##// END OF EJS Templates
a
Unknown -
r432:314af4fc6dc8
parent child
Show More
@@ -1,502 +1,502
1 1 # rpi23-gen-image
2 2 ## Introduction
3 `rpi23-gen-image.sh` is an advanced Debian Linux bootstrapping shell script for generating Debian OS images for Raspberry Pi 2 (RPi2) and Raspberry Pi 3 (RPi3) computers. The script at this time supports the bootstrapping of the Debian (armhf) releases `stretch` and `buster`. Raspberry Pi 3 images are generated for 32-bit mode only. Raspberry Pi 3 64-bit images can be generated using custom configuration parameters (```templates/rpi3-stretch-arm64-4.11.y```).
3 `rpi23-gen-image.sh` is an advanced Debian Linux bootstrapping shell script for generating Debian OS images for Raspberry Pi 2 (RPi2) and Raspberry Pi 3 (RPi3) computers. The script at this time supports the bootstrapping of the Debian (armhf) releases `stretch` and `buster`. Raspberry Pi 3 images are generated for 32-bit mode only. Raspberry Pi 3 64-bit images can be generated using custom configuration parameters (```templates/rpi3-stretch-arm64-4.14.y```).
4 4
5 5 ## Build dependencies
6 6 The following list of Debian packages must be installed on the build system because they are essentially required for the bootstrapping process. The script will check if all required packages are installed and missing packages will be installed automatically if confirmed by the user.
7 7
8 8 ```debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git bc psmisc dbus sudo```
9 9
10 10 It is recommended to configure the `rpi23-gen-image.sh` script to build and install the latest Raspberry Pi Linux kernel. For the RPi3 this is mandatory. Kernel compilation and linking will be performed on the build system using an ARM (armhf) cross-compiler toolchain.
11 11
12 12 The script has been tested using the default `crossbuild-essential-armhf` toolchain meta package on Debian Linux `stretch` build systems. Please check the [Debian CrossToolchains Wiki](https://wiki.debian.org/CrossToolchains) for further information.
13 13
14 14 ## Command-line parameters
15 15 The script accepts certain command-line parameters to enable or disable specific OS features, services and configuration settings. These parameters are passed to the `rpi23-gen-image.sh` script via (simple) shell-variables. Unlike environment shell-variables (simple) shell-variables are defined at the beginning of the command-line call of the `rpi23-gen-image.sh` script.
16 16
17 17 ##### Command-line examples:
18 18 ```shell
19 19 ENABLE_UBOOT=true ./rpi23-gen-image.sh
20 20 ENABLE_CONSOLE=false ENABLE_IPV6=false ./rpi23-gen-image.sh
21 21 ENABLE_WM=xfce4 ENABLE_FBTURBO=true ENABLE_MINBASE=true ./rpi23-gen-image.sh
22 22 ENABLE_HARDNET=true ENABLE_IPTABLES=true /rpi23-gen-image.sh
23 23 APT_SERVER=ftp.de.debian.org APT_PROXY="http://127.0.0.1:3142/" ./rpi23-gen-image.sh
24 24 ENABLE_MINBASE=true ./rpi23-gen-image.sh
25 25 BUILD_KERNEL=true ENABLE_MINBASE=true ENABLE_IPV6=false ./rpi23-gen-image.sh
26 26 BUILD_KERNEL=true KERNELSRC_DIR=/tmp/linux ./rpi23-gen-image.sh
27 27 ENABLE_MINBASE=true ENABLE_REDUCE=true ENABLE_MINGPU=true BUILD_KERNEL=true ./rpi23-gen-image.sh
28 28 ENABLE_CRYPTFS=true CRYPTFS_PASSWORD=changeme EXPANDROOT=false ENABLE_MINBASE=true ENABLE_REDUCE=true ENABLE_MINGPU=true BUILD_KERNEL=true ./rpi23-gen-image.sh
29 29 RELEASE=stretch BUILD_KERNEL=true ./rpi23-gen-image.sh
30 30 RPI_MODEL=3 ENABLE_WIRELESS=true ENABLE_MINBASE=true BUILD_KERNEL=true ./rpi23-gen-image.sh
31 31 RELEASE=stretch RPI_MODEL=3 ENABLE_WIRELESS=true ENABLE_MINBASE=true BUILD_KERNEL=true ./rpi23-gen-image.sh
32 32 ```
33 33
34 34 ## Configuration template files
35 35 To avoid long lists of command-line parameters and to help to store the favourite parameter configurations the `rpi23-gen-image.sh` script supports so called configuration template files (`CONFIG_TEMPLATE`=template). These are simple text files located in the `./templates` directory that contain the list of configuration parameters that will be used. New configuration template files can be added to the `./templates` directory.
36 36
37 37 ##### Command-line examples:
38 38 ```shell
39 39 CONFIG_TEMPLATE=rpi3stretch ./rpi23-gen-image.sh
40 40 CONFIG_TEMPLATE=rpi2stretch ./rpi23-gen-image.sh
41 41 ```
42 42
43 43 ## Supported parameters and settings
44 44 #### APT settings:
45 45 ##### `APT_SERVER`="ftp.debian.org/debian"
46 46 Set Debian packages server address. Choose a server from the list of Debian worldwide [mirror sites](https://www.debian.org/mirror/list). Using a nearby server will probably speed-up all required downloads within the bootstrapping process.
47 47
48 48 ##### `APT_PROXY`=""
49 49 Set Proxy server address. Using a local Proxy-Cache like `apt-cacher-ng` will speed-up the bootstrapping process because all required Debian packages will only be downloaded from the Debian mirror site once. If `apt-cacher-ng` is running on default `http://127.0.0.1:3142` it is autodetected and you don't need to set this.
50 50
51 51 ##### `APT_INCLUDES`=""
52 52 A comma separated list of additional packages to be installed by debootstrap during bootstrapping.
53 53
54 54 ##### `APT_INCLUDES_LATE`=""
55 55 A comma separated list of additional packages to be installed by apt after bootstrapping and after APT sources are set up. This is useful for packages with pre-depends, which debootstrap do not handle well.
56 56
57 57 ---
58 58
59 59 #### General system settings:
60 60 ##### `SET_ARCH`=32
61 61 Set Architecture to default 32bit. If you want to to compile 64bit (RPI3 or RPI3+) set it to `64`. This option will set every needed crosscompiler or boeard specific option for a successful build.
62 62 If you want to change e.g. cross-compiler -> Templates always override defaults
63 63
64 64 ##### `RPI_MODEL`=2
65 65 Specifiy the target Raspberry Pi hardware model. The script at this time supports the following Raspberry Pi models:
66 66 `0` = Used for Raspberry Pi 0 and Raspberry Pi 0 W
67 67 `1` = Used for Pi 1 model A and B
68 68 `1P` = Used for Pi 1 model B+ and A+
69 69 `2` = Used for Pi 2 model B
70 70 `3` = Used for Pi 3 model B
71 71 `3P` = Used for Pi 3 model B+
72 72 `BUILD_KERNEL`=true will automatically be set if the Raspberry Pi model `3` or `3P` is used.
73 73
74 74 ##### `RELEASE`="buster"
75 75 Set the desired Debian release name. The script at this time supports the bootstrapping of the Debian releases `stretch` and `buster`.
76 76
77 77 ##### `RELEASE_ARCH`="armhf"
78 78 Set the desired Debian release architecture.
79 79
80 80 ##### `HOSTNAME`="rpi$RPI_MODEL-$RELEASE"
81 81 Set system host name. It's recommended that the host name is unique in the corresponding subnet.
82 82
83 83 ##### `PASSWORD`="raspberry"
84 84 Set system `root` password. It's **STRONGLY** recommended that you choose a custom password.
85 85
86 86 ##### `USER_PASSWORD`="raspberry"
87 87 Set password for the created non-root user `USER_NAME`=pi. Ignored if `ENABLE_USER`=false. It's **STRONGLY** recommended that you choose a custom password.
88 88
89 89 ##### `DEFLOCAL`="en_US.UTF-8"
90 90 Set default system locale. This setting can also be changed inside the running OS using the `dpkg-reconfigure locales` command. Please note that on using this parameter the script will automatically install the required packages `locales`, `keyboard-configuration` and `console-setup`.
91 91
92 92 ##### `TIMEZONE`="Europe/Berlin"
93 93 Set default system timezone. All available timezones can be found in the `/usr/share/zoneinfo/` directory. This setting can also be changed inside the running OS using the `dpkg-reconfigure tzdata` command.
94 94
95 95 ##### `EXPANDROOT`=true
96 96 Expand the root partition and filesystem automatically on first boot.
97 97
98 98 ##### `ENABLE_QEMU`=false
99 99 Generate kernel (`vexpress_defconfig`), file system image (`qcow2`) and DTB files that can be used for QEMU full system emulation (`vexpress-A15`). The output files are stored in the `$(pwd)/images/qemu` directory. You can find more information about running the generated image in the QEMU section of this readme file.
100 100
101 101 ---
102 102
103 103 #### Keyboard settings:
104 104 These options are used to configure keyboard layout in `/etc/default/keyboard` for console and Xorg. These settings can also be changed inside the running OS using the `dpkg-reconfigure keyboard-configuration` command.
105 105
106 106 ##### `XKB_MODEL`=""
107 107 Set the name of the model of your keyboard type.
108 108
109 109 ##### `XKB_LAYOUT`=""
110 110 Set the supported keyboard layout(s).
111 111
112 112 ##### `XKB_VARIANT`=""
113 113 Set the supported variant(s) of the keyboard layout(s).
114 114
115 115 ##### `XKB_OPTIONS`=""
116 116 Set extra xkb configuration options.
117 117
118 118 ---
119 119
120 120 #### Networking settings (DHCP):
121 121 This parameter is used to set up networking auto configuration in `/etc/systemd/network/eth.network`. The default location of network configuration files in the Debian `stretch` release was changed to `/lib/systemd/network`.`
122 122
123 123 ##### `ENABLE_DHCP`=true
124 124 Set the system to use DHCP. This requires an DHCP server.
125 125
126 126 ---
127 127
128 128 #### Networking settings (static):
129 129 These parameters are used to set up a static networking configuration in `/etc/systemd/network/eth.network`. The following static networking parameters are only supported if `ENABLE_DHCP` was set to `false`. The default location of network configuration files in the Debian `stretch` release was changed to `/lib/systemd/network`.
130 130
131 131 ##### `NET_ADDRESS`=""
132 132 Set a static IPv4 or IPv6 address and its prefix, separated by "/", eg. "192.169.0.3/24".
133 133
134 134 ##### `NET_GATEWAY`=""
135 135 Set the IP address for the default gateway.
136 136
137 137 ##### `NET_DNS_1`=""
138 138 Set the IP address for the first DNS server.
139 139
140 140 ##### `NET_DNS_2`=""
141 141 Set the IP address for the second DNS server.
142 142
143 143 ##### `NET_DNS_DOMAINS`=""
144 144 Set the default DNS search domains to use for non fully qualified host names.
145 145
146 146 ##### `NET_NTP_1`=""
147 147 Set the IP address for the first NTP server.
148 148
149 149 ##### `NET_NTP_2`=""
150 150 Set the IP address for the second NTP server.
151 151
152 152 ---
153 153
154 154 #### Basic system features:
155 155 ##### `ENABLE_CONSOLE`=true
156 156 Enable serial console interface. Recommended if no monitor or keyboard is connected to the RPi2/3. In case of problems fe. if the network (auto) configuration failed - the serial console can be used to access the system. On `RPI_MODEL= 0,3,3P` - Bluetooth gets auto enabled if `ENABLE_CONSOLE` and `ENABLE_UBOOT` are set to `false`
157 157
158 158 ##### `ENABLE_I2C`=false
159 159 Enable I2C interface on the RPi2/3. Please check the [RPi2/3 pinout diagrams](https://elinux.org/RPi_Low-level_peripherals) to connect the right GPIO pins.
160 160
161 161 ##### `ENABLE_SPI`=false
162 162 Enable SPI interface on the RPi2/3. Please check the [RPi2/3 pinout diagrams](https://elinux.org/RPi_Low-level_peripherals) to connect the right GPIO pins.
163 163
164 164 ##### `ENABLE_IPV6`=true
165 165 Enable IPv6 support. The network interface configuration is managed via systemd-networkd.
166 166
167 167 ##### `ENABLE_SSHD`=true
168 168 Install and enable OpenSSH service. The default configuration of the service doesn't allow `root` to login. Please use the user `pi` instead and `su -` or `sudo` to execute commands as root.
169 169
170 170 ##### `ENABLE_NONFREE`=false
171 171 Allow the installation of non-free Debian packages that do not comply with the DFSG. This is required to install closed-source firmware binary blobs.
172 172
173 173 ##### `ENABLE_WIRELESS`=false
174 174 Download and install the [closed-source firmware binary blob](https://github.com/RPi-Distro/firmware-nonfree/raw/master/brcm) that is required to run the internal wireless interface of the Raspberry Pi model `3`. This parameter is ignored if the specified `RPI_MODEL` is not `3`.
175 175
176 176 ##### `ENABLE_RSYSLOG`=true
177 177 If set to false, disable and uninstall rsyslog (so logs will be available only
178 178 in journal files)
179 179
180 180 ##### `ENABLE_SOUND`=true
181 181 Enable sound hardware and install Advanced Linux Sound Architecture.
182 182
183 183 ##### `ENABLE_HWRANDOM`=true
184 184 Enable Hardware Random Number Generator. Strong random numbers are important for most network based communications that use encryption. It's recommended to be enabled.
185 185
186 186 ##### `ENABLE_MINGPU`=false
187 187 Minimize the amount of shared memory reserved for the GPU. It doesn't seem to be possible to fully disable the GPU.
188 188
189 189 ##### `ENABLE_DBUS`=true
190 190 Install and enable D-Bus message bus. Please note that systemd should work without D-bus but it's recommended to be enabled.
191 191
192 192 ##### `ENABLE_XORG`=false
193 193 Install Xorg open-source X Window System.
194 194
195 195 ##### `ENABLE_WM`=""
196 196 Install a user defined window manager for the X Window System. To make sure all X related package dependencies are getting installed `ENABLE_XORG` will automatically get enabled if `ENABLE_WM` is used. The `rpi23-gen-image.sh` script has been tested with the following list of window managers: `blackbox`, `openbox`, `fluxbox`, `jwm`, `dwm`, `xfce4`, `awesome`.
197 197
198 198 ##### `ENABLE_SYSVINIT`=false
199 199 Support for halt,init,poweroff,reboot,runlevel,shutdown,telinit commands
200 200
201 201 ---
202 202
203 203 #### Advanced system features:
204 204 ##### `ENABLE_MINBASE`=false
205 205 Use debootstrap script variant `minbase` which only includes essential packages and apt. This will reduce the disk usage by about 65 MB.
206 206
207 207 ##### `ENABLE_REDUCE`=false
208 208 Reduce the disk space usage by deleting packages and files. See `REDUCE_*` parameters for detailed information.
209 209
210 210 ##### `ENABLE_UBOOT`=false
211 211 Replace the default RPi2/3 second stage bootloader (bootcode.bin) with [U-Boot bootloader](https://git.denx.de/?p=u-boot.git;a=summary). U-Boot can boot images via the network using the BOOTP/TFTP protocol.
212 212
213 213 ##### `UBOOTSRC_DIR`=""
214 214 Path to a directory (`u-boot`) of [U-Boot bootloader sources](https://git.denx.de/?p=u-boot.git;a=summary) that will be copied, configured, build and installed inside the chroot.
215 215
216 216 ##### `ENABLE_FBTURBO`=false
217 217 Install and enable the [hardware accelerated Xorg video driver](https://github.com/ssvb/xf86-video-fbturbo) `fbturbo`. Please note that this driver is currently limited to hardware accelerated window moving and scrolling.
218 218
219 219 ##### `FBTURBOSRC_DIR`=""
220 220 Path to a directory (`xf86-video-fbturbo`) of [hardware accelerated Xorg video driver sources](https://github.com/ssvb/xf86-video-fbturbo) that will be copied, configured, build and installed inside the chroot.
221 221
222 222 ##### `ENABLE_VIDEOCORE`=false
223 223 Install and enable the [Source code for ARM side libraries for interfacing to Raspberry Pi GPU](https://github.com/raspberrypi/userland) `vcgencmd`. Please note that this driver is currently limited to hardware accelerated window moving and scrolling.
224 224
225 225 ##### `VIDEOCORESRC_DIR`=""
226 226 Path to a directory (`userland`) of [Source code for ARM side libraries for interfacing to Raspberry Pi GPU](https://github.com/raspberrypi/userland) that will be copied, configured, build and installed inside the chroot.
227 227
228 228 ##### `ENABLE_IPTABLES`=false
229 229 Enable iptables IPv4/IPv6 firewall. Simplified ruleset: Allow all outgoing connections. Block all incoming connections except to OpenSSH service.
230 230
231 231 ##### `ENABLE_USER`=true
232 232 Create non-root user with password `USER_PASSWORD`=raspberry. Unless overridden with `USER_NAME`=user, username will be `pi`.
233 233
234 234 ##### `USER_NAME`=pi
235 235 Non-root user to create. Ignored if `ENABLE_USER`=false
236 236
237 237 ##### `ENABLE_ROOT`=false
238 238 Set root user password so root login will be enabled
239 239
240 240 ##### `ENABLE_HARDNET`=false
241 241 Enable IPv4/IPv6 network stack hardening settings.
242 242
243 243 ##### `ENABLE_SPLITFS`=false
244 244 Enable having root partition on an USB drive by creating two image files: one for the `/boot/firmware` mount point, and another for `/`.
245 245
246 246 ##### `CHROOT_SCRIPTS`=""
247 247 Path to a directory with scripts that should be run in the chroot before the image is finally built. Every executable file in this directory is run in lexicographical order.
248 248
249 249 ##### `ENABLE_INITRAMFS`=false
250 250 Create an initramfs that that will be loaded during the Linux startup process. `ENABLE_INITRAMFS` will automatically get enabled if `ENABLE_CRYPTFS`=true. This parameter will be ignored if `BUILD_KERNEL`=false.
251 251
252 252 ##### `ENABLE_IFNAMES`=true
253 253 Enable automatic assignment of predictable, stable network interface names for all local Ethernet, WLAN interfaces. This might create complex and long interface names.
254 254
255 255 ##### `DISABLE_UNDERVOLT_WARNINGS`=
256 256 Disable RPi2/3 under-voltage warnings and overlays. Setting the parameter to `1` will disable the warning overlay. Setting it to `2` will additionally allow RPi2/3 turbo mode when low-voltage is present.
257 257
258 258 ---
259 259
260 260 #### SSH settings:
261 261 ##### `SSH_ENABLE_ROOT`=false
262 262 Enable password root login via SSH. This may be a security risk with default password, use only in trusted environments. `ENABLE_ROOT` must be set to `true`.
263 263
264 264 ##### `SSH_DISABLE_PASSWORD_AUTH`=false
265 265 Disable password based SSH authentication. Only public key based SSH (v2) authentication will be supported.
266 266
267 267 ##### `SSH_LIMIT_USERS`=false
268 268 Limit the users that are allowed to login via SSH. Only allow user `USER_NAME`=pi and root if `SSH_ENABLE_ROOT`=true to login. This parameter will be ignored if `dropbear` SSH is used (`REDUCE_SSHD`=true).
269 269
270 270 ##### `SSH_ROOT_PUB_KEY`=""
271 271 Add SSH (v2) public key(s) from specified file to `authorized_keys` file to enable public key based SSH (v2) authentication of user `root`. The specified file can also contain multiple SSH (v2) public keys. SSH protocol version 1 is not supported. `ENABLE_ROOT` **and** `SSH_ENABLE_ROOT` must be set to `true`.
272 272
273 273 ##### `SSH_USER_PUB_KEY`=""
274 274 Add SSH (v2) public key(s) from specified file to `authorized_keys` file to enable public key based SSH (v2) authentication of user `USER_NAME`=pi. The specified file can also contain multiple SSH (v2) public keys. SSH protocol version 1 is not supported.
275 275
276 276 ---
277 277
278 278 #### Kernel compilation:
279 279 ##### `BUILD_KERNEL`=true
280 280 Build and install the latest RPi2/3 Linux kernel. Currently only the default RPi2/3 kernel configuration is used.
281 281
282 282 ##### `CROSS_COMPILE`="arm-linux-gnueabihf-"
283 283 This sets the cross compile enviornment for the compiler.
284 284
285 285 ##### `KERNEL_ARCH`="arm"
286 286 This sets the kernel architecture for the compiler.
287 287
288 288 ##### `KERNEL_IMAGE`="kernel7.img"
289 289 Name of the image file in the boot partition. If not set, `KERNEL_IMAGE` will be set to "kernel8.img" automatically if building for arm64.
290 290
291 291 ##### `KERNEL_BRANCH`=""
292 292 Name of the requested branch from the GIT location for the RPi Kernel. Default is using the current default branch from the GIT site.
293 293
294 294 ##### `QEMU_BINARY`="/usr/bin/qemu-arm-static"
295 295 Sets the QEMU enviornment for the Debian archive. If not set, `QEMU_BINARY` will be set to "/usr/bin/qemu-aarch64-static" automatically if building for arm64.
296 296
297 297 ##### `KERNEL_DEFCONFIG`="bcm2709_defconfig"
298 298 Sets the default config for kernel compiling. If not set, `KERNEL_DEFCONFIG` will be set to "bcmrpi3\_defconfig" automatically if building for arm64.
299 299
300 300 ##### `KERNEL_REDUCE`=false
301 301 Reduce the size of the generated kernel by removing unwanted device, network and filesystem drivers (experimental).
302 302
303 303 ##### `KERNEL_THREADS`=1
304 304 Number of parallel kernel building threads. If the parameter is left untouched the script will automatically determine the number of CPU cores to set the number of parallel threads to speed the kernel compilation.
305 305
306 306 ##### `KERNEL_HEADERS`=true
307 307 Install kernel headers with built kernel.
308 308
309 309 ##### `KERNEL_MENUCONFIG`=false
310 310 Start `make menuconfig` interactive menu-driven kernel configuration. The script will continue after `make menuconfig` was terminated.
311 311
312 312 ##### `KERNEL_OLDDEFCONFIG`=false
313 313 Run `make olddefconfig` to automatically set all new kernel configuration options to their recommended default values.
314 314
315 315 ##### `KERNEL_CCACHE`=false
316 316 Compile the kernel using ccache. This speeds up kernel recompilation by caching previous compilations and detecting when the same compilation is being done again.
317 317
318 318 ##### `KERNEL_REMOVESRC`=true
319 319 Remove all kernel sources from the generated OS image after it was built and installed.
320 320
321 321 ##### `KERNELSRC_DIR`=""
322 322 Path to a directory (`linux`) of [RaspberryPi Linux kernel sources](https://github.com/raspberrypi/linux) that will be copied, configured, build and installed inside the chroot.
323 323
324 324 ##### `KERNELSRC_CLEAN`=false
325 325 Clean the existing kernel sources directory `KERNELSRC_DIR` (using `make mrproper`) after it was copied to the chroot and before the compilation of the kernel has started. This parameter will be ignored if no `KERNELSRC_DIR` was specified or if `KERNELSRC_PREBUILT`=true.
326 326
327 327 ##### `KERNELSRC_CONFIG`=true
328 328 Run `make bcm2709_defconfig` (and optional `make menuconfig`) to configure the kernel sources before building. This parameter is automatically set to `true` if no existing kernel sources directory was specified using `KERNELSRC_DIR`. This parameter is ignored if `KERNELSRC_PREBUILT`=true.
329 329
330 330 ##### `KERNELSRC_USRCONFIG`=""
331 331 Copy own config file to kernel `.config`. If `KERNEL_MENUCONFIG`=true then running after copy.
332 332
333 333 ##### `KERNELSRC_PREBUILT`=false
334 334 With this parameter set to true the script expects the existing kernel sources directory to be already successfully cross-compiled. The parameters `KERNELSRC_CLEAN`, `KERNELSRC_CONFIG`, `KERNELSRC_USRCONFIG` and `KERNEL_MENUCONFIG` are ignored and no kernel compilation tasks are performed.
335 335
336 336 ##### `RPI_FIRMWARE_DIR`=""
337 337 The directory (`firmware`) containing a local copy of the firmware from the [RaspberryPi firmware project](https://github.com/raspberrypi/firmware). Default is to download the latest firmware directly from the project.
338 338
339 339 ##### `KERNEL_NF`=false
340 340 Enable Netfilter modules as kernel modules
341 341
342 342 ##### `KERNEL_VIRT`=false
343 343 Enable Kernel KVM support (/dev/kvm)
344 344
345 345 ##### `KERNEL_ZSWAP`=false
346 346 Enable Kernel Zswap support. Best use on high RAM load and mediocre CPU load usecases
347 347
348 348 ##### `KERNEL_BPF`=true
349 349 Allow attaching eBPF programs to a cgroup using the bpf syscall (CONFIG_BPF_SYSCALL CONFIG_CGROUP_BPF) [systemd compilations about it - File /lib/systemd/system/systemd-journald.server:36 configures an IP firewall (IPAddressDeny=all), but the local system does not support BPF/cgroup based firewalls]
350 350
351 351 ---
352 352
353 353 #### Reduce disk usage:
354 354 The following list of parameters is ignored if `ENABLE_REDUCE`=false.
355 355
356 356 ##### `REDUCE_APT`=true
357 357 Configure APT to use compressed package repository lists and no package caching files.
358 358
359 359 ##### `REDUCE_DOC`=true
360 360 Remove all doc files (harsh). Configure APT to not include doc files on future `apt-get` package installations.
361 361
362 362 ##### `REDUCE_MAN`=true
363 363 Remove all man pages and info files (harsh). Configure APT to not include man pages on future `apt-get` package installations.
364 364
365 365 ##### `REDUCE_VIM`=false
366 366 Replace `vim-tiny` package by `levee` a tiny vim clone.
367 367
368 368 ##### `REDUCE_BASH`=false
369 369 Remove `bash` package and switch to `dash` shell (experimental).
370 370
371 371 ##### `REDUCE_HWDB`=true
372 372 Remove PCI related hwdb files (experimental).
373 373
374 374 ##### `REDUCE_SSHD`=true
375 375 Replace `openssh-server` with `dropbear`.
376 376
377 377 ##### `REDUCE_LOCALE`=true
378 378 Remove all `locale` translation files.
379 379
380 380 ---
381 381
382 382 #### Encrypted root partition:
383 383 ##### `ENABLE_CRYPTFS`=false
384 384 Enable full system encryption with dm-crypt. Setup a fully LUKS encrypted root partition (aes-xts-plain64:sha512) and generate required initramfs. The /boot directory will not be encrypted. This parameter will be ignored if `BUILD_KERNEL`=false. `ENABLE_CRYPTFS` is experimental. SSH-to-initramfs is currently not supported but will be soon - feel free to help.
385 385
386 386 ##### `CRYPTFS_PASSWORD`=""
387 387 Set password of the encrypted root partition. This parameter is mandatory if `ENABLE_CRYPTFS`=true.
388 388
389 389 ##### `CRYPTFS_MAPPING`="secure"
390 390 Set name of dm-crypt managed device-mapper mapping.
391 391
392 392 ##### `CRYPTFS_CIPHER`="aes-xts-plain64:sha512"
393 393 Set cipher specification string. `aes-xts*` ciphers are strongly recommended.
394 394
395 395 ##### `CRYPTFS_XTSKEYSIZE`=512
396 396 Sets key size in bits. The argument has to be a multiple of 8.
397 397
398 398 ---
399 399
400 400 #### Build settings:
401 401 ##### `BASEDIR`=$(pwd)/images/${RELEASE}
402 402 Set a path to a working directory used by the script to generate an image.
403 403
404 404 ##### `IMAGE_NAME`=${BASEDIR}/${DATE}-${KERNEL_ARCH}-${KERNEL_BRANCH}-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}
405 405 Set a filename for the output file(s). Note: the script will create $IMAGE_NAME.img if `ENABLE_SPLITFS`=false or $IMAGE_NAME-frmw.img and $IMAGE_NAME-root.img if `ENABLE_SPLITFS`=true. Note 2: If the KERNEL_BRANCH is not set, the word "CURRENT" is used.
406 406
407 407 ## Understanding the script
408 408 The functions of this script that are required for the different stages of the bootstrapping are split up into single files located inside the `bootstrap.d` directory. During the bootstrapping every script in this directory gets executed in lexicographical order:
409 409
410 410 | Script | Description |
411 411 | --- | --- |
412 412 | `10-bootstrap.sh` | Debootstrap basic system |
413 413 | `11-apt.sh` | Setup APT repositories |
414 414 | `12-locale.sh` | Setup Locales and keyboard settings |
415 415 | `13-kernel.sh` | Build and install RPi2/3 Kernel |
416 416 | `14-fstab.sh` | Setup fstab and initramfs |
417 417 | `15-rpi-config.sh` | Setup RPi2/3 config and cmdline |
418 418 | `20-networking.sh` | Setup Networking |
419 419 | `21-firewall.sh` | Setup Firewall |
420 420 | `30-security.sh` | Setup Users and Security settings |
421 421 | `31-logging.sh` | Setup Logging |
422 422 | `32-sshd.sh` | Setup SSH and public keys |
423 423 | `41-uboot.sh` | Build and Setup U-Boot |
424 424 | `42-fbturbo.sh` | Build and Setup fbturbo Xorg driver |
425 425 | `50-firstboot.sh` | First boot actions |
426 426 | `99-reduce.sh` | Reduce the disk space usage |
427 427
428 428 All the required configuration files that will be copied to the generated OS image are located inside the `files` directory. It is not recommended to modify these configuration files manually.
429 429
430 430 | Directory | Description |
431 431 | --- | --- |
432 432 | `apt` | APT management configuration files |
433 433 | `boot` | Boot and RPi2/3 configuration files |
434 434 | `dpkg` | Package Manager configuration |
435 435 | `etc` | Configuration files and rc scripts |
436 436 | `firstboot` | Scripts that get executed on first boot |
437 437 | `initramfs` | Initramfs scripts |
438 438 | `iptables` | Firewall configuration files |
439 439 | `locales` | Locales configuration |
440 440 | `modules` | Kernel Modules configuration |
441 441 | `mount` | Fstab configuration |
442 442 | `network` | Networking configuration files |
443 443 | `sysctl.d` | Swapping and Network Hardening configuration |
444 444 | `xorg` | fbturbo Xorg driver configuration |
445 445
446 446 ## Custom packages and scripts
447 447 Debian custom packages, i.e. those not in the debian repositories, can be installed by placing them in the `packages` directory. They are installed immediately after packages from the repositories are installed. Any dependencies listed in the custom packages will be downloaded automatically from the repositories. Do not list these custom packages in `APT_INCLUDES`.
448 448
449 449 Scripts in the custom.d directory will be executed after all other installation is complete but before the image is created.
450 450
451 451 ## Logging of the bootstrapping process
452 452 All information related to the bootstrapping process and the commands executed by the `rpi23-gen-image.sh` script can easily be saved into a logfile. The common shell command `script` can be used for this purpose:
453 453
454 454 ```shell
455 455 script -c 'APT_SERVER=ftp.de.debian.org ./rpi23-gen-image.sh' ./build.log
456 456 ```
457 457
458 458 ## Flashing the image file
459 459 After the image file was successfully created by the `rpi23-gen-image.sh` script it can be copied to the microSD card that will be used by the RPi2/3 computer. This can be performed by using the tools `bmaptool` or `dd`. Using `bmaptool` will probably speed-up the copy process because `bmaptool` copies more wisely than `dd`.
460 460
461 461 ##### Flashing examples:
462 462 ```shell
463 463 bmaptool copy ./images/buster/2017-01-23-rpi3-buster.img /dev/mmcblk0
464 464 dd bs=4M if=./images/buster/2017-01-23-rpi3-buster.img of=/dev/mmcblk0
465 465 ```
466 466 If you have set `ENABLE_SPLITFS`, copy the `-frmw` image on the microSD card, then the `-root` one on the USB drive:
467 467 ```shell
468 468 bmaptool copy ./images/buster/2017-01-23-rpi3-buster-frmw.img /dev/mmcblk0
469 469 bmaptool copy ./images/buster/2017-01-23-rpi3-buster-root.img /dev/sdc
470 470 ```
471 471
472 472 ## QEMU emulation
473 473 Start QEMU full system emulation:
474 474 ```shell
475 475 qemu-system-arm -m 2048M -M vexpress-a15 -cpu cortex-a15 -kernel kernel7.img -no-reboot -dtb vexpress-v2p-ca15_a7.dtb -sd ${IMAGE_NAME}.qcow2 -append "root=/dev/mmcblk0p2 rw rootfstype=ext4 console=tty1"
476 476 ```
477 477
478 478 Start QEMU full system emulation and output to console:
479 479 ```shell
480 480 qemu-system-arm -m 2048M -M vexpress-a15 -cpu cortex-a15 -kernel kernel7.img -no-reboot -dtb vexpress-v2p-ca15_a7.dtb -sd ${IMAGE_NAME}.qcow2 -append "root=/dev/mmcblk0p2 rw rootfstype=ext4 console=ttyAMA0,115200 init=/bin/systemd" -serial stdio
481 481 ```
482 482
483 483 Start QEMU full system emulation with SMP and output to console:
484 484 ```shell
485 485 qemu-system-arm -m 2048M -M vexpress-a15 -cpu cortex-a15 -smp cpus=2,maxcpus=2 -kernel kernel7.img -no-reboot -dtb vexpress-v2p-ca15_a7.dtb -sd ${IMAGE_NAME}.qcow2 -append "root=/dev/mmcblk0p2 rw rootfstype=ext4 console=ttyAMA0,115200 init=/bin/systemd" -serial stdio
486 486 ```
487 487
488 488 Start QEMU full system emulation with cryptfs, initramfs and output to console:
489 489 ```shell
490 490 qemu-system-arm -m 2048M -M vexpress-a15 -cpu cortex-a15 -kernel kernel7.img -no-reboot -dtb vexpress-v2p-ca15_a7.dtb -sd ${IMAGE_NAME}.qcow2 -initrd "initramfs-${KERNEL_VERSION}" -append "root=/dev/mapper/secure cryptdevice=/dev/mmcblk0p2:secure rw rootfstype=ext4 console=ttyAMA0,115200 init=/bin/systemd" -serial stdio
491 491 ```
492 492
493 493 ## External links and references
494 494 * [Debian worldwide mirror sites](https://www.debian.org/mirror/list)
495 495 * [Debian Raspberry Pi 2 Wiki](https://wiki.debian.org/RaspberryPi2)
496 496 * [Debian CrossToolchains Wiki](https://wiki.debian.org/CrossToolchains)
497 497 * [Official Raspberry Pi Firmware on github](https://github.com/raspberrypi/firmware)
498 498 * [Official Raspberry Pi Kernel on github](https://github.com/raspberrypi/linux)
499 499 * [U-BOOT git repository](https://git.denx.de/?p=u-boot.git;a=summary)
500 500 * [Xorg DDX driver fbturbo](https://github.com/ssvb/xf86-video-fbturbo)
501 501 * [RPi3 Wireless interface firmware](https://github.com/RPi-Distro/firmware-nonfree/tree/master/brcm80211/brcm)
502 502 * [Collabora RPi2 Kernel precompiled](https://repositories.collabora.co.uk/debian/)
@@ -1,193 +1,193
1 1 #
2 2 # Setup RPi2/3 config and cmdline
3 3 #
4 4
5 5 # Load utility functions
6 6 . ./functions.sh
7 7
8 8 if [ "$BUILD_KERNEL" = true ] ; then
9 9 if [ -n "$RPI_FIRMWARE_DIR" ] && [ -d "$RPI_FIRMWARE_DIR" ] ; then
10 10 # Install boot binaries from local directory
11 11 cp "${RPI_FIRMWARE_DIR}"/boot/bootcode.bin "${BOOT_DIR}"/bootcode.bin
12 12 cp "${RPI_FIRMWARE_DIR}"/boot/fixup.dat "${BOOT_DIR}"/fixup.dat
13 13 cp "${RPI_FIRMWARE_DIR}"/boot/fixup_cd.dat "${BOOT_DIR}"/fixup_cd.dat
14 14 cp "${RPI_FIRMWARE_DIR}"/boot/fixup_x.dat "${BOOT_DIR}"/fixup_x.dat
15 15 cp "${RPI_FIRMWARE_DIR}"/boot/start.elf "${BOOT_DIR}"/start.elf
16 16 cp "${RPI_FIRMWARE_DIR}"/boot/start_cd.elf "${BOOT_DIR}"/start_cd.elf
17 17 cp "${RPI_FIRMWARE_DIR}"/boot/start_x.elf "${BOOT_DIR}"/start_x.elf
18 18 else
19 19 # Create temporary directory for boot binaries
20 20 temp_dir=$(as_nobody mktemp -d)
21 21
22 22 # Install latest boot binaries from raspberry/firmware github
23 23 as_nobody wget -q -O "${temp_dir}/bootcode.bin" "${FIRMWARE_URL}/bootcode.bin"
24 24 as_nobody wget -q -O "${temp_dir}/fixup.dat" "${FIRMWARE_URL}/fixup.dat"
25 25 as_nobody wget -q -O "${temp_dir}/fixup_cd.dat" "${FIRMWARE_URL}/fixup_cd.dat"
26 26 as_nobody wget -q -O "${temp_dir}/fixup_x.dat" "${FIRMWARE_URL}/fixup_x.dat"
27 27 as_nobody wget -q -O "${temp_dir}/start.elf" "${FIRMWARE_URL}/start.elf"
28 28 as_nobody wget -q -O "${temp_dir}/start_cd.elf" "${FIRMWARE_URL}/start_cd.elf"
29 29 as_nobody wget -q -O "${temp_dir}/start_x.elf" "${FIRMWARE_URL}/start_x.elf"
30 30
31 31 # Move downloaded boot binaries
32 32 mv "${temp_dir}/"* "${BOOT_DIR}/"
33 33
34 34 # Remove temporary directory for boot binaries
35 35 rm -fr "${temp_dir}"
36 36
37 37 # Set permissions of the boot binaries
38 38 chown -R root:root "${BOOT_DIR}"
39 39 chmod -R 600 "${BOOT_DIR}"
40 40 fi
41 41 fi
42 42
43 43 # Setup firmware boot cmdline
44 44 if [ "$ENABLE_UBOOTUSB" = true ] ; then
45 45 CMDLINE="dwc_otg.lpm_enable=0 root=/dev/sda2 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline rootwait console=tty1 init=/bin/systemd"
46 46 else
47 47 if [ "$ENABLE_SPLITFS" = true ] ; then
48 48 CMDLINE="dwc_otg.lpm_enable=0 root=/dev/sda1 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline rootwait console=tty1 init=/bin/systemd"
49 49 else
50 50 CMDLINE="dwc_otg.lpm_enable=0 root=/dev/mmcblk0p2 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline rootwait console=tty1 init=/bin/systemd"
51 51 fi
52 52 fi
53 53
54 54
55 55
56 56 # Add encrypted root partition to cmdline.txt
57 57 if [ "$ENABLE_CRYPTFS" = true ] ; then
58 58 if [ "$ENABLE_SPLITFS" = true ] ; then
59 59 CMDLINE=$(echo "${CMDLINE}" | sed "s/sda1/mapper\/${CRYPTFS_MAPPING} cryptdevice=\/dev\/sda1:${CRYPTFS_MAPPING}/")
60 60 else
61 61 if [ "$ENABLE_UBOOTUSB" = true ] ; then
62 62 CMDLINE=$(echo "${CMDLINE}" | sed "s/sda2/mapper\/${CRYPTFS_MAPPING} cryptdevice=\/dev\/sda2:${CRYPTFS_MAPPING}/")
63 63 else
64 64 CMDLINE=$(echo "${CMDLINE}" | sed "s/mmcblk0p2/mapper\/${CRYPTFS_MAPPING} cryptdevice=\/dev\/mmcblk0p2:${CRYPTFS_MAPPING}/")
65 65 fi
66 66 fi
67 67 fi
68 68
69 69 # Add serial console support
70 70 if [ "$ENABLE_CONSOLE" = true ] ; then
71 71 CMDLINE="${CMDLINE} console=ttyAMA0,115200 kgdboc=ttyAMA0,115200"
72 72 fi
73 73
74 74 # Remove IPv6 networking support
75 75 if [ "$ENABLE_IPV6" = false ] ; then
76 76 CMDLINE="${CMDLINE} ipv6.disable=1"
77 77 fi
78 78
79 79 # Automatically assign predictable network interface names
80 80 if [ "$ENABLE_IFNAMES" = false ] ; then
81 81 CMDLINE="${CMDLINE} net.ifnames=0"
82 82 else
83 83 CMDLINE="${CMDLINE} net.ifnames=1"
84 84 fi
85 85
86 86 # Install firmware boot cmdline
87 87 echo "${CMDLINE}" > "${BOOT_DIR}/cmdline.txt"
88 88
89 89 # Install firmware config
90 90 install_readonly files/boot/config.txt "${BOOT_DIR}/config.txt"
91 91
92 92 # Setup minimal GPU memory allocation size: 16MB (no X)
93 93 if [ "$ENABLE_MINGPU" = true ] ; then
94 94 echo "gpu_mem=16" >> "${BOOT_DIR}/config.txt"
95 95 fi
96 96
97 97 # Setup boot with initramfs
98 98 if [ "$ENABLE_INITRAMFS" = true ] ; then
99 99 echo "initramfs initramfs-${KERNEL_VERSION} followkernel" >> "${BOOT_DIR}/config.txt"
100 100 fi
101 101
102 102 # Disable RPi3 Bluetooth and restore ttyAMA0 serial device
103 103 if [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then
104 104 if [ "$ENABLE_CONSOLE" = true ] && [ "$ENABLE_UBOOT" = false ] ; then
105 105 echo "dtoverlay=pi3-disable-bt" >> "${BOOT_DIR}/config.txt"
106 106 echo "enable_uart=1" >> "${BOOT_DIR}/config.txt"
107 107 else
108 108 # Create temporary directory for Bluetooth sources
109 109 temp_dir=$(as_nobody mktemp -d)
110 110
111 111 # Fetch Bluetooth sources
112 112 as_nobody git -C "${temp_dir}" clone "${BLUETOOTH_URL}"
113 113
114 114 # Copy downloaded sources
115 115 mv "${temp_dir}/pi-bluetooth" "${R}/tmp/"
116 116
117 117 # Raspberry-sys-mod package for /dev/serial device needed by bluetooth service
118 wget -O "${R}/tmp/pi-bluetooth/99-com.rules" https://raw.githubusercontent.com/RPi-Distro/raspberrypi-sys-mods/master/etc.armhf/udev/rules.d/99-com.rules
118 as_nobody wget -q -O "${R}/tmp/pi-bluetooth/99-com.rules" https://raw.githubusercontent.com/RPi-Distro/raspberrypi-sys-mods/master/etc.armhf/udev/rules.d/99-com.rules
119 119 # Bluetooth firmware from arch aur https://aur.archlinux.org/packages/pi-bluetooth/
120 wget -O "${R}/tmp/pi-bluetooth/LICENCE.broadcom_bcm43xx" https://aur.archlinux.org/cgit/aur.git/plain/LICENCE.broadcom_bcm43xx?h=pi-bluetooth
121 wget -O "${R}/tmp/pi-bluetooth/BCM43430A1.hcd" https://aur.archlinux.org/cgit/aur.git/plain/BCM43430A1.hcd?h=pi-bluetooth
120 as_nobody wget -q -O "${R}/tmp/pi-bluetooth/LICENCE.broadcom_bcm43xx" https://aur.archlinux.org/cgit/aur.git/plain/LICENCE.broadcom_bcm43xx?h=pi-bluetooth
121 as_nobody wget -q -O "${R}/tmp/pi-bluetooth/BCM43430A1.hcd" https://aur.archlinux.org/cgit/aur.git/plain/BCM43430A1.hcd?h=pi-bluetooth
122 122
123 123 # Set permissions
124 124 chown -R root:root "${R}/tmp/pi-bluetooth"
125 125
126 126 # Install tools
127 127 install_readonly "${R}/tmp/pi-bluetooth/usr/bin/btuart" "${R}/usr/bin/btuart"
128 128 install_readonly "${R}/tmp/pi-bluetooth/usr/bin/bthelper" "${R}/usr/bin/bthelper"
129 129
130 130 # Install bluetooth udev rule
131 131 install_readonly "${R}/tmp/pi-bluetooth/lib/udev/rules.d/90-pi-bluetooth.rules" "${LIB_DIR}/udev/rules.d/90-pi-bluetooth.rules"
132 132
133 133 # Install Firmware Flash file and apropiate licence
134 134 mkdir "${ETC_DIR}/firmware/"
135 135 install_readonly "${R}/tmp/pi-bluetooth/LICENCE.broadcom_bcm43xx" "${ETC_DIR}/firmware/LICENCE.broadcom_bcm43xx"
136 136 install_readonly "${R}/tmp/pi-bluetooth/BCM43430A1.hcd" "${ETC_DIR}/firmware/LICENCE.broadcom_bcm43xx"
137 137 install_readonly "${R}/tmp/pi-bluetooth/debian/pi-bluetooth.bthelper@.service" "${ETC_DIR}/systemd/system/pi-bluetooth.bthelper@.service"
138 138 install_readonly "${R}/tmp/pi-bluetooth/debian/pi-bluetooth.hciuart.service" "${ETC_DIR}/systemd/system/pi-bluetooth.hciuart.service"
139 139 # Install udev rule for bluetooth device
140 140 install_readonly "${R}/tmp/pi-bluetooth/99-com.rules" "${ETC_DIR}/udev/rules.d/99-com.rules"
141 141
142 142 # Remove temporary directory
143 143 rm -fr "${temp_dir}"
144 144 fi
145 145 fi
146 146
147 147 # Create firmware configuration and cmdline symlinks
148 148 ln -sf firmware/config.txt "${R}/boot/config.txt"
149 149 ln -sf firmware/cmdline.txt "${R}/boot/cmdline.txt"
150 150
151 151 # Install and setup kernel modules to load at boot
152 152 mkdir -p "${LIB_DIR}/modules-load.d/"
153 153 install_readonly files/modules/rpi2.conf "${LIB_DIR}/modules-load.d/rpi2.conf"
154 154
155 155 # Load hardware random module at boot
156 156 if [ "$ENABLE_HWRANDOM" = true ] && [ "$BUILD_KERNEL" = false ] ; then
157 157 sed -i "s/^# bcm2708_rng/bcm2708_rng/" "${LIB_DIR}/modules-load.d/rpi2.conf"
158 158 fi
159 159
160 160 # Load sound module at boot
161 161 if [ "$ENABLE_SOUND" = true ] ; then
162 162 sed -i "s/^# snd_bcm2835/snd_bcm2835/" "${LIB_DIR}/modules-load.d/rpi2.conf"
163 163 else
164 164 echo "dtparam=audio=off" >> "${BOOT_DIR}/config.txt"
165 165 fi
166 166
167 167 # Enable I2C interface
168 168 if [ "$ENABLE_I2C" = true ] ; then
169 169 echo "dtparam=i2c_arm=on" >> "${BOOT_DIR}/config.txt"
170 170 sed -i "s/^# i2c-bcm2708/i2c-bcm2708/" "${LIB_DIR}/modules-load.d/rpi2.conf"
171 171 sed -i "s/^# i2c-dev/i2c-dev/" "${LIB_DIR}/modules-load.d/rpi2.conf"
172 172 fi
173 173
174 174 # Enable SPI interface
175 175 if [ "$ENABLE_SPI" = true ] ; then
176 176 echo "dtparam=spi=on" >> "${BOOT_DIR}/config.txt"
177 177 echo "spi-bcm2708" >> "${LIB_DIR}/modules-load.d/rpi2.conf"
178 178 if [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ]; then
179 179 sed -i "s/spi-bcm2708/spi-bcm2835/" "${LIB_DIR}/modules-load.d/rpi2.conf"
180 180 fi
181 181 fi
182 182
183 183 # Disable RPi2/3 under-voltage warnings
184 184 if [ -n "$DISABLE_UNDERVOLT_WARNINGS" ] ; then
185 185 echo "avoid_warnings=${DISABLE_UNDERVOLT_WARNINGS}" >> "${BOOT_DIR}/config.txt"
186 186 fi
187 187
188 188 # Install kernel modules blacklist
189 189 mkdir -p "${ETC_DIR}/modprobe.d/"
190 190 install_readonly files/modules/raspi-blacklist.conf "${ETC_DIR}/modprobe.d/raspi-blacklist.conf"
191 191
192 192 # Install sysctl.d configuration files
193 193 install_readonly files/sysctl.d/81-rpi-vm.conf "${ETC_DIR}/sysctl.d/81-rpi-vm.conf"
@@ -1,811 +1,811
1 1 #!/bin/sh
2 2 ########################################################################
3 3 # rpi23-gen-image.sh 2015-2017
4 4 #
5 5 # Advanced Debian "stretch" and "buster" bootstrap script for RPi2/3
6 6 #
7 7 # This program is free software; you can redistribute it and/or
8 8 # modify it under the terms of the GNU General Public License
9 9 # as published by the Free Software Foundation; either version 2
10 10 # of the License, or (at your option) any later version.
11 11 #
12 12 # Copyright (C) 2015 Jan Wagner <mail@jwagner.eu>
13 13 #
14 14 # Big thanks for patches and enhancements by 20+ github contributors!
15 15 ########################################################################
16 16
17 17 # Are we running as root?
18 18 if [ "$(id -u)" -ne "0" ] ; then
19 19 echo "error: this script must be executed with root privileges!"
20 20 exit 1
21 21 fi
22 22
23 23 # Check if ./functions.sh script exists
24 24 if [ ! -r "./functions.sh" ] ; then
25 25 echo "error: './functions.sh' required script not found!"
26 26 exit 1
27 27 fi
28 28
29 29 # Load utility functions
30 30 . ./functions.sh
31 31
32 32 # Load parameters from configuration template file
33 33 if [ -n "$CONFIG_TEMPLATE" ] ; then
34 34 use_template
35 35 fi
36 36
37 37 # Introduce settings
38 38 set -e
39 39 echo -n -e "\n#\n# RPi2/3 Bootstrap Settings\n#\n"
40 40 set -x
41 41
42 42 # Raspberry Pi model configuration
43 43 RPI_MODEL=${RPI_MODEL:=2}
44 44
45 45 # Debian release
46 46 RELEASE=${RELEASE:=buster}
47 47
48 48 #Kernel Branch
49 49 KERNEL_BRANCH=${KERNEL_BRANCH:=""}
50 50
51 51 # URLs
52 52 KERNEL_URL=${KERNEL_URL:=https://github.com/raspberrypi/linux}
53 53 FIRMWARE_URL=${FIRMWARE_URL:=https://github.com/raspberrypi/firmware/raw/master/boot}
54 54 WLAN_FIRMWARE_URL=${WLAN_FIRMWARE_URL:=https://github.com/RPi-Distro/firmware-nonfree/raw/master/brcm}
55 55 COLLABORA_URL=${COLLABORA_URL:=https://repositories.collabora.co.uk/debian}
56 56 FBTURBO_URL=${FBTURBO_URL:=https://github.com/ssvb/xf86-video-fbturbo.git}
57 57 UBOOT_URL=${UBOOT_URL:=https://git.denx.de/u-boot.git}
58 58 VIDEOCORE_URL=${VIDEOCORE_URL:=https://github.com/raspberrypi/userland}
59 59 #BIS= Kernel has KVM and zswap enabled
60 60 RPI3_64_BIS_KERNEL_URL=${RPI3_64_BIS_KERNEL_URL:=https://github.com/sakaki-/bcmrpi3-kernel-bis/releases/download/4.14.80.20181113/bcmrpi3-kernel-bis-4.14.80.20181113.tar.xz}
61 61 #default bcmrpi3_defconfig target kernel
62 62 RPI3_64_DEF_KERNEL_URL=${RPI3_64_DEF_KERNEL_URL:=https://github.com/sakaki-/bcmrpi3-kernel/releases/download/4.14.80.20181113/bcmrpi3-kernel-4.14.80.20181113.tar.xz}
63 63 #enhanced kernel
64 64 RPI3_64_KERNEL_URL=${RPI3_64_KERNEL_URL:=$RPI3_64_BIS_KERNEL_URL}
65 65 BLUETOOTH_URL=${BLUETOOTH_URL:=https://github.com/RPi-Distro/pi-bluetooth.git}
66 66
67 67 # Build directories
68 68 WORKDIR=$(pwd)
69 69 BASEDIR=${BASEDIR:=${WORKDIR}/images/${RELEASE}}
70 70 BUILDDIR="${BASEDIR}/build"
71 71
72 72 # Chroot directories
73 73 R="${BUILDDIR}/chroot"
74 74 ETC_DIR="${R}/etc"
75 75 LIB_DIR="${R}/lib"
76 76 BOOT_DIR="${R}/boot/firmware"
77 77 KERNEL_DIR="${R}/usr/src/linux"
78 78 WLAN_FIRMWARE_DIR="${LIB_DIR}/firmware/brcm"
79 79
80 80 # Firmware directory: Blank if download from github
81 81 RPI_FIRMWARE_DIR=${RPI_FIRMWARE_DIR:=""}
82 82
83 83 # General settings
84 84 SET_ARCH=${SET_ARCH:=32}
85 85 HOSTNAME=${HOSTNAME:=rpi${RPI_MODEL}-${RELEASE}}
86 86 PASSWORD=${PASSWORD:=raspberry}
87 87 USER_PASSWORD=${USER_PASSWORD:=raspberry}
88 88 DEFLOCAL=${DEFLOCAL:="en_US.UTF-8"}
89 89 TIMEZONE=${TIMEZONE:="Europe/Berlin"}
90 90 EXPANDROOT=${EXPANDROOT:=true}
91 91
92 92 # Keyboard settings
93 93 XKB_MODEL=${XKB_MODEL:=""}
94 94 XKB_LAYOUT=${XKB_LAYOUT:=""}
95 95 XKB_VARIANT=${XKB_VARIANT:=""}
96 96 XKB_OPTIONS=${XKB_OPTIONS:=""}
97 97
98 98 # Network settings (DHCP)
99 99 ENABLE_DHCP=${ENABLE_DHCP:=true}
100 100
101 101 # Network settings (static)
102 102 NET_ADDRESS=${NET_ADDRESS:=""}
103 103 NET_GATEWAY=${NET_GATEWAY:=""}
104 104 NET_DNS_1=${NET_DNS_1:=""}
105 105 NET_DNS_2=${NET_DNS_2:=""}
106 106 NET_DNS_DOMAINS=${NET_DNS_DOMAINS:=""}
107 107 NET_NTP_1=${NET_NTP_1:=""}
108 108 NET_NTP_2=${NET_NTP_2:=""}
109 109
110 110 # APT settings
111 111 APT_PROXY=${APT_PROXY:=""}
112 112 APT_SERVER=${APT_SERVER:="ftp.debian.org"}
113 113
114 114 # Feature settings
115 115 ENABLE_CONSOLE=${ENABLE_CONSOLE:=true}
116 116 ENABLE_I2C=${ENABLE_I2C:=false}
117 117 ENABLE_SPI=${ENABLE_SPI:=false}
118 118 ENABLE_IPV6=${ENABLE_IPV6:=true}
119 119 ENABLE_SSHD=${ENABLE_SSHD:=true}
120 120 ENABLE_NONFREE=${ENABLE_NONFREE:=false}
121 121 ENABLE_WIRELESS=${ENABLE_WIRELESS:=false}
122 122 ENABLE_SOUND=${ENABLE_SOUND:=true}
123 123 ENABLE_DBUS=${ENABLE_DBUS:=true}
124 124 ENABLE_HWRANDOM=${ENABLE_HWRANDOM:=true}
125 125 ENABLE_MINGPU=${ENABLE_MINGPU:=false}
126 126 ENABLE_XORG=${ENABLE_XORG:=false}
127 127 ENABLE_WM=${ENABLE_WM:=""}
128 128 ENABLE_RSYSLOG=${ENABLE_RSYSLOG:=true}
129 129 ENABLE_USER=${ENABLE_USER:=true}
130 130 USER_NAME=${USER_NAME:="pi"}
131 131 ENABLE_ROOT=${ENABLE_ROOT:=false}
132 132 ENABLE_QEMU=${ENABLE_QEMU:=false}
133 133 ENABLE_SYSVINIT=${ENABLE_SYSVINIT:=false}
134 134
135 135 # SSH settings
136 136 SSH_ENABLE_ROOT=${SSH_ENABLE_ROOT:=false}
137 137 SSH_DISABLE_PASSWORD_AUTH=${SSH_DISABLE_PASSWORD_AUTH:=false}
138 138 SSH_LIMIT_USERS=${SSH_LIMIT_USERS:=false}
139 139 SSH_ROOT_PUB_KEY=${SSH_ROOT_PUB_KEY:=""}
140 140 SSH_USER_PUB_KEY=${SSH_USER_PUB_KEY:=""}
141 141
142 142 # Advanced settings
143 143 ENABLE_MINBASE=${ENABLE_MINBASE:=false}
144 144 ENABLE_REDUCE=${ENABLE_REDUCE:=false}
145 145 ENABLE_UBOOT=${ENABLE_UBOOT:=false}
146 146 UBOOTSRC_DIR=${UBOOTSRC_DIR:=""}
147 147 ENABLE_UBOOTUSB=${ENABLE_UBOOTUSB=false}
148 148 ENABLE_FBTURBO=${ENABLE_FBTURBO:=false}
149 ENABLE_VIDEOCORE=${ENABLE_VIDEOCORE:=true}
149 ENABLE_VIDEOCORE=${ENABLE_VIDEOCORE:=false}
150 150 VIDEOCORESRC_DIR=${VIDEOCORESRC_DIR:=""}
151 151 FBTURBOSRC_DIR=${FBTURBOSRC_DIR:=""}
152 152 ENABLE_HARDNET=${ENABLE_HARDNET:=false}
153 153 ENABLE_IPTABLES=${ENABLE_IPTABLES:=false}
154 154 ENABLE_SPLITFS=${ENABLE_SPLITFS:=false}
155 155 ENABLE_INITRAMFS=${ENABLE_INITRAMFS:=false}
156 156 ENABLE_IFNAMES=${ENABLE_IFNAMES:=true}
157 157 DISABLE_UNDERVOLT_WARNINGS=${DISABLE_UNDERVOLT_WARNINGS:=}
158 158
159 159 # Kernel compilation settings
160 160 BUILD_KERNEL=${BUILD_KERNEL:=true}
161 161 KERNEL_REDUCE=${KERNEL_REDUCE:=false}
162 162 KERNEL_THREADS=${KERNEL_THREADS:=1}
163 163 KERNEL_HEADERS=${KERNEL_HEADERS:=true}
164 164 KERNEL_MENUCONFIG=${KERNEL_MENUCONFIG:=false}
165 165 KERNEL_REMOVESRC=${KERNEL_REMOVESRC:=true}
166 166 KERNEL_OLDDEFCONFIG=${KERNEL_OLDDEFCONFIG:=false}
167 167 KERNEL_CCACHE=${KERNEL_CCACHE:=false}
168 168 KERNEL_ZSWAP=${KERNEL_ZSWAP:=false}
169 169 KERNEL_VIRT=${KERNEL_VIRT:=false}
170 170 KERNEL_BPF=${KERNEL_BPF:=false}
171 171
172 172 # Kernel compilation from source directory settings
173 173 KERNELSRC_DIR=${KERNELSRC_DIR:=""}
174 174 KERNELSRC_CLEAN=${KERNELSRC_CLEAN:=false}
175 175 KERNELSRC_CONFIG=${KERNELSRC_CONFIG:=true}
176 176 KERNELSRC_PREBUILT=${KERNELSRC_PREBUILT:=false}
177 177
178 178 # Reduce disk usage settings
179 179 REDUCE_APT=${REDUCE_APT:=true}
180 180 REDUCE_DOC=${REDUCE_DOC:=true}
181 181 REDUCE_MAN=${REDUCE_MAN:=true}
182 182 REDUCE_VIM=${REDUCE_VIM:=false}
183 183 REDUCE_BASH=${REDUCE_BASH:=false}
184 184 REDUCE_HWDB=${REDUCE_HWDB:=true}
185 185 REDUCE_SSHD=${REDUCE_SSHD:=true}
186 186 REDUCE_LOCALE=${REDUCE_LOCALE:=true}
187 187
188 188 # Encrypted filesystem settings
189 189 ENABLE_CRYPTFS=${ENABLE_CRYPTFS:=false}
190 190 CRYPTFS_PASSWORD=${CRYPTFS_PASSWORD:=""}
191 191 CRYPTFS_MAPPING=${CRYPTFS_MAPPING:="secure"}
192 192 CRYPTFS_CIPHER=${CRYPTFS_CIPHER:="aes-xts-plain64:sha512"}
193 193 CRYPTFS_XTSKEYSIZE=${CRYPTFS_XTSKEYSIZE:=512}
194 194
195 195 # Chroot scripts directory
196 196 CHROOT_SCRIPTS=${CHROOT_SCRIPTS:=""}
197 197
198 198 # Packages required in the chroot build environment
199 199 APT_INCLUDES=${APT_INCLUDES:=""}
200 200 APT_INCLUDES="${APT_INCLUDES},apt-transport-https,apt-utils,ca-certificates,debian-archive-keyring,dialog,sudo,systemd,sysvinit-utils,locales,keyboard-configuration,console-setup,libnss-systemd"
201 201
202 202 #Packages to exclude from chroot build environment
203 203 APT_EXCLUDES=${APT_EXCLUDES:=""}
204 204
205 205 # Packages required for bootstrapping
206 206 REQUIRED_PACKAGES="debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git bc psmisc dbus sudo netselect-apt"
207 207 MISSING_PACKAGES=""
208 208
209 209 # Packages installed for c/c++ build environment in chroot (keep empty)
210 210 COMPILER_PACKAGES=""
211 211
212 212 #Check if apt-cacher-ng has its default port open on and set APT_PROXY
213 213 if [ -n "$(lsof -i :3142)" ] ; then
214 214 HTTP_PROXY=http://127.0.0.1:3142/
215 215 fi
216 216
217 217 #netselect-apt does not know buster yet
218 218 if [ "$RELEASE" = "buster" ] ; then
219 219 RLS=testing
220 220 else
221 221 RLS="$RELEASE"
222 222 fi
223 223
224 224 if [ -f "$(pwd)/files/apt/sources.list" ] ; then
225 225 rm "$(pwd)/files/apt/sources.list"
226 226 fi
227 227
228 228 if [ "$ENABLE_NONFREE" = true ] ; then
229 229 netselect-apt --arch "$RELEASE_ARCH" --tests 10 --sources --nonfree --outfile "$(pwd)/files/apt/sources.list" -d "$RLS"
230 230 else
231 231 netselect-apt --arch "$RELEASE_ARCH" --tests 10 --sources --outfile "$(pwd)/files/apt/sources.list" -d "$RLS"
232 232 fi
233 233
234 234 #sed and cut the result string so we can use it as APT_SERVER
235 235 APT_SERVER=$(grep -m 1 http files/apt/sources.list | sed "s|http://| |g" | cut -d ' ' -f 3 | sed 's|/$|''|')
236 236
237 237 #make script easier and more stable to use with convenient setup switch. Just setup SET_ARCH and RPI_MODEL and your good to go!
238 238 if [ -n "$SET_ARCH" ] ; then
239 239 # 64 bit configuration
240 240 if [ "$SET_ARCH" = 64 ] ; then
241 241 # General 64 bit depended settings
242 242 QEMU_BINARY=${QEMU_BINARY:=/usr/bin/qemu-aarch64-static}
243 243 KERNEL_ARCH=${KERNEL_ARCH:=arm64}
244 244 KERNEL_BIN_IMAGE=${KERNEL_BIN_IMAGE:="Image"}
245 245
246 246 # Board specific settings
247 247 if [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then
248 248 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-arm64"
249 249 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcmrpi3_defconfig}
250 250 RELEASE_ARCH=${RELEASE_ARCH:=arm64}
251 251 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel8.img}
252 252 CROSS_COMPILE=${CROSS_COMPILE:=aarch64-linux-gnu-}
253 253 else
254 254 echo "error: Only Raspberry PI 3 and 3B+ support 64 bit"
255 255 exit 1
256 256 fi
257 257 fi
258 258
259 259 # 32 bit configuration
260 260 if [ "$SET_ARCH" = 32 ] ; then
261 261 # General 32 bit dependend settings
262 262 QEMU_BINARY=${QEMU_BINARY:=/usr/bin/qemu-arm-static}
263 263 KERNEL_ARCH=${KERNEL_ARCH:=arm}
264 264 KERNEL_BIN_IMAGE=${KERNEL_BIN_IMAGE:="zImage"}
265 265
266 266 # Hardware specific settings
267 267 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 1 ] || [ "$RPI_MODEL" = 1P ] ; then
268 268 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-armel"
269 269 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcmrpi_defconfig}
270 270 RELEASE_ARCH=${RELEASE_ARCH:=armel}
271 271 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel.img}
272 272 CROSS_COMPILE=${CROSS_COMPILE:=arm-linux-gnueabi-}
273 273 fi
274 274
275 275 # Hardware specific settings
276 276 if [ "$RPI_MODEL" = 2 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then
277 277 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-armhf"
278 278 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcm2709_defconfig}
279 279 RELEASE_ARCH=${RELEASE_ARCH:=armhf}
280 280 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel7.img}
281 281 CROSS_COMPILE=${CROSS_COMPILE:=arm-linux-gnueabihf-}
282 282 fi
283 283 fi
284 284 #SET_ARCH not set
285 285 else
286 286 echo "error: Please set '32' or '64' as value for SET_ARCH"
287 287 exit 1
288 288 fi
289 289 # Device specific configuration and U-Boot configuration
290 290 case "$RPI_MODEL" in
291 291 0)
292 292 DTB_FILE=${DTB_FILE:=bcm2708-rpi-0-w.dtb}
293 293 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_defconfig}
294 294 ;;
295 295 1)
296 296 DTB_FILE=${DTB_FILE:=bcm2708-rpi-b.dtb}
297 297 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_defconfig}
298 298 ;;
299 299 1P)
300 300 DTB_FILE=${DTB_FILE:=bcm2708-rpi-b-plus.dtb}
301 301 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_defconfig}
302 302 ;;
303 303 2)
304 304 DTB_FILE=${DTB_FILE:=bcm2709-rpi-2-b.dtb}
305 305 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_2_defconfig}
306 306 ;;
307 307 3)
308 308 DTB_FILE=${DTB_FILE:=bcm2710-rpi-3-b.dtb}
309 309 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_3_defconfig}
310 310 ;;
311 311 3P)
312 312 DTB_FILE=${DTB_FILE:=bcm2710-rpi-3-b.dtb}
313 313 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_3_defconfig}
314 314 ;;
315 315 *)
316 316 echo "error: Raspberry Pi model $RPI_MODEL is not supported!"
317 317 exit 1
318 318 ;;
319 319 esac
320 320
321 321 # Prepare date string for default image file name
322 322 DATE="$(date +%Y-%m-%d)"
323 323 if [ -z "$KERNEL_BRANCH" ] ; then
324 324 IMAGE_NAME=${IMAGE_NAME:=${BASEDIR}/${DATE}-${KERNEL_ARCH}-CURRENT-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}}
325 325 else
326 326 IMAGE_NAME=${IMAGE_NAME:=${BASEDIR}/${DATE}-${KERNEL_ARCH}-${KERNEL_BRANCH}-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}}
327 327 fi
328 328
329 329 # Check if the internal wireless interface is supported by the RPi model
330 330 if [ "$ENABLE_WIRELESS" = true ] ; then
331 331 if [ "$RPI_MODEL" = 1 ] || [ "$RPI_MODEL" = 1P ] || [ "$RPI_MODEL" = 2 ] ; then
332 332 echo "error: The selected Raspberry Pi model has no internal wireless interface"
333 333 exit 1
334 334 fi
335 335 fi
336 336
337 337 # Check if DISABLE_UNDERVOLT_WARNINGS parameter value is supported
338 338 if [ -n "$DISABLE_UNDERVOLT_WARNINGS" ] ; then
339 339 if [ "$DISABLE_UNDERVOLT_WARNINGS" != 1 ] && [ "$DISABLE_UNDERVOLT_WARNINGS" != 2 ] ; then
340 340 echo "error: DISABLE_UNDERVOLT_WARNINGS=${DISABLE_UNDERVOLT_WARNINGS} is not supported"
341 341 exit 1
342 342 fi
343 343 fi
344 344
345 345 # Add cmake to compile videocore sources
346 346 if [ "$ENABLE_VIDEOCORE" = true ] ; then
347 347 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} cmake"
348 348 fi
349 349
350 350 # Add libncurses5 to enable kernel menuconfig
351 351 if [ "$KERNEL_MENUCONFIG" = true ] ; then
352 352 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} libncurses-dev"
353 353 fi
354 354
355 355 # Add ccache compiler cache for (faster) kernel cross (re)compilation
356 356 if [ "$KERNEL_CCACHE" = true ] ; then
357 357 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} ccache"
358 358 fi
359 359
360 360 # Add cryptsetup package to enable filesystem encryption
361 361 if [ "$ENABLE_CRYPTFS" = true ] && [ "$BUILD_KERNEL" = true ] ; then
362 362 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} cryptsetup"
363 363 APT_INCLUDES="${APT_INCLUDES},cryptsetup,busybox,console-setup"
364 364
365 365 if [ -z "$CRYPTFS_PASSWORD" ] ; then
366 366 echo "error: no password defined (CRYPTFS_PASSWORD)!"
367 367 exit 1
368 368 fi
369 369 ENABLE_INITRAMFS=true
370 370 fi
371 371
372 372 # Add initramfs generation tools
373 373 if [ "$ENABLE_INITRAMFS" = true ] && [ "$BUILD_KERNEL" = true ] ; then
374 374 APT_INCLUDES="${APT_INCLUDES},initramfs-tools"
375 375 fi
376 376
377 377 # Add device-tree-compiler required for building the U-Boot bootloader
378 378 if [ "$ENABLE_UBOOT" = true ] ; then
379 379 APT_INCLUDES="${APT_INCLUDES},device-tree-compiler,bison,flex,bc"
380 380 else
381 381 if [ "$ENABLE_UBOOTUSB" = true ] ; then
382 382 echo "error: Enabling UBOOTUSB requires u-boot to be enabled"
383 383 exit 1
384 384 fi
385 385 fi
386 386
387 387 # Check if root SSH (v2) public key file exists
388 388 if [ -n "$SSH_ROOT_PUB_KEY" ] ; then
389 389 if [ ! -f "$SSH_ROOT_PUB_KEY" ] ; then
390 390 echo "error: '$SSH_ROOT_PUB_KEY' specified SSH public key file not found (SSH_ROOT_PUB_KEY)!"
391 391 exit 1
392 392 fi
393 393 fi
394 394
395 395 # Check if $USER_NAME SSH (v2) public key file exists
396 396 if [ -n "$SSH_USER_PUB_KEY" ] ; then
397 397 if [ ! -f "$SSH_USER_PUB_KEY" ] ; then
398 398 echo "error: '$SSH_USER_PUB_KEY' specified SSH public key file not found (SSH_USER_PUB_KEY)!"
399 399 exit 1
400 400 fi
401 401 fi
402 402
403 403 # Check if all required packages are installed on the build system
404 404 for package in $REQUIRED_PACKAGES ; do
405 405 if [ "$(dpkg-query -W -f='${Status}' "$package")" != "install ok installed" ] ; then
406 406 MISSING_PACKAGES="${MISSING_PACKAGES} $package"
407 407 fi
408 408 done
409 409
410 410 # If there are missing packages ask confirmation for install, or exit
411 411 if [ -n "$MISSING_PACKAGES" ] ; then
412 412 echo "the following packages needed by this script are not installed:"
413 413 echo "$MISSING_PACKAGES"
414 414
415 415 printf "\ndo you want to install the missing packages right now? [y/n] "
416 416 read -r confirm
417 417 [ "$confirm" != "y" ] && exit 1
418 418
419 419 # Make sure all missing required packages are installed
420 420 apt-get -qq -y install "${MISSING_PACKAGES}"
421 421 fi
422 422
423 423 # Check if ./bootstrap.d directory exists
424 424 if [ ! -d "./bootstrap.d/" ] ; then
425 425 echo "error: './bootstrap.d' required directory not found!"
426 426 exit 1
427 427 fi
428 428
429 429 # Check if ./files directory exists
430 430 if [ ! -d "./files/" ] ; then
431 431 echo "error: './files' required directory not found!"
432 432 exit 1
433 433 fi
434 434
435 435 # Check if specified KERNELSRC_DIR directory exists
436 436 if [ -n "$KERNELSRC_DIR" ] && [ ! -d "$KERNELSRC_DIR" ] ; then
437 437 echo "error: '${KERNELSRC_DIR}' specified directory not found (KERNELSRC_DIR)!"
438 438 exit 1
439 439 fi
440 440
441 441 # Check if specified UBOOTSRC_DIR directory exists
442 442 if [ -n "$UBOOTSRC_DIR" ] && [ ! -d "$UBOOTSRC_DIR" ] ; then
443 443 echo "error: '${UBOOTSRC_DIR}' specified directory not found (UBOOTSRC_DIR)!"
444 444 exit 1
445 445 fi
446 446
447 447 # Check if specified VIDEOCORESRC_DIR directory exists
448 448 if [ -n "$VIDEOCORESRC_DIR" ] && [ ! -d "$VIDEOCORESRC_DIR" ] ; then
449 449 echo "error: '${VIDEOCORESRC_DIR}' specified directory not found (VIDEOCORESRC_DIR)!"
450 450 exit 1
451 451 fi
452 452
453 453 # Check if specified FBTURBOSRC_DIR directory exists
454 454 if [ -n "$FBTURBOSRC_DIR" ] && [ ! -d "$FBTURBOSRC_DIR" ] ; then
455 455 echo "error: '${FBTURBOSRC_DIR}' specified directory not found (FBTURBOSRC_DIR)!"
456 456 exit 1
457 457 fi
458 458
459 459 # Check if specified CHROOT_SCRIPTS directory exists
460 460 if [ -n "$CHROOT_SCRIPTS" ] && [ ! -d "$CHROOT_SCRIPTS" ] ; then
461 461 echo "error: ${CHROOT_SCRIPTS} specified directory not found (CHROOT_SCRIPTS)!"
462 462 exit 1
463 463 fi
464 464
465 465 # Check if specified device mapping already exists (will be used by cryptsetup)
466 466 if [ -r "/dev/mapping/${CRYPTFS_MAPPING}" ] ; then
467 467 echo "error: mapping /dev/mapping/${CRYPTFS_MAPPING} already exists, not proceeding"
468 468 exit 1
469 469 fi
470 470
471 471 # Don't clobber an old build
472 472 if [ -e "$BUILDDIR" ] ; then
473 473 echo "error: directory ${BUILDDIR} already exists, not proceeding"
474 474 exit 1
475 475 fi
476 476
477 477 # Setup chroot directory
478 478 mkdir -p "${R}"
479 479
480 480 # Check if build directory has enough of free disk space >512MB
481 481 if [ "$(df --output=avail "${BUILDDIR}" | sed "1d")" -le "524288" ] ; then
482 482 echo "error: ${BUILDDIR} not enough space left to generate the output image!"
483 483 exit 1
484 484 fi
485 485
486 486 set -x
487 487
488 488 # Call "cleanup" function on various signals and errors
489 489 trap cleanup 0 1 2 3 6
490 490
491 491 # Add required packages for the minbase installation
492 492 if [ "$ENABLE_MINBASE" = true ] ; then
493 493 APT_INCLUDES="${APT_INCLUDES},vim-tiny,netbase,net-tools,ifupdown"
494 494 fi
495 495
496 496 # Add parted package, required to get partprobe utility
497 497 if [ "$EXPANDROOT" = true ] ; then
498 498 APT_INCLUDES="${APT_INCLUDES},parted"
499 499 fi
500 500
501 501 # Add dbus package, recommended if using systemd
502 502 if [ "$ENABLE_DBUS" = true ] ; then
503 503 APT_INCLUDES="${APT_INCLUDES},dbus"
504 504 fi
505 505
506 506 # Add iptables IPv4/IPv6 package
507 507 if [ "$ENABLE_IPTABLES" = true ] ; then
508 508 APT_INCLUDES="${APT_INCLUDES},iptables,iptables-persistent"
509 509 fi
510 510
511 511 # Add openssh server package
512 512 if [ "$ENABLE_SSHD" = true ] ; then
513 513 APT_INCLUDES="${APT_INCLUDES},openssh-server"
514 514 fi
515 515
516 516 # Add alsa-utils package
517 517 if [ "$ENABLE_SOUND" = true ] ; then
518 518 APT_INCLUDES="${APT_INCLUDES},alsa-utils"
519 519 fi
520 520
521 521 # Add rng-tools package
522 522 if [ "$ENABLE_HWRANDOM" = true ] ; then
523 523 APT_INCLUDES="${APT_INCLUDES},rng-tools"
524 524 fi
525 525
526 526 # Add fbturbo video driver
527 527 if [ "$ENABLE_FBTURBO" = true ] ; then
528 528 # Enable xorg package dependencies
529 529 ENABLE_XORG=true
530 530 fi
531 531
532 532 # Add user defined window manager package
533 533 if [ -n "$ENABLE_WM" ] ; then
534 534 APT_INCLUDES="${APT_INCLUDES},${ENABLE_WM}"
535 535
536 536 # Enable xorg package dependencies
537 537 ENABLE_XORG=true
538 538 fi
539 539
540 540 # Add xorg package
541 541 if [ "$ENABLE_XORG" = true ] ; then
542 542 APT_INCLUDES="${APT_INCLUDES},xorg,dbus-x11"
543 543 fi
544 544
545 545 # Replace selected packages with smaller clones
546 546 if [ "$ENABLE_REDUCE" = true ] ; then
547 547 # Add levee package instead of vim-tiny
548 548 if [ "$REDUCE_VIM" = true ] ; then
549 549 APT_INCLUDES="$(echo ${APT_INCLUDES} | sed "s/vim-tiny/levee/")"
550 550 fi
551 551
552 552 # Add dropbear package instead of openssh-server
553 553 if [ "$REDUCE_SSHD" = true ] ; then
554 554 APT_INCLUDES="$(echo "${APT_INCLUDES}" | sed "s/openssh-server/dropbear/")"
555 555 fi
556 556 fi
557 557
558 558 # Configure systemd-sysv exclude to make halt/reboot/shutdown scripts available
559 559 if [ "$ENABLE_SYSVINIT" = false ] ; then
560 560 APT_EXCLUDES="--exclude=${APT_EXCLUDES},init,systemd-sysv"
561 561 fi
562 562
563 563 # Configure kernel sources if no KERNELSRC_DIR
564 564 if [ "$BUILD_KERNEL" = true ] && [ -z "$KERNELSRC_DIR" ] ; then
565 565 KERNELSRC_CONFIG=true
566 566 fi
567 567
568 568 # Configure reduced kernel
569 569 if [ "$KERNEL_REDUCE" = true ] ; then
570 570 KERNELSRC_CONFIG=false
571 571 fi
572 572
573 573 # Configure qemu compatible kernel
574 574 if [ "$ENABLE_QEMU" = true ] ; then
575 575 DTB_FILE=vexpress-v2p-ca15_a7.dtb
576 576 UBOOT_CONFIG=vexpress_ca15_tc2_defconfig
577 577 KERNEL_DEFCONFIG="vexpress_defconfig"
578 578 if [ "$KERNEL_MENUCONFIG" = false ] ; then
579 579 KERNEL_OLDDEFCONFIG=true
580 580 fi
581 581 fi
582 582
583 583 # Execute bootstrap scripts
584 584 for SCRIPT in bootstrap.d/*.sh; do
585 585 head -n 3 "$SCRIPT"
586 586 . "$SCRIPT"
587 587 done
588 588
589 589 ## Execute custom bootstrap scripts
590 590 if [ -d "custom.d" ] ; then
591 591 for SCRIPT in custom.d/*.sh; do
592 592 . "$SCRIPT"
593 593 done
594 594 fi
595 595
596 596 # Execute custom scripts inside the chroot
597 597 if [ -n "$CHROOT_SCRIPTS" ] && [ -d "$CHROOT_SCRIPTS" ] ; then
598 598 cp -r "${CHROOT_SCRIPTS}" "${R}/chroot_scripts"
599 599 chroot_exec /bin/bash -x <<'EOF'
600 600 for SCRIPT in /chroot_scripts/* ; do
601 601 if [ -f $SCRIPT -a -x $SCRIPT ] ; then
602 602 $SCRIPT
603 603 fi
604 604 done
605 605 EOF
606 606 rm -rf "${R}/chroot_scripts"
607 607 fi
608 608
609 609 # Remove c/c++ build environment from the chroot
610 610 chroot_remove_cc
611 611
612 612 # Generate required machine-id
613 613 MACHINE_ID=$(dbus-uuidgen)
614 614 echo -n "${MACHINE_ID}" > "${R}/var/lib/dbus/machine-id"
615 615 echo -n "${MACHINE_ID}" > "${ETC_DIR}/machine-id"
616 616
617 617 # APT Cleanup
618 618 chroot_exec apt-get -y clean
619 619 chroot_exec apt-get -y autoclean
620 620 chroot_exec apt-get -y autoremove
621 621
622 622 # Unmount mounted filesystems
623 623 umount -l "${R}/proc"
624 624 umount -l "${R}/sys"
625 625
626 626 # Clean up directories
627 627 rm -rf "${R}/run/*"
628 628 rm -rf "${R}/tmp/*"
629 629
630 630 # Clean up files
631 631 rm -f "${ETC_DIR}/ssh/ssh_host_*"
632 632 rm -f "${ETC_DIR}/dropbear/dropbear_*"
633 633 rm -f "${ETC_DIR}/apt/sources.list.save"
634 634 rm -f "${ETC_DIR}/resolvconf/resolv.conf.d/original"
635 635 rm -f "${ETC_DIR}/*-"
636 636 rm -f "${ETC_DIR}/apt/apt.conf.d/10proxy"
637 637 rm -f "${ETC_DIR}/resolv.conf"
638 638 rm -f "${R}/root/.bash_history"
639 639 rm -f "${R}/var/lib/urandom/random-seed"
640 640 rm -f "${R}/initrd.img"
641 641 rm -f "${R}/vmlinuz"
642 642 rm -f "${R}${QEMU_BINARY}"
643 643
644 644 if [ "$ENABLE_QEMU" = true ] ; then
645 645 # Setup QEMU directory
646 646 mkdir "${BASEDIR}/qemu"
647 647
648 648 # Copy kernel image to QEMU directory
649 649 install_readonly "${BOOT_DIR}/${KERNEL_IMAGE}" "${BASEDIR}/qemu/${KERNEL_IMAGE}"
650 650
651 651 # Copy kernel config to QEMU directory
652 652 install_readonly "${R}/boot/config-${KERNEL_VERSION}" "${BASEDIR}/qemu/config-${KERNEL_VERSION}"
653 653
654 654 # Copy kernel dtbs to QEMU directory
655 655 for dtb in "${BOOT_DIR}/"*.dtb ; do
656 656 if [ -f "${dtb}" ] ; then
657 657 install_readonly "${dtb}" "${BASEDIR}/qemu/"
658 658 fi
659 659 done
660 660
661 661 # Copy kernel overlays to QEMU directory
662 662 if [ -d "${BOOT_DIR}/overlays" ] ; then
663 663 # Setup overlays dtbs directory
664 664 mkdir "${BASEDIR}/qemu/overlays"
665 665
666 666 for dtb in "${BOOT_DIR}/overlays/"*.dtb ; do
667 667 if [ -f "${dtb}" ] ; then
668 668 install_readonly "${dtb}" "${BASEDIR}/qemu/overlays/"
669 669 fi
670 670 done
671 671 fi
672 672
673 673 # Copy u-boot files to QEMU directory
674 674 if [ "$ENABLE_UBOOT" = true ] ; then
675 675 if [ -f "${BOOT_DIR}/u-boot.bin" ] ; then
676 676 install_readonly "${BOOT_DIR}/u-boot.bin" "${BASEDIR}/qemu/u-boot.bin"
677 677 fi
678 678 if [ -f "${BOOT_DIR}/uboot.mkimage" ] ; then
679 679 install_readonly "${BOOT_DIR}/uboot.mkimage" "${BASEDIR}/qemu/uboot.mkimage"
680 680 fi
681 681 if [ -f "${BOOT_DIR}/boot.scr" ] ; then
682 682 install_readonly "${BOOT_DIR}/boot.scr" "${BASEDIR}/qemu/boot.scr"
683 683 fi
684 684 fi
685 685
686 686 # Copy initramfs to QEMU directory
687 687 if [ -f "${BOOT_DIR}/initramfs-${KERNEL_VERSION}" ] ; then
688 688 install_readonly "${BOOT_DIR}/initramfs-${KERNEL_VERSION}" "${BASEDIR}/qemu/initramfs-${KERNEL_VERSION}"
689 689 fi
690 690 fi
691 691
692 692 # Calculate size of the chroot directory in KB
693 693 CHROOT_SIZE=$(expr "$(du -s "${R}" | awk '{ print $1 }')")
694 694
695 695 # Calculate the amount of needed 512 Byte sectors
696 696 TABLE_SECTORS=$(expr 1 \* 1024 \* 1024 \/ 512)
697 697 FRMW_SECTORS=$(expr 64 \* 1024 \* 1024 \/ 512)
698 698 ROOT_OFFSET=$(expr "${TABLE_SECTORS}" + "${FRMW_SECTORS}")
699 699
700 700 # The root partition is EXT4
701 701 # This means more space than the actual used space of the chroot is used.
702 702 # As overhead for journaling and reserved blocks 35% are added.
703 703 ROOT_SECTORS=$(expr "$(expr "${CHROOT_SIZE}" + "${CHROOT_SIZE}" \/ 100 \* 35)" \* 1024 \/ 512)
704 704
705 705 # Calculate required image size in 512 Byte sectors
706 706 IMAGE_SECTORS=$(expr "${TABLE_SECTORS}" + "${FRMW_SECTORS}" + "${ROOT_SECTORS}")
707 707
708 708 # Prepare image file
709 709 if [ "$ENABLE_SPLITFS" = true ] ; then
710 710 dd if=/dev/zero of="$IMAGE_NAME-frmw.img" bs=512 count="${TABLE_SECTORS}"
711 711 dd if=/dev/zero of="$IMAGE_NAME-frmw.img" bs=512 count=0 seek="${FRMW_SECTORS}"
712 712 dd if=/dev/zero of="$IMAGE_NAME-root.img" bs=512 count="${TABLE_SECTORS}"
713 713 dd if=/dev/zero of="$IMAGE_NAME-root.img" bs=512 count=0 seek="${ROOT_SECTORS}"
714 714
715 715 # Write firmware/boot partition tables
716 716 sfdisk -q -L -uS -f "$IMAGE_NAME-frmw.img" 2> /dev/null <<EOM
717 717 ${TABLE_SECTORS},${FRMW_SECTORS},c,*
718 718 EOM
719 719
720 720 # Write root partition table
721 721 sfdisk -q -L -uS -f "$IMAGE_NAME-root.img" 2> /dev/null <<EOM
722 722 ${TABLE_SECTORS},${ROOT_SECTORS},83
723 723 EOM
724 724
725 725 # Setup temporary loop devices
726 726 FRMW_LOOP="$(losetup -o 1M --sizelimit 64M -f --show "$IMAGE_NAME"-frmw.img)"
727 727 ROOT_LOOP="$(losetup -o 1M -f --show "$IMAGE_NAME"-root.img)"
728 728 else # ENABLE_SPLITFS=false
729 729 dd if=/dev/zero of="$IMAGE_NAME.img" bs=512 count="${TABLE_SECTORS}"
730 730 dd if=/dev/zero of="$IMAGE_NAME.img" bs=512 count=0 seek="${IMAGE_SECTORS}"
731 731
732 732 # Write partition table
733 733 sfdisk -q -L -uS -f "$IMAGE_NAME.img" 2> /dev/null <<EOM
734 734 ${TABLE_SECTORS},${FRMW_SECTORS},c,*
735 735 ${ROOT_OFFSET},${ROOT_SECTORS},83
736 736 EOM
737 737
738 738 # Setup temporary loop devices
739 739 FRMW_LOOP="$(losetup -o 1M --sizelimit 64M -f --show "$IMAGE_NAME".img)"
740 740 ROOT_LOOP="$(losetup -o 65M -f --show "$IMAGE_NAME".img)"
741 741 fi
742 742
743 743 if [ "$ENABLE_CRYPTFS" = true ] ; then
744 744 # Create dummy ext4 fs
745 745 mkfs.ext4 "$ROOT_LOOP"
746 746
747 747 # Setup password keyfile
748 748 touch .password
749 749 chmod 600 .password
750 750 echo -n ${CRYPTFS_PASSWORD} > .password
751 751
752 752 # Initialize encrypted partition
753 753 echo "YES" | cryptsetup luksFormat "${ROOT_LOOP}" -c "${CRYPTFS_CIPHER}" -s "${CRYPTFS_XTSKEYSIZE}" .password
754 754
755 755 # Open encrypted partition and setup mapping
756 756 cryptsetup luksOpen "${ROOT_LOOP}" -d .password "${CRYPTFS_MAPPING}"
757 757
758 758 # Secure delete password keyfile
759 759 shred -zu .password
760 760
761 761 # Update temporary loop device
762 762 ROOT_LOOP="/dev/mapper/${CRYPTFS_MAPPING}"
763 763
764 764 # Wipe encrypted partition (encryption cipher is used for randomness)
765 765 dd if=/dev/zero of="${ROOT_LOOP}" bs=512 count="$(blockdev --getsz "${ROOT_LOOP}")"
766 766 fi
767 767
768 768 # Build filesystems
769 769 mkfs.vfat "$FRMW_LOOP"
770 770 mkfs.ext4 "$ROOT_LOOP"
771 771
772 772 # Mount the temporary loop devices
773 773 mkdir -p "$BUILDDIR/mount"
774 774 mount "$ROOT_LOOP" "$BUILDDIR/mount"
775 775
776 776 mkdir -p "$BUILDDIR/mount/boot/firmware"
777 777 mount "$FRMW_LOOP" "$BUILDDIR/mount/boot/firmware"
778 778
779 779 # Copy all files from the chroot to the loop device mount point directory
780 780 rsync -a "${R}/" "$BUILDDIR/mount/"
781 781
782 782 # Unmount all temporary loop devices and mount points
783 783 cleanup
784 784
785 785 # Create block map file(s) of image(s)
786 786 if [ "$ENABLE_SPLITFS" = true ] ; then
787 787 # Create block map files for "bmaptool"
788 788 bmaptool create -o "$IMAGE_NAME-frmw.bmap" "$IMAGE_NAME-frmw.img"
789 789 bmaptool create -o "$IMAGE_NAME-root.bmap" "$IMAGE_NAME-root.img"
790 790
791 791 # Image was successfully created
792 792 echo "$IMAGE_NAME-frmw.img ($(expr \( "${TABLE_SECTORS}" + "${FRMW_SECTORS}" \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
793 793 echo "$IMAGE_NAME-root.img ($(expr \( "${TABLE_SECTORS}" + "${ROOT_SECTORS}" \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
794 794 else
795 795 # Create block map file for "bmaptool"
796 796 bmaptool create -o "$IMAGE_NAME.bmap" "$IMAGE_NAME.img"
797 797
798 798 # Image was successfully created
799 799 echo "$IMAGE_NAME.img ($(expr \( "${TABLE_SECTORS}" + "${FRMW_SECTORS}" + "${ROOT_SECTORS}" \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
800 800
801 801 # Create qemu qcow2 image
802 802 if [ "$ENABLE_QEMU" = true ] ; then
803 803 QEMU_IMAGE=${QEMU_IMAGE:=${BASEDIR}/qemu/${DATE}-${KERNEL_ARCH}-CURRENT-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}}
804 804 QEMU_SIZE=16G
805 805
806 806 qemu-img convert -f raw -O qcow2 "$IMAGE_NAME".img "$QEMU_IMAGE".qcow2
807 807 qemu-img resize "$QEMU_IMAGE".qcow2 $QEMU_SIZE
808 808
809 809 echo "$QEMU_IMAGE.qcow2 ($QEMU_SIZE)" ": successfully created"
810 810 fi
811 811 fi
General Comments 0
Vous devez vous connecter pour laisser un commentaire. Se connecter maintenant