##// END OF EJS Templates
Raspi2-3_GenImage
RSS

Cloner depuis https://github.com/drtyhlpr/rpi23-gen-image.git

Updated: Dropping privileges, chroot compiler install, dropbear sshd config
drtyhlpr -
r142:14de70396904
parent child
Show More
Show file before | Show file after | Hide comments
@@ -1,422 +1,425
1 1 # rpi23-gen-image
2 2 ## Introduction
3 3 `rpi23-gen-image.sh` is an advanced Debian Linux bootstrapping shell script for generating Debian OS images for Raspberry Pi 2 (RPi2) and Raspberry Pi 3 (RPi3) computers. The script at this time supports the bootstrapping of the Debian (armhf) releases `jessie` and `stretch`. Raspberry Pi 3 images are currently generated for 32-bit mode only.
4 4
5 5 ## Build dependencies
6 6 The following list of Debian packages must be installed on the build system because they are essentially required for the bootstrapping process. The script will check if all required packages are installed and missing packages will be installed automatically if confirmed by the user.
7 7
8 ```debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git bc psmisc dbus```
8 ```debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git bc psmisc dbus sudo```
9 9
10 10 It is recommended to configure the `rpi23-gen-image.sh` script to build and install the latest Raspberry Pi Linux kernel. For the RPi3 this is mandetory. Kernel compilation and linking will be performed on the build system using an ARM (armhf) cross-compiler toolchain.
11 11
12 12 The script has been tested using the default `crossbuild-essential-armhf` toolchain meta package on Debian Linux `jessie` and `stretch` build systems. Please check the [Debian CrossToolchains Wiki](https://wiki.debian.org/CrossToolchains) for further information.
13 13
14 14 If a Debian Linux `jessie` build system is used it will be required to add the [Debian Cross-toolchains repository](http://emdebian.org/tools/debian/) first:
15 15
16 16 ```
17 17 echo "deb http://emdebian.org/tools/debian/ jessie main" > /etc/apt/sources.list.d/crosstools.list
18 18 sudo -u nobody wget -O - http://emdebian.org/tools/debian/emdebian-toolchain-archive.key | apt-key add -
19 19 dpkg --add-architecture armhf
20 20 apt-get update
21 21 ```
22 22
23 23 ## Command-line parameters
24 24 The script accepts certain command-line parameters to enable or disable specific OS features, services and configuration settings. These parameters are passed to the `rpi23-gen-image.sh` script via (simple) shell-variables. Unlike environment shell-variables (simple) shell-variables are defined at the beginning of the command-line call of the `rpi23-gen-image.sh` script.
25 25
26 26 #####Command-line examples:
27 27 ```shell
28 28 ENABLE_UBOOT=true ./rpi23-gen-image.sh
29 29 ENABLE_CONSOLE=false ENABLE_IPV6=false ./rpi23-gen-image.sh
30 30 ENABLE_WM=xfce4 ENABLE_FBTURBO=true ENABLE_MINBASE=true ./rpi23-gen-image.sh
31 31 ENABLE_HARDNET=true ENABLE_IPTABLES=true /rpi23-gen-image.sh
32 32 APT_SERVER=ftp.de.debian.org APT_PROXY="http://127.0.0.1:3142/" ./rpi23-gen-image.sh
33 33 ENABLE_MINBASE=true ./rpi23-gen-image.sh
34 34 BUILD_KERNEL=true ENABLE_MINBASE=true ENABLE_IPV6=false ./rpi23-gen-image.sh
35 35 BUILD_KERNEL=true KERNELSRC_DIR=/tmp/linux ./rpi23-gen-image.sh
36 36 ENABLE_MINBASE=true ENABLE_REDUCE=true ENABLE_MINGPU=true BUILD_KERNEL=true ./rpi23-gen-image.sh
37 37 ENABLE_CRYPTFS=true CRYPTFS_PASSWORD=changeme EXPANDROOT=false ENABLE_MINBASE=true ENABLE_REDUCE=true ENABLE_MINGPU=true BUILD_KERNEL=true ./rpi23-gen-image.sh
38 38 RELEASE=stretch BUILD_KERNEL=true ./rpi23-gen-image.sh
39 39 RPI_MODEL=3 ENABLE_WIRELESS=true ENABLE_MINBASE=true BUILD_KERNEL=true ./rpi23-gen-image.sh
40 40 RELEASE=stretch RPI_MODEL=3 ENABLE_WIRELESS=true ENABLE_MINBASE=true BUILD_KERNEL=true ./rpi23-gen-image.sh
41 41 ```
42 42
43 43 ## Configuration template files
44 44 To avoid long lists of command-line parameters and to help to store the favourite parameter configurations the `rpi23-gen-image.sh` script supports so called configuration template files (`CONFIG_TEMPLATE`=template). These are simple text files located in the `./templates` directory that contain the list of configuration parameters that will be used. New configuration template files can be added to the `./templates` directory.
45 45
46 46 #####Command-line examples:
47 47 ```shell
48 48 CONFIG_TEMPLATE=rpi3stretch ./rpi23-gen-image.sh
49 49 CONFIG_TEMPLATE=rpi2stretch ./rpi23-gen-image.sh
50 50 ```
51 51
52 52 ## Supported parameters and settings
53 53 #### APT settings:
54 54 ##### `APT_SERVER`="ftp.debian.org"
55 55 Set Debian packages server address. Choose a server from the list of Debian worldwide [mirror sites](https://www.debian.org/mirror/list). Using a nearby server will probably speed-up all required downloads within the bootstrapping process.
56 56
57 57 ##### `APT_PROXY`=""
58 58 Set Proxy server address. Using a local Proxy-Cache like `apt-cacher-ng` will speed-up the bootstrapping process because all required Debian packages will only be downloaded from the Debian mirror site once.
59 59
60 60 ##### `APT_INCLUDES`=""
61 61 A comma separated list of additional packages to be installed during bootstrapping.
62 62
63 63 ---
64 64
65 65 #### General system settings:
66 66 ##### `RPI_MODEL`=2
67 67 Specifiy the target Raspberry Pi hardware model. The script at this time supports the Raspberry Pi models `2` and `3`. `BUILD_KERNEL`=true will automatically be set if the Raspberry Pi model `3` is used.
68 68
69 69 ##### `RELEASE`="jessie"
70 70 Set the desired Debian release name. The script at this time supports the bootstrapping of the Debian releases "jessie" and "stretch". `BUILD_KERNEL`=true will automatically be set if the Debian release `stretch` is used.
71 71
72 72 ##### `HOSTNAME`="rpi$RPI_MODEL-$RELEASE"
73 73 Set system host name. It's recommended that the host name is unique in the corresponding subnet.
74 74
75 75 ##### `PASSWORD`="raspberry"
76 76 Set system `root` password. It's **STRONGLY** recommended that you choose a custom password.
77 77
78 78 ##### `USER_PASSWORD`="raspberry"
79 79 Set password for the created non-root user `USER_NAME`=pi. Ignored if `ENABLE_USER`=false. It's **STRONGLY** recommended that you choose a custom password.
80 80
81 81 ##### `DEFLOCAL`="en_US.UTF-8"
82 82 Set default system locale. This setting can also be changed inside the running OS using the `dpkg-reconfigure locales` command. Please note that on using this parameter the script will automatically install the required packages `locales`, `keyboard-configuration` and `console-setup`.
83 83
84 84 ##### `TIMEZONE`="Europe/Berlin"
85 85 Set default system timezone. All available timezones can be found in the `/usr/share/zoneinfo/` directory. This setting can also be changed inside the running OS using the `dpkg-reconfigure tzdata` command.
86 86
87 87 ##### `EXPANDROOT`=true
88 88 Expand the root partition and filesystem automatically on first boot.
89 89
90 90 ---
91 91
92 92 #### Keyboard settings:
93 93 These options are used to configure keyboard layout in `/etc/default/keyboard` for console and Xorg. These settings can also be changed inside the running OS using the `dpkg-reconfigure keyboard-configuration` command.
94 94
95 95 ##### `XKB_MODEL`=""
96 96 Set the name of the model of your keyboard type.
97 97
98 98 ##### `XKB_LAYOUT`=""
99 99 Set the supported keyboard layout(s).
100 100
101 101 ##### `XKB_VARIANT`=""
102 102 Set the supported variant(s) of the keyboard layout(s).
103 103
104 104 ##### `XKB_OPTIONS`=""
105 105 Set extra xkb configuration options.
106 106
107 107 ---
108 108
109 109 #### Networking settings (DHCP):
110 110 This parameter is used to set up networking auto configuration in `/etc/systemd/network/eth.network`. The default location of network configuration files in the Debian `stretch` release was changed to `/lib/systemd/network`.`
111 111
112 112 #####`ENABLE_DHCP`=true
113 113 Set the system to use DHCP. This requires an DHCP server.
114 114
115 115 ---
116 116
117 117 #### Networking settings (static):
118 118 These parameters are used to set up a static networking configuration in `/etc/systemd/network/eth.network`. The following static networking parameters are only supported if `ENABLE_DHCP` was set to `false`. The default location of network configuration files in the Debian `stretch` release was changed to `/lib/systemd/network`.
119 119
120 120 #####`NET_ADDRESS`=""
121 121 Set a static IPv4 or IPv6 address and its prefix, separated by "/", eg. "192.169.0.3/24".
122 122
123 123 #####`NET_GATEWAY`=""
124 124 Set the IP address for the default gateway.
125 125
126 126 #####`NET_DNS_1`=""
127 127 Set the IP address for the first DNS server.
128 128
129 129 #####`NET_DNS_2`=""
130 130 Set the IP address for the second DNS server.
131 131
132 132 #####`NET_DNS_DOMAINS`=""
133 133 Set the default DNS search domains to use for non fully qualified host names.
134 134
135 135 #####`NET_NTP_1`=""
136 136 Set the IP address for the first NTP server.
137 137
138 138 #####`NET_NTP_2`=""
139 139 Set the IP address for the second NTP server.
140 140
141 141 ---
142 142
143 143 #### Basic system features:
144 144 ##### `ENABLE_CONSOLE`=true
145 145 Enable serial console interface. Recommended if no monitor or keyboard is connected to the RPi2/3. In case of problems fe. if the network (auto) configuration failed - the serial console can be used to access the system.
146 146
147 147 ##### `ENABLE_I2C`=false
148 148 Enable I2C interface on the RPi2/3. Please check the [RPi2/3 pinout diagrams](http://elinux.org/RPi_Low-level_peripherals) to connect the right GPIO pins.
149 149
150 150 ##### `ENABLE_SPI`=false
151 151 Enable SPI interface on the RPi2/3. Please check the [RPi2/3 pinout diagrams](http://elinux.org/RPi_Low-level_peripherals) to connect the right GPIO pins.
152 152
153 153 ##### `ENABLE_IPV6`=true
154 154 Enable IPv6 support. The network interface configuration is managed via systemd-networkd.
155 155
156 156 ##### `ENABLE_SSHD`=true
157 157 Install and enable OpenSSH service. The default configuration of the service doesn't allow `root` to login. Please use the user `pi` instead and `su -` or `sudo` to execute commands as root.
158 158
159 159 ##### `ENABLE_NONFREE`=false
160 160 Allow the installation of non-free Debian packages that do not comply with the DFSG. This is required to install closed-source firmware binary blobs.
161 161
162 162 ##### `ENABLE_WIRELESS`=false
163 163 Download and install the [closed-source firmware binary blob](https://github.com/RPi-Distro/firmware-nonfree/tree/master/brcm80211/brcm) that is required to run the internal wireless interface of the Raspberry Pi model `3`. This parameter is ignored if the specified `RPI_MODEL` is not `3`.
164 164
165 165 ##### `ENABLE_RSYSLOG`=true
166 166 If set to false, disable and uninstall rsyslog (so logs will be available only
167 167 in journal files)
168 168
169 169 ##### `ENABLE_SOUND`=true
170 170 Enable sound hardware and install Advanced Linux Sound Architecture.
171 171
172 172 ##### `ENABLE_HWRANDOM`=true
173 173 Enable Hardware Random Number Generator. Strong random numbers are important for most network based communications that use encryption. It's recommended to be enabled.
174 174
175 175 ##### `ENABLE_MINGPU`=false
176 176 Minimize the amount of shared memory reserved for the GPU. It doesn't seem to be possible to fully disable the GPU.
177 177
178 178 ##### `ENABLE_DBUS`=true
179 179 Install and enable D-Bus message bus. Please note that systemd should work without D-bus but it's recommended to be enabled.
180 180
181 181 ##### `ENABLE_XORG`=false
182 182 Install Xorg open-source X Window System.
183 183
184 184 ##### `ENABLE_WM`=""
185 185 Install a user defined window manager for the X Window System. To make sure all X related package dependencies are getting installed `ENABLE_XORG` will automatically get enabled if `ENABLE_WM` is used. The `rpi23-gen-image.sh` script has been tested with the following list of window managers: `blackbox`, `openbox`, `fluxbox`, `jwm`, `dwm`, `xfce4`, `awesome`.
186 186
187 187 ---
188 188
189 189 #### Advanced system features:
190 190 ##### `ENABLE_MINBASE`=false
191 191 Use debootstrap script variant `minbase` which only includes essential packages and apt. This will reduce the disk usage by about 65 MB.
192 192
193 193 ##### `ENABLE_REDUCE`=false
194 194 Reduce the disk space usage by deleting packages and files. See `REDUCE_*` parameters for detailed information.
195 195
196 196 ##### `ENABLE_UBOOT`=false
197 197 Replace the default RPi2/3 second stage bootloader (bootcode.bin) with [U-Boot bootloader](http://git.denx.de/?p=u-boot.git;a=summary). U-Boot can boot images via the network using the BOOTP/TFTP protocol.
198 198
199 199 ##### `UBOOTSRC_DIR`=""
200 Path to a directory of [U-Boot bootloader sources](http://git.denx.de/?p=u-boot.git;a=summary) that will be copied, configured, build and installed inside the chroot.
200 Path to a directory (`u-boot`) of [U-Boot bootloader sources](http://git.denx.de/?p=u-boot.git;a=summary) that will be copied, configured, build and installed inside the chroot.
201 201
202 202 ##### `ENABLE_FBTURBO`=false
203 203 Install and enable the [hardware accelerated Xorg video driver](https://github.com/ssvb/xf86-video-fbturbo) `fbturbo`. Please note that this driver is currently limited to hardware accelerated window moving and scrolling.
204 204
205 ##### `FBTURBOSRC_DIR`=""
206 Path to a directory (`xf86-video-fbturbo`) of [hardware accelerated Xorg video driver sources](https://github.com/ssvb/xf86-video-fbturbo) that will be copied, configured, build and installed inside the chroot.
207
205 208 ##### `ENABLE_IPTABLES`=false
206 209 Enable iptables IPv4/IPv6 firewall. Simplified ruleset: Allow all outgoing connections. Block all incoming connections except to OpenSSH service.
207 210
208 211 ##### `ENABLE_USER`=true
209 212 Create non-root user with password `USER_PASSWORD`=raspberry. Unless overridden with `USER_NAME`=user, username will be `pi`.
210 213
211 214 ##### `USER_NAME`=pi
212 215 Non-root user to create. Ignored if `ENABLE_USER`=false
213 216
214 217 ##### `ENABLE_ROOT`=false
215 218 Set root user password so root login will be enabled
216 219
217 220 ##### `ENABLE_HARDNET`=false
218 221 Enable IPv4/IPv6 network stack hardening settings.
219 222
220 223 ##### `ENABLE_SPLITFS`=false
221 224 Enable having root partition on an USB drive by creating two image files: one for the `/boot/firmware` mount point, and another for `/`.
222 225
223 226 ##### `CHROOT_SCRIPTS`=""
224 227 Path to a directory with scripts that should be run in the chroot before the image is finally built. Every executable file in this directory is run in lexicographical order.
225 228
226 229 ##### `ENABLE_INITRAMFS`=false
227 230 Create an initramfs that that will be loaded during the Linux startup process. `ENABLE_INITRAMFS` will automatically get enabled if `ENABLE_CRYPTFS`=true. This parameter will be ignored if `BUILD_KERNEL`=false.
228 231
229 232 ##### `ENABLE_IFNAMES`=true
230 233 Enable automatic assignment of predictable, stable network interface names for all local Ethernet, WLAN interfaces. This might create complex and long interface names. This parameter is only supported if the Debian release `stretch` is used.
231 234
232 235 ##### `DISABLE_UNDERVOLT_WARNINGS`=
233 236 Disable RPi2/3 under-voltage warnings and overlays. Setting the parameter to `1` will disable the warning overlay. Setting it to `2` will additionally allow RPi2/3 turbo mode when low-voltage is present.
234 237
235 238 ---
236 239
237 240 #### SSH settings:
238 241 ##### `SSH_ENABLE_ROOT`=false
239 242 Enable password root login via SSH. This may be a security risk with default password, use only in trusted environments. `ENABLE_ROOT` must be set to `true`.
240 243
241 244 ##### `SSH_DISABLE_PASSWORD_AUTH`=false
242 245 Disable password based SSH authentication. Only public key based SSH (v2) authentication will be supported.
243 246
244 247 ##### `SSH_LIMIT_USERS`=false
245 Limit the users that are allowed to login via SSH. Only allow user `USER_NAME`=pi and root if `SSH_ENABLE_ROOT`=true to login.
248 Limit the users that are allowed to login via SSH. Only allow user `USER_NAME`=pi and root if `SSH_ENABLE_ROOT`=true to login. This parameter will be ignored if `dropbear` SSH is used (`REDUCE_SSHD`=true).
246 249
247 250 ##### `SSH_ROOT_PUB_KEY`=""
248 251 Add SSH (v2) public key(s) from specified file to `authorized_keys` file to enable public key based SSH (v2) authentication of user `root`. The specified file can also contain multiple SSH (v2) public keys. SSH protocol version 1 is not supported. `ENABLE_ROOT` **and** `SSH_ENABLE_ROOT` must be set to `true`.
249 252
250 253 ##### `SSH_USER_PUB_KEY`=""
251 254 Add SSH (v2) public key(s) from specified file to `authorized_keys` file to enable public key based SSH (v2) authentication of user `USER_NAME`=pi. The specified file can also contain multiple SSH (v2) public keys. SSH protocol version 1 is not supported.
252 255
253 256 ---
254 257
255 258 #### Kernel compilation:
256 259 ##### `BUILD_KERNEL`=false
257 260 Build and install the latest RPi2/3 Linux kernel. Currently only the default RPi2/3 kernel configuration is used. `BUILD_KERNEL`=true will automatically be set if the Raspberry Pi model `3` is used.
258 261
259 262 ##### `KERNEL_REDUCE`=false
260 263 Reduce the size of the generated kernel by removing unwanted device, network and filesystem drivers (experimental).
261 264
262 265 ##### `KERNEL_THREADS`=1
263 266 Number of parallel kernel building threads. If the parameter is left untouched the script will automatically determine the number of CPU cores to set the number of parallel threads to speed the kernel compilation.
264 267
265 268 ##### `KERNEL_HEADERS`=true
266 269 Install kernel headers with built kernel.
267 270
268 271 ##### `KERNEL_MENUCONFIG`=false
269 272 Start `make menuconfig` interactive menu-driven kernel configuration. The script will continue after `make menuconfig` was terminated.
270 273
271 274 ##### `KERNEL_REMOVESRC`=true
272 275 Remove all kernel sources from the generated OS image after it was built and installed.
273 276
274 277 ##### `KERNELSRC_DIR`=""
275 Path to a directory of [RaspberryPi Linux kernel sources](https://github.com/raspberrypi/linux) that will be copied, configured, build and installed inside the chroot.
278 Path to a directory (`linux`) of [RaspberryPi Linux kernel sources](https://github.com/raspberrypi/linux) that will be copied, configured, build and installed inside the chroot.
276 279
277 280 ##### `KERNELSRC_CLEAN`=false
278 281 Clean the existing kernel sources directory `KERNELSRC_DIR` (using `make mrproper`) after it was copied to the chroot and before the compilation of the kernel has started. This parameter will be ignored if no `KERNELSRC_DIR` was specified or if `KERNELSRC_PREBUILT`=true.
279 282
280 283 ##### `KERNELSRC_CONFIG`=true
281 284 Run `make bcm2709_defconfig` (and optional `make menuconfig`) to configure the kernel sources before building. This parameter is automatically set to `true` if no existing kernel sources directory was specified using `KERNELSRC_DIR`. This parameter is ignored if `KERNELSRC_PREBUILT`=true.
282 285
283 286 ##### `KERNELSRC_USRCONFIG`=""
284 287 Copy own config file to kernel `.config`. If `KERNEL_MENUCONFIG`=true then running after copy.
285 288
286 289 ##### `KERNELSRC_PREBUILT`=false
287 290 With this parameter set to true the script expects the existing kernel sources directory to be already successfully cross-compiled. The parameters `KERNELSRC_CLEAN`, `KERNELSRC_CONFIG`, `KERNELSRC_USRCONFIG` and `KERNEL_MENUCONFIG` are ignored and no kernel compilation tasks are performed.
288 291
289 292 ##### `RPI_FIRMWARE_DIR`=""
290 The directory containing a local copy of the firmware from the [RaspberryPi firmware project](https://github.com/raspberrypi/firmware). Default is to download the latest firmware directly from the project.
293 The directory (`firmware`) containing a local copy of the firmware from the [RaspberryPi firmware project](https://github.com/raspberrypi/firmware). Default is to download the latest firmware directly from the project.
291 294
292 295 ---
293 296
294 297 #### Reduce disk usage:
295 298 The following list of parameters is ignored if `ENABLE_REDUCE`=false.
296 299
297 300 ##### `REDUCE_APT`=true
298 301 Configure APT to use compressed package repository lists and no package caching files.
299 302
300 303 ##### `REDUCE_DOC`=true
301 304 Remove all doc files (harsh). Configure APT to not include doc files on future `apt-get` package installations.
302 305
303 306 ##### `REDUCE_MAN`=true
304 307 Remove all man pages and info files (harsh). Configure APT to not include man pages on future `apt-get` package installations.
305 308
306 309 ##### `REDUCE_VIM`=false
307 310 Replace `vim-tiny` package by `levee` a tiny vim clone.
308 311
309 312 ##### `REDUCE_BASH`=false
310 313 Remove `bash` package and switch to `dash` shell (experimental).
311 314
312 315 ##### `REDUCE_HWDB`=true
313 316 Remove PCI related hwdb files (experimental).
314 317
315 318 ##### `REDUCE_SSHD`=true
316 319 Replace `openssh-server` with `dropbear`.
317 320
318 321 ##### `REDUCE_LOCALE`=true
319 322 Remove all `locale` translation files.
320 323
321 324 ---
322 325
323 326 #### Encrypted root partition:
324 327 ##### `ENABLE_CRYPTFS`=false
325 328 Enable full system encryption with dm-crypt. Setup a fully LUKS encrypted root partition (aes-xts-plain64:sha512) and generate required initramfs. The /boot directory will not be encrypted. This parameter will be ignored if `BUILD_KERNEL`=false. `ENABLE_CRYPTFS` is experimental. SSH-to-initramfs is currently not supported but will be soon - feel free to help.
326 329
327 330 ##### `CRYPTFS_PASSWORD`=""
328 331 Set password of the encrypted root partition. This parameter is mandatory if `ENABLE_CRYPTFS`=true.
329 332
330 333 ##### `CRYPTFS_MAPPING`="secure"
331 334 Set name of dm-crypt managed device-mapper mapping.
332 335
333 336 ##### `CRYPTFS_CIPHER`="aes-xts-plain64:sha512"
334 337 Set cipher specification string. `aes-xts*` ciphers are strongly recommended.
335 338
336 339 ##### `CRYPTFS_XTSKEYSIZE`=512
337 340 Sets key size in bits. The argument has to be a multiple of 8.
338 341
339 342 ---
340 343
341 344 #### Build settings:
342 345 ##### `BASEDIR`=$(pwd)/images/${RELEASE}
343 346 Set a path to a working directory used by the script to generate an image.
344 347
345 348 ##### `IMAGE_NAME`=${BASEDIR}/${DATE}-rpi${RPI_MODEL}-${RELEASE}
346 349 Set a filename for the output file(s). Note: the script will create $IMAGE_NAME.img if `ENABLE_SPLITFS`=false or $IMAGE_NAME-frmw.img and $IMAGE_NAME-root.img if `ENABLE_SPLITFS`=true.
347 350
348 351 ## Understanding the script
349 352 The functions of this script that are required for the different stages of the bootstrapping are split up into single files located inside the `bootstrap.d` directory. During the bootstrapping every script in this directory gets executed in lexicographical order:
350 353
351 354 | Script | Description |
352 355 | --- | --- |
353 356 | `10-bootstrap.sh` | Debootstrap basic system |
354 357 | `11-apt.sh` | Setup APT repositories |
355 358 | `12-locale.sh` | Setup Locales and keyboard settings |
356 359 | `13-kernel.sh` | Build and install RPi2/3 Kernel |
357 360 | `14-fstab.sh` | Setup fstab and initramfs |
358 361 | `15-rpi-config.sh` | Setup RPi2/3 config and cmdline |
359 362 | `20-networking.sh` | Setup Networking |
360 363 | `21-firewall.sh` | Setup Firewall |
361 364 | `30-security.sh` | Setup Users and Security settings |
362 365 | `31-logging.sh` | Setup Logging |
363 366 | `32-sshd.sh` | Setup SSH and public keys |
364 367 | `41-uboot.sh` | Build and Setup U-Boot |
365 368 | `42-fbturbo.sh` | Build and Setup fbturbo Xorg driver |
366 369 | `50-firstboot.sh` | First boot actions |
367 370 | `99-reduce.sh` | Reduce the disk space usage |
368 371
369 372 All the required configuration files that will be copied to the generated OS image are located inside the `files` directory. It is not recommended to modify these configuration files manually.
370 373
371 374 | Directory | Description |
372 375 | --- | --- |
373 376 | `apt` | APT management configuration files |
374 377 | `boot` | Boot and RPi2/3 configuration files |
375 378 | `dpkg` | Package Manager configuration |
376 379 | `etc` | Configuration files and rc scripts |
377 380 | `firstboot` | Scripts that get executed on first boot |
378 381 | `initramfs` | Initramfs scripts |
379 382 | `iptables` | Firewall configuration files |
380 383 | `locales` | Locales configuration |
381 384 | `modules` | Kernel Modules configuration |
382 385 | `mount` | Fstab configuration |
383 386 | `network` | Networking configuration files |
384 387 | `sysctl.d` | Swapping and Network Hardening configuration |
385 388 | `xorg` | fbturbo Xorg driver configuration |
386 389
387 390 ## Custom packages and scripts
388 391 Debian custom packages, i.e. those not in the debian repositories, can be installed by placing them in the `packages` directory. They are installed immediately after packages from the repositories are installed. Any dependencies listed in the custom packages will be downloaded automatically from the repositories. Do not list these custom packages in `APT_INCLUDES`.
389 392
390 393 Scripts in the custom.d directory will be executed after all other installation is complete but before the image is created.
391 394
392 395 ## Logging of the bootstrapping process
393 396 All information related to the bootstrapping process and the commands executed by the `rpi23-gen-image.sh` script can easily be saved into a logfile. The common shell command `script` can be used for this purpose:
394 397
395 398 ```shell
396 399 script -c 'APT_SERVER=ftp.de.debian.org ./rpi23-gen-image.sh' ./build.log
397 400 ```
398 401
399 402 ## Flashing the image file
400 403 After the image file was successfully created by the `rpi23-gen-image.sh` script it can be copied to the microSD card that will be used by the RPi2/3 computer. This can be performed by using the tools `bmaptool` or `dd`. Using `bmaptool` will probably speed-up the copy process because `bmaptool` copies more wisely than `dd`.
401 404
402 405 #####Flashing examples:
403 406 ```shell
404 407 bmaptool copy ./images/jessie/2017-01-23-rpi3-jessie.img /dev/mmcblk0
405 408 dd bs=4M if=./images/jessie/2017-01-23-rpi3-jessie.img of=/dev/mmcblk0
406 409 ```
407 410 If you have set `ENABLE_SPLITFS`, copy the `-frmw` image on the microSD card, then the `-root` one on the USB drive:
408 411 ```shell
409 412 bmaptool copy ./images/jessie/2017-01-23-rpi3-jessie-frmw.img /dev/mmcblk0
410 413 bmaptool copy ./images/jessie/2017-01-23-rpi3-jessie-root.img /dev/sdc
411 414 ```
412 415
413 416 ## External links and references
414 417 * [Debian worldwide mirror sites](https://www.debian.org/mirror/list)
415 418 * [Debian Raspberry Pi 2 Wiki](https://wiki.debian.org/RaspberryPi2)
416 419 * [Debian CrossToolchains Wiki](https://wiki.debian.org/CrossToolchains)
417 420 * [Official Raspberry Pi Firmware on github](https://github.com/raspberrypi/firmware)
418 421 * [Official Raspberry Pi Kernel on github](https://github.com/raspberrypi/linux)
419 422 * [U-BOOT git repository](http://git.denx.de/?p=u-boot.git;a=summary)
420 423 * [Xorg DDX driver fbturbo](https://github.com/ssvb/xf86-video-fbturbo)
421 424 * [RPi3 Wireless interface firmware](https://github.com/RPi-Distro/firmware-nonfree/tree/master/brcm80211/brcm)
422 425 * [Collabora RPi2 Kernel precompiled](https://repositories.collabora.co.uk/debian/)
Show file before | Show file after | Hide comments
@@ -1,51 +1,51
1 1 #
2 2 # Setup APT repositories
3 3 #
4 4
5 5 # Load utility functions
6 6 . ./functions.sh
7 7
8 8 # Install and setup APT proxy configuration
9 9 if [ -z "$APT_PROXY" ] ; then
10 10 install_readonly files/apt/10proxy "${ETC_DIR}/apt/apt.conf.d/10proxy"
11 11 sed -i "s/\"\"/\"${APT_PROXY}\"/" "${ETC_DIR}/apt/apt.conf.d/10proxy"
12 12 fi
13 13
14 14 if [ "$BUILD_KERNEL" = false ] ; then
15 15 # Install APT pinning configuration for flash-kernel package
16 16 install_readonly files/apt/flash-kernel "${ETC_DIR}/apt/preferences.d/flash-kernel"
17 17
18 18 # Install APT sources.list
19 19 install_readonly files/apt/sources.list "${ETC_DIR}/apt/sources.list"
20 20 echo "deb ${COLLABORA_URL} ${RELEASE} rpi2" >> "${ETC_DIR}/apt/sources.list"
21 21
22 22 # Upgrade collabora package index and install collabora keyring
23 23 chroot_exec apt-get -qq -y update
24 chroot_exec apt-get -qq -y --force-yes install collabora-obs-archive-keyring
24 chroot_exec apt-get -qq -y --allow-unauthenticated install collabora-obs-archive-keyring
25 25 else # BUILD_KERNEL=true
26 26 # Install APT sources.list
27 27 install_readonly files/apt/sources.list "${ETC_DIR}/apt/sources.list"
28 28
29 29 # Use specified APT server and release
30 30 sed -i "s/\/ftp.debian.org\//\/${APT_SERVER}\//" "${ETC_DIR}/apt/sources.list"
31 31 sed -i "s/ jessie/ ${RELEASE}/" "${ETC_DIR}/apt/sources.list"
32 32 fi
33 33
34 34 # Allow the installation of non-free Debian packages
35 35 if [ "$ENABLE_NONFREE" = true ] ; then
36 36 sed -i "s/ contrib/ contrib non-free/" "${ETC_DIR}/apt/sources.list"
37 37 fi
38 38
39 39 # Upgrade package index and update all installed packages and changed dependencies
40 40 chroot_exec apt-get -qq -y update
41 41 chroot_exec apt-get -qq -y -u dist-upgrade
42 42
43 43 if [ -d packages ] ; then
44 44 for package in packages/*.deb ; do
45 45 cp $package ${R}/tmp
46 46 chroot_exec dpkg --unpack /tmp/$(basename $package)
47 47 done
48 48 fi
49 49 chroot_exec apt-get -qq -y -f install
50 50
51 51 chroot_exec apt-get -qq -y check
Show file before | Show file after | Hide comments
@@ -1,160 +1,172
1 1 #
2 2 # Build and Setup RPi2/3 Kernel
3 3 #
4 4
5 5 # Load utility functions
6 6 . ./functions.sh
7 7
8 8 # Fetch and build latest raspberry kernel
9 9 if [ "$BUILD_KERNEL" = true ] ; then
10 10 # Setup source directory
11 11 mkdir -p "${R}/usr/src"
12 12
13 13 # Copy existing kernel sources into chroot directory
14 14 if [ -n "$KERNELSRC_DIR" ] && [ -d "$KERNELSRC_DIR" ] ; then
15 15 # Copy kernel sources
16 16 cp -r "${KERNELSRC_DIR}" "${R}/usr/src"
17 17
18 18 # Clean the kernel sources
19 19 if [ "$KERNELSRC_CLEAN" = true ] && [ "$KERNELSRC_PREBUILT" = false ] ; then
20 20 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" mrproper
21 21 fi
22 22 else # KERNELSRC_DIR=""
23 # Fetch current raspberrypi kernel sources
24 git -C "${R}/usr/src" clone --depth=1 "${KERNEL_URL}"
23 # Create temporary directory for kernel sources
24 temp_dir=$(sudo -u nobody mktemp -d)
25
26 # Fetch current RPi2/3 kernel sources
27 sudo -u nobody git -C "${temp_dir}" clone --depth=1 "${KERNEL_URL}"
28
29 # Copy downloaded kernel sources
30 mv "${temp_dir}/linux" "${R}/usr/src/"
31
32 # Remove temporary directory for kernel sources
33 rm -fr "${temp_dir}"
34
35 # Set permissions of the kernel sources
36 chown -R root:root "${R}/usr/src"
25 37 fi
26 38
27 39 # Calculate optimal number of kernel building threads
28 40 if [ "$KERNEL_THREADS" = "1" ] && [ -r /proc/cpuinfo ] ; then
29 41 KERNEL_THREADS=$(grep -c processor /proc/cpuinfo)
30 42 fi
31 43
32 44 # Configure and build kernel
33 45 if [ "$KERNELSRC_PREBUILT" = false ] ; then
34 46 # Remove device, network and filesystem drivers from kernel configuration
35 47 if [ "$KERNEL_REDUCE" = true ] ; then
36 48 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" "${KERNEL_DEFCONFIG}"
37 49 sed -i\
38 50 -e "s/\(^CONFIG_SND.*\=\).*/\1n/"\
39 51 -e "s/\(^CONFIG_SOUND.*\=\).*/\1n/"\
40 52 -e "s/\(^CONFIG_AC97.*\=\).*/\1n/"\
41 53 -e "s/\(^CONFIG_VIDEO_.*\=\).*/\1n/"\
42 54 -e "s/\(^CONFIG_MEDIA_TUNER.*\=\).*/\1n/"\
43 55 -e "s/\(^CONFIG_DVB.*\=\)[ym]/\1n/"\
44 56 -e "s/\(^CONFIG_REISERFS.*\=\).*/\1n/"\
45 57 -e "s/\(^CONFIG_JFS.*\=\).*/\1n/"\
46 58 -e "s/\(^CONFIG_XFS.*\=\).*/\1n/"\
47 59 -e "s/\(^CONFIG_GFS2.*\=\).*/\1n/"\
48 60 -e "s/\(^CONFIG_OCFS2.*\=\).*/\1n/"\
49 61 -e "s/\(^CONFIG_BTRFS.*\=\).*/\1n/"\
50 62 -e "s/\(^CONFIG_HFS.*\=\).*/\1n/"\
51 63 -e "s/\(^CONFIG_JFFS2.*\=\)[ym]/\1n/"\
52 64 -e "s/\(^CONFIG_UBIFS.*\=\).*/\1n/"\
53 65 -e "s/\(^CONFIG_SQUASHFS.*\=\)[ym]/\1n/"\
54 66 -e "s/\(^CONFIG_W1.*\=\)[ym]/\1n/"\
55 67 -e "s/\(^CONFIG_HAMRADIO.*\=\).*/\1n/"\
56 68 -e "s/\(^CONFIG_CAN.*\=\).*/\1n/"\
57 69 -e "s/\(^CONFIG_IRDA.*\=\).*/\1n/"\
58 70 -e "s/\(^CONFIG_BT_.*\=\).*/\1n/"\
59 71 -e "s/\(^CONFIG_WIMAX.*\=\)[ym]/\1n/"\
60 72 -e "s/\(^CONFIG_6LOWPAN.*\=\).*/\1n/"\
61 73 -e "s/\(^CONFIG_IEEE802154.*\=\).*/\1n/"\
62 74 -e "s/\(^CONFIG_NFC.*\=\).*/\1n/"\
63 75 -e "s/\(^CONFIG_FB_TFT=.*\=\).*/\1n/"\
64 76 -e "s/\(^CONFIG_TOUCHSCREEN.*\=\).*/\1n/"\
65 77 -e "s/\(^CONFIG_USB_GSPCA_.*\=\).*/\1n/"\
66 78 -e "s/\(^CONFIG_DRM.*\=\).*/\1n/"\
67 79 "${KERNEL_DIR}/.config"
68 80 fi
69 81
70 82 if [ "$KERNELSRC_CONFIG" = true ] ; then
71 83 # Load default raspberry kernel configuration
72 84 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" "${KERNEL_DEFCONFIG}"
73 85
74 86 if [ ! -z "$KERNELSRC_USRCONFIG" ] ; then
75 87 cp $KERNELSRC_USRCONFIG ${KERNEL_DIR}/.config
76 88 fi
77 89
78 90 # Start menu-driven kernel configuration (interactive)
79 91 if [ "$KERNEL_MENUCONFIG" = true ] ; then
80 92 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" menuconfig
81 93 fi
82 94 fi
83 95
84 96 # Cross compile kernel and modules
85 97 make -C "${KERNEL_DIR}" -j${KERNEL_THREADS} ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" zImage modules dtbs
86 98 fi
87 99
88 100 # Check if kernel compilation was successful
89 101 if [ ! -r "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/zImage" ] ; then
90 102 echo "error: kernel compilation failed! (zImage not found)"
91 103 cleanup
92 104 exit 1
93 105 fi
94 106
95 107 # Install kernel modules
96 108 if [ "$ENABLE_REDUCE" = true ] ; then
97 109 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_MOD_STRIP=1 INSTALL_MOD_PATH=../../.. modules_install
98 110 else
99 111 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_MOD_PATH=../../.. modules_install
100 112
101 113 # Install kernel firmware
102 114 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_FW_PATH=../../../lib firmware_install
103 115 fi
104 116
105 117 # Install kernel headers
106 118 if [ "$KERNEL_HEADERS" = true ] && [ "$KERNEL_REDUCE" = false ] ; then
107 119 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_HDR_PATH=../.. headers_install
108 120 fi
109 121
110 122 # Prepare boot (firmware) directory
111 123 mkdir "${BOOT_DIR}"
112 124
113 125 # Get kernel release version
114 126 KERNEL_VERSION=`cat "${KERNEL_DIR}/include/config/kernel.release"`
115 127
116 128 # Copy kernel configuration file to the boot directory
117 129 install_readonly "${KERNEL_DIR}/.config" "${R}/boot/config-${KERNEL_VERSION}"
118 130
119 131 # Copy dts and dtb device tree sources and binaries
120 132 mkdir "${BOOT_DIR}/overlays"
121 133 install_readonly "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/"*.dtb "${BOOT_DIR}/"
122 134 install_readonly "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays/"*.dtb* "${BOOT_DIR}/overlays/"
123 135 install_readonly "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays/README" "${BOOT_DIR}/overlays/README"
124 136
125 137 if [ "$ENABLE_UBOOT" = false ] ; then
126 138 # Convert and copy zImage kernel to the boot directory
127 139 "${KERNEL_DIR}/scripts/mkknlimg" "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/zImage" "${BOOT_DIR}/${KERNEL_IMAGE}"
128 140 else
129 141 # Copy zImage kernel to the boot directory
130 142 install_readonly "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/zImage" "${BOOT_DIR}/${KERNEL_IMAGE}"
131 143 fi
132 144
133 145 # Remove kernel sources
134 146 if [ "$KERNEL_REMOVESRC" = true ] ; then
135 147 rm -fr "${KERNEL_DIR}"
136 148 else
137 149 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" modules_prepare
138 150
139 151 # Create symlinks for kernel modules
140 152 ln -sf "${KERNEL_DIR}" "${R}/lib/modules/${KERNEL_VERSION}/build"
141 153 ln -sf "${KERNEL_DIR}" "${R}/lib/modules/${KERNEL_VERSION}/source"
142 154 fi
143 155
144 156 else # BUILD_KERNEL=false
145 157 # Kernel installation
146 158 chroot_exec apt-get -qq -y --no-install-recommends install linux-image-"${COLLABORA_KERNEL}" raspberrypi-bootloader-nokernel
147 159
148 160 # Install flash-kernel last so it doesn't try (and fail) to detect the platform in the chroot
149 161 chroot_exec apt-get -qq -y install flash-kernel
150 162
151 163 # Check if kernel installation was successful
152 164 VMLINUZ="$(ls -1 ${R}/boot/vmlinuz-* | sort | tail -n 1)"
153 165 if [ -z "$VMLINUZ" ] ; then
154 166 echo "error: kernel installation failed! (/boot/vmlinuz-* not found)"
155 167 cleanup
156 168 exit 1
157 169 fi
158 170 # Copy vmlinuz kernel to the boot directory
159 171 install_readonly "${VMLINUZ}" "${BOOT_DIR}/${KERNEL_IMAGE}"
160 172 fi
Show file before | Show file after | Hide comments
@@ -1,136 +1,151
1 1 #
2 2 # Setup RPi2/3 config and cmdline
3 3 #
4 4
5 5 # Load utility functions
6 6 . ./functions.sh
7 7
8 8 if [ "$BUILD_KERNEL" = true ] ; then
9 9 if [ -n "$RPI_FIRMWARE_DIR" ] && [ -d "$RPI_FIRMWARE_DIR" ] ; then
10 10 # Install boot binaries from local directory
11 11 cp ${RPI_FIRMWARE_DIR}/boot/bootcode.bin ${BOOT_DIR}/bootcode.bin
12 12 cp ${RPI_FIRMWARE_DIR}/boot/fixup.dat ${BOOT_DIR}/fixup.dat
13 13 cp ${RPI_FIRMWARE_DIR}/boot/fixup_cd.dat ${BOOT_DIR}/fixup_cd.dat
14 14 cp ${RPI_FIRMWARE_DIR}/boot/fixup_x.dat ${BOOT_DIR}/fixup_x.dat
15 15 cp ${RPI_FIRMWARE_DIR}/boot/start.elf ${BOOT_DIR}/start.elf
16 16 cp ${RPI_FIRMWARE_DIR}/boot/start_cd.elf ${BOOT_DIR}/start_cd.elf
17 17 cp ${RPI_FIRMWARE_DIR}/boot/start_x.elf ${BOOT_DIR}/start_x.elf
18 18 else
19 # Create temporary directory for boot binaries
20 temp_dir=$(sudo -u nobody mktemp -d)
21
19 22 # Install latest boot binaries from raspberry/firmware github
20 wget -q -O "${BOOT_DIR}/bootcode.bin" "${FIRMWARE_URL}/bootcode.bin"
21 wget -q -O "${BOOT_DIR}/fixup.dat" "${FIRMWARE_URL}/fixup.dat"
22 wget -q -O "${BOOT_DIR}/fixup_cd.dat" "${FIRMWARE_URL}/fixup_cd.dat"
23 wget -q -O "${BOOT_DIR}/fixup_x.dat" "${FIRMWARE_URL}/fixup_x.dat"
24 wget -q -O "${BOOT_DIR}/start.elf" "${FIRMWARE_URL}/start.elf"
25 wget -q -O "${BOOT_DIR}/start_cd.elf" "${FIRMWARE_URL}/start_cd.elf"
26 wget -q -O "${BOOT_DIR}/start_x.elf" "${FIRMWARE_URL}/start_x.elf"
23 sudo -u nobody wget -q -O "${temp_dir}/bootcode.bin" "${FIRMWARE_URL}/bootcode.bin"
24 sudo -u nobody wget -q -O "${temp_dir}/fixup.dat" "${FIRMWARE_URL}/fixup.dat"
25 sudo -u nobody wget -q -O "${temp_dir}/fixup_cd.dat" "${FIRMWARE_URL}/fixup_cd.dat"
26 sudo -u nobody wget -q -O "${temp_dir}/fixup_x.dat" "${FIRMWARE_URL}/fixup_x.dat"
27 sudo -u nobody wget -q -O "${temp_dir}/start.elf" "${FIRMWARE_URL}/start.elf"
28 sudo -u nobody wget -q -O "${temp_dir}/start_cd.elf" "${FIRMWARE_URL}/start_cd.elf"
29 sudo -u nobody wget -q -O "${temp_dir}/start_x.elf" "${FIRMWARE_URL}/start_x.elf"
30
31 # Move downloaded boot binaries
32 mv "${temp_dir}/"* "${BOOT_DIR}/"
33
34 # Remove temporary directory for boot binaries
35 rm -fr "${temp_dir}"
36
37 # Set permissions of the boot binaries
38 chown -R root:root "${BOOT_DIR}"
39 chmod -R 600 "${BOOT_DIR}"
27 40 fi
28 41 fi
29 42
30 43 # Setup firmware boot cmdline
31 44 if [ "$ENABLE_SPLITFS" = true ] ; then
32 45 CMDLINE="dwc_otg.lpm_enable=0 root=/dev/sda1 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline rootwait console=tty1"
33 46 else
34 47 CMDLINE="dwc_otg.lpm_enable=0 root=/dev/mmcblk0p2 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline rootwait console=tty1"
35 48 fi
36 49
37 50 # Add encrypted root partition to cmdline.txt
38 51 if [ "$ENABLE_CRYPTFS" = true ] ; then
39 52 if [ "$ENABLE_SPLITFS" = true ] ; then
40 53 CMDLINE=$(echo ${CMDLINE} | sed "s/sda1/mapper\/${CRYPTFS_MAPPING} cryptdevice=\/dev\/sda1:${CRYPTFS_MAPPING}/")
41 54 else
42 55 CMDLINE=$(echo ${CMDLINE} | sed "s/mmcblk0p2/mapper\/${CRYPTFS_MAPPING} cryptdevice=\/dev\/mmcblk0p2:${CRYPTFS_MAPPING}/")
43 56 fi
44 57 fi
45 58
46 59 # Add serial console support
47 60 if [ "$ENABLE_CONSOLE" = true ] ; then
48 61 CMDLINE="${CMDLINE} console=ttyAMA0,115200 kgdboc=ttyAMA0,115200"
49 62 fi
50 63
51 64 # Remove IPv6 networking support
52 65 if [ "$ENABLE_IPV6" = false ] ; then
53 66 CMDLINE="${CMDLINE} ipv6.disable=1"
54 67 fi
55 68
56 69 # Automatically assign predictable network interface names
57 70 if [ "$ENABLE_IFNAMES" = false ] ; then
58 71 CMDLINE="${CMDLINE} net.ifnames=0"
59 72 else
60 73 CMDLINE="${CMDLINE} net.ifnames=1"
61 74 fi
62 75
63 76 # Set init to systemd if required by Debian release
64 77 if [ "$RELEASE" = "stretch" ] ; then
65 78 CMDLINE="${CMDLINE} init=/bin/systemd"
66 79 fi
67 80
68 81 # Install firmware boot cmdline
69 82 echo "${CMDLINE}" > "${BOOT_DIR}/cmdline.txt"
70 83
71 84 # Install firmware config
72 85 install_readonly files/boot/config.txt "${BOOT_DIR}/config.txt"
73 86
74 87 # Setup minimal GPU memory allocation size: 16MB (no X)
75 88 if [ "$ENABLE_MINGPU" = true ] ; then
76 89 echo "gpu_mem=16" >> "${BOOT_DIR}/config.txt"
77 90 fi
78 91
79 92 # Setup boot with initramfs
80 93 if [ "$ENABLE_INITRAMFS" = true ] ; then
81 94 echo "initramfs initramfs-${KERNEL_VERSION} followkernel" >> "${BOOT_DIR}/config.txt"
82 95 fi
83 96
84 97 # Disable RPi3 Bluetooth and restore ttyAMA0 serial device
85 98 if [ "$RPI_MODEL" = 3 ] ; then
86 99 if [ "$ENABLE_CONSOLE" = true ] && [ "$ENABLE_UBOOT" = false ] ; then
87 100 echo "dtoverlay=pi3-disable-bt" >> "${BOOT_DIR}/config.txt"
88 101 echo "enable_uart=1" >> "${BOOT_DIR}/config.txt"
89 102 fi
90 103 fi
91 104
92 105 # Create firmware configuration and cmdline symlinks
93 106 ln -sf firmware/config.txt "${R}/boot/config.txt"
94 107 ln -sf firmware/cmdline.txt "${R}/boot/cmdline.txt"
95 108
96 109 # Install and setup kernel modules to load at boot
97 110 mkdir -p "${R}/lib/modules-load.d/"
98 111 install_readonly files/modules/rpi2.conf "${R}/lib/modules-load.d/rpi2.conf"
99 112
100 113 # Load hardware random module at boot
101 114 if [ "$ENABLE_HWRANDOM" = true ] && [ "$BUILD_KERNEL" = false ] ; then
102 115 sed -i "s/^# bcm2708_rng/bcm2708_rng/" "${R}/lib/modules-load.d/rpi2.conf"
103 116 fi
104 117
105 118 # Load sound module at boot
106 119 if [ "$ENABLE_SOUND" = true ] ; then
107 120 sed -i "s/^# snd_bcm2835/snd_bcm2835/" "${R}/lib/modules-load.d/rpi2.conf"
121 else
122 echo "dtparam=audio=off" >> "${BOOT_DIR}/config.txt"
108 123 fi
109 124
110 125 # Enable I2C interface
111 126 if [ "$ENABLE_I2C" = true ] ; then
112 127 echo "dtparam=i2c_arm=on" >> "${BOOT_DIR}/config.txt"
113 128 sed -i "s/^# i2c-bcm2708/i2c-bcm2708/" "${R}/lib/modules-load.d/rpi2.conf"
114 129 sed -i "s/^# i2c-dev/i2c-dev/" "${R}/lib/modules-load.d/rpi2.conf"
115 130 fi
116 131
117 132 # Enable SPI interface
118 133 if [ "$ENABLE_SPI" = true ] ; then
119 134 echo "dtparam=spi=on" >> "${BOOT_DIR}/config.txt"
120 135 echo "spi-bcm2708" >> "${R}/lib/modules-load.d/rpi2.conf"
121 136 if [ "$RPI_MODEL" = 3 ] ; then
122 137 sed -i "s/spi-bcm2708/spi-bcm2835/" "${R}/lib/modules-load.d/rpi2.conf"
123 138 fi
124 139 fi
125 140
126 141 # Disable RPi2/3 under-voltage warnings
127 142 if [ ! -z "$DISABLE_UNDERVOLT_WARNINGS" ] ; then
128 143 echo "avoid_warnings=${DISABLE_UNDERVOLT_WARNINGS}" >> "${BOOT_DIR}/config.txt"
129 144 fi
130 145
131 146 # Install kernel modules blacklist
132 147 mkdir -p "${ETC_DIR}/modprobe.d/"
133 148 install_readonly files/modules/raspi-blacklist.conf "${ETC_DIR}/modprobe.d/raspi-blacklist.conf"
134 149
135 150 # Install sysctl.d configuration files
136 151 install_readonly files/sysctl.d/81-rpi-vm.conf "${ETC_DIR}/sysctl.d/81-rpi-vm.conf"
Show file before | Show file after | Hide comments
@@ -1,93 +1,107
1 1 #
2 2 # Setup Networking
3 3 #
4 4
5 5 # Load utility functions
6 6 . ./functions.sh
7 7
8 8 # Install and setup hostname
9 9 install_readonly files/network/hostname "${ETC_DIR}/hostname"
10 10 sed -i "s/^rpi2-jessie/${HOSTNAME}/" "${ETC_DIR}/hostname"
11 11
12 12 # Install and setup hosts
13 13 install_readonly files/network/hosts "${ETC_DIR}/hosts"
14 14 sed -i "s/rpi2-jessie/${HOSTNAME}/" "${ETC_DIR}/hosts"
15 15
16 16 # Setup hostname entry with static IP
17 17 if [ "$NET_ADDRESS" != "" ] ; then
18 18 NET_IP=$(echo "${NET_ADDRESS}" | cut -f 1 -d'/')
19 19 sed -i "s/^127.0.1.1/${NET_IP}/" "${ETC_DIR}/hosts"
20 20 fi
21 21
22 22 # Remove IPv6 hosts
23 23 if [ "$ENABLE_IPV6" = false ] ; then
24 24 sed -i -e "/::[1-9]/d" -e "/^$/d" "${ETC_DIR}/hosts"
25 25 fi
26 26
27 27 # Install hint about network configuration
28 28 install_readonly files/network/interfaces "${ETC_DIR}/network/interfaces"
29 29
30 30 # Install configuration for interface eth0
31 31 install_readonly files/network/eth.network "${ETC_DIR}/systemd/network/eth.network"
32 32
33 33 if [ "$ENABLE_DHCP" = true ] ; then
34 34 # Enable DHCP configuration for interface eth0
35 35 sed -i -e "s/DHCP=.*/DHCP=yes/" -e "/DHCP/q" "${ETC_DIR}/systemd/network/eth.network"
36 36
37 37 # Set DHCP configuration to IPv4 only
38 38 if [ "$ENABLE_IPV6" = false ] ; then
39 39 sed -i "s/DHCP=.*/DHCP=v4/" "${ETC_DIR}/systemd/network/eth.network"
40 40 fi
41 41
42 42 else # ENABLE_DHCP=false
43 43 # Set static network configuration for interface eth0
44 44 sed -i\
45 45 -e "s|DHCP=.*|DHCP=no|"\
46 46 -e "s|Address=\$|Address=${NET_ADDRESS}|"\
47 47 -e "s|Gateway=\$|Gateway=${NET_GATEWAY}|"\
48 48 -e "0,/DNS=\$/ s|DNS=\$|DNS=${NET_DNS_1}|"\
49 49 -e "0,/DNS=\$/ s|DNS=\$|DNS=${NET_DNS_2}|"\
50 50 -e "s|Domains=\$|Domains=${NET_DNS_DOMAINS}|"\
51 51 -e "0,/NTP=\$/ s|NTP=\$|NTP=${NET_NTP_1}|"\
52 52 -e "0,/NTP=\$/ s|NTP=\$|NTP=${NET_NTP_2}|"\
53 53 "${ETC_DIR}/systemd/network/eth.network"
54 54 fi
55 55
56 56 # Remove empty settings from network configuration
57 57 sed -i "/.*=\$/d" "${ETC_DIR}/systemd/network/eth.network"
58 58
59 59 # Move systemd network configuration if required by Debian release
60 60 if [ "$RELEASE" = "stretch" ] ; then
61 61 mv -v "${ETC_DIR}/systemd/network/eth.network" "${LIB_DIR}/systemd/network/10-eth.network"
62 62 rm -fr "${ETC_DIR}/systemd/network"
63 63 fi
64 64
65 65 # Enable systemd-networkd service
66 66 chroot_exec systemctl enable systemd-networkd
67 67
68 68 # Install host.conf resolver configuration
69 69 install_readonly files/network/host.conf "${ETC_DIR}/host.conf"
70 70
71 71 # Enable network stack hardening
72 72 if [ "$ENABLE_HARDNET" = true ] ; then
73 73 # Install sysctl.d configuration files
74 74 install_readonly files/sysctl.d/82-rpi-net-hardening.conf "${ETC_DIR}/sysctl.d/82-rpi-net-hardening.conf"
75 75
76 76 # Setup resolver warnings about spoofed addresses
77 77 sed -i "s/^# spoof warn/spoof warn/" "${ETC_DIR}/host.conf"
78 78 fi
79 79
80 80 # Enable time sync
81 81 if [ "NET_NTP_1" != "" ] ; then
82 82 chroot_exec systemctl enable systemd-timesyncd.service
83 83 fi
84 84
85 85 # Download the firmware binary blob required to use the RPi3 wireless interface
86 86 if [ "$ENABLE_WIRELESS" = true ] ; then
87 87 if [ ! -d ${WLAN_FIRMWARE_DIR} ] ; then
88 88 mkdir -p ${WLAN_FIRMWARE_DIR}
89 89 fi
90 90
91 wget -q -O "${WLAN_FIRMWARE_DIR}/brcmfmac43430-sdio.bin" "${WLAN_FIRMWARE_URL}/brcmfmac43430-sdio.bin"
92 wget -q -O "${WLAN_FIRMWARE_DIR}/brcmfmac43430-sdio.txt" "${WLAN_FIRMWARE_URL}/brcmfmac43430-sdio.txt"
91 # Create temporary directory for firmware binary blob
92 temp_dir=$(sudo -u nobody mktemp -d)
93
94 # Fetch firmware binary blob
95 sudo -u nobody wget -q -O "${temp_dir}/brcmfmac43430-sdio.bin" "${WLAN_FIRMWARE_URL}/brcmfmac43430-sdio.bin"
96 sudo -u nobody wget -q -O "${temp_dir}/brcmfmac43430-sdio.txt" "${WLAN_FIRMWARE_URL}/brcmfmac43430-sdio.txt"
97
98 # Move downloaded firmware binary blob
99 mv "${temp_dir}/brcmfmac43430-sdio."* "${WLAN_FIRMWARE_DIR}/"
100
101 # Remove temporary directory for firmware binary blob
102 rm -fr "${temp_dir}"
103
104 # Set permissions of the firmware binary blob
105 chown root:root "${WLAN_FIRMWARE_DIR}/brcmfmac43430-sdio."*
106 chmod 600 "${WLAN_FIRMWARE_DIR}/brcmfmac43430-sdio."*
93 107 fi
Show file before | Show file after | Hide comments
@@ -1,13 +1,13
1 1 #
2 2 # Setup Logging
3 3 #
4 4
5 5 # Load utility functions
6 6 . ./functions.sh
7 7
8 8 # Disable rsyslog
9 9 if [ "$ENABLE_RSYSLOG" = false ] ; then
10 10 sed -i "s|[#]*ForwardToSyslog=yes|ForwardToSyslog=no|g" "${ETC_DIR}/systemd/journald.conf"
11 11 chroot_exec systemctl disable rsyslog
12 chroot_exec apt-get -qq -y --force-yes purge rsyslog
12 chroot_exec apt-get -qq -y purge rsyslog
13 13 fi
Show file before | Show file after | Hide comments
@@ -1,87 +1,116
1 1 #
2 2 # Setup SSH settings and public keys
3 3 #
4 4
5 5 # Load utility functions
6 6 . ./functions.sh
7 7
8 8 if [ "$ENABLE_SSHD" = true ] ; then
9 DROPBEAR_ARGS=""
10
9 11 if [ "$SSH_ENABLE_ROOT" = false ] ; then
12 if [ "$ENABLE_REDUCE" = false ] || [ "$REDUCE_SSHD" = false ] ; then
10 13 # User root is not allowed to log in
11 14 sed -i "s|[#]*PermitRootLogin.*|PermitRootLogin no|g" "${ETC_DIR}/ssh/sshd_config"
15 else
16 # User root is not allowed to log in
17 DROPBEAR_ARGS="-w"
18 fi
12 19 fi
13 20
14 21 if [ "$ENABLE_ROOT" = true ] && [ "$SSH_ENABLE_ROOT" = true ] ; then
22 if [ "$ENABLE_REDUCE" = false ] || [ "$REDUCE_SSHD" = false ] ; then
15 23 # Permit SSH root login
16 24 sed -i "s|[#]*PermitRootLogin.*|PermitRootLogin yes|g" "${ETC_DIR}/ssh/sshd_config"
25 else
26 # Permit SSH root login
27 DROPBEAR_ARGS=""
28 fi
17 29
18 30 # Add SSH (v2) public key for user root
19 31 if [ ! -z "$SSH_ROOT_PUB_KEY" ] ; then
20 32 # Create root SSH config directory
21 33 mkdir -p "${R}/root/.ssh"
22 34
23 35 # Set permissions of root SSH config directory
24 36 chroot_exec chmod 700 "/root/.ssh"
25 37 chroot_exec chown root:root "/root/.ssh"
26 38
27 39 # Add SSH (v2) public key(s) to authorized_keys file
28 40 cat "$SSH_ROOT_PUB_KEY" >> "${R}/root/.ssh/authorized_keys"
29 41
30 42 # Set permissions of root SSH authorized_keys file
31 43 chroot_exec chmod 600 "/root/.ssh/authorized_keys"
32 44 chroot_exec chown root:root "/root/.ssh/authorized_keys"
33 45
46 if [ "$ENABLE_REDUCE" = false ] || [ "$REDUCE_SSHD" = false ] ; then
34 47 # Allow SSH public key authentication
35 48 sed -i "s|[#]*PubkeyAuthentication.*|PubkeyAuthentication yes|g" "${ETC_DIR}/ssh/sshd_config"
36 49 fi
37 50 fi
51 fi
38 52
39 53 if [ "$ENABLE_USER" = true ] ; then
40 54 # Add SSH (v2) public key for user $USER_NAME
41 55 if [ ! -z "$SSH_USER_PUB_KEY" ] ; then
42 56 # Create $USER_NAME SSH config directory
43 57 mkdir -p "${R}/home/${USER_NAME}/.ssh"
44 58
45 59 # Set permissions of $USER_NAME SSH config directory
46 60 chroot_exec chmod 700 "/home/${USER_NAME}/.ssh"
47 61 chroot_exec chown ${USER_NAME}:${USER_NAME} "/home/${USER_NAME}/.ssh"
48 62
49 63 # Add SSH (v2) public key(s) to authorized_keys file
50 64 cat "$SSH_USER_PUB_KEY" >> "${R}/home/${USER_NAME}/.ssh/authorized_keys"
51 65
52 66 # Set permissions of $USER_NAME SSH config directory
53 67 chroot_exec chmod 600 "/home/${USER_NAME}/.ssh/authorized_keys"
54 68 chroot_exec chown ${USER_NAME}:${USER_NAME} "/home/${USER_NAME}/.ssh/authorized_keys"
55 69
70 if [ "$ENABLE_REDUCE" = false ] || [ "$REDUCE_SSHD" = false ] ; then
56 71 # Allow SSH public key authentication
57 72 sed -i "s|[#]*PubkeyAuthentication.*|PubkeyAuthentication yes|g" "${ETC_DIR}/ssh/sshd_config"
58 73 fi
59 74 fi
75 fi
60 76
61 77 # Limit the users that are allowed to login via SSH
62 if [ "$SSH_LIMIT_USERS" = true ] ; then
78 if [ "$SSH_LIMIT_USERS" = true ] && [ "$ENABLE_REDUCE" = false ] ; then
63 79 allowed_users=""
64 80 if [ "$ENABLE_ROOT" = true ] && [ "$SSH_ENABLE_ROOT" = true ] ; then
65 81 allowed_users="root"
66 82 fi
67 83
68 84 if [ "$ENABLE_USER" = true ] ; then
69 85 allowed_users="${allowed_users} ${USER_NAME}"
70 86 fi
71 87
72 88 if [ ! -z "$allowed_users" ] ; then
73 89 echo "AllowUsers ${allowed_users}" >> "${ETC_DIR}/ssh/sshd_config"
74 90 fi
75 91 fi
76 92
77 93 # Disable password-based authentication
78 94 if [ "$SSH_DISABLE_PASSWORD_AUTH" = true ] ; then
79 95 if [ "$ENABLE_ROOT" = true ] && [ "$SSH_ENABLE_ROOT" = true ] ; then
96 if [ "$ENABLE_REDUCE" = false ] || [ "$REDUCE_SSHD" = false ] ; then
80 97 sed -i "s|[#]*PermitRootLogin.*|PermitRootLogin without-password|g" "${ETC_DIR}/ssh/sshd_config"
98 else
99 DROPBEAR_ARGS="-g"
100 fi
81 101 fi
82 102
103 if [ "$ENABLE_REDUCE" = false ] || [ "$REDUCE_SSHD" = false ] ; then
83 104 sed -i "s|[#]*PasswordAuthentication.*|PasswordAuthentication no|g" "${ETC_DIR}/ssh/sshd_config"
84 105 sed -i "s|[#]*ChallengeResponseAuthentication no.*|ChallengeResponseAuthentication no|g" "${ETC_DIR}/ssh/sshd_config"
85 106 sed -i "s|[#]*UsePAM.*|UsePAM no|g" "${ETC_DIR}/ssh/sshd_config"
107 else
108 DROPBEAR_ARGS="${DROPBEAR_ARGS} -s"
109 fi
110 fi
111
112 # Update dropbear SSH configuration
113 if [ "$ENABLE_REDUCE" = true ] && [ "$REDUCE_SSHD" = true ] ; then
114 sed "s|^DROPBEAR_EXTRA_ARGS=.*|DROPBEAR_EXTRA_ARGS=\"${DROPBEAR_ARGS}\"|g" "${ETC_DIR}/default/dropbear"
86 115 fi
87 116 fi
Show file before | Show file after | Hide comments
@@ -1,74 +1,83
1 1 #
2 2 # Build and Setup U-Boot
3 3 #
4 4
5 5 # Load utility functions
6 6 . ./functions.sh
7 7
8 # Install gcc/c++ build environment inside the chroot
9 if [ "$ENABLE_UBOOT" = true ] || [ "$ENABLE_FBTURBO" = true ] ; then
10 COMPILER_PACKAGES=$(chroot_exec apt-get -s install ${COMPILER_PACKAGES} | grep "^Inst " | awk -v ORS=" " '{ print $2 }')
11 chroot_exec apt-get -q -y --force-yes --no-install-recommends install ${COMPILER_PACKAGES}
12 fi
13
14 8 # Fetch and build U-Boot bootloader
15 9 if [ "$ENABLE_UBOOT" = true ] ; then
10 # Install c/c++ build environment inside the chroot
11 chroot_install_cc
12
16 13 # Copy existing U-Boot sources into chroot directory
17 14 if [ -n "$UBOOTSRC_DIR" ] && [ -d "$UBOOTSRC_DIR" ] ; then
18 15 # Copy local U-Boot sources
19 16 cp -r "${UBOOTSRC_DIR}" "${R}/tmp"
20 17 else
18 # Create temporary directory for U-Boot sources
19 temp_dir=$(sudo -u nobody mktemp -d)
20
21 21 # Fetch U-Boot sources
22 git -C "${R}/tmp" clone "${UBOOT_URL}"
22 sudo -u nobody git -C "${temp_dir}" clone "${UBOOT_URL}"
23
24 # Copy downloaded U-Boot sources
25 mv "${temp_dir}/u-boot" "${R}/tmp/"
26
27 # Set permissions of the U-Boot sources
28 chown -R root:root "${R}/tmp/u-boot"
29
30 # Remove temporary directory for U-Boot sources
31 rm -fr "${temp_dir}"
23 32 fi
24 33
25 34 # Build and install U-Boot inside chroot
26 35 chroot_exec make -j${KERNEL_THREADS} -C /tmp/u-boot/ ${UBOOT_CONFIG} all
27 36
28 37 # Copy compiled bootloader binary and set config.txt to load it
29 38 install_exec "${R}/tmp/u-boot/tools/mkimage" "${R}/usr/sbin/mkimage"
30 39 install_readonly "${R}/tmp/u-boot/u-boot.bin" "${BOOT_DIR}/u-boot.bin"
31 40 printf "\n# boot u-boot kernel\nkernel=u-boot.bin\n" >> "${BOOT_DIR}/config.txt"
32 41
33 42 # Install and setup U-Boot command file
34 43 install_readonly files/boot/uboot.mkimage "${BOOT_DIR}/uboot.mkimage"
35 44 printf "# Set the kernel boot command line\nsetenv bootargs \"earlyprintk ${CMDLINE}\"\n\n$(cat ${BOOT_DIR}/uboot.mkimage)" > "${BOOT_DIR}/uboot.mkimage"
36 45
37 46 if [ "$ENABLE_INITRAMFS" = true ] ; then
38 47 # Convert generated initramfs for U-Boot using mkimage
39 48 chroot_exec /usr/sbin/mkimage -A "${KERNEL_ARCH}" -T ramdisk -C none -n "initramfs-${KERNEL_VERSION}" -d "/boot/firmware/initramfs-${KERNEL_VERSION}" "/boot/firmware/initramfs-${KERNEL_VERSION}.uboot"
40 49
41 50 # Remove original initramfs file
42 51 rm -f "${BOOT_DIR}/initramfs-${KERNEL_VERSION}"
43 52
44 53 # Configure U-Boot to load generated initramfs
45 54 printf "# Set initramfs file\nsetenv initramfs initramfs-${KERNEL_VERSION}.uboot\n\n$(cat ${BOOT_DIR}/uboot.mkimage)" > "${BOOT_DIR}/uboot.mkimage"
46 55 printf "\nbootz \${kernel_addr_r} \${ramdisk_addr_r} \${fdt_addr_r}" >> "${BOOT_DIR}/uboot.mkimage"
47 56 else # ENABLE_INITRAMFS=false
48 57 # Remove initramfs from U-Boot mkfile
49 58 sed -i '/.*initramfs.*/d' "${BOOT_DIR}/uboot.mkimage"
50 59
51 60 if [ "$BUILD_KERNEL" = false ] ; then
52 61 # Remove dtbfile from U-Boot mkfile
53 62 sed -i '/.*dtbfile.*/d' "${BOOT_DIR}/uboot.mkimage"
54 63 printf "\nbootz \${kernel_addr_r}" >> "${BOOT_DIR}/uboot.mkimage"
55 64 else
56 65 printf "\nbootz \${kernel_addr_r} - \${fdt_addr_r}" >> "${BOOT_DIR}/uboot.mkimage"
57 66 fi
58 67 fi
59 68
60 69 # Set mkfile to use the correct dtb file
61 70 sed -i "s/^\(setenv dtbfile \).*/\1${DTB_FILE}/" "${BOOT_DIR}/uboot.mkimage"
62 71
63 72 # Set mkfile to use kernel image
64 73 sed -i "s/^\(fatload mmc 0:1 \${kernel_addr_r} \).*/\1${KERNEL_IMAGE}/" "${BOOT_DIR}/uboot.mkimage"
65 74
66 75 # Remove all leading blank lines
67 76 sed -i "/./,\$!d" "${BOOT_DIR}/uboot.mkimage"
68 77
69 78 # Generate U-Boot bootloader image
70 79 chroot_exec /usr/sbin/mkimage -A "${KERNEL_ARCH}" -O linux -T script -C none -a 0x00000000 -e 0x00000000 -n "RPi${RPI_MODEL}" -d /boot/firmware/uboot.mkimage /boot/firmware/boot.scr
71 80
72 81 # Remove U-Boot sources
73 82 rm -fr "${R}/tmp/u-boot"
74 83 fi
Show file before | Show file after | Hide comments
@@ -1,34 +1,51
1 1 #
2 2 # Build and Setup fbturbo Xorg driver
3 3 #
4 4
5 5 # Load utility functions
6 6 . ./functions.sh
7 7
8 8 if [ "$ENABLE_FBTURBO" = true ] ; then
9 # Fetch fbturbo driver sources
10 git -C "${R}/tmp" clone "${FBTURBO_URL}"
9 # Install c/c++ build environment inside the chroot
10 chroot_install_cc
11
12 # Copy existing fbturbo sources into chroot directory
13 if [ -n "$FBTURBOSRC_DIR" ] && [ -d "$FBTURBOSRC_DIR" ] ; then
14 # Copy local fbturbo sources
15 cp -r "${FBTURBOSRC_DIR}" "${R}/tmp"
16 else
17 # Create temporary directory for fbturbo sources
18 temp_dir=$(sudo -u nobody mktemp -d)
19
20 # Fetch fbturbo sources
21 sudo -u nobody git -C "${temp_dir}" clone "${FBTURBO_URL}"
22
23 # Move downloaded fbturbo sources
24 mv "${temp_dir}/xf86-video-fbturbo" "${R}/tmp/"
25
26 # Remove temporary directory for fbturbo sources
27 rm -fr "${temp_dir}"
28 fi
11 29
12 30 # Install Xorg build dependencies
13 chroot_exec apt-get -q -y --force-yes --no-install-recommends install xorg-dev xutils-dev x11proto-dri2-dev libltdl-dev libtool automake libdrm-dev
31 if [ "$RELEASE" = "jessie" ] ; then
32 chroot_exec apt-get -q -y --no-install-recommends install xorg-dev xutils-dev x11proto-dri2-dev libltdl-dev libtool automake libdrm-dev
33 elif [ "$RELEASE" = "stretch" ] ; then
34 chroot_exec apt-get -q -y --no-install-recommends --allow-unauthenticated install xorg-dev xutils-dev x11proto-dri2-dev libltdl-dev libtool automake libdrm-dev
35 fi
14 36
15 37 # Build and install fbturbo driver inside chroot
16 38 chroot_exec /bin/bash -x <<'EOF'
17 39 cd /tmp/xf86-video-fbturbo
18 40 autoreconf -vi
19 41 ./configure --prefix=/usr
20 42 make
21 43 make install
22 44 EOF
23 45
24 46 # Install fbturbo driver Xorg configuration
25 47 install_readonly files/xorg/99-fbturbo.conf "${R}/usr/share/X11/xorg.conf.d/99-fbturbo.conf"
26 48
27 49 # Remove Xorg build dependencies
28 50 chroot_exec apt-get -qq -y --auto-remove purge xorg-dev xutils-dev x11proto-dri2-dev libltdl-dev libtool automake libdrm-dev
29 51 fi
30
31 # Remove gcc/c++ build environment from the chroot
32 if [ "$ENABLE_UBOOT" = true ] || [ "$ENABLE_FBTURBO" = true ] ; then
33 chroot_exec apt-get -qq -y --auto-remove purge ${COMPILER_PACKAGES}
34 fi
Show file before | Show file after | Hide comments
@@ -1,80 +1,85
1 1 #
2 2 # Reduce system disk usage
3 3 #
4 4
5 5 # Load utility functions
6 6 . ./functions.sh
7 7
8 8 # Reduce the image size by various operations
9 9 if [ "$ENABLE_REDUCE" = true ] ; then
10 10 if [ "$REDUCE_APT" = true ] ; then
11 11 # Install dpkg configuration file
12 12 if [ "$REDUCE_DOC" = true ] || [ "$REDUCE_MAN" = true ] ; then
13 13 install_readonly files/dpkg/01nodoc "${ETC_DIR}/dpkg/dpkg.cfg.d/01nodoc"
14 14 fi
15 15
16 16 # Install APT configuration files
17 17 install_readonly files/apt/02nocache "${ETC_DIR}/apt/apt.conf.d/02nocache"
18 18 install_readonly files/apt/03compress "${ETC_DIR}/apt/apt.conf.d/03compress"
19 19 install_readonly files/apt/04norecommends "${ETC_DIR}/apt/apt.conf.d/04norecommends"
20 20
21 21 # Remove APT cache files
22 22 rm -fr "${R}/var/cache/apt/pkgcache.bin"
23 23 rm -fr "${R}/var/cache/apt/srcpkgcache.bin"
24 24 fi
25 25
26 26 # Remove all doc files
27 27 if [ "$REDUCE_DOC" = true ] ; then
28 28 find "${R}/usr/share/doc" -depth -type f ! -name copyright | xargs rm || true
29 29 find "${R}/usr/share/doc" -empty | xargs rmdir || true
30 30 fi
31 31
32 32 # Remove all man pages and info files
33 33 if [ "$REDUCE_MAN" = true ] ; then
34 34 rm -rf "${R}/usr/share/man" "${R}/usr/share/groff" "${R}/usr/share/info" "${R}/usr/share/lintian" "${R}/usr/share/linda" "${R}/var/cache/man"
35 35 fi
36 36
37 37 # Remove all locale translation files
38 38 if [ "$REDUCE_LOCALE" = true ] ; then
39 39 find "${R}/usr/share/locale" -mindepth 1 -maxdepth 1 ! -name 'en' | xargs rm -r
40 40 fi
41 41
42 42 # Remove hwdb PCI device classes (experimental)
43 43 if [ "$REDUCE_HWDB" = true ] ; then
44 44 rm -fr "/lib/udev/hwdb.d/20-pci-*"
45 45 fi
46 46
47 47 # Replace bash shell by dash shell (experimental)
48 48 if [ "$REDUCE_BASH" = true ] ; then
49 if [ "$RELEASE" = "stretch" ] ; then
50 echo "Yes, do as I say!" | chroot_exec apt-get purge -qq -y --allow-remove-essential bash
51 else
49 52 echo "Yes, do as I say!" | chroot_exec apt-get purge -qq -y --force-yes bash
53 fi
54
50 55 chroot_exec update-alternatives --install /bin/bash bash /bin/dash 100
51 56 fi
52 57
53 58 # Remove sound utils and libraries
54 59 if [ "$ENABLE_SOUND" = false ] ; then
55 chroot_exec apt-get -qq -y --force-yes purge alsa-utils libsamplerate0 libasound2 libasound2-data
60 chroot_exec apt-get -qq -y purge alsa-utils libsamplerate0 libasound2 libasound2-data
56 61 fi
57 62
58 # Re-install tools for managing kernel moduless
63 # Re-install tools for managing kernel modules
59 64 if [ "$RELEASE" = "jessie" ] ; then
60 chroot_exec apt-get -qq -y --force-yes install module-init-tools
65 chroot_exec apt-get -qq -y install module-init-tools
61 66 fi
62 67
63 68 # Remove GPU kernels
64 69 if [ "$ENABLE_MINGPU" = true ] ; then
65 70 rm -f "${BOOT_DIR}/start.elf"
66 71 rm -f "${BOOT_DIR}/fixup.dat"
67 72 rm -f "${BOOT_DIR}/start_x.elf"
68 73 rm -f "${BOOT_DIR}/fixup_x.dat"
69 74 fi
70 75
71 76 # Remove kernel and initrd from /boot (already in /boot/firmware)
72 77 if [ "$BUILD_KERNEL" = false ] ; then
73 78 rm -f "${R}/boot/vmlinuz-*"
74 79 rm -f "${R}/boot/initrd.img-*"
75 80 fi
76 81
77 82 # Clean APT list of repositories
78 83 rm -fr "${R}/var/lib/apt/lists/*"
79 84 chroot_exec apt-get -qq -y update
80 85 fi
Show file before | Show file after | Hide comments
@@ -1,55 +1,76
1 1 # This file contains utility functions used by rpi23-gen-image.sh
2 2
3 3 cleanup (){
4 4 set +x
5 5 set +e
6 6
7 7 # Identify and kill all processes still using files
8 8 echo "killing processes using mount point ..."
9 9 fuser -k "${R}"
10 10 sleep 3
11 11 fuser -9 -k -v "${R}"
12 12
13 13 # Clean up temporary .password file
14 14 if [ -r ".password" ] ; then
15 15 shred -zu .password
16 16 fi
17 17
18 18 # Clean up all temporary mount points
19 19 echo "removing temporary mount points ..."
20 20 umount -l "${R}/proc" 2> /dev/null
21 21 umount -l "${R}/sys" 2> /dev/null
22 22 umount -l "${R}/dev/pts" 2> /dev/null
23 23 umount "$BUILDDIR/mount/boot/firmware" 2> /dev/null
24 24 umount "$BUILDDIR/mount" 2> /dev/null
25 25 cryptsetup close "${CRYPTFS_MAPPING}" 2> /dev/null
26 26 losetup -d "$ROOT_LOOP" 2> /dev/null
27 27 losetup -d "$FRMW_LOOP" 2> /dev/null
28 28 trap - 0 1 2 3 6
29 29 }
30 30
31 31 chroot_exec() {
32 32 # Exec command in chroot
33 33 LANG=C LC_ALL=C DEBIAN_FRONTEND=noninteractive chroot ${R} $*
34 34 }
35 35
36 36 install_readonly() {
37 37 # Install file with user read-only permissions
38 38 install -o root -g root -m 644 $*
39 39 }
40 40
41 41 install_exec() {
42 42 # Install file with root exec permissions
43 43 install -o root -g root -m 744 $*
44 44 }
45 45
46 46 use_template () {
47 47 # Test if configuration template file exists
48 48 if [ ! -r "./templates/${CONFIG_TEMPLATE}" ] ; then
49 49 echo "error: configuration template ${CONFIG_TEMPLATE} not found"
50 50 exit 1
51 51 fi
52 52
53 53 # Load template configuration parameters
54 54 . "./templates/${CONFIG_TEMPLATE}"
55 55 }
56
57 chroot_install_cc() {
58 # Install c/c++ build environment inside the chroot
59 if [ -z "${COMPILER_PACKAGES}" ] ; then
60 COMPILER_PACKAGES=$(chroot_exec apt-get -s install g++ make bc | grep "^Inst " | awk -v ORS=" " '{ print $2 }')
61
62 if [ "$RELEASE" = "jessie" ] ; then
63 chroot_exec apt-get -q -y --no-install-recommends install ${COMPILER_PACKAGES}
64 elif [ "$RELEASE" = "stretch" ] ; then
65 chroot_exec apt-get -q -y --allow-unauthenticated --no-install-recommends install ${COMPILER_PACKAGES}
66 fi
67 fi
68 }
69
70 chroot_remove_cc() {
71 # Remove c/c++ build environment from the chroot
72 if [ ! -z "${COMPILER_PACKAGES}" ] ; then
73 chroot_exec apt-get -qq -y --auto-remove purge ${COMPILER_PACKAGES}
74 COMPILER_PACKAGES=""
75 fi
76 }
Show file before | Show file after | Hide comments
@@ -1,621 +1,629
1 1 #!/bin/sh
2 2
3 3 ########################################################################
4 4 # rpi23-gen-image.sh 2015-2017
5 5 #
6 6 # Advanced Debian "jessie" and "stretch" bootstrap script for RPi2/3
7 7 #
8 8 # This program is free software; you can redistribute it and/or
9 9 # modify it under the terms of the GNU General Public License
10 10 # as published by the Free Software Foundation; either version 2
11 11 # of the License, or (at your option) any later version.
12 12 #
13 13 # Copyright (C) 2015 Jan Wagner <mail@jwagner.eu>
14 14 #
15 15 # Big thanks for patches and enhancements by 10+ github contributors!
16 16 ########################################################################
17 17
18 18 # Are we running as root?
19 19 if [ "$(id -u)" -ne "0" ] ; then
20 20 echo "error: this script must be executed with root privileges!"
21 21 exit 1
22 22 fi
23 23
24 24 # Check if ./functions.sh script exists
25 25 if [ ! -r "./functions.sh" ] ; then
26 26 echo "error: './functions.sh' required script not found!"
27 27 exit 1
28 28 fi
29 29
30 30 # Load utility functions
31 31 . ./functions.sh
32 32
33 33 # Load parameters from configuration template file
34 34 if [ ! -z "$CONFIG_TEMPLATE" ] ; then
35 35 use_template
36 36 fi
37 37
38 38 # Introduce settings
39 39 set -e
40 40 echo -n -e "\n#\n# RPi2/3 Bootstrap Settings\n#\n"
41 41 set -x
42 42
43 43 # Raspberry Pi model configuration
44 44 RPI_MODEL=${RPI_MODEL:=2}
45 45 RPI2_DTB_FILE=${RPI2_DTB_FILE:=bcm2709-rpi-2-b.dtb}
46 46 RPI2_UBOOT_CONFIG=${RPI2_UBOOT_CONFIG:=rpi_2_defconfig}
47 47 RPI3_DTB_FILE=${RPI3_DTB_FILE:=bcm2710-rpi-3-b.dtb}
48 48 RPI3_UBOOT_CONFIG=${RPI3_UBOOT_CONFIG:=rpi_3_32b_defconfig}
49 49
50 50 # Debian release
51 51 RELEASE=${RELEASE:=jessie}
52 52 KERNEL_ARCH=${KERNEL_ARCH:=arm}
53 53 RELEASE_ARCH=${RELEASE_ARCH:=armhf}
54 54 CROSS_COMPILE=${CROSS_COMPILE:=arm-linux-gnueabihf-}
55 55 COLLABORA_KERNEL=${COLLABORA_KERNEL:=3.18.0-trunk-rpi2}
56 56 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcm2709_defconfig}
57 57 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel7.img}
58 58 QEMU_BINARY=${QEMU_BINARY:=/usr/bin/qemu-arm-static}
59 59
60 60 # URLs
61 61 KERNEL_URL=${KERNEL_URL:=https://github.com/raspberrypi/linux}
62 62 FIRMWARE_URL=${FIRMWARE_URL:=https://github.com/raspberrypi/firmware/raw/master/boot}
63 63 WLAN_FIRMWARE_URL=${WLAN_FIRMWARE_URL:=https://github.com/RPi-Distro/firmware-nonfree/raw/master/brcm80211/brcm}
64 64 COLLABORA_URL=${COLLABORA_URL:=https://repositories.collabora.co.uk/debian}
65 65 FBTURBO_URL=${FBTURBO_URL:=https://github.com/ssvb/xf86-video-fbturbo.git}
66 66 UBOOT_URL=${UBOOT_URL:=git://git.denx.de/u-boot.git}
67 67
68 68 # Build directories
69 69 BASEDIR=${BASEDIR:=$(pwd)/images/${RELEASE}}
70 70 BUILDDIR="${BASEDIR}/build"
71 71 # Prepare date string for default image file name
72 72 DATE="$(date +%Y-%m-%d)"
73 73 IMAGE_NAME=${IMAGE_NAME:=${BASEDIR}/${DATE}-rpi${RPI_MODEL}-${RELEASE}}
74 74
75 75 # Chroot directories
76 76 R="${BUILDDIR}/chroot"
77 77 ETC_DIR="${R}/etc"
78 78 LIB_DIR="${R}/lib"
79 79 BOOT_DIR="${R}/boot/firmware"
80 80 KERNEL_DIR="${R}/usr/src/linux"
81 81 WLAN_FIRMWARE_DIR="${R}/lib/firmware/brcm"
82 82
83 83 # Firmware directory: Blank if download from github
84 84 RPI_FIRMWARE_DIR=${RPI_FIRMWARE_DIR:=""}
85 85
86 86 # General settings
87 87 HOSTNAME=${HOSTNAME:=rpi${RPI_MODEL}-${RELEASE}}
88 88 PASSWORD=${PASSWORD:=raspberry}
89 89 USER_PASSWORD=${USER_PASSWORD:=raspberry}
90 90 DEFLOCAL=${DEFLOCAL:="en_US.UTF-8"}
91 91 TIMEZONE=${TIMEZONE:="Europe/Berlin"}
92 92 EXPANDROOT=${EXPANDROOT:=true}
93 93
94 94 # Keyboard settings
95 95 XKB_MODEL=${XKB_MODEL:=""}
96 96 XKB_LAYOUT=${XKB_LAYOUT:=""}
97 97 XKB_VARIANT=${XKB_VARIANT:=""}
98 98 XKB_OPTIONS=${XKB_OPTIONS:=""}
99 99
100 100 # Network settings (DHCP)
101 101 ENABLE_DHCP=${ENABLE_DHCP:=true}
102 102
103 103 # Network settings (static)
104 104 NET_ADDRESS=${NET_ADDRESS:=""}
105 105 NET_GATEWAY=${NET_GATEWAY:=""}
106 106 NET_DNS_1=${NET_DNS_1:=""}
107 107 NET_DNS_2=${NET_DNS_2:=""}
108 108 NET_DNS_DOMAINS=${NET_DNS_DOMAINS:=""}
109 109 NET_NTP_1=${NET_NTP_1:=""}
110 110 NET_NTP_2=${NET_NTP_2:=""}
111 111
112 112 # APT settings
113 113 APT_PROXY=${APT_PROXY:=""}
114 114 APT_SERVER=${APT_SERVER:="ftp.debian.org"}
115 115
116 116 # Feature settings
117 117 ENABLE_CONSOLE=${ENABLE_CONSOLE:=true}
118 118 ENABLE_I2C=${ENABLE_I2C:=false}
119 119 ENABLE_SPI=${ENABLE_SPI:=false}
120 120 ENABLE_IPV6=${ENABLE_IPV6:=true}
121 121 ENABLE_SSHD=${ENABLE_SSHD:=true}
122 122 ENABLE_NONFREE=${ENABLE_NONFREE:=false}
123 123 ENABLE_WIRELESS=${ENABLE_WIRELESS:=false}
124 124 ENABLE_SOUND=${ENABLE_SOUND:=true}
125 125 ENABLE_DBUS=${ENABLE_DBUS:=true}
126 126 ENABLE_HWRANDOM=${ENABLE_HWRANDOM:=true}
127 127 ENABLE_MINGPU=${ENABLE_MINGPU:=false}
128 128 ENABLE_XORG=${ENABLE_XORG:=false}
129 129 ENABLE_WM=${ENABLE_WM:=""}
130 130 ENABLE_RSYSLOG=${ENABLE_RSYSLOG:=true}
131 131 ENABLE_USER=${ENABLE_USER:=true}
132 132 USER_NAME=${USER_NAME:="pi"}
133 133 ENABLE_ROOT=${ENABLE_ROOT:=false}
134 134
135 135 # SSH settings
136 136 SSH_ENABLE_ROOT=${SSH_ENABLE_ROOT:=false}
137 137 SSH_DISABLE_PASSWORD_AUTH=${SSH_DISABLE_PASSWORD_AUTH:=false}
138 138 SSH_LIMIT_USERS=${SSH_LIMIT_USERS:=false}
139 139 SSH_ROOT_PUB_KEY=${SSH_ROOT_PUB_KEY:=""}
140 140 SSH_USER_PUB_KEY=${SSH_USER_PUB_KEY:=""}
141 141
142 142 # Advanced settings
143 143 ENABLE_MINBASE=${ENABLE_MINBASE:=false}
144 144 ENABLE_REDUCE=${ENABLE_REDUCE:=false}
145 145 ENABLE_UBOOT=${ENABLE_UBOOT:=false}
146 146 UBOOTSRC_DIR=${UBOOTSRC_DIR:=""}
147 147 ENABLE_FBTURBO=${ENABLE_FBTURBO:=false}
148 FBTURBOSRC_DIR=${FBTURBOSRC_DIR:=""}
148 149 ENABLE_HARDNET=${ENABLE_HARDNET:=false}
149 150 ENABLE_IPTABLES=${ENABLE_IPTABLES:=false}
150 151 ENABLE_SPLITFS=${ENABLE_SPLITFS:=false}
151 152 ENABLE_INITRAMFS=${ENABLE_INITRAMFS:=false}
152 153 ENABLE_IFNAMES=${ENABLE_IFNAMES:=true}
153 154 DISABLE_UNDERVOLT_WARNINGS=${DISABLE_UNDERVOLT_WARNINGS:=}
154 155
155 156 # Kernel compilation settings
156 157 BUILD_KERNEL=${BUILD_KERNEL:=false}
157 158 KERNEL_REDUCE=${KERNEL_REDUCE:=false}
158 159 KERNEL_THREADS=${KERNEL_THREADS:=1}
159 160 KERNEL_HEADERS=${KERNEL_HEADERS:=true}
160 161 KERNEL_MENUCONFIG=${KERNEL_MENUCONFIG:=false}
161 162 KERNEL_REMOVESRC=${KERNEL_REMOVESRC:=true}
162 163
163 164 # Kernel compilation from source directory settings
164 165 KERNELSRC_DIR=${KERNELSRC_DIR:=""}
165 166 KERNELSRC_CLEAN=${KERNELSRC_CLEAN:=false}
166 167 KERNELSRC_CONFIG=${KERNELSRC_CONFIG:=true}
167 168 KERNELSRC_PREBUILT=${KERNELSRC_PREBUILT:=false}
168 169
169 170 # Reduce disk usage settings
170 171 REDUCE_APT=${REDUCE_APT:=true}
171 172 REDUCE_DOC=${REDUCE_DOC:=true}
172 173 REDUCE_MAN=${REDUCE_MAN:=true}
173 174 REDUCE_VIM=${REDUCE_VIM:=false}
174 175 REDUCE_BASH=${REDUCE_BASH:=false}
175 176 REDUCE_HWDB=${REDUCE_HWDB:=true}
176 177 REDUCE_SSHD=${REDUCE_SSHD:=true}
177 178 REDUCE_LOCALE=${REDUCE_LOCALE:=true}
178 179
179 180 # Encrypted filesystem settings
180 181 ENABLE_CRYPTFS=${ENABLE_CRYPTFS:=false}
181 182 CRYPTFS_PASSWORD=${CRYPTFS_PASSWORD:=""}
182 183 CRYPTFS_MAPPING=${CRYPTFS_MAPPING:="secure"}
183 184 CRYPTFS_CIPHER=${CRYPTFS_CIPHER:="aes-xts-plain64:sha512"}
184 185 CRYPTFS_XTSKEYSIZE=${CRYPTFS_XTSKEYSIZE:=512}
185 186
186 187 # Stop the Crypto Wars
187 188 DISABLE_FBI=${DISABLE_FBI:=false}
188 189
189 190 # Chroot scripts directory
190 191 CHROOT_SCRIPTS=${CHROOT_SCRIPTS:=""}
191 192
192 193 # Packages required in the chroot build environment
193 194 APT_INCLUDES=${APT_INCLUDES:=""}
194 195 APT_INCLUDES="${APT_INCLUDES},apt-transport-https,apt-utils,ca-certificates,debian-archive-keyring,dialog,sudo,systemd,sysvinit-utils"
195 196
196 197 # Packages required for bootstrapping
197 REQUIRED_PACKAGES="debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git bc psmisc dbus"
198 REQUIRED_PACKAGES="debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git bc psmisc dbus sudo"
198 199 MISSING_PACKAGES=""
199 200
201 # Packages installed for c/c++ build environment in chroot (keep empty)
202 COMPILER_PACKAGES=""
203
200 204 set +x
201 205
202 206 # Set Raspberry Pi model specific configuration
203 207 if [ "$RPI_MODEL" = 2 ] ; then
204 208 DTB_FILE=${RPI2_DTB_FILE}
205 209 UBOOT_CONFIG=${RPI2_UBOOT_CONFIG}
206 210 elif [ "$RPI_MODEL" = 3 ] ; then
207 211 DTB_FILE=${RPI3_DTB_FILE}
208 212 UBOOT_CONFIG=${RPI3_UBOOT_CONFIG}
209 213 BUILD_KERNEL=true
210 214 else
211 215 echo "error: Raspberry Pi model ${RPI_MODEL} is not supported!"
212 216 exit 1
213 217 fi
214 218
215 219 # Check if the internal wireless interface is supported by the RPi model
216 220 if [ "$ENABLE_WIRELESS" = true ] && [ "$RPI_MODEL" != 3 ] ; then
217 221 echo "error: The selected Raspberry Pi model has no internal wireless interface"
218 222 exit 1
219 223 fi
220 224
221 225 # Check if DISABLE_UNDERVOLT_WARNINGS parameter value is supported
222 226 if [ ! -z "$DISABLE_UNDERVOLT_WARNINGS" ] ; then
223 227 if [ "$DISABLE_UNDERVOLT_WARNINGS" != 1 ] && [ "$DISABLE_UNDERVOLT_WARNINGS" != 2 ] ; then
224 228 echo "error: DISABLE_UNDERVOLT_WARNINGS=${DISABLE_UNDERVOLT_WARNINGS} is not supported"
225 229 exit 1
226 230 fi
227 231 fi
228 232
229 # Set compiler packages and build RPi2/3 Linux kernel if required by Debian release
230 if [ "$RELEASE" = "jessie" ] ; then
231 COMPILER_PACKAGES="linux-compiler-gcc-4.8-arm g++ make bc"
232 elif [ "$RELEASE" = "stretch" ] ; then
233 COMPILER_PACKAGES="g++ make bc"
233 # Build RPi2/3 Linux kernel if required by Debian release
234 if [ "$RELEASE" = "stretch" ] ; then
234 235 BUILD_KERNEL=true
235 else
236 echo "error: Debian release ${RELEASE} is not supported!"
237 exit 1
238 236 fi
239 237
240 238 # Add packages required for kernel cross compilation
241 239 if [ "$BUILD_KERNEL" = true ] ; then
242 240 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-armhf"
243 241 fi
244 242
245 243 # Add libncurses5 to enable kernel menuconfig
246 244 if [ "$KERNEL_MENUCONFIG" = true ] ; then
247 245 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} libncurses5-dev"
248 246 fi
249 247
250 248 # Stop the Crypto Wars
251 249 if [ "$DISABLE_FBI" = true ] ; then
252 250 ENABLE_CRYPTFS=true
253 251 fi
254 252
255 253 # Add cryptsetup package to enable filesystem encryption
256 254 if [ "$ENABLE_CRYPTFS" = true ] && [ "$BUILD_KERNEL" = true ] ; then
257 255 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} cryptsetup"
258 256 APT_INCLUDES="${APT_INCLUDES},cryptsetup"
259 257
260 258 if [ -z "$CRYPTFS_PASSWORD" ] ; then
261 259 echo "error: no password defined (CRYPTFS_PASSWORD)!"
262 260 exit 1
263 261 fi
264 262 ENABLE_INITRAMFS=true
265 263 fi
266 264
267 265 # Add initramfs generation tools
268 266 if [ "$ENABLE_INITRAMFS" = true ] && [ "$BUILD_KERNEL" = true ] ; then
269 267 APT_INCLUDES="${APT_INCLUDES},initramfs-tools"
270 268 fi
271 269
272 270 # Add device-tree-compiler required for building the U-Boot bootloader
273 271 if [ "$ENABLE_UBOOT" = true ] ; then
274 272 APT_INCLUDES="${APT_INCLUDES},device-tree-compiler"
275 273 fi
276 274
277 275 # Check if root SSH (v2) public key file exists
278 276 if [ ! -z "$SSH_ROOT_PUB_KEY" ] ; then
279 277 if [ ! -f "$SSH_ROOT_PUB_KEY" ] ; then
280 278 echo "error: '$SSH_ROOT_PUB_KEY' specified SSH public key file not found (SSH_ROOT_PUB_KEY)!"
281 279 exit 1
282 280 fi
283 281 fi
284 282
285 283 # Check if $USER_NAME SSH (v2) public key file exists
286 284 if [ ! -z "$SSH_USER_PUB_KEY" ] ; then
287 285 if [ ! -f "$SSH_USER_PUB_KEY" ] ; then
288 286 echo "error: '$SSH_USER_PUB_KEY' specified SSH public key file not found (SSH_USER_PUB_KEY)!"
289 287 exit 1
290 288 fi
291 289 fi
292 290
293 291 # Check if all required packages are installed on the build system
294 292 for package in $REQUIRED_PACKAGES ; do
295 293 if [ "`dpkg-query -W -f='${Status}' $package`" != "install ok installed" ] ; then
296 294 MISSING_PACKAGES="${MISSING_PACKAGES} $package"
297 295 fi
298 296 done
299 297
300 298 # If there are missing packages ask confirmation for install, or exit
301 299 if [ -n "$MISSING_PACKAGES" ] ; then
302 300 echo "the following packages needed by this script are not installed:"
303 301 echo "$MISSING_PACKAGES"
304 302
305 303 echo -n "\ndo you want to install the missing packages right now? [y/n] "
306 304 read confirm
307 305 [ "$confirm" != "y" ] && exit 1
308 306
309 307 # Make sure all missing required packages are installed
310 308 apt-get -qq -y install ${MISSING_PACKAGES}
311 309 fi
312 310
313 311 # Check if ./bootstrap.d directory exists
314 312 if [ ! -d "./bootstrap.d/" ] ; then
315 313 echo "error: './bootstrap.d' required directory not found!"
316 314 exit 1
317 315 fi
318 316
319 317 # Check if ./files directory exists
320 318 if [ ! -d "./files/" ] ; then
321 319 echo "error: './files' required directory not found!"
322 320 exit 1
323 321 fi
324 322
325 323 # Check if specified KERNELSRC_DIR directory exists
326 324 if [ -n "$KERNELSRC_DIR" ] && [ ! -d "$KERNELSRC_DIR" ] ; then
327 325 echo "error: '${KERNELSRC_DIR}' specified directory not found (KERNELSRC_DIR)!"
328 326 exit 1
329 327 fi
330 328
331 329 # Check if specified UBOOTSRC_DIR directory exists
332 330 if [ -n "$UBOOTSRC_DIR" ] && [ ! -d "$UBOOTSRC_DIR" ] ; then
333 331 echo "error: '${UBOOTSRC_DIR}' specified directory not found (UBOOTSRC_DIR)!"
334 332 exit 1
335 333 fi
336 334
335 # Check if specified FBTURBOSRC_DIR directory exists
336 if [ -n "$FBTURBOSRC_DIR" ] && [ ! -d "$FBTURBOSRC_DIR" ] ; then
337 echo "error: '${FBTURBOSRC_DIR}' specified directory not found (FBTURBOSRC_DIR)!"
338 exit 1
339 fi
340
337 341 # Check if specified CHROOT_SCRIPTS directory exists
338 342 if [ -n "$CHROOT_SCRIPTS" ] && [ ! -d "$CHROOT_SCRIPTS" ] ; then
339 343 echo "error: ${CHROOT_SCRIPTS} specified directory not found (CHROOT_SCRIPTS)!"
340 344 exit 1
341 345 fi
342 346
343 347 # Check if specified device mapping already exists (will be used by cryptsetup)
344 348 if [ -r "/dev/mapping/${CRYPTFS_MAPPING}" ] ; then
345 349 echo "error: mapping /dev/mapping/${CRYPTFS_MAPPING} already exists, not proceeding"
346 350 exit 1
347 351 fi
348 352
349 353 # Don't clobber an old build
350 354 if [ -e "$BUILDDIR" ] ; then
351 355 echo "error: directory ${BUILDDIR} already exists, not proceeding"
352 356 exit 1
353 357 fi
354 358
355 359 # Setup chroot directory
356 360 mkdir -p "${R}"
357 361
358 362 # Check if build directory has enough of free disk space >512MB
359 363 if [ "$(df --output=avail ${BUILDDIR} | sed "1d")" -le "524288" ] ; then
360 364 echo "error: ${BUILDDIR} not enough space left to generate the output image!"
361 365 exit 1
362 366 fi
363 367
364 368 set -x
365 369
366 370 # Call "cleanup" function on various signals and errors
367 371 trap cleanup 0 1 2 3 6
368 372
369 373 # Add required packages for the minbase installation
370 374 if [ "$ENABLE_MINBASE" = true ] ; then
371 375 APT_INCLUDES="${APT_INCLUDES},vim-tiny,netbase,net-tools,ifupdown"
372 376 fi
373 377
374 378 # Add required locales packages
375 379 if [ "$DEFLOCAL" != "en_US.UTF-8" ] ; then
376 380 APT_INCLUDES="${APT_INCLUDES},locales,keyboard-configuration,console-setup"
377 381 fi
378 382
379 383 # Add parted package, required to get partprobe utility
380 384 if [ "$EXPANDROOT" = true ] ; then
381 385 APT_INCLUDES="${APT_INCLUDES},parted"
382 386 fi
383 387
384 388 # Add dbus package, recommended if using systemd
385 389 if [ "$ENABLE_DBUS" = true ] ; then
386 390 APT_INCLUDES="${APT_INCLUDES},dbus"
387 391 fi
388 392
389 393 # Add iptables IPv4/IPv6 package
390 394 if [ "$ENABLE_IPTABLES" = true ] ; then
391 395 APT_INCLUDES="${APT_INCLUDES},iptables"
392 396 fi
393 397
394 398 # Add openssh server package
395 399 if [ "$ENABLE_SSHD" = true ] ; then
396 400 APT_INCLUDES="${APT_INCLUDES},openssh-server"
397 401 fi
398 402
399 403 # Add alsa-utils package
400 404 if [ "$ENABLE_SOUND" = true ] ; then
401 405 APT_INCLUDES="${APT_INCLUDES},alsa-utils"
402 406 fi
403 407
404 408 # Add rng-tools package
405 409 if [ "$ENABLE_HWRANDOM" = true ] ; then
406 410 APT_INCLUDES="${APT_INCLUDES},rng-tools"
407 411 fi
408 412
409 413 # Add fbturbo video driver
410 414 if [ "$ENABLE_FBTURBO" = true ] ; then
411 415 # Enable xorg package dependencies
412 416 ENABLE_XORG=true
413 417 fi
414 418
415 419 # Add user defined window manager package
416 420 if [ -n "$ENABLE_WM" ] ; then
417 421 APT_INCLUDES="${APT_INCLUDES},${ENABLE_WM}"
418 422
419 423 # Enable xorg package dependencies
420 424 ENABLE_XORG=true
421 425 fi
422 426
423 427 # Add xorg package
424 428 if [ "$ENABLE_XORG" = true ] ; then
425 429 APT_INCLUDES="${APT_INCLUDES},xorg"
426 430 fi
427 431
428 432 # Replace selected packages with smaller clones
429 433 if [ "$ENABLE_REDUCE" = true ] ; then
430 434 # Add levee package instead of vim-tiny
431 435 if [ "$REDUCE_VIM" = true ] ; then
432 436 APT_INCLUDES="$(echo ${APT_INCLUDES} | sed "s/vim-tiny/levee/")"
433 437 fi
434 438
435 439 # Add dropbear package instead of openssh-server
436 440 if [ "$REDUCE_SSHD" = true ] ; then
437 441 APT_INCLUDES="$(echo ${APT_INCLUDES} | sed "s/openssh-server/dropbear/")"
438 442 fi
439 443 fi
440 444
441 445 # Configure kernel sources if no KERNELSRC_DIR
442 446 if [ "$BUILD_KERNEL" = true ] && [ -z "$KERNELSRC_DIR" ] ; then
443 447 KERNELSRC_CONFIG=true
444 448 fi
445 449
446 450 # Configure reduced kernel
447 451 if [ "$KERNEL_REDUCE" = true ] ; then
448 452 KERNELSRC_CONFIG=false
449 453 fi
450 454
451 455 # Execute bootstrap scripts
452 456 for SCRIPT in bootstrap.d/*.sh; do
453 457 head -n 3 "$SCRIPT"
454 458 . "$SCRIPT"
455 459 done
456 460
457 461 ## Execute custom bootstrap scripts
458 462 if [ -d "custom.d" ] ; then
459 463 for SCRIPT in custom.d/*.sh; do
460 464 . "$SCRIPT"
461 465 done
462 466 fi
463 467
464 468 # Execute custom scripts inside the chroot
465 469 if [ -n "$CHROOT_SCRIPTS" ] && [ -d "$CHROOT_SCRIPTS" ] ; then
466 470 cp -r "${CHROOT_SCRIPTS}" "${R}/chroot_scripts"
467 471 chroot_exec /bin/bash -x <<'EOF'
468 472 for SCRIPT in /chroot_scripts/* ; do
469 473 if [ -f $SCRIPT -a -x $SCRIPT ] ; then
470 474 $SCRIPT
471 475 fi
472 476 done
473 477 EOF
474 478 rm -rf "${R}/chroot_scripts"
475 479 fi
476 480
481 # Remove c/c++ build environment from the chroot
482 chroot_remove_cc
483
477 484 # Remove apt-utils
478 485 if [ "$RELEASE" = "jessie" ] ; then
479 486 chroot_exec apt-get purge -qq -y --force-yes apt-utils
480 487 fi
481 488
482 489 # Generate required machine-id
483 490 MACHINE_ID=$(dbus-uuidgen)
484 491 echo -n "${MACHINE_ID}" > "${R}/var/lib/dbus/machine-id"
485 492 echo -n "${MACHINE_ID}" > "${ETC_DIR}/machine-id"
486 493
487 494 # APT Cleanup
488 495 chroot_exec apt-get -y clean
489 496 chroot_exec apt-get -y autoclean
490 497 chroot_exec apt-get -y autoremove
491 498
492 499 # Unmount mounted filesystems
493 500 umount -l "${R}/proc"
494 501 umount -l "${R}/sys"
495 502
496 503 # Clean up directories
497 504 rm -rf "${R}/run/*"
498 505 rm -rf "${R}/tmp/*"
499 506
500 507 # Clean up files
501 508 rm -f "${ETC_DIR}/ssh/ssh_host_*"
502 509 rm -f "${ETC_DIR}/dropbear/dropbear_*"
503 510 rm -f "${ETC_DIR}/apt/sources.list.save"
504 511 rm -f "${ETC_DIR}/resolvconf/resolv.conf.d/original"
505 512 rm -f "${ETC_DIR}/*-"
506 513 rm -f "${ETC_DIR}/apt/apt.conf.d/10proxy"
507 514 rm -f "${ETC_DIR}/resolv.conf"
508 515 rm -f "${R}/root/.bash_history"
509 516 rm -f "${R}/var/lib/urandom/random-seed"
510 517 rm -f "${R}/initrd.img"
511 518 rm -f "${R}/vmlinuz"
512 519 rm -f "${R}${QEMU_BINARY}"
513 520
514 521 # Calculate size of the chroot directory in KB
515 522 CHROOT_SIZE=$(expr `du -s "${R}" | awk '{ print $1 }'`)
516 523
517 524 # Calculate the amount of needed 512 Byte sectors
518 525 TABLE_SECTORS=$(expr 1 \* 1024 \* 1024 \/ 512)
519 526 FRMW_SECTORS=$(expr 64 \* 1024 \* 1024 \/ 512)
520 527 ROOT_OFFSET=$(expr ${TABLE_SECTORS} + ${FRMW_SECTORS})
521 528
522 529 # The root partition is EXT4
523 530 # This means more space than the actual used space of the chroot is used.
524 531 # As overhead for journaling and reserved blocks 25% are added.
525 532 ROOT_SECTORS=$(expr $(expr ${CHROOT_SIZE} + ${CHROOT_SIZE} \/ 100 \* 25) \* 1024 \/ 512)
526 533
527 534 # Calculate required image size in 512 Byte sectors
528 535 IMAGE_SECTORS=$(expr ${TABLE_SECTORS} + ${FRMW_SECTORS} + ${ROOT_SECTORS})
529 536
530 537 # Prepare image file
531 538 if [ "$ENABLE_SPLITFS" = true ] ; then
532 539 dd if=/dev/zero of="$IMAGE_NAME-frmw.img" bs=512 count=${TABLE_SECTORS}
533 540 dd if=/dev/zero of="$IMAGE_NAME-frmw.img" bs=512 count=0 seek=${FRMW_SECTORS}
534 541 dd if=/dev/zero of="$IMAGE_NAME-root.img" bs=512 count=${TABLE_SECTORS}
535 542 dd if=/dev/zero of="$IMAGE_NAME-root.img" bs=512 count=0 seek=${ROOT_SECTORS}
536 543
537 544 # Write firmware/boot partition tables
538 545 sfdisk -q -L -uS -f "$IMAGE_NAME-frmw.img" 2> /dev/null <<EOM
539 546 ${TABLE_SECTORS},${FRMW_SECTORS},c,*
540 547 EOM
541 548
542 549 # Write root partition table
543 550 sfdisk -q -L -uS -f "$IMAGE_NAME-root.img" 2> /dev/null <<EOM
544 551 ${TABLE_SECTORS},${ROOT_SECTORS},83
545 552 EOM
546 553
547 554 # Setup temporary loop devices
548 555 FRMW_LOOP="$(losetup -o 1M --sizelimit 64M -f --show $IMAGE_NAME-frmw.img)"
549 556 ROOT_LOOP="$(losetup -o 1M -f --show $IMAGE_NAME-root.img)"
550 557 else # ENABLE_SPLITFS=false
551 558 dd if=/dev/zero of="$IMAGE_NAME.img" bs=512 count=${TABLE_SECTORS}
552 559 dd if=/dev/zero of="$IMAGE_NAME.img" bs=512 count=0 seek=${IMAGE_SECTORS}
553 560
554 561 # Write partition table
555 562 sfdisk -q -L -uS -f "$IMAGE_NAME.img" 2> /dev/null <<EOM
556 563 ${TABLE_SECTORS},${FRMW_SECTORS},c,*
557 564 ${ROOT_OFFSET},${ROOT_SECTORS},83
558 565 EOM
559 566
560 567 # Setup temporary loop devices
561 568 FRMW_LOOP="$(losetup -o 1M --sizelimit 64M -f --show $IMAGE_NAME.img)"
562 569 ROOT_LOOP="$(losetup -o 65M -f --show $IMAGE_NAME.img)"
563 570 fi
564 571
565 572 if [ "$ENABLE_CRYPTFS" = true ] ; then
566 573 # Create dummy ext4 fs
567 574 mkfs.ext4 "$ROOT_LOOP"
568 575
569 576 # Setup password keyfile
570 echo -n ${CRYPTFS_PASSWORD} > .password
577 touch .password
571 578 chmod 600 .password
579 echo -n ${CRYPTFS_PASSWORD} > .password
572 580
573 581 # Initialize encrypted partition
574 582 echo "YES" | cryptsetup luksFormat "${ROOT_LOOP}" -c "${CRYPTFS_CIPHER}" -s "${CRYPTFS_XTSKEYSIZE}" .password
575 583
576 584 # Open encrypted partition and setup mapping
577 585 cryptsetup luksOpen "${ROOT_LOOP}" -d .password "${CRYPTFS_MAPPING}"
578 586
579 587 # Secure delete password keyfile
580 588 shred -zu .password
581 589
582 590 # Update temporary loop device
583 591 ROOT_LOOP="/dev/mapper/${CRYPTFS_MAPPING}"
584 592
585 593 # Wipe encrypted partition (encryption cipher is used for randomness)
586 594 dd if=/dev/zero of="${ROOT_LOOP}" bs=512 count=$(blockdev --getsz "${ROOT_LOOP}")
587 595 fi
588 596
589 597 # Build filesystems
590 598 mkfs.vfat "$FRMW_LOOP"
591 599 mkfs.ext4 "$ROOT_LOOP"
592 600
593 601 # Mount the temporary loop devices
594 602 mkdir -p "$BUILDDIR/mount"
595 603 mount "$ROOT_LOOP" "$BUILDDIR/mount"
596 604
597 605 mkdir -p "$BUILDDIR/mount/boot/firmware"
598 606 mount "$FRMW_LOOP" "$BUILDDIR/mount/boot/firmware"
599 607
600 608 # Copy all files from the chroot to the loop device mount point directory
601 609 rsync -a "${R}/" "$BUILDDIR/mount/"
602 610
603 611 # Unmount all temporary loop devices and mount points
604 612 cleanup
605 613
606 614 # Create block map file(s) of image(s)
607 615 if [ "$ENABLE_SPLITFS" = true ] ; then
608 616 # Create block map files for "bmaptool"
609 617 bmaptool create -o "$IMAGE_NAME-frmw.bmap" "$IMAGE_NAME-frmw.img"
610 618 bmaptool create -o "$IMAGE_NAME-root.bmap" "$IMAGE_NAME-root.img"
611 619
612 620 # Image was successfully created
613 621 echo "$IMAGE_NAME-frmw.img ($(expr \( ${TABLE_SECTORS} + ${FRMW_SECTORS} \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
614 622 echo "$IMAGE_NAME-root.img ($(expr \( ${TABLE_SECTORS} + ${ROOT_SECTORS} \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
615 623 else
616 624 # Create block map file for "bmaptool"
617 625 bmaptool create -o "$IMAGE_NAME.bmap" "$IMAGE_NAME.img"
618 626
619 627 # Image was successfully created
620 628 echo "$IMAGE_NAME.img ($(expr \( ${TABLE_SECTORS} + ${FRMW_SECTORS} + ${ROOT_SECTORS} \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
621 629 fi
General Comments 0
Vous devez vous connecter pour laisser un commentaire. Se connecter maintenant