##// END OF EJS Templates
Dropbear initramfs...
Unknown -
r501:3c3d6ac60789
parent child
Show More
@@ -0,0 +1,45
1 #!/bin/sh
2
3 PREREQ="dropbear"
4
5 prereqs() {
6 echo "$PREREQ"
7 }
8
9 case "$1" in
10 prereqs)
11 prereqs
12 exit 0
13 ;;
14 esac
15
16 . "${CONFDIR}/initramfs.conf"
17 . /usr/share/initramfs-tools/hook-functions
18
19 if [ "${DROPBEAR}" != "n" ] && [ -r "/etc/crypttab" ] ; then
20 cat > "${DESTDIR}/bin/unlock" << EOF
21 #!/bin/sh
22 if PATH=/lib/unlock:/bin:/sbin /scripts/local-top/cryptroot; then
23 kill \`ps | grep cryptroot | grep -v "grep" | awk '{print \$1}'\`
24 # following line kill the remote shell right after the passphrase has
25 # been entered.
26 kill -9 \`ps | grep "\-sh" | grep -v "grep" | awk '{print \$1}'\`
27 exit 0
28 fi
29 exit 1
30 EOF
31
32 chmod 755 "${DESTDIR}/bin/unlock"
33
34 mkdir -p "${DESTDIR}/lib/unlock"
35 cat > "${DESTDIR}/lib/unlock/plymouth" << EOF
36 #!/bin/sh
37 [ "\$1" == "--ping" ] && exit 1
38 /bin/plymouth "\$@"
39 EOF
40
41 chmod 755 "${DESTDIR}/lib/unlock/plymouth"
42
43 echo To unlock root-partition run "unlock" >> ${DESTDIR}/etc/motd
44
45 fi No newline at end of file
@@ -1,500 +1,506
1 1 # rpi23-gen-image
2 2 ## Introduction
3 3 `rpi23-gen-image.sh` is an advanced Debian Linux bootstrapping shell script for generating Debian OS images for all Raspberry Pi computers. The script at this time supports the bootstrapping of the Debian (armhf/armel) releases `stretch` and `buster`. Raspberry Pi 0/1/2/3 images are generated for 32-bit mode only. Raspberry Pi 3 supports 64-bit images that can be generated using custom configuration parameters (```templates/rpi3-stretch-arm64-4.14.y```).
4 4
5 5 ## Build dependencies
6 6 The following list of Debian packages must be installed on the build system because they are essentially required for the bootstrapping process. The script will check if all required packages are installed and missing packages will be installed automatically if confirmed by the user.
7 7
8 8 ```debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git bc psmisc dbus sudo```
9 9
10 10 It is recommended to configure the `rpi23-gen-image.sh` script to build and install the latest Raspberry Pi Linux kernel. For the Raspberry 3 this is mandatory. Kernel compilation and linking will be performed on the build system using an ARM (armhf/armel) cross-compiler toolchain.
11 11
12 12 The script has been tested using the default `crossbuild-essential-armhf` and `crossbuild-essential-armel` toolchain meta packages on Debian Linux `stretch` build systems. Please check the [Debian CrossToolchains Wiki](https://wiki.debian.org/CrossToolchains) for further information.
13 13
14 14 ## Command-line parameters
15 15 The script accepts certain command-line parameters to enable or disable specific OS features, services and configuration settings. These parameters are passed to the `rpi23-gen-image.sh` script via (simple) shell-variables. Unlike environment shell-variables (simple) shell-variables are defined at the beginning of the command-line call of the `rpi23-gen-image.sh` script.
16 16
17 17 ##### Command-line examples:
18 18 ```shell
19 19 ENABLE_UBOOT=true ./rpi23-gen-image.sh
20 20 ENABLE_CONSOLE=false ENABLE_IPV6=false ./rpi23-gen-image.sh
21 21 ENABLE_WM=xfce4 ENABLE_FBTURBO=true ENABLE_MINBASE=true ./rpi23-gen-image.sh
22 22 ENABLE_HARDNET=true ENABLE_IPTABLES=true /rpi23-gen-image.sh
23 23 APT_SERVER=ftp.de.debian.org APT_PROXY="http://127.0.0.1:3142/" ./rpi23-gen-image.sh
24 24 ENABLE_MINBASE=true ./rpi23-gen-image.sh
25 25 BUILD_KERNEL=true ENABLE_MINBASE=true ENABLE_IPV6=false ./rpi23-gen-image.sh
26 26 BUILD_KERNEL=true KERNELSRC_DIR=/tmp/linux ./rpi23-gen-image.sh
27 27 ENABLE_MINBASE=true ENABLE_REDUCE=true ENABLE_MINGPU=true BUILD_KERNEL=true ./rpi23-gen-image.sh
28 28 ENABLE_CRYPTFS=true CRYPTFS_PASSWORD=changeme EXPANDROOT=false ENABLE_MINBASE=true ENABLE_REDUCE=true ENABLE_MINGPU=true BUILD_KERNEL=true ./rpi23-gen-image.sh
29 29 RELEASE=stretch BUILD_KERNEL=true ./rpi23-gen-image.sh
30 30 RPI_MODEL=3 ENABLE_WIRELESS=true ENABLE_MINBASE=true BUILD_KERNEL=true ./rpi23-gen-image.sh
31 31 RELEASE=stretch RPI_MODEL=3 ENABLE_WIRELESS=true ENABLE_MINBASE=true BUILD_KERNEL=true ./rpi23-gen-image.sh
32 32 ```
33 33
34 34 ## Configuration template files
35 35 To avoid long lists of command-line parameters and to help to store the favourite parameter configurations the `rpi23-gen-image.sh` script supports so called configuration template files (`CONFIG_TEMPLATE`=template). These are simple text files located in the `./templates` directory that contain the list of configuration parameters that will be used. New configuration template files can be added to the `./templates` directory.
36 36
37 37 ##### Command-line examples:
38 38 ```shell
39 39 CONFIG_TEMPLATE=rpi3stretch ./rpi23-gen-image.sh
40 40 CONFIG_TEMPLATE=rpi2stretch ./rpi23-gen-image.sh
41 41 ```
42 42
43 43 ## Supported parameters and settings
44 44 #### APT settings:
45 45 ##### `APT_SERVER`="ftp.debian.org"
46 46 Set Debian packages server address. Choose a server from the list of Debian worldwide [mirror sites](https://www.debian.org/mirror/list). Using a nearby server will probably speed-up all required downloads within the bootstrapping process.
47 47
48 48 ##### `APT_PROXY`=""
49 49 Set Proxy server address. Using a local Proxy-Cache like `apt-cacher-ng` will speed-up the bootstrapping process because all required Debian packages will only be downloaded from the Debian mirror site once. If `apt-cacher-ng` is running on default `http://127.0.0.1:3142` it is autodetected and you don't need to set this.
50 50
51 51 ##### `APT_INCLUDES`=""
52 52 A comma-separated list of additional packages to be installed by debootstrap during bootstrapping.
53 53
54 54 ##### `APT_INCLUDES_LATE`=""
55 55 A comma-separated list of additional packages to be installed by apt after bootstrapping and after APT sources are set up. This is useful for packages with pre-depends, which debootstrap do not handle well.
56 56
57 57 ---
58 58
59 59 #### General system settings:
60 60 ##### `SET_ARCH`=32
61 61 Set Architecture to default 32bit. If you want to compile 64-bit (RPI3 or RPI3+) set it to `64`. This option will set every needed cross-compiler or board specific option for a successful build.
62 62
63 63 ##### `RPI_MODEL`=2
64 64 Specify the target Raspberry Pi hardware model. The script at this time supports the following Raspberry Pi models:
65 65 - `0` = Raspberry Pi 0 and Raspberry Pi 0 W
66 66 - `1` = Raspberry Pi 1 model A and B
67 67 - `1P` = Raspberry Pi 1 model B+ and A+
68 68 - `2` = Raspberry Pi 2 model B
69 69 - `3` = Raspberry Pi 3 model B
70 70 - `3P` = Raspberry Pi 3 model B+
71 71
72 72 ##### `RELEASE`="buster"
73 73 Set the desired Debian release name. The script at this time supports the bootstrapping of the Debian releases `stretch` and `buster`.
74 74
75 75 ##### `RELEASE_ARCH`="armhf"
76 76 Set the desired Debian release architecture.
77 77
78 78 ##### `HOSTNAME`="rpi$RPI_MODEL-$RELEASE"
79 79 Set system hostname. It's recommended that the hostname is unique in the corresponding subnet.
80 80
81 81 ##### `PASSWORD`="raspberry"
82 82 Set system `root` password. It's **STRONGLY** recommended that you choose a custom password.
83 83
84 84 ##### `USER_PASSWORD`="raspberry"
85 85 Set password for the created non-root user `USER_NAME`=pi. Ignored if `ENABLE_USER`=false. It's **STRONGLY** recommended that you choose a custom password.
86 86
87 87 ##### `DEFLOCAL`="en_US.UTF-8"
88 88 Set default system locale. This setting can also be changed inside the running OS using the `dpkg-reconfigure locales` command. Please note that on using this parameter the script will automatically install the required packages `locales`, `keyboard-configuration` and `console-setup`.
89 89
90 90 ##### `TIMEZONE`="Europe/Berlin"
91 91 Set default system timezone. All available timezones can be found in the `/usr/share/zoneinfo/` directory. This setting can also be changed inside the running OS using the `dpkg-reconfigure tzdata` command.
92 92
93 93 ##### `EXPANDROOT`=true
94 94 Expand the root partition and filesystem automatically on first boot.
95 95
96 96 ##### `ENABLE_QEMU`=false
97 97 Generate kernel (`vexpress_defconfig`), file system image (`qcow2`) and DTB files that can be used for QEMU full system emulation (`vexpress-A15`). The output files are stored in the `$(pwd)/images/qemu` directory. You can find more information about running the generated image in the QEMU section of this readme file.
98 98
99 99 ---
100 100
101 101 #### Keyboard settings:
102 102 These options are used to configure keyboard layout in `/etc/default/keyboard` for console and Xorg. These settings can also be changed inside the running OS using the `dpkg-reconfigure keyboard-configuration` command.
103 103
104 104 ##### `XKB_MODEL`=""
105 105 Set the name of the model of your keyboard type.
106 106
107 107 ##### `XKB_LAYOUT`=""
108 108 Set the supported keyboard layout(s).
109 109
110 110 ##### `XKB_VARIANT`=""
111 111 Set the supported variant(s) of the keyboard layout(s).
112 112
113 113 ##### `XKB_OPTIONS`=""
114 114 Set extra xkb configuration options.
115 115
116 116 ---
117 117
118 118 #### Networking settings (DHCP):
119 119 This parameter is used to set up networking auto-configuration in `/etc/systemd/network/eth.network`. The default location of network configuration files in the Debian `stretch` release was changed to `/lib/systemd/network`.`
120 120
121 121 ##### `ENABLE_DHCP`=true
122 122 Set the system to use DHCP. This requires an DHCP server.
123 123
124 124 ---
125 125
126 126 #### Networking settings (static):
127 127 These parameters are used to set up a static networking configuration in `/etc/systemd/network/eth.network`. The following static networking parameters are only supported if `ENABLE_DHCP` was set to `false`. The default location of network configuration files in the Debian `stretch` release was changed to `/lib/systemd/network`.
128 128
129 129 ##### `NET_ADDRESS`=""
130 130 Set a static IPv4 or IPv6 address and its prefix, separated by "/", eg. "192.169.0.3/24".
131 131
132 132 ##### `NET_GATEWAY`=""
133 133 Set the IP address for the default gateway.
134 134
135 135 ##### `NET_DNS_1`=""
136 136 Set the IP address for the first DNS server.
137 137
138 138 ##### `NET_DNS_2`=""
139 139 Set the IP address for the second DNS server.
140 140
141 141 ##### `NET_DNS_DOMAINS`=""
142 142 Set the default DNS search domains to use for non fully qualified hostnames.
143 143
144 144 ##### `NET_NTP_1`=""
145 145 Set the IP address for the first NTP server.
146 146
147 147 ##### `NET_NTP_2`=""
148 148 Set the IP address for the second NTP server.
149 149
150 150 ---
151 151
152 152 #### Basic system features:
153 153 ##### `ENABLE_CONSOLE`=true
154 154 Enable serial console interface. Recommended if no monitor or keyboard is connected to the RPi2/3. In case of problems fe. if the network (auto) configuration failed - the serial console can be used to access the system. On RPI `0` `3` `3P` the CPU speed is locked at lowest speed.
155 155
156 156 ##### `ENABLE_PRINTK`=false
157 157 Enables printing kernel messages to konsole. printk is `3 4 1 3` as in raspbian.
158 158
159 159 ##### `ENABLE_BLUETOOTH`=false
160 160 Enable onboard Bluetooth interface on the RPi0/3/3P. See: [Configuring the GPIO serial port on Raspbian jessie and stretch](https://spellfoundry.com/2016/05/29/configuring-gpio-serial-port-raspbian-jessie-including-pi-3/).
161 161
162 162 ##### `ENABLE_MINIUART_OVERLAY`=false
163 163 Enable Bluetooth to use this. Adds overlay to swap UART0 with UART1. Enabling (slower) Bluetooth and full speed serial console. - RPI `0` `3` `3P` have a fast `hardware UART0` (ttyAMA0) and a `mini UART1` (ttyS0)! RPI `1` `1P` `2` only have a `hardware UART0`. `UART0` is considered better, because is faster and more stable than `mini UART1`. By default the Bluetooth modem is mapped to the `hardware UART0` and `mini UART` is used for console. The `mini UART` is a problem for the serial console, because its baudrate depends on the CPU frequency, which is changing on runtime. Resulting in a volatile baudrate and thus in an unusable serial console.
164 164
165 165 ##### `ENABLE_TURBO`=false
166 166 Enable Turbo mode. This setting locks cpu at the highest frequency. As setting ENABLE_CONSOLE=true locks RPI to lowest CPU speed, this is can be used additionally to lock cpu hat max speed. Need a good power supply and probably cooling for the Raspberry PI.
167 167
168 168 ##### `ENABLE_I2C`=false
169 169 Enable I2C interface on the RPi 0/1/2/3. Please check the [RPi 0/1/2/3 pinout diagrams](https://elinux.org/RPi_Low-level_peripherals) to connect the right GPIO pins.
170 170
171 171 ##### `ENABLE_SPI`=false
172 172 Enable SPI interface on the RPi 0/1/2/3. Please check the [RPi 0/1/2/3 pinout diagrams](https://elinux.org/RPi_Low-level_peripherals) to connect the right GPIO pins.
173 173
174 174 ##### `ENABLE_IPV6`=true
175 175 Enable IPv6 support. The network interface configuration is managed via systemd-networkd.
176 176
177 177 ##### `ENABLE_SSHD`=true
178 178 Install and enable OpenSSH service. The default configuration of the service doesn't allow `root` to login. Please use the user `pi` instead and `su -` or `sudo` to execute commands as root.
179 179
180 180 ##### `ENABLE_NONFREE`=false
181 181 Allow the installation of non-free Debian packages that do not comply with the DFSG. This is required to install closed-source firmware binary blobs.
182 182
183 183 ##### `ENABLE_WIRELESS`=false
184 184 Download and install the [closed-source firmware binary blob](https://github.com/RPi-Distro/firmware-nonfree/raw/master/brcm) that is required to run the internal wireless interface of the Raspberry Pi model `3`. This parameter is ignored if the specified `RPI_MODEL` is not `3`.
185 185
186 186 ##### `ENABLE_RSYSLOG`=true
187 187 If set to false, disable and uninstall rsyslog (so logs will be available only in journal files)
188 188
189 189 ##### `ENABLE_SOUND`=true
190 190 Enable sound hardware and install Advanced Linux Sound Architecture.
191 191
192 192 ##### `ENABLE_HWRANDOM`=true
193 193 Enable Hardware Random Number Generator. Strong random numbers are important for most network-based communications that use encryption. It's recommended to be enabled.
194 194
195 195 ##### `ENABLE_MINGPU`=false
196 196 Minimize the amount of shared memory reserved for the GPU. It doesn't seem to be possible to fully disable the GPU.
197 197
198 198 ##### `ENABLE_DBUS`=true
199 199 Install and enable D-Bus message bus. Please note that systemd should work without D-bus but it's recommended to be enabled.
200 200
201 201 ##### `ENABLE_XORG`=false
202 202 Install Xorg open-source X Window System.
203 203
204 204 ##### `ENABLE_WM`=""
205 205 Install a user-defined window manager for the X Window System. To make sure all X related package dependencies are getting installed `ENABLE_XORG` will automatically get enabled if `ENABLE_WM` is used. The `rpi23-gen-image.sh` script has been tested with the following list of window managers: `blackbox`, `openbox`, `fluxbox`, `jwm`, `dwm`, `xfce4`, `awesome`.
206 206
207 207 ##### `ENABLE_SYSVINIT`=false
208 208 Support for halt,init,poweroff,reboot,runlevel,shutdown,telinit commands
209 209
210 210 ---
211 211
212 212 #### Advanced system features:
213 213 ##### `ENABLE_MINBASE`=false
214 214 Use debootstrap script variant `minbase` which only includes essential packages and apt. This will reduce the disk usage by about 65 MB.
215 215
216 216 ##### `ENABLE_REDUCE`=false
217 217 Reduce the disk space usage by deleting packages and files. See `REDUCE_*` parameters for detailed information.
218 218
219 219 ##### `ENABLE_UBOOT`=false
220 220 Replace the default RPi 0/1/2/3 second stage bootloader (bootcode.bin) with [U-Boot bootloader](https://git.denx.de/?p=u-boot.git;a=summary). U-Boot can boot images via the network using the BOOTP/TFTP protocol.
221 221
222 222 ##### `UBOOTSRC_DIR`=""
223 223 Path to a directory (`u-boot`) of [U-Boot bootloader sources](https://git.denx.de/?p=u-boot.git;a=summary) that will be copied, configured, build and installed inside the chroot.
224 224
225 225 ##### `ENABLE_FBTURBO`=false
226 226 Install and enable the [hardware accelerated Xorg video driver](https://github.com/ssvb/xf86-video-fbturbo) `fbturbo`. Please note that this driver is currently limited to hardware accelerated window moving and scrolling.
227 227
228 228 ##### `FBTURBOSRC_DIR`=""
229 229 Path to a directory (`xf86-video-fbturbo`) of [hardware accelerated Xorg video driver sources](https://github.com/ssvb/xf86-video-fbturbo) that will be copied, configured, build and installed inside the chroot.
230 230
231 231 ##### `ENABLE_VIDEOCORE`=false
232 232 Install and enable the [ARM side libraries for interfacing to Raspberry Pi GPU](https://github.com/raspberrypi/userland) `vcgencmd`. Please note that this driver is currently limited to hardware accelerated window moving and scrolling.
233 233
234 234 ##### `VIDEOCORESRC_DIR`=""
235 235 Path to a directory (`userland`) of [ARM side libraries for interfacing to Raspberry Pi GPU](https://github.com/raspberrypi/userland) that will be copied, configured, build and installed inside the chroot.
236 236
237 237 ##### `ENABLE_IPTABLES`=false
238 238 Enable iptables IPv4/IPv6 firewall. Simplified ruleset: Allow all outgoing connections. Block all incoming connections except to OpenSSH service.
239 239
240 240 ##### `ENABLE_USER`=true
241 241 Create non-root user with password `USER_PASSWORD`=raspberry. Unless overridden with `USER_NAME`=user, the username will be `pi`.
242 242
243 243 ##### `USER_NAME`=pi
244 244 Non-root user to create. Ignored if `ENABLE_USER`=false
245 245
246 246 ##### `ENABLE_ROOT`=false
247 247 Set root user password so root login will be enabled
248 248
249 249 ##### `ENABLE_HARDNET`=false
250 250 Enable IPv4/IPv6 network stack hardening settings.
251 251
252 252 ##### `ENABLE_SPLITFS`=false
253 253 Enable having root partition on an USB drive by creating two image files: one for the `/boot/firmware` mount point, and another for `/`.
254 254
255 255 ##### `CHROOT_SCRIPTS`=""
256 256 Path to a directory with scripts that should be run in the chroot before the image is finally built. Every executable file in this directory is run in lexicographical order.
257 257
258 258 ##### `ENABLE_INITRAMFS`=false
259 259 Create an initramfs that that will be loaded during the Linux startup process. `ENABLE_INITRAMFS` will automatically get enabled if `ENABLE_CRYPTFS`=true. This parameter will be ignored if `BUILD_KERNEL`=false.
260 260
261 261 ##### `ENABLE_IFNAMES`=true
262 262 Enable automatic assignment of predictable, stable network interface names for all local Ethernet, WLAN interfaces. This might create complex and long interface names.
263 263
264 264 ##### `DISABLE_UNDERVOLT_WARNINGS`=
265 265 Disable RPi2/3 under-voltage warnings and overlays. Setting the parameter to `1` will disable the warning overlay. Setting it to `2` will additionally allow RPi2/3 turbo mode when low-voltage is present.
266 266
267 267 ---
268 268
269 269 #### SSH settings:
270 270 ##### `SSH_ENABLE_ROOT`=false
271 271 Enable password-based root login via SSH. This may be a security risk with the default password set, use only in trusted environments. `ENABLE_ROOT` must be set to `true`.
272 272
273 273 ##### `SSH_DISABLE_PASSWORD_AUTH`=false
274 274 Disable password-based SSH authentication. Only public key based SSH (v2) authentication will be supported.
275 275
276 276 ##### `SSH_LIMIT_USERS`=false
277 277 Limit the users that are allowed to login via SSH. Only allow user `USER_NAME`=pi and root if `SSH_ENABLE_ROOT`=true to login. This parameter will be ignored if `dropbear` SSH is used (`REDUCE_SSHD`=true).
278 278
279 279 ##### `SSH_ROOT_PUB_KEY`=""
280 280 Add SSH (v2) public key(s) from specified file to `authorized_keys` file to enable public key based SSH (v2) authentication of user `root`. The specified file can also contain multiple SSH (v2) public keys. SSH protocol version 1 is not supported. `ENABLE_ROOT` **and** `SSH_ENABLE_ROOT` must be set to `true`.
281 281
282 282 ##### `SSH_USER_PUB_KEY`=""
283 283 Add SSH (v2) public key(s) from specified file to `authorized_keys` file to enable public key based SSH (v2) authentication of user `USER_NAME`=pi. The specified file can also contain multiple SSH (v2) public keys. SSH protocol version 1 is not supported.
284 284
285 285 ---
286 286
287 287 #### Kernel compilation:
288 288 ##### `BUILD_KERNEL`=true
289 289 Build and install the latest RPi 0/1/2/3 Linux kernel. Currently only the default RPi 0/1/2/3 kernel configuration is used.
290 290
291 291 ##### `CROSS_COMPILE`="arm-linux-gnueabihf-"
292 292 This sets the cross-compile environment for the compiler.
293 293
294 294 ##### `KERNEL_ARCH`="arm"
295 295 This sets the kernel architecture for the compiler.
296 296
297 297 ##### `KERNEL_IMAGE`="kernel7.img"
298 298 Name of the image file in the boot partition. If not set, `KERNEL_IMAGE` will be set to "kernel8.img" automatically if building for arm64.
299 299
300 300 ##### `KERNEL_BRANCH`=""
301 301 Name of the requested branch from the GIT location for the RPi Kernel. Default is using the current default branch from the GIT site.
302 302
303 303 ##### `QEMU_BINARY`="/usr/bin/qemu-arm-static"
304 304 Sets the QEMU enviornment for the Debian archive. If not set, `QEMU_BINARY` will be set to "/usr/bin/qemu-aarch64-static" automatically if building for arm64.
305 305
306 306 ##### `KERNEL_DEFCONFIG`="bcm2709_defconfig"
307 307 Sets the default config for kernel compiling. If not set, `KERNEL_DEFCONFIG` will be set to "bcmrpi3\_defconfig" automatically if building for arm64.
308 308
309 309 ##### `KERNEL_REDUCE`=false
310 310 Reduce the size of the generated kernel by removing unwanted devices, network and filesystem drivers (experimental).
311 311
312 312 ##### `KERNEL_THREADS`=1
313 313 Number of parallel kernel building threads. If the parameter is left untouched the script will automatically determine the number of CPU cores to set the number of parallel threads to speed the kernel compilation.
314 314
315 315 ##### `KERNEL_HEADERS`=true
316 316 Install kernel headers with the built kernel.
317 317
318 318 ##### `KERNEL_MENUCONFIG`=false
319 319 Start `make menuconfig` interactive menu-driven kernel configuration. The script will continue after `make menuconfig` was terminated.
320 320
321 321 ##### `KERNEL_OLDDEFCONFIG`=false
322 322 Run `make olddefconfig` to automatically set all new kernel configuration options to their recommended default values.
323 323
324 324 ##### `KERNEL_CCACHE`=false
325 325 Compile the kernel using ccache. This speeds up kernel recompilation by caching previous compilations and detecting when the same compilation is being done again.
326 326
327 327 ##### `KERNEL_REMOVESRC`=true
328 328 Remove all kernel sources from the generated OS image after it was built and installed.
329 329
330 330 ##### `KERNELSRC_DIR`=""
331 331 Path to a directory (`linux`) of [RaspberryPi Linux kernel sources](https://github.com/raspberrypi/linux) that will be copied, configured, build and installed inside the chroot.
332 332
333 333 ##### `KERNELSRC_CLEAN`=false
334 334 Clean the existing kernel sources directory `KERNELSRC_DIR` (using `make mrproper`) after it was copied to the chroot and before the compilation of the kernel has started. This parameter will be ignored if no `KERNELSRC_DIR` was specified or if `KERNELSRC_PREBUILT`=true.
335 335
336 336 ##### `KERNELSRC_CONFIG`=true
337 337 Run `make bcm2709_defconfig` (and optional `make menuconfig`) to configure the kernel sources before building. This parameter is automatically set to `true` if no existing kernel sources directory was specified using `KERNELSRC_DIR`. This parameter is ignored if `KERNELSRC_PREBUILT`=true.
338 338
339 339 ##### `KERNELSRC_USRCONFIG`=""
340 340 Copy own config file to kernel `.config`. If `KERNEL_MENUCONFIG`=true then running after copy.
341 341
342 342 ##### `KERNELSRC_PREBUILT`=false
343 343 With this parameter set to true the script expects the existing kernel sources directory to be already successfully cross-compiled. The parameters `KERNELSRC_CLEAN`, `KERNELSRC_CONFIG`, `KERNELSRC_USRCONFIG` and `KERNEL_MENUCONFIG` are ignored and no kernel compilation tasks are performed.
344 344
345 345 ##### `RPI_FIRMWARE_DIR`=""
346 346 The directory (`firmware`) containing a local copy of the firmware from the [RaspberryPi firmware project](https://github.com/raspberrypi/firmware). Default is to download the latest firmware directly from the project.
347 347
348 348 ---
349 349
350 350 #### Reduce disk usage:
351 351 The following list of parameters is ignored if `ENABLE_REDUCE`=false.
352 352
353 353 ##### `REDUCE_APT`=true
354 354 Configure APT to use compressed package repository lists and no package caching files.
355 355
356 356 ##### `REDUCE_DOC`=true
357 357 Remove all doc files (harsh). Configure APT to not include doc files on future `apt-get` package installations.
358 358
359 359 ##### `REDUCE_MAN`=true
360 360 Remove all man pages and info files (harsh). Configure APT to not include man pages on future `apt-get` package installations.
361 361
362 362 ##### `REDUCE_VIM`=false
363 363 Replace `vim-tiny` package by `levee` a tiny vim clone.
364 364
365 365 ##### `REDUCE_BASH`=false
366 366 Remove `bash` package and switch to `dash` shell (experimental).
367 367
368 368 ##### `REDUCE_HWDB`=true
369 369 Remove PCI related hwdb files (experimental).
370 370
371 371 ##### `REDUCE_SSHD`=true
372 372 Replace `openssh-server` with `dropbear`.
373 373
374 374 ##### `REDUCE_LOCALE`=true
375 375 Remove all `locale` translation files.
376 376
377 377 ---
378 378
379 379 #### Encrypted root partition:
380 380 ##### `ENABLE_CRYPTFS`=false
381 381 Enable full system encryption with dm-crypt. Setup a fully LUKS encrypted root partition (aes-xts-plain64:sha512) and generate required initramfs. The /boot directory will not be encrypted. This parameter will be ignored if `BUILD_KERNEL`=false. `ENABLE_CRYPTFS` is experimental. SSH-to-initramfs is currently not supported but will be soon - feel free to help.
382 382
383 383 ##### `CRYPTFS_PASSWORD`=""
384 384 Set password of the encrypted root partition. This parameter is mandatory if `ENABLE_CRYPTFS`=true.
385 385
386 386 ##### `CRYPTFS_MAPPING`="secure"
387 387 Set name of dm-crypt managed device-mapper mapping.
388 388
389 389 ##### `CRYPTFS_CIPHER`="aes-xts-plain64:sha512"
390 390 Set cipher specification string. `aes-xts*` ciphers are strongly recommended.
391 391
392 392 ##### `CRYPTFS_XTSKEYSIZE`=512
393 393 Sets key size in bits. The argument has to be a multiple of 8.
394 394
395 ##### `CRYPTFS_DROPBEAR`=false
396 Enable Dropbear Initramfs support
397
398 ##### `CRYPTFS_DROPBEAR_PUBKEY`=""
399 Provide path to dropbear Public RSA-OpenSSH Key
400
395 401 ---
396 402
397 403 #### Build settings:
398 404 ##### `BASEDIR`=$(pwd)/images/${RELEASE}
399 405 Set a path to a working directory used by the script to generate an image.
400 406
401 407 ##### `IMAGE_NAME`=${BASEDIR}/${DATE}-${KERNEL_ARCH}-${KERNEL_BRANCH}-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}
402 408 Set a filename for the output file(s). Note: the script will create $IMAGE_NAME.img if `ENABLE_SPLITFS`=false or $IMAGE_NAME-frmw.img and $IMAGE_NAME-root.img if `ENABLE_SPLITFS`=true. Note 2: If the KERNEL_BRANCH is not set, the word "CURRENT" is used.
403 409
404 410 ## Understanding the script
405 411 The functions of this script that are required for the different stages of the bootstrapping are split up into single files located inside the `bootstrap.d` directory. During the bootstrapping every script in this directory gets executed in lexicographical order:
406 412
407 413 | Script | Description |
408 414 | --- | --- |
409 415 | `10-bootstrap.sh` | Debootstrap basic system |
410 416 | `11-apt.sh` | Setup APT repositories |
411 417 | `12-locale.sh` | Setup Locales and keyboard settings |
412 418 | `13-kernel.sh` | Build and install RPi 0/1/2/3 Kernel |
413 419 | `14-fstab.sh` | Setup fstab and initramfs |
414 420 | `15-rpi-config.sh` | Setup RPi 0/1/2/3 config and cmdline |
415 421 | `20-networking.sh` | Setup Networking |
416 422 | `21-firewall.sh` | Setup Firewall |
417 423 | `30-security.sh` | Setup Users and Security settings |
418 424 | `31-logging.sh` | Setup Logging |
419 425 | `32-sshd.sh` | Setup SSH and public keys |
420 426 | `41-uboot.sh` | Build and Setup U-Boot |
421 427 | `42-fbturbo.sh` | Build and Setup fbturbo Xorg driver |
422 428 | `43-videocore.sh` | Build and Setup videocore libraries |
423 429 | `50-firstboot.sh` | First boot actions |
424 430 | `99-reduce.sh` | Reduce the disk space usage |
425 431
426 432 All the required configuration files that will be copied to the generated OS image are located inside the `files` directory. It is not recommended to modify these configuration files manually.
427 433
428 434 | Directory | Description |
429 435 | --- | --- |
430 436 | `apt` | APT management configuration files |
431 437 | `boot` | Boot and RPi 0/1/2/3 configuration files |
432 438 | `dpkg` | Package Manager configuration |
433 439 | `etc` | Configuration files and rc scripts |
434 440 | `firstboot` | Scripts that get executed on first boot |
435 441 | `initramfs` | Initramfs scripts |
436 442 | `iptables` | Firewall configuration files |
437 443 | `locales` | Locales configuration |
438 444 | `modules` | Kernel Modules configuration |
439 445 | `mount` | Fstab configuration |
440 446 | `network` | Networking configuration files |
441 447 | `sysctl.d` | Swapping and Network Hardening configuration |
442 448 | `xorg` | fbturbo Xorg driver configuration |
443 449
444 450 ## Custom packages and scripts
445 451 Debian custom packages, i.e. those not in the debian repositories, can be installed by placing them in the `packages` directory. They are installed immediately after packages from the repositories are installed. Any dependencies listed in the custom packages will be downloaded automatically from the repositories. Do not list these custom packages in `APT_INCLUDES`.
446 452
447 453 Scripts in the custom.d directory will be executed after all other installation is complete but before the image is created.
448 454
449 455 ## Logging of the bootstrapping process
450 456 All information related to the bootstrapping process and the commands executed by the `rpi23-gen-image.sh` script can easily be saved into a logfile. The common shell command `script` can be used for this purpose:
451 457
452 458 ```shell
453 459 script -c 'APT_SERVER=ftp.de.debian.org ./rpi23-gen-image.sh' ./build.log
454 460 ```
455 461
456 462 ## Flashing the image file
457 463 After the image file was successfully created by the `rpi23-gen-image.sh` script it can be copied to the microSD card that will be used by the RPi 0/1/2/3 computer. This can be performed by using the tools `bmaptool` or `dd`. Using `bmaptool` will probably speed-up the copy process because `bmaptool` copies more wisely than `dd`.
458 464
459 465 ##### Flashing examples:
460 466 ```shell
461 467 bmaptool copy ./images/buster/2017-01-23-rpi3-buster.img /dev/mmcblk0
462 468 dd bs=4M if=./images/buster/2017-01-23-rpi3-buster.img of=/dev/mmcblk0
463 469 ```
464 470 If you have set `ENABLE_SPLITFS`, copy the `-frmw` image on the microSD card, then the `-root` one on the USB drive:
465 471 ```shell
466 472 bmaptool copy ./images/buster/2017-01-23-rpi3-buster-frmw.img /dev/mmcblk0
467 473 bmaptool copy ./images/buster/2017-01-23-rpi3-buster-root.img /dev/sdc
468 474 ```
469 475
470 476 ## QEMU emulation
471 477 Start QEMU full system emulation:
472 478 ```shell
473 479 qemu-system-arm -m 2048M -M vexpress-a15 -cpu cortex-a15 -kernel kernel7.img -no-reboot -dtb vexpress-v2p-ca15_a7.dtb -sd ${IMAGE_NAME}.qcow2 -append "root=/dev/mmcblk0p2 rw rootfstype=ext4 console=tty1"
474 480 ```
475 481
476 482 Start QEMU full system emulation and output to console:
477 483 ```shell
478 484 qemu-system-arm -m 2048M -M vexpress-a15 -cpu cortex-a15 -kernel kernel7.img -no-reboot -dtb vexpress-v2p-ca15_a7.dtb -sd ${IMAGE_NAME}.qcow2 -append "root=/dev/mmcblk0p2 rw rootfstype=ext4 console=ttyAMA0,115200 init=/bin/systemd" -serial stdio
479 485 ```
480 486
481 487 Start QEMU full system emulation with SMP and output to console:
482 488 ```shell
483 489 qemu-system-arm -m 2048M -M vexpress-a15 -cpu cortex-a15 -smp cpus=2,maxcpus=2 -kernel kernel7.img -no-reboot -dtb vexpress-v2p-ca15_a7.dtb -sd ${IMAGE_NAME}.qcow2 -append "root=/dev/mmcblk0p2 rw rootfstype=ext4 console=ttyAMA0,115200 init=/bin/systemd" -serial stdio
484 490 ```
485 491
486 492 Start QEMU full system emulation with cryptfs, initramfs and output to console:
487 493 ```shell
488 494 qemu-system-arm -m 2048M -M vexpress-a15 -cpu cortex-a15 -kernel kernel7.img -no-reboot -dtb vexpress-v2p-ca15_a7.dtb -sd ${IMAGE_NAME}.qcow2 -initrd "initramfs-${KERNEL_VERSION}" -append "root=/dev/mapper/secure cryptdevice=/dev/mmcblk0p2:secure rw rootfstype=ext4 console=ttyAMA0,115200 init=/bin/systemd" -serial stdio
489 495 ```
490 496
491 497 ## External links and references
492 498 * [Debian worldwide mirror sites](https://www.debian.org/mirror/list)
493 499 * [Debian Raspberry Pi 2 Wiki](https://wiki.debian.org/RaspberryPi2)
494 500 * [Debian CrossToolchains Wiki](https://wiki.debian.org/CrossToolchains)
495 501 * [Official Raspberry Pi Firmware on github](https://github.com/raspberrypi/firmware)
496 502 * [Official Raspberry Pi Kernel on github](https://github.com/raspberrypi/linux)
497 503 * [U-BOOT git repository](https://git.denx.de/?p=u-boot.git;a=summary)
498 504 * [Xorg DDX driver fbturbo](https://github.com/ssvb/xf86-video-fbturbo)
499 505 * [RPi3 Wireless interface firmware](https://github.com/RPi-Distro/firmware-nonfree/tree/master/brcm80211/brcm)
500 506 * [Collabora RPi2 Kernel precompiled](https://repositories.collabora.co.uk/debian/)
@@ -1,59 +1,94
1 1 #
2 2 # Setup fstab and initramfs
3 3 #
4 4
5 5 # Load utility functions
6 6 . ./functions.sh
7 7
8 8 # Install and setup fstab
9 9 install_readonly files/mount/fstab "${ETC_DIR}/fstab"
10 10
11 11 # Add usb/sda disk root partition to fstab
12 12 if [ "$ENABLE_SPLITFS" = true ] && [ "$ENABLE_CRYPTFS" = false ] ; then
13 13 sed -i "s/mmcblk0p2/sda1/" "${ETC_DIR}/fstab"
14 14 fi
15 15
16 16 # Add encrypted root partition to fstab and crypttab
17 17 if [ "$ENABLE_CRYPTFS" = true ] ; then
18 18 # Replace fstab root partition with encrypted partition mapping
19 19 sed -i "s/mmcblk0p2/mapper\/${CRYPTFS_MAPPING}/" "${ETC_DIR}/fstab"
20 20
21 21 # Add encrypted partition to crypttab and fstab
22 22 install_readonly files/mount/crypttab "${ETC_DIR}/crypttab"
23 23 echo "${CRYPTFS_MAPPING} /dev/mmcblk0p2 none luks,initramfs" >> "${ETC_DIR}/crypttab"
24 24
25 25 if [ "$ENABLE_SPLITFS" = true ] ; then
26 26 # Add usb/sda disk to crypttab
27 27 sed -i "s/mmcblk0p2/sda1/" "${ETC_DIR}/crypttab"
28 28 fi
29 29 fi
30 30
31 31 # Generate initramfs file
32 if [ "$BUILD_KERNEL" = true ] && [ "$ENABLE_INITRAMFS" = true ] ; then
32 if [ "$ENABLE_INITRAMFS" = true ] ; then
33 33 if [ "$ENABLE_CRYPTFS" = true ] ; then
34 34 # Include initramfs scripts to auto expand encrypted root partition
35 35 if [ "$EXPANDROOT" = true ] ; then
36 36 install_exec files/initramfs/expand_encrypted_rootfs "${ETC_DIR}/initramfs-tools/scripts/init-premount/expand_encrypted_rootfs"
37 37 install_exec files/initramfs/expand-premount "${ETC_DIR}/initramfs-tools/scripts/local-premount/expand-premount"
38 38 install_exec files/initramfs/expand-tools "${ETC_DIR}/initramfs-tools/hooks/expand-tools"
39 39 fi
40 40
41 if [ "$CRYPTFS_DROPBEAR" = true ]; then
42 if [ -n "$CRYPTFS_DROPBEAR_PUBKEY" ] && [ -f "$CRYPTFS_DROPBEAR_PUBKEY" ] ; then
43 install_readonly "${CRYPTFS_DROPBEAR_PUBKEY}" "${ETC_DIR}"/dropbear-initramfs/id_rsa.pub
44 cat "${ETC_DIR}"/dropbear-initramfs/id_rsa.pub >> "${ETC_DIR}"/dropbear-initramfs/authorized_keys
45 else
46 # Create key
47 chroot_exec /usr/bin/dropbearkey -t rsa -f /etc/dropbear-initramfs/id_rsa.dropbear
48
49 # Convert dropbear key to openssh key
50 chroot_exec /usr/lib/dropbear/dropbearconvert dropbear openssh /etc/dropbear-initramfs/id_rsa.dropbear /etc/dropbear-initramfs/id_rsa
51
52 # Get Public Key Part
53 chroot_exec /usr/bin/dropbearkey -y -f /etc/dropbear-initramfs/id_rsa.dropbear | chroot_exec tee /etc/dropbear-initramfs/id_rsa.pub
54
55 # Delete unwanted lines
56 sed -i '/Public/d' "${ETC_DIR}"/dropbear-initramfs/id_rsa.pub
57 sed -i '/Fingerprint/d' "${ETC_DIR}"/dropbear-initramfs/id_rsa.pub
58
59 # Trust the new key
60 cat "${ETC_DIR}"/dropbear-initramfs/id_rsa.pub > "${ETC_DIR}"/dropbear-initramfs/authorized_keys
61
62 # Save Keys - convert with putty from rsa/openssh to puttkey
63 cp -f "${ETC_DIR}"/dropbear-initramfs/id_rsa "${BASEDIR}"/dropbear_initramfs_key.rsa
64
65 # Get unlock script
66 install_exec files/initramfs/crypt_unlock.sh "${ETC_DIR}"/initramfs-tools/hooks/crypt_unlock.sh
67
68 # Enable Dropbear inside initramfs
69 printf "#\n# DROPBEAR: [ y | n ]\n#\n\nDROPBEAR=y\n" >> "${ETC_DIR}/initramfs-tools/initramfs.conf"
70
71 # Enable Dropbear inside initramfs
72 sed -i "54 i sleep 5" "${R}"/usr/share/initramfs-tools/scripts/init-premount/dropbear
73 fi
74 else
41 75 # Disable SSHD inside initramfs
42 76 printf "#\n# DROPBEAR: [ y | n ]\n#\n\nDROPBEAR=n\n" >> "${ETC_DIR}/initramfs-tools/initramfs.conf"
77 fi
43 78
44 79 # Add cryptsetup modules to initramfs
45 80 printf "#\n# CRYPTSETUP: [ y | n ]\n#\n\nCRYPTSETUP=y\n" >> "${ETC_DIR}/initramfs-tools/conf-hook"
46 81
47 82 # Dummy mapping required by mkinitramfs
48 83 echo "0 1 crypt $(echo "${CRYPTFS_CIPHER}" | cut -d ':' -f 1) ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff 0 7:0 4096" | chroot_exec dmsetup create "${CRYPTFS_MAPPING}"
49 84
50 85 # Generate initramfs with encrypted root partition support
51 86 chroot_exec mkinitramfs -o "/boot/firmware/initramfs-${KERNEL_VERSION}" "${KERNEL_VERSION}"
52 87
53 88 # Remove dummy mapping
54 89 chroot_exec cryptsetup close "${CRYPTFS_MAPPING}"
55 90 else
56 91 # Generate initramfs without encrypted root partition support
57 92 chroot_exec mkinitramfs -o "/boot/firmware/initramfs-${KERNEL_VERSION}" "${KERNEL_VERSION}"
58 93 fi
59 94 fi
@@ -1,229 +1,223
1 1 #
2 2 # Setup RPi2/3 config and cmdline
3 3 #
4 4
5 5 # Load utility functions
6 6 . ./functions.sh
7 7
8 8 if [ "$BUILD_KERNEL" = true ] ; then
9 9 if [ -n "$RPI_FIRMWARE_DIR" ] && [ -d "$RPI_FIRMWARE_DIR" ] ; then
10 10 # Install boot binaries from local directory
11 11 cp "${RPI_FIRMWARE_DIR}"/boot/bootcode.bin "${BOOT_DIR}"/bootcode.bin
12 12 cp "${RPI_FIRMWARE_DIR}"/boot/fixup.dat "${BOOT_DIR}"/fixup.dat
13 13 cp "${RPI_FIRMWARE_DIR}"/boot/fixup_cd.dat "${BOOT_DIR}"/fixup_cd.dat
14 14 cp "${RPI_FIRMWARE_DIR}"/boot/fixup_x.dat "${BOOT_DIR}"/fixup_x.dat
15 15 cp "${RPI_FIRMWARE_DIR}"/boot/start.elf "${BOOT_DIR}"/start.elf
16 16 cp "${RPI_FIRMWARE_DIR}"/boot/start_cd.elf "${BOOT_DIR}"/start_cd.elf
17 17 cp "${RPI_FIRMWARE_DIR}"/boot/start_x.elf "${BOOT_DIR}"/start_x.elf
18 18 else
19 19 # Create temporary directory for boot binaries
20 20 temp_dir=$(as_nobody mktemp -d)
21 21
22 22 # Install latest boot binaries from raspberry/firmware github
23 23 as_nobody wget -q -O "${temp_dir}/bootcode.bin" "${FIRMWARE_URL}/bootcode.bin"
24 24 as_nobody wget -q -O "${temp_dir}/fixup.dat" "${FIRMWARE_URL}/fixup.dat"
25 25 as_nobody wget -q -O "${temp_dir}/fixup_cd.dat" "${FIRMWARE_URL}/fixup_cd.dat"
26 26 as_nobody wget -q -O "${temp_dir}/fixup_x.dat" "${FIRMWARE_URL}/fixup_x.dat"
27 27 as_nobody wget -q -O "${temp_dir}/start.elf" "${FIRMWARE_URL}/start.elf"
28 28 as_nobody wget -q -O "${temp_dir}/start_cd.elf" "${FIRMWARE_URL}/start_cd.elf"
29 29 as_nobody wget -q -O "${temp_dir}/start_x.elf" "${FIRMWARE_URL}/start_x.elf"
30 30
31 31 # Move downloaded boot binaries
32 32 mv "${temp_dir}/"* "${BOOT_DIR}/"
33 33
34 34 # Remove temporary directory for boot binaries
35 35 rm -fr "${temp_dir}"
36 36
37 37 # Set permissions of the boot binaries
38 38 chown -R root:root "${BOOT_DIR}"
39 39 chmod -R 600 "${BOOT_DIR}"
40 40 fi
41 41 fi
42 42
43 43 # Setup firmware boot cmdline
44 44 if [ "$ENABLE_SPLITFS" = true ] ; then
45 45 CMDLINE="dwc_otg.lpm_enable=0 root=/dev/sda1 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline rootwait console=tty1 init=/bin/systemd"
46 46 else
47 47 CMDLINE="dwc_otg.lpm_enable=0 root=/dev/mmcblk0p2 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline rootwait console=tty1 init=/bin/systemd"
48 48 fi
49 49
50 50 # Add encrypted root partition to cmdline.txt
51 51 if [ "$ENABLE_CRYPTFS" = true ] ; then
52 52 if [ "$ENABLE_SPLITFS" = true ] ; then
53 53 CMDLINE=$(echo "${CMDLINE}" | sed "s/sda1/mapper\/${CRYPTFS_MAPPING} cryptdevice=\/dev\/sda1:${CRYPTFS_MAPPING}/")
54 54 else
55 55 CMDLINE=$(echo "${CMDLINE}" | sed "s/mmcblk0p2/mapper\/${CRYPTFS_MAPPING} cryptdevice=\/dev\/mmcblk0p2:${CRYPTFS_MAPPING}/")
56 56 fi
57 57 fi
58 58
59 #locks cpu at max frequency
60 if [ "$ENABLE_TURBO" = true ] ; then
61 echo "force_turbo=1" >> "${BOOT_DIR}/config.txt"
62 fi
63
59 # Enable Kernel messages on standard output
64 60 if [ "$ENABLE_PRINTK" = true ] ; then
65 61 install_readonly files/sysctl.d/83-rpi-printk.conf "${ETC_DIR}/sysctl.d/83-rpi-printk.conf"
66 62 fi
67 63
68 # Install udev rule for serial alias
64 # Install udev rule for serial alias - serial0 = console serial1=bluetooth
69 65 install_readonly files/etc/99-com.rules "${LIB_DIR}/udev/rules.d/99-com.rules"
70 66
71 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then
67 # Remove IPv6 networking support
68 if [ "$ENABLE_IPV6" = false ] ; then
69 CMDLINE="${CMDLINE} ipv6.disable=1"
70 fi
71
72 # Automatically assign predictable network interface names
73 if [ "$ENABLE_IFNAMES" = false ] ; then
74 CMDLINE="${CMDLINE} net.ifnames=0"
75 else
76 CMDLINE="${CMDLINE} net.ifnames=1"
77 fi
78
79 # Install firmware config
80 install_readonly files/boot/config.txt "${BOOT_DIR}/config.txt"
81
82 # Locks CPU frequency at maximum
83 if [ "$ENABLE_TURBO" = true ] ; then
84 echo "force_turbo=1" >> "${BOOT_DIR}/config.txt"
85 # helps to avoid sdcard corruption when force_turbo is enabled.
86 echo "boot_delay=1" >> "${BOOT_DIR}/config.txt"
87 fi
72 88
73 # RPI0,3,3P Use default ttyS0 (mini-UART)as serial interface
74 SET_SERIAL="ttyS0"
89 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then
75 90
76 91 # Bluetooth enabled
77 92 if [ "$ENABLE_BLUETOOTH" = true ] ; then
78 93 # Create temporary directory for Bluetooth sources
79 94 temp_dir=$(as_nobody mktemp -d)
80 95
81 96 # Fetch Bluetooth sources
82 97 as_nobody git -C "${temp_dir}" clone "${BLUETOOTH_URL}"
83 98
84 99 # Copy downloaded sources
85 100 mv "${temp_dir}/pi-bluetooth" "${R}/tmp/"
86 101
87 102 # Bluetooth firmware from arch aur https://aur.archlinux.org/packages/pi-bluetooth/
88 103 as_nobody wget -q -O "${R}/tmp/pi-bluetooth/LICENCE.broadcom_bcm43xx" https://aur.archlinux.org/cgit/aur.git/plain/LICENCE.broadcom_bcm43xx?h=pi-bluetooth
89 104 as_nobody wget -q -O "${R}/tmp/pi-bluetooth/BCM43430A1.hcd" https://aur.archlinux.org/cgit/aur.git/plain/BCM43430A1.hcd?h=pi-bluetooth
90 105
91 106 # Set permissions
92 107 chown -R root:root "${R}/tmp/pi-bluetooth"
93 108
94 109 # Install tools
95 110 install_readonly "${R}/tmp/pi-bluetooth/usr/bin/btuart" "${R}/usr/bin/btuart"
96 111 install_readonly "${R}/tmp/pi-bluetooth/usr/bin/bthelper" "${R}/usr/bin/bthelper"
97 112
113 # make scripts executable
114 chmod +x "${R}/usr/bin/bthelper"
115 chmod +x "${R}/usr/bin/btuart"
116
98 117 # Install bluetooth udev rule
99 118 install_readonly "${R}/tmp/pi-bluetooth/lib/udev/rules.d/90-pi-bluetooth.rules" "${LIB_DIR}/udev/rules.d/90-pi-bluetooth.rules"
100 119
101 120 # Install Firmware Flash file and apropiate licence
102 121 mkdir -p "$BLUETOOTH_FIRMWARE_DIR"
103 122 install_readonly "${R}/tmp/pi-bluetooth/LICENCE.broadcom_bcm43xx" "${BLUETOOTH_FIRMWARE_DIR}/LICENCE.broadcom_bcm43xx"
104 123 install_readonly "${R}/tmp/pi-bluetooth/BCM43430A1.hcd" "${BLUETOOTH_FIRMWARE_DIR}/LICENCE.broadcom_bcm43xx"
105 124 install_readonly "${R}/tmp/pi-bluetooth/debian/pi-bluetooth.bthelper@.service" "${ETC_DIR}/systemd/system/pi-bluetooth.bthelper@.service"
106 125 install_readonly "${R}/tmp/pi-bluetooth/debian/pi-bluetooth.hciuart.service" "${ETC_DIR}/systemd/system/pi-bluetooth.hciuart.service"
107 126
108 # Remove temporary directory
127 # Remove temporary directories
109 128 rm -fr "${temp_dir}"
129 rm -fr "${R}"/tmp/pi-bluetooth
110 130
111 131 # Switch Pi3 Bluetooth function to use the mini-UART (ttyS0) and restore UART0/ttyAMA0 over GPIOs 14 & 15. Slow Bluetooth and slow cpu. Use /dev/ttyS0 instead of /dev/ttyAMA0
112 132 if [ "$ENABLE_MINIUART_OVERLAY" = true ] ; then
113 SET_SERIAL="ttyAMA0"
114 133
115 134 # set overlay to swap ttyAMA0 and ttyS0
116 135 echo "dtoverlay=pi3-miniuart-bt" >> "${BOOT_DIR}/config.txt"
117 136
118 137 # if force_turbo didn't lock cpu at high speed, lock it at low speed (XOR logic) or miniuart will be broken
119 138 if [ "$ENABLE_TURBO" = false ] ; then
120 139 echo "core_freq=250" >> "${BOOT_DIR}/config.txt"
121 140 fi
141 fi
122 142
123 143 # Activate services
124 144 chroot_exec systemctl enable pi-bluetooth.hciuart.service
125 #chroot_exec systemctl enable pi-bluetooth.bthelper@.service
126 else
127 chroot_exec systemctl enable pi-bluetooth.hciuart.service
128 #chroot_exec systemctl enable pi-bluetooth.bthelper@.service
129 fi
130 145
131 146 else # if ENABLE_BLUETOOTH = false
132 147 # set overlay to disable bluetooth
133 148 echo "dtoverlay=pi3-disable-bt" >> "${BOOT_DIR}/config.txt"
134 149 fi # ENABLE_BLUETOOTH end
135
136 else
137 # RPI1,1P,2 Use default ttyAMA0 (full UART) as serial interface
138 SET_SERIAL="ttyAMA0"
139 150 fi
140 151
141 152 # may need sudo systemctl disable hciuart
142 153 if [ "$ENABLE_CONSOLE" = true ] ; then
143 154 echo "enable_uart=1" >> "${BOOT_DIR}/config.txt"
144 155 # add string to cmdline
145 156 CMDLINE="${CMDLINE} console=serial0,115200"
146 157
147 158 # Enable serial console systemd style
148 chroot_exec systemctl enable serial-getty\@"$SET_SERIAL".service
159 chroot_exec systemctl enable serial-getty\@serial0.service
149 160 else
150 161 echo "enable_uart=0" >> "${BOOT_DIR}/config.txt"
151 # disable serial console systemd style
152 chroot_exec systemctl disable serial-getty\@"$SET_SERIAL".service
153 fi
154
155 # Remove IPv6 networking support
156 if [ "$ENABLE_IPV6" = false ] ; then
157 CMDLINE="${CMDLINE} ipv6.disable=1"
158 fi
159
160 # Automatically assign predictable network interface names
161 if [ "$ENABLE_IFNAMES" = false ] ; then
162 CMDLINE="${CMDLINE} net.ifnames=0"
163 else
164 CMDLINE="${CMDLINE} net.ifnames=1"
165 162 fi
166 163
167 164 # Install firmware boot cmdline
168 165 echo "${CMDLINE}" > "${BOOT_DIR}/cmdline.txt"
169 166
170 # Install firmware config
171 install_readonly files/boot/config.txt "${BOOT_DIR}/config.txt"
172
173 167 # Setup minimal GPU memory allocation size: 16MB (no X)
174 168 if [ "$ENABLE_MINGPU" = true ] ; then
175 169 echo "gpu_mem=16" >> "${BOOT_DIR}/config.txt"
176 170 fi
177 171
178 172 # Setup boot with initramfs
179 173 if [ "$ENABLE_INITRAMFS" = true ] ; then
180 174 echo "initramfs initramfs-${KERNEL_VERSION} followkernel" >> "${BOOT_DIR}/config.txt"
181 175 fi
182 176
183 177 # Create firmware configuration and cmdline symlinks
184 178 ln -sf firmware/config.txt "${R}/boot/config.txt"
185 179 ln -sf firmware/cmdline.txt "${R}/boot/cmdline.txt"
186 180
187 181 # Install and setup kernel modules to load at boot
188 182 mkdir -p "${LIB_DIR}/modules-load.d/"
189 183 install_readonly files/modules/rpi2.conf "${LIB_DIR}/modules-load.d/rpi2.conf"
190 184
191 185 # Load hardware random module at boot
192 186 if [ "$ENABLE_HWRANDOM" = true ] && [ "$BUILD_KERNEL" = false ] ; then
193 187 sed -i "s/^# bcm2708_rng/bcm2708_rng/" "${LIB_DIR}/modules-load.d/rpi2.conf"
194 188 fi
195 189
196 190 # Load sound module at boot
197 191 if [ "$ENABLE_SOUND" = true ] ; then
198 192 sed -i "s/^# snd_bcm2835/snd_bcm2835/" "${LIB_DIR}/modules-load.d/rpi2.conf"
199 193 else
200 194 echo "dtparam=audio=off" >> "${BOOT_DIR}/config.txt"
201 195 fi
202 196
203 197 # Enable I2C interface
204 198 if [ "$ENABLE_I2C" = true ] ; then
205 199 echo "dtparam=i2c_arm=on" >> "${BOOT_DIR}/config.txt"
206 200 sed -i "s/^# i2c-bcm2708/i2c-bcm2708/" "${LIB_DIR}/modules-load.d/rpi2.conf"
207 201 sed -i "s/^# i2c-dev/i2c-dev/" "${LIB_DIR}/modules-load.d/rpi2.conf"
208 202 fi
209 203
210 204 # Enable SPI interface
211 205 if [ "$ENABLE_SPI" = true ] ; then
212 206 echo "dtparam=spi=on" >> "${BOOT_DIR}/config.txt"
213 207 echo "spi-bcm2708" >> "${LIB_DIR}/modules-load.d/rpi2.conf"
214 208 if [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ]; then
215 209 sed -i "s/spi-bcm2708/spi-bcm2835/" "${LIB_DIR}/modules-load.d/rpi2.conf"
216 210 fi
217 211 fi
218 212
219 213 # Disable RPi2/3 under-voltage warnings
220 214 if [ -n "$DISABLE_UNDERVOLT_WARNINGS" ] ; then
221 215 echo "avoid_warnings=${DISABLE_UNDERVOLT_WARNINGS}" >> "${BOOT_DIR}/config.txt"
222 216 fi
223 217
224 218 # Install kernel modules blacklist
225 219 mkdir -p "${ETC_DIR}/modprobe.d/"
226 220 install_readonly files/modules/raspi-blacklist.conf "${ETC_DIR}/modprobe.d/raspi-blacklist.conf"
227 221
228 222 # Install sysctl.d configuration files
229 223 install_readonly files/sysctl.d/81-rpi-vm.conf "${ETC_DIR}/sysctl.d/81-rpi-vm.conf"
@@ -1,132 +1,146
1 1 #
2 2 # Setup Networking
3 3 #
4 4
5 5 # Load utility functions
6 6 . ./functions.sh
7 7
8 8 # Install and setup hostname
9 9 install_readonly files/network/hostname "${ETC_DIR}/hostname"
10 10 sed -i "s/^RaspberryPI/${HOSTNAME}/" "${ETC_DIR}/hostname"
11 11
12 12 # Install and setup hosts
13 13 install_readonly files/network/hosts "${ETC_DIR}/hosts"
14 14 sed -i "s/RaspberryPI/${HOSTNAME}/" "${ETC_DIR}/hosts"
15 15
16 16 # Setup hostname entry with static IP
17 17 if [ "$NET_ADDRESS" != "" ] ; then
18 18 NET_IP=$(echo "${NET_ADDRESS}" | cut -f 1 -d'/')
19 19 sed -i "s/^127.0.1.1/${NET_IP}/" "${ETC_DIR}/hosts"
20 20 fi
21 21
22 22 # Remove IPv6 hosts
23 23 if [ "$ENABLE_IPV6" = false ] ; then
24 24 sed -i -e "/::[1-9]/d" -e "/^$/d" "${ETC_DIR}/hosts"
25 25 fi
26 26
27 27 # Install hint about network configuration
28 28 install_readonly files/network/interfaces "${ETC_DIR}/network/interfaces"
29 29
30 30 # Install configuration for interface eth0
31 31 install_readonly files/network/eth.network "${ETC_DIR}/systemd/network/eth.network"
32 32
33 33 # Install configuration for interface wl*
34 34 install_readonly files/network/wlan.network "${ETC_DIR}/systemd/network/wlan.network"
35 35
36 36 #always with dhcp since wpa_supplicant integration is missing
37 37 sed -i -e "s/DHCP=.*/DHCP=yes/" -e "/DHCP/q" "${ETC_DIR}/systemd/network/wlan.network"
38 38
39 39 if [ "$ENABLE_DHCP" = true ] ; then
40 40 # Enable DHCP configuration for interface eth0
41 41 sed -i -e "s/DHCP=.*/DHCP=yes/" -e "/DHCP/q" "${ETC_DIR}/systemd/network/eth.network"
42 42
43 43 # Set DHCP configuration to IPv4 only
44 44 if [ "$ENABLE_IPV6" = false ] ; then
45 45 sed -i "s/DHCP=.*/DHCP=v4/" "${ETC_DIR}/systemd/network/eth.network"
46 46 fi
47 47
48 48 else # ENABLE_DHCP=false
49 49 # Set static network configuration for interface eth0
50 50 sed -i\
51 51 -e "s|DHCP=.*|DHCP=no|"\
52 52 -e "s|Address=\$|Address=${NET_ADDRESS}|"\
53 53 -e "s|Gateway=\$|Gateway=${NET_GATEWAY}|"\
54 54 -e "0,/DNS=\$/ s|DNS=\$|DNS=${NET_DNS_1}|"\
55 55 -e "0,/DNS=\$/ s|DNS=\$|DNS=${NET_DNS_2}|"\
56 56 -e "s|Domains=\$|Domains=${NET_DNS_DOMAINS}|"\
57 57 -e "0,/NTP=\$/ s|NTP=\$|NTP=${NET_NTP_1}|"\
58 58 -e "0,/NTP=\$/ s|NTP=\$|NTP=${NET_NTP_2}|"\
59 59 "${ETC_DIR}/systemd/network/eth.network"
60
61 if [ "$CRYPTFS_DROPBEAR" = true ] ; then
62 # Get cdir from NET_ADDRESS e.g. 24
63 cdir=$(${NET_ADDRESS} | cut -d '/' -f2)
64
65 # Convert cdir ro netmask e.g. 24 to 255.255.255.0
66 NET_MASK=$(cdr2mask "$cdir")
67
68 # Write static ip settings to "${ETC_DIR}"/initramfs-tools/initramfs.conf
69 sed -i "\$aIP=${NET_ADDRESS}::${NET_GATEWAY}:${NET_MASK}:${HOSTNAME}:" "${ETC_DIR}"/initramfs-tools/initramfs.conf
70
71 # Regenerate initramfs
72 chroot_exec mkinitramfs -o "/boot/firmware/initramfs-${KERNEL_VERSION}" "${KERNEL_VERSION}"
73 fi
60 74 fi
61 75
62 76 # Remove empty settings from network configuration
63 77 sed -i "/.*=\$/d" "${ETC_DIR}/systemd/network/eth.network"
64 78 # Remove empty settings from wlan configuration
65 79 sed -i "/.*=\$/d" "${ETC_DIR}/systemd/network/wlan.network"
66 80
67 81 # Move systemd network configuration if required by Debian release
68 82 mv -v "${ETC_DIR}/systemd/network/eth.network" "${LIB_DIR}/systemd/network/10-eth.network"
69 83 # If WLAN is enabled copy wlan configuration too
70 84 if [ "$ENABLE_WIRELESS" = true ] ; then
71 85 mv -v "${ETC_DIR}/systemd/network/wlan.network" "${LIB_DIR}/systemd/network/11-wlan.network"
72 86 fi
73 87 rm -fr "${ETC_DIR}/systemd/network"
74 88
75 89 # Enable systemd-networkd service
76 90 chroot_exec systemctl enable systemd-networkd
77 91
78 92 # Install host.conf resolver configuration
79 93 install_readonly files/network/host.conf "${ETC_DIR}/host.conf"
80 94
81 95 # Enable network stack hardening
82 96 if [ "$ENABLE_HARDNET" = true ] ; then
83 97 # Install sysctl.d configuration files
84 98 install_readonly files/sysctl.d/82-rpi-net-hardening.conf "${ETC_DIR}/sysctl.d/82-rpi-net-hardening.conf"
85 99
86 100 # Setup resolver warnings about spoofed addresses
87 101 sed -i "s/^# spoof warn/spoof warn/" "${ETC_DIR}/host.conf"
88 102 fi
89 103
90 104 # Enable time sync
91 105 if [ "$NET_NTP_1" != "" ] ; then
92 106 chroot_exec systemctl enable systemd-timesyncd.service
93 107 fi
94 108
95 109 # Download the firmware binary blob required to use the RPi3 wireless interface
96 110 if [ "$ENABLE_WIRELESS" = true ] ; then
97 111 if [ ! -d "${WLAN_FIRMWARE_DIR}" ] ; then
98 112 mkdir -p "${WLAN_FIRMWARE_DIR}"
99 113 fi
100 114
101 115 # Create temporary directory for firmware binary blob
102 116 temp_dir=$(as_nobody mktemp -d)
103 117
104 118 # Fetch firmware binary blob for RPI3B+
105 119 if [ "$RPI_MODEL" = 3P ] ; then
106 120 # Fetch firmware binary blob for RPi3P
107 121 as_nobody wget -q -O "${temp_dir}/brcmfmac43455-sdio.bin" "${WLAN_FIRMWARE_URL}/brcmfmac43455-sdio.bin"
108 122 as_nobody wget -q -O "${temp_dir}/brcmfmac43455-sdio.txt" "${WLAN_FIRMWARE_URL}/brcmfmac43455-sdio.txt"
109 123 as_nobody wget -q -O "${temp_dir}/brcmfmac43455-sdio.clm_blob" "${WLAN_FIRMWARE_URL}/brcmfmac43455-sdio.clm_blob"
110 124
111 125 # Move downloaded firmware binary blob
112 126 mv "${temp_dir}/brcmfmac43455-sdio."* "${WLAN_FIRMWARE_DIR}/"
113 127
114 128 # Set permissions of the firmware binary blob
115 129 chown root:root "${WLAN_FIRMWARE_DIR}/brcmfmac43455-sdio."*
116 130 chmod 600 "${WLAN_FIRMWARE_DIR}/brcmfmac43455-sdio."*
117 131 elif [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 0 ] ; then
118 132 # Fetch firmware binary blob for RPi3
119 133 as_nobody wget -q -O "${temp_dir}/brcmfmac43430-sdio.bin" "${WLAN_FIRMWARE_URL}/brcmfmac43430-sdio.bin"
120 134 as_nobody wget -q -O "${temp_dir}/brcmfmac43430-sdio.txt" "${WLAN_FIRMWARE_URL}/brcmfmac43430-sdio.txt"
121 135
122 136 # Move downloaded firmware binary blob
123 137 mv "${temp_dir}/brcmfmac43430-sdio."* "${WLAN_FIRMWARE_DIR}/"
124 138
125 139 # Set permissions of the firmware binary blob
126 140 chown root:root "${WLAN_FIRMWARE_DIR}/brcmfmac43430-sdio."*
127 141 chmod 600 "${WLAN_FIRMWARE_DIR}/brcmfmac43430-sdio."*
128 142 fi
129 143
130 144 # Remove temporary directory for firmware binary blob
131 145 rm -fr "${temp_dir}"
132 146 fi
@@ -1,48 +1,51
1 1 #
2 2 # Setup Firewall
3 3 #
4 4
5 5 # Load utility functions
6 6 . ./functions.sh
7 7
8 8 if [ "$ENABLE_IPTABLES" = true ] ; then
9 9 # Create iptables configuration directory
10 10 mkdir -p "${ETC_DIR}/iptables"
11 11
12 12 # make sure iptables-legacy is the used alternatives
13 13 #iptables-save and -restore are slaves of iptables and thus are set accordingly
14 14 chroot_exec update-alternatives --verbose --set iptables /usr/sbin/iptables-legacy
15 15
16 16 # Install iptables systemd service
17 17 install_readonly files/iptables/iptables.service "${ETC_DIR}/systemd/system/iptables.service"
18 18
19 19 # Install flush-table script called by iptables service
20 20 install_exec files/iptables/flush-iptables.sh "${ETC_DIR}/iptables/flush-iptables.sh"
21 21
22 22 # Install iptables rule file
23 23 install_readonly files/iptables/iptables.rules "${ETC_DIR}/iptables/iptables.rules"
24 24
25 25 # Reload systemd configuration and enable iptables service
26 26 chroot_exec systemctl daemon-reload
27 27 chroot_exec systemctl enable iptables.service
28 28
29 29 if [ "$ENABLE_IPV6" = true ] ; then
30 # make sure ip6tables-legacy is the used alternatives
31 chroot_exec update-alternatives --verbose --set ip6tables /usr/sbin/ip6tables-legacy
32
30 33 # Install ip6tables systemd service
31 34 install_readonly files/iptables/ip6tables.service "${ETC_DIR}/systemd/system/ip6tables.service"
32 35
33 36 # Install ip6tables file
34 37 install_exec files/iptables/flush-ip6tables.sh "${ETC_DIR}/iptables/flush-ip6tables.sh"
35 38
36 39 install_readonly files/iptables/ip6tables.rules "${ETC_DIR}/iptables/ip6tables.rules"
37 40
38 41 # Reload systemd configuration and enable iptables service
39 42 chroot_exec systemctl daemon-reload
40 43 chroot_exec systemctl enable ip6tables.service
41 44 fi
42 45
43 46 if [ "$ENABLE_SSHD" = false ] ; then
44 47 # Remove SSHD related iptables rules
45 48 sed -i "/^#/! {/SSH/ s/^/# /}" "${ETC_DIR}/iptables/iptables.rules" 2> /dev/null
46 49 sed -i "/^#/! {/SSH/ s/^/# /}" "${ETC_DIR}/iptables/ip6tables.rules" 2> /dev/null
47 50 fi
48 51 fi
@@ -1,29 +1,24
1 1 #
2 2 # Setup users and security settings
3 3 #
4 4
5 5 # Load utility functions
6 6 . ./functions.sh
7 7
8 8 # Generate crypt(3) password string
9 9 ENCRYPTED_PASSWORD=$(mkpasswd -m sha-512 "${PASSWORD}")
10 10 ENCRYPTED_USER_PASSWORD=$(mkpasswd -m sha-512 "${USER_PASSWORD}")
11 11
12 12 # Setup default user
13 13 if [ "$ENABLE_USER" = true ] ; then
14 14 chroot_exec adduser --gecos "$USER_NAME" --add_extra_groups --disabled-password "$USER_NAME"
15 15 chroot_exec usermod -a -G sudo -p "${ENCRYPTED_USER_PASSWORD}" "$USER_NAME"
16 16 fi
17 17
18 18 # Setup root password or not
19 19 if [ "$ENABLE_ROOT" = true ] ; then
20 20 chroot_exec usermod -p "${ENCRYPTED_PASSWORD}" root
21 21 else
22 22 # Set no root password to disable root login
23 23 chroot_exec usermod -p \'!\' root
24 24 fi
25
26 # Enable serial console systemd style
27 if [ "$ENABLE_CONSOLE" = true ] ; then
28 chroot_exec systemctl enable serial-getty\@ttyAMA0.service
29 fi
@@ -1,53 +1,56
1 1 #
2 2 # Setup videocore - Raspberry Userland
3 3 #
4 4
5 5 # Load utility functions
6 6 . ./functions.sh
7 7
8 8 if [ "$ENABLE_VIDEOCORE" = true ] ; then
9 9 # Copy existing videocore sources into chroot directory
10 10 if [ -n "$VIDEOCORESRC_DIR" ] && [ -d "$VIDEOCORESRC_DIR" ] ; then
11 11 # Copy local videocore sources
12 12 cp -r "${VIDEOCORESRC_DIR}" "${R}/tmp/userland"
13 13 else
14 14 # Create temporary directory for videocore sources
15 15 temp_dir=$(as_nobody mktemp -d)
16 16
17 17 # Fetch videocore sources
18 18 as_nobody git -C "${temp_dir}" clone "${VIDEOCORE_URL}"
19 19
20 20 # Copy downloaded videocore sources
21 21 mv "${temp_dir}/userland" "${R}/tmp/"
22 22
23 23 # Set permissions of the U-Boot sources
24 24 chown -R root:root "${R}/tmp/userland"
25 25
26 26 # Remove temporary directory for U-Boot sources
27 27 rm -fr "${temp_dir}"
28 28 fi
29 29
30 30 # Create build dir
31 31 mkdir "${R}"/tmp/userland/build
32 32
33 33 # push us to build directory
34 34 cd "${R}"/tmp/userland/build
35 35
36 36 if [ "$RELEASE_ARCH" = "arm64" ] ; then
37 37 cmake -DCMAKE_SYSTEM_NAME=Linux -DCMAKE_BUILD_TYPE=release -DARM64=ON -DCMAKE_C_COMPILER=aarch64-linux-gnu-gcc -DCMAKE_CXX_COMPILER=aarch64-linux-gnu-g++ -DCMAKE_ASM_COMPILER=aarch64-linux-gnu-gcc -DCMAKE_C_FLAGS="${CMAKE_C_FLAGS} -U_FORTIFY_SOURCE" -DCMAKE_ASM_FLAGS="${CMAKE_ASM_FLAGS} -c" -DVIDEOCORE_BUILD_DIR="${R}" "${R}/tmp/userland"
38 38 fi
39 39
40 40 if [ "$RELEASE_ARCH" = "armel" ] ; then
41 41 cmake -DCMAKE_SYSTEM_NAME=Linux -DCMAKE_BUILD_TYPE=release -DCMAKE_C_COMPILER=arm-linux-gnueabi-gcc -DCMAKE_CXX_COMPILER=arm-linux-gnueabi-g++ -DCMAKE_ASM_COMPILER=arm-linux-gnueabi-gcc -DCMAKE_C_FLAGS="${CMAKE_C_FLAGS} -U_FORTIFY_SOURCE" -DCMAKE_ASM_FLAGS="${CMAKE_ASM_FLAGS} -c" -DCMAKE_SYSTEM_PROCESSOR="arm" -DVIDEOCORE_BUILD_DIR="${R}" "${R}/tmp/userland"
42 42 fi
43 43
44 44 if [ "$RELEASE_ARCH" = "armhf" ] ; then
45 45 cmake -DCMAKE_SYSTEM_NAME=Linux -DCMAKE_BUILD_TYPE=release -DCMAKE_TOOLCHAIN_FILE="${R}"/tmp/userland/makefiles/cmake/toolchains/arm-linux-gnueabihf.cmake -DVIDEOCORE_BUILD_DIR="${R}" "${R}/tmp/userland"
46 46 fi
47 47
48 48 #build userland
49 49 make -j "$(nproc)"
50 50
51 51 #back to root of scriptdir
52 52 cd "${WORKDIR}"
53
54 # Remove videocore sources
55 rm -fr "${R}"/tmp/userland/
53 56 fi
@@ -1,77 +1,86
1 1 # This file contains utility functions used by rpi23-gen-image.sh
2 2
3 3 cleanup (){
4 4 set +x
5 5 set +e
6 6
7 7 # Identify and kill all processes still using files
8 8 echo "killing processes using mount point ..."
9 9 fuser -k "${R}"
10 10 sleep 3
11 11 fuser -9 -k -v "${R}"
12 12
13 13 # Clean up temporary .password file
14 14 if [ -r ".password" ] ; then
15 15 shred -zu .password
16 16 fi
17 17
18 18 # Clean up all temporary mount points
19 19 echo "removing temporary mount points ..."
20 20 umount -l "${R}/proc" 2> /dev/null
21 21 umount -l "${R}/sys" 2> /dev/null
22 22 umount -l "${R}/dev/pts" 2> /dev/null
23 23 umount "$BUILDDIR/mount/boot/firmware" 2> /dev/null
24 24 umount "$BUILDDIR/mount" 2> /dev/null
25 25 cryptsetup close "${CRYPTFS_MAPPING}" 2> /dev/null
26 26 losetup -d "$ROOT_LOOP" 2> /dev/null
27 27 losetup -d "$FRMW_LOOP" 2> /dev/null
28 28 trap - 0 1 2 3 6
29 29 }
30 30
31 31 chroot_exec() {
32 32 # Exec command in chroot
33 33 LANG=C LC_ALL=C DEBIAN_FRONTEND=noninteractive chroot "${R}" "$@"
34 34 }
35 35
36 36 as_nobody() {
37 37 # Exec command as user nobody
38 38 sudo -E -u nobody LANG=C LC_ALL=C "$@"
39 39 }
40 40
41 41 install_readonly() {
42 42 # Install file with user read-only permissions
43 43 install -o root -g root -m 644 "$@"
44 44 }
45 45
46 46 install_exec() {
47 47 # Install file with root exec permissions
48 48 install -o root -g root -m 744 "$@"
49 49 }
50 50
51 51 use_template () {
52 52 # Test if configuration template file exists
53 53 if [ ! -r "./templates/${CONFIG_TEMPLATE}" ] ; then
54 54 echo "error: configuration template ${CONFIG_TEMPLATE} not found"
55 55 exit 1
56 56 fi
57 57
58 58 # Load template configuration parameters
59 59 . "./templates/${CONFIG_TEMPLATE}"
60 60 }
61 61
62 62 chroot_install_cc() {
63 63 # Install c/c++ build environment inside the chroot
64 64 if [ -z "${COMPILER_PACKAGES}" ] ; then
65 65 COMPILER_PACKAGES=$(chroot_exec apt-get -s install g++ make bc | grep "^Inst " | awk -v ORS=" " '{ print $2 }')
66 66 # Install COMPILER_PACKAGES in chroot
67 67 chroot_exec apt-get -q -y --allow-unauthenticated --no-install-recommends install "${COMPILER_PACKAGES}"
68 68 fi
69 69 }
70 70
71 71 chroot_remove_cc() {
72 72 # Remove c/c++ build environment from the chroot
73 73 if [ -n "${COMPILER_PACKAGES}" ] ; then
74 74 chroot_exec apt-get -qq -y --auto-remove purge "${COMPILER_PACKAGES}"
75 75 COMPILER_PACKAGES=""
76 76 fi
77 77 }
78
79 # https://serverfault.com/a/682849 - converts e.g. /24 to 255.255.255.0
80 cdr2mask ()
81 {
82 # Number of args to shift, 255..255, first non-255 byte, zeroes
83 set -- $(( 5 - ($1 / 8) )) 255 255 255 255 $(( (255 << (8 - ($1 % 8))) & 255 )) 0 0 0
84 [ $1 -gt 1 ] && shift $1 || shift
85 echo ${1-0}.${2-0}.${3-0}.${4-0}
86 } No newline at end of file
@@ -1,807 +1,809
1 1 #!/bin/sh
2 2 ########################################################################
3 3 # rpi23-gen-image.sh 2015-2017
4 4 #
5 5 # Advanced Debian "stretch" and "buster" bootstrap script for Raspberry Pi
6 6 #
7 7 # This program is free software; you can redistribute it and/or
8 8 # modify it under the terms of the GNU General Public License
9 9 # as published by the Free Software Foundation; either version 2
10 10 # of the License, or (at your option) any later version.
11 11 #
12 12 # Copyright (C) 2015 Jan Wagner <mail@jwagner.eu>
13 13 #
14 14 # Big thanks for patches and enhancements by 20+ github contributors!
15 15 ########################################################################
16 16
17 17 # Are we running as root?
18 18 if [ "$(id -u)" -ne "0" ] ; then
19 19 echo "error: this script must be executed with root privileges!"
20 20 exit 1
21 21 fi
22 22
23 23 # Check if ./functions.sh script exists
24 24 if [ ! -r "./functions.sh" ] ; then
25 25 echo "error: './functions.sh' required script not found!"
26 26 exit 1
27 27 fi
28 28
29 29 # Load utility functions
30 30 . ./functions.sh
31 31
32 32 # Load parameters from configuration template file
33 33 if [ -n "$CONFIG_TEMPLATE" ] ; then
34 34 use_template
35 35 fi
36 36
37 37 # Introduce settings
38 38 set -e
39 39 echo -n -e "\n#\n# RPi 0/1/2/3 Bootstrap Settings\n#\n"
40 40 set -x
41 41
42 42 # Raspberry Pi model configuration
43 43 RPI_MODEL=${RPI_MODEL:=2}
44 44
45 45 # Debian release
46 46 RELEASE=${RELEASE:=buster}
47 47
48 48 # Kernel Branch
49 49 KERNEL_BRANCH=${KERNEL_BRANCH:=""}
50 50
51 51 # URLs
52 52 KERNEL_URL=${KERNEL_URL:=https://github.com/raspberrypi/linux}
53 53 FIRMWARE_URL=${FIRMWARE_URL:=https://github.com/raspberrypi/firmware/raw/master/boot}
54 54 WLAN_FIRMWARE_URL=${WLAN_FIRMWARE_URL:=https://github.com/RPi-Distro/firmware-nonfree/raw/master/brcm}
55 55 COLLABORA_URL=${COLLABORA_URL:=https://repositories.collabora.co.uk/debian}
56 56 FBTURBO_URL=${FBTURBO_URL:=https://github.com/ssvb/xf86-video-fbturbo.git}
57 57 UBOOT_URL=${UBOOT_URL:=https://git.denx.de/u-boot.git}
58 58 VIDEOCORE_URL=${VIDEOCORE_URL:=https://github.com/raspberrypi/userland}
59 59 BLUETOOTH_URL=${BLUETOOTH_URL:=https://github.com/RPi-Distro/pi-bluetooth.git}
60 60
61 61 # Build directories
62 62 WORKDIR=$(pwd)
63 63 BASEDIR=${BASEDIR:=${WORKDIR}/images/${RELEASE}}
64 64 BUILDDIR="${BASEDIR}/build"
65 65
66 66 # Chroot directories
67 67 R="${BUILDDIR}/chroot"
68 68 ETC_DIR="${R}/etc"
69 69 LIB_DIR="${R}/lib"
70 70 BOOT_DIR="${R}/boot/firmware"
71 71 KERNEL_DIR="${R}/usr/src/linux"
72 72 WLAN_FIRMWARE_DIR="${LIB_DIR}/firmware/brcm"
73 73 BLUETOOTH_FIRMWARE_DIR="${ETC_DIR}/firmware/bt"
74 74
75 75 # Firmware directory: Blank if download from github
76 76 RPI_FIRMWARE_DIR=${RPI_FIRMWARE_DIR:=""}
77 77
78 78 # General settings
79 79 SET_ARCH=${SET_ARCH:=32}
80 80 HOSTNAME=${HOSTNAME:=rpi${RPI_MODEL}-${RELEASE}}
81 81 PASSWORD=${PASSWORD:=raspberry}
82 82 USER_PASSWORD=${USER_PASSWORD:=raspberry}
83 83 DEFLOCAL=${DEFLOCAL:="en_US.UTF-8"}
84 84 TIMEZONE=${TIMEZONE:="Europe/Berlin"}
85 85 EXPANDROOT=${EXPANDROOT:=true}
86 86
87 87 # Keyboard settings
88 88 XKB_MODEL=${XKB_MODEL:=""}
89 89 XKB_LAYOUT=${XKB_LAYOUT:=""}
90 90 XKB_VARIANT=${XKB_VARIANT:=""}
91 91 XKB_OPTIONS=${XKB_OPTIONS:=""}
92 92
93 93 # Network settings (DHCP)
94 94 ENABLE_DHCP=${ENABLE_DHCP:=true}
95 95
96 96 # Network settings (static)
97 97 NET_ADDRESS=${NET_ADDRESS:=""}
98 98 NET_GATEWAY=${NET_GATEWAY:=""}
99 99 NET_DNS_1=${NET_DNS_1:=""}
100 100 NET_DNS_2=${NET_DNS_2:=""}
101 101 NET_DNS_DOMAINS=${NET_DNS_DOMAINS:=""}
102 102 NET_NTP_1=${NET_NTP_1:=""}
103 103 NET_NTP_2=${NET_NTP_2:=""}
104 104
105 105 # APT settings
106 106 APT_PROXY=${APT_PROXY:=""}
107 107 APT_SERVER=${APT_SERVER:="ftp.debian.org"}
108 108
109 109 # Feature settings
110 110 ENABLE_PRINTK=${ENABLE_PRINTK:=false}
111 111 ENABLE_BLUETOOTH=${ENABLE_BLUETOOTH:=false}
112 112 ENABLE_MINIUART_OVERLAY=${ENABLE_MINIUART_OVERLAY:=false}
113 113 ENABLE_CONSOLE=${ENABLE_CONSOLE:=true}
114 114 ENABLE_I2C=${ENABLE_I2C:=false}
115 115 ENABLE_SPI=${ENABLE_SPI:=false}
116 116 ENABLE_IPV6=${ENABLE_IPV6:=true}
117 117 ENABLE_SSHD=${ENABLE_SSHD:=true}
118 118 ENABLE_NONFREE=${ENABLE_NONFREE:=false}
119 119 ENABLE_WIRELESS=${ENABLE_WIRELESS:=false}
120 120 ENABLE_SOUND=${ENABLE_SOUND:=true}
121 121 ENABLE_DBUS=${ENABLE_DBUS:=true}
122 122 ENABLE_HWRANDOM=${ENABLE_HWRANDOM:=true}
123 123 ENABLE_MINGPU=${ENABLE_MINGPU:=false}
124 124 ENABLE_XORG=${ENABLE_XORG:=false}
125 125 ENABLE_WM=${ENABLE_WM:=""}
126 126 ENABLE_RSYSLOG=${ENABLE_RSYSLOG:=true}
127 127 ENABLE_USER=${ENABLE_USER:=true}
128 128 USER_NAME=${USER_NAME:="pi"}
129 129 ENABLE_ROOT=${ENABLE_ROOT:=false}
130 130 ENABLE_QEMU=${ENABLE_QEMU:=false}
131 131 ENABLE_SYSVINIT=${ENABLE_SYSVINIT:=false}
132 132
133 133 # SSH settings
134 134 SSH_ENABLE_ROOT=${SSH_ENABLE_ROOT:=false}
135 135 SSH_DISABLE_PASSWORD_AUTH=${SSH_DISABLE_PASSWORD_AUTH:=false}
136 136 SSH_LIMIT_USERS=${SSH_LIMIT_USERS:=false}
137 137 SSH_ROOT_PUB_KEY=${SSH_ROOT_PUB_KEY:=""}
138 138 SSH_USER_PUB_KEY=${SSH_USER_PUB_KEY:=""}
139 139
140 140 # Advanced settings
141 141 ENABLE_MINBASE=${ENABLE_MINBASE:=false}
142 142 ENABLE_REDUCE=${ENABLE_REDUCE:=false}
143 143 ENABLE_UBOOT=${ENABLE_UBOOT:=false}
144 144 UBOOTSRC_DIR=${UBOOTSRC_DIR:=""}
145 145 ENABLE_FBTURBO=${ENABLE_FBTURBO:=false}
146 146 ENABLE_VIDEOCORE=${ENABLE_VIDEOCORE:=false}
147 147 VIDEOCORESRC_DIR=${VIDEOCORESRC_DIR:=""}
148 148 FBTURBOSRC_DIR=${FBTURBOSRC_DIR:=""}
149 149 ENABLE_HARDNET=${ENABLE_HARDNET:=false}
150 150 ENABLE_IPTABLES=${ENABLE_IPTABLES:=false}
151 151 ENABLE_SPLITFS=${ENABLE_SPLITFS:=false}
152 152 ENABLE_INITRAMFS=${ENABLE_INITRAMFS:=false}
153 153 ENABLE_IFNAMES=${ENABLE_IFNAMES:=true}
154 154 DISABLE_UNDERVOLT_WARNINGS=${DISABLE_UNDERVOLT_WARNINGS:=}
155 155
156 156 # Kernel compilation settings
157 157 BUILD_KERNEL=${BUILD_KERNEL:=true}
158 158 KERNEL_REDUCE=${KERNEL_REDUCE:=false}
159 159 KERNEL_THREADS=${KERNEL_THREADS:=1}
160 160 KERNEL_HEADERS=${KERNEL_HEADERS:=true}
161 161 KERNEL_MENUCONFIG=${KERNEL_MENUCONFIG:=false}
162 162 KERNEL_REMOVESRC=${KERNEL_REMOVESRC:=true}
163 163 KERNEL_OLDDEFCONFIG=${KERNEL_OLDDEFCONFIG:=false}
164 164 KERNEL_CCACHE=${KERNEL_CCACHE:=false}
165 165
166 166 # Kernel compilation from source directory settings
167 167 KERNELSRC_DIR=${KERNELSRC_DIR:=""}
168 168 KERNELSRC_CLEAN=${KERNELSRC_CLEAN:=false}
169 169 KERNELSRC_CONFIG=${KERNELSRC_CONFIG:=true}
170 170 KERNELSRC_PREBUILT=${KERNELSRC_PREBUILT:=false}
171 171
172 172 # Reduce disk usage settings
173 173 REDUCE_APT=${REDUCE_APT:=true}
174 174 REDUCE_DOC=${REDUCE_DOC:=true}
175 175 REDUCE_MAN=${REDUCE_MAN:=true}
176 176 REDUCE_VIM=${REDUCE_VIM:=false}
177 177 REDUCE_BASH=${REDUCE_BASH:=false}
178 178 REDUCE_HWDB=${REDUCE_HWDB:=true}
179 179 REDUCE_SSHD=${REDUCE_SSHD:=true}
180 180 REDUCE_LOCALE=${REDUCE_LOCALE:=true}
181 181
182 182 # Encrypted filesystem settings
183 183 ENABLE_CRYPTFS=${ENABLE_CRYPTFS:=false}
184 184 CRYPTFS_PASSWORD=${CRYPTFS_PASSWORD:=""}
185 185 CRYPTFS_MAPPING=${CRYPTFS_MAPPING:="secure"}
186 186 CRYPTFS_CIPHER=${CRYPTFS_CIPHER:="aes-xts-plain64:sha512"}
187 187 CRYPTFS_XTSKEYSIZE=${CRYPTFS_XTSKEYSIZE:=512}
188 #Dropbear-initramfs supports unlocking encrypted filesystem via SSH on bootup
189 CRYPTFS_DROPBEAR=${CRYPTFS_DROPBEAR:=false}
190 #Provide your own Dropbear Public RSA-OpenSSH Key otherwise it will be generated
191 CRYPTFS_DROPBEAR_PUBKEY=${CRYPTFS_DROPBEAR_PUBKEY:=""}
188 192
189 193 # Chroot scripts directory
190 194 CHROOT_SCRIPTS=${CHROOT_SCRIPTS:=""}
191 195
192 196 # Packages required in the chroot build environment
193 197 APT_INCLUDES=${APT_INCLUDES:=""}
194 198 APT_INCLUDES="${APT_INCLUDES},apt-transport-https,apt-utils,ca-certificates,debian-archive-keyring,dialog,sudo,systemd,sysvinit-utils,locales,keyboard-configuration,console-setup,libnss-systemd"
195 199
196 200 # Packages to exclude from chroot build environment
197 201 APT_EXCLUDES=${APT_EXCLUDES:=""}
198 202
199 203 # Packages required for bootstrapping
200 204 REQUIRED_PACKAGES="debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git bc psmisc dbus sudo"
201 205 MISSING_PACKAGES=""
202 206
203 207 # Packages installed for c/c++ build environment in chroot (keep empty)
204 208 COMPILER_PACKAGES=""
205 209
206 set +x
207
208 210 #Check if apt-cacher-ng has port 3142 open and set APT_PROXY
209 APT_CACHER_RUNNING=$(lsof -i :3142 | grep apt-cacher-ng | cut -d ' ' -f3 | uniq)
210 if [ -n "${APT_CACHER_RUNNING}" ] ; then
211 APT_CACHER_RUNNING=$(lsof -i :3142 | cut -d ' ' -f3 | uniq | sed '/^\s*$/d')
212 if [ "${APT_CACHER_RUNNING}" = "apt-cacher-ng" ] ; then
211 213 APT_PROXY=http://127.0.0.1:3142/
212 214 fi
213 215
214 216 # Setup architecture specific settings
215 217 if [ -n "$SET_ARCH" ] ; then
216 218 # 64-bit configuration
217 219 if [ "$SET_ARCH" = 64 ] ; then
218 220 # General 64-bit depended settings
219 221 QEMU_BINARY=${QEMU_BINARY:=/usr/bin/qemu-aarch64-static}
220 222 KERNEL_ARCH=${KERNEL_ARCH:=arm64}
221 223 KERNEL_BIN_IMAGE=${KERNEL_BIN_IMAGE:="Image"}
222 224
223 225 # Raspberry Pi model specific settings
224 226 if [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then
225 227 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-arm64"
226 228 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcmrpi3_defconfig}
227 229 RELEASE_ARCH=${RELEASE_ARCH:=arm64}
228 230 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel8.img}
229 231 CROSS_COMPILE=${CROSS_COMPILE:=aarch64-linux-gnu-}
230 232 else
231 233 echo "error: Only Raspberry PI 3 and 3B+ support 64-bit"
232 234 exit 1
233 235 fi
234 236 fi
235 237
236 238 # 32-bit configuration
237 239 if [ "$SET_ARCH" = 32 ] ; then
238 240 # General 32-bit dependend settings
239 241 QEMU_BINARY=${QEMU_BINARY:=/usr/bin/qemu-arm-static}
240 242 KERNEL_ARCH=${KERNEL_ARCH:=arm}
241 243 KERNEL_BIN_IMAGE=${KERNEL_BIN_IMAGE:="zImage"}
242 244
243 245 # Raspberry Pi model specific settings
244 246 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 1 ] || [ "$RPI_MODEL" = 1P ] ; then
245 247 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-armel"
246 248 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcmrpi_defconfig}
247 249 RELEASE_ARCH=${RELEASE_ARCH:=armel}
248 250 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel.img}
249 251 CROSS_COMPILE=${CROSS_COMPILE:=arm-linux-gnueabi-}
250 252 fi
251 253
252 254 # Raspberry Pi model specific settings
253 255 if [ "$RPI_MODEL" = 2 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then
254 256 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-armhf"
255 257 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcm2709_defconfig}
256 258 RELEASE_ARCH=${RELEASE_ARCH:=armhf}
257 259 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel7.img}
258 260 CROSS_COMPILE=${CROSS_COMPILE:=arm-linux-gnueabihf-}
259 261 fi
260 262 fi
261 263 #SET_ARCH not set
262 264 else
263 265 echo "error: Please set '32' or '64' as value for SET_ARCH"
264 266 exit 1
265 267 fi
266 268 # Device specific configuration and U-Boot configuration
267 269 case "$RPI_MODEL" in
268 270 0)
269 271 DTB_FILE=${DTB_FILE:=bcm2708-rpi-0-w.dtb}
270 272 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_defconfig}
271 273 ;;
272 274 1)
273 275 DTB_FILE=${DTB_FILE:=bcm2708-rpi-b.dtb}
274 276 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_defconfig}
275 277 ;;
276 278 1P)
277 279 DTB_FILE=${DTB_FILE:=bcm2708-rpi-b-plus.dtb}
278 280 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_defconfig}
279 281 ;;
280 282 2)
281 283 DTB_FILE=${DTB_FILE:=bcm2709-rpi-2-b.dtb}
282 284 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_2_defconfig}
283 285 ;;
284 286 3)
285 287 DTB_FILE=${DTB_FILE:=bcm2710-rpi-3-b.dtb}
286 288 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_3_defconfig}
287 289 ;;
288 290 3P)
289 291 DTB_FILE=${DTB_FILE:=bcm2710-rpi-3-b.dtb}
290 292 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_3_defconfig}
291 293 ;;
292 294 *)
293 295 echo "error: Raspberry Pi model $RPI_MODEL is not supported!"
294 296 exit 1
295 297 ;;
296 298 esac
297 299
298 300 # Raspberry PI 0,3,3P with Bluetooth and Wifi onboard
299 301 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then
300 302 # Include bluetooth packages on supported boards
301 if [ "$ENABLE_BLUETOOTH" = true ] && [ "$ENABLE_CONSOLE" = false ]; then
303 if [ "$ENABLE_BLUETOOTH" = true ] ; then
302 304 APT_INCLUDES="${APT_INCLUDES},bluetooth,bluez"
303 305 fi
306 if [ "$ENABLE_WIRELESS" = true ] ; then
307 APT_INCLUDES="${APT_INCLUDES},wireless-tools,crda,wireless-regdb"
308 fi
304 309 else # Raspberry PI 1,1P,2 without Wifi and bluetooth onboard
305 310 # Check if the internal wireless interface is not supported by the RPi model
306 311 if [ "$ENABLE_WIRELESS" = true ] || [ "$ENABLE_BLUETOOTH" = true ]; then
307 312 echo "error: The selected Raspberry Pi model has no integrated interface for wireless or bluetooth"
308 313 exit 1
309 314 fi
310 315 fi
311 316
312 317 # Prepare date string for default image file name
313 318 DATE="$(date +%Y-%m-%d)"
314 319 if [ -z "$KERNEL_BRANCH" ] ; then
315 320 IMAGE_NAME=${IMAGE_NAME:=${BASEDIR}/${DATE}-${KERNEL_ARCH}-CURRENT-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}}
316 321 else
317 322 IMAGE_NAME=${IMAGE_NAME:=${BASEDIR}/${DATE}-${KERNEL_ARCH}-${KERNEL_BRANCH}-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}}
318 323 fi
319 324
320 325 # Check if DISABLE_UNDERVOLT_WARNINGS parameter value is supported
321 326 if [ -n "$DISABLE_UNDERVOLT_WARNINGS" ] ; then
322 327 if [ "$DISABLE_UNDERVOLT_WARNINGS" != 1 ] && [ "$DISABLE_UNDERVOLT_WARNINGS" != 2 ] ; then
323 328 echo "error: DISABLE_UNDERVOLT_WARNINGS=${DISABLE_UNDERVOLT_WARNINGS} is not supported"
324 329 exit 1
325 330 fi
326 331 fi
327 332
328 333 # Add cmake to compile videocore sources
329 334 if [ "$ENABLE_VIDEOCORE" = true ] ; then
330 335 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} cmake"
331 336 fi
332 337
333 338 # Add libncurses5 to enable kernel menuconfig
334 339 if [ "$KERNEL_MENUCONFIG" = true ] ; then
335 340 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} libncurses-dev"
336 341 fi
337 342
338 343 # Add ccache compiler cache for (faster) kernel cross (re)compilation
339 344 if [ "$KERNEL_CCACHE" = true ] ; then
340 345 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} ccache"
341 346 fi
342 347
343 348 # Add cryptsetup package to enable filesystem encryption
344 349 if [ "$ENABLE_CRYPTFS" = true ] && [ "$BUILD_KERNEL" = true ] ; then
345 350 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} cryptsetup"
346 351 APT_INCLUDES="${APT_INCLUDES},cryptsetup,busybox,console-setup"
347 352
353 # If cryptfs,dropbear and initramfs are enabled include dropbear-initramfs package
354 if [ "$CRYPTFS_DROPBEAR" = true ] && [ "$ENABLE_INITRAMFS" = true ]; then
355 APT_INCLUDES="${APT_INCLUDES},dropbear-initramfs"
356 fi
357
348 358 if [ -z "$CRYPTFS_PASSWORD" ] ; then
349 359 echo "error: no password defined (CRYPTFS_PASSWORD)!"
350 360 exit 1
351 361 fi
352 362 ENABLE_INITRAMFS=true
353 363 fi
354 364
355 365 # Add initramfs generation tools
356 366 if [ "$ENABLE_INITRAMFS" = true ] && [ "$BUILD_KERNEL" = true ] ; then
357 367 APT_INCLUDES="${APT_INCLUDES},initramfs-tools"
358 368 fi
359 369
360 370 # Add device-tree-compiler required for building the U-Boot bootloader
361 371 if [ "$ENABLE_UBOOT" = true ] ; then
362 372 APT_INCLUDES="${APT_INCLUDES},device-tree-compiler,bison,flex,bc"
363 373 fi
364 374
365 if [ "$ENABLE_BLUETOOTH" = true ] ; then
366 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then
367 if [ "$ENABLE_CONSOLE" = false ] ; then
368 APT_INCLUDES="${APT_INCLUDES},bluetooth,bluez"
369 fi
370 fi
371 fi
372
373 375 # Check if root SSH (v2) public key file exists
374 376 if [ -n "$SSH_ROOT_PUB_KEY" ] ; then
375 377 if [ ! -f "$SSH_ROOT_PUB_KEY" ] ; then
376 378 echo "error: '$SSH_ROOT_PUB_KEY' specified SSH public key file not found (SSH_ROOT_PUB_KEY)!"
377 379 exit 1
378 380 fi
379 381 fi
380 382
381 383 # Check if $USER_NAME SSH (v2) public key file exists
382 384 if [ -n "$SSH_USER_PUB_KEY" ] ; then
383 385 if [ ! -f "$SSH_USER_PUB_KEY" ] ; then
384 386 echo "error: '$SSH_USER_PUB_KEY' specified SSH public key file not found (SSH_USER_PUB_KEY)!"
385 387 exit 1
386 388 fi
387 389 fi
388 390
389 391 # Check if all required packages are installed on the build system
390 392 for package in $REQUIRED_PACKAGES ; do
391 393 if [ "$(dpkg-query -W -f='${Status}' "$package")" != "install ok installed" ] ; then
392 394 MISSING_PACKAGES="${MISSING_PACKAGES} $package"
393 395 fi
394 396 done
395 397
396 398 # If there are missing packages ask confirmation for install, or exit
397 399 if [ -n "$MISSING_PACKAGES" ] ; then
398 400 echo "the following packages needed by this script are not installed:"
399 401 echo "$MISSING_PACKAGES"
400 402
401 403 printf "\ndo you want to install the missing packages right now? [y/n] "
402 404 read -r confirm
403 405 [ "$confirm" != "y" ] && exit 1
404 406
405 407 # Make sure all missing required packages are installed
406 408 apt-get -qq -y install `echo "${MISSING_PACKAGES}" | sed "s/ //"`
407 409 fi
408 410
409 411 # Check if ./bootstrap.d directory exists
410 412 if [ ! -d "./bootstrap.d/" ] ; then
411 413 echo "error: './bootstrap.d' required directory not found!"
412 414 exit 1
413 415 fi
414 416
415 417 # Check if ./files directory exists
416 418 if [ ! -d "./files/" ] ; then
417 419 echo "error: './files' required directory not found!"
418 420 exit 1
419 421 fi
420 422
421 423 # Check if specified KERNELSRC_DIR directory exists
422 424 if [ -n "$KERNELSRC_DIR" ] && [ ! -d "$KERNELSRC_DIR" ] ; then
423 425 echo "error: '${KERNELSRC_DIR}' specified directory not found (KERNELSRC_DIR)!"
424 426 exit 1
425 427 fi
426 428
427 429 # Check if specified UBOOTSRC_DIR directory exists
428 430 if [ -n "$UBOOTSRC_DIR" ] && [ ! -d "$UBOOTSRC_DIR" ] ; then
429 431 echo "error: '${UBOOTSRC_DIR}' specified directory not found (UBOOTSRC_DIR)!"
430 432 exit 1
431 433 fi
432 434
433 435 # Check if specified VIDEOCORESRC_DIR directory exists
434 436 if [ -n "$VIDEOCORESRC_DIR" ] && [ ! -d "$VIDEOCORESRC_DIR" ] ; then
435 437 echo "error: '${VIDEOCORESRC_DIR}' specified directory not found (VIDEOCORESRC_DIR)!"
436 438 exit 1
437 439 fi
438 440
439 441 # Check if specified FBTURBOSRC_DIR directory exists
440 442 if [ -n "$FBTURBOSRC_DIR" ] && [ ! -d "$FBTURBOSRC_DIR" ] ; then
441 443 echo "error: '${FBTURBOSRC_DIR}' specified directory not found (FBTURBOSRC_DIR)!"
442 444 exit 1
443 445 fi
444 446
445 447 # Check if specified CHROOT_SCRIPTS directory exists
446 448 if [ -n "$CHROOT_SCRIPTS" ] && [ ! -d "$CHROOT_SCRIPTS" ] ; then
447 449 echo "error: ${CHROOT_SCRIPTS} specified directory not found (CHROOT_SCRIPTS)!"
448 450 exit 1
449 451 fi
450 452
451 453 # Check if specified device mapping already exists (will be used by cryptsetup)
452 454 if [ -r "/dev/mapping/${CRYPTFS_MAPPING}" ] ; then
453 455 echo "error: mapping /dev/mapping/${CRYPTFS_MAPPING} already exists, not proceeding"
454 456 exit 1
455 457 fi
456 458
457 459 # Don't clobber an old build
458 460 if [ -e "$BUILDDIR" ] ; then
459 461 echo "error: directory ${BUILDDIR} already exists, not proceeding"
460 462 exit 1
461 463 fi
462 464
463 465 # Setup chroot directory
464 466 mkdir -p "${R}"
465 467
466 468 # Check if build directory has enough of free disk space >512MB
467 469 if [ "$(df --output=avail "${BUILDDIR}" | sed "1d")" -le "524288" ] ; then
468 470 echo "error: ${BUILDDIR} not enough space left to generate the output image!"
469 471 exit 1
470 472 fi
471 473
472 474 set -x
473 475
474 476 # Call "cleanup" function on various signals and errors
475 477 trap cleanup 0 1 2 3 6
476 478
477 479 # Add required packages for the minbase installation
478 480 if [ "$ENABLE_MINBASE" = true ] ; then
479 481 APT_INCLUDES="${APT_INCLUDES},vim-tiny,netbase,net-tools,ifupdown"
480 482 fi
481 483
482 484 # Add parted package, required to get partprobe utility
483 485 if [ "$EXPANDROOT" = true ] ; then
484 486 APT_INCLUDES="${APT_INCLUDES},parted"
485 487 fi
486 488
487 489 # Add dbus package, recommended if using systemd
488 490 if [ "$ENABLE_DBUS" = true ] ; then
489 491 APT_INCLUDES="${APT_INCLUDES},dbus"
490 492 fi
491 493
492 494 # Add iptables IPv4/IPv6 package
493 495 if [ "$ENABLE_IPTABLES" = true ] ; then
494 496 APT_INCLUDES="${APT_INCLUDES},iptables,iptables-persistent"
495 497 fi
496 498
497 499 # Add openssh server package
498 500 if [ "$ENABLE_SSHD" = true ] ; then
499 501 APT_INCLUDES="${APT_INCLUDES},openssh-server"
500 502 fi
501 503
502 504 # Add alsa-utils package
503 505 if [ "$ENABLE_SOUND" = true ] ; then
504 506 APT_INCLUDES="${APT_INCLUDES},alsa-utils"
505 507 fi
506 508
507 509 # Add rng-tools package
508 510 if [ "$ENABLE_HWRANDOM" = true ] ; then
509 511 APT_INCLUDES="${APT_INCLUDES},rng-tools"
510 512 fi
511 513
512 514 # Add fbturbo video driver
513 515 if [ "$ENABLE_FBTURBO" = true ] ; then
514 516 # Enable xorg package dependencies
515 517 ENABLE_XORG=true
516 518 fi
517 519
518 520 # Add user defined window manager package
519 521 if [ -n "$ENABLE_WM" ] ; then
520 522 APT_INCLUDES="${APT_INCLUDES},${ENABLE_WM}"
521 523
522 524 # Enable xorg package dependencies
523 525 ENABLE_XORG=true
524 526 fi
525 527
526 528 # Add xorg package
527 529 if [ "$ENABLE_XORG" = true ] ; then
528 530 APT_INCLUDES="${APT_INCLUDES},xorg,dbus-x11"
529 531 fi
530 532
531 533 # Replace selected packages with smaller clones
532 534 if [ "$ENABLE_REDUCE" = true ] ; then
533 535 # Add levee package instead of vim-tiny
534 536 if [ "$REDUCE_VIM" = true ] ; then
535 537 APT_INCLUDES="$(echo ${APT_INCLUDES} | sed "s/vim-tiny/levee/")"
536 538 fi
537 539
538 540 # Add dropbear package instead of openssh-server
539 541 if [ "$REDUCE_SSHD" = true ] ; then
540 542 APT_INCLUDES="$(echo "${APT_INCLUDES}" | sed "s/openssh-server/dropbear/")"
541 543 fi
542 544 fi
543 545
544 546 # Configure systemd-sysv exclude to make halt/reboot/shutdown scripts available
545 547 if [ "$ENABLE_SYSVINIT" = false ] ; then
546 548 APT_EXCLUDES="--exclude=${APT_EXCLUDES},init,systemd-sysv"
547 549 fi
548 550
549 551 # Check if kernel is getting compiled
550 552 if [ "$BUILD_KERNEL" = false ] ; then
551 553 echo "Downloading precompiled kernel"
552 554 echo "error: not configured"
553 555 exit 1;
554 556 # BUILD_KERNEL=true
555 557 else
556 558 echo "No precompiled kernel repositories were added"
557 559 fi
558 560
559 561 # Configure kernel sources if no KERNELSRC_DIR
560 562 if [ "$BUILD_KERNEL" = true ] && [ -z "$KERNELSRC_DIR" ] ; then
561 563 KERNELSRC_CONFIG=true
562 564 fi
563 565
564 566 # Configure reduced kernel
565 567 if [ "$KERNEL_REDUCE" = true ] ; then
566 568 KERNELSRC_CONFIG=false
567 569 fi
568 570
569 571 # Configure qemu compatible kernel
570 572 if [ "$ENABLE_QEMU" = true ] ; then
571 573 DTB_FILE=vexpress-v2p-ca15_a7.dtb
572 574 UBOOT_CONFIG=vexpress_ca15_tc2_defconfig
573 575 KERNEL_DEFCONFIG="vexpress_defconfig"
574 576 if [ "$KERNEL_MENUCONFIG" = false ] ; then
575 577 KERNEL_OLDDEFCONFIG=true
576 578 fi
577 579 fi
578 580
579 581 # Execute bootstrap scripts
580 582 for SCRIPT in bootstrap.d/*.sh; do
581 583 head -n 3 "$SCRIPT"
582 584 . "$SCRIPT"
583 585 done
584 586
585 587 ## Execute custom bootstrap scripts
586 588 if [ -d "custom.d" ] ; then
587 589 for SCRIPT in custom.d/*.sh; do
588 590 . "$SCRIPT"
589 591 done
590 592 fi
591 593
592 594 # Execute custom scripts inside the chroot
593 595 if [ -n "$CHROOT_SCRIPTS" ] && [ -d "$CHROOT_SCRIPTS" ] ; then
594 596 cp -r "${CHROOT_SCRIPTS}" "${R}/chroot_scripts"
595 597 chroot_exec /bin/bash -x <<'EOF'
596 598 for SCRIPT in /chroot_scripts/* ; do
597 599 if [ -f $SCRIPT -a -x $SCRIPT ] ; then
598 600 $SCRIPT
599 601 fi
600 602 done
601 603 EOF
602 604 rm -rf "${R}/chroot_scripts"
603 605 fi
604 606
605 607 # Remove c/c++ build environment from the chroot
606 608 chroot_remove_cc
607 609
608 610 # Generate required machine-id
609 611 MACHINE_ID=$(dbus-uuidgen)
610 612 echo -n "${MACHINE_ID}" > "${R}/var/lib/dbus/machine-id"
611 613 echo -n "${MACHINE_ID}" > "${ETC_DIR}/machine-id"
612 614
613 615 # APT Cleanup
614 616 chroot_exec apt-get -y clean
615 617 chroot_exec apt-get -y autoclean
616 618 chroot_exec apt-get -y autoremove
617 619
618 620 # Unmount mounted filesystems
619 621 umount -l "${R}/proc"
620 622 umount -l "${R}/sys"
621 623
622 624 # Clean up directories
623 625 rm -rf "${R}/run/*"
624 626 rm -rf "${R}/tmp/*"
625 627
626 628 # Clean up files
627 629 rm -f "${ETC_DIR}/ssh/ssh_host_*"
628 630 rm -f "${ETC_DIR}/dropbear/dropbear_*"
629 631 rm -f "${ETC_DIR}/apt/sources.list.save"
630 632 rm -f "${ETC_DIR}/resolvconf/resolv.conf.d/original"
631 633 rm -f "${ETC_DIR}/*-"
632 634 rm -f "${ETC_DIR}/apt/apt.conf.d/10proxy"
633 635 rm -f "${ETC_DIR}/resolv.conf"
634 636 rm -f "${R}/root/.bash_history"
635 637 rm -f "${R}/var/lib/urandom/random-seed"
636 638 rm -f "${R}/initrd.img"
637 639 rm -f "${R}/vmlinuz"
638 640 rm -f "${R}${QEMU_BINARY}"
639 641
640 642 if [ "$ENABLE_QEMU" = true ] ; then
641 643 # Setup QEMU directory
642 644 mkdir "${BASEDIR}/qemu"
643 645
644 646 # Copy kernel image to QEMU directory
645 647 install_readonly "${BOOT_DIR}/${KERNEL_IMAGE}" "${BASEDIR}/qemu/${KERNEL_IMAGE}"
646 648
647 649 # Copy kernel config to QEMU directory
648 650 install_readonly "${R}/boot/config-${KERNEL_VERSION}" "${BASEDIR}/qemu/config-${KERNEL_VERSION}"
649 651
650 652 # Copy kernel dtbs to QEMU directory
651 653 for dtb in "${BOOT_DIR}/"*.dtb ; do
652 654 if [ -f "${dtb}" ] ; then
653 655 install_readonly "${dtb}" "${BASEDIR}/qemu/"
654 656 fi
655 657 done
656 658
657 659 # Copy kernel overlays to QEMU directory
658 660 if [ -d "${BOOT_DIR}/overlays" ] ; then
659 661 # Setup overlays dtbs directory
660 662 mkdir "${BASEDIR}/qemu/overlays"
661 663
662 664 for dtb in "${BOOT_DIR}/overlays/"*.dtb ; do
663 665 if [ -f "${dtb}" ] ; then
664 666 install_readonly "${dtb}" "${BASEDIR}/qemu/overlays/"
665 667 fi
666 668 done
667 669 fi
668 670
669 671 # Copy u-boot files to QEMU directory
670 672 if [ "$ENABLE_UBOOT" = true ] ; then
671 673 if [ -f "${BOOT_DIR}/u-boot.bin" ] ; then
672 674 install_readonly "${BOOT_DIR}/u-boot.bin" "${BASEDIR}/qemu/u-boot.bin"
673 675 fi
674 676 if [ -f "${BOOT_DIR}/uboot.mkimage" ] ; then
675 677 install_readonly "${BOOT_DIR}/uboot.mkimage" "${BASEDIR}/qemu/uboot.mkimage"
676 678 fi
677 679 if [ -f "${BOOT_DIR}/boot.scr" ] ; then
678 680 install_readonly "${BOOT_DIR}/boot.scr" "${BASEDIR}/qemu/boot.scr"
679 681 fi
680 682 fi
681 683
682 684 # Copy initramfs to QEMU directory
683 685 if [ -f "${BOOT_DIR}/initramfs-${KERNEL_VERSION}" ] ; then
684 686 install_readonly "${BOOT_DIR}/initramfs-${KERNEL_VERSION}" "${BASEDIR}/qemu/initramfs-${KERNEL_VERSION}"
685 687 fi
686 688 fi
687 689
688 690 # Calculate size of the chroot directory in KB
689 691 CHROOT_SIZE=$(expr "$(du -s "${R}" | awk '{ print $1 }')")
690 692
691 693 # Calculate the amount of needed 512 Byte sectors
692 694 TABLE_SECTORS=$(expr 1 \* 1024 \* 1024 \/ 512)
693 695 FRMW_SECTORS=$(expr 64 \* 1024 \* 1024 \/ 512)
694 696 ROOT_OFFSET=$(expr "${TABLE_SECTORS}" + "${FRMW_SECTORS}")
695 697
696 698 # The root partition is EXT4
697 699 # This means more space than the actual used space of the chroot is used.
698 700 # As overhead for journaling and reserved blocks 35% are added.
699 701 ROOT_SECTORS=$(expr "$(expr "${CHROOT_SIZE}" + "${CHROOT_SIZE}" \/ 100 \* 35)" \* 1024 \/ 512)
700 702
701 703 # Calculate required image size in 512 Byte sectors
702 704 IMAGE_SECTORS=$(expr "${TABLE_SECTORS}" + "${FRMW_SECTORS}" + "${ROOT_SECTORS}")
703 705
704 706 # Prepare image file
705 707 if [ "$ENABLE_SPLITFS" = true ] ; then
706 708 dd if=/dev/zero of="$IMAGE_NAME-frmw.img" bs=512 count="${TABLE_SECTORS}"
707 709 dd if=/dev/zero of="$IMAGE_NAME-frmw.img" bs=512 count=0 seek="${FRMW_SECTORS}"
708 710 dd if=/dev/zero of="$IMAGE_NAME-root.img" bs=512 count="${TABLE_SECTORS}"
709 711 dd if=/dev/zero of="$IMAGE_NAME-root.img" bs=512 count=0 seek="${ROOT_SECTORS}"
710 712
711 713 # Write firmware/boot partition tables
712 714 sfdisk -q -L -uS -f "$IMAGE_NAME-frmw.img" 2> /dev/null <<EOM
713 715 ${TABLE_SECTORS},${FRMW_SECTORS},c,*
714 716 EOM
715 717
716 718 # Write root partition table
717 719 sfdisk -q -L -uS -f "$IMAGE_NAME-root.img" 2> /dev/null <<EOM
718 720 ${TABLE_SECTORS},${ROOT_SECTORS},83
719 721 EOM
720 722
721 723 # Setup temporary loop devices
722 724 FRMW_LOOP="$(losetup -o 1M --sizelimit 64M -f --show "$IMAGE_NAME"-frmw.img)"
723 725 ROOT_LOOP="$(losetup -o 1M -f --show "$IMAGE_NAME"-root.img)"
724 726 else # ENABLE_SPLITFS=false
725 727 dd if=/dev/zero of="$IMAGE_NAME.img" bs=512 count="${TABLE_SECTORS}"
726 728 dd if=/dev/zero of="$IMAGE_NAME.img" bs=512 count=0 seek="${IMAGE_SECTORS}"
727 729
728 730 # Write partition table
729 731 sfdisk -q -L -uS -f "$IMAGE_NAME.img" 2> /dev/null <<EOM
730 732 ${TABLE_SECTORS},${FRMW_SECTORS},c,*
731 733 ${ROOT_OFFSET},${ROOT_SECTORS},83
732 734 EOM
733 735
734 736 # Setup temporary loop devices
735 737 FRMW_LOOP="$(losetup -o 1M --sizelimit 64M -f --show "$IMAGE_NAME".img)"
736 738 ROOT_LOOP="$(losetup -o 65M -f --show "$IMAGE_NAME".img)"
737 739 fi
738 740
739 741 if [ "$ENABLE_CRYPTFS" = true ] ; then
740 742 # Create dummy ext4 fs
741 743 mkfs.ext4 "$ROOT_LOOP"
742 744
743 745 # Setup password keyfile
744 746 touch .password
745 747 chmod 600 .password
746 748 echo -n ${CRYPTFS_PASSWORD} > .password
747 749
748 750 # Initialize encrypted partition
749 751 echo "YES" | cryptsetup luksFormat "${ROOT_LOOP}" -c "${CRYPTFS_CIPHER}" -s "${CRYPTFS_XTSKEYSIZE}" .password
750 752
751 753 # Open encrypted partition and setup mapping
752 754 cryptsetup luksOpen "${ROOT_LOOP}" -d .password "${CRYPTFS_MAPPING}"
753 755
754 756 # Secure delete password keyfile
755 757 shred -zu .password
756 758
757 759 # Update temporary loop device
758 760 ROOT_LOOP="/dev/mapper/${CRYPTFS_MAPPING}"
759 761
760 762 # Wipe encrypted partition (encryption cipher is used for randomness)
761 763 dd if=/dev/zero of="${ROOT_LOOP}" bs=512 count="$(blockdev --getsz "${ROOT_LOOP}")"
762 764 fi
763 765
764 766 # Build filesystems
765 767 mkfs.vfat "$FRMW_LOOP"
766 768 mkfs.ext4 "$ROOT_LOOP"
767 769
768 770 # Mount the temporary loop devices
769 771 mkdir -p "$BUILDDIR/mount"
770 772 mount "$ROOT_LOOP" "$BUILDDIR/mount"
771 773
772 774 mkdir -p "$BUILDDIR/mount/boot/firmware"
773 775 mount "$FRMW_LOOP" "$BUILDDIR/mount/boot/firmware"
774 776
775 777 # Copy all files from the chroot to the loop device mount point directory
776 778 rsync -a "${R}/" "$BUILDDIR/mount/"
777 779
778 780 # Unmount all temporary loop devices and mount points
779 781 cleanup
780 782
781 783 # Create block map file(s) of image(s)
782 784 if [ "$ENABLE_SPLITFS" = true ] ; then
783 785 # Create block map files for "bmaptool"
784 786 bmaptool create -o "$IMAGE_NAME-frmw.bmap" "$IMAGE_NAME-frmw.img"
785 787 bmaptool create -o "$IMAGE_NAME-root.bmap" "$IMAGE_NAME-root.img"
786 788
787 789 # Image was successfully created
788 790 echo "$IMAGE_NAME-frmw.img ($(expr \( "${TABLE_SECTORS}" + "${FRMW_SECTORS}" \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
789 791 echo "$IMAGE_NAME-root.img ($(expr \( "${TABLE_SECTORS}" + "${ROOT_SECTORS}" \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
790 792 else
791 793 # Create block map file for "bmaptool"
792 794 bmaptool create -o "$IMAGE_NAME.bmap" "$IMAGE_NAME.img"
793 795
794 796 # Image was successfully created
795 797 echo "$IMAGE_NAME.img ($(expr \( "${TABLE_SECTORS}" + "${FRMW_SECTORS}" + "${ROOT_SECTORS}" \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
796 798
797 799 # Create qemu qcow2 image
798 800 if [ "$ENABLE_QEMU" = true ] ; then
799 801 QEMU_IMAGE=${QEMU_IMAGE:=${BASEDIR}/qemu/${DATE}-${KERNEL_ARCH}-CURRENT-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}}
800 802 QEMU_SIZE=16G
801 803
802 804 qemu-img convert -f raw -O qcow2 "$IMAGE_NAME".img "$QEMU_IMAGE".qcow2
803 805 qemu-img resize "$QEMU_IMAGE".qcow2 $QEMU_SIZE
804 806
805 807 echo "$QEMU_IMAGE.qcow2 ($QEMU_SIZE)" ": successfully created"
806 808 fi
807 809 fi
General Comments 0
Vous devez vous connecter pour laisser un commentaire. Se connecter maintenant