##// END OF EJS Templates
Added: Disable RPi2/3 under-volt warnings (from michaelfranzl PR)
drtyhlpr -
r130:1d1cdd5d20ec
parent child
Show More
@@ -1,387 +1,390
1 1 # rpi23-gen-image
2 2 ## Introduction
3 3 `rpi23-gen-image.sh` is an advanced Debian Linux bootstrapping shell script for generating Debian OS images for Raspberry Pi 2 (RPi2) and Raspberry Pi 3 (RPi3) computers. The script at this time supports the bootstrapping of the Debian (armhf) releases `jessie` and `stretch`. Raspberry Pi 3 images are currently generated for 32-bit mode only.
4 4
5 5 ## Build dependencies
6 6 The following list of Debian packages must be installed on the build system because they are essentially required for the bootstrapping process. The script will check if all required packages are installed and missing packages will be installed automatically if confirmed by the user.
7 7
8 8 ```debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git bc psmisc```
9 9
10 10 It is recommended to configure the `rpi23-gen-image.sh` script to build and install the latest Raspberry Pi Linux kernel. For the RPi3 this is mandetory. Kernel compilation and linking will be performed on the build system using an ARM (armhf) cross-compiler toolchain.
11 11
12 12 The script has been tested using the default `crossbuild-essential-armhf` toolchain meta package on Debian Linux `jessie` and `stretch` build systems. Please check the [Debian CrossToolchains Wiki](https://wiki.debian.org/CrossToolchains) for further information.
13 13
14 14 If a Debian Linux `jessie` build system is used it will be required to add the [Debian Cross-toolchains repository](http://emdebian.org/tools/debian/) first:
15 15
16 16 ```
17 17 echo "deb http://emdebian.org/tools/debian/ jessie main" > /etc/apt/sources.list.d/crosstools.list
18 18 sudo -u nobody wget -O - http://emdebian.org/tools/debian/emdebian-toolchain-archive.key | apt-key add -
19 19 dpkg --add-architecture armhf
20 20 apt-get update
21 21 ```
22 22
23 23 ## Command-line parameters
24 24 The script accepts certain command-line parameters to enable or disable specific OS features, services and configuration settings. These parameters are passed to the `rpi23-gen-image.sh` script via (simple) shell-variables. Unlike environment shell-variables (simple) shell-variables are defined at the beginning of the command-line call of the `rpi23-gen-image.sh` script.
25 25
26 26 #####Command-line examples:
27 27 ```shell
28 28 ENABLE_UBOOT=true ./rpi23-gen-image.sh
29 29 ENABLE_CONSOLE=false ENABLE_IPV6=false ./rpi23-gen-image.sh
30 30 ENABLE_WM=xfce4 ENABLE_FBTURBO=true ENABLE_MINBASE=true ./rpi23-gen-image.sh
31 31 ENABLE_HARDNET=true ENABLE_IPTABLES=true /rpi23-gen-image.sh
32 32 APT_SERVER=ftp.de.debian.org APT_PROXY="http://127.0.0.1:3142/" ./rpi23-gen-image.sh
33 33 ENABLE_MINBASE=true ./rpi23-gen-image.sh
34 34 BUILD_KERNEL=true ENABLE_MINBASE=true ENABLE_IPV6=false ./rpi23-gen-image.sh
35 35 BUILD_KERNEL=true KERNELSRC_DIR=/tmp/linux ./rpi23-gen-image.sh
36 36 ENABLE_MINBASE=true ENABLE_REDUCE=true ENABLE_MINGPU=true BUILD_KERNEL=true ./rpi23-gen-image.sh
37 37 ENABLE_CRYPTFS=true CRYPTFS_PASSWORD=changeme EXPANDROOT=false ENABLE_MINBASE=true ENABLE_REDUCE=true ENABLE_MINGPU=true BUILD_KERNEL=true ./rpi23-gen-image.sh
38 38 RELEASE=stretch BUILD_KERNEL=true ./rpi23-gen-image.sh
39 39 RPI_MODEL=3 ENABLE_WIRELESS=true ENABLE_MINBASE=true BUILD_KERNEL=true ./rpi23-gen-image.sh
40 40 RELEASE=stretch RPI_MODEL=3 ENABLE_WIRELESS=true ENABLE_MINBASE=true BUILD_KERNEL=true ./rpi23-gen-image.sh
41 41 ```
42 42
43 43 ## Configuration template files
44 44 To avoid long lists of command-line parameters and to help to store the favourite parameter configurations the `rpi23-gen-image.sh` script supports so called configuration template files (`CONFIG_TEMPLATE`=template). These are simple text files located in the `./templates` directory that contain the list of configuration parameters that will be used. New configuration template files can be added to the `./templates` directory.
45 45
46 46 #####Command-line examples:
47 47 ```shell
48 48 CONFIG_TEMPLATE=rpi3stretch ./rpi23-gen-image.sh
49 49 CONFIG_TEMPLATE=rpi2stretch ./rpi23-gen-image.sh
50 50 ```
51 51
52 52 ## Supported parameters and settings
53 53 #### APT settings:
54 54 ##### `APT_SERVER`="ftp.debian.org"
55 55 Set Debian packages server address. Choose a server from the list of Debian worldwide [mirror sites](https://www.debian.org/mirror/list). Using a nearby server will probably speed-up all required downloads within the bootstrapping process.
56 56
57 57 ##### `APT_PROXY`=""
58 58 Set Proxy server address. Using a local Proxy-Cache like `apt-cacher-ng` will speed-up the bootstrapping process because all required Debian packages will only be downloaded from the Debian mirror site once.
59 59
60 60 ##### `APT_INCLUDES`=""
61 61 A comma separated list of additional packages to be installed during bootstrapping.
62 62
63 63 #### General system settings:
64 64 ##### `RPI_MODEL`=2
65 65 Specifiy the target Raspberry Pi hardware model. The script at this time supports the Raspberry Pi models `2` and `3`. `BUILD_KERNEL`=true will automatically be set if the Raspberry Pi model `3` is used.
66 66
67 67 ##### `RELEASE`="jessie"
68 68 Set the desired Debian release name. The script at this time supports the bootstrapping of the Debian releases "jessie" and "stretch". `BUILD_KERNEL`=true will automatically be set if the Debian release `stretch` is used.
69 69
70 70 ##### `HOSTNAME`="rpi$RPI_MODEL-$RELEASE"
71 71 Set system host name. It's recommended that the host name is unique in the corresponding subnet.
72 72
73 73 ##### `PASSWORD`="raspberry"
74 74 Set system `root` password. It's **STRONGLY** recommended that you choose a custom password.
75 75
76 76 ##### `USER_PASSWORD`="raspberry"
77 77 Set password for the created non-root user `USER_NAME`=pi. Ignored if `ENABLE_USER`=false. It's **STRONGLY** recommended that you choose a custom password.
78 78
79 79 ##### `DEFLOCAL`="en_US.UTF-8"
80 80 Set default system locale. This setting can also be changed inside the running OS using the `dpkg-reconfigure locales` command. Please note that on using this parameter the script will automatically install the required packages `locales`, `keyboard-configuration` and `console-setup`.
81 81
82 82 ##### `TIMEZONE`="Europe/Berlin"
83 83 Set default system timezone. All available timezones can be found in the `/usr/share/zoneinfo/` directory. This setting can also be changed inside the running OS using the `dpkg-reconfigure tzdata` command.
84 84
85 85 ##### `EXPANDROOT`=true
86 86 Expand the root partition and filesystem automatically on first boot.
87 87
88 88 #### Keyboard settings:
89 89 These options are used to configure keyboard layout in `/etc/default/keyboard` for console and Xorg. These settings can also be changed inside the running OS using the `dpkg-reconfigure keyboard-configuration` command.
90 90
91 91 ##### `XKB_MODEL`=""
92 92 Set the name of the model of your keyboard type.
93 93
94 94 ##### `XKB_LAYOUT`=""
95 95 Set the supported keyboard layout(s).
96 96
97 97 ##### `XKB_VARIANT`=""
98 98 Set the supported variant(s) of the keyboard layout(s).
99 99
100 100 ##### `XKB_OPTIONS`=""
101 101 Set extra xkb configuration options.
102 102
103 103 #### Networking settings (DHCP):
104 104 This parameter is used to set up networking auto configuration in `/etc/systemd/network/eth.network`. The default location of network configuration files in the Debian `stretch` release was changed to `/lib/systemd/network`.`
105 105
106 106 #####`ENABLE_DHCP`=true
107 107 Set the system to use DHCP. This requires an DHCP server.
108 108
109 109 #### Networking settings (static):
110 110 These parameters are used to set up a static networking configuration in `/etc/systemd/network/eth.network`. The following static networking parameters are only supported if `ENABLE_DHCP` was set to `false`. The default location of network configuration files in the Debian `stretch` release was changed to `/lib/systemd/network`.
111 111
112 112 #####`NET_ADDRESS`=""
113 113 Set a static IPv4 or IPv6 address and its prefix, separated by "/", eg. "192.169.0.3/24".
114 114
115 115 #####`NET_GATEWAY`=""
116 116 Set the IP address for the default gateway.
117 117
118 118 #####`NET_DNS_1`=""
119 119 Set the IP address for the first DNS server.
120 120
121 121 #####`NET_DNS_2`=""
122 122 Set the IP address for the second DNS server.
123 123
124 124 #####`NET_DNS_DOMAINS`=""
125 125 Set the default DNS search domains to use for non fully qualified host names.
126 126
127 127 #####`NET_NTP_1`=""
128 128 Set the IP address for the first NTP server.
129 129
130 130 #####`NET_NTP_2`=""
131 131 Set the IP address for the second NTP server.
132 132
133 133 #### Basic system features:
134 134 ##### `ENABLE_CONSOLE`=true
135 135 Enable serial console interface. Recommended if no monitor or keyboard is connected to the RPi2/3. In case of problems fe. if the network (auto) configuration failed - the serial console can be used to access the system.
136 136
137 137 ##### `ENABLE_I2C`=false
138 138 Enable I2C interface on the RPi2/3. Please check the [RPi2/3 pinout diagrams](http://elinux.org/RPi_Low-level_peripherals) to connect the right GPIO pins.
139 139
140 140 ##### `ENABLE_SPI`=false
141 141 Enable SPI interface on the RPi2/3. Please check the [RPi2/3 pinout diagrams](http://elinux.org/RPi_Low-level_peripherals) to connect the right GPIO pins.
142 142
143 143 ##### `ENABLE_IPV6`=true
144 144 Enable IPv6 support. The network interface configuration is managed via systemd-networkd.
145 145
146 146 ##### `ENABLE_SSHD`=true
147 147 Install and enable OpenSSH service. The default configuration of the service doesn't allow `root` to login. Please use the user `pi` instead and `su -` or `sudo` to execute commands as root.
148 148
149 149 ##### `ENABLE_NONFREE`=false
150 150 Allow the installation of non-free Debian packages that do not comply with the DFSG. This is required to install closed-source firmware binary blobs.
151 151
152 152 ##### `ENABLE_WIRELESS`=false
153 153 Download and install the [closed-source firmware binary blob](https://github.com/RPi-Distro/firmware-nonfree/tree/master/brcm80211/brcm) that is required to run the internal wireless interface of the Raspberry Pi model `3`. This parameter is ignored if the specified `RPI_MODEL` is not `3`.
154 154
155 155 ##### `ENABLE_RSYSLOG`=true
156 156 If set to false, disable and uninstall rsyslog (so logs will be available only
157 157 in journal files)
158 158
159 159 ##### `ENABLE_SOUND`=true
160 160 Enable sound hardware and install Advanced Linux Sound Architecture.
161 161
162 162 ##### `ENABLE_HWRANDOM`=true
163 163 Enable Hardware Random Number Generator. Strong random numbers are important for most network based communications that use encryption. It's recommended to be enabled.
164 164
165 165 ##### `ENABLE_MINGPU`=false
166 166 Minimize the amount of shared memory reserved for the GPU. It doesn't seem to be possible to fully disable the GPU.
167 167
168 168 ##### `ENABLE_DBUS`=true
169 169 Install and enable D-Bus message bus. Please note that systemd should work without D-bus but it's recommended to be enabled.
170 170
171 171 ##### `ENABLE_XORG`=false
172 172 Install Xorg open-source X Window System.
173 173
174 174 ##### `ENABLE_WM`=""
175 175 Install a user defined window manager for the X Window System. To make sure all X related package dependencies are getting installed `ENABLE_XORG` will automatically get enabled if `ENABLE_WM` is used. The `rpi23-gen-image.sh` script has been tested with the following list of window managers: `blackbox`, `openbox`, `fluxbox`, `jwm`, `dwm`, `xfce4`, `awesome`.
176 176
177 177 #### Advanced system features:
178 178 ##### `ENABLE_MINBASE`=false
179 179 Use debootstrap script variant `minbase` which only includes essential packages and apt. This will reduce the disk usage by about 65 MB.
180 180
181 181 ##### `ENABLE_REDUCE`=false
182 182 Reduce the disk space usage by deleting packages and files. See `REDUCE_*` parameters for detailed information.
183 183
184 184 ##### `ENABLE_UBOOT`=false
185 185 Replace the default RPi2/3 second stage bootloader (bootcode.bin) with [U-Boot bootloader](http://git.denx.de/?p=u-boot.git;a=summary). U-Boot can boot images via the network using the BOOTP/TFTP protocol.
186 186
187 187 ##### `ENABLE_FBTURBO`=false
188 188 Install and enable the [hardware accelerated Xorg video driver](https://github.com/ssvb/xf86-video-fbturbo) `fbturbo`. Please note that this driver is currently limited to hardware accelerated window moving and scrolling.
189 189
190 190 ##### `ENABLE_IPTABLES`=false
191 191 Enable iptables IPv4/IPv6 firewall. Simplified ruleset: Allow all outgoing connections. Block all incoming connections except to OpenSSH service.
192 192
193 193 ##### `ENABLE_USER`=true
194 194 Create non-root user with password `USER_PASSWORD`=raspberry. Unless overridden with `USER_NAME`=user, username will be `pi`.
195 195
196 196 ##### `USER_NAME`=pi
197 197 Non-root user to create. Ignored if `ENABLE_USER`=false
198 198
199 199 ##### `ENABLE_ROOT`=false
200 200 Set root user password so root login will be enabled
201 201
202 202 ##### `ENABLE_HARDNET`=false
203 203 Enable IPv4/IPv6 network stack hardening settings.
204 204
205 205 ##### `ENABLE_SPLITFS`=false
206 206 Enable having root partition on an USB drive by creating two image files: one for the `/boot/firmware` mount point, and another for `/`.
207 207
208 208 ##### `CHROOT_SCRIPTS`=""
209 209 Path to a directory with scripts that should be run in the chroot before the image is finally built. Every executable file in this directory is run in lexicographical order.
210 210
211 211 ##### `ENABLE_INITRAMFS`=false
212 212 Create an initramfs that that will be loaded during the Linux startup process. `ENABLE_INITRAMFS` will automatically get enabled if `ENABLE_CRYPTFS`=true. This parameter will be ignored if `BUILD_KERNEL`=false.
213 213
214 214 ##### `ENABLE_IFNAMES`=true
215 215 Enable automatic assignment of predictable, stable network interface names for all local Ethernet, WLAN interfaces. This might create complex and long interface names. This parameter is only supported if the Debian release `stretch` is used.
216 216
217 ##### `DISABLE_UNDERVOLT_WARNINGS`=
218 Disable RPi2/3 under-voltage warnings and overlays. Setting the parameter to ´1´ will disable the warning overlay. Setting it to ´2´ will additionally allow RPi2/3 turbo mode when low-voltage is present.
219
217 220 #### SSH settings:
218 221 ##### `SSH_ENABLE_ROOT`=false
219 222 Enable password root login via SSH. This may be a security risk with default password, use only in trusted environments. `ENABLE_ROOT` must be set to `true`.
220 223
221 224 ##### `SSH_DISABLE_PASSWORD_AUTH`=false
222 225 Disable password based SSH authentication. Only public key based SSH (v2) authentication will be supported.
223 226
224 227 ##### `SSH_LIMIT_USERS`=false
225 228 Limit the users that are allowed to login via SSH. Only allow user `USER_NAME`=pi and root if `SSH_ENABLE_ROOT`=true to login.
226 229
227 230 ##### `SSH_ROOT_PUB_KEY`=""
228 231 Add SSH (v2) public key(s) from specified file to `authorized_keys` file to enable public key based SSH (v2) authentication of user `root`. The specified file can also contain multiple SSH (v2) public keys. SSH protocol version 1 is not supported. `ENABLE_ROOT` **and** `SSH_ENABLE_ROOT` must be set to `true`.
229 232
230 233 ##### `SSH_USER_PUB_KEY`=""
231 234 Add SSH (v2) public key(s) from specified file to `authorized_keys` file to enable public key based SSH (v2) authentication of user `USER_NAME`=pi. The specified file can also contain multiple SSH (v2) public keys. SSH protocol version 1 is not supported.
232 235
233 236 #### Kernel compilation:
234 237 ##### `BUILD_KERNEL`=false
235 238 Build and install the latest RPi2/3 Linux kernel. Currently only the default RPi2/3 kernel configuration is used. `BUILD_KERNEL`=true will automatically be set if the Raspberry Pi model `3` is used.
236 239
237 240 ##### `KERNEL_REDUCE`=false
238 241 Reduce the size of the generated kernel by removing unwanted device, network and filesystem drivers (experimental).
239 242
240 243 ##### `KERNEL_THREADS`=1
241 244 Number of parallel kernel building threads. If the parameter is left untouched the script will automatically determine the number of CPU cores to set the number of parallel threads to speed the kernel compilation.
242 245
243 246 ##### `KERNEL_HEADERS`=true
244 247 Install kernel headers with built kernel.
245 248
246 249 ##### `KERNEL_MENUCONFIG`=false
247 250 Start `make menuconfig` interactive menu-driven kernel configuration. The script will continue after `make menuconfig` was terminated.
248 251
249 252 ##### `KERNEL_REMOVESRC`=true
250 253 Remove all kernel sources from the generated OS image after it was built and installed.
251 254
252 255 ##### `KERNELSRC_DIR`=""
253 256 Path to a directory of [RaspberryPi Linux kernel sources](https://github.com/raspberrypi/linux) that will be copied, configured, build and installed inside the chroot.
254 257
255 258 ##### `KERNELSRC_CLEAN`=false
256 259 Clean the existing kernel sources directory `KERNELSRC_DIR` (using `make mrproper`) after it was copied to the chroot and before the compilation of the kernel has started. This parameter will be ignored if no `KERNELSRC_DIR` was specified or if `KERNELSRC_PREBUILT`=true.
257 260
258 261 ##### `KERNELSRC_CONFIG`=true
259 262 Run `make bcm2709_defconfig` (and optional `make menuconfig`) to configure the kernel sources before building. This parameter is automatically set to `true` if no existing kernel sources directory was specified using `KERNELSRC_DIR`. This parameter is ignored if `KERNELSRC_PREBUILT`=true.
260 263
261 264 ##### `KERNELSRC_USRCONFIG`=""
262 265 Copy own config file to kernel `.config`. If `KERNEL_MENUCONFIG`=true then running after copy.
263 266
264 267 ##### `KERNELSRC_PREBUILT`=false
265 268 With this parameter set to true the script expects the existing kernel sources directory to be already successfully cross-compiled. The parameters `KERNELSRC_CLEAN`, `KERNELSRC_CONFIG`, `KERNELSRC_USRCONFIG` and `KERNEL_MENUCONFIG` are ignored and no kernel compilation tasks are performed.
266 269
267 270 ##### `RPI_FIRMWARE_DIR`=""
268 271 The directory containing a local copy of the firmware from the [RaspberryPi firmware project](https://github.com/raspberrypi/firmware). Default is to download the latest firmware directly from the project.
269 272
270 273 #### Reduce disk usage:
271 274 The following list of parameters is ignored if `ENABLE_REDUCE`=false.
272 275
273 276 ##### `REDUCE_APT`=true
274 277 Configure APT to use compressed package repository lists and no package caching files.
275 278
276 279 ##### `REDUCE_DOC`=true
277 280 Remove all doc files (harsh). Configure APT to not include doc files on future `apt-get` package installations.
278 281
279 282 ##### `REDUCE_MAN`=true
280 283 Remove all man pages and info files (harsh). Configure APT to not include man pages on future `apt-get` package installations.
281 284
282 285 ##### `REDUCE_VIM`=false
283 286 Replace `vim-tiny` package by `levee` a tiny vim clone.
284 287
285 288 ##### `REDUCE_BASH`=false
286 289 Remove `bash` package and switch to `dash` shell (experimental).
287 290
288 291 ##### `REDUCE_HWDB`=true
289 292 Remove PCI related hwdb files (experimental).
290 293
291 294 ##### `REDUCE_SSHD`=true
292 295 Replace `openssh-server` with `dropbear`.
293 296
294 297 ##### `REDUCE_LOCALE`=true
295 298 Remove all `locale` translation files.
296 299
297 300 #### Encrypted root partition:
298 301
299 302 ##### `ENABLE_CRYPTFS`=false
300 303 Enable full system encryption with dm-crypt. Setup a fully LUKS encrypted root partition (aes-xts-plain64:sha512) and generate required initramfs. The /boot directory will not be encrypted. This parameter will be ignored if `BUILD_KERNEL`=false. `ENABLE_CRYPTFS` is experimental. SSH-to-initramfs is currently not supported but will be soon - feel free to help.
301 304
302 305 ##### `CRYPTFS_PASSWORD`=""
303 306 Set password of the encrypted root partition. This parameter is mandatory if `ENABLE_CRYPTFS`=true.
304 307
305 308 ##### `CRYPTFS_MAPPING`="secure"
306 309 Set name of dm-crypt managed device-mapper mapping.
307 310
308 311 ##### `CRYPTFS_CIPHER`="aes-xts-plain64:sha512"
309 312 Set cipher specification string. `aes-xts*` ciphers are strongly recommended.
310 313
311 314 ##### `CRYPTFS_XTSKEYSIZE`=512
312 315 Sets key size in bits. The argument has to be a multiple of 8.
313 316
314 317 ## Understanding the script
315 318 The functions of this script that are required for the different stages of the bootstrapping are split up into single files located inside the `bootstrap.d` directory. During the bootstrapping every script in this directory gets executed in lexicographical order:
316 319
317 320 | Script | Description |
318 321 | --- | --- |
319 322 | `10-bootstrap.sh` | Debootstrap basic system |
320 323 | `11-apt.sh` | Setup APT repositories |
321 324 | `12-locale.sh` | Setup Locales and keyboard settings |
322 325 | `13-kernel.sh` | Build and install RPi2/3 Kernel |
323 326 | `14-rpi-config.sh` | Setup RPi2/3 config and cmdline |
324 327 | `20-networking.sh` | Setup Networking |
325 328 | `21-firewall.sh` | Setup Firewall |
326 329 | `30-security.sh` | Setup Users and Security settings |
327 330 | `31-logging.sh` | Setup Logging |
328 331 | `32-sshd.sh` | Setup SSH and public keys |
329 332 | `41-uboot.sh` | Build and Setup U-Boot |
330 333 | `42-fbturbo.sh` | Build and Setup fbturbo Xorg driver |
331 334 | `50-firstboot.sh` | First boot actions |
332 335 | `99-reduce.sh` | Reduce the disk space usage |
333 336
334 337 All the required configuration files that will be copied to the generated OS image are located inside the `files` directory. It is not recommended to modify these configuration files manually.
335 338
336 339 | Directory | Description |
337 340 | --- | --- |
338 341 | `apt` | APT management configuration files |
339 342 | `boot` | Boot and RPi2/3 configuration files |
340 343 | `dpkg` | Package Manager configuration |
341 344 | `etc` | Configuration files and rc scripts |
342 345 | `firstboot` | Scripts that get executed on first boot |
343 346 | `initramfs` | Initramfs scripts |
344 347 | `iptables` | Firewall configuration files |
345 348 | `locales` | Locales configuration |
346 349 | `modules` | Kernel Modules configuration |
347 350 | `mount` | Fstab configuration |
348 351 | `network` | Networking configuration files |
349 352 | `sysctl.d` | Swapping and Network Hardening configuration |
350 353 | `xorg` | fbturbo Xorg driver configuration |
351 354
352 355 ## Custom packages and scripts
353 356 Debian custom packages, i.e. those not in the debian repositories, can be installed by placing them in the `packages` directory. They are installed immediately after packages from the repositories are installed. Any dependencies listed in the custom packages will be downloaded automatically from the repositories. Do not list these custom packages in `APT_INCLUDES`.
354 357
355 358 Scripts in the custom.d directory will be executed after all other installation is complete but before the image is created.
356 359
357 360 ## Logging of the bootstrapping process
358 361 All information related to the bootstrapping process and the commands executed by the `rpi23-gen-image.sh` script can easily be saved into a logfile. The common shell command `script` can be used for this purpose:
359 362
360 363 ```shell
361 364 script -c 'APT_SERVER=ftp.de.debian.org ./rpi23-gen-image.sh' ./build.log
362 365 ```
363 366
364 367 ## Flashing the image file
365 368 After the image file was successfully created by the `rpi23-gen-image.sh` script it can be copied to the microSD card that will be used by the RPi2/3 computer. This can be performed by using the tools `bmaptool` or `dd`. Using `bmaptool` will probably speed-up the copy process because `bmaptool` copies more wisely than `dd`.
366 369
367 370 #####Flashing examples:
368 371 ```shell
369 372 bmaptool copy ./images/jessie/2017-01-23-rpi3-jessie.img /dev/mmcblk0
370 373 dd bs=4M if=./images/jessie/2017-01-23-rpi3-jessie.img of=/dev/mmcblk0
371 374 ```
372 375 If you have set `ENABLE_SPLITFS`, copy the `-frmw` image on the microSD card, then the `-root` one on the USB drive:
373 376 ```shell
374 377 bmaptool copy ./images/jessie/2017-01-23-rpi3-jessie-frmw.img /dev/mmcblk0
375 378 bmaptool copy ./images/jessie/2017-01-23-rpi3-jessie-root.img /dev/sdc
376 379 ```
377 380
378 381 ## External links and references
379 382 * [Debian worldwide mirror sites](https://www.debian.org/mirror/list)
380 383 * [Debian Raspberry Pi 2 Wiki](https://wiki.debian.org/RaspberryPi2)
381 384 * [Debian CrossToolchains Wiki](https://wiki.debian.org/CrossToolchains)
382 385 * [Official Raspberry Pi Firmware on github](https://github.com/raspberrypi/firmware)
383 386 * [Official Raspberry Pi Kernel on github](https://github.com/raspberrypi/linux)
384 387 * [U-BOOT git repository](http://git.denx.de/?p=u-boot.git;a=summary)
385 388 * [Xorg DDX driver fbturbo](https://github.com/ssvb/xf86-video-fbturbo)
386 389 * [RPi3 Wireless interface firmware](https://github.com/RPi-Distro/firmware-nonfree/tree/master/brcm80211/brcm)
387 390 * [Collabora RPi2 Kernel precompiled](https://repositories.collabora.co.uk/debian/)
@@ -1,131 +1,136
1 1 #
2 2 # Setup RPi2/3 config and cmdline
3 3 #
4 4
5 5 # Load utility functions
6 6 . ./functions.sh
7 7
8 8 if [ "$BUILD_KERNEL" = true ] ; then
9 9 if [ -n "$RPI_FIRMWARE_DIR" ] && [ -d "$RPI_FIRMWARE_DIR" ] ; then
10 10 # Install boot binaries from local directory
11 11 cp ${RPI_FIRMWARE_DIR}/boot/bootcode.bin ${BOOT_DIR}/bootcode.bin
12 12 cp ${RPI_FIRMWARE_DIR}/boot/fixup.dat ${BOOT_DIR}/fixup.dat
13 13 cp ${RPI_FIRMWARE_DIR}/boot/fixup_cd.dat ${BOOT_DIR}/fixup_cd.dat
14 14 cp ${RPI_FIRMWARE_DIR}/boot/fixup_x.dat ${BOOT_DIR}/fixup_x.dat
15 15 cp ${RPI_FIRMWARE_DIR}/boot/start.elf ${BOOT_DIR}/start.elf
16 16 cp ${RPI_FIRMWARE_DIR}/boot/start_cd.elf ${BOOT_DIR}/start_cd.elf
17 17 cp ${RPI_FIRMWARE_DIR}/boot/start_x.elf ${BOOT_DIR}/start_x.elf
18 18 else
19 19 # Install latest boot binaries from raspberry/firmware github
20 20 wget -q -O "${BOOT_DIR}/bootcode.bin" "${FIRMWARE_URL}/bootcode.bin"
21 21 wget -q -O "${BOOT_DIR}/fixup.dat" "${FIRMWARE_URL}/fixup.dat"
22 22 wget -q -O "${BOOT_DIR}/fixup_cd.dat" "${FIRMWARE_URL}/fixup_cd.dat"
23 23 wget -q -O "${BOOT_DIR}/fixup_x.dat" "${FIRMWARE_URL}/fixup_x.dat"
24 24 wget -q -O "${BOOT_DIR}/start.elf" "${FIRMWARE_URL}/start.elf"
25 25 wget -q -O "${BOOT_DIR}/start_cd.elf" "${FIRMWARE_URL}/start_cd.elf"
26 26 wget -q -O "${BOOT_DIR}/start_x.elf" "${FIRMWARE_URL}/start_x.elf"
27 27 fi
28 28 fi
29 29
30 30 # Setup firmware boot cmdline
31 31 if [ "$ENABLE_SPLITFS" = true ] ; then
32 32 CMDLINE="dwc_otg.lpm_enable=0 root=/dev/sda1 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline rootwait console=tty1"
33 33 else
34 34 CMDLINE="dwc_otg.lpm_enable=0 root=/dev/mmcblk0p2 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline rootwait console=tty1"
35 35 fi
36 36
37 37 # Add encrypted root partition to cmdline.txt
38 38 if [ "$ENABLE_CRYPTFS" = true ] ; then
39 39 if [ "$ENABLE_SPLITFS" = true ] ; then
40 40 CMDLINE=$(echo ${CMDLINE} | sed "s/sda1/mapper\/${CRYPTFS_MAPPING} cryptdevice=\/dev\/sda1:${CRYPTFS_MAPPING}/")
41 41 else
42 42 CMDLINE=$(echo ${CMDLINE} | sed "s/mmcblk0p2/mapper\/${CRYPTFS_MAPPING} cryptdevice=\/dev\/mmcblk0p2:${CRYPTFS_MAPPING}/")
43 43 fi
44 44 fi
45 45
46 46 # Add serial console support
47 47 if [ "$ENABLE_CONSOLE" = true ] ; then
48 48 CMDLINE="${CMDLINE} console=ttyAMA0,115200 kgdboc=ttyAMA0,115200"
49 49 fi
50 50
51 51 # Remove IPv6 networking support
52 52 if [ "$ENABLE_IPV6" = false ] ; then
53 53 CMDLINE="${CMDLINE} ipv6.disable=1"
54 54 fi
55 55
56 56 # Automatically assign predictable network interface names
57 57 if [ "$ENABLE_IFNAMES" = false ] ; then
58 58 CMDLINE="${CMDLINE} net.ifnames=0"
59 59 else
60 60 CMDLINE="${CMDLINE} net.ifnames=1"
61 61 fi
62 62
63 63 # Set init to systemd if required by Debian release
64 64 if [ "$RELEASE" = "stretch" ] ; then
65 65 CMDLINE="${CMDLINE} init=/bin/systemd"
66 66 fi
67 67
68 68 # Install firmware boot cmdline
69 69 echo "${CMDLINE}" > "${BOOT_DIR}/cmdline.txt"
70 70
71 71 # Install firmware config
72 72 install_readonly files/boot/config.txt "${BOOT_DIR}/config.txt"
73 73
74 74 # Setup minimal GPU memory allocation size: 16MB (no X)
75 75 if [ "$ENABLE_MINGPU" = true ] ; then
76 76 echo "gpu_mem=16" >> "${BOOT_DIR}/config.txt"
77 77 fi
78 78
79 79 # Setup boot with initramfs
80 80 if [ "$ENABLE_INITRAMFS" = true ] ; then
81 81 echo "initramfs initramfs-${KERNEL_VERSION} followkernel" >> "${BOOT_DIR}/config.txt"
82 82 fi
83 83
84 84 # Disable RPi3 Bluetooth and restore ttyAMA0 serial device
85 85 if [ "$RPI_MODEL" = 3 ] ; then
86 86 if [ "$ENABLE_CONSOLE" = true ] && [ "$ENABLE_UBOOT" = false ] ; then
87 87 echo "dtoverlay=pi3-disable-bt" >> "${BOOT_DIR}/config.txt"
88 88 echo "enable_uart=1" >> "${BOOT_DIR}/config.txt"
89 89 fi
90 90 fi
91 91
92 92 # Create firmware configuration and cmdline symlinks
93 93 ln -sf firmware/config.txt "${R}/boot/config.txt"
94 94 ln -sf firmware/cmdline.txt "${R}/boot/cmdline.txt"
95 95
96 96 # Install and setup kernel modules to load at boot
97 97 mkdir -p "${R}/lib/modules-load.d/"
98 98 install_readonly files/modules/rpi2.conf "${R}/lib/modules-load.d/rpi2.conf"
99 99
100 100 # Load hardware random module at boot
101 101 if [ "$ENABLE_HWRANDOM" = true ] && [ "$BUILD_KERNEL" = false ] ; then
102 102 sed -i "s/^# bcm2708_rng/bcm2708_rng/" "${R}/lib/modules-load.d/rpi2.conf"
103 103 fi
104 104
105 105 # Load sound module at boot
106 106 if [ "$ENABLE_SOUND" = true ] ; then
107 107 sed -i "s/^# snd_bcm2835/snd_bcm2835/" "${R}/lib/modules-load.d/rpi2.conf"
108 108 fi
109 109
110 110 # Enable I2C interface
111 111 if [ "$ENABLE_I2C" = true ] ; then
112 112 echo "dtparam=i2c_arm=on" >> "${BOOT_DIR}/config.txt"
113 113 sed -i "s/^# i2c-bcm2708/i2c-bcm2708/" "${R}/lib/modules-load.d/rpi2.conf"
114 114 sed -i "s/^# i2c-dev/i2c-dev/" "${R}/lib/modules-load.d/rpi2.conf"
115 115 fi
116 116
117 117 # Enable SPI interface
118 118 if [ "$ENABLE_SPI" = true ] ; then
119 119 echo "dtparam=spi=on" >> "${BOOT_DIR}/config.txt"
120 120 echo "spi-bcm2708" >> "${R}/lib/modules-load.d/rpi2.conf"
121 121 if [ "$RPI_MODEL" = 3 ] ; then
122 122 sed -i "s/spi-bcm2708/spi-bcm2835/" "${R}/lib/modules-load.d/rpi2.conf"
123 123 fi
124 124 fi
125 125
126 # Disable RPi2/3 under-voltage warnings
127 if [ ! -z "$DISABLE_UNDERVOLT_WARNINGS" ] ; then
128 echo "avoid_warnings=${DISABLE_UNDERVOLT_WARNINGS}" >> "${BOOT_DIR}/config.txt"
129 fi
130
126 131 # Install kernel modules blacklist
127 132 mkdir -p "${ETC_DIR}/modprobe.d/"
128 133 install_readonly files/modules/raspi-blacklist.conf "${ETC_DIR}/modprobe.d/raspi-blacklist.conf"
129 134
130 135 # Install sysctl.d configuration files
131 136 install_readonly files/sysctl.d/81-rpi-vm.conf "${ETC_DIR}/sysctl.d/81-rpi-vm.conf"
@@ -1,605 +1,612
1 1 #!/bin/sh
2 2
3 3 ########################################################################
4 4 # rpi23-gen-image.sh 2015-2017
5 5 #
6 6 # Advanced Debian "jessie" and "stretch" bootstrap script for RPi2/3
7 7 #
8 8 # This program is free software; you can redistribute it and/or
9 9 # modify it under the terms of the GNU General Public License
10 10 # as published by the Free Software Foundation; either version 2
11 11 # of the License, or (at your option) any later version.
12 12 #
13 13 # Copyright (C) 2015 Jan Wagner <mail@jwagner.eu>
14 14 #
15 15 # Big thanks for patches and enhancements by 10+ github contributors!
16 16 ########################################################################
17 17
18 18 # Are we running as root?
19 19 if [ "$(id -u)" -ne "0" ] ; then
20 20 echo "error: this script must be executed with root privileges!"
21 21 exit 1
22 22 fi
23 23
24 24 # Check if ./functions.sh script exists
25 25 if [ ! -r "./functions.sh" ] ; then
26 26 echo "error: './functions.sh' required script not found!"
27 27 exit 1
28 28 fi
29 29
30 30 # Load utility functions
31 31 . ./functions.sh
32 32
33 33 # Load parameters from configuration template file
34 34 if [ ! -z "$CONFIG_TEMPLATE" ] ; then
35 35 use_template
36 36 fi
37 37
38 38 # Introduce settings
39 39 set -e
40 40 echo -n -e "\n#\n# RPi2/3 Bootstrap Settings\n#\n"
41 41 set -x
42 42
43 43 # Raspberry Pi model configuration
44 44 RPI_MODEL=${RPI_MODEL:=2}
45 45 RPI2_DTB_FILE=${RPI2_DTB_FILE:=bcm2709-rpi-2-b.dtb}
46 46 RPI2_UBOOT_CONFIG=${RPI2_UBOOT_CONFIG:=rpi_2_defconfig}
47 47 RPI3_DTB_FILE=${RPI3_DTB_FILE:=bcm2710-rpi-3-b.dtb}
48 48 RPI3_UBOOT_CONFIG=${RPI3_UBOOT_CONFIG:=rpi_3_32b_defconfig}
49 49
50 50 # Debian release
51 51 RELEASE=${RELEASE:=jessie}
52 52 KERNEL_ARCH=${KERNEL_ARCH:=arm}
53 53 RELEASE_ARCH=${RELEASE_ARCH:=armhf}
54 54 CROSS_COMPILE=${CROSS_COMPILE:=arm-linux-gnueabihf-}
55 55 COLLABORA_KERNEL=${COLLABORA_KERNEL:=3.18.0-trunk-rpi2}
56 56 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcm2709_defconfig}
57 57 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel7.img}
58 58 QEMU_BINARY=${QEMU_BINARY:=/usr/bin/qemu-arm-static}
59 59
60 60 # URLs
61 61 KERNEL_URL=${KERNEL_URL:=https://github.com/raspberrypi/linux}
62 62 FIRMWARE_URL=${FIRMWARE_URL:=https://github.com/raspberrypi/firmware/raw/master/boot}
63 63 WLAN_FIRMWARE_URL=${WLAN_FIRMWARE_URL:=https://github.com/RPi-Distro/firmware-nonfree/raw/master/brcm80211/brcm}
64 64 COLLABORA_URL=${COLLABORA_URL:=https://repositories.collabora.co.uk/debian}
65 65 FBTURBO_URL=${FBTURBO_URL:=https://github.com/ssvb/xf86-video-fbturbo.git}
66 66 UBOOT_URL=${UBOOT_URL:=git://git.denx.de/u-boot.git}
67 67
68 68 # Build directories
69 69 BASEDIR="$(pwd)/images/${RELEASE}"
70 70 BUILDDIR="${BASEDIR}/build"
71 71
72 72 # Chroot directories
73 73 R="${BUILDDIR}/chroot"
74 74 ETC_DIR="${R}/etc"
75 75 LIB_DIR="${R}/lib"
76 76 BOOT_DIR="${R}/boot/firmware"
77 77 KERNEL_DIR="${R}/usr/src/linux"
78 78 WLAN_FIRMWARE_DIR="${R}/lib/firmware/brcm"
79 79
80 80 # Firmware directory: Blank if download from github
81 81 RPI_FIRMWARE_DIR=${RPI_FIRMWARE_DIR:=""}
82 82
83 83 # General settings
84 84 HOSTNAME=${HOSTNAME:=rpi${RPI_MODEL}-${RELEASE}}
85 85 PASSWORD=${PASSWORD:=raspberry}
86 86 USER_PASSWORD=${USER_PASSWORD:=raspberry}
87 87 DEFLOCAL=${DEFLOCAL:="en_US.UTF-8"}
88 88 TIMEZONE=${TIMEZONE:="Europe/Berlin"}
89 89 EXPANDROOT=${EXPANDROOT:=true}
90 90
91 91 # Keyboard settings
92 92 XKB_MODEL=${XKB_MODEL:=""}
93 93 XKB_LAYOUT=${XKB_LAYOUT:=""}
94 94 XKB_VARIANT=${XKB_VARIANT:=""}
95 95 XKB_OPTIONS=${XKB_OPTIONS:=""}
96 96
97 97 # Network settings (DHCP)
98 98 ENABLE_DHCP=${ENABLE_DHCP:=true}
99 99
100 100 # Network settings (static)
101 101 NET_ADDRESS=${NET_ADDRESS:=""}
102 102 NET_GATEWAY=${NET_GATEWAY:=""}
103 103 NET_DNS_1=${NET_DNS_1:=""}
104 104 NET_DNS_2=${NET_DNS_2:=""}
105 105 NET_DNS_DOMAINS=${NET_DNS_DOMAINS:=""}
106 106 NET_NTP_1=${NET_NTP_1:=""}
107 107 NET_NTP_2=${NET_NTP_2:=""}
108 108
109 109 # APT settings
110 110 APT_PROXY=${APT_PROXY:=""}
111 111 APT_SERVER=${APT_SERVER:="ftp.debian.org"}
112 112
113 113 # Feature settings
114 114 ENABLE_CONSOLE=${ENABLE_CONSOLE:=true}
115 115 ENABLE_I2C=${ENABLE_I2C:=false}
116 116 ENABLE_SPI=${ENABLE_SPI:=false}
117 117 ENABLE_IPV6=${ENABLE_IPV6:=true}
118 118 ENABLE_SSHD=${ENABLE_SSHD:=true}
119 119 ENABLE_NONFREE=${ENABLE_NONFREE:=false}
120 120 ENABLE_WIRELESS=${ENABLE_WIRELESS:=false}
121 121 ENABLE_SOUND=${ENABLE_SOUND:=true}
122 122 ENABLE_DBUS=${ENABLE_DBUS:=true}
123 123 ENABLE_HWRANDOM=${ENABLE_HWRANDOM:=true}
124 124 ENABLE_MINGPU=${ENABLE_MINGPU:=false}
125 125 ENABLE_XORG=${ENABLE_XORG:=false}
126 126 ENABLE_WM=${ENABLE_WM:=""}
127 127 ENABLE_RSYSLOG=${ENABLE_RSYSLOG:=true}
128 128 ENABLE_USER=${ENABLE_USER:=true}
129 129 USER_NAME=${USER_NAME:="pi"}
130 130 ENABLE_ROOT=${ENABLE_ROOT:=false}
131 131
132 132 # SSH settings
133 133 SSH_ENABLE_ROOT=${SSH_ENABLE_ROOT:=false}
134 134 SSH_DISABLE_PASSWORD_AUTH=${SSH_DISABLE_PASSWORD_AUTH:=false}
135 135 SSH_LIMIT_USERS=${SSH_LIMIT_USERS:=false}
136 136 SSH_ROOT_PUB_KEY=${SSH_ROOT_PUB_KEY:=""}
137 137 SSH_USER_PUB_KEY=${SSH_USER_PUB_KEY:=""}
138 138
139 139 # Advanced settings
140 140 ENABLE_MINBASE=${ENABLE_MINBASE:=false}
141 141 ENABLE_REDUCE=${ENABLE_REDUCE:=false}
142 142 ENABLE_UBOOT=${ENABLE_UBOOT:=false}
143 143 ENABLE_FBTURBO=${ENABLE_FBTURBO:=false}
144 144 ENABLE_HARDNET=${ENABLE_HARDNET:=false}
145 145 ENABLE_IPTABLES=${ENABLE_IPTABLES:=false}
146 146 ENABLE_SPLITFS=${ENABLE_SPLITFS:=false}
147 147 ENABLE_INITRAMFS=${ENABLE_INITRAMFS:=false}
148 148 ENABLE_IFNAMES=${ENABLE_IFNAMES:=true}
149 DISABLE_UNDERVOLT_WARNINGS=${DISABLE_UNDERVOLT_WARNINGS:=}
149 150
150 151 # Kernel compilation settings
151 152 BUILD_KERNEL=${BUILD_KERNEL:=false}
152 153 KERNEL_REDUCE=${KERNEL_REDUCE:=false}
153 154 KERNEL_THREADS=${KERNEL_THREADS:=1}
154 155 KERNEL_HEADERS=${KERNEL_HEADERS:=true}
155 156 KERNEL_MENUCONFIG=${KERNEL_MENUCONFIG:=false}
156 157 KERNEL_REMOVESRC=${KERNEL_REMOVESRC:=true}
157 158
158 159 # Kernel compilation from source directory settings
159 160 KERNELSRC_DIR=${KERNELSRC_DIR:=""}
160 161 KERNELSRC_CLEAN=${KERNELSRC_CLEAN:=false}
161 162 KERNELSRC_CONFIG=${KERNELSRC_CONFIG:=true}
162 163 KERNELSRC_PREBUILT=${KERNELSRC_PREBUILT:=false}
163 164
164 165 # Reduce disk usage settings
165 166 REDUCE_APT=${REDUCE_APT:=true}
166 167 REDUCE_DOC=${REDUCE_DOC:=true}
167 168 REDUCE_MAN=${REDUCE_MAN:=true}
168 169 REDUCE_VIM=${REDUCE_VIM:=false}
169 170 REDUCE_BASH=${REDUCE_BASH:=false}
170 171 REDUCE_HWDB=${REDUCE_HWDB:=true}
171 172 REDUCE_SSHD=${REDUCE_SSHD:=true}
172 173 REDUCE_LOCALE=${REDUCE_LOCALE:=true}
173 174
174 175 # Encrypted filesystem settings
175 176 ENABLE_CRYPTFS=${ENABLE_CRYPTFS:=false}
176 177 CRYPTFS_PASSWORD=${CRYPTFS_PASSWORD:=""}
177 178 CRYPTFS_MAPPING=${CRYPTFS_MAPPING:="secure"}
178 179 CRYPTFS_CIPHER=${CRYPTFS_CIPHER:="aes-xts-plain64:sha512"}
179 180 CRYPTFS_XTSKEYSIZE=${CRYPTFS_XTSKEYSIZE:=512}
180 181
181 182 # Stop the Crypto Wars
182 183 DISABLE_FBI=${DISABLE_FBI:=false}
183 184
184 185 # Chroot scripts directory
185 186 CHROOT_SCRIPTS=${CHROOT_SCRIPTS:=""}
186 187
187 188 # Packages required in the chroot build environment
188 189 APT_INCLUDES=${APT_INCLUDES:=""}
189 190 APT_INCLUDES="${APT_INCLUDES},apt-transport-https,apt-utils,ca-certificates,debian-archive-keyring,dialog,sudo,systemd,sysvinit-utils"
190 191
191 192 # Packages required for bootstrapping
192 193 REQUIRED_PACKAGES="debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git bc psmisc"
193 194 MISSING_PACKAGES=""
194 195
195 196 set +x
196 197
197 198 # Set Raspberry Pi model specific configuration
198 199 if [ "$RPI_MODEL" = 2 ] ; then
199 200 DTB_FILE=${RPI2_DTB_FILE}
200 201 UBOOT_CONFIG=${RPI2_UBOOT_CONFIG}
201 202 elif [ "$RPI_MODEL" = 3 ] ; then
202 203 DTB_FILE=${RPI3_DTB_FILE}
203 204 UBOOT_CONFIG=${RPI3_UBOOT_CONFIG}
204 205 BUILD_KERNEL=true
205 206 else
206 207 echo "error: Raspberry Pi model ${RPI_MODEL} is not supported!"
207 208 exit 1
208 209 fi
209 210
210 211 # Check if the internal wireless interface is supported by the RPi model
211 212 if [ "$ENABLE_WIRELESS" = true ] && [ "$RPI_MODEL" != 3 ] ; then
212 213 echo "error: The selected Raspberry Pi model has no internal wireless interface"
213 214 exit 1
214 215 fi
215 216
217 # Check if DISABLE_UNDERVOLT_WARNINGS parameter value is supported
218 if [ "$DISABLE_UNDERVOLT_WARNINGS" != 1 ] && [ "$DISABLE_UNDERVOLT_WARNINGS" != 2 ] ; then
219 echo "error: DISABLE_UNDERVOLT_WARNINGS=${DISABLE_UNDERVOLT_WARNINGS} is not supported"
220 exit 1
221 fi
222
216 223 # Set compiler packages and build RPi2/3 Linux kernel if required by Debian release
217 224 if [ "$RELEASE" = "jessie" ] ; then
218 225 COMPILER_PACKAGES="linux-compiler-gcc-4.8-arm g++ make bc"
219 226 elif [ "$RELEASE" = "stretch" ] ; then
220 227 COMPILER_PACKAGES="linux-compiler-gcc-5-arm g++ make bc"
221 228 BUILD_KERNEL=true
222 229 else
223 230 echo "error: Debian release ${RELEASE} is not supported!"
224 231 exit 1
225 232 fi
226 233
227 234 # Add packages required for kernel cross compilation
228 235 if [ "$BUILD_KERNEL" = true ] ; then
229 236 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-armhf"
230 237 fi
231 238
232 239 # Add libncurses5 to enable kernel menuconfig
233 240 if [ "$KERNEL_MENUCONFIG" = true ] ; then
234 241 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} libncurses5-dev"
235 242 fi
236 243
237 244 # Stop the Crypto Wars
238 245 if [ "$DISABLE_FBI" = true ] ; then
239 246 ENABLE_CRYPTFS=true
240 247 fi
241 248
242 249 # Add cryptsetup package to enable filesystem encryption
243 250 if [ "$ENABLE_CRYPTFS" = true ] && [ "$BUILD_KERNEL" = true ] ; then
244 251 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} cryptsetup"
245 252 APT_INCLUDES="${APT_INCLUDES},cryptsetup"
246 253
247 254 if [ -z "$CRYPTFS_PASSWORD" ] ; then
248 255 echo "error: no password defined (CRYPTFS_PASSWORD)!"
249 256 exit 1
250 257 fi
251 258 ENABLE_INITRAMFS=true
252 259 fi
253 260
254 261 # Add initramfs generation tools
255 262 if [ "$ENABLE_INITRAMFS" = true ] && [ "$BUILD_KERNEL" = true ] ; then
256 263 APT_INCLUDES="${APT_INCLUDES},initramfs-tools"
257 264 fi
258 265
259 266 # Add device-tree-compiler required for building the U-Boot bootloader
260 267 if [ "$ENABLE_UBOOT" = true ] ; then
261 268 APT_INCLUDES="${APT_INCLUDES},device-tree-compiler"
262 269 fi
263 270
264 271 # Check if root SSH (v2) public key file exists
265 272 if [ ! -z "$SSH_ROOT_PUB_KEY" ] ; then
266 273 if [ ! -f "$SSH_ROOT_PUB_KEY" ] ; then
267 274 echo "error: '$SSH_ROOT_PUB_KEY' specified SSH public key file not found (SSH_ROOT_PUB_KEY)!"
268 275 exit 1
269 276 fi
270 277 fi
271 278
272 279 # Check if $USER_NAME SSH (v2) public key file exists
273 280 if [ ! -z "$SSH_USER_PUB_KEY" ] ; then
274 281 if [ ! -f "$SSH_USER_PUB_KEY" ] ; then
275 282 echo "error: '$SSH_USER_PUB_KEY' specified SSH public key file not found (SSH_USER_PUB_KEY)!"
276 283 exit 1
277 284 fi
278 285 fi
279 286
280 287 # Check if all required packages are installed on the build system
281 288 for package in $REQUIRED_PACKAGES ; do
282 289 if [ "`dpkg-query -W -f='${Status}' $package`" != "install ok installed" ] ; then
283 290 MISSING_PACKAGES="${MISSING_PACKAGES} $package"
284 291 fi
285 292 done
286 293
287 294 # If there are missing packages ask confirmation for install, or exit
288 295 if [ -n "$MISSING_PACKAGES" ] ; then
289 296 echo "the following packages needed by this script are not installed:"
290 297 echo "$MISSING_PACKAGES"
291 298
292 299 echo -n "\ndo you want to install the missing packages right now? [y/n] "
293 300 read confirm
294 301 [ "$confirm" != "y" ] && exit 1
295 302
296 303 # Make sure all missing required packages are installed
297 304 apt-get -qq -y install ${MISSING_PACKAGES}
298 305 fi
299 306
300 307 # Check if ./bootstrap.d directory exists
301 308 if [ ! -d "./bootstrap.d/" ] ; then
302 309 echo "error: './bootstrap.d' required directory not found!"
303 310 exit 1
304 311 fi
305 312
306 313 # Check if ./files directory exists
307 314 if [ ! -d "./files/" ] ; then
308 315 echo "error: './files' required directory not found!"
309 316 exit 1
310 317 fi
311 318
312 319 # Check if specified KERNELSRC_DIR directory exists
313 320 if [ -n "$KERNELSRC_DIR" ] && [ ! -d "$KERNELSRC_DIR" ] ; then
314 321 echo "error: '${KERNELSRC_DIR}' specified directory not found (KERNELSRC_DIR)!"
315 322 exit 1
316 323 fi
317 324
318 325 # Check if specified CHROOT_SCRIPTS directory exists
319 326 if [ -n "$CHROOT_SCRIPTS" ] && [ ! -d "$CHROOT_SCRIPTS" ] ; then
320 327 echo "error: ${CHROOT_SCRIPTS} specified directory not found (CHROOT_SCRIPTS)!"
321 328 exit 1
322 329 fi
323 330
324 331 # Check if specified device mapping already exists (will be used by cryptsetup)
325 332 if [ -r "/dev/mapping/${CRYPTFS_MAPPING}" ] ; then
326 333 echo "error: mapping /dev/mapping/${CRYPTFS_MAPPING} already exists, not proceeding"
327 334 exit 1
328 335 fi
329 336
330 337 # Don't clobber an old build
331 338 if [ -e "$BUILDDIR" ] ; then
332 339 echo "error: directory ${BUILDDIR} already exists, not proceeding"
333 340 exit 1
334 341 fi
335 342
336 343 # Setup chroot directory
337 344 mkdir -p "${R}"
338 345
339 346 # Check if build directory has enough of free disk space >512MB
340 347 if [ "$(df --output=avail ${BUILDDIR} | sed "1d")" -le "524288" ] ; then
341 348 echo "error: ${BUILDDIR} not enough space left to generate the output image!"
342 349 exit 1
343 350 fi
344 351
345 352 set -x
346 353
347 354 # Call "cleanup" function on various signals and errors
348 355 trap cleanup 0 1 2 3 6
349 356
350 357 # Add required packages for the minbase installation
351 358 if [ "$ENABLE_MINBASE" = true ] ; then
352 359 APT_INCLUDES="${APT_INCLUDES},vim-tiny,netbase,net-tools,ifupdown"
353 360 fi
354 361
355 362 # Add required locales packages
356 363 if [ "$DEFLOCAL" != "en_US.UTF-8" ] ; then
357 364 APT_INCLUDES="${APT_INCLUDES},locales,keyboard-configuration,console-setup"
358 365 fi
359 366
360 367 # Add parted package, required to get partprobe utility
361 368 if [ "$EXPANDROOT" = true ] ; then
362 369 APT_INCLUDES="${APT_INCLUDES},parted"
363 370 fi
364 371
365 372 # Add dbus package, recommended if using systemd
366 373 if [ "$ENABLE_DBUS" = true ] ; then
367 374 APT_INCLUDES="${APT_INCLUDES},dbus"
368 375 fi
369 376
370 377 # Add iptables IPv4/IPv6 package
371 378 if [ "$ENABLE_IPTABLES" = true ] ; then
372 379 APT_INCLUDES="${APT_INCLUDES},iptables"
373 380 fi
374 381
375 382 # Add openssh server package
376 383 if [ "$ENABLE_SSHD" = true ] ; then
377 384 APT_INCLUDES="${APT_INCLUDES},openssh-server"
378 385 fi
379 386
380 387 # Add alsa-utils package
381 388 if [ "$ENABLE_SOUND" = true ] ; then
382 389 APT_INCLUDES="${APT_INCLUDES},alsa-utils"
383 390 fi
384 391
385 392 # Add rng-tools package
386 393 if [ "$ENABLE_HWRANDOM" = true ] ; then
387 394 APT_INCLUDES="${APT_INCLUDES},rng-tools"
388 395 fi
389 396
390 397 # Add fbturbo video driver
391 398 if [ "$ENABLE_FBTURBO" = true ] ; then
392 399 # Enable xorg package dependencies
393 400 ENABLE_XORG=true
394 401 fi
395 402
396 403 # Add user defined window manager package
397 404 if [ -n "$ENABLE_WM" ] ; then
398 405 APT_INCLUDES="${APT_INCLUDES},${ENABLE_WM}"
399 406
400 407 # Enable xorg package dependencies
401 408 ENABLE_XORG=true
402 409 fi
403 410
404 411 # Add xorg package
405 412 if [ "$ENABLE_XORG" = true ] ; then
406 413 APT_INCLUDES="${APT_INCLUDES},xorg"
407 414 fi
408 415
409 416 # Replace selected packages with smaller clones
410 417 if [ "$ENABLE_REDUCE" = true ] ; then
411 418 # Add levee package instead of vim-tiny
412 419 if [ "$REDUCE_VIM" = true ] ; then
413 420 APT_INCLUDES="$(echo ${APT_INCLUDES} | sed "s/vim-tiny/levee/")"
414 421 fi
415 422
416 423 # Add dropbear package instead of openssh-server
417 424 if [ "$REDUCE_SSHD" = true ] ; then
418 425 APT_INCLUDES="$(echo ${APT_INCLUDES} | sed "s/openssh-server/dropbear/")"
419 426 fi
420 427 fi
421 428
422 429 # Configure kernel sources if no KERNELSRC_DIR
423 430 if [ "$BUILD_KERNEL" = true ] && [ -z "$KERNELSRC_DIR" ] ; then
424 431 KERNELSRC_CONFIG=true
425 432 fi
426 433
427 434 # Configure reduced kernel
428 435 if [ "$KERNEL_REDUCE" = true ] ; then
429 436 KERNELSRC_CONFIG=false
430 437 fi
431 438
432 439 # Execute bootstrap scripts
433 440 for SCRIPT in bootstrap.d/*.sh; do
434 441 head -n 3 "$SCRIPT"
435 442 . "$SCRIPT"
436 443 done
437 444
438 445 ## Execute custom bootstrap scripts
439 446 if [ -d "custom.d" ] ; then
440 447 for SCRIPT in custom.d/*.sh; do
441 448 . "$SCRIPT"
442 449 done
443 450 fi
444 451
445 452 # Execute custom scripts inside the chroot
446 453 if [ -n "$CHROOT_SCRIPTS" ] && [ -d "$CHROOT_SCRIPTS" ] ; then
447 454 cp -r "${CHROOT_SCRIPTS}" "${R}/chroot_scripts"
448 455 chroot_exec /bin/bash -x <<'EOF'
449 456 for SCRIPT in /chroot_scripts/* ; do
450 457 if [ -f $SCRIPT -a -x $SCRIPT ] ; then
451 458 $SCRIPT
452 459 fi
453 460 done
454 461 EOF
455 462 rm -rf "${R}/chroot_scripts"
456 463 fi
457 464
458 465 # Remove apt-utils
459 466 if [ "$RELEASE" = "jessie" ] ; then
460 467 chroot_exec apt-get purge -qq -y --force-yes apt-utils
461 468 fi
462 469
463 470 # Generate required machine-id
464 471 MACHINE_ID=$(dbus-uuidgen)
465 472 echo -n "${MACHINE_ID}" > "${R}/var/lib/dbus/machine-id"
466 473 echo -n "${MACHINE_ID}" > "${ETC_DIR}/machine-id"
467 474
468 475 # APT Cleanup
469 476 chroot_exec apt-get -y clean
470 477 chroot_exec apt-get -y autoclean
471 478 chroot_exec apt-get -y autoremove
472 479
473 480 # Unmount mounted filesystems
474 481 umount -l "${R}/proc"
475 482 umount -l "${R}/sys"
476 483
477 484 # Clean up directories
478 485 rm -rf "${R}/run/*"
479 486 rm -rf "${R}/tmp/*"
480 487
481 488 # Clean up files
482 489 rm -f "${ETC_DIR}/ssh/ssh_host_*"
483 490 rm -f "${ETC_DIR}/dropbear/dropbear_*"
484 491 rm -f "${ETC_DIR}/apt/sources.list.save"
485 492 rm -f "${ETC_DIR}/resolvconf/resolv.conf.d/original"
486 493 rm -f "${ETC_DIR}/*-"
487 494 rm -f "${ETC_DIR}/apt/apt.conf.d/10proxy"
488 495 rm -f "${ETC_DIR}/resolv.conf"
489 496 rm -f "${R}/root/.bash_history"
490 497 rm -f "${R}/var/lib/urandom/random-seed"
491 498 rm -f "${R}/initrd.img"
492 499 rm -f "${R}/vmlinuz"
493 500 rm -f "${R}${QEMU_BINARY}"
494 501
495 502 # Calculate size of the chroot directory in KB
496 503 CHROOT_SIZE=$(expr `du -s "${R}" | awk '{ print $1 }'`)
497 504
498 505 # Calculate the amount of needed 512 Byte sectors
499 506 TABLE_SECTORS=$(expr 1 \* 1024 \* 1024 \/ 512)
500 507 FRMW_SECTORS=$(expr 64 \* 1024 \* 1024 \/ 512)
501 508 ROOT_OFFSET=$(expr ${TABLE_SECTORS} + ${FRMW_SECTORS})
502 509
503 510 # The root partition is EXT4
504 511 # This means more space than the actual used space of the chroot is used.
505 512 # As overhead for journaling and reserved blocks 25% are added.
506 513 ROOT_SECTORS=$(expr $(expr ${CHROOT_SIZE} + ${CHROOT_SIZE} \/ 100 \* 25) \* 1024 \/ 512)
507 514
508 515 # Calculate required image size in 512 Byte sectors
509 516 IMAGE_SECTORS=$(expr ${TABLE_SECTORS} + ${FRMW_SECTORS} + ${ROOT_SECTORS})
510 517
511 518 # Prepare date string for image file name
512 519 DATE="$(date +%Y-%m-%d)"
513 520
514 521 # Prepare image file
515 522 if [ "$ENABLE_SPLITFS" = true ] ; then
516 523 dd if=/dev/zero of="$BASEDIR/${DATE}-rpi${RPI_MODEL}-${RELEASE}-frmw.img" bs=512 count=${TABLE_SECTORS}
517 524 dd if=/dev/zero of="$BASEDIR/${DATE}-rpi${RPI_MODEL}-${RELEASE}-frmw.img" bs=512 count=0 seek=${FRMW_SECTORS}
518 525 dd if=/dev/zero of="$BASEDIR/${DATE}-rpi${RPI_MODEL}-${RELEASE}-root.img" bs=512 count=${TABLE_SECTORS}
519 526 dd if=/dev/zero of="$BASEDIR/${DATE}-rpi${RPI_MODEL}-${RELEASE}-root.img" bs=512 count=0 seek=${ROOT_SECTORS}
520 527
521 528 # Write firmware/boot partition tables
522 529 sfdisk -q -L -uS -f "$BASEDIR/${DATE}-rpi${RPI_MODEL}-${RELEASE}-frmw.img" 2> /dev/null <<EOM
523 530 ${TABLE_SECTORS},${FRMW_SECTORS},c,*
524 531 EOM
525 532
526 533 # Write root partition table
527 534 sfdisk -q -L -uS -f "$BASEDIR/${DATE}-rpi${RPI_MODEL}-${RELEASE}-root.img" 2> /dev/null <<EOM
528 535 ${TABLE_SECTORS},${ROOT_SECTORS},83
529 536 EOM
530 537
531 538 # Setup temporary loop devices
532 539 FRMW_LOOP="$(losetup -o 1M --sizelimit 64M -f --show $BASEDIR/${DATE}-rpi${RPI_MODEL}-${RELEASE}-frmw.img)"
533 540 ROOT_LOOP="$(losetup -o 1M -f --show $BASEDIR/${DATE}-rpi${RPI_MODEL}-${RELEASE}-root.img)"
534 541 else # ENABLE_SPLITFS=false
535 542 dd if=/dev/zero of="$BASEDIR/${DATE}-rpi${RPI_MODEL}-${RELEASE}.img" bs=512 count=${TABLE_SECTORS}
536 543 dd if=/dev/zero of="$BASEDIR/${DATE}-rpi${RPI_MODEL}-${RELEASE}.img" bs=512 count=0 seek=${IMAGE_SECTORS}
537 544
538 545 # Write partition table
539 546 sfdisk -q -L -uS -f "$BASEDIR/${DATE}-rpi${RPI_MODEL}-${RELEASE}.img" 2> /dev/null <<EOM
540 547 ${TABLE_SECTORS},${FRMW_SECTORS},c,*
541 548 ${ROOT_OFFSET},${ROOT_SECTORS},83
542 549 EOM
543 550
544 551 # Setup temporary loop devices
545 552 FRMW_LOOP="$(losetup -o 1M --sizelimit 64M -f --show $BASEDIR/${DATE}-rpi${RPI_MODEL}-${RELEASE}.img)"
546 553 ROOT_LOOP="$(losetup -o 65M -f --show $BASEDIR/${DATE}-rpi${RPI_MODEL}-${RELEASE}.img)"
547 554 fi
548 555
549 556 if [ "$ENABLE_CRYPTFS" = true ] ; then
550 557 # Create dummy ext4 fs
551 558 mkfs.ext4 "$ROOT_LOOP"
552 559
553 560 # Setup password keyfile
554 561 echo -n ${CRYPTFS_PASSWORD} > .password
555 562 chmod 600 .password
556 563
557 564 # Initialize encrypted partition
558 565 echo "YES" | cryptsetup luksFormat "${ROOT_LOOP}" -c "${CRYPTFS_CIPHER}" -s "${CRYPTFS_XTSKEYSIZE}" .password
559 566
560 567 # Open encrypted partition and setup mapping
561 568 cryptsetup luksOpen "${ROOT_LOOP}" -d .password "${CRYPTFS_MAPPING}"
562 569
563 570 # Secure delete password keyfile
564 571 shred -zu .password
565 572
566 573 # Update temporary loop device
567 574 ROOT_LOOP="/dev/mapper/${CRYPTFS_MAPPING}"
568 575
569 576 # Wipe encrypted partition (encryption cipher is used for randomness)
570 577 dd if=/dev/zero of="${ROOT_LOOP}" bs=512 count=$(blockdev --getsz "${ROOT_LOOP}")
571 578 fi
572 579
573 580 # Build filesystems
574 581 mkfs.vfat "$FRMW_LOOP"
575 582 mkfs.ext4 "$ROOT_LOOP"
576 583
577 584 # Mount the temporary loop devices
578 585 mkdir -p "$BUILDDIR/mount"
579 586 mount "$ROOT_LOOP" "$BUILDDIR/mount"
580 587
581 588 mkdir -p "$BUILDDIR/mount/boot/firmware"
582 589 mount "$FRMW_LOOP" "$BUILDDIR/mount/boot/firmware"
583 590
584 591 # Copy all files from the chroot to the loop device mount point directory
585 592 rsync -a "${R}/" "$BUILDDIR/mount/"
586 593
587 594 # Unmount all temporary loop devices and mount points
588 595 cleanup
589 596
590 597 # Create block map file(s) of image(s)
591 598 if [ "$ENABLE_SPLITFS" = true ] ; then
592 599 # Create block map files for "bmaptool"
593 600 bmaptool create -o "$BASEDIR/${DATE}-rpi${RPI_MODEL}-${RELEASE}-frmw.bmap" "$BASEDIR/${DATE}-rpi${RPI_MODEL}-${RELEASE}-frmw.img"
594 601 bmaptool create -o "$BASEDIR/${DATE}-rpi${RPI_MODEL}-${RELEASE}-root.bmap" "$BASEDIR/${DATE}-rpi${RPI_MODEL}-${RELEASE}-root.img"
595 602
596 603 # Image was successfully created
597 604 echo "$BASEDIR/${DATE}-rpi${RPI_MODEL}-${RELEASE}-frmw.img ($(expr \( ${TABLE_SECTORS} + ${FRMW_SECTORS} \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
598 605 echo "$BASEDIR/${DATE}-rpi${RPI_MODEL}-${RELEASE}-root.img ($(expr \( ${TABLE_SECTORS} + ${ROOT_SECTORS} \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
599 606 else
600 607 # Create block map file for "bmaptool"
601 608 bmaptool create -o "$BASEDIR/${DATE}-rpi${RPI_MODEL}-${RELEASE}.bmap" "$BASEDIR/${DATE}-rpi${RPI_MODEL}-${RELEASE}.img"
602 609
603 610 # Image was successfully created
604 611 echo "$BASEDIR/${DATE}-rpi${RPI_MODEL}-${RELEASE}.img ($(expr \( ${TABLE_SECTORS} + ${FRMW_SECTORS} + ${ROOT_SECTORS} \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
605 612 fi
General Comments 0
Vous devez vous connecter pour laisser un commentaire. Se connecter maintenant