Raspi2-3_GenImage Commit - r55:27d947162017 · Collaboration Tremplin des Sciences

1

#!/bin/sh

1

#!/bin/sh

2

3

########################################################################

3

########################################################################

4

# rpi2-gen-image.sh ver2a 12/2015

4

# rpi2-gen-image.sh ver2a 12/2015

5

#

5

#

6

# Advanced debian "jessie" bootstrap script for RPi2

6

# Advanced debian "jessie" bootstrap script for RPi2

7

#

7

#

8

# This program is free software; you can redistribute it and/or

8

# This program is free software; you can redistribute it and/or

9

# modify it under the terms of the GNU General Public License

9

# modify it under the terms of the GNU General Public License

10

# as published by the Free Software Foundation; either version 2

10

# as published by the Free Software Foundation; either version 2

11

# of the License, or (at your option) any later version.

11

# of the License, or (at your option) any later version.

12

#

12

#

13

# some parts based on rpi2-build-image:

13

# some parts based on rpi2-build-image:

14

15

16

########################################################################

16

########################################################################

17

18

# Clean up all temporary mount points

18

# Clean up all temporary mount points

19

cleanup (){

19

cleanup (){

20

set +x

20

set +x

21

set +e

21

set +e

22

echo "removing temporary mount points ..."

22

echo "removing temporary mount points ..."

23

umount -l $R/proc 2> /dev/null

23

umount -l $R/proc 2> /dev/null

24

umount -l $R/sys 2> /dev/null

24

umount -l $R/sys 2> /dev/null

25

umount -l $R/dev/pts 2> /dev/null

25

umount -l $R/dev/pts 2> /dev/null

26

umount "$BUILDDIR/mount/boot/firmware" 2> /dev/null

26

umount "$BUILDDIR/mount/boot/firmware" 2> /dev/null

27

umount "$BUILDDIR/mount" 2> /dev/null

27

umount "$BUILDDIR/mount" 2> /dev/null

28

losetup -d "$EXT4_LOOP" 2> /dev/null

28

losetup -d "$EXT4_LOOP" 2> /dev/null

29

losetup -d "$VFAT_LOOP" 2> /dev/null

29

losetup -d "$VFAT_LOOP" 2> /dev/null

30

trap - 0 1 2 3 6

30

trap - 0 1 2 3 6

31

}

31

}

32

33

# Exec command in chroot

33

# Exec command in chroot

34

chroot_exec() {

34

chroot_exec() {

35

LANG=C LC_ALL=C chroot $R $*

35

LANG=C LC_ALL=C chroot $R $*

36

}

36

}

37

38

set -e

38

set -e

39

set -x

39

set -x

40

41

# Debian release

41

# Debian release

42

RELEASE=${RELEASE:=jessie}

42

RELEASE=${RELEASE:=jessie}

43

KERNEL=${KERNEL:=3.18.0-trunk-rpi2}

43

KERNEL=${KERNEL:=3.18.0-trunk-rpi2}

44

45

# Build settings

45

# Build settings

46

BASEDIR=./images/${RELEASE}

46

BASEDIR=./images/${RELEASE}

47

BUILDDIR=${BASEDIR}/build

47

BUILDDIR=${BASEDIR}/build

48

49

# General settings

49

# General settings

50

HOSTNAME=${HOSTNAME:=rpi2-${RELEASE}}

50

HOSTNAME=${HOSTNAME:=rpi2-${RELEASE}}

51

PASSWORD=${PASSWORD:=raspberry}

51

PASSWORD=${PASSWORD:=raspberry}

52

DEFLOCAL=${DEFLOCAL:="en_US.UTF-8"}

52

DEFLOCAL=${DEFLOCAL:="en_US.UTF-8"}

53

TIMEZONE=${TIMEZONE:="Europe/Berlin"}

53

TIMEZONE=${TIMEZONE:="Europe/Berlin"}

54

XKBMODEL=${XKBMODEL:=""}

54

XKBMODEL=${XKBMODEL:=""}

55

XKBLAYOUT=${XKBLAYOUT:=""}

55

XKBLAYOUT=${XKBLAYOUT:=""}

56

XKBVARIANT=${XKBVARIANT:=""}

56

XKBVARIANT=${XKBVARIANT:=""}

57

XKBOPTIONS=${XKBOPTIONS:=""}

57

XKBOPTIONS=${XKBOPTIONS:=""}

58

EXPANDROOT=${EXPANDROOT:=true}

58

EXPANDROOT=${EXPANDROOT:=true}

59

60

# Network settings

60

# Network settings

61

ENABLE_DHCP=${ENABLE_DHCP:=true}

61

ENABLE_DHCP=${ENABLE_DHCP:=true}

62

# NET_* settings are ignored when ENABLE_DHCP=true

62

# NET_* settings are ignored when ENABLE_DHCP=true

63

# NET_ADDRESS is an IPv4 or IPv6 address and its prefix, separated by "/"

63

# NET_ADDRESS is an IPv4 or IPv6 address and its prefix, separated by "/"

64

NET_ADDRESS=${NET_ADDRESS:=""}

64

NET_ADDRESS=${NET_ADDRESS:=""}

65

NET_GATEWAY=${NET_GATEWAY:=""}

65

NET_GATEWAY=${NET_GATEWAY:=""}

66

NET_DNS_1=${NET_DNS_1:=""}

66

NET_DNS_1=${NET_DNS_1:=""}

67

NET_DNS_2=${NET_DNS_2:=""}

67

NET_DNS_2=${NET_DNS_2:=""}

68

NET_DNS_DOMAINS=${NET_DNS_DOMAINS:=""}

68

NET_DNS_DOMAINS=${NET_DNS_DOMAINS:=""}

69

NET_NTP_1=${NET_NTP_1:=""}

69

NET_NTP_1=${NET_NTP_1:=""}

70

NET_NTP_2=${NET_NTP_2:=""}

70

NET_NTP_2=${NET_NTP_2:=""}

71

72

# APT settings

72

# APT settings

73

APT_PROXY=${APT_PROXY:=""}

73

APT_PROXY=${APT_PROXY:=""}

74

APT_SERVER=${APT_SERVER:="ftp.debian.org"}

74

APT_SERVER=${APT_SERVER:="ftp.debian.org"}

75

76

# Feature settings

76

# Feature settings

77

ENABLE_CONSOLE=${ENABLE_CONSOLE:=true}

77

ENABLE_CONSOLE=${ENABLE_CONSOLE:=true}

78

ENABLE_IPV6=${ENABLE_IPV6:=true}

78

ENABLE_IPV6=${ENABLE_IPV6:=true}

79

ENABLE_SSHD=${ENABLE_SSHD:=true}

79

ENABLE_SSHD=${ENABLE_SSHD:=true}

80

ENABLE_SOUND=${ENABLE_SOUND:=true}

80

ENABLE_SOUND=${ENABLE_SOUND:=true}

81

ENABLE_DBUS=${ENABLE_DBUS:=true}

81

ENABLE_DBUS=${ENABLE_DBUS:=true}

82

ENABLE_HWRANDOM=${ENABLE_HWRANDOM:=true}

82

ENABLE_HWRANDOM=${ENABLE_HWRANDOM:=true}

83

ENABLE_MINGPU=${ENABLE_MINGPU:=false}

83

ENABLE_MINGPU=${ENABLE_MINGPU:=false}

84

ENABLE_XORG=${ENABLE_XORG:=false}

84

ENABLE_XORG=${ENABLE_XORG:=false}

85

ENABLE_WM=${ENABLE_WM:=""}

85

ENABLE_WM=${ENABLE_WM:=""}

86

ENABLE_RSYSLOG=${ENABLE_RSYSLOG:=true}

86

ENABLE_RSYSLOG=${ENABLE_RSYSLOG:=true}

87

ENABLE_USER=${ENABLE_USER:=true}

87

ENABLE_USER=${ENABLE_USER:=true}

88

ENABLE_ROOT=${ENABLE_ROOT:=false}

88

ENABLE_ROOT=${ENABLE_ROOT:=false}

89

ENABLE_ROOT_SSH=${ENABLE_ROOT_SSH:=false}

89

ENABLE_ROOT_SSH=${ENABLE_ROOT_SSH:=false}

90

91

# Advanced settings

91

# Advanced settings

92

ENABLE_MINBASE=${ENABLE_MINBASE:=false}

92

ENABLE_MINBASE=${ENABLE_MINBASE:=false}

93

ENABLE_UBOOT=${ENABLE_UBOOT:=false}

93

ENABLE_UBOOT=${ENABLE_UBOOT:=false}

94

ENABLE_FBTURBO=${ENABLE_FBTURBO:=false}

94

ENABLE_FBTURBO=${ENABLE_FBTURBO:=false}

95

ENABLE_HARDNET=${ENABLE_HARDNET:=false}

95

ENABLE_HARDNET=${ENABLE_HARDNET:=false}

96

ENABLE_IPTABLES=${ENABLE_IPTABLES:=false}

96

ENABLE_IPTABLES=${ENABLE_IPTABLES:=false}

97

98

# Kernel compilation settings

99

BUILD_KERNEL=${BUILD_KERNEL:=false}

100

98

# Image chroot path

101

# Image chroot path

99

R=${BUILDDIR}/chroot

102

R=${BUILDDIR}/chroot

100

CHROOT_SCRIPTS=${CHROOT_SCRIPTS:=""}

103

CHROOT_SCRIPTS=${CHROOT_SCRIPTS:=""}

101

104

102

# Packages required for bootstrapping

105

# Packages required for bootstrapping

103

REQUIRED_PACKAGES="debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git-core"

106

REQUIRED_PACKAGES="debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git-core"

104

107

105

# Missing packages that need to be installed

108

# Missing packages that need to be installed

106

MISSING_PACKAGES=""

109

MISSING_PACKAGES=""

107

110

108

# Packages required in the chroot build environment

111

# Packages required in the chroot build environment

109

APT_INCLUDES=${APT_INCLUDES:=""}

112

APT_INCLUDES=${APT_INCLUDES:=""}

110

APT_INCLUDES="${APT_INCLUDES},apt-transport-https,ca-certificates,debian-archive-keyring,dialog,sudo"

113

APT_INCLUDES="${APT_INCLUDES},apt-transport-https,ca-certificates,debian-archive-keyring,dialog,sudo"

111

114

112

set +x

115

set +x

113

116

114

# Are we running as root?

117

# Are we running as root?

115

if [ "$(id -u)" -ne "0" ] ; then

118

if [ "$(id -u)" -ne "0" ] ; then

116

echo "this script must be executed with root privileges"

119

echo "this script must be executed with root privileges"

117

exit 1

120

exit 1

118

fi

121

fi

119

122

123

# Add packages required for kernel cross compilation

124

if [ "$BUILD_KERNEL" = true ] ; then

125

REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-armhf"

126

fi

127

120

# Check if all required packages are installed

128

# Check if all required packages are installed

121

for package in $REQUIRED_PACKAGES ; do

129

for package in $REQUIRED_PACKAGES ; do

122

if [ "`dpkg-query -W -f='${Status}' $package`" != "install ok installed" ] ; then

130

if [ "`dpkg-query -W -f='${Status}' $package`" != "install ok installed" ] ; then

123

MISSING_PACKAGES="$MISSING_PACKAGES $package"

131

MISSING_PACKAGES="$MISSING_PACKAGES $package"

124

fi

132

fi

125

done

133

done

126

134

127

# Ask if missing packages should get installed right now

135

# Ask if missing packages should get installed right now

128

if [ -n "$MISSING_PACKAGES" ] ; then

136

if [ -n "$MISSING_PACKAGES" ] ; then

129

echo "the following packages needed by this script are not installed:"

137

echo "the following packages needed by this script are not installed:"

130

echo "$MISSING_PACKAGES"

138

echo "$MISSING_PACKAGES"

131

139

132

echo -n "\ndo you want to install the missing packages right now? [y/n] "

140

echo -n "\ndo you want to install the missing packages right now? [y/n] "

133

read confirm

141

read confirm

134

if [ "$confirm" != "y" ] ; then

142

if [ "$confirm" != "y" ] ; then

135

exit 1

143

exit 1

136

fi

144

fi

137

fi

145

fi

138

146

139

# Make sure all required packages are installed

147

# Make sure all required packages are installed

140

apt-get -qq -y install ${REQUIRED_PACKAGES}

148

apt-get -qq -y install ${REQUIRED_PACKAGES}

141

149

142

# Don't clobber an old build

150

# Don't clobber an old build

143

if [ -e "$BUILDDIR" ]; then

151

if [ -e "$BUILDDIR" ]; then

144

echo "directory $BUILDDIR already exists, not proceeding"

152

echo "directory $BUILDDIR already exists, not proceeding"

145

exit 1

153

exit 1

146

fi

154

fi

147

155

148

set -x

156

set -x

149

157

150

# Call "cleanup" function on various signals and errors

158

# Call "cleanup" function on various signals and errors

151

trap cleanup 0 1 2 3 6

159

trap cleanup 0 1 2 3 6

152

160

153

# Set up chroot directory

161

# Set up chroot directory

154

mkdir -p $R

162

mkdir -p $R

155

163

156

# Add required packages for the minbase installation

164

# Add required packages for the minbase installation

157

if [ "$ENABLE_MINBASE" = true ] ; then

165

if [ "$ENABLE_MINBASE" = true ] ; then

158

APT_INCLUDES="${APT_INCLUDES},vim-tiny,netbase,net-tools"

166

APT_INCLUDES="${APT_INCLUDES},vim-tiny,netbase,net-tools"

159

else

167

else

160

APT_INCLUDES="${APT_INCLUDES},locales,keyboard-configuration,console-setup"

168

APT_INCLUDES="${APT_INCLUDES},locales,keyboard-configuration,console-setup"

161

fi

169

fi

162

170

163

# Add parted package, required to get partprobe utility

171

# Add parted package, required to get partprobe utility

164

if [ "$EXPANDROOT" = true ] ; then

172

if [ "$EXPANDROOT" = true ] ; then

165

APT_INCLUDES="${APT_INCLUDES},parted"

173

APT_INCLUDES="${APT_INCLUDES},parted"

166

fi

174

fi

167

175

168

# Add dbus package, recommended if using systemd

176

# Add dbus package, recommended if using systemd

169

if [ "$ENABLE_DBUS" = true ] ; then

177

if [ "$ENABLE_DBUS" = true ] ; then

170

APT_INCLUDES="${APT_INCLUDES},dbus"

178

APT_INCLUDES="${APT_INCLUDES},dbus"

171

fi

179

fi

172

180

173

# Add iptables IPv4/IPv6 package

181

# Add iptables IPv4/IPv6 package

174

if [ "$ENABLE_IPTABLES" = true ] ; then

182

if [ "$ENABLE_IPTABLES" = true ] ; then

175

APT_INCLUDES="${APT_INCLUDES},iptables"

183

APT_INCLUDES="${APT_INCLUDES},iptables"

176

fi

184

fi

177

185

178

# Add openssh server package

186

# Add openssh server package

179

if [ "$ENABLE_SSHD" = true ] ; then

187

if [ "$ENABLE_SSHD" = true ] ; then

180

APT_INCLUDES="${APT_INCLUDES},openssh-server"

188

APT_INCLUDES="${APT_INCLUDES},openssh-server"

181

fi

189

fi

182

190

183

# Add alsa-utils package

191

# Add alsa-utils package

184

if [ "$ENABLE_SOUND" = true ] ; then

192

if [ "$ENABLE_SOUND" = true ] ; then

185

APT_INCLUDES="${APT_INCLUDES},alsa-utils"

193

APT_INCLUDES="${APT_INCLUDES},alsa-utils"

186

fi

194

fi

187

195

188

# Add rng-tools package

196

# Add rng-tools package

189

if [ "$ENABLE_HWRANDOM" = true ] ; then

197

if [ "$ENABLE_HWRANDOM" = true ] ; then

190

APT_INCLUDES="${APT_INCLUDES},rng-tools"

198

APT_INCLUDES="${APT_INCLUDES},rng-tools"

191

fi

199

fi

192

200

193

if [ "$ENABLE_USER" = true ]; then

201

if [ "$ENABLE_USER" = true ]; then

194

APT_INCLUDES="${APT_INCLUDES},sudo"

202

APT_INCLUDES="${APT_INCLUDES},sudo"

195

fi

203

fi

196

204

197

# Add fbturbo video driver

205

# Add fbturbo video driver

198

if [ "$ENABLE_FBTURBO" = true ] ; then

206

if [ "$ENABLE_FBTURBO" = true ] ; then

199

# Enable xorg package dependencies

207

# Enable xorg package dependencies

200

ENABLE_XORG=true

208

ENABLE_XORG=true

201

fi

209

fi

202

210

203

# Add user defined window manager package

211

# Add user defined window manager package

204

if [ -n "$ENABLE_WM" ] ; then

212

if [ -n "$ENABLE_WM" ] ; then

205

APT_INCLUDES="${APT_INCLUDES},${ENABLE_WM}"

213

APT_INCLUDES="${APT_INCLUDES},${ENABLE_WM}"

206

214

207

# Enable xorg package dependencies

215

# Enable xorg package dependencies

208

ENABLE_XORG=true

216

ENABLE_XORG=true

209

fi

217

fi

210

218

211

# Add xorg package

219

# Add xorg package

212

if [ "$ENABLE_XORG" = true ] ; then

220

if [ "$ENABLE_XORG" = true ] ; then

213

APT_INCLUDES="${APT_INCLUDES},xorg"

221

APT_INCLUDES="${APT_INCLUDES},xorg"

214

fi

222

fi

215

223

216

# Base debootstrap (unpack only)

224

# Base debootstrap (unpack only)

217

if [ "$ENABLE_MINBASE" = true ] ; then

225

if [ "$ENABLE_MINBASE" = true ] ; then

218

http_proxy=${APT_PROXY} debootstrap --arch=armhf --variant=minbase --foreign --include=${APT_INCLUDES} $RELEASE $R http://${APT_SERVER}/debian

226

http_proxy=${APT_PROXY} debootstrap --arch=armhf --variant=minbase --foreign --include=${APT_INCLUDES} $RELEASE $R http://${APT_SERVER}/debian

219

else

227

else

220

http_proxy=${APT_PROXY} debootstrap --arch=armhf --foreign --include=${APT_INCLUDES} $RELEASE $R http://${APT_SERVER}/debian

228

http_proxy=${APT_PROXY} debootstrap --arch=armhf --foreign --include=${APT_INCLUDES} $RELEASE $R http://${APT_SERVER}/debian

221

fi

229

fi

222

230

223

# Copy qemu emulator binary to chroot

231

# Copy qemu emulator binary to chroot

224

cp /usr/bin/qemu-arm-static $R/usr/bin

232

cp /usr/bin/qemu-arm-static $R/usr/bin

225

233

226

# Copy debian-archive-keyring.pgp

234

# Copy debian-archive-keyring.pgp

227

chroot $R mkdir -p /usr/share/keyrings

235

chroot $R mkdir -p /usr/share/keyrings

228

cp /usr/share/keyrings/debian-archive-keyring.gpg $R/usr/share/keyrings/debian-archive-keyring.gpg

236

cp /usr/share/keyrings/debian-archive-keyring.gpg $R/usr/share/keyrings/debian-archive-keyring.gpg

229

237

230

# Complete the bootstrapping process

238

# Complete the bootstrapping process

231

chroot $R /debootstrap/debootstrap --second-stage

239

chroot $R /debootstrap/debootstrap --second-stage

232

240

233

# Mount required filesystems

241

# Mount required filesystems

234

mount -t proc none $R/proc

242

mount -t proc none $R/proc

235

mount -t sysfs none $R/sys

243

mount -t sysfs none $R/sys

236

mount --bind /dev/pts $R/dev/pts

244

mount --bind /dev/pts $R/dev/pts

237

245

238

# Use proxy inside chroot

246

# Use proxy inside chroot

239

if [ -z "$APT_PROXY" ] ; then

247

if [ -z "$APT_PROXY" ] ; then

240

echo "Acquire::http::Proxy \"$APT_PROXY\";" >> $R/etc/apt/apt.conf.d/10proxy

248

echo "Acquire::http::Proxy \"$APT_PROXY\";" >> $R/etc/apt/apt.conf.d/10proxy

241

fi

249

fi

242

250

243

# Pin package flash-kernel to repositories.collabora.co.uk

251

# Pin package flash-kernel to repositories.collabora.co.uk

244

cat <<EOM >$R/etc/apt/preferences.d/flash-kernel

252

cat <<EOM >$R/etc/apt/preferences.d/flash-kernel

245

Package: flash-kernel

253

Package: flash-kernel

246

Pin: origin repositories.collabora.co.uk

254

Pin: origin repositories.collabora.co.uk

247

Pin-Priority: 1000

255

Pin-Priority: 1000

248

EOM

256

EOM

249

257

250

# Set up timezone

258

# Set up timezone

251

echo ${TIMEZONE} >$R/etc/timezone

259

echo ${TIMEZONE} >$R/etc/timezone

252

chroot_exec dpkg-reconfigure -f noninteractive tzdata

260

chroot_exec dpkg-reconfigure -f noninteractive tzdata

253

261

254

# Upgrade collabora package index and install collabora keyring

262

# Upgrade collabora package index and install collabora keyring

255

echo "deb https://repositories.collabora.co.uk/debian ${RELEASE} rpi2" >$R/etc/apt/sources.list

263

echo "deb https://repositories.collabora.co.uk/debian ${RELEASE} rpi2" >$R/etc/apt/sources.list

256

chroot_exec apt-get -qq -y update

264

chroot_exec apt-get -qq -y update

257

chroot_exec apt-get -qq -y --force-yes install collabora-obs-archive-keyring

265

chroot_exec apt-get -qq -y --force-yes install collabora-obs-archive-keyring

258

266

259

# Set up initial sources.list

267

# Set up initial sources.list

260

cat <<EOM >$R/etc/apt/sources.list

268

cat <<EOM >$R/etc/apt/sources.list

261

deb http://${APT_SERVER}/debian ${RELEASE} main contrib

269

deb http://${APT_SERVER}/debian ${RELEASE} main contrib

262

#deb-src http://${APT_SERVER}/debian ${RELEASE} main contrib

270

#deb-src http://${APT_SERVER}/debian ${RELEASE} main contrib

263

271

264

deb http://${APT_SERVER}/debian/ ${RELEASE}-updates main contrib

272

deb http://${APT_SERVER}/debian/ ${RELEASE}-updates main contrib

265

#deb-src http://${APT_SERVER}/debian/ ${RELEASE}-updates main contrib

273

#deb-src http://${APT_SERVER}/debian/ ${RELEASE}-updates main contrib

266

274

267

deb http://security.debian.org/ ${RELEASE}/updates main contrib

275

deb http://security.debian.org/ ${RELEASE}/updates main contrib

268

#deb-src http://security.debian.org/ ${RELEASE}/updates main contrib

276

#deb-src http://security.debian.org/ ${RELEASE}/updates main contrib

269

277

270

deb https://repositories.collabora.co.uk/debian ${RELEASE} rpi2

278

deb https://repositories.collabora.co.uk/debian ${RELEASE} rpi2

271

EOM

279

EOM

272

280

273

# Upgrade package index and update all installed packages and changed dependencies

281

# Upgrade package index and update all installed packages and changed dependencies

274

chroot_exec apt-get -qq -y update

282

chroot_exec apt-get -qq -y update

275

chroot_exec apt-get -qq -y -u dist-upgrade

283

chroot_exec apt-get -qq -y -u dist-upgrade

276

284

277

# Set up default locale and keyboard configuration

285

# Set up default locale and keyboard configuration

278

if [ "$ENABLE_MINBASE" = false ] ; then

286

if [ "$ENABLE_MINBASE" = false ] ; then

279

# Set locale choice in debconf db, even though dpkg-reconfigure ignores and overwrites them due to some bug

287

# Set locale choice in debconf db, even though dpkg-reconfigure ignores and overwrites them due to some bug

280

# https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=684134 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=685957

288

# https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=684134 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=685957

281

# ... so we have to set locales manually

289

# ... so we have to set locales manually

282

if [ "$DEFLOCAL" = "en_US.UTF-8" ] ; then

290

if [ "$DEFLOCAL" = "en_US.UTF-8" ] ; then

283

chroot_exec echo "locales locales/locales_to_be_generated multiselect ${DEFLOCAL} UTF-8" | debconf-set-selections

291

chroot_exec echo "locales locales/locales_to_be_generated multiselect ${DEFLOCAL} UTF-8" | debconf-set-selections

284

else

292

else

285

# en_US.UTF-8 should be available anyway : https://www.debian.org/doc/manuals/debian-reference/ch08.en.html#_the_reconfiguration_of_the_locale

293

# en_US.UTF-8 should be available anyway : https://www.debian.org/doc/manuals/debian-reference/ch08.en.html#_the_reconfiguration_of_the_locale

286

chroot_exec echo "locales locales/locales_to_be_generated multiselect en_US.UTF-8 UTF-8, ${DEFLOCAL} UTF-8" | debconf-set-selections

294

chroot_exec echo "locales locales/locales_to_be_generated multiselect en_US.UTF-8 UTF-8, ${DEFLOCAL} UTF-8" | debconf-set-selections

287

chroot_exec sed -i "/en_US.UTF-8/s/^#//" /etc/locale.gen

295

chroot_exec sed -i "/en_US.UTF-8/s/^#//" /etc/locale.gen

288

fi

296

fi

289

chroot_exec sed -i "/${DEFLOCAL}/s/^#//" /etc/locale.gen

297

chroot_exec sed -i "/${DEFLOCAL}/s/^#//" /etc/locale.gen

290

chroot_exec echo "locales locales/default_environment_locale select ${DEFLOCAL}" | debconf-set-selections

298

chroot_exec echo "locales locales/default_environment_locale select ${DEFLOCAL}" | debconf-set-selections

291

chroot_exec locale-gen

299

chroot_exec locale-gen

292

chroot_exec update-locale LANG=${DEFLOCAL}

300

chroot_exec update-locale LANG=${DEFLOCAL}

293

301

294

# Keyboard configuration, if requested

302

# Keyboard configuration, if requested

295

if [ "$XKBMODEL" != "" ] ; then

303

if [ "$XKBMODEL" != "" ] ; then

296

chroot_exec sed -i "s/^XKBMODEL.*/XKBMODEL=\"${XKBMODEL}\"/" /etc/default/keyboard

304

chroot_exec sed -i "s/^XKBMODEL.*/XKBMODEL=\"${XKBMODEL}\"/" /etc/default/keyboard

297

fi

305

fi

298

if [ "$XKBLAYOUT" != "" ] ; then

306

if [ "$XKBLAYOUT" != "" ] ; then

299

chroot_exec sed -i "s/^XKBLAYOUT.*/XKBLAYOUT=\"${XKBLAYOUT}\"/" /etc/default/keyboard

307

chroot_exec sed -i "s/^XKBLAYOUT.*/XKBLAYOUT=\"${XKBLAYOUT}\"/" /etc/default/keyboard

300

fi

308

fi

301

if [ "$XKBVARIANT" != "" ] ; then

309

if [ "$XKBVARIANT" != "" ] ; then

302

chroot_exec sed -i "s/^XKBVARIANT.*/XKBVARIANT=\"${XKBVARIANT}\"/" /etc/default/keyboard

310

chroot_exec sed -i "s/^XKBVARIANT.*/XKBVARIANT=\"${XKBVARIANT}\"/" /etc/default/keyboard

303

fi

311

fi

304

if [ "$XKBOPTIONS" != "" ] ; then

312

if [ "$XKBOPTIONS" != "" ] ; then

305

chroot_exec sed -i "s/^XKBOPTIONS.*/XKBOPTIONS=\"${XKBOPTIONS}\"/" /etc/default/keyboard

313

chroot_exec sed -i "s/^XKBOPTIONS.*/XKBOPTIONS=\"${XKBOPTIONS}\"/" /etc/default/keyboard

306

fi

314

fi

307

chroot_exec dpkg-reconfigure -f noninteractive keyboard-configuration

315

chroot_exec dpkg-reconfigure -f noninteractive keyboard-configuration

308

# Set up font console

316

# Set up font console

309

case "${DEFLOCAL}" in

317

case "${DEFLOCAL}" in

310

*UTF-8)

318

*UTF-8)

311

chroot_exec sed -i 's/^CHARMAP.*/CHARMAP="UTF-8"/' /etc/default/console-setup

319

chroot_exec sed -i 's/^CHARMAP.*/CHARMAP="UTF-8"/' /etc/default/console-setup

312

;;

320

;;

313

*)

321

*)

314

chroot_exec sed -i 's/^CHARMAP.*/CHARMAP="guess"/' /etc/default/console-setup

322

chroot_exec sed -i 's/^CHARMAP.*/CHARMAP="guess"/' /etc/default/console-setup

315

;;

323

;;

316

esac

324

esac

317

chroot_exec dpkg-reconfigure -f noninteractive console-setup

325

chroot_exec dpkg-reconfigure -f noninteractive console-setup

318

fi

326

fi

319

327

320

# Kernel installation

328

# Fetch and build latest raspberry kernel

321

# Install flash-kernel last so it doesn't try (and fail) to detect the platform in the chroot

329

if [ "$BUILD_KERNEL" = true ] ; then

322

chroot_exec apt-get -qq -y --no-install-recommends install linux-image-${KERNEL} raspberrypi-bootloader-nokernel

330

# Fetch current raspberrypi kernel sources

323

chroot_exec apt-get -qq -y install flash-kernel

331

git -C $R/tmp clone --depth=1 https://github.com/raspberrypi/linux

332

333

# Load default raspberry kernel configuration

334

make -C $R/tmp/linux ARCH=arm CROSS_COMPILE=arm-linux-gnueabihf- bcm2709_defconfig

335

336

# Cross compile kernel and modules

337

make -C $R/tmp/linux -j 8 ARCH=arm CROSS_COMPILE=arm-linux-gnueabihf- zImage modules dtbs

338

339

# Install kernel modules

340

make -C $R/tmp/linux ARCH=arm CROSS_COMPILE=arm-linux-gnueabihf- INSTALL_MOD_PATH=../.. modules_install

324

341

325

VMLINUZ="$(ls -1 $R/boot/vmlinuz-* | sort | tail -n 1)"

342

# Copy and rename compiled kernel to boot directory

326

[ -z "$VMLINUZ" ] && exit 1

343

mkdir $R/boot/firmware/

327

cp $VMLINUZ $R/boot/firmware/kernel7.img

344

$R/tmp/linux/scripts/mkknlimg $R/tmp/linux/arch/arm/boot/zImage $R/boot/firmware/kernel7.img

345

346

# Copy dts and dtb device definitions

347

mkdir $R/boot/firmware/overlays/

348

cp $R/tmp/linux/arch/arm/boot/dts/*.dtb $R/boot/firmware/

349

cp $R/tmp/linux/arch/arm/boot/dts/overlays/*.dtb* $R/boot/firmware/overlays/

350

cp $R/tmp/linux/arch/arm/boot/dts/overlays/README $R/boot/firmware/overlays/

351

352

# Install raspberry bootloader and flash-kernel

353

chroot_exec apt-get -qq -y --no-install-recommends install raspberrypi-bootloader-nokernel

354

else

355

# Kernel installation

356

chroot_exec apt-get -qq -y --no-install-recommends install linux-image-${KERNEL} raspberrypi-bootloader-nokernel

357

358

# Install flash-kernel last so it doesn't try (and fail) to detect the platform in the chroot

359

chroot_exec apt-get -qq -y install flash-kernel

360

361

VMLINUZ="$(ls -1 $R/boot/vmlinuz-* | sort | tail -n 1)"

362

[ -z "$VMLINUZ" ] && exit 1

363

cp $VMLINUZ $R/boot/firmware/kernel7.img

364

fi

328

365

329

# Set up IPv4 hosts

366

# Set up IPv4 hosts

330

echo ${HOSTNAME} >$R/etc/hostname

367

echo ${HOSTNAME} >$R/etc/hostname

331

cat <<EOM >$R/etc/hosts

368

cat <<EOM >$R/etc/hosts

332

127.0.0.1 localhost

369

127.0.0.1 localhost

333

127.0.1.1 ${HOSTNAME}

370

127.0.1.1 ${HOSTNAME}

334

EOM

371

EOM

335

if [ "$NET_ADDRESS" != "" ] ; then

372

if [ "$NET_ADDRESS" != "" ] ; then

336

NET_IP=$(echo ${NET_ADDRESS} | cut -f 1 -d'/')

373

NET_IP=$(echo ${NET_ADDRESS} | cut -f 1 -d'/')

337

sed -i "s/^127.0.1.1/${NET_IP}/" $R/etc/hosts

374

sed -i "s/^127.0.1.1/${NET_IP}/" $R/etc/hosts

338

fi

375

fi

339

376

340

# Set up IPv6 hosts

377

# Set up IPv6 hosts

341

if [ "$ENABLE_IPV6" = true ] ; then

378

if [ "$ENABLE_IPV6" = true ] ; then

342

cat <<EOM >>$R/etc/hosts

379

cat <<EOM >>$R/etc/hosts

343

380

344

::1 localhost ip6-localhost ip6-loopback

381

::1 localhost ip6-localhost ip6-loopback

345

ff02::1 ip6-allnodes

382

ff02::1 ip6-allnodes

346

ff02::2 ip6-allrouters

383

ff02::2 ip6-allrouters

347

EOM

384

EOM

348

fi

385

fi

349

386

350

# Place hint about network configuration

387

# Place hint about network configuration

351

cat <<EOM >$R/etc/network/interfaces

388

cat <<EOM >$R/etc/network/interfaces

352

# Debian switched to systemd-networkd configuration files.

389

# Debian switched to systemd-networkd configuration files.

353

# please configure your networks in '/etc/systemd/network/'

390

# please configure your networks in '/etc/systemd/network/'

354

EOM

391

EOM

355

392

356

if [ "$ENABLE_DHCP" = true ] ; then

393

if [ "$ENABLE_DHCP" = true ] ; then

357

# Enable systemd-networkd DHCP configuration for interface eth0

394

# Enable systemd-networkd DHCP configuration for interface eth0

358

cat <<EOM >$R/etc/systemd/network/eth.network

395

cat <<EOM >$R/etc/systemd/network/eth.network

359

[Match]

396

[Match]

360

Name=eth0

397

Name=eth0

361

398

362

[Network]

399

[Network]

363

DHCP=yes

400

DHCP=yes

364

EOM

401

EOM

365

402

366

# Set DHCP configuration to IPv4 only

403

# Set DHCP configuration to IPv4 only

367

if [ "$ENABLE_IPV6" = false ] ; then

404

if [ "$ENABLE_IPV6" = false ] ; then

368

sed -i "s/^DHCP=yes/DHCP=v4/" $R/etc/systemd/network/eth.network

405

sed -i "s/^DHCP=yes/DHCP=v4/" $R/etc/systemd/network/eth.network

369

fi

406

fi

370

else # ENABLE_DHCP=false

407

else # ENABLE_DHCP=false

371

cat <<EOM >$R/etc/systemd/network/eth.network

408

cat <<EOM >$R/etc/systemd/network/eth.network

372

[Match]

409

[Match]

373

Name=eth0

410

Name=eth0

374

411

375

[Network]

412

[Network]

376

DHCP=no

413

DHCP=no

377

Address=${NET_ADDRESS}

414

Address=${NET_ADDRESS}

378

Gateway=${NET_GATEWAY}

415

Gateway=${NET_GATEWAY}

379

DNS=${NET_DNS_1}

416

DNS=${NET_DNS_1}

380

DNS=${NET_DNS_2}

417

DNS=${NET_DNS_2}

381

Domains=${NET_DNS_DOMAINS}

418

Domains=${NET_DNS_DOMAINS}

382

NTP=${NET_NTP_1}

419

NTP=${NET_NTP_1}

383

NTP=${NET_NTP_2}

420

NTP=${NET_NTP_2}

384

EOM

421

EOM

385

fi

422

fi

386

423

387

# Enable systemd-networkd service

424

# Enable systemd-networkd service

388

chroot_exec systemctl enable systemd-networkd

425

chroot_exec systemctl enable systemd-networkd

389

426

390

# Generate crypt(3) password string

427

# Generate crypt(3) password string

391

ENCRYPTED_PASSWORD=`mkpasswd -m sha-512 ${PASSWORD}`

428

ENCRYPTED_PASSWORD=`mkpasswd -m sha-512 ${PASSWORD}`

392

429

393

# Set up default user

430

# Set up default user

394

if [ "$ENABLE_USER" = true ] ; then

431

if [ "$ENABLE_USER" = true ] ; then

395

chroot_exec adduser --gecos pi --add_extra_groups --disabled-password pi

432

chroot_exec adduser --gecos pi --add_extra_groups --disabled-password pi

396

chroot_exec usermod -a -G sudo -p "${ENCRYPTED_PASSWORD}" pi

433

chroot_exec usermod -a -G sudo -p "${ENCRYPTED_PASSWORD}" pi

397

fi

434

fi

398

435

399

# Set up root password or not

436

# Set up root password or not

400

if [ "$ENABLE_ROOT" = true ]; then

437

if [ "$ENABLE_ROOT" = true ]; then

401

chroot_exec usermod -p "${ENCRYPTED_PASSWORD}" root

438

chroot_exec usermod -p "${ENCRYPTED_PASSWORD}" root

402

439

403

if [ "$ENABLE_ROOT_SSH" = true ]; then

440

if [ "$ENABLE_ROOT_SSH" = true ]; then

404

sed -i 's|[#]*PermitRootLogin.*|PermitRootLogin yes|g' $R/etc/ssh/sshd_config

441

sed -i 's|[#]*PermitRootLogin.*|PermitRootLogin yes|g' $R/etc/ssh/sshd_config

405

fi

442

fi

406

else

443

else

407

chroot_exec usermod -p \'!\' root

444

chroot_exec usermod -p \'!\' root

408

fi

445

fi

409

446

410

# Set up firmware boot cmdline

447

# Set up firmware boot cmdline

411

CMDLINE="dwc_otg.lpm_enable=0 root=/dev/mmcblk0p2 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline rootwait net.ifnames=1 console=tty1"

448

CMDLINE="dwc_otg.lpm_enable=0 root=/dev/mmcblk0p2 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline rootwait net.ifnames=1 console=tty1"

412

449

413

# Set up serial console support (if requested)

450

# Set up serial console support (if requested)

414

if [ "$ENABLE_CONSOLE" = true ] ; then

451

if [ "$ENABLE_CONSOLE" = true ] ; then

415

CMDLINE="${CMDLINE} console=ttyAMA0,115200 kgdboc=ttyAMA0,115200"

452

CMDLINE="${CMDLINE} console=ttyAMA0,115200 kgdboc=ttyAMA0,115200"

416

fi

453

fi

417

454

418

# Set up IPv6 networking support

455

# Set up IPv6 networking support

419

if [ "$ENABLE_IPV6" = false ] ; then

456

if [ "$ENABLE_IPV6" = false ] ; then

420

CMDLINE="${CMDLINE} ipv6.disable=1"

457

CMDLINE="${CMDLINE} ipv6.disable=1"

421

fi

458

fi

422

459

423

echo "${CMDLINE}" >$R/boot/firmware/cmdline.txt

460

echo "${CMDLINE}" >$R/boot/firmware/cmdline.txt

424

461

425

# Set up firmware config

462

# Set up firmware config

426

install -o root -g root -m 644 files/config.txt $R/boot/firmware/config.txt

463

install -o root -g root -m 644 files/config.txt $R/boot/firmware/config.txt

427

464

428

# Load snd_bcm2835 kernel module at boot time

465

# Load snd_bcm2835 kernel module at boot time

429

if [ "$ENABLE_SOUND" = true ] ; then

466

if [ "$ENABLE_SOUND" = true ] ; then

430

echo "snd_bcm2835" >>$R/etc/modules

467

echo "snd_bcm2835" >>$R/etc/modules

431

fi

468

fi

432

469

433

# Set smallest possible GPU memory allocation size: 16MB (no X)

470

# Set smallest possible GPU memory allocation size: 16MB (no X)

434

if [ "$ENABLE_MINGPU" = true ] ; then

471

if [ "$ENABLE_MINGPU" = true ] ; then

435

echo "gpu_mem=16" >>$R/boot/firmware/config.txt

472

echo "gpu_mem=16" >>$R/boot/firmware/config.txt

436

fi

473

fi

437

474

438

# Create symlinks

475

# Create symlinks

439

ln -sf firmware/config.txt $R/boot/config.txt

476

ln -sf firmware/config.txt $R/boot/config.txt

440

ln -sf firmware/cmdline.txt $R/boot/cmdline.txt

477

ln -sf firmware/cmdline.txt $R/boot/cmdline.txt

441

478

442

# Prepare modules-load.d directory

479

# Prepare modules-load.d directory

443

mkdir -p $R/lib/modules-load.d/

480

mkdir -p $R/lib/modules-load.d/

444

481

445

# Load random module on boot

482

# Load random module on boot

446

if [ "$ENABLE_HWRANDOM" = true ] ; then

483

if [ "$ENABLE_HWRANDOM" = true ] ; then

447

cat <<EOM >$R/lib/modules-load.d/rpi2.conf

484

cat <<EOM >$R/lib/modules-load.d/rpi2.conf

448

bcm2708_rng

485

bcm2708_rng

449

EOM

486

EOM

450

fi

487

fi

451

488

452

# Prepare modprobe.d directory

489

# Prepare modprobe.d directory

453

mkdir -p $R/etc/modprobe.d/

490

mkdir -p $R/etc/modprobe.d/

454

491

455

# Blacklist sound modules

492

# Blacklist sound modules

456

install -o root -g root -m 644 files/modprobe.d/raspi-blacklist.conf $R/etc/modprobe.d/raspi-blacklist.conf

493

install -o root -g root -m 644 files/modprobe.d/raspi-blacklist.conf $R/etc/modprobe.d/raspi-blacklist.conf

457

494

458

# Create default fstab

495

# Create default fstab

459

install -o root -g root -m 644 files/fstab $R/etc/fstab

496

install -o root -g root -m 644 files/fstab $R/etc/fstab

460

497

461

# Avoid swapping and increase cache sizes

498

# Avoid swapping and increase cache sizes

462

install -o root -g root -m 644 files/sysctl.d/81-rpi-vm.conf $R/etc/sysctl.d/81-rpi-vm.conf

499

install -o root -g root -m 644 files/sysctl.d/81-rpi-vm.conf $R/etc/sysctl.d/81-rpi-vm.conf

463

500

464

# Enable network stack hardening

501

# Enable network stack hardening

465

if [ "$ENABLE_HARDNET" = true ] ; then

502

if [ "$ENABLE_HARDNET" = true ] ; then

466

install -o root -g root -m 644 files/sysctl.d/81-rpi-net-hardening.conf $R/etc/sysctl.d/81-rpi-net-hardening.conf

503

install -o root -g root -m 644 files/sysctl.d/81-rpi-net-hardening.conf $R/etc/sysctl.d/81-rpi-net-hardening.conf

467

504

468

# Enable resolver warnings about spoofed addresses

505

# Enable resolver warnings about spoofed addresses

469

cat <<EOM >>$R/etc/host.conf

506

cat <<EOM >>$R/etc/host.conf

470

spoof warn

507

spoof warn

471

EOM

508

EOM

472

fi

509

fi

473

510

474

# First boot actions

511

# First boot actions

475

cat files/firstboot/10-begin.sh > $R/etc/rc.firstboot

512

cat files/firstboot/10-begin.sh > $R/etc/rc.firstboot

476

513

477

# Ensure openssh server host keys are regenerated on first boot

514

# Ensure openssh server host keys are regenerated on first boot

478

if [ "$ENABLE_SSHD" = true ] ; then

515

if [ "$ENABLE_SSHD" = true ] ; then

479

cat files/firstboot/21-generate-ssh-keys.sh >> $R/etc/rc.firstboot

516

cat files/firstboot/21-generate-ssh-keys.sh >> $R/etc/rc.firstboot

480

rm -f $R/etc/ssh/ssh_host_*

517

rm -f $R/etc/ssh/ssh_host_*

481

fi

518

fi

482

519

483

if [ "$EXPANDROOT" = true ] ; then

520

if [ "$EXPANDROOT" = true ] ; then

484

cat files/firstboot/22-expandroot.sh >> $R/etc/rc.firstboot

521

cat files/firstboot/22-expandroot.sh >> $R/etc/rc.firstboot

485

fi

522

fi

486

523

487

cat files/firstboot/99-finish.sh >> $R/etc/rc.firstboot

524

cat files/firstboot/99-finish.sh >> $R/etc/rc.firstboot

488

chmod +x $R/etc/rc.firstboot

525

chmod +x $R/etc/rc.firstboot

489

526

490

sed -i '/exit 0/d' $R/etc/rc.local

527

sed -i '/exit 0/d' $R/etc/rc.local

491

echo /etc/rc.firstboot >> $R/etc/rc.local

528

echo /etc/rc.firstboot >> $R/etc/rc.local

492

echo exit 0 >> $R/etc/rc.local

529

echo exit 0 >> $R/etc/rc.local

493

530

494

# Disable rsyslog

531

# Disable rsyslog

495

if [ "$ENABLE_RSYSLOG" = false ]; then

532

if [ "$ENABLE_RSYSLOG" = false ]; then

496

sed -i 's|[#]*ForwardToSyslog=yes|ForwardToSyslog=no|g' $R/etc/systemd/journald.conf

533

sed -i 's|[#]*ForwardToSyslog=yes|ForwardToSyslog=no|g' $R/etc/systemd/journald.conf

497

chroot_exec systemctl disable rsyslog

534

chroot_exec systemctl disable rsyslog

498

chroot_exec apt-get purge -q -y --force-yes rsyslog

535

chroot_exec apt-get purge -q -y --force-yes rsyslog

499

fi

536

fi

500

537

501

# Enable serial console systemd style

538

# Enable serial console systemd style

502

if [ "$ENABLE_CONSOLE" = true ] ; then

539

if [ "$ENABLE_CONSOLE" = true ] ; then

503

chroot_exec systemctl enable serial-getty\@ttyAMA0.service

540

chroot_exec systemctl enable serial-getty\@ttyAMA0.service

504

fi

541

fi

505

542

506

# Enable firewall based on iptables started by systemd service

543

# Enable firewall based on iptables started by systemd service

507

if [ "$ENABLE_IPTABLES" = true ] ; then

544

if [ "$ENABLE_IPTABLES" = true ] ; then

508

# Create iptables configuration directory

545

# Create iptables configuration directory

509

mkdir -p "$R/etc/iptables"

546

mkdir -p "$R/etc/iptables"

510

547

511

# Create iptables systemd service

548

# Create iptables systemd service

512

install -o root -g root -m 644 files/iptables/iptables.service $R/etc/systemd/system/iptables.service

549

install -o root -g root -m 644 files/iptables/iptables.service $R/etc/systemd/system/iptables.service

513

550

514

# Create flush-table script called by iptables service

551

# Create flush-table script called by iptables service

515

install -o root -g root -m 755 files/iptables/flush-iptables.sh $R/etc/iptables/flush-iptables.sh

552

install -o root -g root -m 755 files/iptables/flush-iptables.sh $R/etc/iptables/flush-iptables.sh

516

553

517

# Create iptables rule file

554

# Create iptables rule file

518

install -o root -g root -m 644 files/iptables/iptables.rules $R/etc/iptables/iptables.rules

555

install -o root -g root -m 644 files/iptables/iptables.rules $R/etc/iptables/iptables.rules

519

556

520

# Reload systemd configuration and enable iptables service

557

# Reload systemd configuration and enable iptables service

521

chroot_exec systemctl daemon-reload

558

chroot_exec systemctl daemon-reload

522

chroot_exec systemctl enable iptables.service

559

chroot_exec systemctl enable iptables.service

523

560

524

if [ "$ENABLE_IPV6" = true ] ; then

561

if [ "$ENABLE_IPV6" = true ] ; then

525

# Create ip6tables systemd service

562

# Create ip6tables systemd service

526

install -o root -g root -m 644 files/iptables/ip6tables.service $R/etc/systemd/system/ip6tables.service

563

install -o root -g root -m 644 files/iptables/ip6tables.service $R/etc/systemd/system/ip6tables.service

527

564

528

# Create ip6tables file

565

# Create ip6tables file

529

install -o root -g root -m 755 files/iptables/flush-ip6tables.sh $R/etc/iptables/flush-ip6tables.sh

566

install -o root -g root -m 755 files/iptables/flush-ip6tables.sh $R/etc/iptables/flush-ip6tables.sh

530

567

531

install -o root -g root -m 644 files/iptables/ip6tables.rules $R/etc/iptables/ip6tables.rules

568

install -o root -g root -m 644 files/iptables/ip6tables.rules $R/etc/iptables/ip6tables.rules

532

569

533

# Reload systemd configuration and enable iptables service

570

# Reload systemd configuration and enable iptables service

534

chroot_exec systemctl daemon-reload

571

chroot_exec systemctl daemon-reload

535

chroot_exec systemctl enable ip6tables.service

572

chroot_exec systemctl enable ip6tables.service

536

fi

573

fi

537

fi

574

fi

538

575

539

# Remove SSHD related iptables rules

576

# Remove SSHD related iptables rules

540

if [ "$ENABLE_SSHD" = false ] ; then

577

if [ "$ENABLE_SSHD" = false ] ; then

541

sed -e '/^#/! {/SSH/ s/^/# /}' -i $R/etc/iptables/iptables.rules 2> /dev/null

578

sed -e '/^#/! {/SSH/ s/^/# /}' -i $R/etc/iptables/iptables.rules 2> /dev/null

542

sed -e '/^#/! {/SSH/ s/^/# /}' -i $R/etc/iptables/ip6tables.rules 2> /dev/null

579

sed -e '/^#/! {/SSH/ s/^/# /}' -i $R/etc/iptables/ip6tables.rules 2> /dev/null

543

fi

580

fi

544

581

545

# Install gcc/c++ build environment inside the chroot

582

# Install gcc/c++ build environment inside the chroot

546

if [ "$ENABLE_UBOOT" = true ] || [ "$ENABLE_FBTURBO" = true ]; then

583

if [ "$ENABLE_UBOOT" = true ] || [ "$ENABLE_FBTURBO" = true ]; then

547

chroot_exec apt-get install -q -y --force-yes --no-install-recommends linux-compiler-gcc-4.9-arm g++ make bc

584

chroot_exec apt-get install -q -y --force-yes --no-install-recommends linux-compiler-gcc-4.9-arm g++ make bc

548

fi

585

fi

549

586

550

# Fetch and build U-Boot bootloader

587

# Fetch and build U-Boot bootloader

551

if [ "$ENABLE_UBOOT" = true ] ; then

588

if [ "$ENABLE_UBOOT" = true ] ; then

552

# Fetch U-Boot bootloader sources

589

# Fetch U-Boot bootloader sources

553

git -C $R/tmp clone git://git.denx.de/u-boot.git

590

git -C $R/tmp clone git://git.denx.de/u-boot.git

554

591

555

# Build and install U-Boot inside chroot

592

# Build and install U-Boot inside chroot

556

chroot_exec make -C /tmp/u-boot/ rpi_2_defconfig all

593

chroot_exec make -C /tmp/u-boot/ rpi_2_defconfig all

557

594

558

# Copy compiled bootloader binary and set config.txt to load it

595

# Copy compiled bootloader binary and set config.txt to load it

559

cp $R/tmp/u-boot/u-boot.bin $R/boot/firmware/

596

cp $R/tmp/u-boot/u-boot.bin $R/boot/firmware/

560

printf "\n# boot u-boot kernel\nkernel=u-boot.bin\n" >> $R/boot/firmware/config.txt

597

printf "\n# boot u-boot kernel\nkernel=u-boot.bin\n" >> $R/boot/firmware/config.txt

561

598

562

# Set U-Boot command file

599

# Set U-Boot command file

563

cat <<EOM >$R/boot/firmware/uboot.mkimage

600

cat <<EOM >$R/boot/firmware/uboot.mkimage

564

# Tell Linux that it is booting on a Raspberry Pi2

601

# Tell Linux that it is booting on a Raspberry Pi2

565

setenv machid 0x00000c42

602

setenv machid 0x00000c42

566

603

567

# Set the kernel boot command line

604

# Set the kernel boot command line

568

setenv bootargs "earlyprintk ${CMDLINE}"

605

setenv bootargs "earlyprintk ${CMDLINE}"

569

606

570

# Save these changes to u-boot's environment

607

# Save these changes to u-boot's environment

571

saveenv

608

saveenv

572

609

573

# Load the existing Linux kernel into RAM

610

# Load the existing Linux kernel into RAM

574

fatload mmc 0:1 \${kernel_addr_r} kernel7.img

611

fatload mmc 0:1 \${kernel_addr_r} kernel7.img

575

612

576

# Boot the kernel we have just loaded

613

# Boot the kernel we have just loaded

577

bootz \${kernel_addr_r}

614

bootz \${kernel_addr_r}

578

EOM

615

EOM

579

616

580

# Generate U-Boot image from command file

617

# Generate U-Boot image from command file

581

chroot_exec mkimage -A arm -O linux -T script -C none -a 0x00000000 -e 0x00000000 -n "RPi2 Boot Script" -d /boot/firmware/uboot.mkimage /boot/firmware/boot.scr

618

chroot_exec mkimage -A arm -O linux -T script -C none -a 0x00000000 -e 0x00000000 -n "RPi2 Boot Script" -d /boot/firmware/uboot.mkimage /boot/firmware/boot.scr

582

fi

619

fi

583

620

584

# Fetch and build fbturbo Xorg driver

621

# Fetch and build fbturbo Xorg driver

585

if [ "$ENABLE_FBTURBO" = true ] ; then

622

if [ "$ENABLE_FBTURBO" = true ] ; then

586

# Fetch fbturbo driver sources

623

# Fetch fbturbo driver sources

587

git -C $R/tmp clone https://github.com/ssvb/xf86-video-fbturbo.git

624

git -C $R/tmp clone https://github.com/ssvb/xf86-video-fbturbo.git

588

625

589

# Install Xorg build dependencies

626

# Install Xorg build dependencies

590

chroot_exec apt-get install -q -y --no-install-recommends xorg-dev xutils-dev x11proto-dri2-dev libltdl-dev libtool automake libdrm-dev

627

chroot_exec apt-get install -q -y --no-install-recommends xorg-dev xutils-dev x11proto-dri2-dev libltdl-dev libtool automake libdrm-dev

591

628

592

# Build and install fbturbo driver inside chroot

629

# Build and install fbturbo driver inside chroot

593

chroot_exec /bin/bash -c "cd /tmp/xf86-video-fbturbo; autoreconf -vi; ./configure --prefix=/usr; make; make install"

630

chroot_exec /bin/bash -c "cd /tmp/xf86-video-fbturbo; autoreconf -vi; ./configure --prefix=/usr; make; make install"

594

631

595

# Add fbturbo driver to Xorg configuration

632

# Add fbturbo driver to Xorg configuration

596

cat <<EOM >$R/usr/share/X11/xorg.conf.d/99-fbturbo.conf

633

cat <<EOM >$R/usr/share/X11/xorg.conf.d/99-fbturbo.conf

597

Section "Device"

634

Section "Device"

598

Identifier "Allwinner A10/A13 FBDEV"

635

Identifier "Allwinner A10/A13 FBDEV"

599

Driver "fbturbo"

636

Driver "fbturbo"

600

Option "fbdev" "/dev/fb0"

637

Option "fbdev" "/dev/fb0"

601

Option "SwapbuffersWait" "true"

638

Option "SwapbuffersWait" "true"

602

EndSection

639

EndSection

603

EOM

640

EOM

604

641

605

# Remove Xorg build dependencies

642

# Remove Xorg build dependencies

606

chroot_exec apt-get -q -y purge --auto-remove xorg-dev xutils-dev x11proto-dri2-dev libltdl-dev libtool automake libdrm-dev

643

chroot_exec apt-get -q -y purge --auto-remove xorg-dev xutils-dev x11proto-dri2-dev libltdl-dev libtool automake libdrm-dev

607

fi

644

fi

608

645

609

# Remove gcc/c++ build environment from the chroot

646

# Remove gcc/c++ build environment from the chroot

610

if [ "$ENABLE_UBOOT" = true ] || [ "$ENABLE_FBTURBO" = true ]; then

647

if [ "$ENABLE_UBOOT" = true ] || [ "$ENABLE_FBTURBO" = true ]; then

611

chroot_exec apt-get -y -q purge --auto-remove bc binutils cpp cpp-4.9 g++ g++-4.9 gcc gcc-4.9 libasan1 libatomic1 libc-dev-bin libc6-dev libcloog-isl4 libgcc-4.9-dev libgomp1 libisl10 libmpc3 libmpfr4 libstdc++-4.9-dev libubsan0 linux-compiler-gcc-4.9-arm linux-libc-dev make

648

chroot_exec apt-get -y -q purge --auto-remove bc binutils cpp cpp-4.9 g++ g++-4.9 gcc gcc-4.9 libasan1 libatomic1 libc-dev-bin libc6-dev libcloog-isl4 libgcc-4.9-dev libgomp1 libisl10 libmpc3 libmpfr4 libstdc++-4.9-dev libubsan0 linux-compiler-gcc-4.9-arm linux-libc-dev make

612

fi

649

fi

613

650

614

# Clean cached downloads

651

# Clean cached downloads

615

chroot_exec apt-get -y clean

652

chroot_exec apt-get -y clean

616

chroot_exec apt-get -y autoclean

653

chroot_exec apt-get -y autoclean

617

chroot_exec apt-get -y autoremove

654

chroot_exec apt-get -y autoremove

618

655

619

# Invoke custom scripts

656

# Invoke custom scripts

620

if [ -n "${CHROOT_SCRIPTS}" ]; then

657

if [ -n "${CHROOT_SCRIPTS}" ]; then

621

cp -r "${CHROOT_SCRIPTS}" "${R}/chroot_scripts"

658

cp -r "${CHROOT_SCRIPTS}" "${R}/chroot_scripts"

622

LANG=C chroot $R bash -c 'for SCRIPT in /chroot_scripts/*; do if [ -f $SCRIPT -a -x $SCRIPT ]; then $SCRIPT; fi done;'

659

LANG=C chroot $R bash -c 'for SCRIPT in /chroot_scripts/*; do if [ -f $SCRIPT -a -x $SCRIPT ]; then $SCRIPT; fi done;'

623

rm -rf "${R}/chroot_scripts"

660

rm -rf "${R}/chroot_scripts"

624

fi

661

fi

625

662

626

# Unmount mounted filesystems

663

# Unmount mounted filesystems

627

umount -l $R/proc

664

umount -l $R/proc

628

umount -l $R/sys

665

umount -l $R/sys

629

666

630

# Clean up files

667

# Clean up files

631

rm -f $R/etc/apt/sources.list.save

668

rm -f $R/etc/apt/sources.list.save

632

rm -f $R/etc/resolvconf/resolv.conf.d/original

669

rm -f $R/etc/resolvconf/resolv.conf.d/original

633

rm -rf $R/run

670

rm -rf $R/run

634

mkdir -p $R/run

671

mkdir -p $R/run

635

rm -f $R/etc/*-

672

rm -f $R/etc/*-

636

rm -f $R/root/.bash_history

673

rm -f $R/root/.bash_history

637

rm -rf $R/tmp/*

674

rm -rf $R/tmp/*

638

rm -f $R/var/lib/urandom/random-seed

675

rm -f $R/var/lib/urandom/random-seed

639

[ -L $R/var/lib/dbus/machine-id ] || rm -f $R/var/lib/dbus/machine-id

676

[ -L $R/var/lib/dbus/machine-id ] || rm -f $R/var/lib/dbus/machine-id

640

rm -f $R/etc/machine-id

677

rm -f $R/etc/machine-id

641

rm -fr $R/etc/apt/apt.conf.d/10proxy

678

rm -fr $R/etc/apt/apt.conf.d/10proxy

642

679

643

# Calculate size of the chroot directory in KB

680

# Calculate size of the chroot directory in KB

644

CHROOT_SIZE=$(expr `du -s $R | awk '{ print $1 }'`)

681

CHROOT_SIZE=$(expr `du -s $R | awk '{ print $1 }'`)

645

682

646

# Calculate the amount of needed 512 Byte sectors

683

# Calculate the amount of needed 512 Byte sectors

647

TABLE_SECTORS=$(expr 1 \* 1024 \* 1024 \/ 512)

684

TABLE_SECTORS=$(expr 1 \* 1024 \* 1024 \/ 512)

648

BOOT_SECTORS=$(expr 64 \* 1024 \* 1024 \/ 512)

685

BOOT_SECTORS=$(expr 64 \* 1024 \* 1024 \/ 512)

649

ROOT_OFFSET=$(expr ${TABLE_SECTORS} + ${BOOT_SECTORS})

686

ROOT_OFFSET=$(expr ${TABLE_SECTORS} + ${BOOT_SECTORS})

650

687

651

# The root partition is EXT4

688

# The root partition is EXT4

652

# This means more space than the actual used space of the chroot is used.

689

# This means more space than the actual used space of the chroot is used.

653

# As overhead for journaling and reserved blocks 20% are added.

690

# As overhead for journaling and reserved blocks 20% are added.

654

ROOT_SECTORS=$(expr $(expr ${CHROOT_SIZE} + ${CHROOT_SIZE} \/ 100 \* 20) \* 1024 \/ 512)

691

ROOT_SECTORS=$(expr $(expr ${CHROOT_SIZE} + ${CHROOT_SIZE} \/ 100 \* 20) \* 1024 \/ 512)

655

692

656

# Calculate required image size in 512 Byte sectors

693

# Calculate required image size in 512 Byte sectors

657

IMAGE_SECTORS=$(expr ${TABLE_SECTORS} + ${BOOT_SECTORS} + ${ROOT_SECTORS})

694

IMAGE_SECTORS=$(expr ${TABLE_SECTORS} + ${BOOT_SECTORS} + ${ROOT_SECTORS})

658

695

659

# Prepare date string for image file name

696

# Prepare date string for image file name

660

DATE="$(date +%Y-%m-%d)"

697

DATE="$(date +%Y-%m-%d)"

661

698

662

# Prepare image file

699

# Prepare image file

663

dd if=/dev/zero of="$BASEDIR/${DATE}-debian-${RELEASE}.img" bs=512 count=${TABLE_SECTORS}

700

dd if=/dev/zero of="$BASEDIR/${DATE}-debian-${RELEASE}.img" bs=512 count=${TABLE_SECTORS}

664

dd if=/dev/zero of="$BASEDIR/${DATE}-debian-${RELEASE}.img" bs=512 count=0 seek=${IMAGE_SECTORS}

701

dd if=/dev/zero of="$BASEDIR/${DATE}-debian-${RELEASE}.img" bs=512 count=0 seek=${IMAGE_SECTORS}

665

702

666

# Write partition table

703

# Write partition table

667

sfdisk -q -f "$BASEDIR/${DATE}-debian-${RELEASE}.img" <<EOM

704

sfdisk -q -f "$BASEDIR/${DATE}-debian-${RELEASE}.img" <<EOM

668

unit: sectors

705

unit: sectors

669

706

670

1 : start= ${TABLE_SECTORS}, size= ${BOOT_SECTORS}, Id= c, bootable

707

1 : start= ${TABLE_SECTORS}, size= ${BOOT_SECTORS}, Id= c, bootable

671

2 : start= ${ROOT_OFFSET}, size= ${ROOT_SECTORS}, Id=83

708

2 : start= ${ROOT_OFFSET}, size= ${ROOT_SECTORS}, Id=83

672

3 : start= 0, size= 0, Id= 0

709

3 : start= 0, size= 0, Id= 0

673

4 : start= 0, size= 0, Id= 0

710

4 : start= 0, size= 0, Id= 0

674

EOM

711

EOM

675

712

676

# Set up temporary loop devices and build filesystems

713

# Set up temporary loop devices and build filesystems

677

VFAT_LOOP="$(losetup -o 1M --sizelimit 64M -f --show $BASEDIR/${DATE}-debian-${RELEASE}.img)"

714

VFAT_LOOP="$(losetup -o 1M --sizelimit 64M -f --show $BASEDIR/${DATE}-debian-${RELEASE}.img)"

678

EXT4_LOOP="$(losetup -o 65M -f --show $BASEDIR/${DATE}-debian-${RELEASE}.img)"

715

EXT4_LOOP="$(losetup -o 65M -f --show $BASEDIR/${DATE}-debian-${RELEASE}.img)"

679

mkfs.vfat "$VFAT_LOOP"

716

mkfs.vfat "$VFAT_LOOP"

680

mkfs.ext4 "$EXT4_LOOP"

717

mkfs.ext4 "$EXT4_LOOP"

681

718

682

# Mount the temporary loop devices

719

# Mount the temporary loop devices

683

mkdir -p "$BUILDDIR/mount"

720

mkdir -p "$BUILDDIR/mount"

684

mount "$EXT4_LOOP" "$BUILDDIR/mount"

721

mount "$EXT4_LOOP" "$BUILDDIR/mount"

685

722

686

mkdir -p "$BUILDDIR/mount/boot/firmware"

723

mkdir -p "$BUILDDIR/mount/boot/firmware"

687

mount "$VFAT_LOOP" "$BUILDDIR/mount/boot/firmware"

724

mount "$VFAT_LOOP" "$BUILDDIR/mount/boot/firmware"

688

725

689

# Copy all files from the chroot to the loop device mount point directory

726

# Copy all files from the chroot to the loop device mount point directory

690

rsync -a "$R/" "$BUILDDIR/mount/"

727

rsync -a "$R/" "$BUILDDIR/mount/"

691

728

692

# Unmount all temporary loop devices and mount points

729

# Unmount all temporary loop devices and mount points

693

cleanup

730

cleanup

694

731

695

# (optinal) create block map file for "bmaptool"

732

# (optinal) create block map file for "bmaptool"

696

bmaptool create -o "$BASEDIR/${DATE}-debian-${RELEASE}.bmap" "$BASEDIR/${DATE}-debian-${RELEASE}.img"

733

bmaptool create -o "$BASEDIR/${DATE}-debian-${RELEASE}.bmap" "$BASEDIR/${DATE}-debian-${RELEASE}.img"

697

734

698

# Image was successfully created

735

# Image was successfully created

699

echo "$BASEDIR/${DATE}-debian-${RELEASE}.img (${IMAGE_SIZE})" ": successfully created"

736

echo "$BASEDIR/${DATE}-debian-${RELEASE}.img (${IMAGE_SIZE})" ": successfully created"

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Dépôts
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages

             # rpi2-gen-image
             ## Introduction
             `rpi2-gen-image.sh` is an advanced Debian Linux bootstrapping shell script for generating Debian OS images for the Raspberry 2 (RPi2) computer. The script at this time only supports the bootstrapping of the current stable Debian 8 "jessie" release.
             ## Build dependencies
             The following list of Debian packages must be installed on the build system because they are essentially required for the bootstrapping process. The script will check if all required packages are installed and missing packages will be installed automatically if confirmed by the user.
               ```debootstrap debian-archive-keyring qemu-user-static dosfstools rsync bmap-tools whois git-core```
             ## Command-line parameters
             The script accepts certain command-line parameters to enable or disable specific OS features, services and configuration settings. These parameters are passed to the `rpi2-gen-image.sh` script via (simple) shell-variables. Unlike environment shell-variables (simple) shell-variables are defined at the beginning of the command-line call of the `rpi2-gen-image.sh` script.
             #####Command-line examples:
             ```shell
             ENABLE_UBOOT=true ./rpi2-gen-image.sh
             ENABLE_CONSOLE=false ENABLE_IPV6=false ./rpi2-gen-image.sh
             ENABLE_WM=xfce4 ENABLE_FBTURBO=true ENABLE_MINBASE=true ./rpi2-gen-image.sh
             ENABLE_HARDNET=true ENABLE_IPTABLES=true /rpi2-gen-image.sh
             APT_SERVER=ftp.de.debian.org APT_PROXY="http://127.0.0.1:3142/" ./rpi2-gen-image.sh
             ENABLE_MINBASE=true ./rpi2-gen-image.sh
              ```
             #### APT settings:
             ##### `APT_SERVER`="ftp.debian.org"
             Set Debian packages server address. Choose a server from the list of Debian worldwide [mirror sites](https://www.debian.org/mirror/list). Using a nearby server will probably speed-up all required downloads within the bootstrapping process.
             ##### `APT_PROXY`=""
             Set Proxy server address. Using a local Proxy-Cache like `apt-cacher-ng` will speed-up the bootstrapping process because all required Debian packages will only be downloaded from the Debian mirror site once.
             ##### `APT_INCLUDES`=""
             A comma seperated list of additional packages to be installed during bootstrapping.
             #### General system settings:
             ##### `HOSTNAME`="rpi2-jessie"
             Set system host name. It's recommended that the host name is unique in the corresponding subnet.
             ##### `PASSWORD`="raspberry"
             Set system `root` password. The same password is used for the created user `pi`. It's **STRONGLY** recommended that you choose a custom password.
             ##### `DEFLOCAL`="en_US.UTF-8"
             Set default system locale. This setting can also be changed inside the running OS using the `dpkg-reconfigure locales` command. The script variant `minbase` (ENABLE_MINBASE=true) doesn't install `locales`.
             ##### `TIMEZONE`="Europe/Berlin"
             Set default system timezone. All available timezones can be found in the `/usr/share/zoneinfo/` directory. This setting can also be changed inside the running OS using the `dpkg-reconfigure tzdata` command.
             ##### `EXPANDROOT`=true
             Expand the root partition and filesystem automatically on first boot.
             #### Keyboard settings:
             These options are used to configure keyboard layout in `/etc/default/keyboard` for console and Xorg. These settings can also be changed inside the running OS using the `dpkg-reconfigure keyboard-configuration` command.
             ##### `XKBMODEL`=""
             Set the name of the model of your keyboard type.
             ##### `XKBLAYOUT`=""
             Set the supported keyboard layout(s).
             ##### `XKBVARIANT`=""
             Set the supported variant(s) of the keyboard layout(s).
             ##### `XKBOPTIONS`=""
             Set extra xkb configuration options.
             #### Networking settings (DHCP)
             This setting is used to set up networking auto configuration in `/etc/systemd/network/eth.network`.
             #####`ENABLE_DHCP`=true
             Set the system to use DHCP. This requires an DHCP server.
             #### Networking settings (static)
             These settings are used to set up a static networking configuration in /etc/systemd/network/eth.network. The following static networking settings are only supported if `ENABLE_DHCP` was set to `false`.
             #####`NET_ADDRESS`=""
             Set a static IPv4 or IPv6 address and its prefix, separated by "/", eg. "192.169.0.3/24".
             #####`NET_GATEWAY`=""
             Set the IP address for the default gateway.
             #####`NET_DNS_1`=""
             Set the IP address for the first DNS server.
             #####`NET_DNS_2`=""
             Set the IP address for the second DNS server.
             #####`NET_DNS_DOMAINS`=""
             Set the default DNS search domains to use for non fully qualified host names.
             #####`NET_NTP_1`=""
             Set the IP address for the first NTP server.
             #####`NET_NTP_2`=""
             Set the IP address for the second NTP server.
             #### Basic system features:
             ##### `ENABLE_CONSOLE`=true
             Enable serial console interface. Recommended if no monitor or keyboard is connected to the RPi2. In case of problems fe. if the network (auto) configuration failed - the serial console can be used to access the system.
             ##### `ENABLE_IPV6`=true
             Enable IPv6 support. The network interface configuration is managed via systemd-networkd.
             ##### `ENABLE_SSHD`=true
             Install and enable OpenSSH service. The default configuration of the service doesn't allow `root` to login. Please use the user `pi` instead and `su -` or `sudo` to execute commands as root.
             ##### `ENABLE_RSYSLOG`=true
             If set to false, disable and uninstall rsyslog (so logs will be available only
             in journal files)
             ##### `ENABLE_SOUND`=true
             Enable sound hardware and install Advanced Linux Sound Architecture.
             ##### `ENABLE_HWRANDOM`=true
             Enable Hardware Random Number Generator. Strong random numbers are important for most network based communications that use encryption. It's recommended to be enabled.
             ##### `ENABLE_MINGPU`=false
             Minimize the amount of shared memory reserved for the GPU. It doesn't seem to be possible to fully disable the GPU.
             ##### `ENABLE_DBUS`=true
             Install and enable D-Bus message bus. Please note that systemd should work without D-bus but it's recommended to be enabled.
             ##### `ENABLE_XORG`=false
             Install Xorg open-source X Window System.
             ##### `ENABLE_WM`=""
             Install a user defined window manager for the X Window System. To make sure all X related package dependencies are getting installed `ENABLE_XORG` will automatically get enabled if `ENABLE_WM` is used. The `rpi2-gen-image.sh` script has been tested with the following list of window managers: `blackbox`, `openbox`, `fluxbox`, `jwm`, `dwm`, `xfce4`, `awesome`.
             #### Advanced sytem features:
             ##### `ENABLE_MINBASE`=false
             Use debootstrap script variant `minbase` which only includes essential packages and apt. This will reduce the disk usage by about 65 MB.
             ##### `ENABLE_UBOOT`=false
             Replace default RPi2 second stage bootloader (bootcode.bin) with U-Boot bootloader. U-Boot can boot images via the network using the BOOTP/TFTP protocol.
             ##### `ENABLE_FBTURBO`=false
             Install and enable the hardware accelerated Xorg video driver `fbturbo`. Please note that this driver is currently limited to hardware accelerated window moving and scrolling.
             ##### `ENABLE_IPTABLES`=false
             Enable iptables IPv4/IPv6 firewall. Simplified ruleset: Allow all outgoing connections. Block all incoming connections except to OpenSSH service.
             ##### `ENABLE_USER`=true
             Create pi user with password raspberry
             ##### `ENABLE_ROOT`=true
             Set root user password so root login will be enabled
             ##### `ENABLE_ROOT_SSH`=true
             Enable password root login via SSH. May be a security risk with default
             password, use only in trusted environments.
             ##### `ENABLE_HARDNET`=false
             Enable IPv4/IPv6 network stack hardening settings.
             ##### `CHROOT_SCRIPTS`=""
             Path to a directory with scripts that should be run in the chroot before the image is finally built. Every executable file in this direcory is run in lexicographical order.
+            #### Kernel compilation:
+            ##### `BUILD_KERNEL`=false
+            Build and install the latest RPi2 linux kernel. Currently only the default RPi2 kernel configuration is used. Detailed configuration parameters for customizing the kernel and minor bug fixes still need to get implemented. feel free to help.
             ## Logging of the bootstrapping process
             All information related to the bootstrapping process and the commands executed by the `rpi2-gen-image.sh` script can easily be saved into a logfile. The common shell command `script` can be used for this purpose:
             ```shell
             script -c 'APT_SERVER=ftp.de.debian.org ./rpi2-gen-image.sh' ./build.log
             ```
             ## Flashing the image file
             After the image file was successfully created by the `rpi2-gen-image.sh` script it can be copied to the microSD card that will be used by the RPi2 computer. This can be performed by using the tools `bmaptool` or `dd`. Using `bmaptool` will probably speed-up the copy process because `bmaptool` copies more wisely than `dd`.
             #####Flashing examples:
             ```shell
             bmaptool copy ./images/jessie/2015-12-13-debian-jessie.img /dev/mmcblk0
             dd bs=4M if=./images/jessie/2015-12-13-debian-jessie.img of=/dev/mmcblk0
             ```

             #!/bin/sh
             ########################################################################
             # rpi2-gen-image.sh					   ver2a 12/2015
             #
             # Advanced debian "jessie" bootstrap script for RPi2
             #
             # This program is free software; you can redistribute it and/or
             # modify it under the terms of the GNU General Public License
             # as published by the Free Software Foundation; either version 2
             # of the License, or (at your option) any later version.
             #
             # some parts based on rpi2-build-image:
             # Copyright (C) 2015 Ryan Finnie <ryan@finnie.org>
             # Copyright (C) 2015 Luca Falavigna <dktrkranz@debian.org>
             ########################################################################
             # Clean up all temporary mount points
             cleanup (){
               set +x
               set +e
               echo "removing temporary mount points ..."
               umount -l $R/proc 2> /dev/null
               umount -l $R/sys 2> /dev/null
               umount -l $R/dev/pts 2> /dev/null
               umount "$BUILDDIR/mount/boot/firmware" 2> /dev/null
               umount "$BUILDDIR/mount" 2> /dev/null
               losetup -d "$EXT4_LOOP" 2> /dev/null
               losetup -d "$VFAT_LOOP" 2> /dev/null
               trap - 0 1 2 3 6
             }
             # Exec command in chroot
             chroot_exec() {
               LANG=C LC_ALL=C chroot $R $*
             }
             set -e
             set -x
             # Debian release
             RELEASE=${RELEASE:=jessie}
             KERNEL=${KERNEL:=3.18.0-trunk-rpi2}
             # Build settings
             BASEDIR=./images/${RELEASE}
             BUILDDIR=${BASEDIR}/build
             # General settings
             HOSTNAME=${HOSTNAME:=rpi2-${RELEASE}}
             PASSWORD=${PASSWORD:=raspberry}
             DEFLOCAL=${DEFLOCAL:="en_US.UTF-8"}
             TIMEZONE=${TIMEZONE:="Europe/Berlin"}
             XKBMODEL=${XKBMODEL:=""}
             XKBLAYOUT=${XKBLAYOUT:=""}
             XKBVARIANT=${XKBVARIANT:=""}
             XKBOPTIONS=${XKBOPTIONS:=""}
             EXPANDROOT=${EXPANDROOT:=true}
             # Network settings
             ENABLE_DHCP=${ENABLE_DHCP:=true}
             # NET_* settings are ignored when ENABLE_DHCP=true
             # NET_ADDRESS is an IPv4 or IPv6 address and its prefix, separated by "/"
             NET_ADDRESS=${NET_ADDRESS:=""}
             NET_GATEWAY=${NET_GATEWAY:=""}
             NET_DNS_1=${NET_DNS_1:=""}
             NET_DNS_2=${NET_DNS_2:=""}
             NET_DNS_DOMAINS=${NET_DNS_DOMAINS:=""}
             NET_NTP_1=${NET_NTP_1:=""}
             NET_NTP_2=${NET_NTP_2:=""}
             # APT settings
             APT_PROXY=${APT_PROXY:=""}
             APT_SERVER=${APT_SERVER:="ftp.debian.org"}
             # Feature settings
             ENABLE_CONSOLE=${ENABLE_CONSOLE:=true}
             ENABLE_IPV6=${ENABLE_IPV6:=true}
             ENABLE_SSHD=${ENABLE_SSHD:=true}
             ENABLE_SOUND=${ENABLE_SOUND:=true}
             ENABLE_DBUS=${ENABLE_DBUS:=true}
             ENABLE_HWRANDOM=${ENABLE_HWRANDOM:=true}
             ENABLE_MINGPU=${ENABLE_MINGPU:=false}
             ENABLE_XORG=${ENABLE_XORG:=false}
             ENABLE_WM=${ENABLE_WM:=""}
             ENABLE_RSYSLOG=${ENABLE_RSYSLOG:=true}
             ENABLE_USER=${ENABLE_USER:=true}
             ENABLE_ROOT=${ENABLE_ROOT:=false}
             ENABLE_ROOT_SSH=${ENABLE_ROOT_SSH:=false}
             # Advanced settings
             ENABLE_MINBASE=${ENABLE_MINBASE:=false}
             ENABLE_UBOOT=${ENABLE_UBOOT:=false}
             ENABLE_FBTURBO=${ENABLE_FBTURBO:=false}
             ENABLE_HARDNET=${ENABLE_HARDNET:=false}
             ENABLE_IPTABLES=${ENABLE_IPTABLES:=false}
+            # Kernel compilation settings
+            BUILD_KERNEL=${BUILD_KERNEL:=false}
             # Image chroot path
             R=${BUILDDIR}/chroot
             CHROOT_SCRIPTS=${CHROOT_SCRIPTS:=""}
             # Packages required for bootstrapping
             REQUIRED_PACKAGES="debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git-core"
             # Missing packages that need to be installed
             MISSING_PACKAGES=""
             # Packages required in the chroot build environment
             APT_INCLUDES=${APT_INCLUDES:=""}
             APT_INCLUDES="${APT_INCLUDES},apt-transport-https,ca-certificates,debian-archive-keyring,dialog,sudo"
             set +x
             # Are we running as root?
             if [ "$(id -u)" -ne "0" ] ; then
               echo "this script must be executed with root privileges"
               exit 1
             fi
+            # Add packages required for kernel cross compilation
+            if [ "$BUILD_KERNEL" = true ] ; then
+              REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-armhf"
+            fi
             # Check if all required packages are installed
             for package in $REQUIRED_PACKAGES ; do
               if [ "`dpkg-query -W -f='${Status}' $package`" != "install ok installed" ] ; then
                 MISSING_PACKAGES="$MISSING_PACKAGES $package"
               fi
             done
             # Ask if missing packages should get installed right now
             if [ -n "$MISSING_PACKAGES" ] ; then
               echo "the following packages needed by this script are not installed:"
               echo "$MISSING_PACKAGES"
               echo -n "\ndo you want to install the missing packages right now? [y/n] "
               read confirm
               if [ "$confirm" != "y" ] ; then
                 exit 1
               fi
             fi
             # Make sure all required packages are installed
             apt-get -qq -y install ${REQUIRED_PACKAGES}
             # Don't clobber an old build
             if [ -e "$BUILDDIR" ]; then
               echo "directory $BUILDDIR already exists, not proceeding"
               exit 1
             fi
             set -x
             # Call "cleanup" function on various signals and errors
             trap cleanup 0 1 2 3 6
             # Set up chroot directory
             mkdir -p $R
             # Add required packages for the minbase installation
             if [ "$ENABLE_MINBASE" = true ] ; then
               APT_INCLUDES="${APT_INCLUDES},vim-tiny,netbase,net-tools"
             else
               APT_INCLUDES="${APT_INCLUDES},locales,keyboard-configuration,console-setup"
             fi
             # Add parted package, required to get partprobe utility
             if [ "$EXPANDROOT" = true ] ; then
               APT_INCLUDES="${APT_INCLUDES},parted"
             fi
             # Add dbus package, recommended if using systemd
             if [ "$ENABLE_DBUS" = true ] ; then
               APT_INCLUDES="${APT_INCLUDES},dbus"
             fi
             # Add iptables IPv4/IPv6 package
             if [ "$ENABLE_IPTABLES" = true ] ; then
               APT_INCLUDES="${APT_INCLUDES},iptables"
             fi
             # Add openssh server package
             if [ "$ENABLE_SSHD" = true ] ; then
               APT_INCLUDES="${APT_INCLUDES},openssh-server"
             fi
             # Add alsa-utils package
             if [ "$ENABLE_SOUND" = true ] ; then
               APT_INCLUDES="${APT_INCLUDES},alsa-utils"
             fi
             # Add rng-tools package
             if [ "$ENABLE_HWRANDOM" = true ] ; then
               APT_INCLUDES="${APT_INCLUDES},rng-tools"
             fi
             if [ "$ENABLE_USER" = true ]; then
               APT_INCLUDES="${APT_INCLUDES},sudo"
             fi
             # Add fbturbo video driver
             if [ "$ENABLE_FBTURBO" = true ] ; then
               # Enable xorg package dependencies
               ENABLE_XORG=true
             fi
             # Add user defined window manager package
             if [ -n "$ENABLE_WM" ] ; then
               APT_INCLUDES="${APT_INCLUDES},${ENABLE_WM}"
               # Enable xorg package dependencies
               ENABLE_XORG=true
             fi
             # Add xorg package
             if [ "$ENABLE_XORG" = true ] ; then
               APT_INCLUDES="${APT_INCLUDES},xorg"
             fi
             # Base debootstrap (unpack only)
             if [ "$ENABLE_MINBASE" = true ] ; then
               http_proxy=${APT_PROXY} debootstrap --arch=armhf --variant=minbase --foreign --include=${APT_INCLUDES} $RELEASE $R http://${APT_SERVER}/debian
             else
               http_proxy=${APT_PROXY} debootstrap --arch=armhf --foreign --include=${APT_INCLUDES} $RELEASE $R http://${APT_SERVER}/debian
             fi
             # Copy qemu emulator binary to chroot
             cp /usr/bin/qemu-arm-static $R/usr/bin
             # Copy debian-archive-keyring.pgp
             chroot $R mkdir -p /usr/share/keyrings
             cp /usr/share/keyrings/debian-archive-keyring.gpg $R/usr/share/keyrings/debian-archive-keyring.gpg
             # Complete the bootstrapping process
             chroot $R /debootstrap/debootstrap --second-stage
             # Mount required filesystems
             mount -t proc none $R/proc
             mount -t sysfs none $R/sys
             mount --bind /dev/pts $R/dev/pts
             # Use proxy inside chroot
             if [ -z "$APT_PROXY" ] ; then
               echo "Acquire::http::Proxy \"$APT_PROXY\";" >> $R/etc/apt/apt.conf.d/10proxy
             fi
             # Pin package flash-kernel to repositories.collabora.co.uk
             cat <<EOM >$R/etc/apt/preferences.d/flash-kernel
             Package: flash-kernel
             Pin: origin repositories.collabora.co.uk
             Pin-Priority: 1000
             EOM
             # Set up timezone
             echo ${TIMEZONE} >$R/etc/timezone
             chroot_exec dpkg-reconfigure -f noninteractive tzdata
             # Upgrade collabora package index and install collabora keyring
             echo "deb https://repositories.collabora.co.uk/debian ${RELEASE} rpi2" >$R/etc/apt/sources.list
             chroot_exec apt-get -qq -y update
             chroot_exec apt-get -qq -y --force-yes install collabora-obs-archive-keyring
             # Set up initial sources.list
             cat <<EOM >$R/etc/apt/sources.list
             deb http://${APT_SERVER}/debian ${RELEASE} main contrib
             #deb-src http://${APT_SERVER}/debian ${RELEASE} main contrib
             deb http://${APT_SERVER}/debian/ ${RELEASE}-updates main contrib
             #deb-src http://${APT_SERVER}/debian/ ${RELEASE}-updates main contrib
             deb http://security.debian.org/ ${RELEASE}/updates main contrib
             #deb-src http://security.debian.org/ ${RELEASE}/updates main contrib
             deb https://repositories.collabora.co.uk/debian ${RELEASE} rpi2
             EOM
             # Upgrade package index and update all installed packages and changed dependencies
             chroot_exec apt-get -qq -y update
             chroot_exec apt-get -qq -y -u dist-upgrade
             # Set up default locale and keyboard configuration
             if [ "$ENABLE_MINBASE" = false ] ; then
               # Set locale choice in debconf db, even though dpkg-reconfigure ignores and overwrites them due to some bug
               # https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=684134 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=685957
               # ... so we have to set locales manually
               if [ "$DEFLOCAL" = "en_US.UTF-8" ] ; then
                 chroot_exec echo "locales locales/locales_to_be_generated multiselect ${DEFLOCAL} UTF-8" | debconf-set-selections
               else
                 # en_US.UTF-8 should be available anyway : https://www.debian.org/doc/manuals/debian-reference/ch08.en.html#_the_reconfiguration_of_the_locale
                 chroot_exec echo "locales locales/locales_to_be_generated multiselect en_US.UTF-8 UTF-8, ${DEFLOCAL} UTF-8" | debconf-set-selections
                 chroot_exec sed -i "/en_US.UTF-8/s/^#//" /etc/locale.gen
               fi
               chroot_exec sed -i "/${DEFLOCAL}/s/^#//" /etc/locale.gen
               chroot_exec echo "locales locales/default_environment_locale select ${DEFLOCAL}" | debconf-set-selections
               chroot_exec locale-gen
               chroot_exec update-locale LANG=${DEFLOCAL}
               # Keyboard configuration, if requested
               if [ "$XKBMODEL" != "" ] ; then
                 chroot_exec sed -i "s/^XKBMODEL.*/XKBMODEL=\"${XKBMODEL}\"/" /etc/default/keyboard
               fi
               if [ "$XKBLAYOUT" != "" ] ; then
                 chroot_exec sed -i "s/^XKBLAYOUT.*/XKBLAYOUT=\"${XKBLAYOUT}\"/" /etc/default/keyboard
               fi
               if [ "$XKBVARIANT" != "" ] ; then
                 chroot_exec sed -i "s/^XKBVARIANT.*/XKBVARIANT=\"${XKBVARIANT}\"/" /etc/default/keyboard
               fi
               if [ "$XKBOPTIONS" != "" ] ; then
                 chroot_exec sed -i "s/^XKBOPTIONS.*/XKBOPTIONS=\"${XKBOPTIONS}\"/" /etc/default/keyboard
               fi
               chroot_exec dpkg-reconfigure -f noninteractive keyboard-configuration
               # Set up font console
               case "${DEFLOCAL}" in
                 *UTF-8)
                   chroot_exec sed -i 's/^CHARMAP.*/CHARMAP="UTF-8"/' /etc/default/console-setup
                   ;;
                 *)
                   chroot_exec sed -i 's/^CHARMAP.*/CHARMAP="guess"/' /etc/default/console-setup
                   ;;
               esac
               chroot_exec dpkg-reconfigure -f noninteractive console-setup
             fi
-            # Kernel installation
+            # Fetch and build latest raspberry kernel
-            # Install flash-kernel last so it doesn't try (and fail) to detect the platform in the chroot
+            if [ "$BUILD_KERNEL" = true ] ; then
-            chroot_exec apt-get -qq -y --no-install-recommends install linux-image-${KERNEL} raspberrypi-bootloader-nokernel
+              # Fetch current raspberrypi kernel sources
-            chroot_exec apt-get -qq -y install flash-kernel
+              git -C $R/tmp clone --depth=1 https://github.com/raspberrypi/linux
+              # Load default raspberry kernel configuration
+              make -C $R/tmp/linux ARCH=arm CROSS_COMPILE=arm-linux-gnueabihf- bcm2709_defconfig
+              # Cross compile kernel and modules
+              make -C $R/tmp/linux -j 8 ARCH=arm CROSS_COMPILE=arm-linux-gnueabihf- zImage modules dtbs
+              # Install kernel modules
+              make -C $R/tmp/linux ARCH=arm CROSS_COMPILE=arm-linux-gnueabihf- INSTALL_MOD_PATH=../.. modules_install
-            VMLINUZ="$(ls -1 $R/boot/vmlinuz-* | sort | tail -n 1)"
+              # Copy and rename compiled kernel to boot directory
-            [ -z "$VMLINUZ" ] && exit 1
+              mkdir $R/boot/firmware/
-            cp $VMLINUZ $R/boot/firmware/kernel7.img
+              $R/tmp/linux/scripts/mkknlimg $R/tmp/linux/arch/arm/boot/zImage $R/boot/firmware/kernel7.img
+              # Copy dts and dtb device definitions
+              mkdir $R/boot/firmware/overlays/
+              cp $R/tmp/linux/arch/arm/boot/dts/*.dtb $R/boot/firmware/
+              cp $R/tmp/linux/arch/arm/boot/dts/overlays/*.dtb* $R/boot/firmware/overlays/
+              cp $R/tmp/linux/arch/arm/boot/dts/overlays/README $R/boot/firmware/overlays/
+              # Install raspberry bootloader and flash-kernel
+              chroot_exec apt-get -qq -y --no-install-recommends install raspberrypi-bootloader-nokernel
+            else
+              # Kernel installation
+              chroot_exec apt-get -qq -y --no-install-recommends install linux-image-${KERNEL} raspberrypi-bootloader-nokernel
+              # Install flash-kernel last so it doesn't try (and fail) to detect the platform in the chroot
+              chroot_exec apt-get -qq -y install flash-kernel
+              VMLINUZ="$(ls -1 $R/boot/vmlinuz-* | sort | tail -n 1)"
+              [ -z "$VMLINUZ" ] && exit 1
+              cp $VMLINUZ $R/boot/firmware/kernel7.img
+            fi
             # Set up IPv4 hosts
             echo ${HOSTNAME} >$R/etc/hostname
             cat <<EOM >$R/etc/hosts
 .0.0.1       localhost
 .0.1.1       ${HOSTNAME}
             EOM
             if [ "$NET_ADDRESS" != "" ] ; then
             NET_IP=$(echo ${NET_ADDRESS} | cut -f 1 -d'/')
             sed -i "s/^127.0.1.1/${NET_IP}/" $R/etc/hosts
             fi
             # Set up IPv6 hosts
             if [ "$ENABLE_IPV6" = true ] ; then
             cat <<EOM >>$R/etc/hosts
             ::1             localhost ip6-localhost ip6-loopback
             ff02::1         ip6-allnodes
             ff02::2         ip6-allrouters
             EOM
             fi
             # Place hint about network configuration
             cat <<EOM >$R/etc/network/interfaces
             # Debian switched to systemd-networkd configuration files.
             # please configure your networks in '/etc/systemd/network/'
             EOM
             if [ "$ENABLE_DHCP" = true ] ; then
             # Enable systemd-networkd DHCP configuration for interface eth0
             cat <<EOM >$R/etc/systemd/network/eth.network
             [Match]
             Name=eth0
             [Network]
             DHCP=yes
             EOM
             # Set DHCP configuration to IPv4 only
             if [ "$ENABLE_IPV6" = false ] ; then
               sed -i "s/^DHCP=yes/DHCP=v4/" $R/etc/systemd/network/eth.network
             fi
             else # ENABLE_DHCP=false
             cat <<EOM >$R/etc/systemd/network/eth.network
             [Match]
             Name=eth0
             [Network]
             DHCP=no
             Address=${NET_ADDRESS}
             Gateway=${NET_GATEWAY}
             DNS=${NET_DNS_1}
             DNS=${NET_DNS_2}
             Domains=${NET_DNS_DOMAINS}
             NTP=${NET_NTP_1}
             NTP=${NET_NTP_2}
             EOM
             fi
             # Enable systemd-networkd service
             chroot_exec systemctl enable systemd-networkd
             # Generate crypt(3) password string
             ENCRYPTED_PASSWORD=`mkpasswd -m sha-512 ${PASSWORD}`
             # Set up default user
             if [ "$ENABLE_USER" = true ] ; then
               chroot_exec adduser --gecos pi --add_extra_groups --disabled-password pi
               chroot_exec usermod -a -G sudo -p "${ENCRYPTED_PASSWORD}" pi
             fi
             # Set up root password or not
             if [ "$ENABLE_ROOT" = true ]; then
               chroot_exec usermod -p "${ENCRYPTED_PASSWORD}" root
               if [ "$ENABLE_ROOT_SSH" = true ]; then
                 sed -i 's|[#]*PermitRootLogin.*|PermitRootLogin yes|g' $R/etc/ssh/sshd_config
               fi
             else
               chroot_exec usermod -p \'!\' root
             fi
             # Set up firmware boot cmdline
             CMDLINE="dwc_otg.lpm_enable=0 root=/dev/mmcblk0p2 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline rootwait net.ifnames=1 console=tty1"
             # Set up serial console support (if requested)
             if [ "$ENABLE_CONSOLE" = true ] ; then
               CMDLINE="${CMDLINE} console=ttyAMA0,115200 kgdboc=ttyAMA0,115200"
             fi
             # Set up IPv6 networking support
             if [ "$ENABLE_IPV6" = false ] ; then
               CMDLINE="${CMDLINE} ipv6.disable=1"
             fi
             echo "${CMDLINE}" >$R/boot/firmware/cmdline.txt
             # Set up firmware config
             install -o root -g root -m 644 files/config.txt $R/boot/firmware/config.txt
             # Load snd_bcm2835 kernel module at boot time
             if [ "$ENABLE_SOUND" = true ] ; then
               echo "snd_bcm2835" >>$R/etc/modules
             fi
             # Set smallest possible GPU memory allocation size: 16MB (no X)
             if [ "$ENABLE_MINGPU" = true ] ; then
               echo "gpu_mem=16" >>$R/boot/firmware/config.txt
             fi
             # Create symlinks
             ln -sf firmware/config.txt $R/boot/config.txt
             ln -sf firmware/cmdline.txt $R/boot/cmdline.txt
             # Prepare modules-load.d directory
             mkdir -p $R/lib/modules-load.d/
             # Load random module on boot
             if [ "$ENABLE_HWRANDOM" = true ] ; then
               cat <<EOM >$R/lib/modules-load.d/rpi2.conf
             bcm2708_rng
             EOM
             fi
             # Prepare modprobe.d directory
             mkdir -p $R/etc/modprobe.d/
             # Blacklist sound modules
             install -o root -g root -m 644 files/modprobe.d/raspi-blacklist.conf $R/etc/modprobe.d/raspi-blacklist.conf
             # Create default fstab
             install -o root -g root -m 644 files/fstab $R/etc/fstab
             # Avoid swapping and increase cache sizes
             install -o root -g root -m 644 files/sysctl.d/81-rpi-vm.conf $R/etc/sysctl.d/81-rpi-vm.conf
             # Enable network stack hardening
             if [ "$ENABLE_HARDNET" = true ] ; then
               install -o root -g root -m 644 files/sysctl.d/81-rpi-net-hardening.conf $R/etc/sysctl.d/81-rpi-net-hardening.conf
             # Enable resolver warnings about spoofed addresses
               cat <<EOM >>$R/etc/host.conf
             spoof warn
             EOM
             fi
             # First boot actions
             cat files/firstboot/10-begin.sh > $R/etc/rc.firstboot
             # Ensure openssh server host keys are regenerated on first boot
             if [ "$ENABLE_SSHD" = true ] ; then
               cat files/firstboot/21-generate-ssh-keys.sh >> $R/etc/rc.firstboot
               rm -f $R/etc/ssh/ssh_host_*
             fi
             if [ "$EXPANDROOT" = true ] ; then
               cat files/firstboot/22-expandroot.sh >> $R/etc/rc.firstboot
             fi
             cat files/firstboot/99-finish.sh >> $R/etc/rc.firstboot
             chmod +x $R/etc/rc.firstboot
             sed -i '/exit 0/d' $R/etc/rc.local
             echo /etc/rc.firstboot >> $R/etc/rc.local
             echo exit 0 >> $R/etc/rc.local
             # Disable rsyslog
             if [ "$ENABLE_RSYSLOG" = false ]; then
               sed -i 's|[#]*ForwardToSyslog=yes|ForwardToSyslog=no|g' $R/etc/systemd/journald.conf
               chroot_exec systemctl disable rsyslog
               chroot_exec apt-get purge -q -y --force-yes rsyslog
             fi
             # Enable serial console systemd style
             if [ "$ENABLE_CONSOLE" = true ] ; then
               chroot_exec systemctl enable serial-getty\@ttyAMA0.service
             fi
             # Enable firewall based on iptables started by systemd service
             if [ "$ENABLE_IPTABLES" = true ] ; then
               # Create iptables configuration directory
               mkdir -p "$R/etc/iptables"
               # Create iptables systemd service
               install -o root -g root -m 644 files/iptables/iptables.service $R/etc/systemd/system/iptables.service
               # Create flush-table script called by iptables service
               install -o root -g root -m 755 files/iptables/flush-iptables.sh $R/etc/iptables/flush-iptables.sh
               # Create iptables rule file
               install -o root -g root -m 644 files/iptables/iptables.rules $R/etc/iptables/iptables.rules
               # Reload systemd configuration and enable iptables service
               chroot_exec systemctl daemon-reload
               chroot_exec systemctl enable iptables.service
               if [ "$ENABLE_IPV6" = true ] ; then
                 # Create ip6tables systemd service
                 install -o root -g root -m 644 files/iptables/ip6tables.service $R/etc/systemd/system/ip6tables.service
                 # Create ip6tables file
                 install -o root -g root -m 755 files/iptables/flush-ip6tables.sh $R/etc/iptables/flush-ip6tables.sh
                 install -o root -g root -m 644 files/iptables/ip6tables.rules $R/etc/iptables/ip6tables.rules
                 # Reload systemd configuration and enable iptables service
                 chroot_exec systemctl daemon-reload
                 chroot_exec systemctl enable ip6tables.service
               fi
             fi
             # Remove SSHD related iptables rules
             if [ "$ENABLE_SSHD" = false ] ; then
              sed -e '/^#/! {/SSH/ s/^/# /}' -i $R/etc/iptables/iptables.rules 2> /dev/null
              sed -e '/^#/! {/SSH/ s/^/# /}' -i $R/etc/iptables/ip6tables.rules 2> /dev/null
             fi
             # Install gcc/c++ build environment inside the chroot
             if [ "$ENABLE_UBOOT" = true ] || [ "$ENABLE_FBTURBO" = true ]; then
               chroot_exec apt-get install -q -y --force-yes --no-install-recommends linux-compiler-gcc-4.9-arm g++ make bc
             fi
             # Fetch and build U-Boot bootloader
             if [ "$ENABLE_UBOOT" = true ] ; then
               # Fetch U-Boot bootloader sources
               git -C $R/tmp clone git://git.denx.de/u-boot.git
               # Build and install U-Boot inside chroot
               chroot_exec make -C /tmp/u-boot/ rpi_2_defconfig all
               # Copy compiled bootloader binary and set config.txt to load it
               cp $R/tmp/u-boot/u-boot.bin $R/boot/firmware/
               printf "\n# boot u-boot kernel\nkernel=u-boot.bin\n" >> $R/boot/firmware/config.txt
               # Set U-Boot command file
               cat <<EOM >$R/boot/firmware/uboot.mkimage
             # Tell Linux that it is booting on a Raspberry Pi2
             setenv machid 0x00000c42
             # Set the kernel boot command line
             setenv bootargs "earlyprintk ${CMDLINE}"
             # Save these changes to u-boot's environment
             saveenv
             # Load the existing Linux kernel into RAM
             fatload mmc 0:1 \${kernel_addr_r} kernel7.img
             # Boot the kernel we have just loaded
             bootz \${kernel_addr_r}
             EOM
               # Generate U-Boot image from command file
               chroot_exec mkimage -A arm -O linux -T script -C none -a 0x00000000 -e 0x00000000 -n "RPi2 Boot Script" -d /boot/firmware/uboot.mkimage /boot/firmware/boot.scr
             fi
             # Fetch and build fbturbo Xorg driver
             if [ "$ENABLE_FBTURBO" = true ] ; then
               # Fetch fbturbo driver sources
               git -C $R/tmp clone https://github.com/ssvb/xf86-video-fbturbo.git
               # Install Xorg build dependencies
               chroot_exec apt-get install -q -y --no-install-recommends xorg-dev xutils-dev x11proto-dri2-dev libltdl-dev libtool automake libdrm-dev
               # Build and install fbturbo driver inside chroot
               chroot_exec /bin/bash -c "cd /tmp/xf86-video-fbturbo; autoreconf -vi; ./configure --prefix=/usr; make; make install"
               # Add fbturbo driver to Xorg configuration
               cat <<EOM >$R/usr/share/X11/xorg.conf.d/99-fbturbo.conf
             Section "Device"
                     Identifier "Allwinner A10/A13 FBDEV"
                     Driver "fbturbo"
                     Option "fbdev" "/dev/fb0"
                     Option "SwapbuffersWait" "true"
             EndSection
             EOM
               # Remove Xorg build dependencies
               chroot_exec apt-get -q -y purge --auto-remove xorg-dev xutils-dev x11proto-dri2-dev libltdl-dev libtool automake libdrm-dev
             fi
             # Remove gcc/c++ build environment from the chroot
             if [ "$ENABLE_UBOOT" = true ] || [ "$ENABLE_FBTURBO" = true ]; then
               chroot_exec apt-get -y -q purge --auto-remove bc binutils cpp cpp-4.9 g++ g++-4.9 gcc gcc-4.9 libasan1 libatomic1 libc-dev-bin libc6-dev libcloog-isl4 libgcc-4.9-dev libgomp1 libisl10 libmpc3 libmpfr4 libstdc++-4.9-dev libubsan0 linux-compiler-gcc-4.9-arm linux-libc-dev make
             fi
             # Clean cached downloads
             chroot_exec apt-get -y clean
             chroot_exec apt-get -y autoclean
             chroot_exec apt-get -y autoremove
             # Invoke custom scripts
             if [ -n "${CHROOT_SCRIPTS}" ]; then
               cp -r "${CHROOT_SCRIPTS}" "${R}/chroot_scripts"
               LANG=C chroot $R bash -c 'for SCRIPT in /chroot_scripts/*; do if [ -f $SCRIPT -a -x $SCRIPT ]; then $SCRIPT; fi done;'
               rm -rf "${R}/chroot_scripts"
             fi
             # Unmount mounted filesystems
             umount -l $R/proc
             umount -l $R/sys
             # Clean up files
             rm -f $R/etc/apt/sources.list.save
             rm -f $R/etc/resolvconf/resolv.conf.d/original
             rm -rf $R/run
             mkdir -p $R/run
             rm -f $R/etc/*-
             rm -f $R/root/.bash_history
             rm -rf $R/tmp/*
             rm -f $R/var/lib/urandom/random-seed
             [ -L $R/var/lib/dbus/machine-id ] || rm -f $R/var/lib/dbus/machine-id
             rm -f $R/etc/machine-id
             rm -fr $R/etc/apt/apt.conf.d/10proxy
             # Calculate size of the chroot directory in KB
             CHROOT_SIZE=$(expr `du -s $R | awk '{ print $1 }'`)
             # Calculate the amount of needed 512 Byte sectors
             TABLE_SECTORS=$(expr 1 \* 1024 \* 1024 \/ 512)
             BOOT_SECTORS=$(expr 64 \* 1024 \* 1024 \/ 512)
             ROOT_OFFSET=$(expr ${TABLE_SECTORS} + ${BOOT_SECTORS})
             # The root partition is EXT4
             # This means more space than the actual used space of the chroot is used.
             # As overhead for journaling and reserved blocks 20% are added.
             ROOT_SECTORS=$(expr $(expr ${CHROOT_SIZE} + ${CHROOT_SIZE} \/ 100 \* 20) \* 1024 \/ 512)
             # Calculate required image size in 512 Byte sectors
             IMAGE_SECTORS=$(expr ${TABLE_SECTORS} + ${BOOT_SECTORS} + ${ROOT_SECTORS})
             # Prepare date string for image file name
             DATE="$(date +%Y-%m-%d)"
             # Prepare image file
             dd if=/dev/zero of="$BASEDIR/${DATE}-debian-${RELEASE}.img" bs=512 count=${TABLE_SECTORS}
             dd if=/dev/zero of="$BASEDIR/${DATE}-debian-${RELEASE}.img" bs=512 count=0 seek=${IMAGE_SECTORS}
             # Write partition table
             sfdisk -q -f "$BASEDIR/${DATE}-debian-${RELEASE}.img" <<EOM
             unit: sectors
 : start=   ${TABLE_SECTORS}, size=   ${BOOT_SECTORS}, Id= c, bootable
 : start=     ${ROOT_OFFSET}, size=   ${ROOT_SECTORS}, Id=83
 : start=                  0, size=                 0, Id= 0
 : start=                  0, size=                 0, Id= 0
             EOM
             # Set up temporary loop devices and build filesystems
             VFAT_LOOP="$(losetup -o 1M --sizelimit 64M -f --show $BASEDIR/${DATE}-debian-${RELEASE}.img)"
             EXT4_LOOP="$(losetup -o 65M -f --show $BASEDIR/${DATE}-debian-${RELEASE}.img)"
             mkfs.vfat "$VFAT_LOOP"
             mkfs.ext4 "$EXT4_LOOP"
             # Mount the temporary loop devices
             mkdir -p "$BUILDDIR/mount"
             mount "$EXT4_LOOP" "$BUILDDIR/mount"
             mkdir -p "$BUILDDIR/mount/boot/firmware"
             mount "$VFAT_LOOP" "$BUILDDIR/mount/boot/firmware"
             # Copy all files from the chroot to the loop device mount point directory
             rsync -a "$R/" "$BUILDDIR/mount/"
             # Unmount all temporary loop devices and mount points
             cleanup
             # (optinal) create block map file for "bmaptool"
             bmaptool create -o "$BASEDIR/${DATE}-debian-${RELEASE}.bmap" "$BASEDIR/${DATE}-debian-${RELEASE}.img"
             # Image was successfully created
             echo "$BASEDIR/${DATE}-debian-${RELEASE}.img (${IMAGE_SIZE})" ": successfully created"