##// END OF EJS Templates
Enable_Bluetooth var...
Unknown -
r437:1fe79547704e
parent child
Show More
@@ -1,490 +1,492
1 1 # rpi23-gen-image
2 2 ## Introduction
3 3 `rpi23-gen-image.sh` is an advanced Debian Linux bootstrapping shell script for generating Debian OS images for Raspberry Pi 2 (RPi2) and Raspberry Pi 3 (RPi3) computers. The script at this time supports the bootstrapping of the Debian (armhf) releases `stretch` and `buster`. Raspberry Pi 3 images are generated for 32-bit mode only. Raspberry Pi 3 64-bit images can be generated using custom configuration parameters (```templates/rpi3-stretch-arm64-4.14.y```).
4 4
5 5 ## Build dependencies
6 6 The following list of Debian packages must be installed on the build system because they are essentially required for the bootstrapping process. The script will check if all required packages are installed and missing packages will be installed automatically if confirmed by the user.
7 7
8 8 ```debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git bc psmisc dbus sudo```
9 9
10 10 It is recommended to configure the `rpi23-gen-image.sh` script to build and install the latest Raspberry Pi Linux kernel. For the RPi3 this is mandatory. Kernel compilation and linking will be performed on the build system using an ARM (armhf) cross-compiler toolchain.
11 11
12 12 The script has been tested using the default `crossbuild-essential-armhf` toolchain meta package on Debian Linux `stretch` build systems. Please check the [Debian CrossToolchains Wiki](https://wiki.debian.org/CrossToolchains) for further information.
13 13
14 14 ## Command-line parameters
15 15 The script accepts certain command-line parameters to enable or disable specific OS features, services and configuration settings. These parameters are passed to the `rpi23-gen-image.sh` script via (simple) shell-variables. Unlike environment shell-variables (simple) shell-variables are defined at the beginning of the command-line call of the `rpi23-gen-image.sh` script.
16 16
17 17 ##### Command-line examples:
18 18 ```shell
19 19 ENABLE_UBOOT=true ./rpi23-gen-image.sh
20 20 ENABLE_CONSOLE=false ENABLE_IPV6=false ./rpi23-gen-image.sh
21 21 ENABLE_WM=xfce4 ENABLE_FBTURBO=true ENABLE_MINBASE=true ./rpi23-gen-image.sh
22 22 ENABLE_HARDNET=true ENABLE_IPTABLES=true /rpi23-gen-image.sh
23 23 APT_SERVER=ftp.de.debian.org APT_PROXY="http://127.0.0.1:3142/" ./rpi23-gen-image.sh
24 24 ENABLE_MINBASE=true ./rpi23-gen-image.sh
25 25 BUILD_KERNEL=true ENABLE_MINBASE=true ENABLE_IPV6=false ./rpi23-gen-image.sh
26 26 BUILD_KERNEL=true KERNELSRC_DIR=/tmp/linux ./rpi23-gen-image.sh
27 27 ENABLE_MINBASE=true ENABLE_REDUCE=true ENABLE_MINGPU=true BUILD_KERNEL=true ./rpi23-gen-image.sh
28 28 ENABLE_CRYPTFS=true CRYPTFS_PASSWORD=changeme EXPANDROOT=false ENABLE_MINBASE=true ENABLE_REDUCE=true ENABLE_MINGPU=true BUILD_KERNEL=true ./rpi23-gen-image.sh
29 29 RELEASE=stretch BUILD_KERNEL=true ./rpi23-gen-image.sh
30 30 RPI_MODEL=3 ENABLE_WIRELESS=true ENABLE_MINBASE=true BUILD_KERNEL=true ./rpi23-gen-image.sh
31 31 RELEASE=stretch RPI_MODEL=3 ENABLE_WIRELESS=true ENABLE_MINBASE=true BUILD_KERNEL=true ./rpi23-gen-image.sh
32 32 ```
33 33
34 34 ## Configuration template files
35 35 To avoid long lists of command-line parameters and to help to store the favourite parameter configurations the `rpi23-gen-image.sh` script supports so called configuration template files (`CONFIG_TEMPLATE`=template). These are simple text files located in the `./templates` directory that contain the list of configuration parameters that will be used. New configuration template files can be added to the `./templates` directory.
36 36
37 37 ##### Command-line examples:
38 38 ```shell
39 39 CONFIG_TEMPLATE=rpi3stretch ./rpi23-gen-image.sh
40 40 CONFIG_TEMPLATE=rpi2stretch ./rpi23-gen-image.sh
41 41 ```
42 42
43 43 ## Supported parameters and settings
44 44 #### APT settings:
45 45 ##### `APT_SERVER`="ftp.debian.org"
46 46 Set Debian packages server address. Choose a server from the list of Debian worldwide [mirror sites](https://www.debian.org/mirror/list). Using a nearby server will probably speed-up all required downloads within the bootstrapping process.
47 47
48 48 ##### `APT_PROXY`=""
49 49 Set Proxy server address. Using a local Proxy-Cache like `apt-cacher-ng` will speed-up the bootstrapping process because all required Debian packages will only be downloaded from the Debian mirror site once. If `apt-cacher-ng` is running on default `http://127.0.0.1:3142` it is autodetected and you don't need to set this.
50 50
51 51 ##### `APT_INCLUDES`=""
52 52 A comma separated list of additional packages to be installed by debootstrap during bootstrapping.
53 53
54 54 ##### `APT_INCLUDES_LATE`=""
55 55 A comma separated list of additional packages to be installed by apt after bootstrapping and after APT sources are set up. This is useful for packages with pre-depends, which debootstrap do not handle well.
56 56
57 57 ---
58 58
59 59 #### General system settings:
60 60 ##### `SET_ARCH`=32
61 61 Set Architecture to default 32bit. If you want to to compile 64bit (RPI3 or RPI3+) set it to `64`. This option will set every needed crosscompiler or boeard specific option for a successful build.
62 62 If you want to change e.g. cross-compiler -> Templates always override defaults
63 63
64 64 ##### `RPI_MODEL`=2
65 65 Specifiy the target Raspberry Pi hardware model. The script at this time supports the following Raspberry Pi models:
66 66 `0` = Used for Raspberry Pi 0 and Raspberry Pi 0 W
67 67 `1` = Used for Pi 1 model A and B
68 68 `1P` = Used for Pi 1 model B+ and A+
69 69 `2` = Used for Pi 2 model B
70 70 `3` = Used for Pi 3 model B
71 71 `3P` = Used for Pi 3 model B+
72 72 `BUILD_KERNEL`=true will automatically be set if the Raspberry Pi model `3` or `3P` is used.
73 73
74 74 ##### `RELEASE`="buster"
75 75 Set the desired Debian release name. The script at this time supports the bootstrapping of the Debian releases `stretch` and `buster`.
76 76
77 77 ##### `RELEASE_ARCH`="armhf"
78 78 Set the desired Debian release architecture.
79 79
80 80 ##### `HOSTNAME`="rpi$RPI_MODEL-$RELEASE"
81 81 Set system host name. It's recommended that the host name is unique in the corresponding subnet.
82 82
83 83 ##### `PASSWORD`="raspberry"
84 84 Set system `root` password. It's **STRONGLY** recommended that you choose a custom password.
85 85
86 86 ##### `USER_PASSWORD`="raspberry"
87 87 Set password for the created non-root user `USER_NAME`=pi. Ignored if `ENABLE_USER`=false. It's **STRONGLY** recommended that you choose a custom password.
88 88
89 89 ##### `DEFLOCAL`="en_US.UTF-8"
90 90 Set default system locale. This setting can also be changed inside the running OS using the `dpkg-reconfigure locales` command. Please note that on using this parameter the script will automatically install the required packages `locales`, `keyboard-configuration` and `console-setup`.
91 91
92 92 ##### `TIMEZONE`="Europe/Berlin"
93 93 Set default system timezone. All available timezones can be found in the `/usr/share/zoneinfo/` directory. This setting can also be changed inside the running OS using the `dpkg-reconfigure tzdata` command.
94 94
95 95 ##### `EXPANDROOT`=true
96 96 Expand the root partition and filesystem automatically on first boot.
97 97
98 98 ##### `ENABLE_QEMU`=false
99 99 Generate kernel (`vexpress_defconfig`), file system image (`qcow2`) and DTB files that can be used for QEMU full system emulation (`vexpress-A15`). The output files are stored in the `$(pwd)/images/qemu` directory. You can find more information about running the generated image in the QEMU section of this readme file.
100 100
101 101 ---
102 102
103 103 #### Keyboard settings:
104 104 These options are used to configure keyboard layout in `/etc/default/keyboard` for console and Xorg. These settings can also be changed inside the running OS using the `dpkg-reconfigure keyboard-configuration` command.
105 105
106 106 ##### `XKB_MODEL`=""
107 107 Set the name of the model of your keyboard type.
108 108
109 109 ##### `XKB_LAYOUT`=""
110 110 Set the supported keyboard layout(s).
111 111
112 112 ##### `XKB_VARIANT`=""
113 113 Set the supported variant(s) of the keyboard layout(s).
114 114
115 115 ##### `XKB_OPTIONS`=""
116 116 Set extra xkb configuration options.
117 117
118 118 ---
119 119
120 120 #### Networking settings (DHCP):
121 121 This parameter is used to set up networking auto configuration in `/etc/systemd/network/eth.network`. The default location of network configuration files in the Debian `stretch` release was changed to `/lib/systemd/network`.`
122 122
123 123 ##### `ENABLE_DHCP`=true
124 124 Set the system to use DHCP. This requires an DHCP server.
125 125
126 126 ---
127 127
128 128 #### Networking settings (static):
129 129 These parameters are used to set up a static networking configuration in `/etc/systemd/network/eth.network`. The following static networking parameters are only supported if `ENABLE_DHCP` was set to `false`. The default location of network configuration files in the Debian `stretch` release was changed to `/lib/systemd/network`.
130 130
131 131 ##### `NET_ADDRESS`=""
132 132 Set a static IPv4 or IPv6 address and its prefix, separated by "/", eg. "192.169.0.3/24".
133 133
134 134 ##### `NET_GATEWAY`=""
135 135 Set the IP address for the default gateway.
136 136
137 137 ##### `NET_DNS_1`=""
138 138 Set the IP address for the first DNS server.
139 139
140 140 ##### `NET_DNS_2`=""
141 141 Set the IP address for the second DNS server.
142 142
143 143 ##### `NET_DNS_DOMAINS`=""
144 144 Set the default DNS search domains to use for non fully qualified host names.
145 145
146 146 ##### `NET_NTP_1`=""
147 147 Set the IP address for the first NTP server.
148 148
149 149 ##### `NET_NTP_2`=""
150 150 Set the IP address for the second NTP server.
151 151
152 152 ---
153 153
154 154 #### Basic system features:
155 155 ##### `ENABLE_CONSOLE`=true
156 156 Enable serial console interface. Recommended if no monitor or keyboard is connected to the RPi2/3. In case of problems fe. if the network (auto) configuration failed - the serial console can be used to access the system.
157 On `RPI_MODEL= 0,3,3P` - Bluetooth gets auto enabled if `ENABLE_CONSOLE` and `ENABLE_UBOOT` are set to `false`
158 157
159 158 ##### `ENABLE_I2C`=false
160 159 Enable I2C interface on the RPi2/3. Please check the [RPi2/3 pinout diagrams](https://elinux.org/RPi_Low-level_peripherals) to connect the right GPIO pins.
161 160
162 161 ##### `ENABLE_SPI`=false
163 162 Enable SPI interface on the RPi2/3. Please check the [RPi2/3 pinout diagrams](https://elinux.org/RPi_Low-level_peripherals) to connect the right GPIO pins.
164 163
165 164 ##### `ENABLE_IPV6`=true
166 165 Enable IPv6 support. The network interface configuration is managed via systemd-networkd.
167 166
168 167 ##### `ENABLE_SSHD`=true
169 168 Install and enable OpenSSH service. The default configuration of the service doesn't allow `root` to login. Please use the user `pi` instead and `su -` or `sudo` to execute commands as root.
170 169
171 170 ##### `ENABLE_NONFREE`=false
172 171 Allow the installation of non-free Debian packages that do not comply with the DFSG. This is required to install closed-source firmware binary blobs.
173 172
174 173 ##### `ENABLE_WIRELESS`=false
175 174 Download and install the [closed-source firmware binary blob](https://github.com/RPi-Distro/firmware-nonfree/raw/master/brcm) that is required to run the internal wireless interface of the Raspberry Pi model `3`. This parameter is ignored if the specified `RPI_MODEL` is not `3`.
176 175
176 ##### `ENABLE_BLUETOOTH`=false
177 Enable Bluetooth interface on the RPi0/3.
178
177 179 ##### `ENABLE_RSYSLOG`=true
178 180 If set to false, disable and uninstall rsyslog (so logs will be available only in journal files)
179 181
180 182 ##### `ENABLE_SOUND`=true
181 183 Enable sound hardware and install Advanced Linux Sound Architecture.
182 184
183 185 ##### `ENABLE_HWRANDOM`=true
184 186 Enable Hardware Random Number Generator. Strong random numbers are important for most network based communications that use encryption. It's recommended to be enabled.
185 187
186 188 ##### `ENABLE_MINGPU`=false
187 189 Minimize the amount of shared memory reserved for the GPU. It doesn't seem to be possible to fully disable the GPU.
188 190
189 191 ##### `ENABLE_DBUS`=true
190 192 Install and enable D-Bus message bus. Please note that systemd should work without D-bus but it's recommended to be enabled.
191 193
192 194 ##### `ENABLE_XORG`=false
193 195 Install Xorg open-source X Window System.
194 196
195 197 ##### `ENABLE_WM`=""
196 198 Install a user defined window manager for the X Window System. To make sure all X related package dependencies are getting installed `ENABLE_XORG` will automatically get enabled if `ENABLE_WM` is used. The `rpi23-gen-image.sh` script has been tested with the following list of window managers: `blackbox`, `openbox`, `fluxbox`, `jwm`, `dwm`, `xfce4`, `awesome`.
197 199
198 200 ##### `ENABLE_SYSVINIT`=false
199 201 Support for halt,init,poweroff,reboot,runlevel,shutdown,telinit commands
200 202
201 203 ---
202 204
203 205 #### Advanced system features:
204 206 ##### `ENABLE_MINBASE`=false
205 207 Use debootstrap script variant `minbase` which only includes essential packages and apt. This will reduce the disk usage by about 65 MB.
206 208
207 209 ##### `ENABLE_REDUCE`=false
208 210 Reduce the disk space usage by deleting packages and files. See `REDUCE_*` parameters for detailed information.
209 211
210 212 ##### `ENABLE_UBOOT`=false
211 213 Replace the default RPi2/3 second stage bootloader (bootcode.bin) with [U-Boot bootloader](https://git.denx.de/?p=u-boot.git;a=summary). U-Boot can boot images via the network using the BOOTP/TFTP protocol.
212 214
213 215 ##### `UBOOTSRC_DIR`=""
214 216 Path to a directory (`u-boot`) of [U-Boot bootloader sources](https://git.denx.de/?p=u-boot.git;a=summary) that will be copied, configured, build and installed inside the chroot.
215 217
216 218 ##### `ENABLE_FBTURBO`=false
217 219 Install and enable the [hardware accelerated Xorg video driver](https://github.com/ssvb/xf86-video-fbturbo) `fbturbo`. Please note that this driver is currently limited to hardware accelerated window moving and scrolling.
218 220
219 221 ##### `FBTURBOSRC_DIR`=""
220 222 Path to a directory (`xf86-video-fbturbo`) of [hardware accelerated Xorg video driver sources](https://github.com/ssvb/xf86-video-fbturbo) that will be copied, configured, build and installed inside the chroot.
221 223
222 224 ##### `ENABLE_VIDEOCORE`=false
223 225 Install and enable the [Source code for ARM side libraries for interfacing to Raspberry Pi GPU](https://github.com/raspberrypi/userland) `vcgencmd`. Please note that this driver is currently limited to hardware accelerated window moving and scrolling.
224 226
225 227 ##### `VIDEOCORESRC_DIR`=""
226 228 Path to a directory (`userland`) of [Source code for ARM side libraries for interfacing to Raspberry Pi GPU](https://github.com/raspberrypi/userland) that will be copied, configured, build and installed inside the chroot.
227 229
228 230 ##### `ENABLE_IPTABLES`=false
229 231 Enable iptables IPv4/IPv6 firewall. Simplified ruleset: Allow all outgoing connections. Block all incoming connections except to OpenSSH service.
230 232
231 233 ##### `ENABLE_USER`=true
232 234 Create non-root user with password `USER_PASSWORD`=raspberry. Unless overridden with `USER_NAME`=user, username will be `pi`.
233 235
234 236 ##### `USER_NAME`=pi
235 237 Non-root user to create. Ignored if `ENABLE_USER`=false
236 238
237 239 ##### `ENABLE_ROOT`=false
238 240 Set root user password so root login will be enabled
239 241
240 242 ##### `ENABLE_HARDNET`=false
241 243 Enable IPv4/IPv6 network stack hardening settings.
242 244
243 245 ##### `ENABLE_SPLITFS`=false
244 246 Enable having root partition on an USB drive by creating two image files: one for the `/boot/firmware` mount point, and another for `/`.
245 247
246 248 ##### `CHROOT_SCRIPTS`=""
247 249 Path to a directory with scripts that should be run in the chroot before the image is finally built. Every executable file in this directory is run in lexicographical order.
248 250
249 251 ##### `ENABLE_INITRAMFS`=false
250 252 Create an initramfs that that will be loaded during the Linux startup process. `ENABLE_INITRAMFS` will automatically get enabled if `ENABLE_CRYPTFS`=true. This parameter will be ignored if `BUILD_KERNEL`=false.
251 253
252 254 ##### `ENABLE_IFNAMES`=true
253 255 Enable automatic assignment of predictable, stable network interface names for all local Ethernet, WLAN interfaces. This might create complex and long interface names.
254 256
255 257 ##### `DISABLE_UNDERVOLT_WARNINGS`=
256 258 Disable RPi2/3 under-voltage warnings and overlays. Setting the parameter to `1` will disable the warning overlay. Setting it to `2` will additionally allow RPi2/3 turbo mode when low-voltage is present.
257 259
258 260 ---
259 261
260 262 #### SSH settings:
261 263 ##### `SSH_ENABLE_ROOT`=false
262 264 Enable password root login via SSH. This may be a security risk with default password, use only in trusted environments. `ENABLE_ROOT` must be set to `true`.
263 265
264 266 ##### `SSH_DISABLE_PASSWORD_AUTH`=false
265 267 Disable password based SSH authentication. Only public key based SSH (v2) authentication will be supported.
266 268
267 269 ##### `SSH_LIMIT_USERS`=false
268 270 Limit the users that are allowed to login via SSH. Only allow user `USER_NAME`=pi and root if `SSH_ENABLE_ROOT`=true to login. This parameter will be ignored if `dropbear` SSH is used (`REDUCE_SSHD`=true).
269 271
270 272 ##### `SSH_ROOT_PUB_KEY`=""
271 273 Add SSH (v2) public key(s) from specified file to `authorized_keys` file to enable public key based SSH (v2) authentication of user `root`. The specified file can also contain multiple SSH (v2) public keys. SSH protocol version 1 is not supported. `ENABLE_ROOT` **and** `SSH_ENABLE_ROOT` must be set to `true`.
272 274
273 275 ##### `SSH_USER_PUB_KEY`=""
274 276 Add SSH (v2) public key(s) from specified file to `authorized_keys` file to enable public key based SSH (v2) authentication of user `USER_NAME`=pi. The specified file can also contain multiple SSH (v2) public keys. SSH protocol version 1 is not supported.
275 277
276 278 ---
277 279
278 280 #### Kernel compilation:
279 281 ##### `BUILD_KERNEL`=true
280 282 Build and install the latest RPi2/3 Linux kernel. Currently only the default RPi2/3 kernel configuration is used.
281 283
282 284 ##### `CROSS_COMPILE`="arm-linux-gnueabihf-"
283 285 This sets the cross compile enviornment for the compiler.
284 286
285 287 ##### `KERNEL_ARCH`="arm"
286 288 This sets the kernel architecture for the compiler.
287 289
288 290 ##### `KERNEL_IMAGE`="kernel7.img"
289 291 Name of the image file in the boot partition. If not set, `KERNEL_IMAGE` will be set to "kernel8.img" automatically if building for arm64.
290 292
291 293 ##### `KERNEL_BRANCH`=""
292 294 Name of the requested branch from the GIT location for the RPi Kernel. Default is using the current default branch from the GIT site.
293 295
294 296 ##### `QEMU_BINARY`="/usr/bin/qemu-arm-static"
295 297 Sets the QEMU enviornment for the Debian archive. If not set, `QEMU_BINARY` will be set to "/usr/bin/qemu-aarch64-static" automatically if building for arm64.
296 298
297 299 ##### `KERNEL_DEFCONFIG`="bcm2709_defconfig"
298 300 Sets the default config for kernel compiling. If not set, `KERNEL_DEFCONFIG` will be set to "bcmrpi3\_defconfig" automatically if building for arm64.
299 301
300 302 ##### `KERNEL_REDUCE`=false
301 303 Reduce the size of the generated kernel by removing unwanted device, network and filesystem drivers (experimental).
302 304
303 305 ##### `KERNEL_THREADS`=1
304 306 Number of parallel kernel building threads. If the parameter is left untouched the script will automatically determine the number of CPU cores to set the number of parallel threads to speed the kernel compilation.
305 307
306 308 ##### `KERNEL_HEADERS`=true
307 309 Install kernel headers with built kernel.
308 310
309 311 ##### `KERNEL_MENUCONFIG`=false
310 312 Start `make menuconfig` interactive menu-driven kernel configuration. The script will continue after `make menuconfig` was terminated.
311 313
312 314 ##### `KERNEL_OLDDEFCONFIG`=false
313 315 Run `make olddefconfig` to automatically set all new kernel configuration options to their recommended default values.
314 316
315 317 ##### `KERNEL_CCACHE`=false
316 318 Compile the kernel using ccache. This speeds up kernel recompilation by caching previous compilations and detecting when the same compilation is being done again.
317 319
318 320 ##### `KERNEL_REMOVESRC`=true
319 321 Remove all kernel sources from the generated OS image after it was built and installed.
320 322
321 323 ##### `KERNELSRC_DIR`=""
322 324 Path to a directory (`linux`) of [RaspberryPi Linux kernel sources](https://github.com/raspberrypi/linux) that will be copied, configured, build and installed inside the chroot.
323 325
324 326 ##### `KERNELSRC_CLEAN`=false
325 327 Clean the existing kernel sources directory `KERNELSRC_DIR` (using `make mrproper`) after it was copied to the chroot and before the compilation of the kernel has started. This parameter will be ignored if no `KERNELSRC_DIR` was specified or if `KERNELSRC_PREBUILT`=true.
326 328
327 329 ##### `KERNELSRC_CONFIG`=true
328 330 Run `make bcm2709_defconfig` (and optional `make menuconfig`) to configure the kernel sources before building. This parameter is automatically set to `true` if no existing kernel sources directory was specified using `KERNELSRC_DIR`. This parameter is ignored if `KERNELSRC_PREBUILT`=true.
329 331
330 332 ##### `KERNELSRC_USRCONFIG`=""
331 333 Copy own config file to kernel `.config`. If `KERNEL_MENUCONFIG`=true then running after copy.
332 334
333 335 ##### `KERNELSRC_PREBUILT`=false
334 336 With this parameter set to true the script expects the existing kernel sources directory to be already successfully cross-compiled. The parameters `KERNELSRC_CLEAN`, `KERNELSRC_CONFIG`, `KERNELSRC_USRCONFIG` and `KERNEL_MENUCONFIG` are ignored and no kernel compilation tasks are performed.
335 337
336 338 ##### `RPI_FIRMWARE_DIR`=""
337 339 The directory (`firmware`) containing a local copy of the firmware from the [RaspberryPi firmware project](https://github.com/raspberrypi/firmware). Default is to download the latest firmware directly from the project.
338 340
339 341 ---
340 342
341 343 #### Reduce disk usage:
342 344 The following list of parameters is ignored if `ENABLE_REDUCE`=false.
343 345
344 346 ##### `REDUCE_APT`=true
345 347 Configure APT to use compressed package repository lists and no package caching files.
346 348
347 349 ##### `REDUCE_DOC`=true
348 350 Remove all doc files (harsh). Configure APT to not include doc files on future `apt-get` package installations.
349 351
350 352 ##### `REDUCE_MAN`=true
351 353 Remove all man pages and info files (harsh). Configure APT to not include man pages on future `apt-get` package installations.
352 354
353 355 ##### `REDUCE_VIM`=false
354 356 Replace `vim-tiny` package by `levee` a tiny vim clone.
355 357
356 358 ##### `REDUCE_BASH`=false
357 359 Remove `bash` package and switch to `dash` shell (experimental).
358 360
359 361 ##### `REDUCE_HWDB`=true
360 362 Remove PCI related hwdb files (experimental).
361 363
362 364 ##### `REDUCE_SSHD`=true
363 365 Replace `openssh-server` with `dropbear`.
364 366
365 367 ##### `REDUCE_LOCALE`=true
366 368 Remove all `locale` translation files.
367 369
368 370 ---
369 371
370 372 #### Encrypted root partition:
371 373 ##### `ENABLE_CRYPTFS`=false
372 374 Enable full system encryption with dm-crypt. Setup a fully LUKS encrypted root partition (aes-xts-plain64:sha512) and generate required initramfs. The /boot directory will not be encrypted. This parameter will be ignored if `BUILD_KERNEL`=false. `ENABLE_CRYPTFS` is experimental. SSH-to-initramfs is currently not supported but will be soon - feel free to help.
373 375
374 376 ##### `CRYPTFS_PASSWORD`=""
375 377 Set password of the encrypted root partition. This parameter is mandatory if `ENABLE_CRYPTFS`=true.
376 378
377 379 ##### `CRYPTFS_MAPPING`="secure"
378 380 Set name of dm-crypt managed device-mapper mapping.
379 381
380 382 ##### `CRYPTFS_CIPHER`="aes-xts-plain64:sha512"
381 383 Set cipher specification string. `aes-xts*` ciphers are strongly recommended.
382 384
383 385 ##### `CRYPTFS_XTSKEYSIZE`=512
384 386 Sets key size in bits. The argument has to be a multiple of 8.
385 387
386 388 ---
387 389
388 390 #### Build settings:
389 391 ##### `BASEDIR`=$(pwd)/images/${RELEASE}
390 392 Set a path to a working directory used by the script to generate an image.
391 393
392 394 ##### `IMAGE_NAME`=${BASEDIR}/${DATE}-${KERNEL_ARCH}-${KERNEL_BRANCH}-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}
393 395 Set a filename for the output file(s). Note: the script will create $IMAGE_NAME.img if `ENABLE_SPLITFS`=false or $IMAGE_NAME-frmw.img and $IMAGE_NAME-root.img if `ENABLE_SPLITFS`=true. Note 2: If the KERNEL_BRANCH is not set, the word "CURRENT" is used.
394 396
395 397 ## Understanding the script
396 398 The functions of this script that are required for the different stages of the bootstrapping are split up into single files located inside the `bootstrap.d` directory. During the bootstrapping every script in this directory gets executed in lexicographical order:
397 399
398 400 | Script | Description |
399 401 | --- | --- |
400 402 | `10-bootstrap.sh` | Debootstrap basic system |
401 403 | `11-apt.sh` | Setup APT repositories |
402 404 | `12-locale.sh` | Setup Locales and keyboard settings |
403 405 | `13-kernel.sh` | Build and install RPi2/3 Kernel |
404 406 | `14-fstab.sh` | Setup fstab and initramfs |
405 407 | `15-rpi-config.sh` | Setup RPi2/3 config and cmdline |
406 408 | `20-networking.sh` | Setup Networking |
407 409 | `21-firewall.sh` | Setup Firewall |
408 410 | `30-security.sh` | Setup Users and Security settings |
409 411 | `31-logging.sh` | Setup Logging |
410 412 | `32-sshd.sh` | Setup SSH and public keys |
411 413 | `41-uboot.sh` | Build and Setup U-Boot |
412 414 | `42-fbturbo.sh` | Build and Setup fbturbo Xorg driver |
413 415 | `50-firstboot.sh` | First boot actions |
414 416 | `99-reduce.sh` | Reduce the disk space usage |
415 417
416 418 All the required configuration files that will be copied to the generated OS image are located inside the `files` directory. It is not recommended to modify these configuration files manually.
417 419
418 420 | Directory | Description |
419 421 | --- | --- |
420 422 | `apt` | APT management configuration files |
421 423 | `boot` | Boot and RPi2/3 configuration files |
422 424 | `dpkg` | Package Manager configuration |
423 425 | `etc` | Configuration files and rc scripts |
424 426 | `firstboot` | Scripts that get executed on first boot |
425 427 | `initramfs` | Initramfs scripts |
426 428 | `iptables` | Firewall configuration files |
427 429 | `locales` | Locales configuration |
428 430 | `modules` | Kernel Modules configuration |
429 431 | `mount` | Fstab configuration |
430 432 | `network` | Networking configuration files |
431 433 | `sysctl.d` | Swapping and Network Hardening configuration |
432 434 | `xorg` | fbturbo Xorg driver configuration |
433 435
434 436 ## Custom packages and scripts
435 437 Debian custom packages, i.e. those not in the debian repositories, can be installed by placing them in the `packages` directory. They are installed immediately after packages from the repositories are installed. Any dependencies listed in the custom packages will be downloaded automatically from the repositories. Do not list these custom packages in `APT_INCLUDES`.
436 438
437 439 Scripts in the custom.d directory will be executed after all other installation is complete but before the image is created.
438 440
439 441 ## Logging of the bootstrapping process
440 442 All information related to the bootstrapping process and the commands executed by the `rpi23-gen-image.sh` script can easily be saved into a logfile. The common shell command `script` can be used for this purpose:
441 443
442 444 ```shell
443 445 script -c 'APT_SERVER=ftp.de.debian.org ./rpi23-gen-image.sh' ./build.log
444 446 ```
445 447
446 448 ## Flashing the image file
447 449 After the image file was successfully created by the `rpi23-gen-image.sh` script it can be copied to the microSD card that will be used by the RPi2/3 computer. This can be performed by using the tools `bmaptool` or `dd`. Using `bmaptool` will probably speed-up the copy process because `bmaptool` copies more wisely than `dd`.
448 450
449 451 ##### Flashing examples:
450 452 ```shell
451 453 bmaptool copy ./images/buster/2017-01-23-rpi3-buster.img /dev/mmcblk0
452 454 dd bs=4M if=./images/buster/2017-01-23-rpi3-buster.img of=/dev/mmcblk0
453 455 ```
454 456 If you have set `ENABLE_SPLITFS`, copy the `-frmw` image on the microSD card, then the `-root` one on the USB drive:
455 457 ```shell
456 458 bmaptool copy ./images/buster/2017-01-23-rpi3-buster-frmw.img /dev/mmcblk0
457 459 bmaptool copy ./images/buster/2017-01-23-rpi3-buster-root.img /dev/sdc
458 460 ```
459 461
460 462 ## QEMU emulation
461 463 Start QEMU full system emulation:
462 464 ```shell
463 465 qemu-system-arm -m 2048M -M vexpress-a15 -cpu cortex-a15 -kernel kernel7.img -no-reboot -dtb vexpress-v2p-ca15_a7.dtb -sd ${IMAGE_NAME}.qcow2 -append "root=/dev/mmcblk0p2 rw rootfstype=ext4 console=tty1"
464 466 ```
465 467
466 468 Start QEMU full system emulation and output to console:
467 469 ```shell
468 470 qemu-system-arm -m 2048M -M vexpress-a15 -cpu cortex-a15 -kernel kernel7.img -no-reboot -dtb vexpress-v2p-ca15_a7.dtb -sd ${IMAGE_NAME}.qcow2 -append "root=/dev/mmcblk0p2 rw rootfstype=ext4 console=ttyAMA0,115200 init=/bin/systemd" -serial stdio
469 471 ```
470 472
471 473 Start QEMU full system emulation with SMP and output to console:
472 474 ```shell
473 475 qemu-system-arm -m 2048M -M vexpress-a15 -cpu cortex-a15 -smp cpus=2,maxcpus=2 -kernel kernel7.img -no-reboot -dtb vexpress-v2p-ca15_a7.dtb -sd ${IMAGE_NAME}.qcow2 -append "root=/dev/mmcblk0p2 rw rootfstype=ext4 console=ttyAMA0,115200 init=/bin/systemd" -serial stdio
474 476 ```
475 477
476 478 Start QEMU full system emulation with cryptfs, initramfs and output to console:
477 479 ```shell
478 480 qemu-system-arm -m 2048M -M vexpress-a15 -cpu cortex-a15 -kernel kernel7.img -no-reboot -dtb vexpress-v2p-ca15_a7.dtb -sd ${IMAGE_NAME}.qcow2 -initrd "initramfs-${KERNEL_VERSION}" -append "root=/dev/mapper/secure cryptdevice=/dev/mmcblk0p2:secure rw rootfstype=ext4 console=ttyAMA0,115200 init=/bin/systemd" -serial stdio
479 481 ```
480 482
481 483 ## External links and references
482 484 * [Debian worldwide mirror sites](https://www.debian.org/mirror/list)
483 485 * [Debian Raspberry Pi 2 Wiki](https://wiki.debian.org/RaspberryPi2)
484 486 * [Debian CrossToolchains Wiki](https://wiki.debian.org/CrossToolchains)
485 487 * [Official Raspberry Pi Firmware on github](https://github.com/raspberrypi/firmware)
486 488 * [Official Raspberry Pi Kernel on github](https://github.com/raspberrypi/linux)
487 489 * [U-BOOT git repository](https://git.denx.de/?p=u-boot.git;a=summary)
488 490 * [Xorg DDX driver fbturbo](https://github.com/ssvb/xf86-video-fbturbo)
489 491 * [RPi3 Wireless interface firmware](https://github.com/RPi-Distro/firmware-nonfree/tree/master/brcm80211/brcm)
490 492 * [Collabora RPi2 Kernel precompiled](https://repositories.collabora.co.uk/debian/)
@@ -1,183 +1,185
1 1 #
2 2 # Setup RPi2/3 config and cmdline
3 3 #
4 4
5 5 # Load utility functions
6 6 . ./functions.sh
7 7
8 8 if [ "$BUILD_KERNEL" = true ] ; then
9 9 if [ -n "$RPI_FIRMWARE_DIR" ] && [ -d "$RPI_FIRMWARE_DIR" ] ; then
10 10 # Install boot binaries from local directory
11 11 cp "${RPI_FIRMWARE_DIR}"/boot/bootcode.bin "${BOOT_DIR}"/bootcode.bin
12 12 cp "${RPI_FIRMWARE_DIR}"/boot/fixup.dat "${BOOT_DIR}"/fixup.dat
13 13 cp "${RPI_FIRMWARE_DIR}"/boot/fixup_cd.dat "${BOOT_DIR}"/fixup_cd.dat
14 14 cp "${RPI_FIRMWARE_DIR}"/boot/fixup_x.dat "${BOOT_DIR}"/fixup_x.dat
15 15 cp "${RPI_FIRMWARE_DIR}"/boot/start.elf "${BOOT_DIR}"/start.elf
16 16 cp "${RPI_FIRMWARE_DIR}"/boot/start_cd.elf "${BOOT_DIR}"/start_cd.elf
17 17 cp "${RPI_FIRMWARE_DIR}"/boot/start_x.elf "${BOOT_DIR}"/start_x.elf
18 18 else
19 19 # Create temporary directory for boot binaries
20 20 temp_dir=$(as_nobody mktemp -d)
21 21
22 22 # Install latest boot binaries from raspberry/firmware github
23 23 as_nobody wget -q -O "${temp_dir}/bootcode.bin" "${FIRMWARE_URL}/bootcode.bin"
24 24 as_nobody wget -q -O "${temp_dir}/fixup.dat" "${FIRMWARE_URL}/fixup.dat"
25 25 as_nobody wget -q -O "${temp_dir}/fixup_cd.dat" "${FIRMWARE_URL}/fixup_cd.dat"
26 26 as_nobody wget -q -O "${temp_dir}/fixup_x.dat" "${FIRMWARE_URL}/fixup_x.dat"
27 27 as_nobody wget -q -O "${temp_dir}/start.elf" "${FIRMWARE_URL}/start.elf"
28 28 as_nobody wget -q -O "${temp_dir}/start_cd.elf" "${FIRMWARE_URL}/start_cd.elf"
29 29 as_nobody wget -q -O "${temp_dir}/start_x.elf" "${FIRMWARE_URL}/start_x.elf"
30 30
31 31 # Move downloaded boot binaries
32 32 mv "${temp_dir}/"* "${BOOT_DIR}/"
33 33
34 34 # Remove temporary directory for boot binaries
35 35 rm -fr "${temp_dir}"
36 36
37 37 # Set permissions of the boot binaries
38 38 chown -R root:root "${BOOT_DIR}"
39 39 chmod -R 600 "${BOOT_DIR}"
40 40 fi
41 41 fi
42 42
43 43 # Setup firmware boot cmdline
44 44 if [ "$ENABLE_SPLITFS" = true ] ; then
45 45 CMDLINE="dwc_otg.lpm_enable=0 root=/dev/sda1 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline rootwait console=tty1 init=/bin/systemd"
46 46 else
47 47 CMDLINE="dwc_otg.lpm_enable=0 root=/dev/mmcblk0p2 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline rootwait console=tty1 init=/bin/systemd"
48 48 fi
49 49
50 50 # Add encrypted root partition to cmdline.txt
51 51 if [ "$ENABLE_CRYPTFS" = true ] ; then
52 52 if [ "$ENABLE_SPLITFS" = true ] ; then
53 53 CMDLINE=$(echo "${CMDLINE}" | sed "s/sda1/mapper\/${CRYPTFS_MAPPING} cryptdevice=\/dev\/sda1:${CRYPTFS_MAPPING}/")
54 54 else
55 55 CMDLINE=$(echo "${CMDLINE}" | sed "s/mmcblk0p2/mapper\/${CRYPTFS_MAPPING} cryptdevice=\/dev\/mmcblk0p2:${CRYPTFS_MAPPING}/")
56 56 fi
57 57 fi
58 58
59 59 # Add serial console support
60 60 if [ "$ENABLE_CONSOLE" = true ] ; then
61 61 CMDLINE="${CMDLINE} console=ttyAMA0,115200 kgdboc=ttyAMA0,115200"
62 62 fi
63 63
64 64 # Remove IPv6 networking support
65 65 if [ "$ENABLE_IPV6" = false ] ; then
66 66 CMDLINE="${CMDLINE} ipv6.disable=1"
67 67 fi
68 68
69 69 # Automatically assign predictable network interface names
70 70 if [ "$ENABLE_IFNAMES" = false ] ; then
71 71 CMDLINE="${CMDLINE} net.ifnames=0"
72 72 else
73 73 CMDLINE="${CMDLINE} net.ifnames=1"
74 74 fi
75 75
76 76 # Install firmware boot cmdline
77 77 echo "${CMDLINE}" > "${BOOT_DIR}/cmdline.txt"
78 78
79 79 # Install firmware config
80 80 install_readonly files/boot/config.txt "${BOOT_DIR}/config.txt"
81 81
82 82 # Setup minimal GPU memory allocation size: 16MB (no X)
83 83 if [ "$ENABLE_MINGPU" = true ] ; then
84 84 echo "gpu_mem=16" >> "${BOOT_DIR}/config.txt"
85 85 fi
86 86
87 87 # Setup boot with initramfs
88 88 if [ "$ENABLE_INITRAMFS" = true ] ; then
89 89 echo "initramfs initramfs-${KERNEL_VERSION} followkernel" >> "${BOOT_DIR}/config.txt"
90 90 fi
91 91
92 92 # Disable RPi3 Bluetooth and restore ttyAMA0 serial device
93 93 if [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then
94 94 if [ "$ENABLE_CONSOLE" = true ] && [ "$ENABLE_UBOOT" = false ] ; then
95 95 echo "dtoverlay=pi3-disable-bt" >> "${BOOT_DIR}/config.txt"
96 96 echo "enable_uart=1" >> "${BOOT_DIR}/config.txt"
97 else
98 # Create temporary directory for Bluetooth sources
99 temp_dir=$(as_nobody mktemp -d)
97 fi
98 fi
100 99
101 # Fetch Bluetooth sources
102 as_nobody git -C "${temp_dir}" clone "${BLUETOOTH_URL}"
100 if [ "$ENABLE_BLUETOOTH" = true ] ; then
101 # Create temporary directory for Bluetooth sources
102 temp_dir=$(as_nobody mktemp -d)
103 103
104 # Copy downloaded sources
105 mv "${temp_dir}/pi-bluetooth" "${R}/tmp/"
104 # Fetch Bluetooth sources
105 as_nobody git -C "${temp_dir}" clone "${BLUETOOTH_URL}"
106 106
107 # Raspberry-sys-mod package for /dev/serial device needed by bluetooth service
108 as_nobody wget -q -O "${R}/tmp/pi-bluetooth/99-com.rules" https://raw.githubusercontent.com/RPi-Distro/raspberrypi-sys-mods/master/etc.armhf/udev/rules.d/99-com.rules
109 # Bluetooth firmware from arch aur https://aur.archlinux.org/packages/pi-bluetooth/
110 as_nobody wget -q -O "${R}/tmp/pi-bluetooth/LICENCE.broadcom_bcm43xx" https://aur.archlinux.org/cgit/aur.git/plain/LICENCE.broadcom_bcm43xx?h=pi-bluetooth
111 as_nobody wget -q -O "${R}/tmp/pi-bluetooth/BCM43430A1.hcd" https://aur.archlinux.org/cgit/aur.git/plain/BCM43430A1.hcd?h=pi-bluetooth
107 # Copy downloaded sources
108 mv "${temp_dir}/pi-bluetooth" "${R}/tmp/"
112 109
113 # Set permissions
114 chown -R root:root "${R}/tmp/pi-bluetooth"
110 # Raspberry-sys-mod package for /dev/serial device needed by bluetooth service
111 as_nobody wget -q -O "${R}/tmp/pi-bluetooth/99-com.rules" https://raw.githubusercontent.com/RPi-Distro/raspberrypi-sys-mods/master/etc.armhf/udev/rules.d/99-com.rules
112 # Bluetooth firmware from arch aur https://aur.archlinux.org/packages/pi-bluetooth/
113 as_nobody wget -q -O "${R}/tmp/pi-bluetooth/LICENCE.broadcom_bcm43xx" https://aur.archlinux.org/cgit/aur.git/plain/LICENCE.broadcom_bcm43xx?h=pi-bluetooth
114 as_nobody wget -q -O "${R}/tmp/pi-bluetooth/BCM43430A1.hcd" https://aur.archlinux.org/cgit/aur.git/plain/BCM43430A1.hcd?h=pi-bluetooth
115 115
116 # Install tools
117 install_readonly "${R}/tmp/pi-bluetooth/usr/bin/btuart" "${R}/usr/bin/btuart"
118 install_readonly "${R}/tmp/pi-bluetooth/usr/bin/bthelper" "${R}/usr/bin/bthelper"
116 # Set permissions
117 chown -R root:root "${R}/tmp/pi-bluetooth"
119 118
120 # Install bluetooth udev rule
121 install_readonly "${R}/tmp/pi-bluetooth/lib/udev/rules.d/90-pi-bluetooth.rules" "${LIB_DIR}/udev/rules.d/90-pi-bluetooth.rules"
119 # Install tools
120 install_readonly "${R}/tmp/pi-bluetooth/usr/bin/btuart" "${R}/usr/bin/btuart"
121 install_readonly "${R}/tmp/pi-bluetooth/usr/bin/bthelper" "${R}/usr/bin/bthelper"
122 122
123 # Install Firmware Flash file and apropiate licence
124 mkdir "${ETC_DIR}/firmware/"
125 install_readonly "${R}/tmp/pi-bluetooth/LICENCE.broadcom_bcm43xx" "${ETC_DIR}/firmware/LICENCE.broadcom_bcm43xx"
126 install_readonly "${R}/tmp/pi-bluetooth/BCM43430A1.hcd" "${ETC_DIR}/firmware/LICENCE.broadcom_bcm43xx"
127 install_readonly "${R}/tmp/pi-bluetooth/debian/pi-bluetooth.bthelper@.service" "${ETC_DIR}/systemd/system/pi-bluetooth.bthelper@.service"
128 install_readonly "${R}/tmp/pi-bluetooth/debian/pi-bluetooth.hciuart.service" "${ETC_DIR}/systemd/system/pi-bluetooth.hciuart.service"
129 # Install udev rule for bluetooth device
130 install_readonly "${R}/tmp/pi-bluetooth/99-com.rules" "${ETC_DIR}/udev/rules.d/99-com.rules"
123 # Install bluetooth udev rule
124 install_readonly "${R}/tmp/pi-bluetooth/lib/udev/rules.d/90-pi-bluetooth.rules" "${LIB_DIR}/udev/rules.d/90-pi-bluetooth.rules"
125
126 # Install Firmware Flash file and apropiate licence
127 mkdir "${ETC_DIR}/firmware/"
128 install_readonly "${R}/tmp/pi-bluetooth/LICENCE.broadcom_bcm43xx" "${ETC_DIR}/firmware/LICENCE.broadcom_bcm43xx"
129 install_readonly "${R}/tmp/pi-bluetooth/BCM43430A1.hcd" "${ETC_DIR}/firmware/LICENCE.broadcom_bcm43xx"
130 install_readonly "${R}/tmp/pi-bluetooth/debian/pi-bluetooth.bthelper@.service" "${ETC_DIR}/systemd/system/pi-bluetooth.bthelper@.service"
131 install_readonly "${R}/tmp/pi-bluetooth/debian/pi-bluetooth.hciuart.service" "${ETC_DIR}/systemd/system/pi-bluetooth.hciuart.service"
132 # Install udev rule for bluetooth device
133 install_readonly "${R}/tmp/pi-bluetooth/99-com.rules" "${ETC_DIR}/udev/rules.d/99-com.rules"
131 134
132 # Remove temporary directory
133 rm -fr "${temp_dir}"
134 fi
135 # Remove temporary directory
136 rm -fr "${temp_dir}"
135 137 fi
136 138
137 139 # Create firmware configuration and cmdline symlinks
138 140 ln -sf firmware/config.txt "${R}/boot/config.txt"
139 141 ln -sf firmware/cmdline.txt "${R}/boot/cmdline.txt"
140 142
141 143 # Install and setup kernel modules to load at boot
142 144 mkdir -p "${LIB_DIR}/modules-load.d/"
143 145 install_readonly files/modules/rpi2.conf "${LIB_DIR}/modules-load.d/rpi2.conf"
144 146
145 147 # Load hardware random module at boot
146 148 if [ "$ENABLE_HWRANDOM" = true ] && [ "$BUILD_KERNEL" = false ] ; then
147 149 sed -i "s/^# bcm2708_rng/bcm2708_rng/" "${LIB_DIR}/modules-load.d/rpi2.conf"
148 150 fi
149 151
150 152 # Load sound module at boot
151 153 if [ "$ENABLE_SOUND" = true ] ; then
152 154 sed -i "s/^# snd_bcm2835/snd_bcm2835/" "${LIB_DIR}/modules-load.d/rpi2.conf"
153 155 else
154 156 echo "dtparam=audio=off" >> "${BOOT_DIR}/config.txt"
155 157 fi
156 158
157 159 # Enable I2C interface
158 160 if [ "$ENABLE_I2C" = true ] ; then
159 161 echo "dtparam=i2c_arm=on" >> "${BOOT_DIR}/config.txt"
160 162 sed -i "s/^# i2c-bcm2708/i2c-bcm2708/" "${LIB_DIR}/modules-load.d/rpi2.conf"
161 163 sed -i "s/^# i2c-dev/i2c-dev/" "${LIB_DIR}/modules-load.d/rpi2.conf"
162 164 fi
163 165
164 166 # Enable SPI interface
165 167 if [ "$ENABLE_SPI" = true ] ; then
166 168 echo "dtparam=spi=on" >> "${BOOT_DIR}/config.txt"
167 169 echo "spi-bcm2708" >> "${LIB_DIR}/modules-load.d/rpi2.conf"
168 170 if [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ]; then
169 171 sed -i "s/spi-bcm2708/spi-bcm2835/" "${LIB_DIR}/modules-load.d/rpi2.conf"
170 172 fi
171 173 fi
172 174
173 175 # Disable RPi2/3 under-voltage warnings
174 176 if [ -n "$DISABLE_UNDERVOLT_WARNINGS" ] ; then
175 177 echo "avoid_warnings=${DISABLE_UNDERVOLT_WARNINGS}" >> "${BOOT_DIR}/config.txt"
176 178 fi
177 179
178 180 # Install kernel modules blacklist
179 181 mkdir -p "${ETC_DIR}/modprobe.d/"
180 182 install_readonly files/modules/raspi-blacklist.conf "${ETC_DIR}/modprobe.d/raspi-blacklist.conf"
181 183
182 184 # Install sysctl.d configuration files
183 185 install_readonly files/sysctl.d/81-rpi-vm.conf "${ETC_DIR}/sysctl.d/81-rpi-vm.conf"
@@ -1,134 +1,132
1 1 #
2 2 # Setup Networking
3 3 #
4 4
5 5 # Load utility functions
6 6 . ./functions.sh
7 7
8 8 # Install and setup hostname
9 9 install_readonly files/network/hostname "${ETC_DIR}/hostname"
10 10 sed -i "s/^RaspberryPI/${HOSTNAME}/" "${ETC_DIR}/hostname"
11 11
12 12 # Install and setup hosts
13 13 install_readonly files/network/hosts "${ETC_DIR}/hosts"
14 14 sed -i "s/RaspberryPI/${HOSTNAME}/" "${ETC_DIR}/hosts"
15 15
16 16 # Setup hostname entry with static IP
17 17 if [ "$NET_ADDRESS" != "" ] ; then
18 18 NET_IP=$(echo "${NET_ADDRESS}" | cut -f 1 -d'/')
19 19 sed -i "s/^127.0.1.1/${NET_IP}/" "${ETC_DIR}/hosts"
20 20 fi
21 21
22 22 # Remove IPv6 hosts
23 23 if [ "$ENABLE_IPV6" = false ] ; then
24 24 sed -i -e "/::[1-9]/d" -e "/^$/d" "${ETC_DIR}/hosts"
25 25 fi
26 26
27 27 # Install hint about network configuration
28 28 install_readonly files/network/interfaces "${ETC_DIR}/network/interfaces"
29 29
30 30 # Install configuration for interface eth0
31 31 install_readonly files/network/eth.network "${ETC_DIR}/systemd/network/eth.network"
32 32
33 33 # Install configuration for interface wl*
34 34 install_readonly files/network/wlan.network "${ETC_DIR}/systemd/network/wlan.network"
35 35
36 36 #always with dhcp since wpa_supplicant integration is missing
37 37 sed -i -e "s/DHCP=.*/DHCP=yes/" -e "/DHCP/q" "${ETC_DIR}/systemd/network/wlan.network"
38 38
39 39 if [ "$ENABLE_DHCP" = true ] ; then
40 40 # Enable DHCP configuration for interface eth0
41 41 sed -i -e "s/DHCP=.*/DHCP=yes/" -e "/DHCP/q" "${ETC_DIR}/systemd/network/eth.network"
42 42
43 43 # Set DHCP configuration to IPv4 only
44 44 if [ "$ENABLE_IPV6" = false ] ; then
45 45 sed -i "s/DHCP=.*/DHCP=v4/" "${ETC_DIR}/systemd/network/eth.network"
46 46 fi
47 47
48 48 else # ENABLE_DHCP=false
49 49 # Set static network configuration for interface eth0
50 50 sed -i\
51 51 -e "s|DHCP=.*|DHCP=no|"\
52 52 -e "s|Address=\$|Address=${NET_ADDRESS}|"\
53 53 -e "s|Gateway=\$|Gateway=${NET_GATEWAY}|"\
54 54 -e "0,/DNS=\$/ s|DNS=\$|DNS=${NET_DNS_1}|"\
55 55 -e "0,/DNS=\$/ s|DNS=\$|DNS=${NET_DNS_2}|"\
56 56 -e "s|Domains=\$|Domains=${NET_DNS_DOMAINS}|"\
57 57 -e "0,/NTP=\$/ s|NTP=\$|NTP=${NET_NTP_1}|"\
58 58 -e "0,/NTP=\$/ s|NTP=\$|NTP=${NET_NTP_2}|"\
59 59 "${ETC_DIR}/systemd/network/eth.network"
60 60 fi
61 61
62 62 # Remove empty settings from network configuration
63 63 sed -i "/.*=\$/d" "${ETC_DIR}/systemd/network/eth.network"
64 64 # Remove empty settings from wlan configuration
65 65 sed -i "/.*=\$/d" "${ETC_DIR}/systemd/network/wlan.network"
66 66
67 67 # Move systemd network configuration if required by Debian release
68 68 mv -v "${ETC_DIR}/systemd/network/eth.network" "${LIB_DIR}/systemd/network/10-eth.network"
69 69 # If WLAN is enabled copy wlan configuration too
70 70 if [ "$ENABLE_WIRELESS" = true ] ; then
71 71 mv -v "${ETC_DIR}/systemd/network/wlan.network" "${LIB_DIR}/systemd/network/11-wlan.network"
72 72 fi
73 73 rm -fr "${ETC_DIR}/systemd/network"
74 74
75 75 # Enable systemd-networkd service
76 76 chroot_exec systemctl enable systemd-networkd
77 77
78 78 # Install host.conf resolver configuration
79 79 install_readonly files/network/host.conf "${ETC_DIR}/host.conf"
80 80
81 81 # Enable network stack hardening
82 82 if [ "$ENABLE_HARDNET" = true ] ; then
83 83 # Install sysctl.d configuration files
84 84 install_readonly files/sysctl.d/82-rpi-net-hardening.conf "${ETC_DIR}/sysctl.d/82-rpi-net-hardening.conf"
85 85
86 86 # Setup resolver warnings about spoofed addresses
87 87 sed -i "s/^# spoof warn/spoof warn/" "${ETC_DIR}/host.conf"
88 88 fi
89 89
90 90 # Enable time sync
91 91 if [ "$NET_NTP_1" != "" ] ; then
92 92 chroot_exec systemctl enable systemd-timesyncd.service
93 93 fi
94 94
95 95 # Download the firmware binary blob required to use the RPi3 wireless interface
96 96 if [ "$ENABLE_WIRELESS" = true ] ; then
97 97 if [ ! -d "${WLAN_FIRMWARE_DIR}" ] ; then
98 98 mkdir -p "${WLAN_FIRMWARE_DIR}"
99 99 fi
100 100
101 101 # Create temporary directory for firmware binary blob
102 102 temp_dir=$(as_nobody mktemp -d)
103 103
104 104 # Fetch firmware binary blob for RPI3B+
105 105 if [ "$RPI_MODEL" = 3P ] ; then
106 106 # Fetch firmware binary blob for RPi3P
107 107 as_nobody wget -q -O "${temp_dir}/brcmfmac43455-sdio.bin" "${WLAN_FIRMWARE_URL}/brcmfmac43455-sdio.bin"
108 108 as_nobody wget -q -O "${temp_dir}/brcmfmac43455-sdio.txt" "${WLAN_FIRMWARE_URL}/brcmfmac43455-sdio.txt"
109 109 as_nobody wget -q -O "${temp_dir}/brcmfmac43455-sdio.clm_blob" "${WLAN_FIRMWARE_URL}/brcmfmac43455-sdio.clm_blob"
110
111 # Move downloaded firmware binary blob
112 mv "${temp_dir}/brcmfmac43455-sdio."* "${WLAN_FIRMWARE_DIR}/"
113
114 # Set permissions of the firmware binary blob
115 chown root:root "${WLAN_FIRMWARE_DIR}/brcmfmac43455-sdio."*
116 chmod 600 "${WLAN_FIRMWARE_DIR}/brcmfmac43455-sdio."*
110 117 elif [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 0 ] ; then
111 118 # Fetch firmware binary blob for RPi3
112 119 as_nobody wget -q -O "${temp_dir}/brcmfmac43430-sdio.bin" "${WLAN_FIRMWARE_URL}/brcmfmac43430-sdio.bin"
113 120 as_nobody wget -q -O "${temp_dir}/brcmfmac43430-sdio.txt" "${WLAN_FIRMWARE_URL}/brcmfmac43430-sdio.txt"
114 fi
115
116 # Move downloaded firmware binary blob
117 if [ "$RPI_MODEL" = 3P ] ; then
118 mv "${temp_dir}/brcmfmac43455-sdio."* "${WLAN_FIRMWARE_DIR}/"
119 elif [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 0 ] ; then
120 mv "${temp_dir}/brcmfmac43430-sdio."* "${WLAN_FIRMWARE_DIR}/"
121
122 # Move downloaded firmware binary blob
123 mv "${temp_dir}/brcmfmac43430-sdio."* "${WLAN_FIRMWARE_DIR}/"
124
125 # Set permissions of the firmware binary blob
126 chown root:root "${WLAN_FIRMWARE_DIR}/brcmfmac43430-sdio."*
127 chmod 600 "${WLAN_FIRMWARE_DIR}/brcmfmac43430-sdio."*
121 128 fi
122 129
123 130 # Remove temporary directory for firmware binary blob
124 131 rm -fr "${temp_dir}"
125
126 # Set permissions of the firmware binary blob
127 if [ "$RPI_MODEL" = 3P ] ; then
128 chown root:root "${WLAN_FIRMWARE_DIR}/brcmfmac43455-sdio."*
129 chmod 600 "${WLAN_FIRMWARE_DIR}/brcmfmac43455-sdio."*
130 elif [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 0 ] ; then
131 chown root:root "${WLAN_FIRMWARE_DIR}/brcmfmac43430-sdio."*
132 chmod 600 "${WLAN_FIRMWARE_DIR}/brcmfmac43430-sdio."*
133 fi
134 132 fi
@@ -1,789 +1,798
1 1 #!/bin/sh
2 2 ########################################################################
3 3 # rpi23-gen-image.sh 2015-2017
4 4 #
5 5 # Advanced Debian "stretch" and "buster" bootstrap script for RPi2/3
6 6 #
7 7 # This program is free software; you can redistribute it and/or
8 8 # modify it under the terms of the GNU General Public License
9 9 # as published by the Free Software Foundation; either version 2
10 10 # of the License, or (at your option) any later version.
11 11 #
12 12 # Copyright (C) 2015 Jan Wagner <mail@jwagner.eu>
13 13 #
14 14 # Big thanks for patches and enhancements by 20+ github contributors!
15 15 ########################################################################
16 16
17 17 # Are we running as root?
18 18 if [ "$(id -u)" -ne "0" ] ; then
19 19 echo "error: this script must be executed with root privileges!"
20 20 exit 1
21 21 fi
22 22
23 23 # Check if ./functions.sh script exists
24 24 if [ ! -r "./functions.sh" ] ; then
25 25 echo "error: './functions.sh' required script not found!"
26 26 exit 1
27 27 fi
28 28
29 29 # Load utility functions
30 30 . ./functions.sh
31 31
32 32 # Load parameters from configuration template file
33 33 if [ -n "$CONFIG_TEMPLATE" ] ; then
34 34 use_template
35 35 fi
36 36
37 37 # Introduce settings
38 38 set -e
39 39 echo -n -e "\n#\n# RPi2/3 Bootstrap Settings\n#\n"
40 40 set -x
41 41
42 42 # Raspberry Pi model configuration
43 43 RPI_MODEL=${RPI_MODEL:=2}
44 44
45 45 # Debian release
46 46 RELEASE=${RELEASE:=buster}
47 47
48 48 # Kernel Branch
49 49 KERNEL_BRANCH=${KERNEL_BRANCH:=""}
50 50
51 51 # URLs
52 52 KERNEL_URL=${KERNEL_URL:=https://github.com/raspberrypi/linux}
53 53 FIRMWARE_URL=${FIRMWARE_URL:=https://github.com/raspberrypi/firmware/raw/master/boot}
54 54 WLAN_FIRMWARE_URL=${WLAN_FIRMWARE_URL:=https://github.com/RPi-Distro/firmware-nonfree/raw/master/brcm}
55 55 COLLABORA_URL=${COLLABORA_URL:=https://repositories.collabora.co.uk/debian}
56 56 FBTURBO_URL=${FBTURBO_URL:=https://github.com/ssvb/xf86-video-fbturbo.git}
57 57 UBOOT_URL=${UBOOT_URL:=https://git.denx.de/u-boot.git}
58 58 VIDEOCORE_URL=${VIDEOCORE_URL:=https://github.com/raspberrypi/userland}
59 59 BLUETOOTH_URL=${BLUETOOTH_URL:=https://github.com/RPi-Distro/pi-bluetooth.git}
60 60
61 61 # Build directories
62 62 WORKDIR=$(pwd)
63 63 BASEDIR=${BASEDIR:=${WORKDIR}/images/${RELEASE}}
64 64 BUILDDIR="${BASEDIR}/build"
65 65
66 66 # Chroot directories
67 67 R="${BUILDDIR}/chroot"
68 68 ETC_DIR="${R}/etc"
69 69 LIB_DIR="${R}/lib"
70 70 BOOT_DIR="${R}/boot/firmware"
71 71 KERNEL_DIR="${R}/usr/src/linux"
72 72 WLAN_FIRMWARE_DIR="${LIB_DIR}/firmware/brcm"
73 73
74 74 # Firmware directory: Blank if download from github
75 75 RPI_FIRMWARE_DIR=${RPI_FIRMWARE_DIR:=""}
76 76
77 77 # General settings
78 78 SET_ARCH=${SET_ARCH:=32}
79 79 HOSTNAME=${HOSTNAME:=rpi${RPI_MODEL}-${RELEASE}}
80 80 PASSWORD=${PASSWORD:=raspberry}
81 81 USER_PASSWORD=${USER_PASSWORD:=raspberry}
82 82 DEFLOCAL=${DEFLOCAL:="en_US.UTF-8"}
83 83 TIMEZONE=${TIMEZONE:="Europe/Berlin"}
84 84 EXPANDROOT=${EXPANDROOT:=true}
85 85
86 86 # Keyboard settings
87 87 XKB_MODEL=${XKB_MODEL:=""}
88 88 XKB_LAYOUT=${XKB_LAYOUT:=""}
89 89 XKB_VARIANT=${XKB_VARIANT:=""}
90 90 XKB_OPTIONS=${XKB_OPTIONS:=""}
91 91
92 92 # Network settings (DHCP)
93 93 ENABLE_DHCP=${ENABLE_DHCP:=true}
94 94
95 95 # Network settings (static)
96 96 NET_ADDRESS=${NET_ADDRESS:=""}
97 97 NET_GATEWAY=${NET_GATEWAY:=""}
98 98 NET_DNS_1=${NET_DNS_1:=""}
99 99 NET_DNS_2=${NET_DNS_2:=""}
100 100 NET_DNS_DOMAINS=${NET_DNS_DOMAINS:=""}
101 101 NET_NTP_1=${NET_NTP_1:=""}
102 102 NET_NTP_2=${NET_NTP_2:=""}
103 103
104 104 # APT settings
105 105 APT_PROXY=${APT_PROXY:=""}
106 106 APT_SERVER=${APT_SERVER:="ftp.debian.org"}
107 107
108 108 # Feature settings
109 ENABLE_BLUETOOTH=${ENABLE_BLUETOOTH:=false}
109 110 ENABLE_CONSOLE=${ENABLE_CONSOLE:=true}
110 111 ENABLE_I2C=${ENABLE_I2C:=false}
111 112 ENABLE_SPI=${ENABLE_SPI:=false}
112 113 ENABLE_IPV6=${ENABLE_IPV6:=true}
113 114 ENABLE_SSHD=${ENABLE_SSHD:=true}
114 115 ENABLE_NONFREE=${ENABLE_NONFREE:=false}
115 116 ENABLE_WIRELESS=${ENABLE_WIRELESS:=false}
116 117 ENABLE_SOUND=${ENABLE_SOUND:=true}
117 118 ENABLE_DBUS=${ENABLE_DBUS:=true}
118 119 ENABLE_HWRANDOM=${ENABLE_HWRANDOM:=true}
119 120 ENABLE_MINGPU=${ENABLE_MINGPU:=false}
120 121 ENABLE_XORG=${ENABLE_XORG:=false}
121 122 ENABLE_WM=${ENABLE_WM:=""}
122 123 ENABLE_RSYSLOG=${ENABLE_RSYSLOG:=true}
123 124 ENABLE_USER=${ENABLE_USER:=true}
124 125 USER_NAME=${USER_NAME:="pi"}
125 126 ENABLE_ROOT=${ENABLE_ROOT:=false}
126 127 ENABLE_QEMU=${ENABLE_QEMU:=false}
127 128 ENABLE_SYSVINIT=${ENABLE_SYSVINIT:=false}
128 129
129 130 # SSH settings
130 131 SSH_ENABLE_ROOT=${SSH_ENABLE_ROOT:=false}
131 132 SSH_DISABLE_PASSWORD_AUTH=${SSH_DISABLE_PASSWORD_AUTH:=false}
132 133 SSH_LIMIT_USERS=${SSH_LIMIT_USERS:=false}
133 134 SSH_ROOT_PUB_KEY=${SSH_ROOT_PUB_KEY:=""}
134 135 SSH_USER_PUB_KEY=${SSH_USER_PUB_KEY:=""}
135 136
136 137 # Advanced settings
137 138 ENABLE_MINBASE=${ENABLE_MINBASE:=false}
138 139 ENABLE_REDUCE=${ENABLE_REDUCE:=false}
139 140 ENABLE_UBOOT=${ENABLE_UBOOT:=false}
140 141 UBOOTSRC_DIR=${UBOOTSRC_DIR:=""}
141 142 ENABLE_FBTURBO=${ENABLE_FBTURBO:=false}
142 143 ENABLE_VIDEOCORE=${ENABLE_VIDEOCORE:=false}
143 144 VIDEOCORESRC_DIR=${VIDEOCORESRC_DIR:=""}
144 145 FBTURBOSRC_DIR=${FBTURBOSRC_DIR:=""}
145 146 ENABLE_HARDNET=${ENABLE_HARDNET:=false}
146 147 ENABLE_IPTABLES=${ENABLE_IPTABLES:=false}
147 148 ENABLE_SPLITFS=${ENABLE_SPLITFS:=false}
148 149 ENABLE_INITRAMFS=${ENABLE_INITRAMFS:=false}
149 150 ENABLE_IFNAMES=${ENABLE_IFNAMES:=true}
150 151 DISABLE_UNDERVOLT_WARNINGS=${DISABLE_UNDERVOLT_WARNINGS:=}
151 152
152 153 # Kernel compilation settings
153 154 BUILD_KERNEL=${BUILD_KERNEL:=true}
154 155 KERNEL_REDUCE=${KERNEL_REDUCE:=false}
155 156 KERNEL_THREADS=${KERNEL_THREADS:=1}
156 157 KERNEL_HEADERS=${KERNEL_HEADERS:=true}
157 158 KERNEL_MENUCONFIG=${KERNEL_MENUCONFIG:=false}
158 159 KERNEL_REMOVESRC=${KERNEL_REMOVESRC:=true}
159 160 KERNEL_OLDDEFCONFIG=${KERNEL_OLDDEFCONFIG:=false}
160 161 KERNEL_CCACHE=${KERNEL_CCACHE:=false}
161 162
162 163 # Kernel compilation from source directory settings
163 164 KERNELSRC_DIR=${KERNELSRC_DIR:=""}
164 165 KERNELSRC_CLEAN=${KERNELSRC_CLEAN:=false}
165 166 KERNELSRC_CONFIG=${KERNELSRC_CONFIG:=true}
166 167 KERNELSRC_PREBUILT=${KERNELSRC_PREBUILT:=false}
167 168
168 169 # Reduce disk usage settings
169 170 REDUCE_APT=${REDUCE_APT:=true}
170 171 REDUCE_DOC=${REDUCE_DOC:=true}
171 172 REDUCE_MAN=${REDUCE_MAN:=true}
172 173 REDUCE_VIM=${REDUCE_VIM:=false}
173 174 REDUCE_BASH=${REDUCE_BASH:=false}
174 175 REDUCE_HWDB=${REDUCE_HWDB:=true}
175 176 REDUCE_SSHD=${REDUCE_SSHD:=true}
176 177 REDUCE_LOCALE=${REDUCE_LOCALE:=true}
177 178
178 179 # Encrypted filesystem settings
179 180 ENABLE_CRYPTFS=${ENABLE_CRYPTFS:=false}
180 181 CRYPTFS_PASSWORD=${CRYPTFS_PASSWORD:=""}
181 182 CRYPTFS_MAPPING=${CRYPTFS_MAPPING:="secure"}
182 183 CRYPTFS_CIPHER=${CRYPTFS_CIPHER:="aes-xts-plain64:sha512"}
183 184 CRYPTFS_XTSKEYSIZE=${CRYPTFS_XTSKEYSIZE:=512}
184 185
185 186 # Chroot scripts directory
186 187 CHROOT_SCRIPTS=${CHROOT_SCRIPTS:=""}
187 188
188 189 # Packages required in the chroot build environment
189 190 APT_INCLUDES=${APT_INCLUDES:=""}
190 191 APT_INCLUDES="${APT_INCLUDES},apt-transport-https,apt-utils,ca-certificates,debian-archive-keyring,dialog,sudo,systemd,sysvinit-utils,locales,keyboard-configuration,console-setup,libnss-systemd"
191 192
192 193 # Packages to exclude from chroot build environment
193 194 APT_EXCLUDES=${APT_EXCLUDES:=""}
194 195
195 196 # Packages required for bootstrapping
196 197 REQUIRED_PACKAGES="debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git bc psmisc dbus sudo"
197 198 MISSING_PACKAGES=""
198 199
199 200 # Packages installed for c/c++ build environment in chroot (keep empty)
200 201 COMPILER_PACKAGES=""
201 202
202 203 set +x
203 204
204 205 #Check if apt-cacher-ng has port 3142 open and set APT_PROXY
205 206 APT_CACHER_RUNNING=$(lsof -i :3142 | grep apt-cacher-ng | cut -d ' ' -f3 | uniq)
206 207 if [ -n ${APT_CACHER_RUNNING} ] ; then
207 208 APT_PROXY=http://127.0.0.1:3142/
208 209 fi
209 210
210 211 # Setup architecture specific settings
211 212 if [ -n "$SET_ARCH" ] ; then
212 213 # 64 bit configuration
213 214 if [ "$SET_ARCH" = 64 ] ; then
214 215 # General 64 bit depended settings
215 216 QEMU_BINARY=${QEMU_BINARY:=/usr/bin/qemu-aarch64-static}
216 217 KERNEL_ARCH=${KERNEL_ARCH:=arm64}
217 218 KERNEL_BIN_IMAGE=${KERNEL_BIN_IMAGE:="Image"}
218 219
219 220 # Board specific settings
220 221 if [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then
221 222 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-arm64"
222 223 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcmrpi3_defconfig}
223 224 RELEASE_ARCH=${RELEASE_ARCH:=arm64}
224 225 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel8.img}
225 226 CROSS_COMPILE=${CROSS_COMPILE:=aarch64-linux-gnu-}
226 227 else
227 228 echo "error: Only Raspberry PI 3 and 3B+ support 64 bit"
228 229 exit 1
229 230 fi
230 231 fi
231 232
232 233 # 32 bit configuration
233 234 if [ "$SET_ARCH" = 32 ] ; then
234 235 # General 32 bit dependend settings
235 236 QEMU_BINARY=${QEMU_BINARY:=/usr/bin/qemu-arm-static}
236 237 KERNEL_ARCH=${KERNEL_ARCH:=arm}
237 238 KERNEL_BIN_IMAGE=${KERNEL_BIN_IMAGE:="zImage"}
238 239
239 240 # Hardware specific settings
240 241 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 1 ] || [ "$RPI_MODEL" = 1P ] ; then
241 242 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-armel"
242 243 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcmrpi_defconfig}
243 244 RELEASE_ARCH=${RELEASE_ARCH:=armel}
244 245 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel.img}
245 246 CROSS_COMPILE=${CROSS_COMPILE:=arm-linux-gnueabi-}
246 247 fi
247 248
248 249 # Hardware specific settings
249 250 if [ "$RPI_MODEL" = 2 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then
250 251 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-armhf"
251 252 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcm2709_defconfig}
252 253 RELEASE_ARCH=${RELEASE_ARCH:=armhf}
253 254 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel7.img}
254 255 CROSS_COMPILE=${CROSS_COMPILE:=arm-linux-gnueabihf-}
255 256 fi
256 257 fi
257 258 #SET_ARCH not set
258 259 else
259 260 echo "error: Please set '32' or '64' as value for SET_ARCH"
260 261 exit 1
261 262 fi
262 263 # Device specific configuration and U-Boot configuration
263 264 case "$RPI_MODEL" in
264 265 0)
265 266 DTB_FILE=${DTB_FILE:=bcm2708-rpi-0-w.dtb}
266 267 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_defconfig}
267 268 ;;
268 269 1)
269 270 DTB_FILE=${DTB_FILE:=bcm2708-rpi-b.dtb}
270 271 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_defconfig}
271 272 ;;
272 273 1P)
273 274 DTB_FILE=${DTB_FILE:=bcm2708-rpi-b-plus.dtb}
274 275 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_defconfig}
275 276 ;;
276 277 2)
277 278 DTB_FILE=${DTB_FILE:=bcm2709-rpi-2-b.dtb}
278 279 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_2_defconfig}
279 280 ;;
280 281 3)
281 282 DTB_FILE=${DTB_FILE:=bcm2710-rpi-3-b.dtb}
282 283 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_3_defconfig}
283 284 ;;
284 285 3P)
285 286 DTB_FILE=${DTB_FILE:=bcm2710-rpi-3-b.dtb}
286 287 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_3_defconfig}
287 288 ;;
288 289 *)
289 290 echo "error: Raspberry Pi model $RPI_MODEL is not supported!"
290 291 exit 1
291 292 ;;
292 293 esac
293 294
294 295 # Prepare date string for default image file name
295 296 DATE="$(date +%Y-%m-%d)"
296 297 if [ -z "$KERNEL_BRANCH" ] ; then
297 298 IMAGE_NAME=${IMAGE_NAME:=${BASEDIR}/${DATE}-${KERNEL_ARCH}-CURRENT-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}}
298 299 else
299 300 IMAGE_NAME=${IMAGE_NAME:=${BASEDIR}/${DATE}-${KERNEL_ARCH}-${KERNEL_BRANCH}-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}}
300 301 fi
301 302
302 303 # Check if the internal wireless interface is supported by the RPi model
303 304 if [ "$ENABLE_WIRELESS" = true ] ; then
304 305 if [ "$RPI_MODEL" = 1 ] || [ "$RPI_MODEL" = 1P ] || [ "$RPI_MODEL" = 2 ] ; then
305 306 echo "error: The selected Raspberry Pi model has no internal wireless interface"
306 307 exit 1
307 308 fi
308 309 fi
309 310
310 311 # Check if DISABLE_UNDERVOLT_WARNINGS parameter value is supported
311 312 if [ -n "$DISABLE_UNDERVOLT_WARNINGS" ] ; then
312 313 if [ "$DISABLE_UNDERVOLT_WARNINGS" != 1 ] && [ "$DISABLE_UNDERVOLT_WARNINGS" != 2 ] ; then
313 314 echo "error: DISABLE_UNDERVOLT_WARNINGS=${DISABLE_UNDERVOLT_WARNINGS} is not supported"
314 315 exit 1
315 316 fi
316 317 fi
317 318
318 319 # Add cmake to compile videocore sources
319 320 if [ "$ENABLE_VIDEOCORE" = true ] ; then
320 321 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} cmake"
321 322 fi
322 323
323 324 # Add libncurses5 to enable kernel menuconfig
324 325 if [ "$KERNEL_MENUCONFIG" = true ] ; then
325 326 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} libncurses-dev"
326 327 fi
327 328
328 329 # Add ccache compiler cache for (faster) kernel cross (re)compilation
329 330 if [ "$KERNEL_CCACHE" = true ] ; then
330 331 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} ccache"
331 332 fi
332 333
333 334 # Add cryptsetup package to enable filesystem encryption
334 335 if [ "$ENABLE_CRYPTFS" = true ] && [ "$BUILD_KERNEL" = true ] ; then
335 336 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} cryptsetup"
336 337 APT_INCLUDES="${APT_INCLUDES},cryptsetup,busybox,console-setup"
337 338
338 339 if [ -z "$CRYPTFS_PASSWORD" ] ; then
339 340 echo "error: no password defined (CRYPTFS_PASSWORD)!"
340 341 exit 1
341 342 fi
342 343 ENABLE_INITRAMFS=true
343 344 fi
344 345
345 346 # Add initramfs generation tools
346 347 if [ "$ENABLE_INITRAMFS" = true ] && [ "$BUILD_KERNEL" = true ] ; then
347 348 APT_INCLUDES="${APT_INCLUDES},initramfs-tools"
348 349 fi
349 350
350 351 # Add device-tree-compiler required for building the U-Boot bootloader
351 352 if [ "$ENABLE_UBOOT" = true ] ; then
352 353 APT_INCLUDES="${APT_INCLUDES},device-tree-compiler,bison,flex,bc"
353 354 fi
354 355
356 if [ "$ENABLE_BLUETOOTH" = true ] ; then
357 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then
358 if [ "$ENABLE_CONSOLE" = false ] ; then
359 APT_INCLUDES="${APT_INCLUDES},bluetooth,bluez"
360 fi
361 fi
362 fi
363
355 364 # Check if root SSH (v2) public key file exists
356 365 if [ -n "$SSH_ROOT_PUB_KEY" ] ; then
357 366 if [ ! -f "$SSH_ROOT_PUB_KEY" ] ; then
358 367 echo "error: '$SSH_ROOT_PUB_KEY' specified SSH public key file not found (SSH_ROOT_PUB_KEY)!"
359 368 exit 1
360 369 fi
361 370 fi
362 371
363 372 # Check if $USER_NAME SSH (v2) public key file exists
364 373 if [ -n "$SSH_USER_PUB_KEY" ] ; then
365 374 if [ ! -f "$SSH_USER_PUB_KEY" ] ; then
366 375 echo "error: '$SSH_USER_PUB_KEY' specified SSH public key file not found (SSH_USER_PUB_KEY)!"
367 376 exit 1
368 377 fi
369 378 fi
370 379
371 380 # Check if all required packages are installed on the build system
372 381 for package in $REQUIRED_PACKAGES ; do
373 382 if [ "$(dpkg-query -W -f='${Status}' "$package")" != "install ok installed" ] ; then
374 383 MISSING_PACKAGES="${MISSING_PACKAGES} $package"
375 384 fi
376 385 done
377 386
378 387 # If there are missing packages ask confirmation for install, or exit
379 388 if [ -n "$MISSING_PACKAGES" ] ; then
380 389 echo "the following packages needed by this script are not installed:"
381 390 echo "$MISSING_PACKAGES"
382 391
383 392 printf "\ndo you want to install the missing packages right now? [y/n] "
384 393 read -r confirm
385 394 [ "$confirm" != "y" ] && exit 1
386 395
387 396 # Make sure all missing required packages are installed
388 397 apt-get -qq -y install "${MISSING_PACKAGES}"
389 398 fi
390 399
391 400 # Check if ./bootstrap.d directory exists
392 401 if [ ! -d "./bootstrap.d/" ] ; then
393 402 echo "error: './bootstrap.d' required directory not found!"
394 403 exit 1
395 404 fi
396 405
397 406 # Check if ./files directory exists
398 407 if [ ! -d "./files/" ] ; then
399 408 echo "error: './files' required directory not found!"
400 409 exit 1
401 410 fi
402 411
403 412 # Check if specified KERNELSRC_DIR directory exists
404 413 if [ -n "$KERNELSRC_DIR" ] && [ ! -d "$KERNELSRC_DIR" ] ; then
405 414 echo "error: '${KERNELSRC_DIR}' specified directory not found (KERNELSRC_DIR)!"
406 415 exit 1
407 416 fi
408 417
409 418 # Check if specified UBOOTSRC_DIR directory exists
410 419 if [ -n "$UBOOTSRC_DIR" ] && [ ! -d "$UBOOTSRC_DIR" ] ; then
411 420 echo "error: '${UBOOTSRC_DIR}' specified directory not found (UBOOTSRC_DIR)!"
412 421 exit 1
413 422 fi
414 423
415 424 # Check if specified VIDEOCORESRC_DIR directory exists
416 425 if [ -n "$VIDEOCORESRC_DIR" ] && [ ! -d "$VIDEOCORESRC_DIR" ] ; then
417 426 echo "error: '${VIDEOCORESRC_DIR}' specified directory not found (VIDEOCORESRC_DIR)!"
418 427 exit 1
419 428 fi
420 429
421 430 # Check if specified FBTURBOSRC_DIR directory exists
422 431 if [ -n "$FBTURBOSRC_DIR" ] && [ ! -d "$FBTURBOSRC_DIR" ] ; then
423 432 echo "error: '${FBTURBOSRC_DIR}' specified directory not found (FBTURBOSRC_DIR)!"
424 433 exit 1
425 434 fi
426 435
427 436 # Check if specified CHROOT_SCRIPTS directory exists
428 437 if [ -n "$CHROOT_SCRIPTS" ] && [ ! -d "$CHROOT_SCRIPTS" ] ; then
429 438 echo "error: ${CHROOT_SCRIPTS} specified directory not found (CHROOT_SCRIPTS)!"
430 439 exit 1
431 440 fi
432 441
433 442 # Check if specified device mapping already exists (will be used by cryptsetup)
434 443 if [ -r "/dev/mapping/${CRYPTFS_MAPPING}" ] ; then
435 444 echo "error: mapping /dev/mapping/${CRYPTFS_MAPPING} already exists, not proceeding"
436 445 exit 1
437 446 fi
438 447
439 448 # Don't clobber an old build
440 449 if [ -e "$BUILDDIR" ] ; then
441 450 echo "error: directory ${BUILDDIR} already exists, not proceeding"
442 451 exit 1
443 452 fi
444 453
445 454 # Setup chroot directory
446 455 mkdir -p "${R}"
447 456
448 457 # Check if build directory has enough of free disk space >512MB
449 458 if [ "$(df --output=avail "${BUILDDIR}" | sed "1d")" -le "524288" ] ; then
450 459 echo "error: ${BUILDDIR} not enough space left to generate the output image!"
451 460 exit 1
452 461 fi
453 462
454 463 set -x
455 464
456 465 # Call "cleanup" function on various signals and errors
457 466 trap cleanup 0 1 2 3 6
458 467
459 468 # Add required packages for the minbase installation
460 469 if [ "$ENABLE_MINBASE" = true ] ; then
461 470 APT_INCLUDES="${APT_INCLUDES},vim-tiny,netbase,net-tools,ifupdown"
462 471 fi
463 472
464 473 # Add parted package, required to get partprobe utility
465 474 if [ "$EXPANDROOT" = true ] ; then
466 475 APT_INCLUDES="${APT_INCLUDES},parted"
467 476 fi
468 477
469 478 # Add dbus package, recommended if using systemd
470 479 if [ "$ENABLE_DBUS" = true ] ; then
471 480 APT_INCLUDES="${APT_INCLUDES},dbus"
472 481 fi
473 482
474 483 # Add iptables IPv4/IPv6 package
475 484 if [ "$ENABLE_IPTABLES" = true ] ; then
476 485 APT_INCLUDES="${APT_INCLUDES},iptables,iptables-persistent"
477 486 fi
478 487
479 488 # Add openssh server package
480 489 if [ "$ENABLE_SSHD" = true ] ; then
481 490 APT_INCLUDES="${APT_INCLUDES},openssh-server"
482 491 fi
483 492
484 493 # Add alsa-utils package
485 494 if [ "$ENABLE_SOUND" = true ] ; then
486 495 APT_INCLUDES="${APT_INCLUDES},alsa-utils"
487 496 fi
488 497
489 498 # Add rng-tools package
490 499 if [ "$ENABLE_HWRANDOM" = true ] ; then
491 500 APT_INCLUDES="${APT_INCLUDES},rng-tools"
492 501 fi
493 502
494 503 # Add fbturbo video driver
495 504 if [ "$ENABLE_FBTURBO" = true ] ; then
496 505 # Enable xorg package dependencies
497 506 ENABLE_XORG=true
498 507 fi
499 508
500 509 # Add user defined window manager package
501 510 if [ -n "$ENABLE_WM" ] ; then
502 511 APT_INCLUDES="${APT_INCLUDES},${ENABLE_WM}"
503 512
504 513 # Enable xorg package dependencies
505 514 ENABLE_XORG=true
506 515 fi
507 516
508 517 # Add xorg package
509 518 if [ "$ENABLE_XORG" = true ] ; then
510 519 APT_INCLUDES="${APT_INCLUDES},xorg,dbus-x11"
511 520 fi
512 521
513 522 # Replace selected packages with smaller clones
514 523 if [ "$ENABLE_REDUCE" = true ] ; then
515 524 # Add levee package instead of vim-tiny
516 525 if [ "$REDUCE_VIM" = true ] ; then
517 526 APT_INCLUDES="$(echo ${APT_INCLUDES} | sed "s/vim-tiny/levee/")"
518 527 fi
519 528
520 529 # Add dropbear package instead of openssh-server
521 530 if [ "$REDUCE_SSHD" = true ] ; then
522 531 APT_INCLUDES="$(echo "${APT_INCLUDES}" | sed "s/openssh-server/dropbear/")"
523 532 fi
524 533 fi
525 534
526 535 # Configure systemd-sysv exclude to make halt/reboot/shutdown scripts available
527 536 if [ "$ENABLE_SYSVINIT" = false ] ; then
528 537 APT_EXCLUDES="--exclude=${APT_EXCLUDES},init,systemd-sysv"
529 538 fi
530 539
531 540 # Check if kernel is getting compiled
532 541 if [ "$BUILD_KERNEL" = false ] ; then
533 542 echo "Downloading precompiled kernel"
534 543 echo "error: not configured"
535 544 exit 1;
536 545 # BUILD_KERNEL=true
537 546 else
538 547 echo "No precompiled kernel repositories were added"
539 548 fi
540 549
541 550 # Configure kernel sources if no KERNELSRC_DIR
542 551 if [ "$BUILD_KERNEL" = true ] && [ -z "$KERNELSRC_DIR" ] ; then
543 552 KERNELSRC_CONFIG=true
544 553 fi
545 554
546 555 # Configure reduced kernel
547 556 if [ "$KERNEL_REDUCE" = true ] ; then
548 557 KERNELSRC_CONFIG=false
549 558 fi
550 559
551 560 # Configure qemu compatible kernel
552 561 if [ "$ENABLE_QEMU" = true ] ; then
553 562 DTB_FILE=vexpress-v2p-ca15_a7.dtb
554 563 UBOOT_CONFIG=vexpress_ca15_tc2_defconfig
555 564 KERNEL_DEFCONFIG="vexpress_defconfig"
556 565 if [ "$KERNEL_MENUCONFIG" = false ] ; then
557 566 KERNEL_OLDDEFCONFIG=true
558 567 fi
559 568 fi
560 569
561 570 # Execute bootstrap scripts
562 571 for SCRIPT in bootstrap.d/*.sh; do
563 572 head -n 3 "$SCRIPT"
564 573 . "$SCRIPT"
565 574 done
566 575
567 576 ## Execute custom bootstrap scripts
568 577 if [ -d "custom.d" ] ; then
569 578 for SCRIPT in custom.d/*.sh; do
570 579 . "$SCRIPT"
571 580 done
572 581 fi
573 582
574 583 # Execute custom scripts inside the chroot
575 584 if [ -n "$CHROOT_SCRIPTS" ] && [ -d "$CHROOT_SCRIPTS" ] ; then
576 585 cp -r "${CHROOT_SCRIPTS}" "${R}/chroot_scripts"
577 586 chroot_exec /bin/bash -x <<'EOF'
578 587 for SCRIPT in /chroot_scripts/* ; do
579 588 if [ -f $SCRIPT -a -x $SCRIPT ] ; then
580 589 $SCRIPT
581 590 fi
582 591 done
583 592 EOF
584 593 rm -rf "${R}/chroot_scripts"
585 594 fi
586 595
587 596 # Remove c/c++ build environment from the chroot
588 597 chroot_remove_cc
589 598
590 599 # Generate required machine-id
591 600 MACHINE_ID=$(dbus-uuidgen)
592 601 echo -n "${MACHINE_ID}" > "${R}/var/lib/dbus/machine-id"
593 602 echo -n "${MACHINE_ID}" > "${ETC_DIR}/machine-id"
594 603
595 604 # APT Cleanup
596 605 chroot_exec apt-get -y clean
597 606 chroot_exec apt-get -y autoclean
598 607 chroot_exec apt-get -y autoremove
599 608
600 609 # Unmount mounted filesystems
601 610 umount -l "${R}/proc"
602 611 umount -l "${R}/sys"
603 612
604 613 # Clean up directories
605 614 rm -rf "${R}/run/*"
606 615 rm -rf "${R}/tmp/*"
607 616
608 617 # Clean up files
609 618 rm -f "${ETC_DIR}/ssh/ssh_host_*"
610 619 rm -f "${ETC_DIR}/dropbear/dropbear_*"
611 620 rm -f "${ETC_DIR}/apt/sources.list.save"
612 621 rm -f "${ETC_DIR}/resolvconf/resolv.conf.d/original"
613 622 rm -f "${ETC_DIR}/*-"
614 623 rm -f "${ETC_DIR}/apt/apt.conf.d/10proxy"
615 624 rm -f "${ETC_DIR}/resolv.conf"
616 625 rm -f "${R}/root/.bash_history"
617 626 rm -f "${R}/var/lib/urandom/random-seed"
618 627 rm -f "${R}/initrd.img"
619 628 rm -f "${R}/vmlinuz"
620 629 rm -f "${R}${QEMU_BINARY}"
621 630
622 631 if [ "$ENABLE_QEMU" = true ] ; then
623 632 # Setup QEMU directory
624 633 mkdir "${BASEDIR}/qemu"
625 634
626 635 # Copy kernel image to QEMU directory
627 636 install_readonly "${BOOT_DIR}/${KERNEL_IMAGE}" "${BASEDIR}/qemu/${KERNEL_IMAGE}"
628 637
629 638 # Copy kernel config to QEMU directory
630 639 install_readonly "${R}/boot/config-${KERNEL_VERSION}" "${BASEDIR}/qemu/config-${KERNEL_VERSION}"
631 640
632 641 # Copy kernel dtbs to QEMU directory
633 642 for dtb in "${BOOT_DIR}/"*.dtb ; do
634 643 if [ -f "${dtb}" ] ; then
635 644 install_readonly "${dtb}" "${BASEDIR}/qemu/"
636 645 fi
637 646 done
638 647
639 648 # Copy kernel overlays to QEMU directory
640 649 if [ -d "${BOOT_DIR}/overlays" ] ; then
641 650 # Setup overlays dtbs directory
642 651 mkdir "${BASEDIR}/qemu/overlays"
643 652
644 653 for dtb in "${BOOT_DIR}/overlays/"*.dtb ; do
645 654 if [ -f "${dtb}" ] ; then
646 655 install_readonly "${dtb}" "${BASEDIR}/qemu/overlays/"
647 656 fi
648 657 done
649 658 fi
650 659
651 660 # Copy u-boot files to QEMU directory
652 661 if [ "$ENABLE_UBOOT" = true ] ; then
653 662 if [ -f "${BOOT_DIR}/u-boot.bin" ] ; then
654 663 install_readonly "${BOOT_DIR}/u-boot.bin" "${BASEDIR}/qemu/u-boot.bin"
655 664 fi
656 665 if [ -f "${BOOT_DIR}/uboot.mkimage" ] ; then
657 666 install_readonly "${BOOT_DIR}/uboot.mkimage" "${BASEDIR}/qemu/uboot.mkimage"
658 667 fi
659 668 if [ -f "${BOOT_DIR}/boot.scr" ] ; then
660 669 install_readonly "${BOOT_DIR}/boot.scr" "${BASEDIR}/qemu/boot.scr"
661 670 fi
662 671 fi
663 672
664 673 # Copy initramfs to QEMU directory
665 674 if [ -f "${BOOT_DIR}/initramfs-${KERNEL_VERSION}" ] ; then
666 675 install_readonly "${BOOT_DIR}/initramfs-${KERNEL_VERSION}" "${BASEDIR}/qemu/initramfs-${KERNEL_VERSION}"
667 676 fi
668 677 fi
669 678
670 679 # Calculate size of the chroot directory in KB
671 680 CHROOT_SIZE=$(expr "$(du -s "${R}" | awk '{ print $1 }')")
672 681
673 682 # Calculate the amount of needed 512 Byte sectors
674 683 TABLE_SECTORS=$(expr 1 \* 1024 \* 1024 \/ 512)
675 684 FRMW_SECTORS=$(expr 64 \* 1024 \* 1024 \/ 512)
676 685 ROOT_OFFSET=$(expr "${TABLE_SECTORS}" + "${FRMW_SECTORS}")
677 686
678 687 # The root partition is EXT4
679 688 # This means more space than the actual used space of the chroot is used.
680 689 # As overhead for journaling and reserved blocks 35% are added.
681 690 ROOT_SECTORS=$(expr "$(expr "${CHROOT_SIZE}" + "${CHROOT_SIZE}" \/ 100 \* 35)" \* 1024 \/ 512)
682 691
683 692 # Calculate required image size in 512 Byte sectors
684 693 IMAGE_SECTORS=$(expr "${TABLE_SECTORS}" + "${FRMW_SECTORS}" + "${ROOT_SECTORS}")
685 694
686 695 # Prepare image file
687 696 if [ "$ENABLE_SPLITFS" = true ] ; then
688 697 dd if=/dev/zero of="$IMAGE_NAME-frmw.img" bs=512 count="${TABLE_SECTORS}"
689 698 dd if=/dev/zero of="$IMAGE_NAME-frmw.img" bs=512 count=0 seek="${FRMW_SECTORS}"
690 699 dd if=/dev/zero of="$IMAGE_NAME-root.img" bs=512 count="${TABLE_SECTORS}"
691 700 dd if=/dev/zero of="$IMAGE_NAME-root.img" bs=512 count=0 seek="${ROOT_SECTORS}"
692 701
693 702 # Write firmware/boot partition tables
694 703 sfdisk -q -L -uS -f "$IMAGE_NAME-frmw.img" 2> /dev/null <<EOM
695 704 ${TABLE_SECTORS},${FRMW_SECTORS},c,*
696 705 EOM
697 706
698 707 # Write root partition table
699 708 sfdisk -q -L -uS -f "$IMAGE_NAME-root.img" 2> /dev/null <<EOM
700 709 ${TABLE_SECTORS},${ROOT_SECTORS},83
701 710 EOM
702 711
703 712 # Setup temporary loop devices
704 713 FRMW_LOOP="$(losetup -o 1M --sizelimit 64M -f --show "$IMAGE_NAME"-frmw.img)"
705 714 ROOT_LOOP="$(losetup -o 1M -f --show "$IMAGE_NAME"-root.img)"
706 715 else # ENABLE_SPLITFS=false
707 716 dd if=/dev/zero of="$IMAGE_NAME.img" bs=512 count="${TABLE_SECTORS}"
708 717 dd if=/dev/zero of="$IMAGE_NAME.img" bs=512 count=0 seek="${IMAGE_SECTORS}"
709 718
710 719 # Write partition table
711 720 sfdisk -q -L -uS -f "$IMAGE_NAME.img" 2> /dev/null <<EOM
712 721 ${TABLE_SECTORS},${FRMW_SECTORS},c,*
713 722 ${ROOT_OFFSET},${ROOT_SECTORS},83
714 723 EOM
715 724
716 725 # Setup temporary loop devices
717 726 FRMW_LOOP="$(losetup -o 1M --sizelimit 64M -f --show "$IMAGE_NAME".img)"
718 727 ROOT_LOOP="$(losetup -o 65M -f --show "$IMAGE_NAME".img)"
719 728 fi
720 729
721 730 if [ "$ENABLE_CRYPTFS" = true ] ; then
722 731 # Create dummy ext4 fs
723 732 mkfs.ext4 "$ROOT_LOOP"
724 733
725 734 # Setup password keyfile
726 735 touch .password
727 736 chmod 600 .password
728 737 echo -n ${CRYPTFS_PASSWORD} > .password
729 738
730 739 # Initialize encrypted partition
731 740 echo "YES" | cryptsetup luksFormat "${ROOT_LOOP}" -c "${CRYPTFS_CIPHER}" -s "${CRYPTFS_XTSKEYSIZE}" .password
732 741
733 742 # Open encrypted partition and setup mapping
734 743 cryptsetup luksOpen "${ROOT_LOOP}" -d .password "${CRYPTFS_MAPPING}"
735 744
736 745 # Secure delete password keyfile
737 746 shred -zu .password
738 747
739 748 # Update temporary loop device
740 749 ROOT_LOOP="/dev/mapper/${CRYPTFS_MAPPING}"
741 750
742 751 # Wipe encrypted partition (encryption cipher is used for randomness)
743 752 dd if=/dev/zero of="${ROOT_LOOP}" bs=512 count="$(blockdev --getsz "${ROOT_LOOP}")"
744 753 fi
745 754
746 755 # Build filesystems
747 756 mkfs.vfat "$FRMW_LOOP"
748 757 mkfs.ext4 "$ROOT_LOOP"
749 758
750 759 # Mount the temporary loop devices
751 760 mkdir -p "$BUILDDIR/mount"
752 761 mount "$ROOT_LOOP" "$BUILDDIR/mount"
753 762
754 763 mkdir -p "$BUILDDIR/mount/boot/firmware"
755 764 mount "$FRMW_LOOP" "$BUILDDIR/mount/boot/firmware"
756 765
757 766 # Copy all files from the chroot to the loop device mount point directory
758 767 rsync -a "${R}/" "$BUILDDIR/mount/"
759 768
760 769 # Unmount all temporary loop devices and mount points
761 770 cleanup
762 771
763 772 # Create block map file(s) of image(s)
764 773 if [ "$ENABLE_SPLITFS" = true ] ; then
765 774 # Create block map files for "bmaptool"
766 775 bmaptool create -o "$IMAGE_NAME-frmw.bmap" "$IMAGE_NAME-frmw.img"
767 776 bmaptool create -o "$IMAGE_NAME-root.bmap" "$IMAGE_NAME-root.img"
768 777
769 778 # Image was successfully created
770 779 echo "$IMAGE_NAME-frmw.img ($(expr \( "${TABLE_SECTORS}" + "${FRMW_SECTORS}" \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
771 780 echo "$IMAGE_NAME-root.img ($(expr \( "${TABLE_SECTORS}" + "${ROOT_SECTORS}" \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
772 781 else
773 782 # Create block map file for "bmaptool"
774 783 bmaptool create -o "$IMAGE_NAME.bmap" "$IMAGE_NAME.img"
775 784
776 785 # Image was successfully created
777 786 echo "$IMAGE_NAME.img ($(expr \( "${TABLE_SECTORS}" + "${FRMW_SECTORS}" + "${ROOT_SECTORS}" \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
778 787
779 788 # Create qemu qcow2 image
780 789 if [ "$ENABLE_QEMU" = true ] ; then
781 790 QEMU_IMAGE=${QEMU_IMAGE:=${BASEDIR}/qemu/${DATE}-${KERNEL_ARCH}-CURRENT-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}}
782 791 QEMU_SIZE=16G
783 792
784 793 qemu-img convert -f raw -O qcow2 "$IMAGE_NAME".img "$QEMU_IMAGE".qcow2
785 794 qemu-img resize "$QEMU_IMAGE".qcow2 $QEMU_SIZE
786 795
787 796 echo "$QEMU_IMAGE.qcow2 ($QEMU_SIZE)" ": successfully created"
788 797 fi
789 798 fi
General Comments 0
Vous devez vous connecter pour laisser un commentaire. Se connecter maintenant