| @@ -7,12 +7,13 | |||
|
|
7 | 7 | |
|
|
8 | 8 | # Need to use kali kernel src if nexmon is enabled |
|
|
9 | 9 | if [ "$ENABLE_NEXMON" = true ] ; then |
|
|
10 | echo "WARNING: if ENABLE_NEXMON is used remember to put the CORRECT KERNELSRC IN KERNELSRC_DIR!!!!!1!" | |
|
|
10 | 11 | KERNEL_URL="${KALI_KERNEL_URL}" |
|
|
12 | KERNEL_BRANCH="" | |
|
|
11 | 13 | fi |
|
|
12 | 14 | |
|
|
13 | 15 | # Fetch and build latest raspberry kernel |
|
|
14 | 16 | if [ "$BUILD_KERNEL" = true ] ; then |
|
|
15 | echo "WARNING: if ENABLE_NEXMON is used remember to put the CORRECT KERNELSRC IN KERNELSRC_DIR!!!!!1!" | |
|
|
16 | 17 | # Setup source directory |
|
|
17 | 18 | mkdir -p "${KERNEL_DIR}" |
|
|
18 | 19 | |
| @@ -230,24 +231,22 if [ "$BUILD_KERNEL" = true ] ; then | |||
|
|
230 | 231 | fi |
|
|
231 | 232 | |
|
|
232 | 233 | # KERNEL_DEFAULT_GOV was set by user |
|
|
233 |
if |
|
|
|
234 | # unset default governor | |
|
|
235 | unset_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_POWERSAVE | |
|
|
234 | if [ "$KERNEL_DEFAULT_GOV" != powersave ] && [ -n "$KERNEL_DEFAULT_GOV" ]; then | |
|
|
236 | 235 | |
|
|
237 | 236 | case "$KERNEL_DEFAULT_GOV" in |
|
|
238 |
|
|
|
|
237 | performance) | |
|
|
239 | 238 | set_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_PERFORMANCE y |
|
|
240 | 239 | ;; |
|
|
241 |
|
|
|
|
240 | userspace) | |
|
|
242 | 241 | set_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_USERSPACE y |
|
|
243 | 242 | ;; |
|
|
244 |
|
|
|
|
243 | ondemand) | |
|
|
245 | 244 | set_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_ONDEMAND y |
|
|
246 | 245 | ;; |
|
|
247 |
|
|
|
|
246 | conservative) | |
|
|
248 | 247 | set_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_CONSERVATIVE y |
|
|
249 | 248 | ;; |
|
|
250 |
|
|
|
|
249 | shedutil) | |
|
|
251 | 250 | set_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_SCHEDUTIL y |
|
|
252 | 251 | ;; |
|
|
253 | 252 | *) |
| @@ -255,6 +254,9 if [ "$BUILD_KERNEL" = true ] ; then | |||
|
|
255 | 254 | exit 1 |
|
|
256 | 255 | ;; |
|
|
257 | 256 | esac |
|
|
257 | ||
|
|
258 | # unset previous default governor | |
|
|
259 | unset_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_POWERSAVE | |
|
|
258 | 260 | fi |
|
|
259 | 261 | |
|
|
260 | 262 | |
| @@ -42,7 +42,7 if [ "$ENABLE_INITRAMFS" = true ] ; then | |||
|
|
42 | 42 | install_exec files/initramfs/expand-premount "${ETC_DIR}/initramfs-tools/scripts/local-premount/expand-premount" |
|
|
43 | 43 | install_exec files/initramfs/expand-tools "${ETC_DIR}/initramfs-tools/hooks/expand-tools" |
|
|
44 | 44 | fi |
|
|
45 | ||
|
|
45 | ||
|
|
46 | 46 | if [ "$CRYPTFS_DROPBEAR" = true ]; then |
|
|
47 | 47 | if [ -n "$CRYPTFS_DROPBEAR_PUBKEY" ] && [ -f "$CRYPTFS_DROPBEAR_PUBKEY" ] ; then |
|
|
48 | 48 | install_readonly "${CRYPTFS_DROPBEAR_PUBKEY}" "${ETC_DIR}"/dropbear-initramfs/id_rsa.pub |
| @@ -50,29 +50,29 if [ "$ENABLE_INITRAMFS" = true ] ; then | |||
|
|
50 | 50 | else |
|
|
51 | 51 | # Create key |
|
|
52 | 52 | chroot_exec /usr/bin/dropbearkey -t rsa -f /etc/dropbear-initramfs/id_rsa.dropbear |
|
|
53 | ||
|
|
53 | ||
|
|
54 | 54 | # Convert dropbear key to openssh key |
|
|
55 | 55 | chroot_exec /usr/lib/dropbear/dropbearconvert dropbear openssh /etc/dropbear-initramfs/id_rsa.dropbear /etc/dropbear-initramfs/id_rsa |
|
|
56 | ||
|
|
56 | ||
|
|
57 | 57 | # Get Public Key Part |
|
|
58 | 58 | chroot_exec /usr/bin/dropbearkey -y -f /etc/dropbear-initramfs/id_rsa.dropbear | chroot_exec tee /etc/dropbear-initramfs/id_rsa.pub |
|
|
59 | ||
|
|
59 | ||
|
|
60 | 60 | # Delete unwanted lines |
|
|
61 | 61 | sed -i '/Public/d' "${ETC_DIR}"/dropbear-initramfs/id_rsa.pub |
|
|
62 | 62 | sed -i '/Fingerprint/d' "${ETC_DIR}"/dropbear-initramfs/id_rsa.pub |
|
|
63 | ||
|
|
63 | ||
|
|
64 | 64 | # Trust the new key |
|
|
65 | 65 | cat "${ETC_DIR}"/dropbear-initramfs/id_rsa.pub > "${ETC_DIR}"/dropbear-initramfs/authorized_keys |
|
|
66 | 66 | |
|
|
67 | 67 | # Save Keys - convert with putty from rsa/openssh to puttkey |
|
|
68 | 68 | cp -f "${ETC_DIR}"/dropbear-initramfs/id_rsa "${BASEDIR}"/dropbear_initramfs_key.rsa |
|
|
69 | ||
|
|
69 | ||
|
|
70 | 70 | # Get unlock script |
|
|
71 | 71 | install_exec files/initramfs/crypt_unlock.sh "${ETC_DIR}"/initramfs-tools/hooks/crypt_unlock.sh |
|
|
72 | ||
|
|
72 | ||
|
|
73 | 73 | # Enable Dropbear inside initramfs |
|
|
74 | 74 | printf "#\n# DROPBEAR: [ y | n ]\n#\n\nDROPBEAR=y\n" >> "${ETC_DIR}/initramfs-tools/initramfs.conf" |
|
|
75 | ||
|
|
75 | ||
|
|
76 | 76 | # Enable Dropbear inside initramfs |
|
|
77 | 77 | sed -i "54 i sleep 5" "${R}"/usr/share/initramfs-tools/scripts/init-premount/dropbear |
|
|
78 | 78 | fi |
| @@ -64,6 +64,7 if [ "$ENABLE_CRYPTFS" = true ] ; then | |||
|
|
64 | 64 | fi |
|
|
65 | 65 | fi |
|
|
66 | 66 | |
|
|
67 | # Enable Kernel messages on standard output | |
|
|
67 | 68 | if [ "$ENABLE_PRINTK" = true ] ; then |
|
|
68 | 69 | install_readonly files/sysctl.d/83-rpi-printk.conf "${ETC_DIR}/sysctl.d/83-rpi-printk.conf" |
|
|
69 | 70 | fi |
| @@ -86,7 +87,7 fi | |||
|
|
86 | 87 | # Install firmware config |
|
|
87 | 88 | install_readonly files/boot/config.txt "${BOOT_DIR}/config.txt" |
|
|
88 | 89 | |
|
|
89 | #locks cpu at max frequency | |
|
|
90 | # Locks CPU frequency at maximum | |
|
|
90 | 91 | if [ "$ENABLE_TURBO" = true ] ; then |
|
|
91 | 92 | echo "force_turbo=1" >> "${BOOT_DIR}/config.txt" |
|
|
92 | 93 | # helps to avoid sdcard corruption when force_turbo is enabled. |
| @@ -149,7 +150,6 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then | |||
|
|
149 | 150 | |
|
|
150 | 151 | # Activate services |
|
|
151 | 152 | chroot_exec systemctl enable pi-bluetooth.hciuart.service |
|
|
152 | chroot_exec systemctl enable pi-bluetooth.bthelper@serial1.service | |
|
|
153 | 153 | |
|
|
154 | 154 | else # if ENABLE_BLUETOOTH = false |
|
|
155 | 155 | # set overlay to disable bluetooth |
| @@ -167,13 +167,6 if [ "$ENABLE_CONSOLE" = true ] ; then | |||
|
|
167 | 167 | chroot_exec systemctl enable serial-getty@serial0.service |
|
|
168 | 168 | else |
|
|
169 | 169 | echo "enable_uart=0" >> "${BOOT_DIR}/config.txt" |
|
|
170 | # disable serial console systemd style | |
|
|
171 | #chroot_exec systemctl disable serial-getty@serial0.service | |
|
|
172 | fi | |
|
|
173 | ||
|
|
174 | # Remove cmdline.txt entry of starting zswap | |
|
|
175 | if [ "$KERNEL_ZSWAP" = true ] ; then | |
|
|
176 | CMDLINE="${CMDLINE} zswap.enabled=1 zswap.max_pool_percent=25 zswap.compressor=lz4" | |
|
|
177 | 170 | fi |
|
|
178 | 171 | |
|
|
179 | 172 | if [ "$ENABLE_SYSTEMDSWAP" = true ] ; then |
| @@ -211,6 +204,11 if [ "$ENABLE_SYSTEMDSWAP" = true ] ; then | |||
|
|
211 | 204 | |
|
|
212 | 205 | # Change back into script root dir |
|
|
213 | 206 | cd "${WORKDIR}" || exit |
|
|
207 | else | |
|
|
208 | # Enable ZSWAP in cmdline if systemd-swap is not used | |
|
|
209 | if [ "$KERNEL_ZSWAP" = true ] ; then | |
|
|
210 | CMDLINE="${CMDLINE} zswap.enabled=1 zswap.max_pool_percent=25 zswap.compressor=lz4" | |
|
|
211 | fi | |
|
|
214 | 212 | fi |
|
|
215 | 213 | |
|
|
216 | 214 | # Install firmware boot cmdline |
| @@ -57,6 +57,20 else # ENABLE_DHCP=false | |||
|
|
57 | 57 | -e "0,/NTP=\$/ s|NTP=\$|NTP=${NET_NTP_1}|"\ |
|
|
58 | 58 | -e "0,/NTP=\$/ s|NTP=\$|NTP=${NET_NTP_2}|"\ |
|
|
59 | 59 | "${ETC_DIR}/systemd/network/eth.network" |
|
|
60 | ||
|
|
61 | if [ "$CRYPTFS_DROPBEAR" = true ] ; then | |
|
|
62 | # Get cdir from NET_ADDRESS e.g. 24 | |
|
|
63 | cdir=$(${NET_ADDRESS} | cut -d '/' -f2) | |
|
|
64 | ||
|
|
65 | # Convert cdir ro netmask e.g. 24 to 255.255.255.0 | |
|
|
66 | NET_MASK=$(cdr2mask "$cdir") | |
|
|
67 | ||
|
|
68 | # Write static ip settings to "${ETC_DIR}"/initramfs-tools/initramfs.conf | |
|
|
69 | sed -i "\$aIP=${NET_ADDRESS}::${NET_GATEWAY}:${NET_MASK}:${HOSTNAME}:" "${ETC_DIR}"/initramfs-tools/initramfs.conf | |
|
|
70 | ||
|
|
71 | # Regenerate initramfs | |
|
|
72 | chroot_exec mkinitramfs -o "/boot/firmware/initramfs-${KERNEL_VERSION}" "${KERNEL_VERSION}" | |
|
|
73 | fi | |
|
|
60 | 74 | fi |
|
|
61 | 75 | |
|
|
62 | 76 | # Remove empty settings from network configuration |
| @@ -87,8 +87,7 chroot_remove_cc() { | |||
|
|
87 | 87 | COMPILER_PACKAGES="" |
|
|
88 | 88 | fi |
|
|
89 | 89 | } |
|
|
90 | #GPL v2.0 | |
|
|
91 | #https://github.com/sakaki-/bcmrpi3-kernel-bis/blob/master/conform_config.sh | |
|
|
90 | # GPL v2.0 - #https://github.com/sakaki-/bcmrpi3-kernel-bis/blob/master/conform_config.sh | |
|
|
92 | 91 | set_kernel_config() { |
|
|
93 | 92 | # flag as $1, value to set as $2, config must exist at "./.config" |
|
|
94 | 93 | TGT="CONFIG_${1#CONFIG_}" |
| @@ -99,10 +98,18 set_kernel_config() { | |||
|
|
99 | 98 | echo "${TGT}"="${2}" >> .config |
|
|
100 | 99 | fi |
|
|
101 | 100 | } |
|
|
102 | ||
|
|
101 | # unset kernel config parameter | |
|
|
103 | 102 | unset_kernel_config() { |
|
|
104 | 103 | # unsets flag with the value of $1, config must exist at "./.config" |
|
|
105 | 104 | TGT="CONFIG_${1#CONFIG_}" |
|
|
106 | 105 | sed -i "s/^${TGT}=.*/# ${TGT} is not set/" .config |
|
|
107 | 106 | } |
|
|
108 | # No newline at end of file | |
|
|
107 | ||
|
|
108 | # https://serverfault.com/a/682849 - converts e.g. /24 to 255.255.255.0 | |
|
|
109 | cdr2mask () | |
|
|
110 | { | |
|
|
111 | # Number of args to shift, 255..255, first non-255 byte, zeroes | |
|
|
112 | set -- $(( 5 - ($1 / 8) )) 255 255 255 255 $(( (255 << (8 - ($1 % 8))) & 255 )) 0 0 0 | |
|
|
113 | [ $1 -gt 1 ] && shift $1 || shift | |
|
|
114 | echo ${1-0}.${2-0}.${3-0}.${4-0} | |
|
|
115 | } No newline at end of file | |
| @@ -183,7 +183,7 KERNEL_CCACHE=${KERNEL_CCACHE:=false} | |||
|
|
183 | 183 | KERNEL_ZSWAP=${KERNEL_ZSWAP:=false} |
|
|
184 | 184 | KERNEL_VIRT=${KERNEL_VIRT:=false} |
|
|
185 | 185 | KERNEL_BPF=${KERNEL_BPF:=false} |
|
|
186 |
KERNEL_DEFAULT_GOV=${KERNEL_DEFAULT_GOV:= |
|
|
|
186 | KERNEL_DEFAULT_GOV=${KERNEL_DEFAULT_GOV:=powersave} | |
|
|
187 | 187 | |
|
|
188 | 188 | # Kernel compilation from source directory settings |
|
|
189 | 189 | KERNELSRC_DIR=${KERNELSRC_DIR:=""} |
| @@ -229,13 +229,13 MISSING_PACKAGES="" | |||
|
|
229 | 229 | # Packages installed for c/c++ build environment in chroot (keep empty) |
|
|
230 | 230 | COMPILER_PACKAGES="" |
|
|
231 | 231 | |
|
|
232 | #Check if apt-cacher-ng has port 3142 open and set APT_PROXY | |
|
|
232 | # Check if apt-cacher-ng has port 3142 open and set APT_PROXY | |
|
|
233 | 233 | APT_CACHER_RUNNING=$(lsof -i :3142 | cut -d ' ' -f3 | uniq | sed '/^\s*$/d') |
|
|
234 | 234 | if [ "${APT_CACHER_RUNNING}" = "apt-cacher-ng" ] ; then |
|
|
235 | 235 | APT_PROXY=http://127.0.0.1:3142/ |
|
|
236 | 236 | fi |
|
|
237 | 237 | |
|
|
238 | #netselect-apt does not know buster yet | |
|
|
238 | # netselect-apt does not know buster yet | |
|
|
239 | 239 | if [ "$RELEASE" = "buster" ] ; then |
|
|
240 | 240 | RLS=testing |
|
|
241 | 241 | else |
| @@ -252,10 +252,10 else | |||
|
|
252 | 252 | netselect-apt --arch "$RELEASE_ARCH" -t 3 --sources --outfile "$(pwd)/files/apt/sources.list" -d "$RLS" |
|
|
253 | 253 | fi |
|
|
254 | 254 | |
|
|
255 | #sed and cut the result string so we can use it as APT_SERVER | |
|
|
255 | # sed and cut the result string so we can use it as APT_SERVER | |
|
|
256 | 256 | APT_SERVER=$(grep -m 1 http files/apt/sources.list | sed "s|http://| |g" | cut -d ' ' -f 3 | sed 's|/$|''|') |
|
|
257 | 257 | |
|
|
258 | #make script easier and more stable to use with convenient setup switch. Just setup SET_ARCH and RPI_MODEL and your good to go! | |
|
|
258 | # make script easier and more stable to use with convenient setup switch. Just setup SET_ARCH and RPI_MODEL and your good to go! | |
|
|
259 | 259 | if [ -n "$SET_ARCH" ] ; then |
|
|
260 | 260 | # 64-bit configuration |
|
|
261 | 261 | if [ "$SET_ARCH" = 64 ] ; then |
| @@ -302,7 +302,7 if [ -n "$SET_ARCH" ] ; then | |||
|
|
302 | 302 | CROSS_COMPILE=${CROSS_COMPILE:=arm-linux-gnueabihf-} |
|
|
303 | 303 | fi |
|
|
304 | 304 | fi |
|
|
305 | #SET_ARCH not set | |
|
|
305 | # SET_ARCH not set | |
|
|
306 | 306 | else |
|
|
307 | 307 | echo "error: Please set '32' or '64' as value for SET_ARCH" |
|
|
308 | 308 | exit 1 |
| @@ -345,6 +345,9 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then | |||
|
|
345 | 345 | if [ "$ENABLE_BLUETOOTH" = true ] ; then |
|
|
346 | 346 | APT_INCLUDES="${APT_INCLUDES},bluetooth,bluez" |
|
|
347 | 347 | fi |
|
|
348 | if [ "$ENABLE_WIRELESS" = true ] ; then | |
|
|
349 | APT_INCLUDES="${APT_INCLUDES},wireless-tools,crda,wireless-regdb" | |
|
|
350 | fi | |
|
|
348 | 351 | else # Raspberry PI 1,1P,2 without Wifi and bluetooth onboard |
|
|
349 | 352 | # Check if the internal wireless interface is not supported by the RPi model |
|
|
350 | 353 | if [ "$ENABLE_WIRELESS" = true ] || [ "$ENABLE_BLUETOOTH" = true ]; then |
| @@ -401,7 +404,7 if [ "$ENABLE_CRYPTFS" = true ] && [ "$BUILD_KERNEL" = true ] ; then | |||
|
|
401 | 404 | REQUIRED_PACKAGES="${REQUIRED_PACKAGES} cryptsetup" |
|
|
402 | 405 | APT_INCLUDES="${APT_INCLUDES},cryptsetup,busybox,console-setup" |
|
|
403 | 406 | |
|
|
404 | #If cryptfs,dropbear and initramfs are enabled include dropbear-initramfs package | |
|
|
407 | # If cryptfs,dropbear and initramfs are enabled include dropbear-initramfs package | |
|
|
405 | 408 | if [ "$CRYPTFS_DROPBEAR" = true ] && [ "$ENABLE_INITRAMFS" = true ]; then |
|
|
406 | 409 | APT_INCLUDES="${APT_INCLUDES},dropbear-initramfs" |
|
|
407 | 410 | fi |
General Comments 0
Vous devez vous connecter pour laisser un commentaire.
Se connecter maintenant
