Raspi2-3_GenImage Commit - r142:14de70396904 · Collaboration Tremplin des Sciences

Updated: Dropping privileges, chroot compiler install, dropbear sshd config

drtyhlpr -

r142:14de70396904

parent child

Context file:

r142:14de70396904

Collapse all files

README.md +8 -5

             ## Build dependencies
             The following list of Debian packages must be installed on the build system because they are essentially required for the bootstrapping process. The script will check if all required packages are installed and missing packages will be installed automatically if confirmed by the user.
-              ```debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git bc psmisc dbus```
+              ```debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git bc psmisc dbus sudo```
             It is recommended to configure the `rpi23-gen-image.sh` script to build and install the latest Raspberry Pi Linux kernel. For the RPi3 this is mandetory. Kernel compilation and linking will be performed on the build system using an ARM (armhf) cross-compiler toolchain.
             Replace the default RPi2/3 second stage bootloader (bootcode.bin) with [U-Boot bootloader](http://git.denx.de/?p=u-boot.git;a=summary). U-Boot can boot images via the network using the BOOTP/TFTP protocol.
             ##### `UBOOTSRC_DIR`=""
-            Path to a directory of [U-Boot bootloader sources](http://git.denx.de/?p=u-boot.git;a=summary) that will be copied, configured, build and installed inside the chroot.
+            Path to a directory (`u-boot`) of [U-Boot bootloader sources](http://git.denx.de/?p=u-boot.git;a=summary) that will be copied, configured, build and installed inside the chroot.
             ##### `ENABLE_FBTURBO`=false
             Install and enable the [hardware accelerated Xorg video driver](https://github.com/ssvb/xf86-video-fbturbo) `fbturbo`. Please note that this driver is currently limited to hardware accelerated window moving and scrolling.
+            ##### `FBTURBOSRC_DIR`=""
+            Path to a directory (`xf86-video-fbturbo`) of [hardware accelerated Xorg video driver sources](https://github.com/ssvb/xf86-video-fbturbo) that will be copied, configured, build and installed inside the chroot.
             ##### `ENABLE_IPTABLES`=false
             Enable iptables IPv4/IPv6 firewall. Simplified ruleset: Allow all outgoing connections. Block all incoming connections except to OpenSSH service.
             Disable password based SSH authentication. Only public key based SSH (v2) authentication will be supported.
             ##### `SSH_LIMIT_USERS`=false
-            Limit the users that are allowed to login via SSH. Only allow user `USER_NAME`=pi and root if `SSH_ENABLE_ROOT`=true to login.
+            Limit the users that are allowed to login via SSH. Only allow user `USER_NAME`=pi and root if `SSH_ENABLE_ROOT`=true to login. This parameter will be ignored if `dropbear` SSH is used (`REDUCE_SSHD`=true).
             ##### `SSH_ROOT_PUB_KEY`=""
             Add SSH (v2) public key(s) from specified file to `authorized_keys` file to enable public key based SSH (v2) authentication of user `root`. The specified file can also contain multiple SSH (v2) public keys. SSH protocol version 1 is not supported. `ENABLE_ROOT` **and** `SSH_ENABLE_ROOT` must be set to `true`.
             Remove all kernel sources from the generated OS image after it was built and installed.
             ##### `KERNELSRC_DIR`=""
-            Path to a directory of [RaspberryPi Linux kernel sources](https://github.com/raspberrypi/linux) that will be copied, configured, build and installed inside the chroot.
+            Path to a directory (`linux`) of [RaspberryPi Linux kernel sources](https://github.com/raspberrypi/linux) that will be copied, configured, build and installed inside the chroot.
             ##### `KERNELSRC_CLEAN`=false
             Clean the existing kernel sources directory `KERNELSRC_DIR` (using `make mrproper`) after it was copied to the chroot and before the compilation of the kernel has started. This parameter will be ignored if no `KERNELSRC_DIR` was specified or if `KERNELSRC_PREBUILT`=true.
             With this parameter set to true the script expects the existing kernel sources directory to be already successfully cross-compiled. The parameters `KERNELSRC_CLEAN`, `KERNELSRC_CONFIG`, `KERNELSRC_USRCONFIG` and `KERNEL_MENUCONFIG` are ignored and no kernel compilation tasks are performed.
             ##### `RPI_FIRMWARE_DIR`=""
-            The directory containing a local copy of the firmware from the [RaspberryPi firmware project](https://github.com/raspberrypi/firmware). Default is to download the latest firmware directly from the project.
+            The directory (`firmware`) containing a local copy of the firmware from the [RaspberryPi firmware project](https://github.com/raspberrypi/firmware). Default is to download the latest firmware directly from the project.
             ---

bootstrap.d/11-apt.sh +1 -1

               # Upgrade collabora package index and install collabora keyring
               chroot_exec apt-get -qq -y update
-              chroot_exec apt-get -qq -y --force-yes install collabora-obs-archive-keyring
+              chroot_exec apt-get -qq -y --allow-unauthenticated install collabora-obs-archive-keyring
             else # BUILD_KERNEL=true
               # Install APT sources.list
               install_readonly files/apt/sources.list "${ETC_DIR}/apt/sources.list"

bootstrap.d/13-kernel.sh +14 -2

@@ -20,8 +20,20 if [ "$BUILD_KERNEL" = true ] ; then
20	make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" mrproper	20	make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" mrproper
21	fi	21	fi
22	else # KERNELSRC_DIR=""	22	else # KERNELSRC_DIR=""
23	# ~~Fetch current raspberrypi~~ kernel sources	23	# Create temporary directory for kernel sources
24	git -C "${R}/usr/src" clone --depth=1 "${KERNEL_URL}"	24	temp_dir=$(sudo -u nobody mktemp -d)
		25
		26	# Fetch current RPi2/3 kernel sources
		27	sudo -u nobody git -C "${temp_dir}" clone --depth=1 "${KERNEL_URL}"
		28
		29	# Copy downloaded kernel sources
		30	mv "${temp_dir}/linux" "${R}/usr/src/"
		31
		32	# Remove temporary directory for kernel sources
		33	rm -fr "${temp_dir}"
		34
		35	# Set permissions of the kernel sources
		36	chown -R root:root "${R}/usr/src"
25	fi	37	fi
26		38
27	# Calculate optimal number of kernel building threads	39	# Calculate optimal number of kernel building threads

bootstrap.d/15-rpi-config.sh +22 -7

@@ -16,14 +16,27 if [ "$BUILD_KERNEL" = true ] ; then
16	cp ${RPI_FIRMWARE_DIR}/boot/start_cd.elf ${BOOT_DIR}/start_cd.elf	16	cp ${RPI_FIRMWARE_DIR}/boot/start_cd.elf ${BOOT_DIR}/start_cd.elf
17	cp ${RPI_FIRMWARE_DIR}/boot/start_x.elf ${BOOT_DIR}/start_x.elf	17	cp ${RPI_FIRMWARE_DIR}/boot/start_x.elf ${BOOT_DIR}/start_x.elf
18	else	18	else
		19	# Create temporary directory for boot binaries
		20	temp_dir=$(sudo -u nobody mktemp -d)
		21
19	# Install latest boot binaries from raspberry/firmware github	22	# Install latest boot binaries from raspberry/firmware github
20	wget -q -O "${~~BOOT_DIR~~}/bootcode.bin" "${FIRMWARE_URL}/bootcode.bin"	23	sudo -u nobody wget -q -O "${temp_dir}/bootcode.bin" "${FIRMWARE_URL}/bootcode.bin"
21	wget -q -O "${~~BOOT_DIR~~}/fixup.dat" "${FIRMWARE_URL}/fixup.dat"	24	sudo -u nobody wget -q -O "${temp_dir}/fixup.dat" "${FIRMWARE_URL}/fixup.dat"
22	wget -q -O "${~~BOOT_DIR~~}/fixup_cd.dat" "${FIRMWARE_URL}/fixup_cd.dat"	25	sudo -u nobody wget -q -O "${temp_dir}/fixup_cd.dat" "${FIRMWARE_URL}/fixup_cd.dat"
23	wget -q -O "${~~BOOT_DIR~~}/fixup_x.dat" "${FIRMWARE_URL}/fixup_x.dat"	26	sudo -u nobody wget -q -O "${temp_dir}/fixup_x.dat" "${FIRMWARE_URL}/fixup_x.dat"
24	wget -q -O "${~~BOOT_DIR~~}/start.elf" "${FIRMWARE_URL}/start.elf"	27	sudo -u nobody wget -q -O "${temp_dir}/start.elf" "${FIRMWARE_URL}/start.elf"
25	wget -q -O "${~~BOOT_DIR~~}/start_cd.elf" "${FIRMWARE_URL}/start_cd.elf"	28	sudo -u nobody wget -q -O "${temp_dir}/start_cd.elf" "${FIRMWARE_URL}/start_cd.elf"
26	wget -q -O "${~~BOOT_DIR~~}/start_x.elf" "${FIRMWARE_URL}/start_x.elf"	29	sudo -u nobody wget -q -O "${temp_dir}/start_x.elf" "${FIRMWARE_URL}/start_x.elf"
		30
		31	# Move downloaded boot binaries
		32	mv "${temp_dir}/"* "${BOOT_DIR}/"
		33
		34	# Remove temporary directory for boot binaries
		35	rm -fr "${temp_dir}"
		36
		37	# Set permissions of the boot binaries
		38	chown -R root:root "${BOOT_DIR}"
		39	chmod -R 600 "${BOOT_DIR}"
27	fi	40	fi
28	fi	41	fi
29		42
@@ -105,6 +118,8 fi
105	# Load sound module at boot	118	# Load sound module at boot
106	if [ "$ENABLE_SOUND" = true ] ; then	119	if [ "$ENABLE_SOUND" = true ] ; then
107	sed -i "s/^# snd_bcm2835/snd_bcm2835/" "${R}/lib/modules-load.d/rpi2.conf"	120	sed -i "s/^# snd_bcm2835/snd_bcm2835/" "${R}/lib/modules-load.d/rpi2.conf"
		121	else
		122	echo "dtparam=audio=off" >> "${BOOT_DIR}/config.txt"
108	fi	123	fi
109		124
110	# Enable I2C interface	125	# Enable I2C interface

bootstrap.d/20-networking.sh +16 -2

@@ -88,6 +88,20 if [ "$ENABLE_WIRELESS" = true ] ; then
88	mkdir -p ${WLAN_FIRMWARE_DIR}	88	mkdir -p ${WLAN_FIRMWARE_DIR}
89	fi	89	fi
90		90
91	wget -q -O "${WLAN_FIRMWARE_DIR}/brcmfmac43430-sdio.bin" "${WLAN_FIRMWARE_URL}/brcmfmac43430-sdio.bin"	91	# Create temporary directory for firmware binary blob
92	wget -q -O "${WLAN_FIRMWARE_DIR}/brcmfmac43430-sdio.txt" "${WLAN_FIRMWARE_URL}/brcmfmac43430-sdio.txt"	92	temp_dir=$(sudo -u nobody mktemp -d)
		93
		94	# Fetch firmware binary blob
		95	sudo -u nobody wget -q -O "${temp_dir}/brcmfmac43430-sdio.bin" "${WLAN_FIRMWARE_URL}/brcmfmac43430-sdio.bin"
		96	sudo -u nobody wget -q -O "${temp_dir}/brcmfmac43430-sdio.txt" "${WLAN_FIRMWARE_URL}/brcmfmac43430-sdio.txt"
		97
		98	# Move downloaded firmware binary blob
		99	mv "${temp_dir}/brcmfmac43430-sdio."* "${WLAN_FIRMWARE_DIR}/"
		100
		101	# Remove temporary directory for firmware binary blob
		102	rm -fr "${temp_dir}"
		103
		104	# Set permissions of the firmware binary blob
		105	chown root:root "${WLAN_FIRMWARE_DIR}/brcmfmac43430-sdio."*
		106	chmod 600 "${WLAN_FIRMWARE_DIR}/brcmfmac43430-sdio."*
93	fi	107	fi

bootstrap.d/31-logging.sh +1 -1

             if [ "$ENABLE_RSYSLOG" = false ] ; then
               sed -i "s|[#]*ForwardToSyslog=yes|ForwardToSyslog=no|g" "${ETC_DIR}/systemd/journald.conf"
               chroot_exec systemctl disable rsyslog
-              chroot_exec apt-get -qq -y --force-yes purge rsyslog
+              chroot_exec apt-get -qq -y purge rsyslog
             fi

bootstrap.d/32-sshd.sh +30 -1

             . ./functions.sh
             if [ "$ENABLE_SSHD" = true ] ; then
+              DROPBEAR_ARGS=""
               if [ "$SSH_ENABLE_ROOT" = false ] ; then
+                if [ "$ENABLE_REDUCE" = false ] || [ "$REDUCE_SSHD" = false ] ; then
                   # User root is not allowed to log in
                   sed -i "s|[#]*PermitRootLogin.*|PermitRootLogin no|g" "${ETC_DIR}/ssh/sshd_config"
+                else
+                  # User root is not allowed to log in
+                  DROPBEAR_ARGS="-w"
+                fi
               fi
               if [ "$ENABLE_ROOT" = true ] && [ "$SSH_ENABLE_ROOT" = true ] ; then
+                if [ "$ENABLE_REDUCE" = false ] || [ "$REDUCE_SSHD" = false ] ; then
                   # Permit SSH root login
                   sed -i "s|[#]*PermitRootLogin.*|PermitRootLogin yes|g" "${ETC_DIR}/ssh/sshd_config"
+                else
+                  # Permit SSH root login
+                  DROPBEAR_ARGS=""
+                fi
                 # Add SSH (v2) public key for user root
                 if [ ! -z "$SSH_ROOT_PUB_KEY" ] ; then
                   chroot_exec chmod 600 "/root/.ssh/authorized_keys"
                   chroot_exec chown root:root "/root/.ssh/authorized_keys"
+                  if [ "$ENABLE_REDUCE" = false ] || [ "$REDUCE_SSHD" = false ] ; then
                     # Allow SSH public key authentication
                     sed -i "s|[#]*PubkeyAuthentication.*|PubkeyAuthentication yes|g" "${ETC_DIR}/ssh/sshd_config"
                   fi
                 fi
+              fi
               if [ "$ENABLE_USER" = true ] ; then
                 # Add SSH (v2) public key for user $USER_NAME
                   chroot_exec chmod 600 "/home/${USER_NAME}/.ssh/authorized_keys"
                   chroot_exec chown ${USER_NAME}:${USER_NAME} "/home/${USER_NAME}/.ssh/authorized_keys"
+                  if [ "$ENABLE_REDUCE" = false ] || [ "$REDUCE_SSHD" = false ] ; then
                     # Allow SSH public key authentication
                     sed -i "s|[#]*PubkeyAuthentication.*|PubkeyAuthentication yes|g" "${ETC_DIR}/ssh/sshd_config"
                   fi
                 fi
+              fi
               # Limit the users that are allowed to login via SSH
-              if [ "$SSH_LIMIT_USERS" = true ] ; then
+              if [ "$SSH_LIMIT_USERS" = true ] && [ "$ENABLE_REDUCE" = false ] ; then
                 allowed_users=""
                 if [ "$ENABLE_ROOT" = true ] && [ "$SSH_ENABLE_ROOT" = true ] ; then
                   allowed_users="root"
               # Disable password-based authentication
               if [ "$SSH_DISABLE_PASSWORD_AUTH" = true ] ; then
                 if [ "$ENABLE_ROOT" = true ] && [ "$SSH_ENABLE_ROOT" = true ] ; then
+                  if [ "$ENABLE_REDUCE" = false ] || [ "$REDUCE_SSHD" = false ] ; then
                     sed -i "s|[#]*PermitRootLogin.*|PermitRootLogin without-password|g" "${ETC_DIR}/ssh/sshd_config"
+                  else
+                    DROPBEAR_ARGS="-g"
+                  fi
                 fi
+                if [ "$ENABLE_REDUCE" = false ] || [ "$REDUCE_SSHD" = false ] ; then
                   sed -i "s|[#]*PasswordAuthentication.*|PasswordAuthentication no|g" "${ETC_DIR}/ssh/sshd_config"
                   sed -i "s|[#]*ChallengeResponseAuthentication no.*|ChallengeResponseAuthentication no|g" "${ETC_DIR}/ssh/sshd_config"
                   sed -i "s|[#]*UsePAM.*|UsePAM no|g" "${ETC_DIR}/ssh/sshd_config"
+                else
+                  DROPBEAR_ARGS="${DROPBEAR_ARGS} -s"
+                fi
+              fi
+              # Update dropbear SSH configuration
+              if [ "$ENABLE_REDUCE" = true ] && [ "$REDUCE_SSHD" = true ] ; then
+                sed "s|^DROPBEAR_EXTRA_ARGS=.*|DROPBEAR_EXTRA_ARGS=\"${DROPBEAR_ARGS}\"|g" "${ETC_DIR}/default/dropbear"
               fi
             fi

bootstrap.d/41-uboot.sh +16 -7

@@ -5,21 +5,30
5	# Load utility functions	5	# Load utility functions
6	. ./functions.sh	6	. ./functions.sh
7		7
8	# Install gcc/c++ build environment inside the chroot
9	if [ "$ENABLE_UBOOT" = true ] \|\| [ "$ENABLE_FBTURBO" = true ] ; then
10	COMPILER_PACKAGES=$(chroot_exec apt-get -s install ${COMPILER_PACKAGES} \| grep "^Inst " \| awk -v ORS=" " '{ print $2 }')
11	chroot_exec apt-get -q -y --force-yes --no-install-recommends install ${COMPILER_PACKAGES}
12	fi
13
14	# Fetch and build U-Boot bootloader	8	# Fetch and build U-Boot bootloader
15	if [ "$ENABLE_UBOOT" = true ] ; then	9	if [ "$ENABLE_UBOOT" = true ] ; then
		10	# Install c/c++ build environment inside the chroot
		11	chroot_install_cc
		12
16	# Copy existing U-Boot sources into chroot directory	13	# Copy existing U-Boot sources into chroot directory
17	if [ -n "$UBOOTSRC_DIR" ] && [ -d "$UBOOTSRC_DIR" ] ; then	14	if [ -n "$UBOOTSRC_DIR" ] && [ -d "$UBOOTSRC_DIR" ] ; then
18	# Copy local U-Boot sources	15	# Copy local U-Boot sources
19	cp -r "${UBOOTSRC_DIR}" "${R}/tmp"	16	cp -r "${UBOOTSRC_DIR}" "${R}/tmp"
20	else	17	else
		18	# Create temporary directory for U-Boot sources
		19	temp_dir=$(sudo -u nobody mktemp -d)
		20
21	# Fetch U-Boot sources	21	# Fetch U-Boot sources
22	git -C "${R}~~/tmp~~" clone "${UBOOT_URL}"	22	sudo -u nobody git -C "${temp_dir}" clone "${UBOOT_URL}"
		23
		24	# Copy downloaded U-Boot sources
		25	mv "${temp_dir}/u-boot" "${R}/tmp/"
		26
		27	# Set permissions of the U-Boot sources
		28	chown -R root:root "${R}/tmp/u-boot"
		29
		30	# Remove temporary directory for U-Boot sources
		31	rm -fr "${temp_dir}"
23	fi	32	fi
24		33
25	# Build and install U-Boot inside chroot	34	# Build and install U-Boot inside chroot

bootstrap.d/42-fbturbo.sh +25 -8

@@ -6,11 +6,33
6	. ./functions.sh	6	. ./functions.sh
7		7
8	if [ "$ENABLE_FBTURBO" = true ] ; then	8	if [ "$ENABLE_FBTURBO" = true ] ; then
9	# Fetch fbturbo driver sources	9	# Install c/c++ build environment inside the chroot
10	git -C "${R}/tmp" clone "${FBTURBO_URL}"	10	chroot_install_cc
		11
		12	# Copy existing fbturbo sources into chroot directory
		13	if [ -n "$FBTURBOSRC_DIR" ] && [ -d "$FBTURBOSRC_DIR" ] ; then
		14	# Copy local fbturbo sources
		15	cp -r "${FBTURBOSRC_DIR}" "${R}/tmp"
		16	else
		17	# Create temporary directory for fbturbo sources
		18	temp_dir=$(sudo -u nobody mktemp -d)
		19
		20	# Fetch fbturbo sources
		21	sudo -u nobody git -C "${temp_dir}" clone "${FBTURBO_URL}"
		22
		23	# Move downloaded fbturbo sources
		24	mv "${temp_dir}/xf86-video-fbturbo" "${R}/tmp/"
		25
		26	# Remove temporary directory for fbturbo sources
		27	rm -fr "${temp_dir}"
		28	fi
11		29
12	# Install Xorg build dependencies	30	# Install Xorg build dependencies
13	chroot_exec apt-get -q -y --force-yes --no-install-recommends install xorg-dev xutils-dev x11proto-dri2-dev libltdl-dev libtool automake libdrm-dev	31	if [ "$RELEASE" = "jessie" ] ; then
		32	chroot_exec apt-get -q -y --no-install-recommends install xorg-dev xutils-dev x11proto-dri2-dev libltdl-dev libtool automake libdrm-dev
		33	elif [ "$RELEASE" = "stretch" ] ; then
		34	chroot_exec apt-get -q -y --no-install-recommends --allow-unauthenticated install xorg-dev xutils-dev x11proto-dri2-dev libltdl-dev libtool automake libdrm-dev
		35	fi
14		36
15	# Build and install fbturbo driver inside chroot	37	# Build and install fbturbo driver inside chroot
16	chroot_exec /bin/bash -x <<'EOF'	38	chroot_exec /bin/bash -x <<'EOF'
@@ -27,8 +49,3 EOF
27	# Remove Xorg build dependencies	49	# Remove Xorg build dependencies
28	chroot_exec apt-get -qq -y --auto-remove purge xorg-dev xutils-dev x11proto-dri2-dev libltdl-dev libtool automake libdrm-dev	50	chroot_exec apt-get -qq -y --auto-remove purge xorg-dev xutils-dev x11proto-dri2-dev libltdl-dev libtool automake libdrm-dev
29	fi	51	fi
30
31	# Remove gcc/c++ build environment from the chroot
32	if [ "$ENABLE_UBOOT" = true ] \|\| [ "$ENABLE_FBTURBO" = true ] ; then
33	chroot_exec apt-get -qq -y --auto-remove purge ${COMPILER_PACKAGES}
34	fi

bootstrap.d/99-reduce.sh +8 -3

               # Replace bash shell by dash shell (experimental)
               if [ "$REDUCE_BASH" = true ] ; then
+                if [ "$RELEASE" = "stretch" ] ; then
+                  echo "Yes, do as I say!" | chroot_exec apt-get purge -qq -y --allow-remove-essential bash
+                else
                   echo "Yes, do as I say!" | chroot_exec apt-get purge -qq -y --force-yes bash
+                fi
                 chroot_exec update-alternatives --install /bin/bash bash /bin/dash 100
               fi
               # Remove sound utils and libraries
               if [ "$ENABLE_SOUND" = false ] ; then
-                chroot_exec apt-get -qq -y --force-yes purge alsa-utils libsamplerate0 libasound2 libasound2-data
+                chroot_exec apt-get -qq -y purge alsa-utils libsamplerate0 libasound2 libasound2-data
               fi
-              # Re-install tools for managing kernel moduless
+              # Re-install tools for managing kernel modules
               if [ "$RELEASE" = "jessie" ] ; then
-                chroot_exec apt-get -qq -y --force-yes install module-init-tools
+                chroot_exec apt-get -qq -y install module-init-tools
               fi
               # Remove GPU kernels

functions.sh +21 0

@@ -53,3 +53,24 use_template () {
53	# Load template configuration parameters	53	# Load template configuration parameters
54	. "./templates/${CONFIG_TEMPLATE}"	54	. "./templates/${CONFIG_TEMPLATE}"
55	}	55	}
		56
		57	chroot_install_cc() {
		58	# Install c/c++ build environment inside the chroot
		59	if [ -z "${COMPILER_PACKAGES}" ] ; then
		60	COMPILER_PACKAGES=$(chroot_exec apt-get -s install g++ make bc \| grep "^Inst " \| awk -v ORS=" " '{ print $2 }')
		61
		62	if [ "$RELEASE" = "jessie" ] ; then
		63	chroot_exec apt-get -q -y --no-install-recommends install ${COMPILER_PACKAGES}
		64	elif [ "$RELEASE" = "stretch" ] ; then
		65	chroot_exec apt-get -q -y --allow-unauthenticated --no-install-recommends install ${COMPILER_PACKAGES}
		66	fi
		67	fi
		68	}
		69
		70	chroot_remove_cc() {
		71	# Remove c/c++ build environment from the chroot
		72	if [ ! -z "${COMPILER_PACKAGES}" ] ; then
		73	chroot_exec apt-get -qq -y --auto-remove purge ${COMPILER_PACKAGES}
		74	COMPILER_PACKAGES=""
		75	fi
		76	}

rpi23-gen-image.sh +18 -10

             ENABLE_UBOOT=${ENABLE_UBOOT:=false}
             UBOOTSRC_DIR=${UBOOTSRC_DIR:=""}
             ENABLE_FBTURBO=${ENABLE_FBTURBO:=false}
+            FBTURBOSRC_DIR=${FBTURBOSRC_DIR:=""}
             ENABLE_HARDNET=${ENABLE_HARDNET:=false}
             ENABLE_IPTABLES=${ENABLE_IPTABLES:=false}
             ENABLE_SPLITFS=${ENABLE_SPLITFS:=false}
             APT_INCLUDES="${APT_INCLUDES},apt-transport-https,apt-utils,ca-certificates,debian-archive-keyring,dialog,sudo,systemd,sysvinit-utils"
             # Packages required for bootstrapping
-            REQUIRED_PACKAGES="debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git bc psmisc dbus"
+            REQUIRED_PACKAGES="debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git bc psmisc dbus sudo"
             MISSING_PACKAGES=""
+            # Packages installed for c/c++ build environment in chroot (keep empty)
+            COMPILER_PACKAGES=""
             set +x
             # Set Raspberry Pi model specific configuration
               fi
             fi
-            # Set compiler packages and build RPi2/3 Linux kernel if required by Debian release
+            # Build RPi2/3 Linux kernel if required by Debian release
-            if [ "$RELEASE" = "jessie" ] ; then
+            if [ "$RELEASE" = "stretch" ] ; then
-              COMPILER_PACKAGES="linux-compiler-gcc-4.8-arm g++ make bc"
-            elif [ "$RELEASE" = "stretch" ] ; then
-              COMPILER_PACKAGES="g++ make bc"
               BUILD_KERNEL=true
-            else
-              echo "error: Debian release ${RELEASE} is not supported!"
-              exit 1
             fi
             # Add packages required for kernel cross compilation
               exit 1
             fi
+            # Check if specified FBTURBOSRC_DIR directory exists
+            if [ -n "$FBTURBOSRC_DIR" ] && [ ! -d "$FBTURBOSRC_DIR" ] ; then
+              echo "error: '${FBTURBOSRC_DIR}' specified directory not found (FBTURBOSRC_DIR)!"
+              exit 1
+            fi
             # Check if specified CHROOT_SCRIPTS directory exists
             if [ -n "$CHROOT_SCRIPTS" ] && [ ! -d "$CHROOT_SCRIPTS" ] ; then
                echo "error: ${CHROOT_SCRIPTS} specified directory not found (CHROOT_SCRIPTS)!"
               rm -rf "${R}/chroot_scripts"
             fi
+            # Remove c/c++ build environment from the chroot
+            chroot_remove_cc
             # Remove apt-utils
             if [ "$RELEASE" = "jessie" ] ; then
               chroot_exec apt-get purge -qq -y --force-yes apt-utils
               mkfs.ext4 "$ROOT_LOOP"
               # Setup password keyfile
-              echo -n ${CRYPTFS_PASSWORD} > .password
+              touch .password
               chmod 600 .password
+              echo -n ${CRYPTFS_PASSWORD} > .password
               # Initialize encrypted partition
               echo "YES" | cryptsetup luksFormat "${ROOT_LOOP}" -c "${CRYPTFS_CIPHER}" -s "${CRYPTFS_XTSKEYSIZE}" .password

General Comments 0

Écrire
Preview

Vous devez vous connecter pour laisser un commentaire. Se connecter maintenant

No TODOs yet

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Dépôts
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages