##// END OF EJS Templates
kernel features + nexmon monitor mode wlan patch(kali-kernel) with RPI3,RPI3B+ firmware patch...
Unknown -
r502:3d4e292749a1
parent child
Show More
@@ -0,0 +1,97
1 #!/bin/sh
2 #
3 # Build and Setup nexmon with monitor mode patch
4 #
5
6 # Load utility functions
7 . ./functions.sh
8
9 if [ "$ENABLE_NEXMON" = true ] && [ "$ENABLE_WIRELESS" = true ]; then
10 # Copy existing nexmon sources into chroot directory
11 if [ -n "$NEXMONSRC_DIR" ] && [ -d "$NEXMONSRC_DIR" ] ; then
12 # Copy local U-Boot sources
13 cp -r "${NEXMONSRC_DIR}" "${R}/tmp"
14 else
15 # Create temporary directory for nexmon sources
16 temp_dir=$(as_nobody mktemp -d)
17
18 # Fetch nexmon sources
19 as_nobody git -C "${temp_dir}" clone "${NEXMON_URL}"
20
21 # Copy downloaded nexmon sources
22 mv "${temp_dir}/nexmon" "${R}"/tmp/
23
24 # Set permissions of the nexmon sources
25 chown -R root:root "${R}"/tmp/nexmon
26
27 # Remove temporary directory for nexmon sources
28 rm -fr "${temp_dir}"
29 fi
30
31 # Set script Root
32 export NEXMON_ROOT="${R}"/tmp/nexmon
33
34 # Build nexmon firmware outside the build system, if we can.
35 cd "${NEXMON_ROOT}" || exit
36
37 # Make ancient isl build
38 cd buildtools/isl-0.10 || exit
39 ./configure
40 make
41 cd ../.. || exit
42
43 # Disable statistics
44 touch DISABLE_STATISTICS
45
46 # Setup Enviroment: see https://github.com/NoobieDog/nexmon/blob/master/setup_env.sh
47 export KERNEL="${KERNEL_IMAGE}"
48 export ARCH=arm
49 export SUBARCH=arm
50 export CC="${NEXMON_ROOT}"/buildtools/gcc-arm-none-eabi-5_4-2016q2-linux-x86/bin/arm-none-eabi-
51 export CC="${CC}"gcc
52 export CCPLUGIN="${NEXMON_ROOT}"/buildtools/gcc-nexmon-plugin/nexmon.so
53 export ZLIBFLATE="zlib-flate -compress"
54 export Q=@
55 export NEXMON_SETUP_ENV=1
56 export HOSTUNAME=$(uname -s)
57 export PLATFORMUNAME=$(uname -m)
58
59 # Make nexmon
60 make
61
62 # build patches
63 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 3 ] ; then
64 cd "${NEXMON_ROOT}"/patches/bcm43430a1/7_45_41_46/nexmon || exit
65 sed -i -e 's/all:.*/all: $(RAM_FILE)/g' ${NEXMON_ROOT}/patches/bcm43430a1/7_45_41_46/nexmon/Makefile
66 make clean
67
68 # We do this so we don't have to install the ancient isl version into /usr/local/lib on systems.
69 LD_LIBRARY_PATH="${NEXMON_ROOT}"/buildtools/isl-0.10/.libs make ARCH="${KERNEL_ARCH}" CC="${NEXMON_ROOT}"/buildtools/gcc-arm-none-eabi-5_4-2016q2-linux-x86/bin/arm-none-eabi-
70
71 # copy RPi0W & RPi3 firmware
72 mv "${WLAN_FIRMWARE_DIR}"/brcmfmac43430-sdio.bin "${WLAN_FIRMWARE_DIR}"/brcmfmac43430-sdio.org.bin
73 cp "${NEXMON_ROOT}"/patches/bcm43430a1/7_45_41_46/nexmon/brcmfmac43430-sdio.bin "${WLAN_FIRMWARE_DIR}"/brcmfmac43430-sdio.nexmon.bin
74 cp -f "${NEXMON_ROOT}"/patches/bcm43430a1/7_45_41_46/nexmon/brcmfmac43430-sdio.bin "${WLAN_FIRMWARE_DIR}"/brcmfmac43430-sdio.bin
75 fi
76
77 if [ "$RPI_MODEL" = 3P ] ; then
78 cd "${NEXMON_ROOT}"/patches/bcm43455c0/7_45_154/nexmon || exit
79 sed -i -e 's/all:.*/all: $(RAM_FILE)/g' ${NEXMON_ROOT}/patches/bcm43455c0/7_45_154/nexmon/Makefile
80 make clean
81
82 # We do this so we don't have to install the ancient isl version into /usr/local/lib on systems.
83 LD_LIBRARY_PATH=${NEXMON_ROOT}/buildtools/isl-0.10/.libs make ARCH="${KERNEL_ARCH}" CC="${NEXMON_ROOT}"/buildtools/gcc-arm-none-eabi-5_4-2016q2-linux-x86/bin/arm-none-eabi-
84
85 # RPi3B+ firmware
86 mv "${WLAN_FIRMWARE_DIR}"/brcmfmac43455-sdio.bin "${WLAN_FIRMWARE_DIR}"/brcmfmac43455-sdio.org.bin
87 cp "${NEXMON_ROOT}"/patches/bcm43455c0/7_45_154/nexmon/brcmfmac43455-sdio.bin "${WLAN_FIRMWARE_DIR}"/brcmfmac43455-sdio.nexmon.bin
88 cp -f "${NEXMON_ROOT}"/patches/bcm43455c0/7_45_154/nexmon/brcmfmac43455-sdio.bin "${WLAN_FIRMWARE_DIR}"/brcmfmac43455-sdio.bin
89 fi
90
91 #Revert to previous directory
92 cd "${WORKDIR}" || exit
93
94 # Remove nexmon sources
95 rm -fr "${NEXMON_ROOT}"
96
97 fi
@@ -1,500 +1,526
1 # rpi23-gen-image
1 # rpi23-gen-image
2 ## Introduction
2 ## Introduction
3 `rpi23-gen-image.sh` is an advanced Debian Linux bootstrapping shell script for generating Debian OS images for all Raspberry Pi computers. The script at this time supports the bootstrapping of the Debian (armhf/armel) releases `stretch` and `buster`. Raspberry Pi 0/1/2/3 images are generated for 32-bit mode only. Raspberry Pi 3 supports 64-bit images that can be generated using custom configuration parameters (```templates/rpi3-stretch-arm64-4.14.y```).
3 `rpi23-gen-image.sh` is an advanced Debian Linux bootstrapping shell script for generating Debian OS images for all Raspberry Pi computers. The script at this time supports the bootstrapping of the Debian (armhf/armel) releases `stretch` and `buster`. Raspberry Pi 0/1/2/3 images are generated for 32-bit mode only. Raspberry Pi 3 supports 64-bit images that can be generated using custom configuration parameters (```templates/rpi3-stretch-arm64-4.14.y```).
4
4
5 ## Build dependencies
5 ## Build dependencies
6 The following list of Debian packages must be installed on the build system because they are essentially required for the bootstrapping process. The script will check if all required packages are installed and missing packages will be installed automatically if confirmed by the user.
6 The following list of Debian packages must be installed on the build system because they are essentially required for the bootstrapping process. The script will check if all required packages are installed and missing packages will be installed automatically if confirmed by the user.
7
7
8 ```debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git bc psmisc dbus sudo```
8 ```debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git bc psmisc dbus sudo```
9
9
10 It is recommended to configure the `rpi23-gen-image.sh` script to build and install the latest Raspberry Pi Linux kernel. For the Raspberry 3 this is mandatory. Kernel compilation and linking will be performed on the build system using an ARM (armhf/armel) cross-compiler toolchain.
10 It is recommended to configure the `rpi23-gen-image.sh` script to build and install the latest Raspberry Pi Linux kernel. For the Raspberry 3 this is mandatory. Kernel compilation and linking will be performed on the build system using an ARM (armhf/armel) cross-compiler toolchain.
11
11
12 The script has been tested using the default `crossbuild-essential-armhf` and `crossbuild-essential-armel` toolchain meta packages on Debian Linux `stretch` build systems. Please check the [Debian CrossToolchains Wiki](https://wiki.debian.org/CrossToolchains) for further information.
12 The script has been tested using the default `crossbuild-essential-armhf` and `crossbuild-essential-armel` toolchain meta packages on Debian Linux `stretch` build systems. Please check the [Debian CrossToolchains Wiki](https://wiki.debian.org/CrossToolchains) for further information.
13
13
14 ## Command-line parameters
14 ## Command-line parameters
15 The script accepts certain command-line parameters to enable or disable specific OS features, services and configuration settings. These parameters are passed to the `rpi23-gen-image.sh` script via (simple) shell-variables. Unlike environment shell-variables (simple) shell-variables are defined at the beginning of the command-line call of the `rpi23-gen-image.sh` script.
15 The script accepts certain command-line parameters to enable or disable specific OS features, services and configuration settings. These parameters are passed to the `rpi23-gen-image.sh` script via (simple) shell-variables. Unlike environment shell-variables (simple) shell-variables are defined at the beginning of the command-line call of the `rpi23-gen-image.sh` script.
16
16
17 ##### Command-line examples:
17 ##### Command-line examples:
18 ```shell
18 ```shell
19 ENABLE_UBOOT=true ./rpi23-gen-image.sh
19 ENABLE_UBOOT=true ./rpi23-gen-image.sh
20 ENABLE_CONSOLE=false ENABLE_IPV6=false ./rpi23-gen-image.sh
20 ENABLE_CONSOLE=false ENABLE_IPV6=false ./rpi23-gen-image.sh
21 ENABLE_WM=xfce4 ENABLE_FBTURBO=true ENABLE_MINBASE=true ./rpi23-gen-image.sh
21 ENABLE_WM=xfce4 ENABLE_FBTURBO=true ENABLE_MINBASE=true ./rpi23-gen-image.sh
22 ENABLE_HARDNET=true ENABLE_IPTABLES=true /rpi23-gen-image.sh
22 ENABLE_HARDNET=true ENABLE_IPTABLES=true /rpi23-gen-image.sh
23 APT_SERVER=ftp.de.debian.org APT_PROXY="http://127.0.0.1:3142/" ./rpi23-gen-image.sh
23 APT_SERVER=ftp.de.debian.org APT_PROXY="http://127.0.0.1:3142/" ./rpi23-gen-image.sh
24 ENABLE_MINBASE=true ./rpi23-gen-image.sh
24 ENABLE_MINBASE=true ./rpi23-gen-image.sh
25 BUILD_KERNEL=true ENABLE_MINBASE=true ENABLE_IPV6=false ./rpi23-gen-image.sh
25 BUILD_KERNEL=true ENABLE_MINBASE=true ENABLE_IPV6=false ./rpi23-gen-image.sh
26 BUILD_KERNEL=true KERNELSRC_DIR=/tmp/linux ./rpi23-gen-image.sh
26 BUILD_KERNEL=true KERNELSRC_DIR=/tmp/linux ./rpi23-gen-image.sh
27 ENABLE_MINBASE=true ENABLE_REDUCE=true ENABLE_MINGPU=true BUILD_KERNEL=true ./rpi23-gen-image.sh
27 ENABLE_MINBASE=true ENABLE_REDUCE=true ENABLE_MINGPU=true BUILD_KERNEL=true ./rpi23-gen-image.sh
28 ENABLE_CRYPTFS=true CRYPTFS_PASSWORD=changeme EXPANDROOT=false ENABLE_MINBASE=true ENABLE_REDUCE=true ENABLE_MINGPU=true BUILD_KERNEL=true ./rpi23-gen-image.sh
28 ENABLE_CRYPTFS=true CRYPTFS_PASSWORD=changeme EXPANDROOT=false ENABLE_MINBASE=true ENABLE_REDUCE=true ENABLE_MINGPU=true BUILD_KERNEL=true ./rpi23-gen-image.sh
29 RELEASE=stretch BUILD_KERNEL=true ./rpi23-gen-image.sh
29 RELEASE=stretch BUILD_KERNEL=true ./rpi23-gen-image.sh
30 RPI_MODEL=3 ENABLE_WIRELESS=true ENABLE_MINBASE=true BUILD_KERNEL=true ./rpi23-gen-image.sh
30 RPI_MODEL=3 ENABLE_WIRELESS=true ENABLE_MINBASE=true BUILD_KERNEL=true ./rpi23-gen-image.sh
31 RELEASE=stretch RPI_MODEL=3 ENABLE_WIRELESS=true ENABLE_MINBASE=true BUILD_KERNEL=true ./rpi23-gen-image.sh
31 RELEASE=stretch RPI_MODEL=3 ENABLE_WIRELESS=true ENABLE_MINBASE=true BUILD_KERNEL=true ./rpi23-gen-image.sh
32 ```
32 ```
33
33
34 ## Configuration template files
34 ## Configuration template files
35 To avoid long lists of command-line parameters and to help to store the favourite parameter configurations the `rpi23-gen-image.sh` script supports so called configuration template files (`CONFIG_TEMPLATE`=template). These are simple text files located in the `./templates` directory that contain the list of configuration parameters that will be used. New configuration template files can be added to the `./templates` directory.
35 To avoid long lists of command-line parameters and to help to store the favourite parameter configurations the `rpi23-gen-image.sh` script supports so called configuration template files (`CONFIG_TEMPLATE`=template). These are simple text files located in the `./templates` directory that contain the list of configuration parameters that will be used. New configuration template files can be added to the `./templates` directory.
36
36
37 ##### Command-line examples:
37 ##### Command-line examples:
38 ```shell
38 ```shell
39 CONFIG_TEMPLATE=rpi3stretch ./rpi23-gen-image.sh
39 CONFIG_TEMPLATE=rpi3stretch ./rpi23-gen-image.sh
40 CONFIG_TEMPLATE=rpi2stretch ./rpi23-gen-image.sh
40 CONFIG_TEMPLATE=rpi2stretch ./rpi23-gen-image.sh
41 ```
41 ```
42
42
43 ## Supported parameters and settings
43 ## Supported parameters and settings
44 #### APT settings:
44 #### APT settings:
45 ##### `APT_SERVER`="ftp.debian.org"
45 ##### `APT_SERVER`="ftp.debian.org"
46 Set Debian packages server address. Choose a server from the list of Debian worldwide [mirror sites](https://www.debian.org/mirror/list). Using a nearby server will probably speed-up all required downloads within the bootstrapping process.
46 Set Debian packages server address. Choose a server from the list of Debian worldwide [mirror sites](https://www.debian.org/mirror/list). Using a nearby server will probably speed-up all required downloads within the bootstrapping process.
47
47
48 ##### `APT_PROXY`=""
48 ##### `APT_PROXY`=""
49 Set Proxy server address. Using a local Proxy-Cache like `apt-cacher-ng` will speed-up the bootstrapping process because all required Debian packages will only be downloaded from the Debian mirror site once. If `apt-cacher-ng` is running on default `http://127.0.0.1:3142` it is autodetected and you don't need to set this.
49 Set Proxy server address. Using a local Proxy-Cache like `apt-cacher-ng` will speed-up the bootstrapping process because all required Debian packages will only be downloaded from the Debian mirror site once. If `apt-cacher-ng` is running on default `http://127.0.0.1:3142` it is autodetected and you don't need to set this.
50
50
51 ##### `APT_INCLUDES`=""
51 ##### `APT_INCLUDES`=""
52 A comma-separated list of additional packages to be installed by debootstrap during bootstrapping.
52 A comma-separated list of additional packages to be installed by debootstrap during bootstrapping.
53
53
54 ##### `APT_INCLUDES_LATE`=""
54 ##### `APT_INCLUDES_LATE`=""
55 A comma-separated list of additional packages to be installed by apt after bootstrapping and after APT sources are set up. This is useful for packages with pre-depends, which debootstrap do not handle well.
55 A comma-separated list of additional packages to be installed by apt after bootstrapping and after APT sources are set up. This is useful for packages with pre-depends, which debootstrap do not handle well.
56
56
57 ---
57 ---
58
58
59 #### General system settings:
59 #### General system settings:
60 ##### `SET_ARCH`=32
60 ##### `SET_ARCH`=32
61 Set Architecture to default 32bit. If you want to compile 64-bit (RPI3 or RPI3+) set it to `64`. This option will set every needed cross-compiler or board specific option for a successful build.
61 Set Architecture to default 32bit. If you want to compile 64-bit (RPI3 or RPI3+) set it to `64`. This option will set every needed cross-compiler or board specific option for a successful build.
62
62
63 ##### `RPI_MODEL`=2
63 ##### `RPI_MODEL`=2
64 Specify the target Raspberry Pi hardware model. The script at this time supports the following Raspberry Pi models:
64 Specify the target Raspberry Pi hardware model. The script at this time supports the following Raspberry Pi models:
65 - `0` = Raspberry Pi 0 and Raspberry Pi 0 W
65 - `0` = Raspberry Pi 0 and Raspberry Pi 0 W
66 - `1` = Raspberry Pi 1 model A and B
66 - `1` = Raspberry Pi 1 model A and B
67 - `1P` = Raspberry Pi 1 model B+ and A+
67 - `1P` = Raspberry Pi 1 model B+ and A+
68 - `2` = Raspberry Pi 2 model B
68 - `2` = Raspberry Pi 2 model B
69 - `3` = Raspberry Pi 3 model B
69 - `3` = Raspberry Pi 3 model B
70 - `3P` = Raspberry Pi 3 model B+
70 - `3P` = Raspberry Pi 3 model B+
71
71
72 ##### `RELEASE`="buster"
72 ##### `RELEASE`="buster"
73 Set the desired Debian release name. The script at this time supports the bootstrapping of the Debian releases `stretch` and `buster`.
73 Set the desired Debian release name. The script at this time supports the bootstrapping of the Debian releases `stretch` and `buster`.
74
74
75 ##### `RELEASE_ARCH`="armhf"
75 ##### `RELEASE_ARCH`="armhf"
76 Set the desired Debian release architecture.
76 Set the desired Debian release architecture.
77
77
78 ##### `HOSTNAME`="rpi$RPI_MODEL-$RELEASE"
78 ##### `HOSTNAME`="rpi$RPI_MODEL-$RELEASE"
79 Set system hostname. It's recommended that the hostname is unique in the corresponding subnet.
79 Set system hostname. It's recommended that the hostname is unique in the corresponding subnet.
80
80
81 ##### `PASSWORD`="raspberry"
81 ##### `PASSWORD`="raspberry"
82 Set system `root` password. It's **STRONGLY** recommended that you choose a custom password.
82 Set system `root` password. It's **STRONGLY** recommended that you choose a custom password.
83
83
84 ##### `USER_PASSWORD`="raspberry"
84 ##### `USER_PASSWORD`="raspberry"
85 Set password for the created non-root user `USER_NAME`=pi. Ignored if `ENABLE_USER`=false. It's **STRONGLY** recommended that you choose a custom password.
85 Set password for the created non-root user `USER_NAME`=pi. Ignored if `ENABLE_USER`=false. It's **STRONGLY** recommended that you choose a custom password.
86
86
87 ##### `DEFLOCAL`="en_US.UTF-8"
87 ##### `DEFLOCAL`="en_US.UTF-8"
88 Set default system locale. This setting can also be changed inside the running OS using the `dpkg-reconfigure locales` command. Please note that on using this parameter the script will automatically install the required packages `locales`, `keyboard-configuration` and `console-setup`.
88 Set default system locale. This setting can also be changed inside the running OS using the `dpkg-reconfigure locales` command. Please note that on using this parameter the script will automatically install the required packages `locales`, `keyboard-configuration` and `console-setup`.
89
89
90 ##### `TIMEZONE`="Europe/Berlin"
90 ##### `TIMEZONE`="Europe/Berlin"
91 Set default system timezone. All available timezones can be found in the `/usr/share/zoneinfo/` directory. This setting can also be changed inside the running OS using the `dpkg-reconfigure tzdata` command.
91 Set default system timezone. All available timezones can be found in the `/usr/share/zoneinfo/` directory. This setting can also be changed inside the running OS using the `dpkg-reconfigure tzdata` command.
92
92
93 ##### `EXPANDROOT`=true
93 ##### `EXPANDROOT`=true
94 Expand the root partition and filesystem automatically on first boot.
94 Expand the root partition and filesystem automatically on first boot.
95
95
96 ##### `ENABLE_QEMU`=false
96 ##### `ENABLE_QEMU`=false
97 Generate kernel (`vexpress_defconfig`), file system image (`qcow2`) and DTB files that can be used for QEMU full system emulation (`vexpress-A15`). The output files are stored in the `$(pwd)/images/qemu` directory. You can find more information about running the generated image in the QEMU section of this readme file.
97 Generate kernel (`vexpress_defconfig`), file system image (`qcow2`) and DTB files that can be used for QEMU full system emulation (`vexpress-A15`). The output files are stored in the `$(pwd)/images/qemu` directory. You can find more information about running the generated image in the QEMU section of this readme file.
98
98
99 ---
99 ---
100
100
101 #### Keyboard settings:
101 #### Keyboard settings:
102 These options are used to configure keyboard layout in `/etc/default/keyboard` for console and Xorg. These settings can also be changed inside the running OS using the `dpkg-reconfigure keyboard-configuration` command.
102 These options are used to configure keyboard layout in `/etc/default/keyboard` for console and Xorg. These settings can also be changed inside the running OS using the `dpkg-reconfigure keyboard-configuration` command.
103
103
104 ##### `XKB_MODEL`=""
104 ##### `XKB_MODEL`=""
105 Set the name of the model of your keyboard type.
105 Set the name of the model of your keyboard type.
106
106
107 ##### `XKB_LAYOUT`=""
107 ##### `XKB_LAYOUT`=""
108 Set the supported keyboard layout(s).
108 Set the supported keyboard layout(s).
109
109
110 ##### `XKB_VARIANT`=""
110 ##### `XKB_VARIANT`=""
111 Set the supported variant(s) of the keyboard layout(s).
111 Set the supported variant(s) of the keyboard layout(s).
112
112
113 ##### `XKB_OPTIONS`=""
113 ##### `XKB_OPTIONS`=""
114 Set extra xkb configuration options.
114 Set extra xkb configuration options.
115
115
116 ---
116 ---
117
117
118 #### Networking settings (DHCP):
118 #### Networking settings (DHCP):
119 This parameter is used to set up networking auto-configuration in `/etc/systemd/network/eth.network`. The default location of network configuration files in the Debian `stretch` release was changed to `/lib/systemd/network`.`
119 This parameter is used to set up networking auto-configuration in `/etc/systemd/network/eth.network`. The default location of network configuration files in the Debian `stretch` release was changed to `/lib/systemd/network`.`
120
120
121 ##### `ENABLE_DHCP`=true
121 ##### `ENABLE_DHCP`=true
122 Set the system to use DHCP. This requires an DHCP server.
122 Set the system to use DHCP. This requires an DHCP server.
123
123
124 ---
124 ---
125
125
126 #### Networking settings (static):
126 #### Networking settings (static):
127 These parameters are used to set up a static networking configuration in `/etc/systemd/network/eth.network`. The following static networking parameters are only supported if `ENABLE_DHCP` was set to `false`. The default location of network configuration files in the Debian `stretch` release was changed to `/lib/systemd/network`.
127 These parameters are used to set up a static networking configuration in `/etc/systemd/network/eth.network`. The following static networking parameters are only supported if `ENABLE_DHCP` was set to `false`. The default location of network configuration files in the Debian `stretch` release was changed to `/lib/systemd/network`.
128
128
129 ##### `NET_ADDRESS`=""
129 ##### `NET_ADDRESS`=""
130 Set a static IPv4 or IPv6 address and its prefix, separated by "/", eg. "192.169.0.3/24".
130 Set a static IPv4 or IPv6 address and its prefix, separated by "/", eg. "192.169.0.3/24".
131
131
132 ##### `NET_GATEWAY`=""
132 ##### `NET_GATEWAY`=""
133 Set the IP address for the default gateway.
133 Set the IP address for the default gateway.
134
134
135 ##### `NET_DNS_1`=""
135 ##### `NET_DNS_1`=""
136 Set the IP address for the first DNS server.
136 Set the IP address for the first DNS server.
137
137
138 ##### `NET_DNS_2`=""
138 ##### `NET_DNS_2`=""
139 Set the IP address for the second DNS server.
139 Set the IP address for the second DNS server.
140
140
141 ##### `NET_DNS_DOMAINS`=""
141 ##### `NET_DNS_DOMAINS`=""
142 Set the default DNS search domains to use for non fully qualified hostnames.
142 Set the default DNS search domains to use for non fully qualified hostnames.
143
143
144 ##### `NET_NTP_1`=""
144 ##### `NET_NTP_1`=""
145 Set the IP address for the first NTP server.
145 Set the IP address for the first NTP server.
146
146
147 ##### `NET_NTP_2`=""
147 ##### `NET_NTP_2`=""
148 Set the IP address for the second NTP server.
148 Set the IP address for the second NTP server.
149
149
150 ---
150 ---
151
151
152 #### Basic system features:
152 #### Basic system features:
153 ##### `ENABLE_CONSOLE`=true
153 ##### `ENABLE_CONSOLE`=true
154 Enable serial console interface. Recommended if no monitor or keyboard is connected to the RPi2/3. In case of problems fe. if the network (auto) configuration failed - the serial console can be used to access the system. On RPI `0` `3` `3P` the CPU speed is locked at lowest speed.
154 Enable serial console interface. Recommended if no monitor or keyboard is connected to the RPi2/3. In case of problems fe. if the network (auto) configuration failed - the serial console can be used to access the system. On RPI `0` `3` `3P` the CPU speed is locked at lowest speed.
155
155
156 ##### `ENABLE_PRINTK`=false
156 ##### `ENABLE_PRINTK`=false
157 Enables printing kernel messages to konsole. printk is `3 4 1 3` as in raspbian.
157 Enables printing kernel messages to konsole. printk is `3 4 1 3` as in raspbian.
158
158
159 ##### `ENABLE_BLUETOOTH`=false
159 ##### `ENABLE_BLUETOOTH`=false
160 Enable onboard Bluetooth interface on the RPi0/3/3P. See: [Configuring the GPIO serial port on Raspbian jessie and stretch](https://spellfoundry.com/2016/05/29/configuring-gpio-serial-port-raspbian-jessie-including-pi-3/).
160 Enable onboard Bluetooth interface on the RPi0/3/3P. See: [Configuring the GPIO serial port on Raspbian jessie and stretch](https://spellfoundry.com/2016/05/29/configuring-gpio-serial-port-raspbian-jessie-including-pi-3/).
161
161
162 ##### `ENABLE_MINIUART_OVERLAY`=false
162 ##### `ENABLE_MINIUART_OVERLAY`=false
163 Enable Bluetooth to use this. Adds overlay to swap UART0 with UART1. Enabling (slower) Bluetooth and full speed serial console. - RPI `0` `3` `3P` have a fast `hardware UART0` (ttyAMA0) and a `mini UART1` (ttyS0)! RPI `1` `1P` `2` only have a `hardware UART0`. `UART0` is considered better, because is faster and more stable than `mini UART1`. By default the Bluetooth modem is mapped to the `hardware UART0` and `mini UART` is used for console. The `mini UART` is a problem for the serial console, because its baudrate depends on the CPU frequency, which is changing on runtime. Resulting in a volatile baudrate and thus in an unusable serial console.
163 Enable Bluetooth to use this. Adds overlay to swap UART0 with UART1. Enabling (slower) Bluetooth and full speed serial console. - RPI `0` `3` `3P` have a fast `hardware UART0` (ttyAMA0) and a `mini UART1` (ttyS0)! RPI `1` `1P` `2` only have a `hardware UART0`. `UART0` is considered better, because is faster and more stable than `mini UART1`. By default the Bluetooth modem is mapped to the `hardware UART0` and `mini UART` is used for console. The `mini UART` is a problem for the serial console, because its baudrate depends on the CPU frequency, which is changing on runtime. Resulting in a volatile baudrate and thus in an unusable serial console.
164
164
165 ##### `ENABLE_TURBO`=false
165 ##### `ENABLE_TURBO`=false
166 Enable Turbo mode. This setting locks cpu at the highest frequency. As setting ENABLE_CONSOLE=true locks RPI to lowest CPU speed, this is can be used additionally to lock cpu hat max speed. Need a good power supply and probably cooling for the Raspberry PI.
166 Enable Turbo mode. This setting locks cpu at the highest frequency. As setting ENABLE_CONSOLE=true locks RPI to lowest CPU speed, this is can be used additionally to lock cpu hat max speed. Need a good power supply and probably cooling for the Raspberry PI.
167
167
168 ##### `ENABLE_I2C`=false
168 ##### `ENABLE_I2C`=false
169 Enable I2C interface on the RPi 0/1/2/3. Please check the [RPi 0/1/2/3 pinout diagrams](https://elinux.org/RPi_Low-level_peripherals) to connect the right GPIO pins.
169 Enable I2C interface on the RPi 0/1/2/3. Please check the [RPi 0/1/2/3 pinout diagrams](https://elinux.org/RPi_Low-level_peripherals) to connect the right GPIO pins.
170
170
171 ##### `ENABLE_SPI`=false
171 ##### `ENABLE_SPI`=false
172 Enable SPI interface on the RPi 0/1/2/3. Please check the [RPi 0/1/2/3 pinout diagrams](https://elinux.org/RPi_Low-level_peripherals) to connect the right GPIO pins.
172 Enable SPI interface on the RPi 0/1/2/3. Please check the [RPi 0/1/2/3 pinout diagrams](https://elinux.org/RPi_Low-level_peripherals) to connect the right GPIO pins.
173
173
174 ##### `ENABLE_IPV6`=true
174 ##### `ENABLE_IPV6`=true
175 Enable IPv6 support. The network interface configuration is managed via systemd-networkd.
175 Enable IPv6 support. The network interface configuration is managed via systemd-networkd.
176
176
177 ##### `ENABLE_SSHD`=true
177 ##### `ENABLE_SSHD`=true
178 Install and enable OpenSSH service. The default configuration of the service doesn't allow `root` to login. Please use the user `pi` instead and `su -` or `sudo` to execute commands as root.
178 Install and enable OpenSSH service. The default configuration of the service doesn't allow `root` to login. Please use the user `pi` instead and `su -` or `sudo` to execute commands as root.
179
179
180 ##### `ENABLE_NONFREE`=false
180 ##### `ENABLE_NONFREE`=false
181 Allow the installation of non-free Debian packages that do not comply with the DFSG. This is required to install closed-source firmware binary blobs.
181 Allow the installation of non-free Debian packages that do not comply with the DFSG. This is required to install closed-source firmware binary blobs.
182
182
183 ##### `ENABLE_WIRELESS`=false
183 ##### `ENABLE_WIRELESS`=false
184 Download and install the [closed-source firmware binary blob](https://github.com/RPi-Distro/firmware-nonfree/raw/master/brcm) that is required to run the internal wireless interface of the Raspberry Pi model `3`. This parameter is ignored if the specified `RPI_MODEL` is not `3`.
184 Download and install the [closed-source firmware binary blob](https://github.com/RPi-Distro/firmware-nonfree/raw/master/brcm) that is required to run the internal wireless interface of the Raspberry Pi model `3`. This parameter is ignored if the specified `RPI_MODEL` is not `3`.
185
185
186 ##### `ENABLE_RSYSLOG`=true
186 ##### `ENABLE_RSYSLOG`=true
187 If set to false, disable and uninstall rsyslog (so logs will be available only in journal files)
187 If set to false, disable and uninstall rsyslog (so logs will be available only in journal files)
188
188
189 ##### `ENABLE_SOUND`=true
189 ##### `ENABLE_SOUND`=true
190 Enable sound hardware and install Advanced Linux Sound Architecture.
190 Enable sound hardware and install Advanced Linux Sound Architecture.
191
191
192 ##### `ENABLE_HWRANDOM`=true
192 ##### `ENABLE_HWRANDOM`=true
193 Enable Hardware Random Number Generator. Strong random numbers are important for most network-based communications that use encryption. It's recommended to be enabled.
193 Enable Hardware Random Number Generator. Strong random numbers are important for most network-based communications that use encryption. It's recommended to be enabled.
194
194
195 ##### `ENABLE_MINGPU`=false
195 ##### `ENABLE_MINGPU`=false
196 Minimize the amount of shared memory reserved for the GPU. It doesn't seem to be possible to fully disable the GPU.
196 Minimize the amount of shared memory reserved for the GPU. It doesn't seem to be possible to fully disable the GPU.
197
197
198 ##### `ENABLE_DBUS`=true
198 ##### `ENABLE_DBUS`=true
199 Install and enable D-Bus message bus. Please note that systemd should work without D-bus but it's recommended to be enabled.
199 Install and enable D-Bus message bus. Please note that systemd should work without D-bus but it's recommended to be enabled.
200
200
201 ##### `ENABLE_XORG`=false
201 ##### `ENABLE_XORG`=false
202 Install Xorg open-source X Window System.
202 Install Xorg open-source X Window System.
203
203
204 ##### `ENABLE_WM`=""
204 ##### `ENABLE_WM`=""
205 Install a user-defined window manager for the X Window System. To make sure all X related package dependencies are getting installed `ENABLE_XORG` will automatically get enabled if `ENABLE_WM` is used. The `rpi23-gen-image.sh` script has been tested with the following list of window managers: `blackbox`, `openbox`, `fluxbox`, `jwm`, `dwm`, `xfce4`, `awesome`.
205 Install a user-defined window manager for the X Window System. To make sure all X related package dependencies are getting installed `ENABLE_XORG` will automatically get enabled if `ENABLE_WM` is used. The `rpi23-gen-image.sh` script has been tested with the following list of window managers: `blackbox`, `openbox`, `fluxbox`, `jwm`, `dwm`, `xfce4`, `awesome`.
206
206
207 ##### `ENABLE_SYSVINIT`=false
207 ##### `ENABLE_SYSVINIT`=false
208 Support for halt,init,poweroff,reboot,runlevel,shutdown,telinit commands
208 Support for halt,init,poweroff,reboot,runlevel,shutdown,telinit commands
209
209
210 ---
210 ---
211
211
212 #### Advanced system features:
212 #### Advanced system features:
213 ##### `ENABLE_SYSTEMDSWAP`=false
214 Enables [Systemd-swap service](https://github.com/Nefelim4ag/systemd-swap). Usefull if `KERNEL_ZSWAP` is enabled.
215
213 ##### `ENABLE_MINBASE`=false
216 ##### `ENABLE_MINBASE`=false
214 Use debootstrap script variant `minbase` which only includes essential packages and apt. This will reduce the disk usage by about 65 MB.
217 Use debootstrap script variant `minbase` which only includes essential packages and apt. This will reduce the disk usage by about 65 MB.
215
218
216 ##### `ENABLE_REDUCE`=false
219 ##### `ENABLE_REDUCE`=false
217 Reduce the disk space usage by deleting packages and files. See `REDUCE_*` parameters for detailed information.
220 Reduce the disk space usage by deleting packages and files. See `REDUCE_*` parameters for detailed information.
218
221
219 ##### `ENABLE_UBOOT`=false
222 ##### `ENABLE_UBOOT`=false
220 Replace the default RPi 0/1/2/3 second stage bootloader (bootcode.bin) with [U-Boot bootloader](https://git.denx.de/?p=u-boot.git;a=summary). U-Boot can boot images via the network using the BOOTP/TFTP protocol.
223 Replace the default RPi 0/1/2/3 second stage bootloader (bootcode.bin) with [U-Boot bootloader](https://git.denx.de/?p=u-boot.git;a=summary). U-Boot can boot images via the network using the BOOTP/TFTP protocol.
221
224
222 ##### `UBOOTSRC_DIR`=""
225 ##### `UBOOTSRC_DIR`=""
223 Path to a directory (`u-boot`) of [U-Boot bootloader sources](https://git.denx.de/?p=u-boot.git;a=summary) that will be copied, configured, build and installed inside the chroot.
226 Path to a directory (`u-boot`) of [U-Boot bootloader sources](https://git.denx.de/?p=u-boot.git;a=summary) that will be copied, configured, build and installed inside the chroot.
224
227
225 ##### `ENABLE_FBTURBO`=false
228 ##### `ENABLE_FBTURBO`=false
226 Install and enable the [hardware accelerated Xorg video driver](https://github.com/ssvb/xf86-video-fbturbo) `fbturbo`. Please note that this driver is currently limited to hardware accelerated window moving and scrolling.
229 Install and enable the [hardware accelerated Xorg video driver](https://github.com/ssvb/xf86-video-fbturbo) `fbturbo`. Please note that this driver is currently limited to hardware accelerated window moving and scrolling.
227
230
228 ##### `FBTURBOSRC_DIR`=""
231 ##### `FBTURBOSRC_DIR`=""
229 Path to a directory (`xf86-video-fbturbo`) of [hardware accelerated Xorg video driver sources](https://github.com/ssvb/xf86-video-fbturbo) that will be copied, configured, build and installed inside the chroot.
232 Path to a directory (`xf86-video-fbturbo`) of [hardware accelerated Xorg video driver sources](https://github.com/ssvb/xf86-video-fbturbo) that will be copied, configured, build and installed inside the chroot.
230
233
231 ##### `ENABLE_VIDEOCORE`=false
234 ##### `ENABLE_VIDEOCORE`=false
232 Install and enable the [ARM side libraries for interfacing to Raspberry Pi GPU](https://github.com/raspberrypi/userland) `vcgencmd`. Please note that this driver is currently limited to hardware accelerated window moving and scrolling.
235 Install and enable the [ARM side libraries for interfacing to Raspberry Pi GPU](https://github.com/raspberrypi/userland) `vcgencmd`. Please note that this driver is currently limited to hardware accelerated window moving and scrolling.
233
236
234 ##### `VIDEOCORESRC_DIR`=""
237 ##### `VIDEOCORESRC_DIR`=""
235 Path to a directory (`userland`) of [ARM side libraries for interfacing to Raspberry Pi GPU](https://github.com/raspberrypi/userland) that will be copied, configured, build and installed inside the chroot.
238 Path to a directory (`userland`) of [ARM side libraries for interfacing to Raspberry Pi GPU](https://github.com/raspberrypi/userland) that will be copied, configured, build and installed inside the chroot.
236
239
240 ##### `ENABLE_NEXMON`=false
241 Install and enable the [Source code for a C-based firmware patching framework for Broadcom/Cypress WiFi chips that enables you to write your own firmware patches, for example, to enable monitor mode with radiotap headers and frame injection](https://github.com/seemoo-lab/nexmon.git).
242
243 ##### `NEXMONSRC_DIR`=""
244 Path to a directory (`nexmon`) of [Source code for ARM side libraries for interfacing to Raspberry Pi GPU](https://github.com/raspberrypi/userland) that will be copied, configured, build and installed inside the chroot.
245
237 ##### `ENABLE_IPTABLES`=false
246 ##### `ENABLE_IPTABLES`=false
238 Enable iptables IPv4/IPv6 firewall. Simplified ruleset: Allow all outgoing connections. Block all incoming connections except to OpenSSH service.
247 Enable iptables IPv4/IPv6 firewall. Simplified ruleset: Allow all outgoing connections. Block all incoming connections except to OpenSSH service.
239
248
240 ##### `ENABLE_USER`=true
249 ##### `ENABLE_USER`=true
241 Create non-root user with password `USER_PASSWORD`=raspberry. Unless overridden with `USER_NAME`=user, the username will be `pi`.
250 Create non-root user with password `USER_PASSWORD`=raspberry. Unless overridden with `USER_NAME`=user, the username will be `pi`.
242
251
243 ##### `USER_NAME`=pi
252 ##### `USER_NAME`=pi
244 Non-root user to create. Ignored if `ENABLE_USER`=false
253 Non-root user to create. Ignored if `ENABLE_USER`=false
245
254
246 ##### `ENABLE_ROOT`=false
255 ##### `ENABLE_ROOT`=false
247 Set root user password so root login will be enabled
256 Set root user password so root login will be enabled
248
257
249 ##### `ENABLE_HARDNET`=false
258 ##### `ENABLE_HARDNET`=false
250 Enable IPv4/IPv6 network stack hardening settings.
259 Enable IPv4/IPv6 network stack hardening settings.
251
260
252 ##### `ENABLE_SPLITFS`=false
261 ##### `ENABLE_SPLITFS`=false
253 Enable having root partition on an USB drive by creating two image files: one for the `/boot/firmware` mount point, and another for `/`.
262 Enable having root partition on an USB drive by creating two image files: one for the `/boot/firmware` mount point, and another for `/`.
254
263
255 ##### `CHROOT_SCRIPTS`=""
264 ##### `CHROOT_SCRIPTS`=""
256 Path to a directory with scripts that should be run in the chroot before the image is finally built. Every executable file in this directory is run in lexicographical order.
265 Path to a directory with scripts that should be run in the chroot before the image is finally built. Every executable file in this directory is run in lexicographical order.
257
266
258 ##### `ENABLE_INITRAMFS`=false
267 ##### `ENABLE_INITRAMFS`=false
259 Create an initramfs that that will be loaded during the Linux startup process. `ENABLE_INITRAMFS` will automatically get enabled if `ENABLE_CRYPTFS`=true. This parameter will be ignored if `BUILD_KERNEL`=false.
268 Create an initramfs that that will be loaded during the Linux startup process. `ENABLE_INITRAMFS` will automatically get enabled if `ENABLE_CRYPTFS`=true. This parameter will be ignored if `BUILD_KERNEL`=false.
260
269
261 ##### `ENABLE_IFNAMES`=true
270 ##### `ENABLE_IFNAMES`=true
262 Enable automatic assignment of predictable, stable network interface names for all local Ethernet, WLAN interfaces. This might create complex and long interface names.
271 Enable automatic assignment of predictable, stable network interface names for all local Ethernet, WLAN interfaces. This might create complex and long interface names.
263
272
264 ##### `DISABLE_UNDERVOLT_WARNINGS`=
273 ##### `DISABLE_UNDERVOLT_WARNINGS`=
265 Disable RPi2/3 under-voltage warnings and overlays. Setting the parameter to `1` will disable the warning overlay. Setting it to `2` will additionally allow RPi2/3 turbo mode when low-voltage is present.
274 Disable RPi2/3 under-voltage warnings and overlays. Setting the parameter to `1` will disable the warning overlay. Setting it to `2` will additionally allow RPi2/3 turbo mode when low-voltage is present.
266
275
267 ---
276 ---
268
277
269 #### SSH settings:
278 #### SSH settings:
270 ##### `SSH_ENABLE_ROOT`=false
279 ##### `SSH_ENABLE_ROOT`=false
271 Enable password-based root login via SSH. This may be a security risk with the default password set, use only in trusted environments. `ENABLE_ROOT` must be set to `true`.
280 Enable password-based root login via SSH. This may be a security risk with the default password set, use only in trusted environments. `ENABLE_ROOT` must be set to `true`.
272
281
273 ##### `SSH_DISABLE_PASSWORD_AUTH`=false
282 ##### `SSH_DISABLE_PASSWORD_AUTH`=false
274 Disable password-based SSH authentication. Only public key based SSH (v2) authentication will be supported.
283 Disable password-based SSH authentication. Only public key based SSH (v2) authentication will be supported.
275
284
276 ##### `SSH_LIMIT_USERS`=false
285 ##### `SSH_LIMIT_USERS`=false
277 Limit the users that are allowed to login via SSH. Only allow user `USER_NAME`=pi and root if `SSH_ENABLE_ROOT`=true to login. This parameter will be ignored if `dropbear` SSH is used (`REDUCE_SSHD`=true).
286 Limit the users that are allowed to login via SSH. Only allow user `USER_NAME`=pi and root if `SSH_ENABLE_ROOT`=true to login. This parameter will be ignored if `dropbear` SSH is used (`REDUCE_SSHD`=true).
278
287
279 ##### `SSH_ROOT_PUB_KEY`=""
288 ##### `SSH_ROOT_PUB_KEY`=""
280 Add SSH (v2) public key(s) from specified file to `authorized_keys` file to enable public key based SSH (v2) authentication of user `root`. The specified file can also contain multiple SSH (v2) public keys. SSH protocol version 1 is not supported. `ENABLE_ROOT` **and** `SSH_ENABLE_ROOT` must be set to `true`.
289 Add SSH (v2) public key(s) from specified file to `authorized_keys` file to enable public key based SSH (v2) authentication of user `root`. The specified file can also contain multiple SSH (v2) public keys. SSH protocol version 1 is not supported. `ENABLE_ROOT` **and** `SSH_ENABLE_ROOT` must be set to `true`.
281
290
282 ##### `SSH_USER_PUB_KEY`=""
291 ##### `SSH_USER_PUB_KEY`=""
283 Add SSH (v2) public key(s) from specified file to `authorized_keys` file to enable public key based SSH (v2) authentication of user `USER_NAME`=pi. The specified file can also contain multiple SSH (v2) public keys. SSH protocol version 1 is not supported.
292 Add SSH (v2) public key(s) from specified file to `authorized_keys` file to enable public key based SSH (v2) authentication of user `USER_NAME`=pi. The specified file can also contain multiple SSH (v2) public keys. SSH protocol version 1 is not supported.
284
293
285 ---
294 ---
286
295
287 #### Kernel compilation:
296 #### Kernel compilation:
288 ##### `BUILD_KERNEL`=true
297 ##### `BUILD_KERNEL`=true
289 Build and install the latest RPi 0/1/2/3 Linux kernel. Currently only the default RPi 0/1/2/3 kernel configuration is used.
298 Build and install the latest RPi 0/1/2/3 Linux kernel. Currently only the default RPi 0/1/2/3 kernel configuration is used.
290
299
291 ##### `CROSS_COMPILE`="arm-linux-gnueabihf-"
300 ##### `CROSS_COMPILE`="arm-linux-gnueabihf-"
292 This sets the cross-compile environment for the compiler.
301 This sets the cross-compile environment for the compiler.
293
302
294 ##### `KERNEL_ARCH`="arm"
303 ##### `KERNEL_ARCH`="arm"
295 This sets the kernel architecture for the compiler.
304 This sets the kernel architecture for the compiler.
296
305
297 ##### `KERNEL_IMAGE`="kernel7.img"
306 ##### `KERNEL_IMAGE`="kernel7.img"
298 Name of the image file in the boot partition. If not set, `KERNEL_IMAGE` will be set to "kernel8.img" automatically if building for arm64.
307 Name of the image file in the boot partition. If not set, `KERNEL_IMAGE` will be set to "kernel8.img" automatically if building for arm64.
299
308
300 ##### `KERNEL_BRANCH`=""
309 ##### `KERNEL_BRANCH`=""
301 Name of the requested branch from the GIT location for the RPi Kernel. Default is using the current default branch from the GIT site.
310 Name of the requested branch from the GIT location for the RPi Kernel. Default is using the current default branch from the GIT site.
302
311
303 ##### `QEMU_BINARY`="/usr/bin/qemu-arm-static"
312 ##### `QEMU_BINARY`="/usr/bin/qemu-arm-static"
304 Sets the QEMU enviornment for the Debian archive. If not set, `QEMU_BINARY` will be set to "/usr/bin/qemu-aarch64-static" automatically if building for arm64.
313 Sets the QEMU enviornment for the Debian archive. If not set, `QEMU_BINARY` will be set to "/usr/bin/qemu-aarch64-static" automatically if building for arm64.
305
314
306 ##### `KERNEL_DEFCONFIG`="bcm2709_defconfig"
315 ##### `KERNEL_DEFCONFIG`="bcm2709_defconfig"
307 Sets the default config for kernel compiling. If not set, `KERNEL_DEFCONFIG` will be set to "bcmrpi3\_defconfig" automatically if building for arm64.
316 Sets the default config for kernel compiling. If not set, `KERNEL_DEFCONFIG` will be set to "bcmrpi3\_defconfig" automatically if building for arm64.
308
317
309 ##### `KERNEL_REDUCE`=false
318 ##### `KERNEL_REDUCE`=false
310 Reduce the size of the generated kernel by removing unwanted devices, network and filesystem drivers (experimental).
319 Reduce the size of the generated kernel by removing unwanted devices, network and filesystem drivers (experimental).
311
320
312 ##### `KERNEL_THREADS`=1
321 ##### `KERNEL_THREADS`=1
313 Number of parallel kernel building threads. If the parameter is left untouched the script will automatically determine the number of CPU cores to set the number of parallel threads to speed the kernel compilation.
322 Number of parallel kernel building threads. If the parameter is left untouched the script will automatically determine the number of CPU cores to set the number of parallel threads to speed the kernel compilation.
314
323
315 ##### `KERNEL_HEADERS`=true
324 ##### `KERNEL_HEADERS`=true
316 Install kernel headers with the built kernel.
325 Install kernel headers with the built kernel.
317
326
318 ##### `KERNEL_MENUCONFIG`=false
327 ##### `KERNEL_MENUCONFIG`=false
319 Start `make menuconfig` interactive menu-driven kernel configuration. The script will continue after `make menuconfig` was terminated.
328 Start `make menuconfig` interactive menu-driven kernel configuration. The script will continue after `make menuconfig` was terminated.
320
329
321 ##### `KERNEL_OLDDEFCONFIG`=false
330 ##### `KERNEL_OLDDEFCONFIG`=false
322 Run `make olddefconfig` to automatically set all new kernel configuration options to their recommended default values.
331 Run `make olddefconfig` to automatically set all new kernel configuration options to their recommended default values.
323
332
324 ##### `KERNEL_CCACHE`=false
333 ##### `KERNEL_CCACHE`=false
325 Compile the kernel using ccache. This speeds up kernel recompilation by caching previous compilations and detecting when the same compilation is being done again.
334 Compile the kernel using ccache. This speeds up kernel recompilation by caching previous compilations and detecting when the same compilation is being done again.
326
335
327 ##### `KERNEL_REMOVESRC`=true
336 ##### `KERNEL_REMOVESRC`=true
328 Remove all kernel sources from the generated OS image after it was built and installed.
337 Remove all kernel sources from the generated OS image after it was built and installed.
329
338
330 ##### `KERNELSRC_DIR`=""
339 ##### `KERNELSRC_DIR`=""
331 Path to a directory (`linux`) of [RaspberryPi Linux kernel sources](https://github.com/raspberrypi/linux) that will be copied, configured, build and installed inside the chroot.
340 Path to a directory (`linux`) of [RaspberryPi Linux kernel sources](https://github.com/raspberrypi/linux) that will be copied, configured, build and installed inside the chroot.
332
341
333 ##### `KERNELSRC_CLEAN`=false
342 ##### `KERNELSRC_CLEAN`=false
334 Clean the existing kernel sources directory `KERNELSRC_DIR` (using `make mrproper`) after it was copied to the chroot and before the compilation of the kernel has started. This parameter will be ignored if no `KERNELSRC_DIR` was specified or if `KERNELSRC_PREBUILT`=true.
343 Clean the existing kernel sources directory `KERNELSRC_DIR` (using `make mrproper`) after it was copied to the chroot and before the compilation of the kernel has started. This parameter will be ignored if no `KERNELSRC_DIR` was specified or if `KERNELSRC_PREBUILT`=true.
335
344
336 ##### `KERNELSRC_CONFIG`=true
345 ##### `KERNELSRC_CONFIG`=true
337 Run `make bcm2709_defconfig` (and optional `make menuconfig`) to configure the kernel sources before building. This parameter is automatically set to `true` if no existing kernel sources directory was specified using `KERNELSRC_DIR`. This parameter is ignored if `KERNELSRC_PREBUILT`=true.
346 Run `make bcm2709_defconfig` (and optional `make menuconfig`) to configure the kernel sources before building. This parameter is automatically set to `true` if no existing kernel sources directory was specified using `KERNELSRC_DIR`. This parameter is ignored if `KERNELSRC_PREBUILT`=true.
338
347
339 ##### `KERNELSRC_USRCONFIG`=""
348 ##### `KERNELSRC_USRCONFIG`=""
340 Copy own config file to kernel `.config`. If `KERNEL_MENUCONFIG`=true then running after copy.
349 Copy own config file to kernel `.config`. If `KERNEL_MENUCONFIG`=true then running after copy.
341
350
342 ##### `KERNELSRC_PREBUILT`=false
351 ##### `KERNELSRC_PREBUILT`=false
343 With this parameter set to true the script expects the existing kernel sources directory to be already successfully cross-compiled. The parameters `KERNELSRC_CLEAN`, `KERNELSRC_CONFIG`, `KERNELSRC_USRCONFIG` and `KERNEL_MENUCONFIG` are ignored and no kernel compilation tasks are performed.
352 With this parameter set to true the script expects the existing kernel sources directory to be already successfully cross-compiled. The parameters `KERNELSRC_CLEAN`, `KERNELSRC_CONFIG`, `KERNELSRC_USRCONFIG` and `KERNEL_MENUCONFIG` are ignored and no kernel compilation tasks are performed.
344
353
345 ##### `RPI_FIRMWARE_DIR`=""
354 ##### `RPI_FIRMWARE_DIR`=""
346 The directory (`firmware`) containing a local copy of the firmware from the [RaspberryPi firmware project](https://github.com/raspberrypi/firmware). Default is to download the latest firmware directly from the project.
355 The directory (`firmware`) containing a local copy of the firmware from the [RaspberryPi firmware project](https://github.com/raspberrypi/firmware). Default is to download the latest firmware directly from the project.
347
356
357 ##### `KERNEL_DEFAULT_GOV`="ONDEMAND"
358 Set the default cpu governor at kernel compilation. Supported values are: PERFORMANCE POWERSAVE USERSPACE ONDEMAND CONSERVATIVE SCHEDUTIL
359
360 ##### `KERNEL_NF`=false
361 Enable Netfilter modules as kernel modules
362
363 ##### `KERNEL_VIRT`=false
364 Enable Kernel KVM support (/dev/kvm)
365
366 ##### `KERNEL_ZSWAP`=false
367 Enable Kernel Zswap support. Best use on high RAM load and mediocre CPU load usecases
368
369 ##### `KERNEL_BPF`=true
370 Allow attaching eBPF programs to a cgroup using the bpf syscall (CONFIG_BPF_SYSCALL CONFIG_CGROUP_BPF) [systemd compilations about it - File /lib/systemd/system/systemd-journald.server:36 configures an IP firewall (IPAddressDeny=all), but the local system does not support BPF/cgroup based firewalls]
371
372 ##### `KERNEL_SECURITY`=false
373 Enables Apparmor, integrity subsystem, auditing
348 ---
374 ---
349
375
350 #### Reduce disk usage:
376 #### Reduce disk usage:
351 The following list of parameters is ignored if `ENABLE_REDUCE`=false.
377 The following list of parameters is ignored if `ENABLE_REDUCE`=false.
352
378
353 ##### `REDUCE_APT`=true
379 ##### `REDUCE_APT`=true
354 Configure APT to use compressed package repository lists and no package caching files.
380 Configure APT to use compressed package repository lists and no package caching files.
355
381
356 ##### `REDUCE_DOC`=true
382 ##### `REDUCE_DOC`=true
357 Remove all doc files (harsh). Configure APT to not include doc files on future `apt-get` package installations.
383 Remove all doc files (harsh). Configure APT to not include doc files on future `apt-get` package installations.
358
384
359 ##### `REDUCE_MAN`=true
385 ##### `REDUCE_MAN`=true
360 Remove all man pages and info files (harsh). Configure APT to not include man pages on future `apt-get` package installations.
386 Remove all man pages and info files (harsh). Configure APT to not include man pages on future `apt-get` package installations.
361
387
362 ##### `REDUCE_VIM`=false
388 ##### `REDUCE_VIM`=false
363 Replace `vim-tiny` package by `levee` a tiny vim clone.
389 Replace `vim-tiny` package by `levee` a tiny vim clone.
364
390
365 ##### `REDUCE_BASH`=false
391 ##### `REDUCE_BASH`=false
366 Remove `bash` package and switch to `dash` shell (experimental).
392 Remove `bash` package and switch to `dash` shell (experimental).
367
393
368 ##### `REDUCE_HWDB`=true
394 ##### `REDUCE_HWDB`=true
369 Remove PCI related hwdb files (experimental).
395 Remove PCI related hwdb files (experimental).
370
396
371 ##### `REDUCE_SSHD`=true
397 ##### `REDUCE_SSHD`=true
372 Replace `openssh-server` with `dropbear`.
398 Replace `openssh-server` with `dropbear`.
373
399
374 ##### `REDUCE_LOCALE`=true
400 ##### `REDUCE_LOCALE`=true
375 Remove all `locale` translation files.
401 Remove all `locale` translation files.
376
402
377 ---
403 ---
378
404
379 #### Encrypted root partition:
405 #### Encrypted root partition:
380 ##### `ENABLE_CRYPTFS`=false
406 ##### `ENABLE_CRYPTFS`=false
381 Enable full system encryption with dm-crypt. Setup a fully LUKS encrypted root partition (aes-xts-plain64:sha512) and generate required initramfs. The /boot directory will not be encrypted. This parameter will be ignored if `BUILD_KERNEL`=false. `ENABLE_CRYPTFS` is experimental. SSH-to-initramfs is currently not supported but will be soon - feel free to help.
407 Enable full system encryption with dm-crypt. Setup a fully LUKS encrypted root partition (aes-xts-plain64:sha512) and generate required initramfs. The /boot directory will not be encrypted. This parameter will be ignored if `BUILD_KERNEL`=false. `ENABLE_CRYPTFS` is experimental. SSH-to-initramfs is currently not supported but will be soon - feel free to help.
382
408
383 ##### `CRYPTFS_PASSWORD`=""
409 ##### `CRYPTFS_PASSWORD`=""
384 Set password of the encrypted root partition. This parameter is mandatory if `ENABLE_CRYPTFS`=true.
410 Set password of the encrypted root partition. This parameter is mandatory if `ENABLE_CRYPTFS`=true.
385
411
386 ##### `CRYPTFS_MAPPING`="secure"
412 ##### `CRYPTFS_MAPPING`="secure"
387 Set name of dm-crypt managed device-mapper mapping.
413 Set name of dm-crypt managed device-mapper mapping.
388
414
389 ##### `CRYPTFS_CIPHER`="aes-xts-plain64:sha512"
415 ##### `CRYPTFS_CIPHER`="aes-xts-plain64:sha512"
390 Set cipher specification string. `aes-xts*` ciphers are strongly recommended.
416 Set cipher specification string. `aes-xts*` ciphers are strongly recommended.
391
417
392 ##### `CRYPTFS_XTSKEYSIZE`=512
418 ##### `CRYPTFS_XTSKEYSIZE`=512
393 Sets key size in bits. The argument has to be a multiple of 8.
419 Sets key size in bits. The argument has to be a multiple of 8.
394
420
395 ---
421 ---
396
422
397 #### Build settings:
423 #### Build settings:
398 ##### `BASEDIR`=$(pwd)/images/${RELEASE}
424 ##### `BASEDIR`=$(pwd)/images/${RELEASE}
399 Set a path to a working directory used by the script to generate an image.
425 Set a path to a working directory used by the script to generate an image.
400
426
401 ##### `IMAGE_NAME`=${BASEDIR}/${DATE}-${KERNEL_ARCH}-${KERNEL_BRANCH}-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}
427 ##### `IMAGE_NAME`=${BASEDIR}/${DATE}-${KERNEL_ARCH}-${KERNEL_BRANCH}-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}
402 Set a filename for the output file(s). Note: the script will create $IMAGE_NAME.img if `ENABLE_SPLITFS`=false or $IMAGE_NAME-frmw.img and $IMAGE_NAME-root.img if `ENABLE_SPLITFS`=true. Note 2: If the KERNEL_BRANCH is not set, the word "CURRENT" is used.
428 Set a filename for the output file(s). Note: the script will create $IMAGE_NAME.img if `ENABLE_SPLITFS`=false or $IMAGE_NAME-frmw.img and $IMAGE_NAME-root.img if `ENABLE_SPLITFS`=true. Note 2: If the KERNEL_BRANCH is not set, the word "CURRENT" is used.
403
429
404 ## Understanding the script
430 ## Understanding the script
405 The functions of this script that are required for the different stages of the bootstrapping are split up into single files located inside the `bootstrap.d` directory. During the bootstrapping every script in this directory gets executed in lexicographical order:
431 The functions of this script that are required for the different stages of the bootstrapping are split up into single files located inside the `bootstrap.d` directory. During the bootstrapping every script in this directory gets executed in lexicographical order:
406
432
407 | Script | Description |
433 | Script | Description |
408 | --- | --- |
434 | --- | --- |
409 | `10-bootstrap.sh` | Debootstrap basic system |
435 | `10-bootstrap.sh` | Debootstrap basic system |
410 | `11-apt.sh` | Setup APT repositories |
436 | `11-apt.sh` | Setup APT repositories |
411 | `12-locale.sh` | Setup Locales and keyboard settings |
437 | `12-locale.sh` | Setup Locales and keyboard settings |
412 | `13-kernel.sh` | Build and install RPi 0/1/2/3 Kernel |
438 | `13-kernel.sh` | Build and install RPi 0/1/2/3 Kernel |
413 | `14-fstab.sh` | Setup fstab and initramfs |
439 | `14-fstab.sh` | Setup fstab and initramfs |
414 | `15-rpi-config.sh` | Setup RPi 0/1/2/3 config and cmdline |
440 | `15-rpi-config.sh` | Setup RPi 0/1/2/3 config and cmdline |
415 | `20-networking.sh` | Setup Networking |
441 | `20-networking.sh` | Setup Networking |
416 | `21-firewall.sh` | Setup Firewall |
442 | `21-firewall.sh` | Setup Firewall |
417 | `30-security.sh` | Setup Users and Security settings |
443 | `30-security.sh` | Setup Users and Security settings |
418 | `31-logging.sh` | Setup Logging |
444 | `31-logging.sh` | Setup Logging |
419 | `32-sshd.sh` | Setup SSH and public keys |
445 | `32-sshd.sh` | Setup SSH and public keys |
420 | `41-uboot.sh` | Build and Setup U-Boot |
446 | `41-uboot.sh` | Build and Setup U-Boot |
421 | `42-fbturbo.sh` | Build and Setup fbturbo Xorg driver |
447 | `42-fbturbo.sh` | Build and Setup fbturbo Xorg driver |
422 | `43-videocore.sh` | Build and Setup videocore libraries |
448 | `43-videocore.sh` | Build and Setup videocore libraries |
423 | `50-firstboot.sh` | First boot actions |
449 | `50-firstboot.sh` | First boot actions |
424 | `99-reduce.sh` | Reduce the disk space usage |
450 | `99-reduce.sh` | Reduce the disk space usage |
425
451
426 All the required configuration files that will be copied to the generated OS image are located inside the `files` directory. It is not recommended to modify these configuration files manually.
452 All the required configuration files that will be copied to the generated OS image are located inside the `files` directory. It is not recommended to modify these configuration files manually.
427
453
428 | Directory | Description |
454 | Directory | Description |
429 | --- | --- |
455 | --- | --- |
430 | `apt` | APT management configuration files |
456 | `apt` | APT management configuration files |
431 | `boot` | Boot and RPi 0/1/2/3 configuration files |
457 | `boot` | Boot and RPi 0/1/2/3 configuration files |
432 | `dpkg` | Package Manager configuration |
458 | `dpkg` | Package Manager configuration |
433 | `etc` | Configuration files and rc scripts |
459 | `etc` | Configuration files and rc scripts |
434 | `firstboot` | Scripts that get executed on first boot |
460 | `firstboot` | Scripts that get executed on first boot |
435 | `initramfs` | Initramfs scripts |
461 | `initramfs` | Initramfs scripts |
436 | `iptables` | Firewall configuration files |
462 | `iptables` | Firewall configuration files |
437 | `locales` | Locales configuration |
463 | `locales` | Locales configuration |
438 | `modules` | Kernel Modules configuration |
464 | `modules` | Kernel Modules configuration |
439 | `mount` | Fstab configuration |
465 | `mount` | Fstab configuration |
440 | `network` | Networking configuration files |
466 | `network` | Networking configuration files |
441 | `sysctl.d` | Swapping and Network Hardening configuration |
467 | `sysctl.d` | Swapping and Network Hardening configuration |
442 | `xorg` | fbturbo Xorg driver configuration |
468 | `xorg` | fbturbo Xorg driver configuration |
443
469
444 ## Custom packages and scripts
470 ## Custom packages and scripts
445 Debian custom packages, i.e. those not in the debian repositories, can be installed by placing them in the `packages` directory. They are installed immediately after packages from the repositories are installed. Any dependencies listed in the custom packages will be downloaded automatically from the repositories. Do not list these custom packages in `APT_INCLUDES`.
471 Debian custom packages, i.e. those not in the debian repositories, can be installed by placing them in the `packages` directory. They are installed immediately after packages from the repositories are installed. Any dependencies listed in the custom packages will be downloaded automatically from the repositories. Do not list these custom packages in `APT_INCLUDES`.
446
472
447 Scripts in the custom.d directory will be executed after all other installation is complete but before the image is created.
473 Scripts in the custom.d directory will be executed after all other installation is complete but before the image is created.
448
474
449 ## Logging of the bootstrapping process
475 ## Logging of the bootstrapping process
450 All information related to the bootstrapping process and the commands executed by the `rpi23-gen-image.sh` script can easily be saved into a logfile. The common shell command `script` can be used for this purpose:
476 All information related to the bootstrapping process and the commands executed by the `rpi23-gen-image.sh` script can easily be saved into a logfile. The common shell command `script` can be used for this purpose:
451
477
452 ```shell
478 ```shell
453 script -c 'APT_SERVER=ftp.de.debian.org ./rpi23-gen-image.sh' ./build.log
479 script -c 'APT_SERVER=ftp.de.debian.org ./rpi23-gen-image.sh' ./build.log
454 ```
480 ```
455
481
456 ## Flashing the image file
482 ## Flashing the image file
457 After the image file was successfully created by the `rpi23-gen-image.sh` script it can be copied to the microSD card that will be used by the RPi 0/1/2/3 computer. This can be performed by using the tools `bmaptool` or `dd`. Using `bmaptool` will probably speed-up the copy process because `bmaptool` copies more wisely than `dd`.
483 After the image file was successfully created by the `rpi23-gen-image.sh` script it can be copied to the microSD card that will be used by the RPi 0/1/2/3 computer. This can be performed by using the tools `bmaptool` or `dd`. Using `bmaptool` will probably speed-up the copy process because `bmaptool` copies more wisely than `dd`.
458
484
459 ##### Flashing examples:
485 ##### Flashing examples:
460 ```shell
486 ```shell
461 bmaptool copy ./images/buster/2017-01-23-rpi3-buster.img /dev/mmcblk0
487 bmaptool copy ./images/buster/2017-01-23-rpi3-buster.img /dev/mmcblk0
462 dd bs=4M if=./images/buster/2017-01-23-rpi3-buster.img of=/dev/mmcblk0
488 dd bs=4M if=./images/buster/2017-01-23-rpi3-buster.img of=/dev/mmcblk0
463 ```
489 ```
464 If you have set `ENABLE_SPLITFS`, copy the `-frmw` image on the microSD card, then the `-root` one on the USB drive:
490 If you have set `ENABLE_SPLITFS`, copy the `-frmw` image on the microSD card, then the `-root` one on the USB drive:
465 ```shell
491 ```shell
466 bmaptool copy ./images/buster/2017-01-23-rpi3-buster-frmw.img /dev/mmcblk0
492 bmaptool copy ./images/buster/2017-01-23-rpi3-buster-frmw.img /dev/mmcblk0
467 bmaptool copy ./images/buster/2017-01-23-rpi3-buster-root.img /dev/sdc
493 bmaptool copy ./images/buster/2017-01-23-rpi3-buster-root.img /dev/sdc
468 ```
494 ```
469
495
470 ## QEMU emulation
496 ## QEMU emulation
471 Start QEMU full system emulation:
497 Start QEMU full system emulation:
472 ```shell
498 ```shell
473 qemu-system-arm -m 2048M -M vexpress-a15 -cpu cortex-a15 -kernel kernel7.img -no-reboot -dtb vexpress-v2p-ca15_a7.dtb -sd ${IMAGE_NAME}.qcow2 -append "root=/dev/mmcblk0p2 rw rootfstype=ext4 console=tty1"
499 qemu-system-arm -m 2048M -M vexpress-a15 -cpu cortex-a15 -kernel kernel7.img -no-reboot -dtb vexpress-v2p-ca15_a7.dtb -sd ${IMAGE_NAME}.qcow2 -append "root=/dev/mmcblk0p2 rw rootfstype=ext4 console=tty1"
474 ```
500 ```
475
501
476 Start QEMU full system emulation and output to console:
502 Start QEMU full system emulation and output to console:
477 ```shell
503 ```shell
478 qemu-system-arm -m 2048M -M vexpress-a15 -cpu cortex-a15 -kernel kernel7.img -no-reboot -dtb vexpress-v2p-ca15_a7.dtb -sd ${IMAGE_NAME}.qcow2 -append "root=/dev/mmcblk0p2 rw rootfstype=ext4 console=ttyAMA0,115200 init=/bin/systemd" -serial stdio
504 qemu-system-arm -m 2048M -M vexpress-a15 -cpu cortex-a15 -kernel kernel7.img -no-reboot -dtb vexpress-v2p-ca15_a7.dtb -sd ${IMAGE_NAME}.qcow2 -append "root=/dev/mmcblk0p2 rw rootfstype=ext4 console=ttyAMA0,115200 init=/bin/systemd" -serial stdio
479 ```
505 ```
480
506
481 Start QEMU full system emulation with SMP and output to console:
507 Start QEMU full system emulation with SMP and output to console:
482 ```shell
508 ```shell
483 qemu-system-arm -m 2048M -M vexpress-a15 -cpu cortex-a15 -smp cpus=2,maxcpus=2 -kernel kernel7.img -no-reboot -dtb vexpress-v2p-ca15_a7.dtb -sd ${IMAGE_NAME}.qcow2 -append "root=/dev/mmcblk0p2 rw rootfstype=ext4 console=ttyAMA0,115200 init=/bin/systemd" -serial stdio
509 qemu-system-arm -m 2048M -M vexpress-a15 -cpu cortex-a15 -smp cpus=2,maxcpus=2 -kernel kernel7.img -no-reboot -dtb vexpress-v2p-ca15_a7.dtb -sd ${IMAGE_NAME}.qcow2 -append "root=/dev/mmcblk0p2 rw rootfstype=ext4 console=ttyAMA0,115200 init=/bin/systemd" -serial stdio
484 ```
510 ```
485
511
486 Start QEMU full system emulation with cryptfs, initramfs and output to console:
512 Start QEMU full system emulation with cryptfs, initramfs and output to console:
487 ```shell
513 ```shell
488 qemu-system-arm -m 2048M -M vexpress-a15 -cpu cortex-a15 -kernel kernel7.img -no-reboot -dtb vexpress-v2p-ca15_a7.dtb -sd ${IMAGE_NAME}.qcow2 -initrd "initramfs-${KERNEL_VERSION}" -append "root=/dev/mapper/secure cryptdevice=/dev/mmcblk0p2:secure rw rootfstype=ext4 console=ttyAMA0,115200 init=/bin/systemd" -serial stdio
514 qemu-system-arm -m 2048M -M vexpress-a15 -cpu cortex-a15 -kernel kernel7.img -no-reboot -dtb vexpress-v2p-ca15_a7.dtb -sd ${IMAGE_NAME}.qcow2 -initrd "initramfs-${KERNEL_VERSION}" -append "root=/dev/mapper/secure cryptdevice=/dev/mmcblk0p2:secure rw rootfstype=ext4 console=ttyAMA0,115200 init=/bin/systemd" -serial stdio
489 ```
515 ```
490
516
491 ## External links and references
517 ## External links and references
492 * [Debian worldwide mirror sites](https://www.debian.org/mirror/list)
518 * [Debian worldwide mirror sites](https://www.debian.org/mirror/list)
493 * [Debian Raspberry Pi 2 Wiki](https://wiki.debian.org/RaspberryPi2)
519 * [Debian Raspberry Pi 2 Wiki](https://wiki.debian.org/RaspberryPi2)
494 * [Debian CrossToolchains Wiki](https://wiki.debian.org/CrossToolchains)
520 * [Debian CrossToolchains Wiki](https://wiki.debian.org/CrossToolchains)
495 * [Official Raspberry Pi Firmware on github](https://github.com/raspberrypi/firmware)
521 * [Official Raspberry Pi Firmware on github](https://github.com/raspberrypi/firmware)
496 * [Official Raspberry Pi Kernel on github](https://github.com/raspberrypi/linux)
522 * [Official Raspberry Pi Kernel on github](https://github.com/raspberrypi/linux)
497 * [U-BOOT git repository](https://git.denx.de/?p=u-boot.git;a=summary)
523 * [U-BOOT git repository](https://git.denx.de/?p=u-boot.git;a=summary)
498 * [Xorg DDX driver fbturbo](https://github.com/ssvb/xf86-video-fbturbo)
524 * [Xorg DDX driver fbturbo](https://github.com/ssvb/xf86-video-fbturbo)
499 * [RPi3 Wireless interface firmware](https://github.com/RPi-Distro/firmware-nonfree/tree/master/brcm80211/brcm)
525 * [RPi3 Wireless interface firmware](https://github.com/RPi-Distro/firmware-nonfree/tree/master/brcm80211/brcm)
500 * [Collabora RPi2 Kernel precompiled](https://repositories.collabora.co.uk/debian/)
526 * [Collabora RPi2 Kernel precompiled](https://repositories.collabora.co.uk/debian/)
@@ -1,255 +1,561
1 #
1 #
2 # Build and Setup RPi2/3 Kernel
2 # Build and Setup RPi2/3 Kernel
3 #
3 #
4
4
5 # Load utility functions
5 # Load utility functions
6 . ./functions.sh
6 . ./functions.sh
7
7
8 # Need to use kali kernel src if nexmon is enabled
9 if [ "$ENABLE_NEXMON" = true ] ; then
10 echo "WARNING: if ENABLE_NEXMON is used remember to put the CORRECT KERNELSRC IN KERNELSRC_DIR!!!!!1!"
11 KERNEL_URL="${KALI_KERNEL_URL}"
12 KERNEL_BRANCH=""
13 fi
14
8 # Fetch and build latest raspberry kernel
15 # Fetch and build latest raspberry kernel
9 if [ "$BUILD_KERNEL" = true ] ; then
16 if [ "$BUILD_KERNEL" = true ] ; then
10 # Setup source directory
17 # Setup source directory
11 mkdir -p "${KERNEL_DIR}"
18 mkdir -p "${KERNEL_DIR}"
12
19
13 # Copy existing kernel sources into chroot directory
20 # Copy existing kernel sources into chroot directory
14 if [ -n "$KERNELSRC_DIR" ] && [ -d "$KERNELSRC_DIR" ] ; then
21 if [ -n "$KERNELSRC_DIR" ] && [ -d "$KERNELSRC_DIR" ] ; then
15 # Copy kernel sources and include hidden files
22 # Copy kernel sources and include hidden files
16 cp -r "${KERNELSRC_DIR}/". "${KERNEL_DIR}"
23 cp -r "${KERNELSRC_DIR}/". "${KERNEL_DIR}"
17
24
18 # Clean the kernel sources
25 # Clean the kernel sources
19 if [ "$KERNELSRC_CLEAN" = true ] && [ "$KERNELSRC_PREBUILT" = false ] ; then
26 if [ "$KERNELSRC_CLEAN" = true ] && [ "$KERNELSRC_PREBUILT" = false ] ; then
20 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" mrproper
27 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" mrproper
21 fi
28 fi
22 else # KERNELSRC_DIR=""
29 else # KERNELSRC_DIR=""
23 # Create temporary directory for kernel sources
30 # Create temporary directory for kernel sources
24 temp_dir=$(as_nobody mktemp -d)
31 temp_dir=$(as_nobody mktemp -d)
25
32
26 # Fetch current RPi2/3 kernel sources
33 # Fetch current RPi2/3 kernel sources
27 if [ -z "${KERNEL_BRANCH}" ] ; then
34 if [ -z "${KERNEL_BRANCH}" ] ; then
28 as_nobody -H git -C "${temp_dir}" clone --depth=1 "${KERNEL_URL}" linux
35 as_nobody -H git -C "${temp_dir}" clone --depth=1 "${KERNEL_URL}" linux
29 else
36 else
30 as_nobody -H git -C "${temp_dir}" clone --depth=1 --branch "${KERNEL_BRANCH}" "${KERNEL_URL}" linux
37 as_nobody -H git -C "${temp_dir}" clone --depth=1 --branch "${KERNEL_BRANCH}" "${KERNEL_URL}" linux
31 fi
38 fi
32
39
33 # Copy downloaded kernel sources
40 # Copy downloaded kernel sources
34 cp -r "${temp_dir}/linux/"* "${KERNEL_DIR}"
41 cp -r "${temp_dir}/linux/"* "${KERNEL_DIR}"
35
42
36 # Remove temporary directory for kernel sources
43 # Remove temporary directory for kernel sources
37 rm -fr "${temp_dir}"
44 rm -fr "${temp_dir}"
38
45
39 # Set permissions of the kernel sources
46 # Set permissions of the kernel sources
40 chown -R root:root "${R}/usr/src"
47 chown -R root:root "${R}/usr/src"
41 fi
48 fi
42
49
43 # Calculate optimal number of kernel building threads
50 # Calculate optimal number of kernel building threads
44 if [ "$KERNEL_THREADS" = "1" ] && [ -r /proc/cpuinfo ] ; then
51 if [ "$KERNEL_THREADS" = "1" ] && [ -r /proc/cpuinfo ] ; then
45 KERNEL_THREADS=$(grep -c processor /proc/cpuinfo)
52 KERNEL_THREADS=$(grep -c processor /proc/cpuinfo)
46 fi
53 fi
47
54
48 # Configure and build kernel
55 # Configure and build kernel
49 if [ "$KERNELSRC_PREBUILT" = false ] ; then
56 if [ "$KERNELSRC_PREBUILT" = false ] ; then
50 # Remove device, network and filesystem drivers from kernel configuration
57 # Remove device, network and filesystem drivers from kernel configuration
51 if [ "$KERNEL_REDUCE" = true ] ; then
58 if [ "$KERNEL_REDUCE" = true ] ; then
52 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" "${KERNEL_DEFCONFIG}"
59 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" "${KERNEL_DEFCONFIG}"
53 sed -i\
60 sed -i\
54 -e "s/\(^CONFIG_SND.*\=\).*/\1n/"\
61 -e "s/\(^CONFIG_SND.*\=\).*/\1n/"\
55 -e "s/\(^CONFIG_SOUND.*\=\).*/\1n/"\
62 -e "s/\(^CONFIG_SOUND.*\=\).*/\1n/"\
56 -e "s/\(^CONFIG_AC97.*\=\).*/\1n/"\
63 -e "s/\(^CONFIG_AC97.*\=\).*/\1n/"\
57 -e "s/\(^CONFIG_VIDEO_.*\=\).*/\1n/"\
64 -e "s/\(^CONFIG_VIDEO_.*\=\).*/\1n/"\
58 -e "s/\(^CONFIG_MEDIA_TUNER.*\=\).*/\1n/"\
65 -e "s/\(^CONFIG_MEDIA_TUNER.*\=\).*/\1n/"\
59 -e "s/\(^CONFIG_DVB.*\=\)[ym]/\1n/"\
66 -e "s/\(^CONFIG_DVB.*\=\)[ym]/\1n/"\
60 -e "s/\(^CONFIG_REISERFS.*\=\).*/\1n/"\
67 -e "s/\(^CONFIG_REISERFS.*\=\).*/\1n/"\
61 -e "s/\(^CONFIG_JFS.*\=\).*/\1n/"\
68 -e "s/\(^CONFIG_JFS.*\=\).*/\1n/"\
62 -e "s/\(^CONFIG_XFS.*\=\).*/\1n/"\
69 -e "s/\(^CONFIG_XFS.*\=\).*/\1n/"\
63 -e "s/\(^CONFIG_GFS2.*\=\).*/\1n/"\
70 -e "s/\(^CONFIG_GFS2.*\=\).*/\1n/"\
64 -e "s/\(^CONFIG_OCFS2.*\=\).*/\1n/"\
71 -e "s/\(^CONFIG_OCFS2.*\=\).*/\1n/"\
65 -e "s/\(^CONFIG_BTRFS.*\=\).*/\1n/"\
72 -e "s/\(^CONFIG_BTRFS.*\=\).*/\1n/"\
66 -e "s/\(^CONFIG_HFS.*\=\).*/\1n/"\
73 -e "s/\(^CONFIG_HFS.*\=\).*/\1n/"\
67 -e "s/\(^CONFIG_JFFS2.*\=\)[ym]/\1n/"\
74 -e "s/\(^CONFIG_JFFS2.*\=\)[ym]/\1n/"\
68 -e "s/\(^CONFIG_UBIFS.*\=\).*/\1n/"\
75 -e "s/\(^CONFIG_UBIFS.*\=\).*/\1n/"\
69 -e "s/\(^CONFIG_SQUASHFS.*\=\)[ym]/\1n/"\
76 -e "s/\(^CONFIG_SQUASHFS.*\=\)[ym]/\1n/"\
70 -e "s/\(^CONFIG_W1.*\=\)[ym]/\1n/"\
77 -e "s/\(^CONFIG_W1.*\=\)[ym]/\1n/"\
71 -e "s/\(^CONFIG_HAMRADIO.*\=\).*/\1n/"\
78 -e "s/\(^CONFIG_HAMRADIO.*\=\).*/\1n/"\
72 -e "s/\(^CONFIG_CAN.*\=\).*/\1n/"\
79 -e "s/\(^CONFIG_CAN.*\=\).*/\1n/"\
73 -e "s/\(^CONFIG_IRDA.*\=\).*/\1n/"\
80 -e "s/\(^CONFIG_IRDA.*\=\).*/\1n/"\
74 -e "s/\(^CONFIG_BT_.*\=\).*/\1n/"\
81 -e "s/\(^CONFIG_BT_.*\=\).*/\1n/"\
75 -e "s/\(^CONFIG_WIMAX.*\=\)[ym]/\1n/"\
82 -e "s/\(^CONFIG_WIMAX.*\=\)[ym]/\1n/"\
76 -e "s/\(^CONFIG_6LOWPAN.*\=\).*/\1n/"\
83 -e "s/\(^CONFIG_6LOWPAN.*\=\).*/\1n/"\
77 -e "s/\(^CONFIG_IEEE802154.*\=\).*/\1n/"\
84 -e "s/\(^CONFIG_IEEE802154.*\=\).*/\1n/"\
78 -e "s/\(^CONFIG_NFC.*\=\).*/\1n/"\
85 -e "s/\(^CONFIG_NFC.*\=\).*/\1n/"\
79 -e "s/\(^CONFIG_FB_TFT=.*\=\).*/\1n/"\
86 -e "s/\(^CONFIG_FB_TFT=.*\=\).*/\1n/"\
80 -e "s/\(^CONFIG_TOUCHSCREEN.*\=\).*/\1n/"\
87 -e "s/\(^CONFIG_TOUCHSCREEN.*\=\).*/\1n/"\
81 -e "s/\(^CONFIG_USB_GSPCA_.*\=\).*/\1n/"\
88 -e "s/\(^CONFIG_USB_GSPCA_.*\=\).*/\1n/"\
82 -e "s/\(^CONFIG_DRM.*\=\).*/\1n/"\
89 -e "s/\(^CONFIG_DRM.*\=\).*/\1n/"\
83 "${KERNEL_DIR}/.config"
90 "${KERNEL_DIR}/.config"
84 fi
91 fi
85
92
86 if [ "$KERNELSRC_CONFIG" = true ] ; then
93 if [ "$KERNELSRC_CONFIG" = true ] ; then
87 # Load default raspberry kernel configuration
94 # Load default raspberry kernel configuration
88 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" "${KERNEL_DEFCONFIG}"
95 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" "${KERNEL_DEFCONFIG}"
89
96
97 #Switch to KERNELSRC_DIR so we can use set_kernel_config
98 cd "${KERNEL_DIR}" || exit
99
100 # enable ZSWAP see https://askubuntu.com/a/472227 or https://wiki.archlinux.org/index.php/zswap
101 if [ "$KERNEL_ZSWAP" = true ] ; then
102 set_kernel_config CONFIG_ZPOOL y
103 set_kernel_config CONFIG_ZSWAP y
104 set_kernel_config CONFIG_ZBUD y
105 set_kernel_config CONFIG_Z3FOLD y
106 set_kernel_config CONFIG_ZSMALLOC y
107 set_kernel_config CONFIG_PGTABLE_MAPPING y
108 fi
109
110 # enable basic KVM support; see https://www.raspberrypi.org/forums/viewtopic.php?f=63&t=210546&start=25#p1300453
111 if [ "$KERNEL_VIRT" = true ] && { [ "$RPI_MODEL" = 2 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; } ; then
112 set_kernel_config CONFIG_VIRTUALIZATION y
113 set_kernel_config CONFIG_KVM y
114 set_kernel_config CONFIG_VHOST_NET m
115 set_kernel_config CONFIG_VHOST_CROSS_ENDIAN_LEGACY y
116 fi
117
118 # enable apparmor,integrity audit,
119 if [ "$KERNEL_SECURITY" = true ] ; then
120
121 # security filesystem, security models and audit
122 set_kernel_config CONFIG_SECURITYFS y
123 set_kernel_config CONFIG_SECURITY y
124 set_kernel_config CONFIG_AUDIT y
125
126 # harden strcpy and memcpy
127 set_kernel_config CONFIG_HARDENED_USERCOPY=y
128 set_kernel_config CONFIG_HAVE_HARDENED_USERCOPY_ALLOCATOR=y
129 set_kernel_config CONFIG_FORTIFY_SOURCE=y
130
131 # integrity sub-system
132 set_kernel_config CONFIG_INTEGRITY=y
133 set_kernel_config CONFIG_INTEGRITY_ASYMMETRIC_KEYS=y
134 set_kernel_config CONFIG_INTEGRITY_AUDIT=y
135 set_kernel_config CONFIG_INTEGRITY_SIGNATURE=y
136 set_kernel_config CONFIG_INTEGRITY_TRUSTED_KEYRING=y
137
138 # This option provides support for retaining authentication tokens and access keys in the kernel.
139 set_kernel_config CONFIG_KEYS=y
140 set_kernel_config CONFIG_KEYS_COMPAT=y
141
142 # Apparmor
143 set_kernel_config CONFIG_SECURITY_APPARMOR_BOOTPARAM_VALUE 0
144 set_kernel_config CONFIG_SECURITY_APPARMOR_HASH_DEFAULT y
145 set_kernel_config CONFIG_DEFAULT_SECURITY_APPARMOR y
146 set_kernel_config CONFIG_SECURITY_APPARMOR y
147 set_kernel_config CONFIG_SECURITY_APPARMOR_HASH y
148 set_kernel_config CONFIG_DEFAULT_SECURITY "apparmor"
149
150 # restrictions on unprivileged users reading the kernel
151 set_kernel_config CONFIG_SECURITY_DMESG_RESTRICT=y
152
153 # network security hooks
154 set_kernel_config CONFIG_SECURITY_NETWORK y
155 set_kernel_config CONFIG_SECURITY_NETWORK_XFRM=y
156 set_kernel_config CONFIG_SECURITY_PATH=y
157 set_kernel_config CONFIG_SECURITY_YAMA=y
158
159 # New Options
160 if [ "$KERNEL_NF" = true ]
161 set_kernel_config CONFIG_IP_NF_SECURITY m
162 set_kernel_config CONFIG_NETLABEL m
163 set_kernel_config CONFIG_IP6_NF_SECURITY m
164 fi
165 set_kernel_config CONFIG_SECURITY_SELINUX n
166 set_kernel_config CONFIG_SECURITY_SMACK n
167 set_kernel_config CONFIG_SECURITY_TOMOYO n
168 set_kernel_config CONFIG_SECURITY_APPARMOR_DEBUG n
169 set_kernel_config CONFIG_SECURITY_LOADPIN n
170 set_kernel_config CONFIG_HARDENED_USERCOPY_PAGESPAN n
171 set_kernel_config CONFIG_IMA n
172 set_kernel_config CONFIG_EVM n
173 set_kernel_config CONFIG_FANOTIFY_ACCESS_PERMISSIONS y
174 set_kernel_config CONFIG_NFSD_V4_SECURITY_LABEL y
175 set_kernel_config CONFIG_PKCS7_MESSAGE_PARSER y
176 set_kernel_config CONFIG_SYSTEM_TRUSTED_KEYRING y
177 set_kernel_config CONFIG_SYSTEM_TRUSTED_KEYS y
178 set_kernel_config CONFIG_SYSTEM_EXTRA_CERTIFICATE y
179 set_kernel_config CONFIG_SECONDARY_TRUSTED_KEYRING y
180 set_kernel_config CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY n
181 fi
182
183 # Netfilter kernel support See https://github.com/raspberrypi/linux/issues/2177#issuecomment-354647406
184 if [ "$KERNEL_NF" = true ] ; then
185 set_kernel_config CONFIG_IP_NF_TARGET_SYNPROXY m
186 set_kernel_config CONFIG_NETFILTER_XT_TARGET_AUDIT m
187 set_kernel_config CONFIG_NETFILTER_XT_MATCH_CGROUP m
188 set_kernel_config CONFIG_NETFILTER_XT_MATCH_IPCOMP m
189 set_kernel_config CONFIG_NETFILTER_XT_MATCH_SOCKET m
190 set_kernel_config CONFIG_NFT_FIB_INET m
191 set_kernel_config CONFIG_NFT_FIB_IPV4 m
192 set_kernel_config CONFIG_NFT_FIB_IPV6 m
193 set_kernel_config CONFIG_NFT_FIB_NETDEV m
194 set_kernel_config CONFIG_NFT_OBJREF m
195 set_kernel_config CONFIG_NFT_RT m
196 set_kernel_config CONFIG_NFT_SET_BITMAP m
197 set_kernel_config CONFIG_NF_CONNTRACK_TIMEOUT y
198 set_kernel_config CONFIG_NF_LOG_ARP m
199 set_kernel_config CONFIG_NF_SOCKET_IPV4 m
200 set_kernel_config CONFIG_NF_SOCKET_IPV6 m
201 set_kernel_config CONFIG_BRIDGE_EBT_BROUTE m
202 set_kernel_config CONFIG_BRIDGE_EBT_T_FILTER m
203 set_kernel_config CONFIG_BRIDGE_NF_EBTABLES m
204 set_kernel_config CONFIG_IP6_NF_IPTABLES m
205 set_kernel_config CONFIG_IP6_NF_MATCH_AH m
206 set_kernel_config CONFIG_IP6_NF_MATCH_EUI64 m
207 set_kernel_config CONFIG_IP6_NF_NAT m
208 set_kernel_config CONFIG_IP6_NF_TARGET_MASQUERADE m
209 set_kernel_config CONFIG_IP6_NF_TARGET_NPT m
210 set_kernel_config CONFIG_IP_NF_SECURITY m
211 set_kernel_config CONFIG_IP_SET_BITMAP_IPMAC m
212 set_kernel_config CONFIG_IP_SET_BITMAP_PORT m
213 set_kernel_config CONFIG_IP_SET_HASH_IP m
214 set_kernel_config CONFIG_IP_SET_HASH_IPMARK m
215 set_kernel_config CONFIG_IP_SET_HASH_IPPORT m
216 set_kernel_config CONFIG_IP_SET_HASH_IPPORTIP m
217 set_kernel_config CONFIG_IP_SET_HASH_IPPORTNET m
218 set_kernel_config CONFIG_IP_SET_HASH_MAC m
219 set_kernel_config CONFIG_IP_SET_HASH_NET m
220 set_kernel_config CONFIG_IP_SET_HASH_NETIFACE m
221 set_kernel_config CONFIG_IP_SET_HASH_NETNET m
222 set_kernel_config CONFIG_IP_SET_HASH_NETPORT m
223 set_kernel_config CONFIG_IP_SET_HASH_NETPORTNET m
224 set_kernel_config CONFIG_IP_SET_LIST_SET m
225 set_kernel_config CONFIG_NETFILTER_XTABLES m
226 set_kernel_config CONFIG_NETFILTER_XTABLES m
227 set_kernel_config CONFIG_NFT_BRIDGE_META m
228 set_kernel_config CONFIG_NFT_BRIDGE_REJECT m
229 set_kernel_config CONFIG_NFT_CHAIN_NAT_IPV4 m
230 set_kernel_config CONFIG_NFT_CHAIN_NAT_IPV6 m
231 set_kernel_config CONFIG_NFT_CHAIN_ROUTE_IPV4 m
232 set_kernel_config CONFIG_NFT_CHAIN_ROUTE_IPV6 m
233 set_kernel_config CONFIG_NFT_COMPAT m
234 set_kernel_config CONFIG_NFT_COUNTER m
235 set_kernel_config CONFIG_NFT_CT m
236 set_kernel_config CONFIG_NFT_DUP_IPV4 m
237 set_kernel_config CONFIG_NFT_DUP_IPV6 m
238 set_kernel_config CONFIG_NFT_DUP_NETDEV m
239 set_kernel_config CONFIG_NFT_EXTHDR m
240 set_kernel_config CONFIG_NFT_FWD_NETDEV m
241 set_kernel_config CONFIG_NFT_HASH m
242 set_kernel_config CONFIG_NFT_LIMIT m
243 set_kernel_config CONFIG_NFT_LOG m
244 set_kernel_config CONFIG_NFT_MASQ m
245 set_kernel_config CONFIG_NFT_MASQ_IPV4 m
246 set_kernel_config CONFIG_NFT_MASQ_IPV6 m
247 set_kernel_config CONFIG_NFT_META m
248 set_kernel_config CONFIG_NFT_NAT m
249 set_kernel_config CONFIG_NFT_NUMGEN m
250 set_kernel_config CONFIG_NFT_QUEUE m
251 set_kernel_config CONFIG_NFT_QUOTA m
252 set_kernel_config CONFIG_NFT_REDIR m
253 set_kernel_config CONFIG_NFT_REDIR_IPV4 m
254 set_kernel_config CONFIG_NFT_REDIR_IPV6 m
255 set_kernel_config CONFIG_NFT_REJECT m
256 set_kernel_config CONFIG_NFT_REJECT_INET m
257 set_kernel_config CONFIG_NFT_REJECT_IPV4 m
258 set_kernel_config CONFIG_NFT_REJECT_IPV6 m
259 set_kernel_config CONFIG_NFT_SET_HASH m
260 set_kernel_config CONFIG_NFT_SET_RBTREE m
261 set_kernel_config CONFIG_NF_CONNTRACK_IPV4 m
262 set_kernel_config CONFIG_NF_CONNTRACK_IPV6 m
263 set_kernel_config CONFIG_NF_DEFRAG_IPV4 m
264 set_kernel_config CONFIG_NF_DEFRAG_IPV6 m
265 set_kernel_config CONFIG_NF_DUP_IPV4 m
266 set_kernel_config CONFIG_NF_DUP_IPV6 m
267 set_kernel_config CONFIG_NF_DUP_NETDEV m
268 set_kernel_config CONFIG_NF_LOG_BRIDGE m
269 set_kernel_config CONFIG_NF_LOG_IPV4 m
270 set_kernel_config CONFIG_NF_LOG_IPV6 m
271 set_kernel_config CONFIG_NF_NAT_IPV4 m
272 set_kernel_config CONFIG_NF_NAT_IPV6 m
273 set_kernel_config CONFIG_NF_NAT_MASQUERADE_IPV4 m
274 set_kernel_config CONFIG_NF_NAT_MASQUERADE_IPV6 m
275 set_kernel_config CONFIG_NF_NAT_PPTP m
276 set_kernel_config CONFIG_NF_NAT_PROTO_GRE m
277 set_kernel_config CONFIG_NF_NAT_REDIRECT m
278 set_kernel_config CONFIG_NF_NAT_SIP m
279 set_kernel_config CONFIG_NF_NAT_SNMP_BASIC m
280 set_kernel_config CONFIG_NF_NAT_TFTP m
281 set_kernel_config CONFIG_NF_REJECT_IPV4 m
282 set_kernel_config CONFIG_NF_REJECT_IPV6 m
283 set_kernel_config CONFIG_NF_TABLES m
284 set_kernel_config CONFIG_NF_TABLES_ARP m
285 set_kernel_config CONFIG_NF_TABLES_BRIDGE m
286 set_kernel_config CONFIG_NF_TABLES_INET m
287 set_kernel_config CONFIG_NF_TABLES_IPV4 m
288 set_kernel_config CONFIG_NF_TABLES_IPV6 m
289 set_kernel_config CONFIG_NF_TABLES_NETDEV m
290 fi
291
292 # Enables BPF syscall for systemd-journald see https://github.com/torvalds/linux/blob/master/init/Kconfig#L848 or https://groups.google.com/forum/#!topic/linux.gentoo.user/_2aSc_ztGpA
293 if [ "$KERNEL_BPF" = true ] ; then
294 set_kernel_config CONFIG_BPF_SYSCALL y
295 set_kernel_config CONFIG_BPF_EVENTS y
296 set_kernel_config CONFIG_BPF_STREAM_PARSER y
297 set_kernel_config CONFIG_CGROUP_BPF y
298 fi
299
300 # KERNEL_DEFAULT_GOV was set by user
301 if [ "$KERNEL_DEFAULT_GOV" != powersave ] && [ -n "$KERNEL_DEFAULT_GOV" ]; then
302
303 case "$KERNEL_DEFAULT_GOV" in
304 performance)
305 set_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_PERFORMANCE y
306 ;;
307 userspace)
308 set_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_USERSPACE y
309 ;;
310 ondemand)
311 set_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_ONDEMAND y
312 ;;
313 conservative)
314 set_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_CONSERVATIVE y
315 ;;
316 shedutil)
317 set_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_SCHEDUTIL y
318 ;;
319 *)
320 echo "error: unsupported default cpu governor"
321 exit 1
322 ;;
323 esac
324
325 # unset previous default governor
326 unset_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_POWERSAVE
327 fi
328
329
330
331 #Revert to previous directory
332 cd "${WORKDIR}" || exit
333
90 # Set kernel configuration parameters to enable qemu emulation
334 # Set kernel configuration parameters to enable qemu emulation
91 if [ "$ENABLE_QEMU" = true ] ; then
335 if [ "$ENABLE_QEMU" = true ] ; then
92 echo "CONFIG_FHANDLE=y" >> "${KERNEL_DIR}"/.config
336 echo "CONFIG_FHANDLE=y" >> "${KERNEL_DIR}"/.config
93 echo "CONFIG_LBDAF=y" >> "${KERNEL_DIR}"/.config
337 echo "CONFIG_LBDAF=y" >> "${KERNEL_DIR}"/.config
94
338
95 if [ "$ENABLE_CRYPTFS" = true ] ; then
339 if [ "$ENABLE_CRYPTFS" = true ] ; then
96 {
340 {
97 echo "CONFIG_EMBEDDED=y"
341 echo "CONFIG_EMBEDDED=y"
98 echo "CONFIG_EXPERT=y"
342 echo "CONFIG_EXPERT=y"
99 echo "CONFIG_DAX=y"
343 echo "CONFIG_DAX=y"
100 echo "CONFIG_MD=y"
344 echo "CONFIG_MD=y"
101 echo "CONFIG_BLK_DEV_MD=y"
345 echo "CONFIG_BLK_DEV_MD=y"
102 echo "CONFIG_MD_AUTODETECT=y"
346 echo "CONFIG_MD_AUTODETECT=y"
103 echo "CONFIG_BLK_DEV_DM=y"
347 echo "CONFIG_BLK_DEV_DM=y"
104 echo "CONFIG_BLK_DEV_DM_BUILTIN=y"
348 echo "CONFIG_BLK_DEV_DM_BUILTIN=y"
105 echo "CONFIG_DM_CRYPT=y"
349 echo "CONFIG_DM_CRYPT=y"
106 echo "CONFIG_CRYPTO_BLKCIPHER=y"
350 echo "CONFIG_CRYPTO_BLKCIPHER=y"
107 echo "CONFIG_CRYPTO_CBC=y"
351 echo "CONFIG_CRYPTO_CBC=y"
108 echo "CONFIG_CRYPTO_XTS=y"
352 echo "CONFIG_CRYPTO_XTS=y"
109 echo "CONFIG_CRYPTO_SHA512=y"
353 echo "CONFIG_CRYPTO_SHA512=y"
110 echo "CONFIG_CRYPTO_MANAGER=y"
354 echo "CONFIG_CRYPTO_MANAGER=y"
111 } >> "${KERNEL_DIR}"/.config
355 } >> "${KERNEL_DIR}"/.config
112 fi
356 fi
113 fi
357 fi
114
358
115 # Copy custom kernel configuration file
359 # Copy custom kernel configuration file
116 if [ -n "$KERNELSRC_USRCONFIG" ] ; then
360 if [ -n "$KERNELSRC_USRCONFIG" ] ; then
117 cp "$KERNELSRC_USRCONFIG" "${KERNEL_DIR}"/.config
361 cp "$KERNELSRC_USRCONFIG" "${KERNEL_DIR}"/.config
118 fi
362 fi
119
363
120 # Set kernel configuration parameters to their default values
364 # Set kernel configuration parameters to their default values
121 if [ "$KERNEL_OLDDEFCONFIG" = true ] ; then
365 if [ "$KERNEL_OLDDEFCONFIG" = true ] ; then
122 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" olddefconfig
366 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" olddefconfig
123 fi
367 fi
124
368
125 # Start menu-driven kernel configuration (interactive)
369 # Start menu-driven kernel configuration (interactive)
126 if [ "$KERNEL_MENUCONFIG" = true ] ; then
370 if [ "$KERNEL_MENUCONFIG" = true ] ; then
127 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" menuconfig
371 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" menuconfig
128 fi
372 fi
373 # end if "$KERNELSRC_CONFIG" = true
129 fi
374 fi
130
375
131 # Use ccache to cross compile the kernel
376 # Use ccache to cross compile the kernel
132 if [ "$KERNEL_CCACHE" = true ] ; then
377 if [ "$KERNEL_CCACHE" = true ] ; then
133 cc="ccache ${CROSS_COMPILE}gcc"
378 cc="ccache ${CROSS_COMPILE}gcc"
134 else
379 else
135 cc="${CROSS_COMPILE}gcc"
380 cc="${CROSS_COMPILE}gcc"
136 fi
381 fi
137
382
138 # Cross compile kernel and dtbs
383 # Cross compile kernel and dtbs
139 make -C "${KERNEL_DIR}" -j"${KERNEL_THREADS}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" CC="${cc}" "${KERNEL_BIN_IMAGE}" dtbs
384 make -C "${KERNEL_DIR}" -j"${KERNEL_THREADS}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" CC="${cc}" "${KERNEL_BIN_IMAGE}" dtbs
140
385
141 # Cross compile kernel modules
386 # Cross compile kernel modules
142 if grep -q "CONFIG_MODULES=y" "${KERNEL_DIR}/.config" ; then
387 if grep -q "CONFIG_MODULES=y" "${KERNEL_DIR}/.config" ; then
143 make -C "${KERNEL_DIR}" -j"${KERNEL_THREADS}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" CC="${cc}" modules
388 make -C "${KERNEL_DIR}" -j"${KERNEL_THREADS}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" CC="${cc}" modules
144 fi
389 fi
390 # end if "$KERNELSRC_PREBUILT" = false
145 fi
391 fi
146
392
147 # Check if kernel compilation was successful
393 # Check if kernel compilation was successful
148 if [ ! -r "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/${KERNEL_BIN_IMAGE}" ] ; then
394 if [ ! -r "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/${KERNEL_BIN_IMAGE}" ] ; then
149 echo "error: kernel compilation failed! (kernel image not found)"
395 echo "error: kernel compilation failed! (kernel image not found)"
150 cleanup
396 cleanup
151 exit 1
397 exit 1
152 fi
398 fi
153
399
154 # Install kernel modules
400 # Install kernel modules
155 if [ "$ENABLE_REDUCE" = true ] ; then
401 if [ "$ENABLE_REDUCE" = true ] ; then
156 if grep -q "CONFIG_MODULES=y" "${KERNEL_DIR}/.config" ; then
402 if grep -q "CONFIG_MODULES=y" "${KERNEL_DIR}/.config" ; then
157 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_MOD_STRIP=1 INSTALL_MOD_PATH=../../.. modules_install
403 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_MOD_STRIP=1 INSTALL_MOD_PATH=../../.. modules_install
158 fi
404 fi
159 else
405 else
160 if grep -q "CONFIG_MODULES=y" "${KERNEL_DIR}/.config" ; then
406 if grep -q "CONFIG_MODULES=y" "${KERNEL_DIR}/.config" ; then
161 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_MOD_PATH=../../.. modules_install
407 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_MOD_PATH=../../.. modules_install
162 fi
408 fi
163
409
164 # Install kernel firmware
410 # Install kernel firmware
165 if grep -q "^firmware_install:" "${KERNEL_DIR}/Makefile" ; then
411 if grep -q "^firmware_install:" "${KERNEL_DIR}/Makefile" ; then
166 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_FW_PATH=../../../lib firmware_install
412 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_FW_PATH=../../../lib firmware_install
167 fi
413 fi
168 fi
414 fi
169
415
170 # Install kernel headers
416 # Install kernel headers
171 if [ "$KERNEL_HEADERS" = true ] && [ "$KERNEL_REDUCE" = false ] ; then
417 if [ "$KERNEL_HEADERS" = true ] && [ "$KERNEL_REDUCE" = false ] ; then
172 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_HDR_PATH=../.. headers_install
418 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_HDR_PATH=../.. headers_install
173 fi
419 fi
174
420
175 # Prepare boot (firmware) directory
421 # Prepare boot (firmware) directory
176 mkdir "${BOOT_DIR}"
422 mkdir "${BOOT_DIR}"
177
423
178 # Get kernel release version
424 # Get kernel release version
179 KERNEL_VERSION=$(cat "${KERNEL_DIR}/include/config/kernel.release")
425 KERNEL_VERSION=$(cat "${KERNEL_DIR}/include/config/kernel.release")
180
426
181 # Copy kernel configuration file to the boot directory
427 # Copy kernel configuration file to the boot directory
182 install_readonly "${KERNEL_DIR}/.config" "${R}/boot/config-${KERNEL_VERSION}"
428 install_readonly "${KERNEL_DIR}/.config" "${R}/boot/config-${KERNEL_VERSION}"
183
429
184 # Prepare device tree directory
430 # Prepare device tree directory
185 mkdir "${BOOT_DIR}/overlays"
431 mkdir "${BOOT_DIR}/overlays"
186
432
187 # Ensure the proper .dtb is located
433 # Ensure the proper .dtb is located
188 if [ "$KERNEL_ARCH" = "arm" ] ; then
434 if [ "$KERNEL_ARCH" = "arm" ] ; then
189 for dtb in "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/"*.dtb ; do
435 for dtb in "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/"*.dtb ; do
190 if [ -f "${dtb}" ] ; then
436 if [ -f "${dtb}" ] ; then
191 install_readonly "${dtb}" "${BOOT_DIR}/"
437 install_readonly "${dtb}" "${BOOT_DIR}/"
192 fi
438 fi
193 done
439 done
194 else
440 else
195 for dtb in "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/broadcom/"*.dtb ; do
441 for dtb in "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/broadcom/"*.dtb ; do
196 if [ -f "${dtb}" ] ; then
442 if [ -f "${dtb}" ] ; then
197 install_readonly "${dtb}" "${BOOT_DIR}/"
443 install_readonly "${dtb}" "${BOOT_DIR}/"
198 fi
444 fi
199 done
445 done
200 fi
446 fi
201
447
202 # Copy compiled dtb device tree files
448 # Copy compiled dtb device tree files
203 if [ -d "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays" ] ; then
449 if [ -d "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays" ] ; then
204 for dtb in "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays/"*.dtb ; do
450 for dtb in "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays/"*.dtb ; do
205 if [ -f "${dtb}" ] ; then
451 if [ -f "${dtb}" ] ; then
206 install_readonly "${dtb}" "${BOOT_DIR}/overlays/"
452 install_readonly "${dtb}" "${BOOT_DIR}/overlays/"
207 fi
453 fi
208 done
454 done
209
455
210 if [ -f "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays/README" ] ; then
456 if [ -f "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays/README" ] ; then
211 install_readonly "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays/README" "${BOOT_DIR}/overlays/README"
457 install_readonly "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays/README" "${BOOT_DIR}/overlays/README"
212 fi
458 fi
213 fi
459 fi
214
460
215 if [ "$ENABLE_UBOOT" = false ] ; then
461 if [ "$ENABLE_UBOOT" = false ] ; then
216 # Convert and copy kernel image to the boot directory
462 # Convert and copy kernel image to the boot directory
217 "${KERNEL_DIR}/scripts/mkknlimg" "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/${KERNEL_BIN_IMAGE}" "${BOOT_DIR}/${KERNEL_IMAGE}"
463 "${KERNEL_DIR}/scripts/mkknlimg" "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/${KERNEL_BIN_IMAGE}" "${BOOT_DIR}/${KERNEL_IMAGE}"
218 else
464 else
219 # Copy kernel image to the boot directory
465 # Copy kernel image to the boot directory
220 install_readonly "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/${KERNEL_BIN_IMAGE}" "${BOOT_DIR}/${KERNEL_IMAGE}"
466 install_readonly "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/${KERNEL_BIN_IMAGE}" "${BOOT_DIR}/${KERNEL_IMAGE}"
221 fi
467 fi
222
468
223 # Remove kernel sources
469 # Remove kernel sources
224 if [ "$KERNEL_REMOVESRC" = true ] ; then
470 if [ "$KERNEL_REMOVESRC" = true ] ; then
225 rm -fr "${KERNEL_DIR}"
471 rm -fr "${KERNEL_DIR}"
226 else
472 else
227 # Prepare compiled kernel modules
473 # Prepare compiled kernel modules
228 if grep -q "CONFIG_MODULES=y" "${KERNEL_DIR}/.config" ; then
474 if grep -q "CONFIG_MODULES=y" "${KERNEL_DIR}/.config" ; then
229 if grep -q "^modules_prepare:" "${KERNEL_DIR}/Makefile" ; then
475 if grep -q "^modules_prepare:" "${KERNEL_DIR}/Makefile" ; then
230 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" modules_prepare
476 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" modules_prepare
231 fi
477 fi
232
478
233 # Create symlinks for kernel modules
479 # Create symlinks for kernel modules
234 chroot_exec ln -sf /usr/src/linux "/lib/modules/${KERNEL_VERSION}/build"
480 chroot_exec ln -sf /usr/src/linux "/lib/modules/${KERNEL_VERSION}/build"
235 chroot_exec ln -sf /usr/src/linux "/lib/modules/${KERNEL_VERSION}/source"
481 chroot_exec ln -sf /usr/src/linux "/lib/modules/${KERNEL_VERSION}/source"
236 fi
482 fi
237 fi
483 fi
238
484
239 else # BUILD_KERNEL=false
485 else # BUILD_KERNEL=false
240 # Kernel installation
486 if [ "$SET_ARCH" = 64 ] && { [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; } ; then
241 chroot_exec apt-get -qq -y --no-install-recommends install linux-image-"${COLLABORA_KERNEL}" raspberrypi-bootloader-nokernel
242
487
243 # Install flash-kernel last so it doesn't try (and fail) to detect the platform in the chroot
488 # Use Sakakis modified kernel if ZSWAP is active
244 chroot_exec apt-get -qq -y install flash-kernel
489 if [ "$KERNEL_ZSWAP" = true ] || [ "$KERNEL_VIRT" = true ] || [ "$KERNEL_NF" = true ] || [ "$KERNEL_BPF" = true ] ; then
490 RPI3_64_KERNEL_URL="${RPI3_64_BIS_KERNEL_URL}"
491 fi
492
493 # Create temporary directory for dl
494 temp_dir=$(as_nobody mktemp -d)
495
496 # Fetch kernel dl
497 as_nobody wget -O "${temp_dir}"/kernel.tar.xz -c "$RPI3_64_KERNEL_URL"
498
499 #extract download
500 tar -xJf "${temp_dir}"/kernel.tar.xz -C "${temp_dir}"
501
502 #move extracted kernel to /boot/firmware
503 mkdir "${R}/boot/firmware"
504 cp "${temp_dir}"/boot/* "${R}"/boot/firmware/
505 cp -r "${temp_dir}"/lib/* "${R}"/lib/
506
507 # Remove temporary directory for kernel sources
508 rm -fr "${temp_dir}"
509
510 # Set permissions of the kernel sources
511 chown -R root:root "${R}/boot/firmware"
512 chown -R root:root "${R}/lib/modules"
513 fi
514
515 # Install Kernel from hypriot comptabile with all Raspberry PI
516 if [ "$SET_ARCH" = 32 ] ; then
517 # Create temporary directory for dl
518 temp_dir=$(as_nobody mktemp -d)
519
520 # Fetch kernel
521 as_nobody wget -O "${temp_dir}"/kernel.deb -c "$RPI_32_KERNEL_URL"
522
523 # Copy downloaded U-Boot sources
524 mv "${temp_dir}"/kernel.deb "${R}"/tmp/kernel.deb
525
526 # Set permissions
527 chown -R root:root "${R}"/tmp/kernel.deb
528
529 # Install kernel
530 chroot_exec dpkg -i /tmp/kernel.deb
531
532 # move /boot to /boot/firmware to fit script env.
533 #mkdir "${BOOT_DIR}"
534 mkdir "${temp_dir}"/firmware
535 mv "${R}"/boot/* "${temp_dir}"/firmware/
536 mv "${temp_dir}"/firmware "${R}"/boot/
537
538 #same for kernel headers
539 if [ "$KERNEL_HEADERS" = true ] ; then
540 # Fetch kernel header
541 as_nobody wget -O "${temp_dir}"/kernel-header.deb -c "$RPI_32_KERNELHEADER_URL"
542 mv "${temp_dir}"/kernel-header.deb "${R}"/tmp/kernel-header.deb
543 chown -R root:root "${R}"/tmp/kernel-header.deb
544 # Install kernel header
545 chroot_exec dpkg -i /tmp/kernel-header.deb
546 rm -f "${R}"/tmp/kernel-header.deb
547 fi
548
549 # Remove temporary directory and files
550 rm -fr "${temp_dir}"
551 rm -f "${R}"/tmp/kernel.deb
552 fi
245
553
246 # Check if kernel installation was successful
554 # Check if kernel installation was successful
247 VMLINUZ="$(ls -1 "${R}"/boot/vmlinuz-* | sort | tail -n 1)"
555 KERNEL="$(ls -1 "${R}"/boot/firmware/kernel* | sort | tail -n 1)"
248 if [ -z "$VMLINUZ" ] ; then
556 if [ -z "$KERNEL" ] ; then
249 echo "error: kernel installation failed! (/boot/vmlinuz-* not found)"
557 echo "error: kernel installation failed! (/boot/kernel* not found)"
250 cleanup
558 cleanup
251 exit 1
559 exit 1
252 fi
560 fi
253 # Copy vmlinuz kernel to the boot directory
254 install_readonly "${VMLINUZ}" "${BOOT_DIR}/${KERNEL_IMAGE}"
255 fi
561 fi
@@ -1,229 +1,270
1 #
1 #
2 # Setup RPi2/3 config and cmdline
2 # Setup RPi2/3 config and cmdline
3 #
3 #
4
4
5 # Load utility functions
5 # Load utility functions
6 . ./functions.sh
6 . ./functions.sh
7
7
8 if [ "$BUILD_KERNEL" = true ] ; then
9 if [ -n "$RPI_FIRMWARE_DIR" ] && [ -d "$RPI_FIRMWARE_DIR" ] ; then
8 if [ -n "$RPI_FIRMWARE_DIR" ] && [ -d "$RPI_FIRMWARE_DIR" ] ; then
10 # Install boot binaries from local directory
9 # Install boot binaries from local directory
11 cp "${RPI_FIRMWARE_DIR}"/boot/bootcode.bin "${BOOT_DIR}"/bootcode.bin
10 cp "${RPI_FIRMWARE_DIR}"/boot/bootcode.bin "${BOOT_DIR}"/bootcode.bin
12 cp "${RPI_FIRMWARE_DIR}"/boot/fixup.dat "${BOOT_DIR}"/fixup.dat
11 cp "${RPI_FIRMWARE_DIR}"/boot/fixup.dat "${BOOT_DIR}"/fixup.dat
13 cp "${RPI_FIRMWARE_DIR}"/boot/fixup_cd.dat "${BOOT_DIR}"/fixup_cd.dat
12 cp "${RPI_FIRMWARE_DIR}"/boot/fixup_cd.dat "${BOOT_DIR}"/fixup_cd.dat
14 cp "${RPI_FIRMWARE_DIR}"/boot/fixup_x.dat "${BOOT_DIR}"/fixup_x.dat
13 cp "${RPI_FIRMWARE_DIR}"/boot/fixup_x.dat "${BOOT_DIR}"/fixup_x.dat
15 cp "${RPI_FIRMWARE_DIR}"/boot/start.elf "${BOOT_DIR}"/start.elf
14 cp "${RPI_FIRMWARE_DIR}"/boot/start.elf "${BOOT_DIR}"/start.elf
16 cp "${RPI_FIRMWARE_DIR}"/boot/start_cd.elf "${BOOT_DIR}"/start_cd.elf
15 cp "${RPI_FIRMWARE_DIR}"/boot/start_cd.elf "${BOOT_DIR}"/start_cd.elf
17 cp "${RPI_FIRMWARE_DIR}"/boot/start_x.elf "${BOOT_DIR}"/start_x.elf
16 cp "${RPI_FIRMWARE_DIR}"/boot/start_x.elf "${BOOT_DIR}"/start_x.elf
18 else
17 else
19 # Create temporary directory for boot binaries
18 # Create temporary directory for boot binaries
20 temp_dir=$(as_nobody mktemp -d)
19 temp_dir=$(as_nobody mktemp -d)
21
20
22 # Install latest boot binaries from raspberry/firmware github
21 # Install latest boot binaries from raspberry/firmware github
23 as_nobody wget -q -O "${temp_dir}/bootcode.bin" "${FIRMWARE_URL}/bootcode.bin"
22 as_nobody wget -q -O "${temp_dir}/bootcode.bin" "${FIRMWARE_URL}/bootcode.bin"
24 as_nobody wget -q -O "${temp_dir}/fixup.dat" "${FIRMWARE_URL}/fixup.dat"
23 as_nobody wget -q -O "${temp_dir}/fixup.dat" "${FIRMWARE_URL}/fixup.dat"
25 as_nobody wget -q -O "${temp_dir}/fixup_cd.dat" "${FIRMWARE_URL}/fixup_cd.dat"
24 as_nobody wget -q -O "${temp_dir}/fixup_cd.dat" "${FIRMWARE_URL}/fixup_cd.dat"
26 as_nobody wget -q -O "${temp_dir}/fixup_x.dat" "${FIRMWARE_URL}/fixup_x.dat"
25 as_nobody wget -q -O "${temp_dir}/fixup_x.dat" "${FIRMWARE_URL}/fixup_x.dat"
27 as_nobody wget -q -O "${temp_dir}/start.elf" "${FIRMWARE_URL}/start.elf"
26 as_nobody wget -q -O "${temp_dir}/start.elf" "${FIRMWARE_URL}/start.elf"
28 as_nobody wget -q -O "${temp_dir}/start_cd.elf" "${FIRMWARE_URL}/start_cd.elf"
27 as_nobody wget -q -O "${temp_dir}/start_cd.elf" "${FIRMWARE_URL}/start_cd.elf"
29 as_nobody wget -q -O "${temp_dir}/start_x.elf" "${FIRMWARE_URL}/start_x.elf"
28 as_nobody wget -q -O "${temp_dir}/start_x.elf" "${FIRMWARE_URL}/start_x.elf"
30
29
31 # Move downloaded boot binaries
30 # Move downloaded boot binaries
32 mv "${temp_dir}/"* "${BOOT_DIR}/"
31 mv "${temp_dir}/"* "${BOOT_DIR}/"
33
32
34 # Remove temporary directory for boot binaries
33 # Remove temporary directory for boot binaries
35 rm -fr "${temp_dir}"
34 rm -fr "${temp_dir}"
36
35
37 # Set permissions of the boot binaries
36 # Set permissions of the boot binaries
38 chown -R root:root "${BOOT_DIR}"
37 chown -R root:root "${BOOT_DIR}"
39 chmod -R 600 "${BOOT_DIR}"
38 chmod -R 600 "${BOOT_DIR}"
40 fi
39 fi
41 fi
42
40
43 # Setup firmware boot cmdline
41 # Setup firmware boot cmdline
44 if [ "$ENABLE_SPLITFS" = true ] ; then
42 if [ "$ENABLE_SPLITFS" = true ] ; then
45 CMDLINE="dwc_otg.lpm_enable=0 root=/dev/sda1 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline rootwait console=tty1 init=/bin/systemd"
43 CMDLINE="dwc_otg.lpm_enable=0 root=/dev/sda1 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline rootwait console=tty1 init=/bin/systemd"
46 else
44 else
47 CMDLINE="dwc_otg.lpm_enable=0 root=/dev/mmcblk0p2 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline rootwait console=tty1 init=/bin/systemd"
45 CMDLINE="dwc_otg.lpm_enable=0 root=/dev/mmcblk0p2 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline rootwait console=tty1 init=/bin/systemd"
48 fi
46 fi
49
47
50 # Add encrypted root partition to cmdline.txt
48 # Add encrypted root partition to cmdline.txt
51 if [ "$ENABLE_CRYPTFS" = true ] ; then
49 if [ "$ENABLE_CRYPTFS" = true ] ; then
52 if [ "$ENABLE_SPLITFS" = true ] ; then
50 if [ "$ENABLE_SPLITFS" = true ] ; then
53 CMDLINE=$(echo "${CMDLINE}" | sed "s/sda1/mapper\/${CRYPTFS_MAPPING} cryptdevice=\/dev\/sda1:${CRYPTFS_MAPPING}/")
51 CMDLINE=$(echo "${CMDLINE}" | sed "s/sda1/mapper\/${CRYPTFS_MAPPING} cryptdevice=\/dev\/sda1:${CRYPTFS_MAPPING}/")
54 else
52 else
55 CMDLINE=$(echo "${CMDLINE}" | sed "s/mmcblk0p2/mapper\/${CRYPTFS_MAPPING} cryptdevice=\/dev\/mmcblk0p2:${CRYPTFS_MAPPING}/")
53 CMDLINE=$(echo "${CMDLINE}" | sed "s/mmcblk0p2/mapper\/${CRYPTFS_MAPPING} cryptdevice=\/dev\/mmcblk0p2:${CRYPTFS_MAPPING}/")
56 fi
54 fi
57 fi
55 fi
58
56
59 #locks cpu at max frequency
57 # Enable Kernel messages on standard output
60 if [ "$ENABLE_TURBO" = true ] ; then
61 echo "force_turbo=1" >> "${BOOT_DIR}/config.txt"
62 fi
63
64 if [ "$ENABLE_PRINTK" = true ] ; then
58 if [ "$ENABLE_PRINTK" = true ] ; then
65 install_readonly files/sysctl.d/83-rpi-printk.conf "${ETC_DIR}/sysctl.d/83-rpi-printk.conf"
59 install_readonly files/sysctl.d/83-rpi-printk.conf "${ETC_DIR}/sysctl.d/83-rpi-printk.conf"
66 fi
60 fi
67
61
68 # Install udev rule for serial alias
62 # Install udev rule for serial alias - serial0 = console serial1=bluetooth
69 install_readonly files/etc/99-com.rules "${LIB_DIR}/udev/rules.d/99-com.rules"
63 install_readonly files/etc/99-com.rules "${LIB_DIR}/udev/rules.d/99-com.rules"
70
64
65 # Remove IPv6 networking support
66 if [ "$ENABLE_IPV6" = false ] ; then
67 CMDLINE="${CMDLINE} ipv6.disable=1"
68 fi
69
70 # Automatically assign predictable network interface names
71 if [ "$ENABLE_IFNAMES" = false ] ; then
72 CMDLINE="${CMDLINE} net.ifnames=0"
73 else
74 CMDLINE="${CMDLINE} net.ifnames=1"
75 fi
76
77 # Install firmware config
78 install_readonly files/boot/config.txt "${BOOT_DIR}/config.txt"
79
80 # Locks CPU frequency at maximum
81 if [ "$ENABLE_TURBO" = true ] ; then
82 echo "force_turbo=1" >> "${BOOT_DIR}/config.txt"
83 # helps to avoid sdcard corruption when force_turbo is enabled.
84 echo "boot_delay=1" >> "${BOOT_DIR}/config.txt"
85 fi
86
71 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then
87 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then
72
88
73 # RPI0,3,3P Use default ttyS0 (mini-UART)as serial interface
89 # RPI0,3,3P Use default ttyS0 (mini-UART)as serial interface
74 SET_SERIAL="ttyS0"
90 SET_SERIAL="ttyS0"
75
91
76 # Bluetooth enabled
92 # Bluetooth enabled
77 if [ "$ENABLE_BLUETOOTH" = true ] ; then
93 if [ "$ENABLE_BLUETOOTH" = true ] ; then
78 # Create temporary directory for Bluetooth sources
94 # Create temporary directory for Bluetooth sources
79 temp_dir=$(as_nobody mktemp -d)
95 temp_dir=$(as_nobody mktemp -d)
80
96
81 # Fetch Bluetooth sources
97 # Fetch Bluetooth sources
82 as_nobody git -C "${temp_dir}" clone "${BLUETOOTH_URL}"
98 as_nobody git -C "${temp_dir}" clone "${BLUETOOTH_URL}"
83
99
84 # Copy downloaded sources
100 # Copy downloaded sources
85 mv "${temp_dir}/pi-bluetooth" "${R}/tmp/"
101 mv "${temp_dir}/pi-bluetooth" "${R}/tmp/"
86
102
87 # Bluetooth firmware from arch aur https://aur.archlinux.org/packages/pi-bluetooth/
103 # Bluetooth firmware from arch aur https://aur.archlinux.org/packages/pi-bluetooth/
88 as_nobody wget -q -O "${R}/tmp/pi-bluetooth/LICENCE.broadcom_bcm43xx" https://aur.archlinux.org/cgit/aur.git/plain/LICENCE.broadcom_bcm43xx?h=pi-bluetooth
104 as_nobody wget -q -O "${R}/tmp/pi-bluetooth/LICENCE.broadcom_bcm43xx" https://aur.archlinux.org/cgit/aur.git/plain/LICENCE.broadcom_bcm43xx?h=pi-bluetooth
89 as_nobody wget -q -O "${R}/tmp/pi-bluetooth/BCM43430A1.hcd" https://aur.archlinux.org/cgit/aur.git/plain/BCM43430A1.hcd?h=pi-bluetooth
105 as_nobody wget -q -O "${R}/tmp/pi-bluetooth/BCM43430A1.hcd" https://aur.archlinux.org/cgit/aur.git/plain/BCM43430A1.hcd?h=pi-bluetooth
90
106
91 # Set permissions
107 # Set permissions
92 chown -R root:root "${R}/tmp/pi-bluetooth"
108 chown -R root:root "${R}/tmp/pi-bluetooth"
93
109
94 # Install tools
110 # Install tools
95 install_readonly "${R}/tmp/pi-bluetooth/usr/bin/btuart" "${R}/usr/bin/btuart"
111 install_readonly "${R}/tmp/pi-bluetooth/usr/bin/btuart" "${R}/usr/bin/btuart"
96 install_readonly "${R}/tmp/pi-bluetooth/usr/bin/bthelper" "${R}/usr/bin/bthelper"
112 install_readonly "${R}/tmp/pi-bluetooth/usr/bin/bthelper" "${R}/usr/bin/bthelper"
97
113
98 # Install bluetooth udev rule
114 # Install bluetooth udev rule
99 install_readonly "${R}/tmp/pi-bluetooth/lib/udev/rules.d/90-pi-bluetooth.rules" "${LIB_DIR}/udev/rules.d/90-pi-bluetooth.rules"
115 install_readonly "${R}/tmp/pi-bluetooth/lib/udev/rules.d/90-pi-bluetooth.rules" "${LIB_DIR}/udev/rules.d/90-pi-bluetooth.rules"
100
116
101 # Install Firmware Flash file and apropiate licence
117 # Install Firmware Flash file and apropiate licence
102 mkdir -p "$BLUETOOTH_FIRMWARE_DIR"
118 mkdir -p "$BLUETOOTH_FIRMWARE_DIR"
103 install_readonly "${R}/tmp/pi-bluetooth/LICENCE.broadcom_bcm43xx" "${BLUETOOTH_FIRMWARE_DIR}/LICENCE.broadcom_bcm43xx"
119 install_readonly "${R}/tmp/pi-bluetooth/LICENCE.broadcom_bcm43xx" "${BLUETOOTH_FIRMWARE_DIR}/LICENCE.broadcom_bcm43xx"
104 install_readonly "${R}/tmp/pi-bluetooth/BCM43430A1.hcd" "${BLUETOOTH_FIRMWARE_DIR}/LICENCE.broadcom_bcm43xx"
120 install_readonly "${R}/tmp/pi-bluetooth/BCM43430A1.hcd" "${BLUETOOTH_FIRMWARE_DIR}/LICENCE.broadcom_bcm43xx"
105 install_readonly "${R}/tmp/pi-bluetooth/debian/pi-bluetooth.bthelper@.service" "${ETC_DIR}/systemd/system/pi-bluetooth.bthelper@.service"
121 install_readonly "${R}/tmp/pi-bluetooth/debian/pi-bluetooth.bthelper@.service" "${ETC_DIR}/systemd/system/pi-bluetooth.bthelper@.service"
106 install_readonly "${R}/tmp/pi-bluetooth/debian/pi-bluetooth.hciuart.service" "${ETC_DIR}/systemd/system/pi-bluetooth.hciuart.service"
122 install_readonly "${R}/tmp/pi-bluetooth/debian/pi-bluetooth.hciuart.service" "${ETC_DIR}/systemd/system/pi-bluetooth.hciuart.service"
107
123
108 # Remove temporary directory
124 # Remove temporary directory
109 rm -fr "${temp_dir}"
125 rm -fr "${temp_dir}"
110
126
111 # Switch Pi3 Bluetooth function to use the mini-UART (ttyS0) and restore UART0/ttyAMA0 over GPIOs 14 & 15. Slow Bluetooth and slow cpu. Use /dev/ttyS0 instead of /dev/ttyAMA0
127 # Switch Pi3 Bluetooth function to use the mini-UART (ttyS0) and restore UART0/ttyAMA0 over GPIOs 14 & 15. Slow Bluetooth and slow cpu. Use /dev/ttyS0 instead of /dev/ttyAMA0
112 if [ "$ENABLE_MINIUART_OVERLAY" = true ] ; then
128 if [ "$ENABLE_MINIUART_OVERLAY" = true ] ; then
113 SET_SERIAL="ttyAMA0"
129 SET_SERIAL="ttyAMA0"
114
130
115 # set overlay to swap ttyAMA0 and ttyS0
131 # set overlay to swap ttyAMA0 and ttyS0
116 echo "dtoverlay=pi3-miniuart-bt" >> "${BOOT_DIR}/config.txt"
132 echo "dtoverlay=pi3-miniuart-bt" >> "${BOOT_DIR}/config.txt"
117
133
118 # if force_turbo didn't lock cpu at high speed, lock it at low speed (XOR logic) or miniuart will be broken
134 # if force_turbo didn't lock cpu at high speed, lock it at low speed (XOR logic) or miniuart will be broken
119 if [ "$ENABLE_TURBO" = false ] ; then
135 if [ "$ENABLE_TURBO" = false ] ; then
120 echo "core_freq=250" >> "${BOOT_DIR}/config.txt"
136 echo "core_freq=250" >> "${BOOT_DIR}/config.txt"
121 fi
137 fi
122
138
123 # Activate services
139 # Activate services
124 chroot_exec systemctl enable pi-bluetooth.hciuart.service
140 chroot_exec systemctl enable pi-bluetooth.hciuart.service
125 #chroot_exec systemctl enable pi-bluetooth.bthelper@.service
141 #chroot_exec systemctl enable pi-bluetooth.bthelper@.service
126 else
142 else
127 chroot_exec systemctl enable pi-bluetooth.hciuart.service
143 chroot_exec systemctl enable pi-bluetooth.hciuart.service
128 #chroot_exec systemctl enable pi-bluetooth.bthelper@.service
144 #chroot_exec systemctl enable pi-bluetooth.bthelper@.service
129 fi
145 fi
130
146
131 else # if ENABLE_BLUETOOTH = false
147 else # if ENABLE_BLUETOOTH = false
132 # set overlay to disable bluetooth
148 # set overlay to disable bluetooth
133 echo "dtoverlay=pi3-disable-bt" >> "${BOOT_DIR}/config.txt"
149 echo "dtoverlay=pi3-disable-bt" >> "${BOOT_DIR}/config.txt"
134 fi # ENABLE_BLUETOOTH end
150 fi # ENABLE_BLUETOOTH end
135
151
136 else
152 else
137 # RPI1,1P,2 Use default ttyAMA0 (full UART) as serial interface
153 # RPI1,1P,2 Use default ttyAMA0 (full UART) as serial interface
138 SET_SERIAL="ttyAMA0"
154 SET_SERIAL="ttyAMA0"
139 fi
155 fi
140
156
141 # may need sudo systemctl disable hciuart
157 # may need sudo systemctl disable hciuart
142 if [ "$ENABLE_CONSOLE" = true ] ; then
158 if [ "$ENABLE_CONSOLE" = true ] ; then
143 echo "enable_uart=1" >> "${BOOT_DIR}/config.txt"
159 echo "enable_uart=1" >> "${BOOT_DIR}/config.txt"
144 # add string to cmdline
160 # add string to cmdline
145 CMDLINE="${CMDLINE} console=serial0,115200"
161 CMDLINE="${CMDLINE} console=serial0,115200"
146
162
147 # Enable serial console systemd style
163 # Enable serial console systemd style
148 chroot_exec systemctl enable serial-getty\@"$SET_SERIAL".service
164 chroot_exec systemctl enable serial-getty\@"$SET_SERIAL".service
149 else
165 else
150 echo "enable_uart=0" >> "${BOOT_DIR}/config.txt"
166 echo "enable_uart=0" >> "${BOOT_DIR}/config.txt"
151 # disable serial console systemd style
167 # disable serial console systemd style
152 chroot_exec systemctl disable serial-getty\@"$SET_SERIAL".service
168 chroot_exec systemctl disable serial-getty\@"$SET_SERIAL".service
153 fi
169 fi
154
170
155 # Remove IPv6 networking support
171 if [ "$ENABLE_SYSTEMDSWAP" = true ] ; then
156 if [ "$ENABLE_IPV6" = false ] ; then
172 # Create temporary directory for systemd-swap sources
157 CMDLINE="${CMDLINE} ipv6.disable=1"
173 temp_dir=$(as_nobody mktemp -d)
158 fi
159
174
160 # Automatically assign predictable network interface names
175 # Fetch systemd-swap sources
161 if [ "$ENABLE_IFNAMES" = false ] ; then
176 as_nobody git -C "${temp_dir}" clone "${SYSTEMDSWAP_URL}"
162 CMDLINE="${CMDLINE} net.ifnames=0"
177
178 # Copy downloaded systemd-swap sources
179 mv "${temp_dir}/systemd-swap" "${R}/tmp/"
180
181 # Set permissions of the systemd-swap sources
182 chown -R root:root "${R}/tmp/systemd-swap"
183
184 # Remove temporary directory for systemd-swap sources
185 rm -fr "${temp_dir}"
186
187 # Change into downloaded src dir
188 cd "${R}/tmp/systemd-swap" || exit
189
190 # Build package
191 . ./package.sh debian
192
193 # Install package
194 chroot_exec dpkg -i /tmp/systemd-swap/systemd-swap-*any.deb
195
196 # Enable service
197 chroot_exec systemctl enable systemd-swap
198
199 # Change back into script root dir
200 cd "${WORKDIR}" || exit
163 else
201 else
164 CMDLINE="${CMDLINE} net.ifnames=1"
202 # Enable ZSWAP in cmdline if systemd-swap is not used
203 if [ "$KERNEL_ZSWAP" = true ] ; then
204 CMDLINE="${CMDLINE} zswap.enabled=1 zswap.max_pool_percent=25 zswap.compressor=lz4"
205 fi
206 fi
207 if [ "$KERNEL_SECURITY" = true ] ; then
208 CMDLINE="${CMDLINE} apparmor=1 security=apparmor"
165 fi
209 fi
166
210
167 # Install firmware boot cmdline
211 # Install firmware boot cmdline
168 echo "${CMDLINE}" > "${BOOT_DIR}/cmdline.txt"
212 echo "${CMDLINE}" > "${BOOT_DIR}/cmdline.txt"
169
213
170 # Install firmware config
171 install_readonly files/boot/config.txt "${BOOT_DIR}/config.txt"
172
173 # Setup minimal GPU memory allocation size: 16MB (no X)
214 # Setup minimal GPU memory allocation size: 16MB (no X)
174 if [ "$ENABLE_MINGPU" = true ] ; then
215 if [ "$ENABLE_MINGPU" = true ] ; then
175 echo "gpu_mem=16" >> "${BOOT_DIR}/config.txt"
216 echo "gpu_mem=16" >> "${BOOT_DIR}/config.txt"
176 fi
217 fi
177
218
178 # Setup boot with initramfs
219 # Setup boot with initramfs
179 if [ "$ENABLE_INITRAMFS" = true ] ; then
220 if [ "$ENABLE_INITRAMFS" = true ] ; then
180 echo "initramfs initramfs-${KERNEL_VERSION} followkernel" >> "${BOOT_DIR}/config.txt"
221 echo "initramfs initramfs-${KERNEL_VERSION} followkernel" >> "${BOOT_DIR}/config.txt"
181 fi
222 fi
182
223
183 # Create firmware configuration and cmdline symlinks
224 # Create firmware configuration and cmdline symlinks
184 ln -sf firmware/config.txt "${R}/boot/config.txt"
225 ln -sf firmware/config.txt "${R}/boot/config.txt"
185 ln -sf firmware/cmdline.txt "${R}/boot/cmdline.txt"
226 ln -sf firmware/cmdline.txt "${R}/boot/cmdline.txt"
186
227
187 # Install and setup kernel modules to load at boot
228 # Install and setup kernel modules to load at boot
188 mkdir -p "${LIB_DIR}/modules-load.d/"
229 mkdir -p "${LIB_DIR}/modules-load.d/"
189 install_readonly files/modules/rpi2.conf "${LIB_DIR}/modules-load.d/rpi2.conf"
230 install_readonly files/modules/rpi2.conf "${LIB_DIR}/modules-load.d/rpi2.conf"
190
231
191 # Load hardware random module at boot
232 # Load hardware random module at boot
192 if [ "$ENABLE_HWRANDOM" = true ] && [ "$BUILD_KERNEL" = false ] ; then
233 if [ "$ENABLE_HWRANDOM" = true ] && [ "$BUILD_KERNEL" = false ] ; then
193 sed -i "s/^# bcm2708_rng/bcm2708_rng/" "${LIB_DIR}/modules-load.d/rpi2.conf"
234 sed -i "s/^# bcm2708_rng/bcm2708_rng/" "${LIB_DIR}/modules-load.d/rpi2.conf"
194 fi
235 fi
195
236
196 # Load sound module at boot
237 # Load sound module at boot
197 if [ "$ENABLE_SOUND" = true ] ; then
238 if [ "$ENABLE_SOUND" = true ] ; then
198 sed -i "s/^# snd_bcm2835/snd_bcm2835/" "${LIB_DIR}/modules-load.d/rpi2.conf"
239 sed -i "s/^# snd_bcm2835/snd_bcm2835/" "${LIB_DIR}/modules-load.d/rpi2.conf"
199 else
240 else
200 echo "dtparam=audio=off" >> "${BOOT_DIR}/config.txt"
241 echo "dtparam=audio=off" >> "${BOOT_DIR}/config.txt"
201 fi
242 fi
202
243
203 # Enable I2C interface
244 # Enable I2C interface
204 if [ "$ENABLE_I2C" = true ] ; then
245 if [ "$ENABLE_I2C" = true ] ; then
205 echo "dtparam=i2c_arm=on" >> "${BOOT_DIR}/config.txt"
246 echo "dtparam=i2c_arm=on" >> "${BOOT_DIR}/config.txt"
206 sed -i "s/^# i2c-bcm2708/i2c-bcm2708/" "${LIB_DIR}/modules-load.d/rpi2.conf"
247 sed -i "s/^# i2c-bcm2708/i2c-bcm2708/" "${LIB_DIR}/modules-load.d/rpi2.conf"
207 sed -i "s/^# i2c-dev/i2c-dev/" "${LIB_DIR}/modules-load.d/rpi2.conf"
248 sed -i "s/^# i2c-dev/i2c-dev/" "${LIB_DIR}/modules-load.d/rpi2.conf"
208 fi
249 fi
209
250
210 # Enable SPI interface
251 # Enable SPI interface
211 if [ "$ENABLE_SPI" = true ] ; then
252 if [ "$ENABLE_SPI" = true ] ; then
212 echo "dtparam=spi=on" >> "${BOOT_DIR}/config.txt"
253 echo "dtparam=spi=on" >> "${BOOT_DIR}/config.txt"
213 echo "spi-bcm2708" >> "${LIB_DIR}/modules-load.d/rpi2.conf"
254 echo "spi-bcm2708" >> "${LIB_DIR}/modules-load.d/rpi2.conf"
214 if [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ]; then
255 if [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ]; then
215 sed -i "s/spi-bcm2708/spi-bcm2835/" "${LIB_DIR}/modules-load.d/rpi2.conf"
256 sed -i "s/spi-bcm2708/spi-bcm2835/" "${LIB_DIR}/modules-load.d/rpi2.conf"
216 fi
257 fi
217 fi
258 fi
218
259
219 # Disable RPi2/3 under-voltage warnings
260 # Disable RPi2/3 under-voltage warnings
220 if [ -n "$DISABLE_UNDERVOLT_WARNINGS" ] ; then
261 if [ -n "$DISABLE_UNDERVOLT_WARNINGS" ] ; then
221 echo "avoid_warnings=${DISABLE_UNDERVOLT_WARNINGS}" >> "${BOOT_DIR}/config.txt"
262 echo "avoid_warnings=${DISABLE_UNDERVOLT_WARNINGS}" >> "${BOOT_DIR}/config.txt"
222 fi
263 fi
223
264
224 # Install kernel modules blacklist
265 # Install kernel modules blacklist
225 mkdir -p "${ETC_DIR}/modprobe.d/"
266 mkdir -p "${ETC_DIR}/modprobe.d/"
226 install_readonly files/modules/raspi-blacklist.conf "${ETC_DIR}/modprobe.d/raspi-blacklist.conf"
267 install_readonly files/modules/raspi-blacklist.conf "${ETC_DIR}/modprobe.d/raspi-blacklist.conf"
227
268
228 # Install sysctl.d configuration files
269 # Install sysctl.d configuration files
229 install_readonly files/sysctl.d/81-rpi-vm.conf "${ETC_DIR}/sysctl.d/81-rpi-vm.conf"
270 install_readonly files/sysctl.d/81-rpi-vm.conf "${ETC_DIR}/sysctl.d/81-rpi-vm.conf"
@@ -1,48 +1,53
1 #
1 #
2 # Setup Firewall
2 # Setup Firewall
3 #
3 #
4
4
5 # Load utility functions
5 # Load utility functions
6 . ./functions.sh
6 . ./functions.sh
7
7
8 if [ "$ENABLE_IPTABLES" = true ] ; then
8 if [ "$ENABLE_IPTABLES" = true ] ; then
9 # Create iptables configuration directory
9 # Create iptables configuration directory
10 mkdir -p "${ETC_DIR}/iptables"
10 mkdir -p "${ETC_DIR}/iptables"
11
11
12 # make sure iptables-legacy is the used alternatives
12 if [ "$KERNEL_NF" = false ] ; then
13 #iptables-save and -restore are slaves of iptables and thus are set accordingly
13 #iptables-save and -restore are slaves of iptables and thus are set accordingly
14 chroot_exec update-alternatives --verbose --set iptables /usr/sbin/iptables-legacy
14 chroot_exec update-alternatives --verbose --set iptables /usr/sbin/iptables-legacy
15 fi
15
16
16 # Install iptables systemd service
17 # Install iptables systemd service
17 install_readonly files/iptables/iptables.service "${ETC_DIR}/systemd/system/iptables.service"
18 install_readonly files/iptables/iptables.service "${ETC_DIR}/systemd/system/iptables.service"
18
19
19 # Install flush-table script called by iptables service
20 # Install flush-table script called by iptables service
20 install_exec files/iptables/flush-iptables.sh "${ETC_DIR}/iptables/flush-iptables.sh"
21 install_exec files/iptables/flush-iptables.sh "${ETC_DIR}/iptables/flush-iptables.sh"
21
22
22 # Install iptables rule file
23 # Install iptables rule file
23 install_readonly files/iptables/iptables.rules "${ETC_DIR}/iptables/iptables.rules"
24 install_readonly files/iptables/iptables.rules "${ETC_DIR}/iptables/iptables.rules"
24
25
25 # Reload systemd configuration and enable iptables service
26 # Reload systemd configuration and enable iptables service
26 chroot_exec systemctl daemon-reload
27 chroot_exec systemctl daemon-reload
27 chroot_exec systemctl enable iptables.service
28 chroot_exec systemctl enable iptables.service
28
29
29 if [ "$ENABLE_IPV6" = true ] ; then
30 if [ "$ENABLE_IPV6" = true ] ; then
31 if [ "$KERNEL_NF" = false ] ; then
32 #iptables-save and -restore are slaves of iptables and thus are set accordingly
33 chroot_exec update-alternatives --verbose --set ip6tables /usr/sbin/ip6tables-legacy
34 fi
30 # Install ip6tables systemd service
35 # Install ip6tables systemd service
31 install_readonly files/iptables/ip6tables.service "${ETC_DIR}/systemd/system/ip6tables.service"
36 install_readonly files/iptables/ip6tables.service "${ETC_DIR}/systemd/system/ip6tables.service"
32
37
33 # Install ip6tables file
38 # Install ip6tables file
34 install_exec files/iptables/flush-ip6tables.sh "${ETC_DIR}/iptables/flush-ip6tables.sh"
39 install_exec files/iptables/flush-ip6tables.sh "${ETC_DIR}/iptables/flush-ip6tables.sh"
35
40
36 install_readonly files/iptables/ip6tables.rules "${ETC_DIR}/iptables/ip6tables.rules"
41 install_readonly files/iptables/ip6tables.rules "${ETC_DIR}/iptables/ip6tables.rules"
37
42
38 # Reload systemd configuration and enable iptables service
43 # Reload systemd configuration and enable iptables service
39 chroot_exec systemctl daemon-reload
44 chroot_exec systemctl daemon-reload
40 chroot_exec systemctl enable ip6tables.service
45 chroot_exec systemctl enable ip6tables.service
41 fi
46 fi
42
47
43 if [ "$ENABLE_SSHD" = false ] ; then
48 if [ "$ENABLE_SSHD" = false ] ; then
44 # Remove SSHD related iptables rules
49 # Remove SSHD related iptables rules
45 sed -i "/^#/! {/SSH/ s/^/# /}" "${ETC_DIR}/iptables/iptables.rules" 2> /dev/null
50 sed -i "/^#/! {/SSH/ s/^/# /}" "${ETC_DIR}/iptables/iptables.rules" 2> /dev/null
46 sed -i "/^#/! {/SSH/ s/^/# /}" "${ETC_DIR}/iptables/ip6tables.rules" 2> /dev/null
51 sed -i "/^#/! {/SSH/ s/^/# /}" "${ETC_DIR}/iptables/ip6tables.rules" 2> /dev/null
47 fi
52 fi
48 fi
53 fi
@@ -1,807 +1,848
1 #!/bin/sh
1 #!/bin/sh
2 ########################################################################
2 ########################################################################
3 # rpi23-gen-image.sh 2015-2017
3 # rpi23-gen-image.sh 2015-2017
4 #
4 #
5 # Advanced Debian "stretch" and "buster" bootstrap script for Raspberry Pi
5 # Advanced Debian "stretch" and "buster" bootstrap script for Raspberry Pi
6 #
6 #
7 # This program is free software; you can redistribute it and/or
7 # This program is free software; you can redistribute it and/or
8 # modify it under the terms of the GNU General Public License
8 # modify it under the terms of the GNU General Public License
9 # as published by the Free Software Foundation; either version 2
9 # as published by the Free Software Foundation; either version 2
10 # of the License, or (at your option) any later version.
10 # of the License, or (at your option) any later version.
11 #
11 #
12 # Copyright (C) 2015 Jan Wagner <mail@jwagner.eu>
12 # Copyright (C) 2015 Jan Wagner <mail@jwagner.eu>
13 #
13 #
14 # Big thanks for patches and enhancements by 20+ github contributors!
14 # Big thanks for patches and enhancements by 20+ github contributors!
15 ########################################################################
15 ########################################################################
16
16
17 # Are we running as root?
17 # Are we running as root?
18 if [ "$(id -u)" -ne "0" ] ; then
18 if [ "$(id -u)" -ne "0" ] ; then
19 echo "error: this script must be executed with root privileges!"
19 echo "error: this script must be executed with root privileges!"
20 exit 1
20 exit 1
21 fi
21 fi
22
22
23 # Check if ./functions.sh script exists
23 # Check if ./functions.sh script exists
24 if [ ! -r "./functions.sh" ] ; then
24 if [ ! -r "./functions.sh" ] ; then
25 echo "error: './functions.sh' required script not found!"
25 echo "error: './functions.sh' required script not found!"
26 exit 1
26 exit 1
27 fi
27 fi
28
28
29 # Load utility functions
29 # Load utility functions
30 . ./functions.sh
30 . ./functions.sh
31
31
32 # Load parameters from configuration template file
32 # Load parameters from configuration template file
33 if [ -n "$CONFIG_TEMPLATE" ] ; then
33 if [ -n "$CONFIG_TEMPLATE" ] ; then
34 use_template
34 use_template
35 fi
35 fi
36
36
37 # Introduce settings
37 # Introduce settings
38 set -e
38 set -e
39 echo -n -e "\n#\n# RPi 0/1/2/3 Bootstrap Settings\n#\n"
39 echo -n -e "\n#\n# RPi 0/1/2/3 Bootstrap Settings\n#\n"
40 set -x
40 set -x
41
41
42 # Raspberry Pi model configuration
42 # Raspberry Pi model configuration
43 RPI_MODEL=${RPI_MODEL:=2}
43 RPI_MODEL=${RPI_MODEL:=2}
44
44
45 # Debian release
45 # Debian release
46 RELEASE=${RELEASE:=buster}
46 RELEASE=${RELEASE:=buster}
47
47
48 # Kernel Branch
48 # Kernel Branch
49 KERNEL_BRANCH=${KERNEL_BRANCH:=""}
49 KERNEL_BRANCH=${KERNEL_BRANCH:=""}
50
50
51 # URLs
51 # URLs
52 KERNEL_URL=${KERNEL_URL:=https://github.com/raspberrypi/linux}
52 KERNEL_URL=${KERNEL_URL:=https://github.com/raspberrypi/linux}
53 FIRMWARE_URL=${FIRMWARE_URL:=https://github.com/raspberrypi/firmware/raw/master/boot}
53 FIRMWARE_URL=${FIRMWARE_URL:=https://github.com/raspberrypi/firmware/raw/master/boot}
54 WLAN_FIRMWARE_URL=${WLAN_FIRMWARE_URL:=https://github.com/RPi-Distro/firmware-nonfree/raw/master/brcm}
54 WLAN_FIRMWARE_URL=${WLAN_FIRMWARE_URL:=https://github.com/RPi-Distro/firmware-nonfree/raw/master/brcm}
55 COLLABORA_URL=${COLLABORA_URL:=https://repositories.collabora.co.uk/debian}
55 COLLABORA_URL=${COLLABORA_URL:=https://repositories.collabora.co.uk/debian}
56 FBTURBO_URL=${FBTURBO_URL:=https://github.com/ssvb/xf86-video-fbturbo.git}
56 FBTURBO_URL=${FBTURBO_URL:=https://github.com/ssvb/xf86-video-fbturbo.git}
57 UBOOT_URL=${UBOOT_URL:=https://git.denx.de/u-boot.git}
57 UBOOT_URL=${UBOOT_URL:=https://git.denx.de/u-boot.git}
58 VIDEOCORE_URL=${VIDEOCORE_URL:=https://github.com/raspberrypi/userland}
58 VIDEOCORE_URL=${VIDEOCORE_URL:=https://github.com/raspberrypi/userland}
59 BLUETOOTH_URL=${BLUETOOTH_URL:=https://github.com/RPi-Distro/pi-bluetooth.git}
59 BLUETOOTH_URL=${BLUETOOTH_URL:=https://github.com/RPi-Distro/pi-bluetooth.git}
60 NEXMON_URL=${NEXMON_URL:=https://github.com/seemoo-lab/nexmon.git}
61 SYSTEMDSWAP_URL=${SYSTEMDSWAP_URL:=https://github.com/Nefelim4ag/systemd-swap.git}
62
63 # Kernel deb packages for 32bit kernel
64 RPI_32_KERNEL_URL=${RPI_32_KERNEL_URL:=https://github.com/hypriot/rpi-kernel/releases/download/v4.14.34/raspberrypi-kernel_20180422-141901_armhf.deb}
65 RPI_32_KERNELHEADER_URL=${RPI_32_KERNELHEADER_URL:=https://github.com/hypriot/rpi-kernel/releases/download/v4.14.34/raspberrypi-kernel-headers_20180422-141901_armhf.deb}
66 # Kernel has KVM and zswap enabled - use if KERNEL_* parameters and precompiled kernel are used
67 RPI3_64_BIS_KERNEL_URL=${RPI3_64_BIS_KERNEL_URL:=https://github.com/sakaki-/bcmrpi3-kernel-bis/releases/download/4.14.80.20181113/bcmrpi3-kernel-bis-4.14.80.20181113.tar.xz}
68 # Default precompiled 64bit kernel
69 RPI3_64_DEF_KERNEL_URL=${RPI3_64_DEF_KERNEL_URL:=https://github.com/sakaki-/bcmrpi3-kernel/releases/download/4.14.80.20181113/bcmrpi3-kernel-4.14.80.20181113.tar.xz}
70 # Generic
71 RPI3_64_KERNEL_URL=${RPI3_64_KERNEL_URL:=$RPI3_64_DEF_KERNEL_URL}
72 # Kali kernel src - used if ENABLE_NEXMON=true (they patch the wlan kernel modul)
73 KALI_KERNEL_URL=${KALI_KERNEL_URL:=https://github.com/Re4son/re4son-raspberrypi-linux.git}
60
74
61 # Build directories
75 # Build directories
62 WORKDIR=$(pwd)
76 WORKDIR=$(pwd)
63 BASEDIR=${BASEDIR:=${WORKDIR}/images/${RELEASE}}
77 BASEDIR=${BASEDIR:=${WORKDIR}/images/${RELEASE}}
64 BUILDDIR="${BASEDIR}/build"
78 BUILDDIR="${BASEDIR}/build"
65
79
66 # Chroot directories
80 # Chroot directories
67 R="${BUILDDIR}/chroot"
81 R="${BUILDDIR}/chroot"
68 ETC_DIR="${R}/etc"
82 ETC_DIR="${R}/etc"
69 LIB_DIR="${R}/lib"
83 LIB_DIR="${R}/lib"
70 BOOT_DIR="${R}/boot/firmware"
84 BOOT_DIR="${R}/boot/firmware"
71 KERNEL_DIR="${R}/usr/src/linux"
85 KERNEL_DIR="${R}/usr/src/linux"
72 WLAN_FIRMWARE_DIR="${LIB_DIR}/firmware/brcm"
86 WLAN_FIRMWARE_DIR="${LIB_DIR}/firmware/brcm"
73 BLUETOOTH_FIRMWARE_DIR="${ETC_DIR}/firmware/bt"
87 BLUETOOTH_FIRMWARE_DIR="${ETC_DIR}/firmware/bt"
74
88
75 # Firmware directory: Blank if download from github
89 # Firmware directory: Blank if download from github
76 RPI_FIRMWARE_DIR=${RPI_FIRMWARE_DIR:=""}
90 RPI_FIRMWARE_DIR=${RPI_FIRMWARE_DIR:=""}
77
91
78 # General settings
92 # General settings
79 SET_ARCH=${SET_ARCH:=32}
93 SET_ARCH=${SET_ARCH:=32}
80 HOSTNAME=${HOSTNAME:=rpi${RPI_MODEL}-${RELEASE}}
94 HOSTNAME=${HOSTNAME:=rpi${RPI_MODEL}-${RELEASE}}
81 PASSWORD=${PASSWORD:=raspberry}
95 PASSWORD=${PASSWORD:=raspberry}
82 USER_PASSWORD=${USER_PASSWORD:=raspberry}
96 USER_PASSWORD=${USER_PASSWORD:=raspberry}
83 DEFLOCAL=${DEFLOCAL:="en_US.UTF-8"}
97 DEFLOCAL=${DEFLOCAL:="en_US.UTF-8"}
84 TIMEZONE=${TIMEZONE:="Europe/Berlin"}
98 TIMEZONE=${TIMEZONE:="Europe/Berlin"}
85 EXPANDROOT=${EXPANDROOT:=true}
99 EXPANDROOT=${EXPANDROOT:=true}
86
100
87 # Keyboard settings
101 # Keyboard settings
88 XKB_MODEL=${XKB_MODEL:=""}
102 XKB_MODEL=${XKB_MODEL:=""}
89 XKB_LAYOUT=${XKB_LAYOUT:=""}
103 XKB_LAYOUT=${XKB_LAYOUT:=""}
90 XKB_VARIANT=${XKB_VARIANT:=""}
104 XKB_VARIANT=${XKB_VARIANT:=""}
91 XKB_OPTIONS=${XKB_OPTIONS:=""}
105 XKB_OPTIONS=${XKB_OPTIONS:=""}
92
106
93 # Network settings (DHCP)
107 # Network settings (DHCP)
94 ENABLE_DHCP=${ENABLE_DHCP:=true}
108 ENABLE_DHCP=${ENABLE_DHCP:=true}
95
109
96 # Network settings (static)
110 # Network settings (static)
97 NET_ADDRESS=${NET_ADDRESS:=""}
111 NET_ADDRESS=${NET_ADDRESS:=""}
98 NET_GATEWAY=${NET_GATEWAY:=""}
112 NET_GATEWAY=${NET_GATEWAY:=""}
99 NET_DNS_1=${NET_DNS_1:=""}
113 NET_DNS_1=${NET_DNS_1:=""}
100 NET_DNS_2=${NET_DNS_2:=""}
114 NET_DNS_2=${NET_DNS_2:=""}
101 NET_DNS_DOMAINS=${NET_DNS_DOMAINS:=""}
115 NET_DNS_DOMAINS=${NET_DNS_DOMAINS:=""}
102 NET_NTP_1=${NET_NTP_1:=""}
116 NET_NTP_1=${NET_NTP_1:=""}
103 NET_NTP_2=${NET_NTP_2:=""}
117 NET_NTP_2=${NET_NTP_2:=""}
104
118
105 # APT settings
119 # APT settings
106 APT_PROXY=${APT_PROXY:=""}
120 APT_PROXY=${APT_PROXY:=""}
107 APT_SERVER=${APT_SERVER:="ftp.debian.org"}
121 APT_SERVER=${APT_SERVER:="ftp.debian.org"}
108
122
109 # Feature settings
123 # Feature settings
110 ENABLE_PRINTK=${ENABLE_PRINTK:=false}
124 ENABLE_PRINTK=${ENABLE_PRINTK:=false}
111 ENABLE_BLUETOOTH=${ENABLE_BLUETOOTH:=false}
125 ENABLE_BLUETOOTH=${ENABLE_BLUETOOTH:=false}
112 ENABLE_MINIUART_OVERLAY=${ENABLE_MINIUART_OVERLAY:=false}
126 ENABLE_MINIUART_OVERLAY=${ENABLE_MINIUART_OVERLAY:=false}
113 ENABLE_CONSOLE=${ENABLE_CONSOLE:=true}
127 ENABLE_CONSOLE=${ENABLE_CONSOLE:=true}
114 ENABLE_I2C=${ENABLE_I2C:=false}
128 ENABLE_I2C=${ENABLE_I2C:=false}
115 ENABLE_SPI=${ENABLE_SPI:=false}
129 ENABLE_SPI=${ENABLE_SPI:=false}
116 ENABLE_IPV6=${ENABLE_IPV6:=true}
130 ENABLE_IPV6=${ENABLE_IPV6:=true}
117 ENABLE_SSHD=${ENABLE_SSHD:=true}
131 ENABLE_SSHD=${ENABLE_SSHD:=true}
118 ENABLE_NONFREE=${ENABLE_NONFREE:=false}
132 ENABLE_NONFREE=${ENABLE_NONFREE:=false}
119 ENABLE_WIRELESS=${ENABLE_WIRELESS:=false}
133 ENABLE_WIRELESS=${ENABLE_WIRELESS:=false}
120 ENABLE_SOUND=${ENABLE_SOUND:=true}
134 ENABLE_SOUND=${ENABLE_SOUND:=true}
121 ENABLE_DBUS=${ENABLE_DBUS:=true}
135 ENABLE_DBUS=${ENABLE_DBUS:=true}
122 ENABLE_HWRANDOM=${ENABLE_HWRANDOM:=true}
136 ENABLE_HWRANDOM=${ENABLE_HWRANDOM:=true}
123 ENABLE_MINGPU=${ENABLE_MINGPU:=false}
137 ENABLE_MINGPU=${ENABLE_MINGPU:=false}
124 ENABLE_XORG=${ENABLE_XORG:=false}
138 ENABLE_XORG=${ENABLE_XORG:=false}
125 ENABLE_WM=${ENABLE_WM:=""}
139 ENABLE_WM=${ENABLE_WM:=""}
126 ENABLE_RSYSLOG=${ENABLE_RSYSLOG:=true}
140 ENABLE_RSYSLOG=${ENABLE_RSYSLOG:=true}
127 ENABLE_USER=${ENABLE_USER:=true}
141 ENABLE_USER=${ENABLE_USER:=true}
128 USER_NAME=${USER_NAME:="pi"}
142 USER_NAME=${USER_NAME:="pi"}
129 ENABLE_ROOT=${ENABLE_ROOT:=false}
143 ENABLE_ROOT=${ENABLE_ROOT:=false}
130 ENABLE_QEMU=${ENABLE_QEMU:=false}
144 ENABLE_QEMU=${ENABLE_QEMU:=false}
131 ENABLE_SYSVINIT=${ENABLE_SYSVINIT:=false}
145 ENABLE_SYSVINIT=${ENABLE_SYSVINIT:=false}
132
146
133 # SSH settings
147 # SSH settings
134 SSH_ENABLE_ROOT=${SSH_ENABLE_ROOT:=false}
148 SSH_ENABLE_ROOT=${SSH_ENABLE_ROOT:=false}
135 SSH_DISABLE_PASSWORD_AUTH=${SSH_DISABLE_PASSWORD_AUTH:=false}
149 SSH_DISABLE_PASSWORD_AUTH=${SSH_DISABLE_PASSWORD_AUTH:=false}
136 SSH_LIMIT_USERS=${SSH_LIMIT_USERS:=false}
150 SSH_LIMIT_USERS=${SSH_LIMIT_USERS:=false}
137 SSH_ROOT_PUB_KEY=${SSH_ROOT_PUB_KEY:=""}
151 SSH_ROOT_PUB_KEY=${SSH_ROOT_PUB_KEY:=""}
138 SSH_USER_PUB_KEY=${SSH_USER_PUB_KEY:=""}
152 SSH_USER_PUB_KEY=${SSH_USER_PUB_KEY:=""}
139
153
140 # Advanced settings
154 # Advanced settings
155 ENABLE_SYSTEMDSWAP=${ENABLE_SYSTEMDSWAP:=false}
141 ENABLE_MINBASE=${ENABLE_MINBASE:=false}
156 ENABLE_MINBASE=${ENABLE_MINBASE:=false}
142 ENABLE_REDUCE=${ENABLE_REDUCE:=false}
157 ENABLE_REDUCE=${ENABLE_REDUCE:=false}
143 ENABLE_UBOOT=${ENABLE_UBOOT:=false}
158 ENABLE_UBOOT=${ENABLE_UBOOT:=false}
144 UBOOTSRC_DIR=${UBOOTSRC_DIR:=""}
159 UBOOTSRC_DIR=${UBOOTSRC_DIR:=""}
145 ENABLE_FBTURBO=${ENABLE_FBTURBO:=false}
160 ENABLE_FBTURBO=${ENABLE_FBTURBO:=false}
146 ENABLE_VIDEOCORE=${ENABLE_VIDEOCORE:=false}
161 ENABLE_VIDEOCORE=${ENABLE_VIDEOCORE:=false}
162 ENABLE_NEXMON=${ENABLE_NEXMON:=false}
147 VIDEOCORESRC_DIR=${VIDEOCORESRC_DIR:=""}
163 VIDEOCORESRC_DIR=${VIDEOCORESRC_DIR:=""}
148 FBTURBOSRC_DIR=${FBTURBOSRC_DIR:=""}
164 FBTURBOSRC_DIR=${FBTURBOSRC_DIR:=""}
165 NEXMONSRC_DIR=${NEXMONSRC_DIR:=""}
149 ENABLE_HARDNET=${ENABLE_HARDNET:=false}
166 ENABLE_HARDNET=${ENABLE_HARDNET:=false}
150 ENABLE_IPTABLES=${ENABLE_IPTABLES:=false}
167 ENABLE_IPTABLES=${ENABLE_IPTABLES:=false}
151 ENABLE_SPLITFS=${ENABLE_SPLITFS:=false}
168 ENABLE_SPLITFS=${ENABLE_SPLITFS:=false}
152 ENABLE_INITRAMFS=${ENABLE_INITRAMFS:=false}
169 ENABLE_INITRAMFS=${ENABLE_INITRAMFS:=false}
153 ENABLE_IFNAMES=${ENABLE_IFNAMES:=true}
170 ENABLE_IFNAMES=${ENABLE_IFNAMES:=true}
154 DISABLE_UNDERVOLT_WARNINGS=${DISABLE_UNDERVOLT_WARNINGS:=}
171 DISABLE_UNDERVOLT_WARNINGS=${DISABLE_UNDERVOLT_WARNINGS:=}
155
172
156 # Kernel compilation settings
173 # Kernel compilation settings
157 BUILD_KERNEL=${BUILD_KERNEL:=true}
174 BUILD_KERNEL=${BUILD_KERNEL:=true}
158 KERNEL_REDUCE=${KERNEL_REDUCE:=false}
175 KERNEL_REDUCE=${KERNEL_REDUCE:=false}
159 KERNEL_THREADS=${KERNEL_THREADS:=1}
176 KERNEL_THREADS=${KERNEL_THREADS:=1}
160 KERNEL_HEADERS=${KERNEL_HEADERS:=true}
177 KERNEL_HEADERS=${KERNEL_HEADERS:=true}
161 KERNEL_MENUCONFIG=${KERNEL_MENUCONFIG:=false}
178 KERNEL_MENUCONFIG=${KERNEL_MENUCONFIG:=false}
162 KERNEL_REMOVESRC=${KERNEL_REMOVESRC:=true}
179 KERNEL_REMOVESRC=${KERNEL_REMOVESRC:=true}
163 KERNEL_OLDDEFCONFIG=${KERNEL_OLDDEFCONFIG:=false}
180 KERNEL_OLDDEFCONFIG=${KERNEL_OLDDEFCONFIG:=false}
164 KERNEL_CCACHE=${KERNEL_CCACHE:=false}
181 KERNEL_CCACHE=${KERNEL_CCACHE:=false}
182 KERNEL_ZSWAP=${KERNEL_ZSWAP:=false}
183 KERNEL_VIRT=${KERNEL_VIRT:=false}
184 KERNEL_BPF=${KERNEL_BPF:=false}
185 KERNEL_DEFAULT_GOV=${KERNEL_DEFAULT_GOV:=powersave}
186 KERNEL_SECURITY=${KERNEL_SECURITY:=false}
187 KERNEL_NF=${KERNEL_NF:=false}
165
188
166 # Kernel compilation from source directory settings
189 # Kernel compilation from source directory settings
167 KERNELSRC_DIR=${KERNELSRC_DIR:=""}
190 KERNELSRC_DIR=${KERNELSRC_DIR:=""}
168 KERNELSRC_CLEAN=${KERNELSRC_CLEAN:=false}
191 KERNELSRC_CLEAN=${KERNELSRC_CLEAN:=false}
169 KERNELSRC_CONFIG=${KERNELSRC_CONFIG:=true}
192 KERNELSRC_CONFIG=${KERNELSRC_CONFIG:=true}
170 KERNELSRC_PREBUILT=${KERNELSRC_PREBUILT:=false}
193 KERNELSRC_PREBUILT=${KERNELSRC_PREBUILT:=false}
171
194
172 # Reduce disk usage settings
195 # Reduce disk usage settings
173 REDUCE_APT=${REDUCE_APT:=true}
196 REDUCE_APT=${REDUCE_APT:=true}
174 REDUCE_DOC=${REDUCE_DOC:=true}
197 REDUCE_DOC=${REDUCE_DOC:=true}
175 REDUCE_MAN=${REDUCE_MAN:=true}
198 REDUCE_MAN=${REDUCE_MAN:=true}
176 REDUCE_VIM=${REDUCE_VIM:=false}
199 REDUCE_VIM=${REDUCE_VIM:=false}
177 REDUCE_BASH=${REDUCE_BASH:=false}
200 REDUCE_BASH=${REDUCE_BASH:=false}
178 REDUCE_HWDB=${REDUCE_HWDB:=true}
201 REDUCE_HWDB=${REDUCE_HWDB:=true}
179 REDUCE_SSHD=${REDUCE_SSHD:=true}
202 REDUCE_SSHD=${REDUCE_SSHD:=true}
180 REDUCE_LOCALE=${REDUCE_LOCALE:=true}
203 REDUCE_LOCALE=${REDUCE_LOCALE:=true}
181
204
182 # Encrypted filesystem settings
205 # Encrypted filesystem settings
183 ENABLE_CRYPTFS=${ENABLE_CRYPTFS:=false}
206 ENABLE_CRYPTFS=${ENABLE_CRYPTFS:=false}
184 CRYPTFS_PASSWORD=${CRYPTFS_PASSWORD:=""}
207 CRYPTFS_PASSWORD=${CRYPTFS_PASSWORD:=""}
185 CRYPTFS_MAPPING=${CRYPTFS_MAPPING:="secure"}
208 CRYPTFS_MAPPING=${CRYPTFS_MAPPING:="secure"}
186 CRYPTFS_CIPHER=${CRYPTFS_CIPHER:="aes-xts-plain64:sha512"}
209 CRYPTFS_CIPHER=${CRYPTFS_CIPHER:="aes-xts-plain64:sha512"}
187 CRYPTFS_XTSKEYSIZE=${CRYPTFS_XTSKEYSIZE:=512}
210 CRYPTFS_XTSKEYSIZE=${CRYPTFS_XTSKEYSIZE:=512}
188
211
189 # Chroot scripts directory
212 # Chroot scripts directory
190 CHROOT_SCRIPTS=${CHROOT_SCRIPTS:=""}
213 CHROOT_SCRIPTS=${CHROOT_SCRIPTS:=""}
191
214
192 # Packages required in the chroot build environment
215 # Packages required in the chroot build environment
193 APT_INCLUDES=${APT_INCLUDES:=""}
216 APT_INCLUDES=${APT_INCLUDES:=""}
194 APT_INCLUDES="${APT_INCLUDES},apt-transport-https,apt-utils,ca-certificates,debian-archive-keyring,dialog,sudo,systemd,sysvinit-utils,locales,keyboard-configuration,console-setup,libnss-systemd"
217 APT_INCLUDES="${APT_INCLUDES},apt-transport-https,apt-utils,ca-certificates,debian-archive-keyring,dialog,sudo,systemd,sysvinit-utils,locales,keyboard-configuration,console-setup,libnss-systemd"
195
218
196 # Packages to exclude from chroot build environment
219 # Packages to exclude from chroot build environment
197 APT_EXCLUDES=${APT_EXCLUDES:=""}
220 APT_EXCLUDES=${APT_EXCLUDES:=""}
198
221
199 # Packages required for bootstrapping
222 # Packages required for bootstrapping
200 REQUIRED_PACKAGES="debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git bc psmisc dbus sudo"
223 REQUIRED_PACKAGES="debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git bc psmisc dbus sudo"
201 MISSING_PACKAGES=""
224 MISSING_PACKAGES=""
202
225
203 # Packages installed for c/c++ build environment in chroot (keep empty)
226 # Packages installed for c/c++ build environment in chroot (keep empty)
204 COMPILER_PACKAGES=""
227 COMPILER_PACKAGES=""
205
228
206 set +x
229 set +x
207
230
208 #Check if apt-cacher-ng has port 3142 open and set APT_PROXY
231 #Check if apt-cacher-ng has port 3142 open and set APT_PROXY
209 APT_CACHER_RUNNING=$(lsof -i :3142 | grep apt-cacher-ng | cut -d ' ' -f3 | uniq)
232 APT_CACHER_RUNNING=$(lsof -i :3142 | grep apt-cacher-ng | cut -d ' ' -f3 | uniq)
210 if [ -n "${APT_CACHER_RUNNING}" ] ; then
233 if [ -n "${APT_CACHER_RUNNING}" ] ; then
211 APT_PROXY=http://127.0.0.1:3142/
234 APT_PROXY=http://127.0.0.1:3142/
212 fi
235 fi
213
236
214 # Setup architecture specific settings
237 # Setup architecture specific settings
215 if [ -n "$SET_ARCH" ] ; then
238 if [ -n "$SET_ARCH" ] ; then
216 # 64-bit configuration
239 # 64-bit configuration
217 if [ "$SET_ARCH" = 64 ] ; then
240 if [ "$SET_ARCH" = 64 ] ; then
218 # General 64-bit depended settings
241 # General 64-bit depended settings
219 QEMU_BINARY=${QEMU_BINARY:=/usr/bin/qemu-aarch64-static}
242 QEMU_BINARY=${QEMU_BINARY:=/usr/bin/qemu-aarch64-static}
220 KERNEL_ARCH=${KERNEL_ARCH:=arm64}
243 KERNEL_ARCH=${KERNEL_ARCH:=arm64}
221 KERNEL_BIN_IMAGE=${KERNEL_BIN_IMAGE:="Image"}
244 KERNEL_BIN_IMAGE=${KERNEL_BIN_IMAGE:="Image"}
222
245
223 # Raspberry Pi model specific settings
246 # Raspberry Pi model specific settings
224 if [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then
247 if [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then
225 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-arm64"
248 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-arm64"
226 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcmrpi3_defconfig}
249 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcmrpi3_defconfig}
227 RELEASE_ARCH=${RELEASE_ARCH:=arm64}
250 RELEASE_ARCH=${RELEASE_ARCH:=arm64}
228 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel8.img}
251 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel8.img}
229 CROSS_COMPILE=${CROSS_COMPILE:=aarch64-linux-gnu-}
252 CROSS_COMPILE=${CROSS_COMPILE:=aarch64-linux-gnu-}
230 else
253 else
231 echo "error: Only Raspberry PI 3 and 3B+ support 64-bit"
254 echo "error: Only Raspberry PI 3 and 3B+ support 64-bit"
232 exit 1
255 exit 1
233 fi
256 fi
234 fi
257 fi
235
258
236 # 32-bit configuration
259 # 32-bit configuration
237 if [ "$SET_ARCH" = 32 ] ; then
260 if [ "$SET_ARCH" = 32 ] ; then
238 # General 32-bit dependend settings
261 # General 32-bit dependend settings
239 QEMU_BINARY=${QEMU_BINARY:=/usr/bin/qemu-arm-static}
262 QEMU_BINARY=${QEMU_BINARY:=/usr/bin/qemu-arm-static}
240 KERNEL_ARCH=${KERNEL_ARCH:=arm}
263 KERNEL_ARCH=${KERNEL_ARCH:=arm}
241 KERNEL_BIN_IMAGE=${KERNEL_BIN_IMAGE:="zImage"}
264 KERNEL_BIN_IMAGE=${KERNEL_BIN_IMAGE:="zImage"}
242
265
243 # Raspberry Pi model specific settings
266 # Raspberry Pi model specific settings
244 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 1 ] || [ "$RPI_MODEL" = 1P ] ; then
267 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 1 ] || [ "$RPI_MODEL" = 1P ] ; then
245 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-armel"
268 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-armel"
246 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcmrpi_defconfig}
269 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcmrpi_defconfig}
247 RELEASE_ARCH=${RELEASE_ARCH:=armel}
270 RELEASE_ARCH=${RELEASE_ARCH:=armel}
248 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel.img}
271 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel.img}
249 CROSS_COMPILE=${CROSS_COMPILE:=arm-linux-gnueabi-}
272 CROSS_COMPILE=${CROSS_COMPILE:=arm-linux-gnueabi-}
250 fi
273 fi
251
274
252 # Raspberry Pi model specific settings
275 # Raspberry Pi model specific settings
253 if [ "$RPI_MODEL" = 2 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then
276 if [ "$RPI_MODEL" = 2 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then
254 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-armhf"
277 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-armhf"
255 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcm2709_defconfig}
278 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcm2709_defconfig}
256 RELEASE_ARCH=${RELEASE_ARCH:=armhf}
279 RELEASE_ARCH=${RELEASE_ARCH:=armhf}
257 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel7.img}
280 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel7.img}
258 CROSS_COMPILE=${CROSS_COMPILE:=arm-linux-gnueabihf-}
281 CROSS_COMPILE=${CROSS_COMPILE:=arm-linux-gnueabihf-}
259 fi
282 fi
260 fi
283 fi
261 #SET_ARCH not set
284 # SET_ARCH not set
262 else
285 else
263 echo "error: Please set '32' or '64' as value for SET_ARCH"
286 echo "error: Please set '32' or '64' as value for SET_ARCH"
264 exit 1
287 exit 1
265 fi
288 fi
266 # Device specific configuration and U-Boot configuration
289 # Device specific configuration and U-Boot configuration
267 case "$RPI_MODEL" in
290 case "$RPI_MODEL" in
268 0)
291 0)
269 DTB_FILE=${DTB_FILE:=bcm2708-rpi-0-w.dtb}
292 DTB_FILE=${DTB_FILE:=bcm2708-rpi-0-w.dtb}
270 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_defconfig}
293 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_defconfig}
271 ;;
294 ;;
272 1)
295 1)
273 DTB_FILE=${DTB_FILE:=bcm2708-rpi-b.dtb}
296 DTB_FILE=${DTB_FILE:=bcm2708-rpi-b.dtb}
274 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_defconfig}
297 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_defconfig}
275 ;;
298 ;;
276 1P)
299 1P)
277 DTB_FILE=${DTB_FILE:=bcm2708-rpi-b-plus.dtb}
300 DTB_FILE=${DTB_FILE:=bcm2708-rpi-b-plus.dtb}
278 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_defconfig}
301 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_defconfig}
279 ;;
302 ;;
280 2)
303 2)
281 DTB_FILE=${DTB_FILE:=bcm2709-rpi-2-b.dtb}
304 DTB_FILE=${DTB_FILE:=bcm2709-rpi-2-b.dtb}
282 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_2_defconfig}
305 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_2_defconfig}
283 ;;
306 ;;
284 3)
307 3)
285 DTB_FILE=${DTB_FILE:=bcm2710-rpi-3-b.dtb}
308 DTB_FILE=${DTB_FILE:=bcm2710-rpi-3-b.dtb}
286 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_3_defconfig}
309 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_3_defconfig}
287 ;;
310 ;;
288 3P)
311 3P)
289 DTB_FILE=${DTB_FILE:=bcm2710-rpi-3-b.dtb}
312 DTB_FILE=${DTB_FILE:=bcm2710-rpi-3-b.dtb}
290 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_3_defconfig}
313 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_3_defconfig}
291 ;;
314 ;;
292 *)
315 *)
293 echo "error: Raspberry Pi model $RPI_MODEL is not supported!"
316 echo "error: Raspberry Pi model $RPI_MODEL is not supported!"
294 exit 1
317 exit 1
295 ;;
318 ;;
296 esac
319 esac
297
320
298 # Raspberry PI 0,3,3P with Bluetooth and Wifi onboard
321 # Raspberry PI 0,3,3P with Bluetooth and Wifi onboard
299 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then
322 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then
300 # Include bluetooth packages on supported boards
323 # Include bluetooth packages on supported boards
301 if [ "$ENABLE_BLUETOOTH" = true ] && [ "$ENABLE_CONSOLE" = false ]; then
324 if [ "$ENABLE_BLUETOOTH" = true ] ; then
302 APT_INCLUDES="${APT_INCLUDES},bluetooth,bluez"
325 APT_INCLUDES="${APT_INCLUDES},bluetooth,bluez"
303 fi
326 fi
327 if [ "$ENABLE_WIRELESS" = true ] ; then
328 APT_INCLUDES="${APT_INCLUDES},wireless-tools,crda,wireless-regdb"
329 fi
304 else # Raspberry PI 1,1P,2 without Wifi and bluetooth onboard
330 else # Raspberry PI 1,1P,2 without Wifi and bluetooth onboard
305 # Check if the internal wireless interface is not supported by the RPi model
331 # Check if the internal wireless interface is not supported by the RPi model
306 if [ "$ENABLE_WIRELESS" = true ] || [ "$ENABLE_BLUETOOTH" = true ]; then
332 if [ "$ENABLE_WIRELESS" = true ] || [ "$ENABLE_BLUETOOTH" = true ]; then
307 echo "error: The selected Raspberry Pi model has no integrated interface for wireless or bluetooth"
333 echo "error: The selected Raspberry Pi model has no integrated interface for wireless or bluetooth"
308 exit 1
334 exit 1
309 fi
335 fi
310 fi
336 fi
311
337
338 if [ "$BUILD_KERNEL" = false ] && [ "$ENABLE_NEXMON" = true ]; then
339 echo "error: You have to compile kernel sources, if you want to enable nexmon"
340 exit 1
341 fi
342
312 # Prepare date string for default image file name
343 # Prepare date string for default image file name
313 DATE="$(date +%Y-%m-%d)"
344 DATE="$(date +%Y-%m-%d)"
314 if [ -z "$KERNEL_BRANCH" ] ; then
345 if [ -z "$KERNEL_BRANCH" ] ; then
315 IMAGE_NAME=${IMAGE_NAME:=${BASEDIR}/${DATE}-${KERNEL_ARCH}-CURRENT-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}}
346 IMAGE_NAME=${IMAGE_NAME:=${BASEDIR}/${DATE}-${KERNEL_ARCH}-CURRENT-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}}
316 else
347 else
317 IMAGE_NAME=${IMAGE_NAME:=${BASEDIR}/${DATE}-${KERNEL_ARCH}-${KERNEL_BRANCH}-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}}
348 IMAGE_NAME=${IMAGE_NAME:=${BASEDIR}/${DATE}-${KERNEL_ARCH}-${KERNEL_BRANCH}-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}}
318 fi
349 fi
319
350
320 # Check if DISABLE_UNDERVOLT_WARNINGS parameter value is supported
351 # Check if DISABLE_UNDERVOLT_WARNINGS parameter value is supported
321 if [ -n "$DISABLE_UNDERVOLT_WARNINGS" ] ; then
352 if [ -n "$DISABLE_UNDERVOLT_WARNINGS" ] ; then
322 if [ "$DISABLE_UNDERVOLT_WARNINGS" != 1 ] && [ "$DISABLE_UNDERVOLT_WARNINGS" != 2 ] ; then
353 if [ "$DISABLE_UNDERVOLT_WARNINGS" != 1 ] && [ "$DISABLE_UNDERVOLT_WARNINGS" != 2 ] ; then
323 echo "error: DISABLE_UNDERVOLT_WARNINGS=${DISABLE_UNDERVOLT_WARNINGS} is not supported"
354 echo "error: DISABLE_UNDERVOLT_WARNINGS=${DISABLE_UNDERVOLT_WARNINGS} is not supported"
324 exit 1
355 exit 1
325 fi
356 fi
326 fi
357 fi
327
358
328 # Add cmake to compile videocore sources
359 # Add cmake to compile videocore sources
329 if [ "$ENABLE_VIDEOCORE" = true ] ; then
360 if [ "$ENABLE_VIDEOCORE" = true ] ; then
330 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} cmake"
361 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} cmake"
331 fi
362 fi
332
363
364 # Add deps for nexmon
365 if [ "$ENABLE_NEXMON" = true ] ; then
366 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} libgmp3-dev gawk qpdf bison flex make autoconf automake build-essential libtool"
367 fi
368
333 # Add libncurses5 to enable kernel menuconfig
369 # Add libncurses5 to enable kernel menuconfig
334 if [ "$KERNEL_MENUCONFIG" = true ] ; then
370 if [ "$KERNEL_MENUCONFIG" = true ] ; then
335 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} libncurses-dev"
371 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} libncurses-dev"
336 fi
372 fi
337
373
338 # Add ccache compiler cache for (faster) kernel cross (re)compilation
374 # Add ccache compiler cache for (faster) kernel cross (re)compilation
339 if [ "$KERNEL_CCACHE" = true ] ; then
375 if [ "$KERNEL_CCACHE" = true ] ; then
340 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} ccache"
376 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} ccache"
341 fi
377 fi
342
378
343 # Add cryptsetup package to enable filesystem encryption
379 # Add cryptsetup package to enable filesystem encryption
344 if [ "$ENABLE_CRYPTFS" = true ] && [ "$BUILD_KERNEL" = true ] ; then
380 if [ "$ENABLE_CRYPTFS" = true ] && [ "$BUILD_KERNEL" = true ] ; then
345 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} cryptsetup"
381 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} cryptsetup"
346 APT_INCLUDES="${APT_INCLUDES},cryptsetup,busybox,console-setup"
382 APT_INCLUDES="${APT_INCLUDES},cryptsetup,busybox,console-setup"
347
383
348 if [ -z "$CRYPTFS_PASSWORD" ] ; then
384 if [ -z "$CRYPTFS_PASSWORD" ] ; then
349 echo "error: no password defined (CRYPTFS_PASSWORD)!"
385 echo "error: no password defined (CRYPTFS_PASSWORD)!"
350 exit 1
386 exit 1
351 fi
387 fi
352 ENABLE_INITRAMFS=true
388 ENABLE_INITRAMFS=true
353 fi
389 fi
354
390
355 # Add initramfs generation tools
391 # Add initramfs generation tools
356 if [ "$ENABLE_INITRAMFS" = true ] && [ "$BUILD_KERNEL" = true ] ; then
392 if [ "$ENABLE_INITRAMFS" = true ] && [ "$BUILD_KERNEL" = true ] ; then
357 APT_INCLUDES="${APT_INCLUDES},initramfs-tools"
393 APT_INCLUDES="${APT_INCLUDES},initramfs-tools"
358 fi
394 fi
359
395
360 # Add device-tree-compiler required for building the U-Boot bootloader
396 # Add device-tree-compiler required for building the U-Boot bootloader
361 if [ "$ENABLE_UBOOT" = true ] ; then
397 if [ "$ENABLE_UBOOT" = true ] ; then
362 APT_INCLUDES="${APT_INCLUDES},device-tree-compiler,bison,flex,bc"
398 APT_INCLUDES="${APT_INCLUDES},device-tree-compiler,bison,flex,bc"
363 fi
399 fi
364
400
365 if [ "$ENABLE_BLUETOOTH" = true ] ; then
401 if [ "$ENABLE_BLUETOOTH" = true ] ; then
366 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then
402 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then
367 if [ "$ENABLE_CONSOLE" = false ] ; then
403 if [ "$ENABLE_CONSOLE" = false ] ; then
368 APT_INCLUDES="${APT_INCLUDES},bluetooth,bluez"
404 APT_INCLUDES="${APT_INCLUDES},bluetooth,bluez"
369 fi
405 fi
370 fi
406 fi
371 fi
407 fi
372
408
373 # Check if root SSH (v2) public key file exists
409 # Check if root SSH (v2) public key file exists
374 if [ -n "$SSH_ROOT_PUB_KEY" ] ; then
410 if [ -n "$SSH_ROOT_PUB_KEY" ] ; then
375 if [ ! -f "$SSH_ROOT_PUB_KEY" ] ; then
411 if [ ! -f "$SSH_ROOT_PUB_KEY" ] ; then
376 echo "error: '$SSH_ROOT_PUB_KEY' specified SSH public key file not found (SSH_ROOT_PUB_KEY)!"
412 echo "error: '$SSH_ROOT_PUB_KEY' specified SSH public key file not found (SSH_ROOT_PUB_KEY)!"
377 exit 1
413 exit 1
378 fi
414 fi
379 fi
415 fi
380
416
381 # Check if $USER_NAME SSH (v2) public key file exists
417 # Check if $USER_NAME SSH (v2) public key file exists
382 if [ -n "$SSH_USER_PUB_KEY" ] ; then
418 if [ -n "$SSH_USER_PUB_KEY" ] ; then
383 if [ ! -f "$SSH_USER_PUB_KEY" ] ; then
419 if [ ! -f "$SSH_USER_PUB_KEY" ] ; then
384 echo "error: '$SSH_USER_PUB_KEY' specified SSH public key file not found (SSH_USER_PUB_KEY)!"
420 echo "error: '$SSH_USER_PUB_KEY' specified SSH public key file not found (SSH_USER_PUB_KEY)!"
385 exit 1
421 exit 1
386 fi
422 fi
387 fi
423 fi
388
424
425 if [ "$ENABLE_NEXMON" = true ] && [ -n "$KERNEL_BRANCH" ] ; then
426 echo "error: Please unset KERNEL_BRANCH if using ENABLE_NEXMON"
427 exit 1
428 fi
429
389 # Check if all required packages are installed on the build system
430 # Check if all required packages are installed on the build system
390 for package in $REQUIRED_PACKAGES ; do
431 for package in $REQUIRED_PACKAGES ; do
391 if [ "$(dpkg-query -W -f='${Status}' "$package")" != "install ok installed" ] ; then
432 if [ "$(dpkg-query -W -f='${Status}' "$package")" != "install ok installed" ] ; then
392 MISSING_PACKAGES="${MISSING_PACKAGES} $package"
433 MISSING_PACKAGES="${MISSING_PACKAGES} $package"
393 fi
434 fi
394 done
435 done
395
436
396 # If there are missing packages ask confirmation for install, or exit
437 # If there are missing packages ask confirmation for install, or exit
397 if [ -n "$MISSING_PACKAGES" ] ; then
438 if [ -n "$MISSING_PACKAGES" ] ; then
398 echo "the following packages needed by this script are not installed:"
439 echo "the following packages needed by this script are not installed:"
399 echo "$MISSING_PACKAGES"
440 echo "$MISSING_PACKAGES"
400
441
401 printf "\ndo you want to install the missing packages right now? [y/n] "
442 printf "\ndo you want to install the missing packages right now? [y/n] "
402 read -r confirm
443 read -r confirm
403 [ "$confirm" != "y" ] && exit 1
444 [ "$confirm" != "y" ] && exit 1
404
445
405 # Make sure all missing required packages are installed
446 # Make sure all missing required packages are installed
406 apt-get -qq -y install `echo "${MISSING_PACKAGES}" | sed "s/ //"`
447 apt-get -qq -y install `echo "${MISSING_PACKAGES}" | sed "s/ //"`
407 fi
448 fi
408
449
409 # Check if ./bootstrap.d directory exists
450 # Check if ./bootstrap.d directory exists
410 if [ ! -d "./bootstrap.d/" ] ; then
451 if [ ! -d "./bootstrap.d/" ] ; then
411 echo "error: './bootstrap.d' required directory not found!"
452 echo "error: './bootstrap.d' required directory not found!"
412 exit 1
453 exit 1
413 fi
454 fi
414
455
415 # Check if ./files directory exists
456 # Check if ./files directory exists
416 if [ ! -d "./files/" ] ; then
457 if [ ! -d "./files/" ] ; then
417 echo "error: './files' required directory not found!"
458 echo "error: './files' required directory not found!"
418 exit 1
459 exit 1
419 fi
460 fi
420
461
421 # Check if specified KERNELSRC_DIR directory exists
462 # Check if specified KERNELSRC_DIR directory exists
422 if [ -n "$KERNELSRC_DIR" ] && [ ! -d "$KERNELSRC_DIR" ] ; then
463 if [ -n "$KERNELSRC_DIR" ] && [ ! -d "$KERNELSRC_DIR" ] ; then
423 echo "error: '${KERNELSRC_DIR}' specified directory not found (KERNELSRC_DIR)!"
464 echo "error: '${KERNELSRC_DIR}' specified directory not found (KERNELSRC_DIR)!"
424 exit 1
465 exit 1
425 fi
466 fi
426
467
427 # Check if specified UBOOTSRC_DIR directory exists
468 # Check if specified UBOOTSRC_DIR directory exists
428 if [ -n "$UBOOTSRC_DIR" ] && [ ! -d "$UBOOTSRC_DIR" ] ; then
469 if [ -n "$UBOOTSRC_DIR" ] && [ ! -d "$UBOOTSRC_DIR" ] ; then
429 echo "error: '${UBOOTSRC_DIR}' specified directory not found (UBOOTSRC_DIR)!"
470 echo "error: '${UBOOTSRC_DIR}' specified directory not found (UBOOTSRC_DIR)!"
430 exit 1
471 exit 1
431 fi
472 fi
432
473
433 # Check if specified VIDEOCORESRC_DIR directory exists
474 # Check if specified VIDEOCORESRC_DIR directory exists
434 if [ -n "$VIDEOCORESRC_DIR" ] && [ ! -d "$VIDEOCORESRC_DIR" ] ; then
475 if [ -n "$VIDEOCORESRC_DIR" ] && [ ! -d "$VIDEOCORESRC_DIR" ] ; then
435 echo "error: '${VIDEOCORESRC_DIR}' specified directory not found (VIDEOCORESRC_DIR)!"
476 echo "error: '${VIDEOCORESRC_DIR}' specified directory not found (VIDEOCORESRC_DIR)!"
436 exit 1
477 exit 1
437 fi
478 fi
438
479
439 # Check if specified FBTURBOSRC_DIR directory exists
480 # Check if specified FBTURBOSRC_DIR directory exists
440 if [ -n "$FBTURBOSRC_DIR" ] && [ ! -d "$FBTURBOSRC_DIR" ] ; then
481 if [ -n "$FBTURBOSRC_DIR" ] && [ ! -d "$FBTURBOSRC_DIR" ] ; then
441 echo "error: '${FBTURBOSRC_DIR}' specified directory not found (FBTURBOSRC_DIR)!"
482 echo "error: '${FBTURBOSRC_DIR}' specified directory not found (FBTURBOSRC_DIR)!"
442 exit 1
483 exit 1
443 fi
484 fi
444
485
486 # Check if specified NEXMONSRC_DIR directory exists
487 if [ -n "$NEXMONSRC_DIR" ] && [ ! -d "$NEXMONSRC_DIR" ] ; then
488 echo "error: '${NEXMONSRC_DIR}' specified directory not found (NEXMONSRC_DIR)!"
489 exit 1
490 fi
491
445 # Check if specified CHROOT_SCRIPTS directory exists
492 # Check if specified CHROOT_SCRIPTS directory exists
446 if [ -n "$CHROOT_SCRIPTS" ] && [ ! -d "$CHROOT_SCRIPTS" ] ; then
493 if [ -n "$CHROOT_SCRIPTS" ] && [ ! -d "$CHROOT_SCRIPTS" ] ; then
447 echo "error: ${CHROOT_SCRIPTS} specified directory not found (CHROOT_SCRIPTS)!"
494 echo "error: ${CHROOT_SCRIPTS} specified directory not found (CHROOT_SCRIPTS)!"
448 exit 1
495 exit 1
449 fi
496 fi
450
497
451 # Check if specified device mapping already exists (will be used by cryptsetup)
498 # Check if specified device mapping already exists (will be used by cryptsetup)
452 if [ -r "/dev/mapping/${CRYPTFS_MAPPING}" ] ; then
499 if [ -r "/dev/mapping/${CRYPTFS_MAPPING}" ] ; then
453 echo "error: mapping /dev/mapping/${CRYPTFS_MAPPING} already exists, not proceeding"
500 echo "error: mapping /dev/mapping/${CRYPTFS_MAPPING} already exists, not proceeding"
454 exit 1
501 exit 1
455 fi
502 fi
456
503
457 # Don't clobber an old build
504 # Don't clobber an old build
458 if [ -e "$BUILDDIR" ] ; then
505 if [ -e "$BUILDDIR" ] ; then
459 echo "error: directory ${BUILDDIR} already exists, not proceeding"
506 echo "error: directory ${BUILDDIR} already exists, not proceeding"
460 exit 1
507 exit 1
461 fi
508 fi
462
509
463 # Setup chroot directory
510 # Setup chroot directory
464 mkdir -p "${R}"
511 mkdir -p "${R}"
465
512
466 # Check if build directory has enough of free disk space >512MB
513 # Check if build directory has enough of free disk space >512MB
467 if [ "$(df --output=avail "${BUILDDIR}" | sed "1d")" -le "524288" ] ; then
514 if [ "$(df --output=avail "${BUILDDIR}" | sed "1d")" -le "524288" ] ; then
468 echo "error: ${BUILDDIR} not enough space left to generate the output image!"
515 echo "error: ${BUILDDIR} not enough space left to generate the output image!"
469 exit 1
516 exit 1
470 fi
517 fi
471
518
472 set -x
519 set -x
473
520
474 # Call "cleanup" function on various signals and errors
521 # Call "cleanup" function on various signals and errors
475 trap cleanup 0 1 2 3 6
522 trap cleanup 0 1 2 3 6
476
523
477 # Add required packages for the minbase installation
524 # Add required packages for the minbase installation
478 if [ "$ENABLE_MINBASE" = true ] ; then
525 if [ "$ENABLE_MINBASE" = true ] ; then
479 APT_INCLUDES="${APT_INCLUDES},vim-tiny,netbase,net-tools,ifupdown"
526 APT_INCLUDES="${APT_INCLUDES},vim-tiny,netbase,net-tools,ifupdown"
480 fi
527 fi
481
528
482 # Add parted package, required to get partprobe utility
529 # Add parted package, required to get partprobe utility
483 if [ "$EXPANDROOT" = true ] ; then
530 if [ "$EXPANDROOT" = true ] ; then
484 APT_INCLUDES="${APT_INCLUDES},parted"
531 APT_INCLUDES="${APT_INCLUDES},parted"
485 fi
532 fi
486
533
487 # Add dbus package, recommended if using systemd
534 # Add dbus package, recommended if using systemd
488 if [ "$ENABLE_DBUS" = true ] ; then
535 if [ "$ENABLE_DBUS" = true ] ; then
489 APT_INCLUDES="${APT_INCLUDES},dbus"
536 APT_INCLUDES="${APT_INCLUDES},dbus"
490 fi
537 fi
491
538
492 # Add iptables IPv4/IPv6 package
539 # Add iptables IPv4/IPv6 package
493 if [ "$ENABLE_IPTABLES" = true ] ; then
540 if [ "$ENABLE_IPTABLES" = true ] ; then
494 APT_INCLUDES="${APT_INCLUDES},iptables,iptables-persistent"
541 APT_INCLUDES="${APT_INCLUDES},iptables,iptables-persistent"
495 fi
542 fi
543 # Add apparmor for KERNEL_SECURITY
544 if [ "$KERNEL_SECURITY" = true ] ; then
545 APT_INCLUDES="${APT_INCLUDES},apparmor,apparmor-utils,apparmor-profiles,apparmor-profiles-extra,libapparmor-perl"
546 fi
496
547
497 # Add openssh server package
548 # Add openssh server package
498 if [ "$ENABLE_SSHD" = true ] ; then
549 if [ "$ENABLE_SSHD" = true ] ; then
499 APT_INCLUDES="${APT_INCLUDES},openssh-server"
550 APT_INCLUDES="${APT_INCLUDES},openssh-server"
500 fi
551 fi
501
552
502 # Add alsa-utils package
553 # Add alsa-utils package
503 if [ "$ENABLE_SOUND" = true ] ; then
554 if [ "$ENABLE_SOUND" = true ] ; then
504 APT_INCLUDES="${APT_INCLUDES},alsa-utils"
555 APT_INCLUDES="${APT_INCLUDES},alsa-utils"
505 fi
556 fi
506
557
507 # Add rng-tools package
558 # Add rng-tools package
508 if [ "$ENABLE_HWRANDOM" = true ] ; then
559 if [ "$ENABLE_HWRANDOM" = true ] ; then
509 APT_INCLUDES="${APT_INCLUDES},rng-tools"
560 APT_INCLUDES="${APT_INCLUDES},rng-tools"
510 fi
561 fi
511
562
512 # Add fbturbo video driver
563 # Add fbturbo video driver
513 if [ "$ENABLE_FBTURBO" = true ] ; then
564 if [ "$ENABLE_FBTURBO" = true ] ; then
514 # Enable xorg package dependencies
565 # Enable xorg package dependencies
515 ENABLE_XORG=true
566 ENABLE_XORG=true
516 fi
567 fi
517
568
518 # Add user defined window manager package
569 # Add user defined window manager package
519 if [ -n "$ENABLE_WM" ] ; then
570 if [ -n "$ENABLE_WM" ] ; then
520 APT_INCLUDES="${APT_INCLUDES},${ENABLE_WM}"
571 APT_INCLUDES="${APT_INCLUDES},${ENABLE_WM}"
521
572
522 # Enable xorg package dependencies
573 # Enable xorg package dependencies
523 ENABLE_XORG=true
574 ENABLE_XORG=true
524 fi
575 fi
525
576
526 # Add xorg package
577 # Add xorg package
527 if [ "$ENABLE_XORG" = true ] ; then
578 if [ "$ENABLE_XORG" = true ] ; then
528 APT_INCLUDES="${APT_INCLUDES},xorg,dbus-x11"
579 APT_INCLUDES="${APT_INCLUDES},xorg,dbus-x11"
529 fi
580 fi
530
581
531 # Replace selected packages with smaller clones
582 # Replace selected packages with smaller clones
532 if [ "$ENABLE_REDUCE" = true ] ; then
583 if [ "$ENABLE_REDUCE" = true ] ; then
533 # Add levee package instead of vim-tiny
584 # Add levee package instead of vim-tiny
534 if [ "$REDUCE_VIM" = true ] ; then
585 if [ "$REDUCE_VIM" = true ] ; then
535 APT_INCLUDES="$(echo ${APT_INCLUDES} | sed "s/vim-tiny/levee/")"
586 APT_INCLUDES="$(echo ${APT_INCLUDES} | sed "s/vim-tiny/levee/")"
536 fi
587 fi
537
588
538 # Add dropbear package instead of openssh-server
589 # Add dropbear package instead of openssh-server
539 if [ "$REDUCE_SSHD" = true ] ; then
590 if [ "$REDUCE_SSHD" = true ] ; then
540 APT_INCLUDES="$(echo "${APT_INCLUDES}" | sed "s/openssh-server/dropbear/")"
591 APT_INCLUDES="$(echo "${APT_INCLUDES}" | sed "s/openssh-server/dropbear/")"
541 fi
592 fi
542 fi
593 fi
543
594
544 # Configure systemd-sysv exclude to make halt/reboot/shutdown scripts available
595 # Configure systemd-sysv exclude to make halt/reboot/shutdown scripts available
545 if [ "$ENABLE_SYSVINIT" = false ] ; then
596 if [ "$ENABLE_SYSVINIT" = false ] ; then
546 APT_EXCLUDES="--exclude=${APT_EXCLUDES},init,systemd-sysv"
597 APT_EXCLUDES="--exclude=${APT_EXCLUDES},init,systemd-sysv"
547 fi
598 fi
548
599
549 # Check if kernel is getting compiled
550 if [ "$BUILD_KERNEL" = false ] ; then
551 echo "Downloading precompiled kernel"
552 echo "error: not configured"
553 exit 1;
554 # BUILD_KERNEL=true
555 else
556 echo "No precompiled kernel repositories were added"
557 fi
558
559 # Configure kernel sources if no KERNELSRC_DIR
600 # Configure kernel sources if no KERNELSRC_DIR
560 if [ "$BUILD_KERNEL" = true ] && [ -z "$KERNELSRC_DIR" ] ; then
601 if [ "$BUILD_KERNEL" = true ] && [ -z "$KERNELSRC_DIR" ] ; then
561 KERNELSRC_CONFIG=true
602 KERNELSRC_CONFIG=true
562 fi
603 fi
563
604
564 # Configure reduced kernel
605 # Configure reduced kernel
565 if [ "$KERNEL_REDUCE" = true ] ; then
606 if [ "$KERNEL_REDUCE" = true ] ; then
566 KERNELSRC_CONFIG=false
607 KERNELSRC_CONFIG=false
567 fi
608 fi
568
609
569 # Configure qemu compatible kernel
610 # Configure qemu compatible kernel
570 if [ "$ENABLE_QEMU" = true ] ; then
611 if [ "$ENABLE_QEMU" = true ] ; then
571 DTB_FILE=vexpress-v2p-ca15_a7.dtb
612 DTB_FILE=vexpress-v2p-ca15_a7.dtb
572 UBOOT_CONFIG=vexpress_ca15_tc2_defconfig
613 UBOOT_CONFIG=vexpress_ca15_tc2_defconfig
573 KERNEL_DEFCONFIG="vexpress_defconfig"
614 KERNEL_DEFCONFIG="vexpress_defconfig"
574 if [ "$KERNEL_MENUCONFIG" = false ] ; then
615 if [ "$KERNEL_MENUCONFIG" = false ] ; then
575 KERNEL_OLDDEFCONFIG=true
616 KERNEL_OLDDEFCONFIG=true
576 fi
617 fi
577 fi
618 fi
578
619
579 # Execute bootstrap scripts
620 # Execute bootstrap scripts
580 for SCRIPT in bootstrap.d/*.sh; do
621 for SCRIPT in bootstrap.d/*.sh; do
581 head -n 3 "$SCRIPT"
622 head -n 3 "$SCRIPT"
582 . "$SCRIPT"
623 . "$SCRIPT"
583 done
624 done
584
625
585 ## Execute custom bootstrap scripts
626 ## Execute custom bootstrap scripts
586 if [ -d "custom.d" ] ; then
627 if [ -d "custom.d" ] ; then
587 for SCRIPT in custom.d/*.sh; do
628 for SCRIPT in custom.d/*.sh; do
588 . "$SCRIPT"
629 . "$SCRIPT"
589 done
630 done
590 fi
631 fi
591
632
592 # Execute custom scripts inside the chroot
633 # Execute custom scripts inside the chroot
593 if [ -n "$CHROOT_SCRIPTS" ] && [ -d "$CHROOT_SCRIPTS" ] ; then
634 if [ -n "$CHROOT_SCRIPTS" ] && [ -d "$CHROOT_SCRIPTS" ] ; then
594 cp -r "${CHROOT_SCRIPTS}" "${R}/chroot_scripts"
635 cp -r "${CHROOT_SCRIPTS}" "${R}/chroot_scripts"
595 chroot_exec /bin/bash -x <<'EOF'
636 chroot_exec /bin/bash -x <<'EOF'
596 for SCRIPT in /chroot_scripts/* ; do
637 for SCRIPT in /chroot_scripts/* ; do
597 if [ -f $SCRIPT -a -x $SCRIPT ] ; then
638 if [ -f $SCRIPT -a -x $SCRIPT ] ; then
598 $SCRIPT
639 $SCRIPT
599 fi
640 fi
600 done
641 done
601 EOF
642 EOF
602 rm -rf "${R}/chroot_scripts"
643 rm -rf "${R}/chroot_scripts"
603 fi
644 fi
604
645
605 # Remove c/c++ build environment from the chroot
646 # Remove c/c++ build environment from the chroot
606 chroot_remove_cc
647 chroot_remove_cc
607
648
608 # Generate required machine-id
649 # Generate required machine-id
609 MACHINE_ID=$(dbus-uuidgen)
650 MACHINE_ID=$(dbus-uuidgen)
610 echo -n "${MACHINE_ID}" > "${R}/var/lib/dbus/machine-id"
651 echo -n "${MACHINE_ID}" > "${R}/var/lib/dbus/machine-id"
611 echo -n "${MACHINE_ID}" > "${ETC_DIR}/machine-id"
652 echo -n "${MACHINE_ID}" > "${ETC_DIR}/machine-id"
612
653
613 # APT Cleanup
654 # APT Cleanup
614 chroot_exec apt-get -y clean
655 chroot_exec apt-get -y clean
615 chroot_exec apt-get -y autoclean
656 chroot_exec apt-get -y autoclean
616 chroot_exec apt-get -y autoremove
657 chroot_exec apt-get -y autoremove
617
658
618 # Unmount mounted filesystems
659 # Unmount mounted filesystems
619 umount -l "${R}/proc"
660 umount -l "${R}/proc"
620 umount -l "${R}/sys"
661 umount -l "${R}/sys"
621
662
622 # Clean up directories
663 # Clean up directories
623 rm -rf "${R}/run/*"
664 rm -rf "${R}/run/*"
624 rm -rf "${R}/tmp/*"
665 rm -rf "${R}/tmp/*"
625
666
626 # Clean up files
667 # Clean up files
627 rm -f "${ETC_DIR}/ssh/ssh_host_*"
668 rm -f "${ETC_DIR}/ssh/ssh_host_*"
628 rm -f "${ETC_DIR}/dropbear/dropbear_*"
669 rm -f "${ETC_DIR}/dropbear/dropbear_*"
629 rm -f "${ETC_DIR}/apt/sources.list.save"
670 rm -f "${ETC_DIR}/apt/sources.list.save"
630 rm -f "${ETC_DIR}/resolvconf/resolv.conf.d/original"
671 rm -f "${ETC_DIR}/resolvconf/resolv.conf.d/original"
631 rm -f "${ETC_DIR}/*-"
672 rm -f "${ETC_DIR}/*-"
632 rm -f "${ETC_DIR}/apt/apt.conf.d/10proxy"
673 rm -f "${ETC_DIR}/apt/apt.conf.d/10proxy"
633 rm -f "${ETC_DIR}/resolv.conf"
674 rm -f "${ETC_DIR}/resolv.conf"
634 rm -f "${R}/root/.bash_history"
675 rm -f "${R}/root/.bash_history"
635 rm -f "${R}/var/lib/urandom/random-seed"
676 rm -f "${R}/var/lib/urandom/random-seed"
636 rm -f "${R}/initrd.img"
677 rm -f "${R}/initrd.img"
637 rm -f "${R}/vmlinuz"
678 rm -f "${R}/vmlinuz"
638 rm -f "${R}${QEMU_BINARY}"
679 rm -f "${R}${QEMU_BINARY}"
639
680
640 if [ "$ENABLE_QEMU" = true ] ; then
681 if [ "$ENABLE_QEMU" = true ] ; then
641 # Setup QEMU directory
682 # Setup QEMU directory
642 mkdir "${BASEDIR}/qemu"
683 mkdir "${BASEDIR}/qemu"
643
684
644 # Copy kernel image to QEMU directory
685 # Copy kernel image to QEMU directory
645 install_readonly "${BOOT_DIR}/${KERNEL_IMAGE}" "${BASEDIR}/qemu/${KERNEL_IMAGE}"
686 install_readonly "${BOOT_DIR}/${KERNEL_IMAGE}" "${BASEDIR}/qemu/${KERNEL_IMAGE}"
646
687
647 # Copy kernel config to QEMU directory
688 # Copy kernel config to QEMU directory
648 install_readonly "${R}/boot/config-${KERNEL_VERSION}" "${BASEDIR}/qemu/config-${KERNEL_VERSION}"
689 install_readonly "${R}/boot/config-${KERNEL_VERSION}" "${BASEDIR}/qemu/config-${KERNEL_VERSION}"
649
690
650 # Copy kernel dtbs to QEMU directory
691 # Copy kernel dtbs to QEMU directory
651 for dtb in "${BOOT_DIR}/"*.dtb ; do
692 for dtb in "${BOOT_DIR}/"*.dtb ; do
652 if [ -f "${dtb}" ] ; then
693 if [ -f "${dtb}" ] ; then
653 install_readonly "${dtb}" "${BASEDIR}/qemu/"
694 install_readonly "${dtb}" "${BASEDIR}/qemu/"
654 fi
695 fi
655 done
696 done
656
697
657 # Copy kernel overlays to QEMU directory
698 # Copy kernel overlays to QEMU directory
658 if [ -d "${BOOT_DIR}/overlays" ] ; then
699 if [ -d "${BOOT_DIR}/overlays" ] ; then
659 # Setup overlays dtbs directory
700 # Setup overlays dtbs directory
660 mkdir "${BASEDIR}/qemu/overlays"
701 mkdir "${BASEDIR}/qemu/overlays"
661
702
662 for dtb in "${BOOT_DIR}/overlays/"*.dtb ; do
703 for dtb in "${BOOT_DIR}/overlays/"*.dtb ; do
663 if [ -f "${dtb}" ] ; then
704 if [ -f "${dtb}" ] ; then
664 install_readonly "${dtb}" "${BASEDIR}/qemu/overlays/"
705 install_readonly "${dtb}" "${BASEDIR}/qemu/overlays/"
665 fi
706 fi
666 done
707 done
667 fi
708 fi
668
709
669 # Copy u-boot files to QEMU directory
710 # Copy u-boot files to QEMU directory
670 if [ "$ENABLE_UBOOT" = true ] ; then
711 if [ "$ENABLE_UBOOT" = true ] ; then
671 if [ -f "${BOOT_DIR}/u-boot.bin" ] ; then
712 if [ -f "${BOOT_DIR}/u-boot.bin" ] ; then
672 install_readonly "${BOOT_DIR}/u-boot.bin" "${BASEDIR}/qemu/u-boot.bin"
713 install_readonly "${BOOT_DIR}/u-boot.bin" "${BASEDIR}/qemu/u-boot.bin"
673 fi
714 fi
674 if [ -f "${BOOT_DIR}/uboot.mkimage" ] ; then
715 if [ -f "${BOOT_DIR}/uboot.mkimage" ] ; then
675 install_readonly "${BOOT_DIR}/uboot.mkimage" "${BASEDIR}/qemu/uboot.mkimage"
716 install_readonly "${BOOT_DIR}/uboot.mkimage" "${BASEDIR}/qemu/uboot.mkimage"
676 fi
717 fi
677 if [ -f "${BOOT_DIR}/boot.scr" ] ; then
718 if [ -f "${BOOT_DIR}/boot.scr" ] ; then
678 install_readonly "${BOOT_DIR}/boot.scr" "${BASEDIR}/qemu/boot.scr"
719 install_readonly "${BOOT_DIR}/boot.scr" "${BASEDIR}/qemu/boot.scr"
679 fi
720 fi
680 fi
721 fi
681
722
682 # Copy initramfs to QEMU directory
723 # Copy initramfs to QEMU directory
683 if [ -f "${BOOT_DIR}/initramfs-${KERNEL_VERSION}" ] ; then
724 if [ -f "${BOOT_DIR}/initramfs-${KERNEL_VERSION}" ] ; then
684 install_readonly "${BOOT_DIR}/initramfs-${KERNEL_VERSION}" "${BASEDIR}/qemu/initramfs-${KERNEL_VERSION}"
725 install_readonly "${BOOT_DIR}/initramfs-${KERNEL_VERSION}" "${BASEDIR}/qemu/initramfs-${KERNEL_VERSION}"
685 fi
726 fi
686 fi
727 fi
687
728
688 # Calculate size of the chroot directory in KB
729 # Calculate size of the chroot directory in KB
689 CHROOT_SIZE=$(expr "$(du -s "${R}" | awk '{ print $1 }')")
730 CHROOT_SIZE=$(expr "$(du -s "${R}" | awk '{ print $1 }')")
690
731
691 # Calculate the amount of needed 512 Byte sectors
732 # Calculate the amount of needed 512 Byte sectors
692 TABLE_SECTORS=$(expr 1 \* 1024 \* 1024 \/ 512)
733 TABLE_SECTORS=$(expr 1 \* 1024 \* 1024 \/ 512)
693 FRMW_SECTORS=$(expr 64 \* 1024 \* 1024 \/ 512)
734 FRMW_SECTORS=$(expr 64 \* 1024 \* 1024 \/ 512)
694 ROOT_OFFSET=$(expr "${TABLE_SECTORS}" + "${FRMW_SECTORS}")
735 ROOT_OFFSET=$(expr "${TABLE_SECTORS}" + "${FRMW_SECTORS}")
695
736
696 # The root partition is EXT4
737 # The root partition is EXT4
697 # This means more space than the actual used space of the chroot is used.
738 # This means more space than the actual used space of the chroot is used.
698 # As overhead for journaling and reserved blocks 35% are added.
739 # As overhead for journaling and reserved blocks 35% are added.
699 ROOT_SECTORS=$(expr "$(expr "${CHROOT_SIZE}" + "${CHROOT_SIZE}" \/ 100 \* 35)" \* 1024 \/ 512)
740 ROOT_SECTORS=$(expr "$(expr "${CHROOT_SIZE}" + "${CHROOT_SIZE}" \/ 100 \* 35)" \* 1024 \/ 512)
700
741
701 # Calculate required image size in 512 Byte sectors
742 # Calculate required image size in 512 Byte sectors
702 IMAGE_SECTORS=$(expr "${TABLE_SECTORS}" + "${FRMW_SECTORS}" + "${ROOT_SECTORS}")
743 IMAGE_SECTORS=$(expr "${TABLE_SECTORS}" + "${FRMW_SECTORS}" + "${ROOT_SECTORS}")
703
744
704 # Prepare image file
745 # Prepare image file
705 if [ "$ENABLE_SPLITFS" = true ] ; then
746 if [ "$ENABLE_SPLITFS" = true ] ; then
706 dd if=/dev/zero of="$IMAGE_NAME-frmw.img" bs=512 count="${TABLE_SECTORS}"
747 dd if=/dev/zero of="$IMAGE_NAME-frmw.img" bs=512 count="${TABLE_SECTORS}"
707 dd if=/dev/zero of="$IMAGE_NAME-frmw.img" bs=512 count=0 seek="${FRMW_SECTORS}"
748 dd if=/dev/zero of="$IMAGE_NAME-frmw.img" bs=512 count=0 seek="${FRMW_SECTORS}"
708 dd if=/dev/zero of="$IMAGE_NAME-root.img" bs=512 count="${TABLE_SECTORS}"
749 dd if=/dev/zero of="$IMAGE_NAME-root.img" bs=512 count="${TABLE_SECTORS}"
709 dd if=/dev/zero of="$IMAGE_NAME-root.img" bs=512 count=0 seek="${ROOT_SECTORS}"
750 dd if=/dev/zero of="$IMAGE_NAME-root.img" bs=512 count=0 seek="${ROOT_SECTORS}"
710
751
711 # Write firmware/boot partition tables
752 # Write firmware/boot partition tables
712 sfdisk -q -L -uS -f "$IMAGE_NAME-frmw.img" 2> /dev/null <<EOM
753 sfdisk -q -L -uS -f "$IMAGE_NAME-frmw.img" 2> /dev/null <<EOM
713 ${TABLE_SECTORS},${FRMW_SECTORS},c,*
754 ${TABLE_SECTORS},${FRMW_SECTORS},c,*
714 EOM
755 EOM
715
756
716 # Write root partition table
757 # Write root partition table
717 sfdisk -q -L -uS -f "$IMAGE_NAME-root.img" 2> /dev/null <<EOM
758 sfdisk -q -L -uS -f "$IMAGE_NAME-root.img" 2> /dev/null <<EOM
718 ${TABLE_SECTORS},${ROOT_SECTORS},83
759 ${TABLE_SECTORS},${ROOT_SECTORS},83
719 EOM
760 EOM
720
761
721 # Setup temporary loop devices
762 # Setup temporary loop devices
722 FRMW_LOOP="$(losetup -o 1M --sizelimit 64M -f --show "$IMAGE_NAME"-frmw.img)"
763 FRMW_LOOP="$(losetup -o 1M --sizelimit 64M -f --show "$IMAGE_NAME"-frmw.img)"
723 ROOT_LOOP="$(losetup -o 1M -f --show "$IMAGE_NAME"-root.img)"
764 ROOT_LOOP="$(losetup -o 1M -f --show "$IMAGE_NAME"-root.img)"
724 else # ENABLE_SPLITFS=false
765 else # ENABLE_SPLITFS=false
725 dd if=/dev/zero of="$IMAGE_NAME.img" bs=512 count="${TABLE_SECTORS}"
766 dd if=/dev/zero of="$IMAGE_NAME.img" bs=512 count="${TABLE_SECTORS}"
726 dd if=/dev/zero of="$IMAGE_NAME.img" bs=512 count=0 seek="${IMAGE_SECTORS}"
767 dd if=/dev/zero of="$IMAGE_NAME.img" bs=512 count=0 seek="${IMAGE_SECTORS}"
727
768
728 # Write partition table
769 # Write partition table
729 sfdisk -q -L -uS -f "$IMAGE_NAME.img" 2> /dev/null <<EOM
770 sfdisk -q -L -uS -f "$IMAGE_NAME.img" 2> /dev/null <<EOM
730 ${TABLE_SECTORS},${FRMW_SECTORS},c,*
771 ${TABLE_SECTORS},${FRMW_SECTORS},c,*
731 ${ROOT_OFFSET},${ROOT_SECTORS},83
772 ${ROOT_OFFSET},${ROOT_SECTORS},83
732 EOM
773 EOM
733
774
734 # Setup temporary loop devices
775 # Setup temporary loop devices
735 FRMW_LOOP="$(losetup -o 1M --sizelimit 64M -f --show "$IMAGE_NAME".img)"
776 FRMW_LOOP="$(losetup -o 1M --sizelimit 64M -f --show "$IMAGE_NAME".img)"
736 ROOT_LOOP="$(losetup -o 65M -f --show "$IMAGE_NAME".img)"
777 ROOT_LOOP="$(losetup -o 65M -f --show "$IMAGE_NAME".img)"
737 fi
778 fi
738
779
739 if [ "$ENABLE_CRYPTFS" = true ] ; then
780 if [ "$ENABLE_CRYPTFS" = true ] ; then
740 # Create dummy ext4 fs
781 # Create dummy ext4 fs
741 mkfs.ext4 "$ROOT_LOOP"
782 mkfs.ext4 "$ROOT_LOOP"
742
783
743 # Setup password keyfile
784 # Setup password keyfile
744 touch .password
785 touch .password
745 chmod 600 .password
786 chmod 600 .password
746 echo -n ${CRYPTFS_PASSWORD} > .password
787 echo -n ${CRYPTFS_PASSWORD} > .password
747
788
748 # Initialize encrypted partition
789 # Initialize encrypted partition
749 echo "YES" | cryptsetup luksFormat "${ROOT_LOOP}" -c "${CRYPTFS_CIPHER}" -s "${CRYPTFS_XTSKEYSIZE}" .password
790 echo "YES" | cryptsetup luksFormat "${ROOT_LOOP}" -c "${CRYPTFS_CIPHER}" -s "${CRYPTFS_XTSKEYSIZE}" .password
750
791
751 # Open encrypted partition and setup mapping
792 # Open encrypted partition and setup mapping
752 cryptsetup luksOpen "${ROOT_LOOP}" -d .password "${CRYPTFS_MAPPING}"
793 cryptsetup luksOpen "${ROOT_LOOP}" -d .password "${CRYPTFS_MAPPING}"
753
794
754 # Secure delete password keyfile
795 # Secure delete password keyfile
755 shred -zu .password
796 shred -zu .password
756
797
757 # Update temporary loop device
798 # Update temporary loop device
758 ROOT_LOOP="/dev/mapper/${CRYPTFS_MAPPING}"
799 ROOT_LOOP="/dev/mapper/${CRYPTFS_MAPPING}"
759
800
760 # Wipe encrypted partition (encryption cipher is used for randomness)
801 # Wipe encrypted partition (encryption cipher is used for randomness)
761 dd if=/dev/zero of="${ROOT_LOOP}" bs=512 count="$(blockdev --getsz "${ROOT_LOOP}")"
802 dd if=/dev/zero of="${ROOT_LOOP}" bs=512 count="$(blockdev --getsz "${ROOT_LOOP}")"
762 fi
803 fi
763
804
764 # Build filesystems
805 # Build filesystems
765 mkfs.vfat "$FRMW_LOOP"
806 mkfs.vfat "$FRMW_LOOP"
766 mkfs.ext4 "$ROOT_LOOP"
807 mkfs.ext4 "$ROOT_LOOP"
767
808
768 # Mount the temporary loop devices
809 # Mount the temporary loop devices
769 mkdir -p "$BUILDDIR/mount"
810 mkdir -p "$BUILDDIR/mount"
770 mount "$ROOT_LOOP" "$BUILDDIR/mount"
811 mount "$ROOT_LOOP" "$BUILDDIR/mount"
771
812
772 mkdir -p "$BUILDDIR/mount/boot/firmware"
813 mkdir -p "$BUILDDIR/mount/boot/firmware"
773 mount "$FRMW_LOOP" "$BUILDDIR/mount/boot/firmware"
814 mount "$FRMW_LOOP" "$BUILDDIR/mount/boot/firmware"
774
815
775 # Copy all files from the chroot to the loop device mount point directory
816 # Copy all files from the chroot to the loop device mount point directory
776 rsync -a "${R}/" "$BUILDDIR/mount/"
817 rsync -a "${R}/" "$BUILDDIR/mount/"
777
818
778 # Unmount all temporary loop devices and mount points
819 # Unmount all temporary loop devices and mount points
779 cleanup
820 cleanup
780
821
781 # Create block map file(s) of image(s)
822 # Create block map file(s) of image(s)
782 if [ "$ENABLE_SPLITFS" = true ] ; then
823 if [ "$ENABLE_SPLITFS" = true ] ; then
783 # Create block map files for "bmaptool"
824 # Create block map files for "bmaptool"
784 bmaptool create -o "$IMAGE_NAME-frmw.bmap" "$IMAGE_NAME-frmw.img"
825 bmaptool create -o "$IMAGE_NAME-frmw.bmap" "$IMAGE_NAME-frmw.img"
785 bmaptool create -o "$IMAGE_NAME-root.bmap" "$IMAGE_NAME-root.img"
826 bmaptool create -o "$IMAGE_NAME-root.bmap" "$IMAGE_NAME-root.img"
786
827
787 # Image was successfully created
828 # Image was successfully created
788 echo "$IMAGE_NAME-frmw.img ($(expr \( "${TABLE_SECTORS}" + "${FRMW_SECTORS}" \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
829 echo "$IMAGE_NAME-frmw.img ($(expr \( "${TABLE_SECTORS}" + "${FRMW_SECTORS}" \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
789 echo "$IMAGE_NAME-root.img ($(expr \( "${TABLE_SECTORS}" + "${ROOT_SECTORS}" \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
830 echo "$IMAGE_NAME-root.img ($(expr \( "${TABLE_SECTORS}" + "${ROOT_SECTORS}" \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
790 else
831 else
791 # Create block map file for "bmaptool"
832 # Create block map file for "bmaptool"
792 bmaptool create -o "$IMAGE_NAME.bmap" "$IMAGE_NAME.img"
833 bmaptool create -o "$IMAGE_NAME.bmap" "$IMAGE_NAME.img"
793
834
794 # Image was successfully created
835 # Image was successfully created
795 echo "$IMAGE_NAME.img ($(expr \( "${TABLE_SECTORS}" + "${FRMW_SECTORS}" + "${ROOT_SECTORS}" \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
836 echo "$IMAGE_NAME.img ($(expr \( "${TABLE_SECTORS}" + "${FRMW_SECTORS}" + "${ROOT_SECTORS}" \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
796
837
797 # Create qemu qcow2 image
838 # Create qemu qcow2 image
798 if [ "$ENABLE_QEMU" = true ] ; then
839 if [ "$ENABLE_QEMU" = true ] ; then
799 QEMU_IMAGE=${QEMU_IMAGE:=${BASEDIR}/qemu/${DATE}-${KERNEL_ARCH}-CURRENT-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}}
840 QEMU_IMAGE=${QEMU_IMAGE:=${BASEDIR}/qemu/${DATE}-${KERNEL_ARCH}-CURRENT-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}}
800 QEMU_SIZE=16G
841 QEMU_SIZE=16G
801
842
802 qemu-img convert -f raw -O qcow2 "$IMAGE_NAME".img "$QEMU_IMAGE".qcow2
843 qemu-img convert -f raw -O qcow2 "$IMAGE_NAME".img "$QEMU_IMAGE".qcow2
803 qemu-img resize "$QEMU_IMAGE".qcow2 $QEMU_SIZE
844 qemu-img resize "$QEMU_IMAGE".qcow2 $QEMU_SIZE
804
845
805 echo "$QEMU_IMAGE.qcow2 ($QEMU_SIZE)" ": successfully created"
846 echo "$QEMU_IMAGE.qcow2 ($QEMU_SIZE)" ": successfully created"
806 fi
847 fi
807 fi
848 fi
General Comments 0
Vous devez vous connecter pour laisser un commentaire. Se connecter maintenant