##// END OF EJS Templates
Merge branch 'testing' into dropbear
drtyhlpr -
r530:104de92b07e5 Fusion
parent child
Show More
@@ -0,0 +1,97
1 #!/bin/sh
2 #
3 # Build and Setup nexmon with monitor mode patch
4 #
5
6 # Load utility functions
7 . ./functions.sh
8
9 if [ "$ENABLE_NEXMON" = true ] && [ "$ENABLE_WIRELESS" = true ]; then
10 # Copy existing nexmon sources into chroot directory
11 if [ -n "$NEXMONSRC_DIR" ] && [ -d "$NEXMONSRC_DIR" ] ; then
12 # Copy local U-Boot sources
13 cp -r "${NEXMONSRC_DIR}" "${R}/tmp"
14 else
15 # Create temporary directory for nexmon sources
16 temp_dir=$(as_nobody mktemp -d)
17
18 # Fetch nexmon sources
19 as_nobody git -C "${temp_dir}" clone "${NEXMON_URL}"
20
21 # Copy downloaded nexmon sources
22 mv "${temp_dir}/nexmon" "${R}"/tmp/
23
24 # Set permissions of the nexmon sources
25 chown -R root:root "${R}"/tmp/nexmon
26
27 # Remove temporary directory for nexmon sources
28 rm -fr "${temp_dir}"
29 fi
30
31 # Set script Root
32 export NEXMON_ROOT="${R}"/tmp/nexmon
33
34 # Build nexmon firmware outside the build system, if we can.
35 cd "${NEXMON_ROOT}" || exit
36
37 # Make ancient isl build
38 cd buildtools/isl-0.10 || exit
39 ./configure
40 make
41 cd ../.. || exit
42
43 # Disable statistics
44 touch DISABLE_STATISTICS
45
46 # Setup Enviroment: see https://github.com/NoobieDog/nexmon/blob/master/setup_env.sh
47 export KERNEL="${KERNEL_IMAGE}"
48 export ARCH=arm
49 export SUBARCH=arm
50 export CC="${NEXMON_ROOT}"/buildtools/gcc-arm-none-eabi-5_4-2016q2-linux-x86/bin/arm-none-eabi-
51 export CC="${CC}"gcc
52 export CCPLUGIN="${NEXMON_ROOT}"/buildtools/gcc-nexmon-plugin/nexmon.so
53 export ZLIBFLATE="zlib-flate -compress"
54 export Q=@
55 export NEXMON_SETUP_ENV=1
56 export HOSTUNAME=$(uname -s)
57 export PLATFORMUNAME=$(uname -m)
58
59 # Make nexmon
60 make
61
62 # build patches
63 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 3 ] ; then
64 cd "${NEXMON_ROOT}"/patches/bcm43430a1/7_45_41_46/nexmon || exit
65 sed -i -e 's/all:.*/all: $(RAM_FILE)/g' ${NEXMON_ROOT}/patches/bcm43430a1/7_45_41_46/nexmon/Makefile
66 make clean
67
68 # We do this so we don't have to install the ancient isl version into /usr/local/lib on systems.
69 LD_LIBRARY_PATH="${NEXMON_ROOT}"/buildtools/isl-0.10/.libs make ARCH="${KERNEL_ARCH}" CC="${NEXMON_ROOT}"/buildtools/gcc-arm-none-eabi-5_4-2016q2-linux-x86/bin/arm-none-eabi-
70
71 # copy RPi0W & RPi3 firmware
72 mv "${WLAN_FIRMWARE_DIR}"/brcmfmac43430-sdio.bin "${WLAN_FIRMWARE_DIR}"/brcmfmac43430-sdio.org.bin
73 cp "${NEXMON_ROOT}"/patches/bcm43430a1/7_45_41_46/nexmon/brcmfmac43430-sdio.bin "${WLAN_FIRMWARE_DIR}"/brcmfmac43430-sdio.nexmon.bin
74 cp -f "${NEXMON_ROOT}"/patches/bcm43430a1/7_45_41_46/nexmon/brcmfmac43430-sdio.bin "${WLAN_FIRMWARE_DIR}"/brcmfmac43430-sdio.bin
75 fi
76
77 if [ "$RPI_MODEL" = 3P ] ; then
78 cd "${NEXMON_ROOT}"/patches/bcm43455c0/7_45_154/nexmon || exit
79 sed -i -e 's/all:.*/all: $(RAM_FILE)/g' ${NEXMON_ROOT}/patches/bcm43455c0/7_45_154/nexmon/Makefile
80 make clean
81
82 # We do this so we don't have to install the ancient isl version into /usr/local/lib on systems.
83 LD_LIBRARY_PATH=${NEXMON_ROOT}/buildtools/isl-0.10/.libs make ARCH="${KERNEL_ARCH}" CC="${NEXMON_ROOT}"/buildtools/gcc-arm-none-eabi-5_4-2016q2-linux-x86/bin/arm-none-eabi-
84
85 # RPi3B+ firmware
86 mv "${WLAN_FIRMWARE_DIR}"/brcmfmac43455-sdio.bin "${WLAN_FIRMWARE_DIR}"/brcmfmac43455-sdio.org.bin
87 cp "${NEXMON_ROOT}"/patches/bcm43455c0/7_45_154/nexmon/brcmfmac43455-sdio.bin "${WLAN_FIRMWARE_DIR}"/brcmfmac43455-sdio.nexmon.bin
88 cp -f "${NEXMON_ROOT}"/patches/bcm43455c0/7_45_154/nexmon/brcmfmac43455-sdio.bin "${WLAN_FIRMWARE_DIR}"/brcmfmac43455-sdio.bin
89 fi
90
91 #Revert to previous directory
92 cd "${WORKDIR}" || exit
93
94 # Remove nexmon sources
95 rm -fr "${NEXMON_ROOT}"
96
97 fi
@@ -1,506 +1,532
1 # rpi23-gen-image
1 # rpi23-gen-image
2 ## Introduction
2 ## Introduction
3 `rpi23-gen-image.sh` is an advanced Debian Linux bootstrapping shell script for generating Debian OS images for all Raspberry Pi computers. The script at this time supports the bootstrapping of the Debian (armhf/armel) releases `stretch` and `buster`. Raspberry Pi 0/1/2/3 images are generated for 32-bit mode only. Raspberry Pi 3 supports 64-bit images that can be generated using custom configuration parameters (```templates/rpi3-stretch-arm64-4.14.y```).
3 `rpi23-gen-image.sh` is an advanced Debian Linux bootstrapping shell script for generating Debian OS images for all Raspberry Pi computers. The script at this time supports the bootstrapping of the Debian (armhf/armel) releases `stretch` and `buster`. Raspberry Pi 0/1/2/3 images are generated for 32-bit mode only. Raspberry Pi 3 supports 64-bit images that can be generated using custom configuration parameters (```templates/rpi3-stretch-arm64-4.14.y```).
4
4
5 ## Build dependencies
5 ## Build dependencies
6 The following list of Debian packages must be installed on the build system because they are essentially required for the bootstrapping process. The script will check if all required packages are installed and missing packages will be installed automatically if confirmed by the user.
6 The following list of Debian packages must be installed on the build system because they are essentially required for the bootstrapping process. The script will check if all required packages are installed and missing packages will be installed automatically if confirmed by the user.
7
7
8 ```debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git bc psmisc dbus sudo```
8 ```debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git bc psmisc dbus sudo```
9
9
10 It is recommended to configure the `rpi23-gen-image.sh` script to build and install the latest Raspberry Pi Linux kernel. For the Raspberry 3 this is mandatory. Kernel compilation and linking will be performed on the build system using an ARM (armhf/armel) cross-compiler toolchain.
10 It is recommended to configure the `rpi23-gen-image.sh` script to build and install the latest Raspberry Pi Linux kernel. For the Raspberry 3 this is mandatory. Kernel compilation and linking will be performed on the build system using an ARM (armhf/armel) cross-compiler toolchain.
11
11
12 The script has been tested using the default `crossbuild-essential-armhf` and `crossbuild-essential-armel` toolchain meta packages on Debian Linux `stretch` build systems. Please check the [Debian CrossToolchains Wiki](https://wiki.debian.org/CrossToolchains) for further information.
12 The script has been tested using the default `crossbuild-essential-armhf` and `crossbuild-essential-armel` toolchain meta packages on Debian Linux `stretch` build systems. Please check the [Debian CrossToolchains Wiki](https://wiki.debian.org/CrossToolchains) for further information.
13
13
14 ## Command-line parameters
14 ## Command-line parameters
15 The script accepts certain command-line parameters to enable or disable specific OS features, services and configuration settings. These parameters are passed to the `rpi23-gen-image.sh` script via (simple) shell-variables. Unlike environment shell-variables (simple) shell-variables are defined at the beginning of the command-line call of the `rpi23-gen-image.sh` script.
15 The script accepts certain command-line parameters to enable or disable specific OS features, services and configuration settings. These parameters are passed to the `rpi23-gen-image.sh` script via (simple) shell-variables. Unlike environment shell-variables (simple) shell-variables are defined at the beginning of the command-line call of the `rpi23-gen-image.sh` script.
16
16
17 ##### Command-line examples:
17 ##### Command-line examples:
18 ```shell
18 ```shell
19 ENABLE_UBOOT=true ./rpi23-gen-image.sh
19 ENABLE_UBOOT=true ./rpi23-gen-image.sh
20 ENABLE_CONSOLE=false ENABLE_IPV6=false ./rpi23-gen-image.sh
20 ENABLE_CONSOLE=false ENABLE_IPV6=false ./rpi23-gen-image.sh
21 ENABLE_WM=xfce4 ENABLE_FBTURBO=true ENABLE_MINBASE=true ./rpi23-gen-image.sh
21 ENABLE_WM=xfce4 ENABLE_FBTURBO=true ENABLE_MINBASE=true ./rpi23-gen-image.sh
22 ENABLE_HARDNET=true ENABLE_IPTABLES=true /rpi23-gen-image.sh
22 ENABLE_HARDNET=true ENABLE_IPTABLES=true /rpi23-gen-image.sh
23 APT_SERVER=ftp.de.debian.org APT_PROXY="http://127.0.0.1:3142/" ./rpi23-gen-image.sh
23 APT_SERVER=ftp.de.debian.org APT_PROXY="http://127.0.0.1:3142/" ./rpi23-gen-image.sh
24 ENABLE_MINBASE=true ./rpi23-gen-image.sh
24 ENABLE_MINBASE=true ./rpi23-gen-image.sh
25 BUILD_KERNEL=true ENABLE_MINBASE=true ENABLE_IPV6=false ./rpi23-gen-image.sh
25 BUILD_KERNEL=true ENABLE_MINBASE=true ENABLE_IPV6=false ./rpi23-gen-image.sh
26 BUILD_KERNEL=true KERNELSRC_DIR=/tmp/linux ./rpi23-gen-image.sh
26 BUILD_KERNEL=true KERNELSRC_DIR=/tmp/linux ./rpi23-gen-image.sh
27 ENABLE_MINBASE=true ENABLE_REDUCE=true ENABLE_MINGPU=true BUILD_KERNEL=true ./rpi23-gen-image.sh
27 ENABLE_MINBASE=true ENABLE_REDUCE=true ENABLE_MINGPU=true BUILD_KERNEL=true ./rpi23-gen-image.sh
28 ENABLE_CRYPTFS=true CRYPTFS_PASSWORD=changeme EXPANDROOT=false ENABLE_MINBASE=true ENABLE_REDUCE=true ENABLE_MINGPU=true BUILD_KERNEL=true ./rpi23-gen-image.sh
28 ENABLE_CRYPTFS=true CRYPTFS_PASSWORD=changeme EXPANDROOT=false ENABLE_MINBASE=true ENABLE_REDUCE=true ENABLE_MINGPU=true BUILD_KERNEL=true ./rpi23-gen-image.sh
29 RELEASE=stretch BUILD_KERNEL=true ./rpi23-gen-image.sh
29 RELEASE=stretch BUILD_KERNEL=true ./rpi23-gen-image.sh
30 RPI_MODEL=3 ENABLE_WIRELESS=true ENABLE_MINBASE=true BUILD_KERNEL=true ./rpi23-gen-image.sh
30 RPI_MODEL=3 ENABLE_WIRELESS=true ENABLE_MINBASE=true BUILD_KERNEL=true ./rpi23-gen-image.sh
31 RELEASE=stretch RPI_MODEL=3 ENABLE_WIRELESS=true ENABLE_MINBASE=true BUILD_KERNEL=true ./rpi23-gen-image.sh
31 RELEASE=stretch RPI_MODEL=3 ENABLE_WIRELESS=true ENABLE_MINBASE=true BUILD_KERNEL=true ./rpi23-gen-image.sh
32 ```
32 ```
33
33
34 ## Configuration template files
34 ## Configuration template files
35 To avoid long lists of command-line parameters and to help to store the favourite parameter configurations the `rpi23-gen-image.sh` script supports so called configuration template files (`CONFIG_TEMPLATE`=template). These are simple text files located in the `./templates` directory that contain the list of configuration parameters that will be used. New configuration template files can be added to the `./templates` directory.
35 To avoid long lists of command-line parameters and to help to store the favourite parameter configurations the `rpi23-gen-image.sh` script supports so called configuration template files (`CONFIG_TEMPLATE`=template). These are simple text files located in the `./templates` directory that contain the list of configuration parameters that will be used. New configuration template files can be added to the `./templates` directory.
36
36
37 ##### Command-line examples:
37 ##### Command-line examples:
38 ```shell
38 ```shell
39 CONFIG_TEMPLATE=rpi3stretch ./rpi23-gen-image.sh
39 CONFIG_TEMPLATE=rpi3stretch ./rpi23-gen-image.sh
40 CONFIG_TEMPLATE=rpi2stretch ./rpi23-gen-image.sh
40 CONFIG_TEMPLATE=rpi2stretch ./rpi23-gen-image.sh
41 ```
41 ```
42
42
43 ## Supported parameters and settings
43 ## Supported parameters and settings
44 #### APT settings:
44 #### APT settings:
45 ##### `APT_SERVER`="ftp.debian.org"
45 ##### `APT_SERVER`="ftp.debian.org"
46 Set Debian packages server address. Choose a server from the list of Debian worldwide [mirror sites](https://www.debian.org/mirror/list). Using a nearby server will probably speed-up all required downloads within the bootstrapping process.
46 Set Debian packages server address. Choose a server from the list of Debian worldwide [mirror sites](https://www.debian.org/mirror/list). Using a nearby server will probably speed-up all required downloads within the bootstrapping process.
47
47
48 ##### `APT_PROXY`=""
48 ##### `APT_PROXY`=""
49 Set Proxy server address. Using a local Proxy-Cache like `apt-cacher-ng` will speed-up the bootstrapping process because all required Debian packages will only be downloaded from the Debian mirror site once. If `apt-cacher-ng` is running on default `http://127.0.0.1:3142` it is autodetected and you don't need to set this.
49 Set Proxy server address. Using a local Proxy-Cache like `apt-cacher-ng` will speed-up the bootstrapping process because all required Debian packages will only be downloaded from the Debian mirror site once. If `apt-cacher-ng` is running on default `http://127.0.0.1:3142` it is autodetected and you don't need to set this.
50
50
51 ##### `APT_INCLUDES`=""
51 ##### `APT_INCLUDES`=""
52 A comma-separated list of additional packages to be installed by debootstrap during bootstrapping.
52 A comma-separated list of additional packages to be installed by debootstrap during bootstrapping.
53
53
54 ##### `APT_INCLUDES_LATE`=""
54 ##### `APT_INCLUDES_LATE`=""
55 A comma-separated list of additional packages to be installed by apt after bootstrapping and after APT sources are set up. This is useful for packages with pre-depends, which debootstrap do not handle well.
55 A comma-separated list of additional packages to be installed by apt after bootstrapping and after APT sources are set up. This is useful for packages with pre-depends, which debootstrap do not handle well.
56
56
57 ---
57 ---
58
58
59 #### General system settings:
59 #### General system settings:
60 ##### `SET_ARCH`=32
60 ##### `SET_ARCH`=32
61 Set Architecture to default 32bit. If you want to compile 64-bit (RPI3 or RPI3+) set it to `64`. This option will set every needed cross-compiler or board specific option for a successful build.
61 Set Architecture to default 32bit. If you want to compile 64-bit (RPI3 or RPI3+) set it to `64`. This option will set every needed cross-compiler or board specific option for a successful build.
62
62
63 ##### `RPI_MODEL`=2
63 ##### `RPI_MODEL`=2
64 Specify the target Raspberry Pi hardware model. The script at this time supports the following Raspberry Pi models:
64 Specify the target Raspberry Pi hardware model. The script at this time supports the following Raspberry Pi models:
65 - `0` = Raspberry Pi 0 and Raspberry Pi 0 W
65 - `0` = Raspberry Pi 0 and Raspberry Pi 0 W
66 - `1` = Raspberry Pi 1 model A and B
66 - `1` = Raspberry Pi 1 model A and B
67 - `1P` = Raspberry Pi 1 model B+ and A+
67 - `1P` = Raspberry Pi 1 model B+ and A+
68 - `2` = Raspberry Pi 2 model B
68 - `2` = Raspberry Pi 2 model B
69 - `3` = Raspberry Pi 3 model B
69 - `3` = Raspberry Pi 3 model B
70 - `3P` = Raspberry Pi 3 model B+
70 - `3P` = Raspberry Pi 3 model B+
71
71
72 ##### `RELEASE`="buster"
72 ##### `RELEASE`="buster"
73 Set the desired Debian release name. The script at this time supports the bootstrapping of the Debian releases `stretch` and `buster`.
73 Set the desired Debian release name. The script at this time supports the bootstrapping of the Debian releases `stretch` and `buster`.
74
74
75 ##### `RELEASE_ARCH`="armhf"
75 ##### `RELEASE_ARCH`="armhf"
76 Set the desired Debian release architecture.
76 Set the desired Debian release architecture.
77
77
78 ##### `HOSTNAME`="rpi$RPI_MODEL-$RELEASE"
78 ##### `HOSTNAME`="rpi$RPI_MODEL-$RELEASE"
79 Set system hostname. It's recommended that the hostname is unique in the corresponding subnet.
79 Set system hostname. It's recommended that the hostname is unique in the corresponding subnet.
80
80
81 ##### `PASSWORD`="raspberry"
81 ##### `PASSWORD`="raspberry"
82 Set system `root` password. It's **STRONGLY** recommended that you choose a custom password.
82 Set system `root` password. It's **STRONGLY** recommended that you choose a custom password.
83
83
84 ##### `USER_PASSWORD`="raspberry"
84 ##### `USER_PASSWORD`="raspberry"
85 Set password for the created non-root user `USER_NAME`=pi. Ignored if `ENABLE_USER`=false. It's **STRONGLY** recommended that you choose a custom password.
85 Set password for the created non-root user `USER_NAME`=pi. Ignored if `ENABLE_USER`=false. It's **STRONGLY** recommended that you choose a custom password.
86
86
87 ##### `DEFLOCAL`="en_US.UTF-8"
87 ##### `DEFLOCAL`="en_US.UTF-8"
88 Set default system locale. This setting can also be changed inside the running OS using the `dpkg-reconfigure locales` command. Please note that on using this parameter the script will automatically install the required packages `locales`, `keyboard-configuration` and `console-setup`.
88 Set default system locale. This setting can also be changed inside the running OS using the `dpkg-reconfigure locales` command. Please note that on using this parameter the script will automatically install the required packages `locales`, `keyboard-configuration` and `console-setup`.
89
89
90 ##### `TIMEZONE`="Europe/Berlin"
90 ##### `TIMEZONE`="Europe/Berlin"
91 Set default system timezone. All available timezones can be found in the `/usr/share/zoneinfo/` directory. This setting can also be changed inside the running OS using the `dpkg-reconfigure tzdata` command.
91 Set default system timezone. All available timezones can be found in the `/usr/share/zoneinfo/` directory. This setting can also be changed inside the running OS using the `dpkg-reconfigure tzdata` command.
92
92
93 ##### `EXPANDROOT`=true
93 ##### `EXPANDROOT`=true
94 Expand the root partition and filesystem automatically on first boot.
94 Expand the root partition and filesystem automatically on first boot.
95
95
96 ##### `ENABLE_QEMU`=false
96 ##### `ENABLE_QEMU`=false
97 Generate kernel (`vexpress_defconfig`), file system image (`qcow2`) and DTB files that can be used for QEMU full system emulation (`vexpress-A15`). The output files are stored in the `$(pwd)/images/qemu` directory. You can find more information about running the generated image in the QEMU section of this readme file.
97 Generate kernel (`vexpress_defconfig`), file system image (`qcow2`) and DTB files that can be used for QEMU full system emulation (`vexpress-A15`). The output files are stored in the `$(pwd)/images/qemu` directory. You can find more information about running the generated image in the QEMU section of this readme file.
98
98
99 ---
99 ---
100
100
101 #### Keyboard settings:
101 #### Keyboard settings:
102 These options are used to configure keyboard layout in `/etc/default/keyboard` for console and Xorg. These settings can also be changed inside the running OS using the `dpkg-reconfigure keyboard-configuration` command.
102 These options are used to configure keyboard layout in `/etc/default/keyboard` for console and Xorg. These settings can also be changed inside the running OS using the `dpkg-reconfigure keyboard-configuration` command.
103
103
104 ##### `XKB_MODEL`=""
104 ##### `XKB_MODEL`=""
105 Set the name of the model of your keyboard type.
105 Set the name of the model of your keyboard type.
106
106
107 ##### `XKB_LAYOUT`=""
107 ##### `XKB_LAYOUT`=""
108 Set the supported keyboard layout(s).
108 Set the supported keyboard layout(s).
109
109
110 ##### `XKB_VARIANT`=""
110 ##### `XKB_VARIANT`=""
111 Set the supported variant(s) of the keyboard layout(s).
111 Set the supported variant(s) of the keyboard layout(s).
112
112
113 ##### `XKB_OPTIONS`=""
113 ##### `XKB_OPTIONS`=""
114 Set extra xkb configuration options.
114 Set extra xkb configuration options.
115
115
116 ---
116 ---
117
117
118 #### Networking settings (DHCP):
118 #### Networking settings (DHCP):
119 This parameter is used to set up networking auto-configuration in `/etc/systemd/network/eth.network`. The default location of network configuration files in the Debian `stretch` release was changed to `/lib/systemd/network`.`
119 This parameter is used to set up networking auto-configuration in `/etc/systemd/network/eth.network`. The default location of network configuration files in the Debian `stretch` release was changed to `/lib/systemd/network`.`
120
120
121 ##### `ENABLE_DHCP`=true
121 ##### `ENABLE_DHCP`=true
122 Set the system to use DHCP. This requires an DHCP server.
122 Set the system to use DHCP. This requires an DHCP server.
123
123
124 ---
124 ---
125
125
126 #### Networking settings (static):
126 #### Networking settings (static):
127 These parameters are used to set up a static networking configuration in `/etc/systemd/network/eth.network`. The following static networking parameters are only supported if `ENABLE_DHCP` was set to `false`. The default location of network configuration files in the Debian `stretch` release was changed to `/lib/systemd/network`.
127 These parameters are used to set up a static networking configuration in `/etc/systemd/network/eth.network`. The following static networking parameters are only supported if `ENABLE_DHCP` was set to `false`. The default location of network configuration files in the Debian `stretch` release was changed to `/lib/systemd/network`.
128
128
129 ##### `NET_ADDRESS`=""
129 ##### `NET_ADDRESS`=""
130 Set a static IPv4 or IPv6 address and its prefix, separated by "/", eg. "192.169.0.3/24".
130 Set a static IPv4 or IPv6 address and its prefix, separated by "/", eg. "192.169.0.3/24".
131
131
132 ##### `NET_GATEWAY`=""
132 ##### `NET_GATEWAY`=""
133 Set the IP address for the default gateway.
133 Set the IP address for the default gateway.
134
134
135 ##### `NET_DNS_1`=""
135 ##### `NET_DNS_1`=""
136 Set the IP address for the first DNS server.
136 Set the IP address for the first DNS server.
137
137
138 ##### `NET_DNS_2`=""
138 ##### `NET_DNS_2`=""
139 Set the IP address for the second DNS server.
139 Set the IP address for the second DNS server.
140
140
141 ##### `NET_DNS_DOMAINS`=""
141 ##### `NET_DNS_DOMAINS`=""
142 Set the default DNS search domains to use for non fully qualified hostnames.
142 Set the default DNS search domains to use for non fully qualified hostnames.
143
143
144 ##### `NET_NTP_1`=""
144 ##### `NET_NTP_1`=""
145 Set the IP address for the first NTP server.
145 Set the IP address for the first NTP server.
146
146
147 ##### `NET_NTP_2`=""
147 ##### `NET_NTP_2`=""
148 Set the IP address for the second NTP server.
148 Set the IP address for the second NTP server.
149
149
150 ---
150 ---
151
151
152 #### Basic system features:
152 #### Basic system features:
153 ##### `ENABLE_CONSOLE`=true
153 ##### `ENABLE_CONSOLE`=true
154 Enable serial console interface. Recommended if no monitor or keyboard is connected to the RPi2/3. In case of problems fe. if the network (auto) configuration failed - the serial console can be used to access the system. On RPI `0` `3` `3P` the CPU speed is locked at lowest speed.
154 Enable serial console interface. Recommended if no monitor or keyboard is connected to the RPi2/3. In case of problems fe. if the network (auto) configuration failed - the serial console can be used to access the system. On RPI `0` `3` `3P` the CPU speed is locked at lowest speed.
155
155
156 ##### `ENABLE_PRINTK`=false
156 ##### `ENABLE_PRINTK`=false
157 Enables printing kernel messages to konsole. printk is `3 4 1 3` as in raspbian.
157 Enables printing kernel messages to konsole. printk is `3 4 1 3` as in raspbian.
158
158
159 ##### `ENABLE_BLUETOOTH`=false
159 ##### `ENABLE_BLUETOOTH`=false
160 Enable onboard Bluetooth interface on the RPi0/3/3P. See: [Configuring the GPIO serial port on Raspbian jessie and stretch](https://spellfoundry.com/2016/05/29/configuring-gpio-serial-port-raspbian-jessie-including-pi-3/).
160 Enable onboard Bluetooth interface on the RPi0/3/3P. See: [Configuring the GPIO serial port on Raspbian jessie and stretch](https://spellfoundry.com/2016/05/29/configuring-gpio-serial-port-raspbian-jessie-including-pi-3/).
161
161
162 ##### `ENABLE_MINIUART_OVERLAY`=false
162 ##### `ENABLE_MINIUART_OVERLAY`=false
163 Enable Bluetooth to use this. Adds overlay to swap UART0 with UART1. Enabling (slower) Bluetooth and full speed serial console. - RPI `0` `3` `3P` have a fast `hardware UART0` (ttyAMA0) and a `mini UART1` (ttyS0)! RPI `1` `1P` `2` only have a `hardware UART0`. `UART0` is considered better, because is faster and more stable than `mini UART1`. By default the Bluetooth modem is mapped to the `hardware UART0` and `mini UART` is used for console. The `mini UART` is a problem for the serial console, because its baudrate depends on the CPU frequency, which is changing on runtime. Resulting in a volatile baudrate and thus in an unusable serial console.
163 Enable Bluetooth to use this. Adds overlay to swap UART0 with UART1. Enabling (slower) Bluetooth and full speed serial console. - RPI `0` `3` `3P` have a fast `hardware UART0` (ttyAMA0) and a `mini UART1` (ttyS0)! RPI `1` `1P` `2` only have a `hardware UART0`. `UART0` is considered better, because is faster and more stable than `mini UART1`. By default the Bluetooth modem is mapped to the `hardware UART0` and `mini UART` is used for console. The `mini UART` is a problem for the serial console, because its baudrate depends on the CPU frequency, which is changing on runtime. Resulting in a volatile baudrate and thus in an unusable serial console.
164
164
165 ##### `ENABLE_TURBO`=false
165 ##### `ENABLE_TURBO`=false
166 Enable Turbo mode. This setting locks cpu at the highest frequency. As setting ENABLE_CONSOLE=true locks RPI to lowest CPU speed, this is can be used additionally to lock cpu hat max speed. Need a good power supply and probably cooling for the Raspberry PI.
166 Enable Turbo mode. This setting locks cpu at the highest frequency. As setting ENABLE_CONSOLE=true locks RPI to lowest CPU speed, this is can be used additionally to lock cpu hat max speed. Need a good power supply and probably cooling for the Raspberry PI.
167
167
168 ##### `ENABLE_I2C`=false
168 ##### `ENABLE_I2C`=false
169 Enable I2C interface on the RPi 0/1/2/3. Please check the [RPi 0/1/2/3 pinout diagrams](https://elinux.org/RPi_Low-level_peripherals) to connect the right GPIO pins.
169 Enable I2C interface on the RPi 0/1/2/3. Please check the [RPi 0/1/2/3 pinout diagrams](https://elinux.org/RPi_Low-level_peripherals) to connect the right GPIO pins.
170
170
171 ##### `ENABLE_SPI`=false
171 ##### `ENABLE_SPI`=false
172 Enable SPI interface on the RPi 0/1/2/3. Please check the [RPi 0/1/2/3 pinout diagrams](https://elinux.org/RPi_Low-level_peripherals) to connect the right GPIO pins.
172 Enable SPI interface on the RPi 0/1/2/3. Please check the [RPi 0/1/2/3 pinout diagrams](https://elinux.org/RPi_Low-level_peripherals) to connect the right GPIO pins.
173
173
174 ##### `ENABLE_IPV6`=true
174 ##### `ENABLE_IPV6`=true
175 Enable IPv6 support. The network interface configuration is managed via systemd-networkd.
175 Enable IPv6 support. The network interface configuration is managed via systemd-networkd.
176
176
177 ##### `ENABLE_SSHD`=true
177 ##### `ENABLE_SSHD`=true
178 Install and enable OpenSSH service. The default configuration of the service doesn't allow `root` to login. Please use the user `pi` instead and `su -` or `sudo` to execute commands as root.
178 Install and enable OpenSSH service. The default configuration of the service doesn't allow `root` to login. Please use the user `pi` instead and `su -` or `sudo` to execute commands as root.
179
179
180 ##### `ENABLE_NONFREE`=false
180 ##### `ENABLE_NONFREE`=false
181 Allow the installation of non-free Debian packages that do not comply with the DFSG. This is required to install closed-source firmware binary blobs.
181 Allow the installation of non-free Debian packages that do not comply with the DFSG. This is required to install closed-source firmware binary blobs.
182
182
183 ##### `ENABLE_WIRELESS`=false
183 ##### `ENABLE_WIRELESS`=false
184 Download and install the [closed-source firmware binary blob](https://github.com/RPi-Distro/firmware-nonfree/raw/master/brcm) that is required to run the internal wireless interface of the Raspberry Pi model `3`. This parameter is ignored if the specified `RPI_MODEL` is not `3`.
184 Download and install the [closed-source firmware binary blob](https://github.com/RPi-Distro/firmware-nonfree/raw/master/brcm) that is required to run the internal wireless interface of the Raspberry Pi model `3`. This parameter is ignored if the specified `RPI_MODEL` is not `3`.
185
185
186 ##### `ENABLE_RSYSLOG`=true
186 ##### `ENABLE_RSYSLOG`=true
187 If set to false, disable and uninstall rsyslog (so logs will be available only in journal files)
187 If set to false, disable and uninstall rsyslog (so logs will be available only in journal files)
188
188
189 ##### `ENABLE_SOUND`=true
189 ##### `ENABLE_SOUND`=true
190 Enable sound hardware and install Advanced Linux Sound Architecture.
190 Enable sound hardware and install Advanced Linux Sound Architecture.
191
191
192 ##### `ENABLE_HWRANDOM`=true
192 ##### `ENABLE_HWRANDOM`=true
193 Enable Hardware Random Number Generator. Strong random numbers are important for most network-based communications that use encryption. It's recommended to be enabled.
193 Enable Hardware Random Number Generator. Strong random numbers are important for most network-based communications that use encryption. It's recommended to be enabled.
194
194
195 ##### `ENABLE_MINGPU`=false
195 ##### `ENABLE_MINGPU`=false
196 Minimize the amount of shared memory reserved for the GPU. It doesn't seem to be possible to fully disable the GPU.
196 Minimize the amount of shared memory reserved for the GPU. It doesn't seem to be possible to fully disable the GPU.
197
197
198 ##### `ENABLE_DBUS`=true
198 ##### `ENABLE_DBUS`=true
199 Install and enable D-Bus message bus. Please note that systemd should work without D-bus but it's recommended to be enabled.
199 Install and enable D-Bus message bus. Please note that systemd should work without D-bus but it's recommended to be enabled.
200
200
201 ##### `ENABLE_XORG`=false
201 ##### `ENABLE_XORG`=false
202 Install Xorg open-source X Window System.
202 Install Xorg open-source X Window System.
203
203
204 ##### `ENABLE_WM`=""
204 ##### `ENABLE_WM`=""
205 Install a user-defined window manager for the X Window System. To make sure all X related package dependencies are getting installed `ENABLE_XORG` will automatically get enabled if `ENABLE_WM` is used. The `rpi23-gen-image.sh` script has been tested with the following list of window managers: `blackbox`, `openbox`, `fluxbox`, `jwm`, `dwm`, `xfce4`, `awesome`.
205 Install a user-defined window manager for the X Window System. To make sure all X related package dependencies are getting installed `ENABLE_XORG` will automatically get enabled if `ENABLE_WM` is used. The `rpi23-gen-image.sh` script has been tested with the following list of window managers: `blackbox`, `openbox`, `fluxbox`, `jwm`, `dwm`, `xfce4`, `awesome`.
206
206
207 ##### `ENABLE_SYSVINIT`=false
207 ##### `ENABLE_SYSVINIT`=false
208 Support for halt,init,poweroff,reboot,runlevel,shutdown,telinit commands
208 Support for halt,init,poweroff,reboot,runlevel,shutdown,telinit commands
209
209
210 ---
210 ---
211
211
212 #### Advanced system features:
212 #### Advanced system features:
213 ##### `ENABLE_SYSTEMDSWAP`=false
214 Enables [Systemd-swap service](https://github.com/Nefelim4ag/systemd-swap). Usefull if `KERNEL_ZSWAP` is enabled.
215
213 ##### `ENABLE_MINBASE`=false
216 ##### `ENABLE_MINBASE`=false
214 Use debootstrap script variant `minbase` which only includes essential packages and apt. This will reduce the disk usage by about 65 MB.
217 Use debootstrap script variant `minbase` which only includes essential packages and apt. This will reduce the disk usage by about 65 MB.
215
218
216 ##### `ENABLE_REDUCE`=false
219 ##### `ENABLE_REDUCE`=false
217 Reduce the disk space usage by deleting packages and files. See `REDUCE_*` parameters for detailed information.
220 Reduce the disk space usage by deleting packages and files. See `REDUCE_*` parameters for detailed information.
218
221
219 ##### `ENABLE_UBOOT`=false
222 ##### `ENABLE_UBOOT`=false
220 Replace the default RPi 0/1/2/3 second stage bootloader (bootcode.bin) with [U-Boot bootloader](https://git.denx.de/?p=u-boot.git;a=summary). U-Boot can boot images via the network using the BOOTP/TFTP protocol.
223 Replace the default RPi 0/1/2/3 second stage bootloader (bootcode.bin) with [U-Boot bootloader](https://git.denx.de/?p=u-boot.git;a=summary). U-Boot can boot images via the network using the BOOTP/TFTP protocol.
221
224
222 ##### `UBOOTSRC_DIR`=""
225 ##### `UBOOTSRC_DIR`=""
223 Path to a directory (`u-boot`) of [U-Boot bootloader sources](https://git.denx.de/?p=u-boot.git;a=summary) that will be copied, configured, build and installed inside the chroot.
226 Path to a directory (`u-boot`) of [U-Boot bootloader sources](https://git.denx.de/?p=u-boot.git;a=summary) that will be copied, configured, build and installed inside the chroot.
224
227
225 ##### `ENABLE_FBTURBO`=false
228 ##### `ENABLE_FBTURBO`=false
226 Install and enable the [hardware accelerated Xorg video driver](https://github.com/ssvb/xf86-video-fbturbo) `fbturbo`. Please note that this driver is currently limited to hardware accelerated window moving and scrolling.
229 Install and enable the [hardware accelerated Xorg video driver](https://github.com/ssvb/xf86-video-fbturbo) `fbturbo`. Please note that this driver is currently limited to hardware accelerated window moving and scrolling.
227
230
228 ##### `FBTURBOSRC_DIR`=""
231 ##### `FBTURBOSRC_DIR`=""
229 Path to a directory (`xf86-video-fbturbo`) of [hardware accelerated Xorg video driver sources](https://github.com/ssvb/xf86-video-fbturbo) that will be copied, configured, build and installed inside the chroot.
232 Path to a directory (`xf86-video-fbturbo`) of [hardware accelerated Xorg video driver sources](https://github.com/ssvb/xf86-video-fbturbo) that will be copied, configured, build and installed inside the chroot.
230
233
231 ##### `ENABLE_VIDEOCORE`=false
234 ##### `ENABLE_VIDEOCORE`=false
232 Install and enable the [ARM side libraries for interfacing to Raspberry Pi GPU](https://github.com/raspberrypi/userland) `vcgencmd`. Please note that this driver is currently limited to hardware accelerated window moving and scrolling.
235 Install and enable the [ARM side libraries for interfacing to Raspberry Pi GPU](https://github.com/raspberrypi/userland) `vcgencmd`. Please note that this driver is currently limited to hardware accelerated window moving and scrolling.
233
236
234 ##### `VIDEOCORESRC_DIR`=""
237 ##### `VIDEOCORESRC_DIR`=""
235 Path to a directory (`userland`) of [ARM side libraries for interfacing to Raspberry Pi GPU](https://github.com/raspberrypi/userland) that will be copied, configured, build and installed inside the chroot.
238 Path to a directory (`userland`) of [ARM side libraries for interfacing to Raspberry Pi GPU](https://github.com/raspberrypi/userland) that will be copied, configured, build and installed inside the chroot.
236
239
240 ##### `ENABLE_NEXMON`=false
241 Install and enable the [Source code for a C-based firmware patching framework for Broadcom/Cypress WiFi chips that enables you to write your own firmware patches, for example, to enable monitor mode with radiotap headers and frame injection](https://github.com/seemoo-lab/nexmon.git).
242
243 ##### `NEXMONSRC_DIR`=""
244 Path to a directory (`nexmon`) of [Source code for ARM side libraries for interfacing to Raspberry Pi GPU](https://github.com/raspberrypi/userland) that will be copied, configured, build and installed inside the chroot.
245
237 ##### `ENABLE_IPTABLES`=false
246 ##### `ENABLE_IPTABLES`=false
238 Enable iptables IPv4/IPv6 firewall. Simplified ruleset: Allow all outgoing connections. Block all incoming connections except to OpenSSH service.
247 Enable iptables IPv4/IPv6 firewall. Simplified ruleset: Allow all outgoing connections. Block all incoming connections except to OpenSSH service.
239
248
240 ##### `ENABLE_USER`=true
249 ##### `ENABLE_USER`=true
241 Create non-root user with password `USER_PASSWORD`=raspberry. Unless overridden with `USER_NAME`=user, the username will be `pi`.
250 Create non-root user with password `USER_PASSWORD`=raspberry. Unless overridden with `USER_NAME`=user, the username will be `pi`.
242
251
243 ##### `USER_NAME`=pi
252 ##### `USER_NAME`=pi
244 Non-root user to create. Ignored if `ENABLE_USER`=false
253 Non-root user to create. Ignored if `ENABLE_USER`=false
245
254
246 ##### `ENABLE_ROOT`=false
255 ##### `ENABLE_ROOT`=false
247 Set root user password so root login will be enabled
256 Set root user password so root login will be enabled
248
257
249 ##### `ENABLE_HARDNET`=false
258 ##### `ENABLE_HARDNET`=false
250 Enable IPv4/IPv6 network stack hardening settings.
259 Enable IPv4/IPv6 network stack hardening settings.
251
260
252 ##### `ENABLE_SPLITFS`=false
261 ##### `ENABLE_SPLITFS`=false
253 Enable having root partition on an USB drive by creating two image files: one for the `/boot/firmware` mount point, and another for `/`.
262 Enable having root partition on an USB drive by creating two image files: one for the `/boot/firmware` mount point, and another for `/`.
254
263
255 ##### `CHROOT_SCRIPTS`=""
264 ##### `CHROOT_SCRIPTS`=""
256 Path to a directory with scripts that should be run in the chroot before the image is finally built. Every executable file in this directory is run in lexicographical order.
265 Path to a directory with scripts that should be run in the chroot before the image is finally built. Every executable file in this directory is run in lexicographical order.
257
266
258 ##### `ENABLE_INITRAMFS`=false
267 ##### `ENABLE_INITRAMFS`=false
259 Create an initramfs that that will be loaded during the Linux startup process. `ENABLE_INITRAMFS` will automatically get enabled if `ENABLE_CRYPTFS`=true. This parameter will be ignored if `BUILD_KERNEL`=false.
268 Create an initramfs that that will be loaded during the Linux startup process. `ENABLE_INITRAMFS` will automatically get enabled if `ENABLE_CRYPTFS`=true. This parameter will be ignored if `BUILD_KERNEL`=false.
260
269
261 ##### `ENABLE_IFNAMES`=true
270 ##### `ENABLE_IFNAMES`=true
262 Enable automatic assignment of predictable, stable network interface names for all local Ethernet, WLAN interfaces. This might create complex and long interface names.
271 Enable automatic assignment of predictable, stable network interface names for all local Ethernet, WLAN interfaces. This might create complex and long interface names.
263
272
264 ##### `DISABLE_UNDERVOLT_WARNINGS`=
273 ##### `DISABLE_UNDERVOLT_WARNINGS`=
265 Disable RPi2/3 under-voltage warnings and overlays. Setting the parameter to `1` will disable the warning overlay. Setting it to `2` will additionally allow RPi2/3 turbo mode when low-voltage is present.
274 Disable RPi2/3 under-voltage warnings and overlays. Setting the parameter to `1` will disable the warning overlay. Setting it to `2` will additionally allow RPi2/3 turbo mode when low-voltage is present.
266
275
267 ---
276 ---
268
277
269 #### SSH settings:
278 #### SSH settings:
270 ##### `SSH_ENABLE_ROOT`=false
279 ##### `SSH_ENABLE_ROOT`=false
271 Enable password-based root login via SSH. This may be a security risk with the default password set, use only in trusted environments. `ENABLE_ROOT` must be set to `true`.
280 Enable password-based root login via SSH. This may be a security risk with the default password set, use only in trusted environments. `ENABLE_ROOT` must be set to `true`.
272
281
273 ##### `SSH_DISABLE_PASSWORD_AUTH`=false
282 ##### `SSH_DISABLE_PASSWORD_AUTH`=false
274 Disable password-based SSH authentication. Only public key based SSH (v2) authentication will be supported.
283 Disable password-based SSH authentication. Only public key based SSH (v2) authentication will be supported.
275
284
276 ##### `SSH_LIMIT_USERS`=false
285 ##### `SSH_LIMIT_USERS`=false
277 Limit the users that are allowed to login via SSH. Only allow user `USER_NAME`=pi and root if `SSH_ENABLE_ROOT`=true to login. This parameter will be ignored if `dropbear` SSH is used (`REDUCE_SSHD`=true).
286 Limit the users that are allowed to login via SSH. Only allow user `USER_NAME`=pi and root if `SSH_ENABLE_ROOT`=true to login. This parameter will be ignored if `dropbear` SSH is used (`REDUCE_SSHD`=true).
278
287
279 ##### `SSH_ROOT_PUB_KEY`=""
288 ##### `SSH_ROOT_PUB_KEY`=""
280 Add SSH (v2) public key(s) from specified file to `authorized_keys` file to enable public key based SSH (v2) authentication of user `root`. The specified file can also contain multiple SSH (v2) public keys. SSH protocol version 1 is not supported. `ENABLE_ROOT` **and** `SSH_ENABLE_ROOT` must be set to `true`.
289 Add SSH (v2) public key(s) from specified file to `authorized_keys` file to enable public key based SSH (v2) authentication of user `root`. The specified file can also contain multiple SSH (v2) public keys. SSH protocol version 1 is not supported. `ENABLE_ROOT` **and** `SSH_ENABLE_ROOT` must be set to `true`.
281
290
282 ##### `SSH_USER_PUB_KEY`=""
291 ##### `SSH_USER_PUB_KEY`=""
283 Add SSH (v2) public key(s) from specified file to `authorized_keys` file to enable public key based SSH (v2) authentication of user `USER_NAME`=pi. The specified file can also contain multiple SSH (v2) public keys. SSH protocol version 1 is not supported.
292 Add SSH (v2) public key(s) from specified file to `authorized_keys` file to enable public key based SSH (v2) authentication of user `USER_NAME`=pi. The specified file can also contain multiple SSH (v2) public keys. SSH protocol version 1 is not supported.
284
293
285 ---
294 ---
286
295
287 #### Kernel compilation:
296 #### Kernel compilation:
288 ##### `BUILD_KERNEL`=true
297 ##### `BUILD_KERNEL`=true
289 Build and install the latest RPi 0/1/2/3 Linux kernel. Currently only the default RPi 0/1/2/3 kernel configuration is used.
298 Build and install the latest RPi 0/1/2/3 Linux kernel. Currently only the default RPi 0/1/2/3 kernel configuration is used.
290
299
291 ##### `CROSS_COMPILE`="arm-linux-gnueabihf-"
300 ##### `CROSS_COMPILE`="arm-linux-gnueabihf-"
292 This sets the cross-compile environment for the compiler.
301 This sets the cross-compile environment for the compiler.
293
302
294 ##### `KERNEL_ARCH`="arm"
303 ##### `KERNEL_ARCH`="arm"
295 This sets the kernel architecture for the compiler.
304 This sets the kernel architecture for the compiler.
296
305
297 ##### `KERNEL_IMAGE`="kernel7.img"
306 ##### `KERNEL_IMAGE`="kernel7.img"
298 Name of the image file in the boot partition. If not set, `KERNEL_IMAGE` will be set to "kernel8.img" automatically if building for arm64.
307 Name of the image file in the boot partition. If not set, `KERNEL_IMAGE` will be set to "kernel8.img" automatically if building for arm64.
299
308
300 ##### `KERNEL_BRANCH`=""
309 ##### `KERNEL_BRANCH`=""
301 Name of the requested branch from the GIT location for the RPi Kernel. Default is using the current default branch from the GIT site.
310 Name of the requested branch from the GIT location for the RPi Kernel. Default is using the current default branch from the GIT site.
302
311
303 ##### `QEMU_BINARY`="/usr/bin/qemu-arm-static"
312 ##### `QEMU_BINARY`="/usr/bin/qemu-arm-static"
304 Sets the QEMU enviornment for the Debian archive. If not set, `QEMU_BINARY` will be set to "/usr/bin/qemu-aarch64-static" automatically if building for arm64.
313 Sets the QEMU enviornment for the Debian archive. If not set, `QEMU_BINARY` will be set to "/usr/bin/qemu-aarch64-static" automatically if building for arm64.
305
314
306 ##### `KERNEL_DEFCONFIG`="bcm2709_defconfig"
315 ##### `KERNEL_DEFCONFIG`="bcm2709_defconfig"
307 Sets the default config for kernel compiling. If not set, `KERNEL_DEFCONFIG` will be set to "bcmrpi3\_defconfig" automatically if building for arm64.
316 Sets the default config for kernel compiling. If not set, `KERNEL_DEFCONFIG` will be set to "bcmrpi3\_defconfig" automatically if building for arm64.
308
317
309 ##### `KERNEL_REDUCE`=false
318 ##### `KERNEL_REDUCE`=false
310 Reduce the size of the generated kernel by removing unwanted devices, network and filesystem drivers (experimental).
319 Reduce the size of the generated kernel by removing unwanted devices, network and filesystem drivers (experimental).
311
320
312 ##### `KERNEL_THREADS`=1
321 ##### `KERNEL_THREADS`=1
313 Number of parallel kernel building threads. If the parameter is left untouched the script will automatically determine the number of CPU cores to set the number of parallel threads to speed the kernel compilation.
322 Number of parallel kernel building threads. If the parameter is left untouched the script will automatically determine the number of CPU cores to set the number of parallel threads to speed the kernel compilation.
314
323
315 ##### `KERNEL_HEADERS`=true
324 ##### `KERNEL_HEADERS`=true
316 Install kernel headers with the built kernel.
325 Install kernel headers with the built kernel.
317
326
318 ##### `KERNEL_MENUCONFIG`=false
327 ##### `KERNEL_MENUCONFIG`=false
319 Start `make menuconfig` interactive menu-driven kernel configuration. The script will continue after `make menuconfig` was terminated.
328 Start `make menuconfig` interactive menu-driven kernel configuration. The script will continue after `make menuconfig` was terminated.
320
329
321 ##### `KERNEL_OLDDEFCONFIG`=false
330 ##### `KERNEL_OLDDEFCONFIG`=false
322 Run `make olddefconfig` to automatically set all new kernel configuration options to their recommended default values.
331 Run `make olddefconfig` to automatically set all new kernel configuration options to their recommended default values.
323
332
324 ##### `KERNEL_CCACHE`=false
333 ##### `KERNEL_CCACHE`=false
325 Compile the kernel using ccache. This speeds up kernel recompilation by caching previous compilations and detecting when the same compilation is being done again.
334 Compile the kernel using ccache. This speeds up kernel recompilation by caching previous compilations and detecting when the same compilation is being done again.
326
335
327 ##### `KERNEL_REMOVESRC`=true
336 ##### `KERNEL_REMOVESRC`=true
328 Remove all kernel sources from the generated OS image after it was built and installed.
337 Remove all kernel sources from the generated OS image after it was built and installed.
329
338
330 ##### `KERNELSRC_DIR`=""
339 ##### `KERNELSRC_DIR`=""
331 Path to a directory (`linux`) of [RaspberryPi Linux kernel sources](https://github.com/raspberrypi/linux) that will be copied, configured, build and installed inside the chroot.
340 Path to a directory (`linux`) of [RaspberryPi Linux kernel sources](https://github.com/raspberrypi/linux) that will be copied, configured, build and installed inside the chroot.
332
341
333 ##### `KERNELSRC_CLEAN`=false
342 ##### `KERNELSRC_CLEAN`=false
334 Clean the existing kernel sources directory `KERNELSRC_DIR` (using `make mrproper`) after it was copied to the chroot and before the compilation of the kernel has started. This parameter will be ignored if no `KERNELSRC_DIR` was specified or if `KERNELSRC_PREBUILT`=true.
343 Clean the existing kernel sources directory `KERNELSRC_DIR` (using `make mrproper`) after it was copied to the chroot and before the compilation of the kernel has started. This parameter will be ignored if no `KERNELSRC_DIR` was specified or if `KERNELSRC_PREBUILT`=true.
335
344
336 ##### `KERNELSRC_CONFIG`=true
345 ##### `KERNELSRC_CONFIG`=true
337 Run `make bcm2709_defconfig` (and optional `make menuconfig`) to configure the kernel sources before building. This parameter is automatically set to `true` if no existing kernel sources directory was specified using `KERNELSRC_DIR`. This parameter is ignored if `KERNELSRC_PREBUILT`=true.
346 Run `make bcm2709_defconfig` (and optional `make menuconfig`) to configure the kernel sources before building. This parameter is automatically set to `true` if no existing kernel sources directory was specified using `KERNELSRC_DIR`. This parameter is ignored if `KERNELSRC_PREBUILT`=true.
338
347
339 ##### `KERNELSRC_USRCONFIG`=""
348 ##### `KERNELSRC_USRCONFIG`=""
340 Copy own config file to kernel `.config`. If `KERNEL_MENUCONFIG`=true then running after copy.
349 Copy own config file to kernel `.config`. If `KERNEL_MENUCONFIG`=true then running after copy.
341
350
342 ##### `KERNELSRC_PREBUILT`=false
351 ##### `KERNELSRC_PREBUILT`=false
343 With this parameter set to true the script expects the existing kernel sources directory to be already successfully cross-compiled. The parameters `KERNELSRC_CLEAN`, `KERNELSRC_CONFIG`, `KERNELSRC_USRCONFIG` and `KERNEL_MENUCONFIG` are ignored and no kernel compilation tasks are performed.
352 With this parameter set to true the script expects the existing kernel sources directory to be already successfully cross-compiled. The parameters `KERNELSRC_CLEAN`, `KERNELSRC_CONFIG`, `KERNELSRC_USRCONFIG` and `KERNEL_MENUCONFIG` are ignored and no kernel compilation tasks are performed.
344
353
345 ##### `RPI_FIRMWARE_DIR`=""
354 ##### `RPI_FIRMWARE_DIR`=""
346 The directory (`firmware`) containing a local copy of the firmware from the [RaspberryPi firmware project](https://github.com/raspberrypi/firmware). Default is to download the latest firmware directly from the project.
355 The directory (`firmware`) containing a local copy of the firmware from the [RaspberryPi firmware project](https://github.com/raspberrypi/firmware). Default is to download the latest firmware directly from the project.
347
356
357 ##### `KERNEL_DEFAULT_GOV`="ONDEMAND"
358 Set the default cpu governor at kernel compilation. Supported values are: PERFORMANCE POWERSAVE USERSPACE ONDEMAND CONSERVATIVE SCHEDUTIL
359
360 ##### `KERNEL_NF`=false
361 Enable Netfilter modules as kernel modules
362
363 ##### `KERNEL_VIRT`=false
364 Enable Kernel KVM support (/dev/kvm)
365
366 ##### `KERNEL_ZSWAP`=false
367 Enable Kernel Zswap support. Best use on high RAM load and mediocre CPU load usecases
368
369 ##### `KERNEL_BPF`=true
370 Allow attaching eBPF programs to a cgroup using the bpf syscall (CONFIG_BPF_SYSCALL CONFIG_CGROUP_BPF) [systemd compilations about it - File /lib/systemd/system/systemd-journald.server:36 configures an IP firewall (IPAddressDeny=all), but the local system does not support BPF/cgroup based firewalls]
371
372 ##### `KERNEL_SECURITY`=false
373 Enables Apparmor, integrity subsystem, auditing
348 ---
374 ---
349
375
350 #### Reduce disk usage:
376 #### Reduce disk usage:
351 The following list of parameters is ignored if `ENABLE_REDUCE`=false.
377 The following list of parameters is ignored if `ENABLE_REDUCE`=false.
352
378
353 ##### `REDUCE_APT`=true
379 ##### `REDUCE_APT`=true
354 Configure APT to use compressed package repository lists and no package caching files.
380 Configure APT to use compressed package repository lists and no package caching files.
355
381
356 ##### `REDUCE_DOC`=true
382 ##### `REDUCE_DOC`=true
357 Remove all doc files (harsh). Configure APT to not include doc files on future `apt-get` package installations.
383 Remove all doc files (harsh). Configure APT to not include doc files on future `apt-get` package installations.
358
384
359 ##### `REDUCE_MAN`=true
385 ##### `REDUCE_MAN`=true
360 Remove all man pages and info files (harsh). Configure APT to not include man pages on future `apt-get` package installations.
386 Remove all man pages and info files (harsh). Configure APT to not include man pages on future `apt-get` package installations.
361
387
362 ##### `REDUCE_VIM`=false
388 ##### `REDUCE_VIM`=false
363 Replace `vim-tiny` package by `levee` a tiny vim clone.
389 Replace `vim-tiny` package by `levee` a tiny vim clone.
364
390
365 ##### `REDUCE_BASH`=false
391 ##### `REDUCE_BASH`=false
366 Remove `bash` package and switch to `dash` shell (experimental).
392 Remove `bash` package and switch to `dash` shell (experimental).
367
393
368 ##### `REDUCE_HWDB`=true
394 ##### `REDUCE_HWDB`=true
369 Remove PCI related hwdb files (experimental).
395 Remove PCI related hwdb files (experimental).
370
396
371 ##### `REDUCE_SSHD`=true
397 ##### `REDUCE_SSHD`=true
372 Replace `openssh-server` with `dropbear`.
398 Replace `openssh-server` with `dropbear`.
373
399
374 ##### `REDUCE_LOCALE`=true
400 ##### `REDUCE_LOCALE`=true
375 Remove all `locale` translation files.
401 Remove all `locale` translation files.
376
402
377 ---
403 ---
378
404
379 #### Encrypted root partition:
405 #### Encrypted root partition:
380 ##### `ENABLE_CRYPTFS`=false
406 ##### `ENABLE_CRYPTFS`=false
381 Enable full system encryption with dm-crypt. Setup a fully LUKS encrypted root partition (aes-xts-plain64:sha512) and generate required initramfs. The /boot directory will not be encrypted. This parameter will be ignored if `BUILD_KERNEL`=false. `ENABLE_CRYPTFS` is experimental. SSH-to-initramfs is currently not supported but will be soon - feel free to help.
407 Enable full system encryption with dm-crypt. Setup a fully LUKS encrypted root partition (aes-xts-plain64:sha512) and generate required initramfs. The /boot directory will not be encrypted. This parameter will be ignored if `BUILD_KERNEL`=false. `ENABLE_CRYPTFS` is experimental. SSH-to-initramfs is currently not supported but will be soon - feel free to help.
382
408
383 ##### `CRYPTFS_PASSWORD`=""
409 ##### `CRYPTFS_PASSWORD`=""
384 Set password of the encrypted root partition. This parameter is mandatory if `ENABLE_CRYPTFS`=true.
410 Set password of the encrypted root partition. This parameter is mandatory if `ENABLE_CRYPTFS`=true.
385
411
386 ##### `CRYPTFS_MAPPING`="secure"
412 ##### `CRYPTFS_MAPPING`="secure"
387 Set name of dm-crypt managed device-mapper mapping.
413 Set name of dm-crypt managed device-mapper mapping.
388
414
389 ##### `CRYPTFS_CIPHER`="aes-xts-plain64:sha512"
415 ##### `CRYPTFS_CIPHER`="aes-xts-plain64:sha512"
390 Set cipher specification string. `aes-xts*` ciphers are strongly recommended.
416 Set cipher specification string. `aes-xts*` ciphers are strongly recommended.
391
417
392 ##### `CRYPTFS_XTSKEYSIZE`=512
418 ##### `CRYPTFS_XTSKEYSIZE`=512
393 Sets key size in bits. The argument has to be a multiple of 8.
419 Sets key size in bits. The argument has to be a multiple of 8.
394
420
395 ##### `CRYPTFS_DROPBEAR`=false
421 ##### `CRYPTFS_DROPBEAR`=false
396 Enable Dropbear Initramfs support
422 Enable Dropbear Initramfs support
397
423
398 ##### `CRYPTFS_DROPBEAR_PUBKEY`=""
424 ##### `CRYPTFS_DROPBEAR_PUBKEY`=""
399 Provide path to dropbear Public RSA-OpenSSH Key
425 Provide path to dropbear Public RSA-OpenSSH Key
400
426
401 ---
427 ---
402
428
403 #### Build settings:
429 #### Build settings:
404 ##### `BASEDIR`=$(pwd)/images/${RELEASE}
430 ##### `BASEDIR`=$(pwd)/images/${RELEASE}
405 Set a path to a working directory used by the script to generate an image.
431 Set a path to a working directory used by the script to generate an image.
406
432
407 ##### `IMAGE_NAME`=${BASEDIR}/${DATE}-${KERNEL_ARCH}-${KERNEL_BRANCH}-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}
433 ##### `IMAGE_NAME`=${BASEDIR}/${DATE}-${KERNEL_ARCH}-${KERNEL_BRANCH}-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}
408 Set a filename for the output file(s). Note: the script will create $IMAGE_NAME.img if `ENABLE_SPLITFS`=false or $IMAGE_NAME-frmw.img and $IMAGE_NAME-root.img if `ENABLE_SPLITFS`=true. Note 2: If the KERNEL_BRANCH is not set, the word "CURRENT" is used.
434 Set a filename for the output file(s). Note: the script will create $IMAGE_NAME.img if `ENABLE_SPLITFS`=false or $IMAGE_NAME-frmw.img and $IMAGE_NAME-root.img if `ENABLE_SPLITFS`=true. Note 2: If the KERNEL_BRANCH is not set, the word "CURRENT" is used.
409
435
410 ## Understanding the script
436 ## Understanding the script
411 The functions of this script that are required for the different stages of the bootstrapping are split up into single files located inside the `bootstrap.d` directory. During the bootstrapping every script in this directory gets executed in lexicographical order:
437 The functions of this script that are required for the different stages of the bootstrapping are split up into single files located inside the `bootstrap.d` directory. During the bootstrapping every script in this directory gets executed in lexicographical order:
412
438
413 | Script | Description |
439 | Script | Description |
414 | --- | --- |
440 | --- | --- |
415 | `10-bootstrap.sh` | Debootstrap basic system |
441 | `10-bootstrap.sh` | Debootstrap basic system |
416 | `11-apt.sh` | Setup APT repositories |
442 | `11-apt.sh` | Setup APT repositories |
417 | `12-locale.sh` | Setup Locales and keyboard settings |
443 | `12-locale.sh` | Setup Locales and keyboard settings |
418 | `13-kernel.sh` | Build and install RPi 0/1/2/3 Kernel |
444 | `13-kernel.sh` | Build and install RPi 0/1/2/3 Kernel |
419 | `14-fstab.sh` | Setup fstab and initramfs |
445 | `14-fstab.sh` | Setup fstab and initramfs |
420 | `15-rpi-config.sh` | Setup RPi 0/1/2/3 config and cmdline |
446 | `15-rpi-config.sh` | Setup RPi 0/1/2/3 config and cmdline |
421 | `20-networking.sh` | Setup Networking |
447 | `20-networking.sh` | Setup Networking |
422 | `21-firewall.sh` | Setup Firewall |
448 | `21-firewall.sh` | Setup Firewall |
423 | `30-security.sh` | Setup Users and Security settings |
449 | `30-security.sh` | Setup Users and Security settings |
424 | `31-logging.sh` | Setup Logging |
450 | `31-logging.sh` | Setup Logging |
425 | `32-sshd.sh` | Setup SSH and public keys |
451 | `32-sshd.sh` | Setup SSH and public keys |
426 | `41-uboot.sh` | Build and Setup U-Boot |
452 | `41-uboot.sh` | Build and Setup U-Boot |
427 | `42-fbturbo.sh` | Build and Setup fbturbo Xorg driver |
453 | `42-fbturbo.sh` | Build and Setup fbturbo Xorg driver |
428 | `43-videocore.sh` | Build and Setup videocore libraries |
454 | `43-videocore.sh` | Build and Setup videocore libraries |
429 | `50-firstboot.sh` | First boot actions |
455 | `50-firstboot.sh` | First boot actions |
430 | `99-reduce.sh` | Reduce the disk space usage |
456 | `99-reduce.sh` | Reduce the disk space usage |
431
457
432 All the required configuration files that will be copied to the generated OS image are located inside the `files` directory. It is not recommended to modify these configuration files manually.
458 All the required configuration files that will be copied to the generated OS image are located inside the `files` directory. It is not recommended to modify these configuration files manually.
433
459
434 | Directory | Description |
460 | Directory | Description |
435 | --- | --- |
461 | --- | --- |
436 | `apt` | APT management configuration files |
462 | `apt` | APT management configuration files |
437 | `boot` | Boot and RPi 0/1/2/3 configuration files |
463 | `boot` | Boot and RPi 0/1/2/3 configuration files |
438 | `dpkg` | Package Manager configuration |
464 | `dpkg` | Package Manager configuration |
439 | `etc` | Configuration files and rc scripts |
465 | `etc` | Configuration files and rc scripts |
440 | `firstboot` | Scripts that get executed on first boot |
466 | `firstboot` | Scripts that get executed on first boot |
441 | `initramfs` | Initramfs scripts |
467 | `initramfs` | Initramfs scripts |
442 | `iptables` | Firewall configuration files |
468 | `iptables` | Firewall configuration files |
443 | `locales` | Locales configuration |
469 | `locales` | Locales configuration |
444 | `modules` | Kernel Modules configuration |
470 | `modules` | Kernel Modules configuration |
445 | `mount` | Fstab configuration |
471 | `mount` | Fstab configuration |
446 | `network` | Networking configuration files |
472 | `network` | Networking configuration files |
447 | `sysctl.d` | Swapping and Network Hardening configuration |
473 | `sysctl.d` | Swapping and Network Hardening configuration |
448 | `xorg` | fbturbo Xorg driver configuration |
474 | `xorg` | fbturbo Xorg driver configuration |
449
475
450 ## Custom packages and scripts
476 ## Custom packages and scripts
451 Debian custom packages, i.e. those not in the debian repositories, can be installed by placing them in the `packages` directory. They are installed immediately after packages from the repositories are installed. Any dependencies listed in the custom packages will be downloaded automatically from the repositories. Do not list these custom packages in `APT_INCLUDES`.
477 Debian custom packages, i.e. those not in the debian repositories, can be installed by placing them in the `packages` directory. They are installed immediately after packages from the repositories are installed. Any dependencies listed in the custom packages will be downloaded automatically from the repositories. Do not list these custom packages in `APT_INCLUDES`.
452
478
453 Scripts in the custom.d directory will be executed after all other installation is complete but before the image is created.
479 Scripts in the custom.d directory will be executed after all other installation is complete but before the image is created.
454
480
455 ## Logging of the bootstrapping process
481 ## Logging of the bootstrapping process
456 All information related to the bootstrapping process and the commands executed by the `rpi23-gen-image.sh` script can easily be saved into a logfile. The common shell command `script` can be used for this purpose:
482 All information related to the bootstrapping process and the commands executed by the `rpi23-gen-image.sh` script can easily be saved into a logfile. The common shell command `script` can be used for this purpose:
457
483
458 ```shell
484 ```shell
459 script -c 'APT_SERVER=ftp.de.debian.org ./rpi23-gen-image.sh' ./build.log
485 script -c 'APT_SERVER=ftp.de.debian.org ./rpi23-gen-image.sh' ./build.log
460 ```
486 ```
461
487
462 ## Flashing the image file
488 ## Flashing the image file
463 After the image file was successfully created by the `rpi23-gen-image.sh` script it can be copied to the microSD card that will be used by the RPi 0/1/2/3 computer. This can be performed by using the tools `bmaptool` or `dd`. Using `bmaptool` will probably speed-up the copy process because `bmaptool` copies more wisely than `dd`.
489 After the image file was successfully created by the `rpi23-gen-image.sh` script it can be copied to the microSD card that will be used by the RPi 0/1/2/3 computer. This can be performed by using the tools `bmaptool` or `dd`. Using `bmaptool` will probably speed-up the copy process because `bmaptool` copies more wisely than `dd`.
464
490
465 ##### Flashing examples:
491 ##### Flashing examples:
466 ```shell
492 ```shell
467 bmaptool copy ./images/buster/2017-01-23-rpi3-buster.img /dev/mmcblk0
493 bmaptool copy ./images/buster/2017-01-23-rpi3-buster.img /dev/mmcblk0
468 dd bs=4M if=./images/buster/2017-01-23-rpi3-buster.img of=/dev/mmcblk0
494 dd bs=4M if=./images/buster/2017-01-23-rpi3-buster.img of=/dev/mmcblk0
469 ```
495 ```
470 If you have set `ENABLE_SPLITFS`, copy the `-frmw` image on the microSD card, then the `-root` one on the USB drive:
496 If you have set `ENABLE_SPLITFS`, copy the `-frmw` image on the microSD card, then the `-root` one on the USB drive:
471 ```shell
497 ```shell
472 bmaptool copy ./images/buster/2017-01-23-rpi3-buster-frmw.img /dev/mmcblk0
498 bmaptool copy ./images/buster/2017-01-23-rpi3-buster-frmw.img /dev/mmcblk0
473 bmaptool copy ./images/buster/2017-01-23-rpi3-buster-root.img /dev/sdc
499 bmaptool copy ./images/buster/2017-01-23-rpi3-buster-root.img /dev/sdc
474 ```
500 ```
475
501
476 ## QEMU emulation
502 ## QEMU emulation
477 Start QEMU full system emulation:
503 Start QEMU full system emulation:
478 ```shell
504 ```shell
479 qemu-system-arm -m 2048M -M vexpress-a15 -cpu cortex-a15 -kernel kernel7.img -no-reboot -dtb vexpress-v2p-ca15_a7.dtb -sd ${IMAGE_NAME}.qcow2 -append "root=/dev/mmcblk0p2 rw rootfstype=ext4 console=tty1"
505 qemu-system-arm -m 2048M -M vexpress-a15 -cpu cortex-a15 -kernel kernel7.img -no-reboot -dtb vexpress-v2p-ca15_a7.dtb -sd ${IMAGE_NAME}.qcow2 -append "root=/dev/mmcblk0p2 rw rootfstype=ext4 console=tty1"
480 ```
506 ```
481
507
482 Start QEMU full system emulation and output to console:
508 Start QEMU full system emulation and output to console:
483 ```shell
509 ```shell
484 qemu-system-arm -m 2048M -M vexpress-a15 -cpu cortex-a15 -kernel kernel7.img -no-reboot -dtb vexpress-v2p-ca15_a7.dtb -sd ${IMAGE_NAME}.qcow2 -append "root=/dev/mmcblk0p2 rw rootfstype=ext4 console=ttyAMA0,115200 init=/bin/systemd" -serial stdio
510 qemu-system-arm -m 2048M -M vexpress-a15 -cpu cortex-a15 -kernel kernel7.img -no-reboot -dtb vexpress-v2p-ca15_a7.dtb -sd ${IMAGE_NAME}.qcow2 -append "root=/dev/mmcblk0p2 rw rootfstype=ext4 console=ttyAMA0,115200 init=/bin/systemd" -serial stdio
485 ```
511 ```
486
512
487 Start QEMU full system emulation with SMP and output to console:
513 Start QEMU full system emulation with SMP and output to console:
488 ```shell
514 ```shell
489 qemu-system-arm -m 2048M -M vexpress-a15 -cpu cortex-a15 -smp cpus=2,maxcpus=2 -kernel kernel7.img -no-reboot -dtb vexpress-v2p-ca15_a7.dtb -sd ${IMAGE_NAME}.qcow2 -append "root=/dev/mmcblk0p2 rw rootfstype=ext4 console=ttyAMA0,115200 init=/bin/systemd" -serial stdio
515 qemu-system-arm -m 2048M -M vexpress-a15 -cpu cortex-a15 -smp cpus=2,maxcpus=2 -kernel kernel7.img -no-reboot -dtb vexpress-v2p-ca15_a7.dtb -sd ${IMAGE_NAME}.qcow2 -append "root=/dev/mmcblk0p2 rw rootfstype=ext4 console=ttyAMA0,115200 init=/bin/systemd" -serial stdio
490 ```
516 ```
491
517
492 Start QEMU full system emulation with cryptfs, initramfs and output to console:
518 Start QEMU full system emulation with cryptfs, initramfs and output to console:
493 ```shell
519 ```shell
494 qemu-system-arm -m 2048M -M vexpress-a15 -cpu cortex-a15 -kernel kernel7.img -no-reboot -dtb vexpress-v2p-ca15_a7.dtb -sd ${IMAGE_NAME}.qcow2 -initrd "initramfs-${KERNEL_VERSION}" -append "root=/dev/mapper/secure cryptdevice=/dev/mmcblk0p2:secure rw rootfstype=ext4 console=ttyAMA0,115200 init=/bin/systemd" -serial stdio
520 qemu-system-arm -m 2048M -M vexpress-a15 -cpu cortex-a15 -kernel kernel7.img -no-reboot -dtb vexpress-v2p-ca15_a7.dtb -sd ${IMAGE_NAME}.qcow2 -initrd "initramfs-${KERNEL_VERSION}" -append "root=/dev/mapper/secure cryptdevice=/dev/mmcblk0p2:secure rw rootfstype=ext4 console=ttyAMA0,115200 init=/bin/systemd" -serial stdio
495 ```
521 ```
496
522
497 ## External links and references
523 ## External links and references
498 * [Debian worldwide mirror sites](https://www.debian.org/mirror/list)
524 * [Debian worldwide mirror sites](https://www.debian.org/mirror/list)
499 * [Debian Raspberry Pi 2 Wiki](https://wiki.debian.org/RaspberryPi2)
525 * [Debian Raspberry Pi 2 Wiki](https://wiki.debian.org/RaspberryPi2)
500 * [Debian CrossToolchains Wiki](https://wiki.debian.org/CrossToolchains)
526 * [Debian CrossToolchains Wiki](https://wiki.debian.org/CrossToolchains)
501 * [Official Raspberry Pi Firmware on github](https://github.com/raspberrypi/firmware)
527 * [Official Raspberry Pi Firmware on github](https://github.com/raspberrypi/firmware)
502 * [Official Raspberry Pi Kernel on github](https://github.com/raspberrypi/linux)
528 * [Official Raspberry Pi Kernel on github](https://github.com/raspberrypi/linux)
503 * [U-BOOT git repository](https://git.denx.de/?p=u-boot.git;a=summary)
529 * [U-BOOT git repository](https://git.denx.de/?p=u-boot.git;a=summary)
504 * [Xorg DDX driver fbturbo](https://github.com/ssvb/xf86-video-fbturbo)
530 * [Xorg DDX driver fbturbo](https://github.com/ssvb/xf86-video-fbturbo)
505 * [RPi3 Wireless interface firmware](https://github.com/RPi-Distro/firmware-nonfree/tree/master/brcm80211/brcm)
531 * [RPi3 Wireless interface firmware](https://github.com/RPi-Distro/firmware-nonfree/tree/master/brcm80211/brcm)
506 * [Collabora RPi2 Kernel precompiled](https://repositories.collabora.co.uk/debian/)
532 * [Collabora RPi2 Kernel precompiled](https://repositories.collabora.co.uk/debian/)
@@ -1,255 +1,602
1 #
1 #
2 # Build and Setup RPi2/3 Kernel
2 # Build and Setup RPi2/3 Kernel
3 #
3 #
4
4
5 # Load utility functions
5 # Load utility functions
6 . ./functions.sh
6 . ./functions.sh
7
7
8 # Need to use kali kernel src if nexmon is enabled
9 if [ "$ENABLE_NEXMON" = true ] ; then
10 KERNEL_URL="${KALI_KERNEL_URL}"
11 # Clear Branch and KernelSRC_DIR if using nexmon. Everyone will forget to clone kali kernel instead of nomrla kernel
12 KERNEL_BRANCH=""
13 KERNELSRC_DIR=""
14 fi
15
8 # Fetch and build latest raspberry kernel
16 # Fetch and build latest raspberry kernel
9 if [ "$BUILD_KERNEL" = true ] ; then
17 if [ "$BUILD_KERNEL" = true ] ; then
10 # Setup source directory
18 # Setup source directory
11 mkdir -p "${KERNEL_DIR}"
19 mkdir -p "${KERNEL_DIR}"
12
20
13 # Copy existing kernel sources into chroot directory
21 # Copy existing kernel sources into chroot directory
14 if [ -n "$KERNELSRC_DIR" ] && [ -d "$KERNELSRC_DIR" ] ; then
22 if [ -n "$KERNELSRC_DIR" ] && [ -d "$KERNELSRC_DIR" ] ; then
15 # Copy kernel sources and include hidden files
23 # Copy kernel sources and include hidden files
16 cp -r "${KERNELSRC_DIR}/". "${KERNEL_DIR}"
24 cp -r "${KERNELSRC_DIR}/". "${KERNEL_DIR}"
17
25
18 # Clean the kernel sources
26 # Clean the kernel sources
19 if [ "$KERNELSRC_CLEAN" = true ] && [ "$KERNELSRC_PREBUILT" = false ] ; then
27 if [ "$KERNELSRC_CLEAN" = true ] && [ "$KERNELSRC_PREBUILT" = false ] ; then
20 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" mrproper
28 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" mrproper
21 fi
29 fi
22 else # KERNELSRC_DIR=""
30 else # KERNELSRC_DIR=""
23 # Create temporary directory for kernel sources
31 # Create temporary directory for kernel sources
24 temp_dir=$(as_nobody mktemp -d)
32 temp_dir=$(as_nobody mktemp -d)
25
33
26 # Fetch current RPi2/3 kernel sources
34 # Fetch current RPi2/3 kernel sources
27 if [ -z "${KERNEL_BRANCH}" ] ; then
35 if [ -z "${KERNEL_BRANCH}" ] ; then
28 as_nobody -H git -C "${temp_dir}" clone --depth=1 "${KERNEL_URL}" linux
36 as_nobody -H git -C "${temp_dir}" clone --depth=1 "${KERNEL_URL}" linux
29 else
37 else
30 as_nobody -H git -C "${temp_dir}" clone --depth=1 --branch "${KERNEL_BRANCH}" "${KERNEL_URL}" linux
38 as_nobody -H git -C "${temp_dir}" clone --depth=1 --branch "${KERNEL_BRANCH}" "${KERNEL_URL}" linux
31 fi
39 fi
32
40
33 # Copy downloaded kernel sources
41 # Copy downloaded kernel sources
34 cp -r "${temp_dir}/linux/"* "${KERNEL_DIR}"
42 cp -r "${temp_dir}/linux/"* "${KERNEL_DIR}"
35
43
36 # Remove temporary directory for kernel sources
44 # Remove temporary directory for kernel sources
37 rm -fr "${temp_dir}"
45 rm -fr "${temp_dir}"
38
46
39 # Set permissions of the kernel sources
47 # Set permissions of the kernel sources
40 chown -R root:root "${R}/usr/src"
48 chown -R root:root "${R}/usr/src"
41 fi
49 fi
42
50
43 # Calculate optimal number of kernel building threads
51 # Calculate optimal number of kernel building threads
44 if [ "$KERNEL_THREADS" = "1" ] && [ -r /proc/cpuinfo ] ; then
52 if [ "$KERNEL_THREADS" = "1" ] && [ -r /proc/cpuinfo ] ; then
45 KERNEL_THREADS=$(grep -c processor /proc/cpuinfo)
53 KERNEL_THREADS=$(grep -c processor /proc/cpuinfo)
46 fi
54 fi
47
55
48 # Configure and build kernel
56 # Configure and build kernel
49 if [ "$KERNELSRC_PREBUILT" = false ] ; then
57 if [ "$KERNELSRC_PREBUILT" = false ] ; then
50 # Remove device, network and filesystem drivers from kernel configuration
58 # Remove device, network and filesystem drivers from kernel configuration
51 if [ "$KERNEL_REDUCE" = true ] ; then
59 if [ "$KERNEL_REDUCE" = true ] ; then
52 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" "${KERNEL_DEFCONFIG}"
60 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" "${KERNEL_DEFCONFIG}"
53 sed -i\
61 sed -i\
54 -e "s/\(^CONFIG_SND.*\=\).*/\1n/"\
62 -e "s/\(^CONFIG_SND.*\=\).*/\1n/"\
55 -e "s/\(^CONFIG_SOUND.*\=\).*/\1n/"\
63 -e "s/\(^CONFIG_SOUND.*\=\).*/\1n/"\
56 -e "s/\(^CONFIG_AC97.*\=\).*/\1n/"\
64 -e "s/\(^CONFIG_AC97.*\=\).*/\1n/"\
57 -e "s/\(^CONFIG_VIDEO_.*\=\).*/\1n/"\
65 -e "s/\(^CONFIG_VIDEO_.*\=\).*/\1n/"\
58 -e "s/\(^CONFIG_MEDIA_TUNER.*\=\).*/\1n/"\
66 -e "s/\(^CONFIG_MEDIA_TUNER.*\=\).*/\1n/"\
59 -e "s/\(^CONFIG_DVB.*\=\)[ym]/\1n/"\
67 -e "s/\(^CONFIG_DVB.*\=\)[ym]/\1n/"\
60 -e "s/\(^CONFIG_REISERFS.*\=\).*/\1n/"\
68 -e "s/\(^CONFIG_REISERFS.*\=\).*/\1n/"\
61 -e "s/\(^CONFIG_JFS.*\=\).*/\1n/"\
69 -e "s/\(^CONFIG_JFS.*\=\).*/\1n/"\
62 -e "s/\(^CONFIG_XFS.*\=\).*/\1n/"\
70 -e "s/\(^CONFIG_XFS.*\=\).*/\1n/"\
63 -e "s/\(^CONFIG_GFS2.*\=\).*/\1n/"\
71 -e "s/\(^CONFIG_GFS2.*\=\).*/\1n/"\
64 -e "s/\(^CONFIG_OCFS2.*\=\).*/\1n/"\
72 -e "s/\(^CONFIG_OCFS2.*\=\).*/\1n/"\
65 -e "s/\(^CONFIG_BTRFS.*\=\).*/\1n/"\
73 -e "s/\(^CONFIG_BTRFS.*\=\).*/\1n/"\
66 -e "s/\(^CONFIG_HFS.*\=\).*/\1n/"\
74 -e "s/\(^CONFIG_HFS.*\=\).*/\1n/"\
67 -e "s/\(^CONFIG_JFFS2.*\=\)[ym]/\1n/"\
75 -e "s/\(^CONFIG_JFFS2.*\=\)[ym]/\1n/"\
68 -e "s/\(^CONFIG_UBIFS.*\=\).*/\1n/"\
76 -e "s/\(^CONFIG_UBIFS.*\=\).*/\1n/"\
69 -e "s/\(^CONFIG_SQUASHFS.*\=\)[ym]/\1n/"\
77 -e "s/\(^CONFIG_SQUASHFS.*\=\)[ym]/\1n/"\
70 -e "s/\(^CONFIG_W1.*\=\)[ym]/\1n/"\
78 -e "s/\(^CONFIG_W1.*\=\)[ym]/\1n/"\
71 -e "s/\(^CONFIG_HAMRADIO.*\=\).*/\1n/"\
79 -e "s/\(^CONFIG_HAMRADIO.*\=\).*/\1n/"\
72 -e "s/\(^CONFIG_CAN.*\=\).*/\1n/"\
80 -e "s/\(^CONFIG_CAN.*\=\).*/\1n/"\
73 -e "s/\(^CONFIG_IRDA.*\=\).*/\1n/"\
81 -e "s/\(^CONFIG_IRDA.*\=\).*/\1n/"\
74 -e "s/\(^CONFIG_BT_.*\=\).*/\1n/"\
82 -e "s/\(^CONFIG_BT_.*\=\).*/\1n/"\
75 -e "s/\(^CONFIG_WIMAX.*\=\)[ym]/\1n/"\
83 -e "s/\(^CONFIG_WIMAX.*\=\)[ym]/\1n/"\
76 -e "s/\(^CONFIG_6LOWPAN.*\=\).*/\1n/"\
84 -e "s/\(^CONFIG_6LOWPAN.*\=\).*/\1n/"\
77 -e "s/\(^CONFIG_IEEE802154.*\=\).*/\1n/"\
85 -e "s/\(^CONFIG_IEEE802154.*\=\).*/\1n/"\
78 -e "s/\(^CONFIG_NFC.*\=\).*/\1n/"\
86 -e "s/\(^CONFIG_NFC.*\=\).*/\1n/"\
79 -e "s/\(^CONFIG_FB_TFT=.*\=\).*/\1n/"\
87 -e "s/\(^CONFIG_FB_TFT=.*\=\).*/\1n/"\
80 -e "s/\(^CONFIG_TOUCHSCREEN.*\=\).*/\1n/"\
88 -e "s/\(^CONFIG_TOUCHSCREEN.*\=\).*/\1n/"\
81 -e "s/\(^CONFIG_USB_GSPCA_.*\=\).*/\1n/"\
89 -e "s/\(^CONFIG_USB_GSPCA_.*\=\).*/\1n/"\
82 -e "s/\(^CONFIG_DRM.*\=\).*/\1n/"\
90 -e "s/\(^CONFIG_DRM.*\=\).*/\1n/"\
83 "${KERNEL_DIR}/.config"
91 "${KERNEL_DIR}/.config"
84 fi
92 fi
85
93
86 if [ "$KERNELSRC_CONFIG" = true ] ; then
94 if [ "$KERNELSRC_CONFIG" = true ] ; then
87 # Load default raspberry kernel configuration
95 # Load default raspberry kernel configuration
88 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" "${KERNEL_DEFCONFIG}"
96 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" "${KERNEL_DEFCONFIG}"
89
97
98 #Switch to KERNELSRC_DIR so we can use set_kernel_config
99 cd "${KERNEL_DIR}" || exit
100
101 # enable ZSWAP see https://askubuntu.com/a/472227 or https://wiki.archlinux.org/index.php/zswap
102 if [ "$KERNEL_ZSWAP" = true ] ; then
103 set_kernel_config CONFIG_ZPOOL y
104 set_kernel_config CONFIG_ZSWAP y
105 set_kernel_config CONFIG_ZBUD y
106 set_kernel_config CONFIG_Z3FOLD y
107 set_kernel_config CONFIG_ZSMALLOC y
108 set_kernel_config CONFIG_PGTABLE_MAPPING y
109 set_kernel_config CONFIG_LZO_COMPRESS y
110 fi
111
112 # enable basic KVM support; see https://www.raspberrypi.org/forums/viewtopic.php?f=63&t=210546&start=25#p1300453
113 if [ "$KERNEL_VIRT" = true ] && { [ "$RPI_MODEL" = 2 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; } ; then
114 set_kernel_config CONFIG_HAVE_KVM_IRQCHIP y
115 set_kernel_config CONFIG_HAVE_KVM_ARCH_TLB_FLUSH_ALL y
116 set_kernel_config CONFIG_HAVE_KVM_CPU_RELAX_INTERCEPT y
117 set_kernel_config CONFIG_HAVE_KVM_EVENTFD y
118 set_kernel_config CONFIG_HAVE_KVM_IRQFD y
119 set_kernel_config CONFIG_HAVE_KVM_IRQ_ROUTING y
120 set_kernel_config CONFIG_HAVE_KVM_MSI y
121 set_kernel_config CONFIG_KVM y
122 set_kernel_config CONFIG_KVM_ARM_HOST y
123 set_kernel_config CONFIG_KVM_ARM_PMU y
124 set_kernel_config CONFIG_KVM_COMPAT y
125 set_kernel_config CONFIG_KVM_GENERIC_DIRTYLOG_READ_PROTECT y
126 set_kernel_config CONFIG_KVM_MMIO y
127 set_kernel_config CONFIG_KVM_VFIO y
128 set_kernel_config CONFIG_VHOST m
129 set_kernel_config CONFIG_VHOST_CROSS_ENDIAN_LEGACY y
130 set_kernel_config CONFIG_VHOST_NET m
131 set_kernel_config CONFIG_VIRTUALIZATION y
132
133 set_kernel_config CONFIG_MMU_NOTIFIER y
134
135 # erratum
136 set_kernel_config ARM64_ERRATUM_834220 y
137
138 # https://sourceforge.net/p/kvm/mailman/message/18440797/
139 set_kernel_config CONFIG_PREEMPT_NOTIFIERS y
140 fi
141
142 # enable apparmor,integrity audit,
143 if [ "$KERNEL_SECURITY" = true ] ; then
144
145 # security filesystem, security models and audit
146 set_kernel_config CONFIG_SECURITYFS y
147 set_kernel_config CONFIG_SECURITY y
148 set_kernel_config CONFIG_AUDIT y
149
150 # harden strcpy and memcpy
151 set_kernel_config CONFIG_HARDENED_USERCOPY=y
152 set_kernel_config CONFIG_HAVE_HARDENED_USERCOPY_ALLOCATOR=y
153 set_kernel_config CONFIG_FORTIFY_SOURCE=y
154
155 # integrity sub-system
156 set_kernel_config CONFIG_INTEGRITY=y
157 set_kernel_config CONFIG_INTEGRITY_ASYMMETRIC_KEYS=y
158 set_kernel_config CONFIG_INTEGRITY_AUDIT=y
159 set_kernel_config CONFIG_INTEGRITY_SIGNATURE=y
160 set_kernel_config CONFIG_INTEGRITY_TRUSTED_KEYRING=y
161
162 # This option provides support for retaining authentication tokens and access keys in the kernel.
163 set_kernel_config CONFIG_KEYS=y
164 set_kernel_config CONFIG_KEYS_COMPAT=y
165
166 # Apparmor
167 set_kernel_config CONFIG_SECURITY_APPARMOR_BOOTPARAM_VALUE 0
168 set_kernel_config CONFIG_SECURITY_APPARMOR_HASH_DEFAULT y
169 set_kernel_config CONFIG_DEFAULT_SECURITY_APPARMOR y
170 set_kernel_config CONFIG_SECURITY_APPARMOR y
171 set_kernel_config CONFIG_SECURITY_APPARMOR_HASH y
172 set_kernel_config CONFIG_DEFAULT_SECURITY "apparmor"
173
174 # restrictions on unprivileged users reading the kernel
175 set_kernel_config CONFIG_SECURITY_DMESG_RESTRICT=y
176
177 # network security hooks
178 set_kernel_config CONFIG_SECURITY_NETWORK y
179 set_kernel_config CONFIG_SECURITY_NETWORK_XFRM=y
180 set_kernel_config CONFIG_SECURITY_PATH=y
181 set_kernel_config CONFIG_SECURITY_YAMA=y
182
183 # New Options
184 if [ "$KERNEL_NF" = true ] ; then
185 set_kernel_config CONFIG_IP_NF_SECURITY m
186 set_kernel_config CONFIG_NETLABEL y
187 set_kernel_config CONFIG_IP6_NF_SECURITY m
188 fi
189 set_kernel_config CONFIG_SECURITY_SELINUX n
190 set_kernel_config CONFIG_SECURITY_SMACK n
191 set_kernel_config CONFIG_SECURITY_TOMOYO n
192 set_kernel_config CONFIG_SECURITY_APPARMOR_DEBUG n
193 set_kernel_config CONFIG_SECURITY_LOADPIN n
194 set_kernel_config CONFIG_HARDENED_USERCOPY_PAGESPAN n
195 set_kernel_config CONFIG_IMA n
196 set_kernel_config CONFIG_EVM n
197 set_kernel_config CONFIG_FANOTIFY_ACCESS_PERMISSIONS y
198 set_kernel_config CONFIG_NFSD_V4_SECURITY_LABEL y
199 set_kernel_config CONFIG_PKCS7_MESSAGE_PARSER y
200 set_kernel_config CONFIG_SYSTEM_TRUSTED_KEYRING y
201 set_kernel_config CONFIG_SYSTEM_TRUSTED_KEYS y
202 set_kernel_config CONFIG_SYSTEM_EXTRA_CERTIFICATE y
203 set_kernel_config CONFIG_SECONDARY_TRUSTED_KEYRING y
204 set_kernel_config CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY n
205 set_kernel_config CONFIG_SYSTEM_TRUSTED_KEYS m
206 set_kernel_config CONFIG_SYSTEM_EXTRA_CERTIFICATE_SIZE 4096
207
208 set_kernel_config CONFIG_ARM64_CRYPTO y
209 set_kernel_config CONFIG_CRYPTO_SHA256_ARM64 m
210 set_kernel_config CONFIG_CRYPTO_SHA512_ARM64 m
211 set_kernel_config CONFIG_CRYPTO_SHA1_ARM64_CE m
212 set_kernel_config CRYPTO_GHASH_ARM64_CE m
213 set_kernel_config CRYPTO_SHA2_ARM64_CE m
214 set_kernel_config CONFIG_CRYPTO_CRCT10DIF_ARM64_CE m
215 set_kernel_config CONFIG_CRYPTO_CRC32_ARM64_CE m
216 set_kernel_config CONFIG_CRYPTO_AES_ARM64 m
217 set_kernel_config CONFIG_CRYPTO_AES_ARM64_CE m
218 set_kernel_config CONFIG_CRYPTO_AES_ARM64_CE_CCM y
219 set_kernel_config CONFIG_CRYPTO_AES_ARM64_CE_BLK y
220 set_kernel_config CONFIG_CRYPTO_AES_ARM64_NEON_BLK m
221 set_kernel_config CONFIG_CRYPTO_CHACHA20_NEON m
222 set_kernel_config CONFIG_CRYPTO_AES_ARM64_BS m
223 set_kernel_config SYSTEM_TRUSTED_KEYS
224 fi
225
226 # Netfilter kernel support See https://github.com/raspberrypi/linux/issues/2177#issuecomment-354647406
227 if [ "$KERNEL_NF" = true ] ; then
228 set_kernel_config CONFIG_IP_NF_TARGET_SYNPROXY m
229 set_kernel_config CONFIG_NETFILTER_XT_TARGET_AUDIT m
230 set_kernel_config CONFIG_NETFILTER_XT_MATCH_CGROUP m
231 set_kernel_config CONFIG_NETFILTER_XT_MATCH_IPCOMP m
232 set_kernel_config CONFIG_NETFILTER_XT_MATCH_SOCKET m
233 set_kernel_config CONFIG_NFT_FIB_INET m
234 set_kernel_config CONFIG_NFT_FIB_IPV4 m
235 set_kernel_config CONFIG_NFT_FIB_IPV6 m
236 set_kernel_config CONFIG_NFT_FIB_NETDEV m
237 set_kernel_config CONFIG_NFT_OBJREF m
238 set_kernel_config CONFIG_NFT_RT m
239 set_kernel_config CONFIG_NFT_SET_BITMAP m
240 set_kernel_config CONFIG_NF_CONNTRACK_TIMEOUT y
241 set_kernel_config CONFIG_NF_LOG_ARP m
242 set_kernel_config CONFIG_NF_SOCKET_IPV4 m
243 set_kernel_config CONFIG_NF_SOCKET_IPV6 m
244 set_kernel_config CONFIG_BRIDGE_EBT_BROUTE m
245 set_kernel_config CONFIG_BRIDGE_EBT_T_FILTER m
246 set_kernel_config CONFIG_BRIDGE_NF_EBTABLES m
247 set_kernel_config CONFIG_IP6_NF_IPTABLES m
248 set_kernel_config CONFIG_IP6_NF_MATCH_AH m
249 set_kernel_config CONFIG_IP6_NF_MATCH_EUI64 m
250 set_kernel_config CONFIG_IP6_NF_NAT m
251 set_kernel_config CONFIG_IP6_NF_TARGET_MASQUERADE m
252 set_kernel_config CONFIG_IP6_NF_TARGET_NPT m
253 set_kernel_config CONFIG_IP_NF_SECURITY m
254 set_kernel_config CONFIG_IP_SET_BITMAP_IPMAC m
255 set_kernel_config CONFIG_IP_SET_BITMAP_PORT m
256 set_kernel_config CONFIG_IP_SET_HASH_IP m
257 set_kernel_config CONFIG_IP_SET_HASH_IPMARK m
258 set_kernel_config CONFIG_IP_SET_HASH_IPPORT m
259 set_kernel_config CONFIG_IP_SET_HASH_IPPORTIP m
260 set_kernel_config CONFIG_IP_SET_HASH_IPPORTNET m
261 set_kernel_config CONFIG_IP_SET_HASH_MAC m
262 set_kernel_config CONFIG_IP_SET_HASH_NET m
263 set_kernel_config CONFIG_IP_SET_HASH_NETIFACE m
264 set_kernel_config CONFIG_IP_SET_HASH_NETNET m
265 set_kernel_config CONFIG_IP_SET_HASH_NETPORT m
266 set_kernel_config CONFIG_IP_SET_HASH_NETPORTNET m
267 set_kernel_config CONFIG_IP_SET_LIST_SET m
268 set_kernel_config CONFIG_NETFILTER_XTABLES m
269 set_kernel_config CONFIG_NETFILTER_XTABLES m
270 set_kernel_config CONFIG_NFT_BRIDGE_META m
271 set_kernel_config CONFIG_NFT_BRIDGE_REJECT m
272 set_kernel_config CONFIG_NFT_CHAIN_NAT_IPV4 m
273 set_kernel_config CONFIG_NFT_CHAIN_NAT_IPV6 m
274 set_kernel_config CONFIG_NFT_CHAIN_ROUTE_IPV4 m
275 set_kernel_config CONFIG_NFT_CHAIN_ROUTE_IPV6 m
276 set_kernel_config CONFIG_NFT_COMPAT m
277 set_kernel_config CONFIG_NFT_COUNTER m
278 set_kernel_config CONFIG_NFT_CT m
279 set_kernel_config CONFIG_NFT_DUP_IPV4 m
280 set_kernel_config CONFIG_NFT_DUP_IPV6 m
281 set_kernel_config CONFIG_NFT_DUP_NETDEV m
282 set_kernel_config CONFIG_NFT_EXTHDR m
283 set_kernel_config CONFIG_NFT_FWD_NETDEV m
284 set_kernel_config CONFIG_NFT_HASH m
285 set_kernel_config CONFIG_NFT_LIMIT m
286 set_kernel_config CONFIG_NFT_LOG m
287 set_kernel_config CONFIG_NFT_MASQ m
288 set_kernel_config CONFIG_NFT_MASQ_IPV4 m
289 set_kernel_config CONFIG_NFT_MASQ_IPV6 m
290 set_kernel_config CONFIG_NFT_META m
291 set_kernel_config CONFIG_NFT_NAT m
292 set_kernel_config CONFIG_NFT_NUMGEN m
293 set_kernel_config CONFIG_NFT_QUEUE m
294 set_kernel_config CONFIG_NFT_QUOTA m
295 set_kernel_config CONFIG_NFT_REDIR m
296 set_kernel_config CONFIG_NFT_REDIR_IPV4 m
297 set_kernel_config CONFIG_NFT_REDIR_IPV6 m
298 set_kernel_config CONFIG_NFT_REJECT m
299 set_kernel_config CONFIG_NFT_REJECT_INET m
300 set_kernel_config CONFIG_NFT_REJECT_IPV4 m
301 set_kernel_config CONFIG_NFT_REJECT_IPV6 m
302 set_kernel_config CONFIG_NFT_SET_HASH m
303 set_kernel_config CONFIG_NFT_SET_RBTREE m
304 set_kernel_config CONFIG_NF_CONNTRACK_IPV4 m
305 set_kernel_config CONFIG_NF_CONNTRACK_IPV6 m
306 set_kernel_config CONFIG_NF_DEFRAG_IPV4 m
307 set_kernel_config CONFIG_NF_DEFRAG_IPV6 m
308 set_kernel_config CONFIG_NF_DUP_IPV4 m
309 set_kernel_config CONFIG_NF_DUP_IPV6 m
310 set_kernel_config CONFIG_NF_DUP_NETDEV m
311 set_kernel_config CONFIG_NF_LOG_BRIDGE m
312 set_kernel_config CONFIG_NF_LOG_IPV4 m
313 set_kernel_config CONFIG_NF_LOG_IPV6 m
314 set_kernel_config CONFIG_NF_NAT_IPV4 m
315 set_kernel_config CONFIG_NF_NAT_IPV6 m
316 set_kernel_config CONFIG_NF_NAT_MASQUERADE_IPV4 m
317 set_kernel_config CONFIG_NF_NAT_MASQUERADE_IPV6 m
318 set_kernel_config CONFIG_NF_NAT_PPTP m
319 set_kernel_config CONFIG_NF_NAT_PROTO_GRE m
320 set_kernel_config CONFIG_NF_NAT_REDIRECT m
321 set_kernel_config CONFIG_NF_NAT_SIP m
322 set_kernel_config CONFIG_NF_NAT_SNMP_BASIC m
323 set_kernel_config CONFIG_NF_NAT_TFTP m
324 set_kernel_config CONFIG_NF_REJECT_IPV4 m
325 set_kernel_config CONFIG_NF_REJECT_IPV6 m
326 set_kernel_config CONFIG_NF_TABLES m
327 set_kernel_config CONFIG_NF_TABLES_ARP m
328 set_kernel_config CONFIG_NF_TABLES_BRIDGE m
329 set_kernel_config CONFIG_NF_TABLES_INET m
330 set_kernel_config CONFIG_NF_TABLES_IPV4 m
331 set_kernel_config CONFIG_NF_TABLES_IPV6 m
332 set_kernel_config CONFIG_NF_TABLES_NETDEV m
333 fi
334
335 # Enables BPF syscall for systemd-journald see https://github.com/torvalds/linux/blob/master/init/Kconfig#L848 or https://groups.google.com/forum/#!topic/linux.gentoo.user/_2aSc_ztGpA
336 if [ "$KERNEL_BPF" = true ] ; then
337 set_kernel_config CONFIG_BPF_SYSCALL y
338 set_kernel_config CONFIG_BPF_EVENTS y
339 set_kernel_config CONFIG_BPF_STREAM_PARSER y
340 set_kernel_config CONFIG_CGROUP_BPF y
341 fi
342
343 # KERNEL_DEFAULT_GOV was set by user
344 if [ "$KERNEL_DEFAULT_GOV" != powersave ] && [ -n "$KERNEL_DEFAULT_GOV" ] ; then
345
346 case "$KERNEL_DEFAULT_GOV" in
347 performance)
348 set_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_PERFORMANCE y
349 ;;
350 userspace)
351 set_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_USERSPACE y
352 ;;
353 ondemand)
354 set_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_ONDEMAND y
355 ;;
356 conservative)
357 set_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_CONSERVATIVE y
358 ;;
359 shedutil)
360 set_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_SCHEDUTIL y
361 ;;
362 *)
363 echo "error: unsupported default cpu governor"
364 exit 1
365 ;;
366 esac
367
368 # unset previous default governor
369 unset_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_POWERSAVE
370 fi
371
372 #Revert to previous directory
373 cd "${WORKDIR}" || exit
374
90 # Set kernel configuration parameters to enable qemu emulation
375 # Set kernel configuration parameters to enable qemu emulation
91 if [ "$ENABLE_QEMU" = true ] ; then
376 if [ "$ENABLE_QEMU" = true ] ; then
92 echo "CONFIG_FHANDLE=y" >> "${KERNEL_DIR}"/.config
377 echo "CONFIG_FHANDLE=y" >> "${KERNEL_DIR}"/.config
93 echo "CONFIG_LBDAF=y" >> "${KERNEL_DIR}"/.config
378 echo "CONFIG_LBDAF=y" >> "${KERNEL_DIR}"/.config
94
379
95 if [ "$ENABLE_CRYPTFS" = true ] ; then
380 if [ "$ENABLE_CRYPTFS" = true ] ; then
96 {
381 {
97 echo "CONFIG_EMBEDDED=y"
382 echo "CONFIG_EMBEDDED=y"
98 echo "CONFIG_EXPERT=y"
383 echo "CONFIG_EXPERT=y"
99 echo "CONFIG_DAX=y"
384 echo "CONFIG_DAX=y"
100 echo "CONFIG_MD=y"
385 echo "CONFIG_MD=y"
101 echo "CONFIG_BLK_DEV_MD=y"
386 echo "CONFIG_BLK_DEV_MD=y"
102 echo "CONFIG_MD_AUTODETECT=y"
387 echo "CONFIG_MD_AUTODETECT=y"
103 echo "CONFIG_BLK_DEV_DM=y"
388 echo "CONFIG_BLK_DEV_DM=y"
104 echo "CONFIG_BLK_DEV_DM_BUILTIN=y"
389 echo "CONFIG_BLK_DEV_DM_BUILTIN=y"
105 echo "CONFIG_DM_CRYPT=y"
390 echo "CONFIG_DM_CRYPT=y"
106 echo "CONFIG_CRYPTO_BLKCIPHER=y"
391 echo "CONFIG_CRYPTO_BLKCIPHER=y"
107 echo "CONFIG_CRYPTO_CBC=y"
392 echo "CONFIG_CRYPTO_CBC=y"
108 echo "CONFIG_CRYPTO_XTS=y"
393 echo "CONFIG_CRYPTO_XTS=y"
109 echo "CONFIG_CRYPTO_SHA512=y"
394 echo "CONFIG_CRYPTO_SHA512=y"
110 echo "CONFIG_CRYPTO_MANAGER=y"
395 echo "CONFIG_CRYPTO_MANAGER=y"
111 } >> "${KERNEL_DIR}"/.config
396 } >> "${KERNEL_DIR}"/.config
112 fi
397 fi
113 fi
398 fi
114
399
115 # Copy custom kernel configuration file
400 # Copy custom kernel configuration file
116 if [ -n "$KERNELSRC_USRCONFIG" ] ; then
401 if [ -n "$KERNELSRC_USRCONFIG" ] ; then
117 cp "$KERNELSRC_USRCONFIG" "${KERNEL_DIR}"/.config
402 cp "$KERNELSRC_USRCONFIG" "${KERNEL_DIR}"/.config
118 fi
403 fi
119
404
120 # Set kernel configuration parameters to their default values
405 # Set kernel configuration parameters to their default values
121 if [ "$KERNEL_OLDDEFCONFIG" = true ] ; then
406 if [ "$KERNEL_OLDDEFCONFIG" = true ] ; then
122 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" olddefconfig
407 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" olddefconfig
123 fi
408 fi
124
409
125 # Start menu-driven kernel configuration (interactive)
410 # Start menu-driven kernel configuration (interactive)
126 if [ "$KERNEL_MENUCONFIG" = true ] ; then
411 if [ "$KERNEL_MENUCONFIG" = true ] ; then
127 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" menuconfig
412 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" menuconfig
128 fi
413 fi
414 # end if "$KERNELSRC_CONFIG" = true
129 fi
415 fi
130
416
131 # Use ccache to cross compile the kernel
417 # Use ccache to cross compile the kernel
132 if [ "$KERNEL_CCACHE" = true ] ; then
418 if [ "$KERNEL_CCACHE" = true ] ; then
133 cc="ccache ${CROSS_COMPILE}gcc"
419 cc="ccache ${CROSS_COMPILE}gcc"
134 else
420 else
135 cc="${CROSS_COMPILE}gcc"
421 cc="${CROSS_COMPILE}gcc"
136 fi
422 fi
137
423
138 # Cross compile kernel and dtbs
424 # Cross compile kernel and dtbs
139 make -C "${KERNEL_DIR}" -j"${KERNEL_THREADS}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" CC="${cc}" "${KERNEL_BIN_IMAGE}" dtbs
425 make -C "${KERNEL_DIR}" -j"${KERNEL_THREADS}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" CC="${cc}" "${KERNEL_BIN_IMAGE}" dtbs
140
426
141 # Cross compile kernel modules
427 # Cross compile kernel modules
142 if grep -q "CONFIG_MODULES=y" "${KERNEL_DIR}/.config" ; then
428 if grep -q "CONFIG_MODULES=y" "${KERNEL_DIR}/.config" ; then
143 make -C "${KERNEL_DIR}" -j"${KERNEL_THREADS}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" CC="${cc}" modules
429 make -C "${KERNEL_DIR}" -j"${KERNEL_THREADS}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" CC="${cc}" modules
144 fi
430 fi
431 # end if "$KERNELSRC_PREBUILT" = false
145 fi
432 fi
146
433
147 # Check if kernel compilation was successful
434 # Check if kernel compilation was successful
148 if [ ! -r "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/${KERNEL_BIN_IMAGE}" ] ; then
435 if [ ! -r "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/${KERNEL_BIN_IMAGE}" ] ; then
149 echo "error: kernel compilation failed! (kernel image not found)"
436 echo "error: kernel compilation failed! (kernel image not found)"
150 cleanup
437 cleanup
151 exit 1
438 exit 1
152 fi
439 fi
153
440
154 # Install kernel modules
441 # Install kernel modules
155 if [ "$ENABLE_REDUCE" = true ] ; then
442 if [ "$ENABLE_REDUCE" = true ] ; then
156 if grep -q "CONFIG_MODULES=y" "${KERNEL_DIR}/.config" ; then
443 if grep -q "CONFIG_MODULES=y" "${KERNEL_DIR}/.config" ; then
157 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_MOD_STRIP=1 INSTALL_MOD_PATH=../../.. modules_install
444 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_MOD_STRIP=1 INSTALL_MOD_PATH=../../.. modules_install
158 fi
445 fi
159 else
446 else
160 if grep -q "CONFIG_MODULES=y" "${KERNEL_DIR}/.config" ; then
447 if grep -q "CONFIG_MODULES=y" "${KERNEL_DIR}/.config" ; then
161 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_MOD_PATH=../../.. modules_install
448 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_MOD_PATH=../../.. modules_install
162 fi
449 fi
163
450
164 # Install kernel firmware
451 # Install kernel firmware
165 if grep -q "^firmware_install:" "${KERNEL_DIR}/Makefile" ; then
452 if grep -q "^firmware_install:" "${KERNEL_DIR}/Makefile" ; then
166 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_FW_PATH=../../../lib firmware_install
453 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_FW_PATH=../../../lib firmware_install
167 fi
454 fi
168 fi
455 fi
169
456
170 # Install kernel headers
457 # Install kernel headers
171 if [ "$KERNEL_HEADERS" = true ] && [ "$KERNEL_REDUCE" = false ] ; then
458 if [ "$KERNEL_HEADERS" = true ] && [ "$KERNEL_REDUCE" = false ] ; then
172 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_HDR_PATH=../.. headers_install
459 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_HDR_PATH=../.. headers_install
173 fi
460 fi
174
461
175 # Prepare boot (firmware) directory
462 # Prepare boot (firmware) directory
176 mkdir "${BOOT_DIR}"
463 mkdir "${BOOT_DIR}"
177
464
178 # Get kernel release version
465 # Get kernel release version
179 KERNEL_VERSION=$(cat "${KERNEL_DIR}/include/config/kernel.release")
466 KERNEL_VERSION=$(cat "${KERNEL_DIR}/include/config/kernel.release")
180
467
181 # Copy kernel configuration file to the boot directory
468 # Copy kernel configuration file to the boot directory
182 install_readonly "${KERNEL_DIR}/.config" "${R}/boot/config-${KERNEL_VERSION}"
469 install_readonly "${KERNEL_DIR}/.config" "${R}/boot/config-${KERNEL_VERSION}"
183
470
184 # Prepare device tree directory
471 # Prepare device tree directory
185 mkdir "${BOOT_DIR}/overlays"
472 mkdir "${BOOT_DIR}/overlays"
186
473
187 # Ensure the proper .dtb is located
474 # Ensure the proper .dtb is located
188 if [ "$KERNEL_ARCH" = "arm" ] ; then
475 if [ "$KERNEL_ARCH" = "arm" ] ; then
189 for dtb in "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/"*.dtb ; do
476 for dtb in "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/"*.dtb ; do
190 if [ -f "${dtb}" ] ; then
477 if [ -f "${dtb}" ] ; then
191 install_readonly "${dtb}" "${BOOT_DIR}/"
478 install_readonly "${dtb}" "${BOOT_DIR}/"
192 fi
479 fi
193 done
480 done
194 else
481 else
195 for dtb in "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/broadcom/"*.dtb ; do
482 for dtb in "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/broadcom/"*.dtb ; do
196 if [ -f "${dtb}" ] ; then
483 if [ -f "${dtb}" ] ; then
197 install_readonly "${dtb}" "${BOOT_DIR}/"
484 install_readonly "${dtb}" "${BOOT_DIR}/"
198 fi
485 fi
199 done
486 done
200 fi
487 fi
201
488
202 # Copy compiled dtb device tree files
489 # Copy compiled dtb device tree files
203 if [ -d "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays" ] ; then
490 if [ -d "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays" ] ; then
204 for dtb in "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays/"*.dtb ; do
491 for dtb in "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays/"*.dtb ; do
205 if [ -f "${dtb}" ] ; then
492 if [ -f "${dtb}" ] ; then
206 install_readonly "${dtb}" "${BOOT_DIR}/overlays/"
493 install_readonly "${dtb}" "${BOOT_DIR}/overlays/"
207 fi
494 fi
208 done
495 done
209
496
210 if [ -f "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays/README" ] ; then
497 if [ -f "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays/README" ] ; then
211 install_readonly "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays/README" "${BOOT_DIR}/overlays/README"
498 install_readonly "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays/README" "${BOOT_DIR}/overlays/README"
212 fi
499 fi
213 fi
500 fi
214
501
215 if [ "$ENABLE_UBOOT" = false ] ; then
502 if [ "$ENABLE_UBOOT" = false ] ; then
216 # Convert and copy kernel image to the boot directory
503 # Convert and copy kernel image to the boot directory
217 "${KERNEL_DIR}/scripts/mkknlimg" "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/${KERNEL_BIN_IMAGE}" "${BOOT_DIR}/${KERNEL_IMAGE}"
504 "${KERNEL_DIR}/scripts/mkknlimg" "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/${KERNEL_BIN_IMAGE}" "${BOOT_DIR}/${KERNEL_IMAGE}"
218 else
505 else
219 # Copy kernel image to the boot directory
506 # Copy kernel image to the boot directory
220 install_readonly "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/${KERNEL_BIN_IMAGE}" "${BOOT_DIR}/${KERNEL_IMAGE}"
507 install_readonly "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/${KERNEL_BIN_IMAGE}" "${BOOT_DIR}/${KERNEL_IMAGE}"
221 fi
508 fi
222
509
223 # Remove kernel sources
510 # Remove kernel sources
224 if [ "$KERNEL_REMOVESRC" = true ] ; then
511 if [ "$KERNEL_REMOVESRC" = true ] ; then
225 rm -fr "${KERNEL_DIR}"
512 rm -fr "${KERNEL_DIR}"
226 else
513 else
227 # Prepare compiled kernel modules
514 # Prepare compiled kernel modules
228 if grep -q "CONFIG_MODULES=y" "${KERNEL_DIR}/.config" ; then
515 if grep -q "CONFIG_MODULES=y" "${KERNEL_DIR}/.config" ; then
229 if grep -q "^modules_prepare:" "${KERNEL_DIR}/Makefile" ; then
516 if grep -q "^modules_prepare:" "${KERNEL_DIR}/Makefile" ; then
230 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" modules_prepare
517 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" modules_prepare
231 fi
518 fi
232
519
233 # Create symlinks for kernel modules
520 # Create symlinks for kernel modules
234 chroot_exec ln -sf /usr/src/linux "/lib/modules/${KERNEL_VERSION}/build"
521 chroot_exec ln -sf /usr/src/linux "/lib/modules/${KERNEL_VERSION}/build"
235 chroot_exec ln -sf /usr/src/linux "/lib/modules/${KERNEL_VERSION}/source"
522 chroot_exec ln -sf /usr/src/linux "/lib/modules/${KERNEL_VERSION}/source"
236 fi
523 fi
237 fi
524 fi
238
525
239 else # BUILD_KERNEL=false
526 else # BUILD_KERNEL=false
240 # Kernel installation
527 if [ "$SET_ARCH" = 64 ] && { [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; } ; then
241 chroot_exec apt-get -qq -y --no-install-recommends install linux-image-"${COLLABORA_KERNEL}" raspberrypi-bootloader-nokernel
528
529 # Use Sakakis modified kernel if ZSWAP is active
530 if [ "$KERNEL_ZSWAP" = true ] || [ "$KERNEL_VIRT" = true ] || [ "$KERNEL_NF" = true ] || [ "$KERNEL_BPF" = true ] ; then
531 RPI3_64_KERNEL_URL="${RPI3_64_BIS_KERNEL_URL}"
532 fi
533
534 # Create temporary directory for dl
535 temp_dir=$(as_nobody mktemp -d)
536
537 # Fetch kernel dl
538 as_nobody wget -O "${temp_dir}"/kernel.tar.xz -c "$RPI3_64_KERNEL_URL"
539
540 #extract download
541 tar -xJf "${temp_dir}"/kernel.tar.xz -C "${temp_dir}"
542
543 #move extracted kernel to /boot/firmware
544 mkdir "${R}/boot/firmware"
545 cp "${temp_dir}"/boot/* "${R}"/boot/firmware/
546 cp -r "${temp_dir}"/lib/* "${R}"/lib/
547
548 # Remove temporary directory for kernel sources
549 rm -fr "${temp_dir}"
550
551 # Set permissions of the kernel sources
552 chown -R root:root "${R}/boot/firmware"
553 chown -R root:root "${R}/lib/modules"
554 fi
555
556 # Install Kernel from hypriot comptabile with all Raspberry PI
557 if [ "$SET_ARCH" = 32 ] ; then
558 # Create temporary directory for dl
559 temp_dir=$(as_nobody mktemp -d)
560
561 # Fetch kernel
562 as_nobody wget -O "${temp_dir}"/kernel.deb -c "$RPI_32_KERNEL_URL"
242
563
243 # Install flash-kernel last so it doesn't try (and fail) to detect the platform in the chroot
564 # Copy downloaded U-Boot sources
244 chroot_exec apt-get -qq -y install flash-kernel
565 mv "${temp_dir}"/kernel.deb "${R}"/tmp/kernel.deb
566
567 # Set permissions
568 chown -R root:root "${R}"/tmp/kernel.deb
569
570 # Install kernel
571 chroot_exec dpkg -i /tmp/kernel.deb
572
573 # move /boot to /boot/firmware to fit script env.
574 #mkdir "${BOOT_DIR}"
575 mkdir "${temp_dir}"/firmware
576 mv "${R}"/boot/* "${temp_dir}"/firmware/
577 mv "${temp_dir}"/firmware "${R}"/boot/
578
579 #same for kernel headers
580 if [ "$KERNEL_HEADERS" = true ] ; then
581 # Fetch kernel header
582 as_nobody wget -O "${temp_dir}"/kernel-header.deb -c "$RPI_32_KERNELHEADER_URL"
583 mv "${temp_dir}"/kernel-header.deb "${R}"/tmp/kernel-header.deb
584 chown -R root:root "${R}"/tmp/kernel-header.deb
585 # Install kernel header
586 chroot_exec dpkg -i /tmp/kernel-header.deb
587 rm -f "${R}"/tmp/kernel-header.deb
588 fi
589
590 # Remove temporary directory and files
591 rm -fr "${temp_dir}"
592 rm -f "${R}"/tmp/kernel.deb
593 fi
245
594
246 # Check if kernel installation was successful
595 # Check if kernel installation was successful
247 VMLINUZ="$(ls -1 "${R}"/boot/vmlinuz-* | sort | tail -n 1)"
596 KERNEL="$(ls -1 "${R}"/boot/firmware/kernel* | sort | tail -n 1)"
248 if [ -z "$VMLINUZ" ] ; then
597 if [ -z "$KERNEL" ] ; then
249 echo "error: kernel installation failed! (/boot/vmlinuz-* not found)"
598 echo "error: kernel installation failed! (/boot/kernel* not found)"
250 cleanup
599 cleanup
251 exit 1
600 exit 1
252 fi
601 fi
253 # Copy vmlinuz kernel to the boot directory
254 install_readonly "${VMLINUZ}" "${BOOT_DIR}/${KERNEL_IMAGE}"
255 fi
602 fi
@@ -1,94 +1,99
1 #
1 #
2 # Setup fstab and initramfs
2 # Setup fstab and initramfs
3 #
3 #
4
4
5 # Load utility functions
5 # Load utility functions
6 . ./functions.sh
6 . ./functions.sh
7
7
8 # Install and setup fstab
8 # Install and setup fstab
9 install_readonly files/mount/fstab "${ETC_DIR}/fstab"
9 install_readonly files/mount/fstab "${ETC_DIR}/fstab"
10
10
11 if [ "$ENABLE_UBOOTUSB" = true ] ; then
12 sed -i "s/mmcblk0p1/sda1/" "${ETC_DIR}/fstab"
13 sed -i "s/mmcblk0p2/sda2/" "${ETC_DIR}/fstab"
14 fi
15
11 # Add usb/sda disk root partition to fstab
16 # Add usb/sda disk root partition to fstab
12 if [ "$ENABLE_SPLITFS" = true ] && [ "$ENABLE_CRYPTFS" = false ] ; then
17 if [ "$ENABLE_SPLITFS" = true ] && [ "$ENABLE_CRYPTFS" = false ] ; then
13 sed -i "s/mmcblk0p2/sda1/" "${ETC_DIR}/fstab"
18 sed -i "s/mmcblk0p2/sda1/" "${ETC_DIR}/fstab"
14 fi
19 fi
15
20
16 # Add encrypted root partition to fstab and crypttab
21 # Add encrypted root partition to fstab and crypttab
17 if [ "$ENABLE_CRYPTFS" = true ] ; then
22 if [ "$ENABLE_CRYPTFS" = true ] ; then
18 # Replace fstab root partition with encrypted partition mapping
23 # Replace fstab root partition with encrypted partition mapping
19 sed -i "s/mmcblk0p2/mapper\/${CRYPTFS_MAPPING}/" "${ETC_DIR}/fstab"
24 sed -i "s/mmcblk0p2/mapper\/${CRYPTFS_MAPPING}/" "${ETC_DIR}/fstab"
20
25
21 # Add encrypted partition to crypttab and fstab
26 # Add encrypted partition to crypttab and fstab
22 install_readonly files/mount/crypttab "${ETC_DIR}/crypttab"
27 install_readonly files/mount/crypttab "${ETC_DIR}/crypttab"
23 echo "${CRYPTFS_MAPPING} /dev/mmcblk0p2 none luks,initramfs" >> "${ETC_DIR}/crypttab"
28 echo "${CRYPTFS_MAPPING} /dev/mmcblk0p2 none luks,initramfs" >> "${ETC_DIR}/crypttab"
24
29
25 if [ "$ENABLE_SPLITFS" = true ] ; then
30 if [ "$ENABLE_SPLITFS" = true ] ; then
26 # Add usb/sda disk to crypttab
31 # Add usb/sda disk to crypttab
27 sed -i "s/mmcblk0p2/sda1/" "${ETC_DIR}/crypttab"
32 sed -i "s/mmcblk0p2/sda1/" "${ETC_DIR}/crypttab"
28 fi
33 fi
29 fi
34 fi
30
35
31 # Generate initramfs file
36 # Generate initramfs file
32 if [ "$ENABLE_INITRAMFS" = true ] ; then
37 if [ "$ENABLE_INITRAMFS" = true ] ; then
33 if [ "$ENABLE_CRYPTFS" = true ] ; then
38 if [ "$ENABLE_CRYPTFS" = true ] ; then
34 # Include initramfs scripts to auto expand encrypted root partition
39 # Include initramfs scripts to auto expand encrypted root partition
35 if [ "$EXPANDROOT" = true ] ; then
40 if [ "$EXPANDROOT" = true ] ; then
36 install_exec files/initramfs/expand_encrypted_rootfs "${ETC_DIR}/initramfs-tools/scripts/init-premount/expand_encrypted_rootfs"
41 install_exec files/initramfs/expand_encrypted_rootfs "${ETC_DIR}/initramfs-tools/scripts/init-premount/expand_encrypted_rootfs"
37 install_exec files/initramfs/expand-premount "${ETC_DIR}/initramfs-tools/scripts/local-premount/expand-premount"
42 install_exec files/initramfs/expand-premount "${ETC_DIR}/initramfs-tools/scripts/local-premount/expand-premount"
38 install_exec files/initramfs/expand-tools "${ETC_DIR}/initramfs-tools/hooks/expand-tools"
43 install_exec files/initramfs/expand-tools "${ETC_DIR}/initramfs-tools/hooks/expand-tools"
39 fi
44 fi
40
45
41 if [ "$CRYPTFS_DROPBEAR" = true ]; then
46 if [ "$CRYPTFS_DROPBEAR" = true ]; then
42 if [ -n "$CRYPTFS_DROPBEAR_PUBKEY" ] && [ -f "$CRYPTFS_DROPBEAR_PUBKEY" ] ; then
47 if [ -n "$CRYPTFS_DROPBEAR_PUBKEY" ] && [ -f "$CRYPTFS_DROPBEAR_PUBKEY" ] ; then
43 install_readonly "${CRYPTFS_DROPBEAR_PUBKEY}" "${ETC_DIR}"/dropbear-initramfs/id_rsa.pub
48 install_readonly "${CRYPTFS_DROPBEAR_PUBKEY}" "${ETC_DIR}"/dropbear-initramfs/id_rsa.pub
44 cat "${ETC_DIR}"/dropbear-initramfs/id_rsa.pub >> "${ETC_DIR}"/dropbear-initramfs/authorized_keys
49 cat "${ETC_DIR}"/dropbear-initramfs/id_rsa.pub >> "${ETC_DIR}"/dropbear-initramfs/authorized_keys
45 else
50 else
46 # Create key
51 # Create key
47 chroot_exec /usr/bin/dropbearkey -t rsa -f /etc/dropbear-initramfs/id_rsa.dropbear
52 chroot_exec /usr/bin/dropbearkey -t rsa -f /etc/dropbear-initramfs/id_rsa.dropbear
48
53
49 # Convert dropbear key to openssh key
54 # Convert dropbear key to openssh key
50 chroot_exec /usr/lib/dropbear/dropbearconvert dropbear openssh /etc/dropbear-initramfs/id_rsa.dropbear /etc/dropbear-initramfs/id_rsa
55 chroot_exec /usr/lib/dropbear/dropbearconvert dropbear openssh /etc/dropbear-initramfs/id_rsa.dropbear /etc/dropbear-initramfs/id_rsa
51
56
52 # Get Public Key Part
57 # Get Public Key Part
53 chroot_exec /usr/bin/dropbearkey -y -f /etc/dropbear-initramfs/id_rsa.dropbear | chroot_exec tee /etc/dropbear-initramfs/id_rsa.pub
58 chroot_exec /usr/bin/dropbearkey -y -f /etc/dropbear-initramfs/id_rsa.dropbear | chroot_exec tee /etc/dropbear-initramfs/id_rsa.pub
54
59
55 # Delete unwanted lines
60 # Delete unwanted lines
56 sed -i '/Public/d' "${ETC_DIR}"/dropbear-initramfs/id_rsa.pub
61 sed -i '/Public/d' "${ETC_DIR}"/dropbear-initramfs/id_rsa.pub
57 sed -i '/Fingerprint/d' "${ETC_DIR}"/dropbear-initramfs/id_rsa.pub
62 sed -i '/Fingerprint/d' "${ETC_DIR}"/dropbear-initramfs/id_rsa.pub
58
63
59 # Trust the new key
64 # Trust the new key
60 cat "${ETC_DIR}"/dropbear-initramfs/id_rsa.pub > "${ETC_DIR}"/dropbear-initramfs/authorized_keys
65 cat "${ETC_DIR}"/dropbear-initramfs/id_rsa.pub > "${ETC_DIR}"/dropbear-initramfs/authorized_keys
61
66
62 # Save Keys - convert with putty from rsa/openssh to puttkey
67 # Save Keys - convert with putty from rsa/openssh to puttkey
63 cp -f "${ETC_DIR}"/dropbear-initramfs/id_rsa "${BASEDIR}"/dropbear_initramfs_key.rsa
68 cp -f "${ETC_DIR}"/dropbear-initramfs/id_rsa "${BASEDIR}"/dropbear_initramfs_key.rsa
64
69
65 # Get unlock script
70 # Get unlock script
66 install_exec files/initramfs/crypt_unlock.sh "${ETC_DIR}"/initramfs-tools/hooks/crypt_unlock.sh
71 install_exec files/initramfs/crypt_unlock.sh "${ETC_DIR}"/initramfs-tools/hooks/crypt_unlock.sh
67
72
68 # Enable Dropbear inside initramfs
73 # Enable Dropbear inside initramfs
69 printf "#\n# DROPBEAR: [ y | n ]\n#\n\nDROPBEAR=y\n" >> "${ETC_DIR}/initramfs-tools/initramfs.conf"
74 printf "#\n# DROPBEAR: [ y | n ]\n#\n\nDROPBEAR=y\n" >> "${ETC_DIR}/initramfs-tools/initramfs.conf"
70
75
71 # Enable Dropbear inside initramfs
76 # Enable Dropbear inside initramfs
72 sed -i "54 i sleep 5" "${R}"/usr/share/initramfs-tools/scripts/init-premount/dropbear
77 sed -i "54 i sleep 5" "${R}"/usr/share/initramfs-tools/scripts/init-premount/dropbear
73 fi
78 fi
74 else
79 else
75 # Disable SSHD inside initramfs
80 # Disable SSHD inside initramfs
76 printf "#\n# DROPBEAR: [ y | n ]\n#\n\nDROPBEAR=n\n" >> "${ETC_DIR}/initramfs-tools/initramfs.conf"
81 printf "#\n# DROPBEAR: [ y | n ]\n#\n\nDROPBEAR=n\n" >> "${ETC_DIR}/initramfs-tools/initramfs.conf"
77 fi
82 fi
78
83
79 # Add cryptsetup modules to initramfs
84 # Add cryptsetup modules to initramfs
80 printf "#\n# CRYPTSETUP: [ y | n ]\n#\n\nCRYPTSETUP=y\n" >> "${ETC_DIR}/initramfs-tools/conf-hook"
85 printf "#\n# CRYPTSETUP: [ y | n ]\n#\n\nCRYPTSETUP=y\n" >> "${ETC_DIR}/initramfs-tools/conf-hook"
81
86
82 # Dummy mapping required by mkinitramfs
87 # Dummy mapping required by mkinitramfs
83 echo "0 1 crypt $(echo "${CRYPTFS_CIPHER}" | cut -d ':' -f 1) ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff 0 7:0 4096" | chroot_exec dmsetup create "${CRYPTFS_MAPPING}"
88 echo "0 1 crypt $(echo "${CRYPTFS_CIPHER}" | cut -d ':' -f 1) ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff 0 7:0 4096" | chroot_exec dmsetup create "${CRYPTFS_MAPPING}"
84
89
85 # Generate initramfs with encrypted root partition support
90 # Generate initramfs with encrypted root partition support
86 chroot_exec mkinitramfs -o "/boot/firmware/initramfs-${KERNEL_VERSION}" "${KERNEL_VERSION}"
91 chroot_exec mkinitramfs -o "/boot/firmware/initramfs-${KERNEL_VERSION}" "${KERNEL_VERSION}"
87
92
88 # Remove dummy mapping
93 # Remove dummy mapping
89 chroot_exec cryptsetup close "${CRYPTFS_MAPPING}"
94 chroot_exec cryptsetup close "${CRYPTFS_MAPPING}"
90 else
95 else
91 # Generate initramfs without encrypted root partition support
96 # Generate initramfs without encrypted root partition support
92 chroot_exec mkinitramfs -o "/boot/firmware/initramfs-${KERNEL_VERSION}" "${KERNEL_VERSION}"
97 chroot_exec mkinitramfs -o "/boot/firmware/initramfs-${KERNEL_VERSION}" "${KERNEL_VERSION}"
93 fi
98 fi
94 fi
99 fi
@@ -1,223 +1,265
1 #
1 #
2 # Setup RPi2/3 config and cmdline
2 # Setup RPi2/3 config and cmdline
3 #
3 #
4
4
5 # Load utility functions
5 # Load utility functions
6 . ./functions.sh
6 . ./functions.sh
7
7
8 if [ "$BUILD_KERNEL" = true ] ; then
8 if [ -n "$RPI_FIRMWARE_DIR" ] && [ -d "$RPI_FIRMWARE_DIR" ] ; then
9 if [ -n "$RPI_FIRMWARE_DIR" ] && [ -d "$RPI_FIRMWARE_DIR" ] ; then
9 # Install boot binaries from local directory
10 # Install boot binaries from local directory
10 cp "${RPI_FIRMWARE_DIR}"/boot/bootcode.bin "${BOOT_DIR}"/bootcode.bin
11 cp "${RPI_FIRMWARE_DIR}"/boot/bootcode.bin "${BOOT_DIR}"/bootcode.bin
11 cp "${RPI_FIRMWARE_DIR}"/boot/fixup.dat "${BOOT_DIR}"/fixup.dat
12 cp "${RPI_FIRMWARE_DIR}"/boot/fixup.dat "${BOOT_DIR}"/fixup.dat
12 cp "${RPI_FIRMWARE_DIR}"/boot/fixup_cd.dat "${BOOT_DIR}"/fixup_cd.dat
13 cp "${RPI_FIRMWARE_DIR}"/boot/fixup_cd.dat "${BOOT_DIR}"/fixup_cd.dat
13 cp "${RPI_FIRMWARE_DIR}"/boot/fixup_x.dat "${BOOT_DIR}"/fixup_x.dat
14 cp "${RPI_FIRMWARE_DIR}"/boot/fixup_x.dat "${BOOT_DIR}"/fixup_x.dat
14 cp "${RPI_FIRMWARE_DIR}"/boot/start.elf "${BOOT_DIR}"/start.elf
15 cp "${RPI_FIRMWARE_DIR}"/boot/start.elf "${BOOT_DIR}"/start.elf
15 cp "${RPI_FIRMWARE_DIR}"/boot/start_cd.elf "${BOOT_DIR}"/start_cd.elf
16 cp "${RPI_FIRMWARE_DIR}"/boot/start_cd.elf "${BOOT_DIR}"/start_cd.elf
16 cp "${RPI_FIRMWARE_DIR}"/boot/start_x.elf "${BOOT_DIR}"/start_x.elf
17 cp "${RPI_FIRMWARE_DIR}"/boot/start_x.elf "${BOOT_DIR}"/start_x.elf
17 else
18 else
18 # Create temporary directory for boot binaries
19 # Create temporary directory for boot binaries
19 temp_dir=$(as_nobody mktemp -d)
20 temp_dir=$(as_nobody mktemp -d)
20
21
21 # Install latest boot binaries from raspberry/firmware github
22 # Install latest boot binaries from raspberry/firmware github
22 as_nobody wget -q -O "${temp_dir}/bootcode.bin" "${FIRMWARE_URL}/bootcode.bin"
23 as_nobody wget -q -O "${temp_dir}/bootcode.bin" "${FIRMWARE_URL}/bootcode.bin"
23 as_nobody wget -q -O "${temp_dir}/fixup.dat" "${FIRMWARE_URL}/fixup.dat"
24 as_nobody wget -q -O "${temp_dir}/fixup.dat" "${FIRMWARE_URL}/fixup.dat"
24 as_nobody wget -q -O "${temp_dir}/fixup_cd.dat" "${FIRMWARE_URL}/fixup_cd.dat"
25 as_nobody wget -q -O "${temp_dir}/fixup_cd.dat" "${FIRMWARE_URL}/fixup_cd.dat"
25 as_nobody wget -q -O "${temp_dir}/fixup_x.dat" "${FIRMWARE_URL}/fixup_x.dat"
26 as_nobody wget -q -O "${temp_dir}/fixup_x.dat" "${FIRMWARE_URL}/fixup_x.dat"
26 as_nobody wget -q -O "${temp_dir}/start.elf" "${FIRMWARE_URL}/start.elf"
27 as_nobody wget -q -O "${temp_dir}/start.elf" "${FIRMWARE_URL}/start.elf"
27 as_nobody wget -q -O "${temp_dir}/start_cd.elf" "${FIRMWARE_URL}/start_cd.elf"
28 as_nobody wget -q -O "${temp_dir}/start_cd.elf" "${FIRMWARE_URL}/start_cd.elf"
28 as_nobody wget -q -O "${temp_dir}/start_x.elf" "${FIRMWARE_URL}/start_x.elf"
29 as_nobody wget -q -O "${temp_dir}/start_x.elf" "${FIRMWARE_URL}/start_x.elf"
29
30
30 # Move downloaded boot binaries
31 # Move downloaded boot binaries
31 mv "${temp_dir}/"* "${BOOT_DIR}/"
32 mv "${temp_dir}/"* "${BOOT_DIR}/"
32
33
33 # Remove temporary directory for boot binaries
34 # Remove temporary directory for boot binaries
34 rm -fr "${temp_dir}"
35 rm -fr "${temp_dir}"
35
36
36 # Set permissions of the boot binaries
37 # Set permissions of the boot binaries
37 chown -R root:root "${BOOT_DIR}"
38 chown -R root:root "${BOOT_DIR}"
38 chmod -R 600 "${BOOT_DIR}"
39 chmod -R 600 "${BOOT_DIR}"
40 fi
41 fi
39 fi
42
40
43 # Setup firmware boot cmdline
41 # Setup firmware boot cmdline
44 if [ "$ENABLE_SPLITFS" = true ] ; then
42 if [ "$ENABLE_SPLITFS" = true ] ; then
45 CMDLINE="dwc_otg.lpm_enable=0 root=/dev/sda1 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline rootwait console=tty1 init=/bin/systemd"
43 CMDLINE="dwc_otg.lpm_enable=0 root=/dev/sda1 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline rootwait console=tty1 init=/bin/systemd"
46 else
44 else
47 CMDLINE="dwc_otg.lpm_enable=0 root=/dev/mmcblk0p2 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline rootwait console=tty1 init=/bin/systemd"
45 CMDLINE="dwc_otg.lpm_enable=0 root=/dev/mmcblk0p2 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline rootwait console=tty1 init=/bin/systemd"
48 fi
46 fi
49
47
50 # Add encrypted root partition to cmdline.txt
48 # Add encrypted root partition to cmdline.txt
51 if [ "$ENABLE_CRYPTFS" = true ] ; then
49 if [ "$ENABLE_CRYPTFS" = true ] ; then
52 if [ "$ENABLE_SPLITFS" = true ] ; then
50 if [ "$ENABLE_SPLITFS" = true ] ; then
53 CMDLINE=$(echo "${CMDLINE}" | sed "s/sda1/mapper\/${CRYPTFS_MAPPING} cryptdevice=\/dev\/sda1:${CRYPTFS_MAPPING}/")
51 CMDLINE=$(echo "${CMDLINE}" | sed "s/sda1/mapper\/${CRYPTFS_MAPPING} cryptdevice=\/dev\/sda1:${CRYPTFS_MAPPING}/")
54 else
52 else
55 CMDLINE=$(echo "${CMDLINE}" | sed "s/mmcblk0p2/mapper\/${CRYPTFS_MAPPING} cryptdevice=\/dev\/mmcblk0p2:${CRYPTFS_MAPPING}/")
53 CMDLINE=$(echo "${CMDLINE}" | sed "s/mmcblk0p2/mapper\/${CRYPTFS_MAPPING} cryptdevice=\/dev\/mmcblk0p2:${CRYPTFS_MAPPING}/")
56 fi
54 fi
57 fi
55 fi
58
56
59 # Enable Kernel messages on standard output
57 # Enable Kernel messages on standard output
60 if [ "$ENABLE_PRINTK" = true ] ; then
58 if [ "$ENABLE_PRINTK" = true ] ; then
61 install_readonly files/sysctl.d/83-rpi-printk.conf "${ETC_DIR}/sysctl.d/83-rpi-printk.conf"
59 install_readonly files/sysctl.d/83-rpi-printk.conf "${ETC_DIR}/sysctl.d/83-rpi-printk.conf"
62 fi
60 fi
63
61
64 # Install udev rule for serial alias - serial0 = console serial1=bluetooth
62 # Install udev rule for serial alias - serial0 = console serial1=bluetooth
65 install_readonly files/etc/99-com.rules "${LIB_DIR}/udev/rules.d/99-com.rules"
63 install_readonly files/etc/99-com.rules "${LIB_DIR}/udev/rules.d/99-com.rules"
66
64
67 # Remove IPv6 networking support
65 # Remove IPv6 networking support
68 if [ "$ENABLE_IPV6" = false ] ; then
66 if [ "$ENABLE_IPV6" = false ] ; then
69 CMDLINE="${CMDLINE} ipv6.disable=1"
67 CMDLINE="${CMDLINE} ipv6.disable=1"
70 fi
68 fi
71
69
72 # Automatically assign predictable network interface names
70 # Automatically assign predictable network interface names
73 if [ "$ENABLE_IFNAMES" = false ] ; then
71 if [ "$ENABLE_IFNAMES" = false ] ; then
74 CMDLINE="${CMDLINE} net.ifnames=0"
72 CMDLINE="${CMDLINE} net.ifnames=0"
75 else
73 else
76 CMDLINE="${CMDLINE} net.ifnames=1"
74 CMDLINE="${CMDLINE} net.ifnames=1"
77 fi
75 fi
78
76
79 # Install firmware config
77 # Install firmware config
80 install_readonly files/boot/config.txt "${BOOT_DIR}/config.txt"
78 install_readonly files/boot/config.txt "${BOOT_DIR}/config.txt"
81
79
82 # Locks CPU frequency at maximum
80 # Locks CPU frequency at maximum
83 if [ "$ENABLE_TURBO" = true ] ; then
81 if [ "$ENABLE_TURBO" = true ] ; then
84 echo "force_turbo=1" >> "${BOOT_DIR}/config.txt"
82 echo "force_turbo=1" >> "${BOOT_DIR}/config.txt"
85 # helps to avoid sdcard corruption when force_turbo is enabled.
83 # helps to avoid sdcard corruption when force_turbo is enabled.
86 echo "boot_delay=1" >> "${BOOT_DIR}/config.txt"
84 echo "boot_delay=1" >> "${BOOT_DIR}/config.txt"
87 fi
85 fi
88
86
89 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then
87 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then
90
88
91 # Bluetooth enabled
89 # Bluetooth enabled
92 if [ "$ENABLE_BLUETOOTH" = true ] ; then
90 if [ "$ENABLE_BLUETOOTH" = true ] ; then
93 # Create temporary directory for Bluetooth sources
91 # Create temporary directory for Bluetooth sources
94 temp_dir=$(as_nobody mktemp -d)
92 temp_dir=$(as_nobody mktemp -d)
95
93
96 # Fetch Bluetooth sources
94 # Fetch Bluetooth sources
97 as_nobody git -C "${temp_dir}" clone "${BLUETOOTH_URL}"
95 as_nobody git -C "${temp_dir}" clone "${BLUETOOTH_URL}"
98
96
99 # Copy downloaded sources
97 # Copy downloaded sources
100 mv "${temp_dir}/pi-bluetooth" "${R}/tmp/"
98 mv "${temp_dir}/pi-bluetooth" "${R}/tmp/"
101
99
102 # Bluetooth firmware from arch aur https://aur.archlinux.org/packages/pi-bluetooth/
100 # Bluetooth firmware from arch aur https://aur.archlinux.org/packages/pi-bluetooth/
103 as_nobody wget -q -O "${R}/tmp/pi-bluetooth/LICENCE.broadcom_bcm43xx" https://aur.archlinux.org/cgit/aur.git/plain/LICENCE.broadcom_bcm43xx?h=pi-bluetooth
101 as_nobody wget -q -O "${R}/tmp/pi-bluetooth/LICENCE.broadcom_bcm43xx" https://aur.archlinux.org/cgit/aur.git/plain/LICENCE.broadcom_bcm43xx?h=pi-bluetooth
104 as_nobody wget -q -O "${R}/tmp/pi-bluetooth/BCM43430A1.hcd" https://aur.archlinux.org/cgit/aur.git/plain/BCM43430A1.hcd?h=pi-bluetooth
102 as_nobody wget -q -O "${R}/tmp/pi-bluetooth/BCM43430A1.hcd" https://aur.archlinux.org/cgit/aur.git/plain/BCM43430A1.hcd?h=pi-bluetooth
105
103
106 # Set permissions
104 # Set permissions
107 chown -R root:root "${R}/tmp/pi-bluetooth"
105 chown -R root:root "${R}/tmp/pi-bluetooth"
108
106
109 # Install tools
107 # Install tools
110 install_readonly "${R}/tmp/pi-bluetooth/usr/bin/btuart" "${R}/usr/bin/btuart"
108 install_readonly "${R}/tmp/pi-bluetooth/usr/bin/btuart" "${R}/usr/bin/btuart"
111 install_readonly "${R}/tmp/pi-bluetooth/usr/bin/bthelper" "${R}/usr/bin/bthelper"
109 install_readonly "${R}/tmp/pi-bluetooth/usr/bin/bthelper" "${R}/usr/bin/bthelper"
112
110
113 # make scripts executable
111 # make scripts executable
114 chmod +x "${R}/usr/bin/bthelper"
112 chmod +x "${R}/usr/bin/bthelper"
115 chmod +x "${R}/usr/bin/btuart"
113 chmod +x "${R}/usr/bin/btuart"
116
114
117 # Install bluetooth udev rule
115 # Install bluetooth udev rule
118 install_readonly "${R}/tmp/pi-bluetooth/lib/udev/rules.d/90-pi-bluetooth.rules" "${LIB_DIR}/udev/rules.d/90-pi-bluetooth.rules"
116 install_readonly "${R}/tmp/pi-bluetooth/lib/udev/rules.d/90-pi-bluetooth.rules" "${LIB_DIR}/udev/rules.d/90-pi-bluetooth.rules"
119
117
120 # Install Firmware Flash file and apropiate licence
118 # Install Firmware Flash file and apropiate licence
121 mkdir -p "$BLUETOOTH_FIRMWARE_DIR"
119 mkdir -p "$BLUETOOTH_FIRMWARE_DIR"
122 install_readonly "${R}/tmp/pi-bluetooth/LICENCE.broadcom_bcm43xx" "${BLUETOOTH_FIRMWARE_DIR}/LICENCE.broadcom_bcm43xx"
120 install_readonly "${R}/tmp/pi-bluetooth/LICENCE.broadcom_bcm43xx" "${BLUETOOTH_FIRMWARE_DIR}/LICENCE.broadcom_bcm43xx"
123 install_readonly "${R}/tmp/pi-bluetooth/BCM43430A1.hcd" "${BLUETOOTH_FIRMWARE_DIR}/LICENCE.broadcom_bcm43xx"
121 install_readonly "${R}/tmp/pi-bluetooth/BCM43430A1.hcd" "${BLUETOOTH_FIRMWARE_DIR}/LICENCE.broadcom_bcm43xx"
124 install_readonly "${R}/tmp/pi-bluetooth/debian/pi-bluetooth.bthelper@.service" "${ETC_DIR}/systemd/system/pi-bluetooth.bthelper@.service"
122 install_readonly "${R}/tmp/pi-bluetooth/debian/pi-bluetooth.bthelper@.service" "${ETC_DIR}/systemd/system/pi-bluetooth.bthelper@.service"
125 install_readonly "${R}/tmp/pi-bluetooth/debian/pi-bluetooth.hciuart.service" "${ETC_DIR}/systemd/system/pi-bluetooth.hciuart.service"
123 install_readonly "${R}/tmp/pi-bluetooth/debian/pi-bluetooth.hciuart.service" "${ETC_DIR}/systemd/system/pi-bluetooth.hciuart.service"
126
124
127 # Remove temporary directories
125 # Remove temporary directories
128 rm -fr "${temp_dir}"
126 rm -fr "${temp_dir}"
129 rm -fr "${R}"/tmp/pi-bluetooth
127 rm -fr "${R}"/tmp/pi-bluetooth
130
128
131 # Switch Pi3 Bluetooth function to use the mini-UART (ttyS0) and restore UART0/ttyAMA0 over GPIOs 14 & 15. Slow Bluetooth and slow cpu. Use /dev/ttyS0 instead of /dev/ttyAMA0
129 # Switch Pi3 Bluetooth function to use the mini-UART (ttyS0) and restore UART0/ttyAMA0 over GPIOs 14 & 15. Slow Bluetooth and slow cpu. Use /dev/ttyS0 instead of /dev/ttyAMA0
132 if [ "$ENABLE_MINIUART_OVERLAY" = true ] ; then
130 if [ "$ENABLE_MINIUART_OVERLAY" = true ] ; then
133
131
134 # set overlay to swap ttyAMA0 and ttyS0
132 # set overlay to swap ttyAMA0 and ttyS0
135 echo "dtoverlay=pi3-miniuart-bt" >> "${BOOT_DIR}/config.txt"
133 echo "dtoverlay=pi3-miniuart-bt" >> "${BOOT_DIR}/config.txt"
136
134
137 # if force_turbo didn't lock cpu at high speed, lock it at low speed (XOR logic) or miniuart will be broken
135 # if force_turbo didn't lock cpu at high speed, lock it at low speed (XOR logic) or miniuart will be broken
138 if [ "$ENABLE_TURBO" = false ] ; then
136 if [ "$ENABLE_TURBO" = false ] ; then
139 echo "core_freq=250" >> "${BOOT_DIR}/config.txt"
137 echo "core_freq=250" >> "${BOOT_DIR}/config.txt"
140 fi
138 fi
141 fi
139 fi
142
140
143 # Activate services
141 # Activate services
144 chroot_exec systemctl enable pi-bluetooth.hciuart.service
142 chroot_exec systemctl enable pi-bluetooth.hciuart.service
145
143
146 else # if ENABLE_BLUETOOTH = false
144 else # if ENABLE_BLUETOOTH = false
147 # set overlay to disable bluetooth
145 # set overlay to disable bluetooth
148 echo "dtoverlay=pi3-disable-bt" >> "${BOOT_DIR}/config.txt"
146 echo "dtoverlay=pi3-disable-bt" >> "${BOOT_DIR}/config.txt"
149 fi # ENABLE_BLUETOOTH end
147 fi # ENABLE_BLUETOOTH end
150 fi
148 fi
151
149
152 # may need sudo systemctl disable hciuart
150 # may need sudo systemctl disable hciuart
153 if [ "$ENABLE_CONSOLE" = true ] ; then
151 if [ "$ENABLE_CONSOLE" = true ] ; then
154 echo "enable_uart=1" >> "${BOOT_DIR}/config.txt"
152 echo "enable_uart=1" >> "${BOOT_DIR}/config.txt"
155 # add string to cmdline
153 # add string to cmdline
156 CMDLINE="${CMDLINE} console=serial0,115200"
154 CMDLINE="${CMDLINE} console=serial0,115200"
157
155
158 # Enable serial console systemd style
156 # Enable serial console systemd style
159 chroot_exec systemctl enable serial-getty\@serial0.service
157 chroot_exec systemctl enable serial-getty\@serial0.service
160 else
158 else
161 echo "enable_uart=0" >> "${BOOT_DIR}/config.txt"
159 echo "enable_uart=0" >> "${BOOT_DIR}/config.txt"
160
161 # disable serial console systemd style
162 chroot_exec systemctl disable serial-getty\@"$SET_SERIAL".service
163 fi
164
165 if [ "$ENABLE_SYSTEMDSWAP" = true ] ; then
166 # Create temporary directory for systemd-swap sources
167 temp_dir=$(as_nobody mktemp -d)
168
169 # Fetch systemd-swap sources
170 as_nobody git -C "${temp_dir}" clone "${SYSTEMDSWAP_URL}"
171
172 # Copy downloaded systemd-swap sources
173 mv "${temp_dir}/systemd-swap" "${R}/tmp/"
174
175 # Set permissions of the systemd-swap sources
176 chown -R root:root "${R}/tmp/systemd-swap"
177
178 # Remove temporary directory for systemd-swap sources
179 rm -fr "${temp_dir}"
180
181 # Change into downloaded src dir
182 cd "${R}/tmp/systemd-swap" || exit
183
184 # Build package
185 . ./package.sh debian
186
187 # Install package
188 chroot_exec dpkg -i /tmp/systemd-swap/systemd-swap-*any.deb
189
190 # Enable service
191 chroot_exec systemctl enable systemd-swap
192
193 # Change back into script root dir
194 cd "${WORKDIR}" || exit
195 else
196 # Enable ZSWAP in cmdline if systemd-swap is not used
197 if [ "$KERNEL_ZSWAP" = true ] ; then
198 CMDLINE="${CMDLINE} zswap.enabled=1 zswap.max_pool_percent=25 zswap.compressor=lz4"
199 fi
200 fi
201
202 if [ "$KERNEL_SECURITY" = true ] ; then
203 CMDLINE="${CMDLINE} apparmor=1 security=apparmor"
162 fi
204 fi
163
205
164 # Install firmware boot cmdline
206 # Install firmware boot cmdline
165 echo "${CMDLINE}" > "${BOOT_DIR}/cmdline.txt"
207 echo "${CMDLINE}" > "${BOOT_DIR}/cmdline.txt"
166
208
167 # Setup minimal GPU memory allocation size: 16MB (no X)
209 # Setup minimal GPU memory allocation size: 16MB (no X)
168 if [ "$ENABLE_MINGPU" = true ] ; then
210 if [ "$ENABLE_MINGPU" = true ] ; then
169 echo "gpu_mem=16" >> "${BOOT_DIR}/config.txt"
211 echo "gpu_mem=16" >> "${BOOT_DIR}/config.txt"
170 fi
212 fi
171
213
172 # Setup boot with initramfs
214 # Setup boot with initramfs
173 if [ "$ENABLE_INITRAMFS" = true ] ; then
215 if [ "$ENABLE_INITRAMFS" = true ] ; then
174 echo "initramfs initramfs-${KERNEL_VERSION} followkernel" >> "${BOOT_DIR}/config.txt"
216 echo "initramfs initramfs-${KERNEL_VERSION} followkernel" >> "${BOOT_DIR}/config.txt"
175 fi
217 fi
176
218
177 # Create firmware configuration and cmdline symlinks
219 # Create firmware configuration and cmdline symlinks
178 ln -sf firmware/config.txt "${R}/boot/config.txt"
220 ln -sf firmware/config.txt "${R}/boot/config.txt"
179 ln -sf firmware/cmdline.txt "${R}/boot/cmdline.txt"
221 ln -sf firmware/cmdline.txt "${R}/boot/cmdline.txt"
180
222
181 # Install and setup kernel modules to load at boot
223 # Install and setup kernel modules to load at boot
182 mkdir -p "${LIB_DIR}/modules-load.d/"
224 mkdir -p "${LIB_DIR}/modules-load.d/"
183 install_readonly files/modules/rpi2.conf "${LIB_DIR}/modules-load.d/rpi2.conf"
225 install_readonly files/modules/rpi2.conf "${LIB_DIR}/modules-load.d/rpi2.conf"
184
226
185 # Load hardware random module at boot
227 # Load hardware random module at boot
186 if [ "$ENABLE_HWRANDOM" = true ] && [ "$BUILD_KERNEL" = false ] ; then
228 if [ "$ENABLE_HWRANDOM" = true ] && [ "$BUILD_KERNEL" = false ] ; then
187 sed -i "s/^# bcm2708_rng/bcm2708_rng/" "${LIB_DIR}/modules-load.d/rpi2.conf"
229 sed -i "s/^# bcm2708_rng/bcm2708_rng/" "${LIB_DIR}/modules-load.d/rpi2.conf"
188 fi
230 fi
189
231
190 # Load sound module at boot
232 # Load sound module at boot
191 if [ "$ENABLE_SOUND" = true ] ; then
233 if [ "$ENABLE_SOUND" = true ] ; then
192 sed -i "s/^# snd_bcm2835/snd_bcm2835/" "${LIB_DIR}/modules-load.d/rpi2.conf"
234 sed -i "s/^# snd_bcm2835/snd_bcm2835/" "${LIB_DIR}/modules-load.d/rpi2.conf"
193 else
235 else
194 echo "dtparam=audio=off" >> "${BOOT_DIR}/config.txt"
236 echo "dtparam=audio=off" >> "${BOOT_DIR}/config.txt"
195 fi
237 fi
196
238
197 # Enable I2C interface
239 # Enable I2C interface
198 if [ "$ENABLE_I2C" = true ] ; then
240 if [ "$ENABLE_I2C" = true ] ; then
199 echo "dtparam=i2c_arm=on" >> "${BOOT_DIR}/config.txt"
241 echo "dtparam=i2c_arm=on" >> "${BOOT_DIR}/config.txt"
200 sed -i "s/^# i2c-bcm2708/i2c-bcm2708/" "${LIB_DIR}/modules-load.d/rpi2.conf"
242 sed -i "s/^# i2c-bcm2708/i2c-bcm2708/" "${LIB_DIR}/modules-load.d/rpi2.conf"
201 sed -i "s/^# i2c-dev/i2c-dev/" "${LIB_DIR}/modules-load.d/rpi2.conf"
243 sed -i "s/^# i2c-dev/i2c-dev/" "${LIB_DIR}/modules-load.d/rpi2.conf"
202 fi
244 fi
203
245
204 # Enable SPI interface
246 # Enable SPI interface
205 if [ "$ENABLE_SPI" = true ] ; then
247 if [ "$ENABLE_SPI" = true ] ; then
206 echo "dtparam=spi=on" >> "${BOOT_DIR}/config.txt"
248 echo "dtparam=spi=on" >> "${BOOT_DIR}/config.txt"
207 echo "spi-bcm2708" >> "${LIB_DIR}/modules-load.d/rpi2.conf"
249 echo "spi-bcm2708" >> "${LIB_DIR}/modules-load.d/rpi2.conf"
208 if [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ]; then
250 if [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ]; then
209 sed -i "s/spi-bcm2708/spi-bcm2835/" "${LIB_DIR}/modules-load.d/rpi2.conf"
251 sed -i "s/spi-bcm2708/spi-bcm2835/" "${LIB_DIR}/modules-load.d/rpi2.conf"
210 fi
252 fi
211 fi
253 fi
212
254
213 # Disable RPi2/3 under-voltage warnings
255 # Disable RPi2/3 under-voltage warnings
214 if [ -n "$DISABLE_UNDERVOLT_WARNINGS" ] ; then
256 if [ -n "$DISABLE_UNDERVOLT_WARNINGS" ] ; then
215 echo "avoid_warnings=${DISABLE_UNDERVOLT_WARNINGS}" >> "${BOOT_DIR}/config.txt"
257 echo "avoid_warnings=${DISABLE_UNDERVOLT_WARNINGS}" >> "${BOOT_DIR}/config.txt"
216 fi
258 fi
217
259
218 # Install kernel modules blacklist
260 # Install kernel modules blacklist
219 mkdir -p "${ETC_DIR}/modprobe.d/"
261 mkdir -p "${ETC_DIR}/modprobe.d/"
220 install_readonly files/modules/raspi-blacklist.conf "${ETC_DIR}/modprobe.d/raspi-blacklist.conf"
262 install_readonly files/modules/raspi-blacklist.conf "${ETC_DIR}/modprobe.d/raspi-blacklist.conf"
221
263
222 # Install sysctl.d configuration files
264 # Install sysctl.d configuration files
223 install_readonly files/sysctl.d/81-rpi-vm.conf "${ETC_DIR}/sysctl.d/81-rpi-vm.conf"
265 install_readonly files/sysctl.d/81-rpi-vm.conf "${ETC_DIR}/sysctl.d/81-rpi-vm.conf"
@@ -1,51 +1,54
1 #
1 #
2 # Setup Firewall
2 # Setup Firewall
3 #
3 #
4
4
5 # Load utility functions
5 # Load utility functions
6 . ./functions.sh
6 . ./functions.sh
7
7
8 if [ "$ENABLE_IPTABLES" = true ] ; then
8 if [ "$ENABLE_IPTABLES" = true ] ; then
9 # Create iptables configuration directory
9 # Create iptables configuration directory
10 mkdir -p "${ETC_DIR}/iptables"
10 mkdir -p "${ETC_DIR}/iptables"
11
11
12 # make sure iptables-legacy is the used alternatives
12 if [ "$KERNEL_NF" = false ] ; then
13 #iptables-save and -restore are slaves of iptables and thus are set accordingly
13 #iptables-save and -restore are slaves of iptables and thus are set accordingly
14 chroot_exec update-alternatives --verbose --set iptables /usr/sbin/iptables-legacy
14 chroot_exec update-alternatives --verbose --set iptables /usr/sbin/iptables-legacy
15 fi
15
16
16 # Install iptables systemd service
17 # Install iptables systemd service
17 install_readonly files/iptables/iptables.service "${ETC_DIR}/systemd/system/iptables.service"
18 install_readonly files/iptables/iptables.service "${ETC_DIR}/systemd/system/iptables.service"
18
19
19 # Install flush-table script called by iptables service
20 # Install flush-table script called by iptables service
20 install_exec files/iptables/flush-iptables.sh "${ETC_DIR}/iptables/flush-iptables.sh"
21 install_exec files/iptables/flush-iptables.sh "${ETC_DIR}/iptables/flush-iptables.sh"
21
22
22 # Install iptables rule file
23 # Install iptables rule file
23 install_readonly files/iptables/iptables.rules "${ETC_DIR}/iptables/iptables.rules"
24 install_readonly files/iptables/iptables.rules "${ETC_DIR}/iptables/iptables.rules"
24
25
25 # Reload systemd configuration and enable iptables service
26 # Reload systemd configuration and enable iptables service
26 chroot_exec systemctl daemon-reload
27 chroot_exec systemctl daemon-reload
27 chroot_exec systemctl enable iptables.service
28 chroot_exec systemctl enable iptables.service
28
29
29 if [ "$ENABLE_IPV6" = true ] ; then
30 if [ "$ENABLE_IPV6" = true ] ; then
30 # make sure ip6tables-legacy is the used alternatives
31 if [ "$KERNEL_NF" = false ] ; then
31 chroot_exec update-alternatives --verbose --set ip6tables /usr/sbin/ip6tables-legacy
32 #iptables-save and -restore are slaves of iptables and thus are set accordingly
32
33 chroot_exec update-alternatives --verbose --set ip6tables /usr/sbin/ip6tables-legacy
34 fi
35
33 # Install ip6tables systemd service
36 # Install ip6tables systemd service
34 install_readonly files/iptables/ip6tables.service "${ETC_DIR}/systemd/system/ip6tables.service"
37 install_readonly files/iptables/ip6tables.service "${ETC_DIR}/systemd/system/ip6tables.service"
35
38
36 # Install ip6tables file
39 # Install ip6tables file
37 install_exec files/iptables/flush-ip6tables.sh "${ETC_DIR}/iptables/flush-ip6tables.sh"
40 install_exec files/iptables/flush-ip6tables.sh "${ETC_DIR}/iptables/flush-ip6tables.sh"
38
41
39 install_readonly files/iptables/ip6tables.rules "${ETC_DIR}/iptables/ip6tables.rules"
42 install_readonly files/iptables/ip6tables.rules "${ETC_DIR}/iptables/ip6tables.rules"
40
43
41 # Reload systemd configuration and enable iptables service
44 # Reload systemd configuration and enable iptables service
42 chroot_exec systemctl daemon-reload
45 chroot_exec systemctl daemon-reload
43 chroot_exec systemctl enable ip6tables.service
46 chroot_exec systemctl enable ip6tables.service
44 fi
47 fi
45
48
46 if [ "$ENABLE_SSHD" = false ] ; then
49 if [ "$ENABLE_SSHD" = false ] ; then
47 # Remove SSHD related iptables rules
50 # Remove SSHD related iptables rules
48 sed -i "/^#/! {/SSH/ s/^/# /}" "${ETC_DIR}/iptables/iptables.rules" 2> /dev/null
51 sed -i "/^#/! {/SSH/ s/^/# /}" "${ETC_DIR}/iptables/iptables.rules" 2> /dev/null
49 sed -i "/^#/! {/SSH/ s/^/# /}" "${ETC_DIR}/iptables/ip6tables.rules" 2> /dev/null
52 sed -i "/^#/! {/SSH/ s/^/# /}" "${ETC_DIR}/iptables/ip6tables.rules" 2> /dev/null
50 fi
53 fi
51 fi
54 fi
@@ -1,100 +1,105
1 #
1 #
2 # Build and Setup U-Boot
2 # Build and Setup U-Boot
3 #
3 #
4
4
5 # Load utility functions
5 # Load utility functions
6 . ./functions.sh
6 . ./functions.sh
7
7
8 # Fetch and build U-Boot bootloader
8 # Fetch and build U-Boot bootloader
9 if [ "$ENABLE_UBOOT" = true ] ; then
9 if [ "$ENABLE_UBOOT" = true ] ; then
10 # Install c/c++ build environment inside the chroot
10 # Install c/c++ build environment inside the chroot
11 chroot_install_cc
11 chroot_install_cc
12
12
13 # Copy existing U-Boot sources into chroot directory
13 # Copy existing U-Boot sources into chroot directory
14 if [ -n "$UBOOTSRC_DIR" ] && [ -d "$UBOOTSRC_DIR" ] ; then
14 if [ -n "$UBOOTSRC_DIR" ] && [ -d "$UBOOTSRC_DIR" ] ; then
15 # Copy local U-Boot sources
15 # Copy local U-Boot sources
16 cp -r "${UBOOTSRC_DIR}" "${R}/tmp"
16 cp -r "${UBOOTSRC_DIR}" "${R}/tmp"
17 else
17 else
18 # Create temporary directory for U-Boot sources
18 # Create temporary directory for U-Boot sources
19 temp_dir=$(as_nobody mktemp -d)
19 temp_dir=$(as_nobody mktemp -d)
20
20
21 # Fetch U-Boot sources
21 # Fetch U-Boot sources
22 as_nobody git -C "${temp_dir}" clone "${UBOOT_URL}"
22 as_nobody git -C "${temp_dir}" clone "${UBOOT_URL}"
23
23
24 # Copy downloaded U-Boot sources
24 # Copy downloaded U-Boot sources
25 mv "${temp_dir}/u-boot" "${R}/tmp/"
25 mv "${temp_dir}/u-boot" "${R}/tmp/"
26
26
27 # Set permissions of the U-Boot sources
27 # Set permissions of the U-Boot sources
28 chown -R root:root "${R}/tmp/u-boot"
28 chown -R root:root "${R}/tmp/u-boot"
29
29
30 # Remove temporary directory for U-Boot sources
30 # Remove temporary directory for U-Boot sources
31 rm -fr "${temp_dir}"
31 rm -fr "${temp_dir}"
32 fi
32 fi
33
33
34 # Build and install U-Boot inside chroot
34 # Build and install U-Boot inside chroot
35 chroot_exec make -j"${KERNEL_THREADS}" -C /tmp/u-boot/ "${UBOOT_CONFIG}" all
35 chroot_exec make -j"${KERNEL_THREADS}" -C /tmp/u-boot/ "${UBOOT_CONFIG}" all
36
36
37 # Copy compiled bootloader binary and set config.txt to load it
37 # Copy compiled bootloader binary and set config.txt to load it
38 install_exec "${R}/tmp/u-boot/tools/mkimage" "${R}/usr/sbin/mkimage"
38 install_exec "${R}/tmp/u-boot/tools/mkimage" "${R}/usr/sbin/mkimage"
39 install_readonly "${R}/tmp/u-boot/u-boot.bin" "${BOOT_DIR}/u-boot.bin"
39 install_readonly "${R}/tmp/u-boot/u-boot.bin" "${BOOT_DIR}/u-boot.bin"
40 printf "\n# boot u-boot kernel\nkernel=u-boot.bin\n" >> "${BOOT_DIR}/config.txt"
40 printf "\n# boot u-boot kernel\nkernel=u-boot.bin\n" >> "${BOOT_DIR}/config.txt"
41
41
42 # Install and setup U-Boot command file
42 # Install and setup U-Boot command file
43 install_readonly files/boot/uboot.mkimage "${BOOT_DIR}/uboot.mkimage"
43 install_readonly files/boot/uboot.mkimage "${BOOT_DIR}/uboot.mkimage"
44 printf "# Set the kernel boot command line\nsetenv bootargs \"earlyprintk ${CMDLINE}\"\n\n$(cat "${BOOT_DIR}"/uboot.mkimage)" > "${BOOT_DIR}/uboot.mkimage"
44 printf "# Set the kernel boot command line\nsetenv bootargs \"earlyprintk ${CMDLINE}\"\n\n$(cat "${BOOT_DIR}"/uboot.mkimage)" > "${BOOT_DIR}/uboot.mkimage"
45
45
46 if [ "$ENABLE_INITRAMFS" = true ] ; then
46 if [ "$ENABLE_INITRAMFS" = true ] ; then
47 # Convert generated initramfs for U-Boot using mkimage
47 # Convert generated initramfs for U-Boot using mkimage
48 chroot_exec /usr/sbin/mkimage -A "${KERNEL_ARCH}" -T ramdisk -C none -n "initramfs-${KERNEL_VERSION}" -d "/boot/firmware/initramfs-${KERNEL_VERSION}" "/boot/firmware/initramfs-${KERNEL_VERSION}.uboot"
48 chroot_exec /usr/sbin/mkimage -A "${KERNEL_ARCH}" -T ramdisk -C none -n "initramfs-${KERNEL_VERSION}" -d "/boot/firmware/initramfs-${KERNEL_VERSION}" "/boot/firmware/initramfs-${KERNEL_VERSION}.uboot"
49
49
50 # Remove original initramfs file
50 # Remove original initramfs file
51 rm -f "${BOOT_DIR}/initramfs-${KERNEL_VERSION}"
51 rm -f "${BOOT_DIR}/initramfs-${KERNEL_VERSION}"
52
52
53 # Configure U-Boot to load generated initramfs
53 # Configure U-Boot to load generated initramfs
54 printf "# Set initramfs file\nsetenv initramfs initramfs-${KERNEL_VERSION}.uboot\n\n$(cat "${BOOT_DIR}"/uboot.mkimage)" > "${BOOT_DIR}/uboot.mkimage"
54 printf "# Set initramfs file\nsetenv initramfs initramfs-${KERNEL_VERSION}.uboot\n\n$(cat "${BOOT_DIR}"/uboot.mkimage)" > "${BOOT_DIR}/uboot.mkimage"
55 printf "\nbootz \${kernel_addr_r} \${ramdisk_addr_r} \${fdt_addr_r}" >> "${BOOT_DIR}/uboot.mkimage"
55 printf "\nbootz \${kernel_addr_r} \${ramdisk_addr_r} \${fdt_addr_r}" >> "${BOOT_DIR}/uboot.mkimage"
56 else # ENABLE_INITRAMFS=false
56 else # ENABLE_INITRAMFS=false
57 # Remove initramfs from U-Boot mkfile
57 # Remove initramfs from U-Boot mkfile
58 sed -i '/.*initramfs.*/d' "${BOOT_DIR}/uboot.mkimage"
58 sed -i '/.*initramfs.*/d' "${BOOT_DIR}/uboot.mkimage"
59
59
60 if [ "$BUILD_KERNEL" = false ] ; then
60 if [ "$BUILD_KERNEL" = false ] ; then
61 # Remove dtbfile from U-Boot mkfile
61 # Remove dtbfile from U-Boot mkfile
62 sed -i '/.*dtbfile.*/d' "${BOOT_DIR}/uboot.mkimage"
62 sed -i '/.*dtbfile.*/d' "${BOOT_DIR}/uboot.mkimage"
63 printf "\nbootz \${kernel_addr_r}" >> "${BOOT_DIR}/uboot.mkimage"
63 printf "\nbootz \${kernel_addr_r}" >> "${BOOT_DIR}/uboot.mkimage"
64 else
64 else
65 printf "\nbootz \${kernel_addr_r} - \${fdt_addr_r}" >> "${BOOT_DIR}/uboot.mkimage"
65 printf "\nbootz \${kernel_addr_r} - \${fdt_addr_r}" >> "${BOOT_DIR}/uboot.mkimage"
66 fi
66 fi
67 fi
67 fi
68
68
69 if [ "$SET_ARCH" = 64 ] ; then
69 if [ "$SET_ARCH" = 64 ] ; then
70 echo "Setting up config.txt to boot 64bit uboot"
70 echo "Setting up config.txt to boot 64bit uboot"
71 {
71 {
72 printf "\n# 64bit-mode"
72 printf "\n# 64bit-mode"
73 printf "\n# arm_control=0x200 is deprecated https://www.raspberrypi.org/documentation/configuration/config-txt/misc.md"
73 printf "\n# arm_control=0x200 is deprecated https://www.raspberrypi.org/documentation/configuration/config-txt/misc.md"
74 printf "\narm_64bit=1"
74 printf "\narm_64bit=1"
75 } >> "${BOOT_DIR}/config.txt"
75 } >> "${BOOT_DIR}/config.txt"
76
76
77 #in 64bit uboot booti is used instead of bootz [like in KERNEL_BIN_IMAGE=zImage (armv7)|| Image(armv8)]
77 #in 64bit uboot booti is used instead of bootz [like in KERNEL_BIN_IMAGE=zImage (armv7)|| Image(armv8)]
78 sed -i "s|bootz|booti|g" "${BOOT_DIR}/uboot.mkimage"
78 sed -i "s|bootz|booti|g" "${BOOT_DIR}/uboot.mkimage"
79 fi
79 fi
80
81 # instead of sd, boot from usb device
82 if [ "$ENABLE_UBOOTUSB" = true ] ; then
83 sed -i "s|mmc|usb|g" "${BOOT_DIR}/uboot.mkimage"
84 fi
80
85
81 # Set mkfile to use the correct dtb file
86 # Set mkfile to use the correct dtb file
82 sed -i "s|bcm2709-rpi-2-b.dtb|${DTB_FILE}|" "${BOOT_DIR}/uboot.mkimage"
87 sed -i "s|bcm2709-rpi-2-b.dtb|${DTB_FILE}|" "${BOOT_DIR}/uboot.mkimage"
83
88
84 # Set mkfile to use the correct mach id
89 # Set mkfile to use the correct mach id
85 if [ "$ENABLE_QEMU" = true ] ; then
90 if [ "$ENABLE_QEMU" = true ] ; then
86 sed -i "s/^\(setenv machid \).*/\10x000008e0/" "${BOOT_DIR}/uboot.mkimage"
91 sed -i "s/^\(setenv machid \).*/\10x000008e0/" "${BOOT_DIR}/uboot.mkimage"
87 fi
92 fi
88
93
89 # Set mkfile to use kernel image
94 # Set mkfile to use kernel image
90 sed -i "s|kernel7.img|${KERNEL_IMAGE}|" "${BOOT_DIR}/uboot.mkimage"
95 sed -i "s|kernel7.img|${KERNEL_IMAGE}|" "${BOOT_DIR}/uboot.mkimage"
91
96
92 # Remove all leading blank lines
97 # Remove all leading blank lines
93 sed -i "/./,\$!d" "${BOOT_DIR}/uboot.mkimage"
98 sed -i "/./,\$!d" "${BOOT_DIR}/uboot.mkimage"
94
99
95 # Generate U-Boot bootloader image
100 # Generate U-Boot bootloader image
96 chroot_exec /usr/sbin/mkimage -A "${KERNEL_ARCH}" -O linux -T script -C none -a 0x00000000 -e 0x00000000 -n "RPi${RPI_MODEL}" -d /boot/firmware/uboot.mkimage /boot/firmware/boot.scr
101 chroot_exec /usr/sbin/mkimage -A "${KERNEL_ARCH}" -O linux -T script -C none -a 0x00000000 -e 0x00000000 -n "RPi${RPI_MODEL}" -d /boot/firmware/uboot.mkimage /boot/firmware/boot.scr
97
102
98 # Remove U-Boot sources
103 # Remove U-Boot sources
99 rm -fr "${R}/tmp/u-boot"
104 rm -fr "${R}/tmp/u-boot"
100 fi
105 fi
@@ -1,86 +1,116
1 # This file contains utility functions used by rpi23-gen-image.sh
1 # This file contains utility functions used by rpi23-gen-image.sh
2
2
3 cleanup (){
3 cleanup (){
4 set +x
4 set +x
5 set +e
5 set +e
6
7 # Remove exports from nexmon
8 unset KERNEL
9 unset ARCH
10 unset SUBARCH
11 unset CCPLUGIN
12 unset ZLIBFLATE
13 unset Q
14 unset NEXMON_SETUP_ENV
15 unset HOSTUNAME
16 unset PLATFORMUNAME
6
17
7 # Identify and kill all processes still using files
18 # Identify and kill all processes still using files
8 echo "killing processes using mount point ..."
19 echo "killing processes using mount point ..."
9 fuser -k "${R}"
20 fuser -k "${R}"
10 sleep 3
21 sleep 3
11 fuser -9 -k -v "${R}"
22 fuser -9 -k -v "${R}"
12
23
13 # Clean up temporary .password file
24 # Clean up temporary .password file
14 if [ -r ".password" ] ; then
25 if [ -r ".password" ] ; then
15 shred -zu .password
26 shred -zu .password
16 fi
27 fi
17
28
18 # Clean up all temporary mount points
29 # Clean up all temporary mount points
19 echo "removing temporary mount points ..."
30 echo "removing temporary mount points ..."
20 umount -l "${R}/proc" 2> /dev/null
31 umount -l "${R}/proc" 2> /dev/null
21 umount -l "${R}/sys" 2> /dev/null
32 umount -l "${R}/sys" 2> /dev/null
22 umount -l "${R}/dev/pts" 2> /dev/null
33 umount -l "${R}/dev/pts" 2> /dev/null
23 umount "$BUILDDIR/mount/boot/firmware" 2> /dev/null
34 umount "$BUILDDIR/mount/boot/firmware" 2> /dev/null
24 umount "$BUILDDIR/mount" 2> /dev/null
35 umount "$BUILDDIR/mount" 2> /dev/null
25 cryptsetup close "${CRYPTFS_MAPPING}" 2> /dev/null
36 cryptsetup close "${CRYPTFS_MAPPING}" 2> /dev/null
26 losetup -d "$ROOT_LOOP" 2> /dev/null
37 losetup -d "$ROOT_LOOP" 2> /dev/null
27 losetup -d "$FRMW_LOOP" 2> /dev/null
38 losetup -d "$FRMW_LOOP" 2> /dev/null
28 trap - 0 1 2 3 6
39 trap - 0 1 2 3 6
29 }
40 }
30
41
31 chroot_exec() {
42 chroot_exec() {
32 # Exec command in chroot
43 # Exec command in chroot
33 LANG=C LC_ALL=C DEBIAN_FRONTEND=noninteractive chroot "${R}" "$@"
44 LANG=C LC_ALL=C DEBIAN_FRONTEND=noninteractive chroot "${R}" "$@"
34 }
45 }
35
46
36 as_nobody() {
47 as_nobody() {
37 # Exec command as user nobody
48 # Exec command as user nobody
38 sudo -E -u nobody LANG=C LC_ALL=C "$@"
49 sudo -E -u nobody LANG=C LC_ALL=C "$@"
39 }
50 }
40
51
41 install_readonly() {
52 install_readonly() {
42 # Install file with user read-only permissions
53 # Install file with user read-only permissions
43 install -o root -g root -m 644 "$@"
54 install -o root -g root -m 644 "$@"
44 }
55 }
45
56
46 install_exec() {
57 install_exec() {
47 # Install file with root exec permissions
58 # Install file with root exec permissions
48 install -o root -g root -m 744 "$@"
59 install -o root -g root -m 744 "$@"
49 }
60 }
50
61
51 use_template () {
62 use_template () {
52 # Test if configuration template file exists
63 # Test if configuration template file exists
53 if [ ! -r "./templates/${CONFIG_TEMPLATE}" ] ; then
64 if [ ! -r "./templates/${CONFIG_TEMPLATE}" ] ; then
54 echo "error: configuration template ${CONFIG_TEMPLATE} not found"
65 echo "error: configuration template ${CONFIG_TEMPLATE} not found"
55 exit 1
66 exit 1
56 fi
67 fi
57
68
58 # Load template configuration parameters
69 # Load template configuration parameters
59 . "./templates/${CONFIG_TEMPLATE}"
70 . "./templates/${CONFIG_TEMPLATE}"
60 }
71 }
61
72
62 chroot_install_cc() {
73 chroot_install_cc() {
63 # Install c/c++ build environment inside the chroot
74 # Install c/c++ build environment inside the chroot
64 if [ -z "${COMPILER_PACKAGES}" ] ; then
75 if [ -z "${COMPILER_PACKAGES}" ] ; then
65 COMPILER_PACKAGES=$(chroot_exec apt-get -s install g++ make bc | grep "^Inst " | awk -v ORS=" " '{ print $2 }')
76 COMPILER_PACKAGES=$(chroot_exec apt-get -s install g++ make bc | grep "^Inst " | awk -v ORS=" " '{ print $2 }')
66 # Install COMPILER_PACKAGES in chroot - NEVER do "${COMPILER_PACKAGES}" -> breaks uboot
77 # Install COMPILER_PACKAGES in chroot - NEVER do "${COMPILER_PACKAGES}" -> breaks uboot
67 chroot_exec apt-get -q -y --allow-unauthenticated --no-install-recommends install ${COMPILER_PACKAGES}
78 chroot_exec apt-get -q -y --allow-unauthenticated --no-install-recommends install ${COMPILER_PACKAGES}
68 fi
79 fi
69 }
80 }
70
81
71 chroot_remove_cc() {
82 chroot_remove_cc() {
72 # Remove c/c++ build environment from the chroot
83 # Remove c/c++ build environment from the chroot
73 if [ -n "${COMPILER_PACKAGES}" ] ; then
84 if [ -n "${COMPILER_PACKAGES}" ] ; then
74 chroot_exec apt-get -qq -y --auto-remove purge ${COMPILER_PACKAGES}
85 chroot_exec apt-get -qq -y --auto-remove purge ${COMPILER_PACKAGES}
75 COMPILER_PACKAGES=""
86 COMPILER_PACKAGES=""
76 fi
87 fi
77 }
88 }
78
89
79 # https://serverfault.com/a/682849 - converts e.g. /24 to 255.255.255.0
90 # https://serverfault.com/a/682849 - converts e.g. /24 to 255.255.255.0
80 cdr2mask ()
91 cdr2mask ()
81 {
92 {
82 # Number of args to shift, 255..255, first non-255 byte, zeroes
93 # Number of args to shift, 255..255, first non-255 byte, zeroes
83 set -- $(( 5 - ($1 / 8) )) 255 255 255 255 $(( (255 << (8 - ($1 % 8))) & 255 )) 0 0 0
94 set -- $(( 5 - ($1 / 8) )) 255 255 255 255 $(( (255 << (8 - ($1 % 8))) & 255 )) 0 0 0
84 [ $1 -gt 1 ] && shift $1 || shift
95 [ $1 -gt 1 ] && shift $1 || shift
85 echo ${1-0}.${2-0}.${3-0}.${4-0}
96 echo ${1-0}.${2-0}.${3-0}.${4-0}
97 }
98
99 # GPL v2.0 - #https://github.com/sakaki-/bcmrpi3-kernel-bis/blob/master/conform_config.sh
100 set_kernel_config() {
101 # flag as $1, value to set as $2, config must exist at "./.config"
102 TGT="CONFIG_${1#CONFIG_}"
103 REP="${2}"
104 if grep -q "^${TGT}[^_]" .config; then
105 sed -i "s/^\(${TGT}=.*\|# ${TGT} is not set\)/${TGT}=${REP}/" .config
106 else
107 echo "${TGT}"="${2}" >> .config
108 fi
109 }
110
111 # unset kernel config parameter
112 unset_kernel_config() {
113 # unsets flag with the value of $1, config must exist at "./.config"
114 TGT="CONFIG_${1#CONFIG_}"
115 sed -i "s/^${TGT}=.*/# ${TGT} is not set/" .config
86 } No newline at end of file
116 }
@@ -1,809 +1,859
1 #!/bin/sh
1 #!/bin/sh
2 ########################################################################
2 ########################################################################
3 # rpi23-gen-image.sh 2015-2017
3 # rpi23-gen-image.sh 2015-2017
4 #
4 #
5 # Advanced Debian "stretch" and "buster" bootstrap script for Raspberry Pi
5 # Advanced Debian "stretch" and "buster" bootstrap script for Raspberry Pi
6 #
6 #
7 # This program is free software; you can redistribute it and/or
7 # This program is free software; you can redistribute it and/or
8 # modify it under the terms of the GNU General Public License
8 # modify it under the terms of the GNU General Public License
9 # as published by the Free Software Foundation; either version 2
9 # as published by the Free Software Foundation; either version 2
10 # of the License, or (at your option) any later version.
10 # of the License, or (at your option) any later version.
11 #
11 #
12 # Copyright (C) 2015 Jan Wagner <mail@jwagner.eu>
12 # Copyright (C) 2015 Jan Wagner <mail@jwagner.eu>
13 #
13 #
14 # Big thanks for patches and enhancements by 20+ github contributors!
14 # Big thanks for patches and enhancements by 20+ github contributors!
15 ########################################################################
15 ########################################################################
16
16
17 # Are we running as root?
17 # Are we running as root?
18 if [ "$(id -u)" -ne "0" ] ; then
18 if [ "$(id -u)" -ne "0" ] ; then
19 echo "error: this script must be executed with root privileges!"
19 echo "error: this script must be executed with root privileges!"
20 exit 1
20 exit 1
21 fi
21 fi
22
22
23 # Check if ./functions.sh script exists
23 # Check if ./functions.sh script exists
24 if [ ! -r "./functions.sh" ] ; then
24 if [ ! -r "./functions.sh" ] ; then
25 echo "error: './functions.sh' required script not found!"
25 echo "error: './functions.sh' required script not found!"
26 exit 1
26 exit 1
27 fi
27 fi
28
28
29 # Load utility functions
29 # Load utility functions
30 . ./functions.sh
30 . ./functions.sh
31
31
32 # Load parameters from configuration template file
32 # Load parameters from configuration template file
33 if [ -n "$CONFIG_TEMPLATE" ] ; then
33 if [ -n "$CONFIG_TEMPLATE" ] ; then
34 use_template
34 use_template
35 fi
35 fi
36
36
37 # Introduce settings
37 # Introduce settings
38 set -e
38 set -e
39 echo -n -e "\n#\n# RPi 0/1/2/3 Bootstrap Settings\n#\n"
39 echo -n -e "\n#\n# RPi 0/1/2/3 Bootstrap Settings\n#\n"
40 set -x
40 set -x
41
41
42 # Raspberry Pi model configuration
42 # Raspberry Pi model configuration
43 RPI_MODEL=${RPI_MODEL:=2}
43 RPI_MODEL=${RPI_MODEL:=2}
44
44
45 # Debian release
45 # Debian release
46 RELEASE=${RELEASE:=buster}
46 RELEASE=${RELEASE:=buster}
47
47
48 # Kernel Branch
48 # Kernel Branch
49 KERNEL_BRANCH=${KERNEL_BRANCH:=""}
49 KERNEL_BRANCH=${KERNEL_BRANCH:=""}
50
50
51 # URLs
51 # URLs
52 KERNEL_URL=${KERNEL_URL:=https://github.com/raspberrypi/linux}
52 KERNEL_URL=${KERNEL_URL:=https://github.com/raspberrypi/linux}
53 FIRMWARE_URL=${FIRMWARE_URL:=https://github.com/raspberrypi/firmware/raw/master/boot}
53 FIRMWARE_URL=${FIRMWARE_URL:=https://github.com/raspberrypi/firmware/raw/master/boot}
54 WLAN_FIRMWARE_URL=${WLAN_FIRMWARE_URL:=https://github.com/RPi-Distro/firmware-nonfree/raw/master/brcm}
54 WLAN_FIRMWARE_URL=${WLAN_FIRMWARE_URL:=https://github.com/RPi-Distro/firmware-nonfree/raw/master/brcm}
55 COLLABORA_URL=${COLLABORA_URL:=https://repositories.collabora.co.uk/debian}
55 COLLABORA_URL=${COLLABORA_URL:=https://repositories.collabora.co.uk/debian}
56 FBTURBO_URL=${FBTURBO_URL:=https://github.com/ssvb/xf86-video-fbturbo.git}
56 FBTURBO_URL=${FBTURBO_URL:=https://github.com/ssvb/xf86-video-fbturbo.git}
57 UBOOT_URL=${UBOOT_URL:=https://git.denx.de/u-boot.git}
57 UBOOT_URL=${UBOOT_URL:=https://git.denx.de/u-boot.git}
58 VIDEOCORE_URL=${VIDEOCORE_URL:=https://github.com/raspberrypi/userland}
58 VIDEOCORE_URL=${VIDEOCORE_URL:=https://github.com/raspberrypi/userland}
59 BLUETOOTH_URL=${BLUETOOTH_URL:=https://github.com/RPi-Distro/pi-bluetooth.git}
59 BLUETOOTH_URL=${BLUETOOTH_URL:=https://github.com/RPi-Distro/pi-bluetooth.git}
60 NEXMON_URL=${NEXMON_URL:=https://github.com/seemoo-lab/nexmon.git}
61 SYSTEMDSWAP_URL=${SYSTEMDSWAP_URL:=https://github.com/Nefelim4ag/systemd-swap.git}
62
63 # Kernel deb packages for 32bit kernel
64 RPI_32_KERNEL_URL=${RPI_32_KERNEL_URL:=https://github.com/hypriot/rpi-kernel/releases/download/v4.14.34/raspberrypi-kernel_20180422-141901_armhf.deb}
65 RPI_32_KERNELHEADER_URL=${RPI_32_KERNELHEADER_URL:=https://github.com/hypriot/rpi-kernel/releases/download/v4.14.34/raspberrypi-kernel-headers_20180422-141901_armhf.deb}
66 # Kernel has KVM and zswap enabled - use if KERNEL_* parameters and precompiled kernel are used
67 RPI3_64_BIS_KERNEL_URL=${RPI3_64_BIS_KERNEL_URL:=https://github.com/sakaki-/bcmrpi3-kernel-bis/releases/download/4.14.80.20181113/bcmrpi3-kernel-bis-4.14.80.20181113.tar.xz}
68 # Default precompiled 64bit kernel
69 RPI3_64_DEF_KERNEL_URL=${RPI3_64_DEF_KERNEL_URL:=https://github.com/sakaki-/bcmrpi3-kernel/releases/download/4.14.80.20181113/bcmrpi3-kernel-4.14.80.20181113.tar.xz}
70 # Generic
71 RPI3_64_KERNEL_URL=${RPI3_64_KERNEL_URL:=$RPI3_64_DEF_KERNEL_URL}
72 # Kali kernel src - used if ENABLE_NEXMON=true (they patch the wlan kernel modul)
73 KALI_KERNEL_URL=${KALI_KERNEL_URL:=https://github.com/Re4son/re4son-raspberrypi-linux.git}
60
74
61 # Build directories
75 # Build directories
62 WORKDIR=$(pwd)
76 WORKDIR=$(pwd)
63 BASEDIR=${BASEDIR:=${WORKDIR}/images/${RELEASE}}
77 BASEDIR=${BASEDIR:=${WORKDIR}/images/${RELEASE}}
64 BUILDDIR="${BASEDIR}/build"
78 BUILDDIR="${BASEDIR}/build"
65
79
66 # Chroot directories
80 # Chroot directories
67 R="${BUILDDIR}/chroot"
81 R="${BUILDDIR}/chroot"
68 ETC_DIR="${R}/etc"
82 ETC_DIR="${R}/etc"
69 LIB_DIR="${R}/lib"
83 LIB_DIR="${R}/lib"
70 BOOT_DIR="${R}/boot/firmware"
84 BOOT_DIR="${R}/boot/firmware"
71 KERNEL_DIR="${R}/usr/src/linux"
85 KERNEL_DIR="${R}/usr/src/linux"
72 WLAN_FIRMWARE_DIR="${LIB_DIR}/firmware/brcm"
86 WLAN_FIRMWARE_DIR="${LIB_DIR}/firmware/brcm"
73 BLUETOOTH_FIRMWARE_DIR="${ETC_DIR}/firmware/bt"
87 BLUETOOTH_FIRMWARE_DIR="${ETC_DIR}/firmware/bt"
74
88
75 # Firmware directory: Blank if download from github
89 # Firmware directory: Blank if download from github
76 RPI_FIRMWARE_DIR=${RPI_FIRMWARE_DIR:=""}
90 RPI_FIRMWARE_DIR=${RPI_FIRMWARE_DIR:=""}
77
91
78 # General settings
92 # General settings
79 SET_ARCH=${SET_ARCH:=32}
93 SET_ARCH=${SET_ARCH:=32}
80 HOSTNAME=${HOSTNAME:=rpi${RPI_MODEL}-${RELEASE}}
94 HOSTNAME=${HOSTNAME:=rpi${RPI_MODEL}-${RELEASE}}
81 PASSWORD=${PASSWORD:=raspberry}
95 PASSWORD=${PASSWORD:=raspberry}
82 USER_PASSWORD=${USER_PASSWORD:=raspberry}
96 USER_PASSWORD=${USER_PASSWORD:=raspberry}
83 DEFLOCAL=${DEFLOCAL:="en_US.UTF-8"}
97 DEFLOCAL=${DEFLOCAL:="en_US.UTF-8"}
84 TIMEZONE=${TIMEZONE:="Europe/Berlin"}
98 TIMEZONE=${TIMEZONE:="Europe/Berlin"}
85 EXPANDROOT=${EXPANDROOT:=true}
99 EXPANDROOT=${EXPANDROOT:=true}
86
100
87 # Keyboard settings
101 # Keyboard settings
88 XKB_MODEL=${XKB_MODEL:=""}
102 XKB_MODEL=${XKB_MODEL:=""}
89 XKB_LAYOUT=${XKB_LAYOUT:=""}
103 XKB_LAYOUT=${XKB_LAYOUT:=""}
90 XKB_VARIANT=${XKB_VARIANT:=""}
104 XKB_VARIANT=${XKB_VARIANT:=""}
91 XKB_OPTIONS=${XKB_OPTIONS:=""}
105 XKB_OPTIONS=${XKB_OPTIONS:=""}
92
106
93 # Network settings (DHCP)
107 # Network settings (DHCP)
94 ENABLE_DHCP=${ENABLE_DHCP:=true}
108 ENABLE_DHCP=${ENABLE_DHCP:=true}
95
109
96 # Network settings (static)
110 # Network settings (static)
97 NET_ADDRESS=${NET_ADDRESS:=""}
111 NET_ADDRESS=${NET_ADDRESS:=""}
98 NET_GATEWAY=${NET_GATEWAY:=""}
112 NET_GATEWAY=${NET_GATEWAY:=""}
99 NET_DNS_1=${NET_DNS_1:=""}
113 NET_DNS_1=${NET_DNS_1:=""}
100 NET_DNS_2=${NET_DNS_2:=""}
114 NET_DNS_2=${NET_DNS_2:=""}
101 NET_DNS_DOMAINS=${NET_DNS_DOMAINS:=""}
115 NET_DNS_DOMAINS=${NET_DNS_DOMAINS:=""}
102 NET_NTP_1=${NET_NTP_1:=""}
116 NET_NTP_1=${NET_NTP_1:=""}
103 NET_NTP_2=${NET_NTP_2:=""}
117 NET_NTP_2=${NET_NTP_2:=""}
104
118
105 # APT settings
119 # APT settings
106 APT_PROXY=${APT_PROXY:=""}
120 APT_PROXY=${APT_PROXY:=""}
107 APT_SERVER=${APT_SERVER:="ftp.debian.org"}
121 APT_SERVER=${APT_SERVER:="ftp.debian.org"}
108
122
109 # Feature settings
123 # Feature settings
110 ENABLE_PRINTK=${ENABLE_PRINTK:=false}
124 ENABLE_PRINTK=${ENABLE_PRINTK:=false}
111 ENABLE_BLUETOOTH=${ENABLE_BLUETOOTH:=false}
125 ENABLE_BLUETOOTH=${ENABLE_BLUETOOTH:=false}
112 ENABLE_MINIUART_OVERLAY=${ENABLE_MINIUART_OVERLAY:=false}
126 ENABLE_MINIUART_OVERLAY=${ENABLE_MINIUART_OVERLAY:=false}
113 ENABLE_CONSOLE=${ENABLE_CONSOLE:=true}
127 ENABLE_CONSOLE=${ENABLE_CONSOLE:=true}
114 ENABLE_I2C=${ENABLE_I2C:=false}
128 ENABLE_I2C=${ENABLE_I2C:=false}
115 ENABLE_SPI=${ENABLE_SPI:=false}
129 ENABLE_SPI=${ENABLE_SPI:=false}
116 ENABLE_IPV6=${ENABLE_IPV6:=true}
130 ENABLE_IPV6=${ENABLE_IPV6:=true}
117 ENABLE_SSHD=${ENABLE_SSHD:=true}
131 ENABLE_SSHD=${ENABLE_SSHD:=true}
118 ENABLE_NONFREE=${ENABLE_NONFREE:=false}
132 ENABLE_NONFREE=${ENABLE_NONFREE:=false}
119 ENABLE_WIRELESS=${ENABLE_WIRELESS:=false}
133 ENABLE_WIRELESS=${ENABLE_WIRELESS:=false}
120 ENABLE_SOUND=${ENABLE_SOUND:=true}
134 ENABLE_SOUND=${ENABLE_SOUND:=true}
121 ENABLE_DBUS=${ENABLE_DBUS:=true}
135 ENABLE_DBUS=${ENABLE_DBUS:=true}
122 ENABLE_HWRANDOM=${ENABLE_HWRANDOM:=true}
136 ENABLE_HWRANDOM=${ENABLE_HWRANDOM:=true}
123 ENABLE_MINGPU=${ENABLE_MINGPU:=false}
137 ENABLE_MINGPU=${ENABLE_MINGPU:=false}
124 ENABLE_XORG=${ENABLE_XORG:=false}
138 ENABLE_XORG=${ENABLE_XORG:=false}
125 ENABLE_WM=${ENABLE_WM:=""}
139 ENABLE_WM=${ENABLE_WM:=""}
126 ENABLE_RSYSLOG=${ENABLE_RSYSLOG:=true}
140 ENABLE_RSYSLOG=${ENABLE_RSYSLOG:=true}
127 ENABLE_USER=${ENABLE_USER:=true}
141 ENABLE_USER=${ENABLE_USER:=true}
128 USER_NAME=${USER_NAME:="pi"}
142 USER_NAME=${USER_NAME:="pi"}
129 ENABLE_ROOT=${ENABLE_ROOT:=false}
143 ENABLE_ROOT=${ENABLE_ROOT:=false}
130 ENABLE_QEMU=${ENABLE_QEMU:=false}
144 ENABLE_QEMU=${ENABLE_QEMU:=false}
131 ENABLE_SYSVINIT=${ENABLE_SYSVINIT:=false}
145 ENABLE_SYSVINIT=${ENABLE_SYSVINIT:=false}
132
146
133 # SSH settings
147 # SSH settings
134 SSH_ENABLE_ROOT=${SSH_ENABLE_ROOT:=false}
148 SSH_ENABLE_ROOT=${SSH_ENABLE_ROOT:=false}
135 SSH_DISABLE_PASSWORD_AUTH=${SSH_DISABLE_PASSWORD_AUTH:=false}
149 SSH_DISABLE_PASSWORD_AUTH=${SSH_DISABLE_PASSWORD_AUTH:=false}
136 SSH_LIMIT_USERS=${SSH_LIMIT_USERS:=false}
150 SSH_LIMIT_USERS=${SSH_LIMIT_USERS:=false}
137 SSH_ROOT_PUB_KEY=${SSH_ROOT_PUB_KEY:=""}
151 SSH_ROOT_PUB_KEY=${SSH_ROOT_PUB_KEY:=""}
138 SSH_USER_PUB_KEY=${SSH_USER_PUB_KEY:=""}
152 SSH_USER_PUB_KEY=${SSH_USER_PUB_KEY:=""}
139
153
140 # Advanced settings
154 # Advanced settings
155 ENABLE_SYSTEMDSWAP=${ENABLE_SYSTEMDSWAP:=false}
141 ENABLE_MINBASE=${ENABLE_MINBASE:=false}
156 ENABLE_MINBASE=${ENABLE_MINBASE:=false}
142 ENABLE_REDUCE=${ENABLE_REDUCE:=false}
157 ENABLE_REDUCE=${ENABLE_REDUCE:=false}
143 ENABLE_UBOOT=${ENABLE_UBOOT:=false}
158 ENABLE_UBOOT=${ENABLE_UBOOT:=false}
144 UBOOTSRC_DIR=${UBOOTSRC_DIR:=""}
159 UBOOTSRC_DIR=${UBOOTSRC_DIR:=""}
160 ENABLE_UBOOTUSB=${ENABLE_UBOOTUSB=false}
145 ENABLE_FBTURBO=${ENABLE_FBTURBO:=false}
161 ENABLE_FBTURBO=${ENABLE_FBTURBO:=false}
146 ENABLE_VIDEOCORE=${ENABLE_VIDEOCORE:=false}
162 ENABLE_VIDEOCORE=${ENABLE_VIDEOCORE:=false}
163 ENABLE_NEXMON=${ENABLE_NEXMON:=false}
147 VIDEOCORESRC_DIR=${VIDEOCORESRC_DIR:=""}
164 VIDEOCORESRC_DIR=${VIDEOCORESRC_DIR:=""}
148 FBTURBOSRC_DIR=${FBTURBOSRC_DIR:=""}
165 FBTURBOSRC_DIR=${FBTURBOSRC_DIR:=""}
166 NEXMONSRC_DIR=${NEXMONSRC_DIR:=""}
149 ENABLE_HARDNET=${ENABLE_HARDNET:=false}
167 ENABLE_HARDNET=${ENABLE_HARDNET:=false}
150 ENABLE_IPTABLES=${ENABLE_IPTABLES:=false}
168 ENABLE_IPTABLES=${ENABLE_IPTABLES:=false}
151 ENABLE_SPLITFS=${ENABLE_SPLITFS:=false}
169 ENABLE_SPLITFS=${ENABLE_SPLITFS:=false}
152 ENABLE_INITRAMFS=${ENABLE_INITRAMFS:=false}
170 ENABLE_INITRAMFS=${ENABLE_INITRAMFS:=false}
153 ENABLE_IFNAMES=${ENABLE_IFNAMES:=true}
171 ENABLE_IFNAMES=${ENABLE_IFNAMES:=true}
154 DISABLE_UNDERVOLT_WARNINGS=${DISABLE_UNDERVOLT_WARNINGS:=}
172 DISABLE_UNDERVOLT_WARNINGS=${DISABLE_UNDERVOLT_WARNINGS:=}
155
173
156 # Kernel compilation settings
174 # Kernel compilation settings
157 BUILD_KERNEL=${BUILD_KERNEL:=true}
175 BUILD_KERNEL=${BUILD_KERNEL:=true}
158 KERNEL_REDUCE=${KERNEL_REDUCE:=false}
176 KERNEL_REDUCE=${KERNEL_REDUCE:=false}
159 KERNEL_THREADS=${KERNEL_THREADS:=1}
177 KERNEL_THREADS=${KERNEL_THREADS:=1}
160 KERNEL_HEADERS=${KERNEL_HEADERS:=true}
178 KERNEL_HEADERS=${KERNEL_HEADERS:=true}
161 KERNEL_MENUCONFIG=${KERNEL_MENUCONFIG:=false}
179 KERNEL_MENUCONFIG=${KERNEL_MENUCONFIG:=false}
162 KERNEL_REMOVESRC=${KERNEL_REMOVESRC:=true}
180 KERNEL_REMOVESRC=${KERNEL_REMOVESRC:=true}
163 KERNEL_OLDDEFCONFIG=${KERNEL_OLDDEFCONFIG:=false}
181 KERNEL_OLDDEFCONFIG=${KERNEL_OLDDEFCONFIG:=false}
164 KERNEL_CCACHE=${KERNEL_CCACHE:=false}
182 KERNEL_CCACHE=${KERNEL_CCACHE:=false}
183 KERNEL_ZSWAP=${KERNEL_ZSWAP:=false}
184 KERNEL_VIRT=${KERNEL_VIRT:=false}
185 KERNEL_BPF=${KERNEL_BPF:=false}
186 KERNEL_DEFAULT_GOV=${KERNEL_DEFAULT_GOV:=powersave}
187 KERNEL_SECURITY=${KERNEL_SECURITY:=false}
188 KERNEL_NF=${KERNEL_NF:=false}
165
189
166 # Kernel compilation from source directory settings
190 # Kernel compilation from source directory settings
167 KERNELSRC_DIR=${KERNELSRC_DIR:=""}
191 KERNELSRC_DIR=${KERNELSRC_DIR:=""}
168 KERNELSRC_CLEAN=${KERNELSRC_CLEAN:=false}
192 KERNELSRC_CLEAN=${KERNELSRC_CLEAN:=false}
169 KERNELSRC_CONFIG=${KERNELSRC_CONFIG:=true}
193 KERNELSRC_CONFIG=${KERNELSRC_CONFIG:=true}
170 KERNELSRC_PREBUILT=${KERNELSRC_PREBUILT:=false}
194 KERNELSRC_PREBUILT=${KERNELSRC_PREBUILT:=false}
171
195
172 # Reduce disk usage settings
196 # Reduce disk usage settings
173 REDUCE_APT=${REDUCE_APT:=true}
197 REDUCE_APT=${REDUCE_APT:=true}
174 REDUCE_DOC=${REDUCE_DOC:=true}
198 REDUCE_DOC=${REDUCE_DOC:=true}
175 REDUCE_MAN=${REDUCE_MAN:=true}
199 REDUCE_MAN=${REDUCE_MAN:=true}
176 REDUCE_VIM=${REDUCE_VIM:=false}
200 REDUCE_VIM=${REDUCE_VIM:=false}
177 REDUCE_BASH=${REDUCE_BASH:=false}
201 REDUCE_BASH=${REDUCE_BASH:=false}
178 REDUCE_HWDB=${REDUCE_HWDB:=true}
202 REDUCE_HWDB=${REDUCE_HWDB:=true}
179 REDUCE_SSHD=${REDUCE_SSHD:=true}
203 REDUCE_SSHD=${REDUCE_SSHD:=true}
180 REDUCE_LOCALE=${REDUCE_LOCALE:=true}
204 REDUCE_LOCALE=${REDUCE_LOCALE:=true}
181
205
182 # Encrypted filesystem settings
206 # Encrypted filesystem settings
183 ENABLE_CRYPTFS=${ENABLE_CRYPTFS:=false}
207 ENABLE_CRYPTFS=${ENABLE_CRYPTFS:=false}
184 CRYPTFS_PASSWORD=${CRYPTFS_PASSWORD:=""}
208 CRYPTFS_PASSWORD=${CRYPTFS_PASSWORD:=""}
185 CRYPTFS_MAPPING=${CRYPTFS_MAPPING:="secure"}
209 CRYPTFS_MAPPING=${CRYPTFS_MAPPING:="secure"}
186 CRYPTFS_CIPHER=${CRYPTFS_CIPHER:="aes-xts-plain64:sha512"}
210 CRYPTFS_CIPHER=${CRYPTFS_CIPHER:="aes-xts-plain64:sha512"}
187 CRYPTFS_XTSKEYSIZE=${CRYPTFS_XTSKEYSIZE:=512}
211 CRYPTFS_XTSKEYSIZE=${CRYPTFS_XTSKEYSIZE:=512}
188 #Dropbear-initramfs supports unlocking encrypted filesystem via SSH on bootup
212 #Dropbear-initramfs supports unlocking encrypted filesystem via SSH on bootup
189 CRYPTFS_DROPBEAR=${CRYPTFS_DROPBEAR:=false}
213 CRYPTFS_DROPBEAR=${CRYPTFS_DROPBEAR:=false}
190 #Provide your own Dropbear Public RSA-OpenSSH Key otherwise it will be generated
214 #Provide your own Dropbear Public RSA-OpenSSH Key otherwise it will be generated
191 CRYPTFS_DROPBEAR_PUBKEY=${CRYPTFS_DROPBEAR_PUBKEY:=""}
215 CRYPTFS_DROPBEAR_PUBKEY=${CRYPTFS_DROPBEAR_PUBKEY:=""}
192
216
193 # Chroot scripts directory
217 # Chroot scripts directory
194 CHROOT_SCRIPTS=${CHROOT_SCRIPTS:=""}
218 CHROOT_SCRIPTS=${CHROOT_SCRIPTS:=""}
195
219
196 # Packages required in the chroot build environment
220 # Packages required in the chroot build environment
197 APT_INCLUDES=${APT_INCLUDES:=""}
221 APT_INCLUDES=${APT_INCLUDES:=""}
198 APT_INCLUDES="${APT_INCLUDES},apt-transport-https,apt-utils,ca-certificates,debian-archive-keyring,dialog,sudo,systemd,sysvinit-utils,locales,keyboard-configuration,console-setup,libnss-systemd"
222 APT_INCLUDES="${APT_INCLUDES},apt-transport-https,apt-utils,ca-certificates,debian-archive-keyring,dialog,sudo,systemd,sysvinit-utils,locales,keyboard-configuration,console-setup,libnss-systemd"
199
223
200 # Packages to exclude from chroot build environment
224 # Packages to exclude from chroot build environment
201 APT_EXCLUDES=${APT_EXCLUDES:=""}
225 APT_EXCLUDES=${APT_EXCLUDES:=""}
202
226
203 # Packages required for bootstrapping
227 # Packages required for bootstrapping
204 REQUIRED_PACKAGES="debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git bc psmisc dbus sudo"
228 REQUIRED_PACKAGES="debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git bc psmisc dbus sudo"
205 MISSING_PACKAGES=""
229 MISSING_PACKAGES=""
206
230
207 # Packages installed for c/c++ build environment in chroot (keep empty)
231 # Packages installed for c/c++ build environment in chroot (keep empty)
208 COMPILER_PACKAGES=""
232 COMPILER_PACKAGES=""
209
233
210 # Check if apt-cacher-ng has port 3142 open and set APT_PROXY
234 # Check if apt-cacher-ng has port 3142 open and set APT_PROXY
211 APT_CACHER_RUNNING=$(lsof -i :3142 | cut -d ' ' -f3 | uniq | sed '/^\s*$/d')
235 APT_CACHER_RUNNING=$(lsof -i :3142 | cut -d ' ' -f3 | uniq | sed '/^\s*$/d')
212 if [ "${APT_CACHER_RUNNING}" = "apt-cacher-ng" ] ; then
236 if [ "${APT_CACHER_RUNNING}" = "apt-cacher-ng" ] ; then
213 APT_PROXY=http://127.0.0.1:3142/
237 APT_PROXY=http://127.0.0.1:3142/
214 fi
238 fi
215
239
216 # Setup architecture specific settings
240 # Setup architecture specific settings
217 if [ -n "$SET_ARCH" ] ; then
241 if [ -n "$SET_ARCH" ] ; then
218 # 64-bit configuration
242 # 64-bit configuration
219 if [ "$SET_ARCH" = 64 ] ; then
243 if [ "$SET_ARCH" = 64 ] ; then
220 # General 64-bit depended settings
244 # General 64-bit depended settings
221 QEMU_BINARY=${QEMU_BINARY:=/usr/bin/qemu-aarch64-static}
245 QEMU_BINARY=${QEMU_BINARY:=/usr/bin/qemu-aarch64-static}
222 KERNEL_ARCH=${KERNEL_ARCH:=arm64}
246 KERNEL_ARCH=${KERNEL_ARCH:=arm64}
223 KERNEL_BIN_IMAGE=${KERNEL_BIN_IMAGE:="Image"}
247 KERNEL_BIN_IMAGE=${KERNEL_BIN_IMAGE:="Image"}
224
248
225 # Raspberry Pi model specific settings
249 # Raspberry Pi model specific settings
226 if [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then
250 if [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then
227 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-arm64"
251 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-arm64"
228 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcmrpi3_defconfig}
252 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcmrpi3_defconfig}
229 RELEASE_ARCH=${RELEASE_ARCH:=arm64}
253 RELEASE_ARCH=${RELEASE_ARCH:=arm64}
230 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel8.img}
254 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel8.img}
231 CROSS_COMPILE=${CROSS_COMPILE:=aarch64-linux-gnu-}
255 CROSS_COMPILE=${CROSS_COMPILE:=aarch64-linux-gnu-}
232 else
256 else
233 echo "error: Only Raspberry PI 3 and 3B+ support 64-bit"
257 echo "error: Only Raspberry PI 3 and 3B+ support 64-bit"
234 exit 1
258 exit 1
235 fi
259 fi
236 fi
260 fi
237
261
238 # 32-bit configuration
262 # 32-bit configuration
239 if [ "$SET_ARCH" = 32 ] ; then
263 if [ "$SET_ARCH" = 32 ] ; then
240 # General 32-bit dependend settings
264 # General 32-bit dependend settings
241 QEMU_BINARY=${QEMU_BINARY:=/usr/bin/qemu-arm-static}
265 QEMU_BINARY=${QEMU_BINARY:=/usr/bin/qemu-arm-static}
242 KERNEL_ARCH=${KERNEL_ARCH:=arm}
266 KERNEL_ARCH=${KERNEL_ARCH:=arm}
243 KERNEL_BIN_IMAGE=${KERNEL_BIN_IMAGE:="zImage"}
267 KERNEL_BIN_IMAGE=${KERNEL_BIN_IMAGE:="zImage"}
244
268
245 # Raspberry Pi model specific settings
269 # Raspberry Pi model specific settings
246 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 1 ] || [ "$RPI_MODEL" = 1P ] ; then
270 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 1 ] || [ "$RPI_MODEL" = 1P ] ; then
247 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-armel"
271 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-armel"
248 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcmrpi_defconfig}
272 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcmrpi_defconfig}
249 RELEASE_ARCH=${RELEASE_ARCH:=armel}
273 RELEASE_ARCH=${RELEASE_ARCH:=armel}
250 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel.img}
274 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel.img}
251 CROSS_COMPILE=${CROSS_COMPILE:=arm-linux-gnueabi-}
275 CROSS_COMPILE=${CROSS_COMPILE:=arm-linux-gnueabi-}
252 fi
276 fi
253
277
254 # Raspberry Pi model specific settings
278 # Raspberry Pi model specific settings
255 if [ "$RPI_MODEL" = 2 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then
279 if [ "$RPI_MODEL" = 2 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then
256 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-armhf"
280 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-armhf"
257 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcm2709_defconfig}
281 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcm2709_defconfig}
258 RELEASE_ARCH=${RELEASE_ARCH:=armhf}
282 RELEASE_ARCH=${RELEASE_ARCH:=armhf}
259 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel7.img}
283 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel7.img}
260 CROSS_COMPILE=${CROSS_COMPILE:=arm-linux-gnueabihf-}
284 CROSS_COMPILE=${CROSS_COMPILE:=arm-linux-gnueabihf-}
261 fi
285 fi
262 fi
286 fi
263 # SET_ARCH not set
287 # SET_ARCH not set
264 else
288 else
265 echo "error: Please set '32' or '64' as value for SET_ARCH"
289 echo "error: Please set '32' or '64' as value for SET_ARCH"
266 exit 1
290 exit 1
267 fi
291 fi
268 # Device specific configuration and U-Boot configuration
292 # Device specific configuration and U-Boot configuration
269 case "$RPI_MODEL" in
293 case "$RPI_MODEL" in
270 0)
294 0)
271 DTB_FILE=${DTB_FILE:=bcm2708-rpi-0-w.dtb}
295 DTB_FILE=${DTB_FILE:=bcm2708-rpi-0-w.dtb}
272 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_defconfig}
296 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_defconfig}
273 ;;
297 ;;
274 1)
298 1)
275 DTB_FILE=${DTB_FILE:=bcm2708-rpi-b.dtb}
299 DTB_FILE=${DTB_FILE:=bcm2708-rpi-b.dtb}
276 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_defconfig}
300 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_defconfig}
277 ;;
301 ;;
278 1P)
302 1P)
279 DTB_FILE=${DTB_FILE:=bcm2708-rpi-b-plus.dtb}
303 DTB_FILE=${DTB_FILE:=bcm2708-rpi-b-plus.dtb}
280 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_defconfig}
304 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_defconfig}
281 ;;
305 ;;
282 2)
306 2)
283 DTB_FILE=${DTB_FILE:=bcm2709-rpi-2-b.dtb}
307 DTB_FILE=${DTB_FILE:=bcm2709-rpi-2-b.dtb}
284 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_2_defconfig}
308 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_2_defconfig}
285 ;;
309 ;;
286 3)
310 3)
287 DTB_FILE=${DTB_FILE:=bcm2710-rpi-3-b.dtb}
311 DTB_FILE=${DTB_FILE:=bcm2710-rpi-3-b.dtb}
288 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_3_defconfig}
312 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_3_defconfig}
289 ;;
313 ;;
290 3P)
314 3P)
291 DTB_FILE=${DTB_FILE:=bcm2710-rpi-3-b.dtb}
315 DTB_FILE=${DTB_FILE:=bcm2710-rpi-3-b.dtb}
292 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_3_defconfig}
316 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_3_defconfig}
293 ;;
317 ;;
294 *)
318 *)
295 echo "error: Raspberry Pi model $RPI_MODEL is not supported!"
319 echo "error: Raspberry Pi model $RPI_MODEL is not supported!"
296 exit 1
320 exit 1
297 ;;
321 ;;
298 esac
322 esac
299
323
324 if [ "$ENABLE_UBOOTUSB" = true ] ; then
325 if [ "$ENABLE_UBOOT" = false ] ; then
326 echo "error: Enabling UBOOTUSB requires u-boot to be enabled"
327 exit 1
328 fi
329 if [ "$RPI_MODEL" != 3 ] || [ "$RPI_MODEL" != 3P ] ; then
330 echo "error: Enabling UBOOTUSB requires Raspberry 3"
331 exit 1
332 fi
333 fi
334
300 # Raspberry PI 0,3,3P with Bluetooth and Wifi onboard
335 # Raspberry PI 0,3,3P with Bluetooth and Wifi onboard
301 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then
336 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then
302 # Include bluetooth packages on supported boards
337 # Include bluetooth packages on supported boards
303 if [ "$ENABLE_BLUETOOTH" = true ] ; then
338 if [ "$ENABLE_BLUETOOTH" = true ] ; then
304 APT_INCLUDES="${APT_INCLUDES},bluetooth,bluez"
339 APT_INCLUDES="${APT_INCLUDES},bluetooth,bluez"
305 fi
340 fi
306 if [ "$ENABLE_WIRELESS" = true ] ; then
341 if [ "$ENABLE_WIRELESS" = true ] ; then
307 APT_INCLUDES="${APT_INCLUDES},wireless-tools,crda,wireless-regdb"
342 APT_INCLUDES="${APT_INCLUDES},wireless-tools,crda,wireless-regdb"
308 fi
343 fi
309 else # Raspberry PI 1,1P,2 without Wifi and bluetooth onboard
344 else # Raspberry PI 1,1P,2 without Wifi and bluetooth onboard
310 # Check if the internal wireless interface is not supported by the RPi model
345 # Check if the internal wireless interface is not supported by the RPi model
311 if [ "$ENABLE_WIRELESS" = true ] || [ "$ENABLE_BLUETOOTH" = true ]; then
346 if [ "$ENABLE_WIRELESS" = true ] || [ "$ENABLE_BLUETOOTH" = true ]; then
312 echo "error: The selected Raspberry Pi model has no integrated interface for wireless or bluetooth"
347 echo "error: The selected Raspberry Pi model has no integrated interface for wireless or bluetooth"
313 exit 1
348 exit 1
314 fi
349 fi
315 fi
350 fi
316
351
352 if [ "$BUILD_KERNEL" = false ] && [ "$ENABLE_NEXMON" = true ]; then
353 echo "error: You have to compile kernel sources, if you want to enable nexmon"
354 exit 1
355 fi
356
317 # Prepare date string for default image file name
357 # Prepare date string for default image file name
318 DATE="$(date +%Y-%m-%d)"
358 DATE="$(date +%Y-%m-%d)"
319 if [ -z "$KERNEL_BRANCH" ] ; then
359 if [ -z "$KERNEL_BRANCH" ] ; then
320 IMAGE_NAME=${IMAGE_NAME:=${BASEDIR}/${DATE}-${KERNEL_ARCH}-CURRENT-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}}
360 IMAGE_NAME=${IMAGE_NAME:=${BASEDIR}/${DATE}-${KERNEL_ARCH}-CURRENT-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}}
321 else
361 else
322 IMAGE_NAME=${IMAGE_NAME:=${BASEDIR}/${DATE}-${KERNEL_ARCH}-${KERNEL_BRANCH}-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}}
362 IMAGE_NAME=${IMAGE_NAME:=${BASEDIR}/${DATE}-${KERNEL_ARCH}-${KERNEL_BRANCH}-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}}
323 fi
363 fi
324
364
325 # Check if DISABLE_UNDERVOLT_WARNINGS parameter value is supported
365 # Check if DISABLE_UNDERVOLT_WARNINGS parameter value is supported
326 if [ -n "$DISABLE_UNDERVOLT_WARNINGS" ] ; then
366 if [ -n "$DISABLE_UNDERVOLT_WARNINGS" ] ; then
327 if [ "$DISABLE_UNDERVOLT_WARNINGS" != 1 ] && [ "$DISABLE_UNDERVOLT_WARNINGS" != 2 ] ; then
367 if [ "$DISABLE_UNDERVOLT_WARNINGS" != 1 ] && [ "$DISABLE_UNDERVOLT_WARNINGS" != 2 ] ; then
328 echo "error: DISABLE_UNDERVOLT_WARNINGS=${DISABLE_UNDERVOLT_WARNINGS} is not supported"
368 echo "error: DISABLE_UNDERVOLT_WARNINGS=${DISABLE_UNDERVOLT_WARNINGS} is not supported"
329 exit 1
369 exit 1
330 fi
370 fi
331 fi
371 fi
332
372
333 # Add cmake to compile videocore sources
373 # Add cmake to compile videocore sources
334 if [ "$ENABLE_VIDEOCORE" = true ] ; then
374 if [ "$ENABLE_VIDEOCORE" = true ] ; then
335 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} cmake"
375 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} cmake"
336 fi
376 fi
337
377
378 # Add deps for nexmon
379 if [ "$ENABLE_NEXMON" = true ] ; then
380 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} libgmp3-dev gawk qpdf bison flex make autoconf automake build-essential libtool"
381 fi
382
338 # Add libncurses5 to enable kernel menuconfig
383 # Add libncurses5 to enable kernel menuconfig
339 if [ "$KERNEL_MENUCONFIG" = true ] ; then
384 if [ "$KERNEL_MENUCONFIG" = true ] ; then
340 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} libncurses-dev"
385 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} libncurses-dev"
341 fi
386 fi
342
387
343 # Add ccache compiler cache for (faster) kernel cross (re)compilation
388 # Add ccache compiler cache for (faster) kernel cross (re)compilation
344 if [ "$KERNEL_CCACHE" = true ] ; then
389 if [ "$KERNEL_CCACHE" = true ] ; then
345 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} ccache"
390 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} ccache"
346 fi
391 fi
347
392
348 # Add cryptsetup package to enable filesystem encryption
393 # Add cryptsetup package to enable filesystem encryption
349 if [ "$ENABLE_CRYPTFS" = true ] && [ "$BUILD_KERNEL" = true ] ; then
394 if [ "$ENABLE_CRYPTFS" = true ] && [ "$BUILD_KERNEL" = true ] ; then
350 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} cryptsetup"
395 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} cryptsetup"
351 APT_INCLUDES="${APT_INCLUDES},cryptsetup,busybox,console-setup"
396 APT_INCLUDES="${APT_INCLUDES},cryptsetup,busybox,console-setup"
352
397
353 # If cryptfs,dropbear and initramfs are enabled include dropbear-initramfs package
398 # If cryptfs,dropbear and initramfs are enabled include dropbear-initramfs package
354 if [ "$CRYPTFS_DROPBEAR" = true ] && [ "$ENABLE_INITRAMFS" = true ]; then
399 if [ "$CRYPTFS_DROPBEAR" = true ] && [ "$ENABLE_INITRAMFS" = true ]; then
355 APT_INCLUDES="${APT_INCLUDES},dropbear-initramfs"
400 APT_INCLUDES="${APT_INCLUDES},dropbear-initramfs"
356 fi
401 fi
357
402
358 if [ -z "$CRYPTFS_PASSWORD" ] ; then
403 if [ -z "$CRYPTFS_PASSWORD" ] ; then
359 echo "error: no password defined (CRYPTFS_PASSWORD)!"
404 echo "error: no password defined (CRYPTFS_PASSWORD)!"
360 exit 1
405 exit 1
361 fi
406 fi
362 ENABLE_INITRAMFS=true
407 ENABLE_INITRAMFS=true
363 fi
408 fi
364
409
365 # Add initramfs generation tools
410 # Add initramfs generation tools
366 if [ "$ENABLE_INITRAMFS" = true ] && [ "$BUILD_KERNEL" = true ] ; then
411 if [ "$ENABLE_INITRAMFS" = true ] && [ "$BUILD_KERNEL" = true ] ; then
367 APT_INCLUDES="${APT_INCLUDES},initramfs-tools"
412 APT_INCLUDES="${APT_INCLUDES},initramfs-tools"
368 fi
413 fi
369
414
370 # Add device-tree-compiler required for building the U-Boot bootloader
415 # Add device-tree-compiler required for building the U-Boot bootloader
371 if [ "$ENABLE_UBOOT" = true ] ; then
416 if [ "$ENABLE_UBOOT" = true ] ; then
372 APT_INCLUDES="${APT_INCLUDES},device-tree-compiler,bison,flex,bc"
417 APT_INCLUDES="${APT_INCLUDES},device-tree-compiler,bison,flex,bc"
373 fi
418 fi
374
419
375 # Check if root SSH (v2) public key file exists
420 # Check if root SSH (v2) public key file exists
376 if [ -n "$SSH_ROOT_PUB_KEY" ] ; then
421 if [ -n "$SSH_ROOT_PUB_KEY" ] ; then
377 if [ ! -f "$SSH_ROOT_PUB_KEY" ] ; then
422 if [ ! -f "$SSH_ROOT_PUB_KEY" ] ; then
378 echo "error: '$SSH_ROOT_PUB_KEY' specified SSH public key file not found (SSH_ROOT_PUB_KEY)!"
423 echo "error: '$SSH_ROOT_PUB_KEY' specified SSH public key file not found (SSH_ROOT_PUB_KEY)!"
379 exit 1
424 exit 1
380 fi
425 fi
381 fi
426 fi
382
427
383 # Check if $USER_NAME SSH (v2) public key file exists
428 # Check if $USER_NAME SSH (v2) public key file exists
384 if [ -n "$SSH_USER_PUB_KEY" ] ; then
429 if [ -n "$SSH_USER_PUB_KEY" ] ; then
385 if [ ! -f "$SSH_USER_PUB_KEY" ] ; then
430 if [ ! -f "$SSH_USER_PUB_KEY" ] ; then
386 echo "error: '$SSH_USER_PUB_KEY' specified SSH public key file not found (SSH_USER_PUB_KEY)!"
431 echo "error: '$SSH_USER_PUB_KEY' specified SSH public key file not found (SSH_USER_PUB_KEY)!"
387 exit 1
432 exit 1
388 fi
433 fi
389 fi
434 fi
390
435
436 if [ "$ENABLE_NEXMON" = true ] && [ -n "$KERNEL_BRANCH" ] ; then
437 echo "error: Please unset KERNEL_BRANCH if using ENABLE_NEXMON"
438 exit 1
439 fi
440
391 # Check if all required packages are installed on the build system
441 # Check if all required packages are installed on the build system
392 for package in $REQUIRED_PACKAGES ; do
442 for package in $REQUIRED_PACKAGES ; do
393 if [ "$(dpkg-query -W -f='${Status}' "$package")" != "install ok installed" ] ; then
443 if [ "$(dpkg-query -W -f='${Status}' "$package")" != "install ok installed" ] ; then
394 MISSING_PACKAGES="${MISSING_PACKAGES} $package"
444 MISSING_PACKAGES="${MISSING_PACKAGES} $package"
395 fi
445 fi
396 done
446 done
397
447
398 # If there are missing packages ask confirmation for install, or exit
448 # If there are missing packages ask confirmation for install, or exit
399 if [ -n "$MISSING_PACKAGES" ] ; then
449 if [ -n "$MISSING_PACKAGES" ] ; then
400 echo "the following packages needed by this script are not installed:"
450 echo "the following packages needed by this script are not installed:"
401 echo "$MISSING_PACKAGES"
451 echo "$MISSING_PACKAGES"
402
452
403 printf "\ndo you want to install the missing packages right now? [y/n] "
453 printf "\ndo you want to install the missing packages right now? [y/n] "
404 read -r confirm
454 read -r confirm
405 [ "$confirm" != "y" ] && exit 1
455 [ "$confirm" != "y" ] && exit 1
406
456
407 # Make sure all missing required packages are installed
457 # Make sure all missing required packages are installed
408 apt-get -qq -y install `echo "${MISSING_PACKAGES}" | sed "s/ //"`
458 apt-get -qq -y install `echo "${MISSING_PACKAGES}" | sed "s/ //"`
409 fi
459 fi
410
460
411 # Check if ./bootstrap.d directory exists
461 # Check if ./bootstrap.d directory exists
412 if [ ! -d "./bootstrap.d/" ] ; then
462 if [ ! -d "./bootstrap.d/" ] ; then
413 echo "error: './bootstrap.d' required directory not found!"
463 echo "error: './bootstrap.d' required directory not found!"
414 exit 1
464 exit 1
415 fi
465 fi
416
466
417 # Check if ./files directory exists
467 # Check if ./files directory exists
418 if [ ! -d "./files/" ] ; then
468 if [ ! -d "./files/" ] ; then
419 echo "error: './files' required directory not found!"
469 echo "error: './files' required directory not found!"
420 exit 1
470 exit 1
421 fi
471 fi
422
472
423 # Check if specified KERNELSRC_DIR directory exists
473 # Check if specified KERNELSRC_DIR directory exists
424 if [ -n "$KERNELSRC_DIR" ] && [ ! -d "$KERNELSRC_DIR" ] ; then
474 if [ -n "$KERNELSRC_DIR" ] && [ ! -d "$KERNELSRC_DIR" ] ; then
425 echo "error: '${KERNELSRC_DIR}' specified directory not found (KERNELSRC_DIR)!"
475 echo "error: '${KERNELSRC_DIR}' specified directory not found (KERNELSRC_DIR)!"
426 exit 1
476 exit 1
427 fi
477 fi
428
478
429 # Check if specified UBOOTSRC_DIR directory exists
479 # Check if specified UBOOTSRC_DIR directory exists
430 if [ -n "$UBOOTSRC_DIR" ] && [ ! -d "$UBOOTSRC_DIR" ] ; then
480 if [ -n "$UBOOTSRC_DIR" ] && [ ! -d "$UBOOTSRC_DIR" ] ; then
431 echo "error: '${UBOOTSRC_DIR}' specified directory not found (UBOOTSRC_DIR)!"
481 echo "error: '${UBOOTSRC_DIR}' specified directory not found (UBOOTSRC_DIR)!"
432 exit 1
482 exit 1
433 fi
483 fi
434
484
435 # Check if specified VIDEOCORESRC_DIR directory exists
485 # Check if specified VIDEOCORESRC_DIR directory exists
436 if [ -n "$VIDEOCORESRC_DIR" ] && [ ! -d "$VIDEOCORESRC_DIR" ] ; then
486 if [ -n "$VIDEOCORESRC_DIR" ] && [ ! -d "$VIDEOCORESRC_DIR" ] ; then
437 echo "error: '${VIDEOCORESRC_DIR}' specified directory not found (VIDEOCORESRC_DIR)!"
487 echo "error: '${VIDEOCORESRC_DIR}' specified directory not found (VIDEOCORESRC_DIR)!"
438 exit 1
488 exit 1
439 fi
489 fi
440
490
441 # Check if specified FBTURBOSRC_DIR directory exists
491 # Check if specified FBTURBOSRC_DIR directory exists
442 if [ -n "$FBTURBOSRC_DIR" ] && [ ! -d "$FBTURBOSRC_DIR" ] ; then
492 if [ -n "$FBTURBOSRC_DIR" ] && [ ! -d "$FBTURBOSRC_DIR" ] ; then
443 echo "error: '${FBTURBOSRC_DIR}' specified directory not found (FBTURBOSRC_DIR)!"
493 echo "error: '${FBTURBOSRC_DIR}' specified directory not found (FBTURBOSRC_DIR)!"
444 exit 1
494 exit 1
445 fi
495 fi
446
496
497 # Check if specified NEXMONSRC_DIR directory exists
498 if [ -n "$NEXMONSRC_DIR" ] && [ ! -d "$NEXMONSRC_DIR" ] ; then
499 echo "error: '${NEXMONSRC_DIR}' specified directory not found (NEXMONSRC_DIR)!"
500 exit 1
501 fi
502
447 # Check if specified CHROOT_SCRIPTS directory exists
503 # Check if specified CHROOT_SCRIPTS directory exists
448 if [ -n "$CHROOT_SCRIPTS" ] && [ ! -d "$CHROOT_SCRIPTS" ] ; then
504 if [ -n "$CHROOT_SCRIPTS" ] && [ ! -d "$CHROOT_SCRIPTS" ] ; then
449 echo "error: ${CHROOT_SCRIPTS} specified directory not found (CHROOT_SCRIPTS)!"
505 echo "error: ${CHROOT_SCRIPTS} specified directory not found (CHROOT_SCRIPTS)!"
450 exit 1
506 exit 1
451 fi
507 fi
452
508
453 # Check if specified device mapping already exists (will be used by cryptsetup)
509 # Check if specified device mapping already exists (will be used by cryptsetup)
454 if [ -r "/dev/mapping/${CRYPTFS_MAPPING}" ] ; then
510 if [ -r "/dev/mapping/${CRYPTFS_MAPPING}" ] ; then
455 echo "error: mapping /dev/mapping/${CRYPTFS_MAPPING} already exists, not proceeding"
511 echo "error: mapping /dev/mapping/${CRYPTFS_MAPPING} already exists, not proceeding"
456 exit 1
512 exit 1
457 fi
513 fi
458
514
459 # Don't clobber an old build
515 # Don't clobber an old build
460 if [ -e "$BUILDDIR" ] ; then
516 if [ -e "$BUILDDIR" ] ; then
461 echo "error: directory ${BUILDDIR} already exists, not proceeding"
517 echo "error: directory ${BUILDDIR} already exists, not proceeding"
462 exit 1
518 exit 1
463 fi
519 fi
464
520
465 # Setup chroot directory
521 # Setup chroot directory
466 mkdir -p "${R}"
522 mkdir -p "${R}"
467
523
468 # Check if build directory has enough of free disk space >512MB
524 # Check if build directory has enough of free disk space >512MB
469 if [ "$(df --output=avail "${BUILDDIR}" | sed "1d")" -le "524288" ] ; then
525 if [ "$(df --output=avail "${BUILDDIR}" | sed "1d")" -le "524288" ] ; then
470 echo "error: ${BUILDDIR} not enough space left to generate the output image!"
526 echo "error: ${BUILDDIR} not enough space left to generate the output image!"
471 exit 1
527 exit 1
472 fi
528 fi
473
529
474 set -x
530 set -x
475
531
476 # Call "cleanup" function on various signals and errors
532 # Call "cleanup" function on various signals and errors
477 trap cleanup 0 1 2 3 6
533 trap cleanup 0 1 2 3 6
478
534
479 # Add required packages for the minbase installation
535 # Add required packages for the minbase installation
480 if [ "$ENABLE_MINBASE" = true ] ; then
536 if [ "$ENABLE_MINBASE" = true ] ; then
481 APT_INCLUDES="${APT_INCLUDES},vim-tiny,netbase,net-tools,ifupdown"
537 APT_INCLUDES="${APT_INCLUDES},vim-tiny,netbase,net-tools,ifupdown"
482 fi
538 fi
483
539
484 # Add parted package, required to get partprobe utility
540 # Add parted package, required to get partprobe utility
485 if [ "$EXPANDROOT" = true ] ; then
541 if [ "$EXPANDROOT" = true ] ; then
486 APT_INCLUDES="${APT_INCLUDES},parted"
542 APT_INCLUDES="${APT_INCLUDES},parted"
487 fi
543 fi
488
544
489 # Add dbus package, recommended if using systemd
545 # Add dbus package, recommended if using systemd
490 if [ "$ENABLE_DBUS" = true ] ; then
546 if [ "$ENABLE_DBUS" = true ] ; then
491 APT_INCLUDES="${APT_INCLUDES},dbus"
547 APT_INCLUDES="${APT_INCLUDES},dbus"
492 fi
548 fi
493
549
494 # Add iptables IPv4/IPv6 package
550 # Add iptables IPv4/IPv6 package
495 if [ "$ENABLE_IPTABLES" = true ] ; then
551 if [ "$ENABLE_IPTABLES" = true ] ; then
496 APT_INCLUDES="${APT_INCLUDES},iptables,iptables-persistent"
552 APT_INCLUDES="${APT_INCLUDES},iptables,iptables-persistent"
497 fi
553 fi
554 # Add apparmor for KERNEL_SECURITY
555 if [ "$KERNEL_SECURITY" = true ] ; then
556 APT_INCLUDES="${APT_INCLUDES},apparmor,apparmor-utils,apparmor-profiles,apparmor-profiles-extra,libapparmor-perl"
557 fi
498
558
499 # Add openssh server package
559 # Add openssh server package
500 if [ "$ENABLE_SSHD" = true ] ; then
560 if [ "$ENABLE_SSHD" = true ] ; then
501 APT_INCLUDES="${APT_INCLUDES},openssh-server"
561 APT_INCLUDES="${APT_INCLUDES},openssh-server"
502 fi
562 fi
503
563
504 # Add alsa-utils package
564 # Add alsa-utils package
505 if [ "$ENABLE_SOUND" = true ] ; then
565 if [ "$ENABLE_SOUND" = true ] ; then
506 APT_INCLUDES="${APT_INCLUDES},alsa-utils"
566 APT_INCLUDES="${APT_INCLUDES},alsa-utils"
507 fi
567 fi
508
568
509 # Add rng-tools package
569 # Add rng-tools package
510 if [ "$ENABLE_HWRANDOM" = true ] ; then
570 if [ "$ENABLE_HWRANDOM" = true ] ; then
511 APT_INCLUDES="${APT_INCLUDES},rng-tools"
571 APT_INCLUDES="${APT_INCLUDES},rng-tools"
512 fi
572 fi
513
573
514 # Add fbturbo video driver
574 # Add fbturbo video driver
515 if [ "$ENABLE_FBTURBO" = true ] ; then
575 if [ "$ENABLE_FBTURBO" = true ] ; then
516 # Enable xorg package dependencies
576 # Enable xorg package dependencies
517 ENABLE_XORG=true
577 ENABLE_XORG=true
518 fi
578 fi
519
579
520 # Add user defined window manager package
580 # Add user defined window manager package
521 if [ -n "$ENABLE_WM" ] ; then
581 if [ -n "$ENABLE_WM" ] ; then
522 APT_INCLUDES="${APT_INCLUDES},${ENABLE_WM}"
582 APT_INCLUDES="${APT_INCLUDES},${ENABLE_WM}"
523
583
524 # Enable xorg package dependencies
584 # Enable xorg package dependencies
525 ENABLE_XORG=true
585 ENABLE_XORG=true
526 fi
586 fi
527
587
528 # Add xorg package
588 # Add xorg package
529 if [ "$ENABLE_XORG" = true ] ; then
589 if [ "$ENABLE_XORG" = true ] ; then
530 APT_INCLUDES="${APT_INCLUDES},xorg,dbus-x11"
590 APT_INCLUDES="${APT_INCLUDES},xorg,dbus-x11"
531 fi
591 fi
532
592
533 # Replace selected packages with smaller clones
593 # Replace selected packages with smaller clones
534 if [ "$ENABLE_REDUCE" = true ] ; then
594 if [ "$ENABLE_REDUCE" = true ] ; then
535 # Add levee package instead of vim-tiny
595 # Add levee package instead of vim-tiny
536 if [ "$REDUCE_VIM" = true ] ; then
596 if [ "$REDUCE_VIM" = true ] ; then
537 APT_INCLUDES="$(echo ${APT_INCLUDES} | sed "s/vim-tiny/levee/")"
597 APT_INCLUDES="$(echo ${APT_INCLUDES} | sed "s/vim-tiny/levee/")"
538 fi
598 fi
539
599
540 # Add dropbear package instead of openssh-server
600 # Add dropbear package instead of openssh-server
541 if [ "$REDUCE_SSHD" = true ] ; then
601 if [ "$REDUCE_SSHD" = true ] ; then
542 APT_INCLUDES="$(echo "${APT_INCLUDES}" | sed "s/openssh-server/dropbear/")"
602 APT_INCLUDES="$(echo "${APT_INCLUDES}" | sed "s/openssh-server/dropbear/")"
543 fi
603 fi
544 fi
604 fi
545
605
546 # Configure systemd-sysv exclude to make halt/reboot/shutdown scripts available
606 # Configure systemd-sysv exclude to make halt/reboot/shutdown scripts available
547 if [ "$ENABLE_SYSVINIT" = false ] ; then
607 if [ "$ENABLE_SYSVINIT" = false ] ; then
548 APT_EXCLUDES="--exclude=${APT_EXCLUDES},init,systemd-sysv"
608 APT_EXCLUDES="--exclude=${APT_EXCLUDES},init,systemd-sysv"
549 fi
609 fi
550
610
551 # Check if kernel is getting compiled
552 if [ "$BUILD_KERNEL" = false ] ; then
553 echo "Downloading precompiled kernel"
554 echo "error: not configured"
555 exit 1;
556 # BUILD_KERNEL=true
557 else
558 echo "No precompiled kernel repositories were added"
559 fi
560
561 # Configure kernel sources if no KERNELSRC_DIR
611 # Configure kernel sources if no KERNELSRC_DIR
562 if [ "$BUILD_KERNEL" = true ] && [ -z "$KERNELSRC_DIR" ] ; then
612 if [ "$BUILD_KERNEL" = true ] && [ -z "$KERNELSRC_DIR" ] ; then
563 KERNELSRC_CONFIG=true
613 KERNELSRC_CONFIG=true
564 fi
614 fi
565
615
566 # Configure reduced kernel
616 # Configure reduced kernel
567 if [ "$KERNEL_REDUCE" = true ] ; then
617 if [ "$KERNEL_REDUCE" = true ] ; then
568 KERNELSRC_CONFIG=false
618 KERNELSRC_CONFIG=false
569 fi
619 fi
570
620
571 # Configure qemu compatible kernel
621 # Configure qemu compatible kernel
572 if [ "$ENABLE_QEMU" = true ] ; then
622 if [ "$ENABLE_QEMU" = true ] ; then
573 DTB_FILE=vexpress-v2p-ca15_a7.dtb
623 DTB_FILE=vexpress-v2p-ca15_a7.dtb
574 UBOOT_CONFIG=vexpress_ca15_tc2_defconfig
624 UBOOT_CONFIG=vexpress_ca15_tc2_defconfig
575 KERNEL_DEFCONFIG="vexpress_defconfig"
625 KERNEL_DEFCONFIG="vexpress_defconfig"
576 if [ "$KERNEL_MENUCONFIG" = false ] ; then
626 if [ "$KERNEL_MENUCONFIG" = false ] ; then
577 KERNEL_OLDDEFCONFIG=true
627 KERNEL_OLDDEFCONFIG=true
578 fi
628 fi
579 fi
629 fi
580
630
581 # Execute bootstrap scripts
631 # Execute bootstrap scripts
582 for SCRIPT in bootstrap.d/*.sh; do
632 for SCRIPT in bootstrap.d/*.sh; do
583 head -n 3 "$SCRIPT"
633 head -n 3 "$SCRIPT"
584 . "$SCRIPT"
634 . "$SCRIPT"
585 done
635 done
586
636
587 ## Execute custom bootstrap scripts
637 ## Execute custom bootstrap scripts
588 if [ -d "custom.d" ] ; then
638 if [ -d "custom.d" ] ; then
589 for SCRIPT in custom.d/*.sh; do
639 for SCRIPT in custom.d/*.sh; do
590 . "$SCRIPT"
640 . "$SCRIPT"
591 done
641 done
592 fi
642 fi
593
643
594 # Execute custom scripts inside the chroot
644 # Execute custom scripts inside the chroot
595 if [ -n "$CHROOT_SCRIPTS" ] && [ -d "$CHROOT_SCRIPTS" ] ; then
645 if [ -n "$CHROOT_SCRIPTS" ] && [ -d "$CHROOT_SCRIPTS" ] ; then
596 cp -r "${CHROOT_SCRIPTS}" "${R}/chroot_scripts"
646 cp -r "${CHROOT_SCRIPTS}" "${R}/chroot_scripts"
597 chroot_exec /bin/bash -x <<'EOF'
647 chroot_exec /bin/bash -x <<'EOF'
598 for SCRIPT in /chroot_scripts/* ; do
648 for SCRIPT in /chroot_scripts/* ; do
599 if [ -f $SCRIPT -a -x $SCRIPT ] ; then
649 if [ -f $SCRIPT -a -x $SCRIPT ] ; then
600 $SCRIPT
650 $SCRIPT
601 fi
651 fi
602 done
652 done
603 EOF
653 EOF
604 rm -rf "${R}/chroot_scripts"
654 rm -rf "${R}/chroot_scripts"
605 fi
655 fi
606
656
607 # Remove c/c++ build environment from the chroot
657 # Remove c/c++ build environment from the chroot
608 chroot_remove_cc
658 chroot_remove_cc
609
659
610 # Generate required machine-id
660 # Generate required machine-id
611 MACHINE_ID=$(dbus-uuidgen)
661 MACHINE_ID=$(dbus-uuidgen)
612 echo -n "${MACHINE_ID}" > "${R}/var/lib/dbus/machine-id"
662 echo -n "${MACHINE_ID}" > "${R}/var/lib/dbus/machine-id"
613 echo -n "${MACHINE_ID}" > "${ETC_DIR}/machine-id"
663 echo -n "${MACHINE_ID}" > "${ETC_DIR}/machine-id"
614
664
615 # APT Cleanup
665 # APT Cleanup
616 chroot_exec apt-get -y clean
666 chroot_exec apt-get -y clean
617 chroot_exec apt-get -y autoclean
667 chroot_exec apt-get -y autoclean
618 chroot_exec apt-get -y autoremove
668 chroot_exec apt-get -y autoremove
619
669
620 # Unmount mounted filesystems
670 # Unmount mounted filesystems
621 umount -l "${R}/proc"
671 umount -l "${R}/proc"
622 umount -l "${R}/sys"
672 umount -l "${R}/sys"
623
673
624 # Clean up directories
674 # Clean up directories
625 rm -rf "${R}/run/*"
675 rm -rf "${R}/run/*"
626 rm -rf "${R}/tmp/*"
676 rm -rf "${R}/tmp/*"
627
677
628 # Clean up files
678 # Clean up files
629 rm -f "${ETC_DIR}/ssh/ssh_host_*"
679 rm -f "${ETC_DIR}/ssh/ssh_host_*"
630 rm -f "${ETC_DIR}/dropbear/dropbear_*"
680 rm -f "${ETC_DIR}/dropbear/dropbear_*"
631 rm -f "${ETC_DIR}/apt/sources.list.save"
681 rm -f "${ETC_DIR}/apt/sources.list.save"
632 rm -f "${ETC_DIR}/resolvconf/resolv.conf.d/original"
682 rm -f "${ETC_DIR}/resolvconf/resolv.conf.d/original"
633 rm -f "${ETC_DIR}/*-"
683 rm -f "${ETC_DIR}/*-"
634 rm -f "${ETC_DIR}/apt/apt.conf.d/10proxy"
684 rm -f "${ETC_DIR}/apt/apt.conf.d/10proxy"
635 rm -f "${ETC_DIR}/resolv.conf"
685 rm -f "${ETC_DIR}/resolv.conf"
636 rm -f "${R}/root/.bash_history"
686 rm -f "${R}/root/.bash_history"
637 rm -f "${R}/var/lib/urandom/random-seed"
687 rm -f "${R}/var/lib/urandom/random-seed"
638 rm -f "${R}/initrd.img"
688 rm -f "${R}/initrd.img"
639 rm -f "${R}/vmlinuz"
689 rm -f "${R}/vmlinuz"
640 rm -f "${R}${QEMU_BINARY}"
690 rm -f "${R}${QEMU_BINARY}"
641
691
642 if [ "$ENABLE_QEMU" = true ] ; then
692 if [ "$ENABLE_QEMU" = true ] ; then
643 # Setup QEMU directory
693 # Setup QEMU directory
644 mkdir "${BASEDIR}/qemu"
694 mkdir "${BASEDIR}/qemu"
645
695
646 # Copy kernel image to QEMU directory
696 # Copy kernel image to QEMU directory
647 install_readonly "${BOOT_DIR}/${KERNEL_IMAGE}" "${BASEDIR}/qemu/${KERNEL_IMAGE}"
697 install_readonly "${BOOT_DIR}/${KERNEL_IMAGE}" "${BASEDIR}/qemu/${KERNEL_IMAGE}"
648
698
649 # Copy kernel config to QEMU directory
699 # Copy kernel config to QEMU directory
650 install_readonly "${R}/boot/config-${KERNEL_VERSION}" "${BASEDIR}/qemu/config-${KERNEL_VERSION}"
700 install_readonly "${R}/boot/config-${KERNEL_VERSION}" "${BASEDIR}/qemu/config-${KERNEL_VERSION}"
651
701
652 # Copy kernel dtbs to QEMU directory
702 # Copy kernel dtbs to QEMU directory
653 for dtb in "${BOOT_DIR}/"*.dtb ; do
703 for dtb in "${BOOT_DIR}/"*.dtb ; do
654 if [ -f "${dtb}" ] ; then
704 if [ -f "${dtb}" ] ; then
655 install_readonly "${dtb}" "${BASEDIR}/qemu/"
705 install_readonly "${dtb}" "${BASEDIR}/qemu/"
656 fi
706 fi
657 done
707 done
658
708
659 # Copy kernel overlays to QEMU directory
709 # Copy kernel overlays to QEMU directory
660 if [ -d "${BOOT_DIR}/overlays" ] ; then
710 if [ -d "${BOOT_DIR}/overlays" ] ; then
661 # Setup overlays dtbs directory
711 # Setup overlays dtbs directory
662 mkdir "${BASEDIR}/qemu/overlays"
712 mkdir "${BASEDIR}/qemu/overlays"
663
713
664 for dtb in "${BOOT_DIR}/overlays/"*.dtb ; do
714 for dtb in "${BOOT_DIR}/overlays/"*.dtb ; do
665 if [ -f "${dtb}" ] ; then
715 if [ -f "${dtb}" ] ; then
666 install_readonly "${dtb}" "${BASEDIR}/qemu/overlays/"
716 install_readonly "${dtb}" "${BASEDIR}/qemu/overlays/"
667 fi
717 fi
668 done
718 done
669 fi
719 fi
670
720
671 # Copy u-boot files to QEMU directory
721 # Copy u-boot files to QEMU directory
672 if [ "$ENABLE_UBOOT" = true ] ; then
722 if [ "$ENABLE_UBOOT" = true ] ; then
673 if [ -f "${BOOT_DIR}/u-boot.bin" ] ; then
723 if [ -f "${BOOT_DIR}/u-boot.bin" ] ; then
674 install_readonly "${BOOT_DIR}/u-boot.bin" "${BASEDIR}/qemu/u-boot.bin"
724 install_readonly "${BOOT_DIR}/u-boot.bin" "${BASEDIR}/qemu/u-boot.bin"
675 fi
725 fi
676 if [ -f "${BOOT_DIR}/uboot.mkimage" ] ; then
726 if [ -f "${BOOT_DIR}/uboot.mkimage" ] ; then
677 install_readonly "${BOOT_DIR}/uboot.mkimage" "${BASEDIR}/qemu/uboot.mkimage"
727 install_readonly "${BOOT_DIR}/uboot.mkimage" "${BASEDIR}/qemu/uboot.mkimage"
678 fi
728 fi
679 if [ -f "${BOOT_DIR}/boot.scr" ] ; then
729 if [ -f "${BOOT_DIR}/boot.scr" ] ; then
680 install_readonly "${BOOT_DIR}/boot.scr" "${BASEDIR}/qemu/boot.scr"
730 install_readonly "${BOOT_DIR}/boot.scr" "${BASEDIR}/qemu/boot.scr"
681 fi
731 fi
682 fi
732 fi
683
733
684 # Copy initramfs to QEMU directory
734 # Copy initramfs to QEMU directory
685 if [ -f "${BOOT_DIR}/initramfs-${KERNEL_VERSION}" ] ; then
735 if [ -f "${BOOT_DIR}/initramfs-${KERNEL_VERSION}" ] ; then
686 install_readonly "${BOOT_DIR}/initramfs-${KERNEL_VERSION}" "${BASEDIR}/qemu/initramfs-${KERNEL_VERSION}"
736 install_readonly "${BOOT_DIR}/initramfs-${KERNEL_VERSION}" "${BASEDIR}/qemu/initramfs-${KERNEL_VERSION}"
687 fi
737 fi
688 fi
738 fi
689
739
690 # Calculate size of the chroot directory in KB
740 # Calculate size of the chroot directory in KB
691 CHROOT_SIZE=$(expr "$(du -s "${R}" | awk '{ print $1 }')")
741 CHROOT_SIZE=$(expr "$(du -s "${R}" | awk '{ print $1 }')")
692
742
693 # Calculate the amount of needed 512 Byte sectors
743 # Calculate the amount of needed 512 Byte sectors
694 TABLE_SECTORS=$(expr 1 \* 1024 \* 1024 \/ 512)
744 TABLE_SECTORS=$(expr 1 \* 1024 \* 1024 \/ 512)
695 FRMW_SECTORS=$(expr 64 \* 1024 \* 1024 \/ 512)
745 FRMW_SECTORS=$(expr 64 \* 1024 \* 1024 \/ 512)
696 ROOT_OFFSET=$(expr "${TABLE_SECTORS}" + "${FRMW_SECTORS}")
746 ROOT_OFFSET=$(expr "${TABLE_SECTORS}" + "${FRMW_SECTORS}")
697
747
698 # The root partition is EXT4
748 # The root partition is EXT4
699 # This means more space than the actual used space of the chroot is used.
749 # This means more space than the actual used space of the chroot is used.
700 # As overhead for journaling and reserved blocks 35% are added.
750 # As overhead for journaling and reserved blocks 35% are added.
701 ROOT_SECTORS=$(expr "$(expr "${CHROOT_SIZE}" + "${CHROOT_SIZE}" \/ 100 \* 35)" \* 1024 \/ 512)
751 ROOT_SECTORS=$(expr "$(expr "${CHROOT_SIZE}" + "${CHROOT_SIZE}" \/ 100 \* 35)" \* 1024 \/ 512)
702
752
703 # Calculate required image size in 512 Byte sectors
753 # Calculate required image size in 512 Byte sectors
704 IMAGE_SECTORS=$(expr "${TABLE_SECTORS}" + "${FRMW_SECTORS}" + "${ROOT_SECTORS}")
754 IMAGE_SECTORS=$(expr "${TABLE_SECTORS}" + "${FRMW_SECTORS}" + "${ROOT_SECTORS}")
705
755
706 # Prepare image file
756 # Prepare image file
707 if [ "$ENABLE_SPLITFS" = true ] ; then
757 if [ "$ENABLE_SPLITFS" = true ] ; then
708 dd if=/dev/zero of="$IMAGE_NAME-frmw.img" bs=512 count="${TABLE_SECTORS}"
758 dd if=/dev/zero of="$IMAGE_NAME-frmw.img" bs=512 count="${TABLE_SECTORS}"
709 dd if=/dev/zero of="$IMAGE_NAME-frmw.img" bs=512 count=0 seek="${FRMW_SECTORS}"
759 dd if=/dev/zero of="$IMAGE_NAME-frmw.img" bs=512 count=0 seek="${FRMW_SECTORS}"
710 dd if=/dev/zero of="$IMAGE_NAME-root.img" bs=512 count="${TABLE_SECTORS}"
760 dd if=/dev/zero of="$IMAGE_NAME-root.img" bs=512 count="${TABLE_SECTORS}"
711 dd if=/dev/zero of="$IMAGE_NAME-root.img" bs=512 count=0 seek="${ROOT_SECTORS}"
761 dd if=/dev/zero of="$IMAGE_NAME-root.img" bs=512 count=0 seek="${ROOT_SECTORS}"
712
762
713 # Write firmware/boot partition tables
763 # Write firmware/boot partition tables
714 sfdisk -q -L -uS -f "$IMAGE_NAME-frmw.img" 2> /dev/null <<EOM
764 sfdisk -q -L -uS -f "$IMAGE_NAME-frmw.img" 2> /dev/null <<EOM
715 ${TABLE_SECTORS},${FRMW_SECTORS},c,*
765 ${TABLE_SECTORS},${FRMW_SECTORS},c,*
716 EOM
766 EOM
717
767
718 # Write root partition table
768 # Write root partition table
719 sfdisk -q -L -uS -f "$IMAGE_NAME-root.img" 2> /dev/null <<EOM
769 sfdisk -q -L -uS -f "$IMAGE_NAME-root.img" 2> /dev/null <<EOM
720 ${TABLE_SECTORS},${ROOT_SECTORS},83
770 ${TABLE_SECTORS},${ROOT_SECTORS},83
721 EOM
771 EOM
722
772
723 # Setup temporary loop devices
773 # Setup temporary loop devices
724 FRMW_LOOP="$(losetup -o 1M --sizelimit 64M -f --show "$IMAGE_NAME"-frmw.img)"
774 FRMW_LOOP="$(losetup -o 1M --sizelimit 64M -f --show "$IMAGE_NAME"-frmw.img)"
725 ROOT_LOOP="$(losetup -o 1M -f --show "$IMAGE_NAME"-root.img)"
775 ROOT_LOOP="$(losetup -o 1M -f --show "$IMAGE_NAME"-root.img)"
726 else # ENABLE_SPLITFS=false
776 else # ENABLE_SPLITFS=false
727 dd if=/dev/zero of="$IMAGE_NAME.img" bs=512 count="${TABLE_SECTORS}"
777 dd if=/dev/zero of="$IMAGE_NAME.img" bs=512 count="${TABLE_SECTORS}"
728 dd if=/dev/zero of="$IMAGE_NAME.img" bs=512 count=0 seek="${IMAGE_SECTORS}"
778 dd if=/dev/zero of="$IMAGE_NAME.img" bs=512 count=0 seek="${IMAGE_SECTORS}"
729
779
730 # Write partition table
780 # Write partition table
731 sfdisk -q -L -uS -f "$IMAGE_NAME.img" 2> /dev/null <<EOM
781 sfdisk -q -L -uS -f "$IMAGE_NAME.img" 2> /dev/null <<EOM
732 ${TABLE_SECTORS},${FRMW_SECTORS},c,*
782 ${TABLE_SECTORS},${FRMW_SECTORS},c,*
733 ${ROOT_OFFSET},${ROOT_SECTORS},83
783 ${ROOT_OFFSET},${ROOT_SECTORS},83
734 EOM
784 EOM
735
785
736 # Setup temporary loop devices
786 # Setup temporary loop devices
737 FRMW_LOOP="$(losetup -o 1M --sizelimit 64M -f --show "$IMAGE_NAME".img)"
787 FRMW_LOOP="$(losetup -o 1M --sizelimit 64M -f --show "$IMAGE_NAME".img)"
738 ROOT_LOOP="$(losetup -o 65M -f --show "$IMAGE_NAME".img)"
788 ROOT_LOOP="$(losetup -o 65M -f --show "$IMAGE_NAME".img)"
739 fi
789 fi
740
790
741 if [ "$ENABLE_CRYPTFS" = true ] ; then
791 if [ "$ENABLE_CRYPTFS" = true ] ; then
742 # Create dummy ext4 fs
792 # Create dummy ext4 fs
743 mkfs.ext4 "$ROOT_LOOP"
793 mkfs.ext4 "$ROOT_LOOP"
744
794
745 # Setup password keyfile
795 # Setup password keyfile
746 touch .password
796 touch .password
747 chmod 600 .password
797 chmod 600 .password
748 echo -n ${CRYPTFS_PASSWORD} > .password
798 echo -n ${CRYPTFS_PASSWORD} > .password
749
799
750 # Initialize encrypted partition
800 # Initialize encrypted partition
751 echo "YES" | cryptsetup luksFormat "${ROOT_LOOP}" -c "${CRYPTFS_CIPHER}" -s "${CRYPTFS_XTSKEYSIZE}" .password
801 echo "YES" | cryptsetup luksFormat "${ROOT_LOOP}" -c "${CRYPTFS_CIPHER}" -s "${CRYPTFS_XTSKEYSIZE}" .password
752
802
753 # Open encrypted partition and setup mapping
803 # Open encrypted partition and setup mapping
754 cryptsetup luksOpen "${ROOT_LOOP}" -d .password "${CRYPTFS_MAPPING}"
804 cryptsetup luksOpen "${ROOT_LOOP}" -d .password "${CRYPTFS_MAPPING}"
755
805
756 # Secure delete password keyfile
806 # Secure delete password keyfile
757 shred -zu .password
807 shred -zu .password
758
808
759 # Update temporary loop device
809 # Update temporary loop device
760 ROOT_LOOP="/dev/mapper/${CRYPTFS_MAPPING}"
810 ROOT_LOOP="/dev/mapper/${CRYPTFS_MAPPING}"
761
811
762 # Wipe encrypted partition (encryption cipher is used for randomness)
812 # Wipe encrypted partition (encryption cipher is used for randomness)
763 dd if=/dev/zero of="${ROOT_LOOP}" bs=512 count="$(blockdev --getsz "${ROOT_LOOP}")"
813 dd if=/dev/zero of="${ROOT_LOOP}" bs=512 count="$(blockdev --getsz "${ROOT_LOOP}")"
764 fi
814 fi
765
815
766 # Build filesystems
816 # Build filesystems
767 mkfs.vfat "$FRMW_LOOP"
817 mkfs.vfat "$FRMW_LOOP"
768 mkfs.ext4 "$ROOT_LOOP"
818 mkfs.ext4 "$ROOT_LOOP"
769
819
770 # Mount the temporary loop devices
820 # Mount the temporary loop devices
771 mkdir -p "$BUILDDIR/mount"
821 mkdir -p "$BUILDDIR/mount"
772 mount "$ROOT_LOOP" "$BUILDDIR/mount"
822 mount "$ROOT_LOOP" "$BUILDDIR/mount"
773
823
774 mkdir -p "$BUILDDIR/mount/boot/firmware"
824 mkdir -p "$BUILDDIR/mount/boot/firmware"
775 mount "$FRMW_LOOP" "$BUILDDIR/mount/boot/firmware"
825 mount "$FRMW_LOOP" "$BUILDDIR/mount/boot/firmware"
776
826
777 # Copy all files from the chroot to the loop device mount point directory
827 # Copy all files from the chroot to the loop device mount point directory
778 rsync -a "${R}/" "$BUILDDIR/mount/"
828 rsync -a "${R}/" "$BUILDDIR/mount/"
779
829
780 # Unmount all temporary loop devices and mount points
830 # Unmount all temporary loop devices and mount points
781 cleanup
831 cleanup
782
832
783 # Create block map file(s) of image(s)
833 # Create block map file(s) of image(s)
784 if [ "$ENABLE_SPLITFS" = true ] ; then
834 if [ "$ENABLE_SPLITFS" = true ] ; then
785 # Create block map files for "bmaptool"
835 # Create block map files for "bmaptool"
786 bmaptool create -o "$IMAGE_NAME-frmw.bmap" "$IMAGE_NAME-frmw.img"
836 bmaptool create -o "$IMAGE_NAME-frmw.bmap" "$IMAGE_NAME-frmw.img"
787 bmaptool create -o "$IMAGE_NAME-root.bmap" "$IMAGE_NAME-root.img"
837 bmaptool create -o "$IMAGE_NAME-root.bmap" "$IMAGE_NAME-root.img"
788
838
789 # Image was successfully created
839 # Image was successfully created
790 echo "$IMAGE_NAME-frmw.img ($(expr \( "${TABLE_SECTORS}" + "${FRMW_SECTORS}" \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
840 echo "$IMAGE_NAME-frmw.img ($(expr \( "${TABLE_SECTORS}" + "${FRMW_SECTORS}" \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
791 echo "$IMAGE_NAME-root.img ($(expr \( "${TABLE_SECTORS}" + "${ROOT_SECTORS}" \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
841 echo "$IMAGE_NAME-root.img ($(expr \( "${TABLE_SECTORS}" + "${ROOT_SECTORS}" \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
792 else
842 else
793 # Create block map file for "bmaptool"
843 # Create block map file for "bmaptool"
794 bmaptool create -o "$IMAGE_NAME.bmap" "$IMAGE_NAME.img"
844 bmaptool create -o "$IMAGE_NAME.bmap" "$IMAGE_NAME.img"
795
845
796 # Image was successfully created
846 # Image was successfully created
797 echo "$IMAGE_NAME.img ($(expr \( "${TABLE_SECTORS}" + "${FRMW_SECTORS}" + "${ROOT_SECTORS}" \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
847 echo "$IMAGE_NAME.img ($(expr \( "${TABLE_SECTORS}" + "${FRMW_SECTORS}" + "${ROOT_SECTORS}" \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
798
848
799 # Create qemu qcow2 image
849 # Create qemu qcow2 image
800 if [ "$ENABLE_QEMU" = true ] ; then
850 if [ "$ENABLE_QEMU" = true ] ; then
801 QEMU_IMAGE=${QEMU_IMAGE:=${BASEDIR}/qemu/${DATE}-${KERNEL_ARCH}-CURRENT-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}}
851 QEMU_IMAGE=${QEMU_IMAGE:=${BASEDIR}/qemu/${DATE}-${KERNEL_ARCH}-CURRENT-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}}
802 QEMU_SIZE=16G
852 QEMU_SIZE=16G
803
853
804 qemu-img convert -f raw -O qcow2 "$IMAGE_NAME".img "$QEMU_IMAGE".qcow2
854 qemu-img convert -f raw -O qcow2 "$IMAGE_NAME".img "$QEMU_IMAGE".qcow2
805 qemu-img resize "$QEMU_IMAGE".qcow2 $QEMU_SIZE
855 qemu-img resize "$QEMU_IMAGE".qcow2 $QEMU_SIZE
806
856
807 echo "$QEMU_IMAGE.qcow2 ($QEMU_SIZE)" ": successfully created"
857 echo "$QEMU_IMAGE.qcow2 ($QEMU_SIZE)" ": successfully created"
808 fi
858 fi
809 fi
859 fi
General Comments 0
Vous devez vous connecter pour laisser un commentaire. Se connecter maintenant