##// END OF EJS Templates
a
Unknown -
r441:1ec9a430b5f3
parent child
Show More
@@ -1,504 +1,504
1 1 # rpi23-gen-image
2 2 ## Introduction
3 3 `rpi23-gen-image.sh` is an advanced Debian Linux bootstrapping shell script for generating Debian OS images for Raspberry Pi 2 (RPi2) and Raspberry Pi 3 (RPi3) computers. The script at this time supports the bootstrapping of the Debian (armhf) releases `stretch` and `buster`. Raspberry Pi 3 images are generated for 32-bit mode only. Raspberry Pi 3 64-bit images can be generated using custom configuration parameters (```templates/rpi3-stretch-arm64-4.14.y```).
4 4
5 5 ## Build dependencies
6 6 The following list of Debian packages must be installed on the build system because they are essentially required for the bootstrapping process. The script will check if all required packages are installed and missing packages will be installed automatically if confirmed by the user.
7 7
8 8 ```debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git bc psmisc dbus sudo```
9 9
10 10 It is recommended to configure the `rpi23-gen-image.sh` script to build and install the latest Raspberry Pi Linux kernel. For the RPi3 this is mandatory. Kernel compilation and linking will be performed on the build system using an ARM (armhf) cross-compiler toolchain.
11 11
12 12 The script has been tested using the default `crossbuild-essential-armhf` toolchain meta package on Debian Linux `stretch` build systems. Please check the [Debian CrossToolchains Wiki](https://wiki.debian.org/CrossToolchains) for further information.
13 13
14 14 ## Command-line parameters
15 15 The script accepts certain command-line parameters to enable or disable specific OS features, services and configuration settings. These parameters are passed to the `rpi23-gen-image.sh` script via (simple) shell-variables. Unlike environment shell-variables (simple) shell-variables are defined at the beginning of the command-line call of the `rpi23-gen-image.sh` script.
16 16
17 17 ##### Command-line examples:
18 18 ```shell
19 19 ENABLE_UBOOT=true ./rpi23-gen-image.sh
20 20 ENABLE_CONSOLE=false ENABLE_IPV6=false ./rpi23-gen-image.sh
21 21 ENABLE_WM=xfce4 ENABLE_FBTURBO=true ENABLE_MINBASE=true ./rpi23-gen-image.sh
22 22 ENABLE_HARDNET=true ENABLE_IPTABLES=true /rpi23-gen-image.sh
23 23 APT_SERVER=ftp.de.debian.org APT_PROXY="http://127.0.0.1:3142/" ./rpi23-gen-image.sh
24 24 ENABLE_MINBASE=true ./rpi23-gen-image.sh
25 25 BUILD_KERNEL=true ENABLE_MINBASE=true ENABLE_IPV6=false ./rpi23-gen-image.sh
26 26 BUILD_KERNEL=true KERNELSRC_DIR=/tmp/linux ./rpi23-gen-image.sh
27 27 ENABLE_MINBASE=true ENABLE_REDUCE=true ENABLE_MINGPU=true BUILD_KERNEL=true ./rpi23-gen-image.sh
28 28 ENABLE_CRYPTFS=true CRYPTFS_PASSWORD=changeme EXPANDROOT=false ENABLE_MINBASE=true ENABLE_REDUCE=true ENABLE_MINGPU=true BUILD_KERNEL=true ./rpi23-gen-image.sh
29 29 RELEASE=stretch BUILD_KERNEL=true ./rpi23-gen-image.sh
30 30 RPI_MODEL=3 ENABLE_WIRELESS=true ENABLE_MINBASE=true BUILD_KERNEL=true ./rpi23-gen-image.sh
31 31 RELEASE=stretch RPI_MODEL=3 ENABLE_WIRELESS=true ENABLE_MINBASE=true BUILD_KERNEL=true ./rpi23-gen-image.sh
32 32 ```
33 33
34 34 ## Configuration template files
35 35 To avoid long lists of command-line parameters and to help to store the favourite parameter configurations the `rpi23-gen-image.sh` script supports so called configuration template files (`CONFIG_TEMPLATE`=template). These are simple text files located in the `./templates` directory that contain the list of configuration parameters that will be used. New configuration template files can be added to the `./templates` directory.
36 36
37 37 ##### Command-line examples:
38 38 ```shell
39 39 CONFIG_TEMPLATE=rpi3stretch ./rpi23-gen-image.sh
40 40 CONFIG_TEMPLATE=rpi2stretch ./rpi23-gen-image.sh
41 41 ```
42 42
43 43 ## Supported parameters and settings
44 44 #### APT settings:
45 45 ##### `APT_SERVER`="ftp.debian.org/debian"
46 46 Set Debian packages server address. Choose a server from the list of Debian worldwide [mirror sites](https://www.debian.org/mirror/list). Using a nearby server will probably speed-up all required downloads within the bootstrapping process.
47 47
48 48 ##### `APT_PROXY`=""
49 49 Set Proxy server address. Using a local Proxy-Cache like `apt-cacher-ng` will speed-up the bootstrapping process because all required Debian packages will only be downloaded from the Debian mirror site once. If `apt-cacher-ng` is running on default `http://127.0.0.1:3142` it is autodetected and you don't need to set this.
50 50
51 51 ##### `APT_INCLUDES`=""
52 52 A comma separated list of additional packages to be installed by debootstrap during bootstrapping.
53 53
54 54 ##### `APT_INCLUDES_LATE`=""
55 55 A comma separated list of additional packages to be installed by apt after bootstrapping and after APT sources are set up. This is useful for packages with pre-depends, which debootstrap do not handle well.
56 56
57 57 ---
58 58
59 59 #### General system settings:
60 60 ##### `SET_ARCH`=32
61 61 Set Architecture to default 32bit. If you want to to compile 64bit (RPI3 or RPI3+) set it to `64`. This option will set every needed crosscompiler or boeard specific option for a successful build.
62 62 If you want to change e.g. cross-compiler -> Templates always override defaults
63 63
64 64 ##### `RPI_MODEL`=2
65 65 Specifiy the target Raspberry Pi hardware model. The script at this time supports the following Raspberry Pi models:
66 66 `0` = Used for Raspberry Pi 0 and Raspberry Pi 0 W
67 67 `1` = Used for Pi 1 model A and B
68 68 `1P` = Used for Pi 1 model B+ and A+
69 69 `2` = Used for Pi 2 model B
70 70 `3` = Used for Pi 3 model B
71 71 `3P` = Used for Pi 3 model B+
72 72 `BUILD_KERNEL`=true will automatically be set if the Raspberry Pi model `3` or `3P` is used.
73 73
74 74 ##### `RELEASE`="buster"
75 75 Set the desired Debian release name. The script at this time supports the bootstrapping of the Debian releases `stretch` and `buster`.
76 76
77 77 ##### `RELEASE_ARCH`="armhf"
78 78 Set the desired Debian release architecture.
79 79
80 80 ##### `HOSTNAME`="rpi$RPI_MODEL-$RELEASE"
81 81 Set system host name. It's recommended that the host name is unique in the corresponding subnet.
82 82
83 83 ##### `PASSWORD`="raspberry"
84 84 Set system `root` password. It's **STRONGLY** recommended that you choose a custom password.
85 85
86 86 ##### `USER_PASSWORD`="raspberry"
87 87 Set password for the created non-root user `USER_NAME`=pi. Ignored if `ENABLE_USER`=false. It's **STRONGLY** recommended that you choose a custom password.
88 88
89 89 ##### `DEFLOCAL`="en_US.UTF-8"
90 90 Set default system locale. This setting can also be changed inside the running OS using the `dpkg-reconfigure locales` command. Please note that on using this parameter the script will automatically install the required packages `locales`, `keyboard-configuration` and `console-setup`.
91 91
92 92 ##### `TIMEZONE`="Europe/Berlin"
93 93 Set default system timezone. All available timezones can be found in the `/usr/share/zoneinfo/` directory. This setting can also be changed inside the running OS using the `dpkg-reconfigure tzdata` command.
94 94
95 95 ##### `EXPANDROOT`=true
96 96 Expand the root partition and filesystem automatically on first boot.
97 97
98 98 ##### `ENABLE_QEMU`=false
99 99 Generate kernel (`vexpress_defconfig`), file system image (`qcow2`) and DTB files that can be used for QEMU full system emulation (`vexpress-A15`). The output files are stored in the `$(pwd)/images/qemu` directory. You can find more information about running the generated image in the QEMU section of this readme file.
100 100
101 101 ---
102 102
103 103 #### Keyboard settings:
104 104 These options are used to configure keyboard layout in `/etc/default/keyboard` for console and Xorg. These settings can also be changed inside the running OS using the `dpkg-reconfigure keyboard-configuration` command.
105 105
106 106 ##### `XKB_MODEL`=""
107 107 Set the name of the model of your keyboard type.
108 108
109 109 ##### `XKB_LAYOUT`=""
110 110 Set the supported keyboard layout(s).
111 111
112 112 ##### `XKB_VARIANT`=""
113 113 Set the supported variant(s) of the keyboard layout(s).
114 114
115 115 ##### `XKB_OPTIONS`=""
116 116 Set extra xkb configuration options.
117 117
118 118 ---
119 119
120 120 #### Networking settings (DHCP):
121 121 This parameter is used to set up networking auto configuration in `/etc/systemd/network/eth.network`. The default location of network configuration files in the Debian `stretch` release was changed to `/lib/systemd/network`.`
122 122
123 123 ##### `ENABLE_DHCP`=true
124 124 Set the system to use DHCP. This requires an DHCP server.
125 125
126 126 ---
127 127
128 128 #### Networking settings (static):
129 129 These parameters are used to set up a static networking configuration in `/etc/systemd/network/eth.network`. The following static networking parameters are only supported if `ENABLE_DHCP` was set to `false`. The default location of network configuration files in the Debian `stretch` release was changed to `/lib/systemd/network`.
130 130
131 131 ##### `NET_ADDRESS`=""
132 132 Set a static IPv4 or IPv6 address and its prefix, separated by "/", eg. "192.169.0.3/24".
133 133
134 134 ##### `NET_GATEWAY`=""
135 135 Set the IP address for the default gateway.
136 136
137 137 ##### `NET_DNS_1`=""
138 138 Set the IP address for the first DNS server.
139 139
140 140 ##### `NET_DNS_2`=""
141 141 Set the IP address for the second DNS server.
142 142
143 143 ##### `NET_DNS_DOMAINS`=""
144 144 Set the default DNS search domains to use for non fully qualified host names.
145 145
146 146 ##### `NET_NTP_1`=""
147 147 Set the IP address for the first NTP server.
148 148
149 149 ##### `NET_NTP_2`=""
150 150 Set the IP address for the second NTP server.
151 151
152 152 ---
153 153
154 154 #### Basic system features:
155 155 ##### `ENABLE_CONSOLE`=true
156 156 Enable serial console interface. Recommended if no monitor or keyboard is connected to the RPi2/3. In case of problems fe. if the network (auto) configuration failed - the serial console can be used to access the system.
157 157
158 158 ##### `ENABLE_I2C`=false
159 159 Enable I2C interface on the RPi2/3. Please check the [RPi2/3 pinout diagrams](https://elinux.org/RPi_Low-level_peripherals) to connect the right GPIO pins.
160 160
161 161 ##### `ENABLE_SPI`=false
162 162 Enable SPI interface on the RPi2/3. Please check the [RPi2/3 pinout diagrams](https://elinux.org/RPi_Low-level_peripherals) to connect the right GPIO pins.
163 163
164 164 ##### `ENABLE_IPV6`=true
165 165 Enable IPv6 support. The network interface configuration is managed via systemd-networkd.
166 166
167 167 ##### `ENABLE_SSHD`=true
168 168 Install and enable OpenSSH service. The default configuration of the service doesn't allow `root` to login. Please use the user `pi` instead and `su -` or `sudo` to execute commands as root.
169 169
170 170 ##### `ENABLE_NONFREE`=false
171 171 Allow the installation of non-free Debian packages that do not comply with the DFSG. This is required to install closed-source firmware binary blobs.
172 172
173 173 ##### `ENABLE_WIRELESS`=false
174 174 Download and install the [closed-source firmware binary blob](https://github.com/RPi-Distro/firmware-nonfree/raw/master/brcm) that is required to run the internal wireless interface of the Raspberry Pi model `3`. This parameter is ignored if the specified `RPI_MODEL` is not `3`.
175 175
176 176 ##### `ENABLE_BLUETOOTH`=false
177 Enable Bluetooth interface on the RPi0/3.
177 Enable Bluetooth interface on the RPi0/3/3P.
178 178
179 179 ##### `ENABLE_RSYSLOG`=true
180 180 If set to false, disable and uninstall rsyslog (so logs will be available only in journal files)
181 181
182 182 ##### `ENABLE_SOUND`=true
183 183 Enable sound hardware and install Advanced Linux Sound Architecture.
184 184
185 185 ##### `ENABLE_HWRANDOM`=true
186 186 Enable Hardware Random Number Generator. Strong random numbers are important for most network based communications that use encryption. It's recommended to be enabled.
187 187
188 188 ##### `ENABLE_MINGPU`=false
189 189 Minimize the amount of shared memory reserved for the GPU. It doesn't seem to be possible to fully disable the GPU.
190 190
191 191 ##### `ENABLE_DBUS`=true
192 192 Install and enable D-Bus message bus. Please note that systemd should work without D-bus but it's recommended to be enabled.
193 193
194 194 ##### `ENABLE_XORG`=false
195 195 Install Xorg open-source X Window System.
196 196
197 197 ##### `ENABLE_WM`=""
198 198 Install a user defined window manager for the X Window System. To make sure all X related package dependencies are getting installed `ENABLE_XORG` will automatically get enabled if `ENABLE_WM` is used. The `rpi23-gen-image.sh` script has been tested with the following list of window managers: `blackbox`, `openbox`, `fluxbox`, `jwm`, `dwm`, `xfce4`, `awesome`.
199 199
200 200 ##### `ENABLE_SYSVINIT`=false
201 201 Support for halt,init,poweroff,reboot,runlevel,shutdown,telinit commands
202 202
203 203 ---
204 204
205 205 #### Advanced system features:
206 206 ##### `ENABLE_MINBASE`=false
207 207 Use debootstrap script variant `minbase` which only includes essential packages and apt. This will reduce the disk usage by about 65 MB.
208 208
209 209 ##### `ENABLE_REDUCE`=false
210 210 Reduce the disk space usage by deleting packages and files. See `REDUCE_*` parameters for detailed information.
211 211
212 212 ##### `ENABLE_UBOOT`=false
213 213 Replace the default RPi2/3 second stage bootloader (bootcode.bin) with [U-Boot bootloader](https://git.denx.de/?p=u-boot.git;a=summary). U-Boot can boot images via the network using the BOOTP/TFTP protocol.
214 214
215 215 ##### `UBOOTSRC_DIR`=""
216 216 Path to a directory (`u-boot`) of [U-Boot bootloader sources](https://git.denx.de/?p=u-boot.git;a=summary) that will be copied, configured, build and installed inside the chroot.
217 217
218 218 ##### `ENABLE_FBTURBO`=false
219 219 Install and enable the [hardware accelerated Xorg video driver](https://github.com/ssvb/xf86-video-fbturbo) `fbturbo`. Please note that this driver is currently limited to hardware accelerated window moving and scrolling.
220 220
221 221 ##### `FBTURBOSRC_DIR`=""
222 222 Path to a directory (`xf86-video-fbturbo`) of [hardware accelerated Xorg video driver sources](https://github.com/ssvb/xf86-video-fbturbo) that will be copied, configured, build and installed inside the chroot.
223 223
224 224 ##### `ENABLE_VIDEOCORE`=false
225 225 Install and enable the [Source code for ARM side libraries for interfacing to Raspberry Pi GPU](https://github.com/raspberrypi/userland) `vcgencmd`. Please note that this driver is currently limited to hardware accelerated window moving and scrolling.
226 226
227 227 ##### `VIDEOCORESRC_DIR`=""
228 228 Path to a directory (`userland`) of [Source code for ARM side libraries for interfacing to Raspberry Pi GPU](https://github.com/raspberrypi/userland) that will be copied, configured, build and installed inside the chroot.
229 229
230 230 ##### `ENABLE_IPTABLES`=false
231 231 Enable iptables IPv4/IPv6 firewall. Simplified ruleset: Allow all outgoing connections. Block all incoming connections except to OpenSSH service.
232 232
233 233 ##### `ENABLE_USER`=true
234 234 Create non-root user with password `USER_PASSWORD`=raspberry. Unless overridden with `USER_NAME`=user, username will be `pi`.
235 235
236 236 ##### `USER_NAME`=pi
237 237 Non-root user to create. Ignored if `ENABLE_USER`=false
238 238
239 239 ##### `ENABLE_ROOT`=false
240 240 Set root user password so root login will be enabled
241 241
242 242 ##### `ENABLE_HARDNET`=false
243 243 Enable IPv4/IPv6 network stack hardening settings.
244 244
245 245 ##### `ENABLE_SPLITFS`=false
246 246 Enable having root partition on an USB drive by creating two image files: one for the `/boot/firmware` mount point, and another for `/`.
247 247
248 248 ##### `CHROOT_SCRIPTS`=""
249 249 Path to a directory with scripts that should be run in the chroot before the image is finally built. Every executable file in this directory is run in lexicographical order.
250 250
251 251 ##### `ENABLE_INITRAMFS`=false
252 252 Create an initramfs that that will be loaded during the Linux startup process. `ENABLE_INITRAMFS` will automatically get enabled if `ENABLE_CRYPTFS`=true. This parameter will be ignored if `BUILD_KERNEL`=false.
253 253
254 254 ##### `ENABLE_IFNAMES`=true
255 255 Enable automatic assignment of predictable, stable network interface names for all local Ethernet, WLAN interfaces. This might create complex and long interface names.
256 256
257 257 ##### `DISABLE_UNDERVOLT_WARNINGS`=
258 258 Disable RPi2/3 under-voltage warnings and overlays. Setting the parameter to `1` will disable the warning overlay. Setting it to `2` will additionally allow RPi2/3 turbo mode when low-voltage is present.
259 259
260 260 ---
261 261
262 262 #### SSH settings:
263 263 ##### `SSH_ENABLE_ROOT`=false
264 264 Enable password root login via SSH. This may be a security risk with default password, use only in trusted environments. `ENABLE_ROOT` must be set to `true`.
265 265
266 266 ##### `SSH_DISABLE_PASSWORD_AUTH`=false
267 267 Disable password based SSH authentication. Only public key based SSH (v2) authentication will be supported.
268 268
269 269 ##### `SSH_LIMIT_USERS`=false
270 270 Limit the users that are allowed to login via SSH. Only allow user `USER_NAME`=pi and root if `SSH_ENABLE_ROOT`=true to login. This parameter will be ignored if `dropbear` SSH is used (`REDUCE_SSHD`=true).
271 271
272 272 ##### `SSH_ROOT_PUB_KEY`=""
273 273 Add SSH (v2) public key(s) from specified file to `authorized_keys` file to enable public key based SSH (v2) authentication of user `root`. The specified file can also contain multiple SSH (v2) public keys. SSH protocol version 1 is not supported. `ENABLE_ROOT` **and** `SSH_ENABLE_ROOT` must be set to `true`.
274 274
275 275 ##### `SSH_USER_PUB_KEY`=""
276 276 Add SSH (v2) public key(s) from specified file to `authorized_keys` file to enable public key based SSH (v2) authentication of user `USER_NAME`=pi. The specified file can also contain multiple SSH (v2) public keys. SSH protocol version 1 is not supported.
277 277
278 278 ---
279 279
280 280 #### Kernel compilation:
281 281 ##### `BUILD_KERNEL`=true
282 282 Build and install the latest RPi2/3 Linux kernel. Currently only the default RPi2/3 kernel configuration is used.
283 283
284 284 ##### `CROSS_COMPILE`="arm-linux-gnueabihf-"
285 285 This sets the cross compile enviornment for the compiler.
286 286
287 287 ##### `KERNEL_ARCH`="arm"
288 288 This sets the kernel architecture for the compiler.
289 289
290 290 ##### `KERNEL_IMAGE`="kernel7.img"
291 291 Name of the image file in the boot partition. If not set, `KERNEL_IMAGE` will be set to "kernel8.img" automatically if building for arm64.
292 292
293 293 ##### `KERNEL_BRANCH`=""
294 294 Name of the requested branch from the GIT location for the RPi Kernel. Default is using the current default branch from the GIT site.
295 295
296 296 ##### `QEMU_BINARY`="/usr/bin/qemu-arm-static"
297 297 Sets the QEMU enviornment for the Debian archive. If not set, `QEMU_BINARY` will be set to "/usr/bin/qemu-aarch64-static" automatically if building for arm64.
298 298
299 299 ##### `KERNEL_DEFCONFIG`="bcm2709_defconfig"
300 300 Sets the default config for kernel compiling. If not set, `KERNEL_DEFCONFIG` will be set to "bcmrpi3\_defconfig" automatically if building for arm64.
301 301
302 302 ##### `KERNEL_REDUCE`=false
303 303 Reduce the size of the generated kernel by removing unwanted device, network and filesystem drivers (experimental).
304 304
305 305 ##### `KERNEL_THREADS`=1
306 306 Number of parallel kernel building threads. If the parameter is left untouched the script will automatically determine the number of CPU cores to set the number of parallel threads to speed the kernel compilation.
307 307
308 308 ##### `KERNEL_HEADERS`=true
309 309 Install kernel headers with built kernel.
310 310
311 311 ##### `KERNEL_MENUCONFIG`=false
312 312 Start `make menuconfig` interactive menu-driven kernel configuration. The script will continue after `make menuconfig` was terminated.
313 313
314 314 ##### `KERNEL_OLDDEFCONFIG`=false
315 315 Run `make olddefconfig` to automatically set all new kernel configuration options to their recommended default values.
316 316
317 317 ##### `KERNEL_CCACHE`=false
318 318 Compile the kernel using ccache. This speeds up kernel recompilation by caching previous compilations and detecting when the same compilation is being done again.
319 319
320 320 ##### `KERNEL_REMOVESRC`=true
321 321 Remove all kernel sources from the generated OS image after it was built and installed.
322 322
323 323 ##### `KERNELSRC_DIR`=""
324 324 Path to a directory (`linux`) of [RaspberryPi Linux kernel sources](https://github.com/raspberrypi/linux) that will be copied, configured, build and installed inside the chroot.
325 325
326 326 ##### `KERNELSRC_CLEAN`=false
327 327 Clean the existing kernel sources directory `KERNELSRC_DIR` (using `make mrproper`) after it was copied to the chroot and before the compilation of the kernel has started. This parameter will be ignored if no `KERNELSRC_DIR` was specified or if `KERNELSRC_PREBUILT`=true.
328 328
329 329 ##### `KERNELSRC_CONFIG`=true
330 330 Run `make bcm2709_defconfig` (and optional `make menuconfig`) to configure the kernel sources before building. This parameter is automatically set to `true` if no existing kernel sources directory was specified using `KERNELSRC_DIR`. This parameter is ignored if `KERNELSRC_PREBUILT`=true.
331 331
332 332 ##### `KERNELSRC_USRCONFIG`=""
333 333 Copy own config file to kernel `.config`. If `KERNEL_MENUCONFIG`=true then running after copy.
334 334
335 335 ##### `KERNELSRC_PREBUILT`=false
336 336 With this parameter set to true the script expects the existing kernel sources directory to be already successfully cross-compiled. The parameters `KERNELSRC_CLEAN`, `KERNELSRC_CONFIG`, `KERNELSRC_USRCONFIG` and `KERNEL_MENUCONFIG` are ignored and no kernel compilation tasks are performed.
337 337
338 338 ##### `RPI_FIRMWARE_DIR`=""
339 339 The directory (`firmware`) containing a local copy of the firmware from the [RaspberryPi firmware project](https://github.com/raspberrypi/firmware). Default is to download the latest firmware directly from the project.
340 340
341 341 ##### `KERNEL_NF`=false
342 342 Enable Netfilter modules as kernel modules
343 343
344 344 ##### `KERNEL_VIRT`=false
345 345 Enable Kernel KVM support (/dev/kvm)
346 346
347 347 ##### `KERNEL_ZSWAP`=false
348 348 Enable Kernel Zswap support. Best use on high RAM load and mediocre CPU load usecases
349 349
350 350 ##### `KERNEL_BPF`=true
351 351 Allow attaching eBPF programs to a cgroup using the bpf syscall (CONFIG_BPF_SYSCALL CONFIG_CGROUP_BPF) [systemd compilations about it - File /lib/systemd/system/systemd-journald.server:36 configures an IP firewall (IPAddressDeny=all), but the local system does not support BPF/cgroup based firewalls]
352 352
353 353 ---
354 354
355 355 #### Reduce disk usage:
356 356 The following list of parameters is ignored if `ENABLE_REDUCE`=false.
357 357
358 358 ##### `REDUCE_APT`=true
359 359 Configure APT to use compressed package repository lists and no package caching files.
360 360
361 361 ##### `REDUCE_DOC`=true
362 362 Remove all doc files (harsh). Configure APT to not include doc files on future `apt-get` package installations.
363 363
364 364 ##### `REDUCE_MAN`=true
365 365 Remove all man pages and info files (harsh). Configure APT to not include man pages on future `apt-get` package installations.
366 366
367 367 ##### `REDUCE_VIM`=false
368 368 Replace `vim-tiny` package by `levee` a tiny vim clone.
369 369
370 370 ##### `REDUCE_BASH`=false
371 371 Remove `bash` package and switch to `dash` shell (experimental).
372 372
373 373 ##### `REDUCE_HWDB`=true
374 374 Remove PCI related hwdb files (experimental).
375 375
376 376 ##### `REDUCE_SSHD`=true
377 377 Replace `openssh-server` with `dropbear`.
378 378
379 379 ##### `REDUCE_LOCALE`=true
380 380 Remove all `locale` translation files.
381 381
382 382 ---
383 383
384 384 #### Encrypted root partition:
385 385 ##### `ENABLE_CRYPTFS`=false
386 386 Enable full system encryption with dm-crypt. Setup a fully LUKS encrypted root partition (aes-xts-plain64:sha512) and generate required initramfs. The /boot directory will not be encrypted. This parameter will be ignored if `BUILD_KERNEL`=false. `ENABLE_CRYPTFS` is experimental. SSH-to-initramfs is currently not supported but will be soon - feel free to help.
387 387
388 388 ##### `CRYPTFS_PASSWORD`=""
389 389 Set password of the encrypted root partition. This parameter is mandatory if `ENABLE_CRYPTFS`=true.
390 390
391 391 ##### `CRYPTFS_MAPPING`="secure"
392 392 Set name of dm-crypt managed device-mapper mapping.
393 393
394 394 ##### `CRYPTFS_CIPHER`="aes-xts-plain64:sha512"
395 395 Set cipher specification string. `aes-xts*` ciphers are strongly recommended.
396 396
397 397 ##### `CRYPTFS_XTSKEYSIZE`=512
398 398 Sets key size in bits. The argument has to be a multiple of 8.
399 399
400 400 ---
401 401
402 402 #### Build settings:
403 403 ##### `BASEDIR`=$(pwd)/images/${RELEASE}
404 404 Set a path to a working directory used by the script to generate an image.
405 405
406 406 ##### `IMAGE_NAME`=${BASEDIR}/${DATE}-${KERNEL_ARCH}-${KERNEL_BRANCH}-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}
407 407 Set a filename for the output file(s). Note: the script will create $IMAGE_NAME.img if `ENABLE_SPLITFS`=false or $IMAGE_NAME-frmw.img and $IMAGE_NAME-root.img if `ENABLE_SPLITFS`=true. Note 2: If the KERNEL_BRANCH is not set, the word "CURRENT" is used.
408 408
409 409 ## Understanding the script
410 410 The functions of this script that are required for the different stages of the bootstrapping are split up into single files located inside the `bootstrap.d` directory. During the bootstrapping every script in this directory gets executed in lexicographical order:
411 411
412 412 | Script | Description |
413 413 | --- | --- |
414 414 | `10-bootstrap.sh` | Debootstrap basic system |
415 415 | `11-apt.sh` | Setup APT repositories |
416 416 | `12-locale.sh` | Setup Locales and keyboard settings |
417 417 | `13-kernel.sh` | Build and install RPi2/3 Kernel |
418 418 | `14-fstab.sh` | Setup fstab and initramfs |
419 419 | `15-rpi-config.sh` | Setup RPi2/3 config and cmdline |
420 420 | `20-networking.sh` | Setup Networking |
421 421 | `21-firewall.sh` | Setup Firewall |
422 422 | `30-security.sh` | Setup Users and Security settings |
423 423 | `31-logging.sh` | Setup Logging |
424 424 | `32-sshd.sh` | Setup SSH and public keys |
425 425 | `41-uboot.sh` | Build and Setup U-Boot |
426 426 | `42-fbturbo.sh` | Build and Setup fbturbo Xorg driver |
427 427 | `50-firstboot.sh` | First boot actions |
428 428 | `99-reduce.sh` | Reduce the disk space usage |
429 429
430 430 All the required configuration files that will be copied to the generated OS image are located inside the `files` directory. It is not recommended to modify these configuration files manually.
431 431
432 432 | Directory | Description |
433 433 | --- | --- |
434 434 | `apt` | APT management configuration files |
435 435 | `boot` | Boot and RPi2/3 configuration files |
436 436 | `dpkg` | Package Manager configuration |
437 437 | `etc` | Configuration files and rc scripts |
438 438 | `firstboot` | Scripts that get executed on first boot |
439 439 | `initramfs` | Initramfs scripts |
440 440 | `iptables` | Firewall configuration files |
441 441 | `locales` | Locales configuration |
442 442 | `modules` | Kernel Modules configuration |
443 443 | `mount` | Fstab configuration |
444 444 | `network` | Networking configuration files |
445 445 | `sysctl.d` | Swapping and Network Hardening configuration |
446 446 | `xorg` | fbturbo Xorg driver configuration |
447 447
448 448 ## Custom packages and scripts
449 449 Debian custom packages, i.e. those not in the debian repositories, can be installed by placing them in the `packages` directory. They are installed immediately after packages from the repositories are installed. Any dependencies listed in the custom packages will be downloaded automatically from the repositories. Do not list these custom packages in `APT_INCLUDES`.
450 450
451 451 Scripts in the custom.d directory will be executed after all other installation is complete but before the image is created.
452 452
453 453 ## Logging of the bootstrapping process
454 454 All information related to the bootstrapping process and the commands executed by the `rpi23-gen-image.sh` script can easily be saved into a logfile. The common shell command `script` can be used for this purpose:
455 455
456 456 ```shell
457 457 script -c 'APT_SERVER=ftp.de.debian.org ./rpi23-gen-image.sh' ./build.log
458 458 ```
459 459
460 460 ## Flashing the image file
461 461 After the image file was successfully created by the `rpi23-gen-image.sh` script it can be copied to the microSD card that will be used by the RPi2/3 computer. This can be performed by using the tools `bmaptool` or `dd`. Using `bmaptool` will probably speed-up the copy process because `bmaptool` copies more wisely than `dd`.
462 462
463 463 ##### Flashing examples:
464 464 ```shell
465 465 bmaptool copy ./images/buster/2017-01-23-rpi3-buster.img /dev/mmcblk0
466 466 dd bs=4M if=./images/buster/2017-01-23-rpi3-buster.img of=/dev/mmcblk0
467 467 ```
468 468 If you have set `ENABLE_SPLITFS`, copy the `-frmw` image on the microSD card, then the `-root` one on the USB drive:
469 469 ```shell
470 470 bmaptool copy ./images/buster/2017-01-23-rpi3-buster-frmw.img /dev/mmcblk0
471 471 bmaptool copy ./images/buster/2017-01-23-rpi3-buster-root.img /dev/sdc
472 472 ```
473 473
474 474 ## QEMU emulation
475 475 Start QEMU full system emulation:
476 476 ```shell
477 477 qemu-system-arm -m 2048M -M vexpress-a15 -cpu cortex-a15 -kernel kernel7.img -no-reboot -dtb vexpress-v2p-ca15_a7.dtb -sd ${IMAGE_NAME}.qcow2 -append "root=/dev/mmcblk0p2 rw rootfstype=ext4 console=tty1"
478 478 ```
479 479
480 480 Start QEMU full system emulation and output to console:
481 481 ```shell
482 482 qemu-system-arm -m 2048M -M vexpress-a15 -cpu cortex-a15 -kernel kernel7.img -no-reboot -dtb vexpress-v2p-ca15_a7.dtb -sd ${IMAGE_NAME}.qcow2 -append "root=/dev/mmcblk0p2 rw rootfstype=ext4 console=ttyAMA0,115200 init=/bin/systemd" -serial stdio
483 483 ```
484 484
485 485 Start QEMU full system emulation with SMP and output to console:
486 486 ```shell
487 487 qemu-system-arm -m 2048M -M vexpress-a15 -cpu cortex-a15 -smp cpus=2,maxcpus=2 -kernel kernel7.img -no-reboot -dtb vexpress-v2p-ca15_a7.dtb -sd ${IMAGE_NAME}.qcow2 -append "root=/dev/mmcblk0p2 rw rootfstype=ext4 console=ttyAMA0,115200 init=/bin/systemd" -serial stdio
488 488 ```
489 489
490 490 Start QEMU full system emulation with cryptfs, initramfs and output to console:
491 491 ```shell
492 492 qemu-system-arm -m 2048M -M vexpress-a15 -cpu cortex-a15 -kernel kernel7.img -no-reboot -dtb vexpress-v2p-ca15_a7.dtb -sd ${IMAGE_NAME}.qcow2 -initrd "initramfs-${KERNEL_VERSION}" -append "root=/dev/mapper/secure cryptdevice=/dev/mmcblk0p2:secure rw rootfstype=ext4 console=ttyAMA0,115200 init=/bin/systemd" -serial stdio
493 493 ```
494 494
495 495 ## External links and references
496 496 * [Debian worldwide mirror sites](https://www.debian.org/mirror/list)
497 497 * [Debian Raspberry Pi 2 Wiki](https://wiki.debian.org/RaspberryPi2)
498 498 * [Debian CrossToolchains Wiki](https://wiki.debian.org/CrossToolchains)
499 499 * [Official Raspberry Pi Firmware on github](https://github.com/raspberrypi/firmware)
500 500 * [Official Raspberry Pi Kernel on github](https://github.com/raspberrypi/linux)
501 501 * [U-BOOT git repository](https://git.denx.de/?p=u-boot.git;a=summary)
502 502 * [Xorg DDX driver fbturbo](https://github.com/ssvb/xf86-video-fbturbo)
503 503 * [RPi3 Wireless interface firmware](https://github.com/RPi-Distro/firmware-nonfree/tree/master/brcm80211/brcm)
504 504 * [Collabora RPi2 Kernel precompiled](https://repositories.collabora.co.uk/debian/)
@@ -1,831 +1,825
1 1 #!/bin/sh
2 2 ########################################################################
3 3 # rpi23-gen-image.sh 2015-2017
4 4 #
5 5 # Advanced Debian "stretch" and "buster" bootstrap script for RPi2/3
6 6 #
7 7 # This program is free software; you can redistribute it and/or
8 8 # modify it under the terms of the GNU General Public License
9 9 # as published by the Free Software Foundation; either version 2
10 10 # of the License, or (at your option) any later version.
11 11 #
12 12 # Copyright (C) 2015 Jan Wagner <mail@jwagner.eu>
13 13 #
14 14 # Big thanks for patches and enhancements by 20+ github contributors!
15 15 ########################################################################
16 16
17 17 # Are we running as root?
18 18 if [ "$(id -u)" -ne "0" ] ; then
19 19 echo "error: this script must be executed with root privileges!"
20 20 exit 1
21 21 fi
22 22
23 23 # Check if ./functions.sh script exists
24 24 if [ ! -r "./functions.sh" ] ; then
25 25 echo "error: './functions.sh' required script not found!"
26 26 exit 1
27 27 fi
28 28
29 29 # Load utility functions
30 30 . ./functions.sh
31 31
32 32 # Load parameters from configuration template file
33 33 if [ -n "$CONFIG_TEMPLATE" ] ; then
34 34 use_template
35 35 fi
36 36
37 37 # Introduce settings
38 38 set -e
39 39 echo -n -e "\n#\n# RPi2/3 Bootstrap Settings\n#\n"
40 40 set -x
41 41
42 42 # Raspberry Pi model configuration
43 43 RPI_MODEL=${RPI_MODEL:=2}
44 44
45 45 # Debian release
46 46 RELEASE=${RELEASE:=buster}
47 47
48 48 # Kernel Branch
49 49 KERNEL_BRANCH=${KERNEL_BRANCH:=""}
50 50
51 51 # URLs
52 52 KERNEL_URL=${KERNEL_URL:=https://github.com/raspberrypi/linux}
53 53 FIRMWARE_URL=${FIRMWARE_URL:=https://github.com/raspberrypi/firmware/raw/master/boot}
54 54 WLAN_FIRMWARE_URL=${WLAN_FIRMWARE_URL:=https://github.com/RPi-Distro/firmware-nonfree/raw/master/brcm}
55 55 COLLABORA_URL=${COLLABORA_URL:=https://repositories.collabora.co.uk/debian}
56 56 FBTURBO_URL=${FBTURBO_URL:=https://github.com/ssvb/xf86-video-fbturbo.git}
57 57 UBOOT_URL=${UBOOT_URL:=https://git.denx.de/u-boot.git}
58 58 VIDEOCORE_URL=${VIDEOCORE_URL:=https://github.com/raspberrypi/userland}
59 59 #BIS= Kernel has KVM and zswap enabled
60 60 RPI3_64_BIS_KERNEL_URL=${RPI3_64_BIS_KERNEL_URL:=https://github.com/sakaki-/bcmrpi3-kernel-bis/releases/download/4.14.80.20181113/bcmrpi3-kernel-bis-4.14.80.20181113.tar.xz}
61 61 #default bcmrpi3_defconfig target kernel
62 62 RPI3_64_DEF_KERNEL_URL=${RPI3_64_DEF_KERNEL_URL:=https://github.com/sakaki-/bcmrpi3-kernel/releases/download/4.14.80.20181113/bcmrpi3-kernel-4.14.80.20181113.tar.xz}
63 63 #enhanced kernel
64 64 RPI3_64_KERNEL_URL=${RPI3_64_KERNEL_URL:=$RPI3_64_BIS_KERNEL_URL}
65 65 BLUETOOTH_URL=${BLUETOOTH_URL:=https://github.com/RPi-Distro/pi-bluetooth.git}
66 66
67 67 # Build directories
68 68 WORKDIR=$(pwd)
69 69 BASEDIR=${BASEDIR:=${WORKDIR}/images/${RELEASE}}
70 70 BUILDDIR="${BASEDIR}/build"
71 71
72 72 # Chroot directories
73 73 R="${BUILDDIR}/chroot"
74 74 ETC_DIR="${R}/etc"
75 75 LIB_DIR="${R}/lib"
76 76 BOOT_DIR="${R}/boot/firmware"
77 77 KERNEL_DIR="${R}/usr/src/linux"
78 78 WLAN_FIRMWARE_DIR="${LIB_DIR}/firmware/brcm"
79 79
80 80 # Firmware directory: Blank if download from github
81 81 RPI_FIRMWARE_DIR=${RPI_FIRMWARE_DIR:=""}
82 82
83 83 # General settings
84 84 SET_ARCH=${SET_ARCH:=32}
85 85 HOSTNAME=${HOSTNAME:=rpi${RPI_MODEL}-${RELEASE}}
86 86 PASSWORD=${PASSWORD:=raspberry}
87 87 USER_PASSWORD=${USER_PASSWORD:=raspberry}
88 88 DEFLOCAL=${DEFLOCAL:="en_US.UTF-8"}
89 89 TIMEZONE=${TIMEZONE:="Europe/Berlin"}
90 90 EXPANDROOT=${EXPANDROOT:=true}
91 91
92 92 # Keyboard settings
93 93 XKB_MODEL=${XKB_MODEL:=""}
94 94 XKB_LAYOUT=${XKB_LAYOUT:=""}
95 95 XKB_VARIANT=${XKB_VARIANT:=""}
96 96 XKB_OPTIONS=${XKB_OPTIONS:=""}
97 97
98 98 # Network settings (DHCP)
99 99 ENABLE_DHCP=${ENABLE_DHCP:=true}
100 100
101 101 # Network settings (static)
102 102 NET_ADDRESS=${NET_ADDRESS:=""}
103 103 NET_GATEWAY=${NET_GATEWAY:=""}
104 104 NET_DNS_1=${NET_DNS_1:=""}
105 105 NET_DNS_2=${NET_DNS_2:=""}
106 106 NET_DNS_DOMAINS=${NET_DNS_DOMAINS:=""}
107 107 NET_NTP_1=${NET_NTP_1:=""}
108 108 NET_NTP_2=${NET_NTP_2:=""}
109 109
110 110 # APT settings
111 111 APT_PROXY=${APT_PROXY:=""}
112 112 APT_SERVER=${APT_SERVER:="ftp.debian.org"}
113 113
114 114 # Feature settings
115 115 ENABLE_BLUETOOTH=${ENABLE_BLUETOOTH:=false}
116 116 ENABLE_CONSOLE=${ENABLE_CONSOLE:=true}
117 117 ENABLE_I2C=${ENABLE_I2C:=false}
118 118 ENABLE_SPI=${ENABLE_SPI:=false}
119 119 ENABLE_IPV6=${ENABLE_IPV6:=true}
120 120 ENABLE_SSHD=${ENABLE_SSHD:=true}
121 121 ENABLE_NONFREE=${ENABLE_NONFREE:=false}
122 122 ENABLE_WIRELESS=${ENABLE_WIRELESS:=false}
123 123 ENABLE_SOUND=${ENABLE_SOUND:=true}
124 124 ENABLE_DBUS=${ENABLE_DBUS:=true}
125 125 ENABLE_HWRANDOM=${ENABLE_HWRANDOM:=true}
126 126 ENABLE_MINGPU=${ENABLE_MINGPU:=false}
127 127 ENABLE_XORG=${ENABLE_XORG:=false}
128 128 ENABLE_WM=${ENABLE_WM:=""}
129 129 ENABLE_RSYSLOG=${ENABLE_RSYSLOG:=true}
130 130 ENABLE_USER=${ENABLE_USER:=true}
131 131 USER_NAME=${USER_NAME:="pi"}
132 132 ENABLE_ROOT=${ENABLE_ROOT:=false}
133 133 ENABLE_QEMU=${ENABLE_QEMU:=false}
134 134 ENABLE_SYSVINIT=${ENABLE_SYSVINIT:=false}
135 135
136 136 # SSH settings
137 137 SSH_ENABLE_ROOT=${SSH_ENABLE_ROOT:=false}
138 138 SSH_DISABLE_PASSWORD_AUTH=${SSH_DISABLE_PASSWORD_AUTH:=false}
139 139 SSH_LIMIT_USERS=${SSH_LIMIT_USERS:=false}
140 140 SSH_ROOT_PUB_KEY=${SSH_ROOT_PUB_KEY:=""}
141 141 SSH_USER_PUB_KEY=${SSH_USER_PUB_KEY:=""}
142 142
143 143 # Advanced settings
144 144 ENABLE_MINBASE=${ENABLE_MINBASE:=false}
145 145 ENABLE_REDUCE=${ENABLE_REDUCE:=false}
146 146 ENABLE_UBOOT=${ENABLE_UBOOT:=false}
147 147 UBOOTSRC_DIR=${UBOOTSRC_DIR:=""}
148 148 ENABLE_UBOOTUSB=${ENABLE_UBOOTUSB=false}
149 149 ENABLE_FBTURBO=${ENABLE_FBTURBO:=false}
150 150 ENABLE_VIDEOCORE=${ENABLE_VIDEOCORE:=false}
151 151 VIDEOCORESRC_DIR=${VIDEOCORESRC_DIR:=""}
152 152 FBTURBOSRC_DIR=${FBTURBOSRC_DIR:=""}
153 153 ENABLE_HARDNET=${ENABLE_HARDNET:=false}
154 154 ENABLE_IPTABLES=${ENABLE_IPTABLES:=false}
155 155 ENABLE_SPLITFS=${ENABLE_SPLITFS:=false}
156 156 ENABLE_INITRAMFS=${ENABLE_INITRAMFS:=false}
157 157 ENABLE_IFNAMES=${ENABLE_IFNAMES:=true}
158 158 DISABLE_UNDERVOLT_WARNINGS=${DISABLE_UNDERVOLT_WARNINGS:=}
159 159
160 160 # Kernel compilation settings
161 161 BUILD_KERNEL=${BUILD_KERNEL:=true}
162 162 KERNEL_REDUCE=${KERNEL_REDUCE:=false}
163 163 KERNEL_THREADS=${KERNEL_THREADS:=1}
164 164 KERNEL_HEADERS=${KERNEL_HEADERS:=true}
165 165 KERNEL_MENUCONFIG=${KERNEL_MENUCONFIG:=false}
166 166 KERNEL_REMOVESRC=${KERNEL_REMOVESRC:=true}
167 167 KERNEL_OLDDEFCONFIG=${KERNEL_OLDDEFCONFIG:=false}
168 168 KERNEL_CCACHE=${KERNEL_CCACHE:=false}
169 169 KERNEL_ZSWAP=${KERNEL_ZSWAP:=false}
170 170 KERNEL_VIRT=${KERNEL_VIRT:=false}
171 171 KERNEL_BPF=${KERNEL_BPF:=false}
172 172
173 173 # Kernel compilation from source directory settings
174 174 KERNELSRC_DIR=${KERNELSRC_DIR:=""}
175 175 KERNELSRC_CLEAN=${KERNELSRC_CLEAN:=false}
176 176 KERNELSRC_CONFIG=${KERNELSRC_CONFIG:=true}
177 177 KERNELSRC_PREBUILT=${KERNELSRC_PREBUILT:=false}
178 178
179 179 # Reduce disk usage settings
180 180 REDUCE_APT=${REDUCE_APT:=true}
181 181 REDUCE_DOC=${REDUCE_DOC:=true}
182 182 REDUCE_MAN=${REDUCE_MAN:=true}
183 183 REDUCE_VIM=${REDUCE_VIM:=false}
184 184 REDUCE_BASH=${REDUCE_BASH:=false}
185 185 REDUCE_HWDB=${REDUCE_HWDB:=true}
186 186 REDUCE_SSHD=${REDUCE_SSHD:=true}
187 187 REDUCE_LOCALE=${REDUCE_LOCALE:=true}
188 188
189 189 # Encrypted filesystem settings
190 190 ENABLE_CRYPTFS=${ENABLE_CRYPTFS:=false}
191 191 CRYPTFS_PASSWORD=${CRYPTFS_PASSWORD:=""}
192 192 CRYPTFS_MAPPING=${CRYPTFS_MAPPING:="secure"}
193 193 CRYPTFS_CIPHER=${CRYPTFS_CIPHER:="aes-xts-plain64:sha512"}
194 194 CRYPTFS_XTSKEYSIZE=${CRYPTFS_XTSKEYSIZE:=512}
195 195
196 196 # Chroot scripts directory
197 197 CHROOT_SCRIPTS=${CHROOT_SCRIPTS:=""}
198 198
199 199 # Packages required in the chroot build environment
200 200 APT_INCLUDES=${APT_INCLUDES:=""}
201 201 APT_INCLUDES="${APT_INCLUDES},apt-transport-https,apt-utils,ca-certificates,debian-archive-keyring,dialog,sudo,systemd,sysvinit-utils,locales,keyboard-configuration,console-setup,libnss-systemd"
202 202
203 203 #Packages to exclude from chroot build environment
204 204 APT_EXCLUDES=${APT_EXCLUDES:=""}
205 205
206 206 # Packages required for bootstrapping
207 207 REQUIRED_PACKAGES="debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git bc psmisc dbus sudo netselect-apt"
208 208 MISSING_PACKAGES=""
209 209
210 210 # Packages installed for c/c++ build environment in chroot (keep empty)
211 211 COMPILER_PACKAGES=""
212 212
213 213 set +x
214 214
215 215 #Check if apt-cacher-ng has port 3142 open and set APT_PROXY
216 216 APT_CACHER_RUNNING=$(lsof -i :3142 | grep apt-cacher-ng | cut -d ' ' -f3 | uniq)
217 217 if [ -n ${APT_CACHER_RUNNING} ] ; then
218 218 APT_PROXY=http://127.0.0.1:3142/
219 219 fi
220 220
221 221 #netselect-apt does not know buster yet
222 222 if [ "$RELEASE" = "buster" ] ; then
223 223 RLS=testing
224 224 else
225 225 RLS="$RELEASE"
226 226 fi
227 227
228 228 if [ -f "$(pwd)/files/apt/sources.list" ] ; then
229 229 rm "$(pwd)/files/apt/sources.list"
230 230 fi
231 231
232 232 if [ "$ENABLE_NONFREE" = true ] ; then
233 233 netselect-apt --arch "$RELEASE_ARCH" --tests 10 --sources --nonfree --outfile "$(pwd)/files/apt/sources.list" -d "$RLS"
234 234 else
235 235 netselect-apt --arch "$RELEASE_ARCH" --tests 10 --sources --outfile "$(pwd)/files/apt/sources.list" -d "$RLS"
236 236 fi
237 237
238 238 #sed and cut the result string so we can use it as APT_SERVER
239 239 APT_SERVER=$(grep -m 1 http files/apt/sources.list | sed "s|http://| |g" | cut -d ' ' -f 3 | sed 's|/$|''|')
240 240
241 241 #make script easier and more stable to use with convenient setup switch. Just setup SET_ARCH and RPI_MODEL and your good to go!
242 242 if [ -n "$SET_ARCH" ] ; then
243 243 # 64 bit configuration
244 244 if [ "$SET_ARCH" = 64 ] ; then
245 245 # General 64 bit depended settings
246 246 QEMU_BINARY=${QEMU_BINARY:=/usr/bin/qemu-aarch64-static}
247 247 KERNEL_ARCH=${KERNEL_ARCH:=arm64}
248 248 KERNEL_BIN_IMAGE=${KERNEL_BIN_IMAGE:="Image"}
249 249
250 250 # Board specific settings
251 251 if [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then
252 252 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-arm64"
253 253 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcmrpi3_defconfig}
254 254 RELEASE_ARCH=${RELEASE_ARCH:=arm64}
255 255 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel8.img}
256 256 CROSS_COMPILE=${CROSS_COMPILE:=aarch64-linux-gnu-}
257 257 else
258 258 echo "error: Only Raspberry PI 3 and 3B+ support 64 bit"
259 259 exit 1
260 260 fi
261 261 fi
262 262
263 263 # 32 bit configuration
264 264 if [ "$SET_ARCH" = 32 ] ; then
265 265 # General 32 bit dependend settings
266 266 QEMU_BINARY=${QEMU_BINARY:=/usr/bin/qemu-arm-static}
267 267 KERNEL_ARCH=${KERNEL_ARCH:=arm}
268 268 KERNEL_BIN_IMAGE=${KERNEL_BIN_IMAGE:="zImage"}
269 269
270 270 # Hardware specific settings
271 271 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 1 ] || [ "$RPI_MODEL" = 1P ] ; then
272 272 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-armel"
273 273 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcmrpi_defconfig}
274 274 RELEASE_ARCH=${RELEASE_ARCH:=armel}
275 275 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel.img}
276 276 CROSS_COMPILE=${CROSS_COMPILE:=arm-linux-gnueabi-}
277 277 fi
278 278
279 279 # Hardware specific settings
280 280 if [ "$RPI_MODEL" = 2 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then
281 281 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-armhf"
282 282 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcm2709_defconfig}
283 283 RELEASE_ARCH=${RELEASE_ARCH:=armhf}
284 284 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel7.img}
285 285 CROSS_COMPILE=${CROSS_COMPILE:=arm-linux-gnueabihf-}
286 286 fi
287 287 fi
288 288 #SET_ARCH not set
289 289 else
290 290 echo "error: Please set '32' or '64' as value for SET_ARCH"
291 291 exit 1
292 292 fi
293 293 # Device specific configuration and U-Boot configuration
294 294 case "$RPI_MODEL" in
295 295 0)
296 296 DTB_FILE=${DTB_FILE:=bcm2708-rpi-0-w.dtb}
297 297 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_defconfig}
298 298 ;;
299 299 1)
300 300 DTB_FILE=${DTB_FILE:=bcm2708-rpi-b.dtb}
301 301 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_defconfig}
302 302 ;;
303 303 1P)
304 304 DTB_FILE=${DTB_FILE:=bcm2708-rpi-b-plus.dtb}
305 305 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_defconfig}
306 306 ;;
307 307 2)
308 308 DTB_FILE=${DTB_FILE:=bcm2709-rpi-2-b.dtb}
309 309 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_2_defconfig}
310 310 ;;
311 311 3)
312 312 DTB_FILE=${DTB_FILE:=bcm2710-rpi-3-b.dtb}
313 313 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_3_defconfig}
314 314 ;;
315 315 3P)
316 316 DTB_FILE=${DTB_FILE:=bcm2710-rpi-3-b.dtb}
317 317 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_3_defconfig}
318 318 ;;
319 319 *)
320 320 echo "error: Raspberry Pi model $RPI_MODEL is not supported!"
321 321 exit 1
322 322 ;;
323 323 esac
324 324
325 325 # Prepare date string for default image file name
326 326 DATE="$(date +%Y-%m-%d)"
327 327 if [ -z "$KERNEL_BRANCH" ] ; then
328 328 IMAGE_NAME=${IMAGE_NAME:=${BASEDIR}/${DATE}-${KERNEL_ARCH}-CURRENT-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}}
329 329 else
330 330 IMAGE_NAME=${IMAGE_NAME:=${BASEDIR}/${DATE}-${KERNEL_ARCH}-${KERNEL_BRANCH}-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}}
331 331 fi
332 332
333 # Check if the internal wireless interface is supported by the RPi model
333 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then
334 # Include bluetooth packages on supported boards
335 if [ "$ENABLE_BLUETOOTH" = true ] && [ "$ENABLE_CONSOLE" = false ]; then
336 APT_INCLUDES="${APT_INCLUDES},bluetooth,bluez"
337 fi
338 # Check if console or bluetooth configuration is invalid on RPI 0,3,3P
339 if [ "$ENABLE_BLUETOOTH" = true ] && [ "$ENABLE_CONSOLE" = true ]; then
340 echo "error: ENABLE_BLUETOOTH and ENABLE_CONSOLE can't be active on the same time."
341 exit 1
342 fi
343 else # if [ "$RPI_MODEL" = 1 ] || [ "$RPI_MODEL" = 1P ] || [ "$RPI_MODEL" = 2 ] ; then
344 # Check if the internal wireless interface is not supported by the RPi model
334 345 if [ "$ENABLE_WIRELESS" = true ] ; then
335 if [ "$RPI_MODEL" = 1 ] || [ "$RPI_MODEL" = 1P ] || [ "$RPI_MODEL" = 2 ] ; then
336 346 echo "error: The selected Raspberry Pi model has no internal wireless interface"
337 347 exit 1
338 348 fi
339 349 fi
340 350
341 351 # Check if DISABLE_UNDERVOLT_WARNINGS parameter value is supported
342 352 if [ -n "$DISABLE_UNDERVOLT_WARNINGS" ] ; then
343 353 if [ "$DISABLE_UNDERVOLT_WARNINGS" != 1 ] && [ "$DISABLE_UNDERVOLT_WARNINGS" != 2 ] ; then
344 354 echo "error: DISABLE_UNDERVOLT_WARNINGS=${DISABLE_UNDERVOLT_WARNINGS} is not supported"
345 355 exit 1
346 356 fi
347 357 fi
348 358
349 359 # Add cmake to compile videocore sources
350 360 if [ "$ENABLE_VIDEOCORE" = true ] ; then
351 361 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} cmake"
352 362 fi
353 363
354 364 # Add libncurses5 to enable kernel menuconfig
355 365 if [ "$KERNEL_MENUCONFIG" = true ] ; then
356 366 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} libncurses-dev"
357 367 fi
358 368
359 369 # Add ccache compiler cache for (faster) kernel cross (re)compilation
360 370 if [ "$KERNEL_CCACHE" = true ] ; then
361 371 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} ccache"
362 372 fi
363 373
364 374 # Add cryptsetup package to enable filesystem encryption
365 375 if [ "$ENABLE_CRYPTFS" = true ] && [ "$BUILD_KERNEL" = true ] ; then
366 376 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} cryptsetup"
367 377 APT_INCLUDES="${APT_INCLUDES},cryptsetup,busybox,console-setup"
368 378
369 379 if [ -z "$CRYPTFS_PASSWORD" ] ; then
370 380 echo "error: no password defined (CRYPTFS_PASSWORD)!"
371 381 exit 1
372 382 fi
373 383 ENABLE_INITRAMFS=true
374 384 fi
375 385
376 386 # Add initramfs generation tools
377 387 if [ "$ENABLE_INITRAMFS" = true ] && [ "$BUILD_KERNEL" = true ] ; then
378 388 APT_INCLUDES="${APT_INCLUDES},initramfs-tools"
379 389 fi
380 390
381 391 # Add device-tree-compiler required for building the U-Boot bootloader
382 392 if [ "$ENABLE_UBOOT" = true ] ; then
383 393 APT_INCLUDES="${APT_INCLUDES},device-tree-compiler,bison,flex,bc"
384 394 else
385 395 if [ "$ENABLE_UBOOTUSB" = true ] ; then
386 396 echo "error: Enabling UBOOTUSB requires u-boot to be enabled"
387 397 exit 1
388 398 fi
389 399 fi
390 400
391 if [ "$ENABLE_BLUETOOTH" = true ] ; then
392 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then
393 if [ "$ENABLE_CONSOLE" = false ] ; then
394 APT_INCLUDES="${APT_INCLUDES},bluetooth,bluez"
395 fi
396 fi
397 fi
398
399 if [ "$ENABLE_BLUETOOTH" = true ] ; then
400 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then
401 if [ "$ENABLE_CONSOLE" = false ] ; then
402 APT_INCLUDES="${APT_INCLUDES},bluetooth,bluez"
403 fi
404 fi
405 fi
406
407 401 # Check if root SSH (v2) public key file exists
408 402 if [ -n "$SSH_ROOT_PUB_KEY" ] ; then
409 403 if [ ! -f "$SSH_ROOT_PUB_KEY" ] ; then
410 404 echo "error: '$SSH_ROOT_PUB_KEY' specified SSH public key file not found (SSH_ROOT_PUB_KEY)!"
411 405 exit 1
412 406 fi
413 407 fi
414 408
415 409 # Check if $USER_NAME SSH (v2) public key file exists
416 410 if [ -n "$SSH_USER_PUB_KEY" ] ; then
417 411 if [ ! -f "$SSH_USER_PUB_KEY" ] ; then
418 412 echo "error: '$SSH_USER_PUB_KEY' specified SSH public key file not found (SSH_USER_PUB_KEY)!"
419 413 exit 1
420 414 fi
421 415 fi
422 416
423 417 # Check if all required packages are installed on the build system
424 418 for package in $REQUIRED_PACKAGES ; do
425 419 if [ "$(dpkg-query -W -f='${Status}' "$package")" != "install ok installed" ] ; then
426 420 MISSING_PACKAGES="${MISSING_PACKAGES} $package"
427 421 fi
428 422 done
429 423
430 424 # If there are missing packages ask confirmation for install, or exit
431 425 if [ -n "$MISSING_PACKAGES" ] ; then
432 426 echo "the following packages needed by this script are not installed:"
433 427 echo "$MISSING_PACKAGES"
434 428
435 429 printf "\ndo you want to install the missing packages right now? [y/n] "
436 430 read -r confirm
437 431 [ "$confirm" != "y" ] && exit 1
438 432
439 433 # Make sure all missing required packages are installed
440 434 apt-get -qq -y install "${MISSING_PACKAGES}"
441 435 fi
442 436
443 437 # Check if ./bootstrap.d directory exists
444 438 if [ ! -d "./bootstrap.d/" ] ; then
445 439 echo "error: './bootstrap.d' required directory not found!"
446 440 exit 1
447 441 fi
448 442
449 443 # Check if ./files directory exists
450 444 if [ ! -d "./files/" ] ; then
451 445 echo "error: './files' required directory not found!"
452 446 exit 1
453 447 fi
454 448
455 449 # Check if specified KERNELSRC_DIR directory exists
456 450 if [ -n "$KERNELSRC_DIR" ] && [ ! -d "$KERNELSRC_DIR" ] ; then
457 451 echo "error: '${KERNELSRC_DIR}' specified directory not found (KERNELSRC_DIR)!"
458 452 exit 1
459 453 fi
460 454
461 455 # Check if specified UBOOTSRC_DIR directory exists
462 456 if [ -n "$UBOOTSRC_DIR" ] && [ ! -d "$UBOOTSRC_DIR" ] ; then
463 457 echo "error: '${UBOOTSRC_DIR}' specified directory not found (UBOOTSRC_DIR)!"
464 458 exit 1
465 459 fi
466 460
467 461 # Check if specified VIDEOCORESRC_DIR directory exists
468 462 if [ -n "$VIDEOCORESRC_DIR" ] && [ ! -d "$VIDEOCORESRC_DIR" ] ; then
469 463 echo "error: '${VIDEOCORESRC_DIR}' specified directory not found (VIDEOCORESRC_DIR)!"
470 464 exit 1
471 465 fi
472 466
473 467 # Check if specified FBTURBOSRC_DIR directory exists
474 468 if [ -n "$FBTURBOSRC_DIR" ] && [ ! -d "$FBTURBOSRC_DIR" ] ; then
475 469 echo "error: '${FBTURBOSRC_DIR}' specified directory not found (FBTURBOSRC_DIR)!"
476 470 exit 1
477 471 fi
478 472
479 473 # Check if specified CHROOT_SCRIPTS directory exists
480 474 if [ -n "$CHROOT_SCRIPTS" ] && [ ! -d "$CHROOT_SCRIPTS" ] ; then
481 475 echo "error: ${CHROOT_SCRIPTS} specified directory not found (CHROOT_SCRIPTS)!"
482 476 exit 1
483 477 fi
484 478
485 479 # Check if specified device mapping already exists (will be used by cryptsetup)
486 480 if [ -r "/dev/mapping/${CRYPTFS_MAPPING}" ] ; then
487 481 echo "error: mapping /dev/mapping/${CRYPTFS_MAPPING} already exists, not proceeding"
488 482 exit 1
489 483 fi
490 484
491 485 # Don't clobber an old build
492 486 if [ -e "$BUILDDIR" ] ; then
493 487 echo "error: directory ${BUILDDIR} already exists, not proceeding"
494 488 exit 1
495 489 fi
496 490
497 491 # Setup chroot directory
498 492 mkdir -p "${R}"
499 493
500 494 # Check if build directory has enough of free disk space >512MB
501 495 if [ "$(df --output=avail "${BUILDDIR}" | sed "1d")" -le "524288" ] ; then
502 496 echo "error: ${BUILDDIR} not enough space left to generate the output image!"
503 497 exit 1
504 498 fi
505 499
506 500 set -x
507 501
508 502 # Call "cleanup" function on various signals and errors
509 503 trap cleanup 0 1 2 3 6
510 504
511 505 # Add required packages for the minbase installation
512 506 if [ "$ENABLE_MINBASE" = true ] ; then
513 507 APT_INCLUDES="${APT_INCLUDES},vim-tiny,netbase,net-tools,ifupdown"
514 508 fi
515 509
516 510 # Add parted package, required to get partprobe utility
517 511 if [ "$EXPANDROOT" = true ] ; then
518 512 APT_INCLUDES="${APT_INCLUDES},parted"
519 513 fi
520 514
521 515 # Add dbus package, recommended if using systemd
522 516 if [ "$ENABLE_DBUS" = true ] ; then
523 517 APT_INCLUDES="${APT_INCLUDES},dbus"
524 518 fi
525 519
526 520 # Add iptables IPv4/IPv6 package
527 521 if [ "$ENABLE_IPTABLES" = true ] ; then
528 522 APT_INCLUDES="${APT_INCLUDES},iptables,iptables-persistent"
529 523 fi
530 524
531 525 # Add openssh server package
532 526 if [ "$ENABLE_SSHD" = true ] ; then
533 527 APT_INCLUDES="${APT_INCLUDES},openssh-server"
534 528 fi
535 529
536 530 # Add alsa-utils package
537 531 if [ "$ENABLE_SOUND" = true ] ; then
538 532 APT_INCLUDES="${APT_INCLUDES},alsa-utils"
539 533 fi
540 534
541 535 # Add rng-tools package
542 536 if [ "$ENABLE_HWRANDOM" = true ] ; then
543 537 APT_INCLUDES="${APT_INCLUDES},rng-tools"
544 538 fi
545 539
546 540 # Add fbturbo video driver
547 541 if [ "$ENABLE_FBTURBO" = true ] ; then
548 542 # Enable xorg package dependencies
549 543 ENABLE_XORG=true
550 544 fi
551 545
552 546 # Add user defined window manager package
553 547 if [ -n "$ENABLE_WM" ] ; then
554 548 APT_INCLUDES="${APT_INCLUDES},${ENABLE_WM}"
555 549
556 550 # Enable xorg package dependencies
557 551 ENABLE_XORG=true
558 552 fi
559 553
560 554 # Add xorg package
561 555 if [ "$ENABLE_XORG" = true ] ; then
562 556 APT_INCLUDES="${APT_INCLUDES},xorg,dbus-x11"
563 557 fi
564 558
565 559 # Replace selected packages with smaller clones
566 560 if [ "$ENABLE_REDUCE" = true ] ; then
567 561 # Add levee package instead of vim-tiny
568 562 if [ "$REDUCE_VIM" = true ] ; then
569 563 APT_INCLUDES="$(echo ${APT_INCLUDES} | sed "s/vim-tiny/levee/")"
570 564 fi
571 565
572 566 # Add dropbear package instead of openssh-server
573 567 if [ "$REDUCE_SSHD" = true ] ; then
574 568 APT_INCLUDES="$(echo "${APT_INCLUDES}" | sed "s/openssh-server/dropbear/")"
575 569 fi
576 570 fi
577 571
578 572 # Configure systemd-sysv exclude to make halt/reboot/shutdown scripts available
579 573 if [ "$ENABLE_SYSVINIT" = false ] ; then
580 574 APT_EXCLUDES="--exclude=${APT_EXCLUDES},init,systemd-sysv"
581 575 fi
582 576
583 577 # Configure kernel sources if no KERNELSRC_DIR
584 578 if [ "$BUILD_KERNEL" = true ] && [ -z "$KERNELSRC_DIR" ] ; then
585 579 KERNELSRC_CONFIG=true
586 580 fi
587 581
588 582 # Configure reduced kernel
589 583 if [ "$KERNEL_REDUCE" = true ] ; then
590 584 KERNELSRC_CONFIG=false
591 585 fi
592 586
593 587 # Configure qemu compatible kernel
594 588 if [ "$ENABLE_QEMU" = true ] ; then
595 589 DTB_FILE=vexpress-v2p-ca15_a7.dtb
596 590 UBOOT_CONFIG=vexpress_ca15_tc2_defconfig
597 591 KERNEL_DEFCONFIG="vexpress_defconfig"
598 592 if [ "$KERNEL_MENUCONFIG" = false ] ; then
599 593 KERNEL_OLDDEFCONFIG=true
600 594 fi
601 595 fi
602 596
603 597 # Execute bootstrap scripts
604 598 for SCRIPT in bootstrap.d/*.sh; do
605 599 head -n 3 "$SCRIPT"
606 600 . "$SCRIPT"
607 601 done
608 602
609 603 ## Execute custom bootstrap scripts
610 604 if [ -d "custom.d" ] ; then
611 605 for SCRIPT in custom.d/*.sh; do
612 606 . "$SCRIPT"
613 607 done
614 608 fi
615 609
616 610 # Execute custom scripts inside the chroot
617 611 if [ -n "$CHROOT_SCRIPTS" ] && [ -d "$CHROOT_SCRIPTS" ] ; then
618 612 cp -r "${CHROOT_SCRIPTS}" "${R}/chroot_scripts"
619 613 chroot_exec /bin/bash -x <<'EOF'
620 614 for SCRIPT in /chroot_scripts/* ; do
621 615 if [ -f $SCRIPT -a -x $SCRIPT ] ; then
622 616 $SCRIPT
623 617 fi
624 618 done
625 619 EOF
626 620 rm -rf "${R}/chroot_scripts"
627 621 fi
628 622
629 623 # Remove c/c++ build environment from the chroot
630 624 chroot_remove_cc
631 625
632 626 # Generate required machine-id
633 627 MACHINE_ID=$(dbus-uuidgen)
634 628 echo -n "${MACHINE_ID}" > "${R}/var/lib/dbus/machine-id"
635 629 echo -n "${MACHINE_ID}" > "${ETC_DIR}/machine-id"
636 630
637 631 # APT Cleanup
638 632 chroot_exec apt-get -y clean
639 633 chroot_exec apt-get -y autoclean
640 634 chroot_exec apt-get -y autoremove
641 635
642 636 # Unmount mounted filesystems
643 637 umount -l "${R}/proc"
644 638 umount -l "${R}/sys"
645 639
646 640 # Clean up directories
647 641 rm -rf "${R}/run/*"
648 642 rm -rf "${R}/tmp/*"
649 643
650 644 # Clean up files
651 645 rm -f "${ETC_DIR}/ssh/ssh_host_*"
652 646 rm -f "${ETC_DIR}/dropbear/dropbear_*"
653 647 rm -f "${ETC_DIR}/apt/sources.list.save"
654 648 rm -f "${ETC_DIR}/resolvconf/resolv.conf.d/original"
655 649 rm -f "${ETC_DIR}/*-"
656 650 rm -f "${ETC_DIR}/apt/apt.conf.d/10proxy"
657 651 rm -f "${ETC_DIR}/resolv.conf"
658 652 rm -f "${R}/root/.bash_history"
659 653 rm -f "${R}/var/lib/urandom/random-seed"
660 654 rm -f "${R}/initrd.img"
661 655 rm -f "${R}/vmlinuz"
662 656 rm -f "${R}${QEMU_BINARY}"
663 657
664 658 if [ "$ENABLE_QEMU" = true ] ; then
665 659 # Setup QEMU directory
666 660 mkdir "${BASEDIR}/qemu"
667 661
668 662 # Copy kernel image to QEMU directory
669 663 install_readonly "${BOOT_DIR}/${KERNEL_IMAGE}" "${BASEDIR}/qemu/${KERNEL_IMAGE}"
670 664
671 665 # Copy kernel config to QEMU directory
672 666 install_readonly "${R}/boot/config-${KERNEL_VERSION}" "${BASEDIR}/qemu/config-${KERNEL_VERSION}"
673 667
674 668 # Copy kernel dtbs to QEMU directory
675 669 for dtb in "${BOOT_DIR}/"*.dtb ; do
676 670 if [ -f "${dtb}" ] ; then
677 671 install_readonly "${dtb}" "${BASEDIR}/qemu/"
678 672 fi
679 673 done
680 674
681 675 # Copy kernel overlays to QEMU directory
682 676 if [ -d "${BOOT_DIR}/overlays" ] ; then
683 677 # Setup overlays dtbs directory
684 678 mkdir "${BASEDIR}/qemu/overlays"
685 679
686 680 for dtb in "${BOOT_DIR}/overlays/"*.dtb ; do
687 681 if [ -f "${dtb}" ] ; then
688 682 install_readonly "${dtb}" "${BASEDIR}/qemu/overlays/"
689 683 fi
690 684 done
691 685 fi
692 686
693 687 # Copy u-boot files to QEMU directory
694 688 if [ "$ENABLE_UBOOT" = true ] ; then
695 689 if [ -f "${BOOT_DIR}/u-boot.bin" ] ; then
696 690 install_readonly "${BOOT_DIR}/u-boot.bin" "${BASEDIR}/qemu/u-boot.bin"
697 691 fi
698 692 if [ -f "${BOOT_DIR}/uboot.mkimage" ] ; then
699 693 install_readonly "${BOOT_DIR}/uboot.mkimage" "${BASEDIR}/qemu/uboot.mkimage"
700 694 fi
701 695 if [ -f "${BOOT_DIR}/boot.scr" ] ; then
702 696 install_readonly "${BOOT_DIR}/boot.scr" "${BASEDIR}/qemu/boot.scr"
703 697 fi
704 698 fi
705 699
706 700 # Copy initramfs to QEMU directory
707 701 if [ -f "${BOOT_DIR}/initramfs-${KERNEL_VERSION}" ] ; then
708 702 install_readonly "${BOOT_DIR}/initramfs-${KERNEL_VERSION}" "${BASEDIR}/qemu/initramfs-${KERNEL_VERSION}"
709 703 fi
710 704 fi
711 705
712 706 # Calculate size of the chroot directory in KB
713 707 CHROOT_SIZE=$(expr "$(du -s "${R}" | awk '{ print $1 }')")
714 708
715 709 # Calculate the amount of needed 512 Byte sectors
716 710 TABLE_SECTORS=$(expr 1 \* 1024 \* 1024 \/ 512)
717 711 FRMW_SECTORS=$(expr 64 \* 1024 \* 1024 \/ 512)
718 712 ROOT_OFFSET=$(expr "${TABLE_SECTORS}" + "${FRMW_SECTORS}")
719 713
720 714 # The root partition is EXT4
721 715 # This means more space than the actual used space of the chroot is used.
722 716 # As overhead for journaling and reserved blocks 35% are added.
723 717 ROOT_SECTORS=$(expr "$(expr "${CHROOT_SIZE}" + "${CHROOT_SIZE}" \/ 100 \* 35)" \* 1024 \/ 512)
724 718
725 719 # Calculate required image size in 512 Byte sectors
726 720 IMAGE_SECTORS=$(expr "${TABLE_SECTORS}" + "${FRMW_SECTORS}" + "${ROOT_SECTORS}")
727 721
728 722 # Prepare image file
729 723 if [ "$ENABLE_SPLITFS" = true ] ; then
730 724 dd if=/dev/zero of="$IMAGE_NAME-frmw.img" bs=512 count="${TABLE_SECTORS}"
731 725 dd if=/dev/zero of="$IMAGE_NAME-frmw.img" bs=512 count=0 seek="${FRMW_SECTORS}"
732 726 dd if=/dev/zero of="$IMAGE_NAME-root.img" bs=512 count="${TABLE_SECTORS}"
733 727 dd if=/dev/zero of="$IMAGE_NAME-root.img" bs=512 count=0 seek="${ROOT_SECTORS}"
734 728
735 729 # Write firmware/boot partition tables
736 730 sfdisk -q -L -uS -f "$IMAGE_NAME-frmw.img" 2> /dev/null <<EOM
737 731 ${TABLE_SECTORS},${FRMW_SECTORS},c,*
738 732 EOM
739 733
740 734 # Write root partition table
741 735 sfdisk -q -L -uS -f "$IMAGE_NAME-root.img" 2> /dev/null <<EOM
742 736 ${TABLE_SECTORS},${ROOT_SECTORS},83
743 737 EOM
744 738
745 739 # Setup temporary loop devices
746 740 FRMW_LOOP="$(losetup -o 1M --sizelimit 64M -f --show "$IMAGE_NAME"-frmw.img)"
747 741 ROOT_LOOP="$(losetup -o 1M -f --show "$IMAGE_NAME"-root.img)"
748 742 else # ENABLE_SPLITFS=false
749 743 dd if=/dev/zero of="$IMAGE_NAME.img" bs=512 count="${TABLE_SECTORS}"
750 744 dd if=/dev/zero of="$IMAGE_NAME.img" bs=512 count=0 seek="${IMAGE_SECTORS}"
751 745
752 746 # Write partition table
753 747 sfdisk -q -L -uS -f "$IMAGE_NAME.img" 2> /dev/null <<EOM
754 748 ${TABLE_SECTORS},${FRMW_SECTORS},c,*
755 749 ${ROOT_OFFSET},${ROOT_SECTORS},83
756 750 EOM
757 751
758 752 # Setup temporary loop devices
759 753 FRMW_LOOP="$(losetup -o 1M --sizelimit 64M -f --show "$IMAGE_NAME".img)"
760 754 ROOT_LOOP="$(losetup -o 65M -f --show "$IMAGE_NAME".img)"
761 755 fi
762 756
763 757 if [ "$ENABLE_CRYPTFS" = true ] ; then
764 758 # Create dummy ext4 fs
765 759 mkfs.ext4 "$ROOT_LOOP"
766 760
767 761 # Setup password keyfile
768 762 touch .password
769 763 chmod 600 .password
770 764 echo -n ${CRYPTFS_PASSWORD} > .password
771 765
772 766 # Initialize encrypted partition
773 767 echo "YES" | cryptsetup luksFormat "${ROOT_LOOP}" -c "${CRYPTFS_CIPHER}" -s "${CRYPTFS_XTSKEYSIZE}" .password
774 768
775 769 # Open encrypted partition and setup mapping
776 770 cryptsetup luksOpen "${ROOT_LOOP}" -d .password "${CRYPTFS_MAPPING}"
777 771
778 772 # Secure delete password keyfile
779 773 shred -zu .password
780 774
781 775 # Update temporary loop device
782 776 ROOT_LOOP="/dev/mapper/${CRYPTFS_MAPPING}"
783 777
784 778 # Wipe encrypted partition (encryption cipher is used for randomness)
785 779 dd if=/dev/zero of="${ROOT_LOOP}" bs=512 count="$(blockdev --getsz "${ROOT_LOOP}")"
786 780 fi
787 781
788 782 # Build filesystems
789 783 mkfs.vfat "$FRMW_LOOP"
790 784 mkfs.ext4 "$ROOT_LOOP"
791 785
792 786 # Mount the temporary loop devices
793 787 mkdir -p "$BUILDDIR/mount"
794 788 mount "$ROOT_LOOP" "$BUILDDIR/mount"
795 789
796 790 mkdir -p "$BUILDDIR/mount/boot/firmware"
797 791 mount "$FRMW_LOOP" "$BUILDDIR/mount/boot/firmware"
798 792
799 793 # Copy all files from the chroot to the loop device mount point directory
800 794 rsync -a "${R}/" "$BUILDDIR/mount/"
801 795
802 796 # Unmount all temporary loop devices and mount points
803 797 cleanup
804 798
805 799 # Create block map file(s) of image(s)
806 800 if [ "$ENABLE_SPLITFS" = true ] ; then
807 801 # Create block map files for "bmaptool"
808 802 bmaptool create -o "$IMAGE_NAME-frmw.bmap" "$IMAGE_NAME-frmw.img"
809 803 bmaptool create -o "$IMAGE_NAME-root.bmap" "$IMAGE_NAME-root.img"
810 804
811 805 # Image was successfully created
812 806 echo "$IMAGE_NAME-frmw.img ($(expr \( "${TABLE_SECTORS}" + "${FRMW_SECTORS}" \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
813 807 echo "$IMAGE_NAME-root.img ($(expr \( "${TABLE_SECTORS}" + "${ROOT_SECTORS}" \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
814 808 else
815 809 # Create block map file for "bmaptool"
816 810 bmaptool create -o "$IMAGE_NAME.bmap" "$IMAGE_NAME.img"
817 811
818 812 # Image was successfully created
819 813 echo "$IMAGE_NAME.img ($(expr \( "${TABLE_SECTORS}" + "${FRMW_SECTORS}" + "${ROOT_SECTORS}" \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
820 814
821 815 # Create qemu qcow2 image
822 816 if [ "$ENABLE_QEMU" = true ] ; then
823 817 QEMU_IMAGE=${QEMU_IMAGE:=${BASEDIR}/qemu/${DATE}-${KERNEL_ARCH}-CURRENT-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}}
824 818 QEMU_SIZE=16G
825 819
826 820 qemu-img convert -f raw -O qcow2 "$IMAGE_NAME".img "$QEMU_IMAGE".qcow2
827 821 qemu-img resize "$QEMU_IMAGE".qcow2 $QEMU_SIZE
828 822
829 823 echo "$QEMU_IMAGE.qcow2 ($QEMU_SIZE)" ": successfully created"
830 824 fi
831 825 fi
General Comments 0
Vous devez vous connecter pour laisser un commentaire. Se connecter maintenant