| @@ -1,3 +1,4 | |||
|
|
1 | #!/bin/bash | |
|
|
1 | 2 | # |
|
|
2 | 3 | # Build and Setup RPi2/3 Kernel |
|
|
3 | 4 | # |
| @@ -93,20 +94,22 if [ "$BUILD_KERNEL" = true ] ; then | |||
|
|
93 | 94 | echo "CONFIG_LBDAF=y" >> "${KERNEL_DIR}"/.config |
|
|
94 | 95 | |
|
|
95 | 96 | if [ "$ENABLE_CRYPTFS" = true ] ; then |
|
|
96 | echo "CONFIG_EMBEDDED=y" >> "${KERNEL_DIR}"/.config | |
|
|
97 | echo "CONFIG_EXPERT=y" >> "${KERNEL_DIR}"/.config | |
|
|
98 |
echo "CONFIG_ |
|
|
|
99 |
echo "CONFIG_ |
|
|
|
100 |
echo "CONFIG_ |
|
|
|
101 | echo "CONFIG_MD_AUTODETECT=y" >> "${KERNEL_DIR}"/.config | |
|
|
102 | echo "CONFIG_BLK_DEV_DM=y" >> "${KERNEL_DIR}"/.config | |
|
|
103 |
echo "CONFIG_BLK_DEV_DM |
|
|
|
104 | echo "CONFIG_DM_CRYPT=y" >> "${KERNEL_DIR}"/.config | |
|
|
105 | echo "CONFIG_CRYPTO_BLKCIPHER=y" >> "${KERNEL_DIR}"/.config | |
|
|
106 |
echo "CONFIG_CRYPTO_ |
|
|
|
107 |
echo "CONFIG_CRYPTO_ |
|
|
|
108 |
echo "CONFIG_CRYPTO_S |
|
|
|
109 |
echo "CONFIG_CRYPTO_ |
|
|
|
97 | { | |
|
|
98 | echo "CONFIG_EMBEDDED=y" | |
|
|
99 | echo "CONFIG_EXPERT=y" | |
|
|
100 | echo "CONFIG_DAX=y" | |
|
|
101 | echo "CONFIG_MD=y" | |
|
|
102 | echo "CONFIG_BLK_DEV_MD=y" | |
|
|
103 | echo "CONFIG_MD_AUTODETECT=y" | |
|
|
104 | echo "CONFIG_BLK_DEV_DM=y" | |
|
|
105 | echo "CONFIG_BLK_DEV_DM_BUILTIN=y" | |
|
|
106 | echo "CONFIG_DM_CRYPT=y" | |
|
|
107 | echo "CONFIG_CRYPTO_BLKCIPHER=y" | |
|
|
108 | echo "CONFIG_CRYPTO_CBC=y" | |
|
|
109 | echo "CONFIG_CRYPTO_XTS=y" | |
|
|
110 | echo "CONFIG_CRYPTO_SHA512=y" | |
|
|
111 | echo "CONFIG_CRYPTO_MANAGER=y" | |
|
|
112 | } >> "${KERNEL_DIR}"/.config | |
|
|
110 | 113 | fi |
|
|
111 | 114 | fi |
|
|
112 | 115 | |
| @@ -1,3 +1,4 | |||
|
|
1 | #!/bin/bash | |
|
|
1 | 2 | # |
|
|
2 | 3 | # Setup fstab and initramfs |
|
|
3 | 4 | # |
| @@ -45,7 +46,7 if [ "$BUILD_KERNEL" = true ] && [ "$ENABLE_INITRAMFS" = true ] ; then | |||
|
|
45 | 46 | printf "#\n# CRYPTSETUP: [ y | n ]\n#\n\nCRYPTSETUP=y\n" >> "${ETC_DIR}/initramfs-tools/conf-hook" |
|
|
46 | 47 | |
|
|
47 | 48 | # Dummy mapping required by mkinitramfs |
|
|
48 | echo "0 1 crypt $(echo ${CRYPTFS_CIPHER} | cut -d ':' -f 1) ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff 0 7:0 4096" | chroot_exec dmsetup create "${CRYPTFS_MAPPING}" | |
|
|
49 | echo "0 1 crypt $(echo "${CRYPTFS_CIPHER}" | cut -d ':' -f 1) ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff 0 7:0 4096" | chroot_exec dmsetup create "${CRYPTFS_MAPPING}" | |
|
|
49 | 50 | |
|
|
50 | 51 | # Generate initramfs with encrypted root partition support |
|
|
51 | 52 | chroot_exec mkinitramfs -o "/boot/firmware/initramfs-${KERNEL_VERSION}" "${KERNEL_VERSION}" |
| @@ -57,3 +58,4 if [ "$BUILD_KERNEL" = true ] && [ "$ENABLE_INITRAMFS" = true ] ; then | |||
|
|
57 | 58 | chroot_exec mkinitramfs -o "/boot/firmware/initramfs-${KERNEL_VERSION}" "${KERNEL_VERSION}" |
|
|
58 | 59 | fi |
|
|
59 | 60 | fi |
|
|
61 | ||
| @@ -1,3 +1,4 | |||
|
|
1 | #!/bin/bash | |
|
|
1 | 2 | # |
|
|
2 | 3 | # Setup RPi2/3 config and cmdline |
|
|
3 | 4 | # |
| @@ -8,13 +9,13 | |||
|
|
8 | 9 | if [ "$BUILD_KERNEL" = true ] ; then |
|
|
9 | 10 | if [ -n "$RPI_FIRMWARE_DIR" ] && [ -d "$RPI_FIRMWARE_DIR" ] ; then |
|
|
10 | 11 | # Install boot binaries from local directory |
|
|
11 | cp ${RPI_FIRMWARE_DIR}/boot/bootcode.bin ${BOOT_DIR}/bootcode.bin | |
|
|
12 | cp ${RPI_FIRMWARE_DIR}/boot/fixup.dat ${BOOT_DIR}/fixup.dat | |
|
|
13 | cp ${RPI_FIRMWARE_DIR}/boot/fixup_cd.dat ${BOOT_DIR}/fixup_cd.dat | |
|
|
14 | cp ${RPI_FIRMWARE_DIR}/boot/fixup_x.dat ${BOOT_DIR}/fixup_x.dat | |
|
|
15 | cp ${RPI_FIRMWARE_DIR}/boot/start.elf ${BOOT_DIR}/start.elf | |
|
|
16 | cp ${RPI_FIRMWARE_DIR}/boot/start_cd.elf ${BOOT_DIR}/start_cd.elf | |
|
|
17 | cp ${RPI_FIRMWARE_DIR}/boot/start_x.elf ${BOOT_DIR}/start_x.elf | |
|
|
12 | cp "${RPI_FIRMWARE_DIR}"/boot/bootcode.bin "${BOOT_DIR}"/bootcode.bin | |
|
|
13 | cp "${RPI_FIRMWARE_DIR}"/boot/fixup.dat "${BOOT_DIR}"/fixup.dat | |
|
|
14 | cp "${RPI_FIRMWARE_DIR}"/boot/fixup_cd.dat "${BOOT_DIR}"/fixup_cd.dat | |
|
|
15 | cp "${RPI_FIRMWARE_DIR}"/boot/fixup_x.dat "${BOOT_DIR}"/fixup_x.dat | |
|
|
16 | cp "${RPI_FIRMWARE_DIR}"/boot/start.elf "${BOOT_DIR}"/start.elf | |
|
|
17 | cp "${RPI_FIRMWARE_DIR}"/boot/start_cd.elf "${BOOT_DIR}"/start_cd.elf | |
|
|
18 | cp "${RPI_FIRMWARE_DIR}"/boot/start_x.elf "${BOOT_DIR}"/start_x.elf | |
|
|
18 | 19 | else |
|
|
19 | 20 | # Create temporary directory for boot binaries |
|
|
20 | 21 | temp_dir=$(as_nobody mktemp -d) |
| @@ -50,9 +51,9 fi | |||
|
|
50 | 51 | # Add encrypted root partition to cmdline.txt |
|
|
51 | 52 | if [ "$ENABLE_CRYPTFS" = true ] ; then |
|
|
52 | 53 | if [ "$ENABLE_SPLITFS" = true ] ; then |
|
|
53 | CMDLINE=$(echo ${CMDLINE} | sed "s/sda1/mapper\/${CRYPTFS_MAPPING} cryptdevice=\/dev\/sda1:${CRYPTFS_MAPPING}/") | |
|
|
54 | CMDLINE=$(echo "${CMDLINE}" | sed "s/sda1/mapper\/${CRYPTFS_MAPPING} cryptdevice=\/dev\/sda1:${CRYPTFS_MAPPING}/") | |
|
|
54 | 55 | else |
|
|
55 | CMDLINE=$(echo ${CMDLINE} | sed "s/mmcblk0p2/mapper\/${CRYPTFS_MAPPING} cryptdevice=\/dev\/mmcblk0p2:${CRYPTFS_MAPPING}/") | |
|
|
56 | CMDLINE=$(echo "${CMDLINE}" | sed "s/mmcblk0p2/mapper\/${CRYPTFS_MAPPING} cryptdevice=\/dev\/mmcblk0p2:${CRYPTFS_MAPPING}/") | |
|
|
56 | 57 | fi |
|
|
57 | 58 | fi |
|
|
58 | 59 | |
| @@ -139,7 +140,7 if [ "$ENABLE_SPI" = true ] ; then | |||
|
|
139 | 140 | fi |
|
|
140 | 141 | |
|
|
141 | 142 | # Disable RPi2/3 under-voltage warnings |
|
|
142 |
if [ |
|
|
|
143 | if [ -n "$DISABLE_UNDERVOLT_WARNINGS" ] ; then | |
|
|
143 | 144 | echo "avoid_warnings=${DISABLE_UNDERVOLT_WARNINGS}" >> "${BOOT_DIR}/config.txt" |
|
|
144 | 145 | fi |
|
|
145 | 146 | |
| @@ -149,3 +150,4 install_readonly files/modules/raspi-blacklist.conf "${ETC_DIR}/modprobe.d/raspi | |||
|
|
149 | 150 | |
|
|
150 | 151 | # Install sysctl.d configuration files |
|
|
151 | 152 | install_readonly files/sysctl.d/81-rpi-vm.conf "${ETC_DIR}/sysctl.d/81-rpi-vm.conf" |
|
|
153 | ||
| @@ -1,3 +1,4 | |||
|
|
1 | #!/bin/bash | |
|
|
1 | 2 | # |
|
|
2 | 3 | # Setup Networking |
|
|
3 | 4 | # |
| @@ -89,14 +90,14 if [ "$ENABLE_HARDNET" = true ] ; then | |||
|
|
89 | 90 | fi |
|
|
90 | 91 | |
|
|
91 | 92 | # Enable time sync |
|
|
92 | if [ "NET_NTP_1" != "" ] ; then | |
|
|
93 | if [ "$NET_NTP_1" != "" ] ; then | |
|
|
93 | 94 | chroot_exec systemctl enable systemd-timesyncd.service |
|
|
94 | 95 | fi |
|
|
95 | 96 | |
|
|
96 | 97 | # Download the firmware binary blob required to use the RPi3 wireless interface |
|
|
97 | 98 | if [ "$ENABLE_WIRELESS" = true ] ; then |
|
|
98 | if [ ! -d ${WLAN_FIRMWARE_DIR} ] ; then | |
|
|
99 | mkdir -p ${WLAN_FIRMWARE_DIR} | |
|
|
99 | if [ ! -d "${WLAN_FIRMWARE_DIR}" ] ; then | |
|
|
100 | mkdir -p "${WLAN_FIRMWARE_DIR}" | |
|
|
100 | 101 | fi |
|
|
101 | 102 | |
|
|
102 | 103 | # Create temporary directory for firmware binary blob |
| @@ -1,3 +1,4 | |||
|
|
1 | #!/bin/bash | |
|
|
1 | 2 | # |
|
|
2 | 3 | # Setup users and security settings |
|
|
3 | 4 | # |
| @@ -6,13 +7,13 | |||
|
|
6 | 7 | . ./functions.sh |
|
|
7 | 8 | |
|
|
8 | 9 | # Generate crypt(3) password string |
|
|
9 |
ENCRYPTED_PASSWORD= |
|
|
|
10 |
ENCRYPTED_USER_PASSWORD= |
|
|
|
10 | ENCRYPTED_PASSWORD=$(mkpasswd -m sha-512 "${PASSWORD}") | |
|
|
11 | ENCRYPTED_USER_PASSWORD=$(mkpasswd -m sha-512 "${USER_PASSWORD}") | |
|
|
11 | 12 | |
|
|
12 | 13 | # Setup default user |
|
|
13 | 14 | if [ "$ENABLE_USER" = true ] ; then |
|
|
14 | chroot_exec adduser --gecos $USER_NAME --add_extra_groups --disabled-password $USER_NAME | |
|
|
15 | chroot_exec usermod -a -G sudo -p "${ENCRYPTED_USER_PASSWORD}" $USER_NAME | |
|
|
15 | chroot_exec adduser --gecos "$USER_NAME" --add_extra_groups --disabled-password "$USER_NAME" | |
|
|
16 | chroot_exec usermod -a -G sudo -p "${ENCRYPTED_USER_PASSWORD}" "$USER_NAME" | |
|
|
16 | 17 | fi |
|
|
17 | 18 | |
|
|
18 | 19 | # Setup root password or not |
| @@ -1,3 +1,4 | |||
|
|
1 | #!/bin/bash | |
|
|
1 | 2 | # |
|
|
2 | 3 | # Setup SSH settings and public keys |
|
|
3 | 4 | # |
| @@ -28,7 +29,7 if [ "$ENABLE_SSHD" = true ] ; then | |||
|
|
28 | 29 | fi |
|
|
29 | 30 | |
|
|
30 | 31 | # Add SSH (v2) public key for user root |
|
|
31 |
if [ |
|
|
|
32 | if [ -n "$SSH_ROOT_PUB_KEY" ] ; then | |
|
|
32 | 33 | # Create root SSH config directory |
|
|
33 | 34 | mkdir -p "${R}/root/.ssh" |
|
|
34 | 35 | |
| @@ -52,20 +53,20 if [ "$ENABLE_SSHD" = true ] ; then | |||
|
|
52 | 53 | |
|
|
53 | 54 | if [ "$ENABLE_USER" = true ] ; then |
|
|
54 | 55 | # Add SSH (v2) public key for user $USER_NAME |
|
|
55 |
if [ |
|
|
|
56 | if [ -n "$SSH_USER_PUB_KEY" ] ; then | |
|
|
56 | 57 | # Create $USER_NAME SSH config directory |
|
|
57 | 58 | mkdir -p "${R}/home/${USER_NAME}/.ssh" |
|
|
58 | 59 | |
|
|
59 | 60 | # Set permissions of $USER_NAME SSH config directory |
|
|
60 | 61 | chroot_exec chmod 700 "/home/${USER_NAME}/.ssh" |
|
|
61 | chroot_exec chown ${USER_NAME}:${USER_NAME} "/home/${USER_NAME}/.ssh" | |
|
|
62 | chroot_exec chown "${USER_NAME}":"${USER_NAME}" "/home/${USER_NAME}/.ssh" | |
|
|
62 | 63 | |
|
|
63 | 64 | # Add SSH (v2) public key(s) to authorized_keys file |
|
|
64 | 65 | cat "$SSH_USER_PUB_KEY" >> "${R}/home/${USER_NAME}/.ssh/authorized_keys" |
|
|
65 | 66 | |
|
|
66 | 67 | # Set permissions of $USER_NAME SSH config directory |
|
|
67 | 68 | chroot_exec chmod 600 "/home/${USER_NAME}/.ssh/authorized_keys" |
|
|
68 | chroot_exec chown ${USER_NAME}:${USER_NAME} "/home/${USER_NAME}/.ssh/authorized_keys" | |
|
|
69 | chroot_exec chown "${USER_NAME}":"${USER_NAME}" "/home/${USER_NAME}/.ssh/authorized_keys" | |
|
|
69 | 70 | |
|
|
70 | 71 | if [ "$ENABLE_REDUCE" = false ] || [ "$REDUCE_SSHD" = false ] ; then |
|
|
71 | 72 | # Allow SSH public key authentication |
| @@ -85,7 +86,7 if [ "$ENABLE_SSHD" = true ] ; then | |||
|
|
85 | 86 | allowed_users="${allowed_users} ${USER_NAME}" |
|
|
86 | 87 | fi |
|
|
87 | 88 | |
|
|
88 |
if [ |
|
|
|
89 | if [ -n "$allowed_users" ] ; then | |
|
|
89 | 90 | echo "AllowUsers ${allowed_users}" >> "${ETC_DIR}/ssh/sshd_config" |
|
|
90 | 91 | fi |
|
|
91 | 92 | fi |
| @@ -1,3 +1,4 | |||
|
|
1 | #!/bin/bash | |
|
|
1 | 2 | # |
|
|
2 | 3 | # Build and Setup U-Boot |
|
|
3 | 4 | # |
| @@ -32,7 +33,7 if [ "$ENABLE_UBOOT" = true ] ; then | |||
|
|
32 | 33 | fi |
|
|
33 | 34 | |
|
|
34 | 35 | # Build and install U-Boot inside chroot |
|
|
35 | chroot_exec make -j${KERNEL_THREADS} -C /tmp/u-boot/ ${UBOOT_CONFIG} all | |
|
|
36 | chroot_exec make -j"${KERNEL_THREADS}" -C /tmp/u-boot/ "${UBOOT_CONFIG}" all | |
|
|
36 | 37 | |
|
|
37 | 38 | # Copy compiled bootloader binary and set config.txt to load it |
|
|
38 | 39 | install_exec "${R}/tmp/u-boot/tools/mkimage" "${R}/usr/sbin/mkimage" |
| @@ -41,7 +42,7 if [ "$ENABLE_UBOOT" = true ] ; then | |||
|
|
41 | 42 | |
|
|
42 | 43 | # Install and setup U-Boot command file |
|
|
43 | 44 | install_readonly files/boot/uboot.mkimage "${BOOT_DIR}/uboot.mkimage" |
|
|
44 | printf "# Set the kernel boot command line\nsetenv bootargs \"earlyprintk ${CMDLINE}\"\n\n$(cat ${BOOT_DIR}/uboot.mkimage)" > "${BOOT_DIR}/uboot.mkimage" | |
|
|
45 | printf "# Set the kernel boot command line\nsetenv bootargs \"earlyprintk ${CMDLINE}\"\n\n$(cat "${BOOT_DIR}"/uboot.mkimage)" > "${BOOT_DIR}/uboot.mkimage" | |
|
|
45 | 46 | |
|
|
46 | 47 | if [ "$ENABLE_INITRAMFS" = true ] ; then |
|
|
47 | 48 | # Convert generated initramfs for U-Boot using mkimage |
| @@ -51,7 +52,7 if [ "$ENABLE_UBOOT" = true ] ; then | |||
|
|
51 | 52 | rm -f "${BOOT_DIR}/initramfs-${KERNEL_VERSION}" |
|
|
52 | 53 | |
|
|
53 | 54 | # Configure U-Boot to load generated initramfs |
|
|
54 | printf "# Set initramfs file\nsetenv initramfs initramfs-${KERNEL_VERSION}.uboot\n\n$(cat ${BOOT_DIR}/uboot.mkimage)" > "${BOOT_DIR}/uboot.mkimage" | |
|
|
55 | printf "# Set initramfs file\nsetenv initramfs initramfs-${KERNEL_VERSION}.uboot\n\n$(cat "${BOOT_DIR}"/uboot.mkimage)" > "${BOOT_DIR}/uboot.mkimage" | |
|
|
55 | 56 | printf "\nbootz \${kernel_addr_r} \${ramdisk_addr_r} \${fdt_addr_r}" >> "${BOOT_DIR}/uboot.mkimage" |
|
|
56 | 57 | else # ENABLE_INITRAMFS=false |
|
|
57 | 58 | # Remove initramfs from U-Boot mkfile |
| @@ -86,3 +87,4 if [ "$ENABLE_UBOOT" = true ] ; then | |||
|
|
86 | 87 | # Remove U-Boot sources |
|
|
87 | 88 | rm -fr "${R}/tmp/u-boot" |
|
|
88 | 89 | fi |
|
|
90 | ||
| @@ -1,3 +1,4 | |||
|
|
1 | #!/bin/bash | |
|
|
1 | 2 | # |
|
|
2 | 3 | # Reduce system disk usage |
|
|
3 | 4 | # |
| @@ -25,8 +26,8 if [ "$ENABLE_REDUCE" = true ] ; then | |||
|
|
25 | 26 | |
|
|
26 | 27 | # Remove all doc files |
|
|
27 | 28 | if [ "$REDUCE_DOC" = true ] ; then |
|
|
28 | find "${R}/usr/share/doc" -depth -type f ! -name copyright | xargs rm || true | |
|
|
29 | find "${R}/usr/share/doc" -empty | xargs rmdir || true | |
|
|
29 | find "${R}/usr/share/doc" -depth -type f ! -name copyright -print0 | xargs -0 rm || true | |
|
|
30 | find "${R}/usr/share/doc" -empty -print0 | xargs -0 rmdir || true | |
|
|
30 | 31 | fi |
|
|
31 | 32 | |
|
|
32 | 33 | # Remove all man pages and info files |
| @@ -36,7 +37,7 if [ "$ENABLE_REDUCE" = true ] ; then | |||
|
|
36 | 37 | |
|
|
37 | 38 | # Remove all locale translation files |
|
|
38 | 39 | if [ "$REDUCE_LOCALE" = true ] ; then |
|
|
39 | find "${R}/usr/share/locale" -mindepth 1 -maxdepth 1 ! -name 'en' | xargs rm -r | |
|
|
40 | find "${R}/usr/share/locale" -mindepth 1 -maxdepth 1 ! -name 'en' -print0 | xargs -0 rm -r | |
|
|
40 | 41 | fi |
|
|
41 | 42 | |
|
|
42 | 43 | # Remove hwdb PCI device classes (experimental) |
| @@ -459,7 +459,7 fi | |||
|
|
459 | 459 | mkdir -p "${R}" |
|
|
460 | 460 | |
|
|
461 | 461 | # Check if build directory has enough of free disk space >512MB |
|
|
462 | if [ "$(df --output=avail ${BUILDDIR} | sed "1d")" -le "524288" ] ; then | |
|
|
462 | if [ "$(df --output=avail "${BUILDDIR}" | sed "1d")" -le "524288" ] ; then | |
|
|
463 | 463 | echo "error: ${BUILDDIR} not enough space left to generate the output image!" |
|
|
464 | 464 | exit 1 |
|
|
465 | 465 | fi |
General Comments 0
Vous devez vous connecter pour laisser un commentaire.
Se connecter maintenant
