##// END OF EJS Templates
Raspi2-3_GenImage
RSS

Cloner depuis https://github.com/drtyhlpr/rpi23-gen-image.git

Updated: Dropping privileges, chroot compiler install, dropbear sshd config
drtyhlpr -
r142:14de70396904
parent child
Show More
Show file before | Show file after | Hide comments
@@ -5,7 +5,7
5 5 ## Build dependencies
6 6 The following list of Debian packages must be installed on the build system because they are essentially required for the bootstrapping process. The script will check if all required packages are installed and missing packages will be installed automatically if confirmed by the user.
7 7
8 ```debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git bc psmisc dbus```
8 ```debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git bc psmisc dbus sudo```
9 9
10 10 It is recommended to configure the `rpi23-gen-image.sh` script to build and install the latest Raspberry Pi Linux kernel. For the RPi3 this is mandetory. Kernel compilation and linking will be performed on the build system using an ARM (armhf) cross-compiler toolchain.
11 11
@@ -197,11 +197,14 Reduce the disk space usage by deleting packages and files. See `REDUCE_*` param
197 197 Replace the default RPi2/3 second stage bootloader (bootcode.bin) with [U-Boot bootloader](http://git.denx.de/?p=u-boot.git;a=summary). U-Boot can boot images via the network using the BOOTP/TFTP protocol.
198 198
199 199 ##### `UBOOTSRC_DIR`=""
200 Path to a directory of [U-Boot bootloader sources](http://git.denx.de/?p=u-boot.git;a=summary) that will be copied, configured, build and installed inside the chroot.
200 Path to a directory (`u-boot`) of [U-Boot bootloader sources](http://git.denx.de/?p=u-boot.git;a=summary) that will be copied, configured, build and installed inside the chroot.
201 201
202 202 ##### `ENABLE_FBTURBO`=false
203 203 Install and enable the [hardware accelerated Xorg video driver](https://github.com/ssvb/xf86-video-fbturbo) `fbturbo`. Please note that this driver is currently limited to hardware accelerated window moving and scrolling.
204 204
205 ##### `FBTURBOSRC_DIR`=""
206 Path to a directory (`xf86-video-fbturbo`) of [hardware accelerated Xorg video driver sources](https://github.com/ssvb/xf86-video-fbturbo) that will be copied, configured, build and installed inside the chroot.
207
205 208 ##### `ENABLE_IPTABLES`=false
206 209 Enable iptables IPv4/IPv6 firewall. Simplified ruleset: Allow all outgoing connections. Block all incoming connections except to OpenSSH service.
207 210
@@ -242,7 +245,7 Enable password root login via SSH. This may be a security risk with default pas
242 245 Disable password based SSH authentication. Only public key based SSH (v2) authentication will be supported.
243 246
244 247 ##### `SSH_LIMIT_USERS`=false
245 Limit the users that are allowed to login via SSH. Only allow user `USER_NAME`=pi and root if `SSH_ENABLE_ROOT`=true to login.
248 Limit the users that are allowed to login via SSH. Only allow user `USER_NAME`=pi and root if `SSH_ENABLE_ROOT`=true to login. This parameter will be ignored if `dropbear` SSH is used (`REDUCE_SSHD`=true).
246 249
247 250 ##### `SSH_ROOT_PUB_KEY`=""
248 251 Add SSH (v2) public key(s) from specified file to `authorized_keys` file to enable public key based SSH (v2) authentication of user `root`. The specified file can also contain multiple SSH (v2) public keys. SSH protocol version 1 is not supported. `ENABLE_ROOT` **and** `SSH_ENABLE_ROOT` must be set to `true`.
@@ -272,7 +275,7 Start `make menuconfig` interactive menu-driven kernel configuration. The script
272 275 Remove all kernel sources from the generated OS image after it was built and installed.
273 276
274 277 ##### `KERNELSRC_DIR`=""
275 Path to a directory of [RaspberryPi Linux kernel sources](https://github.com/raspberrypi/linux) that will be copied, configured, build and installed inside the chroot.
278 Path to a directory (`linux`) of [RaspberryPi Linux kernel sources](https://github.com/raspberrypi/linux) that will be copied, configured, build and installed inside the chroot.
276 279
277 280 ##### `KERNELSRC_CLEAN`=false
278 281 Clean the existing kernel sources directory `KERNELSRC_DIR` (using `make mrproper`) after it was copied to the chroot and before the compilation of the kernel has started. This parameter will be ignored if no `KERNELSRC_DIR` was specified or if `KERNELSRC_PREBUILT`=true.
@@ -287,7 +290,7 Copy own config file to kernel `.config`. If `KERNEL_MENUCONFIG`=true then runni
287 290 With this parameter set to true the script expects the existing kernel sources directory to be already successfully cross-compiled. The parameters `KERNELSRC_CLEAN`, `KERNELSRC_CONFIG`, `KERNELSRC_USRCONFIG` and `KERNEL_MENUCONFIG` are ignored and no kernel compilation tasks are performed.
288 291
289 292 ##### `RPI_FIRMWARE_DIR`=""
290 The directory containing a local copy of the firmware from the [RaspberryPi firmware project](https://github.com/raspberrypi/firmware). Default is to download the latest firmware directly from the project.
293 The directory (`firmware`) containing a local copy of the firmware from the [RaspberryPi firmware project](https://github.com/raspberrypi/firmware). Default is to download the latest firmware directly from the project.
291 294
292 295 ---
293 296
Show file before | Show file after | Hide comments
@@ -21,7 +21,7 if [ "$BUILD_KERNEL" = false ] ; then
21 21
22 22 # Upgrade collabora package index and install collabora keyring
23 23 chroot_exec apt-get -qq -y update
24 chroot_exec apt-get -qq -y --force-yes install collabora-obs-archive-keyring
24 chroot_exec apt-get -qq -y --allow-unauthenticated install collabora-obs-archive-keyring
25 25 else # BUILD_KERNEL=true
26 26 # Install APT sources.list
27 27 install_readonly files/apt/sources.list "${ETC_DIR}/apt/sources.list"
Show file before | Show file after | Hide comments
@@ -20,8 +20,20 if [ "$BUILD_KERNEL" = true ] ; then
20 20 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" mrproper
21 21 fi
22 22 else # KERNELSRC_DIR=""
23 # Fetch current raspberrypi kernel sources
24 git -C "${R}/usr/src" clone --depth=1 "${KERNEL_URL}"
23 # Create temporary directory for kernel sources
24 temp_dir=$(sudo -u nobody mktemp -d)
25
26 # Fetch current RPi2/3 kernel sources
27 sudo -u nobody git -C "${temp_dir}" clone --depth=1 "${KERNEL_URL}"
28
29 # Copy downloaded kernel sources
30 mv "${temp_dir}/linux" "${R}/usr/src/"
31
32 # Remove temporary directory for kernel sources
33 rm -fr "${temp_dir}"
34
35 # Set permissions of the kernel sources
36 chown -R root:root "${R}/usr/src"
25 37 fi
26 38
27 39 # Calculate optimal number of kernel building threads
Show file before | Show file after | Hide comments
@@ -16,14 +16,27 if [ "$BUILD_KERNEL" = true ] ; then
16 16 cp ${RPI_FIRMWARE_DIR}/boot/start_cd.elf ${BOOT_DIR}/start_cd.elf
17 17 cp ${RPI_FIRMWARE_DIR}/boot/start_x.elf ${BOOT_DIR}/start_x.elf
18 18 else
19 # Create temporary directory for boot binaries
20 temp_dir=$(sudo -u nobody mktemp -d)
21
19 22 # Install latest boot binaries from raspberry/firmware github
20 wget -q -O "${BOOT_DIR}/bootcode.bin" "${FIRMWARE_URL}/bootcode.bin"
21 wget -q -O "${BOOT_DIR}/fixup.dat" "${FIRMWARE_URL}/fixup.dat"
22 wget -q -O "${BOOT_DIR}/fixup_cd.dat" "${FIRMWARE_URL}/fixup_cd.dat"
23 wget -q -O "${BOOT_DIR}/fixup_x.dat" "${FIRMWARE_URL}/fixup_x.dat"
24 wget -q -O "${BOOT_DIR}/start.elf" "${FIRMWARE_URL}/start.elf"
25 wget -q -O "${BOOT_DIR}/start_cd.elf" "${FIRMWARE_URL}/start_cd.elf"
26 wget -q -O "${BOOT_DIR}/start_x.elf" "${FIRMWARE_URL}/start_x.elf"
23 sudo -u nobody wget -q -O "${temp_dir}/bootcode.bin" "${FIRMWARE_URL}/bootcode.bin"
24 sudo -u nobody wget -q -O "${temp_dir}/fixup.dat" "${FIRMWARE_URL}/fixup.dat"
25 sudo -u nobody wget -q -O "${temp_dir}/fixup_cd.dat" "${FIRMWARE_URL}/fixup_cd.dat"
26 sudo -u nobody wget -q -O "${temp_dir}/fixup_x.dat" "${FIRMWARE_URL}/fixup_x.dat"
27 sudo -u nobody wget -q -O "${temp_dir}/start.elf" "${FIRMWARE_URL}/start.elf"
28 sudo -u nobody wget -q -O "${temp_dir}/start_cd.elf" "${FIRMWARE_URL}/start_cd.elf"
29 sudo -u nobody wget -q -O "${temp_dir}/start_x.elf" "${FIRMWARE_URL}/start_x.elf"
30
31 # Move downloaded boot binaries
32 mv "${temp_dir}/"* "${BOOT_DIR}/"
33
34 # Remove temporary directory for boot binaries
35 rm -fr "${temp_dir}"
36
37 # Set permissions of the boot binaries
38 chown -R root:root "${BOOT_DIR}"
39 chmod -R 600 "${BOOT_DIR}"
27 40 fi
28 41 fi
29 42
@@ -105,6 +118,8 fi
105 118 # Load sound module at boot
106 119 if [ "$ENABLE_SOUND" = true ] ; then
107 120 sed -i "s/^# snd_bcm2835/snd_bcm2835/" "${R}/lib/modules-load.d/rpi2.conf"
121 else
122 echo "dtparam=audio=off" >> "${BOOT_DIR}/config.txt"
108 123 fi
109 124
110 125 # Enable I2C interface
Show file before | Show file after | Hide comments
@@ -88,6 +88,20 if [ "$ENABLE_WIRELESS" = true ] ; then
88 88 mkdir -p ${WLAN_FIRMWARE_DIR}
89 89 fi
90 90
91 wget -q -O "${WLAN_FIRMWARE_DIR}/brcmfmac43430-sdio.bin" "${WLAN_FIRMWARE_URL}/brcmfmac43430-sdio.bin"
92 wget -q -O "${WLAN_FIRMWARE_DIR}/brcmfmac43430-sdio.txt" "${WLAN_FIRMWARE_URL}/brcmfmac43430-sdio.txt"
91 # Create temporary directory for firmware binary blob
92 temp_dir=$(sudo -u nobody mktemp -d)
93
94 # Fetch firmware binary blob
95 sudo -u nobody wget -q -O "${temp_dir}/brcmfmac43430-sdio.bin" "${WLAN_FIRMWARE_URL}/brcmfmac43430-sdio.bin"
96 sudo -u nobody wget -q -O "${temp_dir}/brcmfmac43430-sdio.txt" "${WLAN_FIRMWARE_URL}/brcmfmac43430-sdio.txt"
97
98 # Move downloaded firmware binary blob
99 mv "${temp_dir}/brcmfmac43430-sdio."* "${WLAN_FIRMWARE_DIR}/"
100
101 # Remove temporary directory for firmware binary blob
102 rm -fr "${temp_dir}"
103
104 # Set permissions of the firmware binary blob
105 chown root:root "${WLAN_FIRMWARE_DIR}/brcmfmac43430-sdio."*
106 chmod 600 "${WLAN_FIRMWARE_DIR}/brcmfmac43430-sdio."*
93 107 fi
Show file before | Show file after | Hide comments
@@ -9,5 +9,5
9 9 if [ "$ENABLE_RSYSLOG" = false ] ; then
10 10 sed -i "s|[#]*ForwardToSyslog=yes|ForwardToSyslog=no|g" "${ETC_DIR}/systemd/journald.conf"
11 11 chroot_exec systemctl disable rsyslog
12 chroot_exec apt-get -qq -y --force-yes purge rsyslog
12 chroot_exec apt-get -qq -y purge rsyslog
13 13 fi
Show file before | Show file after | Hide comments
@@ -6,14 +6,26
6 6 . ./functions.sh
7 7
8 8 if [ "$ENABLE_SSHD" = true ] ; then
9 DROPBEAR_ARGS=""
10
9 11 if [ "$SSH_ENABLE_ROOT" = false ] ; then
10 # User root is not allowed to log in
11 sed -i "s|[#]*PermitRootLogin.*|PermitRootLogin no|g" "${ETC_DIR}/ssh/sshd_config"
12 if [ "$ENABLE_REDUCE" = false ] || [ "$REDUCE_SSHD" = false ] ; then
13 # User root is not allowed to log in
14 sed -i "s|[#]*PermitRootLogin.*|PermitRootLogin no|g" "${ETC_DIR}/ssh/sshd_config"
15 else
16 # User root is not allowed to log in
17 DROPBEAR_ARGS="-w"
18 fi
12 19 fi
13 20
14 21 if [ "$ENABLE_ROOT" = true ] && [ "$SSH_ENABLE_ROOT" = true ] ; then
15 # Permit SSH root login
16 sed -i "s|[#]*PermitRootLogin.*|PermitRootLogin yes|g" "${ETC_DIR}/ssh/sshd_config"
22 if [ "$ENABLE_REDUCE" = false ] || [ "$REDUCE_SSHD" = false ] ; then
23 # Permit SSH root login
24 sed -i "s|[#]*PermitRootLogin.*|PermitRootLogin yes|g" "${ETC_DIR}/ssh/sshd_config"
25 else
26 # Permit SSH root login
27 DROPBEAR_ARGS=""
28 fi
17 29
18 30 # Add SSH (v2) public key for user root
19 31 if [ ! -z "$SSH_ROOT_PUB_KEY" ] ; then
@@ -31,8 +43,10 if [ "$ENABLE_SSHD" = true ] ; then
31 43 chroot_exec chmod 600 "/root/.ssh/authorized_keys"
32 44 chroot_exec chown root:root "/root/.ssh/authorized_keys"
33 45
34 # Allow SSH public key authentication
35 sed -i "s|[#]*PubkeyAuthentication.*|PubkeyAuthentication yes|g" "${ETC_DIR}/ssh/sshd_config"
46 if [ "$ENABLE_REDUCE" = false ] || [ "$REDUCE_SSHD" = false ] ; then
47 # Allow SSH public key authentication
48 sed -i "s|[#]*PubkeyAuthentication.*|PubkeyAuthentication yes|g" "${ETC_DIR}/ssh/sshd_config"
49 fi
36 50 fi
37 51 fi
38 52
@@ -53,13 +67,15 if [ "$ENABLE_SSHD" = true ] ; then
53 67 chroot_exec chmod 600 "/home/${USER_NAME}/.ssh/authorized_keys"
54 68 chroot_exec chown ${USER_NAME}:${USER_NAME} "/home/${USER_NAME}/.ssh/authorized_keys"
55 69
56 # Allow SSH public key authentication
57 sed -i "s|[#]*PubkeyAuthentication.*|PubkeyAuthentication yes|g" "${ETC_DIR}/ssh/sshd_config"
70 if [ "$ENABLE_REDUCE" = false ] || [ "$REDUCE_SSHD" = false ] ; then
71 # Allow SSH public key authentication
72 sed -i "s|[#]*PubkeyAuthentication.*|PubkeyAuthentication yes|g" "${ETC_DIR}/ssh/sshd_config"
73 fi
58 74 fi
59 75 fi
60 76
61 77 # Limit the users that are allowed to login via SSH
62 if [ "$SSH_LIMIT_USERS" = true ] ; then
78 if [ "$SSH_LIMIT_USERS" = true ] && [ "$ENABLE_REDUCE" = false ] ; then
63 79 allowed_users=""
64 80 if [ "$ENABLE_ROOT" = true ] && [ "$SSH_ENABLE_ROOT" = true ] ; then
65 81 allowed_users="root"
@@ -77,11 +93,24 if [ "$ENABLE_SSHD" = true ] ; then
77 93 # Disable password-based authentication
78 94 if [ "$SSH_DISABLE_PASSWORD_AUTH" = true ] ; then
79 95 if [ "$ENABLE_ROOT" = true ] && [ "$SSH_ENABLE_ROOT" = true ] ; then
80 sed -i "s|[#]*PermitRootLogin.*|PermitRootLogin without-password|g" "${ETC_DIR}/ssh/sshd_config"
96 if [ "$ENABLE_REDUCE" = false ] || [ "$REDUCE_SSHD" = false ] ; then
97 sed -i "s|[#]*PermitRootLogin.*|PermitRootLogin without-password|g" "${ETC_DIR}/ssh/sshd_config"
98 else
99 DROPBEAR_ARGS="-g"
100 fi
81 101 fi
82 102
83 sed -i "s|[#]*PasswordAuthentication.*|PasswordAuthentication no|g" "${ETC_DIR}/ssh/sshd_config"
84 sed -i "s|[#]*ChallengeResponseAuthentication no.*|ChallengeResponseAuthentication no|g" "${ETC_DIR}/ssh/sshd_config"
85 sed -i "s|[#]*UsePAM.*|UsePAM no|g" "${ETC_DIR}/ssh/sshd_config"
103 if [ "$ENABLE_REDUCE" = false ] || [ "$REDUCE_SSHD" = false ] ; then
104 sed -i "s|[#]*PasswordAuthentication.*|PasswordAuthentication no|g" "${ETC_DIR}/ssh/sshd_config"
105 sed -i "s|[#]*ChallengeResponseAuthentication no.*|ChallengeResponseAuthentication no|g" "${ETC_DIR}/ssh/sshd_config"
106 sed -i "s|[#]*UsePAM.*|UsePAM no|g" "${ETC_DIR}/ssh/sshd_config"
107 else
108 DROPBEAR_ARGS="${DROPBEAR_ARGS} -s"
109 fi
110 fi
111
112 # Update dropbear SSH configuration
113 if [ "$ENABLE_REDUCE" = true ] && [ "$REDUCE_SSHD" = true ] ; then
114 sed "s|^DROPBEAR_EXTRA_ARGS=.*|DROPBEAR_EXTRA_ARGS=\"${DROPBEAR_ARGS}\"|g" "${ETC_DIR}/default/dropbear"
86 115 fi
87 116 fi
Show file before | Show file after | Hide comments
@@ -5,21 +5,30
5 5 # Load utility functions
6 6 . ./functions.sh
7 7
8 # Install gcc/c++ build environment inside the chroot
9 if [ "$ENABLE_UBOOT" = true ] || [ "$ENABLE_FBTURBO" = true ] ; then
10 COMPILER_PACKAGES=$(chroot_exec apt-get -s install ${COMPILER_PACKAGES} | grep "^Inst " | awk -v ORS=" " '{ print $2 }')
11 chroot_exec apt-get -q -y --force-yes --no-install-recommends install ${COMPILER_PACKAGES}
12 fi
13
14 8 # Fetch and build U-Boot bootloader
15 9 if [ "$ENABLE_UBOOT" = true ] ; then
10 # Install c/c++ build environment inside the chroot
11 chroot_install_cc
12
16 13 # Copy existing U-Boot sources into chroot directory
17 14 if [ -n "$UBOOTSRC_DIR" ] && [ -d "$UBOOTSRC_DIR" ] ; then
18 15 # Copy local U-Boot sources
19 16 cp -r "${UBOOTSRC_DIR}" "${R}/tmp"
20 17 else
18 # Create temporary directory for U-Boot sources
19 temp_dir=$(sudo -u nobody mktemp -d)
20
21 21 # Fetch U-Boot sources
22 git -C "${R}/tmp" clone "${UBOOT_URL}"
22 sudo -u nobody git -C "${temp_dir}" clone "${UBOOT_URL}"
23
24 # Copy downloaded U-Boot sources
25 mv "${temp_dir}/u-boot" "${R}/tmp/"
26
27 # Set permissions of the U-Boot sources
28 chown -R root:root "${R}/tmp/u-boot"
29
30 # Remove temporary directory for U-Boot sources
31 rm -fr "${temp_dir}"
23 32 fi
24 33
25 34 # Build and install U-Boot inside chroot
Show file before | Show file after | Hide comments
@@ -6,11 +6,33
6 6 . ./functions.sh
7 7
8 8 if [ "$ENABLE_FBTURBO" = true ] ; then
9 # Fetch fbturbo driver sources
10 git -C "${R}/tmp" clone "${FBTURBO_URL}"
9 # Install c/c++ build environment inside the chroot
10 chroot_install_cc
11
12 # Copy existing fbturbo sources into chroot directory
13 if [ -n "$FBTURBOSRC_DIR" ] && [ -d "$FBTURBOSRC_DIR" ] ; then
14 # Copy local fbturbo sources
15 cp -r "${FBTURBOSRC_DIR}" "${R}/tmp"
16 else
17 # Create temporary directory for fbturbo sources
18 temp_dir=$(sudo -u nobody mktemp -d)
19
20 # Fetch fbturbo sources
21 sudo -u nobody git -C "${temp_dir}" clone "${FBTURBO_URL}"
22
23 # Move downloaded fbturbo sources
24 mv "${temp_dir}/xf86-video-fbturbo" "${R}/tmp/"
25
26 # Remove temporary directory for fbturbo sources
27 rm -fr "${temp_dir}"
28 fi
11 29
12 30 # Install Xorg build dependencies
13 chroot_exec apt-get -q -y --force-yes --no-install-recommends install xorg-dev xutils-dev x11proto-dri2-dev libltdl-dev libtool automake libdrm-dev
31 if [ "$RELEASE" = "jessie" ] ; then
32 chroot_exec apt-get -q -y --no-install-recommends install xorg-dev xutils-dev x11proto-dri2-dev libltdl-dev libtool automake libdrm-dev
33 elif [ "$RELEASE" = "stretch" ] ; then
34 chroot_exec apt-get -q -y --no-install-recommends --allow-unauthenticated install xorg-dev xutils-dev x11proto-dri2-dev libltdl-dev libtool automake libdrm-dev
35 fi
14 36
15 37 # Build and install fbturbo driver inside chroot
16 38 chroot_exec /bin/bash -x <<'EOF'
@@ -27,8 +49,3 EOF
27 49 # Remove Xorg build dependencies
28 50 chroot_exec apt-get -qq -y --auto-remove purge xorg-dev xutils-dev x11proto-dri2-dev libltdl-dev libtool automake libdrm-dev
29 51 fi
30
31 # Remove gcc/c++ build environment from the chroot
32 if [ "$ENABLE_UBOOT" = true ] || [ "$ENABLE_FBTURBO" = true ] ; then
33 chroot_exec apt-get -qq -y --auto-remove purge ${COMPILER_PACKAGES}
34 fi
Show file before | Show file after | Hide comments
@@ -46,18 +46,23 if [ "$ENABLE_REDUCE" = true ] ; then
46 46
47 47 # Replace bash shell by dash shell (experimental)
48 48 if [ "$REDUCE_BASH" = true ] ; then
49 echo "Yes, do as I say!" | chroot_exec apt-get purge -qq -y --force-yes bash
49 if [ "$RELEASE" = "stretch" ] ; then
50 echo "Yes, do as I say!" | chroot_exec apt-get purge -qq -y --allow-remove-essential bash
51 else
52 echo "Yes, do as I say!" | chroot_exec apt-get purge -qq -y --force-yes bash
53 fi
54
50 55 chroot_exec update-alternatives --install /bin/bash bash /bin/dash 100
51 56 fi
52 57
53 58 # Remove sound utils and libraries
54 59 if [ "$ENABLE_SOUND" = false ] ; then
55 chroot_exec apt-get -qq -y --force-yes purge alsa-utils libsamplerate0 libasound2 libasound2-data
60 chroot_exec apt-get -qq -y purge alsa-utils libsamplerate0 libasound2 libasound2-data
56 61 fi
57 62
58 # Re-install tools for managing kernel moduless
63 # Re-install tools for managing kernel modules
59 64 if [ "$RELEASE" = "jessie" ] ; then
60 chroot_exec apt-get -qq -y --force-yes install module-init-tools
65 chroot_exec apt-get -qq -y install module-init-tools
61 66 fi
62 67
63 68 # Remove GPU kernels
Show file before | Show file after | Hide comments
@@ -53,3 +53,24 use_template () {
53 53 # Load template configuration parameters
54 54 . "./templates/${CONFIG_TEMPLATE}"
55 55 }
56
57 chroot_install_cc() {
58 # Install c/c++ build environment inside the chroot
59 if [ -z "${COMPILER_PACKAGES}" ] ; then
60 COMPILER_PACKAGES=$(chroot_exec apt-get -s install g++ make bc | grep "^Inst " | awk -v ORS=" " '{ print $2 }')
61
62 if [ "$RELEASE" = "jessie" ] ; then
63 chroot_exec apt-get -q -y --no-install-recommends install ${COMPILER_PACKAGES}
64 elif [ "$RELEASE" = "stretch" ] ; then
65 chroot_exec apt-get -q -y --allow-unauthenticated --no-install-recommends install ${COMPILER_PACKAGES}
66 fi
67 fi
68 }
69
70 chroot_remove_cc() {
71 # Remove c/c++ build environment from the chroot
72 if [ ! -z "${COMPILER_PACKAGES}" ] ; then
73 chroot_exec apt-get -qq -y --auto-remove purge ${COMPILER_PACKAGES}
74 COMPILER_PACKAGES=""
75 fi
76 }
Show file before | Show file after | Hide comments
@@ -145,6 +145,7 ENABLE_REDUCE=${ENABLE_REDUCE:=false}
145 145 ENABLE_UBOOT=${ENABLE_UBOOT:=false}
146 146 UBOOTSRC_DIR=${UBOOTSRC_DIR:=""}
147 147 ENABLE_FBTURBO=${ENABLE_FBTURBO:=false}
148 FBTURBOSRC_DIR=${FBTURBOSRC_DIR:=""}
148 149 ENABLE_HARDNET=${ENABLE_HARDNET:=false}
149 150 ENABLE_IPTABLES=${ENABLE_IPTABLES:=false}
150 151 ENABLE_SPLITFS=${ENABLE_SPLITFS:=false}
@@ -194,9 +195,12 APT_INCLUDES=${APT_INCLUDES:=""}
194 195 APT_INCLUDES="${APT_INCLUDES},apt-transport-https,apt-utils,ca-certificates,debian-archive-keyring,dialog,sudo,systemd,sysvinit-utils"
195 196
196 197 # Packages required for bootstrapping
197 REQUIRED_PACKAGES="debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git bc psmisc dbus"
198 REQUIRED_PACKAGES="debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git bc psmisc dbus sudo"
198 199 MISSING_PACKAGES=""
199 200
201 # Packages installed for c/c++ build environment in chroot (keep empty)
202 COMPILER_PACKAGES=""
203
200 204 set +x
201 205
202 206 # Set Raspberry Pi model specific configuration
@@ -226,15 +230,9 if [ ! -z "$DISABLE_UNDERVOLT_WARNINGS" ] ; then
226 230 fi
227 231 fi
228 232
229 # Set compiler packages and build RPi2/3 Linux kernel if required by Debian release
230 if [ "$RELEASE" = "jessie" ] ; then
231 COMPILER_PACKAGES="linux-compiler-gcc-4.8-arm g++ make bc"
232 elif [ "$RELEASE" = "stretch" ] ; then
233 COMPILER_PACKAGES="g++ make bc"
233 # Build RPi2/3 Linux kernel if required by Debian release
234 if [ "$RELEASE" = "stretch" ] ; then
234 235 BUILD_KERNEL=true
235 else
236 echo "error: Debian release ${RELEASE} is not supported!"
237 exit 1
238 236 fi
239 237
240 238 # Add packages required for kernel cross compilation
@@ -334,6 +332,12 if [ -n "$UBOOTSRC_DIR" ] && [ ! -d "$UBOOTSRC_DIR" ] ; then
334 332 exit 1
335 333 fi
336 334
335 # Check if specified FBTURBOSRC_DIR directory exists
336 if [ -n "$FBTURBOSRC_DIR" ] && [ ! -d "$FBTURBOSRC_DIR" ] ; then
337 echo "error: '${FBTURBOSRC_DIR}' specified directory not found (FBTURBOSRC_DIR)!"
338 exit 1
339 fi
340
337 341 # Check if specified CHROOT_SCRIPTS directory exists
338 342 if [ -n "$CHROOT_SCRIPTS" ] && [ ! -d "$CHROOT_SCRIPTS" ] ; then
339 343 echo "error: ${CHROOT_SCRIPTS} specified directory not found (CHROOT_SCRIPTS)!"
@@ -474,6 +478,9 EOF
474 478 rm -rf "${R}/chroot_scripts"
475 479 fi
476 480
481 # Remove c/c++ build environment from the chroot
482 chroot_remove_cc
483
477 484 # Remove apt-utils
478 485 if [ "$RELEASE" = "jessie" ] ; then
479 486 chroot_exec apt-get purge -qq -y --force-yes apt-utils
@@ -567,8 +574,9 if [ "$ENABLE_CRYPTFS" = true ] ; then
567 574 mkfs.ext4 "$ROOT_LOOP"
568 575
569 576 # Setup password keyfile
570 echo -n ${CRYPTFS_PASSWORD} > .password
577 touch .password
571 578 chmod 600 .password
579 echo -n ${CRYPTFS_PASSWORD} > .password
572 580
573 581 # Initialize encrypted partition
574 582 echo "YES" | cryptsetup luksFormat "${ROOT_LOOP}" -c "${CRYPTFS_CIPHER}" -s "${CRYPTFS_XTSKEYSIZE}" .password
General Comments 0
Vous devez vous connecter pour laisser un commentaire. Se connecter maintenant