Raspi2-3_GenImage Commit - r776:3332c4bc4391 · Collaboration Tremplin des Sciences

Merge branch 'contribGV' of http://depot.tremplin.ens-lyon.fr/Raspi2-3_GenImage into contribGV

vidal -

r776:3332c4bc4391 contribGV

parent child

Context file:

r776:3332c4bc4391

README.md +5 -1

             # rpi23-gen-image
             ## Introduction
             `rpi23-gen-image.sh` is an advanced Debian Linux bootstrapping shell script for generating Debian OS images for all Raspberry Pi computers. The script at this time supports the bootstrapping of the Debian (armhf/armel) releases `stretch` and `buster`. Raspberry Pi 0/1/2/3/4 images are generated for 32-bit mode only. Raspberry Pi 3 supports 64-bit images that can be generated using custom configuration parameters (```templates/rpi3-stretch-arm64-4.14.y```).
             ## Build dependencies
             The following list of Debian packages must be installed on the build system because they are essentially required for the bootstrapping process. The script will check if all required packages are installed and missing packages will be installed automatically if confirmed by the user.
               ```debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git bc psmisc dbus sudo```
             It is recommended to configure the `rpi23-gen-image.sh` script to build and install the latest Raspberry Pi Linux kernel. For the Raspberry 3 this is mandatory. Kernel compilation and linking will be performed on the build system using an ARM (armhf/armel/aarch64) cross-compiler toolchain.
             The script has been tested using the default `crossbuild-essential-armhf` and `crossbuild-essential-armel` toolchain meta packages on Debian Linux `stretch` build systems. Please check the [Debian CrossToolchains Wiki](https://wiki.debian.org/CrossToolchains) for further information.
             ## Command-line parameters
             The script accepts certain command-line parameters to enable or disable specific OS features, services and configuration settings. These parameters are passed to the `rpi23-gen-image.sh` script via (simple) shell-variables. Unlike environment shell-variables (simple) shell-variables are defined at the beginning of the command-line call of the `rpi23-gen-image.sh` script.
             ##### Command-line examples:
             ```shell
             ENABLE_UBOOT=true ./rpi23-gen-image.sh
             ENABLE_CONSOLE=false ENABLE_IPV6=false ./rpi23-gen-image.sh
             ENABLE_WM=xfce4 ENABLE_FBTURBO=true ENABLE_MINBASE=true ./rpi23-gen-image.sh
             ENABLE_HARDNET=true ENABLE_IPTABLES=true /rpi23-gen-image.sh
             APT_SERVER=ftp.de.debian.org APT_PROXY="http://127.0.0.1:3142/" ./rpi23-gen-image.sh
             ENABLE_MINBASE=true ./rpi23-gen-image.sh
             BUILD_KERNEL=true ENABLE_MINBASE=true ENABLE_IPV6=false ./rpi23-gen-image.sh
             BUILD_KERNEL=true KERNELSRC_DIR=/tmp/linux ./rpi23-gen-image.sh
             ENABLE_MINBASE=true ENABLE_REDUCE=true ENABLE_MINGPU=true BUILD_KERNEL=true ./rpi23-gen-image.sh
             ENABLE_CRYPTFS=true CRYPTFS_PASSWORD=changeme EXPANDROOT=false ENABLE_MINBASE=true ENABLE_REDUCE=true ENABLE_MINGPU=true BUILD_KERNEL=true ./rpi23-gen-image.sh
             RELEASE=buster BUILD_KERNEL=true ./rpi23-gen-image.sh
             RPI_MODEL=3 ENABLE_WIRELESS=true ENABLE_MINBASE=true BUILD_KERNEL=true ./rpi23-gen-image.sh
             RELEASE=buster RPI_MODEL=3 ENABLE_WIRELESS=true ENABLE_MINBASE=true BUILD_KERNEL=true ./rpi23-gen-image.sh
             ```
             ## Configuration template files
             To avoid long lists of command-line parameters and to help to store the favourite parameter configurations the `rpi23-gen-image.sh` script supports so called configuration template files (`CONFIG_TEMPLATE`=template). These are simple text files located in the `./templates` directory that contain the list of configuration parameters that will be used. New configuration template files can be added to the `./templates` directory.
             ##### Command-line examples:
             ```shell
             CONFIG_TEMPLATE=rpi3stretch ./rpi23-gen-image.sh
             CONFIG_TEMPLATE=rpi2stretch ./rpi23-gen-image.sh
             ```
             ## Working with the your template:
              * **A Pipe ("|") represents a logical OR**
              * **A valuetype of boolean represents the options true or false**
              * **Values without a default are required if you want do use that feature. It is possible that not every feature has a (working) sanity check.**
              * **If it's not working as expected, search your option in all the files in this repository (With e.g.grep or notepad++).**
              * **Check if your missing a required option while looking at the code**
             ## Supported parameters and settings
             #### APT settings:
             |Option|Value|default value|value format|desciption|
             |---|---|---|---|---|
             |APT_SERVER|string|ftp.debian.org|`URL`|Set Debian packages server address. Choose a server from the list of Debian worldwide [mirror sites](https://www.debian.org/mirror/list). Using a nearby server will probably speed-up all required downloads within the bootstrapping process.|
             |APT_PROXY|string||`URL`|Set Proxy server address. Using a local Proxy-Cache like `apt-cacher-ng` will speed-up the bootstrapping process because all required Debian packages will only be downloaded from the Debian mirror site once. If `apt-cacher-ng` is running on default `http://127.0.0.1:3142` it is autodetected and you don't need to set this.|
             |KEEP_APT_PROXY|boolean|false|`true`\|`false`|true=Keep the APT_PROXY settings used in the bootsrapping process in the generated image|
             |APT_INCLUDES|string list||`packageA`,`packageB`,...|A comma-separated list of additional packages to be installed by debootstrap during bootstrapping.|
             |APT_INCLUDES_LATE|string list||`packageA`,`packageB`,...|A comma-separated list of additional packages to be installed by apt after bootstrapping and after APT sources are set up.  This is useful for packages with pre-depends, which debootstrap do not handle well.|
             |APT_EXCLUDES|string list||`packageA`,`packageB`,...|A comma-separated list of packages to exclude. Use carefully|
             ---
             #### General system settings:
             |Option|Value|default value|value format|desciption|
             |---|---|---|---|---|
             |SET_ARCH|integer|32|`32`\|`64`|Set Architecture to default 32bit. If you want to compile 64-bit (RPI3/RPI3+/RPI4) set it to `64`. This option will set every needed cross-compiler or board specific option for a successful build.|
             |RPI_MODEL|string|3P|`0`\|`1`\|`1P`\|`2`\|`3`\|`3P`\|`4`|Set Architecture. This option will set most build options accordingly. Specify the target Raspberry Pi hardware model.|
             |RELEASE|string|buster|`jessie`\|`buster`\|`stretch`<br>\|`bullseye`\|`testing`\|`stable`<br>\|`oldstable`|Set the desired Debian release name. The script at this time supports the bootstrapping of the Debian releases `stretch` and `buster`.|
             |HOSTNAME|string|RPI_MODEL-RELEASE(e.g. RPI3-buster)|`SomeImageName.img`|Set system hostname. It's recommended that the hostname is unique in the corresponding subnet.|
             |DEFLOCAL|string|en_US.UTF-8|`Locale.Charset`|Set default system locale. This setting can also be changed inside the running OS using the `dpkg-reconfigure locales` command. Please note that on using this parameter the script will automatically install the required packages `locales`, `keyboard-configuration` and `console-setup`.|
             |TIMEZONE|string|Europe/Berlin|`Timezone`|Set default system timezone. All available timezones can be found in the `/usr/share/zoneinfo/` directory. This setting can also be changed inside the running OS using the `dpkg-reconfigure tzdata` command.|
             |EXPANDROOT|boolean|true|`true`\|`false`|true=Expand the root partition and filesystem automatically on first boot|
             ---
             #### User settings:
             |Option|Value|default value|desciption|
             |---|---|---|---|
             |ENABLE_ROOT|boolean|false|true=root login if ROOT_PASSWORD is set|
             |ROOT_PASSWORD|string|raspberry|Set password for `root` user. It's **STRONGLY** recommended that you choose a custom password.|
             |ENABLE_USER|boolean|true|true=Create non-root user with password `USER_PASSWORD` and username `USER_NAME`|
             |USER_NAME|string|pi|Set username for non-root user, if `ENABLE_USER` is true|
             |USER_PASSWORD|string|raspberry|Set password for non-root user, if `ENABLE_USER` is true. It's **STRONGLY** recommended that you choose a custom password.|
             ---
             #### Keyboard settings:
             These options are used to configure keyboard layout in `/etc/default/keyboard` for console and Xorg. These settings can also be changed inside the running OS using the `dpkg-reconfigure keyboard-configuration` command.
             |Option|Value|default value|value format|desciption|
             |---|---|---|---|---|
             |XKB_MODEL|string||`pc104`|Set the name of the model of your keyboard type|
             |XKB_LAYOUT|string||`us`|Set the supported keyboard layout(s)|
             |XKB_VARIANT|string||`basic`|Set the supported variant(s) of the keyboard layout(s)|
             |XKB_OPTIONS|string||`grp:alt_shift_toggle`|Set extra xkb configuration options|
             ---
             #### Networking settings:
             ethernet setting go to `/etc/systemd/network/eth0.network`.
             wifi settings go to `/etc/systemd/network/wlan0.network`.
             The default location of network configuration files in the Debian `stretch` release was changed to `/lib/systemd/network`.`
             |Option|Value|default value|desciption|
             |---|---|---|---|
             |ENABLE_IPV6|boolean|true|true=Enable IPv6 support via systemd-networkd|
             |ENABLE_WIRELESS|boolean|false|true=Download and install the [closed-source firmware binary blob](https://github.com/RPi-Distro/firmware-nonfree/raw/master/brcm) that is required to run the internal wireless interface of the Raspberry Pi model `3`. This parameter is ignored if the specified `RPI_MODEL` is not `0`,`3`,`3P`,`4`|
             |ENABLE_IPTABLES|boolean|false|true=Enable iptables IPv4/IPv6 firewall. Simplified ruleset: Allow all outgoing connections. Block all incoming connections except to OpenSSH service.|
             |ENABLE_HARDNET|boolean|false|true=Enable IPv4/IPv6 network stack hardening settings|
             |ENABLE_IFNAMES|boolean|true|true=creates complex and long interface names like e.g. encx8945924. Enable automatic assignment of predictable, stable network interface names for all NICs|
             ---
             #### Networking settings (DHCP):
             |Option|Value|default value|desciption|
             |---|---|---|---|
             |ENABLE_ETH_DHCP|boolean|true|Set the system to use DHCP on wired interface. This requires an DHCP server|
             |ENABLE_WIFI_DHCP|boolean|true|Set the system to use DHCP on wifi interface. This requires an DHCP server. Requires ENABLE_WIRELESS|
             ---
             #### Networking settings (ethernet static):
             The following static networking parameters are only supported if `ENABLE_ETH_DHCP` was set to `false`.
             |Option|Value|value format|desciption|
             |---|---|---|---|
             |NET_ETH_ADDRESS|string|`CIDR`|static IPv4 or IPv6 address and its prefix, separated by "/", eg. "192.169.0.3/24"|
             |NET_ETH_GATEWAY|string|`IP`|default gateway|
             |NET_ETH_DNS_1|string|`IP`|first DNS server|
             |NET_ETH_DNS_2|string|`IP`|second DNS server|
             |NET_ETH_DNS_DOMAINS|string|`example.local`|default DNS search domains to use for non fully qualified hostnames|
             |NET_ETH_NTP_1|string|`IP`|first NTP server|
             |NET_ETH_NTP_2|string|`IP`|second NTP server|
             ---
             #### Networking settings (WIFI):
             |Option|Value|value format|desciption|
             |---|---|---|---|
             |NET_WIFI_SSID|string|`yourwifiname`|WIFI SSID|
             |NET_WIFI_PSK|string|`yourwifikeytojoinnetwork`|WPA/WPA2 PSK|
             ---
             #### Networking settings (WIFI static):
             The following static networking parameters are only supported if `ENABLE_WIFI_DHCP` was set to `false`.
             |Option|Value|value format|desciption|
             |---|---|---|---|
             |NET_WIFI_ADDRESS|string|`CIDR`|static IPv4 or IPv6 address and its prefix, separated by "/", eg. "192.169.0.3/24"|
             |NET_WIFI_GATEWAY|string|`IP`|default gateway|
             |NET_WIFI_DNS_1|string|`IP`|first DNS server|
             |NET_WIFI_DNS_2|string|`IP`|second DNS server|
             |NET_WIFI_DNS_DOMAINS|string|`example.local`|default DNS search domains to use for non fully qualified hostnames|
             |NET_WIFI_NTP_1|string|`IP`|first NTP server|
             |NET_WIFI_NTP_2|string|`IP`|second NTP server|
             ---
             #### Basic system features:
             |Option|Value|default value|value format|desciption|
             |---|---|---|---|---|
             |ENABLE_CONSOLE|boolean|false|`true`\|`false`|true=Enable serial console interface.Recommended if no monitor or keyboard is connected to the RPi2/3. In case of problems fe. if the network (auto) configuration failed - the serial console can be used to access the system. On RPI `0` `3` `3P` the CPU speed is locked at lowest speed.|
             |ENABLE_PRINTK|boolean|false|`true`\|`false`|true=Enables printing kernel messages to konsole. printk is `3 4 1 3` as in raspbian|
             |ENABLE_BLUETOOTH|boolean|false|`true`\|`false`|true=Enable onboard Bluetooth interface on the RPi0/3/3P. See: [Configuring the GPIO serial port on Raspbian jessie and stretch](https://spellfoundry.com/2016/05/29/configuring-gpio-serial-port-raspbian-jessie-including-pi-3/)|
             |ENABLE_MINIUART_OVERLAY|boolean|false|`true`\|`false`|true=Enable Bluetooth to use this. Adds overlay to swap UART0 with UART1. Enabling (slower) Bluetooth and full speed serial console. - RPI `0` `3` `3P` have a fast `hardware UART0` (ttyAMA0) and a `mini UART1` (ttyS0)! RPI `1` `1P` `2` only have a `hardware UART0`. `UART0` is considered better, because is faster and more stable than `mini UART1`. By default the Bluetooth modem is mapped to the `hardware UART0` and `mini UART` is used for console. The `mini UART` is a problem for the serial console, because its baudrate depends on the CPU frequency, which is changing on runtime. Resulting in a volatile baudrate and thus in an unusable serial console.|
             |ENABLE_TURBO|boolean|false|`true`\|`false`|true=Enable Turbo mode. This setting locks cpu at the highest frequency. As setting ENABLE_CONSOLE=true locks RPI to lowest CPU speed, this is can be used additionally to lock cpu hat max speed. Need a good power supply and probably cooling for the Raspberry PI|
             |ENABLE_I2C|boolean|true|`true`\|`false`|true=Enable I2C interface on the RPi 0/1/2/3. Please check the [RPi 0/1/2/3 pinout diagrams](https://elinux.org/RPi_Low-level_peripherals) to connect the right GPIO pins|
             |ENABLE_SPI|boolean|true|`true`\|`false`|true=Enable SPI interface on the RPi 0/1/2/3. Please check the [RPi 0/1/2/3 pinout diagrams](https://elinux.org/RPi_Low-level_peripherals) to connect the right GPIO pins|
             |SSH_ENABLE|boolean|true|`true`\|`false`|Install and enable OpenSSH service. The default configuration of the service doesn't allow `root` to login. Please use the user `pi` instead and `su -` or `sudo` to execute commands as root|
             |ENABLE_NONFREE|boolean|false|`true`\|`false`|true=enable non-free\|false=disable non free. Edits /etc/apt/sources.list in your resulting image|
             |ENABLE_RSYSLOG|boolean|false|`true`\|`false`|true=keep rsyslog\|false=remove rsyslog. If rsyslog is removed (false), logs will be available only in journal files)|
             |ENABLE_SOUND|boolean|false|`true`\|`false`|true=Enable sound\|false=Disable sound|
             |ENABLE_HWRANDOM|boolean|true|`true`\|`false`|true=Enable Hardware Random Number Generator(RNG)\|false=Disable Hardware RNG\|Strong random numbers are important for most network-based communications that use encryption. It's recommended to be enabled|
             |ENABLE_MINGPU|boolean|false|`true`\|`false`|true=GPU 16MB RAM\|false=64MB RAM\|Minimize the amount of shared memory reserved for the GPU. It doesn't seem to be possible to fully disable the GPU. Also removes start.elf,fixup.dat,start_x.elf,fixup_x.dat form /boot|
             |ENABLE_XORG|boolean|false|`true`\|`false`|true=Install Xorg X Window System|\false=install no Xorg|
             |ENABLE_WM|string||`blackbox`, `openbox`, `fluxbox`,<br> `jwm`, `dwm`, `xfce4`, `awesome`|Install a user-defined window manager for the X Window System. To make sure all X related package dependencies are getting installed `ENABLE_XORG` will automatically set true if `ENABLE_WM` is used|
             |ENABLE_SYSVINIT|boolean|false|`true`\|`false`|true=Support for halt,init,poweroff,reboot,runlevel,shutdown,init commands\|false=use systemd commands|
             |ENABLE_SPLASH|boolean|true|`true`\|`false`|true=Enable default Raspberry Pi boot up rainbow splash screen|
             |ENABLE_LOGO|boolean|true|`true`\|`false`|true=Enable default Raspberry Pi console logo (image of four raspberries in the top left corner)|
             |ENABLE_SILENT_BOOT|boolean|false|`true`\|`false`|true=Set the verbosity of console messages shown during boot up to a strict minimum|
             |DISABLE_UNDERVOLT_WARNINGS|integer||`1`\|`2`|Unset to keep default behaviour. Setting the parameter to `1` will disable the warning overlay. Setting it to `2` will additionally allow RPi2/3 turbo mode when low-voltage is present|
             ---
             #### Advanced system features:
             |Option|Value|default value|value format|desciption|
             |---|---|---|---|---|
             |ENABLE_DPHYSSWAP|boolean|true|`true`\|`false`|Enable swap. The size of the swapfile is chosen relative to the size of the root partition. It'll use the `dphys-swapfile` package for that|
             |ENABLE_SYSTEMDSWAP|boolean|false|`true`\|`false`|Enables [Systemd-swap service](https://github.com/Nefelim4ag/systemd-swap). Usefull if `KERNEL_ZSWAP` is enabled|
             |ENABLE_QEMU|boolean|false|`true`\|`false`|Generate kernel (`vexpress_defconfig`), file system image (`qcow2`) and DTB files that can be used for QEMU full system emulation (`vexpress-A15`). The output files are stored in the `$(pwd)/images/qemu` directory. You can find more information about running the generated image in the QEMU section of this readme file|
             |QEMU_BINARY|string||`FullPathToQemuBinaryFile`|Sets the QEMU enviornment for the Debian archive. **Set by RPI_MODEL**|
             |ENABLE_KEYGEN|boolean|false|`true`\|`false`|Recover your lost codec license|
             |ENABLE_MINBASE|boolean|false|`true`\|`false`|Use debootstrap script variant `minbase` which only includes essential packages and apt. This will reduce the disk usage by about 65 MB|
             |ENABLE_SPLITFS|boolean|false|`true`\|`false`|Enable having root partition on an USB drive by creating two image files: one for the `/boot/firmware` mount point, and another for `/`|
             |ENABLE_INITRAMFS|boolean|false|`true`\|`false`|Create an initramfs that that will be loaded during the Linux startup process. `ENABLE_INITRAMFS` will automatically get enabled if `ENABLE_CRYPTFS`=true. This parameter will be ignored if `BUILD_KERNEL`=false|
             |ENABLE_DBUS|boolean|true|`true`\|`false`|Install and enable D-Bus message bus. Please note that systemd should work without D-bus but it's recommended to be enabled|
             |ENABLE_USBBOOT|boolean|false|`true`\|`false`|true=prepare image for usbboot. use with `ENABLE_SPLTFS`=true|
             |CHROOT_SCRIPTS|string||`FullPathToScriptFolder`|Full path to a directory with scripts that should be run in the chroot before the image is finally built. Every executable file in this directory is run in lexicographical order|
             |ENABLE_UBOOT|boolean|false|`true`\|`false`|Replace the default RPi 0/1/2/3 second stage bootloader (bootcode.bin) with [U-Boot bootloader](https://git.denx.de/?p=u-boot.git;a=summary). U-Boot can boot images via the network using the BOOTP/TFTP protocol. RPI4 needs tbd|
             |UBOOTSRC_DIR|string||`FullPathToUBootFolder`|Full path to a directory named `u-boot` of [U-Boot bootloader sources](https://git.denx.de/?p=u-boot.git;a=summary) that will be copied, configured, build and installed inside the chroot|
             |ENABLE_FBTURBO|boolean|false|`true`\|`false`|Install and enable the [hardware accelerated Xorg video driver](https://github.com/ssvb/xf86-video-fbturbo) `fbturbo`. Please note that this driver is currently limited to hardware accelerated window moving and scrolling|
+            <<<<<<< HEAD
             |ENABLE_GR_ACCEL|boolean|false|`true`\|`false`|Install and enable [one of the 3D graphics accelerators for Raspi4](https://www.raspberrypi.org/documentation/configuration/config-txt/video.md) `vc4-fkms-v3d`.  Not compatible with `fbturbo` mutually excluded and installed for Raspberry4 only|
+            =======
+            |ENABLE_GR_ACCEL|boolean|true|`true`\|`false`|Install and enable [one of the 3D graphics accelerators for Raspi4](https://www.raspberrypi.org/documentation/configuration/config-txt/video.md) `vc4-fkms-v3d`.  Not compatible with `fbturbo` and installed for Raspberry4 only.
+            >>>>>>> 7588b4f62cfa955de0822acf49908044e0504249
             |FBTURBOSRC_DIR|string||`FullPathToFbTurboFolder`|Full path to a directory named `xf86-video-fbturbo` of [hardware accelerated Xorg video driver sources](https://github.com/ssvb/xf86-video-fbturbo) that will be copied, configured, build and installed inside the chroot|
             |ENABLE_VIDEOCORE|boolean|false|`true`\|`false`|Install and enable the [ARM side libraries for interfacing to Raspberry Pi GPU](https://github.com/raspberrypi/userland) `vcgencmd`. Please note that this driver is currently limited to hardware accelerated window moving and scrolling|
             |VIDEOCORESRC_DIR|string||`FullPathToVideoSrcFolder`|Full path to a directory named `userland` of [ARM side libraries for interfacing to Raspberry Pi GPU](https://github.com/raspberrypi/userland) that will be copied, configured, build and installed inside the chroot|
             |ENABLE_NEXMON|boolean|false|`true`\|`false`|Install and enable the source code for a C-based firmware patching framework for Broadcom/Cypress WiFi chips that enables you to write your own firmware patches, for example, to enable monitor mode with radiotap headers and frame injection](https://github.com/seemoo-lab/nexmon.git)|
             |NEXMONSRC_DIR|string||`FullPathToNexmonFolder`|Full path to a directory named `nexmon` of [Source code for ARM side libraries for interfacing to Raspberry Pi GPU](https://github.com/raspberrypi/userland) that will be copied, configured, build and installed inside the chroot|
             ---
             #### SSH settings:
             |Option|Value|default value|value format|desciption|
             |---|---|---|---|---|
             |SSH_ENABLE_ROOT|boolean|false|`true`\|`false`|Enable password-based root login via SSH. This may be a security risk with the default password set, use only in trusted environments. `ENABLE_ROOT` must be set to `true`|
             |SSH_DISABLE_PASSWORD_AUTH|boolean|false|`true`\|`false`|Disable password-based SSH authentication. Only public key based SSH (v2) authentication will be supported|
             |SSH_LIMIT_USERS|boolean|false|`true`\|`false`|Limit the users that are allowed to login via SSH. Only allow user `USER_NAME`=pi and root if `SSH_ENABLE_ROOT`=true to login. This parameter will be ignored if `dropbear` SSH is used (`REDUCE_SSHD`=true)|
             |SSH_ROOT_PUB_KEY|string||`PathToYourROOT`<br>`RSAPublicKeyFile`|Full path to file. Add SSH (v2) public key(s) from specified file to `authorized_keys` file to enable public key based SSH (v2) authentication of user `root`. The specified file can also contain multiple SSH (v2) public keys. SSH protocol version 1 is not supported. `ENABLE_ROOT` **and** `SSH_ENABLE_ROOT` must be set to `true`|
             |SSH_USER_PUB_KEY|string||`PathToYourUSER`<br>`RSAPublicKeyFile`|Full path to file. Add SSH (v2) public key(s) from specified file to `authorized_keys` file to enable public key based SSH (v2) authentication of user `USER_NAME`=pi. The specified file can also contain multiple SSH (v2) public keys. SSH protocol version 1 is not supported|
             ---
             #### Kernel settings:
             |Option|Value|default value|value format|desciption|
             |---|---|---|---|---|
             |BUILD_KERNEL||true|`true`\|`false`|Build and install the latest RPi 0/1/2/3/4 Linux kernel. The default RPi 0/1/2/3/ kernel configuration is used most of the time. ENABLE_NEXMON - Changes Kernel Source to [https://github.com/Re4son/](Kali Linux Kernel) Precompiled 32bit kernel for RPI0/1/2/3 by [https://github.com/hypriot/](hypriot) Precompiled 64bit kernel for RPI3/4 by [https://github.com/sakaki-/](sakaki)|
             |CROSS_COMPILE|string|||This sets the cross-compile environment for the compiler. Set by RPI_MODEL|
             |KERNEL_ARCH|string|||This sets the kernel architecture for the compiler. Set by RPI_MODEL|
             |KERNEL_IMAGE|string|||Name of the image file in the boot partition. Set by RPI_MODEL|
             |KERNEL_BRANCH|string|||Name of the requested branch from the GIT location for the RPi Kernel. Default is using the current default branch from the GIT site|
             |KERNEL_DEFCONFIG|string|||Sets the default config for kernel compiling. Set by RPI_MODEL|
             |KERNEL_THREADS|integer|1|`1`\|`2`\|`3`\|...|Number of threads to build the kernel. If not set, the script will automatically determine the maximum number of CPU cores to speed up kernel compilation|
             |KERNEL_HEADERS|boolean|true|`true`\|`false`|Install kernel headers with the built kernel|
             |KERNEL_MENUCONFIG|boolean|false|`true`\|`false`|Start `make menuconfig` interactive menu-driven kernel configuration. The script will continue after `make menuconfig` was terminated|
             |KERNEL_OLDDEFCONFIG|boolean|false|`true`\|`false`|Run `make olddefconfig` to automatically set all new kernel configuration options to their recommended default values|
             |KERNEL_CCACHE|boolean|false|`true`\|`false`|Compile the kernel using ccache. This speeds up kernel recompilation by caching previous compilations and detecting when the same compilation is being done again|
             |KERNEL_REMOVESRC|boolean|true|`true`\|`false`|Remove all kernel sources from the generated OS image after it was built and installed|
             |KERNELSRC_DIR|string||`FullPathToKernelSrcDir`|Full path to a directory named `linux` of [RaspberryPi Linux kernel sources](https://github.com/raspberrypi/linux) that will be copied, configured, build and installed inside the chroot|
             |KERNELSRC_CLEAN|boolean|false|`true`\|`false`|Clean the existing kernel sources directory `KERNELSRC_DIR` (using `make mrproper`) after it was copied to the chroot and before the compilation of the kernel has started. This parameter will be ignored if no `KERNELSRC_DIR` was specified or if `KERNELSRC_PREBUILT`=true|
             |KERNELSRC_CONFIG|boolean|true|`true`\|`false`|true=enable custom kernel options. This parameter is automatically set to `true` if no existing kernel sources directory was specified using `KERNELSRC_DIR`. This parameter is ignored if `KERNELSRC_PREBUILT`=true|
             |KERNELSRC_USRCONFIG|string||`FullPathToUserKernel.config`|Copy own config file to kernel `.config`. If `KERNEL_MENUCONFIG`=true then running after copy|
             |KERNELSRC_PREBUILT|boolean|false|`true`\|`false`|With this parameter set to true the script expects the existing kernel sources directory to be already successfully cross-compiled. The parameters `KERNELSRC_CLEAN`, `KERNELSRC_CONFIG`, `KERNELSRC_USRCONFIG` and `KERNEL_MENUCONFIG` are ignored and no kernel compilation tasks are performed|
             |RPI_FIRMWARE_DIR|string||`FullPathToFolder`|Full path to a directory named `firmware`, containing a local copy of the firmware from the [RaspberryPi firmware project](https://github.com/raspberrypi/firmware). Default is to download the latest firmware directly from the project|
             |KERNEL_DEFAULT_GOV|string|ondemand|`performance`\|`powersave`<br>\|`userspace`\|`ondemand`<br>\|`conservative`\|`schedutil`|Set the default cpu governor at kernel compilation|
             |KERNEL_NF|boolean|false|`true`\|`false`|Enable Netfilter modules as kernel modules. You want that for iptables|
             |KERNEL_VIRT|boolean|false|`true`\|`false`|Enable Kernel KVM support (/dev/kvm)|
             |KERNEL_ZSWAP|boolean|false|`true`\|`false`|Enable Kernel Zswap support. Best use on high RAM load and mediocre CPU load usecases|
             |KERNEL_BPF|boolean|true|`true`\|`false`|Allow attaching eBPF programs to a cgroup using the bpf syscall (CONFIG_BPF_SYSCALL CONFIG_CGROUP_BPF) [systemd wants it - File /lib/systemd/system/systemd-journald.server:36 configures an IP firewall (IPAddressDeny=all), but the local system does not support BPF/cgroup based firewalls]|
             |KERNEL_SECURITY|boolean|false|`true`\|`false`|Enables Apparmor, integrity subsystem, auditing|
             |KERNEL_BTRFS|boolean|false|`true`\|`false`|enable btrfs kernel support|
             |KERNEL_POEHAT|boolean|false|`true`\|`false`|enable Enable RPI POE HAT fan kernel support|
             |KERNEL_NSPAWN|boolean|false|`true`\|`false`|Enable per-interface network priority control - for systemd-nspawn|
             |KERNEL_DHKEY|boolean|true|`true`\|`false`|Diffie-Hellman operations on retained keys - required for >keyutils-1.6|
             ---
             #### Reduce disk usage:
             The following list of parameters is ignored if `ENABLE_REDUCE`=false.
             |Option|Value|default value|value format|desciption|
             |---|---|---|---|---|
             |ENABLE_REDUCE|boolean|false|`true`\|`false`|Reduce the disk space usage by deleting packages and files. See `REDUCE_*` parameters for detailed information|
             |REDUCE_APT|boolean|true|`true`\|`false`|Configure APT to use compressed package repository lists and no package caching files|
             |REDUCE_DOC|boolean|false|`true`\|`false`|Remove all doc files (harsh). Configure APT to not include doc files on future `apt-get` package installations|
             |REDUCE_MAN|boolean|false|`true`\|`false`|Remove all man pages and info files (harsh).  Configure APT to not include man pages on future `apt-get` package installations|
             |REDUCE_VIM|boolean|false|`true`\|`false`|Replace `vim-tiny` package by `levee` a tiny vim clone|
             |REDUCE_BASH|boolean|false|`true`\|`false`|Remove `bash` package and switch to `dash` shell (experimental)|
             |REDUCE_HWDB|boolean|false|`true`\|`false`|Remove PCI related hwdb files (experimental)|
             |REDUCE_SSHD|boolean|false|`true`\|`false`|Replace `openssh-server` with `dropbear`|
             |REDUCE_LOCALE|boolean|false|`true`\|`false`|Remove all `locale` translation files|
             |REDUCE_KERNEL|boolean|false|`true`\|`false`|Reduce the size of the generated kernel by removing unwanted devices, network and filesystem drivers (experimental)|
             ---
             #### Encrypted root partition:
             #### On first boot, you will be asked to enter you password several time
             #### See cryptsetup options for a more information about opttion values(https://wiki.archlinux.org/index.php/Dm-crypt/Device_encryption)
             |Option|Value|default value|value format|desciption|
             |---|---|---|---|---|
             |ENABLE_CRYPTFS|boolean|false|`true`\|`false`|Enable full system encryption with dm-crypt. Setup a fully LUKS encrypted root partition (aes-xts-plain64:sha512) and generate required initramfs. The /boot directory will not be encrypted. This parameter will be ignored if `BUILD_KERNEL`=false. `ENABLE_CRYPTFS` is experimental|
             |CRYPTFS_PASSWORD|string||`YourPasswordToUnlockCrypto`|Set password of the encrypted root partition. This parameter is mandatory if `ENABLE_CRYPTFS`=true|
             |CRYPTFS_MAPPING|string|secure|`YourDevMNapperName`|crypsetup device-mapper name|
             |CRYPTFS_CIPHER|string|aes-xts-plain64|`aes-cbc-essiv:sha256`|cryptsetup cipher `aes-xts*` ciphers are strongly recommended|
             |CRYPTFS_HASH|string|sha256|`sha256`\|`sha512`|cryptsetup hash algorithm|
             |CRYPTFS_XTSKEYSIZE|integer|256|`256`\|`512`||Sets key size in bits. The argument has to be a multiple of 8|
             |CRYPTFS_DROPBEAR|boolean|false|`true`\|`false`|true=Enable Dropbear Initramfs support\|false=disable dropbear|
             |CRYPTFS_DROPBEAR_PUBKEY|string||`PathToYourPublicDropbearKeyFile`|Full path to dropbear Public RSA-OpenSSH Key|
             ---
             #### Build settings:
             |Option|Value|default value|value format|desciption|
             |---|---|---|---|---|
             |BASEDIR|string||`FullPathToScriptRootDir`|If unset start from scriptroot or set to Full path to rpi123-gen-image directory|
             |IMAGE_NAME|string||`YourImageName`|if unset creates a name after this template: rpi`RPI_MODEL`-`RELEASE`-`RELEASE_ARCH`|
             ---
             ## Understanding the script
             The functions of this script that are required for the different stages of the bootstrapping are split up into single files located inside the `bootstrap.d` directory. During the bootstrapping every script in this directory gets executed in lexicographical order:
             | Script | Description |
             | --- | --- |
             | `10-bootstrap.sh` | Debootstrap basic system |
             | `11-apt.sh` | Setup APT repositories |
             | `12-locale.sh` | Setup Locales and keyboard settings |
             | `13-kernel.sh` | Build and install RPi 0/1/2/3 Kernel |
             | `14-fstab.sh` | Setup fstab and initramfs |
             | `15-rpi-config.sh` | Setup RPi 0/1/2/3 config and cmdline |
             | `20-networking.sh` | Setup Networking |
             | `21-firewall.sh` | Setup Firewall |
             | `30-security.sh` | Setup Users and Security settings |
             | `31-logging.sh` | Setup Logging |
             | `32-sshd.sh` | Setup SSH and public keys |
             | `41-uboot.sh` | Build and Setup U-Boot |
             | `42-fbturbo.sh` | Build and Setup fbturbo Xorg driver |
             | `43-videocore.sh` | Build and Setup videocore libraries |
             | `50-firstboot.sh` | First boot actions |
             | `99-reduce.sh` | Reduce the disk space usage |
             All the required configuration files that will be copied to the generated OS image are located inside the `files` directory. It is not recommended to modify these configuration files manually.
             | Directory | Description |
             | --- | --- |
             | `apt` | APT management configuration files |
             | `boot` | Boot and RPi 0/1/2/3 configuration files |
             | `dpkg` | Package Manager configuration |
             | `etc` | Configuration files and rc scripts |
             | `firstboot` | Scripts that get executed on first boot  |
             | `initramfs` | Initramfs scripts |
             | `iptables` | Firewall configuration files |
             | `locales` | Locales configuration |
             | `modules` | Kernel Modules configuration |
             | `mount` | Fstab configuration |
             | `network` | Networking configuration files |
             | `sysctl.d` | Swapping and Network Hardening configuration |
             | `xorg` | fbturbo Xorg driver configuration |
             ## Custom packages and scripts
             Debian custom packages, i.e. those not in the debian repositories, can be installed by placing them in the `packages` directory. They are installed immediately after packages from the repositories are installed. Any dependencies listed in the custom packages will be downloaded automatically from the repositories. Do not list these custom packages in `APT_INCLUDES`.
             Scripts in the custom.d directory will be executed after all other installation is complete but before the image is created.
             ## Logging of the bootstrapping process
             All information related to the bootstrapping process and the commands executed by the `rpi23-gen-image.sh` script can easily be saved into a logfile. The common shell command `script` can be used for this purpose:
             ```shell
             script -c 'APT_SERVER=ftp.de.debian.org ./rpi23-gen-image.sh' ./build.log
             ```
             ## Flashing the image file
             After the image file was successfully created by the `rpi23-gen-image.sh` script it can be copied to the microSD card that will be used by the RPi 0/1/2/3 computer. This can be performed by using the tools `bmaptool` or `dd`. Using `bmaptool` will probably speed-up the copy process because `bmaptool` copies more wisely than `dd`.
             ##### Flashing examples:
             ```shell
             bmaptool copy ./images/buster/2017-01-23-rpi3-buster.img /dev/mmcblk0
             dd bs=4M if=./images/buster/2017-01-23-rpi3-buster.img of=/dev/mmcblk0
             ```
             If you have set `ENABLE_SPLITFS`, copy the `-frmw` image on the microSD card, then the `-root` one on the USB drive:
             ```shell
             bmaptool copy ./images/buster/2017-01-23-rpi3-buster-frmw.img /dev/mmcblk0
             bmaptool copy ./images/buster/2017-01-23-rpi3-buster-root.img /dev/sdc
             ```
             ## QEMU emulation
             Start QEMU full system emulation:
             ```shell
             qemu-system-arm -m 2048M -M vexpress-a15 -cpu cortex-a15 -kernel kernel7.img -no-reboot -dtb vexpress-v2p-ca15_a7.dtb -sd ${IMAGE_NAME}.qcow2 -append "root=/dev/mmcblk0p2 rw rootfstype=ext4 console=tty1"
             ```
             Start QEMU full system emulation and output to console:
             ```shell
             qemu-system-arm -m 2048M -M vexpress-a15 -cpu cortex-a15 -kernel kernel7.img -no-reboot -dtb vexpress-v2p-ca15_a7.dtb -sd ${IMAGE_NAME}.qcow2 -append "root=/dev/mmcblk0p2 rw rootfstype=ext4 console=ttyAMA0,115200 init=/bin/systemd" -serial stdio
             ```
             Start QEMU full system emulation with SMP and output to console:
             ```shell
             qemu-system-arm -m 2048M -M vexpress-a15 -cpu cortex-a15 -smp cpus=2,maxcpus=2 -kernel kernel7.img -no-reboot -dtb vexpress-v2p-ca15_a7.dtb -sd ${IMAGE_NAME}.qcow2 -append "root=/dev/mmcblk0p2 rw rootfstype=ext4 console=ttyAMA0,115200 init=/bin/systemd" -serial stdio
             ```
             Start QEMU full system emulation with cryptfs, initramfs and output to console:
             ```shell
             qemu-system-arm -m 2048M -M vexpress-a15 -cpu cortex-a15 -kernel kernel7.img -no-reboot -dtb vexpress-v2p-ca15_a7.dtb -sd ${IMAGE_NAME}.qcow2 -initrd "initramfs-${KERNEL_VERSION}" -append "root=/dev/mapper/secure cryptdevice=/dev/mmcblk0p2:secure rw rootfstype=ext4 console=ttyAMA0,115200 init=/bin/systemd" -serial stdio
             ```
             ## External links and references
             * [Debian worldwide mirror sites](https://www.debian.org/mirror/list)
             * [Debian Raspberry Pi 2 Wiki](https://wiki.debian.org/RaspberryPi2)
             * [Debian CrossToolchains Wiki](https://wiki.debian.org/CrossToolchains)
             * [Official Raspberry Pi Firmware on github](https://github.com/raspberrypi/firmware)
             * [Official Raspberry Pi Kernel on github](https://github.com/raspberrypi/linux)
             * [U-BOOT git repository](https://git.denx.de/?p=u-boot.git;a=summary)
-            * [Xorg DDX driver fbturbo](https://github.com/ssvb/xf86-video-fbturbo)
+            * [Xorg DDX driver #FFFFFF#FFFFFF#FFFFFF](https://github.com/ssvb/xf86-video-fbturbo)
             * [RPi3 Wireless interface firmware](https://github.com/RPi-Distro/firmware-nonfree/tree/master/brcm)
             * [Collabora RPi2 Kernel precompiled](https://repositories.collabora.co.uk/debian/)

bootstrap.d/13-kernel.sh 0 -1

             #
             # Build and Setup RPi2/3/4 Kernel 4.XX 5.XX
             #
             # Load utility functions
             . ./functions.sh
             # Need to use kali kernel src if nexmon is enabled
             if [ "$ENABLE_NEXMON" = true ] ; then
               KERNEL_URL="${KALI_KERNEL_URL}"
               # Clear Branch and KernelSRC_DIR if using nexmon. Everyone will forget to clone kali kernel instead of nomrla kernel
               KERNEL_BRANCH=""
               KERNELSRC_DIR=""
             fi
             # Fetch and build latest raspberry kernel
             if [ "$BUILD_KERNEL" = true ] ; then
               # Setup source directory
               mkdir -p "${KERNEL_DIR}"
               # Copy existing kernel sources into chroot directory
               if [ -n "$KERNELSRC_DIR" ] && [ -d "$KERNELSRC_DIR" ] ; then
                 # Copy kernel sources and include hidden files
                 cp -r "${KERNELSRC_DIR}/". "${KERNEL_DIR}"
                 # Clean the kernel sources
                 if [ "$KERNELSRC_CLEAN" = true ] && [ "$KERNELSRC_PREBUILT" = false ] ; then
                   make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" mrproper
                 fi
               else # KERNELSRC_DIR=""
                 # Create temporary directory for kernel sources
                 temp_dir=$(as_nobody mktemp -d)
                 # Fetch current RPi2/3/4 kernel sources
                 if [ -z "${KERNEL_BRANCH}" ] ; then
                   as_nobody -H git -C "${temp_dir}" clone --depth=1 "${KERNEL_URL}" linux
                 else
                   as_nobody -H git -C "${temp_dir}" clone --depth=1 --branch "${KERNEL_BRANCH}" "${KERNEL_URL}" linux
                 fi
                 # Copy downloaded kernel sources
                 cp -r "${temp_dir}/linux/"* "${KERNEL_DIR}"
                 # Remove temporary directory for kernel sources
                 rm -fr "${temp_dir}"
                 # Set permissions of the kernel sources
                 chown -R root:root "${R}/usr/src"
               fi
               # Calculate optimal number of kernel building threads
               if [ -n "$KERNEL_THREADS" ] && [ -r /proc/cpuinfo ] ; then
                 KERNEL_THREADS=$(grep -c processor /proc/cpuinfo)
               fi
             # TODO: Check if defined Threadcount is higher than actual cores
             #  if [ "$KERNEL_THREADS" > grep -c processor /proc/cpuinfo] ; then
             #	  echo "Defined more Threads than core assigned to this system"
             #	  exit 1
             #  fi
               #Copy 32bit config to 64bit
               if [ "$ENABLE_QEMU" = true ] && [ "$KERNEL_ARCH" = arm64 ]; then
               cp "${KERNEL_DIR}"/arch/arm/configs/vexpress_defconfig "${KERNEL_DIR}"/arch/arm64/configs/
               fi
               # Configure and build kernel
               if [ "$KERNELSRC_PREBUILT" = false ] ; then
                 # Remove device, network and filesystem drivers from kernel configuration
                 if [ "$REDUCE_KERNEL" = true ] ; then
                   make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" "${KERNEL_DEFCONFIG}"
                   sed -i\
                   -e "s/\(^CONFIG_SND.*\=\).*/\1n/"\
                   -e "s/\(^CONFIG_SOUND.*\=\).*/\1n/"\
                   -e "s/\(^CONFIG_AC97.*\=\).*/\1n/"\
                   -e "s/\(^CONFIG_VIDEO_.*\=\).*/\1n/"\
                   -e "s/\(^CONFIG_MEDIA_TUNER.*\=\).*/\1n/"\
                   -e "s/\(^CONFIG_DVB.*\=\)[ym]/\1n/"\
                   -e "s/\(^CONFIG_REISERFS.*\=\).*/\1n/"\
                   -e "s/\(^CONFIG_JFS.*\=\).*/\1n/"\
                   -e "s/\(^CONFIG_XFS.*\=\).*/\1n/"\
                   -e "s/\(^CONFIG_GFS2.*\=\).*/\1n/"\
                   -e "s/\(^CONFIG_OCFS2.*\=\).*/\1n/"\
                   -e "s/\(^CONFIG_BTRFS.*\=\).*/\1n/"\
                   -e "s/\(^CONFIG_HFS.*\=\).*/\1n/"\
                   -e "s/\(^CONFIG_JFFS2.*\=\)[ym]/\1n/"\
                   -e "s/\(^CONFIG_UBIFS.*\=\).*/\1n/"\
                   -e "s/\(^CONFIG_SQUASHFS.*\=\)[ym]/\1n/"\
                   -e "s/\(^CONFIG_W1.*\=\)[ym]/\1n/"\
                   -e "s/\(^CONFIG_HAMRADIO.*\=\).*/\1n/"\
                   -e "s/\(^CONFIG_CAN.*\=\).*/\1n/"\
                   -e "s/\(^CONFIG_IRDA.*\=\).*/\1n/"\
                   -e "s/\(^CONFIG_BT_.*\=\).*/\1n/"\
                   -e "s/\(^CONFIG_WIMAX.*\=\)[ym]/\1n/"\
                   -e "s/\(^CONFIG_6LOWPAN.*\=\).*/\1n/"\
                   -e "s/\(^CONFIG_IEEE802154.*\=\).*/\1n/"\
                   -e "s/\(^CONFIG_NFC.*\=\).*/\1n/"\
                   -e "s/\(^CONFIG_FB_TFT=.*\=\).*/\1n/"\
                   -e "s/\(^CONFIG_TOUCHSCREEN.*\=\).*/\1n/"\
                   -e "s/\(^CONFIG_USB_GSPCA_.*\=\).*/\1n/"\
                   -e "s/\(^CONFIG_DRM.*\=\).*/\1n/"\
                   "${KERNEL_DIR}/.config"
                 fi
                 if [ "$KERNELSRC_CONFIG" = true ] ; then
                   # Load default raspberry kernel configuration
                   make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" "${KERNEL_DEFCONFIG}"
                   #Switch to KERNELSRC_DIR so we can use set_kernel_config
                   cd "${KERNEL_DIR}" || exit
             	  # Enable RPI POE HAT fan
             	  if [ "$KERNEL_POEHAT" = true ]; then
             	  set_kernel_config CONFIG_SENSORS_RPI_POE_FAN m
             	  fi
             	  # Enable per-interface network priority control
             	  # (for systemd-nspawn)
             	  if [ "$KERNEL_NSPAN" = true ]; then
             	  set_kernel_config CONFIG_CGROUP_NET_PRIO y
             	  fi
             	  # Compile in BTRFS
             	  if [ "$KERNEL_BTRFS" = true ]; then
             	  set_kernel_config CONFIG_BTRFS_FS y
             	  set_kernel_config CONFIG_BTRFS_FS_POSIX_ACL y
             	  set_kernel_config CONFIG_BTRFS_FS_REF_VERIFY y
             	  fi
             	  # Diffie-Hellman operations on retained keys
             	  # (required for >keyutils-1.6)
             	  if [ "$KERNEL_DHKEY" = true ]; then
             		set_kernel_config CONFIG_KEY_DH_OPERATIONS y
             	  fi
             	  if [ "$KERNEL_ARCH" = arm64 ] && [ "$ENABLE_QEMU" = false ]; then
             	    # Mask this temporarily during switch to rpi-4.19.y
             	    #Fix SD_DRIVER upstream and downstream mess in 64bit RPIdeb_config
             	    # use correct driver MMC_BCM2835_MMC instead of MMC_BCM2835_SDHOST - see https://www.raspberrypi.org/forums/viewtopic.php?t=210225
             	    #set_kernel_config CONFIG_MMC_BCM2835 n
             	    #set_kernel_config CONFIG_MMC_SDHCI_IPROC n
             	    #set_kernel_config CONFIG_USB_DWC2 n
             	    #sed -i "s|depends on MMC_BCM2835_MMC && MMC_BCM2835_DMA|depends on MMC_BCM2835_MMC|" "${KERNEL_DIR}"/drivers/mmc/host/Kconfig
             	    #VLAN got disabled without reason in arm64bit
             	    set_kernel_config CONFIG_IPVLAN m
             	  fi
             	  # enable ZSWAP see https://askubuntu.com/a/472227 or https://wiki.archlinux.org/index.php/zswap
                   if [ "$KERNEL_ZSWAP" = true ] ; then
                     set_kernel_config CONFIG_ZPOOL y
                     set_kernel_config CONFIG_ZSWAP y
                     set_kernel_config CONFIG_ZBUD y
                     set_kernel_config CONFIG_Z3FOLD y
                     set_kernel_config CONFIG_ZSMALLOC y
                     set_kernel_config CONFIG_PGTABLE_MAPPING y
             	    set_kernel_config CONFIG_LZO_COMPRESS y
             	  fi
             	  if [ "$RPI_MODEL" = 4 ] ; then
             	  # Following are set in current 32-bit LPAE kernel
             	    set_kernel_config CONFIG_CGROUP_PIDS y
             	    set_kernel_config CONFIG_NET_IPVTI m
             	    set_kernel_config CONFIG_NF_TABLES_SET m
             	    set_kernel_config CONFIG_NF_TABLES_INET y
             	    set_kernel_config CONFIG_NF_TABLES_NETDEV y
             	    set_kernel_config CONFIG_NF_FLOW_TABLE m
             	    set_kernel_config CONFIG_NFT_FLOW_OFFLOAD m
             	    set_kernel_config CONFIG_NFT_CONNLIMIT m
             	    set_kernel_config CONFIG_NFT_TUNNEL m
             	    set_kernel_config CONFIG_NFT_OBJREF m
             	    set_kernel_config CONFIG_NFT_FIB_IPV4 m
             	    set_kernel_config CONFIG_NFT_FIB_IPV6 m
             	    set_kernel_config CONFIG_NFT_FIB_INET m
             	    set_kernel_config CONFIG_NFT_SOCKET m
             	    set_kernel_config CONFIG_NFT_OSF m
             	    set_kernel_config CONFIG_NFT_TPROXY m
             	    set_kernel_config CONFIG_NF_DUP_NETDEV m
             	    set_kernel_config CONFIG_NFT_DUP_NETDEV m
             	    set_kernel_config CONFIG_NFT_FWD_NETDEV m
             	    set_kernel_config CONFIG_NFT_FIB_NETDEV m
             	    set_kernel_config CONFIG_NF_FLOW_TABLE_INET m
             	    set_kernel_config CONFIG_NF_FLOW_TABLE m
             	    set_kernel_config CONFIG_NETFILTER_XT_MATCH_SOCKET m
             	    set_kernel_config CONFIG_NFT_CHAIN_ROUTE_IPV6 m
             	    set_kernel_config CONFIG_NFT_CHAIN_NAT_IPV6 m
             	    set_kernel_config CONFIG_NFT_MASQ_IPV6 m
             	    set_kernel_config CONFIG_NFT_REDIR_IPV6 m
             	    set_kernel_config CONFIG_NFT_REJECT_IPV6 m
             	    set_kernel_config CONFIG_NFT_DUP_IPV6 m
             	    set_kernel_config CONFIG_NFT_FIB_IPV6 m
             	    set_kernel_config CONFIG_NF_FLOW_TABLE_IPV6 m
             	    set_kernel_config CONFIG_NF_TABLES_BRIDGE m
             	    set_kernel_config CONFIG_NFT_BRIDGE_REJECT m
             	    set_kernel_config CONFIG_NF_LOG_BRIDGE m
             	    set_kernel_config CONFIG_MT76_CORE m
             	    set_kernel_config CONFIG_MT76_LEDS m
             	    set_kernel_config CONFIG_MT76_USB m
             	    set_kernel_config CONFIG_MT76x2_COMMON m
             	    set_kernel_config CONFIG_MT76x0U m
             	    set_kernel_config CONFIG_MT76x2U m
             	    set_kernel_config CONFIG_TOUCHSCREEN_ILI210X m
             	    set_kernel_config CONFIG_BCM_VC_SM m
             	    set_kernel_config CONFIG_BCM2835_SMI_DEV m
             	    set_kernel_config CONFIG_RPIVID_MEM m
             	    set_kernel_config CONFIG_HW_RANDOM_BCM2835 y
             	    set_kernel_config CONFIG_TCG_TPM m
             	    set_kernel_config CONFIG_HW_RANDOM_TPM y
             	    set_kernel_config CONFIG_TCG_TIS m
             	    set_kernel_config CONFIG_TCG_TIS_SPI m
             	    set_kernel_config CONFIG_I2C_MUX m
             	    set_kernel_config CONFIG_I2C_MUX_GPMUX m
             	    set_kernel_config CONFIG_I2C_MUX_PCA954x m
             	    set_kernel_config CONFIG_SPI_GPIO m
             	    set_kernel_config CONFIG_BATTERY_MAX17040 m
             	    set_kernel_config CONFIG_SENSORS_GPIO_FAN m
             	    set_kernel_config CONFIG_SENSORS_RASPBERRYPI_HWMON m
             	    set_kernel_config CONFIG_BCM2835_THERMAL y
             	    set_kernel_config CONFIG_RC_CORE y
             	    set_kernel_config CONFIG_RC_MAP y
             	    set_kernel_config CONFIG_LIRC y
             	    set_kernel_config CONFIG_RC_DECODERS y
             	    set_kernel_config CONFIG_IR_NEC_DECODER m
             	    set_kernel_config CONFIG_IR_RC5_DECODER m
             	    set_kernel_config CONFIG_IR_RC6_DECODER m
             	    set_kernel_config CONFIG_IR_JVC_DECODER m
             	    set_kernel_config CONFIG_IR_SONY_DECODER m
             	    set_kernel_config CONFIG_IR_SANYO_DECODER m
             	    set_kernel_config CONFIG_IR_SHARP_DECODER m
             	    set_kernel_config CONFIG_IR_MCE_KBD_DECODER m
             	    set_kernel_config CONFIG_IR_XMP_DECODER m
             	    set_kernel_config CONFIG_IR_IMON_DECODER m
             	    set_kernel_config CONFIG_RC_DEVICES y
             	    set_kernel_config CONFIG_RC_ATI_REMOTE m
             	    set_kernel_config CONFIG_IR_IMON m
             	    set_kernel_config CONFIG_IR_MCEUSB m
             	    set_kernel_config CONFIG_IR_REDRAT3 m
             	    set_kernel_config CONFIG_IR_STREAMZAP m
             	    set_kernel_config CONFIG_IR_IGUANA m
             	    set_kernel_config CONFIG_IR_TTUSBIR m
             	    set_kernel_config CONFIG_RC_LOOPBACK m
             	    set_kernel_config CONFIG_IR_GPIO_CIR m
             	    set_kernel_config CONFIG_IR_GPIO_TX m
             	    set_kernel_config CONFIG_IR_PWM_TX m
             	    set_kernel_config CONFIG_VIDEO_V4L2_SUBDEV_API y
             	    set_kernel_config CONFIG_VIDEO_AU0828_RC y
             	    set_kernel_config CONFIG_VIDEO_CX231XX m
             	    set_kernel_config CONFIG_VIDEO_CX231XX_RC y
             	    set_kernel_config CONFIG_VIDEO_CX231XX_ALSA m
             	    set_kernel_config CONFIG_VIDEO_CX231XX_DVB m
             	    set_kernel_config CONFIG_VIDEO_TM6000 m
             	    set_kernel_config CONFIG_VIDEO_TM6000_ALSA m
             	    set_kernel_config CONFIG_VIDEO_TM6000_DVB m
             	    set_kernel_config CONFIG_DVB_USB m
             	    set_kernel_config CONFIG_DVB_USB_DIB3000MC m
             	    set_kernel_config CONFIG_DVB_USB_A800 m
             	    set_kernel_config CONFIG_DVB_USB_DIBUSB_MB m
             	    set_kernel_config CONFIG_DVB_USB_DIBUSB_MB_FAULTY y
             	    set_kernel_config CONFIG_DVB_USB_DIBUSB_MC m
             	    set_kernel_config CONFIG_DVB_USB_DIB0700 m
             	    set_kernel_config CONFIG_DVB_USB_UMT_010 m
             	    set_kernel_config CONFIG_DVB_USB_CXUSB m
             	    set_kernel_config CONFIG_DVB_USB_M920X m
             	    set_kernel_config CONFIG_DVB_USB_DIGITV m
             	    set_kernel_config CONFIG_DVB_USB_VP7045 m
             	    set_kernel_config CONFIG_DVB_USB_VP702X m
             	    set_kernel_config CONFIG_DVB_USB_GP8PSK m
             	    set_kernel_config CONFIG_DVB_USB_NOVA_T_USB2 m
             	    set_kernel_config CONFIG_DVB_USB_TTUSB2 m
             	    set_kernel_config CONFIG_DVB_USB_DTT200U m
             	    set_kernel_config CONFIG_DVB_USB_OPERA1 m
             	    set_kernel_config CONFIG_DVB_USB_AF9005 m
             	    set_kernel_config CONFIG_DVB_USB_AF9005_REMOTE m
             	    set_kernel_config CONFIG_DVB_USB_PCTV452E m
             	    set_kernel_config CONFIG_DVB_USB_DW2102 m
             	    set_kernel_config CONFIG_DVB_USB_CINERGY_T2 m
             	    set_kernel_config CONFIG_DVB_USB_DTV5100 m
             	    set_kernel_config CONFIG_DVB_USB_AZ6027 m
             	    set_kernel_config CONFIG_DVB_USB_TECHNISAT_USB2 m
             	    set_kernel_config CONFIG_DVB_USB_AF9015 m
             	    set_kernel_config CONFIG_DVB_USB_LME2510 m
             	    set_kernel_config CONFIG_DVB_USB_RTL28XXU m
             	    set_kernel_config CONFIG_VIDEO_EM28XX_RC m
             	    set_kernel_config CONFIG_SMS_SIANO_RC m
             	    set_kernel_config CONFIG_VIDEO_IR_I2C m
             	    set_kernel_config CONFIG_VIDEO_ADV7180 m
             	    set_kernel_config CONFIG_VIDEO_TC358743 m
             	    set_kernel_config CONFIG_VIDEO_OV5647 m
             	    set_kernel_config CONFIG_DVB_M88DS3103 m
             	    set_kernel_config CONFIG_DVB_AF9013 m
             	    set_kernel_config CONFIG_DVB_RTL2830 m
             	    set_kernel_config CONFIG_DVB_RTL2832 m
             	    set_kernel_config CONFIG_DVB_SI2168 m
             	    set_kernel_config CONFIG_DVB_GP8PSK_FE m
             	    set_kernel_config CONFIG_DVB_USB m
             	    set_kernel_config CONFIG_DVB_LGDT3306A m
             	    set_kernel_config CONFIG_FB_SIMPLE y
             	    set_kernel_config CONFIG_SND_BCM2708_SOC_IQAUDIO_CODEC m
             	    set_kernel_config CONFIG_SND_BCM2708_SOC_I_SABRE_Q2M m
             	    set_kernel_config CONFIG_SND_AUDIOSENSE_PI m
             	    set_kernel_config CONFIG_SND_SOC_AD193X m
             	    set_kernel_config CONFIG_SND_SOC_AD193X_SPI m
             	    set_kernel_config CONFIG_SND_SOC_AD193X_I2C m
             	    set_kernel_config CONFIG_SND_SOC_CS4265 m
             	    set_kernel_config CONFIG_SND_SOC_DA7213 m
             	    set_kernel_config CONFIG_SND_SOC_ICS43432 m
             	    set_kernel_config CONFIG_SND_SOC_TLV320AIC32X4 m
             	    set_kernel_config CONFIG_SND_SOC_TLV320AIC32X4_I2C m
             	    set_kernel_config CONFIG_SND_SOC_I_SABRE_CODEC m
             	    set_kernel_config CONFIG_HID_BIGBEN_FF m
             	    #set_kernel_config CONFIG_USB_XHCI_PLATFORM y
             	    set_kernel_config CONFIG_USB_TMC m
             	    set_kernel_config CONFIG_USB_UAS y
             	    set_kernel_config CONFIG_USBIP_VUDC m
             	    set_kernel_config CONFIG_USB_CONFIGFS m
             	    set_kernel_config CONFIG_USB_CONFIGFS_SERIAL y
             	    set_kernel_config CONFIG_USB_CONFIGFS_ACM y
             	    set_kernel_config CONFIG_USB_CONFIGFS_OBEX y
             	    set_kernel_config CONFIG_USB_CONFIGFS_NCM y
             	    set_kernel_config CONFIG_USB_CONFIGFS_ECM y
             	    set_kernel_config CONFIG_USB_CONFIGFS_ECM_SUBSET y
             	    set_kernel_config CONFIG_USB_CONFIGFS_RNDIS y
             	    set_kernel_config CONFIG_USB_CONFIGFS_EEM y
             	    set_kernel_config CONFIG_USB_CONFIGFS_MASS_STORAGE y
             	    set_kernel_config CONFIG_USB_CONFIGFS_F_LB_SS y
             	    set_kernel_config CONFIG_USB_CONFIGFS_F_FS y
             	    set_kernel_config CONFIG_USB_CONFIGFS_F_UAC1 y
             	    set_kernel_config CONFIG_USB_CONFIGFS_F_UAC2 y
             	    set_kernel_config CONFIG_USB_CONFIGFS_F_MIDI y
             	    set_kernel_config CONFIG_USB_CONFIGFS_F_HID y
             	    set_kernel_config CONFIG_USB_CONFIGFS_F_UVC y
             	    set_kernel_config CONFIG_USB_CONFIGFS_F_PRINTER y
             	    set_kernel_config CONFIG_LEDS_PCA963X m
             	    set_kernel_config CONFIG_LEDS_IS31FL32XX m
             	    set_kernel_config CONFIG_LEDS_TRIGGER_NETDEV m
             	    set_kernel_config CONFIG_RTC_DRV_RV3028 m
             	    set_kernel_config CONFIG_AUXDISPLAY y
             	    set_kernel_config CONFIG_HD44780 m
             	    set_kernel_config CONFIG_FB_TFT_SH1106 m
             	    set_kernel_config CONFIG_VIDEO_CODEC_BCM2835 m
             	    set_kernel_config CONFIG_BCM2835_POWER y
             	    set_kernel_config CONFIG_INV_MPU6050_IIO m
             	    set_kernel_config CONFIG_INV_MPU6050_I2C m
             	    set_kernel_config CONFIG_SECURITYFS y
             	    # Safer to build this in
             	    set_kernel_config CONFIG_BINFMT_MISC y
             	    # pulseaudio wants a buffer of at least this size
             	    set_kernel_config CONFIG_SND_HDA_PREALLOC_SIZE 2048
             	    # PR#3063: enable 3D acceleration with 64-bit kernel on RPi4
             	    # set the appropriate kernel configs unlocked by this PR
             	    set_kernel_config CONFIG_ARCH_BCM y
             	    set_kernel_config CONFIG_ARCH_BCM2835 y
             	    set_kernel_config CONFIG_DRM_V3D m
             	    set_kernel_config CONFIG_DRM_VC4 m
             	    set_kernel_config CONFIG_DRM_VC4_HDMI_CEC y
             	    # PR#3144: add arm64 pcie bounce buffers; enables 4GiB on RPi4
             	    # required by PR#3144; should already be applied, but just to be safe
             	    set_kernel_config CONFIG_PCIE_BRCMSTB y
             	    set_kernel_config CONFIG_BCM2835_MMC y
             	    # Snap needs squashfs. The ubuntu eoan-preinstalled-server image at
             	    # http://cdimage.ubuntu.com/ubuntu-server/daily-preinstalled/current/ uses snap
             	    # during cloud-init setup at first boot. Without this the login accounts are not
             	    # created and the user can not login.
             	    set_kernel_config CONFIG_SQUASHFS y
             	    # Ceph support for Block Device (RBD) and Filesystem (FS)
             	    # https://docs.ceph.com/docs/master/
             	    set_kernel_config CONFIG_CEPH_LIB m
             	    set_kernel_config CONFIG_CEPH_LIB_USE_DNS_RESOLVER y
             	    set_kernel_config CONFIG_CEPH_FS m
             	    set_kernel_config CONFIG_CEPH_FSCACHE y
             	    set_kernel_config CONFIG_CEPH_FS_POSIX_ACL y
             	    set_kernel_config CONFIG_BLK_DEV_RBD m
             	  fi
                   # enable basic KVM support; see https://www.raspberrypi.org/forums/viewtopic.php?f=63&t=210546&start=25#p1300453
             	  if [ "$KERNEL_VIRT" = true ] && { [ "$RPI_MODEL" = 2 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] || [ "$RPI_MODEL" = 4 ]; } ; then
             		set_kernel_config CONFIG_HAVE_KVM y
             		set_kernel_config CONFIG_HIGH_RES_TIMERS y
             		set_kernel_config CONFIG_HAVE_KVM_IRQCHIP y
                     set_kernel_config CONFIG_HAVE_KVM_ARCH_TLB_FLUSH_ALL y
                     set_kernel_config CONFIG_HAVE_KVM_CPU_RELAX_INTERCEPT y
                     set_kernel_config CONFIG_HAVE_KVM_EVENTFD y
                     set_kernel_config CONFIG_HAVE_KVM_IRQFD y
                     set_kernel_config CONFIG_HAVE_KVM_IRQ_ROUTING y
                     set_kernel_config CONFIG_HAVE_KVM_MSI y
                     set_kernel_config CONFIG_KVM y
                     set_kernel_config CONFIG_KVM_ARM_HOST y
                     set_kernel_config CONFIG_KVM_ARM_PMU y
                     set_kernel_config CONFIG_KVM_COMPAT y
                     set_kernel_config CONFIG_KVM_GENERIC_DIRTYLOG_READ_PROTECT y
                     set_kernel_config CONFIG_KVM_MMIO y
                     set_kernel_config CONFIG_KVM_VFIO y
             		set_kernel_config CONFIG_KVM_MMU_AUDIT y
                     set_kernel_config CONFIG_VHOST m
                     set_kernel_config CONFIG_VHOST_CROSS_ENDIAN_LEGACY y
                     set_kernel_config CONFIG_VHOST_NET m
                     set_kernel_config CONFIG_VIRTUALIZATION y
             		set_kernel_config CONFIG_SLAB_FREELIST_RANDOM=y
             		set_kernel_config CONFIG_SLAB_FREELIST_HARDENED=y
             		set_kernel_config CONFIG_MMU_NOTIFIER y
             		# erratum
             		set_kernel_config ARM64_ERRATUM_834220 y
             		# https://sourceforge.net/p/kvm/mailman/message/18440797/
             		set_kernel_config CONFIG_PREEMPT_NOTIFIERS y
             	  fi
                   # enable apparmor,integrity audit,
             	  if [ "$KERNEL_SECURITY" = true ] ; then
                     # security filesystem, security models and audit
                     set_kernel_config CONFIG_SECURITYFS y
                     set_kernel_config CONFIG_SECURITY y
                     set_kernel_config CONFIG_AUDIT y
                     # harden strcpy and memcpy
                     set_kernel_config CONFIG_HARDENED_USERCOPY y
                     set_kernel_config CONFIG_HAVE_HARDENED_USERCOPY_ALLOCATOR y
                     set_kernel_config CONFIG_FORTIFY_SOURCE y
                     # integrity sub-system
                     set_kernel_config CONFIG_INTEGRITY y
                     set_kernel_config CONFIG_INTEGRITY_ASYMMETRIC_KEYS y
                     set_kernel_config CONFIG_INTEGRITY_AUDIT y
                     set_kernel_config CONFIG_INTEGRITY_SIGNATURE y
                     set_kernel_config CONFIG_INTEGRITY_TRUSTED_KEYRING y
                     # This option provides support for retaining authentication tokens and access keys in the kernel.
                     set_kernel_config CONFIG_KEYS y
                     set_kernel_config CONFIG_KEYS_COMPAT y
                     # Apparmor
                     set_kernel_config CONFIG_SECURITY_APPARMOR_BOOTPARAM_VALUE 0
                     set_kernel_config CONFIG_SECURITY_APPARMOR_HASH_DEFAULT y
                     set_kernel_config CONFIG_DEFAULT_SECURITY_APPARMOR y
                     set_kernel_config CONFIG_SECURITY_APPARMOR y
                     set_kernel_config CONFIG_SECURITY_APPARMOR_HASH y
                     set_kernel_config CONFIG_DEFAULT_SECURITY "apparmor"
                     # restrictions on unprivileged users reading the kernel
                     set_kernel_config CONFIG_SECURITY_DMESG_RESTRICT y
                     # network security hooks
                     set_kernel_config CONFIG_SECURITY_NETWORK y
                     set_kernel_config CONFIG_SECURITY_NETWORK_XFRM y
                     set_kernel_config CONFIG_SECURITY_PATH y
                     set_kernel_config CONFIG_SECURITY_YAMA n
                     set_kernel_config CONFIG_SECURITY_SELINUX n
                     set_kernel_config CONFIG_SECURITY_SMACK n
                     set_kernel_config CONFIG_SECURITY_TOMOYO n
                     set_kernel_config CONFIG_SECURITY_APPARMOR_DEBUG n
                     set_kernel_config CONFIG_SECURITY_LOADPIN n
                     set_kernel_config CONFIG_HARDENED_USERCOPY_PAGESPAN n
                     set_kernel_config CONFIG_IMA n
                     set_kernel_config CONFIG_EVM n
                     set_kernel_config CONFIG_FANOTIFY_ACCESS_PERMISSIONS y
                     set_kernel_config CONFIG_NFSD_V4_SECURITY_LABEL y
                     set_kernel_config CONFIG_PKCS7_MESSAGE_PARSER y
                     set_kernel_config CONFIG_SYSTEM_TRUSTED_KEYRING y
                     set_kernel_config CONFIG_SYSTEM_EXTRA_CERTIFICATE y
                     set_kernel_config CONFIG_SECONDARY_TRUSTED_KEYRING y
                     set_kernel_config CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY n
             		set_kernel_config CONFIG_SYSTEM_TRUSTED_KEYS m
             		set_kernel_config CONFIG_SYSTEM_EXTRA_CERTIFICATE_SIZE 4096
                   fi
             	  if [ "$ENABLE_CRYPTFS" = true ] ; then
             		set_kernel_config CONFIG_EMBEDDED y
             		set_kernel_config CONFIG_EXPERT y
             		set_kernel_config CONFIG_DAX y
             		set_kernel_config CONFIG_MD y
             		set_kernel_config CONFIG_BLK_DEV_MD y
             		set_kernel_config CONFIG_MD_AUTODETECT y
             		set_kernel_config CONFIG_BLK_DEV_DM y
             		set_kernel_config CONFIG_BLK_DEV_DM_BUILTIN y
             		set_kernel_config CONFIG_DM_CRYPT y
             		set_kernel_config CONFIG_CRYPTO_BLKCIPHER y
             		set_kernel_config CONFIG_CRYPTO_CBC y
             		set_kernel_config CONFIG_CRYPTO_XTS y
             		set_kernel_config CONFIG_CRYPTO_SHA512 y
             		set_kernel_config CONFIG_CRYPTO_MANAGER y
             		set_kernel_config CONFIG_ARM64_CRYPTO y
                     set_kernel_config CONFIG_CRYPTO_SHA256_ARM64 m
                     set_kernel_config CONFIG_CRYPTO_SHA512_ARM64 m
                     set_kernel_config CONFIG_CRYPTO_SHA1_ARM64_CE m
                     set_kernel_config CRYPTO_GHASH_ARM64_CE m
                     set_kernel_config CRYPTO_SHA2_ARM64_CE m
                     set_kernel_config CONFIG_CRYPTO_CRCT10DIF_ARM64_CE m
                     set_kernel_config CONFIG_CRYPTO_CRC32_ARM64_CE m
                     set_kernel_config CONFIG_CRYPTO_AES_ARM64 m
                     set_kernel_config CONFIG_CRYPTO_AES_ARM64_CE m
                     set_kernel_config CONFIG_CRYPTO_AES_ARM64_CE_CCM y
                     set_kernel_config CONFIG_CRYPTO_AES_ARM64_CE_BLK y
                     set_kernel_config CONFIG_CRYPTO_AES_ARM64_NEON_BLK m
                     set_kernel_config CONFIG_CRYPTO_CHACHA20_NEON m
                     set_kernel_config CONFIG_CRYPTO_AES_ARM64_BS m
                   fi
                   # Netfilter kernel support See https://github.com/raspberrypi/linux/issues/2177#issuecomment-354647406
                   if [ "$KERNEL_NF" = true ] ; then
             	    set_kernel_config CONFIG_IP_NF_SECURITY m
                     set_kernel_config CONFIG_NETLABEL y
                     set_kernel_config CONFIG_IP6_NF_SECURITY m
                     set_kernel_config CONFIG_IP_NF_TARGET_SYNPROXY m
                     set_kernel_config CONFIG_NETFILTER_XT_TARGET_AUDIT m
                     set_kernel_config CONFIG_NETFILTER_XT_MATCH_CGROUP m
                     set_kernel_config CONFIG_NETFILTER_XT_MATCH_IPCOMP m
                     set_kernel_config CONFIG_NETFILTER_XT_MATCH_SOCKET m
                     set_kernel_config CONFIG_NFT_FIB_INET m
                     set_kernel_config CONFIG_NFT_FIB_IPV4 m
                     set_kernel_config CONFIG_NFT_FIB_IPV6 m
                     set_kernel_config CONFIG_NFT_FIB_NETDEV m
                     set_kernel_config CONFIG_NFT_OBJREF m
                     set_kernel_config CONFIG_NFT_RT m
                     set_kernel_config CONFIG_NFT_SET_BITMAP m
                     set_kernel_config CONFIG_NF_CONNTRACK_TIMEOUT y
                     set_kernel_config CONFIG_NF_LOG_ARP m
                     set_kernel_config CONFIG_NF_SOCKET_IPV4 m
                     set_kernel_config CONFIG_NF_SOCKET_IPV6 m
                     set_kernel_config CONFIG_BRIDGE_EBT_BROUTE m
                     set_kernel_config CONFIG_BRIDGE_EBT_T_FILTER m
                     set_kernel_config CONFIG_BRIDGE_NF_EBTABLES m
                     set_kernel_config CONFIG_IP6_NF_IPTABLES m
                     set_kernel_config CONFIG_IP6_NF_MATCH_AH m
                     set_kernel_config CONFIG_IP6_NF_MATCH_EUI64 m
                     set_kernel_config CONFIG_IP6_NF_NAT m
                     set_kernel_config CONFIG_IP6_NF_TARGET_MASQUERADE m
                     set_kernel_config CONFIG_IP6_NF_TARGET_NPT m
                     set_kernel_config CONFIG_IP_SET_BITMAP_IPMAC m
                     set_kernel_config CONFIG_IP_SET_BITMAP_PORT m
                     set_kernel_config CONFIG_IP_SET_HASH_IP m
                     set_kernel_config CONFIG_IP_SET_HASH_IPMARK m
                     set_kernel_config CONFIG_IP_SET_HASH_IPPORT m
                     set_kernel_config CONFIG_IP_SET_HASH_IPPORTIP m
                     set_kernel_config CONFIG_IP_SET_HASH_IPPORTNET m
                     set_kernel_config CONFIG_IP_SET_HASH_MAC m
                     set_kernel_config CONFIG_IP_SET_HASH_NET m
                     set_kernel_config CONFIG_IP_SET_HASH_NETIFACE m
                     set_kernel_config CONFIG_IP_SET_HASH_NETNET m
                     set_kernel_config CONFIG_IP_SET_HASH_NETPORT m
                     set_kernel_config CONFIG_IP_SET_HASH_NETPORTNET m
                     set_kernel_config CONFIG_IP_SET_LIST_SET m
                     set_kernel_config CONFIG_NETFILTER_XTABLES m
                     set_kernel_config CONFIG_NETFILTER_XTABLES m
                     set_kernel_config CONFIG_NFT_BRIDGE_META m
                     set_kernel_config CONFIG_NFT_BRIDGE_REJECT m
                     set_kernel_config CONFIG_NFT_CHAIN_NAT_IPV4 m
                     set_kernel_config CONFIG_NFT_CHAIN_NAT_IPV6 m
                     set_kernel_config CONFIG_NFT_CHAIN_ROUTE_IPV4 m
                     set_kernel_config CONFIG_NFT_CHAIN_ROUTE_IPV6 m
                     set_kernel_config CONFIG_NFT_COMPAT m
                     set_kernel_config CONFIG_NFT_COUNTER m
                     set_kernel_config CONFIG_NFT_CT m
                     set_kernel_config CONFIG_NFT_DUP_IPV4 m
                     set_kernel_config CONFIG_NFT_DUP_IPV6 m
                     set_kernel_config CONFIG_NFT_DUP_NETDEV m
                     set_kernel_config CONFIG_NFT_EXTHDR m
                     set_kernel_config CONFIG_NFT_FWD_NETDEV m
                     set_kernel_config CONFIG_NFT_HASH m
                     set_kernel_config CONFIG_NFT_LIMIT m
                     set_kernel_config CONFIG_NFT_LOG m
                     set_kernel_config CONFIG_NFT_MASQ m
                     set_kernel_config CONFIG_NFT_MASQ_IPV4 m
                     set_kernel_config CONFIG_NFT_MASQ_IPV6 m
                     set_kernel_config CONFIG_NFT_META m
                     set_kernel_config CONFIG_NFT_NAT m
                     set_kernel_config CONFIG_NFT_NUMGEN m
                     set_kernel_config CONFIG_NFT_QUEUE m
                     set_kernel_config CONFIG_NFT_QUOTA m
                     set_kernel_config CONFIG_NFT_REDIR m
                     set_kernel_config CONFIG_NFT_REDIR_IPV4 m
                     set_kernel_config CONFIG_NFT_REDIR_IPV6 m
                     set_kernel_config CONFIG_NFT_REJECT m
                     set_kernel_config CONFIG_NFT_REJECT_INET m
                     set_kernel_config CONFIG_NFT_REJECT_IPV4 m
                     set_kernel_config CONFIG_NFT_REJECT_IPV6 m
                     set_kernel_config CONFIG_NFT_SET_HASH m
                     set_kernel_config CONFIG_NFT_SET_RBTREE m
                     set_kernel_config CONFIG_NF_CONNTRACK_IPV4 m
                     set_kernel_config CONFIG_NF_CONNTRACK_IPV6 m
                     set_kernel_config CONFIG_NF_DEFRAG_IPV4 m
                     set_kernel_config CONFIG_NF_DEFRAG_IPV6 m
                     set_kernel_config CONFIG_NF_DUP_IPV4 m
                     set_kernel_config CONFIG_NF_DUP_IPV6 m
                     set_kernel_config CONFIG_NF_DUP_NETDEV m
                     set_kernel_config CONFIG_NF_LOG_BRIDGE m
                     set_kernel_config CONFIG_NF_LOG_IPV4 m
                     set_kernel_config CONFIG_NF_LOG_IPV6 m
                     set_kernel_config CONFIG_NF_NAT_IPV4 m
                     set_kernel_config CONFIG_NF_NAT_IPV6 m
                     set_kernel_config CONFIG_NF_NAT_MASQUERADE_IPV4 y
                     set_kernel_config CONFIG_NF_NAT_MASQUERADE_IPV6 y
                     set_kernel_config CONFIG_NF_NAT_PPTP m
                     set_kernel_config CONFIG_NF_NAT_PROTO_GRE m
                     set_kernel_config CONFIG_NF_NAT_REDIRECT y
                     set_kernel_config CONFIG_NF_NAT_SIP m
                     set_kernel_config CONFIG_NF_NAT_SNMP_BASIC m
                     set_kernel_config CONFIG_NF_NAT_TFTP m
                     set_kernel_config CONFIG_NF_REJECT_IPV4 m
                     set_kernel_config CONFIG_NF_REJECT_IPV6 m
                     set_kernel_config CONFIG_NF_TABLES m
                     set_kernel_config CONFIG_NF_TABLES_IPV4 y
                     set_kernel_config CONFIG_NF_TABLES_IPV6 y
                     set_kernel_config CONFIG_NF_TABLES_SET m
                     set_kernel_config CONFIG_NF_TABLES_INET y
                     set_kernel_config CONFIG_NF_TABLES_NETDEV y
                     set_kernel_config CONFIG_NFT_CONNLIMIT m
                     set_kernel_config CONFIG_NFT_TUNNEL m
                     set_kernel_config CONFIG_NFT_SOCKET m
                     set_kernel_config CONFIG_NFT_TPROXY m
                     set_kernel_config CONFIG_NF_FLOW_TABLE m
                     set_kernel_config CONFIG_NFT_FLOW_OFFLOAD m
                     set_kernel_config CONFIG_NF_FLOW_TABLE_INET m
                     set_kernel_config CONFIG_NF_TABLES_ARP y
                     set_kernel_config CONFIG_NF_FLOW_TABLE_IPV4 y
                     set_kernel_config CONFIG_NF_FLOW_TABLE_IPV6 y
                     set_kernel_config CONFIG_NF_TABLES_BRIDGE y
                     set_kernel_config CONFIG_NF_CT_NETLINK_TIMEOUT m
                     set_kernel_config CONFIG_NFT_OSF m
                   fi
             	  # Enables BPF syscall for systemd-journald see https://github.com/torvalds/linux/blob/master/init/Kconfig#L848 or https://groups.google.com/forum/#!topic/linux.gentoo.user/_2aSc_ztGpA
             	  if [ "$KERNEL_BPF" = true ] ; then
                     set_kernel_config CONFIG_BPF_SYSCALL y
             	    set_kernel_config CONFIG_BPF_EVENTS y
             	    set_kernel_config CONFIG_BPF_STREAM_PARSER y
             	    set_kernel_config CONFIG_CGROUP_BPF y
             	    set_kernel_config CONFIG_XDP_SOCKETS y
             	  fi
             	  # KERNEL_DEFAULT_GOV was set by user
             	  if [ "$KERNEL_DEFAULT_GOV" != ondemand ] && [ -n "$KERNEL_DEFAULT_GOV" ] ; then
             	    case "$KERNEL_DEFAULT_GOV" in
                       performance)
             	            set_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_PERFORMANCE y
                         ;;
                       userspace)
                         	    set_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_USERSPACE y
                         ;;
                       ondemand)
             		    set_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_ONDEMAND y
                         ;;
                       conservative)
             		    set_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_CONSERVATIVE y
             		    ;;
                       shedutil)
             		    set_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_SCHEDUTIL y
                         ;;
                       *)
                         echo "error: unsupported default cpu governor"
                         exit 1
                         ;;
                     esac
                     # unset previous default governor
             	    unset_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_ONDEMAND
             	  fi
             	  #Revert to previous directory
             	  cd "${WORKDIR}" || exit
                   # Set kernel configuration parameters to enable qemu emulation
                   if [ "$ENABLE_QEMU" = true ] ; then
                     echo "CONFIG_FHANDLE=y" >> "${KERNEL_DIR}"/.config
                     echo "CONFIG_LBDAF=y" >> "${KERNEL_DIR}"/.config
                   fi
                   # Copy custom kernel configuration file
                   if [ -n "$KERNELSRC_USRCONFIG" ] ; then
                     cp "$KERNELSRC_USRCONFIG" "${KERNEL_DIR}"/.config
                   fi
                   # Set kernel configuration parameters to their default values
                   if [ "$KERNEL_OLDDEFCONFIG" = true ] ; then
                     make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" olddefconfig
                   fi
                   # Start menu-driven kernel configuration (interactive)
                   if [ "$KERNEL_MENUCONFIG" = true ] ; then
                     make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" menuconfig
                   fi
             	# end if "$KERNELSRC_CONFIG" = true
                 fi
                 # Use ccache to cross compile the kernel
                 if [ "$KERNEL_CCACHE" = true ] ; then
                   cc="ccache ${CROSS_COMPILE}gcc"
                 else
                   cc="${CROSS_COMPILE}gcc"
                 fi
                 # Cross compile kernel and dtbs
                 make -C "${KERNEL_DIR}" -j"${KERNEL_THREADS}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" CC="${cc}" "${KERNEL_BIN_IMAGE}" dtbs
                 # Cross compile kernel modules
                 if grep -q "CONFIG_MODULES=y" "${KERNEL_DIR}/.config" ; then
                   make -C "${KERNEL_DIR}" -j"${KERNEL_THREADS}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" CC="${cc}" modules
                 fi
               # end if "$KERNELSRC_PREBUILT" = false
               fi
               # Check if kernel compilation was successful
               if [ ! -r "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/${KERNEL_BIN_IMAGE}" ] ; then
                 echo "error: kernel compilation failed! (kernel image not found)"
                 cleanup
                 exit 1
               fi
               # Install kernel modules
               if [ "$ENABLE_REDUCE" = true ] ; then
                 if grep -q "CONFIG_MODULES=y" "${KERNEL_DIR}/.config" ; then
                   make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_MOD_STRIP=1 INSTALL_MOD_PATH=../../.. modules_install
                 fi
               else
                 if grep -q "CONFIG_MODULES=y" "${KERNEL_DIR}/.config" ; then
                   make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_MOD_PATH=../../.. modules_install
                 fi
                 # Install kernel firmware
                 if grep -q "^firmware_install:" "${KERNEL_DIR}/Makefile" ; then
                   make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_FW_PATH=../../../lib firmware_install
                 fi
               fi
               # Install kernel headers
               if [ "$KERNEL_HEADERS" = true ] && [ "$REDUCE_KERNEL" = false ] ; then
                 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_HDR_PATH=../.. headers_install
               fi
               # Prepare boot (firmware) directory
               mkdir "${BOOT_DIR}"
               # Get kernel release version
               KERNEL_VERSION=$(cat "${KERNEL_DIR}/include/config/kernel.release")
               # Copy kernel configuration file to the boot directory
               install_readonly "${KERNEL_DIR}/.config" "${R}/boot/config-${KERNEL_VERSION}"
               # Prepare device tree directory
               mkdir "${BOOT_DIR}/overlays"
               # Ensure the proper .dtb is located
               if [ "$KERNEL_ARCH" = "arm" ] ; then
                 for dtb in "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/"*.dtb ; do
                   if [ -f "${dtb}" ] ; then
                     install_readonly "${dtb}" "${BOOT_DIR}/"
                   fi
                 done
               else
                 for dtb in "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/broadcom/"*.dtb ; do
                   if [ -f "${dtb}" ] ; then
                     install_readonly "${dtb}" "${BOOT_DIR}/"
                   fi
                 done
               fi
               # Copy compiled dtb device tree files
               if [ -d "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays" ] ; then
                 for dtb in "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays/"*.dtbo ; do
                   if [ -f "${dtb}" ] ; then
                     install_readonly "${dtb}" "${BOOT_DIR}/overlays/"
                   fi
                 done
                 if [ -f "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays/README" ] ; then
                   install_readonly "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays/README" "${BOOT_DIR}/overlays/README"
                 fi
               fi
               if [ "$ENABLE_UBOOT" = false ] ; then
                 # Convert and copy kernel image to the boot directory
                 cp "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/${KERNEL_BIN_IMAGE}" "${BOOT_DIR}/${KERNEL_IMAGE}"
               else
                 # Copy kernel image to the boot directory
                 install_readonly "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/${KERNEL_BIN_IMAGE}" "${BOOT_DIR}/${KERNEL_IMAGE}"
               fi
               # Remove kernel sources
               if [ "$KERNEL_REMOVESRC" = true ] ; then
                 rm -fr "${KERNEL_DIR}"
               else
                 # Prepare compiled kernel modules
                 if grep -q "CONFIG_MODULES=y" "${KERNEL_DIR}/.config" ; then
                   if grep -q "^modules_prepare:" "${KERNEL_DIR}/Makefile" ; then
                     make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" modules_prepare
                   fi
                   # Create symlinks for kernel modules
                   chroot_exec ln -sf /usr/src/linux "/lib/modules/${KERNEL_VERSION}/build"
                   chroot_exec ln -sf /usr/src/linux "/lib/modules/${KERNEL_VERSION}/source"
                 fi
               fi
             else # BUILD_KERNEL=false
               if [ "$SET_ARCH" = 64 ] ; then
                 if [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then
             	  # Use Sakakis modified kernel if ZSWAP is active
                   if [ "$KERNEL_ZSWAP" = true ] || [ "$KERNEL_VIRT" = true ] || [ "$KERNEL_NF" = true ] || [ "$KERNEL_BPF" = true ] ; then
             	    RPI3_64_KERNEL_URL="${RPI3_64_BIS_KERNEL_URL}"
             	  fi
                   # Create temporary directory for dl
                   temp_dir=$(as_nobody mktemp -d)
                   # Fetch kernel dl
                   as_nobody wget -O "${temp_dir}"/kernel.tar.xz -c "$RPI3_64_KERNEL_URL"
                 fi
                 if [ "$SET_ARCH" = 64 ] && [ "$RPI_MODEL" = 4 ] ; then
                   # Create temporary directory for dl
                   temp_dir=$(as_nobody mktemp -d)
                   # Fetch kernel dl
                   as_nobody wget -O "${temp_dir}"/kernel.tar.xz -c "$RPI4_64_KERNEL_URL"
                 fi
             	#extract download
                 tar -xJf "${temp_dir}"/kernel.tar.xz -C "${temp_dir}"
                 #move extracted kernel to /boot/firmware
                 mkdir "${R}/boot/firmware"
                 cp "${temp_dir}"/boot/* "${R}"/boot/firmware/
                 cp -r "${temp_dir}"/lib/* "${R}"/lib/
                 # Remove temporary directory for kernel sources
                 rm -fr "${temp_dir}"
                 # Set permissions of the kernel sources
                 chown -R root:root "${R}/boot/firmware"
                 chown -R root:root "${R}/lib/modules"
               fi
               # Install Kernel from hypriot comptabile with all Raspberry PI (dunno if its compatible with RPI4 - better compile your own kernel)
               if [ "$SET_ARCH" = 32 ] && [ "$RPI_MODEL" != 4 ] ; then
                 # Create temporary directory for dl
                 temp_dir=$(as_nobody mktemp -d)
                 # Fetch kernel
                 as_nobody wget -O "${temp_dir}"/kernel.deb -c "$RPI_32_KERNEL_URL"
                 # Copy downloaded kernel package
                 mv "${temp_dir}"/kernel.deb "${R}"/tmp/kernel.deb
                 # Set permissions
                 chown -R root:root "${R}"/tmp/kernel.deb
             	# Install kernel
             	chroot_exec dpkg -i /tmp/kernel.deb
             	# move /boot to /boot/firmware to fit script env.
             	#mkdir "${BOOT_DIR}"
             	mkdir "${temp_dir}"/firmware
             	mv  "${R}"/boot/* "${temp_dir}"/firmware/
             	mv "${temp_dir}"/firmware "${R}"/boot/
             	#same for kernel headers
             	if [ "$KERNEL_HEADERS" = true ] ; then
             	  # Fetch kernel header
             	  as_nobody wget -O "${temp_dir}"/kernel-header.deb -c "$RPI_32_KERNELHEADER_URL"
             	  mv "${temp_dir}"/kernel-header.deb "${R}"/tmp/kernel-header.deb
             	  chown -R root:root "${R}"/tmp/kernel-header.deb
             	  # Install kernel header
             	  chroot_exec dpkg -i /tmp/kernel-header.deb
             	  rm -f "${R}"/tmp/kernel-header.deb
             	fi
                 # Remove temporary directory and files
                 rm -fr "${temp_dir}"
             	rm -f "${R}"/tmp/kernel.deb
               fi
               # Check if kernel installation was successful
               KERNEL="$(ls -1 "${R}"/boot/firmware/kernel* | sort | tail -n 1)"
               if [ -z "$KERNEL" ] ; then
                 echo "error: kernel installation failed! (/boot/kernel* not found)"
                 cleanup
                 exit 1
               fi
             fi

bootstrap.d/15-rpi-config.sh +16 0

             #
             # Setup RPi2/3/4 config and cmdline
             #
             # Load utility functions
             . ./functions.sh
             if [ -n "$RPI_FIRMWARE_DIR" ] && [ -d "$RPI_FIRMWARE_DIR" ] ; then
               # Install boot binaries from local directory
               cp "${RPI_FIRMWARE_DIR}"/boot/bootcode.bin "${BOOT_DIR}"/bootcode.bin
               cp "${RPI_FIRMWARE_DIR}"/boot/fixup.dat "${BOOT_DIR}"/fixup.dat
               cp "${RPI_FIRMWARE_DIR}"/boot/fixup_cd.dat "${BOOT_DIR}"/fixup_cd.dat
               cp "${RPI_FIRMWARE_DIR}"/boot/fixup_x.dat "${BOOT_DIR}"/fixup_x.dat
               cp "${RPI_FIRMWARE_DIR}"/boot/start.elf "${BOOT_DIR}"/start.elf
               cp "${RPI_FIRMWARE_DIR}"/boot/start_cd.elf "${BOOT_DIR}"/start_cd.elf
               cp "${RPI_FIRMWARE_DIR}"/boot/start_x.elf "${BOOT_DIR}"/start_x.elf
               cp "${RPI_FIRMWARE_DIR}"/boot/fixup4cd.dat "${BOOT_DIR}"/fixup4cd.dat
               cp "${RPI_FIRMWARE_DIR}"/boot/fixup4.dat "${BOOT_DIR}"/fixup4.dat
               cp "${RPI_FIRMWARE_DIR}"/boot/fixup4db.dat "${BOOT_DIR}"/fixup4db.dat
               cp "${RPI_FIRMWARE_DIR}"/boot/fixup4x.dat "${BOOT_DIR}"/fixup4x.dat
               cp "${RPI_FIRMWARE_DIR}"/boot/start4cd.elf "${BOOT_DIR}"/start4cd.elf
               cp "${RPI_FIRMWARE_DIR}"/boot/start4db.elf "${BOOT_DIR}"/start4db.elf
               cp "${RPI_FIRMWARE_DIR}"/boot/start4.elf "${BOOT_DIR}"/start4.elf
               cp "${RPI_FIRMWARE_DIR}"/boot/start4x.elf "${BOOT_DIR}"/start4x.elf
             else
               # Create temporary directory for boot binaries
               temp_dir=$(as_nobody mktemp -d)
               # Install latest boot binaries from raspberry/firmware github
               as_nobody wget -q -O "${temp_dir}/bootcode.bin" "${FIRMWARE_URL}/bootcode.bin"
               as_nobody wget -q -O "${temp_dir}/fixup.dat" "${FIRMWARE_URL}/fixup.dat"
               as_nobody wget -q -O "${temp_dir}/fixup_cd.dat" "${FIRMWARE_URL}/fixup_cd.dat"
               as_nobody wget -q -O "${temp_dir}/fixup_x.dat" "${FIRMWARE_URL}/fixup_x.dat"
               as_nobody wget -q -O "${temp_dir}/start.elf" "${FIRMWARE_URL}/start.elf"
               as_nobody wget -q -O "${temp_dir}/start_cd.elf" "${FIRMWARE_URL}/start_cd.elf"
               as_nobody wget -q -O "${temp_dir}/start_x.elf" "${FIRMWARE_URL}/start_x.elf"
               as_nobody wget -q -O "${temp_dir}/fixup4cd.dat" "${FIRMWARE_URL}/fixup4cd.dat"
               as_nobody wget -q -O "${temp_dir}/fixup4.dat" "${FIRMWARE_URL}/fixup4.dat"
               as_nobody wget -q -O "${temp_dir}/fixup4db.dat" "${FIRMWARE_URL}/fixup4db.dat"
               as_nobody wget -q -O "${temp_dir}/fixup4x.dat" "${FIRMWARE_URL}/fixup4x.dat"
               as_nobody wget -q -O "${temp_dir}/start4cd.elf" "${FIRMWARE_URL}/start4cd.elf"
               as_nobody wget -q -O "${temp_dir}/start4db.elf" "${FIRMWARE_URL}/start4db.elf"
               as_nobody wget -q -O "${temp_dir}/start4.elf" "${FIRMWARE_URL}/start4.elf"
               as_nobody wget -q -O "${temp_dir}/start4x.elf" "${FIRMWARE_URL}/start4x.elf"
               # Move downloaded boot binaries
               mv "${temp_dir}/"* "${BOOT_DIR}/"
               # Remove temporary directory for boot binaries
               rm -fr "${temp_dir}"
               # Set permissions of the boot binaries
               chown -R root:root "${BOOT_DIR}"
               chmod -R 600 "${BOOT_DIR}"
             fi
             # Setup firmware boot cmdline
             if [ "$ENABLE_USBBOOT" = true ] ; then
               CMDLINE="dwc_otg.lpm_enable=0 root=/dev/sda2 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline console=tty1 rootwait init=/bin/systemd"
             else
               if [ "$ENABLE_SPLITFS" = true ] ; then
                 CMDLINE="dwc_otg.lpm_enable=0 root=/dev/sda1 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline console=tty1 rootwait init=/bin/systemd"
               else
                 CMDLINE="dwc_otg.lpm_enable=0 root=/dev/mmcblk0p2 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline console=tty1 rootwait init=/bin/systemd"
               fi
             fi
             # Add encrypted root partition to cmdline.txt
             if [ "$ENABLE_CRYPTFS" = true ] ; then
               if [ "$ENABLE_SPLITFS" = true ] ; then
                 CMDLINE=$(echo "${CMDLINE}" | sed "s/sda1/mapper\/${CRYPTFS_MAPPING} cryptdevice=\/dev\/sda1:${CRYPTFS_MAPPING}/")
               else
                 if [ "$ENABLE_USBBOOT" = true ] ; then
                   CMDLINE=$(echo "${CMDLINE}" | sed "s/sda2/mapper\/${CRYPTFS_MAPPING} cryptdevice=\/dev\/sda2:${CRYPTFS_MAPPING}/")
                 else
                   CMDLINE=$(echo "${CMDLINE}" | sed "s/mmcblk0p2/mapper\/${CRYPTFS_MAPPING} cryptdevice=\/dev\/mmcblk0p2:${CRYPTFS_MAPPING}/")
                 fi
               fi
             fi
             # Enable Kernel messages on standard output
             if [ "$ENABLE_PRINTK" = true ] ; then
               install_readonly files/sysctl.d/83-rpi-printk.conf "${ETC_DIR}/sysctl.d/83-rpi-printk.conf"
             fi
             # Enable Kernel messages on standard output
             if [ "$KERNEL_SECURITY" = true ] ; then
               install_readonly files/sysctl.d/84-rpi-ASLR.conf "${ETC_DIR}/sysctl.d/84-rpi-ASLR.conf"
             fi
             # Install udev rule for serial alias - serial0 = console serial1=bluetooth
             install_readonly files/etc/99-com.rules "${LIB_DIR}/udev/rules.d/99-com.rules"
             # Remove IPv6 networking support
             if [ "$ENABLE_IPV6" = false ] ; then
               CMDLINE="${CMDLINE} ipv6.disable=1"
             fi
             # Automatically assign predictable network interface names
             if [ "$ENABLE_IFNAMES" = false ] ; then
               CMDLINE="${CMDLINE} net.ifnames=0"
             else
               CMDLINE="${CMDLINE} net.ifnames=1"
             fi
             # Disable Raspberry Pi console logo
             if [ "$ENABLE_LOGO" = false ] ; then
               CMDLINE="${CMDLINE} logo.nologo"
             fi
             # Strictly limit verbosity of boot up console messages
             if [ "$ENABLE_SILENT_BOOT" = true ] ; then
               CMDLINE="${CMDLINE} quiet loglevel=0 rd.systemd.show_status=auto rd.udev.log_priority=0"
             fi
             # Install firmware config
             install_readonly files/boot/config.txt "${BOOT_DIR}/config.txt"
             # Disable Raspberry Pi console logo
             if [ "$ENABLE_SPLASH" = false ] ; then
               echo "disable_splash=1" >> "${BOOT_DIR}/config.txt"
             fi
             # Locks CPU frequency at maximum
             if [ "$ENABLE_TURBO" = true ] ; then
               echo "force_turbo=1" >> "${BOOT_DIR}/config.txt"
               # helps to avoid sdcard corruption when force_turbo is enabled.
               echo "boot_delay=1" >> "${BOOT_DIR}/config.txt"
             fi
             if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] || [ "$RPI_MODEL" = 4 ]; then
               # Bluetooth enabled
               if [ "$ENABLE_BLUETOOTH" = true ] ; then
                 # Create temporary directory for Bluetooth sources
                 temp_dir=$(as_nobody mktemp -d)
                 # Fetch Bluetooth sources
                 as_nobody git -C "${temp_dir}" clone "${BLUETOOTH_URL}"
                 # Copy downloaded sources
                 mv "${temp_dir}/pi-bluetooth" "${R}/tmp/"
                 # Set permissions
                 chown -R root:root "${R}/tmp/pi-bluetooth"
                 # Bluetooth firmware from arch aur https://aur.archlinux.org/packages/pi-bluetooth/
                 wget -q -O "${R}/tmp/pi-bluetooth/LICENCE.broadcom_bcm43xx" https://aur.archlinux.org/cgit/aur.git/plain/LICENCE.broadcom_bcm43xx?h=pi-bluetooth
                 wget -q -O "${R}/tmp/pi-bluetooth/BCM43430A1.hcd" https://raw.githubusercontent.com/RPi-Distro/bluez-firmware/master/broadcom/BCM43430A1.hcd
                 # Install tools
                 install_readonly "${R}/tmp/pi-bluetooth/usr/bin/btuart" "${R}/usr/bin/btuart"
                 install_readonly "${R}/tmp/pi-bluetooth/usr/bin/bthelper" "${R}/usr/bin/bthelper"
             	# make scripts executable
             	chmod +x "${R}/usr/bin/bthelper"
             	chmod +x "${R}/usr/bin/btuart"
                 # Install bluetooth udev rule
                 install_readonly "${R}/tmp/pi-bluetooth/lib/udev/rules.d/90-pi-bluetooth.rules" "${LIB_DIR}/udev/rules.d/90-pi-bluetooth.rules"
                 # Install Firmware Flash file and apropiate licence
                 mkdir -p "$BLUETOOTH_FIRMWARE_DIR"
                 install_readonly "${R}/tmp/pi-bluetooth/LICENCE.broadcom_bcm43xx" "${BLUETOOTH_FIRMWARE_DIR}/LICENCE.broadcom_bcm43xx"
                 install_readonly "${R}/tmp/pi-bluetooth/BCM43430A1.hcd" "${BLUETOOTH_FIRMWARE_DIR}/BCM43430A1.hcd"
                 install_readonly "${R}/tmp/pi-bluetooth/debian/pi-bluetooth.bthelper@.service" "${ETC_DIR}/systemd/system/pi-bluetooth.bthelper@.service"
                 install_readonly "${R}/tmp/pi-bluetooth/debian/pi-bluetooth.hciuart.service" "${ETC_DIR}/systemd/system/pi-bluetooth.hciuart.service"
                 # Remove temporary directories
                 rm -fr "${temp_dir}"
             	rm -fr "${R}"/tmp/pi-bluetooth
                 # Switch Pi3 Bluetooth function to use the mini-UART (ttyS0) and restore UART0/ttyAMA0 over GPIOs 14 & 15. Slow Bluetooth and slow cpu. Use /dev/ttyS0 instead of /dev/ttyAMA0
                 if [ "$ENABLE_MINIUART_OVERLAY" = true ] ; then
             	  # set overlay to swap ttyAMA0 and ttyS0
                   echo "dtoverlay=pi3-miniuart-bt" >> "${BOOT_DIR}/config.txt"
             	  if [ "$ENABLE_TURBO" = false ] ; then
                     echo "core_freq=250" >> "${BOOT_DIR}/config.txt"
                   fi
             	fi
             	# Activate services
             	chroot_exec systemctl enable pi-bluetooth.hciuart.service
               else # if ENABLE_BLUETOOTH = false
               	# set overlay to disable bluetooth
                 echo "dtoverlay=pi3-disable-bt" >> "${BOOT_DIR}/config.txt"
               fi # ENABLE_BLUETOOTH end
             fi
             # may need sudo systemctl disable hciuart
             if [ "$ENABLE_CONSOLE" = true ] ; then
               echo "enable_uart=1"  >> "${BOOT_DIR}/config.txt"
               #More debug output on early but with serial console
               echo "uart_2ndstage=1"  >> "${BOOT_DIR}/config.txt"
               # add string to cmdline
               CMDLINE="${CMDLINE} console=serial0,115200"
               if [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ]|| [ "$RPI_MODEL" = 0 ]; then
                 # if force_turbo didn't lock cpu at high speed, lock it at low speed (XOR logic) or miniuart will be broken
                 if [ "$ENABLE_TURBO" = false ] ; then
                   echo "core_freq=250" >> "${BOOT_DIR}/config.txt"
                 fi
               fi
               # Enable serial console systemd style
               chroot_exec systemctl enable serial-getty@serial0.service
             else
               echo "enable_uart=0"  >> "${BOOT_DIR}/config.txt"
             fi
             # Disable dphys-swapfile service. Will get enabled on first boot
             if [ "$ENABLE_DPHYSSWAP" = true ] ; then
               chroot_exec systemctl disable dphys-swapfile
             fi
             if [ "$ENABLE_SYSTEMDSWAP" = true ] ; then
               # Create temporary directory for systemd-swap sources
               temp_dir=$(as_nobody mktemp -d)
               # Fetch systemd-swap sources
               as_nobody git -C "${temp_dir}" clone "${SYSTEMDSWAP_URL}"
               # Copy downloaded systemd-swap sources
               mv "${temp_dir}/systemd-swap" "${R}/tmp/"
               # Change into downloaded src dir
               cd "${R}/tmp/systemd-swap" || exit
               # Get Verion
               VERSION=$(git tag | tail -n 1)
               #sed -i "s/DEB_NAME=.*/DEB_NAME=systemd-swap_all/g" "${R}/tmp/systemd-swap/package.sh"
               # Build package
               bash ./package.sh debian
               # Change back into script root dir
               cd "${WORKDIR}" || exit
               # Set permissions of the systemd-swap sources
               chown -R root:root "${R}/tmp/systemd-swap"
               # Install package - IMPROVE AND MAKE IT POSSIBLE WITHOUT VERSION NR.
               chroot_exec dpkg -i /tmp/systemd-swap/systemd-swap_"$VERSION"_all.deb
               # Enable service
               chroot_exec systemctl enable systemd-swap
               # Remove temporary directory for systemd-swap sources
               rm -fr "${temp_dir}"
             else
               # Enable ZSWAP in cmdline if systemd-swap is not used
               if [ "$KERNEL_ZSWAP" = true ] ; then
                 CMDLINE="${CMDLINE} zswap.enabled=1 zswap.max_pool_percent=25 zswap.compressor=lz4"
               fi
             fi
               if [ "$KERNEL_SECURITY" = true ] ; then
                 CMDLINE="${CMDLINE} apparmor=1 security=apparmor"
               fi
             # Install firmware boot cmdline
             echo "${CMDLINE}" > "${BOOT_DIR}/cmdline.txt"
             # Setup minimal GPU memory allocation size: 16MB (no X)
+            <<<<<<< HEAD
             if [ "$ENABLE_MINGPU" = true ] ; then
               if [ "$ENABLE_GR_ACCEL" = false ]  ; then
                 echo "gpu_mem=16" >> "${BOOT_DIR}/config.txt"
               else
                 ### Cannot reduce memory if graphics acceleration is requested
                 echo "gpu_mem=128" >> "${BOOT_DIR}/config.txt"
               fi
+            =======
+            if [ "$ENABLE_MINGPU" = true ] && [ "$ENABLE_GR_ACCEL" = false ]  ; then
+              echo "gpu_mem=16" >> "${BOOT_DIR}/config.txt"
+            >>>>>>> 7588b4f62cfa955de0822acf49908044e0504249
             fi
             # Setup boot with initramfs
             if [ "$ENABLE_INITRAMFS" = true ] ; then
               echo "initramfs initramfs-${KERNEL_VERSION} followkernel" >> "${BOOT_DIR}/config.txt"
             fi
             # Create firmware configuration and cmdline symlinks
             ln -sf firmware/config.txt "${R}/boot/config.txt"
             ln -sf firmware/cmdline.txt "${R}/boot/cmdline.txt"
             # Install and setup kernel modules to load at boot
             mkdir -p "${LIB_DIR}/modules-load.d/"
             install_readonly files/modules/rpi2.conf "${LIB_DIR}/modules-load.d/rpi2.conf"
             # Load hardware random module at boot
             if [ "$ENABLE_HWRANDOM" = true ] && [ "$BUILD_KERNEL" = false ] ; then
               sed -i "s/^# bcm2708_rng/bcm2708_rng/" "${LIB_DIR}/modules-load.d/rpi2.conf"
             fi
             # Load sound module at boot
             if [ "$ENABLE_SOUND" = true ] ; then
               sed -i "s/^# snd_bcm2835/snd_bcm2835/" "${LIB_DIR}/modules-load.d/rpi2.conf"
             else
               echo "dtparam=audio=off" >> "${BOOT_DIR}/config.txt"
             fi
             # Enable I2C interface
             if [ "$ENABLE_I2C" = true ] ; then
               echo "dtparam=i2c_arm=on" >> "${BOOT_DIR}/config.txt"
               sed -i "s/^# i2c-bcm2708/i2c-bcm2708/" "${LIB_DIR}/modules-load.d/rpi2.conf"
               sed -i "s/^# i2c-dev/i2c-dev/" "${LIB_DIR}/modules-load.d/rpi2.conf"
             fi
             # Enable SPI interface
             if [ "$ENABLE_SPI" = true ] ; then
               echo "dtparam=spi=on" >> "${BOOT_DIR}/config.txt"
               echo "spi-bcm2708" >> "${LIB_DIR}/modules-load.d/rpi2.conf"
               if [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ]; then
                 sed -i "s/spi-bcm2708/spi-bcm2835/" "${LIB_DIR}/modules-load.d/rpi2.conf"
               fi
             fi
+            #Enable graphics acceleration for Model 4
+            if [ "$RPI_MODEL" = 4 ] && [ "$ENABLE_GR_ACCEL" = true ] ; then
+              echo "max_framebuffers=2" >> "${BOOT_DIR}/config.txt"
+              echo "arm_64bit=1" >> "${BOOT_DIR}/config.txt"
+              echo "cmdline=cmdline.txt" >> "${BOOT_DIR}/config.txt"
+              echo "dtparam=audio=on" >> "${BOOT_DIR}/config.txt"
+              echo "gpu_mem=128" >> "${BOOT_DIR}/config.txt"
+              echo "dtoverlay=vc4-fkms-v3d, cma-128" >> "${BOOT_DIR}/config.txt"
+            fi
             # Disable RPi2/3 under-voltage warnings
             if [ -n "$DISABLE_UNDERVOLT_WARNINGS" ] ; then
               echo "avoid_warnings=${DISABLE_UNDERVOLT_WARNINGS}" >> "${BOOT_DIR}/config.txt"
             fi
             #Enable graphics acceleration for Model 4
             if [ "$RPI_MODEL" = 4 ] && [ "$ENABLE_GR_ACCEL" = true ] ; then
               echo "max_framebuffers=2" >> "${BOOT_DIR}/config.txt"
               echo "arm_64bit=1" >> "${BOOT_DIR}/config.txt"
               echo "cmdline=cmdline.txt" >> "${BOOT_DIR}/config.txt"
               echo "dtparam=audio=on" >> "${BOOT_DIR}/config.txt"
               if [ "$ENABLE_MINGPU" = false ] ; then
                 echo "gpu_mem=128" >> "${BOOT_DIR}/config.txt"
               fi
               echo "dtoverlay=vc4-fkms-v3d, cma-128" >> "${BOOT_DIR}/config.txt"
             fi
             # Install kernel modules blacklist
             mkdir -p "${ETC_DIR}/modprobe.d/"
             install_readonly files/modules/raspi-blacklist.conf "${ETC_DIR}/modprobe.d/raspi-blacklist.conf"
             # Install sysctl.d configuration files
             install_readonly files/sysctl.d/81-rpi-vm.conf "${ETC_DIR}/sysctl.d/81-rpi-vm.conf"

rpi23-gen-image.sh +46 -2

             #!/bin/bash
             ########################################################################
             # rpi23-gen-image.sh					       2015-2017
             #
             # Advanced Debian "bullseye" and "bookworm" bootstrap script for Raspberry Pi
             #
             # This program is free software; you can redistribute it and/or
             # modify it under the terms of the GNU General Public License
             # as published by the Free Software Foundation; either version 2
             # of the License, or (at your option) any later version.
             #
             # Copyright (C) 2015 Jan Wagner <mail@jwagner.eu>
             #
             # Big thanks for patches and enhancements by 20+ github contributors!
             ########################################################################
             # Are we running as root?
             if [ "$(id -u)" -ne "0" ] ; then
               echo "error: this script must be executed with root privileges!"
               exit 1
             fi
             # Check if ./functions.sh script exists
             if [ ! -r "./functions.sh" ] ; then
               echo "error: './functions.sh' required script not found!"
               exit 1
             fi
             # Load utility functions
             . ./functions.sh
             # Load parameters from configuration template file
             if [ -n "$CONFIG_TEMPLATE" ] ; then
               use_template
             fi
             # Introduce settings
             set -e
             echo -n -e "\n#\n# RPi 0/1/2/3/4 Bootstrap Settings\n#\n"
             set -x
             # Raspberry Pi model configuration defaults to 3P
             RPI_MODEL=${RPI_MODEL:=3P}
+            <<<<<<< HEAD
             # Debian release defaults to bullseye
             RELEASE=${RELEASE:=bullseye}
             if [ "$RELEASE" = "bookworm" ] ; then
+            =======
+            # Debian release
+            RELEASE=${RELEASE:=buster}
+            if [ $RELEASE = "bullseye" ] ; then
+            >>>>>>> 7588b4f62cfa955de0822acf49908044e0504249
               RELEASE=testing
             fi
             echo "Debian release value used : " $RELEASE
             # Kernel Branch
             KERNEL_BRANCH=${KERNEL_BRANCH:=""}
             # URLs
             KERNEL_URL=${KERNEL_URL:=https://github.com/raspberrypi/linux}
             FIRMWARE_URL=${FIRMWARE_URL:=https://github.com/raspberrypi/firmware/raw/master/boot}
             #WLAN_FIRMWARE_URL=${WLAN_FIRMWARE_URL:=https://github.com/RPi-Distro/firmware-nonfree/raw/master/brcm}
             WLAN_FIRMWARE_URL=${WLAN_FIRMWARE_URL:=https://raw.githubusercontent.com/RPi-Distro/firmware-nonfree/bullseye/debian/config/brcm80211/brcm}
             FBTURBO_URL=${FBTURBO_URL:=https://github.com/ssvb/xf86-video-fbturbo.git}
             UBOOT_URL=${UBOOT_URL:=https://git.denx.de/u-boot.git}
             VIDEOCORE_URL=${VIDEOCORE_URL:=https://github.com/raspberrypi/userland}
             BLUETOOTH_URL=${BLUETOOTH_URL:=https://github.com/RPi-Distro/pi-bluetooth.git}
             NEXMON_URL=${NEXMON_URL:=https://github.com/seemoo-lab/nexmon.git}
             SYSTEMDSWAP_URL=${SYSTEMDSWAP_URL:=https://github.com/Nefelim4ag/systemd-swap.git}
             # Kernel deb packages for 32bit kernel
             RPI_32_KERNEL_URL=${RPI_32_KERNEL_URL:=https://github.com/hypriot/rpi-kernel/releases/download/v4.14.34/raspberrypi-kernel_20180422-141901_armhf.deb}
             RPI_32_KERNELHEADER_URL=${RPI_32_KERNELHEADER_URL:=https://github.com/hypriot/rpi-kernel/releases/download/v4.14.34/raspberrypi-kernel-headers_20180422-141901_armhf.deb}
             # Kernel has KVM and zswap enabled - use if KERNEL_* parameters and precompiled kernel are used
             RPI3_64_BIS_KERNEL_URL=${RPI3_64_BIS_KERNEL_URL:=https://github.com/sakaki-/bcmrpi3-kernel-bis/releases/download/4.19.102.20200211/bcmrpi3-kernel-bis-4.19.102.20200211.tar.xz}
             # Default precompiled 64bit kernel
             RPI3_64_DEF_KERNEL_URL=${RPI3_64_DEF_KERNEL_URL:=https://github.com/sakaki-/bcmrpi3-kernel/releases/download/4.19.102.20200211/bcmrpi3-kernel-4.19.102.20200211.tar.xz}
             # Sakaki BIS Kernel RPI4 - https://github.com/sakaki-/bcm2711-kernel-bis
             RPI4_64_BIS_KERNEL_URL=${RPI4_64_BIS_KERNEL_URL:=https://github.com/sakaki-/bcm2711-kernel-bis/releases/download/4.19.102.20200211/bcm2711-kernel-bis-4.19.102.20200211.tar.xz}
             # Default precompiled 64bit kernel - https://github.com/sakaki-/bcm2711-kernel
             RPI4_64_DEF_KERNEL_URL=${RPI4_64_DEF_KERNEL_URL:=https://github.com/sakaki-/bcm2711-kernel-bis/releases/download/4.19.102.20200211/bcm2711-kernel-bis-4.19.102.20200211.tar.xz}
             # Generic
             RPI3_64_KERNEL_URL=${RPI3_64_KERNEL_URL:=$RPI3_64_DEF_KERNEL_URL}
             RPI4_64_KERNEL_URL=${RPI4_64_KERNEL_URL:=$RPI4_64_DEF_KERNEL_URL}
             # Kali kernel src - used if ENABLE_NEXMON=true (they patch the wlan kernel modul)
             KALI_KERNEL_URL=${KALI_KERNEL_URL:=https://github.com/Re4son/re4son-raspberrypi-linux.git}
             # Build directories
             WORKDIR=$(pwd)
             BASEDIR=${BASEDIR:=${WORKDIR}/images/${RELEASE}}
             BUILDDIR="${BASEDIR}/build"
             # Chroot directories
             R="${BUILDDIR}/chroot"
             ETC_DIR="${R}/etc"
             LIB_DIR="${R}/lib"
             BOOT_DIR="${R}/boot/firmware"
             KERNEL_DIR="${R}/usr/src/linux"
             WLAN_FIRMWARE_DIR="${LIB_DIR}/firmware/brcm"
             BLUETOOTH_FIRMWARE_DIR="${ETC_DIR}/firmware/bt"
             # APT settings
             APT_SERVER=${APT_SERVER:="ftp.debian.org"}
             APT_PROXY=${APT_PROXY:=""}
             KEEP_APT_PROXY=${KEEP_APT_PROXY:=false}
             # Packages required in the chroot build environment
             APT_INCLUDES=${APT_INCLUDES:=""}
             APT_INCLUDES="${APT_INCLUDES},apt-transport-https,apt-utils,ca-certificates,debian-archive-keyring,dialog,sudo,systemd,sysvinit-utils,locales,keyboard-configuration,console-setup,libnss-systemd"
             # Packages to exclude from chroot build environment
             APT_EXCLUDES=${APT_EXCLUDES:=""}
             # General settings
             SET_ARCH=${SET_ARCH:=32}
             HOSTNAME=${HOSTNAME:=rpi${RPI_MODEL}-${RELEASE}}
             DEFLOCAL=${DEFLOCAL:="en_US.UTF-8"}
             TIMEZONE=${TIMEZONE:="Europe/Berlin"}
             EXPANDROOT=${EXPANDROOT:=true}
             ENABLE_ROOT=${ENABLE_ROOT:=false}
             ROOT_PASSWORD=${ROOT_PASSWORD:=raspberry}
             ENABLE_USER=${ENABLE_USER:=true}
             USER_NAME=${USER_NAME:="pi"}
             USER_PASSWORD=${USER_PASSWORD:=raspberry}
             # Keyboard settings
             XKB_MODEL=${XKB_MODEL:=""}
             XKB_LAYOUT=${XKB_LAYOUT:=""}
             XKB_VARIANT=${XKB_VARIANT:=""}
             XKB_OPTIONS=${XKB_OPTIONS:=""}
             # Networking settings:
             ENABLE_IPV6=${ENABLE_IPV6:=true}
             ENABLE_WIRELESS=${ENABLE_WIRELESS:=false}
             ENABLE_IPTABLES=${ENABLE_IPTABLES:=false}
             ENABLE_HARDNET=${ENABLE_HARDNET:=false}
             ENABLE_IFNAMES=${ENABLE_IFNAMES:=true}
             # Network settings (DHCP)
             ENABLE_ETH_DHCP=${ENABLE_ETH_DHCP:=true}
             ENABLE_WIFI_DHCP=${ENABLE_ETH_DHCP:=true}
             # Network settings (static)
             NET_ETH_ADDRESS=${NET_ETH_ADDRESS:=""}
             NET_ETH_GATEWAY=${NET_ETH_GATEWAY:=""}
             NET_ETH_DNS_1=${NET_ETH_DNS_1:=""}
             NET_ETH_DNS_2=${NET_ETH_DNS_2:=""}
             NET_ETH_DNS_DOMAINS=${NET_ETH_DNS_DOMAINS:=""}
             NET_ETH_NTP_1=${NET_ETH_NTP_1:=""}
             NET_ETH_NTP_2=${NET_ETH_NTP_2:=""}
             # Networking settings (WIFI):
             NET_WIFI_SSID=${NET_WIFI_SSID:=""}
             NET_WIFI_PSK=${NET_WIFI_PSK:=""}
             # Network settings (static)
             NET_WIFI_ADDRESS=${NET_WIFI_ADDRESS:=""}
             NET_WIFI_GATEWAY=${NET_WIFI_GATEWAY:=""}
             NET_WIFI_DNS_1=${NET_WIFI_DNS_1:=""}
             NET_WIFI_DNS_2=${NET_WIFI_DNS_2:=""}
             NET_WIFI_DNS_DOMAINS=${NET_WIFI_DNS_DOMAINS:=""}
             NET_WIFI_NTP_1=${NET_WIFI_NTP_1:=""}
             NET_WIFI_NTP_2=${NET_WIFI_NTP_2:=""}
             # Feature settings
             ENABLE_CONSOLE=${ENABLE_CONSOLE:=false}
             ENABLE_PRINTK=${ENABLE_PRINTK:=false}
             ENABLE_BLUETOOTH=${ENABLE_BLUETOOTH:=false}
             ENABLE_MINIUART_OVERLAY=${ENABLE_MINIUART_OVERLAY:=false}
             ENABLE_TURBO=${ENABLE_TURBO:=false}
             ENABLE_I2C=${ENABLE_I2C:=false}
             ENABLE_SPI=${ENABLE_SPI:=false}
             ENABLE_NONFREE=${ENABLE_NONFREE:=false}
             ENABLE_RSYSLOG=${ENABLE_RSYSLOG:=true}
             ENABLE_SOUND=${ENABLE_SOUND:=false}
             ENABLE_HWRANDOM=${ENABLE_HWRANDOM:=true}
             ENABLE_MINGPU=${ENABLE_MINGPU:=false}
             ENABLE_XORG=${ENABLE_XORG:=false}
             ENABLE_WM=${ENABLE_WM:=""}
             ENABLE_SYSVINIT=${ENABLE_SYSVINIT:=false}
             ENABLE_SPLASH=${ENABLE_SPLASH:=true}
             ENABLE_LOGO=${ENABLE_LOGO:=true}
             ENABLE_SILENT_BOOT=${ENABLE_SILENT_BOOT=false}
             DISABLE_UNDERVOLT_WARNINGS=${DISABLE_UNDERVOLT_WARNINGS:=}
             # Advanced settings
             ENABLE_DPHYSSWAP=${ENABLE_DPHYSSWAP:=true}
             ENABLE_SYSTEMDSWAP=${ENABLE_SYSTEMDSWAP:=false}
             ENABLE_QEMU=${ENABLE_QEMU:=false}
             ENABLE_KEYGEN=${ENABLE_KEYGEN:=false}
             ENABLE_MINBASE=${ENABLE_MINBASE:=false}
             ENABLE_SPLITFS=${ENABLE_SPLITFS:=false}
             ENABLE_INITRAMFS=${ENABLE_INITRAMFS:=false}
             ENABLE_DBUS=${ENABLE_DBUS:=true}
             ENABLE_USBBOOT=${ENABLE_USBBOOT=false}
             CHROOT_SCRIPTS=${CHROOT_SCRIPTS:=""}
             ENABLE_UBOOT=${ENABLE_UBOOT:=false}
             UBOOTSRC_DIR=${UBOOTSRC_DIR:=""}
             ENABLE_FBTURBO=${ENABLE_FBTURBO:=false}
             ENABLE_GR_ACCEL=${ENABLE_GR_ACCEL:=true}
             FBTURBOSRC_DIR=${FBTURBOSRC_DIR:=""}
             ENABLE_VIDEOCORE=${ENABLE_VIDEOCORE:=false}
             VIDEOCORESRC_DIR=${VIDEOCORESRC_DIR:=""}
             ENABLE_NEXMON=${ENABLE_NEXMON:=false}
             NEXMONSRC_DIR=${NEXMONSRC_DIR:=""}
             # SSH settings
             SSH_ENABLE=${SSH_ENABLE:=true}
             SSH_ENABLE_ROOT=${SSH_ENABLE_ROOT:=false}
             SSH_DISABLE_PASSWORD_AUTH=${SSH_DISABLE_PASSWORD_AUTH:=false}
             SSH_LIMIT_USERS=${SSH_LIMIT_USERS:=false}
             SSH_ROOT_PUB_KEY=${SSH_ROOT_PUB_KEY:=""}
             SSH_USER_PUB_KEY=${SSH_USER_PUB_KEY:=""}
             # Kernel compilation settings
             BUILD_KERNEL=${BUILD_KERNEL:=true}
             KERNEL_THREADS=${KERNEL_THREADS:=1}
             KERNEL_HEADERS=${KERNEL_HEADERS:=true}
             KERNEL_MENUCONFIG=${KERNEL_MENUCONFIG:=false}
             KERNEL_OLDDEFCONFIG=${KERNEL_OLDDEFCONFIG:=false}
             KERNEL_CCACHE=${KERNEL_CCACHE:=false}
             KERNEL_REMOVESRC=${KERNEL_REMOVESRC:=true}
             KERNELSRC_DIR=${KERNELSRC_DIR:=""}
             KERNELSRC_CLEAN=${KERNELSRC_CLEAN:=false}
             KERNELSRC_CONFIG=${KERNELSRC_CONFIG:=true}
             KERNELSRC_USRCONFIG=${KERNELSRC_USRCONFIG:=""}
             KERNELSRC_PREBUILT=${KERNELSRC_PREBUILT:=false}
             # Firmware directory: Blank if download from github
             RPI_FIRMWARE_DIR=${RPI_FIRMWARE_DIR:=""}
             KERNEL_DEFAULT_GOV=${KERNEL_DEFAULT_GOV:=ondemand}
             KERNEL_NF=${KERNEL_NF:=false}
             KERNEL_VIRT=${KERNEL_VIRT:=false}
             KERNEL_ZSWAP=${KERNEL_ZSWAP:=false}
             KERNEL_BPF=${KERNEL_BPF:=false}
             KERNEL_SECURITY=${KERNEL_SECURITY:=false}
             KERNEL_BTRFS=${KERNEL_BTRFS:=false}
             KERNEL_POEHAT=${KERNEL_POEHAT:=false}
             KERNEL_NSPAN=${KERNEL_NSPAN:=false}
             KERNEL_DHKEY=${KERNEL_DHKEY:=true}
             # Reduce disk usage settings
             ENABLE_REDUCE=${ENABLE_REDUCE:=false}
             REDUCE_APT=${REDUCE_APT:=true}
             REDUCE_DOC=${REDUCE_DOC:=false}
             REDUCE_MAN=${REDUCE_MAN:=false}
             REDUCE_VIM=${REDUCE_VIM:=false}
             REDUCE_BASH=${REDUCE_BASH:=false}
             REDUCE_HWDB=${REDUCE_HWDB:=false}
             REDUCE_SSHD=${REDUCE_SSHD:=false}
             REDUCE_LOCALE=${REDUCE_LOCALE:=false}
             REDUCE_KERNEL=${REDUCE_KERNEL:=false}
             # Encrypted filesystem settings
             ENABLE_CRYPTFS=${ENABLE_CRYPTFS:=false}
             CRYPTFS_PASSWORD=${CRYPTFS_PASSWORD:=""}
             CRYPTFS_MAPPING=${CRYPTFS_MAPPING:="secure"}
             CRYPTFS_CIPHER=${CRYPTFS_CIPHER:="aes-xts-plain64"}
             CRYPTFS_HASH=${CRYPTFS_HASH:="sha256"}
             CRYPTFS_XTSKEYSIZE=${CRYPTFS_XTSKEYSIZE:=256}
             #Dropbear-initramfs supports unlocking encrypted filesystem via SSH on bootup
             CRYPTFS_DROPBEAR=${CRYPTFS_DROPBEAR:=false}
             #Provide your own Dropbear Public RSA-OpenSSH Key otherwise it will be generated
             CRYPTFS_DROPBEAR_PUBKEY=${CRYPTFS_DROPBEAR_PUBKEY:=""}
             # Packages required for bootstrapping
             REQUIRED_PACKAGES="debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git bc psmisc dbus bison flex libssl-dev sudo"
             MISSING_PACKAGES=""
             # Packages installed for c/c++ build environment in chroot (keep empty)
             COMPILER_PACKAGES=""
             # Check if apt-cacher-ng has port 3142 open and set APT_PROXY
             APT_CACHER_RUNNING=$(lsof -i :3142 | cut -d ' ' -f3 | uniq | sed '/^\s*$/d')
             if [ "${APT_CACHER_RUNNING}" = "apt-cacher-ng" ] ; then
               APT_PROXY=http://127.0.0.1:3142/
             fi
             # Setup architecture specific settings
             if [ -n "$SET_ARCH" ] ; then
               ## 64-bit configuration
               if [ "$SET_ARCH" = 64 ] ; then
                 ### General 64-bit depended settings
                 QEMU_BINARY=${QEMU_BINARY:=/usr/bin/qemu-aarch64-static}
                 KERNEL_ARCH=${KERNEL_ARCH:=arm64}
                 KERNEL_BIN_IMAGE=${KERNEL_BIN_IMAGE:="Image"}
+            <<<<<<< HEAD
                 ### Raspberry Pi model specific settings
+            =======
+                ### Raspberry Pi 64-bit model specific settings
+            >>>>>>> 7588b4f62cfa955de0822acf49908044e0504249
                 if [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] || [ "$RPI_MODEL" = 4 ] ; then
                   if [ "$RPI_MODEL" != 4 ] ; then
                     KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcmrpi3_defconfig}
                   else
                     KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcm2711_defconfig}
                   fi
                   REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-arm64"
                   RELEASE_ARCH=${RELEASE_ARCH:=arm64}
                   KERNEL_IMAGE=${KERNEL_IMAGE:=kernel8.img}
                   CROSS_COMPILE=${CROSS_COMPILE:=aarch64-linux-gnu-}
+            <<<<<<< HEAD
+            =======
+            >>>>>>> 7588b4f62cfa955de0822acf49908044e0504249
                 else
                   echo "error: Only Raspberry PI 3, 3B+ and 4 support 64-bit"
                   exit 1
                 fi
               fi
               ## 32-bit configuration
               if [ "$SET_ARCH" = 32 ] ; then
                 ### General 32-bit dependend settings
                 QEMU_BINARY=${QEMU_BINARY:=/usr/bin/qemu-arm-static}
                 KERNEL_ARCH=${KERNEL_ARCH:=arm}
                 KERNEL_BIN_IMAGE=${KERNEL_BIN_IMAGE:="zImage"}
                 ### Raspberry Pi (0-1P) model specific settings
                 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 1 ] || [ "$RPI_MODEL" = 1P ] ; then
                   REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-armel"
                   KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcmrpi_defconfig}
                   RELEASE_ARCH=${RELEASE_ARCH:=armel}
                   KERNEL_IMAGE=${KERNEL_IMAGE:=kernel.img}
                   CROSS_COMPILE=${CROSS_COMPILE:=arm-linux-gnueabi-}
+            <<<<<<< HEAD
             	  if [ $ENABLE_XORG = true ] ; then
             	    if [$RELEASE = "stretch" ] || [$RELEASE = "oldstable" ] ; then
             	      printf "\nBest support for armel architecture is provided under Debian stretch/oldstable. Choose yes to change release to Debian stretch[y/n] "
             	      read -r confirm
+            =======
+                  if [ $ENABLE_XORG = true ] ; then
+                    if [$RELEASE = "stretch" ] || [$RELEASE = "oldstable" ] ; then
+                      printf "\nBest support for armel architecture is provided under Debian stretch/oldstable. Choose yes to change release to Debian stretch[y/n] "
+                      read -r confirm
+            >>>>>>> 7588b4f62cfa955de0822acf49908044e0504249
                       if [ "$confirm" = "y" ] ; then
                         $RELEASE = "stretch"
                       fi
                     fi
                   fi
                 fi
                 ### Raspberry Pi (2-4) model specific settings
                 if [ "$RPI_MODEL" = 2 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] || [ "$RPI_MODEL" = 4 ] ; then
                   if [ "$RPI_MODEL" != 4 ] ; then
                     KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcm2709_defconfig}
                     KERNEL_IMAGE=${KERNEL_IMAGE:=kernel7.img}
                   else
                     KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcm2711_defconfig}
                     KERNEL_IMAGE=${KERNEL_IMAGE:=kernel7l.img}
                   fi
                   REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-armhf"
                   RELEASE_ARCH=${RELEASE_ARCH:=armhf}
                   CROSS_COMPILE=${CROSS_COMPILE:=arm-linux-gnueabihf-}
                 fi
               fi
               # SET_ARCH not set
             else
               echo "error: Please set '32' or '64' as value for SET_ARCH"
               exit 1
             fi
             # Device specific configuration and U-Boot configuration
             case "$RPI_MODEL" in
 )
               DTB_FILE=${DTB_FILE:=bcm2708-rpi-0-w.dtb}
               UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_defconfig}
               ;;
 )
               DTB_FILE=${DTB_FILE:=bcm2708-rpi-b.dtb}
               UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_defconfig}
               ;;
 P)
               DTB_FILE=${DTB_FILE:=bcm2708-rpi-b-plus.dtb}
               UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_defconfig}
               ;;
 )
               DTB_FILE=${DTB_FILE:=bcm2709-rpi-2-b.dtb}
               UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_2_defconfig}
               ;;
 )
               DTB_FILE=${DTB_FILE:=bcm2710-rpi-3-b.dtb}
               UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_3_defconfig}
               ;;
 P)
               DTB_FILE=${DTB_FILE:=bcm2710-rpi-3-b.dtb}
               UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_3_defconfig}
               ;;
 )
               DTB_FILE=${DTB_FILE:=bcm2711-rpi-4-b.dtb}
               UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_4_defconfig}
               ;;
               *)
               echo "error: Raspberry Pi model $RPI_MODEL is not supported!"
               exit 1
               ;;
             esac
             # Raspberry PI 0,3,3P,4 with Bluetooth and Wifi onboard
             if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] || [ "$RPI_MODEL" = 4 ] ; then
               ## Include bluetooth packages on supported boards
               if [ "$ENABLE_BLUETOOTH" = true ] ; then
                 APT_INCLUDES="${APT_INCLUDES},bluetooth,bluez"
               fi
               if [ "$ENABLE_WIRELESS" = true ] ; then
                 APT_INCLUDES="${APT_INCLUDES},wireless-tools,crda,wireless-regdb,wpasupplicant"
               fi
+            <<<<<<< HEAD
+            # Raspberry PI 1,1P,2 without Wifi and bluetooth onboard
+            else
+            =======
               # Raspberry PI 1,1P,2 without Wifi and bluetooth onboard
             else
+            >>>>>>> 7588b4f62cfa955de0822acf49908044e0504249
               ## Check if the internal wireless interface is not supported by the RPi model
               if [ "$ENABLE_WIRELESS" = true ] || [ "$ENABLE_BLUETOOTH" = true ]; then
                 echo "error: The selected Raspberry Pi model has no integrated interface for wireless or bluetooth"
                 exit 1
               fi
             fi
             if [ "$BUILD_KERNEL" = false ] && [ "$ENABLE_NEXMON" = true ]; then
               echo "error: You have to compile kernel sources, if you want to enable nexmon"
               exit 1
             fi
             # Prepare date string for default image file name
             DATE="$(date +%Y-%m-%d)"
             if [ -z "$KERNEL_BRANCH" ] ; then
               IMAGE_NAME=${IMAGE_NAME:=${BASEDIR}/${DATE}-${KERNEL_ARCH}-CURRENT-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}}
             else
               IMAGE_NAME=${IMAGE_NAME:=${BASEDIR}/${DATE}-${KERNEL_ARCH}-${KERNEL_BRANCH}-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}}
             fi
             # Check if DISABLE_UNDERVOLT_WARNINGS parameter value is supported
             if [ -n "$DISABLE_UNDERVOLT_WARNINGS" ] ; then
               if [ "$DISABLE_UNDERVOLT_WARNINGS" != 1 ] && [ "$DISABLE_UNDERVOLT_WARNINGS" != 2 ] ; then
                 echo "error: DISABLE_UNDERVOLT_WARNINGS=${DISABLE_UNDERVOLT_WARNINGS} is not supported"
                 exit 1
               fi
             fi
             # Add cmake to compile videocore sources
             if [ "$ENABLE_VIDEOCORE" = true ] ; then
               REQUIRED_PACKAGES="${REQUIRED_PACKAGES} cmake"
             fi
             # Add deps for nexmon
             if [ "$ENABLE_NEXMON" = true ] ; then
               REQUIRED_PACKAGES="${REQUIRED_PACKAGES} libgmp3-dev gawk qpdf make autoconf automake build-essential libtool"
             fi
             # Add libncurses5 to enable kernel menuconfig
             if [ "$KERNEL_MENUCONFIG" = true ] ; then
               REQUIRED_PACKAGES="${REQUIRED_PACKAGES} libncurses-dev"
             fi
             # Add ccache compiler cache for (faster) kernel cross (re)compilation
             if [ "$KERNEL_CCACHE" = true ] ; then
               REQUIRED_PACKAGES="${REQUIRED_PACKAGES} ccache"
             fi
             # Add cryptsetup package to enable filesystem encryption
             if [ "$ENABLE_CRYPTFS" = true ]  && [ "$BUILD_KERNEL" = true ] ; then
               REQUIRED_PACKAGES="${REQUIRED_PACKAGES} cryptsetup"
               APT_INCLUDES="${APT_INCLUDES},cryptsetup,busybox,console-setup,cryptsetup-initramfs"
-              # If cryptfs,dropbear and initramfs are enabled include dropbear-initramfs package
+              ## If cryptfs,dropbear and initramfs are enabled include dropbear-initramfs package
               if [ "$CRYPTFS_DROPBEAR" = true ] && [ "$ENABLE_INITRAMFS" = true ]; then
                 APT_INCLUDES="${APT_INCLUDES},dropbear-initramfs"
               fi
               if [ -z "$CRYPTFS_PASSWORD" ] ; then
                 echo "error: no password defined (CRYPTFS_PASSWORD)!"
                 exit 1
               fi
               ENABLE_INITRAMFS=true
             fi
             # Add initramfs generation tools
             if [ "$ENABLE_INITRAMFS" = true ] && [ "$BUILD_KERNEL" = true ] ; then
               APT_INCLUDES="${APT_INCLUDES},initramfs-tools"
             fi
             # Add device-tree-compiler required for building the U-Boot bootloader
             if [ "$ENABLE_UBOOT" = true ] ; then
               APT_INCLUDES="${APT_INCLUDES},device-tree-compiler,bc"
             fi
             if [ "$ENABLE_USBBOOT" = true ] ; then
+            <<<<<<< HEAD
               if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 1P ] || [ "$RPI_MODEL" = 1 ] || [ "$RPI_MODEL" = 2 ]; then
                 echo "error: Booting from USB alone is only supported by Raspberry Pi 3 and 3P"
                 exit 1
               fi
+            =======
+            if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 1P ] || [ "$RPI_MODEL" = 1 ] || [ "$RPI_MODEL" = 2 ]; then
+              echo "error: Booting from USB alone is only supported by Raspberry Pi 3 and 3P"
+              exit 1
+            fi
+            >>>>>>> 7588b4f62cfa955de0822acf49908044e0504249
             fi
             # Check if root SSH (v2) public key file exists
             if [ -n "$SSH_ROOT_PUB_KEY" ] ; then
               if [ ! -f "$SSH_ROOT_PUB_KEY" ] ; then
                 echo "error: '$SSH_ROOT_PUB_KEY' specified SSH public key file not found (SSH_ROOT_PUB_KEY)!"
                 exit 1
               fi
             fi
             # Check if $USER_NAME SSH (v2) public key file exists
             if [ -n "$SSH_USER_PUB_KEY" ] ; then
               if [ ! -f "$SSH_USER_PUB_KEY" ] ; then
                 echo "error: '$SSH_USER_PUB_KEY' specified SSH public key file not found (SSH_USER_PUB_KEY)!"
                 exit 1
               fi
             fi
             if [ "$ENABLE_NEXMON" = true ] && [ -n "$KERNEL_BRANCH" ] ; then
               echo "error: Please unset KERNEL_BRANCH if using ENABLE_NEXMON"
               exit 1
             fi
             # Check if all required packages are installed on the build system
             for package in $REQUIRED_PACKAGES ; do
               if [ "$(dpkg-query -W -f='${Status}' "$package")" != "install ok installed" ] ; then
                 MISSING_PACKAGES="${MISSING_PACKAGES} $package"
               fi
             done
             # If there are missing packages ask confirmation for install, or exit
             if [ -n "$MISSING_PACKAGES" ] ; then
               echo "the following packages needed by this script are not installed:"
               echo "$MISSING_PACKAGES"
               printf "\ndo you want to install the missing packages right now? [y/n] "
               read -r confirm
               [ "$confirm" != "y" ] && exit 1
               ## Make sure all missing required packages are installed
               apt-get update && apt-get -qq -y install `echo "${MISSING_PACKAGES}" | sed "s/ //"`
             fi
             # Check if ./bootstrap.d directory exists
             if [ ! -d "./bootstrap.d/" ] ; then
               echo "error: './bootstrap.d' required directory not found!"
               exit 1
             fi
             # Check if ./files directory exists
             if [ ! -d "./files/" ] ; then
               echo "error: './files' required directory not found!"
               exit 1
             fi
             # Check if specified KERNELSRC_DIR directory exists
             if [ -n "$KERNELSRC_DIR" ] && [ ! -d "$KERNELSRC_DIR" ] ; then
               echo "error: '${KERNELSRC_DIR}' specified directory not found (KERNELSRC_DIR)!"
               exit 1
             fi
             # Check if specified UBOOTSRC_DIR directory exists
             if [ -n "$UBOOTSRC_DIR" ] && [ ! -d "$UBOOTSRC_DIR" ] ; then
               echo "error: '${UBOOTSRC_DIR}' specified directory not found (UBOOTSRC_DIR)!"
               exit 1
             fi
             # Check if specified VIDEOCORESRC_DIR directory exists
             if [ -n "$VIDEOCORESRC_DIR" ] && [ ! -d "$VIDEOCORESRC_DIR" ] ; then
               echo "error: '${VIDEOCORESRC_DIR}' specified directory not found (VIDEOCORESRC_DIR)!"
               exit 1
             fi
             # Check if specified FBTURBOSRC_DIR directory exists
             if [ -n "$FBTURBOSRC_DIR" ] && [ ! -d "$FBTURBOSRC_DIR" ] ; then
               echo "error: '${FBTURBOSRC_DIR}' specified directory not found (FBTURBOSRC_DIR)!"
               exit 1
             fi
             # Check if specified NEXMONSRC_DIR directory exists
             if [ -n "$NEXMONSRC_DIR" ] && [ ! -d "$NEXMONSRC_DIR" ] ; then
               echo "error: '${NEXMONSRC_DIR}' specified directory not found (NEXMONSRC_DIR)!"
               exit 1
             fi
             # Check if specified CHROOT_SCRIPTS directory exists
             if [ -n "$CHROOT_SCRIPTS" ] && [ ! -d "$CHROOT_SCRIPTS" ] ; then
               echo "error: ${CHROOT_SCRIPTS} specified directory not found (CHROOT_SCRIPTS)!"
               exit 1
             fi
             # Check if specified device mapping already exists (will be used by cryptsetup)
             if [ -r "/dev/mapping/${CRYPTFS_MAPPING}" ] ; then
               echo "error: mapping /dev/mapping/${CRYPTFS_MAPPING} already exists, not proceeding"
               exit 1
             fi
             # Don't clobber an old build
             if [ -e "$BUILDDIR" ] ; then
               echo "error: directory ${BUILDDIR} already exists, not proceeding"
               exit 1
             fi
             # Setup chroot directory
             mkdir -p "${R}"
             # Check if build directory has enough of free disk space >512MB
             if [ "$(df --output=avail "${BUILDDIR}" | sed "1d")" -le "524288" ] ; then
               echo "error: ${BUILDDIR} not enough space left to generate the output image!"
               exit 1
             fi
             set -x
             # Call "cleanup" function on various signals and errors
             trap cleanup 0 1 2 3 6
             # Add required packages for the minbase installation
             if [ "$ENABLE_MINBASE" = true ] ; then
               APT_INCLUDES="${APT_INCLUDES},vim-tiny,netbase,net-tools,ifupdown"
             fi
             # Add parted package, required to get partprobe utility
             if [ "$EXPANDROOT" = true ] ; then
               APT_INCLUDES="${APT_INCLUDES},parted"
             fi
             # Add dphys-swapfile package, required to enable swap
             if [ "$ENABLE_DPHYSSWAP" = true ] ; then
               APT_INCLUDES="${APT_INCLUDES},dphys-swapfile"
             fi
             # Add dbus package, recommended if using systemd
             if [ "$ENABLE_DBUS" = true ] ; then
               APT_INCLUDES="${APT_INCLUDES},dbus"
             fi
             # Add iptables IPv4/IPv6 package
             if [ "$ENABLE_IPTABLES" = true ] ; then
               APT_INCLUDES="${APT_INCLUDES},iptables,iptables-persistent"
             fi
             # Add apparmor for KERNEL_SECURITY
             if [ "$KERNEL_SECURITY" = true ] ; then
               APT_INCLUDES="${APT_INCLUDES},apparmor,apparmor-utils,apparmor-profiles,apparmor-profiles-extra,libapparmor-perl"
             fi
             # Add openssh server package
             if [ "$SSH_ENABLE" = true ] ; then
               APT_INCLUDES="${APT_INCLUDES},openssh-server"
             fi
             # Add alsa-utils package
             if [ "$ENABLE_SOUND" = true ] ; then
               APT_INCLUDES="${APT_INCLUDES},alsa-utils"
             fi
             # Add rng-tools package
             if [ "$ENABLE_HWRANDOM" = true ] ; then
               APT_INCLUDES="${APT_INCLUDES},rng-tools"
             fi
             # Add fbturbo video driver
             if [ "$ENABLE_FBTURBO" = true ] ; then
               # Enable xorg package dependencies
               ENABLE_XORG=true
             fi
             # Add user defined window manager package
             if [ -n "$ENABLE_WM" ] ; then
               APT_INCLUDES="${APT_INCLUDES},${ENABLE_WM}"
               # Enable xorg package dependencies
               ENABLE_XORG=true
             fi
             # Add xorg package
             if [ "$ENABLE_XORG" = true ] ; then
               APT_INCLUDES="${APT_INCLUDES},xorg,dbus-x11"
             fi
             # Replace selected packages with smaller clones
             if [ "$ENABLE_REDUCE" = true ] ; then
               ## Add levee package instead of vim-tiny
               if [ "$REDUCE_VIM" = true ] ; then
                 APT_INCLUDES="$(echo ${APT_INCLUDES} | sed "s/vim-tiny/levee/")"
               fi
               ## Add dropbear package instead of openssh-server
               if [ "$REDUCE_SSHD" = true ] ; then
                 APT_INCLUDES="$(echo "${APT_INCLUDES}" | sed "s/openssh-server/dropbear/")"
               fi
             fi
             # Configure systemd-sysv exclude to make halt/reboot/shutdown scripts available
             if [ "$ENABLE_SYSVINIT" = false ] ; then
               APT_EXCLUDES="--exclude=${APT_EXCLUDES},init,systemd-sysv"
             fi
             # Configure kernel sources if no KERNELSRC_DIR
             if [ "$BUILD_KERNEL" = true ] && [ -z "$KERNELSRC_DIR" ] ; then
               KERNELSRC_CONFIG=true
             fi
             # Configure reduced kernel
             if [ "$KERNEL_REDUCE" = true ] ; then
               KERNELSRC_CONFIG=false
             fi
             # Configure qemu compatible kernel
             if [ "$ENABLE_QEMU" = true ] ; then
               DTB_FILE=vexpress-v2p-ca15_a7.dtb
               UBOOT_CONFIG=vexpress_ca15_tc2_defconfig
               KERNEL_DEFCONFIG="vexpress_defconfig"
               if [ "$KERNEL_MENUCONFIG" = false ] ; then
                 KERNEL_OLDDEFCONFIG=true
               fi
             fi
             # Execute bootstrap scripts
             for SCRIPT in bootstrap.d/*.sh; do
               head -n 3 "$SCRIPT"
               . "$SCRIPT"
             done
             ## Execute custom bootstrap scripts
             if [ -d "custom.d" ] ; then
               for SCRIPT in custom.d/*.sh; do
                 . "$SCRIPT"
               done
             fi
             # Execute custom scripts inside the chroot
             if [ -n "$CHROOT_SCRIPTS" ] && [ -d "$CHROOT_SCRIPTS" ] ; then
               cp -r "${CHROOT_SCRIPTS}" "${R}/chroot_scripts"
-              chroot_exec /bin/bash -x <<'EOF'
+              chroot_exec /bin/bash -x << EOF
             for SCRIPT in /chroot_scripts/* ; do
               if [ -f $SCRIPT -a -x $SCRIPT ] ; then
                 $SCRIPT
               fi
             done
             EOF
               rm -rf "${R}/chroot_scripts"
             fi
             # Remove c/c++ build environment from the chroot
             chroot_remove_cc
             # Generate required machine-id
             MACHINE_ID=$(dbus-uuidgen)
             echo -n "${MACHINE_ID}" > "${R}/var/lib/dbus/machine-id"
             echo -n "${MACHINE_ID}" > "${ETC_DIR}/machine-id"
             # APT Cleanup
             chroot_exec apt-get -y clean
             chroot_exec apt-get -y autoclean
             chroot_exec apt-get -y autoremove
             # Unmount mounted filesystems
             umount -l "${R}/proc"
             umount -l "${R}/sys"
             # Clean up directories
             rm -rf "${R}/run/*"
             rm -rf "${R}/tmp/*"
             # Clean up APT proxy settings
             if [ "$KEEP_APT_PROXY" = false ] ; then
               rm -f "${ETC_DIR}/apt/apt.conf.d/10proxy"
             fi
             # Clean up files
             rm -f "${ETC_DIR}/ssh/ssh_host_*"
             rm -f "${ETC_DIR}/dropbear/dropbear_*"
             rm -f "${ETC_DIR}/apt/sources.list.save"
             rm -f "${ETC_DIR}/resolvconf/resolv.conf.d/original"
             rm -f "${ETC_DIR}/*-"
             rm -f "${ETC_DIR}/resolv.conf"
             rm -f "${R}/root/.bash_history"
             rm -f "${R}/var/lib/urandom/random-seed"
             rm -f "${R}/initrd.img"
             rm -f "${R}/vmlinuz"
             rm -f "${R}${QEMU_BINARY}"
             if [ "$ENABLE_QEMU" = true ] ; then
               # Setup QEMU directory
               mkdir "${BASEDIR}/qemu"
               # Copy kernel image to QEMU directory
               install_readonly "${BOOT_DIR}/${KERNEL_IMAGE}" "${BASEDIR}/qemu/${KERNEL_IMAGE}"
               # Copy kernel config to QEMU directory
               install_readonly "${R}/boot/config-${KERNEL_VERSION}" "${BASEDIR}/qemu/config-${KERNEL_VERSION}"
               # Copy kernel dtbs to QEMU directory
               for dtb in "${BOOT_DIR}/"*.dtb ; do
                 if [ -f "${dtb}" ] ; then
                   install_readonly "${dtb}" "${BASEDIR}/qemu/"
                 fi
               done
               # Copy kernel overlays to QEMU directory
               if [ -d "${BOOT_DIR}/overlays" ] ; then
                 # Setup overlays dtbs directory
                 mkdir "${BASEDIR}/qemu/overlays"
                 for dtb in "${BOOT_DIR}/overlays/"*.dtbo ; do
                   if [ -f "${dtb}" ] ; then
                     install_readonly "${dtb}" "${BASEDIR}/qemu/overlays/"
                   fi
                 done
               fi
               # Copy u-boot files to QEMU directory
               if [ "$ENABLE_UBOOT" = true ] ; then
                 if [ -f "${BOOT_DIR}/u-boot.bin" ] ; then
                   install_readonly "${BOOT_DIR}/u-boot.bin" "${BASEDIR}/qemu/u-boot.bin"
                 fi
                 if [ -f "${BOOT_DIR}/uboot.mkimage" ] ; then
                   install_readonly "${BOOT_DIR}/uboot.mkimage" "${BASEDIR}/qemu/uboot.mkimage"
                 fi
                 if [ -f "${BOOT_DIR}/boot.scr" ] ; then
                   install_readonly "${BOOT_DIR}/boot.scr" "${BASEDIR}/qemu/boot.scr"
                 fi
               fi
               # Copy initramfs to QEMU directory
               if [ -f "${BOOT_DIR}/initramfs-${KERNEL_VERSION}" ] ; then
                 install_readonly "${BOOT_DIR}/initramfs-${KERNEL_VERSION}" "${BASEDIR}/qemu/initramfs-${KERNEL_VERSION}"
               fi
             fi
             # Calculate size of the chroot directory in KB
             CHROOT_SIZE=$(expr "$(du -s "${R}" | awk '{ print $1 }')")
             # Calculate the amount of needed 512 Byte sectors
             TABLE_SECTORS=$(expr 1 \* 1024 \* 1024 \/ 512)
             FRMW_SECTORS=$(expr 128 \* 1024 \* 1024 \/ 512)
             ROOT_OFFSET=$(expr "${TABLE_SECTORS}" + "${FRMW_SECTORS}")
             # The root partition is EXT4
             # This means more space than the actual used space of the chroot is used.
             # As overhead for journaling and reserved blocks 35% are added.
             ROOT_SECTORS=$(expr "$(expr "${CHROOT_SIZE}" + "${CHROOT_SIZE}" \/ 100 \* 35)" \* 1024 \/ 512)
             # Calculate required image size in 512 Byte sectors
             IMAGE_SECTORS=$(expr "${TABLE_SECTORS}" + "${FRMW_SECTORS}" + "${ROOT_SECTORS}")
             # Prepare image file
             if [ "$ENABLE_SPLITFS" = true ] ; then
               dd if=/dev/zero of="$IMAGE_NAME-frmw.img" bs=512 count="${TABLE_SECTORS}"
               dd if=/dev/zero of="$IMAGE_NAME-frmw.img" bs=512 count=0 seek="${FRMW_SECTORS}"
               dd if=/dev/zero of="$IMAGE_NAME-root.img" bs=512 count="${TABLE_SECTORS}"
               dd if=/dev/zero of="$IMAGE_NAME-root.img" bs=512 count=0 seek="${ROOT_SECTORS}"
+            <<<<<<< HEAD
               ## Write firmware/boot partition tables
               sfdisk -q -L -uS -f "$IMAGE_NAME-frmw.img" 2> /dev/null <<EOM
             ${TABLE_SECTORS},${FRMW_SECTORS},c,*
             EOM
               ## Write root partition table
               sfdisk -q -L -uS -f "$IMAGE_NAME-root.img" 2> /dev/null <<EOM
+            =======
+              # Write firmware/boot partition tables
+              sfdisk -q -L -uS -f "$IMAGE_NAME-frmw.img" 2> /dev/null << EOM
+            ${TABLE_SECTORS},${FRMW_SECTORS},c,*
+            EOM
+              # Write root partition table
+              sfdisk -q -L -uS -f "$IMAGE_NAME-root.img" 2> /dev/null << EOM
+            >>>>>>> 7588b4f62cfa955de0822acf49908044e0504249
             ${TABLE_SECTORS},${ROOT_SECTORS},83
             EOM
               # Setup temporary loop devices
               FRMW_LOOP="$(losetup -o 1M --sizelimit 128M -f --show "$IMAGE_NAME"-frmw.img)"
               ROOT_LOOP="$(losetup -o 1M -f --show "$IMAGE_NAME"-root.img)"
             # ENABLE_SPLITFS=false
             else
               dd if=/dev/zero of="$IMAGE_NAME.img" bs=512 count="${TABLE_SECTORS}"
               dd if=/dev/zero of="$IMAGE_NAME.img" bs=512 count=0 seek="${IMAGE_SECTORS}"
               # Write partition table
               sfdisk -q -L -uS -f "$IMAGE_NAME.img" 2> /dev/null << EOM
             ${TABLE_SECTORS},${FRMW_SECTORS},c,*
             ${ROOT_OFFSET},${ROOT_SECTORS},83
             EOM
               # Setup temporary loop devices
               FRMW_LOOP="$(losetup -o 1M --sizelimit 128M -f --show "$IMAGE_NAME".img)"
               ROOT_LOOP="$(losetup -o 129M -f --show "$IMAGE_NAME".img)"
             fi
             if [ "$ENABLE_CRYPTFS" = true ] ; then
               # Create dummy ext4 fs
               mkfs.ext4 "$ROOT_LOOP"
               # Setup password keyfile
               touch .password
               chmod 600 .password
               echo -n ${CRYPTFS_PASSWORD} > .password
               # Initialize encrypted partition
               cryptsetup --verbose --debug -q luksFormat "${ROOT_LOOP}" -c "${CRYPTFS_CIPHER}" -h "${CRYPTFS_HASH}" -s "${CRYPTFS_XTSKEYSIZE}" .password
               # Open encrypted partition and setup mapping
               cryptsetup luksOpen "${ROOT_LOOP}" -d .password "${CRYPTFS_MAPPING}"
               # Secure delete password keyfile
               shred -zu .password
               # Update temporary loop device
               ROOT_LOOP="/dev/mapper/${CRYPTFS_MAPPING}"
               # Wipe encrypted partition (encryption cipher is used for randomness)
               dd if=/dev/zero of="${ROOT_LOOP}" bs=512 count="$(blockdev --getsz "${ROOT_LOOP}")"
             fi
             # Build filesystems
             mkfs.vfat "$FRMW_LOOP"
             mkfs.ext4 "$ROOT_LOOP"
             # Mount the temporary loop devices
             mkdir -p "$BUILDDIR/mount"
             mount "$ROOT_LOOP" "$BUILDDIR/mount"
             mkdir -p "$BUILDDIR/mount/boot/firmware"
             mount "$FRMW_LOOP" "$BUILDDIR/mount/boot/firmware"
             # Copy all files from the chroot to the loop device mount point directory
             rsync -a "${R}/" "$BUILDDIR/mount/"
             # Unmount all temporary loop devices and mount points
             cleanup
             # Create block map file(s) of image(s)
             if [ "$ENABLE_SPLITFS" = true ] ; then
               # Create block map files for "bmaptool"
               bmaptool create -o "$IMAGE_NAME-frmw.bmap" "$IMAGE_NAME-frmw.img"
               bmaptool create -o "$IMAGE_NAME-root.bmap" "$IMAGE_NAME-root.img"
               # Image was successfully created
               echo "$IMAGE_NAME-frmw.img ($(expr \( "${TABLE_SECTORS}" + "${FRMW_SECTORS}" \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
               echo "$IMAGE_NAME-root.img ($(expr \( "${TABLE_SECTORS}" + "${ROOT_SECTORS}" \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
             else
               # Create block map file for "bmaptool"
               bmaptool create -o "$IMAGE_NAME.bmap" "$IMAGE_NAME.img"
               # Image was successfully created
               echo "$IMAGE_NAME.img ($(expr \( "${TABLE_SECTORS}" + "${FRMW_SECTORS}" + "${ROOT_SECTORS}" \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
               # Create qemu qcow2 image
               if [ "$ENABLE_QEMU" = true ] ; then
                 QEMU_IMAGE=${QEMU_IMAGE:=${BASEDIR}/qemu/${DATE}-${KERNEL_ARCH}-CURRENT-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}}
                 QEMU_SIZE=16G
                 qemu-img convert -f raw -O qcow2 "$IMAGE_NAME".img "$QEMU_IMAGE".qcow2
                 qemu-img resize "$QEMU_IMAGE".qcow2 $QEMU_SIZE
                 echo "$QEMU_IMAGE.qcow2 ($QEMU_SIZE)" ": successfully created"
               fi
             fi

General Comments 0

Écrire
Preview

Vous devez vous connecter pour laisser un commentaire. Se connecter maintenant

No TODOs yet

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Dépôts
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages