##// END OF EJS Templates
Raspi2-3_GenImage
RSS

Cloner depuis https://github.com/drtyhlpr/rpi23-gen-image.git

Merge pull request #170 from burnbabyburn/Kernelfeatures...
drtyhlpr -
r529:1089e193990f Fusion
parent child
Show More
Show file before | Show file after | Hide comments
@@ -0,0 +1,97
1 #!/bin/sh
2 #
3 # Build and Setup nexmon with monitor mode patch
4 #
5
6 # Load utility functions
7 . ./functions.sh
8
9 if [ "$ENABLE_NEXMON" = true ] && [ "$ENABLE_WIRELESS" = true ]; then
10 # Copy existing nexmon sources into chroot directory
11 if [ -n "$NEXMONSRC_DIR" ] && [ -d "$NEXMONSRC_DIR" ] ; then
12 # Copy local U-Boot sources
13 cp -r "${NEXMONSRC_DIR}" "${R}/tmp"
14 else
15 # Create temporary directory for nexmon sources
16 temp_dir=$(as_nobody mktemp -d)
17
18 # Fetch nexmon sources
19 as_nobody git -C "${temp_dir}" clone "${NEXMON_URL}"
20
21 # Copy downloaded nexmon sources
22 mv "${temp_dir}/nexmon" "${R}"/tmp/
23
24 # Set permissions of the nexmon sources
25 chown -R root:root "${R}"/tmp/nexmon
26
27 # Remove temporary directory for nexmon sources
28 rm -fr "${temp_dir}"
29 fi
30
31 # Set script Root
32 export NEXMON_ROOT="${R}"/tmp/nexmon
33
34 # Build nexmon firmware outside the build system, if we can.
35 cd "${NEXMON_ROOT}" || exit
36
37 # Make ancient isl build
38 cd buildtools/isl-0.10 || exit
39 ./configure
40 make
41 cd ../.. || exit
42
43 # Disable statistics
44 touch DISABLE_STATISTICS
45
46 # Setup Enviroment: see https://github.com/NoobieDog/nexmon/blob/master/setup_env.sh
47 export KERNEL="${KERNEL_IMAGE}"
48 export ARCH=arm
49 export SUBARCH=arm
50 export CC="${NEXMON_ROOT}"/buildtools/gcc-arm-none-eabi-5_4-2016q2-linux-x86/bin/arm-none-eabi-
51 export CC="${CC}"gcc
52 export CCPLUGIN="${NEXMON_ROOT}"/buildtools/gcc-nexmon-plugin/nexmon.so
53 export ZLIBFLATE="zlib-flate -compress"
54 export Q=@
55 export NEXMON_SETUP_ENV=1
56 export HOSTUNAME=$(uname -s)
57 export PLATFORMUNAME=$(uname -m)
58
59 # Make nexmon
60 make
61
62 # build patches
63 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 3 ] ; then
64 cd "${NEXMON_ROOT}"/patches/bcm43430a1/7_45_41_46/nexmon || exit
65 sed -i -e 's/all:.*/all: $(RAM_FILE)/g' ${NEXMON_ROOT}/patches/bcm43430a1/7_45_41_46/nexmon/Makefile
66 make clean
67
68 # We do this so we don't have to install the ancient isl version into /usr/local/lib on systems.
69 LD_LIBRARY_PATH="${NEXMON_ROOT}"/buildtools/isl-0.10/.libs make ARCH="${KERNEL_ARCH}" CC="${NEXMON_ROOT}"/buildtools/gcc-arm-none-eabi-5_4-2016q2-linux-x86/bin/arm-none-eabi-
70
71 # copy RPi0W & RPi3 firmware
72 mv "${WLAN_FIRMWARE_DIR}"/brcmfmac43430-sdio.bin "${WLAN_FIRMWARE_DIR}"/brcmfmac43430-sdio.org.bin
73 cp "${NEXMON_ROOT}"/patches/bcm43430a1/7_45_41_46/nexmon/brcmfmac43430-sdio.bin "${WLAN_FIRMWARE_DIR}"/brcmfmac43430-sdio.nexmon.bin
74 cp -f "${NEXMON_ROOT}"/patches/bcm43430a1/7_45_41_46/nexmon/brcmfmac43430-sdio.bin "${WLAN_FIRMWARE_DIR}"/brcmfmac43430-sdio.bin
75 fi
76
77 if [ "$RPI_MODEL" = 3P ] ; then
78 cd "${NEXMON_ROOT}"/patches/bcm43455c0/7_45_154/nexmon || exit
79 sed -i -e 's/all:.*/all: $(RAM_FILE)/g' ${NEXMON_ROOT}/patches/bcm43455c0/7_45_154/nexmon/Makefile
80 make clean
81
82 # We do this so we don't have to install the ancient isl version into /usr/local/lib on systems.
83 LD_LIBRARY_PATH=${NEXMON_ROOT}/buildtools/isl-0.10/.libs make ARCH="${KERNEL_ARCH}" CC="${NEXMON_ROOT}"/buildtools/gcc-arm-none-eabi-5_4-2016q2-linux-x86/bin/arm-none-eabi-
84
85 # RPi3B+ firmware
86 mv "${WLAN_FIRMWARE_DIR}"/brcmfmac43455-sdio.bin "${WLAN_FIRMWARE_DIR}"/brcmfmac43455-sdio.org.bin
87 cp "${NEXMON_ROOT}"/patches/bcm43455c0/7_45_154/nexmon/brcmfmac43455-sdio.bin "${WLAN_FIRMWARE_DIR}"/brcmfmac43455-sdio.nexmon.bin
88 cp -f "${NEXMON_ROOT}"/patches/bcm43455c0/7_45_154/nexmon/brcmfmac43455-sdio.bin "${WLAN_FIRMWARE_DIR}"/brcmfmac43455-sdio.bin
89 fi
90
91 #Revert to previous directory
92 cd "${WORKDIR}" || exit
93
94 # Remove nexmon sources
95 rm -fr "${NEXMON_ROOT}"
96
97 fi
Show file before | Show file after | Hide comments
@@ -210,6 +210,9 Support for halt,init,poweroff,reboot,runlevel,shutdown,telinit commands
210 210 ---
211 211
212 212 #### Advanced system features:
213 ##### `ENABLE_SYSTEMDSWAP`=false
214 Enables [Systemd-swap service](https://github.com/Nefelim4ag/systemd-swap). Usefull if `KERNEL_ZSWAP` is enabled.
215
213 216 ##### `ENABLE_MINBASE`=false
214 217 Use debootstrap script variant `minbase` which only includes essential packages and apt. This will reduce the disk usage by about 65 MB.
215 218
@@ -234,6 +237,12 Install and enable the [ARM side libraries for interfacing to Raspberry Pi GPU](
234 237 ##### `VIDEOCORESRC_DIR`=""
235 238 Path to a directory (`userland`) of [ARM side libraries for interfacing to Raspberry Pi GPU](https://github.com/raspberrypi/userland) that will be copied, configured, build and installed inside the chroot.
236 239
240 ##### `ENABLE_NEXMON`=false
241 Install and enable the [Source code for a C-based firmware patching framework for Broadcom/Cypress WiFi chips that enables you to write your own firmware patches, for example, to enable monitor mode with radiotap headers and frame injection](https://github.com/seemoo-lab/nexmon.git).
242
243 ##### `NEXMONSRC_DIR`=""
244 Path to a directory (`nexmon`) of [Source code for ARM side libraries for interfacing to Raspberry Pi GPU](https://github.com/raspberrypi/userland) that will be copied, configured, build and installed inside the chroot.
245
237 246 ##### `ENABLE_IPTABLES`=false
238 247 Enable iptables IPv4/IPv6 firewall. Simplified ruleset: Allow all outgoing connections. Block all incoming connections except to OpenSSH service.
239 248
@@ -345,6 +354,23 With this parameter set to true the script expects the existing kernel sources d
345 354 ##### `RPI_FIRMWARE_DIR`=""
346 355 The directory (`firmware`) containing a local copy of the firmware from the [RaspberryPi firmware project](https://github.com/raspberrypi/firmware). Default is to download the latest firmware directly from the project.
347 356
357 ##### `KERNEL_DEFAULT_GOV`="ONDEMAND"
358 Set the default cpu governor at kernel compilation. Supported values are: PERFORMANCE POWERSAVE USERSPACE ONDEMAND CONSERVATIVE SCHEDUTIL
359
360 ##### `KERNEL_NF`=false
361 Enable Netfilter modules as kernel modules
362
363 ##### `KERNEL_VIRT`=false
364 Enable Kernel KVM support (/dev/kvm)
365
366 ##### `KERNEL_ZSWAP`=false
367 Enable Kernel Zswap support. Best use on high RAM load and mediocre CPU load usecases
368
369 ##### `KERNEL_BPF`=true
370 Allow attaching eBPF programs to a cgroup using the bpf syscall (CONFIG_BPF_SYSCALL CONFIG_CGROUP_BPF) [systemd compilations about it - File /lib/systemd/system/systemd-journald.server:36 configures an IP firewall (IPAddressDeny=all), but the local system does not support BPF/cgroup based firewalls]
371
372 ##### `KERNEL_SECURITY`=false
373 Enables Apparmor, integrity subsystem, auditing
348 374 ---
349 375
350 376 #### Reduce disk usage:
Show file before | Show file after | Hide comments
@@ -5,6 +5,14
5 5 # Load utility functions
6 6 . ./functions.sh
7 7
8 # Need to use kali kernel src if nexmon is enabled
9 if [ "$ENABLE_NEXMON" = true ] ; then
10 KERNEL_URL="${KALI_KERNEL_URL}"
11 # Clear Branch and KernelSRC_DIR if using nexmon. Everyone will forget to clone kali kernel instead of nomrla kernel
12 KERNEL_BRANCH=""
13 KERNELSRC_DIR=""
14 fi
15
8 16 # Fetch and build latest raspberry kernel
9 17 if [ "$BUILD_KERNEL" = true ] ; then
10 18 # Setup source directory
@@ -87,6 +95,283 if [ "$BUILD_KERNEL" = true ] ; then
87 95 # Load default raspberry kernel configuration
88 96 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" "${KERNEL_DEFCONFIG}"
89 97
98 #Switch to KERNELSRC_DIR so we can use set_kernel_config
99 cd "${KERNEL_DIR}" || exit
100
101 # enable ZSWAP see https://askubuntu.com/a/472227 or https://wiki.archlinux.org/index.php/zswap
102 if [ "$KERNEL_ZSWAP" = true ] ; then
103 set_kernel_config CONFIG_ZPOOL y
104 set_kernel_config CONFIG_ZSWAP y
105 set_kernel_config CONFIG_ZBUD y
106 set_kernel_config CONFIG_Z3FOLD y
107 set_kernel_config CONFIG_ZSMALLOC y
108 set_kernel_config CONFIG_PGTABLE_MAPPING y
109 set_kernel_config CONFIG_LZO_COMPRESS y
110 fi
111
112 # enable basic KVM support; see https://www.raspberrypi.org/forums/viewtopic.php?f=63&t=210546&start=25#p1300453
113 if [ "$KERNEL_VIRT" = true ] && { [ "$RPI_MODEL" = 2 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; } ; then
114 set_kernel_config CONFIG_HAVE_KVM_IRQCHIP y
115 set_kernel_config CONFIG_HAVE_KVM_ARCH_TLB_FLUSH_ALL y
116 set_kernel_config CONFIG_HAVE_KVM_CPU_RELAX_INTERCEPT y
117 set_kernel_config CONFIG_HAVE_KVM_EVENTFD y
118 set_kernel_config CONFIG_HAVE_KVM_IRQFD y
119 set_kernel_config CONFIG_HAVE_KVM_IRQ_ROUTING y
120 set_kernel_config CONFIG_HAVE_KVM_MSI y
121 set_kernel_config CONFIG_KVM y
122 set_kernel_config CONFIG_KVM_ARM_HOST y
123 set_kernel_config CONFIG_KVM_ARM_PMU y
124 set_kernel_config CONFIG_KVM_COMPAT y
125 set_kernel_config CONFIG_KVM_GENERIC_DIRTYLOG_READ_PROTECT y
126 set_kernel_config CONFIG_KVM_MMIO y
127 set_kernel_config CONFIG_KVM_VFIO y
128 set_kernel_config CONFIG_VHOST m
129 set_kernel_config CONFIG_VHOST_CROSS_ENDIAN_LEGACY y
130 set_kernel_config CONFIG_VHOST_NET m
131 set_kernel_config CONFIG_VIRTUALIZATION y
132
133 set_kernel_config CONFIG_MMU_NOTIFIER y
134
135 # erratum
136 set_kernel_config ARM64_ERRATUM_834220 y
137
138 # https://sourceforge.net/p/kvm/mailman/message/18440797/
139 set_kernel_config CONFIG_PREEMPT_NOTIFIERS y
140 fi
141
142 # enable apparmor,integrity audit,
143 if [ "$KERNEL_SECURITY" = true ] ; then
144
145 # security filesystem, security models and audit
146 set_kernel_config CONFIG_SECURITYFS y
147 set_kernel_config CONFIG_SECURITY y
148 set_kernel_config CONFIG_AUDIT y
149
150 # harden strcpy and memcpy
151 set_kernel_config CONFIG_HARDENED_USERCOPY=y
152 set_kernel_config CONFIG_HAVE_HARDENED_USERCOPY_ALLOCATOR=y
153 set_kernel_config CONFIG_FORTIFY_SOURCE=y
154
155 # integrity sub-system
156 set_kernel_config CONFIG_INTEGRITY=y
157 set_kernel_config CONFIG_INTEGRITY_ASYMMETRIC_KEYS=y
158 set_kernel_config CONFIG_INTEGRITY_AUDIT=y
159 set_kernel_config CONFIG_INTEGRITY_SIGNATURE=y
160 set_kernel_config CONFIG_INTEGRITY_TRUSTED_KEYRING=y
161
162 # This option provides support for retaining authentication tokens and access keys in the kernel.
163 set_kernel_config CONFIG_KEYS=y
164 set_kernel_config CONFIG_KEYS_COMPAT=y
165
166 # Apparmor
167 set_kernel_config CONFIG_SECURITY_APPARMOR_BOOTPARAM_VALUE 0
168 set_kernel_config CONFIG_SECURITY_APPARMOR_HASH_DEFAULT y
169 set_kernel_config CONFIG_DEFAULT_SECURITY_APPARMOR y
170 set_kernel_config CONFIG_SECURITY_APPARMOR y
171 set_kernel_config CONFIG_SECURITY_APPARMOR_HASH y
172 set_kernel_config CONFIG_DEFAULT_SECURITY "apparmor"
173
174 # restrictions on unprivileged users reading the kernel
175 set_kernel_config CONFIG_SECURITY_DMESG_RESTRICT=y
176
177 # network security hooks
178 set_kernel_config CONFIG_SECURITY_NETWORK y
179 set_kernel_config CONFIG_SECURITY_NETWORK_XFRM=y
180 set_kernel_config CONFIG_SECURITY_PATH=y
181 set_kernel_config CONFIG_SECURITY_YAMA=y
182
183 # New Options
184 if [ "$KERNEL_NF" = true ] ; then
185 set_kernel_config CONFIG_IP_NF_SECURITY m
186 set_kernel_config CONFIG_NETLABEL y
187 set_kernel_config CONFIG_IP6_NF_SECURITY m
188 fi
189 set_kernel_config CONFIG_SECURITY_SELINUX n
190 set_kernel_config CONFIG_SECURITY_SMACK n
191 set_kernel_config CONFIG_SECURITY_TOMOYO n
192 set_kernel_config CONFIG_SECURITY_APPARMOR_DEBUG n
193 set_kernel_config CONFIG_SECURITY_LOADPIN n
194 set_kernel_config CONFIG_HARDENED_USERCOPY_PAGESPAN n
195 set_kernel_config CONFIG_IMA n
196 set_kernel_config CONFIG_EVM n
197 set_kernel_config CONFIG_FANOTIFY_ACCESS_PERMISSIONS y
198 set_kernel_config CONFIG_NFSD_V4_SECURITY_LABEL y
199 set_kernel_config CONFIG_PKCS7_MESSAGE_PARSER y
200 set_kernel_config CONFIG_SYSTEM_TRUSTED_KEYRING y
201 set_kernel_config CONFIG_SYSTEM_TRUSTED_KEYS y
202 set_kernel_config CONFIG_SYSTEM_EXTRA_CERTIFICATE y
203 set_kernel_config CONFIG_SECONDARY_TRUSTED_KEYRING y
204 set_kernel_config CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY n
205 set_kernel_config CONFIG_SYSTEM_TRUSTED_KEYS m
206 set_kernel_config CONFIG_SYSTEM_EXTRA_CERTIFICATE_SIZE 4096
207
208 set_kernel_config CONFIG_ARM64_CRYPTO y
209 set_kernel_config CONFIG_CRYPTO_SHA256_ARM64 m
210 set_kernel_config CONFIG_CRYPTO_SHA512_ARM64 m
211 set_kernel_config CONFIG_CRYPTO_SHA1_ARM64_CE m
212 set_kernel_config CRYPTO_GHASH_ARM64_CE m
213 set_kernel_config CRYPTO_SHA2_ARM64_CE m
214 set_kernel_config CONFIG_CRYPTO_CRCT10DIF_ARM64_CE m
215 set_kernel_config CONFIG_CRYPTO_CRC32_ARM64_CE m
216 set_kernel_config CONFIG_CRYPTO_AES_ARM64 m
217 set_kernel_config CONFIG_CRYPTO_AES_ARM64_CE m
218 set_kernel_config CONFIG_CRYPTO_AES_ARM64_CE_CCM y
219 set_kernel_config CONFIG_CRYPTO_AES_ARM64_CE_BLK y
220 set_kernel_config CONFIG_CRYPTO_AES_ARM64_NEON_BLK m
221 set_kernel_config CONFIG_CRYPTO_CHACHA20_NEON m
222 set_kernel_config CONFIG_CRYPTO_AES_ARM64_BS m
223 set_kernel_config SYSTEM_TRUSTED_KEYS
224 fi
225
226 # Netfilter kernel support See https://github.com/raspberrypi/linux/issues/2177#issuecomment-354647406
227 if [ "$KERNEL_NF" = true ] ; then
228 set_kernel_config CONFIG_IP_NF_TARGET_SYNPROXY m
229 set_kernel_config CONFIG_NETFILTER_XT_TARGET_AUDIT m
230 set_kernel_config CONFIG_NETFILTER_XT_MATCH_CGROUP m
231 set_kernel_config CONFIG_NETFILTER_XT_MATCH_IPCOMP m
232 set_kernel_config CONFIG_NETFILTER_XT_MATCH_SOCKET m
233 set_kernel_config CONFIG_NFT_FIB_INET m
234 set_kernel_config CONFIG_NFT_FIB_IPV4 m
235 set_kernel_config CONFIG_NFT_FIB_IPV6 m
236 set_kernel_config CONFIG_NFT_FIB_NETDEV m
237 set_kernel_config CONFIG_NFT_OBJREF m
238 set_kernel_config CONFIG_NFT_RT m
239 set_kernel_config CONFIG_NFT_SET_BITMAP m
240 set_kernel_config CONFIG_NF_CONNTRACK_TIMEOUT y
241 set_kernel_config CONFIG_NF_LOG_ARP m
242 set_kernel_config CONFIG_NF_SOCKET_IPV4 m
243 set_kernel_config CONFIG_NF_SOCKET_IPV6 m
244 set_kernel_config CONFIG_BRIDGE_EBT_BROUTE m
245 set_kernel_config CONFIG_BRIDGE_EBT_T_FILTER m
246 set_kernel_config CONFIG_BRIDGE_NF_EBTABLES m
247 set_kernel_config CONFIG_IP6_NF_IPTABLES m
248 set_kernel_config CONFIG_IP6_NF_MATCH_AH m
249 set_kernel_config CONFIG_IP6_NF_MATCH_EUI64 m
250 set_kernel_config CONFIG_IP6_NF_NAT m
251 set_kernel_config CONFIG_IP6_NF_TARGET_MASQUERADE m
252 set_kernel_config CONFIG_IP6_NF_TARGET_NPT m
253 set_kernel_config CONFIG_IP_NF_SECURITY m
254 set_kernel_config CONFIG_IP_SET_BITMAP_IPMAC m
255 set_kernel_config CONFIG_IP_SET_BITMAP_PORT m
256 set_kernel_config CONFIG_IP_SET_HASH_IP m
257 set_kernel_config CONFIG_IP_SET_HASH_IPMARK m
258 set_kernel_config CONFIG_IP_SET_HASH_IPPORT m
259 set_kernel_config CONFIG_IP_SET_HASH_IPPORTIP m
260 set_kernel_config CONFIG_IP_SET_HASH_IPPORTNET m
261 set_kernel_config CONFIG_IP_SET_HASH_MAC m
262 set_kernel_config CONFIG_IP_SET_HASH_NET m
263 set_kernel_config CONFIG_IP_SET_HASH_NETIFACE m
264 set_kernel_config CONFIG_IP_SET_HASH_NETNET m
265 set_kernel_config CONFIG_IP_SET_HASH_NETPORT m
266 set_kernel_config CONFIG_IP_SET_HASH_NETPORTNET m
267 set_kernel_config CONFIG_IP_SET_LIST_SET m
268 set_kernel_config CONFIG_NETFILTER_XTABLES m
269 set_kernel_config CONFIG_NETFILTER_XTABLES m
270 set_kernel_config CONFIG_NFT_BRIDGE_META m
271 set_kernel_config CONFIG_NFT_BRIDGE_REJECT m
272 set_kernel_config CONFIG_NFT_CHAIN_NAT_IPV4 m
273 set_kernel_config CONFIG_NFT_CHAIN_NAT_IPV6 m
274 set_kernel_config CONFIG_NFT_CHAIN_ROUTE_IPV4 m
275 set_kernel_config CONFIG_NFT_CHAIN_ROUTE_IPV6 m
276 set_kernel_config CONFIG_NFT_COMPAT m
277 set_kernel_config CONFIG_NFT_COUNTER m
278 set_kernel_config CONFIG_NFT_CT m
279 set_kernel_config CONFIG_NFT_DUP_IPV4 m
280 set_kernel_config CONFIG_NFT_DUP_IPV6 m
281 set_kernel_config CONFIG_NFT_DUP_NETDEV m
282 set_kernel_config CONFIG_NFT_EXTHDR m
283 set_kernel_config CONFIG_NFT_FWD_NETDEV m
284 set_kernel_config CONFIG_NFT_HASH m
285 set_kernel_config CONFIG_NFT_LIMIT m
286 set_kernel_config CONFIG_NFT_LOG m
287 set_kernel_config CONFIG_NFT_MASQ m
288 set_kernel_config CONFIG_NFT_MASQ_IPV4 m
289 set_kernel_config CONFIG_NFT_MASQ_IPV6 m
290 set_kernel_config CONFIG_NFT_META m
291 set_kernel_config CONFIG_NFT_NAT m
292 set_kernel_config CONFIG_NFT_NUMGEN m
293 set_kernel_config CONFIG_NFT_QUEUE m
294 set_kernel_config CONFIG_NFT_QUOTA m
295 set_kernel_config CONFIG_NFT_REDIR m
296 set_kernel_config CONFIG_NFT_REDIR_IPV4 m
297 set_kernel_config CONFIG_NFT_REDIR_IPV6 m
298 set_kernel_config CONFIG_NFT_REJECT m
299 set_kernel_config CONFIG_NFT_REJECT_INET m
300 set_kernel_config CONFIG_NFT_REJECT_IPV4 m
301 set_kernel_config CONFIG_NFT_REJECT_IPV6 m
302 set_kernel_config CONFIG_NFT_SET_HASH m
303 set_kernel_config CONFIG_NFT_SET_RBTREE m
304 set_kernel_config CONFIG_NF_CONNTRACK_IPV4 m
305 set_kernel_config CONFIG_NF_CONNTRACK_IPV6 m
306 set_kernel_config CONFIG_NF_DEFRAG_IPV4 m
307 set_kernel_config CONFIG_NF_DEFRAG_IPV6 m
308 set_kernel_config CONFIG_NF_DUP_IPV4 m
309 set_kernel_config CONFIG_NF_DUP_IPV6 m
310 set_kernel_config CONFIG_NF_DUP_NETDEV m
311 set_kernel_config CONFIG_NF_LOG_BRIDGE m
312 set_kernel_config CONFIG_NF_LOG_IPV4 m
313 set_kernel_config CONFIG_NF_LOG_IPV6 m
314 set_kernel_config CONFIG_NF_NAT_IPV4 m
315 set_kernel_config CONFIG_NF_NAT_IPV6 m
316 set_kernel_config CONFIG_NF_NAT_MASQUERADE_IPV4 m
317 set_kernel_config CONFIG_NF_NAT_MASQUERADE_IPV6 m
318 set_kernel_config CONFIG_NF_NAT_PPTP m
319 set_kernel_config CONFIG_NF_NAT_PROTO_GRE m
320 set_kernel_config CONFIG_NF_NAT_REDIRECT m
321 set_kernel_config CONFIG_NF_NAT_SIP m
322 set_kernel_config CONFIG_NF_NAT_SNMP_BASIC m
323 set_kernel_config CONFIG_NF_NAT_TFTP m
324 set_kernel_config CONFIG_NF_REJECT_IPV4 m
325 set_kernel_config CONFIG_NF_REJECT_IPV6 m
326 set_kernel_config CONFIG_NF_TABLES m
327 set_kernel_config CONFIG_NF_TABLES_ARP m
328 set_kernel_config CONFIG_NF_TABLES_BRIDGE m
329 set_kernel_config CONFIG_NF_TABLES_INET m
330 set_kernel_config CONFIG_NF_TABLES_IPV4 m
331 set_kernel_config CONFIG_NF_TABLES_IPV6 m
332 set_kernel_config CONFIG_NF_TABLES_NETDEV m
333 fi
334
335 # Enables BPF syscall for systemd-journald see https://github.com/torvalds/linux/blob/master/init/Kconfig#L848 or https://groups.google.com/forum/#!topic/linux.gentoo.user/_2aSc_ztGpA
336 if [ "$KERNEL_BPF" = true ] ; then
337 set_kernel_config CONFIG_BPF_SYSCALL y
338 set_kernel_config CONFIG_BPF_EVENTS y
339 set_kernel_config CONFIG_BPF_STREAM_PARSER y
340 set_kernel_config CONFIG_CGROUP_BPF y
341 fi
342
343 # KERNEL_DEFAULT_GOV was set by user
344 if [ "$KERNEL_DEFAULT_GOV" != powersave ] && [ -n "$KERNEL_DEFAULT_GOV" ] ; then
345
346 case "$KERNEL_DEFAULT_GOV" in
347 performance)
348 set_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_PERFORMANCE y
349 ;;
350 userspace)
351 set_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_USERSPACE y
352 ;;
353 ondemand)
354 set_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_ONDEMAND y
355 ;;
356 conservative)
357 set_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_CONSERVATIVE y
358 ;;
359 shedutil)
360 set_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_SCHEDUTIL y
361 ;;
362 *)
363 echo "error: unsupported default cpu governor"
364 exit 1
365 ;;
366 esac
367
368 # unset previous default governor
369 unset_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_POWERSAVE
370 fi
371
372 #Revert to previous directory
373 cd "${WORKDIR}" || exit
374
90 375 # Set kernel configuration parameters to enable qemu emulation
91 376 if [ "$ENABLE_QEMU" = true ] ; then
92 377 echo "CONFIG_FHANDLE=y" >> "${KERNEL_DIR}"/.config
@@ -126,6 +411,7 if [ "$BUILD_KERNEL" = true ] ; then
126 411 if [ "$KERNEL_MENUCONFIG" = true ] ; then
127 412 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" menuconfig
128 413 fi
414 # end if "$KERNELSRC_CONFIG" = true
129 415 fi
130 416
131 417 # Use ccache to cross compile the kernel
@@ -142,6 +428,7 if [ "$BUILD_KERNEL" = true ] ; then
142 428 if grep -q "CONFIG_MODULES=y" "${KERNEL_DIR}/.config" ; then
143 429 make -C "${KERNEL_DIR}" -j"${KERNEL_THREADS}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" CC="${cc}" modules
144 430 fi
431 # end if "$KERNELSRC_PREBUILT" = false
145 432 fi
146 433
147 434 # Check if kernel compilation was successful
@@ -237,19 +524,79 if [ "$BUILD_KERNEL" = true ] ; then
237 524 fi
238 525
239 526 else # BUILD_KERNEL=false
240 # Kernel installation
241 chroot_exec apt-get -qq -y --no-install-recommends install linux-image-"${COLLABORA_KERNEL}" raspberrypi-bootloader-nokernel
527 if [ "$SET_ARCH" = 64 ] && { [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; } ; then
528
529 # Use Sakakis modified kernel if ZSWAP is active
530 if [ "$KERNEL_ZSWAP" = true ] || [ "$KERNEL_VIRT" = true ] || [ "$KERNEL_NF" = true ] || [ "$KERNEL_BPF" = true ] ; then
531 RPI3_64_KERNEL_URL="${RPI3_64_BIS_KERNEL_URL}"
532 fi
533
534 # Create temporary directory for dl
535 temp_dir=$(as_nobody mktemp -d)
536
537 # Fetch kernel dl
538 as_nobody wget -O "${temp_dir}"/kernel.tar.xz -c "$RPI3_64_KERNEL_URL"
242 539
243 # Install flash-kernel last so it doesn't try (and fail) to detect the platform in the chroot
244 chroot_exec apt-get -qq -y install flash-kernel
540 #extract download
541 tar -xJf "${temp_dir}"/kernel.tar.xz -C "${temp_dir}"
542
543 #move extracted kernel to /boot/firmware
544 mkdir "${R}/boot/firmware"
545 cp "${temp_dir}"/boot/* "${R}"/boot/firmware/
546 cp -r "${temp_dir}"/lib/* "${R}"/lib/
547
548 # Remove temporary directory for kernel sources
549 rm -fr "${temp_dir}"
550
551 # Set permissions of the kernel sources
552 chown -R root:root "${R}/boot/firmware"
553 chown -R root:root "${R}/lib/modules"
554 fi
555
556 # Install Kernel from hypriot comptabile with all Raspberry PI
557 if [ "$SET_ARCH" = 32 ] ; then
558 # Create temporary directory for dl
559 temp_dir=$(as_nobody mktemp -d)
560
561 # Fetch kernel
562 as_nobody wget -O "${temp_dir}"/kernel.deb -c "$RPI_32_KERNEL_URL"
563
564 # Copy downloaded U-Boot sources
565 mv "${temp_dir}"/kernel.deb "${R}"/tmp/kernel.deb
566
567 # Set permissions
568 chown -R root:root "${R}"/tmp/kernel.deb
569
570 # Install kernel
571 chroot_exec dpkg -i /tmp/kernel.deb
572
573 # move /boot to /boot/firmware to fit script env.
574 #mkdir "${BOOT_DIR}"
575 mkdir "${temp_dir}"/firmware
576 mv "${R}"/boot/* "${temp_dir}"/firmware/
577 mv "${temp_dir}"/firmware "${R}"/boot/
578
579 #same for kernel headers
580 if [ "$KERNEL_HEADERS" = true ] ; then
581 # Fetch kernel header
582 as_nobody wget -O "${temp_dir}"/kernel-header.deb -c "$RPI_32_KERNELHEADER_URL"
583 mv "${temp_dir}"/kernel-header.deb "${R}"/tmp/kernel-header.deb
584 chown -R root:root "${R}"/tmp/kernel-header.deb
585 # Install kernel header
586 chroot_exec dpkg -i /tmp/kernel-header.deb
587 rm -f "${R}"/tmp/kernel-header.deb
588 fi
589
590 # Remove temporary directory and files
591 rm -fr "${temp_dir}"
592 rm -f "${R}"/tmp/kernel.deb
593 fi
245 594
246 595 # Check if kernel installation was successful
247 VMLINUZ="$(ls -1 "${R}"/boot/vmlinuz-* | sort | tail -n 1)"
248 if [ -z "$VMLINUZ" ] ; then
249 echo "error: kernel installation failed! (/boot/vmlinuz-* not found)"
596 KERNEL="$(ls -1 "${R}"/boot/firmware/kernel* | sort | tail -n 1)"
597 if [ -z "$KERNEL" ] ; then
598 echo "error: kernel installation failed! (/boot/kernel* not found)"
250 599 cleanup
251 600 exit 1
252 601 fi
253 # Copy vmlinuz kernel to the boot directory
254 install_readonly "${VMLINUZ}" "${BOOT_DIR}/${KERNEL_IMAGE}"
255 602 fi
Show file before | Show file after | Hide comments
@@ -8,6 +8,11
8 8 # Install and setup fstab
9 9 install_readonly files/mount/fstab "${ETC_DIR}/fstab"
10 10
11 if [ "$ENABLE_UBOOTUSB" = true ] ; then
12 sed -i "s/mmcblk0p1/sda1/" "${ETC_DIR}/fstab"
13 sed -i "s/mmcblk0p2/sda2/" "${ETC_DIR}/fstab"
14 fi
15
11 16 # Add usb/sda disk root partition to fstab
12 17 if [ "$ENABLE_SPLITFS" = true ] && [ "$ENABLE_CRYPTFS" = false ] ; then
13 18 sed -i "s/mmcblk0p2/sda1/" "${ETC_DIR}/fstab"
@@ -29,7 +34,7 if [ "$ENABLE_CRYPTFS" = true ] ; then
29 34 fi
30 35
31 36 # Generate initramfs file
32 if [ "$BUILD_KERNEL" = true ] && [ "$ENABLE_INITRAMFS" = true ] ; then
37 if [ "$ENABLE_INITRAMFS" = true ] ; then
33 38 if [ "$ENABLE_CRYPTFS" = true ] ; then
34 39 # Include initramfs scripts to auto expand encrypted root partition
35 40 if [ "$EXPANDROOT" = true ] ; then
Show file before | Show file after | Hide comments
@@ -5,7 +5,6
5 5 # Load utility functions
6 6 . ./functions.sh
7 7
8 if [ "$BUILD_KERNEL" = true ] ; then
9 8 if [ -n "$RPI_FIRMWARE_DIR" ] && [ -d "$RPI_FIRMWARE_DIR" ] ; then
10 9 # Install boot binaries from local directory
11 10 cp "${RPI_FIRMWARE_DIR}"/boot/bootcode.bin "${BOOT_DIR}"/bootcode.bin
@@ -38,7 +37,6 if [ "$BUILD_KERNEL" = true ] ; then
38 37 chown -R root:root "${BOOT_DIR}"
39 38 chmod -R 600 "${BOOT_DIR}"
40 39 fi
41 fi
42 40
43 41 # Setup firmware boot cmdline
44 42 if [ "$ENABLE_SPLITFS" = true ] ; then
@@ -56,18 +54,36 if [ "$ENABLE_CRYPTFS" = true ] ; then
56 54 fi
57 55 fi
58 56
59 #locks cpu at max frequency
60 if [ "$ENABLE_TURBO" = true ] ; then
61 echo "force_turbo=1" >> "${BOOT_DIR}/config.txt"
62 fi
63
57 # Enable Kernel messages on standard output
64 58 if [ "$ENABLE_PRINTK" = true ] ; then
65 59 install_readonly files/sysctl.d/83-rpi-printk.conf "${ETC_DIR}/sysctl.d/83-rpi-printk.conf"
66 60 fi
67 61
68 # Install udev rule for serial alias
62 # Install udev rule for serial alias - serial0 = console serial1=bluetooth
69 63 install_readonly files/etc/99-com.rules "${LIB_DIR}/udev/rules.d/99-com.rules"
70 64
65 # Remove IPv6 networking support
66 if [ "$ENABLE_IPV6" = false ] ; then
67 CMDLINE="${CMDLINE} ipv6.disable=1"
68 fi
69
70 # Automatically assign predictable network interface names
71 if [ "$ENABLE_IFNAMES" = false ] ; then
72 CMDLINE="${CMDLINE} net.ifnames=0"
73 else
74 CMDLINE="${CMDLINE} net.ifnames=1"
75 fi
76
77 # Install firmware config
78 install_readonly files/boot/config.txt "${BOOT_DIR}/config.txt"
79
80 # Locks CPU frequency at maximum
81 if [ "$ENABLE_TURBO" = true ] ; then
82 echo "force_turbo=1" >> "${BOOT_DIR}/config.txt"
83 # helps to avoid sdcard corruption when force_turbo is enabled.
84 echo "boot_delay=1" >> "${BOOT_DIR}/config.txt"
85 fi
86
71 87 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then
72 88
73 89 # RPI0,3,3P Use default ttyS0 (mini-UART)as serial interface
@@ -152,24 +168,49 else
152 168 chroot_exec systemctl disable serial-getty\@"$SET_SERIAL".service
153 169 fi
154 170
155 # Remove IPv6 networking support
156 if [ "$ENABLE_IPV6" = false ] ; then
157 CMDLINE="${CMDLINE} ipv6.disable=1"
158 fi
171 if [ "$ENABLE_SYSTEMDSWAP" = true ] ; then
172 # Create temporary directory for systemd-swap sources
173 temp_dir=$(as_nobody mktemp -d)
159 174
160 # Automatically assign predictable network interface names
161 if [ "$ENABLE_IFNAMES" = false ] ; then
162 CMDLINE="${CMDLINE} net.ifnames=0"
175 # Fetch systemd-swap sources
176 as_nobody git -C "${temp_dir}" clone "${SYSTEMDSWAP_URL}"
177
178 # Copy downloaded systemd-swap sources
179 mv "${temp_dir}/systemd-swap" "${R}/tmp/"
180
181 # Set permissions of the systemd-swap sources
182 chown -R root:root "${R}/tmp/systemd-swap"
183
184 # Remove temporary directory for systemd-swap sources
185 rm -fr "${temp_dir}"
186
187 # Change into downloaded src dir
188 cd "${R}/tmp/systemd-swap" || exit
189
190 # Build package
191 . ./package.sh debian
192
193 # Install package
194 chroot_exec dpkg -i /tmp/systemd-swap/systemd-swap-*any.deb
195
196 # Enable service
197 chroot_exec systemctl enable systemd-swap
198
199 # Change back into script root dir
200 cd "${WORKDIR}" || exit
163 201 else
164 CMDLINE="${CMDLINE} net.ifnames=1"
202 # Enable ZSWAP in cmdline if systemd-swap is not used
203 if [ "$KERNEL_ZSWAP" = true ] ; then
204 CMDLINE="${CMDLINE} zswap.enabled=1 zswap.max_pool_percent=25 zswap.compressor=lz4"
205 fi
206 fi
207 if [ "$KERNEL_SECURITY" = true ] ; then
208 CMDLINE="${CMDLINE} apparmor=1 security=apparmor"
165 209 fi
166 210
167 211 # Install firmware boot cmdline
168 212 echo "${CMDLINE}" > "${BOOT_DIR}/cmdline.txt"
169 213
170 # Install firmware config
171 install_readonly files/boot/config.txt "${BOOT_DIR}/config.txt"
172
173 214 # Setup minimal GPU memory allocation size: 16MB (no X)
174 215 if [ "$ENABLE_MINGPU" = true ] ; then
175 216 echo "gpu_mem=16" >> "${BOOT_DIR}/config.txt"
Show file before | Show file after | Hide comments
@@ -9,9 +9,10 if [ "$ENABLE_IPTABLES" = true ] ; then
9 9 # Create iptables configuration directory
10 10 mkdir -p "${ETC_DIR}/iptables"
11 11
12 # make sure iptables-legacy is the used alternatives
12 if [ "$KERNEL_NF" = false ] ; then
13 13 #iptables-save and -restore are slaves of iptables and thus are set accordingly
14 14 chroot_exec update-alternatives --verbose --set iptables /usr/sbin/iptables-legacy
15 fi
15 16
16 17 # Install iptables systemd service
17 18 install_readonly files/iptables/iptables.service "${ETC_DIR}/systemd/system/iptables.service"
@@ -27,6 +28,10 if [ "$ENABLE_IPTABLES" = true ] ; then
27 28 chroot_exec systemctl enable iptables.service
28 29
29 30 if [ "$ENABLE_IPV6" = true ] ; then
31 if [ "$KERNEL_NF" = false ] ; then
32 #iptables-save and -restore are slaves of iptables and thus are set accordingly
33 chroot_exec update-alternatives --verbose --set ip6tables /usr/sbin/ip6tables-legacy
34 fi
30 35 # Install ip6tables systemd service
31 36 install_readonly files/iptables/ip6tables.service "${ETC_DIR}/systemd/system/ip6tables.service"
32 37
Show file before | Show file after | Hide comments
@@ -78,6 +78,11 if [ "$ENABLE_UBOOT" = true ] ; then
78 78 sed -i "s|bootz|booti|g" "${BOOT_DIR}/uboot.mkimage"
79 79 fi
80 80
81 # instead of sd, boot from usb device
82 if [ "$ENABLE_UBOOTUSB" = true ] ; then
83 sed -i "s|mmc|usb|g" "${BOOT_DIR}/uboot.mkimage"
84 fi
85
81 86 # Set mkfile to use the correct dtb file
82 87 sed -i "s|bcm2709-rpi-2-b.dtb|${DTB_FILE}|" "${BOOT_DIR}/uboot.mkimage"
83 88
Show file before | Show file after | Hide comments
@@ -4,6 +4,17 cleanup (){
4 4 set +x
5 5 set +e
6 6
7 # Remove exports from nexmon
8 unset KERNEL
9 unset ARCH
10 unset SUBARCH
11 unset CCPLUGIN
12 unset ZLIBFLATE
13 unset Q
14 unset NEXMON_SETUP_ENV
15 unset HOSTUNAME
16 unset PLATFORMUNAME
17
7 18 # Identify and kill all processes still using files
8 19 echo "killing processes using mount point ..."
9 20 fuser -k "${R}"
@@ -75,3 +86,20 chroot_remove_cc() {
75 86 COMPILER_PACKAGES=""
76 87 fi
77 88 }
89 # GPL v2.0 - #https://github.com/sakaki-/bcmrpi3-kernel-bis/blob/master/conform_config.sh
90 set_kernel_config() {
91 # flag as $1, value to set as $2, config must exist at "./.config"
92 TGT="CONFIG_${1#CONFIG_}"
93 REP="${2}"
94 if grep -q "^${TGT}[^_]" .config; then
95 sed -i "s/^\(${TGT}=.*\|# ${TGT} is not set\)/${TGT}=${REP}/" .config
96 else
97 echo "${TGT}"="${2}" >> .config
98 fi
99 }
100 # unset kernel config parameter
101 unset_kernel_config() {
102 # unsets flag with the value of $1, config must exist at "./.config"
103 TGT="CONFIG_${1#CONFIG_}"
104 sed -i "s/^${TGT}=.*/# ${TGT} is not set/" .config
105 } No newline at end of file
Show file before | Show file after | Hide comments
@@ -57,6 +57,20 FBTURBO_URL=${FBTURBO_URL:=https://github.com/ssvb/xf86-video-fbturbo.git}
57 57 UBOOT_URL=${UBOOT_URL:=https://git.denx.de/u-boot.git}
58 58 VIDEOCORE_URL=${VIDEOCORE_URL:=https://github.com/raspberrypi/userland}
59 59 BLUETOOTH_URL=${BLUETOOTH_URL:=https://github.com/RPi-Distro/pi-bluetooth.git}
60 NEXMON_URL=${NEXMON_URL:=https://github.com/seemoo-lab/nexmon.git}
61 SYSTEMDSWAP_URL=${SYSTEMDSWAP_URL:=https://github.com/Nefelim4ag/systemd-swap.git}
62
63 # Kernel deb packages for 32bit kernel
64 RPI_32_KERNEL_URL=${RPI_32_KERNEL_URL:=https://github.com/hypriot/rpi-kernel/releases/download/v4.14.34/raspberrypi-kernel_20180422-141901_armhf.deb}
65 RPI_32_KERNELHEADER_URL=${RPI_32_KERNELHEADER_URL:=https://github.com/hypriot/rpi-kernel/releases/download/v4.14.34/raspberrypi-kernel-headers_20180422-141901_armhf.deb}
66 # Kernel has KVM and zswap enabled - use if KERNEL_* parameters and precompiled kernel are used
67 RPI3_64_BIS_KERNEL_URL=${RPI3_64_BIS_KERNEL_URL:=https://github.com/sakaki-/bcmrpi3-kernel-bis/releases/download/4.14.80.20181113/bcmrpi3-kernel-bis-4.14.80.20181113.tar.xz}
68 # Default precompiled 64bit kernel
69 RPI3_64_DEF_KERNEL_URL=${RPI3_64_DEF_KERNEL_URL:=https://github.com/sakaki-/bcmrpi3-kernel/releases/download/4.14.80.20181113/bcmrpi3-kernel-4.14.80.20181113.tar.xz}
70 # Generic
71 RPI3_64_KERNEL_URL=${RPI3_64_KERNEL_URL:=$RPI3_64_DEF_KERNEL_URL}
72 # Kali kernel src - used if ENABLE_NEXMON=true (they patch the wlan kernel modul)
73 KALI_KERNEL_URL=${KALI_KERNEL_URL:=https://github.com/Re4son/re4son-raspberrypi-linux.git}
60 74
61 75 # Build directories
62 76 WORKDIR=$(pwd)
@@ -138,14 +152,18 SSH_ROOT_PUB_KEY=${SSH_ROOT_PUB_KEY:=""}
138 152 SSH_USER_PUB_KEY=${SSH_USER_PUB_KEY:=""}
139 153
140 154 # Advanced settings
155 ENABLE_SYSTEMDSWAP=${ENABLE_SYSTEMDSWAP:=false}
141 156 ENABLE_MINBASE=${ENABLE_MINBASE:=false}
142 157 ENABLE_REDUCE=${ENABLE_REDUCE:=false}
143 158 ENABLE_UBOOT=${ENABLE_UBOOT:=false}
144 159 UBOOTSRC_DIR=${UBOOTSRC_DIR:=""}
160 ENABLE_UBOOTUSB=${ENABLE_UBOOTUSB=false}
145 161 ENABLE_FBTURBO=${ENABLE_FBTURBO:=false}
146 162 ENABLE_VIDEOCORE=${ENABLE_VIDEOCORE:=false}
163 ENABLE_NEXMON=${ENABLE_NEXMON:=false}
147 164 VIDEOCORESRC_DIR=${VIDEOCORESRC_DIR:=""}
148 165 FBTURBOSRC_DIR=${FBTURBOSRC_DIR:=""}
166 NEXMONSRC_DIR=${NEXMONSRC_DIR:=""}
149 167 ENABLE_HARDNET=${ENABLE_HARDNET:=false}
150 168 ENABLE_IPTABLES=${ENABLE_IPTABLES:=false}
151 169 ENABLE_SPLITFS=${ENABLE_SPLITFS:=false}
@@ -162,6 +180,12 KERNEL_MENUCONFIG=${KERNEL_MENUCONFIG:=false}
162 180 KERNEL_REMOVESRC=${KERNEL_REMOVESRC:=true}
163 181 KERNEL_OLDDEFCONFIG=${KERNEL_OLDDEFCONFIG:=false}
164 182 KERNEL_CCACHE=${KERNEL_CCACHE:=false}
183 KERNEL_ZSWAP=${KERNEL_ZSWAP:=false}
184 KERNEL_VIRT=${KERNEL_VIRT:=false}
185 KERNEL_BPF=${KERNEL_BPF:=false}
186 KERNEL_DEFAULT_GOV=${KERNEL_DEFAULT_GOV:=powersave}
187 KERNEL_SECURITY=${KERNEL_SECURITY:=false}
188 KERNEL_NF=${KERNEL_NF:=false}
165 189
166 190 # Kernel compilation from source directory settings
167 191 KERNELSRC_DIR=${KERNELSRC_DIR:=""}
@@ -295,12 +319,26 case "$RPI_MODEL" in
295 319 ;;
296 320 esac
297 321
322 if [ "$ENABLE_UBOOTUSB" = true ] ; then
323 if [ "$ENABLE_UBOOT" = false ] ; then
324 echo "error: Enabling UBOOTUSB requires u-boot to be enabled"
325 exit 1
326 fi
327 if [ "$RPI_MODEL" != 3 ] || [ "$RPI_MODEL" != 3P ] ; then
328 echo "error: Enabling UBOOTUSB requires Raspberry 3"
329 exit 1
330 fi
331 fi
332
298 333 # Raspberry PI 0,3,3P with Bluetooth and Wifi onboard
299 334 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then
300 335 # Include bluetooth packages on supported boards
301 if [ "$ENABLE_BLUETOOTH" = true ] && [ "$ENABLE_CONSOLE" = false ]; then
336 if [ "$ENABLE_BLUETOOTH" = true ] ; then
302 337 APT_INCLUDES="${APT_INCLUDES},bluetooth,bluez"
303 338 fi
339 if [ "$ENABLE_WIRELESS" = true ] ; then
340 APT_INCLUDES="${APT_INCLUDES},wireless-tools,crda,wireless-regdb"
341 fi
304 342 else # Raspberry PI 1,1P,2 without Wifi and bluetooth onboard
305 343 # Check if the internal wireless interface is not supported by the RPi model
306 344 if [ "$ENABLE_WIRELESS" = true ] || [ "$ENABLE_BLUETOOTH" = true ]; then
@@ -309,6 +347,11 else # Raspberry PI 1,1P,2 without Wifi and bluetooth onboard
309 347 fi
310 348 fi
311 349
350 if [ "$BUILD_KERNEL" = false ] && [ "$ENABLE_NEXMON" = true ]; then
351 echo "error: You have to compile kernel sources, if you want to enable nexmon"
352 exit 1
353 fi
354
312 355 # Prepare date string for default image file name
313 356 DATE="$(date +%Y-%m-%d)"
314 357 if [ -z "$KERNEL_BRANCH" ] ; then
@@ -330,6 +373,11 if [ "$ENABLE_VIDEOCORE" = true ] ; then
330 373 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} cmake"
331 374 fi
332 375
376 # Add deps for nexmon
377 if [ "$ENABLE_NEXMON" = true ] ; then
378 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} libgmp3-dev gawk qpdf bison flex make autoconf automake build-essential libtool"
379 fi
380
333 381 # Add libncurses5 to enable kernel menuconfig
334 382 if [ "$KERNEL_MENUCONFIG" = true ] ; then
335 383 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} libncurses-dev"
@@ -362,14 +410,6 if [ "$ENABLE_UBOOT" = true ] ; then
362 410 APT_INCLUDES="${APT_INCLUDES},device-tree-compiler,bison,flex,bc"
363 411 fi
364 412
365 if [ "$ENABLE_BLUETOOTH" = true ] ; then
366 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then
367 if [ "$ENABLE_CONSOLE" = false ] ; then
368 APT_INCLUDES="${APT_INCLUDES},bluetooth,bluez"
369 fi
370 fi
371 fi
372
373 413 # Check if root SSH (v2) public key file exists
374 414 if [ -n "$SSH_ROOT_PUB_KEY" ] ; then
375 415 if [ ! -f "$SSH_ROOT_PUB_KEY" ] ; then
@@ -386,6 +426,11 if [ -n "$SSH_USER_PUB_KEY" ] ; then
386 426 fi
387 427 fi
388 428
429 if [ "$ENABLE_NEXMON" = true ] && [ -n "$KERNEL_BRANCH" ] ; then
430 echo "error: Please unset KERNEL_BRANCH if using ENABLE_NEXMON"
431 exit 1
432 fi
433
389 434 # Check if all required packages are installed on the build system
390 435 for package in $REQUIRED_PACKAGES ; do
391 436 if [ "$(dpkg-query -W -f='${Status}' "$package")" != "install ok installed" ] ; then
@@ -442,6 +487,12 if [ -n "$FBTURBOSRC_DIR" ] && [ ! -d "$FBTURBOSRC_DIR" ] ; then
442 487 exit 1
443 488 fi
444 489
490 # Check if specified NEXMONSRC_DIR directory exists
491 if [ -n "$NEXMONSRC_DIR" ] && [ ! -d "$NEXMONSRC_DIR" ] ; then
492 echo "error: '${NEXMONSRC_DIR}' specified directory not found (NEXMONSRC_DIR)!"
493 exit 1
494 fi
495
445 496 # Check if specified CHROOT_SCRIPTS directory exists
446 497 if [ -n "$CHROOT_SCRIPTS" ] && [ ! -d "$CHROOT_SCRIPTS" ] ; then
447 498 echo "error: ${CHROOT_SCRIPTS} specified directory not found (CHROOT_SCRIPTS)!"
@@ -493,6 +544,10 fi
493 544 if [ "$ENABLE_IPTABLES" = true ] ; then
494 545 APT_INCLUDES="${APT_INCLUDES},iptables,iptables-persistent"
495 546 fi
547 # Add apparmor for KERNEL_SECURITY
548 if [ "$KERNEL_SECURITY" = true ] ; then
549 APT_INCLUDES="${APT_INCLUDES},apparmor,apparmor-utils,apparmor-profiles,apparmor-profiles-extra,libapparmor-perl"
550 fi
496 551
497 552 # Add openssh server package
498 553 if [ "$ENABLE_SSHD" = true ] ; then
@@ -546,16 +601,6 if [ "$ENABLE_SYSVINIT" = false ] ; then
546 601 APT_EXCLUDES="--exclude=${APT_EXCLUDES},init,systemd-sysv"
547 602 fi
548 603
549 # Check if kernel is getting compiled
550 if [ "$BUILD_KERNEL" = false ] ; then
551 echo "Downloading precompiled kernel"
552 echo "error: not configured"
553 exit 1;
554 # BUILD_KERNEL=true
555 else
556 echo "No precompiled kernel repositories were added"
557 fi
558
559 604 # Configure kernel sources if no KERNELSRC_DIR
560 605 if [ "$BUILD_KERNEL" = true ] && [ -z "$KERNELSRC_DIR" ] ; then
561 606 KERNELSRC_CONFIG=true
General Comments 0
Vous devez vous connecter pour laisser un commentaire. Se connecter maintenant