##// END OF EJS Templates
Merge pull request #140 from burnbabyburn/RPI3B...
drtyhlpr -
r257:0a79ba1f3943 Fusion
parent child
Show More
@@ -0,0 +1,12
1 [Match]
2 Name=wlan0
3
4 [Network]
5 DHCP=no
6 Address=
7 Gateway=
8 DNS=
9 DNS=
10 Domains=
11 NTP=
12 NTP=
@@ -1,458 +1,465
1 1 # rpi23-gen-image
2 2 ## Introduction
3 3 `rpi23-gen-image.sh` is an advanced Debian Linux bootstrapping shell script for generating Debian OS images for Raspberry Pi 2 (RPi2) and Raspberry Pi 3 (RPi3) computers. The script at this time supports the bootstrapping of the Debian (armhf) releases `jessie`, `stretch` and `buster`. Raspberry Pi 3 images are generated for 32-bit mode only. Raspberry Pi 3 64-bit images can be generated using custom configuration parameters (```templates/rpi3-stretch-arm64-4.11.y```).
4 4
5 5 ## Build dependencies
6 6 The following list of Debian packages must be installed on the build system because they are essentially required for the bootstrapping process. The script will check if all required packages are installed and missing packages will be installed automatically if confirmed by the user.
7 7
8 8 ```debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git bc psmisc dbus sudo```
9 9
10 10 It is recommended to configure the `rpi23-gen-image.sh` script to build and install the latest Raspberry Pi Linux kernel. For the RPi3 this is mandatory. Kernel compilation and linking will be performed on the build system using an ARM (armhf) cross-compiler toolchain.
11 11
12 12 The script has been tested using the default `crossbuild-essential-armhf` toolchain meta package on Debian Linux `jessie` and `stretch` build systems. Please check the [Debian CrossToolchains Wiki](https://wiki.debian.org/CrossToolchains) for further information.
13 13
14 14 If a Debian Linux `jessie` build system is used it will be required to add the [Debian Cross-toolchains repository](http://emdebian.org/tools/debian/) first:
15 15
16 16 ```
17 17 echo "deb http://emdebian.org/tools/debian/ jessie main" > /etc/apt/sources.list.d/crosstools.list
18 18 sudo -u nobody wget -O - http://emdebian.org/tools/debian/emdebian-toolchain-archive.key | apt-key add -
19 19 dpkg --add-architecture armhf
20 20 apt-get update
21 21 ```
22 22
23 23 ## Command-line parameters
24 24 The script accepts certain command-line parameters to enable or disable specific OS features, services and configuration settings. These parameters are passed to the `rpi23-gen-image.sh` script via (simple) shell-variables. Unlike environment shell-variables (simple) shell-variables are defined at the beginning of the command-line call of the `rpi23-gen-image.sh` script.
25 25
26 26 ##### Command-line examples:
27 27 ```shell
28 28 ENABLE_UBOOT=true ./rpi23-gen-image.sh
29 29 ENABLE_CONSOLE=false ENABLE_IPV6=false ./rpi23-gen-image.sh
30 30 ENABLE_WM=xfce4 ENABLE_FBTURBO=true ENABLE_MINBASE=true ./rpi23-gen-image.sh
31 31 ENABLE_HARDNET=true ENABLE_IPTABLES=true /rpi23-gen-image.sh
32 32 APT_SERVER=ftp.de.debian.org APT_PROXY="http://127.0.0.1:3142/" ./rpi23-gen-image.sh
33 33 ENABLE_MINBASE=true ./rpi23-gen-image.sh
34 34 BUILD_KERNEL=true ENABLE_MINBASE=true ENABLE_IPV6=false ./rpi23-gen-image.sh
35 35 BUILD_KERNEL=true KERNELSRC_DIR=/tmp/linux ./rpi23-gen-image.sh
36 36 ENABLE_MINBASE=true ENABLE_REDUCE=true ENABLE_MINGPU=true BUILD_KERNEL=true ./rpi23-gen-image.sh
37 37 ENABLE_CRYPTFS=true CRYPTFS_PASSWORD=changeme EXPANDROOT=false ENABLE_MINBASE=true ENABLE_REDUCE=true ENABLE_MINGPU=true BUILD_KERNEL=true ./rpi23-gen-image.sh
38 38 RELEASE=stretch BUILD_KERNEL=true ./rpi23-gen-image.sh
39 39 RPI_MODEL=3 ENABLE_WIRELESS=true ENABLE_MINBASE=true BUILD_KERNEL=true ./rpi23-gen-image.sh
40 40 RELEASE=stretch RPI_MODEL=3 ENABLE_WIRELESS=true ENABLE_MINBASE=true BUILD_KERNEL=true ./rpi23-gen-image.sh
41 41 ```
42 42
43 43 ## Configuration template files
44 44 To avoid long lists of command-line parameters and to help to store the favourite parameter configurations the `rpi23-gen-image.sh` script supports so called configuration template files (`CONFIG_TEMPLATE`=template). These are simple text files located in the `./templates` directory that contain the list of configuration parameters that will be used. New configuration template files can be added to the `./templates` directory.
45 45
46 46 ##### Command-line examples:
47 47 ```shell
48 48 CONFIG_TEMPLATE=rpi3stretch ./rpi23-gen-image.sh
49 49 CONFIG_TEMPLATE=rpi2stretch ./rpi23-gen-image.sh
50 50 ```
51 51
52 52 ## Supported parameters and settings
53 53 #### APT settings:
54 54 ##### `APT_SERVER`="ftp.debian.org"
55 55 Set Debian packages server address. Choose a server from the list of Debian worldwide [mirror sites](https://www.debian.org/mirror/list). Using a nearby server will probably speed-up all required downloads within the bootstrapping process.
56 56
57 57 ##### `APT_PROXY`=""
58 58 Set Proxy server address. Using a local Proxy-Cache like `apt-cacher-ng` will speed-up the bootstrapping process because all required Debian packages will only be downloaded from the Debian mirror site once.
59 59
60 60 ##### `APT_INCLUDES`=""
61 61 A comma separated list of additional packages to be installed by debootstrap during bootstrapping.
62 62
63 63 ##### `APT_INCLUDES_LATE`=""
64 64 A comma separated list of additional packages to be installed by apt after bootstrapping and after APT sources are set up. This is useful for packages with pre-depends, which debootstrap do not handle well.
65 65
66 66 ---
67 67
68 68 #### General system settings:
69 69 ##### `RPI_MODEL`=2
70 Specifiy the target Raspberry Pi hardware model. The script at this time supports the Raspberry Pi models `2` and `3`. `BUILD_KERNEL`=true will automatically be set if the Raspberry Pi model `3` is used.
70 Specifiy the target Raspberry Pi hardware model. The script at this time supports the following Raspberry Pi models:
71 `0` = Used for Raspberry Pi 0 and Raspberry Pi 0 W
72 `1` = Used for Pi 1 model A and B
73 `1P` = Used for Pi 1 model B+ and A+
74 `2` = Used for Pi 2 model B
75 `3` = Used for Pi 3 model B
76 `3P` = Used for Pi 3 model B+
77 `BUILD_KERNEL`=true will automatically be set if the Raspberry Pi model `3` or `3P` is used.
71 78
72 79 ##### `RELEASE`="jessie"
73 80 Set the desired Debian release name. The script at this time supports the bootstrapping of the Debian releases "jessie", "stretch" and "buster". `BUILD_KERNEL`=true will automatically be set if the Debian releases `stretch` or `buster` are used.
74 81
75 82 ##### `RELEASE_ARCH`="armhf"
76 83 Set the desired Debian release architecture.
77 84
78 85 ##### `HOSTNAME`="rpi$RPI_MODEL-$RELEASE"
79 86 Set system host name. It's recommended that the host name is unique in the corresponding subnet.
80 87
81 88 ##### `PASSWORD`="raspberry"
82 89 Set system `root` password. It's **STRONGLY** recommended that you choose a custom password.
83 90
84 91 ##### `USER_PASSWORD`="raspberry"
85 92 Set password for the created non-root user `USER_NAME`=pi. Ignored if `ENABLE_USER`=false. It's **STRONGLY** recommended that you choose a custom password.
86 93
87 94 ##### `DEFLOCAL`="en_US.UTF-8"
88 95 Set default system locale. This setting can also be changed inside the running OS using the `dpkg-reconfigure locales` command. Please note that on using this parameter the script will automatically install the required packages `locales`, `keyboard-configuration` and `console-setup`.
89 96
90 97 ##### `TIMEZONE`="Europe/Berlin"
91 98 Set default system timezone. All available timezones can be found in the `/usr/share/zoneinfo/` directory. This setting can also be changed inside the running OS using the `dpkg-reconfigure tzdata` command.
92 99
93 100 ##### `EXPANDROOT`=true
94 101 Expand the root partition and filesystem automatically on first boot.
95 102
96 103 ---
97 104
98 105 #### Keyboard settings:
99 106 These options are used to configure keyboard layout in `/etc/default/keyboard` for console and Xorg. These settings can also be changed inside the running OS using the `dpkg-reconfigure keyboard-configuration` command.
100 107
101 108 ##### `XKB_MODEL`=""
102 109 Set the name of the model of your keyboard type.
103 110
104 111 ##### `XKB_LAYOUT`=""
105 112 Set the supported keyboard layout(s).
106 113
107 114 ##### `XKB_VARIANT`=""
108 115 Set the supported variant(s) of the keyboard layout(s).
109 116
110 117 ##### `XKB_OPTIONS`=""
111 118 Set extra xkb configuration options.
112 119
113 120 ---
114 121
115 122 #### Networking settings (DHCP):
116 123 This parameter is used to set up networking auto configuration in `/etc/systemd/network/eth.network`. The default location of network configuration files in the Debian `stretch` release was changed to `/lib/systemd/network`.`
117 124
118 125 ##### `ENABLE_DHCP`=true
119 126 Set the system to use DHCP. This requires an DHCP server.
120 127
121 128 ---
122 129
123 130 #### Networking settings (static):
124 131 These parameters are used to set up a static networking configuration in `/etc/systemd/network/eth.network`. The following static networking parameters are only supported if `ENABLE_DHCP` was set to `false`. The default location of network configuration files in the Debian `stretch` release was changed to `/lib/systemd/network`.
125 132
126 133 ##### `NET_ADDRESS`=""
127 134 Set a static IPv4 or IPv6 address and its prefix, separated by "/", eg. "192.169.0.3/24".
128 135
129 136 ##### `NET_GATEWAY`=""
130 137 Set the IP address for the default gateway.
131 138
132 139 ##### `NET_DNS_1`=""
133 140 Set the IP address for the first DNS server.
134 141
135 142 ##### `NET_DNS_2`=""
136 143 Set the IP address for the second DNS server.
137 144
138 145 ##### `NET_DNS_DOMAINS`=""
139 146 Set the default DNS search domains to use for non fully qualified host names.
140 147
141 148 ##### `NET_NTP_1`=""
142 149 Set the IP address for the first NTP server.
143 150
144 151 ##### `NET_NTP_2`=""
145 152 Set the IP address for the second NTP server.
146 153
147 154 ---
148 155
149 156 #### Basic system features:
150 157 ##### `ENABLE_CONSOLE`=true
151 158 Enable serial console interface. Recommended if no monitor or keyboard is connected to the RPi2/3. In case of problems fe. if the network (auto) configuration failed - the serial console can be used to access the system.
152 159
153 160 ##### `ENABLE_I2C`=false
154 161 Enable I2C interface on the RPi2/3. Please check the [RPi2/3 pinout diagrams](https://elinux.org/RPi_Low-level_peripherals) to connect the right GPIO pins.
155 162
156 163 ##### `ENABLE_SPI`=false
157 164 Enable SPI interface on the RPi2/3. Please check the [RPi2/3 pinout diagrams](https://elinux.org/RPi_Low-level_peripherals) to connect the right GPIO pins.
158 165
159 166 ##### `ENABLE_IPV6`=true
160 167 Enable IPv6 support. The network interface configuration is managed via systemd-networkd.
161 168
162 169 ##### `ENABLE_SSHD`=true
163 170 Install and enable OpenSSH service. The default configuration of the service doesn't allow `root` to login. Please use the user `pi` instead and `su -` or `sudo` to execute commands as root.
164 171
165 172 ##### `ENABLE_NONFREE`=false
166 173 Allow the installation of non-free Debian packages that do not comply with the DFSG. This is required to install closed-source firmware binary blobs.
167 174
168 175 ##### `ENABLE_WIRELESS`=false
169 176 Download and install the [closed-source firmware binary blob](https://github.com/RPi-Distro/firmware-nonfree/tree/master/brcm80211/brcm) that is required to run the internal wireless interface of the Raspberry Pi model `3`. This parameter is ignored if the specified `RPI_MODEL` is not `3`.
170 177
171 178 ##### `ENABLE_RSYSLOG`=true
172 179 If set to false, disable and uninstall rsyslog (so logs will be available only
173 180 in journal files)
174 181
175 182 ##### `ENABLE_SOUND`=true
176 183 Enable sound hardware and install Advanced Linux Sound Architecture.
177 184
178 185 ##### `ENABLE_HWRANDOM`=true
179 186 Enable Hardware Random Number Generator. Strong random numbers are important for most network based communications that use encryption. It's recommended to be enabled.
180 187
181 188 ##### `ENABLE_MINGPU`=false
182 189 Minimize the amount of shared memory reserved for the GPU. It doesn't seem to be possible to fully disable the GPU.
183 190
184 191 ##### `ENABLE_DBUS`=true
185 192 Install and enable D-Bus message bus. Please note that systemd should work without D-bus but it's recommended to be enabled.
186 193
187 194 ##### `ENABLE_XORG`=false
188 195 Install Xorg open-source X Window System.
189 196
190 197 ##### `ENABLE_WM`=""
191 198 Install a user defined window manager for the X Window System. To make sure all X related package dependencies are getting installed `ENABLE_XORG` will automatically get enabled if `ENABLE_WM` is used. The `rpi23-gen-image.sh` script has been tested with the following list of window managers: `blackbox`, `openbox`, `fluxbox`, `jwm`, `dwm`, `xfce4`, `awesome`.
192 199
193 200 ---
194 201
195 202 #### Advanced system features:
196 203 ##### `ENABLE_MINBASE`=false
197 204 Use debootstrap script variant `minbase` which only includes essential packages and apt. This will reduce the disk usage by about 65 MB.
198 205
199 206 ##### `ENABLE_REDUCE`=false
200 207 Reduce the disk space usage by deleting packages and files. See `REDUCE_*` parameters for detailed information.
201 208
202 209 ##### `ENABLE_UBOOT`=false
203 210 Replace the default RPi2/3 second stage bootloader (bootcode.bin) with [U-Boot bootloader](https://git.denx.de/?p=u-boot.git;a=summary). U-Boot can boot images via the network using the BOOTP/TFTP protocol.
204 211
205 212 ##### `UBOOTSRC_DIR`=""
206 213 Path to a directory (`u-boot`) of [U-Boot bootloader sources](https://git.denx.de/?p=u-boot.git;a=summary) that will be copied, configured, build and installed inside the chroot.
207 214
208 215 ##### `ENABLE_FBTURBO`=false
209 216 Install and enable the [hardware accelerated Xorg video driver](https://github.com/ssvb/xf86-video-fbturbo) `fbturbo`. Please note that this driver is currently limited to hardware accelerated window moving and scrolling.
210 217
211 218 ##### `FBTURBOSRC_DIR`=""
212 219 Path to a directory (`xf86-video-fbturbo`) of [hardware accelerated Xorg video driver sources](https://github.com/ssvb/xf86-video-fbturbo) that will be copied, configured, build and installed inside the chroot.
213 220
214 221 ##### `ENABLE_IPTABLES`=false
215 222 Enable iptables IPv4/IPv6 firewall. Simplified ruleset: Allow all outgoing connections. Block all incoming connections except to OpenSSH service.
216 223
217 224 ##### `ENABLE_USER`=true
218 225 Create non-root user with password `USER_PASSWORD`=raspberry. Unless overridden with `USER_NAME`=user, username will be `pi`.
219 226
220 227 ##### `USER_NAME`=pi
221 228 Non-root user to create. Ignored if `ENABLE_USER`=false
222 229
223 230 ##### `ENABLE_ROOT`=false
224 231 Set root user password so root login will be enabled
225 232
226 233 ##### `ENABLE_HARDNET`=false
227 234 Enable IPv4/IPv6 network stack hardening settings.
228 235
229 236 ##### `ENABLE_SPLITFS`=false
230 237 Enable having root partition on an USB drive by creating two image files: one for the `/boot/firmware` mount point, and another for `/`.
231 238
232 239 ##### `CHROOT_SCRIPTS`=""
233 240 Path to a directory with scripts that should be run in the chroot before the image is finally built. Every executable file in this directory is run in lexicographical order.
234 241
235 242 ##### `ENABLE_INITRAMFS`=false
236 243 Create an initramfs that that will be loaded during the Linux startup process. `ENABLE_INITRAMFS` will automatically get enabled if `ENABLE_CRYPTFS`=true. This parameter will be ignored if `BUILD_KERNEL`=false.
237 244
238 245 ##### `ENABLE_IFNAMES`=true
239 246 Enable automatic assignment of predictable, stable network interface names for all local Ethernet, WLAN interfaces. This might create complex and long interface names. This parameter is only supported if the Debian releases `stretch` or `buster` are used.
240 247
241 248 ##### `DISABLE_UNDERVOLT_WARNINGS`=
242 249 Disable RPi2/3 under-voltage warnings and overlays. Setting the parameter to `1` will disable the warning overlay. Setting it to `2` will additionally allow RPi2/3 turbo mode when low-voltage is present.
243 250
244 251 ---
245 252
246 253 #### SSH settings:
247 254 ##### `SSH_ENABLE_ROOT`=false
248 255 Enable password root login via SSH. This may be a security risk with default password, use only in trusted environments. `ENABLE_ROOT` must be set to `true`.
249 256
250 257 ##### `SSH_DISABLE_PASSWORD_AUTH`=false
251 258 Disable password based SSH authentication. Only public key based SSH (v2) authentication will be supported.
252 259
253 260 ##### `SSH_LIMIT_USERS`=false
254 261 Limit the users that are allowed to login via SSH. Only allow user `USER_NAME`=pi and root if `SSH_ENABLE_ROOT`=true to login. This parameter will be ignored if `dropbear` SSH is used (`REDUCE_SSHD`=true).
255 262
256 263 ##### `SSH_ROOT_PUB_KEY`=""
257 264 Add SSH (v2) public key(s) from specified file to `authorized_keys` file to enable public key based SSH (v2) authentication of user `root`. The specified file can also contain multiple SSH (v2) public keys. SSH protocol version 1 is not supported. `ENABLE_ROOT` **and** `SSH_ENABLE_ROOT` must be set to `true`.
258 265
259 266 ##### `SSH_USER_PUB_KEY`=""
260 267 Add SSH (v2) public key(s) from specified file to `authorized_keys` file to enable public key based SSH (v2) authentication of user `USER_NAME`=pi. The specified file can also contain multiple SSH (v2) public keys. SSH protocol version 1 is not supported.
261 268
262 269 ---
263 270
264 271 #### Kernel compilation:
265 272 ##### `BUILD_KERNEL`=false
266 273 Build and install the latest RPi2/3 Linux kernel. Currently only the default RPi2/3 kernel configuration is used. `BUILD_KERNEL`=true will automatically be set if the Raspberry Pi model `3` is used.
267 274
268 275 ##### `CROSS_COMPILE`="arm-linux-gnueabihf-"
269 276 This sets the cross compile enviornment for the compiler.
270 277
271 278 ##### `KERNEL_ARCH`="arm"
272 279 This sets the kernel architecture for the compiler.
273 280
274 281 ##### `KERNEL_IMAGE`="kernel7.img"
275 282 Name of the image file in the boot partition. If not set, `KERNEL_IMAGE` will be set to "kernel8.img" automatically if building for arm64.
276 283
277 284 ##### `KERNEL_BRANCH`=""
278 285 Name of the requested branch from the GIT location for the RPi Kernel. Default is using the current default branch from the GIT site.
279 286
280 287 ##### `QEMU_BINARY`="/usr/bin/qemu-arm-static"
281 288 Sets the QEMU enviornment for the Debian archive. If not set, `QEMU_BINARY` will be set to "/usr/bin/qemu-aarch64-static" automatically if building for arm64.
282 289
283 290 ##### `KERNEL_DEFCONFIG`="bcm2709_defconfig"
284 291 Sets the default config for kernel compiling. If not set, `KERNEL_DEFCONFIG` will be set to "bcmrpi3\_defconfig" automatically if building for arm64.
285 292
286 293 ##### `KERNEL_REDUCE`=false
287 294 Reduce the size of the generated kernel by removing unwanted device, network and filesystem drivers (experimental).
288 295
289 296 ##### `KERNEL_THREADS`=1
290 297 Number of parallel kernel building threads. If the parameter is left untouched the script will automatically determine the number of CPU cores to set the number of parallel threads to speed the kernel compilation.
291 298
292 299 ##### `KERNEL_HEADERS`=true
293 300 Install kernel headers with built kernel.
294 301
295 302 ##### `KERNEL_MENUCONFIG`=false
296 303 Start `make menuconfig` interactive menu-driven kernel configuration. The script will continue after `make menuconfig` was terminated.
297 304
298 305 ##### `KERNEL_OLDDEFCONFIG`=false
299 306 Run `make olddefconfig` to automatically set all new kernel configuration options to their recommended default values.
300 307
301 308 ##### `KERNEL_CCACHE`=false
302 309 Compile the kernel using ccache. This speeds up kernel recompilation by caching previous compilations and detecting when the same compilation is being done again.
303 310
304 311 ##### `KERNEL_REMOVESRC`=true
305 312 Remove all kernel sources from the generated OS image after it was built and installed.
306 313
307 314 ##### `KERNELSRC_DIR`=""
308 315 Path to a directory (`linux`) of [RaspberryPi Linux kernel sources](https://github.com/raspberrypi/linux) that will be copied, configured, build and installed inside the chroot.
309 316
310 317 ##### `KERNELSRC_CLEAN`=false
311 318 Clean the existing kernel sources directory `KERNELSRC_DIR` (using `make mrproper`) after it was copied to the chroot and before the compilation of the kernel has started. This parameter will be ignored if no `KERNELSRC_DIR` was specified or if `KERNELSRC_PREBUILT`=true.
312 319
313 320 ##### `KERNELSRC_CONFIG`=true
314 321 Run `make bcm2709_defconfig` (and optional `make menuconfig`) to configure the kernel sources before building. This parameter is automatically set to `true` if no existing kernel sources directory was specified using `KERNELSRC_DIR`. This parameter is ignored if `KERNELSRC_PREBUILT`=true.
315 322
316 323 ##### `KERNELSRC_USRCONFIG`=""
317 324 Copy own config file to kernel `.config`. If `KERNEL_MENUCONFIG`=true then running after copy.
318 325
319 326 ##### `KERNELSRC_PREBUILT`=false
320 327 With this parameter set to true the script expects the existing kernel sources directory to be already successfully cross-compiled. The parameters `KERNELSRC_CLEAN`, `KERNELSRC_CONFIG`, `KERNELSRC_USRCONFIG` and `KERNEL_MENUCONFIG` are ignored and no kernel compilation tasks are performed.
321 328
322 329 ##### `RPI_FIRMWARE_DIR`=""
323 330 The directory (`firmware`) containing a local copy of the firmware from the [RaspberryPi firmware project](https://github.com/raspberrypi/firmware). Default is to download the latest firmware directly from the project.
324 331
325 332 ---
326 333
327 334 #### Reduce disk usage:
328 335 The following list of parameters is ignored if `ENABLE_REDUCE`=false.
329 336
330 337 ##### `REDUCE_APT`=true
331 338 Configure APT to use compressed package repository lists and no package caching files.
332 339
333 340 ##### `REDUCE_DOC`=true
334 341 Remove all doc files (harsh). Configure APT to not include doc files on future `apt-get` package installations.
335 342
336 343 ##### `REDUCE_MAN`=true
337 344 Remove all man pages and info files (harsh). Configure APT to not include man pages on future `apt-get` package installations.
338 345
339 346 ##### `REDUCE_VIM`=false
340 347 Replace `vim-tiny` package by `levee` a tiny vim clone.
341 348
342 349 ##### `REDUCE_BASH`=false
343 350 Remove `bash` package and switch to `dash` shell (experimental).
344 351
345 352 ##### `REDUCE_HWDB`=true
346 353 Remove PCI related hwdb files (experimental).
347 354
348 355 ##### `REDUCE_SSHD`=true
349 356 Replace `openssh-server` with `dropbear`.
350 357
351 358 ##### `REDUCE_LOCALE`=true
352 359 Remove all `locale` translation files.
353 360
354 361 ---
355 362
356 363 #### Encrypted root partition:
357 364 ##### `ENABLE_CRYPTFS`=false
358 365 Enable full system encryption with dm-crypt. Setup a fully LUKS encrypted root partition (aes-xts-plain64:sha512) and generate required initramfs. The /boot directory will not be encrypted. This parameter will be ignored if `BUILD_KERNEL`=false. `ENABLE_CRYPTFS` is experimental. SSH-to-initramfs is currently not supported but will be soon - feel free to help.
359 366
360 367 ##### `CRYPTFS_PASSWORD`=""
361 368 Set password of the encrypted root partition. This parameter is mandatory if `ENABLE_CRYPTFS`=true.
362 369
363 370 ##### `CRYPTFS_MAPPING`="secure"
364 371 Set name of dm-crypt managed device-mapper mapping.
365 372
366 373 ##### `CRYPTFS_CIPHER`="aes-xts-plain64:sha512"
367 374 Set cipher specification string. `aes-xts*` ciphers are strongly recommended.
368 375
369 376 ##### `CRYPTFS_XTSKEYSIZE`=512
370 377 Sets key size in bits. The argument has to be a multiple of 8.
371 378
372 379 ---
373 380
374 381 #### Build settings:
375 382 ##### `BASEDIR`=$(pwd)/images/${RELEASE}
376 383 Set a path to a working directory used by the script to generate an image.
377 384
378 385 ##### `IMAGE_NAME`=${BASEDIR}/${DATE}-${KERNEL_ARCH}-${KERNEL_BRANCH}-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}
379 386 Set a filename for the output file(s). Note: the script will create $IMAGE_NAME.img if `ENABLE_SPLITFS`=false or $IMAGE_NAME-frmw.img and $IMAGE_NAME-root.img if `ENABLE_SPLITFS`=true. Note 2: If the KERNEL_BRANCH is not set, the word "CURRENT" is used.
380 387
381 388 ## Understanding the script
382 389 The functions of this script that are required for the different stages of the bootstrapping are split up into single files located inside the `bootstrap.d` directory. During the bootstrapping every script in this directory gets executed in lexicographical order:
383 390
384 391 | Script | Description |
385 392 | --- | --- |
386 393 | `10-bootstrap.sh` | Debootstrap basic system |
387 394 | `11-apt.sh` | Setup APT repositories |
388 395 | `12-locale.sh` | Setup Locales and keyboard settings |
389 396 | `13-kernel.sh` | Build and install RPi2/3 Kernel |
390 397 | `14-fstab.sh` | Setup fstab and initramfs |
391 398 | `15-rpi-config.sh` | Setup RPi2/3 config and cmdline |
392 399 | `20-networking.sh` | Setup Networking |
393 400 | `21-firewall.sh` | Setup Firewall |
394 401 | `30-security.sh` | Setup Users and Security settings |
395 402 | `31-logging.sh` | Setup Logging |
396 403 | `32-sshd.sh` | Setup SSH and public keys |
397 404 | `41-uboot.sh` | Build and Setup U-Boot |
398 405 | `42-fbturbo.sh` | Build and Setup fbturbo Xorg driver |
399 406 | `50-firstboot.sh` | First boot actions |
400 407 | `99-reduce.sh` | Reduce the disk space usage |
401 408
402 409 All the required configuration files that will be copied to the generated OS image are located inside the `files` directory. It is not recommended to modify these configuration files manually.
403 410
404 411 | Directory | Description |
405 412 | --- | --- |
406 413 | `apt` | APT management configuration files |
407 414 | `boot` | Boot and RPi2/3 configuration files |
408 415 | `dpkg` | Package Manager configuration |
409 416 | `etc` | Configuration files and rc scripts |
410 417 | `firstboot` | Scripts that get executed on first boot |
411 418 | `initramfs` | Initramfs scripts |
412 419 | `iptables` | Firewall configuration files |
413 420 | `locales` | Locales configuration |
414 421 | `modules` | Kernel Modules configuration |
415 422 | `mount` | Fstab configuration |
416 423 | `network` | Networking configuration files |
417 424 | `sysctl.d` | Swapping and Network Hardening configuration |
418 425 | `xorg` | fbturbo Xorg driver configuration |
419 426
420 427 ## Custom packages and scripts
421 428 Debian custom packages, i.e. those not in the debian repositories, can be installed by placing them in the `packages` directory. They are installed immediately after packages from the repositories are installed. Any dependencies listed in the custom packages will be downloaded automatically from the repositories. Do not list these custom packages in `APT_INCLUDES`.
422 429
423 430 Scripts in the custom.d directory will be executed after all other installation is complete but before the image is created.
424 431
425 432 ## Logging of the bootstrapping process
426 433 All information related to the bootstrapping process and the commands executed by the `rpi23-gen-image.sh` script can easily be saved into a logfile. The common shell command `script` can be used for this purpose:
427 434
428 435 ```shell
429 436 script -c 'APT_SERVER=ftp.de.debian.org ./rpi23-gen-image.sh' ./build.log
430 437 ```
431 438
432 439 ## Flashing the image file
433 440 After the image file was successfully created by the `rpi23-gen-image.sh` script it can be copied to the microSD card that will be used by the RPi2/3 computer. This can be performed by using the tools `bmaptool` or `dd`. Using `bmaptool` will probably speed-up the copy process because `bmaptool` copies more wisely than `dd`.
434 441
435 442 ##### Flashing examples:
436 443 ```shell
437 444 bmaptool copy ./images/jessie/2017-01-23-rpi3-jessie.img /dev/mmcblk0
438 445 dd bs=4M if=./images/jessie/2017-01-23-rpi3-jessie.img of=/dev/mmcblk0
439 446 ```
440 447 If you have set `ENABLE_SPLITFS`, copy the `-frmw` image on the microSD card, then the `-root` one on the USB drive:
441 448 ```shell
442 449 bmaptool copy ./images/jessie/2017-01-23-rpi3-jessie-frmw.img /dev/mmcblk0
443 450 bmaptool copy ./images/jessie/2017-01-23-rpi3-jessie-root.img /dev/sdc
444 451 ```
445 452 ## Weekly image builds
446 453 The image files are provided by JRWR'S I/O PORT and are built once a Sunday at midnight UTC!
447 454 * [Debian Stretch Raspberry Pi2/3 Weekly Image Builds](https://jrwr.io/doku.php?id=projects:debianpi)
448 455
449 456 ## External links and references
450 457 * [Debian worldwide mirror sites](https://www.debian.org/mirror/list)
451 458 * [Debian Raspberry Pi 2 Wiki](https://wiki.debian.org/RaspberryPi2)
452 459 * [Debian CrossToolchains Wiki](https://wiki.debian.org/CrossToolchains)
453 460 * [Official Raspberry Pi Firmware on github](https://github.com/raspberrypi/firmware)
454 461 * [Official Raspberry Pi Kernel on github](https://github.com/raspberrypi/linux)
455 462 * [U-BOOT git repository](https://git.denx.de/?p=u-boot.git;a=summary)
456 463 * [Xorg DDX driver fbturbo](https://github.com/ssvb/xf86-video-fbturbo)
457 464 * [RPi3 Wireless interface firmware](https://github.com/RPi-Distro/firmware-nonfree/tree/master/brcm80211/brcm)
458 465 * [Collabora RPi2 Kernel precompiled](https://repositories.collabora.co.uk/debian/)
@@ -1,107 +1,134
1 1 #
2 2 # Setup Networking
3 3 #
4 4
5 5 # Load utility functions
6 6 . ./functions.sh
7 7
8 8 # Install and setup hostname
9 9 install_readonly files/network/hostname "${ETC_DIR}/hostname"
10 10 sed -i "s/^rpi2-jessie/${HOSTNAME}/" "${ETC_DIR}/hostname"
11 11
12 12 # Install and setup hosts
13 13 install_readonly files/network/hosts "${ETC_DIR}/hosts"
14 14 sed -i "s/rpi2-jessie/${HOSTNAME}/" "${ETC_DIR}/hosts"
15 15
16 16 # Setup hostname entry with static IP
17 17 if [ "$NET_ADDRESS" != "" ] ; then
18 18 NET_IP=$(echo "${NET_ADDRESS}" | cut -f 1 -d'/')
19 19 sed -i "s/^127.0.1.1/${NET_IP}/" "${ETC_DIR}/hosts"
20 20 fi
21 21
22 22 # Remove IPv6 hosts
23 23 if [ "$ENABLE_IPV6" = false ] ; then
24 24 sed -i -e "/::[1-9]/d" -e "/^$/d" "${ETC_DIR}/hosts"
25 25 fi
26 26
27 27 # Install hint about network configuration
28 28 install_readonly files/network/interfaces "${ETC_DIR}/network/interfaces"
29 29
30 30 # Install configuration for interface eth0
31 31 install_readonly files/network/eth.network "${ETC_DIR}/systemd/network/eth.network"
32 32
33 # Install configuration for interface wl*
34 install_readonly files/network/wlan.network "${ETC_DIR}/systemd/network/wlan.network"
35
36 #always with dhcp since wpa_supplicant integration is missing
37 sed -i -e "s/DHCP=.*/DHCP=yes/" -e "/DHCP/q" "${ETC_DIR}/systemd/network/wlan.network"
38
33 39 if [ "$ENABLE_DHCP" = true ] ; then
34 40 # Enable DHCP configuration for interface eth0
35 41 sed -i -e "s/DHCP=.*/DHCP=yes/" -e "/DHCP/q" "${ETC_DIR}/systemd/network/eth.network"
36
42
37 43 # Set DHCP configuration to IPv4 only
38 44 if [ "$ENABLE_IPV6" = false ] ; then
39 45 sed -i "s/DHCP=.*/DHCP=v4/" "${ETC_DIR}/systemd/network/eth.network"
40 46 fi
41 47
42 48 else # ENABLE_DHCP=false
43 49 # Set static network configuration for interface eth0
44 50 sed -i\
45 51 -e "s|DHCP=.*|DHCP=no|"\
46 52 -e "s|Address=\$|Address=${NET_ADDRESS}|"\
47 53 -e "s|Gateway=\$|Gateway=${NET_GATEWAY}|"\
48 54 -e "0,/DNS=\$/ s|DNS=\$|DNS=${NET_DNS_1}|"\
49 55 -e "0,/DNS=\$/ s|DNS=\$|DNS=${NET_DNS_2}|"\
50 56 -e "s|Domains=\$|Domains=${NET_DNS_DOMAINS}|"\
51 57 -e "0,/NTP=\$/ s|NTP=\$|NTP=${NET_NTP_1}|"\
52 58 -e "0,/NTP=\$/ s|NTP=\$|NTP=${NET_NTP_2}|"\
53 59 "${ETC_DIR}/systemd/network/eth.network"
54 60 fi
55 61
56 62 # Remove empty settings from network configuration
57 63 sed -i "/.*=\$/d" "${ETC_DIR}/systemd/network/eth.network"
64 # Remove empty settings from wlan configuration
65 sed -i "/.*=\$/d" "${ETC_DIR}/systemd/network/wlan.network"
58 66
59 67 # Move systemd network configuration if required by Debian release
60 68 if [ "$RELEASE" = "stretch" ] || [ "$RELEASE" = "buster" ] ; then
61 69 mv -v "${ETC_DIR}/systemd/network/eth.network" "${LIB_DIR}/systemd/network/10-eth.network"
70 if [ "$ENABLE_WIRELESS" = true ] ; then
71 mv -v "${ETC_DIR}/systemd/network/wlan.network" "${LIB_DIR}/systemd/network/11-wlan.network"
72 fi
62 73 rm -fr "${ETC_DIR}/systemd/network"
63 74 fi
64 75
65 76 # Enable systemd-networkd service
66 77 chroot_exec systemctl enable systemd-networkd
67 78
68 79 # Install host.conf resolver configuration
69 80 install_readonly files/network/host.conf "${ETC_DIR}/host.conf"
70 81
71 82 # Enable network stack hardening
72 83 if [ "$ENABLE_HARDNET" = true ] ; then
73 84 # Install sysctl.d configuration files
74 85 install_readonly files/sysctl.d/82-rpi-net-hardening.conf "${ETC_DIR}/sysctl.d/82-rpi-net-hardening.conf"
75 86
76 87 # Setup resolver warnings about spoofed addresses
77 88 sed -i "s/^# spoof warn/spoof warn/" "${ETC_DIR}/host.conf"
78 89 fi
79 90
80 91 # Enable time sync
81 92 if [ "NET_NTP_1" != "" ] ; then
82 93 chroot_exec systemctl enable systemd-timesyncd.service
83 94 fi
84 95
85 96 # Download the firmware binary blob required to use the RPi3 wireless interface
86 97 if [ "$ENABLE_WIRELESS" = true ] ; then
87 98 if [ ! -d ${WLAN_FIRMWARE_DIR} ] ; then
88 mkdir -p ${WLAN_FIRMWARE_DIR}
99 mkdir -p ${WLAN_FIRMWARE_DIR}
89 100 fi
90 101
91 102 # Create temporary directory for firmware binary blob
92 103 temp_dir=$(as_nobody mktemp -d)
93 104
94 # Fetch firmware binary blob
105 # Fetch firmware binary blob for RPI3B+
106 if [ "$RPI_MODEL" = 3B ] ; then
107 as_nobody wget -q -O "${temp_dir}/brcmfmac43455-sdio.bin" "${WLAN_FIRMWARE_URL}/brcmfmac43455-sdio.bin"
108 as_nobody wget -q -O "${temp_dir}/brcmfmac43455-sdio.txt" "${WLAN_FIRMWARE_URL}/brcmfmac43455-sdio.txt"
109 as_nobody wget -q -O "${temp_dir}/brcmfmac43455-sdio.clm_blob" "${WLAN_FIRMWARE_URL}/brcmfmac43455-sdio.clm_blob"
110 else
111 # Fetch firmware binary blob for RPI3
95 112 as_nobody wget -q -O "${temp_dir}/brcmfmac43430-sdio.bin" "${WLAN_FIRMWARE_URL}/brcmfmac43430-sdio.bin"
96 113 as_nobody wget -q -O "${temp_dir}/brcmfmac43430-sdio.txt" "${WLAN_FIRMWARE_URL}/brcmfmac43430-sdio.txt"
97
114 fi
115
98 116 # Move downloaded firmware binary blob
117 if [ "$RPI_MODEL" = 3B ] ; then
118 mv "${temp_dir}/brcmfmac43455-sdio."* "${WLAN_FIRMWARE_DIR}/"
119 else
99 120 mv "${temp_dir}/brcmfmac43430-sdio."* "${WLAN_FIRMWARE_DIR}/"
100
121 fi
122
101 123 # Remove temporary directory for firmware binary blob
102 124 rm -fr "${temp_dir}"
103 125
104 126 # Set permissions of the firmware binary blob
127 if [ "$RPI_MODEL" = 3B ] ; then
128 chown root:root "${WLAN_FIRMWARE_DIR}/brcmfmac43455-sdio."*
129 chmod 600 "${WLAN_FIRMWARE_DIR}/brcmfmac43455-sdio."*
130 else
105 131 chown root:root "${WLAN_FIRMWARE_DIR}/brcmfmac43430-sdio."*
106 132 chmod 600 "${WLAN_FIRMWARE_DIR}/brcmfmac43430-sdio."*
133 fi
107 134 fi
@@ -1,665 +1,693
1 1 #!/bin/sh
2 2
3 3 ########################################################################
4 4 # rpi23-gen-image.sh 2015-2017
5 5 #
6 6 # Advanced Debian "jessie", "stretch" and "buster" bootstrap script for RPi2/3
7 7 #
8 8 # This program is free software; you can redistribute it and/or
9 9 # modify it under the terms of the GNU General Public License
10 10 # as published by the Free Software Foundation; either version 2
11 11 # of the License, or (at your option) any later version.
12 12 #
13 13 # Copyright (C) 2015 Jan Wagner <mail@jwagner.eu>
14 14 #
15 15 # Big thanks for patches and enhancements by 20+ github contributors!
16 16 ########################################################################
17 17
18 18 # Are we running as root?
19 19 if [ "$(id -u)" -ne "0" ] ; then
20 20 echo "error: this script must be executed with root privileges!"
21 21 exit 1
22 22 fi
23 23
24 24 # Check if ./functions.sh script exists
25 25 if [ ! -r "./functions.sh" ] ; then
26 26 echo "error: './functions.sh' required script not found!"
27 27 exit 1
28 28 fi
29 29
30 30 # Load utility functions
31 31 . ./functions.sh
32 32
33 33 # Load parameters from configuration template file
34 34 if [ ! -z "$CONFIG_TEMPLATE" ] ; then
35 35 use_template
36 36 fi
37 37
38 38 # Introduce settings
39 39 set -e
40 40 echo -n -e "\n#\n# RPi2/3 Bootstrap Settings\n#\n"
41 41 set -x
42 42
43 43 # Raspberry Pi model configuration
44 44 RPI_MODEL=${RPI_MODEL:=2}
45 #bcm2708-rpi-0-w.dtb (Used for Pi 0 and PI 0W)
46 RPI0_DTB_FILE=${RPI0_DTB_FILE:=bcm2708-rpi-0-w.dtb}
47 RPI0_UBOOT_CONFIG=${RPI0_UBOOT_CONFIG:=rpi_defconfig}
48 #bcm2708-rpi-b.dtb (Used for Pi 1 model A and B)
49 RPI1_DTB_FILE=${RPI1_DTB_FILE:=bcm2708-rpi-b.dtb}
50 RPI1_UBOOT_CONFIG=${RPI1_UBOOT_CONFIG:=rpi_defconfig}
51 #bcm2708-rpi-b-plus.dtb (Used for Pi 1 model B+ and A+)
52 RPI1P_DTB_FILE=${RPI1P_DTB_FILE:=bcm2708-rpi-b-plus.dtb}
53 RPI1P_UBOOT_CONFIG=${RPI1P_UBOOT_CONFIG:=rpi_defconfig}
54 #bcm2709-rpi-2-b.dtb (Used for Pi 2 model B)
45 55 RPI2_DTB_FILE=${RPI2_DTB_FILE:=bcm2709-rpi-2-b.dtb}
46 56 RPI2_UBOOT_CONFIG=${RPI2_UBOOT_CONFIG:=rpi_2_defconfig}
57 #bcm2710-rpi-3-b.dtb (Used for Pi 3 model B)
47 58 RPI3_DTB_FILE=${RPI3_DTB_FILE:=bcm2710-rpi-3-b.dtb}
48 59 RPI3_UBOOT_CONFIG=${RPI3_UBOOT_CONFIG:=rpi_3_32b_defconfig}
60 #bcm2710-rpi-3-b-plus.dtb (Used for Pi 3 model B+)
61 RPI3P_DTB_FILE=${RPI3P_DTB_FILE:=bcm2710-rpi-3-b-plus.dtb}
62 RPI3P_UBOOT_CONFIG=${RPI3P_UBOOT_CONFIG:=rpi_3_32b_defconfig}
49 63
50 64 # Debian release
51 65 RELEASE=${RELEASE:=jessie}
52 66 KERNEL_ARCH=${KERNEL_ARCH:=arm}
53 67 RELEASE_ARCH=${RELEASE_ARCH:=armhf}
54 68 CROSS_COMPILE=${CROSS_COMPILE:=arm-linux-gnueabihf-}
55 69 COLLABORA_KERNEL=${COLLABORA_KERNEL:=3.18.0-trunk-rpi2}
56 70 if [ "$KERNEL_ARCH" = "arm64" ] ; then
57 71 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcmrpi3_defconfig}
58 72 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel8.img}
73 fi
74
75 if [RPI_MODEL] = 0 || [RPI_MODEL = 1] || [RPI_MODEL = 1P]
76 #RASPBERRY PI 1, PI ZERO, PI ZERO W, AND COMPUTE MODULE DEFAULT Kernel BUILD CONFIGURATION
77 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcmrpi_defconfig}
78 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel7.img}
59 79 else
80 #RASPBERRY PI 2, PI 3, PI 3+, AND COMPUTE MODULE 3 DEFAULT Kernel BUILD CONFIGURATION
81 #https://www.raspberrypi.org/documentation/linux/kernel/building.md
60 82 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcm2709_defconfig}
61 83 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel7.img}
62 84 fi
85
63 86 if [ "$RELEASE_ARCH" = "arm64" ] ; then
64 87 QEMU_BINARY=${QEMU_BINARY:=/usr/bin/qemu-aarch64-static}
65 88 else
66 89 QEMU_BINARY=${QEMU_BINARY:=/usr/bin/qemu-arm-static}
67 90 fi
68 91 KERNEL_BRANCH=${KERNEL_BRANCH:=""}
69 92
70 93 # URLs
71 94 KERNEL_URL=${KERNEL_URL:=https://github.com/raspberrypi/linux}
72 95 FIRMWARE_URL=${FIRMWARE_URL:=https://github.com/raspberrypi/firmware/raw/master/boot}
73 96 WLAN_FIRMWARE_URL=${WLAN_FIRMWARE_URL:=https://github.com/RPi-Distro/firmware-nonfree/raw/master/brcm}
74 97 COLLABORA_URL=${COLLABORA_URL:=https://repositories.collabora.co.uk/debian}
75 98 FBTURBO_URL=${FBTURBO_URL:=https://github.com/ssvb/xf86-video-fbturbo.git}
76 99 UBOOT_URL=${UBOOT_URL:=https://git.denx.de/u-boot.git}
77 100
78 101 # Build directories
79 102 BASEDIR=${BASEDIR:=$(pwd)/images/${RELEASE}}
80 103 BUILDDIR="${BASEDIR}/build"
81 104
82 105 # Prepare date string for default image file name
83 106 DATE="$(date +%Y-%m-%d)"
84 107 if [ -z "$KERNEL_BRANCH" ] ; then
85 108 IMAGE_NAME=${IMAGE_NAME:=${BASEDIR}/${DATE}-${KERNEL_ARCH}-CURRENT-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}}
86 109 else
87 110 IMAGE_NAME=${IMAGE_NAME:=${BASEDIR}/${DATE}-${KERNEL_ARCH}-${KERNEL_BRANCH}-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}}
88 111 fi
89 112
90 113 # Chroot directories
91 114 R="${BUILDDIR}/chroot"
92 115 ETC_DIR="${R}/etc"
93 116 LIB_DIR="${R}/lib"
94 117 BOOT_DIR="${R}/boot/firmware"
95 118 KERNEL_DIR="${R}/usr/src/linux"
96 119 WLAN_FIRMWARE_DIR="${R}/lib/firmware/brcm"
97 120
98 121 # Firmware directory: Blank if download from github
99 122 RPI_FIRMWARE_DIR=${RPI_FIRMWARE_DIR:=""}
100 123
101 124 # General settings
102 125 HOSTNAME=${HOSTNAME:=rpi${RPI_MODEL}-${RELEASE}}
103 126 PASSWORD=${PASSWORD:=raspberry}
104 127 USER_PASSWORD=${USER_PASSWORD:=raspberry}
105 128 DEFLOCAL=${DEFLOCAL:="en_US.UTF-8"}
106 129 TIMEZONE=${TIMEZONE:="Europe/Berlin"}
107 130 EXPANDROOT=${EXPANDROOT:=true}
108 131
109 132 # Keyboard settings
110 133 XKB_MODEL=${XKB_MODEL:=""}
111 134 XKB_LAYOUT=${XKB_LAYOUT:=""}
112 135 XKB_VARIANT=${XKB_VARIANT:=""}
113 136 XKB_OPTIONS=${XKB_OPTIONS:=""}
114 137
115 138 # Network settings (DHCP)
116 139 ENABLE_DHCP=${ENABLE_DHCP:=true}
117 140
118 141 # Network settings (static)
119 142 NET_ADDRESS=${NET_ADDRESS:=""}
120 143 NET_GATEWAY=${NET_GATEWAY:=""}
121 144 NET_DNS_1=${NET_DNS_1:=""}
122 145 NET_DNS_2=${NET_DNS_2:=""}
123 146 NET_DNS_DOMAINS=${NET_DNS_DOMAINS:=""}
124 147 NET_NTP_1=${NET_NTP_1:=""}
125 148 NET_NTP_2=${NET_NTP_2:=""}
126 149
127 150 # APT settings
128 151 APT_PROXY=${APT_PROXY:=""}
129 152 APT_SERVER=${APT_SERVER:="ftp.debian.org"}
130 153
131 154 # Feature settings
132 155 ENABLE_CONSOLE=${ENABLE_CONSOLE:=true}
133 156 ENABLE_I2C=${ENABLE_I2C:=false}
134 157 ENABLE_SPI=${ENABLE_SPI:=false}
135 158 ENABLE_IPV6=${ENABLE_IPV6:=true}
136 159 ENABLE_SSHD=${ENABLE_SSHD:=true}
137 160 ENABLE_NONFREE=${ENABLE_NONFREE:=false}
138 161 ENABLE_WIRELESS=${ENABLE_WIRELESS:=false}
139 162 ENABLE_SOUND=${ENABLE_SOUND:=true}
140 163 ENABLE_DBUS=${ENABLE_DBUS:=true}
141 164 ENABLE_HWRANDOM=${ENABLE_HWRANDOM:=true}
142 165 ENABLE_MINGPU=${ENABLE_MINGPU:=false}
143 166 ENABLE_XORG=${ENABLE_XORG:=false}
144 167 ENABLE_WM=${ENABLE_WM:=""}
145 168 ENABLE_RSYSLOG=${ENABLE_RSYSLOG:=true}
146 169 ENABLE_USER=${ENABLE_USER:=true}
147 170 USER_NAME=${USER_NAME:="pi"}
148 171 ENABLE_ROOT=${ENABLE_ROOT:=false}
149 172
150 173 # SSH settings
151 174 SSH_ENABLE_ROOT=${SSH_ENABLE_ROOT:=false}
152 175 SSH_DISABLE_PASSWORD_AUTH=${SSH_DISABLE_PASSWORD_AUTH:=false}
153 176 SSH_LIMIT_USERS=${SSH_LIMIT_USERS:=false}
154 177 SSH_ROOT_PUB_KEY=${SSH_ROOT_PUB_KEY:=""}
155 178 SSH_USER_PUB_KEY=${SSH_USER_PUB_KEY:=""}
156 179
157 180 # Advanced settings
158 181 ENABLE_MINBASE=${ENABLE_MINBASE:=false}
159 182 ENABLE_REDUCE=${ENABLE_REDUCE:=false}
160 183 ENABLE_UBOOT=${ENABLE_UBOOT:=false}
161 184 UBOOTSRC_DIR=${UBOOTSRC_DIR:=""}
162 185 ENABLE_FBTURBO=${ENABLE_FBTURBO:=false}
163 186 FBTURBOSRC_DIR=${FBTURBOSRC_DIR:=""}
164 187 ENABLE_HARDNET=${ENABLE_HARDNET:=false}
165 188 ENABLE_IPTABLES=${ENABLE_IPTABLES:=false}
166 189 ENABLE_SPLITFS=${ENABLE_SPLITFS:=false}
167 190 ENABLE_INITRAMFS=${ENABLE_INITRAMFS:=false}
168 191 ENABLE_IFNAMES=${ENABLE_IFNAMES:=true}
169 192 DISABLE_UNDERVOLT_WARNINGS=${DISABLE_UNDERVOLT_WARNINGS:=}
170 193
171 194 # Kernel compilation settings
172 195 BUILD_KERNEL=${BUILD_KERNEL:=false}
173 196 KERNEL_REDUCE=${KERNEL_REDUCE:=false}
174 197 KERNEL_THREADS=${KERNEL_THREADS:=1}
175 198 KERNEL_HEADERS=${KERNEL_HEADERS:=true}
176 199 KERNEL_MENUCONFIG=${KERNEL_MENUCONFIG:=false}
177 200 KERNEL_REMOVESRC=${KERNEL_REMOVESRC:=true}
178 201 KERNEL_OLDDEFCONFIG=${KERNEL_OLDDEFCONFIG:=false}
179 202 KERNEL_CCACHE=${KERNEL_CCACHE:=false}
180 203
181 204 if [ "$KERNEL_ARCH" = "arm64" ] ; then
182 205 KERNEL_BIN_IMAGE=${KERNEL_BIN_IMAGE:="Image"}
183 206 else
184 207 KERNEL_BIN_IMAGE=${KERNEL_BIN_IMAGE:="zImage"}
185 208 fi
186 209
187 210 # Kernel compilation from source directory settings
188 211 KERNELSRC_DIR=${KERNELSRC_DIR:=""}
189 212 KERNELSRC_CLEAN=${KERNELSRC_CLEAN:=false}
190 213 KERNELSRC_CONFIG=${KERNELSRC_CONFIG:=true}
191 214 KERNELSRC_PREBUILT=${KERNELSRC_PREBUILT:=false}
192 215
193 216 # Reduce disk usage settings
194 217 REDUCE_APT=${REDUCE_APT:=true}
195 218 REDUCE_DOC=${REDUCE_DOC:=true}
196 219 REDUCE_MAN=${REDUCE_MAN:=true}
197 220 REDUCE_VIM=${REDUCE_VIM:=false}
198 221 REDUCE_BASH=${REDUCE_BASH:=false}
199 222 REDUCE_HWDB=${REDUCE_HWDB:=true}
200 223 REDUCE_SSHD=${REDUCE_SSHD:=true}
201 224 REDUCE_LOCALE=${REDUCE_LOCALE:=true}
202 225
203 226 # Encrypted filesystem settings
204 227 ENABLE_CRYPTFS=${ENABLE_CRYPTFS:=false}
205 228 CRYPTFS_PASSWORD=${CRYPTFS_PASSWORD:=""}
206 229 CRYPTFS_MAPPING=${CRYPTFS_MAPPING:="secure"}
207 230 CRYPTFS_CIPHER=${CRYPTFS_CIPHER:="aes-xts-plain64:sha512"}
208 231 CRYPTFS_XTSKEYSIZE=${CRYPTFS_XTSKEYSIZE:=512}
209 232
210 # Stop the Crypto Wars
211 DISABLE_FBI=${DISABLE_FBI:=false}
212
213 233 # Chroot scripts directory
214 234 CHROOT_SCRIPTS=${CHROOT_SCRIPTS:=""}
215 235
216 236 # Packages required in the chroot build environment
217 237 APT_INCLUDES=${APT_INCLUDES:=""}
218 238 APT_INCLUDES="${APT_INCLUDES},apt-transport-https,apt-utils,ca-certificates,debian-archive-keyring,dialog,sudo,systemd,sysvinit-utils"
219 239
220 240 # Packages required for bootstrapping
221 241 REQUIRED_PACKAGES="debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git bc psmisc dbus sudo"
222 242 MISSING_PACKAGES=""
223 243
224 244 # Packages installed for c/c++ build environment in chroot (keep empty)
225 245 COMPILER_PACKAGES=""
226 246
227 247 set +x
228 248
229 249 # Set Raspberry Pi model specific configuration
230 if [ "$RPI_MODEL" = 2 ] ; then
250 elif [ "$RPI_MODEL" = 0 ] ; then
251 DTB_FILE=${RPI2_DTB_FILE}
252 UBOOT_CONFIG=${RPI2_UBOOT_CONFIG}
253 elif [ "$RPI_MODEL" = 1 ] ; then
254 DTB_FILE=${RPI2_DTB_FILE}
255 UBOOT_CONFIG=${RPI2_UBOOT_CONFIG}
256 elif [ "$RPI_MODEL" = 1P ] ; then
257 DTB_FILE=${RPI2_DTB_FILE}
258 UBOOT_CONFIG=${RPI2_UBOOT_CONFIG}
259 elif [ "$RPI_MODEL" = 2 ] ; then
231 260 DTB_FILE=${RPI2_DTB_FILE}
232 261 UBOOT_CONFIG=${RPI2_UBOOT_CONFIG}
233 262 elif [ "$RPI_MODEL" = 3 ] ; then
234 263 DTB_FILE=${RPI3_DTB_FILE}
235 264 UBOOT_CONFIG=${RPI3_UBOOT_CONFIG}
236 265 BUILD_KERNEL=true
266 elif [ "$RPI_MODEL" = 3P ] ; then
267 DTB_FILE=${RPI3P_DTB_FILE}
268 UBOOT_CONFIG=${RPI3P_UBOOT_CONFIG}
269 BUILD_KERNEL=true
237 270 else
238 271 echo "error: Raspberry Pi model ${RPI_MODEL} is not supported!"
239 272 exit 1
240 273 fi
241 274
242 275 # Check if the internal wireless interface is supported by the RPi model
243 if [ "$ENABLE_WIRELESS" = true ] && [ "$RPI_MODEL" != 3 ] ; then
276 if [ "$ENABLE_WIRELESS" = true ] && [ "$RPI_MODEL" = 2 ]; then
244 277 echo "error: The selected Raspberry Pi model has no internal wireless interface"
245 278 exit 1
246 fi
279 fi
247 280
248 281 # Check if DISABLE_UNDERVOLT_WARNINGS parameter value is supported
249 282 if [ ! -z "$DISABLE_UNDERVOLT_WARNINGS" ] ; then
250 283 if [ "$DISABLE_UNDERVOLT_WARNINGS" != 1 ] && [ "$DISABLE_UNDERVOLT_WARNINGS" != 2 ] ; then
251 284 echo "error: DISABLE_UNDERVOLT_WARNINGS=${DISABLE_UNDERVOLT_WARNINGS} is not supported"
252 285 exit 1
253 286 fi
254 287 fi
255 288
256 289 # Build RPi2/3 Linux kernel if required by Debian release
257 290 if [ "$RELEASE" = "stretch" ] || [ "$RELEASE" = "buster" ] ; then
258 291 BUILD_KERNEL=true
259 292 fi
260 293
261 294 # Add packages required for kernel cross compilation
262 295 if [ "$BUILD_KERNEL" = true ] ; then
263 296 if [ "$KERNEL_ARCH" = "arm" ] ; then
264 297 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-armhf"
265 298 else
266 299 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-arm64"
267 300 fi
268 301 fi
269 302
270 303 # Add libncurses5 to enable kernel menuconfig
271 304 if [ "$KERNEL_MENUCONFIG" = true ] ; then
272 305 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} libncurses5-dev"
273 306 fi
274 307
275 308 # Add ccache compiler cache for (faster) kernel cross (re)compilation
276 309 if [ "$KERNEL_CCACHE" = true ] ; then
277 310 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} ccache"
278 311 fi
279 312
280 # Stop the Crypto Wars
281 if [ "$DISABLE_FBI" = true ] ; then
282 ENABLE_CRYPTFS=true
283 fi
284
285 313 # Add cryptsetup package to enable filesystem encryption
286 314 if [ "$ENABLE_CRYPTFS" = true ] && [ "$BUILD_KERNEL" = true ] ; then
287 315 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} cryptsetup"
288 APT_INCLUDES="${APT_INCLUDES},cryptsetup"
316 APT_INCLUDES="${APT_INCLUDES},cryptsetup,console-setup"
289 317
290 318 if [ -z "$CRYPTFS_PASSWORD" ] ; then
291 319 echo "error: no password defined (CRYPTFS_PASSWORD)!"
292 320 exit 1
293 321 fi
294 322 ENABLE_INITRAMFS=true
295 323 fi
296 324
297 325 # Add initramfs generation tools
298 326 if [ "$ENABLE_INITRAMFS" = true ] && [ "$BUILD_KERNEL" = true ] ; then
299 327 APT_INCLUDES="${APT_INCLUDES},initramfs-tools"
300 328 fi
301 329
302 330 # Add device-tree-compiler required for building the U-Boot bootloader
303 331 if [ "$ENABLE_UBOOT" = true ] ; then
304 332 APT_INCLUDES="${APT_INCLUDES},device-tree-compiler"
305 333 fi
306 334
307 335 # Check if root SSH (v2) public key file exists
308 336 if [ ! -z "$SSH_ROOT_PUB_KEY" ] ; then
309 337 if [ ! -f "$SSH_ROOT_PUB_KEY" ] ; then
310 338 echo "error: '$SSH_ROOT_PUB_KEY' specified SSH public key file not found (SSH_ROOT_PUB_KEY)!"
311 339 exit 1
312 340 fi
313 341 fi
314 342
315 343 # Check if $USER_NAME SSH (v2) public key file exists
316 344 if [ ! -z "$SSH_USER_PUB_KEY" ] ; then
317 345 if [ ! -f "$SSH_USER_PUB_KEY" ] ; then
318 346 echo "error: '$SSH_USER_PUB_KEY' specified SSH public key file not found (SSH_USER_PUB_KEY)!"
319 347 exit 1
320 348 fi
321 349 fi
322 350
323 351 # Check if all required packages are installed on the build system
324 352 for package in $REQUIRED_PACKAGES ; do
325 353 if [ "`dpkg-query -W -f='${Status}' $package`" != "install ok installed" ] ; then
326 354 MISSING_PACKAGES="${MISSING_PACKAGES} $package"
327 355 fi
328 356 done
329 357
330 358 # If there are missing packages ask confirmation for install, or exit
331 359 if [ -n "$MISSING_PACKAGES" ] ; then
332 360 echo "the following packages needed by this script are not installed:"
333 361 echo "$MISSING_PACKAGES"
334 362
335 363 echo -n "\ndo you want to install the missing packages right now? [y/n] "
336 364 read confirm
337 365 [ "$confirm" != "y" ] && exit 1
338 366
339 367 # Make sure all missing required packages are installed
340 368 apt-get -qq -y install ${MISSING_PACKAGES}
341 369 fi
342 370
343 371 # Check if ./bootstrap.d directory exists
344 372 if [ ! -d "./bootstrap.d/" ] ; then
345 373 echo "error: './bootstrap.d' required directory not found!"
346 374 exit 1
347 375 fi
348 376
349 377 # Check if ./files directory exists
350 378 if [ ! -d "./files/" ] ; then
351 379 echo "error: './files' required directory not found!"
352 380 exit 1
353 381 fi
354 382
355 383 # Check if specified KERNELSRC_DIR directory exists
356 384 if [ -n "$KERNELSRC_DIR" ] && [ ! -d "$KERNELSRC_DIR" ] ; then
357 385 echo "error: '${KERNELSRC_DIR}' specified directory not found (KERNELSRC_DIR)!"
358 386 exit 1
359 387 fi
360 388
361 389 # Check if specified UBOOTSRC_DIR directory exists
362 390 if [ -n "$UBOOTSRC_DIR" ] && [ ! -d "$UBOOTSRC_DIR" ] ; then
363 391 echo "error: '${UBOOTSRC_DIR}' specified directory not found (UBOOTSRC_DIR)!"
364 392 exit 1
365 393 fi
366 394
367 395 # Check if specified FBTURBOSRC_DIR directory exists
368 396 if [ -n "$FBTURBOSRC_DIR" ] && [ ! -d "$FBTURBOSRC_DIR" ] ; then
369 397 echo "error: '${FBTURBOSRC_DIR}' specified directory not found (FBTURBOSRC_DIR)!"
370 398 exit 1
371 399 fi
372 400
373 401 # Check if specified CHROOT_SCRIPTS directory exists
374 402 if [ -n "$CHROOT_SCRIPTS" ] && [ ! -d "$CHROOT_SCRIPTS" ] ; then
375 403 echo "error: ${CHROOT_SCRIPTS} specified directory not found (CHROOT_SCRIPTS)!"
376 404 exit 1
377 405 fi
378 406
379 407 # Check if specified device mapping already exists (will be used by cryptsetup)
380 408 if [ -r "/dev/mapping/${CRYPTFS_MAPPING}" ] ; then
381 409 echo "error: mapping /dev/mapping/${CRYPTFS_MAPPING} already exists, not proceeding"
382 410 exit 1
383 411 fi
384 412
385 413 # Don't clobber an old build
386 414 if [ -e "$BUILDDIR" ] ; then
387 415 echo "error: directory ${BUILDDIR} already exists, not proceeding"
388 416 exit 1
389 417 fi
390 418
391 419 # Setup chroot directory
392 420 mkdir -p "${R}"
393 421
394 422 # Check if build directory has enough of free disk space >512MB
395 423 if [ "$(df --output=avail ${BUILDDIR} | sed "1d")" -le "524288" ] ; then
396 424 echo "error: ${BUILDDIR} not enough space left to generate the output image!"
397 425 exit 1
398 426 fi
399 427
400 428 set -x
401 429
402 430 # Call "cleanup" function on various signals and errors
403 431 trap cleanup 0 1 2 3 6
404 432
405 433 # Add required packages for the minbase installation
406 434 if [ "$ENABLE_MINBASE" = true ] ; then
407 435 APT_INCLUDES="${APT_INCLUDES},vim-tiny,netbase,net-tools,ifupdown"
408 436 fi
409 437
410 438 # Add required locales packages
411 439 if [ "$DEFLOCAL" != "en_US.UTF-8" ] ; then
412 440 APT_INCLUDES="${APT_INCLUDES},locales,keyboard-configuration,console-setup"
413 441 fi
414 442
415 443 # Add parted package, required to get partprobe utility
416 444 if [ "$EXPANDROOT" = true ] ; then
417 445 APT_INCLUDES="${APT_INCLUDES},parted"
418 446 fi
419 447
420 448 # Add dbus package, recommended if using systemd
421 449 if [ "$ENABLE_DBUS" = true ] ; then
422 450 APT_INCLUDES="${APT_INCLUDES},dbus"
423 451 fi
424 452
425 453 # Add iptables IPv4/IPv6 package
426 454 if [ "$ENABLE_IPTABLES" = true ] ; then
427 455 APT_INCLUDES="${APT_INCLUDES},iptables"
428 456 fi
429 457
430 458 # Add openssh server package
431 459 if [ "$ENABLE_SSHD" = true ] ; then
432 460 APT_INCLUDES="${APT_INCLUDES},openssh-server"
433 461 fi
434 462
435 463 # Add alsa-utils package
436 464 if [ "$ENABLE_SOUND" = true ] ; then
437 465 APT_INCLUDES="${APT_INCLUDES},alsa-utils"
438 466 fi
439 467
440 468 # Add rng-tools package
441 469 if [ "$ENABLE_HWRANDOM" = true ] ; then
442 470 APT_INCLUDES="${APT_INCLUDES},rng-tools"
443 471 fi
444 472
445 473 # Add fbturbo video driver
446 474 if [ "$ENABLE_FBTURBO" = true ] ; then
447 475 # Enable xorg package dependencies
448 476 ENABLE_XORG=true
449 477 fi
450 478
451 479 # Add user defined window manager package
452 480 if [ -n "$ENABLE_WM" ] ; then
453 481 APT_INCLUDES="${APT_INCLUDES},${ENABLE_WM}"
454 482
455 483 # Enable xorg package dependencies
456 484 ENABLE_XORG=true
457 485 fi
458 486
459 487 # Add xorg package
460 488 if [ "$ENABLE_XORG" = true ] ; then
461 489 APT_INCLUDES="${APT_INCLUDES},xorg,dbus-x11"
462 490 fi
463 491
464 492 # Replace selected packages with smaller clones
465 493 if [ "$ENABLE_REDUCE" = true ] ; then
466 494 # Add levee package instead of vim-tiny
467 495 if [ "$REDUCE_VIM" = true ] ; then
468 496 APT_INCLUDES="$(echo ${APT_INCLUDES} | sed "s/vim-tiny/levee/")"
469 497 fi
470 498
471 499 # Add dropbear package instead of openssh-server
472 500 if [ "$REDUCE_SSHD" = true ] ; then
473 501 APT_INCLUDES="$(echo ${APT_INCLUDES} | sed "s/openssh-server/dropbear/")"
474 502 fi
475 503 fi
476 504
477 505 if [ "$RELEASE" != "jessie" ] ; then
478 506 APT_INCLUDES="${APT_INCLUDES},libnss-systemd"
479 507 fi
480 508
481 509 # Configure kernel sources if no KERNELSRC_DIR
482 510 if [ "$BUILD_KERNEL" = true ] && [ -z "$KERNELSRC_DIR" ] ; then
483 511 KERNELSRC_CONFIG=true
484 512 fi
485 513
486 514 # Configure reduced kernel
487 515 if [ "$KERNEL_REDUCE" = true ] ; then
488 516 KERNELSRC_CONFIG=false
489 517 fi
490 518
491 519 # Execute bootstrap scripts
492 520 for SCRIPT in bootstrap.d/*.sh; do
493 521 head -n 3 "$SCRIPT"
494 522 . "$SCRIPT"
495 523 done
496 524
497 525 ## Execute custom bootstrap scripts
498 526 if [ -d "custom.d" ] ; then
499 527 for SCRIPT in custom.d/*.sh; do
500 528 . "$SCRIPT"
501 529 done
502 530 fi
503 531
504 532 # Execute custom scripts inside the chroot
505 533 if [ -n "$CHROOT_SCRIPTS" ] && [ -d "$CHROOT_SCRIPTS" ] ; then
506 534 cp -r "${CHROOT_SCRIPTS}" "${R}/chroot_scripts"
507 535 chroot_exec /bin/bash -x <<'EOF'
508 536 for SCRIPT in /chroot_scripts/* ; do
509 537 if [ -f $SCRIPT -a -x $SCRIPT ] ; then
510 538 $SCRIPT
511 539 fi
512 540 done
513 541 EOF
514 542 rm -rf "${R}/chroot_scripts"
515 543 fi
516 544
517 545 # Remove c/c++ build environment from the chroot
518 546 chroot_remove_cc
519 547
520 548 # Remove apt-utils
521 549 if [ "$RELEASE" = "jessie" ] ; then
522 550 chroot_exec apt-get purge -qq -y --force-yes apt-utils
523 551 fi
524 552
525 553 # Generate required machine-id
526 554 MACHINE_ID=$(dbus-uuidgen)
527 555 echo -n "${MACHINE_ID}" > "${R}/var/lib/dbus/machine-id"
528 556 echo -n "${MACHINE_ID}" > "${ETC_DIR}/machine-id"
529 557
530 558 # APT Cleanup
531 559 chroot_exec apt-get -y clean
532 560 chroot_exec apt-get -y autoclean
533 561 chroot_exec apt-get -y autoremove
534 562
535 563 # Unmount mounted filesystems
536 564 umount -l "${R}/proc"
537 565 umount -l "${R}/sys"
538 566
539 567 # Clean up directories
540 568 rm -rf "${R}/run/*"
541 569 rm -rf "${R}/tmp/*"
542 570
543 571 # Clean up files
544 572 rm -f "${ETC_DIR}/ssh/ssh_host_*"
545 573 rm -f "${ETC_DIR}/dropbear/dropbear_*"
546 574 rm -f "${ETC_DIR}/apt/sources.list.save"
547 575 rm -f "${ETC_DIR}/resolvconf/resolv.conf.d/original"
548 576 rm -f "${ETC_DIR}/*-"
549 577 rm -f "${ETC_DIR}/apt/apt.conf.d/10proxy"
550 578 rm -f "${ETC_DIR}/resolv.conf"
551 579 rm -f "${R}/root/.bash_history"
552 580 rm -f "${R}/var/lib/urandom/random-seed"
553 581 rm -f "${R}/initrd.img"
554 582 rm -f "${R}/vmlinuz"
555 583 rm -f "${R}${QEMU_BINARY}"
556 584
557 585 # Calculate size of the chroot directory in KB
558 586 CHROOT_SIZE=$(expr `du -s "${R}" | awk '{ print $1 }'`)
559 587
560 588 # Calculate the amount of needed 512 Byte sectors
561 589 TABLE_SECTORS=$(expr 1 \* 1024 \* 1024 \/ 512)
562 590 FRMW_SECTORS=$(expr 64 \* 1024 \* 1024 \/ 512)
563 591 ROOT_OFFSET=$(expr ${TABLE_SECTORS} + ${FRMW_SECTORS})
564 592
565 593 # The root partition is EXT4
566 594 # This means more space than the actual used space of the chroot is used.
567 595 # As overhead for journaling and reserved blocks 35% are added.
568 596 ROOT_SECTORS=$(expr $(expr ${CHROOT_SIZE} + ${CHROOT_SIZE} \/ 100 \* 35) \* 1024 \/ 512)
569 597
570 598 # Calculate required image size in 512 Byte sectors
571 599 IMAGE_SECTORS=$(expr ${TABLE_SECTORS} + ${FRMW_SECTORS} + ${ROOT_SECTORS})
572 600
573 601 # Prepare image file
574 602 if [ "$ENABLE_SPLITFS" = true ] ; then
575 603 dd if=/dev/zero of="$IMAGE_NAME-frmw.img" bs=512 count=${TABLE_SECTORS}
576 604 dd if=/dev/zero of="$IMAGE_NAME-frmw.img" bs=512 count=0 seek=${FRMW_SECTORS}
577 605 dd if=/dev/zero of="$IMAGE_NAME-root.img" bs=512 count=${TABLE_SECTORS}
578 606 dd if=/dev/zero of="$IMAGE_NAME-root.img" bs=512 count=0 seek=${ROOT_SECTORS}
579 607
580 608 # Write firmware/boot partition tables
581 609 sfdisk -q -L -uS -f "$IMAGE_NAME-frmw.img" 2> /dev/null <<EOM
582 610 ${TABLE_SECTORS},${FRMW_SECTORS},c,*
583 611 EOM
584 612
585 613 # Write root partition table
586 614 sfdisk -q -L -uS -f "$IMAGE_NAME-root.img" 2> /dev/null <<EOM
587 615 ${TABLE_SECTORS},${ROOT_SECTORS},83
588 616 EOM
589 617
590 618 # Setup temporary loop devices
591 619 FRMW_LOOP="$(losetup -o 1M --sizelimit 64M -f --show $IMAGE_NAME-frmw.img)"
592 620 ROOT_LOOP="$(losetup -o 1M -f --show $IMAGE_NAME-root.img)"
593 621 else # ENABLE_SPLITFS=false
594 622 dd if=/dev/zero of="$IMAGE_NAME.img" bs=512 count=${TABLE_SECTORS}
595 623 dd if=/dev/zero of="$IMAGE_NAME.img" bs=512 count=0 seek=${IMAGE_SECTORS}
596 624
597 625 # Write partition table
598 626 sfdisk -q -L -uS -f "$IMAGE_NAME.img" 2> /dev/null <<EOM
599 627 ${TABLE_SECTORS},${FRMW_SECTORS},c,*
600 628 ${ROOT_OFFSET},${ROOT_SECTORS},83
601 629 EOM
602 630
603 631 # Setup temporary loop devices
604 632 FRMW_LOOP="$(losetup -o 1M --sizelimit 64M -f --show $IMAGE_NAME.img)"
605 633 ROOT_LOOP="$(losetup -o 65M -f --show $IMAGE_NAME.img)"
606 634 fi
607 635
608 636 if [ "$ENABLE_CRYPTFS" = true ] ; then
609 637 # Create dummy ext4 fs
610 638 mkfs.ext4 "$ROOT_LOOP"
611 639
612 640 # Setup password keyfile
613 641 touch .password
614 642 chmod 600 .password
615 643 echo -n ${CRYPTFS_PASSWORD} > .password
616 644
617 645 # Initialize encrypted partition
618 646 echo "YES" | cryptsetup luksFormat "${ROOT_LOOP}" -c "${CRYPTFS_CIPHER}" -s "${CRYPTFS_XTSKEYSIZE}" .password
619 647
620 648 # Open encrypted partition and setup mapping
621 649 cryptsetup luksOpen "${ROOT_LOOP}" -d .password "${CRYPTFS_MAPPING}"
622 650
623 651 # Secure delete password keyfile
624 652 shred -zu .password
625 653
626 654 # Update temporary loop device
627 655 ROOT_LOOP="/dev/mapper/${CRYPTFS_MAPPING}"
628 656
629 657 # Wipe encrypted partition (encryption cipher is used for randomness)
630 658 dd if=/dev/zero of="${ROOT_LOOP}" bs=512 count=$(blockdev --getsz "${ROOT_LOOP}")
631 659 fi
632 660
633 661 # Build filesystems
634 662 mkfs.vfat "$FRMW_LOOP"
635 663 mkfs.ext4 "$ROOT_LOOP"
636 664
637 665 # Mount the temporary loop devices
638 666 mkdir -p "$BUILDDIR/mount"
639 667 mount "$ROOT_LOOP" "$BUILDDIR/mount"
640 668
641 669 mkdir -p "$BUILDDIR/mount/boot/firmware"
642 670 mount "$FRMW_LOOP" "$BUILDDIR/mount/boot/firmware"
643 671
644 672 # Copy all files from the chroot to the loop device mount point directory
645 673 rsync -a "${R}/" "$BUILDDIR/mount/"
646 674
647 675 # Unmount all temporary loop devices and mount points
648 676 cleanup
649 677
650 678 # Create block map file(s) of image(s)
651 679 if [ "$ENABLE_SPLITFS" = true ] ; then
652 680 # Create block map files for "bmaptool"
653 681 bmaptool create -o "$IMAGE_NAME-frmw.bmap" "$IMAGE_NAME-frmw.img"
654 682 bmaptool create -o "$IMAGE_NAME-root.bmap" "$IMAGE_NAME-root.img"
655 683
656 684 # Image was successfully created
657 685 echo "$IMAGE_NAME-frmw.img ($(expr \( ${TABLE_SECTORS} + ${FRMW_SECTORS} \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
658 686 echo "$IMAGE_NAME-root.img ($(expr \( ${TABLE_SECTORS} + ${ROOT_SECTORS} \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
659 687 else
660 688 # Create block map file for "bmaptool"
661 689 bmaptool create -o "$IMAGE_NAME.bmap" "$IMAGE_NAME.img"
662 690
663 691 # Image was successfully created
664 692 echo "$IMAGE_NAME.img ($(expr \( ${TABLE_SECTORS} + ${FRMW_SECTORS} + ${ROOT_SECTORS} \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
665 693 fi
General Comments 0
Vous devez vous connecter pour laisser un commentaire. Se connecter maintenant