##// END OF EJS Templates
remerge from master
Unknown -
r478:4199c2d6c38b
parent child
Show More
@@ -0,0 +1,5
1 # Configuration template file used by rpi23-gen-image.sh
2 RPI_MODEL=0
3 RELEASE=buster
4 BUILD_KERNEL=true
5 # ENABLE_BLUETOOTH=false
@@ -0,0 +1,5
1 # Configuration template file used by rpi23-gen-image.sh
2 RPI_MODEL=0
3 RELEASE=stretch
4 BUILD_KERNEL=true
5 # ENABLE_BLUETOOTH=false
@@ -0,0 +1,4
1 # Configuration template file used by rpi23-gen-image.sh
2 RPI_MODEL=1P
3 RELEASE=buster
4 BUILD_KERNEL=true
@@ -0,0 +1,4
1 # Configuration template file used by rpi23-gen-image.sh
2 RPI_MODEL=1P
3 RELEASE=stretch
4 BUILD_KERNEL=true
@@ -0,0 +1,4
1 # Configuration template file used by rpi23-gen-image.sh
2 RPI_MODEL=3
3 RELEASE=buster
4 BUILD_KERNEL=true
@@ -0,0 +1,4
1 # Configuration template file used by rpi23-gen-image.sh
2 RPI_MODEL=2
3 RELEASE=stretch
4 BUILD_KERNEL=true
@@ -0,0 +1,6
1 # Configuration template file used by rpi23-gen-image.sh
2 RPI_MODEL=3P
3 RELEASE=buster
4 BUILD_KERNEL=true
5 # ENABLE_WIRELESS=false
6 # ENABLE_BLUETOOTH=false
@@ -0,0 +1,6
1 # Configuration template file used by rpi23-gen-image.sh
2 RPI_MODEL=3P
3 RELEASE=stretch
4 BUILD_KERNEL=true
5 # ENABLE_WIRELESS=false
6 # ENABLE_BLUETOOTH=false
@@ -1,531 +1,530
1 1 # rpi23-gen-image
2 2 ## Introduction
3 `rpi23-gen-image.sh` is an advanced Debian Linux bootstrapping shell script for generating Debian OS images for Raspberry Pi 2 (RPi2) and Raspberry Pi 3 (RPi3) computers. The script at this time supports the bootstrapping of the Debian (armhf) releases `stretch` and `buster`. Raspberry Pi 3 images are generated for 32-bit mode only. Raspberry Pi 3 64-bit images can be generated using custom configuration parameters (```templates/rpi3-stretch-arm64-4.14.y```).
3 `rpi23-gen-image.sh` is an advanced Debian Linux bootstrapping shell script for generating Debian OS images for all Raspberry Pi computers. The script at this time supports the bootstrapping of the Debian (armhf/armel) releases `stretch` and `buster`. Raspberry Pi 0/1/2/3 images are generated for 32-bit mode only. Raspberry Pi 3 supports 64-bit images that can be generated using custom configuration parameters (```templates/rpi3-stretch-arm64-4.14.y```).
4 4
5 5 ## Build dependencies
6 6 The following list of Debian packages must be installed on the build system because they are essentially required for the bootstrapping process. The script will check if all required packages are installed and missing packages will be installed automatically if confirmed by the user.
7 7
8 8 ```debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git bc psmisc dbus sudo```
9 9
10 It is recommended to configure the `rpi23-gen-image.sh` script to build and install the latest Raspberry Pi Linux kernel. For the RPi3 this is mandatory. Kernel compilation and linking will be performed on the build system using an ARM (armhf) cross-compiler toolchain.
10 It is recommended to configure the `rpi23-gen-image.sh` script to build and install the latest Raspberry Pi Linux kernel. For the Raspberry 3 this is mandatory. Kernel compilation and linking will be performed on the build system using an ARM (armhf/armel) cross-compiler toolchain.
11 11
12 The script has been tested using the default `crossbuild-essential-armhf` toolchain meta package on Debian Linux `stretch` build systems. Please check the [Debian CrossToolchains Wiki](https://wiki.debian.org/CrossToolchains) for further information.
12 The script has been tested using the default `crossbuild-essential-armhf` and `crossbuild-essential-armel` toolchain meta packages on Debian Linux `stretch` build systems. Please check the [Debian CrossToolchains Wiki](https://wiki.debian.org/CrossToolchains) for further information.
13 13
14 14 ## Command-line parameters
15 15 The script accepts certain command-line parameters to enable or disable specific OS features, services and configuration settings. These parameters are passed to the `rpi23-gen-image.sh` script via (simple) shell-variables. Unlike environment shell-variables (simple) shell-variables are defined at the beginning of the command-line call of the `rpi23-gen-image.sh` script.
16 16
17 17 ##### Command-line examples:
18 18 ```shell
19 19 ENABLE_UBOOT=true ./rpi23-gen-image.sh
20 20 ENABLE_CONSOLE=false ENABLE_IPV6=false ./rpi23-gen-image.sh
21 21 ENABLE_WM=xfce4 ENABLE_FBTURBO=true ENABLE_MINBASE=true ./rpi23-gen-image.sh
22 22 ENABLE_HARDNET=true ENABLE_IPTABLES=true /rpi23-gen-image.sh
23 23 APT_SERVER=ftp.de.debian.org APT_PROXY="http://127.0.0.1:3142/" ./rpi23-gen-image.sh
24 24 ENABLE_MINBASE=true ./rpi23-gen-image.sh
25 25 BUILD_KERNEL=true ENABLE_MINBASE=true ENABLE_IPV6=false ./rpi23-gen-image.sh
26 26 BUILD_KERNEL=true KERNELSRC_DIR=/tmp/linux ./rpi23-gen-image.sh
27 27 ENABLE_MINBASE=true ENABLE_REDUCE=true ENABLE_MINGPU=true BUILD_KERNEL=true ./rpi23-gen-image.sh
28 28 ENABLE_CRYPTFS=true CRYPTFS_PASSWORD=changeme EXPANDROOT=false ENABLE_MINBASE=true ENABLE_REDUCE=true ENABLE_MINGPU=true BUILD_KERNEL=true ./rpi23-gen-image.sh
29 29 RELEASE=stretch BUILD_KERNEL=true ./rpi23-gen-image.sh
30 30 RPI_MODEL=3 ENABLE_WIRELESS=true ENABLE_MINBASE=true BUILD_KERNEL=true ./rpi23-gen-image.sh
31 31 RELEASE=stretch RPI_MODEL=3 ENABLE_WIRELESS=true ENABLE_MINBASE=true BUILD_KERNEL=true ./rpi23-gen-image.sh
32 32 ```
33 33
34 34 ## Configuration template files
35 35 To avoid long lists of command-line parameters and to help to store the favourite parameter configurations the `rpi23-gen-image.sh` script supports so called configuration template files (`CONFIG_TEMPLATE`=template). These are simple text files located in the `./templates` directory that contain the list of configuration parameters that will be used. New configuration template files can be added to the `./templates` directory.
36 36
37 37 ##### Command-line examples:
38 38 ```shell
39 39 CONFIG_TEMPLATE=rpi3stretch ./rpi23-gen-image.sh
40 40 CONFIG_TEMPLATE=rpi2stretch ./rpi23-gen-image.sh
41 41 ```
42 42
43 43 ## Supported parameters and settings
44 44 #### APT settings:
45 45 ##### `APT_SERVER`="ftp.debian.org/debian"
46 46 Set Debian packages server address. Choose a server from the list of Debian worldwide [mirror sites](https://www.debian.org/mirror/list). Using a nearby server will probably speed-up all required downloads within the bootstrapping process.
47 47
48 48 ##### `APT_PROXY`=""
49 49 Set Proxy server address. Using a local Proxy-Cache like `apt-cacher-ng` will speed-up the bootstrapping process because all required Debian packages will only be downloaded from the Debian mirror site once. If `apt-cacher-ng` is running on default `http://127.0.0.1:3142` it is autodetected and you don't need to set this.
50 50
51 51 ##### `APT_INCLUDES`=""
52 A comma separated list of additional packages to be installed by debootstrap during bootstrapping.
52 A comma-separated list of additional packages to be installed by debootstrap during bootstrapping.
53 53
54 54 ##### `APT_INCLUDES_LATE`=""
55 A comma separated list of additional packages to be installed by apt after bootstrapping and after APT sources are set up. This is useful for packages with pre-depends, which debootstrap do not handle well.
55 A comma-separated list of additional packages to be installed by apt after bootstrapping and after APT sources are set up. This is useful for packages with pre-depends, which debootstrap do not handle well.
56 56
57 57 ---
58 58
59 59 #### General system settings:
60 60 ##### `SET_ARCH`=32
61 Set Architecture to default 32bit. If you want to to compile 64bit (RPI3 or RPI3+) set it to `64`. This option will set every needed crosscompiler or boeard specific option for a successful build.
62 If you want to change e.g. cross-compiler -> Templates always override defaults
61 Set Architecture to default 32bit. If you want to compile 64-bit (RPI3 or RPI3+) set it to `64`. This option will set every needed cross-compiler or board specific option for a successful build.
63 62
64 63 ##### `RPI_MODEL`=2
65 Specifiy the target Raspberry Pi hardware model. The script at this time supports the following Raspberry Pi models:
66 - `0` = Used for Raspberry Pi 0 and Raspberry Pi 0 W
67 - `1` = Used for Pi 1 model A and B
68 - `1P` = Used for Pi 1 model B+ and A+
69 - `2` = Used for Pi 2 model B
70 - `3` = Used for Pi 3 model B
71 - `3P` = Used for Pi 3 model B+
72 - `BUILD_KERNEL`=true will automatically be set if the Raspberry Pi model `3` or `3P` is used.
64 Specify the target Raspberry Pi hardware model. The script at this time supports the following Raspberry Pi models:
65 - `0` = Raspberry Pi 0 and Raspberry Pi 0 W
66 - `1` = Raspberry Pi 1 model A and B
67 - `1P` = Raspberry Pi 1 model B+ and A+
68 - `2` = Raspberry Pi 2 model B
69 - `3` = Raspberry Pi 3 model B
70 - `3P` = Raspberry Pi 3 model B+
73 71
74 72 ##### `RELEASE`="buster"
75 73 Set the desired Debian release name. The script at this time supports the bootstrapping of the Debian releases `stretch` and `buster`.
76 74
77 75 ##### `RELEASE_ARCH`="armhf"
78 76 Set the desired Debian release architecture.
79 77
80 78 ##### `HOSTNAME`="rpi$RPI_MODEL-$RELEASE"
81 Set system host name. It's recommended that the host name is unique in the corresponding subnet.
79 Set system hostname. It's recommended that the hostname is unique in the corresponding subnet.
82 80
83 81 ##### `PASSWORD`="raspberry"
84 82 Set system `root` password. It's **STRONGLY** recommended that you choose a custom password.
85 83
86 84 ##### `USER_PASSWORD`="raspberry"
87 85 Set password for the created non-root user `USER_NAME`=pi. Ignored if `ENABLE_USER`=false. It's **STRONGLY** recommended that you choose a custom password.
88 86
89 87 ##### `DEFLOCAL`="en_US.UTF-8"
90 88 Set default system locale. This setting can also be changed inside the running OS using the `dpkg-reconfigure locales` command. Please note that on using this parameter the script will automatically install the required packages `locales`, `keyboard-configuration` and `console-setup`.
91 89
92 90 ##### `TIMEZONE`="Europe/Berlin"
93 91 Set default system timezone. All available timezones can be found in the `/usr/share/zoneinfo/` directory. This setting can also be changed inside the running OS using the `dpkg-reconfigure tzdata` command.
94 92
95 93 ##### `EXPANDROOT`=true
96 94 Expand the root partition and filesystem automatically on first boot.
97 95
98 96 ##### `ENABLE_QEMU`=false
99 97 Generate kernel (`vexpress_defconfig`), file system image (`qcow2`) and DTB files that can be used for QEMU full system emulation (`vexpress-A15`). The output files are stored in the `$(pwd)/images/qemu` directory. You can find more information about running the generated image in the QEMU section of this readme file.
100 98
101 99 ---
102 100
103 101 #### Keyboard settings:
104 102 These options are used to configure keyboard layout in `/etc/default/keyboard` for console and Xorg. These settings can also be changed inside the running OS using the `dpkg-reconfigure keyboard-configuration` command.
105 103
106 104 ##### `XKB_MODEL`=""
107 105 Set the name of the model of your keyboard type.
108 106
109 107 ##### `XKB_LAYOUT`=""
110 108 Set the supported keyboard layout(s).
111 109
112 110 ##### `XKB_VARIANT`=""
113 111 Set the supported variant(s) of the keyboard layout(s).
114 112
115 113 ##### `XKB_OPTIONS`=""
116 114 Set extra xkb configuration options.
117 115
118 116 ---
119 117
120 118 #### Networking settings (DHCP):
121 This parameter is used to set up networking auto configuration in `/etc/systemd/network/eth.network`. The default location of network configuration files in the Debian `stretch` release was changed to `/lib/systemd/network`.`
119 This parameter is used to set up networking auto-configuration in `/etc/systemd/network/eth.network`. The default location of network configuration files in the Debian `stretch` release was changed to `/lib/systemd/network`.`
122 120
123 121 ##### `ENABLE_DHCP`=true
124 122 Set the system to use DHCP. This requires an DHCP server.
125 123
126 124 ---
127 125
128 126 #### Networking settings (static):
129 127 These parameters are used to set up a static networking configuration in `/etc/systemd/network/eth.network`. The following static networking parameters are only supported if `ENABLE_DHCP` was set to `false`. The default location of network configuration files in the Debian `stretch` release was changed to `/lib/systemd/network`.
130 128
131 129 ##### `NET_ADDRESS`=""
132 130 Set a static IPv4 or IPv6 address and its prefix, separated by "/", eg. "192.169.0.3/24".
133 131
134 132 ##### `NET_GATEWAY`=""
135 133 Set the IP address for the default gateway.
136 134
137 135 ##### `NET_DNS_1`=""
138 136 Set the IP address for the first DNS server.
139 137
140 138 ##### `NET_DNS_2`=""
141 139 Set the IP address for the second DNS server.
142 140
143 141 ##### `NET_DNS_DOMAINS`=""
144 Set the default DNS search domains to use for non fully qualified host names.
142 Set the default DNS search domains to use for non fully qualified hostnames.
145 143
146 144 ##### `NET_NTP_1`=""
147 145 Set the IP address for the first NTP server.
148 146
149 147 ##### `NET_NTP_2`=""
150 148 Set the IP address for the second NTP server.
151 149
152 150 ---
153 151
154 152 #### Basic system features:
155 153 ##### `ENABLE_CONSOLE`=true
156 154 Enable serial console interface. Recommended if no monitor or keyboard is connected to the RPi2/3. In case of problems fe. if the network (auto) configuration failed - the serial console can be used to access the system. On RPI `0` `3` `3P` the CPU speed is locked at lowest speed.
157 155
158 156 ##### `ENABLE_PRINTK`=false
159 157 Enables printing kernel messages to konsole. printk is `3 4 1 3` as in raspbian.
160 158
161 159 ##### `ENABLE_BLUETOOTH`=false
162 Enable onboard Bluetooth interface on the RPi0/3/3P. See: https://spellfoundry.com/2016/05/29/configuring-gpio-serial-port-raspbian-jessie-including-pi-3/
160 Enable onboard Bluetooth interface on the RPi0/3/3P. See: [Configuring the GPIO serial port on Raspbian jessie and stretch](https://spellfoundry.com/2016/05/29/configuring-gpio-serial-port-raspbian-jessie-including-pi-3/).
163 161
164 162 ##### `ENABLE_MINIUART_OVERLAY`=false
165 Enable Bluetooth to use this. Adds overlay to swap UART0 with UART1. Enabling (slower) Bluetooth and full speed serial console. - RPI `0` `3` `3P` have a fast `hardware UART0` (ttyAMA0) and a `mini UART1` (ttyS0)! RPI `1` `1P` `2` only have a `hardware UART0`. `UART0` is considered better, because is faster and more stable than `mini UART1`. By default the Bluetooth modem is mapped to the `hardware UART0` and `mini UART` is used for console. The `mini UART` is a problem for the serial console, because its baudrate depends on the cpu frequency, which is changing on runtime. Resulting in a volatile baudrate and thus in an unusable serial console.
163 Enable Bluetooth to use this. Adds overlay to swap UART0 with UART1. Enabling (slower) Bluetooth and full speed serial console. - RPI `0` `3` `3P` have a fast `hardware UART0` (ttyAMA0) and a `mini UART1` (ttyS0)! RPI `1` `1P` `2` only have a `hardware UART0`. `UART0` is considered better, because is faster and more stable than `mini UART1`. By default the Bluetooth modem is mapped to the `hardware UART0` and `mini UART` is used for console. The `mini UART` is a problem for the serial console, because its baudrate depends on the CPU frequency, which is changing on runtime. Resulting in a volatile baudrate and thus in an unusable serial console.
166 164
167 165 ##### `ENABLE_TURBO`=false
168 VOIDS WARRANTY! Enable Turbo mode - NO overclocking. This setting locks cpu at highest frequency. As setting ENABLE_CONSOLE=true locks RPI to lowest CPU speed, this is can be used additionally to lock cpu hat max speed. Need a good power supply and probably cooling for the Raspberry PI.
166 Enable Turbo mode. This setting locks cpu at the highest frequency. As setting ENABLE_CONSOLE=true locks RPI to lowest CPU speed, this is can be used additionally to lock cpu hat max speed. Need a good power supply and probably cooling for the Raspberry PI.
169 167
170 168 ##### `ENABLE_I2C`=false
171 Enable I2C interface on the RPi2/3. Please check the [RPi2/3 pinout diagrams](https://elinux.org/RPi_Low-level_peripherals) to connect the right GPIO pins.
169 Enable I2C interface on the RPi 0/1/2/3. Please check the [RPi 0/1/2/3 pinout diagrams](https://elinux.org/RPi_Low-level_peripherals) to connect the right GPIO pins.
172 170
173 171 ##### `ENABLE_SPI`=false
174 Enable SPI interface on the RPi2/3. Please check the [RPi2/3 pinout diagrams](https://elinux.org/RPi_Low-level_peripherals) to connect the right GPIO pins.
172 Enable SPI interface on the RPi 0/1/2/3. Please check the [RPi 0/1/2/3 pinout diagrams](https://elinux.org/RPi_Low-level_peripherals) to connect the right GPIO pins.
175 173
176 174 ##### `ENABLE_IPV6`=true
177 175 Enable IPv6 support. The network interface configuration is managed via systemd-networkd.
178 176
179 177 ##### `ENABLE_SSHD`=true
180 178 Install and enable OpenSSH service. The default configuration of the service doesn't allow `root` to login. Please use the user `pi` instead and `su -` or `sudo` to execute commands as root.
181 179
182 180 ##### `ENABLE_NONFREE`=false
183 181 Allow the installation of non-free Debian packages that do not comply with the DFSG. This is required to install closed-source firmware binary blobs.
184 182
185 183 ##### `ENABLE_WIRELESS`=false
186 184 Download and install the [closed-source firmware binary blob](https://github.com/RPi-Distro/firmware-nonfree/raw/master/brcm) that is required to run the internal wireless interface of the Raspberry Pi model `3`. This parameter is ignored if the specified `RPI_MODEL` is not `3`.
187 185
188 186 ##### `ENABLE_RSYSLOG`=true
189 187 If set to false, disable and uninstall rsyslog (so logs will be available only in journal files)
190 188
191 189 ##### `ENABLE_SOUND`=true
192 190 Enable sound hardware and install Advanced Linux Sound Architecture.
193 191
194 192 ##### `ENABLE_HWRANDOM`=true
195 Enable Hardware Random Number Generator. Strong random numbers are important for most network based communications that use encryption. It's recommended to be enabled.
193 Enable Hardware Random Number Generator. Strong random numbers are important for most network-based communications that use encryption. It's recommended to be enabled.
196 194
197 195 ##### `ENABLE_MINGPU`=false
198 196 Minimize the amount of shared memory reserved for the GPU. It doesn't seem to be possible to fully disable the GPU.
199 197
200 198 ##### `ENABLE_DBUS`=true
201 199 Install and enable D-Bus message bus. Please note that systemd should work without D-bus but it's recommended to be enabled.
202 200
203 201 ##### `ENABLE_XORG`=false
204 202 Install Xorg open-source X Window System.
205 203
206 204 ##### `ENABLE_WM`=""
207 Install a user defined window manager for the X Window System. To make sure all X related package dependencies are getting installed `ENABLE_XORG` will automatically get enabled if `ENABLE_WM` is used. The `rpi23-gen-image.sh` script has been tested with the following list of window managers: `blackbox`, `openbox`, `fluxbox`, `jwm`, `dwm`, `xfce4`, `awesome`.
205 Install a user-defined window manager for the X Window System. To make sure all X related package dependencies are getting installed `ENABLE_XORG` will automatically get enabled if `ENABLE_WM` is used. The `rpi23-gen-image.sh` script has been tested with the following list of window managers: `blackbox`, `openbox`, `fluxbox`, `jwm`, `dwm`, `xfce4`, `awesome`.
208 206
209 207 ##### `ENABLE_SYSVINIT`=false
210 208 Support for halt,init,poweroff,reboot,runlevel,shutdown,telinit commands
211 209
212 210 ---
213 211
214 212 #### Advanced system features:
215 213 ##### `ENABLE_SYSTEMDSWAP`=false
216 214 Enables [Systemd-swap service](https://github.com/Nefelim4ag/systemd-swap). Usefull if `KERNEL_ZSWAP` is enabled.
217 215
218 216 ##### `ENABLE_MINBASE`=false
219 217 Use debootstrap script variant `minbase` which only includes essential packages and apt. This will reduce the disk usage by about 65 MB.
220 218
221 219 ##### `ENABLE_REDUCE`=false
222 220 Reduce the disk space usage by deleting packages and files. See `REDUCE_*` parameters for detailed information.
223 221
224 222 ##### `ENABLE_UBOOT`=false
225 Replace the default RPi2/3 second stage bootloader (bootcode.bin) with [U-Boot bootloader](https://git.denx.de/?p=u-boot.git;a=summary). U-Boot can boot images via the network using the BOOTP/TFTP protocol.
223 Replace the default RPi 0/1/2/3 second stage bootloader (bootcode.bin) with [U-Boot bootloader](https://git.denx.de/?p=u-boot.git;a=summary). U-Boot can boot images via the network using the BOOTP/TFTP protocol.
226 224
227 225 ##### `UBOOTSRC_DIR`=""
228 226 Path to a directory (`u-boot`) of [U-Boot bootloader sources](https://git.denx.de/?p=u-boot.git;a=summary) that will be copied, configured, build and installed inside the chroot.
229 227
230 228 ##### `ENABLE_FBTURBO`=false
231 229 Install and enable the [hardware accelerated Xorg video driver](https://github.com/ssvb/xf86-video-fbturbo) `fbturbo`. Please note that this driver is currently limited to hardware accelerated window moving and scrolling.
232 230
233 231 ##### `FBTURBOSRC_DIR`=""
234 232 Path to a directory (`xf86-video-fbturbo`) of [hardware accelerated Xorg video driver sources](https://github.com/ssvb/xf86-video-fbturbo) that will be copied, configured, build and installed inside the chroot.
235 233
236 234 ##### `ENABLE_VIDEOCORE`=false
237 Install and enable the [Source code for ARM side libraries for interfacing to Raspberry Pi GPU](https://github.com/raspberrypi/userland) `vcgencmd`. Please note that this driver is currently limited to hardware accelerated window moving and scrolling.
235 Install and enable the [ARM side libraries for interfacing to Raspberry Pi GPU](https://github.com/raspberrypi/userland) `vcgencmd`. Please note that this driver is currently limited to hardware accelerated window moving and scrolling.
238 236
239 237 ##### `VIDEOCORESRC_DIR`=""
240 Path to a directory (`userland`) of [Source code for a C-based firmware patching framework for Broadcom/Cypress WiFi chips that enables you to write your own firmware patches, for example, to enable monitor mode with radiotap headers and frame injection](https://github.com/seemoo-lab/nexmon.git) that will be copied, configured, build and installed inside the chroot.
238 Path to a directory (`userland`) of [ARM side libraries for interfacing to Raspberry Pi GPU](https://github.com/raspberrypi/userland) that will be copied, configured, build and installed inside the chroot.
241 239
242 240 ##### `ENABLE_NEXMON`=false
243 241 Install and enable the [Source code for a C-based firmware patching framework for Broadcom/Cypress WiFi chips that enables you to write your own firmware patches, for example, to enable monitor mode with radiotap headers and frame injection](https://github.com/seemoo-lab/nexmon.git).
244 242
245 243 ##### `NEXMONSRC_DIR`=""
246 244 Path to a directory (`nexmon`) of [Source code for ARM side libraries for interfacing to Raspberry Pi GPU](https://github.com/raspberrypi/userland) that will be copied, configured, build and installed inside the chroot.
247 245
248 246 ##### `ENABLE_IPTABLES`=false
249 247 Enable iptables IPv4/IPv6 firewall. Simplified ruleset: Allow all outgoing connections. Block all incoming connections except to OpenSSH service.
250 248
251 249 ##### `ENABLE_USER`=true
252 Create non-root user with password `USER_PASSWORD`=raspberry. Unless overridden with `USER_NAME`=user, username will be `pi`.
250 Create non-root user with password `USER_PASSWORD`=raspberry. Unless overridden with `USER_NAME`=user, the username will be `pi`.
253 251
254 252 ##### `USER_NAME`=pi
255 253 Non-root user to create. Ignored if `ENABLE_USER`=false
256 254
257 255 ##### `ENABLE_ROOT`=false
258 256 Set root user password so root login will be enabled
259 257
260 258 ##### `ENABLE_HARDNET`=false
261 259 Enable IPv4/IPv6 network stack hardening settings.
262 260
263 261 ##### `ENABLE_SPLITFS`=false
264 262 Enable having root partition on an USB drive by creating two image files: one for the `/boot/firmware` mount point, and another for `/`.
265 263
266 264 ##### `CHROOT_SCRIPTS`=""
267 265 Path to a directory with scripts that should be run in the chroot before the image is finally built. Every executable file in this directory is run in lexicographical order.
268 266
269 267 ##### `ENABLE_INITRAMFS`=false
270 268 Create an initramfs that that will be loaded during the Linux startup process. `ENABLE_INITRAMFS` will automatically get enabled if `ENABLE_CRYPTFS`=true. This parameter will be ignored if `BUILD_KERNEL`=false.
271 269
272 270 ##### `ENABLE_IFNAMES`=true
273 271 Enable automatic assignment of predictable, stable network interface names for all local Ethernet, WLAN interfaces. This might create complex and long interface names.
274 272
275 273 ##### `DISABLE_UNDERVOLT_WARNINGS`=
276 274 Disable RPi2/3 under-voltage warnings and overlays. Setting the parameter to `1` will disable the warning overlay. Setting it to `2` will additionally allow RPi2/3 turbo mode when low-voltage is present.
277 275
278 276 ---
279 277
280 278 #### SSH settings:
281 279 ##### `SSH_ENABLE_ROOT`=false
282 Enable password root login via SSH. This may be a security risk with default password, use only in trusted environments. `ENABLE_ROOT` must be set to `true`.
280 Enable password-based root login via SSH. This may be a security risk with the default password set, use only in trusted environments. `ENABLE_ROOT` must be set to `true`.
283 281
284 282 ##### `SSH_DISABLE_PASSWORD_AUTH`=false
285 Disable password based SSH authentication. Only public key based SSH (v2) authentication will be supported.
283 Disable password-based SSH authentication. Only public key based SSH (v2) authentication will be supported.
286 284
287 285 ##### `SSH_LIMIT_USERS`=false
288 286 Limit the users that are allowed to login via SSH. Only allow user `USER_NAME`=pi and root if `SSH_ENABLE_ROOT`=true to login. This parameter will be ignored if `dropbear` SSH is used (`REDUCE_SSHD`=true).
289 287
290 288 ##### `SSH_ROOT_PUB_KEY`=""
291 289 Add SSH (v2) public key(s) from specified file to `authorized_keys` file to enable public key based SSH (v2) authentication of user `root`. The specified file can also contain multiple SSH (v2) public keys. SSH protocol version 1 is not supported. `ENABLE_ROOT` **and** `SSH_ENABLE_ROOT` must be set to `true`.
292 290
293 291 ##### `SSH_USER_PUB_KEY`=""
294 292 Add SSH (v2) public key(s) from specified file to `authorized_keys` file to enable public key based SSH (v2) authentication of user `USER_NAME`=pi. The specified file can also contain multiple SSH (v2) public keys. SSH protocol version 1 is not supported.
295 293
296 294 ---
297 295
298 296 #### Kernel compilation:
299 297 ##### `BUILD_KERNEL`=true
300 Build and install the latest RPi2/3 Linux kernel. Currently only the default RPi2/3 kernel configuration is used.
298 Build and install the latest RPi 0/1/2/3 Linux kernel. Currently only the default RPi 0/1/2/3 kernel configuration is used.
301 299
302 300 ##### `CROSS_COMPILE`="arm-linux-gnueabihf-"
303 This sets the cross compile enviornment for the compiler.
301 This sets the cross-compile environment for the compiler.
304 302
305 303 ##### `KERNEL_ARCH`="arm"
306 304 This sets the kernel architecture for the compiler.
307 305
308 306 ##### `KERNEL_IMAGE`="kernel7.img"
309 307 Name of the image file in the boot partition. If not set, `KERNEL_IMAGE` will be set to "kernel8.img" automatically if building for arm64.
310 308
311 309 ##### `KERNEL_BRANCH`=""
312 310 Name of the requested branch from the GIT location for the RPi Kernel. Default is using the current default branch from the GIT site.
313 311
314 312 ##### `QEMU_BINARY`="/usr/bin/qemu-arm-static"
315 313 Sets the QEMU enviornment for the Debian archive. If not set, `QEMU_BINARY` will be set to "/usr/bin/qemu-aarch64-static" automatically if building for arm64.
316 314
317 315 ##### `KERNEL_DEFCONFIG`="bcm2709_defconfig"
318 316 Sets the default config for kernel compiling. If not set, `KERNEL_DEFCONFIG` will be set to "bcmrpi3\_defconfig" automatically if building for arm64.
319 317
320 318 ##### `KERNEL_REDUCE`=false
321 Reduce the size of the generated kernel by removing unwanted device, network and filesystem drivers (experimental).
319 Reduce the size of the generated kernel by removing unwanted devices, network and filesystem drivers (experimental).
322 320
323 321 ##### `KERNEL_THREADS`=1
324 322 Number of parallel kernel building threads. If the parameter is left untouched the script will automatically determine the number of CPU cores to set the number of parallel threads to speed the kernel compilation.
325 323
326 324 ##### `KERNEL_HEADERS`=true
327 Install kernel headers with built kernel.
325 Install kernel headers with the built kernel.
328 326
329 327 ##### `KERNEL_MENUCONFIG`=false
330 328 Start `make menuconfig` interactive menu-driven kernel configuration. The script will continue after `make menuconfig` was terminated.
331 329
332 330 ##### `KERNEL_OLDDEFCONFIG`=false
333 331 Run `make olddefconfig` to automatically set all new kernel configuration options to their recommended default values.
334 332
335 333 ##### `KERNEL_CCACHE`=false
336 334 Compile the kernel using ccache. This speeds up kernel recompilation by caching previous compilations and detecting when the same compilation is being done again.
337 335
338 336 ##### `KERNEL_REMOVESRC`=true
339 337 Remove all kernel sources from the generated OS image after it was built and installed.
340 338
341 339 ##### `KERNELSRC_DIR`=""
342 340 Path to a directory (`linux`) of [RaspberryPi Linux kernel sources](https://github.com/raspberrypi/linux) that will be copied, configured, build and installed inside the chroot.
343 341
344 342 ##### `KERNELSRC_CLEAN`=false
345 343 Clean the existing kernel sources directory `KERNELSRC_DIR` (using `make mrproper`) after it was copied to the chroot and before the compilation of the kernel has started. This parameter will be ignored if no `KERNELSRC_DIR` was specified or if `KERNELSRC_PREBUILT`=true.
346 344
347 345 ##### `KERNELSRC_CONFIG`=true
348 346 Run `make bcm2709_defconfig` (and optional `make menuconfig`) to configure the kernel sources before building. This parameter is automatically set to `true` if no existing kernel sources directory was specified using `KERNELSRC_DIR`. This parameter is ignored if `KERNELSRC_PREBUILT`=true.
349 347
350 348 ##### `KERNELSRC_USRCONFIG`=""
351 349 Copy own config file to kernel `.config`. If `KERNEL_MENUCONFIG`=true then running after copy.
352 350
353 351 ##### `KERNELSRC_PREBUILT`=false
354 352 With this parameter set to true the script expects the existing kernel sources directory to be already successfully cross-compiled. The parameters `KERNELSRC_CLEAN`, `KERNELSRC_CONFIG`, `KERNELSRC_USRCONFIG` and `KERNEL_MENUCONFIG` are ignored and no kernel compilation tasks are performed.
355 353
356 354 ##### `RPI_FIRMWARE_DIR`=""
357 355 The directory (`firmware`) containing a local copy of the firmware from the [RaspberryPi firmware project](https://github.com/raspberrypi/firmware). Default is to download the latest firmware directly from the project.
358 356
359 357 ##### `KERNEL_DEFAULT_GOV`="ONDEMAND"
360 358 Set the default cpu governor at kernel compilation. Supported values are: PERFORMANCE POWERSAVE USERSPACE ONDEMAND CONSERVATIVE SCHEDUTIL
361 359
362 360 ##### `KERNEL_NF`=false
363 361 Enable Netfilter modules as kernel modules
364 362
365 363 ##### `KERNEL_VIRT`=false
366 364 Enable Kernel KVM support (/dev/kvm)
367 365
368 366 ##### `KERNEL_ZSWAP`=false
369 367 Enable Kernel Zswap support. Best use on high RAM load and mediocre CPU load usecases
370 368
371 369 ##### `KERNEL_BPF`=true
372 370 Allow attaching eBPF programs to a cgroup using the bpf syscall (CONFIG_BPF_SYSCALL CONFIG_CGROUP_BPF) [systemd compilations about it - File /lib/systemd/system/systemd-journald.server:36 configures an IP firewall (IPAddressDeny=all), but the local system does not support BPF/cgroup based firewalls]
373 371
374 372 ---
375 373
376 374 #### Reduce disk usage:
377 375 The following list of parameters is ignored if `ENABLE_REDUCE`=false.
378 376
379 377 ##### `REDUCE_APT`=true
380 378 Configure APT to use compressed package repository lists and no package caching files.
381 379
382 380 ##### `REDUCE_DOC`=true
383 381 Remove all doc files (harsh). Configure APT to not include doc files on future `apt-get` package installations.
384 382
385 383 ##### `REDUCE_MAN`=true
386 384 Remove all man pages and info files (harsh). Configure APT to not include man pages on future `apt-get` package installations.
387 385
388 386 ##### `REDUCE_VIM`=false
389 387 Replace `vim-tiny` package by `levee` a tiny vim clone.
390 388
391 389 ##### `REDUCE_BASH`=false
392 390 Remove `bash` package and switch to `dash` shell (experimental).
393 391
394 392 ##### `REDUCE_HWDB`=true
395 393 Remove PCI related hwdb files (experimental).
396 394
397 395 ##### `REDUCE_SSHD`=true
398 396 Replace `openssh-server` with `dropbear`.
399 397
400 398 ##### `REDUCE_LOCALE`=true
401 399 Remove all `locale` translation files.
402 400
403 401 ---
404 402
405 403 #### Encrypted root partition:
406 404 ##### `ENABLE_CRYPTFS`=false
407 405 Enable full system encryption with dm-crypt. Setup a fully LUKS encrypted root partition (aes-xts-plain64:sha512) and generate required initramfs. The /boot directory will not be encrypted. This parameter will be ignored if `BUILD_KERNEL`=false. `ENABLE_CRYPTFS` is experimental. SSH-to-initramfs is currently not supported but will be soon - feel free to help.
408 406
409 407 ##### `CRYPTFS_PASSWORD`=""
410 408 Set password of the encrypted root partition. This parameter is mandatory if `ENABLE_CRYPTFS`=true.
411 409
412 410 ##### `CRYPTFS_MAPPING`="secure"
413 411 Set name of dm-crypt managed device-mapper mapping.
414 412
415 413 ##### `CRYPTFS_CIPHER`="aes-xts-plain64:sha512"
416 414 Set cipher specification string. `aes-xts*` ciphers are strongly recommended.
417 415
418 416 ##### `CRYPTFS_XTSKEYSIZE`=512
419 417 Sets key size in bits. The argument has to be a multiple of 8.
420 418
421 419 ##### `CRYPTFS_DROPBEAR`=false
422 420 Enable Dropbear Initramfs support
423 421
424 422 ##### `CRYPTFS_DROPBEAR_PUBKEY`=""
425 423 Provide path to dropbear Public RSA-OpenSSH Key
426 424
427 425 ---
428 426
429 427 #### Build settings:
430 428 ##### `BASEDIR`=$(pwd)/images/${RELEASE}
431 429 Set a path to a working directory used by the script to generate an image.
432 430
433 431 ##### `IMAGE_NAME`=${BASEDIR}/${DATE}-${KERNEL_ARCH}-${KERNEL_BRANCH}-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}
434 432 Set a filename for the output file(s). Note: the script will create $IMAGE_NAME.img if `ENABLE_SPLITFS`=false or $IMAGE_NAME-frmw.img and $IMAGE_NAME-root.img if `ENABLE_SPLITFS`=true. Note 2: If the KERNEL_BRANCH is not set, the word "CURRENT" is used.
435 433
436 434 ## Understanding the script
437 435 The functions of this script that are required for the different stages of the bootstrapping are split up into single files located inside the `bootstrap.d` directory. During the bootstrapping every script in this directory gets executed in lexicographical order:
438 436
439 437 | Script | Description |
440 438 | --- | --- |
441 439 | `10-bootstrap.sh` | Debootstrap basic system |
442 440 | `11-apt.sh` | Setup APT repositories |
443 441 | `12-locale.sh` | Setup Locales and keyboard settings |
444 | `13-kernel.sh` | Build and install RPi2/3 Kernel |
442 | `13-kernel.sh` | Build and install RPi 0/1/2/3 Kernel |
445 443 | `14-fstab.sh` | Setup fstab and initramfs |
446 | `15-rpi-config.sh` | Setup RPi2/3 config and cmdline |
444 | `15-rpi-config.sh` | Setup RPi 0/1/2/3 config and cmdline |
447 445 | `20-networking.sh` | Setup Networking |
448 446 | `21-firewall.sh` | Setup Firewall |
449 447 | `30-security.sh` | Setup Users and Security settings |
450 448 | `31-logging.sh` | Setup Logging |
451 449 | `32-sshd.sh` | Setup SSH and public keys |
452 450 | `41-uboot.sh` | Build and Setup U-Boot |
453 451 | `42-fbturbo.sh` | Build and Setup fbturbo Xorg driver |
452 | `43-videocore.sh` | Build and Setup videocore libraries |
454 453 | `50-firstboot.sh` | First boot actions |
455 454 | `99-reduce.sh` | Reduce the disk space usage |
456 455
457 456 All the required configuration files that will be copied to the generated OS image are located inside the `files` directory. It is not recommended to modify these configuration files manually.
458 457
459 458 | Directory | Description |
460 459 | --- | --- |
461 460 | `apt` | APT management configuration files |
462 | `boot` | Boot and RPi2/3 configuration files |
461 | `boot` | Boot and RPi 0/1/2/3 configuration files |
463 462 | `dpkg` | Package Manager configuration |
464 463 | `etc` | Configuration files and rc scripts |
465 464 | `firstboot` | Scripts that get executed on first boot |
466 465 | `initramfs` | Initramfs scripts |
467 466 | `iptables` | Firewall configuration files |
468 467 | `locales` | Locales configuration |
469 468 | `modules` | Kernel Modules configuration |
470 469 | `mount` | Fstab configuration |
471 470 | `network` | Networking configuration files |
472 471 | `sysctl.d` | Swapping and Network Hardening configuration |
473 472 | `xorg` | fbturbo Xorg driver configuration |
474 473
475 474 ## Custom packages and scripts
476 475 Debian custom packages, i.e. those not in the debian repositories, can be installed by placing them in the `packages` directory. They are installed immediately after packages from the repositories are installed. Any dependencies listed in the custom packages will be downloaded automatically from the repositories. Do not list these custom packages in `APT_INCLUDES`.
477 476
478 477 Scripts in the custom.d directory will be executed after all other installation is complete but before the image is created.
479 478
480 479 ## Logging of the bootstrapping process
481 480 All information related to the bootstrapping process and the commands executed by the `rpi23-gen-image.sh` script can easily be saved into a logfile. The common shell command `script` can be used for this purpose:
482 481
483 482 ```shell
484 483 script -c 'APT_SERVER=ftp.de.debian.org ./rpi23-gen-image.sh' ./build.log
485 484 ```
486 485
487 486 ## Flashing the image file
488 After the image file was successfully created by the `rpi23-gen-image.sh` script it can be copied to the microSD card that will be used by the RPi2/3 computer. This can be performed by using the tools `bmaptool` or `dd`. Using `bmaptool` will probably speed-up the copy process because `bmaptool` copies more wisely than `dd`.
487 After the image file was successfully created by the `rpi23-gen-image.sh` script it can be copied to the microSD card that will be used by the RPi 0/1/2/3 computer. This can be performed by using the tools `bmaptool` or `dd`. Using `bmaptool` will probably speed-up the copy process because `bmaptool` copies more wisely than `dd`.
489 488
490 489 ##### Flashing examples:
491 490 ```shell
492 491 bmaptool copy ./images/buster/2017-01-23-rpi3-buster.img /dev/mmcblk0
493 492 dd bs=4M if=./images/buster/2017-01-23-rpi3-buster.img of=/dev/mmcblk0
494 493 ```
495 494 If you have set `ENABLE_SPLITFS`, copy the `-frmw` image on the microSD card, then the `-root` one on the USB drive:
496 495 ```shell
497 496 bmaptool copy ./images/buster/2017-01-23-rpi3-buster-frmw.img /dev/mmcblk0
498 497 bmaptool copy ./images/buster/2017-01-23-rpi3-buster-root.img /dev/sdc
499 498 ```
500 499
501 500 ## QEMU emulation
502 501 Start QEMU full system emulation:
503 502 ```shell
504 503 qemu-system-arm -m 2048M -M vexpress-a15 -cpu cortex-a15 -kernel kernel7.img -no-reboot -dtb vexpress-v2p-ca15_a7.dtb -sd ${IMAGE_NAME}.qcow2 -append "root=/dev/mmcblk0p2 rw rootfstype=ext4 console=tty1"
505 504 ```
506 505
507 506 Start QEMU full system emulation and output to console:
508 507 ```shell
509 508 qemu-system-arm -m 2048M -M vexpress-a15 -cpu cortex-a15 -kernel kernel7.img -no-reboot -dtb vexpress-v2p-ca15_a7.dtb -sd ${IMAGE_NAME}.qcow2 -append "root=/dev/mmcblk0p2 rw rootfstype=ext4 console=ttyAMA0,115200 init=/bin/systemd" -serial stdio
510 509 ```
511 510
512 511 Start QEMU full system emulation with SMP and output to console:
513 512 ```shell
514 513 qemu-system-arm -m 2048M -M vexpress-a15 -cpu cortex-a15 -smp cpus=2,maxcpus=2 -kernel kernel7.img -no-reboot -dtb vexpress-v2p-ca15_a7.dtb -sd ${IMAGE_NAME}.qcow2 -append "root=/dev/mmcblk0p2 rw rootfstype=ext4 console=ttyAMA0,115200 init=/bin/systemd" -serial stdio
515 514 ```
516 515
517 516 Start QEMU full system emulation with cryptfs, initramfs and output to console:
518 517 ```shell
519 518 qemu-system-arm -m 2048M -M vexpress-a15 -cpu cortex-a15 -kernel kernel7.img -no-reboot -dtb vexpress-v2p-ca15_a7.dtb -sd ${IMAGE_NAME}.qcow2 -initrd "initramfs-${KERNEL_VERSION}" -append "root=/dev/mapper/secure cryptdevice=/dev/mmcblk0p2:secure rw rootfstype=ext4 console=ttyAMA0,115200 init=/bin/systemd" -serial stdio
520 519 ```
521 520
522 521 ## External links and references
523 522 * [Debian worldwide mirror sites](https://www.debian.org/mirror/list)
524 523 * [Debian Raspberry Pi 2 Wiki](https://wiki.debian.org/RaspberryPi2)
525 524 * [Debian CrossToolchains Wiki](https://wiki.debian.org/CrossToolchains)
526 525 * [Official Raspberry Pi Firmware on github](https://github.com/raspberrypi/firmware)
527 526 * [Official Raspberry Pi Kernel on github](https://github.com/raspberrypi/linux)
528 527 * [U-BOOT git repository](https://git.denx.de/?p=u-boot.git;a=summary)
529 528 * [Xorg DDX driver fbturbo](https://github.com/ssvb/xf86-video-fbturbo)
530 529 * [RPi3 Wireless interface firmware](https://github.com/RPi-Distro/firmware-nonfree/tree/master/brcm80211/brcm)
531 530 * [Collabora RPi2 Kernel precompiled](https://repositories.collabora.co.uk/debian/)
@@ -1,854 +1,862
1 1 #!/bin/sh
2 2 ########################################################################
3 3 # rpi23-gen-image.sh 2015-2017
4 4 #
5 # Advanced Debian "stretch" and "buster" bootstrap script for RPi2/3
5 # Advanced Debian "stretch" and "buster" bootstrap script for Raspberry Pi
6 6 #
7 7 # This program is free software; you can redistribute it and/or
8 8 # modify it under the terms of the GNU General Public License
9 9 # as published by the Free Software Foundation; either version 2
10 10 # of the License, or (at your option) any later version.
11 11 #
12 12 # Copyright (C) 2015 Jan Wagner <mail@jwagner.eu>
13 13 #
14 14 # Big thanks for patches and enhancements by 20+ github contributors!
15 15 ########################################################################
16 16
17 17 # Are we running as root?
18 18 if [ "$(id -u)" -ne "0" ] ; then
19 19 echo "error: this script must be executed with root privileges!"
20 20 exit 1
21 21 fi
22 22
23 23 # Check if ./functions.sh script exists
24 24 if [ ! -r "./functions.sh" ] ; then
25 25 echo "error: './functions.sh' required script not found!"
26 26 exit 1
27 27 fi
28 28
29 29 # Load utility functions
30 30 . ./functions.sh
31 31
32 32 # Load parameters from configuration template file
33 33 if [ -n "$CONFIG_TEMPLATE" ] ; then
34 34 use_template
35 35 fi
36 36
37 37 # Introduce settings
38 38 set -e
39 echo -n -e "\n#\n# RPi2/3 Bootstrap Settings\n#\n"
39 echo -n -e "\n#\n# RPi 0/1/2/3 Bootstrap Settings\n#\n"
40 40 set -x
41 41
42 42 # Raspberry Pi model configuration
43 43 RPI_MODEL=${RPI_MODEL:=2}
44 44
45 45 # Debian release
46 46 RELEASE=${RELEASE:=buster}
47 47
48 48 # Kernel Branch
49 49 KERNEL_BRANCH=${KERNEL_BRANCH:=""}
50 50
51 51 # URLs
52 52 KERNEL_URL=${KERNEL_URL:=https://github.com/raspberrypi/linux}
53 53 FIRMWARE_URL=${FIRMWARE_URL:=https://github.com/raspberrypi/firmware/raw/master/boot}
54 54 WLAN_FIRMWARE_URL=${WLAN_FIRMWARE_URL:=https://github.com/RPi-Distro/firmware-nonfree/raw/master/brcm}
55 55 COLLABORA_URL=${COLLABORA_URL:=https://repositories.collabora.co.uk/debian}
56 56 FBTURBO_URL=${FBTURBO_URL:=https://github.com/ssvb/xf86-video-fbturbo.git}
57 57 UBOOT_URL=${UBOOT_URL:=https://git.denx.de/u-boot.git}
58 58 VIDEOCORE_URL=${VIDEOCORE_URL:=https://github.com/raspberrypi/userland}
59 59 BLUETOOTH_URL=${BLUETOOTH_URL:=https://github.com/RPi-Distro/pi-bluetooth.git}
60 60 NEXMON_URL=${NEXMON_URL:=https://github.com/seemoo-lab/nexmon.git}
61 61 SYSTEMDSWAP_URL=${SYSTEMDSWAP_URL:=https://github.com/Nefelim4ag/systemd-swap.git}
62 62
63 63 # Kernel deb packages for 32bit kernel
64 64 RPI_32_KERNEL_URL=${RPI_32_KERNEL_URL:=https://github.com/hypriot/rpi-kernel/releases/download/v4.14.34/raspberrypi-kernel_20180422-141901_armhf.deb}
65 65 RPI_32_KERNELHEADER_URL=${RPI_32_KERNELHEADER_URL:=https://github.com/hypriot/rpi-kernel/releases/download/v4.14.34/raspberrypi-kernel-headers_20180422-141901_armhf.deb}
66 66 # Kernel has KVM and zswap enabled - use if KERNEL_* parameters and precompiled kernel are used
67 67 RPI3_64_BIS_KERNEL_URL=${RPI3_64_BIS_KERNEL_URL:=https://github.com/sakaki-/bcmrpi3-kernel-bis/releases/download/4.14.80.20181113/bcmrpi3-kernel-bis-4.14.80.20181113.tar.xz}
68 68 # Default precompiled 64bit kernel
69 69 RPI3_64_DEF_KERNEL_URL=${RPI3_64_DEF_KERNEL_URL:=https://github.com/sakaki-/bcmrpi3-kernel/releases/download/4.14.80.20181113/bcmrpi3-kernel-4.14.80.20181113.tar.xz}
70 70 # Generic
71 71 RPI3_64_KERNEL_URL=${RPI3_64_KERNEL_URL:=$RPI3_64_DEF_KERNEL_URL}
72 72
73 73 # Build directories
74 74 WORKDIR=$(pwd)
75 75 BASEDIR=${BASEDIR:=${WORKDIR}/images/${RELEASE}}
76 76 BUILDDIR="${BASEDIR}/build"
77 77
78 78 # Chroot directories
79 79 R="${BUILDDIR}/chroot"
80 80 ETC_DIR="${R}/etc"
81 81 LIB_DIR="${R}/lib"
82 82 BOOT_DIR="${R}/boot/firmware"
83 83 KERNEL_DIR="${R}/usr/src/linux"
84 84 WLAN_FIRMWARE_DIR="${LIB_DIR}/firmware/brcm"
85 85 BLUETOOTH_FIRMWARE_DIR="${ETC_DIR}/firmware/bt"
86 86
87 87 # Firmware directory: Blank if download from github
88 88 RPI_FIRMWARE_DIR=${RPI_FIRMWARE_DIR:=""}
89 89
90 90 # General settings
91 91 SET_ARCH=${SET_ARCH:=32}
92 92 HOSTNAME=${HOSTNAME:=rpi${RPI_MODEL}-${RELEASE}}
93 93 PASSWORD=${PASSWORD:=raspberry}
94 94 USER_PASSWORD=${USER_PASSWORD:=raspberry}
95 95 DEFLOCAL=${DEFLOCAL:="en_US.UTF-8"}
96 96 TIMEZONE=${TIMEZONE:="Europe/Berlin"}
97 97 EXPANDROOT=${EXPANDROOT:=true}
98 98
99 99 # Keyboard settings
100 100 XKB_MODEL=${XKB_MODEL:=""}
101 101 XKB_LAYOUT=${XKB_LAYOUT:=""}
102 102 XKB_VARIANT=${XKB_VARIANT:=""}
103 103 XKB_OPTIONS=${XKB_OPTIONS:=""}
104 104
105 105 # Network settings (DHCP)
106 106 ENABLE_DHCP=${ENABLE_DHCP:=true}
107 107
108 108 # Network settings (static)
109 109 NET_ADDRESS=${NET_ADDRESS:=""}
110 110 NET_GATEWAY=${NET_GATEWAY:=""}
111 111 NET_DNS_1=${NET_DNS_1:=""}
112 112 NET_DNS_2=${NET_DNS_2:=""}
113 113 NET_DNS_DOMAINS=${NET_DNS_DOMAINS:=""}
114 114 NET_NTP_1=${NET_NTP_1:=""}
115 115 NET_NTP_2=${NET_NTP_2:=""}
116 116
117 117 # APT settings
118 118 APT_PROXY=${APT_PROXY:=""}
119 119 APT_SERVER=${APT_SERVER:="ftp.debian.org"}
120 120
121 121 # Feature settings
122 122 ENABLE_PRINTK=${ENABLE_PRINTK:=false}
123 123 ENABLE_BLUETOOTH=${ENABLE_BLUETOOTH:=false}
124 124 ENABLE_MINIUART_OVERLAY=${ENABLE_MINIUART_OVERLAY:=false}
125 125 ENABLE_CONSOLE=${ENABLE_CONSOLE:=true}
126 126 ENABLE_I2C=${ENABLE_I2C:=false}
127 127 ENABLE_SPI=${ENABLE_SPI:=false}
128 128 ENABLE_IPV6=${ENABLE_IPV6:=true}
129 129 ENABLE_SSHD=${ENABLE_SSHD:=true}
130 130 ENABLE_NONFREE=${ENABLE_NONFREE:=false}
131 131 ENABLE_WIRELESS=${ENABLE_WIRELESS:=false}
132 132 ENABLE_SOUND=${ENABLE_SOUND:=true}
133 133 ENABLE_DBUS=${ENABLE_DBUS:=true}
134 134 ENABLE_HWRANDOM=${ENABLE_HWRANDOM:=true}
135 135 ENABLE_MINGPU=${ENABLE_MINGPU:=false}
136 136 ENABLE_XORG=${ENABLE_XORG:=false}
137 137 ENABLE_WM=${ENABLE_WM:=""}
138 138 ENABLE_RSYSLOG=${ENABLE_RSYSLOG:=true}
139 139 ENABLE_USER=${ENABLE_USER:=true}
140 140 USER_NAME=${USER_NAME:="pi"}
141 141 ENABLE_ROOT=${ENABLE_ROOT:=false}
142 142 ENABLE_QEMU=${ENABLE_QEMU:=false}
143 143 ENABLE_SYSVINIT=${ENABLE_SYSVINIT:=false}
144 144
145 145 # SSH settings
146 146 SSH_ENABLE_ROOT=${SSH_ENABLE_ROOT:=false}
147 147 SSH_DISABLE_PASSWORD_AUTH=${SSH_DISABLE_PASSWORD_AUTH:=false}
148 148 SSH_LIMIT_USERS=${SSH_LIMIT_USERS:=false}
149 149 SSH_ROOT_PUB_KEY=${SSH_ROOT_PUB_KEY:=""}
150 150 SSH_USER_PUB_KEY=${SSH_USER_PUB_KEY:=""}
151 151
152 152 # Advanced settings
153 153 ENABLE_SYSTEMDSWAP=${ENABLE_MINBASE:=false}
154 154 ENABLE_MINBASE=${ENABLE_MINBASE:=false}
155 155 ENABLE_REDUCE=${ENABLE_REDUCE:=false}
156 156 ENABLE_UBOOT=${ENABLE_UBOOT:=false}
157 157 UBOOTSRC_DIR=${UBOOTSRC_DIR:=""}
158 158 ENABLE_UBOOTUSB=${ENABLE_UBOOTUSB=false}
159 159 ENABLE_FBTURBO=${ENABLE_FBTURBO:=false}
160 160 ENABLE_VIDEOCORE=${ENABLE_VIDEOCORE:=false}
161 161 ENABLE_NEXMON=${ENABLE_NEXMON:=false}
162 162 VIDEOCORESRC_DIR=${VIDEOCORESRC_DIR:=""}
163 163 FBTURBOSRC_DIR=${FBTURBOSRC_DIR:=""}
164 164 NEXMONSRC_DIR=${NEXMONSRC_DIR:=""}
165 165 ENABLE_HARDNET=${ENABLE_HARDNET:=false}
166 166 ENABLE_IPTABLES=${ENABLE_IPTABLES:=false}
167 167 ENABLE_SPLITFS=${ENABLE_SPLITFS:=false}
168 168 ENABLE_INITRAMFS=${ENABLE_INITRAMFS:=false}
169 169 ENABLE_IFNAMES=${ENABLE_IFNAMES:=true}
170 170 DISABLE_UNDERVOLT_WARNINGS=${DISABLE_UNDERVOLT_WARNINGS:=}
171 171
172 172 # Kernel compilation settings
173 173 BUILD_KERNEL=${BUILD_KERNEL:=true}
174 174 KERNEL_REDUCE=${KERNEL_REDUCE:=false}
175 175 KERNEL_THREADS=${KERNEL_THREADS:=1}
176 176 KERNEL_HEADERS=${KERNEL_HEADERS:=true}
177 177 KERNEL_MENUCONFIG=${KERNEL_MENUCONFIG:=false}
178 178 KERNEL_REMOVESRC=${KERNEL_REMOVESRC:=true}
179 179 KERNEL_OLDDEFCONFIG=${KERNEL_OLDDEFCONFIG:=false}
180 180 KERNEL_CCACHE=${KERNEL_CCACHE:=false}
181 181 KERNEL_ZSWAP=${KERNEL_ZSWAP:=false}
182 182 KERNEL_VIRT=${KERNEL_VIRT:=false}
183 183 KERNEL_BPF=${KERNEL_BPF:=false}
184 184 KERNEL_DEFAULT_GOV=${KERNEL_DEFAULT_GOV:=POWERSAVE}
185 185
186 186 # Kernel compilation from source directory settings
187 187 KERNELSRC_DIR=${KERNELSRC_DIR:=""}
188 188 KERNELSRC_CLEAN=${KERNELSRC_CLEAN:=false}
189 189 KERNELSRC_CONFIG=${KERNELSRC_CONFIG:=true}
190 190 KERNELSRC_PREBUILT=${KERNELSRC_PREBUILT:=false}
191 191
192 192 # Reduce disk usage settings
193 193 REDUCE_APT=${REDUCE_APT:=true}
194 194 REDUCE_DOC=${REDUCE_DOC:=true}
195 195 REDUCE_MAN=${REDUCE_MAN:=true}
196 196 REDUCE_VIM=${REDUCE_VIM:=false}
197 197 REDUCE_BASH=${REDUCE_BASH:=false}
198 198 REDUCE_HWDB=${REDUCE_HWDB:=true}
199 199 REDUCE_SSHD=${REDUCE_SSHD:=true}
200 200 REDUCE_LOCALE=${REDUCE_LOCALE:=true}
201 201
202 202 # Encrypted filesystem settings
203 203 ENABLE_CRYPTFS=${ENABLE_CRYPTFS:=false}
204 204 CRYPTFS_PASSWORD=${CRYPTFS_PASSWORD:=""}
205 205 CRYPTFS_MAPPING=${CRYPTFS_MAPPING:="secure"}
206 206 CRYPTFS_CIPHER=${CRYPTFS_CIPHER:="aes-xts-plain64:sha512"}
207 207 CRYPTFS_XTSKEYSIZE=${CRYPTFS_XTSKEYSIZE:=512}
208 208 #Dropbear-initramfs supports unlocking encrypted filesystem via SSH on bootup
209 209 CRYPTFS_DROPBEAR=${CRYPTFS_DROPBEAR:=false}
210 210 #Provide your own Dropbear Public RSA-OpenSSH Key otherwise it will be generated
211 211 CRYPTFS_DROPBEAR_PUBKEY=${CRYPTFS_DROPBEAR_PUBKEY:=""}
212 212
213 213 # Chroot scripts directory
214 214 CHROOT_SCRIPTS=${CHROOT_SCRIPTS:=""}
215 215
216 216 # Packages required in the chroot build environment
217 217 APT_INCLUDES=${APT_INCLUDES:=""}
218 218 APT_INCLUDES="${APT_INCLUDES},apt-transport-https,apt-utils,ca-certificates,debian-archive-keyring,dialog,sudo,systemd,sysvinit-utils,locales,keyboard-configuration,console-setup,libnss-systemd"
219 219
220 220 #Packages to exclude from chroot build environment
221 221 APT_EXCLUDES=${APT_EXCLUDES:=""}
222 222
223 223 # Packages required for bootstrapping
224 224 REQUIRED_PACKAGES="debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git bc psmisc dbus sudo netselect-apt"
225 225 MISSING_PACKAGES=""
226 226
227 227 # Packages installed for c/c++ build environment in chroot (keep empty)
228 228 COMPILER_PACKAGES=""
229 229
230 230 #Check if apt-cacher-ng has port 3142 open and set APT_PROXY
231 231 APT_CACHER_RUNNING=$(lsof -i :3142 | cut -d ' ' -f3 | uniq | sed '/^\s*$/d')
232 232 if [ "${APT_CACHER_RUNNING}" = "apt-cacher-ng" ] ; then
233 233 APT_PROXY=http://127.0.0.1:3142/
234 234 fi
235 235
236 236 #netselect-apt does not know buster yet
237 237 if [ "$RELEASE" = "buster" ] ; then
238 238 RLS=testing
239 239 else
240 240 RLS="$RELEASE"
241 241 fi
242 242
243 243 if [ -f "$(pwd)/files/apt/sources.list" ] ; then
244 244 rm "$(pwd)/files/apt/sources.list"
245 245 fi
246 246
247 247 if [ "$ENABLE_NONFREE" = true ] ; then
248 248 netselect-apt --arch "$RELEASE_ARCH" -t 3 --sources --nonfree --outfile "$(pwd)/files/apt/sources.list" -d "$RLS"
249 249 else
250 250 netselect-apt --arch "$RELEASE_ARCH" -t 3 --sources --outfile "$(pwd)/files/apt/sources.list" -d "$RLS"
251 251 fi
252 252
253 253 #sed and cut the result string so we can use it as APT_SERVER
254 254 APT_SERVER=$(grep -m 1 http files/apt/sources.list | sed "s|http://| |g" | cut -d ' ' -f 3 | sed 's|/$|''|')
255 255
256 256 #make script easier and more stable to use with convenient setup switch. Just setup SET_ARCH and RPI_MODEL and your good to go!
257 257 if [ -n "$SET_ARCH" ] ; then
258 # 64 bit configuration
258 # 64-bit configuration
259 259 if [ "$SET_ARCH" = 64 ] ; then
260 # General 64 bit depended settings
260 # General 64-bit depended settings
261 261 QEMU_BINARY=${QEMU_BINARY:=/usr/bin/qemu-aarch64-static}
262 262 KERNEL_ARCH=${KERNEL_ARCH:=arm64}
263 263 KERNEL_BIN_IMAGE=${KERNEL_BIN_IMAGE:="Image"}
264 264
265 # Board specific settings
265 # Raspberry Pi model specific settings
266 266 if [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then
267 267 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-arm64"
268 268 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcmrpi3_defconfig}
269 269 RELEASE_ARCH=${RELEASE_ARCH:=arm64}
270 270 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel8.img}
271 271 CROSS_COMPILE=${CROSS_COMPILE:=aarch64-linux-gnu-}
272 272 else
273 echo "error: Only Raspberry PI 3 and 3B+ support 64 bit"
273 echo "error: Only Raspberry PI 3 and 3B+ support 64-bit"
274 274 exit 1
275 275 fi
276 276 fi
277 277
278 # 32 bit configuration
278 # 32-bit configuration
279 279 if [ "$SET_ARCH" = 32 ] ; then
280 # General 32 bit dependend settings
280 # General 32-bit dependend settings
281 281 QEMU_BINARY=${QEMU_BINARY:=/usr/bin/qemu-arm-static}
282 282 KERNEL_ARCH=${KERNEL_ARCH:=arm}
283 283 KERNEL_BIN_IMAGE=${KERNEL_BIN_IMAGE:="zImage"}
284 284
285 # Hardware specific settings
285 # Raspberry Pi model specific settings
286 286 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 1 ] || [ "$RPI_MODEL" = 1P ] ; then
287 287 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-armel"
288 288 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcmrpi_defconfig}
289 289 RELEASE_ARCH=${RELEASE_ARCH:=armel}
290 290 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel.img}
291 291 CROSS_COMPILE=${CROSS_COMPILE:=arm-linux-gnueabi-}
292 292 fi
293 293
294 # Hardware specific settings
294 # Raspberry Pi model specific settings
295 295 if [ "$RPI_MODEL" = 2 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then
296 296 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-armhf"
297 297 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcm2709_defconfig}
298 298 RELEASE_ARCH=${RELEASE_ARCH:=armhf}
299 299 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel7.img}
300 300 CROSS_COMPILE=${CROSS_COMPILE:=arm-linux-gnueabihf-}
301 301 fi
302 302 fi
303 303 #SET_ARCH not set
304 304 else
305 305 echo "error: Please set '32' or '64' as value for SET_ARCH"
306 306 exit 1
307 307 fi
308 308 # Device specific configuration and U-Boot configuration
309 309 case "$RPI_MODEL" in
310 310 0)
311 311 DTB_FILE=${DTB_FILE:=bcm2708-rpi-0-w.dtb}
312 312 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_defconfig}
313 313 ;;
314 314 1)
315 315 DTB_FILE=${DTB_FILE:=bcm2708-rpi-b.dtb}
316 316 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_defconfig}
317 317 ;;
318 318 1P)
319 319 DTB_FILE=${DTB_FILE:=bcm2708-rpi-b-plus.dtb}
320 320 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_defconfig}
321 321 ;;
322 322 2)
323 323 DTB_FILE=${DTB_FILE:=bcm2709-rpi-2-b.dtb}
324 324 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_2_defconfig}
325 325 ;;
326 326 3)
327 327 DTB_FILE=${DTB_FILE:=bcm2710-rpi-3-b.dtb}
328 328 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_3_defconfig}
329 329 ;;
330 330 3P)
331 331 DTB_FILE=${DTB_FILE:=bcm2710-rpi-3-b.dtb}
332 332 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_3_defconfig}
333 333 ;;
334 334 *)
335 335 echo "error: Raspberry Pi model $RPI_MODEL is not supported!"
336 336 exit 1
337 337 ;;
338 338 esac
339 339
340 340 # Raspberry PI 0,3,3P with Bluetooth and Wifi onboard
341 341 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then
342 342 # Include bluetooth packages on supported boards
343 343 if [ "$ENABLE_BLUETOOTH" = true ] && [ "$ENABLE_CONSOLE" = false ]; then
344 344 APT_INCLUDES="${APT_INCLUDES},bluetooth,bluez"
345 345 fi
346 346 else # Raspberry PI 1,1P,2 without Wifi and bluetooth onboard
347 347 # Check if the internal wireless interface is not supported by the RPi model
348 348 if [ "$ENABLE_WIRELESS" = true ] || [ "$ENABLE_BLUETOOTH" = true ]; then
349 349 echo "error: The selected Raspberry Pi model has no integrated interface for wireless or bluetooth"
350 350 exit 1
351 351 fi
352 352 fi
353 353
354 354 # Prepare date string for default image file name
355 355 DATE="$(date +%Y-%m-%d)"
356 356 if [ -z "$KERNEL_BRANCH" ] ; then
357 357 IMAGE_NAME=${IMAGE_NAME:=${BASEDIR}/${DATE}-${KERNEL_ARCH}-CURRENT-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}}
358 358 else
359 359 IMAGE_NAME=${IMAGE_NAME:=${BASEDIR}/${DATE}-${KERNEL_ARCH}-${KERNEL_BRANCH}-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}}
360 360 fi
361 361
362 362 # Check if DISABLE_UNDERVOLT_WARNINGS parameter value is supported
363 363 if [ -n "$DISABLE_UNDERVOLT_WARNINGS" ] ; then
364 364 if [ "$DISABLE_UNDERVOLT_WARNINGS" != 1 ] && [ "$DISABLE_UNDERVOLT_WARNINGS" != 2 ] ; then
365 365 echo "error: DISABLE_UNDERVOLT_WARNINGS=${DISABLE_UNDERVOLT_WARNINGS} is not supported"
366 366 exit 1
367 367 fi
368 368 fi
369 369
370 370 set +x
371 371
372 372 # Add cmake to compile videocore sources
373 373 if [ "$ENABLE_VIDEOCORE" = true ] ; then
374 374 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} cmake"
375 375 fi
376 376
377 377 # Add deps for nexmon
378 378 if [ "$ENABLE_NEXMON" = true ] ; then
379 379 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} libgmp3-dev gawk qpdf bison flex make autoconf automake build-essential libtool"
380 380 fi
381 381
382 382 # Add libncurses5 to enable kernel menuconfig
383 383 if [ "$KERNEL_MENUCONFIG" = true ] ; then
384 384 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} libncurses-dev"
385 385 fi
386 386
387 387 # Add ccache compiler cache for (faster) kernel cross (re)compilation
388 388 if [ "$KERNEL_CCACHE" = true ] ; then
389 389 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} ccache"
390 390 fi
391 391
392 392 # Add cryptsetup package to enable filesystem encryption
393 393 if [ "$ENABLE_CRYPTFS" = true ] && [ "$BUILD_KERNEL" = true ] ; then
394 394 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} cryptsetup"
395 395 APT_INCLUDES="${APT_INCLUDES},cryptsetup,busybox,console-setup"
396 396
397 397 #If cryptfs,dropbear and initramfs are enabled include dropbear-initramfs package
398 398 if [ "$CRYPTFS_DROPBEAR" = true ] && [ "$ENABLE_INITRAMFS" = true ]; then
399 399 APT_INCLUDES="${APT_INCLUDES},dropbear-initramfs"
400 400 fi
401 401
402 402 if [ -z "$CRYPTFS_PASSWORD" ] ; then
403 403 echo "error: no password defined (CRYPTFS_PASSWORD)!"
404 404 exit 1
405 405 fi
406 406 ENABLE_INITRAMFS=true
407 407 fi
408 408
409 409 # Add initramfs generation tools
410 410 if [ "$ENABLE_INITRAMFS" = true ] && [ "$BUILD_KERNEL" = true ] ; then
411 411 APT_INCLUDES="${APT_INCLUDES},initramfs-tools"
412 412 fi
413 413
414 414 # Add device-tree-compiler required for building the U-Boot bootloader
415 415 if [ "$ENABLE_UBOOT" = true ] ; then
416 416 APT_INCLUDES="${APT_INCLUDES},device-tree-compiler,bison,flex,bc"
417 417 else
418 418 if [ "$ENABLE_UBOOTUSB" = true ] ; then
419 419 echo "error: Enabling UBOOTUSB requires u-boot to be enabled"
420 420 exit 1
421 421 fi
422 422 fi
423 423
424 if [ "$ENABLE_BLUETOOTH" = true ] ; then
425 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then
426 if [ "$ENABLE_CONSOLE" = false ] ; then
427 APT_INCLUDES="${APT_INCLUDES},bluetooth,bluez"
428 fi
429 fi
430 fi
431
424 432 # Check if root SSH (v2) public key file exists
425 433 if [ -n "$SSH_ROOT_PUB_KEY" ] ; then
426 434 if [ ! -f "$SSH_ROOT_PUB_KEY" ] ; then
427 435 echo "error: '$SSH_ROOT_PUB_KEY' specified SSH public key file not found (SSH_ROOT_PUB_KEY)!"
428 436 exit 1
429 437 fi
430 438 fi
431 439
432 440 # Check if $USER_NAME SSH (v2) public key file exists
433 441 if [ -n "$SSH_USER_PUB_KEY" ] ; then
434 442 if [ ! -f "$SSH_USER_PUB_KEY" ] ; then
435 443 echo "error: '$SSH_USER_PUB_KEY' specified SSH public key file not found (SSH_USER_PUB_KEY)!"
436 444 exit 1
437 445 fi
438 446 fi
439 447
440 448 # Check if all required packages are installed on the build system
441 449 for package in $REQUIRED_PACKAGES ; do
442 450 if [ "$(dpkg-query -W -f='${Status}' "$package")" != "install ok installed" ] ; then
443 451 MISSING_PACKAGES="${MISSING_PACKAGES} $package"
444 452 fi
445 453 done
446 454
447 455 # If there are missing packages ask confirmation for install, or exit
448 456 if [ -n "$MISSING_PACKAGES" ] ; then
449 457 echo "the following packages needed by this script are not installed:"
450 458 echo "$MISSING_PACKAGES"
451 459
452 460 printf "\ndo you want to install the missing packages right now? [y/n] "
453 461 read -r confirm
454 462 [ "$confirm" != "y" ] && exit 1
455 463
456 464 # Make sure all missing required packages are installed
457 apt-get -qq -y install "${MISSING_PACKAGES}"
465 apt-get -qq -y install `echo "${MISSING_PACKAGES}" | sed "s/ //"`
458 466 fi
459 467
460 468 # Check if ./bootstrap.d directory exists
461 469 if [ ! -d "./bootstrap.d/" ] ; then
462 470 echo "error: './bootstrap.d' required directory not found!"
463 471 exit 1
464 472 fi
465 473
466 474 # Check if ./files directory exists
467 475 if [ ! -d "./files/" ] ; then
468 476 echo "error: './files' required directory not found!"
469 477 exit 1
470 478 fi
471 479
472 480 # Check if specified KERNELSRC_DIR directory exists
473 481 if [ -n "$KERNELSRC_DIR" ] && [ ! -d "$KERNELSRC_DIR" ] ; then
474 482 echo "error: '${KERNELSRC_DIR}' specified directory not found (KERNELSRC_DIR)!"
475 483 exit 1
476 484 fi
477 485
478 486 # Check if specified UBOOTSRC_DIR directory exists
479 487 if [ -n "$UBOOTSRC_DIR" ] && [ ! -d "$UBOOTSRC_DIR" ] ; then
480 488 echo "error: '${UBOOTSRC_DIR}' specified directory not found (UBOOTSRC_DIR)!"
481 489 exit 1
482 490 fi
483 491
484 492 # Check if specified VIDEOCORESRC_DIR directory exists
485 493 if [ -n "$VIDEOCORESRC_DIR" ] && [ ! -d "$VIDEOCORESRC_DIR" ] ; then
486 494 echo "error: '${VIDEOCORESRC_DIR}' specified directory not found (VIDEOCORESRC_DIR)!"
487 495 exit 1
488 496 fi
489 497
490 498 # Check if specified FBTURBOSRC_DIR directory exists
491 499 if [ -n "$FBTURBOSRC_DIR" ] && [ ! -d "$FBTURBOSRC_DIR" ] ; then
492 500 echo "error: '${FBTURBOSRC_DIR}' specified directory not found (FBTURBOSRC_DIR)!"
493 501 exit 1
494 502 fi
495 503
496 504 # Check if specified NEXMONSRC_DIR directory exists
497 505 if [ -n "$NEXMONSRC_DIR" ] && [ ! -d "$NEXMONSRC_DIR" ] ; then
498 506 echo "error: '${NEXMONSRC_DIR}' specified directory not found (NEXMONSRC_DIR)!"
499 507 exit 1
500 508 fi
501 509
502 510 # Check if specified CHROOT_SCRIPTS directory exists
503 511 if [ -n "$CHROOT_SCRIPTS" ] && [ ! -d "$CHROOT_SCRIPTS" ] ; then
504 512 echo "error: ${CHROOT_SCRIPTS} specified directory not found (CHROOT_SCRIPTS)!"
505 513 exit 1
506 514 fi
507 515
508 516 # Check if specified device mapping already exists (will be used by cryptsetup)
509 517 if [ -r "/dev/mapping/${CRYPTFS_MAPPING}" ] ; then
510 518 echo "error: mapping /dev/mapping/${CRYPTFS_MAPPING} already exists, not proceeding"
511 519 exit 1
512 520 fi
513 521
514 522 # Don't clobber an old build
515 523 if [ -e "$BUILDDIR" ] ; then
516 524 echo "error: directory ${BUILDDIR} already exists, not proceeding"
517 525 exit 1
518 526 fi
519 527
520 528 # Setup chroot directory
521 529 mkdir -p "${R}"
522 530
523 531 # Check if build directory has enough of free disk space >512MB
524 532 if [ "$(df --output=avail "${BUILDDIR}" | sed "1d")" -le "524288" ] ; then
525 533 echo "error: ${BUILDDIR} not enough space left to generate the output image!"
526 534 exit 1
527 535 fi
528 536
529 537 set -x
530 538
531 539 # Call "cleanup" function on various signals and errors
532 540 trap cleanup 0 1 2 3 6
533 541
534 542 # Add required packages for the minbase installation
535 543 if [ "$ENABLE_MINBASE" = true ] ; then
536 544 APT_INCLUDES="${APT_INCLUDES},vim-tiny,netbase,net-tools,ifupdown"
537 545 fi
538 546
539 547 # Add parted package, required to get partprobe utility
540 548 if [ "$EXPANDROOT" = true ] ; then
541 549 APT_INCLUDES="${APT_INCLUDES},parted"
542 550 fi
543 551
544 552 # Add dbus package, recommended if using systemd
545 553 if [ "$ENABLE_DBUS" = true ] ; then
546 554 APT_INCLUDES="${APT_INCLUDES},dbus"
547 555 fi
548 556
549 557 # Add iptables IPv4/IPv6 package
550 558 if [ "$ENABLE_IPTABLES" = true ] ; then
551 559 APT_INCLUDES="${APT_INCLUDES},iptables,iptables-persistent"
552 560 fi
553 561
554 562 # Add openssh server package
555 563 if [ "$ENABLE_SSHD" = true ] ; then
556 564 APT_INCLUDES="${APT_INCLUDES},openssh-server"
557 565 fi
558 566
559 567 # Add alsa-utils package
560 568 if [ "$ENABLE_SOUND" = true ] ; then
561 569 APT_INCLUDES="${APT_INCLUDES},alsa-utils"
562 570 fi
563 571
564 572 # Add rng-tools package
565 573 if [ "$ENABLE_HWRANDOM" = true ] ; then
566 574 APT_INCLUDES="${APT_INCLUDES},rng-tools"
567 575 fi
568 576
569 577 # Add fbturbo video driver
570 578 if [ "$ENABLE_FBTURBO" = true ] ; then
571 579 # Enable xorg package dependencies
572 580 ENABLE_XORG=true
573 581 fi
574 582
575 583 # Add user defined window manager package
576 584 if [ -n "$ENABLE_WM" ] ; then
577 585 APT_INCLUDES="${APT_INCLUDES},${ENABLE_WM}"
578 586
579 587 # Enable xorg package dependencies
580 588 ENABLE_XORG=true
581 589 fi
582 590
583 591 # Add xorg package
584 592 if [ "$ENABLE_XORG" = true ] ; then
585 593 APT_INCLUDES="${APT_INCLUDES},xorg,dbus-x11"
586 594 fi
587 595
588 596 # Replace selected packages with smaller clones
589 597 if [ "$ENABLE_REDUCE" = true ] ; then
590 598 # Add levee package instead of vim-tiny
591 599 if [ "$REDUCE_VIM" = true ] ; then
592 600 APT_INCLUDES="$(echo ${APT_INCLUDES} | sed "s/vim-tiny/levee/")"
593 601 fi
594 602
595 603 # Add dropbear package instead of openssh-server
596 604 if [ "$REDUCE_SSHD" = true ] ; then
597 605 APT_INCLUDES="$(echo "${APT_INCLUDES}" | sed "s/openssh-server/dropbear/")"
598 606 fi
599 607 fi
600 608
601 609 # Configure systemd-sysv exclude to make halt/reboot/shutdown scripts available
602 610 if [ "$ENABLE_SYSVINIT" = false ] ; then
603 611 APT_EXCLUDES="--exclude=${APT_EXCLUDES},init,systemd-sysv"
604 612 fi
605 613
606 614 # Configure kernel sources if no KERNELSRC_DIR
607 615 if [ "$BUILD_KERNEL" = true ] && [ -z "$KERNELSRC_DIR" ] ; then
608 616 KERNELSRC_CONFIG=true
609 617 fi
610 618
611 619 # Configure reduced kernel
612 620 if [ "$KERNEL_REDUCE" = true ] ; then
613 621 KERNELSRC_CONFIG=false
614 622 fi
615 623
616 624 # Configure qemu compatible kernel
617 625 if [ "$ENABLE_QEMU" = true ] ; then
618 626 DTB_FILE=vexpress-v2p-ca15_a7.dtb
619 627 UBOOT_CONFIG=vexpress_ca15_tc2_defconfig
620 628 KERNEL_DEFCONFIG="vexpress_defconfig"
621 629 if [ "$KERNEL_MENUCONFIG" = false ] ; then
622 630 KERNEL_OLDDEFCONFIG=true
623 631 fi
624 632 fi
625 633
626 634 # Execute bootstrap scripts
627 635 for SCRIPT in bootstrap.d/*.sh; do
628 636 head -n 3 "$SCRIPT"
629 637 . "$SCRIPT"
630 638 done
631 639
632 640 ## Execute custom bootstrap scripts
633 641 if [ -d "custom.d" ] ; then
634 642 for SCRIPT in custom.d/*.sh; do
635 643 . "$SCRIPT"
636 644 done
637 645 fi
638 646
639 647 # Execute custom scripts inside the chroot
640 648 if [ -n "$CHROOT_SCRIPTS" ] && [ -d "$CHROOT_SCRIPTS" ] ; then
641 649 cp -r "${CHROOT_SCRIPTS}" "${R}/chroot_scripts"
642 650 chroot_exec /bin/bash -x <<'EOF'
643 651 for SCRIPT in /chroot_scripts/* ; do
644 652 if [ -f $SCRIPT -a -x $SCRIPT ] ; then
645 653 $SCRIPT
646 654 fi
647 655 done
648 656 EOF
649 657 rm -rf "${R}/chroot_scripts"
650 658 fi
651 659
652 660 # Remove c/c++ build environment from the chroot
653 661 chroot_remove_cc
654 662
655 663 # Generate required machine-id
656 664 MACHINE_ID=$(dbus-uuidgen)
657 665 echo -n "${MACHINE_ID}" > "${R}/var/lib/dbus/machine-id"
658 666 echo -n "${MACHINE_ID}" > "${ETC_DIR}/machine-id"
659 667
660 668 # APT Cleanup
661 669 chroot_exec apt-get -y clean
662 670 chroot_exec apt-get -y autoclean
663 671 chroot_exec apt-get -y autoremove
664 672
665 673 # Unmount mounted filesystems
666 674 umount -l "${R}/proc"
667 675 umount -l "${R}/sys"
668 676
669 677 # Clean up directories
670 678 rm -rf "${R}/run/*"
671 679 rm -rf "${R}/tmp/*"
672 680
673 681 # Clean up files
674 682 rm -f "${ETC_DIR}/ssh/ssh_host_*"
675 683 rm -f "${ETC_DIR}/dropbear/dropbear_*"
676 684 rm -f "${ETC_DIR}/apt/sources.list.save"
677 685 rm -f "${ETC_DIR}/resolvconf/resolv.conf.d/original"
678 686 rm -f "${ETC_DIR}/*-"
679 687 rm -f "${ETC_DIR}/apt/apt.conf.d/10proxy"
680 688 rm -f "${ETC_DIR}/resolv.conf"
681 689 rm -f "${R}/root/.bash_history"
682 690 rm -f "${R}/var/lib/urandom/random-seed"
683 691 rm -f "${R}/initrd.img"
684 692 rm -f "${R}/vmlinuz"
685 693 rm -f "${R}${QEMU_BINARY}"
686 694
687 695 if [ "$ENABLE_QEMU" = true ] ; then
688 696 # Setup QEMU directory
689 697 mkdir "${BASEDIR}/qemu"
690 698
691 699 # Copy kernel image to QEMU directory
692 700 install_readonly "${BOOT_DIR}/${KERNEL_IMAGE}" "${BASEDIR}/qemu/${KERNEL_IMAGE}"
693 701
694 702 # Copy kernel config to QEMU directory
695 703 install_readonly "${R}/boot/config-${KERNEL_VERSION}" "${BASEDIR}/qemu/config-${KERNEL_VERSION}"
696 704
697 705 # Copy kernel dtbs to QEMU directory
698 706 for dtb in "${BOOT_DIR}/"*.dtb ; do
699 707 if [ -f "${dtb}" ] ; then
700 708 install_readonly "${dtb}" "${BASEDIR}/qemu/"
701 709 fi
702 710 done
703 711
704 712 # Copy kernel overlays to QEMU directory
705 713 if [ -d "${BOOT_DIR}/overlays" ] ; then
706 714 # Setup overlays dtbs directory
707 715 mkdir "${BASEDIR}/qemu/overlays"
708 716
709 717 for dtb in "${BOOT_DIR}/overlays/"*.dtb ; do
710 718 if [ -f "${dtb}" ] ; then
711 719 install_readonly "${dtb}" "${BASEDIR}/qemu/overlays/"
712 720 fi
713 721 done
714 722 fi
715 723
716 724 # Copy u-boot files to QEMU directory
717 725 if [ "$ENABLE_UBOOT" = true ] ; then
718 726 if [ -f "${BOOT_DIR}/u-boot.bin" ] ; then
719 727 install_readonly "${BOOT_DIR}/u-boot.bin" "${BASEDIR}/qemu/u-boot.bin"
720 728 fi
721 729 if [ -f "${BOOT_DIR}/uboot.mkimage" ] ; then
722 730 install_readonly "${BOOT_DIR}/uboot.mkimage" "${BASEDIR}/qemu/uboot.mkimage"
723 731 fi
724 732 if [ -f "${BOOT_DIR}/boot.scr" ] ; then
725 733 install_readonly "${BOOT_DIR}/boot.scr" "${BASEDIR}/qemu/boot.scr"
726 734 fi
727 735 fi
728 736
729 737 # Copy initramfs to QEMU directory
730 738 if [ -f "${BOOT_DIR}/initramfs-${KERNEL_VERSION}" ] ; then
731 739 install_readonly "${BOOT_DIR}/initramfs-${KERNEL_VERSION}" "${BASEDIR}/qemu/initramfs-${KERNEL_VERSION}"
732 740 fi
733 741 fi
734 742
735 743 # Calculate size of the chroot directory in KB
736 744 CHROOT_SIZE=$(expr "$(du -s "${R}" | awk '{ print $1 }')")
737 745
738 746 # Calculate the amount of needed 512 Byte sectors
739 747 TABLE_SECTORS=$(expr 1 \* 1024 \* 1024 \/ 512)
740 748 FRMW_SECTORS=$(expr 64 \* 1024 \* 1024 \/ 512)
741 749 ROOT_OFFSET=$(expr "${TABLE_SECTORS}" + "${FRMW_SECTORS}")
742 750
743 751 # The root partition is EXT4
744 752 # This means more space than the actual used space of the chroot is used.
745 753 # As overhead for journaling and reserved blocks 35% are added.
746 754 ROOT_SECTORS=$(expr "$(expr "${CHROOT_SIZE}" + "${CHROOT_SIZE}" \/ 100 \* 35)" \* 1024 \/ 512)
747 755
748 756 # Calculate required image size in 512 Byte sectors
749 757 IMAGE_SECTORS=$(expr "${TABLE_SECTORS}" + "${FRMW_SECTORS}" + "${ROOT_SECTORS}")
750 758
751 759 # Prepare image file
752 760 if [ "$ENABLE_SPLITFS" = true ] ; then
753 761 dd if=/dev/zero of="$IMAGE_NAME-frmw.img" bs=512 count="${TABLE_SECTORS}"
754 762 dd if=/dev/zero of="$IMAGE_NAME-frmw.img" bs=512 count=0 seek="${FRMW_SECTORS}"
755 763 dd if=/dev/zero of="$IMAGE_NAME-root.img" bs=512 count="${TABLE_SECTORS}"
756 764 dd if=/dev/zero of="$IMAGE_NAME-root.img" bs=512 count=0 seek="${ROOT_SECTORS}"
757 765
758 766 # Write firmware/boot partition tables
759 767 sfdisk -q -L -uS -f "$IMAGE_NAME-frmw.img" 2> /dev/null <<EOM
760 768 ${TABLE_SECTORS},${FRMW_SECTORS},c,*
761 769 EOM
762 770
763 771 # Write root partition table
764 772 sfdisk -q -L -uS -f "$IMAGE_NAME-root.img" 2> /dev/null <<EOM
765 773 ${TABLE_SECTORS},${ROOT_SECTORS},83
766 774 EOM
767 775
768 776 # Setup temporary loop devices
769 777 FRMW_LOOP="$(losetup -o 1M --sizelimit 64M -f --show "$IMAGE_NAME"-frmw.img)"
770 778 ROOT_LOOP="$(losetup -o 1M -f --show "$IMAGE_NAME"-root.img)"
771 779 else # ENABLE_SPLITFS=false
772 780 dd if=/dev/zero of="$IMAGE_NAME.img" bs=512 count="${TABLE_SECTORS}"
773 781 dd if=/dev/zero of="$IMAGE_NAME.img" bs=512 count=0 seek="${IMAGE_SECTORS}"
774 782
775 783 # Write partition table
776 784 sfdisk -q -L -uS -f "$IMAGE_NAME.img" 2> /dev/null <<EOM
777 785 ${TABLE_SECTORS},${FRMW_SECTORS},c,*
778 786 ${ROOT_OFFSET},${ROOT_SECTORS},83
779 787 EOM
780 788
781 789 # Setup temporary loop devices
782 790 FRMW_LOOP="$(losetup -o 1M --sizelimit 64M -f --show "$IMAGE_NAME".img)"
783 791 ROOT_LOOP="$(losetup -o 65M -f --show "$IMAGE_NAME".img)"
784 792 fi
785 793
786 794 if [ "$ENABLE_CRYPTFS" = true ] ; then
787 795 # Create dummy ext4 fs
788 796 mkfs.ext4 "$ROOT_LOOP"
789 797
790 798 # Setup password keyfile
791 799 touch .password
792 800 chmod 600 .password
793 801 echo -n ${CRYPTFS_PASSWORD} > .password
794 802
795 803 # Initialize encrypted partition
796 804 echo "YES" | cryptsetup luksFormat "${ROOT_LOOP}" -c "${CRYPTFS_CIPHER}" -s "${CRYPTFS_XTSKEYSIZE}" .password
797 805
798 806 # Open encrypted partition and setup mapping
799 807 cryptsetup luksOpen "${ROOT_LOOP}" -d .password "${CRYPTFS_MAPPING}"
800 808
801 809 # Secure delete password keyfile
802 810 shred -zu .password
803 811
804 812 # Update temporary loop device
805 813 ROOT_LOOP="/dev/mapper/${CRYPTFS_MAPPING}"
806 814
807 815 # Wipe encrypted partition (encryption cipher is used for randomness)
808 816 dd if=/dev/zero of="${ROOT_LOOP}" bs=512 count="$(blockdev --getsz "${ROOT_LOOP}")"
809 817 fi
810 818
811 819 # Build filesystems
812 820 mkfs.vfat "$FRMW_LOOP"
813 821 mkfs.ext4 "$ROOT_LOOP"
814 822
815 823 # Mount the temporary loop devices
816 824 mkdir -p "$BUILDDIR/mount"
817 825 mount "$ROOT_LOOP" "$BUILDDIR/mount"
818 826
819 827 mkdir -p "$BUILDDIR/mount/boot/firmware"
820 828 mount "$FRMW_LOOP" "$BUILDDIR/mount/boot/firmware"
821 829
822 830 # Copy all files from the chroot to the loop device mount point directory
823 831 rsync -a "${R}/" "$BUILDDIR/mount/"
824 832
825 833 # Unmount all temporary loop devices and mount points
826 834 cleanup
827 835
828 836 # Create block map file(s) of image(s)
829 837 if [ "$ENABLE_SPLITFS" = true ] ; then
830 838 # Create block map files for "bmaptool"
831 839 bmaptool create -o "$IMAGE_NAME-frmw.bmap" "$IMAGE_NAME-frmw.img"
832 840 bmaptool create -o "$IMAGE_NAME-root.bmap" "$IMAGE_NAME-root.img"
833 841
834 842 # Image was successfully created
835 843 echo "$IMAGE_NAME-frmw.img ($(expr \( "${TABLE_SECTORS}" + "${FRMW_SECTORS}" \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
836 844 echo "$IMAGE_NAME-root.img ($(expr \( "${TABLE_SECTORS}" + "${ROOT_SECTORS}" \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
837 845 else
838 846 # Create block map file for "bmaptool"
839 847 bmaptool create -o "$IMAGE_NAME.bmap" "$IMAGE_NAME.img"
840 848
841 849 # Image was successfully created
842 850 echo "$IMAGE_NAME.img ($(expr \( "${TABLE_SECTORS}" + "${FRMW_SECTORS}" + "${ROOT_SECTORS}" \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
843 851
844 852 # Create qemu qcow2 image
845 853 if [ "$ENABLE_QEMU" = true ] ; then
846 854 QEMU_IMAGE=${QEMU_IMAGE:=${BASEDIR}/qemu/${DATE}-${KERNEL_ARCH}-CURRENT-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}}
847 855 QEMU_SIZE=16G
848 856
849 857 qemu-img convert -f raw -O qcow2 "$IMAGE_NAME".img "$QEMU_IMAGE".qcow2
850 858 qemu-img resize "$QEMU_IMAGE".qcow2 $QEMU_SIZE
851 859
852 860 echo "$QEMU_IMAGE.qcow2 ($QEMU_SIZE)" ": successfully created"
853 861 fi
854 862 fi
@@ -1,3 +1,4
1 1 # Configuration template file used by rpi23-gen-image.sh
2 RPI_MODEL=2
2 3 RELEASE=stretch
3 4 BUILD_KERNEL=true
@@ -1,4 +1,6
1 1 # Configuration template file used by rpi23-gen-image.sh
2 2 RPI_MODEL=3
3 3 RELEASE=buster
4 4 BUILD_KERNEL=true
5 # ENABLE_WIRELESS=false
6 # ENABLE_BLUETOOTH=false
@@ -1,4 +1,6
1 1 # Configuration template file used by rpi23-gen-image.sh
2 2 RPI_MODEL=3
3 3 RELEASE=stretch
4 4 BUILD_KERNEL=true
5 # ENABLE_WIRELESS=false
6 # ENABLE_BLUETOOTH=false
General Comments 0
Vous devez vous connecter pour laisser un commentaire. Se connecter maintenant