##// END OF EJS Templates
Raspi2-3_GenImage
RSS

Cloner depuis https://github.com/drtyhlpr/rpi23-gen-image.git

Merge branch 'contribGV' of http://depot.tremplin.ens-lyon.fr/Raspi2-3_GenImage into contribGV
vidal -
r776:3332c4bc4391 Fusion contribGV
parent child
Show More
Show file before | Show file after | Hide comments
@@ -1,404 +1,408
1 1 # rpi23-gen-image
2 2 ## Introduction
3 3 `rpi23-gen-image.sh` is an advanced Debian Linux bootstrapping shell script for generating Debian OS images for all Raspberry Pi computers. The script at this time supports the bootstrapping of the Debian (armhf/armel) releases `stretch` and `buster`. Raspberry Pi 0/1/2/3/4 images are generated for 32-bit mode only. Raspberry Pi 3 supports 64-bit images that can be generated using custom configuration parameters (```templates/rpi3-stretch-arm64-4.14.y```).
4 4
5 5 ## Build dependencies
6 6 The following list of Debian packages must be installed on the build system because they are essentially required for the bootstrapping process. The script will check if all required packages are installed and missing packages will be installed automatically if confirmed by the user.
7 7
8 8 ```debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git bc psmisc dbus sudo```
9 9
10 10 It is recommended to configure the `rpi23-gen-image.sh` script to build and install the latest Raspberry Pi Linux kernel. For the Raspberry 3 this is mandatory. Kernel compilation and linking will be performed on the build system using an ARM (armhf/armel/aarch64) cross-compiler toolchain.
11 11
12 12 The script has been tested using the default `crossbuild-essential-armhf` and `crossbuild-essential-armel` toolchain meta packages on Debian Linux `stretch` build systems. Please check the [Debian CrossToolchains Wiki](https://wiki.debian.org/CrossToolchains) for further information.
13 13
14 14 ## Command-line parameters
15 15 The script accepts certain command-line parameters to enable or disable specific OS features, services and configuration settings. These parameters are passed to the `rpi23-gen-image.sh` script via (simple) shell-variables. Unlike environment shell-variables (simple) shell-variables are defined at the beginning of the command-line call of the `rpi23-gen-image.sh` script.
16 16
17 17 ##### Command-line examples:
18 18 ```shell
19 19 ENABLE_UBOOT=true ./rpi23-gen-image.sh
20 20 ENABLE_CONSOLE=false ENABLE_IPV6=false ./rpi23-gen-image.sh
21 21 ENABLE_WM=xfce4 ENABLE_FBTURBO=true ENABLE_MINBASE=true ./rpi23-gen-image.sh
22 22 ENABLE_HARDNET=true ENABLE_IPTABLES=true /rpi23-gen-image.sh
23 23 APT_SERVER=ftp.de.debian.org APT_PROXY="http://127.0.0.1:3142/" ./rpi23-gen-image.sh
24 24 ENABLE_MINBASE=true ./rpi23-gen-image.sh
25 25 BUILD_KERNEL=true ENABLE_MINBASE=true ENABLE_IPV6=false ./rpi23-gen-image.sh
26 26 BUILD_KERNEL=true KERNELSRC_DIR=/tmp/linux ./rpi23-gen-image.sh
27 27 ENABLE_MINBASE=true ENABLE_REDUCE=true ENABLE_MINGPU=true BUILD_KERNEL=true ./rpi23-gen-image.sh
28 28 ENABLE_CRYPTFS=true CRYPTFS_PASSWORD=changeme EXPANDROOT=false ENABLE_MINBASE=true ENABLE_REDUCE=true ENABLE_MINGPU=true BUILD_KERNEL=true ./rpi23-gen-image.sh
29 29 RELEASE=buster BUILD_KERNEL=true ./rpi23-gen-image.sh
30 30 RPI_MODEL=3 ENABLE_WIRELESS=true ENABLE_MINBASE=true BUILD_KERNEL=true ./rpi23-gen-image.sh
31 31 RELEASE=buster RPI_MODEL=3 ENABLE_WIRELESS=true ENABLE_MINBASE=true BUILD_KERNEL=true ./rpi23-gen-image.sh
32 32 ```
33 33
34 34 ## Configuration template files
35 35 To avoid long lists of command-line parameters and to help to store the favourite parameter configurations the `rpi23-gen-image.sh` script supports so called configuration template files (`CONFIG_TEMPLATE`=template). These are simple text files located in the `./templates` directory that contain the list of configuration parameters that will be used. New configuration template files can be added to the `./templates` directory.
36 36
37 37 ##### Command-line examples:
38 38 ```shell
39 39 CONFIG_TEMPLATE=rpi3stretch ./rpi23-gen-image.sh
40 40 CONFIG_TEMPLATE=rpi2stretch ./rpi23-gen-image.sh
41 41 ```
42 42
43 43 ## Working with the your template:
44 44 * **A Pipe ("|") represents a logical OR**
45 45 * **A valuetype of boolean represents the options true or false**
46 46 * **Values without a default are required if you want do use that feature. It is possible that not every feature has a (working) sanity check.**
47 47 * **If it's not working as expected, search your option in all the files in this repository (With e.g.grep or notepad++).**
48 48 * **Check if your missing a required option while looking at the code**
49 49
50 50 ## Supported parameters and settings
51 51
52 52 #### APT settings:
53 53 |Option|Value|default value|value format|desciption|
54 54 |---|---|---|---|---|
55 55 |APT_SERVER|string|ftp.debian.org|`URL`|Set Debian packages server address. Choose a server from the list of Debian worldwide [mirror sites](https://www.debian.org/mirror/list). Using a nearby server will probably speed-up all required downloads within the bootstrapping process.|
56 56 |APT_PROXY|string||`URL`|Set Proxy server address. Using a local Proxy-Cache like `apt-cacher-ng` will speed-up the bootstrapping process because all required Debian packages will only be downloaded from the Debian mirror site once. If `apt-cacher-ng` is running on default `http://127.0.0.1:3142` it is autodetected and you don't need to set this.|
57 57 |KEEP_APT_PROXY|boolean|false|`true`\|`false`|true=Keep the APT_PROXY settings used in the bootsrapping process in the generated image|
58 58 |APT_INCLUDES|string list||`packageA`,`packageB`,...|A comma-separated list of additional packages to be installed by debootstrap during bootstrapping.|
59 59 |APT_INCLUDES_LATE|string list||`packageA`,`packageB`,...|A comma-separated list of additional packages to be installed by apt after bootstrapping and after APT sources are set up. This is useful for packages with pre-depends, which debootstrap do not handle well.|
60 60 |APT_EXCLUDES|string list||`packageA`,`packageB`,...|A comma-separated list of packages to exclude. Use carefully|
61 61 ---
62 62
63 63 #### General system settings:
64 64 |Option|Value|default value|value format|desciption|
65 65 |---|---|---|---|---|
66 66 |SET_ARCH|integer|32|`32`\|`64`|Set Architecture to default 32bit. If you want to compile 64-bit (RPI3/RPI3+/RPI4) set it to `64`. This option will set every needed cross-compiler or board specific option for a successful build.|
67 67 |RPI_MODEL|string|3P|`0`\|`1`\|`1P`\|`2`\|`3`\|`3P`\|`4`|Set Architecture. This option will set most build options accordingly. Specify the target Raspberry Pi hardware model.|
68 68 |RELEASE|string|buster|`jessie`\|`buster`\|`stretch`<br>\|`bullseye`\|`testing`\|`stable`<br>\|`oldstable`|Set the desired Debian release name. The script at this time supports the bootstrapping of the Debian releases `stretch` and `buster`.|
69 69 |HOSTNAME|string|RPI_MODEL-RELEASE(e.g. RPI3-buster)|`SomeImageName.img`|Set system hostname. It's recommended that the hostname is unique in the corresponding subnet.|
70 70 |DEFLOCAL|string|en_US.UTF-8|`Locale.Charset`|Set default system locale. This setting can also be changed inside the running OS using the `dpkg-reconfigure locales` command. Please note that on using this parameter the script will automatically install the required packages `locales`, `keyboard-configuration` and `console-setup`.|
71 71 |TIMEZONE|string|Europe/Berlin|`Timezone`|Set default system timezone. All available timezones can be found in the `/usr/share/zoneinfo/` directory. This setting can also be changed inside the running OS using the `dpkg-reconfigure tzdata` command.|
72 72 |EXPANDROOT|boolean|true|`true`\|`false`|true=Expand the root partition and filesystem automatically on first boot|
73 73
74 74 ---
75 75
76 76 #### User settings:
77 77 |Option|Value|default value|desciption|
78 78 |---|---|---|---|
79 79 |ENABLE_ROOT|boolean|false|true=root login if ROOT_PASSWORD is set|
80 80 |ROOT_PASSWORD|string|raspberry|Set password for `root` user. It's **STRONGLY** recommended that you choose a custom password.|
81 81 |ENABLE_USER|boolean|true|true=Create non-root user with password `USER_PASSWORD` and username `USER_NAME`|
82 82 |USER_NAME|string|pi|Set username for non-root user, if `ENABLE_USER` is true|
83 83 |USER_PASSWORD|string|raspberry|Set password for non-root user, if `ENABLE_USER` is true. It's **STRONGLY** recommended that you choose a custom password.|
84 84
85 85 ---
86 86
87 87 #### Keyboard settings:
88 88
89 89 These options are used to configure keyboard layout in `/etc/default/keyboard` for console and Xorg. These settings can also be changed inside the running OS using the `dpkg-reconfigure keyboard-configuration` command.
90 90
91 91 |Option|Value|default value|value format|desciption|
92 92 |---|---|---|---|---|
93 93 |XKB_MODEL|string||`pc104`|Set the name of the model of your keyboard type|
94 94 |XKB_LAYOUT|string||`us`|Set the supported keyboard layout(s)|
95 95 |XKB_VARIANT|string||`basic`|Set the supported variant(s) of the keyboard layout(s)|
96 96 |XKB_OPTIONS|string||`grp:alt_shift_toggle`|Set extra xkb configuration options|
97 97
98 98 ---
99 99
100 100 #### Networking settings:
101 101 ethernet setting go to `/etc/systemd/network/eth0.network`.
102 102 wifi settings go to `/etc/systemd/network/wlan0.network`.
103 103
104 104 The default location of network configuration files in the Debian `stretch` release was changed to `/lib/systemd/network`.`
105 105
106 106 |Option|Value|default value|desciption|
107 107 |---|---|---|---|
108 108 |ENABLE_IPV6|boolean|true|true=Enable IPv6 support via systemd-networkd|
109 109 |ENABLE_WIRELESS|boolean|false|true=Download and install the [closed-source firmware binary blob](https://github.com/RPi-Distro/firmware-nonfree/raw/master/brcm) that is required to run the internal wireless interface of the Raspberry Pi model `3`. This parameter is ignored if the specified `RPI_MODEL` is not `0`,`3`,`3P`,`4`|
110 110 |ENABLE_IPTABLES|boolean|false|true=Enable iptables IPv4/IPv6 firewall. Simplified ruleset: Allow all outgoing connections. Block all incoming connections except to OpenSSH service.|
111 111 |ENABLE_HARDNET|boolean|false|true=Enable IPv4/IPv6 network stack hardening settings|
112 112 |ENABLE_IFNAMES|boolean|true|true=creates complex and long interface names like e.g. encx8945924. Enable automatic assignment of predictable, stable network interface names for all NICs|
113 113
114 114 ---
115 115
116 116 #### Networking settings (DHCP):
117 117
118 118
119 119 |Option|Value|default value|desciption|
120 120 |---|---|---|---|
121 121 |ENABLE_ETH_DHCP|boolean|true|Set the system to use DHCP on wired interface. This requires an DHCP server|
122 122 |ENABLE_WIFI_DHCP|boolean|true|Set the system to use DHCP on wifi interface. This requires an DHCP server. Requires ENABLE_WIRELESS|
123 123
124 124 ---
125 125
126 126 #### Networking settings (ethernet static):
127 127 The following static networking parameters are only supported if `ENABLE_ETH_DHCP` was set to `false`.
128 128
129 129 |Option|Value|value format|desciption|
130 130 |---|---|---|---|
131 131 |NET_ETH_ADDRESS|string|`CIDR`|static IPv4 or IPv6 address and its prefix, separated by "/", eg. "192.169.0.3/24"|
132 132 |NET_ETH_GATEWAY|string|`IP`|default gateway|
133 133 |NET_ETH_DNS_1|string|`IP`|first DNS server|
134 134 |NET_ETH_DNS_2|string|`IP`|second DNS server|
135 135 |NET_ETH_DNS_DOMAINS|string|`example.local`|default DNS search domains to use for non fully qualified hostnames|
136 136 |NET_ETH_NTP_1|string|`IP`|first NTP server|
137 137 |NET_ETH_NTP_2|string|`IP`|second NTP server|
138 138
139 139 ---
140 140
141 141 #### Networking settings (WIFI):
142 142
143 143 |Option|Value|value format|desciption|
144 144 |---|---|---|---|
145 145 |NET_WIFI_SSID|string|`yourwifiname`|WIFI SSID|
146 146 |NET_WIFI_PSK|string|`yourwifikeytojoinnetwork`|WPA/WPA2 PSK|
147 147
148 148 ---
149 149
150 150 #### Networking settings (WIFI static):
151 151 The following static networking parameters are only supported if `ENABLE_WIFI_DHCP` was set to `false`.
152 152
153 153 |Option|Value|value format|desciption|
154 154 |---|---|---|---|
155 155 |NET_WIFI_ADDRESS|string|`CIDR`|static IPv4 or IPv6 address and its prefix, separated by "/", eg. "192.169.0.3/24"|
156 156 |NET_WIFI_GATEWAY|string|`IP`|default gateway|
157 157 |NET_WIFI_DNS_1|string|`IP`|first DNS server|
158 158 |NET_WIFI_DNS_2|string|`IP`|second DNS server|
159 159 |NET_WIFI_DNS_DOMAINS|string|`example.local`|default DNS search domains to use for non fully qualified hostnames|
160 160 |NET_WIFI_NTP_1|string|`IP`|first NTP server|
161 161 |NET_WIFI_NTP_2|string|`IP`|second NTP server|
162 162
163 163 ---
164 164
165 165 #### Basic system features:
166 166
167 167 |Option|Value|default value|value format|desciption|
168 168 |---|---|---|---|---|
169 169 |ENABLE_CONSOLE|boolean|false|`true`\|`false`|true=Enable serial console interface.Recommended if no monitor or keyboard is connected to the RPi2/3. In case of problems fe. if the network (auto) configuration failed - the serial console can be used to access the system. On RPI `0` `3` `3P` the CPU speed is locked at lowest speed.|
170 170 |ENABLE_PRINTK|boolean|false|`true`\|`false`|true=Enables printing kernel messages to konsole. printk is `3 4 1 3` as in raspbian|
171 171 |ENABLE_BLUETOOTH|boolean|false|`true`\|`false`|true=Enable onboard Bluetooth interface on the RPi0/3/3P. See: [Configuring the GPIO serial port on Raspbian jessie and stretch](https://spellfoundry.com/2016/05/29/configuring-gpio-serial-port-raspbian-jessie-including-pi-3/)|
172 172 |ENABLE_MINIUART_OVERLAY|boolean|false|`true`\|`false`|true=Enable Bluetooth to use this. Adds overlay to swap UART0 with UART1. Enabling (slower) Bluetooth and full speed serial console. - RPI `0` `3` `3P` have a fast `hardware UART0` (ttyAMA0) and a `mini UART1` (ttyS0)! RPI `1` `1P` `2` only have a `hardware UART0`. `UART0` is considered better, because is faster and more stable than `mini UART1`. By default the Bluetooth modem is mapped to the `hardware UART0` and `mini UART` is used for console. The `mini UART` is a problem for the serial console, because its baudrate depends on the CPU frequency, which is changing on runtime. Resulting in a volatile baudrate and thus in an unusable serial console.|
173 173 |ENABLE_TURBO|boolean|false|`true`\|`false`|true=Enable Turbo mode. This setting locks cpu at the highest frequency. As setting ENABLE_CONSOLE=true locks RPI to lowest CPU speed, this is can be used additionally to lock cpu hat max speed. Need a good power supply and probably cooling for the Raspberry PI|
174 174 |ENABLE_I2C|boolean|true|`true`\|`false`|true=Enable I2C interface on the RPi 0/1/2/3. Please check the [RPi 0/1/2/3 pinout diagrams](https://elinux.org/RPi_Low-level_peripherals) to connect the right GPIO pins|
175 175 |ENABLE_SPI|boolean|true|`true`\|`false`|true=Enable SPI interface on the RPi 0/1/2/3. Please check the [RPi 0/1/2/3 pinout diagrams](https://elinux.org/RPi_Low-level_peripherals) to connect the right GPIO pins|
176 176 |SSH_ENABLE|boolean|true|`true`\|`false`|Install and enable OpenSSH service. The default configuration of the service doesn't allow `root` to login. Please use the user `pi` instead and `su -` or `sudo` to execute commands as root|
177 177 |ENABLE_NONFREE|boolean|false|`true`\|`false`|true=enable non-free\|false=disable non free. Edits /etc/apt/sources.list in your resulting image|
178 178 |ENABLE_RSYSLOG|boolean|false|`true`\|`false`|true=keep rsyslog\|false=remove rsyslog. If rsyslog is removed (false), logs will be available only in journal files)|
179 179 |ENABLE_SOUND|boolean|false|`true`\|`false`|true=Enable sound\|false=Disable sound|
180 180 |ENABLE_HWRANDOM|boolean|true|`true`\|`false`|true=Enable Hardware Random Number Generator(RNG)\|false=Disable Hardware RNG\|Strong random numbers are important for most network-based communications that use encryption. It's recommended to be enabled|
181 181 |ENABLE_MINGPU|boolean|false|`true`\|`false`|true=GPU 16MB RAM\|false=64MB RAM\|Minimize the amount of shared memory reserved for the GPU. It doesn't seem to be possible to fully disable the GPU. Also removes start.elf,fixup.dat,start_x.elf,fixup_x.dat form /boot|
182 182 |ENABLE_XORG|boolean|false|`true`\|`false`|true=Install Xorg X Window System|\false=install no Xorg|
183 183 |ENABLE_WM|string||`blackbox`, `openbox`, `fluxbox`,<br> `jwm`, `dwm`, `xfce4`, `awesome`|Install a user-defined window manager for the X Window System. To make sure all X related package dependencies are getting installed `ENABLE_XORG` will automatically set true if `ENABLE_WM` is used|
184 184 |ENABLE_SYSVINIT|boolean|false|`true`\|`false`|true=Support for halt,init,poweroff,reboot,runlevel,shutdown,init commands\|false=use systemd commands|
185 185 |ENABLE_SPLASH|boolean|true|`true`\|`false`|true=Enable default Raspberry Pi boot up rainbow splash screen|
186 186 |ENABLE_LOGO|boolean|true|`true`\|`false`|true=Enable default Raspberry Pi console logo (image of four raspberries in the top left corner)|
187 187 |ENABLE_SILENT_BOOT|boolean|false|`true`\|`false`|true=Set the verbosity of console messages shown during boot up to a strict minimum|
188 188 |DISABLE_UNDERVOLT_WARNINGS|integer||`1`\|`2`|Unset to keep default behaviour. Setting the parameter to `1` will disable the warning overlay. Setting it to `2` will additionally allow RPi2/3 turbo mode when low-voltage is present|
189 189
190 190 ---
191 191
192 192 #### Advanced system features:
193 193
194 194 |Option|Value|default value|value format|desciption|
195 195 |---|---|---|---|---|
196 196 |ENABLE_DPHYSSWAP|boolean|true|`true`\|`false`|Enable swap. The size of the swapfile is chosen relative to the size of the root partition. It'll use the `dphys-swapfile` package for that|
197 197 |ENABLE_SYSTEMDSWAP|boolean|false|`true`\|`false`|Enables [Systemd-swap service](https://github.com/Nefelim4ag/systemd-swap). Usefull if `KERNEL_ZSWAP` is enabled|
198 198 |ENABLE_QEMU|boolean|false|`true`\|`false`|Generate kernel (`vexpress_defconfig`), file system image (`qcow2`) and DTB files that can be used for QEMU full system emulation (`vexpress-A15`). The output files are stored in the `$(pwd)/images/qemu` directory. You can find more information about running the generated image in the QEMU section of this readme file|
199 199 |QEMU_BINARY|string||`FullPathToQemuBinaryFile`|Sets the QEMU enviornment for the Debian archive. **Set by RPI_MODEL**|
200 200 |ENABLE_KEYGEN|boolean|false|`true`\|`false`|Recover your lost codec license|
201 201 |ENABLE_MINBASE|boolean|false|`true`\|`false`|Use debootstrap script variant `minbase` which only includes essential packages and apt. This will reduce the disk usage by about 65 MB|
202 202 |ENABLE_SPLITFS|boolean|false|`true`\|`false`|Enable having root partition on an USB drive by creating two image files: one for the `/boot/firmware` mount point, and another for `/`|
203 203 |ENABLE_INITRAMFS|boolean|false|`true`\|`false`|Create an initramfs that that will be loaded during the Linux startup process. `ENABLE_INITRAMFS` will automatically get enabled if `ENABLE_CRYPTFS`=true. This parameter will be ignored if `BUILD_KERNEL`=false|
204 204 |ENABLE_DBUS|boolean|true|`true`\|`false`|Install and enable D-Bus message bus. Please note that systemd should work without D-bus but it's recommended to be enabled|
205 205 |ENABLE_USBBOOT|boolean|false|`true`\|`false`|true=prepare image for usbboot. use with `ENABLE_SPLTFS`=true|
206 206 |CHROOT_SCRIPTS|string||`FullPathToScriptFolder`|Full path to a directory with scripts that should be run in the chroot before the image is finally built. Every executable file in this directory is run in lexicographical order|
207 207 |ENABLE_UBOOT|boolean|false|`true`\|`false`|Replace the default RPi 0/1/2/3 second stage bootloader (bootcode.bin) with [U-Boot bootloader](https://git.denx.de/?p=u-boot.git;a=summary). U-Boot can boot images via the network using the BOOTP/TFTP protocol. RPI4 needs tbd|
208 208 |UBOOTSRC_DIR|string||`FullPathToUBootFolder`|Full path to a directory named `u-boot` of [U-Boot bootloader sources](https://git.denx.de/?p=u-boot.git;a=summary) that will be copied, configured, build and installed inside the chroot|
209 209 |ENABLE_FBTURBO|boolean|false|`true`\|`false`|Install and enable the [hardware accelerated Xorg video driver](https://github.com/ssvb/xf86-video-fbturbo) `fbturbo`. Please note that this driver is currently limited to hardware accelerated window moving and scrolling|
210 <<<<<<< HEAD
210 211 |ENABLE_GR_ACCEL|boolean|false|`true`\|`false`|Install and enable [one of the 3D graphics accelerators for Raspi4](https://www.raspberrypi.org/documentation/configuration/config-txt/video.md) `vc4-fkms-v3d`. Not compatible with `fbturbo` mutually excluded and installed for Raspberry4 only|
212 =======
213 |ENABLE_GR_ACCEL|boolean|true|`true`\|`false`|Install and enable [one of the 3D graphics accelerators for Raspi4](https://www.raspberrypi.org/documentation/configuration/config-txt/video.md) `vc4-fkms-v3d`. Not compatible with `fbturbo` and installed for Raspberry4 only.
214 >>>>>>> 7588b4f62cfa955de0822acf49908044e0504249
211 215 |FBTURBOSRC_DIR|string||`FullPathToFbTurboFolder`|Full path to a directory named `xf86-video-fbturbo` of [hardware accelerated Xorg video driver sources](https://github.com/ssvb/xf86-video-fbturbo) that will be copied, configured, build and installed inside the chroot|
212 216 |ENABLE_VIDEOCORE|boolean|false|`true`\|`false`|Install and enable the [ARM side libraries for interfacing to Raspberry Pi GPU](https://github.com/raspberrypi/userland) `vcgencmd`. Please note that this driver is currently limited to hardware accelerated window moving and scrolling|
213 217 |VIDEOCORESRC_DIR|string||`FullPathToVideoSrcFolder`|Full path to a directory named `userland` of [ARM side libraries for interfacing to Raspberry Pi GPU](https://github.com/raspberrypi/userland) that will be copied, configured, build and installed inside the chroot|
214 218 |ENABLE_NEXMON|boolean|false|`true`\|`false`|Install and enable the source code for a C-based firmware patching framework for Broadcom/Cypress WiFi chips that enables you to write your own firmware patches, for example, to enable monitor mode with radiotap headers and frame injection](https://github.com/seemoo-lab/nexmon.git)|
215 219 |NEXMONSRC_DIR|string||`FullPathToNexmonFolder`|Full path to a directory named `nexmon` of [Source code for ARM side libraries for interfacing to Raspberry Pi GPU](https://github.com/raspberrypi/userland) that will be copied, configured, build and installed inside the chroot|
216 220
217 221 ---
218 222
219 223 #### SSH settings:
220 224
221 225 |Option|Value|default value|value format|desciption|
222 226 |---|---|---|---|---|
223 227 |SSH_ENABLE_ROOT|boolean|false|`true`\|`false`|Enable password-based root login via SSH. This may be a security risk with the default password set, use only in trusted environments. `ENABLE_ROOT` must be set to `true`|
224 228 |SSH_DISABLE_PASSWORD_AUTH|boolean|false|`true`\|`false`|Disable password-based SSH authentication. Only public key based SSH (v2) authentication will be supported|
225 229 |SSH_LIMIT_USERS|boolean|false|`true`\|`false`|Limit the users that are allowed to login via SSH. Only allow user `USER_NAME`=pi and root if `SSH_ENABLE_ROOT`=true to login. This parameter will be ignored if `dropbear` SSH is used (`REDUCE_SSHD`=true)|
226 230 |SSH_ROOT_PUB_KEY|string||`PathToYourROOT`<br>`RSAPublicKeyFile`|Full path to file. Add SSH (v2) public key(s) from specified file to `authorized_keys` file to enable public key based SSH (v2) authentication of user `root`. The specified file can also contain multiple SSH (v2) public keys. SSH protocol version 1 is not supported. `ENABLE_ROOT` **and** `SSH_ENABLE_ROOT` must be set to `true`|
227 231 |SSH_USER_PUB_KEY|string||`PathToYourUSER`<br>`RSAPublicKeyFile`|Full path to file. Add SSH (v2) public key(s) from specified file to `authorized_keys` file to enable public key based SSH (v2) authentication of user `USER_NAME`=pi. The specified file can also contain multiple SSH (v2) public keys. SSH protocol version 1 is not supported|
228 232
229 233 ---
230 234
231 235 #### Kernel settings:
232 236
233 237 |Option|Value|default value|value format|desciption|
234 238 |---|---|---|---|---|
235 239 |BUILD_KERNEL||true|`true`\|`false`|Build and install the latest RPi 0/1/2/3/4 Linux kernel. The default RPi 0/1/2/3/ kernel configuration is used most of the time. ENABLE_NEXMON - Changes Kernel Source to [https://github.com/Re4son/](Kali Linux Kernel) Precompiled 32bit kernel for RPI0/1/2/3 by [https://github.com/hypriot/](hypriot) Precompiled 64bit kernel for RPI3/4 by [https://github.com/sakaki-/](sakaki)|
236 240 |CROSS_COMPILE|string|||This sets the cross-compile environment for the compiler. Set by RPI_MODEL|
237 241 |KERNEL_ARCH|string|||This sets the kernel architecture for the compiler. Set by RPI_MODEL|
238 242 |KERNEL_IMAGE|string|||Name of the image file in the boot partition. Set by RPI_MODEL|
239 243 |KERNEL_BRANCH|string|||Name of the requested branch from the GIT location for the RPi Kernel. Default is using the current default branch from the GIT site|
240 244 |KERNEL_DEFCONFIG|string|||Sets the default config for kernel compiling. Set by RPI_MODEL|
241 245 |KERNEL_THREADS|integer|1|`1`\|`2`\|`3`\|...|Number of threads to build the kernel. If not set, the script will automatically determine the maximum number of CPU cores to speed up kernel compilation|
242 246 |KERNEL_HEADERS|boolean|true|`true`\|`false`|Install kernel headers with the built kernel|
243 247 |KERNEL_MENUCONFIG|boolean|false|`true`\|`false`|Start `make menuconfig` interactive menu-driven kernel configuration. The script will continue after `make menuconfig` was terminated|
244 248 |KERNEL_OLDDEFCONFIG|boolean|false|`true`\|`false`|Run `make olddefconfig` to automatically set all new kernel configuration options to their recommended default values|
245 249 |KERNEL_CCACHE|boolean|false|`true`\|`false`|Compile the kernel using ccache. This speeds up kernel recompilation by caching previous compilations and detecting when the same compilation is being done again|
246 250 |KERNEL_REMOVESRC|boolean|true|`true`\|`false`|Remove all kernel sources from the generated OS image after it was built and installed|
247 251 |KERNELSRC_DIR|string||`FullPathToKernelSrcDir`|Full path to a directory named `linux` of [RaspberryPi Linux kernel sources](https://github.com/raspberrypi/linux) that will be copied, configured, build and installed inside the chroot|
248 252 |KERNELSRC_CLEAN|boolean|false|`true`\|`false`|Clean the existing kernel sources directory `KERNELSRC_DIR` (using `make mrproper`) after it was copied to the chroot and before the compilation of the kernel has started. This parameter will be ignored if no `KERNELSRC_DIR` was specified or if `KERNELSRC_PREBUILT`=true|
249 253 |KERNELSRC_CONFIG|boolean|true|`true`\|`false`|true=enable custom kernel options. This parameter is automatically set to `true` if no existing kernel sources directory was specified using `KERNELSRC_DIR`. This parameter is ignored if `KERNELSRC_PREBUILT`=true|
250 254 |KERNELSRC_USRCONFIG|string||`FullPathToUserKernel.config`|Copy own config file to kernel `.config`. If `KERNEL_MENUCONFIG`=true then running after copy|
251 255 |KERNELSRC_PREBUILT|boolean|false|`true`\|`false`|With this parameter set to true the script expects the existing kernel sources directory to be already successfully cross-compiled. The parameters `KERNELSRC_CLEAN`, `KERNELSRC_CONFIG`, `KERNELSRC_USRCONFIG` and `KERNEL_MENUCONFIG` are ignored and no kernel compilation tasks are performed|
252 256 |RPI_FIRMWARE_DIR|string||`FullPathToFolder`|Full path to a directory named `firmware`, containing a local copy of the firmware from the [RaspberryPi firmware project](https://github.com/raspberrypi/firmware). Default is to download the latest firmware directly from the project|
253 257 |KERNEL_DEFAULT_GOV|string|ondemand|`performance`\|`powersave`<br>\|`userspace`\|`ondemand`<br>\|`conservative`\|`schedutil`|Set the default cpu governor at kernel compilation|
254 258 |KERNEL_NF|boolean|false|`true`\|`false`|Enable Netfilter modules as kernel modules. You want that for iptables|
255 259 |KERNEL_VIRT|boolean|false|`true`\|`false`|Enable Kernel KVM support (/dev/kvm)|
256 260 |KERNEL_ZSWAP|boolean|false|`true`\|`false`|Enable Kernel Zswap support. Best use on high RAM load and mediocre CPU load usecases|
257 261 |KERNEL_BPF|boolean|true|`true`\|`false`|Allow attaching eBPF programs to a cgroup using the bpf syscall (CONFIG_BPF_SYSCALL CONFIG_CGROUP_BPF) [systemd wants it - File /lib/systemd/system/systemd-journald.server:36 configures an IP firewall (IPAddressDeny=all), but the local system does not support BPF/cgroup based firewalls]|
258 262 |KERNEL_SECURITY|boolean|false|`true`\|`false`|Enables Apparmor, integrity subsystem, auditing|
259 263 |KERNEL_BTRFS|boolean|false|`true`\|`false`|enable btrfs kernel support|
260 264 |KERNEL_POEHAT|boolean|false|`true`\|`false`|enable Enable RPI POE HAT fan kernel support|
261 265 |KERNEL_NSPAWN|boolean|false|`true`\|`false`|Enable per-interface network priority control - for systemd-nspawn|
262 266 |KERNEL_DHKEY|boolean|true|`true`\|`false`|Diffie-Hellman operations on retained keys - required for >keyutils-1.6|
263 267
264 268 ---
265 269
266 270 #### Reduce disk usage:
267 271 The following list of parameters is ignored if `ENABLE_REDUCE`=false.
268 272
269 273 |Option|Value|default value|value format|desciption|
270 274 |---|---|---|---|---|
271 275 |ENABLE_REDUCE|boolean|false|`true`\|`false`|Reduce the disk space usage by deleting packages and files. See `REDUCE_*` parameters for detailed information|
272 276 |REDUCE_APT|boolean|true|`true`\|`false`|Configure APT to use compressed package repository lists and no package caching files|
273 277 |REDUCE_DOC|boolean|false|`true`\|`false`|Remove all doc files (harsh). Configure APT to not include doc files on future `apt-get` package installations|
274 278 |REDUCE_MAN|boolean|false|`true`\|`false`|Remove all man pages and info files (harsh). Configure APT to not include man pages on future `apt-get` package installations|
275 279 |REDUCE_VIM|boolean|false|`true`\|`false`|Replace `vim-tiny` package by `levee` a tiny vim clone|
276 280 |REDUCE_BASH|boolean|false|`true`\|`false`|Remove `bash` package and switch to `dash` shell (experimental)|
277 281 |REDUCE_HWDB|boolean|false|`true`\|`false`|Remove PCI related hwdb files (experimental)|
278 282 |REDUCE_SSHD|boolean|false|`true`\|`false`|Replace `openssh-server` with `dropbear`|
279 283 |REDUCE_LOCALE|boolean|false|`true`\|`false`|Remove all `locale` translation files|
280 284 |REDUCE_KERNEL|boolean|false|`true`\|`false`|Reduce the size of the generated kernel by removing unwanted devices, network and filesystem drivers (experimental)|
281 285 ---
282 286
283 287 #### Encrypted root partition:
284 288 #### On first boot, you will be asked to enter you password several time
285 289 #### See cryptsetup options for a more information about opttion values(https://wiki.archlinux.org/index.php/Dm-crypt/Device_encryption)
286 290
287 291 |Option|Value|default value|value format|desciption|
288 292 |---|---|---|---|---|
289 293 |ENABLE_CRYPTFS|boolean|false|`true`\|`false`|Enable full system encryption with dm-crypt. Setup a fully LUKS encrypted root partition (aes-xts-plain64:sha512) and generate required initramfs. The /boot directory will not be encrypted. This parameter will be ignored if `BUILD_KERNEL`=false. `ENABLE_CRYPTFS` is experimental|
290 294 |CRYPTFS_PASSWORD|string||`YourPasswordToUnlockCrypto`|Set password of the encrypted root partition. This parameter is mandatory if `ENABLE_CRYPTFS`=true|
291 295 |CRYPTFS_MAPPING|string|secure|`YourDevMNapperName`|crypsetup device-mapper name|
292 296 |CRYPTFS_CIPHER|string|aes-xts-plain64|`aes-cbc-essiv:sha256`|cryptsetup cipher `aes-xts*` ciphers are strongly recommended|
293 297 |CRYPTFS_HASH|string|sha256|`sha256`\|`sha512`|cryptsetup hash algorithm|
294 298 |CRYPTFS_XTSKEYSIZE|integer|256|`256`\|`512`||Sets key size in bits. The argument has to be a multiple of 8|
295 299 |CRYPTFS_DROPBEAR|boolean|false|`true`\|`false`|true=Enable Dropbear Initramfs support\|false=disable dropbear|
296 300 |CRYPTFS_DROPBEAR_PUBKEY|string||`PathToYourPublicDropbearKeyFile`|Full path to dropbear Public RSA-OpenSSH Key|
297 301
298 302 ---
299 303
300 304 #### Build settings:
301 305 |Option|Value|default value|value format|desciption|
302 306 |---|---|---|---|---|
303 307 |BASEDIR|string||`FullPathToScriptRootDir`|If unset start from scriptroot or set to Full path to rpi123-gen-image directory|
304 308 |IMAGE_NAME|string||`YourImageName`|if unset creates a name after this template: rpi`RPI_MODEL`-`RELEASE`-`RELEASE_ARCH`|
305 309
306 310 ---
307 311
308 312 ## Understanding the script
309 313 The functions of this script that are required for the different stages of the bootstrapping are split up into single files located inside the `bootstrap.d` directory. During the bootstrapping every script in this directory gets executed in lexicographical order:
310 314
311 315 | Script | Description |
312 316 | --- | --- |
313 317 | `10-bootstrap.sh` | Debootstrap basic system |
314 318 | `11-apt.sh` | Setup APT repositories |
315 319 | `12-locale.sh` | Setup Locales and keyboard settings |
316 320 | `13-kernel.sh` | Build and install RPi 0/1/2/3 Kernel |
317 321 | `14-fstab.sh` | Setup fstab and initramfs |
318 322 | `15-rpi-config.sh` | Setup RPi 0/1/2/3 config and cmdline |
319 323 | `20-networking.sh` | Setup Networking |
320 324 | `21-firewall.sh` | Setup Firewall |
321 325 | `30-security.sh` | Setup Users and Security settings |
322 326 | `31-logging.sh` | Setup Logging |
323 327 | `32-sshd.sh` | Setup SSH and public keys |
324 328 | `41-uboot.sh` | Build and Setup U-Boot |
325 329 | `42-fbturbo.sh` | Build and Setup fbturbo Xorg driver |
326 330 | `43-videocore.sh` | Build and Setup videocore libraries |
327 331 | `50-firstboot.sh` | First boot actions |
328 332 | `99-reduce.sh` | Reduce the disk space usage |
329 333
330 334 All the required configuration files that will be copied to the generated OS image are located inside the `files` directory. It is not recommended to modify these configuration files manually.
331 335
332 336 | Directory | Description |
333 337 | --- | --- |
334 338 | `apt` | APT management configuration files |
335 339 | `boot` | Boot and RPi 0/1/2/3 configuration files |
336 340 | `dpkg` | Package Manager configuration |
337 341 | `etc` | Configuration files and rc scripts |
338 342 | `firstboot` | Scripts that get executed on first boot |
339 343 | `initramfs` | Initramfs scripts |
340 344 | `iptables` | Firewall configuration files |
341 345 | `locales` | Locales configuration |
342 346 | `modules` | Kernel Modules configuration |
343 347 | `mount` | Fstab configuration |
344 348 | `network` | Networking configuration files |
345 349 | `sysctl.d` | Swapping and Network Hardening configuration |
346 350 | `xorg` | fbturbo Xorg driver configuration |
347 351
348 352 ## Custom packages and scripts
349 353 Debian custom packages, i.e. those not in the debian repositories, can be installed by placing them in the `packages` directory. They are installed immediately after packages from the repositories are installed. Any dependencies listed in the custom packages will be downloaded automatically from the repositories. Do not list these custom packages in `APT_INCLUDES`.
350 354
351 355 Scripts in the custom.d directory will be executed after all other installation is complete but before the image is created.
352 356
353 357 ## Logging of the bootstrapping process
354 358 All information related to the bootstrapping process and the commands executed by the `rpi23-gen-image.sh` script can easily be saved into a logfile. The common shell command `script` can be used for this purpose:
355 359
356 360 ```shell
357 361 script -c 'APT_SERVER=ftp.de.debian.org ./rpi23-gen-image.sh' ./build.log
358 362 ```
359 363
360 364 ## Flashing the image file
361 365 After the image file was successfully created by the `rpi23-gen-image.sh` script it can be copied to the microSD card that will be used by the RPi 0/1/2/3 computer. This can be performed by using the tools `bmaptool` or `dd`. Using `bmaptool` will probably speed-up the copy process because `bmaptool` copies more wisely than `dd`.
362 366
363 367 ##### Flashing examples:
364 368 ```shell
365 369 bmaptool copy ./images/buster/2017-01-23-rpi3-buster.img /dev/mmcblk0
366 370 dd bs=4M if=./images/buster/2017-01-23-rpi3-buster.img of=/dev/mmcblk0
367 371 ```
368 372 If you have set `ENABLE_SPLITFS`, copy the `-frmw` image on the microSD card, then the `-root` one on the USB drive:
369 373 ```shell
370 374 bmaptool copy ./images/buster/2017-01-23-rpi3-buster-frmw.img /dev/mmcblk0
371 375 bmaptool copy ./images/buster/2017-01-23-rpi3-buster-root.img /dev/sdc
372 376 ```
373 377
374 378 ## QEMU emulation
375 379 Start QEMU full system emulation:
376 380 ```shell
377 381 qemu-system-arm -m 2048M -M vexpress-a15 -cpu cortex-a15 -kernel kernel7.img -no-reboot -dtb vexpress-v2p-ca15_a7.dtb -sd ${IMAGE_NAME}.qcow2 -append "root=/dev/mmcblk0p2 rw rootfstype=ext4 console=tty1"
378 382 ```
379 383
380 384 Start QEMU full system emulation and output to console:
381 385 ```shell
382 386 qemu-system-arm -m 2048M -M vexpress-a15 -cpu cortex-a15 -kernel kernel7.img -no-reboot -dtb vexpress-v2p-ca15_a7.dtb -sd ${IMAGE_NAME}.qcow2 -append "root=/dev/mmcblk0p2 rw rootfstype=ext4 console=ttyAMA0,115200 init=/bin/systemd" -serial stdio
383 387 ```
384 388
385 389 Start QEMU full system emulation with SMP and output to console:
386 390 ```shell
387 391 qemu-system-arm -m 2048M -M vexpress-a15 -cpu cortex-a15 -smp cpus=2,maxcpus=2 -kernel kernel7.img -no-reboot -dtb vexpress-v2p-ca15_a7.dtb -sd ${IMAGE_NAME}.qcow2 -append "root=/dev/mmcblk0p2 rw rootfstype=ext4 console=ttyAMA0,115200 init=/bin/systemd" -serial stdio
388 392 ```
389 393
390 394 Start QEMU full system emulation with cryptfs, initramfs and output to console:
391 395 ```shell
392 396 qemu-system-arm -m 2048M -M vexpress-a15 -cpu cortex-a15 -kernel kernel7.img -no-reboot -dtb vexpress-v2p-ca15_a7.dtb -sd ${IMAGE_NAME}.qcow2 -initrd "initramfs-${KERNEL_VERSION}" -append "root=/dev/mapper/secure cryptdevice=/dev/mmcblk0p2:secure rw rootfstype=ext4 console=ttyAMA0,115200 init=/bin/systemd" -serial stdio
393 397 ```
394 398
395 399 ## External links and references
396 400 * [Debian worldwide mirror sites](https://www.debian.org/mirror/list)
397 401 * [Debian Raspberry Pi 2 Wiki](https://wiki.debian.org/RaspberryPi2)
398 402 * [Debian CrossToolchains Wiki](https://wiki.debian.org/CrossToolchains)
399 403 * [Official Raspberry Pi Firmware on github](https://github.com/raspberrypi/firmware)
400 404 * [Official Raspberry Pi Kernel on github](https://github.com/raspberrypi/linux)
401 405 * [U-BOOT git repository](https://git.denx.de/?p=u-boot.git;a=summary)
402 * [Xorg DDX driver fbturbo](https://github.com/ssvb/xf86-video-fbturbo)
406 * [Xorg DDX driver #FFFFFF#FFFFFF#FFFFFF](https://github.com/ssvb/xf86-video-fbturbo)
403 407 * [RPi3 Wireless interface firmware](https://github.com/RPi-Distro/firmware-nonfree/tree/master/brcm)
404 408 * [Collabora RPi2 Kernel precompiled](https://repositories.collabora.co.uk/debian/)
Show file before | Show file after | Hide comments
@@ -1,886 +1,885
1 1 #
2 2 # Build and Setup RPi2/3/4 Kernel 4.XX 5.XX
3 3 #
4 4
5 5 # Load utility functions
6 6 . ./functions.sh
7 7
8 8 # Need to use kali kernel src if nexmon is enabled
9 9 if [ "$ENABLE_NEXMON" = true ] ; then
10 10 KERNEL_URL="${KALI_KERNEL_URL}"
11 11 # Clear Branch and KernelSRC_DIR if using nexmon. Everyone will forget to clone kali kernel instead of nomrla kernel
12 12 KERNEL_BRANCH=""
13 13 KERNELSRC_DIR=""
14 14 fi
15 15
16 16 # Fetch and build latest raspberry kernel
17 17 if [ "$BUILD_KERNEL" = true ] ; then
18 18 # Setup source directory
19 19 mkdir -p "${KERNEL_DIR}"
20 20
21 21 # Copy existing kernel sources into chroot directory
22 22 if [ -n "$KERNELSRC_DIR" ] && [ -d "$KERNELSRC_DIR" ] ; then
23 23 # Copy kernel sources and include hidden files
24 24 cp -r "${KERNELSRC_DIR}/". "${KERNEL_DIR}"
25 25
26 26 # Clean the kernel sources
27 27 if [ "$KERNELSRC_CLEAN" = true ] && [ "$KERNELSRC_PREBUILT" = false ] ; then
28 28 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" mrproper
29 29 fi
30 30 else # KERNELSRC_DIR=""
31 31 # Create temporary directory for kernel sources
32 32 temp_dir=$(as_nobody mktemp -d)
33 33
34 34 # Fetch current RPi2/3/4 kernel sources
35 35 if [ -z "${KERNEL_BRANCH}" ] ; then
36 36 as_nobody -H git -C "${temp_dir}" clone --depth=1 "${KERNEL_URL}" linux
37 37 else
38 38 as_nobody -H git -C "${temp_dir}" clone --depth=1 --branch "${KERNEL_BRANCH}" "${KERNEL_URL}" linux
39 39 fi
40 40
41 41 # Copy downloaded kernel sources
42 42 cp -r "${temp_dir}/linux/"* "${KERNEL_DIR}"
43 43
44 44 # Remove temporary directory for kernel sources
45 45 rm -fr "${temp_dir}"
46 46
47 47 # Set permissions of the kernel sources
48 48 chown -R root:root "${R}/usr/src"
49 49 fi
50 50
51 51 # Calculate optimal number of kernel building threads
52 52 if [ -n "$KERNEL_THREADS" ] && [ -r /proc/cpuinfo ] ; then
53 53 KERNEL_THREADS=$(grep -c processor /proc/cpuinfo)
54 54 fi
55 55
56 56 # TODO: Check if defined Threadcount is higher than actual cores
57 57 # if [ "$KERNEL_THREADS" > grep -c processor /proc/cpuinfo] ; then
58 58 # echo "Defined more Threads than core assigned to this system"
59 59 # exit 1
60 60 # fi
61 61
62 62 #Copy 32bit config to 64bit
63 63 if [ "$ENABLE_QEMU" = true ] && [ "$KERNEL_ARCH" = arm64 ]; then
64 64 cp "${KERNEL_DIR}"/arch/arm/configs/vexpress_defconfig "${KERNEL_DIR}"/arch/arm64/configs/
65 65 fi
66 66
67 67 # Configure and build kernel
68 68 if [ "$KERNELSRC_PREBUILT" = false ] ; then
69 69 # Remove device, network and filesystem drivers from kernel configuration
70 70 if [ "$REDUCE_KERNEL" = true ] ; then
71 71 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" "${KERNEL_DEFCONFIG}"
72 72 sed -i\
73 73 -e "s/\(^CONFIG_SND.*\=\).*/\1n/"\
74 74 -e "s/\(^CONFIG_SOUND.*\=\).*/\1n/"\
75 75 -e "s/\(^CONFIG_AC97.*\=\).*/\1n/"\
76 76 -e "s/\(^CONFIG_VIDEO_.*\=\).*/\1n/"\
77 77 -e "s/\(^CONFIG_MEDIA_TUNER.*\=\).*/\1n/"\
78 78 -e "s/\(^CONFIG_DVB.*\=\)[ym]/\1n/"\
79 79 -e "s/\(^CONFIG_REISERFS.*\=\).*/\1n/"\
80 80 -e "s/\(^CONFIG_JFS.*\=\).*/\1n/"\
81 81 -e "s/\(^CONFIG_XFS.*\=\).*/\1n/"\
82 82 -e "s/\(^CONFIG_GFS2.*\=\).*/\1n/"\
83 83 -e "s/\(^CONFIG_OCFS2.*\=\).*/\1n/"\
84 84 -e "s/\(^CONFIG_BTRFS.*\=\).*/\1n/"\
85 85 -e "s/\(^CONFIG_HFS.*\=\).*/\1n/"\
86 86 -e "s/\(^CONFIG_JFFS2.*\=\)[ym]/\1n/"\
87 87 -e "s/\(^CONFIG_UBIFS.*\=\).*/\1n/"\
88 88 -e "s/\(^CONFIG_SQUASHFS.*\=\)[ym]/\1n/"\
89 89 -e "s/\(^CONFIG_W1.*\=\)[ym]/\1n/"\
90 90 -e "s/\(^CONFIG_HAMRADIO.*\=\).*/\1n/"\
91 91 -e "s/\(^CONFIG_CAN.*\=\).*/\1n/"\
92 92 -e "s/\(^CONFIG_IRDA.*\=\).*/\1n/"\
93 93 -e "s/\(^CONFIG_BT_.*\=\).*/\1n/"\
94 94 -e "s/\(^CONFIG_WIMAX.*\=\)[ym]/\1n/"\
95 95 -e "s/\(^CONFIG_6LOWPAN.*\=\).*/\1n/"\
96 96 -e "s/\(^CONFIG_IEEE802154.*\=\).*/\1n/"\
97 97 -e "s/\(^CONFIG_NFC.*\=\).*/\1n/"\
98 98 -e "s/\(^CONFIG_FB_TFT=.*\=\).*/\1n/"\
99 99 -e "s/\(^CONFIG_TOUCHSCREEN.*\=\).*/\1n/"\
100 100 -e "s/\(^CONFIG_USB_GSPCA_.*\=\).*/\1n/"\
101 101 -e "s/\(^CONFIG_DRM.*\=\).*/\1n/"\
102 102 "${KERNEL_DIR}/.config"
103 103 fi
104 104
105 105 if [ "$KERNELSRC_CONFIG" = true ] ; then
106 106 # Load default raspberry kernel configuration
107 107 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" "${KERNEL_DEFCONFIG}"
108 108
109 109 #Switch to KERNELSRC_DIR so we can use set_kernel_config
110 110 cd "${KERNEL_DIR}" || exit
111 111
112 112 # Enable RPI POE HAT fan
113 113 if [ "$KERNEL_POEHAT" = true ]; then
114 114 set_kernel_config CONFIG_SENSORS_RPI_POE_FAN m
115 115 fi
116 116
117 117 # Enable per-interface network priority control
118 118 # (for systemd-nspawn)
119 119 if [ "$KERNEL_NSPAN" = true ]; then
120 120 set_kernel_config CONFIG_CGROUP_NET_PRIO y
121 121 fi
122 122
123 123 # Compile in BTRFS
124 124 if [ "$KERNEL_BTRFS" = true ]; then
125 125 set_kernel_config CONFIG_BTRFS_FS y
126 126 set_kernel_config CONFIG_BTRFS_FS_POSIX_ACL y
127 127 set_kernel_config CONFIG_BTRFS_FS_REF_VERIFY y
128 128 fi
129 129
130 130 # Diffie-Hellman operations on retained keys
131 131 # (required for >keyutils-1.6)
132 132 if [ "$KERNEL_DHKEY" = true ]; then
133 133 set_kernel_config CONFIG_KEY_DH_OPERATIONS y
134 134 fi
135 135
136 136 if [ "$KERNEL_ARCH" = arm64 ] && [ "$ENABLE_QEMU" = false ]; then
137 137 # Mask this temporarily during switch to rpi-4.19.y
138 138 #Fix SD_DRIVER upstream and downstream mess in 64bit RPIdeb_config
139 139 # use correct driver MMC_BCM2835_MMC instead of MMC_BCM2835_SDHOST - see https://www.raspberrypi.org/forums/viewtopic.php?t=210225
140 140 #set_kernel_config CONFIG_MMC_BCM2835 n
141 141 #set_kernel_config CONFIG_MMC_SDHCI_IPROC n
142 142 #set_kernel_config CONFIG_USB_DWC2 n
143 143 #sed -i "s|depends on MMC_BCM2835_MMC && MMC_BCM2835_DMA|depends on MMC_BCM2835_MMC|" "${KERNEL_DIR}"/drivers/mmc/host/Kconfig
144
145 144 #VLAN got disabled without reason in arm64bit
146 145 set_kernel_config CONFIG_IPVLAN m
147 146 fi
148
147
149 148 # enable ZSWAP see https://askubuntu.com/a/472227 or https://wiki.archlinux.org/index.php/zswap
150 149 if [ "$KERNEL_ZSWAP" = true ] ; then
151 150 set_kernel_config CONFIG_ZPOOL y
152 151 set_kernel_config CONFIG_ZSWAP y
153 152 set_kernel_config CONFIG_ZBUD y
154 153 set_kernel_config CONFIG_Z3FOLD y
155 154 set_kernel_config CONFIG_ZSMALLOC y
156 155 set_kernel_config CONFIG_PGTABLE_MAPPING y
157 156 set_kernel_config CONFIG_LZO_COMPRESS y
158 157 fi
159
158
160 159 if [ "$RPI_MODEL" = 4 ] ; then
161 160 # Following are set in current 32-bit LPAE kernel
162 161 set_kernel_config CONFIG_CGROUP_PIDS y
163 162 set_kernel_config CONFIG_NET_IPVTI m
164 163 set_kernel_config CONFIG_NF_TABLES_SET m
165 164 set_kernel_config CONFIG_NF_TABLES_INET y
166 165 set_kernel_config CONFIG_NF_TABLES_NETDEV y
167 166 set_kernel_config CONFIG_NF_FLOW_TABLE m
168 167 set_kernel_config CONFIG_NFT_FLOW_OFFLOAD m
169 168 set_kernel_config CONFIG_NFT_CONNLIMIT m
170 169 set_kernel_config CONFIG_NFT_TUNNEL m
171 170 set_kernel_config CONFIG_NFT_OBJREF m
172 171 set_kernel_config CONFIG_NFT_FIB_IPV4 m
173 172 set_kernel_config CONFIG_NFT_FIB_IPV6 m
174 173 set_kernel_config CONFIG_NFT_FIB_INET m
175 174 set_kernel_config CONFIG_NFT_SOCKET m
176 175 set_kernel_config CONFIG_NFT_OSF m
177 176 set_kernel_config CONFIG_NFT_TPROXY m
178 177 set_kernel_config CONFIG_NF_DUP_NETDEV m
179 178 set_kernel_config CONFIG_NFT_DUP_NETDEV m
180 179 set_kernel_config CONFIG_NFT_FWD_NETDEV m
181 180 set_kernel_config CONFIG_NFT_FIB_NETDEV m
182 181 set_kernel_config CONFIG_NF_FLOW_TABLE_INET m
183 182 set_kernel_config CONFIG_NF_FLOW_TABLE m
184 183 set_kernel_config CONFIG_NETFILTER_XT_MATCH_SOCKET m
185 184 set_kernel_config CONFIG_NFT_CHAIN_ROUTE_IPV6 m
186 185 set_kernel_config CONFIG_NFT_CHAIN_NAT_IPV6 m
187 186 set_kernel_config CONFIG_NFT_MASQ_IPV6 m
188 187 set_kernel_config CONFIG_NFT_REDIR_IPV6 m
189 188 set_kernel_config CONFIG_NFT_REJECT_IPV6 m
190 189 set_kernel_config CONFIG_NFT_DUP_IPV6 m
191 190 set_kernel_config CONFIG_NFT_FIB_IPV6 m
192 191 set_kernel_config CONFIG_NF_FLOW_TABLE_IPV6 m
193 192 set_kernel_config CONFIG_NF_TABLES_BRIDGE m
194 193 set_kernel_config CONFIG_NFT_BRIDGE_REJECT m
195 194 set_kernel_config CONFIG_NF_LOG_BRIDGE m
196 195 set_kernel_config CONFIG_MT76_CORE m
197 196 set_kernel_config CONFIG_MT76_LEDS m
198 197 set_kernel_config CONFIG_MT76_USB m
199 198 set_kernel_config CONFIG_MT76x2_COMMON m
200 199 set_kernel_config CONFIG_MT76x0U m
201 200 set_kernel_config CONFIG_MT76x2U m
202 201 set_kernel_config CONFIG_TOUCHSCREEN_ILI210X m
203 202 set_kernel_config CONFIG_BCM_VC_SM m
204 203 set_kernel_config CONFIG_BCM2835_SMI_DEV m
205 204 set_kernel_config CONFIG_RPIVID_MEM m
206 205 set_kernel_config CONFIG_HW_RANDOM_BCM2835 y
207 206 set_kernel_config CONFIG_TCG_TPM m
208 207 set_kernel_config CONFIG_HW_RANDOM_TPM y
209 208 set_kernel_config CONFIG_TCG_TIS m
210 209 set_kernel_config CONFIG_TCG_TIS_SPI m
211 210 set_kernel_config CONFIG_I2C_MUX m
212 211 set_kernel_config CONFIG_I2C_MUX_GPMUX m
213 212 set_kernel_config CONFIG_I2C_MUX_PCA954x m
214 213 set_kernel_config CONFIG_SPI_GPIO m
215 214 set_kernel_config CONFIG_BATTERY_MAX17040 m
216 215 set_kernel_config CONFIG_SENSORS_GPIO_FAN m
217 216 set_kernel_config CONFIG_SENSORS_RASPBERRYPI_HWMON m
218 217 set_kernel_config CONFIG_BCM2835_THERMAL y
219 218 set_kernel_config CONFIG_RC_CORE y
220 219 set_kernel_config CONFIG_RC_MAP y
221 220 set_kernel_config CONFIG_LIRC y
222 221 set_kernel_config CONFIG_RC_DECODERS y
223 222 set_kernel_config CONFIG_IR_NEC_DECODER m
224 223 set_kernel_config CONFIG_IR_RC5_DECODER m
225 224 set_kernel_config CONFIG_IR_RC6_DECODER m
226 225 set_kernel_config CONFIG_IR_JVC_DECODER m
227 226 set_kernel_config CONFIG_IR_SONY_DECODER m
228 227 set_kernel_config CONFIG_IR_SANYO_DECODER m
229 228 set_kernel_config CONFIG_IR_SHARP_DECODER m
230 229 set_kernel_config CONFIG_IR_MCE_KBD_DECODER m
231 230 set_kernel_config CONFIG_IR_XMP_DECODER m
232 231 set_kernel_config CONFIG_IR_IMON_DECODER m
233 232 set_kernel_config CONFIG_RC_DEVICES y
234 233 set_kernel_config CONFIG_RC_ATI_REMOTE m
235 234 set_kernel_config CONFIG_IR_IMON m
236 235 set_kernel_config CONFIG_IR_MCEUSB m
237 236 set_kernel_config CONFIG_IR_REDRAT3 m
238 237 set_kernel_config CONFIG_IR_STREAMZAP m
239 238 set_kernel_config CONFIG_IR_IGUANA m
240 239 set_kernel_config CONFIG_IR_TTUSBIR m
241 240 set_kernel_config CONFIG_RC_LOOPBACK m
242 241 set_kernel_config CONFIG_IR_GPIO_CIR m
243 242 set_kernel_config CONFIG_IR_GPIO_TX m
244 243 set_kernel_config CONFIG_IR_PWM_TX m
245 244 set_kernel_config CONFIG_VIDEO_V4L2_SUBDEV_API y
246 245 set_kernel_config CONFIG_VIDEO_AU0828_RC y
247 246 set_kernel_config CONFIG_VIDEO_CX231XX m
248 247 set_kernel_config CONFIG_VIDEO_CX231XX_RC y
249 248 set_kernel_config CONFIG_VIDEO_CX231XX_ALSA m
250 249 set_kernel_config CONFIG_VIDEO_CX231XX_DVB m
251 250 set_kernel_config CONFIG_VIDEO_TM6000 m
252 251 set_kernel_config CONFIG_VIDEO_TM6000_ALSA m
253 252 set_kernel_config CONFIG_VIDEO_TM6000_DVB m
254 253 set_kernel_config CONFIG_DVB_USB m
255 254 set_kernel_config CONFIG_DVB_USB_DIB3000MC m
256 255 set_kernel_config CONFIG_DVB_USB_A800 m
257 256 set_kernel_config CONFIG_DVB_USB_DIBUSB_MB m
258 257 set_kernel_config CONFIG_DVB_USB_DIBUSB_MB_FAULTY y
259 258 set_kernel_config CONFIG_DVB_USB_DIBUSB_MC m
260 259 set_kernel_config CONFIG_DVB_USB_DIB0700 m
261 260 set_kernel_config CONFIG_DVB_USB_UMT_010 m
262 261 set_kernel_config CONFIG_DVB_USB_CXUSB m
263 262 set_kernel_config CONFIG_DVB_USB_M920X m
264 263 set_kernel_config CONFIG_DVB_USB_DIGITV m
265 264 set_kernel_config CONFIG_DVB_USB_VP7045 m
266 265 set_kernel_config CONFIG_DVB_USB_VP702X m
267 266 set_kernel_config CONFIG_DVB_USB_GP8PSK m
268 267 set_kernel_config CONFIG_DVB_USB_NOVA_T_USB2 m
269 268 set_kernel_config CONFIG_DVB_USB_TTUSB2 m
270 269 set_kernel_config CONFIG_DVB_USB_DTT200U m
271 270 set_kernel_config CONFIG_DVB_USB_OPERA1 m
272 271 set_kernel_config CONFIG_DVB_USB_AF9005 m
273 272 set_kernel_config CONFIG_DVB_USB_AF9005_REMOTE m
274 273 set_kernel_config CONFIG_DVB_USB_PCTV452E m
275 274 set_kernel_config CONFIG_DVB_USB_DW2102 m
276 275 set_kernel_config CONFIG_DVB_USB_CINERGY_T2 m
277 276 set_kernel_config CONFIG_DVB_USB_DTV5100 m
278 277 set_kernel_config CONFIG_DVB_USB_AZ6027 m
279 278 set_kernel_config CONFIG_DVB_USB_TECHNISAT_USB2 m
280 279 set_kernel_config CONFIG_DVB_USB_AF9015 m
281 280 set_kernel_config CONFIG_DVB_USB_LME2510 m
282 281 set_kernel_config CONFIG_DVB_USB_RTL28XXU m
283 282 set_kernel_config CONFIG_VIDEO_EM28XX_RC m
284 283 set_kernel_config CONFIG_SMS_SIANO_RC m
285 284 set_kernel_config CONFIG_VIDEO_IR_I2C m
286 285 set_kernel_config CONFIG_VIDEO_ADV7180 m
287 286 set_kernel_config CONFIG_VIDEO_TC358743 m
288 287 set_kernel_config CONFIG_VIDEO_OV5647 m
289 288 set_kernel_config CONFIG_DVB_M88DS3103 m
290 289 set_kernel_config CONFIG_DVB_AF9013 m
291 290 set_kernel_config CONFIG_DVB_RTL2830 m
292 291 set_kernel_config CONFIG_DVB_RTL2832 m
293 292 set_kernel_config CONFIG_DVB_SI2168 m
294 293 set_kernel_config CONFIG_DVB_GP8PSK_FE m
295 294 set_kernel_config CONFIG_DVB_USB m
296 295 set_kernel_config CONFIG_DVB_LGDT3306A m
297 296 set_kernel_config CONFIG_FB_SIMPLE y
298 297 set_kernel_config CONFIG_SND_BCM2708_SOC_IQAUDIO_CODEC m
299 298 set_kernel_config CONFIG_SND_BCM2708_SOC_I_SABRE_Q2M m
300 299 set_kernel_config CONFIG_SND_AUDIOSENSE_PI m
301 300 set_kernel_config CONFIG_SND_SOC_AD193X m
302 301 set_kernel_config CONFIG_SND_SOC_AD193X_SPI m
303 302 set_kernel_config CONFIG_SND_SOC_AD193X_I2C m
304 303 set_kernel_config CONFIG_SND_SOC_CS4265 m
305 304 set_kernel_config CONFIG_SND_SOC_DA7213 m
306 305 set_kernel_config CONFIG_SND_SOC_ICS43432 m
307 306 set_kernel_config CONFIG_SND_SOC_TLV320AIC32X4 m
308 307 set_kernel_config CONFIG_SND_SOC_TLV320AIC32X4_I2C m
309 308 set_kernel_config CONFIG_SND_SOC_I_SABRE_CODEC m
310 309 set_kernel_config CONFIG_HID_BIGBEN_FF m
311 310 #set_kernel_config CONFIG_USB_XHCI_PLATFORM y
312 311 set_kernel_config CONFIG_USB_TMC m
313 312 set_kernel_config CONFIG_USB_UAS y
314 313 set_kernel_config CONFIG_USBIP_VUDC m
315 314 set_kernel_config CONFIG_USB_CONFIGFS m
316 315 set_kernel_config CONFIG_USB_CONFIGFS_SERIAL y
317 316 set_kernel_config CONFIG_USB_CONFIGFS_ACM y
318 317 set_kernel_config CONFIG_USB_CONFIGFS_OBEX y
319 318 set_kernel_config CONFIG_USB_CONFIGFS_NCM y
320 319 set_kernel_config CONFIG_USB_CONFIGFS_ECM y
321 320 set_kernel_config CONFIG_USB_CONFIGFS_ECM_SUBSET y
322 321 set_kernel_config CONFIG_USB_CONFIGFS_RNDIS y
323 322 set_kernel_config CONFIG_USB_CONFIGFS_EEM y
324 323 set_kernel_config CONFIG_USB_CONFIGFS_MASS_STORAGE y
325 324 set_kernel_config CONFIG_USB_CONFIGFS_F_LB_SS y
326 325 set_kernel_config CONFIG_USB_CONFIGFS_F_FS y
327 326 set_kernel_config CONFIG_USB_CONFIGFS_F_UAC1 y
328 327 set_kernel_config CONFIG_USB_CONFIGFS_F_UAC2 y
329 328 set_kernel_config CONFIG_USB_CONFIGFS_F_MIDI y
330 329 set_kernel_config CONFIG_USB_CONFIGFS_F_HID y
331 330 set_kernel_config CONFIG_USB_CONFIGFS_F_UVC y
332 331 set_kernel_config CONFIG_USB_CONFIGFS_F_PRINTER y
333 332 set_kernel_config CONFIG_LEDS_PCA963X m
334 333 set_kernel_config CONFIG_LEDS_IS31FL32XX m
335 334 set_kernel_config CONFIG_LEDS_TRIGGER_NETDEV m
336 335 set_kernel_config CONFIG_RTC_DRV_RV3028 m
337 336 set_kernel_config CONFIG_AUXDISPLAY y
338 337 set_kernel_config CONFIG_HD44780 m
339 338 set_kernel_config CONFIG_FB_TFT_SH1106 m
340 339 set_kernel_config CONFIG_VIDEO_CODEC_BCM2835 m
341 340 set_kernel_config CONFIG_BCM2835_POWER y
342 341 set_kernel_config CONFIG_INV_MPU6050_IIO m
343 342 set_kernel_config CONFIG_INV_MPU6050_I2C m
344 343 set_kernel_config CONFIG_SECURITYFS y
345 344
346 345 # Safer to build this in
347 346 set_kernel_config CONFIG_BINFMT_MISC y
348 347
349 348 # pulseaudio wants a buffer of at least this size
350 349 set_kernel_config CONFIG_SND_HDA_PREALLOC_SIZE 2048
351 350
352 351 # PR#3063: enable 3D acceleration with 64-bit kernel on RPi4
353 352 # set the appropriate kernel configs unlocked by this PR
354 353 set_kernel_config CONFIG_ARCH_BCM y
355 354 set_kernel_config CONFIG_ARCH_BCM2835 y
356 355 set_kernel_config CONFIG_DRM_V3D m
357 356 set_kernel_config CONFIG_DRM_VC4 m
358 357 set_kernel_config CONFIG_DRM_VC4_HDMI_CEC y
359 358
360 359 # PR#3144: add arm64 pcie bounce buffers; enables 4GiB on RPi4
361 360 # required by PR#3144; should already be applied, but just to be safe
362 361 set_kernel_config CONFIG_PCIE_BRCMSTB y
363 362 set_kernel_config CONFIG_BCM2835_MMC y
364 363
365 # Snap needs squashfs. The ubuntu eoan-preinstalled-server image at
364 # Snap needs squashfs. The ubuntu eoan-preinstalled-server image at
366 365 # http://cdimage.ubuntu.com/ubuntu-server/daily-preinstalled/current/ uses snap
367 366 # during cloud-init setup at first boot. Without this the login accounts are not
368 367 # created and the user can not login.
369 368 set_kernel_config CONFIG_SQUASHFS y
370 369
371 370 # Ceph support for Block Device (RBD) and Filesystem (FS)
372 371 # https://docs.ceph.com/docs/master/
373 372 set_kernel_config CONFIG_CEPH_LIB m
374 373 set_kernel_config CONFIG_CEPH_LIB_USE_DNS_RESOLVER y
375 374 set_kernel_config CONFIG_CEPH_FS m
376 375 set_kernel_config CONFIG_CEPH_FSCACHE y
377 376 set_kernel_config CONFIG_CEPH_FS_POSIX_ACL y
378 377 set_kernel_config CONFIG_BLK_DEV_RBD m
379 378 fi
380 379
381 380 # enable basic KVM support; see https://www.raspberrypi.org/forums/viewtopic.php?f=63&t=210546&start=25#p1300453
382 381 if [ "$KERNEL_VIRT" = true ] && { [ "$RPI_MODEL" = 2 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] || [ "$RPI_MODEL" = 4 ]; } ; then
383 382 set_kernel_config CONFIG_HAVE_KVM y
384 383 set_kernel_config CONFIG_HIGH_RES_TIMERS y
385 384 set_kernel_config CONFIG_HAVE_KVM_IRQCHIP y
386 385 set_kernel_config CONFIG_HAVE_KVM_ARCH_TLB_FLUSH_ALL y
387 386 set_kernel_config CONFIG_HAVE_KVM_CPU_RELAX_INTERCEPT y
388 387 set_kernel_config CONFIG_HAVE_KVM_EVENTFD y
389 388 set_kernel_config CONFIG_HAVE_KVM_IRQFD y
390 389 set_kernel_config CONFIG_HAVE_KVM_IRQ_ROUTING y
391 390 set_kernel_config CONFIG_HAVE_KVM_MSI y
392 391 set_kernel_config CONFIG_KVM y
393 392 set_kernel_config CONFIG_KVM_ARM_HOST y
394 393 set_kernel_config CONFIG_KVM_ARM_PMU y
395 394 set_kernel_config CONFIG_KVM_COMPAT y
396 395 set_kernel_config CONFIG_KVM_GENERIC_DIRTYLOG_READ_PROTECT y
397 396 set_kernel_config CONFIG_KVM_MMIO y
398 397 set_kernel_config CONFIG_KVM_VFIO y
399 398 set_kernel_config CONFIG_KVM_MMU_AUDIT y
400 399 set_kernel_config CONFIG_VHOST m
401 400 set_kernel_config CONFIG_VHOST_CROSS_ENDIAN_LEGACY y
402 401 set_kernel_config CONFIG_VHOST_NET m
403 402 set_kernel_config CONFIG_VIRTUALIZATION y
404 403 set_kernel_config CONFIG_SLAB_FREELIST_RANDOM=y
405 404 set_kernel_config CONFIG_SLAB_FREELIST_HARDENED=y
406 405 set_kernel_config CONFIG_MMU_NOTIFIER y
407
406
408 407 # erratum
409 408 set_kernel_config ARM64_ERRATUM_834220 y
410
409
411 410 # https://sourceforge.net/p/kvm/mailman/message/18440797/
412 411 set_kernel_config CONFIG_PREEMPT_NOTIFIERS y
413 412 fi
414 413
415 414 # enable apparmor,integrity audit,
416 415 if [ "$KERNEL_SECURITY" = true ] ; then
417 416
418 417 # security filesystem, security models and audit
419 418 set_kernel_config CONFIG_SECURITYFS y
420 419 set_kernel_config CONFIG_SECURITY y
421 420 set_kernel_config CONFIG_AUDIT y
422 421
423 422 # harden strcpy and memcpy
424 423 set_kernel_config CONFIG_HARDENED_USERCOPY y
425 424 set_kernel_config CONFIG_HAVE_HARDENED_USERCOPY_ALLOCATOR y
426 425 set_kernel_config CONFIG_FORTIFY_SOURCE y
427 426
428 427 # integrity sub-system
429 428 set_kernel_config CONFIG_INTEGRITY y
430 429 set_kernel_config CONFIG_INTEGRITY_ASYMMETRIC_KEYS y
431 430 set_kernel_config CONFIG_INTEGRITY_AUDIT y
432 431 set_kernel_config CONFIG_INTEGRITY_SIGNATURE y
433 432 set_kernel_config CONFIG_INTEGRITY_TRUSTED_KEYRING y
434 433
435 434 # This option provides support for retaining authentication tokens and access keys in the kernel.
436 435 set_kernel_config CONFIG_KEYS y
437 436 set_kernel_config CONFIG_KEYS_COMPAT y
438 437
439 438 # Apparmor
440 439 set_kernel_config CONFIG_SECURITY_APPARMOR_BOOTPARAM_VALUE 0
441 440 set_kernel_config CONFIG_SECURITY_APPARMOR_HASH_DEFAULT y
442 441 set_kernel_config CONFIG_DEFAULT_SECURITY_APPARMOR y
443 442 set_kernel_config CONFIG_SECURITY_APPARMOR y
444 443 set_kernel_config CONFIG_SECURITY_APPARMOR_HASH y
445 444 set_kernel_config CONFIG_DEFAULT_SECURITY "apparmor"
446 445
447 446 # restrictions on unprivileged users reading the kernel
448 447 set_kernel_config CONFIG_SECURITY_DMESG_RESTRICT y
449 448
450 449 # network security hooks
451 450 set_kernel_config CONFIG_SECURITY_NETWORK y
452 451 set_kernel_config CONFIG_SECURITY_NETWORK_XFRM y
453 452 set_kernel_config CONFIG_SECURITY_PATH y
454 453 set_kernel_config CONFIG_SECURITY_YAMA n
455 454
456 455 set_kernel_config CONFIG_SECURITY_SELINUX n
457 456 set_kernel_config CONFIG_SECURITY_SMACK n
458 457 set_kernel_config CONFIG_SECURITY_TOMOYO n
459 458 set_kernel_config CONFIG_SECURITY_APPARMOR_DEBUG n
460 459 set_kernel_config CONFIG_SECURITY_LOADPIN n
461 460 set_kernel_config CONFIG_HARDENED_USERCOPY_PAGESPAN n
462 461 set_kernel_config CONFIG_IMA n
463 462 set_kernel_config CONFIG_EVM n
464 463 set_kernel_config CONFIG_FANOTIFY_ACCESS_PERMISSIONS y
465 464 set_kernel_config CONFIG_NFSD_V4_SECURITY_LABEL y
466 465 set_kernel_config CONFIG_PKCS7_MESSAGE_PARSER y
467 466 set_kernel_config CONFIG_SYSTEM_TRUSTED_KEYRING y
468 467 set_kernel_config CONFIG_SYSTEM_EXTRA_CERTIFICATE y
469 468 set_kernel_config CONFIG_SECONDARY_TRUSTED_KEYRING y
470 469 set_kernel_config CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY n
471 470 set_kernel_config CONFIG_SYSTEM_TRUSTED_KEYS m
472 471 set_kernel_config CONFIG_SYSTEM_EXTRA_CERTIFICATE_SIZE 4096
473 472 fi
474
473
475 474 if [ "$ENABLE_CRYPTFS" = true ] ; then
476 475 set_kernel_config CONFIG_EMBEDDED y
477 476 set_kernel_config CONFIG_EXPERT y
478 477 set_kernel_config CONFIG_DAX y
479 478 set_kernel_config CONFIG_MD y
480 479 set_kernel_config CONFIG_BLK_DEV_MD y
481 480 set_kernel_config CONFIG_MD_AUTODETECT y
482 481 set_kernel_config CONFIG_BLK_DEV_DM y
483 482 set_kernel_config CONFIG_BLK_DEV_DM_BUILTIN y
484 483 set_kernel_config CONFIG_DM_CRYPT y
485 484 set_kernel_config CONFIG_CRYPTO_BLKCIPHER y
486 485 set_kernel_config CONFIG_CRYPTO_CBC y
487 486 set_kernel_config CONFIG_CRYPTO_XTS y
488 487 set_kernel_config CONFIG_CRYPTO_SHA512 y
489 488 set_kernel_config CONFIG_CRYPTO_MANAGER y
490 489 set_kernel_config CONFIG_ARM64_CRYPTO y
491 490 set_kernel_config CONFIG_CRYPTO_SHA256_ARM64 m
492 491 set_kernel_config CONFIG_CRYPTO_SHA512_ARM64 m
493 492 set_kernel_config CONFIG_CRYPTO_SHA1_ARM64_CE m
494 493 set_kernel_config CRYPTO_GHASH_ARM64_CE m
495 494 set_kernel_config CRYPTO_SHA2_ARM64_CE m
496 495 set_kernel_config CONFIG_CRYPTO_CRCT10DIF_ARM64_CE m
497 496 set_kernel_config CONFIG_CRYPTO_CRC32_ARM64_CE m
498 497 set_kernel_config CONFIG_CRYPTO_AES_ARM64 m
499 498 set_kernel_config CONFIG_CRYPTO_AES_ARM64_CE m
500 499 set_kernel_config CONFIG_CRYPTO_AES_ARM64_CE_CCM y
501 500 set_kernel_config CONFIG_CRYPTO_AES_ARM64_CE_BLK y
502 501 set_kernel_config CONFIG_CRYPTO_AES_ARM64_NEON_BLK m
503 502 set_kernel_config CONFIG_CRYPTO_CHACHA20_NEON m
504 503 set_kernel_config CONFIG_CRYPTO_AES_ARM64_BS m
505 504 fi
506 505
507 506 # Netfilter kernel support See https://github.com/raspberrypi/linux/issues/2177#issuecomment-354647406
508 507 if [ "$KERNEL_NF" = true ] ; then
509 508 set_kernel_config CONFIG_IP_NF_SECURITY m
510 509 set_kernel_config CONFIG_NETLABEL y
511 510 set_kernel_config CONFIG_IP6_NF_SECURITY m
512 511 set_kernel_config CONFIG_IP_NF_TARGET_SYNPROXY m
513 512 set_kernel_config CONFIG_NETFILTER_XT_TARGET_AUDIT m
514 513 set_kernel_config CONFIG_NETFILTER_XT_MATCH_CGROUP m
515 514 set_kernel_config CONFIG_NETFILTER_XT_MATCH_IPCOMP m
516 515 set_kernel_config CONFIG_NETFILTER_XT_MATCH_SOCKET m
517 516 set_kernel_config CONFIG_NFT_FIB_INET m
518 517 set_kernel_config CONFIG_NFT_FIB_IPV4 m
519 518 set_kernel_config CONFIG_NFT_FIB_IPV6 m
520 519 set_kernel_config CONFIG_NFT_FIB_NETDEV m
521 520 set_kernel_config CONFIG_NFT_OBJREF m
522 521 set_kernel_config CONFIG_NFT_RT m
523 522 set_kernel_config CONFIG_NFT_SET_BITMAP m
524 523 set_kernel_config CONFIG_NF_CONNTRACK_TIMEOUT y
525 524 set_kernel_config CONFIG_NF_LOG_ARP m
526 525 set_kernel_config CONFIG_NF_SOCKET_IPV4 m
527 526 set_kernel_config CONFIG_NF_SOCKET_IPV6 m
528 527 set_kernel_config CONFIG_BRIDGE_EBT_BROUTE m
529 528 set_kernel_config CONFIG_BRIDGE_EBT_T_FILTER m
530 529 set_kernel_config CONFIG_BRIDGE_NF_EBTABLES m
531 530 set_kernel_config CONFIG_IP6_NF_IPTABLES m
532 531 set_kernel_config CONFIG_IP6_NF_MATCH_AH m
533 532 set_kernel_config CONFIG_IP6_NF_MATCH_EUI64 m
534 533 set_kernel_config CONFIG_IP6_NF_NAT m
535 534 set_kernel_config CONFIG_IP6_NF_TARGET_MASQUERADE m
536 535 set_kernel_config CONFIG_IP6_NF_TARGET_NPT m
537 536 set_kernel_config CONFIG_IP_SET_BITMAP_IPMAC m
538 537 set_kernel_config CONFIG_IP_SET_BITMAP_PORT m
539 538 set_kernel_config CONFIG_IP_SET_HASH_IP m
540 539 set_kernel_config CONFIG_IP_SET_HASH_IPMARK m
541 540 set_kernel_config CONFIG_IP_SET_HASH_IPPORT m
542 541 set_kernel_config CONFIG_IP_SET_HASH_IPPORTIP m
543 542 set_kernel_config CONFIG_IP_SET_HASH_IPPORTNET m
544 543 set_kernel_config CONFIG_IP_SET_HASH_MAC m
545 544 set_kernel_config CONFIG_IP_SET_HASH_NET m
546 545 set_kernel_config CONFIG_IP_SET_HASH_NETIFACE m
547 546 set_kernel_config CONFIG_IP_SET_HASH_NETNET m
548 547 set_kernel_config CONFIG_IP_SET_HASH_NETPORT m
549 548 set_kernel_config CONFIG_IP_SET_HASH_NETPORTNET m
550 549 set_kernel_config CONFIG_IP_SET_LIST_SET m
551 550 set_kernel_config CONFIG_NETFILTER_XTABLES m
552 551 set_kernel_config CONFIG_NETFILTER_XTABLES m
553 552 set_kernel_config CONFIG_NFT_BRIDGE_META m
554 553 set_kernel_config CONFIG_NFT_BRIDGE_REJECT m
555 554 set_kernel_config CONFIG_NFT_CHAIN_NAT_IPV4 m
556 555 set_kernel_config CONFIG_NFT_CHAIN_NAT_IPV6 m
557 556 set_kernel_config CONFIG_NFT_CHAIN_ROUTE_IPV4 m
558 557 set_kernel_config CONFIG_NFT_CHAIN_ROUTE_IPV6 m
559 558 set_kernel_config CONFIG_NFT_COMPAT m
560 559 set_kernel_config CONFIG_NFT_COUNTER m
561 560 set_kernel_config CONFIG_NFT_CT m
562 561 set_kernel_config CONFIG_NFT_DUP_IPV4 m
563 562 set_kernel_config CONFIG_NFT_DUP_IPV6 m
564 563 set_kernel_config CONFIG_NFT_DUP_NETDEV m
565 564 set_kernel_config CONFIG_NFT_EXTHDR m
566 565 set_kernel_config CONFIG_NFT_FWD_NETDEV m
567 566 set_kernel_config CONFIG_NFT_HASH m
568 567 set_kernel_config CONFIG_NFT_LIMIT m
569 568 set_kernel_config CONFIG_NFT_LOG m
570 569 set_kernel_config CONFIG_NFT_MASQ m
571 570 set_kernel_config CONFIG_NFT_MASQ_IPV4 m
572 571 set_kernel_config CONFIG_NFT_MASQ_IPV6 m
573 572 set_kernel_config CONFIG_NFT_META m
574 573 set_kernel_config CONFIG_NFT_NAT m
575 574 set_kernel_config CONFIG_NFT_NUMGEN m
576 575 set_kernel_config CONFIG_NFT_QUEUE m
577 576 set_kernel_config CONFIG_NFT_QUOTA m
578 577 set_kernel_config CONFIG_NFT_REDIR m
579 578 set_kernel_config CONFIG_NFT_REDIR_IPV4 m
580 579 set_kernel_config CONFIG_NFT_REDIR_IPV6 m
581 580 set_kernel_config CONFIG_NFT_REJECT m
582 581 set_kernel_config CONFIG_NFT_REJECT_INET m
583 582 set_kernel_config CONFIG_NFT_REJECT_IPV4 m
584 583 set_kernel_config CONFIG_NFT_REJECT_IPV6 m
585 584 set_kernel_config CONFIG_NFT_SET_HASH m
586 585 set_kernel_config CONFIG_NFT_SET_RBTREE m
587 586 set_kernel_config CONFIG_NF_CONNTRACK_IPV4 m
588 587 set_kernel_config CONFIG_NF_CONNTRACK_IPV6 m
589 588 set_kernel_config CONFIG_NF_DEFRAG_IPV4 m
590 589 set_kernel_config CONFIG_NF_DEFRAG_IPV6 m
591 590 set_kernel_config CONFIG_NF_DUP_IPV4 m
592 591 set_kernel_config CONFIG_NF_DUP_IPV6 m
593 592 set_kernel_config CONFIG_NF_DUP_NETDEV m
594 593 set_kernel_config CONFIG_NF_LOG_BRIDGE m
595 594 set_kernel_config CONFIG_NF_LOG_IPV4 m
596 595 set_kernel_config CONFIG_NF_LOG_IPV6 m
597 596 set_kernel_config CONFIG_NF_NAT_IPV4 m
598 597 set_kernel_config CONFIG_NF_NAT_IPV6 m
599 598 set_kernel_config CONFIG_NF_NAT_MASQUERADE_IPV4 y
600 599 set_kernel_config CONFIG_NF_NAT_MASQUERADE_IPV6 y
601 600 set_kernel_config CONFIG_NF_NAT_PPTP m
602 601 set_kernel_config CONFIG_NF_NAT_PROTO_GRE m
603 602 set_kernel_config CONFIG_NF_NAT_REDIRECT y
604 603 set_kernel_config CONFIG_NF_NAT_SIP m
605 604 set_kernel_config CONFIG_NF_NAT_SNMP_BASIC m
606 605 set_kernel_config CONFIG_NF_NAT_TFTP m
607 606 set_kernel_config CONFIG_NF_REJECT_IPV4 m
608 607 set_kernel_config CONFIG_NF_REJECT_IPV6 m
609 608 set_kernel_config CONFIG_NF_TABLES m
610 609 set_kernel_config CONFIG_NF_TABLES_IPV4 y
611 610 set_kernel_config CONFIG_NF_TABLES_IPV6 y
612 611 set_kernel_config CONFIG_NF_TABLES_SET m
613 612 set_kernel_config CONFIG_NF_TABLES_INET y
614 613 set_kernel_config CONFIG_NF_TABLES_NETDEV y
615 614 set_kernel_config CONFIG_NFT_CONNLIMIT m
616 615 set_kernel_config CONFIG_NFT_TUNNEL m
617 616 set_kernel_config CONFIG_NFT_SOCKET m
618 617 set_kernel_config CONFIG_NFT_TPROXY m
619 618 set_kernel_config CONFIG_NF_FLOW_TABLE m
620 619 set_kernel_config CONFIG_NFT_FLOW_OFFLOAD m
621 620 set_kernel_config CONFIG_NF_FLOW_TABLE_INET m
622 621 set_kernel_config CONFIG_NF_TABLES_ARP y
623 622 set_kernel_config CONFIG_NF_FLOW_TABLE_IPV4 y
624 623 set_kernel_config CONFIG_NF_FLOW_TABLE_IPV6 y
625 624 set_kernel_config CONFIG_NF_TABLES_BRIDGE y
626 625 set_kernel_config CONFIG_NF_CT_NETLINK_TIMEOUT m
627 626 set_kernel_config CONFIG_NFT_OSF m
628
627
629 628 fi
630 629
631 630 # Enables BPF syscall for systemd-journald see https://github.com/torvalds/linux/blob/master/init/Kconfig#L848 or https://groups.google.com/forum/#!topic/linux.gentoo.user/_2aSc_ztGpA
632 631 if [ "$KERNEL_BPF" = true ] ; then
633 632 set_kernel_config CONFIG_BPF_SYSCALL y
634 633 set_kernel_config CONFIG_BPF_EVENTS y
635 634 set_kernel_config CONFIG_BPF_STREAM_PARSER y
636 635 set_kernel_config CONFIG_CGROUP_BPF y
637 636 set_kernel_config CONFIG_XDP_SOCKETS y
638 637 fi
639 638
640 # KERNEL_DEFAULT_GOV was set by user
639 # KERNEL_DEFAULT_GOV was set by user
641 640 if [ "$KERNEL_DEFAULT_GOV" != ondemand ] && [ -n "$KERNEL_DEFAULT_GOV" ] ; then
642 641 case "$KERNEL_DEFAULT_GOV" in
643 642 performance)
644 643 set_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_PERFORMANCE y
645 644 ;;
646 645 userspace)
647 646 set_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_USERSPACE y
648 647 ;;
649 648 ondemand)
650 649 set_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_ONDEMAND y
651 650 ;;
652 651 conservative)
653 652 set_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_CONSERVATIVE y
654 653 ;;
655 654 shedutil)
656 655 set_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_SCHEDUTIL y
657 656 ;;
658 657 *)
659 658 echo "error: unsupported default cpu governor"
660 659 exit 1
661 660 ;;
662 661 esac
663 662 # unset previous default governor
664 663 unset_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_ONDEMAND
665 664 fi
666 665
667 666 #Revert to previous directory
668 667 cd "${WORKDIR}" || exit
669 668
670 669 # Set kernel configuration parameters to enable qemu emulation
671 670 if [ "$ENABLE_QEMU" = true ] ; then
672 671 echo "CONFIG_FHANDLE=y" >> "${KERNEL_DIR}"/.config
673 672 echo "CONFIG_LBDAF=y" >> "${KERNEL_DIR}"/.config
674 673 fi
675 674
676 675 # Copy custom kernel configuration file
677 676 if [ -n "$KERNELSRC_USRCONFIG" ] ; then
678 677 cp "$KERNELSRC_USRCONFIG" "${KERNEL_DIR}"/.config
679 678 fi
680 679
681 680 # Set kernel configuration parameters to their default values
682 681 if [ "$KERNEL_OLDDEFCONFIG" = true ] ; then
683 682 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" olddefconfig
684 683 fi
685 684
686 685 # Start menu-driven kernel configuration (interactive)
687 686 if [ "$KERNEL_MENUCONFIG" = true ] ; then
688 687 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" menuconfig
689 688 fi
690 689 # end if "$KERNELSRC_CONFIG" = true
691 690 fi
692 691
693 692 # Use ccache to cross compile the kernel
694 693 if [ "$KERNEL_CCACHE" = true ] ; then
695 694 cc="ccache ${CROSS_COMPILE}gcc"
696 695 else
697 696 cc="${CROSS_COMPILE}gcc"
698 697 fi
699 698
700 699 # Cross compile kernel and dtbs
701 700 make -C "${KERNEL_DIR}" -j"${KERNEL_THREADS}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" CC="${cc}" "${KERNEL_BIN_IMAGE}" dtbs
702 701
703 702 # Cross compile kernel modules
704 703 if grep -q "CONFIG_MODULES=y" "${KERNEL_DIR}/.config" ; then
705 704 make -C "${KERNEL_DIR}" -j"${KERNEL_THREADS}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" CC="${cc}" modules
706 705 fi
707 706 # end if "$KERNELSRC_PREBUILT" = false
708 707 fi
709 708
710 709 # Check if kernel compilation was successful
711 710 if [ ! -r "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/${KERNEL_BIN_IMAGE}" ] ; then
712 711 echo "error: kernel compilation failed! (kernel image not found)"
713 712 cleanup
714 713 exit 1
715 714 fi
716 715
717 716 # Install kernel modules
718 717 if [ "$ENABLE_REDUCE" = true ] ; then
719 718 if grep -q "CONFIG_MODULES=y" "${KERNEL_DIR}/.config" ; then
720 719 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_MOD_STRIP=1 INSTALL_MOD_PATH=../../.. modules_install
721 720 fi
722 721 else
723 722 if grep -q "CONFIG_MODULES=y" "${KERNEL_DIR}/.config" ; then
724 723 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_MOD_PATH=../../.. modules_install
725 724 fi
726 725
727 726 # Install kernel firmware
728 727 if grep -q "^firmware_install:" "${KERNEL_DIR}/Makefile" ; then
729 728 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_FW_PATH=../../../lib firmware_install
730 729 fi
731 730 fi
732 731
733 732 # Install kernel headers
734 733 if [ "$KERNEL_HEADERS" = true ] && [ "$REDUCE_KERNEL" = false ] ; then
735 734 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_HDR_PATH=../.. headers_install
736 735 fi
737 736
738 737 # Prepare boot (firmware) directory
739 738 mkdir "${BOOT_DIR}"
740 739
741 740 # Get kernel release version
742 741 KERNEL_VERSION=$(cat "${KERNEL_DIR}/include/config/kernel.release")
743 742
744 743 # Copy kernel configuration file to the boot directory
745 744 install_readonly "${KERNEL_DIR}/.config" "${R}/boot/config-${KERNEL_VERSION}"
746 745
747 746 # Prepare device tree directory
748 747 mkdir "${BOOT_DIR}/overlays"
749 748
750 749 # Ensure the proper .dtb is located
751 750 if [ "$KERNEL_ARCH" = "arm" ] ; then
752 751 for dtb in "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/"*.dtb ; do
753 752 if [ -f "${dtb}" ] ; then
754 753 install_readonly "${dtb}" "${BOOT_DIR}/"
755 754 fi
756 755 done
757 756 else
758 757 for dtb in "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/broadcom/"*.dtb ; do
759 758 if [ -f "${dtb}" ] ; then
760 759 install_readonly "${dtb}" "${BOOT_DIR}/"
761 760 fi
762 761 done
763 762 fi
764 763
765 764 # Copy compiled dtb device tree files
766 765 if [ -d "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays" ] ; then
767 766 for dtb in "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays/"*.dtbo ; do
768 767 if [ -f "${dtb}" ] ; then
769 768 install_readonly "${dtb}" "${BOOT_DIR}/overlays/"
770 769 fi
771 770 done
772 771
773 772 if [ -f "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays/README" ] ; then
774 773 install_readonly "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays/README" "${BOOT_DIR}/overlays/README"
775 774 fi
776 775 fi
777 776
778 777 if [ "$ENABLE_UBOOT" = false ] ; then
779 778 # Convert and copy kernel image to the boot directory
780 779 cp "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/${KERNEL_BIN_IMAGE}" "${BOOT_DIR}/${KERNEL_IMAGE}"
781 780 else
782 781 # Copy kernel image to the boot directory
783 782 install_readonly "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/${KERNEL_BIN_IMAGE}" "${BOOT_DIR}/${KERNEL_IMAGE}"
784 783 fi
785 784
786 785 # Remove kernel sources
787 786 if [ "$KERNEL_REMOVESRC" = true ] ; then
788 787 rm -fr "${KERNEL_DIR}"
789 788 else
790 789 # Prepare compiled kernel modules
791 790 if grep -q "CONFIG_MODULES=y" "${KERNEL_DIR}/.config" ; then
792 791 if grep -q "^modules_prepare:" "${KERNEL_DIR}/Makefile" ; then
793 792 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" modules_prepare
794 793 fi
795 794
796 795 # Create symlinks for kernel modules
797 796 chroot_exec ln -sf /usr/src/linux "/lib/modules/${KERNEL_VERSION}/build"
798 797 chroot_exec ln -sf /usr/src/linux "/lib/modules/${KERNEL_VERSION}/source"
799 798 fi
800 799 fi
801 800
802 801 else # BUILD_KERNEL=false
803 802 if [ "$SET_ARCH" = 64 ] ; then
804 803 if [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then
805 804 # Use Sakakis modified kernel if ZSWAP is active
806 805 if [ "$KERNEL_ZSWAP" = true ] || [ "$KERNEL_VIRT" = true ] || [ "$KERNEL_NF" = true ] || [ "$KERNEL_BPF" = true ] ; then
807 806 RPI3_64_KERNEL_URL="${RPI3_64_BIS_KERNEL_URL}"
808 807 fi
809 808
810 809 # Create temporary directory for dl
811 810 temp_dir=$(as_nobody mktemp -d)
812 811
813 812 # Fetch kernel dl
814 as_nobody wget -O "${temp_dir}"/kernel.tar.xz -c "$RPI3_64_KERNEL_URL"
813 as_nobody wget -O "${temp_dir}"/kernel.tar.xz -c "$RPI3_64_KERNEL_URL"
815 814 fi
816 815 if [ "$SET_ARCH" = 64 ] && [ "$RPI_MODEL" = 4 ] ; then
817 816 # Create temporary directory for dl
818 817 temp_dir=$(as_nobody mktemp -d)
819 818
820 819 # Fetch kernel dl
821 as_nobody wget -O "${temp_dir}"/kernel.tar.xz -c "$RPI4_64_KERNEL_URL"
820 as_nobody wget -O "${temp_dir}"/kernel.tar.xz -c "$RPI4_64_KERNEL_URL"
822 821 fi
823
822
824 823 #extract download
825 824 tar -xJf "${temp_dir}"/kernel.tar.xz -C "${temp_dir}"
826 825
827 826 #move extracted kernel to /boot/firmware
828 827 mkdir "${R}/boot/firmware"
829 828 cp "${temp_dir}"/boot/* "${R}"/boot/firmware/
830 829 cp -r "${temp_dir}"/lib/* "${R}"/lib/
831 830
832 831 # Remove temporary directory for kernel sources
833 832 rm -fr "${temp_dir}"
834 833
835 834 # Set permissions of the kernel sources
836 835 chown -R root:root "${R}/boot/firmware"
837 836 chown -R root:root "${R}/lib/modules"
838 837 fi
839 838
840 839 # Install Kernel from hypriot comptabile with all Raspberry PI (dunno if its compatible with RPI4 - better compile your own kernel)
841 840 if [ "$SET_ARCH" = 32 ] && [ "$RPI_MODEL" != 4 ] ; then
842 841 # Create temporary directory for dl
843 842 temp_dir=$(as_nobody mktemp -d)
844 843
845 844 # Fetch kernel
846 845 as_nobody wget -O "${temp_dir}"/kernel.deb -c "$RPI_32_KERNEL_URL"
847 846
848 847 # Copy downloaded kernel package
849 848 mv "${temp_dir}"/kernel.deb "${R}"/tmp/kernel.deb
850 849
851 850 # Set permissions
852 851 chown -R root:root "${R}"/tmp/kernel.deb
853 852
854 853 # Install kernel
855 854 chroot_exec dpkg -i /tmp/kernel.deb
856 855
857 856 # move /boot to /boot/firmware to fit script env.
858 857 #mkdir "${BOOT_DIR}"
859 858 mkdir "${temp_dir}"/firmware
860 859 mv "${R}"/boot/* "${temp_dir}"/firmware/
861 860 mv "${temp_dir}"/firmware "${R}"/boot/
862 861
863 862 #same for kernel headers
864 863 if [ "$KERNEL_HEADERS" = true ] ; then
865 864 # Fetch kernel header
866 865 as_nobody wget -O "${temp_dir}"/kernel-header.deb -c "$RPI_32_KERNELHEADER_URL"
867 866 mv "${temp_dir}"/kernel-header.deb "${R}"/tmp/kernel-header.deb
868 867 chown -R root:root "${R}"/tmp/kernel-header.deb
869 868 # Install kernel header
870 869 chroot_exec dpkg -i /tmp/kernel-header.deb
871 870 rm -f "${R}"/tmp/kernel-header.deb
872 871 fi
873 872
874 873 # Remove temporary directory and files
875 874 rm -fr "${temp_dir}"
876 875 rm -f "${R}"/tmp/kernel.deb
877 876 fi
878 877
879 878 # Check if kernel installation was successful
880 879 KERNEL="$(ls -1 "${R}"/boot/firmware/kernel* | sort | tail -n 1)"
881 880 if [ -z "$KERNEL" ] ; then
882 881 echo "error: kernel installation failed! (/boot/kernel* not found)"
883 882 cleanup
884 883 exit 1
885 884 fi
886 885 fi
Show file before | Show file after | Hide comments
@@ -1,341 +1,357
1 1 #
2 2 # Setup RPi2/3/4 config and cmdline
3 3 #
4 4
5 5 # Load utility functions
6 6 . ./functions.sh
7 7
8 8 if [ -n "$RPI_FIRMWARE_DIR" ] && [ -d "$RPI_FIRMWARE_DIR" ] ; then
9 9 # Install boot binaries from local directory
10 10 cp "${RPI_FIRMWARE_DIR}"/boot/bootcode.bin "${BOOT_DIR}"/bootcode.bin
11 11 cp "${RPI_FIRMWARE_DIR}"/boot/fixup.dat "${BOOT_DIR}"/fixup.dat
12 12 cp "${RPI_FIRMWARE_DIR}"/boot/fixup_cd.dat "${BOOT_DIR}"/fixup_cd.dat
13 13 cp "${RPI_FIRMWARE_DIR}"/boot/fixup_x.dat "${BOOT_DIR}"/fixup_x.dat
14 14 cp "${RPI_FIRMWARE_DIR}"/boot/start.elf "${BOOT_DIR}"/start.elf
15 15 cp "${RPI_FIRMWARE_DIR}"/boot/start_cd.elf "${BOOT_DIR}"/start_cd.elf
16 16 cp "${RPI_FIRMWARE_DIR}"/boot/start_x.elf "${BOOT_DIR}"/start_x.elf
17 17 cp "${RPI_FIRMWARE_DIR}"/boot/fixup4cd.dat "${BOOT_DIR}"/fixup4cd.dat
18 18 cp "${RPI_FIRMWARE_DIR}"/boot/fixup4.dat "${BOOT_DIR}"/fixup4.dat
19 19 cp "${RPI_FIRMWARE_DIR}"/boot/fixup4db.dat "${BOOT_DIR}"/fixup4db.dat
20 20 cp "${RPI_FIRMWARE_DIR}"/boot/fixup4x.dat "${BOOT_DIR}"/fixup4x.dat
21 21 cp "${RPI_FIRMWARE_DIR}"/boot/start4cd.elf "${BOOT_DIR}"/start4cd.elf
22 22 cp "${RPI_FIRMWARE_DIR}"/boot/start4db.elf "${BOOT_DIR}"/start4db.elf
23 23 cp "${RPI_FIRMWARE_DIR}"/boot/start4.elf "${BOOT_DIR}"/start4.elf
24 24 cp "${RPI_FIRMWARE_DIR}"/boot/start4x.elf "${BOOT_DIR}"/start4x.elf
25 25 else
26 26 # Create temporary directory for boot binaries
27 27 temp_dir=$(as_nobody mktemp -d)
28 28
29 29 # Install latest boot binaries from raspberry/firmware github
30 30 as_nobody wget -q -O "${temp_dir}/bootcode.bin" "${FIRMWARE_URL}/bootcode.bin"
31 31 as_nobody wget -q -O "${temp_dir}/fixup.dat" "${FIRMWARE_URL}/fixup.dat"
32 32 as_nobody wget -q -O "${temp_dir}/fixup_cd.dat" "${FIRMWARE_URL}/fixup_cd.dat"
33 33 as_nobody wget -q -O "${temp_dir}/fixup_x.dat" "${FIRMWARE_URL}/fixup_x.dat"
34 34 as_nobody wget -q -O "${temp_dir}/start.elf" "${FIRMWARE_URL}/start.elf"
35 35 as_nobody wget -q -O "${temp_dir}/start_cd.elf" "${FIRMWARE_URL}/start_cd.elf"
36 36 as_nobody wget -q -O "${temp_dir}/start_x.elf" "${FIRMWARE_URL}/start_x.elf"
37 37 as_nobody wget -q -O "${temp_dir}/fixup4cd.dat" "${FIRMWARE_URL}/fixup4cd.dat"
38 38 as_nobody wget -q -O "${temp_dir}/fixup4.dat" "${FIRMWARE_URL}/fixup4.dat"
39 39 as_nobody wget -q -O "${temp_dir}/fixup4db.dat" "${FIRMWARE_URL}/fixup4db.dat"
40 40 as_nobody wget -q -O "${temp_dir}/fixup4x.dat" "${FIRMWARE_URL}/fixup4x.dat"
41 41 as_nobody wget -q -O "${temp_dir}/start4cd.elf" "${FIRMWARE_URL}/start4cd.elf"
42 42 as_nobody wget -q -O "${temp_dir}/start4db.elf" "${FIRMWARE_URL}/start4db.elf"
43 43 as_nobody wget -q -O "${temp_dir}/start4.elf" "${FIRMWARE_URL}/start4.elf"
44 44 as_nobody wget -q -O "${temp_dir}/start4x.elf" "${FIRMWARE_URL}/start4x.elf"
45 45
46 46 # Move downloaded boot binaries
47 47 mv "${temp_dir}/"* "${BOOT_DIR}/"
48 48
49 49 # Remove temporary directory for boot binaries
50 50 rm -fr "${temp_dir}"
51 51
52 52 # Set permissions of the boot binaries
53 53 chown -R root:root "${BOOT_DIR}"
54 54 chmod -R 600 "${BOOT_DIR}"
55 55 fi
56 56
57 57 # Setup firmware boot cmdline
58 58 if [ "$ENABLE_USBBOOT" = true ] ; then
59 59 CMDLINE="dwc_otg.lpm_enable=0 root=/dev/sda2 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline console=tty1 rootwait init=/bin/systemd"
60 60 else
61 61 if [ "$ENABLE_SPLITFS" = true ] ; then
62 62 CMDLINE="dwc_otg.lpm_enable=0 root=/dev/sda1 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline console=tty1 rootwait init=/bin/systemd"
63 63 else
64 64 CMDLINE="dwc_otg.lpm_enable=0 root=/dev/mmcblk0p2 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline console=tty1 rootwait init=/bin/systemd"
65 65 fi
66 66 fi
67 67
68 68 # Add encrypted root partition to cmdline.txt
69 69 if [ "$ENABLE_CRYPTFS" = true ] ; then
70 70 if [ "$ENABLE_SPLITFS" = true ] ; then
71 71 CMDLINE=$(echo "${CMDLINE}" | sed "s/sda1/mapper\/${CRYPTFS_MAPPING} cryptdevice=\/dev\/sda1:${CRYPTFS_MAPPING}/")
72 72 else
73 73 if [ "$ENABLE_USBBOOT" = true ] ; then
74 74 CMDLINE=$(echo "${CMDLINE}" | sed "s/sda2/mapper\/${CRYPTFS_MAPPING} cryptdevice=\/dev\/sda2:${CRYPTFS_MAPPING}/")
75 75 else
76 76 CMDLINE=$(echo "${CMDLINE}" | sed "s/mmcblk0p2/mapper\/${CRYPTFS_MAPPING} cryptdevice=\/dev\/mmcblk0p2:${CRYPTFS_MAPPING}/")
77 77 fi
78 78 fi
79 79 fi
80 80
81 81 # Enable Kernel messages on standard output
82 82 if [ "$ENABLE_PRINTK" = true ] ; then
83 83 install_readonly files/sysctl.d/83-rpi-printk.conf "${ETC_DIR}/sysctl.d/83-rpi-printk.conf"
84 84 fi
85 85
86 86 # Enable Kernel messages on standard output
87 87 if [ "$KERNEL_SECURITY" = true ] ; then
88 88 install_readonly files/sysctl.d/84-rpi-ASLR.conf "${ETC_DIR}/sysctl.d/84-rpi-ASLR.conf"
89 89 fi
90 90
91 91 # Install udev rule for serial alias - serial0 = console serial1=bluetooth
92 92 install_readonly files/etc/99-com.rules "${LIB_DIR}/udev/rules.d/99-com.rules"
93 93
94 94 # Remove IPv6 networking support
95 95 if [ "$ENABLE_IPV6" = false ] ; then
96 96 CMDLINE="${CMDLINE} ipv6.disable=1"
97 97 fi
98 98
99 99 # Automatically assign predictable network interface names
100 100 if [ "$ENABLE_IFNAMES" = false ] ; then
101 101 CMDLINE="${CMDLINE} net.ifnames=0"
102 102 else
103 103 CMDLINE="${CMDLINE} net.ifnames=1"
104 104 fi
105 105
106 106 # Disable Raspberry Pi console logo
107 107 if [ "$ENABLE_LOGO" = false ] ; then
108 108 CMDLINE="${CMDLINE} logo.nologo"
109 109 fi
110 110
111 111 # Strictly limit verbosity of boot up console messages
112 112 if [ "$ENABLE_SILENT_BOOT" = true ] ; then
113 113 CMDLINE="${CMDLINE} quiet loglevel=0 rd.systemd.show_status=auto rd.udev.log_priority=0"
114 114 fi
115 115
116 116 # Install firmware config
117 117 install_readonly files/boot/config.txt "${BOOT_DIR}/config.txt"
118 118
119 119 # Disable Raspberry Pi console logo
120 120 if [ "$ENABLE_SPLASH" = false ] ; then
121 121 echo "disable_splash=1" >> "${BOOT_DIR}/config.txt"
122 122 fi
123 123
124 124 # Locks CPU frequency at maximum
125 125 if [ "$ENABLE_TURBO" = true ] ; then
126 126 echo "force_turbo=1" >> "${BOOT_DIR}/config.txt"
127 127 # helps to avoid sdcard corruption when force_turbo is enabled.
128 128 echo "boot_delay=1" >> "${BOOT_DIR}/config.txt"
129 129 fi
130 130
131 131 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] || [ "$RPI_MODEL" = 4 ]; then
132 132
133 133 # Bluetooth enabled
134 134 if [ "$ENABLE_BLUETOOTH" = true ] ; then
135 135 # Create temporary directory for Bluetooth sources
136 136 temp_dir=$(as_nobody mktemp -d)
137 137
138 138 # Fetch Bluetooth sources
139 139 as_nobody git -C "${temp_dir}" clone "${BLUETOOTH_URL}"
140 140
141 141 # Copy downloaded sources
142 142 mv "${temp_dir}/pi-bluetooth" "${R}/tmp/"
143 143
144 144 # Set permissions
145 145 chown -R root:root "${R}/tmp/pi-bluetooth"
146 146
147 147 # Bluetooth firmware from arch aur https://aur.archlinux.org/packages/pi-bluetooth/
148 148 wget -q -O "${R}/tmp/pi-bluetooth/LICENCE.broadcom_bcm43xx" https://aur.archlinux.org/cgit/aur.git/plain/LICENCE.broadcom_bcm43xx?h=pi-bluetooth
149 149 wget -q -O "${R}/tmp/pi-bluetooth/BCM43430A1.hcd" https://raw.githubusercontent.com/RPi-Distro/bluez-firmware/master/broadcom/BCM43430A1.hcd
150 150
151 151 # Install tools
152 152 install_readonly "${R}/tmp/pi-bluetooth/usr/bin/btuart" "${R}/usr/bin/btuart"
153 153 install_readonly "${R}/tmp/pi-bluetooth/usr/bin/bthelper" "${R}/usr/bin/bthelper"
154 154
155 155 # make scripts executable
156 156 chmod +x "${R}/usr/bin/bthelper"
157 157 chmod +x "${R}/usr/bin/btuart"
158 158
159 159 # Install bluetooth udev rule
160 160 install_readonly "${R}/tmp/pi-bluetooth/lib/udev/rules.d/90-pi-bluetooth.rules" "${LIB_DIR}/udev/rules.d/90-pi-bluetooth.rules"
161 161
162 162 # Install Firmware Flash file and apropiate licence
163 163 mkdir -p "$BLUETOOTH_FIRMWARE_DIR"
164 164 install_readonly "${R}/tmp/pi-bluetooth/LICENCE.broadcom_bcm43xx" "${BLUETOOTH_FIRMWARE_DIR}/LICENCE.broadcom_bcm43xx"
165 165 install_readonly "${R}/tmp/pi-bluetooth/BCM43430A1.hcd" "${BLUETOOTH_FIRMWARE_DIR}/BCM43430A1.hcd"
166 166 install_readonly "${R}/tmp/pi-bluetooth/debian/pi-bluetooth.bthelper@.service" "${ETC_DIR}/systemd/system/pi-bluetooth.bthelper@.service"
167 167 install_readonly "${R}/tmp/pi-bluetooth/debian/pi-bluetooth.hciuart.service" "${ETC_DIR}/systemd/system/pi-bluetooth.hciuart.service"
168 168
169 169 # Remove temporary directories
170 170 rm -fr "${temp_dir}"
171 171 rm -fr "${R}"/tmp/pi-bluetooth
172 172
173 173 # Switch Pi3 Bluetooth function to use the mini-UART (ttyS0) and restore UART0/ttyAMA0 over GPIOs 14 & 15. Slow Bluetooth and slow cpu. Use /dev/ttyS0 instead of /dev/ttyAMA0
174 174 if [ "$ENABLE_MINIUART_OVERLAY" = true ] ; then
175 175 # set overlay to swap ttyAMA0 and ttyS0
176 176 echo "dtoverlay=pi3-miniuart-bt" >> "${BOOT_DIR}/config.txt"
177 177
178 178 if [ "$ENABLE_TURBO" = false ] ; then
179 179 echo "core_freq=250" >> "${BOOT_DIR}/config.txt"
180 180 fi
181 181
182 182 fi
183 183
184 184 # Activate services
185 185 chroot_exec systemctl enable pi-bluetooth.hciuart.service
186 186
187 187 else # if ENABLE_BLUETOOTH = false
188 188 # set overlay to disable bluetooth
189 189 echo "dtoverlay=pi3-disable-bt" >> "${BOOT_DIR}/config.txt"
190 190 fi # ENABLE_BLUETOOTH end
191 191 fi
192 192
193 193 # may need sudo systemctl disable hciuart
194 194 if [ "$ENABLE_CONSOLE" = true ] ; then
195 195 echo "enable_uart=1" >> "${BOOT_DIR}/config.txt"
196 196 #More debug output on early but with serial console
197 197 echo "uart_2ndstage=1" >> "${BOOT_DIR}/config.txt"
198 198
199 199 # add string to cmdline
200 200 CMDLINE="${CMDLINE} console=serial0,115200"
201 201
202 202 if [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ]|| [ "$RPI_MODEL" = 0 ]; then
203 203 # if force_turbo didn't lock cpu at high speed, lock it at low speed (XOR logic) or miniuart will be broken
204 204 if [ "$ENABLE_TURBO" = false ] ; then
205 205 echo "core_freq=250" >> "${BOOT_DIR}/config.txt"
206 206 fi
207 207 fi
208 208
209 209 # Enable serial console systemd style
210 210 chroot_exec systemctl enable serial-getty@serial0.service
211 211 else
212 212 echo "enable_uart=0" >> "${BOOT_DIR}/config.txt"
213 213 fi
214 214
215 215 # Disable dphys-swapfile service. Will get enabled on first boot
216 216 if [ "$ENABLE_DPHYSSWAP" = true ] ; then
217 217 chroot_exec systemctl disable dphys-swapfile
218 218 fi
219 219
220 220 if [ "$ENABLE_SYSTEMDSWAP" = true ] ; then
221 221 # Create temporary directory for systemd-swap sources
222 222 temp_dir=$(as_nobody mktemp -d)
223 223
224 224 # Fetch systemd-swap sources
225 225 as_nobody git -C "${temp_dir}" clone "${SYSTEMDSWAP_URL}"
226 226
227 227 # Copy downloaded systemd-swap sources
228 228 mv "${temp_dir}/systemd-swap" "${R}/tmp/"
229 229
230 230 # Change into downloaded src dir
231 231 cd "${R}/tmp/systemd-swap" || exit
232 232
233 233 # Get Verion
234 234 VERSION=$(git tag | tail -n 1)
235 235 #sed -i "s/DEB_NAME=.*/DEB_NAME=systemd-swap_all/g" "${R}/tmp/systemd-swap/package.sh"
236 236
237 237 # Build package
238 238 bash ./package.sh debian
239 239
240 240 # Change back into script root dir
241 241 cd "${WORKDIR}" || exit
242 242
243 243 # Set permissions of the systemd-swap sources
244 244 chown -R root:root "${R}/tmp/systemd-swap"
245 245
246 246 # Install package - IMPROVE AND MAKE IT POSSIBLE WITHOUT VERSION NR.
247 247 chroot_exec dpkg -i /tmp/systemd-swap/systemd-swap_"$VERSION"_all.deb
248 248
249 249 # Enable service
250 250 chroot_exec systemctl enable systemd-swap
251 251
252 252 # Remove temporary directory for systemd-swap sources
253 253 rm -fr "${temp_dir}"
254 254 else
255 255 # Enable ZSWAP in cmdline if systemd-swap is not used
256 256 if [ "$KERNEL_ZSWAP" = true ] ; then
257 257 CMDLINE="${CMDLINE} zswap.enabled=1 zswap.max_pool_percent=25 zswap.compressor=lz4"
258 258 fi
259 259 fi
260 260 if [ "$KERNEL_SECURITY" = true ] ; then
261 261 CMDLINE="${CMDLINE} apparmor=1 security=apparmor"
262 262 fi
263 263
264 264 # Install firmware boot cmdline
265 265 echo "${CMDLINE}" > "${BOOT_DIR}/cmdline.txt"
266 266
267 267 # Setup minimal GPU memory allocation size: 16MB (no X)
268 <<<<<<< HEAD
268 269 if [ "$ENABLE_MINGPU" = true ] ; then
269 270 if [ "$ENABLE_GR_ACCEL" = false ] ; then
270 271 echo "gpu_mem=16" >> "${BOOT_DIR}/config.txt"
271 272 else
272 273 ### Cannot reduce memory if graphics acceleration is requested
273 274 echo "gpu_mem=128" >> "${BOOT_DIR}/config.txt"
274 275 fi
276 =======
277 if [ "$ENABLE_MINGPU" = true ] && [ "$ENABLE_GR_ACCEL" = false ] ; then
278 echo "gpu_mem=16" >> "${BOOT_DIR}/config.txt"
279 >>>>>>> 7588b4f62cfa955de0822acf49908044e0504249
275 280 fi
276 281
277 282 # Setup boot with initramfs
278 283 if [ "$ENABLE_INITRAMFS" = true ] ; then
279 284 echo "initramfs initramfs-${KERNEL_VERSION} followkernel" >> "${BOOT_DIR}/config.txt"
280 285 fi
281 286
282 287 # Create firmware configuration and cmdline symlinks
283 288 ln -sf firmware/config.txt "${R}/boot/config.txt"
284 289 ln -sf firmware/cmdline.txt "${R}/boot/cmdline.txt"
285 290
286 291 # Install and setup kernel modules to load at boot
287 292 mkdir -p "${LIB_DIR}/modules-load.d/"
288 293 install_readonly files/modules/rpi2.conf "${LIB_DIR}/modules-load.d/rpi2.conf"
289 294
290 295 # Load hardware random module at boot
291 296 if [ "$ENABLE_HWRANDOM" = true ] && [ "$BUILD_KERNEL" = false ] ; then
292 297 sed -i "s/^# bcm2708_rng/bcm2708_rng/" "${LIB_DIR}/modules-load.d/rpi2.conf"
293 298 fi
294 299
295 300 # Load sound module at boot
296 301 if [ "$ENABLE_SOUND" = true ] ; then
297 302 sed -i "s/^# snd_bcm2835/snd_bcm2835/" "${LIB_DIR}/modules-load.d/rpi2.conf"
298 303 else
299 304 echo "dtparam=audio=off" >> "${BOOT_DIR}/config.txt"
300 305 fi
301 306
302 307 # Enable I2C interface
303 308 if [ "$ENABLE_I2C" = true ] ; then
304 309 echo "dtparam=i2c_arm=on" >> "${BOOT_DIR}/config.txt"
305 310 sed -i "s/^# i2c-bcm2708/i2c-bcm2708/" "${LIB_DIR}/modules-load.d/rpi2.conf"
306 311 sed -i "s/^# i2c-dev/i2c-dev/" "${LIB_DIR}/modules-load.d/rpi2.conf"
307 312 fi
308 313
309 314 # Enable SPI interface
310 315 if [ "$ENABLE_SPI" = true ] ; then
311 316 echo "dtparam=spi=on" >> "${BOOT_DIR}/config.txt"
312 317 echo "spi-bcm2708" >> "${LIB_DIR}/modules-load.d/rpi2.conf"
313 318 if [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ]; then
314 319 sed -i "s/spi-bcm2708/spi-bcm2835/" "${LIB_DIR}/modules-load.d/rpi2.conf"
315 320 fi
316 321 fi
317 322
323 #Enable graphics acceleration for Model 4
324 if [ "$RPI_MODEL" = 4 ] && [ "$ENABLE_GR_ACCEL" = true ] ; then
325 echo "max_framebuffers=2" >> "${BOOT_DIR}/config.txt"
326 echo "arm_64bit=1" >> "${BOOT_DIR}/config.txt"
327 echo "cmdline=cmdline.txt" >> "${BOOT_DIR}/config.txt"
328 echo "dtparam=audio=on" >> "${BOOT_DIR}/config.txt"
329 echo "gpu_mem=128" >> "${BOOT_DIR}/config.txt"
330 echo "dtoverlay=vc4-fkms-v3d, cma-128" >> "${BOOT_DIR}/config.txt"
331 fi
332
333
318 334 # Disable RPi2/3 under-voltage warnings
319 335 if [ -n "$DISABLE_UNDERVOLT_WARNINGS" ] ; then
320 336 echo "avoid_warnings=${DISABLE_UNDERVOLT_WARNINGS}" >> "${BOOT_DIR}/config.txt"
321 337 fi
322 338
323 339 #Enable graphics acceleration for Model 4
324 340 if [ "$RPI_MODEL" = 4 ] && [ "$ENABLE_GR_ACCEL" = true ] ; then
325 341 echo "max_framebuffers=2" >> "${BOOT_DIR}/config.txt"
326 342 echo "arm_64bit=1" >> "${BOOT_DIR}/config.txt"
327 343 echo "cmdline=cmdline.txt" >> "${BOOT_DIR}/config.txt"
328 344 echo "dtparam=audio=on" >> "${BOOT_DIR}/config.txt"
329 345 if [ "$ENABLE_MINGPU" = false ] ; then
330 346 echo "gpu_mem=128" >> "${BOOT_DIR}/config.txt"
331 347 fi
332 348 echo "dtoverlay=vc4-fkms-v3d, cma-128" >> "${BOOT_DIR}/config.txt"
333 349 fi
334 350
335 351
336 352 # Install kernel modules blacklist
337 353 mkdir -p "${ETC_DIR}/modprobe.d/"
338 354 install_readonly files/modules/raspi-blacklist.conf "${ETC_DIR}/modprobe.d/raspi-blacklist.conf"
339 355
340 356 # Install sysctl.d configuration files
341 357 install_readonly files/sysctl.d/81-rpi-vm.conf "${ETC_DIR}/sysctl.d/81-rpi-vm.conf"
Show file before | Show file after | Hide comments
@@ -1,926 +1,970
1 1 #!/bin/bash
2 2 ########################################################################
3 3 # rpi23-gen-image.sh 2015-2017
4 4 #
5 5 # Advanced Debian "bullseye" and "bookworm" bootstrap script for Raspberry Pi
6 6 #
7 7 # This program is free software; you can redistribute it and/or
8 8 # modify it under the terms of the GNU General Public License
9 9 # as published by the Free Software Foundation; either version 2
10 10 # of the License, or (at your option) any later version.
11 11 #
12 12 # Copyright (C) 2015 Jan Wagner <mail@jwagner.eu>
13 13 #
14 14 # Big thanks for patches and enhancements by 20+ github contributors!
15 15 ########################################################################
16 16
17 17 # Are we running as root?
18 18 if [ "$(id -u)" -ne "0" ] ; then
19 19 echo "error: this script must be executed with root privileges!"
20 20 exit 1
21 21 fi
22 22
23 23 # Check if ./functions.sh script exists
24 24 if [ ! -r "./functions.sh" ] ; then
25 25 echo "error: './functions.sh' required script not found!"
26 26 exit 1
27 27 fi
28 28
29 29 # Load utility functions
30 30 . ./functions.sh
31 31
32 32 # Load parameters from configuration template file
33 33 if [ -n "$CONFIG_TEMPLATE" ] ; then
34 34 use_template
35 35 fi
36 36
37 37 # Introduce settings
38 38 set -e
39 39 echo -n -e "\n#\n# RPi 0/1/2/3/4 Bootstrap Settings\n#\n"
40 40 set -x
41 41
42 42 # Raspberry Pi model configuration defaults to 3P
43 43 RPI_MODEL=${RPI_MODEL:=3P}
44 44
45 <<<<<<< HEAD
45 46 # Debian release defaults to bullseye
46 47 RELEASE=${RELEASE:=bullseye}
47 48 if [ "$RELEASE" = "bookworm" ] ; then
49 =======
50 # Debian release
51 RELEASE=${RELEASE:=buster}
52 if [ $RELEASE = "bullseye" ] ; then
53 >>>>>>> 7588b4f62cfa955de0822acf49908044e0504249
48 54 RELEASE=testing
49 55 fi
50 56 echo "Debian release value used : " $RELEASE
51 57
52 58 # Kernel Branch
53 59 KERNEL_BRANCH=${KERNEL_BRANCH:=""}
54 60
55 61 # URLs
56 62 KERNEL_URL=${KERNEL_URL:=https://github.com/raspberrypi/linux}
57 63 FIRMWARE_URL=${FIRMWARE_URL:=https://github.com/raspberrypi/firmware/raw/master/boot}
58 64 #WLAN_FIRMWARE_URL=${WLAN_FIRMWARE_URL:=https://github.com/RPi-Distro/firmware-nonfree/raw/master/brcm}
59 65 WLAN_FIRMWARE_URL=${WLAN_FIRMWARE_URL:=https://raw.githubusercontent.com/RPi-Distro/firmware-nonfree/bullseye/debian/config/brcm80211/brcm}
60 66 FBTURBO_URL=${FBTURBO_URL:=https://github.com/ssvb/xf86-video-fbturbo.git}
61 67 UBOOT_URL=${UBOOT_URL:=https://git.denx.de/u-boot.git}
62 68 VIDEOCORE_URL=${VIDEOCORE_URL:=https://github.com/raspberrypi/userland}
63 69 BLUETOOTH_URL=${BLUETOOTH_URL:=https://github.com/RPi-Distro/pi-bluetooth.git}
64 70 NEXMON_URL=${NEXMON_URL:=https://github.com/seemoo-lab/nexmon.git}
65 71 SYSTEMDSWAP_URL=${SYSTEMDSWAP_URL:=https://github.com/Nefelim4ag/systemd-swap.git}
66 72
67 73 # Kernel deb packages for 32bit kernel
68 74 RPI_32_KERNEL_URL=${RPI_32_KERNEL_URL:=https://github.com/hypriot/rpi-kernel/releases/download/v4.14.34/raspberrypi-kernel_20180422-141901_armhf.deb}
69 75 RPI_32_KERNELHEADER_URL=${RPI_32_KERNELHEADER_URL:=https://github.com/hypriot/rpi-kernel/releases/download/v4.14.34/raspberrypi-kernel-headers_20180422-141901_armhf.deb}
70 76 # Kernel has KVM and zswap enabled - use if KERNEL_* parameters and precompiled kernel are used
71 77 RPI3_64_BIS_KERNEL_URL=${RPI3_64_BIS_KERNEL_URL:=https://github.com/sakaki-/bcmrpi3-kernel-bis/releases/download/4.19.102.20200211/bcmrpi3-kernel-bis-4.19.102.20200211.tar.xz}
72 78 # Default precompiled 64bit kernel
73 79 RPI3_64_DEF_KERNEL_URL=${RPI3_64_DEF_KERNEL_URL:=https://github.com/sakaki-/bcmrpi3-kernel/releases/download/4.19.102.20200211/bcmrpi3-kernel-4.19.102.20200211.tar.xz}
74 80 # Sakaki BIS Kernel RPI4 - https://github.com/sakaki-/bcm2711-kernel-bis
75 81 RPI4_64_BIS_KERNEL_URL=${RPI4_64_BIS_KERNEL_URL:=https://github.com/sakaki-/bcm2711-kernel-bis/releases/download/4.19.102.20200211/bcm2711-kernel-bis-4.19.102.20200211.tar.xz}
76 82 # Default precompiled 64bit kernel - https://github.com/sakaki-/bcm2711-kernel
77 83 RPI4_64_DEF_KERNEL_URL=${RPI4_64_DEF_KERNEL_URL:=https://github.com/sakaki-/bcm2711-kernel-bis/releases/download/4.19.102.20200211/bcm2711-kernel-bis-4.19.102.20200211.tar.xz}
78 84 # Generic
79 85 RPI3_64_KERNEL_URL=${RPI3_64_KERNEL_URL:=$RPI3_64_DEF_KERNEL_URL}
80 86 RPI4_64_KERNEL_URL=${RPI4_64_KERNEL_URL:=$RPI4_64_DEF_KERNEL_URL}
81 87 # Kali kernel src - used if ENABLE_NEXMON=true (they patch the wlan kernel modul)
82 88 KALI_KERNEL_URL=${KALI_KERNEL_URL:=https://github.com/Re4son/re4son-raspberrypi-linux.git}
83 89
84 90 # Build directories
85 91 WORKDIR=$(pwd)
86 92 BASEDIR=${BASEDIR:=${WORKDIR}/images/${RELEASE}}
87 93 BUILDDIR="${BASEDIR}/build"
88 94
89 95 # Chroot directories
90 96 R="${BUILDDIR}/chroot"
91 97 ETC_DIR="${R}/etc"
92 98 LIB_DIR="${R}/lib"
93 99 BOOT_DIR="${R}/boot/firmware"
94 100 KERNEL_DIR="${R}/usr/src/linux"
95 101 WLAN_FIRMWARE_DIR="${LIB_DIR}/firmware/brcm"
96 102 BLUETOOTH_FIRMWARE_DIR="${ETC_DIR}/firmware/bt"
97 103
98 104 # APT settings
99 105 APT_SERVER=${APT_SERVER:="ftp.debian.org"}
100 106 APT_PROXY=${APT_PROXY:=""}
101 107 KEEP_APT_PROXY=${KEEP_APT_PROXY:=false}
102 108 # Packages required in the chroot build environment
103 109 APT_INCLUDES=${APT_INCLUDES:=""}
104 110 APT_INCLUDES="${APT_INCLUDES},apt-transport-https,apt-utils,ca-certificates,debian-archive-keyring,dialog,sudo,systemd,sysvinit-utils,locales,keyboard-configuration,console-setup,libnss-systemd"
105 111 # Packages to exclude from chroot build environment
106 112 APT_EXCLUDES=${APT_EXCLUDES:=""}
107 113
108 114 # General settings
109 115 SET_ARCH=${SET_ARCH:=32}
110 116 HOSTNAME=${HOSTNAME:=rpi${RPI_MODEL}-${RELEASE}}
111 117 DEFLOCAL=${DEFLOCAL:="en_US.UTF-8"}
112 118 TIMEZONE=${TIMEZONE:="Europe/Berlin"}
113 119 EXPANDROOT=${EXPANDROOT:=true}
114 120
115 121 ENABLE_ROOT=${ENABLE_ROOT:=false}
116 122 ROOT_PASSWORD=${ROOT_PASSWORD:=raspberry}
117 123 ENABLE_USER=${ENABLE_USER:=true}
118 124 USER_NAME=${USER_NAME:="pi"}
119 125 USER_PASSWORD=${USER_PASSWORD:=raspberry}
120 126
121 127 # Keyboard settings
122 128 XKB_MODEL=${XKB_MODEL:=""}
123 129 XKB_LAYOUT=${XKB_LAYOUT:=""}
124 130 XKB_VARIANT=${XKB_VARIANT:=""}
125 131 XKB_OPTIONS=${XKB_OPTIONS:=""}
126 132
127 133 # Networking settings:
128 134 ENABLE_IPV6=${ENABLE_IPV6:=true}
129 135 ENABLE_WIRELESS=${ENABLE_WIRELESS:=false}
130 136 ENABLE_IPTABLES=${ENABLE_IPTABLES:=false}
131 137 ENABLE_HARDNET=${ENABLE_HARDNET:=false}
132 138 ENABLE_IFNAMES=${ENABLE_IFNAMES:=true}
133 139
134 140 # Network settings (DHCP)
135 141 ENABLE_ETH_DHCP=${ENABLE_ETH_DHCP:=true}
136 142 ENABLE_WIFI_DHCP=${ENABLE_ETH_DHCP:=true}
137 143
138 144 # Network settings (static)
139 145 NET_ETH_ADDRESS=${NET_ETH_ADDRESS:=""}
140 146 NET_ETH_GATEWAY=${NET_ETH_GATEWAY:=""}
141 147 NET_ETH_DNS_1=${NET_ETH_DNS_1:=""}
142 148 NET_ETH_DNS_2=${NET_ETH_DNS_2:=""}
143 149 NET_ETH_DNS_DOMAINS=${NET_ETH_DNS_DOMAINS:=""}
144 150 NET_ETH_NTP_1=${NET_ETH_NTP_1:=""}
145 151 NET_ETH_NTP_2=${NET_ETH_NTP_2:=""}
146 152
147 153 # Networking settings (WIFI):
148 154 NET_WIFI_SSID=${NET_WIFI_SSID:=""}
149 155 NET_WIFI_PSK=${NET_WIFI_PSK:=""}
150 156
151 157 # Network settings (static)
152 158 NET_WIFI_ADDRESS=${NET_WIFI_ADDRESS:=""}
153 159 NET_WIFI_GATEWAY=${NET_WIFI_GATEWAY:=""}
154 160 NET_WIFI_DNS_1=${NET_WIFI_DNS_1:=""}
155 161 NET_WIFI_DNS_2=${NET_WIFI_DNS_2:=""}
156 162 NET_WIFI_DNS_DOMAINS=${NET_WIFI_DNS_DOMAINS:=""}
157 163 NET_WIFI_NTP_1=${NET_WIFI_NTP_1:=""}
158 164 NET_WIFI_NTP_2=${NET_WIFI_NTP_2:=""}
159 165
160 166 # Feature settings
161 167 ENABLE_CONSOLE=${ENABLE_CONSOLE:=false}
162 168 ENABLE_PRINTK=${ENABLE_PRINTK:=false}
163 169 ENABLE_BLUETOOTH=${ENABLE_BLUETOOTH:=false}
164 170 ENABLE_MINIUART_OVERLAY=${ENABLE_MINIUART_OVERLAY:=false}
165 171 ENABLE_TURBO=${ENABLE_TURBO:=false}
166 172 ENABLE_I2C=${ENABLE_I2C:=false}
167 173 ENABLE_SPI=${ENABLE_SPI:=false}
168 174
169 175 ENABLE_NONFREE=${ENABLE_NONFREE:=false}
170 176 ENABLE_RSYSLOG=${ENABLE_RSYSLOG:=true}
171 177 ENABLE_SOUND=${ENABLE_SOUND:=false}
172 178 ENABLE_HWRANDOM=${ENABLE_HWRANDOM:=true}
173 179 ENABLE_MINGPU=${ENABLE_MINGPU:=false}
174 180 ENABLE_XORG=${ENABLE_XORG:=false}
175 181 ENABLE_WM=${ENABLE_WM:=""}
176 182 ENABLE_SYSVINIT=${ENABLE_SYSVINIT:=false}
177 183 ENABLE_SPLASH=${ENABLE_SPLASH:=true}
178 184 ENABLE_LOGO=${ENABLE_LOGO:=true}
179 185 ENABLE_SILENT_BOOT=${ENABLE_SILENT_BOOT=false}
180 186 DISABLE_UNDERVOLT_WARNINGS=${DISABLE_UNDERVOLT_WARNINGS:=}
181 187
182 188 # Advanced settings
183 189 ENABLE_DPHYSSWAP=${ENABLE_DPHYSSWAP:=true}
184 190 ENABLE_SYSTEMDSWAP=${ENABLE_SYSTEMDSWAP:=false}
185 191 ENABLE_QEMU=${ENABLE_QEMU:=false}
186 192 ENABLE_KEYGEN=${ENABLE_KEYGEN:=false}
187 193 ENABLE_MINBASE=${ENABLE_MINBASE:=false}
188 194 ENABLE_SPLITFS=${ENABLE_SPLITFS:=false}
189 195 ENABLE_INITRAMFS=${ENABLE_INITRAMFS:=false}
190 196 ENABLE_DBUS=${ENABLE_DBUS:=true}
191 197 ENABLE_USBBOOT=${ENABLE_USBBOOT=false}
192 198 CHROOT_SCRIPTS=${CHROOT_SCRIPTS:=""}
193 199 ENABLE_UBOOT=${ENABLE_UBOOT:=false}
194 200 UBOOTSRC_DIR=${UBOOTSRC_DIR:=""}
195 201 ENABLE_FBTURBO=${ENABLE_FBTURBO:=false}
196 202 ENABLE_GR_ACCEL=${ENABLE_GR_ACCEL:=true}
197 203 FBTURBOSRC_DIR=${FBTURBOSRC_DIR:=""}
198 204 ENABLE_VIDEOCORE=${ENABLE_VIDEOCORE:=false}
199 205 VIDEOCORESRC_DIR=${VIDEOCORESRC_DIR:=""}
200 206 ENABLE_NEXMON=${ENABLE_NEXMON:=false}
201 207 NEXMONSRC_DIR=${NEXMONSRC_DIR:=""}
202 208
203 209 # SSH settings
204 210 SSH_ENABLE=${SSH_ENABLE:=true}
205 211 SSH_ENABLE_ROOT=${SSH_ENABLE_ROOT:=false}
206 212 SSH_DISABLE_PASSWORD_AUTH=${SSH_DISABLE_PASSWORD_AUTH:=false}
207 213 SSH_LIMIT_USERS=${SSH_LIMIT_USERS:=false}
208 214 SSH_ROOT_PUB_KEY=${SSH_ROOT_PUB_KEY:=""}
209 215 SSH_USER_PUB_KEY=${SSH_USER_PUB_KEY:=""}
210 216
211 217 # Kernel compilation settings
212 218 BUILD_KERNEL=${BUILD_KERNEL:=true}
213 219 KERNEL_THREADS=${KERNEL_THREADS:=1}
214 220 KERNEL_HEADERS=${KERNEL_HEADERS:=true}
215 221 KERNEL_MENUCONFIG=${KERNEL_MENUCONFIG:=false}
216 222 KERNEL_OLDDEFCONFIG=${KERNEL_OLDDEFCONFIG:=false}
217 223 KERNEL_CCACHE=${KERNEL_CCACHE:=false}
218 224 KERNEL_REMOVESRC=${KERNEL_REMOVESRC:=true}
219 225 KERNELSRC_DIR=${KERNELSRC_DIR:=""}
220 226 KERNELSRC_CLEAN=${KERNELSRC_CLEAN:=false}
221 227 KERNELSRC_CONFIG=${KERNELSRC_CONFIG:=true}
222 228 KERNELSRC_USRCONFIG=${KERNELSRC_USRCONFIG:=""}
223 229 KERNELSRC_PREBUILT=${KERNELSRC_PREBUILT:=false}
224 230 # Firmware directory: Blank if download from github
225 231 RPI_FIRMWARE_DIR=${RPI_FIRMWARE_DIR:=""}
226 232 KERNEL_DEFAULT_GOV=${KERNEL_DEFAULT_GOV:=ondemand}
227 233 KERNEL_NF=${KERNEL_NF:=false}
228 234 KERNEL_VIRT=${KERNEL_VIRT:=false}
229 235 KERNEL_ZSWAP=${KERNEL_ZSWAP:=false}
230 236 KERNEL_BPF=${KERNEL_BPF:=false}
231 237 KERNEL_SECURITY=${KERNEL_SECURITY:=false}
232 238 KERNEL_BTRFS=${KERNEL_BTRFS:=false}
233 239 KERNEL_POEHAT=${KERNEL_POEHAT:=false}
234 240 KERNEL_NSPAN=${KERNEL_NSPAN:=false}
235 241 KERNEL_DHKEY=${KERNEL_DHKEY:=true}
236 242
237 243 # Reduce disk usage settings
238 244 ENABLE_REDUCE=${ENABLE_REDUCE:=false}
239 245 REDUCE_APT=${REDUCE_APT:=true}
240 246 REDUCE_DOC=${REDUCE_DOC:=false}
241 247 REDUCE_MAN=${REDUCE_MAN:=false}
242 248 REDUCE_VIM=${REDUCE_VIM:=false}
243 249 REDUCE_BASH=${REDUCE_BASH:=false}
244 250 REDUCE_HWDB=${REDUCE_HWDB:=false}
245 251 REDUCE_SSHD=${REDUCE_SSHD:=false}
246 252 REDUCE_LOCALE=${REDUCE_LOCALE:=false}
247 253 REDUCE_KERNEL=${REDUCE_KERNEL:=false}
248 254
249 255 # Encrypted filesystem settings
250 256 ENABLE_CRYPTFS=${ENABLE_CRYPTFS:=false}
251 257 CRYPTFS_PASSWORD=${CRYPTFS_PASSWORD:=""}
252 258 CRYPTFS_MAPPING=${CRYPTFS_MAPPING:="secure"}
253 259 CRYPTFS_CIPHER=${CRYPTFS_CIPHER:="aes-xts-plain64"}
254 260 CRYPTFS_HASH=${CRYPTFS_HASH:="sha256"}
255 261 CRYPTFS_XTSKEYSIZE=${CRYPTFS_XTSKEYSIZE:=256}
256 262 #Dropbear-initramfs supports unlocking encrypted filesystem via SSH on bootup
257 263 CRYPTFS_DROPBEAR=${CRYPTFS_DROPBEAR:=false}
258 264 #Provide your own Dropbear Public RSA-OpenSSH Key otherwise it will be generated
259 265 CRYPTFS_DROPBEAR_PUBKEY=${CRYPTFS_DROPBEAR_PUBKEY:=""}
260 266
261 267 # Packages required for bootstrapping
262 268 REQUIRED_PACKAGES="debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git bc psmisc dbus bison flex libssl-dev sudo"
263 269 MISSING_PACKAGES=""
264 270
265 271 # Packages installed for c/c++ build environment in chroot (keep empty)
266 272 COMPILER_PACKAGES=""
267 273
268 274 # Check if apt-cacher-ng has port 3142 open and set APT_PROXY
269 275 APT_CACHER_RUNNING=$(lsof -i :3142 | cut -d ' ' -f3 | uniq | sed '/^\s*$/d')
270 276 if [ "${APT_CACHER_RUNNING}" = "apt-cacher-ng" ] ; then
271 277 APT_PROXY=http://127.0.0.1:3142/
272 278 fi
273 279
274 280 # Setup architecture specific settings
275 281 if [ -n "$SET_ARCH" ] ; then
276 282 ## 64-bit configuration
277 283 if [ "$SET_ARCH" = 64 ] ; then
278 284 ### General 64-bit depended settings
279 285 QEMU_BINARY=${QEMU_BINARY:=/usr/bin/qemu-aarch64-static}
280 286 KERNEL_ARCH=${KERNEL_ARCH:=arm64}
281 287 KERNEL_BIN_IMAGE=${KERNEL_BIN_IMAGE:="Image"}
282 288
289 <<<<<<< HEAD
283 290 ### Raspberry Pi model specific settings
291 =======
292 ### Raspberry Pi 64-bit model specific settings
293 >>>>>>> 7588b4f62cfa955de0822acf49908044e0504249
284 294 if [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] || [ "$RPI_MODEL" = 4 ] ; then
285 295 if [ "$RPI_MODEL" != 4 ] ; then
286 296 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcmrpi3_defconfig}
287 297 else
288 298 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcm2711_defconfig}
289 299 fi
290 300
291 301 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-arm64"
292 302 RELEASE_ARCH=${RELEASE_ARCH:=arm64}
293 303 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel8.img}
294 304 CROSS_COMPILE=${CROSS_COMPILE:=aarch64-linux-gnu-}
305 <<<<<<< HEAD
295 306
307 =======
308
309 >>>>>>> 7588b4f62cfa955de0822acf49908044e0504249
296 310 else
297 311 echo "error: Only Raspberry PI 3, 3B+ and 4 support 64-bit"
298 312 exit 1
299 313 fi
300 314 fi
301 315
302 316 ## 32-bit configuration
303 317 if [ "$SET_ARCH" = 32 ] ; then
304 318 ### General 32-bit dependend settings
305 319 QEMU_BINARY=${QEMU_BINARY:=/usr/bin/qemu-arm-static}
306 320 KERNEL_ARCH=${KERNEL_ARCH:=arm}
307 321 KERNEL_BIN_IMAGE=${KERNEL_BIN_IMAGE:="zImage"}
308 322
309 323 ### Raspberry Pi (0-1P) model specific settings
310 324 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 1 ] || [ "$RPI_MODEL" = 1P ] ; then
311 325 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-armel"
312 326 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcmrpi_defconfig}
313 327 RELEASE_ARCH=${RELEASE_ARCH:=armel}
314 328 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel.img}
315 329 CROSS_COMPILE=${CROSS_COMPILE:=arm-linux-gnueabi-}
330 <<<<<<< HEAD
316 331
317 332 if [ $ENABLE_XORG = true ] ; then
318 333 if [$RELEASE = "stretch" ] || [$RELEASE = "oldstable" ] ; then
319 334 printf "\nBest support for armel architecture is provided under Debian stretch/oldstable. Choose yes to change release to Debian stretch[y/n] "
320 335 read -r confirm
336 =======
337 if [ $ENABLE_XORG = true ] ; then
338 if [$RELEASE = "stretch" ] || [$RELEASE = "oldstable" ] ; then
339 printf "\nBest support for armel architecture is provided under Debian stretch/oldstable. Choose yes to change release to Debian stretch[y/n] "
340 read -r confirm
341 >>>>>>> 7588b4f62cfa955de0822acf49908044e0504249
321 342 if [ "$confirm" = "y" ] ; then
322 $RELEASE = "stretch"
323 fi
324 fi
325 fi
343 $RELEASE = "stretch"
344 fi
345 fi
346 fi
326 347 fi
327 348 ### Raspberry Pi (2-4) model specific settings
328 349 if [ "$RPI_MODEL" = 2 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] || [ "$RPI_MODEL" = 4 ] ; then
329 350 if [ "$RPI_MODEL" != 4 ] ; then
330 351 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcm2709_defconfig}
331 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel7.img}
352 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel7.img}
332 353 else
333 354 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcm2711_defconfig}
334 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel7l.img}
355 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel7l.img}
335 356 fi
336 357
337 358 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-armhf"
338 359 RELEASE_ARCH=${RELEASE_ARCH:=armhf}
339 360
340 361 CROSS_COMPILE=${CROSS_COMPILE:=arm-linux-gnueabihf-}
341 362 fi
342 363 fi
343 # SET_ARCH not set
364
365 # SET_ARCH not set
344 366 else
345 367 echo "error: Please set '32' or '64' as value for SET_ARCH"
346 368 exit 1
347 369 fi
348 370 # Device specific configuration and U-Boot configuration
349 371 case "$RPI_MODEL" in
350 372 0)
351 DTB_FILE=${DTB_FILE:=bcm2708-rpi-0-w.dtb}
352 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_defconfig}
353 ;;
373 DTB_FILE=${DTB_FILE:=bcm2708-rpi-0-w.dtb}
374 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_defconfig}
375 ;;
354 376 1)
355 DTB_FILE=${DTB_FILE:=bcm2708-rpi-b.dtb}
356 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_defconfig}
357 ;;
377 DTB_FILE=${DTB_FILE:=bcm2708-rpi-b.dtb}
378 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_defconfig}
379 ;;
358 380 1P)
359 DTB_FILE=${DTB_FILE:=bcm2708-rpi-b-plus.dtb}
360 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_defconfig}
361 ;;
381 DTB_FILE=${DTB_FILE:=bcm2708-rpi-b-plus.dtb}
382 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_defconfig}
383 ;;
362 384 2)
363 DTB_FILE=${DTB_FILE:=bcm2709-rpi-2-b.dtb}
364 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_2_defconfig}
365 ;;
385 DTB_FILE=${DTB_FILE:=bcm2709-rpi-2-b.dtb}
386 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_2_defconfig}
387 ;;
366 388 3)
367 DTB_FILE=${DTB_FILE:=bcm2710-rpi-3-b.dtb}
368 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_3_defconfig}
369 ;;
389 DTB_FILE=${DTB_FILE:=bcm2710-rpi-3-b.dtb}
390 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_3_defconfig}
391 ;;
370 392 3P)
371 DTB_FILE=${DTB_FILE:=bcm2710-rpi-3-b.dtb}
372 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_3_defconfig}
373 ;;
393 DTB_FILE=${DTB_FILE:=bcm2710-rpi-3-b.dtb}
394 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_3_defconfig}
395 ;;
374 396 4)
375 DTB_FILE=${DTB_FILE:=bcm2711-rpi-4-b.dtb}
376 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_4_defconfig}
377 ;;
397 DTB_FILE=${DTB_FILE:=bcm2711-rpi-4-b.dtb}
398 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_4_defconfig}
399 ;;
378 400 *)
379 echo "error: Raspberry Pi model $RPI_MODEL is not supported!"
380 exit 1
381 ;;
401 echo "error: Raspberry Pi model $RPI_MODEL is not supported!"
402 exit 1
403 ;;
382 404 esac
383 405
384 406 # Raspberry PI 0,3,3P,4 with Bluetooth and Wifi onboard
385 407 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] || [ "$RPI_MODEL" = 4 ] ; then
386 408 ## Include bluetooth packages on supported boards
387 409 if [ "$ENABLE_BLUETOOTH" = true ] ; then
388 410 APT_INCLUDES="${APT_INCLUDES},bluetooth,bluez"
389 411 fi
390 412 if [ "$ENABLE_WIRELESS" = true ] ; then
391 413 APT_INCLUDES="${APT_INCLUDES},wireless-tools,crda,wireless-regdb,wpasupplicant"
392 414 fi
415 <<<<<<< HEAD
393 416 # Raspberry PI 1,1P,2 without Wifi and bluetooth onboard
394 417 else
418 =======
419 # Raspberry PI 1,1P,2 without Wifi and bluetooth onboard
420 else
421 >>>>>>> 7588b4f62cfa955de0822acf49908044e0504249
395 422 ## Check if the internal wireless interface is not supported by the RPi model
396 423 if [ "$ENABLE_WIRELESS" = true ] || [ "$ENABLE_BLUETOOTH" = true ]; then
397 424 echo "error: The selected Raspberry Pi model has no integrated interface for wireless or bluetooth"
398 425 exit 1
399 426 fi
400 427 fi
401 428
402 429 if [ "$BUILD_KERNEL" = false ] && [ "$ENABLE_NEXMON" = true ]; then
403 430 echo "error: You have to compile kernel sources, if you want to enable nexmon"
404 431 exit 1
405 432 fi
406 433
407 434 # Prepare date string for default image file name
408 435 DATE="$(date +%Y-%m-%d)"
409 436 if [ -z "$KERNEL_BRANCH" ] ; then
410 437 IMAGE_NAME=${IMAGE_NAME:=${BASEDIR}/${DATE}-${KERNEL_ARCH}-CURRENT-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}}
411 438 else
412 439 IMAGE_NAME=${IMAGE_NAME:=${BASEDIR}/${DATE}-${KERNEL_ARCH}-${KERNEL_BRANCH}-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}}
413 440 fi
414 441
415 442 # Check if DISABLE_UNDERVOLT_WARNINGS parameter value is supported
416 443 if [ -n "$DISABLE_UNDERVOLT_WARNINGS" ] ; then
417 444 if [ "$DISABLE_UNDERVOLT_WARNINGS" != 1 ] && [ "$DISABLE_UNDERVOLT_WARNINGS" != 2 ] ; then
418 445 echo "error: DISABLE_UNDERVOLT_WARNINGS=${DISABLE_UNDERVOLT_WARNINGS} is not supported"
419 446 exit 1
420 447 fi
421 448 fi
422 449
423 450 # Add cmake to compile videocore sources
424 451 if [ "$ENABLE_VIDEOCORE" = true ] ; then
425 452 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} cmake"
426 453 fi
427 454
428 455 # Add deps for nexmon
429 456 if [ "$ENABLE_NEXMON" = true ] ; then
430 457 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} libgmp3-dev gawk qpdf make autoconf automake build-essential libtool"
431 458 fi
432 459
433 460 # Add libncurses5 to enable kernel menuconfig
434 461 if [ "$KERNEL_MENUCONFIG" = true ] ; then
435 462 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} libncurses-dev"
436 463 fi
437 464
438 465 # Add ccache compiler cache for (faster) kernel cross (re)compilation
439 466 if [ "$KERNEL_CCACHE" = true ] ; then
440 467 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} ccache"
441 468 fi
442 469
443 470 # Add cryptsetup package to enable filesystem encryption
444 471 if [ "$ENABLE_CRYPTFS" = true ] && [ "$BUILD_KERNEL" = true ] ; then
445 472 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} cryptsetup"
446 473 APT_INCLUDES="${APT_INCLUDES},cryptsetup,busybox,console-setup,cryptsetup-initramfs"
447 474
448 # If cryptfs,dropbear and initramfs are enabled include dropbear-initramfs package
475 ## If cryptfs,dropbear and initramfs are enabled include dropbear-initramfs package
449 476 if [ "$CRYPTFS_DROPBEAR" = true ] && [ "$ENABLE_INITRAMFS" = true ]; then
450 477 APT_INCLUDES="${APT_INCLUDES},dropbear-initramfs"
451 478 fi
452 479
453 480 if [ -z "$CRYPTFS_PASSWORD" ] ; then
454 481 echo "error: no password defined (CRYPTFS_PASSWORD)!"
455 482 exit 1
456 483 fi
457 484 ENABLE_INITRAMFS=true
458 485 fi
459 486
460 487 # Add initramfs generation tools
461 488 if [ "$ENABLE_INITRAMFS" = true ] && [ "$BUILD_KERNEL" = true ] ; then
462 489 APT_INCLUDES="${APT_INCLUDES},initramfs-tools"
463 490 fi
464 491
465 492 # Add device-tree-compiler required for building the U-Boot bootloader
466 493 if [ "$ENABLE_UBOOT" = true ] ; then
467 494 APT_INCLUDES="${APT_INCLUDES},device-tree-compiler,bc"
468 495 fi
469 496
470 497 if [ "$ENABLE_USBBOOT" = true ] ; then
498 <<<<<<< HEAD
471 499 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 1P ] || [ "$RPI_MODEL" = 1 ] || [ "$RPI_MODEL" = 2 ]; then
472 500 echo "error: Booting from USB alone is only supported by Raspberry Pi 3 and 3P"
473 501 exit 1
474 502 fi
503 =======
504 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 1P ] || [ "$RPI_MODEL" = 1 ] || [ "$RPI_MODEL" = 2 ]; then
505 echo "error: Booting from USB alone is only supported by Raspberry Pi 3 and 3P"
506 exit 1
507 fi
508 >>>>>>> 7588b4f62cfa955de0822acf49908044e0504249
475 509 fi
476 510
477 511 # Check if root SSH (v2) public key file exists
478 512 if [ -n "$SSH_ROOT_PUB_KEY" ] ; then
479 513 if [ ! -f "$SSH_ROOT_PUB_KEY" ] ; then
480 514 echo "error: '$SSH_ROOT_PUB_KEY' specified SSH public key file not found (SSH_ROOT_PUB_KEY)!"
481 515 exit 1
482 516 fi
483 517 fi
484 518
485 519 # Check if $USER_NAME SSH (v2) public key file exists
486 520 if [ -n "$SSH_USER_PUB_KEY" ] ; then
487 521 if [ ! -f "$SSH_USER_PUB_KEY" ] ; then
488 522 echo "error: '$SSH_USER_PUB_KEY' specified SSH public key file not found (SSH_USER_PUB_KEY)!"
489 523 exit 1
490 524 fi
491 525 fi
492 526
493 527 if [ "$ENABLE_NEXMON" = true ] && [ -n "$KERNEL_BRANCH" ] ; then
494 528 echo "error: Please unset KERNEL_BRANCH if using ENABLE_NEXMON"
495 529 exit 1
496 530 fi
497 531
498 532 # Check if all required packages are installed on the build system
499 533 for package in $REQUIRED_PACKAGES ; do
500 534 if [ "$(dpkg-query -W -f='${Status}' "$package")" != "install ok installed" ] ; then
501 535 MISSING_PACKAGES="${MISSING_PACKAGES} $package"
502 536 fi
503 537 done
504 538
505 539 # If there are missing packages ask confirmation for install, or exit
506 540 if [ -n "$MISSING_PACKAGES" ] ; then
507 541 echo "the following packages needed by this script are not installed:"
508 542 echo "$MISSING_PACKAGES"
509 543
510 544 printf "\ndo you want to install the missing packages right now? [y/n] "
511 545 read -r confirm
512 546 [ "$confirm" != "y" ] && exit 1
513 547
514 548 ## Make sure all missing required packages are installed
515 549 apt-get update && apt-get -qq -y install `echo "${MISSING_PACKAGES}" | sed "s/ //"`
516 550 fi
517 551
518 552 # Check if ./bootstrap.d directory exists
519 553 if [ ! -d "./bootstrap.d/" ] ; then
520 554 echo "error: './bootstrap.d' required directory not found!"
521 555 exit 1
522 556 fi
523 557
524 558 # Check if ./files directory exists
525 559 if [ ! -d "./files/" ] ; then
526 560 echo "error: './files' required directory not found!"
527 561 exit 1
528 562 fi
529 563
530 564 # Check if specified KERNELSRC_DIR directory exists
531 565 if [ -n "$KERNELSRC_DIR" ] && [ ! -d "$KERNELSRC_DIR" ] ; then
532 566 echo "error: '${KERNELSRC_DIR}' specified directory not found (KERNELSRC_DIR)!"
533 567 exit 1
534 568 fi
535 569
536 570 # Check if specified UBOOTSRC_DIR directory exists
537 571 if [ -n "$UBOOTSRC_DIR" ] && [ ! -d "$UBOOTSRC_DIR" ] ; then
538 572 echo "error: '${UBOOTSRC_DIR}' specified directory not found (UBOOTSRC_DIR)!"
539 573 exit 1
540 574 fi
541 575
542 576 # Check if specified VIDEOCORESRC_DIR directory exists
543 577 if [ -n "$VIDEOCORESRC_DIR" ] && [ ! -d "$VIDEOCORESRC_DIR" ] ; then
544 578 echo "error: '${VIDEOCORESRC_DIR}' specified directory not found (VIDEOCORESRC_DIR)!"
545 579 exit 1
546 580 fi
547 581
548 582 # Check if specified FBTURBOSRC_DIR directory exists
549 583 if [ -n "$FBTURBOSRC_DIR" ] && [ ! -d "$FBTURBOSRC_DIR" ] ; then
550 584 echo "error: '${FBTURBOSRC_DIR}' specified directory not found (FBTURBOSRC_DIR)!"
551 585 exit 1
552 586 fi
553 587
554 588 # Check if specified NEXMONSRC_DIR directory exists
555 589 if [ -n "$NEXMONSRC_DIR" ] && [ ! -d "$NEXMONSRC_DIR" ] ; then
556 590 echo "error: '${NEXMONSRC_DIR}' specified directory not found (NEXMONSRC_DIR)!"
557 591 exit 1
558 592 fi
559 593
560 594 # Check if specified CHROOT_SCRIPTS directory exists
561 595 if [ -n "$CHROOT_SCRIPTS" ] && [ ! -d "$CHROOT_SCRIPTS" ] ; then
562 596 echo "error: ${CHROOT_SCRIPTS} specified directory not found (CHROOT_SCRIPTS)!"
563 597 exit 1
564 598 fi
565 599
566 600 # Check if specified device mapping already exists (will be used by cryptsetup)
567 601 if [ -r "/dev/mapping/${CRYPTFS_MAPPING}" ] ; then
568 602 echo "error: mapping /dev/mapping/${CRYPTFS_MAPPING} already exists, not proceeding"
569 603 exit 1
570 604 fi
571 605
572 606 # Don't clobber an old build
573 607 if [ -e "$BUILDDIR" ] ; then
574 608 echo "error: directory ${BUILDDIR} already exists, not proceeding"
575 609 exit 1
576 610 fi
577 611
578 612 # Setup chroot directory
579 613 mkdir -p "${R}"
580 614
581 615 # Check if build directory has enough of free disk space >512MB
582 616 if [ "$(df --output=avail "${BUILDDIR}" | sed "1d")" -le "524288" ] ; then
583 617 echo "error: ${BUILDDIR} not enough space left to generate the output image!"
584 618 exit 1
585 619 fi
586 620
587 621 set -x
588 622
589 623 # Call "cleanup" function on various signals and errors
590 624 trap cleanup 0 1 2 3 6
591 625
592 626 # Add required packages for the minbase installation
593 627 if [ "$ENABLE_MINBASE" = true ] ; then
594 628 APT_INCLUDES="${APT_INCLUDES},vim-tiny,netbase,net-tools,ifupdown"
595 629 fi
596 630
597 631 # Add parted package, required to get partprobe utility
598 632 if [ "$EXPANDROOT" = true ] ; then
599 633 APT_INCLUDES="${APT_INCLUDES},parted"
600 634 fi
601 635
602 636 # Add dphys-swapfile package, required to enable swap
603 637 if [ "$ENABLE_DPHYSSWAP" = true ] ; then
604 638 APT_INCLUDES="${APT_INCLUDES},dphys-swapfile"
605 639 fi
606 640
607 641 # Add dbus package, recommended if using systemd
608 642 if [ "$ENABLE_DBUS" = true ] ; then
609 643 APT_INCLUDES="${APT_INCLUDES},dbus"
610 644 fi
611 645
612 646 # Add iptables IPv4/IPv6 package
613 647 if [ "$ENABLE_IPTABLES" = true ] ; then
614 648 APT_INCLUDES="${APT_INCLUDES},iptables,iptables-persistent"
615 649 fi
616 650 # Add apparmor for KERNEL_SECURITY
617 651 if [ "$KERNEL_SECURITY" = true ] ; then
618 652 APT_INCLUDES="${APT_INCLUDES},apparmor,apparmor-utils,apparmor-profiles,apparmor-profiles-extra,libapparmor-perl"
619 653 fi
620 654
621 655 # Add openssh server package
622 656 if [ "$SSH_ENABLE" = true ] ; then
623 657 APT_INCLUDES="${APT_INCLUDES},openssh-server"
624 658 fi
625 659
626 660 # Add alsa-utils package
627 661 if [ "$ENABLE_SOUND" = true ] ; then
628 662 APT_INCLUDES="${APT_INCLUDES},alsa-utils"
629 663 fi
630 664
631 665 # Add rng-tools package
632 666 if [ "$ENABLE_HWRANDOM" = true ] ; then
633 667 APT_INCLUDES="${APT_INCLUDES},rng-tools"
634 668 fi
635 669
636 670 # Add fbturbo video driver
637 671 if [ "$ENABLE_FBTURBO" = true ] ; then
638 672 # Enable xorg package dependencies
639 673 ENABLE_XORG=true
640 674 fi
641 675
642 676 # Add user defined window manager package
643 677 if [ -n "$ENABLE_WM" ] ; then
644 678 APT_INCLUDES="${APT_INCLUDES},${ENABLE_WM}"
645 679
646 680 # Enable xorg package dependencies
647 681 ENABLE_XORG=true
648 682 fi
649 683
650 684 # Add xorg package
651 685 if [ "$ENABLE_XORG" = true ] ; then
652 686 APT_INCLUDES="${APT_INCLUDES},xorg,dbus-x11"
653 687 fi
654 688
655 689 # Replace selected packages with smaller clones
656 690 if [ "$ENABLE_REDUCE" = true ] ; then
657 691 ## Add levee package instead of vim-tiny
658 692 if [ "$REDUCE_VIM" = true ] ; then
659 693 APT_INCLUDES="$(echo ${APT_INCLUDES} | sed "s/vim-tiny/levee/")"
660 694 fi
661 695
662 696 ## Add dropbear package instead of openssh-server
663 697 if [ "$REDUCE_SSHD" = true ] ; then
664 698 APT_INCLUDES="$(echo "${APT_INCLUDES}" | sed "s/openssh-server/dropbear/")"
665 699 fi
666 700 fi
667 701
668 702 # Configure systemd-sysv exclude to make halt/reboot/shutdown scripts available
669 703 if [ "$ENABLE_SYSVINIT" = false ] ; then
670 704 APT_EXCLUDES="--exclude=${APT_EXCLUDES},init,systemd-sysv"
671 705 fi
672 706
673 707 # Configure kernel sources if no KERNELSRC_DIR
674 708 if [ "$BUILD_KERNEL" = true ] && [ -z "$KERNELSRC_DIR" ] ; then
675 709 KERNELSRC_CONFIG=true
676 710 fi
677 711
678 712 # Configure reduced kernel
679 713 if [ "$KERNEL_REDUCE" = true ] ; then
680 714 KERNELSRC_CONFIG=false
681 715 fi
682 716
683 717 # Configure qemu compatible kernel
684 718 if [ "$ENABLE_QEMU" = true ] ; then
685 719 DTB_FILE=vexpress-v2p-ca15_a7.dtb
686 720 UBOOT_CONFIG=vexpress_ca15_tc2_defconfig
687 721 KERNEL_DEFCONFIG="vexpress_defconfig"
688 722 if [ "$KERNEL_MENUCONFIG" = false ] ; then
689 723 KERNEL_OLDDEFCONFIG=true
690 724 fi
691 725 fi
692 726
693 727 # Execute bootstrap scripts
694 728 for SCRIPT in bootstrap.d/*.sh; do
695 729 head -n 3 "$SCRIPT"
696 730 . "$SCRIPT"
697 731 done
698 732
699 733 ## Execute custom bootstrap scripts
700 734 if [ -d "custom.d" ] ; then
701 735 for SCRIPT in custom.d/*.sh; do
702 736 . "$SCRIPT"
703 737 done
704 738 fi
705 739
706 740 # Execute custom scripts inside the chroot
707 741 if [ -n "$CHROOT_SCRIPTS" ] && [ -d "$CHROOT_SCRIPTS" ] ; then
708 742 cp -r "${CHROOT_SCRIPTS}" "${R}/chroot_scripts"
709 chroot_exec /bin/bash -x <<'EOF'
743 chroot_exec /bin/bash -x << EOF
710 744 for SCRIPT in /chroot_scripts/* ; do
711 745 if [ -f $SCRIPT -a -x $SCRIPT ] ; then
712 746 $SCRIPT
713 747 fi
714 748 done
715 749 EOF
716 750 rm -rf "${R}/chroot_scripts"
717 751 fi
718 752
719 753 # Remove c/c++ build environment from the chroot
720 754 chroot_remove_cc
721 755
722 756 # Generate required machine-id
723 757 MACHINE_ID=$(dbus-uuidgen)
724 758 echo -n "${MACHINE_ID}" > "${R}/var/lib/dbus/machine-id"
725 759 echo -n "${MACHINE_ID}" > "${ETC_DIR}/machine-id"
726 760
727 761 # APT Cleanup
728 762 chroot_exec apt-get -y clean
729 763 chroot_exec apt-get -y autoclean
730 764 chroot_exec apt-get -y autoremove
731 765
732 766 # Unmount mounted filesystems
733 767 umount -l "${R}/proc"
734 768 umount -l "${R}/sys"
735 769
736 770 # Clean up directories
737 771 rm -rf "${R}/run/*"
738 772 rm -rf "${R}/tmp/*"
739 773
740 774 # Clean up APT proxy settings
741 775 if [ "$KEEP_APT_PROXY" = false ] ; then
742 776 rm -f "${ETC_DIR}/apt/apt.conf.d/10proxy"
743 777 fi
744 778
745 779 # Clean up files
746 780 rm -f "${ETC_DIR}/ssh/ssh_host_*"
747 781 rm -f "${ETC_DIR}/dropbear/dropbear_*"
748 782 rm -f "${ETC_DIR}/apt/sources.list.save"
749 783 rm -f "${ETC_DIR}/resolvconf/resolv.conf.d/original"
750 784 rm -f "${ETC_DIR}/*-"
751 785 rm -f "${ETC_DIR}/resolv.conf"
752 786 rm -f "${R}/root/.bash_history"
753 787 rm -f "${R}/var/lib/urandom/random-seed"
754 788 rm -f "${R}/initrd.img"
755 789 rm -f "${R}/vmlinuz"
756 790 rm -f "${R}${QEMU_BINARY}"
757 791
758 792 if [ "$ENABLE_QEMU" = true ] ; then
759 793 # Setup QEMU directory
760 794 mkdir "${BASEDIR}/qemu"
761 795
762 796 # Copy kernel image to QEMU directory
763 797 install_readonly "${BOOT_DIR}/${KERNEL_IMAGE}" "${BASEDIR}/qemu/${KERNEL_IMAGE}"
764 798
765 799 # Copy kernel config to QEMU directory
766 800 install_readonly "${R}/boot/config-${KERNEL_VERSION}" "${BASEDIR}/qemu/config-${KERNEL_VERSION}"
767 801
768 802 # Copy kernel dtbs to QEMU directory
769 803 for dtb in "${BOOT_DIR}/"*.dtb ; do
770 804 if [ -f "${dtb}" ] ; then
771 805 install_readonly "${dtb}" "${BASEDIR}/qemu/"
772 806 fi
773 807 done
774 808
775 809 # Copy kernel overlays to QEMU directory
776 810 if [ -d "${BOOT_DIR}/overlays" ] ; then
777 811 # Setup overlays dtbs directory
778 812 mkdir "${BASEDIR}/qemu/overlays"
779 813
780 814 for dtb in "${BOOT_DIR}/overlays/"*.dtbo ; do
781 815 if [ -f "${dtb}" ] ; then
782 816 install_readonly "${dtb}" "${BASEDIR}/qemu/overlays/"
783 817 fi
784 818 done
785 819 fi
786 820
787 821 # Copy u-boot files to QEMU directory
788 822 if [ "$ENABLE_UBOOT" = true ] ; then
789 823 if [ -f "${BOOT_DIR}/u-boot.bin" ] ; then
790 824 install_readonly "${BOOT_DIR}/u-boot.bin" "${BASEDIR}/qemu/u-boot.bin"
791 825 fi
792 826 if [ -f "${BOOT_DIR}/uboot.mkimage" ] ; then
793 827 install_readonly "${BOOT_DIR}/uboot.mkimage" "${BASEDIR}/qemu/uboot.mkimage"
794 828 fi
795 829 if [ -f "${BOOT_DIR}/boot.scr" ] ; then
796 830 install_readonly "${BOOT_DIR}/boot.scr" "${BASEDIR}/qemu/boot.scr"
797 831 fi
798 832 fi
799 833
800 834 # Copy initramfs to QEMU directory
801 835 if [ -f "${BOOT_DIR}/initramfs-${KERNEL_VERSION}" ] ; then
802 836 install_readonly "${BOOT_DIR}/initramfs-${KERNEL_VERSION}" "${BASEDIR}/qemu/initramfs-${KERNEL_VERSION}"
803 837 fi
804 838 fi
805 839
806 840 # Calculate size of the chroot directory in KB
807 841 CHROOT_SIZE=$(expr "$(du -s "${R}" | awk '{ print $1 }')")
808 842
809 843 # Calculate the amount of needed 512 Byte sectors
810 844 TABLE_SECTORS=$(expr 1 \* 1024 \* 1024 \/ 512)
811 845 FRMW_SECTORS=$(expr 128 \* 1024 \* 1024 \/ 512)
812 846 ROOT_OFFSET=$(expr "${TABLE_SECTORS}" + "${FRMW_SECTORS}")
813 847
814 848 # The root partition is EXT4
815 849 # This means more space than the actual used space of the chroot is used.
816 850 # As overhead for journaling and reserved blocks 35% are added.
817 851 ROOT_SECTORS=$(expr "$(expr "${CHROOT_SIZE}" + "${CHROOT_SIZE}" \/ 100 \* 35)" \* 1024 \/ 512)
818 852
819 853 # Calculate required image size in 512 Byte sectors
820 854 IMAGE_SECTORS=$(expr "${TABLE_SECTORS}" + "${FRMW_SECTORS}" + "${ROOT_SECTORS}")
821 855
822 856 # Prepare image file
823 857 if [ "$ENABLE_SPLITFS" = true ] ; then
824 858 dd if=/dev/zero of="$IMAGE_NAME-frmw.img" bs=512 count="${TABLE_SECTORS}"
825 859 dd if=/dev/zero of="$IMAGE_NAME-frmw.img" bs=512 count=0 seek="${FRMW_SECTORS}"
826 860 dd if=/dev/zero of="$IMAGE_NAME-root.img" bs=512 count="${TABLE_SECTORS}"
827 861 dd if=/dev/zero of="$IMAGE_NAME-root.img" bs=512 count=0 seek="${ROOT_SECTORS}"
828 862
863 <<<<<<< HEAD
829 864 ## Write firmware/boot partition tables
830 865 sfdisk -q -L -uS -f "$IMAGE_NAME-frmw.img" 2> /dev/null <<EOM
831 866 ${TABLE_SECTORS},${FRMW_SECTORS},c,*
832 867 EOM
833 868
834 869 ## Write root partition table
835 870 sfdisk -q -L -uS -f "$IMAGE_NAME-root.img" 2> /dev/null <<EOM
871 =======
872 # Write firmware/boot partition tables
873 sfdisk -q -L -uS -f "$IMAGE_NAME-frmw.img" 2> /dev/null << EOM
874 ${TABLE_SECTORS},${FRMW_SECTORS},c,*
875 EOM
876
877 # Write root partition table
878 sfdisk -q -L -uS -f "$IMAGE_NAME-root.img" 2> /dev/null << EOM
879 >>>>>>> 7588b4f62cfa955de0822acf49908044e0504249
836 880 ${TABLE_SECTORS},${ROOT_SECTORS},83
837 881 EOM
838 882
839 883 # Setup temporary loop devices
840 884 FRMW_LOOP="$(losetup -o 1M --sizelimit 128M -f --show "$IMAGE_NAME"-frmw.img)"
841 885 ROOT_LOOP="$(losetup -o 1M -f --show "$IMAGE_NAME"-root.img)"
842 886 # ENABLE_SPLITFS=false
843 887 else
844 888 dd if=/dev/zero of="$IMAGE_NAME.img" bs=512 count="${TABLE_SECTORS}"
845 889 dd if=/dev/zero of="$IMAGE_NAME.img" bs=512 count=0 seek="${IMAGE_SECTORS}"
846 890
847 891 # Write partition table
848 sfdisk -q -L -uS -f "$IMAGE_NAME.img" 2> /dev/null <<EOM
892 sfdisk -q -L -uS -f "$IMAGE_NAME.img" 2> /dev/null << EOM
849 893 ${TABLE_SECTORS},${FRMW_SECTORS},c,*
850 894 ${ROOT_OFFSET},${ROOT_SECTORS},83
851 895 EOM
852 896
853 897 # Setup temporary loop devices
854 898 FRMW_LOOP="$(losetup -o 1M --sizelimit 128M -f --show "$IMAGE_NAME".img)"
855 899 ROOT_LOOP="$(losetup -o 129M -f --show "$IMAGE_NAME".img)"
856 900 fi
857 901
858 902 if [ "$ENABLE_CRYPTFS" = true ] ; then
859 903 # Create dummy ext4 fs
860 904 mkfs.ext4 "$ROOT_LOOP"
861 905
862 906 # Setup password keyfile
863 907 touch .password
864 908 chmod 600 .password
865 909 echo -n ${CRYPTFS_PASSWORD} > .password
866 910
867 911 # Initialize encrypted partition
868 912 cryptsetup --verbose --debug -q luksFormat "${ROOT_LOOP}" -c "${CRYPTFS_CIPHER}" -h "${CRYPTFS_HASH}" -s "${CRYPTFS_XTSKEYSIZE}" .password
869 913
870 914 # Open encrypted partition and setup mapping
871 915 cryptsetup luksOpen "${ROOT_LOOP}" -d .password "${CRYPTFS_MAPPING}"
872 916
873 917 # Secure delete password keyfile
874 918 shred -zu .password
875 919
876 920 # Update temporary loop device
877 921 ROOT_LOOP="/dev/mapper/${CRYPTFS_MAPPING}"
878 922
879 923 # Wipe encrypted partition (encryption cipher is used for randomness)
880 924 dd if=/dev/zero of="${ROOT_LOOP}" bs=512 count="$(blockdev --getsz "${ROOT_LOOP}")"
881 925 fi
882 926
883 927 # Build filesystems
884 928 mkfs.vfat "$FRMW_LOOP"
885 929 mkfs.ext4 "$ROOT_LOOP"
886 930
887 931 # Mount the temporary loop devices
888 932 mkdir -p "$BUILDDIR/mount"
889 933 mount "$ROOT_LOOP" "$BUILDDIR/mount"
890 934
891 935 mkdir -p "$BUILDDIR/mount/boot/firmware"
892 936 mount "$FRMW_LOOP" "$BUILDDIR/mount/boot/firmware"
893 937
894 938 # Copy all files from the chroot to the loop device mount point directory
895 939 rsync -a "${R}/" "$BUILDDIR/mount/"
896 940
897 941 # Unmount all temporary loop devices and mount points
898 942 cleanup
899 943
900 944 # Create block map file(s) of image(s)
901 945 if [ "$ENABLE_SPLITFS" = true ] ; then
902 946 # Create block map files for "bmaptool"
903 947 bmaptool create -o "$IMAGE_NAME-frmw.bmap" "$IMAGE_NAME-frmw.img"
904 948 bmaptool create -o "$IMAGE_NAME-root.bmap" "$IMAGE_NAME-root.img"
905 949
906 950 # Image was successfully created
907 951 echo "$IMAGE_NAME-frmw.img ($(expr \( "${TABLE_SECTORS}" + "${FRMW_SECTORS}" \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
908 952 echo "$IMAGE_NAME-root.img ($(expr \( "${TABLE_SECTORS}" + "${ROOT_SECTORS}" \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
909 953 else
910 954 # Create block map file for "bmaptool"
911 955 bmaptool create -o "$IMAGE_NAME.bmap" "$IMAGE_NAME.img"
912 956
913 957 # Image was successfully created
914 958 echo "$IMAGE_NAME.img ($(expr \( "${TABLE_SECTORS}" + "${FRMW_SECTORS}" + "${ROOT_SECTORS}" \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
915 959
916 960 # Create qemu qcow2 image
917 961 if [ "$ENABLE_QEMU" = true ] ; then
918 962 QEMU_IMAGE=${QEMU_IMAGE:=${BASEDIR}/qemu/${DATE}-${KERNEL_ARCH}-CURRENT-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}}
919 963 QEMU_SIZE=16G
920 964
921 965 qemu-img convert -f raw -O qcow2 "$IMAGE_NAME".img "$QEMU_IMAGE".qcow2
922 966 qemu-img resize "$QEMU_IMAGE".qcow2 $QEMU_SIZE
923 967
924 968 echo "$QEMU_IMAGE.qcow2 ($QEMU_SIZE)" ": successfully created"
925 969 fi
926 970 fi
General Comments 0
Vous devez vous connecter pour laisser un commentaire. Se connecter maintenant