Raspi2-3_GenImage Commit - r52:1f5000be9fe2 · Collaboration Tremplin des Sciences

Merge branch 'fpytloun-master'

Jan Wagner -

r52:1f5000be9fe2

parent child

Context file:

r52:1f5000be9fe2

Collapse all files

files/config.txt created 644 +43 0

			@@ -0,0 +1,43
		1	# For more options and information see
		2	# http://www.raspberrypi.org/documentation/configuration/config-txt.md
		3	# Some settings may impact device functionality. See link above for details
		4
		5	# uncomment if you get no picture on HDMI for a default "safe" mode
		6	#hdmi_safe=1
		7
		8	# uncomment this if your display has a black border of unused pixels visible
		9	# and your display can output without overscan
		10	#disable_overscan=1
		11
		12	# uncomment the following to adjust overscan. Use positive numbers if console
		13	# goes off screen, and negative if there is too much border
		14	#overscan_left=16
		15	#overscan_right=16
		16	#overscan_top=16
		17	#overscan_bottom=16
		18
		19	# uncomment to force a console size. By default it will be display's size minus
		20	# overscan.
		21	#framebuffer_width=1280
		22	#framebuffer_height=720
		23
		24	# uncomment if hdmi display is not detected and composite is being output
		25	#hdmi_force_hotplug=1
		26
		27	# uncomment to force a specific HDMI mode (this will force VGA)
		28	#hdmi_group=1
		29	#hdmi_mode=1
		30
		31	# uncomment to force a HDMI mode rather than DVI. This can make audio work in
		32	# DMT (computer monitor) modes
		33	#hdmi_drive=2
		34
		35	# uncomment to increase signal to HDMI, if you have interference, blanking, or
		36	# no display
		37	#config_hdmi_boost=4
		38
		39	# uncomment for composite PAL
		40	#sdtv_mode=2
		41
		42	# uncomment to overclock the arm. 700 MHz is the default.
		43	#arm_freq=800

files/firstboot/10-begin.sh created 644 +2 0

			@@ -0,0 +1,2
		1	#!/bin/sh -e
		2	logger -t "rc.firstboot" "Starting first boot actions"

files/firstboot/21-generate-ssh-keys.sh created 644 +8 0

			@@ -0,0 +1,8
		1	logger -t "rc.firstboot" "Generating SSH host keys"
		2	rm -f /etc/ssh/ssh_host_*
		3	ssh-keygen -q -t rsa -N "" -f /etc/ssh/ssh_host_rsa_key
		4	ssh-keygen -q -t dsa -N "" -f /etc/ssh/ssh_host_dsa_key
		5	ssh-keygen -q -t ecdsa -N "" -f /etc/ssh/ssh_host_ecdsa_key
		6	ssh-keygen -q -t ed25519 -N "" -f /etc/ssh/ssh_host_ed25519_key
		7
		8	systemctl restart sshd

files/firstboot/22-expandroot.sh created 644 +52 0

			@@ -0,0 +1,52
		1	logger -t "rc.firstboot" "Expanding root"
		2	ROOT_PART=$(mount \| sed -n 's\|^/dev/$.$ on / .\|\1\|p')
		3	PART_NUM=$(echo ${ROOT_PART} \| grep -o '[1-9][0-9]*$')
		4	case "${ROOT_PART}" in
		5	mmcblk0*) ROOT_DEV=mmcblk0 ;;
		6	sda*) ROOT_DEV=sda ;;
		7	esac
		8	if [ "$PART_NUM" = "$ROOT_PART" ]; then
		9	logger -t "rc.firstboot" "$ROOT_PART is not an SD card. Don't know how to expand"
		10	return 0
		11	fi
		12
		13	# NOTE: the NOOBS partition layout confuses parted. For now, let's only
		14	# agree to work with a sufficiently simple partition layout
		15	if [ "$PART_NUM" -gt 2 ]; then
		16	logger -t "rc.firstboot" "Your partition layout is not currently supported by this tool."
		17	return 0
		18	fi
		19	LAST_PART_NUM=$(parted /dev/${ROOT_DEV} -ms unit s p \| tail -n 1 \| cut -f 1 -d:)
		20	if [ $LAST_PART_NUM -ne $PART_NUM ]; then
		21	logger -t "rc.firstboot" "$ROOT_PART is not the last partition. Don't know how to expand"
		22	return 0
		23	fi
		24
		25	# Get the starting offset of the root partition
		26	PART_START=$(parted /dev/${ROOT_DEV} -ms unit s p \| grep "^${PART_NUM}" \| cut -f 2 -d: \| sed 's/[^0-9]//g')
		27	[ "$PART_START" ] \|\| return 1
		28
		29	# Get the possible last sector for the root partition
		30	PART_LAST=$(fdisk -l /dev/${ROOT_DEV} \| grep '^Disk.*sectors' \| awk '{ print $7 - 1 }')
		31	[ "$PART_LAST" ] \|\| return 1
		32
		33	# Return value will likely be error for fdisk as it fails to reload the
		34	# partition table because the root fs is mounted
		35	### Since rc.local is run with "sh -e", let's add "\|\| true" to prevent premature exit
		36	fdisk /dev/${ROOT_DEV} <<EOF2 \|\| true
		37	p
		38	d
		39	$PART_NUM
		40	n
		41	p
		42	$PART_NUM
		43	$PART_START
		44	$PART_LAST
		45	p
		46	w
		47	EOF2
		48
		49	# Reload the partition table, resize root filesystem then remove resizing code from this file
		50	partprobe &&
		51	resize2fs /dev/${ROOT_PART} &&
		52	logger -t "rc.firstboot" "Root partition successfuly resized."

files/firstboot/99-finish.sh created 644 +3 0

			@@ -0,0 +1,3
		1	logger -t "rc.firstboot" "First boot actions finished"
		2	rm -f /etc/rc.firstboot
		3	sed -i '/.*rc.firstboot/d' /etc/rc.local

files/fstab created 644 +2 0

			@@ -0,0 +1,2
		1	/dev/mmcblk0p2 / ext4 noatime,nodiratime,errors=remount-ro,discard,data=writeback,commit=100 0 1
		2	/dev/mmcblk0p1 /boot/firmware vfat defaults,noatime,nodiratime 0 2

files/iptables/flush-ip6tables.sh created 644 +15 0

			@@ -0,0 +1,15
		1	#!/bin/sh
		2	ip6tables -F
		3	ip6tables -X
		4	ip6tables -Z
		5
		6	for table in $(</proc/net/ip6_tables_names)
		7	do
		8	ip6tables -t \$table -F
		9	ip6tables -t \$table -X
		10	ip6tables -t \$table -Z
		11	done
		12
		13	ip6tables -P INPUT ACCEPT
		14	ip6tables -P OUTPUT ACCEPT
		15	ip6tables -P FORWARD ACCEPT

files/iptables/flush-iptables.sh created 644 +10 0

			@@ -0,0 +1,10
		1	#!/bin/sh
		2	iptables -F
		3	iptables -X
		4	iptables -t nat -F
		5	iptables -t nat -X
		6	iptables -t mangle -F
		7	iptables -t mangle -X
		8	iptables -P INPUT ACCEPT
		9	iptables -P FORWARD ACCEPT
		10	iptables -P OUTPUT ACCEPT

files/iptables/ip6tables.rules created 644 +48 0

			@@ -0,0 +1,48
		1	*filter
		2	:INPUT DROP [0:0]
		3	:FORWARD DROP [0:0]
		4	:OUTPUT ACCEPT [0:0]
		5	:TCP - [0:0]
		6	:UDP - [0:0]
		7	:SSH - [0:0]
		8
		9	# Drop packets with RH0 headers
		10	-A INPUT -m rt --rt-type 0 -j DROP
		11	-A OUTPUT -m rt --rt-type 0 -j DROP
		12	-A FORWARD -m rt --rt-type 0 -j DROP
		13
		14	# Rate limit ping requests
		15	-A INPUT -p icmpv6 --icmpv6-type echo-request -m limit --limit 30/min --limit-burst 8 -j ACCEPT
		16	-A INPUT -p icmpv6 --icmpv6-type echo-request -j DROP
		17
		18	# Accept established connections
		19	-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
		20
		21	# Accept all traffic on loopback interface
		22	-A INPUT -i lo -j ACCEPT
		23
		24	# Drop packets declared invalid
		25	-A INPUT -m conntrack --ctstate INVALID -j DROP
		26
		27	# SSH rate limiting
		28	-A INPUT -p tcp --dport ssh -m conntrack --ctstate NEW -j SSH
		29	-A SSH -m recent --name sshbf --rttl --rcheck --hitcount 3 --seconds 10 -j DROP
		30	-A SSH -m recent --name sshbf --rttl --rcheck --hitcount 20 --seconds 1800 -j DROP
		31	-A SSH -m recent --name sshbf --set -j ACCEPT
		32
		33	# Send TCP and UDP connections to their respective rules chain
		34	-A INPUT -p udp -m conntrack --ctstate NEW -j UDP
		35	-A INPUT -p tcp --syn -m conntrack --ctstate NEW -j TCP
		36
		37	# Reject dropped packets with a RFC compliant responce
		38	-A INPUT -p udp -j REJECT --reject-with icmp6-adm-prohibited
		39	-A INPUT -p tcp -j REJECT --reject-with icmp6-adm-prohibited
		40	-A INPUT -j REJECT --reject-with icmp6-adm-prohibited
		41
		42	## TCP PORT RULES
		43	# -A TCP -p tcp -j LOG
		44
		45	## UDP PORT RULES
		46	# -A UDP -p udp -j LOG
		47
		48	COMMIT

files/iptables/ip6tables.service created 644 +15 0

			@@ -0,0 +1,15
		1	[Unit]
		2	Description=Packet Filtering Framework
		3	DefaultDependencies=no
		4	After=systemd-sysctl.service
		5	Before=sysinit.target
		6
		7	[Service]
		8	Type=oneshot
		9	ExecStart=/sbin/ip6tables-restore /etc/iptables/ip6tables.rules
		10	ExecReload=/sbin/ip6tables-restore /etc/iptables/ip6tables.rules
		11	ExecStop=/etc/iptables/flush-ip6tables.sh
		12	RemainAfterExit=yes
		13
		14	[Install]
		15	WantedBy=multi-user.target

files/iptables/iptables.rules created 644 +43 0

			@@ -0,0 +1,43
		1	*filter
		2	:INPUT DROP [0:0]
		3	:FORWARD DROP [0:0]
		4	:OUTPUT ACCEPT [0:0]
		5	:TCP - [0:0]
		6	:UDP - [0:0]
		7	:SSH - [0:0]
		8
		9	# Rate limit ping requests
		10	-A INPUT -p icmp --icmp-type echo-request -m limit --limit 30/min --limit-burst 8 -j ACCEPT
		11	-A INPUT -p icmp --icmp-type echo-request -j DROP
		12
		13	# Accept established connections
		14	-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
		15
		16	# Accept all traffic on loopback interface
		17	-A INPUT -i lo -j ACCEPT
		18
		19	# Drop packets declared invalid
		20	-A INPUT -m conntrack --ctstate INVALID -j DROP
		21
		22	# SSH rate limiting
		23	-A INPUT -p tcp --dport ssh -m conntrack --ctstate NEW -j SSH
		24	-A SSH -m recent --name sshbf --rttl --rcheck --hitcount 3 --seconds 10 -j DROP
		25	-A SSH -m recent --name sshbf --rttl --rcheck --hitcount 20 --seconds 1800 -j DROP
		26	-A SSH -m recent --name sshbf --set -j ACCEPT
		27
		28	# Send TCP and UDP connections to their respective rules chain
		29	-A INPUT -p udp -m conntrack --ctstate NEW -j UDP
		30	-A INPUT -p tcp --syn -m conntrack --ctstate NEW -j TCP
		31
		32	# Reject dropped packets with a RFC compliant responce
		33	-A INPUT -p udp -j REJECT --reject-with icmp-port-unreachable
		34	-A INPUT -p tcp -j REJECT --reject-with tcp-rst
		35	-A INPUT -j REJECT --reject-with icmp-proto-unreachable
		36
		37	## TCP PORT RULES
		38	# -A TCP -p tcp -j LOG
		39
		40	## UDP PORT RULES
		41	# -A UDP -p udp -j LOG
		42
		43	COMMIT

files/iptables/iptables.service created 644 +15 0

			@@ -0,0 +1,15
		1	[Unit]
		2	Description=Packet Filtering Framework
		3	DefaultDependencies=no
		4	After=systemd-sysctl.service
		5	Before=sysinit.target
		6
		7	[Service]
		8	Type=oneshot
		9	ExecStart=/sbin/iptables-restore /etc/iptables/iptables.rules
		10	ExecReload=/sbin/iptables-restore /etc/iptables/iptables.rules
		11	ExecStop=/etc/iptables/flush-iptables.sh
		12	RemainAfterExit=yes
		13
		14	[Install]
		15	WantedBy=multi-user.target

files/modprobe.d/raspi-blacklist.conf created 644 +9 0

			@@ -0,0 +1,9
		1	blacklist snd_soc_core
		2	blacklist snd_pcm
		3	blacklist snd_pcm_dmaengine
		4	blacklist snd_timer
		5	blacklist snd_compress
		6	blacklist snd_soc_pcm512x_i2c
		7	blacklist snd_soc_pcm512x
		8	blacklist snd_soc_tas5713
		9	blacklist snd_soc_wm8804

files/sysctl.d/81-rpi-vm.conf created 644 +6 0

			@@ -0,0 +1,6
		1	# Avoid swapping and increase cache sizes
		2	vm.swappiness=1
		3	vm.dirty_background_ratio=20
		4	vm.dirty_ratio=40
		5	vm.dirty_writeback_centisecs=500
		6	vm.dirty_expire_centisecs=6000

files/sysctl.d/82-rpi-net-hardening.conf created 644 +59 0

			@@ -0,0 +1,59
		1	# Enable network stack hardening
		2	net.ipv4.tcp_timestamps=0
		3	net.ipv4.tcp_syncookies=1
		4	net.ipv4.conf.all.rp_filter=1
		5	net.ipv4.conf.all.accept_redirects=0
		6	net.ipv4.conf.all.send_redirects=0
		7	net.ipv4.conf.all.accept_source_route=0
		8	net.ipv4.conf.default.rp_filter=1
		9	net.ipv4.conf.default.accept_redirects=0
		10	net.ipv4.conf.default.send_redirects=0
		11	net.ipv4.conf.default.accept_source_route=0
		12	net.ipv4.conf.lo.accept_redirects=0
		13	net.ipv4.conf.lo.send_redirects=0
		14	net.ipv4.conf.lo.accept_source_route=0
		15	net.ipv4.conf.eth0.accept_redirects=0
		16	net.ipv4.conf.eth0.send_redirects=0
		17	net.ipv4.conf.eth0.accept_source_route=0
		18	net.ipv4.icmp_echo_ignore_broadcasts=1
		19	net.ipv4.icmp_ignore_bogus_error_responses=1
		20
		21	net.ipv6.conf.all.accept_redirects=0
		22	net.ipv6.conf.all.accept_source_route=0
		23	net.ipv6.conf.all.router_solicitations=0
		24	net.ipv6.conf.all.accept_ra_rtr_pref=0
		25	net.ipv6.conf.all.accept_ra_pinfo=0
		26	net.ipv6.conf.all.accept_ra_defrtr=0
		27	net.ipv6.conf.all.autoconf=0
		28	net.ipv6.conf.all.dad_transmits=0
		29	net.ipv6.conf.all.max_addresses=1
		30
		31	net.ipv6.conf.default.accept_redirects=0
		32	net.ipv6.conf.default.accept_source_route=0
		33	net.ipv6.conf.default.router_solicitations=0
		34	net.ipv6.conf.default.accept_ra_rtr_pref=0
		35	net.ipv6.conf.default.accept_ra_pinfo=0
		36	net.ipv6.conf.default.accept_ra_defrtr=0
		37	net.ipv6.conf.default.autoconf=0
		38	net.ipv6.conf.default.dad_transmits=0
		39	net.ipv6.conf.default.max_addresses=1
		40
		41	net.ipv6.conf.lo.accept_redirects=0
		42	net.ipv6.conf.lo.accept_source_route=0
		43	net.ipv6.conf.lo.router_solicitations=0
		44	net.ipv6.conf.lo.accept_ra_rtr_pref=0
		45	net.ipv6.conf.lo.accept_ra_pinfo=0
		46	net.ipv6.conf.lo.accept_ra_defrtr=0
		47	net.ipv6.conf.lo.autoconf=0
		48	net.ipv6.conf.lo.dad_transmits=0
		49	net.ipv6.conf.lo.max_addresses=1
		50
		51	net.ipv6.conf.eth0.accept_redirects=0
		52	net.ipv6.conf.eth0.accept_source_route=0
		53	net.ipv6.conf.eth0.router_solicitations=0
		54	net.ipv6.conf.eth0.accept_ra_rtr_pref=0
		55	net.ipv6.conf.eth0.accept_ra_pinfo=0
		56	net.ipv6.conf.eth0.accept_ra_defrtr=0
		57	net.ipv6.conf.eth0.autoconf=0
		58	net.ipv6.conf.eth0.dad_transmits=0
		59	net.ipv6.conf.eth0.max_addresses=1

README.md +17 0

              # rpi2-gen-image
              ## Introduction
              `rpi2-gen-image.sh` is an advanced Debian Linux bootstrapping shell script for generating Debian OS images for the Raspberry 2 (RPi2) computer. The script at this time only supports the bootstrapping of the current stable Debian 8 "jessie" release.
              ## Build dependencies
              The following list of Debian packages must be installed on the build system because they are essentially required for the bootstrapping process. The script will check if all required packages are installed and missing packages will be installed automatically if confirmed by the user.
                ```debootstrap debian-archive-keyring qemu-user-static dosfstools rsync bmap-tools whois git-core```
              ## Command-line parameters
              The script accepts certain command-line parameters to enable or disable specific OS features, services and configuration settings. These parameters are passed to the `rpi2-gen-image.sh` script via (simple) shell-variables. Unlike environment shell-variables (simple) shell-variables are defined at the beginning of the command-line call of the `rpi2-gen-image.sh` script.
              #####Command-line examples:
              ```shell
              ENABLE_UBOOT=true ./rpi2-gen-image.sh
              ENABLE_CONSOLE=false ENABLE_IPV6=false ./rpi2-gen-image.sh
              ENABLE_WM=xfce4 ENABLE_FBTURBO=true ENABLE_MINBASE=true ./rpi2-gen-image.sh
              ENABLE_HARDNET=true ENABLE_IPTABLES=true /rpi2-gen-image.sh
              APT_SERVER=ftp.de.debian.org APT_PROXY="http://127.0.0.1:3142/" ./rpi2-gen-image.sh
              ENABLE_MINBASE=true ./rpi2-gen-image.sh
               ```
              #### APT settings:
              ##### `APT_SERVER`="ftp.debian.org"
              Set Debian packages server address. Choose a server from the list of Debian worldwide [mirror sites](https://www.debian.org/mirror/list). Using a nearby server will probably speed-up all required downloads within the bootstrapping process.
              ##### `APT_PROXY`=""
              Set Proxy server address. Using a local Proxy-Cache like `apt-cacher-ng` will speed-up the bootstrapping process because all required Debian packages will only be downloaded from the Debian mirror site once.
              ##### `APT_INCLUDES`=""
              A comma seperated list of additional packages to be installed during bootstrapping.
              #### General system settings:
              ##### `HOSTNAME`="rpi2-jessie"
              Set system host name. It's recommended that the host name is unique in the corresponding subnet.
              ##### `PASSWORD`="raspberry"
              Set system `root` password. The same password is used for the created user `pi`. It's **STRONGLY** recommended that you choose a custom password.
              ##### `DEFLOCAL`="en_US.UTF-8"
              Set default system locale. This setting can also be changed inside the running OS using the `dpkg-reconfigure locales` command. The script variant `minbase` (ENABLE_MINBASE=true) doesn't install `locales`.
              ##### `TIMEZONE`="Europe/Berlin"
              Set default system timezone. All available timezones can be found in the `/usr/share/zoneinfo/` directory. This setting can also be changed inside the running OS using the `dpkg-reconfigure tzdata` command.
+             ##### `EXPANDROOT`=true
+             Expand the root partition and filesystem automatically on first boot.
              #### Keyboard settings:
              These options are used to configure keyboard layout in `/etc/default/keyboard` for console and Xorg. These settings can also be changed inside the running OS using the `dpkg-reconfigure keyboard-configuration` command.
              ##### `XKBMODEL`=""
              ##### `XKBLAYOUT`=""
              ##### `XKBVARIANT`=""
              ##### `XKBOPTIONS`=""
              #### Networking settings
              These settings are used to set up networking configuration in `/etc/systemd/network/eth.network`.
              #####`ENABLE_DHCP`=true
              Set the system to use DHCP. When set to "true", the following `NET_*` settings (used for static configuration) are ignored.
              #####`NET_ADDRESS`=""
              Set a static IPv4 or IPv6 address and its prefix, separated by "/", eg. "192.169.0.3/24".
              #####`NET_GATEWAY`=""
              Set the IP address for the default gateway.
              #####`NET_DNS_1`=""
              Set the IP address for the first DNS server.
              #####`NET_DNS_2`=""
              Set the IP address for the second DNS server.
              #####`NET_DNS_DOMAINS`=""
              Set the default DNS search domains to use for non fully qualified host names.
              #####`NET_NTP_1`=""
              Set the IP address for the first NTP server.
              #####`NET_NTP_2`=""
              Set the IP address for the second NTP server.
              #### Basic system features:
              ##### `ENABLE_CONSOLE`=true
              Enable serial console interface. Recommended if no monitor or keyboard is connected to the RPi2. In case of problems fe. if the network (auto) configuration failed - the serial console can be used to access the system.
              ##### `ENABLE_IPV6`=true
              Enable IPv6 support. The network interface configuration is managed via systemd-networkd.
              ##### `ENABLE_SSHD`=true
              Install and enable OpenSSH service. The default configuration of the service doesn't allow `root` to login. Please use the user `pi` instead and `su -` or `sudo` to execute commands as root.
+             ##### `ENABLE_RSYSLOG`=true
+             If set to false, disable and uninstall rsyslog (so logs will be available only
+             in journal files)
              ##### `ENABLE_SOUND`=true
              Enable sound hardware and install Advanced Linux Sound Architecture.
              ##### `ENABLE_HWRANDOM`=true
              Enable Hardware Random Number Generator. Strong random numbers are important for most network based communications that use encryption. It's recommended to be enabled.
              ##### `ENABLE_MINGPU`=false
              Minimize the amount of shared memory reserved for the GPU. It doesn't seem to be possible to fully disable the GPU.
              ##### `ENABLE_DBUS`=true
              Install and enable D-Bus message bus. Please note that systemd should work without D-bus but it's recommended to be enabled.
              ##### `ENABLE_XORG`=false
              Install Xorg open-source X Window System.
              ##### `ENABLE_WM`=""
              Install a user defined window manager for the X Window System. To make sure all X related package dependencies are getting installed `ENABLE_XORG` will automatically get enabled if `ENABLE_WM` is used. The `rpi2-gen-image.sh` script has been tested with the following list of window managers: `blackbox`, `openbox`, `fluxbox`, `jwm`, `dwm`, `xfce4`, `awesome`.
              #### Advanced sytem features:
              ##### `ENABLE_MINBASE`=false
              Use debootstrap script variant `minbase` which only includes essential packages and apt. This will reduce the disk usage by about 65 MB.
              ##### `ENABLE_UBOOT`=false
              Replace default RPi2 second stage bootloader (bootcode.bin) with U-Boot bootloader. U-Boot can boot images via the network using the BOOTP/TFTP protocol.
              ##### `ENABLE_FBTURBO`=false
              Install and enable the hardware accelerated Xorg video driver `fbturbo`. Please note that this driver is currently limited to hardware accelerated window moving and scrolling.
              ##### `ENABLE_IPTABLES`=false
              Enable iptables IPv4/IPv6 firewall. Simplified ruleset: Allow all outgoing connections. Block all incoming connections except to OpenSSH service.
+             ##### `ENABLE_USER`=true
+             Create pi user with password raspberry
+             ##### `ENABLE_ROOT`=true
+             Set root user password so root login will be enabled
+             ##### `ENABLE_ROOT_SSH`=true
+             Enable password root login via SSH. May be a security risk with default
+             password, use only in trusted environments.
              ##### `ENABLE_HARDNET`=false
              Enable IPv4/IPv6 network stack hardening settings.
              ## Logging of the bootstrapping process
              All information related to the bootstrapping process and the commands executed by the `rpi2-gen-image.sh` script can easily be saved into a logfile. The common shell command `script` can be used for this purpose:
              ```shell
              script -c 'APT_SERVER=ftp.de.debian.org ./rpi2-gen-image.sh' ./build.log
              ```
              ## Flashing the image file
              After the image file was successfully created by the `rpi2-gen-image.sh` script it can be copied to the microSD card that will be used by the RPi2 computer. This can be performed by using the tools `bmaptool` or `dd`. Using `bmaptool` will probably speed-up the copy process because `bmaptool` copies more wisely than `dd`.
              #####Flashing examples:
              ```shell
              bmaptool copy ./images/jessie/2015-12-13-debian-jessie.img /dev/mmcblk0
              dd bs=4M if=./images/jessie/2015-12-13-debian-jessie.img of=/dev/mmcblk0
              ```

rpi2-gen-image.sh +107 -339

              #!/bin/sh
              ########################################################################
              # rpi2-gen-image.sh					   ver2a 12/2015
              #
              # Advanced debian "jessie" bootstrap script for RPi2
              #
              # This program is free software; you can redistribute it and/or
              # modify it under the terms of the GNU General Public License
              # as published by the Free Software Foundation; either version 2
              # of the License, or (at your option) any later version.
              #
              # some parts based on rpi2-build-image:
              # Copyright (C) 2015 Ryan Finnie <ryan@finnie.org>
              # Copyright (C) 2015 Luca Falavigna <dktrkranz@debian.org>
              ########################################################################
              # Clean up all temporary mount points
              cleanup (){
                set +x
                set +e
                echo "removing temporary mount points ..."
                umount -l $R/proc 2> /dev/null
                umount -l $R/sys 2> /dev/null
                umount -l $R/dev/pts 2> /dev/null
                umount "$BUILDDIR/mount/boot/firmware" 2> /dev/null
                umount "$BUILDDIR/mount" 2> /dev/null
                losetup -d "$EXT4_LOOP" 2> /dev/null
                losetup -d "$VFAT_LOOP" 2> /dev/null
                trap - 0 1 2 3 6
              }
+             # Exec command in chroot
+             chroot_exec() {
+               LANG=C LC_ALL=C chroot $R $*
+             }
              set -e
              set -x
              # Debian release
              RELEASE=${RELEASE:=jessie}
+             KERNEL=${KERNEL:=3.18.0-trunk-rpi2}
              # Build settings
              BASEDIR=./images/${RELEASE}
              BUILDDIR=${BASEDIR}/build
              # General settings
              HOSTNAME=${HOSTNAME:=rpi2-${RELEASE}}
              PASSWORD=${PASSWORD:=raspberry}
              DEFLOCAL=${DEFLOCAL:="en_US.UTF-8"}
              TIMEZONE=${TIMEZONE:="Europe/Berlin"}
              XKBMODEL=${XKBMODEL:=""}
              XKBLAYOUT=${XKBLAYOUT:=""}
              XKBVARIANT=${XKBVARIANT:=""}
              XKBOPTIONS=${XKBOPTIONS:=""}
+             EXPANDROOT=${EXPANDROOT:=true}
              # Network settings
              ENABLE_DHCP=${ENABLE_DHCP:=true}
              # NET_* settings are ignored when ENABLE_DHCP=true
              # NET_ADDRESS is an IPv4 or IPv6 address and its prefix, separated by "/"
              NET_ADDRESS=${NET_ADDRESS:=""}
              NET_GATEWAY=${NET_GATEWAY:=""}
              NET_DNS_1=${NET_DNS_1:=""}
              NET_DNS_2=${NET_DNS_2:=""}
              NET_DNS_DOMAINS=${NET_DNS_DOMAINS:=""}
              NET_NTP_1=${NET_NTP_1:=""}
              NET_NTP_2=${NET_NTP_2:=""}
              # APT settings
              APT_PROXY=${APT_PROXY:=""}
              APT_SERVER=${APT_SERVER:="ftp.debian.org"}
              # Feature settings
              ENABLE_CONSOLE=${ENABLE_CONSOLE:=true}
              ENABLE_IPV6=${ENABLE_IPV6:=true}
              ENABLE_SSHD=${ENABLE_SSHD:=true}
              ENABLE_SOUND=${ENABLE_SOUND:=true}
              ENABLE_DBUS=${ENABLE_DBUS:=true}
              ENABLE_HWRANDOM=${ENABLE_HWRANDOM:=true}
              ENABLE_MINGPU=${ENABLE_MINGPU:=false}
              ENABLE_XORG=${ENABLE_XORG:=false}
              ENABLE_WM=${ENABLE_WM:=""}
+             ENABLE_RSYSLOG=${ENABLE_RSYSLOG:=true}
+             ENABLE_USER=${ENABLE_USER:=true}
+             ENABLE_ROOT=${ENABLE_ROOT:=false}
+             ENABLE_ROOT_SSH=${ENABLE_ROOT_SSH:=false}
              # Advanced settings
              ENABLE_MINBASE=${ENABLE_MINBASE:=false}
              ENABLE_UBOOT=${ENABLE_UBOOT:=false}
              ENABLE_FBTURBO=${ENABLE_FBTURBO:=false}
              ENABLE_HARDNET=${ENABLE_HARDNET:=false}
              ENABLE_IPTABLES=${ENABLE_IPTABLES:=false}
              # Image chroot path
              R=${BUILDDIR}/chroot
              # Packages required for bootstrapping
              REQUIRED_PACKAGES="debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git-core"
              # Missing packages that need to be installed
              MISSING_PACKAGES=""
              # Packages required in the chroot build environment
              APT_INCLUDES=${APT_INCLUDES:=""}
              APT_INCLUDES="${APT_INCLUDES},apt-transport-https,ca-certificates,debian-archive-keyring,dialog,sudo"
              set +x
              # Are we running as root?
              if [ "$(id -u)" -ne "0" ] ; then
                echo "this script must be executed with root privileges"
                exit 1
              fi
              # Check if all required packages are installed
              for package in $REQUIRED_PACKAGES ; do
                if [ "`dpkg-query -W -f='${Status}' $package`" != "install ok installed" ] ; then
                  MISSING_PACKAGES="$MISSING_PACKAGES $package"
                fi
              done
              # Ask if missing packages should get installed right now
              if [ -n "$MISSING_PACKAGES" ] ; then
                echo "the following packages needed by this script are not installed:"
                echo "$MISSING_PACKAGES"
                echo -n "\ndo you want to install the missing packages right now? [y/n] "
                read confirm
                if [ "$confirm" != "y" ] ; then
                  exit 1
                fi
              fi
              # Make sure all required packages are installed
              apt-get -qq -y install ${REQUIRED_PACKAGES}
              # Don't clobber an old build
              if [ -e "$BUILDDIR" ]; then
                echo "directory $BUILDDIR already exists, not proceeding"
                exit 1
              fi
              set -x
              # Call "cleanup" function on various signals and errors
              trap cleanup 0 1 2 3 6
              # Set up chroot directory
              mkdir -p $R
              # Add required packages for the minbase installation
              if [ "$ENABLE_MINBASE" = true ] ; then
                APT_INCLUDES="${APT_INCLUDES},vim-tiny,netbase,net-tools"
              else
                APT_INCLUDES="${APT_INCLUDES},locales,keyboard-configuration,console-setup"
              fi
+             # Add parted package, required to get partprobe utility
+             if [ "$EXPANDROOT" = true ] ; then
+               APT_INCLUDES="${APT_INCLUDES},parted"
+             fi
              # Add dbus package, recommended if using systemd
              if [ "$ENABLE_DBUS" = true ] ; then
                APT_INCLUDES="${APT_INCLUDES},dbus"
              fi
              # Add iptables IPv4/IPv6 package
              if [ "$ENABLE_IPTABLES" = true ] ; then
                APT_INCLUDES="${APT_INCLUDES},iptables"
              fi
              # Add openssh server package
              if [ "$ENABLE_SSHD" = true ] ; then
                APT_INCLUDES="${APT_INCLUDES},openssh-server"
              fi
              # Add alsa-utils package
              if [ "$ENABLE_SOUND" = true ] ; then
                APT_INCLUDES="${APT_INCLUDES},alsa-utils"
              fi
              # Add rng-tools package
              if [ "$ENABLE_HWRANDOM" = true ] ; then
                APT_INCLUDES="${APT_INCLUDES},rng-tools"
              fi
+             if [ "$ENABLE_USER" = true ]; then
+               APT_INCLUDES="${APT_INCLUDES},sudo"
+             fi
              # Add fbturbo video driver
              if [ "$ENABLE_FBTURBO" = true ] ; then
                # Enable xorg package dependencies
                ENABLE_XORG=true
              fi
              # Add user defined window manager package
              if [ -n "$ENABLE_WM" ] ; then
                APT_INCLUDES="${APT_INCLUDES},${ENABLE_WM}"
                # Enable xorg package dependencies
                ENABLE_XORG=true
              fi
              # Add xorg package
              if [ "$ENABLE_XORG" = true ] ; then
                APT_INCLUDES="${APT_INCLUDES},xorg"
              fi
              # Base debootstrap (unpack only)
              if [ "$ENABLE_MINBASE" = true ] ; then
                http_proxy=${APT_PROXY} debootstrap --arch=armhf --variant=minbase --foreign --include=${APT_INCLUDES} $RELEASE $R http://${APT_SERVER}/debian
              else
                http_proxy=${APT_PROXY} debootstrap --arch=armhf --foreign --include=${APT_INCLUDES} $RELEASE $R http://${APT_SERVER}/debian
              fi
              # Copy qemu emulator binary to chroot
              cp /usr/bin/qemu-arm-static $R/usr/bin
              # Copy debian-archive-keyring.pgp
              chroot $R mkdir -p /usr/share/keyrings
              cp /usr/share/keyrings/debian-archive-keyring.gpg $R/usr/share/keyrings/debian-archive-keyring.gpg
              # Complete the bootstrapping process
              chroot $R /debootstrap/debootstrap --second-stage
              # Mount required filesystems
              mount -t proc none $R/proc
              mount -t sysfs none $R/sys
              mount --bind /dev/pts $R/dev/pts
              # Use proxy inside chroot
              if [ -z "$APT_PROXY" ] ; then
                echo "Acquire::http::Proxy \"$APT_PROXY\";" >> $R/etc/apt/apt.conf.d/10proxy
              fi
              # Pin package flash-kernel to repositories.collabora.co.uk
              cat <<EOM >$R/etc/apt/preferences.d/flash-kernel
              Package: flash-kernel
              Pin: origin repositories.collabora.co.uk
              Pin-Priority: 1000
              EOM
              # Set up timezone
              echo ${TIMEZONE} >$R/etc/timezone
-             LANG=C chroot $R dpkg-reconfigure -f noninteractive tzdata
+             chroot_exec dpkg-reconfigure -f noninteractive tzdata
              # Upgrade collabora package index and install collabora keyring
              echo "deb https://repositories.collabora.co.uk/debian ${RELEASE} rpi2" >$R/etc/apt/sources.list
-             LANG=C chroot $R apt-get -qq -y update
-             LANG=C chroot $R apt-get -qq -y --force-yes install collabora-obs-archive-keyring
+             chroot_exec apt-get -qq -y update
+             chroot_exec apt-get -qq -y --force-yes install collabora-obs-archive-keyring
              # Set up initial sources.list
              cat <<EOM >$R/etc/apt/sources.list
              deb http://${APT_SERVER}/debian ${RELEASE} main contrib
              #deb-src http://${APT_SERVER}/debian ${RELEASE} main contrib
              deb http://${APT_SERVER}/debian/ ${RELEASE}-updates main contrib
              #deb-src http://${APT_SERVER}/debian/ ${RELEASE}-updates main contrib
              deb http://security.debian.org/ ${RELEASE}/updates main contrib
              #deb-src http://security.debian.org/ ${RELEASE}/updates main contrib
              deb https://repositories.collabora.co.uk/debian ${RELEASE} rpi2
              EOM
              # Upgrade package index and update all installed packages and changed dependencies
-             LANG=C chroot $R apt-get -qq -y update
-             LANG=C chroot $R apt-get -qq -y -u dist-upgrade
+             chroot_exec apt-get -qq -y update
+             chroot_exec apt-get -qq -y -u dist-upgrade
              # Set up default locale and keyboard configuration
              if [ "$ENABLE_MINBASE" = false ] ; then
                # Set locale choice in debconf db, even though dpkg-reconfigure ignores and overwrites them due to some bug
                # https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=684134 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=685957
                # ... so we have to set locales manually
                if [ "$DEFLOCAL" = "en_US.UTF-8" ] ; then
-                 LANG=C chroot $R echo "locales locales/locales_to_be_generated multiselect ${DEFLOCAL} UTF-8" | debconf-set-selections
+                 chroot_exec echo "locales locales/locales_to_be_generated multiselect ${DEFLOCAL} UTF-8" | debconf-set-selections
                else
                  # en_US.UTF-8 should be available anyway : https://www.debian.org/doc/manuals/debian-reference/ch08.en.html#_the_reconfiguration_of_the_locale
-                 LANG=C chroot $R echo "locales locales/locales_to_be_generated multiselect en_US.UTF-8 UTF-8, ${DEFLOCAL} UTF-8" | debconf-set-selections
-                 LANG=C chroot $R sed -i "/en_US.UTF-8/s/^#//" /etc/locale.gen
+                 chroot_exec echo "locales locales/locales_to_be_generated multiselect en_US.UTF-8 UTF-8, ${DEFLOCAL} UTF-8" | debconf-set-selections
+                 chroot_exec sed -i "/en_US.UTF-8/s/^#//" /etc/locale.gen
                fi
-               LANG=C chroot $R sed -i "/${DEFLOCAL}/s/^#//" /etc/locale.gen
-               LANG=C chroot $R echo "locales locales/default_environment_locale select ${DEFLOCAL}" | debconf-set-selections
-               LANG=C chroot $R locale-gen
-               LANG=C chroot $R update-locale LANG=${DEFLOCAL}
+               chroot_exec sed -i "/${DEFLOCAL}/s/^#//" /etc/locale.gen
+               chroot_exec echo "locales locales/default_environment_locale select ${DEFLOCAL}" | debconf-set-selections
+               chroot_exec locale-gen
+               chroot_exec update-locale LANG=${DEFLOCAL}
                # Keyboard configuration, if requested
                if [ "$XKBMODEL" != "" ] ; then
-                 LANG=C chroot $R sed -i "s/^XKBMODEL.*/XKBMODEL=\"${XKBMODEL}\"/" /etc/default/keyboard
+                 chroot_exec sed -i "s/^XKBMODEL.*/XKBMODEL=\"${XKBMODEL}\"/" /etc/default/keyboard
                fi
                if [ "$XKBLAYOUT" != "" ] ; then
-                 LANG=C chroot $R sed -i "s/^XKBLAYOUT.*/XKBLAYOUT=\"${XKBLAYOUT}\"/" /etc/default/keyboard
+                 chroot_exec sed -i "s/^XKBLAYOUT.*/XKBLAYOUT=\"${XKBLAYOUT}\"/" /etc/default/keyboard
                fi
                if [ "$XKBVARIANT" != "" ] ; then
-                 LANG=C chroot $R sed -i "s/^XKBVARIANT.*/XKBVARIANT=\"${XKBVARIANT}\"/" /etc/default/keyboard
+                 chroot_exec sed -i "s/^XKBVARIANT.*/XKBVARIANT=\"${XKBVARIANT}\"/" /etc/default/keyboard
                fi
                if [ "$XKBOPTIONS" != "" ] ; then
-                 LANG=C chroot $R sed -i "s/^XKBOPTIONS.*/XKBOPTIONS=\"${XKBOPTIONS}\"/" /etc/default/keyboard
+                 chroot_exec sed -i "s/^XKBOPTIONS.*/XKBOPTIONS=\"${XKBOPTIONS}\"/" /etc/default/keyboard
                fi
-               LANG=C chroot $R dpkg-reconfigure -f noninteractive keyboard-configuration
+               chroot_exec dpkg-reconfigure -f noninteractive keyboard-configuration
                # Set up font console
                case "${DEFLOCAL}" in
                  *UTF-8)
-                   LANG=C chroot $R sed -i 's/^CHARMAP.*/CHARMAP="UTF-8"/' /etc/default/console-setup
+                   chroot_exec sed -i 's/^CHARMAP.*/CHARMAP="UTF-8"/' /etc/default/console-setup
                    ;;
                  *)
-                   LANG=C chroot $R sed -i 's/^CHARMAP.*/CHARMAP="guess"/' /etc/default/console-setup
+                   chroot_exec sed -i 's/^CHARMAP.*/CHARMAP="guess"/' /etc/default/console-setup
                    ;;
                esac
-               LANG=C chroot $R dpkg-reconfigure -f noninteractive console-setup
+               chroot_exec dpkg-reconfigure -f noninteractive console-setup
              fi
              # Kernel installation
              # Install flash-kernel last so it doesn't try (and fail) to detect the platform in the chroot
-             LANG=C chroot $R apt-get -qq -y --no-install-recommends install linux-image-3.18.0-trunk-rpi2
-             LANG=C chroot $R apt-get -qq -y install flash-kernel
+             chroot_exec apt-get -qq -y --no-install-recommends install linux-image-${KERNEL} raspberrypi-bootloader-nokernel
+             chroot_exec apt-get -qq -y install flash-kernel
              VMLINUZ="$(ls -1 $R/boot/vmlinuz-* | sort | tail -n 1)"
              [ -z "$VMLINUZ" ] && exit 1
-             mkdir -p $R/boot/firmware
-             # required boot binaries from raspberry/firmware github (commit: "kernel: Bump to 3.18.10")
-             wget -q -O $R/boot/firmware/bootcode.bin https://github.com/raspberrypi/firmware/raw/cd355a9dd4f1f4de2e79b0c8e102840885cdf1de/boot/bootcode.bin
-             wget -q -O $R/boot/firmware/fixup_cd.dat https://github.com/raspberrypi/firmware/raw/cd355a9dd4f1f4de2e79b0c8e102840885cdf1de/boot/fixup_cd.dat
-             wget -q -O $R/boot/firmware/fixup.dat https://github.com/raspberrypi/firmware/raw/cd355a9dd4f1f4de2e79b0c8e102840885cdf1de/boot/fixup.dat
-             wget -q -O $R/boot/firmware/fixup_x.dat https://github.com/raspberrypi/firmware/raw/cd355a9dd4f1f4de2e79b0c8e102840885cdf1de/boot/fixup_x.dat
-             wget -q -O $R/boot/firmware/start_cd.elf https://github.com/raspberrypi/firmware/raw/cd355a9dd4f1f4de2e79b0c8e102840885cdf1de/boot/start_cd.elf
-             wget -q -O $R/boot/firmware/start.elf https://github.com/raspberrypi/firmware/raw/cd355a9dd4f1f4de2e79b0c8e102840885cdf1de/boot/start.elf
-             wget -q -O $R/boot/firmware/start_x.elf https://github.com/raspberrypi/firmware/raw/cd355a9dd4f1f4de2e79b0c8e102840885cdf1de/boot/start_x.elf
              cp $VMLINUZ $R/boot/firmware/kernel7.img
              # Set up IPv4 hosts
              echo ${HOSTNAME} >$R/etc/hostname
              cat <<EOM >$R/etc/hosts
 .0.0.1       localhost
 .0.1.1       ${HOSTNAME}
              EOM
              if [ "$NET_ADDRESS" != "" ] ; then
              NET_IP=$(echo ${NET_ADDRESS} | cut -f 1 -d'/')
              sed -i "s/^127.0.1.1/${NET_IP}/" $R/etc/hosts
              fi
              # Set up IPv6 hosts
              if [ "$ENABLE_IPV6" = true ] ; then
              cat <<EOM >>$R/etc/hosts
              ::1             localhost ip6-localhost ip6-loopback
              ff02::1         ip6-allnodes
              ff02::2         ip6-allrouters
              EOM
              fi
              # Place hint about network configuration
              cat <<EOM >$R/etc/network/interfaces
              # Debian switched to systemd-networkd configuration files.
              # please configure your networks in '/etc/systemd/network/'
              EOM
              if [ "$ENABLE_DHCP" = true ] ; then
              # Enable systemd-networkd DHCP configuration for interface eth0
              cat <<EOM >$R/etc/systemd/network/eth.network
              [Match]
              Name=eth0
              [Network]
              DHCP=yes
              EOM
              # Set DHCP configuration to IPv4 only
              if [ "$ENABLE_IPV6" = false ] ; then
                sed -i "s/^DHCP=yes/DHCP=v4/" $R/etc/systemd/network/eth.network
              fi
              else # ENABLE_DHCP=false
              cat <<EOM >$R/etc/systemd/network/eth.network
              [Match]
              Name=eth0
              [Network]
              DHCP=no
              Address=${NET_ADDRESS}
              Gateway=${NET_GATEWAY}
              DNS=${NET_DNS_1}
              DNS=${NET_DNS_2}
              Domains=${NET_DNS_DOMAINS}
              NTP=${NET_NTP_1}
              NTP=${NET_NTP_2}
              EOM
              fi
              # Enable systemd-networkd service
-             LANG=C chroot $R systemctl enable systemd-networkd
+             chroot_exec systemctl enable systemd-networkd
              # Generate crypt(3) password string
              ENCRYPTED_PASSWORD=`mkpasswd -m sha-512 ${PASSWORD}`
              # Set up default user
-             LANG=C chroot $R adduser --gecos "Raspberry PI user" --add_extra_groups --disabled-password pi
-             LANG=C chroot $R usermod -a -G sudo -p "${ENCRYPTED_PASSWORD}" pi
+             if [ "$ENABLE_USER" = true ] ; then
+               chroot_exec adduser --gecos pi --add_extra_groups --disabled-password pi
+               chroot_exec usermod -a -G sudo -p "${ENCRYPTED_PASSWORD}" pi
+             fi
+             # Set up root password or not
+             if [ "$ENABLE_ROOT" = true ]; then
+               chroot_exec usermod -p "${ENCRYPTED_PASSWORD}" root
-             # Set up root password
-             LANG=C chroot $R usermod -p "${ENCRYPTED_PASSWORD}" root
+               if [ "$ENABLE_ROOT_SSH" = true ]; then
+                 sed -i 's|[#]*PermitRootLogin.*|PermitRootLogin yes|g' $R/etc/ssh/sshd_config
+               fi
+             else
+               chroot_exec usermod -p \'!\' root
+             fi
              # Set up firmware boot cmdline
              CMDLINE="dwc_otg.lpm_enable=0 root=/dev/mmcblk0p2 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline rootwait net.ifnames=1 console=tty1"
              # Set up serial console support (if requested)
              if [ "$ENABLE_CONSOLE" = true ] ; then
                CMDLINE="${CMDLINE} console=ttyAMA0,115200 kgdboc=ttyAMA0,115200"
              fi
              # Set up IPv6 networking support
              if [ "$ENABLE_IPV6" = false ] ; then
                CMDLINE="${CMDLINE} ipv6.disable=1"
              fi
              echo "${CMDLINE}" >$R/boot/firmware/cmdline.txt
              # Set up firmware config
-             cat <<EOM >$R/boot/firmware/config.txt
-             # For more options and information see
-             # http://www.raspberrypi.org/documentation/configuration/config-txt.md
-             # Some settings may impact device functionality. See link above for details
-             # uncomment if you get no picture on HDMI for a default "safe" mode
-             #hdmi_safe=1
-             # uncomment this if your display has a black border of unused pixels visible
-             # and your display can output without overscan
-             #disable_overscan=1
-             # uncomment the following to adjust overscan. Use positive numbers if console
-             # goes off screen, and negative if there is too much border
-             #overscan_left=16
-             #overscan_right=16
-             #overscan_top=16
-             #overscan_bottom=16
-             # uncomment to force a console size. By default it will be display's size minus
-             # overscan.
-             #framebuffer_width=1280
-             #framebuffer_height=720
-             # uncomment if hdmi display is not detected and composite is being output
-             #hdmi_force_hotplug=1
-             # uncomment to force a specific HDMI mode (this will force VGA)
-             #hdmi_group=1
-             #hdmi_mode=1
-             # uncomment to force a HDMI mode rather than DVI. This can make audio work in
-             # DMT (computer monitor) modes
-             #hdmi_drive=2
-             # uncomment to increase signal to HDMI, if you have interference, blanking, or
-             # no display
-             #config_hdmi_boost=4
-             # uncomment for composite PAL
-             #sdtv_mode=2
-             # uncomment to overclock the arm. 700 MHz is the default.
-             #arm_freq=800
-             EOM
+             install -o root -g root -m 644 files/config.txt $R/boot/firmware/config.txt
              # Load snd_bcm2835 kernel module at boot time
              if [ "$ENABLE_SOUND" = true ] ; then
                echo "snd_bcm2835" >>$R/etc/modules
              fi
              # Set smallest possible GPU memory allocation size: 16MB (no X)
              if [ "$ENABLE_MINGPU" = true ] ; then
                echo "gpu_mem=16" >>$R/boot/firmware/config.txt
              fi
              # Create symlinks
              ln -sf firmware/config.txt $R/boot/config.txt
              ln -sf firmware/cmdline.txt $R/boot/cmdline.txt
              # Prepare modules-load.d directory
              mkdir -p $R/lib/modules-load.d/
              # Load random module on boot
              if [ "$ENABLE_HWRANDOM" = true ] ; then
                cat <<EOM >$R/lib/modules-load.d/rpi2.conf
              bcm2708_rng
              EOM
              fi
              # Prepare modprobe.d directory
              mkdir -p $R/etc/modprobe.d/
              # Blacklist sound modules
-             cat <<EOM >$R/etc/modprobe.d/raspi-blacklist.conf
-             blacklist snd_soc_core
-             blacklist snd_pcm
-             blacklist snd_pcm_dmaengine
-             blacklist snd_timer
-             blacklist snd_compress
-             blacklist snd_soc_pcm512x_i2c
-             blacklist snd_soc_pcm512x
-             blacklist snd_soc_tas5713
-             blacklist snd_soc_wm8804
-             EOM
+             install -o root -g root -m 644 files/modprobe.d/raspi-blacklist.conf $R/etc/modprobe.d/raspi-blacklist.conf
              # Create default fstab
-             cat <<EOM >$R/etc/fstab
-             /dev/mmcblk0p2 / ext4 noatime,nodiratime,errors=remount-ro,discard,data=writeback,commit=100 0 1
-             /dev/mmcblk0p1 /boot/firmware vfat defaults,noatime,nodiratime 0 2
-             EOM
-             # Avoid swapping and increase cache sizes
-             cat <<EOM >>$R/etc/sysctl.d/99-sysctl.conf
+             install -o root -g root -m 644 files/fstab $R/etc/fstab
              # Avoid swapping and increase cache sizes
-             vm.swappiness=1
-             vm.dirty_background_ratio=20
-             vm.dirty_ratio=40
-             vm.dirty_writeback_centisecs=500
-             vm.dirty_expire_centisecs=6000
-             EOM
+             install -o root -g root -m 644 files/sysctl.d/81-rpi-vm.conf $R/etc/sysctl.d/81-rpi-vm.conf
              # Enable network stack hardening
              if [ "$ENABLE_HARDNET" = true ] ; then
-               cat <<EOM >>$R/etc/sysctl.d/99-sysctl.conf
-             # Enable network stack hardening
-             net.ipv4.tcp_timestamps=0
-             net.ipv4.tcp_syncookies=1
-             net.ipv4.conf.all.rp_filter=1
-             net.ipv4.conf.all.accept_redirects=0
-             net.ipv4.conf.all.send_redirects=0
-             net.ipv4.conf.all.accept_source_route=0
-             net.ipv4.conf.default.rp_filter=1
-             net.ipv4.conf.default.accept_redirects=0
-             net.ipv4.conf.default.send_redirects=0
-             net.ipv4.conf.default.accept_source_route=0
-             net.ipv4.conf.lo.accept_redirects=0
-             net.ipv4.conf.lo.send_redirects=0
-             net.ipv4.conf.lo.accept_source_route=0
-             net.ipv4.conf.eth0.accept_redirects=0
-             net.ipv4.conf.eth0.send_redirects=0
-             net.ipv4.conf.eth0.accept_source_route=0
-             net.ipv4.icmp_echo_ignore_broadcasts=1
-             net.ipv4.icmp_ignore_bogus_error_responses=1
-             net.ipv6.conf.all.accept_redirects=0
-             net.ipv6.conf.all.accept_source_route=0
-             net.ipv6.conf.all.router_solicitations=0
-             net.ipv6.conf.all.accept_ra_rtr_pref=0
-             net.ipv6.conf.all.accept_ra_pinfo=0
-             net.ipv6.conf.all.accept_ra_defrtr=0
-             net.ipv6.conf.all.autoconf=0
-             net.ipv6.conf.all.dad_transmits=0
-             net.ipv6.conf.all.max_addresses=1
-             net.ipv6.conf.default.accept_redirects=0
-             net.ipv6.conf.default.accept_source_route=0
-             net.ipv6.conf.default.router_solicitations=0
-             net.ipv6.conf.default.accept_ra_rtr_pref=0
-             net.ipv6.conf.default.accept_ra_pinfo=0
-             net.ipv6.conf.default.accept_ra_defrtr=0
-             net.ipv6.conf.default.autoconf=0
-             net.ipv6.conf.default.dad_transmits=0
-             net.ipv6.conf.default.max_addresses=1
-             net.ipv6.conf.lo.accept_redirects=0
-             net.ipv6.conf.lo.accept_source_route=0
-             net.ipv6.conf.lo.router_solicitations=0
-             net.ipv6.conf.lo.accept_ra_rtr_pref=0
-             net.ipv6.conf.lo.accept_ra_pinfo=0
-             net.ipv6.conf.lo.accept_ra_defrtr=0
-             net.ipv6.conf.lo.autoconf=0
-             net.ipv6.conf.lo.dad_transmits=0
-             net.ipv6.conf.lo.max_addresses=1
-             net.ipv6.conf.eth0.accept_redirects=0
-             net.ipv6.conf.eth0.accept_source_route=0
-             net.ipv6.conf.eth0.router_solicitations=0
-             net.ipv6.conf.eth0.accept_ra_rtr_pref=0
-             net.ipv6.conf.eth0.accept_ra_pinfo=0
-             net.ipv6.conf.eth0.accept_ra_defrtr=0
-             net.ipv6.conf.eth0.autoconf=0
-             net.ipv6.conf.eth0.dad_transmits=0
-             net.ipv6.conf.eth0.max_addresses=1
-             EOM
+               install -o root -g root -m 644 files/sysctl.d/81-rpi-net-hardening.conf $R/etc/sysctl.d/81-rpi-net-hardening.conf
              # Enable resolver warnings about spoofed addresses
                cat <<EOM >>$R/etc/host.conf
              spoof warn
              EOM
              fi
-             # Regenerate openssh server host keys
+             # First boot actions
+             cat files/firstboot/10-begin.sh > $R/etc/rc.firstboot
+             # Ensure openssh server host keys are regenerated on first boot
              if [ "$ENABLE_SSHD" = true ] ; then
-               rm -fr $R/etc/ssh/ssh_host_*
-               LANG=C chroot $R dpkg-reconfigure openssh-server
+               cat files/firstboot/21-generate-ssh-keys.sh >> $R/etc/rc.firstboot
+               rm -f $R/etc/ssh/ssh_host_*
+             fi
+             if [ "$EXPANDROOT" = true ] ; then
+               cat files/firstboot/22-expandroot.sh >> $R/etc/rc.firstboot
+             fi
+             cat files/firstboot/99-finish.sh >> $R/etc/rc.firstboot
+             chmod +x $R/etc/rc.firstboot
+             sed -i '/exit 0/d' $R/etc/rc.local
+             echo /etc/rc.firstboot >> $R/etc/rc.local
+             echo exit 0 >> $R/etc/rc.local
+             # Disable rsyslog
+             if [ "$ENABLE_RSYSLOG" = false ]; then
+               sed -i 's|[#]*ForwardToSyslog=yes|ForwardToSyslog=no|g' $R/etc/systemd/journald.conf
+               chroot_exec systemctl disable rsyslog
+               chroot_exec apt-get purge -q -y --force-yes rsyslog
              fi
              # Enable serial console systemd style
              if [ "$ENABLE_CONSOLE" = true ] ; then
-               LANG=C chroot $R systemctl enable serial-getty\@ttyAMA0.service
+               chroot_exec systemctl enable serial-getty\@ttyAMA0.service
              fi
              # Enable firewall based on iptables started by systemd service
              if [ "$ENABLE_IPTABLES" = true ] ; then
                # Create iptables configuration directory
                mkdir -p "$R/etc/iptables"
                # Create iptables systemd service
-               cat <<EOM >$R/etc/systemd/system/iptables.service
-             [Unit]
-             Description=Packet Filtering Framework
-             DefaultDependencies=no
-             After=systemd-sysctl.service
-             Before=sysinit.target
-             [Service]
-             Type=oneshot
-             ExecStart=/sbin/iptables-restore /etc/iptables/iptables.rules
-             ExecReload=/sbin/iptables-restore /etc/iptables/iptables.rules
-             ExecStop=/etc/iptables/flush-iptables.sh
-             RemainAfterExit=yes
-             [Install]
-             WantedBy=multi-user.target
-             EOM
+               install -o root -g root -m 644 files/iptables/iptables.service $R/etc/systemd/system/iptables.service
                # Create flush-table script called by iptables service
-               cat <<EOM >$R/etc/iptables/flush-iptables.sh
-             #!/bin/sh
-             iptables -F
-             iptables -X
-             iptables -t nat -F
-             iptables -t nat -X
-             iptables -t mangle -F
-             iptables -t mangle -X
-             iptables -P INPUT ACCEPT
-             iptables -P FORWARD ACCEPT
-             iptables -P OUTPUT ACCEPT
-             EOM
+               install -o root -g root -m 755 files/iptables/flush-iptables.sh $R/etc/iptables/flush-iptables.sh
                # Create iptables rule file
-               cat <<EOM >$R/etc/iptables/iptables.rules
-             *filter
-             :INPUT DROP [0:0]
-             :FORWARD DROP [0:0]
-             :OUTPUT ACCEPT [0:0]
-             :TCP - [0:0]
-             :UDP - [0:0]
-             :SSH - [0:0]
-             # Rate limit ping requests
-             -A INPUT -p icmp --icmp-type echo-request -m limit --limit 30/min --limit-burst 8 -j ACCEPT
-             -A INPUT -p icmp --icmp-type echo-request -j DROP
-             # Accept established connections
-             -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-             # Accept all traffic on loopback interface
-             -A INPUT -i lo -j ACCEPT
-             # Drop packets declared invalid
-             -A INPUT -m conntrack --ctstate INVALID -j DROP
-             # SSH rate limiting
-             -A INPUT -p tcp --dport ssh -m conntrack --ctstate NEW -j SSH
-             -A SSH -m recent --name sshbf --rttl --rcheck --hitcount 3 --seconds 10 -j DROP
-             -A SSH -m recent --name sshbf --rttl --rcheck --hitcount 20 --seconds 1800 -j DROP
-             -A SSH -m recent --name sshbf --set -j ACCEPT
-             # Send TCP and UDP connections to their respective rules chain
-             -A INPUT -p udp -m conntrack --ctstate NEW -j UDP
-             -A INPUT -p tcp --syn -m conntrack --ctstate NEW -j TCP
-             # Reject dropped packets with a RFC compliant responce
-             -A INPUT -p udp -j REJECT --reject-with icmp-port-unreachable
-             -A INPUT -p tcp -j REJECT --reject-with tcp-rst
-             -A INPUT -j REJECT --reject-with icmp-proto-unreachable
-             ## TCP PORT RULES
-             # -A TCP -p tcp -j LOG
-             ## UDP PORT RULES
-             # -A UDP -p udp -j LOG
-             COMMIT
-             EOM
+               install -o root -g root -m 644 files/iptables/iptables.rules $R/etc/iptables/iptables.rules
                # Reload systemd configuration and enable iptables service
-               LANG=C chroot $R systemctl daemon-reload
-               LANG=C chroot $R systemctl enable iptables.service
+               chroot_exec systemctl daemon-reload
+               chroot_exec systemctl enable iptables.service
                if [ "$ENABLE_IPV6" = true ] ; then
                  # Create ip6tables systemd service
-                 cat <<EOM >$R/etc/systemd/system/ip6tables.service
-             [Unit]
-             Description=Packet Filtering Framework
-             DefaultDependencies=no
-             After=systemd-sysctl.service
-             Before=sysinit.target
-             [Service]
-             Type=oneshot
-             ExecStart=/sbin/ip6tables-restore /etc/iptables/ip6tables.rules
-             ExecReload=/sbin/ip6tables-restore /etc/iptables/ip6tables.rules
-             ExecStop=/etc/iptables/flush-ip6tables.sh
-             RemainAfterExit=yes
-             [Install]
-             WantedBy=multi-user.target
-             EOM
+                 install -o root -g root -m 644 files/iptables/ip6tables.service $R/etc/systemd/system/ip6tables.service
                  # Create ip6tables file
-                 cat <<EOM >$R/etc/iptables/flush-ip6tables.sh
-             #!/bin/sh
-             ip6tables -F
-             ip6tables -X
-             ip6tables -Z
-             for table in $(</proc/net/ip6_tables_names)
-             do
-                     ip6tables -t \$table -F
-                     ip6tables -t \$table -X
-                     ip6tables -t \$table -Z
-             done
-             ip6tables -P INPUT ACCEPT
-             ip6tables -P OUTPUT ACCEPT
-             ip6tables -P FORWARD ACCEPT
-             EOM
-                 # Create ip6tables rule file
-                 cat <<EOM >$R/etc/iptables/ip6tables.rules
-             *filter
-             :INPUT DROP [0:0]
-             :FORWARD DROP [0:0]
-             :OUTPUT ACCEPT [0:0]
-             :TCP - [0:0]
-             :UDP - [0:0]
-             :SSH - [0:0]
+                 install -o root -g root -m 755 files/iptables/flush-ip6tables.sh $R/etc/iptables/flush-ip6tables.sh
-             # Drop packets with RH0 headers
-             -A INPUT -m rt --rt-type 0 -j DROP
-             -A OUTPUT -m rt --rt-type 0 -j DROP
-             -A FORWARD -m rt --rt-type 0 -j DROP
-             # Rate limit ping requests
-             -A INPUT -p icmpv6 --icmpv6-type echo-request -m limit --limit 30/min --limit-burst 8 -j ACCEPT
-             -A INPUT -p icmpv6 --icmpv6-type echo-request -j DROP
-             # Accept established connections
-             -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-             # Accept all traffic on loopback interface
-             -A INPUT -i lo -j ACCEPT
-             # Drop packets declared invalid
-             -A INPUT -m conntrack --ctstate INVALID -j DROP
-             # SSH rate limiting
-             -A INPUT -p tcp --dport ssh -m conntrack --ctstate NEW -j SSH
-             -A SSH -m recent --name sshbf --rttl --rcheck --hitcount 3 --seconds 10 -j DROP
-             -A SSH -m recent --name sshbf --rttl --rcheck --hitcount 20 --seconds 1800 -j DROP
-             -A SSH -m recent --name sshbf --set -j ACCEPT
-             # Send TCP and UDP connections to their respective rules chain
-             -A INPUT -p udp -m conntrack --ctstate NEW -j UDP
-             -A INPUT -p tcp --syn -m conntrack --ctstate NEW -j TCP
-             # Reject dropped packets with a RFC compliant responce
-             -A INPUT -p udp -j REJECT --reject-with icmp6-adm-prohibited
-             -A INPUT -p tcp -j REJECT --reject-with icmp6-adm-prohibited
-             -A INPUT -j REJECT --reject-with icmp6-adm-prohibited
-             ## TCP PORT RULES
-             # -A TCP -p tcp -j LOG
-             ## UDP PORT RULES
-             # -A UDP -p udp -j LOG
-             COMMIT
-             EOM
+                 install -o root -g root -m 644 files/iptables/ip6tables.rules $R/etc/iptables/ip6tables.rules
                # Reload systemd configuration and enable iptables service
-               LANG=C chroot $R systemctl daemon-reload
-               LANG=C chroot $R systemctl enable ip6tables.service
+                 chroot_exec systemctl daemon-reload
+                 chroot_exec systemctl enable ip6tables.service
                fi
              fi
              # Remove SSHD related iptables rules
              if [ "$ENABLE_SSHD" = false ] ; then
               sed -e '/^#/! {/SSH/ s/^/# /}' -i $R/etc/iptables/iptables.rules 2> /dev/null
               sed -e '/^#/! {/SSH/ s/^/# /}' -i $R/etc/iptables/ip6tables.rules 2> /dev/null
              fi
              # Install gcc/c++ build environment inside the chroot
              if [ "$ENABLE_UBOOT" = true ] || [ "$ENABLE_FBTURBO" = true ]; then
-               LANG=C chroot $R apt-get install -q -y --force-yes --no-install-recommends linux-compiler-gcc-4.9-arm g++ make bc
+               chroot_exec apt-get install -q -y --force-yes --no-install-recommends linux-compiler-gcc-4.9-arm g++ make bc
              fi
              # Fetch and build U-Boot bootloader
              if [ "$ENABLE_UBOOT" = true ] ; then
                # Fetch U-Boot bootloader sources
                git -C $R/tmp clone git://git.denx.de/u-boot.git
                # Build and install U-Boot inside chroot
-               LANG=C chroot $R make -C /tmp/u-boot/ rpi_2_defconfig all
+               chroot_exec make -C /tmp/u-boot/ rpi_2_defconfig all
                # Copy compiled bootloader binary and set config.txt to load it
                cp $R/tmp/u-boot/u-boot.bin $R/boot/firmware/
                printf "\n# boot u-boot kernel\nkernel=u-boot.bin\n" >> $R/boot/firmware/config.txt
                # Set U-Boot command file
                cat <<EOM >$R/boot/firmware/uboot.mkimage
              # Tell Linux that it is booting on a Raspberry Pi2
              setenv machid 0x00000c42
              # Set the kernel boot command line
              setenv bootargs "earlyprintk ${CMDLINE}"
              # Save these changes to u-boot's environment
              saveenv
              # Load the existing Linux kernel into RAM
              fatload mmc 0:1 \${kernel_addr_r} kernel7.img
              # Boot the kernel we have just loaded
              bootz \${kernel_addr_r}
              EOM
                # Generate U-Boot image from command file
-               LANG=C chroot $R mkimage -A arm -O linux -T script -C none -a 0x00000000 -e 0x00000000 -n "RPi2 Boot Script" -d /boot/firmware/uboot.mkimage /boot/firmware/boot.scr
+               chroot_exec mkimage -A arm -O linux -T script -C none -a 0x00000000 -e 0x00000000 -n "RPi2 Boot Script" -d /boot/firmware/uboot.mkimage /boot/firmware/boot.scr
              fi
              # Fetch and build fbturbo Xorg driver
              if [ "$ENABLE_FBTURBO" = true ] ; then
                # Fetch fbturbo driver sources
                git -C $R/tmp clone https://github.com/ssvb/xf86-video-fbturbo.git
                # Install Xorg build dependencies
-               LANG=C chroot $R apt-get install -q -y --no-install-recommends xorg-dev xutils-dev x11proto-dri2-dev libltdl-dev libtool automake libdrm-dev
+               chroot_exec apt-get install -q -y --no-install-recommends xorg-dev xutils-dev x11proto-dri2-dev libltdl-dev libtool automake libdrm-dev
                # Build and install fbturbo driver inside chroot
-               LANG=C chroot $R /bin/bash -c "cd /tmp/xf86-video-fbturbo; autoreconf -vi; ./configure --prefix=/usr; make; make install"
+               chroot_exec /bin/bash -c "cd /tmp/xf86-video-fbturbo; autoreconf -vi; ./configure --prefix=/usr; make; make install"
                # Add fbturbo driver to Xorg configuration
                cat <<EOM >$R/usr/share/X11/xorg.conf.d/99-fbturbo.conf
              Section "Device"
                      Identifier "Allwinner A10/A13 FBDEV"
                      Driver "fbturbo"
                      Option "fbdev" "/dev/fb0"
                      Option "SwapbuffersWait" "true"
              EndSection
              EOM
                # Remove Xorg build dependencies
-               LANG=C chroot $R apt-get -q -y purge --auto-remove xorg-dev xutils-dev x11proto-dri2-dev libltdl-dev libtool automake libdrm-dev
+               chroot_exec apt-get -q -y purge --auto-remove xorg-dev xutils-dev x11proto-dri2-dev libltdl-dev libtool automake libdrm-dev
              fi
              # Remove gcc/c++ build environment from the chroot
              if [ "$ENABLE_UBOOT" = true ] || [ "$ENABLE_FBTURBO" = true ]; then
-               LANG=C chroot $R apt-get -y -q purge --auto-remove bc binutils cpp cpp-4.9 g++ g++-4.9 gcc gcc-4.9 libasan1 libatomic1 libc-dev-bin libc6-dev libcloog-isl4 libgcc-4.9-dev libgomp1 libisl10 libmpc3 libmpfr4 libstdc++-4.9-dev libubsan0 linux-compiler-gcc-4.9-arm linux-libc-dev make
+               chroot_exec apt-get -y -q purge --auto-remove bc binutils cpp cpp-4.9 g++ g++-4.9 gcc gcc-4.9 libasan1 libatomic1 libc-dev-bin libc6-dev libcloog-isl4 libgcc-4.9-dev libgomp1 libisl10 libmpc3 libmpfr4 libstdc++-4.9-dev libubsan0 linux-compiler-gcc-4.9-arm linux-libc-dev make
              fi
              # Clean cached downloads
-             LANG=C chroot $R apt-get -y clean
-             LANG=C chroot $R apt-get -y autoclean
-             LANG=C chroot $R apt-get -y autoremove
+             chroot_exec apt-get -y clean
+             chroot_exec apt-get -y autoclean
+             chroot_exec apt-get -y autoremove
              # Unmount mounted filesystems
              umount -l $R/proc
              umount -l $R/sys
              # Clean up files
              rm -f $R/etc/apt/sources.list.save
              rm -f $R/etc/resolvconf/resolv.conf.d/original
              rm -rf $R/run
              mkdir -p $R/run
              rm -f $R/etc/*-
              rm -f $R/root/.bash_history
              rm -rf $R/tmp/*
              rm -f $R/var/lib/urandom/random-seed
              [ -L $R/var/lib/dbus/machine-id ] || rm -f $R/var/lib/dbus/machine-id
              rm -f $R/etc/machine-id
              rm -fr $R/etc/apt/apt.conf.d/10proxy
              # Calculate size of the chroot directory in KB
              CHROOT_SIZE=$(expr `du -s $R | awk '{ print $1 }'`)
              # Calculate the amount of needed 512 Byte sectors
              TABLE_SECTORS=$(expr 1 \* 1024 \* 1024 \/ 512)
              BOOT_SECTORS=$(expr 64 \* 1024 \* 1024 \/ 512)
              ROOT_OFFSET=$(expr ${TABLE_SECTORS} + ${BOOT_SECTORS})
              # The root partition is EXT4
              # This means more space than the actual used space of the chroot is used.
              # As overhead for journaling and reserved blocks 20% are added.
              ROOT_SECTORS=$(expr $(expr ${CHROOT_SIZE} + ${CHROOT_SIZE} \/ 100 \* 20) \* 1024 \/ 512)
              # Calculate required image size in 512 Byte sectors
              IMAGE_SECTORS=$(expr ${TABLE_SECTORS} + ${BOOT_SECTORS} + ${ROOT_SECTORS})
              # Prepare date string for image file name
              DATE="$(date +%Y-%m-%d)"
              # Prepare image file
              dd if=/dev/zero of="$BASEDIR/${DATE}-debian-${RELEASE}.img" bs=512 count=${TABLE_SECTORS}
              dd if=/dev/zero of="$BASEDIR/${DATE}-debian-${RELEASE}.img" bs=512 count=0 seek=${IMAGE_SECTORS}
              # Write partition table
              sfdisk -q -f "$BASEDIR/${DATE}-debian-${RELEASE}.img" <<EOM
              unit: sectors
 : start=   ${TABLE_SECTORS}, size=   ${BOOT_SECTORS}, Id= c, bootable
 : start=     ${ROOT_OFFSET}, size=   ${ROOT_SECTORS}, Id=83
 : start=                  0, size=                 0, Id= 0
 : start=                  0, size=                 0, Id= 0
              EOM
              # Set up temporary loop devices and build filesystems
              VFAT_LOOP="$(losetup -o 1M --sizelimit 64M -f --show $BASEDIR/${DATE}-debian-${RELEASE}.img)"
              EXT4_LOOP="$(losetup -o 65M -f --show $BASEDIR/${DATE}-debian-${RELEASE}.img)"
              mkfs.vfat "$VFAT_LOOP"
              mkfs.ext4 "$EXT4_LOOP"
              # Mount the temporary loop devices
              mkdir -p "$BUILDDIR/mount"
              mount "$EXT4_LOOP" "$BUILDDIR/mount"
              mkdir -p "$BUILDDIR/mount/boot/firmware"
              mount "$VFAT_LOOP" "$BUILDDIR/mount/boot/firmware"
              # Copy all files from the chroot to the loop device mount point directory
              rsync -a "$R/" "$BUILDDIR/mount/"
              # Unmount all temporary loop devices and mount points
              cleanup
              # (optinal) create block map file for "bmaptool"
              bmaptool create -o "$BASEDIR/${DATE}-debian-${RELEASE}.bmap" "$BASEDIR/${DATE}-debian-${RELEASE}.img"
              # Image was successfully created
              echo "$BASEDIR/${DATE}-debian-${RELEASE}.img (${IMAGE_SIZE})" ": successfully created"

General Comments 0

Écrire
Preview

Vous devez vous connecter pour laisser un commentaire. Se connecter maintenant

No TODOs yet

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Dépôts
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages

			@@ -0,0 +1,52
		1	logger -t "rc.firstboot" "Expanding root"
		2	ROOT_PART=$(mount \| sed -n 's\|^/dev/\(.\) on / .\|\1\|p')
		3	PART_NUM=$(echo ${ROOT_PART} \| grep -o '[1-9][0-9]*$')
		4	case "${ROOT_PART}" in
		5	mmcblk0*) ROOT_DEV=mmcblk0 ;;
		6	sda*) ROOT_DEV=sda ;;
		7	esac
		8	if [ "$PART_NUM" = "$ROOT_PART" ]; then
		9	logger -t "rc.firstboot" "$ROOT_PART is not an SD card. Don't know how to expand"
		10	return 0
		11	fi
		12
		13	# NOTE: the NOOBS partition layout confuses parted. For now, let's only
		14	# agree to work with a sufficiently simple partition layout
		15	if [ "$PART_NUM" -gt 2 ]; then
		16	logger -t "rc.firstboot" "Your partition layout is not currently supported by this tool."
		17	return 0
		18	fi
		19	LAST_PART_NUM=$(parted /dev/${ROOT_DEV} -ms unit s p \| tail -n 1 \| cut -f 1 -d:)
		20	if [ $LAST_PART_NUM -ne $PART_NUM ]; then
		21	logger -t "rc.firstboot" "$ROOT_PART is not the last partition. Don't know how to expand"
		22	return 0
		23	fi
		24
		25	# Get the starting offset of the root partition
		26	PART_START=$(parted /dev/${ROOT_DEV} -ms unit s p \| grep "^${PART_NUM}" \| cut -f 2 -d: \| sed 's/[^0-9]//g')
		27	[ "$PART_START" ] \|\| return 1
		28
		29	# Get the possible last sector for the root partition
		30	PART_LAST=$(fdisk -l /dev/${ROOT_DEV} \| grep '^Disk.*sectors' \| awk '{ print $7 - 1 }')
		31	[ "$PART_LAST" ] \|\| return 1
		32
		33	# Return value will likely be error for fdisk as it fails to reload the
		34	# partition table because the root fs is mounted
		35	### Since rc.local is run with "sh -e", let's add "\|\| true" to prevent premature exit
		36	fdisk /dev/${ROOT_DEV} <<EOF2 \|\| true
		37	p
		38	d
		39	$PART_NUM
		40	n
		41	p
		42	$PART_NUM
		43	$PART_START
		44	$PART_LAST
		45	p
		46	w
		47	EOF2
		48
		49	# Reload the partition table, resize root filesystem then remove resizing code from this file
		50	partprobe &&
		51	resize2fs /dev/${ROOT_PART} &&
		52	logger -t "rc.firstboot" "Root partition successfuly resized."