##// END OF EJS Templates
Raspi2-3_GenImage
RSS

Cloner depuis https://github.com/drtyhlpr/rpi23-gen-image.git

Option to expand partition and rootfs on first boot...
Filip Pytloun -
r46:33668aa2768a
parent child
Show More
Show file before | Show file after | Hide comments
@@ -1,152 +1,155
1 # rpi2-gen-image
1 # rpi2-gen-image
2 ## Introduction
2 ## Introduction
3 `rpi2-gen-image.sh` is an advanced Debian Linux bootstrapping shell script for generating Debian OS images for the Raspberry 2 (RPi2) computer. The script at this time only supports the bootstrapping of the current stable Debian 8 "jessie" release.
3 `rpi2-gen-image.sh` is an advanced Debian Linux bootstrapping shell script for generating Debian OS images for the Raspberry 2 (RPi2) computer. The script at this time only supports the bootstrapping of the current stable Debian 8 "jessie" release.
4
4
5 ## Build dependencies
5 ## Build dependencies
6 The following list of Debian packages must be installed on the build system because they are essentially required for the bootstrapping process. The script will check if all required packages are installed and missing packages will be installed automatically if confirmed by the user.
6 The following list of Debian packages must be installed on the build system because they are essentially required for the bootstrapping process. The script will check if all required packages are installed and missing packages will be installed automatically if confirmed by the user.
7
7
8 ```debootstrap debian-archive-keyring qemu-user-static dosfstools rsync bmap-tools whois git-core```
8 ```debootstrap debian-archive-keyring qemu-user-static dosfstools rsync bmap-tools whois git-core```
9
9
10 ## Command-line parameters
10 ## Command-line parameters
11 The script accepts certain command-line parameters to enable or disable specific OS features, services and configuration settings. These parameters are passed to the `rpi2-gen-image.sh` script via (simple) shell-variables. Unlike environment shell-variables (simple) shell-variables are defined at the beginning of the command-line call of the `rpi2-gen-image.sh` script.
11 The script accepts certain command-line parameters to enable or disable specific OS features, services and configuration settings. These parameters are passed to the `rpi2-gen-image.sh` script via (simple) shell-variables. Unlike environment shell-variables (simple) shell-variables are defined at the beginning of the command-line call of the `rpi2-gen-image.sh` script.
12
12
13 #####Command-line examples:
13 #####Command-line examples:
14 ```shell
14 ```shell
15 ENABLE_UBOOT=true ./rpi2-gen-image.sh
15 ENABLE_UBOOT=true ./rpi2-gen-image.sh
16 ENABLE_CONSOLE=false ENABLE_IPV6=false ./rpi2-gen-image.sh
16 ENABLE_CONSOLE=false ENABLE_IPV6=false ./rpi2-gen-image.sh
17 ENABLE_WM=xfce4 ENABLE_FBTURBO=true ENABLE_MINBASE=true ./rpi2-gen-image.sh
17 ENABLE_WM=xfce4 ENABLE_FBTURBO=true ENABLE_MINBASE=true ./rpi2-gen-image.sh
18 ENABLE_HARDNET=true ENABLE_IPTABLES=true /rpi2-gen-image.sh
18 ENABLE_HARDNET=true ENABLE_IPTABLES=true /rpi2-gen-image.sh
19 APT_SERVER=ftp.de.debian.org APT_PROXY="http://127.0.0.1:3142/" ./rpi2-gen-image.sh
19 APT_SERVER=ftp.de.debian.org APT_PROXY="http://127.0.0.1:3142/" ./rpi2-gen-image.sh
20 ENABLE_MINBASE=true ./rpi2-gen-image.sh
20 ENABLE_MINBASE=true ./rpi2-gen-image.sh
21 ```
21 ```
22
22
23 #### APT settings:
23 #### APT settings:
24 ##### `APT_SERVER`="ftp.debian.org"
24 ##### `APT_SERVER`="ftp.debian.org"
25 Set Debian packages server address. Choose a server from the list of Debian worldwide [mirror sites](https://www.debian.org/mirror/list). Using a nearby server will probably speed-up all required downloads within the bootstrapping process.
25 Set Debian packages server address. Choose a server from the list of Debian worldwide [mirror sites](https://www.debian.org/mirror/list). Using a nearby server will probably speed-up all required downloads within the bootstrapping process.
26
26
27 ##### `APT_PROXY`=""
27 ##### `APT_PROXY`=""
28 Set Proxy server address. Using a local Proxy-Cache like `apt-cacher-ng` will speed-up the bootstrapping process because all required Debian packages will only be downloaded from the Debian mirror site once.
28 Set Proxy server address. Using a local Proxy-Cache like `apt-cacher-ng` will speed-up the bootstrapping process because all required Debian packages will only be downloaded from the Debian mirror site once.
29
29
30 ##### `APT_INCLUDES`=""
30 ##### `APT_INCLUDES`=""
31 A comma seperated list of additional packages to be installed during bootstrapping.
31 A comma seperated list of additional packages to be installed during bootstrapping.
32
32
33 #### General system settings:
33 #### General system settings:
34 ##### `HOSTNAME`="rpi2-jessie"
34 ##### `HOSTNAME`="rpi2-jessie"
35 Set system host name. It's recommended that the host name is unique in the corresponding subnet.
35 Set system host name. It's recommended that the host name is unique in the corresponding subnet.
36
36
37 ##### `PASSWORD`="raspberry"
37 ##### `PASSWORD`="raspberry"
38 Set system `root` password. The same password is used for the created user `pi`. It's **STRONGLY** recommended that you choose a custom password.
38 Set system `root` password. The same password is used for the created user `pi`. It's **STRONGLY** recommended that you choose a custom password.
39
39
40 ##### `DEFLOCAL`="en_US.UTF-8"
40 ##### `DEFLOCAL`="en_US.UTF-8"
41 Set default system locale. This setting can also be changed inside the running OS using the `dpkg-reconfigure locales` command. The script variant `minbase` (ENABLE_MINBASE=true) doesn't install `locales`.
41 Set default system locale. This setting can also be changed inside the running OS using the `dpkg-reconfigure locales` command. The script variant `minbase` (ENABLE_MINBASE=true) doesn't install `locales`.
42
42
43 ##### `TIMEZONE`="Europe/Berlin"
43 ##### `TIMEZONE`="Europe/Berlin"
44 Set default system timezone. All available timezones can be found in the `/usr/share/zoneinfo/` directory. This setting can also be changed inside the running OS using the `dpkg-reconfigure tzdata` command.
44 Set default system timezone. All available timezones can be found in the `/usr/share/zoneinfo/` directory. This setting can also be changed inside the running OS using the `dpkg-reconfigure tzdata` command.
45
45
46 ##### `EXPANDROOT`=true
47 Expand the root partition and filesystem automatically on first boot.
48
46 #### Keyboard settings:
49 #### Keyboard settings:
47 These options are used to configure keyboard layout in `/etc/default/keyboard` for console and Xorg. These settings can also be changed inside the running OS using the `dpkg-reconfigure keyboard-configuration` command.
50 These options are used to configure keyboard layout in `/etc/default/keyboard` for console and Xorg. These settings can also be changed inside the running OS using the `dpkg-reconfigure keyboard-configuration` command.
48 ##### `XKBMODEL`=""
51 ##### `XKBMODEL`=""
49 ##### `XKBLAYOUT`=""
52 ##### `XKBLAYOUT`=""
50 ##### `XKBVARIANT`=""
53 ##### `XKBVARIANT`=""
51 ##### `XKBOPTIONS`=""
54 ##### `XKBOPTIONS`=""
52
55
53 #### Networking settings
56 #### Networking settings
54 These settings are used to set up networking configuration in `/etc/systemd/network/eth.network`.
57 These settings are used to set up networking configuration in `/etc/systemd/network/eth.network`.
55
58
56 #####`ENABLE_DHCP`=true
59 #####`ENABLE_DHCP`=true
57 Set the system to use DHCP. When set to "true", the following `NET_*` settings (used for static configuration) are ignored.
60 Set the system to use DHCP. When set to "true", the following `NET_*` settings (used for static configuration) are ignored.
58
61
59 #####`NET_ADDRESS`=""
62 #####`NET_ADDRESS`=""
60 Set a static IPv4 or IPv6 address and its prefix, separated by "/", eg. "192.169.0.3/24".
63 Set a static IPv4 or IPv6 address and its prefix, separated by "/", eg. "192.169.0.3/24".
61
64
62 #####`NET_GATEWAY`=""
65 #####`NET_GATEWAY`=""
63 Set the IP address for the default gateway.
66 Set the IP address for the default gateway.
64
67
65 #####`NET_DNS_1`=""
68 #####`NET_DNS_1`=""
66 Set the IP address for the first DNS server.
69 Set the IP address for the first DNS server.
67
70
68 #####`NET_DNS_2`=""
71 #####`NET_DNS_2`=""
69 Set the IP address for the second DNS server.
72 Set the IP address for the second DNS server.
70
73
71 #####`NET_DNS_DOMAINS`=""
74 #####`NET_DNS_DOMAINS`=""
72 Set the default DNS search domains to use for non fully qualified host names.
75 Set the default DNS search domains to use for non fully qualified host names.
73
76
74 #####`NET_NTP_1`=""
77 #####`NET_NTP_1`=""
75 Set the IP address for the first NTP server.
78 Set the IP address for the first NTP server.
76
79
77 #####`NET_NTP_2`=""
80 #####`NET_NTP_2`=""
78 Set the IP address for the second NTP server.
81 Set the IP address for the second NTP server.
79
82
80 #### Basic system features:
83 #### Basic system features:
81 ##### `ENABLE_CONSOLE`=true
84 ##### `ENABLE_CONSOLE`=true
82 Enable serial console interface. Recommended if no monitor or keyboard is connected to the RPi2. In case of problems fe. if the network (auto) configuration failed - the serial console can be used to access the system.
85 Enable serial console interface. Recommended if no monitor or keyboard is connected to the RPi2. In case of problems fe. if the network (auto) configuration failed - the serial console can be used to access the system.
83
86
84 ##### `ENABLE_IPV6`=true
87 ##### `ENABLE_IPV6`=true
85 Enable IPv6 support. The network interface configuration is managed via systemd-networkd.
88 Enable IPv6 support. The network interface configuration is managed via systemd-networkd.
86
89
87 ##### `ENABLE_SSHD`=true
90 ##### `ENABLE_SSHD`=true
88 Install and enable OpenSSH service. The default configuration of the service doesn't allow `root` to login. Please use the user `pi` instead and `su -` or `sudo` to execute commands as root.
91 Install and enable OpenSSH service. The default configuration of the service doesn't allow `root` to login. Please use the user `pi` instead and `su -` or `sudo` to execute commands as root.
89
92
90 ##### `ENABLE_RSYSLOG`=true
93 ##### `ENABLE_RSYSLOG`=true
91 If set to false, disable and uninstall rsyslog (so logs will be available only
94 If set to false, disable and uninstall rsyslog (so logs will be available only
92 in journal files)
95 in journal files)
93
96
94 ##### `ENABLE_SOUND`=true
97 ##### `ENABLE_SOUND`=true
95 Enable sound hardware and install Advanced Linux Sound Architecture.
98 Enable sound hardware and install Advanced Linux Sound Architecture.
96
99
97 ##### `ENABLE_HWRANDOM`=true
100 ##### `ENABLE_HWRANDOM`=true
98 Enable Hardware Random Number Generator. Strong random numbers are important for most network based communications that use encryption. It's recommended to be enabled.
101 Enable Hardware Random Number Generator. Strong random numbers are important for most network based communications that use encryption. It's recommended to be enabled.
99
102
100 ##### `ENABLE_MINGPU`=false
103 ##### `ENABLE_MINGPU`=false
101 Minimize the amount of shared memory reserved for the GPU. It doesn't seem to be possible to fully disable the GPU.
104 Minimize the amount of shared memory reserved for the GPU. It doesn't seem to be possible to fully disable the GPU.
102
105
103 ##### `ENABLE_DBUS`=true
106 ##### `ENABLE_DBUS`=true
104 Install and enable D-Bus message bus. Please note that systemd should work without D-bus but it's recommended to be enabled.
107 Install and enable D-Bus message bus. Please note that systemd should work without D-bus but it's recommended to be enabled.
105
108
106 ##### `ENABLE_XORG`=false
109 ##### `ENABLE_XORG`=false
107 Install Xorg open-source X Window System.
110 Install Xorg open-source X Window System.
108
111
109 ##### `ENABLE_WM`=""
112 ##### `ENABLE_WM`=""
110 Install a user defined window manager for the X Window System. To make sure all X related package dependencies are getting installed `ENABLE_XORG` will automatically get enabled if `ENABLE_WM` is used. The `rpi2-gen-image.sh` script has been tested with the following list of window managers: `blackbox`, `openbox`, `fluxbox`, `jwm`, `dwm`, `xfce4`, `awesome`.
113 Install a user defined window manager for the X Window System. To make sure all X related package dependencies are getting installed `ENABLE_XORG` will automatically get enabled if `ENABLE_WM` is used. The `rpi2-gen-image.sh` script has been tested with the following list of window managers: `blackbox`, `openbox`, `fluxbox`, `jwm`, `dwm`, `xfce4`, `awesome`.
111
114
112 #### Advanced sytem features:
115 #### Advanced sytem features:
113 ##### `ENABLE_MINBASE`=false
116 ##### `ENABLE_MINBASE`=false
114 Use debootstrap script variant `minbase` which only includes essential packages and apt. This will reduce the disk usage by about 65 MB.
117 Use debootstrap script variant `minbase` which only includes essential packages and apt. This will reduce the disk usage by about 65 MB.
115
118
116 ##### `ENABLE_UBOOT`=false
119 ##### `ENABLE_UBOOT`=false
117 Replace default RPi2 second stage bootloader (bootcode.bin) with U-Boot bootloader. U-Boot can boot images via the network using the BOOTP/TFTP protocol.
120 Replace default RPi2 second stage bootloader (bootcode.bin) with U-Boot bootloader. U-Boot can boot images via the network using the BOOTP/TFTP protocol.
118
121
119 ##### `ENABLE_FBTURBO`=false
122 ##### `ENABLE_FBTURBO`=false
120 Install and enable the hardware accelerated Xorg video driver `fbturbo`. Please note that this driver is currently limited to hardware accelerated window moving and scrolling.
123 Install and enable the hardware accelerated Xorg video driver `fbturbo`. Please note that this driver is currently limited to hardware accelerated window moving and scrolling.
121
124
122 ##### `ENABLE_IPTABLES`=false
125 ##### `ENABLE_IPTABLES`=false
123 Enable iptables IPv4/IPv6 firewall. Simplified ruleset: Allow all outgoing connections. Block all incoming connections except to OpenSSH service.
126 Enable iptables IPv4/IPv6 firewall. Simplified ruleset: Allow all outgoing connections. Block all incoming connections except to OpenSSH service.
124
127
125 ##### `ENABLE_USER`=true
128 ##### `ENABLE_USER`=true
126 Create pi user with password raspberry
129 Create pi user with password raspberry
127
130
128 ##### `ENABLE_ROOT`=true
131 ##### `ENABLE_ROOT`=true
129 Set root user password so root login will be enabled
132 Set root user password so root login will be enabled
130
133
131 ##### `ENABLE_ROOT_SSH`=true
134 ##### `ENABLE_ROOT_SSH`=true
132 Enable password root login via SSH. May be a security risk with default
135 Enable password root login via SSH. May be a security risk with default
133 password, use only in trusted environments.
136 password, use only in trusted environments.
134
137
135 ##### `ENABLE_HARDNET`=false
138 ##### `ENABLE_HARDNET`=false
136 Enable IPv4/IPv6 network stack hardening settings.
139 Enable IPv4/IPv6 network stack hardening settings.
137
140
138 ## Logging of the bootstrapping process
141 ## Logging of the bootstrapping process
139 All information related to the bootstrapping process and the commands executed by the `rpi2-gen-image.sh` script can easily be saved into a logfile. The common shell command `script` can be used for this purpose:
142 All information related to the bootstrapping process and the commands executed by the `rpi2-gen-image.sh` script can easily be saved into a logfile. The common shell command `script` can be used for this purpose:
140
143
141 ```shell
144 ```shell
142 script -c 'APT_SERVER=ftp.de.debian.org ./rpi2-gen-image.sh' ./build.log
145 script -c 'APT_SERVER=ftp.de.debian.org ./rpi2-gen-image.sh' ./build.log
143 ```
146 ```
144
147
145 ## Flashing the image file
148 ## Flashing the image file
146 After the image file was successfully created by the `rpi2-gen-image.sh` script it can be copied to the microSD card that will be used by the RPi2 computer. This can be performed by using the tools `bmaptool` or `dd`. Using `bmaptool` will probably speed-up the copy process because `bmaptool` copies more wisely than `dd`.
149 After the image file was successfully created by the `rpi2-gen-image.sh` script it can be copied to the microSD card that will be used by the RPi2 computer. This can be performed by using the tools `bmaptool` or `dd`. Using `bmaptool` will probably speed-up the copy process because `bmaptool` copies more wisely than `dd`.
147
150
148 #####Flashing examples:
151 #####Flashing examples:
149 ```shell
152 ```shell
150 bmaptool copy ./images/jessie/2015-12-13-debian-jessie.img /dev/mmcblk0
153 bmaptool copy ./images/jessie/2015-12-13-debian-jessie.img /dev/mmcblk0
151 dd bs=4M if=./images/jessie/2015-12-13-debian-jessie.img of=/dev/mmcblk0
154 dd bs=4M if=./images/jessie/2015-12-13-debian-jessie.img of=/dev/mmcblk0
152 ```
155 ```
Show file before | Show file after | Hide comments
@@ -1,951 +1,1016
1 #!/bin/sh
1 #!/bin/sh
2
2
3 ########################################################################
3 ########################################################################
4 # rpi2-gen-image.sh ver2a 12/2015
4 # rpi2-gen-image.sh ver2a 12/2015
5 #
5 #
6 # Advanced debian "jessie" bootstrap script for RPi2
6 # Advanced debian "jessie" bootstrap script for RPi2
7 #
7 #
8 # This program is free software; you can redistribute it and/or
8 # This program is free software; you can redistribute it and/or
9 # modify it under the terms of the GNU General Public License
9 # modify it under the terms of the GNU General Public License
10 # as published by the Free Software Foundation; either version 2
10 # as published by the Free Software Foundation; either version 2
11 # of the License, or (at your option) any later version.
11 # of the License, or (at your option) any later version.
12 #
12 #
13 # some parts based on rpi2-build-image:
13 # some parts based on rpi2-build-image:
14 # Copyright (C) 2015 Ryan Finnie <ryan@finnie.org>
14 # Copyright (C) 2015 Ryan Finnie <ryan@finnie.org>
15 # Copyright (C) 2015 Luca Falavigna <dktrkranz@debian.org>
15 # Copyright (C) 2015 Luca Falavigna <dktrkranz@debian.org>
16 ########################################################################
16 ########################################################################
17
17
18 # Clean up all temporary mount points
18 # Clean up all temporary mount points
19 cleanup (){
19 cleanup (){
20 set +x
20 set +x
21 set +e
21 set +e
22 echo "removing temporary mount points ..."
22 echo "removing temporary mount points ..."
23 umount -l $R/proc 2> /dev/null
23 umount -l $R/proc 2> /dev/null
24 umount -l $R/sys 2> /dev/null
24 umount -l $R/sys 2> /dev/null
25 umount -l $R/dev/pts 2> /dev/null
25 umount -l $R/dev/pts 2> /dev/null
26 umount "$BUILDDIR/mount/boot/firmware" 2> /dev/null
26 umount "$BUILDDIR/mount/boot/firmware" 2> /dev/null
27 umount "$BUILDDIR/mount" 2> /dev/null
27 umount "$BUILDDIR/mount" 2> /dev/null
28 losetup -d "$EXT4_LOOP" 2> /dev/null
28 losetup -d "$EXT4_LOOP" 2> /dev/null
29 losetup -d "$VFAT_LOOP" 2> /dev/null
29 losetup -d "$VFAT_LOOP" 2> /dev/null
30 trap - 0 1 2 3 6
30 trap - 0 1 2 3 6
31 }
31 }
32
32
33 # Exec command in chroot
33 # Exec command in chroot
34 chroot_exec() {
34 chroot_exec() {
35 LANG=C LC_ALL=C chroot $R $*
35 LANG=C LC_ALL=C chroot $R $*
36 }
36 }
37
37
38 set -e
38 set -e
39 set -x
39 set -x
40
40
41 # Debian release
41 # Debian release
42 RELEASE=${RELEASE:=jessie}
42 RELEASE=${RELEASE:=jessie}
43 KERNEL=${KERNEL:=3.18.0-trunk-rpi2}
43 KERNEL=${KERNEL:=3.18.0-trunk-rpi2}
44
44
45 # Build settings
45 # Build settings
46 BASEDIR=./images/${RELEASE}
46 BASEDIR=./images/${RELEASE}
47 BUILDDIR=${BASEDIR}/build
47 BUILDDIR=${BASEDIR}/build
48
48
49 # General settings
49 # General settings
50 HOSTNAME=${HOSTNAME:=rpi2-${RELEASE}}
50 HOSTNAME=${HOSTNAME:=rpi2-${RELEASE}}
51 PASSWORD=${PASSWORD:=raspberry}
51 PASSWORD=${PASSWORD:=raspberry}
52 DEFLOCAL=${DEFLOCAL:="en_US.UTF-8"}
52 DEFLOCAL=${DEFLOCAL:="en_US.UTF-8"}
53 TIMEZONE=${TIMEZONE:="Europe/Berlin"}
53 TIMEZONE=${TIMEZONE:="Europe/Berlin"}
54 XKBMODEL=${XKBMODEL:=""}
54 XKBMODEL=${XKBMODEL:=""}
55 XKBLAYOUT=${XKBLAYOUT:=""}
55 XKBLAYOUT=${XKBLAYOUT:=""}
56 XKBVARIANT=${XKBVARIANT:=""}
56 XKBVARIANT=${XKBVARIANT:=""}
57 XKBOPTIONS=${XKBOPTIONS:=""}
57 XKBOPTIONS=${XKBOPTIONS:=""}
58 EXPANDROOT=${EXPANDROOT:=true}
58
59
59 # Network settings
60 # Network settings
60 ENABLE_DHCP=${ENABLE_DHCP:=true}
61 ENABLE_DHCP=${ENABLE_DHCP:=true}
61 # NET_* settings are ignored when ENABLE_DHCP=true
62 # NET_* settings are ignored when ENABLE_DHCP=true
62 # NET_ADDRESS is an IPv4 or IPv6 address and its prefix, separated by "/"
63 # NET_ADDRESS is an IPv4 or IPv6 address and its prefix, separated by "/"
63 NET_ADDRESS=${NET_ADDRESS:=""}
64 NET_ADDRESS=${NET_ADDRESS:=""}
64 NET_GATEWAY=${NET_GATEWAY:=""}
65 NET_GATEWAY=${NET_GATEWAY:=""}
65 NET_DNS_1=${NET_DNS_1:=""}
66 NET_DNS_1=${NET_DNS_1:=""}
66 NET_DNS_2=${NET_DNS_2:=""}
67 NET_DNS_2=${NET_DNS_2:=""}
67 NET_DNS_DOMAINS=${NET_DNS_DOMAINS:=""}
68 NET_DNS_DOMAINS=${NET_DNS_DOMAINS:=""}
68 NET_NTP_1=${NET_NTP_1:=""}
69 NET_NTP_1=${NET_NTP_1:=""}
69 NET_NTP_2=${NET_NTP_2:=""}
70 NET_NTP_2=${NET_NTP_2:=""}
70
71
71 # APT settings
72 # APT settings
72 APT_PROXY=${APT_PROXY:=""}
73 APT_PROXY=${APT_PROXY:=""}
73 APT_SERVER=${APT_SERVER:="ftp.debian.org"}
74 APT_SERVER=${APT_SERVER:="ftp.debian.org"}
74
75
75 # Feature settings
76 # Feature settings
76 ENABLE_CONSOLE=${ENABLE_CONSOLE:=true}
77 ENABLE_CONSOLE=${ENABLE_CONSOLE:=true}
77 ENABLE_IPV6=${ENABLE_IPV6:=true}
78 ENABLE_IPV6=${ENABLE_IPV6:=true}
78 ENABLE_SSHD=${ENABLE_SSHD:=true}
79 ENABLE_SSHD=${ENABLE_SSHD:=true}
79 ENABLE_SOUND=${ENABLE_SOUND:=true}
80 ENABLE_SOUND=${ENABLE_SOUND:=true}
80 ENABLE_DBUS=${ENABLE_DBUS:=true}
81 ENABLE_DBUS=${ENABLE_DBUS:=true}
81 ENABLE_HWRANDOM=${ENABLE_HWRANDOM:=true}
82 ENABLE_HWRANDOM=${ENABLE_HWRANDOM:=true}
82 ENABLE_MINGPU=${ENABLE_MINGPU:=false}
83 ENABLE_MINGPU=${ENABLE_MINGPU:=false}
83 ENABLE_XORG=${ENABLE_XORG:=false}
84 ENABLE_XORG=${ENABLE_XORG:=false}
84 ENABLE_WM=${ENABLE_WM:=""}
85 ENABLE_WM=${ENABLE_WM:=""}
85 ENABLE_RSYSLOG=${ENABLE_RSYSLOG:=true}
86 ENABLE_RSYSLOG=${ENABLE_RSYSLOG:=true}
86 ENABLE_USER=${ENABLE_USER:=true}
87 ENABLE_USER=${ENABLE_USER:=true}
87 ENABLE_ROOT=${ENABLE_ROOT:=false}
88 ENABLE_ROOT=${ENABLE_ROOT:=false}
88 ENABLE_ROOT_SSH=${ENABLE_ROOT_SSH:=false}
89 ENABLE_ROOT_SSH=${ENABLE_ROOT_SSH:=false}
89
90
90 # Advanced settings
91 # Advanced settings
91 ENABLE_MINBASE=${ENABLE_MINBASE:=false}
92 ENABLE_MINBASE=${ENABLE_MINBASE:=false}
92 ENABLE_UBOOT=${ENABLE_UBOOT:=false}
93 ENABLE_UBOOT=${ENABLE_UBOOT:=false}
93 ENABLE_FBTURBO=${ENABLE_FBTURBO:=false}
94 ENABLE_FBTURBO=${ENABLE_FBTURBO:=false}
94 ENABLE_HARDNET=${ENABLE_HARDNET:=false}
95 ENABLE_HARDNET=${ENABLE_HARDNET:=false}
95 ENABLE_IPTABLES=${ENABLE_IPTABLES:=false}
96 ENABLE_IPTABLES=${ENABLE_IPTABLES:=false}
96
97
97 # Image chroot path
98 # Image chroot path
98 R=${BUILDDIR}/chroot
99 R=${BUILDDIR}/chroot
99
100
100 # Packages required for bootstrapping
101 # Packages required for bootstrapping
101 REQUIRED_PACKAGES="debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git-core"
102 REQUIRED_PACKAGES="debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git-core"
102
103
103 # Missing packages that need to be installed
104 # Missing packages that need to be installed
104 MISSING_PACKAGES=""
105 MISSING_PACKAGES=""
105
106
106 # Packages required in the chroot build environment
107 # Packages required in the chroot build environment
107 APT_INCLUDES=${APT_INCLUDES:=""}
108 APT_INCLUDES=${APT_INCLUDES:=""}
108 APT_INCLUDES="${APT_INCLUDES},apt-transport-https,ca-certificates,debian-archive-keyring,dialog,sudo"
109 APT_INCLUDES="${APT_INCLUDES},apt-transport-https,ca-certificates,debian-archive-keyring,dialog,sudo"
109
110
110 set +x
111 set +x
111
112
112 # Are we running as root?
113 # Are we running as root?
113 if [ "$(id -u)" -ne "0" ] ; then
114 if [ "$(id -u)" -ne "0" ] ; then
114 echo "this script must be executed with root privileges"
115 echo "this script must be executed with root privileges"
115 exit 1
116 exit 1
116 fi
117 fi
117
118
118 # Check if all required packages are installed
119 # Check if all required packages are installed
119 for package in $REQUIRED_PACKAGES ; do
120 for package in $REQUIRED_PACKAGES ; do
120 if [ "`dpkg-query -W -f='${Status}' $package`" != "install ok installed" ] ; then
121 if [ "`dpkg-query -W -f='${Status}' $package`" != "install ok installed" ] ; then
121 MISSING_PACKAGES="$MISSING_PACKAGES $package"
122 MISSING_PACKAGES="$MISSING_PACKAGES $package"
122 fi
123 fi
123 done
124 done
124
125
125 # Ask if missing packages should get installed right now
126 # Ask if missing packages should get installed right now
126 if [ -n "$MISSING_PACKAGES" ] ; then
127 if [ -n "$MISSING_PACKAGES" ] ; then
127 echo "the following packages needed by this script are not installed:"
128 echo "the following packages needed by this script are not installed:"
128 echo "$MISSING_PACKAGES"
129 echo "$MISSING_PACKAGES"
129
130
130 echo -n "\ndo you want to install the missing packages right now? [y/n] "
131 echo -n "\ndo you want to install the missing packages right now? [y/n] "
131 read confirm
132 read confirm
132 if [ "$confirm" != "y" ] ; then
133 if [ "$confirm" != "y" ] ; then
133 exit 1
134 exit 1
134 fi
135 fi
135 fi
136 fi
136
137
137 # Make sure all required packages are installed
138 # Make sure all required packages are installed
138 apt-get -qq -y install ${REQUIRED_PACKAGES}
139 apt-get -qq -y install ${REQUIRED_PACKAGES}
139
140
140 # Don't clobber an old build
141 # Don't clobber an old build
141 if [ -e "$BUILDDIR" ]; then
142 if [ -e "$BUILDDIR" ]; then
142 echo "directory $BUILDDIR already exists, not proceeding"
143 echo "directory $BUILDDIR already exists, not proceeding"
143 exit 1
144 exit 1
144 fi
145 fi
145
146
146 set -x
147 set -x
147
148
148 # Call "cleanup" function on various signals and errors
149 # Call "cleanup" function on various signals and errors
149 trap cleanup 0 1 2 3 6
150 trap cleanup 0 1 2 3 6
150
151
151 # Set up chroot directory
152 # Set up chroot directory
152 mkdir -p $R
153 mkdir -p $R
153
154
154 # Add required packages for the minbase installation
155 # Add required packages for the minbase installation
155 if [ "$ENABLE_MINBASE" = true ] ; then
156 if [ "$ENABLE_MINBASE" = true ] ; then
156 APT_INCLUDES="${APT_INCLUDES},vim-tiny,netbase,net-tools"
157 APT_INCLUDES="${APT_INCLUDES},vim-tiny,netbase,net-tools"
157 else
158 else
158 APT_INCLUDES="${APT_INCLUDES},locales,keyboard-configuration,console-setup"
159 APT_INCLUDES="${APT_INCLUDES},locales,keyboard-configuration,console-setup"
159 fi
160 fi
160
161
162 # Add parted package, required to get partprobe utility
163 if [ "$EXPANDROOT" = true ] ; then
164 APT_INCLUDES="${APT_INCLUDES},parted"
165 fi
166
161 # Add dbus package, recommended if using systemd
167 # Add dbus package, recommended if using systemd
162 if [ "$ENABLE_DBUS" = true ] ; then
168 if [ "$ENABLE_DBUS" = true ] ; then
163 APT_INCLUDES="${APT_INCLUDES},dbus"
169 APT_INCLUDES="${APT_INCLUDES},dbus"
164 fi
170 fi
165
171
166 # Add iptables IPv4/IPv6 package
172 # Add iptables IPv4/IPv6 package
167 if [ "$ENABLE_IPTABLES" = true ] ; then
173 if [ "$ENABLE_IPTABLES" = true ] ; then
168 APT_INCLUDES="${APT_INCLUDES},iptables"
174 APT_INCLUDES="${APT_INCLUDES},iptables"
169 fi
175 fi
170
176
171 # Add openssh server package
177 # Add openssh server package
172 if [ "$ENABLE_SSHD" = true ] ; then
178 if [ "$ENABLE_SSHD" = true ] ; then
173 APT_INCLUDES="${APT_INCLUDES},openssh-server"
179 APT_INCLUDES="${APT_INCLUDES},openssh-server"
174 fi
180 fi
175
181
176 # Add alsa-utils package
182 # Add alsa-utils package
177 if [ "$ENABLE_SOUND" = true ] ; then
183 if [ "$ENABLE_SOUND" = true ] ; then
178 APT_INCLUDES="${APT_INCLUDES},alsa-utils"
184 APT_INCLUDES="${APT_INCLUDES},alsa-utils"
179 fi
185 fi
180
186
181 # Add rng-tools package
187 # Add rng-tools package
182 if [ "$ENABLE_HWRANDOM" = true ] ; then
188 if [ "$ENABLE_HWRANDOM" = true ] ; then
183 APT_INCLUDES="${APT_INCLUDES},rng-tools"
189 APT_INCLUDES="${APT_INCLUDES},rng-tools"
184 fi
190 fi
185
191
186 if [ "$ENABLE_USER" = true ]; then
192 if [ "$ENABLE_USER" = true ]; then
187 APT_INCLUDES="${APT_INCLUDES},sudo"
193 APT_INCLUDES="${APT_INCLUDES},sudo"
188 fi
194 fi
189
195
190 # Add fbturbo video driver
196 # Add fbturbo video driver
191 if [ "$ENABLE_FBTURBO" = true ] ; then
197 if [ "$ENABLE_FBTURBO" = true ] ; then
192 # Enable xorg package dependencies
198 # Enable xorg package dependencies
193 ENABLE_XORG=true
199 ENABLE_XORG=true
194 fi
200 fi
195
201
196 # Add user defined window manager package
202 # Add user defined window manager package
197 if [ -n "$ENABLE_WM" ] ; then
203 if [ -n "$ENABLE_WM" ] ; then
198 APT_INCLUDES="${APT_INCLUDES},${ENABLE_WM}"
204 APT_INCLUDES="${APT_INCLUDES},${ENABLE_WM}"
199
205
200 # Enable xorg package dependencies
206 # Enable xorg package dependencies
201 ENABLE_XORG=true
207 ENABLE_XORG=true
202 fi
208 fi
203
209
204 # Add xorg package
210 # Add xorg package
205 if [ "$ENABLE_XORG" = true ] ; then
211 if [ "$ENABLE_XORG" = true ] ; then
206 APT_INCLUDES="${APT_INCLUDES},xorg"
212 APT_INCLUDES="${APT_INCLUDES},xorg"
207 fi
213 fi
208
214
209 # Base debootstrap (unpack only)
215 # Base debootstrap (unpack only)
210 if [ "$ENABLE_MINBASE" = true ] ; then
216 if [ "$ENABLE_MINBASE" = true ] ; then
211 http_proxy=${APT_PROXY} debootstrap --arch=armhf --variant=minbase --foreign --include=${APT_INCLUDES} $RELEASE $R http://${APT_SERVER}/debian
217 http_proxy=${APT_PROXY} debootstrap --arch=armhf --variant=minbase --foreign --include=${APT_INCLUDES} $RELEASE $R http://${APT_SERVER}/debian
212 else
218 else
213 http_proxy=${APT_PROXY} debootstrap --arch=armhf --foreign --include=${APT_INCLUDES} $RELEASE $R http://${APT_SERVER}/debian
219 http_proxy=${APT_PROXY} debootstrap --arch=armhf --foreign --include=${APT_INCLUDES} $RELEASE $R http://${APT_SERVER}/debian
214 fi
220 fi
215
221
216 # Copy qemu emulator binary to chroot
222 # Copy qemu emulator binary to chroot
217 cp /usr/bin/qemu-arm-static $R/usr/bin
223 cp /usr/bin/qemu-arm-static $R/usr/bin
218
224
219 # Copy debian-archive-keyring.pgp
225 # Copy debian-archive-keyring.pgp
220 chroot $R mkdir -p /usr/share/keyrings
226 chroot $R mkdir -p /usr/share/keyrings
221 cp /usr/share/keyrings/debian-archive-keyring.gpg $R/usr/share/keyrings/debian-archive-keyring.gpg
227 cp /usr/share/keyrings/debian-archive-keyring.gpg $R/usr/share/keyrings/debian-archive-keyring.gpg
222
228
223 # Complete the bootstrapping process
229 # Complete the bootstrapping process
224 chroot $R /debootstrap/debootstrap --second-stage
230 chroot $R /debootstrap/debootstrap --second-stage
225
231
226 # Mount required filesystems
232 # Mount required filesystems
227 mount -t proc none $R/proc
233 mount -t proc none $R/proc
228 mount -t sysfs none $R/sys
234 mount -t sysfs none $R/sys
229 mount --bind /dev/pts $R/dev/pts
235 mount --bind /dev/pts $R/dev/pts
230
236
231 # Use proxy inside chroot
237 # Use proxy inside chroot
232 if [ -z "$APT_PROXY" ] ; then
238 if [ -z "$APT_PROXY" ] ; then
233 echo "Acquire::http::Proxy \"$APT_PROXY\";" >> $R/etc/apt/apt.conf.d/10proxy
239 echo "Acquire::http::Proxy \"$APT_PROXY\";" >> $R/etc/apt/apt.conf.d/10proxy
234 fi
240 fi
235
241
236 # Pin package flash-kernel to repositories.collabora.co.uk
242 # Pin package flash-kernel to repositories.collabora.co.uk
237 cat <<EOM >$R/etc/apt/preferences.d/flash-kernel
243 cat <<EOM >$R/etc/apt/preferences.d/flash-kernel
238 Package: flash-kernel
244 Package: flash-kernel
239 Pin: origin repositories.collabora.co.uk
245 Pin: origin repositories.collabora.co.uk
240 Pin-Priority: 1000
246 Pin-Priority: 1000
241 EOM
247 EOM
242
248
243 # Set up timezone
249 # Set up timezone
244 echo ${TIMEZONE} >$R/etc/timezone
250 echo ${TIMEZONE} >$R/etc/timezone
245 chroot_exec dpkg-reconfigure -f noninteractive tzdata
251 chroot_exec dpkg-reconfigure -f noninteractive tzdata
246
252
247 # Upgrade collabora package index and install collabora keyring
253 # Upgrade collabora package index and install collabora keyring
248 echo "deb https://repositories.collabora.co.uk/debian ${RELEASE} rpi2" >$R/etc/apt/sources.list
254 echo "deb https://repositories.collabora.co.uk/debian ${RELEASE} rpi2" >$R/etc/apt/sources.list
249 chroot_exec apt-get -qq -y update
255 chroot_exec apt-get -qq -y update
250 chroot_exec apt-get -qq -y --force-yes install collabora-obs-archive-keyring
256 chroot_exec apt-get -qq -y --force-yes install collabora-obs-archive-keyring
251
257
252 # Set up initial sources.list
258 # Set up initial sources.list
253 cat <<EOM >$R/etc/apt/sources.list
259 cat <<EOM >$R/etc/apt/sources.list
254 deb http://${APT_SERVER}/debian ${RELEASE} main contrib
260 deb http://${APT_SERVER}/debian ${RELEASE} main contrib
255 #deb-src http://${APT_SERVER}/debian ${RELEASE} main contrib
261 #deb-src http://${APT_SERVER}/debian ${RELEASE} main contrib
256
262
257 deb http://${APT_SERVER}/debian/ ${RELEASE}-updates main contrib
263 deb http://${APT_SERVER}/debian/ ${RELEASE}-updates main contrib
258 #deb-src http://${APT_SERVER}/debian/ ${RELEASE}-updates main contrib
264 #deb-src http://${APT_SERVER}/debian/ ${RELEASE}-updates main contrib
259
265
260 deb http://security.debian.org/ ${RELEASE}/updates main contrib
266 deb http://security.debian.org/ ${RELEASE}/updates main contrib
261 #deb-src http://security.debian.org/ ${RELEASE}/updates main contrib
267 #deb-src http://security.debian.org/ ${RELEASE}/updates main contrib
262
268
263 deb https://repositories.collabora.co.uk/debian ${RELEASE} rpi2
269 deb https://repositories.collabora.co.uk/debian ${RELEASE} rpi2
264 EOM
270 EOM
265
271
266 # Upgrade package index and update all installed packages and changed dependencies
272 # Upgrade package index and update all installed packages and changed dependencies
267 chroot_exec apt-get -qq -y update
273 chroot_exec apt-get -qq -y update
268 chroot_exec apt-get -qq -y -u dist-upgrade
274 chroot_exec apt-get -qq -y -u dist-upgrade
269
275
270 # Set up default locale and keyboard configuration
276 # Set up default locale and keyboard configuration
271 if [ "$ENABLE_MINBASE" = false ] ; then
277 if [ "$ENABLE_MINBASE" = false ] ; then
272 # Set locale choice in debconf db, even though dpkg-reconfigure ignores and overwrites them due to some bug
278 # Set locale choice in debconf db, even though dpkg-reconfigure ignores and overwrites them due to some bug
273 # https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=684134 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=685957
279 # https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=684134 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=685957
274 # ... so we have to set locales manually
280 # ... so we have to set locales manually
275 if [ "$DEFLOCAL" = "en_US.UTF-8" ] ; then
281 if [ "$DEFLOCAL" = "en_US.UTF-8" ] ; then
276 chroot_exec echo "locales locales/locales_to_be_generated multiselect ${DEFLOCAL} UTF-8" | debconf-set-selections
282 chroot_exec echo "locales locales/locales_to_be_generated multiselect ${DEFLOCAL} UTF-8" | debconf-set-selections
277 else
283 else
278 # en_US.UTF-8 should be available anyway : https://www.debian.org/doc/manuals/debian-reference/ch08.en.html#_the_reconfiguration_of_the_locale
284 # en_US.UTF-8 should be available anyway : https://www.debian.org/doc/manuals/debian-reference/ch08.en.html#_the_reconfiguration_of_the_locale
279 chroot_exec echo "locales locales/locales_to_be_generated multiselect en_US.UTF-8 UTF-8, ${DEFLOCAL} UTF-8" | debconf-set-selections
285 chroot_exec echo "locales locales/locales_to_be_generated multiselect en_US.UTF-8 UTF-8, ${DEFLOCAL} UTF-8" | debconf-set-selections
280 chroot_exec sed -i "/en_US.UTF-8/s/^#//" /etc/locale.gen
286 chroot_exec sed -i "/en_US.UTF-8/s/^#//" /etc/locale.gen
281 fi
287 fi
282 chroot_exec sed -i "/${DEFLOCAL}/s/^#//" /etc/locale.gen
288 chroot_exec sed -i "/${DEFLOCAL}/s/^#//" /etc/locale.gen
283 chroot_exec echo "locales locales/default_environment_locale select ${DEFLOCAL}" | debconf-set-selections
289 chroot_exec echo "locales locales/default_environment_locale select ${DEFLOCAL}" | debconf-set-selections
284 chroot_exec locale-gen
290 chroot_exec locale-gen
285 chroot_exec update-locale LANG=${DEFLOCAL}
291 chroot_exec update-locale LANG=${DEFLOCAL}
286
292
287 # Keyboard configuration, if requested
293 # Keyboard configuration, if requested
288 if [ "$XKBMODEL" != "" ] ; then
294 if [ "$XKBMODEL" != "" ] ; then
289 chroot_exec sed -i "s/^XKBMODEL.*/XKBMODEL=\"${XKBMODEL}\"/" /etc/default/keyboard
295 chroot_exec sed -i "s/^XKBMODEL.*/XKBMODEL=\"${XKBMODEL}\"/" /etc/default/keyboard
290 fi
296 fi
291 if [ "$XKBLAYOUT" != "" ] ; then
297 if [ "$XKBLAYOUT" != "" ] ; then
292 chroot_exec sed -i "s/^XKBLAYOUT.*/XKBLAYOUT=\"${XKBLAYOUT}\"/" /etc/default/keyboard
298 chroot_exec sed -i "s/^XKBLAYOUT.*/XKBLAYOUT=\"${XKBLAYOUT}\"/" /etc/default/keyboard
293 fi
299 fi
294 if [ "$XKBVARIANT" != "" ] ; then
300 if [ "$XKBVARIANT" != "" ] ; then
295 chroot_exec sed -i "s/^XKBVARIANT.*/XKBVARIANT=\"${XKBVARIANT}\"/" /etc/default/keyboard
301 chroot_exec sed -i "s/^XKBVARIANT.*/XKBVARIANT=\"${XKBVARIANT}\"/" /etc/default/keyboard
296 fi
302 fi
297 if [ "$XKBOPTIONS" != "" ] ; then
303 if [ "$XKBOPTIONS" != "" ] ; then
298 chroot_exec sed -i "s/^XKBOPTIONS.*/XKBOPTIONS=\"${XKBOPTIONS}\"/" /etc/default/keyboard
304 chroot_exec sed -i "s/^XKBOPTIONS.*/XKBOPTIONS=\"${XKBOPTIONS}\"/" /etc/default/keyboard
299 fi
305 fi
300 chroot_exec dpkg-reconfigure -f noninteractive keyboard-configuration
306 chroot_exec dpkg-reconfigure -f noninteractive keyboard-configuration
301 # Set up font console
307 # Set up font console
302 case "${DEFLOCAL}" in
308 case "${DEFLOCAL}" in
303 *UTF-8)
309 *UTF-8)
304 chroot_exec sed -i 's/^CHARMAP.*/CHARMAP="UTF-8"/' /etc/default/console-setup
310 chroot_exec sed -i 's/^CHARMAP.*/CHARMAP="UTF-8"/' /etc/default/console-setup
305 ;;
311 ;;
306 *)
312 *)
307 chroot_exec sed -i 's/^CHARMAP.*/CHARMAP="guess"/' /etc/default/console-setup
313 chroot_exec sed -i 's/^CHARMAP.*/CHARMAP="guess"/' /etc/default/console-setup
308 ;;
314 ;;
309 esac
315 esac
310 chroot_exec dpkg-reconfigure -f noninteractive console-setup
316 chroot_exec dpkg-reconfigure -f noninteractive console-setup
311 fi
317 fi
312
318
313 # Kernel installation
319 # Kernel installation
314 # Install flash-kernel last so it doesn't try (and fail) to detect the platform in the chroot
320 # Install flash-kernel last so it doesn't try (and fail) to detect the platform in the chroot
315 chroot_exec apt-get -qq -y --no-install-recommends install linux-image-${KERNEL} raspberrypi-bootloader-nokernel
321 chroot_exec apt-get -qq -y --no-install-recommends install linux-image-${KERNEL} raspberrypi-bootloader-nokernel
316 chroot_exec apt-get -qq -y install flash-kernel
322 chroot_exec apt-get -qq -y install flash-kernel
317
323
318 VMLINUZ="$(ls -1 $R/boot/vmlinuz-* | sort | tail -n 1)"
324 VMLINUZ="$(ls -1 $R/boot/vmlinuz-* | sort | tail -n 1)"
319 [ -z "$VMLINUZ" ] && exit 1
325 [ -z "$VMLINUZ" ] && exit 1
320 cp $VMLINUZ $R/boot/firmware/kernel7.img
326 cp $VMLINUZ $R/boot/firmware/kernel7.img
321
327
322 # Set up IPv4 hosts
328 # Set up IPv4 hosts
323 echo ${HOSTNAME} >$R/etc/hostname
329 echo ${HOSTNAME} >$R/etc/hostname
324 cat <<EOM >$R/etc/hosts
330 cat <<EOM >$R/etc/hosts
325 127.0.0.1 localhost
331 127.0.0.1 localhost
326 127.0.1.1 ${HOSTNAME}
332 127.0.1.1 ${HOSTNAME}
327 EOM
333 EOM
328 if [ "$NET_ADDRESS" != "" ] ; then
334 if [ "$NET_ADDRESS" != "" ] ; then
329 NET_IP=$(echo ${NET_ADDRESS} | cut -f 1 -d'/')
335 NET_IP=$(echo ${NET_ADDRESS} | cut -f 1 -d'/')
330 sed -i "s/^127.0.1.1/${NET_IP}/" $R/etc/hosts
336 sed -i "s/^127.0.1.1/${NET_IP}/" $R/etc/hosts
331 fi
337 fi
332
338
333 # Set up IPv6 hosts
339 # Set up IPv6 hosts
334 if [ "$ENABLE_IPV6" = true ] ; then
340 if [ "$ENABLE_IPV6" = true ] ; then
335 cat <<EOM >>$R/etc/hosts
341 cat <<EOM >>$R/etc/hosts
336
342
337 ::1 localhost ip6-localhost ip6-loopback
343 ::1 localhost ip6-localhost ip6-loopback
338 ff02::1 ip6-allnodes
344 ff02::1 ip6-allnodes
339 ff02::2 ip6-allrouters
345 ff02::2 ip6-allrouters
340 EOM
346 EOM
341 fi
347 fi
342
348
343 # Place hint about network configuration
349 # Place hint about network configuration
344 cat <<EOM >$R/etc/network/interfaces
350 cat <<EOM >$R/etc/network/interfaces
345 # Debian switched to systemd-networkd configuration files.
351 # Debian switched to systemd-networkd configuration files.
346 # please configure your networks in '/etc/systemd/network/'
352 # please configure your networks in '/etc/systemd/network/'
347 EOM
353 EOM
348
354
349 if [ "$ENABLE_DHCP" = true ] ; then
355 if [ "$ENABLE_DHCP" = true ] ; then
350 # Enable systemd-networkd DHCP configuration for interface eth0
356 # Enable systemd-networkd DHCP configuration for interface eth0
351 cat <<EOM >$R/etc/systemd/network/eth.network
357 cat <<EOM >$R/etc/systemd/network/eth.network
352 [Match]
358 [Match]
353 Name=eth0
359 Name=eth0
354
360
355 [Network]
361 [Network]
356 DHCP=yes
362 DHCP=yes
357 EOM
363 EOM
358
364
359 # Set DHCP configuration to IPv4 only
365 # Set DHCP configuration to IPv4 only
360 if [ "$ENABLE_IPV6" = false ] ; then
366 if [ "$ENABLE_IPV6" = false ] ; then
361 sed -i "s/^DHCP=yes/DHCP=v4/" $R/etc/systemd/network/eth.network
367 sed -i "s/^DHCP=yes/DHCP=v4/" $R/etc/systemd/network/eth.network
362 fi
368 fi
363 else # ENABLE_DHCP=false
369 else # ENABLE_DHCP=false
364 cat <<EOM >$R/etc/systemd/network/eth.network
370 cat <<EOM >$R/etc/systemd/network/eth.network
365 [Match]
371 [Match]
366 Name=eth0
372 Name=eth0
367
373
368 [Network]
374 [Network]
369 DHCP=no
375 DHCP=no
370 Address=${NET_ADDRESS}
376 Address=${NET_ADDRESS}
371 Gateway=${NET_GATEWAY}
377 Gateway=${NET_GATEWAY}
372 DNS=${NET_DNS_1}
378 DNS=${NET_DNS_1}
373 DNS=${NET_DNS_2}
379 DNS=${NET_DNS_2}
374 Domains=${NET_DNS_DOMAINS}
380 Domains=${NET_DNS_DOMAINS}
375 NTP=${NET_NTP_1}
381 NTP=${NET_NTP_1}
376 NTP=${NET_NTP_2}
382 NTP=${NET_NTP_2}
377 EOM
383 EOM
378 fi
384 fi
379
385
380 # Enable systemd-networkd service
386 # Enable systemd-networkd service
381 chroot_exec systemctl enable systemd-networkd
387 chroot_exec systemctl enable systemd-networkd
382
388
383 # Generate crypt(3) password string
389 # Generate crypt(3) password string
384 ENCRYPTED_PASSWORD=`mkpasswd -m sha-512 ${PASSWORD}`
390 ENCRYPTED_PASSWORD=`mkpasswd -m sha-512 ${PASSWORD}`
385
391
386 # Set up default user
392 # Set up default user
387 if [ "$ENABLE_USER" = true ] ; then
393 if [ "$ENABLE_USER" = true ] ; then
388 chroot_exec adduser --gecos \"Raspberry PI user\" --add_extra_groups --disabled-password pi
394 chroot_exec adduser --gecos \"Raspberry PI user\" --add_extra_groups --disabled-password pi
389 chroot_exec usermod -a -G sudo -p "${ENCRYPTED_PASSWORD}" pi
395 chroot_exec usermod -a -G sudo -p "${ENCRYPTED_PASSWORD}" pi
390 fi
396 fi
391
397
392 # Set up root password or not
398 # Set up root password or not
393 if [ "$ENABLE_ROOT" = true ]; then
399 if [ "$ENABLE_ROOT" = true ]; then
394 chroot_exec usermod -p "${ENCRYPTED_PASSWORD}" root
400 chroot_exec usermod -p "${ENCRYPTED_PASSWORD}" root
395
401
396 if [ "$ENABLE_ROOT_SSH" = true ]; then
402 if [ "$ENABLE_ROOT_SSH" = true ]; then
397 sed -i 's|[#]*PermitRootLogin.*|PermitRootLogin yes|g' $R/etc/ssh/sshd_config
403 sed -i 's|[#]*PermitRootLogin.*|PermitRootLogin yes|g' $R/etc/ssh/sshd_config
398 fi
404 fi
399 else
405 else
400 chroot_exec usermod -p \'!\' root
406 chroot_exec usermod -p \'!\' root
401 fi
407 fi
402
408
403 # Set up firmware boot cmdline
409 # Set up firmware boot cmdline
404 CMDLINE="dwc_otg.lpm_enable=0 root=/dev/mmcblk0p2 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline rootwait net.ifnames=1 console=tty1"
410 CMDLINE="dwc_otg.lpm_enable=0 root=/dev/mmcblk0p2 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline rootwait net.ifnames=1 console=tty1"
405
411
406 # Set up serial console support (if requested)
412 # Set up serial console support (if requested)
407 if [ "$ENABLE_CONSOLE" = true ] ; then
413 if [ "$ENABLE_CONSOLE" = true ] ; then
408 CMDLINE="${CMDLINE} console=ttyAMA0,115200 kgdboc=ttyAMA0,115200"
414 CMDLINE="${CMDLINE} console=ttyAMA0,115200 kgdboc=ttyAMA0,115200"
409 fi
415 fi
410
416
411 # Set up IPv6 networking support
417 # Set up IPv6 networking support
412 if [ "$ENABLE_IPV6" = false ] ; then
418 if [ "$ENABLE_IPV6" = false ] ; then
413 CMDLINE="${CMDLINE} ipv6.disable=1"
419 CMDLINE="${CMDLINE} ipv6.disable=1"
414 fi
420 fi
415
421
416 echo "${CMDLINE}" >$R/boot/firmware/cmdline.txt
422 echo "${CMDLINE}" >$R/boot/firmware/cmdline.txt
417
423
418 # Set up firmware config
424 # Set up firmware config
419 cat <<EOM >$R/boot/firmware/config.txt
425 cat <<EOM >$R/boot/firmware/config.txt
420 # For more options and information see
426 # For more options and information see
421 # http://www.raspberrypi.org/documentation/configuration/config-txt.md
427 # http://www.raspberrypi.org/documentation/configuration/config-txt.md
422 # Some settings may impact device functionality. See link above for details
428 # Some settings may impact device functionality. See link above for details
423
429
424 # uncomment if you get no picture on HDMI for a default "safe" mode
430 # uncomment if you get no picture on HDMI for a default "safe" mode
425 #hdmi_safe=1
431 #hdmi_safe=1
426
432
427 # uncomment this if your display has a black border of unused pixels visible
433 # uncomment this if your display has a black border of unused pixels visible
428 # and your display can output without overscan
434 # and your display can output without overscan
429 #disable_overscan=1
435 #disable_overscan=1
430
436
431 # uncomment the following to adjust overscan. Use positive numbers if console
437 # uncomment the following to adjust overscan. Use positive numbers if console
432 # goes off screen, and negative if there is too much border
438 # goes off screen, and negative if there is too much border
433 #overscan_left=16
439 #overscan_left=16
434 #overscan_right=16
440 #overscan_right=16
435 #overscan_top=16
441 #overscan_top=16
436 #overscan_bottom=16
442 #overscan_bottom=16
437
443
438 # uncomment to force a console size. By default it will be display's size minus
444 # uncomment to force a console size. By default it will be display's size minus
439 # overscan.
445 # overscan.
440 #framebuffer_width=1280
446 #framebuffer_width=1280
441 #framebuffer_height=720
447 #framebuffer_height=720
442
448
443 # uncomment if hdmi display is not detected and composite is being output
449 # uncomment if hdmi display is not detected and composite is being output
444 #hdmi_force_hotplug=1
450 #hdmi_force_hotplug=1
445
451
446 # uncomment to force a specific HDMI mode (this will force VGA)
452 # uncomment to force a specific HDMI mode (this will force VGA)
447 #hdmi_group=1
453 #hdmi_group=1
448 #hdmi_mode=1
454 #hdmi_mode=1
449
455
450 # uncomment to force a HDMI mode rather than DVI. This can make audio work in
456 # uncomment to force a HDMI mode rather than DVI. This can make audio work in
451 # DMT (computer monitor) modes
457 # DMT (computer monitor) modes
452 #hdmi_drive=2
458 #hdmi_drive=2
453
459
454 # uncomment to increase signal to HDMI, if you have interference, blanking, or
460 # uncomment to increase signal to HDMI, if you have interference, blanking, or
455 # no display
461 # no display
456 #config_hdmi_boost=4
462 #config_hdmi_boost=4
457
463
458 # uncomment for composite PAL
464 # uncomment for composite PAL
459 #sdtv_mode=2
465 #sdtv_mode=2
460
466
461 # uncomment to overclock the arm. 700 MHz is the default.
467 # uncomment to overclock the arm. 700 MHz is the default.
462 #arm_freq=800
468 #arm_freq=800
463 EOM
469 EOM
464
470
465 # Load snd_bcm2835 kernel module at boot time
471 # Load snd_bcm2835 kernel module at boot time
466 if [ "$ENABLE_SOUND" = true ] ; then
472 if [ "$ENABLE_SOUND" = true ] ; then
467 echo "snd_bcm2835" >>$R/etc/modules
473 echo "snd_bcm2835" >>$R/etc/modules
468 fi
474 fi
469
475
470 # Set smallest possible GPU memory allocation size: 16MB (no X)
476 # Set smallest possible GPU memory allocation size: 16MB (no X)
471 if [ "$ENABLE_MINGPU" = true ] ; then
477 if [ "$ENABLE_MINGPU" = true ] ; then
472 echo "gpu_mem=16" >>$R/boot/firmware/config.txt
478 echo "gpu_mem=16" >>$R/boot/firmware/config.txt
473 fi
479 fi
474
480
475 # Create symlinks
481 # Create symlinks
476 ln -sf firmware/config.txt $R/boot/config.txt
482 ln -sf firmware/config.txt $R/boot/config.txt
477 ln -sf firmware/cmdline.txt $R/boot/cmdline.txt
483 ln -sf firmware/cmdline.txt $R/boot/cmdline.txt
478
484
479 # Prepare modules-load.d directory
485 # Prepare modules-load.d directory
480 mkdir -p $R/lib/modules-load.d/
486 mkdir -p $R/lib/modules-load.d/
481
487
482 # Load random module on boot
488 # Load random module on boot
483 if [ "$ENABLE_HWRANDOM" = true ] ; then
489 if [ "$ENABLE_HWRANDOM" = true ] ; then
484 cat <<EOM >$R/lib/modules-load.d/rpi2.conf
490 cat <<EOM >$R/lib/modules-load.d/rpi2.conf
485 bcm2708_rng
491 bcm2708_rng
486 EOM
492 EOM
487 fi
493 fi
488
494
489 # Prepare modprobe.d directory
495 # Prepare modprobe.d directory
490 mkdir -p $R/etc/modprobe.d/
496 mkdir -p $R/etc/modprobe.d/
491
497
492 # Blacklist sound modules
498 # Blacklist sound modules
493 cat <<EOM >$R/etc/modprobe.d/raspi-blacklist.conf
499 cat <<EOM >$R/etc/modprobe.d/raspi-blacklist.conf
494 blacklist snd_soc_core
500 blacklist snd_soc_core
495 blacklist snd_pcm
501 blacklist snd_pcm
496 blacklist snd_pcm_dmaengine
502 blacklist snd_pcm_dmaengine
497 blacklist snd_timer
503 blacklist snd_timer
498 blacklist snd_compress
504 blacklist snd_compress
499 blacklist snd_soc_pcm512x_i2c
505 blacklist snd_soc_pcm512x_i2c
500 blacklist snd_soc_pcm512x
506 blacklist snd_soc_pcm512x
501 blacklist snd_soc_tas5713
507 blacklist snd_soc_tas5713
502 blacklist snd_soc_wm8804
508 blacklist snd_soc_wm8804
503 EOM
509 EOM
504
510
505 # Create default fstab
511 # Create default fstab
506 cat <<EOM >$R/etc/fstab
512 cat <<EOM >$R/etc/fstab
507 /dev/mmcblk0p2 / ext4 noatime,nodiratime,errors=remount-ro,discard,data=writeback,commit=100 0 1
513 /dev/mmcblk0p2 / ext4 noatime,nodiratime,errors=remount-ro,discard,data=writeback,commit=100 0 1
508 /dev/mmcblk0p1 /boot/firmware vfat defaults,noatime,nodiratime 0 2
514 /dev/mmcblk0p1 /boot/firmware vfat defaults,noatime,nodiratime 0 2
509 EOM
515 EOM
510
516
511 # Avoid swapping and increase cache sizes
517 # Avoid swapping and increase cache sizes
512 cat <<EOM >>$R/etc/sysctl.d/99-sysctl.conf
518 cat <<EOM >>$R/etc/sysctl.d/99-sysctl.conf
513
519
514 # Avoid swapping and increase cache sizes
520 # Avoid swapping and increase cache sizes
515 vm.swappiness=1
521 vm.swappiness=1
516 vm.dirty_background_ratio=20
522 vm.dirty_background_ratio=20
517 vm.dirty_ratio=40
523 vm.dirty_ratio=40
518 vm.dirty_writeback_centisecs=500
524 vm.dirty_writeback_centisecs=500
519 vm.dirty_expire_centisecs=6000
525 vm.dirty_expire_centisecs=6000
520 EOM
526 EOM
521
527
522 # Enable network stack hardening
528 # Enable network stack hardening
523 if [ "$ENABLE_HARDNET" = true ] ; then
529 if [ "$ENABLE_HARDNET" = true ] ; then
524 cat <<EOM >>$R/etc/sysctl.d/99-sysctl.conf
530 cat <<EOM >>$R/etc/sysctl.d/99-sysctl.conf
525
531
526 # Enable network stack hardening
532 # Enable network stack hardening
527 net.ipv4.tcp_timestamps=0
533 net.ipv4.tcp_timestamps=0
528 net.ipv4.tcp_syncookies=1
534 net.ipv4.tcp_syncookies=1
529 net.ipv4.conf.all.rp_filter=1
535 net.ipv4.conf.all.rp_filter=1
530 net.ipv4.conf.all.accept_redirects=0
536 net.ipv4.conf.all.accept_redirects=0
531 net.ipv4.conf.all.send_redirects=0
537 net.ipv4.conf.all.send_redirects=0
532 net.ipv4.conf.all.accept_source_route=0
538 net.ipv4.conf.all.accept_source_route=0
533 net.ipv4.conf.default.rp_filter=1
539 net.ipv4.conf.default.rp_filter=1
534 net.ipv4.conf.default.accept_redirects=0
540 net.ipv4.conf.default.accept_redirects=0
535 net.ipv4.conf.default.send_redirects=0
541 net.ipv4.conf.default.send_redirects=0
536 net.ipv4.conf.default.accept_source_route=0
542 net.ipv4.conf.default.accept_source_route=0
537 net.ipv4.conf.lo.accept_redirects=0
543 net.ipv4.conf.lo.accept_redirects=0
538 net.ipv4.conf.lo.send_redirects=0
544 net.ipv4.conf.lo.send_redirects=0
539 net.ipv4.conf.lo.accept_source_route=0
545 net.ipv4.conf.lo.accept_source_route=0
540 net.ipv4.conf.eth0.accept_redirects=0
546 net.ipv4.conf.eth0.accept_redirects=0
541 net.ipv4.conf.eth0.send_redirects=0
547 net.ipv4.conf.eth0.send_redirects=0
542 net.ipv4.conf.eth0.accept_source_route=0
548 net.ipv4.conf.eth0.accept_source_route=0
543 net.ipv4.icmp_echo_ignore_broadcasts=1
549 net.ipv4.icmp_echo_ignore_broadcasts=1
544 net.ipv4.icmp_ignore_bogus_error_responses=1
550 net.ipv4.icmp_ignore_bogus_error_responses=1
545
551
546 net.ipv6.conf.all.accept_redirects=0
552 net.ipv6.conf.all.accept_redirects=0
547 net.ipv6.conf.all.accept_source_route=0
553 net.ipv6.conf.all.accept_source_route=0
548 net.ipv6.conf.all.router_solicitations=0
554 net.ipv6.conf.all.router_solicitations=0
549 net.ipv6.conf.all.accept_ra_rtr_pref=0
555 net.ipv6.conf.all.accept_ra_rtr_pref=0
550 net.ipv6.conf.all.accept_ra_pinfo=0
556 net.ipv6.conf.all.accept_ra_pinfo=0
551 net.ipv6.conf.all.accept_ra_defrtr=0
557 net.ipv6.conf.all.accept_ra_defrtr=0
552 net.ipv6.conf.all.autoconf=0
558 net.ipv6.conf.all.autoconf=0
553 net.ipv6.conf.all.dad_transmits=0
559 net.ipv6.conf.all.dad_transmits=0
554 net.ipv6.conf.all.max_addresses=1
560 net.ipv6.conf.all.max_addresses=1
555
561
556 net.ipv6.conf.default.accept_redirects=0
562 net.ipv6.conf.default.accept_redirects=0
557 net.ipv6.conf.default.accept_source_route=0
563 net.ipv6.conf.default.accept_source_route=0
558 net.ipv6.conf.default.router_solicitations=0
564 net.ipv6.conf.default.router_solicitations=0
559 net.ipv6.conf.default.accept_ra_rtr_pref=0
565 net.ipv6.conf.default.accept_ra_rtr_pref=0
560 net.ipv6.conf.default.accept_ra_pinfo=0
566 net.ipv6.conf.default.accept_ra_pinfo=0
561 net.ipv6.conf.default.accept_ra_defrtr=0
567 net.ipv6.conf.default.accept_ra_defrtr=0
562 net.ipv6.conf.default.autoconf=0
568 net.ipv6.conf.default.autoconf=0
563 net.ipv6.conf.default.dad_transmits=0
569 net.ipv6.conf.default.dad_transmits=0
564 net.ipv6.conf.default.max_addresses=1
570 net.ipv6.conf.default.max_addresses=1
565
571
566 net.ipv6.conf.lo.accept_redirects=0
572 net.ipv6.conf.lo.accept_redirects=0
567 net.ipv6.conf.lo.accept_source_route=0
573 net.ipv6.conf.lo.accept_source_route=0
568 net.ipv6.conf.lo.router_solicitations=0
574 net.ipv6.conf.lo.router_solicitations=0
569 net.ipv6.conf.lo.accept_ra_rtr_pref=0
575 net.ipv6.conf.lo.accept_ra_rtr_pref=0
570 net.ipv6.conf.lo.accept_ra_pinfo=0
576 net.ipv6.conf.lo.accept_ra_pinfo=0
571 net.ipv6.conf.lo.accept_ra_defrtr=0
577 net.ipv6.conf.lo.accept_ra_defrtr=0
572 net.ipv6.conf.lo.autoconf=0
578 net.ipv6.conf.lo.autoconf=0
573 net.ipv6.conf.lo.dad_transmits=0
579 net.ipv6.conf.lo.dad_transmits=0
574 net.ipv6.conf.lo.max_addresses=1
580 net.ipv6.conf.lo.max_addresses=1
575
581
576 net.ipv6.conf.eth0.accept_redirects=0
582 net.ipv6.conf.eth0.accept_redirects=0
577 net.ipv6.conf.eth0.accept_source_route=0
583 net.ipv6.conf.eth0.accept_source_route=0
578 net.ipv6.conf.eth0.router_solicitations=0
584 net.ipv6.conf.eth0.router_solicitations=0
579 net.ipv6.conf.eth0.accept_ra_rtr_pref=0
585 net.ipv6.conf.eth0.accept_ra_rtr_pref=0
580 net.ipv6.conf.eth0.accept_ra_pinfo=0
586 net.ipv6.conf.eth0.accept_ra_pinfo=0
581 net.ipv6.conf.eth0.accept_ra_defrtr=0
587 net.ipv6.conf.eth0.accept_ra_defrtr=0
582 net.ipv6.conf.eth0.autoconf=0
588 net.ipv6.conf.eth0.autoconf=0
583 net.ipv6.conf.eth0.dad_transmits=0
589 net.ipv6.conf.eth0.dad_transmits=0
584 net.ipv6.conf.eth0.max_addresses=1
590 net.ipv6.conf.eth0.max_addresses=1
585 EOM
591 EOM
586
592
587 # Enable resolver warnings about spoofed addresses
593 # Enable resolver warnings about spoofed addresses
588 cat <<EOM >>$R/etc/host.conf
594 cat <<EOM >>$R/etc/host.conf
589 spoof warn
595 spoof warn
590 EOM
596 EOM
591 fi
597 fi
592
598
593 # Ensure openssh server host keys are regenerated on first boot
599 # Ensure openssh server host keys are regenerated on first boot
594 if [ "$ENABLE_SSHD" = true ] ; then
600 if [ "$ENABLE_SSHD" = true ] ; then
595 cat <<EOM >>$R/etc/rc.firstboot
601 cat <<EOM >>$R/etc/rc.firstboot
596 #!/bin/sh
602 #!/bin/sh
597 rm -f /etc/ssh/ssh_host_*
603 rm -f /etc/ssh/ssh_host_*
598 ssh-keygen -q -t rsa -N "" -f /etc/ssh/ssh_host_rsa_key
604 ssh-keygen -q -t rsa -N "" -f /etc/ssh/ssh_host_rsa_key
599 ssh-keygen -q -t dsa -N "" -f /etc/ssh/ssh_host_dsa_key
605 ssh-keygen -q -t dsa -N "" -f /etc/ssh/ssh_host_dsa_key
600 ssh-keygen -q -t ecdsa -N "" -f /etc/ssh/ssh_host_ecdsa_key
606 ssh-keygen -q -t ecdsa -N "" -f /etc/ssh/ssh_host_ecdsa_key
601 ssh-keygen -q -t ed25519 -N "" -f /etc/ssh/ssh_host_ed25519_key
607 ssh-keygen -q -t ed25519 -N "" -f /etc/ssh/ssh_host_ed25519_key
602 sync
608 sync
603
609
604 systemctl restart sshd
610 systemctl restart sshd
605 sed -i 's/.*rc.firstboot.*/exit 0/g' /etc/rc.local
611 sed -i '/.*rc.firstboot/d' /etc/rc.local
606 rm -f /etc/rc.firstboot
612 rm -f /etc/rc.firstboot
607 EOM
613 EOM
608 chmod +x $R/etc/rc.firstboot
614 chmod +x $R/etc/rc.firstboot
609 sed -i 's,exit 0,/etc/rc.firstboot,g' $R/etc/rc.local
615 sed -i '/exit 0/d' $R/etc/rc.local
616 echo /etc/rc.firstboot >> $R/etc/rc.local
610 rm -f $R/etc/ssh/ssh_host_*
617 rm -f $R/etc/ssh/ssh_host_*
611 fi
618 fi
612
619
620 if [ "$EXPANDROOT" = true ] ; then
621 cat <<EOF > $R/etc/rc.expandroot
622 #!/bin/sh
623
624 ROOT_PART=\$(mount | sed -n 's|^/dev/\(.*\) on / .*|\1|p')
625 PART_NUM=\$(echo \${ROOT_PART} | grep -o '[1-9][0-9]*$')
626 case "\${ROOT_PART}" in
627 mmcblk0*) ROOT_DEV=mmcblk0 ;;
628 sda*) ROOT_DEV=sda ;;
629 esac
630 if [ "\$PART_NUM" = "\$ROOT_PART" ]; then
631 logger -t "rc.expandroot" "\$ROOT_PART is not an SD card. Don't know how to expand"
632 return 0
633 fi
634 # NOTE: the NOOBS partition layout confuses parted. For now, let's only
635 # agree to work with a sufficiently simple partition layout
636 if [ "\$PART_NUM" -gt 2 ]; then
637 logger -t "rc.expandroot" "Your partition layout is not currently supported by this tool."
638 return 0
639 fi
640 LAST_PART_NUM=\$(parted /dev/\${ROOT_DEV} -ms unit s p | tail -n 1 | cut -f 1 -d:)
641 if [ \$LAST_PART_NUM -ne \$PART_NUM ]; then
642 logger -t "rc.expandroot" "\$ROOT_PART is not the last partition. Don't know how to expand"
643 return 0
644 fi
645 # Get the starting offset of the root partition
646 PART_START=\$(parted /dev/\${ROOT_DEV} -ms unit s p | grep "^\${PART_NUM}" | cut -f 2 -d: | sed 's/[^0-9]//g')
647 [ "\$PART_START" ] || return 1
648 # Get the possible last sector for the root partition
649 PART_LAST=\$(fdisk -l /dev/\${ROOT_DEV} | grep '^Disk.*sectors' | awk '{ print \$7 - 1 }')
650 [ "\$PART_LAST" ] || return 1
651 # Return value will likely be error for fdisk as it fails to reload the
652 # partition table because the root fs is mounted
653 ### Since rc.local is run with "sh -e", let's add "|| true" to prevent premature exit
654 fdisk /dev/\${ROOT_DEV} <<EOF2 || true
655 p
656 d
657 \$PART_NUM
658 n
659 p
660 \$PART_NUM
661 \$PART_START
662 \$PART_LAST
663 p
664 w
665 EOF2
666 # Reload the partition table, resize root filesystem then remove resizing code from this file
667 partprobe &&
668 resize2fs /dev/\${ROOT_PART} &&
669 logger -t "rc.expandroot" "Root partition successfuly resized." &&
670 sed -i '/.*rc.expandroot/d' /etc/rc.local
671 rm -f /etc/rc.expandroot
672 EOF
673 chmod +x $R/etc/rc.expandroot
674 sed -i '/exit 0/d' $R/etc/rc.local
675 echo /etc/rc.expandroot >> $R/etc/rc.local
676 fi
677
613 # Disable rsyslog
678 # Disable rsyslog
614 if [ "$ENABLE_RSYSLOG" = false ]; then
679 if [ "$ENABLE_RSYSLOG" = false ]; then
615 sed -i 's|[#]*ForwardToSyslog=yes|ForwardToSyslog=no|g' $R/etc/systemd/journald.conf
680 sed -i 's|[#]*ForwardToSyslog=yes|ForwardToSyslog=no|g' $R/etc/systemd/journald.conf
616 chroot_exec systemctl disable rsyslog
681 chroot_exec systemctl disable rsyslog
617 chroot_exec apt-get purge -q -y --force-yes rsyslog
682 chroot_exec apt-get purge -q -y --force-yes rsyslog
618 fi
683 fi
619
684
620 # Enable serial console systemd style
685 # Enable serial console systemd style
621 if [ "$ENABLE_CONSOLE" = true ] ; then
686 if [ "$ENABLE_CONSOLE" = true ] ; then
622 chroot_exec systemctl enable serial-getty\@ttyAMA0.service
687 chroot_exec systemctl enable serial-getty\@ttyAMA0.service
623 fi
688 fi
624
689
625 # Enable firewall based on iptables started by systemd service
690 # Enable firewall based on iptables started by systemd service
626 if [ "$ENABLE_IPTABLES" = true ] ; then
691 if [ "$ENABLE_IPTABLES" = true ] ; then
627 # Create iptables configuration directory
692 # Create iptables configuration directory
628 mkdir -p "$R/etc/iptables"
693 mkdir -p "$R/etc/iptables"
629
694
630 # Create iptables systemd service
695 # Create iptables systemd service
631 cat <<EOM >$R/etc/systemd/system/iptables.service
696 cat <<EOM >$R/etc/systemd/system/iptables.service
632 [Unit]
697 [Unit]
633 Description=Packet Filtering Framework
698 Description=Packet Filtering Framework
634 DefaultDependencies=no
699 DefaultDependencies=no
635 After=systemd-sysctl.service
700 After=systemd-sysctl.service
636 Before=sysinit.target
701 Before=sysinit.target
637 [Service]
702 [Service]
638 Type=oneshot
703 Type=oneshot
639 ExecStart=/sbin/iptables-restore /etc/iptables/iptables.rules
704 ExecStart=/sbin/iptables-restore /etc/iptables/iptables.rules
640 ExecReload=/sbin/iptables-restore /etc/iptables/iptables.rules
705 ExecReload=/sbin/iptables-restore /etc/iptables/iptables.rules
641 ExecStop=/etc/iptables/flush-iptables.sh
706 ExecStop=/etc/iptables/flush-iptables.sh
642 RemainAfterExit=yes
707 RemainAfterExit=yes
643 [Install]
708 [Install]
644 WantedBy=multi-user.target
709 WantedBy=multi-user.target
645 EOM
710 EOM
646
711
647 # Create flush-table script called by iptables service
712 # Create flush-table script called by iptables service
648 cat <<EOM >$R/etc/iptables/flush-iptables.sh
713 cat <<EOM >$R/etc/iptables/flush-iptables.sh
649 #!/bin/sh
714 #!/bin/sh
650 iptables -F
715 iptables -F
651 iptables -X
716 iptables -X
652 iptables -t nat -F
717 iptables -t nat -F
653 iptables -t nat -X
718 iptables -t nat -X
654 iptables -t mangle -F
719 iptables -t mangle -F
655 iptables -t mangle -X
720 iptables -t mangle -X
656 iptables -P INPUT ACCEPT
721 iptables -P INPUT ACCEPT
657 iptables -P FORWARD ACCEPT
722 iptables -P FORWARD ACCEPT
658 iptables -P OUTPUT ACCEPT
723 iptables -P OUTPUT ACCEPT
659 EOM
724 EOM
660
725
661 # Create iptables rule file
726 # Create iptables rule file
662 cat <<EOM >$R/etc/iptables/iptables.rules
727 cat <<EOM >$R/etc/iptables/iptables.rules
663 *filter
728 *filter
664 :INPUT DROP [0:0]
729 :INPUT DROP [0:0]
665 :FORWARD DROP [0:0]
730 :FORWARD DROP [0:0]
666 :OUTPUT ACCEPT [0:0]
731 :OUTPUT ACCEPT [0:0]
667 :TCP - [0:0]
732 :TCP - [0:0]
668 :UDP - [0:0]
733 :UDP - [0:0]
669 :SSH - [0:0]
734 :SSH - [0:0]
670
735
671 # Rate limit ping requests
736 # Rate limit ping requests
672 -A INPUT -p icmp --icmp-type echo-request -m limit --limit 30/min --limit-burst 8 -j ACCEPT
737 -A INPUT -p icmp --icmp-type echo-request -m limit --limit 30/min --limit-burst 8 -j ACCEPT
673 -A INPUT -p icmp --icmp-type echo-request -j DROP
738 -A INPUT -p icmp --icmp-type echo-request -j DROP
674
739
675 # Accept established connections
740 # Accept established connections
676 -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
741 -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
677
742
678 # Accept all traffic on loopback interface
743 # Accept all traffic on loopback interface
679 -A INPUT -i lo -j ACCEPT
744 -A INPUT -i lo -j ACCEPT
680
745
681 # Drop packets declared invalid
746 # Drop packets declared invalid
682 -A INPUT -m conntrack --ctstate INVALID -j DROP
747 -A INPUT -m conntrack --ctstate INVALID -j DROP
683
748
684 # SSH rate limiting
749 # SSH rate limiting
685 -A INPUT -p tcp --dport ssh -m conntrack --ctstate NEW -j SSH
750 -A INPUT -p tcp --dport ssh -m conntrack --ctstate NEW -j SSH
686 -A SSH -m recent --name sshbf --rttl --rcheck --hitcount 3 --seconds 10 -j DROP
751 -A SSH -m recent --name sshbf --rttl --rcheck --hitcount 3 --seconds 10 -j DROP
687 -A SSH -m recent --name sshbf --rttl --rcheck --hitcount 20 --seconds 1800 -j DROP
752 -A SSH -m recent --name sshbf --rttl --rcheck --hitcount 20 --seconds 1800 -j DROP
688 -A SSH -m recent --name sshbf --set -j ACCEPT
753 -A SSH -m recent --name sshbf --set -j ACCEPT
689
754
690 # Send TCP and UDP connections to their respective rules chain
755 # Send TCP and UDP connections to their respective rules chain
691 -A INPUT -p udp -m conntrack --ctstate NEW -j UDP
756 -A INPUT -p udp -m conntrack --ctstate NEW -j UDP
692 -A INPUT -p tcp --syn -m conntrack --ctstate NEW -j TCP
757 -A INPUT -p tcp --syn -m conntrack --ctstate NEW -j TCP
693
758
694 # Reject dropped packets with a RFC compliant responce
759 # Reject dropped packets with a RFC compliant responce
695 -A INPUT -p udp -j REJECT --reject-with icmp-port-unreachable
760 -A INPUT -p udp -j REJECT --reject-with icmp-port-unreachable
696 -A INPUT -p tcp -j REJECT --reject-with tcp-rst
761 -A INPUT -p tcp -j REJECT --reject-with tcp-rst
697 -A INPUT -j REJECT --reject-with icmp-proto-unreachable
762 -A INPUT -j REJECT --reject-with icmp-proto-unreachable
698
763
699 ## TCP PORT RULES
764 ## TCP PORT RULES
700 # -A TCP -p tcp -j LOG
765 # -A TCP -p tcp -j LOG
701
766
702 ## UDP PORT RULES
767 ## UDP PORT RULES
703 # -A UDP -p udp -j LOG
768 # -A UDP -p udp -j LOG
704
769
705 COMMIT
770 COMMIT
706 EOM
771 EOM
707
772
708 # Reload systemd configuration and enable iptables service
773 # Reload systemd configuration and enable iptables service
709 chroot_exec systemctl daemon-reload
774 chroot_exec systemctl daemon-reload
710 chroot_exec systemctl enable iptables.service
775 chroot_exec systemctl enable iptables.service
711
776
712 if [ "$ENABLE_IPV6" = true ] ; then
777 if [ "$ENABLE_IPV6" = true ] ; then
713 # Create ip6tables systemd service
778 # Create ip6tables systemd service
714 cat <<EOM >$R/etc/systemd/system/ip6tables.service
779 cat <<EOM >$R/etc/systemd/system/ip6tables.service
715 [Unit]
780 [Unit]
716 Description=Packet Filtering Framework
781 Description=Packet Filtering Framework
717 DefaultDependencies=no
782 DefaultDependencies=no
718 After=systemd-sysctl.service
783 After=systemd-sysctl.service
719 Before=sysinit.target
784 Before=sysinit.target
720 [Service]
785 [Service]
721 Type=oneshot
786 Type=oneshot
722 ExecStart=/sbin/ip6tables-restore /etc/iptables/ip6tables.rules
787 ExecStart=/sbin/ip6tables-restore /etc/iptables/ip6tables.rules
723 ExecReload=/sbin/ip6tables-restore /etc/iptables/ip6tables.rules
788 ExecReload=/sbin/ip6tables-restore /etc/iptables/ip6tables.rules
724 ExecStop=/etc/iptables/flush-ip6tables.sh
789 ExecStop=/etc/iptables/flush-ip6tables.sh
725 RemainAfterExit=yes
790 RemainAfterExit=yes
726 [Install]
791 [Install]
727 WantedBy=multi-user.target
792 WantedBy=multi-user.target
728 EOM
793 EOM
729
794
730 # Create ip6tables file
795 # Create ip6tables file
731 cat <<EOM >$R/etc/iptables/flush-ip6tables.sh
796 cat <<EOM >$R/etc/iptables/flush-ip6tables.sh
732 #!/bin/sh
797 #!/bin/sh
733 ip6tables -F
798 ip6tables -F
734 ip6tables -X
799 ip6tables -X
735 ip6tables -Z
800 ip6tables -Z
736 for table in $(</proc/net/ip6_tables_names)
801 for table in $(</proc/net/ip6_tables_names)
737 do
802 do
738 ip6tables -t \$table -F
803 ip6tables -t \$table -F
739 ip6tables -t \$table -X
804 ip6tables -t \$table -X
740 ip6tables -t \$table -Z
805 ip6tables -t \$table -Z
741 done
806 done
742 ip6tables -P INPUT ACCEPT
807 ip6tables -P INPUT ACCEPT
743 ip6tables -P OUTPUT ACCEPT
808 ip6tables -P OUTPUT ACCEPT
744 ip6tables -P FORWARD ACCEPT
809 ip6tables -P FORWARD ACCEPT
745 EOM
810 EOM
746
811
747 # Create ip6tables rule file
812 # Create ip6tables rule file
748 cat <<EOM >$R/etc/iptables/ip6tables.rules
813 cat <<EOM >$R/etc/iptables/ip6tables.rules
749 *filter
814 *filter
750 :INPUT DROP [0:0]
815 :INPUT DROP [0:0]
751 :FORWARD DROP [0:0]
816 :FORWARD DROP [0:0]
752 :OUTPUT ACCEPT [0:0]
817 :OUTPUT ACCEPT [0:0]
753 :TCP - [0:0]
818 :TCP - [0:0]
754 :UDP - [0:0]
819 :UDP - [0:0]
755 :SSH - [0:0]
820 :SSH - [0:0]
756
821
757 # Drop packets with RH0 headers
822 # Drop packets with RH0 headers
758 -A INPUT -m rt --rt-type 0 -j DROP
823 -A INPUT -m rt --rt-type 0 -j DROP
759 -A OUTPUT -m rt --rt-type 0 -j DROP
824 -A OUTPUT -m rt --rt-type 0 -j DROP
760 -A FORWARD -m rt --rt-type 0 -j DROP
825 -A FORWARD -m rt --rt-type 0 -j DROP
761
826
762 # Rate limit ping requests
827 # Rate limit ping requests
763 -A INPUT -p icmpv6 --icmpv6-type echo-request -m limit --limit 30/min --limit-burst 8 -j ACCEPT
828 -A INPUT -p icmpv6 --icmpv6-type echo-request -m limit --limit 30/min --limit-burst 8 -j ACCEPT
764 -A INPUT -p icmpv6 --icmpv6-type echo-request -j DROP
829 -A INPUT -p icmpv6 --icmpv6-type echo-request -j DROP
765
830
766 # Accept established connections
831 # Accept established connections
767 -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
832 -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
768
833
769 # Accept all traffic on loopback interface
834 # Accept all traffic on loopback interface
770 -A INPUT -i lo -j ACCEPT
835 -A INPUT -i lo -j ACCEPT
771
836
772 # Drop packets declared invalid
837 # Drop packets declared invalid
773 -A INPUT -m conntrack --ctstate INVALID -j DROP
838 -A INPUT -m conntrack --ctstate INVALID -j DROP
774
839
775 # SSH rate limiting
840 # SSH rate limiting
776 -A INPUT -p tcp --dport ssh -m conntrack --ctstate NEW -j SSH
841 -A INPUT -p tcp --dport ssh -m conntrack --ctstate NEW -j SSH
777 -A SSH -m recent --name sshbf --rttl --rcheck --hitcount 3 --seconds 10 -j DROP
842 -A SSH -m recent --name sshbf --rttl --rcheck --hitcount 3 --seconds 10 -j DROP
778 -A SSH -m recent --name sshbf --rttl --rcheck --hitcount 20 --seconds 1800 -j DROP
843 -A SSH -m recent --name sshbf --rttl --rcheck --hitcount 20 --seconds 1800 -j DROP
779 -A SSH -m recent --name sshbf --set -j ACCEPT
844 -A SSH -m recent --name sshbf --set -j ACCEPT
780
845
781 # Send TCP and UDP connections to their respective rules chain
846 # Send TCP and UDP connections to their respective rules chain
782 -A INPUT -p udp -m conntrack --ctstate NEW -j UDP
847 -A INPUT -p udp -m conntrack --ctstate NEW -j UDP
783 -A INPUT -p tcp --syn -m conntrack --ctstate NEW -j TCP
848 -A INPUT -p tcp --syn -m conntrack --ctstate NEW -j TCP
784
849
785 # Reject dropped packets with a RFC compliant responce
850 # Reject dropped packets with a RFC compliant responce
786 -A INPUT -p udp -j REJECT --reject-with icmp6-adm-prohibited
851 -A INPUT -p udp -j REJECT --reject-with icmp6-adm-prohibited
787 -A INPUT -p tcp -j REJECT --reject-with icmp6-adm-prohibited
852 -A INPUT -p tcp -j REJECT --reject-with icmp6-adm-prohibited
788 -A INPUT -j REJECT --reject-with icmp6-adm-prohibited
853 -A INPUT -j REJECT --reject-with icmp6-adm-prohibited
789
854
790 ## TCP PORT RULES
855 ## TCP PORT RULES
791 # -A TCP -p tcp -j LOG
856 # -A TCP -p tcp -j LOG
792
857
793 ## UDP PORT RULES
858 ## UDP PORT RULES
794 # -A UDP -p udp -j LOG
859 # -A UDP -p udp -j LOG
795
860
796 COMMIT
861 COMMIT
797 EOM
862 EOM
798
863
799 # Reload systemd configuration and enable iptables service
864 # Reload systemd configuration and enable iptables service
800 chroot_exec systemctl daemon-reload
865 chroot_exec systemctl daemon-reload
801 chroot_exec systemctl enable ip6tables.service
866 chroot_exec systemctl enable ip6tables.service
802 fi
867 fi
803 fi
868 fi
804
869
805 # Remove SSHD related iptables rules
870 # Remove SSHD related iptables rules
806 if [ "$ENABLE_SSHD" = false ] ; then
871 if [ "$ENABLE_SSHD" = false ] ; then
807 sed -e '/^#/! {/SSH/ s/^/# /}' -i $R/etc/iptables/iptables.rules 2> /dev/null
872 sed -e '/^#/! {/SSH/ s/^/# /}' -i $R/etc/iptables/iptables.rules 2> /dev/null
808 sed -e '/^#/! {/SSH/ s/^/# /}' -i $R/etc/iptables/ip6tables.rules 2> /dev/null
873 sed -e '/^#/! {/SSH/ s/^/# /}' -i $R/etc/iptables/ip6tables.rules 2> /dev/null
809 fi
874 fi
810
875
811 # Install gcc/c++ build environment inside the chroot
876 # Install gcc/c++ build environment inside the chroot
812 if [ "$ENABLE_UBOOT" = true ] || [ "$ENABLE_FBTURBO" = true ]; then
877 if [ "$ENABLE_UBOOT" = true ] || [ "$ENABLE_FBTURBO" = true ]; then
813 chroot_exec apt-get install -q -y --force-yes --no-install-recommends linux-compiler-gcc-4.9-arm g++ make bc
878 chroot_exec apt-get install -q -y --force-yes --no-install-recommends linux-compiler-gcc-4.9-arm g++ make bc
814 fi
879 fi
815
880
816 # Fetch and build U-Boot bootloader
881 # Fetch and build U-Boot bootloader
817 if [ "$ENABLE_UBOOT" = true ] ; then
882 if [ "$ENABLE_UBOOT" = true ] ; then
818 # Fetch U-Boot bootloader sources
883 # Fetch U-Boot bootloader sources
819 git -C $R/tmp clone git://git.denx.de/u-boot.git
884 git -C $R/tmp clone git://git.denx.de/u-boot.git
820
885
821 # Build and install U-Boot inside chroot
886 # Build and install U-Boot inside chroot
822 chroot_exec make -C /tmp/u-boot/ rpi_2_defconfig all
887 chroot_exec make -C /tmp/u-boot/ rpi_2_defconfig all
823
888
824 # Copy compiled bootloader binary and set config.txt to load it
889 # Copy compiled bootloader binary and set config.txt to load it
825 cp $R/tmp/u-boot/u-boot.bin $R/boot/firmware/
890 cp $R/tmp/u-boot/u-boot.bin $R/boot/firmware/
826 printf "\n# boot u-boot kernel\nkernel=u-boot.bin\n" >> $R/boot/firmware/config.txt
891 printf "\n# boot u-boot kernel\nkernel=u-boot.bin\n" >> $R/boot/firmware/config.txt
827
892
828 # Set U-Boot command file
893 # Set U-Boot command file
829 cat <<EOM >$R/boot/firmware/uboot.mkimage
894 cat <<EOM >$R/boot/firmware/uboot.mkimage
830 # Tell Linux that it is booting on a Raspberry Pi2
895 # Tell Linux that it is booting on a Raspberry Pi2
831 setenv machid 0x00000c42
896 setenv machid 0x00000c42
832
897
833 # Set the kernel boot command line
898 # Set the kernel boot command line
834 setenv bootargs "earlyprintk ${CMDLINE}"
899 setenv bootargs "earlyprintk ${CMDLINE}"
835
900
836 # Save these changes to u-boot's environment
901 # Save these changes to u-boot's environment
837 saveenv
902 saveenv
838
903
839 # Load the existing Linux kernel into RAM
904 # Load the existing Linux kernel into RAM
840 fatload mmc 0:1 \${kernel_addr_r} kernel7.img
905 fatload mmc 0:1 \${kernel_addr_r} kernel7.img
841
906
842 # Boot the kernel we have just loaded
907 # Boot the kernel we have just loaded
843 bootz \${kernel_addr_r}
908 bootz \${kernel_addr_r}
844 EOM
909 EOM
845
910
846 # Generate U-Boot image from command file
911 # Generate U-Boot image from command file
847 chroot_exec mkimage -A arm -O linux -T script -C none -a 0x00000000 -e 0x00000000 -n "RPi2 Boot Script" -d /boot/firmware/uboot.mkimage /boot/firmware/boot.scr
912 chroot_exec mkimage -A arm -O linux -T script -C none -a 0x00000000 -e 0x00000000 -n "RPi2 Boot Script" -d /boot/firmware/uboot.mkimage /boot/firmware/boot.scr
848 fi
913 fi
849
914
850 # Fetch and build fbturbo Xorg driver
915 # Fetch and build fbturbo Xorg driver
851 if [ "$ENABLE_FBTURBO" = true ] ; then
916 if [ "$ENABLE_FBTURBO" = true ] ; then
852 # Fetch fbturbo driver sources
917 # Fetch fbturbo driver sources
853 git -C $R/tmp clone https://github.com/ssvb/xf86-video-fbturbo.git
918 git -C $R/tmp clone https://github.com/ssvb/xf86-video-fbturbo.git
854
919
855 # Install Xorg build dependencies
920 # Install Xorg build dependencies
856 chroot_exec apt-get install -q -y --no-install-recommends xorg-dev xutils-dev x11proto-dri2-dev libltdl-dev libtool automake libdrm-dev
921 chroot_exec apt-get install -q -y --no-install-recommends xorg-dev xutils-dev x11proto-dri2-dev libltdl-dev libtool automake libdrm-dev
857
922
858 # Build and install fbturbo driver inside chroot
923 # Build and install fbturbo driver inside chroot
859 chroot_exec /bin/bash -c "cd /tmp/xf86-video-fbturbo; autoreconf -vi; ./configure --prefix=/usr; make; make install"
924 chroot_exec /bin/bash -c "cd /tmp/xf86-video-fbturbo; autoreconf -vi; ./configure --prefix=/usr; make; make install"
860
925
861 # Add fbturbo driver to Xorg configuration
926 # Add fbturbo driver to Xorg configuration
862 cat <<EOM >$R/usr/share/X11/xorg.conf.d/99-fbturbo.conf
927 cat <<EOM >$R/usr/share/X11/xorg.conf.d/99-fbturbo.conf
863 Section "Device"
928 Section "Device"
864 Identifier "Allwinner A10/A13 FBDEV"
929 Identifier "Allwinner A10/A13 FBDEV"
865 Driver "fbturbo"
930 Driver "fbturbo"
866 Option "fbdev" "/dev/fb0"
931 Option "fbdev" "/dev/fb0"
867 Option "SwapbuffersWait" "true"
932 Option "SwapbuffersWait" "true"
868 EndSection
933 EndSection
869 EOM
934 EOM
870
935
871 # Remove Xorg build dependencies
936 # Remove Xorg build dependencies
872 chroot_exec apt-get -q -y purge --auto-remove xorg-dev xutils-dev x11proto-dri2-dev libltdl-dev libtool automake libdrm-dev
937 chroot_exec apt-get -q -y purge --auto-remove xorg-dev xutils-dev x11proto-dri2-dev libltdl-dev libtool automake libdrm-dev
873 fi
938 fi
874
939
875 # Remove gcc/c++ build environment from the chroot
940 # Remove gcc/c++ build environment from the chroot
876 if [ "$ENABLE_UBOOT" = true ] || [ "$ENABLE_FBTURBO" = true ]; then
941 if [ "$ENABLE_UBOOT" = true ] || [ "$ENABLE_FBTURBO" = true ]; then
877 chroot_exec apt-get -y -q purge --auto-remove bc binutils cpp cpp-4.9 g++ g++-4.9 gcc gcc-4.9 libasan1 libatomic1 libc-dev-bin libc6-dev libcloog-isl4 libgcc-4.9-dev libgomp1 libisl10 libmpc3 libmpfr4 libstdc++-4.9-dev libubsan0 linux-compiler-gcc-4.9-arm linux-libc-dev make
942 chroot_exec apt-get -y -q purge --auto-remove bc binutils cpp cpp-4.9 g++ g++-4.9 gcc gcc-4.9 libasan1 libatomic1 libc-dev-bin libc6-dev libcloog-isl4 libgcc-4.9-dev libgomp1 libisl10 libmpc3 libmpfr4 libstdc++-4.9-dev libubsan0 linux-compiler-gcc-4.9-arm linux-libc-dev make
878 fi
943 fi
879
944
880 # Clean cached downloads
945 # Clean cached downloads
881 chroot_exec apt-get -y clean
946 chroot_exec apt-get -y clean
882 chroot_exec apt-get -y autoclean
947 chroot_exec apt-get -y autoclean
883 chroot_exec apt-get -y autoremove
948 chroot_exec apt-get -y autoremove
884
949
885 # Unmount mounted filesystems
950 # Unmount mounted filesystems
886 umount -l $R/proc
951 umount -l $R/proc
887 umount -l $R/sys
952 umount -l $R/sys
888
953
889 # Clean up files
954 # Clean up files
890 rm -f $R/etc/apt/sources.list.save
955 rm -f $R/etc/apt/sources.list.save
891 rm -f $R/etc/resolvconf/resolv.conf.d/original
956 rm -f $R/etc/resolvconf/resolv.conf.d/original
892 rm -rf $R/run
957 rm -rf $R/run
893 mkdir -p $R/run
958 mkdir -p $R/run
894 rm -f $R/etc/*-
959 rm -f $R/etc/*-
895 rm -f $R/root/.bash_history
960 rm -f $R/root/.bash_history
896 rm -rf $R/tmp/*
961 rm -rf $R/tmp/*
897 rm -f $R/var/lib/urandom/random-seed
962 rm -f $R/var/lib/urandom/random-seed
898 [ -L $R/var/lib/dbus/machine-id ] || rm -f $R/var/lib/dbus/machine-id
963 [ -L $R/var/lib/dbus/machine-id ] || rm -f $R/var/lib/dbus/machine-id
899 rm -f $R/etc/machine-id
964 rm -f $R/etc/machine-id
900 rm -fr $R/etc/apt/apt.conf.d/10proxy
965 rm -fr $R/etc/apt/apt.conf.d/10proxy
901
966
902 # Calculate size of the chroot directory
967 # Calculate size of the chroot directory
903 CHROOT_SIZE=$(expr `du -s $R | awk '{ print $1 }'` / 1024)
968 CHROOT_SIZE=$(expr `du -s $R | awk '{ print $1 }'` / 1024)
904
969
905 # Calculate required image size
970 # Calculate required image size
906 IMAGE_SIZE=`expr $(expr ${CHROOT_SIZE} / 1024 + 1) \* 1024`
971 IMAGE_SIZE=`expr $(expr ${CHROOT_SIZE} / 1024 + 1) \* 1024`
907
972
908 # Calculate number of sectors for the partition
973 # Calculate number of sectors for the partition
909 IMAGE_SECTORS=`expr $(expr ${IMAGE_SIZE} \* 1048576) / 512 - 133120`
974 IMAGE_SECTORS=`expr $(expr ${IMAGE_SIZE} \* 1048576) / 512 - 133120`
910
975
911 # Prepare date string for image file name
976 # Prepare date string for image file name
912 DATE="$(date +%Y-%m-%d)"
977 DATE="$(date +%Y-%m-%d)"
913
978
914 # Prepare image file
979 # Prepare image file
915 dd if=/dev/zero of="$BASEDIR/${DATE}-debian-${RELEASE}.img" bs=1M count=1
980 dd if=/dev/zero of="$BASEDIR/${DATE}-debian-${RELEASE}.img" bs=1M count=1
916 dd if=/dev/zero of="$BASEDIR/${DATE}-debian-${RELEASE}.img" bs=1M count=0 seek=${IMAGE_SIZE}
981 dd if=/dev/zero of="$BASEDIR/${DATE}-debian-${RELEASE}.img" bs=1M count=0 seek=${IMAGE_SIZE}
917
982
918 # Write partition table
983 # Write partition table
919 sfdisk -q -L -f "$BASEDIR/${DATE}-debian-${RELEASE}.img" <<EOM
984 sfdisk -q -L -f "$BASEDIR/${DATE}-debian-${RELEASE}.img" <<EOM
920 unit: sectors
985 unit: sectors
921
986
922 1 : start= 2048, size= 131072, Id= c, bootable
987 1 : start= 2048, size= 131072, Id= c, bootable
923 2 : start= 133120, size= ${IMAGE_SECTORS}, Id=83
988 2 : start= 133120, size= ${IMAGE_SECTORS}, Id=83
924 3 : start= 0, size= 0, Id= 0
989 3 : start= 0, size= 0, Id= 0
925 4 : start= 0, size= 0, Id= 0
990 4 : start= 0, size= 0, Id= 0
926 EOM
991 EOM
927
992
928 # Set up temporary loop devices and build filesystems
993 # Set up temporary loop devices and build filesystems
929 VFAT_LOOP="$(losetup -o 1M --sizelimit 64M -f --show $BASEDIR/${DATE}-debian-${RELEASE}.img)"
994 VFAT_LOOP="$(losetup -o 1M --sizelimit 64M -f --show $BASEDIR/${DATE}-debian-${RELEASE}.img)"
930 EXT4_LOOP="$(losetup -o 65M --sizelimit `expr ${IMAGE_SIZE} - 64`M -f --show $BASEDIR/${DATE}-debian-${RELEASE}.img)"
995 EXT4_LOOP="$(losetup -o 65M --sizelimit `expr ${IMAGE_SIZE} - 64`M -f --show $BASEDIR/${DATE}-debian-${RELEASE}.img)"
931 mkfs.vfat "$VFAT_LOOP"
996 mkfs.vfat "$VFAT_LOOP"
932 mkfs.ext4 "$EXT4_LOOP"
997 mkfs.ext4 "$EXT4_LOOP"
933
998
934 # Mount the temporary loop devices
999 # Mount the temporary loop devices
935 mkdir -p "$BUILDDIR/mount"
1000 mkdir -p "$BUILDDIR/mount"
936 mount "$EXT4_LOOP" "$BUILDDIR/mount"
1001 mount "$EXT4_LOOP" "$BUILDDIR/mount"
937
1002
938 mkdir -p "$BUILDDIR/mount/boot/firmware"
1003 mkdir -p "$BUILDDIR/mount/boot/firmware"
939 mount "$VFAT_LOOP" "$BUILDDIR/mount/boot/firmware"
1004 mount "$VFAT_LOOP" "$BUILDDIR/mount/boot/firmware"
940
1005
941 # Copy all files from the chroot to the loop device mount point directory
1006 # Copy all files from the chroot to the loop device mount point directory
942 rsync -a "$R/" "$BUILDDIR/mount/"
1007 rsync -a "$R/" "$BUILDDIR/mount/"
943
1008
944 # Unmount all temporary loop devices and mount points
1009 # Unmount all temporary loop devices and mount points
945 cleanup
1010 cleanup
946
1011
947 # (optinal) create block map file for "bmaptool"
1012 # (optinal) create block map file for "bmaptool"
948 bmaptool create -o "$BASEDIR/${DATE}-debian-${RELEASE}.bmap" "$BASEDIR/${DATE}-debian-${RELEASE}.img"
1013 bmaptool create -o "$BASEDIR/${DATE}-debian-${RELEASE}.bmap" "$BASEDIR/${DATE}-debian-${RELEASE}.img"
949
1014
950 # Image was successfully created
1015 # Image was successfully created
951 echo "$BASEDIR/${DATE}-debian-${RELEASE}.img (${IMAGE_SIZE})" ": successfully created"
1016 echo "$BASEDIR/${DATE}-debian-${RELEASE}.img (${IMAGE_SIZE})" ": successfully created"
General Comments 0
Vous devez vous connecter pour laisser un commentaire. Se connecter maintenant