##// END OF EJS Templates
Updated: Dropping privileges, chroot compiler install, dropbear sshd config
drtyhlpr -
r142:14de70396904
parent child
Show More
@@ -1,422 +1,425
1 # rpi23-gen-image
1 # rpi23-gen-image
2 ## Introduction
2 ## Introduction
3 `rpi23-gen-image.sh` is an advanced Debian Linux bootstrapping shell script for generating Debian OS images for Raspberry Pi 2 (RPi2) and Raspberry Pi 3 (RPi3) computers. The script at this time supports the bootstrapping of the Debian (armhf) releases `jessie` and `stretch`. Raspberry Pi 3 images are currently generated for 32-bit mode only.
3 `rpi23-gen-image.sh` is an advanced Debian Linux bootstrapping shell script for generating Debian OS images for Raspberry Pi 2 (RPi2) and Raspberry Pi 3 (RPi3) computers. The script at this time supports the bootstrapping of the Debian (armhf) releases `jessie` and `stretch`. Raspberry Pi 3 images are currently generated for 32-bit mode only.
4
4
5 ## Build dependencies
5 ## Build dependencies
6 The following list of Debian packages must be installed on the build system because they are essentially required for the bootstrapping process. The script will check if all required packages are installed and missing packages will be installed automatically if confirmed by the user.
6 The following list of Debian packages must be installed on the build system because they are essentially required for the bootstrapping process. The script will check if all required packages are installed and missing packages will be installed automatically if confirmed by the user.
7
7
8 ```debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git bc psmisc dbus```
8 ```debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git bc psmisc dbus sudo```
9
9
10 It is recommended to configure the `rpi23-gen-image.sh` script to build and install the latest Raspberry Pi Linux kernel. For the RPi3 this is mandetory. Kernel compilation and linking will be performed on the build system using an ARM (armhf) cross-compiler toolchain.
10 It is recommended to configure the `rpi23-gen-image.sh` script to build and install the latest Raspberry Pi Linux kernel. For the RPi3 this is mandetory. Kernel compilation and linking will be performed on the build system using an ARM (armhf) cross-compiler toolchain.
11
11
12 The script has been tested using the default `crossbuild-essential-armhf` toolchain meta package on Debian Linux `jessie` and `stretch` build systems. Please check the [Debian CrossToolchains Wiki](https://wiki.debian.org/CrossToolchains) for further information.
12 The script has been tested using the default `crossbuild-essential-armhf` toolchain meta package on Debian Linux `jessie` and `stretch` build systems. Please check the [Debian CrossToolchains Wiki](https://wiki.debian.org/CrossToolchains) for further information.
13
13
14 If a Debian Linux `jessie` build system is used it will be required to add the [Debian Cross-toolchains repository](http://emdebian.org/tools/debian/) first:
14 If a Debian Linux `jessie` build system is used it will be required to add the [Debian Cross-toolchains repository](http://emdebian.org/tools/debian/) first:
15
15
16 ```
16 ```
17 echo "deb http://emdebian.org/tools/debian/ jessie main" > /etc/apt/sources.list.d/crosstools.list
17 echo "deb http://emdebian.org/tools/debian/ jessie main" > /etc/apt/sources.list.d/crosstools.list
18 sudo -u nobody wget -O - http://emdebian.org/tools/debian/emdebian-toolchain-archive.key | apt-key add -
18 sudo -u nobody wget -O - http://emdebian.org/tools/debian/emdebian-toolchain-archive.key | apt-key add -
19 dpkg --add-architecture armhf
19 dpkg --add-architecture armhf
20 apt-get update
20 apt-get update
21 ```
21 ```
22
22
23 ## Command-line parameters
23 ## Command-line parameters
24 The script accepts certain command-line parameters to enable or disable specific OS features, services and configuration settings. These parameters are passed to the `rpi23-gen-image.sh` script via (simple) shell-variables. Unlike environment shell-variables (simple) shell-variables are defined at the beginning of the command-line call of the `rpi23-gen-image.sh` script.
24 The script accepts certain command-line parameters to enable or disable specific OS features, services and configuration settings. These parameters are passed to the `rpi23-gen-image.sh` script via (simple) shell-variables. Unlike environment shell-variables (simple) shell-variables are defined at the beginning of the command-line call of the `rpi23-gen-image.sh` script.
25
25
26 #####Command-line examples:
26 #####Command-line examples:
27 ```shell
27 ```shell
28 ENABLE_UBOOT=true ./rpi23-gen-image.sh
28 ENABLE_UBOOT=true ./rpi23-gen-image.sh
29 ENABLE_CONSOLE=false ENABLE_IPV6=false ./rpi23-gen-image.sh
29 ENABLE_CONSOLE=false ENABLE_IPV6=false ./rpi23-gen-image.sh
30 ENABLE_WM=xfce4 ENABLE_FBTURBO=true ENABLE_MINBASE=true ./rpi23-gen-image.sh
30 ENABLE_WM=xfce4 ENABLE_FBTURBO=true ENABLE_MINBASE=true ./rpi23-gen-image.sh
31 ENABLE_HARDNET=true ENABLE_IPTABLES=true /rpi23-gen-image.sh
31 ENABLE_HARDNET=true ENABLE_IPTABLES=true /rpi23-gen-image.sh
32 APT_SERVER=ftp.de.debian.org APT_PROXY="http://127.0.0.1:3142/" ./rpi23-gen-image.sh
32 APT_SERVER=ftp.de.debian.org APT_PROXY="http://127.0.0.1:3142/" ./rpi23-gen-image.sh
33 ENABLE_MINBASE=true ./rpi23-gen-image.sh
33 ENABLE_MINBASE=true ./rpi23-gen-image.sh
34 BUILD_KERNEL=true ENABLE_MINBASE=true ENABLE_IPV6=false ./rpi23-gen-image.sh
34 BUILD_KERNEL=true ENABLE_MINBASE=true ENABLE_IPV6=false ./rpi23-gen-image.sh
35 BUILD_KERNEL=true KERNELSRC_DIR=/tmp/linux ./rpi23-gen-image.sh
35 BUILD_KERNEL=true KERNELSRC_DIR=/tmp/linux ./rpi23-gen-image.sh
36 ENABLE_MINBASE=true ENABLE_REDUCE=true ENABLE_MINGPU=true BUILD_KERNEL=true ./rpi23-gen-image.sh
36 ENABLE_MINBASE=true ENABLE_REDUCE=true ENABLE_MINGPU=true BUILD_KERNEL=true ./rpi23-gen-image.sh
37 ENABLE_CRYPTFS=true CRYPTFS_PASSWORD=changeme EXPANDROOT=false ENABLE_MINBASE=true ENABLE_REDUCE=true ENABLE_MINGPU=true BUILD_KERNEL=true ./rpi23-gen-image.sh
37 ENABLE_CRYPTFS=true CRYPTFS_PASSWORD=changeme EXPANDROOT=false ENABLE_MINBASE=true ENABLE_REDUCE=true ENABLE_MINGPU=true BUILD_KERNEL=true ./rpi23-gen-image.sh
38 RELEASE=stretch BUILD_KERNEL=true ./rpi23-gen-image.sh
38 RELEASE=stretch BUILD_KERNEL=true ./rpi23-gen-image.sh
39 RPI_MODEL=3 ENABLE_WIRELESS=true ENABLE_MINBASE=true BUILD_KERNEL=true ./rpi23-gen-image.sh
39 RPI_MODEL=3 ENABLE_WIRELESS=true ENABLE_MINBASE=true BUILD_KERNEL=true ./rpi23-gen-image.sh
40 RELEASE=stretch RPI_MODEL=3 ENABLE_WIRELESS=true ENABLE_MINBASE=true BUILD_KERNEL=true ./rpi23-gen-image.sh
40 RELEASE=stretch RPI_MODEL=3 ENABLE_WIRELESS=true ENABLE_MINBASE=true BUILD_KERNEL=true ./rpi23-gen-image.sh
41 ```
41 ```
42
42
43 ## Configuration template files
43 ## Configuration template files
44 To avoid long lists of command-line parameters and to help to store the favourite parameter configurations the `rpi23-gen-image.sh` script supports so called configuration template files (`CONFIG_TEMPLATE`=template). These are simple text files located in the `./templates` directory that contain the list of configuration parameters that will be used. New configuration template files can be added to the `./templates` directory.
44 To avoid long lists of command-line parameters and to help to store the favourite parameter configurations the `rpi23-gen-image.sh` script supports so called configuration template files (`CONFIG_TEMPLATE`=template). These are simple text files located in the `./templates` directory that contain the list of configuration parameters that will be used. New configuration template files can be added to the `./templates` directory.
45
45
46 #####Command-line examples:
46 #####Command-line examples:
47 ```shell
47 ```shell
48 CONFIG_TEMPLATE=rpi3stretch ./rpi23-gen-image.sh
48 CONFIG_TEMPLATE=rpi3stretch ./rpi23-gen-image.sh
49 CONFIG_TEMPLATE=rpi2stretch ./rpi23-gen-image.sh
49 CONFIG_TEMPLATE=rpi2stretch ./rpi23-gen-image.sh
50 ```
50 ```
51
51
52 ## Supported parameters and settings
52 ## Supported parameters and settings
53 #### APT settings:
53 #### APT settings:
54 ##### `APT_SERVER`="ftp.debian.org"
54 ##### `APT_SERVER`="ftp.debian.org"
55 Set Debian packages server address. Choose a server from the list of Debian worldwide [mirror sites](https://www.debian.org/mirror/list). Using a nearby server will probably speed-up all required downloads within the bootstrapping process.
55 Set Debian packages server address. Choose a server from the list of Debian worldwide [mirror sites](https://www.debian.org/mirror/list). Using a nearby server will probably speed-up all required downloads within the bootstrapping process.
56
56
57 ##### `APT_PROXY`=""
57 ##### `APT_PROXY`=""
58 Set Proxy server address. Using a local Proxy-Cache like `apt-cacher-ng` will speed-up the bootstrapping process because all required Debian packages will only be downloaded from the Debian mirror site once.
58 Set Proxy server address. Using a local Proxy-Cache like `apt-cacher-ng` will speed-up the bootstrapping process because all required Debian packages will only be downloaded from the Debian mirror site once.
59
59
60 ##### `APT_INCLUDES`=""
60 ##### `APT_INCLUDES`=""
61 A comma separated list of additional packages to be installed during bootstrapping.
61 A comma separated list of additional packages to be installed during bootstrapping.
62
62
63 ---
63 ---
64
64
65 #### General system settings:
65 #### General system settings:
66 ##### `RPI_MODEL`=2
66 ##### `RPI_MODEL`=2
67 Specifiy the target Raspberry Pi hardware model. The script at this time supports the Raspberry Pi models `2` and `3`. `BUILD_KERNEL`=true will automatically be set if the Raspberry Pi model `3` is used.
67 Specifiy the target Raspberry Pi hardware model. The script at this time supports the Raspberry Pi models `2` and `3`. `BUILD_KERNEL`=true will automatically be set if the Raspberry Pi model `3` is used.
68
68
69 ##### `RELEASE`="jessie"
69 ##### `RELEASE`="jessie"
70 Set the desired Debian release name. The script at this time supports the bootstrapping of the Debian releases "jessie" and "stretch". `BUILD_KERNEL`=true will automatically be set if the Debian release `stretch` is used.
70 Set the desired Debian release name. The script at this time supports the bootstrapping of the Debian releases "jessie" and "stretch". `BUILD_KERNEL`=true will automatically be set if the Debian release `stretch` is used.
71
71
72 ##### `HOSTNAME`="rpi$RPI_MODEL-$RELEASE"
72 ##### `HOSTNAME`="rpi$RPI_MODEL-$RELEASE"
73 Set system host name. It's recommended that the host name is unique in the corresponding subnet.
73 Set system host name. It's recommended that the host name is unique in the corresponding subnet.
74
74
75 ##### `PASSWORD`="raspberry"
75 ##### `PASSWORD`="raspberry"
76 Set system `root` password. It's **STRONGLY** recommended that you choose a custom password.
76 Set system `root` password. It's **STRONGLY** recommended that you choose a custom password.
77
77
78 ##### `USER_PASSWORD`="raspberry"
78 ##### `USER_PASSWORD`="raspberry"
79 Set password for the created non-root user `USER_NAME`=pi. Ignored if `ENABLE_USER`=false. It's **STRONGLY** recommended that you choose a custom password.
79 Set password for the created non-root user `USER_NAME`=pi. Ignored if `ENABLE_USER`=false. It's **STRONGLY** recommended that you choose a custom password.
80
80
81 ##### `DEFLOCAL`="en_US.UTF-8"
81 ##### `DEFLOCAL`="en_US.UTF-8"
82 Set default system locale. This setting can also be changed inside the running OS using the `dpkg-reconfigure locales` command. Please note that on using this parameter the script will automatically install the required packages `locales`, `keyboard-configuration` and `console-setup`.
82 Set default system locale. This setting can also be changed inside the running OS using the `dpkg-reconfigure locales` command. Please note that on using this parameter the script will automatically install the required packages `locales`, `keyboard-configuration` and `console-setup`.
83
83
84 ##### `TIMEZONE`="Europe/Berlin"
84 ##### `TIMEZONE`="Europe/Berlin"
85 Set default system timezone. All available timezones can be found in the `/usr/share/zoneinfo/` directory. This setting can also be changed inside the running OS using the `dpkg-reconfigure tzdata` command.
85 Set default system timezone. All available timezones can be found in the `/usr/share/zoneinfo/` directory. This setting can also be changed inside the running OS using the `dpkg-reconfigure tzdata` command.
86
86
87 ##### `EXPANDROOT`=true
87 ##### `EXPANDROOT`=true
88 Expand the root partition and filesystem automatically on first boot.
88 Expand the root partition and filesystem automatically on first boot.
89
89
90 ---
90 ---
91
91
92 #### Keyboard settings:
92 #### Keyboard settings:
93 These options are used to configure keyboard layout in `/etc/default/keyboard` for console and Xorg. These settings can also be changed inside the running OS using the `dpkg-reconfigure keyboard-configuration` command.
93 These options are used to configure keyboard layout in `/etc/default/keyboard` for console and Xorg. These settings can also be changed inside the running OS using the `dpkg-reconfigure keyboard-configuration` command.
94
94
95 ##### `XKB_MODEL`=""
95 ##### `XKB_MODEL`=""
96 Set the name of the model of your keyboard type.
96 Set the name of the model of your keyboard type.
97
97
98 ##### `XKB_LAYOUT`=""
98 ##### `XKB_LAYOUT`=""
99 Set the supported keyboard layout(s).
99 Set the supported keyboard layout(s).
100
100
101 ##### `XKB_VARIANT`=""
101 ##### `XKB_VARIANT`=""
102 Set the supported variant(s) of the keyboard layout(s).
102 Set the supported variant(s) of the keyboard layout(s).
103
103
104 ##### `XKB_OPTIONS`=""
104 ##### `XKB_OPTIONS`=""
105 Set extra xkb configuration options.
105 Set extra xkb configuration options.
106
106
107 ---
107 ---
108
108
109 #### Networking settings (DHCP):
109 #### Networking settings (DHCP):
110 This parameter is used to set up networking auto configuration in `/etc/systemd/network/eth.network`. The default location of network configuration files in the Debian `stretch` release was changed to `/lib/systemd/network`.`
110 This parameter is used to set up networking auto configuration in `/etc/systemd/network/eth.network`. The default location of network configuration files in the Debian `stretch` release was changed to `/lib/systemd/network`.`
111
111
112 #####`ENABLE_DHCP`=true
112 #####`ENABLE_DHCP`=true
113 Set the system to use DHCP. This requires an DHCP server.
113 Set the system to use DHCP. This requires an DHCP server.
114
114
115 ---
115 ---
116
116
117 #### Networking settings (static):
117 #### Networking settings (static):
118 These parameters are used to set up a static networking configuration in `/etc/systemd/network/eth.network`. The following static networking parameters are only supported if `ENABLE_DHCP` was set to `false`. The default location of network configuration files in the Debian `stretch` release was changed to `/lib/systemd/network`.
118 These parameters are used to set up a static networking configuration in `/etc/systemd/network/eth.network`. The following static networking parameters are only supported if `ENABLE_DHCP` was set to `false`. The default location of network configuration files in the Debian `stretch` release was changed to `/lib/systemd/network`.
119
119
120 #####`NET_ADDRESS`=""
120 #####`NET_ADDRESS`=""
121 Set a static IPv4 or IPv6 address and its prefix, separated by "/", eg. "192.169.0.3/24".
121 Set a static IPv4 or IPv6 address and its prefix, separated by "/", eg. "192.169.0.3/24".
122
122
123 #####`NET_GATEWAY`=""
123 #####`NET_GATEWAY`=""
124 Set the IP address for the default gateway.
124 Set the IP address for the default gateway.
125
125
126 #####`NET_DNS_1`=""
126 #####`NET_DNS_1`=""
127 Set the IP address for the first DNS server.
127 Set the IP address for the first DNS server.
128
128
129 #####`NET_DNS_2`=""
129 #####`NET_DNS_2`=""
130 Set the IP address for the second DNS server.
130 Set the IP address for the second DNS server.
131
131
132 #####`NET_DNS_DOMAINS`=""
132 #####`NET_DNS_DOMAINS`=""
133 Set the default DNS search domains to use for non fully qualified host names.
133 Set the default DNS search domains to use for non fully qualified host names.
134
134
135 #####`NET_NTP_1`=""
135 #####`NET_NTP_1`=""
136 Set the IP address for the first NTP server.
136 Set the IP address for the first NTP server.
137
137
138 #####`NET_NTP_2`=""
138 #####`NET_NTP_2`=""
139 Set the IP address for the second NTP server.
139 Set the IP address for the second NTP server.
140
140
141 ---
141 ---
142
142
143 #### Basic system features:
143 #### Basic system features:
144 ##### `ENABLE_CONSOLE`=true
144 ##### `ENABLE_CONSOLE`=true
145 Enable serial console interface. Recommended if no monitor or keyboard is connected to the RPi2/3. In case of problems fe. if the network (auto) configuration failed - the serial console can be used to access the system.
145 Enable serial console interface. Recommended if no monitor or keyboard is connected to the RPi2/3. In case of problems fe. if the network (auto) configuration failed - the serial console can be used to access the system.
146
146
147 ##### `ENABLE_I2C`=false
147 ##### `ENABLE_I2C`=false
148 Enable I2C interface on the RPi2/3. Please check the [RPi2/3 pinout diagrams](http://elinux.org/RPi_Low-level_peripherals) to connect the right GPIO pins.
148 Enable I2C interface on the RPi2/3. Please check the [RPi2/3 pinout diagrams](http://elinux.org/RPi_Low-level_peripherals) to connect the right GPIO pins.
149
149
150 ##### `ENABLE_SPI`=false
150 ##### `ENABLE_SPI`=false
151 Enable SPI interface on the RPi2/3. Please check the [RPi2/3 pinout diagrams](http://elinux.org/RPi_Low-level_peripherals) to connect the right GPIO pins.
151 Enable SPI interface on the RPi2/3. Please check the [RPi2/3 pinout diagrams](http://elinux.org/RPi_Low-level_peripherals) to connect the right GPIO pins.
152
152
153 ##### `ENABLE_IPV6`=true
153 ##### `ENABLE_IPV6`=true
154 Enable IPv6 support. The network interface configuration is managed via systemd-networkd.
154 Enable IPv6 support. The network interface configuration is managed via systemd-networkd.
155
155
156 ##### `ENABLE_SSHD`=true
156 ##### `ENABLE_SSHD`=true
157 Install and enable OpenSSH service. The default configuration of the service doesn't allow `root` to login. Please use the user `pi` instead and `su -` or `sudo` to execute commands as root.
157 Install and enable OpenSSH service. The default configuration of the service doesn't allow `root` to login. Please use the user `pi` instead and `su -` or `sudo` to execute commands as root.
158
158
159 ##### `ENABLE_NONFREE`=false
159 ##### `ENABLE_NONFREE`=false
160 Allow the installation of non-free Debian packages that do not comply with the DFSG. This is required to install closed-source firmware binary blobs.
160 Allow the installation of non-free Debian packages that do not comply with the DFSG. This is required to install closed-source firmware binary blobs.
161
161
162 ##### `ENABLE_WIRELESS`=false
162 ##### `ENABLE_WIRELESS`=false
163 Download and install the [closed-source firmware binary blob](https://github.com/RPi-Distro/firmware-nonfree/tree/master/brcm80211/brcm) that is required to run the internal wireless interface of the Raspberry Pi model `3`. This parameter is ignored if the specified `RPI_MODEL` is not `3`.
163 Download and install the [closed-source firmware binary blob](https://github.com/RPi-Distro/firmware-nonfree/tree/master/brcm80211/brcm) that is required to run the internal wireless interface of the Raspberry Pi model `3`. This parameter is ignored if the specified `RPI_MODEL` is not `3`.
164
164
165 ##### `ENABLE_RSYSLOG`=true
165 ##### `ENABLE_RSYSLOG`=true
166 If set to false, disable and uninstall rsyslog (so logs will be available only
166 If set to false, disable and uninstall rsyslog (so logs will be available only
167 in journal files)
167 in journal files)
168
168
169 ##### `ENABLE_SOUND`=true
169 ##### `ENABLE_SOUND`=true
170 Enable sound hardware and install Advanced Linux Sound Architecture.
170 Enable sound hardware and install Advanced Linux Sound Architecture.
171
171
172 ##### `ENABLE_HWRANDOM`=true
172 ##### `ENABLE_HWRANDOM`=true
173 Enable Hardware Random Number Generator. Strong random numbers are important for most network based communications that use encryption. It's recommended to be enabled.
173 Enable Hardware Random Number Generator. Strong random numbers are important for most network based communications that use encryption. It's recommended to be enabled.
174
174
175 ##### `ENABLE_MINGPU`=false
175 ##### `ENABLE_MINGPU`=false
176 Minimize the amount of shared memory reserved for the GPU. It doesn't seem to be possible to fully disable the GPU.
176 Minimize the amount of shared memory reserved for the GPU. It doesn't seem to be possible to fully disable the GPU.
177
177
178 ##### `ENABLE_DBUS`=true
178 ##### `ENABLE_DBUS`=true
179 Install and enable D-Bus message bus. Please note that systemd should work without D-bus but it's recommended to be enabled.
179 Install and enable D-Bus message bus. Please note that systemd should work without D-bus but it's recommended to be enabled.
180
180
181 ##### `ENABLE_XORG`=false
181 ##### `ENABLE_XORG`=false
182 Install Xorg open-source X Window System.
182 Install Xorg open-source X Window System.
183
183
184 ##### `ENABLE_WM`=""
184 ##### `ENABLE_WM`=""
185 Install a user defined window manager for the X Window System. To make sure all X related package dependencies are getting installed `ENABLE_XORG` will automatically get enabled if `ENABLE_WM` is used. The `rpi23-gen-image.sh` script has been tested with the following list of window managers: `blackbox`, `openbox`, `fluxbox`, `jwm`, `dwm`, `xfce4`, `awesome`.
185 Install a user defined window manager for the X Window System. To make sure all X related package dependencies are getting installed `ENABLE_XORG` will automatically get enabled if `ENABLE_WM` is used. The `rpi23-gen-image.sh` script has been tested with the following list of window managers: `blackbox`, `openbox`, `fluxbox`, `jwm`, `dwm`, `xfce4`, `awesome`.
186
186
187 ---
187 ---
188
188
189 #### Advanced system features:
189 #### Advanced system features:
190 ##### `ENABLE_MINBASE`=false
190 ##### `ENABLE_MINBASE`=false
191 Use debootstrap script variant `minbase` which only includes essential packages and apt. This will reduce the disk usage by about 65 MB.
191 Use debootstrap script variant `minbase` which only includes essential packages and apt. This will reduce the disk usage by about 65 MB.
192
192
193 ##### `ENABLE_REDUCE`=false
193 ##### `ENABLE_REDUCE`=false
194 Reduce the disk space usage by deleting packages and files. See `REDUCE_*` parameters for detailed information.
194 Reduce the disk space usage by deleting packages and files. See `REDUCE_*` parameters for detailed information.
195
195
196 ##### `ENABLE_UBOOT`=false
196 ##### `ENABLE_UBOOT`=false
197 Replace the default RPi2/3 second stage bootloader (bootcode.bin) with [U-Boot bootloader](http://git.denx.de/?p=u-boot.git;a=summary). U-Boot can boot images via the network using the BOOTP/TFTP protocol.
197 Replace the default RPi2/3 second stage bootloader (bootcode.bin) with [U-Boot bootloader](http://git.denx.de/?p=u-boot.git;a=summary). U-Boot can boot images via the network using the BOOTP/TFTP protocol.
198
198
199 ##### `UBOOTSRC_DIR`=""
199 ##### `UBOOTSRC_DIR`=""
200 Path to a directory of [U-Boot bootloader sources](http://git.denx.de/?p=u-boot.git;a=summary) that will be copied, configured, build and installed inside the chroot.
200 Path to a directory (`u-boot`) of [U-Boot bootloader sources](http://git.denx.de/?p=u-boot.git;a=summary) that will be copied, configured, build and installed inside the chroot.
201
201
202 ##### `ENABLE_FBTURBO`=false
202 ##### `ENABLE_FBTURBO`=false
203 Install and enable the [hardware accelerated Xorg video driver](https://github.com/ssvb/xf86-video-fbturbo) `fbturbo`. Please note that this driver is currently limited to hardware accelerated window moving and scrolling.
203 Install and enable the [hardware accelerated Xorg video driver](https://github.com/ssvb/xf86-video-fbturbo) `fbturbo`. Please note that this driver is currently limited to hardware accelerated window moving and scrolling.
204
204
205 ##### `FBTURBOSRC_DIR`=""
206 Path to a directory (`xf86-video-fbturbo`) of [hardware accelerated Xorg video driver sources](https://github.com/ssvb/xf86-video-fbturbo) that will be copied, configured, build and installed inside the chroot.
207
205 ##### `ENABLE_IPTABLES`=false
208 ##### `ENABLE_IPTABLES`=false
206 Enable iptables IPv4/IPv6 firewall. Simplified ruleset: Allow all outgoing connections. Block all incoming connections except to OpenSSH service.
209 Enable iptables IPv4/IPv6 firewall. Simplified ruleset: Allow all outgoing connections. Block all incoming connections except to OpenSSH service.
207
210
208 ##### `ENABLE_USER`=true
211 ##### `ENABLE_USER`=true
209 Create non-root user with password `USER_PASSWORD`=raspberry. Unless overridden with `USER_NAME`=user, username will be `pi`.
212 Create non-root user with password `USER_PASSWORD`=raspberry. Unless overridden with `USER_NAME`=user, username will be `pi`.
210
213
211 ##### `USER_NAME`=pi
214 ##### `USER_NAME`=pi
212 Non-root user to create. Ignored if `ENABLE_USER`=false
215 Non-root user to create. Ignored if `ENABLE_USER`=false
213
216
214 ##### `ENABLE_ROOT`=false
217 ##### `ENABLE_ROOT`=false
215 Set root user password so root login will be enabled
218 Set root user password so root login will be enabled
216
219
217 ##### `ENABLE_HARDNET`=false
220 ##### `ENABLE_HARDNET`=false
218 Enable IPv4/IPv6 network stack hardening settings.
221 Enable IPv4/IPv6 network stack hardening settings.
219
222
220 ##### `ENABLE_SPLITFS`=false
223 ##### `ENABLE_SPLITFS`=false
221 Enable having root partition on an USB drive by creating two image files: one for the `/boot/firmware` mount point, and another for `/`.
224 Enable having root partition on an USB drive by creating two image files: one for the `/boot/firmware` mount point, and another for `/`.
222
225
223 ##### `CHROOT_SCRIPTS`=""
226 ##### `CHROOT_SCRIPTS`=""
224 Path to a directory with scripts that should be run in the chroot before the image is finally built. Every executable file in this directory is run in lexicographical order.
227 Path to a directory with scripts that should be run in the chroot before the image is finally built. Every executable file in this directory is run in lexicographical order.
225
228
226 ##### `ENABLE_INITRAMFS`=false
229 ##### `ENABLE_INITRAMFS`=false
227 Create an initramfs that that will be loaded during the Linux startup process. `ENABLE_INITRAMFS` will automatically get enabled if `ENABLE_CRYPTFS`=true. This parameter will be ignored if `BUILD_KERNEL`=false.
230 Create an initramfs that that will be loaded during the Linux startup process. `ENABLE_INITRAMFS` will automatically get enabled if `ENABLE_CRYPTFS`=true. This parameter will be ignored if `BUILD_KERNEL`=false.
228
231
229 ##### `ENABLE_IFNAMES`=true
232 ##### `ENABLE_IFNAMES`=true
230 Enable automatic assignment of predictable, stable network interface names for all local Ethernet, WLAN interfaces. This might create complex and long interface names. This parameter is only supported if the Debian release `stretch` is used.
233 Enable automatic assignment of predictable, stable network interface names for all local Ethernet, WLAN interfaces. This might create complex and long interface names. This parameter is only supported if the Debian release `stretch` is used.
231
234
232 ##### `DISABLE_UNDERVOLT_WARNINGS`=
235 ##### `DISABLE_UNDERVOLT_WARNINGS`=
233 Disable RPi2/3 under-voltage warnings and overlays. Setting the parameter to `1` will disable the warning overlay. Setting it to `2` will additionally allow RPi2/3 turbo mode when low-voltage is present.
236 Disable RPi2/3 under-voltage warnings and overlays. Setting the parameter to `1` will disable the warning overlay. Setting it to `2` will additionally allow RPi2/3 turbo mode when low-voltage is present.
234
237
235 ---
238 ---
236
239
237 #### SSH settings:
240 #### SSH settings:
238 ##### `SSH_ENABLE_ROOT`=false
241 ##### `SSH_ENABLE_ROOT`=false
239 Enable password root login via SSH. This may be a security risk with default password, use only in trusted environments. `ENABLE_ROOT` must be set to `true`.
242 Enable password root login via SSH. This may be a security risk with default password, use only in trusted environments. `ENABLE_ROOT` must be set to `true`.
240
243
241 ##### `SSH_DISABLE_PASSWORD_AUTH`=false
244 ##### `SSH_DISABLE_PASSWORD_AUTH`=false
242 Disable password based SSH authentication. Only public key based SSH (v2) authentication will be supported.
245 Disable password based SSH authentication. Only public key based SSH (v2) authentication will be supported.
243
246
244 ##### `SSH_LIMIT_USERS`=false
247 ##### `SSH_LIMIT_USERS`=false
245 Limit the users that are allowed to login via SSH. Only allow user `USER_NAME`=pi and root if `SSH_ENABLE_ROOT`=true to login.
248 Limit the users that are allowed to login via SSH. Only allow user `USER_NAME`=pi and root if `SSH_ENABLE_ROOT`=true to login. This parameter will be ignored if `dropbear` SSH is used (`REDUCE_SSHD`=true).
246
249
247 ##### `SSH_ROOT_PUB_KEY`=""
250 ##### `SSH_ROOT_PUB_KEY`=""
248 Add SSH (v2) public key(s) from specified file to `authorized_keys` file to enable public key based SSH (v2) authentication of user `root`. The specified file can also contain multiple SSH (v2) public keys. SSH protocol version 1 is not supported. `ENABLE_ROOT` **and** `SSH_ENABLE_ROOT` must be set to `true`.
251 Add SSH (v2) public key(s) from specified file to `authorized_keys` file to enable public key based SSH (v2) authentication of user `root`. The specified file can also contain multiple SSH (v2) public keys. SSH protocol version 1 is not supported. `ENABLE_ROOT` **and** `SSH_ENABLE_ROOT` must be set to `true`.
249
252
250 ##### `SSH_USER_PUB_KEY`=""
253 ##### `SSH_USER_PUB_KEY`=""
251 Add SSH (v2) public key(s) from specified file to `authorized_keys` file to enable public key based SSH (v2) authentication of user `USER_NAME`=pi. The specified file can also contain multiple SSH (v2) public keys. SSH protocol version 1 is not supported.
254 Add SSH (v2) public key(s) from specified file to `authorized_keys` file to enable public key based SSH (v2) authentication of user `USER_NAME`=pi. The specified file can also contain multiple SSH (v2) public keys. SSH protocol version 1 is not supported.
252
255
253 ---
256 ---
254
257
255 #### Kernel compilation:
258 #### Kernel compilation:
256 ##### `BUILD_KERNEL`=false
259 ##### `BUILD_KERNEL`=false
257 Build and install the latest RPi2/3 Linux kernel. Currently only the default RPi2/3 kernel configuration is used. `BUILD_KERNEL`=true will automatically be set if the Raspberry Pi model `3` is used.
260 Build and install the latest RPi2/3 Linux kernel. Currently only the default RPi2/3 kernel configuration is used. `BUILD_KERNEL`=true will automatically be set if the Raspberry Pi model `3` is used.
258
261
259 ##### `KERNEL_REDUCE`=false
262 ##### `KERNEL_REDUCE`=false
260 Reduce the size of the generated kernel by removing unwanted device, network and filesystem drivers (experimental).
263 Reduce the size of the generated kernel by removing unwanted device, network and filesystem drivers (experimental).
261
264
262 ##### `KERNEL_THREADS`=1
265 ##### `KERNEL_THREADS`=1
263 Number of parallel kernel building threads. If the parameter is left untouched the script will automatically determine the number of CPU cores to set the number of parallel threads to speed the kernel compilation.
266 Number of parallel kernel building threads. If the parameter is left untouched the script will automatically determine the number of CPU cores to set the number of parallel threads to speed the kernel compilation.
264
267
265 ##### `KERNEL_HEADERS`=true
268 ##### `KERNEL_HEADERS`=true
266 Install kernel headers with built kernel.
269 Install kernel headers with built kernel.
267
270
268 ##### `KERNEL_MENUCONFIG`=false
271 ##### `KERNEL_MENUCONFIG`=false
269 Start `make menuconfig` interactive menu-driven kernel configuration. The script will continue after `make menuconfig` was terminated.
272 Start `make menuconfig` interactive menu-driven kernel configuration. The script will continue after `make menuconfig` was terminated.
270
273
271 ##### `KERNEL_REMOVESRC`=true
274 ##### `KERNEL_REMOVESRC`=true
272 Remove all kernel sources from the generated OS image after it was built and installed.
275 Remove all kernel sources from the generated OS image after it was built and installed.
273
276
274 ##### `KERNELSRC_DIR`=""
277 ##### `KERNELSRC_DIR`=""
275 Path to a directory of [RaspberryPi Linux kernel sources](https://github.com/raspberrypi/linux) that will be copied, configured, build and installed inside the chroot.
278 Path to a directory (`linux`) of [RaspberryPi Linux kernel sources](https://github.com/raspberrypi/linux) that will be copied, configured, build and installed inside the chroot.
276
279
277 ##### `KERNELSRC_CLEAN`=false
280 ##### `KERNELSRC_CLEAN`=false
278 Clean the existing kernel sources directory `KERNELSRC_DIR` (using `make mrproper`) after it was copied to the chroot and before the compilation of the kernel has started. This parameter will be ignored if no `KERNELSRC_DIR` was specified or if `KERNELSRC_PREBUILT`=true.
281 Clean the existing kernel sources directory `KERNELSRC_DIR` (using `make mrproper`) after it was copied to the chroot and before the compilation of the kernel has started. This parameter will be ignored if no `KERNELSRC_DIR` was specified or if `KERNELSRC_PREBUILT`=true.
279
282
280 ##### `KERNELSRC_CONFIG`=true
283 ##### `KERNELSRC_CONFIG`=true
281 Run `make bcm2709_defconfig` (and optional `make menuconfig`) to configure the kernel sources before building. This parameter is automatically set to `true` if no existing kernel sources directory was specified using `KERNELSRC_DIR`. This parameter is ignored if `KERNELSRC_PREBUILT`=true.
284 Run `make bcm2709_defconfig` (and optional `make menuconfig`) to configure the kernel sources before building. This parameter is automatically set to `true` if no existing kernel sources directory was specified using `KERNELSRC_DIR`. This parameter is ignored if `KERNELSRC_PREBUILT`=true.
282
285
283 ##### `KERNELSRC_USRCONFIG`=""
286 ##### `KERNELSRC_USRCONFIG`=""
284 Copy own config file to kernel `.config`. If `KERNEL_MENUCONFIG`=true then running after copy.
287 Copy own config file to kernel `.config`. If `KERNEL_MENUCONFIG`=true then running after copy.
285
288
286 ##### `KERNELSRC_PREBUILT`=false
289 ##### `KERNELSRC_PREBUILT`=false
287 With this parameter set to true the script expects the existing kernel sources directory to be already successfully cross-compiled. The parameters `KERNELSRC_CLEAN`, `KERNELSRC_CONFIG`, `KERNELSRC_USRCONFIG` and `KERNEL_MENUCONFIG` are ignored and no kernel compilation tasks are performed.
290 With this parameter set to true the script expects the existing kernel sources directory to be already successfully cross-compiled. The parameters `KERNELSRC_CLEAN`, `KERNELSRC_CONFIG`, `KERNELSRC_USRCONFIG` and `KERNEL_MENUCONFIG` are ignored and no kernel compilation tasks are performed.
288
291
289 ##### `RPI_FIRMWARE_DIR`=""
292 ##### `RPI_FIRMWARE_DIR`=""
290 The directory containing a local copy of the firmware from the [RaspberryPi firmware project](https://github.com/raspberrypi/firmware). Default is to download the latest firmware directly from the project.
293 The directory (`firmware`) containing a local copy of the firmware from the [RaspberryPi firmware project](https://github.com/raspberrypi/firmware). Default is to download the latest firmware directly from the project.
291
294
292 ---
295 ---
293
296
294 #### Reduce disk usage:
297 #### Reduce disk usage:
295 The following list of parameters is ignored if `ENABLE_REDUCE`=false.
298 The following list of parameters is ignored if `ENABLE_REDUCE`=false.
296
299
297 ##### `REDUCE_APT`=true
300 ##### `REDUCE_APT`=true
298 Configure APT to use compressed package repository lists and no package caching files.
301 Configure APT to use compressed package repository lists and no package caching files.
299
302
300 ##### `REDUCE_DOC`=true
303 ##### `REDUCE_DOC`=true
301 Remove all doc files (harsh). Configure APT to not include doc files on future `apt-get` package installations.
304 Remove all doc files (harsh). Configure APT to not include doc files on future `apt-get` package installations.
302
305
303 ##### `REDUCE_MAN`=true
306 ##### `REDUCE_MAN`=true
304 Remove all man pages and info files (harsh). Configure APT to not include man pages on future `apt-get` package installations.
307 Remove all man pages and info files (harsh). Configure APT to not include man pages on future `apt-get` package installations.
305
308
306 ##### `REDUCE_VIM`=false
309 ##### `REDUCE_VIM`=false
307 Replace `vim-tiny` package by `levee` a tiny vim clone.
310 Replace `vim-tiny` package by `levee` a tiny vim clone.
308
311
309 ##### `REDUCE_BASH`=false
312 ##### `REDUCE_BASH`=false
310 Remove `bash` package and switch to `dash` shell (experimental).
313 Remove `bash` package and switch to `dash` shell (experimental).
311
314
312 ##### `REDUCE_HWDB`=true
315 ##### `REDUCE_HWDB`=true
313 Remove PCI related hwdb files (experimental).
316 Remove PCI related hwdb files (experimental).
314
317
315 ##### `REDUCE_SSHD`=true
318 ##### `REDUCE_SSHD`=true
316 Replace `openssh-server` with `dropbear`.
319 Replace `openssh-server` with `dropbear`.
317
320
318 ##### `REDUCE_LOCALE`=true
321 ##### `REDUCE_LOCALE`=true
319 Remove all `locale` translation files.
322 Remove all `locale` translation files.
320
323
321 ---
324 ---
322
325
323 #### Encrypted root partition:
326 #### Encrypted root partition:
324 ##### `ENABLE_CRYPTFS`=false
327 ##### `ENABLE_CRYPTFS`=false
325 Enable full system encryption with dm-crypt. Setup a fully LUKS encrypted root partition (aes-xts-plain64:sha512) and generate required initramfs. The /boot directory will not be encrypted. This parameter will be ignored if `BUILD_KERNEL`=false. `ENABLE_CRYPTFS` is experimental. SSH-to-initramfs is currently not supported but will be soon - feel free to help.
328 Enable full system encryption with dm-crypt. Setup a fully LUKS encrypted root partition (aes-xts-plain64:sha512) and generate required initramfs. The /boot directory will not be encrypted. This parameter will be ignored if `BUILD_KERNEL`=false. `ENABLE_CRYPTFS` is experimental. SSH-to-initramfs is currently not supported but will be soon - feel free to help.
326
329
327 ##### `CRYPTFS_PASSWORD`=""
330 ##### `CRYPTFS_PASSWORD`=""
328 Set password of the encrypted root partition. This parameter is mandatory if `ENABLE_CRYPTFS`=true.
331 Set password of the encrypted root partition. This parameter is mandatory if `ENABLE_CRYPTFS`=true.
329
332
330 ##### `CRYPTFS_MAPPING`="secure"
333 ##### `CRYPTFS_MAPPING`="secure"
331 Set name of dm-crypt managed device-mapper mapping.
334 Set name of dm-crypt managed device-mapper mapping.
332
335
333 ##### `CRYPTFS_CIPHER`="aes-xts-plain64:sha512"
336 ##### `CRYPTFS_CIPHER`="aes-xts-plain64:sha512"
334 Set cipher specification string. `aes-xts*` ciphers are strongly recommended.
337 Set cipher specification string. `aes-xts*` ciphers are strongly recommended.
335
338
336 ##### `CRYPTFS_XTSKEYSIZE`=512
339 ##### `CRYPTFS_XTSKEYSIZE`=512
337 Sets key size in bits. The argument has to be a multiple of 8.
340 Sets key size in bits. The argument has to be a multiple of 8.
338
341
339 ---
342 ---
340
343
341 #### Build settings:
344 #### Build settings:
342 ##### `BASEDIR`=$(pwd)/images/${RELEASE}
345 ##### `BASEDIR`=$(pwd)/images/${RELEASE}
343 Set a path to a working directory used by the script to generate an image.
346 Set a path to a working directory used by the script to generate an image.
344
347
345 ##### `IMAGE_NAME`=${BASEDIR}/${DATE}-rpi${RPI_MODEL}-${RELEASE}
348 ##### `IMAGE_NAME`=${BASEDIR}/${DATE}-rpi${RPI_MODEL}-${RELEASE}
346 Set a filename for the output file(s). Note: the script will create $IMAGE_NAME.img if `ENABLE_SPLITFS`=false or $IMAGE_NAME-frmw.img and $IMAGE_NAME-root.img if `ENABLE_SPLITFS`=true.
349 Set a filename for the output file(s). Note: the script will create $IMAGE_NAME.img if `ENABLE_SPLITFS`=false or $IMAGE_NAME-frmw.img and $IMAGE_NAME-root.img if `ENABLE_SPLITFS`=true.
347
350
348 ## Understanding the script
351 ## Understanding the script
349 The functions of this script that are required for the different stages of the bootstrapping are split up into single files located inside the `bootstrap.d` directory. During the bootstrapping every script in this directory gets executed in lexicographical order:
352 The functions of this script that are required for the different stages of the bootstrapping are split up into single files located inside the `bootstrap.d` directory. During the bootstrapping every script in this directory gets executed in lexicographical order:
350
353
351 | Script | Description |
354 | Script | Description |
352 | --- | --- |
355 | --- | --- |
353 | `10-bootstrap.sh` | Debootstrap basic system |
356 | `10-bootstrap.sh` | Debootstrap basic system |
354 | `11-apt.sh` | Setup APT repositories |
357 | `11-apt.sh` | Setup APT repositories |
355 | `12-locale.sh` | Setup Locales and keyboard settings |
358 | `12-locale.sh` | Setup Locales and keyboard settings |
356 | `13-kernel.sh` | Build and install RPi2/3 Kernel |
359 | `13-kernel.sh` | Build and install RPi2/3 Kernel |
357 | `14-fstab.sh` | Setup fstab and initramfs |
360 | `14-fstab.sh` | Setup fstab and initramfs |
358 | `15-rpi-config.sh` | Setup RPi2/3 config and cmdline |
361 | `15-rpi-config.sh` | Setup RPi2/3 config and cmdline |
359 | `20-networking.sh` | Setup Networking |
362 | `20-networking.sh` | Setup Networking |
360 | `21-firewall.sh` | Setup Firewall |
363 | `21-firewall.sh` | Setup Firewall |
361 | `30-security.sh` | Setup Users and Security settings |
364 | `30-security.sh` | Setup Users and Security settings |
362 | `31-logging.sh` | Setup Logging |
365 | `31-logging.sh` | Setup Logging |
363 | `32-sshd.sh` | Setup SSH and public keys |
366 | `32-sshd.sh` | Setup SSH and public keys |
364 | `41-uboot.sh` | Build and Setup U-Boot |
367 | `41-uboot.sh` | Build and Setup U-Boot |
365 | `42-fbturbo.sh` | Build and Setup fbturbo Xorg driver |
368 | `42-fbturbo.sh` | Build and Setup fbturbo Xorg driver |
366 | `50-firstboot.sh` | First boot actions |
369 | `50-firstboot.sh` | First boot actions |
367 | `99-reduce.sh` | Reduce the disk space usage |
370 | `99-reduce.sh` | Reduce the disk space usage |
368
371
369 All the required configuration files that will be copied to the generated OS image are located inside the `files` directory. It is not recommended to modify these configuration files manually.
372 All the required configuration files that will be copied to the generated OS image are located inside the `files` directory. It is not recommended to modify these configuration files manually.
370
373
371 | Directory | Description |
374 | Directory | Description |
372 | --- | --- |
375 | --- | --- |
373 | `apt` | APT management configuration files |
376 | `apt` | APT management configuration files |
374 | `boot` | Boot and RPi2/3 configuration files |
377 | `boot` | Boot and RPi2/3 configuration files |
375 | `dpkg` | Package Manager configuration |
378 | `dpkg` | Package Manager configuration |
376 | `etc` | Configuration files and rc scripts |
379 | `etc` | Configuration files and rc scripts |
377 | `firstboot` | Scripts that get executed on first boot |
380 | `firstboot` | Scripts that get executed on first boot |
378 | `initramfs` | Initramfs scripts |
381 | `initramfs` | Initramfs scripts |
379 | `iptables` | Firewall configuration files |
382 | `iptables` | Firewall configuration files |
380 | `locales` | Locales configuration |
383 | `locales` | Locales configuration |
381 | `modules` | Kernel Modules configuration |
384 | `modules` | Kernel Modules configuration |
382 | `mount` | Fstab configuration |
385 | `mount` | Fstab configuration |
383 | `network` | Networking configuration files |
386 | `network` | Networking configuration files |
384 | `sysctl.d` | Swapping and Network Hardening configuration |
387 | `sysctl.d` | Swapping and Network Hardening configuration |
385 | `xorg` | fbturbo Xorg driver configuration |
388 | `xorg` | fbturbo Xorg driver configuration |
386
389
387 ## Custom packages and scripts
390 ## Custom packages and scripts
388 Debian custom packages, i.e. those not in the debian repositories, can be installed by placing them in the `packages` directory. They are installed immediately after packages from the repositories are installed. Any dependencies listed in the custom packages will be downloaded automatically from the repositories. Do not list these custom packages in `APT_INCLUDES`.
391 Debian custom packages, i.e. those not in the debian repositories, can be installed by placing them in the `packages` directory. They are installed immediately after packages from the repositories are installed. Any dependencies listed in the custom packages will be downloaded automatically from the repositories. Do not list these custom packages in `APT_INCLUDES`.
389
392
390 Scripts in the custom.d directory will be executed after all other installation is complete but before the image is created.
393 Scripts in the custom.d directory will be executed after all other installation is complete but before the image is created.
391
394
392 ## Logging of the bootstrapping process
395 ## Logging of the bootstrapping process
393 All information related to the bootstrapping process and the commands executed by the `rpi23-gen-image.sh` script can easily be saved into a logfile. The common shell command `script` can be used for this purpose:
396 All information related to the bootstrapping process and the commands executed by the `rpi23-gen-image.sh` script can easily be saved into a logfile. The common shell command `script` can be used for this purpose:
394
397
395 ```shell
398 ```shell
396 script -c 'APT_SERVER=ftp.de.debian.org ./rpi23-gen-image.sh' ./build.log
399 script -c 'APT_SERVER=ftp.de.debian.org ./rpi23-gen-image.sh' ./build.log
397 ```
400 ```
398
401
399 ## Flashing the image file
402 ## Flashing the image file
400 After the image file was successfully created by the `rpi23-gen-image.sh` script it can be copied to the microSD card that will be used by the RPi2/3 computer. This can be performed by using the tools `bmaptool` or `dd`. Using `bmaptool` will probably speed-up the copy process because `bmaptool` copies more wisely than `dd`.
403 After the image file was successfully created by the `rpi23-gen-image.sh` script it can be copied to the microSD card that will be used by the RPi2/3 computer. This can be performed by using the tools `bmaptool` or `dd`. Using `bmaptool` will probably speed-up the copy process because `bmaptool` copies more wisely than `dd`.
401
404
402 #####Flashing examples:
405 #####Flashing examples:
403 ```shell
406 ```shell
404 bmaptool copy ./images/jessie/2017-01-23-rpi3-jessie.img /dev/mmcblk0
407 bmaptool copy ./images/jessie/2017-01-23-rpi3-jessie.img /dev/mmcblk0
405 dd bs=4M if=./images/jessie/2017-01-23-rpi3-jessie.img of=/dev/mmcblk0
408 dd bs=4M if=./images/jessie/2017-01-23-rpi3-jessie.img of=/dev/mmcblk0
406 ```
409 ```
407 If you have set `ENABLE_SPLITFS`, copy the `-frmw` image on the microSD card, then the `-root` one on the USB drive:
410 If you have set `ENABLE_SPLITFS`, copy the `-frmw` image on the microSD card, then the `-root` one on the USB drive:
408 ```shell
411 ```shell
409 bmaptool copy ./images/jessie/2017-01-23-rpi3-jessie-frmw.img /dev/mmcblk0
412 bmaptool copy ./images/jessie/2017-01-23-rpi3-jessie-frmw.img /dev/mmcblk0
410 bmaptool copy ./images/jessie/2017-01-23-rpi3-jessie-root.img /dev/sdc
413 bmaptool copy ./images/jessie/2017-01-23-rpi3-jessie-root.img /dev/sdc
411 ```
414 ```
412
415
413 ## External links and references
416 ## External links and references
414 * [Debian worldwide mirror sites](https://www.debian.org/mirror/list)
417 * [Debian worldwide mirror sites](https://www.debian.org/mirror/list)
415 * [Debian Raspberry Pi 2 Wiki](https://wiki.debian.org/RaspberryPi2)
418 * [Debian Raspberry Pi 2 Wiki](https://wiki.debian.org/RaspberryPi2)
416 * [Debian CrossToolchains Wiki](https://wiki.debian.org/CrossToolchains)
419 * [Debian CrossToolchains Wiki](https://wiki.debian.org/CrossToolchains)
417 * [Official Raspberry Pi Firmware on github](https://github.com/raspberrypi/firmware)
420 * [Official Raspberry Pi Firmware on github](https://github.com/raspberrypi/firmware)
418 * [Official Raspberry Pi Kernel on github](https://github.com/raspberrypi/linux)
421 * [Official Raspberry Pi Kernel on github](https://github.com/raspberrypi/linux)
419 * [U-BOOT git repository](http://git.denx.de/?p=u-boot.git;a=summary)
422 * [U-BOOT git repository](http://git.denx.de/?p=u-boot.git;a=summary)
420 * [Xorg DDX driver fbturbo](https://github.com/ssvb/xf86-video-fbturbo)
423 * [Xorg DDX driver fbturbo](https://github.com/ssvb/xf86-video-fbturbo)
421 * [RPi3 Wireless interface firmware](https://github.com/RPi-Distro/firmware-nonfree/tree/master/brcm80211/brcm)
424 * [RPi3 Wireless interface firmware](https://github.com/RPi-Distro/firmware-nonfree/tree/master/brcm80211/brcm)
422 * [Collabora RPi2 Kernel precompiled](https://repositories.collabora.co.uk/debian/)
425 * [Collabora RPi2 Kernel precompiled](https://repositories.collabora.co.uk/debian/)
@@ -1,51 +1,51
1 #
1 #
2 # Setup APT repositories
2 # Setup APT repositories
3 #
3 #
4
4
5 # Load utility functions
5 # Load utility functions
6 . ./functions.sh
6 . ./functions.sh
7
7
8 # Install and setup APT proxy configuration
8 # Install and setup APT proxy configuration
9 if [ -z "$APT_PROXY" ] ; then
9 if [ -z "$APT_PROXY" ] ; then
10 install_readonly files/apt/10proxy "${ETC_DIR}/apt/apt.conf.d/10proxy"
10 install_readonly files/apt/10proxy "${ETC_DIR}/apt/apt.conf.d/10proxy"
11 sed -i "s/\"\"/\"${APT_PROXY}\"/" "${ETC_DIR}/apt/apt.conf.d/10proxy"
11 sed -i "s/\"\"/\"${APT_PROXY}\"/" "${ETC_DIR}/apt/apt.conf.d/10proxy"
12 fi
12 fi
13
13
14 if [ "$BUILD_KERNEL" = false ] ; then
14 if [ "$BUILD_KERNEL" = false ] ; then
15 # Install APT pinning configuration for flash-kernel package
15 # Install APT pinning configuration for flash-kernel package
16 install_readonly files/apt/flash-kernel "${ETC_DIR}/apt/preferences.d/flash-kernel"
16 install_readonly files/apt/flash-kernel "${ETC_DIR}/apt/preferences.d/flash-kernel"
17
17
18 # Install APT sources.list
18 # Install APT sources.list
19 install_readonly files/apt/sources.list "${ETC_DIR}/apt/sources.list"
19 install_readonly files/apt/sources.list "${ETC_DIR}/apt/sources.list"
20 echo "deb ${COLLABORA_URL} ${RELEASE} rpi2" >> "${ETC_DIR}/apt/sources.list"
20 echo "deb ${COLLABORA_URL} ${RELEASE} rpi2" >> "${ETC_DIR}/apt/sources.list"
21
21
22 # Upgrade collabora package index and install collabora keyring
22 # Upgrade collabora package index and install collabora keyring
23 chroot_exec apt-get -qq -y update
23 chroot_exec apt-get -qq -y update
24 chroot_exec apt-get -qq -y --force-yes install collabora-obs-archive-keyring
24 chroot_exec apt-get -qq -y --allow-unauthenticated install collabora-obs-archive-keyring
25 else # BUILD_KERNEL=true
25 else # BUILD_KERNEL=true
26 # Install APT sources.list
26 # Install APT sources.list
27 install_readonly files/apt/sources.list "${ETC_DIR}/apt/sources.list"
27 install_readonly files/apt/sources.list "${ETC_DIR}/apt/sources.list"
28
28
29 # Use specified APT server and release
29 # Use specified APT server and release
30 sed -i "s/\/ftp.debian.org\//\/${APT_SERVER}\//" "${ETC_DIR}/apt/sources.list"
30 sed -i "s/\/ftp.debian.org\//\/${APT_SERVER}\//" "${ETC_DIR}/apt/sources.list"
31 sed -i "s/ jessie/ ${RELEASE}/" "${ETC_DIR}/apt/sources.list"
31 sed -i "s/ jessie/ ${RELEASE}/" "${ETC_DIR}/apt/sources.list"
32 fi
32 fi
33
33
34 # Allow the installation of non-free Debian packages
34 # Allow the installation of non-free Debian packages
35 if [ "$ENABLE_NONFREE" = true ] ; then
35 if [ "$ENABLE_NONFREE" = true ] ; then
36 sed -i "s/ contrib/ contrib non-free/" "${ETC_DIR}/apt/sources.list"
36 sed -i "s/ contrib/ contrib non-free/" "${ETC_DIR}/apt/sources.list"
37 fi
37 fi
38
38
39 # Upgrade package index and update all installed packages and changed dependencies
39 # Upgrade package index and update all installed packages and changed dependencies
40 chroot_exec apt-get -qq -y update
40 chroot_exec apt-get -qq -y update
41 chroot_exec apt-get -qq -y -u dist-upgrade
41 chroot_exec apt-get -qq -y -u dist-upgrade
42
42
43 if [ -d packages ] ; then
43 if [ -d packages ] ; then
44 for package in packages/*.deb ; do
44 for package in packages/*.deb ; do
45 cp $package ${R}/tmp
45 cp $package ${R}/tmp
46 chroot_exec dpkg --unpack /tmp/$(basename $package)
46 chroot_exec dpkg --unpack /tmp/$(basename $package)
47 done
47 done
48 fi
48 fi
49 chroot_exec apt-get -qq -y -f install
49 chroot_exec apt-get -qq -y -f install
50
50
51 chroot_exec apt-get -qq -y check
51 chroot_exec apt-get -qq -y check
@@ -1,160 +1,172
1 #
1 #
2 # Build and Setup RPi2/3 Kernel
2 # Build and Setup RPi2/3 Kernel
3 #
3 #
4
4
5 # Load utility functions
5 # Load utility functions
6 . ./functions.sh
6 . ./functions.sh
7
7
8 # Fetch and build latest raspberry kernel
8 # Fetch and build latest raspberry kernel
9 if [ "$BUILD_KERNEL" = true ] ; then
9 if [ "$BUILD_KERNEL" = true ] ; then
10 # Setup source directory
10 # Setup source directory
11 mkdir -p "${R}/usr/src"
11 mkdir -p "${R}/usr/src"
12
12
13 # Copy existing kernel sources into chroot directory
13 # Copy existing kernel sources into chroot directory
14 if [ -n "$KERNELSRC_DIR" ] && [ -d "$KERNELSRC_DIR" ] ; then
14 if [ -n "$KERNELSRC_DIR" ] && [ -d "$KERNELSRC_DIR" ] ; then
15 # Copy kernel sources
15 # Copy kernel sources
16 cp -r "${KERNELSRC_DIR}" "${R}/usr/src"
16 cp -r "${KERNELSRC_DIR}" "${R}/usr/src"
17
17
18 # Clean the kernel sources
18 # Clean the kernel sources
19 if [ "$KERNELSRC_CLEAN" = true ] && [ "$KERNELSRC_PREBUILT" = false ] ; then
19 if [ "$KERNELSRC_CLEAN" = true ] && [ "$KERNELSRC_PREBUILT" = false ] ; then
20 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" mrproper
20 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" mrproper
21 fi
21 fi
22 else # KERNELSRC_DIR=""
22 else # KERNELSRC_DIR=""
23 # Fetch current raspberrypi kernel sources
23 # Create temporary directory for kernel sources
24 git -C "${R}/usr/src" clone --depth=1 "${KERNEL_URL}"
24 temp_dir=$(sudo -u nobody mktemp -d)
25
26 # Fetch current RPi2/3 kernel sources
27 sudo -u nobody git -C "${temp_dir}" clone --depth=1 "${KERNEL_URL}"
28
29 # Copy downloaded kernel sources
30 mv "${temp_dir}/linux" "${R}/usr/src/"
31
32 # Remove temporary directory for kernel sources
33 rm -fr "${temp_dir}"
34
35 # Set permissions of the kernel sources
36 chown -R root:root "${R}/usr/src"
25 fi
37 fi
26
38
27 # Calculate optimal number of kernel building threads
39 # Calculate optimal number of kernel building threads
28 if [ "$KERNEL_THREADS" = "1" ] && [ -r /proc/cpuinfo ] ; then
40 if [ "$KERNEL_THREADS" = "1" ] && [ -r /proc/cpuinfo ] ; then
29 KERNEL_THREADS=$(grep -c processor /proc/cpuinfo)
41 KERNEL_THREADS=$(grep -c processor /proc/cpuinfo)
30 fi
42 fi
31
43
32 # Configure and build kernel
44 # Configure and build kernel
33 if [ "$KERNELSRC_PREBUILT" = false ] ; then
45 if [ "$KERNELSRC_PREBUILT" = false ] ; then
34 # Remove device, network and filesystem drivers from kernel configuration
46 # Remove device, network and filesystem drivers from kernel configuration
35 if [ "$KERNEL_REDUCE" = true ] ; then
47 if [ "$KERNEL_REDUCE" = true ] ; then
36 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" "${KERNEL_DEFCONFIG}"
48 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" "${KERNEL_DEFCONFIG}"
37 sed -i\
49 sed -i\
38 -e "s/\(^CONFIG_SND.*\=\).*/\1n/"\
50 -e "s/\(^CONFIG_SND.*\=\).*/\1n/"\
39 -e "s/\(^CONFIG_SOUND.*\=\).*/\1n/"\
51 -e "s/\(^CONFIG_SOUND.*\=\).*/\1n/"\
40 -e "s/\(^CONFIG_AC97.*\=\).*/\1n/"\
52 -e "s/\(^CONFIG_AC97.*\=\).*/\1n/"\
41 -e "s/\(^CONFIG_VIDEO_.*\=\).*/\1n/"\
53 -e "s/\(^CONFIG_VIDEO_.*\=\).*/\1n/"\
42 -e "s/\(^CONFIG_MEDIA_TUNER.*\=\).*/\1n/"\
54 -e "s/\(^CONFIG_MEDIA_TUNER.*\=\).*/\1n/"\
43 -e "s/\(^CONFIG_DVB.*\=\)[ym]/\1n/"\
55 -e "s/\(^CONFIG_DVB.*\=\)[ym]/\1n/"\
44 -e "s/\(^CONFIG_REISERFS.*\=\).*/\1n/"\
56 -e "s/\(^CONFIG_REISERFS.*\=\).*/\1n/"\
45 -e "s/\(^CONFIG_JFS.*\=\).*/\1n/"\
57 -e "s/\(^CONFIG_JFS.*\=\).*/\1n/"\
46 -e "s/\(^CONFIG_XFS.*\=\).*/\1n/"\
58 -e "s/\(^CONFIG_XFS.*\=\).*/\1n/"\
47 -e "s/\(^CONFIG_GFS2.*\=\).*/\1n/"\
59 -e "s/\(^CONFIG_GFS2.*\=\).*/\1n/"\
48 -e "s/\(^CONFIG_OCFS2.*\=\).*/\1n/"\
60 -e "s/\(^CONFIG_OCFS2.*\=\).*/\1n/"\
49 -e "s/\(^CONFIG_BTRFS.*\=\).*/\1n/"\
61 -e "s/\(^CONFIG_BTRFS.*\=\).*/\1n/"\
50 -e "s/\(^CONFIG_HFS.*\=\).*/\1n/"\
62 -e "s/\(^CONFIG_HFS.*\=\).*/\1n/"\
51 -e "s/\(^CONFIG_JFFS2.*\=\)[ym]/\1n/"\
63 -e "s/\(^CONFIG_JFFS2.*\=\)[ym]/\1n/"\
52 -e "s/\(^CONFIG_UBIFS.*\=\).*/\1n/"\
64 -e "s/\(^CONFIG_UBIFS.*\=\).*/\1n/"\
53 -e "s/\(^CONFIG_SQUASHFS.*\=\)[ym]/\1n/"\
65 -e "s/\(^CONFIG_SQUASHFS.*\=\)[ym]/\1n/"\
54 -e "s/\(^CONFIG_W1.*\=\)[ym]/\1n/"\
66 -e "s/\(^CONFIG_W1.*\=\)[ym]/\1n/"\
55 -e "s/\(^CONFIG_HAMRADIO.*\=\).*/\1n/"\
67 -e "s/\(^CONFIG_HAMRADIO.*\=\).*/\1n/"\
56 -e "s/\(^CONFIG_CAN.*\=\).*/\1n/"\
68 -e "s/\(^CONFIG_CAN.*\=\).*/\1n/"\
57 -e "s/\(^CONFIG_IRDA.*\=\).*/\1n/"\
69 -e "s/\(^CONFIG_IRDA.*\=\).*/\1n/"\
58 -e "s/\(^CONFIG_BT_.*\=\).*/\1n/"\
70 -e "s/\(^CONFIG_BT_.*\=\).*/\1n/"\
59 -e "s/\(^CONFIG_WIMAX.*\=\)[ym]/\1n/"\
71 -e "s/\(^CONFIG_WIMAX.*\=\)[ym]/\1n/"\
60 -e "s/\(^CONFIG_6LOWPAN.*\=\).*/\1n/"\
72 -e "s/\(^CONFIG_6LOWPAN.*\=\).*/\1n/"\
61 -e "s/\(^CONFIG_IEEE802154.*\=\).*/\1n/"\
73 -e "s/\(^CONFIG_IEEE802154.*\=\).*/\1n/"\
62 -e "s/\(^CONFIG_NFC.*\=\).*/\1n/"\
74 -e "s/\(^CONFIG_NFC.*\=\).*/\1n/"\
63 -e "s/\(^CONFIG_FB_TFT=.*\=\).*/\1n/"\
75 -e "s/\(^CONFIG_FB_TFT=.*\=\).*/\1n/"\
64 -e "s/\(^CONFIG_TOUCHSCREEN.*\=\).*/\1n/"\
76 -e "s/\(^CONFIG_TOUCHSCREEN.*\=\).*/\1n/"\
65 -e "s/\(^CONFIG_USB_GSPCA_.*\=\).*/\1n/"\
77 -e "s/\(^CONFIG_USB_GSPCA_.*\=\).*/\1n/"\
66 -e "s/\(^CONFIG_DRM.*\=\).*/\1n/"\
78 -e "s/\(^CONFIG_DRM.*\=\).*/\1n/"\
67 "${KERNEL_DIR}/.config"
79 "${KERNEL_DIR}/.config"
68 fi
80 fi
69
81
70 if [ "$KERNELSRC_CONFIG" = true ] ; then
82 if [ "$KERNELSRC_CONFIG" = true ] ; then
71 # Load default raspberry kernel configuration
83 # Load default raspberry kernel configuration
72 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" "${KERNEL_DEFCONFIG}"
84 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" "${KERNEL_DEFCONFIG}"
73
85
74 if [ ! -z "$KERNELSRC_USRCONFIG" ] ; then
86 if [ ! -z "$KERNELSRC_USRCONFIG" ] ; then
75 cp $KERNELSRC_USRCONFIG ${KERNEL_DIR}/.config
87 cp $KERNELSRC_USRCONFIG ${KERNEL_DIR}/.config
76 fi
88 fi
77
89
78 # Start menu-driven kernel configuration (interactive)
90 # Start menu-driven kernel configuration (interactive)
79 if [ "$KERNEL_MENUCONFIG" = true ] ; then
91 if [ "$KERNEL_MENUCONFIG" = true ] ; then
80 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" menuconfig
92 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" menuconfig
81 fi
93 fi
82 fi
94 fi
83
95
84 # Cross compile kernel and modules
96 # Cross compile kernel and modules
85 make -C "${KERNEL_DIR}" -j${KERNEL_THREADS} ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" zImage modules dtbs
97 make -C "${KERNEL_DIR}" -j${KERNEL_THREADS} ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" zImage modules dtbs
86 fi
98 fi
87
99
88 # Check if kernel compilation was successful
100 # Check if kernel compilation was successful
89 if [ ! -r "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/zImage" ] ; then
101 if [ ! -r "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/zImage" ] ; then
90 echo "error: kernel compilation failed! (zImage not found)"
102 echo "error: kernel compilation failed! (zImage not found)"
91 cleanup
103 cleanup
92 exit 1
104 exit 1
93 fi
105 fi
94
106
95 # Install kernel modules
107 # Install kernel modules
96 if [ "$ENABLE_REDUCE" = true ] ; then
108 if [ "$ENABLE_REDUCE" = true ] ; then
97 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_MOD_STRIP=1 INSTALL_MOD_PATH=../../.. modules_install
109 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_MOD_STRIP=1 INSTALL_MOD_PATH=../../.. modules_install
98 else
110 else
99 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_MOD_PATH=../../.. modules_install
111 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_MOD_PATH=../../.. modules_install
100
112
101 # Install kernel firmware
113 # Install kernel firmware
102 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_FW_PATH=../../../lib firmware_install
114 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_FW_PATH=../../../lib firmware_install
103 fi
115 fi
104
116
105 # Install kernel headers
117 # Install kernel headers
106 if [ "$KERNEL_HEADERS" = true ] && [ "$KERNEL_REDUCE" = false ] ; then
118 if [ "$KERNEL_HEADERS" = true ] && [ "$KERNEL_REDUCE" = false ] ; then
107 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_HDR_PATH=../.. headers_install
119 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_HDR_PATH=../.. headers_install
108 fi
120 fi
109
121
110 # Prepare boot (firmware) directory
122 # Prepare boot (firmware) directory
111 mkdir "${BOOT_DIR}"
123 mkdir "${BOOT_DIR}"
112
124
113 # Get kernel release version
125 # Get kernel release version
114 KERNEL_VERSION=`cat "${KERNEL_DIR}/include/config/kernel.release"`
126 KERNEL_VERSION=`cat "${KERNEL_DIR}/include/config/kernel.release"`
115
127
116 # Copy kernel configuration file to the boot directory
128 # Copy kernel configuration file to the boot directory
117 install_readonly "${KERNEL_DIR}/.config" "${R}/boot/config-${KERNEL_VERSION}"
129 install_readonly "${KERNEL_DIR}/.config" "${R}/boot/config-${KERNEL_VERSION}"
118
130
119 # Copy dts and dtb device tree sources and binaries
131 # Copy dts and dtb device tree sources and binaries
120 mkdir "${BOOT_DIR}/overlays"
132 mkdir "${BOOT_DIR}/overlays"
121 install_readonly "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/"*.dtb "${BOOT_DIR}/"
133 install_readonly "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/"*.dtb "${BOOT_DIR}/"
122 install_readonly "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays/"*.dtb* "${BOOT_DIR}/overlays/"
134 install_readonly "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays/"*.dtb* "${BOOT_DIR}/overlays/"
123 install_readonly "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays/README" "${BOOT_DIR}/overlays/README"
135 install_readonly "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays/README" "${BOOT_DIR}/overlays/README"
124
136
125 if [ "$ENABLE_UBOOT" = false ] ; then
137 if [ "$ENABLE_UBOOT" = false ] ; then
126 # Convert and copy zImage kernel to the boot directory
138 # Convert and copy zImage kernel to the boot directory
127 "${KERNEL_DIR}/scripts/mkknlimg" "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/zImage" "${BOOT_DIR}/${KERNEL_IMAGE}"
139 "${KERNEL_DIR}/scripts/mkknlimg" "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/zImage" "${BOOT_DIR}/${KERNEL_IMAGE}"
128 else
140 else
129 # Copy zImage kernel to the boot directory
141 # Copy zImage kernel to the boot directory
130 install_readonly "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/zImage" "${BOOT_DIR}/${KERNEL_IMAGE}"
142 install_readonly "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/zImage" "${BOOT_DIR}/${KERNEL_IMAGE}"
131 fi
143 fi
132
144
133 # Remove kernel sources
145 # Remove kernel sources
134 if [ "$KERNEL_REMOVESRC" = true ] ; then
146 if [ "$KERNEL_REMOVESRC" = true ] ; then
135 rm -fr "${KERNEL_DIR}"
147 rm -fr "${KERNEL_DIR}"
136 else
148 else
137 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" modules_prepare
149 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" modules_prepare
138
150
139 # Create symlinks for kernel modules
151 # Create symlinks for kernel modules
140 ln -sf "${KERNEL_DIR}" "${R}/lib/modules/${KERNEL_VERSION}/build"
152 ln -sf "${KERNEL_DIR}" "${R}/lib/modules/${KERNEL_VERSION}/build"
141 ln -sf "${KERNEL_DIR}" "${R}/lib/modules/${KERNEL_VERSION}/source"
153 ln -sf "${KERNEL_DIR}" "${R}/lib/modules/${KERNEL_VERSION}/source"
142 fi
154 fi
143
155
144 else # BUILD_KERNEL=false
156 else # BUILD_KERNEL=false
145 # Kernel installation
157 # Kernel installation
146 chroot_exec apt-get -qq -y --no-install-recommends install linux-image-"${COLLABORA_KERNEL}" raspberrypi-bootloader-nokernel
158 chroot_exec apt-get -qq -y --no-install-recommends install linux-image-"${COLLABORA_KERNEL}" raspberrypi-bootloader-nokernel
147
159
148 # Install flash-kernel last so it doesn't try (and fail) to detect the platform in the chroot
160 # Install flash-kernel last so it doesn't try (and fail) to detect the platform in the chroot
149 chroot_exec apt-get -qq -y install flash-kernel
161 chroot_exec apt-get -qq -y install flash-kernel
150
162
151 # Check if kernel installation was successful
163 # Check if kernel installation was successful
152 VMLINUZ="$(ls -1 ${R}/boot/vmlinuz-* | sort | tail -n 1)"
164 VMLINUZ="$(ls -1 ${R}/boot/vmlinuz-* | sort | tail -n 1)"
153 if [ -z "$VMLINUZ" ] ; then
165 if [ -z "$VMLINUZ" ] ; then
154 echo "error: kernel installation failed! (/boot/vmlinuz-* not found)"
166 echo "error: kernel installation failed! (/boot/vmlinuz-* not found)"
155 cleanup
167 cleanup
156 exit 1
168 exit 1
157 fi
169 fi
158 # Copy vmlinuz kernel to the boot directory
170 # Copy vmlinuz kernel to the boot directory
159 install_readonly "${VMLINUZ}" "${BOOT_DIR}/${KERNEL_IMAGE}"
171 install_readonly "${VMLINUZ}" "${BOOT_DIR}/${KERNEL_IMAGE}"
160 fi
172 fi
@@ -1,136 +1,151
1 #
1 #
2 # Setup RPi2/3 config and cmdline
2 # Setup RPi2/3 config and cmdline
3 #
3 #
4
4
5 # Load utility functions
5 # Load utility functions
6 . ./functions.sh
6 . ./functions.sh
7
7
8 if [ "$BUILD_KERNEL" = true ] ; then
8 if [ "$BUILD_KERNEL" = true ] ; then
9 if [ -n "$RPI_FIRMWARE_DIR" ] && [ -d "$RPI_FIRMWARE_DIR" ] ; then
9 if [ -n "$RPI_FIRMWARE_DIR" ] && [ -d "$RPI_FIRMWARE_DIR" ] ; then
10 # Install boot binaries from local directory
10 # Install boot binaries from local directory
11 cp ${RPI_FIRMWARE_DIR}/boot/bootcode.bin ${BOOT_DIR}/bootcode.bin
11 cp ${RPI_FIRMWARE_DIR}/boot/bootcode.bin ${BOOT_DIR}/bootcode.bin
12 cp ${RPI_FIRMWARE_DIR}/boot/fixup.dat ${BOOT_DIR}/fixup.dat
12 cp ${RPI_FIRMWARE_DIR}/boot/fixup.dat ${BOOT_DIR}/fixup.dat
13 cp ${RPI_FIRMWARE_DIR}/boot/fixup_cd.dat ${BOOT_DIR}/fixup_cd.dat
13 cp ${RPI_FIRMWARE_DIR}/boot/fixup_cd.dat ${BOOT_DIR}/fixup_cd.dat
14 cp ${RPI_FIRMWARE_DIR}/boot/fixup_x.dat ${BOOT_DIR}/fixup_x.dat
14 cp ${RPI_FIRMWARE_DIR}/boot/fixup_x.dat ${BOOT_DIR}/fixup_x.dat
15 cp ${RPI_FIRMWARE_DIR}/boot/start.elf ${BOOT_DIR}/start.elf
15 cp ${RPI_FIRMWARE_DIR}/boot/start.elf ${BOOT_DIR}/start.elf
16 cp ${RPI_FIRMWARE_DIR}/boot/start_cd.elf ${BOOT_DIR}/start_cd.elf
16 cp ${RPI_FIRMWARE_DIR}/boot/start_cd.elf ${BOOT_DIR}/start_cd.elf
17 cp ${RPI_FIRMWARE_DIR}/boot/start_x.elf ${BOOT_DIR}/start_x.elf
17 cp ${RPI_FIRMWARE_DIR}/boot/start_x.elf ${BOOT_DIR}/start_x.elf
18 else
18 else
19 # Create temporary directory for boot binaries
20 temp_dir=$(sudo -u nobody mktemp -d)
21
19 # Install latest boot binaries from raspberry/firmware github
22 # Install latest boot binaries from raspberry/firmware github
20 wget -q -O "${BOOT_DIR}/bootcode.bin" "${FIRMWARE_URL}/bootcode.bin"
23 sudo -u nobody wget -q -O "${temp_dir}/bootcode.bin" "${FIRMWARE_URL}/bootcode.bin"
21 wget -q -O "${BOOT_DIR}/fixup.dat" "${FIRMWARE_URL}/fixup.dat"
24 sudo -u nobody wget -q -O "${temp_dir}/fixup.dat" "${FIRMWARE_URL}/fixup.dat"
22 wget -q -O "${BOOT_DIR}/fixup_cd.dat" "${FIRMWARE_URL}/fixup_cd.dat"
25 sudo -u nobody wget -q -O "${temp_dir}/fixup_cd.dat" "${FIRMWARE_URL}/fixup_cd.dat"
23 wget -q -O "${BOOT_DIR}/fixup_x.dat" "${FIRMWARE_URL}/fixup_x.dat"
26 sudo -u nobody wget -q -O "${temp_dir}/fixup_x.dat" "${FIRMWARE_URL}/fixup_x.dat"
24 wget -q -O "${BOOT_DIR}/start.elf" "${FIRMWARE_URL}/start.elf"
27 sudo -u nobody wget -q -O "${temp_dir}/start.elf" "${FIRMWARE_URL}/start.elf"
25 wget -q -O "${BOOT_DIR}/start_cd.elf" "${FIRMWARE_URL}/start_cd.elf"
28 sudo -u nobody wget -q -O "${temp_dir}/start_cd.elf" "${FIRMWARE_URL}/start_cd.elf"
26 wget -q -O "${BOOT_DIR}/start_x.elf" "${FIRMWARE_URL}/start_x.elf"
29 sudo -u nobody wget -q -O "${temp_dir}/start_x.elf" "${FIRMWARE_URL}/start_x.elf"
30
31 # Move downloaded boot binaries
32 mv "${temp_dir}/"* "${BOOT_DIR}/"
33
34 # Remove temporary directory for boot binaries
35 rm -fr "${temp_dir}"
36
37 # Set permissions of the boot binaries
38 chown -R root:root "${BOOT_DIR}"
39 chmod -R 600 "${BOOT_DIR}"
27 fi
40 fi
28 fi
41 fi
29
42
30 # Setup firmware boot cmdline
43 # Setup firmware boot cmdline
31 if [ "$ENABLE_SPLITFS" = true ] ; then
44 if [ "$ENABLE_SPLITFS" = true ] ; then
32 CMDLINE="dwc_otg.lpm_enable=0 root=/dev/sda1 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline rootwait console=tty1"
45 CMDLINE="dwc_otg.lpm_enable=0 root=/dev/sda1 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline rootwait console=tty1"
33 else
46 else
34 CMDLINE="dwc_otg.lpm_enable=0 root=/dev/mmcblk0p2 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline rootwait console=tty1"
47 CMDLINE="dwc_otg.lpm_enable=0 root=/dev/mmcblk0p2 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline rootwait console=tty1"
35 fi
48 fi
36
49
37 # Add encrypted root partition to cmdline.txt
50 # Add encrypted root partition to cmdline.txt
38 if [ "$ENABLE_CRYPTFS" = true ] ; then
51 if [ "$ENABLE_CRYPTFS" = true ] ; then
39 if [ "$ENABLE_SPLITFS" = true ] ; then
52 if [ "$ENABLE_SPLITFS" = true ] ; then
40 CMDLINE=$(echo ${CMDLINE} | sed "s/sda1/mapper\/${CRYPTFS_MAPPING} cryptdevice=\/dev\/sda1:${CRYPTFS_MAPPING}/")
53 CMDLINE=$(echo ${CMDLINE} | sed "s/sda1/mapper\/${CRYPTFS_MAPPING} cryptdevice=\/dev\/sda1:${CRYPTFS_MAPPING}/")
41 else
54 else
42 CMDLINE=$(echo ${CMDLINE} | sed "s/mmcblk0p2/mapper\/${CRYPTFS_MAPPING} cryptdevice=\/dev\/mmcblk0p2:${CRYPTFS_MAPPING}/")
55 CMDLINE=$(echo ${CMDLINE} | sed "s/mmcblk0p2/mapper\/${CRYPTFS_MAPPING} cryptdevice=\/dev\/mmcblk0p2:${CRYPTFS_MAPPING}/")
43 fi
56 fi
44 fi
57 fi
45
58
46 # Add serial console support
59 # Add serial console support
47 if [ "$ENABLE_CONSOLE" = true ] ; then
60 if [ "$ENABLE_CONSOLE" = true ] ; then
48 CMDLINE="${CMDLINE} console=ttyAMA0,115200 kgdboc=ttyAMA0,115200"
61 CMDLINE="${CMDLINE} console=ttyAMA0,115200 kgdboc=ttyAMA0,115200"
49 fi
62 fi
50
63
51 # Remove IPv6 networking support
64 # Remove IPv6 networking support
52 if [ "$ENABLE_IPV6" = false ] ; then
65 if [ "$ENABLE_IPV6" = false ] ; then
53 CMDLINE="${CMDLINE} ipv6.disable=1"
66 CMDLINE="${CMDLINE} ipv6.disable=1"
54 fi
67 fi
55
68
56 # Automatically assign predictable network interface names
69 # Automatically assign predictable network interface names
57 if [ "$ENABLE_IFNAMES" = false ] ; then
70 if [ "$ENABLE_IFNAMES" = false ] ; then
58 CMDLINE="${CMDLINE} net.ifnames=0"
71 CMDLINE="${CMDLINE} net.ifnames=0"
59 else
72 else
60 CMDLINE="${CMDLINE} net.ifnames=1"
73 CMDLINE="${CMDLINE} net.ifnames=1"
61 fi
74 fi
62
75
63 # Set init to systemd if required by Debian release
76 # Set init to systemd if required by Debian release
64 if [ "$RELEASE" = "stretch" ] ; then
77 if [ "$RELEASE" = "stretch" ] ; then
65 CMDLINE="${CMDLINE} init=/bin/systemd"
78 CMDLINE="${CMDLINE} init=/bin/systemd"
66 fi
79 fi
67
80
68 # Install firmware boot cmdline
81 # Install firmware boot cmdline
69 echo "${CMDLINE}" > "${BOOT_DIR}/cmdline.txt"
82 echo "${CMDLINE}" > "${BOOT_DIR}/cmdline.txt"
70
83
71 # Install firmware config
84 # Install firmware config
72 install_readonly files/boot/config.txt "${BOOT_DIR}/config.txt"
85 install_readonly files/boot/config.txt "${BOOT_DIR}/config.txt"
73
86
74 # Setup minimal GPU memory allocation size: 16MB (no X)
87 # Setup minimal GPU memory allocation size: 16MB (no X)
75 if [ "$ENABLE_MINGPU" = true ] ; then
88 if [ "$ENABLE_MINGPU" = true ] ; then
76 echo "gpu_mem=16" >> "${BOOT_DIR}/config.txt"
89 echo "gpu_mem=16" >> "${BOOT_DIR}/config.txt"
77 fi
90 fi
78
91
79 # Setup boot with initramfs
92 # Setup boot with initramfs
80 if [ "$ENABLE_INITRAMFS" = true ] ; then
93 if [ "$ENABLE_INITRAMFS" = true ] ; then
81 echo "initramfs initramfs-${KERNEL_VERSION} followkernel" >> "${BOOT_DIR}/config.txt"
94 echo "initramfs initramfs-${KERNEL_VERSION} followkernel" >> "${BOOT_DIR}/config.txt"
82 fi
95 fi
83
96
84 # Disable RPi3 Bluetooth and restore ttyAMA0 serial device
97 # Disable RPi3 Bluetooth and restore ttyAMA0 serial device
85 if [ "$RPI_MODEL" = 3 ] ; then
98 if [ "$RPI_MODEL" = 3 ] ; then
86 if [ "$ENABLE_CONSOLE" = true ] && [ "$ENABLE_UBOOT" = false ] ; then
99 if [ "$ENABLE_CONSOLE" = true ] && [ "$ENABLE_UBOOT" = false ] ; then
87 echo "dtoverlay=pi3-disable-bt" >> "${BOOT_DIR}/config.txt"
100 echo "dtoverlay=pi3-disable-bt" >> "${BOOT_DIR}/config.txt"
88 echo "enable_uart=1" >> "${BOOT_DIR}/config.txt"
101 echo "enable_uart=1" >> "${BOOT_DIR}/config.txt"
89 fi
102 fi
90 fi
103 fi
91
104
92 # Create firmware configuration and cmdline symlinks
105 # Create firmware configuration and cmdline symlinks
93 ln -sf firmware/config.txt "${R}/boot/config.txt"
106 ln -sf firmware/config.txt "${R}/boot/config.txt"
94 ln -sf firmware/cmdline.txt "${R}/boot/cmdline.txt"
107 ln -sf firmware/cmdline.txt "${R}/boot/cmdline.txt"
95
108
96 # Install and setup kernel modules to load at boot
109 # Install and setup kernel modules to load at boot
97 mkdir -p "${R}/lib/modules-load.d/"
110 mkdir -p "${R}/lib/modules-load.d/"
98 install_readonly files/modules/rpi2.conf "${R}/lib/modules-load.d/rpi2.conf"
111 install_readonly files/modules/rpi2.conf "${R}/lib/modules-load.d/rpi2.conf"
99
112
100 # Load hardware random module at boot
113 # Load hardware random module at boot
101 if [ "$ENABLE_HWRANDOM" = true ] && [ "$BUILD_KERNEL" = false ] ; then
114 if [ "$ENABLE_HWRANDOM" = true ] && [ "$BUILD_KERNEL" = false ] ; then
102 sed -i "s/^# bcm2708_rng/bcm2708_rng/" "${R}/lib/modules-load.d/rpi2.conf"
115 sed -i "s/^# bcm2708_rng/bcm2708_rng/" "${R}/lib/modules-load.d/rpi2.conf"
103 fi
116 fi
104
117
105 # Load sound module at boot
118 # Load sound module at boot
106 if [ "$ENABLE_SOUND" = true ] ; then
119 if [ "$ENABLE_SOUND" = true ] ; then
107 sed -i "s/^# snd_bcm2835/snd_bcm2835/" "${R}/lib/modules-load.d/rpi2.conf"
120 sed -i "s/^# snd_bcm2835/snd_bcm2835/" "${R}/lib/modules-load.d/rpi2.conf"
121 else
122 echo "dtparam=audio=off" >> "${BOOT_DIR}/config.txt"
108 fi
123 fi
109
124
110 # Enable I2C interface
125 # Enable I2C interface
111 if [ "$ENABLE_I2C" = true ] ; then
126 if [ "$ENABLE_I2C" = true ] ; then
112 echo "dtparam=i2c_arm=on" >> "${BOOT_DIR}/config.txt"
127 echo "dtparam=i2c_arm=on" >> "${BOOT_DIR}/config.txt"
113 sed -i "s/^# i2c-bcm2708/i2c-bcm2708/" "${R}/lib/modules-load.d/rpi2.conf"
128 sed -i "s/^# i2c-bcm2708/i2c-bcm2708/" "${R}/lib/modules-load.d/rpi2.conf"
114 sed -i "s/^# i2c-dev/i2c-dev/" "${R}/lib/modules-load.d/rpi2.conf"
129 sed -i "s/^# i2c-dev/i2c-dev/" "${R}/lib/modules-load.d/rpi2.conf"
115 fi
130 fi
116
131
117 # Enable SPI interface
132 # Enable SPI interface
118 if [ "$ENABLE_SPI" = true ] ; then
133 if [ "$ENABLE_SPI" = true ] ; then
119 echo "dtparam=spi=on" >> "${BOOT_DIR}/config.txt"
134 echo "dtparam=spi=on" >> "${BOOT_DIR}/config.txt"
120 echo "spi-bcm2708" >> "${R}/lib/modules-load.d/rpi2.conf"
135 echo "spi-bcm2708" >> "${R}/lib/modules-load.d/rpi2.conf"
121 if [ "$RPI_MODEL" = 3 ] ; then
136 if [ "$RPI_MODEL" = 3 ] ; then
122 sed -i "s/spi-bcm2708/spi-bcm2835/" "${R}/lib/modules-load.d/rpi2.conf"
137 sed -i "s/spi-bcm2708/spi-bcm2835/" "${R}/lib/modules-load.d/rpi2.conf"
123 fi
138 fi
124 fi
139 fi
125
140
126 # Disable RPi2/3 under-voltage warnings
141 # Disable RPi2/3 under-voltage warnings
127 if [ ! -z "$DISABLE_UNDERVOLT_WARNINGS" ] ; then
142 if [ ! -z "$DISABLE_UNDERVOLT_WARNINGS" ] ; then
128 echo "avoid_warnings=${DISABLE_UNDERVOLT_WARNINGS}" >> "${BOOT_DIR}/config.txt"
143 echo "avoid_warnings=${DISABLE_UNDERVOLT_WARNINGS}" >> "${BOOT_DIR}/config.txt"
129 fi
144 fi
130
145
131 # Install kernel modules blacklist
146 # Install kernel modules blacklist
132 mkdir -p "${ETC_DIR}/modprobe.d/"
147 mkdir -p "${ETC_DIR}/modprobe.d/"
133 install_readonly files/modules/raspi-blacklist.conf "${ETC_DIR}/modprobe.d/raspi-blacklist.conf"
148 install_readonly files/modules/raspi-blacklist.conf "${ETC_DIR}/modprobe.d/raspi-blacklist.conf"
134
149
135 # Install sysctl.d configuration files
150 # Install sysctl.d configuration files
136 install_readonly files/sysctl.d/81-rpi-vm.conf "${ETC_DIR}/sysctl.d/81-rpi-vm.conf"
151 install_readonly files/sysctl.d/81-rpi-vm.conf "${ETC_DIR}/sysctl.d/81-rpi-vm.conf"
@@ -1,93 +1,107
1 #
1 #
2 # Setup Networking
2 # Setup Networking
3 #
3 #
4
4
5 # Load utility functions
5 # Load utility functions
6 . ./functions.sh
6 . ./functions.sh
7
7
8 # Install and setup hostname
8 # Install and setup hostname
9 install_readonly files/network/hostname "${ETC_DIR}/hostname"
9 install_readonly files/network/hostname "${ETC_DIR}/hostname"
10 sed -i "s/^rpi2-jessie/${HOSTNAME}/" "${ETC_DIR}/hostname"
10 sed -i "s/^rpi2-jessie/${HOSTNAME}/" "${ETC_DIR}/hostname"
11
11
12 # Install and setup hosts
12 # Install and setup hosts
13 install_readonly files/network/hosts "${ETC_DIR}/hosts"
13 install_readonly files/network/hosts "${ETC_DIR}/hosts"
14 sed -i "s/rpi2-jessie/${HOSTNAME}/" "${ETC_DIR}/hosts"
14 sed -i "s/rpi2-jessie/${HOSTNAME}/" "${ETC_DIR}/hosts"
15
15
16 # Setup hostname entry with static IP
16 # Setup hostname entry with static IP
17 if [ "$NET_ADDRESS" != "" ] ; then
17 if [ "$NET_ADDRESS" != "" ] ; then
18 NET_IP=$(echo "${NET_ADDRESS}" | cut -f 1 -d'/')
18 NET_IP=$(echo "${NET_ADDRESS}" | cut -f 1 -d'/')
19 sed -i "s/^127.0.1.1/${NET_IP}/" "${ETC_DIR}/hosts"
19 sed -i "s/^127.0.1.1/${NET_IP}/" "${ETC_DIR}/hosts"
20 fi
20 fi
21
21
22 # Remove IPv6 hosts
22 # Remove IPv6 hosts
23 if [ "$ENABLE_IPV6" = false ] ; then
23 if [ "$ENABLE_IPV6" = false ] ; then
24 sed -i -e "/::[1-9]/d" -e "/^$/d" "${ETC_DIR}/hosts"
24 sed -i -e "/::[1-9]/d" -e "/^$/d" "${ETC_DIR}/hosts"
25 fi
25 fi
26
26
27 # Install hint about network configuration
27 # Install hint about network configuration
28 install_readonly files/network/interfaces "${ETC_DIR}/network/interfaces"
28 install_readonly files/network/interfaces "${ETC_DIR}/network/interfaces"
29
29
30 # Install configuration for interface eth0
30 # Install configuration for interface eth0
31 install_readonly files/network/eth.network "${ETC_DIR}/systemd/network/eth.network"
31 install_readonly files/network/eth.network "${ETC_DIR}/systemd/network/eth.network"
32
32
33 if [ "$ENABLE_DHCP" = true ] ; then
33 if [ "$ENABLE_DHCP" = true ] ; then
34 # Enable DHCP configuration for interface eth0
34 # Enable DHCP configuration for interface eth0
35 sed -i -e "s/DHCP=.*/DHCP=yes/" -e "/DHCP/q" "${ETC_DIR}/systemd/network/eth.network"
35 sed -i -e "s/DHCP=.*/DHCP=yes/" -e "/DHCP/q" "${ETC_DIR}/systemd/network/eth.network"
36
36
37 # Set DHCP configuration to IPv4 only
37 # Set DHCP configuration to IPv4 only
38 if [ "$ENABLE_IPV6" = false ] ; then
38 if [ "$ENABLE_IPV6" = false ] ; then
39 sed -i "s/DHCP=.*/DHCP=v4/" "${ETC_DIR}/systemd/network/eth.network"
39 sed -i "s/DHCP=.*/DHCP=v4/" "${ETC_DIR}/systemd/network/eth.network"
40 fi
40 fi
41
41
42 else # ENABLE_DHCP=false
42 else # ENABLE_DHCP=false
43 # Set static network configuration for interface eth0
43 # Set static network configuration for interface eth0
44 sed -i\
44 sed -i\
45 -e "s|DHCP=.*|DHCP=no|"\
45 -e "s|DHCP=.*|DHCP=no|"\
46 -e "s|Address=\$|Address=${NET_ADDRESS}|"\
46 -e "s|Address=\$|Address=${NET_ADDRESS}|"\
47 -e "s|Gateway=\$|Gateway=${NET_GATEWAY}|"\
47 -e "s|Gateway=\$|Gateway=${NET_GATEWAY}|"\
48 -e "0,/DNS=\$/ s|DNS=\$|DNS=${NET_DNS_1}|"\
48 -e "0,/DNS=\$/ s|DNS=\$|DNS=${NET_DNS_1}|"\
49 -e "0,/DNS=\$/ s|DNS=\$|DNS=${NET_DNS_2}|"\
49 -e "0,/DNS=\$/ s|DNS=\$|DNS=${NET_DNS_2}|"\
50 -e "s|Domains=\$|Domains=${NET_DNS_DOMAINS}|"\
50 -e "s|Domains=\$|Domains=${NET_DNS_DOMAINS}|"\
51 -e "0,/NTP=\$/ s|NTP=\$|NTP=${NET_NTP_1}|"\
51 -e "0,/NTP=\$/ s|NTP=\$|NTP=${NET_NTP_1}|"\
52 -e "0,/NTP=\$/ s|NTP=\$|NTP=${NET_NTP_2}|"\
52 -e "0,/NTP=\$/ s|NTP=\$|NTP=${NET_NTP_2}|"\
53 "${ETC_DIR}/systemd/network/eth.network"
53 "${ETC_DIR}/systemd/network/eth.network"
54 fi
54 fi
55
55
56 # Remove empty settings from network configuration
56 # Remove empty settings from network configuration
57 sed -i "/.*=\$/d" "${ETC_DIR}/systemd/network/eth.network"
57 sed -i "/.*=\$/d" "${ETC_DIR}/systemd/network/eth.network"
58
58
59 # Move systemd network configuration if required by Debian release
59 # Move systemd network configuration if required by Debian release
60 if [ "$RELEASE" = "stretch" ] ; then
60 if [ "$RELEASE" = "stretch" ] ; then
61 mv -v "${ETC_DIR}/systemd/network/eth.network" "${LIB_DIR}/systemd/network/10-eth.network"
61 mv -v "${ETC_DIR}/systemd/network/eth.network" "${LIB_DIR}/systemd/network/10-eth.network"
62 rm -fr "${ETC_DIR}/systemd/network"
62 rm -fr "${ETC_DIR}/systemd/network"
63 fi
63 fi
64
64
65 # Enable systemd-networkd service
65 # Enable systemd-networkd service
66 chroot_exec systemctl enable systemd-networkd
66 chroot_exec systemctl enable systemd-networkd
67
67
68 # Install host.conf resolver configuration
68 # Install host.conf resolver configuration
69 install_readonly files/network/host.conf "${ETC_DIR}/host.conf"
69 install_readonly files/network/host.conf "${ETC_DIR}/host.conf"
70
70
71 # Enable network stack hardening
71 # Enable network stack hardening
72 if [ "$ENABLE_HARDNET" = true ] ; then
72 if [ "$ENABLE_HARDNET" = true ] ; then
73 # Install sysctl.d configuration files
73 # Install sysctl.d configuration files
74 install_readonly files/sysctl.d/82-rpi-net-hardening.conf "${ETC_DIR}/sysctl.d/82-rpi-net-hardening.conf"
74 install_readonly files/sysctl.d/82-rpi-net-hardening.conf "${ETC_DIR}/sysctl.d/82-rpi-net-hardening.conf"
75
75
76 # Setup resolver warnings about spoofed addresses
76 # Setup resolver warnings about spoofed addresses
77 sed -i "s/^# spoof warn/spoof warn/" "${ETC_DIR}/host.conf"
77 sed -i "s/^# spoof warn/spoof warn/" "${ETC_DIR}/host.conf"
78 fi
78 fi
79
79
80 # Enable time sync
80 # Enable time sync
81 if [ "NET_NTP_1" != "" ] ; then
81 if [ "NET_NTP_1" != "" ] ; then
82 chroot_exec systemctl enable systemd-timesyncd.service
82 chroot_exec systemctl enable systemd-timesyncd.service
83 fi
83 fi
84
84
85 # Download the firmware binary blob required to use the RPi3 wireless interface
85 # Download the firmware binary blob required to use the RPi3 wireless interface
86 if [ "$ENABLE_WIRELESS" = true ] ; then
86 if [ "$ENABLE_WIRELESS" = true ] ; then
87 if [ ! -d ${WLAN_FIRMWARE_DIR} ] ; then
87 if [ ! -d ${WLAN_FIRMWARE_DIR} ] ; then
88 mkdir -p ${WLAN_FIRMWARE_DIR}
88 mkdir -p ${WLAN_FIRMWARE_DIR}
89 fi
89 fi
90
90
91 wget -q -O "${WLAN_FIRMWARE_DIR}/brcmfmac43430-sdio.bin" "${WLAN_FIRMWARE_URL}/brcmfmac43430-sdio.bin"
91 # Create temporary directory for firmware binary blob
92 wget -q -O "${WLAN_FIRMWARE_DIR}/brcmfmac43430-sdio.txt" "${WLAN_FIRMWARE_URL}/brcmfmac43430-sdio.txt"
92 temp_dir=$(sudo -u nobody mktemp -d)
93
94 # Fetch firmware binary blob
95 sudo -u nobody wget -q -O "${temp_dir}/brcmfmac43430-sdio.bin" "${WLAN_FIRMWARE_URL}/brcmfmac43430-sdio.bin"
96 sudo -u nobody wget -q -O "${temp_dir}/brcmfmac43430-sdio.txt" "${WLAN_FIRMWARE_URL}/brcmfmac43430-sdio.txt"
97
98 # Move downloaded firmware binary blob
99 mv "${temp_dir}/brcmfmac43430-sdio."* "${WLAN_FIRMWARE_DIR}/"
100
101 # Remove temporary directory for firmware binary blob
102 rm -fr "${temp_dir}"
103
104 # Set permissions of the firmware binary blob
105 chown root:root "${WLAN_FIRMWARE_DIR}/brcmfmac43430-sdio."*
106 chmod 600 "${WLAN_FIRMWARE_DIR}/brcmfmac43430-sdio."*
93 fi
107 fi
@@ -1,13 +1,13
1 #
1 #
2 # Setup Logging
2 # Setup Logging
3 #
3 #
4
4
5 # Load utility functions
5 # Load utility functions
6 . ./functions.sh
6 . ./functions.sh
7
7
8 # Disable rsyslog
8 # Disable rsyslog
9 if [ "$ENABLE_RSYSLOG" = false ] ; then
9 if [ "$ENABLE_RSYSLOG" = false ] ; then
10 sed -i "s|[#]*ForwardToSyslog=yes|ForwardToSyslog=no|g" "${ETC_DIR}/systemd/journald.conf"
10 sed -i "s|[#]*ForwardToSyslog=yes|ForwardToSyslog=no|g" "${ETC_DIR}/systemd/journald.conf"
11 chroot_exec systemctl disable rsyslog
11 chroot_exec systemctl disable rsyslog
12 chroot_exec apt-get -qq -y --force-yes purge rsyslog
12 chroot_exec apt-get -qq -y purge rsyslog
13 fi
13 fi
@@ -1,87 +1,116
1 #
1 #
2 # Setup SSH settings and public keys
2 # Setup SSH settings and public keys
3 #
3 #
4
4
5 # Load utility functions
5 # Load utility functions
6 . ./functions.sh
6 . ./functions.sh
7
7
8 if [ "$ENABLE_SSHD" = true ] ; then
8 if [ "$ENABLE_SSHD" = true ] ; then
9 DROPBEAR_ARGS=""
10
9 if [ "$SSH_ENABLE_ROOT" = false ] ; then
11 if [ "$SSH_ENABLE_ROOT" = false ] ; then
12 if [ "$ENABLE_REDUCE" = false ] || [ "$REDUCE_SSHD" = false ] ; then
10 # User root is not allowed to log in
13 # User root is not allowed to log in
11 sed -i "s|[#]*PermitRootLogin.*|PermitRootLogin no|g" "${ETC_DIR}/ssh/sshd_config"
14 sed -i "s|[#]*PermitRootLogin.*|PermitRootLogin no|g" "${ETC_DIR}/ssh/sshd_config"
15 else
16 # User root is not allowed to log in
17 DROPBEAR_ARGS="-w"
18 fi
12 fi
19 fi
13
20
14 if [ "$ENABLE_ROOT" = true ] && [ "$SSH_ENABLE_ROOT" = true ] ; then
21 if [ "$ENABLE_ROOT" = true ] && [ "$SSH_ENABLE_ROOT" = true ] ; then
22 if [ "$ENABLE_REDUCE" = false ] || [ "$REDUCE_SSHD" = false ] ; then
15 # Permit SSH root login
23 # Permit SSH root login
16 sed -i "s|[#]*PermitRootLogin.*|PermitRootLogin yes|g" "${ETC_DIR}/ssh/sshd_config"
24 sed -i "s|[#]*PermitRootLogin.*|PermitRootLogin yes|g" "${ETC_DIR}/ssh/sshd_config"
25 else
26 # Permit SSH root login
27 DROPBEAR_ARGS=""
28 fi
17
29
18 # Add SSH (v2) public key for user root
30 # Add SSH (v2) public key for user root
19 if [ ! -z "$SSH_ROOT_PUB_KEY" ] ; then
31 if [ ! -z "$SSH_ROOT_PUB_KEY" ] ; then
20 # Create root SSH config directory
32 # Create root SSH config directory
21 mkdir -p "${R}/root/.ssh"
33 mkdir -p "${R}/root/.ssh"
22
34
23 # Set permissions of root SSH config directory
35 # Set permissions of root SSH config directory
24 chroot_exec chmod 700 "/root/.ssh"
36 chroot_exec chmod 700 "/root/.ssh"
25 chroot_exec chown root:root "/root/.ssh"
37 chroot_exec chown root:root "/root/.ssh"
26
38
27 # Add SSH (v2) public key(s) to authorized_keys file
39 # Add SSH (v2) public key(s) to authorized_keys file
28 cat "$SSH_ROOT_PUB_KEY" >> "${R}/root/.ssh/authorized_keys"
40 cat "$SSH_ROOT_PUB_KEY" >> "${R}/root/.ssh/authorized_keys"
29
41
30 # Set permissions of root SSH authorized_keys file
42 # Set permissions of root SSH authorized_keys file
31 chroot_exec chmod 600 "/root/.ssh/authorized_keys"
43 chroot_exec chmod 600 "/root/.ssh/authorized_keys"
32 chroot_exec chown root:root "/root/.ssh/authorized_keys"
44 chroot_exec chown root:root "/root/.ssh/authorized_keys"
33
45
46 if [ "$ENABLE_REDUCE" = false ] || [ "$REDUCE_SSHD" = false ] ; then
34 # Allow SSH public key authentication
47 # Allow SSH public key authentication
35 sed -i "s|[#]*PubkeyAuthentication.*|PubkeyAuthentication yes|g" "${ETC_DIR}/ssh/sshd_config"
48 sed -i "s|[#]*PubkeyAuthentication.*|PubkeyAuthentication yes|g" "${ETC_DIR}/ssh/sshd_config"
36 fi
49 fi
37 fi
50 fi
51 fi
38
52
39 if [ "$ENABLE_USER" = true ] ; then
53 if [ "$ENABLE_USER" = true ] ; then
40 # Add SSH (v2) public key for user $USER_NAME
54 # Add SSH (v2) public key for user $USER_NAME
41 if [ ! -z "$SSH_USER_PUB_KEY" ] ; then
55 if [ ! -z "$SSH_USER_PUB_KEY" ] ; then
42 # Create $USER_NAME SSH config directory
56 # Create $USER_NAME SSH config directory
43 mkdir -p "${R}/home/${USER_NAME}/.ssh"
57 mkdir -p "${R}/home/${USER_NAME}/.ssh"
44
58
45 # Set permissions of $USER_NAME SSH config directory
59 # Set permissions of $USER_NAME SSH config directory
46 chroot_exec chmod 700 "/home/${USER_NAME}/.ssh"
60 chroot_exec chmod 700 "/home/${USER_NAME}/.ssh"
47 chroot_exec chown ${USER_NAME}:${USER_NAME} "/home/${USER_NAME}/.ssh"
61 chroot_exec chown ${USER_NAME}:${USER_NAME} "/home/${USER_NAME}/.ssh"
48
62
49 # Add SSH (v2) public key(s) to authorized_keys file
63 # Add SSH (v2) public key(s) to authorized_keys file
50 cat "$SSH_USER_PUB_KEY" >> "${R}/home/${USER_NAME}/.ssh/authorized_keys"
64 cat "$SSH_USER_PUB_KEY" >> "${R}/home/${USER_NAME}/.ssh/authorized_keys"
51
65
52 # Set permissions of $USER_NAME SSH config directory
66 # Set permissions of $USER_NAME SSH config directory
53 chroot_exec chmod 600 "/home/${USER_NAME}/.ssh/authorized_keys"
67 chroot_exec chmod 600 "/home/${USER_NAME}/.ssh/authorized_keys"
54 chroot_exec chown ${USER_NAME}:${USER_NAME} "/home/${USER_NAME}/.ssh/authorized_keys"
68 chroot_exec chown ${USER_NAME}:${USER_NAME} "/home/${USER_NAME}/.ssh/authorized_keys"
55
69
70 if [ "$ENABLE_REDUCE" = false ] || [ "$REDUCE_SSHD" = false ] ; then
56 # Allow SSH public key authentication
71 # Allow SSH public key authentication
57 sed -i "s|[#]*PubkeyAuthentication.*|PubkeyAuthentication yes|g" "${ETC_DIR}/ssh/sshd_config"
72 sed -i "s|[#]*PubkeyAuthentication.*|PubkeyAuthentication yes|g" "${ETC_DIR}/ssh/sshd_config"
58 fi
73 fi
59 fi
74 fi
75 fi
60
76
61 # Limit the users that are allowed to login via SSH
77 # Limit the users that are allowed to login via SSH
62 if [ "$SSH_LIMIT_USERS" = true ] ; then
78 if [ "$SSH_LIMIT_USERS" = true ] && [ "$ENABLE_REDUCE" = false ] ; then
63 allowed_users=""
79 allowed_users=""
64 if [ "$ENABLE_ROOT" = true ] && [ "$SSH_ENABLE_ROOT" = true ] ; then
80 if [ "$ENABLE_ROOT" = true ] && [ "$SSH_ENABLE_ROOT" = true ] ; then
65 allowed_users="root"
81 allowed_users="root"
66 fi
82 fi
67
83
68 if [ "$ENABLE_USER" = true ] ; then
84 if [ "$ENABLE_USER" = true ] ; then
69 allowed_users="${allowed_users} ${USER_NAME}"
85 allowed_users="${allowed_users} ${USER_NAME}"
70 fi
86 fi
71
87
72 if [ ! -z "$allowed_users" ] ; then
88 if [ ! -z "$allowed_users" ] ; then
73 echo "AllowUsers ${allowed_users}" >> "${ETC_DIR}/ssh/sshd_config"
89 echo "AllowUsers ${allowed_users}" >> "${ETC_DIR}/ssh/sshd_config"
74 fi
90 fi
75 fi
91 fi
76
92
77 # Disable password-based authentication
93 # Disable password-based authentication
78 if [ "$SSH_DISABLE_PASSWORD_AUTH" = true ] ; then
94 if [ "$SSH_DISABLE_PASSWORD_AUTH" = true ] ; then
79 if [ "$ENABLE_ROOT" = true ] && [ "$SSH_ENABLE_ROOT" = true ] ; then
95 if [ "$ENABLE_ROOT" = true ] && [ "$SSH_ENABLE_ROOT" = true ] ; then
96 if [ "$ENABLE_REDUCE" = false ] || [ "$REDUCE_SSHD" = false ] ; then
80 sed -i "s|[#]*PermitRootLogin.*|PermitRootLogin without-password|g" "${ETC_DIR}/ssh/sshd_config"
97 sed -i "s|[#]*PermitRootLogin.*|PermitRootLogin without-password|g" "${ETC_DIR}/ssh/sshd_config"
98 else
99 DROPBEAR_ARGS="-g"
100 fi
81 fi
101 fi
82
102
103 if [ "$ENABLE_REDUCE" = false ] || [ "$REDUCE_SSHD" = false ] ; then
83 sed -i "s|[#]*PasswordAuthentication.*|PasswordAuthentication no|g" "${ETC_DIR}/ssh/sshd_config"
104 sed -i "s|[#]*PasswordAuthentication.*|PasswordAuthentication no|g" "${ETC_DIR}/ssh/sshd_config"
84 sed -i "s|[#]*ChallengeResponseAuthentication no.*|ChallengeResponseAuthentication no|g" "${ETC_DIR}/ssh/sshd_config"
105 sed -i "s|[#]*ChallengeResponseAuthentication no.*|ChallengeResponseAuthentication no|g" "${ETC_DIR}/ssh/sshd_config"
85 sed -i "s|[#]*UsePAM.*|UsePAM no|g" "${ETC_DIR}/ssh/sshd_config"
106 sed -i "s|[#]*UsePAM.*|UsePAM no|g" "${ETC_DIR}/ssh/sshd_config"
107 else
108 DROPBEAR_ARGS="${DROPBEAR_ARGS} -s"
109 fi
110 fi
111
112 # Update dropbear SSH configuration
113 if [ "$ENABLE_REDUCE" = true ] && [ "$REDUCE_SSHD" = true ] ; then
114 sed "s|^DROPBEAR_EXTRA_ARGS=.*|DROPBEAR_EXTRA_ARGS=\"${DROPBEAR_ARGS}\"|g" "${ETC_DIR}/default/dropbear"
86 fi
115 fi
87 fi
116 fi
@@ -1,74 +1,83
1 #
1 #
2 # Build and Setup U-Boot
2 # Build and Setup U-Boot
3 #
3 #
4
4
5 # Load utility functions
5 # Load utility functions
6 . ./functions.sh
6 . ./functions.sh
7
7
8 # Install gcc/c++ build environment inside the chroot
9 if [ "$ENABLE_UBOOT" = true ] || [ "$ENABLE_FBTURBO" = true ] ; then
10 COMPILER_PACKAGES=$(chroot_exec apt-get -s install ${COMPILER_PACKAGES} | grep "^Inst " | awk -v ORS=" " '{ print $2 }')
11 chroot_exec apt-get -q -y --force-yes --no-install-recommends install ${COMPILER_PACKAGES}
12 fi
13
14 # Fetch and build U-Boot bootloader
8 # Fetch and build U-Boot bootloader
15 if [ "$ENABLE_UBOOT" = true ] ; then
9 if [ "$ENABLE_UBOOT" = true ] ; then
10 # Install c/c++ build environment inside the chroot
11 chroot_install_cc
12
16 # Copy existing U-Boot sources into chroot directory
13 # Copy existing U-Boot sources into chroot directory
17 if [ -n "$UBOOTSRC_DIR" ] && [ -d "$UBOOTSRC_DIR" ] ; then
14 if [ -n "$UBOOTSRC_DIR" ] && [ -d "$UBOOTSRC_DIR" ] ; then
18 # Copy local U-Boot sources
15 # Copy local U-Boot sources
19 cp -r "${UBOOTSRC_DIR}" "${R}/tmp"
16 cp -r "${UBOOTSRC_DIR}" "${R}/tmp"
20 else
17 else
18 # Create temporary directory for U-Boot sources
19 temp_dir=$(sudo -u nobody mktemp -d)
20
21 # Fetch U-Boot sources
21 # Fetch U-Boot sources
22 git -C "${R}/tmp" clone "${UBOOT_URL}"
22 sudo -u nobody git -C "${temp_dir}" clone "${UBOOT_URL}"
23
24 # Copy downloaded U-Boot sources
25 mv "${temp_dir}/u-boot" "${R}/tmp/"
26
27 # Set permissions of the U-Boot sources
28 chown -R root:root "${R}/tmp/u-boot"
29
30 # Remove temporary directory for U-Boot sources
31 rm -fr "${temp_dir}"
23 fi
32 fi
24
33
25 # Build and install U-Boot inside chroot
34 # Build and install U-Boot inside chroot
26 chroot_exec make -j${KERNEL_THREADS} -C /tmp/u-boot/ ${UBOOT_CONFIG} all
35 chroot_exec make -j${KERNEL_THREADS} -C /tmp/u-boot/ ${UBOOT_CONFIG} all
27
36
28 # Copy compiled bootloader binary and set config.txt to load it
37 # Copy compiled bootloader binary and set config.txt to load it
29 install_exec "${R}/tmp/u-boot/tools/mkimage" "${R}/usr/sbin/mkimage"
38 install_exec "${R}/tmp/u-boot/tools/mkimage" "${R}/usr/sbin/mkimage"
30 install_readonly "${R}/tmp/u-boot/u-boot.bin" "${BOOT_DIR}/u-boot.bin"
39 install_readonly "${R}/tmp/u-boot/u-boot.bin" "${BOOT_DIR}/u-boot.bin"
31 printf "\n# boot u-boot kernel\nkernel=u-boot.bin\n" >> "${BOOT_DIR}/config.txt"
40 printf "\n# boot u-boot kernel\nkernel=u-boot.bin\n" >> "${BOOT_DIR}/config.txt"
32
41
33 # Install and setup U-Boot command file
42 # Install and setup U-Boot command file
34 install_readonly files/boot/uboot.mkimage "${BOOT_DIR}/uboot.mkimage"
43 install_readonly files/boot/uboot.mkimage "${BOOT_DIR}/uboot.mkimage"
35 printf "# Set the kernel boot command line\nsetenv bootargs \"earlyprintk ${CMDLINE}\"\n\n$(cat ${BOOT_DIR}/uboot.mkimage)" > "${BOOT_DIR}/uboot.mkimage"
44 printf "# Set the kernel boot command line\nsetenv bootargs \"earlyprintk ${CMDLINE}\"\n\n$(cat ${BOOT_DIR}/uboot.mkimage)" > "${BOOT_DIR}/uboot.mkimage"
36
45
37 if [ "$ENABLE_INITRAMFS" = true ] ; then
46 if [ "$ENABLE_INITRAMFS" = true ] ; then
38 # Convert generated initramfs for U-Boot using mkimage
47 # Convert generated initramfs for U-Boot using mkimage
39 chroot_exec /usr/sbin/mkimage -A "${KERNEL_ARCH}" -T ramdisk -C none -n "initramfs-${KERNEL_VERSION}" -d "/boot/firmware/initramfs-${KERNEL_VERSION}" "/boot/firmware/initramfs-${KERNEL_VERSION}.uboot"
48 chroot_exec /usr/sbin/mkimage -A "${KERNEL_ARCH}" -T ramdisk -C none -n "initramfs-${KERNEL_VERSION}" -d "/boot/firmware/initramfs-${KERNEL_VERSION}" "/boot/firmware/initramfs-${KERNEL_VERSION}.uboot"
40
49
41 # Remove original initramfs file
50 # Remove original initramfs file
42 rm -f "${BOOT_DIR}/initramfs-${KERNEL_VERSION}"
51 rm -f "${BOOT_DIR}/initramfs-${KERNEL_VERSION}"
43
52
44 # Configure U-Boot to load generated initramfs
53 # Configure U-Boot to load generated initramfs
45 printf "# Set initramfs file\nsetenv initramfs initramfs-${KERNEL_VERSION}.uboot\n\n$(cat ${BOOT_DIR}/uboot.mkimage)" > "${BOOT_DIR}/uboot.mkimage"
54 printf "# Set initramfs file\nsetenv initramfs initramfs-${KERNEL_VERSION}.uboot\n\n$(cat ${BOOT_DIR}/uboot.mkimage)" > "${BOOT_DIR}/uboot.mkimage"
46 printf "\nbootz \${kernel_addr_r} \${ramdisk_addr_r} \${fdt_addr_r}" >> "${BOOT_DIR}/uboot.mkimage"
55 printf "\nbootz \${kernel_addr_r} \${ramdisk_addr_r} \${fdt_addr_r}" >> "${BOOT_DIR}/uboot.mkimage"
47 else # ENABLE_INITRAMFS=false
56 else # ENABLE_INITRAMFS=false
48 # Remove initramfs from U-Boot mkfile
57 # Remove initramfs from U-Boot mkfile
49 sed -i '/.*initramfs.*/d' "${BOOT_DIR}/uboot.mkimage"
58 sed -i '/.*initramfs.*/d' "${BOOT_DIR}/uboot.mkimage"
50
59
51 if [ "$BUILD_KERNEL" = false ] ; then
60 if [ "$BUILD_KERNEL" = false ] ; then
52 # Remove dtbfile from U-Boot mkfile
61 # Remove dtbfile from U-Boot mkfile
53 sed -i '/.*dtbfile.*/d' "${BOOT_DIR}/uboot.mkimage"
62 sed -i '/.*dtbfile.*/d' "${BOOT_DIR}/uboot.mkimage"
54 printf "\nbootz \${kernel_addr_r}" >> "${BOOT_DIR}/uboot.mkimage"
63 printf "\nbootz \${kernel_addr_r}" >> "${BOOT_DIR}/uboot.mkimage"
55 else
64 else
56 printf "\nbootz \${kernel_addr_r} - \${fdt_addr_r}" >> "${BOOT_DIR}/uboot.mkimage"
65 printf "\nbootz \${kernel_addr_r} - \${fdt_addr_r}" >> "${BOOT_DIR}/uboot.mkimage"
57 fi
66 fi
58 fi
67 fi
59
68
60 # Set mkfile to use the correct dtb file
69 # Set mkfile to use the correct dtb file
61 sed -i "s/^\(setenv dtbfile \).*/\1${DTB_FILE}/" "${BOOT_DIR}/uboot.mkimage"
70 sed -i "s/^\(setenv dtbfile \).*/\1${DTB_FILE}/" "${BOOT_DIR}/uboot.mkimage"
62
71
63 # Set mkfile to use kernel image
72 # Set mkfile to use kernel image
64 sed -i "s/^\(fatload mmc 0:1 \${kernel_addr_r} \).*/\1${KERNEL_IMAGE}/" "${BOOT_DIR}/uboot.mkimage"
73 sed -i "s/^\(fatload mmc 0:1 \${kernel_addr_r} \).*/\1${KERNEL_IMAGE}/" "${BOOT_DIR}/uboot.mkimage"
65
74
66 # Remove all leading blank lines
75 # Remove all leading blank lines
67 sed -i "/./,\$!d" "${BOOT_DIR}/uboot.mkimage"
76 sed -i "/./,\$!d" "${BOOT_DIR}/uboot.mkimage"
68
77
69 # Generate U-Boot bootloader image
78 # Generate U-Boot bootloader image
70 chroot_exec /usr/sbin/mkimage -A "${KERNEL_ARCH}" -O linux -T script -C none -a 0x00000000 -e 0x00000000 -n "RPi${RPI_MODEL}" -d /boot/firmware/uboot.mkimage /boot/firmware/boot.scr
79 chroot_exec /usr/sbin/mkimage -A "${KERNEL_ARCH}" -O linux -T script -C none -a 0x00000000 -e 0x00000000 -n "RPi${RPI_MODEL}" -d /boot/firmware/uboot.mkimage /boot/firmware/boot.scr
71
80
72 # Remove U-Boot sources
81 # Remove U-Boot sources
73 rm -fr "${R}/tmp/u-boot"
82 rm -fr "${R}/tmp/u-boot"
74 fi
83 fi
@@ -1,34 +1,51
1 #
1 #
2 # Build and Setup fbturbo Xorg driver
2 # Build and Setup fbturbo Xorg driver
3 #
3 #
4
4
5 # Load utility functions
5 # Load utility functions
6 . ./functions.sh
6 . ./functions.sh
7
7
8 if [ "$ENABLE_FBTURBO" = true ] ; then
8 if [ "$ENABLE_FBTURBO" = true ] ; then
9 # Fetch fbturbo driver sources
9 # Install c/c++ build environment inside the chroot
10 git -C "${R}/tmp" clone "${FBTURBO_URL}"
10 chroot_install_cc
11
12 # Copy existing fbturbo sources into chroot directory
13 if [ -n "$FBTURBOSRC_DIR" ] && [ -d "$FBTURBOSRC_DIR" ] ; then
14 # Copy local fbturbo sources
15 cp -r "${FBTURBOSRC_DIR}" "${R}/tmp"
16 else
17 # Create temporary directory for fbturbo sources
18 temp_dir=$(sudo -u nobody mktemp -d)
19
20 # Fetch fbturbo sources
21 sudo -u nobody git -C "${temp_dir}" clone "${FBTURBO_URL}"
22
23 # Move downloaded fbturbo sources
24 mv "${temp_dir}/xf86-video-fbturbo" "${R}/tmp/"
25
26 # Remove temporary directory for fbturbo sources
27 rm -fr "${temp_dir}"
28 fi
11
29
12 # Install Xorg build dependencies
30 # Install Xorg build dependencies
13 chroot_exec apt-get -q -y --force-yes --no-install-recommends install xorg-dev xutils-dev x11proto-dri2-dev libltdl-dev libtool automake libdrm-dev
31 if [ "$RELEASE" = "jessie" ] ; then
32 chroot_exec apt-get -q -y --no-install-recommends install xorg-dev xutils-dev x11proto-dri2-dev libltdl-dev libtool automake libdrm-dev
33 elif [ "$RELEASE" = "stretch" ] ; then
34 chroot_exec apt-get -q -y --no-install-recommends --allow-unauthenticated install xorg-dev xutils-dev x11proto-dri2-dev libltdl-dev libtool automake libdrm-dev
35 fi
14
36
15 # Build and install fbturbo driver inside chroot
37 # Build and install fbturbo driver inside chroot
16 chroot_exec /bin/bash -x <<'EOF'
38 chroot_exec /bin/bash -x <<'EOF'
17 cd /tmp/xf86-video-fbturbo
39 cd /tmp/xf86-video-fbturbo
18 autoreconf -vi
40 autoreconf -vi
19 ./configure --prefix=/usr
41 ./configure --prefix=/usr
20 make
42 make
21 make install
43 make install
22 EOF
44 EOF
23
45
24 # Install fbturbo driver Xorg configuration
46 # Install fbturbo driver Xorg configuration
25 install_readonly files/xorg/99-fbturbo.conf "${R}/usr/share/X11/xorg.conf.d/99-fbturbo.conf"
47 install_readonly files/xorg/99-fbturbo.conf "${R}/usr/share/X11/xorg.conf.d/99-fbturbo.conf"
26
48
27 # Remove Xorg build dependencies
49 # Remove Xorg build dependencies
28 chroot_exec apt-get -qq -y --auto-remove purge xorg-dev xutils-dev x11proto-dri2-dev libltdl-dev libtool automake libdrm-dev
50 chroot_exec apt-get -qq -y --auto-remove purge xorg-dev xutils-dev x11proto-dri2-dev libltdl-dev libtool automake libdrm-dev
29 fi
51 fi
30
31 # Remove gcc/c++ build environment from the chroot
32 if [ "$ENABLE_UBOOT" = true ] || [ "$ENABLE_FBTURBO" = true ] ; then
33 chroot_exec apt-get -qq -y --auto-remove purge ${COMPILER_PACKAGES}
34 fi
@@ -1,80 +1,85
1 #
1 #
2 # Reduce system disk usage
2 # Reduce system disk usage
3 #
3 #
4
4
5 # Load utility functions
5 # Load utility functions
6 . ./functions.sh
6 . ./functions.sh
7
7
8 # Reduce the image size by various operations
8 # Reduce the image size by various operations
9 if [ "$ENABLE_REDUCE" = true ] ; then
9 if [ "$ENABLE_REDUCE" = true ] ; then
10 if [ "$REDUCE_APT" = true ] ; then
10 if [ "$REDUCE_APT" = true ] ; then
11 # Install dpkg configuration file
11 # Install dpkg configuration file
12 if [ "$REDUCE_DOC" = true ] || [ "$REDUCE_MAN" = true ] ; then
12 if [ "$REDUCE_DOC" = true ] || [ "$REDUCE_MAN" = true ] ; then
13 install_readonly files/dpkg/01nodoc "${ETC_DIR}/dpkg/dpkg.cfg.d/01nodoc"
13 install_readonly files/dpkg/01nodoc "${ETC_DIR}/dpkg/dpkg.cfg.d/01nodoc"
14 fi
14 fi
15
15
16 # Install APT configuration files
16 # Install APT configuration files
17 install_readonly files/apt/02nocache "${ETC_DIR}/apt/apt.conf.d/02nocache"
17 install_readonly files/apt/02nocache "${ETC_DIR}/apt/apt.conf.d/02nocache"
18 install_readonly files/apt/03compress "${ETC_DIR}/apt/apt.conf.d/03compress"
18 install_readonly files/apt/03compress "${ETC_DIR}/apt/apt.conf.d/03compress"
19 install_readonly files/apt/04norecommends "${ETC_DIR}/apt/apt.conf.d/04norecommends"
19 install_readonly files/apt/04norecommends "${ETC_DIR}/apt/apt.conf.d/04norecommends"
20
20
21 # Remove APT cache files
21 # Remove APT cache files
22 rm -fr "${R}/var/cache/apt/pkgcache.bin"
22 rm -fr "${R}/var/cache/apt/pkgcache.bin"
23 rm -fr "${R}/var/cache/apt/srcpkgcache.bin"
23 rm -fr "${R}/var/cache/apt/srcpkgcache.bin"
24 fi
24 fi
25
25
26 # Remove all doc files
26 # Remove all doc files
27 if [ "$REDUCE_DOC" = true ] ; then
27 if [ "$REDUCE_DOC" = true ] ; then
28 find "${R}/usr/share/doc" -depth -type f ! -name copyright | xargs rm || true
28 find "${R}/usr/share/doc" -depth -type f ! -name copyright | xargs rm || true
29 find "${R}/usr/share/doc" -empty | xargs rmdir || true
29 find "${R}/usr/share/doc" -empty | xargs rmdir || true
30 fi
30 fi
31
31
32 # Remove all man pages and info files
32 # Remove all man pages and info files
33 if [ "$REDUCE_MAN" = true ] ; then
33 if [ "$REDUCE_MAN" = true ] ; then
34 rm -rf "${R}/usr/share/man" "${R}/usr/share/groff" "${R}/usr/share/info" "${R}/usr/share/lintian" "${R}/usr/share/linda" "${R}/var/cache/man"
34 rm -rf "${R}/usr/share/man" "${R}/usr/share/groff" "${R}/usr/share/info" "${R}/usr/share/lintian" "${R}/usr/share/linda" "${R}/var/cache/man"
35 fi
35 fi
36
36
37 # Remove all locale translation files
37 # Remove all locale translation files
38 if [ "$REDUCE_LOCALE" = true ] ; then
38 if [ "$REDUCE_LOCALE" = true ] ; then
39 find "${R}/usr/share/locale" -mindepth 1 -maxdepth 1 ! -name 'en' | xargs rm -r
39 find "${R}/usr/share/locale" -mindepth 1 -maxdepth 1 ! -name 'en' | xargs rm -r
40 fi
40 fi
41
41
42 # Remove hwdb PCI device classes (experimental)
42 # Remove hwdb PCI device classes (experimental)
43 if [ "$REDUCE_HWDB" = true ] ; then
43 if [ "$REDUCE_HWDB" = true ] ; then
44 rm -fr "/lib/udev/hwdb.d/20-pci-*"
44 rm -fr "/lib/udev/hwdb.d/20-pci-*"
45 fi
45 fi
46
46
47 # Replace bash shell by dash shell (experimental)
47 # Replace bash shell by dash shell (experimental)
48 if [ "$REDUCE_BASH" = true ] ; then
48 if [ "$REDUCE_BASH" = true ] ; then
49 if [ "$RELEASE" = "stretch" ] ; then
50 echo "Yes, do as I say!" | chroot_exec apt-get purge -qq -y --allow-remove-essential bash
51 else
49 echo "Yes, do as I say!" | chroot_exec apt-get purge -qq -y --force-yes bash
52 echo "Yes, do as I say!" | chroot_exec apt-get purge -qq -y --force-yes bash
53 fi
54
50 chroot_exec update-alternatives --install /bin/bash bash /bin/dash 100
55 chroot_exec update-alternatives --install /bin/bash bash /bin/dash 100
51 fi
56 fi
52
57
53 # Remove sound utils and libraries
58 # Remove sound utils and libraries
54 if [ "$ENABLE_SOUND" = false ] ; then
59 if [ "$ENABLE_SOUND" = false ] ; then
55 chroot_exec apt-get -qq -y --force-yes purge alsa-utils libsamplerate0 libasound2 libasound2-data
60 chroot_exec apt-get -qq -y purge alsa-utils libsamplerate0 libasound2 libasound2-data
56 fi
61 fi
57
62
58 # Re-install tools for managing kernel moduless
63 # Re-install tools for managing kernel modules
59 if [ "$RELEASE" = "jessie" ] ; then
64 if [ "$RELEASE" = "jessie" ] ; then
60 chroot_exec apt-get -qq -y --force-yes install module-init-tools
65 chroot_exec apt-get -qq -y install module-init-tools
61 fi
66 fi
62
67
63 # Remove GPU kernels
68 # Remove GPU kernels
64 if [ "$ENABLE_MINGPU" = true ] ; then
69 if [ "$ENABLE_MINGPU" = true ] ; then
65 rm -f "${BOOT_DIR}/start.elf"
70 rm -f "${BOOT_DIR}/start.elf"
66 rm -f "${BOOT_DIR}/fixup.dat"
71 rm -f "${BOOT_DIR}/fixup.dat"
67 rm -f "${BOOT_DIR}/start_x.elf"
72 rm -f "${BOOT_DIR}/start_x.elf"
68 rm -f "${BOOT_DIR}/fixup_x.dat"
73 rm -f "${BOOT_DIR}/fixup_x.dat"
69 fi
74 fi
70
75
71 # Remove kernel and initrd from /boot (already in /boot/firmware)
76 # Remove kernel and initrd from /boot (already in /boot/firmware)
72 if [ "$BUILD_KERNEL" = false ] ; then
77 if [ "$BUILD_KERNEL" = false ] ; then
73 rm -f "${R}/boot/vmlinuz-*"
78 rm -f "${R}/boot/vmlinuz-*"
74 rm -f "${R}/boot/initrd.img-*"
79 rm -f "${R}/boot/initrd.img-*"
75 fi
80 fi
76
81
77 # Clean APT list of repositories
82 # Clean APT list of repositories
78 rm -fr "${R}/var/lib/apt/lists/*"
83 rm -fr "${R}/var/lib/apt/lists/*"
79 chroot_exec apt-get -qq -y update
84 chroot_exec apt-get -qq -y update
80 fi
85 fi
@@ -1,55 +1,76
1 # This file contains utility functions used by rpi23-gen-image.sh
1 # This file contains utility functions used by rpi23-gen-image.sh
2
2
3 cleanup (){
3 cleanup (){
4 set +x
4 set +x
5 set +e
5 set +e
6
6
7 # Identify and kill all processes still using files
7 # Identify and kill all processes still using files
8 echo "killing processes using mount point ..."
8 echo "killing processes using mount point ..."
9 fuser -k "${R}"
9 fuser -k "${R}"
10 sleep 3
10 sleep 3
11 fuser -9 -k -v "${R}"
11 fuser -9 -k -v "${R}"
12
12
13 # Clean up temporary .password file
13 # Clean up temporary .password file
14 if [ -r ".password" ] ; then
14 if [ -r ".password" ] ; then
15 shred -zu .password
15 shred -zu .password
16 fi
16 fi
17
17
18 # Clean up all temporary mount points
18 # Clean up all temporary mount points
19 echo "removing temporary mount points ..."
19 echo "removing temporary mount points ..."
20 umount -l "${R}/proc" 2> /dev/null
20 umount -l "${R}/proc" 2> /dev/null
21 umount -l "${R}/sys" 2> /dev/null
21 umount -l "${R}/sys" 2> /dev/null
22 umount -l "${R}/dev/pts" 2> /dev/null
22 umount -l "${R}/dev/pts" 2> /dev/null
23 umount "$BUILDDIR/mount/boot/firmware" 2> /dev/null
23 umount "$BUILDDIR/mount/boot/firmware" 2> /dev/null
24 umount "$BUILDDIR/mount" 2> /dev/null
24 umount "$BUILDDIR/mount" 2> /dev/null
25 cryptsetup close "${CRYPTFS_MAPPING}" 2> /dev/null
25 cryptsetup close "${CRYPTFS_MAPPING}" 2> /dev/null
26 losetup -d "$ROOT_LOOP" 2> /dev/null
26 losetup -d "$ROOT_LOOP" 2> /dev/null
27 losetup -d "$FRMW_LOOP" 2> /dev/null
27 losetup -d "$FRMW_LOOP" 2> /dev/null
28 trap - 0 1 2 3 6
28 trap - 0 1 2 3 6
29 }
29 }
30
30
31 chroot_exec() {
31 chroot_exec() {
32 # Exec command in chroot
32 # Exec command in chroot
33 LANG=C LC_ALL=C DEBIAN_FRONTEND=noninteractive chroot ${R} $*
33 LANG=C LC_ALL=C DEBIAN_FRONTEND=noninteractive chroot ${R} $*
34 }
34 }
35
35
36 install_readonly() {
36 install_readonly() {
37 # Install file with user read-only permissions
37 # Install file with user read-only permissions
38 install -o root -g root -m 644 $*
38 install -o root -g root -m 644 $*
39 }
39 }
40
40
41 install_exec() {
41 install_exec() {
42 # Install file with root exec permissions
42 # Install file with root exec permissions
43 install -o root -g root -m 744 $*
43 install -o root -g root -m 744 $*
44 }
44 }
45
45
46 use_template () {
46 use_template () {
47 # Test if configuration template file exists
47 # Test if configuration template file exists
48 if [ ! -r "./templates/${CONFIG_TEMPLATE}" ] ; then
48 if [ ! -r "./templates/${CONFIG_TEMPLATE}" ] ; then
49 echo "error: configuration template ${CONFIG_TEMPLATE} not found"
49 echo "error: configuration template ${CONFIG_TEMPLATE} not found"
50 exit 1
50 exit 1
51 fi
51 fi
52
52
53 # Load template configuration parameters
53 # Load template configuration parameters
54 . "./templates/${CONFIG_TEMPLATE}"
54 . "./templates/${CONFIG_TEMPLATE}"
55 }
55 }
56
57 chroot_install_cc() {
58 # Install c/c++ build environment inside the chroot
59 if [ -z "${COMPILER_PACKAGES}" ] ; then
60 COMPILER_PACKAGES=$(chroot_exec apt-get -s install g++ make bc | grep "^Inst " | awk -v ORS=" " '{ print $2 }')
61
62 if [ "$RELEASE" = "jessie" ] ; then
63 chroot_exec apt-get -q -y --no-install-recommends install ${COMPILER_PACKAGES}
64 elif [ "$RELEASE" = "stretch" ] ; then
65 chroot_exec apt-get -q -y --allow-unauthenticated --no-install-recommends install ${COMPILER_PACKAGES}
66 fi
67 fi
68 }
69
70 chroot_remove_cc() {
71 # Remove c/c++ build environment from the chroot
72 if [ ! -z "${COMPILER_PACKAGES}" ] ; then
73 chroot_exec apt-get -qq -y --auto-remove purge ${COMPILER_PACKAGES}
74 COMPILER_PACKAGES=""
75 fi
76 }
@@ -1,621 +1,629
1 #!/bin/sh
1 #!/bin/sh
2
2
3 ########################################################################
3 ########################################################################
4 # rpi23-gen-image.sh 2015-2017
4 # rpi23-gen-image.sh 2015-2017
5 #
5 #
6 # Advanced Debian "jessie" and "stretch" bootstrap script for RPi2/3
6 # Advanced Debian "jessie" and "stretch" bootstrap script for RPi2/3
7 #
7 #
8 # This program is free software; you can redistribute it and/or
8 # This program is free software; you can redistribute it and/or
9 # modify it under the terms of the GNU General Public License
9 # modify it under the terms of the GNU General Public License
10 # as published by the Free Software Foundation; either version 2
10 # as published by the Free Software Foundation; either version 2
11 # of the License, or (at your option) any later version.
11 # of the License, or (at your option) any later version.
12 #
12 #
13 # Copyright (C) 2015 Jan Wagner <mail@jwagner.eu>
13 # Copyright (C) 2015 Jan Wagner <mail@jwagner.eu>
14 #
14 #
15 # Big thanks for patches and enhancements by 10+ github contributors!
15 # Big thanks for patches and enhancements by 10+ github contributors!
16 ########################################################################
16 ########################################################################
17
17
18 # Are we running as root?
18 # Are we running as root?
19 if [ "$(id -u)" -ne "0" ] ; then
19 if [ "$(id -u)" -ne "0" ] ; then
20 echo "error: this script must be executed with root privileges!"
20 echo "error: this script must be executed with root privileges!"
21 exit 1
21 exit 1
22 fi
22 fi
23
23
24 # Check if ./functions.sh script exists
24 # Check if ./functions.sh script exists
25 if [ ! -r "./functions.sh" ] ; then
25 if [ ! -r "./functions.sh" ] ; then
26 echo "error: './functions.sh' required script not found!"
26 echo "error: './functions.sh' required script not found!"
27 exit 1
27 exit 1
28 fi
28 fi
29
29
30 # Load utility functions
30 # Load utility functions
31 . ./functions.sh
31 . ./functions.sh
32
32
33 # Load parameters from configuration template file
33 # Load parameters from configuration template file
34 if [ ! -z "$CONFIG_TEMPLATE" ] ; then
34 if [ ! -z "$CONFIG_TEMPLATE" ] ; then
35 use_template
35 use_template
36 fi
36 fi
37
37
38 # Introduce settings
38 # Introduce settings
39 set -e
39 set -e
40 echo -n -e "\n#\n# RPi2/3 Bootstrap Settings\n#\n"
40 echo -n -e "\n#\n# RPi2/3 Bootstrap Settings\n#\n"
41 set -x
41 set -x
42
42
43 # Raspberry Pi model configuration
43 # Raspberry Pi model configuration
44 RPI_MODEL=${RPI_MODEL:=2}
44 RPI_MODEL=${RPI_MODEL:=2}
45 RPI2_DTB_FILE=${RPI2_DTB_FILE:=bcm2709-rpi-2-b.dtb}
45 RPI2_DTB_FILE=${RPI2_DTB_FILE:=bcm2709-rpi-2-b.dtb}
46 RPI2_UBOOT_CONFIG=${RPI2_UBOOT_CONFIG:=rpi_2_defconfig}
46 RPI2_UBOOT_CONFIG=${RPI2_UBOOT_CONFIG:=rpi_2_defconfig}
47 RPI3_DTB_FILE=${RPI3_DTB_FILE:=bcm2710-rpi-3-b.dtb}
47 RPI3_DTB_FILE=${RPI3_DTB_FILE:=bcm2710-rpi-3-b.dtb}
48 RPI3_UBOOT_CONFIG=${RPI3_UBOOT_CONFIG:=rpi_3_32b_defconfig}
48 RPI3_UBOOT_CONFIG=${RPI3_UBOOT_CONFIG:=rpi_3_32b_defconfig}
49
49
50 # Debian release
50 # Debian release
51 RELEASE=${RELEASE:=jessie}
51 RELEASE=${RELEASE:=jessie}
52 KERNEL_ARCH=${KERNEL_ARCH:=arm}
52 KERNEL_ARCH=${KERNEL_ARCH:=arm}
53 RELEASE_ARCH=${RELEASE_ARCH:=armhf}
53 RELEASE_ARCH=${RELEASE_ARCH:=armhf}
54 CROSS_COMPILE=${CROSS_COMPILE:=arm-linux-gnueabihf-}
54 CROSS_COMPILE=${CROSS_COMPILE:=arm-linux-gnueabihf-}
55 COLLABORA_KERNEL=${COLLABORA_KERNEL:=3.18.0-trunk-rpi2}
55 COLLABORA_KERNEL=${COLLABORA_KERNEL:=3.18.0-trunk-rpi2}
56 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcm2709_defconfig}
56 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcm2709_defconfig}
57 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel7.img}
57 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel7.img}
58 QEMU_BINARY=${QEMU_BINARY:=/usr/bin/qemu-arm-static}
58 QEMU_BINARY=${QEMU_BINARY:=/usr/bin/qemu-arm-static}
59
59
60 # URLs
60 # URLs
61 KERNEL_URL=${KERNEL_URL:=https://github.com/raspberrypi/linux}
61 KERNEL_URL=${KERNEL_URL:=https://github.com/raspberrypi/linux}
62 FIRMWARE_URL=${FIRMWARE_URL:=https://github.com/raspberrypi/firmware/raw/master/boot}
62 FIRMWARE_URL=${FIRMWARE_URL:=https://github.com/raspberrypi/firmware/raw/master/boot}
63 WLAN_FIRMWARE_URL=${WLAN_FIRMWARE_URL:=https://github.com/RPi-Distro/firmware-nonfree/raw/master/brcm80211/brcm}
63 WLAN_FIRMWARE_URL=${WLAN_FIRMWARE_URL:=https://github.com/RPi-Distro/firmware-nonfree/raw/master/brcm80211/brcm}
64 COLLABORA_URL=${COLLABORA_URL:=https://repositories.collabora.co.uk/debian}
64 COLLABORA_URL=${COLLABORA_URL:=https://repositories.collabora.co.uk/debian}
65 FBTURBO_URL=${FBTURBO_URL:=https://github.com/ssvb/xf86-video-fbturbo.git}
65 FBTURBO_URL=${FBTURBO_URL:=https://github.com/ssvb/xf86-video-fbturbo.git}
66 UBOOT_URL=${UBOOT_URL:=git://git.denx.de/u-boot.git}
66 UBOOT_URL=${UBOOT_URL:=git://git.denx.de/u-boot.git}
67
67
68 # Build directories
68 # Build directories
69 BASEDIR=${BASEDIR:=$(pwd)/images/${RELEASE}}
69 BASEDIR=${BASEDIR:=$(pwd)/images/${RELEASE}}
70 BUILDDIR="${BASEDIR}/build"
70 BUILDDIR="${BASEDIR}/build"
71 # Prepare date string for default image file name
71 # Prepare date string for default image file name
72 DATE="$(date +%Y-%m-%d)"
72 DATE="$(date +%Y-%m-%d)"
73 IMAGE_NAME=${IMAGE_NAME:=${BASEDIR}/${DATE}-rpi${RPI_MODEL}-${RELEASE}}
73 IMAGE_NAME=${IMAGE_NAME:=${BASEDIR}/${DATE}-rpi${RPI_MODEL}-${RELEASE}}
74
74
75 # Chroot directories
75 # Chroot directories
76 R="${BUILDDIR}/chroot"
76 R="${BUILDDIR}/chroot"
77 ETC_DIR="${R}/etc"
77 ETC_DIR="${R}/etc"
78 LIB_DIR="${R}/lib"
78 LIB_DIR="${R}/lib"
79 BOOT_DIR="${R}/boot/firmware"
79 BOOT_DIR="${R}/boot/firmware"
80 KERNEL_DIR="${R}/usr/src/linux"
80 KERNEL_DIR="${R}/usr/src/linux"
81 WLAN_FIRMWARE_DIR="${R}/lib/firmware/brcm"
81 WLAN_FIRMWARE_DIR="${R}/lib/firmware/brcm"
82
82
83 # Firmware directory: Blank if download from github
83 # Firmware directory: Blank if download from github
84 RPI_FIRMWARE_DIR=${RPI_FIRMWARE_DIR:=""}
84 RPI_FIRMWARE_DIR=${RPI_FIRMWARE_DIR:=""}
85
85
86 # General settings
86 # General settings
87 HOSTNAME=${HOSTNAME:=rpi${RPI_MODEL}-${RELEASE}}
87 HOSTNAME=${HOSTNAME:=rpi${RPI_MODEL}-${RELEASE}}
88 PASSWORD=${PASSWORD:=raspberry}
88 PASSWORD=${PASSWORD:=raspberry}
89 USER_PASSWORD=${USER_PASSWORD:=raspberry}
89 USER_PASSWORD=${USER_PASSWORD:=raspberry}
90 DEFLOCAL=${DEFLOCAL:="en_US.UTF-8"}
90 DEFLOCAL=${DEFLOCAL:="en_US.UTF-8"}
91 TIMEZONE=${TIMEZONE:="Europe/Berlin"}
91 TIMEZONE=${TIMEZONE:="Europe/Berlin"}
92 EXPANDROOT=${EXPANDROOT:=true}
92 EXPANDROOT=${EXPANDROOT:=true}
93
93
94 # Keyboard settings
94 # Keyboard settings
95 XKB_MODEL=${XKB_MODEL:=""}
95 XKB_MODEL=${XKB_MODEL:=""}
96 XKB_LAYOUT=${XKB_LAYOUT:=""}
96 XKB_LAYOUT=${XKB_LAYOUT:=""}
97 XKB_VARIANT=${XKB_VARIANT:=""}
97 XKB_VARIANT=${XKB_VARIANT:=""}
98 XKB_OPTIONS=${XKB_OPTIONS:=""}
98 XKB_OPTIONS=${XKB_OPTIONS:=""}
99
99
100 # Network settings (DHCP)
100 # Network settings (DHCP)
101 ENABLE_DHCP=${ENABLE_DHCP:=true}
101 ENABLE_DHCP=${ENABLE_DHCP:=true}
102
102
103 # Network settings (static)
103 # Network settings (static)
104 NET_ADDRESS=${NET_ADDRESS:=""}
104 NET_ADDRESS=${NET_ADDRESS:=""}
105 NET_GATEWAY=${NET_GATEWAY:=""}
105 NET_GATEWAY=${NET_GATEWAY:=""}
106 NET_DNS_1=${NET_DNS_1:=""}
106 NET_DNS_1=${NET_DNS_1:=""}
107 NET_DNS_2=${NET_DNS_2:=""}
107 NET_DNS_2=${NET_DNS_2:=""}
108 NET_DNS_DOMAINS=${NET_DNS_DOMAINS:=""}
108 NET_DNS_DOMAINS=${NET_DNS_DOMAINS:=""}
109 NET_NTP_1=${NET_NTP_1:=""}
109 NET_NTP_1=${NET_NTP_1:=""}
110 NET_NTP_2=${NET_NTP_2:=""}
110 NET_NTP_2=${NET_NTP_2:=""}
111
111
112 # APT settings
112 # APT settings
113 APT_PROXY=${APT_PROXY:=""}
113 APT_PROXY=${APT_PROXY:=""}
114 APT_SERVER=${APT_SERVER:="ftp.debian.org"}
114 APT_SERVER=${APT_SERVER:="ftp.debian.org"}
115
115
116 # Feature settings
116 # Feature settings
117 ENABLE_CONSOLE=${ENABLE_CONSOLE:=true}
117 ENABLE_CONSOLE=${ENABLE_CONSOLE:=true}
118 ENABLE_I2C=${ENABLE_I2C:=false}
118 ENABLE_I2C=${ENABLE_I2C:=false}
119 ENABLE_SPI=${ENABLE_SPI:=false}
119 ENABLE_SPI=${ENABLE_SPI:=false}
120 ENABLE_IPV6=${ENABLE_IPV6:=true}
120 ENABLE_IPV6=${ENABLE_IPV6:=true}
121 ENABLE_SSHD=${ENABLE_SSHD:=true}
121 ENABLE_SSHD=${ENABLE_SSHD:=true}
122 ENABLE_NONFREE=${ENABLE_NONFREE:=false}
122 ENABLE_NONFREE=${ENABLE_NONFREE:=false}
123 ENABLE_WIRELESS=${ENABLE_WIRELESS:=false}
123 ENABLE_WIRELESS=${ENABLE_WIRELESS:=false}
124 ENABLE_SOUND=${ENABLE_SOUND:=true}
124 ENABLE_SOUND=${ENABLE_SOUND:=true}
125 ENABLE_DBUS=${ENABLE_DBUS:=true}
125 ENABLE_DBUS=${ENABLE_DBUS:=true}
126 ENABLE_HWRANDOM=${ENABLE_HWRANDOM:=true}
126 ENABLE_HWRANDOM=${ENABLE_HWRANDOM:=true}
127 ENABLE_MINGPU=${ENABLE_MINGPU:=false}
127 ENABLE_MINGPU=${ENABLE_MINGPU:=false}
128 ENABLE_XORG=${ENABLE_XORG:=false}
128 ENABLE_XORG=${ENABLE_XORG:=false}
129 ENABLE_WM=${ENABLE_WM:=""}
129 ENABLE_WM=${ENABLE_WM:=""}
130 ENABLE_RSYSLOG=${ENABLE_RSYSLOG:=true}
130 ENABLE_RSYSLOG=${ENABLE_RSYSLOG:=true}
131 ENABLE_USER=${ENABLE_USER:=true}
131 ENABLE_USER=${ENABLE_USER:=true}
132 USER_NAME=${USER_NAME:="pi"}
132 USER_NAME=${USER_NAME:="pi"}
133 ENABLE_ROOT=${ENABLE_ROOT:=false}
133 ENABLE_ROOT=${ENABLE_ROOT:=false}
134
134
135 # SSH settings
135 # SSH settings
136 SSH_ENABLE_ROOT=${SSH_ENABLE_ROOT:=false}
136 SSH_ENABLE_ROOT=${SSH_ENABLE_ROOT:=false}
137 SSH_DISABLE_PASSWORD_AUTH=${SSH_DISABLE_PASSWORD_AUTH:=false}
137 SSH_DISABLE_PASSWORD_AUTH=${SSH_DISABLE_PASSWORD_AUTH:=false}
138 SSH_LIMIT_USERS=${SSH_LIMIT_USERS:=false}
138 SSH_LIMIT_USERS=${SSH_LIMIT_USERS:=false}
139 SSH_ROOT_PUB_KEY=${SSH_ROOT_PUB_KEY:=""}
139 SSH_ROOT_PUB_KEY=${SSH_ROOT_PUB_KEY:=""}
140 SSH_USER_PUB_KEY=${SSH_USER_PUB_KEY:=""}
140 SSH_USER_PUB_KEY=${SSH_USER_PUB_KEY:=""}
141
141
142 # Advanced settings
142 # Advanced settings
143 ENABLE_MINBASE=${ENABLE_MINBASE:=false}
143 ENABLE_MINBASE=${ENABLE_MINBASE:=false}
144 ENABLE_REDUCE=${ENABLE_REDUCE:=false}
144 ENABLE_REDUCE=${ENABLE_REDUCE:=false}
145 ENABLE_UBOOT=${ENABLE_UBOOT:=false}
145 ENABLE_UBOOT=${ENABLE_UBOOT:=false}
146 UBOOTSRC_DIR=${UBOOTSRC_DIR:=""}
146 UBOOTSRC_DIR=${UBOOTSRC_DIR:=""}
147 ENABLE_FBTURBO=${ENABLE_FBTURBO:=false}
147 ENABLE_FBTURBO=${ENABLE_FBTURBO:=false}
148 FBTURBOSRC_DIR=${FBTURBOSRC_DIR:=""}
148 ENABLE_HARDNET=${ENABLE_HARDNET:=false}
149 ENABLE_HARDNET=${ENABLE_HARDNET:=false}
149 ENABLE_IPTABLES=${ENABLE_IPTABLES:=false}
150 ENABLE_IPTABLES=${ENABLE_IPTABLES:=false}
150 ENABLE_SPLITFS=${ENABLE_SPLITFS:=false}
151 ENABLE_SPLITFS=${ENABLE_SPLITFS:=false}
151 ENABLE_INITRAMFS=${ENABLE_INITRAMFS:=false}
152 ENABLE_INITRAMFS=${ENABLE_INITRAMFS:=false}
152 ENABLE_IFNAMES=${ENABLE_IFNAMES:=true}
153 ENABLE_IFNAMES=${ENABLE_IFNAMES:=true}
153 DISABLE_UNDERVOLT_WARNINGS=${DISABLE_UNDERVOLT_WARNINGS:=}
154 DISABLE_UNDERVOLT_WARNINGS=${DISABLE_UNDERVOLT_WARNINGS:=}
154
155
155 # Kernel compilation settings
156 # Kernel compilation settings
156 BUILD_KERNEL=${BUILD_KERNEL:=false}
157 BUILD_KERNEL=${BUILD_KERNEL:=false}
157 KERNEL_REDUCE=${KERNEL_REDUCE:=false}
158 KERNEL_REDUCE=${KERNEL_REDUCE:=false}
158 KERNEL_THREADS=${KERNEL_THREADS:=1}
159 KERNEL_THREADS=${KERNEL_THREADS:=1}
159 KERNEL_HEADERS=${KERNEL_HEADERS:=true}
160 KERNEL_HEADERS=${KERNEL_HEADERS:=true}
160 KERNEL_MENUCONFIG=${KERNEL_MENUCONFIG:=false}
161 KERNEL_MENUCONFIG=${KERNEL_MENUCONFIG:=false}
161 KERNEL_REMOVESRC=${KERNEL_REMOVESRC:=true}
162 KERNEL_REMOVESRC=${KERNEL_REMOVESRC:=true}
162
163
163 # Kernel compilation from source directory settings
164 # Kernel compilation from source directory settings
164 KERNELSRC_DIR=${KERNELSRC_DIR:=""}
165 KERNELSRC_DIR=${KERNELSRC_DIR:=""}
165 KERNELSRC_CLEAN=${KERNELSRC_CLEAN:=false}
166 KERNELSRC_CLEAN=${KERNELSRC_CLEAN:=false}
166 KERNELSRC_CONFIG=${KERNELSRC_CONFIG:=true}
167 KERNELSRC_CONFIG=${KERNELSRC_CONFIG:=true}
167 KERNELSRC_PREBUILT=${KERNELSRC_PREBUILT:=false}
168 KERNELSRC_PREBUILT=${KERNELSRC_PREBUILT:=false}
168
169
169 # Reduce disk usage settings
170 # Reduce disk usage settings
170 REDUCE_APT=${REDUCE_APT:=true}
171 REDUCE_APT=${REDUCE_APT:=true}
171 REDUCE_DOC=${REDUCE_DOC:=true}
172 REDUCE_DOC=${REDUCE_DOC:=true}
172 REDUCE_MAN=${REDUCE_MAN:=true}
173 REDUCE_MAN=${REDUCE_MAN:=true}
173 REDUCE_VIM=${REDUCE_VIM:=false}
174 REDUCE_VIM=${REDUCE_VIM:=false}
174 REDUCE_BASH=${REDUCE_BASH:=false}
175 REDUCE_BASH=${REDUCE_BASH:=false}
175 REDUCE_HWDB=${REDUCE_HWDB:=true}
176 REDUCE_HWDB=${REDUCE_HWDB:=true}
176 REDUCE_SSHD=${REDUCE_SSHD:=true}
177 REDUCE_SSHD=${REDUCE_SSHD:=true}
177 REDUCE_LOCALE=${REDUCE_LOCALE:=true}
178 REDUCE_LOCALE=${REDUCE_LOCALE:=true}
178
179
179 # Encrypted filesystem settings
180 # Encrypted filesystem settings
180 ENABLE_CRYPTFS=${ENABLE_CRYPTFS:=false}
181 ENABLE_CRYPTFS=${ENABLE_CRYPTFS:=false}
181 CRYPTFS_PASSWORD=${CRYPTFS_PASSWORD:=""}
182 CRYPTFS_PASSWORD=${CRYPTFS_PASSWORD:=""}
182 CRYPTFS_MAPPING=${CRYPTFS_MAPPING:="secure"}
183 CRYPTFS_MAPPING=${CRYPTFS_MAPPING:="secure"}
183 CRYPTFS_CIPHER=${CRYPTFS_CIPHER:="aes-xts-plain64:sha512"}
184 CRYPTFS_CIPHER=${CRYPTFS_CIPHER:="aes-xts-plain64:sha512"}
184 CRYPTFS_XTSKEYSIZE=${CRYPTFS_XTSKEYSIZE:=512}
185 CRYPTFS_XTSKEYSIZE=${CRYPTFS_XTSKEYSIZE:=512}
185
186
186 # Stop the Crypto Wars
187 # Stop the Crypto Wars
187 DISABLE_FBI=${DISABLE_FBI:=false}
188 DISABLE_FBI=${DISABLE_FBI:=false}
188
189
189 # Chroot scripts directory
190 # Chroot scripts directory
190 CHROOT_SCRIPTS=${CHROOT_SCRIPTS:=""}
191 CHROOT_SCRIPTS=${CHROOT_SCRIPTS:=""}
191
192
192 # Packages required in the chroot build environment
193 # Packages required in the chroot build environment
193 APT_INCLUDES=${APT_INCLUDES:=""}
194 APT_INCLUDES=${APT_INCLUDES:=""}
194 APT_INCLUDES="${APT_INCLUDES},apt-transport-https,apt-utils,ca-certificates,debian-archive-keyring,dialog,sudo,systemd,sysvinit-utils"
195 APT_INCLUDES="${APT_INCLUDES},apt-transport-https,apt-utils,ca-certificates,debian-archive-keyring,dialog,sudo,systemd,sysvinit-utils"
195
196
196 # Packages required for bootstrapping
197 # Packages required for bootstrapping
197 REQUIRED_PACKAGES="debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git bc psmisc dbus"
198 REQUIRED_PACKAGES="debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git bc psmisc dbus sudo"
198 MISSING_PACKAGES=""
199 MISSING_PACKAGES=""
199
200
201 # Packages installed for c/c++ build environment in chroot (keep empty)
202 COMPILER_PACKAGES=""
203
200 set +x
204 set +x
201
205
202 # Set Raspberry Pi model specific configuration
206 # Set Raspberry Pi model specific configuration
203 if [ "$RPI_MODEL" = 2 ] ; then
207 if [ "$RPI_MODEL" = 2 ] ; then
204 DTB_FILE=${RPI2_DTB_FILE}
208 DTB_FILE=${RPI2_DTB_FILE}
205 UBOOT_CONFIG=${RPI2_UBOOT_CONFIG}
209 UBOOT_CONFIG=${RPI2_UBOOT_CONFIG}
206 elif [ "$RPI_MODEL" = 3 ] ; then
210 elif [ "$RPI_MODEL" = 3 ] ; then
207 DTB_FILE=${RPI3_DTB_FILE}
211 DTB_FILE=${RPI3_DTB_FILE}
208 UBOOT_CONFIG=${RPI3_UBOOT_CONFIG}
212 UBOOT_CONFIG=${RPI3_UBOOT_CONFIG}
209 BUILD_KERNEL=true
213 BUILD_KERNEL=true
210 else
214 else
211 echo "error: Raspberry Pi model ${RPI_MODEL} is not supported!"
215 echo "error: Raspberry Pi model ${RPI_MODEL} is not supported!"
212 exit 1
216 exit 1
213 fi
217 fi
214
218
215 # Check if the internal wireless interface is supported by the RPi model
219 # Check if the internal wireless interface is supported by the RPi model
216 if [ "$ENABLE_WIRELESS" = true ] && [ "$RPI_MODEL" != 3 ] ; then
220 if [ "$ENABLE_WIRELESS" = true ] && [ "$RPI_MODEL" != 3 ] ; then
217 echo "error: The selected Raspberry Pi model has no internal wireless interface"
221 echo "error: The selected Raspberry Pi model has no internal wireless interface"
218 exit 1
222 exit 1
219 fi
223 fi
220
224
221 # Check if DISABLE_UNDERVOLT_WARNINGS parameter value is supported
225 # Check if DISABLE_UNDERVOLT_WARNINGS parameter value is supported
222 if [ ! -z "$DISABLE_UNDERVOLT_WARNINGS" ] ; then
226 if [ ! -z "$DISABLE_UNDERVOLT_WARNINGS" ] ; then
223 if [ "$DISABLE_UNDERVOLT_WARNINGS" != 1 ] && [ "$DISABLE_UNDERVOLT_WARNINGS" != 2 ] ; then
227 if [ "$DISABLE_UNDERVOLT_WARNINGS" != 1 ] && [ "$DISABLE_UNDERVOLT_WARNINGS" != 2 ] ; then
224 echo "error: DISABLE_UNDERVOLT_WARNINGS=${DISABLE_UNDERVOLT_WARNINGS} is not supported"
228 echo "error: DISABLE_UNDERVOLT_WARNINGS=${DISABLE_UNDERVOLT_WARNINGS} is not supported"
225 exit 1
229 exit 1
226 fi
230 fi
227 fi
231 fi
228
232
229 # Set compiler packages and build RPi2/3 Linux kernel if required by Debian release
233 # Build RPi2/3 Linux kernel if required by Debian release
230 if [ "$RELEASE" = "jessie" ] ; then
234 if [ "$RELEASE" = "stretch" ] ; then
231 COMPILER_PACKAGES="linux-compiler-gcc-4.8-arm g++ make bc"
232 elif [ "$RELEASE" = "stretch" ] ; then
233 COMPILER_PACKAGES="g++ make bc"
234 BUILD_KERNEL=true
235 BUILD_KERNEL=true
235 else
236 echo "error: Debian release ${RELEASE} is not supported!"
237 exit 1
238 fi
236 fi
239
237
240 # Add packages required for kernel cross compilation
238 # Add packages required for kernel cross compilation
241 if [ "$BUILD_KERNEL" = true ] ; then
239 if [ "$BUILD_KERNEL" = true ] ; then
242 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-armhf"
240 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-armhf"
243 fi
241 fi
244
242
245 # Add libncurses5 to enable kernel menuconfig
243 # Add libncurses5 to enable kernel menuconfig
246 if [ "$KERNEL_MENUCONFIG" = true ] ; then
244 if [ "$KERNEL_MENUCONFIG" = true ] ; then
247 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} libncurses5-dev"
245 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} libncurses5-dev"
248 fi
246 fi
249
247
250 # Stop the Crypto Wars
248 # Stop the Crypto Wars
251 if [ "$DISABLE_FBI" = true ] ; then
249 if [ "$DISABLE_FBI" = true ] ; then
252 ENABLE_CRYPTFS=true
250 ENABLE_CRYPTFS=true
253 fi
251 fi
254
252
255 # Add cryptsetup package to enable filesystem encryption
253 # Add cryptsetup package to enable filesystem encryption
256 if [ "$ENABLE_CRYPTFS" = true ] && [ "$BUILD_KERNEL" = true ] ; then
254 if [ "$ENABLE_CRYPTFS" = true ] && [ "$BUILD_KERNEL" = true ] ; then
257 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} cryptsetup"
255 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} cryptsetup"
258 APT_INCLUDES="${APT_INCLUDES},cryptsetup"
256 APT_INCLUDES="${APT_INCLUDES},cryptsetup"
259
257
260 if [ -z "$CRYPTFS_PASSWORD" ] ; then
258 if [ -z "$CRYPTFS_PASSWORD" ] ; then
261 echo "error: no password defined (CRYPTFS_PASSWORD)!"
259 echo "error: no password defined (CRYPTFS_PASSWORD)!"
262 exit 1
260 exit 1
263 fi
261 fi
264 ENABLE_INITRAMFS=true
262 ENABLE_INITRAMFS=true
265 fi
263 fi
266
264
267 # Add initramfs generation tools
265 # Add initramfs generation tools
268 if [ "$ENABLE_INITRAMFS" = true ] && [ "$BUILD_KERNEL" = true ] ; then
266 if [ "$ENABLE_INITRAMFS" = true ] && [ "$BUILD_KERNEL" = true ] ; then
269 APT_INCLUDES="${APT_INCLUDES},initramfs-tools"
267 APT_INCLUDES="${APT_INCLUDES},initramfs-tools"
270 fi
268 fi
271
269
272 # Add device-tree-compiler required for building the U-Boot bootloader
270 # Add device-tree-compiler required for building the U-Boot bootloader
273 if [ "$ENABLE_UBOOT" = true ] ; then
271 if [ "$ENABLE_UBOOT" = true ] ; then
274 APT_INCLUDES="${APT_INCLUDES},device-tree-compiler"
272 APT_INCLUDES="${APT_INCLUDES},device-tree-compiler"
275 fi
273 fi
276
274
277 # Check if root SSH (v2) public key file exists
275 # Check if root SSH (v2) public key file exists
278 if [ ! -z "$SSH_ROOT_PUB_KEY" ] ; then
276 if [ ! -z "$SSH_ROOT_PUB_KEY" ] ; then
279 if [ ! -f "$SSH_ROOT_PUB_KEY" ] ; then
277 if [ ! -f "$SSH_ROOT_PUB_KEY" ] ; then
280 echo "error: '$SSH_ROOT_PUB_KEY' specified SSH public key file not found (SSH_ROOT_PUB_KEY)!"
278 echo "error: '$SSH_ROOT_PUB_KEY' specified SSH public key file not found (SSH_ROOT_PUB_KEY)!"
281 exit 1
279 exit 1
282 fi
280 fi
283 fi
281 fi
284
282
285 # Check if $USER_NAME SSH (v2) public key file exists
283 # Check if $USER_NAME SSH (v2) public key file exists
286 if [ ! -z "$SSH_USER_PUB_KEY" ] ; then
284 if [ ! -z "$SSH_USER_PUB_KEY" ] ; then
287 if [ ! -f "$SSH_USER_PUB_KEY" ] ; then
285 if [ ! -f "$SSH_USER_PUB_KEY" ] ; then
288 echo "error: '$SSH_USER_PUB_KEY' specified SSH public key file not found (SSH_USER_PUB_KEY)!"
286 echo "error: '$SSH_USER_PUB_KEY' specified SSH public key file not found (SSH_USER_PUB_KEY)!"
289 exit 1
287 exit 1
290 fi
288 fi
291 fi
289 fi
292
290
293 # Check if all required packages are installed on the build system
291 # Check if all required packages are installed on the build system
294 for package in $REQUIRED_PACKAGES ; do
292 for package in $REQUIRED_PACKAGES ; do
295 if [ "`dpkg-query -W -f='${Status}' $package`" != "install ok installed" ] ; then
293 if [ "`dpkg-query -W -f='${Status}' $package`" != "install ok installed" ] ; then
296 MISSING_PACKAGES="${MISSING_PACKAGES} $package"
294 MISSING_PACKAGES="${MISSING_PACKAGES} $package"
297 fi
295 fi
298 done
296 done
299
297
300 # If there are missing packages ask confirmation for install, or exit
298 # If there are missing packages ask confirmation for install, or exit
301 if [ -n "$MISSING_PACKAGES" ] ; then
299 if [ -n "$MISSING_PACKAGES" ] ; then
302 echo "the following packages needed by this script are not installed:"
300 echo "the following packages needed by this script are not installed:"
303 echo "$MISSING_PACKAGES"
301 echo "$MISSING_PACKAGES"
304
302
305 echo -n "\ndo you want to install the missing packages right now? [y/n] "
303 echo -n "\ndo you want to install the missing packages right now? [y/n] "
306 read confirm
304 read confirm
307 [ "$confirm" != "y" ] && exit 1
305 [ "$confirm" != "y" ] && exit 1
308
306
309 # Make sure all missing required packages are installed
307 # Make sure all missing required packages are installed
310 apt-get -qq -y install ${MISSING_PACKAGES}
308 apt-get -qq -y install ${MISSING_PACKAGES}
311 fi
309 fi
312
310
313 # Check if ./bootstrap.d directory exists
311 # Check if ./bootstrap.d directory exists
314 if [ ! -d "./bootstrap.d/" ] ; then
312 if [ ! -d "./bootstrap.d/" ] ; then
315 echo "error: './bootstrap.d' required directory not found!"
313 echo "error: './bootstrap.d' required directory not found!"
316 exit 1
314 exit 1
317 fi
315 fi
318
316
319 # Check if ./files directory exists
317 # Check if ./files directory exists
320 if [ ! -d "./files/" ] ; then
318 if [ ! -d "./files/" ] ; then
321 echo "error: './files' required directory not found!"
319 echo "error: './files' required directory not found!"
322 exit 1
320 exit 1
323 fi
321 fi
324
322
325 # Check if specified KERNELSRC_DIR directory exists
323 # Check if specified KERNELSRC_DIR directory exists
326 if [ -n "$KERNELSRC_DIR" ] && [ ! -d "$KERNELSRC_DIR" ] ; then
324 if [ -n "$KERNELSRC_DIR" ] && [ ! -d "$KERNELSRC_DIR" ] ; then
327 echo "error: '${KERNELSRC_DIR}' specified directory not found (KERNELSRC_DIR)!"
325 echo "error: '${KERNELSRC_DIR}' specified directory not found (KERNELSRC_DIR)!"
328 exit 1
326 exit 1
329 fi
327 fi
330
328
331 # Check if specified UBOOTSRC_DIR directory exists
329 # Check if specified UBOOTSRC_DIR directory exists
332 if [ -n "$UBOOTSRC_DIR" ] && [ ! -d "$UBOOTSRC_DIR" ] ; then
330 if [ -n "$UBOOTSRC_DIR" ] && [ ! -d "$UBOOTSRC_DIR" ] ; then
333 echo "error: '${UBOOTSRC_DIR}' specified directory not found (UBOOTSRC_DIR)!"
331 echo "error: '${UBOOTSRC_DIR}' specified directory not found (UBOOTSRC_DIR)!"
334 exit 1
332 exit 1
335 fi
333 fi
336
334
335 # Check if specified FBTURBOSRC_DIR directory exists
336 if [ -n "$FBTURBOSRC_DIR" ] && [ ! -d "$FBTURBOSRC_DIR" ] ; then
337 echo "error: '${FBTURBOSRC_DIR}' specified directory not found (FBTURBOSRC_DIR)!"
338 exit 1
339 fi
340
337 # Check if specified CHROOT_SCRIPTS directory exists
341 # Check if specified CHROOT_SCRIPTS directory exists
338 if [ -n "$CHROOT_SCRIPTS" ] && [ ! -d "$CHROOT_SCRIPTS" ] ; then
342 if [ -n "$CHROOT_SCRIPTS" ] && [ ! -d "$CHROOT_SCRIPTS" ] ; then
339 echo "error: ${CHROOT_SCRIPTS} specified directory not found (CHROOT_SCRIPTS)!"
343 echo "error: ${CHROOT_SCRIPTS} specified directory not found (CHROOT_SCRIPTS)!"
340 exit 1
344 exit 1
341 fi
345 fi
342
346
343 # Check if specified device mapping already exists (will be used by cryptsetup)
347 # Check if specified device mapping already exists (will be used by cryptsetup)
344 if [ -r "/dev/mapping/${CRYPTFS_MAPPING}" ] ; then
348 if [ -r "/dev/mapping/${CRYPTFS_MAPPING}" ] ; then
345 echo "error: mapping /dev/mapping/${CRYPTFS_MAPPING} already exists, not proceeding"
349 echo "error: mapping /dev/mapping/${CRYPTFS_MAPPING} already exists, not proceeding"
346 exit 1
350 exit 1
347 fi
351 fi
348
352
349 # Don't clobber an old build
353 # Don't clobber an old build
350 if [ -e "$BUILDDIR" ] ; then
354 if [ -e "$BUILDDIR" ] ; then
351 echo "error: directory ${BUILDDIR} already exists, not proceeding"
355 echo "error: directory ${BUILDDIR} already exists, not proceeding"
352 exit 1
356 exit 1
353 fi
357 fi
354
358
355 # Setup chroot directory
359 # Setup chroot directory
356 mkdir -p "${R}"
360 mkdir -p "${R}"
357
361
358 # Check if build directory has enough of free disk space >512MB
362 # Check if build directory has enough of free disk space >512MB
359 if [ "$(df --output=avail ${BUILDDIR} | sed "1d")" -le "524288" ] ; then
363 if [ "$(df --output=avail ${BUILDDIR} | sed "1d")" -le "524288" ] ; then
360 echo "error: ${BUILDDIR} not enough space left to generate the output image!"
364 echo "error: ${BUILDDIR} not enough space left to generate the output image!"
361 exit 1
365 exit 1
362 fi
366 fi
363
367
364 set -x
368 set -x
365
369
366 # Call "cleanup" function on various signals and errors
370 # Call "cleanup" function on various signals and errors
367 trap cleanup 0 1 2 3 6
371 trap cleanup 0 1 2 3 6
368
372
369 # Add required packages for the minbase installation
373 # Add required packages for the minbase installation
370 if [ "$ENABLE_MINBASE" = true ] ; then
374 if [ "$ENABLE_MINBASE" = true ] ; then
371 APT_INCLUDES="${APT_INCLUDES},vim-tiny,netbase,net-tools,ifupdown"
375 APT_INCLUDES="${APT_INCLUDES},vim-tiny,netbase,net-tools,ifupdown"
372 fi
376 fi
373
377
374 # Add required locales packages
378 # Add required locales packages
375 if [ "$DEFLOCAL" != "en_US.UTF-8" ] ; then
379 if [ "$DEFLOCAL" != "en_US.UTF-8" ] ; then
376 APT_INCLUDES="${APT_INCLUDES},locales,keyboard-configuration,console-setup"
380 APT_INCLUDES="${APT_INCLUDES},locales,keyboard-configuration,console-setup"
377 fi
381 fi
378
382
379 # Add parted package, required to get partprobe utility
383 # Add parted package, required to get partprobe utility
380 if [ "$EXPANDROOT" = true ] ; then
384 if [ "$EXPANDROOT" = true ] ; then
381 APT_INCLUDES="${APT_INCLUDES},parted"
385 APT_INCLUDES="${APT_INCLUDES},parted"
382 fi
386 fi
383
387
384 # Add dbus package, recommended if using systemd
388 # Add dbus package, recommended if using systemd
385 if [ "$ENABLE_DBUS" = true ] ; then
389 if [ "$ENABLE_DBUS" = true ] ; then
386 APT_INCLUDES="${APT_INCLUDES},dbus"
390 APT_INCLUDES="${APT_INCLUDES},dbus"
387 fi
391 fi
388
392
389 # Add iptables IPv4/IPv6 package
393 # Add iptables IPv4/IPv6 package
390 if [ "$ENABLE_IPTABLES" = true ] ; then
394 if [ "$ENABLE_IPTABLES" = true ] ; then
391 APT_INCLUDES="${APT_INCLUDES},iptables"
395 APT_INCLUDES="${APT_INCLUDES},iptables"
392 fi
396 fi
393
397
394 # Add openssh server package
398 # Add openssh server package
395 if [ "$ENABLE_SSHD" = true ] ; then
399 if [ "$ENABLE_SSHD" = true ] ; then
396 APT_INCLUDES="${APT_INCLUDES},openssh-server"
400 APT_INCLUDES="${APT_INCLUDES},openssh-server"
397 fi
401 fi
398
402
399 # Add alsa-utils package
403 # Add alsa-utils package
400 if [ "$ENABLE_SOUND" = true ] ; then
404 if [ "$ENABLE_SOUND" = true ] ; then
401 APT_INCLUDES="${APT_INCLUDES},alsa-utils"
405 APT_INCLUDES="${APT_INCLUDES},alsa-utils"
402 fi
406 fi
403
407
404 # Add rng-tools package
408 # Add rng-tools package
405 if [ "$ENABLE_HWRANDOM" = true ] ; then
409 if [ "$ENABLE_HWRANDOM" = true ] ; then
406 APT_INCLUDES="${APT_INCLUDES},rng-tools"
410 APT_INCLUDES="${APT_INCLUDES},rng-tools"
407 fi
411 fi
408
412
409 # Add fbturbo video driver
413 # Add fbturbo video driver
410 if [ "$ENABLE_FBTURBO" = true ] ; then
414 if [ "$ENABLE_FBTURBO" = true ] ; then
411 # Enable xorg package dependencies
415 # Enable xorg package dependencies
412 ENABLE_XORG=true
416 ENABLE_XORG=true
413 fi
417 fi
414
418
415 # Add user defined window manager package
419 # Add user defined window manager package
416 if [ -n "$ENABLE_WM" ] ; then
420 if [ -n "$ENABLE_WM" ] ; then
417 APT_INCLUDES="${APT_INCLUDES},${ENABLE_WM}"
421 APT_INCLUDES="${APT_INCLUDES},${ENABLE_WM}"
418
422
419 # Enable xorg package dependencies
423 # Enable xorg package dependencies
420 ENABLE_XORG=true
424 ENABLE_XORG=true
421 fi
425 fi
422
426
423 # Add xorg package
427 # Add xorg package
424 if [ "$ENABLE_XORG" = true ] ; then
428 if [ "$ENABLE_XORG" = true ] ; then
425 APT_INCLUDES="${APT_INCLUDES},xorg"
429 APT_INCLUDES="${APT_INCLUDES},xorg"
426 fi
430 fi
427
431
428 # Replace selected packages with smaller clones
432 # Replace selected packages with smaller clones
429 if [ "$ENABLE_REDUCE" = true ] ; then
433 if [ "$ENABLE_REDUCE" = true ] ; then
430 # Add levee package instead of vim-tiny
434 # Add levee package instead of vim-tiny
431 if [ "$REDUCE_VIM" = true ] ; then
435 if [ "$REDUCE_VIM" = true ] ; then
432 APT_INCLUDES="$(echo ${APT_INCLUDES} | sed "s/vim-tiny/levee/")"
436 APT_INCLUDES="$(echo ${APT_INCLUDES} | sed "s/vim-tiny/levee/")"
433 fi
437 fi
434
438
435 # Add dropbear package instead of openssh-server
439 # Add dropbear package instead of openssh-server
436 if [ "$REDUCE_SSHD" = true ] ; then
440 if [ "$REDUCE_SSHD" = true ] ; then
437 APT_INCLUDES="$(echo ${APT_INCLUDES} | sed "s/openssh-server/dropbear/")"
441 APT_INCLUDES="$(echo ${APT_INCLUDES} | sed "s/openssh-server/dropbear/")"
438 fi
442 fi
439 fi
443 fi
440
444
441 # Configure kernel sources if no KERNELSRC_DIR
445 # Configure kernel sources if no KERNELSRC_DIR
442 if [ "$BUILD_KERNEL" = true ] && [ -z "$KERNELSRC_DIR" ] ; then
446 if [ "$BUILD_KERNEL" = true ] && [ -z "$KERNELSRC_DIR" ] ; then
443 KERNELSRC_CONFIG=true
447 KERNELSRC_CONFIG=true
444 fi
448 fi
445
449
446 # Configure reduced kernel
450 # Configure reduced kernel
447 if [ "$KERNEL_REDUCE" = true ] ; then
451 if [ "$KERNEL_REDUCE" = true ] ; then
448 KERNELSRC_CONFIG=false
452 KERNELSRC_CONFIG=false
449 fi
453 fi
450
454
451 # Execute bootstrap scripts
455 # Execute bootstrap scripts
452 for SCRIPT in bootstrap.d/*.sh; do
456 for SCRIPT in bootstrap.d/*.sh; do
453 head -n 3 "$SCRIPT"
457 head -n 3 "$SCRIPT"
454 . "$SCRIPT"
458 . "$SCRIPT"
455 done
459 done
456
460
457 ## Execute custom bootstrap scripts
461 ## Execute custom bootstrap scripts
458 if [ -d "custom.d" ] ; then
462 if [ -d "custom.d" ] ; then
459 for SCRIPT in custom.d/*.sh; do
463 for SCRIPT in custom.d/*.sh; do
460 . "$SCRIPT"
464 . "$SCRIPT"
461 done
465 done
462 fi
466 fi
463
467
464 # Execute custom scripts inside the chroot
468 # Execute custom scripts inside the chroot
465 if [ -n "$CHROOT_SCRIPTS" ] && [ -d "$CHROOT_SCRIPTS" ] ; then
469 if [ -n "$CHROOT_SCRIPTS" ] && [ -d "$CHROOT_SCRIPTS" ] ; then
466 cp -r "${CHROOT_SCRIPTS}" "${R}/chroot_scripts"
470 cp -r "${CHROOT_SCRIPTS}" "${R}/chroot_scripts"
467 chroot_exec /bin/bash -x <<'EOF'
471 chroot_exec /bin/bash -x <<'EOF'
468 for SCRIPT in /chroot_scripts/* ; do
472 for SCRIPT in /chroot_scripts/* ; do
469 if [ -f $SCRIPT -a -x $SCRIPT ] ; then
473 if [ -f $SCRIPT -a -x $SCRIPT ] ; then
470 $SCRIPT
474 $SCRIPT
471 fi
475 fi
472 done
476 done
473 EOF
477 EOF
474 rm -rf "${R}/chroot_scripts"
478 rm -rf "${R}/chroot_scripts"
475 fi
479 fi
476
480
481 # Remove c/c++ build environment from the chroot
482 chroot_remove_cc
483
477 # Remove apt-utils
484 # Remove apt-utils
478 if [ "$RELEASE" = "jessie" ] ; then
485 if [ "$RELEASE" = "jessie" ] ; then
479 chroot_exec apt-get purge -qq -y --force-yes apt-utils
486 chroot_exec apt-get purge -qq -y --force-yes apt-utils
480 fi
487 fi
481
488
482 # Generate required machine-id
489 # Generate required machine-id
483 MACHINE_ID=$(dbus-uuidgen)
490 MACHINE_ID=$(dbus-uuidgen)
484 echo -n "${MACHINE_ID}" > "${R}/var/lib/dbus/machine-id"
491 echo -n "${MACHINE_ID}" > "${R}/var/lib/dbus/machine-id"
485 echo -n "${MACHINE_ID}" > "${ETC_DIR}/machine-id"
492 echo -n "${MACHINE_ID}" > "${ETC_DIR}/machine-id"
486
493
487 # APT Cleanup
494 # APT Cleanup
488 chroot_exec apt-get -y clean
495 chroot_exec apt-get -y clean
489 chroot_exec apt-get -y autoclean
496 chroot_exec apt-get -y autoclean
490 chroot_exec apt-get -y autoremove
497 chroot_exec apt-get -y autoremove
491
498
492 # Unmount mounted filesystems
499 # Unmount mounted filesystems
493 umount -l "${R}/proc"
500 umount -l "${R}/proc"
494 umount -l "${R}/sys"
501 umount -l "${R}/sys"
495
502
496 # Clean up directories
503 # Clean up directories
497 rm -rf "${R}/run/*"
504 rm -rf "${R}/run/*"
498 rm -rf "${R}/tmp/*"
505 rm -rf "${R}/tmp/*"
499
506
500 # Clean up files
507 # Clean up files
501 rm -f "${ETC_DIR}/ssh/ssh_host_*"
508 rm -f "${ETC_DIR}/ssh/ssh_host_*"
502 rm -f "${ETC_DIR}/dropbear/dropbear_*"
509 rm -f "${ETC_DIR}/dropbear/dropbear_*"
503 rm -f "${ETC_DIR}/apt/sources.list.save"
510 rm -f "${ETC_DIR}/apt/sources.list.save"
504 rm -f "${ETC_DIR}/resolvconf/resolv.conf.d/original"
511 rm -f "${ETC_DIR}/resolvconf/resolv.conf.d/original"
505 rm -f "${ETC_DIR}/*-"
512 rm -f "${ETC_DIR}/*-"
506 rm -f "${ETC_DIR}/apt/apt.conf.d/10proxy"
513 rm -f "${ETC_DIR}/apt/apt.conf.d/10proxy"
507 rm -f "${ETC_DIR}/resolv.conf"
514 rm -f "${ETC_DIR}/resolv.conf"
508 rm -f "${R}/root/.bash_history"
515 rm -f "${R}/root/.bash_history"
509 rm -f "${R}/var/lib/urandom/random-seed"
516 rm -f "${R}/var/lib/urandom/random-seed"
510 rm -f "${R}/initrd.img"
517 rm -f "${R}/initrd.img"
511 rm -f "${R}/vmlinuz"
518 rm -f "${R}/vmlinuz"
512 rm -f "${R}${QEMU_BINARY}"
519 rm -f "${R}${QEMU_BINARY}"
513
520
514 # Calculate size of the chroot directory in KB
521 # Calculate size of the chroot directory in KB
515 CHROOT_SIZE=$(expr `du -s "${R}" | awk '{ print $1 }'`)
522 CHROOT_SIZE=$(expr `du -s "${R}" | awk '{ print $1 }'`)
516
523
517 # Calculate the amount of needed 512 Byte sectors
524 # Calculate the amount of needed 512 Byte sectors
518 TABLE_SECTORS=$(expr 1 \* 1024 \* 1024 \/ 512)
525 TABLE_SECTORS=$(expr 1 \* 1024 \* 1024 \/ 512)
519 FRMW_SECTORS=$(expr 64 \* 1024 \* 1024 \/ 512)
526 FRMW_SECTORS=$(expr 64 \* 1024 \* 1024 \/ 512)
520 ROOT_OFFSET=$(expr ${TABLE_SECTORS} + ${FRMW_SECTORS})
527 ROOT_OFFSET=$(expr ${TABLE_SECTORS} + ${FRMW_SECTORS})
521
528
522 # The root partition is EXT4
529 # The root partition is EXT4
523 # This means more space than the actual used space of the chroot is used.
530 # This means more space than the actual used space of the chroot is used.
524 # As overhead for journaling and reserved blocks 25% are added.
531 # As overhead for journaling and reserved blocks 25% are added.
525 ROOT_SECTORS=$(expr $(expr ${CHROOT_SIZE} + ${CHROOT_SIZE} \/ 100 \* 25) \* 1024 \/ 512)
532 ROOT_SECTORS=$(expr $(expr ${CHROOT_SIZE} + ${CHROOT_SIZE} \/ 100 \* 25) \* 1024 \/ 512)
526
533
527 # Calculate required image size in 512 Byte sectors
534 # Calculate required image size in 512 Byte sectors
528 IMAGE_SECTORS=$(expr ${TABLE_SECTORS} + ${FRMW_SECTORS} + ${ROOT_SECTORS})
535 IMAGE_SECTORS=$(expr ${TABLE_SECTORS} + ${FRMW_SECTORS} + ${ROOT_SECTORS})
529
536
530 # Prepare image file
537 # Prepare image file
531 if [ "$ENABLE_SPLITFS" = true ] ; then
538 if [ "$ENABLE_SPLITFS" = true ] ; then
532 dd if=/dev/zero of="$IMAGE_NAME-frmw.img" bs=512 count=${TABLE_SECTORS}
539 dd if=/dev/zero of="$IMAGE_NAME-frmw.img" bs=512 count=${TABLE_SECTORS}
533 dd if=/dev/zero of="$IMAGE_NAME-frmw.img" bs=512 count=0 seek=${FRMW_SECTORS}
540 dd if=/dev/zero of="$IMAGE_NAME-frmw.img" bs=512 count=0 seek=${FRMW_SECTORS}
534 dd if=/dev/zero of="$IMAGE_NAME-root.img" bs=512 count=${TABLE_SECTORS}
541 dd if=/dev/zero of="$IMAGE_NAME-root.img" bs=512 count=${TABLE_SECTORS}
535 dd if=/dev/zero of="$IMAGE_NAME-root.img" bs=512 count=0 seek=${ROOT_SECTORS}
542 dd if=/dev/zero of="$IMAGE_NAME-root.img" bs=512 count=0 seek=${ROOT_SECTORS}
536
543
537 # Write firmware/boot partition tables
544 # Write firmware/boot partition tables
538 sfdisk -q -L -uS -f "$IMAGE_NAME-frmw.img" 2> /dev/null <<EOM
545 sfdisk -q -L -uS -f "$IMAGE_NAME-frmw.img" 2> /dev/null <<EOM
539 ${TABLE_SECTORS},${FRMW_SECTORS},c,*
546 ${TABLE_SECTORS},${FRMW_SECTORS},c,*
540 EOM
547 EOM
541
548
542 # Write root partition table
549 # Write root partition table
543 sfdisk -q -L -uS -f "$IMAGE_NAME-root.img" 2> /dev/null <<EOM
550 sfdisk -q -L -uS -f "$IMAGE_NAME-root.img" 2> /dev/null <<EOM
544 ${TABLE_SECTORS},${ROOT_SECTORS},83
551 ${TABLE_SECTORS},${ROOT_SECTORS},83
545 EOM
552 EOM
546
553
547 # Setup temporary loop devices
554 # Setup temporary loop devices
548 FRMW_LOOP="$(losetup -o 1M --sizelimit 64M -f --show $IMAGE_NAME-frmw.img)"
555 FRMW_LOOP="$(losetup -o 1M --sizelimit 64M -f --show $IMAGE_NAME-frmw.img)"
549 ROOT_LOOP="$(losetup -o 1M -f --show $IMAGE_NAME-root.img)"
556 ROOT_LOOP="$(losetup -o 1M -f --show $IMAGE_NAME-root.img)"
550 else # ENABLE_SPLITFS=false
557 else # ENABLE_SPLITFS=false
551 dd if=/dev/zero of="$IMAGE_NAME.img" bs=512 count=${TABLE_SECTORS}
558 dd if=/dev/zero of="$IMAGE_NAME.img" bs=512 count=${TABLE_SECTORS}
552 dd if=/dev/zero of="$IMAGE_NAME.img" bs=512 count=0 seek=${IMAGE_SECTORS}
559 dd if=/dev/zero of="$IMAGE_NAME.img" bs=512 count=0 seek=${IMAGE_SECTORS}
553
560
554 # Write partition table
561 # Write partition table
555 sfdisk -q -L -uS -f "$IMAGE_NAME.img" 2> /dev/null <<EOM
562 sfdisk -q -L -uS -f "$IMAGE_NAME.img" 2> /dev/null <<EOM
556 ${TABLE_SECTORS},${FRMW_SECTORS},c,*
563 ${TABLE_SECTORS},${FRMW_SECTORS},c,*
557 ${ROOT_OFFSET},${ROOT_SECTORS},83
564 ${ROOT_OFFSET},${ROOT_SECTORS},83
558 EOM
565 EOM
559
566
560 # Setup temporary loop devices
567 # Setup temporary loop devices
561 FRMW_LOOP="$(losetup -o 1M --sizelimit 64M -f --show $IMAGE_NAME.img)"
568 FRMW_LOOP="$(losetup -o 1M --sizelimit 64M -f --show $IMAGE_NAME.img)"
562 ROOT_LOOP="$(losetup -o 65M -f --show $IMAGE_NAME.img)"
569 ROOT_LOOP="$(losetup -o 65M -f --show $IMAGE_NAME.img)"
563 fi
570 fi
564
571
565 if [ "$ENABLE_CRYPTFS" = true ] ; then
572 if [ "$ENABLE_CRYPTFS" = true ] ; then
566 # Create dummy ext4 fs
573 # Create dummy ext4 fs
567 mkfs.ext4 "$ROOT_LOOP"
574 mkfs.ext4 "$ROOT_LOOP"
568
575
569 # Setup password keyfile
576 # Setup password keyfile
570 echo -n ${CRYPTFS_PASSWORD} > .password
577 touch .password
571 chmod 600 .password
578 chmod 600 .password
579 echo -n ${CRYPTFS_PASSWORD} > .password
572
580
573 # Initialize encrypted partition
581 # Initialize encrypted partition
574 echo "YES" | cryptsetup luksFormat "${ROOT_LOOP}" -c "${CRYPTFS_CIPHER}" -s "${CRYPTFS_XTSKEYSIZE}" .password
582 echo "YES" | cryptsetup luksFormat "${ROOT_LOOP}" -c "${CRYPTFS_CIPHER}" -s "${CRYPTFS_XTSKEYSIZE}" .password
575
583
576 # Open encrypted partition and setup mapping
584 # Open encrypted partition and setup mapping
577 cryptsetup luksOpen "${ROOT_LOOP}" -d .password "${CRYPTFS_MAPPING}"
585 cryptsetup luksOpen "${ROOT_LOOP}" -d .password "${CRYPTFS_MAPPING}"
578
586
579 # Secure delete password keyfile
587 # Secure delete password keyfile
580 shred -zu .password
588 shred -zu .password
581
589
582 # Update temporary loop device
590 # Update temporary loop device
583 ROOT_LOOP="/dev/mapper/${CRYPTFS_MAPPING}"
591 ROOT_LOOP="/dev/mapper/${CRYPTFS_MAPPING}"
584
592
585 # Wipe encrypted partition (encryption cipher is used for randomness)
593 # Wipe encrypted partition (encryption cipher is used for randomness)
586 dd if=/dev/zero of="${ROOT_LOOP}" bs=512 count=$(blockdev --getsz "${ROOT_LOOP}")
594 dd if=/dev/zero of="${ROOT_LOOP}" bs=512 count=$(blockdev --getsz "${ROOT_LOOP}")
587 fi
595 fi
588
596
589 # Build filesystems
597 # Build filesystems
590 mkfs.vfat "$FRMW_LOOP"
598 mkfs.vfat "$FRMW_LOOP"
591 mkfs.ext4 "$ROOT_LOOP"
599 mkfs.ext4 "$ROOT_LOOP"
592
600
593 # Mount the temporary loop devices
601 # Mount the temporary loop devices
594 mkdir -p "$BUILDDIR/mount"
602 mkdir -p "$BUILDDIR/mount"
595 mount "$ROOT_LOOP" "$BUILDDIR/mount"
603 mount "$ROOT_LOOP" "$BUILDDIR/mount"
596
604
597 mkdir -p "$BUILDDIR/mount/boot/firmware"
605 mkdir -p "$BUILDDIR/mount/boot/firmware"
598 mount "$FRMW_LOOP" "$BUILDDIR/mount/boot/firmware"
606 mount "$FRMW_LOOP" "$BUILDDIR/mount/boot/firmware"
599
607
600 # Copy all files from the chroot to the loop device mount point directory
608 # Copy all files from the chroot to the loop device mount point directory
601 rsync -a "${R}/" "$BUILDDIR/mount/"
609 rsync -a "${R}/" "$BUILDDIR/mount/"
602
610
603 # Unmount all temporary loop devices and mount points
611 # Unmount all temporary loop devices and mount points
604 cleanup
612 cleanup
605
613
606 # Create block map file(s) of image(s)
614 # Create block map file(s) of image(s)
607 if [ "$ENABLE_SPLITFS" = true ] ; then
615 if [ "$ENABLE_SPLITFS" = true ] ; then
608 # Create block map files for "bmaptool"
616 # Create block map files for "bmaptool"
609 bmaptool create -o "$IMAGE_NAME-frmw.bmap" "$IMAGE_NAME-frmw.img"
617 bmaptool create -o "$IMAGE_NAME-frmw.bmap" "$IMAGE_NAME-frmw.img"
610 bmaptool create -o "$IMAGE_NAME-root.bmap" "$IMAGE_NAME-root.img"
618 bmaptool create -o "$IMAGE_NAME-root.bmap" "$IMAGE_NAME-root.img"
611
619
612 # Image was successfully created
620 # Image was successfully created
613 echo "$IMAGE_NAME-frmw.img ($(expr \( ${TABLE_SECTORS} + ${FRMW_SECTORS} \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
621 echo "$IMAGE_NAME-frmw.img ($(expr \( ${TABLE_SECTORS} + ${FRMW_SECTORS} \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
614 echo "$IMAGE_NAME-root.img ($(expr \( ${TABLE_SECTORS} + ${ROOT_SECTORS} \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
622 echo "$IMAGE_NAME-root.img ($(expr \( ${TABLE_SECTORS} + ${ROOT_SECTORS} \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
615 else
623 else
616 # Create block map file for "bmaptool"
624 # Create block map file for "bmaptool"
617 bmaptool create -o "$IMAGE_NAME.bmap" "$IMAGE_NAME.img"
625 bmaptool create -o "$IMAGE_NAME.bmap" "$IMAGE_NAME.img"
618
626
619 # Image was successfully created
627 # Image was successfully created
620 echo "$IMAGE_NAME.img ($(expr \( ${TABLE_SECTORS} + ${FRMW_SECTORS} + ${ROOT_SECTORS} \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
628 echo "$IMAGE_NAME.img ($(expr \( ${TABLE_SECTORS} + ${FRMW_SECTORS} + ${ROOT_SECTORS} \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
621 fi
629 fi
General Comments 0
Vous devez vous connecter pour laisser un commentaire. Se connecter maintenant