##// END OF EJS Templates
Raspi2-3_GenImage
RSS

Cloner depuis https://github.com/drtyhlpr/rpi23-gen-image.git

let it break again?
Unknown -
r494:29368aadd81d
parent child
Show More
Show file before | Show file after | Hide comments
@@ -7,12 +7,13
7
7
8 # Need to use kali kernel src if nexmon is enabled
8 # Need to use kali kernel src if nexmon is enabled
9 if [ "$ENABLE_NEXMON" = true ] ; then
9 if [ "$ENABLE_NEXMON" = true ] ; then
10 echo "WARNING: if ENABLE_NEXMON is used remember to put the CORRECT KERNELSRC IN KERNELSRC_DIR!!!!!1!"
10 KERNEL_URL="${KALI_KERNEL_URL}"
11 KERNEL_URL="${KALI_KERNEL_URL}"
12 KERNEL_BRANCH=""
11 fi
13 fi
12
14
13 # Fetch and build latest raspberry kernel
15 # Fetch and build latest raspberry kernel
14 if [ "$BUILD_KERNEL" = true ] ; then
16 if [ "$BUILD_KERNEL" = true ] ; then
15 echo "WARNING: if ENABLE_NEXMON is used remember to put the CORRECT KERNELSRC IN KERNELSRC_DIR!!!!!1!"
16 # Setup source directory
17 # Setup source directory
17 mkdir -p "${KERNEL_DIR}"
18 mkdir -p "${KERNEL_DIR}"
18
19
@@ -230,24 +231,22 if [ "$BUILD_KERNEL" = true ] ; then
230 fi
231 fi
231
232
232 # KERNEL_DEFAULT_GOV was set by user
233 # KERNEL_DEFAULT_GOV was set by user
233 if ! [ "$KERNEL_DEFAULT_GOV" = POWERSAVE ] && [ -n "$KERNEL_DEFAULT_GOV" ]; then
234 if [ "$KERNEL_DEFAULT_GOV" != powersave ] && [ -n "$KERNEL_DEFAULT_GOV" ]; then
234 # unset default governor
235 unset_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_POWERSAVE
236
235
237 case "$KERNEL_DEFAULT_GOV" in
236 case "$KERNEL_DEFAULT_GOV" in
238 "performance")
237 performance)
239 set_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_PERFORMANCE y
238 set_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_PERFORMANCE y
240 ;;
239 ;;
241 "userspace")
240 userspace)
242 set_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_USERSPACE y
241 set_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_USERSPACE y
243 ;;
242 ;;
244 "ondemand")
243 ondemand)
245 set_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_ONDEMAND y
244 set_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_ONDEMAND y
246 ;;
245 ;;
247 "conservative")
246 conservative)
248 set_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_CONSERVATIVE y
247 set_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_CONSERVATIVE y
249 ;;
248 ;;
250 "shedutil")
249 shedutil)
251 set_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_SCHEDUTIL y
250 set_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_SCHEDUTIL y
252 ;;
251 ;;
253 *)
252 *)
@@ -255,6 +254,9 if [ "$BUILD_KERNEL" = true ] ; then
255 exit 1
254 exit 1
256 ;;
255 ;;
257 esac
256 esac
257
258 # unset previous default governor
259 unset_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_POWERSAVE
258 fi
260 fi
259
261
260
262
Show file before | Show file after | Hide comments
@@ -42,7 +42,7 if [ "$ENABLE_INITRAMFS" = true ] ; then
42 install_exec files/initramfs/expand-premount "${ETC_DIR}/initramfs-tools/scripts/local-premount/expand-premount"
42 install_exec files/initramfs/expand-premount "${ETC_DIR}/initramfs-tools/scripts/local-premount/expand-premount"
43 install_exec files/initramfs/expand-tools "${ETC_DIR}/initramfs-tools/hooks/expand-tools"
43 install_exec files/initramfs/expand-tools "${ETC_DIR}/initramfs-tools/hooks/expand-tools"
44 fi
44 fi
45
45
46 if [ "$CRYPTFS_DROPBEAR" = true ]; then
46 if [ "$CRYPTFS_DROPBEAR" = true ]; then
47 if [ -n "$CRYPTFS_DROPBEAR_PUBKEY" ] && [ -f "$CRYPTFS_DROPBEAR_PUBKEY" ] ; then
47 if [ -n "$CRYPTFS_DROPBEAR_PUBKEY" ] && [ -f "$CRYPTFS_DROPBEAR_PUBKEY" ] ; then
48 install_readonly "${CRYPTFS_DROPBEAR_PUBKEY}" "${ETC_DIR}"/dropbear-initramfs/id_rsa.pub
48 install_readonly "${CRYPTFS_DROPBEAR_PUBKEY}" "${ETC_DIR}"/dropbear-initramfs/id_rsa.pub
@@ -50,29 +50,29 if [ "$ENABLE_INITRAMFS" = true ] ; then
50 else
50 else
51 # Create key
51 # Create key
52 chroot_exec /usr/bin/dropbearkey -t rsa -f /etc/dropbear-initramfs/id_rsa.dropbear
52 chroot_exec /usr/bin/dropbearkey -t rsa -f /etc/dropbear-initramfs/id_rsa.dropbear
53
53
54 # Convert dropbear key to openssh key
54 # Convert dropbear key to openssh key
55 chroot_exec /usr/lib/dropbear/dropbearconvert dropbear openssh /etc/dropbear-initramfs/id_rsa.dropbear /etc/dropbear-initramfs/id_rsa
55 chroot_exec /usr/lib/dropbear/dropbearconvert dropbear openssh /etc/dropbear-initramfs/id_rsa.dropbear /etc/dropbear-initramfs/id_rsa
56
56
57 # Get Public Key Part
57 # Get Public Key Part
58 chroot_exec /usr/bin/dropbearkey -y -f /etc/dropbear-initramfs/id_rsa.dropbear | chroot_exec tee /etc/dropbear-initramfs/id_rsa.pub
58 chroot_exec /usr/bin/dropbearkey -y -f /etc/dropbear-initramfs/id_rsa.dropbear | chroot_exec tee /etc/dropbear-initramfs/id_rsa.pub
59
59
60 # Delete unwanted lines
60 # Delete unwanted lines
61 sed -i '/Public/d' "${ETC_DIR}"/dropbear-initramfs/id_rsa.pub
61 sed -i '/Public/d' "${ETC_DIR}"/dropbear-initramfs/id_rsa.pub
62 sed -i '/Fingerprint/d' "${ETC_DIR}"/dropbear-initramfs/id_rsa.pub
62 sed -i '/Fingerprint/d' "${ETC_DIR}"/dropbear-initramfs/id_rsa.pub
63
63
64 # Trust the new key
64 # Trust the new key
65 cat "${ETC_DIR}"/dropbear-initramfs/id_rsa.pub > "${ETC_DIR}"/dropbear-initramfs/authorized_keys
65 cat "${ETC_DIR}"/dropbear-initramfs/id_rsa.pub > "${ETC_DIR}"/dropbear-initramfs/authorized_keys
66
66
67 # Save Keys - convert with putty from rsa/openssh to puttkey
67 # Save Keys - convert with putty from rsa/openssh to puttkey
68 cp -f "${ETC_DIR}"/dropbear-initramfs/id_rsa "${BASEDIR}"/dropbear_initramfs_key.rsa
68 cp -f "${ETC_DIR}"/dropbear-initramfs/id_rsa "${BASEDIR}"/dropbear_initramfs_key.rsa
69
69
70 # Get unlock script
70 # Get unlock script
71 install_exec files/initramfs/crypt_unlock.sh "${ETC_DIR}"/initramfs-tools/hooks/crypt_unlock.sh
71 install_exec files/initramfs/crypt_unlock.sh "${ETC_DIR}"/initramfs-tools/hooks/crypt_unlock.sh
72
72
73 # Enable Dropbear inside initramfs
73 # Enable Dropbear inside initramfs
74 printf "#\n# DROPBEAR: [ y | n ]\n#\n\nDROPBEAR=y\n" >> "${ETC_DIR}/initramfs-tools/initramfs.conf"
74 printf "#\n# DROPBEAR: [ y | n ]\n#\n\nDROPBEAR=y\n" >> "${ETC_DIR}/initramfs-tools/initramfs.conf"
75
75
76 # Enable Dropbear inside initramfs
76 # Enable Dropbear inside initramfs
77 sed -i "54 i sleep 5" "${R}"/usr/share/initramfs-tools/scripts/init-premount/dropbear
77 sed -i "54 i sleep 5" "${R}"/usr/share/initramfs-tools/scripts/init-premount/dropbear
78 fi
78 fi
Show file before | Show file after | Hide comments
@@ -64,6 +64,7 if [ "$ENABLE_CRYPTFS" = true ] ; then
64 fi
64 fi
65 fi
65 fi
66
66
67 # Enable Kernel messages on standard output
67 if [ "$ENABLE_PRINTK" = true ] ; then
68 if [ "$ENABLE_PRINTK" = true ] ; then
68 install_readonly files/sysctl.d/83-rpi-printk.conf "${ETC_DIR}/sysctl.d/83-rpi-printk.conf"
69 install_readonly files/sysctl.d/83-rpi-printk.conf "${ETC_DIR}/sysctl.d/83-rpi-printk.conf"
69 fi
70 fi
@@ -86,7 +87,7 fi
86 # Install firmware config
87 # Install firmware config
87 install_readonly files/boot/config.txt "${BOOT_DIR}/config.txt"
88 install_readonly files/boot/config.txt "${BOOT_DIR}/config.txt"
88
89
89 #locks cpu at max frequency
90 # Locks CPU frequency at maximum
90 if [ "$ENABLE_TURBO" = true ] ; then
91 if [ "$ENABLE_TURBO" = true ] ; then
91 echo "force_turbo=1" >> "${BOOT_DIR}/config.txt"
92 echo "force_turbo=1" >> "${BOOT_DIR}/config.txt"
92 # helps to avoid sdcard corruption when force_turbo is enabled.
93 # helps to avoid sdcard corruption when force_turbo is enabled.
@@ -149,7 +150,6 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then
149
150
150 # Activate services
151 # Activate services
151 chroot_exec systemctl enable pi-bluetooth.hciuart.service
152 chroot_exec systemctl enable pi-bluetooth.hciuart.service
152 chroot_exec systemctl enable pi-bluetooth.bthelper@serial1.service
153
153
154 else # if ENABLE_BLUETOOTH = false
154 else # if ENABLE_BLUETOOTH = false
155 # set overlay to disable bluetooth
155 # set overlay to disable bluetooth
@@ -167,13 +167,6 if [ "$ENABLE_CONSOLE" = true ] ; then
167 chroot_exec systemctl enable serial-getty@serial0.service
167 chroot_exec systemctl enable serial-getty@serial0.service
168 else
168 else
169 echo "enable_uart=0" >> "${BOOT_DIR}/config.txt"
169 echo "enable_uart=0" >> "${BOOT_DIR}/config.txt"
170 # disable serial console systemd style
171 #chroot_exec systemctl disable serial-getty@serial0.service
172 fi
173
174 # Remove cmdline.txt entry of starting zswap
175 if [ "$KERNEL_ZSWAP" = true ] ; then
176 CMDLINE="${CMDLINE} zswap.enabled=1 zswap.max_pool_percent=25 zswap.compressor=lz4"
177 fi
170 fi
178
171
179 if [ "$ENABLE_SYSTEMDSWAP" = true ] ; then
172 if [ "$ENABLE_SYSTEMDSWAP" = true ] ; then
@@ -211,6 +204,11 if [ "$ENABLE_SYSTEMDSWAP" = true ] ; then
211
204
212 # Change back into script root dir
205 # Change back into script root dir
213 cd "${WORKDIR}" || exit
206 cd "${WORKDIR}" || exit
207 else
208 # Enable ZSWAP in cmdline if systemd-swap is not used
209 if [ "$KERNEL_ZSWAP" = true ] ; then
210 CMDLINE="${CMDLINE} zswap.enabled=1 zswap.max_pool_percent=25 zswap.compressor=lz4"
211 fi
214 fi
212 fi
215
213
216 # Install firmware boot cmdline
214 # Install firmware boot cmdline
Show file before | Show file after | Hide comments
@@ -57,6 +57,20 else # ENABLE_DHCP=false
57 -e "0,/NTP=\$/ s|NTP=\$|NTP=${NET_NTP_1}|"\
57 -e "0,/NTP=\$/ s|NTP=\$|NTP=${NET_NTP_1}|"\
58 -e "0,/NTP=\$/ s|NTP=\$|NTP=${NET_NTP_2}|"\
58 -e "0,/NTP=\$/ s|NTP=\$|NTP=${NET_NTP_2}|"\
59 "${ETC_DIR}/systemd/network/eth.network"
59 "${ETC_DIR}/systemd/network/eth.network"
60
61 if [ "$CRYPTFS_DROPBEAR" = true ] ; then
62 # Get cdir from NET_ADDRESS e.g. 24
63 cdir=$(${NET_ADDRESS} | cut -d '/' -f2)
64
65 # Convert cdir ro netmask e.g. 24 to 255.255.255.0
66 NET_MASK=$(cdr2mask "$cdir")
67
68 # Write static ip settings to "${ETC_DIR}"/initramfs-tools/initramfs.conf
69 sed -i "\$aIP=${NET_ADDRESS}::${NET_GATEWAY}:${NET_MASK}:${HOSTNAME}:" "${ETC_DIR}"/initramfs-tools/initramfs.conf
70
71 # Regenerate initramfs
72 chroot_exec mkinitramfs -o "/boot/firmware/initramfs-${KERNEL_VERSION}" "${KERNEL_VERSION}"
73 fi
60 fi
74 fi
61
75
62 # Remove empty settings from network configuration
76 # Remove empty settings from network configuration
Show file before | Show file after | Hide comments
@@ -87,8 +87,7 chroot_remove_cc() {
87 COMPILER_PACKAGES=""
87 COMPILER_PACKAGES=""
88 fi
88 fi
89 }
89 }
90 #GPL v2.0
90 # GPL v2.0 - #https://github.com/sakaki-/bcmrpi3-kernel-bis/blob/master/conform_config.sh
91 #https://github.com/sakaki-/bcmrpi3-kernel-bis/blob/master/conform_config.sh
92 set_kernel_config() {
91 set_kernel_config() {
93 # flag as $1, value to set as $2, config must exist at "./.config"
92 # flag as $1, value to set as $2, config must exist at "./.config"
94 TGT="CONFIG_${1#CONFIG_}"
93 TGT="CONFIG_${1#CONFIG_}"
@@ -99,10 +98,18 set_kernel_config() {
99 echo "${TGT}"="${2}" >> .config
98 echo "${TGT}"="${2}" >> .config
100 fi
99 fi
101 }
100 }
102
101 # unset kernel config parameter
103 unset_kernel_config() {
102 unset_kernel_config() {
104 # unsets flag with the value of $1, config must exist at "./.config"
103 # unsets flag with the value of $1, config must exist at "./.config"
105 TGT="CONFIG_${1#CONFIG_}"
104 TGT="CONFIG_${1#CONFIG_}"
106 sed -i "s/^${TGT}=.*/# ${TGT} is not set/" .config
105 sed -i "s/^${TGT}=.*/# ${TGT} is not set/" .config
107 }
106 }
108 # No newline at end of file
107
108 # https://serverfault.com/a/682849 - converts e.g. /24 to 255.255.255.0
109 cdr2mask ()
110 {
111 # Number of args to shift, 255..255, first non-255 byte, zeroes
112 set -- $(( 5 - ($1 / 8) )) 255 255 255 255 $(( (255 << (8 - ($1 % 8))) & 255 )) 0 0 0
113 [ $1 -gt 1 ] && shift $1 || shift
114 echo ${1-0}.${2-0}.${3-0}.${4-0}
115 } No newline at end of file
Show file before | Show file after | Hide comments
@@ -183,7 +183,7 KERNEL_CCACHE=${KERNEL_CCACHE:=false}
183 KERNEL_ZSWAP=${KERNEL_ZSWAP:=false}
183 KERNEL_ZSWAP=${KERNEL_ZSWAP:=false}
184 KERNEL_VIRT=${KERNEL_VIRT:=false}
184 KERNEL_VIRT=${KERNEL_VIRT:=false}
185 KERNEL_BPF=${KERNEL_BPF:=false}
185 KERNEL_BPF=${KERNEL_BPF:=false}
186 KERNEL_DEFAULT_GOV=${KERNEL_DEFAULT_GOV:=POWERSAVE}
186 KERNEL_DEFAULT_GOV=${KERNEL_DEFAULT_GOV:=powersave}
187
187
188 # Kernel compilation from source directory settings
188 # Kernel compilation from source directory settings
189 KERNELSRC_DIR=${KERNELSRC_DIR:=""}
189 KERNELSRC_DIR=${KERNELSRC_DIR:=""}
@@ -229,13 +229,13 MISSING_PACKAGES=""
229 # Packages installed for c/c++ build environment in chroot (keep empty)
229 # Packages installed for c/c++ build environment in chroot (keep empty)
230 COMPILER_PACKAGES=""
230 COMPILER_PACKAGES=""
231
231
232 #Check if apt-cacher-ng has port 3142 open and set APT_PROXY
232 # Check if apt-cacher-ng has port 3142 open and set APT_PROXY
233 APT_CACHER_RUNNING=$(lsof -i :3142 | cut -d ' ' -f3 | uniq | sed '/^\s*$/d')
233 APT_CACHER_RUNNING=$(lsof -i :3142 | cut -d ' ' -f3 | uniq | sed '/^\s*$/d')
234 if [ "${APT_CACHER_RUNNING}" = "apt-cacher-ng" ] ; then
234 if [ "${APT_CACHER_RUNNING}" = "apt-cacher-ng" ] ; then
235 APT_PROXY=http://127.0.0.1:3142/
235 APT_PROXY=http://127.0.0.1:3142/
236 fi
236 fi
237
237
238 #netselect-apt does not know buster yet
238 # netselect-apt does not know buster yet
239 if [ "$RELEASE" = "buster" ] ; then
239 if [ "$RELEASE" = "buster" ] ; then
240 RLS=testing
240 RLS=testing
241 else
241 else
@@ -252,10 +252,10 else
252 netselect-apt --arch "$RELEASE_ARCH" -t 3 --sources --outfile "$(pwd)/files/apt/sources.list" -d "$RLS"
252 netselect-apt --arch "$RELEASE_ARCH" -t 3 --sources --outfile "$(pwd)/files/apt/sources.list" -d "$RLS"
253 fi
253 fi
254
254
255 #sed and cut the result string so we can use it as APT_SERVER
255 # sed and cut the result string so we can use it as APT_SERVER
256 APT_SERVER=$(grep -m 1 http files/apt/sources.list | sed "s|http://| |g" | cut -d ' ' -f 3 | sed 's|/$|''|')
256 APT_SERVER=$(grep -m 1 http files/apt/sources.list | sed "s|http://| |g" | cut -d ' ' -f 3 | sed 's|/$|''|')
257
257
258 #make script easier and more stable to use with convenient setup switch. Just setup SET_ARCH and RPI_MODEL and your good to go!
258 # make script easier and more stable to use with convenient setup switch. Just setup SET_ARCH and RPI_MODEL and your good to go!
259 if [ -n "$SET_ARCH" ] ; then
259 if [ -n "$SET_ARCH" ] ; then
260 # 64-bit configuration
260 # 64-bit configuration
261 if [ "$SET_ARCH" = 64 ] ; then
261 if [ "$SET_ARCH" = 64 ] ; then
@@ -302,7 +302,7 if [ -n "$SET_ARCH" ] ; then
302 CROSS_COMPILE=${CROSS_COMPILE:=arm-linux-gnueabihf-}
302 CROSS_COMPILE=${CROSS_COMPILE:=arm-linux-gnueabihf-}
303 fi
303 fi
304 fi
304 fi
305 #SET_ARCH not set
305 # SET_ARCH not set
306 else
306 else
307 echo "error: Please set '32' or '64' as value for SET_ARCH"
307 echo "error: Please set '32' or '64' as value for SET_ARCH"
308 exit 1
308 exit 1
@@ -345,6 +345,9 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then
345 if [ "$ENABLE_BLUETOOTH" = true ] ; then
345 if [ "$ENABLE_BLUETOOTH" = true ] ; then
346 APT_INCLUDES="${APT_INCLUDES},bluetooth,bluez"
346 APT_INCLUDES="${APT_INCLUDES},bluetooth,bluez"
347 fi
347 fi
348 if [ "$ENABLE_WIRELESS" = true ] ; then
349 APT_INCLUDES="${APT_INCLUDES},wireless-tools,crda,wireless-regdb"
350 fi
348 else # Raspberry PI 1,1P,2 without Wifi and bluetooth onboard
351 else # Raspberry PI 1,1P,2 without Wifi and bluetooth onboard
349 # Check if the internal wireless interface is not supported by the RPi model
352 # Check if the internal wireless interface is not supported by the RPi model
350 if [ "$ENABLE_WIRELESS" = true ] || [ "$ENABLE_BLUETOOTH" = true ]; then
353 if [ "$ENABLE_WIRELESS" = true ] || [ "$ENABLE_BLUETOOTH" = true ]; then
@@ -401,7 +404,7 if [ "$ENABLE_CRYPTFS" = true ] && [ "$BUILD_KERNEL" = true ] ; then
401 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} cryptsetup"
404 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} cryptsetup"
402 APT_INCLUDES="${APT_INCLUDES},cryptsetup,busybox,console-setup"
405 APT_INCLUDES="${APT_INCLUDES},cryptsetup,busybox,console-setup"
403
406
404 #If cryptfs,dropbear and initramfs are enabled include dropbear-initramfs package
407 # If cryptfs,dropbear and initramfs are enabled include dropbear-initramfs package
405 if [ "$CRYPTFS_DROPBEAR" = true ] && [ "$ENABLE_INITRAMFS" = true ]; then
408 if [ "$CRYPTFS_DROPBEAR" = true ] && [ "$ENABLE_INITRAMFS" = true ]; then
406 APT_INCLUDES="${APT_INCLUDES},dropbear-initramfs"
409 APT_INCLUDES="${APT_INCLUDES},dropbear-initramfs"
407 fi
410 fi
General Comments 0
Vous devez vous connecter pour laisser un commentaire. Se connecter maintenant