##// END OF EJS Templates
Raspi2-3_GenImage
RSS

Cloner depuis https://github.com/drtyhlpr/rpi23-gen-image.git

enhancment thx to spellcheck.net
burnbabyburn -
r312:3ca992f0164a
parent child
Show More
Show file before | Show file after | Hide comments
@@ -1,47 +1,48
1 #!/bin/bash
1 #
2 #
2 # Debootstrap basic system
3 # Debootstrap basic system
3 #
4 #
4
5
5 # Load utility functions
6 # Load utility functions
6 . ./functions.sh
7 . ./functions.sh
7
8
8 VARIANT=""
9 VARIANT=""
9 COMPONENTS="main"
10 COMPONENTS="main"
10 EXCLUDES=""
11 EXCLUDES=""
11
12
12 # Use non-free Debian packages if needed
13 # Use non-free Debian packages if needed
13 if [ "$ENABLE_NONFREE" = true ] ; then
14 if [ "$ENABLE_NONFREE" = true ] ; then
14 COMPONENTS="main,non-free,contrib"
15 COMPONENTS="main,non-free,contrib"
15 fi
16 fi
16
17
17 # Use minbase bootstrap variant which only includes essential packages
18 # Use minbase bootstrap variant which only includes essential packages
18 if [ "$ENABLE_MINBASE" = true ] ; then
19 if [ "$ENABLE_MINBASE" = true ] ; then
19 VARIANT="--variant=minbase"
20 VARIANT="--variant=minbase"
20 fi
21 fi
21
22
22 # Exclude packages if required by Debian release
23 # Exclude packages if required by Debian release
23 if [ "$RELEASE" = "stretch" ] || [ "$RELEASE" = "buster" ] ; then
24 if [ "$RELEASE" = "stretch" ] || [ "$RELEASE" = "buster" ] ; then
24 EXCLUDES="--exclude=init,systemd-sysv"
25 EXCLUDES="--exclude=init,systemd-sysv"
25 fi
26 fi
26
27
27 # Base debootstrap (unpack only)
28 # Base debootstrap (unpack only)
28 http_proxy=${APT_PROXY} debootstrap ${EXCLUDES} --arch="${RELEASE_ARCH}" --foreign ${VARIANT} --components="${COMPONENTS}" --include="${APT_INCLUDES}" "${RELEASE}" "${R}" "http://${APT_SERVER}/debian"
29 http_proxy=${APT_PROXY} debootstrap ${EXCLUDES} --arch="${RELEASE_ARCH}" --foreign ${VARIANT} --components="${COMPONENTS}" --include="${APT_INCLUDES}" "${RELEASE}" "${R}" "http://${APT_SERVER}/debian"
29
30
30 # Copy qemu emulator binary to chroot
31 # Copy qemu emulator binary to chroot
31 install -m 755 -o root -g root "${QEMU_BINARY}" "${R}${QEMU_BINARY}"
32 install -m 755 -o root -g root "${QEMU_BINARY}" "${R}${QEMU_BINARY}"
32
33
33 # Copy debian-archive-keyring.pgp
34 # Copy debian-archive-keyring.pgp
34 mkdir -p "${R}/usr/share/keyrings"
35 mkdir -p "${R}/usr/share/keyrings"
35 install_readonly /usr/share/keyrings/debian-archive-keyring.gpg "${R}/usr/share/keyrings/debian-archive-keyring.gpg"
36 install_readonly /usr/share/keyrings/debian-archive-keyring.gpg "${R}/usr/share/keyrings/debian-archive-keyring.gpg"
36
37
37 # Complete the bootstrapping process
38 # Complete the bootstrapping process
38 chroot_exec /debootstrap/debootstrap --second-stage
39 chroot_exec /debootstrap/debootstrap --second-stage
39
40
40 # Mount required filesystems
41 # Mount required filesystems
41 mount -t proc none "${R}/proc"
42 mount -t proc none "${R}/proc"
42 mount -t sysfs none "${R}/sys"
43 mount -t sysfs none "${R}/sys"
43
44
44 # Mount pseudo terminal slave if supported by Debian release
45 # Mount pseudo terminal slave if supported by Debian release
45 if [ -d "${R}/dev/pts" ] ; then
46 if [ -d "${R}/dev/pts" ] ; then
46 mount --bind /dev/pts "${R}/dev/pts"
47 mount --bind /dev/pts "${R}/dev/pts"
47 fi
48 fi
Show file before | Show file after | Hide comments
@@ -1,48 +1,49
1 #!/bin/bash
1 #
2 #
2 # Setup APT repositories
3 # Setup APT repositories
3 #
4 #
4
5
5 # Load utility functions
6 # Load utility functions
6 . ./functions.sh
7 . ./functions.sh
7
8
8 # Install and setup APT proxy configuration
9 # Install and setup APT proxy configuration
9 if [ -z "$APT_PROXY" ] ; then
10 if [ -z "$APT_PROXY" ] ; then
10 install_readonly files/apt/10proxy "${ETC_DIR}/apt/apt.conf.d/10proxy"
11 install_readonly files/apt/10proxy "${ETC_DIR}/apt/apt.conf.d/10proxy"
11 sed -i "s/\"\"/\"${APT_PROXY}\"/" "${ETC_DIR}/apt/apt.conf.d/10proxy"
12 sed -i "s/\"\"/\"${APT_PROXY}\"/" "${ETC_DIR}/apt/apt.conf.d/10proxy"
12 fi
13 fi
13
14
14 if [ "$BUILD_KERNEL" = false ] ; then
15 if [ "$BUILD_KERNEL" = false ] ; then
15 echo "Downloading precompiled kernel"
16 echo "Downloading precompiled kernel"
16 echo "error: not configured"
17 echo "error: not configured"
17 exit 1;
18 exit 1;
18 else # BUILD_KERNEL=true
19 else # BUILD_KERNEL=true
19 #autconfigure best apt server to not spam ftp.debian.org
20 #autconfigure best apt server to not spam ftp.debian.org
20 #rm files/apt/sources.list
21 #rm files/apt/sources.list
21 #netselect-apt does not know buster yet
22 #netselect-apt does not know buster yet
22 if [ "$RELEASE" = "buster" ] ; then
23 if [ "$RELEASE" = "buster" ] ; then
23 RELEASE=${RELEASE:=testing}
24 RELEASE=${RELEASE:=testing}
24 fi
25 fi
25 netselect_string=${netselect_string:=""}
26 netselect_string=${netselect_string:=""}
26 if [ "$ENABLE_NONFREE" = true ] ; then
27 if [ "$ENABLE_NONFREE" = true ] ; then
27 netselect-apt --arch "$RELEASE_ARCH" --sources "$netselect_string" --outfile "${ETC_DIR}/apt/sources.list" -d "$RLS"
28 netselect-apt --arch "$RELEASE_ARCH" --sources "$netselect_string" --outfile "${ETC_DIR}/apt/sources.list" -d "$RLS"
28 fi
29 fi
29 netselect-apt --arch "$RELEASE_ARCH" --sources "$netselect_string" --outfile "${ETC_DIR}/apt/sources.list" -d "$RLS"
30 netselect-apt --arch "$RELEASE_ARCH" --sources "$netselect_string" --outfile "${ETC_DIR}/apt/sources.list" -d "$RLS"
30 fi
31 fi
31
32
32 # Upgrade package index and update all installed packages and changed dependencies
33 # Upgrade package index and update all installed packages and changed dependencies
33 chroot_exec apt-get -qq -y update
34 chroot_exec apt-get -qq -y update
34 chroot_exec apt-get -qq -y -u dist-upgrade
35 chroot_exec apt-get -qq -y -u dist-upgrade
35
36
36 if [ "$APT_INCLUDES_LATE" ] ; then
37 if [ "$APT_INCLUDES_LATE" ] ; then
37 chroot_exec apt-get -qq -y install "$(echo "$APT_INCLUDES_LATE" |tr , ' ')"
38 chroot_exec apt-get -qq -y install "$(echo "$APT_INCLUDES_LATE" |tr , ' ')"
38 fi
39 fi
39
40
40 if [ -d packages ] ; then
41 if [ -d packages ] ; then
41 for package in packages/*.deb ; do
42 for package in packages/*.deb ; do
42 cp "$package" "${R}"/tmp
43 cp "$package" "${R}"/tmp
43 chroot_exec dpkg --unpack /tmp/"$(basename "$package")"
44 chroot_exec dpkg --unpack /tmp/"$(basename "$package")"
44 done
45 done
45 fi
46 fi
46 chroot_exec apt-get -qq -y -f install
47 chroot_exec apt-get -qq -y -f install
47
48
48 chroot_exec apt-get -qq -y check
49 chroot_exec apt-get -qq -y check
Show file before | Show file after | Hide comments
@@ -1,59 +1,60
1 #!/bin/bash
1 #
2 #
2 # Setup Locales and keyboard settings
3 # Setup Locales and keyboard settings
3 #
4 #
4
5
5 # Load utility functions
6 # Load utility functions
6 . ./functions.sh
7 . ./functions.sh
7
8
8 # Install and setup timezone
9 # Install and setup timezone
9 echo "${TIMEZONE}" > "${ETC_DIR}/timezone"
10 echo "${TIMEZONE}" > "${ETC_DIR}/timezone"
10 chroot_exec dpkg-reconfigure -f noninteractive tzdata
11 chroot_exec dpkg-reconfigure -f noninteractive tzdata
11
12
12 # Install and setup default locale and keyboard configuration
13 # Install and setup default locale and keyboard configuration
13
14
14 if [ "$(echo "$APT_INCLUDES" | grep ",locales")" ] ; then
15 if [ "$(echo "$APT_INCLUDES" | grep ",locales")" ] ; then
15 # Set locale choice in debconf db, even though dpkg-reconfigure ignores and overwrites them due to some bug
16 # Set locale choice in debconf db, even though dpkg-reconfigure ignores and overwrites them due to some bug
16 # https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=684134 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=685957
17 # https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=684134 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=685957
17 # ... so we have to set locales manually
18 # ... so we have to set locales manually
18 if [ "$DEFLOCAL" = "en_US.UTF-8" ] ; then
19 if [ "$DEFLOCAL" = "en_US.UTF-8" ] ; then
19 chroot_exec echo "locales locales/locales_to_be_generated multiselect ${DEFLOCAL} UTF-8" | debconf-set-selections
20 chroot_exec echo "locales locales/locales_to_be_generated multiselect ${DEFLOCAL} UTF-8" | debconf-set-selections
20 else
21 else
21 # en_US.UTF-8 should be available anyway : https://www.debian.org/doc/manuals/debian-reference/ch08.en.html#_the_reconfiguration_of_the_locale
22 # en_US.UTF-8 should be available anyway : https://www.debian.org/doc/manuals/debian-reference/ch08.en.html#_the_reconfiguration_of_the_locale
22 chroot_exec echo "locales locales/locales_to_be_generated multiselect en_US.UTF-8 UTF-8, ${DEFLOCAL} UTF-8" | debconf-set-selections
23 chroot_exec echo "locales locales/locales_to_be_generated multiselect en_US.UTF-8 UTF-8, ${DEFLOCAL} UTF-8" | debconf-set-selections
23 sed -i "/en_US.UTF-8/s/^#//" "${ETC_DIR}/locale.gen"
24 sed -i "/en_US.UTF-8/s/^#//" "${ETC_DIR}/locale.gen"
24 fi
25 fi
25
26
26 sed -i "/${DEFLOCAL}/s/^#//" "${ETC_DIR}/locale.gen"
27 sed -i "/${DEFLOCAL}/s/^#//" "${ETC_DIR}/locale.gen"
27 chroot_exec echo "locales locales/default_environment_locale select ${DEFLOCAL}" | debconf-set-selections
28 chroot_exec echo "locales locales/default_environment_locale select ${DEFLOCAL}" | debconf-set-selections
28 chroot_exec locale-gen
29 chroot_exec locale-gen
29 chroot_exec update-locale LANG="${DEFLOCAL}"
30 chroot_exec update-locale LANG="${DEFLOCAL}"
30
31
31 # Install and setup default keyboard configuration
32 # Install and setup default keyboard configuration
32 if [ "$XKB_MODEL" != "pc105" ] ; then
33 if [ "$XKB_MODEL" != "pc105" ] ; then
33 sed -i "s/^XKBMODEL.*/XKBMODEL=\"${XKB_MODEL}\"/" "${ETC_DIR}/default/keyboard"
34 sed -i "s/^XKBMODEL.*/XKBMODEL=\"${XKB_MODEL}\"/" "${ETC_DIR}/default/keyboard"
34 fi
35 fi
35 if [ "$XKB_LAYOUT" != "us" ] ; then
36 if [ "$XKB_LAYOUT" != "us" ] ; then
36 sed -i "s/^XKBLAYOUT.*/XKBLAYOUT=\"${XKB_LAYOUT}\"/" "${ETC_DIR}/default/keyboard"
37 sed -i "s/^XKBLAYOUT.*/XKBLAYOUT=\"${XKB_LAYOUT}\"/" "${ETC_DIR}/default/keyboard"
37 fi
38 fi
38 if [ "$XKB_VARIANT" != "" ] ; then
39 if [ "$XKB_VARIANT" != "" ] ; then
39 sed -i "s/^XKBVARIANT.*/XKBVARIANT=\"${XKB_VARIANT}\"/" "${ETC_DIR}/default/keyboard"
40 sed -i "s/^XKBVARIANT.*/XKBVARIANT=\"${XKB_VARIANT}\"/" "${ETC_DIR}/default/keyboard"
40 fi
41 fi
41 if [ "$XKB_OPTIONS" != "" ] ; then
42 if [ "$XKB_OPTIONS" != "" ] ; then
42 sed -i "s/^XKBOPTIONS.*/XKBOPTIONS=\"${XKB_OPTIONS}\"/" "${ETC_DIR}/default/keyboard"
43 sed -i "s/^XKBOPTIONS.*/XKBOPTIONS=\"${XKB_OPTIONS}\"/" "${ETC_DIR}/default/keyboard"
43 fi
44 fi
44 chroot_exec dpkg-reconfigure -f noninteractive keyboard-configuration
45 chroot_exec dpkg-reconfigure -f noninteractive keyboard-configuration
45
46
46 # Install and setup font console
47 # Install and setup font console
47 case "${DEFLOCAL}" in
48 case "${DEFLOCAL}" in
48 *UTF-8)
49 *UTF-8)
49 sed -i 's/^CHARMAP.*/CHARMAP="UTF-8"/' "${ETC_DIR}/default/console-setup"
50 sed -i 's/^CHARMAP.*/CHARMAP="UTF-8"/' "${ETC_DIR}/default/console-setup"
50 ;;
51 ;;
51 *)
52 *)
52 sed -i 's/^CHARMAP.*/CHARMAP="guess"/' "${ETC_DIR}/default/console-setup"
53 sed -i 's/^CHARMAP.*/CHARMAP="guess"/' "${ETC_DIR}/default/console-setup"
53 ;;
54 ;;
54 esac
55 esac
55 chroot_exec dpkg-reconfigure -f noninteractive console-setup
56 chroot_exec dpkg-reconfigure -f noninteractive console-setup
56 else # (no locales were installed)
57 else # (no locales were installed)
57 # Install POSIX default locale
58 # Install POSIX default locale
58 install_readonly files/locales/locale "${ETC_DIR}/default/locale"
59 install_readonly files/locales/locale "${ETC_DIR}/default/locale"
59 fi
60 fi
Show file before | Show file after | Hide comments
@@ -1,257 +1,260
1 #!/bin/bash
1 #
2 #
2 # Build and Setup RPi2/3 Kernel
3 # Build and Setup RPi2/3 Kernel
3 #
4 #
4
5
5 # Load utility functions
6 # Load utility functions
6 . ./functions.sh
7 . ./functions.sh
7
8
8 # Fetch and build latest raspberry kernel
9 # Fetch and build latest raspberry kernel
9 if [ "$BUILD_KERNEL" = true ] ; then
10 if [ "$BUILD_KERNEL" = true ] ; then
10 # Setup source directory
11 # Setup source directory
11 mkdir -p "${R}/usr/src/linux"
12 mkdir -p "${R}/usr/src/linux"
12
13
13 # Copy existing kernel sources into chroot directory
14 # Copy existing kernel sources into chroot directory
14 if [ -n "$KERNELSRC_DIR" ] && [ -d "$KERNELSRC_DIR" ] ; then
15 if [ -n "$KERNELSRC_DIR" ] && [ -d "$KERNELSRC_DIR" ] ; then
15 # Copy kernel sources and include hidden files
16 # Copy kernel sources and include hidden files
16 cp -r "${KERNELSRC_DIR}/". "${R}/usr/src/linux"
17 cp -r "${KERNELSRC_DIR}/". "${R}/usr/src/linux"
17
18
18 # Clean the kernel sources
19 # Clean the kernel sources
19 if [ "$KERNELSRC_CLEAN" = true ] && [ "$KERNELSRC_PREBUILT" = false ] ; then
20 if [ "$KERNELSRC_CLEAN" = true ] && [ "$KERNELSRC_PREBUILT" = false ] ; then
20 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" mrproper
21 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" mrproper
21 fi
22 fi
22 else # KERNELSRC_DIR=""
23 else # KERNELSRC_DIR=""
23 # Create temporary directory for kernel sources
24 # Create temporary directory for kernel sources
24 temp_dir=$(as_nobody mktemp -d)
25 temp_dir=$(as_nobody mktemp -d)
25
26
26 # Fetch current RPi2/3 kernel sources
27 # Fetch current RPi2/3 kernel sources
27 if [ -z "${KERNEL_BRANCH}" ] ; then
28 if [ -z "${KERNEL_BRANCH}" ] ; then
28 as_nobody -H git -C "${temp_dir}" clone --depth=1 "${KERNEL_URL}" linux
29 as_nobody -H git -C "${temp_dir}" clone --depth=1 "${KERNEL_URL}" linux
29 else
30 else
30 as_nobody -H git -C "${temp_dir}" clone --depth=1 --branch "${KERNEL_BRANCH}" "${KERNEL_URL}" linux
31 as_nobody -H git -C "${temp_dir}" clone --depth=1 --branch "${KERNEL_BRANCH}" "${KERNEL_URL}" linux
31 fi
32 fi
32
33
33 # Copy downloaded kernel sources
34 # Copy downloaded kernel sources
34 cp -r "${temp_dir}/linux/"* "${R}/usr/src/linux/"
35 cp -r "${temp_dir}/linux/"* "${R}/usr/src/linux/"
35
36
36 # Remove temporary directory for kernel sources
37 # Remove temporary directory for kernel sources
37 rm -fr "${temp_dir}"
38 rm -fr "${temp_dir}"
38
39
39 # Set permissions of the kernel sources
40 # Set permissions of the kernel sources
40 chown -R root:root "${R}/usr/src"
41 chown -R root:root "${R}/usr/src"
41 fi
42 fi
42
43
43 # Calculate optimal number of kernel building threads
44 # Calculate optimal number of kernel building threads
44 if [ "$KERNEL_THREADS" = "1" ] && [ -r /proc/cpuinfo ] ; then
45 if [ "$KERNEL_THREADS" = "1" ] && [ -r /proc/cpuinfo ] ; then
45 KERNEL_THREADS=$(grep -c processor /proc/cpuinfo)
46 KERNEL_THREADS=$(grep -c processor /proc/cpuinfo)
46 fi
47 fi
47
48
48 # Configure and build kernel
49 # Configure and build kernel
49 if [ "$KERNELSRC_PREBUILT" = false ] ; then
50 if [ "$KERNELSRC_PREBUILT" = false ] ; then
50 # Remove device, network and filesystem drivers from kernel configuration
51 # Remove device, network and filesystem drivers from kernel configuration
51 if [ "$KERNEL_REDUCE" = true ] ; then
52 if [ "$KERNEL_REDUCE" = true ] ; then
52 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" "${KERNEL_DEFCONFIG}"
53 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" "${KERNEL_DEFCONFIG}"
53 sed -i\
54 sed -i\
54 -e "s/\(^CONFIG_SND.*\=\).*/\1n/"\
55 -e "s/\(^CONFIG_SND.*\=\).*/\1n/"\
55 -e "s/\(^CONFIG_SOUND.*\=\).*/\1n/"\
56 -e "s/\(^CONFIG_SOUND.*\=\).*/\1n/"\
56 -e "s/\(^CONFIG_AC97.*\=\).*/\1n/"\
57 -e "s/\(^CONFIG_AC97.*\=\).*/\1n/"\
57 -e "s/\(^CONFIG_VIDEO_.*\=\).*/\1n/"\
58 -e "s/\(^CONFIG_VIDEO_.*\=\).*/\1n/"\
58 -e "s/\(^CONFIG_MEDIA_TUNER.*\=\).*/\1n/"\
59 -e "s/\(^CONFIG_MEDIA_TUNER.*\=\).*/\1n/"\
59 -e "s/\(^CONFIG_DVB.*\=\)[ym]/\1n/"\
60 -e "s/\(^CONFIG_DVB.*\=\)[ym]/\1n/"\
60 -e "s/\(^CONFIG_REISERFS.*\=\).*/\1n/"\
61 -e "s/\(^CONFIG_REISERFS.*\=\).*/\1n/"\
61 -e "s/\(^CONFIG_JFS.*\=\).*/\1n/"\
62 -e "s/\(^CONFIG_JFS.*\=\).*/\1n/"\
62 -e "s/\(^CONFIG_XFS.*\=\).*/\1n/"\
63 -e "s/\(^CONFIG_XFS.*\=\).*/\1n/"\
63 -e "s/\(^CONFIG_GFS2.*\=\).*/\1n/"\
64 -e "s/\(^CONFIG_GFS2.*\=\).*/\1n/"\
64 -e "s/\(^CONFIG_OCFS2.*\=\).*/\1n/"\
65 -e "s/\(^CONFIG_OCFS2.*\=\).*/\1n/"\
65 -e "s/\(^CONFIG_BTRFS.*\=\).*/\1n/"\
66 -e "s/\(^CONFIG_BTRFS.*\=\).*/\1n/"\
66 -e "s/\(^CONFIG_HFS.*\=\).*/\1n/"\
67 -e "s/\(^CONFIG_HFS.*\=\).*/\1n/"\
67 -e "s/\(^CONFIG_JFFS2.*\=\)[ym]/\1n/"\
68 -e "s/\(^CONFIG_JFFS2.*\=\)[ym]/\1n/"\
68 -e "s/\(^CONFIG_UBIFS.*\=\).*/\1n/"\
69 -e "s/\(^CONFIG_UBIFS.*\=\).*/\1n/"\
69 -e "s/\(^CONFIG_SQUASHFS.*\=\)[ym]/\1n/"\
70 -e "s/\(^CONFIG_SQUASHFS.*\=\)[ym]/\1n/"\
70 -e "s/\(^CONFIG_W1.*\=\)[ym]/\1n/"\
71 -e "s/\(^CONFIG_W1.*\=\)[ym]/\1n/"\
71 -e "s/\(^CONFIG_HAMRADIO.*\=\).*/\1n/"\
72 -e "s/\(^CONFIG_HAMRADIO.*\=\).*/\1n/"\
72 -e "s/\(^CONFIG_CAN.*\=\).*/\1n/"\
73 -e "s/\(^CONFIG_CAN.*\=\).*/\1n/"\
73 -e "s/\(^CONFIG_IRDA.*\=\).*/\1n/"\
74 -e "s/\(^CONFIG_IRDA.*\=\).*/\1n/"\
74 -e "s/\(^CONFIG_BT_.*\=\).*/\1n/"\
75 -e "s/\(^CONFIG_BT_.*\=\).*/\1n/"\
75 -e "s/\(^CONFIG_WIMAX.*\=\)[ym]/\1n/"\
76 -e "s/\(^CONFIG_WIMAX.*\=\)[ym]/\1n/"\
76 -e "s/\(^CONFIG_6LOWPAN.*\=\).*/\1n/"\
77 -e "s/\(^CONFIG_6LOWPAN.*\=\).*/\1n/"\
77 -e "s/\(^CONFIG_IEEE802154.*\=\).*/\1n/"\
78 -e "s/\(^CONFIG_IEEE802154.*\=\).*/\1n/"\
78 -e "s/\(^CONFIG_NFC.*\=\).*/\1n/"\
79 -e "s/\(^CONFIG_NFC.*\=\).*/\1n/"\
79 -e "s/\(^CONFIG_FB_TFT=.*\=\).*/\1n/"\
80 -e "s/\(^CONFIG_FB_TFT=.*\=\).*/\1n/"\
80 -e "s/\(^CONFIG_TOUCHSCREEN.*\=\).*/\1n/"\
81 -e "s/\(^CONFIG_TOUCHSCREEN.*\=\).*/\1n/"\
81 -e "s/\(^CONFIG_USB_GSPCA_.*\=\).*/\1n/"\
82 -e "s/\(^CONFIG_USB_GSPCA_.*\=\).*/\1n/"\
82 -e "s/\(^CONFIG_DRM.*\=\).*/\1n/"\
83 -e "s/\(^CONFIG_DRM.*\=\).*/\1n/"\
83 "${KERNEL_DIR}/.config"
84 "${KERNEL_DIR}/.config"
84 fi
85 fi
85
86
86 if [ "$KERNELSRC_CONFIG" = true ] ; then
87 if [ "$KERNELSRC_CONFIG" = true ] ; then
87 # Load default raspberry kernel configuration
88 # Load default raspberry kernel configuration
88 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" "${KERNEL_DEFCONFIG}"
89 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" "${KERNEL_DEFCONFIG}"
89
90
90 # Set kernel configuration parameters to enable qemu emulation
91 # Set kernel configuration parameters to enable qemu emulation
91 if [ "$ENABLE_QEMU" = true ] ; then
92 if [ "$ENABLE_QEMU" = true ] ; then
92 echo "CONFIG_FHANDLE=y" >> "${KERNEL_DIR}"/.config
93 echo "CONFIG_FHANDLE=y" >> "${KERNEL_DIR}"/.config
93 echo "CONFIG_LBDAF=y" >> "${KERNEL_DIR}"/.config
94 echo "CONFIG_LBDAF=y" >> "${KERNEL_DIR}"/.config
94
95
95 if [ "$ENABLE_CRYPTFS" = true ] ; then
96 if [ "$ENABLE_CRYPTFS" = true ] ; then
96 echo "CONFIG_EMBEDDED=y" >> "${KERNEL_DIR}"/.config
97 {
97 echo "CONFIG_EXPERT=y" >> "${KERNEL_DIR}"/.config
98 echo "CONFIG_EMBEDDED=y"
98 echo "CONFIG_DAX=y" >> "${KERNEL_DIR}"/.config
99 echo "CONFIG_EXPERT=y"
99 echo "CONFIG_MD=y" >> "${KERNEL_DIR}"/.config
100 echo "CONFIG_DAX=y"
100 echo "CONFIG_BLK_DEV_MD=y" >> "${KERNEL_DIR}"/.config
101 echo "CONFIG_MD=y"
101 echo "CONFIG_MD_AUTODETECT=y" >> "${KERNEL_DIR}"/.config
102 echo "CONFIG_BLK_DEV_MD=y"
102 echo "CONFIG_BLK_DEV_DM=y" >> "${KERNEL_DIR}"/.config
103 echo "CONFIG_MD_AUTODETECT=y"
103 echo "CONFIG_BLK_DEV_DM_BUILTIN=y" >> "${KERNEL_DIR}"/.config
104 echo "CONFIG_BLK_DEV_DM=y"
104 echo "CONFIG_DM_CRYPT=y" >> "${KERNEL_DIR}"/.config
105 echo "CONFIG_BLK_DEV_DM_BUILTIN=y"
105 echo "CONFIG_CRYPTO_BLKCIPHER=y" >> "${KERNEL_DIR}"/.config
106 echo "CONFIG_DM_CRYPT=y"
106 echo "CONFIG_CRYPTO_CBC=y" >> "${KERNEL_DIR}"/.config
107 echo "CONFIG_CRYPTO_BLKCIPHER=y"
107 echo "CONFIG_CRYPTO_XTS=y" >> "${KERNEL_DIR}"/.config
108 echo "CONFIG_CRYPTO_CBC=y"
108 echo "CONFIG_CRYPTO_SHA512=y" >> "${KERNEL_DIR}"/.config
109 echo "CONFIG_CRYPTO_XTS=y"
109 echo "CONFIG_CRYPTO_MANAGER=y" >> "${KERNEL_DIR}"/.config
110 echo "CONFIG_CRYPTO_SHA512=y"
111 echo "CONFIG_CRYPTO_MANAGER=y"
112 } >> "${KERNEL_DIR}"/.config
110 fi
113 fi
111 fi
114 fi
112
115
113 # Copy custom kernel configuration file
116 # Copy custom kernel configuration file
114 if [ -n "$KERNELSRC_USRCONFIG" ] ; then
117 if [ -n "$KERNELSRC_USRCONFIG" ] ; then
115 cp "$KERNELSRC_USRCONFIG" "${KERNEL_DIR}"/.config
118 cp "$KERNELSRC_USRCONFIG" "${KERNEL_DIR}"/.config
116 fi
119 fi
117
120
118 # Set kernel configuration parameters to their default values
121 # Set kernel configuration parameters to their default values
119 if [ "$KERNEL_OLDDEFCONFIG" = true ] ; then
122 if [ "$KERNEL_OLDDEFCONFIG" = true ] ; then
120 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" olddefconfig
123 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" olddefconfig
121 fi
124 fi
122
125
123 # Start menu-driven kernel configuration (interactive)
126 # Start menu-driven kernel configuration (interactive)
124 if [ "$KERNEL_MENUCONFIG" = true ] ; then
127 if [ "$KERNEL_MENUCONFIG" = true ] ; then
125 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" menuconfig
128 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" menuconfig
126 fi
129 fi
127 fi
130 fi
128
131
129 # Use ccache to cross compile the kernel
132 # Use ccache to cross compile the kernel
130 if [ "$KERNEL_CCACHE" = true ] ; then
133 if [ "$KERNEL_CCACHE" = true ] ; then
131 cc="ccache ${CROSS_COMPILE}gcc"
134 cc="ccache ${CROSS_COMPILE}gcc"
132 else
135 else
133 cc="${CROSS_COMPILE}gcc"
136 cc="${CROSS_COMPILE}gcc"
134 fi
137 fi
135
138
136 # Cross compile kernel and dtbs
139 # Cross compile kernel and dtbs
137 make -C "${KERNEL_DIR}" -j"${KERNEL_THREADS}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" CC="${cc}" "${KERNEL_BIN_IMAGE}" dtbs
140 make -C "${KERNEL_DIR}" -j"${KERNEL_THREADS}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" CC="${cc}" "${KERNEL_BIN_IMAGE}" dtbs
138
141
139 # Cross compile kernel modules
142 # Cross compile kernel modules
140 if [ "$(grep "CONFIG_MODULES=y" "${KERNEL_DIR}/.config")" ] ; then
143 if [ "$(grep "CONFIG_MODULES=y" "${KERNEL_DIR}/.config")" ] ; then
141 make -C "${KERNEL_DIR}" -j"${KERNEL_THREADS}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" CC="${cc}" modules
144 make -C "${KERNEL_DIR}" -j"${KERNEL_THREADS}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" CC="${cc}" modules
142 fi
145 fi
143 fi
146 fi
144
147
145 # Check if kernel compilation was successful
148 # Check if kernel compilation was successful
146 if [ ! -r "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/${KERNEL_BIN_IMAGE}" ] ; then
149 if [ ! -r "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/${KERNEL_BIN_IMAGE}" ] ; then
147 echo "error: kernel compilation failed! (kernel image not found)"
150 echo "error: kernel compilation failed! (kernel image not found)"
148 cleanup
151 cleanup
149 exit 1
152 exit 1
150 fi
153 fi
151
154
152 # Install kernel modules
155 # Install kernel modules
153 if [ "$ENABLE_REDUCE" = true ] ; then
156 if [ "$ENABLE_REDUCE" = true ] ; then
154 if [ "$(grep "CONFIG_MODULES=y" "${KERNEL_DIR}/.config")" ] ; then
157 if [ "$(grep "CONFIG_MODULES=y" "${KERNEL_DIR}/.config")" ] ; then
155 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_MOD_STRIP=1 INSTALL_MOD_PATH=../../.. modules_install
158 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_MOD_STRIP=1 INSTALL_MOD_PATH=../../.. modules_install
156 fi
159 fi
157 else
160 else
158 if [ "$(grep "CONFIG_MODULES=y" "${KERNEL_DIR}/.config")" ] ; then
161 if [ "$(grep "CONFIG_MODULES=y" "${KERNEL_DIR}/.config")" ] ; then
159 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_MOD_PATH=../../.. modules_install
162 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_MOD_PATH=../../.. modules_install
160 fi
163 fi
161
164
162 # Install kernel firmware
165 # Install kernel firmware
163 if [ "$(grep "^firmware_install:" "${KERNEL_DIR}/Makefile")" ] ; then
166 if [ "$(grep "^firmware_install:" "${KERNEL_DIR}/Makefile")" ] ; then
164 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_FW_PATH=../../../lib firmware_install
167 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_FW_PATH=../../../lib firmware_install
165 fi
168 fi
166 fi
169 fi
167
170
168 # Install kernel headers
171 # Install kernel headers
169 if [ "$KERNEL_HEADERS" = true ] && [ "$KERNEL_REDUCE" = false ] ; then
172 if [ "$KERNEL_HEADERS" = true ] && [ "$KERNEL_REDUCE" = false ] ; then
170 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_HDR_PATH=../.. headers_install
173 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_HDR_PATH=../.. headers_install
171 fi
174 fi
172
175
173 # Prepare boot (firmware) directory
176 # Prepare boot (firmware) directory
174 mkdir "${BOOT_DIR}"
177 mkdir "${BOOT_DIR}"
175
178
176 # Get kernel release version
179 # Get kernel release version
177 KERNEL_VERSION=$(cat "${KERNEL_DIR}/include/config/kernel.release")
180 KERNEL_VERSION=$(cat "${KERNEL_DIR}/include/config/kernel.release")
178
181
179 # Copy kernel configuration file to the boot directory
182 # Copy kernel configuration file to the boot directory
180 install_readonly "${KERNEL_DIR}/.config" "${R}/boot/config-${KERNEL_VERSION}"
183 install_readonly "${KERNEL_DIR}/.config" "${R}/boot/config-${KERNEL_VERSION}"
181
184
182 # Prepare device tree directory
185 # Prepare device tree directory
183 mkdir "${BOOT_DIR}/overlays"
186 mkdir "${BOOT_DIR}/overlays"
184
187
185 # Ensure the proper .dtb is located
188 # Ensure the proper .dtb is located
186 if [ "$KERNEL_ARCH" = "arm" ] ; then
189 if [ "$KERNEL_ARCH" = "arm" ] ; then
187 for dtb in "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/"*.dtb ; do
190 for dtb in "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/"*.dtb ; do
188 if [ -f "${dtb}" ] ; then
191 if [ -f "${dtb}" ] ; then
189 install_readonly "${dtb}" "${BOOT_DIR}/"
192 install_readonly "${dtb}" "${BOOT_DIR}/"
190 fi
193 fi
191 done
194 done
192 else
195 else
193 for dtb in "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/broadcom/"*.dtb ; do
196 for dtb in "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/broadcom/"*.dtb ; do
194 if [ -f "${dtb}" ] ; then
197 if [ -f "${dtb}" ] ; then
195 install_readonly "${dtb}" "${BOOT_DIR}/"
198 install_readonly "${dtb}" "${BOOT_DIR}/"
196 fi
199 fi
197 done
200 done
198 fi
201 fi
199
202
200 # Copy compiled dtb device tree files
203 # Copy compiled dtb device tree files
201 if [ -d "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays" ] ; then
204 if [ -d "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays" ] ; then
202 for dtb in "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays/"*.dtb ; do
205 for dtb in "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays/"*.dtb ; do
203 if [ -f "${dtb}" ] ; then
206 if [ -f "${dtb}" ] ; then
204 install_readonly "${dtb}" "${BOOT_DIR}/overlays/"
207 install_readonly "${dtb}" "${BOOT_DIR}/overlays/"
205 fi
208 fi
206 done
209 done
207
210
208 if [ -f "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays/README" ] ; then
211 if [ -f "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays/README" ] ; then
209 install_readonly "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays/README" "${BOOT_DIR}/overlays/README"
212 install_readonly "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays/README" "${BOOT_DIR}/overlays/README"
210 fi
213 fi
211 fi
214 fi
212
215
213 if [ "$ENABLE_UBOOT" = false ] ; then
216 if [ "$ENABLE_UBOOT" = false ] ; then
214 # Convert and copy kernel image to the boot directory
217 # Convert and copy kernel image to the boot directory
215 "${KERNEL_DIR}/scripts/mkknlimg" "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/${KERNEL_BIN_IMAGE}" "${BOOT_DIR}/${KERNEL_IMAGE}"
218 "${KERNEL_DIR}/scripts/mkknlimg" "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/${KERNEL_BIN_IMAGE}" "${BOOT_DIR}/${KERNEL_IMAGE}"
216 else
219 else
217 # Copy kernel image to the boot directory
220 # Copy kernel image to the boot directory
218 install_readonly "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/${KERNEL_BIN_IMAGE}" "${BOOT_DIR}/${KERNEL_IMAGE}"
221 install_readonly "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/${KERNEL_BIN_IMAGE}" "${BOOT_DIR}/${KERNEL_IMAGE}"
219 fi
222 fi
220
223
221 # Remove kernel sources
224 # Remove kernel sources
222 if [ "$KERNEL_REMOVESRC" = true ] ; then
225 if [ "$KERNEL_REMOVESRC" = true ] ; then
223 rm -fr "${KERNEL_DIR}"
226 rm -fr "${KERNEL_DIR}"
224 else
227 else
225 # Prepare compiled kernel modules
228 # Prepare compiled kernel modules
226 if [ "$(grep "CONFIG_MODULES=y" "${KERNEL_DIR}/.config")" ] ; then
229 if [ "$(grep "CONFIG_MODULES=y" "${KERNEL_DIR}/.config")" ] ; then
227 if [ "$(grep "^modules_prepare:" "${KERNEL_DIR}/Makefile")" ] ; then
230 if [ "$(grep "^modules_prepare:" "${KERNEL_DIR}/Makefile")" ] ; then
228 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" modules_prepare
231 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" modules_prepare
229 fi
232 fi
230
233
231 # Create symlinks for kernel modules
234 # Create symlinks for kernel modules
232 chroot_exec ln -sf /usr/src/linux "/lib/modules/${KERNEL_VERSION}/build"
235 chroot_exec ln -sf /usr/src/linux "/lib/modules/${KERNEL_VERSION}/build"
233 chroot_exec ln -sf /usr/src/linux "/lib/modules/${KERNEL_VERSION}/source"
236 chroot_exec ln -sf /usr/src/linux "/lib/modules/${KERNEL_VERSION}/source"
234 fi
237 fi
235 fi
238 fi
236 elif [ "$BUILD_KERNEL" = false ] ; then
239 elif [ "$BUILD_KERNEL" = false ] ; then
237 echo " Install precompiled kernel..."
240 echo " Install precompiled kernel..."
238 echo "error: not implemented"
241 echo "error: not implemented"
239 # Check if kernel installation was successful
242 # Check if kernel installation was successful
240 VMLINUZ="$(ls -1 "${R}"/boot/vmlinuz-* | sort | tail -n 1)"
243 VMLINUZ="$(ls -1 "${R}"/boot/vmlinuz-* | sort | tail -n 1)"
241 if [ -z "$VMLINUZ" ] ; then
244 if [ -z "$VMLINUZ" ] ; then
242 echo "error: kernel installation failed! (/boot/vmlinuz-* not found)"
245 echo "error: kernel installation failed! (/boot/vmlinuz-* not found)"
243 cleanup
246 cleanup
244 exit 1
247 exit 1
245 fi
248 fi
246 # Copy vmlinuz kernel to the boot directory
249 # Copy vmlinuz kernel to the boot directory
247 install_readonly "${VMLINUZ}" "${BOOT_DIR}/${KERNEL_IMAGE}"
250 install_readonly "${VMLINUZ}" "${BOOT_DIR}/${KERNEL_IMAGE}"
248
251
249 if [ "$SET_ARCH" = 64 ] ; then
252 if [ "$SET_ARCH" = 64 ] ; then
250 echo "Using precompiled arm64 kernel"
253 echo "Using precompiled arm64 kernel"
251 else
254 else
252 echo "error: no precompiled arm64 (bcmrpi3) kernel found"
255 echo "error: no precompiled arm64 (bcmrpi3) kernel found"
253 exit 1
256 exit 1
254 # inset precompiled 64 bit kernel code here
257 # inset precompiled 64 bit kernel code here
255 fi
258 fi
256 #fi build_kernel=true
259 #fi build_kernel=true
257 fi
260 fi
Show file before | Show file after | Hide comments
@@ -1,59 +1,61
1 #!/bin/bash
1 #
2 #
2 # Setup fstab and initramfs
3 # Setup fstab and initramfs
3 #
4 #
4
5
5 # Load utility functions
6 # Load utility functions
6 . ./functions.sh
7 . ./functions.sh
7
8
8 # Install and setup fstab
9 # Install and setup fstab
9 install_readonly files/mount/fstab "${ETC_DIR}/fstab"
10 install_readonly files/mount/fstab "${ETC_DIR}/fstab"
10
11
11 # Add usb/sda disk root partition to fstab
12 # Add usb/sda disk root partition to fstab
12 if [ "$ENABLE_SPLITFS" = true ] && [ "$ENABLE_CRYPTFS" = false ] ; then
13 if [ "$ENABLE_SPLITFS" = true ] && [ "$ENABLE_CRYPTFS" = false ] ; then
13 sed -i "s/mmcblk0p2/sda1/" "${ETC_DIR}/fstab"
14 sed -i "s/mmcblk0p2/sda1/" "${ETC_DIR}/fstab"
14 fi
15 fi
15
16
16 # Add encrypted root partition to fstab and crypttab
17 # Add encrypted root partition to fstab and crypttab
17 if [ "$ENABLE_CRYPTFS" = true ] ; then
18 if [ "$ENABLE_CRYPTFS" = true ] ; then
18 # Replace fstab root partition with encrypted partition mapping
19 # Replace fstab root partition with encrypted partition mapping
19 sed -i "s/mmcblk0p2/mapper\/${CRYPTFS_MAPPING}/" "${ETC_DIR}/fstab"
20 sed -i "s/mmcblk0p2/mapper\/${CRYPTFS_MAPPING}/" "${ETC_DIR}/fstab"
20
21
21 # Add encrypted partition to crypttab and fstab
22 # Add encrypted partition to crypttab and fstab
22 install_readonly files/mount/crypttab "${ETC_DIR}/crypttab"
23 install_readonly files/mount/crypttab "${ETC_DIR}/crypttab"
23 echo "${CRYPTFS_MAPPING} /dev/mmcblk0p2 none luks,initramfs" >> "${ETC_DIR}/crypttab"
24 echo "${CRYPTFS_MAPPING} /dev/mmcblk0p2 none luks,initramfs" >> "${ETC_DIR}/crypttab"
24
25
25 if [ "$ENABLE_SPLITFS" = true ] ; then
26 if [ "$ENABLE_SPLITFS" = true ] ; then
26 # Add usb/sda disk to crypttab
27 # Add usb/sda disk to crypttab
27 sed -i "s/mmcblk0p2/sda1/" "${ETC_DIR}/crypttab"
28 sed -i "s/mmcblk0p2/sda1/" "${ETC_DIR}/crypttab"
28 fi
29 fi
29 fi
30 fi
30
31
31 # Generate initramfs file
32 # Generate initramfs file
32 if [ "$BUILD_KERNEL" = true ] && [ "$ENABLE_INITRAMFS" = true ] ; then
33 if [ "$BUILD_KERNEL" = true ] && [ "$ENABLE_INITRAMFS" = true ] ; then
33 if [ "$ENABLE_CRYPTFS" = true ] ; then
34 if [ "$ENABLE_CRYPTFS" = true ] ; then
34 # Include initramfs scripts to auto expand encrypted root partition
35 # Include initramfs scripts to auto expand encrypted root partition
35 if [ "$EXPANDROOT" = true ] ; then
36 if [ "$EXPANDROOT" = true ] ; then
36 install_exec files/initramfs/expand_encrypted_rootfs "${ETC_DIR}/initramfs-tools/scripts/init-premount/expand_encrypted_rootfs"
37 install_exec files/initramfs/expand_encrypted_rootfs "${ETC_DIR}/initramfs-tools/scripts/init-premount/expand_encrypted_rootfs"
37 install_exec files/initramfs/expand-premount "${ETC_DIR}/initramfs-tools/scripts/local-premount/expand-premount"
38 install_exec files/initramfs/expand-premount "${ETC_DIR}/initramfs-tools/scripts/local-premount/expand-premount"
38 install_exec files/initramfs/expand-tools "${ETC_DIR}/initramfs-tools/hooks/expand-tools"
39 install_exec files/initramfs/expand-tools "${ETC_DIR}/initramfs-tools/hooks/expand-tools"
39 fi
40 fi
40
41
41 # Disable SSHD inside initramfs
42 # Disable SSHD inside initramfs
42 printf "#\n# DROPBEAR: [ y | n ]\n#\n\nDROPBEAR=n\n" >> "${ETC_DIR}/initramfs-tools/initramfs.conf"
43 printf "#\n# DROPBEAR: [ y | n ]\n#\n\nDROPBEAR=n\n" >> "${ETC_DIR}/initramfs-tools/initramfs.conf"
43
44
44 # Add cryptsetup modules to initramfs
45 # Add cryptsetup modules to initramfs
45 printf "#\n# CRYPTSETUP: [ y | n ]\n#\n\nCRYPTSETUP=y\n" >> "${ETC_DIR}/initramfs-tools/conf-hook"
46 printf "#\n# CRYPTSETUP: [ y | n ]\n#\n\nCRYPTSETUP=y\n" >> "${ETC_DIR}/initramfs-tools/conf-hook"
46
47
47 # Dummy mapping required by mkinitramfs
48 # Dummy mapping required by mkinitramfs
48 echo "0 1 crypt $(echo ${CRYPTFS_CIPHER} | cut -d ':' -f 1) ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff 0 7:0 4096" | chroot_exec dmsetup create "${CRYPTFS_MAPPING}"
49 echo "0 1 crypt $(echo "${CRYPTFS_CIPHER}" | cut -d ':' -f 1) ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff 0 7:0 4096" | chroot_exec dmsetup create "${CRYPTFS_MAPPING}"
49
50
50 # Generate initramfs with encrypted root partition support
51 # Generate initramfs with encrypted root partition support
51 chroot_exec mkinitramfs -o "/boot/firmware/initramfs-${KERNEL_VERSION}" "${KERNEL_VERSION}"
52 chroot_exec mkinitramfs -o "/boot/firmware/initramfs-${KERNEL_VERSION}" "${KERNEL_VERSION}"
52
53
53 # Remove dummy mapping
54 # Remove dummy mapping
54 chroot_exec cryptsetup close "${CRYPTFS_MAPPING}"
55 chroot_exec cryptsetup close "${CRYPTFS_MAPPING}"
55 else
56 else
56 # Generate initramfs without encrypted root partition support
57 # Generate initramfs without encrypted root partition support
57 chroot_exec mkinitramfs -o "/boot/firmware/initramfs-${KERNEL_VERSION}" "${KERNEL_VERSION}"
58 chroot_exec mkinitramfs -o "/boot/firmware/initramfs-${KERNEL_VERSION}" "${KERNEL_VERSION}"
58 fi
59 fi
59 fi
60 fi
61
Show file before | Show file after | Hide comments
@@ -1,151 +1,153
1 #!/bin/bash
1 #
2 #
2 # Setup RPi2/3 config and cmdline
3 # Setup RPi2/3 config and cmdline
3 #
4 #
4
5
5 # Load utility functions
6 # Load utility functions
6 . ./functions.sh
7 . ./functions.sh
7
8
8 if [ "$BUILD_KERNEL" = true ] ; then
9 if [ "$BUILD_KERNEL" = true ] ; then
9 if [ -n "$RPI_FIRMWARE_DIR" ] && [ -d "$RPI_FIRMWARE_DIR" ] ; then
10 if [ -n "$RPI_FIRMWARE_DIR" ] && [ -d "$RPI_FIRMWARE_DIR" ] ; then
10 # Install boot binaries from local directory
11 # Install boot binaries from local directory
11 cp ${RPI_FIRMWARE_DIR}/boot/bootcode.bin ${BOOT_DIR}/bootcode.bin
12 cp "${RPI_FIRMWARE_DIR}"/boot/bootcode.bin "${BOOT_DIR}"/bootcode.bin
12 cp ${RPI_FIRMWARE_DIR}/boot/fixup.dat ${BOOT_DIR}/fixup.dat
13 cp "${RPI_FIRMWARE_DIR}"/boot/fixup.dat "${BOOT_DIR}"/fixup.dat
13 cp ${RPI_FIRMWARE_DIR}/boot/fixup_cd.dat ${BOOT_DIR}/fixup_cd.dat
14 cp "${RPI_FIRMWARE_DIR}"/boot/fixup_cd.dat "${BOOT_DIR}"/fixup_cd.dat
14 cp ${RPI_FIRMWARE_DIR}/boot/fixup_x.dat ${BOOT_DIR}/fixup_x.dat
15 cp "${RPI_FIRMWARE_DIR}"/boot/fixup_x.dat "${BOOT_DIR}"/fixup_x.dat
15 cp ${RPI_FIRMWARE_DIR}/boot/start.elf ${BOOT_DIR}/start.elf
16 cp "${RPI_FIRMWARE_DIR}"/boot/start.elf "${BOOT_DIR}"/start.elf
16 cp ${RPI_FIRMWARE_DIR}/boot/start_cd.elf ${BOOT_DIR}/start_cd.elf
17 cp "${RPI_FIRMWARE_DIR}"/boot/start_cd.elf "${BOOT_DIR}"/start_cd.elf
17 cp ${RPI_FIRMWARE_DIR}/boot/start_x.elf ${BOOT_DIR}/start_x.elf
18 cp "${RPI_FIRMWARE_DIR}"/boot/start_x.elf "${BOOT_DIR}"/start_x.elf
18 else
19 else
19 # Create temporary directory for boot binaries
20 # Create temporary directory for boot binaries
20 temp_dir=$(as_nobody mktemp -d)
21 temp_dir=$(as_nobody mktemp -d)
21
22
22 # Install latest boot binaries from raspberry/firmware github
23 # Install latest boot binaries from raspberry/firmware github
23 as_nobody wget -q -O "${temp_dir}/bootcode.bin" "${FIRMWARE_URL}/bootcode.bin"
24 as_nobody wget -q -O "${temp_dir}/bootcode.bin" "${FIRMWARE_URL}/bootcode.bin"
24 as_nobody wget -q -O "${temp_dir}/fixup.dat" "${FIRMWARE_URL}/fixup.dat"
25 as_nobody wget -q -O "${temp_dir}/fixup.dat" "${FIRMWARE_URL}/fixup.dat"
25 as_nobody wget -q -O "${temp_dir}/fixup_cd.dat" "${FIRMWARE_URL}/fixup_cd.dat"
26 as_nobody wget -q -O "${temp_dir}/fixup_cd.dat" "${FIRMWARE_URL}/fixup_cd.dat"
26 as_nobody wget -q -O "${temp_dir}/fixup_x.dat" "${FIRMWARE_URL}/fixup_x.dat"
27 as_nobody wget -q -O "${temp_dir}/fixup_x.dat" "${FIRMWARE_URL}/fixup_x.dat"
27 as_nobody wget -q -O "${temp_dir}/start.elf" "${FIRMWARE_URL}/start.elf"
28 as_nobody wget -q -O "${temp_dir}/start.elf" "${FIRMWARE_URL}/start.elf"
28 as_nobody wget -q -O "${temp_dir}/start_cd.elf" "${FIRMWARE_URL}/start_cd.elf"
29 as_nobody wget -q -O "${temp_dir}/start_cd.elf" "${FIRMWARE_URL}/start_cd.elf"
29 as_nobody wget -q -O "${temp_dir}/start_x.elf" "${FIRMWARE_URL}/start_x.elf"
30 as_nobody wget -q -O "${temp_dir}/start_x.elf" "${FIRMWARE_URL}/start_x.elf"
30
31
31 # Move downloaded boot binaries
32 # Move downloaded boot binaries
32 mv "${temp_dir}/"* "${BOOT_DIR}/"
33 mv "${temp_dir}/"* "${BOOT_DIR}/"
33
34
34 # Remove temporary directory for boot binaries
35 # Remove temporary directory for boot binaries
35 rm -fr "${temp_dir}"
36 rm -fr "${temp_dir}"
36
37
37 # Set permissions of the boot binaries
38 # Set permissions of the boot binaries
38 chown -R root:root "${BOOT_DIR}"
39 chown -R root:root "${BOOT_DIR}"
39 chmod -R 600 "${BOOT_DIR}"
40 chmod -R 600 "${BOOT_DIR}"
40 fi
41 fi
41 fi
42 fi
42
43
43 # Setup firmware boot cmdline
44 # Setup firmware boot cmdline
44 if [ "$ENABLE_SPLITFS" = true ] ; then
45 if [ "$ENABLE_SPLITFS" = true ] ; then
45 CMDLINE="dwc_otg.lpm_enable=0 root=/dev/sda1 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline rootwait console=tty1"
46 CMDLINE="dwc_otg.lpm_enable=0 root=/dev/sda1 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline rootwait console=tty1"
46 else
47 else
47 CMDLINE="dwc_otg.lpm_enable=0 root=/dev/mmcblk0p2 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline rootwait console=tty1"
48 CMDLINE="dwc_otg.lpm_enable=0 root=/dev/mmcblk0p2 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline rootwait console=tty1"
48 fi
49 fi
49
50
50 # Add encrypted root partition to cmdline.txt
51 # Add encrypted root partition to cmdline.txt
51 if [ "$ENABLE_CRYPTFS" = true ] ; then
52 if [ "$ENABLE_CRYPTFS" = true ] ; then
52 if [ "$ENABLE_SPLITFS" = true ] ; then
53 if [ "$ENABLE_SPLITFS" = true ] ; then
53 CMDLINE=$(echo ${CMDLINE} | sed "s/sda1/mapper\/${CRYPTFS_MAPPING} cryptdevice=\/dev\/sda1:${CRYPTFS_MAPPING}/")
54 CMDLINE=$(echo "${CMDLINE}" | sed "s/sda1/mapper\/${CRYPTFS_MAPPING} cryptdevice=\/dev\/sda1:${CRYPTFS_MAPPING}/")
54 else
55 else
55 CMDLINE=$(echo ${CMDLINE} | sed "s/mmcblk0p2/mapper\/${CRYPTFS_MAPPING} cryptdevice=\/dev\/mmcblk0p2:${CRYPTFS_MAPPING}/")
56 CMDLINE=$(echo "${CMDLINE}" | sed "s/mmcblk0p2/mapper\/${CRYPTFS_MAPPING} cryptdevice=\/dev\/mmcblk0p2:${CRYPTFS_MAPPING}/")
56 fi
57 fi
57 fi
58 fi
58
59
59 # Add serial console support
60 # Add serial console support
60 if [ "$ENABLE_CONSOLE" = true ] ; then
61 if [ "$ENABLE_CONSOLE" = true ] ; then
61 CMDLINE="${CMDLINE} console=ttyAMA0,115200 kgdboc=ttyAMA0,115200"
62 CMDLINE="${CMDLINE} console=ttyAMA0,115200 kgdboc=ttyAMA0,115200"
62 fi
63 fi
63
64
64 # Remove IPv6 networking support
65 # Remove IPv6 networking support
65 if [ "$ENABLE_IPV6" = false ] ; then
66 if [ "$ENABLE_IPV6" = false ] ; then
66 CMDLINE="${CMDLINE} ipv6.disable=1"
67 CMDLINE="${CMDLINE} ipv6.disable=1"
67 fi
68 fi
68
69
69 # Automatically assign predictable network interface names
70 # Automatically assign predictable network interface names
70 if [ "$ENABLE_IFNAMES" = false ] ; then
71 if [ "$ENABLE_IFNAMES" = false ] ; then
71 CMDLINE="${CMDLINE} net.ifnames=0"
72 CMDLINE="${CMDLINE} net.ifnames=0"
72 else
73 else
73 CMDLINE="${CMDLINE} net.ifnames=1"
74 CMDLINE="${CMDLINE} net.ifnames=1"
74 fi
75 fi
75
76
76 # Set init to systemd if required by Debian release
77 # Set init to systemd if required by Debian release
77 if [ "$RELEASE" = "stretch" ] || [ "$RELEASE" = "buster" ] ; then
78 if [ "$RELEASE" = "stretch" ] || [ "$RELEASE" = "buster" ] ; then
78 CMDLINE="${CMDLINE} init=/bin/systemd"
79 CMDLINE="${CMDLINE} init=/bin/systemd"
79 fi
80 fi
80
81
81 # Install firmware boot cmdline
82 # Install firmware boot cmdline
82 echo "${CMDLINE}" > "${BOOT_DIR}/cmdline.txt"
83 echo "${CMDLINE}" > "${BOOT_DIR}/cmdline.txt"
83
84
84 # Install firmware config
85 # Install firmware config
85 install_readonly files/boot/config.txt "${BOOT_DIR}/config.txt"
86 install_readonly files/boot/config.txt "${BOOT_DIR}/config.txt"
86
87
87 # Setup minimal GPU memory allocation size: 16MB (no X)
88 # Setup minimal GPU memory allocation size: 16MB (no X)
88 if [ "$ENABLE_MINGPU" = true ] ; then
89 if [ "$ENABLE_MINGPU" = true ] ; then
89 echo "gpu_mem=16" >> "${BOOT_DIR}/config.txt"
90 echo "gpu_mem=16" >> "${BOOT_DIR}/config.txt"
90 fi
91 fi
91
92
92 # Setup boot with initramfs
93 # Setup boot with initramfs
93 if [ "$ENABLE_INITRAMFS" = true ] ; then
94 if [ "$ENABLE_INITRAMFS" = true ] ; then
94 echo "initramfs initramfs-${KERNEL_VERSION} followkernel" >> "${BOOT_DIR}/config.txt"
95 echo "initramfs initramfs-${KERNEL_VERSION} followkernel" >> "${BOOT_DIR}/config.txt"
95 fi
96 fi
96
97
97 # Disable RPi3 Bluetooth and restore ttyAMA0 serial device
98 # Disable RPi3 Bluetooth and restore ttyAMA0 serial device
98 if [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then
99 if [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then
99 if [ "$ENABLE_CONSOLE" = true ] && [ "$ENABLE_UBOOT" = false ] ; then
100 if [ "$ENABLE_CONSOLE" = true ] && [ "$ENABLE_UBOOT" = false ] ; then
100 echo "dtoverlay=pi3-disable-bt" >> "${BOOT_DIR}/config.txt"
101 echo "dtoverlay=pi3-disable-bt" >> "${BOOT_DIR}/config.txt"
101 echo "enable_uart=1" >> "${BOOT_DIR}/config.txt"
102 echo "enable_uart=1" >> "${BOOT_DIR}/config.txt"
102 fi
103 fi
103 fi
104 fi
104
105
105 # Create firmware configuration and cmdline symlinks
106 # Create firmware configuration and cmdline symlinks
106 ln -sf firmware/config.txt "${R}/boot/config.txt"
107 ln -sf firmware/config.txt "${R}/boot/config.txt"
107 ln -sf firmware/cmdline.txt "${R}/boot/cmdline.txt"
108 ln -sf firmware/cmdline.txt "${R}/boot/cmdline.txt"
108
109
109 # Install and setup kernel modules to load at boot
110 # Install and setup kernel modules to load at boot
110 mkdir -p "${R}/lib/modules-load.d/"
111 mkdir -p "${R}/lib/modules-load.d/"
111 install_readonly files/modules/rpi2.conf "${R}/lib/modules-load.d/rpi2.conf"
112 install_readonly files/modules/rpi2.conf "${R}/lib/modules-load.d/rpi2.conf"
112
113
113 # Load hardware random module at boot
114 # Load hardware random module at boot
114 if [ "$ENABLE_HWRANDOM" = true ] && [ "$BUILD_KERNEL" = false ] ; then
115 if [ "$ENABLE_HWRANDOM" = true ] && [ "$BUILD_KERNEL" = false ] ; then
115 sed -i "s/^# bcm2708_rng/bcm2708_rng/" "${R}/lib/modules-load.d/rpi2.conf"
116 sed -i "s/^# bcm2708_rng/bcm2708_rng/" "${R}/lib/modules-load.d/rpi2.conf"
116 fi
117 fi
117
118
118 # Load sound module at boot
119 # Load sound module at boot
119 if [ "$ENABLE_SOUND" = true ] ; then
120 if [ "$ENABLE_SOUND" = true ] ; then
120 sed -i "s/^# snd_bcm2835/snd_bcm2835/" "${R}/lib/modules-load.d/rpi2.conf"
121 sed -i "s/^# snd_bcm2835/snd_bcm2835/" "${R}/lib/modules-load.d/rpi2.conf"
121 else
122 else
122 echo "dtparam=audio=off" >> "${BOOT_DIR}/config.txt"
123 echo "dtparam=audio=off" >> "${BOOT_DIR}/config.txt"
123 fi
124 fi
124
125
125 # Enable I2C interface
126 # Enable I2C interface
126 if [ "$ENABLE_I2C" = true ] ; then
127 if [ "$ENABLE_I2C" = true ] ; then
127 echo "dtparam=i2c_arm=on" >> "${BOOT_DIR}/config.txt"
128 echo "dtparam=i2c_arm=on" >> "${BOOT_DIR}/config.txt"
128 sed -i "s/^# i2c-bcm2708/i2c-bcm2708/" "${R}/lib/modules-load.d/rpi2.conf"
129 sed -i "s/^# i2c-bcm2708/i2c-bcm2708/" "${R}/lib/modules-load.d/rpi2.conf"
129 sed -i "s/^# i2c-dev/i2c-dev/" "${R}/lib/modules-load.d/rpi2.conf"
130 sed -i "s/^# i2c-dev/i2c-dev/" "${R}/lib/modules-load.d/rpi2.conf"
130 fi
131 fi
131
132
132 # Enable SPI interface
133 # Enable SPI interface
133 if [ "$ENABLE_SPI" = true ] ; then
134 if [ "$ENABLE_SPI" = true ] ; then
134 echo "dtparam=spi=on" >> "${BOOT_DIR}/config.txt"
135 echo "dtparam=spi=on" >> "${BOOT_DIR}/config.txt"
135 echo "spi-bcm2708" >> "${R}/lib/modules-load.d/rpi2.conf"
136 echo "spi-bcm2708" >> "${R}/lib/modules-load.d/rpi2.conf"
136 if [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ]; then
137 if [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ]; then
137 sed -i "s/spi-bcm2708/spi-bcm2835/" "${R}/lib/modules-load.d/rpi2.conf"
138 sed -i "s/spi-bcm2708/spi-bcm2835/" "${R}/lib/modules-load.d/rpi2.conf"
138 fi
139 fi
139 fi
140 fi
140
141
141 # Disable RPi2/3 under-voltage warnings
142 # Disable RPi2/3 under-voltage warnings
142 if [ ! -z "$DISABLE_UNDERVOLT_WARNINGS" ] ; then
143 if [ -n "$DISABLE_UNDERVOLT_WARNINGS" ] ; then
143 echo "avoid_warnings=${DISABLE_UNDERVOLT_WARNINGS}" >> "${BOOT_DIR}/config.txt"
144 echo "avoid_warnings=${DISABLE_UNDERVOLT_WARNINGS}" >> "${BOOT_DIR}/config.txt"
144 fi
145 fi
145
146
146 # Install kernel modules blacklist
147 # Install kernel modules blacklist
147 mkdir -p "${ETC_DIR}/modprobe.d/"
148 mkdir -p "${ETC_DIR}/modprobe.d/"
148 install_readonly files/modules/raspi-blacklist.conf "${ETC_DIR}/modprobe.d/raspi-blacklist.conf"
149 install_readonly files/modules/raspi-blacklist.conf "${ETC_DIR}/modprobe.d/raspi-blacklist.conf"
149
150
150 # Install sysctl.d configuration files
151 # Install sysctl.d configuration files
151 install_readonly files/sysctl.d/81-rpi-vm.conf "${ETC_DIR}/sysctl.d/81-rpi-vm.conf"
152 install_readonly files/sysctl.d/81-rpi-vm.conf "${ETC_DIR}/sysctl.d/81-rpi-vm.conf"
153
Show file before | Show file after | Hide comments
@@ -1,134 +1,135
1 #!/bin/bash
1 #
2 #
2 # Setup Networking
3 # Setup Networking
3 #
4 #
4
5
5 # Load utility functions
6 # Load utility functions
6 . ./functions.sh
7 . ./functions.sh
7
8
8 # Install and setup hostname
9 # Install and setup hostname
9 install_readonly files/network/hostname "${ETC_DIR}/hostname"
10 install_readonly files/network/hostname "${ETC_DIR}/hostname"
10 sed -i "s/^rpi2-jessie/${HOSTNAME}/" "${ETC_DIR}/hostname"
11 sed -i "s/^rpi2-jessie/${HOSTNAME}/" "${ETC_DIR}/hostname"
11
12
12 # Install and setup hosts
13 # Install and setup hosts
13 install_readonly files/network/hosts "${ETC_DIR}/hosts"
14 install_readonly files/network/hosts "${ETC_DIR}/hosts"
14 sed -i "s/rpi2-jessie/${HOSTNAME}/" "${ETC_DIR}/hosts"
15 sed -i "s/rpi2-jessie/${HOSTNAME}/" "${ETC_DIR}/hosts"
15
16
16 # Setup hostname entry with static IP
17 # Setup hostname entry with static IP
17 if [ "$NET_ADDRESS" != "" ] ; then
18 if [ "$NET_ADDRESS" != "" ] ; then
18 NET_IP=$(echo "${NET_ADDRESS}" | cut -f 1 -d'/')
19 NET_IP=$(echo "${NET_ADDRESS}" | cut -f 1 -d'/')
19 sed -i "s/^127.0.1.1/${NET_IP}/" "${ETC_DIR}/hosts"
20 sed -i "s/^127.0.1.1/${NET_IP}/" "${ETC_DIR}/hosts"
20 fi
21 fi
21
22
22 # Remove IPv6 hosts
23 # Remove IPv6 hosts
23 if [ "$ENABLE_IPV6" = false ] ; then
24 if [ "$ENABLE_IPV6" = false ] ; then
24 sed -i -e "/::[1-9]/d" -e "/^$/d" "${ETC_DIR}/hosts"
25 sed -i -e "/::[1-9]/d" -e "/^$/d" "${ETC_DIR}/hosts"
25 fi
26 fi
26
27
27 # Install hint about network configuration
28 # Install hint about network configuration
28 install_readonly files/network/interfaces "${ETC_DIR}/network/interfaces"
29 install_readonly files/network/interfaces "${ETC_DIR}/network/interfaces"
29
30
30 # Install configuration for interface eth0
31 # Install configuration for interface eth0
31 install_readonly files/network/eth.network "${ETC_DIR}/systemd/network/eth.network"
32 install_readonly files/network/eth.network "${ETC_DIR}/systemd/network/eth.network"
32
33
33 # Install configuration for interface wl*
34 # Install configuration for interface wl*
34 install_readonly files/network/wlan.network "${ETC_DIR}/systemd/network/wlan.network"
35 install_readonly files/network/wlan.network "${ETC_DIR}/systemd/network/wlan.network"
35
36
36 #always with dhcp since wpa_supplicant integration is missing
37 #always with dhcp since wpa_supplicant integration is missing
37 sed -i -e "s/DHCP=.*/DHCP=yes/" -e "/DHCP/q" "${ETC_DIR}/systemd/network/wlan.network"
38 sed -i -e "s/DHCP=.*/DHCP=yes/" -e "/DHCP/q" "${ETC_DIR}/systemd/network/wlan.network"
38
39
39 if [ "$ENABLE_DHCP" = true ] ; then
40 if [ "$ENABLE_DHCP" = true ] ; then
40 # Enable DHCP configuration for interface eth0
41 # Enable DHCP configuration for interface eth0
41 sed -i -e "s/DHCP=.*/DHCP=yes/" -e "/DHCP/q" "${ETC_DIR}/systemd/network/eth.network"
42 sed -i -e "s/DHCP=.*/DHCP=yes/" -e "/DHCP/q" "${ETC_DIR}/systemd/network/eth.network"
42
43
43 # Set DHCP configuration to IPv4 only
44 # Set DHCP configuration to IPv4 only
44 if [ "$ENABLE_IPV6" = false ] ; then
45 if [ "$ENABLE_IPV6" = false ] ; then
45 sed -i "s/DHCP=.*/DHCP=v4/" "${ETC_DIR}/systemd/network/eth.network"
46 sed -i "s/DHCP=.*/DHCP=v4/" "${ETC_DIR}/systemd/network/eth.network"
46 fi
47 fi
47
48
48 else # ENABLE_DHCP=false
49 else # ENABLE_DHCP=false
49 # Set static network configuration for interface eth0
50 # Set static network configuration for interface eth0
50 sed -i\
51 sed -i\
51 -e "s|DHCP=.*|DHCP=no|"\
52 -e "s|DHCP=.*|DHCP=no|"\
52 -e "s|Address=\$|Address=${NET_ADDRESS}|"\
53 -e "s|Address=\$|Address=${NET_ADDRESS}|"\
53 -e "s|Gateway=\$|Gateway=${NET_GATEWAY}|"\
54 -e "s|Gateway=\$|Gateway=${NET_GATEWAY}|"\
54 -e "0,/DNS=\$/ s|DNS=\$|DNS=${NET_DNS_1}|"\
55 -e "0,/DNS=\$/ s|DNS=\$|DNS=${NET_DNS_1}|"\
55 -e "0,/DNS=\$/ s|DNS=\$|DNS=${NET_DNS_2}|"\
56 -e "0,/DNS=\$/ s|DNS=\$|DNS=${NET_DNS_2}|"\
56 -e "s|Domains=\$|Domains=${NET_DNS_DOMAINS}|"\
57 -e "s|Domains=\$|Domains=${NET_DNS_DOMAINS}|"\
57 -e "0,/NTP=\$/ s|NTP=\$|NTP=${NET_NTP_1}|"\
58 -e "0,/NTP=\$/ s|NTP=\$|NTP=${NET_NTP_1}|"\
58 -e "0,/NTP=\$/ s|NTP=\$|NTP=${NET_NTP_2}|"\
59 -e "0,/NTP=\$/ s|NTP=\$|NTP=${NET_NTP_2}|"\
59 "${ETC_DIR}/systemd/network/eth.network"
60 "${ETC_DIR}/systemd/network/eth.network"
60 fi
61 fi
61
62
62 # Remove empty settings from network configuration
63 # Remove empty settings from network configuration
63 sed -i "/.*=\$/d" "${ETC_DIR}/systemd/network/eth.network"
64 sed -i "/.*=\$/d" "${ETC_DIR}/systemd/network/eth.network"
64 # Remove empty settings from wlan configuration
65 # Remove empty settings from wlan configuration
65 sed -i "/.*=\$/d" "${ETC_DIR}/systemd/network/wlan.network"
66 sed -i "/.*=\$/d" "${ETC_DIR}/systemd/network/wlan.network"
66
67
67 # Move systemd network configuration if required by Debian release
68 # Move systemd network configuration if required by Debian release
68 if [ "$RELEASE" = "stretch" ] || [ "$RELEASE" = "buster" ] ; then
69 if [ "$RELEASE" = "stretch" ] || [ "$RELEASE" = "buster" ] ; then
69 mv -v "${ETC_DIR}/systemd/network/eth.network" "${LIB_DIR}/systemd/network/10-eth.network"
70 mv -v "${ETC_DIR}/systemd/network/eth.network" "${LIB_DIR}/systemd/network/10-eth.network"
70 if [ "$ENABLE_WIRELESS" = true ] ; then
71 if [ "$ENABLE_WIRELESS" = true ] ; then
71 mv -v "${ETC_DIR}/systemd/network/wlan.network" "${LIB_DIR}/systemd/network/11-wlan.network"
72 mv -v "${ETC_DIR}/systemd/network/wlan.network" "${LIB_DIR}/systemd/network/11-wlan.network"
72 fi
73 fi
73 rm -fr "${ETC_DIR}/systemd/network"
74 rm -fr "${ETC_DIR}/systemd/network"
74 fi
75 fi
75
76
76 # Enable systemd-networkd service
77 # Enable systemd-networkd service
77 chroot_exec systemctl enable systemd-networkd
78 chroot_exec systemctl enable systemd-networkd
78
79
79 # Install host.conf resolver configuration
80 # Install host.conf resolver configuration
80 install_readonly files/network/host.conf "${ETC_DIR}/host.conf"
81 install_readonly files/network/host.conf "${ETC_DIR}/host.conf"
81
82
82 # Enable network stack hardening
83 # Enable network stack hardening
83 if [ "$ENABLE_HARDNET" = true ] ; then
84 if [ "$ENABLE_HARDNET" = true ] ; then
84 # Install sysctl.d configuration files
85 # Install sysctl.d configuration files
85 install_readonly files/sysctl.d/82-rpi-net-hardening.conf "${ETC_DIR}/sysctl.d/82-rpi-net-hardening.conf"
86 install_readonly files/sysctl.d/82-rpi-net-hardening.conf "${ETC_DIR}/sysctl.d/82-rpi-net-hardening.conf"
86
87
87 # Setup resolver warnings about spoofed addresses
88 # Setup resolver warnings about spoofed addresses
88 sed -i "s/^# spoof warn/spoof warn/" "${ETC_DIR}/host.conf"
89 sed -i "s/^# spoof warn/spoof warn/" "${ETC_DIR}/host.conf"
89 fi
90 fi
90
91
91 # Enable time sync
92 # Enable time sync
92 if [ "NET_NTP_1" != "" ] ; then
93 if [ "$NET_NTP_1" != "" ] ; then
93 chroot_exec systemctl enable systemd-timesyncd.service
94 chroot_exec systemctl enable systemd-timesyncd.service
94 fi
95 fi
95
96
96 # Download the firmware binary blob required to use the RPi3 wireless interface
97 # Download the firmware binary blob required to use the RPi3 wireless interface
97 if [ "$ENABLE_WIRELESS" = true ] ; then
98 if [ "$ENABLE_WIRELESS" = true ] ; then
98 if [ ! -d ${WLAN_FIRMWARE_DIR} ] ; then
99 if [ ! -d "${WLAN_FIRMWARE_DIR}" ] ; then
99 mkdir -p ${WLAN_FIRMWARE_DIR}
100 mkdir -p "${WLAN_FIRMWARE_DIR}"
100 fi
101 fi
101
102
102 # Create temporary directory for firmware binary blob
103 # Create temporary directory for firmware binary blob
103 temp_dir=$(as_nobody mktemp -d)
104 temp_dir=$(as_nobody mktemp -d)
104
105
105 # Fetch firmware binary blob for RPI3B+
106 # Fetch firmware binary blob for RPI3B+
106 if [ "$RPI_MODEL" = 3P ] ; then
107 if [ "$RPI_MODEL" = 3P ] ; then
107 as_nobody wget -q -O "${temp_dir}/brcmfmac43455-sdio.bin" "${WLAN_FIRMWARE_URL}/brcmfmac43455-sdio.bin"
108 as_nobody wget -q -O "${temp_dir}/brcmfmac43455-sdio.bin" "${WLAN_FIRMWARE_URL}/brcmfmac43455-sdio.bin"
108 as_nobody wget -q -O "${temp_dir}/brcmfmac43455-sdio.txt" "${WLAN_FIRMWARE_URL}/brcmfmac43455-sdio.txt"
109 as_nobody wget -q -O "${temp_dir}/brcmfmac43455-sdio.txt" "${WLAN_FIRMWARE_URL}/brcmfmac43455-sdio.txt"
109 as_nobody wget -q -O "${temp_dir}/brcmfmac43455-sdio.clm_blob" "${WLAN_FIRMWARE_URL}/brcmfmac43455-sdio.clm_blob"
110 as_nobody wget -q -O "${temp_dir}/brcmfmac43455-sdio.clm_blob" "${WLAN_FIRMWARE_URL}/brcmfmac43455-sdio.clm_blob"
110 elif [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 0 ] ; then
111 elif [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 0 ] ; then
111 # Fetch firmware binary blob for RPI3
112 # Fetch firmware binary blob for RPI3
112 as_nobody wget -q -O "${temp_dir}/brcmfmac43430-sdio.bin" "${WLAN_FIRMWARE_URL}/brcmfmac43430-sdio.bin"
113 as_nobody wget -q -O "${temp_dir}/brcmfmac43430-sdio.bin" "${WLAN_FIRMWARE_URL}/brcmfmac43430-sdio.bin"
113 as_nobody wget -q -O "${temp_dir}/brcmfmac43430-sdio.txt" "${WLAN_FIRMWARE_URL}/brcmfmac43430-sdio.txt"
114 as_nobody wget -q -O "${temp_dir}/brcmfmac43430-sdio.txt" "${WLAN_FIRMWARE_URL}/brcmfmac43430-sdio.txt"
114 fi
115 fi
115
116
116 # Move downloaded firmware binary blob
117 # Move downloaded firmware binary blob
117 if [ "$RPI_MODEL" = 3P ] ; then
118 if [ "$RPI_MODEL" = 3P ] ; then
118 mv "${temp_dir}/brcmfmac43455-sdio."* "${WLAN_FIRMWARE_DIR}/"
119 mv "${temp_dir}/brcmfmac43455-sdio."* "${WLAN_FIRMWARE_DIR}/"
119 elif [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 0 ] ; then
120 elif [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 0 ] ; then
120 mv "${temp_dir}/brcmfmac43430-sdio."* "${WLAN_FIRMWARE_DIR}/"
121 mv "${temp_dir}/brcmfmac43430-sdio."* "${WLAN_FIRMWARE_DIR}/"
121 fi
122 fi
122
123
123 # Remove temporary directory for firmware binary blob
124 # Remove temporary directory for firmware binary blob
124 rm -fr "${temp_dir}"
125 rm -fr "${temp_dir}"
125
126
126 # Set permissions of the firmware binary blob
127 # Set permissions of the firmware binary blob
127 if [ "$RPI_MODEL" = 3P ] ; then
128 if [ "$RPI_MODEL" = 3P ] ; then
128 chown root:root "${WLAN_FIRMWARE_DIR}/brcmfmac43455-sdio."*
129 chown root:root "${WLAN_FIRMWARE_DIR}/brcmfmac43455-sdio."*
129 chmod 600 "${WLAN_FIRMWARE_DIR}/brcmfmac43455-sdio."*
130 chmod 600 "${WLAN_FIRMWARE_DIR}/brcmfmac43455-sdio."*
130 elif [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 0 ] ; then
131 elif [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 0 ] ; then
131 chown root:root "${WLAN_FIRMWARE_DIR}/brcmfmac43430-sdio."*
132 chown root:root "${WLAN_FIRMWARE_DIR}/brcmfmac43430-sdio."*
132 chmod 600 "${WLAN_FIRMWARE_DIR}/brcmfmac43430-sdio."*
133 chmod 600 "${WLAN_FIRMWARE_DIR}/brcmfmac43430-sdio."*
133 fi
134 fi
134 fi
135 fi
Show file before | Show file after | Hide comments
@@ -1,52 +1,53
1 #!/bin/bash
1 #
2 #
2 # Setup Firewall
3 # Setup Firewall
3 #
4 #
4
5
5 # Load utility functions
6 # Load utility functions
6 . ./functions.sh
7 . ./functions.sh
7
8
8 if [ "$ENABLE_IPTABLES" = true ] ; then
9 if [ "$ENABLE_IPTABLES" = true ] ; then
9 # Create iptables configuration directory
10 # Create iptables configuration directory
10 mkdir -p "${ETC_DIR}/iptables"
11 mkdir -p "${ETC_DIR}/iptables"
11
12
12 #In Jessie iptables is old enough
13 #In Jessie iptables is old enough
13 if ! [ "$RELEASE" = jessie ] ; then
14 if ! [ "$RELEASE" = jessie ] ; then
14 # make sure iptables-legacy,iptables-legacy-restore and iptables-legacy-save are the used alternatives
15 # make sure iptables-legacy,iptables-legacy-restore and iptables-legacy-save are the used alternatives
15 chroot_exec update-alternatives --verbose --set iptables /usr/sbin/iptables-legacy
16 chroot_exec update-alternatives --verbose --set iptables /usr/sbin/iptables-legacy
16 #chroot_exec update-alternatives --verbose --set iptables-save /usr/sbin/iptables-legacy-save
17 #chroot_exec update-alternatives --verbose --set iptables-save /usr/sbin/iptables-legacy-save
17 #chroot_exec update-alternatives --verbose --set iptables-restore /usr/sbin/iptables-legacy-restore
18 #chroot_exec update-alternatives --verbose --set iptables-restore /usr/sbin/iptables-legacy-restore
18 fi
19 fi
19
20
20 # Install iptables systemd service
21 # Install iptables systemd service
21 install_readonly files/iptables/iptables.service "${ETC_DIR}/systemd/system/iptables.service"
22 install_readonly files/iptables/iptables.service "${ETC_DIR}/systemd/system/iptables.service"
22
23
23 # Install flush-table script called by iptables service
24 # Install flush-table script called by iptables service
24 install_exec files/iptables/flush-iptables.sh "${ETC_DIR}/iptables/flush-iptables.sh"
25 install_exec files/iptables/flush-iptables.sh "${ETC_DIR}/iptables/flush-iptables.sh"
25
26
26 # Install iptables rule file
27 # Install iptables rule file
27 install_readonly files/iptables/iptables.rules "${ETC_DIR}/iptables/iptables.rules"
28 install_readonly files/iptables/iptables.rules "${ETC_DIR}/iptables/iptables.rules"
28
29
29 # Reload systemd configuration and enable iptables service
30 # Reload systemd configuration and enable iptables service
30 chroot_exec systemctl daemon-reload
31 chroot_exec systemctl daemon-reload
31 chroot_exec systemctl enable iptables.service
32 chroot_exec systemctl enable iptables.service
32
33
33 if [ "$ENABLE_IPV6" = true ] ; then
34 if [ "$ENABLE_IPV6" = true ] ; then
34 # Install ip6tables systemd service
35 # Install ip6tables systemd service
35 install_readonly files/iptables/ip6tables.service "${ETC_DIR}/systemd/system/ip6tables.service"
36 install_readonly files/iptables/ip6tables.service "${ETC_DIR}/systemd/system/ip6tables.service"
36
37
37 # Install ip6tables file
38 # Install ip6tables file
38 install_exec files/iptables/flush-ip6tables.sh "${ETC_DIR}/iptables/flush-ip6tables.sh"
39 install_exec files/iptables/flush-ip6tables.sh "${ETC_DIR}/iptables/flush-ip6tables.sh"
39
40
40 install_readonly files/iptables/ip6tables.rules "${ETC_DIR}/iptables/ip6tables.rules"
41 install_readonly files/iptables/ip6tables.rules "${ETC_DIR}/iptables/ip6tables.rules"
41
42
42 # Reload systemd configuration and enable iptables service
43 # Reload systemd configuration and enable iptables service
43 chroot_exec systemctl daemon-reload
44 chroot_exec systemctl daemon-reload
44 chroot_exec systemctl enable ip6tables.service
45 chroot_exec systemctl enable ip6tables.service
45 fi
46 fi
46
47
47 if [ "$ENABLE_SSHD" = false ] ; then
48 if [ "$ENABLE_SSHD" = false ] ; then
48 # Remove SSHD related iptables rules
49 # Remove SSHD related iptables rules
49 sed -i "/^#/! {/SSH/ s/^/# /}" "${ETC_DIR}/iptables/iptables.rules" 2> /dev/null
50 sed -i "/^#/! {/SSH/ s/^/# /}" "${ETC_DIR}/iptables/iptables.rules" 2> /dev/null
50 sed -i "/^#/! {/SSH/ s/^/# /}" "${ETC_DIR}/iptables/ip6tables.rules" 2> /dev/null
51 sed -i "/^#/! {/SSH/ s/^/# /}" "${ETC_DIR}/iptables/ip6tables.rules" 2> /dev/null
51 fi
52 fi
52 fi
53 fi
Show file before | Show file after | Hide comments
@@ -1,29 +1,30
1 #!/bin/bash
1 #
2 #
2 # Setup users and security settings
3 # Setup users and security settings
3 #
4 #
4
5
5 # Load utility functions
6 # Load utility functions
6 . ./functions.sh
7 . ./functions.sh
7
8
8 # Generate crypt(3) password string
9 # Generate crypt(3) password string
9 ENCRYPTED_PASSWORD=`mkpasswd -m sha-512 "${PASSWORD}"`
10 ENCRYPTED_PASSWORD=$(mkpasswd -m sha-512 "${PASSWORD}")
10 ENCRYPTED_USER_PASSWORD=`mkpasswd -m sha-512 "${USER_PASSWORD}"`
11 ENCRYPTED_USER_PASSWORD=$(mkpasswd -m sha-512 "${USER_PASSWORD}")
11
12
12 # Setup default user
13 # Setup default user
13 if [ "$ENABLE_USER" = true ] ; then
14 if [ "$ENABLE_USER" = true ] ; then
14 chroot_exec adduser --gecos $USER_NAME --add_extra_groups --disabled-password $USER_NAME
15 chroot_exec adduser --gecos "$USER_NAME" --add_extra_groups --disabled-password "$USER_NAME"
15 chroot_exec usermod -a -G sudo -p "${ENCRYPTED_USER_PASSWORD}" $USER_NAME
16 chroot_exec usermod -a -G sudo -p "${ENCRYPTED_USER_PASSWORD}" "$USER_NAME"
16 fi
17 fi
17
18
18 # Setup root password or not
19 # Setup root password or not
19 if [ "$ENABLE_ROOT" = true ] ; then
20 if [ "$ENABLE_ROOT" = true ] ; then
20 chroot_exec usermod -p "${ENCRYPTED_PASSWORD}" root
21 chroot_exec usermod -p "${ENCRYPTED_PASSWORD}" root
21 else
22 else
22 # Set no root password to disable root login
23 # Set no root password to disable root login
23 chroot_exec usermod -p \'!\' root
24 chroot_exec usermod -p \'!\' root
24 fi
25 fi
25
26
26 # Enable serial console systemd style
27 # Enable serial console systemd style
27 if [ "$ENABLE_CONSOLE" = true ] ; then
28 if [ "$ENABLE_CONSOLE" = true ] ; then
28 chroot_exec systemctl enable serial-getty\@ttyAMA0.service
29 chroot_exec systemctl enable serial-getty\@ttyAMA0.service
29 fi
30 fi
Show file before | Show file after | Hide comments
@@ -1,116 +1,117
1 #!/bin/bash
1 #
2 #
2 # Setup SSH settings and public keys
3 # Setup SSH settings and public keys
3 #
4 #
4
5
5 # Load utility functions
6 # Load utility functions
6 . ./functions.sh
7 . ./functions.sh
7
8
8 if [ "$ENABLE_SSHD" = true ] ; then
9 if [ "$ENABLE_SSHD" = true ] ; then
9 DROPBEAR_ARGS=""
10 DROPBEAR_ARGS=""
10
11
11 if [ "$SSH_ENABLE_ROOT" = false ] ; then
12 if [ "$SSH_ENABLE_ROOT" = false ] ; then
12 if [ "$ENABLE_REDUCE" = false ] || [ "$REDUCE_SSHD" = false ] ; then
13 if [ "$ENABLE_REDUCE" = false ] || [ "$REDUCE_SSHD" = false ] ; then
13 # User root is not allowed to log in
14 # User root is not allowed to log in
14 sed -i "s|[#]*PermitRootLogin.*|PermitRootLogin no|g" "${ETC_DIR}/ssh/sshd_config"
15 sed -i "s|[#]*PermitRootLogin.*|PermitRootLogin no|g" "${ETC_DIR}/ssh/sshd_config"
15 else
16 else
16 # User root is not allowed to log in
17 # User root is not allowed to log in
17 DROPBEAR_ARGS="-w"
18 DROPBEAR_ARGS="-w"
18 fi
19 fi
19 fi
20 fi
20
21
21 if [ "$ENABLE_ROOT" = true ] && [ "$SSH_ENABLE_ROOT" = true ] ; then
22 if [ "$ENABLE_ROOT" = true ] && [ "$SSH_ENABLE_ROOT" = true ] ; then
22 if [ "$ENABLE_REDUCE" = false ] || [ "$REDUCE_SSHD" = false ] ; then
23 if [ "$ENABLE_REDUCE" = false ] || [ "$REDUCE_SSHD" = false ] ; then
23 # Permit SSH root login
24 # Permit SSH root login
24 sed -i "s|[#]*PermitRootLogin.*|PermitRootLogin yes|g" "${ETC_DIR}/ssh/sshd_config"
25 sed -i "s|[#]*PermitRootLogin.*|PermitRootLogin yes|g" "${ETC_DIR}/ssh/sshd_config"
25 else
26 else
26 # Permit SSH root login
27 # Permit SSH root login
27 DROPBEAR_ARGS=""
28 DROPBEAR_ARGS=""
28 fi
29 fi
29
30
30 # Add SSH (v2) public key for user root
31 # Add SSH (v2) public key for user root
31 if [ ! -z "$SSH_ROOT_PUB_KEY" ] ; then
32 if [ -n "$SSH_ROOT_PUB_KEY" ] ; then
32 # Create root SSH config directory
33 # Create root SSH config directory
33 mkdir -p "${R}/root/.ssh"
34 mkdir -p "${R}/root/.ssh"
34
35
35 # Set permissions of root SSH config directory
36 # Set permissions of root SSH config directory
36 chroot_exec chmod 700 "/root/.ssh"
37 chroot_exec chmod 700 "/root/.ssh"
37 chroot_exec chown root:root "/root/.ssh"
38 chroot_exec chown root:root "/root/.ssh"
38
39
39 # Add SSH (v2) public key(s) to authorized_keys file
40 # Add SSH (v2) public key(s) to authorized_keys file
40 cat "$SSH_ROOT_PUB_KEY" >> "${R}/root/.ssh/authorized_keys"
41 cat "$SSH_ROOT_PUB_KEY" >> "${R}/root/.ssh/authorized_keys"
41
42
42 # Set permissions of root SSH authorized_keys file
43 # Set permissions of root SSH authorized_keys file
43 chroot_exec chmod 600 "/root/.ssh/authorized_keys"
44 chroot_exec chmod 600 "/root/.ssh/authorized_keys"
44 chroot_exec chown root:root "/root/.ssh/authorized_keys"
45 chroot_exec chown root:root "/root/.ssh/authorized_keys"
45
46
46 if [ "$ENABLE_REDUCE" = false ] || [ "$REDUCE_SSHD" = false ] ; then
47 if [ "$ENABLE_REDUCE" = false ] || [ "$REDUCE_SSHD" = false ] ; then
47 # Allow SSH public key authentication
48 # Allow SSH public key authentication
48 sed -i "s|[#]*PubkeyAuthentication.*|PubkeyAuthentication yes|g" "${ETC_DIR}/ssh/sshd_config"
49 sed -i "s|[#]*PubkeyAuthentication.*|PubkeyAuthentication yes|g" "${ETC_DIR}/ssh/sshd_config"
49 fi
50 fi
50 fi
51 fi
51 fi
52 fi
52
53
53 if [ "$ENABLE_USER" = true ] ; then
54 if [ "$ENABLE_USER" = true ] ; then
54 # Add SSH (v2) public key for user $USER_NAME
55 # Add SSH (v2) public key for user $USER_NAME
55 if [ ! -z "$SSH_USER_PUB_KEY" ] ; then
56 if [ -n "$SSH_USER_PUB_KEY" ] ; then
56 # Create $USER_NAME SSH config directory
57 # Create $USER_NAME SSH config directory
57 mkdir -p "${R}/home/${USER_NAME}/.ssh"
58 mkdir -p "${R}/home/${USER_NAME}/.ssh"
58
59
59 # Set permissions of $USER_NAME SSH config directory
60 # Set permissions of $USER_NAME SSH config directory
60 chroot_exec chmod 700 "/home/${USER_NAME}/.ssh"
61 chroot_exec chmod 700 "/home/${USER_NAME}/.ssh"
61 chroot_exec chown ${USER_NAME}:${USER_NAME} "/home/${USER_NAME}/.ssh"
62 chroot_exec chown "${USER_NAME}":"${USER_NAME}" "/home/${USER_NAME}/.ssh"
62
63
63 # Add SSH (v2) public key(s) to authorized_keys file
64 # Add SSH (v2) public key(s) to authorized_keys file
64 cat "$SSH_USER_PUB_KEY" >> "${R}/home/${USER_NAME}/.ssh/authorized_keys"
65 cat "$SSH_USER_PUB_KEY" >> "${R}/home/${USER_NAME}/.ssh/authorized_keys"
65
66
66 # Set permissions of $USER_NAME SSH config directory
67 # Set permissions of $USER_NAME SSH config directory
67 chroot_exec chmod 600 "/home/${USER_NAME}/.ssh/authorized_keys"
68 chroot_exec chmod 600 "/home/${USER_NAME}/.ssh/authorized_keys"
68 chroot_exec chown ${USER_NAME}:${USER_NAME} "/home/${USER_NAME}/.ssh/authorized_keys"
69 chroot_exec chown "${USER_NAME}":"${USER_NAME}" "/home/${USER_NAME}/.ssh/authorized_keys"
69
70
70 if [ "$ENABLE_REDUCE" = false ] || [ "$REDUCE_SSHD" = false ] ; then
71 if [ "$ENABLE_REDUCE" = false ] || [ "$REDUCE_SSHD" = false ] ; then
71 # Allow SSH public key authentication
72 # Allow SSH public key authentication
72 sed -i "s|[#]*PubkeyAuthentication.*|PubkeyAuthentication yes|g" "${ETC_DIR}/ssh/sshd_config"
73 sed -i "s|[#]*PubkeyAuthentication.*|PubkeyAuthentication yes|g" "${ETC_DIR}/ssh/sshd_config"
73 fi
74 fi
74 fi
75 fi
75 fi
76 fi
76
77
77 # Limit the users that are allowed to login via SSH
78 # Limit the users that are allowed to login via SSH
78 if [ "$SSH_LIMIT_USERS" = true ] && [ "$ENABLE_REDUCE" = false ] ; then
79 if [ "$SSH_LIMIT_USERS" = true ] && [ "$ENABLE_REDUCE" = false ] ; then
79 allowed_users=""
80 allowed_users=""
80 if [ "$ENABLE_ROOT" = true ] && [ "$SSH_ENABLE_ROOT" = true ] ; then
81 if [ "$ENABLE_ROOT" = true ] && [ "$SSH_ENABLE_ROOT" = true ] ; then
81 allowed_users="root"
82 allowed_users="root"
82 fi
83 fi
83
84
84 if [ "$ENABLE_USER" = true ] ; then
85 if [ "$ENABLE_USER" = true ] ; then
85 allowed_users="${allowed_users} ${USER_NAME}"
86 allowed_users="${allowed_users} ${USER_NAME}"
86 fi
87 fi
87
88
88 if [ ! -z "$allowed_users" ] ; then
89 if [ -n "$allowed_users" ] ; then
89 echo "AllowUsers ${allowed_users}" >> "${ETC_DIR}/ssh/sshd_config"
90 echo "AllowUsers ${allowed_users}" >> "${ETC_DIR}/ssh/sshd_config"
90 fi
91 fi
91 fi
92 fi
92
93
93 # Disable password-based authentication
94 # Disable password-based authentication
94 if [ "$SSH_DISABLE_PASSWORD_AUTH" = true ] ; then
95 if [ "$SSH_DISABLE_PASSWORD_AUTH" = true ] ; then
95 if [ "$ENABLE_ROOT" = true ] && [ "$SSH_ENABLE_ROOT" = true ] ; then
96 if [ "$ENABLE_ROOT" = true ] && [ "$SSH_ENABLE_ROOT" = true ] ; then
96 if [ "$ENABLE_REDUCE" = false ] || [ "$REDUCE_SSHD" = false ] ; then
97 if [ "$ENABLE_REDUCE" = false ] || [ "$REDUCE_SSHD" = false ] ; then
97 sed -i "s|[#]*PermitRootLogin.*|PermitRootLogin without-password|g" "${ETC_DIR}/ssh/sshd_config"
98 sed -i "s|[#]*PermitRootLogin.*|PermitRootLogin without-password|g" "${ETC_DIR}/ssh/sshd_config"
98 else
99 else
99 DROPBEAR_ARGS="-g"
100 DROPBEAR_ARGS="-g"
100 fi
101 fi
101 fi
102 fi
102
103
103 if [ "$ENABLE_REDUCE" = false ] || [ "$REDUCE_SSHD" = false ] ; then
104 if [ "$ENABLE_REDUCE" = false ] || [ "$REDUCE_SSHD" = false ] ; then
104 sed -i "s|[#]*PasswordAuthentication.*|PasswordAuthentication no|g" "${ETC_DIR}/ssh/sshd_config"
105 sed -i "s|[#]*PasswordAuthentication.*|PasswordAuthentication no|g" "${ETC_DIR}/ssh/sshd_config"
105 sed -i "s|[#]*ChallengeResponseAuthentication no.*|ChallengeResponseAuthentication no|g" "${ETC_DIR}/ssh/sshd_config"
106 sed -i "s|[#]*ChallengeResponseAuthentication no.*|ChallengeResponseAuthentication no|g" "${ETC_DIR}/ssh/sshd_config"
106 sed -i "s|[#]*UsePAM.*|UsePAM no|g" "${ETC_DIR}/ssh/sshd_config"
107 sed -i "s|[#]*UsePAM.*|UsePAM no|g" "${ETC_DIR}/ssh/sshd_config"
107 else
108 else
108 DROPBEAR_ARGS="${DROPBEAR_ARGS} -s"
109 DROPBEAR_ARGS="${DROPBEAR_ARGS} -s"
109 fi
110 fi
110 fi
111 fi
111
112
112 # Update dropbear SSH configuration
113 # Update dropbear SSH configuration
113 if [ "$ENABLE_REDUCE" = true ] && [ "$REDUCE_SSHD" = true ] ; then
114 if [ "$ENABLE_REDUCE" = true ] && [ "$REDUCE_SSHD" = true ] ; then
114 sed "s|^DROPBEAR_EXTRA_ARGS=.*|DROPBEAR_EXTRA_ARGS=\"${DROPBEAR_ARGS}\"|g" "${ETC_DIR}/default/dropbear"
115 sed "s|^DROPBEAR_EXTRA_ARGS=.*|DROPBEAR_EXTRA_ARGS=\"${DROPBEAR_ARGS}\"|g" "${ETC_DIR}/default/dropbear"
115 fi
116 fi
116 fi
117 fi
Show file before | Show file after | Hide comments
@@ -1,88 +1,90
1 #!/bin/bash
1 #
2 #
2 # Build and Setup U-Boot
3 # Build and Setup U-Boot
3 #
4 #
4
5
5 # Load utility functions
6 # Load utility functions
6 . ./functions.sh
7 . ./functions.sh
7
8
8 # Fetch and build U-Boot bootloader
9 # Fetch and build U-Boot bootloader
9 if [ "$ENABLE_UBOOT" = true ] ; then
10 if [ "$ENABLE_UBOOT" = true ] ; then
10 # Install c/c++ build environment inside the chroot
11 # Install c/c++ build environment inside the chroot
11 chroot_install_cc
12 chroot_install_cc
12
13
13 # Copy existing U-Boot sources into chroot directory
14 # Copy existing U-Boot sources into chroot directory
14 if [ -n "$UBOOTSRC_DIR" ] && [ -d "$UBOOTSRC_DIR" ] ; then
15 if [ -n "$UBOOTSRC_DIR" ] && [ -d "$UBOOTSRC_DIR" ] ; then
15 # Copy local U-Boot sources
16 # Copy local U-Boot sources
16 cp -r "${UBOOTSRC_DIR}" "${R}/tmp"
17 cp -r "${UBOOTSRC_DIR}" "${R}/tmp"
17 else
18 else
18 # Create temporary directory for U-Boot sources
19 # Create temporary directory for U-Boot sources
19 temp_dir=$(as_nobody mktemp -d)
20 temp_dir=$(as_nobody mktemp -d)
20
21
21 # Fetch U-Boot sources
22 # Fetch U-Boot sources
22 as_nobody git -C "${temp_dir}" clone "${UBOOT_URL}"
23 as_nobody git -C "${temp_dir}" clone "${UBOOT_URL}"
23
24
24 # Copy downloaded U-Boot sources
25 # Copy downloaded U-Boot sources
25 mv "${temp_dir}/u-boot" "${R}/tmp/"
26 mv "${temp_dir}/u-boot" "${R}/tmp/"
26
27
27 # Set permissions of the U-Boot sources
28 # Set permissions of the U-Boot sources
28 chown -R root:root "${R}/tmp/u-boot"
29 chown -R root:root "${R}/tmp/u-boot"
29
30
30 # Remove temporary directory for U-Boot sources
31 # Remove temporary directory for U-Boot sources
31 rm -fr "${temp_dir}"
32 rm -fr "${temp_dir}"
32 fi
33 fi
33
34
34 # Build and install U-Boot inside chroot
35 # Build and install U-Boot inside chroot
35 chroot_exec make -j${KERNEL_THREADS} -C /tmp/u-boot/ ${UBOOT_CONFIG} all
36 chroot_exec make -j"${KERNEL_THREADS}" -C /tmp/u-boot/ "${UBOOT_CONFIG}" all
36
37
37 # Copy compiled bootloader binary and set config.txt to load it
38 # Copy compiled bootloader binary and set config.txt to load it
38 install_exec "${R}/tmp/u-boot/tools/mkimage" "${R}/usr/sbin/mkimage"
39 install_exec "${R}/tmp/u-boot/tools/mkimage" "${R}/usr/sbin/mkimage"
39 install_readonly "${R}/tmp/u-boot/u-boot.bin" "${BOOT_DIR}/u-boot.bin"
40 install_readonly "${R}/tmp/u-boot/u-boot.bin" "${BOOT_DIR}/u-boot.bin"
40 printf "\n# boot u-boot kernel\nkernel=u-boot.bin\n" >> "${BOOT_DIR}/config.txt"
41 printf "\n# boot u-boot kernel\nkernel=u-boot.bin\n" >> "${BOOT_DIR}/config.txt"
41
42
42 # Install and setup U-Boot command file
43 # Install and setup U-Boot command file
43 install_readonly files/boot/uboot.mkimage "${BOOT_DIR}/uboot.mkimage"
44 install_readonly files/boot/uboot.mkimage "${BOOT_DIR}/uboot.mkimage"
44 printf "# Set the kernel boot command line\nsetenv bootargs \"earlyprintk ${CMDLINE}\"\n\n$(cat ${BOOT_DIR}/uboot.mkimage)" > "${BOOT_DIR}/uboot.mkimage"
45 printf "# Set the kernel boot command line\nsetenv bootargs \"earlyprintk ${CMDLINE}\"\n\n$(cat "${BOOT_DIR}"/uboot.mkimage)" > "${BOOT_DIR}/uboot.mkimage"
45
46
46 if [ "$ENABLE_INITRAMFS" = true ] ; then
47 if [ "$ENABLE_INITRAMFS" = true ] ; then
47 # Convert generated initramfs for U-Boot using mkimage
48 # Convert generated initramfs for U-Boot using mkimage
48 chroot_exec /usr/sbin/mkimage -A "${KERNEL_ARCH}" -T ramdisk -C none -n "initramfs-${KERNEL_VERSION}" -d "/boot/firmware/initramfs-${KERNEL_VERSION}" "/boot/firmware/initramfs-${KERNEL_VERSION}.uboot"
49 chroot_exec /usr/sbin/mkimage -A "${KERNEL_ARCH}" -T ramdisk -C none -n "initramfs-${KERNEL_VERSION}" -d "/boot/firmware/initramfs-${KERNEL_VERSION}" "/boot/firmware/initramfs-${KERNEL_VERSION}.uboot"
49
50
50 # Remove original initramfs file
51 # Remove original initramfs file
51 rm -f "${BOOT_DIR}/initramfs-${KERNEL_VERSION}"
52 rm -f "${BOOT_DIR}/initramfs-${KERNEL_VERSION}"
52
53
53 # Configure U-Boot to load generated initramfs
54 # Configure U-Boot to load generated initramfs
54 printf "# Set initramfs file\nsetenv initramfs initramfs-${KERNEL_VERSION}.uboot\n\n$(cat ${BOOT_DIR}/uboot.mkimage)" > "${BOOT_DIR}/uboot.mkimage"
55 printf "# Set initramfs file\nsetenv initramfs initramfs-${KERNEL_VERSION}.uboot\n\n$(cat "${BOOT_DIR}"/uboot.mkimage)" > "${BOOT_DIR}/uboot.mkimage"
55 printf "\nbootz \${kernel_addr_r} \${ramdisk_addr_r} \${fdt_addr_r}" >> "${BOOT_DIR}/uboot.mkimage"
56 printf "\nbootz \${kernel_addr_r} \${ramdisk_addr_r} \${fdt_addr_r}" >> "${BOOT_DIR}/uboot.mkimage"
56 else # ENABLE_INITRAMFS=false
57 else # ENABLE_INITRAMFS=false
57 # Remove initramfs from U-Boot mkfile
58 # Remove initramfs from U-Boot mkfile
58 sed -i '/.*initramfs.*/d' "${BOOT_DIR}/uboot.mkimage"
59 sed -i '/.*initramfs.*/d' "${BOOT_DIR}/uboot.mkimage"
59
60
60 if [ "$BUILD_KERNEL" = false ] ; then
61 if [ "$BUILD_KERNEL" = false ] ; then
61 # Remove dtbfile from U-Boot mkfile
62 # Remove dtbfile from U-Boot mkfile
62 sed -i '/.*dtbfile.*/d' "${BOOT_DIR}/uboot.mkimage"
63 sed -i '/.*dtbfile.*/d' "${BOOT_DIR}/uboot.mkimage"
63 printf "\nbootz \${kernel_addr_r}" >> "${BOOT_DIR}/uboot.mkimage"
64 printf "\nbootz \${kernel_addr_r}" >> "${BOOT_DIR}/uboot.mkimage"
64 else
65 else
65 printf "\nbootz \${kernel_addr_r} - \${fdt_addr_r}" >> "${BOOT_DIR}/uboot.mkimage"
66 printf "\nbootz \${kernel_addr_r} - \${fdt_addr_r}" >> "${BOOT_DIR}/uboot.mkimage"
66 fi
67 fi
67 fi
68 fi
68
69
69 # Set mkfile to use the correct dtb file
70 # Set mkfile to use the correct dtb file
70 sed -i "s/^\(setenv dtbfile \).*/\1${DTB_FILE}/" "${BOOT_DIR}/uboot.mkimage"
71 sed -i "s/^\(setenv dtbfile \).*/\1${DTB_FILE}/" "${BOOT_DIR}/uboot.mkimage"
71
72
72 # Set mkfile to use the correct mach id
73 # Set mkfile to use the correct mach id
73 if [ "$ENABLE_QEMU" = true ] ; then
74 if [ "$ENABLE_QEMU" = true ] ; then
74 sed -i "s/^\(setenv machid \).*/\10x000008e0/" "${BOOT_DIR}/uboot.mkimage"
75 sed -i "s/^\(setenv machid \).*/\10x000008e0/" "${BOOT_DIR}/uboot.mkimage"
75 fi
76 fi
76
77
77 # Set mkfile to use kernel image
78 # Set mkfile to use kernel image
78 sed -i "s/^\(fatload mmc 0:1 \${kernel_addr_r} \).*/\1${KERNEL_IMAGE}/" "${BOOT_DIR}/uboot.mkimage"
79 sed -i "s/^\(fatload mmc 0:1 \${kernel_addr_r} \).*/\1${KERNEL_IMAGE}/" "${BOOT_DIR}/uboot.mkimage"
79
80
80 # Remove all leading blank lines
81 # Remove all leading blank lines
81 sed -i "/./,\$!d" "${BOOT_DIR}/uboot.mkimage"
82 sed -i "/./,\$!d" "${BOOT_DIR}/uboot.mkimage"
82
83
83 # Generate U-Boot bootloader image
84 # Generate U-Boot bootloader image
84 chroot_exec /usr/sbin/mkimage -A "${KERNEL_ARCH}" -O linux -T script -C none -a 0x00000000 -e 0x00000000 -n "RPi${RPI_MODEL}" -d /boot/firmware/uboot.mkimage /boot/firmware/boot.scr
85 chroot_exec /usr/sbin/mkimage -A "${KERNEL_ARCH}" -O linux -T script -C none -a 0x00000000 -e 0x00000000 -n "RPi${RPI_MODEL}" -d /boot/firmware/uboot.mkimage /boot/firmware/boot.scr
85
86
86 # Remove U-Boot sources
87 # Remove U-Boot sources
87 rm -fr "${R}/tmp/u-boot"
88 rm -fr "${R}/tmp/u-boot"
88 fi
89 fi
90
Show file before | Show file after | Hide comments
@@ -1,51 +1,52
1 #!/bin/bash
1 #
2 #
2 # Build and Setup fbturbo Xorg driver
3 # Build and Setup fbturbo Xorg driver
3 #
4 #
4
5
5 # Load utility functions
6 # Load utility functions
6 . ./functions.sh
7 . ./functions.sh
7
8
8 if [ "$ENABLE_FBTURBO" = true ] ; then
9 if [ "$ENABLE_FBTURBO" = true ] ; then
9 # Install c/c++ build environment inside the chroot
10 # Install c/c++ build environment inside the chroot
10 chroot_install_cc
11 chroot_install_cc
11
12
12 # Copy existing fbturbo sources into chroot directory
13 # Copy existing fbturbo sources into chroot directory
13 if [ -n "$FBTURBOSRC_DIR" ] && [ -d "$FBTURBOSRC_DIR" ] ; then
14 if [ -n "$FBTURBOSRC_DIR" ] && [ -d "$FBTURBOSRC_DIR" ] ; then
14 # Copy local fbturbo sources
15 # Copy local fbturbo sources
15 cp -r "${FBTURBOSRC_DIR}" "${R}/tmp"
16 cp -r "${FBTURBOSRC_DIR}" "${R}/tmp"
16 else
17 else
17 # Create temporary directory for fbturbo sources
18 # Create temporary directory for fbturbo sources
18 temp_dir=$(as_nobody mktemp -d)
19 temp_dir=$(as_nobody mktemp -d)
19
20
20 # Fetch fbturbo sources
21 # Fetch fbturbo sources
21 as_nobody git -C "${temp_dir}" clone "${FBTURBO_URL}"
22 as_nobody git -C "${temp_dir}" clone "${FBTURBO_URL}"
22
23
23 # Move downloaded fbturbo sources
24 # Move downloaded fbturbo sources
24 mv "${temp_dir}/xf86-video-fbturbo" "${R}/tmp/"
25 mv "${temp_dir}/xf86-video-fbturbo" "${R}/tmp/"
25
26
26 # Remove temporary directory for fbturbo sources
27 # Remove temporary directory for fbturbo sources
27 rm -fr "${temp_dir}"
28 rm -fr "${temp_dir}"
28 fi
29 fi
29
30
30 # Install Xorg build dependencies
31 # Install Xorg build dependencies
31 if [ "$RELEASE" = "jessie" ] ; then
32 if [ "$RELEASE" = "jessie" ] ; then
32 chroot_exec apt-get -q -y --no-install-recommends install xorg-dev xutils-dev x11proto-dri2-dev libltdl-dev libtool automake libdrm-dev
33 chroot_exec apt-get -q -y --no-install-recommends install xorg-dev xutils-dev x11proto-dri2-dev libltdl-dev libtool automake libdrm-dev
33 elif [ "$RELEASE" = "stretch" ] || [ "$RELEASE" = "buster" ] ; then
34 elif [ "$RELEASE" = "stretch" ] || [ "$RELEASE" = "buster" ] ; then
34 chroot_exec apt-get -q -y --no-install-recommends --allow-unauthenticated install xorg-dev xutils-dev x11proto-dri2-dev libltdl-dev libtool automake libdrm-dev
35 chroot_exec apt-get -q -y --no-install-recommends --allow-unauthenticated install xorg-dev xutils-dev x11proto-dri2-dev libltdl-dev libtool automake libdrm-dev
35 fi
36 fi
36
37
37 # Build and install fbturbo driver inside chroot
38 # Build and install fbturbo driver inside chroot
38 chroot_exec /bin/bash -x <<'EOF'
39 chroot_exec /bin/bash -x <<'EOF'
39 cd /tmp/xf86-video-fbturbo
40 cd /tmp/xf86-video-fbturbo
40 autoreconf -vi
41 autoreconf -vi
41 ./configure --prefix=/usr
42 ./configure --prefix=/usr
42 make
43 make
43 make install
44 make install
44 EOF
45 EOF
45
46
46 # Install fbturbo driver Xorg configuration
47 # Install fbturbo driver Xorg configuration
47 install_readonly files/xorg/99-fbturbo.conf "${R}/usr/share/X11/xorg.conf.d/99-fbturbo.conf"
48 install_readonly files/xorg/99-fbturbo.conf "${R}/usr/share/X11/xorg.conf.d/99-fbturbo.conf"
48
49
49 # Remove Xorg build dependencies
50 # Remove Xorg build dependencies
50 chroot_exec apt-get -qq -y --auto-remove purge xorg-dev xutils-dev x11proto-dri2-dev libltdl-dev libtool automake libdrm-dev
51 chroot_exec apt-get -qq -y --auto-remove purge xorg-dev xutils-dev x11proto-dri2-dev libltdl-dev libtool automake libdrm-dev
51 fi
52 fi
Show file before | Show file after | Hide comments
@@ -1,49 +1,50
1 #!/bin/bash
1 #
2 #
2 # First boot actions
3 # First boot actions
3 #
4 #
4
5
5 # Load utility functions
6 # Load utility functions
6 . ./functions.sh
7 . ./functions.sh
7
8
8 # Prepare rc.firstboot script
9 # Prepare rc.firstboot script
9 cat files/firstboot/10-begin.sh > "${ETC_DIR}/rc.firstboot"
10 cat files/firstboot/10-begin.sh > "${ETC_DIR}/rc.firstboot"
10
11
11 # Ensure openssh server host keys are regenerated on first boot
12 # Ensure openssh server host keys are regenerated on first boot
12 if [ "$ENABLE_SSHD" = true ] ; then
13 if [ "$ENABLE_SSHD" = true ] ; then
13 cat files/firstboot/21-generate-ssh-keys.sh >> "${ETC_DIR}/rc.firstboot"
14 cat files/firstboot/21-generate-ssh-keys.sh >> "${ETC_DIR}/rc.firstboot"
14 fi
15 fi
15
16
16 # Prepare filesystem auto expand
17 # Prepare filesystem auto expand
17 if [ "$EXPANDROOT" = true ] ; then
18 if [ "$EXPANDROOT" = true ] ; then
18 if [ "$ENABLE_CRYPTFS" = false ] ; then
19 if [ "$ENABLE_CRYPTFS" = false ] ; then
19 cat files/firstboot/22-expandroot.sh >> "${ETC_DIR}/rc.firstboot"
20 cat files/firstboot/22-expandroot.sh >> "${ETC_DIR}/rc.firstboot"
20 else
21 else
21 # Regenerate initramfs to remove encrypted root partition auto expand
22 # Regenerate initramfs to remove encrypted root partition auto expand
22 cat files/firstboot/23-regenerate-initramfs.sh >> "${ETC_DIR}/rc.firstboot"
23 cat files/firstboot/23-regenerate-initramfs.sh >> "${ETC_DIR}/rc.firstboot"
23 fi
24 fi
24 fi
25 fi
25
26
26 # Ensure that dbus machine-id exists
27 # Ensure that dbus machine-id exists
27 cat files/firstboot/24-generate-machineid.sh >> "${ETC_DIR}/rc.firstboot"
28 cat files/firstboot/24-generate-machineid.sh >> "${ETC_DIR}/rc.firstboot"
28
29
29 # Create /etc/resolv.conf symlink
30 # Create /etc/resolv.conf symlink
30 cat files/firstboot/25-create-resolv-symlink.sh >> "${ETC_DIR}/rc.firstboot"
31 cat files/firstboot/25-create-resolv-symlink.sh >> "${ETC_DIR}/rc.firstboot"
31
32
32 # Configure automatic network interface names
33 # Configure automatic network interface names
33 if [ "$ENABLE_IFNAMES" = true ] ; then
34 if [ "$ENABLE_IFNAMES" = true ] ; then
34 cat files/firstboot/26-config-ifnames.sh >> "${ETC_DIR}/rc.firstboot"
35 cat files/firstboot/26-config-ifnames.sh >> "${ETC_DIR}/rc.firstboot"
35 fi
36 fi
36
37
37 # Finalize rc.firstboot script
38 # Finalize rc.firstboot script
38 cat files/firstboot/99-finish.sh >> "${ETC_DIR}/rc.firstboot"
39 cat files/firstboot/99-finish.sh >> "${ETC_DIR}/rc.firstboot"
39 chmod +x "${ETC_DIR}/rc.firstboot"
40 chmod +x "${ETC_DIR}/rc.firstboot"
40
41
41 # Install default rc.local if it does not exist
42 # Install default rc.local if it does not exist
42 if [ ! -f "${ETC_DIR}/rc.local" ] ; then
43 if [ ! -f "${ETC_DIR}/rc.local" ] ; then
43 install_exec files/etc/rc.local "${ETC_DIR}/rc.local"
44 install_exec files/etc/rc.local "${ETC_DIR}/rc.local"
44 fi
45 fi
45
46
46 # Add rc.firstboot script to rc.local
47 # Add rc.firstboot script to rc.local
47 sed -i '/exit 0/d' "${ETC_DIR}/rc.local"
48 sed -i '/exit 0/d' "${ETC_DIR}/rc.local"
48 echo /etc/rc.firstboot >> "${ETC_DIR}/rc.local"
49 echo /etc/rc.firstboot >> "${ETC_DIR}/rc.local"
49 echo exit 0 >> "${ETC_DIR}/rc.local"
50 echo exit 0 >> "${ETC_DIR}/rc.local"
Show file before | Show file after | Hide comments
@@ -1,85 +1,86
1 #!/bin/bash
1 #
2 #
2 # Reduce system disk usage
3 # Reduce system disk usage
3 #
4 #
4
5
5 # Load utility functions
6 # Load utility functions
6 . ./functions.sh
7 . ./functions.sh
7
8
8 # Reduce the image size by various operations
9 # Reduce the image size by various operations
9 if [ "$ENABLE_REDUCE" = true ] ; then
10 if [ "$ENABLE_REDUCE" = true ] ; then
10 if [ "$REDUCE_APT" = true ] ; then
11 if [ "$REDUCE_APT" = true ] ; then
11 # Install dpkg configuration file
12 # Install dpkg configuration file
12 if [ "$REDUCE_DOC" = true ] || [ "$REDUCE_MAN" = true ] ; then
13 if [ "$REDUCE_DOC" = true ] || [ "$REDUCE_MAN" = true ] ; then
13 install_readonly files/dpkg/01nodoc "${ETC_DIR}/dpkg/dpkg.cfg.d/01nodoc"
14 install_readonly files/dpkg/01nodoc "${ETC_DIR}/dpkg/dpkg.cfg.d/01nodoc"
14 fi
15 fi
15
16
16 # Install APT configuration files
17 # Install APT configuration files
17 install_readonly files/apt/02nocache "${ETC_DIR}/apt/apt.conf.d/02nocache"
18 install_readonly files/apt/02nocache "${ETC_DIR}/apt/apt.conf.d/02nocache"
18 install_readonly files/apt/03compress "${ETC_DIR}/apt/apt.conf.d/03compress"
19 install_readonly files/apt/03compress "${ETC_DIR}/apt/apt.conf.d/03compress"
19 install_readonly files/apt/04norecommends "${ETC_DIR}/apt/apt.conf.d/04norecommends"
20 install_readonly files/apt/04norecommends "${ETC_DIR}/apt/apt.conf.d/04norecommends"
20
21
21 # Remove APT cache files
22 # Remove APT cache files
22 rm -fr "${R}/var/cache/apt/pkgcache.bin"
23 rm -fr "${R}/var/cache/apt/pkgcache.bin"
23 rm -fr "${R}/var/cache/apt/srcpkgcache.bin"
24 rm -fr "${R}/var/cache/apt/srcpkgcache.bin"
24 fi
25 fi
25
26
26 # Remove all doc files
27 # Remove all doc files
27 if [ "$REDUCE_DOC" = true ] ; then
28 if [ "$REDUCE_DOC" = true ] ; then
28 find "${R}/usr/share/doc" -depth -type f ! -name copyright | xargs rm || true
29 find "${R}/usr/share/doc" -depth -type f ! -name copyright -print0 | xargs -0 rm || true
29 find "${R}/usr/share/doc" -empty | xargs rmdir || true
30 find "${R}/usr/share/doc" -empty -print0 | xargs -0 rmdir || true
30 fi
31 fi
31
32
32 # Remove all man pages and info files
33 # Remove all man pages and info files
33 if [ "$REDUCE_MAN" = true ] ; then
34 if [ "$REDUCE_MAN" = true ] ; then
34 rm -rf "${R}/usr/share/man" "${R}/usr/share/groff" "${R}/usr/share/info" "${R}/usr/share/lintian" "${R}/usr/share/linda" "${R}/var/cache/man"
35 rm -rf "${R}/usr/share/man" "${R}/usr/share/groff" "${R}/usr/share/info" "${R}/usr/share/lintian" "${R}/usr/share/linda" "${R}/var/cache/man"
35 fi
36 fi
36
37
37 # Remove all locale translation files
38 # Remove all locale translation files
38 if [ "$REDUCE_LOCALE" = true ] ; then
39 if [ "$REDUCE_LOCALE" = true ] ; then
39 find "${R}/usr/share/locale" -mindepth 1 -maxdepth 1 ! -name 'en' | xargs rm -r
40 find "${R}/usr/share/locale" -mindepth 1 -maxdepth 1 ! -name 'en' -print0 | xargs -0 rm -r
40 fi
41 fi
41
42
42 # Remove hwdb PCI device classes (experimental)
43 # Remove hwdb PCI device classes (experimental)
43 if [ "$REDUCE_HWDB" = true ] ; then
44 if [ "$REDUCE_HWDB" = true ] ; then
44 rm -fr "/lib/udev/hwdb.d/20-pci-*"
45 rm -fr "/lib/udev/hwdb.d/20-pci-*"
45 fi
46 fi
46
47
47 # Replace bash shell by dash shell (experimental)
48 # Replace bash shell by dash shell (experimental)
48 if [ "$REDUCE_BASH" = true ] ; then
49 if [ "$REDUCE_BASH" = true ] ; then
49 if [ "$RELEASE" = "stretch" ] || [ "$RELEASE" = "buster" ] ; then
50 if [ "$RELEASE" = "stretch" ] || [ "$RELEASE" = "buster" ] ; then
50 echo "Yes, do as I say!" | chroot_exec apt-get purge -qq -y --allow-remove-essential bash
51 echo "Yes, do as I say!" | chroot_exec apt-get purge -qq -y --allow-remove-essential bash
51 else
52 else
52 echo "Yes, do as I say!" | chroot_exec apt-get purge -qq -y --force-yes bash
53 echo "Yes, do as I say!" | chroot_exec apt-get purge -qq -y --force-yes bash
53 fi
54 fi
54
55
55 chroot_exec update-alternatives --install /bin/bash bash /bin/dash 100
56 chroot_exec update-alternatives --install /bin/bash bash /bin/dash 100
56 fi
57 fi
57
58
58 # Remove sound utils and libraries
59 # Remove sound utils and libraries
59 if [ "$ENABLE_SOUND" = false ] ; then
60 if [ "$ENABLE_SOUND" = false ] ; then
60 chroot_exec apt-get -qq -y purge alsa-utils libsamplerate0 libasound2 libasound2-data
61 chroot_exec apt-get -qq -y purge alsa-utils libsamplerate0 libasound2 libasound2-data
61 fi
62 fi
62
63
63 # Re-install tools for managing kernel modules
64 # Re-install tools for managing kernel modules
64 if [ "$RELEASE" = "jessie" ] ; then
65 if [ "$RELEASE" = "jessie" ] ; then
65 chroot_exec apt-get -qq -y install module-init-tools
66 chroot_exec apt-get -qq -y install module-init-tools
66 fi
67 fi
67
68
68 # Remove GPU kernels
69 # Remove GPU kernels
69 if [ "$ENABLE_MINGPU" = true ] ; then
70 if [ "$ENABLE_MINGPU" = true ] ; then
70 rm -f "${BOOT_DIR}/start.elf"
71 rm -f "${BOOT_DIR}/start.elf"
71 rm -f "${BOOT_DIR}/fixup.dat"
72 rm -f "${BOOT_DIR}/fixup.dat"
72 rm -f "${BOOT_DIR}/start_x.elf"
73 rm -f "${BOOT_DIR}/start_x.elf"
73 rm -f "${BOOT_DIR}/fixup_x.dat"
74 rm -f "${BOOT_DIR}/fixup_x.dat"
74 fi
75 fi
75
76
76 # Remove kernel and initrd from /boot (already in /boot/firmware)
77 # Remove kernel and initrd from /boot (already in /boot/firmware)
77 if [ "$BUILD_KERNEL" = false ] ; then
78 if [ "$BUILD_KERNEL" = false ] ; then
78 rm -f "${R}/boot/vmlinuz-*"
79 rm -f "${R}/boot/vmlinuz-*"
79 rm -f "${R}/boot/initrd.img-*"
80 rm -f "${R}/boot/initrd.img-*"
80 fi
81 fi
81
82
82 # Clean APT list of repositories
83 # Clean APT list of repositories
83 rm -fr "${R}/var/lib/apt/lists/*"
84 rm -fr "${R}/var/lib/apt/lists/*"
84 chroot_exec apt-get -qq -y update
85 chroot_exec apt-get -qq -y update
85 fi
86 fi
Show file before | Show file after | Hide comments
@@ -1,790 +1,790
1 #!/bin/bash
1 #!/bin/bash
2 ########################################################################
2 ########################################################################
3 # rpi23-gen-image.sh 2015-2017
3 # rpi23-gen-image.sh 2015-2017
4 #
4 #
5 # Advanced Debian "stretch" and "buster" bootstrap script for RPi2/3
5 # Advanced Debian "stretch" and "buster" bootstrap script for RPi2/3
6 #
6 #
7 # This program is free software; you can redistribute it and/or
7 # This program is free software; you can redistribute it and/or
8 # modify it under the terms of the GNU General Public License
8 # modify it under the terms of the GNU General Public License
9 # as published by the Free Software Foundation; either version 2
9 # as published by the Free Software Foundation; either version 2
10 # of the License, or (at your option) any later version.
10 # of the License, or (at your option) any later version.
11 #
11 #
12 # Copyright (C) 2015 Jan Wagner <mail@jwagner.eu>
12 # Copyright (C) 2015 Jan Wagner <mail@jwagner.eu>
13 #
13 #
14 # Big thanks for patches and enhancements by 20+ github contributors!
14 # Big thanks for patches and enhancements by 20+ github contributors!
15 ########################################################################
15 ########################################################################
16
16
17 # Are we running as root?
17 # Are we running as root?
18 if [ "$(id -u)" -ne "0" ] ; then
18 if [ "$(id -u)" -ne "0" ] ; then
19 echo "error: this script must be executed with root privileges!"
19 echo "error: this script must be executed with root privileges!"
20 exit 1
20 exit 1
21 fi
21 fi
22
22
23 # Check if ./functions.sh script exists
23 # Check if ./functions.sh script exists
24 if [ ! -r "./functions.sh" ] ; then
24 if [ ! -r "./functions.sh" ] ; then
25 echo "error: './functions.sh' required script not found!"
25 echo "error: './functions.sh' required script not found!"
26 exit 1
26 exit 1
27 fi
27 fi
28
28
29 # Load utility functions
29 # Load utility functions
30 . ./functions.sh
30 . ./functions.sh
31
31
32 # Load parameters from configuration template file
32 # Load parameters from configuration template file
33 if [ -n "$CONFIG_TEMPLATE" ] ; then
33 if [ -n "$CONFIG_TEMPLATE" ] ; then
34 use_template
34 use_template
35 fi
35 fi
36
36
37 # Introduce settings
37 # Introduce settings
38 set -e
38 set -e
39 echo -n -e "\n#\n# RPi2/3 Bootstrap Settings\n#\n"
39 echo -n -e "\n#\n# RPi2/3 Bootstrap Settings\n#\n"
40 set -x
40 set -x
41
41
42 # Raspberry Pi model configuration
42 # Raspberry Pi model configuration
43 RPI_MODEL=${RPI_MODEL:=2}
43 RPI_MODEL=${RPI_MODEL:=2}
44
44
45 # Debian release
45 # Debian release
46 RELEASE=${RELEASE:=buster}
46 RELEASE=${RELEASE:=buster}
47
47
48 #Kernel Branch
48 #Kernel Branch
49 KERNEL_BRANCH=${KERNEL_BRANCH:=""}
49 KERNEL_BRANCH=${KERNEL_BRANCH:=""}
50
50
51 # URLs
51 # URLs
52 KERNEL_URL=${KERNEL_URL:=https://github.com/raspberrypi/linux}
52 KERNEL_URL=${KERNEL_URL:=https://github.com/raspberrypi/linux}
53 FIRMWARE_URL=${FIRMWARE_URL:=https://github.com/raspberrypi/firmware/raw/master/boot}
53 FIRMWARE_URL=${FIRMWARE_URL:=https://github.com/raspberrypi/firmware/raw/master/boot}
54 WLAN_FIRMWARE_URL=${WLAN_FIRMWARE_URL:=https://github.com/RPi-Distro/firmware-nonfree/raw/master/brcm}
54 WLAN_FIRMWARE_URL=${WLAN_FIRMWARE_URL:=https://github.com/RPi-Distro/firmware-nonfree/raw/master/brcm}
55 FBTURBO_URL=${FBTURBO_URL:=https://github.com/ssvb/xf86-video-fbturbo.git}
55 FBTURBO_URL=${FBTURBO_URL:=https://github.com/ssvb/xf86-video-fbturbo.git}
56 UBOOT_URL=${UBOOT_URL:=https://git.denx.de/u-boot.git}
56 UBOOT_URL=${UBOOT_URL:=https://git.denx.de/u-boot.git}
57
57
58 # Firmware directory: Blank if download from github
58 # Firmware directory: Blank if download from github
59 RPI_FIRMWARE_DIR=${RPI_FIRMWARE_DIR:=""}
59 RPI_FIRMWARE_DIR=${RPI_FIRMWARE_DIR:=""}
60
60
61 # Build directories
61 # Build directories
62 BASEDIR=${BASEDIR:=$(pwd)/images/${RELEASE}}
62 BASEDIR=${BASEDIR:=$(pwd)/images/${RELEASE}}
63 BUILDDIR="${BASEDIR}/build"
63 BUILDDIR="${BASEDIR}/build"
64
64
65 # Prepare date string for default image file name
65 # Prepare date string for default image file name
66 DATE="$(date +%Y-%m-%d)"
66 DATE="$(date +%Y-%m-%d)"
67 if [ -z "$KERNEL_BRANCH" ] ; then
67 if [ -z "$KERNEL_BRANCH" ] ; then
68 IMAGE_NAME=${IMAGE_NAME:=${BASEDIR}/${DATE}-${KERNEL_ARCH}-CURRENT-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}}
68 IMAGE_NAME=${IMAGE_NAME:=${BASEDIR}/${DATE}-${KERNEL_ARCH}-CURRENT-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}}
69 else
69 else
70 IMAGE_NAME=${IMAGE_NAME:=${BASEDIR}/${DATE}-${KERNEL_ARCH}-${KERNEL_BRANCH}-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}}
70 IMAGE_NAME=${IMAGE_NAME:=${BASEDIR}/${DATE}-${KERNEL_ARCH}-${KERNEL_BRANCH}-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}}
71 fi
71 fi
72
72
73 # Chroot directories
73 # Chroot directories
74 R="${BUILDDIR}/chroot"
74 R="${BUILDDIR}/chroot"
75 ETC_DIR="${R}/etc"
75 ETC_DIR="${R}/etc"
76 LIB_DIR="${R}/lib"
76 LIB_DIR="${R}/lib"
77 BOOT_DIR="${R}/boot/firmware"
77 BOOT_DIR="${R}/boot/firmware"
78 KERNEL_DIR="${R}/usr/src/linux"
78 KERNEL_DIR="${R}/usr/src/linux"
79 WLAN_FIRMWARE_DIR="${R}/lib/firmware/brcm"
79 WLAN_FIRMWARE_DIR="${R}/lib/firmware/brcm"
80
80
81 # General settings
81 # General settings
82 SET_ARCH=${SET_ARCH:=32}
82 SET_ARCH=${SET_ARCH:=32}
83 HOSTNAME=${HOSTNAME:=rpi${RPI_MODEL}-${RELEASE}}
83 HOSTNAME=${HOSTNAME:=rpi${RPI_MODEL}-${RELEASE}}
84 PASSWORD=${PASSWORD:=raspberry}
84 PASSWORD=${PASSWORD:=raspberry}
85 USER_PASSWORD=${USER_PASSWORD:=raspberry}
85 USER_PASSWORD=${USER_PASSWORD:=raspberry}
86 DEFLOCAL=${DEFLOCAL:="en_US.UTF-8"}
86 DEFLOCAL=${DEFLOCAL:="en_US.UTF-8"}
87 TIMEZONE=${TIMEZONE:="Europe/Berlin"}
87 TIMEZONE=${TIMEZONE:="Europe/Berlin"}
88 EXPANDROOT=${EXPANDROOT:=true}
88 EXPANDROOT=${EXPANDROOT:=true}
89
89
90 # Keyboard settings
90 # Keyboard settings
91 XKB_MODEL=${XKB_MODEL:=""}
91 XKB_MODEL=${XKB_MODEL:=""}
92 XKB_LAYOUT=${XKB_LAYOUT:=""}
92 XKB_LAYOUT=${XKB_LAYOUT:=""}
93 XKB_VARIANT=${XKB_VARIANT:=""}
93 XKB_VARIANT=${XKB_VARIANT:=""}
94 XKB_OPTIONS=${XKB_OPTIONS:=""}
94 XKB_OPTIONS=${XKB_OPTIONS:=""}
95
95
96 # Network settings (DHCP)
96 # Network settings (DHCP)
97 ENABLE_DHCP=${ENABLE_DHCP:=true}
97 ENABLE_DHCP=${ENABLE_DHCP:=true}
98
98
99 # Network settings (static)
99 # Network settings (static)
100 NET_ADDRESS=${NET_ADDRESS:=""}
100 NET_ADDRESS=${NET_ADDRESS:=""}
101 NET_GATEWAY=${NET_GATEWAY:=""}
101 NET_GATEWAY=${NET_GATEWAY:=""}
102 NET_DNS_1=${NET_DNS_1:=""}
102 NET_DNS_1=${NET_DNS_1:=""}
103 NET_DNS_2=${NET_DNS_2:=""}
103 NET_DNS_2=${NET_DNS_2:=""}
104 NET_DNS_DOMAINS=${NET_DNS_DOMAINS:=""}
104 NET_DNS_DOMAINS=${NET_DNS_DOMAINS:=""}
105 NET_NTP_1=${NET_NTP_1:=""}
105 NET_NTP_1=${NET_NTP_1:=""}
106 NET_NTP_2=${NET_NTP_2:=""}
106 NET_NTP_2=${NET_NTP_2:=""}
107
107
108 # APT settings
108 # APT settings
109 APT_PROXY=${APT_PROXY:=""}
109 APT_PROXY=${APT_PROXY:=""}
110 APT_SERVER=${APT_SERVER:="ftp.debian.org"}
110 APT_SERVER=${APT_SERVER:="ftp.debian.org"}
111
111
112 # Feature settings
112 # Feature settings
113 ENABLE_CONSOLE=${ENABLE_CONSOLE:=true}
113 ENABLE_CONSOLE=${ENABLE_CONSOLE:=true}
114 ENABLE_I2C=${ENABLE_I2C:=false}
114 ENABLE_I2C=${ENABLE_I2C:=false}
115 ENABLE_SPI=${ENABLE_SPI:=false}
115 ENABLE_SPI=${ENABLE_SPI:=false}
116 ENABLE_IPV6=${ENABLE_IPV6:=true}
116 ENABLE_IPV6=${ENABLE_IPV6:=true}
117 ENABLE_SSHD=${ENABLE_SSHD:=true}
117 ENABLE_SSHD=${ENABLE_SSHD:=true}
118 ENABLE_NONFREE=${ENABLE_NONFREE:=false}
118 ENABLE_NONFREE=${ENABLE_NONFREE:=false}
119 ENABLE_WIRELESS=${ENABLE_WIRELESS:=false}
119 ENABLE_WIRELESS=${ENABLE_WIRELESS:=false}
120 ENABLE_SOUND=${ENABLE_SOUND:=true}
120 ENABLE_SOUND=${ENABLE_SOUND:=true}
121 ENABLE_DBUS=${ENABLE_DBUS:=true}
121 ENABLE_DBUS=${ENABLE_DBUS:=true}
122 ENABLE_HWRANDOM=${ENABLE_HWRANDOM:=true}
122 ENABLE_HWRANDOM=${ENABLE_HWRANDOM:=true}
123 ENABLE_MINGPU=${ENABLE_MINGPU:=false}
123 ENABLE_MINGPU=${ENABLE_MINGPU:=false}
124 ENABLE_XORG=${ENABLE_XORG:=false}
124 ENABLE_XORG=${ENABLE_XORG:=false}
125 ENABLE_WM=${ENABLE_WM:=""}
125 ENABLE_WM=${ENABLE_WM:=""}
126 ENABLE_RSYSLOG=${ENABLE_RSYSLOG:=true}
126 ENABLE_RSYSLOG=${ENABLE_RSYSLOG:=true}
127 ENABLE_USER=${ENABLE_USER:=true}
127 ENABLE_USER=${ENABLE_USER:=true}
128 USER_NAME=${USER_NAME:="pi"}
128 USER_NAME=${USER_NAME:="pi"}
129 ENABLE_ROOT=${ENABLE_ROOT:=false}
129 ENABLE_ROOT=${ENABLE_ROOT:=false}
130 ENABLE_QEMU=${ENABLE_QEMU:=false}
130 ENABLE_QEMU=${ENABLE_QEMU:=false}
131
131
132 # SSH settings
132 # SSH settings
133 SSH_ENABLE_ROOT=${SSH_ENABLE_ROOT:=false}
133 SSH_ENABLE_ROOT=${SSH_ENABLE_ROOT:=false}
134 SSH_DISABLE_PASSWORD_AUTH=${SSH_DISABLE_PASSWORD_AUTH:=false}
134 SSH_DISABLE_PASSWORD_AUTH=${SSH_DISABLE_PASSWORD_AUTH:=false}
135 SSH_LIMIT_USERS=${SSH_LIMIT_USERS:=false}
135 SSH_LIMIT_USERS=${SSH_LIMIT_USERS:=false}
136 SSH_ROOT_PUB_KEY=${SSH_ROOT_PUB_KEY:=""}
136 SSH_ROOT_PUB_KEY=${SSH_ROOT_PUB_KEY:=""}
137 SSH_USER_PUB_KEY=${SSH_USER_PUB_KEY:=""}
137 SSH_USER_PUB_KEY=${SSH_USER_PUB_KEY:=""}
138
138
139 # Advanced settings
139 # Advanced settings
140 ENABLE_MINBASE=${ENABLE_MINBASE:=false}
140 ENABLE_MINBASE=${ENABLE_MINBASE:=false}
141 ENABLE_REDUCE=${ENABLE_REDUCE:=false}
141 ENABLE_REDUCE=${ENABLE_REDUCE:=false}
142 ENABLE_UBOOT=${ENABLE_UBOOT:=false}
142 ENABLE_UBOOT=${ENABLE_UBOOT:=false}
143 UBOOTSRC_DIR=${UBOOTSRC_DIR:=""}
143 UBOOTSRC_DIR=${UBOOTSRC_DIR:=""}
144 ENABLE_FBTURBO=${ENABLE_FBTURBO:=false}
144 ENABLE_FBTURBO=${ENABLE_FBTURBO:=false}
145 FBTURBOSRC_DIR=${FBTURBOSRC_DIR:=""}
145 FBTURBOSRC_DIR=${FBTURBOSRC_DIR:=""}
146 ENABLE_HARDNET=${ENABLE_HARDNET:=false}
146 ENABLE_HARDNET=${ENABLE_HARDNET:=false}
147 ENABLE_IPTABLES=${ENABLE_IPTABLES:=false}
147 ENABLE_IPTABLES=${ENABLE_IPTABLES:=false}
148 ENABLE_SPLITFS=${ENABLE_SPLITFS:=false}
148 ENABLE_SPLITFS=${ENABLE_SPLITFS:=false}
149 ENABLE_INITRAMFS=${ENABLE_INITRAMFS:=false}
149 ENABLE_INITRAMFS=${ENABLE_INITRAMFS:=false}
150 ENABLE_IFNAMES=${ENABLE_IFNAMES:=true}
150 ENABLE_IFNAMES=${ENABLE_IFNAMES:=true}
151 DISABLE_UNDERVOLT_WARNINGS=${DISABLE_UNDERVOLT_WARNINGS:=}
151 DISABLE_UNDERVOLT_WARNINGS=${DISABLE_UNDERVOLT_WARNINGS:=}
152
152
153 # Kernel compilation settings
153 # Kernel compilation settings
154 BUILD_KERNEL=${BUILD_KERNEL:=true}
154 BUILD_KERNEL=${BUILD_KERNEL:=true}
155 KERNEL_REDUCE=${KERNEL_REDUCE:=false}
155 KERNEL_REDUCE=${KERNEL_REDUCE:=false}
156 KERNEL_THREADS=${KERNEL_THREADS:=1}
156 KERNEL_THREADS=${KERNEL_THREADS:=1}
157 KERNEL_HEADERS=${KERNEL_HEADERS:=true}
157 KERNEL_HEADERS=${KERNEL_HEADERS:=true}
158 KERNEL_MENUCONFIG=${KERNEL_MENUCONFIG:=false}
158 KERNEL_MENUCONFIG=${KERNEL_MENUCONFIG:=false}
159 KERNEL_REMOVESRC=${KERNEL_REMOVESRC:=true}
159 KERNEL_REMOVESRC=${KERNEL_REMOVESRC:=true}
160 KERNEL_OLDDEFCONFIG=${KERNEL_OLDDEFCONFIG:=false}
160 KERNEL_OLDDEFCONFIG=${KERNEL_OLDDEFCONFIG:=false}
161 KERNEL_CCACHE=${KERNEL_CCACHE:=false}
161 KERNEL_CCACHE=${KERNEL_CCACHE:=false}
162
162
163 # Kernel compilation from source directory settings
163 # Kernel compilation from source directory settings
164 KERNELSRC_DIR=${KERNELSRC_DIR:=""}
164 KERNELSRC_DIR=${KERNELSRC_DIR:=""}
165 KERNELSRC_CLEAN=${KERNELSRC_CLEAN:=false}
165 KERNELSRC_CLEAN=${KERNELSRC_CLEAN:=false}
166 KERNELSRC_CONFIG=${KERNELSRC_CONFIG:=true}
166 KERNELSRC_CONFIG=${KERNELSRC_CONFIG:=true}
167 KERNELSRC_PREBUILT=${KERNELSRC_PREBUILT:=false}
167 KERNELSRC_PREBUILT=${KERNELSRC_PREBUILT:=false}
168
168
169 # Reduce disk usage settings
169 # Reduce disk usage settings
170 REDUCE_APT=${REDUCE_APT:=true}
170 REDUCE_APT=${REDUCE_APT:=true}
171 REDUCE_DOC=${REDUCE_DOC:=true}
171 REDUCE_DOC=${REDUCE_DOC:=true}
172 REDUCE_MAN=${REDUCE_MAN:=true}
172 REDUCE_MAN=${REDUCE_MAN:=true}
173 REDUCE_VIM=${REDUCE_VIM:=false}
173 REDUCE_VIM=${REDUCE_VIM:=false}
174 REDUCE_BASH=${REDUCE_BASH:=false}
174 REDUCE_BASH=${REDUCE_BASH:=false}
175 REDUCE_HWDB=${REDUCE_HWDB:=true}
175 REDUCE_HWDB=${REDUCE_HWDB:=true}
176 REDUCE_SSHD=${REDUCE_SSHD:=true}
176 REDUCE_SSHD=${REDUCE_SSHD:=true}
177 REDUCE_LOCALE=${REDUCE_LOCALE:=true}
177 REDUCE_LOCALE=${REDUCE_LOCALE:=true}
178
178
179 # Encrypted filesystem settings
179 # Encrypted filesystem settings
180 ENABLE_CRYPTFS=${ENABLE_CRYPTFS:=false}
180 ENABLE_CRYPTFS=${ENABLE_CRYPTFS:=false}
181 CRYPTFS_PASSWORD=${CRYPTFS_PASSWORD:=""}
181 CRYPTFS_PASSWORD=${CRYPTFS_PASSWORD:=""}
182 CRYPTFS_MAPPING=${CRYPTFS_MAPPING:="secure"}
182 CRYPTFS_MAPPING=${CRYPTFS_MAPPING:="secure"}
183 CRYPTFS_CIPHER=${CRYPTFS_CIPHER:="aes-xts-plain64:sha512"}
183 CRYPTFS_CIPHER=${CRYPTFS_CIPHER:="aes-xts-plain64:sha512"}
184 CRYPTFS_XTSKEYSIZE=${CRYPTFS_XTSKEYSIZE:=512}
184 CRYPTFS_XTSKEYSIZE=${CRYPTFS_XTSKEYSIZE:=512}
185
185
186 # Chroot scripts directory
186 # Chroot scripts directory
187 CHROOT_SCRIPTS=${CHROOT_SCRIPTS:=""}
187 CHROOT_SCRIPTS=${CHROOT_SCRIPTS:=""}
188
188
189 # Packages required in the chroot build environment
189 # Packages required in the chroot build environment
190 APT_INCLUDES=${APT_INCLUDES:=""}
190 APT_INCLUDES=${APT_INCLUDES:=""}
191 APT_INCLUDES="${APT_INCLUDES},apt-transport-https,apt-utils,ca-certificates,debian-archive-keyring,dialog,sudo,systemd,sysvinit-utils"
191 APT_INCLUDES="${APT_INCLUDES},apt-transport-https,apt-utils,ca-certificates,debian-archive-keyring,dialog,sudo,systemd,sysvinit-utils"
192
192
193 # Packages required for bootstrapping
193 # Packages required for bootstrapping
194 REQUIRED_PACKAGES="debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git bc psmisc dbus sudo"
194 REQUIRED_PACKAGES="debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git bc psmisc dbus sudo"
195 MISSING_PACKAGES=""
195 MISSING_PACKAGES=""
196
196
197 #autoselect best apt mirror
197 #autoselect best apt mirror
198 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} netselect-apt"
198 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} netselect-apt"
199
199
200 # Packages installed for c/c++ build environment in chroot (keep empty)
200 # Packages installed for c/c++ build environment in chroot (keep empty)
201 COMPILER_PACKAGES=""
201 COMPILER_PACKAGES=""
202
202
203 set +x
203 set +x
204
204
205 #make script easier and more stable to use with convenient setup switch. Just setup SET_ARCH and RPI_MODEL and your good to go!
205 #make script easier and more stable to use with convenient setup switch. Just setup SET_ARCH and RPI_MODEL and your good to go!
206 if [ -n "$SET_ARCH" ] ; then
206 if [ -n "$SET_ARCH" ] ; then
207 echo "Setting Architecture specific settings"
207 echo "Setting Architecture specific settings"
208 ##################################
208 ##################################
209 # 64 bit config
209 # 64 bit config
210 ##################################
210 ##################################
211 if [ "$SET_ARCH" = 64 ] ; then
211 if [ "$SET_ARCH" = 64 ] ; then
212 echo "64 bit mode selected - Setting up enviroment"
212 echo "64 bit mode selected - Setting up enviroment"
213 # 64 bit depended settings
213 # 64 bit depended settings
214 QEMU_BINARY=${QEMU_BINARY:=/usr/bin/qemu-aarch64-static}
214 QEMU_BINARY=${QEMU_BINARY:=/usr/bin/qemu-aarch64-static}
215 KERNEL_ARCH=${KERNEL_ARCH:=arm64}
215 KERNEL_ARCH=${KERNEL_ARCH:=arm64}
216 KERNEL_BIN_IMAGE=${KERNEL_BIN_IMAGE:="Image"}
216 KERNEL_BIN_IMAGE=${KERNEL_BIN_IMAGE:="Image"}
217 RELEASE_ARCH=${RELEASE_ARCH:=arm64}
217 RELEASE_ARCH=${RELEASE_ARCH:=arm64}
218 CROSS_COMPILE=${CROSS_COMPILE:=aarch64-linux-gnu-}
218 CROSS_COMPILE=${CROSS_COMPILE:=aarch64-linux-gnu-}
219 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-arm64"
219 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-arm64"
220
220
221 if [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then
221 if [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then
222 # RPI 3 serie specific settings
222 # RPI 3 serie specific settings
223 DTB_FILE=${DTB_FILE:=bcm2710-rpi-3-b.dtb}
223 DTB_FILE=${DTB_FILE:=bcm2710-rpi-3-b.dtb}
224 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_3_defconfig}
224 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_3_defconfig}
225
225
226 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcmrpi3_defconfig}
226 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcmrpi3_defconfig}
227 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel8.img}
227 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel8.img}
228 else
228 else
229 echo "error: At the moment Raspberry PI 3 and 3B+ are the only Models which support 64bit"
229 echo "error: At the moment Raspberry PI 3 and 3B+ are the only Models which support 64bit"
230 exit 1
230 exit 1
231 fi
231 fi
232 fi
232 fi
233
233
234 ##################################
234 ##################################
235 # 32 bit config
235 # 32 bit config
236 ##################################
236 ##################################
237 if [ "$SET_ARCH" = 32 ] ; then
237 if [ "$SET_ARCH" = 32 ] ; then
238 echo "32 bit mode selected - Setting up enviroment"
238 echo "32 bit mode selected - Setting up enviroment"
239 #General 32bit configuration
239 #General 32bit configuration
240 QEMU_BINARY=${QEMU_BINARY:=/usr/bin/qemu-arm-static}
240 QEMU_BINARY=${QEMU_BINARY:=/usr/bin/qemu-arm-static}
241 KERNEL_ARCH=${KERNEL_ARCH:=arm}
241 KERNEL_ARCH=${KERNEL_ARCH:=arm}
242 KERNEL_BIN_IMAGE=${KERNEL_BIN_IMAGE:="zImage"}
242 KERNEL_BIN_IMAGE=${KERNEL_BIN_IMAGE:="zImage"}
243
243
244 #Raspberry setting grouped by board compability
244 #Raspberry setting grouped by board compability
245 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 1 ] || [ "$RPI_MODEL" = 1P ] ; then
245 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 1 ] || [ "$RPI_MODEL" = 1P ] ; then
246 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-armel"
246 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-armel"
247 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcmrpi_defconfig}
247 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcmrpi_defconfig}
248 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_defconfig}
248 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_defconfig}
249 RELEASE_ARCH=${RELEASE_ARCH:=armel}
249 RELEASE_ARCH=${RELEASE_ARCH:=armel}
250 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel.img}
250 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel.img}
251 CROSS_COMPILE=${CROSS_COMPILE:=arm-linux-gnueabi-}
251 CROSS_COMPILE=${CROSS_COMPILE:=arm-linux-gnueabi-}
252 fi
252 fi
253 if [ "$RPI_MODEL" = 2 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then
253 if [ "$RPI_MODEL" = 2 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then
254 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-armhf"
254 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-armhf"
255 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcm2709_defconfig}
255 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcm2709_defconfig}
256 RELEASE_ARCH=${RELEASE_ARCH:=armhf}
256 RELEASE_ARCH=${RELEASE_ARCH:=armhf}
257 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel7.img}
257 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel7.img}
258 CROSS_COMPILE=${CROSS_COMPILE:=arm-linux-gnueabihf-}
258 CROSS_COMPILE=${CROSS_COMPILE:=arm-linux-gnueabihf-}
259 fi
259 fi
260 #Device specific configuration
260 #Device specific configuration
261 case "$RPI_MODEL" in
261 case "$RPI_MODEL" in
262 0)
262 0)
263 DTB_FILE=${DTB_FILE:=bcm2708-rpi-0-w.dtb}
263 DTB_FILE=${DTB_FILE:=bcm2708-rpi-0-w.dtb}
264 ;;
264 ;;
265 1)
265 1)
266 DTB_FILE=${DTB_FILE:=bcm2708-rpi-b.dtb}
266 DTB_FILE=${DTB_FILE:=bcm2708-rpi-b.dtb}
267 ;;
267 ;;
268 1P)
268 1P)
269 DTB_FILE=${DTB_FILE:=bcm2708-rpi-b-plus.dtb}
269 DTB_FILE=${DTB_FILE:=bcm2708-rpi-b-plus.dtb}
270 ;;
270 ;;
271 2)
271 2)
272 DTB_FILE=${DTB_FILE:=bcm2709-rpi-2-b.dtb}
272 DTB_FILE=${DTB_FILE:=bcm2709-rpi-2-b.dtb}
273 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_2_defconfig}
273 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_2_defconfig}
274 ;;
274 ;;
275 3)
275 3)
276 DTB_FILE=${DTB_FILE:=bcm2710-rpi-3-b.dtb}
276 DTB_FILE=${DTB_FILE:=bcm2710-rpi-3-b.dtb}
277 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_3_32b_defconfig}
277 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_3_32b_defconfig}
278 ;;
278 ;;
279 3P)
279 3P)
280 DTB_FILE=${DTB_FILE:=bcm2710-rpi-3-b.dtb}
280 DTB_FILE=${DTB_FILE:=bcm2710-rpi-3-b.dtb}
281 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_3_32b_defconfig}
281 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_3_32b_defconfig}
282 ;;
282 ;;
283 *)
283 *)
284 echo "error: Raspberry Pi model ${RPI_MODEL} is not supported!"
284 echo "error: Raspberry Pi model ${RPI_MODEL} is not supported!"
285 exit 1
285 exit 1
286 ;;
286 ;;
287 esac
287 esac
288
288
289 #Device specific configuration
289 #Device specific configuration
290 # if [ "$RPI_MODEL" = 0 ] ; then
290 # if [ "$RPI_MODEL" = 0 ] ; then
291 # DTB_FILE=${DTB_FILE:=bcm2708-rpi-0-w.dtb}
291 # DTB_FILE=${DTB_FILE:=bcm2708-rpi-0-w.dtb}
292 # fi
292 # fi
293 # if [ "$RPI_MODEL" = 1 ] ; then
293 # if [ "$RPI_MODEL" = 1 ] ; then
294 # DTB_FILE=${DTB_FILE:=bcm2708-rpi-b.dtb}
294 # DTB_FILE=${DTB_FILE:=bcm2708-rpi-b.dtb}
295 # fi
295 # fi
296 # if [ "$RPI_MODEL" = 1P ] ; then
296 # if [ "$RPI_MODEL" = 1P ] ; then
297 # DTB_FILE=${DTB_FILE:=bcm2708-rpi-b-plus.dtb}
297 # DTB_FILE=${DTB_FILE:=bcm2708-rpi-b-plus.dtb}
298 # fi
298 # fi
299 # if [ "$RPI_MODEL" = 2 ] ; then
299 # if [ "$RPI_MODEL" = 2 ] ; then
300 # DTB_FILE=${DTB_FILE:=bcm2709-rpi-2-b.dtb}
300 # DTB_FILE=${DTB_FILE:=bcm2709-rpi-2-b.dtb}
301 # UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_2_defconfig}
301 # UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_2_defconfig}
302 # #Precompiled Kernel rpi2
302 # #Precompiled Kernel rpi2
303 # #COLLABORA_KERNEL=${COLLABORA_KERNEL:=3.18.0-trunk-rpi2}
303 # #COLLABORA_KERNEL=${COLLABORA_KERNEL:=3.18.0-trunk-rpi2}
304 # fi
304 # fi
305 # if [ "$RPI_MODEL" = 3 ] ; then
305 # if [ "$RPI_MODEL" = 3 ] ; then
306 # DTB_FILE=${DTB_FILE:=bcm2710-rpi-3-b.dtb}
306 # DTB_FILE=${DTB_FILE:=bcm2710-rpi-3-b.dtb}
307 # UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_3_32b_defconfig}
307 # UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_3_32b_defconfig}
308 # fi
308 # fi
309 # if [ "$RPI_MODEL" = 3P ] ; then
309 # if [ "$RPI_MODEL" = 3P ] ; then
310 # DTB_FILE=${DTB_FILE:=bcm2710-rpi-3-b.dtb}
310 # DTB_FILE=${DTB_FILE:=bcm2710-rpi-3-b.dtb}
311 # UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_3_32b_defconfig}
311 # UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_3_32b_defconfig}
312 # fi
312 # fi
313 # if [ -z "$RPI_MODEL" ] ; then
313 # if [ -z "$RPI_MODEL" ] ; then
314 # echo "error: Raspberry Pi model $RPI_MODEL is not set!"
314 # echo "error: Raspberry Pi model $RPI_MODEL is not set!"
315 # exit 1
315 # exit 1
316 # fi
316 # fi
317
317
318 #end 32 bit
318 #end 32 bit
319 fi
319 fi
320 #SET_ARCH not set
320 #SET_ARCH not set
321 else
321 else
322 echo "error: Please set '32' or '64' as value for SET_ARCH"
322 echo "error: Please set '32' or '64' as value for SET_ARCH"
323 exit 1
323 exit 1
324 fi
324 fi
325
325
326 # Check if the internal wireless interface is supported by the RPi model
326 # Check if the internal wireless interface is supported by the RPi model
327 if [ "$ENABLE_WIRELESS" = true ] && { [ "$RPI_MODEL" = 1 ] || [ "$RPI_MODEL" = 1P ] || [ "$RPI_MODEL" = 2 ] ; } ; then
327 if [ "$ENABLE_WIRELESS" = true ] && { [ "$RPI_MODEL" = 1 ] || [ "$RPI_MODEL" = 1P ] || [ "$RPI_MODEL" = 2 ] ; } ; then
328 echo "error: The selected Raspberry Pi model has no internal wireless interface"
328 echo "error: The selected Raspberry Pi model has no internal wireless interface"
329 exit 1
329 exit 1
330 else
330 else
331 echo "Raspberry Pi model"
331 echo "Raspberry Pi model"
332 fi
332 fi
333
333
334 # Check if DISABLE_UNDERVOLT_WARNINGS parameter value is supported
334 # Check if DISABLE_UNDERVOLT_WARNINGS parameter value is supported
335 if [ -n "$DISABLE_UNDERVOLT_WARNINGS" ] ; then
335 if [ -n "$DISABLE_UNDERVOLT_WARNINGS" ] ; then
336 if [ "$DISABLE_UNDERVOLT_WARNINGS" != 1 ] && [ "$DISABLE_UNDERVOLT_WARNINGS" != 2 ] ; then
336 if [ "$DISABLE_UNDERVOLT_WARNINGS" != 1 ] && [ "$DISABLE_UNDERVOLT_WARNINGS" != 2 ] ; then
337 echo "error: DISABLE_UNDERVOLT_WARNINGS=${DISABLE_UNDERVOLT_WARNINGS} is not supported"
337 echo "error: DISABLE_UNDERVOLT_WARNINGS=${DISABLE_UNDERVOLT_WARNINGS} is not supported"
338 exit 1
338 exit 1
339 fi
339 fi
340 fi
340 fi
341
341
342 # Add libncurses5 to enable kernel menuconfig
342 # Add libncurses5 to enable kernel menuconfig
343 if [ "$KERNEL_MENUCONFIG" = true ] ; then
343 if [ "$KERNEL_MENUCONFIG" = true ] ; then
344 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} libncurses5-dev"
344 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} libncurses5-dev"
345 fi
345 fi
346
346
347 # Add ccache compiler cache for (faster) kernel cross (re)compilation
347 # Add ccache compiler cache for (faster) kernel cross (re)compilation
348 if [ "$KERNEL_CCACHE" = true ] ; then
348 if [ "$KERNEL_CCACHE" = true ] ; then
349 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} ccache"
349 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} ccache"
350 fi
350 fi
351
351
352 # Add cryptsetup package to enable filesystem encryption
352 # Add cryptsetup package to enable filesystem encryption
353 if [ "$ENABLE_CRYPTFS" = true ] && [ "$BUILD_KERNEL" = true ] ; then
353 if [ "$ENABLE_CRYPTFS" = true ] && [ "$BUILD_KERNEL" = true ] ; then
354 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} cryptsetup"
354 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} cryptsetup"
355 APT_INCLUDES="${APT_INCLUDES},cryptsetup,busybox,console-setup"
355 APT_INCLUDES="${APT_INCLUDES},cryptsetup,busybox,console-setup"
356
356
357 if [ -z "$CRYPTFS_PASSWORD" ] ; then
357 if [ -z "$CRYPTFS_PASSWORD" ] ; then
358 echo "error: no password defined (CRYPTFS_PASSWORD)!"
358 echo "error: no password defined (CRYPTFS_PASSWORD)!"
359 exit 1
359 exit 1
360 fi
360 fi
361 ENABLE_INITRAMFS=true
361 ENABLE_INITRAMFS=true
362 fi
362 fi
363
363
364 # Add initramfs generation tools
364 # Add initramfs generation tools
365 if [ "$ENABLE_INITRAMFS" = true ] && [ "$BUILD_KERNEL" = true ] ; then
365 if [ "$ENABLE_INITRAMFS" = true ] && [ "$BUILD_KERNEL" = true ] ; then
366 APT_INCLUDES="${APT_INCLUDES},initramfs-tools"
366 APT_INCLUDES="${APT_INCLUDES},initramfs-tools"
367 fi
367 fi
368
368
369 # Add device-tree-compiler required for building the U-Boot bootloader
369 # Add device-tree-compiler required for building the U-Boot bootloader
370 if [ "$ENABLE_UBOOT" = true ] ; then
370 if [ "$ENABLE_UBOOT" = true ] ; then
371 APT_INCLUDES="${APT_INCLUDES},device-tree-compiler,bison,flex"
371 APT_INCLUDES="${APT_INCLUDES},device-tree-compiler,bison,flex"
372 fi
372 fi
373
373
374 # Check if root SSH (v2) public key file exists
374 # Check if root SSH (v2) public key file exists
375 if [ -n "$SSH_ROOT_PUB_KEY" ] ; then
375 if [ -n "$SSH_ROOT_PUB_KEY" ] ; then
376 if [ ! -f "$SSH_ROOT_PUB_KEY" ] ; then
376 if [ ! -f "$SSH_ROOT_PUB_KEY" ] ; then
377 echo "error: '$SSH_ROOT_PUB_KEY' specified SSH public key file not found (SSH_ROOT_PUB_KEY)!"
377 echo "error: '$SSH_ROOT_PUB_KEY' specified SSH public key file not found (SSH_ROOT_PUB_KEY)!"
378 exit 1
378 exit 1
379 fi
379 fi
380 fi
380 fi
381
381
382 # Check if $USER_NAME SSH (v2) public key file exists
382 # Check if $USER_NAME SSH (v2) public key file exists
383 if [ -n "$SSH_USER_PUB_KEY" ] ; then
383 if [ -n "$SSH_USER_PUB_KEY" ] ; then
384 if [ ! -f "$SSH_USER_PUB_KEY" ] ; then
384 if [ ! -f "$SSH_USER_PUB_KEY" ] ; then
385 echo "error: '$SSH_USER_PUB_KEY' specified SSH public key file not found (SSH_USER_PUB_KEY)!"
385 echo "error: '$SSH_USER_PUB_KEY' specified SSH public key file not found (SSH_USER_PUB_KEY)!"
386 exit 1
386 exit 1
387 fi
387 fi
388 fi
388 fi
389
389
390 # Check if all required packages are installed on the build system
390 # Check if all required packages are installed on the build system
391 for package in $REQUIRED_PACKAGES ; do
391 for package in $REQUIRED_PACKAGES ; do
392 if [ "$(dpkg-query -W -f='${Status}' "$package")" != "install ok installed" ] ; then
392 if [ "$(dpkg-query -W -f='${Status}' "$package")" != "install ok installed" ] ; then
393 MISSING_PACKAGES="${MISSING_PACKAGES} $package"
393 MISSING_PACKAGES="${MISSING_PACKAGES} $package"
394 fi
394 fi
395 done
395 done
396
396
397 # If there are missing packages ask confirmation for install, or exit
397 # If there are missing packages ask confirmation for install, or exit
398 if [ -n "$MISSING_PACKAGES" ] ; then
398 if [ -n "$MISSING_PACKAGES" ] ; then
399 echo "the following packages needed by this script are not installed:"
399 echo "the following packages needed by this script are not installed:"
400 echo "$MISSING_PACKAGES"
400 echo "$MISSING_PACKAGES"
401
401
402 printf "\ndo you want to install the missing packages right now? [y/n] "
402 printf "\ndo you want to install the missing packages right now? [y/n] "
403 read -r confirm
403 read -r confirm
404 [ "$confirm" != "y" ] && exit 1
404 [ "$confirm" != "y" ] && exit 1
405
405
406 # Make sure all missing required packages are installed
406 # Make sure all missing required packages are installed
407 apt-get -qq -y install "${MISSING_PACKAGES}"
407 apt-get -qq -y install "${MISSING_PACKAGES}"
408 fi
408 fi
409
409
410 # Check if ./bootstrap.d directory exists
410 # Check if ./bootstrap.d directory exists
411 if [ ! -d "./bootstrap.d/" ] ; then
411 if [ ! -d "./bootstrap.d/" ] ; then
412 echo "error: './bootstrap.d' required directory not found!"
412 echo "error: './bootstrap.d' required directory not found!"
413 exit 1
413 exit 1
414 fi
414 fi
415
415
416 # Check if ./files directory exists
416 # Check if ./files directory exists
417 if [ ! -d "./files/" ] ; then
417 if [ ! -d "./files/" ] ; then
418 echo "error: './files' required directory not found!"
418 echo "error: './files' required directory not found!"
419 exit 1
419 exit 1
420 fi
420 fi
421
421
422 # Check if specified KERNELSRC_DIR directory exists
422 # Check if specified KERNELSRC_DIR directory exists
423 if [ -n "$KERNELSRC_DIR" ] && [ ! -d "$KERNELSRC_DIR" ] ; then
423 if [ -n "$KERNELSRC_DIR" ] && [ ! -d "$KERNELSRC_DIR" ] ; then
424 echo "error: '${KERNELSRC_DIR}' specified directory not found (KERNELSRC_DIR)!"
424 echo "error: '${KERNELSRC_DIR}' specified directory not found (KERNELSRC_DIR)!"
425 exit 1
425 exit 1
426 fi
426 fi
427
427
428 # Check if specified UBOOTSRC_DIR directory exists
428 # Check if specified UBOOTSRC_DIR directory exists
429 if [ -n "$UBOOTSRC_DIR" ] && [ ! -d "$UBOOTSRC_DIR" ] ; then
429 if [ -n "$UBOOTSRC_DIR" ] && [ ! -d "$UBOOTSRC_DIR" ] ; then
430 echo "error: '${UBOOTSRC_DIR}' specified directory not found (UBOOTSRC_DIR)!"
430 echo "error: '${UBOOTSRC_DIR}' specified directory not found (UBOOTSRC_DIR)!"
431 exit 1
431 exit 1
432 fi
432 fi
433
433
434 # Check if specified FBTURBOSRC_DIR directory exists
434 # Check if specified FBTURBOSRC_DIR directory exists
435 if [ -n "$FBTURBOSRC_DIR" ] && [ ! -d "$FBTURBOSRC_DIR" ] ; then
435 if [ -n "$FBTURBOSRC_DIR" ] && [ ! -d "$FBTURBOSRC_DIR" ] ; then
436 echo "error: '${FBTURBOSRC_DIR}' specified directory not found (FBTURBOSRC_DIR)!"
436 echo "error: '${FBTURBOSRC_DIR}' specified directory not found (FBTURBOSRC_DIR)!"
437 exit 1
437 exit 1
438 fi
438 fi
439
439
440 # Check if specified CHROOT_SCRIPTS directory exists
440 # Check if specified CHROOT_SCRIPTS directory exists
441 if [ -n "$CHROOT_SCRIPTS" ] && [ ! -d "$CHROOT_SCRIPTS" ] ; then
441 if [ -n "$CHROOT_SCRIPTS" ] && [ ! -d "$CHROOT_SCRIPTS" ] ; then
442 echo "error: ${CHROOT_SCRIPTS} specified directory not found (CHROOT_SCRIPTS)!"
442 echo "error: ${CHROOT_SCRIPTS} specified directory not found (CHROOT_SCRIPTS)!"
443 exit 1
443 exit 1
444 fi
444 fi
445
445
446 # Check if specified device mapping already exists (will be used by cryptsetup)
446 # Check if specified device mapping already exists (will be used by cryptsetup)
447 if [ -r "/dev/mapping/${CRYPTFS_MAPPING}" ] ; then
447 if [ -r "/dev/mapping/${CRYPTFS_MAPPING}" ] ; then
448 echo "error: mapping /dev/mapping/${CRYPTFS_MAPPING} already exists, not proceeding"
448 echo "error: mapping /dev/mapping/${CRYPTFS_MAPPING} already exists, not proceeding"
449 exit 1
449 exit 1
450 fi
450 fi
451
451
452 # Don't clobber an old build
452 # Don't clobber an old build
453 if [ -e "$BUILDDIR" ] ; then
453 if [ -e "$BUILDDIR" ] ; then
454 echo "error: directory ${BUILDDIR} already exists, not proceeding"
454 echo "error: directory ${BUILDDIR} already exists, not proceeding"
455 exit 1
455 exit 1
456 fi
456 fi
457
457
458 # Setup chroot directory
458 # Setup chroot directory
459 mkdir -p "${R}"
459 mkdir -p "${R}"
460
460
461 # Check if build directory has enough of free disk space >512MB
461 # Check if build directory has enough of free disk space >512MB
462 if [ "$(df --output=avail ${BUILDDIR} | sed "1d")" -le "524288" ] ; then
462 if [ "$(df --output=avail "${BUILDDIR}" | sed "1d")" -le "524288" ] ; then
463 echo "error: ${BUILDDIR} not enough space left to generate the output image!"
463 echo "error: ${BUILDDIR} not enough space left to generate the output image!"
464 exit 1
464 exit 1
465 fi
465 fi
466
466
467 set -x
467 set -x
468
468
469 # Call "cleanup" function on various signals and errors
469 # Call "cleanup" function on various signals and errors
470 trap cleanup 0 1 2 3 6
470 trap cleanup 0 1 2 3 6
471
471
472 # Add required packages for the minbase installation
472 # Add required packages for the minbase installation
473 if [ "$ENABLE_MINBASE" = true ] ; then
473 if [ "$ENABLE_MINBASE" = true ] ; then
474 APT_INCLUDES="${APT_INCLUDES},vim-tiny,netbase,net-tools,ifupdown"
474 APT_INCLUDES="${APT_INCLUDES},vim-tiny,netbase,net-tools,ifupdown"
475 fi
475 fi
476
476
477 # Add required locales packages
477 # Add required locales packages
478 if [ "$DEFLOCAL" != "en_US.UTF-8" ] || { [ -n "$XKB_MODEL" ] || [ -n "$XKB_LAYOUT" ] || [ -n "$XKB_VARIANT" ] || [ -n "$XKB_OPTIONS" ] ; } ; then
478 if [ "$DEFLOCAL" != "en_US.UTF-8" ] || { [ -n "$XKB_MODEL" ] || [ -n "$XKB_LAYOUT" ] || [ -n "$XKB_VARIANT" ] || [ -n "$XKB_OPTIONS" ] ; } ; then
479 APT_INCLUDES="${APT_INCLUDES},locales,keyboard-configuration,console-setup"
479 APT_INCLUDES="${APT_INCLUDES},locales,keyboard-configuration,console-setup"
480 fi
480 fi
481
481
482 # Add parted package, required to get partprobe utility
482 # Add parted package, required to get partprobe utility
483 if [ "$EXPANDROOT" = true ] ; then
483 if [ "$EXPANDROOT" = true ] ; then
484 APT_INCLUDES="${APT_INCLUDES},parted"
484 APT_INCLUDES="${APT_INCLUDES},parted"
485 fi
485 fi
486
486
487 # Add dbus package, recommended if using systemd
487 # Add dbus package, recommended if using systemd
488 if [ "$ENABLE_DBUS" = true ] ; then
488 if [ "$ENABLE_DBUS" = true ] ; then
489 APT_INCLUDES="${APT_INCLUDES},dbus"
489 APT_INCLUDES="${APT_INCLUDES},dbus"
490 fi
490 fi
491
491
492 # Add iptables IPv4/IPv6 package
492 # Add iptables IPv4/IPv6 package
493 if [ "$ENABLE_IPTABLES" = true ] ; then
493 if [ "$ENABLE_IPTABLES" = true ] ; then
494 APT_INCLUDES="${APT_INCLUDES},iptables,iptables-persistent"
494 APT_INCLUDES="${APT_INCLUDES},iptables,iptables-persistent"
495 fi
495 fi
496
496
497 # Add openssh server package
497 # Add openssh server package
498 if [ "$ENABLE_SSHD" = true ] ; then
498 if [ "$ENABLE_SSHD" = true ] ; then
499 APT_INCLUDES="${APT_INCLUDES},openssh-server"
499 APT_INCLUDES="${APT_INCLUDES},openssh-server"
500 fi
500 fi
501
501
502 # Add alsa-utils package
502 # Add alsa-utils package
503 if [ "$ENABLE_SOUND" = true ] ; then
503 if [ "$ENABLE_SOUND" = true ] ; then
504 APT_INCLUDES="${APT_INCLUDES},alsa-utils"
504 APT_INCLUDES="${APT_INCLUDES},alsa-utils"
505 fi
505 fi
506
506
507 # Add rng-tools package
507 # Add rng-tools package
508 if [ "$ENABLE_HWRANDOM" = true ] ; then
508 if [ "$ENABLE_HWRANDOM" = true ] ; then
509 APT_INCLUDES="${APT_INCLUDES},rng-tools"
509 APT_INCLUDES="${APT_INCLUDES},rng-tools"
510 fi
510 fi
511
511
512 # Add fbturbo video driver
512 # Add fbturbo video driver
513 if [ "$ENABLE_FBTURBO" = true ] ; then
513 if [ "$ENABLE_FBTURBO" = true ] ; then
514 # Enable xorg package dependencies
514 # Enable xorg package dependencies
515 ENABLE_XORG=true
515 ENABLE_XORG=true
516 fi
516 fi
517
517
518 # Add user defined window manager package
518 # Add user defined window manager package
519 if [ -n "$ENABLE_WM" ] ; then
519 if [ -n "$ENABLE_WM" ] ; then
520 APT_INCLUDES="${APT_INCLUDES},${ENABLE_WM}"
520 APT_INCLUDES="${APT_INCLUDES},${ENABLE_WM}"
521
521
522 # Enable xorg package dependencies
522 # Enable xorg package dependencies
523 ENABLE_XORG=true
523 ENABLE_XORG=true
524 fi
524 fi
525
525
526 # Add xorg package
526 # Add xorg package
527 if [ "$ENABLE_XORG" = true ] ; then
527 if [ "$ENABLE_XORG" = true ] ; then
528 APT_INCLUDES="${APT_INCLUDES},xorg,dbus-x11"
528 APT_INCLUDES="${APT_INCLUDES},xorg,dbus-x11"
529 fi
529 fi
530
530
531 # Replace selected packages with smaller clones
531 # Replace selected packages with smaller clones
532 if [ "$ENABLE_REDUCE" = true ] ; then
532 if [ "$ENABLE_REDUCE" = true ] ; then
533 # Add levee package instead of vim-tiny
533 # Add levee package instead of vim-tiny
534 if [ "$REDUCE_VIM" = true ] ; then
534 if [ "$REDUCE_VIM" = true ] ; then
535 APT_INCLUDES="$(echo ${APT_INCLUDES} | sed "s/vim-tiny/levee/")"
535 APT_INCLUDES="$(echo ${APT_INCLUDES} | sed "s/vim-tiny/levee/")"
536 fi
536 fi
537
537
538 # Add dropbear package instead of openssh-server
538 # Add dropbear package instead of openssh-server
539 if [ "$REDUCE_SSHD" = true ] ; then
539 if [ "$REDUCE_SSHD" = true ] ; then
540 APT_INCLUDES="$(echo "${APT_INCLUDES}" | sed "s/openssh-server/dropbear/")"
540 APT_INCLUDES="$(echo "${APT_INCLUDES}" | sed "s/openssh-server/dropbear/")"
541 fi
541 fi
542 fi
542 fi
543
543
544 # Configure kernel sources if no KERNELSRC_DIR
544 # Configure kernel sources if no KERNELSRC_DIR
545 if [ "$BUILD_KERNEL" = true ] && [ -z "$KERNELSRC_DIR" ] ; then
545 if [ "$BUILD_KERNEL" = true ] && [ -z "$KERNELSRC_DIR" ] ; then
546 KERNELSRC_CONFIG=true
546 KERNELSRC_CONFIG=true
547 fi
547 fi
548
548
549 # Configure reduced kernel
549 # Configure reduced kernel
550 if [ "$KERNEL_REDUCE" = true ] ; then
550 if [ "$KERNEL_REDUCE" = true ] ; then
551 KERNELSRC_CONFIG=false
551 KERNELSRC_CONFIG=false
552 fi
552 fi
553
553
554 # Execute bootstrap scripts
554 # Execute bootstrap scripts
555 for SCRIPT in bootstrap.d/*.sh; do
555 for SCRIPT in bootstrap.d/*.sh; do
556 head -n 3 "$SCRIPT"
556 head -n 3 "$SCRIPT"
557 . "$SCRIPT"
557 . "$SCRIPT"
558 done
558 done
559
559
560 ## Execute custom bootstrap scripts
560 ## Execute custom bootstrap scripts
561 if [ -d "custom.d" ] ; then
561 if [ -d "custom.d" ] ; then
562 for SCRIPT in custom.d/*.sh; do
562 for SCRIPT in custom.d/*.sh; do
563 . "$SCRIPT"
563 . "$SCRIPT"
564 done
564 done
565 fi
565 fi
566
566
567 # Execute custom scripts inside the chroot
567 # Execute custom scripts inside the chroot
568 if [ -n "$CHROOT_SCRIPTS" ] && [ -d "$CHROOT_SCRIPTS" ] ; then
568 if [ -n "$CHROOT_SCRIPTS" ] && [ -d "$CHROOT_SCRIPTS" ] ; then
569 cp -r "${CHROOT_SCRIPTS}" "${R}/chroot_scripts"
569 cp -r "${CHROOT_SCRIPTS}" "${R}/chroot_scripts"
570 chroot_exec /bin/bash -x <<'EOF'
570 chroot_exec /bin/bash -x <<'EOF'
571 for SCRIPT in /chroot_scripts/* ; do
571 for SCRIPT in /chroot_scripts/* ; do
572 if [ -f $SCRIPT -a -x $SCRIPT ] ; then
572 if [ -f $SCRIPT -a -x $SCRIPT ] ; then
573 $SCRIPT
573 $SCRIPT
574 fi
574 fi
575 done
575 done
576 EOF
576 EOF
577 rm -rf "${R}/chroot_scripts"
577 rm -rf "${R}/chroot_scripts"
578 fi
578 fi
579
579
580 # Remove c/c++ build environment from the chroot
580 # Remove c/c++ build environment from the chroot
581 chroot_remove_cc
581 chroot_remove_cc
582
582
583 # Generate required machine-id
583 # Generate required machine-id
584 MACHINE_ID=$(dbus-uuidgen)
584 MACHINE_ID=$(dbus-uuidgen)
585 echo -n "${MACHINE_ID}" > "${R}/var/lib/dbus/machine-id"
585 echo -n "${MACHINE_ID}" > "${R}/var/lib/dbus/machine-id"
586 echo -n "${MACHINE_ID}" > "${ETC_DIR}/machine-id"
586 echo -n "${MACHINE_ID}" > "${ETC_DIR}/machine-id"
587
587
588 # APT Cleanup
588 # APT Cleanup
589 chroot_exec apt-get -y clean
589 chroot_exec apt-get -y clean
590 chroot_exec apt-get -y autoclean
590 chroot_exec apt-get -y autoclean
591 chroot_exec apt-get -y autoremove
591 chroot_exec apt-get -y autoremove
592
592
593 # Unmount mounted filesystems
593 # Unmount mounted filesystems
594 umount -l "${R}/proc"
594 umount -l "${R}/proc"
595 umount -l "${R}/sys"
595 umount -l "${R}/sys"
596
596
597 # Clean up directories
597 # Clean up directories
598 rm -rf "${R}/run/*"
598 rm -rf "${R}/run/*"
599 rm -rf "${R}/tmp/*"
599 rm -rf "${R}/tmp/*"
600
600
601 # Clean up files
601 # Clean up files
602 rm -f "${ETC_DIR}/ssh/ssh_host_*"
602 rm -f "${ETC_DIR}/ssh/ssh_host_*"
603 rm -f "${ETC_DIR}/dropbear/dropbear_*"
603 rm -f "${ETC_DIR}/dropbear/dropbear_*"
604 rm -f "${ETC_DIR}/apt/sources.list.save"
604 rm -f "${ETC_DIR}/apt/sources.list.save"
605 rm -f "${ETC_DIR}/resolvconf/resolv.conf.d/original"
605 rm -f "${ETC_DIR}/resolvconf/resolv.conf.d/original"
606 rm -f "${ETC_DIR}/*-"
606 rm -f "${ETC_DIR}/*-"
607 rm -f "${ETC_DIR}/apt/apt.conf.d/10proxy"
607 rm -f "${ETC_DIR}/apt/apt.conf.d/10proxy"
608 rm -f "${ETC_DIR}/resolv.conf"
608 rm -f "${ETC_DIR}/resolv.conf"
609 rm -f "${R}/root/.bash_history"
609 rm -f "${R}/root/.bash_history"
610 rm -f "${R}/var/lib/urandom/random-seed"
610 rm -f "${R}/var/lib/urandom/random-seed"
611 rm -f "${R}/initrd.img"
611 rm -f "${R}/initrd.img"
612 rm -f "${R}/vmlinuz"
612 rm -f "${R}/vmlinuz"
613 rm -f "${R}${QEMU_BINARY}"
613 rm -f "${R}${QEMU_BINARY}"
614
614
615 if [ "$ENABLE_QEMU" = true ] ; then
615 if [ "$ENABLE_QEMU" = true ] ; then
616 # Configure qemu compatible kernel
616 # Configure qemu compatible kernel
617 DTB_FILE=vexpress-v2p-ca15_a7.dtb
617 DTB_FILE=vexpress-v2p-ca15_a7.dtb
618 UBOOT_CONFIG=vexpress_ca15_tc2_defconfig
618 UBOOT_CONFIG=vexpress_ca15_tc2_defconfig
619 KERNEL_DEFCONFIG="vexpress_defconfig"
619 KERNEL_DEFCONFIG="vexpress_defconfig"
620 if [ "$KERNEL_MENUCONFIG" = false ] ; then
620 if [ "$KERNEL_MENUCONFIG" = false ] ; then
621 KERNEL_OLDDEFCONFIG=true
621 KERNEL_OLDDEFCONFIG=true
622 fi
622 fi
623
623
624 # Setup QEMU directory
624 # Setup QEMU directory
625 mkdir "${BASEDIR}/qemu"
625 mkdir "${BASEDIR}/qemu"
626
626
627 # Copy kernel image to QEMU directory
627 # Copy kernel image to QEMU directory
628 install_readonly "${BOOT_DIR}/${KERNEL_IMAGE}" "${BASEDIR}/qemu/${KERNEL_IMAGE}"
628 install_readonly "${BOOT_DIR}/${KERNEL_IMAGE}" "${BASEDIR}/qemu/${KERNEL_IMAGE}"
629
629
630 # Copy kernel config to QEMU directory
630 # Copy kernel config to QEMU directory
631 install_readonly "${R}/boot/config-${KERNEL_VERSION}" "${BASEDIR}/qemu/config-${KERNEL_VERSION}"
631 install_readonly "${R}/boot/config-${KERNEL_VERSION}" "${BASEDIR}/qemu/config-${KERNEL_VERSION}"
632
632
633 # Copy kernel dtbs to QEMU directory
633 # Copy kernel dtbs to QEMU directory
634 for dtb in "${BOOT_DIR}/"*.dtb ; do
634 for dtb in "${BOOT_DIR}/"*.dtb ; do
635 if [ -f "${dtb}" ] ; then
635 if [ -f "${dtb}" ] ; then
636 install_readonly "${dtb}" "${BASEDIR}/qemu/"
636 install_readonly "${dtb}" "${BASEDIR}/qemu/"
637 fi
637 fi
638 done
638 done
639
639
640 # Copy kernel overlays to QEMU directory
640 # Copy kernel overlays to QEMU directory
641 if [ -d "${BOOT_DIR}/overlays" ] ; then
641 if [ -d "${BOOT_DIR}/overlays" ] ; then
642 # Setup overlays dtbs directory
642 # Setup overlays dtbs directory
643 mkdir "${BASEDIR}/qemu/overlays"
643 mkdir "${BASEDIR}/qemu/overlays"
644
644
645 for dtb in "${BOOT_DIR}/overlays/"*.dtb ; do
645 for dtb in "${BOOT_DIR}/overlays/"*.dtb ; do
646 if [ -f "${dtb}" ] ; then
646 if [ -f "${dtb}" ] ; then
647 install_readonly "${dtb}" "${BASEDIR}/qemu/overlays/"
647 install_readonly "${dtb}" "${BASEDIR}/qemu/overlays/"
648 fi
648 fi
649 done
649 done
650 fi
650 fi
651
651
652 # Copy u-boot files to QEMU directory
652 # Copy u-boot files to QEMU directory
653 if [ "$ENABLE_UBOOT" = true ] ; then
653 if [ "$ENABLE_UBOOT" = true ] ; then
654 if [ -f "${BOOT_DIR}/u-boot.bin" ] ; then
654 if [ -f "${BOOT_DIR}/u-boot.bin" ] ; then
655 install_readonly "${BOOT_DIR}/u-boot.bin" "${BASEDIR}/qemu/u-boot.bin"
655 install_readonly "${BOOT_DIR}/u-boot.bin" "${BASEDIR}/qemu/u-boot.bin"
656 fi
656 fi
657 if [ -f "${BOOT_DIR}/uboot.mkimage" ] ; then
657 if [ -f "${BOOT_DIR}/uboot.mkimage" ] ; then
658 install_readonly "${BOOT_DIR}/uboot.mkimage" "${BASEDIR}/qemu/uboot.mkimage"
658 install_readonly "${BOOT_DIR}/uboot.mkimage" "${BASEDIR}/qemu/uboot.mkimage"
659 fi
659 fi
660 if [ -f "${BOOT_DIR}/boot.scr" ] ; then
660 if [ -f "${BOOT_DIR}/boot.scr" ] ; then
661 install_readonly "${BOOT_DIR}/boot.scr" "${BASEDIR}/qemu/boot.scr"
661 install_readonly "${BOOT_DIR}/boot.scr" "${BASEDIR}/qemu/boot.scr"
662 fi
662 fi
663 fi
663 fi
664
664
665 # Copy initramfs to QEMU directory
665 # Copy initramfs to QEMU directory
666 if [ -f "${BOOT_DIR}/initramfs-${KERNEL_VERSION}" ] ; then
666 if [ -f "${BOOT_DIR}/initramfs-${KERNEL_VERSION}" ] ; then
667 install_readonly "${BOOT_DIR}/initramfs-${KERNEL_VERSION}" "${BASEDIR}/qemu/initramfs-${KERNEL_VERSION}"
667 install_readonly "${BOOT_DIR}/initramfs-${KERNEL_VERSION}" "${BASEDIR}/qemu/initramfs-${KERNEL_VERSION}"
668 fi
668 fi
669 fi
669 fi
670
670
671 # Calculate size of the chroot directory in KB
671 # Calculate size of the chroot directory in KB
672 CHROOT_SIZE=$(expr "$(du -s "${R}" | awk '{ print $1 }')")
672 CHROOT_SIZE=$(expr "$(du -s "${R}" | awk '{ print $1 }')")
673
673
674 # Calculate the amount of needed 512 Byte sectors
674 # Calculate the amount of needed 512 Byte sectors
675 TABLE_SECTORS=$(expr 1 \* 1024 \* 1024 \/ 512)
675 TABLE_SECTORS=$(expr 1 \* 1024 \* 1024 \/ 512)
676 FRMW_SECTORS=$(expr 64 \* 1024 \* 1024 \/ 512)
676 FRMW_SECTORS=$(expr 64 \* 1024 \* 1024 \/ 512)
677 ROOT_OFFSET=$(expr "${TABLE_SECTORS}" + "${FRMW_SECTORS}")
677 ROOT_OFFSET=$(expr "${TABLE_SECTORS}" + "${FRMW_SECTORS}")
678
678
679 # The root partition is EXT4
679 # The root partition is EXT4
680 # This means more space than the actual used space of the chroot is used.
680 # This means more space than the actual used space of the chroot is used.
681 # As overhead for journaling and reserved blocks 35% are added.
681 # As overhead for journaling and reserved blocks 35% are added.
682 ROOT_SECTORS=$(expr "$(expr "${CHROOT_SIZE}" + "${CHROOT_SIZE}" \/ 100 \* 35)" \* 1024 \/ 512)
682 ROOT_SECTORS=$(expr "$(expr "${CHROOT_SIZE}" + "${CHROOT_SIZE}" \/ 100 \* 35)" \* 1024 \/ 512)
683
683
684 # Calculate required image size in 512 Byte sectors
684 # Calculate required image size in 512 Byte sectors
685 IMAGE_SECTORS=$(expr "${TABLE_SECTORS}" + "${FRMW_SECTORS}" + "${ROOT_SECTORS}")
685 IMAGE_SECTORS=$(expr "${TABLE_SECTORS}" + "${FRMW_SECTORS}" + "${ROOT_SECTORS}")
686
686
687 # Prepare image file
687 # Prepare image file
688 if [ "$ENABLE_SPLITFS" = true ] ; then
688 if [ "$ENABLE_SPLITFS" = true ] ; then
689 dd if=/dev/zero of="$IMAGE_NAME-frmw.img" bs=512 count="${TABLE_SECTORS}"
689 dd if=/dev/zero of="$IMAGE_NAME-frmw.img" bs=512 count="${TABLE_SECTORS}"
690 dd if=/dev/zero of="$IMAGE_NAME-frmw.img" bs=512 count=0 seek="${FRMW_SECTORS}"
690 dd if=/dev/zero of="$IMAGE_NAME-frmw.img" bs=512 count=0 seek="${FRMW_SECTORS}"
691 dd if=/dev/zero of="$IMAGE_NAME-root.img" bs=512 count="${TABLE_SECTORS}"
691 dd if=/dev/zero of="$IMAGE_NAME-root.img" bs=512 count="${TABLE_SECTORS}"
692 dd if=/dev/zero of="$IMAGE_NAME-root.img" bs=512 count=0 seek="${ROOT_SECTORS}"
692 dd if=/dev/zero of="$IMAGE_NAME-root.img" bs=512 count=0 seek="${ROOT_SECTORS}"
693
693
694 # Write firmware/boot partition tables
694 # Write firmware/boot partition tables
695 sfdisk -q -L -uS -f "$IMAGE_NAME-frmw.img" 2> /dev/null <<EOM
695 sfdisk -q -L -uS -f "$IMAGE_NAME-frmw.img" 2> /dev/null <<EOM
696 "${TABLE_SECTORS}","${FRMW_SECTORS}",c,*
696 "${TABLE_SECTORS}","${FRMW_SECTORS}",c,*
697 EOM
697 EOM
698
698
699 # Write root partition table
699 # Write root partition table
700 sfdisk -q -L -uS -f "$IMAGE_NAME-root.img" 2> /dev/null <<EOM
700 sfdisk -q -L -uS -f "$IMAGE_NAME-root.img" 2> /dev/null <<EOM
701 "${TABLE_SECTORS}","${ROOT_SECTORS}",83
701 "${TABLE_SECTORS}","${ROOT_SECTORS}",83
702 EOM
702 EOM
703
703
704 # Setup temporary loop devices
704 # Setup temporary loop devices
705 FRMW_LOOP="$(losetup -o 1M --sizelimit 64M -f --show "$IMAGE_NAME"-frmw.img)"
705 FRMW_LOOP="$(losetup -o 1M --sizelimit 64M -f --show "$IMAGE_NAME"-frmw.img)"
706 ROOT_LOOP="$(losetup -o 1M -f --show "$IMAGE_NAME"-root.img)"
706 ROOT_LOOP="$(losetup -o 1M -f --show "$IMAGE_NAME"-root.img)"
707 else # ENABLE_SPLITFS=false
707 else # ENABLE_SPLITFS=false
708 dd if=/dev/zero of="$IMAGE_NAME.img" bs=512 count="${TABLE_SECTORS}"
708 dd if=/dev/zero of="$IMAGE_NAME.img" bs=512 count="${TABLE_SECTORS}"
709 dd if=/dev/zero of="$IMAGE_NAME.img" bs=512 count=0 seek="${IMAGE_SECTORS}"
709 dd if=/dev/zero of="$IMAGE_NAME.img" bs=512 count=0 seek="${IMAGE_SECTORS}"
710
710
711 # Write partition table
711 # Write partition table
712 sfdisk -q -L -uS -f "$IMAGE_NAME.img" 2> /dev/null <<EOM
712 sfdisk -q -L -uS -f "$IMAGE_NAME.img" 2> /dev/null <<EOM
713 "${TABLE_SECTORS}","${FRMW_SECTORS}",c,*
713 "${TABLE_SECTORS}","${FRMW_SECTORS}",c,*
714 "${ROOT_OFFSET}","${ROOT_SECTORS}",83
714 "${ROOT_OFFSET}","${ROOT_SECTORS}",83
715 EOM
715 EOM
716
716
717 # Setup temporary loop devices
717 # Setup temporary loop devices
718 FRMW_LOOP="$(losetup -o 1M --sizelimit 64M -f --show "$IMAGE_NAME".img)"
718 FRMW_LOOP="$(losetup -o 1M --sizelimit 64M -f --show "$IMAGE_NAME".img)"
719 ROOT_LOOP="$(losetup -o 65M -f --show "$IMAGE_NAME".img)"
719 ROOT_LOOP="$(losetup -o 65M -f --show "$IMAGE_NAME".img)"
720 fi
720 fi
721
721
722 if [ "$ENABLE_CRYPTFS" = true ] ; then
722 if [ "$ENABLE_CRYPTFS" = true ] ; then
723 # Create dummy ext4 fs
723 # Create dummy ext4 fs
724 mkfs.ext4 "$ROOT_LOOP"
724 mkfs.ext4 "$ROOT_LOOP"
725
725
726 # Setup password keyfile
726 # Setup password keyfile
727 touch .password
727 touch .password
728 chmod 600 .password
728 chmod 600 .password
729 echo -n "${CRYPTFS_PASSWORD}" > .password
729 echo -n "${CRYPTFS_PASSWORD}" > .password
730
730
731 # Initialize encrypted partition
731 # Initialize encrypted partition
732 echo "YES" | cryptsetup luksFormat "${ROOT_LOOP}" -c "${CRYPTFS_CIPHER}" -s "${CRYPTFS_XTSKEYSIZE}" .password
732 echo "YES" | cryptsetup luksFormat "${ROOT_LOOP}" -c "${CRYPTFS_CIPHER}" -s "${CRYPTFS_XTSKEYSIZE}" .password
733
733
734 # Open encrypted partition and setup mapping
734 # Open encrypted partition and setup mapping
735 cryptsetup luksOpen "${ROOT_LOOP}" -d .password "${CRYPTFS_MAPPING}"
735 cryptsetup luksOpen "${ROOT_LOOP}" -d .password "${CRYPTFS_MAPPING}"
736
736
737 # Secure delete password keyfile
737 # Secure delete password keyfile
738 shred -zu .password
738 shred -zu .password
739
739
740 # Update temporary loop device
740 # Update temporary loop device
741 ROOT_LOOP="/dev/mapper/${CRYPTFS_MAPPING}"
741 ROOT_LOOP="/dev/mapper/${CRYPTFS_MAPPING}"
742
742
743 # Wipe encrypted partition (encryption cipher is used for randomness)
743 # Wipe encrypted partition (encryption cipher is used for randomness)
744 dd if=/dev/zero of="${ROOT_LOOP}" bs=512 count="$(blockdev --getsz "${ROOT_LOOP}")"
744 dd if=/dev/zero of="${ROOT_LOOP}" bs=512 count="$(blockdev --getsz "${ROOT_LOOP}")"
745 fi
745 fi
746
746
747 # Build filesystems
747 # Build filesystems
748 mkfs.vfat "$FRMW_LOOP"
748 mkfs.vfat "$FRMW_LOOP"
749 mkfs.ext4 "$ROOT_LOOP"
749 mkfs.ext4 "$ROOT_LOOP"
750
750
751 # Mount the temporary loop devices
751 # Mount the temporary loop devices
752 mkdir -p "$BUILDDIR/mount"
752 mkdir -p "$BUILDDIR/mount"
753 mount "$ROOT_LOOP" "$BUILDDIR/mount"
753 mount "$ROOT_LOOP" "$BUILDDIR/mount"
754
754
755 mkdir -p "$BUILDDIR/mount/boot/firmware"
755 mkdir -p "$BUILDDIR/mount/boot/firmware"
756 mount "$FRMW_LOOP" "$BUILDDIR/mount/boot/firmware"
756 mount "$FRMW_LOOP" "$BUILDDIR/mount/boot/firmware"
757
757
758 # Copy all files from the chroot to the loop device mount point directory
758 # Copy all files from the chroot to the loop device mount point directory
759 rsync -a "${R}/" "$BUILDDIR/mount/"
759 rsync -a "${R}/" "$BUILDDIR/mount/"
760
760
761 # Unmount all temporary loop devices and mount points
761 # Unmount all temporary loop devices and mount points
762 cleanup
762 cleanup
763
763
764 # Create block map file(s) of image(s)
764 # Create block map file(s) of image(s)
765 if [ "$ENABLE_SPLITFS" = true ] ; then
765 if [ "$ENABLE_SPLITFS" = true ] ; then
766 # Create block map files for "bmaptool"
766 # Create block map files for "bmaptool"
767 bmaptool create -o "$IMAGE_NAME-frmw.bmap" "$IMAGE_NAME-frmw.img"
767 bmaptool create -o "$IMAGE_NAME-frmw.bmap" "$IMAGE_NAME-frmw.img"
768 bmaptool create -o "$IMAGE_NAME-root.bmap" "$IMAGE_NAME-root.img"
768 bmaptool create -o "$IMAGE_NAME-root.bmap" "$IMAGE_NAME-root.img"
769
769
770 # Image was successfully created
770 # Image was successfully created
771 echo "$IMAGE_NAME-frmw.img ($(expr \( "${TABLE_SECTORS}" + "${FRMW_SECTORS}" \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
771 echo "$IMAGE_NAME-frmw.img ($(expr \( "${TABLE_SECTORS}" + "${FRMW_SECTORS}" \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
772 echo "$IMAGE_NAME-root.img ($(expr \( "${TABLE_SECTORS}" + "${ROOT_SECTORS}" \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
772 echo "$IMAGE_NAME-root.img ($(expr \( "${TABLE_SECTORS}" + "${ROOT_SECTORS}" \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
773 else
773 else
774 # Create block map file for "bmaptool"
774 # Create block map file for "bmaptool"
775 bmaptool create -o "$IMAGE_NAME.bmap" "$IMAGE_NAME.img"
775 bmaptool create -o "$IMAGE_NAME.bmap" "$IMAGE_NAME.img"
776
776
777 # Image was successfully created
777 # Image was successfully created
778 echo "$IMAGE_NAME.img ($(expr \( "${TABLE_SECTORS}" + "${FRMW_SECTORS}" + "${ROOT_SECTORS}" \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
778 echo "$IMAGE_NAME.img ($(expr \( "${TABLE_SECTORS}" + "${FRMW_SECTORS}" + "${ROOT_SECTORS}" \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
779
779
780 # Create qemu qcow2 image
780 # Create qemu qcow2 image
781 if [ "$ENABLE_QEMU" = true ] ; then
781 if [ "$ENABLE_QEMU" = true ] ; then
782 QEMU_IMAGE=${QEMU_IMAGE:=${BASEDIR}/qemu/${DATE}-${KERNEL_ARCH}-CURRENT-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}}
782 QEMU_IMAGE=${QEMU_IMAGE:=${BASEDIR}/qemu/${DATE}-${KERNEL_ARCH}-CURRENT-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}}
783 QEMU_SIZE=16G
783 QEMU_SIZE=16G
784
784
785 qemu-img convert -f raw -O qcow2 "$IMAGE_NAME".img "$QEMU_IMAGE".qcow2
785 qemu-img convert -f raw -O qcow2 "$IMAGE_NAME".img "$QEMU_IMAGE".qcow2
786 qemu-img resize "$QEMU_IMAGE".qcow2 $QEMU_SIZE
786 qemu-img resize "$QEMU_IMAGE".qcow2 $QEMU_SIZE
787
787
788 echo "$QEMU_IMAGE.qcow2 ($QEMU_SIZE)" ": successfully created"
788 echo "$QEMU_IMAGE.qcow2 ($QEMU_SIZE)" ": successfully created"
789 fi
789 fi
790 fi
790 fi
General Comments 0
Vous devez vous connecter pour laisser un commentaire. Se connecter maintenant