@@ -0,0 +1,45 | |||||
|
1 | #!/bin/sh | |||
|
2 | ||||
|
3 | PREREQ="dropbear" | |||
|
4 | ||||
|
5 | prereqs() { | |||
|
6 | echo "$PREREQ" | |||
|
7 | } | |||
|
8 | ||||
|
9 | case "$1" in | |||
|
10 | prereqs) | |||
|
11 | prereqs | |||
|
12 | exit 0 | |||
|
13 | ;; | |||
|
14 | esac | |||
|
15 | ||||
|
16 | . "${CONFDIR}/initramfs.conf" | |||
|
17 | . /usr/share/initramfs-tools/hook-functions | |||
|
18 | ||||
|
19 | if [ "${DROPBEAR}" != "n" ] && [ -r "/etc/crypttab" ] ; then | |||
|
20 | cat > "${DESTDIR}/bin/unlock" << EOF | |||
|
21 | #!/bin/sh | |||
|
22 | if PATH=/lib/unlock:/bin:/sbin /scripts/local-top/cryptroot; then | |||
|
23 | kill \`ps | grep cryptroot | grep -v "grep" | awk '{print \$1}'\` | |||
|
24 | # following line kill the remote shell right after the passphrase has | |||
|
25 | # been entered. | |||
|
26 | kill -9 \`ps | grep "\-sh" | grep -v "grep" | awk '{print \$1}'\` | |||
|
27 | exit 0 | |||
|
28 | fi | |||
|
29 | exit 1 | |||
|
30 | EOF | |||
|
31 | ||||
|
32 | chmod 755 "${DESTDIR}/bin/unlock" | |||
|
33 | ||||
|
34 | mkdir -p "${DESTDIR}/lib/unlock" | |||
|
35 | cat > "${DESTDIR}/lib/unlock/plymouth" << EOF | |||
|
36 | #!/bin/sh | |||
|
37 | [ "\$1" == "--ping" ] && exit 1 | |||
|
38 | /bin/plymouth "\$@" | |||
|
39 | EOF | |||
|
40 | ||||
|
41 | chmod 755 "${DESTDIR}/lib/unlock/plymouth" | |||
|
42 | ||||
|
43 | echo To unlock root-partition run "unlock" >> ${DESTDIR}/etc/motd | |||
|
44 | ||||
|
45 | fi No newline at end of file |
@@ -392,6 +392,12 Set cipher specification string. `aes-xts*` ciphers are strongly recommended. | |||||
392 | ##### `CRYPTFS_XTSKEYSIZE`=512 |
|
392 | ##### `CRYPTFS_XTSKEYSIZE`=512 | |
393 | Sets key size in bits. The argument has to be a multiple of 8. |
|
393 | Sets key size in bits. The argument has to be a multiple of 8. | |
394 |
|
394 | |||
|
395 | ##### `CRYPTFS_DROPBEAR`=false | |||
|
396 | Enable Dropbear Initramfs support | |||
|
397 | ||||
|
398 | ##### `CRYPTFS_DROPBEAR_PUBKEY`="" | |||
|
399 | Provide path to dropbear Public RSA-OpenSSH Key | |||
|
400 | ||||
395 | --- |
|
401 | --- | |
396 |
|
402 | |||
397 | #### Build settings: |
|
403 | #### Build settings: |
@@ -29,7 +29,7 if [ "$ENABLE_CRYPTFS" = true ] ; then | |||||
29 | fi |
|
29 | fi | |
30 |
|
30 | |||
31 | # Generate initramfs file |
|
31 | # Generate initramfs file | |
32 |
if |
|
32 | if [ "$ENABLE_INITRAMFS" = true ] ; then | |
33 | if [ "$ENABLE_CRYPTFS" = true ] ; then |
|
33 | if [ "$ENABLE_CRYPTFS" = true ] ; then | |
34 | # Include initramfs scripts to auto expand encrypted root partition |
|
34 | # Include initramfs scripts to auto expand encrypted root partition | |
35 | if [ "$EXPANDROOT" = true ] ; then |
|
35 | if [ "$EXPANDROOT" = true ] ; then | |
@@ -38,8 +38,43 if [ "$BUILD_KERNEL" = true ] && [ "$ENABLE_INITRAMFS" = true ] ; then | |||||
38 | install_exec files/initramfs/expand-tools "${ETC_DIR}/initramfs-tools/hooks/expand-tools" |
|
38 | install_exec files/initramfs/expand-tools "${ETC_DIR}/initramfs-tools/hooks/expand-tools" | |
39 | fi |
|
39 | fi | |
40 |
|
40 | |||
41 | # Disable SSHD inside initramfs |
|
41 | if [ "$CRYPTFS_DROPBEAR" = true ]; then | |
42 | printf "#\n# DROPBEAR: [ y | n ]\n#\n\nDROPBEAR=n\n" >> "${ETC_DIR}/initramfs-tools/initramfs.conf" |
|
42 | if [ -n "$CRYPTFS_DROPBEAR_PUBKEY" ] && [ -f "$CRYPTFS_DROPBEAR_PUBKEY" ] ; then | |
|
43 | install_readonly "${CRYPTFS_DROPBEAR_PUBKEY}" "${ETC_DIR}"/dropbear-initramfs/id_rsa.pub | |||
|
44 | cat "${ETC_DIR}"/dropbear-initramfs/id_rsa.pub >> "${ETC_DIR}"/dropbear-initramfs/authorized_keys | |||
|
45 | else | |||
|
46 | # Create key | |||
|
47 | chroot_exec /usr/bin/dropbearkey -t rsa -f /etc/dropbear-initramfs/id_rsa.dropbear | |||
|
48 | ||||
|
49 | # Convert dropbear key to openssh key | |||
|
50 | chroot_exec /usr/lib/dropbear/dropbearconvert dropbear openssh /etc/dropbear-initramfs/id_rsa.dropbear /etc/dropbear-initramfs/id_rsa | |||
|
51 | ||||
|
52 | # Get Public Key Part | |||
|
53 | chroot_exec /usr/bin/dropbearkey -y -f /etc/dropbear-initramfs/id_rsa.dropbear | chroot_exec tee /etc/dropbear-initramfs/id_rsa.pub | |||
|
54 | ||||
|
55 | # Delete unwanted lines | |||
|
56 | sed -i '/Public/d' "${ETC_DIR}"/dropbear-initramfs/id_rsa.pub | |||
|
57 | sed -i '/Fingerprint/d' "${ETC_DIR}"/dropbear-initramfs/id_rsa.pub | |||
|
58 | ||||
|
59 | # Trust the new key | |||
|
60 | cat "${ETC_DIR}"/dropbear-initramfs/id_rsa.pub > "${ETC_DIR}"/dropbear-initramfs/authorized_keys | |||
|
61 | ||||
|
62 | # Save Keys - convert with putty from rsa/openssh to puttkey | |||
|
63 | cp -f "${ETC_DIR}"/dropbear-initramfs/id_rsa "${BASEDIR}"/dropbear_initramfs_key.rsa | |||
|
64 | ||||
|
65 | # Get unlock script | |||
|
66 | install_exec files/initramfs/crypt_unlock.sh "${ETC_DIR}"/initramfs-tools/hooks/crypt_unlock.sh | |||
|
67 | ||||
|
68 | # Enable Dropbear inside initramfs | |||
|
69 | printf "#\n# DROPBEAR: [ y | n ]\n#\n\nDROPBEAR=y\n" >> "${ETC_DIR}/initramfs-tools/initramfs.conf" | |||
|
70 | ||||
|
71 | # Enable Dropbear inside initramfs | |||
|
72 | sed -i "54 i sleep 5" "${R}"/usr/share/initramfs-tools/scripts/init-premount/dropbear | |||
|
73 | fi | |||
|
74 | else | |||
|
75 | # Disable SSHD inside initramfs | |||
|
76 | printf "#\n# DROPBEAR: [ y | n ]\n#\n\nDROPBEAR=n\n" >> "${ETC_DIR}/initramfs-tools/initramfs.conf" | |||
|
77 | fi | |||
43 |
|
78 | |||
44 | # Add cryptsetup modules to initramfs |
|
79 | # Add cryptsetup modules to initramfs | |
45 | printf "#\n# CRYPTSETUP: [ y | n ]\n#\n\nCRYPTSETUP=y\n" >> "${ETC_DIR}/initramfs-tools/conf-hook" |
|
80 | printf "#\n# CRYPTSETUP: [ y | n ]\n#\n\nCRYPTSETUP=y\n" >> "${ETC_DIR}/initramfs-tools/conf-hook" |
@@ -56,23 +56,38 if [ "$ENABLE_CRYPTFS" = true ] ; then | |||||
56 | fi |
|
56 | fi | |
57 | fi |
|
57 | fi | |
58 |
|
58 | |||
59 | #locks cpu at max frequency |
|
59 | # Enable Kernel messages on standard output | |
60 | if [ "$ENABLE_TURBO" = true ] ; then |
|
|||
61 | echo "force_turbo=1" >> "${BOOT_DIR}/config.txt" |
|
|||
62 | fi |
|
|||
63 |
|
||||
64 | if [ "$ENABLE_PRINTK" = true ] ; then |
|
60 | if [ "$ENABLE_PRINTK" = true ] ; then | |
65 | install_readonly files/sysctl.d/83-rpi-printk.conf "${ETC_DIR}/sysctl.d/83-rpi-printk.conf" |
|
61 | install_readonly files/sysctl.d/83-rpi-printk.conf "${ETC_DIR}/sysctl.d/83-rpi-printk.conf" | |
66 | fi |
|
62 | fi | |
67 |
|
63 | |||
68 | # Install udev rule for serial alias |
|
64 | # Install udev rule for serial alias - serial0 = console serial1=bluetooth | |
69 | install_readonly files/etc/99-com.rules "${LIB_DIR}/udev/rules.d/99-com.rules" |
|
65 | install_readonly files/etc/99-com.rules "${LIB_DIR}/udev/rules.d/99-com.rules" | |
70 |
|
66 | |||
|
67 | # Remove IPv6 networking support | |||
|
68 | if [ "$ENABLE_IPV6" = false ] ; then | |||
|
69 | CMDLINE="${CMDLINE} ipv6.disable=1" | |||
|
70 | fi | |||
|
71 | ||||
|
72 | # Automatically assign predictable network interface names | |||
|
73 | if [ "$ENABLE_IFNAMES" = false ] ; then | |||
|
74 | CMDLINE="${CMDLINE} net.ifnames=0" | |||
|
75 | else | |||
|
76 | CMDLINE="${CMDLINE} net.ifnames=1" | |||
|
77 | fi | |||
|
78 | ||||
|
79 | # Install firmware config | |||
|
80 | install_readonly files/boot/config.txt "${BOOT_DIR}/config.txt" | |||
|
81 | ||||
|
82 | # Locks CPU frequency at maximum | |||
|
83 | if [ "$ENABLE_TURBO" = true ] ; then | |||
|
84 | echo "force_turbo=1" >> "${BOOT_DIR}/config.txt" | |||
|
85 | # helps to avoid sdcard corruption when force_turbo is enabled. | |||
|
86 | echo "boot_delay=1" >> "${BOOT_DIR}/config.txt" | |||
|
87 | fi | |||
|
88 | ||||
71 | if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then |
|
89 | if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then | |
72 |
|
90 | |||
73 | # RPI0,3,3P Use default ttyS0 (mini-UART)as serial interface |
|
|||
74 | SET_SERIAL="ttyS0" |
|
|||
75 |
|
||||
76 | # Bluetooth enabled |
|
91 | # Bluetooth enabled | |
77 | if [ "$ENABLE_BLUETOOTH" = true ] ; then |
|
92 | if [ "$ENABLE_BLUETOOTH" = true ] ; then | |
78 | # Create temporary directory for Bluetooth sources |
|
93 | # Create temporary directory for Bluetooth sources | |
@@ -94,6 +109,10 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then | |||||
94 | # Install tools |
|
109 | # Install tools | |
95 | install_readonly "${R}/tmp/pi-bluetooth/usr/bin/btuart" "${R}/usr/bin/btuart" |
|
110 | install_readonly "${R}/tmp/pi-bluetooth/usr/bin/btuart" "${R}/usr/bin/btuart" | |
96 | install_readonly "${R}/tmp/pi-bluetooth/usr/bin/bthelper" "${R}/usr/bin/bthelper" |
|
111 | install_readonly "${R}/tmp/pi-bluetooth/usr/bin/bthelper" "${R}/usr/bin/bthelper" | |
|
112 | ||||
|
113 | # make scripts executable | |||
|
114 | chmod +x "${R}/usr/bin/bthelper" | |||
|
115 | chmod +x "${R}/usr/bin/btuart" | |||
97 |
|
116 | |||
98 | # Install bluetooth udev rule |
|
117 | # Install bluetooth udev rule | |
99 | install_readonly "${R}/tmp/pi-bluetooth/lib/udev/rules.d/90-pi-bluetooth.rules" "${LIB_DIR}/udev/rules.d/90-pi-bluetooth.rules" |
|
118 | install_readonly "${R}/tmp/pi-bluetooth/lib/udev/rules.d/90-pi-bluetooth.rules" "${LIB_DIR}/udev/rules.d/90-pi-bluetooth.rules" | |
@@ -105,12 +124,12 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then | |||||
105 | install_readonly "${R}/tmp/pi-bluetooth/debian/pi-bluetooth.bthelper@.service" "${ETC_DIR}/systemd/system/pi-bluetooth.bthelper@.service" |
|
124 | install_readonly "${R}/tmp/pi-bluetooth/debian/pi-bluetooth.bthelper@.service" "${ETC_DIR}/systemd/system/pi-bluetooth.bthelper@.service" | |
106 | install_readonly "${R}/tmp/pi-bluetooth/debian/pi-bluetooth.hciuart.service" "${ETC_DIR}/systemd/system/pi-bluetooth.hciuart.service" |
|
125 | install_readonly "${R}/tmp/pi-bluetooth/debian/pi-bluetooth.hciuart.service" "${ETC_DIR}/systemd/system/pi-bluetooth.hciuart.service" | |
107 |
|
126 | |||
108 |
# Remove temporary director |
|
127 | # Remove temporary directories | |
109 | rm -fr "${temp_dir}" |
|
128 | rm -fr "${temp_dir}" | |
|
129 | rm -fr "${R}"/tmp/pi-bluetooth | |||
110 |
|
130 | |||
111 | # Switch Pi3 Bluetooth function to use the mini-UART (ttyS0) and restore UART0/ttyAMA0 over GPIOs 14 & 15. Slow Bluetooth and slow cpu. Use /dev/ttyS0 instead of /dev/ttyAMA0 |
|
131 | # Switch Pi3 Bluetooth function to use the mini-UART (ttyS0) and restore UART0/ttyAMA0 over GPIOs 14 & 15. Slow Bluetooth and slow cpu. Use /dev/ttyS0 instead of /dev/ttyAMA0 | |
112 | if [ "$ENABLE_MINIUART_OVERLAY" = true ] ; then |
|
132 | if [ "$ENABLE_MINIUART_OVERLAY" = true ] ; then | |
113 | SET_SERIAL="ttyAMA0" |
|
|||
114 |
|
133 | |||
115 | # set overlay to swap ttyAMA0 and ttyS0 |
|
134 | # set overlay to swap ttyAMA0 and ttyS0 | |
116 | echo "dtoverlay=pi3-miniuart-bt" >> "${BOOT_DIR}/config.txt" |
|
135 | echo "dtoverlay=pi3-miniuart-bt" >> "${BOOT_DIR}/config.txt" | |
@@ -119,23 +138,15 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then | |||||
119 | if [ "$ENABLE_TURBO" = false ] ; then |
|
138 | if [ "$ENABLE_TURBO" = false ] ; then | |
120 | echo "core_freq=250" >> "${BOOT_DIR}/config.txt" |
|
139 | echo "core_freq=250" >> "${BOOT_DIR}/config.txt" | |
121 | fi |
|
140 | fi | |
122 |
|
||||
123 | # Activate services |
|
|||
124 | chroot_exec systemctl enable pi-bluetooth.hciuart.service |
|
|||
125 | #chroot_exec systemctl enable pi-bluetooth.bthelper@.service |
|
|||
126 | else |
|
|||
127 | chroot_exec systemctl enable pi-bluetooth.hciuart.service |
|
|||
128 | #chroot_exec systemctl enable pi-bluetooth.bthelper@.service |
|
|||
129 |
|
|
141 | fi | |
|
142 | ||||
|
143 | # Activate services | |||
|
144 | chroot_exec systemctl enable pi-bluetooth.hciuart.service | |||
130 |
|
145 | |||
131 | else # if ENABLE_BLUETOOTH = false |
|
146 | else # if ENABLE_BLUETOOTH = false | |
132 | # set overlay to disable bluetooth |
|
147 | # set overlay to disable bluetooth | |
133 | echo "dtoverlay=pi3-disable-bt" >> "${BOOT_DIR}/config.txt" |
|
148 | echo "dtoverlay=pi3-disable-bt" >> "${BOOT_DIR}/config.txt" | |
134 | fi # ENABLE_BLUETOOTH end |
|
149 | fi # ENABLE_BLUETOOTH end | |
135 |
|
||||
136 | else |
|
|||
137 | # RPI1,1P,2 Use default ttyAMA0 (full UART) as serial interface |
|
|||
138 | SET_SERIAL="ttyAMA0" |
|
|||
139 | fi |
|
150 | fi | |
140 |
|
151 | |||
141 | # may need sudo systemctl disable hciuart |
|
152 | # may need sudo systemctl disable hciuart | |
@@ -145,31 +156,14 if [ "$ENABLE_CONSOLE" = true ] ; then | |||||
145 | CMDLINE="${CMDLINE} console=serial0,115200" |
|
156 | CMDLINE="${CMDLINE} console=serial0,115200" | |
146 |
|
157 | |||
147 | # Enable serial console systemd style |
|
158 | # Enable serial console systemd style | |
148 |
chroot_exec systemctl enable serial-getty\@ |
|
159 | chroot_exec systemctl enable serial-getty\@serial0.service | |
149 | else |
|
160 | else | |
150 | echo "enable_uart=0" >> "${BOOT_DIR}/config.txt" |
|
161 | echo "enable_uart=0" >> "${BOOT_DIR}/config.txt" | |
151 | # disable serial console systemd style |
|
|||
152 | chroot_exec systemctl disable serial-getty\@"$SET_SERIAL".service |
|
|||
153 | fi |
|
|||
154 |
|
||||
155 | # Remove IPv6 networking support |
|
|||
156 | if [ "$ENABLE_IPV6" = false ] ; then |
|
|||
157 | CMDLINE="${CMDLINE} ipv6.disable=1" |
|
|||
158 | fi |
|
|||
159 |
|
||||
160 | # Automatically assign predictable network interface names |
|
|||
161 | if [ "$ENABLE_IFNAMES" = false ] ; then |
|
|||
162 | CMDLINE="${CMDLINE} net.ifnames=0" |
|
|||
163 | else |
|
|||
164 | CMDLINE="${CMDLINE} net.ifnames=1" |
|
|||
165 | fi |
|
162 | fi | |
166 |
|
163 | |||
167 | # Install firmware boot cmdline |
|
164 | # Install firmware boot cmdline | |
168 | echo "${CMDLINE}" > "${BOOT_DIR}/cmdline.txt" |
|
165 | echo "${CMDLINE}" > "${BOOT_DIR}/cmdline.txt" | |
169 |
|
166 | |||
170 | # Install firmware config |
|
|||
171 | install_readonly files/boot/config.txt "${BOOT_DIR}/config.txt" |
|
|||
172 |
|
||||
173 | # Setup minimal GPU memory allocation size: 16MB (no X) |
|
167 | # Setup minimal GPU memory allocation size: 16MB (no X) | |
174 | if [ "$ENABLE_MINGPU" = true ] ; then |
|
168 | if [ "$ENABLE_MINGPU" = true ] ; then | |
175 | echo "gpu_mem=16" >> "${BOOT_DIR}/config.txt" |
|
169 | echo "gpu_mem=16" >> "${BOOT_DIR}/config.txt" |
@@ -57,6 +57,20 else # ENABLE_DHCP=false | |||||
57 | -e "0,/NTP=\$/ s|NTP=\$|NTP=${NET_NTP_1}|"\ |
|
57 | -e "0,/NTP=\$/ s|NTP=\$|NTP=${NET_NTP_1}|"\ | |
58 | -e "0,/NTP=\$/ s|NTP=\$|NTP=${NET_NTP_2}|"\ |
|
58 | -e "0,/NTP=\$/ s|NTP=\$|NTP=${NET_NTP_2}|"\ | |
59 | "${ETC_DIR}/systemd/network/eth.network" |
|
59 | "${ETC_DIR}/systemd/network/eth.network" | |
|
60 | ||||
|
61 | if [ "$CRYPTFS_DROPBEAR" = true ] ; then | |||
|
62 | # Get cdir from NET_ADDRESS e.g. 24 | |||
|
63 | cdir=$(${NET_ADDRESS} | cut -d '/' -f2) | |||
|
64 | ||||
|
65 | # Convert cdir ro netmask e.g. 24 to 255.255.255.0 | |||
|
66 | NET_MASK=$(cdr2mask "$cdir") | |||
|
67 | ||||
|
68 | # Write static ip settings to "${ETC_DIR}"/initramfs-tools/initramfs.conf | |||
|
69 | sed -i "\$aIP=${NET_ADDRESS}::${NET_GATEWAY}:${NET_MASK}:${HOSTNAME}:" "${ETC_DIR}"/initramfs-tools/initramfs.conf | |||
|
70 | ||||
|
71 | # Regenerate initramfs | |||
|
72 | chroot_exec mkinitramfs -o "/boot/firmware/initramfs-${KERNEL_VERSION}" "${KERNEL_VERSION}" | |||
|
73 | fi | |||
60 | fi |
|
74 | fi | |
61 |
|
75 | |||
62 | # Remove empty settings from network configuration |
|
76 | # Remove empty settings from network configuration |
@@ -27,6 +27,9 if [ "$ENABLE_IPTABLES" = true ] ; then | |||||
27 | chroot_exec systemctl enable iptables.service |
|
27 | chroot_exec systemctl enable iptables.service | |
28 |
|
28 | |||
29 | if [ "$ENABLE_IPV6" = true ] ; then |
|
29 | if [ "$ENABLE_IPV6" = true ] ; then | |
|
30 | # make sure ip6tables-legacy is the used alternatives | |||
|
31 | chroot_exec update-alternatives --verbose --set ip6tables /usr/sbin/ip6tables-legacy | |||
|
32 | ||||
30 | # Install ip6tables systemd service |
|
33 | # Install ip6tables systemd service | |
31 | install_readonly files/iptables/ip6tables.service "${ETC_DIR}/systemd/system/ip6tables.service" |
|
34 | install_readonly files/iptables/ip6tables.service "${ETC_DIR}/systemd/system/ip6tables.service" | |
32 |
|
35 |
@@ -22,8 +22,3 else | |||||
22 | # Set no root password to disable root login |
|
22 | # Set no root password to disable root login | |
23 | chroot_exec usermod -p \'!\' root |
|
23 | chroot_exec usermod -p \'!\' root | |
24 | fi |
|
24 | fi | |
25 |
|
||||
26 | # Enable serial console systemd style |
|
|||
27 | if [ "$ENABLE_CONSOLE" = true ] ; then |
|
|||
28 | chroot_exec systemctl enable serial-getty\@ttyAMA0.service |
|
|||
29 | fi |
|
@@ -50,4 +50,7 if [ "$ENABLE_VIDEOCORE" = true ] ; then | |||||
50 |
|
50 | |||
51 | #back to root of scriptdir |
|
51 | #back to root of scriptdir | |
52 | cd "${WORKDIR}" |
|
52 | cd "${WORKDIR}" | |
|
53 | ||||
|
54 | # Remove videocore sources | |||
|
55 | rm -fr "${R}"/tmp/userland/ | |||
53 | fi |
|
56 | fi |
@@ -75,3 +75,12 chroot_remove_cc() { | |||||
75 | COMPILER_PACKAGES="" |
|
75 | COMPILER_PACKAGES="" | |
76 | fi |
|
76 | fi | |
77 | } |
|
77 | } | |
|
78 | ||||
|
79 | # https://serverfault.com/a/682849 - converts e.g. /24 to 255.255.255.0 | |||
|
80 | cdr2mask () | |||
|
81 | { | |||
|
82 | # Number of args to shift, 255..255, first non-255 byte, zeroes | |||
|
83 | set -- $(( 5 - ($1 / 8) )) 255 255 255 255 $(( (255 << (8 - ($1 % 8))) & 255 )) 0 0 0 | |||
|
84 | [ $1 -gt 1 ] && shift $1 || shift | |||
|
85 | echo ${1-0}.${2-0}.${3-0}.${4-0} | |||
|
86 | } No newline at end of file |
@@ -185,6 +185,10 CRYPTFS_PASSWORD=${CRYPTFS_PASSWORD:=""} | |||||
185 | CRYPTFS_MAPPING=${CRYPTFS_MAPPING:="secure"} |
|
185 | CRYPTFS_MAPPING=${CRYPTFS_MAPPING:="secure"} | |
186 | CRYPTFS_CIPHER=${CRYPTFS_CIPHER:="aes-xts-plain64:sha512"} |
|
186 | CRYPTFS_CIPHER=${CRYPTFS_CIPHER:="aes-xts-plain64:sha512"} | |
187 | CRYPTFS_XTSKEYSIZE=${CRYPTFS_XTSKEYSIZE:=512} |
|
187 | CRYPTFS_XTSKEYSIZE=${CRYPTFS_XTSKEYSIZE:=512} | |
|
188 | #Dropbear-initramfs supports unlocking encrypted filesystem via SSH on bootup | |||
|
189 | CRYPTFS_DROPBEAR=${CRYPTFS_DROPBEAR:=false} | |||
|
190 | #Provide your own Dropbear Public RSA-OpenSSH Key otherwise it will be generated | |||
|
191 | CRYPTFS_DROPBEAR_PUBKEY=${CRYPTFS_DROPBEAR_PUBKEY:=""} | |||
188 |
|
192 | |||
189 | # Chroot scripts directory |
|
193 | # Chroot scripts directory | |
190 | CHROOT_SCRIPTS=${CHROOT_SCRIPTS:=""} |
|
194 | CHROOT_SCRIPTS=${CHROOT_SCRIPTS:=""} | |
@@ -203,11 +207,9 MISSING_PACKAGES="" | |||||
203 | # Packages installed for c/c++ build environment in chroot (keep empty) |
|
207 | # Packages installed for c/c++ build environment in chroot (keep empty) | |
204 | COMPILER_PACKAGES="" |
|
208 | COMPILER_PACKAGES="" | |
205 |
|
209 | |||
206 | set +x |
|
210 | # Check if apt-cacher-ng has port 3142 open and set APT_PROXY | |
207 |
|
211 | APT_CACHER_RUNNING=$(lsof -i :3142 | cut -d ' ' -f3 | uniq | sed '/^\s*$/d') | ||
208 | #Check if apt-cacher-ng has port 3142 open and set APT_PROXY |
|
212 | if [ "${APT_CACHER_RUNNING}" = "apt-cacher-ng" ] ; then | |
209 | APT_CACHER_RUNNING=$(lsof -i :3142 | grep apt-cacher-ng | cut -d ' ' -f3 | uniq) |
|
|||
210 | if [ -n "${APT_CACHER_RUNNING}" ] ; then |
|
|||
211 | APT_PROXY=http://127.0.0.1:3142/ |
|
213 | APT_PROXY=http://127.0.0.1:3142/ | |
212 | fi |
|
214 | fi | |
213 |
|
215 | |||
@@ -258,7 +260,7 if [ -n "$SET_ARCH" ] ; then | |||||
258 | CROSS_COMPILE=${CROSS_COMPILE:=arm-linux-gnueabihf-} |
|
260 | CROSS_COMPILE=${CROSS_COMPILE:=arm-linux-gnueabihf-} | |
259 | fi |
|
261 | fi | |
260 | fi |
|
262 | fi | |
261 | #SET_ARCH not set |
|
263 | # SET_ARCH not set | |
262 | else |
|
264 | else | |
263 | echo "error: Please set '32' or '64' as value for SET_ARCH" |
|
265 | echo "error: Please set '32' or '64' as value for SET_ARCH" | |
264 | exit 1 |
|
266 | exit 1 | |
@@ -298,9 +300,12 esac | |||||
298 | # Raspberry PI 0,3,3P with Bluetooth and Wifi onboard |
|
300 | # Raspberry PI 0,3,3P with Bluetooth and Wifi onboard | |
299 | if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then |
|
301 | if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then | |
300 | # Include bluetooth packages on supported boards |
|
302 | # Include bluetooth packages on supported boards | |
301 |
if [ "$ENABLE_BLUETOOTH" = true ] |
|
303 | if [ "$ENABLE_BLUETOOTH" = true ] ; then | |
302 | APT_INCLUDES="${APT_INCLUDES},bluetooth,bluez" |
|
304 | APT_INCLUDES="${APT_INCLUDES},bluetooth,bluez" | |
303 | fi |
|
305 | fi | |
|
306 | if [ "$ENABLE_WIRELESS" = true ] ; then | |||
|
307 | APT_INCLUDES="${APT_INCLUDES},wireless-tools,crda,wireless-regdb" | |||
|
308 | fi | |||
304 | else # Raspberry PI 1,1P,2 without Wifi and bluetooth onboard |
|
309 | else # Raspberry PI 1,1P,2 without Wifi and bluetooth onboard | |
305 | # Check if the internal wireless interface is not supported by the RPi model |
|
310 | # Check if the internal wireless interface is not supported by the RPi model | |
306 | if [ "$ENABLE_WIRELESS" = true ] || [ "$ENABLE_BLUETOOTH" = true ]; then |
|
311 | if [ "$ENABLE_WIRELESS" = true ] || [ "$ENABLE_BLUETOOTH" = true ]; then | |
@@ -345,6 +350,11 if [ "$ENABLE_CRYPTFS" = true ] && [ "$BUILD_KERNEL" = true ] ; then | |||||
345 | REQUIRED_PACKAGES="${REQUIRED_PACKAGES} cryptsetup" |
|
350 | REQUIRED_PACKAGES="${REQUIRED_PACKAGES} cryptsetup" | |
346 | APT_INCLUDES="${APT_INCLUDES},cryptsetup,busybox,console-setup" |
|
351 | APT_INCLUDES="${APT_INCLUDES},cryptsetup,busybox,console-setup" | |
347 |
|
352 | |||
|
353 | # If cryptfs,dropbear and initramfs are enabled include dropbear-initramfs package | |||
|
354 | if [ "$CRYPTFS_DROPBEAR" = true ] && [ "$ENABLE_INITRAMFS" = true ]; then | |||
|
355 | APT_INCLUDES="${APT_INCLUDES},dropbear-initramfs" | |||
|
356 | fi | |||
|
357 | ||||
348 | if [ -z "$CRYPTFS_PASSWORD" ] ; then |
|
358 | if [ -z "$CRYPTFS_PASSWORD" ] ; then | |
349 | echo "error: no password defined (CRYPTFS_PASSWORD)!" |
|
359 | echo "error: no password defined (CRYPTFS_PASSWORD)!" | |
350 | exit 1 |
|
360 | exit 1 | |
@@ -362,14 +372,6 if [ "$ENABLE_UBOOT" = true ] ; then | |||||
362 | APT_INCLUDES="${APT_INCLUDES},device-tree-compiler,bison,flex,bc" |
|
372 | APT_INCLUDES="${APT_INCLUDES},device-tree-compiler,bison,flex,bc" | |
363 | fi |
|
373 | fi | |
364 |
|
374 | |||
365 | if [ "$ENABLE_BLUETOOTH" = true ] ; then |
|
|||
366 | if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then |
|
|||
367 | if [ "$ENABLE_CONSOLE" = false ] ; then |
|
|||
368 | APT_INCLUDES="${APT_INCLUDES},bluetooth,bluez" |
|
|||
369 | fi |
|
|||
370 | fi |
|
|||
371 | fi |
|
|||
372 |
|
||||
373 | # Check if root SSH (v2) public key file exists |
|
375 | # Check if root SSH (v2) public key file exists | |
374 | if [ -n "$SSH_ROOT_PUB_KEY" ] ; then |
|
376 | if [ -n "$SSH_ROOT_PUB_KEY" ] ; then | |
375 | if [ ! -f "$SSH_ROOT_PUB_KEY" ] ; then |
|
377 | if [ ! -f "$SSH_ROOT_PUB_KEY" ] ; then |
General Comments 0
Vous devez vous connecter pour laisser un commentaire.
Se connecter maintenant