##// END OF EJS Templates
let it break again?
Unknown -
r494:29368aadd81d
parent child
Show More
@@ -1,499 +1,501
1 1 #
2 2 # Build and Setup RPi2/3 Kernel
3 3 #
4 4
5 5 # Load utility functions
6 6 . ./functions.sh
7 7
8 8 # Need to use kali kernel src if nexmon is enabled
9 9 if [ "$ENABLE_NEXMON" = true ] ; then
10 echo "WARNING: if ENABLE_NEXMON is used remember to put the CORRECT KERNELSRC IN KERNELSRC_DIR!!!!!1!"
10 11 KERNEL_URL="${KALI_KERNEL_URL}"
12 KERNEL_BRANCH=""
11 13 fi
12 14
13 15 # Fetch and build latest raspberry kernel
14 16 if [ "$BUILD_KERNEL" = true ] ; then
15 echo "WARNING: if ENABLE_NEXMON is used remember to put the CORRECT KERNELSRC IN KERNELSRC_DIR!!!!!1!"
16 17 # Setup source directory
17 18 mkdir -p "${KERNEL_DIR}"
18 19
19 20 # Copy existing kernel sources into chroot directory
20 21 if [ -n "$KERNELSRC_DIR" ] && [ -d "$KERNELSRC_DIR" ] ; then
21 22 # Copy kernel sources and include hidden files
22 23 cp -r "${KERNELSRC_DIR}/". "${KERNEL_DIR}"
23 24
24 25 # Clean the kernel sources
25 26 if [ "$KERNELSRC_CLEAN" = true ] && [ "$KERNELSRC_PREBUILT" = false ] ; then
26 27 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" mrproper
27 28 fi
28 29 else # KERNELSRC_DIR=""
29 30 # Create temporary directory for kernel sources
30 31 temp_dir=$(as_nobody mktemp -d)
31 32
32 33 # Fetch current RPi2/3 kernel sources
33 34 if [ -z "${KERNEL_BRANCH}" ] ; then
34 35 as_nobody -H git -C "${temp_dir}" clone --depth=1 "${KERNEL_URL}" linux
35 36 else
36 37 as_nobody -H git -C "${temp_dir}" clone --depth=1 --branch "${KERNEL_BRANCH}" "${KERNEL_URL}" linux
37 38 fi
38 39
39 40 # Copy downloaded kernel sources
40 41 cp -r "${temp_dir}/linux/"* "${KERNEL_DIR}"
41 42
42 43 # Remove temporary directory for kernel sources
43 44 rm -fr "${temp_dir}"
44 45
45 46 # Set permissions of the kernel sources
46 47 chown -R root:root "${R}/usr/src"
47 48 fi
48 49
49 50 # Calculate optimal number of kernel building threads
50 51 if [ "$KERNEL_THREADS" = "1" ] && [ -r /proc/cpuinfo ] ; then
51 52 KERNEL_THREADS=$(grep -c processor /proc/cpuinfo)
52 53 fi
53 54
54 55 # Configure and build kernel
55 56 if [ "$KERNELSRC_PREBUILT" = false ] ; then
56 57 # Remove device, network and filesystem drivers from kernel configuration
57 58 if [ "$KERNEL_REDUCE" = true ] ; then
58 59 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" "${KERNEL_DEFCONFIG}"
59 60 sed -i\
60 61 -e "s/\(^CONFIG_SND.*\=\).*/\1n/"\
61 62 -e "s/\(^CONFIG_SOUND.*\=\).*/\1n/"\
62 63 -e "s/\(^CONFIG_AC97.*\=\).*/\1n/"\
63 64 -e "s/\(^CONFIG_VIDEO_.*\=\).*/\1n/"\
64 65 -e "s/\(^CONFIG_MEDIA_TUNER.*\=\).*/\1n/"\
65 66 -e "s/\(^CONFIG_DVB.*\=\)[ym]/\1n/"\
66 67 -e "s/\(^CONFIG_REISERFS.*\=\).*/\1n/"\
67 68 -e "s/\(^CONFIG_JFS.*\=\).*/\1n/"\
68 69 -e "s/\(^CONFIG_XFS.*\=\).*/\1n/"\
69 70 -e "s/\(^CONFIG_GFS2.*\=\).*/\1n/"\
70 71 -e "s/\(^CONFIG_OCFS2.*\=\).*/\1n/"\
71 72 -e "s/\(^CONFIG_BTRFS.*\=\).*/\1n/"\
72 73 -e "s/\(^CONFIG_HFS.*\=\).*/\1n/"\
73 74 -e "s/\(^CONFIG_JFFS2.*\=\)[ym]/\1n/"\
74 75 -e "s/\(^CONFIG_UBIFS.*\=\).*/\1n/"\
75 76 -e "s/\(^CONFIG_SQUASHFS.*\=\)[ym]/\1n/"\
76 77 -e "s/\(^CONFIG_W1.*\=\)[ym]/\1n/"\
77 78 -e "s/\(^CONFIG_HAMRADIO.*\=\).*/\1n/"\
78 79 -e "s/\(^CONFIG_CAN.*\=\).*/\1n/"\
79 80 -e "s/\(^CONFIG_IRDA.*\=\).*/\1n/"\
80 81 -e "s/\(^CONFIG_BT_.*\=\).*/\1n/"\
81 82 -e "s/\(^CONFIG_WIMAX.*\=\)[ym]/\1n/"\
82 83 -e "s/\(^CONFIG_6LOWPAN.*\=\).*/\1n/"\
83 84 -e "s/\(^CONFIG_IEEE802154.*\=\).*/\1n/"\
84 85 -e "s/\(^CONFIG_NFC.*\=\).*/\1n/"\
85 86 -e "s/\(^CONFIG_FB_TFT=.*\=\).*/\1n/"\
86 87 -e "s/\(^CONFIG_TOUCHSCREEN.*\=\).*/\1n/"\
87 88 -e "s/\(^CONFIG_USB_GSPCA_.*\=\).*/\1n/"\
88 89 -e "s/\(^CONFIG_DRM.*\=\).*/\1n/"\
89 90 "${KERNEL_DIR}/.config"
90 91 fi
91 92
92 93 if [ "$KERNELSRC_CONFIG" = true ] ; then
93 94 # Load default raspberry kernel configuration
94 95 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" "${KERNEL_DEFCONFIG}"
95 96
96 97 #Switch to KERNELSRC_DIR so we can use set_kernel_config
97 98 cd "${KERNEL_DIR}" || exit
98 99
99 100 # enable ZSWAP see https://askubuntu.com/a/472227 or https://wiki.archlinux.org/index.php/zswap
100 101 if [ "$KERNEL_ZSWAP" = true ] ; then
101 102 set_kernel_config CONFIG_ZPOOL y
102 103 set_kernel_config CONFIG_ZSWAP y
103 104 set_kernel_config CONFIG_ZBUD y
104 105 set_kernel_config CONFIG_Z3FOLD y
105 106 set_kernel_config CONFIG_ZSMALLOC y
106 107 set_kernel_config CONFIG_PGTABLE_MAPPING y
107 108 fi
108 109
109 110 # enable basic KVM support; see https://www.raspberrypi.org/forums/viewtopic.php?f=63&t=210546&start=25#p1300453
110 111 if [ "$KERNEL_VIRT" = true ] && { [ "$RPI_MODEL" = 2 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; } ; then
111 112 set_kernel_config CONFIG_VIRTUALIZATION y
112 113 set_kernel_config CONFIG_KVM y
113 114 set_kernel_config CONFIG_VHOST_NET m
114 115 set_kernel_config CONFIG_VHOST_CROSS_ENDIAN_LEGACY y
115 116 fi
116 117
117 118 # Netfilter kernel support See https://github.com/raspberrypi/linux/issues/2177#issuecomment-354647406
118 119 if [ "$KERNEL_NF" = true ] ; then
119 120 set_kernel_config CONFIG_IP_NF_TARGET_SYNPROXY m
120 121 set_kernel_config CONFIG_NETFILTER_XT_MATCH_CGROUP m
121 122 set_kernel_config CONFIG_NETFILTER_XT_MATCH_IPCOMP m
122 123 set_kernel_config CONFIG_NETFILTER_XT_MATCH_SOCKET m
123 124 set_kernel_config CONFIG_NFT_FIB_INET m
124 125 set_kernel_config CONFIG_NFT_FIB_IPV4 m
125 126 set_kernel_config CONFIG_NFT_FIB_IPV6 m
126 127 set_kernel_config CONFIG_NFT_FIB_NETDEV m
127 128 set_kernel_config CONFIG_NFT_OBJREF m
128 129 set_kernel_config CONFIG_NFT_RT m
129 130 set_kernel_config CONFIG_NFT_SET_BITMAP m
130 131 set_kernel_config CONFIG_NF_CONNTRACK_TIMEOUT y
131 132 set_kernel_config CONFIG_NF_LOG_ARP m
132 133 set_kernel_config CONFIG_NF_SOCKET_IPV4 m
133 134 set_kernel_config CONFIG_NF_SOCKET_IPV6 m
134 135 set_kernel_config CONFIG_BRIDGE_EBT_BROUTE m
135 136 set_kernel_config CONFIG_BRIDGE_EBT_T_FILTER m
136 137 set_kernel_config CONFIG_BRIDGE_NF_EBTABLES m
137 138 set_kernel_config CONFIG_IP6_NF_IPTABLES m
138 139 set_kernel_config CONFIG_IP6_NF_MATCH_AH m
139 140 set_kernel_config CONFIG_IP6_NF_MATCH_EUI64 m
140 141 set_kernel_config CONFIG_IP6_NF_NAT m
141 142 set_kernel_config CONFIG_IP6_NF_TARGET_MASQUERADE m
142 143 set_kernel_config CONFIG_IP6_NF_TARGET_NPT m
143 144 set_kernel_config CONFIG_IP_SET_BITMAP_IPMAC m
144 145 set_kernel_config CONFIG_IP_SET_BITMAP_PORT m
145 146 set_kernel_config CONFIG_IP_SET_HASH_IP m
146 147 set_kernel_config CONFIG_IP_SET_HASH_IPMARK m
147 148 set_kernel_config CONFIG_IP_SET_HASH_IPPORT m
148 149 set_kernel_config CONFIG_IP_SET_HASH_IPPORTIP m
149 150 set_kernel_config CONFIG_IP_SET_HASH_IPPORTNET m
150 151 set_kernel_config CONFIG_IP_SET_HASH_MAC m
151 152 set_kernel_config CONFIG_IP_SET_HASH_NET m
152 153 set_kernel_config CONFIG_IP_SET_HASH_NETIFACE m
153 154 set_kernel_config CONFIG_IP_SET_HASH_NETNET m
154 155 set_kernel_config CONFIG_IP_SET_HASH_NETPORT m
155 156 set_kernel_config CONFIG_IP_SET_HASH_NETPORTNET m
156 157 set_kernel_config CONFIG_IP_SET_LIST_SET m
157 158 set_kernel_config CONFIG_NETFILTER_XTABLES m
158 159 set_kernel_config CONFIG_NETFILTER_XTABLES m
159 160 set_kernel_config CONFIG_NFT_BRIDGE_META m
160 161 set_kernel_config CONFIG_NFT_BRIDGE_REJECT m
161 162 set_kernel_config CONFIG_NFT_CHAIN_NAT_IPV4 m
162 163 set_kernel_config CONFIG_NFT_CHAIN_NAT_IPV6 m
163 164 set_kernel_config CONFIG_NFT_CHAIN_ROUTE_IPV4 m
164 165 set_kernel_config CONFIG_NFT_CHAIN_ROUTE_IPV6 m
165 166 set_kernel_config CONFIG_NFT_COMPAT m
166 167 set_kernel_config CONFIG_NFT_COUNTER m
167 168 set_kernel_config CONFIG_NFT_CT m
168 169 set_kernel_config CONFIG_NFT_DUP_IPV4 m
169 170 set_kernel_config CONFIG_NFT_DUP_IPV6 m
170 171 set_kernel_config CONFIG_NFT_DUP_NETDEV m
171 172 set_kernel_config CONFIG_NFT_EXTHDR m
172 173 set_kernel_config CONFIG_NFT_FWD_NETDEV m
173 174 set_kernel_config CONFIG_NFT_HASH m
174 175 set_kernel_config CONFIG_NFT_LIMIT m
175 176 set_kernel_config CONFIG_NFT_LOG m
176 177 set_kernel_config CONFIG_NFT_MASQ m
177 178 set_kernel_config CONFIG_NFT_MASQ_IPV4 m
178 179 set_kernel_config CONFIG_NFT_MASQ_IPV6 m
179 180 set_kernel_config CONFIG_NFT_META m
180 181 set_kernel_config CONFIG_NFT_NAT m
181 182 set_kernel_config CONFIG_NFT_NUMGEN m
182 183 set_kernel_config CONFIG_NFT_QUEUE m
183 184 set_kernel_config CONFIG_NFT_QUOTA m
184 185 set_kernel_config CONFIG_NFT_REDIR m
185 186 set_kernel_config CONFIG_NFT_REDIR_IPV4 m
186 187 set_kernel_config CONFIG_NFT_REDIR_IPV6 m
187 188 set_kernel_config CONFIG_NFT_REJECT m
188 189 set_kernel_config CONFIG_NFT_REJECT_INET m
189 190 set_kernel_config CONFIG_NFT_REJECT_IPV4 m
190 191 set_kernel_config CONFIG_NFT_REJECT_IPV6 m
191 192 set_kernel_config CONFIG_NFT_SET_HASH m
192 193 set_kernel_config CONFIG_NFT_SET_RBTREE m
193 194 set_kernel_config CONFIG_NF_CONNTRACK_IPV4 m
194 195 set_kernel_config CONFIG_NF_CONNTRACK_IPV6 m
195 196 set_kernel_config CONFIG_NF_DEFRAG_IPV4 m
196 197 set_kernel_config CONFIG_NF_DEFRAG_IPV6 m
197 198 set_kernel_config CONFIG_NF_DUP_IPV4 m
198 199 set_kernel_config CONFIG_NF_DUP_IPV6 m
199 200 set_kernel_config CONFIG_NF_DUP_NETDEV m
200 201 set_kernel_config CONFIG_NF_LOG_BRIDGE m
201 202 set_kernel_config CONFIG_NF_LOG_IPV4 m
202 203 set_kernel_config CONFIG_NF_LOG_IPV6 m
203 204 set_kernel_config CONFIG_NF_NAT_IPV4 m
204 205 set_kernel_config CONFIG_NF_NAT_IPV6 m
205 206 set_kernel_config CONFIG_NF_NAT_MASQUERADE_IPV4 m
206 207 set_kernel_config CONFIG_NF_NAT_MASQUERADE_IPV6 m
207 208 set_kernel_config CONFIG_NF_NAT_PPTP m
208 209 set_kernel_config CONFIG_NF_NAT_PROTO_GRE m
209 210 set_kernel_config CONFIG_NF_NAT_REDIRECT m
210 211 set_kernel_config CONFIG_NF_NAT_SIP m
211 212 set_kernel_config CONFIG_NF_NAT_SNMP_BASIC m
212 213 set_kernel_config CONFIG_NF_NAT_TFTP m
213 214 set_kernel_config CONFIG_NF_REJECT_IPV4 m
214 215 set_kernel_config CONFIG_NF_REJECT_IPV6 m
215 216 set_kernel_config CONFIG_NF_TABLES m
216 217 set_kernel_config CONFIG_NF_TABLES_ARP m
217 218 set_kernel_config CONFIG_NF_TABLES_BRIDGE m
218 219 set_kernel_config CONFIG_NF_TABLES_INET m
219 220 set_kernel_config CONFIG_NF_TABLES_IPV4 m
220 221 set_kernel_config CONFIG_NF_TABLES_IPV6 m
221 222 set_kernel_config CONFIG_NF_TABLES_NETDEV m
222 223 fi
223 224
224 225 # Enables BPF syscall for systemd-journald see https://github.com/torvalds/linux/blob/master/init/Kconfig#L848 or https://groups.google.com/forum/#!topic/linux.gentoo.user/_2aSc_ztGpA
225 226 if [ "$KERNEL_BPF" = true ] ; then
226 227 set_kernel_config CONFIG_BPF_SYSCALL y
227 228 set_kernel_config CONFIG_BPF_EVENTS y
228 229 set_kernel_config CONFIG_BPF_STREAM_PARSER y
229 230 set_kernel_config CONFIG_CGROUP_BPF y
230 231 fi
231 232
232 233 # KERNEL_DEFAULT_GOV was set by user
233 if ! [ "$KERNEL_DEFAULT_GOV" = POWERSAVE ] && [ -n "$KERNEL_DEFAULT_GOV" ]; then
234 # unset default governor
235 unset_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_POWERSAVE
234 if [ "$KERNEL_DEFAULT_GOV" != powersave ] && [ -n "$KERNEL_DEFAULT_GOV" ]; then
236 235
237 236 case "$KERNEL_DEFAULT_GOV" in
238 "performance")
237 performance)
239 238 set_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_PERFORMANCE y
240 239 ;;
241 "userspace")
240 userspace)
242 241 set_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_USERSPACE y
243 242 ;;
244 "ondemand")
243 ondemand)
245 244 set_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_ONDEMAND y
246 245 ;;
247 "conservative")
246 conservative)
248 247 set_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_CONSERVATIVE y
249 248 ;;
250 "shedutil")
249 shedutil)
251 250 set_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_SCHEDUTIL y
252 251 ;;
253 252 *)
254 253 echo "error: unsupported default cpu governor"
255 254 exit 1
256 255 ;;
257 256 esac
257
258 # unset previous default governor
259 unset_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_POWERSAVE
258 260 fi
259 261
260 262
261 263
262 264 #Revert to previous directory
263 265 cd "${WORKDIR}" || exit
264 266
265 267 # Set kernel configuration parameters to enable qemu emulation
266 268 if [ "$ENABLE_QEMU" = true ] ; then
267 269 echo "CONFIG_FHANDLE=y" >> "${KERNEL_DIR}"/.config
268 270 echo "CONFIG_LBDAF=y" >> "${KERNEL_DIR}"/.config
269 271
270 272 if [ "$ENABLE_CRYPTFS" = true ] ; then
271 273 {
272 274 echo "CONFIG_EMBEDDED=y"
273 275 echo "CONFIG_EXPERT=y"
274 276 echo "CONFIG_DAX=y"
275 277 echo "CONFIG_MD=y"
276 278 echo "CONFIG_BLK_DEV_MD=y"
277 279 echo "CONFIG_MD_AUTODETECT=y"
278 280 echo "CONFIG_BLK_DEV_DM=y"
279 281 echo "CONFIG_BLK_DEV_DM_BUILTIN=y"
280 282 echo "CONFIG_DM_CRYPT=y"
281 283 echo "CONFIG_CRYPTO_BLKCIPHER=y"
282 284 echo "CONFIG_CRYPTO_CBC=y"
283 285 echo "CONFIG_CRYPTO_XTS=y"
284 286 echo "CONFIG_CRYPTO_SHA512=y"
285 287 echo "CONFIG_CRYPTO_MANAGER=y"
286 288 } >> "${KERNEL_DIR}"/.config
287 289 fi
288 290 fi
289 291
290 292 # Copy custom kernel configuration file
291 293 if [ -n "$KERNELSRC_USRCONFIG" ] ; then
292 294 cp "$KERNELSRC_USRCONFIG" "${KERNEL_DIR}"/.config
293 295 fi
294 296
295 297 # Set kernel configuration parameters to their default values
296 298 if [ "$KERNEL_OLDDEFCONFIG" = true ] ; then
297 299 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" olddefconfig
298 300 fi
299 301
300 302 # Start menu-driven kernel configuration (interactive)
301 303 if [ "$KERNEL_MENUCONFIG" = true ] ; then
302 304 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" menuconfig
303 305 fi
304 306 # end if "$KERNELSRC_CONFIG" = true
305 307 fi
306 308
307 309 # Use ccache to cross compile the kernel
308 310 if [ "$KERNEL_CCACHE" = true ] ; then
309 311 cc="ccache ${CROSS_COMPILE}gcc"
310 312 else
311 313 cc="${CROSS_COMPILE}gcc"
312 314 fi
313 315
314 316 # Cross compile kernel and dtbs
315 317 make -C "${KERNEL_DIR}" -j"${KERNEL_THREADS}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" CC="${cc}" "${KERNEL_BIN_IMAGE}" dtbs
316 318
317 319 # Cross compile kernel modules
318 320 if grep -q "CONFIG_MODULES=y" "${KERNEL_DIR}/.config" ; then
319 321 make -C "${KERNEL_DIR}" -j"${KERNEL_THREADS}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" CC="${cc}" modules
320 322 fi
321 323 # end if "$KERNELSRC_PREBUILT" = false
322 324 fi
323 325
324 326 # Check if kernel compilation was successful
325 327 if [ ! -r "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/${KERNEL_BIN_IMAGE}" ] ; then
326 328 echo "error: kernel compilation failed! (kernel image not found)"
327 329 cleanup
328 330 exit 1
329 331 fi
330 332
331 333 # Install kernel modules
332 334 if [ "$ENABLE_REDUCE" = true ] ; then
333 335 if grep -q "CONFIG_MODULES=y" "${KERNEL_DIR}/.config" ; then
334 336 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_MOD_STRIP=1 INSTALL_MOD_PATH=../../.. modules_install
335 337 fi
336 338 else
337 339 if grep -q "CONFIG_MODULES=y" "${KERNEL_DIR}/.config" ; then
338 340 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_MOD_PATH=../../.. modules_install
339 341 fi
340 342
341 343 # Install kernel firmware
342 344 if grep -q "^firmware_install:" "${KERNEL_DIR}/Makefile" ; then
343 345 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_FW_PATH=../../../lib firmware_install
344 346 fi
345 347 fi
346 348
347 349 # Install kernel headers
348 350 if [ "$KERNEL_HEADERS" = true ] && [ "$KERNEL_REDUCE" = false ] ; then
349 351 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_HDR_PATH=../.. headers_install
350 352 fi
351 353 # make tar.gz kernel package - missing os bzw. modules
352 354 #** ** ** WARNING ** ** **
353 355 #Your architecture did not define any architecture-dependent files
354 356 #to be placed into the tarball. Please add those to ./scripts/package/buildtar .
355 357 # make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" CC="${cc}" targz-pkg
356 358
357 359 # Prepare boot (firmware) directory
358 360 mkdir "${BOOT_DIR}"
359 361
360 362 # Get kernel release version
361 363 KERNEL_VERSION=$(cat "${KERNEL_DIR}/include/config/kernel.release")
362 364
363 365 # Copy kernel configuration file to the boot directory
364 366 install_readonly "${KERNEL_DIR}/.config" "${R}/boot/config-${KERNEL_VERSION}"
365 367
366 368 # Prepare device tree directory
367 369 mkdir "${BOOT_DIR}/overlays"
368 370
369 371 # Ensure the proper .dtb is located
370 372 if [ "$KERNEL_ARCH" = "arm" ] ; then
371 373 for dtb in "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/"*.dtb ; do
372 374 if [ -f "${dtb}" ] ; then
373 375 install_readonly "${dtb}" "${BOOT_DIR}/"
374 376 fi
375 377 done
376 378 else
377 379 for dtb in "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/broadcom/"*.dtb ; do
378 380 if [ -f "${dtb}" ] ; then
379 381 install_readonly "${dtb}" "${BOOT_DIR}/"
380 382 fi
381 383 done
382 384 fi
383 385
384 386 # Copy compiled dtb device tree files
385 387 if [ -d "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays" ] ; then
386 388 for dtb in "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays/"*.dtb ; do
387 389 if [ -f "${dtb}" ] ; then
388 390 install_readonly "${dtb}" "${BOOT_DIR}/overlays/"
389 391 fi
390 392 done
391 393
392 394 if [ -f "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays/README" ] ; then
393 395 install_readonly "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays/README" "${BOOT_DIR}/overlays/README"
394 396 fi
395 397 fi
396 398
397 399 if [ "$ENABLE_UBOOT" = false ] ; then
398 400 # Convert and copy kernel image to the boot directory
399 401 "${KERNEL_DIR}/scripts/mkknlimg" "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/${KERNEL_BIN_IMAGE}" "${BOOT_DIR}/${KERNEL_IMAGE}"
400 402 else
401 403 # Copy kernel image to the boot directory
402 404 install_readonly "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/${KERNEL_BIN_IMAGE}" "${BOOT_DIR}/${KERNEL_IMAGE}"
403 405 fi
404 406
405 407 # Remove kernel sources
406 408 if [ "$KERNEL_REMOVESRC" = true ] ; then
407 409 rm -fr "${KERNEL_DIR}"
408 410 else
409 411 # Prepare compiled kernel modules
410 412 if grep -q "CONFIG_MODULES=y" "${KERNEL_DIR}/.config" ; then
411 413 if grep -q "^modules_prepare:" "${KERNEL_DIR}/Makefile" ; then
412 414 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" modules_prepare
413 415 fi
414 416
415 417 # Create symlinks for kernel modules
416 418 chroot_exec ln -sf /usr/src/linux "/lib/modules/${KERNEL_VERSION}/build"
417 419 chroot_exec ln -sf /usr/src/linux "/lib/modules/${KERNEL_VERSION}/source"
418 420 fi
419 421 fi
420 422
421 423 else # BUILD_KERNEL=false
422 424 # echo Install precompiled kernel...
423 425 # echo error: not implemented
424 426 if [ "$SET_ARCH" = 64 ] && { [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; } ; then
425 427
426 428 # Use Sakakis modified kernel if ZSWAP is active
427 429 if [ "$KERNEL_ZSWAP" = true ] || [ "$KERNEL_VIRT" = true ] || [ "$KERNEL_NF" = true ] || [ "$KERNEL_BPF" = true ] ; then
428 430 RPI3_64_KERNEL_URL="${RPI3_64_BIS_KERNEL_URL}"
429 431 fi
430 432
431 433 # Create temporary directory for dl
432 434 temp_dir=$(as_nobody mktemp -d)
433 435
434 436 # Fetch kernel dl
435 437 as_nobody wget -O "${temp_dir}"/kernel.tar.xz -c "$RPI3_64_KERNEL_URL"
436 438
437 439 #extract download
438 440 tar -xJf "${temp_dir}"/kernel.tar.xz -C "${temp_dir}"
439 441
440 442 #move extracted kernel to /boot/firmware
441 443 mkdir "${R}/boot/firmware"
442 444 cp "${temp_dir}"/boot/* "${R}"/boot/firmware/
443 445 cp -r "${temp_dir}"/lib/* "${R}"/lib/
444 446
445 447 # Remove temporary directory for kernel sources
446 448 rm -fr "${temp_dir}"
447 449
448 450 # Set permissions of the kernel sources
449 451 chown -R root:root "${R}/boot/firmware"
450 452 chown -R root:root "${R}/lib/modules"
451 453 fi
452 454
453 455 # Install Kernel from hypriot comptabile with all Raspberry PI
454 456 if [ "$SET_ARCH" = 32 ] ; then
455 457 # Create temporary directory for dl
456 458 temp_dir=$(as_nobody mktemp -d)
457 459
458 460 # Fetch kernel
459 461 as_nobody wget -O "${temp_dir}"/kernel.deb -c "$RPI_32_KERNEL_URL"
460 462
461 463 # Copy downloaded U-Boot sources
462 464 mv "${temp_dir}"/kernel.deb "${R}"/tmp/kernel.deb
463 465
464 466 # Set permissions
465 467 chown -R root:root "${R}"/tmp/kernel.deb
466 468
467 469 # Install kernel
468 470 chroot_exec dpkg -i /tmp/kernel.deb
469 471
470 472 # move /boot to /boot/firmware to fit script env.
471 473 #mkdir "${BOOT_DIR}"
472 474 mkdir "${temp_dir}"/firmware
473 475 mv "${R}"/boot/* "${temp_dir}"/firmware/
474 476 mv "${temp_dir}"/firmware "${R}"/boot/
475 477
476 478 #same for kernel headers
477 479 if [ "$KERNEL_HEADERS" = true ] ; then
478 480 # Fetch kernel header
479 481 as_nobody wget -O "${temp_dir}"/kernel-header.deb -c "$RPI_32_KERNELHEADER_URL"
480 482 mv "${temp_dir}"/kernel-header.deb "${R}"/tmp/kernel-header.deb
481 483 chown -R root:root "${R}"/tmp/kernel-header.deb
482 484 # Install kernel header
483 485 chroot_exec dpkg -i /tmp/kernel-header.deb
484 486 rm -f "${R}"/tmp/kernel-header.deb
485 487 fi
486 488
487 489 # Remove temporary directory and files
488 490 rm -fr "${temp_dir}"
489 491 rm -f "${R}"/tmp/kernel.deb
490 492 fi
491 493
492 494 # Check if kernel installation was successful
493 495 KERNEL="$(ls -1 "${R}"/boot/firmware/kernel* | sort | tail -n 1)"
494 496 if [ -z "$KERNEL" ] ; then
495 497 echo "error: kernel installation failed! (/boot/kernel* not found)"
496 498 cleanup
497 499 exit 1
498 500 fi
499 501 fi
1 NO CONTENT: modified file
@@ -1,275 +1,273
1 1 #
2 2 # Setup RPi2/3 config and cmdline
3 3 #
4 4
5 5 # Load utility functions
6 6 . ./functions.sh
7 7
8 8 #if [ "$BUILD_KERNEL" = true ] ; then
9 9 if [ -n "$RPI_FIRMWARE_DIR" ] && [ -d "$RPI_FIRMWARE_DIR" ] ; then
10 10 # Install boot binaries from local directory
11 11 cp "${RPI_FIRMWARE_DIR}"/boot/bootcode.bin "${BOOT_DIR}"/bootcode.bin
12 12 cp "${RPI_FIRMWARE_DIR}"/boot/fixup.dat "${BOOT_DIR}"/fixup.dat
13 13 cp "${RPI_FIRMWARE_DIR}"/boot/fixup_cd.dat "${BOOT_DIR}"/fixup_cd.dat
14 14 cp "${RPI_FIRMWARE_DIR}"/boot/fixup_x.dat "${BOOT_DIR}"/fixup_x.dat
15 15 cp "${RPI_FIRMWARE_DIR}"/boot/start.elf "${BOOT_DIR}"/start.elf
16 16 cp "${RPI_FIRMWARE_DIR}"/boot/start_cd.elf "${BOOT_DIR}"/start_cd.elf
17 17 cp "${RPI_FIRMWARE_DIR}"/boot/start_x.elf "${BOOT_DIR}"/start_x.elf
18 18 else
19 19 # Create temporary directory for boot binaries
20 20 temp_dir=$(as_nobody mktemp -d)
21 21
22 22 # Install latest boot binaries from raspberry/firmware github
23 23 as_nobody wget -q -O "${temp_dir}/bootcode.bin" "${FIRMWARE_URL}/bootcode.bin"
24 24 as_nobody wget -q -O "${temp_dir}/fixup.dat" "${FIRMWARE_URL}/fixup.dat"
25 25 as_nobody wget -q -O "${temp_dir}/fixup_cd.dat" "${FIRMWARE_URL}/fixup_cd.dat"
26 26 as_nobody wget -q -O "${temp_dir}/fixup_x.dat" "${FIRMWARE_URL}/fixup_x.dat"
27 27 as_nobody wget -q -O "${temp_dir}/start.elf" "${FIRMWARE_URL}/start.elf"
28 28 as_nobody wget -q -O "${temp_dir}/start_cd.elf" "${FIRMWARE_URL}/start_cd.elf"
29 29 as_nobody wget -q -O "${temp_dir}/start_x.elf" "${FIRMWARE_URL}/start_x.elf"
30 30
31 31 # Move downloaded boot binaries
32 32 mv "${temp_dir}/"* "${BOOT_DIR}/"
33 33
34 34 # Remove temporary directory for boot binaries
35 35 rm -fr "${temp_dir}"
36 36
37 37 # Set permissions of the boot binaries
38 38 chown -R root:root "${BOOT_DIR}"
39 39 chmod -R 600 "${BOOT_DIR}"
40 40 fi
41 41 #fi
42 42
43 43 # Setup firmware boot cmdline
44 44 if [ "$ENABLE_UBOOTUSB" = true ] ; then
45 45 CMDLINE="dwc_otg.lpm_enable=0 root=/dev/sda2 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline rootwait console=tty1 init=/bin/systemd"
46 46 else
47 47 if [ "$ENABLE_SPLITFS" = true ] ; then
48 48 CMDLINE="dwc_otg.lpm_enable=0 root=/dev/sda1 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline rootwait console=tty1 init=/bin/systemd"
49 49 else
50 50 CMDLINE="dwc_otg.lpm_enable=0 root=/dev/mmcblk0p2 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline rootwait console=tty1 init=/bin/systemd"
51 51 fi
52 52 fi
53 53
54 54 # Add encrypted root partition to cmdline.txt
55 55 if [ "$ENABLE_CRYPTFS" = true ] ; then
56 56 if [ "$ENABLE_SPLITFS" = true ] ; then
57 57 CMDLINE=$(echo "${CMDLINE}" | sed "s/sda1/mapper\/${CRYPTFS_MAPPING} cryptdevice=\/dev\/sda1:${CRYPTFS_MAPPING}/")
58 58 else
59 59 if [ "$ENABLE_UBOOTUSB" = true ] ; then
60 60 CMDLINE=$(echo "${CMDLINE}" | sed "s/sda2/mapper\/${CRYPTFS_MAPPING} cryptdevice=\/dev\/sda2:${CRYPTFS_MAPPING}/")
61 61 else
62 62 CMDLINE=$(echo "${CMDLINE}" | sed "s/mmcblk0p2/mapper\/${CRYPTFS_MAPPING} cryptdevice=\/dev\/mmcblk0p2:${CRYPTFS_MAPPING}/")
63 63 fi
64 64 fi
65 65 fi
66 66
67 # Enable Kernel messages on standard output
67 68 if [ "$ENABLE_PRINTK" = true ] ; then
68 69 install_readonly files/sysctl.d/83-rpi-printk.conf "${ETC_DIR}/sysctl.d/83-rpi-printk.conf"
69 70 fi
70 71
71 72 # Install udev rule for serial alias - serial0 = console serial1=bluetooth
72 73 install_readonly files/etc/99-com.rules "${LIB_DIR}/udev/rules.d/99-com.rules"
73 74
74 75 # Remove IPv6 networking support
75 76 if [ "$ENABLE_IPV6" = false ] ; then
76 77 CMDLINE="${CMDLINE} ipv6.disable=1"
77 78 fi
78 79
79 80 # Automatically assign predictable network interface names
80 81 if [ "$ENABLE_IFNAMES" = false ] ; then
81 82 CMDLINE="${CMDLINE} net.ifnames=0"
82 83 else
83 84 CMDLINE="${CMDLINE} net.ifnames=1"
84 85 fi
85 86
86 87 # Install firmware config
87 88 install_readonly files/boot/config.txt "${BOOT_DIR}/config.txt"
88 89
89 #locks cpu at max frequency
90 # Locks CPU frequency at maximum
90 91 if [ "$ENABLE_TURBO" = true ] ; then
91 92 echo "force_turbo=1" >> "${BOOT_DIR}/config.txt"
92 93 # helps to avoid sdcard corruption when force_turbo is enabled.
93 94 echo "boot_delay=1" >> "${BOOT_DIR}/config.txt"
94 95 fi
95 96
96 97 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then
97 98
98 99 # Bluetooth enabled
99 100 if [ "$ENABLE_BLUETOOTH" = true ] ; then
100 101 # Create temporary directory for Bluetooth sources
101 102 temp_dir=$(as_nobody mktemp -d)
102 103
103 104 # Fetch Bluetooth sources
104 105 as_nobody git -C "${temp_dir}" clone "${BLUETOOTH_URL}"
105 106
106 107 # Copy downloaded sources
107 108 mv "${temp_dir}/pi-bluetooth" "${R}/tmp/"
108 109
109 110 # Bluetooth firmware from arch aur https://aur.archlinux.org/packages/pi-bluetooth/
110 111 as_nobody wget -q -O "${R}/tmp/pi-bluetooth/LICENCE.broadcom_bcm43xx" https://aur.archlinux.org/cgit/aur.git/plain/LICENCE.broadcom_bcm43xx?h=pi-bluetooth
111 112 as_nobody wget -q -O "${R}/tmp/pi-bluetooth/BCM43430A1.hcd" https://aur.archlinux.org/cgit/aur.git/plain/BCM43430A1.hcd?h=pi-bluetooth
112 113
113 114 # Set permissions
114 115 chown -R root:root "${R}/tmp/pi-bluetooth"
115 116
116 117 # Install tools
117 118 install_readonly "${R}/tmp/pi-bluetooth/usr/bin/btuart" "${R}/usr/bin/btuart"
118 119 install_readonly "${R}/tmp/pi-bluetooth/usr/bin/bthelper" "${R}/usr/bin/bthelper"
119 120
120 121 # make scripts executable
121 122 chmod +x "${R}/usr/bin/bthelper"
122 123 chmod +x "${R}/usr/bin/btuart"
123 124
124 125 # Install bluetooth udev rule
125 126 install_readonly "${R}/tmp/pi-bluetooth/lib/udev/rules.d/90-pi-bluetooth.rules" "${LIB_DIR}/udev/rules.d/90-pi-bluetooth.rules"
126 127
127 128 # Install Firmware Flash file and apropiate licence
128 129 mkdir -p "$BLUETOOTH_FIRMWARE_DIR"
129 130 install_readonly "${R}/tmp/pi-bluetooth/LICENCE.broadcom_bcm43xx" "${BLUETOOTH_FIRMWARE_DIR}/LICENCE.broadcom_bcm43xx"
130 131 install_readonly "${R}/tmp/pi-bluetooth/BCM43430A1.hcd" "${BLUETOOTH_FIRMWARE_DIR}/LICENCE.broadcom_bcm43xx"
131 132 install_readonly "${R}/tmp/pi-bluetooth/debian/pi-bluetooth.bthelper@.service" "${ETC_DIR}/systemd/system/pi-bluetooth.bthelper@.service"
132 133 install_readonly "${R}/tmp/pi-bluetooth/debian/pi-bluetooth.hciuart.service" "${ETC_DIR}/systemd/system/pi-bluetooth.hciuart.service"
133 134
134 135 # Remove temporary directories
135 136 rm -fr "${temp_dir}"
136 137 rm -fr "${R}"/tmp/pi-bluetooth
137 138
138 139 # Switch Pi3 Bluetooth function to use the mini-UART (ttyS0) and restore UART0/ttyAMA0 over GPIOs 14 & 15. Slow Bluetooth and slow cpu. Use /dev/ttyS0 instead of /dev/ttyAMA0
139 140 if [ "$ENABLE_MINIUART_OVERLAY" = true ] ; then
140 141
141 142 # set overlay to swap ttyAMA0 and ttyS0
142 143 echo "dtoverlay=pi3-miniuart-bt" >> "${BOOT_DIR}/config.txt"
143 144
144 145 # if force_turbo didn't lock cpu at high speed, lock it at low speed (XOR logic) or miniuart will be broken
145 146 if [ "$ENABLE_TURBO" = false ] ; then
146 147 echo "core_freq=250" >> "${BOOT_DIR}/config.txt"
147 148 fi
148 149 fi
149 150
150 151 # Activate services
151 152 chroot_exec systemctl enable pi-bluetooth.hciuart.service
152 chroot_exec systemctl enable pi-bluetooth.bthelper@serial1.service
153 153
154 154 else # if ENABLE_BLUETOOTH = false
155 155 # set overlay to disable bluetooth
156 156 echo "dtoverlay=pi3-disable-bt" >> "${BOOT_DIR}/config.txt"
157 157 fi # ENABLE_BLUETOOTH end
158 158 fi
159 159
160 160 # may need sudo systemctl disable hciuart
161 161 if [ "$ENABLE_CONSOLE" = true ] ; then
162 162 echo "enable_uart=1" >> "${BOOT_DIR}/config.txt"
163 163 # add string to cmdline
164 164 CMDLINE="${CMDLINE} console=serial0,115200"
165 165
166 166 # Enable serial console systemd style
167 167 chroot_exec systemctl enable serial-getty@serial0.service
168 168 else
169 169 echo "enable_uart=0" >> "${BOOT_DIR}/config.txt"
170 # disable serial console systemd style
171 #chroot_exec systemctl disable serial-getty@serial0.service
172 fi
173
174 # Remove cmdline.txt entry of starting zswap
175 if [ "$KERNEL_ZSWAP" = true ] ; then
176 CMDLINE="${CMDLINE} zswap.enabled=1 zswap.max_pool_percent=25 zswap.compressor=lz4"
177 170 fi
178 171
179 172 if [ "$ENABLE_SYSTEMDSWAP" = true ] ; then
180 173
181 174 # Remove cmdline.txt entry of starting zswap
182 175 if [ "$KERNEL_ZSWAP" = true ] ; then
183 176 sed -i 's|zswap.enabled=1 zswap.max_pool_percent=25 zswap.compressor=lz4||g'
184 177 fi
185 178 # Create temporary directory for systemd-swap sources
186 179 temp_dir=$(as_nobody mktemp -d)
187 180
188 181 # Fetch systemd-swap sources
189 182 as_nobody git -C "${temp_dir}" clone "${ZSWAP_URL}"
190 183
191 184 # Copy downloaded systemd-swap sources
192 185 mv "${temp_dir}/systemd-swap" "${R}/tmp/"
193 186
194 187 # Set permissions of the systemd-swap sources
195 188 chown -R root:root "${R}/tmp/systemd-swap"
196 189
197 190 # Remove temporary directory for systemd-swap sources
198 191 rm -fr "${temp_dir}"
199 192
200 193 # Change into downloaded src dir
201 194 cd "${R}/tmp/systemd-swap" || exit
202 195
203 196 # Build package
204 197 . ./systemd-swap/package.sh debian
205 198
206 199 # Install package
207 200 chroot_exec dpkg -i /tmp/systemd-swap/systemd-swap-*any.deb
208 201
209 202 # Enable service
210 203 chroot_exec systemctl enable systemd-swap
211 204
212 205 # Change back into script root dir
213 206 cd "${WORKDIR}" || exit
207 else
208 # Enable ZSWAP in cmdline if systemd-swap is not used
209 if [ "$KERNEL_ZSWAP" = true ] ; then
210 CMDLINE="${CMDLINE} zswap.enabled=1 zswap.max_pool_percent=25 zswap.compressor=lz4"
211 fi
214 212 fi
215 213
216 214 # Install firmware boot cmdline
217 215 echo "${CMDLINE}" > "${BOOT_DIR}/cmdline.txt"
218 216
219 217 # Setup minimal GPU memory allocation size: 16MB (no X)
220 218 if [ "$ENABLE_MINGPU" = true ] ; then
221 219 echo "gpu_mem=16" >> "${BOOT_DIR}/config.txt"
222 220 fi
223 221
224 222 # Setup boot with initramfs
225 223 if [ "$ENABLE_INITRAMFS" = true ] ; then
226 224 echo "initramfs initramfs-${KERNEL_VERSION} followkernel" >> "${BOOT_DIR}/config.txt"
227 225 fi
228 226
229 227 # Create firmware configuration and cmdline symlinks
230 228 ln -sf firmware/config.txt "${R}/boot/config.txt"
231 229 ln -sf firmware/cmdline.txt "${R}/boot/cmdline.txt"
232 230
233 231 # Install and setup kernel modules to load at boot
234 232 mkdir -p "${LIB_DIR}/modules-load.d/"
235 233 install_readonly files/modules/rpi2.conf "${LIB_DIR}/modules-load.d/rpi2.conf"
236 234
237 235 # Load hardware random module at boot
238 236 if [ "$ENABLE_HWRANDOM" = true ] && [ "$BUILD_KERNEL" = false ] ; then
239 237 sed -i "s/^# bcm2708_rng/bcm2708_rng/" "${LIB_DIR}/modules-load.d/rpi2.conf"
240 238 fi
241 239
242 240 # Load sound module at boot
243 241 if [ "$ENABLE_SOUND" = true ] ; then
244 242 sed -i "s/^# snd_bcm2835/snd_bcm2835/" "${LIB_DIR}/modules-load.d/rpi2.conf"
245 243 else
246 244 echo "dtparam=audio=off" >> "${BOOT_DIR}/config.txt"
247 245 fi
248 246
249 247 # Enable I2C interface
250 248 if [ "$ENABLE_I2C" = true ] ; then
251 249 echo "dtparam=i2c_arm=on" >> "${BOOT_DIR}/config.txt"
252 250 sed -i "s/^# i2c-bcm2708/i2c-bcm2708/" "${LIB_DIR}/modules-load.d/rpi2.conf"
253 251 sed -i "s/^# i2c-dev/i2c-dev/" "${LIB_DIR}/modules-load.d/rpi2.conf"
254 252 fi
255 253
256 254 # Enable SPI interface
257 255 if [ "$ENABLE_SPI" = true ] ; then
258 256 echo "dtparam=spi=on" >> "${BOOT_DIR}/config.txt"
259 257 echo "spi-bcm2708" >> "${LIB_DIR}/modules-load.d/rpi2.conf"
260 258 if [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ]; then
261 259 sed -i "s/spi-bcm2708/spi-bcm2835/" "${LIB_DIR}/modules-load.d/rpi2.conf"
262 260 fi
263 261 fi
264 262
265 263 # Disable RPi2/3 under-voltage warnings
266 264 if [ -n "$DISABLE_UNDERVOLT_WARNINGS" ] ; then
267 265 echo "avoid_warnings=${DISABLE_UNDERVOLT_WARNINGS}" >> "${BOOT_DIR}/config.txt"
268 266 fi
269 267
270 268 # Install kernel modules blacklist
271 269 mkdir -p "${ETC_DIR}/modprobe.d/"
272 270 install_readonly files/modules/raspi-blacklist.conf "${ETC_DIR}/modprobe.d/raspi-blacklist.conf"
273 271
274 272 # Install sysctl.d configuration files
275 273 install_readonly files/sysctl.d/81-rpi-vm.conf "${ETC_DIR}/sysctl.d/81-rpi-vm.conf"
@@ -1,132 +1,146
1 1 #
2 2 # Setup Networking
3 3 #
4 4
5 5 # Load utility functions
6 6 . ./functions.sh
7 7
8 8 # Install and setup hostname
9 9 install_readonly files/network/hostname "${ETC_DIR}/hostname"
10 10 sed -i "s/^RaspberryPI/${HOSTNAME}/" "${ETC_DIR}/hostname"
11 11
12 12 # Install and setup hosts
13 13 install_readonly files/network/hosts "${ETC_DIR}/hosts"
14 14 sed -i "s/RaspberryPI/${HOSTNAME}/" "${ETC_DIR}/hosts"
15 15
16 16 # Setup hostname entry with static IP
17 17 if [ "$NET_ADDRESS" != "" ] ; then
18 18 NET_IP=$(echo "${NET_ADDRESS}" | cut -f 1 -d'/')
19 19 sed -i "s/^127.0.1.1/${NET_IP}/" "${ETC_DIR}/hosts"
20 20 fi
21 21
22 22 # Remove IPv6 hosts
23 23 if [ "$ENABLE_IPV6" = false ] ; then
24 24 sed -i -e "/::[1-9]/d" -e "/^$/d" "${ETC_DIR}/hosts"
25 25 fi
26 26
27 27 # Install hint about network configuration
28 28 install_readonly files/network/interfaces "${ETC_DIR}/network/interfaces"
29 29
30 30 # Install configuration for interface eth0
31 31 install_readonly files/network/eth.network "${ETC_DIR}/systemd/network/eth.network"
32 32
33 33 # Install configuration for interface wl*
34 34 install_readonly files/network/wlan.network "${ETC_DIR}/systemd/network/wlan.network"
35 35
36 36 #always with dhcp since wpa_supplicant integration is missing
37 37 sed -i -e "s/DHCP=.*/DHCP=yes/" -e "/DHCP/q" "${ETC_DIR}/systemd/network/wlan.network"
38 38
39 39 if [ "$ENABLE_DHCP" = true ] ; then
40 40 # Enable DHCP configuration for interface eth0
41 41 sed -i -e "s/DHCP=.*/DHCP=yes/" -e "/DHCP/q" "${ETC_DIR}/systemd/network/eth.network"
42 42
43 43 # Set DHCP configuration to IPv4 only
44 44 if [ "$ENABLE_IPV6" = false ] ; then
45 45 sed -i "s/DHCP=.*/DHCP=v4/" "${ETC_DIR}/systemd/network/eth.network"
46 46 fi
47 47
48 48 else # ENABLE_DHCP=false
49 49 # Set static network configuration for interface eth0
50 50 sed -i\
51 51 -e "s|DHCP=.*|DHCP=no|"\
52 52 -e "s|Address=\$|Address=${NET_ADDRESS}|"\
53 53 -e "s|Gateway=\$|Gateway=${NET_GATEWAY}|"\
54 54 -e "0,/DNS=\$/ s|DNS=\$|DNS=${NET_DNS_1}|"\
55 55 -e "0,/DNS=\$/ s|DNS=\$|DNS=${NET_DNS_2}|"\
56 56 -e "s|Domains=\$|Domains=${NET_DNS_DOMAINS}|"\
57 57 -e "0,/NTP=\$/ s|NTP=\$|NTP=${NET_NTP_1}|"\
58 58 -e "0,/NTP=\$/ s|NTP=\$|NTP=${NET_NTP_2}|"\
59 59 "${ETC_DIR}/systemd/network/eth.network"
60
61 if [ "$CRYPTFS_DROPBEAR" = true ] ; then
62 # Get cdir from NET_ADDRESS e.g. 24
63 cdir=$(${NET_ADDRESS} | cut -d '/' -f2)
64
65 # Convert cdir ro netmask e.g. 24 to 255.255.255.0
66 NET_MASK=$(cdr2mask "$cdir")
67
68 # Write static ip settings to "${ETC_DIR}"/initramfs-tools/initramfs.conf
69 sed -i "\$aIP=${NET_ADDRESS}::${NET_GATEWAY}:${NET_MASK}:${HOSTNAME}:" "${ETC_DIR}"/initramfs-tools/initramfs.conf
70
71 # Regenerate initramfs
72 chroot_exec mkinitramfs -o "/boot/firmware/initramfs-${KERNEL_VERSION}" "${KERNEL_VERSION}"
73 fi
60 74 fi
61 75
62 76 # Remove empty settings from network configuration
63 77 sed -i "/.*=\$/d" "${ETC_DIR}/systemd/network/eth.network"
64 78 # Remove empty settings from wlan configuration
65 79 sed -i "/.*=\$/d" "${ETC_DIR}/systemd/network/wlan.network"
66 80
67 81 # Move systemd network configuration if required by Debian release
68 82 mv -v "${ETC_DIR}/systemd/network/eth.network" "${LIB_DIR}/systemd/network/10-eth.network"
69 83 # If WLAN is enabled copy wlan configuration too
70 84 if [ "$ENABLE_WIRELESS" = true ] ; then
71 85 mv -v "${ETC_DIR}/systemd/network/wlan.network" "${LIB_DIR}/systemd/network/11-wlan.network"
72 86 fi
73 87 rm -fr "${ETC_DIR}/systemd/network"
74 88
75 89 # Enable systemd-networkd service
76 90 chroot_exec systemctl enable systemd-networkd
77 91
78 92 # Install host.conf resolver configuration
79 93 install_readonly files/network/host.conf "${ETC_DIR}/host.conf"
80 94
81 95 # Enable network stack hardening
82 96 if [ "$ENABLE_HARDNET" = true ] ; then
83 97 # Install sysctl.d configuration files
84 98 install_readonly files/sysctl.d/82-rpi-net-hardening.conf "${ETC_DIR}/sysctl.d/82-rpi-net-hardening.conf"
85 99
86 100 # Setup resolver warnings about spoofed addresses
87 101 sed -i "s/^# spoof warn/spoof warn/" "${ETC_DIR}/host.conf"
88 102 fi
89 103
90 104 # Enable time sync
91 105 if [ "$NET_NTP_1" != "" ] ; then
92 106 chroot_exec systemctl enable systemd-timesyncd.service
93 107 fi
94 108
95 109 # Download the firmware binary blob required to use the RPi3 wireless interface
96 110 if [ "$ENABLE_WIRELESS" = true ] ; then
97 111 if [ ! -d "${WLAN_FIRMWARE_DIR}" ] ; then
98 112 mkdir -p "${WLAN_FIRMWARE_DIR}"
99 113 fi
100 114
101 115 # Create temporary directory for firmware binary blob
102 116 temp_dir=$(as_nobody mktemp -d)
103 117
104 118 # Fetch firmware binary blob for RPI3B+
105 119 if [ "$RPI_MODEL" = 3P ] ; then
106 120 # Fetch firmware binary blob for RPi3P
107 121 as_nobody wget -q -O "${temp_dir}/brcmfmac43455-sdio.bin" "${WLAN_FIRMWARE_URL}/brcmfmac43455-sdio.bin"
108 122 as_nobody wget -q -O "${temp_dir}/brcmfmac43455-sdio.txt" "${WLAN_FIRMWARE_URL}/brcmfmac43455-sdio.txt"
109 123 as_nobody wget -q -O "${temp_dir}/brcmfmac43455-sdio.clm_blob" "${WLAN_FIRMWARE_URL}/brcmfmac43455-sdio.clm_blob"
110 124
111 125 # Move downloaded firmware binary blob
112 126 mv "${temp_dir}/brcmfmac43455-sdio."* "${WLAN_FIRMWARE_DIR}/"
113 127
114 128 # Set permissions of the firmware binary blob
115 129 chown root:root "${WLAN_FIRMWARE_DIR}/brcmfmac43455-sdio."*
116 130 chmod 600 "${WLAN_FIRMWARE_DIR}/brcmfmac43455-sdio."*
117 131 elif [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 0 ] ; then
118 132 # Fetch firmware binary blob for RPi3
119 133 as_nobody wget -q -O "${temp_dir}/brcmfmac43430-sdio.bin" "${WLAN_FIRMWARE_URL}/brcmfmac43430-sdio.bin"
120 134 as_nobody wget -q -O "${temp_dir}/brcmfmac43430-sdio.txt" "${WLAN_FIRMWARE_URL}/brcmfmac43430-sdio.txt"
121 135
122 136 # Move downloaded firmware binary blob
123 137 mv "${temp_dir}/brcmfmac43430-sdio."* "${WLAN_FIRMWARE_DIR}/"
124 138
125 139 # Set permissions of the firmware binary blob
126 140 chown root:root "${WLAN_FIRMWARE_DIR}/brcmfmac43430-sdio."*
127 141 chmod 600 "${WLAN_FIRMWARE_DIR}/brcmfmac43430-sdio."*
128 142 fi
129 143
130 144 # Remove temporary directory for firmware binary blob
131 145 rm -fr "${temp_dir}"
132 146 fi
@@ -1,108 +1,115
1 1 #!/bin/sh
2 2 # This file contains utility functions used by rpi23-gen-image.sh
3 3
4 4 cleanup (){
5 5 set +x
6 6 set +e
7 7
8 8 # Remove exports from nexmon
9 9 unset KERNEL
10 10 unset ARCH
11 11 unset SUBARCH
12 12 unset CCPLUGIN
13 13 unset ZLIBFLATE
14 14 unset Q
15 15 unset NEXMON_SETUP_ENV
16 16 unset HOSTUNAME
17 17 unset PLATFORMUNAME
18 18
19 19 # Identify and kill all processes still using files
20 20 echo "killing processes using mount point ..."
21 21 fuser -k "${R}"
22 22 sleep 3
23 23 fuser -9 -k -v "${R}"
24 24
25 25 # Clean up temporary .password file
26 26 if [ -r ".password" ] ; then
27 27 shred -zu .password
28 28 fi
29 29
30 30 # Clean up all temporary mount points
31 31 echo "removing temporary mount points ..."
32 32 umount -l "${R}/proc" 2> /dev/null
33 33 umount -l "${R}/sys" 2> /dev/null
34 34 umount -l "${R}/dev/pts" 2> /dev/null
35 35 umount "$BUILDDIR/mount/boot/firmware" 2> /dev/null
36 36 umount "$BUILDDIR/mount" 2> /dev/null
37 37 cryptsetup close "${CRYPTFS_MAPPING}" 2> /dev/null
38 38 losetup -d "$ROOT_LOOP" 2> /dev/null
39 39 losetup -d "$FRMW_LOOP" 2> /dev/null
40 40 trap - 0 1 2 3 6
41 41 }
42 42
43 43 chroot_exec() {
44 44 # Exec command in chroot
45 45 LANG=C LC_ALL=C DEBIAN_FRONTEND=noninteractive chroot "${R}" "$@"
46 46 }
47 47
48 48 as_nobody() {
49 49 # Exec command as user nobody
50 50 sudo -E -u nobody LANG=C LC_ALL=C "$@"
51 51 }
52 52
53 53 install_readonly() {
54 54 # Install file with user read-only permissions
55 55 install -o root -g root -m 644 "$@"
56 56 }
57 57
58 58 install_exec() {
59 59 # Install file with root exec permissions
60 60 install -o root -g root -m 744 "$@"
61 61 }
62 62
63 63 use_template () {
64 64 # Test if configuration template file exists
65 65 if [ ! -r "./templates/${CONFIG_TEMPLATE}" ] ; then
66 66 echo "error: configuration template ${CONFIG_TEMPLATE} not found"
67 67 exit 1
68 68 fi
69 69
70 70 # Load template configuration parameters
71 71 . "./templates/${CONFIG_TEMPLATE}"
72 72 }
73 73
74 74 chroot_install_cc() {
75 75 # Install c/c++ build environment inside the chroot
76 76 if [ -z "${COMPILER_PACKAGES}" ] ; then
77 77 COMPILER_PACKAGES=$(chroot_exec apt-get -s install g++ make bc | grep "^Inst " | awk -v ORS=" " '{ print $2 }')
78 78 # Install COMPILER_PACKAGES in chroot
79 79 chroot_exec apt-get -q -y --allow-unauthenticated --no-install-recommends install "${COMPILER_PACKAGES}"
80 80 fi
81 81 }
82 82
83 83 chroot_remove_cc() {
84 84 # Remove c/c++ build environment from the chroot
85 85 if [ -n "${COMPILER_PACKAGES}" ] ; then
86 86 chroot_exec apt-get -qq -y --auto-remove purge "${COMPILER_PACKAGES}"
87 87 COMPILER_PACKAGES=""
88 88 fi
89 89 }
90 #GPL v2.0
91 #https://github.com/sakaki-/bcmrpi3-kernel-bis/blob/master/conform_config.sh
90 # GPL v2.0 - #https://github.com/sakaki-/bcmrpi3-kernel-bis/blob/master/conform_config.sh
92 91 set_kernel_config() {
93 92 # flag as $1, value to set as $2, config must exist at "./.config"
94 93 TGT="CONFIG_${1#CONFIG_}"
95 94 REP="${2}"
96 95 if grep -q "^${TGT}[^_]" .config; then
97 96 sed -i "s/^\(${TGT}=.*\|# ${TGT} is not set\)/${TGT}=${REP}/" .config
98 97 else
99 98 echo "${TGT}"="${2}" >> .config
100 99 fi
101 100 }
102
101 # unset kernel config parameter
103 102 unset_kernel_config() {
104 103 # unsets flag with the value of $1, config must exist at "./.config"
105 104 TGT="CONFIG_${1#CONFIG_}"
106 105 sed -i "s/^${TGT}=.*/# ${TGT} is not set/" .config
107 106 }
108 # No newline at end of file
107
108 # https://serverfault.com/a/682849 - converts e.g. /24 to 255.255.255.0
109 cdr2mask ()
110 {
111 # Number of args to shift, 255..255, first non-255 byte, zeroes
112 set -- $(( 5 - ($1 / 8) )) 255 255 255 255 $(( (255 << (8 - ($1 % 8))) & 255 )) 0 0 0
113 [ $1 -gt 1 ] && shift $1 || shift
114 echo ${1-0}.${2-0}.${3-0}.${4-0}
115 } No newline at end of file
@@ -1,866 +1,869
1 1 #!/bin/sh
2 2 ########################################################################
3 3 # rpi23-gen-image.sh 2015-2017
4 4 #
5 5 # Advanced Debian "stretch" and "buster" bootstrap script for Raspberry Pi
6 6 #
7 7 # This program is free software; you can redistribute it and/or
8 8 # modify it under the terms of the GNU General Public License
9 9 # as published by the Free Software Foundation; either version 2
10 10 # of the License, or (at your option) any later version.
11 11 #
12 12 # Copyright (C) 2015 Jan Wagner <mail@jwagner.eu>
13 13 #
14 14 # Big thanks for patches and enhancements by 20+ github contributors!
15 15 ########################################################################
16 16
17 17 # Are we running as root?
18 18 if [ "$(id -u)" -ne "0" ] ; then
19 19 echo "error: this script must be executed with root privileges!"
20 20 exit 1
21 21 fi
22 22
23 23 # Check if ./functions.sh script exists
24 24 if [ ! -r "./functions.sh" ] ; then
25 25 echo "error: './functions.sh' required script not found!"
26 26 exit 1
27 27 fi
28 28
29 29 # Load utility functions
30 30 . ./functions.sh
31 31
32 32 # Load parameters from configuration template file
33 33 if [ -n "$CONFIG_TEMPLATE" ] ; then
34 34 use_template
35 35 fi
36 36
37 37 # Introduce settings
38 38 set -e
39 39 echo -n -e "\n#\n# RPi 0/1/2/3 Bootstrap Settings\n#\n"
40 40 set -x
41 41
42 42 # Raspberry Pi model configuration
43 43 RPI_MODEL=${RPI_MODEL:=2}
44 44
45 45 # Debian release
46 46 RELEASE=${RELEASE:=buster}
47 47
48 48 # Kernel Branch
49 49 KERNEL_BRANCH=${KERNEL_BRANCH:=""}
50 50
51 51 # URLs
52 52 KERNEL_URL=${KERNEL_URL:=https://github.com/raspberrypi/linux}
53 53 FIRMWARE_URL=${FIRMWARE_URL:=https://github.com/raspberrypi/firmware/raw/master/boot}
54 54 WLAN_FIRMWARE_URL=${WLAN_FIRMWARE_URL:=https://github.com/RPi-Distro/firmware-nonfree/raw/master/brcm}
55 55 COLLABORA_URL=${COLLABORA_URL:=https://repositories.collabora.co.uk/debian}
56 56 FBTURBO_URL=${FBTURBO_URL:=https://github.com/ssvb/xf86-video-fbturbo.git}
57 57 UBOOT_URL=${UBOOT_URL:=https://git.denx.de/u-boot.git}
58 58 VIDEOCORE_URL=${VIDEOCORE_URL:=https://github.com/raspberrypi/userland}
59 59 BLUETOOTH_URL=${BLUETOOTH_URL:=https://github.com/RPi-Distro/pi-bluetooth.git}
60 60 NEXMON_URL=${NEXMON_URL:=https://github.com/seemoo-lab/nexmon.git}
61 61 SYSTEMDSWAP_URL=${SYSTEMDSWAP_URL:=https://github.com/Nefelim4ag/systemd-swap.git}
62 62
63 63 # Kernel deb packages for 32bit kernel
64 64 RPI_32_KERNEL_URL=${RPI_32_KERNEL_URL:=https://github.com/hypriot/rpi-kernel/releases/download/v4.14.34/raspberrypi-kernel_20180422-141901_armhf.deb}
65 65 RPI_32_KERNELHEADER_URL=${RPI_32_KERNELHEADER_URL:=https://github.com/hypriot/rpi-kernel/releases/download/v4.14.34/raspberrypi-kernel-headers_20180422-141901_armhf.deb}
66 66 # Kernel has KVM and zswap enabled - use if KERNEL_* parameters and precompiled kernel are used
67 67 RPI3_64_BIS_KERNEL_URL=${RPI3_64_BIS_KERNEL_URL:=https://github.com/sakaki-/bcmrpi3-kernel-bis/releases/download/4.14.80.20181113/bcmrpi3-kernel-bis-4.14.80.20181113.tar.xz}
68 68 # Default precompiled 64bit kernel
69 69 RPI3_64_DEF_KERNEL_URL=${RPI3_64_DEF_KERNEL_URL:=https://github.com/sakaki-/bcmrpi3-kernel/releases/download/4.14.80.20181113/bcmrpi3-kernel-4.14.80.20181113.tar.xz}
70 70 # Generic
71 71 RPI3_64_KERNEL_URL=${RPI3_64_KERNEL_URL:=$RPI3_64_DEF_KERNEL_URL}
72 72 # Kali kernel src - used if ENABLE_NEXMON=true (they patch the wlan kernel modul)
73 73 KALI_KERNEL_URL=${KALI_KERNEL_URL:=https://github.com/Re4son/re4son-raspberrypi-linux.git}
74 74
75 75 # Build directories
76 76 WORKDIR=$(pwd)
77 77 BASEDIR=${BASEDIR:=${WORKDIR}/images/${RELEASE}}
78 78 BUILDDIR="${BASEDIR}/build"
79 79
80 80 # Chroot directories
81 81 R="${BUILDDIR}/chroot"
82 82 ETC_DIR="${R}/etc"
83 83 LIB_DIR="${R}/lib"
84 84 BOOT_DIR="${R}/boot/firmware"
85 85 KERNEL_DIR="${R}/usr/src/linux"
86 86 WLAN_FIRMWARE_DIR="${LIB_DIR}/firmware/brcm"
87 87 BLUETOOTH_FIRMWARE_DIR="${ETC_DIR}/firmware/bt"
88 88
89 89 # Firmware directory: Blank if download from github
90 90 RPI_FIRMWARE_DIR=${RPI_FIRMWARE_DIR:=""}
91 91
92 92 # General settings
93 93 SET_ARCH=${SET_ARCH:=32}
94 94 HOSTNAME=${HOSTNAME:=rpi${RPI_MODEL}-${RELEASE}}
95 95 PASSWORD=${PASSWORD:=raspberry}
96 96 USER_PASSWORD=${USER_PASSWORD:=raspberry}
97 97 DEFLOCAL=${DEFLOCAL:="en_US.UTF-8"}
98 98 TIMEZONE=${TIMEZONE:="Europe/Berlin"}
99 99 EXPANDROOT=${EXPANDROOT:=true}
100 100
101 101 # Keyboard settings
102 102 XKB_MODEL=${XKB_MODEL:=""}
103 103 XKB_LAYOUT=${XKB_LAYOUT:=""}
104 104 XKB_VARIANT=${XKB_VARIANT:=""}
105 105 XKB_OPTIONS=${XKB_OPTIONS:=""}
106 106
107 107 # Network settings (DHCP)
108 108 ENABLE_DHCP=${ENABLE_DHCP:=true}
109 109
110 110 # Network settings (static)
111 111 NET_ADDRESS=${NET_ADDRESS:=""}
112 112 NET_GATEWAY=${NET_GATEWAY:=""}
113 113 NET_DNS_1=${NET_DNS_1:=""}
114 114 NET_DNS_2=${NET_DNS_2:=""}
115 115 NET_DNS_DOMAINS=${NET_DNS_DOMAINS:=""}
116 116 NET_NTP_1=${NET_NTP_1:=""}
117 117 NET_NTP_2=${NET_NTP_2:=""}
118 118
119 119 # APT settings
120 120 APT_PROXY=${APT_PROXY:=""}
121 121 APT_SERVER=${APT_SERVER:="ftp.debian.org"}
122 122
123 123 # Feature settings
124 124 ENABLE_PRINTK=${ENABLE_PRINTK:=false}
125 125 ENABLE_BLUETOOTH=${ENABLE_BLUETOOTH:=false}
126 126 ENABLE_MINIUART_OVERLAY=${ENABLE_MINIUART_OVERLAY:=false}
127 127 ENABLE_CONSOLE=${ENABLE_CONSOLE:=true}
128 128 ENABLE_I2C=${ENABLE_I2C:=false}
129 129 ENABLE_SPI=${ENABLE_SPI:=false}
130 130 ENABLE_IPV6=${ENABLE_IPV6:=true}
131 131 ENABLE_SSHD=${ENABLE_SSHD:=true}
132 132 ENABLE_NONFREE=${ENABLE_NONFREE:=false}
133 133 ENABLE_WIRELESS=${ENABLE_WIRELESS:=false}
134 134 ENABLE_SOUND=${ENABLE_SOUND:=true}
135 135 ENABLE_DBUS=${ENABLE_DBUS:=true}
136 136 ENABLE_HWRANDOM=${ENABLE_HWRANDOM:=true}
137 137 ENABLE_MINGPU=${ENABLE_MINGPU:=false}
138 138 ENABLE_XORG=${ENABLE_XORG:=false}
139 139 ENABLE_WM=${ENABLE_WM:=""}
140 140 ENABLE_RSYSLOG=${ENABLE_RSYSLOG:=true}
141 141 ENABLE_USER=${ENABLE_USER:=true}
142 142 USER_NAME=${USER_NAME:="pi"}
143 143 ENABLE_ROOT=${ENABLE_ROOT:=false}
144 144 ENABLE_QEMU=${ENABLE_QEMU:=false}
145 145 ENABLE_SYSVINIT=${ENABLE_SYSVINIT:=false}
146 146
147 147 # SSH settings
148 148 SSH_ENABLE_ROOT=${SSH_ENABLE_ROOT:=false}
149 149 SSH_DISABLE_PASSWORD_AUTH=${SSH_DISABLE_PASSWORD_AUTH:=false}
150 150 SSH_LIMIT_USERS=${SSH_LIMIT_USERS:=false}
151 151 SSH_ROOT_PUB_KEY=${SSH_ROOT_PUB_KEY:=""}
152 152 SSH_USER_PUB_KEY=${SSH_USER_PUB_KEY:=""}
153 153
154 154 # Advanced settings
155 155 ENABLE_SYSTEMDSWAP=${ENABLE_MINBASE:=false}
156 156 ENABLE_MINBASE=${ENABLE_MINBASE:=false}
157 157 ENABLE_REDUCE=${ENABLE_REDUCE:=false}
158 158 ENABLE_UBOOT=${ENABLE_UBOOT:=false}
159 159 UBOOTSRC_DIR=${UBOOTSRC_DIR:=""}
160 160 ENABLE_UBOOTUSB=${ENABLE_UBOOTUSB=false}
161 161 ENABLE_FBTURBO=${ENABLE_FBTURBO:=false}
162 162 ENABLE_VIDEOCORE=${ENABLE_VIDEOCORE:=false}
163 163 ENABLE_NEXMON=${ENABLE_NEXMON:=false}
164 164 VIDEOCORESRC_DIR=${VIDEOCORESRC_DIR:=""}
165 165 FBTURBOSRC_DIR=${FBTURBOSRC_DIR:=""}
166 166 NEXMONSRC_DIR=${NEXMONSRC_DIR:=""}
167 167 ENABLE_HARDNET=${ENABLE_HARDNET:=false}
168 168 ENABLE_IPTABLES=${ENABLE_IPTABLES:=false}
169 169 ENABLE_SPLITFS=${ENABLE_SPLITFS:=false}
170 170 ENABLE_INITRAMFS=${ENABLE_INITRAMFS:=false}
171 171 ENABLE_IFNAMES=${ENABLE_IFNAMES:=true}
172 172 DISABLE_UNDERVOLT_WARNINGS=${DISABLE_UNDERVOLT_WARNINGS:=}
173 173
174 174 # Kernel compilation settings
175 175 BUILD_KERNEL=${BUILD_KERNEL:=true}
176 176 KERNEL_REDUCE=${KERNEL_REDUCE:=false}
177 177 KERNEL_THREADS=${KERNEL_THREADS:=1}
178 178 KERNEL_HEADERS=${KERNEL_HEADERS:=true}
179 179 KERNEL_MENUCONFIG=${KERNEL_MENUCONFIG:=false}
180 180 KERNEL_REMOVESRC=${KERNEL_REMOVESRC:=true}
181 181 KERNEL_OLDDEFCONFIG=${KERNEL_OLDDEFCONFIG:=false}
182 182 KERNEL_CCACHE=${KERNEL_CCACHE:=false}
183 183 KERNEL_ZSWAP=${KERNEL_ZSWAP:=false}
184 184 KERNEL_VIRT=${KERNEL_VIRT:=false}
185 185 KERNEL_BPF=${KERNEL_BPF:=false}
186 KERNEL_DEFAULT_GOV=${KERNEL_DEFAULT_GOV:=POWERSAVE}
186 KERNEL_DEFAULT_GOV=${KERNEL_DEFAULT_GOV:=powersave}
187 187
188 188 # Kernel compilation from source directory settings
189 189 KERNELSRC_DIR=${KERNELSRC_DIR:=""}
190 190 KERNELSRC_CLEAN=${KERNELSRC_CLEAN:=false}
191 191 KERNELSRC_CONFIG=${KERNELSRC_CONFIG:=true}
192 192 KERNELSRC_PREBUILT=${KERNELSRC_PREBUILT:=false}
193 193
194 194 # Reduce disk usage settings
195 195 REDUCE_APT=${REDUCE_APT:=true}
196 196 REDUCE_DOC=${REDUCE_DOC:=true}
197 197 REDUCE_MAN=${REDUCE_MAN:=true}
198 198 REDUCE_VIM=${REDUCE_VIM:=false}
199 199 REDUCE_BASH=${REDUCE_BASH:=false}
200 200 REDUCE_HWDB=${REDUCE_HWDB:=true}
201 201 REDUCE_SSHD=${REDUCE_SSHD:=true}
202 202 REDUCE_LOCALE=${REDUCE_LOCALE:=true}
203 203
204 204 # Encrypted filesystem settings
205 205 ENABLE_CRYPTFS=${ENABLE_CRYPTFS:=false}
206 206 CRYPTFS_PASSWORD=${CRYPTFS_PASSWORD:=""}
207 207 CRYPTFS_MAPPING=${CRYPTFS_MAPPING:="secure"}
208 208 CRYPTFS_CIPHER=${CRYPTFS_CIPHER:="aes-xts-plain64:sha512"}
209 209 CRYPTFS_XTSKEYSIZE=${CRYPTFS_XTSKEYSIZE:=512}
210 210 #Dropbear-initramfs supports unlocking encrypted filesystem via SSH on bootup
211 211 CRYPTFS_DROPBEAR=${CRYPTFS_DROPBEAR:=false}
212 212 #Provide your own Dropbear Public RSA-OpenSSH Key otherwise it will be generated
213 213 CRYPTFS_DROPBEAR_PUBKEY=${CRYPTFS_DROPBEAR_PUBKEY:=""}
214 214
215 215 # Chroot scripts directory
216 216 CHROOT_SCRIPTS=${CHROOT_SCRIPTS:=""}
217 217
218 218 # Packages required in the chroot build environment
219 219 APT_INCLUDES=${APT_INCLUDES:=""}
220 220 APT_INCLUDES="${APT_INCLUDES},apt-transport-https,apt-utils,ca-certificates,debian-archive-keyring,dialog,sudo,systemd,sysvinit-utils,locales,keyboard-configuration,console-setup,libnss-systemd"
221 221
222 222 #Packages to exclude from chroot build environment
223 223 APT_EXCLUDES=${APT_EXCLUDES:=""}
224 224
225 225 # Packages required for bootstrapping
226 226 REQUIRED_PACKAGES="debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git bc psmisc dbus sudo netselect-apt"
227 227 MISSING_PACKAGES=""
228 228
229 229 # Packages installed for c/c++ build environment in chroot (keep empty)
230 230 COMPILER_PACKAGES=""
231 231
232 232 #Check if apt-cacher-ng has port 3142 open and set APT_PROXY
233 233 APT_CACHER_RUNNING=$(lsof -i :3142 | cut -d ' ' -f3 | uniq | sed '/^\s*$/d')
234 234 if [ "${APT_CACHER_RUNNING}" = "apt-cacher-ng" ] ; then
235 235 APT_PROXY=http://127.0.0.1:3142/
236 236 fi
237 237
238 238 #netselect-apt does not know buster yet
239 239 if [ "$RELEASE" = "buster" ] ; then
240 240 RLS=testing
241 241 else
242 242 RLS="$RELEASE"
243 243 fi
244 244
245 245 if [ -f "$(pwd)/files/apt/sources.list" ] ; then
246 246 rm "$(pwd)/files/apt/sources.list"
247 247 fi
248 248
249 249 if [ "$ENABLE_NONFREE" = true ] ; then
250 250 netselect-apt --arch "$RELEASE_ARCH" -t 3 --sources --nonfree --outfile "$(pwd)/files/apt/sources.list" -d "$RLS"
251 251 else
252 252 netselect-apt --arch "$RELEASE_ARCH" -t 3 --sources --outfile "$(pwd)/files/apt/sources.list" -d "$RLS"
253 253 fi
254 254
255 255 #sed and cut the result string so we can use it as APT_SERVER
256 256 APT_SERVER=$(grep -m 1 http files/apt/sources.list | sed "s|http://| |g" | cut -d ' ' -f 3 | sed 's|/$|''|')
257 257
258 258 #make script easier and more stable to use with convenient setup switch. Just setup SET_ARCH and RPI_MODEL and your good to go!
259 259 if [ -n "$SET_ARCH" ] ; then
260 260 # 64-bit configuration
261 261 if [ "$SET_ARCH" = 64 ] ; then
262 262 # General 64-bit depended settings
263 263 QEMU_BINARY=${QEMU_BINARY:=/usr/bin/qemu-aarch64-static}
264 264 KERNEL_ARCH=${KERNEL_ARCH:=arm64}
265 265 KERNEL_BIN_IMAGE=${KERNEL_BIN_IMAGE:="Image"}
266 266
267 267 # Raspberry Pi model specific settings
268 268 if [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then
269 269 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-arm64"
270 270 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcmrpi3_defconfig}
271 271 RELEASE_ARCH=${RELEASE_ARCH:=arm64}
272 272 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel8.img}
273 273 CROSS_COMPILE=${CROSS_COMPILE:=aarch64-linux-gnu-}
274 274 else
275 275 echo "error: Only Raspberry PI 3 and 3B+ support 64-bit"
276 276 exit 1
277 277 fi
278 278 fi
279 279
280 280 # 32-bit configuration
281 281 if [ "$SET_ARCH" = 32 ] ; then
282 282 # General 32-bit dependend settings
283 283 QEMU_BINARY=${QEMU_BINARY:=/usr/bin/qemu-arm-static}
284 284 KERNEL_ARCH=${KERNEL_ARCH:=arm}
285 285 KERNEL_BIN_IMAGE=${KERNEL_BIN_IMAGE:="zImage"}
286 286
287 287 # Raspberry Pi model specific settings
288 288 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 1 ] || [ "$RPI_MODEL" = 1P ] ; then
289 289 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-armel"
290 290 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcmrpi_defconfig}
291 291 RELEASE_ARCH=${RELEASE_ARCH:=armel}
292 292 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel.img}
293 293 CROSS_COMPILE=${CROSS_COMPILE:=arm-linux-gnueabi-}
294 294 fi
295 295
296 296 # Raspberry Pi model specific settings
297 297 if [ "$RPI_MODEL" = 2 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then
298 298 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-armhf"
299 299 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcm2709_defconfig}
300 300 RELEASE_ARCH=${RELEASE_ARCH:=armhf}
301 301 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel7.img}
302 302 CROSS_COMPILE=${CROSS_COMPILE:=arm-linux-gnueabihf-}
303 303 fi
304 304 fi
305 305 #SET_ARCH not set
306 306 else
307 307 echo "error: Please set '32' or '64' as value for SET_ARCH"
308 308 exit 1
309 309 fi
310 310 # Device specific configuration and U-Boot configuration
311 311 case "$RPI_MODEL" in
312 312 0)
313 313 DTB_FILE=${DTB_FILE:=bcm2708-rpi-0-w.dtb}
314 314 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_defconfig}
315 315 ;;
316 316 1)
317 317 DTB_FILE=${DTB_FILE:=bcm2708-rpi-b.dtb}
318 318 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_defconfig}
319 319 ;;
320 320 1P)
321 321 DTB_FILE=${DTB_FILE:=bcm2708-rpi-b-plus.dtb}
322 322 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_defconfig}
323 323 ;;
324 324 2)
325 325 DTB_FILE=${DTB_FILE:=bcm2709-rpi-2-b.dtb}
326 326 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_2_defconfig}
327 327 ;;
328 328 3)
329 329 DTB_FILE=${DTB_FILE:=bcm2710-rpi-3-b.dtb}
330 330 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_3_defconfig}
331 331 ;;
332 332 3P)
333 333 DTB_FILE=${DTB_FILE:=bcm2710-rpi-3-b.dtb}
334 334 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_3_defconfig}
335 335 ;;
336 336 *)
337 337 echo "error: Raspberry Pi model $RPI_MODEL is not supported!"
338 338 exit 1
339 339 ;;
340 340 esac
341 341
342 342 # Raspberry PI 0,3,3P with Bluetooth and Wifi onboard
343 343 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then
344 344 # Include bluetooth packages on supported boards
345 345 if [ "$ENABLE_BLUETOOTH" = true ] ; then
346 346 APT_INCLUDES="${APT_INCLUDES},bluetooth,bluez"
347 347 fi
348 if [ "$ENABLE_WIRELESS" = true ] ; then
349 APT_INCLUDES="${APT_INCLUDES},wireless-tools,crda,wireless-regdb"
350 fi
348 351 else # Raspberry PI 1,1P,2 without Wifi and bluetooth onboard
349 352 # Check if the internal wireless interface is not supported by the RPi model
350 353 if [ "$ENABLE_WIRELESS" = true ] || [ "$ENABLE_BLUETOOTH" = true ]; then
351 354 echo "error: The selected Raspberry Pi model has no integrated interface for wireless or bluetooth"
352 355 exit 1
353 356 fi
354 357 fi
355 358
356 359 if [ "$BUILD_KERNEL" = false ] && [ "$ENABLE_NEXMON" = true ]; then
357 360 echo "error: You have to compile kernel sources, if you want to enable nexmon"
358 361 exit 1
359 362 fi
360 363
361 364 # Prepare date string for default image file name
362 365 DATE="$(date +%Y-%m-%d)"
363 366 if [ -z "$KERNEL_BRANCH" ] ; then
364 367 IMAGE_NAME=${IMAGE_NAME:=${BASEDIR}/${DATE}-${KERNEL_ARCH}-CURRENT-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}}
365 368 else
366 369 IMAGE_NAME=${IMAGE_NAME:=${BASEDIR}/${DATE}-${KERNEL_ARCH}-${KERNEL_BRANCH}-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}}
367 370 fi
368 371
369 372 # Check if DISABLE_UNDERVOLT_WARNINGS parameter value is supported
370 373 if [ -n "$DISABLE_UNDERVOLT_WARNINGS" ] ; then
371 374 if [ "$DISABLE_UNDERVOLT_WARNINGS" != 1 ] && [ "$DISABLE_UNDERVOLT_WARNINGS" != 2 ] ; then
372 375 echo "error: DISABLE_UNDERVOLT_WARNINGS=${DISABLE_UNDERVOLT_WARNINGS} is not supported"
373 376 exit 1
374 377 fi
375 378 fi
376 379
377 380 set +x
378 381
379 382 # Add cmake to compile videocore sources
380 383 if [ "$ENABLE_VIDEOCORE" = true ] ; then
381 384 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} cmake"
382 385 fi
383 386
384 387 # Add deps for nexmon
385 388 if [ "$ENABLE_NEXMON" = true ] ; then
386 389 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} libgmp3-dev gawk qpdf bison flex make autoconf automake build-essential libtool"
387 390 fi
388 391
389 392 # Add libncurses5 to enable kernel menuconfig
390 393 if [ "$KERNEL_MENUCONFIG" = true ] ; then
391 394 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} libncurses-dev"
392 395 fi
393 396
394 397 # Add ccache compiler cache for (faster) kernel cross (re)compilation
395 398 if [ "$KERNEL_CCACHE" = true ] ; then
396 399 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} ccache"
397 400 fi
398 401
399 402 # Add cryptsetup package to enable filesystem encryption
400 403 if [ "$ENABLE_CRYPTFS" = true ] && [ "$BUILD_KERNEL" = true ] ; then
401 404 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} cryptsetup"
402 405 APT_INCLUDES="${APT_INCLUDES},cryptsetup,busybox,console-setup"
403 406
404 407 #If cryptfs,dropbear and initramfs are enabled include dropbear-initramfs package
405 408 if [ "$CRYPTFS_DROPBEAR" = true ] && [ "$ENABLE_INITRAMFS" = true ]; then
406 409 APT_INCLUDES="${APT_INCLUDES},dropbear-initramfs"
407 410 fi
408 411
409 412 if [ -z "$CRYPTFS_PASSWORD" ] ; then
410 413 echo "error: no password defined (CRYPTFS_PASSWORD)!"
411 414 exit 1
412 415 fi
413 416 ENABLE_INITRAMFS=true
414 417 fi
415 418
416 419 # Add initramfs generation tools
417 420 if [ "$ENABLE_INITRAMFS" = true ] && [ "$BUILD_KERNEL" = true ] ; then
418 421 APT_INCLUDES="${APT_INCLUDES},initramfs-tools"
419 422 fi
420 423
421 424 # Add device-tree-compiler required for building the U-Boot bootloader
422 425 if [ "$ENABLE_UBOOT" = true ] ; then
423 426 APT_INCLUDES="${APT_INCLUDES},device-tree-compiler,bison,flex,bc"
424 427 else
425 428 if [ "$ENABLE_UBOOTUSB" = true ] ; then
426 429 echo "error: Enabling UBOOTUSB requires u-boot to be enabled"
427 430 exit 1
428 431 fi
429 432 fi
430 433
431 434 # Check if root SSH (v2) public key file exists
432 435 if [ -n "$SSH_ROOT_PUB_KEY" ] ; then
433 436 if [ ! -f "$SSH_ROOT_PUB_KEY" ] ; then
434 437 echo "error: '$SSH_ROOT_PUB_KEY' specified SSH public key file not found (SSH_ROOT_PUB_KEY)!"
435 438 exit 1
436 439 fi
437 440 fi
438 441
439 442 # Check if $USER_NAME SSH (v2) public key file exists
440 443 if [ -n "$SSH_USER_PUB_KEY" ] ; then
441 444 if [ ! -f "$SSH_USER_PUB_KEY" ] ; then
442 445 echo "error: '$SSH_USER_PUB_KEY' specified SSH public key file not found (SSH_USER_PUB_KEY)!"
443 446 exit 1
444 447 fi
445 448 fi
446 449
447 450 if [ "$ENABLE_NEXMON" = true ] && [ -n "$KERNEL_BRANCH" ] ; then
448 451 echo "error: Please unset KERNEL_BRANCH if using ENABLE_NEXMON"
449 452 exit 1
450 453 fi
451 454
452 455 # Check if all required packages are installed on the build system
453 456 for package in $REQUIRED_PACKAGES ; do
454 457 if [ "$(dpkg-query -W -f='${Status}' "$package")" != "install ok installed" ] ; then
455 458 MISSING_PACKAGES="${MISSING_PACKAGES} $package"
456 459 fi
457 460 done
458 461
459 462 # If there are missing packages ask confirmation for install, or exit
460 463 if [ -n "$MISSING_PACKAGES" ] ; then
461 464 echo "the following packages needed by this script are not installed:"
462 465 echo "$MISSING_PACKAGES"
463 466
464 467 printf "\ndo you want to install the missing packages right now? [y/n] "
465 468 read -r confirm
466 469 [ "$confirm" != "y" ] && exit 1
467 470
468 471 # Make sure all missing required packages are installed
469 472 apt-get -qq -y install `echo "${MISSING_PACKAGES}" | sed "s/ //"`
470 473 fi
471 474
472 475 # Check if ./bootstrap.d directory exists
473 476 if [ ! -d "./bootstrap.d/" ] ; then
474 477 echo "error: './bootstrap.d' required directory not found!"
475 478 exit 1
476 479 fi
477 480
478 481 # Check if ./files directory exists
479 482 if [ ! -d "./files/" ] ; then
480 483 echo "error: './files' required directory not found!"
481 484 exit 1
482 485 fi
483 486
484 487 # Check if specified KERNELSRC_DIR directory exists
485 488 if [ -n "$KERNELSRC_DIR" ] && [ ! -d "$KERNELSRC_DIR" ] ; then
486 489 echo "error: '${KERNELSRC_DIR}' specified directory not found (KERNELSRC_DIR)!"
487 490 exit 1
488 491 fi
489 492
490 493 # Check if specified UBOOTSRC_DIR directory exists
491 494 if [ -n "$UBOOTSRC_DIR" ] && [ ! -d "$UBOOTSRC_DIR" ] ; then
492 495 echo "error: '${UBOOTSRC_DIR}' specified directory not found (UBOOTSRC_DIR)!"
493 496 exit 1
494 497 fi
495 498
496 499 # Check if specified VIDEOCORESRC_DIR directory exists
497 500 if [ -n "$VIDEOCORESRC_DIR" ] && [ ! -d "$VIDEOCORESRC_DIR" ] ; then
498 501 echo "error: '${VIDEOCORESRC_DIR}' specified directory not found (VIDEOCORESRC_DIR)!"
499 502 exit 1
500 503 fi
501 504
502 505 # Check if specified FBTURBOSRC_DIR directory exists
503 506 if [ -n "$FBTURBOSRC_DIR" ] && [ ! -d "$FBTURBOSRC_DIR" ] ; then
504 507 echo "error: '${FBTURBOSRC_DIR}' specified directory not found (FBTURBOSRC_DIR)!"
505 508 exit 1
506 509 fi
507 510
508 511 # Check if specified NEXMONSRC_DIR directory exists
509 512 if [ -n "$NEXMONSRC_DIR" ] && [ ! -d "$NEXMONSRC_DIR" ] ; then
510 513 echo "error: '${NEXMONSRC_DIR}' specified directory not found (NEXMONSRC_DIR)!"
511 514 exit 1
512 515 fi
513 516
514 517 # Check if specified CHROOT_SCRIPTS directory exists
515 518 if [ -n "$CHROOT_SCRIPTS" ] && [ ! -d "$CHROOT_SCRIPTS" ] ; then
516 519 echo "error: ${CHROOT_SCRIPTS} specified directory not found (CHROOT_SCRIPTS)!"
517 520 exit 1
518 521 fi
519 522
520 523 # Check if specified device mapping already exists (will be used by cryptsetup)
521 524 if [ -r "/dev/mapping/${CRYPTFS_MAPPING}" ] ; then
522 525 echo "error: mapping /dev/mapping/${CRYPTFS_MAPPING} already exists, not proceeding"
523 526 exit 1
524 527 fi
525 528
526 529 # Don't clobber an old build
527 530 if [ -e "$BUILDDIR" ] ; then
528 531 echo "error: directory ${BUILDDIR} already exists, not proceeding"
529 532 exit 1
530 533 fi
531 534
532 535 # Setup chroot directory
533 536 mkdir -p "${R}"
534 537
535 538 # Check if build directory has enough of free disk space >512MB
536 539 if [ "$(df --output=avail "${BUILDDIR}" | sed "1d")" -le "524288" ] ; then
537 540 echo "error: ${BUILDDIR} not enough space left to generate the output image!"
538 541 exit 1
539 542 fi
540 543
541 544 set -x
542 545
543 546 # Call "cleanup" function on various signals and errors
544 547 trap cleanup 0 1 2 3 6
545 548
546 549 # Add required packages for the minbase installation
547 550 if [ "$ENABLE_MINBASE" = true ] ; then
548 551 APT_INCLUDES="${APT_INCLUDES},vim-tiny,netbase,net-tools,ifupdown"
549 552 fi
550 553
551 554 # Add parted package, required to get partprobe utility
552 555 if [ "$EXPANDROOT" = true ] ; then
553 556 APT_INCLUDES="${APT_INCLUDES},parted"
554 557 fi
555 558
556 559 # Add dbus package, recommended if using systemd
557 560 if [ "$ENABLE_DBUS" = true ] ; then
558 561 APT_INCLUDES="${APT_INCLUDES},dbus"
559 562 fi
560 563
561 564 # Add iptables IPv4/IPv6 package
562 565 if [ "$ENABLE_IPTABLES" = true ] ; then
563 566 APT_INCLUDES="${APT_INCLUDES},iptables,iptables-persistent"
564 567 fi
565 568
566 569 # Add openssh server package
567 570 if [ "$ENABLE_SSHD" = true ] ; then
568 571 APT_INCLUDES="${APT_INCLUDES},openssh-server"
569 572 fi
570 573
571 574 # Add alsa-utils package
572 575 if [ "$ENABLE_SOUND" = true ] ; then
573 576 APT_INCLUDES="${APT_INCLUDES},alsa-utils"
574 577 fi
575 578
576 579 # Add rng-tools package
577 580 if [ "$ENABLE_HWRANDOM" = true ] ; then
578 581 APT_INCLUDES="${APT_INCLUDES},rng-tools"
579 582 fi
580 583
581 584 # Add fbturbo video driver
582 585 if [ "$ENABLE_FBTURBO" = true ] ; then
583 586 # Enable xorg package dependencies
584 587 ENABLE_XORG=true
585 588 fi
586 589
587 590 # Add user defined window manager package
588 591 if [ -n "$ENABLE_WM" ] ; then
589 592 APT_INCLUDES="${APT_INCLUDES},${ENABLE_WM}"
590 593
591 594 # Enable xorg package dependencies
592 595 ENABLE_XORG=true
593 596 fi
594 597
595 598 # Add xorg package
596 599 if [ "$ENABLE_XORG" = true ] ; then
597 600 APT_INCLUDES="${APT_INCLUDES},xorg,dbus-x11"
598 601 fi
599 602
600 603 # Replace selected packages with smaller clones
601 604 if [ "$ENABLE_REDUCE" = true ] ; then
602 605 # Add levee package instead of vim-tiny
603 606 if [ "$REDUCE_VIM" = true ] ; then
604 607 APT_INCLUDES="$(echo ${APT_INCLUDES} | sed "s/vim-tiny/levee/")"
605 608 fi
606 609
607 610 # Add dropbear package instead of openssh-server
608 611 if [ "$REDUCE_SSHD" = true ] ; then
609 612 APT_INCLUDES="$(echo "${APT_INCLUDES}" | sed "s/openssh-server/dropbear/")"
610 613 fi
611 614 fi
612 615
613 616 # Configure systemd-sysv exclude to make halt/reboot/shutdown scripts available
614 617 if [ "$ENABLE_SYSVINIT" = false ] ; then
615 618 APT_EXCLUDES="--exclude=${APT_EXCLUDES},init,systemd-sysv"
616 619 fi
617 620
618 621 # Configure kernel sources if no KERNELSRC_DIR
619 622 if [ "$BUILD_KERNEL" = true ] && [ -z "$KERNELSRC_DIR" ] ; then
620 623 KERNELSRC_CONFIG=true
621 624 fi
622 625
623 626 # Configure reduced kernel
624 627 if [ "$KERNEL_REDUCE" = true ] ; then
625 628 KERNELSRC_CONFIG=false
626 629 fi
627 630
628 631 # Configure qemu compatible kernel
629 632 if [ "$ENABLE_QEMU" = true ] ; then
630 633 DTB_FILE=vexpress-v2p-ca15_a7.dtb
631 634 UBOOT_CONFIG=vexpress_ca15_tc2_defconfig
632 635 KERNEL_DEFCONFIG="vexpress_defconfig"
633 636 if [ "$KERNEL_MENUCONFIG" = false ] ; then
634 637 KERNEL_OLDDEFCONFIG=true
635 638 fi
636 639 fi
637 640
638 641 # Execute bootstrap scripts
639 642 for SCRIPT in bootstrap.d/*.sh; do
640 643 head -n 3 "$SCRIPT"
641 644 . "$SCRIPT"
642 645 done
643 646
644 647 ## Execute custom bootstrap scripts
645 648 if [ -d "custom.d" ] ; then
646 649 for SCRIPT in custom.d/*.sh; do
647 650 . "$SCRIPT"
648 651 done
649 652 fi
650 653
651 654 # Execute custom scripts inside the chroot
652 655 if [ -n "$CHROOT_SCRIPTS" ] && [ -d "$CHROOT_SCRIPTS" ] ; then
653 656 cp -r "${CHROOT_SCRIPTS}" "${R}/chroot_scripts"
654 657 chroot_exec /bin/bash -x <<'EOF'
655 658 for SCRIPT in /chroot_scripts/* ; do
656 659 if [ -f $SCRIPT -a -x $SCRIPT ] ; then
657 660 $SCRIPT
658 661 fi
659 662 done
660 663 EOF
661 664 rm -rf "${R}/chroot_scripts"
662 665 fi
663 666
664 667 # Remove c/c++ build environment from the chroot
665 668 chroot_remove_cc
666 669
667 670 # Generate required machine-id
668 671 MACHINE_ID=$(dbus-uuidgen)
669 672 echo -n "${MACHINE_ID}" > "${R}/var/lib/dbus/machine-id"
670 673 echo -n "${MACHINE_ID}" > "${ETC_DIR}/machine-id"
671 674
672 675 # APT Cleanup
673 676 chroot_exec apt-get -y clean
674 677 chroot_exec apt-get -y autoclean
675 678 chroot_exec apt-get -y autoremove
676 679
677 680 # Unmount mounted filesystems
678 681 umount -l "${R}/proc"
679 682 umount -l "${R}/sys"
680 683
681 684 # Clean up directories
682 685 rm -rf "${R}/run/*"
683 686 rm -rf "${R}/tmp/*"
684 687
685 688 # Clean up files
686 689 rm -f "${ETC_DIR}/ssh/ssh_host_*"
687 690 rm -f "${ETC_DIR}/dropbear/dropbear_*"
688 691 rm -f "${ETC_DIR}/apt/sources.list.save"
689 692 rm -f "${ETC_DIR}/resolvconf/resolv.conf.d/original"
690 693 rm -f "${ETC_DIR}/*-"
691 694 rm -f "${ETC_DIR}/apt/apt.conf.d/10proxy"
692 695 rm -f "${ETC_DIR}/resolv.conf"
693 696 rm -f "${R}/root/.bash_history"
694 697 rm -f "${R}/var/lib/urandom/random-seed"
695 698 rm -f "${R}/initrd.img"
696 699 rm -f "${R}/vmlinuz"
697 700 rm -f "${R}${QEMU_BINARY}"
698 701
699 702 if [ "$ENABLE_QEMU" = true ] ; then
700 703 # Setup QEMU directory
701 704 mkdir "${BASEDIR}/qemu"
702 705
703 706 # Copy kernel image to QEMU directory
704 707 install_readonly "${BOOT_DIR}/${KERNEL_IMAGE}" "${BASEDIR}/qemu/${KERNEL_IMAGE}"
705 708
706 709 # Copy kernel config to QEMU directory
707 710 install_readonly "${R}/boot/config-${KERNEL_VERSION}" "${BASEDIR}/qemu/config-${KERNEL_VERSION}"
708 711
709 712 # Copy kernel dtbs to QEMU directory
710 713 for dtb in "${BOOT_DIR}/"*.dtb ; do
711 714 if [ -f "${dtb}" ] ; then
712 715 install_readonly "${dtb}" "${BASEDIR}/qemu/"
713 716 fi
714 717 done
715 718
716 719 # Copy kernel overlays to QEMU directory
717 720 if [ -d "${BOOT_DIR}/overlays" ] ; then
718 721 # Setup overlays dtbs directory
719 722 mkdir "${BASEDIR}/qemu/overlays"
720 723
721 724 for dtb in "${BOOT_DIR}/overlays/"*.dtb ; do
722 725 if [ -f "${dtb}" ] ; then
723 726 install_readonly "${dtb}" "${BASEDIR}/qemu/overlays/"
724 727 fi
725 728 done
726 729 fi
727 730
728 731 # Copy u-boot files to QEMU directory
729 732 if [ "$ENABLE_UBOOT" = true ] ; then
730 733 if [ -f "${BOOT_DIR}/u-boot.bin" ] ; then
731 734 install_readonly "${BOOT_DIR}/u-boot.bin" "${BASEDIR}/qemu/u-boot.bin"
732 735 fi
733 736 if [ -f "${BOOT_DIR}/uboot.mkimage" ] ; then
734 737 install_readonly "${BOOT_DIR}/uboot.mkimage" "${BASEDIR}/qemu/uboot.mkimage"
735 738 fi
736 739 if [ -f "${BOOT_DIR}/boot.scr" ] ; then
737 740 install_readonly "${BOOT_DIR}/boot.scr" "${BASEDIR}/qemu/boot.scr"
738 741 fi
739 742 fi
740 743
741 744 # Copy initramfs to QEMU directory
742 745 if [ -f "${BOOT_DIR}/initramfs-${KERNEL_VERSION}" ] ; then
743 746 install_readonly "${BOOT_DIR}/initramfs-${KERNEL_VERSION}" "${BASEDIR}/qemu/initramfs-${KERNEL_VERSION}"
744 747 fi
745 748 fi
746 749
747 750 # Calculate size of the chroot directory in KB
748 751 CHROOT_SIZE=$(expr "$(du -s "${R}" | awk '{ print $1 }')")
749 752
750 753 # Calculate the amount of needed 512 Byte sectors
751 754 TABLE_SECTORS=$(expr 1 \* 1024 \* 1024 \/ 512)
752 755 FRMW_SECTORS=$(expr 64 \* 1024 \* 1024 \/ 512)
753 756 ROOT_OFFSET=$(expr "${TABLE_SECTORS}" + "${FRMW_SECTORS}")
754 757
755 758 # The root partition is EXT4
756 759 # This means more space than the actual used space of the chroot is used.
757 760 # As overhead for journaling and reserved blocks 35% are added.
758 761 ROOT_SECTORS=$(expr "$(expr "${CHROOT_SIZE}" + "${CHROOT_SIZE}" \/ 100 \* 35)" \* 1024 \/ 512)
759 762
760 763 # Calculate required image size in 512 Byte sectors
761 764 IMAGE_SECTORS=$(expr "${TABLE_SECTORS}" + "${FRMW_SECTORS}" + "${ROOT_SECTORS}")
762 765
763 766 # Prepare image file
764 767 if [ "$ENABLE_SPLITFS" = true ] ; then
765 768 dd if=/dev/zero of="$IMAGE_NAME-frmw.img" bs=512 count="${TABLE_SECTORS}"
766 769 dd if=/dev/zero of="$IMAGE_NAME-frmw.img" bs=512 count=0 seek="${FRMW_SECTORS}"
767 770 dd if=/dev/zero of="$IMAGE_NAME-root.img" bs=512 count="${TABLE_SECTORS}"
768 771 dd if=/dev/zero of="$IMAGE_NAME-root.img" bs=512 count=0 seek="${ROOT_SECTORS}"
769 772
770 773 # Write firmware/boot partition tables
771 774 sfdisk -q -L -uS -f "$IMAGE_NAME-frmw.img" 2> /dev/null <<EOM
772 775 ${TABLE_SECTORS},${FRMW_SECTORS},c,*
773 776 EOM
774 777
775 778 # Write root partition table
776 779 sfdisk -q -L -uS -f "$IMAGE_NAME-root.img" 2> /dev/null <<EOM
777 780 ${TABLE_SECTORS},${ROOT_SECTORS},83
778 781 EOM
779 782
780 783 # Setup temporary loop devices
781 784 FRMW_LOOP="$(losetup -o 1M --sizelimit 64M -f --show "$IMAGE_NAME"-frmw.img)"
782 785 ROOT_LOOP="$(losetup -o 1M -f --show "$IMAGE_NAME"-root.img)"
783 786 else # ENABLE_SPLITFS=false
784 787 dd if=/dev/zero of="$IMAGE_NAME.img" bs=512 count="${TABLE_SECTORS}"
785 788 dd if=/dev/zero of="$IMAGE_NAME.img" bs=512 count=0 seek="${IMAGE_SECTORS}"
786 789
787 790 # Write partition table
788 791 sfdisk -q -L -uS -f "$IMAGE_NAME.img" 2> /dev/null <<EOM
789 792 ${TABLE_SECTORS},${FRMW_SECTORS},c,*
790 793 ${ROOT_OFFSET},${ROOT_SECTORS},83
791 794 EOM
792 795
793 796 # Setup temporary loop devices
794 797 FRMW_LOOP="$(losetup -o 1M --sizelimit 64M -f --show "$IMAGE_NAME".img)"
795 798 ROOT_LOOP="$(losetup -o 65M -f --show "$IMAGE_NAME".img)"
796 799 fi
797 800
798 801 if [ "$ENABLE_CRYPTFS" = true ] ; then
799 802 # Create dummy ext4 fs
800 803 mkfs.ext4 "$ROOT_LOOP"
801 804
802 805 # Setup password keyfile
803 806 touch .password
804 807 chmod 600 .password
805 808 echo -n ${CRYPTFS_PASSWORD} > .password
806 809
807 810 # Initialize encrypted partition
808 811 echo "YES" | cryptsetup luksFormat "${ROOT_LOOP}" -c "${CRYPTFS_CIPHER}" -s "${CRYPTFS_XTSKEYSIZE}" .password
809 812
810 813 # Open encrypted partition and setup mapping
811 814 cryptsetup luksOpen "${ROOT_LOOP}" -d .password "${CRYPTFS_MAPPING}"
812 815
813 816 # Secure delete password keyfile
814 817 shred -zu .password
815 818
816 819 # Update temporary loop device
817 820 ROOT_LOOP="/dev/mapper/${CRYPTFS_MAPPING}"
818 821
819 822 # Wipe encrypted partition (encryption cipher is used for randomness)
820 823 dd if=/dev/zero of="${ROOT_LOOP}" bs=512 count="$(blockdev --getsz "${ROOT_LOOP}")"
821 824 fi
822 825
823 826 # Build filesystems
824 827 mkfs.vfat "$FRMW_LOOP"
825 828 mkfs.ext4 "$ROOT_LOOP"
826 829
827 830 # Mount the temporary loop devices
828 831 mkdir -p "$BUILDDIR/mount"
829 832 mount "$ROOT_LOOP" "$BUILDDIR/mount"
830 833
831 834 mkdir -p "$BUILDDIR/mount/boot/firmware"
832 835 mount "$FRMW_LOOP" "$BUILDDIR/mount/boot/firmware"
833 836
834 837 # Copy all files from the chroot to the loop device mount point directory
835 838 rsync -a "${R}/" "$BUILDDIR/mount/"
836 839
837 840 # Unmount all temporary loop devices and mount points
838 841 cleanup
839 842
840 843 # Create block map file(s) of image(s)
841 844 if [ "$ENABLE_SPLITFS" = true ] ; then
842 845 # Create block map files for "bmaptool"
843 846 bmaptool create -o "$IMAGE_NAME-frmw.bmap" "$IMAGE_NAME-frmw.img"
844 847 bmaptool create -o "$IMAGE_NAME-root.bmap" "$IMAGE_NAME-root.img"
845 848
846 849 # Image was successfully created
847 850 echo "$IMAGE_NAME-frmw.img ($(expr \( "${TABLE_SECTORS}" + "${FRMW_SECTORS}" \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
848 851 echo "$IMAGE_NAME-root.img ($(expr \( "${TABLE_SECTORS}" + "${ROOT_SECTORS}" \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
849 852 else
850 853 # Create block map file for "bmaptool"
851 854 bmaptool create -o "$IMAGE_NAME.bmap" "$IMAGE_NAME.img"
852 855
853 856 # Image was successfully created
854 857 echo "$IMAGE_NAME.img ($(expr \( "${TABLE_SECTORS}" + "${FRMW_SECTORS}" + "${ROOT_SECTORS}" \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
855 858
856 859 # Create qemu qcow2 image
857 860 if [ "$ENABLE_QEMU" = true ] ; then
858 861 QEMU_IMAGE=${QEMU_IMAGE:=${BASEDIR}/qemu/${DATE}-${KERNEL_ARCH}-CURRENT-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}}
859 862 QEMU_SIZE=16G
860 863
861 864 qemu-img convert -f raw -O qcow2 "$IMAGE_NAME".img "$QEMU_IMAGE".qcow2
862 865 qemu-img resize "$QEMU_IMAGE".qcow2 $QEMU_SIZE
863 866
864 867 echo "$QEMU_IMAGE.qcow2 ($QEMU_SIZE)" ": successfully created"
865 868 fi
866 869 fi
General Comments 0
Vous devez vous connecter pour laisser un commentaire. Se connecter maintenant