##// END OF EJS Templates
Merge pull request #155 from burnbabyburn/fixes...
drtyhlpr -
r326:0d104913b59f Fusion
parent child
Show More
@@ -1,493 +1,493
1 1 # rpi23-gen-image
2 2 ## Introduction
3 3 `rpi23-gen-image.sh` is an advanced Debian Linux bootstrapping shell script for generating Debian OS images for Raspberry Pi 2 (RPi2) and Raspberry Pi 3 (RPi3) computers. The script at this time supports the bootstrapping of the Debian (armhf) releases `jessie`, `stretch` and `buster`. Raspberry Pi 3 images are generated for 32-bit mode only. Raspberry Pi 3 64-bit images can be generated using custom configuration parameters (```templates/rpi3-stretch-arm64-4.11.y```).
4 4
5 5 ## Build dependencies
6 6 The following list of Debian packages must be installed on the build system because they are essentially required for the bootstrapping process. The script will check if all required packages are installed and missing packages will be installed automatically if confirmed by the user.
7 7
8 8 ```debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git bc psmisc dbus sudo```
9 9
10 10 It is recommended to configure the `rpi23-gen-image.sh` script to build and install the latest Raspberry Pi Linux kernel. For the RPi3 this is mandatory. Kernel compilation and linking will be performed on the build system using an ARM (armhf) cross-compiler toolchain.
11 11
12 12 The script has been tested using the default `crossbuild-essential-armhf` toolchain meta package on Debian Linux `jessie` and `stretch` build systems. Please check the [Debian CrossToolchains Wiki](https://wiki.debian.org/CrossToolchains) for further information.
13 13
14 14 If a Debian Linux `jessie` build system is used it will be required to add the [Debian Cross-toolchains repository](http://emdebian.org/tools/debian/) first:
15 15
16 16 ```
17 17 echo "deb http://emdebian.org/tools/debian/ jessie main" > /etc/apt/sources.list.d/crosstools.list
18 18 sudo -u nobody wget -O - http://emdebian.org/tools/debian/emdebian-toolchain-archive.key | apt-key add -
19 19 dpkg --add-architecture armhf
20 20 apt-get update
21 21 ```
22 22
23 23 ## Command-line parameters
24 24 The script accepts certain command-line parameters to enable or disable specific OS features, services and configuration settings. These parameters are passed to the `rpi23-gen-image.sh` script via (simple) shell-variables. Unlike environment shell-variables (simple) shell-variables are defined at the beginning of the command-line call of the `rpi23-gen-image.sh` script.
25 25
26 26 ##### Command-line examples:
27 27 ```shell
28 28 ENABLE_UBOOT=true ./rpi23-gen-image.sh
29 29 ENABLE_CONSOLE=false ENABLE_IPV6=false ./rpi23-gen-image.sh
30 30 ENABLE_WM=xfce4 ENABLE_FBTURBO=true ENABLE_MINBASE=true ./rpi23-gen-image.sh
31 31 ENABLE_HARDNET=true ENABLE_IPTABLES=true /rpi23-gen-image.sh
32 32 APT_SERVER=ftp.de.debian.org APT_PROXY="http://127.0.0.1:3142/" ./rpi23-gen-image.sh
33 33 ENABLE_MINBASE=true ./rpi23-gen-image.sh
34 34 BUILD_KERNEL=true ENABLE_MINBASE=true ENABLE_IPV6=false ./rpi23-gen-image.sh
35 35 BUILD_KERNEL=true KERNELSRC_DIR=/tmp/linux ./rpi23-gen-image.sh
36 36 ENABLE_MINBASE=true ENABLE_REDUCE=true ENABLE_MINGPU=true BUILD_KERNEL=true ./rpi23-gen-image.sh
37 37 ENABLE_CRYPTFS=true CRYPTFS_PASSWORD=changeme EXPANDROOT=false ENABLE_MINBASE=true ENABLE_REDUCE=true ENABLE_MINGPU=true BUILD_KERNEL=true ./rpi23-gen-image.sh
38 38 RELEASE=stretch BUILD_KERNEL=true ./rpi23-gen-image.sh
39 39 RPI_MODEL=3 ENABLE_WIRELESS=true ENABLE_MINBASE=true BUILD_KERNEL=true ./rpi23-gen-image.sh
40 40 RELEASE=stretch RPI_MODEL=3 ENABLE_WIRELESS=true ENABLE_MINBASE=true BUILD_KERNEL=true ./rpi23-gen-image.sh
41 41 ```
42 42
43 43 ## Configuration template files
44 44 To avoid long lists of command-line parameters and to help to store the favourite parameter configurations the `rpi23-gen-image.sh` script supports so called configuration template files (`CONFIG_TEMPLATE`=template). These are simple text files located in the `./templates` directory that contain the list of configuration parameters that will be used. New configuration template files can be added to the `./templates` directory.
45 45
46 46 ##### Command-line examples:
47 47 ```shell
48 48 CONFIG_TEMPLATE=rpi3stretch ./rpi23-gen-image.sh
49 49 CONFIG_TEMPLATE=rpi2stretch ./rpi23-gen-image.sh
50 50 ```
51 51
52 52 ## Supported parameters and settings
53 53 #### APT settings:
54 54 ##### `APT_SERVER`="ftp.debian.org"
55 55 Set Debian packages server address. Choose a server from the list of Debian worldwide [mirror sites](https://www.debian.org/mirror/list). Using a nearby server will probably speed-up all required downloads within the bootstrapping process.
56 56
57 57 ##### `APT_PROXY`=""
58 58 Set Proxy server address. Using a local Proxy-Cache like `apt-cacher-ng` will speed-up the bootstrapping process because all required Debian packages will only be downloaded from the Debian mirror site once.
59 59
60 60 ##### `APT_INCLUDES`=""
61 61 A comma separated list of additional packages to be installed by debootstrap during bootstrapping.
62 62
63 63 ##### `APT_INCLUDES_LATE`=""
64 64 A comma separated list of additional packages to be installed by apt after bootstrapping and after APT sources are set up. This is useful for packages with pre-depends, which debootstrap do not handle well.
65 65
66 66 ---
67 67
68 68 #### General system settings:
69 69 ##### `RPI_MODEL`=2
70 70 Specifiy the target Raspberry Pi hardware model. The script at this time supports the following Raspberry Pi models:
71 71 `0` = Used for Raspberry Pi 0 and Raspberry Pi 0 W
72 72 `1` = Used for Pi 1 model A and B
73 73 `1P` = Used for Pi 1 model B+ and A+
74 74 `2` = Used for Pi 2 model B
75 75 `3` = Used for Pi 3 model B
76 76 `3P` = Used for Pi 3 model B+
77 77 `BUILD_KERNEL`=true will automatically be set if the Raspberry Pi model `3` or `3P` is used.
78 78
79 79 ##### `RELEASE`="jessie"
80 80 Set the desired Debian release name. The script at this time supports the bootstrapping of the Debian releases "jessie", "stretch" and "buster". `BUILD_KERNEL`=true will automatically be set if the Debian releases `stretch` or `buster` are used.
81 81
82 82 ##### `RELEASE_ARCH`="armhf"
83 83 Set the desired Debian release architecture.
84 84
85 85 ##### `HOSTNAME`="rpi$RPI_MODEL-$RELEASE"
86 86 Set system host name. It's recommended that the host name is unique in the corresponding subnet.
87 87
88 88 ##### `PASSWORD`="raspberry"
89 89 Set system `root` password. It's **STRONGLY** recommended that you choose a custom password.
90 90
91 91 ##### `USER_PASSWORD`="raspberry"
92 92 Set password for the created non-root user `USER_NAME`=pi. Ignored if `ENABLE_USER`=false. It's **STRONGLY** recommended that you choose a custom password.
93 93
94 94 ##### `DEFLOCAL`="en_US.UTF-8"
95 95 Set default system locale. This setting can also be changed inside the running OS using the `dpkg-reconfigure locales` command. Please note that on using this parameter the script will automatically install the required packages `locales`, `keyboard-configuration` and `console-setup`.
96 96
97 97 ##### `TIMEZONE`="Europe/Berlin"
98 98 Set default system timezone. All available timezones can be found in the `/usr/share/zoneinfo/` directory. This setting can also be changed inside the running OS using the `dpkg-reconfigure tzdata` command.
99 99
100 100 ##### `EXPANDROOT`=true
101 101 Expand the root partition and filesystem automatically on first boot.
102 102
103 103 ##### `ENABLE_QEMU`=false
104 104 Generate kernel (`vexpress_defconfig`), file system image (`qcow2`) and DTB files that can be used for QEMU full system emulation (`vexpress-A15`). The output files are stored in the `$(pwd)/images/qemu` directory. You can find more information about running the generated image in the QEMU section of this readme file.
105 105
106 106 ---
107 107
108 108 #### Keyboard settings:
109 109 These options are used to configure keyboard layout in `/etc/default/keyboard` for console and Xorg. These settings can also be changed inside the running OS using the `dpkg-reconfigure keyboard-configuration` command.
110 110
111 111 ##### `XKB_MODEL`=""
112 112 Set the name of the model of your keyboard type.
113 113
114 114 ##### `XKB_LAYOUT`=""
115 115 Set the supported keyboard layout(s).
116 116
117 117 ##### `XKB_VARIANT`=""
118 118 Set the supported variant(s) of the keyboard layout(s).
119 119
120 120 ##### `XKB_OPTIONS`=""
121 121 Set extra xkb configuration options.
122 122
123 123 ---
124 124
125 125 #### Networking settings (DHCP):
126 126 This parameter is used to set up networking auto configuration in `/etc/systemd/network/eth.network`. The default location of network configuration files in the Debian `stretch` release was changed to `/lib/systemd/network`.`
127 127
128 128 ##### `ENABLE_DHCP`=true
129 129 Set the system to use DHCP. This requires an DHCP server.
130 130
131 131 ---
132 132
133 133 #### Networking settings (static):
134 134 These parameters are used to set up a static networking configuration in `/etc/systemd/network/eth.network`. The following static networking parameters are only supported if `ENABLE_DHCP` was set to `false`. The default location of network configuration files in the Debian `stretch` release was changed to `/lib/systemd/network`.
135 135
136 136 ##### `NET_ADDRESS`=""
137 137 Set a static IPv4 or IPv6 address and its prefix, separated by "/", eg. "192.169.0.3/24".
138 138
139 139 ##### `NET_GATEWAY`=""
140 140 Set the IP address for the default gateway.
141 141
142 142 ##### `NET_DNS_1`=""
143 143 Set the IP address for the first DNS server.
144 144
145 145 ##### `NET_DNS_2`=""
146 146 Set the IP address for the second DNS server.
147 147
148 148 ##### `NET_DNS_DOMAINS`=""
149 149 Set the default DNS search domains to use for non fully qualified host names.
150 150
151 151 ##### `NET_NTP_1`=""
152 152 Set the IP address for the first NTP server.
153 153
154 154 ##### `NET_NTP_2`=""
155 155 Set the IP address for the second NTP server.
156 156
157 157 ---
158 158
159 159 #### Basic system features:
160 160 ##### `ENABLE_CONSOLE`=true
161 161 Enable serial console interface. Recommended if no monitor or keyboard is connected to the RPi2/3. In case of problems fe. if the network (auto) configuration failed - the serial console can be used to access the system.
162 162
163 163 ##### `ENABLE_I2C`=false
164 164 Enable I2C interface on the RPi2/3. Please check the [RPi2/3 pinout diagrams](https://elinux.org/RPi_Low-level_peripherals) to connect the right GPIO pins.
165 165
166 166 ##### `ENABLE_SPI`=false
167 167 Enable SPI interface on the RPi2/3. Please check the [RPi2/3 pinout diagrams](https://elinux.org/RPi_Low-level_peripherals) to connect the right GPIO pins.
168 168
169 169 ##### `ENABLE_IPV6`=true
170 170 Enable IPv6 support. The network interface configuration is managed via systemd-networkd.
171 171
172 172 ##### `ENABLE_SSHD`=true
173 173 Install and enable OpenSSH service. The default configuration of the service doesn't allow `root` to login. Please use the user `pi` instead and `su -` or `sudo` to execute commands as root.
174 174
175 175 ##### `ENABLE_NONFREE`=false
176 176 Allow the installation of non-free Debian packages that do not comply with the DFSG. This is required to install closed-source firmware binary blobs.
177 177
178 178 ##### `ENABLE_WIRELESS`=false
179 Download and install the [closed-source firmware binary blob](https://github.com/RPi-Distro/firmware-nonfree/tree/master/brcm80211/brcm) that is required to run the internal wireless interface of the Raspberry Pi model `3`. This parameter is ignored if the specified `RPI_MODEL` is not `3`.
179 Download and install the [closed-source firmware binary blob](https://github.com/RPi-Distro/firmware-nonfree/raw/master/brcm) that is required to run the internal wireless interface of the Raspberry Pi model `3`. This parameter is ignored if the specified `RPI_MODEL` is not `3`.
180 180
181 181 ##### `ENABLE_RSYSLOG`=true
182 182 If set to false, disable and uninstall rsyslog (so logs will be available only
183 183 in journal files)
184 184
185 185 ##### `ENABLE_SOUND`=true
186 186 Enable sound hardware and install Advanced Linux Sound Architecture.
187 187
188 188 ##### `ENABLE_HWRANDOM`=true
189 189 Enable Hardware Random Number Generator. Strong random numbers are important for most network based communications that use encryption. It's recommended to be enabled.
190 190
191 191 ##### `ENABLE_MINGPU`=false
192 192 Minimize the amount of shared memory reserved for the GPU. It doesn't seem to be possible to fully disable the GPU.
193 193
194 194 ##### `ENABLE_DBUS`=true
195 195 Install and enable D-Bus message bus. Please note that systemd should work without D-bus but it's recommended to be enabled.
196 196
197 197 ##### `ENABLE_XORG`=false
198 198 Install Xorg open-source X Window System.
199 199
200 200 ##### `ENABLE_WM`=""
201 201 Install a user defined window manager for the X Window System. To make sure all X related package dependencies are getting installed `ENABLE_XORG` will automatically get enabled if `ENABLE_WM` is used. The `rpi23-gen-image.sh` script has been tested with the following list of window managers: `blackbox`, `openbox`, `fluxbox`, `jwm`, `dwm`, `xfce4`, `awesome`.
202 202
203 203 ##### `ENABLE_SYSVINIT`=false
204 204 Support for halt,init,poweroff,reboot,runlevel,shutdown,telinit commands
205 205
206 206 ---
207 207
208 208 #### Advanced system features:
209 209 ##### `ENABLE_MINBASE`=false
210 210 Use debootstrap script variant `minbase` which only includes essential packages and apt. This will reduce the disk usage by about 65 MB.
211 211
212 212 ##### `ENABLE_REDUCE`=false
213 213 Reduce the disk space usage by deleting packages and files. See `REDUCE_*` parameters for detailed information.
214 214
215 215 ##### `ENABLE_UBOOT`=false
216 216 Replace the default RPi2/3 second stage bootloader (bootcode.bin) with [U-Boot bootloader](https://git.denx.de/?p=u-boot.git;a=summary). U-Boot can boot images via the network using the BOOTP/TFTP protocol.
217 217
218 218 ##### `UBOOTSRC_DIR`=""
219 219 Path to a directory (`u-boot`) of [U-Boot bootloader sources](https://git.denx.de/?p=u-boot.git;a=summary) that will be copied, configured, build and installed inside the chroot.
220 220
221 221 ##### `ENABLE_FBTURBO`=false
222 222 Install and enable the [hardware accelerated Xorg video driver](https://github.com/ssvb/xf86-video-fbturbo) `fbturbo`. Please note that this driver is currently limited to hardware accelerated window moving and scrolling.
223 223
224 224 ##### `FBTURBOSRC_DIR`=""
225 225 Path to a directory (`xf86-video-fbturbo`) of [hardware accelerated Xorg video driver sources](https://github.com/ssvb/xf86-video-fbturbo) that will be copied, configured, build and installed inside the chroot.
226 226
227 227 ##### `ENABLE_IPTABLES`=false
228 228 Enable iptables IPv4/IPv6 firewall. Simplified ruleset: Allow all outgoing connections. Block all incoming connections except to OpenSSH service.
229 229
230 230 ##### `ENABLE_USER`=true
231 231 Create non-root user with password `USER_PASSWORD`=raspberry. Unless overridden with `USER_NAME`=user, username will be `pi`.
232 232
233 233 ##### `USER_NAME`=pi
234 234 Non-root user to create. Ignored if `ENABLE_USER`=false
235 235
236 236 ##### `ENABLE_ROOT`=false
237 237 Set root user password so root login will be enabled
238 238
239 239 ##### `ENABLE_HARDNET`=false
240 240 Enable IPv4/IPv6 network stack hardening settings.
241 241
242 242 ##### `ENABLE_SPLITFS`=false
243 243 Enable having root partition on an USB drive by creating two image files: one for the `/boot/firmware` mount point, and another for `/`.
244 244
245 245 ##### `CHROOT_SCRIPTS`=""
246 246 Path to a directory with scripts that should be run in the chroot before the image is finally built. Every executable file in this directory is run in lexicographical order.
247 247
248 248 ##### `ENABLE_INITRAMFS`=false
249 249 Create an initramfs that that will be loaded during the Linux startup process. `ENABLE_INITRAMFS` will automatically get enabled if `ENABLE_CRYPTFS`=true. This parameter will be ignored if `BUILD_KERNEL`=false.
250 250
251 251 ##### `ENABLE_IFNAMES`=true
252 252 Enable automatic assignment of predictable, stable network interface names for all local Ethernet, WLAN interfaces. This might create complex and long interface names. This parameter is only supported if the Debian releases `stretch` or `buster` are used.
253 253
254 254 ##### `DISABLE_UNDERVOLT_WARNINGS`=
255 255 Disable RPi2/3 under-voltage warnings and overlays. Setting the parameter to `1` will disable the warning overlay. Setting it to `2` will additionally allow RPi2/3 turbo mode when low-voltage is present.
256 256
257 257 ---
258 258
259 259 #### SSH settings:
260 260 ##### `SSH_ENABLE_ROOT`=false
261 261 Enable password root login via SSH. This may be a security risk with default password, use only in trusted environments. `ENABLE_ROOT` must be set to `true`.
262 262
263 263 ##### `SSH_DISABLE_PASSWORD_AUTH`=false
264 264 Disable password based SSH authentication. Only public key based SSH (v2) authentication will be supported.
265 265
266 266 ##### `SSH_LIMIT_USERS`=false
267 267 Limit the users that are allowed to login via SSH. Only allow user `USER_NAME`=pi and root if `SSH_ENABLE_ROOT`=true to login. This parameter will be ignored if `dropbear` SSH is used (`REDUCE_SSHD`=true).
268 268
269 269 ##### `SSH_ROOT_PUB_KEY`=""
270 270 Add SSH (v2) public key(s) from specified file to `authorized_keys` file to enable public key based SSH (v2) authentication of user `root`. The specified file can also contain multiple SSH (v2) public keys. SSH protocol version 1 is not supported. `ENABLE_ROOT` **and** `SSH_ENABLE_ROOT` must be set to `true`.
271 271
272 272 ##### `SSH_USER_PUB_KEY`=""
273 273 Add SSH (v2) public key(s) from specified file to `authorized_keys` file to enable public key based SSH (v2) authentication of user `USER_NAME`=pi. The specified file can also contain multiple SSH (v2) public keys. SSH protocol version 1 is not supported.
274 274
275 275 ---
276 276
277 277 #### Kernel compilation:
278 278 ##### `BUILD_KERNEL`=false
279 279 Build and install the latest RPi2/3 Linux kernel. Currently only the default RPi2/3 kernel configuration is used. `BUILD_KERNEL`=true will automatically be set if the Raspberry Pi model `3` is used.
280 280
281 281 ##### `CROSS_COMPILE`="arm-linux-gnueabihf-"
282 282 This sets the cross compile enviornment for the compiler.
283 283
284 284 ##### `KERNEL_ARCH`="arm"
285 285 This sets the kernel architecture for the compiler.
286 286
287 287 ##### `KERNEL_IMAGE`="kernel7.img"
288 288 Name of the image file in the boot partition. If not set, `KERNEL_IMAGE` will be set to "kernel8.img" automatically if building for arm64.
289 289
290 290 ##### `KERNEL_BRANCH`=""
291 291 Name of the requested branch from the GIT location for the RPi Kernel. Default is using the current default branch from the GIT site.
292 292
293 293 ##### `QEMU_BINARY`="/usr/bin/qemu-arm-static"
294 294 Sets the QEMU enviornment for the Debian archive. If not set, `QEMU_BINARY` will be set to "/usr/bin/qemu-aarch64-static" automatically if building for arm64.
295 295
296 296 ##### `KERNEL_DEFCONFIG`="bcm2709_defconfig"
297 297 Sets the default config for kernel compiling. If not set, `KERNEL_DEFCONFIG` will be set to "bcmrpi3\_defconfig" automatically if building for arm64.
298 298
299 299 ##### `KERNEL_REDUCE`=false
300 300 Reduce the size of the generated kernel by removing unwanted device, network and filesystem drivers (experimental).
301 301
302 302 ##### `KERNEL_THREADS`=1
303 303 Number of parallel kernel building threads. If the parameter is left untouched the script will automatically determine the number of CPU cores to set the number of parallel threads to speed the kernel compilation.
304 304
305 305 ##### `KERNEL_HEADERS`=true
306 306 Install kernel headers with built kernel.
307 307
308 308 ##### `KERNEL_MENUCONFIG`=false
309 309 Start `make menuconfig` interactive menu-driven kernel configuration. The script will continue after `make menuconfig` was terminated.
310 310
311 311 ##### `KERNEL_OLDDEFCONFIG`=false
312 312 Run `make olddefconfig` to automatically set all new kernel configuration options to their recommended default values.
313 313
314 314 ##### `KERNEL_CCACHE`=false
315 315 Compile the kernel using ccache. This speeds up kernel recompilation by caching previous compilations and detecting when the same compilation is being done again.
316 316
317 317 ##### `KERNEL_REMOVESRC`=true
318 318 Remove all kernel sources from the generated OS image after it was built and installed.
319 319
320 320 ##### `KERNELSRC_DIR`=""
321 321 Path to a directory (`linux`) of [RaspberryPi Linux kernel sources](https://github.com/raspberrypi/linux) that will be copied, configured, build and installed inside the chroot.
322 322
323 323 ##### `KERNELSRC_CLEAN`=false
324 324 Clean the existing kernel sources directory `KERNELSRC_DIR` (using `make mrproper`) after it was copied to the chroot and before the compilation of the kernel has started. This parameter will be ignored if no `KERNELSRC_DIR` was specified or if `KERNELSRC_PREBUILT`=true.
325 325
326 326 ##### `KERNELSRC_CONFIG`=true
327 327 Run `make bcm2709_defconfig` (and optional `make menuconfig`) to configure the kernel sources before building. This parameter is automatically set to `true` if no existing kernel sources directory was specified using `KERNELSRC_DIR`. This parameter is ignored if `KERNELSRC_PREBUILT`=true.
328 328
329 329 ##### `KERNELSRC_USRCONFIG`=""
330 330 Copy own config file to kernel `.config`. If `KERNEL_MENUCONFIG`=true then running after copy.
331 331
332 332 ##### `KERNELSRC_PREBUILT`=false
333 333 With this parameter set to true the script expects the existing kernel sources directory to be already successfully cross-compiled. The parameters `KERNELSRC_CLEAN`, `KERNELSRC_CONFIG`, `KERNELSRC_USRCONFIG` and `KERNEL_MENUCONFIG` are ignored and no kernel compilation tasks are performed.
334 334
335 335 ##### `RPI_FIRMWARE_DIR`=""
336 336 The directory (`firmware`) containing a local copy of the firmware from the [RaspberryPi firmware project](https://github.com/raspberrypi/firmware). Default is to download the latest firmware directly from the project.
337 337
338 338 ---
339 339
340 340 #### Reduce disk usage:
341 341 The following list of parameters is ignored if `ENABLE_REDUCE`=false.
342 342
343 343 ##### `REDUCE_APT`=true
344 344 Configure APT to use compressed package repository lists and no package caching files.
345 345
346 346 ##### `REDUCE_DOC`=true
347 347 Remove all doc files (harsh). Configure APT to not include doc files on future `apt-get` package installations.
348 348
349 349 ##### `REDUCE_MAN`=true
350 350 Remove all man pages and info files (harsh). Configure APT to not include man pages on future `apt-get` package installations.
351 351
352 352 ##### `REDUCE_VIM`=false
353 353 Replace `vim-tiny` package by `levee` a tiny vim clone.
354 354
355 355 ##### `REDUCE_BASH`=false
356 356 Remove `bash` package and switch to `dash` shell (experimental).
357 357
358 358 ##### `REDUCE_HWDB`=true
359 359 Remove PCI related hwdb files (experimental).
360 360
361 361 ##### `REDUCE_SSHD`=true
362 362 Replace `openssh-server` with `dropbear`.
363 363
364 364 ##### `REDUCE_LOCALE`=true
365 365 Remove all `locale` translation files.
366 366
367 367 ---
368 368
369 369 #### Encrypted root partition:
370 370 ##### `ENABLE_CRYPTFS`=false
371 371 Enable full system encryption with dm-crypt. Setup a fully LUKS encrypted root partition (aes-xts-plain64:sha512) and generate required initramfs. The /boot directory will not be encrypted. This parameter will be ignored if `BUILD_KERNEL`=false. `ENABLE_CRYPTFS` is experimental. SSH-to-initramfs is currently not supported but will be soon - feel free to help.
372 372
373 373 ##### `CRYPTFS_PASSWORD`=""
374 374 Set password of the encrypted root partition. This parameter is mandatory if `ENABLE_CRYPTFS`=true.
375 375
376 376 ##### `CRYPTFS_MAPPING`="secure"
377 377 Set name of dm-crypt managed device-mapper mapping.
378 378
379 379 ##### `CRYPTFS_CIPHER`="aes-xts-plain64:sha512"
380 380 Set cipher specification string. `aes-xts*` ciphers are strongly recommended.
381 381
382 382 ##### `CRYPTFS_XTSKEYSIZE`=512
383 383 Sets key size in bits. The argument has to be a multiple of 8.
384 384
385 385 ---
386 386
387 387 #### Build settings:
388 388 ##### `BASEDIR`=$(pwd)/images/${RELEASE}
389 389 Set a path to a working directory used by the script to generate an image.
390 390
391 391 ##### `IMAGE_NAME`=${BASEDIR}/${DATE}-${KERNEL_ARCH}-${KERNEL_BRANCH}-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}
392 392 Set a filename for the output file(s). Note: the script will create $IMAGE_NAME.img if `ENABLE_SPLITFS`=false or $IMAGE_NAME-frmw.img and $IMAGE_NAME-root.img if `ENABLE_SPLITFS`=true. Note 2: If the KERNEL_BRANCH is not set, the word "CURRENT" is used.
393 393
394 394 ## Understanding the script
395 395 The functions of this script that are required for the different stages of the bootstrapping are split up into single files located inside the `bootstrap.d` directory. During the bootstrapping every script in this directory gets executed in lexicographical order:
396 396
397 397 | Script | Description |
398 398 | --- | --- |
399 399 | `10-bootstrap.sh` | Debootstrap basic system |
400 400 | `11-apt.sh` | Setup APT repositories |
401 401 | `12-locale.sh` | Setup Locales and keyboard settings |
402 402 | `13-kernel.sh` | Build and install RPi2/3 Kernel |
403 403 | `14-fstab.sh` | Setup fstab and initramfs |
404 404 | `15-rpi-config.sh` | Setup RPi2/3 config and cmdline |
405 405 | `20-networking.sh` | Setup Networking |
406 406 | `21-firewall.sh` | Setup Firewall |
407 407 | `30-security.sh` | Setup Users and Security settings |
408 408 | `31-logging.sh` | Setup Logging |
409 409 | `32-sshd.sh` | Setup SSH and public keys |
410 410 | `41-uboot.sh` | Build and Setup U-Boot |
411 411 | `42-fbturbo.sh` | Build and Setup fbturbo Xorg driver |
412 412 | `50-firstboot.sh` | First boot actions |
413 413 | `99-reduce.sh` | Reduce the disk space usage |
414 414
415 415 All the required configuration files that will be copied to the generated OS image are located inside the `files` directory. It is not recommended to modify these configuration files manually.
416 416
417 417 | Directory | Description |
418 418 | --- | --- |
419 419 | `apt` | APT management configuration files |
420 420 | `boot` | Boot and RPi2/3 configuration files |
421 421 | `dpkg` | Package Manager configuration |
422 422 | `etc` | Configuration files and rc scripts |
423 423 | `firstboot` | Scripts that get executed on first boot |
424 424 | `initramfs` | Initramfs scripts |
425 425 | `iptables` | Firewall configuration files |
426 426 | `locales` | Locales configuration |
427 427 | `modules` | Kernel Modules configuration |
428 428 | `mount` | Fstab configuration |
429 429 | `network` | Networking configuration files |
430 430 | `sysctl.d` | Swapping and Network Hardening configuration |
431 431 | `xorg` | fbturbo Xorg driver configuration |
432 432
433 433 ## Custom packages and scripts
434 434 Debian custom packages, i.e. those not in the debian repositories, can be installed by placing them in the `packages` directory. They are installed immediately after packages from the repositories are installed. Any dependencies listed in the custom packages will be downloaded automatically from the repositories. Do not list these custom packages in `APT_INCLUDES`.
435 435
436 436 Scripts in the custom.d directory will be executed after all other installation is complete but before the image is created.
437 437
438 438 ## Logging of the bootstrapping process
439 439 All information related to the bootstrapping process and the commands executed by the `rpi23-gen-image.sh` script can easily be saved into a logfile. The common shell command `script` can be used for this purpose:
440 440
441 441 ```shell
442 442 script -c 'APT_SERVER=ftp.de.debian.org ./rpi23-gen-image.sh' ./build.log
443 443 ```
444 444
445 445 ## Flashing the image file
446 446 After the image file was successfully created by the `rpi23-gen-image.sh` script it can be copied to the microSD card that will be used by the RPi2/3 computer. This can be performed by using the tools `bmaptool` or `dd`. Using `bmaptool` will probably speed-up the copy process because `bmaptool` copies more wisely than `dd`.
447 447
448 448 ##### Flashing examples:
449 449 ```shell
450 450 bmaptool copy ./images/jessie/2017-01-23-rpi3-jessie.img /dev/mmcblk0
451 451 dd bs=4M if=./images/jessie/2017-01-23-rpi3-jessie.img of=/dev/mmcblk0
452 452 ```
453 453 If you have set `ENABLE_SPLITFS`, copy the `-frmw` image on the microSD card, then the `-root` one on the USB drive:
454 454 ```shell
455 455 bmaptool copy ./images/jessie/2017-01-23-rpi3-jessie-frmw.img /dev/mmcblk0
456 456 bmaptool copy ./images/jessie/2017-01-23-rpi3-jessie-root.img /dev/sdc
457 457 ```
458 458
459 459 ## QEMU emulation
460 460 Start QEMU full system emulation:
461 461 ```shell
462 462 qemu-system-arm -m 2048M -M vexpress-a15 -cpu cortex-a15 -kernel kernel7.img -no-reboot -dtb vexpress-v2p-ca15_a7.dtb -sd ${IMAGE_NAME}.qcow2 -append "root=/dev/mmcblk0p2 rw rootfstype=ext4 console=tty1"
463 463 ```
464 464
465 465 Start QEMU full system emulation and output to console:
466 466 ```shell
467 467 qemu-system-arm -m 2048M -M vexpress-a15 -cpu cortex-a15 -kernel kernel7.img -no-reboot -dtb vexpress-v2p-ca15_a7.dtb -sd ${IMAGE_NAME}.qcow2 -append "root=/dev/mmcblk0p2 rw rootfstype=ext4 console=ttyAMA0,115200 init=/bin/systemd" -serial stdio
468 468 ```
469 469
470 470 Start QEMU full system emulation with SMP and output to console:
471 471 ```shell
472 472 qemu-system-arm -m 2048M -M vexpress-a15 -cpu cortex-a15 -smp cpus=2,maxcpus=2 -kernel kernel7.img -no-reboot -dtb vexpress-v2p-ca15_a7.dtb -sd ${IMAGE_NAME}.qcow2 -append "root=/dev/mmcblk0p2 rw rootfstype=ext4 console=ttyAMA0,115200 init=/bin/systemd" -serial stdio
473 473 ```
474 474
475 475 Start QEMU full system emulation with cryptfs, initramfs and output to console:
476 476 ```shell
477 477 qemu-system-arm -m 2048M -M vexpress-a15 -cpu cortex-a15 -kernel kernel7.img -no-reboot -dtb vexpress-v2p-ca15_a7.dtb -sd ${IMAGE_NAME}.qcow2 -initrd "initramfs-${KERNEL_VERSION}" -append "root=/dev/mapper/secure cryptdevice=/dev/mmcblk0p2:secure rw rootfstype=ext4 console=ttyAMA0,115200 init=/bin/systemd" -serial stdio
478 478 ```
479 479
480 480 ## Weekly image builds
481 481 The image files are provided by JRWR'S I/O PORT and are built once a Sunday at midnight UTC!
482 482 * [Debian Stretch Raspberry Pi2/3 Weekly Image Builds](https://jrwr.io/doku.php?id=projects:debianpi)
483 483
484 484 ## External links and references
485 485 * [Debian worldwide mirror sites](https://www.debian.org/mirror/list)
486 486 * [Debian Raspberry Pi 2 Wiki](https://wiki.debian.org/RaspberryPi2)
487 487 * [Debian CrossToolchains Wiki](https://wiki.debian.org/CrossToolchains)
488 488 * [Official Raspberry Pi Firmware on github](https://github.com/raspberrypi/firmware)
489 489 * [Official Raspberry Pi Kernel on github](https://github.com/raspberrypi/linux)
490 490 * [U-BOOT git repository](https://git.denx.de/?p=u-boot.git;a=summary)
491 491 * [Xorg DDX driver fbturbo](https://github.com/ssvb/xf86-video-fbturbo)
492 492 * [RPi3 Wireless interface firmware](https://github.com/RPi-Distro/firmware-nonfree/tree/master/brcm80211/brcm)
493 493 * [Collabora RPi2 Kernel precompiled](https://repositories.collabora.co.uk/debian/)
@@ -1,58 +1,58
1 1 #
2 2 # Setup Locales and keyboard settings
3 3 #
4 4
5 5 # Load utility functions
6 6 . ./functions.sh
7 7
8 8 # Install and setup timezone
9 9 echo ${TIMEZONE} > "${ETC_DIR}/timezone"
10 10 chroot_exec dpkg-reconfigure -f noninteractive tzdata
11 11
12 12 # Install and setup default locale and keyboard configuration
13 13 if [ $(echo "$APT_INCLUDES" | grep ",locales") ] ; then
14 14 # Set locale choice in debconf db, even though dpkg-reconfigure ignores and overwrites them due to some bug
15 15 # https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=684134 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=685957
16 16 # ... so we have to set locales manually
17 17 if [ "$DEFLOCAL" = "en_US.UTF-8" ] ; then
18 18 chroot_exec echo "locales locales/locales_to_be_generated multiselect ${DEFLOCAL} UTF-8" | debconf-set-selections
19 19 else
20 20 # en_US.UTF-8 should be available anyway : https://www.debian.org/doc/manuals/debian-reference/ch08.en.html#_the_reconfiguration_of_the_locale
21 21 chroot_exec echo "locales locales/locales_to_be_generated multiselect en_US.UTF-8 UTF-8, ${DEFLOCAL} UTF-8" | debconf-set-selections
22 22 sed -i "/en_US.UTF-8/s/^#//" "${ETC_DIR}/locale.gen"
23 23 fi
24 24
25 25 sed -i "/${DEFLOCAL}/s/^#//" "${ETC_DIR}/locale.gen"
26 26 chroot_exec echo "locales locales/default_environment_locale select ${DEFLOCAL}" | debconf-set-selections
27 27 chroot_exec locale-gen
28 28 chroot_exec update-locale LANG="${DEFLOCAL}"
29 29
30 30 # Install and setup default keyboard configuration
31 if [ "$XKB_MODEL" != "" ] ; then
31 if [ "$XKB_MODEL" != "pc105" ] ; then
32 32 sed -i "s/^XKBMODEL.*/XKBMODEL=\"${XKB_MODEL}\"/" "${ETC_DIR}/default/keyboard"
33 33 fi
34 if [ "$XKB_LAYOUT" != "" ] ; then
34 if [ "$XKB_LAYOUT" != "us" ] ; then
35 35 sed -i "s/^XKBLAYOUT.*/XKBLAYOUT=\"${XKB_LAYOUT}\"/" "${ETC_DIR}/default/keyboard"
36 36 fi
37 37 if [ "$XKB_VARIANT" != "" ] ; then
38 38 sed -i "s/^XKBVARIANT.*/XKBVARIANT=\"${XKB_VARIANT}\"/" "${ETC_DIR}/default/keyboard"
39 39 fi
40 40 if [ "$XKB_OPTIONS" != "" ] ; then
41 41 sed -i "s/^XKBOPTIONS.*/XKBOPTIONS=\"${XKB_OPTIONS}\"/" "${ETC_DIR}/default/keyboard"
42 42 fi
43 43 chroot_exec dpkg-reconfigure -f noninteractive keyboard-configuration
44 44
45 45 # Install and setup font console
46 46 case "${DEFLOCAL}" in
47 47 *UTF-8)
48 48 sed -i 's/^CHARMAP.*/CHARMAP="UTF-8"/' "${ETC_DIR}/default/console-setup"
49 49 ;;
50 50 *)
51 51 sed -i 's/^CHARMAP.*/CHARMAP="guess"/' "${ETC_DIR}/default/console-setup"
52 52 ;;
53 53 esac
54 54 chroot_exec dpkg-reconfigure -f noninteractive console-setup
55 55 else # (no locales were installed)
56 56 # Install POSIX default locale
57 57 install_readonly files/locales/locale "${ETC_DIR}/default/locale"
58 58 fi
1 NO CONTENT: modified file
@@ -1,134 +1,134
1 1 #
2 2 # Setup Networking
3 3 #
4 4
5 5 # Load utility functions
6 6 . ./functions.sh
7 7
8 8 # Install and setup hostname
9 9 install_readonly files/network/hostname "${ETC_DIR}/hostname"
10 10 sed -i "s/^rpi2-jessie/${HOSTNAME}/" "${ETC_DIR}/hostname"
11 11
12 12 # Install and setup hosts
13 13 install_readonly files/network/hosts "${ETC_DIR}/hosts"
14 14 sed -i "s/rpi2-jessie/${HOSTNAME}/" "${ETC_DIR}/hosts"
15 15
16 16 # Setup hostname entry with static IP
17 17 if [ "$NET_ADDRESS" != "" ] ; then
18 18 NET_IP=$(echo "${NET_ADDRESS}" | cut -f 1 -d'/')
19 19 sed -i "s/^127.0.1.1/${NET_IP}/" "${ETC_DIR}/hosts"
20 20 fi
21 21
22 22 # Remove IPv6 hosts
23 23 if [ "$ENABLE_IPV6" = false ] ; then
24 24 sed -i -e "/::[1-9]/d" -e "/^$/d" "${ETC_DIR}/hosts"
25 25 fi
26 26
27 27 # Install hint about network configuration
28 28 install_readonly files/network/interfaces "${ETC_DIR}/network/interfaces"
29 29
30 30 # Install configuration for interface eth0
31 31 install_readonly files/network/eth.network "${ETC_DIR}/systemd/network/eth.network"
32 32
33 33 # Install configuration for interface wl*
34 34 install_readonly files/network/wlan.network "${ETC_DIR}/systemd/network/wlan.network"
35 35
36 36 #always with dhcp since wpa_supplicant integration is missing
37 37 sed -i -e "s/DHCP=.*/DHCP=yes/" -e "/DHCP/q" "${ETC_DIR}/systemd/network/wlan.network"
38 38
39 39 if [ "$ENABLE_DHCP" = true ] ; then
40 40 # Enable DHCP configuration for interface eth0
41 41 sed -i -e "s/DHCP=.*/DHCP=yes/" -e "/DHCP/q" "${ETC_DIR}/systemd/network/eth.network"
42 42
43 43 # Set DHCP configuration to IPv4 only
44 44 if [ "$ENABLE_IPV6" = false ] ; then
45 45 sed -i "s/DHCP=.*/DHCP=v4/" "${ETC_DIR}/systemd/network/eth.network"
46 46 fi
47 47
48 48 else # ENABLE_DHCP=false
49 49 # Set static network configuration for interface eth0
50 50 sed -i\
51 51 -e "s|DHCP=.*|DHCP=no|"\
52 52 -e "s|Address=\$|Address=${NET_ADDRESS}|"\
53 53 -e "s|Gateway=\$|Gateway=${NET_GATEWAY}|"\
54 54 -e "0,/DNS=\$/ s|DNS=\$|DNS=${NET_DNS_1}|"\
55 55 -e "0,/DNS=\$/ s|DNS=\$|DNS=${NET_DNS_2}|"\
56 56 -e "s|Domains=\$|Domains=${NET_DNS_DOMAINS}|"\
57 57 -e "0,/NTP=\$/ s|NTP=\$|NTP=${NET_NTP_1}|"\
58 58 -e "0,/NTP=\$/ s|NTP=\$|NTP=${NET_NTP_2}|"\
59 59 "${ETC_DIR}/systemd/network/eth.network"
60 60 fi
61 61
62 62 # Remove empty settings from network configuration
63 63 sed -i "/.*=\$/d" "${ETC_DIR}/systemd/network/eth.network"
64 64 # Remove empty settings from wlan configuration
65 65 sed -i "/.*=\$/d" "${ETC_DIR}/systemd/network/wlan.network"
66 66
67 67 # Move systemd network configuration if required by Debian release
68 68 if [ "$RELEASE" = "stretch" ] || [ "$RELEASE" = "buster" ] ; then
69 69 mv -v "${ETC_DIR}/systemd/network/eth.network" "${LIB_DIR}/systemd/network/10-eth.network"
70 70 if [ "$ENABLE_WIRELESS" = true ] ; then
71 71 mv -v "${ETC_DIR}/systemd/network/wlan.network" "${LIB_DIR}/systemd/network/11-wlan.network"
72 72 fi
73 73 rm -fr "${ETC_DIR}/systemd/network"
74 74 fi
75 75
76 76 # Enable systemd-networkd service
77 77 chroot_exec systemctl enable systemd-networkd
78 78
79 79 # Install host.conf resolver configuration
80 80 install_readonly files/network/host.conf "${ETC_DIR}/host.conf"
81 81
82 82 # Enable network stack hardening
83 83 if [ "$ENABLE_HARDNET" = true ] ; then
84 84 # Install sysctl.d configuration files
85 85 install_readonly files/sysctl.d/82-rpi-net-hardening.conf "${ETC_DIR}/sysctl.d/82-rpi-net-hardening.conf"
86 86
87 87 # Setup resolver warnings about spoofed addresses
88 88 sed -i "s/^# spoof warn/spoof warn/" "${ETC_DIR}/host.conf"
89 89 fi
90 90
91 91 # Enable time sync
92 92 if [ "NET_NTP_1" != "" ] ; then
93 93 chroot_exec systemctl enable systemd-timesyncd.service
94 94 fi
95 95
96 96 # Download the firmware binary blob required to use the RPi3 wireless interface
97 97 if [ "$ENABLE_WIRELESS" = true ] ; then
98 98 if [ ! -d ${WLAN_FIRMWARE_DIR} ] ; then
99 99 mkdir -p ${WLAN_FIRMWARE_DIR}
100 100 fi
101 101
102 102 # Create temporary directory for firmware binary blob
103 103 temp_dir=$(as_nobody mktemp -d)
104 104
105 105 # Fetch firmware binary blob for RPI3B+
106 106 if [ "$RPI_MODEL" = 3P ] ; then
107 107 as_nobody wget -q -O "${temp_dir}/brcmfmac43455-sdio.bin" "${WLAN_FIRMWARE_URL}/brcmfmac43455-sdio.bin"
108 108 as_nobody wget -q -O "${temp_dir}/brcmfmac43455-sdio.txt" "${WLAN_FIRMWARE_URL}/brcmfmac43455-sdio.txt"
109 109 as_nobody wget -q -O "${temp_dir}/brcmfmac43455-sdio.clm_blob" "${WLAN_FIRMWARE_URL}/brcmfmac43455-sdio.clm_blob"
110 else
110 elif [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 0 ] ; then
111 111 # Fetch firmware binary blob for RPI3
112 112 as_nobody wget -q -O "${temp_dir}/brcmfmac43430-sdio.bin" "${WLAN_FIRMWARE_URL}/brcmfmac43430-sdio.bin"
113 113 as_nobody wget -q -O "${temp_dir}/brcmfmac43430-sdio.txt" "${WLAN_FIRMWARE_URL}/brcmfmac43430-sdio.txt"
114 114 fi
115 115
116 116 # Move downloaded firmware binary blob
117 117 if [ "$RPI_MODEL" = 3P ] ; then
118 118 mv "${temp_dir}/brcmfmac43455-sdio."* "${WLAN_FIRMWARE_DIR}/"
119 else
119 elif [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 0 ] ; then
120 120 mv "${temp_dir}/brcmfmac43430-sdio."* "${WLAN_FIRMWARE_DIR}/"
121 121 fi
122 122
123 123 # Remove temporary directory for firmware binary blob
124 124 rm -fr "${temp_dir}"
125 125
126 126 # Set permissions of the firmware binary blob
127 127 if [ "$RPI_MODEL" = 3P ] ; then
128 128 chown root:root "${WLAN_FIRMWARE_DIR}/brcmfmac43455-sdio."*
129 129 chmod 600 "${WLAN_FIRMWARE_DIR}/brcmfmac43455-sdio."*
130 else
130 elif [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 0 ] ; then
131 131 chown root:root "${WLAN_FIRMWARE_DIR}/brcmfmac43430-sdio."*
132 132 chmod 600 "${WLAN_FIRMWARE_DIR}/brcmfmac43430-sdio."*
133 133 fi
134 134 fi
@@ -1,49 +1,49
1 1 #
2 2 # Setup Firewall
3 3 #
4 4
5 5 # Load utility functions
6 6 . ./functions.sh
7 7
8 8 if [ "$ENABLE_IPTABLES" = true ] ; then
9 9 # Create iptables configuration directory
10 10 mkdir -p "${ETC_DIR}/iptables"
11 11
12 12 # make sure iptables-legacy,iptables-legacy-restore and iptables-legacy-save are the used alternatives
13 chroot_exec update-alternatives --verbose --set iptables /usr/bin/iptables-legacy
14 chroot_exec update-alternatives --verbose --set iptables-save /usr/bin/iptables-legacy-save
15 chroot_exec update-alternatives --verbose --set iptables-restore /usr/bin/iptables-legacy-restore
13 chroot_exec update-alternatives --verbose --set iptables /usr/sbin/iptables-legacy
14 chroot_exec update-alternatives --verbose --set iptables-save /usr/sbin/iptables-legacy-save
15 chroot_exec update-alternatives --verbose --set iptables-restore /usr/sbin/iptables-legacy-restore
16 16
17 17 # Install iptables systemd service
18 18 install_readonly files/iptables/iptables.service "${ETC_DIR}/systemd/system/iptables.service"
19 19
20 20 # Install flush-table script called by iptables service
21 21 install_exec files/iptables/flush-iptables.sh "${ETC_DIR}/iptables/flush-iptables.sh"
22 22
23 23 # Install iptables rule file
24 24 install_readonly files/iptables/iptables.rules "${ETC_DIR}/iptables/iptables.rules"
25 25
26 26 # Reload systemd configuration and enable iptables service
27 27 chroot_exec systemctl daemon-reload
28 28 chroot_exec systemctl enable iptables.service
29 29
30 30 if [ "$ENABLE_IPV6" = true ] ; then
31 31 # Install ip6tables systemd service
32 32 install_readonly files/iptables/ip6tables.service "${ETC_DIR}/systemd/system/ip6tables.service"
33 33
34 34 # Install ip6tables file
35 35 install_exec files/iptables/flush-ip6tables.sh "${ETC_DIR}/iptables/flush-ip6tables.sh"
36 36
37 37 install_readonly files/iptables/ip6tables.rules "${ETC_DIR}/iptables/ip6tables.rules"
38 38
39 39 # Reload systemd configuration and enable iptables service
40 40 chroot_exec systemctl daemon-reload
41 41 chroot_exec systemctl enable ip6tables.service
42 42 fi
43 43
44 44 if [ "$ENABLE_SSHD" = false ] ; then
45 45 # Remove SSHD related iptables rules
46 46 sed -i "/^#/! {/SSH/ s/^/# /}" "${ETC_DIR}/iptables/iptables.rules" 2> /dev/null
47 47 sed -i "/^#/! {/SSH/ s/^/# /}" "${ETC_DIR}/iptables/ip6tables.rules" 2> /dev/null
48 48 fi
49 49 fi
@@ -1,783 +1,783
1 1 #!/bin/sh
2 2
3 3 ########################################################################
4 4 # rpi23-gen-image.sh 2015-2017
5 5 #
6 6 # Advanced Debian "jessie", "stretch" and "buster" bootstrap script for RPi2/3
7 7 #
8 8 # This program is free software; you can redistribute it and/or
9 9 # modify it under the terms of the GNU General Public License
10 10 # as published by the Free Software Foundation; either version 2
11 11 # of the License, or (at your option) any later version.
12 12 #
13 13 # Copyright (C) 2015 Jan Wagner <mail@jwagner.eu>
14 14 #
15 15 # Big thanks for patches and enhancements by 20+ github contributors!
16 16 ########################################################################
17 17
18 18 # Are we running as root?
19 19 if [ "$(id -u)" -ne "0" ] ; then
20 20 echo "error: this script must be executed with root privileges!"
21 21 exit 1
22 22 fi
23 23
24 24 # Check if ./functions.sh script exists
25 25 if [ ! -r "./functions.sh" ] ; then
26 26 echo "error: './functions.sh' required script not found!"
27 27 exit 1
28 28 fi
29 29
30 30 # Load utility functions
31 31 . ./functions.sh
32 32
33 33 # Load parameters from configuration template file
34 34 if [ ! -z "$CONFIG_TEMPLATE" ] ; then
35 35 use_template
36 36 fi
37 37
38 38 # Introduce settings
39 39 set -e
40 40 echo -n -e "\n#\n# RPi2/3 Bootstrap Settings\n#\n"
41 41 set -x
42 42
43 43 # Raspberry Pi model configuration
44 44 RPI_MODEL=${RPI_MODEL:=2}
45 45
46 46 #bcm2708-rpi-0-w.dtb (Used for Pi 0 and PI 0W)
47 47 RPI0_DTB_FILE=${RPI0_DTB_FILE:=bcm2708-rpi-0-w.dtb}
48 48 RPI0_UBOOT_CONFIG=${RPI0_UBOOT_CONFIG:=rpi_defconfig}
49 49
50 50 #bcm2708-rpi-b.dtb (Used for Pi 1 model A and B)
51 51 RPI1_DTB_FILE=${RPI1_DTB_FILE:=bcm2708-rpi-b.dtb}
52 52 RPI1_UBOOT_CONFIG=${RPI1_UBOOT_CONFIG:=rpi_defconfig}
53 53
54 54 #bcm2708-rpi-b-plus.dtb (Used for Pi 1 model B+ and A+)
55 55 RPI1P_DTB_FILE=${RPI1P_DTB_FILE:=bcm2708-rpi-b-plus.dtb}
56 56 RPI1P_UBOOT_CONFIG=${RPI1P_UBOOT_CONFIG:=rpi_defconfig}
57 57
58 58 #bcm2709-rpi-2-b.dtb (Used for Pi 2 model B)
59 59 RPI2_DTB_FILE=${RPI2_DTB_FILE:=bcm2709-rpi-2-b.dtb}
60 60 RPI2_UBOOT_CONFIG=${RPI2_UBOOT_CONFIG:=rpi_2_defconfig}
61 61
62 62 #bcm2710-rpi-3-b.dtb (Used for Pi 3 model B)
63 63 RPI3_DTB_FILE=${RPI3_DTB_FILE:=bcm2710-rpi-3-b.dtb}
64 64 RPI3_UBOOT_CONFIG=${RPI3_UBOOT_CONFIG:=rpi_3_32b_defconfig}
65 65
66 66 #bcm2710-rpi-3-b-plus.dtb (Used for Pi 3 model B+)
67 67 RPI3P_DTB_FILE=${RPI3P_DTB_FILE:=bcm2710-rpi-3-b-plus.dtb}
68 68 RPI3P_UBOOT_CONFIG=${RPI3P_UBOOT_CONFIG:=rpi_3_32b_defconfig}
69 69
70 70 # Debian release
71 71 RELEASE=${RELEASE:=jessie}
72 72 KERNEL_ARCH=${KERNEL_ARCH:=arm}
73 73 RELEASE_ARCH=${RELEASE_ARCH:=armhf}
74 74 CROSS_COMPILE=${CROSS_COMPILE:=arm-linux-gnueabihf-}
75 75 COLLABORA_KERNEL=${COLLABORA_KERNEL:=3.18.0-trunk-rpi2}
76 76 if [ "$KERNEL_ARCH" = "arm64" ] ; then
77 77 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcmrpi3_defconfig}
78 78 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel8.img}
79 79 fi
80 80
81 81 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 1 ] || [ "$RPI_MODEL" = 1P ] ; then
82 82 #RASPBERRY PI 1, PI ZERO, PI ZERO W, AND COMPUTE MODULE DEFAULT Kernel BUILD CONFIGURATION
83 83 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcmrpi_defconfig}
84 84 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel7.img}
85 85 else
86 86 #RASPBERRY PI 2, PI 3, PI 3+, AND COMPUTE MODULE 3 DEFAULT Kernel BUILD CONFIGURATION
87 87 #https://www.raspberrypi.org/documentation/linux/kernel/building.md
88 88 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcm2709_defconfig}
89 89 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel7.img}
90 90 fi
91 91
92 92 if [ "$RELEASE_ARCH" = "arm64" ] ; then
93 93 QEMU_BINARY=${QEMU_BINARY:=/usr/bin/qemu-aarch64-static}
94 94 else
95 95 QEMU_BINARY=${QEMU_BINARY:=/usr/bin/qemu-arm-static}
96 96 fi
97 97 KERNEL_BRANCH=${KERNEL_BRANCH:=""}
98 98
99 99 # URLs
100 100 KERNEL_URL=${KERNEL_URL:=https://github.com/raspberrypi/linux}
101 101 FIRMWARE_URL=${FIRMWARE_URL:=https://github.com/raspberrypi/firmware/raw/master/boot}
102 102 WLAN_FIRMWARE_URL=${WLAN_FIRMWARE_URL:=https://github.com/RPi-Distro/firmware-nonfree/raw/master/brcm}
103 103 COLLABORA_URL=${COLLABORA_URL:=https://repositories.collabora.co.uk/debian}
104 104 FBTURBO_URL=${FBTURBO_URL:=https://github.com/ssvb/xf86-video-fbturbo.git}
105 105 UBOOT_URL=${UBOOT_URL:=https://git.denx.de/u-boot.git}
106 106
107 107 # Build directories
108 108 BASEDIR=${BASEDIR:=$(pwd)/images/${RELEASE}}
109 109 BUILDDIR="${BASEDIR}/build"
110 110
111 111 # Prepare date string for default image file name
112 112 DATE="$(date +%Y-%m-%d)"
113 113 if [ -z "$KERNEL_BRANCH" ] ; then
114 114 IMAGE_NAME=${IMAGE_NAME:=${BASEDIR}/${DATE}-${KERNEL_ARCH}-CURRENT-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}}
115 115 else
116 116 IMAGE_NAME=${IMAGE_NAME:=${BASEDIR}/${DATE}-${KERNEL_ARCH}-${KERNEL_BRANCH}-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}}
117 117 fi
118 118
119 119 # Chroot directories
120 120 R="${BUILDDIR}/chroot"
121 121 ETC_DIR="${R}/etc"
122 122 LIB_DIR="${R}/lib"
123 123 BOOT_DIR="${R}/boot/firmware"
124 124 KERNEL_DIR="${R}/usr/src/linux"
125 125 WLAN_FIRMWARE_DIR="${R}/lib/firmware/brcm"
126 126
127 127 # Firmware directory: Blank if download from github
128 128 RPI_FIRMWARE_DIR=${RPI_FIRMWARE_DIR:=""}
129 129
130 130 # General settings
131 131 HOSTNAME=${HOSTNAME:=rpi${RPI_MODEL}-${RELEASE}}
132 132 PASSWORD=${PASSWORD:=raspberry}
133 133 USER_PASSWORD=${USER_PASSWORD:=raspberry}
134 134 DEFLOCAL=${DEFLOCAL:="en_US.UTF-8"}
135 135 TIMEZONE=${TIMEZONE:="Europe/Berlin"}
136 136 EXPANDROOT=${EXPANDROOT:=true}
137 137
138 138 # Keyboard settings
139 139 XKB_MODEL=${XKB_MODEL:=""}
140 140 XKB_LAYOUT=${XKB_LAYOUT:=""}
141 141 XKB_VARIANT=${XKB_VARIANT:=""}
142 142 XKB_OPTIONS=${XKB_OPTIONS:=""}
143 143
144 144 # Network settings (DHCP)
145 145 ENABLE_DHCP=${ENABLE_DHCP:=true}
146 146
147 147 # Network settings (static)
148 148 NET_ADDRESS=${NET_ADDRESS:=""}
149 149 NET_GATEWAY=${NET_GATEWAY:=""}
150 150 NET_DNS_1=${NET_DNS_1:=""}
151 151 NET_DNS_2=${NET_DNS_2:=""}
152 152 NET_DNS_DOMAINS=${NET_DNS_DOMAINS:=""}
153 153 NET_NTP_1=${NET_NTP_1:=""}
154 154 NET_NTP_2=${NET_NTP_2:=""}
155 155
156 156 # APT settings
157 157 APT_PROXY=${APT_PROXY:=""}
158 158 APT_SERVER=${APT_SERVER:="ftp.debian.org"}
159 159
160 160 # Feature settings
161 161 ENABLE_CONSOLE=${ENABLE_CONSOLE:=true}
162 162 ENABLE_I2C=${ENABLE_I2C:=false}
163 163 ENABLE_SPI=${ENABLE_SPI:=false}
164 164 ENABLE_IPV6=${ENABLE_IPV6:=true}
165 165 ENABLE_SSHD=${ENABLE_SSHD:=true}
166 166 ENABLE_NONFREE=${ENABLE_NONFREE:=false}
167 167 ENABLE_WIRELESS=${ENABLE_WIRELESS:=false}
168 168 ENABLE_SOUND=${ENABLE_SOUND:=true}
169 169 ENABLE_DBUS=${ENABLE_DBUS:=true}
170 170 ENABLE_HWRANDOM=${ENABLE_HWRANDOM:=true}
171 171 ENABLE_MINGPU=${ENABLE_MINGPU:=false}
172 172 ENABLE_XORG=${ENABLE_XORG:=false}
173 173 ENABLE_WM=${ENABLE_WM:=""}
174 174 ENABLE_RSYSLOG=${ENABLE_RSYSLOG:=true}
175 175 ENABLE_USER=${ENABLE_USER:=true}
176 176 USER_NAME=${USER_NAME:="pi"}
177 177 ENABLE_ROOT=${ENABLE_ROOT:=false}
178 178 ENABLE_QEMU=${ENABLE_QEMU:=false}
179 179 ENABLE_SYSVINIT=${ENABLE_SYSVINIT:=false}
180 180
181 181 # SSH settings
182 182 SSH_ENABLE_ROOT=${SSH_ENABLE_ROOT:=false}
183 183 SSH_DISABLE_PASSWORD_AUTH=${SSH_DISABLE_PASSWORD_AUTH:=false}
184 184 SSH_LIMIT_USERS=${SSH_LIMIT_USERS:=false}
185 185 SSH_ROOT_PUB_KEY=${SSH_ROOT_PUB_KEY:=""}
186 186 SSH_USER_PUB_KEY=${SSH_USER_PUB_KEY:=""}
187 187
188 188 # Advanced settings
189 189 ENABLE_MINBASE=${ENABLE_MINBASE:=false}
190 190 ENABLE_REDUCE=${ENABLE_REDUCE:=false}
191 191 ENABLE_UBOOT=${ENABLE_UBOOT:=false}
192 192 UBOOTSRC_DIR=${UBOOTSRC_DIR:=""}
193 193 ENABLE_FBTURBO=${ENABLE_FBTURBO:=false}
194 194 FBTURBOSRC_DIR=${FBTURBOSRC_DIR:=""}
195 195 ENABLE_HARDNET=${ENABLE_HARDNET:=false}
196 196 ENABLE_IPTABLES=${ENABLE_IPTABLES:=false}
197 197 ENABLE_SPLITFS=${ENABLE_SPLITFS:=false}
198 198 ENABLE_INITRAMFS=${ENABLE_INITRAMFS:=false}
199 199 ENABLE_IFNAMES=${ENABLE_IFNAMES:=true}
200 200 DISABLE_UNDERVOLT_WARNINGS=${DISABLE_UNDERVOLT_WARNINGS:=}
201 201
202 202 # Kernel compilation settings
203 203 BUILD_KERNEL=${BUILD_KERNEL:=false}
204 204 KERNEL_REDUCE=${KERNEL_REDUCE:=false}
205 205 KERNEL_THREADS=${KERNEL_THREADS:=1}
206 206 KERNEL_HEADERS=${KERNEL_HEADERS:=true}
207 207 KERNEL_MENUCONFIG=${KERNEL_MENUCONFIG:=false}
208 208 KERNEL_REMOVESRC=${KERNEL_REMOVESRC:=true}
209 209 KERNEL_OLDDEFCONFIG=${KERNEL_OLDDEFCONFIG:=false}
210 210 KERNEL_CCACHE=${KERNEL_CCACHE:=false}
211 211
212 212 if [ "$KERNEL_ARCH" = "arm64" ] ; then
213 213 KERNEL_BIN_IMAGE=${KERNEL_BIN_IMAGE:="Image"}
214 214 else
215 215 KERNEL_BIN_IMAGE=${KERNEL_BIN_IMAGE:="zImage"}
216 216 fi
217 217
218 218 # Kernel compilation from source directory settings
219 219 KERNELSRC_DIR=${KERNELSRC_DIR:=""}
220 220 KERNELSRC_CLEAN=${KERNELSRC_CLEAN:=false}
221 221 KERNELSRC_CONFIG=${KERNELSRC_CONFIG:=true}
222 222 KERNELSRC_PREBUILT=${KERNELSRC_PREBUILT:=false}
223 223
224 224 # Reduce disk usage settings
225 225 REDUCE_APT=${REDUCE_APT:=true}
226 226 REDUCE_DOC=${REDUCE_DOC:=true}
227 227 REDUCE_MAN=${REDUCE_MAN:=true}
228 228 REDUCE_VIM=${REDUCE_VIM:=false}
229 229 REDUCE_BASH=${REDUCE_BASH:=false}
230 230 REDUCE_HWDB=${REDUCE_HWDB:=true}
231 231 REDUCE_SSHD=${REDUCE_SSHD:=true}
232 232 REDUCE_LOCALE=${REDUCE_LOCALE:=true}
233 233
234 234 # Encrypted filesystem settings
235 235 ENABLE_CRYPTFS=${ENABLE_CRYPTFS:=false}
236 236 CRYPTFS_PASSWORD=${CRYPTFS_PASSWORD:=""}
237 237 CRYPTFS_MAPPING=${CRYPTFS_MAPPING:="secure"}
238 238 CRYPTFS_CIPHER=${CRYPTFS_CIPHER:="aes-xts-plain64:sha512"}
239 239 CRYPTFS_XTSKEYSIZE=${CRYPTFS_XTSKEYSIZE:=512}
240 240
241 241 # Chroot scripts directory
242 242 CHROOT_SCRIPTS=${CHROOT_SCRIPTS:=""}
243 243
244 244 # Packages required in the chroot build environment
245 245 APT_INCLUDES=${APT_INCLUDES:=""}
246 246 APT_INCLUDES="${APT_INCLUDES},apt-transport-https,apt-utils,ca-certificates,debian-archive-keyring,dialog,sudo,systemd,sysvinit-utils"
247 247
248 248 #Packages to exclude from chroot build environment
249 249 APT_EXCLUDES=${APT_EXCLUDES:=""}
250 250
251 251 # Packages required for bootstrapping
252 252 REQUIRED_PACKAGES="debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git bc psmisc dbus sudo"
253 253 MISSING_PACKAGES=""
254 254
255 255 # Packages installed for c/c++ build environment in chroot (keep empty)
256 256 COMPILER_PACKAGES=""
257 257
258 258 set +x
259 259
260 260 #If init and systemd-sysv are wanted e.g. halt/reboot/shutdown scripts
261 261 if [ "$ENABLE_SYSVINIT" = false ] ; then
262 262 APT_EXCLUDES="--exclude=${APT_EXCLUDES},init,systemd-sysv"
263 263 fi
264 264
265 265 # Set Raspberry Pi model specific configuration
266 266 if [ "$RPI_MODEL" = 0 ] ; then
267 267 DTB_FILE=${RPI0_DTB_FILE}
268 268 UBOOT_CONFIG=${RPI0_UBOOT_CONFIG}
269 269 elif [ "$RPI_MODEL" = 1 ] ; then
270 270 DTB_FILE=${RPI1_DTB_FILE}
271 271 UBOOT_CONFIG=${RPI1_UBOOT_CONFIG}
272 272 elif [ "$RPI_MODEL" = 1P ] ; then
273 273 DTB_FILE=${RPI1P_DTB_FILE}
274 274 UBOOT_CONFIG=${RPI1P_UBOOT_CONFIG}
275 275 elif [ "$RPI_MODEL" = 2 ] ; then
276 276 DTB_FILE=${RPI2_DTB_FILE}
277 277 UBOOT_CONFIG=${RPI2_UBOOT_CONFIG}
278 278 elif [ "$RPI_MODEL" = 3 ] ; then
279 279 DTB_FILE=${RPI3_DTB_FILE}
280 280 UBOOT_CONFIG=${RPI3_UBOOT_CONFIG}
281 281 elif [ "$RPI_MODEL" = 3P ] ; then
282 282 DTB_FILE=${RPI3P_DTB_FILE}
283 283 UBOOT_CONFIG=${RPI3P_UBOOT_CONFIG}
284 284 else
285 285 echo "error: Raspberry Pi model ${RPI_MODEL} is not supported!"
286 286 exit 1
287 287 fi
288 288
289 289 # Check if the internal wireless interface is supported by the RPi model
290 290 if [ "$ENABLE_WIRELESS" = true ] && ([ "$RPI_MODEL" = 1 ] || [ "$RPI_MODEL" = 1P ] || [ "$RPI_MODEL" = 2 ]); then
291 291
292 292 echo "error: The selected Raspberry Pi model has no internal wireless interface"
293 293 exit 1
294 294 fi
295 295
296 296 # Check if DISABLE_UNDERVOLT_WARNINGS parameter value is supported
297 297 if [ ! -z "$DISABLE_UNDERVOLT_WARNINGS" ] ; then
298 298 if [ "$DISABLE_UNDERVOLT_WARNINGS" != 1 ] && [ "$DISABLE_UNDERVOLT_WARNINGS" != 2 ] ; then
299 299 echo "error: DISABLE_UNDERVOLT_WARNINGS=${DISABLE_UNDERVOLT_WARNINGS} is not supported"
300 300 exit 1
301 301 fi
302 302 fi
303 303
304 304 # Build RPi2/3 Linux kernel if required by Debian release
305 305 if [ "$RELEASE" = "stretch" ] || [ "$RELEASE" = "buster" ] ; then
306 306 BUILD_KERNEL=true
307 307 fi
308 308
309 309 # Add packages required for kernel cross compilation
310 310 if [ "$BUILD_KERNEL" = true ] ; then
311 311 if [ "$KERNEL_ARCH" = "arm" ] ; then
312 312 if [ "$RELEASE_ARCH" = "armel" ]; then
313 313 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-armel"
314 314 fi
315 315 if [ "$RELEASE_ARCH" = "armhf" ]; then
316 316 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-armhf"
317 317 fi
318 fi
318 319 if [ "$RELEASE_ARCH" = "arm64" ]; then
319 320 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-arm64"
320 321 fi
321 322 fi
322 fi
323 323
324 324 # Add libncurses5 to enable kernel menuconfig
325 325 if [ "$KERNEL_MENUCONFIG" = true ] ; then
326 326 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} libncurses5-dev"
327 327 fi
328 328
329 329 # Add ccache compiler cache for (faster) kernel cross (re)compilation
330 330 if [ "$KERNEL_CCACHE" = true ] ; then
331 331 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} ccache"
332 332 fi
333 333
334 334 # Add cryptsetup package to enable filesystem encryption
335 335 if [ "$ENABLE_CRYPTFS" = true ] && [ "$BUILD_KERNEL" = true ] ; then
336 336 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} cryptsetup"
337 337 APT_INCLUDES="${APT_INCLUDES},cryptsetup,busybox,console-setup"
338 338
339 339 if [ -z "$CRYPTFS_PASSWORD" ] ; then
340 340 echo "error: no password defined (CRYPTFS_PASSWORD)!"
341 341 exit 1
342 342 fi
343 343 ENABLE_INITRAMFS=true
344 344 fi
345 345
346 346 # Add initramfs generation tools
347 347 if [ "$ENABLE_INITRAMFS" = true ] && [ "$BUILD_KERNEL" = true ] ; then
348 348 APT_INCLUDES="${APT_INCLUDES},initramfs-tools"
349 349 fi
350 350
351 351 # Add device-tree-compiler required for building the U-Boot bootloader
352 352 if [ "$ENABLE_UBOOT" = true ] ; then
353 353 APT_INCLUDES="${APT_INCLUDES},device-tree-compiler,bison,flex"
354 354 fi
355 355
356 356 # Check if root SSH (v2) public key file exists
357 357 if [ ! -z "$SSH_ROOT_PUB_KEY" ] ; then
358 358 if [ ! -f "$SSH_ROOT_PUB_KEY" ] ; then
359 359 echo "error: '$SSH_ROOT_PUB_KEY' specified SSH public key file not found (SSH_ROOT_PUB_KEY)!"
360 360 exit 1
361 361 fi
362 362 fi
363 363
364 364 # Check if $USER_NAME SSH (v2) public key file exists
365 365 if [ ! -z "$SSH_USER_PUB_KEY" ] ; then
366 366 if [ ! -f "$SSH_USER_PUB_KEY" ] ; then
367 367 echo "error: '$SSH_USER_PUB_KEY' specified SSH public key file not found (SSH_USER_PUB_KEY)!"
368 368 exit 1
369 369 fi
370 370 fi
371 371
372 372 # Check if all required packages are installed on the build system
373 373 for package in $REQUIRED_PACKAGES ; do
374 374 if [ "`dpkg-query -W -f='${Status}' $package`" != "install ok installed" ] ; then
375 375 MISSING_PACKAGES="${MISSING_PACKAGES} $package"
376 376 fi
377 377 done
378 378
379 379 # If there are missing packages ask confirmation for install, or exit
380 380 if [ -n "$MISSING_PACKAGES" ] ; then
381 381 echo "the following packages needed by this script are not installed:"
382 382 echo "$MISSING_PACKAGES"
383 383
384 384 echo -n "\ndo you want to install the missing packages right now? [y/n] "
385 385 read confirm
386 386 [ "$confirm" != "y" ] && exit 1
387 387
388 388 # Make sure all missing required packages are installed
389 389 apt-get -qq -y install ${MISSING_PACKAGES}
390 390 fi
391 391
392 392 # Check if ./bootstrap.d directory exists
393 393 if [ ! -d "./bootstrap.d/" ] ; then
394 394 echo "error: './bootstrap.d' required directory not found!"
395 395 exit 1
396 396 fi
397 397
398 398 # Check if ./files directory exists
399 399 if [ ! -d "./files/" ] ; then
400 400 echo "error: './files' required directory not found!"
401 401 exit 1
402 402 fi
403 403
404 404 # Check if specified KERNELSRC_DIR directory exists
405 405 if [ -n "$KERNELSRC_DIR" ] && [ ! -d "$KERNELSRC_DIR" ] ; then
406 406 echo "error: '${KERNELSRC_DIR}' specified directory not found (KERNELSRC_DIR)!"
407 407 exit 1
408 408 fi
409 409
410 410 # Check if specified UBOOTSRC_DIR directory exists
411 411 if [ -n "$UBOOTSRC_DIR" ] && [ ! -d "$UBOOTSRC_DIR" ] ; then
412 412 echo "error: '${UBOOTSRC_DIR}' specified directory not found (UBOOTSRC_DIR)!"
413 413 exit 1
414 414 fi
415 415
416 416 # Check if specified FBTURBOSRC_DIR directory exists
417 417 if [ -n "$FBTURBOSRC_DIR" ] && [ ! -d "$FBTURBOSRC_DIR" ] ; then
418 418 echo "error: '${FBTURBOSRC_DIR}' specified directory not found (FBTURBOSRC_DIR)!"
419 419 exit 1
420 420 fi
421 421
422 422 # Check if specified CHROOT_SCRIPTS directory exists
423 423 if [ -n "$CHROOT_SCRIPTS" ] && [ ! -d "$CHROOT_SCRIPTS" ] ; then
424 424 echo "error: ${CHROOT_SCRIPTS} specified directory not found (CHROOT_SCRIPTS)!"
425 425 exit 1
426 426 fi
427 427
428 428 # Check if specified device mapping already exists (will be used by cryptsetup)
429 429 if [ -r "/dev/mapping/${CRYPTFS_MAPPING}" ] ; then
430 430 echo "error: mapping /dev/mapping/${CRYPTFS_MAPPING} already exists, not proceeding"
431 431 exit 1
432 432 fi
433 433
434 434 # Don't clobber an old build
435 435 if [ -e "$BUILDDIR" ] ; then
436 436 echo "error: directory ${BUILDDIR} already exists, not proceeding"
437 437 exit 1
438 438 fi
439 439
440 440 # Setup chroot directory
441 441 mkdir -p "${R}"
442 442
443 443 # Check if build directory has enough of free disk space >512MB
444 444 if [ "$(df --output=avail ${BUILDDIR} | sed "1d")" -le "524288" ] ; then
445 445 echo "error: ${BUILDDIR} not enough space left to generate the output image!"
446 446 exit 1
447 447 fi
448 448
449 449 set -x
450 450
451 451 # Call "cleanup" function on various signals and errors
452 452 trap cleanup 0 1 2 3 6
453 453
454 454 # Add required packages for the minbase installation
455 455 if [ "$ENABLE_MINBASE" = true ] ; then
456 456 APT_INCLUDES="${APT_INCLUDES},vim-tiny,netbase,net-tools,ifupdown"
457 457 fi
458 458
459 459 # Add required locales packages
460 if [ "$DEFLOCAL" != "en_US.UTF-8" ] ; then
460 if [ "$DEFLOCAL" != "en_US.UTF-8" ] || ([ -n XKB_MODEL ] || [ -n XKB_LAYOUT ] || [ -n XKB_VARIANT ] || [ -n XKB_OPTIONS ]); then
461 461 APT_INCLUDES="${APT_INCLUDES},locales,keyboard-configuration,console-setup"
462 462 fi
463 463
464 464 # Add parted package, required to get partprobe utility
465 465 if [ "$EXPANDROOT" = true ] ; then
466 466 APT_INCLUDES="${APT_INCLUDES},parted"
467 467 fi
468 468
469 469 # Add dbus package, recommended if using systemd
470 470 if [ "$ENABLE_DBUS" = true ] ; then
471 471 APT_INCLUDES="${APT_INCLUDES},dbus"
472 472 fi
473 473
474 474 # Add iptables IPv4/IPv6 package
475 475 if [ "$ENABLE_IPTABLES" = true ] ; then
476 APT_INCLUDES="${APT_INCLUDES},iptables"
476 APT_INCLUDES="${APT_INCLUDES},iptables,iptables-persistent"
477 477 fi
478 478
479 479 # Add openssh server package
480 480 if [ "$ENABLE_SSHD" = true ] ; then
481 481 APT_INCLUDES="${APT_INCLUDES},openssh-server"
482 482 fi
483 483
484 484 # Add alsa-utils package
485 485 if [ "$ENABLE_SOUND" = true ] ; then
486 486 APT_INCLUDES="${APT_INCLUDES},alsa-utils"
487 487 fi
488 488
489 489 # Add rng-tools package
490 490 if [ "$ENABLE_HWRANDOM" = true ] ; then
491 491 APT_INCLUDES="${APT_INCLUDES},rng-tools"
492 492 fi
493 493
494 494 # Add fbturbo video driver
495 495 if [ "$ENABLE_FBTURBO" = true ] ; then
496 496 # Enable xorg package dependencies
497 497 ENABLE_XORG=true
498 498 fi
499 499
500 500 # Add user defined window manager package
501 501 if [ -n "$ENABLE_WM" ] ; then
502 502 APT_INCLUDES="${APT_INCLUDES},${ENABLE_WM}"
503 503
504 504 # Enable xorg package dependencies
505 505 ENABLE_XORG=true
506 506 fi
507 507
508 508 # Add xorg package
509 509 if [ "$ENABLE_XORG" = true ] ; then
510 510 APT_INCLUDES="${APT_INCLUDES},xorg,dbus-x11"
511 511 fi
512 512
513 513 # Replace selected packages with smaller clones
514 514 if [ "$ENABLE_REDUCE" = true ] ; then
515 515 # Add levee package instead of vim-tiny
516 516 if [ "$REDUCE_VIM" = true ] ; then
517 517 APT_INCLUDES="$(echo ${APT_INCLUDES} | sed "s/vim-tiny/levee/")"
518 518 fi
519 519
520 520 # Add dropbear package instead of openssh-server
521 521 if [ "$REDUCE_SSHD" = true ] ; then
522 522 APT_INCLUDES="$(echo ${APT_INCLUDES} | sed "s/openssh-server/dropbear/")"
523 523 fi
524 524 fi
525 525
526 526 if [ "$RELEASE" != "jessie" ] ; then
527 527 APT_INCLUDES="${APT_INCLUDES},libnss-systemd"
528 528 fi
529 529
530 530 # Configure kernel sources if no KERNELSRC_DIR
531 531 if [ "$BUILD_KERNEL" = true ] && [ -z "$KERNELSRC_DIR" ] ; then
532 532 KERNELSRC_CONFIG=true
533 533 fi
534 534
535 535 # Configure reduced kernel
536 536 if [ "$KERNEL_REDUCE" = true ] ; then
537 537 KERNELSRC_CONFIG=false
538 538 fi
539 539
540 540 # Configure qemu compatible kernel
541 541 if [ "$ENABLE_QEMU" = true ] ; then
542 542 DTB_FILE=vexpress-v2p-ca15_a7.dtb
543 543 UBOOT_CONFIG=vexpress_ca15_tc2_defconfig
544 544 KERNEL_DEFCONFIG="vexpress_defconfig"
545 545 if [ "$KERNEL_MENUCONFIG" = false ] ; then
546 546 KERNEL_OLDDEFCONFIG=true
547 547 fi
548 548 fi
549 549
550 550 # Execute bootstrap scripts
551 551 for SCRIPT in bootstrap.d/*.sh; do
552 552 head -n 3 "$SCRIPT"
553 553 . "$SCRIPT"
554 554 done
555 555
556 556 ## Execute custom bootstrap scripts
557 557 if [ -d "custom.d" ] ; then
558 558 for SCRIPT in custom.d/*.sh; do
559 559 . "$SCRIPT"
560 560 done
561 561 fi
562 562
563 563 # Execute custom scripts inside the chroot
564 564 if [ -n "$CHROOT_SCRIPTS" ] && [ -d "$CHROOT_SCRIPTS" ] ; then
565 565 cp -r "${CHROOT_SCRIPTS}" "${R}/chroot_scripts"
566 566 chroot_exec /bin/bash -x <<'EOF'
567 567 for SCRIPT in /chroot_scripts/* ; do
568 568 if [ -f $SCRIPT -a -x $SCRIPT ] ; then
569 569 $SCRIPT
570 570 fi
571 571 done
572 572 EOF
573 573 rm -rf "${R}/chroot_scripts"
574 574 fi
575 575
576 576 # Remove c/c++ build environment from the chroot
577 577 chroot_remove_cc
578 578
579 579 # Remove apt-utils
580 580 if [ "$RELEASE" = "jessie" ] ; then
581 581 chroot_exec apt-get purge -qq -y --force-yes apt-utils
582 582 fi
583 583
584 584 # Generate required machine-id
585 585 MACHINE_ID=$(dbus-uuidgen)
586 586 echo -n "${MACHINE_ID}" > "${R}/var/lib/dbus/machine-id"
587 587 echo -n "${MACHINE_ID}" > "${ETC_DIR}/machine-id"
588 588
589 589 # APT Cleanup
590 590 chroot_exec apt-get -y clean
591 591 chroot_exec apt-get -y autoclean
592 592 chroot_exec apt-get -y autoremove
593 593
594 594 # Unmount mounted filesystems
595 595 umount -l "${R}/proc"
596 596 umount -l "${R}/sys"
597 597
598 598 # Clean up directories
599 599 rm -rf "${R}/run/*"
600 600 rm -rf "${R}/tmp/*"
601 601
602 602 # Clean up files
603 603 rm -f "${ETC_DIR}/ssh/ssh_host_*"
604 604 rm -f "${ETC_DIR}/dropbear/dropbear_*"
605 605 rm -f "${ETC_DIR}/apt/sources.list.save"
606 606 rm -f "${ETC_DIR}/resolvconf/resolv.conf.d/original"
607 607 rm -f "${ETC_DIR}/*-"
608 608 rm -f "${ETC_DIR}/apt/apt.conf.d/10proxy"
609 609 rm -f "${ETC_DIR}/resolv.conf"
610 610 rm -f "${R}/root/.bash_history"
611 611 rm -f "${R}/var/lib/urandom/random-seed"
612 612 rm -f "${R}/initrd.img"
613 613 rm -f "${R}/vmlinuz"
614 614 rm -f "${R}${QEMU_BINARY}"
615 615
616 616 if [ "$ENABLE_QEMU" = true ] ; then
617 617 # Setup QEMU directory
618 618 mkdir "${BASEDIR}/qemu"
619 619
620 620 # Copy kernel image to QEMU directory
621 621 install_readonly "${BOOT_DIR}/${KERNEL_IMAGE}" "${BASEDIR}/qemu/${KERNEL_IMAGE}"
622 622
623 623 # Copy kernel config to QEMU directory
624 624 install_readonly "${R}/boot/config-${KERNEL_VERSION}" "${BASEDIR}/qemu/config-${KERNEL_VERSION}"
625 625
626 626 # Copy kernel dtbs to QEMU directory
627 627 for dtb in "${BOOT_DIR}/"*.dtb ; do
628 628 if [ -f "${dtb}" ] ; then
629 629 install_readonly "${dtb}" "${BASEDIR}/qemu/"
630 630 fi
631 631 done
632 632
633 633 # Copy kernel overlays to QEMU directory
634 634 if [ -d "${BOOT_DIR}/overlays" ] ; then
635 635 # Setup overlays dtbs directory
636 636 mkdir "${BASEDIR}/qemu/overlays"
637 637
638 638 for dtb in "${BOOT_DIR}/overlays/"*.dtb ; do
639 639 if [ -f "${dtb}" ] ; then
640 640 install_readonly "${dtb}" "${BASEDIR}/qemu/overlays/"
641 641 fi
642 642 done
643 643 fi
644 644
645 645 # Copy u-boot files to QEMU directory
646 646 if [ "$ENABLE_UBOOT" = true ] ; then
647 647 if [ -f "${BOOT_DIR}/u-boot.bin" ] ; then
648 648 install_readonly "${BOOT_DIR}/u-boot.bin" "${BASEDIR}/qemu/u-boot.bin"
649 649 fi
650 650 if [ -f "${BOOT_DIR}/uboot.mkimage" ] ; then
651 651 install_readonly "${BOOT_DIR}/uboot.mkimage" "${BASEDIR}/qemu/uboot.mkimage"
652 652 fi
653 653 if [ -f "${BOOT_DIR}/boot.scr" ] ; then
654 654 install_readonly "${BOOT_DIR}/boot.scr" "${BASEDIR}/qemu/boot.scr"
655 655 fi
656 656 fi
657 657
658 658 # Copy initramfs to QEMU directory
659 659 if [ -f "${BOOT_DIR}/initramfs-${KERNEL_VERSION}" ] ; then
660 660 install_readonly "${BOOT_DIR}/initramfs-${KERNEL_VERSION}" "${BASEDIR}/qemu/initramfs-${KERNEL_VERSION}"
661 661 fi
662 662 fi
663 663
664 664 # Calculate size of the chroot directory in KB
665 665 CHROOT_SIZE=$(expr `du -s "${R}" | awk '{ print $1 }'`)
666 666
667 667 # Calculate the amount of needed 512 Byte sectors
668 668 TABLE_SECTORS=$(expr 1 \* 1024 \* 1024 \/ 512)
669 669 FRMW_SECTORS=$(expr 64 \* 1024 \* 1024 \/ 512)
670 670 ROOT_OFFSET=$(expr ${TABLE_SECTORS} + ${FRMW_SECTORS})
671 671
672 672 # The root partition is EXT4
673 673 # This means more space than the actual used space of the chroot is used.
674 674 # As overhead for journaling and reserved blocks 35% are added.
675 675 ROOT_SECTORS=$(expr $(expr ${CHROOT_SIZE} + ${CHROOT_SIZE} \/ 100 \* 35) \* 1024 \/ 512)
676 676
677 677 # Calculate required image size in 512 Byte sectors
678 678 IMAGE_SECTORS=$(expr ${TABLE_SECTORS} + ${FRMW_SECTORS} + ${ROOT_SECTORS})
679 679
680 680 # Prepare image file
681 681 if [ "$ENABLE_SPLITFS" = true ] ; then
682 682 dd if=/dev/zero of="$IMAGE_NAME-frmw.img" bs=512 count=${TABLE_SECTORS}
683 683 dd if=/dev/zero of="$IMAGE_NAME-frmw.img" bs=512 count=0 seek=${FRMW_SECTORS}
684 684 dd if=/dev/zero of="$IMAGE_NAME-root.img" bs=512 count=${TABLE_SECTORS}
685 685 dd if=/dev/zero of="$IMAGE_NAME-root.img" bs=512 count=0 seek=${ROOT_SECTORS}
686 686
687 687 # Write firmware/boot partition tables
688 688 sfdisk -q -L -uS -f "$IMAGE_NAME-frmw.img" 2> /dev/null <<EOM
689 689 ${TABLE_SECTORS},${FRMW_SECTORS},c,*
690 690 EOM
691 691
692 692 # Write root partition table
693 693 sfdisk -q -L -uS -f "$IMAGE_NAME-root.img" 2> /dev/null <<EOM
694 694 ${TABLE_SECTORS},${ROOT_SECTORS},83
695 695 EOM
696 696
697 697 # Setup temporary loop devices
698 698 FRMW_LOOP="$(losetup -o 1M --sizelimit 64M -f --show $IMAGE_NAME-frmw.img)"
699 699 ROOT_LOOP="$(losetup -o 1M -f --show $IMAGE_NAME-root.img)"
700 700 else # ENABLE_SPLITFS=false
701 701 dd if=/dev/zero of="$IMAGE_NAME.img" bs=512 count=${TABLE_SECTORS}
702 702 dd if=/dev/zero of="$IMAGE_NAME.img" bs=512 count=0 seek=${IMAGE_SECTORS}
703 703
704 704 # Write partition table
705 705 sfdisk -q -L -uS -f "$IMAGE_NAME.img" 2> /dev/null <<EOM
706 706 ${TABLE_SECTORS},${FRMW_SECTORS},c,*
707 707 ${ROOT_OFFSET},${ROOT_SECTORS},83
708 708 EOM
709 709
710 710 # Setup temporary loop devices
711 711 FRMW_LOOP="$(losetup -o 1M --sizelimit 64M -f --show $IMAGE_NAME.img)"
712 712 ROOT_LOOP="$(losetup -o 65M -f --show $IMAGE_NAME.img)"
713 713 fi
714 714
715 715 if [ "$ENABLE_CRYPTFS" = true ] ; then
716 716 # Create dummy ext4 fs
717 717 mkfs.ext4 "$ROOT_LOOP"
718 718
719 719 # Setup password keyfile
720 720 touch .password
721 721 chmod 600 .password
722 722 echo -n ${CRYPTFS_PASSWORD} > .password
723 723
724 724 # Initialize encrypted partition
725 725 echo "YES" | cryptsetup luksFormat "${ROOT_LOOP}" -c "${CRYPTFS_CIPHER}" -s "${CRYPTFS_XTSKEYSIZE}" .password
726 726
727 727 # Open encrypted partition and setup mapping
728 728 cryptsetup luksOpen "${ROOT_LOOP}" -d .password "${CRYPTFS_MAPPING}"
729 729
730 730 # Secure delete password keyfile
731 731 shred -zu .password
732 732
733 733 # Update temporary loop device
734 734 ROOT_LOOP="/dev/mapper/${CRYPTFS_MAPPING}"
735 735
736 736 # Wipe encrypted partition (encryption cipher is used for randomness)
737 737 dd if=/dev/zero of="${ROOT_LOOP}" bs=512 count=$(blockdev --getsz "${ROOT_LOOP}")
738 738 fi
739 739
740 740 # Build filesystems
741 741 mkfs.vfat "$FRMW_LOOP"
742 742 mkfs.ext4 "$ROOT_LOOP"
743 743
744 744 # Mount the temporary loop devices
745 745 mkdir -p "$BUILDDIR/mount"
746 746 mount "$ROOT_LOOP" "$BUILDDIR/mount"
747 747
748 748 mkdir -p "$BUILDDIR/mount/boot/firmware"
749 749 mount "$FRMW_LOOP" "$BUILDDIR/mount/boot/firmware"
750 750
751 751 # Copy all files from the chroot to the loop device mount point directory
752 752 rsync -a "${R}/" "$BUILDDIR/mount/"
753 753
754 754 # Unmount all temporary loop devices and mount points
755 755 cleanup
756 756
757 757 # Create block map file(s) of image(s)
758 758 if [ "$ENABLE_SPLITFS" = true ] ; then
759 759 # Create block map files for "bmaptool"
760 760 bmaptool create -o "$IMAGE_NAME-frmw.bmap" "$IMAGE_NAME-frmw.img"
761 761 bmaptool create -o "$IMAGE_NAME-root.bmap" "$IMAGE_NAME-root.img"
762 762
763 763 # Image was successfully created
764 764 echo "$IMAGE_NAME-frmw.img ($(expr \( ${TABLE_SECTORS} + ${FRMW_SECTORS} \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
765 765 echo "$IMAGE_NAME-root.img ($(expr \( ${TABLE_SECTORS} + ${ROOT_SECTORS} \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
766 766 else
767 767 # Create block map file for "bmaptool"
768 768 bmaptool create -o "$IMAGE_NAME.bmap" "$IMAGE_NAME.img"
769 769
770 770 # Image was successfully created
771 771 echo "$IMAGE_NAME.img ($(expr \( ${TABLE_SECTORS} + ${FRMW_SECTORS} + ${ROOT_SECTORS} \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
772 772
773 773 # Create qemu qcow2 image
774 774 if [ "$ENABLE_QEMU" = true ] ; then
775 775 QEMU_IMAGE=${QEMU_IMAGE:=${BASEDIR}/qemu/${DATE}-${KERNEL_ARCH}-CURRENT-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}}
776 776 QEMU_SIZE=16G
777 777
778 778 qemu-img convert -f raw -O qcow2 $IMAGE_NAME.img $QEMU_IMAGE.qcow2
779 779 qemu-img resize $QEMU_IMAGE.qcow2 $QEMU_SIZE
780 780
781 781 echo "$QEMU_IMAGE.qcow2 ($QEMU_SIZE)" ": successfully created"
782 782 fi
783 783 fi
General Comments 0
Vous devez vous connecter pour laisser un commentaire. Se connecter maintenant