the user.
7
7
8 ```debootstrap debian-archive-keyring qemu-user-static dosfstools rsync bmap-tools whois git-core```
8 ```debootstrap debian-archive-keyring qemu-user-static dosfstools rsync bmap-tools whois git-core```
9
9
10 ## Command-line parameters
10 ## Command-line parameters
11 The script accepts certain command-line parameters to enable or disable specific OS features, services and configuration settings. These parameters are passed to the `rpi2-gen-image.sh` script via (simple) shell-variables. Unlike environment shell-variables (simple) shell-variables are defined at the beginning of the command-line call of the `rpi2-gen-image.sh` script.
11 The script accepts certain command-line parameters to enable or disable specific OS features, services and configuration settings. These parameters are passed to the `rpi2-gen-image.sh` script via (simple) shell-variables. Unlike environment shell-variables (simple) shell-variables are defined at the beginning of the command-line call of the `rpi2-gen-image.sh` script.
12
12
13 #####Command-line examples:
13 #####Command-line examples:
14 ```shell
14 ```shell
15 ENABLE_UBOOT=true ./rpi2-gen-image.sh
15 ENABLE_UBOOT=true ./rpi2-gen-image.sh
16 ENABLE_CONSOLE=false ENABLE_IPV6=false ./rpi2-gen-image.sh
16 ENABLE_CONSOLE=false ENABLE_IPV6=false ./rpi2-gen-image.sh
17 ENABLE_WM=xfce4 ENABLE_FBTURBO=true ENABLE_MINBASE=true ./rpi2-gen-image.sh
17 ENABLE_WM=xfce4 ENABLE_FBTURBO=true ENABLE_MINBASE=true ./rpi2-gen-image.sh
18 ENABLE_HARDNET=true ENABLE_IPTABLES=true /rpi2-gen-image.sh
18 ENABLE_HARDNET=true ENABLE_IPTABLES=true /rpi2-gen-image.sh
19 APT_SERVER=ftp.de.debian.org APT_PROXY="http://127.0.0.1:3142/" ./rpi2-gen-image.sh
19 APT_SERVER=ftp.de.debian.org APT_PROXY="http://127.0.0.1:3142/" ./rpi2-gen-image.sh
20 ENABLE_MINBASE=true ./rpi2-gen-image.sh
20 ENABLE_MINBASE=true ./rpi2-gen-image.sh
21 ```
21 ```
22
22
23 #### APT settings:
23 #### APT settings:
24 ##### `APT_SERVER`="ftp.debian.org"
24 ##### `APT_SERVER`="ftp.debian.org"
25 Set Debian packages server address. Choose a server from the list of Debian worldwide [mirror sites](https://www.debian.org/mirror/list). Using a nearby server will probably speed-up all required downloads within the bootstrapping process.
25 Set Debian packages server address. Choose a server from the list of Debian worldwide [mirror sites](https://www.debian.org/mirror/list). Using a nearby server will probably speed-up all required downloads within the bootstrapping process.
26
26
27 ##### `APT_PROXY`=""
27 ##### `APT_PROXY`=""
28 Set Proxy server address. Using a local Proxy-Cache like `apt-cacher-ng` will speed-up the bootstrapping process because all required Debian packages will only be downloaded from the Debian mirror site once.
28 Set Proxy server address. Using a local Proxy-Cache like `apt-cacher-ng` will speed-up the bootstrapping process because all required Debian packages will only be downloaded from the Debian mirror site once.
29
29
30 ##### `APT_INCLUDES`=""
30 ##### `APT_INCLUDES`=""
31 A comma seperated list of additional packages to be installed during bootstrapping.
31 A comma seperated list of additional packages to be installed during bootstrapping.
32
32
33 #### General system settings:
33 #### General system settings:
34 ##### `HOSTNAME`="rpi2-jessie"
34 ##### `HOSTNAME`="rpi2-jessie"
35 Set system host name. It's recommended that the host name is unique in the corresponding subnet.
35 Set system host name. It's recommended that the host name is unique in the corresponding subnet.
36
36
37 ##### `PASSWORD`="raspberry"
37 ##### `PASSWORD`="raspberry"
38 Set system `root` password. The same password is used for the created user `pi`. It's **STRONGLY** recommended that you choose a custom password.
38 Set system `root` password. The same password is used for the created user `pi`. It's **STRONGLY** recommended that you choose a custom password.
39
39
40 ##### `DEFLOCAL`="en_US.UTF-8"
40 ##### `DEFLOCAL`="en_US.UTF-8"
41 Set default system locale. This setting can also be changed inside the running OS using the `dpkg-reconfigure locales` command. The script variant `minbase` (ENABLE_MINBASE=true) doesn't install `locales`.
41 Set default system locale. This setting can also be changed inside the running OS using the `dpkg-reconfigure locales` command. The script variant `minbase` (ENABLE_MINBASE=true) doesn't install `locales`.
42
42
43 ##### `TIMEZONE`="Europe/Berlin"
43 ##### `TIMEZONE`="Europe/Berlin"
44 Set default system timezone. All available timezones can be found in the `/usr/share/zoneinfo/` directory. This setting can also be changed inside the running OS using the `dpkg-reconfigure tzdata` command.
44 Set default system timezone. All available timezones can be found in the `/usr/share/zoneinfo/` directory. This setting can also be changed inside the running OS using the `dpkg-reconfigure tzdata` command.
45
45
46 ##### `EXPANDROOT`=true
46 ##### `EXPANDROOT`=true
47 Expand the root partition and filesystem automatically on first boot.
47 Expand the root partition and filesystem automatically on first boot.
48
48
49 #### Keyboard settings:
49 #### Keyboard settings:
50 These options are used to configure keyboard layout in `/etc/default/keyboard` for console and Xorg. These settings can also be changed inside the running OS using the `dpkg-reconfigure keyboard-configuration` command.
50 These options are used to configure keyboard layout in `/etc/default/keyboard` for console and Xorg. These settings can also be changed inside the running OS using the `dpkg-reconfigure keyboard-configuration` command.
51
51
52 ##### `XKBMODEL`=""
52 ##### `XKBMODEL`=""
53 Set the name of the model of your keyboard type.
53 Set the name of the model of your keyboard type.
54
54
55 ##### `XKBLAYOUT`=""
55 ##### `XKBLAYOUT`=""
56 Set the supported keyboard layout(s).
56 Set the supported keyboard layout(s).
57
57
58 ##### `XKBVARIANT`=""
58 ##### `XKBVARIANT`=""
59 Set the supported variant(s) of the keyboard layout(s).
59 Set the supported variant(s) of the keyboard layout(s).
60
60
61 ##### `XKBOPTIONS`=""
61 ##### `XKBOPTIONS`=""
62 Set extra xkb configuration options.
62 Set extra xkb configuration options.
63
63
64 #### Networking settings (DHCP)
64 #### Networking settings (DHCP)
65 This setting is used to set up networking auto configuration in `/etc/systemd/network/eth.network`.
65 This setting is used to set up networking auto configuration in `/etc/systemd/network/eth.network`.
66
66
67 #####`ENABLE_DHCP`=true
67 #####`ENABLE_DHCP`=true
68 Set the system to use DHCP. This requires an DHCP server.
68 Set the system to use DHCP. This requires an DHCP server.
69
69
70 #### Networking settings (static)
70 #### Networking settings (static)
71 These settings are used to set up a static networking configuration in /etc/systemd/network/eth.network. The following static networking settings are only supported if `ENABLE_DHCP` was set to `false`.
71 These settings are used to set up a static networking configuration in /etc/systemd/network/eth.network. The following static networking settings are only supported if `ENABLE_DHCP` was set to `false`.
72
72
73 #####`NET_ADDRESS`=""
73 #####`NET_ADDRESS`=""
74 Set a static IPv4 or IPv6 address and its prefix, separated by "/", eg. "192.169.0.3/24".
74 Set a static IPv4 or IPv6 address and its prefix, separated by "/", eg. "192.169.0.3/24".
75
75
76 #####`NET_GATEWAY`=""
76 #####`NET_GATEWAY`=""
77 Set the IP address for the default gateway.
77 Set the IP address for the default gateway.
78
78
79 #####`NET_DNS_1`=""
79 #####`NET_DNS_1`=""
80 Set the IP address for the first DNS server.
80 Set the IP address for the first DNS server.
81
81
82 #####`NET_DNS_2`=""
82 #####`NET_DNS_2`=""
83 Set the IP address for the second DNS server.
83 Set the IP address for the second DNS server.
84
84
85 #####`NET_DNS_DOMAINS`=""
85 #####`NET_DNS_DOMAINS`=""
86 Set the default DNS search domains to use for non fully qualified host names.
86 Set the default DNS search domains to use for non fully qualified host names.
87
87
88 #####`NET_NTP_1`=""
88 #####`NET_NTP_1`=""
89 Set the IP address for the first NTP server.
89 Set the IP address for the first NTP server.
90
90
91 #####`NET_NTP_2`=""
91 #####`NET_NTP_2`=""
92 Set the IP address for the second NTP server.
92 Set the IP address for the second NTP server.
93
93
94 #### Basic system features:
94 #### Basic system features:
95 ##### `ENABLE_CONSOLE`=true
95 ##### `ENABLE_CONSOLE`=true
96 Enable serial console interface. Recommended if no monitor or keyboard is connected to the RPi2. In case of problems fe. if the network (auto) configuration failed - the serial console can be used to access the system.
96 Enable serial console interface. Recommended if no monitor or keyboard is connected to the RPi2. In case of problems fe. if the network (auto) configuration failed - the serial console can be used to access the system.
97
97
98 ##### `ENABLE_IPV6`=true
98 ##### `ENABLE_IPV6`=true
99 Enable IPv6 support. The network interface configuration is managed via systemd-networkd.
99 Enable IPv6 support. The network interface configuration is managed via systemd-networkd.
100
100
101 ##### `ENABLE_SSHD`=true
101 ##### `ENABLE_SSHD`=true
102 Install and enable OpenSSH service. The default configuration of the service doesn't allow `root` to login. Please use the user `pi` instead and `su -` or `sudo` to execute commands as root.
102 Install and enable OpenSSH service. The default configuration of the service doesn't allow `root` to login. Please use the user `pi` instead and `su -` or `sudo` to execute commands as root.
103
103
104 ##### `ENABLE_RSYSLOG`=true
104 ##### `ENABLE_RSYSLOG`=true
105 If set to false, disable and uninstall rsyslog (so logs will be available only
105 If set to false, disable and uninstall rsyslog (so logs will be available only
106 in journal files)
106 in journal files)
107
107
108 ##### `ENABLE_SOUND`=true
108 ##### `ENABLE_SOUND`=true
109 Enable sound hardware and install Advanced Linux Sound Architecture.
109 Enable sound hardware and install Advanced Linux Sound Architecture.
110
110
111 ##### `ENABLE_HWRANDOM`=true
111 ##### `ENABLE_HWRANDOM`=true
112 Enable Hardware Random Number Generator. Strong random numbers are important for most network based communications that use encryption. It's recommended to be enabled.
112 Enable Hardware Random Number Generator. Strong random numbers are important for most network based communications that use encryption. It's recommended to be enabled.
113
113
114 ##### `ENABLE_MINGPU`=false
114 ##### `ENABLE_MINGPU`=false
115 Minimize the amount of shared memory reserved for the GPU. It doesn't seem to be possible to fully disable the GPU.
115 Minimize the amount of shared memory reserved for the GPU. It doesn't seem to be possible to fully disable the GPU.
116
116
117 ##### `ENABLE_DBUS`=true
117 ##### `ENABLE_DBUS`=true
118 Install and enable D-Bus message bus. Please note that systemd should work without D-bus but it's recommended to be enabled.
118 Install and enable D-Bus message bus. Please note that systemd should work without D-bus but it's recommended to be enabled.
119
119
120 ##### `ENABLE_XORG`=false
120 ##### `ENABLE_XORG`=false
121 Install Xorg open-source X Window System.
121 Install Xorg open-source X Window System.
122
122
123 ##### `ENABLE_WM`=""
123 ##### `ENABLE_WM`=""
124 Install a user defined window manager for the X Window System. To make sure all X related package dependencies are getting installed `ENABLE_XORG` will automatically get enabled if `ENABLE_WM` is used. The `rpi2-gen-image.sh` script has been tested with the following list of window managers: `blackbox`, `openbox`, `fluxbox`, `jwm`, `dwm`, `xfce4`, `awesome`.
124 Install a user defined window manager for the X Window System. To make sure all X related package dependencies are getting installed `ENABLE_XORG` will automatically get enabled if `ENABLE_WM` is used. The `rpi2-gen-image.sh` script has been tested with the following list of window managers: `blackbox`, `openbox`, `fluxbox`, `jwm`, `dwm`, `xfce4`, `awesome`.
125
125
126 #### Advanced sytem features:
126 #### Advanced system features:
127 ##### `ENABLE_MINBASE`=false
127 ##### `ENABLE_MINBASE`=false
128 Use debootstrap script variant `minbase` which only includes essential packages and apt. This will reduce the disk usage by about 65 MB.
128 Use debootstrap script variant `minbase` which only includes essential packages and apt. This will reduce the disk usage by about 65 MB.
129
129
130 ##### `ENABLE_UBOOT`=false
130 ##### `ENABLE_UBOOT`=false
131 Replace default RPi2 second stage bootloader (bootcode.bin) with U-Boot bootloader. U-Boot can boot images via the network using the BOOTP/TFTP protocol.
131 Replace default RPi2 second stage bootloader (bootcode.bin) with U-Boot bootloader. U-Boot can boot images via the network using the BOOTP/TFTP protocol.
132
132
133 ##### `ENABLE_FBTURBO`=false
133 ##### `ENABLE_FBTURBO`=false
134 Install and enable the hardware accelerated Xorg video driver `fbturbo`. Please note that this driver is currently limited to hardware accelerated window moving and scrolling.
134 Install and enable the hardware accelerated Xorg video driver `fbturbo`. Please note that this driver is currently limited to hardware accelerated window moving and scrolling.
135
135
136 ##### `ENABLE_IPTABLES`=false
136 ##### `ENABLE_IPTABLES`=false
137 Enable iptables IPv4/IPv6 firewall. Simplified ruleset: Allow all outgoing connections. Block all incoming connections except to OpenSSH service.
137 Enable iptables IPv4/IPv6 firewall. Simplified ruleset: Allow all outgoing connections. Block all incoming connections except to OpenSSH service.
138
138
139 ##### `ENABLE_USER`=true
139 ##### `ENABLE_USER`=true
140 Create pi user with password raspberry
140 Create pi user with password raspberry
141
141
142 ##### `ENABLE_ROOT`=true
142 ##### `ENABLE_ROOT`=true
143 Set root user password so root login will be enabled
143 Set root user password so root login will be enabled
144
144
145 ##### `ENABLE_ROOT_SSH`=true
145 ##### `ENABLE_ROOT_SSH`=true
146 Enable password root login via SSH. May be a security risk with default
146 Enable password root login via SSH. May be a security risk with default
147 password, use only in trusted environments.
147 password, use only in trusted environments.
148
148
149 ##### `ENABLE_HARDNET`=false
149 ##### `ENABLE_HARDNET`=false
150 Enable IPv4/IPv6 network stack hardening settings.
150 Enable IPv4/IPv6 network stack hardening settings.
151
151
152 ##### `ENABLE_SPLITFS`=false
152 ##### `ENABLE_SPLITFS`=false
153 Enable having root partition on an USB drive by creating two image files: one for the `/boot/firmware` mount point, and another for `/`.
153 Enable having root partition on an USB drive by creating two image files: one for the `/boot/firmware` mount point, and another for `/`.
154
154
155 ##### `CHROOT_SCRIPTS`=""
155 ##### `CHROOT_SCRIPTS`=""
156 Path to a directory with scripts that should be run in the chroot before the image is finally built. Every executable file in this direcory is run in lexicographical order.
156 Path to a directory with scripts that should be run in the chroot before the image is finally built. Every executable file in this direcory is run in lexicographical order.
157
157
158 #### Kernel compilation:
159 ##### `BUILD_KERNEL`=false
160 Build and install the latest RPi2 linux kernel. Currently only the default RPi2 kernel configuration is used. Detailed configuration parameters for customizing the kernel and minor bug fixes still need to get implemented. feel free to help.
161
162 ##### `KERNEL_HEADERS`=true
163 If true, also install kernel headers with built kernel.
164
165 ## Understanding the script
166 The functions of this script that are required for the different stages of the bootstrapping are split up into single files located inside the `bootstrap.d` directory. During the bootstrapping every script in this directory gets executed in lexicographical order:
167
168 | Script | Description |
169 | --- | --- |
170 | `10-bootstrap.sh` | Debootstrap basic system |
171 | `11-apt.sh` | Setup APT repositories |
172 | `12-locale.sh` | Setup Locales and keyboard settings |
173 | `13-kernel.sh` | Build and install RPi2 Kernel |
174 | `20-networking.sh` | Setup Networking |
175 | `21-firewall.sh` | Setup iptables Firewall |
176 | `30-security.sh` | Setup users and security settings |
177 | `31-logging.sh` | Setup logging |
178 | `41-uboot.sh` | Build and Setup Uboot |
179 | `42-fbturbo.sh` | Buld and Setup fbturbo Xorg driver |
180 | `50-firstboot.sh` | First boot actions |
181
182 All the required configuration files that will be copied to the generated OS image are located inside the `files` directory. It is not recommended to modify these configuration files manually.
183
184 | Directory | Description |
185 | --- | --- |
186 | `boot` | Boot and RPi2 configuration files |
187 | `firstboot` | Scripts that get executed on first boot |
188 | `iptables` | Firewall configuration files |
189 | `modprobe.d` | Kernel Module Blacklist configuration |
190 | `mount` | Fstab configuration |
191 | `network` | Networking configuration files |
192 | `sysctl.d` | Swapping and Network Hardening configuration |
193 | `xorg` | fbturbo Xorg driver configuration |
194
158 ## Logging of the bootstrapping process
195 ## Logging of the bootstrapping process
159 All information related to the bootstrapping process and the commands executed by the `rpi2-gen-image.sh` script can easily be saved into a logfile. The common shell command `script` can be used for this purpose:
196 All information related to the bootstrapping process and the commands executed by the `rpi2-gen-image.sh` script can easily be saved into a logfile. The common shell command `script` can be used for this purpose:
160
197
161 ```shell
198 ```shell
162 script -c 'APT_SERVER=ftp.de.debian.org ./rpi2-gen-image.sh' ./build.log
199 script -c 'APT_SERVER=ftp.de.debian.org ./rpi2-gen-image.sh' ./build.log
163 ```
200 ```
164
201
165 ## Flashing the image file
202 ## Flashing the image file
166 After the image file was successfully created by the `rpi2-gen-image.sh` script it can be copied to the microSD card that will be used by the RPi2 computer. This can be performed by using the tools `bmaptool` or `dd`. Using `bmaptool` will probably speed-up the copy process because `bmaptool` copies more wisely than `dd`.
203 After the image file was successfully created by the `rpi2-gen-image.sh` script it can be copied to the microSD card that will be used by the RPi2 computer. This can be performed by using the tools `bmaptool` or `dd`. Using `bmaptool` will probably speed-up the copy process because `bmaptool` copies more wisely than `dd`.
167
204
168 #####Flashing examples:
205 #####Flashing examples:
169 ```shell
206 ```shell
170 bmaptool copy ./images/jessie/2015-12-13-debian-jessie.img /dev/mmcblk0
207 bmaptool copy ./images/jessie/2015-12-13-debian-jessie.img /dev/mmcblk0
171 dd bs=4M if=./images/jessie/2015-12-13-debian-jessie.img of=/dev/mmcblk0
208 dd bs=4M if=./images/jessie/2015-12-13-debian-jessie.img of=/dev/mmcblk0
172 ```
209 ```
173 If you have set `ENABLE_SPLITFS`, copy the `-frmw` image on the microSD card, then the `-root` one on the USB drive:
210 If you have set `ENABLE_SPLITFS`, copy the `-frmw` image on the microSD card, then the `-root` one on the USB drive:
174 ```shell
211 ```shell
175 bmaptool copy ./images/jessie/2015-12-13-debian-jessie-frmw.img /dev/mmcblk0
212 bmaptool copy ./images/jessie/2015-12-13-debian-jessie-frmw.img /dev/mmcblk0
176 bmaptool copy ./images/jessie/2015-12-13-debian-jessie-root.img /dev/sdc
213 bmaptool copy ./images/jessie/2015-12-13-debian-jessie-root.img /dev/sdc
177 ```
214 ```
@@ -1,743 +1,343
1 #!/bin/sh
1 #!/bin/sh
2
2
3 ########################################################################
3 ########################################################################
4 # rpi2-gen-image.sh ver2a 12/2015
4 # rpi2-gen-image.sh ver2a 12/2015
5 #
5 #
6 # Advanced debian "jessie" bootstrap script for RPi2
6 # Advanced debian "jessie" bootstrap script for RPi2
7 #
7 #
8 # This program is free software; you can redistribute it and/or
8 # This program is free software; you can redistribute it and/or
9 # modify it under the terms of the GNU General Public License
9 # modify it under the terms of the GNU General Public License
10 # as published by the Free Software Foundation; either version 2
10 # as published by the Free Software Foundation; either version 2
11 # of the License, or (at your option) any later version.
11 # of the License, or (at your option) any later version.
12 #
12 #
13 # some parts based on rpi2-build-image:
13 # some parts based on rpi2-build-image:
14 # Copyright (C) 2015 Ryan Finnie <ryan@finnie.org>
14 # Copyright (C) 2015 Ryan Finnie <ryan@finnie.org>
15 # Copyright (C) 2015 Luca Falavigna <dktrkranz@debian.org>
15 # Copyright (C) 2015 Luca Falavigna <dktrkranz@debian.org>
16 ########################################################################
16 ########################################################################
17
17
18 # Clean up all temporary mount points
18 source ./functions.sh
19 cleanup (){
20 set +x
21 set +e
22 echo "removing temporary mount points ..."
23 umount -l $R/proc 2> /dev/null
24 umount -l $R/sys 2> /dev/null
25 umount -l $R/dev/pts 2> /dev/null
26 umount "$BUILDDIR/mount/boot/firmware" 2> /dev/null
27 umount "$BUILDDIR/mount" 2> /dev/null
28 losetup -d "$ROOT_LOOP" 2> /dev/null
29 losetup -d "$FRMW_LOOP" 2> /dev/null
30 trap - 0 1 2 3 6
31 }
32
33 # Exec command in chroot
34 chroot_exec() {
35 LANG=C LC_ALL=C chroot $R $*
36 }
37
19
38 set -e
20 set -e
39 set -x
21 set -x
40
22
41 # Debian release
23 # Debian release
42 RELEASE=${RELEASE:=jessie}
24 RELEASE=${RELEASE:=jessie}
43 KERNEL=${KERNEL:=3.18.0-trunk-rpi2}
25 KERNEL=${KERNEL:=3.18.0-trunk-rpi2}
44
26
45 # Build settings
27 # Build settings
46 BASEDIR=./images/${RELEASE}
28 BASEDIR=$(pwd)/images/${RELEASE}
47 BUILDDIR=${BASEDIR}/build
29 BUILDDIR=${BASEDIR}/build
48
30
49 # General settings
31 # General settings
50 HOSTNAME=${HOSTNAME:=rpi2-${RELEASE}}
32 HOSTNAME=${HOSTNAME:=rpi2-${RELEASE}}
51 PASSWORD=${PASSWORD:=raspberry}
33 PASSWORD=${PASSWORD:=raspberry}
52 DEFLOCAL=${DEFLOCAL:="en_US.UTF-8"}
34 DEFLOCAL=${DEFLOCAL:="en_US.UTF-8"}
53 TIMEZONE=${TIMEZONE:="Europe/Berlin"}
35 TIMEZONE=${TIMEZONE:="Europe/Berlin"}
54 XKBMODEL=${XKBMODEL:=""}
36 XKBMODEL=${XKBMODEL:=""}
55 XKBLAYOUT=${XKBLAYOUT:=""}
37 XKBLAYOUT=${XKBLAYOUT:=""}
56 XKBVARIANT=${XKBVARIANT:=""}
38 XKBVARIANT=${XKBVARIANT:=""}
57 XKBOPTIONS=${XKBOPTIONS:=""}
39 XKBOPTIONS=${XKBOPTIONS:=""}
58 EXPANDROOT=${EXPANDROOT:=true}
40 EXPANDROOT=${EXPANDROOT:=true}
59
41
60 # Network settings
42 # Network settings
61 ENABLE_DHCP=${ENABLE_DHCP:=true}
43 ENABLE_DHCP=${ENABLE_DHCP:=true}
62 # NET_* settings are ignored when ENABLE_DHCP=true
44 # NET_* settings are ignored when ENABLE_DHCP=true
63 # NET_ADDRESS is an IPv4 or IPv6 address and its prefix, separated by "/"
45 # NET_ADDRESS is an IPv4 or IPv6 address and its prefix, separated by "/"
64 NET_ADDRESS=${NET_ADDRESS:=""}
46 NET_ADDRESS=${NET_ADDRESS:=""}
65 NET_GATEWAY=${NET_GATEWAY:=""}
47 NET_GATEWAY=${NET_GATEWAY:=""}
66 NET_DNS_1=${NET_DNS_1:=""}
48 NET_DNS_1=${NET_DNS_1:=""}
67 NET_DNS_2=${NET_DNS_2:=""}
49 NET_DNS_2=${NET_DNS_2:=""}
68 NET_DNS_DOMAINS=${NET_DNS_DOMAINS:=""}
50 NET_DNS_DOMAINS=${NET_DNS_DOMAINS:=""}
69 NET_NTP_1=${NET_NTP_1:=""}
51 NET_NTP_1=${NET_NTP_1:=""}
70 NET_NTP_2=${NET_NTP_2:=""}
52 NET_NTP_2=${NET_NTP_2:=""}
71
53
72 # APT settings
54 # APT settings
73 APT_PROXY=${APT_PROXY:=""}
55 APT_PROXY=${APT_PROXY:=""}
74 APT_SERVER=${APT_SERVER:="ftp.debian.org"}
56 APT_SERVER=${APT_SERVER:="ftp.debian.org"}
75
57
76 # Feature settings
58 # Feature settings
77 ENABLE_CONSOLE=${ENABLE_CONSOLE:=true}
59 ENABLE_CONSOLE=${ENABLE_CONSOLE:=true}
78 ENABLE_IPV6=${ENABLE_IPV6:=true}
60 ENABLE_IPV6=${ENABLE_IPV6:=true}
79 ENABLE_SSHD=${ENABLE_SSHD:=true}
61 ENABLE_SSHD=${ENABLE_SSHD:=true}
80 ENABLE_SOUND=${ENABLE_SOUND:=true}
62 ENABLE_SOUND=${ENABLE_SOUND:=true}
81 ENABLE_DBUS=${ENABLE_DBUS:=true}
63 ENABLE_DBUS=${ENABLE_DBUS:=true}
82 ENABLE_HWRANDOM=${ENABLE_HWRANDOM:=true}
64 ENABLE_HWRANDOM=${ENABLE_HWRANDOM:=true}
83 ENABLE_MINGPU=${ENABLE_MINGPU:=false}
65 ENABLE_MINGPU=${ENABLE_MINGPU:=false}
84 ENABLE_XORG=${ENABLE_XORG:=false}
66 ENABLE_XORG=${ENABLE_XORG:=false}
85 ENABLE_WM=${ENABLE_WM:=""}
67 ENABLE_WM=${ENABLE_WM:=""}
86 ENABLE_RSYSLOG=${ENABLE_RSYSLOG:=true}
68 ENABLE_RSYSLOG=${ENABLE_RSYSLOG:=true}
87 ENABLE_USER=${ENABLE_USER:=true}
69 ENABLE_USER=${ENABLE_USER:=true}
88 ENABLE_ROOT=${ENABLE_ROOT:=false}
70 ENABLE_ROOT=${ENABLE_ROOT:=false}
89 ENABLE_ROOT_SSH=${ENABLE_ROOT_SSH:=false}
71 ENABLE_ROOT_SSH=${ENABLE_ROOT_SSH:=false}
90
72
91 # Advanced settings
73 # Advanced settings
92 ENABLE_MINBASE=${ENABLE_MINBASE:=false}
74 ENABLE_MINBASE=${ENABLE_MINBASE:=false}
93 ENABLE_UBOOT=${ENABLE_UBOOT:=false}
75 ENABLE_UBOOT=${ENABLE_UBOOT:=false}
94 ENABLE_FBTURBO=${ENABLE_FBTURBO:=false}
76 ENABLE_FBTURBO=${ENABLE_FBTURBO:=false}
95 ENABLE_HARDNET=${ENABLE_HARDNET:=false}
77 ENABLE_HARDNET=${ENABLE_HARDNET:=false}
96 ENABLE_IPTABLES=${ENABLE_IPTABLES:=false}
78 ENABLE_IPTABLES=${ENABLE_IPTABLES:=false}
97 ENABLE_SPLITFS=${ENABLE_SPLITFS:=false}
79 ENABLE_SPLITFS=${ENABLE_SPLITFS:=false}
98
80
81 # Kernel compilation settings
82 BUILD_KERNEL=${BUILD_KERNEL:=false}
83 KERNEL_HEADERS=${KERNEL_HEADERS:=true}
84
99 # Image chroot path
85 # Image chroot path
100 R=${BUILDDIR}/chroot
86 R=${BUILDDIR}/chroot
101 CHROOT_SCRIPTS=${CHROOT_SCRIPTS:=""}
87 CHROOT_SCRIPTS=${CHROOT_SCRIPTS:=""}
102
88
103 # Packages required for bootstrapping
89 # Packages required for bootstrapping
104 REQUIRED_PACKAGES="debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git-core"
90 REQUIRED_PACKAGES="debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git-core"
105
91
106 # Missing packages that need to be installed
92 # Missing packages that need to be installed
107 MISSING_PACKAGES=""
93 MISSING_PACKAGES=""
108
94
109 # Packages required in the chroot build environment
95 # Packages required in the chroot build environment
110 APT_INCLUDES=${APT_INCLUDES:=""}
96 APT_INCLUDES=${APT_INCLUDES:=""}
111 APT_INCLUDES="${APT_INCLUDES},apt-transport-https,ca-certificates,debian-archive-keyring,dialog,sudo"
97 APT_INCLUDES="${APT_INCLUDES},apt-transport-https,ca-certificates,debian-archive-keyring,dialog,sudo"
112
98
113 set +x
99 set +x
114
100
115 # Are we running as root?
101 # Are we running as root?
116 if [ "$(id -u)" -ne "0" ] ; then
102 if [ "$(id -u)" -ne "0" ] ; then
117 echo "this script must be executed with root privileges"
103 echo "this script must be executed with root privileges"
118 exit 1
104 exit 1
119 fi
105 fi
120
106
107 # Add packages required for kernel cross compilation
108 if [ "$BUILD_KERNEL" = true ] ; then
109 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-armhf"
110 fi
111
121 # Check if all required packages are installed
112 # Check if all required packages are installed
122 for package in $REQUIRED_PACKAGES ; do
113 for package in $REQUIRED_PACKAGES ; do
123 if [ "`dpkg-query -W -f='${Status}' $package`" != "install ok installed" ] ; then
114 if [ "`dpkg-query -W -f='${Status}' $package`" != "install ok installed" ] ; then
124 MISSING_PACKAGES="$MISSING_PACKAGES $package"
115 MISSING_PACKAGES="$MISSING_PACKAGES $package"
125 fi
116 fi
126 done
117 done
127
118
128 # Ask if missing packages should get installed right now
119 # Ask if missing packages should get installed right now
129 if [ -n "$MISSING_PACKAGES" ] ; then
120 if [ -n "$MISSING_PACKAGES" ] ; then
130 echo "the following packages needed by this script are not installed:"
121 echo "the following packages needed by this script are not installed:"
131 echo "$MISSING_PACKAGES"
122 echo "$MISSING_PACKAGES"
132
123
133 echo -n "\ndo you want to install the missing packages right now? [y/n] "
124 echo -n "\ndo you want to install the missing packages right now? [y/n] "
134 read confirm
125 read confirm
135 if [ "$confirm" != "y" ] ; then
126 if [ "$confirm" != "y" ] ; then
136 exit 1
127 exit 1
137 fi
128 fi
138 fi
129 fi
139
130
140 # Make sure all required packages are installed
131 # Make sure all required packages are installed
141 apt-get -qq -y install ${REQUIRED_PACKAGES}
132 apt-get -qq -y install ${REQUIRED_PACKAGES}
142
133
143 # Don't clobber an old build
134 # Don't clobber an old build
144 if [ -e "$BUILDDIR" ]; then
135 if [ -e "$BUILDDIR" ]; then
145 echo "directory $BUILDDIR already exists, not proceeding"
136 echo "directory $BUILDDIR already exists, not proceeding"
146 exit 1
137 exit 1
147 fi
138 fi
148
139
149 set -x
140 set -x
150
141
151 # Call "cleanup" function on various signals and errors
142 # Call "cleanup" function on various signals and errors
152 trap cleanup 0 1 2 3 6
143 trap cleanup 0 1 2 3 6
153
144
154 # Set up chroot directory
145 # Set up chroot directory
155 mkdir -p $R
146 mkdir -p $R
156
147
157 # Add required packages for the minbase installation
148 # Add required packages for the minbase installation
158 if [ "$ENABLE_MINBASE" = true ] ; then
149 if [ "$ENABLE_MINBASE" = true ] ; then
159 APT_INCLUDES="${APT_INCLUDES},vim-tiny,netbase,net-tools"
150 APT_INCLUDES="${APT_INCLUDES},vim-tiny,netbase,net-tools"
160 else
151 else
161 APT_INCLUDES="${APT_INCLUDES},locales,keyboard-configuration,console-setup"
152 APT_INCLUDES="${APT_INCLUDES},locales,keyboard-configuration,console-setup"
162 fi
153 fi
163
154
164 # Add parted package, required to get partprobe utility
155 # Add parted package, required to get partprobe utility
165 if [ "$EXPANDROOT" = true ] ; then
156 if [ "$EXPANDROOT" = true ] ; then
166 APT_INCLUDES="${APT_INCLUDES},parted"
157 APT_INCLUDES="${APT_INCLUDES},parted"
167 fi
158 fi
168
159
169 # Add dbus package, recommended if using systemd
160 # Add dbus package, recommended if using systemd
170 if [ "$ENABLE_DBUS" = true ] ; then
161 if [ "$ENABLE_DBUS" = true ] ; then
171 APT_INCLUDES="${APT_INCLUDES},dbus"
162 APT_INCLUDES="${APT_INCLUDES},dbus"
172 fi
163 fi
173
164
174 # Add iptables IPv4/IPv6 package
165 # Add iptables IPv4/IPv6 package
175 if [ "$ENABLE_IPTABLES" = true ] ; then
166 if [ "$ENABLE_IPTABLES" = true ] ; then
176 APT_INCLUDES="${APT_INCLUDES},iptables"
167 APT_INCLUDES="${APT_INCLUDES},iptables"
177 fi
168 fi
178
169
179 # Add openssh server package
170 # Add openssh server package
180 if [ "$ENABLE_SSHD" = true ] ; then
171 if [ "$ENABLE_SSHD" = true ] ; then
181 APT_INCLUDES="${APT_INCLUDES},openssh-server"
172 APT_INCLUDES="${APT_INCLUDES},openssh-server"
182 fi
173 fi
183
174
184 # Add alsa-utils package
175 # Add alsa-utils package
185 if [ "$ENABLE_SOUND" = true ] ; then
176 if [ "$ENABLE_SOUND" = true ] ; then
186 APT_INCLUDES="${APT_INCLUDES},alsa-utils"
177 APT_INCLUDES="${APT_INCLUDES},alsa-utils"
187 fi
178 fi
188
179
189 # Add rng-tools package
180 # Add rng-tools package
190 if [ "$ENABLE_HWRANDOM" = true ] ; then
181 if [ "$ENABLE_HWRANDOM" = true ] ; then
191 APT_INCLUDES="${APT_INCLUDES},rng-tools"
182 APT_INCLUDES="${APT_INCLUDES},rng-tools"
192 fi
183 fi
193
184
194 if [ "$ENABLE_USER" = true ]; then
185 if [ "$ENABLE_USER" = true ]; then
195 APT_INCLUDES="${APT_INCLUDES},sudo"
186 APT_INCLUDES="${APT_INCLUDES},sudo"
196 fi
187 fi
197
188
198 # Add fbturbo video driver
189 # Add fbturbo video driver
199 if [ "$ENABLE_FBTURBO" = true ] ; then
190 if [ "$ENABLE_FBTURBO" = true ] ; then
200 # Enable xorg package dependencies
191 # Enable xorg package dependencies
201 ENABLE_XORG=true
192 ENABLE_XORG=true
202 fi
193 fi
203
194
204 # Add user defined window manager package
195 # Add user defined window manager package
205 if [ -n "$ENABLE_WM" ] ; then
196 if [ -n "$ENABLE_WM" ] ; then
206 APT_INCLUDES="${APT_INCLUDES},${ENABLE_WM}"
197 APT_INCLUDES="${APT_INCLUDES},${ENABLE_WM}"
207
198
208 # Enable xorg package dependencies
199 # Enable xorg package dependencies
209 ENABLE_XORG=true
200 ENABLE_XORG=true
210 fi
201 fi
211
202
212 # Add xorg package
203 # Add xorg package
213 if [ "$ENABLE_XORG" = true ] ; then
204 if [ "$ENABLE_XORG" = true ] ; then
214 APT_INCLUDES="${APT_INCLUDES},xorg"
205 APT_INCLUDES="${APT_INCLUDES},xorg"
215 fi
206 fi
216
207
217 # Base debootstrap (unpack only)
208 ## Main bootstrap
218 if [ "$ENABLE_MINBASE" = true ] ; then
209 for i in bootstrap.d/*.sh; do
219 http_proxy=${APT_PROXY} debootstrap --arch=armhf --variant=minbase --foreign --include=${APT_INCLUDES} $RELEASE $R http://${APT_SERVER}/debian
210 . $i
220 else
211 done
221 http_proxy=${APT_PROXY} debootstrap --arch=armhf --foreign --include=${APT_INCLUDES} $RELEASE $R http://${APT_SERVER}/debian
222 fi
223
224 # Copy qemu emulator binary to chroot
225 cp /usr/bin/qemu-arm-static $R/usr/bin
226
227 # Copy debian-archive-keyring.pgp
228 chroot $R mkdir -p /usr/share/keyrings
229 cp /usr/share/keyrings/debian-archive-keyring.gpg $R/usr/share/keyrings/debian-archive-keyring.gpg
230
231 # Complete the bootstrapping process
232 chroot $R /debootstrap/debootstrap --second-stage
233
234 # Mount required filesystems
235 mount -t proc none $R/proc
236 mount -t sysfs none $R/sys
237 mount --bind /dev/pts $R/dev/pts
238
239 # Use proxy inside chroot
240 if [ -z "$APT_PROXY" ] ; then
241 echo "Acquire::http::Proxy \"$APT_PROXY\";" >> $R/etc/apt/apt.conf.d/10proxy
242 fi
243
244 # Pin package flash-kernel to repositories.collabora.co.uk
245 cat <<EOM >$R/etc/apt/preferences.d/flash-kernel
246 Package: flash-kernel
247 Pin: origin repositories.collabora.co.uk
248 Pin-Priority: 1000
249 EOM
250
251 # Set up timezone
252 echo ${TIMEZONE} >$R/etc/timezone
253 chroot_exec dpkg-reconfigure -f noninteractive tzdata
254
255 # Upgrade collabora package index and install collabora keyring
256 echo "deb https://repositories.collabora.co.uk/debian ${RELEASE} rpi2" >$R/etc/apt/sources.list
257 chroot_exec apt-get -qq -y update
258 chroot_exec apt-get -qq -y --force-yes install collabora-obs-archive-keyring
259
260 # Set up initial sources.list
261 cat <<EOM >$R/etc/apt/sources.list
262 deb http://${APT_SERVER}/debian ${RELEASE} main contrib
263 #deb-src http://${APT_SERVER}/debian ${RELEASE} main contrib
264
265 deb http://${APT_SERVER}/debian/ ${RELEASE}-updates main contrib
266 #deb-src http://${APT_SERVER}/debian/ ${RELEASE}-updates main contrib
267
268 deb http://security.debian.org/ ${RELEASE}/updates main contrib
269 #deb-src http://security.debian.org/ ${RELEASE}/updates main contrib
270
271 deb https://repositories.collabora.co.uk/debian ${RELEASE} rpi2
272 EOM
273
274 # Upgrade package index and update all installed packages and changed dependencies
275 chroot_exec apt-get -qq -y update
276 chroot_exec apt-get -qq -y -u dist-upgrade
277
278 # Set up default locale and keyboard configuration
279 if [ "$ENABLE_MINBASE" = false ] ; then
280 # Set locale choice in debconf db, even though dpkg-reconfigure ignores and overwrites them due to some bug
281 # https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=684134 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=685957
282 # ... so we have to set locales manually
283 if [ "$DEFLOCAL" = "en_US.UTF-8" ] ; then
284 chroot_exec echo "locales locales/locales_to_be_generated multiselect ${DEFLOCAL} UTF-8" | debconf-set-selections
285 else
286 # en_US.UTF-8 should be available anyway : https://www.debian.org/doc/manuals/debian-reference/ch08.en.html#_the_reconfiguration_of_the_locale
287 chroot_exec echo "locales locales/locales_to_be_generated multiselect en_US.UTF-8 UTF-8, ${DEFLOCAL} UTF-8" | debconf-set-selections
288 chroot_exec sed -i "/en_US.UTF-8/s/^#//" /etc/locale.gen
289 fi
290 chroot_exec sed -i "/${DEFLOCAL}/s/^#//" /etc/locale.gen
291 chroot_exec echo "locales locales/default_environment_locale select ${DEFLOCAL}" | debconf-set-selections
292 chroot_exec locale-gen
293 chroot_exec update-locale LANG=${DEFLOCAL}
294
295 # Keyboard configuration, if requested
296 if [ "$XKBMODEL" != "" ] ; then
297 chroot_exec sed -i "s/^XKBMODEL.*/XKBMODEL=\"${XKBMODEL}\"/" /etc/default/keyboard
298 fi
299 if [ "$XKBLAYOUT" != "" ] ; then
300 chroot_exec sed -i "s/^XKBLAYOUT.*/XKBLAYOUT=\"${XKBLAYOUT}\"/" /etc/default/keyboard
301 fi
302 if [ "$XKBVARIANT" != "" ] ; then
303 chroot_exec sed -i "s/^XKBVARIANT.*/XKBVARIANT=\"${XKBVARIANT}\"/" /etc/default/keyboard
304 fi
305 if [ "$XKBOPTIONS" != "" ] ; then
306 chroot_exec sed -i "s/^XKBOPTIONS.*/XKBOPTIONS=\"${XKBOPTIONS}\"/" /etc/default/keyboard
307 fi
308 chroot_exec dpkg-reconfigure -f noninteractive keyboard-configuration
309 # Set up font console
310 case "${DEFLOCAL}" in
311 *UTF-8)
312 chroot_exec sed -i 's/^CHARMAP.*/CHARMAP="UTF-8"/' /etc/default/console-setup
313 ;;
314 *)
315 chroot_exec sed -i 's/^CHARMAP.*/CHARMAP="guess"/' /etc/default/console-setup
316 ;;
317 esac
318 chroot_exec dpkg-reconfigure -f noninteractive console-setup
319 fi
320
321 # Kernel installation
322 # Install flash-kernel last so it doesn't try (and fail) to detect the platform in the chroot
323 chroot_exec apt-get -qq -y --no-install-recommends install linux-image-${KERNEL} raspberrypi-bootloader-nokernel
324 chroot_exec apt-get -qq -y install flash-kernel
325
326 VMLINUZ="$(ls -1 $R/boot/vmlinuz-* | sort | tail -n 1)"
327 [ -z "$VMLINUZ" ] && exit 1
328 cp $VMLINUZ $R/boot/firmware/kernel7.img
329
330 # Set up IPv4 hosts
331 echo ${HOSTNAME} >$R/etc/hostname
332 cat <<EOM >$R/etc/hosts
333 127.0.0.1 localhost
334 127.0.1.1 ${HOSTNAME}
335 EOM
336 if [ "$NET_ADDRESS" != "" ] ; then
337 NET_IP=$(echo ${NET_ADDRESS} | cut -f 1 -d'/')
338 sed -i "s/^127.0.1.1/${NET_IP}/" $R/etc/hosts
339 fi
340
341 # Set up IPv6 hosts
342 if [ "$ENABLE_IPV6" = true ] ; then
343 cat <<EOM >>$R/etc/hosts
344
345 ::1 localhost ip6-localhost ip6-loopback
346 ff02::1 ip6-allnodes
347 ff02::2 ip6-allrouters
348 EOM
349 fi
350
351 # Place hint about network configuration
352 cat <<EOM >$R/etc/network/interfaces
353 # Debian switched to systemd-networkd configuration files.
354 # please configure your networks in '/etc/systemd/network/'
355 EOM
356
357 if [ "$ENABLE_DHCP" = true ] ; then
358 # Enable systemd-networkd DHCP configuration for interface eth0
359 cat <<EOM >$R/etc/systemd/network/eth.network
360 [Match]
361 Name=eth0
362
363 [Network]
364 DHCP=yes
365 EOM
366
367 # Set DHCP configuration to IPv4 only
368 if [ "$ENABLE_IPV6" = false ] ; then
369 sed -i "s/^DHCP=yes/DHCP=v4/" $R/etc/systemd/network/eth.network
370 fi
371 else # ENABLE_DHCP=false
372 cat <<EOM >$R/etc/systemd/network/eth.network
373 [Match]
374 Name=eth0
375
376 [Network]
377 DHCP=no
378 Address=${NET_ADDRESS}
379 Gateway=${NET_GATEWAY}
380 DNS=${NET_DNS_1}
381 DNS=${NET_DNS_2}
382 Domains=${NET_DNS_DOMAINS}
383 NTP=${NET_NTP_1}
384 NTP=${NET_NTP_2}
385 EOM
386 fi
387
388 # Enable systemd-networkd service
389 chroot_exec systemctl enable systemd-networkd
390
391 # Generate crypt(3) password string
392 ENCRYPTED_PASSWORD=`mkpasswd -m sha-512 ${PASSWORD}`
393
394 # Set up default user
395 if [ "$ENABLE_USER" = true ] ; then
396 chroot_exec adduser --gecos pi --add_extra_groups --disabled-password pi
397 chroot_exec usermod -a -G sudo -p "${ENCRYPTED_PASSWORD}" pi
398 fi
399
400 # Set up root password or not
401 if [ "$ENABLE_ROOT" = true ]; then
402 chroot_exec usermod -p "${ENCRYPTED_PASSWORD}" root
403
404 if [ "$ENABLE_ROOT_SSH" = true ]; then
405 sed -i 's|[#]*PermitRootLogin.*|PermitRootLogin yes|g' $R/etc/ssh/sshd_config
406 fi
407 else
408 chroot_exec usermod -p \'!\' root
409 fi
410
411 # Set up firmware boot cmdline
412 if [ "$ENABLE_SPLITFS" = true ] ; then
413 CMDLINE="dwc_otg.lpm_enable=0 root=/dev/sda1 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline rootwait net.ifnames=1 console=tty1"
414 else
415 CMDLINE="dwc_otg.lpm_enable=0 root=/dev/mmcblk0p2 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline rootwait net.ifnames=1 console=tty1"
416 fi
417
418 # Set up serial console support (if requested)
419 if [ "$ENABLE_CONSOLE" = true ] ; then
420 CMDLINE="${CMDLINE} console=ttyAMA0,115200 kgdboc=ttyAMA0,115200"
421 fi
422
423 # Set up IPv6 networking support
424 if [ "$ENABLE_IPV6" = false ] ; then
425 CMDLINE="${CMDLINE} ipv6.disable=1"
426 fi
427
428 echo "${CMDLINE}" >$R/boot/firmware/cmdline.txt
429
430 # Set up firmware config
431 install -o root -g root -m 644 files/config.txt $R/boot/firmware/config.txt
432
433 # Load snd_bcm2835 kernel module at boot time
434 if [ "$ENABLE_SOUND" = true ] ; then
435 echo "snd_bcm2835" >>$R/etc/modules
436 fi
437
438 # Set smallest possible GPU memory allocation size: 16MB (no X)
439 if [ "$ENABLE_MINGPU" = true ] ; then
440 echo "gpu_mem=16" >>$R/boot/firmware/config.txt
441 fi
442
443 # Create symlinks
444 ln -sf firmware/config.txt $R/boot/config.txt
445 ln -sf firmware/cmdline.txt $R/boot/cmdline.txt
446
447 # Prepare modules-load.d directory
448 mkdir -p $R/lib/modules-load.d/
449
450 # Load random module on boot
451 if [ "$ENABLE_HWRANDOM" = true ] ; then
452 cat <<EOM >$R/lib/modules-load.d/rpi2.conf
453 bcm2708_rng
454 EOM
455 fi
456
457 # Prepare modprobe.d directory
458 mkdir -p $R/etc/modprobe.d/
459
460 # Blacklist sound modules
461 install -o root -g root -m 644 files/modprobe.d/raspi-blacklist.conf $R/etc/modprobe.d/raspi-blacklist.conf
462
463 # Create default fstab
464 install -o root -g root -m 644 files/fstab $R/etc/fstab
465 if [ "$ENABLE_SPLITFS" = true ] ; then
466 sed -i '/mmcblk0p2/sda1/' $R/etc/fstab
467 fi
468
469 # Avoid swapping and increase cache sizes
470 install -o root -g root -m 644 files/sysctl.d/81-rpi-vm.conf $R/etc/sysctl.d/81-rpi-vm.conf
471
472 # Enable network stack hardening
473 if [ "$ENABLE_HARDNET" = true ] ; then
474 install -o root -g root -m 644 files/sysctl.d/81-rpi-net-hardening.conf $R/etc/sysctl.d/81-rpi-net-hardening.conf
475
476 # Enable resolver warnings about spoofed addresses
477 cat <<EOM >>$R/etc/host.conf
478 spoof warn
479 EOM
480 fi
481
482 # First boot actions
483 cat files/firstboot/10-begin.sh > $R/etc/rc.firstboot
484
485 # Ensure openssh server host keys are regenerated on first boot
486 if [ "$ENABLE_SSHD" = true ] ; then
487 cat files/firstboot/21-generate-ssh-keys.sh >> $R/etc/rc.firstboot
488 rm -f $R/etc/ssh/ssh_host_*
489 fi
490
491 if [ "$EXPANDROOT" = true ] ; then
492 cat files/firstboot/22-expandroot.sh >> $R/etc/rc.firstboot
493 fi
494
495 cat files/firstboot/99-finish.sh >> $R/etc/rc.firstboot
496 chmod +x $R/etc/rc.firstboot
497
498 sed -i '/exit 0/d' $R/etc/rc.local
499 echo /etc/rc.firstboot >> $R/etc/rc.local
500 echo exit 0 >> $R/etc/rc.local
501
502 # Disable rsyslog
503 if [ "$ENABLE_RSYSLOG" = false ]; then
504 sed -i 's|[#]*ForwardToSyslog=yes|ForwardToSyslog=no|g' $R/etc/systemd/journald.conf
505 chroot_exec systemctl disable rsyslog
506 chroot_exec apt-get purge -q -y --force-yes rsyslog
507 fi
508
509 # Enable serial console systemd style
510 if [ "$ENABLE_CONSOLE" = true ] ; then
511 chroot_exec systemctl enable serial-getty\@ttyAMA0.service
512 fi
513
514 # Enable firewall based on iptables started by systemd service
515 if [ "$ENABLE_IPTABLES" = true ] ; then
516 # Create iptables configuration directory
517 mkdir -p "$R/etc/iptables"
518
519 # Create iptables systemd service
520 install -o root -g root -m 644 files/iptables/iptables.service $R/etc/systemd/system/iptables.service
521
522 # Create flush-table script called by iptables service
523 install -o root -g root -m 755 files/iptables/flush-iptables.sh $R/etc/iptables/flush-iptables.sh
524
525 # Create iptables rule file
526 install -o root -g root -m 644 files/iptables/iptables.rules $R/etc/iptables/iptables.rules
527
528 # Reload systemd configuration and enable iptables service
529 chroot_exec systemctl daemon-reload
530 chroot_exec systemctl enable iptables.service
531
532 if [ "$ENABLE_IPV6" = true ] ; then
533 # Create ip6tables systemd service
534 install -o root -g root -m 644 files/iptables/ip6tables.service $R/etc/systemd/system/ip6tables.service
535
536 # Create ip6tables file
537 install -o root -g root -m 755 files/iptables/flush-ip6tables.sh $R/etc/iptables/flush-ip6tables.sh
538
539 install -o root -g root -m 644 files/iptables/ip6tables.rules $R/etc/iptables/ip6tables.rules
540
541 # Reload systemd configuration and enable iptables service
542 chroot_exec systemctl daemon-reload
543 chroot_exec systemctl enable ip6tables.service
544 fi
545 fi
546
547 # Remove SSHD related iptables rules
548 if [ "$ENABLE_SSHD" = false ] ; then
549 sed -e '/^#/! {/SSH/ s/^/# /}' -i $R/etc/iptables/iptables.rules 2> /dev/null
550 sed -e '/^#/! {/SSH/ s/^/# /}' -i $R/etc/iptables/ip6tables.rules 2> /dev/null
551 fi
552
553 # Install gcc/c++ build environment inside the chroot
554 if [ "$ENABLE_UBOOT" = true ] || [ "$ENABLE_FBTURBO" = true ]; then
555 chroot_exec apt-get install -q -y --force-yes --no-install-recommends linux-compiler-gcc-4.9-arm g++ make bc
556 fi
557
558 # Fetch and build U-Boot bootloader
559 if [ "$ENABLE_UBOOT" = true ] ; then
560 # Fetch U-Boot bootloader sources
561 git -C $R/tmp clone git://git.denx.de/u-boot.git
562
563 # Build and install U-Boot inside chroot
564 chroot_exec make -C /tmp/u-boot/ rpi_2_defconfig all
565
566 # Copy compiled bootloader binary and set config.txt to load it
567 cp $R/tmp/u-boot/u-boot.bin $R/boot/firmware/
568 printf "\n# boot u-boot kernel\nkernel=u-boot.bin\n" >> $R/boot/firmware/config.txt
569
570 # Set U-Boot command file
571 cat <<EOM >$R/boot/firmware/uboot.mkimage
572 # Tell Linux that it is booting on a Raspberry Pi2
573 setenv machid 0x00000c42
574
575 # Set the kernel boot command line
576 setenv bootargs "earlyprintk ${CMDLINE}"
577
578 # Save these changes to u-boot's environment
579 saveenv
580
581 # Load the existing Linux kernel into RAM
582 fatload mmc 0:1 \${kernel_addr_r} kernel7.img
583
584 # Boot the kernel we have just loaded
585 bootz \${kernel_addr_r}
586 EOM
587
588 # Generate U-Boot image from command file
589 chroot_exec mkimage -A arm -O linux -T script -C none -a 0x00000000 -e 0x00000000 -n "RPi2 Boot Script" -d /boot/firmware/uboot.mkimage /boot/firmware/boot.scr
590 fi
591
592 # Fetch and build fbturbo Xorg driver
593 if [ "$ENABLE_FBTURBO" = true ] ; then
594 # Fetch fbturbo driver sources
595 git -C $R/tmp clone https://github.com/ssvb/xf86-video-fbturbo.git
596
597 # Install Xorg build dependencies
598 chroot_exec apt-get install -q -y --no-install-recommends xorg-dev xutils-dev x11proto-dri2-dev libltdl-dev libtool automake libdrm-dev
599
600 # Build and install fbturbo driver inside chroot
601 chroot_exec /bin/bash -c "cd /tmp/xf86-video-fbturbo; autoreconf -vi; ./configure --prefix=/usr; make; make install"
602
603 # Add fbturbo driver to Xorg configuration
604 cat <<EOM >$R/usr/share/X11/xorg.conf.d/99-fbturbo.conf
605 Section "Device"
606 Identifier "Allwinner A10/A13 FBDEV"
607 Driver "fbturbo"
608 Option "fbdev" "/dev/fb0"
609 Option "SwapbuffersWait" "true"
610 EndSection
611 EOM
612
613 # Remove Xorg build dependencies
614 chroot_exec apt-get -q -y purge --auto-remove xorg-dev xutils-dev x11proto-dri2-dev libltdl-dev libtool automake libdrm-dev
615 fi
616
212
617 # Remove gcc/c++ build environment from the chroot
213 ## Custom bootstrap scripts
618 if [ "$ENABLE_UBOOT" = true ] || [ "$ENABLE_FBTURBO" = true ]; then
214 if [ -d "custom.d" ]; then
619 chroot_exec apt-get -y -q purge --auto-remove bc binutils cpp cpp-4.9 g++ g++-4.9 gcc gcc-4.9 libasan1 libatomic1 libc-dev-bin libc6-dev libcloog-isl4 libgcc-4.9-dev libgomp1 libisl10 libmpc3 libmpfr4 libstdc++-4.9-dev libubsan0 linux-compiler-gcc-4.9-arm linux-libc-dev make
215 for i in custom.d/*.sh; do
216 . $i
217 done
620 fi
218 fi
621
219
622 # Clean cached downloads
623 chroot_exec apt-get -y clean
624 chroot_exec apt-get -y autoclean
625 chroot_exec apt-get -y autoremove
626
627 # Invoke custom scripts
220 # Invoke custom scripts
628 if [ -n "${CHROOT_SCRIPTS}" ]; then
221 if [ -n "${CHROOT_SCRIPTS}" ]; then
629 cp -r "${CHROOT_SCRIPTS}" "${R}/chroot_scripts"
222 cp -r "${CHROOT_SCRIPTS}" "${R}/chroot_scripts"
630 LANG=C chroot $R bash -c 'for SCRIPT in /chroot_scripts/*; do if [ -f $SCRIPT -a -x $SCRIPT ]; then $SCRIPT; fi done;'
223 LANG=C chroot $R bash -c 'for SCRIPT in /chroot_scripts/*; do if [ -f $SCRIPT -a -x $SCRIPT ]; then $SCRIPT; fi done;'
631 rm -rf "${R}/chroot_scripts"
224 rm -rf "${R}/chroot_scripts"
632 fi
225 fi
633
226
227 ## Cleanup
228 chroot_exec apt-get -y clean
229 chroot_exec apt-get -y autoclean
230 chroot_exec apt-get -y autoremove
231
634 # Unmount mounted filesystems
232 # Unmount mounted filesystems
635 umount -l $R/proc
233 umount -l $R/proc
636 umount -l $R/sys
234 umount -l $R/sys
637
235
638 # Clean up files
236 # Clean up files
639 rm -f $R/etc/apt/sources.list.save
237 rm -f $R/etc/apt/sources.list.save
640 rm -f $R/etc/resolvconf/resolv.conf.d/original
238 rm -f $R/etc/resolvconf/resolv.conf.d/original
641 rm -rf $R/run
239 rm -rf $R/run
642 mkdir -p $R/run
240 mkdir -p $R/run
643 rm -f $R/etc/*-
241 rm -f $R/etc/*-
644 rm -f $R/root/.bash_history
242 rm -f $R/root/.bash_history
645 rm -rf $R/tmp/*
243 rm -rf $R/tmp/*
646 rm -f $R/var/lib/urandom/random-seed
244 rm -f $R/var/lib/urandom/random-seed
647 [ -L $R/var/lib/dbus/machine-id ] || rm -f $R/var/lib/dbus/machine-id
245 [ -L $R/var/lib/dbus/machine-id ] || rm -f $R/var/lib/dbus/machine-id
648 rm -f $R/etc/machine-id
246 rm -f $R/etc/machine-id
649 rm -fr $R/etc/apt/apt.conf.d/10proxy
247 rm -fr $R/etc/apt/apt.conf.d/10proxy
248 rm -f $R/etc/resolv.conf
650
249
651 # Calculate size of the chroot directory in KB
250 # Calculate size of the chroot directory in KB
652 CHROOT_SIZE=$(expr `du -s $R | awk '{ print $1 }'`)
251 CHROOT_SIZE=$(expr `du -s $R | awk '{ print $1 }'`)
653
252
654 # Calculate the amount of needed 512 Byte sectors
253 # Calculate the amount of needed 512 Byte sectors
655 TABLE_SECTORS=$(expr 1 \* 1024 \* 1024 \/ 512)
254 TABLE_SECTORS=$(expr 1 \* 1024 \* 1024 \/ 512)
656 FRMW_SECTORS=$(expr 64 \* 1024 \* 1024 \/ 512)
255 FRMW_SECTORS=$(expr 64 \* 1024 \* 1024 \/ 512)
657 ROOT_OFFSET=$(expr ${TABLE_SECTORS} + ${FRMW_SECTORS})
256 ROOT_OFFSET=$(expr ${TABLE_SECTORS} + ${FRMW_SECTORS})
658
257
659 # The root partition is EXT4
258 # The root partition is EXT4
660 # This means more space than the actual used space of the chroot is used.
259 # This means more space than the actual used space of the chroot is used.
661 # As overhead for journaling and reserved blocks 20% are added.
260 # As overhead for journaling and reserved blocks 20% are added.
662 ROOT_SECTORS=$(expr $(expr ${CHROOT_SIZE} + ${CHROOT_SIZE} \/ 100 \* 20) \* 1024 \/ 512)
261 ROOT_SECTORS=$(expr $(expr ${CHROOT_SIZE} + ${CHROOT_SIZE} \/ 100 \* 20) \* 1024 \/ 512)
663
262
664 # Calculate required image size in 512 Byte sectors
263 # Calculate required image size in 512 Byte sectors
665 IMAGE_SECTORS=$(expr ${TABLE_SECTORS} + ${FRMW_SECTORS} + ${ROOT_SECTORS})
264 IMAGE_SECTORS=$(expr ${TABLE_SECTORS} + ${FRMW_SECTORS} + ${ROOT_SECTORS})
666
265
667 # Prepare date string for image file name
266 # Prepare date string for image file name
668 DATE="$(date +%Y-%m-%d)"
267 DATE="$(date +%Y-%m-%d)"
669
268
670 # Prepare image file
269 # Prepare image file
671 if [ "$ENABLE_SPLITFS" = true ] ; then
270 if [ "$ENABLE_SPLITFS" = true ] ; then
672 dd if=/dev/zero of="$BASEDIR/${DATE}-debian-${RELEASE}-frmw.img" bs=512 count=${TABLE_SECTORS}
271 dd if=/dev/zero of="$BASEDIR/${DATE}-debian-${RELEASE}-frmw.img" bs=512 count=${TABLE_SECTORS}
673 dd if=/dev/zero of="$BASEDIR/${DATE}-debian-${RELEASE}-frmw.img" bs=512 count=0 seek=${FRMW_SECTORS}
272 dd if=/dev/zero of="$BASEDIR/${DATE}-debian-${RELEASE}-frmw.img" bs=512 count=0 seek=${FRMW_SECTORS}
674 dd if=/dev/zero of="$BASEDIR/${DATE}-debian-${RELEASE}-root.img" bs=512 count=${TABLE_SECTORS}
273 dd if=/dev/zero of="$BASEDIR/${DATE}-debian-${RELEASE}-root.img" bs=512 count=${TABLE_SECTORS}
675 dd if=/dev/zero of="$BASEDIR/${DATE}-debian-${RELEASE}-root.img" bs=512 count=0 seek=${ROOT_SECTORS}
274 dd if=/dev/zero of="$BASEDIR/${DATE}-debian-${RELEASE}-root.img" bs=512 count=0 seek=${ROOT_SECTORS}
676 # Write partition tables
275 # Write partition tables
677 sfdisk -q -L -f "$BASEDIR/${DATE}-debian-${RELEASE}-frmw.img" <<EOM
276 sfdisk -q -L -f "$BASEDIR/${DATE}-debian-${RELEASE}-frmw.img" <<EOM
678 unit: sectors
277 unit: sectors
679
278
680 1 : start= ${TABLE_SECTORS}, size= ${FRMW_SECTORS}, Id= c, bootable
279 1 : start= ${TABLE_SECTORS}, size= ${FRMW_SECTORS}, Id= c, bootable
681 2 : start= 0, size= 0, Id= 0
280 2 : start= 0, size= 0, Id= 0
682 3 : start= 0, size= 0, Id= 0
281 3 : start= 0, size= 0, Id= 0
683 4 : start= 0, size= 0, Id= 0
282 4 : start= 0, size= 0, Id= 0
684 EOM
283 EOM
685 sfdisk -q -L -f "$BASEDIR/${DATE}-debian-${RELEASE}-root.img" <<EOM
284 sfdisk -q -L -f "$BASEDIR/${DATE}-debian-${RELEASE}-root.img" <<EOM
686 unit: sectors
285 unit: sectors
687
286
688 1 : start= ${TABLE_SECTORS}, size= ${ROOT_SECTORS}, Id=83
287 1 : start= ${TABLE_SECTORS}, size= ${ROOT_SECTORS}, Id=83
689 2 : start= 0, size= 0, Id= 0
288 2 : start= 0, size= 0, Id= 0
690 3 : start= 0, size= 0, Id= 0
289 3 : start= 0, size= 0, Id= 0
691 4 : start= 0, size= 0, Id= 0
290 4 : start= 0, size= 0, Id= 0
692 EOM
291 EOM
693 # Set up temporary loop devices and build filesystems
292 # Set up temporary loop devices
694 FRMW_LOOP="$(losetup -o 1M --sizelimit 64M -f --show $BASEDIR/${DATE}-debian-${RELEASE}-frmw.img)"
293 FRMW_LOOP="$(losetup -o 1M --sizelimit 64M -f --show $BASEDIR/${DATE}-debian-${RELEASE}-frmw.img)"
695 ROOT_LOOP="$(losetup -o 1M -f --show $BASEDIR/${DATE}-debian-${RELEASE}-root.img)"
294 ROOT_LOOP="$(losetup -o 1M -f --show $BASEDIR/${DATE}-debian-${RELEASE}-root.img)"
696 else
295 else
697 dd if=/dev/zero of="$BASEDIR/${DATE}-debian-${RELEASE}.img" bs=512 count=${TABLE_SECTORS}
296 dd if=/dev/zero of="$BASEDIR/${DATE}-debian-${RELEASE}.img" bs=512 count=${TABLE_SECTORS}
698 dd if=/dev/zero of="$BASEDIR/${DATE}-debian-${RELEASE}.img" bs=512 count=0 seek=${IMAGE_SECTORS}
297 dd if=/dev/zero of="$BASEDIR/${DATE}-debian-${RELEASE}.img" bs=512 count=0 seek=${IMAGE_SECTORS}
699 # Write partition table
298 # Write partition table
700 sfdisk -q -f "$BASEDIR/${DATE}-debian-${RELEASE}.img" <<EOM
299 sfdisk -q -f "$BASEDIR/${DATE}-debian-${RELEASE}.img" <<EOM
701 unit: sectors
300 unit: sectors
702
301
703 1 : start= ${TABLE_SECTORS}, size= ${FRMW_SECTORS}, Id= c, bootable
302 1 : start= ${TABLE_SECTORS}, size= ${FRMW_SECTORS}, Id= c, bootable
704 2 : start= ${ROOT_OFFSET}, size= ${ROOT_SECTORS}, Id=83
303 2 : start= ${ROOT_OFFSET}, size= ${ROOT_SECTORS}, Id=83
705 3 : start= 0, size= 0, Id= 0
304 3 : start= 0, size= 0, Id= 0
706 4 : start= 0, size= 0, Id= 0
305 4 : start= 0, size= 0, Id= 0
707 EOM
306 EOM
708 # Set up temporary loop devices and build filesystems
307 # Set up temporary loop devices
709 FRMW_LOOP="$(losetup -o 1M --sizelimit 64M -f --show $BASEDIR/${DATE}-debian-${RELEASE}.img)"
308 FRMW_LOOP="$(losetup -o 1M --sizelimit 64M -f --show $BASEDIR/${DATE}-debian-${RELEASE}.img)"
710 ROOT_LOOP="$(losetup -o 65M -f --show $BASEDIR/${DATE}-debian-${RELEASE}.img)"
309 ROOT_LOOP="$(losetup -o 65M -f --show $BASEDIR/${DATE}-debian-${RELEASE}.img)"
711 fi
310 fi
712
311
312 # Build filesystems
713 mkfs.vfat "$FRMW_LOOP"
313 mkfs.vfat "$FRMW_LOOP"
714 mkfs.ext4 "$ROOT_LOOP"
314 mkfs.ext4 "$ROOT_LOOP"
715
315
716 # Mount the temporary loop devices
316 # Mount the temporary loop devices
717 mkdir -p "$BUILDDIR/mount"
317 mkdir -p "$BUILDDIR/mount"
718 mount "$ROOT_LOOP" "$BUILDDIR/mount"
318 mount "$ROOT_LOOP" "$BUILDDIR/mount"
719
319
720 mkdir -p "$BUILDDIR/mount/boot/firmware"
320 mkdir -p "$BUILDDIR/mount/boot/firmware"
721 mount "$FRMW_LOOP" "$BUILDDIR/mount/boot/firmware"
321 mount "$FRMW_LOOP" "$BUILDDIR/mount/boot/firmware"
722
322
723 # Copy all files from the chroot to the loop device mount point directory
323 # Copy all files from the chroot to the loop device mount point directory
724 rsync -a "$R/" "$BUILDDIR/mount/"
324 rsync -a "$R/" "$BUILDDIR/mount/"
725
325
726 # Unmount all temporary loop devices and mount points
326 # Unmount all temporary loop devices and mount points
727 cleanup
327 cleanup
728
328
729 if [ "$ENABLE_SPLITFS" = true ] ; then
329 if [ "$ENABLE_SPLITFS" = true ] ; then
730 # (optional) create block map file for "bmaptool"
330 # (optional) create block map file for "bmaptool"
731 bmaptool create -o "$BASEDIR/${DATE}-debian-${RELEASE}-frmw.bmap" "$BASEDIR/${DATE}-debian-${RELEASE}-frmw.img"
331 bmaptool create -o "$BASEDIR/${DATE}-debian-${RELEASE}-frmw.bmap" "$BASEDIR/${DATE}-debian-${RELEASE}-frmw.img"
732 bmaptool create -o "$BASEDIR/${DATE}-debian-${RELEASE}-root.bmap" "$BASEDIR/${DATE}-debian-${RELEASE}-root.img"
332 bmaptool create -o "$BASEDIR/${DATE}-debian-${RELEASE}-root.bmap" "$BASEDIR/${DATE}-debian-${RELEASE}-root.img"
733
333
734 # Image was successfully created
334 # Image was successfully created
735 echo "$BASEDIR/${DATE}-debian-${RELEASE}-frmw.img ($(expr ${TABLE_SECTORS} + ${FRMW_SECTORS} \* 512 \/ 1024)M)" ": successfully created"
335 echo "$BASEDIR/${DATE}-debian-${RELEASE}-frmw.img ($(expr ${TABLE_SECTORS} + ${FRMW_SECTORS} \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
736 echo "$BASEDIR/${DATE}-debian-${RELEASE}-root.img ($(expr ${TABLE_SECTORS} + ${ROOT_SECTORS} \* 512 \/ 1024)M)" ": successfully created"
336 echo "$BASEDIR/${DATE}-debian-${RELEASE}-root.img ($(expr ${TABLE_SECTORS} + ${ROOT_SECTORS} \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
737 else
337 else
738 # (optional) create block map file for "bmaptool"
338 # (optional) create block map file for "bmaptool"
739 bmaptool create -o "$BASEDIR/${DATE}-debian-${RELEASE}.bmap" "$BASEDIR/${DATE}-debian-${RELEASE}.img"
339 bmaptool create -o "$BASEDIR/${DATE}-debian-${RELEASE}.bmap" "$BASEDIR/${DATE}-debian-${RELEASE}.img"
740
340
741 # Image was successfully created
341 # Image was successfully created
742 echo "$BASEDIR/${DATE}-debian-${RELEASE}.img ($(expr ${TABLE_SECTORS} + ${FRMW_SECTORS} + ${ROOT_SECTORS} \* 512 \/ 1024)M)" ": successfully created"
342 echo "$BASEDIR/${DATE}-debian-${RELEASE}.img ($(expr ${TABLE_SECTORS} + ${FRMW_SECTORS} + ${ROOT_SECTORS} \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
743 fi
343 fi
General Comments 0
Vous devez vous connecter pour laisser un commentaire. Se connecter maintenant