##// END OF EJS Templates
Raspi2-3_GenImage
RSS

Cloner depuis https://github.com/drtyhlpr/rpi23-gen-image.git

Replaced: ENABLE_FLUXBOX -\> ENABLE_WM
Jan Wagner -
r22:18e5215871dd
parent child
Show More
Show file before | Show file after | Hide comments
@@ -1,100 +1,101
1 1 # rpi2-gen-image
2 2 ## Introduction
3 3 `rpi2-gen-image.sh` is an advanced Debian Linux bootstrapping shell script for generating Debian OS images for the Raspberry 2 (RPi2) computer. The script at this time only supports the bootstrapping of the current stable Debian 8 "jessie" release.
4 4
5 5 ## Build dependencies
6 6 The following list of Debian packages must be installed on the build system because they are essentially required for the bootstrapping process. The script will check if all required packages are installed and missing packages will be installed automatically if confirmed by the user.
7 7
8 8 ```debootstrap debian-archive-keyring qemu-user-static dosfstools rsync bmap-tools whois git-core```
9 9
10 10 ## Command-line parameters
11 11 The script accepts certain command-line parameters to enable or disable specific OS features, services and configuration settings. These parameters are passed to the `rpi2-gen-image.sh` script via (simple) shell-variables. Unlike environment shell-variables (simple) shell-variables are defined at the beginning of the command-line call of the `rpi2-gen-image.sh` script.
12 12
13 13 #####Command-line examples:
14 14 ```shell
15 15 ENABLE_UBOOT=true ./rpi2-gen-image.sh
16 16 ENABLE_CONSOLE=false ENABLE_IPV6=false ./rpi2-gen-image.sh
17 ENABLE_WM=xfce4 ENABLE_FBTURBO=true ENABLE_MINBASE=true ./rpi2-gen-image.sh
17 18 ENABLE_HARDNET=true ENABLE_IPTABLES=true /rpi2-gen-image.sh
18 19 APT_SERVER=ftp.de.debian.org APT_PROXY="http://127.0.0.1:3142/" ./rpi2-gen-image.sh
19 20 ENABLE_MINBASE=true ./rpi2-gen-image.sh
20 21 ```
21 22
22 23 #### APT settings:
23 24 ##### `APT_SERVER`="ftp.debian.org"
24 25 Set Debian packages server address. Choose a server from the list of Debian worldwide [mirror sites](https://www.debian.org/mirror/list). Using a nearby server will probably speed-up all required downloads within the bootstrapping process.
25 26
26 27 ##### `APT_PROXY`=""
27 28 Set Proxy server address. Using a local Proxy-Cache like `apt-cacher-ng` will speed-up the bootstrapping process because all required Debian packages will only be downloaded from the Debian mirror site once.
28 29
29 30 #### General system settings:
30 31 ##### `HOSTNAME`="rpi2-jessie"
31 32 Set system host name. It's recommended that the host name is unique in the corresponding subnet.
32 33
33 34 ##### `PASSWORD`="raspberry"
34 35 Set system `root` password. The same password is used for the created user `pi`. It's **STRONGLY** recommended that you choose a custom password.
35 36
36 37 ##### `DEFLOCAL`="en_US.UTF-8"
37 38 Set default system locale and keyboard layout. This setting can also be changed inside the running OS using the `dpkg-reconfigure locales` command. The script variant `minbase` (ENABLE_MINBASE=true) doesn't install `locales`.
38 39
39 40 ##### `TIMEZONE`="Europe/Berlin"
40 41 Set default system timezone. All available timezones can be found in the `/usr/share/zoneinfo/` directory. This setting can also be changed inside the running OS using the `dpkg-reconfigure tzdata` command.
41 42
42 43 #### Basic system features:
43 44 ##### `ENABLE_CONSOLE`=true
44 45 Enable serial console interface. Recommended if no monitor or keyboard is connected to the RPi2. In case of problems fe. if the network (auto) configuration failed - the serial console can be used to access the system.
45 46
46 47 ##### `ENABLE_IPV6`=true
47 48 Enable IPv6 support. The network interface configuration is managed via systemd-networkd.
48 49
49 50 ##### `ENABLE_SSHD`=true
50 51 Install and enable OpenSSH service. The default configuration of the service doesn't allow `root` to login. Please use the user `pi` instead and `su -` or `sudo` to execute commands as root.
51 52
52 53 ##### `ENABLE_SOUND`=true
53 54 Enable sound hardware and install Advanced Linux Sound Architecture.
54 55
55 56 ##### `ENABLE_HWRANDOM`=true
56 57 Enable Hardware Random Number Generator. Strong random numbers are important for most network based communications that use encryption. It's recommended to be enabled.
57 58
58 59 ##### `ENABLE_MINGPU`=false
59 60 Minimize the amount of shared memory reserved for the GPU. It doesn't seem to be possible to fully disable the GPU.
60 61
61 62 ##### `ENABLE_DBUS`=true
62 63 Install and enable D-Bus message bus. Please note that systemd should work without D-bus but it's recommended to be enabled.
63 64
64 65 ##### `ENABLE_XORG`=false
65 66 Install Xorg open-source X Window System.
66 67
67 ##### `ENABLE_FLUXBOX`=false
68 Install Fluxbox window manager for the X Window System. To make sure all X related package dependencies are getting installed `ENABLE_XORG` will automatically get enabled if `ENABLE_FLUXBOX` is used.
68 ##### `ENABLE_WM`=""
69 Install a user defined window manager for the X Window System. To make sure all X related package dependencies are getting installed `ENABLE_XORG` will automatically get enabled if `ENABLE_WM` is used. The `rpi2-gen-image.sh` script has been tested with the following list of window managers: `blackbox`, `openbox`, `fluxbox`, `jwm`, `dwm`, `xfce4`, `awesome`.
69 70
70 71 #### Advanced sytem features:
71 72 ##### `ENABLE_MINBASE`=false
72 73 Use debootstrap script variant `minbase` which only includes essential packages and apt. This will reduce the disk usage by about 65 MB.
73 74
74 75 ##### `ENABLE_UBOOT`=false
75 76 Replace default RPi2 second stage bootloader (bootcode.bin) with U-Boot bootloader. U-Boot can boot images via the network using the BOOTP/TFTP protocol.
76 77
77 78 ##### `ENABLE_FBTURBO`=false
78 79 Install and enable the hardware accelerated Xorg video driver `fbturbo`. Please note that this driver is currently limited to hardware accelerated window moving and scrolling.
79 80
80 81 ##### `ENABLE_IPTABLES`=false
81 82 Enable iptables IPv4/IPv6 firewall. Simplified ruleset: Allow all outgoing connections. Block all incoming connections except to OpenSSH service.
82 83
83 84 ##### `ENABLE_HARDNET`=false
84 85 Enable IPv4/IPv6 network stack hardening settings.
85 86
86 87 ## Logging of the bootstrapping process
87 88 All information related to the bootstrapping process and the commands executed by the `rpi2-gen-image.sh` script can easily be saved into a logfile. The common shell command `script` can be used for this purpose:
88 89
89 90 ```shell
90 91 script -c 'APT_SERVER=ftp.de.debian.org ./rpi2-gen-image.sh' ./build.log
91 92 ```
92 93
93 94 ## Flashing the image file
94 95 After the image file was successfully created by the `rpi2-gen-image.sh` script it can be copied to the microSD card that will be used by the RPi2 computer. This can be performed by using the tools `bmaptool` or `dd`. Using `bmaptool` will probably speed-up the copy process because `bmaptool` copies more wisely than `dd`.
95 96
96 97 #####Flashing examples:
97 98 ```shell
98 99 bmaptool copy ./images/jessie/2015-12-13-debian-jessie.img /dev/mmcblk0
99 100 dd bs=4M if=./images/jessie/2015-12-13-debian-jessie.img of=/dev/mmcblk0
100 101 ```
Show file before | Show file after | Hide comments
@@ -1,846 +1,846
1 1 #!/bin/sh
2 2
3 3 ########################################################################
4 4 # rpi2-gen-image.sh ver2a 12/2015
5 5 #
6 6 # Advanced debian "jessie" bootstrap script for RPi2
7 7 #
8 8 # This program is free software; you can redistribute it and/or
9 9 # modify it under the terms of the GNU General Public License
10 10 # as published by the Free Software Foundation; either version 2
11 11 # of the License, or (at your option) any later version.
12 12 #
13 13 # some parts based on rpi2-build-image:
14 14 # Copyright (C) 2015 Ryan Finnie <ryan@finnie.org>
15 15 # Copyright (C) 2015 Luca Falavigna <dktrkranz@debian.org>
16 16 ########################################################################
17 17
18 18 # Clean up all temporary mount points
19 19 cleanup (){
20 20 set +x
21 21 set +e
22 22 echo "removing temporary mount points ..."
23 23 umount -l $R/proc 2> /dev/null
24 24 umount -l $R/sys 2> /dev/null
25 25 umount -l $R/dev/pts 2> /dev/null
26 26 umount "$BUILDDIR/mount/boot/firmware" 2> /dev/null
27 27 umount "$BUILDDIR/mount" 2> /dev/null
28 28 losetup -d "$EXT4_LOOP" 2> /dev/null
29 29 losetup -d "$VFAT_LOOP" 2> /dev/null
30 30 trap - 0 1 2 3 6
31 31 }
32 32
33 33 set -e
34 34 set -x
35 35
36 36 # Debian release
37 37 RELEASE=${RELEASE:=jessie}
38 38
39 39 # Build settings
40 40 BASEDIR=./images/${RELEASE}
41 41 BUILDDIR=${BASEDIR}/build
42 42
43 43 # General settings
44 44 HOSTNAME=${HOSTNAME:=rpi2-${RELEASE}}
45 45 PASSWORD=${PASSWORD:=raspberry}
46 46 DEFLOCAL=${DEFLOCAL:="en_US.UTF-8"}
47 47 TIMEZONE=${TIMEZONE:="Europe/Berlin"}
48 48
49 49 # APT settings
50 50 APT_PROXY=${APT_PROXY:=""}
51 51 APT_SERVER=${APT_SERVER:="ftp.debian.org"}
52 52
53 53 # Feature settings
54 54 ENABLE_CONSOLE=${ENABLE_CONSOLE:=true}
55 55 ENABLE_IPV6=${ENABLE_IPV6:=true}
56 56 ENABLE_SSHD=${ENABLE_SSHD:=true}
57 57 ENABLE_SOUND=${ENABLE_SOUND:=true}
58 58 ENABLE_DBUS=${ENABLE_DBUS:=true}
59 59 ENABLE_HWRANDOM=${ENABLE_HWRANDOM:=true}
60 60 ENABLE_MINGPU=${ENABLE_MINGPU:=false}
61 61 ENABLE_XORG=${ENABLE_XORG:=false}
62 ENABLE_FLUXBOX=${ENABLE_FLUXBOX:=false}
62 ENABLE_WM=${ENABLE_WM:=""}
63 63
64 64 # Advanced settings
65 65 ENABLE_MINBASE=${ENABLE_MINBASE:=false}
66 66 ENABLE_UBOOT=${ENABLE_UBOOT:=false}
67 67 ENABLE_FBTURBO=${ENABLE_FBTURBO:=false}
68 68 ENABLE_HARDNET=${ENABLE_HARDNET:=false}
69 69 ENABLE_IPTABLES=${ENABLE_IPTABLES:=false}
70 70
71 71 # Image chroot path
72 72 R=${BUILDDIR}/chroot
73 73
74 74 # Packages required for bootstrapping
75 75 REQUIRED_PACKAGES="debootstrap debian-archive-keyring qemu-user-static dosfstools rsync bmap-tools whois git-core"
76 76
77 77 # Missing packages that need to be installed
78 78 MISSING_PACKAGES=""
79 79
80 80 # Packages required in the chroot build environment
81 81 APT_INCLUDES="apt-transport-https,ca-certificates,debian-archive-keyring,dialog,sudo"
82 82
83 83 set +x
84 84
85 85 # Are we running as root?
86 86 if [ "$(id -u)" -ne "0" ] ; then
87 87 echo "this script must be executed with root privileges"
88 88 exit 1
89 89 fi
90 90
91 91 # Check if all required packages are installed
92 92 for package in $REQUIRED_PACKAGES ; do
93 93 if [ "`dpkg-query -W -f='${Status}' $package`" != "install ok installed" ] ; then
94 94 MISSING_PACKAGES="$MISSING_PACKAGES $package"
95 95 fi
96 96 done
97 97
98 98 # Ask if missing packages should get installed right now
99 99 if [ -n "$MISSING_PACKAGES" ] ; then
100 100 echo "the following packages needed by this script are not installed:"
101 101 echo "$MISSING_PACKAGES"
102 102
103 103 echo -n "\ndo you want to install the missing packages right now? [y/n] "
104 104 read confirm
105 105 if [ "$confirm" != "y" ] ; then
106 106 exit 1
107 107 fi
108 108 fi
109 109
110 110 # Make sure all required packages are installed
111 111 apt-get -qq -y install ${REQUIRED_PACKAGES}
112 112
113 113 # Don't clobber an old build
114 114 if [ -e "$BUILDDIR" ]; then
115 115 echo "directory $BUILDDIR already exists, not proceeding"
116 116 exit 1
117 117 fi
118 118
119 119 set -x
120 120
121 121 # Call "cleanup" function on various signals and errors
122 122 trap cleanup 0 1 2 3 6
123 123
124 124 # Set up chroot directory
125 125 mkdir -p $R
126 126
127 127 # Add required packages for the minbase installation
128 128 if [ "$ENABLE_MINBASE" = true ] ; then
129 129 APT_INCLUDES="${APT_INCLUDES},vim-tiny,netbase,net-tools"
130 130 else
131 131 APT_INCLUDES="${APT_INCLUDES},locales"
132 132 fi
133 133
134 134 # Add dbus package, recommended if using systemd
135 135 if [ "$ENABLE_DBUS" = true ] ; then
136 136 APT_INCLUDES="${APT_INCLUDES},dbus"
137 137 fi
138 138
139 139 # Add iptables IPv4/IPv6 package
140 140 if [ "$ENABLE_IPTABLES" = true ] ; then
141 141 APT_INCLUDES="${APT_INCLUDES},iptables"
142 142 fi
143 143
144 144 # Add openssh server package
145 145 if [ "$ENABLE_SSHD" = true ] ; then
146 146 APT_INCLUDES="${APT_INCLUDES},openssh-server"
147 147 fi
148 148
149 149 # Add alsa-utils package
150 150 if [ "$ENABLE_SOUND" = true ] ; then
151 151 APT_INCLUDES="${APT_INCLUDES},alsa-utils"
152 152 fi
153 153
154 154 # Add rng-tools package
155 155 if [ "$ENABLE_HWRANDOM" = true ] ; then
156 156 APT_INCLUDES="${APT_INCLUDES},rng-tools"
157 157 fi
158 158
159 159 # Add fbturbo video driver
160 160 if [ "$ENABLE_FBTURBO" = true ] ; then
161 161 # Enable xorg package dependencies
162 162 ENABLE_XORG=true
163 163 fi
164 164
165 # Add fluxbox package with eterm
166 if [ "$ENABLE_FLUXBOX" = true ] ; then
167 APT_INCLUDES="${APT_INCLUDES},fluxbox,eterm"
165 # Add user defined window manager package
166 if [ -n "$ENABLE_WM" ] ; then
167 APT_INCLUDES="${APT_INCLUDES},${ENABLE_WM}"
168 168
169 169 # Enable xorg package dependencies
170 170 ENABLE_XORG=true
171 171 fi
172 172
173 173 # Add xorg package
174 174 if [ "$ENABLE_XORG" = true ] ; then
175 175 APT_INCLUDES="${APT_INCLUDES},xorg"
176 176 fi
177 177
178 178 # Set empty proxy string
179 179 if [ -z "$APT_PROXY" ] ; then
180 180 APT_PROXY="http://"
181 181 fi
182 182
183 183 # Base debootstrap (unpack only)
184 184 if [ "$ENABLE_MINBASE" = true ] ; then
185 185 debootstrap --arch=armhf --variant=minbase --foreign --include=${APT_INCLUDES} $RELEASE $R ${APT_PROXY}${APT_SERVER}/debian
186 186 else
187 187 debootstrap --arch=armhf --foreign --include=${APT_INCLUDES} $RELEASE $R ${APT_PROXY}${APT_SERVER}/debian
188 188 fi
189 189
190 190 # Copy qemu emulator binary to chroot
191 191 cp /usr/bin/qemu-arm-static $R/usr/bin
192 192
193 193 # Copy debian-archive-keyring.pgp
194 194 chroot $R mkdir -p /usr/share/keyrings
195 195 cp /usr/share/keyrings/debian-archive-keyring.gpg $R/usr/share/keyrings/debian-archive-keyring.gpg
196 196
197 197 # Complete the bootstrapping process
198 198 chroot $R /debootstrap/debootstrap --second-stage
199 199
200 200 # Mount required filesystems
201 201 mount -t proc none $R/proc
202 202 mount -t sysfs none $R/sys
203 203 mount --bind /dev/pts $R/dev/pts
204 204
205 205 # Use proxy inside chroot
206 206 if [ -z "$APT_PROXY" ] ; then
207 207 echo "Acquire::http::Proxy \"$APT_PROXY\"" >> $R/etc/apt/apt.conf.d/10proxy
208 208 fi
209 209
210 210 # Pin package flash-kernel to repositories.collabora.co.uk
211 211 cat <<EOM >$R/etc/apt/preferences.d/flash-kernel
212 212 Package: flash-kernel
213 213 Pin: origin repositories.collabora.co.uk
214 214 Pin-Priority: 1000
215 215 EOM
216 216
217 217 # Set up timezone
218 218 echo ${TIMEZONE} >$R/etc/timezone
219 219 LANG=C chroot $R dpkg-reconfigure -f noninteractive tzdata
220 220
221 221 # Set up default locales to "en_US.UTF-8" default
222 222 if [ "$ENABLE_MINBASE" = false ] ; then
223 223 LANG=C chroot $R sed -i '/${DEFLOCAL}/s/^#//' /etc/locale.gen
224 224 LANG=C chroot $R locale-gen ${DEFLOCAL}
225 225 fi
226 226
227 227 # Upgrade collabora package index and install collabora keyring
228 228 echo "deb https://repositories.collabora.co.uk/debian ${RELEASE} rpi2" >$R/etc/apt/sources.list
229 229 LANG=C chroot $R apt-get -qq -y update
230 230 LANG=C chroot $R apt-get -qq -y --force-yes install collabora-obs-archive-keyring
231 231
232 232 # Set up initial sources.list
233 233 cat <<EOM >$R/etc/apt/sources.list
234 234 deb http://${APT_SERVER}/debian ${RELEASE} main contrib
235 235 #deb-src http://${APT_SERVER}/debian ${RELEASE} main contrib
236 236
237 237 deb http://${APT_SERVER}/debian/ ${RELEASE}-updates main contrib
238 238 #deb-src http://${APT_SERVER}/debian/ ${RELEASE}-updates main contrib
239 239
240 240 deb http://security.debian.org/ ${RELEASE}/updates main contrib
241 241 #deb-src http://security.debian.org/ ${RELEASE}/updates main contrib
242 242
243 243 deb https://repositories.collabora.co.uk/debian ${RELEASE} rpi2
244 244 EOM
245 245
246 246 # Upgrade package index and update all installed packages and changed dependencies
247 247 LANG=C chroot $R apt-get -qq -y update
248 248 LANG=C chroot $R apt-get -qq -y -u dist-upgrade
249 249
250 250 # Kernel installation
251 251 # Install flash-kernel last so it doesn't try (and fail) to detect the platform in the chroot
252 252 LANG=C chroot $R apt-get -qq -y --no-install-recommends install linux-image-3.18.0-trunk-rpi2
253 253 LANG=C chroot $R apt-get -qq -y install flash-kernel
254 254
255 255 VMLINUZ="$(ls -1 $R/boot/vmlinuz-* | sort | tail -n 1)"
256 256 [ -z "$VMLINUZ" ] && exit 1
257 257 mkdir -p $R/boot/firmware
258 258
259 259 # required boot binaries from raspberry/firmware github (commit: "kernel: Bump to 3.18.10")
260 260 wget -q -O $R/boot/firmware/bootcode.bin https://github.com/raspberrypi/firmware/raw/cd355a9dd4f1f4de2e79b0c8e102840885cdf1de/boot/bootcode.bin
261 261 wget -q -O $R/boot/firmware/fixup_cd.dat https://github.com/raspberrypi/firmware/raw/cd355a9dd4f1f4de2e79b0c8e102840885cdf1de/boot/fixup_cd.dat
262 262 wget -q -O $R/boot/firmware/fixup.dat https://github.com/raspberrypi/firmware/raw/cd355a9dd4f1f4de2e79b0c8e102840885cdf1de/boot/fixup.dat
263 263 wget -q -O $R/boot/firmware/fixup_x.dat https://github.com/raspberrypi/firmware/raw/cd355a9dd4f1f4de2e79b0c8e102840885cdf1de/boot/fixup_x.dat
264 264 wget -q -O $R/boot/firmware/start_cd.elf https://github.com/raspberrypi/firmware/raw/cd355a9dd4f1f4de2e79b0c8e102840885cdf1de/boot/start_cd.elf
265 265 wget -q -O $R/boot/firmware/start.elf https://github.com/raspberrypi/firmware/raw/cd355a9dd4f1f4de2e79b0c8e102840885cdf1de/boot/start.elf
266 266 wget -q -O $R/boot/firmware/start_x.elf https://github.com/raspberrypi/firmware/raw/cd355a9dd4f1f4de2e79b0c8e102840885cdf1de/boot/start_x.elf
267 267 cp $VMLINUZ $R/boot/firmware/kernel7.img
268 268
269 269 # Set up IPv4 hosts
270 270 echo ${HOSTNAME} >$R/etc/hostname
271 271 cat <<EOM >$R/etc/hosts
272 272 127.0.0.1 localhost
273 273 127.0.1.1 ${HOSTNAME}
274 274 EOM
275 275
276 276 # Set up IPv6 hosts
277 277 if [ "$ENABLE_IPV6" = true ] ; then
278 278 cat <<EOM >>$R/etc/hosts
279 279
280 280 ::1 localhost ip6-localhost ip6-loopback
281 281 ff02::1 ip6-allnodes
282 282 ff02::2 ip6-allrouters
283 283 EOM
284 284 fi
285 285
286 286 # Place hint about network configuration
287 287 cat <<EOM >$R/etc/network/interfaces
288 288 # Debian switched to systemd-networkd configuration files.
289 289 # please configure your networks in '/etc/systemd/network/'
290 290 EOM
291 291
292 292 # Enable systemd-networkd DHCP configuration for interface eth0
293 293 cat <<EOM >$R/etc/systemd/network/eth.network
294 294 [Match]
295 295 Name=eth0
296 296
297 297 [Network]
298 298 DHCP=yes
299 299 EOM
300 300
301 301 # Set DHCP configuration to IPv4 only
302 302 if [ "$ENABLE_IPV6" = false ] ; then
303 303 sed -i "s/=yes/=v4/" $R/etc/systemd/network/eth.network
304 304 fi
305 305
306 306 # Enable systemd-networkd service
307 307 LANG=C chroot $R systemctl enable systemd-networkd
308 308
309 309 # Generate crypt(3) password string
310 310 ENCRYPTED_PASSWORD=`mkpasswd -m sha-512 ${PASSWORD}`
311 311
312 312 # Set up default user
313 313 LANG=C chroot $R adduser --gecos "Raspberry PI user" --add_extra_groups --disabled-password pi
314 314 LANG=C chroot $R usermod -a -G sudo -p "${ENCRYPTED_PASSWORD}" pi
315 315
316 316 # Set up root password
317 317 LANG=C chroot $R usermod -p "${ENCRYPTED_PASSWORD}" root
318 318
319 319 # Set up firmware boot cmdline
320 320 CMDLINE="dwc_otg.lpm_enable=0 root=/dev/mmcblk0p2 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline rootwait net.ifnames=1 console=tty1"
321 321
322 322 # Set up serial console support (if requested)
323 323 if [ "$ENABLE_CONSOLE" = true ] ; then
324 324 CMDLINE="${CMDLINE} console=ttyAMA0,115200 kgdboc=ttyAMA0,115200"
325 325 fi
326 326
327 327 # Set up IPv6 networking support
328 328 if [ "$ENABLE_IPV6" = false ] ; then
329 329 CMDLINE="${CMDLINE} ipv6.disable=1"
330 330 fi
331 331
332 332 echo "${CMDLINE}" >$R/boot/firmware/cmdline.txt
333 333
334 334 # Set up firmware config
335 335 cat <<EOM >$R/boot/firmware/config.txt
336 336 # For more options and information see
337 337 # http://www.raspberrypi.org/documentation/configuration/config-txt.md
338 338 # Some settings may impact device functionality. See link above for details
339 339
340 340 # uncomment if you get no picture on HDMI for a default "safe" mode
341 341 #hdmi_safe=1
342 342
343 343 # uncomment this if your display has a black border of unused pixels visible
344 344 # and your display can output without overscan
345 345 #disable_overscan=1
346 346
347 347 # uncomment the following to adjust overscan. Use positive numbers if console
348 348 # goes off screen, and negative if there is too much border
349 349 #overscan_left=16
350 350 #overscan_right=16
351 351 #overscan_top=16
352 352 #overscan_bottom=16
353 353
354 354 # uncomment to force a console size. By default it will be display's size minus
355 355 # overscan.
356 356 #framebuffer_width=1280
357 357 #framebuffer_height=720
358 358
359 359 # uncomment if hdmi display is not detected and composite is being output
360 360 #hdmi_force_hotplug=1
361 361
362 362 # uncomment to force a specific HDMI mode (this will force VGA)
363 363 #hdmi_group=1
364 364 #hdmi_mode=1
365 365
366 366 # uncomment to force a HDMI mode rather than DVI. This can make audio work in
367 367 # DMT (computer monitor) modes
368 368 #hdmi_drive=2
369 369
370 370 # uncomment to increase signal to HDMI, if you have interference, blanking, or
371 371 # no display
372 372 #config_hdmi_boost=4
373 373
374 374 # uncomment for composite PAL
375 375 #sdtv_mode=2
376 376
377 377 # uncomment to overclock the arm. 700 MHz is the default.
378 378 #arm_freq=800
379 379 EOM
380 380
381 381 # Load snd_bcm2835 kernel module at boot time
382 382 if [ "$ENABLE_SOUND" = true ] ; then
383 383 echo "snd_bcm2835" >>$R/etc/modules
384 384 fi
385 385
386 386 # Set smallest possible GPU memory allocation size: 16MB (no X)
387 387 if [ "$ENABLE_MINGPU" = true ] ; then
388 388 echo "gpu_mem=16" >>$R/boot/firmware/config.txt
389 389 fi
390 390
391 391 # Create symlinks
392 392 ln -sf firmware/config.txt $R/boot/config.txt
393 393 ln -sf firmware/cmdline.txt $R/boot/cmdline.txt
394 394
395 395 # Prepare modules-load.d directory
396 396 mkdir -p $R/lib/modules-load.d/
397 397
398 398 # Load random module on boot
399 399 if [ "$ENABLE_HWRANDOM" = true ] ; then
400 400 cat <<EOM >$R/lib/modules-load.d/rpi2.conf
401 401 bcm2708_rng
402 402 EOM
403 403 fi
404 404
405 405 # Prepare modprobe.d directory
406 406 mkdir -p $R/etc/modprobe.d/
407 407
408 408 # Blacklist sound modules
409 409 cat <<EOM >$R/etc/modprobe.d/raspi-blacklist.conf
410 410 blacklist snd_soc_core
411 411 blacklist snd_pcm
412 412 blacklist snd_pcm_dmaengine
413 413 blacklist snd_timer
414 414 blacklist snd_compress
415 415 blacklist snd_soc_pcm512x_i2c
416 416 blacklist snd_soc_pcm512x
417 417 blacklist snd_soc_tas5713
418 418 blacklist snd_soc_wm8804
419 419 EOM
420 420
421 421 # Create default fstab
422 422 cat <<EOM >$R/etc/fstab
423 423 /dev/mmcblk0p2 / ext4 noatime,nodiratime,errors=remount-ro,discard,data=writeback,commit=100 0 1
424 424 /dev/mmcblk0p1 /boot/firmware vfat defaults,noatime,nodiratime 0 2
425 425 EOM
426 426
427 427 # Avoid swapping and increase cache sizes
428 428 cat <<EOM >>$R/etc/sysctl.d/99-sysctl.conf
429 429
430 430 # Avoid swapping and increase cache sizes
431 431 vm.swappiness=1
432 432 vm.dirty_background_ratio=20
433 433 vm.dirty_ratio=40
434 434 vm.dirty_writeback_centisecs=500
435 435 vm.dirty_expire_centisecs=6000
436 436 EOM
437 437
438 438 # Enable network stack hardening
439 439 if [ "$ENABLE_HARDNET" = true ] ; then
440 440 cat <<EOM >>$R/etc/sysctl.d/99-sysctl.conf
441 441
442 442 # Enable network stack hardening
443 443 net.ipv4.tcp_timestamps=0
444 444 net.ipv4.tcp_syncookies=1
445 445 net.ipv4.conf.all.rp_filter=1
446 446 net.ipv4.conf.all.accept_redirects=0
447 447 net.ipv4.conf.all.send_redirects=0
448 448 net.ipv4.conf.all.accept_source_route=0
449 449 net.ipv4.conf.default.rp_filter=1
450 450 net.ipv4.conf.default.accept_redirects=0
451 451 net.ipv4.conf.default.send_redirects=0
452 452 net.ipv4.conf.default.accept_source_route=0
453 453 net.ipv4.conf.lo.accept_redirects=0
454 454 net.ipv4.conf.lo.send_redirects=0
455 455 net.ipv4.conf.lo.accept_source_route=0
456 456 net.ipv4.conf.eth0.accept_redirects=0
457 457 net.ipv4.conf.eth0.send_redirects=0
458 458 net.ipv4.conf.eth0.accept_source_route=0
459 459 net.ipv4.icmp_echo_ignore_broadcasts=1
460 460 net.ipv4.icmp_ignore_bogus_error_responses=1
461 461
462 462 net.ipv6.conf.all.accept_redirects=0
463 463 net.ipv6.conf.all.accept_source_route=0
464 464 net.ipv6.conf.all.router_solicitations=0
465 465 net.ipv6.conf.all.accept_ra_rtr_pref=0
466 466 net.ipv6.conf.all.accept_ra_pinfo=0
467 467 net.ipv6.conf.all.accept_ra_defrtr=0
468 468 net.ipv6.conf.all.autoconf=0
469 469 net.ipv6.conf.all.dad_transmits=0
470 470 net.ipv6.conf.all.max_addresses=1
471 471
472 472 net.ipv6.conf.default.accept_redirects=0
473 473 net.ipv6.conf.default.accept_source_route=0
474 474 net.ipv6.conf.default.router_solicitations=0
475 475 net.ipv6.conf.default.accept_ra_rtr_pref=0
476 476 net.ipv6.conf.default.accept_ra_pinfo=0
477 477 net.ipv6.conf.default.accept_ra_defrtr=0
478 478 net.ipv6.conf.default.autoconf=0
479 479 net.ipv6.conf.default.dad_transmits=0
480 480 net.ipv6.conf.default.max_addresses=1
481 481
482 482 net.ipv6.conf.lo.accept_redirects=0
483 483 net.ipv6.conf.lo.accept_source_route=0
484 484 net.ipv6.conf.lo.router_solicitations=0
485 485 net.ipv6.conf.lo.accept_ra_rtr_pref=0
486 486 net.ipv6.conf.lo.accept_ra_pinfo=0
487 487 net.ipv6.conf.lo.accept_ra_defrtr=0
488 488 net.ipv6.conf.lo.autoconf=0
489 489 net.ipv6.conf.lo.dad_transmits=0
490 490 net.ipv6.conf.lo.max_addresses=1
491 491
492 492 net.ipv6.conf.eth0.accept_redirects=0
493 493 net.ipv6.conf.eth0.accept_source_route=0
494 494 net.ipv6.conf.eth0.router_solicitations=0
495 495 net.ipv6.conf.eth0.accept_ra_rtr_pref=0
496 496 net.ipv6.conf.eth0.accept_ra_pinfo=0
497 497 net.ipv6.conf.eth0.accept_ra_defrtr=0
498 498 net.ipv6.conf.eth0.autoconf=0
499 499 net.ipv6.conf.eth0.dad_transmits=0
500 500 net.ipv6.conf.eth0.max_addresses=1
501 501 EOM
502 502
503 503 # Enable resolver warnings about spoofed addresses
504 504 cat <<EOM >>$R/etc/host.conf
505 505 spoof warn
506 506 EOM
507 507 fi
508 508
509 509 # Regenerate openssh server host keys
510 510 if [ "$ENABLE_SSHD" = true ] ; then
511 511 rm -fr $R/etc/ssh/ssh_host_*
512 512 LANG=C chroot $R dpkg-reconfigure openssh-server
513 513 fi
514 514
515 515 # Enable serial console systemd style
516 516 if [ "$ENABLE_CONSOLE" = true ] ; then
517 517 LANG=C chroot $R systemctl enable serial-getty\@ttyAMA0.service
518 518 fi
519 519
520 520 # Enable firewall based on iptables started by systemd service
521 521 if [ "$ENABLE_IPTABLES" = true ] ; then
522 522 # Create iptables configuration directory
523 523 mkdir -p "$R/etc/iptables"
524 524
525 525 # Create iptables systemd service
526 526 cat <<EOM >$R/etc/systemd/system/iptables.service
527 527 [Unit]
528 528 Description=Packet Filtering Framework
529 529 DefaultDependencies=no
530 530 After=systemd-sysctl.service
531 531 Before=sysinit.target
532 532 [Service]
533 533 Type=oneshot
534 534 ExecStart=/sbin/iptables-restore /etc/iptables/iptables.rules
535 535 ExecReload=/sbin/iptables-restore /etc/iptables/iptables.rules
536 536 ExecStop=/etc/iptables/flush-iptables.sh
537 537 RemainAfterExit=yes
538 538 [Install]
539 539 WantedBy=multi-user.target
540 540 EOM
541 541
542 542 # Create flush-table script called by iptables service
543 543 cat <<EOM >$R/etc/iptables/flush-iptables.sh
544 544 #!/bin/sh
545 545 iptables -F
546 546 iptables -X
547 547 iptables -t nat -F
548 548 iptables -t nat -X
549 549 iptables -t mangle -F
550 550 iptables -t mangle -X
551 551 iptables -P INPUT ACCEPT
552 552 iptables -P FORWARD ACCEPT
553 553 iptables -P OUTPUT ACCEPT
554 554 EOM
555 555
556 556 # Create iptables rule file
557 557 cat <<EOM >$R/etc/iptables/iptables.rules
558 558 *filter
559 559 :INPUT DROP [0:0]
560 560 :FORWARD DROP [0:0]
561 561 :OUTPUT ACCEPT [0:0]
562 562 :TCP - [0:0]
563 563 :UDP - [0:0]
564 564 :SSH - [0:0]
565 565
566 566 # Rate limit ping requests
567 567 -A INPUT -p icmp --icmp-type echo-request -m limit --limit 30/min --limit-burst 8 -j ACCEPT
568 568 -A INPUT -p icmp --icmp-type echo-request -j DROP
569 569
570 570 # Accept established connections
571 571 -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
572 572
573 573 # Accept all traffic on loopback interface
574 574 -A INPUT -i lo -j ACCEPT
575 575
576 576 # Drop packets declared invalid
577 577 -A INPUT -m conntrack --ctstate INVALID -j DROP
578 578
579 579 # SSH rate limiting
580 580 -A INPUT -p tcp --dport ssh -m conntrack --ctstate NEW -j SSH
581 581 -A SSH -m recent --name sshbf --rttl --rcheck --hitcount 3 --seconds 10 -j DROP
582 582 -A SSH -m recent --name sshbf --rttl --rcheck --hitcount 20 --seconds 1800 -j DROP
583 583 -A SSH -m recent --name sshbf --set -j ACCEPT
584 584
585 585 # Send TCP and UDP connections to their respective rules chain
586 586 -A INPUT -p udp -m conntrack --ctstate NEW -j UDP
587 587 -A INPUT -p tcp --syn -m conntrack --ctstate NEW -j TCP
588 588
589 589 # Reject dropped packets with a RFC compliant responce
590 590 -A INPUT -p udp -j REJECT --reject-with icmp-port-unreachable
591 591 -A INPUT -p tcp -j REJECT --reject-with tcp-rst
592 592 -A INPUT -j REJECT --reject-with icmp-proto-unreachable
593 593
594 594 ## TCP PORT RULES
595 595 # -A TCP -p tcp -j LOG
596 596
597 597 ## UDP PORT RULES
598 598 # -A UDP -p udp -j LOG
599 599
600 600 COMMIT
601 601 EOM
602 602
603 603 # Reload systemd configuration and enable iptables service
604 604 LANG=C chroot $R systemctl daemon-reload
605 605 LANG=C chroot $R systemctl enable iptables.service
606 606
607 607 if [ "$ENABLE_IPV6" = true ] ; then
608 608 # Create ip6tables systemd service
609 609 cat <<EOM >$R/etc/systemd/system/ip6tables.service
610 610 [Unit]
611 611 Description=Packet Filtering Framework
612 612 DefaultDependencies=no
613 613 After=systemd-sysctl.service
614 614 Before=sysinit.target
615 615 [Service]
616 616 Type=oneshot
617 617 ExecStart=/sbin/ip6tables-restore /etc/iptables/ip6tables.rules
618 618 ExecReload=/sbin/ip6tables-restore /etc/iptables/ip6tables.rules
619 619 ExecStop=/etc/iptables/flush-ip6tables.sh
620 620 RemainAfterExit=yes
621 621 [Install]
622 622 WantedBy=multi-user.target
623 623 EOM
624 624
625 625 # Create ip6tables file
626 626 cat <<EOM >$R/etc/iptables/flush-ip6tables.sh
627 627 #!/bin/sh
628 628 ip6tables -F
629 629 ip6tables -X
630 630 ip6tables -Z
631 631 for table in $(</proc/net/ip6_tables_names)
632 632 do
633 633 ip6tables -t \$table -F
634 634 ip6tables -t \$table -X
635 635 ip6tables -t \$table -Z
636 636 done
637 637 ip6tables -P INPUT ACCEPT
638 638 ip6tables -P OUTPUT ACCEPT
639 639 ip6tables -P FORWARD ACCEPT
640 640 EOM
641 641
642 642 # Create ip6tables rule file
643 643 cat <<EOM >$R/etc/iptables/ip6tables.rules
644 644 *filter
645 645 :INPUT DROP [0:0]
646 646 :FORWARD DROP [0:0]
647 647 :OUTPUT ACCEPT [0:0]
648 648 :TCP - [0:0]
649 649 :UDP - [0:0]
650 650 :SSH - [0:0]
651 651
652 652 # Drop packets with RH0 headers
653 653 -A INPUT -m rt --rt-type 0 -j DROP
654 654 -A OUTPUT -m rt --rt-type 0 -j DROP
655 655 -A FORWARD -m rt --rt-type 0 -j DROP
656 656
657 657 # Rate limit ping requests
658 658 -A INPUT -p icmpv6 --icmpv6-type echo-request -m limit --limit 30/min --limit-burst 8 -j ACCEPT
659 659 -A INPUT -p icmpv6 --icmpv6-type echo-request -j DROP
660 660
661 661 # Accept established connections
662 662 -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
663 663
664 664 # Accept all traffic on loopback interface
665 665 -A INPUT -i lo -j ACCEPT
666 666
667 667 # Drop packets declared invalid
668 668 -A INPUT -m conntrack --ctstate INVALID -j DROP
669 669
670 670 # SSH rate limiting
671 671 -A INPUT -p tcp --dport ssh -m conntrack --ctstate NEW -j SSH
672 672 -A SSH -m recent --name sshbf --rttl --rcheck --hitcount 3 --seconds 10 -j DROP
673 673 -A SSH -m recent --name sshbf --rttl --rcheck --hitcount 20 --seconds 1800 -j DROP
674 674 -A SSH -m recent --name sshbf --set -j ACCEPT
675 675
676 676 # Send TCP and UDP connections to their respective rules chain
677 677 -A INPUT -p udp -m conntrack --ctstate NEW -j UDP
678 678 -A INPUT -p tcp --syn -m conntrack --ctstate NEW -j TCP
679 679
680 680 # Reject dropped packets with a RFC compliant responce
681 681 -A INPUT -p udp -j REJECT --reject-with icmp6-adm-prohibited
682 682 -A INPUT -p tcp -j REJECT --reject-with icmp6-adm-prohibited
683 683 -A INPUT -j REJECT --reject-with icmp6-adm-prohibited
684 684
685 685 ## TCP PORT RULES
686 686 # -A TCP -p tcp -j LOG
687 687
688 688 ## UDP PORT RULES
689 689 # -A UDP -p udp -j LOG
690 690
691 691 COMMIT
692 692 EOM
693 693
694 694 # Reload systemd configuration and enable iptables service
695 695 LANG=C chroot $R systemctl daemon-reload
696 696 LANG=C chroot $R systemctl enable ip6tables.service
697 697 fi
698 698 fi
699 699
700 700 # Remove SSHD related iptables rules
701 701 if [ "$ENABLE_SSHD" = false ] ; then
702 702 sed -e '/^#/! {/SSH/ s/^/# /}' -i $R/etc/iptables/iptables.rules 2> /dev/null
703 703 sed -e '/^#/! {/SSH/ s/^/# /}' -i $R/etc/iptables/ip6tables.rules 2> /dev/null
704 704 fi
705 705
706 706 # Install gcc/c++ build environment inside the chroot
707 707 if [ "$ENABLE_UBOOT" = true ] || [ "$ENABLE_FBTURBO" = true ]; then
708 708 LANG=C chroot $R apt-get install -q -y --force-yes --no-install-recommends linux-compiler-gcc-4.9-arm g++ make bc
709 709 fi
710 710
711 711 # Fetch and build U-Boot bootloader
712 712 if [ "$ENABLE_UBOOT" = true ] ; then
713 713 # Fetch U-Boot bootloader sources
714 714 git -C $R/tmp clone git://git.denx.de/u-boot.git
715 715
716 716 # Build and install U-Boot inside chroot
717 717 LANG=C chroot $R make -C /tmp/u-boot/ rpi_2_defconfig all
718 718
719 719 # Copy compiled bootloader binary and set config.txt to load it
720 720 cp $R/tmp/u-boot/u-boot.bin $R/boot/firmware/
721 721 printf "\n# boot u-boot kernel\nkernel=u-boot.bin\n" >> $R/boot/firmware/config.txt
722 722
723 723 # Set U-Boot command file
724 724 cat <<EOM >$R/boot/firmware/uboot.mkimage
725 725 # Tell Linux that it is booting on a Raspberry Pi2
726 726 setenv machid 0x00000c42
727 727
728 728 # Set the kernel boot command line
729 729 setenv bootargs "earlyprintk ${CMDLINE}"
730 730
731 731 # Save these changes to u-boot's environment
732 732 saveenv
733 733
734 734 # Load the existing Linux kernel into RAM
735 735 fatload mmc 0:1 \${kernel_addr_r} kernel7.img
736 736
737 737 # Boot the kernel we have just loaded
738 738 bootz \${kernel_addr_r}
739 739 EOM
740 740
741 741 # Generate U-Boot image from command file
742 742 LANG=C chroot $R mkimage -A arm -O linux -T script -C none -a 0x00000000 -e 0x00000000 -n "RPi2 Boot Script" -d /boot/firmware/uboot.mkimage /boot/firmware/boot.scr
743 743 fi
744 744
745 745 # Fetch and build fbturbo Xorg driver
746 746 if [ "$ENABLE_FBTURBO" = true ] ; then
747 747 # Fetch fbturbo driver sources
748 748 git -C $R/tmp clone https://github.com/ssvb/xf86-video-fbturbo.git
749 749
750 750 # Install Xorg build dependencies
751 751 LANG=C chroot $R apt-get install -q -y --no-install-recommends xorg-dev xutils-dev x11proto-dri2-dev libltdl-dev libtool automake libdrm-dev
752 752
753 753 # Build and install fbturbo driver inside chroot
754 754 LANG=C chroot $R /bin/bash -c "cd /tmp/xf86-video-fbturbo; autoreconf -vi; ./configure --prefix=/usr; make; make install"
755 755
756 756 # Add fbturbo driver to Xorg configuration
757 757 cat <<EOM >$R/usr/share/X11/xorg.conf.d/99-fbturbo.conf
758 758 Section "Device"
759 759 Identifier "Allwinner A10/A13 FBDEV"
760 760 Driver "fbturbo"
761 761 Option "fbdev" "/dev/fb0"
762 762 Option "SwapbuffersWait" "true"
763 763 EndSection
764 764 EOM
765 765
766 766 # Remove Xorg build dependencies
767 767 LANG=C chroot $R apt-get -q -y purge --auto-remove xorg-dev xutils-dev x11proto-dri2-dev libltdl-dev libtool automake libdrm-dev
768 768 fi
769 769
770 770 # Remove gcc/c++ build environment from the chroot
771 771 if [ "$ENABLE_UBOOT" = true ] || [ "$ENABLE_FBTURBO" = true ]; then
772 772 LANG=C chroot $R apt-get -y -q purge --auto-remove bc binutils cpp cpp-4.9 g++ g++-4.9 gcc gcc-4.9 libasan1 libatomic1 libc-dev-bin libc6-dev libcloog-isl4 libgcc-4.9-dev libgomp1 libisl10 libmpc3 libmpfr4 libstdc++-4.9-dev libubsan0 linux-compiler-gcc-4.9-arm linux-libc-dev make
773 773 fi
774 774
775 775 # Clean cached downloads
776 776 LANG=C chroot $R apt-get -y clean
777 777 LANG=C chroot $R apt-get -y autoclean
778 778 LANG=C chroot $R apt-get -y autoremove
779 779
780 780 # Unmount mounted filesystems
781 781 umount -l $R/proc
782 782 umount -l $R/sys
783 783
784 784 # Clean up files
785 785 rm -f $R/etc/apt/sources.list.save
786 786 rm -f $R/etc/resolvconf/resolv.conf.d/original
787 787 rm -rf $R/run
788 788 mkdir -p $R/run
789 789 rm -f $R/etc/*-
790 790 rm -f $R/root/.bash_history
791 791 rm -rf $R/tmp/*
792 792 rm -f $R/var/lib/urandom/random-seed
793 793 [ -L $R/var/lib/dbus/machine-id ] || rm -f $R/var/lib/dbus/machine-id
794 794 rm -f $R/etc/machine-id
795 795 rm -fr $R/etc/apt/apt.conf.d/10proxy
796 796
797 797 # Calculate size of the chroot directory
798 798 CHROOT_SIZE=$(expr `du -s $R | awk '{ print $1 }'` / 1024)
799 799
800 800 # Calculate required image size
801 801 IMAGE_SIZE=`expr $(expr ${CHROOT_SIZE} / 1024 + 1) \* 1024`
802 802
803 803 # Calculate number of sectors for the partition
804 804 IMAGE_SECTORS=`expr $(expr ${IMAGE_SIZE} \* 1048576) / 512 - 133120`
805 805
806 806 # Prepare date string for image file name
807 807 DATE="$(date +%Y-%m-%d)"
808 808
809 809 # Prepare image file
810 810 dd if=/dev/zero of="$BASEDIR/${DATE}-debian-${RELEASE}.img" bs=1M count=1
811 811 dd if=/dev/zero of="$BASEDIR/${DATE}-debian-${RELEASE}.img" bs=1M count=0 seek=${IMAGE_SIZE}
812 812
813 813 # Write partition table
814 814 sfdisk -q -L -f "$BASEDIR/${DATE}-debian-${RELEASE}.img" <<EOM
815 815 unit: sectors
816 816
817 817 1 : start= 2048, size= 131072, Id= c, bootable
818 818 2 : start= 133120, size= ${IMAGE_SECTORS}, Id=83
819 819 3 : start= 0, size= 0, Id= 0
820 820 4 : start= 0, size= 0, Id= 0
821 821 EOM
822 822
823 823 # Set up temporary loop devices and build filesystems
824 824 VFAT_LOOP="$(losetup -o 1M --sizelimit 64M -f --show $BASEDIR/${DATE}-debian-${RELEASE}.img)"
825 825 EXT4_LOOP="$(losetup -o 65M --sizelimit `expr ${IMAGE_SIZE} - 64`M -f --show $BASEDIR/${DATE}-debian-${RELEASE}.img)"
826 826 mkfs.vfat "$VFAT_LOOP"
827 827 mkfs.ext4 "$EXT4_LOOP"
828 828
829 829 # Mount the temporary loop devices
830 830 mkdir -p "$BUILDDIR/mount"
831 831 mount "$EXT4_LOOP" "$BUILDDIR/mount"
832 832
833 833 mkdir -p "$BUILDDIR/mount/boot/firmware"
834 834 mount "$VFAT_LOOP" "$BUILDDIR/mount/boot/firmware"
835 835
836 836 # Copy all files from the chroot to the loop device mount point directory
837 837 rsync -a "$R/" "$BUILDDIR/mount/"
838 838
839 839 # Unmount all temporary loop devices and mount points
840 840 cleanup
841 841
842 842 # (optinal) create block map file for "bmaptool"
843 843 bmaptool create -o "$BASEDIR/${DATE}-debian-${RELEASE}.bmap" "$BASEDIR/${DATE}-debian-${RELEASE}.img"
844 844
845 845 # Image was successfully created
846 846 echo "$BASEDIR/${DATE}-debian-${RELEASE}.img (${IMAGE_SIZE})" ": successfully created"
General Comments 0
Vous devez vous connecter pour laisser un commentaire. Se connecter maintenant