Raspi2-3_GenImage Commit - r188:3a4cc3acfea1 · Collaboration Tremplin des Sciences

Merge branch 'drtyhlpr-master'

vidal -

r188:3a4cc3acfea1

parent child

Context file:

r188:3a4cc3acfea1

templates/rpi3-stretch-arm64-4.11.y created 644 +15 0

			@@ -0,0 +1,15
		1	# Configuration template file used by rpi23-gen-image.sh
		2	# Debian Stretch using the Arm64 for kernel compilation and Debian distribution.
		3
		4	RPI_MODEL=3
		5	RELEASE=stretch
		6	BUILD_KERNEL=true
		7	KERNEL_ARCH=arm64
		8	RELEASE_ARCH=arm64
		9	CROSS_COMPILE=aarch64-linux-gnu-
		10	QEMU_BINARY=/usr/bin/qemu-aarch64-static
		11	KERNEL_DEFCONFIG=bcmrpi3_defconfig
		12	KERNEL_BIN_IMAGE=Image
		13	KERNEL_IMAGE=kernel8.img
		14	KERNEL_BRANCH=rpi-4.11.y
		15	ENABLE_WIRELESS=true

README.md +43 -16

              # rpi23-gen-image
              ## Introduction
-             `rpi23-gen-image.sh` is an advanced Debian Linux bootstrapping shell script for generating Debian OS images for Raspberry Pi 2 (RPi2) and Raspberry Pi 3 (RPi3) computers. The script at this time supports the bootstrapping of the Debian (armhf) releases `jessie` and `stretch`. Raspberry Pi 3 images are currently generated for 32-bit mode only.
+             `rpi23-gen-image.sh` is an advanced Debian Linux bootstrapping shell script for generating Debian OS images for Raspberry Pi 2 (RPi2) and Raspberry Pi 3 (RPi3) computers. The script at this time supports the bootstrapping of the Debian (armhf) releases `jessie` and `stretch`. Raspberry Pi 3 images are generated for 32-bit mode only. Raspberry Pi 3 64-bit images can be generated using custom configuration parameters (```templates/rpi3-stretch-arm64-4.11.y```).
              ## Build dependencies
              The following list of Debian packages must be installed on the build system because they are essentially required for the bootstrapping process. The script will check if all required packages are installed and missing packages will be installed automatically if confirmed by the user.
                ```debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git bc psmisc dbus sudo```
              It is recommended to configure the `rpi23-gen-image.sh` script to build and install the latest Raspberry Pi Linux kernel. For the RPi3 this is mandetory. Kernel compilation and linking will be performed on the build system using an ARM (armhf) cross-compiler toolchain.
              The script has been tested using the default `crossbuild-essential-armhf` toolchain meta package on Debian Linux `jessie` and `stretch` build systems. Please check the [Debian CrossToolchains Wiki](https://wiki.debian.org/CrossToolchains) for further information.
              If a Debian Linux `jessie` build system is used it will be required to add the [Debian Cross-toolchains repository](http://emdebian.org/tools/debian/) first:
              ```
              echo "deb http://emdebian.org/tools/debian/ jessie main" > /etc/apt/sources.list.d/crosstools.list
              sudo -u nobody wget -O - http://emdebian.org/tools/debian/emdebian-toolchain-archive.key | apt-key add -
              dpkg --add-architecture armhf
              apt-get update
              ```
              ## Command-line parameters
              The script accepts certain command-line parameters to enable or disable specific OS features, services and configuration settings. These parameters are passed to the `rpi23-gen-image.sh` script via (simple) shell-variables. Unlike environment shell-variables (simple) shell-variables are defined at the beginning of the command-line call of the `rpi23-gen-image.sh` script.
-             #####Command-line examples:
+             ##### Command-line examples:
              ```shell
              ENABLE_UBOOT=true ./rpi23-gen-image.sh
              ENABLE_CONSOLE=false ENABLE_IPV6=false ./rpi23-gen-image.sh
              ENABLE_WM=xfce4 ENABLE_FBTURBO=true ENABLE_MINBASE=true ./rpi23-gen-image.sh
              ENABLE_HARDNET=true ENABLE_IPTABLES=true /rpi23-gen-image.sh
              APT_SERVER=ftp.de.debian.org APT_PROXY="http://127.0.0.1:3142/" ./rpi23-gen-image.sh
              ENABLE_MINBASE=true ./rpi23-gen-image.sh
              BUILD_KERNEL=true ENABLE_MINBASE=true ENABLE_IPV6=false ./rpi23-gen-image.sh
              BUILD_KERNEL=true KERNELSRC_DIR=/tmp/linux ./rpi23-gen-image.sh
              ENABLE_MINBASE=true ENABLE_REDUCE=true ENABLE_MINGPU=true BUILD_KERNEL=true ./rpi23-gen-image.sh
              ENABLE_CRYPTFS=true CRYPTFS_PASSWORD=changeme EXPANDROOT=false ENABLE_MINBASE=true ENABLE_REDUCE=true ENABLE_MINGPU=true BUILD_KERNEL=true ./rpi23-gen-image.sh
              RELEASE=stretch BUILD_KERNEL=true ./rpi23-gen-image.sh
              RPI_MODEL=3 ENABLE_WIRELESS=true ENABLE_MINBASE=true BUILD_KERNEL=true ./rpi23-gen-image.sh
              RELEASE=stretch RPI_MODEL=3 ENABLE_WIRELESS=true ENABLE_MINBASE=true BUILD_KERNEL=true ./rpi23-gen-image.sh
              ```
              ## Configuration template files
              To avoid long lists of command-line parameters and to help to store the favourite parameter configurations the `rpi23-gen-image.sh` script supports so called configuration template files (`CONFIG_TEMPLATE`=template). These are simple text files located in the `./templates` directory that contain the list of configuration parameters that will be used. New configuration template files can be added to the `./templates` directory.
-             #####Command-line examples:
+             ##### Command-line examples:
              ```shell
              CONFIG_TEMPLATE=rpi3stretch ./rpi23-gen-image.sh
              CONFIG_TEMPLATE=rpi2stretch ./rpi23-gen-image.sh
              ```
              ## Supported parameters and settings
              #### APT settings:
              ##### `APT_SERVER`="ftp.debian.org"
              Set Debian packages server address. Choose a server from the list of Debian worldwide [mirror sites](https://www.debian.org/mirror/list). Using a nearby server will probably speed-up all required downloads within the bootstrapping process.
              ##### `APT_PROXY`=""
              Set Proxy server address. Using a local Proxy-Cache like `apt-cacher-ng` will speed-up the bootstrapping process because all required Debian packages will only be downloaded from the Debian mirror site once.
              ##### `APT_INCLUDES`=""
-             A comma separated list of additional packages to be installed during bootstrapping.
+             A comma separated list of additional packages to be installed by debootstrap during bootstrapping.
+             ##### `APT_INCLUDES_LATE`=""
+             A comma separated list of additional packages to be installed by apt after bootstrapping and after APT sources are set up.  This is useful for packages with pre-depends, which debootstrap do not handle well.
              ---
              #### General system settings:
              ##### `RPI_MODEL`=2
              Specifiy the target Raspberry Pi hardware model. The script at this time supports the Raspberry Pi models `2` and `3`. `BUILD_KERNEL`=true will automatically be set if the Raspberry Pi model `3` is used.
              ##### `RELEASE`="jessie"
              Set the desired Debian release name. The script at this time supports the bootstrapping of the Debian releases "jessie" and "stretch". `BUILD_KERNEL`=true will automatically be set if the Debian release `stretch` is used.
+             ##### `RELEASE_ARCH`="armhf"
+             Set the desired Debian release architecture.
              ##### `HOSTNAME`="rpi$RPI_MODEL-$RELEASE"
              Set system host name. It's recommended that the host name is unique in the corresponding subnet.
              ##### `PASSWORD`="raspberry"
              Set system `root` password. It's **STRONGLY** recommended that you choose a custom password.
              ##### `USER_PASSWORD`="raspberry"
              Set password for the created non-root user `USER_NAME`=pi. Ignored if `ENABLE_USER`=false. It's **STRONGLY** recommended that you choose a custom password.
              ##### `DEFLOCAL`="en_US.UTF-8"
              Set default system locale. This setting can also be changed inside the running OS using the `dpkg-reconfigure locales` command. Please note that on using this parameter the script will automatically install the required packages `locales`, `keyboard-configuration` and `console-setup`.
              ##### `TIMEZONE`="Europe/Berlin"
              Set default system timezone. All available timezones can be found in the `/usr/share/zoneinfo/` directory. This setting can also be changed inside the running OS using the `dpkg-reconfigure tzdata` command.
              ##### `EXPANDROOT`=true
              Expand the root partition and filesystem automatically on first boot.
              ---
-             #### Keyboard settings:
+             #### Keyboard settings:
              These options are used to configure keyboard layout in `/etc/default/keyboard` for console and Xorg. These settings can also be changed inside the running OS using the `dpkg-reconfigure keyboard-configuration` command.
              ##### `XKB_MODEL`=""
              Set the name of the model of your keyboard type.
              ##### `XKB_LAYOUT`=""
              Set the supported keyboard layout(s).
              ##### `XKB_VARIANT`=""
              Set the supported variant(s) of the keyboard layout(s).
              ##### `XKB_OPTIONS`=""
              Set extra xkb configuration options.
              ---
              #### Networking settings (DHCP):
              This parameter is used to set up networking auto configuration in `/etc/systemd/network/eth.network`. The default location of network configuration files in the Debian `stretch` release was changed to `/lib/systemd/network`.`
-             #####`ENABLE_DHCP`=true
+             ##### `ENABLE_DHCP`=true
              Set the system to use DHCP. This requires an DHCP server.
              ---
              #### Networking settings (static):
              These parameters are used to set up a static networking configuration in `/etc/systemd/network/eth.network`. The following static networking parameters are only supported if `ENABLE_DHCP` was set to `false`. The default location of network configuration files in the Debian `stretch` release was changed to `/lib/systemd/network`.
-             #####`NET_ADDRESS`=""
+             ##### `NET_ADDRESS`=""
              Set a static IPv4 or IPv6 address and its prefix, separated by "/", eg. "192.169.0.3/24".
-             #####`NET_GATEWAY`=""
+             ##### `NET_GATEWAY`=""
              Set the IP address for the default gateway.
-             #####`NET_DNS_1`=""
+             ##### `NET_DNS_1`=""
              Set the IP address for the first DNS server.
-             #####`NET_DNS_2`=""
+             ##### `NET_DNS_2`=""
              Set the IP address for the second DNS server.
-             #####`NET_DNS_DOMAINS`=""
+             ##### `NET_DNS_DOMAINS`=""
              Set the default DNS search domains to use for non fully qualified host names.
-             #####`NET_NTP_1`=""
+             ##### `NET_NTP_1`=""
              Set the IP address for the first NTP server.
-             #####`NET_NTP_2`=""
+             ##### `NET_NTP_2`=""
              Set the IP address for the second NTP server.
              ---
              #### Basic system features:
              ##### `ENABLE_CONSOLE`=true
              Enable serial console interface. Recommended if no monitor or keyboard is connected to the RPi2/3. In case of problems fe. if the network (auto) configuration failed - the serial console can be used to access the system.
              ##### `ENABLE_I2C`=false
              Enable I2C interface on the RPi2/3. Please check the [RPi2/3 pinout diagrams](http://elinux.org/RPi_Low-level_peripherals) to connect the right GPIO pins.
              ##### `ENABLE_SPI`=false
              Enable SPI interface on the RPi2/3. Please check the [RPi2/3 pinout diagrams](http://elinux.org/RPi_Low-level_peripherals) to connect the right GPIO pins.
              ##### `ENABLE_IPV6`=true
              Enable IPv6 support. The network interface configuration is managed via systemd-networkd.
              ##### `ENABLE_SSHD`=true
              Install and enable OpenSSH service. The default configuration of the service doesn't allow `root` to login. Please use the user `pi` instead and `su -` or `sudo` to execute commands as root.
              ##### `ENABLE_NONFREE`=false
              Allow the installation of non-free Debian packages that do not comply with the DFSG. This is required to install closed-source firmware binary blobs.
              ##### `ENABLE_WIRELESS`=false
              Download and install the [closed-source firmware binary blob](https://github.com/RPi-Distro/firmware-nonfree/tree/master/brcm80211/brcm) that is required to run the internal wireless interface of the Raspberry Pi model `3`. This parameter is ignored if the specified `RPI_MODEL` is not `3`.
              ##### `ENABLE_RSYSLOG`=true
              If set to false, disable and uninstall rsyslog (so logs will be available only
              in journal files)
              ##### `ENABLE_SOUND`=true
              Enable sound hardware and install Advanced Linux Sound Architecture.
              ##### `ENABLE_HWRANDOM`=true
              Enable Hardware Random Number Generator. Strong random numbers are important for most network based communications that use encryption. It's recommended to be enabled.
              ##### `ENABLE_MINGPU`=false
              Minimize the amount of shared memory reserved for the GPU. It doesn't seem to be possible to fully disable the GPU.
              ##### `ENABLE_DBUS`=true
              Install and enable D-Bus message bus. Please note that systemd should work without D-bus but it's recommended to be enabled.
              ##### `ENABLE_XORG`=false
              Install Xorg open-source X Window System.
              ##### `ENABLE_WM`=""
              Install a user defined window manager for the X Window System. To make sure all X related package dependencies are getting installed `ENABLE_XORG` will automatically get enabled if `ENABLE_WM` is used. The `rpi23-gen-image.sh` script has been tested with the following list of window managers: `blackbox`, `openbox`, `fluxbox`, `jwm`, `dwm`, `xfce4`, `awesome`.
              ---
              #### Advanced system features:
              ##### `ENABLE_MINBASE`=false
              Use debootstrap script variant `minbase` which only includes essential packages and apt. This will reduce the disk usage by about 65 MB.
              ##### `ENABLE_REDUCE`=false
              Reduce the disk space usage by deleting packages and files. See `REDUCE_*` parameters for detailed information.
              ##### `ENABLE_UBOOT`=false
              Replace the default RPi2/3 second stage bootloader (bootcode.bin) with [U-Boot bootloader](http://git.denx.de/?p=u-boot.git;a=summary). U-Boot can boot images via the network using the BOOTP/TFTP protocol.
              ##### `UBOOTSRC_DIR`=""
              Path to a directory (`u-boot`) of [U-Boot bootloader sources](http://git.denx.de/?p=u-boot.git;a=summary) that will be copied, configured, build and installed inside the chroot.
              ##### `ENABLE_FBTURBO`=false
              Install and enable the [hardware accelerated Xorg video driver](https://github.com/ssvb/xf86-video-fbturbo) `fbturbo`. Please note that this driver is currently limited to hardware accelerated window moving and scrolling.
              ##### `FBTURBOSRC_DIR`=""
              Path to a directory (`xf86-video-fbturbo`) of [hardware accelerated Xorg video driver sources](https://github.com/ssvb/xf86-video-fbturbo) that will be copied, configured, build and installed inside the chroot.
              ##### `ENABLE_IPTABLES`=false
              Enable iptables IPv4/IPv6 firewall. Simplified ruleset: Allow all outgoing connections. Block all incoming connections except to OpenSSH service.
              ##### `ENABLE_USER`=true
              Create non-root user with password `USER_PASSWORD`=raspberry. Unless overridden with `USER_NAME`=user, username will be `pi`.
              ##### `USER_NAME`=pi
              Non-root user to create.  Ignored if `ENABLE_USER`=false
              ##### `ENABLE_ROOT`=false
              Set root user password so root login will be enabled
              ##### `ENABLE_HARDNET`=false
              Enable IPv4/IPv6 network stack hardening settings.
              ##### `ENABLE_SPLITFS`=false
              Enable having root partition on an USB drive by creating two image files: one for the `/boot/firmware` mount point, and another for `/`.
              ##### `CHROOT_SCRIPTS`=""
              Path to a directory with scripts that should be run in the chroot before the image is finally built. Every executable file in this directory is run in lexicographical order.
              ##### `ENABLE_INITRAMFS`=false
              Create an initramfs that that will be loaded during the Linux startup process. `ENABLE_INITRAMFS` will automatically get enabled if `ENABLE_CRYPTFS`=true. This parameter will be ignored if `BUILD_KERNEL`=false.
              ##### `ENABLE_IFNAMES`=true
              Enable automatic assignment of predictable, stable network interface names for all local Ethernet, WLAN interfaces. This might create complex and long interface names. This parameter is only supported if the Debian release `stretch` is used.
              ##### `DISABLE_UNDERVOLT_WARNINGS`=
              Disable RPi2/3 under-voltage warnings and overlays. Setting the parameter to `1` will disable the warning overlay. Setting it to `2` will additionally allow RPi2/3 turbo mode when low-voltage is present.
              ---
              #### SSH settings:
              ##### `SSH_ENABLE_ROOT`=false
              Enable password root login via SSH. This may be a security risk with default password, use only in trusted environments. `ENABLE_ROOT` must be set to `true`.
              ##### `SSH_DISABLE_PASSWORD_AUTH`=false
              Disable password based SSH authentication. Only public key based SSH (v2) authentication will be supported.
              ##### `SSH_LIMIT_USERS`=false
              Limit the users that are allowed to login via SSH. Only allow user `USER_NAME`=pi and root if `SSH_ENABLE_ROOT`=true to login. This parameter will be ignored if `dropbear` SSH is used (`REDUCE_SSHD`=true).
              ##### `SSH_ROOT_PUB_KEY`=""
              Add SSH (v2) public key(s) from specified file to `authorized_keys` file to enable public key based SSH (v2) authentication of user `root`. The specified file can also contain multiple SSH (v2) public keys. SSH protocol version 1 is not supported. `ENABLE_ROOT` **and** `SSH_ENABLE_ROOT` must be set to `true`.
              ##### `SSH_USER_PUB_KEY`=""
              Add SSH (v2) public key(s) from specified file to `authorized_keys` file to enable public key based SSH (v2) authentication of user `USER_NAME`=pi. The specified file can also contain multiple SSH (v2) public keys. SSH protocol version 1 is not supported.
              ---
              #### Kernel compilation:
              ##### `BUILD_KERNEL`=false
              Build and install the latest RPi2/3 Linux kernel. Currently only the default RPi2/3 kernel configuration is used. `BUILD_KERNEL`=true will automatically be set if the Raspberry Pi model `3` is used.
+             ##### `CROSS_COMPILE`="arm-linux-gnueabihf-"
+             This sets the cross compile enviornment for the compiler.
+             ##### `KERNEL_ARCH`="arm"
+             This sets the kernel architecture for the compiler.
+             ##### `KERNEL_IMAGE`="kernel7.img"
+             Name of the image file in the boot partition. If not set, `KERNEL_IMAGE` will be set to "kernel8.img" automatically if building for arm64.
+             ##### `KERNEL_BRANCH`=""
+             Name of the requested branch from the GIT location for the RPi Kernel. Default is using the current default branch from the GIT site.
+             ##### `QEMU_BINARY`="/usr/bin/qemu-arm-static"
+             Sets the QEMU enviornment for the Debian archive. If not set, `QEMU_BINARY` will be set to "/usr/bin/qemu-aarch64-static" automatically if building for arm64.
+             ##### `KERNEL_DEFCONFIG`="bcm2709_defconfig"
+             Sets the default config for kernel compiling. If not set, `KERNEL_DEFCONFIG` will be set to "bcmrpi3\_defconfig" automatically if building for arm64.
              ##### `KERNEL_REDUCE`=false
              Reduce the size of the generated kernel by removing unwanted device, network and filesystem drivers (experimental).
              ##### `KERNEL_THREADS`=1
              Number of parallel kernel building threads. If the parameter is left untouched the script will automatically determine the number of CPU cores to set the number of parallel threads to speed the kernel compilation.
              ##### `KERNEL_HEADERS`=true
              Install kernel headers with built kernel.
              ##### `KERNEL_MENUCONFIG`=false
              Start `make menuconfig` interactive menu-driven kernel configuration. The script will continue after `make menuconfig` was terminated.
              ##### `KERNEL_REMOVESRC`=true
              Remove all kernel sources from the generated OS image after it was built and installed.
              ##### `KERNELSRC_DIR`=""
              Path to a directory (`linux`) of [RaspberryPi Linux kernel sources](https://github.com/raspberrypi/linux) that will be copied, configured, build and installed inside the chroot.
              ##### `KERNELSRC_CLEAN`=false
              Clean the existing kernel sources directory `KERNELSRC_DIR` (using `make mrproper`) after it was copied to the chroot and before the compilation of the kernel has started. This parameter will be ignored if no `KERNELSRC_DIR` was specified or if `KERNELSRC_PREBUILT`=true.
              ##### `KERNELSRC_CONFIG`=true
              Run `make bcm2709_defconfig` (and optional `make menuconfig`) to configure the kernel sources before building. This parameter is automatically set to `true` if no existing kernel sources directory was specified using `KERNELSRC_DIR`. This parameter is ignored if `KERNELSRC_PREBUILT`=true.
              ##### `KERNELSRC_USRCONFIG`=""
              Copy own config file to kernel `.config`. If `KERNEL_MENUCONFIG`=true then running after copy.
              ##### `KERNELSRC_PREBUILT`=false
              With this parameter set to true the script expects the existing kernel sources directory to be already successfully cross-compiled. The parameters `KERNELSRC_CLEAN`, `KERNELSRC_CONFIG`, `KERNELSRC_USRCONFIG` and `KERNEL_MENUCONFIG` are ignored and no kernel compilation tasks are performed.
              ##### `RPI_FIRMWARE_DIR`=""
              The directory (`firmware`) containing a local copy of the firmware from the [RaspberryPi firmware project](https://github.com/raspberrypi/firmware). Default is to download the latest firmware directly from the project.
              ---
              #### Reduce disk usage:
              The following list of parameters is ignored if `ENABLE_REDUCE`=false.
              ##### `REDUCE_APT`=true
              Configure APT to use compressed package repository lists and no package caching files.
              ##### `REDUCE_DOC`=true
              Remove all doc files (harsh). Configure APT to not include doc files on future `apt-get` package installations.
              ##### `REDUCE_MAN`=true
              Remove all man pages and info files (harsh).  Configure APT to not include man pages on future `apt-get` package installations.
              ##### `REDUCE_VIM`=false
              Replace `vim-tiny` package by `levee` a tiny vim clone.
              ##### `REDUCE_BASH`=false
              Remove `bash` package and switch to `dash` shell (experimental).
              ##### `REDUCE_HWDB`=true
              Remove PCI related hwdb files (experimental).
              ##### `REDUCE_SSHD`=true
              Replace `openssh-server` with `dropbear`.
              ##### `REDUCE_LOCALE`=true
              Remove all `locale` translation files.
              ---
              #### Encrypted root partition:
              ##### `ENABLE_CRYPTFS`=false
              Enable full system encryption with dm-crypt. Setup a fully LUKS encrypted root partition (aes-xts-plain64:sha512) and generate required initramfs. The /boot directory will not be encrypted. This parameter will be ignored if `BUILD_KERNEL`=false. `ENABLE_CRYPTFS` is experimental. SSH-to-initramfs is currently not supported but will be soon - feel free to help.
              ##### `CRYPTFS_PASSWORD`=""
              Set password of the encrypted root partition. This parameter is mandatory if `ENABLE_CRYPTFS`=true.
              ##### `CRYPTFS_MAPPING`="secure"
              Set name of dm-crypt managed device-mapper mapping.
              ##### `CRYPTFS_CIPHER`="aes-xts-plain64:sha512"
              Set cipher specification string. `aes-xts*` ciphers are strongly recommended.
              ##### `CRYPTFS_XTSKEYSIZE`=512
              Sets key size in bits. The argument has to be a multiple of 8.
              ---
              #### Build settings:
              ##### `BASEDIR`=$(pwd)/images/${RELEASE}
              Set a path to a working directory used by the script to generate an image.
-             ##### `IMAGE_NAME`=${BASEDIR}/${DATE}-rpi${RPI_MODEL}-${RELEASE}
-             Set a filename for the output file(s). Note: the script will create $IMAGE_NAME.img if `ENABLE_SPLITFS`=false or $IMAGE_NAME-frmw.img and $IMAGE_NAME-root.img if `ENABLE_SPLITFS`=true.
+             ##### `IMAGE_NAME`=${BASEDIR}/${DATE}-${KERNEL_ARCH}-${KERNEL_BRANCH}-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}
+             Set a filename for the output file(s). Note: the script will create $IMAGE_NAME.img if `ENABLE_SPLITFS`=false or $IMAGE_NAME-frmw.img and $IMAGE_NAME-root.img if `ENABLE_SPLITFS`=true. Note 2: If the KERNEL_BRANCH is not set, the word "CURRENT" is used.
              ## Understanding the script
              The functions of this script that are required for the different stages of the bootstrapping are split up into single files located inside the `bootstrap.d` directory. During the bootstrapping every script in this directory gets executed in lexicographical order:
              | Script | Description |
              | --- | --- |
              | `10-bootstrap.sh` | Debootstrap basic system |
              | `11-apt.sh` | Setup APT repositories |
              | `12-locale.sh` | Setup Locales and keyboard settings |
              | `13-kernel.sh` | Build and install RPi2/3 Kernel |
              | `14-fstab.sh` | Setup fstab and initramfs |
              | `15-rpi-config.sh` | Setup RPi2/3 config and cmdline |
              | `20-networking.sh` | Setup Networking |
              | `21-firewall.sh` | Setup Firewall |
              | `30-security.sh` | Setup Users and Security settings |
              | `31-logging.sh` | Setup Logging |
              | `32-sshd.sh` | Setup SSH and public keys |
              | `41-uboot.sh` | Build and Setup U-Boot |
              | `42-fbturbo.sh` | Build and Setup fbturbo Xorg driver |
              | `50-firstboot.sh` | First boot actions |
              | `99-reduce.sh` | Reduce the disk space usage |
              All the required configuration files that will be copied to the generated OS image are located inside the `files` directory. It is not recommended to modify these configuration files manually.
              | Directory | Description |
              | --- | --- |
              | `apt` | APT management configuration files |
              | `boot` | Boot and RPi2/3 configuration files |
              | `dpkg` | Package Manager configuration |
              | `etc` | Configuration files and rc scripts |
              | `firstboot` | Scripts that get executed on first boot  |
              | `initramfs` | Initramfs scripts |
              | `iptables` | Firewall configuration files |
              | `locales` | Locales configuration |
              | `modules` | Kernel Modules configuration |
              | `mount` | Fstab configuration |
              | `network` | Networking configuration files |
              | `sysctl.d` | Swapping and Network Hardening configuration |
              | `xorg` | fbturbo Xorg driver configuration |
              ## Custom packages and scripts
              Debian custom packages, i.e. those not in the debian repositories, can be installed by placing them in the `packages` directory. They are installed immediately after packages from the repositories are installed. Any dependencies listed in the custom packages will be downloaded automatically from the repositories. Do not list these custom packages in `APT_INCLUDES`.
              Scripts in the custom.d directory will be executed after all other installation is complete but before the image is created.
              ## Logging of the bootstrapping process
              All information related to the bootstrapping process and the commands executed by the `rpi23-gen-image.sh` script can easily be saved into a logfile. The common shell command `script` can be used for this purpose:
              ```shell
              script -c 'APT_SERVER=ftp.de.debian.org ./rpi23-gen-image.sh' ./build.log
              ```
              ## Flashing the image file
              After the image file was successfully created by the `rpi23-gen-image.sh` script it can be copied to the microSD card that will be used by the RPi2/3 computer. This can be performed by using the tools `bmaptool` or `dd`. Using `bmaptool` will probably speed-up the copy process because `bmaptool` copies more wisely than `dd`.
-             #####Flashing examples:
+             ##### Flashing examples:
              ```shell
              bmaptool copy ./images/jessie/2017-01-23-rpi3-jessie.img /dev/mmcblk0
              dd bs=4M if=./images/jessie/2017-01-23-rpi3-jessie.img of=/dev/mmcblk0
              ```
              If you have set `ENABLE_SPLITFS`, copy the `-frmw` image on the microSD card, then the `-root` one on the USB drive:
              ```shell
              bmaptool copy ./images/jessie/2017-01-23-rpi3-jessie-frmw.img /dev/mmcblk0
              bmaptool copy ./images/jessie/2017-01-23-rpi3-jessie-root.img /dev/sdc
              ```
+             ## Weekly image builds
+             The image files are provided by JRWR'S I/O PORT and are built once a Sunday at midnight UTC!
+             * [Debian Stretch Raspberry Pi2/3 Weekly Image Builds](https://jrwr.io/doku.php?id=projects:debianpi)
              ## External links and references
-             * [Debian worldwide mirror sites](https://www.debian.org/mirror/list)
              * [Debian Raspberry Pi 2 Wiki](https://wiki.debian.org/RaspberryPi2)
-             * [Debian CrossToolchains Wiki](https://wiki.debian.org/CrossToolchains)
              * [Official Raspberry Pi Firmware on github](https://github.com/raspberrypi/firmware)
-             * [Official Raspberry Pi Kernel on github](https://github.com/raspberrypi/linux)
              * [U-BOOT git repository](http://git.denx.de/?p=u-boot.git;a=summary)
-             * [Xorg DDX driver fbturbo](https://github.com/ssvb/xf86-video-fbturbo)
              * [RPi3 Wireless interface firmware](https://github.com/RPi-Distro/firmware-nonfree/tree/master/brcm80211/brcm)
-             * [Collabora RPi2 Kernel precompiled](https://repositories.collabora.co.uk/debian/)

bootstrap.d/10-bootstrap.sh +1 -1

              #
              # Debootstrap basic system
              #
              # Load utility functions
              . ./functions.sh
              VARIANT=""
              COMPONENTS="main"
              EXCLUDES=""
              # Use non-free Debian packages if needed
              if [ "$ENABLE_NONFREE" = true ] ; then
                COMPONENTS="main,non-free"
              fi
              # Use minbase bootstrap variant which only includes essential packages
              if [ "$ENABLE_MINBASE" = true ] ; then
                VARIANT="--variant=minbase"
              fi
              # Exclude packages if required by Debian release
              if [ "$RELEASE" = "stretch" ] ; then
                EXCLUDES="--exclude=init,systemd-sysv"
              fi
              # Base debootstrap (unpack only)
              http_proxy=${APT_PROXY} debootstrap ${EXCLUDES} --arch="${RELEASE_ARCH}" --foreign ${VARIANT} --components="${COMPONENTS}" --include="${APT_INCLUDES}" "${RELEASE}" "${R}" "http://${APT_SERVER}/debian"
              # Copy qemu emulator binary to chroot
-             install_exec "${QEMU_BINARY}" "${R}${QEMU_BINARY}"
+             install -m 755 -o root -g root "${QEMU_BINARY}" "${R}${QEMU_BINARY}"
              # Copy debian-archive-keyring.pgp
              mkdir -p "${R}/usr/share/keyrings"
              install_readonly /usr/share/keyrings/debian-archive-keyring.gpg "${R}/usr/share/keyrings/debian-archive-keyring.gpg"
              # Complete the bootstrapping process
              chroot_exec /debootstrap/debootstrap --second-stage
              # Mount required filesystems
              mount -t proc none "${R}/proc"
              mount -t sysfs none "${R}/sys"
              # Mount pseudo terminal slave if supported by Debian release
              if [ -d "${R}/dev/pts" ] ; then
                mount --bind /dev/pts "${R}/dev/pts"
              fi

bootstrap.d/11-apt.sh +4 0

              #
              # Setup APT repositories
              #
              # Load utility functions
              . ./functions.sh
              # Install and setup APT proxy configuration
              if [ -z "$APT_PROXY" ] ; then
                install_readonly files/apt/10proxy "${ETC_DIR}/apt/apt.conf.d/10proxy"
                sed -i "s/\"\"/\"${APT_PROXY}\"/" "${ETC_DIR}/apt/apt.conf.d/10proxy"
              fi
              if [ "$BUILD_KERNEL" = false ] ; then
                # Install APT pinning configuration for flash-kernel package
                install_readonly files/apt/flash-kernel "${ETC_DIR}/apt/preferences.d/flash-kernel"
                # Install APT sources.list
                install_readonly files/apt/sources.list "${ETC_DIR}/apt/sources.list"
                echo "deb ${COLLABORA_URL} ${RELEASE} rpi2" >> "${ETC_DIR}/apt/sources.list"
                # Upgrade collabora package index and install collabora keyring
                chroot_exec apt-get -qq -y update
                chroot_exec apt-get -qq -y --allow-unauthenticated install collabora-obs-archive-keyring
              else # BUILD_KERNEL=true
                # Install APT sources.list
                install_readonly files/apt/sources.list "${ETC_DIR}/apt/sources.list"
                # Use specified APT server and release
                sed -i "s/\/ftp.debian.org\//\/${APT_SERVER}\//" "${ETC_DIR}/apt/sources.list"
                sed -i "s/ jessie/ ${RELEASE}/" "${ETC_DIR}/apt/sources.list"
              fi
              # Allow the installation of non-free Debian packages
              if [ "$ENABLE_NONFREE" = true ] ; then
                sed -i "s/ contrib/ contrib non-free/" "${ETC_DIR}/apt/sources.list"
              fi
              # Upgrade package index and update all installed packages and changed dependencies
              chroot_exec apt-get -qq -y update
              chroot_exec apt-get -qq -y -u dist-upgrade
+             if [ "$APT_INCLUDES_LATE" ] ; then
+               chroot_exec apt-get -qq -y install $(echo $APT_INCLUDES_LATE |tr , ' ')
+             fi
              if [ -d packages ] ; then
                for package in packages/*.deb ; do
                  cp $package ${R}/tmp
                  chroot_exec dpkg --unpack /tmp/$(basename $package)
                done
              fi
              chroot_exec apt-get -qq -y -f install
              chroot_exec apt-get -qq -y check

bootstrap.d/13-kernel.sh +24 -13

              #
              # Build and Setup RPi2/3 Kernel
              #
              # Load utility functions
              . ./functions.sh
              # Fetch and build latest raspberry kernel
              if [ "$BUILD_KERNEL" = true ] ; then
                # Setup source directory
                mkdir -p "${R}/usr/src"
                # Copy existing kernel sources into chroot directory
                if [ -n "$KERNELSRC_DIR" ] && [ -d "$KERNELSRC_DIR" ] ; then
                  # Copy kernel sources
                  cp -r "${KERNELSRC_DIR}" "${R}/usr/src"
                  # Clean the kernel sources
                  if [ "$KERNELSRC_CLEAN" = true ] && [ "$KERNELSRC_PREBUILT" = false ] ; then
                    make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" mrproper
                  fi
                else # KERNELSRC_DIR=""
                  # Create temporary directory for kernel sources
-                 temp_dir=$(sudo -u nobody mktemp -d)
+                 temp_dir=$(as_nobody mktemp -d)
                  # Fetch current RPi2/3 kernel sources
-                 sudo -u nobody git -C "${temp_dir}" clone --depth=1 "${KERNEL_URL}"
+                 if [ -z "${KERNEL_BRANCH}" ] ; then
+                   as_nobody -u nobody git -C "${temp_dir}" clone --depth=1 "${KERNEL_URL}"
+                 else
+                   as_nobody -u nobody git -C "${temp_dir}" clone --depth=1 --branch "${KERNEL_BRANCH}" "${KERNEL_URL}"
+                 fi
                  # Copy downloaded kernel sources
                  mv "${temp_dir}/linux" "${R}/usr/src/"
                  # Remove temporary directory for kernel sources
                  rm -fr "${temp_dir}"
                  # Set permissions of the kernel sources
                  chown -R root:root "${R}/usr/src"
                fi
                # Calculate optimal number of kernel building threads
                if [ "$KERNEL_THREADS" = "1" ] && [ -r /proc/cpuinfo ] ; then
                  KERNEL_THREADS=$(grep -c processor /proc/cpuinfo)
                fi
                # Configure and build kernel
                if [ "$KERNELSRC_PREBUILT" = false ] ; then
                  # Remove device, network and filesystem drivers from kernel configuration
                  if [ "$KERNEL_REDUCE" = true ] ; then
                    make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" "${KERNEL_DEFCONFIG}"
                    sed -i\
                    -e "s/\(^CONFIG_SND.*\=\).*/\1n/"\
                    -e "s/\(^CONFIG_SOUND.*\=\).*/\1n/"\
                    -e "s/\(^CONFIG_AC97.*\=\).*/\1n/"\
                    -e "s/\(^CONFIG_VIDEO_.*\=\).*/\1n/"\
                    -e "s/\(^CONFIG_MEDIA_TUNER.*\=\).*/\1n/"\
                    -e "s/\(^CONFIG_DVB.*\=\)[ym]/\1n/"\
                    -e "s/\(^CONFIG_REISERFS.*\=\).*/\1n/"\
                    -e "s/\(^CONFIG_JFS.*\=\).*/\1n/"\
                    -e "s/\(^CONFIG_XFS.*\=\).*/\1n/"\
                    -e "s/\(^CONFIG_GFS2.*\=\).*/\1n/"\
                    -e "s/\(^CONFIG_OCFS2.*\=\).*/\1n/"\
                    -e "s/\(^CONFIG_BTRFS.*\=\).*/\1n/"\
                    -e "s/\(^CONFIG_HFS.*\=\).*/\1n/"\
                    -e "s/\(^CONFIG_JFFS2.*\=\)[ym]/\1n/"\
                    -e "s/\(^CONFIG_UBIFS.*\=\).*/\1n/"\
                    -e "s/\(^CONFIG_SQUASHFS.*\=\)[ym]/\1n/"\
                    -e "s/\(^CONFIG_W1.*\=\)[ym]/\1n/"\
                    -e "s/\(^CONFIG_HAMRADIO.*\=\).*/\1n/"\
                    -e "s/\(^CONFIG_CAN.*\=\).*/\1n/"\
                    -e "s/\(^CONFIG_IRDA.*\=\).*/\1n/"\
                    -e "s/\(^CONFIG_BT_.*\=\).*/\1n/"\
                    -e "s/\(^CONFIG_WIMAX.*\=\)[ym]/\1n/"\
                    -e "s/\(^CONFIG_6LOWPAN.*\=\).*/\1n/"\
                    -e "s/\(^CONFIG_IEEE802154.*\=\).*/\1n/"\
                    -e "s/\(^CONFIG_NFC.*\=\).*/\1n/"\
                    -e "s/\(^CONFIG_FB_TFT=.*\=\).*/\1n/"\
                    -e "s/\(^CONFIG_TOUCHSCREEN.*\=\).*/\1n/"\
                    -e "s/\(^CONFIG_USB_GSPCA_.*\=\).*/\1n/"\
                    -e "s/\(^CONFIG_DRM.*\=\).*/\1n/"\
                    "${KERNEL_DIR}/.config"
                  fi
                  if [ "$KERNELSRC_CONFIG" = true ] ; then
                    # Load default raspberry kernel configuration
                    make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" "${KERNEL_DEFCONFIG}"
                    if [ ! -z "$KERNELSRC_USRCONFIG" ] ; then
                      cp $KERNELSRC_USRCONFIG ${KERNEL_DIR}/.config
                    fi
                    # Start menu-driven kernel configuration (interactive)
                    if [ "$KERNEL_MENUCONFIG" = true ] ; then
                      make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" menuconfig
                    fi
                  fi
                  # Cross compile kernel and modules
-                 make -C "${KERNEL_DIR}" -j${KERNEL_THREADS} ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" zImage modules dtbs
+                 make -C "${KERNEL_DIR}" -j${KERNEL_THREADS} ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" "${KERNEL_BIN_IMAGE}" modules dtbs
                fi
                # Check if kernel compilation was successful
-               if [ ! -r "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/zImage" ] ; then
-                 echo "error: kernel compilation failed! (zImage not found)"
+               if [ ! -r "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/${KERNEL_BIN_IMAGE}" ] ; then
+                 echo "error: kernel compilation failed! (kernel image not found)"
                  cleanup
                  exit 1
                fi
                # Install kernel modules
                if [ "$ENABLE_REDUCE" = true ] ; then
                  make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_MOD_STRIP=1 INSTALL_MOD_PATH=../../.. modules_install
                else
                  make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_MOD_PATH=../../.. modules_install
                  # Install kernel firmware
                  make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_FW_PATH=../../../lib firmware_install
                fi
                # Install kernel headers
                if [ "$KERNEL_HEADERS" = true ] && [ "$KERNEL_REDUCE" = false ] ; then
                  make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_HDR_PATH=../.. headers_install
                fi
                # Prepare boot (firmware) directory
                mkdir "${BOOT_DIR}"
                # Get kernel release version
                KERNEL_VERSION=`cat "${KERNEL_DIR}/include/config/kernel.release"`
                # Copy kernel configuration file to the boot directory
                install_readonly "${KERNEL_DIR}/.config" "${R}/boot/config-${KERNEL_VERSION}"
                # Copy dts and dtb device tree sources and binaries
                mkdir "${BOOT_DIR}/overlays"
-               install_readonly "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/"*.dtb "${BOOT_DIR}/"
+               # Ensure the proper .dtb is located
+               if [ "$KERNEL_ARCH" = "arm" ] ; then
+                 install_readonly "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/"*.dtb "${BOOT_DIR}/"
+               else
+                 install_readonly "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/broadcom/"*.dtb "${BOOT_DIR}/"
+               fi
                install_readonly "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays/"*.dtb* "${BOOT_DIR}/overlays/"
                install_readonly "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays/README" "${BOOT_DIR}/overlays/README"
                if [ "$ENABLE_UBOOT" = false ] ; then
-                 # Convert and copy zImage kernel to the boot directory
-                 "${KERNEL_DIR}/scripts/mkknlimg" "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/zImage" "${BOOT_DIR}/${KERNEL_IMAGE}"
+                 # Convert and copy kernel image to the boot directory
+                 "${KERNEL_DIR}/scripts/mkknlimg" "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/${KERNEL_BIN_IMAGE}" "${BOOT_DIR}/${KERNEL_IMAGE}"
                else
-                 # Copy zImage kernel to the boot directory
-                 install_readonly "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/zImage" "${BOOT_DIR}/${KERNEL_IMAGE}"
+                 # Copy kernel image to the boot directory
+                 install_readonly "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/${KERNEL_BIN_IMAGE}" "${BOOT_DIR}/${KERNEL_IMAGE}"
                fi
                # Remove kernel sources
                if [ "$KERNEL_REMOVESRC" = true ] ; then
                  rm -fr "${KERNEL_DIR}"
                else
                  make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" modules_prepare
                  # Create symlinks for kernel modules
-                 ln -sf "${KERNEL_DIR}" "${R}/lib/modules/${KERNEL_VERSION}/build"
-                 ln -sf "${KERNEL_DIR}" "${R}/lib/modules/${KERNEL_VERSION}/source"
+                 chroot_exec ln -sf /usr/src/linux "/lib/modules/${KERNEL_VERSION}/build"
+                 chroot_exec ln -sf /usr/src/linux "/lib/modules/${KERNEL_VERSION}/source"
                fi
              else # BUILD_KERNEL=false
                # Kernel installation
                chroot_exec apt-get -qq -y --no-install-recommends install linux-image-"${COLLABORA_KERNEL}" raspberrypi-bootloader-nokernel
                # Install flash-kernel last so it doesn't try (and fail) to detect the platform in the chroot
                chroot_exec apt-get -qq -y install flash-kernel
                # Check if kernel installation was successful
                VMLINUZ="$(ls -1 ${R}/boot/vmlinuz-* | sort | tail -n 1)"
                if [ -z "$VMLINUZ" ] ; then
                  echo "error: kernel installation failed! (/boot/vmlinuz-* not found)"
                  cleanup
                  exit 1
                fi
                # Copy vmlinuz kernel to the boot directory
                install_readonly "${VMLINUZ}" "${BOOT_DIR}/${KERNEL_IMAGE}"
              fi

bootstrap.d/15-rpi-config.sh +8 -8

              #
              # Setup RPi2/3 config and cmdline
              #
              # Load utility functions
              . ./functions.sh
              if [ "$BUILD_KERNEL" = true ] ; then
                if [ -n "$RPI_FIRMWARE_DIR" ] && [ -d "$RPI_FIRMWARE_DIR" ] ; then
                  # Install boot binaries from local directory
                  cp ${RPI_FIRMWARE_DIR}/boot/bootcode.bin ${BOOT_DIR}/bootcode.bin
                  cp ${RPI_FIRMWARE_DIR}/boot/fixup.dat ${BOOT_DIR}/fixup.dat
                  cp ${RPI_FIRMWARE_DIR}/boot/fixup_cd.dat ${BOOT_DIR}/fixup_cd.dat
                  cp ${RPI_FIRMWARE_DIR}/boot/fixup_x.dat ${BOOT_DIR}/fixup_x.dat
                  cp ${RPI_FIRMWARE_DIR}/boot/start.elf ${BOOT_DIR}/start.elf
                  cp ${RPI_FIRMWARE_DIR}/boot/start_cd.elf ${BOOT_DIR}/start_cd.elf
                  cp ${RPI_FIRMWARE_DIR}/boot/start_x.elf ${BOOT_DIR}/start_x.elf
                else
                  # Create temporary directory for boot binaries
-                 temp_dir=$(sudo -u nobody mktemp -d)
+                 temp_dir=$(as_nobody mktemp -d)
                  # Install latest boot binaries from raspberry/firmware github
-                 sudo -u nobody wget -q -O "${temp_dir}/bootcode.bin" "${FIRMWARE_URL}/bootcode.bin"
-                 sudo -u nobody wget -q -O "${temp_dir}/fixup.dat" "${FIRMWARE_URL}/fixup.dat"
-                 sudo -u nobody wget -q -O "${temp_dir}/fixup_cd.dat" "${FIRMWARE_URL}/fixup_cd.dat"
-                 sudo -u nobody wget -q -O "${temp_dir}/fixup_x.dat" "${FIRMWARE_URL}/fixup_x.dat"
-                 sudo -u nobody wget -q -O "${temp_dir}/start.elf" "${FIRMWARE_URL}/start.elf"
-                 sudo -u nobody wget -q -O "${temp_dir}/start_cd.elf" "${FIRMWARE_URL}/start_cd.elf"
-                 sudo -u nobody wget -q -O "${temp_dir}/start_x.elf" "${FIRMWARE_URL}/start_x.elf"
+                 as_nobody wget -q -O "${temp_dir}/bootcode.bin" "${FIRMWARE_URL}/bootcode.bin"
+                 as_nobody wget -q -O "${temp_dir}/fixup.dat" "${FIRMWARE_URL}/fixup.dat"
+                 as_nobody wget -q -O "${temp_dir}/fixup_cd.dat" "${FIRMWARE_URL}/fixup_cd.dat"
+                 as_nobody wget -q -O "${temp_dir}/fixup_x.dat" "${FIRMWARE_URL}/fixup_x.dat"
+                 as_nobody wget -q -O "${temp_dir}/start.elf" "${FIRMWARE_URL}/start.elf"
+                 as_nobody wget -q -O "${temp_dir}/start_cd.elf" "${FIRMWARE_URL}/start_cd.elf"
+                 as_nobody wget -q -O "${temp_dir}/start_x.elf" "${FIRMWARE_URL}/start_x.elf"
                  # Move downloaded boot binaries
                  mv "${temp_dir}/"* "${BOOT_DIR}/"
                  # Remove temporary directory for boot binaries
                  rm -fr "${temp_dir}"
                  # Set permissions of the boot binaries
                  chown -R root:root "${BOOT_DIR}"
                  chmod -R 600 "${BOOT_DIR}"
                fi
              fi
              # Setup firmware boot cmdline
              if [ "$ENABLE_SPLITFS" = true ] ; then
                CMDLINE="dwc_otg.lpm_enable=0 root=/dev/sda1 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline rootwait console=tty1"
              else
                CMDLINE="dwc_otg.lpm_enable=0 root=/dev/mmcblk0p2 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline rootwait console=tty1"
              fi
              # Add encrypted root partition to cmdline.txt
              if [ "$ENABLE_CRYPTFS" = true ] ; then
                if [ "$ENABLE_SPLITFS" = true ] ; then
                  CMDLINE=$(echo ${CMDLINE} | sed "s/sda1/mapper\/${CRYPTFS_MAPPING} cryptdevice=\/dev\/sda1:${CRYPTFS_MAPPING}/")
                else
                  CMDLINE=$(echo ${CMDLINE} | sed "s/mmcblk0p2/mapper\/${CRYPTFS_MAPPING} cryptdevice=\/dev\/mmcblk0p2:${CRYPTFS_MAPPING}/")
                fi
              fi
              # Add serial console support
              if [ "$ENABLE_CONSOLE" = true ] ; then
                CMDLINE="${CMDLINE} console=ttyAMA0,115200 kgdboc=ttyAMA0,115200"
              fi
              # Remove IPv6 networking support
              if [ "$ENABLE_IPV6" = false ] ; then
                CMDLINE="${CMDLINE} ipv6.disable=1"
              fi
              # Automatically assign predictable network interface names
              if [ "$ENABLE_IFNAMES" = false ] ; then
                CMDLINE="${CMDLINE} net.ifnames=0"
              else
                CMDLINE="${CMDLINE} net.ifnames=1"
              fi
              # Set init to systemd if required by Debian release
              if [ "$RELEASE" = "stretch" ] ; then
                CMDLINE="${CMDLINE} init=/bin/systemd"
              fi
              # Install firmware boot cmdline
              echo "${CMDLINE}" > "${BOOT_DIR}/cmdline.txt"
              # Install firmware config
              install_readonly files/boot/config.txt "${BOOT_DIR}/config.txt"
              # Setup minimal GPU memory allocation size: 16MB (no X)
              if [ "$ENABLE_MINGPU" = true ] ; then
                echo "gpu_mem=16" >> "${BOOT_DIR}/config.txt"
              fi
              # Setup boot with initramfs
              if [ "$ENABLE_INITRAMFS" = true ] ; then
                echo "initramfs initramfs-${KERNEL_VERSION} followkernel" >> "${BOOT_DIR}/config.txt"
              fi
              # Disable RPi3 Bluetooth and restore ttyAMA0 serial device
              if [ "$RPI_MODEL" = 3 ] ; then
                if [ "$ENABLE_CONSOLE" = true ] && [ "$ENABLE_UBOOT" = false ] ; then
                  echo "dtoverlay=pi3-disable-bt" >> "${BOOT_DIR}/config.txt"
                  echo "enable_uart=1" >> "${BOOT_DIR}/config.txt"
                fi
              fi
              # Create firmware configuration and cmdline symlinks
              ln -sf firmware/config.txt "${R}/boot/config.txt"
              ln -sf firmware/cmdline.txt "${R}/boot/cmdline.txt"
              # Install and setup kernel modules to load at boot
              mkdir -p "${R}/lib/modules-load.d/"
              install_readonly files/modules/rpi2.conf "${R}/lib/modules-load.d/rpi2.conf"
              # Load hardware random module at boot
              if [ "$ENABLE_HWRANDOM" = true ] && [ "$BUILD_KERNEL" = false ] ; then
                sed -i "s/^# bcm2708_rng/bcm2708_rng/" "${R}/lib/modules-load.d/rpi2.conf"
              fi
              # Load sound module at boot
              if [ "$ENABLE_SOUND" = true ] ; then
                sed -i "s/^# snd_bcm2835/snd_bcm2835/" "${R}/lib/modules-load.d/rpi2.conf"
              else
                echo "dtparam=audio=off" >> "${BOOT_DIR}/config.txt"
              fi
              # Enable I2C interface
              if [ "$ENABLE_I2C" = true ] ; then
                echo "dtparam=i2c_arm=on" >> "${BOOT_DIR}/config.txt"
                sed -i "s/^# i2c-bcm2708/i2c-bcm2708/" "${R}/lib/modules-load.d/rpi2.conf"
                sed -i "s/^# i2c-dev/i2c-dev/" "${R}/lib/modules-load.d/rpi2.conf"
              fi
              # Enable SPI interface
              if [ "$ENABLE_SPI" = true ] ; then
                echo "dtparam=spi=on" >> "${BOOT_DIR}/config.txt"
                echo "spi-bcm2708" >> "${R}/lib/modules-load.d/rpi2.conf"
                if [ "$RPI_MODEL" = 3 ] ; then
                  sed -i "s/spi-bcm2708/spi-bcm2835/" "${R}/lib/modules-load.d/rpi2.conf"
                fi
              fi
              # Disable RPi2/3 under-voltage warnings
              if [ ! -z "$DISABLE_UNDERVOLT_WARNINGS" ] ; then
                echo "avoid_warnings=${DISABLE_UNDERVOLT_WARNINGS}" >> "${BOOT_DIR}/config.txt"
              fi
              # Install kernel modules blacklist
              mkdir -p "${ETC_DIR}/modprobe.d/"
              install_readonly files/modules/raspi-blacklist.conf "${ETC_DIR}/modprobe.d/raspi-blacklist.conf"
              # Install sysctl.d configuration files
              install_readonly files/sysctl.d/81-rpi-vm.conf "${ETC_DIR}/sysctl.d/81-rpi-vm.conf"

bootstrap.d/20-networking.sh +3 -3

              #
              # Setup Networking
              #
              # Load utility functions
              . ./functions.sh
              # Install and setup hostname
              install_readonly files/network/hostname "${ETC_DIR}/hostname"
              sed -i "s/^rpi2-jessie/${HOSTNAME}/" "${ETC_DIR}/hostname"
              # Install and setup hosts
              install_readonly files/network/hosts "${ETC_DIR}/hosts"
              sed -i "s/rpi2-jessie/${HOSTNAME}/" "${ETC_DIR}/hosts"
              # Setup hostname entry with static IP
              if [ "$NET_ADDRESS" != "" ] ; then
                NET_IP=$(echo "${NET_ADDRESS}" | cut -f 1 -d'/')
                sed -i "s/^127.0.1.1/${NET_IP}/" "${ETC_DIR}/hosts"
              fi
              # Remove IPv6 hosts
              if [ "$ENABLE_IPV6" = false ] ; then
                sed -i -e "/::[1-9]/d" -e "/^$/d" "${ETC_DIR}/hosts"
              fi
              # Install hint about network configuration
              install_readonly files/network/interfaces "${ETC_DIR}/network/interfaces"
              # Install configuration for interface eth0
              install_readonly files/network/eth.network "${ETC_DIR}/systemd/network/eth.network"
              if [ "$ENABLE_DHCP" = true ] ; then
                # Enable DHCP configuration for interface eth0
                sed -i -e "s/DHCP=.*/DHCP=yes/" -e "/DHCP/q" "${ETC_DIR}/systemd/network/eth.network"
                # Set DHCP configuration to IPv4 only
                if [ "$ENABLE_IPV6" = false ] ; then
                  sed -i "s/DHCP=.*/DHCP=v4/" "${ETC_DIR}/systemd/network/eth.network"
                fi
              else # ENABLE_DHCP=false
                # Set static network configuration for interface eth0
                sed -i\
                -e "s|DHCP=.*|DHCP=no|"\
                -e "s|Address=\$|Address=${NET_ADDRESS}|"\
                -e "s|Gateway=\$|Gateway=${NET_GATEWAY}|"\
                -e "0,/DNS=\$/ s|DNS=\$|DNS=${NET_DNS_1}|"\
                -e "0,/DNS=\$/ s|DNS=\$|DNS=${NET_DNS_2}|"\
                -e "s|Domains=\$|Domains=${NET_DNS_DOMAINS}|"\
                -e "0,/NTP=\$/ s|NTP=\$|NTP=${NET_NTP_1}|"\
                -e "0,/NTP=\$/ s|NTP=\$|NTP=${NET_NTP_2}|"\
                "${ETC_DIR}/systemd/network/eth.network"
              fi
              # Remove empty settings from network configuration
              sed -i "/.*=\$/d" "${ETC_DIR}/systemd/network/eth.network"
              # Move systemd network configuration if required by Debian release
              if [ "$RELEASE" = "stretch" ] ; then
                mv -v "${ETC_DIR}/systemd/network/eth.network" "${LIB_DIR}/systemd/network/10-eth.network"
                rm -fr "${ETC_DIR}/systemd/network"
              fi
              # Enable systemd-networkd service
              chroot_exec systemctl enable systemd-networkd
              # Install host.conf resolver configuration
              install_readonly files/network/host.conf "${ETC_DIR}/host.conf"
              # Enable network stack hardening
              if [ "$ENABLE_HARDNET" = true ] ; then
                # Install sysctl.d configuration files
                install_readonly files/sysctl.d/82-rpi-net-hardening.conf "${ETC_DIR}/sysctl.d/82-rpi-net-hardening.conf"
                # Setup resolver warnings about spoofed addresses
                sed -i "s/^# spoof warn/spoof warn/" "${ETC_DIR}/host.conf"
              fi
              # Enable time sync
              if [ "NET_NTP_1" != "" ] ; then
                chroot_exec systemctl enable systemd-timesyncd.service
              fi
              # Download the firmware binary blob required to use the RPi3 wireless interface
              if [ "$ENABLE_WIRELESS" = true ] ; then
                if [ ! -d ${WLAN_FIRMWARE_DIR} ] ; then
                  mkdir -p ${WLAN_FIRMWARE_DIR}
                fi
                # Create temporary directory for firmware binary blob
-               temp_dir=$(sudo -u nobody mktemp -d)
+               temp_dir=$(as_nobody mktemp -d)
                # Fetch firmware binary blob
-               sudo -u nobody wget -q -O "${temp_dir}/brcmfmac43430-sdio.bin" "${WLAN_FIRMWARE_URL}/brcmfmac43430-sdio.bin"
-               sudo -u nobody wget -q -O "${temp_dir}/brcmfmac43430-sdio.txt" "${WLAN_FIRMWARE_URL}/brcmfmac43430-sdio.txt"
+               as_nobody wget -q -O "${temp_dir}/brcmfmac43430-sdio.bin" "${WLAN_FIRMWARE_URL}/brcmfmac43430-sdio.bin"
+               as_nobody wget -q -O "${temp_dir}/brcmfmac43430-sdio.txt" "${WLAN_FIRMWARE_URL}/brcmfmac43430-sdio.txt"
                # Move downloaded firmware binary blob
                mv "${temp_dir}/brcmfmac43430-sdio."* "${WLAN_FIRMWARE_DIR}/"
                # Remove temporary directory for firmware binary blob
                rm -fr "${temp_dir}"
                # Set permissions of the firmware binary blob
                chown root:root "${WLAN_FIRMWARE_DIR}/brcmfmac43430-sdio."*
                chmod 600 "${WLAN_FIRMWARE_DIR}/brcmfmac43430-sdio."*
              fi

bootstrap.d/41-uboot.sh +2 -2

              #
              # Build and Setup U-Boot
              #
              # Load utility functions
              . ./functions.sh
              # Fetch and build U-Boot bootloader
              if [ "$ENABLE_UBOOT" = true ] ; then
                # Install c/c++ build environment inside the chroot
                chroot_install_cc
                # Copy existing U-Boot sources into chroot directory
                if [ -n "$UBOOTSRC_DIR" ] && [ -d "$UBOOTSRC_DIR" ] ; then
                  # Copy local U-Boot sources
                  cp -r "${UBOOTSRC_DIR}" "${R}/tmp"
                else
                  # Create temporary directory for U-Boot sources
-                 temp_dir=$(sudo -u nobody mktemp -d)
+                 temp_dir=$(as_nobody mktemp -d)
                  # Fetch U-Boot sources
-                 sudo -u nobody git -C "${temp_dir}" clone "${UBOOT_URL}"
+                 as_nobody git -C "${temp_dir}" clone "${UBOOT_URL}"
                  # Copy downloaded U-Boot sources
                  mv "${temp_dir}/u-boot" "${R}/tmp/"
                  # Set permissions of the U-Boot sources
                  chown -R root:root "${R}/tmp/u-boot"
                  # Remove temporary directory for U-Boot sources
                  rm -fr "${temp_dir}"
                fi
                # Build and install U-Boot inside chroot
                chroot_exec make -j${KERNEL_THREADS} -C /tmp/u-boot/ ${UBOOT_CONFIG} all
                # Copy compiled bootloader binary and set config.txt to load it
                install_exec "${R}/tmp/u-boot/tools/mkimage" "${R}/usr/sbin/mkimage"
                install_readonly "${R}/tmp/u-boot/u-boot.bin" "${BOOT_DIR}/u-boot.bin"
                printf "\n# boot u-boot kernel\nkernel=u-boot.bin\n" >> "${BOOT_DIR}/config.txt"
                # Install and setup U-Boot command file
                install_readonly files/boot/uboot.mkimage "${BOOT_DIR}/uboot.mkimage"
                printf "# Set the kernel boot command line\nsetenv bootargs \"earlyprintk ${CMDLINE}\"\n\n$(cat ${BOOT_DIR}/uboot.mkimage)" > "${BOOT_DIR}/uboot.mkimage"
                if [ "$ENABLE_INITRAMFS" = true ] ; then
                  # Convert generated initramfs for U-Boot using mkimage
                  chroot_exec /usr/sbin/mkimage -A "${KERNEL_ARCH}" -T ramdisk -C none -n "initramfs-${KERNEL_VERSION}" -d "/boot/firmware/initramfs-${KERNEL_VERSION}" "/boot/firmware/initramfs-${KERNEL_VERSION}.uboot"
                  # Remove original initramfs file
                  rm -f "${BOOT_DIR}/initramfs-${KERNEL_VERSION}"
                  # Configure U-Boot to load generated initramfs
                  printf "# Set initramfs file\nsetenv initramfs initramfs-${KERNEL_VERSION}.uboot\n\n$(cat ${BOOT_DIR}/uboot.mkimage)" > "${BOOT_DIR}/uboot.mkimage"
                  printf "\nbootz \${kernel_addr_r} \${ramdisk_addr_r} \${fdt_addr_r}" >> "${BOOT_DIR}/uboot.mkimage"
                else # ENABLE_INITRAMFS=false
                  # Remove initramfs from U-Boot mkfile
                  sed -i '/.*initramfs.*/d' "${BOOT_DIR}/uboot.mkimage"
                  if [ "$BUILD_KERNEL" = false ] ; then
                    # Remove dtbfile from U-Boot mkfile
                    sed -i '/.*dtbfile.*/d' "${BOOT_DIR}/uboot.mkimage"
                    printf "\nbootz \${kernel_addr_r}" >> "${BOOT_DIR}/uboot.mkimage"
                  else
                    printf "\nbootz \${kernel_addr_r} - \${fdt_addr_r}" >> "${BOOT_DIR}/uboot.mkimage"
                  fi
                fi
                # Set mkfile to use the correct dtb file
                sed -i "s/^\(setenv dtbfile \).*/\1${DTB_FILE}/" "${BOOT_DIR}/uboot.mkimage"
                # Set mkfile to use kernel image
                sed -i "s/^\(fatload mmc 0:1 \${kernel_addr_r} \).*/\1${KERNEL_IMAGE}/" "${BOOT_DIR}/uboot.mkimage"
                # Remove all leading blank lines
                sed -i "/./,\$!d" "${BOOT_DIR}/uboot.mkimage"
                # Generate U-Boot bootloader image
                chroot_exec /usr/sbin/mkimage -A "${KERNEL_ARCH}" -O linux -T script -C none -a 0x00000000 -e 0x00000000 -n "RPi${RPI_MODEL}" -d /boot/firmware/uboot.mkimage /boot/firmware/boot.scr
                # Remove U-Boot sources
                rm -fr "${R}/tmp/u-boot"
              fi

bootstrap.d/42-fbturbo.sh +2 -2

              #
              # Build and Setup fbturbo Xorg driver
              #
              # Load utility functions
              . ./functions.sh
              if [ "$ENABLE_FBTURBO" = true ] ; then
                # Install c/c++ build environment inside the chroot
                chroot_install_cc
                # Copy existing fbturbo sources into chroot directory
                if [ -n "$FBTURBOSRC_DIR" ] && [ -d "$FBTURBOSRC_DIR" ] ; then
                  # Copy local fbturbo sources
                  cp -r "${FBTURBOSRC_DIR}" "${R}/tmp"
                else
                  # Create temporary directory for fbturbo sources
-                 temp_dir=$(sudo -u nobody mktemp -d)
+                 temp_dir=$(as_nobody mktemp -d)
                  # Fetch fbturbo sources
-                 sudo -u nobody git -C "${temp_dir}" clone "${FBTURBO_URL}"
+                 as_nobody git -C "${temp_dir}" clone "${FBTURBO_URL}"
                  # Move downloaded fbturbo sources
                  mv "${temp_dir}/xf86-video-fbturbo" "${R}/tmp/"
                  # Remove temporary directory for fbturbo sources
                  rm -fr "${temp_dir}"
                fi
                # Install Xorg build dependencies
                if [ "$RELEASE" = "jessie" ] ; then
                  chroot_exec apt-get -q -y --no-install-recommends install xorg-dev xutils-dev x11proto-dri2-dev libltdl-dev libtool automake libdrm-dev
                elif [ "$RELEASE" = "stretch" ] ; then
                  chroot_exec apt-get -q -y --no-install-recommends --allow-unauthenticated install xorg-dev xutils-dev x11proto-dri2-dev libltdl-dev libtool automake libdrm-dev
                fi
                # Build and install fbturbo driver inside chroot
                chroot_exec /bin/bash -x <<'EOF'
              cd /tmp/xf86-video-fbturbo
              autoreconf -vi
              ./configure --prefix=/usr
              make
              make install
              EOF
                # Install fbturbo driver Xorg configuration
                install_readonly files/xorg/99-fbturbo.conf "${R}/usr/share/X11/xorg.conf.d/99-fbturbo.conf"
                # Remove Xorg build dependencies
                chroot_exec apt-get -qq -y --auto-remove purge xorg-dev xutils-dev x11proto-dri2-dev libltdl-dev libtool automake libdrm-dev
              fi

functions.sh +5 0

              # This file contains utility functions used by rpi23-gen-image.sh
              cleanup (){
                set +x
                set +e
                # Identify and kill all processes still using files
                echo "killing processes using mount point ..."
                fuser -k "${R}"
                sleep 3
                fuser -9 -k -v "${R}"
                # Clean up temporary .password file
                if [ -r ".password" ] ; then
                  shred -zu .password
                fi
                # Clean up all temporary mount points
                echo "removing temporary mount points ..."
                umount -l "${R}/proc" 2> /dev/null
                umount -l "${R}/sys" 2> /dev/null
                umount -l "${R}/dev/pts" 2> /dev/null
                umount "$BUILDDIR/mount/boot/firmware" 2> /dev/null
                umount "$BUILDDIR/mount" 2> /dev/null
                cryptsetup close "${CRYPTFS_MAPPING}" 2> /dev/null
                losetup -d "$ROOT_LOOP" 2> /dev/null
                losetup -d "$FRMW_LOOP" 2> /dev/null
                trap - 0 1 2 3 6
              }
              chroot_exec() {
                # Exec command in chroot
                LANG=C LC_ALL=C DEBIAN_FRONTEND=noninteractive chroot ${R} $*
              }
+             as_nobody() {
+               # Exec command as user nobody
+               sudo -E -u nobody LANG=C LC_ALL=C $*
+             }
              install_readonly() {
                # Install file with user read-only permissions
                install -o root -g root -m 644 $*
              }
              install_exec() {
                # Install file with root exec permissions
                install -o root -g root -m 744 $*
              }
              use_template () {
                # Test if configuration template file exists
                if [ ! -r "./templates/${CONFIG_TEMPLATE}" ] ; then
                  echo "error: configuration template ${CONFIG_TEMPLATE} not found"
                  exit 1
                fi
                # Load template configuration parameters
                . "./templates/${CONFIG_TEMPLATE}"
              }
              chroot_install_cc() {
                # Install c/c++ build environment inside the chroot
                if [ -z "${COMPILER_PACKAGES}" ] ; then
                  COMPILER_PACKAGES=$(chroot_exec apt-get -s install g++ make bc | grep "^Inst " | awk -v ORS=" " '{ print $2 }')
                  if [ "$RELEASE" = "jessie" ] ; then
                    chroot_exec apt-get -q -y --no-install-recommends install ${COMPILER_PACKAGES}
                  elif [ "$RELEASE" = "stretch" ] ; then
                    chroot_exec apt-get -q -y --allow-unauthenticated --no-install-recommends install ${COMPILER_PACKAGES}
                  fi
                fi
              }
              chroot_remove_cc() {
                # Remove c/c++ build environment from the chroot
                if [ ! -z "${COMPILER_PACKAGES}" ] ; then
                  chroot_exec apt-get -qq -y --auto-remove purge ${COMPILER_PACKAGES}
                  COMPILER_PACKAGES=""
                fi
              }

rpi23-gen-image.sh +29 -5

              #!/bin/sh
              ########################################################################
              # rpi23-gen-image.sh					       2015-2017
              #
              # Advanced Debian "jessie" and "stretch"  bootstrap script for RPi2/3
              #
              # This program is free software; you can redistribute it and/or
              # modify it under the terms of the GNU General Public License
              # as published by the Free Software Foundation; either version 2
              # of the License, or (at your option) any later version.
              #
              # Copyright (C) 2015 Jan Wagner <mail@jwagner.eu>
              #
              # Big thanks for patches and enhancements by 10+ github contributors!
              ########################################################################
              # Are we running as root?
              if [ "$(id -u)" -ne "0" ] ; then
                echo "error: this script must be executed with root privileges!"
                exit 1
              fi
              # Check if ./functions.sh script exists
              if [ ! -r "./functions.sh" ] ; then
                echo "error: './functions.sh' required script not found!"
                exit 1
              fi
              # Load utility functions
              . ./functions.sh
              # Load parameters from configuration template file
              if [ ! -z "$CONFIG_TEMPLATE" ] ; then
                use_template
              fi
              # Introduce settings
              set -e
              echo -n -e "\n#\n# RPi2/3 Bootstrap Settings\n#\n"
              set -x
              # Raspberry Pi model configuration
              RPI_MODEL=${RPI_MODEL:=2}
              RPI2_DTB_FILE=${RPI2_DTB_FILE:=bcm2709-rpi-2-b.dtb}
              RPI2_UBOOT_CONFIG=${RPI2_UBOOT_CONFIG:=rpi_2_defconfig}
              RPI3_DTB_FILE=${RPI3_DTB_FILE:=bcm2710-rpi-3-b.dtb}
              RPI3_UBOOT_CONFIG=${RPI3_UBOOT_CONFIG:=rpi_3_32b_defconfig}
              # Debian release
              RELEASE=${RELEASE:=jessie}
              KERNEL_ARCH=${KERNEL_ARCH:=arm}
              RELEASE_ARCH=${RELEASE_ARCH:=armhf}
              CROSS_COMPILE=${CROSS_COMPILE:=arm-linux-gnueabihf-}
              COLLABORA_KERNEL=${COLLABORA_KERNEL:=3.18.0-trunk-rpi2}
-             KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcm2709_defconfig}
-             KERNEL_IMAGE=${KERNEL_IMAGE:=kernel7.img}
-             QEMU_BINARY=${QEMU_BINARY:=/usr/bin/qemu-arm-static}
+             if [ "$KERNEL_ARCH" = "arm64" ] ; then
+               KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcmrpi3_defconfig}
+               KERNEL_IMAGE=${KERNEL_IMAGE:=kernel8.img}
+             else
+               KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcm2709_defconfig}
+               KERNEL_IMAGE=${KERNEL_IMAGE:=kernel7.img}
+             fi
+             if [ "$RELEASE_ARCH" = "arm64" ] ; then
+               QEMU_BINARY=${QEMU_BINARY:=/usr/bin/qemu-aarch64-static}
+             else
+               QEMU_BINARY=${QEMU_BINARY:=/usr/bin/qemu-arm-static}
+             fi
+             KERNEL_BRANCH=${KERNEL_BRANCH:=""}
              # URLs
              KERNEL_URL=${KERNEL_URL:=https://github.com/raspberrypi/linux}
              FIRMWARE_URL=${FIRMWARE_URL:=https://github.com/raspberrypi/firmware/raw/master/boot}
              WLAN_FIRMWARE_URL=${WLAN_FIRMWARE_URL:=https://github.com/RPi-Distro/firmware-nonfree/raw/master/brcm80211/brcm}
              COLLABORA_URL=${COLLABORA_URL:=https://repositories.collabora.co.uk/debian}
              FBTURBO_URL=${FBTURBO_URL:=https://github.com/ssvb/xf86-video-fbturbo.git}
              UBOOT_URL=${UBOOT_URL:=git://git.denx.de/u-boot.git}
              # Build directories
              BASEDIR=${BASEDIR:=$(pwd)/images/${RELEASE}}
              BUILDDIR="${BASEDIR}/build"
              # Prepare date string for default image file name
              DATE="$(date +%Y-%m-%d)"
-             IMAGE_NAME=${IMAGE_NAME:=${BASEDIR}/${DATE}-rpi${RPI_MODEL}-${RELEASE}}
+             if [ -z "$KERNEL_BRANCH" ] ; then
+               IMAGE_NAME=${IMAGE_NAME:=${BASEDIR}/${DATE}-${KERNEL_ARCH}-CURRENT-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}}
+             else
+               IMAGE_NAME=${IMAGE_NAME:=${BASEDIR}/${DATE}-${KERNEL_ARCH}-${KERNEL_BRANCH}-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}}
+             fi
              # Chroot directories
              R="${BUILDDIR}/chroot"
              ETC_DIR="${R}/etc"
              LIB_DIR="${R}/lib"
              BOOT_DIR="${R}/boot/firmware"
              KERNEL_DIR="${R}/usr/src/linux"
              WLAN_FIRMWARE_DIR="${R}/lib/firmware/brcm"
              # Firmware directory: Blank if download from github
              RPI_FIRMWARE_DIR=${RPI_FIRMWARE_DIR:=""}
              # General settings
              HOSTNAME=${HOSTNAME:=rpi${RPI_MODEL}-${RELEASE}}
              PASSWORD=${PASSWORD:=raspberry}
              USER_PASSWORD=${USER_PASSWORD:=raspberry}
              DEFLOCAL=${DEFLOCAL:="en_US.UTF-8"}
              TIMEZONE=${TIMEZONE:="Europe/Berlin"}
              EXPANDROOT=${EXPANDROOT:=true}
              # Keyboard settings
              XKB_MODEL=${XKB_MODEL:=""}
              XKB_LAYOUT=${XKB_LAYOUT:=""}
              XKB_VARIANT=${XKB_VARIANT:=""}
              XKB_OPTIONS=${XKB_OPTIONS:=""}
              # Network settings (DHCP)
              ENABLE_DHCP=${ENABLE_DHCP:=true}
              # Network settings (static)
              NET_ADDRESS=${NET_ADDRESS:=""}
              NET_GATEWAY=${NET_GATEWAY:=""}
              NET_DNS_1=${NET_DNS_1:=""}
              NET_DNS_2=${NET_DNS_2:=""}
              NET_DNS_DOMAINS=${NET_DNS_DOMAINS:=""}
              NET_NTP_1=${NET_NTP_1:=""}
              NET_NTP_2=${NET_NTP_2:=""}
              # APT settings
              APT_PROXY=${APT_PROXY:=""}
              APT_SERVER=${APT_SERVER:="ftp.debian.org"}
              # Feature settings
              ENABLE_CONSOLE=${ENABLE_CONSOLE:=true}
              ENABLE_I2C=${ENABLE_I2C:=false}
              ENABLE_SPI=${ENABLE_SPI:=false}
              ENABLE_IPV6=${ENABLE_IPV6:=true}
              ENABLE_SSHD=${ENABLE_SSHD:=true}
              ENABLE_NONFREE=${ENABLE_NONFREE:=false}
              ENABLE_WIRELESS=${ENABLE_WIRELESS:=false}
              ENABLE_SOUND=${ENABLE_SOUND:=true}
              ENABLE_DBUS=${ENABLE_DBUS:=true}
              ENABLE_HWRANDOM=${ENABLE_HWRANDOM:=true}
              ENABLE_MINGPU=${ENABLE_MINGPU:=false}
              ENABLE_XORG=${ENABLE_XORG:=false}
              ENABLE_WM=${ENABLE_WM:=""}
              ENABLE_RSYSLOG=${ENABLE_RSYSLOG:=true}
              ENABLE_USER=${ENABLE_USER:=true}
              USER_NAME=${USER_NAME:="pi"}
              ENABLE_ROOT=${ENABLE_ROOT:=false}
              # SSH settings
              SSH_ENABLE_ROOT=${SSH_ENABLE_ROOT:=false}
              SSH_DISABLE_PASSWORD_AUTH=${SSH_DISABLE_PASSWORD_AUTH:=false}
              SSH_LIMIT_USERS=${SSH_LIMIT_USERS:=false}
              SSH_ROOT_PUB_KEY=${SSH_ROOT_PUB_KEY:=""}
              SSH_USER_PUB_KEY=${SSH_USER_PUB_KEY:=""}
              # Advanced settings
              ENABLE_MINBASE=${ENABLE_MINBASE:=false}
              ENABLE_REDUCE=${ENABLE_REDUCE:=false}
              ENABLE_UBOOT=${ENABLE_UBOOT:=false}
              UBOOTSRC_DIR=${UBOOTSRC_DIR:=""}
              ENABLE_FBTURBO=${ENABLE_FBTURBO:=false}
              FBTURBOSRC_DIR=${FBTURBOSRC_DIR:=""}
              ENABLE_HARDNET=${ENABLE_HARDNET:=false}
              ENABLE_IPTABLES=${ENABLE_IPTABLES:=false}
              ENABLE_SPLITFS=${ENABLE_SPLITFS:=false}
              ENABLE_INITRAMFS=${ENABLE_INITRAMFS:=false}
              ENABLE_IFNAMES=${ENABLE_IFNAMES:=true}
              DISABLE_UNDERVOLT_WARNINGS=${DISABLE_UNDERVOLT_WARNINGS:=}
              # Kernel compilation settings
              BUILD_KERNEL=${BUILD_KERNEL:=false}
              KERNEL_REDUCE=${KERNEL_REDUCE:=false}
              KERNEL_THREADS=${KERNEL_THREADS:=1}
              KERNEL_HEADERS=${KERNEL_HEADERS:=true}
              KERNEL_MENUCONFIG=${KERNEL_MENUCONFIG:=false}
              KERNEL_REMOVESRC=${KERNEL_REMOVESRC:=true}
+             if [ "$KERNEL_ARCH" = "arm64" ] ; then
+               KERNEL_BIN_IMAGE=${KERNEL_BIN_IMAGE:="Image"}
+             else
+               KERNEL_BIN_IMAGE=${KERNEL_BIN_IMAGE:="zImage"}
+             fi
              # Kernel compilation from source directory settings
              KERNELSRC_DIR=${KERNELSRC_DIR:=""}
              KERNELSRC_CLEAN=${KERNELSRC_CLEAN:=false}
              KERNELSRC_CONFIG=${KERNELSRC_CONFIG:=true}
              KERNELSRC_PREBUILT=${KERNELSRC_PREBUILT:=false}
              # Reduce disk usage settings
              REDUCE_APT=${REDUCE_APT:=true}
              REDUCE_DOC=${REDUCE_DOC:=true}
              REDUCE_MAN=${REDUCE_MAN:=true}
              REDUCE_VIM=${REDUCE_VIM:=false}
              REDUCE_BASH=${REDUCE_BASH:=false}
              REDUCE_HWDB=${REDUCE_HWDB:=true}
              REDUCE_SSHD=${REDUCE_SSHD:=true}
              REDUCE_LOCALE=${REDUCE_LOCALE:=true}
              # Encrypted filesystem settings
              ENABLE_CRYPTFS=${ENABLE_CRYPTFS:=false}
              CRYPTFS_PASSWORD=${CRYPTFS_PASSWORD:=""}
              CRYPTFS_MAPPING=${CRYPTFS_MAPPING:="secure"}
              CRYPTFS_CIPHER=${CRYPTFS_CIPHER:="aes-xts-plain64:sha512"}
              CRYPTFS_XTSKEYSIZE=${CRYPTFS_XTSKEYSIZE:=512}
              # Stop the Crypto Wars
              DISABLE_FBI=${DISABLE_FBI:=false}
              # Chroot scripts directory
              CHROOT_SCRIPTS=${CHROOT_SCRIPTS:=""}
              # Packages required in the chroot build environment
              APT_INCLUDES=${APT_INCLUDES:=""}
              APT_INCLUDES="${APT_INCLUDES},apt-transport-https,apt-utils,ca-certificates,debian-archive-keyring,dialog,sudo,systemd,sysvinit-utils"
              # Packages required for bootstrapping
              REQUIRED_PACKAGES="debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git bc psmisc dbus sudo"
              MISSING_PACKAGES=""
              # Packages installed for c/c++ build environment in chroot (keep empty)
              COMPILER_PACKAGES=""
              set +x
              # Set Raspberry Pi model specific configuration
              if [ "$RPI_MODEL" = 2 ] ; then
                DTB_FILE=${RPI2_DTB_FILE}
                UBOOT_CONFIG=${RPI2_UBOOT_CONFIG}
              elif [ "$RPI_MODEL" = 3 ] ; then
                DTB_FILE=${RPI3_DTB_FILE}
                UBOOT_CONFIG=${RPI3_UBOOT_CONFIG}
                BUILD_KERNEL=true
              else
                echo "error: Raspberry Pi model ${RPI_MODEL} is not supported!"
                exit 1
              fi
              # Check if the internal wireless interface is supported by the RPi model
              if [ "$ENABLE_WIRELESS" = true ] && [ "$RPI_MODEL" != 3 ] ; then
                echo "error: The selected Raspberry Pi model has no internal wireless interface"
                exit 1
              fi
              # Check if DISABLE_UNDERVOLT_WARNINGS parameter value is supported
              if [ ! -z "$DISABLE_UNDERVOLT_WARNINGS" ] ; then
                if [ "$DISABLE_UNDERVOLT_WARNINGS" != 1 ] && [ "$DISABLE_UNDERVOLT_WARNINGS" != 2 ] ; then
                  echo "error: DISABLE_UNDERVOLT_WARNINGS=${DISABLE_UNDERVOLT_WARNINGS} is not supported"
                  exit 1
                fi
              fi
              # Build RPi2/3 Linux kernel if required by Debian release
              if [ "$RELEASE" = "stretch" ] ; then
                BUILD_KERNEL=true
              fi
              # Add packages required for kernel cross compilation
              if [ "$BUILD_KERNEL" = true ] ; then
-               REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-armhf"
+               if [ "$KERNEL_ARCH" = "arm" ] ; then
+                 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-armhf"
+               else
+                 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-arm64"
+               fi
              fi
              # Add libncurses5 to enable kernel menuconfig
              if [ "$KERNEL_MENUCONFIG" = true ] ; then
                REQUIRED_PACKAGES="${REQUIRED_PACKAGES} libncurses5-dev"
              fi
              # Stop the Crypto Wars
              if [ "$DISABLE_FBI" = true ] ; then
                ENABLE_CRYPTFS=true
              fi
              # Add cryptsetup package to enable filesystem encryption
              if [ "$ENABLE_CRYPTFS" = true ]  && [ "$BUILD_KERNEL" = true ] ; then
                REQUIRED_PACKAGES="${REQUIRED_PACKAGES} cryptsetup"
                APT_INCLUDES="${APT_INCLUDES},cryptsetup"
                if [ -z "$CRYPTFS_PASSWORD" ] ; then
                  echo "error: no password defined (CRYPTFS_PASSWORD)!"
                  exit 1
                fi
                ENABLE_INITRAMFS=true
              fi
              # Add initramfs generation tools
              if [ "$ENABLE_INITRAMFS" = true ] && [ "$BUILD_KERNEL" = true ] ; then
                APT_INCLUDES="${APT_INCLUDES},initramfs-tools"
              fi
              # Add device-tree-compiler required for building the U-Boot bootloader
              if [ "$ENABLE_UBOOT" = true ] ; then
                APT_INCLUDES="${APT_INCLUDES},device-tree-compiler"
              fi
              # Check if root SSH (v2) public key file exists
              if [ ! -z "$SSH_ROOT_PUB_KEY" ] ; then
                if [ ! -f "$SSH_ROOT_PUB_KEY" ] ; then
                  echo "error: '$SSH_ROOT_PUB_KEY' specified SSH public key file not found (SSH_ROOT_PUB_KEY)!"
                  exit 1
                fi
              fi
              # Check if $USER_NAME SSH (v2) public key file exists
              if [ ! -z "$SSH_USER_PUB_KEY" ] ; then
                if [ ! -f "$SSH_USER_PUB_KEY" ] ; then
                  echo "error: '$SSH_USER_PUB_KEY' specified SSH public key file not found (SSH_USER_PUB_KEY)!"
                  exit 1
                fi
              fi
              # Check if all required packages are installed on the build system
              for package in $REQUIRED_PACKAGES ; do
                if [ "`dpkg-query -W -f='${Status}' $package`" != "install ok installed" ] ; then
                  MISSING_PACKAGES="${MISSING_PACKAGES} $package"
                fi
              done
              # If there are missing packages ask confirmation for install, or exit
              if [ -n "$MISSING_PACKAGES" ] ; then
                echo "the following packages needed by this script are not installed:"
                echo "$MISSING_PACKAGES"
                echo -n "\ndo you want to install the missing packages right now? [y/n] "
                read confirm
                [ "$confirm" != "y" ] && exit 1
                # Make sure all missing required packages are installed
                apt-get -qq -y install ${MISSING_PACKAGES}
              fi
              # Check if ./bootstrap.d directory exists
              if [ ! -d "./bootstrap.d/" ] ; then
                echo "error: './bootstrap.d' required directory not found!"
                exit 1
              fi
              # Check if ./files directory exists
              if [ ! -d "./files/" ] ; then
                echo "error: './files' required directory not found!"
                exit 1
              fi
              # Check if specified KERNELSRC_DIR directory exists
              if [ -n "$KERNELSRC_DIR" ] && [ ! -d "$KERNELSRC_DIR" ] ; then
                echo "error: '${KERNELSRC_DIR}' specified directory not found (KERNELSRC_DIR)!"
                exit 1
              fi
              # Check if specified UBOOTSRC_DIR directory exists
              if [ -n "$UBOOTSRC_DIR" ] && [ ! -d "$UBOOTSRC_DIR" ] ; then
                echo "error: '${UBOOTSRC_DIR}' specified directory not found (UBOOTSRC_DIR)!"
                exit 1
              fi
              # Check if specified FBTURBOSRC_DIR directory exists
              if [ -n "$FBTURBOSRC_DIR" ] && [ ! -d "$FBTURBOSRC_DIR" ] ; then
                echo "error: '${FBTURBOSRC_DIR}' specified directory not found (FBTURBOSRC_DIR)!"
                exit 1
              fi
              # Check if specified CHROOT_SCRIPTS directory exists
              if [ -n "$CHROOT_SCRIPTS" ] && [ ! -d "$CHROOT_SCRIPTS" ] ; then
                 echo "error: ${CHROOT_SCRIPTS} specified directory not found (CHROOT_SCRIPTS)!"
                 exit 1
              fi
              # Check if specified device mapping already exists (will be used by cryptsetup)
              if [ -r "/dev/mapping/${CRYPTFS_MAPPING}" ] ; then
                echo "error: mapping /dev/mapping/${CRYPTFS_MAPPING} already exists, not proceeding"
                exit 1
              fi
              # Don't clobber an old build
              if [ -e "$BUILDDIR" ] ; then
                echo "error: directory ${BUILDDIR} already exists, not proceeding"
                exit 1
              fi
              # Setup chroot directory
              mkdir -p "${R}"
              # Check if build directory has enough of free disk space >512MB
              if [ "$(df --output=avail ${BUILDDIR} | sed "1d")" -le "524288" ] ; then
                echo "error: ${BUILDDIR} not enough space left to generate the output image!"
                exit 1
              fi
              set -x
              # Call "cleanup" function on various signals and errors
              trap cleanup 0 1 2 3 6
              # Add required packages for the minbase installation
              if [ "$ENABLE_MINBASE" = true ] ; then
                APT_INCLUDES="${APT_INCLUDES},vim-tiny,netbase,net-tools,ifupdown"
              fi
              # Add required locales packages
              if [ "$DEFLOCAL" != "en_US.UTF-8" ] ; then
                APT_INCLUDES="${APT_INCLUDES},locales,keyboard-configuration,console-setup"
              fi
              # Add parted package, required to get partprobe utility
              if [ "$EXPANDROOT" = true ] ; then
                APT_INCLUDES="${APT_INCLUDES},parted"
              fi
              # Add dbus package, recommended if using systemd
              if [ "$ENABLE_DBUS" = true ] ; then
                APT_INCLUDES="${APT_INCLUDES},dbus"
              fi
              # Add iptables IPv4/IPv6 package
              if [ "$ENABLE_IPTABLES" = true ] ; then
                APT_INCLUDES="${APT_INCLUDES},iptables"
              fi
              # Add openssh server package
              if [ "$ENABLE_SSHD" = true ] ; then
                APT_INCLUDES="${APT_INCLUDES},openssh-server"
              fi
              # Add alsa-utils package
              if [ "$ENABLE_SOUND" = true ] ; then
                APT_INCLUDES="${APT_INCLUDES},alsa-utils"
              fi
              # Add rng-tools package
              if [ "$ENABLE_HWRANDOM" = true ] ; then
                APT_INCLUDES="${APT_INCLUDES},rng-tools"
              fi
              # Add fbturbo video driver
              if [ "$ENABLE_FBTURBO" = true ] ; then
                # Enable xorg package dependencies
                ENABLE_XORG=true
              fi
              # Add user defined window manager package
              if [ -n "$ENABLE_WM" ] ; then
                APT_INCLUDES="${APT_INCLUDES},${ENABLE_WM}"
                # Enable xorg package dependencies
                ENABLE_XORG=true
              fi
              # Add xorg package
              if [ "$ENABLE_XORG" = true ] ; then
                APT_INCLUDES="${APT_INCLUDES},xorg"
              fi
              # Replace selected packages with smaller clones
              if [ "$ENABLE_REDUCE" = true ] ; then
                # Add levee package instead of vim-tiny
                if [ "$REDUCE_VIM" = true ] ; then
                  APT_INCLUDES="$(echo ${APT_INCLUDES} | sed "s/vim-tiny/levee/")"
                fi
                # Add dropbear package instead of openssh-server
                if [ "$REDUCE_SSHD" = true ] ; then
                  APT_INCLUDES="$(echo ${APT_INCLUDES} | sed "s/openssh-server/dropbear/")"
                fi
              fi
              # Configure kernel sources if no KERNELSRC_DIR
              if [ "$BUILD_KERNEL" = true ] && [ -z "$KERNELSRC_DIR" ] ; then
                KERNELSRC_CONFIG=true
              fi
              # Configure reduced kernel
              if [ "$KERNEL_REDUCE" = true ] ; then
                KERNELSRC_CONFIG=false
              fi
              # Execute bootstrap scripts
              for SCRIPT in bootstrap.d/*.sh; do
                head -n 3 "$SCRIPT"
                . "$SCRIPT"
              done
              ## Execute custom bootstrap scripts
              if [ -d "custom.d" ] ; then
                for SCRIPT in custom.d/*.sh; do
                  . "$SCRIPT"
                done
              fi
              # Execute custom scripts inside the chroot
              if [ -n "$CHROOT_SCRIPTS" ] && [ -d "$CHROOT_SCRIPTS" ] ; then
                cp -r "${CHROOT_SCRIPTS}" "${R}/chroot_scripts"
                chroot_exec /bin/bash -x <<'EOF'
              for SCRIPT in /chroot_scripts/* ; do
                if [ -f $SCRIPT -a -x $SCRIPT ] ; then
                  $SCRIPT
                fi
              done
              EOF
                rm -rf "${R}/chroot_scripts"
              fi
              # Remove c/c++ build environment from the chroot
              chroot_remove_cc
              # Remove apt-utils
              if [ "$RELEASE" = "jessie" ] ; then
                chroot_exec apt-get purge -qq -y --force-yes apt-utils
              fi
              # Generate required machine-id
              MACHINE_ID=$(dbus-uuidgen)
              echo -n "${MACHINE_ID}" > "${R}/var/lib/dbus/machine-id"
              echo -n "${MACHINE_ID}" > "${ETC_DIR}/machine-id"
              # APT Cleanup
              chroot_exec apt-get -y clean
              chroot_exec apt-get -y autoclean
              chroot_exec apt-get -y autoremove
              # Unmount mounted filesystems
              umount -l "${R}/proc"
              umount -l "${R}/sys"
              # Clean up directories
              rm -rf "${R}/run/*"
              rm -rf "${R}/tmp/*"
              # Clean up files
              rm -f "${ETC_DIR}/ssh/ssh_host_*"
              rm -f "${ETC_DIR}/dropbear/dropbear_*"
              rm -f "${ETC_DIR}/apt/sources.list.save"
              rm -f "${ETC_DIR}/resolvconf/resolv.conf.d/original"
              rm -f "${ETC_DIR}/*-"
              rm -f "${ETC_DIR}/apt/apt.conf.d/10proxy"
              rm -f "${ETC_DIR}/resolv.conf"
              rm -f "${R}/root/.bash_history"
              rm -f "${R}/var/lib/urandom/random-seed"
              rm -f "${R}/initrd.img"
              rm -f "${R}/vmlinuz"
              rm -f "${R}${QEMU_BINARY}"
              # Calculate size of the chroot directory in KB
              CHROOT_SIZE=$(expr `du -s "${R}" | awk '{ print $1 }'`)
              # Calculate the amount of needed 512 Byte sectors
              TABLE_SECTORS=$(expr 1 \* 1024 \* 1024 \/ 512)
              FRMW_SECTORS=$(expr 64 \* 1024 \* 1024 \/ 512)
              ROOT_OFFSET=$(expr ${TABLE_SECTORS} + ${FRMW_SECTORS})
              # The root partition is EXT4
              # This means more space than the actual used space of the chroot is used.
              # As overhead for journaling and reserved blocks 25% are added.
              ROOT_SECTORS=$(expr $(expr ${CHROOT_SIZE} + ${CHROOT_SIZE} \/ 100 \* 25) \* 1024 \/ 512)
              # Calculate required image size in 512 Byte sectors
              IMAGE_SECTORS=$(expr ${TABLE_SECTORS} + ${FRMW_SECTORS} + ${ROOT_SECTORS})
              # Prepare image file
              if [ "$ENABLE_SPLITFS" = true ] ; then
                dd if=/dev/zero of="$IMAGE_NAME-frmw.img" bs=512 count=${TABLE_SECTORS}
                dd if=/dev/zero of="$IMAGE_NAME-frmw.img" bs=512 count=0 seek=${FRMW_SECTORS}
                dd if=/dev/zero of="$IMAGE_NAME-root.img" bs=512 count=${TABLE_SECTORS}
                dd if=/dev/zero of="$IMAGE_NAME-root.img" bs=512 count=0 seek=${ROOT_SECTORS}
                # Write firmware/boot partition tables
                sfdisk -q -L -uS -f "$IMAGE_NAME-frmw.img" 2> /dev/null <<EOM
              ${TABLE_SECTORS},${FRMW_SECTORS},c,*
              EOM
                # Write root partition table
                sfdisk -q -L -uS -f "$IMAGE_NAME-root.img" 2> /dev/null <<EOM
              ${TABLE_SECTORS},${ROOT_SECTORS},83
              EOM
                # Setup temporary loop devices
                FRMW_LOOP="$(losetup -o 1M --sizelimit 64M -f --show $IMAGE_NAME-frmw.img)"
                ROOT_LOOP="$(losetup -o 1M -f --show $IMAGE_NAME-root.img)"
              else # ENABLE_SPLITFS=false
                dd if=/dev/zero of="$IMAGE_NAME.img" bs=512 count=${TABLE_SECTORS}
                dd if=/dev/zero of="$IMAGE_NAME.img" bs=512 count=0 seek=${IMAGE_SECTORS}
                # Write partition table
                sfdisk -q -L -uS -f "$IMAGE_NAME.img" 2> /dev/null <<EOM
              ${TABLE_SECTORS},${FRMW_SECTORS},c,*
              ${ROOT_OFFSET},${ROOT_SECTORS},83
              EOM
                # Setup temporary loop devices
                FRMW_LOOP="$(losetup -o 1M --sizelimit 64M -f --show $IMAGE_NAME.img)"
                ROOT_LOOP="$(losetup -o 65M -f --show $IMAGE_NAME.img)"
              fi
              if [ "$ENABLE_CRYPTFS" = true ] ; then
                # Create dummy ext4 fs
                mkfs.ext4 "$ROOT_LOOP"
                # Setup password keyfile
                touch .password
                chmod 600 .password
                echo -n ${CRYPTFS_PASSWORD} > .password
                # Initialize encrypted partition
                echo "YES" | cryptsetup luksFormat "${ROOT_LOOP}" -c "${CRYPTFS_CIPHER}" -s "${CRYPTFS_XTSKEYSIZE}" .password
                # Open encrypted partition and setup mapping
                cryptsetup luksOpen "${ROOT_LOOP}" -d .password "${CRYPTFS_MAPPING}"
                # Secure delete password keyfile
                shred -zu .password
                # Update temporary loop device
                ROOT_LOOP="/dev/mapper/${CRYPTFS_MAPPING}"
                # Wipe encrypted partition (encryption cipher is used for randomness)
                dd if=/dev/zero of="${ROOT_LOOP}" bs=512 count=$(blockdev --getsz "${ROOT_LOOP}")
              fi
              # Build filesystems
              mkfs.vfat "$FRMW_LOOP"
              mkfs.ext4 "$ROOT_LOOP"
              # Mount the temporary loop devices
              mkdir -p "$BUILDDIR/mount"
              mount "$ROOT_LOOP" "$BUILDDIR/mount"
              mkdir -p "$BUILDDIR/mount/boot/firmware"
              mount "$FRMW_LOOP" "$BUILDDIR/mount/boot/firmware"
              # Copy all files from the chroot to the loop device mount point directory
              rsync -a "${R}/" "$BUILDDIR/mount/"
              # Unmount all temporary loop devices and mount points
              cleanup
              # Create block map file(s) of image(s)
              if [ "$ENABLE_SPLITFS" = true ] ; then
                # Create block map files for "bmaptool"
                bmaptool create -o "$IMAGE_NAME-frmw.bmap" "$IMAGE_NAME-frmw.img"
                bmaptool create -o "$IMAGE_NAME-root.bmap" "$IMAGE_NAME-root.img"
                # Image was successfully created
                echo "$IMAGE_NAME-frmw.img ($(expr \( ${TABLE_SECTORS} + ${FRMW_SECTORS} \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
                echo "$IMAGE_NAME-root.img ($(expr \( ${TABLE_SECTORS} + ${ROOT_SECTORS} \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
              else
                # Create block map file for "bmaptool"
                bmaptool create -o "$IMAGE_NAME.bmap" "$IMAGE_NAME.img"
                # Image was successfully created
                echo "$IMAGE_NAME.img ($(expr \( ${TABLE_SECTORS} + ${FRMW_SECTORS} + ${ROOT_SECTORS} \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
              fi

General Comments 0

Écrire
Preview

Vous devez vous connecter pour laisser un commentaire. Se connecter maintenant

No TODOs yet

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Dépôts
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages