##// END OF EJS Templates
Raspi2-3_GenImage
RSS

Cloner depuis https://github.com/drtyhlpr/rpi23-gen-image.git

enhancment thx to spellcheck.net
burnbabyburn -
r312:3ca992f0164a
parent child
Show More
Show file before | Show file after | Hide comments
@@ -1,47 +1,48
1 #!/bin/bash
1 2 #
2 3 # Debootstrap basic system
3 4 #
4 5
5 6 # Load utility functions
6 7 . ./functions.sh
7 8
8 9 VARIANT=""
9 10 COMPONENTS="main"
10 11 EXCLUDES=""
11 12
12 13 # Use non-free Debian packages if needed
13 14 if [ "$ENABLE_NONFREE" = true ] ; then
14 15 COMPONENTS="main,non-free,contrib"
15 16 fi
16 17
17 18 # Use minbase bootstrap variant which only includes essential packages
18 19 if [ "$ENABLE_MINBASE" = true ] ; then
19 20 VARIANT="--variant=minbase"
20 21 fi
21 22
22 23 # Exclude packages if required by Debian release
23 24 if [ "$RELEASE" = "stretch" ] || [ "$RELEASE" = "buster" ] ; then
24 25 EXCLUDES="--exclude=init,systemd-sysv"
25 26 fi
26 27
27 28 # Base debootstrap (unpack only)
28 29 http_proxy=${APT_PROXY} debootstrap ${EXCLUDES} --arch="${RELEASE_ARCH}" --foreign ${VARIANT} --components="${COMPONENTS}" --include="${APT_INCLUDES}" "${RELEASE}" "${R}" "http://${APT_SERVER}/debian"
29 30
30 31 # Copy qemu emulator binary to chroot
31 32 install -m 755 -o root -g root "${QEMU_BINARY}" "${R}${QEMU_BINARY}"
32 33
33 34 # Copy debian-archive-keyring.pgp
34 35 mkdir -p "${R}/usr/share/keyrings"
35 36 install_readonly /usr/share/keyrings/debian-archive-keyring.gpg "${R}/usr/share/keyrings/debian-archive-keyring.gpg"
36 37
37 38 # Complete the bootstrapping process
38 39 chroot_exec /debootstrap/debootstrap --second-stage
39 40
40 41 # Mount required filesystems
41 42 mount -t proc none "${R}/proc"
42 43 mount -t sysfs none "${R}/sys"
43 44
44 45 # Mount pseudo terminal slave if supported by Debian release
45 46 if [ -d "${R}/dev/pts" ] ; then
46 47 mount --bind /dev/pts "${R}/dev/pts"
47 48 fi
Show file before | Show file after | Hide comments
@@ -1,48 +1,49
1 #!/bin/bash
1 2 #
2 3 # Setup APT repositories
3 4 #
4 5
5 6 # Load utility functions
6 7 . ./functions.sh
7 8
8 9 # Install and setup APT proxy configuration
9 10 if [ -z "$APT_PROXY" ] ; then
10 11 install_readonly files/apt/10proxy "${ETC_DIR}/apt/apt.conf.d/10proxy"
11 12 sed -i "s/\"\"/\"${APT_PROXY}\"/" "${ETC_DIR}/apt/apt.conf.d/10proxy"
12 13 fi
13 14
14 15 if [ "$BUILD_KERNEL" = false ] ; then
15 16 echo "Downloading precompiled kernel"
16 17 echo "error: not configured"
17 18 exit 1;
18 19 else # BUILD_KERNEL=true
19 20 #autconfigure best apt server to not spam ftp.debian.org
20 21 #rm files/apt/sources.list
21 22 #netselect-apt does not know buster yet
22 23 if [ "$RELEASE" = "buster" ] ; then
23 24 RELEASE=${RELEASE:=testing}
24 25 fi
25 26 netselect_string=${netselect_string:=""}
26 27 if [ "$ENABLE_NONFREE" = true ] ; then
27 28 netselect-apt --arch "$RELEASE_ARCH" --sources "$netselect_string" --outfile "${ETC_DIR}/apt/sources.list" -d "$RLS"
28 29 fi
29 30 netselect-apt --arch "$RELEASE_ARCH" --sources "$netselect_string" --outfile "${ETC_DIR}/apt/sources.list" -d "$RLS"
30 31 fi
31 32
32 33 # Upgrade package index and update all installed packages and changed dependencies
33 34 chroot_exec apt-get -qq -y update
34 35 chroot_exec apt-get -qq -y -u dist-upgrade
35 36
36 37 if [ "$APT_INCLUDES_LATE" ] ; then
37 38 chroot_exec apt-get -qq -y install "$(echo "$APT_INCLUDES_LATE" |tr , ' ')"
38 39 fi
39 40
40 41 if [ -d packages ] ; then
41 42 for package in packages/*.deb ; do
42 43 cp "$package" "${R}"/tmp
43 44 chroot_exec dpkg --unpack /tmp/"$(basename "$package")"
44 45 done
45 46 fi
46 47 chroot_exec apt-get -qq -y -f install
47 48
48 49 chroot_exec apt-get -qq -y check
Show file before | Show file after | Hide comments
@@ -1,59 +1,60
1 #!/bin/bash
1 2 #
2 3 # Setup Locales and keyboard settings
3 4 #
4 5
5 6 # Load utility functions
6 7 . ./functions.sh
7 8
8 9 # Install and setup timezone
9 10 echo "${TIMEZONE}" > "${ETC_DIR}/timezone"
10 11 chroot_exec dpkg-reconfigure -f noninteractive tzdata
11 12
12 13 # Install and setup default locale and keyboard configuration
13 14
14 15 if [ "$(echo "$APT_INCLUDES" | grep ",locales")" ] ; then
15 16 # Set locale choice in debconf db, even though dpkg-reconfigure ignores and overwrites them due to some bug
16 17 # https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=684134 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=685957
17 18 # ... so we have to set locales manually
18 19 if [ "$DEFLOCAL" = "en_US.UTF-8" ] ; then
19 20 chroot_exec echo "locales locales/locales_to_be_generated multiselect ${DEFLOCAL} UTF-8" | debconf-set-selections
20 21 else
21 22 # en_US.UTF-8 should be available anyway : https://www.debian.org/doc/manuals/debian-reference/ch08.en.html#_the_reconfiguration_of_the_locale
22 23 chroot_exec echo "locales locales/locales_to_be_generated multiselect en_US.UTF-8 UTF-8, ${DEFLOCAL} UTF-8" | debconf-set-selections
23 24 sed -i "/en_US.UTF-8/s/^#//" "${ETC_DIR}/locale.gen"
24 25 fi
25 26
26 27 sed -i "/${DEFLOCAL}/s/^#//" "${ETC_DIR}/locale.gen"
27 28 chroot_exec echo "locales locales/default_environment_locale select ${DEFLOCAL}" | debconf-set-selections
28 29 chroot_exec locale-gen
29 30 chroot_exec update-locale LANG="${DEFLOCAL}"
30 31
31 32 # Install and setup default keyboard configuration
32 33 if [ "$XKB_MODEL" != "pc105" ] ; then
33 34 sed -i "s/^XKBMODEL.*/XKBMODEL=\"${XKB_MODEL}\"/" "${ETC_DIR}/default/keyboard"
34 35 fi
35 36 if [ "$XKB_LAYOUT" != "us" ] ; then
36 37 sed -i "s/^XKBLAYOUT.*/XKBLAYOUT=\"${XKB_LAYOUT}\"/" "${ETC_DIR}/default/keyboard"
37 38 fi
38 39 if [ "$XKB_VARIANT" != "" ] ; then
39 40 sed -i "s/^XKBVARIANT.*/XKBVARIANT=\"${XKB_VARIANT}\"/" "${ETC_DIR}/default/keyboard"
40 41 fi
41 42 if [ "$XKB_OPTIONS" != "" ] ; then
42 43 sed -i "s/^XKBOPTIONS.*/XKBOPTIONS=\"${XKB_OPTIONS}\"/" "${ETC_DIR}/default/keyboard"
43 44 fi
44 45 chroot_exec dpkg-reconfigure -f noninteractive keyboard-configuration
45 46
46 47 # Install and setup font console
47 48 case "${DEFLOCAL}" in
48 49 *UTF-8)
49 50 sed -i 's/^CHARMAP.*/CHARMAP="UTF-8"/' "${ETC_DIR}/default/console-setup"
50 51 ;;
51 52 *)
52 53 sed -i 's/^CHARMAP.*/CHARMAP="guess"/' "${ETC_DIR}/default/console-setup"
53 54 ;;
54 55 esac
55 56 chroot_exec dpkg-reconfigure -f noninteractive console-setup
56 57 else # (no locales were installed)
57 58 # Install POSIX default locale
58 59 install_readonly files/locales/locale "${ETC_DIR}/default/locale"
59 60 fi
Show file before | Show file after | Hide comments
@@ -1,257 +1,260
1 #!/bin/bash
1 2 #
2 3 # Build and Setup RPi2/3 Kernel
3 4 #
4 5
5 6 # Load utility functions
6 7 . ./functions.sh
7 8
8 9 # Fetch and build latest raspberry kernel
9 10 if [ "$BUILD_KERNEL" = true ] ; then
10 11 # Setup source directory
11 12 mkdir -p "${R}/usr/src/linux"
12 13
13 14 # Copy existing kernel sources into chroot directory
14 15 if [ -n "$KERNELSRC_DIR" ] && [ -d "$KERNELSRC_DIR" ] ; then
15 16 # Copy kernel sources and include hidden files
16 17 cp -r "${KERNELSRC_DIR}/". "${R}/usr/src/linux"
17 18
18 19 # Clean the kernel sources
19 20 if [ "$KERNELSRC_CLEAN" = true ] && [ "$KERNELSRC_PREBUILT" = false ] ; then
20 21 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" mrproper
21 22 fi
22 23 else # KERNELSRC_DIR=""
23 24 # Create temporary directory for kernel sources
24 25 temp_dir=$(as_nobody mktemp -d)
25 26
26 27 # Fetch current RPi2/3 kernel sources
27 28 if [ -z "${KERNEL_BRANCH}" ] ; then
28 29 as_nobody -H git -C "${temp_dir}" clone --depth=1 "${KERNEL_URL}" linux
29 30 else
30 31 as_nobody -H git -C "${temp_dir}" clone --depth=1 --branch "${KERNEL_BRANCH}" "${KERNEL_URL}" linux
31 32 fi
32 33
33 34 # Copy downloaded kernel sources
34 35 cp -r "${temp_dir}/linux/"* "${R}/usr/src/linux/"
35 36
36 37 # Remove temporary directory for kernel sources
37 38 rm -fr "${temp_dir}"
38 39
39 40 # Set permissions of the kernel sources
40 41 chown -R root:root "${R}/usr/src"
41 42 fi
42 43
43 44 # Calculate optimal number of kernel building threads
44 45 if [ "$KERNEL_THREADS" = "1" ] && [ -r /proc/cpuinfo ] ; then
45 46 KERNEL_THREADS=$(grep -c processor /proc/cpuinfo)
46 47 fi
47 48
48 49 # Configure and build kernel
49 50 if [ "$KERNELSRC_PREBUILT" = false ] ; then
50 51 # Remove device, network and filesystem drivers from kernel configuration
51 52 if [ "$KERNEL_REDUCE" = true ] ; then
52 53 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" "${KERNEL_DEFCONFIG}"
53 54 sed -i\
54 55 -e "s/\(^CONFIG_SND.*\=\).*/\1n/"\
55 56 -e "s/\(^CONFIG_SOUND.*\=\).*/\1n/"\
56 57 -e "s/\(^CONFIG_AC97.*\=\).*/\1n/"\
57 58 -e "s/\(^CONFIG_VIDEO_.*\=\).*/\1n/"\
58 59 -e "s/\(^CONFIG_MEDIA_TUNER.*\=\).*/\1n/"\
59 60 -e "s/\(^CONFIG_DVB.*\=\)[ym]/\1n/"\
60 61 -e "s/\(^CONFIG_REISERFS.*\=\).*/\1n/"\
61 62 -e "s/\(^CONFIG_JFS.*\=\).*/\1n/"\
62 63 -e "s/\(^CONFIG_XFS.*\=\).*/\1n/"\
63 64 -e "s/\(^CONFIG_GFS2.*\=\).*/\1n/"\
64 65 -e "s/\(^CONFIG_OCFS2.*\=\).*/\1n/"\
65 66 -e "s/\(^CONFIG_BTRFS.*\=\).*/\1n/"\
66 67 -e "s/\(^CONFIG_HFS.*\=\).*/\1n/"\
67 68 -e "s/\(^CONFIG_JFFS2.*\=\)[ym]/\1n/"\
68 69 -e "s/\(^CONFIG_UBIFS.*\=\).*/\1n/"\
69 70 -e "s/\(^CONFIG_SQUASHFS.*\=\)[ym]/\1n/"\
70 71 -e "s/\(^CONFIG_W1.*\=\)[ym]/\1n/"\
71 72 -e "s/\(^CONFIG_HAMRADIO.*\=\).*/\1n/"\
72 73 -e "s/\(^CONFIG_CAN.*\=\).*/\1n/"\
73 74 -e "s/\(^CONFIG_IRDA.*\=\).*/\1n/"\
74 75 -e "s/\(^CONFIG_BT_.*\=\).*/\1n/"\
75 76 -e "s/\(^CONFIG_WIMAX.*\=\)[ym]/\1n/"\
76 77 -e "s/\(^CONFIG_6LOWPAN.*\=\).*/\1n/"\
77 78 -e "s/\(^CONFIG_IEEE802154.*\=\).*/\1n/"\
78 79 -e "s/\(^CONFIG_NFC.*\=\).*/\1n/"\
79 80 -e "s/\(^CONFIG_FB_TFT=.*\=\).*/\1n/"\
80 81 -e "s/\(^CONFIG_TOUCHSCREEN.*\=\).*/\1n/"\
81 82 -e "s/\(^CONFIG_USB_GSPCA_.*\=\).*/\1n/"\
82 83 -e "s/\(^CONFIG_DRM.*\=\).*/\1n/"\
83 84 "${KERNEL_DIR}/.config"
84 85 fi
85 86
86 87 if [ "$KERNELSRC_CONFIG" = true ] ; then
87 88 # Load default raspberry kernel configuration
88 89 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" "${KERNEL_DEFCONFIG}"
89 90
90 91 # Set kernel configuration parameters to enable qemu emulation
91 92 if [ "$ENABLE_QEMU" = true ] ; then
92 93 echo "CONFIG_FHANDLE=y" >> "${KERNEL_DIR}"/.config
93 94 echo "CONFIG_LBDAF=y" >> "${KERNEL_DIR}"/.config
94 95
95 96 if [ "$ENABLE_CRYPTFS" = true ] ; then
96 echo "CONFIG_EMBEDDED=y" >> "${KERNEL_DIR}"/.config
97 echo "CONFIG_EXPERT=y" >> "${KERNEL_DIR}"/.config
98 echo "CONFIG_DAX=y" >> "${KERNEL_DIR}"/.config
99 echo "CONFIG_MD=y" >> "${KERNEL_DIR}"/.config
100 echo "CONFIG_BLK_DEV_MD=y" >> "${KERNEL_DIR}"/.config
101 echo "CONFIG_MD_AUTODETECT=y" >> "${KERNEL_DIR}"/.config
102 echo "CONFIG_BLK_DEV_DM=y" >> "${KERNEL_DIR}"/.config
103 echo "CONFIG_BLK_DEV_DM_BUILTIN=y" >> "${KERNEL_DIR}"/.config
104 echo "CONFIG_DM_CRYPT=y" >> "${KERNEL_DIR}"/.config
105 echo "CONFIG_CRYPTO_BLKCIPHER=y" >> "${KERNEL_DIR}"/.config
106 echo "CONFIG_CRYPTO_CBC=y" >> "${KERNEL_DIR}"/.config
107 echo "CONFIG_CRYPTO_XTS=y" >> "${KERNEL_DIR}"/.config
108 echo "CONFIG_CRYPTO_SHA512=y" >> "${KERNEL_DIR}"/.config
109 echo "CONFIG_CRYPTO_MANAGER=y" >> "${KERNEL_DIR}"/.config
97 {
98 echo "CONFIG_EMBEDDED=y"
99 echo "CONFIG_EXPERT=y"
100 echo "CONFIG_DAX=y"
101 echo "CONFIG_MD=y"
102 echo "CONFIG_BLK_DEV_MD=y"
103 echo "CONFIG_MD_AUTODETECT=y"
104 echo "CONFIG_BLK_DEV_DM=y"
105 echo "CONFIG_BLK_DEV_DM_BUILTIN=y"
106 echo "CONFIG_DM_CRYPT=y"
107 echo "CONFIG_CRYPTO_BLKCIPHER=y"
108 echo "CONFIG_CRYPTO_CBC=y"
109 echo "CONFIG_CRYPTO_XTS=y"
110 echo "CONFIG_CRYPTO_SHA512=y"
111 echo "CONFIG_CRYPTO_MANAGER=y"
112 } >> "${KERNEL_DIR}"/.config
110 113 fi
111 114 fi
112 115
113 116 # Copy custom kernel configuration file
114 117 if [ -n "$KERNELSRC_USRCONFIG" ] ; then
115 118 cp "$KERNELSRC_USRCONFIG" "${KERNEL_DIR}"/.config
116 119 fi
117 120
118 121 # Set kernel configuration parameters to their default values
119 122 if [ "$KERNEL_OLDDEFCONFIG" = true ] ; then
120 123 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" olddefconfig
121 124 fi
122 125
123 126 # Start menu-driven kernel configuration (interactive)
124 127 if [ "$KERNEL_MENUCONFIG" = true ] ; then
125 128 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" menuconfig
126 129 fi
127 130 fi
128 131
129 132 # Use ccache to cross compile the kernel
130 133 if [ "$KERNEL_CCACHE" = true ] ; then
131 134 cc="ccache ${CROSS_COMPILE}gcc"
132 135 else
133 136 cc="${CROSS_COMPILE}gcc"
134 137 fi
135 138
136 139 # Cross compile kernel and dtbs
137 140 make -C "${KERNEL_DIR}" -j"${KERNEL_THREADS}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" CC="${cc}" "${KERNEL_BIN_IMAGE}" dtbs
138 141
139 142 # Cross compile kernel modules
140 143 if [ "$(grep "CONFIG_MODULES=y" "${KERNEL_DIR}/.config")" ] ; then
141 144 make -C "${KERNEL_DIR}" -j"${KERNEL_THREADS}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" CC="${cc}" modules
142 145 fi
143 146 fi
144 147
145 148 # Check if kernel compilation was successful
146 149 if [ ! -r "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/${KERNEL_BIN_IMAGE}" ] ; then
147 150 echo "error: kernel compilation failed! (kernel image not found)"
148 151 cleanup
149 152 exit 1
150 153 fi
151 154
152 155 # Install kernel modules
153 156 if [ "$ENABLE_REDUCE" = true ] ; then
154 157 if [ "$(grep "CONFIG_MODULES=y" "${KERNEL_DIR}/.config")" ] ; then
155 158 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_MOD_STRIP=1 INSTALL_MOD_PATH=../../.. modules_install
156 159 fi
157 160 else
158 161 if [ "$(grep "CONFIG_MODULES=y" "${KERNEL_DIR}/.config")" ] ; then
159 162 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_MOD_PATH=../../.. modules_install
160 163 fi
161 164
162 165 # Install kernel firmware
163 166 if [ "$(grep "^firmware_install:" "${KERNEL_DIR}/Makefile")" ] ; then
164 167 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_FW_PATH=../../../lib firmware_install
165 168 fi
166 169 fi
167 170
168 171 # Install kernel headers
169 172 if [ "$KERNEL_HEADERS" = true ] && [ "$KERNEL_REDUCE" = false ] ; then
170 173 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_HDR_PATH=../.. headers_install
171 174 fi
172 175
173 176 # Prepare boot (firmware) directory
174 177 mkdir "${BOOT_DIR}"
175 178
176 179 # Get kernel release version
177 180 KERNEL_VERSION=$(cat "${KERNEL_DIR}/include/config/kernel.release")
178 181
179 182 # Copy kernel configuration file to the boot directory
180 183 install_readonly "${KERNEL_DIR}/.config" "${R}/boot/config-${KERNEL_VERSION}"
181 184
182 185 # Prepare device tree directory
183 186 mkdir "${BOOT_DIR}/overlays"
184 187
185 188 # Ensure the proper .dtb is located
186 189 if [ "$KERNEL_ARCH" = "arm" ] ; then
187 190 for dtb in "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/"*.dtb ; do
188 191 if [ -f "${dtb}" ] ; then
189 192 install_readonly "${dtb}" "${BOOT_DIR}/"
190 193 fi
191 194 done
192 195 else
193 196 for dtb in "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/broadcom/"*.dtb ; do
194 197 if [ -f "${dtb}" ] ; then
195 198 install_readonly "${dtb}" "${BOOT_DIR}/"
196 199 fi
197 200 done
198 201 fi
199 202
200 203 # Copy compiled dtb device tree files
201 204 if [ -d "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays" ] ; then
202 205 for dtb in "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays/"*.dtb ; do
203 206 if [ -f "${dtb}" ] ; then
204 207 install_readonly "${dtb}" "${BOOT_DIR}/overlays/"
205 208 fi
206 209 done
207 210
208 211 if [ -f "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays/README" ] ; then
209 212 install_readonly "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays/README" "${BOOT_DIR}/overlays/README"
210 213 fi
211 214 fi
212 215
213 216 if [ "$ENABLE_UBOOT" = false ] ; then
214 217 # Convert and copy kernel image to the boot directory
215 218 "${KERNEL_DIR}/scripts/mkknlimg" "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/${KERNEL_BIN_IMAGE}" "${BOOT_DIR}/${KERNEL_IMAGE}"
216 219 else
217 220 # Copy kernel image to the boot directory
218 221 install_readonly "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/${KERNEL_BIN_IMAGE}" "${BOOT_DIR}/${KERNEL_IMAGE}"
219 222 fi
220 223
221 224 # Remove kernel sources
222 225 if [ "$KERNEL_REMOVESRC" = true ] ; then
223 226 rm -fr "${KERNEL_DIR}"
224 227 else
225 228 # Prepare compiled kernel modules
226 229 if [ "$(grep "CONFIG_MODULES=y" "${KERNEL_DIR}/.config")" ] ; then
227 230 if [ "$(grep "^modules_prepare:" "${KERNEL_DIR}/Makefile")" ] ; then
228 231 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" modules_prepare
229 232 fi
230 233
231 234 # Create symlinks for kernel modules
232 235 chroot_exec ln -sf /usr/src/linux "/lib/modules/${KERNEL_VERSION}/build"
233 236 chroot_exec ln -sf /usr/src/linux "/lib/modules/${KERNEL_VERSION}/source"
234 237 fi
235 238 fi
236 239 elif [ "$BUILD_KERNEL" = false ] ; then
237 240 echo " Install precompiled kernel..."
238 241 echo "error: not implemented"
239 242 # Check if kernel installation was successful
240 243 VMLINUZ="$(ls -1 "${R}"/boot/vmlinuz-* | sort | tail -n 1)"
241 244 if [ -z "$VMLINUZ" ] ; then
242 245 echo "error: kernel installation failed! (/boot/vmlinuz-* not found)"
243 246 cleanup
244 247 exit 1
245 248 fi
246 249 # Copy vmlinuz kernel to the boot directory
247 250 install_readonly "${VMLINUZ}" "${BOOT_DIR}/${KERNEL_IMAGE}"
248 251
249 252 if [ "$SET_ARCH" = 64 ] ; then
250 253 echo "Using precompiled arm64 kernel"
251 254 else
252 255 echo "error: no precompiled arm64 (bcmrpi3) kernel found"
253 256 exit 1
254 257 # inset precompiled 64 bit kernel code here
255 258 fi
256 259 #fi build_kernel=true
257 260 fi
Show file before | Show file after | Hide comments
@@ -1,59 +1,61
1 #!/bin/bash
1 2 #
2 3 # Setup fstab and initramfs
3 4 #
4 5
5 6 # Load utility functions
6 7 . ./functions.sh
7 8
8 9 # Install and setup fstab
9 10 install_readonly files/mount/fstab "${ETC_DIR}/fstab"
10 11
11 12 # Add usb/sda disk root partition to fstab
12 13 if [ "$ENABLE_SPLITFS" = true ] && [ "$ENABLE_CRYPTFS" = false ] ; then
13 14 sed -i "s/mmcblk0p2/sda1/" "${ETC_DIR}/fstab"
14 15 fi
15 16
16 17 # Add encrypted root partition to fstab and crypttab
17 18 if [ "$ENABLE_CRYPTFS" = true ] ; then
18 19 # Replace fstab root partition with encrypted partition mapping
19 20 sed -i "s/mmcblk0p2/mapper\/${CRYPTFS_MAPPING}/" "${ETC_DIR}/fstab"
20 21
21 22 # Add encrypted partition to crypttab and fstab
22 23 install_readonly files/mount/crypttab "${ETC_DIR}/crypttab"
23 24 echo "${CRYPTFS_MAPPING} /dev/mmcblk0p2 none luks,initramfs" >> "${ETC_DIR}/crypttab"
24 25
25 26 if [ "$ENABLE_SPLITFS" = true ] ; then
26 27 # Add usb/sda disk to crypttab
27 28 sed -i "s/mmcblk0p2/sda1/" "${ETC_DIR}/crypttab"
28 29 fi
29 30 fi
30 31
31 32 # Generate initramfs file
32 33 if [ "$BUILD_KERNEL" = true ] && [ "$ENABLE_INITRAMFS" = true ] ; then
33 34 if [ "$ENABLE_CRYPTFS" = true ] ; then
34 35 # Include initramfs scripts to auto expand encrypted root partition
35 36 if [ "$EXPANDROOT" = true ] ; then
36 37 install_exec files/initramfs/expand_encrypted_rootfs "${ETC_DIR}/initramfs-tools/scripts/init-premount/expand_encrypted_rootfs"
37 38 install_exec files/initramfs/expand-premount "${ETC_DIR}/initramfs-tools/scripts/local-premount/expand-premount"
38 39 install_exec files/initramfs/expand-tools "${ETC_DIR}/initramfs-tools/hooks/expand-tools"
39 40 fi
40 41
41 42 # Disable SSHD inside initramfs
42 43 printf "#\n# DROPBEAR: [ y | n ]\n#\n\nDROPBEAR=n\n" >> "${ETC_DIR}/initramfs-tools/initramfs.conf"
43 44
44 45 # Add cryptsetup modules to initramfs
45 46 printf "#\n# CRYPTSETUP: [ y | n ]\n#\n\nCRYPTSETUP=y\n" >> "${ETC_DIR}/initramfs-tools/conf-hook"
46 47
47 48 # Dummy mapping required by mkinitramfs
48 echo "0 1 crypt $(echo ${CRYPTFS_CIPHER} | cut -d ':' -f 1) ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff 0 7:0 4096" | chroot_exec dmsetup create "${CRYPTFS_MAPPING}"
49 echo "0 1 crypt $(echo "${CRYPTFS_CIPHER}" | cut -d ':' -f 1) ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff 0 7:0 4096" | chroot_exec dmsetup create "${CRYPTFS_MAPPING}"
49 50
50 51 # Generate initramfs with encrypted root partition support
51 52 chroot_exec mkinitramfs -o "/boot/firmware/initramfs-${KERNEL_VERSION}" "${KERNEL_VERSION}"
52 53
53 54 # Remove dummy mapping
54 55 chroot_exec cryptsetup close "${CRYPTFS_MAPPING}"
55 56 else
56 57 # Generate initramfs without encrypted root partition support
57 58 chroot_exec mkinitramfs -o "/boot/firmware/initramfs-${KERNEL_VERSION}" "${KERNEL_VERSION}"
58 59 fi
59 60 fi
61
Show file before | Show file after | Hide comments
@@ -1,151 +1,153
1 #!/bin/bash
1 2 #
2 3 # Setup RPi2/3 config and cmdline
3 4 #
4 5
5 6 # Load utility functions
6 7 . ./functions.sh
7 8
8 9 if [ "$BUILD_KERNEL" = true ] ; then
9 10 if [ -n "$RPI_FIRMWARE_DIR" ] && [ -d "$RPI_FIRMWARE_DIR" ] ; then
10 11 # Install boot binaries from local directory
11 cp ${RPI_FIRMWARE_DIR}/boot/bootcode.bin ${BOOT_DIR}/bootcode.bin
12 cp ${RPI_FIRMWARE_DIR}/boot/fixup.dat ${BOOT_DIR}/fixup.dat
13 cp ${RPI_FIRMWARE_DIR}/boot/fixup_cd.dat ${BOOT_DIR}/fixup_cd.dat
14 cp ${RPI_FIRMWARE_DIR}/boot/fixup_x.dat ${BOOT_DIR}/fixup_x.dat
15 cp ${RPI_FIRMWARE_DIR}/boot/start.elf ${BOOT_DIR}/start.elf
16 cp ${RPI_FIRMWARE_DIR}/boot/start_cd.elf ${BOOT_DIR}/start_cd.elf
17 cp ${RPI_FIRMWARE_DIR}/boot/start_x.elf ${BOOT_DIR}/start_x.elf
12 cp "${RPI_FIRMWARE_DIR}"/boot/bootcode.bin "${BOOT_DIR}"/bootcode.bin
13 cp "${RPI_FIRMWARE_DIR}"/boot/fixup.dat "${BOOT_DIR}"/fixup.dat
14 cp "${RPI_FIRMWARE_DIR}"/boot/fixup_cd.dat "${BOOT_DIR}"/fixup_cd.dat
15 cp "${RPI_FIRMWARE_DIR}"/boot/fixup_x.dat "${BOOT_DIR}"/fixup_x.dat
16 cp "${RPI_FIRMWARE_DIR}"/boot/start.elf "${BOOT_DIR}"/start.elf
17 cp "${RPI_FIRMWARE_DIR}"/boot/start_cd.elf "${BOOT_DIR}"/start_cd.elf
18 cp "${RPI_FIRMWARE_DIR}"/boot/start_x.elf "${BOOT_DIR}"/start_x.elf
18 19 else
19 20 # Create temporary directory for boot binaries
20 21 temp_dir=$(as_nobody mktemp -d)
21 22
22 23 # Install latest boot binaries from raspberry/firmware github
23 24 as_nobody wget -q -O "${temp_dir}/bootcode.bin" "${FIRMWARE_URL}/bootcode.bin"
24 25 as_nobody wget -q -O "${temp_dir}/fixup.dat" "${FIRMWARE_URL}/fixup.dat"
25 26 as_nobody wget -q -O "${temp_dir}/fixup_cd.dat" "${FIRMWARE_URL}/fixup_cd.dat"
26 27 as_nobody wget -q -O "${temp_dir}/fixup_x.dat" "${FIRMWARE_URL}/fixup_x.dat"
27 28 as_nobody wget -q -O "${temp_dir}/start.elf" "${FIRMWARE_URL}/start.elf"
28 29 as_nobody wget -q -O "${temp_dir}/start_cd.elf" "${FIRMWARE_URL}/start_cd.elf"
29 30 as_nobody wget -q -O "${temp_dir}/start_x.elf" "${FIRMWARE_URL}/start_x.elf"
30 31
31 32 # Move downloaded boot binaries
32 33 mv "${temp_dir}/"* "${BOOT_DIR}/"
33 34
34 35 # Remove temporary directory for boot binaries
35 36 rm -fr "${temp_dir}"
36 37
37 38 # Set permissions of the boot binaries
38 39 chown -R root:root "${BOOT_DIR}"
39 40 chmod -R 600 "${BOOT_DIR}"
40 41 fi
41 42 fi
42 43
43 44 # Setup firmware boot cmdline
44 45 if [ "$ENABLE_SPLITFS" = true ] ; then
45 46 CMDLINE="dwc_otg.lpm_enable=0 root=/dev/sda1 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline rootwait console=tty1"
46 47 else
47 48 CMDLINE="dwc_otg.lpm_enable=0 root=/dev/mmcblk0p2 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline rootwait console=tty1"
48 49 fi
49 50
50 51 # Add encrypted root partition to cmdline.txt
51 52 if [ "$ENABLE_CRYPTFS" = true ] ; then
52 53 if [ "$ENABLE_SPLITFS" = true ] ; then
53 CMDLINE=$(echo ${CMDLINE} | sed "s/sda1/mapper\/${CRYPTFS_MAPPING} cryptdevice=\/dev\/sda1:${CRYPTFS_MAPPING}/")
54 CMDLINE=$(echo "${CMDLINE}" | sed "s/sda1/mapper\/${CRYPTFS_MAPPING} cryptdevice=\/dev\/sda1:${CRYPTFS_MAPPING}/")
54 55 else
55 CMDLINE=$(echo ${CMDLINE} | sed "s/mmcblk0p2/mapper\/${CRYPTFS_MAPPING} cryptdevice=\/dev\/mmcblk0p2:${CRYPTFS_MAPPING}/")
56 CMDLINE=$(echo "${CMDLINE}" | sed "s/mmcblk0p2/mapper\/${CRYPTFS_MAPPING} cryptdevice=\/dev\/mmcblk0p2:${CRYPTFS_MAPPING}/")
56 57 fi
57 58 fi
58 59
59 60 # Add serial console support
60 61 if [ "$ENABLE_CONSOLE" = true ] ; then
61 62 CMDLINE="${CMDLINE} console=ttyAMA0,115200 kgdboc=ttyAMA0,115200"
62 63 fi
63 64
64 65 # Remove IPv6 networking support
65 66 if [ "$ENABLE_IPV6" = false ] ; then
66 67 CMDLINE="${CMDLINE} ipv6.disable=1"
67 68 fi
68 69
69 70 # Automatically assign predictable network interface names
70 71 if [ "$ENABLE_IFNAMES" = false ] ; then
71 72 CMDLINE="${CMDLINE} net.ifnames=0"
72 73 else
73 74 CMDLINE="${CMDLINE} net.ifnames=1"
74 75 fi
75 76
76 77 # Set init to systemd if required by Debian release
77 78 if [ "$RELEASE" = "stretch" ] || [ "$RELEASE" = "buster" ] ; then
78 79 CMDLINE="${CMDLINE} init=/bin/systemd"
79 80 fi
80 81
81 82 # Install firmware boot cmdline
82 83 echo "${CMDLINE}" > "${BOOT_DIR}/cmdline.txt"
83 84
84 85 # Install firmware config
85 86 install_readonly files/boot/config.txt "${BOOT_DIR}/config.txt"
86 87
87 88 # Setup minimal GPU memory allocation size: 16MB (no X)
88 89 if [ "$ENABLE_MINGPU" = true ] ; then
89 90 echo "gpu_mem=16" >> "${BOOT_DIR}/config.txt"
90 91 fi
91 92
92 93 # Setup boot with initramfs
93 94 if [ "$ENABLE_INITRAMFS" = true ] ; then
94 95 echo "initramfs initramfs-${KERNEL_VERSION} followkernel" >> "${BOOT_DIR}/config.txt"
95 96 fi
96 97
97 98 # Disable RPi3 Bluetooth and restore ttyAMA0 serial device
98 99 if [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then
99 100 if [ "$ENABLE_CONSOLE" = true ] && [ "$ENABLE_UBOOT" = false ] ; then
100 101 echo "dtoverlay=pi3-disable-bt" >> "${BOOT_DIR}/config.txt"
101 102 echo "enable_uart=1" >> "${BOOT_DIR}/config.txt"
102 103 fi
103 104 fi
104 105
105 106 # Create firmware configuration and cmdline symlinks
106 107 ln -sf firmware/config.txt "${R}/boot/config.txt"
107 108 ln -sf firmware/cmdline.txt "${R}/boot/cmdline.txt"
108 109
109 110 # Install and setup kernel modules to load at boot
110 111 mkdir -p "${R}/lib/modules-load.d/"
111 112 install_readonly files/modules/rpi2.conf "${R}/lib/modules-load.d/rpi2.conf"
112 113
113 114 # Load hardware random module at boot
114 115 if [ "$ENABLE_HWRANDOM" = true ] && [ "$BUILD_KERNEL" = false ] ; then
115 116 sed -i "s/^# bcm2708_rng/bcm2708_rng/" "${R}/lib/modules-load.d/rpi2.conf"
116 117 fi
117 118
118 119 # Load sound module at boot
119 120 if [ "$ENABLE_SOUND" = true ] ; then
120 121 sed -i "s/^# snd_bcm2835/snd_bcm2835/" "${R}/lib/modules-load.d/rpi2.conf"
121 122 else
122 123 echo "dtparam=audio=off" >> "${BOOT_DIR}/config.txt"
123 124 fi
124 125
125 126 # Enable I2C interface
126 127 if [ "$ENABLE_I2C" = true ] ; then
127 128 echo "dtparam=i2c_arm=on" >> "${BOOT_DIR}/config.txt"
128 129 sed -i "s/^# i2c-bcm2708/i2c-bcm2708/" "${R}/lib/modules-load.d/rpi2.conf"
129 130 sed -i "s/^# i2c-dev/i2c-dev/" "${R}/lib/modules-load.d/rpi2.conf"
130 131 fi
131 132
132 133 # Enable SPI interface
133 134 if [ "$ENABLE_SPI" = true ] ; then
134 135 echo "dtparam=spi=on" >> "${BOOT_DIR}/config.txt"
135 136 echo "spi-bcm2708" >> "${R}/lib/modules-load.d/rpi2.conf"
136 137 if [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ]; then
137 138 sed -i "s/spi-bcm2708/spi-bcm2835/" "${R}/lib/modules-load.d/rpi2.conf"
138 139 fi
139 140 fi
140 141
141 142 # Disable RPi2/3 under-voltage warnings
142 if [ ! -z "$DISABLE_UNDERVOLT_WARNINGS" ] ; then
143 if [ -n "$DISABLE_UNDERVOLT_WARNINGS" ] ; then
143 144 echo "avoid_warnings=${DISABLE_UNDERVOLT_WARNINGS}" >> "${BOOT_DIR}/config.txt"
144 145 fi
145 146
146 147 # Install kernel modules blacklist
147 148 mkdir -p "${ETC_DIR}/modprobe.d/"
148 149 install_readonly files/modules/raspi-blacklist.conf "${ETC_DIR}/modprobe.d/raspi-blacklist.conf"
149 150
150 151 # Install sysctl.d configuration files
151 152 install_readonly files/sysctl.d/81-rpi-vm.conf "${ETC_DIR}/sysctl.d/81-rpi-vm.conf"
153
Show file before | Show file after | Hide comments
@@ -1,134 +1,135
1 #!/bin/bash
1 2 #
2 3 # Setup Networking
3 4 #
4 5
5 6 # Load utility functions
6 7 . ./functions.sh
7 8
8 9 # Install and setup hostname
9 10 install_readonly files/network/hostname "${ETC_DIR}/hostname"
10 11 sed -i "s/^rpi2-jessie/${HOSTNAME}/" "${ETC_DIR}/hostname"
11 12
12 13 # Install and setup hosts
13 14 install_readonly files/network/hosts "${ETC_DIR}/hosts"
14 15 sed -i "s/rpi2-jessie/${HOSTNAME}/" "${ETC_DIR}/hosts"
15 16
16 17 # Setup hostname entry with static IP
17 18 if [ "$NET_ADDRESS" != "" ] ; then
18 19 NET_IP=$(echo "${NET_ADDRESS}" | cut -f 1 -d'/')
19 20 sed -i "s/^127.0.1.1/${NET_IP}/" "${ETC_DIR}/hosts"
20 21 fi
21 22
22 23 # Remove IPv6 hosts
23 24 if [ "$ENABLE_IPV6" = false ] ; then
24 25 sed -i -e "/::[1-9]/d" -e "/^$/d" "${ETC_DIR}/hosts"
25 26 fi
26 27
27 28 # Install hint about network configuration
28 29 install_readonly files/network/interfaces "${ETC_DIR}/network/interfaces"
29 30
30 31 # Install configuration for interface eth0
31 32 install_readonly files/network/eth.network "${ETC_DIR}/systemd/network/eth.network"
32 33
33 34 # Install configuration for interface wl*
34 35 install_readonly files/network/wlan.network "${ETC_DIR}/systemd/network/wlan.network"
35 36
36 37 #always with dhcp since wpa_supplicant integration is missing
37 38 sed -i -e "s/DHCP=.*/DHCP=yes/" -e "/DHCP/q" "${ETC_DIR}/systemd/network/wlan.network"
38 39
39 40 if [ "$ENABLE_DHCP" = true ] ; then
40 41 # Enable DHCP configuration for interface eth0
41 42 sed -i -e "s/DHCP=.*/DHCP=yes/" -e "/DHCP/q" "${ETC_DIR}/systemd/network/eth.network"
42 43
43 44 # Set DHCP configuration to IPv4 only
44 45 if [ "$ENABLE_IPV6" = false ] ; then
45 46 sed -i "s/DHCP=.*/DHCP=v4/" "${ETC_DIR}/systemd/network/eth.network"
46 47 fi
47 48
48 49 else # ENABLE_DHCP=false
49 50 # Set static network configuration for interface eth0
50 51 sed -i\
51 52 -e "s|DHCP=.*|DHCP=no|"\
52 53 -e "s|Address=\$|Address=${NET_ADDRESS}|"\
53 54 -e "s|Gateway=\$|Gateway=${NET_GATEWAY}|"\
54 55 -e "0,/DNS=\$/ s|DNS=\$|DNS=${NET_DNS_1}|"\
55 56 -e "0,/DNS=\$/ s|DNS=\$|DNS=${NET_DNS_2}|"\
56 57 -e "s|Domains=\$|Domains=${NET_DNS_DOMAINS}|"\
57 58 -e "0,/NTP=\$/ s|NTP=\$|NTP=${NET_NTP_1}|"\
58 59 -e "0,/NTP=\$/ s|NTP=\$|NTP=${NET_NTP_2}|"\
59 60 "${ETC_DIR}/systemd/network/eth.network"
60 61 fi
61 62
62 63 # Remove empty settings from network configuration
63 64 sed -i "/.*=\$/d" "${ETC_DIR}/systemd/network/eth.network"
64 65 # Remove empty settings from wlan configuration
65 66 sed -i "/.*=\$/d" "${ETC_DIR}/systemd/network/wlan.network"
66 67
67 68 # Move systemd network configuration if required by Debian release
68 69 if [ "$RELEASE" = "stretch" ] || [ "$RELEASE" = "buster" ] ; then
69 70 mv -v "${ETC_DIR}/systemd/network/eth.network" "${LIB_DIR}/systemd/network/10-eth.network"
70 71 if [ "$ENABLE_WIRELESS" = true ] ; then
71 72 mv -v "${ETC_DIR}/systemd/network/wlan.network" "${LIB_DIR}/systemd/network/11-wlan.network"
72 73 fi
73 74 rm -fr "${ETC_DIR}/systemd/network"
74 75 fi
75 76
76 77 # Enable systemd-networkd service
77 78 chroot_exec systemctl enable systemd-networkd
78 79
79 80 # Install host.conf resolver configuration
80 81 install_readonly files/network/host.conf "${ETC_DIR}/host.conf"
81 82
82 83 # Enable network stack hardening
83 84 if [ "$ENABLE_HARDNET" = true ] ; then
84 85 # Install sysctl.d configuration files
85 86 install_readonly files/sysctl.d/82-rpi-net-hardening.conf "${ETC_DIR}/sysctl.d/82-rpi-net-hardening.conf"
86 87
87 88 # Setup resolver warnings about spoofed addresses
88 89 sed -i "s/^# spoof warn/spoof warn/" "${ETC_DIR}/host.conf"
89 90 fi
90 91
91 92 # Enable time sync
92 if [ "NET_NTP_1" != "" ] ; then
93 if [ "$NET_NTP_1" != "" ] ; then
93 94 chroot_exec systemctl enable systemd-timesyncd.service
94 95 fi
95 96
96 97 # Download the firmware binary blob required to use the RPi3 wireless interface
97 98 if [ "$ENABLE_WIRELESS" = true ] ; then
98 if [ ! -d ${WLAN_FIRMWARE_DIR} ] ; then
99 mkdir -p ${WLAN_FIRMWARE_DIR}
99 if [ ! -d "${WLAN_FIRMWARE_DIR}" ] ; then
100 mkdir -p "${WLAN_FIRMWARE_DIR}"
100 101 fi
101 102
102 103 # Create temporary directory for firmware binary blob
103 104 temp_dir=$(as_nobody mktemp -d)
104 105
105 106 # Fetch firmware binary blob for RPI3B+
106 107 if [ "$RPI_MODEL" = 3P ] ; then
107 108 as_nobody wget -q -O "${temp_dir}/brcmfmac43455-sdio.bin" "${WLAN_FIRMWARE_URL}/brcmfmac43455-sdio.bin"
108 109 as_nobody wget -q -O "${temp_dir}/brcmfmac43455-sdio.txt" "${WLAN_FIRMWARE_URL}/brcmfmac43455-sdio.txt"
109 110 as_nobody wget -q -O "${temp_dir}/brcmfmac43455-sdio.clm_blob" "${WLAN_FIRMWARE_URL}/brcmfmac43455-sdio.clm_blob"
110 111 elif [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 0 ] ; then
111 112 # Fetch firmware binary blob for RPI3
112 113 as_nobody wget -q -O "${temp_dir}/brcmfmac43430-sdio.bin" "${WLAN_FIRMWARE_URL}/brcmfmac43430-sdio.bin"
113 114 as_nobody wget -q -O "${temp_dir}/brcmfmac43430-sdio.txt" "${WLAN_FIRMWARE_URL}/brcmfmac43430-sdio.txt"
114 115 fi
115 116
116 117 # Move downloaded firmware binary blob
117 118 if [ "$RPI_MODEL" = 3P ] ; then
118 119 mv "${temp_dir}/brcmfmac43455-sdio."* "${WLAN_FIRMWARE_DIR}/"
119 120 elif [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 0 ] ; then
120 121 mv "${temp_dir}/brcmfmac43430-sdio."* "${WLAN_FIRMWARE_DIR}/"
121 122 fi
122 123
123 124 # Remove temporary directory for firmware binary blob
124 125 rm -fr "${temp_dir}"
125 126
126 127 # Set permissions of the firmware binary blob
127 128 if [ "$RPI_MODEL" = 3P ] ; then
128 129 chown root:root "${WLAN_FIRMWARE_DIR}/brcmfmac43455-sdio."*
129 130 chmod 600 "${WLAN_FIRMWARE_DIR}/brcmfmac43455-sdio."*
130 131 elif [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 0 ] ; then
131 132 chown root:root "${WLAN_FIRMWARE_DIR}/brcmfmac43430-sdio."*
132 133 chmod 600 "${WLAN_FIRMWARE_DIR}/brcmfmac43430-sdio."*
133 134 fi
134 135 fi
Show file before | Show file after | Hide comments
@@ -1,52 +1,53
1 #!/bin/bash
1 2 #
2 3 # Setup Firewall
3 4 #
4 5
5 6 # Load utility functions
6 7 . ./functions.sh
7 8
8 9 if [ "$ENABLE_IPTABLES" = true ] ; then
9 10 # Create iptables configuration directory
10 11 mkdir -p "${ETC_DIR}/iptables"
11 12
12 13 #In Jessie iptables is old enough
13 14 if ! [ "$RELEASE" = jessie ] ; then
14 15 # make sure iptables-legacy,iptables-legacy-restore and iptables-legacy-save are the used alternatives
15 16 chroot_exec update-alternatives --verbose --set iptables /usr/sbin/iptables-legacy
16 17 #chroot_exec update-alternatives --verbose --set iptables-save /usr/sbin/iptables-legacy-save
17 18 #chroot_exec update-alternatives --verbose --set iptables-restore /usr/sbin/iptables-legacy-restore
18 19 fi
19 20
20 21 # Install iptables systemd service
21 22 install_readonly files/iptables/iptables.service "${ETC_DIR}/systemd/system/iptables.service"
22 23
23 24 # Install flush-table script called by iptables service
24 25 install_exec files/iptables/flush-iptables.sh "${ETC_DIR}/iptables/flush-iptables.sh"
25 26
26 27 # Install iptables rule file
27 28 install_readonly files/iptables/iptables.rules "${ETC_DIR}/iptables/iptables.rules"
28 29
29 30 # Reload systemd configuration and enable iptables service
30 31 chroot_exec systemctl daemon-reload
31 32 chroot_exec systemctl enable iptables.service
32 33
33 34 if [ "$ENABLE_IPV6" = true ] ; then
34 35 # Install ip6tables systemd service
35 36 install_readonly files/iptables/ip6tables.service "${ETC_DIR}/systemd/system/ip6tables.service"
36 37
37 38 # Install ip6tables file
38 39 install_exec files/iptables/flush-ip6tables.sh "${ETC_DIR}/iptables/flush-ip6tables.sh"
39 40
40 41 install_readonly files/iptables/ip6tables.rules "${ETC_DIR}/iptables/ip6tables.rules"
41 42
42 43 # Reload systemd configuration and enable iptables service
43 44 chroot_exec systemctl daemon-reload
44 45 chroot_exec systemctl enable ip6tables.service
45 46 fi
46 47
47 48 if [ "$ENABLE_SSHD" = false ] ; then
48 49 # Remove SSHD related iptables rules
49 50 sed -i "/^#/! {/SSH/ s/^/# /}" "${ETC_DIR}/iptables/iptables.rules" 2> /dev/null
50 51 sed -i "/^#/! {/SSH/ s/^/# /}" "${ETC_DIR}/iptables/ip6tables.rules" 2> /dev/null
51 52 fi
52 53 fi
Show file before | Show file after | Hide comments
@@ -1,29 +1,30
1 #!/bin/bash
1 2 #
2 3 # Setup users and security settings
3 4 #
4 5
5 6 # Load utility functions
6 7 . ./functions.sh
7 8
8 9 # Generate crypt(3) password string
9 ENCRYPTED_PASSWORD=`mkpasswd -m sha-512 "${PASSWORD}"`
10 ENCRYPTED_USER_PASSWORD=`mkpasswd -m sha-512 "${USER_PASSWORD}"`
10 ENCRYPTED_PASSWORD=$(mkpasswd -m sha-512 "${PASSWORD}")
11 ENCRYPTED_USER_PASSWORD=$(mkpasswd -m sha-512 "${USER_PASSWORD}")
11 12
12 13 # Setup default user
13 14 if [ "$ENABLE_USER" = true ] ; then
14 chroot_exec adduser --gecos $USER_NAME --add_extra_groups --disabled-password $USER_NAME
15 chroot_exec usermod -a -G sudo -p "${ENCRYPTED_USER_PASSWORD}" $USER_NAME
15 chroot_exec adduser --gecos "$USER_NAME" --add_extra_groups --disabled-password "$USER_NAME"
16 chroot_exec usermod -a -G sudo -p "${ENCRYPTED_USER_PASSWORD}" "$USER_NAME"
16 17 fi
17 18
18 19 # Setup root password or not
19 20 if [ "$ENABLE_ROOT" = true ] ; then
20 21 chroot_exec usermod -p "${ENCRYPTED_PASSWORD}" root
21 22 else
22 23 # Set no root password to disable root login
23 24 chroot_exec usermod -p \'!\' root
24 25 fi
25 26
26 27 # Enable serial console systemd style
27 28 if [ "$ENABLE_CONSOLE" = true ] ; then
28 29 chroot_exec systemctl enable serial-getty\@ttyAMA0.service
29 30 fi
Show file before | Show file after | Hide comments
@@ -1,116 +1,117
1 #!/bin/bash
1 2 #
2 3 # Setup SSH settings and public keys
3 4 #
4 5
5 6 # Load utility functions
6 7 . ./functions.sh
7 8
8 9 if [ "$ENABLE_SSHD" = true ] ; then
9 10 DROPBEAR_ARGS=""
10 11
11 12 if [ "$SSH_ENABLE_ROOT" = false ] ; then
12 13 if [ "$ENABLE_REDUCE" = false ] || [ "$REDUCE_SSHD" = false ] ; then
13 14 # User root is not allowed to log in
14 15 sed -i "s|[#]*PermitRootLogin.*|PermitRootLogin no|g" "${ETC_DIR}/ssh/sshd_config"
15 16 else
16 17 # User root is not allowed to log in
17 18 DROPBEAR_ARGS="-w"
18 19 fi
19 20 fi
20 21
21 22 if [ "$ENABLE_ROOT" = true ] && [ "$SSH_ENABLE_ROOT" = true ] ; then
22 23 if [ "$ENABLE_REDUCE" = false ] || [ "$REDUCE_SSHD" = false ] ; then
23 24 # Permit SSH root login
24 25 sed -i "s|[#]*PermitRootLogin.*|PermitRootLogin yes|g" "${ETC_DIR}/ssh/sshd_config"
25 26 else
26 27 # Permit SSH root login
27 28 DROPBEAR_ARGS=""
28 29 fi
29 30
30 31 # Add SSH (v2) public key for user root
31 if [ ! -z "$SSH_ROOT_PUB_KEY" ] ; then
32 if [ -n "$SSH_ROOT_PUB_KEY" ] ; then
32 33 # Create root SSH config directory
33 34 mkdir -p "${R}/root/.ssh"
34 35
35 36 # Set permissions of root SSH config directory
36 37 chroot_exec chmod 700 "/root/.ssh"
37 38 chroot_exec chown root:root "/root/.ssh"
38 39
39 40 # Add SSH (v2) public key(s) to authorized_keys file
40 41 cat "$SSH_ROOT_PUB_KEY" >> "${R}/root/.ssh/authorized_keys"
41 42
42 43 # Set permissions of root SSH authorized_keys file
43 44 chroot_exec chmod 600 "/root/.ssh/authorized_keys"
44 45 chroot_exec chown root:root "/root/.ssh/authorized_keys"
45 46
46 47 if [ "$ENABLE_REDUCE" = false ] || [ "$REDUCE_SSHD" = false ] ; then
47 48 # Allow SSH public key authentication
48 49 sed -i "s|[#]*PubkeyAuthentication.*|PubkeyAuthentication yes|g" "${ETC_DIR}/ssh/sshd_config"
49 50 fi
50 51 fi
51 52 fi
52 53
53 54 if [ "$ENABLE_USER" = true ] ; then
54 55 # Add SSH (v2) public key for user $USER_NAME
55 if [ ! -z "$SSH_USER_PUB_KEY" ] ; then
56 if [ -n "$SSH_USER_PUB_KEY" ] ; then
56 57 # Create $USER_NAME SSH config directory
57 58 mkdir -p "${R}/home/${USER_NAME}/.ssh"
58 59
59 60 # Set permissions of $USER_NAME SSH config directory
60 61 chroot_exec chmod 700 "/home/${USER_NAME}/.ssh"
61 chroot_exec chown ${USER_NAME}:${USER_NAME} "/home/${USER_NAME}/.ssh"
62 chroot_exec chown "${USER_NAME}":"${USER_NAME}" "/home/${USER_NAME}/.ssh"
62 63
63 64 # Add SSH (v2) public key(s) to authorized_keys file
64 65 cat "$SSH_USER_PUB_KEY" >> "${R}/home/${USER_NAME}/.ssh/authorized_keys"
65 66
66 67 # Set permissions of $USER_NAME SSH config directory
67 68 chroot_exec chmod 600 "/home/${USER_NAME}/.ssh/authorized_keys"
68 chroot_exec chown ${USER_NAME}:${USER_NAME} "/home/${USER_NAME}/.ssh/authorized_keys"
69 chroot_exec chown "${USER_NAME}":"${USER_NAME}" "/home/${USER_NAME}/.ssh/authorized_keys"
69 70
70 71 if [ "$ENABLE_REDUCE" = false ] || [ "$REDUCE_SSHD" = false ] ; then
71 72 # Allow SSH public key authentication
72 73 sed -i "s|[#]*PubkeyAuthentication.*|PubkeyAuthentication yes|g" "${ETC_DIR}/ssh/sshd_config"
73 74 fi
74 75 fi
75 76 fi
76 77
77 78 # Limit the users that are allowed to login via SSH
78 79 if [ "$SSH_LIMIT_USERS" = true ] && [ "$ENABLE_REDUCE" = false ] ; then
79 80 allowed_users=""
80 81 if [ "$ENABLE_ROOT" = true ] && [ "$SSH_ENABLE_ROOT" = true ] ; then
81 82 allowed_users="root"
82 83 fi
83 84
84 85 if [ "$ENABLE_USER" = true ] ; then
85 86 allowed_users="${allowed_users} ${USER_NAME}"
86 87 fi
87 88
88 if [ ! -z "$allowed_users" ] ; then
89 if [ -n "$allowed_users" ] ; then
89 90 echo "AllowUsers ${allowed_users}" >> "${ETC_DIR}/ssh/sshd_config"
90 91 fi
91 92 fi
92 93
93 94 # Disable password-based authentication
94 95 if [ "$SSH_DISABLE_PASSWORD_AUTH" = true ] ; then
95 96 if [ "$ENABLE_ROOT" = true ] && [ "$SSH_ENABLE_ROOT" = true ] ; then
96 97 if [ "$ENABLE_REDUCE" = false ] || [ "$REDUCE_SSHD" = false ] ; then
97 98 sed -i "s|[#]*PermitRootLogin.*|PermitRootLogin without-password|g" "${ETC_DIR}/ssh/sshd_config"
98 99 else
99 100 DROPBEAR_ARGS="-g"
100 101 fi
101 102 fi
102 103
103 104 if [ "$ENABLE_REDUCE" = false ] || [ "$REDUCE_SSHD" = false ] ; then
104 105 sed -i "s|[#]*PasswordAuthentication.*|PasswordAuthentication no|g" "${ETC_DIR}/ssh/sshd_config"
105 106 sed -i "s|[#]*ChallengeResponseAuthentication no.*|ChallengeResponseAuthentication no|g" "${ETC_DIR}/ssh/sshd_config"
106 107 sed -i "s|[#]*UsePAM.*|UsePAM no|g" "${ETC_DIR}/ssh/sshd_config"
107 108 else
108 109 DROPBEAR_ARGS="${DROPBEAR_ARGS} -s"
109 110 fi
110 111 fi
111 112
112 113 # Update dropbear SSH configuration
113 114 if [ "$ENABLE_REDUCE" = true ] && [ "$REDUCE_SSHD" = true ] ; then
114 115 sed "s|^DROPBEAR_EXTRA_ARGS=.*|DROPBEAR_EXTRA_ARGS=\"${DROPBEAR_ARGS}\"|g" "${ETC_DIR}/default/dropbear"
115 116 fi
116 117 fi
Show file before | Show file after | Hide comments
@@ -1,88 +1,90
1 #!/bin/bash
1 2 #
2 3 # Build and Setup U-Boot
3 4 #
4 5
5 6 # Load utility functions
6 7 . ./functions.sh
7 8
8 9 # Fetch and build U-Boot bootloader
9 10 if [ "$ENABLE_UBOOT" = true ] ; then
10 11 # Install c/c++ build environment inside the chroot
11 12 chroot_install_cc
12 13
13 14 # Copy existing U-Boot sources into chroot directory
14 15 if [ -n "$UBOOTSRC_DIR" ] && [ -d "$UBOOTSRC_DIR" ] ; then
15 16 # Copy local U-Boot sources
16 17 cp -r "${UBOOTSRC_DIR}" "${R}/tmp"
17 18 else
18 19 # Create temporary directory for U-Boot sources
19 20 temp_dir=$(as_nobody mktemp -d)
20 21
21 22 # Fetch U-Boot sources
22 23 as_nobody git -C "${temp_dir}" clone "${UBOOT_URL}"
23 24
24 25 # Copy downloaded U-Boot sources
25 26 mv "${temp_dir}/u-boot" "${R}/tmp/"
26 27
27 28 # Set permissions of the U-Boot sources
28 29 chown -R root:root "${R}/tmp/u-boot"
29 30
30 31 # Remove temporary directory for U-Boot sources
31 32 rm -fr "${temp_dir}"
32 33 fi
33 34
34 35 # Build and install U-Boot inside chroot
35 chroot_exec make -j${KERNEL_THREADS} -C /tmp/u-boot/ ${UBOOT_CONFIG} all
36 chroot_exec make -j"${KERNEL_THREADS}" -C /tmp/u-boot/ "${UBOOT_CONFIG}" all
36 37
37 38 # Copy compiled bootloader binary and set config.txt to load it
38 39 install_exec "${R}/tmp/u-boot/tools/mkimage" "${R}/usr/sbin/mkimage"
39 40 install_readonly "${R}/tmp/u-boot/u-boot.bin" "${BOOT_DIR}/u-boot.bin"
40 41 printf "\n# boot u-boot kernel\nkernel=u-boot.bin\n" >> "${BOOT_DIR}/config.txt"
41 42
42 43 # Install and setup U-Boot command file
43 44 install_readonly files/boot/uboot.mkimage "${BOOT_DIR}/uboot.mkimage"
44 printf "# Set the kernel boot command line\nsetenv bootargs \"earlyprintk ${CMDLINE}\"\n\n$(cat ${BOOT_DIR}/uboot.mkimage)" > "${BOOT_DIR}/uboot.mkimage"
45 printf "# Set the kernel boot command line\nsetenv bootargs \"earlyprintk ${CMDLINE}\"\n\n$(cat "${BOOT_DIR}"/uboot.mkimage)" > "${BOOT_DIR}/uboot.mkimage"
45 46
46 47 if [ "$ENABLE_INITRAMFS" = true ] ; then
47 48 # Convert generated initramfs for U-Boot using mkimage
48 49 chroot_exec /usr/sbin/mkimage -A "${KERNEL_ARCH}" -T ramdisk -C none -n "initramfs-${KERNEL_VERSION}" -d "/boot/firmware/initramfs-${KERNEL_VERSION}" "/boot/firmware/initramfs-${KERNEL_VERSION}.uboot"
49 50
50 51 # Remove original initramfs file
51 52 rm -f "${BOOT_DIR}/initramfs-${KERNEL_VERSION}"
52 53
53 54 # Configure U-Boot to load generated initramfs
54 printf "# Set initramfs file\nsetenv initramfs initramfs-${KERNEL_VERSION}.uboot\n\n$(cat ${BOOT_DIR}/uboot.mkimage)" > "${BOOT_DIR}/uboot.mkimage"
55 printf "# Set initramfs file\nsetenv initramfs initramfs-${KERNEL_VERSION}.uboot\n\n$(cat "${BOOT_DIR}"/uboot.mkimage)" > "${BOOT_DIR}/uboot.mkimage"
55 56 printf "\nbootz \${kernel_addr_r} \${ramdisk_addr_r} \${fdt_addr_r}" >> "${BOOT_DIR}/uboot.mkimage"
56 57 else # ENABLE_INITRAMFS=false
57 58 # Remove initramfs from U-Boot mkfile
58 59 sed -i '/.*initramfs.*/d' "${BOOT_DIR}/uboot.mkimage"
59 60
60 61 if [ "$BUILD_KERNEL" = false ] ; then
61 62 # Remove dtbfile from U-Boot mkfile
62 63 sed -i '/.*dtbfile.*/d' "${BOOT_DIR}/uboot.mkimage"
63 64 printf "\nbootz \${kernel_addr_r}" >> "${BOOT_DIR}/uboot.mkimage"
64 65 else
65 66 printf "\nbootz \${kernel_addr_r} - \${fdt_addr_r}" >> "${BOOT_DIR}/uboot.mkimage"
66 67 fi
67 68 fi
68 69
69 70 # Set mkfile to use the correct dtb file
70 71 sed -i "s/^\(setenv dtbfile \).*/\1${DTB_FILE}/" "${BOOT_DIR}/uboot.mkimage"
71 72
72 73 # Set mkfile to use the correct mach id
73 74 if [ "$ENABLE_QEMU" = true ] ; then
74 75 sed -i "s/^\(setenv machid \).*/\10x000008e0/" "${BOOT_DIR}/uboot.mkimage"
75 76 fi
76 77
77 78 # Set mkfile to use kernel image
78 79 sed -i "s/^\(fatload mmc 0:1 \${kernel_addr_r} \).*/\1${KERNEL_IMAGE}/" "${BOOT_DIR}/uboot.mkimage"
79 80
80 81 # Remove all leading blank lines
81 82 sed -i "/./,\$!d" "${BOOT_DIR}/uboot.mkimage"
82 83
83 84 # Generate U-Boot bootloader image
84 85 chroot_exec /usr/sbin/mkimage -A "${KERNEL_ARCH}" -O linux -T script -C none -a 0x00000000 -e 0x00000000 -n "RPi${RPI_MODEL}" -d /boot/firmware/uboot.mkimage /boot/firmware/boot.scr
85 86
86 87 # Remove U-Boot sources
87 88 rm -fr "${R}/tmp/u-boot"
88 89 fi
90
Show file before | Show file after | Hide comments
@@ -1,51 +1,52
1 #!/bin/bash
1 2 #
2 3 # Build and Setup fbturbo Xorg driver
3 4 #
4 5
5 6 # Load utility functions
6 7 . ./functions.sh
7 8
8 9 if [ "$ENABLE_FBTURBO" = true ] ; then
9 10 # Install c/c++ build environment inside the chroot
10 11 chroot_install_cc
11 12
12 13 # Copy existing fbturbo sources into chroot directory
13 14 if [ -n "$FBTURBOSRC_DIR" ] && [ -d "$FBTURBOSRC_DIR" ] ; then
14 15 # Copy local fbturbo sources
15 16 cp -r "${FBTURBOSRC_DIR}" "${R}/tmp"
16 17 else
17 18 # Create temporary directory for fbturbo sources
18 19 temp_dir=$(as_nobody mktemp -d)
19 20
20 21 # Fetch fbturbo sources
21 22 as_nobody git -C "${temp_dir}" clone "${FBTURBO_URL}"
22 23
23 24 # Move downloaded fbturbo sources
24 25 mv "${temp_dir}/xf86-video-fbturbo" "${R}/tmp/"
25 26
26 27 # Remove temporary directory for fbturbo sources
27 28 rm -fr "${temp_dir}"
28 29 fi
29 30
30 31 # Install Xorg build dependencies
31 32 if [ "$RELEASE" = "jessie" ] ; then
32 33 chroot_exec apt-get -q -y --no-install-recommends install xorg-dev xutils-dev x11proto-dri2-dev libltdl-dev libtool automake libdrm-dev
33 34 elif [ "$RELEASE" = "stretch" ] || [ "$RELEASE" = "buster" ] ; then
34 35 chroot_exec apt-get -q -y --no-install-recommends --allow-unauthenticated install xorg-dev xutils-dev x11proto-dri2-dev libltdl-dev libtool automake libdrm-dev
35 36 fi
36 37
37 38 # Build and install fbturbo driver inside chroot
38 39 chroot_exec /bin/bash -x <<'EOF'
39 40 cd /tmp/xf86-video-fbturbo
40 41 autoreconf -vi
41 42 ./configure --prefix=/usr
42 43 make
43 44 make install
44 45 EOF
45 46
46 47 # Install fbturbo driver Xorg configuration
47 48 install_readonly files/xorg/99-fbturbo.conf "${R}/usr/share/X11/xorg.conf.d/99-fbturbo.conf"
48 49
49 50 # Remove Xorg build dependencies
50 51 chroot_exec apt-get -qq -y --auto-remove purge xorg-dev xutils-dev x11proto-dri2-dev libltdl-dev libtool automake libdrm-dev
51 52 fi
Show file before | Show file after | Hide comments
@@ -1,49 +1,50
1 #!/bin/bash
1 2 #
2 3 # First boot actions
3 4 #
4 5
5 6 # Load utility functions
6 7 . ./functions.sh
7 8
8 9 # Prepare rc.firstboot script
9 10 cat files/firstboot/10-begin.sh > "${ETC_DIR}/rc.firstboot"
10 11
11 12 # Ensure openssh server host keys are regenerated on first boot
12 13 if [ "$ENABLE_SSHD" = true ] ; then
13 14 cat files/firstboot/21-generate-ssh-keys.sh >> "${ETC_DIR}/rc.firstboot"
14 15 fi
15 16
16 17 # Prepare filesystem auto expand
17 18 if [ "$EXPANDROOT" = true ] ; then
18 19 if [ "$ENABLE_CRYPTFS" = false ] ; then
19 20 cat files/firstboot/22-expandroot.sh >> "${ETC_DIR}/rc.firstboot"
20 21 else
21 22 # Regenerate initramfs to remove encrypted root partition auto expand
22 23 cat files/firstboot/23-regenerate-initramfs.sh >> "${ETC_DIR}/rc.firstboot"
23 24 fi
24 25 fi
25 26
26 27 # Ensure that dbus machine-id exists
27 28 cat files/firstboot/24-generate-machineid.sh >> "${ETC_DIR}/rc.firstboot"
28 29
29 30 # Create /etc/resolv.conf symlink
30 31 cat files/firstboot/25-create-resolv-symlink.sh >> "${ETC_DIR}/rc.firstboot"
31 32
32 33 # Configure automatic network interface names
33 34 if [ "$ENABLE_IFNAMES" = true ] ; then
34 35 cat files/firstboot/26-config-ifnames.sh >> "${ETC_DIR}/rc.firstboot"
35 36 fi
36 37
37 38 # Finalize rc.firstboot script
38 39 cat files/firstboot/99-finish.sh >> "${ETC_DIR}/rc.firstboot"
39 40 chmod +x "${ETC_DIR}/rc.firstboot"
40 41
41 42 # Install default rc.local if it does not exist
42 43 if [ ! -f "${ETC_DIR}/rc.local" ] ; then
43 44 install_exec files/etc/rc.local "${ETC_DIR}/rc.local"
44 45 fi
45 46
46 47 # Add rc.firstboot script to rc.local
47 48 sed -i '/exit 0/d' "${ETC_DIR}/rc.local"
48 49 echo /etc/rc.firstboot >> "${ETC_DIR}/rc.local"
49 50 echo exit 0 >> "${ETC_DIR}/rc.local"
Show file before | Show file after | Hide comments
@@ -1,85 +1,86
1 #!/bin/bash
1 2 #
2 3 # Reduce system disk usage
3 4 #
4 5
5 6 # Load utility functions
6 7 . ./functions.sh
7 8
8 9 # Reduce the image size by various operations
9 10 if [ "$ENABLE_REDUCE" = true ] ; then
10 11 if [ "$REDUCE_APT" = true ] ; then
11 12 # Install dpkg configuration file
12 13 if [ "$REDUCE_DOC" = true ] || [ "$REDUCE_MAN" = true ] ; then
13 14 install_readonly files/dpkg/01nodoc "${ETC_DIR}/dpkg/dpkg.cfg.d/01nodoc"
14 15 fi
15 16
16 17 # Install APT configuration files
17 18 install_readonly files/apt/02nocache "${ETC_DIR}/apt/apt.conf.d/02nocache"
18 19 install_readonly files/apt/03compress "${ETC_DIR}/apt/apt.conf.d/03compress"
19 20 install_readonly files/apt/04norecommends "${ETC_DIR}/apt/apt.conf.d/04norecommends"
20 21
21 22 # Remove APT cache files
22 23 rm -fr "${R}/var/cache/apt/pkgcache.bin"
23 24 rm -fr "${R}/var/cache/apt/srcpkgcache.bin"
24 25 fi
25 26
26 27 # Remove all doc files
27 28 if [ "$REDUCE_DOC" = true ] ; then
28 find "${R}/usr/share/doc" -depth -type f ! -name copyright | xargs rm || true
29 find "${R}/usr/share/doc" -empty | xargs rmdir || true
29 find "${R}/usr/share/doc" -depth -type f ! -name copyright -print0 | xargs -0 rm || true
30 find "${R}/usr/share/doc" -empty -print0 | xargs -0 rmdir || true
30 31 fi
31 32
32 33 # Remove all man pages and info files
33 34 if [ "$REDUCE_MAN" = true ] ; then
34 35 rm -rf "${R}/usr/share/man" "${R}/usr/share/groff" "${R}/usr/share/info" "${R}/usr/share/lintian" "${R}/usr/share/linda" "${R}/var/cache/man"
35 36 fi
36 37
37 38 # Remove all locale translation files
38 39 if [ "$REDUCE_LOCALE" = true ] ; then
39 find "${R}/usr/share/locale" -mindepth 1 -maxdepth 1 ! -name 'en' | xargs rm -r
40 find "${R}/usr/share/locale" -mindepth 1 -maxdepth 1 ! -name 'en' -print0 | xargs -0 rm -r
40 41 fi
41 42
42 43 # Remove hwdb PCI device classes (experimental)
43 44 if [ "$REDUCE_HWDB" = true ] ; then
44 45 rm -fr "/lib/udev/hwdb.d/20-pci-*"
45 46 fi
46 47
47 48 # Replace bash shell by dash shell (experimental)
48 49 if [ "$REDUCE_BASH" = true ] ; then
49 50 if [ "$RELEASE" = "stretch" ] || [ "$RELEASE" = "buster" ] ; then
50 51 echo "Yes, do as I say!" | chroot_exec apt-get purge -qq -y --allow-remove-essential bash
51 52 else
52 53 echo "Yes, do as I say!" | chroot_exec apt-get purge -qq -y --force-yes bash
53 54 fi
54 55
55 56 chroot_exec update-alternatives --install /bin/bash bash /bin/dash 100
56 57 fi
57 58
58 59 # Remove sound utils and libraries
59 60 if [ "$ENABLE_SOUND" = false ] ; then
60 61 chroot_exec apt-get -qq -y purge alsa-utils libsamplerate0 libasound2 libasound2-data
61 62 fi
62 63
63 64 # Re-install tools for managing kernel modules
64 65 if [ "$RELEASE" = "jessie" ] ; then
65 66 chroot_exec apt-get -qq -y install module-init-tools
66 67 fi
67 68
68 69 # Remove GPU kernels
69 70 if [ "$ENABLE_MINGPU" = true ] ; then
70 71 rm -f "${BOOT_DIR}/start.elf"
71 72 rm -f "${BOOT_DIR}/fixup.dat"
72 73 rm -f "${BOOT_DIR}/start_x.elf"
73 74 rm -f "${BOOT_DIR}/fixup_x.dat"
74 75 fi
75 76
76 77 # Remove kernel and initrd from /boot (already in /boot/firmware)
77 78 if [ "$BUILD_KERNEL" = false ] ; then
78 79 rm -f "${R}/boot/vmlinuz-*"
79 80 rm -f "${R}/boot/initrd.img-*"
80 81 fi
81 82
82 83 # Clean APT list of repositories
83 84 rm -fr "${R}/var/lib/apt/lists/*"
84 85 chroot_exec apt-get -qq -y update
85 86 fi
Show file before | Show file after | Hide comments
@@ -1,790 +1,790
1 1 #!/bin/bash
2 2 ########################################################################
3 3 # rpi23-gen-image.sh 2015-2017
4 4 #
5 5 # Advanced Debian "stretch" and "buster" bootstrap script for RPi2/3
6 6 #
7 7 # This program is free software; you can redistribute it and/or
8 8 # modify it under the terms of the GNU General Public License
9 9 # as published by the Free Software Foundation; either version 2
10 10 # of the License, or (at your option) any later version.
11 11 #
12 12 # Copyright (C) 2015 Jan Wagner <mail@jwagner.eu>
13 13 #
14 14 # Big thanks for patches and enhancements by 20+ github contributors!
15 15 ########################################################################
16 16
17 17 # Are we running as root?
18 18 if [ "$(id -u)" -ne "0" ] ; then
19 19 echo "error: this script must be executed with root privileges!"
20 20 exit 1
21 21 fi
22 22
23 23 # Check if ./functions.sh script exists
24 24 if [ ! -r "./functions.sh" ] ; then
25 25 echo "error: './functions.sh' required script not found!"
26 26 exit 1
27 27 fi
28 28
29 29 # Load utility functions
30 30 . ./functions.sh
31 31
32 32 # Load parameters from configuration template file
33 33 if [ -n "$CONFIG_TEMPLATE" ] ; then
34 34 use_template
35 35 fi
36 36
37 37 # Introduce settings
38 38 set -e
39 39 echo -n -e "\n#\n# RPi2/3 Bootstrap Settings\n#\n"
40 40 set -x
41 41
42 42 # Raspberry Pi model configuration
43 43 RPI_MODEL=${RPI_MODEL:=2}
44 44
45 45 # Debian release
46 46 RELEASE=${RELEASE:=buster}
47 47
48 48 #Kernel Branch
49 49 KERNEL_BRANCH=${KERNEL_BRANCH:=""}
50 50
51 51 # URLs
52 52 KERNEL_URL=${KERNEL_URL:=https://github.com/raspberrypi/linux}
53 53 FIRMWARE_URL=${FIRMWARE_URL:=https://github.com/raspberrypi/firmware/raw/master/boot}
54 54 WLAN_FIRMWARE_URL=${WLAN_FIRMWARE_URL:=https://github.com/RPi-Distro/firmware-nonfree/raw/master/brcm}
55 55 FBTURBO_URL=${FBTURBO_URL:=https://github.com/ssvb/xf86-video-fbturbo.git}
56 56 UBOOT_URL=${UBOOT_URL:=https://git.denx.de/u-boot.git}
57 57
58 58 # Firmware directory: Blank if download from github
59 59 RPI_FIRMWARE_DIR=${RPI_FIRMWARE_DIR:=""}
60 60
61 61 # Build directories
62 62 BASEDIR=${BASEDIR:=$(pwd)/images/${RELEASE}}
63 63 BUILDDIR="${BASEDIR}/build"
64 64
65 65 # Prepare date string for default image file name
66 66 DATE="$(date +%Y-%m-%d)"
67 67 if [ -z "$KERNEL_BRANCH" ] ; then
68 68 IMAGE_NAME=${IMAGE_NAME:=${BASEDIR}/${DATE}-${KERNEL_ARCH}-CURRENT-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}}
69 69 else
70 70 IMAGE_NAME=${IMAGE_NAME:=${BASEDIR}/${DATE}-${KERNEL_ARCH}-${KERNEL_BRANCH}-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}}
71 71 fi
72 72
73 73 # Chroot directories
74 74 R="${BUILDDIR}/chroot"
75 75 ETC_DIR="${R}/etc"
76 76 LIB_DIR="${R}/lib"
77 77 BOOT_DIR="${R}/boot/firmware"
78 78 KERNEL_DIR="${R}/usr/src/linux"
79 79 WLAN_FIRMWARE_DIR="${R}/lib/firmware/brcm"
80 80
81 81 # General settings
82 82 SET_ARCH=${SET_ARCH:=32}
83 83 HOSTNAME=${HOSTNAME:=rpi${RPI_MODEL}-${RELEASE}}
84 84 PASSWORD=${PASSWORD:=raspberry}
85 85 USER_PASSWORD=${USER_PASSWORD:=raspberry}
86 86 DEFLOCAL=${DEFLOCAL:="en_US.UTF-8"}
87 87 TIMEZONE=${TIMEZONE:="Europe/Berlin"}
88 88 EXPANDROOT=${EXPANDROOT:=true}
89 89
90 90 # Keyboard settings
91 91 XKB_MODEL=${XKB_MODEL:=""}
92 92 XKB_LAYOUT=${XKB_LAYOUT:=""}
93 93 XKB_VARIANT=${XKB_VARIANT:=""}
94 94 XKB_OPTIONS=${XKB_OPTIONS:=""}
95 95
96 96 # Network settings (DHCP)
97 97 ENABLE_DHCP=${ENABLE_DHCP:=true}
98 98
99 99 # Network settings (static)
100 100 NET_ADDRESS=${NET_ADDRESS:=""}
101 101 NET_GATEWAY=${NET_GATEWAY:=""}
102 102 NET_DNS_1=${NET_DNS_1:=""}
103 103 NET_DNS_2=${NET_DNS_2:=""}
104 104 NET_DNS_DOMAINS=${NET_DNS_DOMAINS:=""}
105 105 NET_NTP_1=${NET_NTP_1:=""}
106 106 NET_NTP_2=${NET_NTP_2:=""}
107 107
108 108 # APT settings
109 109 APT_PROXY=${APT_PROXY:=""}
110 110 APT_SERVER=${APT_SERVER:="ftp.debian.org"}
111 111
112 112 # Feature settings
113 113 ENABLE_CONSOLE=${ENABLE_CONSOLE:=true}
114 114 ENABLE_I2C=${ENABLE_I2C:=false}
115 115 ENABLE_SPI=${ENABLE_SPI:=false}
116 116 ENABLE_IPV6=${ENABLE_IPV6:=true}
117 117 ENABLE_SSHD=${ENABLE_SSHD:=true}
118 118 ENABLE_NONFREE=${ENABLE_NONFREE:=false}
119 119 ENABLE_WIRELESS=${ENABLE_WIRELESS:=false}
120 120 ENABLE_SOUND=${ENABLE_SOUND:=true}
121 121 ENABLE_DBUS=${ENABLE_DBUS:=true}
122 122 ENABLE_HWRANDOM=${ENABLE_HWRANDOM:=true}
123 123 ENABLE_MINGPU=${ENABLE_MINGPU:=false}
124 124 ENABLE_XORG=${ENABLE_XORG:=false}
125 125 ENABLE_WM=${ENABLE_WM:=""}
126 126 ENABLE_RSYSLOG=${ENABLE_RSYSLOG:=true}
127 127 ENABLE_USER=${ENABLE_USER:=true}
128 128 USER_NAME=${USER_NAME:="pi"}
129 129 ENABLE_ROOT=${ENABLE_ROOT:=false}
130 130 ENABLE_QEMU=${ENABLE_QEMU:=false}
131 131
132 132 # SSH settings
133 133 SSH_ENABLE_ROOT=${SSH_ENABLE_ROOT:=false}
134 134 SSH_DISABLE_PASSWORD_AUTH=${SSH_DISABLE_PASSWORD_AUTH:=false}
135 135 SSH_LIMIT_USERS=${SSH_LIMIT_USERS:=false}
136 136 SSH_ROOT_PUB_KEY=${SSH_ROOT_PUB_KEY:=""}
137 137 SSH_USER_PUB_KEY=${SSH_USER_PUB_KEY:=""}
138 138
139 139 # Advanced settings
140 140 ENABLE_MINBASE=${ENABLE_MINBASE:=false}
141 141 ENABLE_REDUCE=${ENABLE_REDUCE:=false}
142 142 ENABLE_UBOOT=${ENABLE_UBOOT:=false}
143 143 UBOOTSRC_DIR=${UBOOTSRC_DIR:=""}
144 144 ENABLE_FBTURBO=${ENABLE_FBTURBO:=false}
145 145 FBTURBOSRC_DIR=${FBTURBOSRC_DIR:=""}
146 146 ENABLE_HARDNET=${ENABLE_HARDNET:=false}
147 147 ENABLE_IPTABLES=${ENABLE_IPTABLES:=false}
148 148 ENABLE_SPLITFS=${ENABLE_SPLITFS:=false}
149 149 ENABLE_INITRAMFS=${ENABLE_INITRAMFS:=false}
150 150 ENABLE_IFNAMES=${ENABLE_IFNAMES:=true}
151 151 DISABLE_UNDERVOLT_WARNINGS=${DISABLE_UNDERVOLT_WARNINGS:=}
152 152
153 153 # Kernel compilation settings
154 154 BUILD_KERNEL=${BUILD_KERNEL:=true}
155 155 KERNEL_REDUCE=${KERNEL_REDUCE:=false}
156 156 KERNEL_THREADS=${KERNEL_THREADS:=1}
157 157 KERNEL_HEADERS=${KERNEL_HEADERS:=true}
158 158 KERNEL_MENUCONFIG=${KERNEL_MENUCONFIG:=false}
159 159 KERNEL_REMOVESRC=${KERNEL_REMOVESRC:=true}
160 160 KERNEL_OLDDEFCONFIG=${KERNEL_OLDDEFCONFIG:=false}
161 161 KERNEL_CCACHE=${KERNEL_CCACHE:=false}
162 162
163 163 # Kernel compilation from source directory settings
164 164 KERNELSRC_DIR=${KERNELSRC_DIR:=""}
165 165 KERNELSRC_CLEAN=${KERNELSRC_CLEAN:=false}
166 166 KERNELSRC_CONFIG=${KERNELSRC_CONFIG:=true}
167 167 KERNELSRC_PREBUILT=${KERNELSRC_PREBUILT:=false}
168 168
169 169 # Reduce disk usage settings
170 170 REDUCE_APT=${REDUCE_APT:=true}
171 171 REDUCE_DOC=${REDUCE_DOC:=true}
172 172 REDUCE_MAN=${REDUCE_MAN:=true}
173 173 REDUCE_VIM=${REDUCE_VIM:=false}
174 174 REDUCE_BASH=${REDUCE_BASH:=false}
175 175 REDUCE_HWDB=${REDUCE_HWDB:=true}
176 176 REDUCE_SSHD=${REDUCE_SSHD:=true}
177 177 REDUCE_LOCALE=${REDUCE_LOCALE:=true}
178 178
179 179 # Encrypted filesystem settings
180 180 ENABLE_CRYPTFS=${ENABLE_CRYPTFS:=false}
181 181 CRYPTFS_PASSWORD=${CRYPTFS_PASSWORD:=""}
182 182 CRYPTFS_MAPPING=${CRYPTFS_MAPPING:="secure"}
183 183 CRYPTFS_CIPHER=${CRYPTFS_CIPHER:="aes-xts-plain64:sha512"}
184 184 CRYPTFS_XTSKEYSIZE=${CRYPTFS_XTSKEYSIZE:=512}
185 185
186 186 # Chroot scripts directory
187 187 CHROOT_SCRIPTS=${CHROOT_SCRIPTS:=""}
188 188
189 189 # Packages required in the chroot build environment
190 190 APT_INCLUDES=${APT_INCLUDES:=""}
191 191 APT_INCLUDES="${APT_INCLUDES},apt-transport-https,apt-utils,ca-certificates,debian-archive-keyring,dialog,sudo,systemd,sysvinit-utils"
192 192
193 193 # Packages required for bootstrapping
194 194 REQUIRED_PACKAGES="debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git bc psmisc dbus sudo"
195 195 MISSING_PACKAGES=""
196 196
197 197 #autoselect best apt mirror
198 198 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} netselect-apt"
199 199
200 200 # Packages installed for c/c++ build environment in chroot (keep empty)
201 201 COMPILER_PACKAGES=""
202 202
203 203 set +x
204 204
205 205 #make script easier and more stable to use with convenient setup switch. Just setup SET_ARCH and RPI_MODEL and your good to go!
206 206 if [ -n "$SET_ARCH" ] ; then
207 207 echo "Setting Architecture specific settings"
208 208 ##################################
209 209 # 64 bit config
210 210 ##################################
211 211 if [ "$SET_ARCH" = 64 ] ; then
212 212 echo "64 bit mode selected - Setting up enviroment"
213 213 # 64 bit depended settings
214 214 QEMU_BINARY=${QEMU_BINARY:=/usr/bin/qemu-aarch64-static}
215 215 KERNEL_ARCH=${KERNEL_ARCH:=arm64}
216 216 KERNEL_BIN_IMAGE=${KERNEL_BIN_IMAGE:="Image"}
217 217 RELEASE_ARCH=${RELEASE_ARCH:=arm64}
218 218 CROSS_COMPILE=${CROSS_COMPILE:=aarch64-linux-gnu-}
219 219 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-arm64"
220 220
221 221 if [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then
222 222 # RPI 3 serie specific settings
223 223 DTB_FILE=${DTB_FILE:=bcm2710-rpi-3-b.dtb}
224 224 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_3_defconfig}
225 225
226 226 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcmrpi3_defconfig}
227 227 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel8.img}
228 228 else
229 229 echo "error: At the moment Raspberry PI 3 and 3B+ are the only Models which support 64bit"
230 230 exit 1
231 231 fi
232 232 fi
233 233
234 234 ##################################
235 235 # 32 bit config
236 236 ##################################
237 237 if [ "$SET_ARCH" = 32 ] ; then
238 238 echo "32 bit mode selected - Setting up enviroment"
239 239 #General 32bit configuration
240 240 QEMU_BINARY=${QEMU_BINARY:=/usr/bin/qemu-arm-static}
241 241 KERNEL_ARCH=${KERNEL_ARCH:=arm}
242 242 KERNEL_BIN_IMAGE=${KERNEL_BIN_IMAGE:="zImage"}
243 243
244 244 #Raspberry setting grouped by board compability
245 245 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 1 ] || [ "$RPI_MODEL" = 1P ] ; then
246 246 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-armel"
247 247 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcmrpi_defconfig}
248 248 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_defconfig}
249 249 RELEASE_ARCH=${RELEASE_ARCH:=armel}
250 250 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel.img}
251 251 CROSS_COMPILE=${CROSS_COMPILE:=arm-linux-gnueabi-}
252 252 fi
253 253 if [ "$RPI_MODEL" = 2 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then
254 254 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-armhf"
255 255 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcm2709_defconfig}
256 256 RELEASE_ARCH=${RELEASE_ARCH:=armhf}
257 257 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel7.img}
258 258 CROSS_COMPILE=${CROSS_COMPILE:=arm-linux-gnueabihf-}
259 259 fi
260 260 #Device specific configuration
261 261 case "$RPI_MODEL" in
262 262 0)
263 263 DTB_FILE=${DTB_FILE:=bcm2708-rpi-0-w.dtb}
264 264 ;;
265 265 1)
266 266 DTB_FILE=${DTB_FILE:=bcm2708-rpi-b.dtb}
267 267 ;;
268 268 1P)
269 269 DTB_FILE=${DTB_FILE:=bcm2708-rpi-b-plus.dtb}
270 270 ;;
271 271 2)
272 272 DTB_FILE=${DTB_FILE:=bcm2709-rpi-2-b.dtb}
273 273 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_2_defconfig}
274 274 ;;
275 275 3)
276 276 DTB_FILE=${DTB_FILE:=bcm2710-rpi-3-b.dtb}
277 277 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_3_32b_defconfig}
278 278 ;;
279 279 3P)
280 280 DTB_FILE=${DTB_FILE:=bcm2710-rpi-3-b.dtb}
281 281 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_3_32b_defconfig}
282 282 ;;
283 283 *)
284 284 echo "error: Raspberry Pi model ${RPI_MODEL} is not supported!"
285 285 exit 1
286 286 ;;
287 287 esac
288 288
289 289 #Device specific configuration
290 290 # if [ "$RPI_MODEL" = 0 ] ; then
291 291 # DTB_FILE=${DTB_FILE:=bcm2708-rpi-0-w.dtb}
292 292 # fi
293 293 # if [ "$RPI_MODEL" = 1 ] ; then
294 294 # DTB_FILE=${DTB_FILE:=bcm2708-rpi-b.dtb}
295 295 # fi
296 296 # if [ "$RPI_MODEL" = 1P ] ; then
297 297 # DTB_FILE=${DTB_FILE:=bcm2708-rpi-b-plus.dtb}
298 298 # fi
299 299 # if [ "$RPI_MODEL" = 2 ] ; then
300 300 # DTB_FILE=${DTB_FILE:=bcm2709-rpi-2-b.dtb}
301 301 # UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_2_defconfig}
302 302 # #Precompiled Kernel rpi2
303 303 # #COLLABORA_KERNEL=${COLLABORA_KERNEL:=3.18.0-trunk-rpi2}
304 304 # fi
305 305 # if [ "$RPI_MODEL" = 3 ] ; then
306 306 # DTB_FILE=${DTB_FILE:=bcm2710-rpi-3-b.dtb}
307 307 # UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_3_32b_defconfig}
308 308 # fi
309 309 # if [ "$RPI_MODEL" = 3P ] ; then
310 310 # DTB_FILE=${DTB_FILE:=bcm2710-rpi-3-b.dtb}
311 311 # UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_3_32b_defconfig}
312 312 # fi
313 313 # if [ -z "$RPI_MODEL" ] ; then
314 314 # echo "error: Raspberry Pi model $RPI_MODEL is not set!"
315 315 # exit 1
316 316 # fi
317 317
318 318 #end 32 bit
319 319 fi
320 320 #SET_ARCH not set
321 321 else
322 322 echo "error: Please set '32' or '64' as value for SET_ARCH"
323 323 exit 1
324 324 fi
325 325
326 326 # Check if the internal wireless interface is supported by the RPi model
327 327 if [ "$ENABLE_WIRELESS" = true ] && { [ "$RPI_MODEL" = 1 ] || [ "$RPI_MODEL" = 1P ] || [ "$RPI_MODEL" = 2 ] ; } ; then
328 328 echo "error: The selected Raspberry Pi model has no internal wireless interface"
329 329 exit 1
330 330 else
331 331 echo "Raspberry Pi model"
332 332 fi
333 333
334 334 # Check if DISABLE_UNDERVOLT_WARNINGS parameter value is supported
335 335 if [ -n "$DISABLE_UNDERVOLT_WARNINGS" ] ; then
336 336 if [ "$DISABLE_UNDERVOLT_WARNINGS" != 1 ] && [ "$DISABLE_UNDERVOLT_WARNINGS" != 2 ] ; then
337 337 echo "error: DISABLE_UNDERVOLT_WARNINGS=${DISABLE_UNDERVOLT_WARNINGS} is not supported"
338 338 exit 1
339 339 fi
340 340 fi
341 341
342 342 # Add libncurses5 to enable kernel menuconfig
343 343 if [ "$KERNEL_MENUCONFIG" = true ] ; then
344 344 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} libncurses5-dev"
345 345 fi
346 346
347 347 # Add ccache compiler cache for (faster) kernel cross (re)compilation
348 348 if [ "$KERNEL_CCACHE" = true ] ; then
349 349 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} ccache"
350 350 fi
351 351
352 352 # Add cryptsetup package to enable filesystem encryption
353 353 if [ "$ENABLE_CRYPTFS" = true ] && [ "$BUILD_KERNEL" = true ] ; then
354 354 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} cryptsetup"
355 355 APT_INCLUDES="${APT_INCLUDES},cryptsetup,busybox,console-setup"
356 356
357 357 if [ -z "$CRYPTFS_PASSWORD" ] ; then
358 358 echo "error: no password defined (CRYPTFS_PASSWORD)!"
359 359 exit 1
360 360 fi
361 361 ENABLE_INITRAMFS=true
362 362 fi
363 363
364 364 # Add initramfs generation tools
365 365 if [ "$ENABLE_INITRAMFS" = true ] && [ "$BUILD_KERNEL" = true ] ; then
366 366 APT_INCLUDES="${APT_INCLUDES},initramfs-tools"
367 367 fi
368 368
369 369 # Add device-tree-compiler required for building the U-Boot bootloader
370 370 if [ "$ENABLE_UBOOT" = true ] ; then
371 371 APT_INCLUDES="${APT_INCLUDES},device-tree-compiler,bison,flex"
372 372 fi
373 373
374 374 # Check if root SSH (v2) public key file exists
375 375 if [ -n "$SSH_ROOT_PUB_KEY" ] ; then
376 376 if [ ! -f "$SSH_ROOT_PUB_KEY" ] ; then
377 377 echo "error: '$SSH_ROOT_PUB_KEY' specified SSH public key file not found (SSH_ROOT_PUB_KEY)!"
378 378 exit 1
379 379 fi
380 380 fi
381 381
382 382 # Check if $USER_NAME SSH (v2) public key file exists
383 383 if [ -n "$SSH_USER_PUB_KEY" ] ; then
384 384 if [ ! -f "$SSH_USER_PUB_KEY" ] ; then
385 385 echo "error: '$SSH_USER_PUB_KEY' specified SSH public key file not found (SSH_USER_PUB_KEY)!"
386 386 exit 1
387 387 fi
388 388 fi
389 389
390 390 # Check if all required packages are installed on the build system
391 391 for package in $REQUIRED_PACKAGES ; do
392 392 if [ "$(dpkg-query -W -f='${Status}' "$package")" != "install ok installed" ] ; then
393 393 MISSING_PACKAGES="${MISSING_PACKAGES} $package"
394 394 fi
395 395 done
396 396
397 397 # If there are missing packages ask confirmation for install, or exit
398 398 if [ -n "$MISSING_PACKAGES" ] ; then
399 399 echo "the following packages needed by this script are not installed:"
400 400 echo "$MISSING_PACKAGES"
401 401
402 402 printf "\ndo you want to install the missing packages right now? [y/n] "
403 403 read -r confirm
404 404 [ "$confirm" != "y" ] && exit 1
405 405
406 406 # Make sure all missing required packages are installed
407 407 apt-get -qq -y install "${MISSING_PACKAGES}"
408 408 fi
409 409
410 410 # Check if ./bootstrap.d directory exists
411 411 if [ ! -d "./bootstrap.d/" ] ; then
412 412 echo "error: './bootstrap.d' required directory not found!"
413 413 exit 1
414 414 fi
415 415
416 416 # Check if ./files directory exists
417 417 if [ ! -d "./files/" ] ; then
418 418 echo "error: './files' required directory not found!"
419 419 exit 1
420 420 fi
421 421
422 422 # Check if specified KERNELSRC_DIR directory exists
423 423 if [ -n "$KERNELSRC_DIR" ] && [ ! -d "$KERNELSRC_DIR" ] ; then
424 424 echo "error: '${KERNELSRC_DIR}' specified directory not found (KERNELSRC_DIR)!"
425 425 exit 1
426 426 fi
427 427
428 428 # Check if specified UBOOTSRC_DIR directory exists
429 429 if [ -n "$UBOOTSRC_DIR" ] && [ ! -d "$UBOOTSRC_DIR" ] ; then
430 430 echo "error: '${UBOOTSRC_DIR}' specified directory not found (UBOOTSRC_DIR)!"
431 431 exit 1
432 432 fi
433 433
434 434 # Check if specified FBTURBOSRC_DIR directory exists
435 435 if [ -n "$FBTURBOSRC_DIR" ] && [ ! -d "$FBTURBOSRC_DIR" ] ; then
436 436 echo "error: '${FBTURBOSRC_DIR}' specified directory not found (FBTURBOSRC_DIR)!"
437 437 exit 1
438 438 fi
439 439
440 440 # Check if specified CHROOT_SCRIPTS directory exists
441 441 if [ -n "$CHROOT_SCRIPTS" ] && [ ! -d "$CHROOT_SCRIPTS" ] ; then
442 442 echo "error: ${CHROOT_SCRIPTS} specified directory not found (CHROOT_SCRIPTS)!"
443 443 exit 1
444 444 fi
445 445
446 446 # Check if specified device mapping already exists (will be used by cryptsetup)
447 447 if [ -r "/dev/mapping/${CRYPTFS_MAPPING}" ] ; then
448 448 echo "error: mapping /dev/mapping/${CRYPTFS_MAPPING} already exists, not proceeding"
449 449 exit 1
450 450 fi
451 451
452 452 # Don't clobber an old build
453 453 if [ -e "$BUILDDIR" ] ; then
454 454 echo "error: directory ${BUILDDIR} already exists, not proceeding"
455 455 exit 1
456 456 fi
457 457
458 458 # Setup chroot directory
459 459 mkdir -p "${R}"
460 460
461 461 # Check if build directory has enough of free disk space >512MB
462 if [ "$(df --output=avail ${BUILDDIR} | sed "1d")" -le "524288" ] ; then
462 if [ "$(df --output=avail "${BUILDDIR}" | sed "1d")" -le "524288" ] ; then
463 463 echo "error: ${BUILDDIR} not enough space left to generate the output image!"
464 464 exit 1
465 465 fi
466 466
467 467 set -x
468 468
469 469 # Call "cleanup" function on various signals and errors
470 470 trap cleanup 0 1 2 3 6
471 471
472 472 # Add required packages for the minbase installation
473 473 if [ "$ENABLE_MINBASE" = true ] ; then
474 474 APT_INCLUDES="${APT_INCLUDES},vim-tiny,netbase,net-tools,ifupdown"
475 475 fi
476 476
477 477 # Add required locales packages
478 478 if [ "$DEFLOCAL" != "en_US.UTF-8" ] || { [ -n "$XKB_MODEL" ] || [ -n "$XKB_LAYOUT" ] || [ -n "$XKB_VARIANT" ] || [ -n "$XKB_OPTIONS" ] ; } ; then
479 479 APT_INCLUDES="${APT_INCLUDES},locales,keyboard-configuration,console-setup"
480 480 fi
481 481
482 482 # Add parted package, required to get partprobe utility
483 483 if [ "$EXPANDROOT" = true ] ; then
484 484 APT_INCLUDES="${APT_INCLUDES},parted"
485 485 fi
486 486
487 487 # Add dbus package, recommended if using systemd
488 488 if [ "$ENABLE_DBUS" = true ] ; then
489 489 APT_INCLUDES="${APT_INCLUDES},dbus"
490 490 fi
491 491
492 492 # Add iptables IPv4/IPv6 package
493 493 if [ "$ENABLE_IPTABLES" = true ] ; then
494 494 APT_INCLUDES="${APT_INCLUDES},iptables,iptables-persistent"
495 495 fi
496 496
497 497 # Add openssh server package
498 498 if [ "$ENABLE_SSHD" = true ] ; then
499 499 APT_INCLUDES="${APT_INCLUDES},openssh-server"
500 500 fi
501 501
502 502 # Add alsa-utils package
503 503 if [ "$ENABLE_SOUND" = true ] ; then
504 504 APT_INCLUDES="${APT_INCLUDES},alsa-utils"
505 505 fi
506 506
507 507 # Add rng-tools package
508 508 if [ "$ENABLE_HWRANDOM" = true ] ; then
509 509 APT_INCLUDES="${APT_INCLUDES},rng-tools"
510 510 fi
511 511
512 512 # Add fbturbo video driver
513 513 if [ "$ENABLE_FBTURBO" = true ] ; then
514 514 # Enable xorg package dependencies
515 515 ENABLE_XORG=true
516 516 fi
517 517
518 518 # Add user defined window manager package
519 519 if [ -n "$ENABLE_WM" ] ; then
520 520 APT_INCLUDES="${APT_INCLUDES},${ENABLE_WM}"
521 521
522 522 # Enable xorg package dependencies
523 523 ENABLE_XORG=true
524 524 fi
525 525
526 526 # Add xorg package
527 527 if [ "$ENABLE_XORG" = true ] ; then
528 528 APT_INCLUDES="${APT_INCLUDES},xorg,dbus-x11"
529 529 fi
530 530
531 531 # Replace selected packages with smaller clones
532 532 if [ "$ENABLE_REDUCE" = true ] ; then
533 533 # Add levee package instead of vim-tiny
534 534 if [ "$REDUCE_VIM" = true ] ; then
535 535 APT_INCLUDES="$(echo ${APT_INCLUDES} | sed "s/vim-tiny/levee/")"
536 536 fi
537 537
538 538 # Add dropbear package instead of openssh-server
539 539 if [ "$REDUCE_SSHD" = true ] ; then
540 540 APT_INCLUDES="$(echo "${APT_INCLUDES}" | sed "s/openssh-server/dropbear/")"
541 541 fi
542 542 fi
543 543
544 544 # Configure kernel sources if no KERNELSRC_DIR
545 545 if [ "$BUILD_KERNEL" = true ] && [ -z "$KERNELSRC_DIR" ] ; then
546 546 KERNELSRC_CONFIG=true
547 547 fi
548 548
549 549 # Configure reduced kernel
550 550 if [ "$KERNEL_REDUCE" = true ] ; then
551 551 KERNELSRC_CONFIG=false
552 552 fi
553 553
554 554 # Execute bootstrap scripts
555 555 for SCRIPT in bootstrap.d/*.sh; do
556 556 head -n 3 "$SCRIPT"
557 557 . "$SCRIPT"
558 558 done
559 559
560 560 ## Execute custom bootstrap scripts
561 561 if [ -d "custom.d" ] ; then
562 562 for SCRIPT in custom.d/*.sh; do
563 563 . "$SCRIPT"
564 564 done
565 565 fi
566 566
567 567 # Execute custom scripts inside the chroot
568 568 if [ -n "$CHROOT_SCRIPTS" ] && [ -d "$CHROOT_SCRIPTS" ] ; then
569 569 cp -r "${CHROOT_SCRIPTS}" "${R}/chroot_scripts"
570 570 chroot_exec /bin/bash -x <<'EOF'
571 571 for SCRIPT in /chroot_scripts/* ; do
572 572 if [ -f $SCRIPT -a -x $SCRIPT ] ; then
573 573 $SCRIPT
574 574 fi
575 575 done
576 576 EOF
577 577 rm -rf "${R}/chroot_scripts"
578 578 fi
579 579
580 580 # Remove c/c++ build environment from the chroot
581 581 chroot_remove_cc
582 582
583 583 # Generate required machine-id
584 584 MACHINE_ID=$(dbus-uuidgen)
585 585 echo -n "${MACHINE_ID}" > "${R}/var/lib/dbus/machine-id"
586 586 echo -n "${MACHINE_ID}" > "${ETC_DIR}/machine-id"
587 587
588 588 # APT Cleanup
589 589 chroot_exec apt-get -y clean
590 590 chroot_exec apt-get -y autoclean
591 591 chroot_exec apt-get -y autoremove
592 592
593 593 # Unmount mounted filesystems
594 594 umount -l "${R}/proc"
595 595 umount -l "${R}/sys"
596 596
597 597 # Clean up directories
598 598 rm -rf "${R}/run/*"
599 599 rm -rf "${R}/tmp/*"
600 600
601 601 # Clean up files
602 602 rm -f "${ETC_DIR}/ssh/ssh_host_*"
603 603 rm -f "${ETC_DIR}/dropbear/dropbear_*"
604 604 rm -f "${ETC_DIR}/apt/sources.list.save"
605 605 rm -f "${ETC_DIR}/resolvconf/resolv.conf.d/original"
606 606 rm -f "${ETC_DIR}/*-"
607 607 rm -f "${ETC_DIR}/apt/apt.conf.d/10proxy"
608 608 rm -f "${ETC_DIR}/resolv.conf"
609 609 rm -f "${R}/root/.bash_history"
610 610 rm -f "${R}/var/lib/urandom/random-seed"
611 611 rm -f "${R}/initrd.img"
612 612 rm -f "${R}/vmlinuz"
613 613 rm -f "${R}${QEMU_BINARY}"
614 614
615 615 if [ "$ENABLE_QEMU" = true ] ; then
616 616 # Configure qemu compatible kernel
617 617 DTB_FILE=vexpress-v2p-ca15_a7.dtb
618 618 UBOOT_CONFIG=vexpress_ca15_tc2_defconfig
619 619 KERNEL_DEFCONFIG="vexpress_defconfig"
620 620 if [ "$KERNEL_MENUCONFIG" = false ] ; then
621 621 KERNEL_OLDDEFCONFIG=true
622 622 fi
623 623
624 624 # Setup QEMU directory
625 625 mkdir "${BASEDIR}/qemu"
626 626
627 627 # Copy kernel image to QEMU directory
628 628 install_readonly "${BOOT_DIR}/${KERNEL_IMAGE}" "${BASEDIR}/qemu/${KERNEL_IMAGE}"
629 629
630 630 # Copy kernel config to QEMU directory
631 631 install_readonly "${R}/boot/config-${KERNEL_VERSION}" "${BASEDIR}/qemu/config-${KERNEL_VERSION}"
632 632
633 633 # Copy kernel dtbs to QEMU directory
634 634 for dtb in "${BOOT_DIR}/"*.dtb ; do
635 635 if [ -f "${dtb}" ] ; then
636 636 install_readonly "${dtb}" "${BASEDIR}/qemu/"
637 637 fi
638 638 done
639 639
640 640 # Copy kernel overlays to QEMU directory
641 641 if [ -d "${BOOT_DIR}/overlays" ] ; then
642 642 # Setup overlays dtbs directory
643 643 mkdir "${BASEDIR}/qemu/overlays"
644 644
645 645 for dtb in "${BOOT_DIR}/overlays/"*.dtb ; do
646 646 if [ -f "${dtb}" ] ; then
647 647 install_readonly "${dtb}" "${BASEDIR}/qemu/overlays/"
648 648 fi
649 649 done
650 650 fi
651 651
652 652 # Copy u-boot files to QEMU directory
653 653 if [ "$ENABLE_UBOOT" = true ] ; then
654 654 if [ -f "${BOOT_DIR}/u-boot.bin" ] ; then
655 655 install_readonly "${BOOT_DIR}/u-boot.bin" "${BASEDIR}/qemu/u-boot.bin"
656 656 fi
657 657 if [ -f "${BOOT_DIR}/uboot.mkimage" ] ; then
658 658 install_readonly "${BOOT_DIR}/uboot.mkimage" "${BASEDIR}/qemu/uboot.mkimage"
659 659 fi
660 660 if [ -f "${BOOT_DIR}/boot.scr" ] ; then
661 661 install_readonly "${BOOT_DIR}/boot.scr" "${BASEDIR}/qemu/boot.scr"
662 662 fi
663 663 fi
664 664
665 665 # Copy initramfs to QEMU directory
666 666 if [ -f "${BOOT_DIR}/initramfs-${KERNEL_VERSION}" ] ; then
667 667 install_readonly "${BOOT_DIR}/initramfs-${KERNEL_VERSION}" "${BASEDIR}/qemu/initramfs-${KERNEL_VERSION}"
668 668 fi
669 669 fi
670 670
671 671 # Calculate size of the chroot directory in KB
672 672 CHROOT_SIZE=$(expr "$(du -s "${R}" | awk '{ print $1 }')")
673 673
674 674 # Calculate the amount of needed 512 Byte sectors
675 675 TABLE_SECTORS=$(expr 1 \* 1024 \* 1024 \/ 512)
676 676 FRMW_SECTORS=$(expr 64 \* 1024 \* 1024 \/ 512)
677 677 ROOT_OFFSET=$(expr "${TABLE_SECTORS}" + "${FRMW_SECTORS}")
678 678
679 679 # The root partition is EXT4
680 680 # This means more space than the actual used space of the chroot is used.
681 681 # As overhead for journaling and reserved blocks 35% are added.
682 682 ROOT_SECTORS=$(expr "$(expr "${CHROOT_SIZE}" + "${CHROOT_SIZE}" \/ 100 \* 35)" \* 1024 \/ 512)
683 683
684 684 # Calculate required image size in 512 Byte sectors
685 685 IMAGE_SECTORS=$(expr "${TABLE_SECTORS}" + "${FRMW_SECTORS}" + "${ROOT_SECTORS}")
686 686
687 687 # Prepare image file
688 688 if [ "$ENABLE_SPLITFS" = true ] ; then
689 689 dd if=/dev/zero of="$IMAGE_NAME-frmw.img" bs=512 count="${TABLE_SECTORS}"
690 690 dd if=/dev/zero of="$IMAGE_NAME-frmw.img" bs=512 count=0 seek="${FRMW_SECTORS}"
691 691 dd if=/dev/zero of="$IMAGE_NAME-root.img" bs=512 count="${TABLE_SECTORS}"
692 692 dd if=/dev/zero of="$IMAGE_NAME-root.img" bs=512 count=0 seek="${ROOT_SECTORS}"
693 693
694 694 # Write firmware/boot partition tables
695 695 sfdisk -q -L -uS -f "$IMAGE_NAME-frmw.img" 2> /dev/null <<EOM
696 696 "${TABLE_SECTORS}","${FRMW_SECTORS}",c,*
697 697 EOM
698 698
699 699 # Write root partition table
700 700 sfdisk -q -L -uS -f "$IMAGE_NAME-root.img" 2> /dev/null <<EOM
701 701 "${TABLE_SECTORS}","${ROOT_SECTORS}",83
702 702 EOM
703 703
704 704 # Setup temporary loop devices
705 705 FRMW_LOOP="$(losetup -o 1M --sizelimit 64M -f --show "$IMAGE_NAME"-frmw.img)"
706 706 ROOT_LOOP="$(losetup -o 1M -f --show "$IMAGE_NAME"-root.img)"
707 707 else # ENABLE_SPLITFS=false
708 708 dd if=/dev/zero of="$IMAGE_NAME.img" bs=512 count="${TABLE_SECTORS}"
709 709 dd if=/dev/zero of="$IMAGE_NAME.img" bs=512 count=0 seek="${IMAGE_SECTORS}"
710 710
711 711 # Write partition table
712 712 sfdisk -q -L -uS -f "$IMAGE_NAME.img" 2> /dev/null <<EOM
713 713 "${TABLE_SECTORS}","${FRMW_SECTORS}",c,*
714 714 "${ROOT_OFFSET}","${ROOT_SECTORS}",83
715 715 EOM
716 716
717 717 # Setup temporary loop devices
718 718 FRMW_LOOP="$(losetup -o 1M --sizelimit 64M -f --show "$IMAGE_NAME".img)"
719 719 ROOT_LOOP="$(losetup -o 65M -f --show "$IMAGE_NAME".img)"
720 720 fi
721 721
722 722 if [ "$ENABLE_CRYPTFS" = true ] ; then
723 723 # Create dummy ext4 fs
724 724 mkfs.ext4 "$ROOT_LOOP"
725 725
726 726 # Setup password keyfile
727 727 touch .password
728 728 chmod 600 .password
729 729 echo -n "${CRYPTFS_PASSWORD}" > .password
730 730
731 731 # Initialize encrypted partition
732 732 echo "YES" | cryptsetup luksFormat "${ROOT_LOOP}" -c "${CRYPTFS_CIPHER}" -s "${CRYPTFS_XTSKEYSIZE}" .password
733 733
734 734 # Open encrypted partition and setup mapping
735 735 cryptsetup luksOpen "${ROOT_LOOP}" -d .password "${CRYPTFS_MAPPING}"
736 736
737 737 # Secure delete password keyfile
738 738 shred -zu .password
739 739
740 740 # Update temporary loop device
741 741 ROOT_LOOP="/dev/mapper/${CRYPTFS_MAPPING}"
742 742
743 743 # Wipe encrypted partition (encryption cipher is used for randomness)
744 744 dd if=/dev/zero of="${ROOT_LOOP}" bs=512 count="$(blockdev --getsz "${ROOT_LOOP}")"
745 745 fi
746 746
747 747 # Build filesystems
748 748 mkfs.vfat "$FRMW_LOOP"
749 749 mkfs.ext4 "$ROOT_LOOP"
750 750
751 751 # Mount the temporary loop devices
752 752 mkdir -p "$BUILDDIR/mount"
753 753 mount "$ROOT_LOOP" "$BUILDDIR/mount"
754 754
755 755 mkdir -p "$BUILDDIR/mount/boot/firmware"
756 756 mount "$FRMW_LOOP" "$BUILDDIR/mount/boot/firmware"
757 757
758 758 # Copy all files from the chroot to the loop device mount point directory
759 759 rsync -a "${R}/" "$BUILDDIR/mount/"
760 760
761 761 # Unmount all temporary loop devices and mount points
762 762 cleanup
763 763
764 764 # Create block map file(s) of image(s)
765 765 if [ "$ENABLE_SPLITFS" = true ] ; then
766 766 # Create block map files for "bmaptool"
767 767 bmaptool create -o "$IMAGE_NAME-frmw.bmap" "$IMAGE_NAME-frmw.img"
768 768 bmaptool create -o "$IMAGE_NAME-root.bmap" "$IMAGE_NAME-root.img"
769 769
770 770 # Image was successfully created
771 771 echo "$IMAGE_NAME-frmw.img ($(expr \( "${TABLE_SECTORS}" + "${FRMW_SECTORS}" \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
772 772 echo "$IMAGE_NAME-root.img ($(expr \( "${TABLE_SECTORS}" + "${ROOT_SECTORS}" \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
773 773 else
774 774 # Create block map file for "bmaptool"
775 775 bmaptool create -o "$IMAGE_NAME.bmap" "$IMAGE_NAME.img"
776 776
777 777 # Image was successfully created
778 778 echo "$IMAGE_NAME.img ($(expr \( "${TABLE_SECTORS}" + "${FRMW_SECTORS}" + "${ROOT_SECTORS}" \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
779 779
780 780 # Create qemu qcow2 image
781 781 if [ "$ENABLE_QEMU" = true ] ; then
782 782 QEMU_IMAGE=${QEMU_IMAGE:=${BASEDIR}/qemu/${DATE}-${KERNEL_ARCH}-CURRENT-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}}
783 783 QEMU_SIZE=16G
784 784
785 785 qemu-img convert -f raw -O qcow2 "$IMAGE_NAME".img "$QEMU_IMAGE".qcow2
786 786 qemu-img resize "$QEMU_IMAGE".qcow2 $QEMU_SIZE
787 787
788 788 echo "$QEMU_IMAGE.qcow2 ($QEMU_SIZE)" ": successfully created"
789 789 fi
790 790 fi
General Comments 0
Vous devez vous connecter pour laisser un commentaire. Se connecter maintenant