@@ -98,6 +98,18 if [ "$BUILD_KERNEL" = true ] ; then | |||||
98 | #Switch to KERNELSRC_DIR so we can use set_kernel_config |
|
98 | #Switch to KERNELSRC_DIR so we can use set_kernel_config | |
99 | cd "${KERNEL_DIR}" || exit |
|
99 | cd "${KERNEL_DIR}" || exit | |
100 |
|
100 | |||
|
101 | if [ "$KERNEL_ARCH" = arm64 ] ; then | |||
|
102 | #Fix SD_DRIVER upstream and downstream mess in 64bit RPIdeb_config | |||
|
103 | # use correct driver MMC_BCM2835_MMC instead of MMC_BCM2835_SDHOST - see https://www.raspberrypi.org/forums/viewtopic.php?t=210225 | |||
|
104 | set_kernel_config CONFIG_MMC_BCM2835 n | |||
|
105 | set_kernel_config CONFIG_MMC_SDHCI_IPROC n | |||
|
106 | set_kernel_config CONFIG_USB_DWC2 n | |||
|
107 | sed -i "s|depends on MMC_BCM2835_MMC && MMC_BCM2835_DMA|depends on MMC_BCM2835_MMC|" "${KERNEL_DIR}"/drivers/mmc/host/Kconfig | |||
|
108 | ||||
|
109 | #VLAN got disabled without reason in arm64bit | |||
|
110 | set_kernel_config CONFIG_IPVLAN m | |||
|
111 | fi | |||
|
112 | ||||
101 | # enable ZSWAP see https://askubuntu.com/a/472227 or https://wiki.archlinux.org/index.php/zswap |
|
113 | # enable ZSWAP see https://askubuntu.com/a/472227 or https://wiki.archlinux.org/index.php/zswap | |
102 | if [ "$KERNEL_ZSWAP" = true ] ; then |
|
114 | if [ "$KERNEL_ZSWAP" = true ] ; then | |
103 | set_kernel_config CONFIG_ZPOOL y |
|
115 | set_kernel_config CONFIG_ZPOOL y | |
@@ -107,6 +119,7 if [ "$BUILD_KERNEL" = true ] ; then | |||||
107 | set_kernel_config CONFIG_ZSMALLOC y |
|
119 | set_kernel_config CONFIG_ZSMALLOC y | |
108 | set_kernel_config CONFIG_PGTABLE_MAPPING y |
|
120 | set_kernel_config CONFIG_PGTABLE_MAPPING y | |
109 | set_kernel_config CONFIG_LZO_COMPRESS y |
|
121 | set_kernel_config CONFIG_LZO_COMPRESS y | |
|
122 | ||||
110 | fi |
|
123 | fi | |
111 |
|
124 | |||
112 | # enable basic KVM support; see https://www.raspberrypi.org/forums/viewtopic.php?f=63&t=210546&start=25#p1300453 |
|
125 | # enable basic KVM support; see https://www.raspberrypi.org/forums/viewtopic.php?f=63&t=210546&start=25#p1300453 | |
@@ -148,20 +161,20 if [ "$BUILD_KERNEL" = true ] ; then | |||||
148 | set_kernel_config CONFIG_AUDIT y |
|
161 | set_kernel_config CONFIG_AUDIT y | |
149 |
|
162 | |||
150 | # harden strcpy and memcpy |
|
163 | # harden strcpy and memcpy | |
151 |
set_kernel_config CONFIG_HARDENED_USERCOPY |
|
164 | set_kernel_config CONFIG_HARDENED_USERCOPY y | |
152 |
set_kernel_config CONFIG_HAVE_HARDENED_USERCOPY_ALLOCATOR |
|
165 | set_kernel_config CONFIG_HAVE_HARDENED_USERCOPY_ALLOCATOR y | |
153 |
set_kernel_config CONFIG_FORTIFY_SOURCE |
|
166 | set_kernel_config CONFIG_FORTIFY_SOURCE y | |
154 |
|
167 | |||
155 | # integrity sub-system |
|
168 | # integrity sub-system | |
156 |
set_kernel_config CONFIG_INTEGRITY |
|
169 | set_kernel_config CONFIG_INTEGRITY y | |
157 |
set_kernel_config CONFIG_INTEGRITY_ASYMMETRIC_KEYS |
|
170 | set_kernel_config CONFIG_INTEGRITY_ASYMMETRIC_KEYS y | |
158 |
set_kernel_config CONFIG_INTEGRITY_AUDIT |
|
171 | set_kernel_config CONFIG_INTEGRITY_AUDIT y | |
159 |
set_kernel_config CONFIG_INTEGRITY_SIGNATURE |
|
172 | set_kernel_config CONFIG_INTEGRITY_SIGNATURE y | |
160 |
set_kernel_config CONFIG_INTEGRITY_TRUSTED_KEYRING |
|
173 | set_kernel_config CONFIG_INTEGRITY_TRUSTED_KEYRING y | |
161 |
|
174 | |||
162 | # This option provides support for retaining authentication tokens and access keys in the kernel. |
|
175 | # This option provides support for retaining authentication tokens and access keys in the kernel. | |
163 |
set_kernel_config CONFIG_KEYS |
|
176 | set_kernel_config CONFIG_KEYS y | |
164 |
set_kernel_config CONFIG_KEYS_COMPAT |
|
177 | set_kernel_config CONFIG_KEYS_COMPAT y | |
165 |
|
178 | |||
166 | # Apparmor |
|
179 | # Apparmor | |
167 | set_kernel_config CONFIG_SECURITY_APPARMOR_BOOTPARAM_VALUE 0 |
|
180 | set_kernel_config CONFIG_SECURITY_APPARMOR_BOOTPARAM_VALUE 0 | |
@@ -172,13 +185,13 if [ "$BUILD_KERNEL" = true ] ; then | |||||
172 | set_kernel_config CONFIG_DEFAULT_SECURITY "apparmor" |
|
185 | set_kernel_config CONFIG_DEFAULT_SECURITY "apparmor" | |
173 |
|
186 | |||
174 | # restrictions on unprivileged users reading the kernel |
|
187 | # restrictions on unprivileged users reading the kernel | |
175 |
set_kernel_config CONFIG_SECURITY_DMESG_RESTRICT |
|
188 | set_kernel_config CONFIG_SECURITY_DMESG_RESTRICT y | |
176 |
|
189 | |||
177 | # network security hooks |
|
190 | # network security hooks | |
178 | set_kernel_config CONFIG_SECURITY_NETWORK y |
|
191 | set_kernel_config CONFIG_SECURITY_NETWORK y | |
179 |
set_kernel_config CONFIG_SECURITY_NETWORK_XFRM |
|
192 | set_kernel_config CONFIG_SECURITY_NETWORK_XFRM y | |
180 |
set_kernel_config CONFIG_SECURITY_PATH |
|
193 | set_kernel_config CONFIG_SECURITY_PATH y | |
181 |
set_kernel_config CONFIG_SECURITY_YAMA |
|
194 | set_kernel_config CONFIG_SECURITY_YAMA n | |
182 |
|
195 | |||
183 | # New Options |
|
196 | # New Options | |
184 | if [ "$KERNEL_NF" = true ] ; then |
|
197 | if [ "$KERNEL_NF" = true ] ; then | |
@@ -488,7 +501,7 if [ "$BUILD_KERNEL" = true ] ; then | |||||
488 |
|
501 | |||
489 | # Copy compiled dtb device tree files |
|
502 | # Copy compiled dtb device tree files | |
490 | if [ -d "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays" ] ; then |
|
503 | if [ -d "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays" ] ; then | |
491 | for dtb in "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays/"*.dtb ; do |
|
504 | for dtb in "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays/"*.dtbo ; do | |
492 | if [ -f "${dtb}" ] ; then |
|
505 | if [ -f "${dtb}" ] ; then | |
493 | install_readonly "${dtb}" "${BOOT_DIR}/overlays/" |
|
506 | install_readonly "${dtb}" "${BOOT_DIR}/overlays/" | |
494 | fi |
|
507 | fi |
@@ -8,11 +8,6 | |||||
8 | # Install and setup fstab |
|
8 | # Install and setup fstab | |
9 | install_readonly files/mount/fstab "${ETC_DIR}/fstab" |
|
9 | install_readonly files/mount/fstab "${ETC_DIR}/fstab" | |
10 |
|
10 | |||
11 | if [ "$ENABLE_UBOOTUSB" = true ] ; then |
|
|||
12 | sed -i "s/mmcblk0p1/sda1/" "${ETC_DIR}/fstab" |
|
|||
13 | sed -i "s/mmcblk0p2/sda2/" "${ETC_DIR}/fstab" |
|
|||
14 | fi |
|
|||
15 |
|
||||
16 | # Add usb/sda disk root partition to fstab |
|
11 | # Add usb/sda disk root partition to fstab | |
17 | if [ "$ENABLE_SPLITFS" = true ] && [ "$ENABLE_CRYPTFS" = false ] ; then |
|
12 | if [ "$ENABLE_SPLITFS" = true ] && [ "$ENABLE_CRYPTFS" = false ] ; then | |
18 | sed -i "s/mmcblk0p2/sda1/" "${ETC_DIR}/fstab" |
|
13 | sed -i "s/mmcblk0p2/sda1/" "${ETC_DIR}/fstab" | |
@@ -28,11 +23,19 if [ "$ENABLE_CRYPTFS" = true ] ; then | |||||
28 | echo "${CRYPTFS_MAPPING} /dev/mmcblk0p2 none luks,initramfs" >> "${ETC_DIR}/crypttab" |
|
23 | echo "${CRYPTFS_MAPPING} /dev/mmcblk0p2 none luks,initramfs" >> "${ETC_DIR}/crypttab" | |
29 |
|
24 | |||
30 | if [ "$ENABLE_SPLITFS" = true ] ; then |
|
25 | if [ "$ENABLE_SPLITFS" = true ] ; then | |
31 | # Add usb/sda disk to crypttab |
|
26 | # Add usb/sda1 disk to crypttab | |
32 | sed -i "s/mmcblk0p2/sda1/" "${ETC_DIR}/crypttab" |
|
27 | sed -i "s/mmcblk0p2/sda1/" "${ETC_DIR}/crypttab" | |
33 | fi |
|
28 | fi | |
34 | fi |
|
29 | fi | |
35 |
|
30 | |||
|
31 | if [ "$ENABLE_USBBOOT" = true ] ; then | |||
|
32 | sed -i "s/mmcblk0p1/sda1/" "${ETC_DIR}/fstab" | |||
|
33 | sed -i "s/mmcblk0p2/sda2/" "${ETC_DIR}/fstab" | |||
|
34 | ||||
|
35 | # Add usb/sda2 disk to crypttab | |||
|
36 | sed -i "s/mmcblk0p2/sda2/" "${ETC_DIR}/crypttab" | |||
|
37 | fi | |||
|
38 | ||||
36 | # Generate initramfs file |
|
39 | # Generate initramfs file | |
37 | if [ "$ENABLE_INITRAMFS" = true ] ; then |
|
40 | if [ "$ENABLE_INITRAMFS" = true ] ; then | |
38 | if [ "$ENABLE_CRYPTFS" = true ] ; then |
|
41 | if [ "$ENABLE_CRYPTFS" = true ] ; then | |
@@ -43,6 +46,20 if [ "$ENABLE_INITRAMFS" = true ] ; then | |||||
43 | install_exec files/initramfs/expand-tools "${ETC_DIR}/initramfs-tools/hooks/expand-tools" |
|
46 | install_exec files/initramfs/expand-tools "${ETC_DIR}/initramfs-tools/hooks/expand-tools" | |
44 | fi |
|
47 | fi | |
45 |
|
48 | |||
|
49 | if [ "$ENABLE_DHCP" = false ] ; then | |||
|
50 | # Get cdir from NET_ADDRESS e.g. 24 | |||
|
51 | cdir=$(${NET_ADDRESS} | cut -d '/' -f2) | |||
|
52 | ||||
|
53 | # Convert cdir ro netmask e.g. 24 to 255.255.255.0 | |||
|
54 | NET_MASK=$(cdr2mask "$cdir") | |||
|
55 | ||||
|
56 | # Write static ip settings to "${ETC_DIR}"/initramfs-tools/initramfs.conf | |||
|
57 | sed -i "\$aIP=${NET_ADDRESS}::${NET_GATEWAY}:${NET_MASK}:${HOSTNAME}:" "${ETC_DIR}"/initramfs-tools/initramfs.conf | |||
|
58 | ||||
|
59 | # Regenerate initramfs | |||
|
60 | chroot_exec mkinitramfs -o "/boot/firmware/initramfs-${KERNEL_VERSION}" "${KERNEL_VERSION}" | |||
|
61 | fi | |||
|
62 | ||||
46 | if [ "$CRYPTFS_DROPBEAR" = true ]; then |
|
63 | if [ "$CRYPTFS_DROPBEAR" = true ]; then | |
47 |
|
|
64 | if [ -n "$CRYPTFS_DROPBEAR_PUBKEY" ] && [ -f "$CRYPTFS_DROPBEAR_PUBKEY" ] ; then | |
48 |
|
|
65 | install_readonly "${CRYPTFS_DROPBEAR_PUBKEY}" "${ETC_DIR}"/dropbear-initramfs/id_rsa.pub |
@@ -39,10 +39,14 else | |||||
39 | fi |
|
39 | fi | |
40 |
|
40 | |||
41 | # Setup firmware boot cmdline |
|
41 | # Setup firmware boot cmdline | |
|
42 | if [ "$ENABLE_USBBOOT" = true ] ; then | |||
|
43 | CMDLINE="dwc_otg.lpm_enable=0 root=/dev/sda2 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline console=tty1 rootwait init=/bin/systemd" | |||
|
44 | else | |||
42 | if [ "$ENABLE_SPLITFS" = true ] ; then |
|
45 | if [ "$ENABLE_SPLITFS" = true ] ; then | |
43 |
CMDLINE="dwc_otg.lpm_enable=0 root=/dev/sda1 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline |
|
46 | CMDLINE="dwc_otg.lpm_enable=0 root=/dev/sda1 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline console=tty1 rootwait init=/bin/systemd" | |
44 | else |
|
47 | else | |
45 |
CMDLINE="dwc_otg.lpm_enable=0 root=/dev/mmcblk0p2 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline |
|
48 | CMDLINE="dwc_otg.lpm_enable=0 root=/dev/mmcblk0p2 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline console=tty1 rootwait init=/bin/systemd" | |
|
49 | fi | |||
46 | fi |
|
50 | fi | |
47 |
|
51 | |||
48 | # Add encrypted root partition to cmdline.txt |
|
52 | # Add encrypted root partition to cmdline.txt | |
@@ -50,15 +54,24 if [ "$ENABLE_CRYPTFS" = true ] ; then | |||||
50 | if [ "$ENABLE_SPLITFS" = true ] ; then |
|
54 | if [ "$ENABLE_SPLITFS" = true ] ; then | |
51 | CMDLINE=$(echo "${CMDLINE}" | sed "s/sda1/mapper\/${CRYPTFS_MAPPING} cryptdevice=\/dev\/sda1:${CRYPTFS_MAPPING}/") |
|
55 | CMDLINE=$(echo "${CMDLINE}" | sed "s/sda1/mapper\/${CRYPTFS_MAPPING} cryptdevice=\/dev\/sda1:${CRYPTFS_MAPPING}/") | |
52 | else |
|
56 | else | |
|
57 | if [ "$ENABLE_USBBOOT" = true ] ; then | |||
|
58 | CMDLINE=$(echo "${CMDLINE}" | sed "s/sda2/mapper\/${CRYPTFS_MAPPING} cryptdevice=\/dev\/sda2:${CRYPTFS_MAPPING}/") | |||
|
59 | else | |||
53 | CMDLINE=$(echo "${CMDLINE}" | sed "s/mmcblk0p2/mapper\/${CRYPTFS_MAPPING} cryptdevice=\/dev\/mmcblk0p2:${CRYPTFS_MAPPING}/") |
|
60 | CMDLINE=$(echo "${CMDLINE}" | sed "s/mmcblk0p2/mapper\/${CRYPTFS_MAPPING} cryptdevice=\/dev\/mmcblk0p2:${CRYPTFS_MAPPING}/") | |
54 | fi |
|
61 | fi | |
55 | fi |
|
62 | fi | |
|
63 | fi | |||
56 |
|
64 | |||
57 | # Enable Kernel messages on standard output |
|
65 | # Enable Kernel messages on standard output | |
58 | if [ "$ENABLE_PRINTK" = true ] ; then |
|
66 | if [ "$ENABLE_PRINTK" = true ] ; then | |
59 | install_readonly files/sysctl.d/83-rpi-printk.conf "${ETC_DIR}/sysctl.d/83-rpi-printk.conf" |
|
67 | install_readonly files/sysctl.d/83-rpi-printk.conf "${ETC_DIR}/sysctl.d/83-rpi-printk.conf" | |
60 | fi |
|
68 | fi | |
61 |
|
69 | |||
|
70 | # Enable Kernel messages on standard output | |||
|
71 | if [ "$KERNEL_SECURITY" = true ] ; then | |||
|
72 | install_readonly files/sysctl.d/84-rpi-ASLR.conf "${ETC_DIR}/sysctl.d/84-rpi-ASLR.conf" | |||
|
73 | fi | |||
|
74 | ||||
62 | # Install udev rule for serial alias - serial0 = console serial1=bluetooth |
|
75 | # Install udev rule for serial alias - serial0 = console serial1=bluetooth | |
63 | install_readonly files/etc/99-com.rules "${LIB_DIR}/udev/rules.d/99-com.rules" |
|
76 | install_readonly files/etc/99-com.rules "${LIB_DIR}/udev/rules.d/99-com.rules" | |
64 |
|
77 | |||
@@ -143,14 +156,13 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then | |||||
143 |
|
156 | |||
144 | # Switch Pi3 Bluetooth function to use the mini-UART (ttyS0) and restore UART0/ttyAMA0 over GPIOs 14 & 15. Slow Bluetooth and slow cpu. Use /dev/ttyS0 instead of /dev/ttyAMA0 |
|
157 | # Switch Pi3 Bluetooth function to use the mini-UART (ttyS0) and restore UART0/ttyAMA0 over GPIOs 14 & 15. Slow Bluetooth and slow cpu. Use /dev/ttyS0 instead of /dev/ttyAMA0 | |
145 | if [ "$ENABLE_MINIUART_OVERLAY" = true ] ; then |
|
158 | if [ "$ENABLE_MINIUART_OVERLAY" = true ] ; then | |
146 |
|
||||
147 | # set overlay to swap ttyAMA0 and ttyS0 |
|
159 | # set overlay to swap ttyAMA0 and ttyS0 | |
148 | echo "dtoverlay=pi3-miniuart-bt" >> "${BOOT_DIR}/config.txt" |
|
160 | echo "dtoverlay=pi3-miniuart-bt" >> "${BOOT_DIR}/config.txt" | |
149 |
|
161 | |||
150 | # if force_turbo didn't lock cpu at high speed, lock it at low speed (XOR logic) or miniuart will be broken |
|
|||
151 |
|
|
162 | if [ "$ENABLE_TURBO" = false ] ; then | |
152 |
|
|
163 | echo "core_freq=250" >> "${BOOT_DIR}/config.txt" | |
153 | fi |
|
164 | fi | |
|
165 | ||||
154 | fi |
|
166 | fi | |
155 |
|
167 | |||
156 | # Activate services |
|
168 | # Activate services | |
@@ -168,13 +180,17 if [ "$ENABLE_CONSOLE" = true ] ; then | |||||
168 | # add string to cmdline |
|
180 | # add string to cmdline | |
169 | CMDLINE="${CMDLINE} console=serial0,115200" |
|
181 | CMDLINE="${CMDLINE} console=serial0,115200" | |
170 |
|
182 | |||
|
183 | if [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ]|| [ "$RPI_MODEL" = 0 ]; then | |||
|
184 | # if force_turbo didn't lock cpu at high speed, lock it at low speed (XOR logic) or miniuart will be broken | |||
|
185 | if [ "$ENABLE_TURBO" = false ] ; then | |||
|
186 | echo "core_freq=250" >> "${BOOT_DIR}/config.txt" | |||
|
187 | fi | |||
|
188 | fi | |||
|
189 | ||||
171 | # Enable serial console systemd style |
|
190 | # Enable serial console systemd style | |
172 |
chroot_exec systemctl enable serial-getty |
|
191 | chroot_exec systemctl enable serial-getty@serial0.service | |
173 | else |
|
192 | else | |
174 | echo "enable_uart=0" >> "${BOOT_DIR}/config.txt" |
|
193 | echo "enable_uart=0" >> "${BOOT_DIR}/config.txt" | |
175 |
|
||||
176 | # disable serial console systemd style |
|
|||
177 | chroot_exec systemctl disable serial-getty\@"$SET_SERIAL".service |
|
|||
178 | fi |
|
194 | fi | |
179 |
|
195 | |||
180 | if [ "$ENABLE_SYSTEMDSWAP" = true ] ; then |
|
196 | if [ "$ENABLE_SYSTEMDSWAP" = true ] ; then | |
@@ -187,33 +203,32 if [ "$ENABLE_SYSTEMDSWAP" = true ] ; then | |||||
187 | # Copy downloaded systemd-swap sources |
|
203 | # Copy downloaded systemd-swap sources | |
188 | mv "${temp_dir}/systemd-swap" "${R}/tmp/" |
|
204 | mv "${temp_dir}/systemd-swap" "${R}/tmp/" | |
189 |
|
205 | |||
190 | # Set permissions of the systemd-swap sources |
|
|||
191 | chown -R root:root "${R}/tmp/systemd-swap" |
|
|||
192 |
|
||||
193 | # Remove temporary directory for systemd-swap sources |
|
|||
194 | rm -fr "${temp_dir}" |
|
|||
195 |
|
||||
196 | # Change into downloaded src dir |
|
206 | # Change into downloaded src dir | |
197 | cd "${R}/tmp/systemd-swap" || exit |
|
207 | cd "${R}/tmp/systemd-swap" || exit | |
198 |
|
208 | |||
199 | # Build package |
|
209 | # Build package | |
200 |
|
|
210 | bash ./package.sh debian | |
201 |
|
211 | |||
202 | # Install package |
|
212 | # Change back into script root dir | |
203 | chroot_exec dpkg -i /tmp/systemd-swap/systemd-swap-*any.deb |
|
213 | cd "${WORKDIR}" || exit | |
|
214 | ||||
|
215 | # Set permissions of the systemd-swap sources | |||
|
216 | chown -R root:root "${R}/tmp/systemd-swap" | |||
|
217 | ||||
|
218 | # Install package - IMPROVE AND MAKE IT POSSIBLE WITHOUT VERSION NR. | |||
|
219 | chroot_exec dpkg -i /tmp/systemd-swap/systemd-swap_4.0.1_any.deb | |||
204 |
|
220 | |||
205 | # Enable service |
|
221 | # Enable service | |
206 | chroot_exec systemctl enable systemd-swap |
|
222 | chroot_exec systemctl enable systemd-swap | |
207 |
|
223 | |||
208 | # Change back into script root dir |
|
224 | # Remove temporary directory for systemd-swap sources | |
209 | cd "${WORKDIR}" || exit |
|
225 | rm -fr "${temp_dir}" | |
210 | else |
|
226 | else | |
211 | # Enable ZSWAP in cmdline if systemd-swap is not used |
|
227 | # Enable ZSWAP in cmdline if systemd-swap is not used | |
212 | if [ "$KERNEL_ZSWAP" = true ] ; then |
|
228 | if [ "$KERNEL_ZSWAP" = true ] ; then | |
213 |
CMDLINE="${CMDLINE} zswap.enabled=1 zswap.max_pool_percent=25 zswap.compressor=lz4" |
|
229 | CMDLINE="${CMDLINE} zswap.enabled=1 zswap.max_pool_percent=25 zswap.compressor=lz4" | |
214 | fi |
|
230 | fi | |
215 | fi |
|
231 | fi | |
216 |
|
||||
217 | if [ "$KERNEL_SECURITY" = true ] ; then |
|
232 | if [ "$KERNEL_SECURITY" = true ] ; then | |
218 | CMDLINE="${CMDLINE} apparmor=1 security=apparmor" |
|
233 | CMDLINE="${CMDLINE} apparmor=1 security=apparmor" | |
219 | fi |
|
234 | fi |
@@ -30,6 +30,10 install_readonly files/network/interfaces "${ETC_DIR}/network/interfaces" | |||||
30 | # Install configuration for interface eth0 |
|
30 | # Install configuration for interface eth0 | |
31 | install_readonly files/network/eth.network "${ETC_DIR}/systemd/network/eth.network" |
|
31 | install_readonly files/network/eth.network "${ETC_DIR}/systemd/network/eth.network" | |
32 |
|
32 | |||
|
33 | if [ "$RPI_MODEL" = 3P ] ; then | |||
|
34 | printf "\n[Link]\nGenericReceiveOffload=off\nTCPSegmentationOffload=off\nGenericSegmentationOffload=off" >> "${ETC_DIR}/systemd/network/eth.network" | |||
|
35 | fi | |||
|
36 | ||||
33 | # Install configuration for interface wl* |
|
37 | # Install configuration for interface wl* | |
34 | install_readonly files/network/wlan.network "${ETC_DIR}/systemd/network/wlan.network" |
|
38 | install_readonly files/network/wlan.network "${ETC_DIR}/systemd/network/wlan.network" | |
35 |
|
39 | |||
@@ -57,20 +61,6 else # ENABLE_DHCP=false | |||||
57 | -e "0,/NTP=\$/ s|NTP=\$|NTP=${NET_NTP_1}|"\ |
|
61 | -e "0,/NTP=\$/ s|NTP=\$|NTP=${NET_NTP_1}|"\ | |
58 | -e "0,/NTP=\$/ s|NTP=\$|NTP=${NET_NTP_2}|"\ |
|
62 | -e "0,/NTP=\$/ s|NTP=\$|NTP=${NET_NTP_2}|"\ | |
59 | "${ETC_DIR}/systemd/network/eth.network" |
|
63 | "${ETC_DIR}/systemd/network/eth.network" | |
60 |
|
||||
61 | if [ "$CRYPTFS_DROPBEAR" = true ] ; then |
|
|||
62 | # Get cdir from NET_ADDRESS e.g. 24 |
|
|||
63 | cdir=$(${NET_ADDRESS} | cut -d '/' -f2) |
|
|||
64 |
|
||||
65 | # Convert cdir ro netmask e.g. 24 to 255.255.255.0 |
|
|||
66 | NET_MASK=$(cdr2mask "$cdir") |
|
|||
67 |
|
||||
68 | # Write static ip settings to "${ETC_DIR}"/initramfs-tools/initramfs.conf |
|
|||
69 | sed -i "\$aIP=${NET_ADDRESS}::${NET_GATEWAY}:${NET_MASK}:${HOSTNAME}:" "${ETC_DIR}"/initramfs-tools/initramfs.conf |
|
|||
70 |
|
||||
71 | # Regenerate initramfs |
|
|||
72 | chroot_exec mkinitramfs -o "/boot/firmware/initramfs-${KERNEL_VERSION}" "${KERNEL_VERSION}" |
|
|||
73 | fi |
|
|||
74 | fi |
|
64 | fi | |
75 |
|
65 | |||
76 | # Remove empty settings from network configuration |
|
66 | # Remove empty settings from network configuration |
1 | NO CONTENT: modified file |
|
NO CONTENT: modified file |
@@ -79,7 +79,7 if [ "$ENABLE_UBOOT" = true ] ; then | |||||
79 | fi |
|
79 | fi | |
80 |
|
80 | |||
81 | # instead of sd, boot from usb device |
|
81 | # instead of sd, boot from usb device | |
82 |
if [ "$ENABLE_UBOOT |
|
82 | if [ "$ENABLE_USBBOOT" = true ] ; then | |
83 | sed -i "s|mmc|usb|g" "${BOOT_DIR}/uboot.mkimage" |
|
83 | sed -i "s|mmc|usb|g" "${BOOT_DIR}/uboot.mkimage" | |
84 | fi |
|
84 | fi | |
85 |
|
85 |
@@ -158,7 +158,7 ENABLE_MINBASE=${ENABLE_MINBASE:=false} | |||||
158 | ENABLE_REDUCE=${ENABLE_REDUCE:=false} |
|
158 | ENABLE_REDUCE=${ENABLE_REDUCE:=false} | |
159 | ENABLE_UBOOT=${ENABLE_UBOOT:=false} |
|
159 | ENABLE_UBOOT=${ENABLE_UBOOT:=false} | |
160 | UBOOTSRC_DIR=${UBOOTSRC_DIR:=""} |
|
160 | UBOOTSRC_DIR=${UBOOTSRC_DIR:=""} | |
161 |
ENABLE_UBOOT |
|
161 | ENABLE_USBBOOT=${ENABLE_USBBOOT=false} | |
162 | ENABLE_FBTURBO=${ENABLE_FBTURBO:=false} |
|
162 | ENABLE_FBTURBO=${ENABLE_FBTURBO:=false} | |
163 | ENABLE_VIDEOCORE=${ENABLE_VIDEOCORE:=false} |
|
163 | ENABLE_VIDEOCORE=${ENABLE_VIDEOCORE:=false} | |
164 | ENABLE_NEXMON=${ENABLE_NEXMON:=false} |
|
164 | ENABLE_NEXMON=${ENABLE_NEXMON:=false} | |
@@ -325,17 +325,6 case "$RPI_MODEL" in | |||||
325 | ;; |
|
325 | ;; | |
326 | esac |
|
326 | esac | |
327 |
|
327 | |||
328 | if [ "$ENABLE_UBOOTUSB" = true ] ; then |
|
|||
329 | if [ "$ENABLE_UBOOT" = false ] ; then |
|
|||
330 | echo "error: Enabling UBOOTUSB requires u-boot to be enabled" |
|
|||
331 | exit 1 |
|
|||
332 | fi |
|
|||
333 | if [ "$RPI_MODEL" != 3 ] || [ "$RPI_MODEL" != 3P ] ; then |
|
|||
334 | echo "error: Enabling UBOOTUSB requires Raspberry 3" |
|
|||
335 | exit 1 |
|
|||
336 | fi |
|
|||
337 | fi |
|
|||
338 |
|
||||
339 | # Raspberry PI 0,3,3P with Bluetooth and Wifi onboard |
|
328 | # Raspberry PI 0,3,3P with Bluetooth and Wifi onboard | |
340 | if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then |
|
329 | if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then | |
341 | # Include bluetooth packages on supported boards |
|
330 | # Include bluetooth packages on supported boards | |
@@ -421,6 +410,13 if [ "$ENABLE_UBOOT" = true ] ; then | |||||
421 | APT_INCLUDES="${APT_INCLUDES},device-tree-compiler,bison,flex,bc" |
|
410 | APT_INCLUDES="${APT_INCLUDES},device-tree-compiler,bison,flex,bc" | |
422 | fi |
|
411 | fi | |
423 |
|
412 | |||
|
413 | if [ "$ENABLE_USBBOOT" = true ] ; then | |||
|
414 | if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 1P ] || [ "$RPI_MODEL" = 1 ] || [ "$RPI_MODEL" = 2 ]; then | |||
|
415 | echo "error: Booting from USB alone is only supported by Raspberry Pi 3 and 3P" | |||
|
416 | exit 1 | |||
|
417 | fi | |||
|
418 | fi | |||
|
419 | ||||
424 | # Check if root SSH (v2) public key file exists |
|
420 | # Check if root SSH (v2) public key file exists | |
425 | if [ -n "$SSH_ROOT_PUB_KEY" ] ; then |
|
421 | if [ -n "$SSH_ROOT_PUB_KEY" ] ; then | |
426 | if [ ! -f "$SSH_ROOT_PUB_KEY" ] ; then |
|
422 | if [ ! -f "$SSH_ROOT_PUB_KEY" ] ; then | |
@@ -719,7 +715,7 if [ "$ENABLE_QEMU" = true ] ; then | |||||
719 | # Setup overlays dtbs directory |
|
715 | # Setup overlays dtbs directory | |
720 | mkdir "${BASEDIR}/qemu/overlays" |
|
716 | mkdir "${BASEDIR}/qemu/overlays" | |
721 |
|
717 | |||
722 | for dtb in "${BOOT_DIR}/overlays/"*.dtb ; do |
|
718 | for dtb in "${BOOT_DIR}/overlays/"*.dtbo ; do | |
723 | if [ -f "${dtb}" ] ; then |
|
719 | if [ -f "${dtb}" ] ; then | |
724 | install_readonly "${dtb}" "${BASEDIR}/qemu/overlays/" |
|
720 | install_readonly "${dtb}" "${BASEDIR}/qemu/overlays/" | |
725 | fi |
|
721 | fi |
1 | NO CONTENT: file was removed |
|
NO CONTENT: file was removed |
General Comments 0
Vous devez vous connecter pour laisser un commentaire.
Se connecter maintenant