##// END OF EJS Templates
Dropbear initramfs...
Unknown -
r501:3c3d6ac60789
parent child
Show More
@@ -0,0 +1,45
1 #!/bin/sh
2
3 PREREQ="dropbear"
4
5 prereqs() {
6 echo "$PREREQ"
7 }
8
9 case "$1" in
10 prereqs)
11 prereqs
12 exit 0
13 ;;
14 esac
15
16 . "${CONFDIR}/initramfs.conf"
17 . /usr/share/initramfs-tools/hook-functions
18
19 if [ "${DROPBEAR}" != "n" ] && [ -r "/etc/crypttab" ] ; then
20 cat > "${DESTDIR}/bin/unlock" << EOF
21 #!/bin/sh
22 if PATH=/lib/unlock:/bin:/sbin /scripts/local-top/cryptroot; then
23 kill \`ps | grep cryptroot | grep -v "grep" | awk '{print \$1}'\`
24 # following line kill the remote shell right after the passphrase has
25 # been entered.
26 kill -9 \`ps | grep "\-sh" | grep -v "grep" | awk '{print \$1}'\`
27 exit 0
28 fi
29 exit 1
30 EOF
31
32 chmod 755 "${DESTDIR}/bin/unlock"
33
34 mkdir -p "${DESTDIR}/lib/unlock"
35 cat > "${DESTDIR}/lib/unlock/plymouth" << EOF
36 #!/bin/sh
37 [ "\$1" == "--ping" ] && exit 1
38 /bin/plymouth "\$@"
39 EOF
40
41 chmod 755 "${DESTDIR}/lib/unlock/plymouth"
42
43 echo To unlock root-partition run "unlock" >> ${DESTDIR}/etc/motd
44
45 fi No newline at end of file
@@ -392,6 +392,12 Set cipher specification string. `aes-xts*` ciphers are strongly recommended.
392 ##### `CRYPTFS_XTSKEYSIZE`=512
392 ##### `CRYPTFS_XTSKEYSIZE`=512
393 Sets key size in bits. The argument has to be a multiple of 8.
393 Sets key size in bits. The argument has to be a multiple of 8.
394
394
395 ##### `CRYPTFS_DROPBEAR`=false
396 Enable Dropbear Initramfs support
397
398 ##### `CRYPTFS_DROPBEAR_PUBKEY`=""
399 Provide path to dropbear Public RSA-OpenSSH Key
400
395 ---
401 ---
396
402
397 #### Build settings:
403 #### Build settings:
@@ -29,7 +29,7 if [ "$ENABLE_CRYPTFS" = true ] ; then
29 fi
29 fi
30
30
31 # Generate initramfs file
31 # Generate initramfs file
32 if [ "$BUILD_KERNEL" = true ] && [ "$ENABLE_INITRAMFS" = true ] ; then
32 if [ "$ENABLE_INITRAMFS" = true ] ; then
33 if [ "$ENABLE_CRYPTFS" = true ] ; then
33 if [ "$ENABLE_CRYPTFS" = true ] ; then
34 # Include initramfs scripts to auto expand encrypted root partition
34 # Include initramfs scripts to auto expand encrypted root partition
35 if [ "$EXPANDROOT" = true ] ; then
35 if [ "$EXPANDROOT" = true ] ; then
@@ -38,8 +38,43 if [ "$BUILD_KERNEL" = true ] && [ "$ENABLE_INITRAMFS" = true ] ; then
38 install_exec files/initramfs/expand-tools "${ETC_DIR}/initramfs-tools/hooks/expand-tools"
38 install_exec files/initramfs/expand-tools "${ETC_DIR}/initramfs-tools/hooks/expand-tools"
39 fi
39 fi
40
40
41 # Disable SSHD inside initramfs
41 if [ "$CRYPTFS_DROPBEAR" = true ]; then
42 printf "#\n# DROPBEAR: [ y | n ]\n#\n\nDROPBEAR=n\n" >> "${ETC_DIR}/initramfs-tools/initramfs.conf"
42 if [ -n "$CRYPTFS_DROPBEAR_PUBKEY" ] && [ -f "$CRYPTFS_DROPBEAR_PUBKEY" ] ; then
43 install_readonly "${CRYPTFS_DROPBEAR_PUBKEY}" "${ETC_DIR}"/dropbear-initramfs/id_rsa.pub
44 cat "${ETC_DIR}"/dropbear-initramfs/id_rsa.pub >> "${ETC_DIR}"/dropbear-initramfs/authorized_keys
45 else
46 # Create key
47 chroot_exec /usr/bin/dropbearkey -t rsa -f /etc/dropbear-initramfs/id_rsa.dropbear
48
49 # Convert dropbear key to openssh key
50 chroot_exec /usr/lib/dropbear/dropbearconvert dropbear openssh /etc/dropbear-initramfs/id_rsa.dropbear /etc/dropbear-initramfs/id_rsa
51
52 # Get Public Key Part
53 chroot_exec /usr/bin/dropbearkey -y -f /etc/dropbear-initramfs/id_rsa.dropbear | chroot_exec tee /etc/dropbear-initramfs/id_rsa.pub
54
55 # Delete unwanted lines
56 sed -i '/Public/d' "${ETC_DIR}"/dropbear-initramfs/id_rsa.pub
57 sed -i '/Fingerprint/d' "${ETC_DIR}"/dropbear-initramfs/id_rsa.pub
58
59 # Trust the new key
60 cat "${ETC_DIR}"/dropbear-initramfs/id_rsa.pub > "${ETC_DIR}"/dropbear-initramfs/authorized_keys
61
62 # Save Keys - convert with putty from rsa/openssh to puttkey
63 cp -f "${ETC_DIR}"/dropbear-initramfs/id_rsa "${BASEDIR}"/dropbear_initramfs_key.rsa
64
65 # Get unlock script
66 install_exec files/initramfs/crypt_unlock.sh "${ETC_DIR}"/initramfs-tools/hooks/crypt_unlock.sh
67
68 # Enable Dropbear inside initramfs
69 printf "#\n# DROPBEAR: [ y | n ]\n#\n\nDROPBEAR=y\n" >> "${ETC_DIR}/initramfs-tools/initramfs.conf"
70
71 # Enable Dropbear inside initramfs
72 sed -i "54 i sleep 5" "${R}"/usr/share/initramfs-tools/scripts/init-premount/dropbear
73 fi
74 else
75 # Disable SSHD inside initramfs
76 printf "#\n# DROPBEAR: [ y | n ]\n#\n\nDROPBEAR=n\n" >> "${ETC_DIR}/initramfs-tools/initramfs.conf"
77 fi
43
78
44 # Add cryptsetup modules to initramfs
79 # Add cryptsetup modules to initramfs
45 printf "#\n# CRYPTSETUP: [ y | n ]\n#\n\nCRYPTSETUP=y\n" >> "${ETC_DIR}/initramfs-tools/conf-hook"
80 printf "#\n# CRYPTSETUP: [ y | n ]\n#\n\nCRYPTSETUP=y\n" >> "${ETC_DIR}/initramfs-tools/conf-hook"
@@ -56,23 +56,38 if [ "$ENABLE_CRYPTFS" = true ] ; then
56 fi
56 fi
57 fi
57 fi
58
58
59 #locks cpu at max frequency
59 # Enable Kernel messages on standard output
60 if [ "$ENABLE_TURBO" = true ] ; then
61 echo "force_turbo=1" >> "${BOOT_DIR}/config.txt"
62 fi
63
64 if [ "$ENABLE_PRINTK" = true ] ; then
60 if [ "$ENABLE_PRINTK" = true ] ; then
65 install_readonly files/sysctl.d/83-rpi-printk.conf "${ETC_DIR}/sysctl.d/83-rpi-printk.conf"
61 install_readonly files/sysctl.d/83-rpi-printk.conf "${ETC_DIR}/sysctl.d/83-rpi-printk.conf"
66 fi
62 fi
67
63
68 # Install udev rule for serial alias
64 # Install udev rule for serial alias - serial0 = console serial1=bluetooth
69 install_readonly files/etc/99-com.rules "${LIB_DIR}/udev/rules.d/99-com.rules"
65 install_readonly files/etc/99-com.rules "${LIB_DIR}/udev/rules.d/99-com.rules"
70
66
67 # Remove IPv6 networking support
68 if [ "$ENABLE_IPV6" = false ] ; then
69 CMDLINE="${CMDLINE} ipv6.disable=1"
70 fi
71
72 # Automatically assign predictable network interface names
73 if [ "$ENABLE_IFNAMES" = false ] ; then
74 CMDLINE="${CMDLINE} net.ifnames=0"
75 else
76 CMDLINE="${CMDLINE} net.ifnames=1"
77 fi
78
79 # Install firmware config
80 install_readonly files/boot/config.txt "${BOOT_DIR}/config.txt"
81
82 # Locks CPU frequency at maximum
83 if [ "$ENABLE_TURBO" = true ] ; then
84 echo "force_turbo=1" >> "${BOOT_DIR}/config.txt"
85 # helps to avoid sdcard corruption when force_turbo is enabled.
86 echo "boot_delay=1" >> "${BOOT_DIR}/config.txt"
87 fi
88
71 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then
89 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then
72
90
73 # RPI0,3,3P Use default ttyS0 (mini-UART)as serial interface
74 SET_SERIAL="ttyS0"
75
76 # Bluetooth enabled
91 # Bluetooth enabled
77 if [ "$ENABLE_BLUETOOTH" = true ] ; then
92 if [ "$ENABLE_BLUETOOTH" = true ] ; then
78 # Create temporary directory for Bluetooth sources
93 # Create temporary directory for Bluetooth sources
@@ -94,6 +109,10 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then
94 # Install tools
109 # Install tools
95 install_readonly "${R}/tmp/pi-bluetooth/usr/bin/btuart" "${R}/usr/bin/btuart"
110 install_readonly "${R}/tmp/pi-bluetooth/usr/bin/btuart" "${R}/usr/bin/btuart"
96 install_readonly "${R}/tmp/pi-bluetooth/usr/bin/bthelper" "${R}/usr/bin/bthelper"
111 install_readonly "${R}/tmp/pi-bluetooth/usr/bin/bthelper" "${R}/usr/bin/bthelper"
112
113 # make scripts executable
114 chmod +x "${R}/usr/bin/bthelper"
115 chmod +x "${R}/usr/bin/btuart"
97
116
98 # Install bluetooth udev rule
117 # Install bluetooth udev rule
99 install_readonly "${R}/tmp/pi-bluetooth/lib/udev/rules.d/90-pi-bluetooth.rules" "${LIB_DIR}/udev/rules.d/90-pi-bluetooth.rules"
118 install_readonly "${R}/tmp/pi-bluetooth/lib/udev/rules.d/90-pi-bluetooth.rules" "${LIB_DIR}/udev/rules.d/90-pi-bluetooth.rules"
@@ -105,12 +124,12 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then
105 install_readonly "${R}/tmp/pi-bluetooth/debian/pi-bluetooth.bthelper@.service" "${ETC_DIR}/systemd/system/pi-bluetooth.bthelper@.service"
124 install_readonly "${R}/tmp/pi-bluetooth/debian/pi-bluetooth.bthelper@.service" "${ETC_DIR}/systemd/system/pi-bluetooth.bthelper@.service"
106 install_readonly "${R}/tmp/pi-bluetooth/debian/pi-bluetooth.hciuart.service" "${ETC_DIR}/systemd/system/pi-bluetooth.hciuart.service"
125 install_readonly "${R}/tmp/pi-bluetooth/debian/pi-bluetooth.hciuart.service" "${ETC_DIR}/systemd/system/pi-bluetooth.hciuart.service"
107
126
108 # Remove temporary directory
127 # Remove temporary directories
109 rm -fr "${temp_dir}"
128 rm -fr "${temp_dir}"
129 rm -fr "${R}"/tmp/pi-bluetooth
110
130
111 # Switch Pi3 Bluetooth function to use the mini-UART (ttyS0) and restore UART0/ttyAMA0 over GPIOs 14 & 15. Slow Bluetooth and slow cpu. Use /dev/ttyS0 instead of /dev/ttyAMA0
131 # Switch Pi3 Bluetooth function to use the mini-UART (ttyS0) and restore UART0/ttyAMA0 over GPIOs 14 & 15. Slow Bluetooth and slow cpu. Use /dev/ttyS0 instead of /dev/ttyAMA0
112 if [ "$ENABLE_MINIUART_OVERLAY" = true ] ; then
132 if [ "$ENABLE_MINIUART_OVERLAY" = true ] ; then
113 SET_SERIAL="ttyAMA0"
114
133
115 # set overlay to swap ttyAMA0 and ttyS0
134 # set overlay to swap ttyAMA0 and ttyS0
116 echo "dtoverlay=pi3-miniuart-bt" >> "${BOOT_DIR}/config.txt"
135 echo "dtoverlay=pi3-miniuart-bt" >> "${BOOT_DIR}/config.txt"
@@ -119,23 +138,15 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then
119 if [ "$ENABLE_TURBO" = false ] ; then
138 if [ "$ENABLE_TURBO" = false ] ; then
120 echo "core_freq=250" >> "${BOOT_DIR}/config.txt"
139 echo "core_freq=250" >> "${BOOT_DIR}/config.txt"
121 fi
140 fi
122
123 # Activate services
124 chroot_exec systemctl enable pi-bluetooth.hciuart.service
125 #chroot_exec systemctl enable pi-bluetooth.bthelper@.service
126 else
127 chroot_exec systemctl enable pi-bluetooth.hciuart.service
128 #chroot_exec systemctl enable pi-bluetooth.bthelper@.service
129 fi
141 fi
142
143 # Activate services
144 chroot_exec systemctl enable pi-bluetooth.hciuart.service
130
145
131 else # if ENABLE_BLUETOOTH = false
146 else # if ENABLE_BLUETOOTH = false
132 # set overlay to disable bluetooth
147 # set overlay to disable bluetooth
133 echo "dtoverlay=pi3-disable-bt" >> "${BOOT_DIR}/config.txt"
148 echo "dtoverlay=pi3-disable-bt" >> "${BOOT_DIR}/config.txt"
134 fi # ENABLE_BLUETOOTH end
149 fi # ENABLE_BLUETOOTH end
135
136 else
137 # RPI1,1P,2 Use default ttyAMA0 (full UART) as serial interface
138 SET_SERIAL="ttyAMA0"
139 fi
150 fi
140
151
141 # may need sudo systemctl disable hciuart
152 # may need sudo systemctl disable hciuart
@@ -145,31 +156,14 if [ "$ENABLE_CONSOLE" = true ] ; then
145 CMDLINE="${CMDLINE} console=serial0,115200"
156 CMDLINE="${CMDLINE} console=serial0,115200"
146
157
147 # Enable serial console systemd style
158 # Enable serial console systemd style
148 chroot_exec systemctl enable serial-getty\@"$SET_SERIAL".service
159 chroot_exec systemctl enable serial-getty\@serial0.service
149 else
160 else
150 echo "enable_uart=0" >> "${BOOT_DIR}/config.txt"
161 echo "enable_uart=0" >> "${BOOT_DIR}/config.txt"
151 # disable serial console systemd style
152 chroot_exec systemctl disable serial-getty\@"$SET_SERIAL".service
153 fi
154
155 # Remove IPv6 networking support
156 if [ "$ENABLE_IPV6" = false ] ; then
157 CMDLINE="${CMDLINE} ipv6.disable=1"
158 fi
159
160 # Automatically assign predictable network interface names
161 if [ "$ENABLE_IFNAMES" = false ] ; then
162 CMDLINE="${CMDLINE} net.ifnames=0"
163 else
164 CMDLINE="${CMDLINE} net.ifnames=1"
165 fi
162 fi
166
163
167 # Install firmware boot cmdline
164 # Install firmware boot cmdline
168 echo "${CMDLINE}" > "${BOOT_DIR}/cmdline.txt"
165 echo "${CMDLINE}" > "${BOOT_DIR}/cmdline.txt"
169
166
170 # Install firmware config
171 install_readonly files/boot/config.txt "${BOOT_DIR}/config.txt"
172
173 # Setup minimal GPU memory allocation size: 16MB (no X)
167 # Setup minimal GPU memory allocation size: 16MB (no X)
174 if [ "$ENABLE_MINGPU" = true ] ; then
168 if [ "$ENABLE_MINGPU" = true ] ; then
175 echo "gpu_mem=16" >> "${BOOT_DIR}/config.txt"
169 echo "gpu_mem=16" >> "${BOOT_DIR}/config.txt"
@@ -57,6 +57,20 else # ENABLE_DHCP=false
57 -e "0,/NTP=\$/ s|NTP=\$|NTP=${NET_NTP_1}|"\
57 -e "0,/NTP=\$/ s|NTP=\$|NTP=${NET_NTP_1}|"\
58 -e "0,/NTP=\$/ s|NTP=\$|NTP=${NET_NTP_2}|"\
58 -e "0,/NTP=\$/ s|NTP=\$|NTP=${NET_NTP_2}|"\
59 "${ETC_DIR}/systemd/network/eth.network"
59 "${ETC_DIR}/systemd/network/eth.network"
60
61 if [ "$CRYPTFS_DROPBEAR" = true ] ; then
62 # Get cdir from NET_ADDRESS e.g. 24
63 cdir=$(${NET_ADDRESS} | cut -d '/' -f2)
64
65 # Convert cdir ro netmask e.g. 24 to 255.255.255.0
66 NET_MASK=$(cdr2mask "$cdir")
67
68 # Write static ip settings to "${ETC_DIR}"/initramfs-tools/initramfs.conf
69 sed -i "\$aIP=${NET_ADDRESS}::${NET_GATEWAY}:${NET_MASK}:${HOSTNAME}:" "${ETC_DIR}"/initramfs-tools/initramfs.conf
70
71 # Regenerate initramfs
72 chroot_exec mkinitramfs -o "/boot/firmware/initramfs-${KERNEL_VERSION}" "${KERNEL_VERSION}"
73 fi
60 fi
74 fi
61
75
62 # Remove empty settings from network configuration
76 # Remove empty settings from network configuration
@@ -27,6 +27,9 if [ "$ENABLE_IPTABLES" = true ] ; then
27 chroot_exec systemctl enable iptables.service
27 chroot_exec systemctl enable iptables.service
28
28
29 if [ "$ENABLE_IPV6" = true ] ; then
29 if [ "$ENABLE_IPV6" = true ] ; then
30 # make sure ip6tables-legacy is the used alternatives
31 chroot_exec update-alternatives --verbose --set ip6tables /usr/sbin/ip6tables-legacy
32
30 # Install ip6tables systemd service
33 # Install ip6tables systemd service
31 install_readonly files/iptables/ip6tables.service "${ETC_DIR}/systemd/system/ip6tables.service"
34 install_readonly files/iptables/ip6tables.service "${ETC_DIR}/systemd/system/ip6tables.service"
32
35
@@ -22,8 +22,3 else
22 # Set no root password to disable root login
22 # Set no root password to disable root login
23 chroot_exec usermod -p \'!\' root
23 chroot_exec usermod -p \'!\' root
24 fi
24 fi
25
26 # Enable serial console systemd style
27 if [ "$ENABLE_CONSOLE" = true ] ; then
28 chroot_exec systemctl enable serial-getty\@ttyAMA0.service
29 fi
@@ -50,4 +50,7 if [ "$ENABLE_VIDEOCORE" = true ] ; then
50
50
51 #back to root of scriptdir
51 #back to root of scriptdir
52 cd "${WORKDIR}"
52 cd "${WORKDIR}"
53
54 # Remove videocore sources
55 rm -fr "${R}"/tmp/userland/
53 fi
56 fi
@@ -75,3 +75,12 chroot_remove_cc() {
75 COMPILER_PACKAGES=""
75 COMPILER_PACKAGES=""
76 fi
76 fi
77 }
77 }
78
79 # https://serverfault.com/a/682849 - converts e.g. /24 to 255.255.255.0
80 cdr2mask ()
81 {
82 # Number of args to shift, 255..255, first non-255 byte, zeroes
83 set -- $(( 5 - ($1 / 8) )) 255 255 255 255 $(( (255 << (8 - ($1 % 8))) & 255 )) 0 0 0
84 [ $1 -gt 1 ] && shift $1 || shift
85 echo ${1-0}.${2-0}.${3-0}.${4-0}
86 } No newline at end of file
@@ -185,6 +185,10 CRYPTFS_PASSWORD=${CRYPTFS_PASSWORD:=""}
185 CRYPTFS_MAPPING=${CRYPTFS_MAPPING:="secure"}
185 CRYPTFS_MAPPING=${CRYPTFS_MAPPING:="secure"}
186 CRYPTFS_CIPHER=${CRYPTFS_CIPHER:="aes-xts-plain64:sha512"}
186 CRYPTFS_CIPHER=${CRYPTFS_CIPHER:="aes-xts-plain64:sha512"}
187 CRYPTFS_XTSKEYSIZE=${CRYPTFS_XTSKEYSIZE:=512}
187 CRYPTFS_XTSKEYSIZE=${CRYPTFS_XTSKEYSIZE:=512}
188 #Dropbear-initramfs supports unlocking encrypted filesystem via SSH on bootup
189 CRYPTFS_DROPBEAR=${CRYPTFS_DROPBEAR:=false}
190 #Provide your own Dropbear Public RSA-OpenSSH Key otherwise it will be generated
191 CRYPTFS_DROPBEAR_PUBKEY=${CRYPTFS_DROPBEAR_PUBKEY:=""}
188
192
189 # Chroot scripts directory
193 # Chroot scripts directory
190 CHROOT_SCRIPTS=${CHROOT_SCRIPTS:=""}
194 CHROOT_SCRIPTS=${CHROOT_SCRIPTS:=""}
@@ -203,11 +207,9 MISSING_PACKAGES=""
203 # Packages installed for c/c++ build environment in chroot (keep empty)
207 # Packages installed for c/c++ build environment in chroot (keep empty)
204 COMPILER_PACKAGES=""
208 COMPILER_PACKAGES=""
205
209
206 set +x
210 # Check if apt-cacher-ng has port 3142 open and set APT_PROXY
207
211 APT_CACHER_RUNNING=$(lsof -i :3142 | cut -d ' ' -f3 | uniq | sed '/^\s*$/d')
208 #Check if apt-cacher-ng has port 3142 open and set APT_PROXY
212 if [ "${APT_CACHER_RUNNING}" = "apt-cacher-ng" ] ; then
209 APT_CACHER_RUNNING=$(lsof -i :3142 | grep apt-cacher-ng | cut -d ' ' -f3 | uniq)
210 if [ -n "${APT_CACHER_RUNNING}" ] ; then
211 APT_PROXY=http://127.0.0.1:3142/
213 APT_PROXY=http://127.0.0.1:3142/
212 fi
214 fi
213
215
@@ -258,7 +260,7 if [ -n "$SET_ARCH" ] ; then
258 CROSS_COMPILE=${CROSS_COMPILE:=arm-linux-gnueabihf-}
260 CROSS_COMPILE=${CROSS_COMPILE:=arm-linux-gnueabihf-}
259 fi
261 fi
260 fi
262 fi
261 #SET_ARCH not set
263 # SET_ARCH not set
262 else
264 else
263 echo "error: Please set '32' or '64' as value for SET_ARCH"
265 echo "error: Please set '32' or '64' as value for SET_ARCH"
264 exit 1
266 exit 1
@@ -298,9 +300,12 esac
298 # Raspberry PI 0,3,3P with Bluetooth and Wifi onboard
300 # Raspberry PI 0,3,3P with Bluetooth and Wifi onboard
299 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then
301 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then
300 # Include bluetooth packages on supported boards
302 # Include bluetooth packages on supported boards
301 if [ "$ENABLE_BLUETOOTH" = true ] && [ "$ENABLE_CONSOLE" = false ]; then
303 if [ "$ENABLE_BLUETOOTH" = true ] ; then
302 APT_INCLUDES="${APT_INCLUDES},bluetooth,bluez"
304 APT_INCLUDES="${APT_INCLUDES},bluetooth,bluez"
303 fi
305 fi
306 if [ "$ENABLE_WIRELESS" = true ] ; then
307 APT_INCLUDES="${APT_INCLUDES},wireless-tools,crda,wireless-regdb"
308 fi
304 else # Raspberry PI 1,1P,2 without Wifi and bluetooth onboard
309 else # Raspberry PI 1,1P,2 without Wifi and bluetooth onboard
305 # Check if the internal wireless interface is not supported by the RPi model
310 # Check if the internal wireless interface is not supported by the RPi model
306 if [ "$ENABLE_WIRELESS" = true ] || [ "$ENABLE_BLUETOOTH" = true ]; then
311 if [ "$ENABLE_WIRELESS" = true ] || [ "$ENABLE_BLUETOOTH" = true ]; then
@@ -345,6 +350,11 if [ "$ENABLE_CRYPTFS" = true ] && [ "$BUILD_KERNEL" = true ] ; then
345 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} cryptsetup"
350 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} cryptsetup"
346 APT_INCLUDES="${APT_INCLUDES},cryptsetup,busybox,console-setup"
351 APT_INCLUDES="${APT_INCLUDES},cryptsetup,busybox,console-setup"
347
352
353 # If cryptfs,dropbear and initramfs are enabled include dropbear-initramfs package
354 if [ "$CRYPTFS_DROPBEAR" = true ] && [ "$ENABLE_INITRAMFS" = true ]; then
355 APT_INCLUDES="${APT_INCLUDES},dropbear-initramfs"
356 fi
357
348 if [ -z "$CRYPTFS_PASSWORD" ] ; then
358 if [ -z "$CRYPTFS_PASSWORD" ] ; then
349 echo "error: no password defined (CRYPTFS_PASSWORD)!"
359 echo "error: no password defined (CRYPTFS_PASSWORD)!"
350 exit 1
360 exit 1
@@ -362,14 +372,6 if [ "$ENABLE_UBOOT" = true ] ; then
362 APT_INCLUDES="${APT_INCLUDES},device-tree-compiler,bison,flex,bc"
372 APT_INCLUDES="${APT_INCLUDES},device-tree-compiler,bison,flex,bc"
363 fi
373 fi
364
374
365 if [ "$ENABLE_BLUETOOTH" = true ] ; then
366 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then
367 if [ "$ENABLE_CONSOLE" = false ] ; then
368 APT_INCLUDES="${APT_INCLUDES},bluetooth,bluez"
369 fi
370 fi
371 fi
372
373 # Check if root SSH (v2) public key file exists
375 # Check if root SSH (v2) public key file exists
374 if [ -n "$SSH_ROOT_PUB_KEY" ] ; then
376 if [ -n "$SSH_ROOT_PUB_KEY" ] ; then
375 if [ ! -f "$SSH_ROOT_PUB_KEY" ] ; then
377 if [ ! -f "$SSH_ROOT_PUB_KEY" ] ; then
General Comments 0
Vous devez vous connecter pour laisser un commentaire. Se connecter maintenant