Raspi2-3_GenImage Commit - r732:4551fcf06923 · Collaboration Tremplin des Sciences

-Enable_nonfree no longer enables non-free packages while install. now it enables non free packacges in sources.list...

Unknown -

r732:4551fcf06923

parent child

Context file:

r732:4551fcf06923

Collapse all files

files/network/eth0.network created 644 +14 0

@@ -0,0 +1,14
	1	[Match]
	2	Name=eth0
	3
	4	[Network]
	5	RouteMetric=10
	6	IPv6PrivacyExtensions=true
	7	DHCP=no
	8	Address=
	9	Gateway=
	10	DNS=
	11	DNS=
	12	Domains=
	13	NTP=
	14	NTP=

files/network/wlan0.network created 644 +14 0

@@ -0,0 +1,14
	1	[Match]
	2	Name=wlan0
	3
	4	[Network]
	5	RouteMetric=20
	6	IPv6PrivacyExtensions=true
	7	DHCP=no
	8	Address=
	9	Gateway=
	10	DNS=
	11	DNS=
	12	Domains=
	13	NTP=
	14	NTP=

templates/rpi3buster-fullconfig created 644 +188 0

@@ -0,0 +1,188
	1	############################
	2	########APT settings########
	3	############################
	4	APT_SERVER=ftp.debian.org
	5	APT_PROXY=
	6	KEEP_APT_PROXY=false
	7	APT_INCLUDES_LATE=
	8	APT_INCLUDES=
	9	############################
	10	##General system settings###
	11	############################
	12	SET_ARCH=32
	13	RPI_MODEL=3P
	14	RELEASE=buster
	15	HOSTNAME=
	16	DEFLOCAL=en_US.UTF-8
	17	TIMEZONE=Europe/Berlin
	18	EXPANDROOT=true
	19	############################
	20	#######User settings########
	21	############################
	22	ENABLE_ROOT=false
	23	ROOT_PASSWORD=raspberry
	24	ENABLE_USER=true
	25	USER_NAME=pi
	26	USER_PASSWORD=raspberry
	27	############################
	28	####Keyboard settings#######
	29	############################
	30	XKB_MODEL=
	31	XKB_LAYOUT=
	32	XKB_VARIANT=
	33	XKB_OPTIONS=
	34	############################
	35	######Network settings######
	36	############################
	37	ENABLE_IPV6=true
	38	ENABLE_WIRELESS=false
	39	ENABLE_IPTABLES=false
	40	ENABLE_HARDNET=false
	41	ENABLE_IFNAMES=true
	42	############################
	43	# Network settings (DHCP)
	44	ENABLE_ETH_DHCP=true
	45	ENABLE_WIFI_DHCP=true
	46	############################
	47	# Network settings (static)
	48	NET_ETH_ADDRESS=
	49	NET_ETH_GATEWAY=
	50	NET_ETH_DNS_1=
	51	NET_ETH_DNS_2=
	52	NET_ETH_DNS_DOMAINS=
	53	NET_ETH_NTP_1=
	54	NET_ETH_NTP_2=
	55	############################
	56	NET_WIFI_SSID=
	57	NET_WIFI_PSK=
	58	############################
	59	# Network settings (static)
	60	NET_WIFI_ADDRESS=
	61	NET_WIFI_GATEWAY=
	62	NET_WIFI_DNS_1=
	63	NET_WIFI_DNS_2=
	64	NET_WIFI_DNS_DOMAINS=
	65	NET_WIFI_NTP_1=
	66	NET_WIFI_NTP_2=
	67	############################
	68	###Basic system settings####
	69	############################
	70	ENABLE_CONSOLE=false
	71	ENABLE_PRINTK=false
	72	ENABLE_BLUETOOTH=false
	73	ENABLE_MINIUART_OVERLAY=false
	74	ENABLE_TURBO=false
	75	ENABLE_I2C=true
	76	ENABLE_SPI=true
	77	ENABLE_NONFREE=false
	78	ENABLE_RSYSLOG=false
	79	ENABLE_SOUND=false
	80	ENABLE_HWRANDOM=true
	81	ENABLE_MINGPU=false
	82	ENABLE_XORG=false
	83	ENABLE_WM=
	84	ENABLE_SYSVINIT=false
	85	ENABLE_SPLASH=true
	86	ENABLE_LOGO=true
	87	ENABLE_SILENT_BOOT=false
	88	############################
	89	#1=disable overlay,2=turbo+overlay, otherwise leave unset
	90	DISABLE_UNDERVOLT_WARNINGS=
	91	############################
	92	##Advanced system settings##
	93	############################
	94	ENABLE_DPHYSSWAP=true
	95	ENABLE_SYSTEMDSWAP=false
	96	############################
	97	ENABLE_QEMU=false
	98	QEMU_BINARY=
	99	ENABLE_KEYGEN=false
	100	ENABLE_MINBASE=false
	101	ENABLE_SPLITFS=false
	102	ENABLE_INITRAMFS=false
	103	ENABLE_DBUS=true
	104	ENABLE_USBBOOT=false
	105	############################
	106	CHROOT_SCRIPTS=
	107	############################
	108	ENABLE_UBOOT=false
	109	UBOOTSRC_DIR=
	110	############################
	111	ENABLE_FBTURBO=false
	112	FBTURBOSRC_DIR=
	113	############################
	114	ENABLE_VIDEOCORE=false
	115	VIDEOCORESRC_DIR=
	116	############################
	117	ENABLE_NEXMON=false
	118	NEXMONSRC_DIR=
	119	############################
	120	########SSH settings########
	121	############################
	122	SSH_ENABLE=true
	123	SSH_ENABLE_ROOT=false
	124	SSH_DISABLE_PASSWORD_AUTH=false
	125	SSH_LIMIT_USERS=false
	126	SSH_ROOT_PUB_KEY=
	127	SSH_USER_PUB_KEY=
	128	############################
	129	#####Kernel settings########
	130	############################
	131	BUILD_KERNEL=true
	132	CROSS_COMPILE=
	133	KERNEL_ARCH=
	134	KERNEL_IMAGE=
	135	KERNEL_BRANCH=
	136	KERNEL_DEFCONFIG=
	137
	138	KERNEL_THREADS=1
	139	KERNEL_HEADERS=true
	140	KERNEL_MENUCONFIG=false
	141	KERNEL_OLDDEFCONFIG=false
	142	KERNEL_CCACHE=false
	143	KERNEL_REMOVESRC=true
	144	KERNELSRC_DIR=
	145	KERNELSRC_CLEAN=false
	146	KERNELSRC_CONFIG=true
	147	KERNELSRC_USRCONFIG=
	148	KERNELSRC_PREBUILT=false
	149	RPI_FIRMWARE_DIR=
	150	KERNEL_DEFAULT_GOV=ondemand
	151	KERNEL_NF=false
	152	KERNEL_VIRT=false
	153	KERNEL_ZSWAP=false
	154	KERNEL_BPF=true
	155	KERNEL_SECURITY=false
	156	KERNEL_BTRFS=false
	157	KERNEL_POEHAT=false
	158	KERNEL_NSPAWN=false
	159	KERNEL_DHKEY=true
	160	############################
	161	#######Save diskspace#######
	162	############################
	163	ENABLE_REDUCE=false
	164	REDUCE_APT=true
	165	REDUCE_DOC=false
	166	REDUCE_MAN=false
	167	REDUCE_VIM=false
	168	REDUCE_BASH=false
	169	REDUCE_HWDB=false
	170	REDUCE_SSHD=false
	171	REDUCE_LOCALE=false
	172	REDUCE_KERNEL=false
	173	############################
	174	######CryptFS Settings######
	175	############################
	176	ENABLE_CRYPTFS=false
	177	CRYPTFS_PASSWORD=
	178	CRYPTFS_MAPPING=secure
	179	CRYPTFS_CIPHER=aes-xts-plain64
	180	CRYPTFS_HASH=sha256
	181	CRYPTFS_XTSKEYSIZE=256
	182	CRYPTFS_DROPBEAR=false
	183	CRYPTFS_DROPBEAR_PUBKEY=
	184	############################
	185	#######Build settings#######
	186	############################
	187	BASEDIR=
	188	IMAGE_NAME= No newline at end of file

bootstrap.d/10-bootstrap.sh +2 -1

             #
             # Debootstrap basic system
             #
             # Load utility functions
             . ./functions.sh
             VARIANT=""
             COMPONENTS="main"
             # Use non-free Debian packages if needed
-            if [ "$ENABLE_NONFREE" = true ] ; then
+            # One use variable which is only needed by wifi firmware blob => reworked to use non free in /etc/apt/sources.list - we could just use ENABLE_WIRELESS here
+            if [ "$ENABLE_WIRELESS" = true ] ; then
               COMPONENTS="main,non-free,contrib"
             fi
             # Use minbase bootstrap variant which only includes essential packages
             if [ "$ENABLE_MINBASE" = true ] ; then
               VARIANT="--variant=minbase"
             fi
             # Base debootstrap (unpack only)
             http_proxy=${APT_PROXY} debootstrap ${APT_EXCLUDES} --arch="${RELEASE_ARCH}" --foreign ${VARIANT} --components="${COMPONENTS}" --include="${APT_INCLUDES}" "${RELEASE}" "${R}" "http://${APT_SERVER}/debian"
             # Copy qemu emulator binary to chroot
             install -m 755 -o root -g root "${QEMU_BINARY}" "${R}${QEMU_BINARY}"
             # Copy debian-archive-keyring.pgp
             mkdir -p "${R}/usr/share/keyrings"
             install_readonly /usr/share/keyrings/debian-archive-keyring.gpg "${R}/usr/share/keyrings/debian-archive-keyring.gpg"
             # Complete the bootstrapping process
             chroot_exec /debootstrap/debootstrap --second-stage
             # Mount required filesystems
             mount -t proc none "${R}/proc"
             mount -t sysfs none "${R}/sys"
             # Mount pseudo terminal slave if supported by Debian release
             if [ -d "${R}/dev/pts" ] ; then
               mount --bind /dev/pts "${R}/dev/pts"
             fi

bootstrap.d/13-kernel.sh +31 -30

             #
             # Build and Setup RPi2/3 Kernel
             #
             # Load utility functions
             . ./functions.sh
             # Need to use kali kernel src if nexmon is enabled
             if [ "$ENABLE_NEXMON" = true ] ; then
               KERNEL_URL="${KALI_KERNEL_URL}"
               # Clear Branch and KernelSRC_DIR if using nexmon. Everyone will forget to clone kali kernel instead of nomrla kernel
               KERNEL_BRANCH=""
               KERNELSRC_DIR=""
             fi
             # Fetch and build latest raspberry kernel
             if [ "$BUILD_KERNEL" = true ] ; then
               # Setup source directory
               mkdir -p "${KERNEL_DIR}"
               # Copy existing kernel sources into chroot directory
               if [ -n "$KERNELSRC_DIR" ] && [ -d "$KERNELSRC_DIR" ] ; then
                 # Copy kernel sources and include hidden files
                 cp -r "${KERNELSRC_DIR}/". "${KERNEL_DIR}"
                 # Clean the kernel sources
                 if [ "$KERNELSRC_CLEAN" = true ] && [ "$KERNELSRC_PREBUILT" = false ] ; then
                   make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" mrproper
                 fi
               else # KERNELSRC_DIR=""
                 # Create temporary directory for kernel sources
                 temp_dir=$(as_nobody mktemp -d)
                 # Fetch current RPi2/3 kernel sources
                 if [ -z "${KERNEL_BRANCH}" ] ; then
                   as_nobody -H git -C "${temp_dir}" clone --depth=1 "${KERNEL_URL}" linux
                 else
                   as_nobody -H git -C "${temp_dir}" clone --depth=1 --branch "${KERNEL_BRANCH}" "${KERNEL_URL}" linux
                 fi
                 # Copy downloaded kernel sources
                 cp -r "${temp_dir}/linux/"* "${KERNEL_DIR}"
                 # Remove temporary directory for kernel sources
                 rm -fr "${temp_dir}"
                 # Set permissions of the kernel sources
                 chown -R root:root "${R}/usr/src"
               fi
               # Calculate optimal number of kernel building threads
-              if [ "$KERNEL_THREADS" = "1" ] && [ -r /proc/cpuinfo ] ; then
+              if [ -n "$KERNEL_THREADS" ] && [ -r /proc/cpuinfo ] ; then
                 KERNEL_THREADS=$(grep -c processor /proc/cpuinfo)
               fi
+            # TODO: Check if defined Threadcount is higher than actual cores
+            #  if [ "$KERNEL_THREADS" > grep -c processor /proc/cpuinfo] ; then
+            #	  echo "Defined more Threads than core assigned to this system"
+            #	  exit 1
+            #  fi
               #Copy 32bit config to 64bit
               if [ "$ENABLE_QEMU" = true ] && [ "$KERNEL_ARCH" = arm64 ]; then
               cp "${KERNEL_DIR}"/arch/arm/configs/vexpress_defconfig "${KERNEL_DIR}"/arch/arm64/configs/
               fi
               # Configure and build kernel
               if [ "$KERNELSRC_PREBUILT" = false ] ; then
                 # Remove device, network and filesystem drivers from kernel configuration
-                if [ "$KERNEL_REDUCE" = true ] ; then
+                if [ "$REDUCE_KERNEL" = true ] ; then
                   make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" "${KERNEL_DEFCONFIG}"
                   sed -i\
                   -e "s/\(^CONFIG_SND.*\=\).*/\1n/"\
                   -e "s/\(^CONFIG_SOUND.*\=\).*/\1n/"\
                   -e "s/\(^CONFIG_AC97.*\=\).*/\1n/"\
                   -e "s/\(^CONFIG_VIDEO_.*\=\).*/\1n/"\
                   -e "s/\(^CONFIG_MEDIA_TUNER.*\=\).*/\1n/"\
                   -e "s/\(^CONFIG_DVB.*\=\)[ym]/\1n/"\
                   -e "s/\(^CONFIG_REISERFS.*\=\).*/\1n/"\
                   -e "s/\(^CONFIG_JFS.*\=\).*/\1n/"\
                   -e "s/\(^CONFIG_XFS.*\=\).*/\1n/"\
                   -e "s/\(^CONFIG_GFS2.*\=\).*/\1n/"\
                   -e "s/\(^CONFIG_OCFS2.*\=\).*/\1n/"\
                   -e "s/\(^CONFIG_BTRFS.*\=\).*/\1n/"\
                   -e "s/\(^CONFIG_HFS.*\=\).*/\1n/"\
                   -e "s/\(^CONFIG_JFFS2.*\=\)[ym]/\1n/"\
                   -e "s/\(^CONFIG_UBIFS.*\=\).*/\1n/"\
                   -e "s/\(^CONFIG_SQUASHFS.*\=\)[ym]/\1n/"\
                   -e "s/\(^CONFIG_W1.*\=\)[ym]/\1n/"\
                   -e "s/\(^CONFIG_HAMRADIO.*\=\).*/\1n/"\
                   -e "s/\(^CONFIG_CAN.*\=\).*/\1n/"\
                   -e "s/\(^CONFIG_IRDA.*\=\).*/\1n/"\
                   -e "s/\(^CONFIG_BT_.*\=\).*/\1n/"\
                   -e "s/\(^CONFIG_WIMAX.*\=\)[ym]/\1n/"\
                   -e "s/\(^CONFIG_6LOWPAN.*\=\).*/\1n/"\
                   -e "s/\(^CONFIG_IEEE802154.*\=\).*/\1n/"\
                   -e "s/\(^CONFIG_NFC.*\=\).*/\1n/"\
                   -e "s/\(^CONFIG_FB_TFT=.*\=\).*/\1n/"\
                   -e "s/\(^CONFIG_TOUCHSCREEN.*\=\).*/\1n/"\
                   -e "s/\(^CONFIG_USB_GSPCA_.*\=\).*/\1n/"\
                   -e "s/\(^CONFIG_DRM.*\=\).*/\1n/"\
                   "${KERNEL_DIR}/.config"
                 fi
                 if [ "$KERNELSRC_CONFIG" = true ] ; then
                   # Load default raspberry kernel configuration
                   make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" "${KERNEL_DEFCONFIG}"
                   #Switch to KERNELSRC_DIR so we can use set_kernel_config
                   cd "${KERNEL_DIR}" || exit
             	  # Enable RPI POE HAT fan
             	  if [ "$KERNEL_POEHAT" = true ]; then
             	  set_kernel_config CONFIG_SENSORS_RPI_POE_FAN m
             	  fi
             	  # Enable per-interface network priority control
             	  # (for systemd-nspawn)
             	  if [ "$KERNEL_NSPAN" = true ]; then
             	  set_kernel_config CONFIG_CGROUP_NET_PRIO y
             	  fi
             	  # Compile in BTRFS
             	  if [ "$KERNEL_BTRFS" = true ]; then
             	  set_kernel_config CONFIG_BTRFS_FS y
             	  set_kernel_config CONFIG_BTRFS_FS_POSIX_ACL y
             	  set_kernel_config CONFIG_BTRFS_FS_REF_VERIFY y
             	  fi
             	  # Diffie-Hellman operations on retained keys
             	  # (required for >keyutils-1.6)
             	  if [ "$KERNEL_DHKEY" = true ]; then
             		set_kernel_config CONFIG_KEY_DH_OPERATIONS y
             	  fi
             	  if [ "$KERNEL_ARCH" = arm64 ] && [ "$ENABLE_QEMU" = false ]; then
             	    # Mask this temporarily during switch to rpi-4.19.y
             	    #Fix SD_DRIVER upstream and downstream mess in 64bit RPIdeb_config
             	    # use correct driver MMC_BCM2835_MMC instead of MMC_BCM2835_SDHOST - see https://www.raspberrypi.org/forums/viewtopic.php?t=210225
             	    #set_kernel_config CONFIG_MMC_BCM2835 n
             	    #set_kernel_config CONFIG_MMC_SDHCI_IPROC n
             	    #set_kernel_config CONFIG_USB_DWC2 n
             	    #sed -i "s|depends on MMC_BCM2835_MMC && MMC_BCM2835_DMA|depends on MMC_BCM2835_MMC|" "${KERNEL_DIR}"/drivers/mmc/host/Kconfig
             	    #VLAN got disabled without reason in arm64bit
             	    set_kernel_config CONFIG_IPVLAN m
             	  fi
             	  # enable ZSWAP see https://askubuntu.com/a/472227 or https://wiki.archlinux.org/index.php/zswap
                   if [ "$KERNEL_ZSWAP" = true ] ; then
                     set_kernel_config CONFIG_ZPOOL y
                     set_kernel_config CONFIG_ZSWAP y
                     set_kernel_config CONFIG_ZBUD y
                     set_kernel_config CONFIG_Z3FOLD y
                     set_kernel_config CONFIG_ZSMALLOC y
                     set_kernel_config CONFIG_PGTABLE_MAPPING y
             	    set_kernel_config CONFIG_LZO_COMPRESS y
             	  fi
             	  if [ "$RPI_MODEL" = 4 ] ; then
             	  # Following are set in current 32-bit LPAE kernel
             	    set_kernel_config CONFIG_CGROUP_PIDS y
             	    set_kernel_config CONFIG_NET_IPVTI m
             	    set_kernel_config CONFIG_NF_TABLES_SET m
             	    set_kernel_config CONFIG_NF_TABLES_INET y
             	    set_kernel_config CONFIG_NF_TABLES_NETDEV y
             	    set_kernel_config CONFIG_NF_FLOW_TABLE m
             	    set_kernel_config CONFIG_NFT_FLOW_OFFLOAD m
             	    set_kernel_config CONFIG_NFT_CONNLIMIT m
             	    set_kernel_config CONFIG_NFT_TUNNEL m
             	    set_kernel_config CONFIG_NFT_OBJREF m
             	    set_kernel_config CONFIG_NFT_FIB_IPV4 m
             	    set_kernel_config CONFIG_NFT_FIB_IPV6 m
             	    set_kernel_config CONFIG_NFT_FIB_INET m
             	    set_kernel_config CONFIG_NFT_SOCKET m
             	    set_kernel_config CONFIG_NFT_OSF m
             	    set_kernel_config CONFIG_NFT_TPROXY m
             	    set_kernel_config CONFIG_NF_DUP_NETDEV m
             	    set_kernel_config CONFIG_NFT_DUP_NETDEV m
             	    set_kernel_config CONFIG_NFT_FWD_NETDEV m
             	    set_kernel_config CONFIG_NFT_FIB_NETDEV m
             	    set_kernel_config CONFIG_NF_FLOW_TABLE_INET m
             	    set_kernel_config CONFIG_NF_FLOW_TABLE m
             	    set_kernel_config CONFIG_NETFILTER_XT_MATCH_SOCKET m
             	    set_kernel_config CONFIG_NFT_CHAIN_ROUTE_IPV6 m
             	    set_kernel_config CONFIG_NFT_CHAIN_NAT_IPV6 m
             	    set_kernel_config CONFIG_NFT_MASQ_IPV6 m
             	    set_kernel_config CONFIG_NFT_REDIR_IPV6 m
             	    set_kernel_config CONFIG_NFT_REJECT_IPV6 m
             	    set_kernel_config CONFIG_NFT_DUP_IPV6 m
             	    set_kernel_config CONFIG_NFT_FIB_IPV6 m
             	    set_kernel_config CONFIG_NF_FLOW_TABLE_IPV6 m
             	    set_kernel_config CONFIG_NF_TABLES_BRIDGE m
             	    set_kernel_config CONFIG_NFT_BRIDGE_REJECT m
             	    set_kernel_config CONFIG_NF_LOG_BRIDGE m
             	    set_kernel_config CONFIG_MT76_CORE m
             	    set_kernel_config CONFIG_MT76_LEDS m
             	    set_kernel_config CONFIG_MT76_USB m
             	    set_kernel_config CONFIG_MT76x2_COMMON m
             	    set_kernel_config CONFIG_MT76x0U m
             	    set_kernel_config CONFIG_MT76x2U m
             	    set_kernel_config CONFIG_TOUCHSCREEN_ILI210X m
             	    set_kernel_config CONFIG_BCM_VC_SM m
             	    set_kernel_config CONFIG_BCM2835_SMI_DEV m
             	    set_kernel_config CONFIG_RPIVID_MEM m
             	    set_kernel_config CONFIG_HW_RANDOM_BCM2835 y
             	    set_kernel_config CONFIG_TCG_TPM m
             	    set_kernel_config CONFIG_HW_RANDOM_TPM y
             	    set_kernel_config CONFIG_TCG_TIS m
             	    set_kernel_config CONFIG_TCG_TIS_SPI m
             	    set_kernel_config CONFIG_I2C_MUX m
             	    set_kernel_config CONFIG_I2C_MUX_GPMUX m
             	    set_kernel_config CONFIG_I2C_MUX_PCA954x m
             	    set_kernel_config CONFIG_SPI_GPIO m
             	    set_kernel_config CONFIG_BATTERY_MAX17040 m
             	    set_kernel_config CONFIG_SENSORS_GPIO_FAN m
             	    set_kernel_config CONFIG_SENSORS_RASPBERRYPI_HWMON m
             	    set_kernel_config CONFIG_BCM2835_THERMAL y
             	    set_kernel_config CONFIG_RC_CORE y
             	    set_kernel_config CONFIG_RC_MAP y
             	    set_kernel_config CONFIG_LIRC y
             	    set_kernel_config CONFIG_RC_DECODERS y
             	    set_kernel_config CONFIG_IR_NEC_DECODER m
             	    set_kernel_config CONFIG_IR_RC5_DECODER m
             	    set_kernel_config CONFIG_IR_RC6_DECODER m
             	    set_kernel_config CONFIG_IR_JVC_DECODER m
             	    set_kernel_config CONFIG_IR_SONY_DECODER m
             	    set_kernel_config CONFIG_IR_SANYO_DECODER m
             	    set_kernel_config CONFIG_IR_SHARP_DECODER m
             	    set_kernel_config CONFIG_IR_MCE_KBD_DECODER m
             	    set_kernel_config CONFIG_IR_XMP_DECODER m
             	    set_kernel_config CONFIG_IR_IMON_DECODER m
             	    set_kernel_config CONFIG_RC_DEVICES y
             	    set_kernel_config CONFIG_RC_ATI_REMOTE m
             	    set_kernel_config CONFIG_IR_IMON m
             	    set_kernel_config CONFIG_IR_MCEUSB m
             	    set_kernel_config CONFIG_IR_REDRAT3 m
             	    set_kernel_config CONFIG_IR_STREAMZAP m
             	    set_kernel_config CONFIG_IR_IGUANA m
             	    set_kernel_config CONFIG_IR_TTUSBIR m
             	    set_kernel_config CONFIG_RC_LOOPBACK m
             	    set_kernel_config CONFIG_IR_GPIO_CIR m
             	    set_kernel_config CONFIG_IR_GPIO_TX m
             	    set_kernel_config CONFIG_IR_PWM_TX m
             	    set_kernel_config CONFIG_VIDEO_V4L2_SUBDEV_API y
             	    set_kernel_config CONFIG_VIDEO_AU0828_RC y
             	    set_kernel_config CONFIG_VIDEO_CX231XX m
             	    set_kernel_config CONFIG_VIDEO_CX231XX_RC y
             	    set_kernel_config CONFIG_VIDEO_CX231XX_ALSA m
             	    set_kernel_config CONFIG_VIDEO_CX231XX_DVB m
             	    set_kernel_config CONFIG_VIDEO_TM6000 m
             	    set_kernel_config CONFIG_VIDEO_TM6000_ALSA m
             	    set_kernel_config CONFIG_VIDEO_TM6000_DVB m
             	    set_kernel_config CONFIG_DVB_USB m
             	    set_kernel_config CONFIG_DVB_USB_DIB3000MC m
             	    set_kernel_config CONFIG_DVB_USB_A800 m
             	    set_kernel_config CONFIG_DVB_USB_DIBUSB_MB m
             	    set_kernel_config CONFIG_DVB_USB_DIBUSB_MB_FAULTY y
             	    set_kernel_config CONFIG_DVB_USB_DIBUSB_MC m
             	    set_kernel_config CONFIG_DVB_USB_DIB0700 m
             	    set_kernel_config CONFIG_DVB_USB_UMT_010 m
             	    set_kernel_config CONFIG_DVB_USB_CXUSB m
             	    set_kernel_config CONFIG_DVB_USB_M920X m
             	    set_kernel_config CONFIG_DVB_USB_DIGITV m
             	    set_kernel_config CONFIG_DVB_USB_VP7045 m
             	    set_kernel_config CONFIG_DVB_USB_VP702X m
             	    set_kernel_config CONFIG_DVB_USB_GP8PSK m
             	    set_kernel_config CONFIG_DVB_USB_NOVA_T_USB2 m
             	    set_kernel_config CONFIG_DVB_USB_TTUSB2 m
             	    set_kernel_config CONFIG_DVB_USB_DTT200U m
             	    set_kernel_config CONFIG_DVB_USB_OPERA1 m
             	    set_kernel_config CONFIG_DVB_USB_AF9005 m
             	    set_kernel_config CONFIG_DVB_USB_AF9005_REMOTE m
             	    set_kernel_config CONFIG_DVB_USB_PCTV452E m
             	    set_kernel_config CONFIG_DVB_USB_DW2102 m
             	    set_kernel_config CONFIG_DVB_USB_CINERGY_T2 m
             	    set_kernel_config CONFIG_DVB_USB_DTV5100 m
             	    set_kernel_config CONFIG_DVB_USB_AZ6027 m
             	    set_kernel_config CONFIG_DVB_USB_TECHNISAT_USB2 m
             	    set_kernel_config CONFIG_DVB_USB_AF9015 m
             	    set_kernel_config CONFIG_DVB_USB_LME2510 m
             	    set_kernel_config CONFIG_DVB_USB_RTL28XXU m
             	    set_kernel_config CONFIG_VIDEO_EM28XX_RC m
             	    set_kernel_config CONFIG_SMS_SIANO_RC m
             	    set_kernel_config CONFIG_VIDEO_IR_I2C m
             	    set_kernel_config CONFIG_VIDEO_ADV7180 m
             	    set_kernel_config CONFIG_VIDEO_TC358743 m
             	    set_kernel_config CONFIG_VIDEO_OV5647 m
             	    set_kernel_config CONFIG_DVB_M88DS3103 m
             	    set_kernel_config CONFIG_DVB_AF9013 m
             	    set_kernel_config CONFIG_DVB_RTL2830 m
             	    set_kernel_config CONFIG_DVB_RTL2832 m
             	    set_kernel_config CONFIG_DVB_SI2168 m
             	    set_kernel_config CONFIG_DVB_GP8PSK_FE m
             	    set_kernel_config CONFIG_DVB_USB m
             	    set_kernel_config CONFIG_DVB_LGDT3306A m
             	    set_kernel_config CONFIG_FB_SIMPLE y
             	    set_kernel_config CONFIG_SND_BCM2708_SOC_IQAUDIO_CODEC m
             	    set_kernel_config CONFIG_SND_BCM2708_SOC_I_SABRE_Q2M m
             	    set_kernel_config CONFIG_SND_AUDIOSENSE_PI m
             	    set_kernel_config CONFIG_SND_SOC_AD193X m
             	    set_kernel_config CONFIG_SND_SOC_AD193X_SPI m
             	    set_kernel_config CONFIG_SND_SOC_AD193X_I2C m
             	    set_kernel_config CONFIG_SND_SOC_CS4265 m
             	    set_kernel_config CONFIG_SND_SOC_DA7213 m
             	    set_kernel_config CONFIG_SND_SOC_ICS43432 m
             	    set_kernel_config CONFIG_SND_SOC_TLV320AIC32X4 m
             	    set_kernel_config CONFIG_SND_SOC_TLV320AIC32X4_I2C m
             	    set_kernel_config CONFIG_SND_SOC_I_SABRE_CODEC m
             	    set_kernel_config CONFIG_HID_BIGBEN_FF m
             	    #set_kernel_config CONFIG_USB_XHCI_PLATFORM y
             	    set_kernel_config CONFIG_USB_TMC m
             	    set_kernel_config CONFIG_USB_UAS y
             	    set_kernel_config CONFIG_USBIP_VUDC m
             	    set_kernel_config CONFIG_USB_CONFIGFS m
             	    set_kernel_config CONFIG_USB_CONFIGFS_SERIAL y
             	    set_kernel_config CONFIG_USB_CONFIGFS_ACM y
             	    set_kernel_config CONFIG_USB_CONFIGFS_OBEX y
             	    set_kernel_config CONFIG_USB_CONFIGFS_NCM y
             	    set_kernel_config CONFIG_USB_CONFIGFS_ECM y
             	    set_kernel_config CONFIG_USB_CONFIGFS_ECM_SUBSET y
             	    set_kernel_config CONFIG_USB_CONFIGFS_RNDIS y
             	    set_kernel_config CONFIG_USB_CONFIGFS_EEM y
             	    set_kernel_config CONFIG_USB_CONFIGFS_MASS_STORAGE y
             	    set_kernel_config CONFIG_USB_CONFIGFS_F_LB_SS y
             	    set_kernel_config CONFIG_USB_CONFIGFS_F_FS y
             	    set_kernel_config CONFIG_USB_CONFIGFS_F_UAC1 y
             	    set_kernel_config CONFIG_USB_CONFIGFS_F_UAC2 y
             	    set_kernel_config CONFIG_USB_CONFIGFS_F_MIDI y
             	    set_kernel_config CONFIG_USB_CONFIGFS_F_HID y
             	    set_kernel_config CONFIG_USB_CONFIGFS_F_UVC y
             	    set_kernel_config CONFIG_USB_CONFIGFS_F_PRINTER y
             	    set_kernel_config CONFIG_LEDS_PCA963X m
             	    set_kernel_config CONFIG_LEDS_IS31FL32XX m
             	    set_kernel_config CONFIG_LEDS_TRIGGER_NETDEV m
             	    set_kernel_config CONFIG_RTC_DRV_RV3028 m
             	    set_kernel_config CONFIG_AUXDISPLAY y
             	    set_kernel_config CONFIG_HD44780 m
             	    set_kernel_config CONFIG_FB_TFT_SH1106 m
             	    set_kernel_config CONFIG_VIDEO_CODEC_BCM2835 m
             	    set_kernel_config CONFIG_BCM2835_POWER y
             	    set_kernel_config CONFIG_INV_MPU6050_IIO m
             	    set_kernel_config CONFIG_INV_MPU6050_I2C m
             	    set_kernel_config CONFIG_SECURITYFS y
             	    # Safer to build this in
             	    set_kernel_config CONFIG_BINFMT_MISC y
             	    # pulseaudio wants a buffer of at least this size
             	    set_kernel_config CONFIG_SND_HDA_PREALLOC_SIZE 2048
             	    # PR#3063: enable 3D acceleration with 64-bit kernel on RPi4
             	    # set the appropriate kernel configs unlocked by this PR
             	    set_kernel_config CONFIG_ARCH_BCM y
             	    set_kernel_config CONFIG_ARCH_BCM2835 y
             	    set_kernel_config CONFIG_DRM_V3D m
             	    set_kernel_config CONFIG_DRM_VC4 m
             	    set_kernel_config CONFIG_DRM_VC4_HDMI_CEC y
             	    # PR#3144: add arm64 pcie bounce buffers; enables 4GiB on RPi4
             	    # required by PR#3144; should already be applied, but just to be safe
             	    set_kernel_config CONFIG_PCIE_BRCMSTB y
             	    set_kernel_config CONFIG_BCM2835_MMC y
             	    # Snap needs squashfs. The ubuntu eoan-preinstalled-server image at
             	    # http://cdimage.ubuntu.com/ubuntu-server/daily-preinstalled/current/ uses snap
             	    # during cloud-init setup at first boot. Without this the login accounts are not
             	    # created and the user can not login.
             	    set_kernel_config CONFIG_SQUASHFS y
             	    # Ceph support for Block Device (RBD) and Filesystem (FS)
             	    # https://docs.ceph.com/docs/master/
             	    set_kernel_config CONFIG_CEPH_LIB m
             	    set_kernel_config CONFIG_CEPH_LIB_USE_DNS_RESOLVER y
             	    set_kernel_config CONFIG_CEPH_FS m
             	    set_kernel_config CONFIG_CEPH_FSCACHE y
             	    set_kernel_config CONFIG_CEPH_FS_POSIX_ACL y
             	    set_kernel_config CONFIG_BLK_DEV_RBD m
             	  fi
                   # enable basic KVM support; see https://www.raspberrypi.org/forums/viewtopic.php?f=63&t=210546&start=25#p1300453
             	  if [ "$KERNEL_VIRT" = true ] && { [ "$RPI_MODEL" = 2 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] || [ "$RPI_MODEL" = 4 ]; } ; then
             		set_kernel_config CONFIG_HAVE_KVM y
             		set_kernel_config CONFIG_HIGH_RES_TIMERS y
             		set_kernel_config CONFIG_HAVE_KVM_IRQCHIP y
                     set_kernel_config CONFIG_HAVE_KVM_ARCH_TLB_FLUSH_ALL y
                     set_kernel_config CONFIG_HAVE_KVM_CPU_RELAX_INTERCEPT y
                     set_kernel_config CONFIG_HAVE_KVM_EVENTFD y
                     set_kernel_config CONFIG_HAVE_KVM_IRQFD y
                     set_kernel_config CONFIG_HAVE_KVM_IRQ_ROUTING y
                     set_kernel_config CONFIG_HAVE_KVM_MSI y
                     set_kernel_config CONFIG_KVM y
                     set_kernel_config CONFIG_KVM_ARM_HOST y
                     set_kernel_config CONFIG_KVM_ARM_PMU y
                     set_kernel_config CONFIG_KVM_COMPAT y
                     set_kernel_config CONFIG_KVM_GENERIC_DIRTYLOG_READ_PROTECT y
                     set_kernel_config CONFIG_KVM_MMIO y
                     set_kernel_config CONFIG_KVM_VFIO y
             		set_kernel_config CONFIG_KVM_MMU_AUDIT y
                     set_kernel_config CONFIG_VHOST m
                     set_kernel_config CONFIG_VHOST_CROSS_ENDIAN_LEGACY y
                     set_kernel_config CONFIG_VHOST_NET m
                     set_kernel_config CONFIG_VIRTUALIZATION y
             		set_kernel_config CONFIG_SLAB_FREELIST_RANDOM=y
             		set_kernel_config CONFIG_SLAB_FREELIST_HARDENED=y
             		set_kernel_config CONFIG_MMU_NOTIFIER y
             		# erratum
             		set_kernel_config ARM64_ERRATUM_834220 y
             		# https://sourceforge.net/p/kvm/mailman/message/18440797/
             		set_kernel_config CONFIG_PREEMPT_NOTIFIERS y
             	  fi
                   # enable apparmor,integrity audit,
             	  if [ "$KERNEL_SECURITY" = true ] ; then
                     # security filesystem, security models and audit
                     set_kernel_config CONFIG_SECURITYFS y
                     set_kernel_config CONFIG_SECURITY y
                     set_kernel_config CONFIG_AUDIT y
                     # harden strcpy and memcpy
                     set_kernel_config CONFIG_HARDENED_USERCOPY y
                     set_kernel_config CONFIG_HAVE_HARDENED_USERCOPY_ALLOCATOR y
                     set_kernel_config CONFIG_FORTIFY_SOURCE y
                     # integrity sub-system
                     set_kernel_config CONFIG_INTEGRITY y
                     set_kernel_config CONFIG_INTEGRITY_ASYMMETRIC_KEYS y
                     set_kernel_config CONFIG_INTEGRITY_AUDIT y
                     set_kernel_config CONFIG_INTEGRITY_SIGNATURE y
                     set_kernel_config CONFIG_INTEGRITY_TRUSTED_KEYRING y
                     # This option provides support for retaining authentication tokens and access keys in the kernel.
                     set_kernel_config CONFIG_KEYS y
                     set_kernel_config CONFIG_KEYS_COMPAT y
                     # Apparmor
                     set_kernel_config CONFIG_SECURITY_APPARMOR_BOOTPARAM_VALUE 0
                     set_kernel_config CONFIG_SECURITY_APPARMOR_HASH_DEFAULT y
                     set_kernel_config CONFIG_DEFAULT_SECURITY_APPARMOR y
                     set_kernel_config CONFIG_SECURITY_APPARMOR y
                     set_kernel_config CONFIG_SECURITY_APPARMOR_HASH y
                     set_kernel_config CONFIG_DEFAULT_SECURITY "apparmor"
                     # restrictions on unprivileged users reading the kernel
                     set_kernel_config CONFIG_SECURITY_DMESG_RESTRICT y
                     # network security hooks
                     set_kernel_config CONFIG_SECURITY_NETWORK y
                     set_kernel_config CONFIG_SECURITY_NETWORK_XFRM y
                     set_kernel_config CONFIG_SECURITY_PATH y
                     set_kernel_config CONFIG_SECURITY_YAMA n
                     set_kernel_config CONFIG_SECURITY_SELINUX n
                     set_kernel_config CONFIG_SECURITY_SMACK n
                     set_kernel_config CONFIG_SECURITY_TOMOYO n
                     set_kernel_config CONFIG_SECURITY_APPARMOR_DEBUG n
                     set_kernel_config CONFIG_SECURITY_LOADPIN n
                     set_kernel_config CONFIG_HARDENED_USERCOPY_PAGESPAN n
                     set_kernel_config CONFIG_IMA n
                     set_kernel_config CONFIG_EVM n
                     set_kernel_config CONFIG_FANOTIFY_ACCESS_PERMISSIONS y
                     set_kernel_config CONFIG_NFSD_V4_SECURITY_LABEL y
                     set_kernel_config CONFIG_PKCS7_MESSAGE_PARSER y
                     set_kernel_config CONFIG_SYSTEM_TRUSTED_KEYRING y
                     set_kernel_config CONFIG_SYSTEM_EXTRA_CERTIFICATE y
                     set_kernel_config CONFIG_SECONDARY_TRUSTED_KEYRING y
                     set_kernel_config CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY n
             		set_kernel_config CONFIG_SYSTEM_TRUSTED_KEYS m
             		set_kernel_config CONFIG_SYSTEM_EXTRA_CERTIFICATE_SIZE 4096
+                  fi
-                    set_kernel_config CONFIG_ARM64_CRYPTO y
+            	  if [ "$ENABLE_CRYPTFS" = true ] ; then
+            		set_kernel_config CONFIG_EMBEDDED y
+            		set_kernel_config CONFIG_EXPERT y
+            		set_kernel_config CONFIG_DAX y
+            		set_kernel_config CONFIG_MD y
+            		set_kernel_config CONFIG_BLK_DEV_MD y
+            		set_kernel_config CONFIG_MD_AUTODETECT y
+            		set_kernel_config CONFIG_BLK_DEV_DM y
+            		set_kernel_config CONFIG_BLK_DEV_DM_BUILTIN y
+            		set_kernel_config CONFIG_DM_CRYPT y
+            		set_kernel_config CONFIG_CRYPTO_BLKCIPHER y
+            		set_kernel_config CONFIG_CRYPTO_CBC y
+            		set_kernel_config CONFIG_CRYPTO_XTS y
+            		set_kernel_config CONFIG_CRYPTO_SHA512 y
+            		set_kernel_config CONFIG_CRYPTO_MANAGER y
+            		set_kernel_config CONFIG_ARM64_CRYPTO y
                     set_kernel_config CONFIG_CRYPTO_SHA256_ARM64 m
                     set_kernel_config CONFIG_CRYPTO_SHA512_ARM64 m
                     set_kernel_config CONFIG_CRYPTO_SHA1_ARM64_CE m
                     set_kernel_config CRYPTO_GHASH_ARM64_CE m
                     set_kernel_config CRYPTO_SHA2_ARM64_CE m
                     set_kernel_config CONFIG_CRYPTO_CRCT10DIF_ARM64_CE m
                     set_kernel_config CONFIG_CRYPTO_CRC32_ARM64_CE m
                     set_kernel_config CONFIG_CRYPTO_AES_ARM64 m
                     set_kernel_config CONFIG_CRYPTO_AES_ARM64_CE m
                     set_kernel_config CONFIG_CRYPTO_AES_ARM64_CE_CCM y
                     set_kernel_config CONFIG_CRYPTO_AES_ARM64_CE_BLK y
                     set_kernel_config CONFIG_CRYPTO_AES_ARM64_NEON_BLK m
                     set_kernel_config CONFIG_CRYPTO_CHACHA20_NEON m
                     set_kernel_config CONFIG_CRYPTO_AES_ARM64_BS m
                   fi
                   # Netfilter kernel support See https://github.com/raspberrypi/linux/issues/2177#issuecomment-354647406
                   if [ "$KERNEL_NF" = true ] ; then
             	    set_kernel_config CONFIG_IP_NF_SECURITY m
                     set_kernel_config CONFIG_NETLABEL y
                     set_kernel_config CONFIG_IP6_NF_SECURITY m
                     set_kernel_config CONFIG_IP_NF_TARGET_SYNPROXY m
                     set_kernel_config CONFIG_NETFILTER_XT_TARGET_AUDIT m
                     set_kernel_config CONFIG_NETFILTER_XT_MATCH_CGROUP m
                     set_kernel_config CONFIG_NETFILTER_XT_MATCH_IPCOMP m
                     set_kernel_config CONFIG_NETFILTER_XT_MATCH_SOCKET m
                     set_kernel_config CONFIG_NFT_FIB_INET m
                     set_kernel_config CONFIG_NFT_FIB_IPV4 m
                     set_kernel_config CONFIG_NFT_FIB_IPV6 m
                     set_kernel_config CONFIG_NFT_FIB_NETDEV m
                     set_kernel_config CONFIG_NFT_OBJREF m
                     set_kernel_config CONFIG_NFT_RT m
                     set_kernel_config CONFIG_NFT_SET_BITMAP m
                     set_kernel_config CONFIG_NF_CONNTRACK_TIMEOUT y
                     set_kernel_config CONFIG_NF_LOG_ARP m
                     set_kernel_config CONFIG_NF_SOCKET_IPV4 m
                     set_kernel_config CONFIG_NF_SOCKET_IPV6 m
                     set_kernel_config CONFIG_BRIDGE_EBT_BROUTE m
                     set_kernel_config CONFIG_BRIDGE_EBT_T_FILTER m
                     set_kernel_config CONFIG_BRIDGE_NF_EBTABLES m
                     set_kernel_config CONFIG_IP6_NF_IPTABLES m
                     set_kernel_config CONFIG_IP6_NF_MATCH_AH m
                     set_kernel_config CONFIG_IP6_NF_MATCH_EUI64 m
                     set_kernel_config CONFIG_IP6_NF_NAT m
                     set_kernel_config CONFIG_IP6_NF_TARGET_MASQUERADE m
                     set_kernel_config CONFIG_IP6_NF_TARGET_NPT m
                     set_kernel_config CONFIG_IP_SET_BITMAP_IPMAC m
                     set_kernel_config CONFIG_IP_SET_BITMAP_PORT m
                     set_kernel_config CONFIG_IP_SET_HASH_IP m
                     set_kernel_config CONFIG_IP_SET_HASH_IPMARK m
                     set_kernel_config CONFIG_IP_SET_HASH_IPPORT m
                     set_kernel_config CONFIG_IP_SET_HASH_IPPORTIP m
                     set_kernel_config CONFIG_IP_SET_HASH_IPPORTNET m
                     set_kernel_config CONFIG_IP_SET_HASH_MAC m
                     set_kernel_config CONFIG_IP_SET_HASH_NET m
                     set_kernel_config CONFIG_IP_SET_HASH_NETIFACE m
                     set_kernel_config CONFIG_IP_SET_HASH_NETNET m
                     set_kernel_config CONFIG_IP_SET_HASH_NETPORT m
                     set_kernel_config CONFIG_IP_SET_HASH_NETPORTNET m
                     set_kernel_config CONFIG_IP_SET_LIST_SET m
                     set_kernel_config CONFIG_NETFILTER_XTABLES m
                     set_kernel_config CONFIG_NETFILTER_XTABLES m
                     set_kernel_config CONFIG_NFT_BRIDGE_META m
                     set_kernel_config CONFIG_NFT_BRIDGE_REJECT m
                     set_kernel_config CONFIG_NFT_CHAIN_NAT_IPV4 m
                     set_kernel_config CONFIG_NFT_CHAIN_NAT_IPV6 m
                     set_kernel_config CONFIG_NFT_CHAIN_ROUTE_IPV4 m
                     set_kernel_config CONFIG_NFT_CHAIN_ROUTE_IPV6 m
                     set_kernel_config CONFIG_NFT_COMPAT m
                     set_kernel_config CONFIG_NFT_COUNTER m
                     set_kernel_config CONFIG_NFT_CT m
                     set_kernel_config CONFIG_NFT_DUP_IPV4 m
                     set_kernel_config CONFIG_NFT_DUP_IPV6 m
                     set_kernel_config CONFIG_NFT_DUP_NETDEV m
                     set_kernel_config CONFIG_NFT_EXTHDR m
                     set_kernel_config CONFIG_NFT_FWD_NETDEV m
                     set_kernel_config CONFIG_NFT_HASH m
                     set_kernel_config CONFIG_NFT_LIMIT m
                     set_kernel_config CONFIG_NFT_LOG m
                     set_kernel_config CONFIG_NFT_MASQ m
                     set_kernel_config CONFIG_NFT_MASQ_IPV4 m
                     set_kernel_config CONFIG_NFT_MASQ_IPV6 m
                     set_kernel_config CONFIG_NFT_META m
                     set_kernel_config CONFIG_NFT_NAT m
                     set_kernel_config CONFIG_NFT_NUMGEN m
                     set_kernel_config CONFIG_NFT_QUEUE m
                     set_kernel_config CONFIG_NFT_QUOTA m
                     set_kernel_config CONFIG_NFT_REDIR m
                     set_kernel_config CONFIG_NFT_REDIR_IPV4 m
                     set_kernel_config CONFIG_NFT_REDIR_IPV6 m
                     set_kernel_config CONFIG_NFT_REJECT m
                     set_kernel_config CONFIG_NFT_REJECT_INET m
                     set_kernel_config CONFIG_NFT_REJECT_IPV4 m
                     set_kernel_config CONFIG_NFT_REJECT_IPV6 m
                     set_kernel_config CONFIG_NFT_SET_HASH m
                     set_kernel_config CONFIG_NFT_SET_RBTREE m
                     set_kernel_config CONFIG_NF_CONNTRACK_IPV4 m
                     set_kernel_config CONFIG_NF_CONNTRACK_IPV6 m
                     set_kernel_config CONFIG_NF_DEFRAG_IPV4 m
                     set_kernel_config CONFIG_NF_DEFRAG_IPV6 m
                     set_kernel_config CONFIG_NF_DUP_IPV4 m
                     set_kernel_config CONFIG_NF_DUP_IPV6 m
                     set_kernel_config CONFIG_NF_DUP_NETDEV m
                     set_kernel_config CONFIG_NF_LOG_BRIDGE m
                     set_kernel_config CONFIG_NF_LOG_IPV4 m
                     set_kernel_config CONFIG_NF_LOG_IPV6 m
                     set_kernel_config CONFIG_NF_NAT_IPV4 m
                     set_kernel_config CONFIG_NF_NAT_IPV6 m
                     set_kernel_config CONFIG_NF_NAT_MASQUERADE_IPV4 y
                     set_kernel_config CONFIG_NF_NAT_MASQUERADE_IPV6 y
                     set_kernel_config CONFIG_NF_NAT_PPTP m
                     set_kernel_config CONFIG_NF_NAT_PROTO_GRE m
                     set_kernel_config CONFIG_NF_NAT_REDIRECT y
                     set_kernel_config CONFIG_NF_NAT_SIP m
                     set_kernel_config CONFIG_NF_NAT_SNMP_BASIC m
                     set_kernel_config CONFIG_NF_NAT_TFTP m
                     set_kernel_config CONFIG_NF_REJECT_IPV4 m
                     set_kernel_config CONFIG_NF_REJECT_IPV6 m
                     set_kernel_config CONFIG_NF_TABLES m
                     set_kernel_config CONFIG_NF_TABLES_ARP m
                     set_kernel_config CONFIG_NF_TABLES_BRIDGE m
                     set_kernel_config CONFIG_NF_TABLES_INET m
                     set_kernel_config CONFIG_NF_TABLES_IPV4 y
                     set_kernel_config CONFIG_NF_TABLES_IPV6 y
                     set_kernel_config CONFIG_NF_TABLES_NETDEV m
                     set_kernel_config CONFIG_NF_TABLES_SET m
                     set_kernel_config CONFIG_NF_TABLES_INET y
                     set_kernel_config CONFIG_NF_TABLES_NETDEV y
                     set_kernel_config CONFIG_NFT_CONNLIMIT m
                     set_kernel_config CONFIG_NFT_TUNNEL m
                     set_kernel_config CONFIG_NFT_SOCKET m
                     set_kernel_config CONFIG_NFT_TPROXY m
                     set_kernel_config CONFIG_NF_FLOW_TABLE m
                     set_kernel_config CONFIG_NFT_FLOW_OFFLOAD m
                     set_kernel_config CONFIG_NF_FLOW_TABLE_INET m
                     set_kernel_config CONFIG_NF_TABLES_ARP y
                     set_kernel_config CONFIG_NF_FLOW_TABLE_IPV4 y
                     set_kernel_config CONFIG_NF_FLOW_TABLE_IPV6 y
                     set_kernel_config CONFIG_NF_TABLES_BRIDGE y
                     set_kernel_config CONFIG_NF_CT_NETLINK_TIMEOUT m
                     set_kernel_config CONFIG_NFT_OSF m
                   fi
             	  # Enables BPF syscall for systemd-journald see https://github.com/torvalds/linux/blob/master/init/Kconfig#L848 or https://groups.google.com/forum/#!topic/linux.gentoo.user/_2aSc_ztGpA
             	  if [ "$KERNEL_BPF" = true ] ; then
                     set_kernel_config CONFIG_BPF_SYSCALL y
             	    set_kernel_config CONFIG_BPF_EVENTS y
             	    set_kernel_config CONFIG_BPF_STREAM_PARSER y
             	    set_kernel_config CONFIG_CGROUP_BPF y
             	    set_kernel_config CONFIG_XDP_SOCKETS y
             	  fi
             	  # KERNEL_DEFAULT_GOV was set by user
-            	  if [ "$KERNEL_DEFAULT_GOV" != powersave ] && [ -n "$KERNEL_DEFAULT_GOV" ] ; then
+            	  if [ "$KERNEL_DEFAULT_GOV" != ondemand ] && [ -n "$KERNEL_DEFAULT_GOV" ] ; then
             	    case "$KERNEL_DEFAULT_GOV" in
                       performance)
             	            set_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_PERFORMANCE y
                         ;;
                       userspace)
                         	    set_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_USERSPACE y
                         ;;
                       ondemand)
             		    set_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_ONDEMAND y
                         ;;
                       conservative)
             		    set_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_CONSERVATIVE y
             		    ;;
                       shedutil)
             		    set_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_SCHEDUTIL y
                         ;;
                       *)
                         echo "error: unsupported default cpu governor"
                         exit 1
                         ;;
                     esac
+                    # unset previous default governor
-                        # unset previous default governor
+            	    unset_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_ONDEMAND
-            	    unset_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_POWERSAVE
             	  fi
             	  #Revert to previous directory
             	  cd "${WORKDIR}" || exit
                   # Set kernel configuration parameters to enable qemu emulation
                   if [ "$ENABLE_QEMU" = true ] ; then
                     echo "CONFIG_FHANDLE=y" >> "${KERNEL_DIR}"/.config
                     echo "CONFIG_LBDAF=y" >> "${KERNEL_DIR}"/.config
-                    if [ "$ENABLE_CRYPTFS" = true ] ; then
-                        echo "CONFIG_EMBEDDED=y"
-                        echo "CONFIG_EXPERT=y"
-                        echo "CONFIG_DAX=y"
-                        echo "CONFIG_MD=y"
-                        echo "CONFIG_BLK_DEV_MD=y"
-                        echo "CONFIG_MD_AUTODETECT=y"
-                        echo "CONFIG_BLK_DEV_DM=y"
-                        echo "CONFIG_BLK_DEV_DM_BUILTIN=y"
-                        echo "CONFIG_DM_CRYPT=y"
-                        echo "CONFIG_CRYPTO_BLKCIPHER=y"
-                        echo "CONFIG_CRYPTO_CBC=y"
-                        echo "CONFIG_CRYPTO_XTS=y"
-                        echo "CONFIG_CRYPTO_SHA512=y"
-                        echo "CONFIG_CRYPTO_MANAGER=y"
-                      } >> "${KERNEL_DIR}"/.config
-                    fi
                   fi
                   # Copy custom kernel configuration file
                   if [ -n "$KERNELSRC_USRCONFIG" ] ; then
                     cp "$KERNELSRC_USRCONFIG" "${KERNEL_DIR}"/.config
                   fi
                   # Set kernel configuration parameters to their default values
                   if [ "$KERNEL_OLDDEFCONFIG" = true ] ; then
                     make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" olddefconfig
                   fi
                   # Start menu-driven kernel configuration (interactive)
                   if [ "$KERNEL_MENUCONFIG" = true ] ; then
                     make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" menuconfig
                   fi
             	# end if "$KERNELSRC_CONFIG" = true
                 fi
                 # Use ccache to cross compile the kernel
                 if [ "$KERNEL_CCACHE" = true ] ; then
                   cc="ccache ${CROSS_COMPILE}gcc"
                 else
                   cc="${CROSS_COMPILE}gcc"
                 fi
                 # Cross compile kernel and dtbs
                 make -C "${KERNEL_DIR}" -j"${KERNEL_THREADS}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" CC="${cc}" "${KERNEL_BIN_IMAGE}" dtbs
                 # Cross compile kernel modules
                 if grep -q "CONFIG_MODULES=y" "${KERNEL_DIR}/.config" ; then
                   make -C "${KERNEL_DIR}" -j"${KERNEL_THREADS}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" CC="${cc}" modules
                 fi
               # end if "$KERNELSRC_PREBUILT" = false
               fi
               # Check if kernel compilation was successful
               if [ ! -r "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/${KERNEL_BIN_IMAGE}" ] ; then
                 echo "error: kernel compilation failed! (kernel image not found)"
                 cleanup
                 exit 1
               fi
               # Install kernel modules
               if [ "$ENABLE_REDUCE" = true ] ; then
                 if grep -q "CONFIG_MODULES=y" "${KERNEL_DIR}/.config" ; then
                   make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_MOD_STRIP=1 INSTALL_MOD_PATH=../../.. modules_install
                 fi
               else
                 if grep -q "CONFIG_MODULES=y" "${KERNEL_DIR}/.config" ; then
                   make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_MOD_PATH=../../.. modules_install
                 fi
                 # Install kernel firmware
                 if grep -q "^firmware_install:" "${KERNEL_DIR}/Makefile" ; then
                   make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_FW_PATH=../../../lib firmware_install
                 fi
               fi
               # Install kernel headers
-              if [ "$KERNEL_HEADERS" = true ] && [ "$KERNEL_REDUCE" = false ] ; then
+              if [ "$KERNEL_HEADERS" = true ] && [ "$REDUCE_KERNEL" = false ] ; then
                 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_HDR_PATH=../.. headers_install
               fi
               # Prepare boot (firmware) directory
               mkdir "${BOOT_DIR}"
               # Get kernel release version
               KERNEL_VERSION=$(cat "${KERNEL_DIR}/include/config/kernel.release")
               # Copy kernel configuration file to the boot directory
               install_readonly "${KERNEL_DIR}/.config" "${R}/boot/config-${KERNEL_VERSION}"
               # Prepare device tree directory
               mkdir "${BOOT_DIR}/overlays"
               # Ensure the proper .dtb is located
               if [ "$KERNEL_ARCH" = "arm" ] ; then
                 for dtb in "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/"*.dtb ; do
                   if [ -f "${dtb}" ] ; then
                     install_readonly "${dtb}" "${BOOT_DIR}/"
                   fi
                 done
               else
                 for dtb in "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/broadcom/"*.dtb ; do
                   if [ -f "${dtb}" ] ; then
                     install_readonly "${dtb}" "${BOOT_DIR}/"
                   fi
                 done
               fi
               # Copy compiled dtb device tree files
               if [ -d "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays" ] ; then
                 for dtb in "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays/"*.dtbo ; do
                   if [ -f "${dtb}" ] ; then
                     install_readonly "${dtb}" "${BOOT_DIR}/overlays/"
                   fi
                 done
                 if [ -f "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays/README" ] ; then
                   install_readonly "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays/README" "${BOOT_DIR}/overlays/README"
                 fi
               fi
               if [ "$ENABLE_UBOOT" = false ] ; then
                 # Convert and copy kernel image to the boot directory
                 "${KERNEL_DIR}/scripts/mkknlimg" "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/${KERNEL_BIN_IMAGE}" "${BOOT_DIR}/${KERNEL_IMAGE}"
               else
                 # Copy kernel image to the boot directory
                 install_readonly "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/${KERNEL_BIN_IMAGE}" "${BOOT_DIR}/${KERNEL_IMAGE}"
               fi
               # Remove kernel sources
               if [ "$KERNEL_REMOVESRC" = true ] ; then
                 rm -fr "${KERNEL_DIR}"
               else
                 # Prepare compiled kernel modules
                 if grep -q "CONFIG_MODULES=y" "${KERNEL_DIR}/.config" ; then
                   if grep -q "^modules_prepare:" "${KERNEL_DIR}/Makefile" ; then
                     make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" modules_prepare
                   fi
                   # Create symlinks for kernel modules
                   chroot_exec ln -sf /usr/src/linux "/lib/modules/${KERNEL_VERSION}/build"
                   chroot_exec ln -sf /usr/src/linux "/lib/modules/${KERNEL_VERSION}/source"
                 fi
               fi
             else # BUILD_KERNEL=false
               if [ "$SET_ARCH" = 64 ] ; then
                 if [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then
             	  # Use Sakakis modified kernel if ZSWAP is active
                   if [ "$KERNEL_ZSWAP" = true ] || [ "$KERNEL_VIRT" = true ] || [ "$KERNEL_NF" = true ] || [ "$KERNEL_BPF" = true ] ; then
             	    RPI3_64_KERNEL_URL="${RPI3_64_BIS_KERNEL_URL}"
             	  fi
                   # Create temporary directory for dl
                   temp_dir=$(as_nobody mktemp -d)
                   # Fetch kernel dl
                   as_nobody wget -O "${temp_dir}"/kernel.tar.xz -c "$RPI3_64_KERNEL_URL"
                 fi
                 if [ "$SET_ARCH" = 64 ] && [ "$RPI_MODEL" = 4 ] ; then
                   # Create temporary directory for dl
                   temp_dir=$(as_nobody mktemp -d)
                   # Fetch kernel dl
                   as_nobody wget -O "${temp_dir}"/kernel.tar.xz -c "$RPI4_64_KERNEL_URL"
                 fi
             	#extract download
                 tar -xJf "${temp_dir}"/kernel.tar.xz -C "${temp_dir}"
                 #move extracted kernel to /boot/firmware
                 mkdir "${R}/boot/firmware"
                 cp "${temp_dir}"/boot/* "${R}"/boot/firmware/
                 cp -r "${temp_dir}"/lib/* "${R}"/lib/
                 # Remove temporary directory for kernel sources
                 rm -fr "${temp_dir}"
                 # Set permissions of the kernel sources
                 chown -R root:root "${R}/boot/firmware"
                 chown -R root:root "${R}/lib/modules"
               fi
               # Install Kernel from hypriot comptabile with all Raspberry PI (dunno if its compatible with RPI4 - better compile your own kernel)
               if [ "$SET_ARCH" = 32 ] && [ "$RPI_MODEL" != 4 ] ; then
                 # Create temporary directory for dl
                 temp_dir=$(as_nobody mktemp -d)
                 # Fetch kernel
                 as_nobody wget -O "${temp_dir}"/kernel.deb -c "$RPI_32_KERNEL_URL"
                 # Copy downloaded kernel package
                 mv "${temp_dir}"/kernel.deb "${R}"/tmp/kernel.deb
                 # Set permissions
                 chown -R root:root "${R}"/tmp/kernel.deb
             	# Install kernel
             	chroot_exec dpkg -i /tmp/kernel.deb
             	# move /boot to /boot/firmware to fit script env.
             	#mkdir "${BOOT_DIR}"
             	mkdir "${temp_dir}"/firmware
             	mv  "${R}"/boot/* "${temp_dir}"/firmware/
             	mv "${temp_dir}"/firmware "${R}"/boot/
             	#same for kernel headers
             	if [ "$KERNEL_HEADERS" = true ] ; then
             	  # Fetch kernel header
             	  as_nobody wget -O "${temp_dir}"/kernel-header.deb -c "$RPI_32_KERNELHEADER_URL"
             	  mv "${temp_dir}"/kernel-header.deb "${R}"/tmp/kernel-header.deb
             	  chown -R root:root "${R}"/tmp/kernel-header.deb
             	  # Install kernel header
             	  chroot_exec dpkg -i /tmp/kernel-header.deb
             	  rm -f "${R}"/tmp/kernel-header.deb
             	fi
                 # Remove temporary directory and files
                 rm -fr "${temp_dir}"
             	rm -f "${R}"/tmp/kernel.deb
               fi
               # Check if kernel installation was successful
               KERNEL="$(ls -1 "${R}"/boot/firmware/kernel* | sort | tail -n 1)"
               if [ -z "$KERNEL" ] ; then
                 echo "error: kernel installation failed! (/boot/kernel* not found)"
                 cleanup
                 exit 1
               fi
-            fi
+            fi
  No newline at end of file

bootstrap.d/14-fstab.sh +5 -5

             #
             # Setup fstab and initramfs
             #
             # Load utility functions
             . ./functions.sh
             # Install and setup fstab
             install_readonly files/mount/fstab "${ETC_DIR}/fstab"
             # Generate initramfs file
             if [ "$ENABLE_INITRAMFS" = true ] ; then
               if [ "$ENABLE_CRYPTFS" = true ] ; then
                 # Include initramfs scripts to auto expand encrypted root partition
                 if [ "$EXPANDROOT" = true ] ; then
                   install_exec files/initramfs/expand_encrypted_rootfs "${ETC_DIR}/initramfs-tools/scripts/init-premount/expand_encrypted_rootfs"
                   install_exec files/initramfs/expand-premount "${ETC_DIR}/initramfs-tools/scripts/local-premount/expand-premount"
                   install_exec files/initramfs/expand-tools "${ETC_DIR}/initramfs-tools/hooks/expand-tools"
                 fi
                 # Replace fstab root partition with encrypted partition mapping
                 sed -i "s/mmcblk0p2/mapper\/${CRYPTFS_MAPPING}/" "${ETC_DIR}/fstab"
                 # Add encrypted partition to crypttab and fstab
                 install_readonly files/mount/crypttab "${ETC_DIR}/crypttab"
                 echo "${CRYPTFS_MAPPING} /dev/mmcblk0p2 none luks,initramfs" >> "${ETC_DIR}/crypttab"
             	if [ "$ENABLE_USBBOOT" = true ] && [ "$ENABLE_SPLITFS" = false ]; then
             	  sed -i "s/mmcblk0p1/sda1/" "${ETC_DIR}/fstab"
                   # Add usb/sda2 disk to crypttab
                   sed -i "s/mmcblk0p2/sda2/" "${ETC_DIR}/crypttab"
                 fi
                 # Add encrypted root partition to fstab and crypttab
                 if [ "$ENABLE_SPLITFS" = true ] && [ "$ENABLE_USBBOOT" = false ]; then
                   # Add usb/sda1 disk to crypttab
                   sed -i "s/mmcblk0p2/sda1/" "${ETC_DIR}/crypttab"
                 fi
-                if [ "$CRYPTFS_DROPBEAR" = true ]; then
+                if [ "$CRYPTFS_DROPBEAR" = true ] ; then
-                  if [ "$ENABLE_DHCP" = false ] ; then
+                  if [ "$ENABLE_ETH_DHCP" = false ] ; then
                     # Get cdir from NET_ADDRESS e.g. 24
-                    cdir=$(printf "%s" "${NET_ADDRESS}" | cut -d '/' -f2)
+                    cdir=$(printf "%s" "${NET_ETH_ADDRESS}" | cut -d '/' -f2)
                     # Convert cdir ro netmask e.g. 24 to 255.255.255.0
                     NET_MASK=$(cdr2mask "$cdir")
                     # Write static ip settings to "${ETC_DIR}"/initramfs-tools/initramfs.conf
-                    # ip=<client-ip>:<server-ip>:<gw-ip>:<netmask>:<hostname>:<device>:<autoconf>
+                    # ip=<client-ip>:<server-ip>:<gw-ip>:<netmask>:<HOSTNAME>:<device>:<autoconf>
-                    sed -i "\$a\nIP=${NET_ADDRESS}::${NET_GATEWAY}:${NET_MASK}:${HOSTNAME}:" "${ETC_DIR}"/initramfs-tools/initramfs.conf
+                    sed -i "\$a\nIP=${NET_ETH_ADDRESS}::${NET_ETH_GATEWAY}:${NET_MASK}:${HOSTNAME}:" "${ETC_DIR}"/initramfs-tools/initramfs.conf
                   else
                     sed -i "\$a\nIP=::::${HOSTNAME}::dhcp" "${ETC_DIR}"/initramfs-tools/initramfs.conf
                   fi
                   if [ -n "$CRYPTFS_DROPBEAR_PUBKEY" ] && [ -f "$CRYPTFS_DROPBEAR_PUBKEY" ] ; then
                     install_readonly "${CRYPTFS_DROPBEAR_PUBKEY}" "${ETC_DIR}"/dropbear-initramfs/id_rsa.pub
                     cat "${ETC_DIR}"/dropbear-initramfs/id_rsa.pub >> "${ETC_DIR}"/dropbear-initramfs/authorized_keys
                   else
                     # Create key
                     chroot_exec /usr/bin/dropbearkey -t rsa -f /etc/dropbear-initramfs/id_rsa.dropbear
                     # Convert dropbear key to openssh key
                     chroot_exec /usr/lib/dropbear/dropbearconvert dropbear openssh /etc/dropbear-initramfs/id_rsa.dropbear /etc/dropbear-initramfs/id_rsa
                     # Get Public Key Part
                     chroot_exec /usr/bin/dropbearkey -y -f /etc/dropbear-initramfs/id_rsa.dropbear | chroot_exec tee /etc/dropbear-initramfs/id_rsa.pub
                     # Delete unwanted lines
                     sed -i '/Public/d' "${ETC_DIR}"/dropbear-initramfs/id_rsa.pub
                     sed -i '/Fingerprint/d' "${ETC_DIR}"/dropbear-initramfs/id_rsa.pub
                     # Trust the new key
                     cat "${ETC_DIR}"/dropbear-initramfs/id_rsa.pub > "${ETC_DIR}"/dropbear-initramfs/authorized_keys
                     # Save Keys - convert with putty from rsa/openssh to puttkey
                     cp -f "${ETC_DIR}"/dropbear-initramfs/id_rsa "${BASEDIR}"/dropbear_initramfs_key.rsa
                     # Get unlock script
                     install_exec files/initramfs/crypt_unlock.sh "${ETC_DIR}"/initramfs-tools/hooks/crypt_unlock.sh
                     # Enable Dropbear inside initramfs
                     printf "#\n# DROPBEAR: [ y | n ]\n#\n\nDROPBEAR=y\n" >> "${ETC_DIR}/initramfs-tools/initramfs.conf"
                     # Enable Dropbear inside initramfs
                     sed -i "54 i sleep 5" "${R}"/usr/share/initramfs-tools/scripts/init-premount/dropbear
                   fi
                 # CRYPTFSDROPBEAR=false
                 else
                   # Disable SSHD inside initramfs
                   printf "#\n# DROPBEAR: [ y | n ]\n#\n\nDROPBEAR=n\n" >> "${ETC_DIR}/initramfs-tools/initramfs.conf"
                 fi
                 # Add cryptsetup modules to initramfs
                 #printf "#\n# CRYPTSETUP: [ y | n ]\n#\n\nCRYPTSETUP=y\n" >> "${ETC_DIR}/initramfs-tools/conf-hook"
                 # Dummy mapping required by mkinitramfs
                 echo "0 1 crypt "${CRYPTFS_CIPHER}" ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff 0 7:0 4096" | chroot_exec dmsetup create "${CRYPTFS_MAPPING}"
                 # Generate initramfs with encrypted root partition support
                 chroot_exec mkinitramfs -o "/boot/firmware/initramfs-${KERNEL_VERSION}" "${KERNEL_VERSION}"
                 # Remove dummy mapping
                 chroot_exec cryptsetup close "${CRYPTFS_MAPPING}"
               # CRYPTFS=false
               else
               	#USB BOOT /boot on sda1 / on sda2
             	if [ "$ENABLE_USBBOOT" = true ] ; then
               	  sed -i "s/mmcblk0p1/sda1/" "${ETC_DIR}/fstab"
               	  sed -i "s/mmcblk0p2/sda2/" "${ETC_DIR}/fstab"
             	fi
             	# Add usb/sda disk root partition to fstab
             	if [ "$ENABLE_SPLITFS" = true ] ; then
               	  sed -i "s/mmcblk0p2/sda1/" "${ETC_DIR}/fstab"
             	fi
                 # Generate initramfs without encrypted root partition support
                 chroot_exec mkinitramfs -o "/boot/firmware/initramfs-${KERNEL_VERSION}" "${KERNEL_VERSION}"
               fi
             fi

bootstrap.d/15-rpi-config.sh +4 -1

             #
             # Setup RPi2/3 config and cmdline
             #
             # Load utility functions
             . ./functions.sh
             if [ -n "$RPI_FIRMWARE_DIR" ] && [ -d "$RPI_FIRMWARE_DIR" ] ; then
               # Install boot binaries from local directory
               cp "${RPI_FIRMWARE_DIR}"/boot/bootcode.bin "${BOOT_DIR}"/bootcode.bin
               cp "${RPI_FIRMWARE_DIR}"/boot/fixup.dat "${BOOT_DIR}"/fixup.dat
               cp "${RPI_FIRMWARE_DIR}"/boot/fixup_cd.dat "${BOOT_DIR}"/fixup_cd.dat
               cp "${RPI_FIRMWARE_DIR}"/boot/fixup_x.dat "${BOOT_DIR}"/fixup_x.dat
               cp "${RPI_FIRMWARE_DIR}"/boot/start.elf "${BOOT_DIR}"/start.elf
               cp "${RPI_FIRMWARE_DIR}"/boot/start_cd.elf "${BOOT_DIR}"/start_cd.elf
               cp "${RPI_FIRMWARE_DIR}"/boot/start_x.elf "${BOOT_DIR}"/start_x.elf
             else
               # Create temporary directory for boot binaries
               temp_dir=$(as_nobody mktemp -d)
               # Install latest boot binaries from raspberry/firmware github
               as_nobody wget -q -O "${temp_dir}/bootcode.bin" "${FIRMWARE_URL}/bootcode.bin"
               as_nobody wget -q -O "${temp_dir}/fixup.dat" "${FIRMWARE_URL}/fixup.dat"
               as_nobody wget -q -O "${temp_dir}/fixup_cd.dat" "${FIRMWARE_URL}/fixup_cd.dat"
               as_nobody wget -q -O "${temp_dir}/fixup_x.dat" "${FIRMWARE_URL}/fixup_x.dat"
               as_nobody wget -q -O "${temp_dir}/start.elf" "${FIRMWARE_URL}/start.elf"
               as_nobody wget -q -O "${temp_dir}/start_cd.elf" "${FIRMWARE_URL}/start_cd.elf"
               as_nobody wget -q -O "${temp_dir}/start_x.elf" "${FIRMWARE_URL}/start_x.elf"
               # Move downloaded boot binaries
               mv "${temp_dir}/"* "${BOOT_DIR}/"
               # Remove temporary directory for boot binaries
               rm -fr "${temp_dir}"
               # Set permissions of the boot binaries
               chown -R root:root "${BOOT_DIR}"
               chmod -R 600 "${BOOT_DIR}"
             fi
             # Setup firmware boot cmdline
             if [ "$ENABLE_USBBOOT" = true ] ; then
               CMDLINE="dwc_otg.lpm_enable=0 root=/dev/sda2 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline console=tty1 rootwait init=/bin/systemd"
             else
               if [ "$ENABLE_SPLITFS" = true ] ; then
                 CMDLINE="dwc_otg.lpm_enable=0 root=/dev/sda1 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline console=tty1 rootwait init=/bin/systemd"
               else
                 CMDLINE="dwc_otg.lpm_enable=0 root=/dev/mmcblk0p2 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline console=tty1 rootwait init=/bin/systemd"
               fi
             fi
             # Add encrypted root partition to cmdline.txt
             if [ "$ENABLE_CRYPTFS" = true ] ; then
               if [ "$ENABLE_SPLITFS" = true ] ; then
                 CMDLINE=$(echo "${CMDLINE}" | sed "s/sda1/mapper\/${CRYPTFS_MAPPING} cryptdevice=\/dev\/sda1:${CRYPTFS_MAPPING}/")
               else
                 if [ "$ENABLE_USBBOOT" = true ] ; then
                   CMDLINE=$(echo "${CMDLINE}" | sed "s/sda2/mapper\/${CRYPTFS_MAPPING} cryptdevice=\/dev\/sda2:${CRYPTFS_MAPPING}/")
                 else
                   CMDLINE=$(echo "${CMDLINE}" | sed "s/mmcblk0p2/mapper\/${CRYPTFS_MAPPING} cryptdevice=\/dev\/mmcblk0p2:${CRYPTFS_MAPPING}/")
                 fi
               fi
             fi
             # Enable Kernel messages on standard output
             if [ "$ENABLE_PRINTK" = true ] ; then
               install_readonly files/sysctl.d/83-rpi-printk.conf "${ETC_DIR}/sysctl.d/83-rpi-printk.conf"
             fi
             # Enable Kernel messages on standard output
             if [ "$KERNEL_SECURITY" = true ] ; then
               install_readonly files/sysctl.d/84-rpi-ASLR.conf "${ETC_DIR}/sysctl.d/84-rpi-ASLR.conf"
             fi
             # Install udev rule for serial alias - serial0 = console serial1=bluetooth
             install_readonly files/etc/99-com.rules "${LIB_DIR}/udev/rules.d/99-com.rules"
             # Remove IPv6 networking support
             if [ "$ENABLE_IPV6" = false ] ; then
               CMDLINE="${CMDLINE} ipv6.disable=1"
             fi
             # Automatically assign predictable network interface names
             if [ "$ENABLE_IFNAMES" = false ] ; then
               CMDLINE="${CMDLINE} net.ifnames=0"
             else
               CMDLINE="${CMDLINE} net.ifnames=1"
             fi
             # Disable Raspberry Pi console logo
             if [ "$ENABLE_LOGO" = false ] ; then
               CMDLINE="${CMDLINE} logo.nologo"
             fi
             # Strictly limit verbosity of boot up console messages
             if [ "$ENABLE_SILENT_BOOT" = true ] ; then
               CMDLINE="${CMDLINE} quiet loglevel=0 rd.systemd.show_status=auto rd.udev.log_priority=0"
             fi
             # Install firmware config
             install_readonly files/boot/config.txt "${BOOT_DIR}/config.txt"
             # Disable Raspberry Pi console logo
             if [ "$ENABLE_SLASH" = false ] ; then
               echo "disable_splash=1" >> "${BOOT_DIR}/config.txt"
             fi
             # Locks CPU frequency at maximum
             if [ "$ENABLE_TURBO" = true ] ; then
               echo "force_turbo=1" >> "${BOOT_DIR}/config.txt"
               # helps to avoid sdcard corruption when force_turbo is enabled.
               echo "boot_delay=1" >> "${BOOT_DIR}/config.txt"
             fi
             if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] || [ "$RPI_MODEL" = 4 ]; then
               # Bluetooth enabled
               if [ "$ENABLE_BLUETOOTH" = true ] ; then
                 # Create temporary directory for Bluetooth sources
                 temp_dir=$(as_nobody mktemp -d)
                 # Fetch Bluetooth sources
                 as_nobody git -C "${temp_dir}" clone "${BLUETOOTH_URL}"
                 # Copy downloaded sources
                 mv "${temp_dir}/pi-bluetooth" "${R}/tmp/"
                 # Set permissions
                 chown -R root:root "${R}/tmp/pi-bluetooth"
                 # Bluetooth firmware from arch aur https://aur.archlinux.org/packages/pi-bluetooth/
                 wget -q -O "${R}/tmp/pi-bluetooth/LICENCE.broadcom_bcm43xx" https://aur.archlinux.org/cgit/aur.git/plain/LICENCE.broadcom_bcm43xx?h=pi-bluetooth
                 wget -q -O "${R}/tmp/pi-bluetooth/BCM43430A1.hcd" https://raw.githubusercontent.com/RPi-Distro/bluez-firmware/master/broadcom/BCM43430A1.hcd
                 # Install tools
                 install_readonly "${R}/tmp/pi-bluetooth/usr/bin/btuart" "${R}/usr/bin/btuart"
                 install_readonly "${R}/tmp/pi-bluetooth/usr/bin/bthelper" "${R}/usr/bin/bthelper"
             	# make scripts executable
             	chmod +x "${R}/usr/bin/bthelper"
             	chmod +x "${R}/usr/bin/btuart"
                 # Install bluetooth udev rule
                 install_readonly "${R}/tmp/pi-bluetooth/lib/udev/rules.d/90-pi-bluetooth.rules" "${LIB_DIR}/udev/rules.d/90-pi-bluetooth.rules"
                 # Install Firmware Flash file and apropiate licence
                 mkdir -p "$BLUETOOTH_FIRMWARE_DIR"
                 install_readonly "${R}/tmp/pi-bluetooth/LICENCE.broadcom_bcm43xx" "${BLUETOOTH_FIRMWARE_DIR}/LICENCE.broadcom_bcm43xx"
                 install_readonly "${R}/tmp/pi-bluetooth/BCM43430A1.hcd" "${BLUETOOTH_FIRMWARE_DIR}/BCM43430A1.hcd"
                 install_readonly "${R}/tmp/pi-bluetooth/debian/pi-bluetooth.bthelper@.service" "${ETC_DIR}/systemd/system/pi-bluetooth.bthelper@.service"
                 install_readonly "${R}/tmp/pi-bluetooth/debian/pi-bluetooth.hciuart.service" "${ETC_DIR}/systemd/system/pi-bluetooth.hciuart.service"
                 # Remove temporary directories
                 rm -fr "${temp_dir}"
             	rm -fr "${R}"/tmp/pi-bluetooth
                 # Switch Pi3 Bluetooth function to use the mini-UART (ttyS0) and restore UART0/ttyAMA0 over GPIOs 14 & 15. Slow Bluetooth and slow cpu. Use /dev/ttyS0 instead of /dev/ttyAMA0
                 if [ "$ENABLE_MINIUART_OVERLAY" = true ] ; then
             	  # set overlay to swap ttyAMA0 and ttyS0
                   echo "dtoverlay=pi3-miniuart-bt" >> "${BOOT_DIR}/config.txt"
             	  if [ "$ENABLE_TURBO" = false ] ; then
                     echo "core_freq=250" >> "${BOOT_DIR}/config.txt"
                   fi
             	fi
             	# Activate services
             	chroot_exec systemctl enable pi-bluetooth.hciuart.service
               else # if ENABLE_BLUETOOTH = false
               	# set overlay to disable bluetooth
                 echo "dtoverlay=pi3-disable-bt" >> "${BOOT_DIR}/config.txt"
               fi # ENABLE_BLUETOOTH end
             fi
             # may need sudo systemctl disable hciuart
             if [ "$ENABLE_CONSOLE" = true ] ; then
               echo "enable_uart=1"  >> "${BOOT_DIR}/config.txt"
+              #More debug output on early but with serial console
+              echo "uart_2ndstage=1"  >> "${BOOT_DIR}/config.txt"
               # add string to cmdline
               CMDLINE="${CMDLINE} console=serial0,115200"
               if [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ]|| [ "$RPI_MODEL" = 0 ]; then
                 # if force_turbo didn't lock cpu at high speed, lock it at low speed (XOR logic) or miniuart will be broken
                 if [ "$ENABLE_TURBO" = false ] ; then
                   echo "core_freq=250" >> "${BOOT_DIR}/config.txt"
                 fi
               fi
               # Enable serial console systemd style
               chroot_exec systemctl enable serial-getty@serial0.service
             else
               echo "enable_uart=0"  >> "${BOOT_DIR}/config.txt"
             fi
             # Disable dphys-swapfile service. Will get enabled on first boot
             if [ "$ENABLE_DPHYSSWAP" = true ] ; then
               chroot_exec systemctl disable dphys-swapfile
             fi
             if [ "$ENABLE_SYSTEMDSWAP" = true ] ; then
               # Create temporary directory for systemd-swap sources
               temp_dir=$(as_nobody mktemp -d)
               # Fetch systemd-swap sources
               as_nobody git -C "${temp_dir}" clone "${SYSTEMDSWAP_URL}"
               # Copy downloaded systemd-swap sources
               mv "${temp_dir}/systemd-swap" "${R}/tmp/"
               # Change into downloaded src dir
               cd "${R}/tmp/systemd-swap" || exit
               # Get Verion
               VERSION=$(git tag | tail -n 1)
               #sed -i "s/DEB_NAME=.*/DEB_NAME=systemd-swap_all/g" "${R}/tmp/systemd-swap/package.sh"
               # Build package
               bash ./package.sh debian
               # Change back into script root dir
               cd "${WORKDIR}" || exit
               # Set permissions of the systemd-swap sources
               chown -R root:root "${R}/tmp/systemd-swap"
               # Install package - IMPROVE AND MAKE IT POSSIBLE WITHOUT VERSION NR.
               chroot_exec dpkg -i /tmp/systemd-swap/systemd-swap_"$VERSION"_all.deb
               # Enable service
               chroot_exec systemctl enable systemd-swap
               # Remove temporary directory for systemd-swap sources
               rm -fr "${temp_dir}"
             else
               # Enable ZSWAP in cmdline if systemd-swap is not used
               if [ "$KERNEL_ZSWAP" = true ] ; then
                 CMDLINE="${CMDLINE} zswap.enabled=1 zswap.max_pool_percent=25 zswap.compressor=lz4"
               fi
             fi
               if [ "$KERNEL_SECURITY" = true ] ; then
                 CMDLINE="${CMDLINE} apparmor=1 security=apparmor"
               fi
             # Install firmware boot cmdline
             echo "${CMDLINE}" > "${BOOT_DIR}/cmdline.txt"
             # Setup minimal GPU memory allocation size: 16MB (no X)
             if [ "$ENABLE_MINGPU" = true ] ; then
               echo "gpu_mem=16" >> "${BOOT_DIR}/config.txt"
             fi
             # Setup boot with initramfs
             if [ "$ENABLE_INITRAMFS" = true ] ; then
               echo "initramfs initramfs-${KERNEL_VERSION} followkernel" >> "${BOOT_DIR}/config.txt"
             fi
             # Create firmware configuration and cmdline symlinks
             ln -sf firmware/config.txt "${R}/boot/config.txt"
             ln -sf firmware/cmdline.txt "${R}/boot/cmdline.txt"
             # Install and setup kernel modules to load at boot
             mkdir -p "${LIB_DIR}/modules-load.d/"
             install_readonly files/modules/rpi2.conf "${LIB_DIR}/modules-load.d/rpi2.conf"
             # Load hardware random module at boot
             if [ "$ENABLE_HWRANDOM" = true ] && [ "$BUILD_KERNEL" = false ] ; then
               sed -i "s/^# bcm2708_rng/bcm2708_rng/" "${LIB_DIR}/modules-load.d/rpi2.conf"
             fi
             # Load sound module at boot
             if [ "$ENABLE_SOUND" = true ] ; then
               sed -i "s/^# snd_bcm2835/snd_bcm2835/" "${LIB_DIR}/modules-load.d/rpi2.conf"
             else
               echo "dtparam=audio=off" >> "${BOOT_DIR}/config.txt"
             fi
             # Enable I2C interface
             if [ "$ENABLE_I2C" = true ] ; then
               echo "dtparam=i2c_arm=on" >> "${BOOT_DIR}/config.txt"
               sed -i "s/^# i2c-bcm2708/i2c-bcm2708/" "${LIB_DIR}/modules-load.d/rpi2.conf"
               sed -i "s/^# i2c-dev/i2c-dev/" "${LIB_DIR}/modules-load.d/rpi2.conf"
             fi
             # Enable SPI interface
             if [ "$ENABLE_SPI" = true ] ; then
               echo "dtparam=spi=on" >> "${BOOT_DIR}/config.txt"
               echo "spi-bcm2708" >> "${LIB_DIR}/modules-load.d/rpi2.conf"
               if [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ]; then
                 sed -i "s/spi-bcm2708/spi-bcm2835/" "${LIB_DIR}/modules-load.d/rpi2.conf"
               fi
             fi
             # Disable RPi2/3 under-voltage warnings
             if [ -n "$DISABLE_UNDERVOLT_WARNINGS" ] ; then
               echo "avoid_warnings=${DISABLE_UNDERVOLT_WARNINGS}" >> "${BOOT_DIR}/config.txt"
             fi
             # Install kernel modules blacklist
             mkdir -p "${ETC_DIR}/modprobe.d/"
             install_readonly files/modules/raspi-blacklist.conf "${ETC_DIR}/modprobe.d/raspi-blacklist.conf"
             # Install sysctl.d configuration files
             install_readonly files/sysctl.d/81-rpi-vm.conf "${ETC_DIR}/sysctl.d/81-rpi-vm.conf"

bootstrap.d/20-networking.sh +78 -28

             #
             # Setup Networking
             #
             # Load utility functions
             . ./functions.sh
             # Install and setup hostname
             install_readonly files/network/hostname "${ETC_DIR}/hostname"
             sed -i "s/^RaspberryPI/${HOSTNAME}/" "${ETC_DIR}/hostname"
             # Install and setup hosts
             install_readonly files/network/hosts "${ETC_DIR}/hosts"
             sed -i "s/RaspberryPI/${HOSTNAME}/" "${ETC_DIR}/hosts"
             # Setup hostname entry with static IP
-            if [ "$NET_ADDRESS" != "" ] ; then
+            if [ "$NET_ETH_ADDRESS" != "" ] ; then
-              NET_IP=$(echo "${NET_ADDRESS}" | cut -f 1 -d'/')
+              NET_IP=$(echo "${NET_ETH_ADDRESS}" | cut -f 1 -d'/')
               sed -i "s/^127.0.1.1/${NET_IP}/" "${ETC_DIR}/hosts"
             fi
             # Remove IPv6 hosts
             if [ "$ENABLE_IPV6" = false ] ; then
               sed -i -e "/::[1-9]/d" -e "/^$/d" "${ETC_DIR}/hosts"
             fi
             # Install hint about network configuration
             install_readonly files/network/interfaces "${ETC_DIR}/network/interfaces"
             # Install configuration for interface eth0
-            install_readonly files/network/eth.network "${ETC_DIR}/systemd/network/eth.network"
+            install_readonly files/network/eth0.network "${ETC_DIR}/systemd/network/eth0.network"
             if [ "$RPI_MODEL" = 3P ] ; then
-            printf "\n[Link]\nGenericReceiveOffload=off\nTCPSegmentationOffload=off\nGenericSegmentationOffload=off" >> "${ETC_DIR}/systemd/network/eth.network"
+            printf "\n[Link]\nGenericReceiveOffload=off\nTCPSegmentationOffload=off\nGenericSegmentationOffload=off" >> "${ETC_DIR}/systemd/network/eth0.network"
             fi
             # Install configuration for interface wl*
-            install_readonly files/network/wlan.network "${ETC_DIR}/systemd/network/wlan.network"
+            install_readonly files/network/wlan0.network "${ETC_DIR}/systemd/network/wlan0.network"
             #always with dhcp since wpa_supplicant integration is missing
-            sed -i -e "s/DHCP=.*/DHCP=yes/" -e "/DHCP/q" "${ETC_DIR}/systemd/network/wlan.network"
+            sed -i -e "s/DHCP=.*/DHCP=yes/" -e "/DHCP/q" "${ETC_DIR}/systemd/network/wlan0.network"
-            if [ "$ENABLE_DHCP" = true ] ; then
+            if [ "$ENABLE_ETH_DHCP" = true ] ; then
               # Enable DHCP configuration for interface eth0
-              sed -i -e "s/DHCP=.*/DHCP=yes/" -e "/DHCP/q" "${ETC_DIR}/systemd/network/eth.network"
+              sed -i -e "s/DHCP=.*/DHCP=yes/" -e "/DHCP/q" "${ETC_DIR}/systemd/network/eth0.network"
               # Set DHCP configuration to IPv4 only
               if [ "$ENABLE_IPV6" = false ] ; then
-                sed -i "s/DHCP=.*/DHCP=v4/" "${ETC_DIR}/systemd/network/eth.network"
+                sed -i "s/DHCP=.*/DHCP=v4/" "${ETC_DIR}/systemd/network/eth0.network"
+            	sed '/IPv6PrivacyExtensions=true/d' "${ETC_DIR}/systemd/network/eth0.network"
               fi
-            else # ENABLE_DHCP=false
+            else # ENABLE_ETH_DHCP=false
               # Set static network configuration for interface eth0
-              sed -i\
+              if [ -n NET_ETH_ADDRESS ] && [ -n NET_ETH_GATEWAY ] && [ -n NET_ETH_DNS_1 ] ; then
-              -e "s|DHCP=.*|DHCP=no|"\
+                sed -i\
-              -e "s|Address=\$|Address=${NET_ADDRESS}|"\
+                -e "s|DHCP=.*|DHCP=no|"\
-              -e "s|Gateway=\$|Gateway=${NET_GATEWAY}|"\
+                -e "s|Address=\$|Address=${NET_ETH_ADDRESS}|"\
-              -e "0,/DNS=\$/ s|DNS=\$|DNS=${NET_DNS_1}|"\
+                -e "s|Gateway=\$|Gateway=${NET_ETH_GATEWAY}|"\
-              -e "0,/DNS=\$/ s|DNS=\$|DNS=${NET_DNS_2}|"\
+                -e "0,/DNS=\$/ s|DNS=\$|DNS=${NET_ETH_DNS_1}|"\
-              -e "s|Domains=\$|Domains=${NET_DNS_DOMAINS}|"\
+                -e "0,/DNS=\$/ s|DNS=\$|DNS=${NET_ETH_DNS_2}|"\
-              -e "0,/NTP=\$/ s|NTP=\$|NTP=${NET_NTP_1}|"\
+                -e "s|Domains=\$|Domains=${NET_ETH_DNS_DOMAINS}|"\
-              -e "0,/NTP=\$/ s|NTP=\$|NTP=${NET_NTP_2}|"\
+                -e "0,/NTP=\$/ s|NTP=\$|NTP=${NET_ETH_NTP_1}|"\
-              "${ETC_DIR}/systemd/network/eth.network"
+                -e "0,/NTP=\$/ s|NTP=\$|NTP=${NET_ETH_NTP_2}|"\
+                "${ETC_DIR}/systemd/network/eth0.network"
+              fi
             fi
-            # Remove empty settings from network configuration
-            sed -i "/.*=\$/d" "${ETC_DIR}/systemd/network/eth.network"
-            # Remove empty settings from wlan configuration
-            sed -i "/.*=\$/d" "${ETC_DIR}/systemd/network/wlan.network"
-            # Move systemd network configuration if required by Debian release
-            mv -v "${ETC_DIR}/systemd/network/eth.network" "${LIB_DIR}/systemd/network/10-eth.network"
-            # If WLAN is enabled copy wlan configuration too
             if [ "$ENABLE_WIRELESS" = true ] ; then
-              mv -v "${ETC_DIR}/systemd/network/wlan.network" "${LIB_DIR}/systemd/network/11-wlan.network"
+              if [ "$ENABLE_WIFI_DHCP" = true ] ; then
+                # Enable DHCP configuration for interface eth0
+                sed -i -e "s/DHCP=.*/DHCP=yes/" -e "/DHCP/q" "${ETC_DIR}/systemd/network/wlan0.network"
+                # Set DHCP configuration to IPv4 only
+                if [ "$ENABLE_IPV6" = false ] ; then
+                  sed -i "s/DHCP=.*/DHCP=v4/" "${ETC_DIR}/systemd/network/wlan0.network"
+            	  sed '/IPv6PrivacyExtensions=true/d' "${ETC_DIR}/systemd/network/wlan0.network"
+                fi
+              else # ENABLE_WIFI_DHCP=false
+                # Set static network configuration for interface eth0
+            	if [ -n NET_WIFI_ADDRESS ] && [ -n NET_WIFI_GATEWAY ] && [ -n NET_WIFI_DNS_1 ] ; then
+                  sed -i\
+                  -e "s|DHCP=.*|DHCP=no|"\
+                  -e "s|Address=\$|Address=${NET_WIFI_ADDRESS}|"\
+                  -e "s|Gateway=\$|Gateway=${NET_WIFI_GATEWAY}|"\
+                  -e "0,/DNS=\$/ s|DNS=\$|DNS=${NET_WIFI_DNS_1}|"\
+                  -e "0,/DNS=\$/ s|DNS=\$|DNS=${NET_WIFI_DNS_2}|"\
+                  -e "s|Domains=\$|Domains=${NET_WIFI_DNS_DOMAINS}|"\
+                  -e "0,/NTP=\$/ s|NTP=\$|NTP=${NET_WIFI_NTP_1}|"\
+                  -e "0,/NTP=\$/ s|NTP=\$|NTP=${NET_WIFI_NTP_2}|"\
+                  "${ETC_DIR}/systemd/network/wlan0.network"
+            	fi
+              fi
+              if [ -z "$NET_WIFI_SSID" ] && [ -z "$NET_WIFI_PSK" ] ; then
+              printf "
+              ctrl_interface=/run/wpa_supplicant
+              ctrl_interface_group=wheel
+              update_config=1
+              eapol_version=1
+              ap_scan=1
+              fast_reauth=1
+              " > /etc/wpa_supplicant/wpa_supplicant-wlan0.conf
+              #Configure WPA_supplicant
+              chroot_exec wpa_passphrase "$NET_SSID" "$NET_WPAPSK" >> /etc/wpa_supplicant/wpa_supplicant-wlan0.conf
+              chroot_exec systemctl enable wpa_supplicant.service
+              chroot_exec systemctl enable wpa_supplicant@wlan0.service
+              fi
+              # Remove empty settings from wlan configuration
+              sed -i "/.*=\$/d" "${ETC_DIR}/systemd/network/wlan0.network"
+              # If WLAN is enabled copy wlan configuration too
+              mv -v "${ETC_DIR}/systemd/network/wlan0.network" "${LIB_DIR}/systemd/network/11-wlan0.network"
             fi
+            # Remove empty settings from network configuration
+            sed -i "/.*=\$/d" "${ETC_DIR}/systemd/network/eth0.network"
+            # Move systemd network configuration if required by Debian release
+            mv -v "${ETC_DIR}/systemd/network/eth0.network" "${LIB_DIR}/systemd/network/10-eth0.network"
+            #Clean up
             rm -fr "${ETC_DIR}/systemd/network"
             # Enable systemd-networkd service
             chroot_exec systemctl enable systemd-networkd
             # Install host.conf resolver configuration
             install_readonly files/network/host.conf "${ETC_DIR}/host.conf"
             # Enable network stack hardening
             if [ "$ENABLE_HARDNET" = true ] ; then
               # Install sysctl.d configuration files
               install_readonly files/sysctl.d/82-rpi-net-hardening.conf "${ETC_DIR}/sysctl.d/82-rpi-net-hardening.conf"
               # Setup resolver warnings about spoofed addresses
               sed -i "s/^# spoof warn/spoof warn/" "${ETC_DIR}/host.conf"
             fi
             # Enable time sync
             if [ "$NET_NTP_1" != "" ] ; then
               chroot_exec systemctl enable systemd-timesyncd.service
             fi
             # Download the firmware binary blob required to use the RPi3 wireless interface
             if [ "$ENABLE_WIRELESS" = true ] ; then
               if [ ! -d "${WLAN_FIRMWARE_DIR}" ] ; then
                 mkdir -p "${WLAN_FIRMWARE_DIR}"
               fi
               # Create temporary directory for firmware binary blob
               temp_dir=$(as_nobody mktemp -d)
               # Fetch firmware binary blob for RPI3B+
               if [ "$RPI_MODEL" = 3P ] || [ "$RPI_MODEL" = 4 ] ; then
                 # Fetch firmware binary blob for RPi3P
                 as_nobody wget -q -O "${temp_dir}/brcmfmac43455-sdio.bin" "${WLAN_FIRMWARE_URL}/brcmfmac43455-sdio.bin"
                 as_nobody wget -q -O "${temp_dir}/brcmfmac43455-sdio.txt" "${WLAN_FIRMWARE_URL}/brcmfmac43455-sdio.txt"
                 as_nobody wget -q -O "${temp_dir}/brcmfmac43455-sdio.clm_blob" "${WLAN_FIRMWARE_URL}/brcmfmac43455-sdio.clm_blob"
             	# Move downloaded firmware binary blob
             	mv "${temp_dir}/brcmfmac43455-sdio."* "${WLAN_FIRMWARE_DIR}/"
             	# Set permissions of the firmware binary blob
             	chown root:root "${WLAN_FIRMWARE_DIR}/brcmfmac43455-sdio."*
                 chmod 600 "${WLAN_FIRMWARE_DIR}/brcmfmac43455-sdio."*
               elif [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 0 ] ; then
                 # Fetch firmware binary blob for RPi3
                 as_nobody wget -q -O "${temp_dir}/brcmfmac43430-sdio.bin" "${WLAN_FIRMWARE_URL}/brcmfmac43430-sdio.bin"
                 as_nobody wget -q -O "${temp_dir}/brcmfmac43430-sdio.txt" "${WLAN_FIRMWARE_URL}/brcmfmac43430-sdio.txt"
             	# Move downloaded firmware binary blob
             	mv "${temp_dir}/brcmfmac43430-sdio."* "${WLAN_FIRMWARE_DIR}/"
             	# Set permissions of the firmware binary blob
             	chown root:root "${WLAN_FIRMWARE_DIR}/brcmfmac43430-sdio."*
                 chmod 600 "${WLAN_FIRMWARE_DIR}/brcmfmac43430-sdio."*
               fi
               # Remove temporary directory for firmware binary blob
               rm -fr "${temp_dir}"
             fi

bootstrap.d/21-firewall.sh +1 -1

             #
             # Setup Firewall
             #
             # Load utility functions
             . ./functions.sh
             if [ "$ENABLE_IPTABLES" = true ] ; then
               # Create iptables configuration directory
               mkdir -p "${ETC_DIR}/iptables"
               if [ "$KERNEL_NF" = false ] ; then
                 # iptables-save and -restore are slaves of iptables and thus are set accordingly
                 chroot_exec update-alternatives --verbose --set iptables /usr/sbin/iptables-legacy
               fi
               # Install iptables systemd service
               install_readonly files/iptables/iptables.service "${ETC_DIR}/systemd/system/iptables.service"
               # Install flush-table script called by iptables service
               install_exec files/iptables/flush-iptables.sh "${ETC_DIR}/iptables/flush-iptables.sh"
               # Install iptables rule file
               install_readonly files/iptables/iptables.rules "${ETC_DIR}/iptables/iptables.rules"
               # Reload systemd configuration and enable iptables service
               chroot_exec systemctl daemon-reload
               chroot_exec systemctl enable iptables.service
               if [ "$ENABLE_IPV6" = true ] ; then
                 if [ "$KERNEL_NF" = false ] ; then
                   # iptables-save and -restore are slaves of iptables and thus are set accordingly
                   chroot_exec update-alternatives --verbose --set ip6tables /usr/sbin/ip6tables-legacy
             	fi
                 # Install ip6tables systemd service
                 install_readonly files/iptables/ip6tables.service "${ETC_DIR}/systemd/system/ip6tables.service"
                 # Install ip6tables file
                 install_exec files/iptables/flush-ip6tables.sh "${ETC_DIR}/iptables/flush-ip6tables.sh"
                 install_readonly files/iptables/ip6tables.rules "${ETC_DIR}/iptables/ip6tables.rules"
                 # Reload systemd configuration and enable iptables service
                 chroot_exec systemctl daemon-reload
                 chroot_exec systemctl enable ip6tables.service
               fi
-              if [ "$ENABLE_SSHD" = false ] ; then
+              if [ "$SSH_ENABLE" = false ] ; then
                # Remove SSHD related iptables rules
                sed -i "/^#/! {/SSH/ s/^/# /}" "${ETC_DIR}/iptables/iptables.rules" 2> /dev/null
                sed -i "/^#/! {/SSH/ s/^/# /}" "${ETC_DIR}/iptables/ip6tables.rules" 2> /dev/null
               fi
             fi

bootstrap.d/30-security.sh +1 -1

             #
             # Setup users and security settings
             #
             # Load utility functions
             . ./functions.sh
             # Generate crypt(3) password string
-            ENCRYPTED_PASSWORD=$(mkpasswd -m sha-512 "${PASSWORD}")
+            ENCRYPTED_PASSWORD=$(mkpasswd -m sha-512 "${ROOT_PASSWORD}")
             ENCRYPTED_USER_PASSWORD=$(mkpasswd -m sha-512 "${USER_PASSWORD}")
             # Setup default user
             if [ "$ENABLE_USER" = true ] ; then
               chroot_exec adduser --gecos "$USER_NAME" --add_extra_groups --disabled-password "$USER_NAME"
               chroot_exec usermod -a -G sudo -p "${ENCRYPTED_USER_PASSWORD}" "$USER_NAME"
             fi
             # Setup root password or not
             if [ "$ENABLE_ROOT" = true ] ; then
               chroot_exec usermod -p "${ENCRYPTED_PASSWORD}" root
             else
               # Set no root password to disable root login
               chroot_exec usermod -p \'!\' root
             fi

bootstrap.d/32-sshd.sh +1 -1

             #
             # Setup SSH settings and public keys
             #
             # Load utility functions
             . ./functions.sh
-            if [ "$ENABLE_SSHD" = true ] ; then
+            if [ "$SSH_ENABLE" = true ] ; then
               DROPBEAR_ARGS=""
               if [ "$SSH_ENABLE_ROOT" = false ] ; then
                 if [ "$ENABLE_REDUCE" = false ] || [ "$REDUCE_SSHD" = false ] ; then
                   # User root is not allowed to log in
                   sed -i "s|[#]*PermitRootLogin.*|PermitRootLogin no|g" "${ETC_DIR}/ssh/sshd_config"
                 else
                   # User root is not allowed to log in
                   DROPBEAR_ARGS="-w"
                 fi
               fi
               if [ "$ENABLE_ROOT" = true ] && [ "$SSH_ENABLE_ROOT" = true ] ; then
                 if [ "$ENABLE_REDUCE" = false ] || [ "$REDUCE_SSHD" = false ] ; then
                   # Permit SSH root login
                   sed -i "s|[#]*PermitRootLogin.*|PermitRootLogin yes|g" "${ETC_DIR}/ssh/sshd_config"
                 else
                   # Permit SSH root login
                   DROPBEAR_ARGS=""
                 fi
                 # Add SSH (v2) public key for user root
                 if [ -n "$SSH_ROOT_PUB_KEY" ] ; then
                   # Create root SSH config directory
                   mkdir -p "${R}/root/.ssh"
                   # Set permissions of root SSH config directory
                   chroot_exec chmod 700 "/root/.ssh"
                   chroot_exec chown root:root "/root/.ssh"
                   # Add SSH (v2) public key(s) to authorized_keys file
                   cat "$SSH_ROOT_PUB_KEY" >> "${R}/root/.ssh/authorized_keys"
                   # Set permissions of root SSH authorized_keys file
                   chroot_exec chmod 600 "/root/.ssh/authorized_keys"
                   chroot_exec chown root:root "/root/.ssh/authorized_keys"
                   if [ "$ENABLE_REDUCE" = false ] || [ "$REDUCE_SSHD" = false ] ; then
                     # Allow SSH public key authentication
                     sed -i "s|[#]*PubkeyAuthentication.*|PubkeyAuthentication yes|g" "${ETC_DIR}/ssh/sshd_config"
                   fi
                 fi
               fi
               if [ "$ENABLE_USER" = true ] ; then
                 # Add SSH (v2) public key for user $USER_NAME
                 if [ -n "$SSH_USER_PUB_KEY" ] ; then
                   # Create $USER_NAME SSH config directory
                   mkdir -p "${R}/home/${USER_NAME}/.ssh"
                   # Set permissions of $USER_NAME SSH config directory
                   chroot_exec chmod 700 "/home/${USER_NAME}/.ssh"
                   chroot_exec chown "${USER_NAME}":"${USER_NAME}" "/home/${USER_NAME}/.ssh"
                   # Add SSH (v2) public key(s) to authorized_keys file
                   cat "$SSH_USER_PUB_KEY" >> "${R}/home/${USER_NAME}/.ssh/authorized_keys"
                   # Set permissions of $USER_NAME SSH config directory
                   chroot_exec chmod 600 "/home/${USER_NAME}/.ssh/authorized_keys"
                   chroot_exec chown "${USER_NAME}":"${USER_NAME}" "/home/${USER_NAME}/.ssh/authorized_keys"
                   if [ "$ENABLE_REDUCE" = false ] || [ "$REDUCE_SSHD" = false ] ; then
                     # Allow SSH public key authentication
                     sed -i "s|[#]*PubkeyAuthentication.*|PubkeyAuthentication yes|g" "${ETC_DIR}/ssh/sshd_config"
                   fi
                 fi
               fi
               # Limit the users that are allowed to login via SSH
               if [ "$SSH_LIMIT_USERS" = true ] && [ "$ENABLE_REDUCE" = false ] ; then
                 allowed_users=""
                 if [ "$ENABLE_ROOT" = true ] && [ "$SSH_ENABLE_ROOT" = true ] ; then
                   allowed_users="root"
                 fi
                 if [ "$ENABLE_USER" = true ] ; then
                   allowed_users="${allowed_users} ${USER_NAME}"
                 fi
                 if [ -n "$allowed_users" ] ; then
                   echo "AllowUsers ${allowed_users}" >> "${ETC_DIR}/ssh/sshd_config"
                 fi
               fi
               # Disable password-based authentication
               if [ "$SSH_DISABLE_PASSWORD_AUTH" = true ] ; then
                 if [ "$ENABLE_ROOT" = true ] && [ "$SSH_ENABLE_ROOT" = true ] ; then
                   if [ "$ENABLE_REDUCE" = false ] || [ "$REDUCE_SSHD" = false ] ; then
                     sed -i "s|[#]*PermitRootLogin.*|PermitRootLogin without-password|g" "${ETC_DIR}/ssh/sshd_config"
                   else
                     DROPBEAR_ARGS="-g"
                   fi
                 fi
                 if [ "$ENABLE_REDUCE" = false ] || [ "$REDUCE_SSHD" = false ] ; then
                   sed -i "s|[#]*PasswordAuthentication.*|PasswordAuthentication no|g" "${ETC_DIR}/ssh/sshd_config"
                   sed -i "s|[#]*ChallengeResponseAuthentication no.*|ChallengeResponseAuthentication no|g" "${ETC_DIR}/ssh/sshd_config"
                   sed -i "s|[#]*UsePAM.*|UsePAM no|g" "${ETC_DIR}/ssh/sshd_config"
                 else
                   DROPBEAR_ARGS="${DROPBEAR_ARGS} -s"
                 fi
               fi
               # Update dropbear SSH configuration
               if [ "$ENABLE_REDUCE" = true ] && [ "$REDUCE_SSHD" = true ] ; then
                 sed "s|^DROPBEAR_EXTRA_ARGS=.*|DROPBEAR_EXTRA_ARGS=\"${DROPBEAR_ARGS}\"|g" "${ETC_DIR}/default/dropbear"
               fi
             fi

bootstrap.d/50-firstboot.sh +3 -1

             #
             # First boot actions
             #
             # Load utility functions
             . ./functions.sh
             # Prepare rc.firstboot script
             cat files/firstboot/10-begin.sh > "${ETC_DIR}/rc.firstboot"
             # Prepare filesystem auto expand
             if [ "$EXPANDROOT" = true ] ; then
               if [ "$ENABLE_CRYPTFS" = false ] ; then
                 cat files/firstboot/20-expandroot.sh >> "${ETC_DIR}/rc.firstboot"
               else
                 # Regenerate initramfs to remove encrypted root partition auto expand
                 cat files/firstboot/21-regenerate-initramfs.sh >> "${ETC_DIR}/rc.firstboot"
               fi
               # Restart dphys-swapfile so the size of the swap file is relative to the resized root partition
               if [ "$ENABLE_DPHYSSWAP" = true ] ; then
                 cat files/firstboot/23-restart-dphys-swapfile.sh >> "${ETC_DIR}/rc.firstboot"
               fi
             fi
             # Ensure openssh server host keys are regenerated on first boot
-            if [ "$ENABLE_SSHD" = true ] ; then
+            if [ "$SSH_ENABLE" = true ] ; then
               cat files/firstboot/30-generate-ssh-keys.sh >> "${ETC_DIR}/rc.firstboot"
             fi
+            if [ "$ENABLE_DBUS" = true ] ; then
             # Ensure that dbus machine-id exists
             cat files/firstboot/40-generate-machineid.sh >> "${ETC_DIR}/rc.firstboot"
+            fi
             # Create /etc/resolv.conf symlink
             cat files/firstboot/41-create-resolv-symlink.sh >> "${ETC_DIR}/rc.firstboot"
             # Configure automatic network interface names
             if [ "$ENABLE_IFNAMES" = true ] ; then
               cat files/firstboot/42-config-ifnames.sh >> "${ETC_DIR}/rc.firstboot"
             fi
             # Finalize rc.firstboot script
             cat files/firstboot/99-finish.sh >> "${ETC_DIR}/rc.firstboot"
             chmod +x "${ETC_DIR}/rc.firstboot"
             # Install default rc.local if it does not exist
             if [ ! -f "${ETC_DIR}/rc.local" ] ; then
               install_exec files/etc/rc.local "${ETC_DIR}/rc.local"
             fi
             # Add rc.firstboot script to rc.local
             sed -i '/exit 0/d' "${ETC_DIR}/rc.local"
             echo /etc/rc.firstboot >> "${ETC_DIR}/rc.local"
             echo exit 0 >> "${ETC_DIR}/rc.local"

bootstrap.d/99-reduce.sh +22 0

             #
             # Reduce system disk usage
             #
             # Load utility functions
             . ./functions.sh
+            if [ "$ENABLE_IPV6" = false ] ; then
+            "$LIB_DIR"/xtables/libip6t_ah.so
+            "$LIB_DIR"/xtables/libip6t_dst.so
+            "$LIB_DIR"/xtables/libip6t_eui64.so
+            "$LIB_DIR"/xtables/libip6t_frag.so
+            "$LIB_DIR"/xtables/libip6t_hbh.so
+            "$LIB_DIR"/xtables/libip6t_hl.so
+            "$LIB_DIR"/xtables/libip6t_HL.so
+            "$LIB_DIR"/xtables/libip6t_icmp6.so
+            "$LIB_DIR"/xtables/libip6t_ipv6header.so
+            "$LIB_DIR"/xtables/libip6t_LOG.so
+            "$LIB_DIR"/xtables/libip6t_mh.so
+            "$LIB_DIR"/xtables/libip6t_REJECT.so
+            "$LIB_DIR"/xtables/libip6t_rt.so
+            "$LIB_DIR"/xtables/libip6t_DNAT.so
+            "$LIB_DIR"/xtables/libip6t_DNPT.so
+            "$LIB_DIR"/xtables/libip6t_MASQUERADE.so
+            "$LIB_DIR"/xtables/libip6t_NETMAP.so
+            "$LIB_DIR"/xtables/libip6t_REDIRECT.so
+            "$LIB_DIR"/xtables/libip6t_SNAT.so
+            "$LIB_DIR"/xtables/libip6t_SNPT.so
+            fi
             # Reduce the image size by various operations
             if [ "$ENABLE_REDUCE" = true ] ; then
               if [ "$REDUCE_APT" = true ] ; then
                 # Install dpkg configuration file
                 if [ "$REDUCE_DOC" = true ] || [ "$REDUCE_MAN" = true ] ; then
                   install_readonly files/dpkg/01nodoc "${ETC_DIR}/dpkg/dpkg.cfg.d/01nodoc"
                 fi
                 # Install APT configuration files
                 install_readonly files/apt/02nocache "${ETC_DIR}/apt/apt.conf.d/02nocache"
                 install_readonly files/apt/03compress "${ETC_DIR}/apt/apt.conf.d/03compress"
                 install_readonly files/apt/04norecommends "${ETC_DIR}/apt/apt.conf.d/04norecommends"
                 # Remove APT cache files
                 rm -fr "${R}/var/cache/apt/pkgcache.bin"
                 rm -fr "${R}/var/cache/apt/srcpkgcache.bin"
               fi
               # Remove all doc files
               if [ "$REDUCE_DOC" = true ] ; then
                 find "${R}/usr/share/doc" -depth -type f ! -name copyright -print0 | xargs -0 rm || true
                 find "${R}/usr/share/doc" -empty -print0 | xargs -0 rmdir || true
               fi
               # Remove all man pages and info files
               if [ "$REDUCE_MAN" = true ] ; then
                 rm -rf "${R}/usr/share/man" "${R}/usr/share/groff" "${R}/usr/share/info" "${R}/usr/share/lintian" "${R}/usr/share/linda" "${R}/var/cache/man"
               fi
               # Remove all locale translation files
               if [ "$REDUCE_LOCALE" = true ] ; then
                 find "${R}/usr/share/locale" -mindepth 1 -maxdepth 1 ! -name 'en' -print0 | xargs -0 rm -r
               fi
               # Remove hwdb PCI device classes (experimental)
               if [ "$REDUCE_HWDB" = true ] ; then
                 rm -fr "/lib/udev/hwdb.d/20-pci-*"
               fi
               # Replace bash shell by dash shell (experimental)
               if [ "$REDUCE_BASH" = true ] ; then
                 # Purge bash and update alternatives
                 echo "Yes, do as I say!" | chroot_exec apt-get purge -qq -y --allow-remove-essential bash
                 chroot_exec update-alternatives --install /bin/bash bash /bin/dash 100
               fi
               # Remove sound utils and libraries
               if [ "$ENABLE_SOUND" = false ] ; then
                 chroot_exec apt-get -qq -y purge alsa-utils libsamplerate0 libasound2 libasound2-data
               fi
               # Remove GPU kernels
               if [ "$ENABLE_MINGPU" = true ] ; then
                 rm -f "${BOOT_DIR}/start.elf"
                 rm -f "${BOOT_DIR}/fixup.dat"
                 rm -f "${BOOT_DIR}/start_x.elf"
                 rm -f "${BOOT_DIR}/fixup_x.dat"
               fi
               # Remove kernel and initrd from /boot (already in /boot/firmware)
               if [ "$BUILD_KERNEL" = false ] ; then
                 rm -f "${R}/boot/vmlinuz-*"
                 rm -f "${R}/boot/initrd.img-*"
               fi
               # Clean APT list of repositories
               rm -fr "${R}/var/lib/apt/lists/*"
               chroot_exec apt-get -qq -y update
             fi

files/firstboot/42-config-ifnames.sh +25 -6

@@ -1,13 +1,32
1	logger -t "rc.firstboot" "Configuring network interface name"	1	logger -t "rc.firstboot" "Configuring network interface name"
2		2
3	INTERFACE_NAME=$(dmesg \| grep "renamed from eth0" \| awk -F ":\| " '{ print $9 }')	3	INTERFACE_NAME_ETH=$(dmesg \| grep "renamed from eth0" \| awk -F ":\| " '{ print $9 }')
		4	INTERFACE_NAME_WIFI=$(dmesg \| grep "renamed from wlan0" \| awk -F ":\| " '{ print $9 }')
4		5
5	if [ ! -z INTERFACE_NAME ] ; then	6	if [ ! -z INTERFACE_NAME_ETH ] ; then
6	if [ -r "/etc/systemd/network/eth.network" ] ; then	7	if [ -r "/etc/systemd/network/eth0.network" ] ; then
7	sed -i "s/eth0/${INTERFACE_NAME}/" /etc/systemd/network/eth.network	8	sed -i "s/eth0/${INTERFACE_NAME_ETH}/" /etc/systemd/network/eth0.network
8	fi	9	fi
9		10
10	if [ -r "/lib/systemd/network/10-eth.network" ] ; then	11	if [ -r "/lib/systemd/network/10-eth0.network" ] ; then
11	sed -i "s/eth0/${INTERFACE_NAME}/" /lib/systemd/network/10-eth.network	12	sed -i "s/eth0/${INTERFACE_NAME_ETH}/" /lib/systemd/network/10-eth0.network
12	fi	13	fi
		14	# Move config to new interface name
		15	mv /etc/systemd/network/eth0.network /etc/systemd/network/"${INTERFACE_NAME_ETH}".network
		16	fi
		17
		18	if [ ! -z INTERFACE_NAME_WIFI ] ; then
		19	if [ -r "/etc/systemd/network/wlan0.network" ] ; then
		20	sed -i "s/wlan0/${INTERFACE_NAME_WIFI}/" /etc/systemd/network/wlan0.network
		21	fi
		22
		23	if [ -r "/lib/systemd/network/11-wlan0.network" ] ; then
		24	sed -i "s/wlan0/${INTERFACE_NAME_WIFI}/" /lib/systemd/network/11-wlan0.network
		25	fi
		26	# Move config to new interface name
		27	mv /etc/systemd/network/wlan0.network /etc/systemd/network/"${INTERFACE_NAME_WIFI}".network
		28
		29	systemctl disable wpa_supplicant@wlan0.service
		30	systemctl enable wpa_supplicant@"${INTERFACE_NAME_WIFI}".service
		31	systemctl start wpa_supplicant@"${INTERFACE_NAME_WIFI}".service
13	fi	32	fi

rpi23-gen-image.sh +111 -88

             #!/bin/sh
             ########################################################################
             # rpi23-gen-image.sh					       2015-2017
             #
             # Advanced Debian "stretch" and "buster" bootstrap script for Raspberry Pi
             #
             # This program is free software; you can redistribute it and/or
             # modify it under the terms of the GNU General Public License
             # as published by the Free Software Foundation; either version 2
             # of the License, or (at your option) any later version.
             #
             # Copyright (C) 2015 Jan Wagner <mail@jwagner.eu>
             #
             # Big thanks for patches and enhancements by 20+ github contributors!
             ########################################################################
             # Are we running as root?
             if [ "$(id -u)" -ne "0" ] ; then
               echo "error: this script must be executed with root privileges!"
               exit 1
             fi
             # Check if ./functions.sh script exists
             if [ ! -r "./functions.sh" ] ; then
               echo "error: './functions.sh' required script not found!"
               exit 1
             fi
             # Load utility functions
             . ./functions.sh
             # Load parameters from configuration template file
             if [ -n "$CONFIG_TEMPLATE" ] ; then
               use_template
             fi
             # Introduce settings
             set -e
-            echo -n -e "\n#\n# RPi 0/1/2/3 Bootstrap Settings\n#\n"
+            echo -n -e "\n#\n# RPi 0/1/2/3/4 Bootstrap Settings\n#\n"
             set -x
             # Raspberry Pi model configuration
-            RPI_MODEL=${RPI_MODEL:=2}
+            RPI_MODEL=${RPI_MODEL:=3P}
             # Debian release
             RELEASE=${RELEASE:=buster}
             if [ $RELEASE = "bullseye" ] ; then
              RELEASE=testing
             fi
             # Kernel Branch
             KERNEL_BRANCH=${KERNEL_BRANCH:=""}
             # URLs
             KERNEL_URL=${KERNEL_URL:=https://github.com/raspberrypi/linux}
             FIRMWARE_URL=${FIRMWARE_URL:=https://github.com/raspberrypi/firmware/raw/master/boot}
             WLAN_FIRMWARE_URL=${WLAN_FIRMWARE_URL:=https://github.com/RPi-Distro/firmware-nonfree/raw/master/brcm}
             FBTURBO_URL=${FBTURBO_URL:=https://github.com/ssvb/xf86-video-fbturbo.git}
             UBOOT_URL=${UBOOT_URL:=https://git.denx.de/u-boot.git}
             VIDEOCORE_URL=${VIDEOCORE_URL:=https://github.com/raspberrypi/userland}
             BLUETOOTH_URL=${BLUETOOTH_URL:=https://github.com/RPi-Distro/pi-bluetooth.git}
             NEXMON_URL=${NEXMON_URL:=https://github.com/seemoo-lab/nexmon.git}
             SYSTEMDSWAP_URL=${SYSTEMDSWAP_URL:=https://github.com/Nefelim4ag/systemd-swap.git}
             # Kernel deb packages for 32bit kernel
             RPI_32_KERNEL_URL=${RPI_32_KERNEL_URL:=https://github.com/hypriot/rpi-kernel/releases/download/v4.14.34/raspberrypi-kernel_20180422-141901_armhf.deb}
             RPI_32_KERNELHEADER_URL=${RPI_32_KERNELHEADER_URL:=https://github.com/hypriot/rpi-kernel/releases/download/v4.14.34/raspberrypi-kernel-headers_20180422-141901_armhf.deb}
             # Kernel has KVM and zswap enabled - use if KERNEL_* parameters and precompiled kernel are used
-            RPI3_64_BIS_KERNEL_URL=${RPI3_64_BIS_KERNEL_URL:=https://github.com/sakaki-/bcmrpi3-kernel-bis/releases/download/4.19.80.20191022/bcmrpi3-kernel-bis-4.19.80.20191022.tar.xz}
+            RPI3_64_BIS_KERNEL_URL=${RPI3_64_BIS_KERNEL_URL:=https://github.com/sakaki-/bcmrpi3-kernel-bis/releases/download/4.19.102.20200211/bcmrpi3-kernel-bis-4.19.102.20200211.tar.xz}
             # Default precompiled 64bit kernel
-            RPI3_64_DEF_KERNEL_URL=${RPI3_64_DEF_KERNEL_URL:=https://github.com/sakaki-/bcmrpi3-kernel/releases/download/4.19.80.20191022/bcmrpi3-kernel-4.19.80.20191022.tar.xz}
+            RPI3_64_DEF_KERNEL_URL=${RPI3_64_DEF_KERNEL_URL:=https://github.com/sakaki-/bcmrpi3-kernel/releases/download/4.19.102.20200211/bcmrpi3-kernel-4.19.102.20200211.tar.xz}
             # Sakaki BIS Kernel RPI4 - https://github.com/sakaki-/bcm2711-kernel-bis
-            RPI4_64_BIS_KERNEL_URL=${RPI4_64_BIS_KERNEL_URL:=https://github.com/sakaki-/bcm2711-kernel-bis/releases/download/4.19.59.20190724/bcm2711-kernel-bis-4.19.59.20190724.tar.xz}
+            RPI4_64_BIS_KERNEL_URL=${RPI4_64_BIS_KERNEL_URL:=https://github.com/sakaki-/bcm2711-kernel-bis/releases/download/4.19.102.20200211/bcm2711-kernel-bis-4.19.102.20200211.tar.xz}
             # Default precompiled 64bit kernel - https://github.com/sakaki-/bcm2711-kernel
-            RPI4_64_DEF_KERNEL_URL=${RPI4_64_DEF_KERNEL_URL:=https://github.com/sakaki-/bcm2711-kernel-bis/releases/download/4.19.59.20190724/bcm2711-kernel-bis-4.19.59.20190724.tar.xz}
+            RPI4_64_DEF_KERNEL_URL=${RPI4_64_DEF_KERNEL_URL:=https://github.com/sakaki-/bcm2711-kernel-bis/releases/download/4.19.102.20200211/bcm2711-kernel-bis-4.19.102.20200211.tar.xz}
             # Generic
             RPI3_64_KERNEL_URL=${RPI3_64_KERNEL_URL:=$RPI3_64_DEF_KERNEL_URL}
             RPI4_64_KERNEL_URL=${RPI4_64_KERNEL_URL:=$RPI4_64_DEF_KERNEL_URL}
             # Kali kernel src - used if ENABLE_NEXMON=true (they patch the wlan kernel modul)
             KALI_KERNEL_URL=${KALI_KERNEL_URL:=https://github.com/Re4son/re4son-raspberrypi-linux.git}
             # Build directories
             WORKDIR=$(pwd)
             BASEDIR=${BASEDIR:=${WORKDIR}/images/${RELEASE}}
             BUILDDIR="${BASEDIR}/build"
             # Chroot directories
             R="${BUILDDIR}/chroot"
             ETC_DIR="${R}/etc"
             LIB_DIR="${R}/lib"
             BOOT_DIR="${R}/boot/firmware"
             KERNEL_DIR="${R}/usr/src/linux"
             WLAN_FIRMWARE_DIR="${LIB_DIR}/firmware/brcm"
             BLUETOOTH_FIRMWARE_DIR="${ETC_DIR}/firmware/bt"
-            # Firmware directory: Blank if download from github
+            # APT settings
-            RPI_FIRMWARE_DIR=${RPI_FIRMWARE_DIR:=""}
+            APT_SERVER=${APT_SERVER:="ftp.debian.org"}
+            APT_PROXY=${APT_PROXY:=""}
+            KEEP_APT_PROXY=${KEEP_APT_PROXY:=false}
+            # Packages required in the chroot build environment
+            APT_INCLUDES=${APT_INCLUDES:=""}
+            APT_INCLUDES="${APT_INCLUDES},apt-transport-https,apt-utils,ca-certificates,debian-archive-keyring,dialog,sudo,systemd,sysvinit-utils,locales,keyboard-configuration,console-setup,libnss-systemd"
+            # Packages to exclude from chroot build environment
+            APT_EXCLUDES=${APT_EXCLUDES:=""}
             # General settings
             SET_ARCH=${SET_ARCH:=32}
             HOSTNAME=${HOSTNAME:=rpi${RPI_MODEL}-${RELEASE}}
-            PASSWORD=${PASSWORD:=raspberry}
-            USER_PASSWORD=${USER_PASSWORD:=raspberry}
             DEFLOCAL=${DEFLOCAL:="en_US.UTF-8"}
             TIMEZONE=${TIMEZONE:="Europe/Berlin"}
             EXPANDROOT=${EXPANDROOT:=true}
-            ENABLE_DPHYSSWAP=${ENABLE_DPHYSSWAP:=true}
+            ENABLE_ROOT=${ENABLE_ROOT:=false}
+            ROOT_PASSWORD=${ROOT_PASSWORD:=raspberry}
+            ENABLE_USER=${ENABLE_USER:=true}
+            USER_NAME=${USER_NAME:="pi"}
+            USER_PASSWORD=${USER_PASSWORD:=raspberry}
             # Keyboard settings
             XKB_MODEL=${XKB_MODEL:=""}
             XKB_LAYOUT=${XKB_LAYOUT:=""}
             XKB_VARIANT=${XKB_VARIANT:=""}
             XKB_OPTIONS=${XKB_OPTIONS:=""}
+            # Networking settings:
+            ENABLE_IPV6=${ENABLE_IPV6:=true}
+            ENABLE_WIRELESS=${ENABLE_WIRELESS:=false}
+            ENABLE_IPTABLES=${ENABLE_IPTABLES:=false}
+            ENABLE_HARDNET=${ENABLE_HARDNET:=false}
+            ENABLE_IFNAMES=${ENABLE_IFNAMES:=true}
             # Network settings (DHCP)
-            ENABLE_DHCP=${ENABLE_DHCP:=true}
+            ENABLE_ETH_DHCP=${ENABLE_ETH_DHCP:=true}
+            ENABLE_WIFI_DHCP=${ENABLE_ETH_DHCP:=true}
             # Network settings (static)
-            NET_ADDRESS=${NET_ADDRESS:=""}
+            NET_ETH_ADDRESS=${NET_ETH_ADDRESS:=""}
-            NET_GATEWAY=${NET_GATEWAY:=""}
+            NET_ETH_GATEWAY=${NET_ETH_GATEWAY:=""}
-            NET_DNS_1=${NET_DNS_1:=""}
+            NET_ETH_DNS_1=${NET_ETH_DNS_1:=""}
-            NET_DNS_2=${NET_DNS_2:=""}
+            NET_ETH_DNS_2=${NET_ETH_DNS_2:=""}
-            NET_DNS_DOMAINS=${NET_DNS_DOMAINS:=""}
+            NET_ETH_DNS_DOMAINS=${NET_ETH_DNS_DOMAINS:=""}
-            NET_NTP_1=${NET_NTP_1:=""}
+            NET_ETH_NTP_1=${NET_ETH_NTP_1:=""}
-            NET_NTP_2=${NET_NTP_2:=""}
+            NET_ETH_NTP_2=${NET_ETH_NTP_2:=""}
+            # Networking settings (WIFI):
+            NET_WIFI_SSID=${NET_WIFI_SSID:=""}
+            NET_WIFI_PSK=${NET_WIFI_PSK:=""}
-            # APT settings
+            # Network settings (static)
-            APT_PROXY=${APT_PROXY:=""}
+            NET_WIFI_ADDRESS=${NET_WIFI_ADDRESS:=""}
-            APT_SERVER=${APT_SERVER:="ftp.debian.org"}
+            NET_WIFI_GATEWAY=${NET_WIFI_GATEWAY:=""}
-            KEEP_APT_PROXY=${KEEP_APT_PROXY:=false}
+            NET_WIFI_DNS_1=${NET_WIFI_DNS_1:=""}
+            NET_WIFI_DNS_2=${NET_WIFI_DNS_2:=""}
+            NET_WIFI_DNS_DOMAINS=${NET_WIFI_DNS_DOMAINS:=""}
+            NET_WIFI_NTP_1=${NET_WIFI_NTP_1:=""}
+            NET_WIFI_NTP_2=${NET_WIFI_NTP_2:=""}
             # Feature settings
+            ENABLE_CONSOLE=${ENABLE_CONSOLE:=false}
             ENABLE_PRINTK=${ENABLE_PRINTK:=false}
             ENABLE_BLUETOOTH=${ENABLE_BLUETOOTH:=false}
             ENABLE_MINIUART_OVERLAY=${ENABLE_MINIUART_OVERLAY:=false}
-            ENABLE_CONSOLE=${ENABLE_CONSOLE:=true}
+            ENABLE_TURBO=${ENABLE_TURBO:=false}
             ENABLE_I2C=${ENABLE_I2C:=false}
             ENABLE_SPI=${ENABLE_SPI:=false}
-            ENABLE_IPV6=${ENABLE_IPV6:=true}
-            ENABLE_SSHD=${ENABLE_SSHD:=true}
             ENABLE_NONFREE=${ENABLE_NONFREE:=false}
-            ENABLE_WIRELESS=${ENABLE_WIRELESS:=false}
+            ENABLE_RSYSLOG=${ENABLE_RSYSLOG:=true}
-            ENABLE_SOUND=${ENABLE_SOUND:=true}
+            ENABLE_SOUND=${ENABLE_SOUND:=false}
-            ENABLE_DBUS=${ENABLE_DBUS:=true}
             ENABLE_HWRANDOM=${ENABLE_HWRANDOM:=true}
             ENABLE_MINGPU=${ENABLE_MINGPU:=false}
             ENABLE_XORG=${ENABLE_XORG:=false}
             ENABLE_WM=${ENABLE_WM:=""}
-            ENABLE_RSYSLOG=${ENABLE_RSYSLOG:=true}
-            ENABLE_USER=${ENABLE_USER:=true}
-            USER_NAME=${USER_NAME:="pi"}
-            ENABLE_ROOT=${ENABLE_ROOT:=false}
-            ENABLE_QEMU=${ENABLE_QEMU:=false}
             ENABLE_SYSVINIT=${ENABLE_SYSVINIT:=false}
+            ENABLE_SPLASH=${ENABLE_SPLASH:=true}
-            # SSH settings
+            ENABLE_LOGO=${ENABLE_LOGO:=true}
-            SSH_ENABLE_ROOT=${SSH_ENABLE_ROOT:=false}
+            ENABLE_SILENT_BOOT=${ENABLE_SILENT_BOOT=false}
-            SSH_DISABLE_PASSWORD_AUTH=${SSH_DISABLE_PASSWORD_AUTH:=false}
+            DISABLE_UNDERVOLT_WARNINGS=${DISABLE_UNDERVOLT_WARNINGS:=}
-            SSH_LIMIT_USERS=${SSH_LIMIT_USERS:=false}
-            SSH_ROOT_PUB_KEY=${SSH_ROOT_PUB_KEY:=""}
-            SSH_USER_PUB_KEY=${SSH_USER_PUB_KEY:=""}
             # Advanced settings
+            ENABLE_DPHYSSWAP=${ENABLE_DPHYSSWAP:=true}
             ENABLE_SYSTEMDSWAP=${ENABLE_SYSTEMDSWAP:=false}
+            ENABLE_QEMU=${ENABLE_QEMU:=false}
+            ENABLE_KEYGEN=${ENABLE_KEYGEN:=false}
             ENABLE_MINBASE=${ENABLE_MINBASE:=false}
-            ENABLE_REDUCE=${ENABLE_REDUCE:=false}
+            ENABLE_SPLITFS=${ENABLE_SPLITFS:=false}
+            ENABLE_INITRAMFS=${ENABLE_INITRAMFS:=false}
+            ENABLE_DBUS=${ENABLE_DBUS:=true}
+            ENABLE_USBBOOT=${ENABLE_USBBOOT=false}
+            CHROOT_SCRIPTS=${CHROOT_SCRIPTS:=""}
             ENABLE_UBOOT=${ENABLE_UBOOT:=false}
             UBOOTSRC_DIR=${UBOOTSRC_DIR:=""}
-            ENABLE_USBBOOT=${ENABLE_USBBOOT=false}
             ENABLE_FBTURBO=${ENABLE_FBTURBO:=false}
+            FBTURBOSRC_DIR=${FBTURBOSRC_DIR:=""}
             ENABLE_VIDEOCORE=${ENABLE_VIDEOCORE:=false}
-            ENABLE_NEXMON=${ENABLE_NEXMON:=false}
             VIDEOCORESRC_DIR=${VIDEOCORESRC_DIR:=""}
-            FBTURBOSRC_DIR=${FBTURBOSRC_DIR:=""}
+            ENABLE_NEXMON=${ENABLE_NEXMON:=false}
             NEXMONSRC_DIR=${NEXMONSRC_DIR:=""}
-            ENABLE_HARDNET=${ENABLE_HARDNET:=false}
-            ENABLE_IPTABLES=${ENABLE_IPTABLES:=false}
+            # SSH settings
-            ENABLE_SPLITFS=${ENABLE_SPLITFS:=false}
+            SSH_ENABLE=${SSH_ENABLE:=true}
-            ENABLE_INITRAMFS=${ENABLE_INITRAMFS:=false}
+            SSH_ENABLE_ROOT=${SSH_ENABLE_ROOT:=false}
-            ENABLE_IFNAMES=${ENABLE_IFNAMES:=true}
+            SSH_DISABLE_PASSWORD_AUTH=${SSH_DISABLE_PASSWORD_AUTH:=false}
-            ENABLE_SPLASH=${ENABLE_SPLASH:=true}
+            SSH_LIMIT_USERS=${SSH_LIMIT_USERS:=false}
-            ENABLE_LOGO=${ENABLE_LOGO:=true}
+            SSH_ROOT_PUB_KEY=${SSH_ROOT_PUB_KEY:=""}
-            ENABLE_SILENT_BOOT=${ENABLE_SILENT_BOOT=false}
+            SSH_USER_PUB_KEY=${SSH_USER_PUB_KEY:=""}
-            DISABLE_UNDERVOLT_WARNINGS=${DISABLE_UNDERVOLT_WARNINGS:=}
             # Kernel compilation settings
             BUILD_KERNEL=${BUILD_KERNEL:=true}
-            KERNEL_REDUCE=${KERNEL_REDUCE:=false}
             KERNEL_THREADS=${KERNEL_THREADS:=1}
             KERNEL_HEADERS=${KERNEL_HEADERS:=true}
             KERNEL_MENUCONFIG=${KERNEL_MENUCONFIG:=false}
-            KERNEL_REMOVESRC=${KERNEL_REMOVESRC:=true}
             KERNEL_OLDDEFCONFIG=${KERNEL_OLDDEFCONFIG:=false}
             KERNEL_CCACHE=${KERNEL_CCACHE:=false}
-            KERNEL_ZSWAP=${KERNEL_ZSWAP:=false}
+            KERNEL_REMOVESRC=${KERNEL_REMOVESRC:=true}
+            KERNELSRC_DIR=${KERNELSRC_DIR:=""}
+            KERNELSRC_CLEAN=${KERNELSRC_CLEAN:=false}
+            KERNELSRC_CONFIG=${KERNELSRC_CONFIG:=true}
+            KERNELSRC_USRCONFIG=${KERNELSRC_USRCONFIG:=""}
+            KERNELSRC_PREBUILT=${KERNELSRC_PREBUILT:=false}
+            # Firmware directory: Blank if download from github
+            RPI_FIRMWARE_DIR=${RPI_FIRMWARE_DIR:=""}
+            KERNEL_DEFAULT_GOV=${KERNEL_DEFAULT_GOV:=ondemand}
+            KERNEL_NF=${KERNEL_NF:=false}
             KERNEL_VIRT=${KERNEL_VIRT:=false}
+            KERNEL_ZSWAP=${KERNEL_ZSWAP:=false}
             KERNEL_BPF=${KERNEL_BPF:=false}
-            KERNEL_DEFAULT_GOV=${KERNEL_DEFAULT_GOV:=ondemand}
             KERNEL_SECURITY=${KERNEL_SECURITY:=false}
-            KERNEL_NF=${KERNEL_NF:=false}
-            KERNEL_DHKEY=${KERNEL_DHKEY:=true}
             KERNEL_BTRFS=${KERNEL_BTRFS:=false}
-            KERNEL_NSPAN=${KERNEL_NSPAN:=false}
             KERNEL_POEHAT=${KERNEL_POEHAT:=false}
+            KERNEL_NSPAN=${KERNEL_NSPAN:=false}
-            # Kernel compilation from source directory settings
+            KERNEL_DHKEY=${KERNEL_DHKEY:=true}
-            KERNELSRC_DIR=${KERNELSRC_DIR:=""}
-            KERNELSRC_CLEAN=${KERNELSRC_CLEAN:=false}
-            KERNELSRC_CONFIG=${KERNELSRC_CONFIG:=true}
-            KERNELSRC_PREBUILT=${KERNELSRC_PREBUILT:=false}
             # Reduce disk usage settings
+            ENABLE_REDUCE=${ENABLE_REDUCE:=false}
             REDUCE_APT=${REDUCE_APT:=true}
-            REDUCE_DOC=${REDUCE_DOC:=true}
+            REDUCE_DOC=${REDUCE_DOC:=false}
-            REDUCE_MAN=${REDUCE_MAN:=true}
+            REDUCE_MAN=${REDUCE_MAN:=false}
             REDUCE_VIM=${REDUCE_VIM:=false}
             REDUCE_BASH=${REDUCE_BASH:=false}
-            REDUCE_HWDB=${REDUCE_HWDB:=true}
+            REDUCE_HWDB=${REDUCE_HWDB:=false}
-            REDUCE_SSHD=${REDUCE_SSHD:=true}
+            REDUCE_SSHD=${REDUCE_SSHD:=false}
-            REDUCE_LOCALE=${REDUCE_LOCALE:=true}
+            REDUCE_LOCALE=${REDUCE_LOCALE:=false}
+            REDUCE_KERNEL=${REDUCE_KERNEL:=false}
             # Encrypted filesystem settings
             ENABLE_CRYPTFS=${ENABLE_CRYPTFS:=false}
             CRYPTFS_PASSWORD=${CRYPTFS_PASSWORD:=""}
             CRYPTFS_MAPPING=${CRYPTFS_MAPPING:="secure"}
             CRYPTFS_CIPHER=${CRYPTFS_CIPHER:="aes-xts-plain64"}
-            CRYPTFS_HASH=${CRYPTFS_HASH:="sha512"}
+            CRYPTFS_HASH=${CRYPTFS_HASH:="sha256"}
-            CRYPTFS_XTSKEYSIZE=${CRYPTFS_XTSKEYSIZE:=512}
+            CRYPTFS_XTSKEYSIZE=${CRYPTFS_XTSKEYSIZE:=256}
             #Dropbear-initramfs supports unlocking encrypted filesystem via SSH on bootup
             CRYPTFS_DROPBEAR=${CRYPTFS_DROPBEAR:=false}
             #Provide your own Dropbear Public RSA-OpenSSH Key otherwise it will be generated
             CRYPTFS_DROPBEAR_PUBKEY=${CRYPTFS_DROPBEAR_PUBKEY:=""}
-            # Chroot scripts directory
-            CHROOT_SCRIPTS=${CHROOT_SCRIPTS:=""}
-            # Packages required in the chroot build environment
-            APT_INCLUDES=${APT_INCLUDES:=""}
-            APT_INCLUDES="${APT_INCLUDES},flex,bison,libssl-dev,apt-transport-https,apt-utils,ca-certificates,debian-archive-keyring,dialog,sudo,systemd,sysvinit-utils,locales,keyboard-configuration,console-setup,libnss-systemd"
-            # Packages to exclude from chroot build environment
-            APT_EXCLUDES=${APT_EXCLUDES:=""}
             # Packages required for bootstrapping
             REQUIRED_PACKAGES="debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git bc psmisc dbus bison flex libssl-dev sudo"
             MISSING_PACKAGES=""
             # Packages installed for c/c++ build environment in chroot (keep empty)
             COMPILER_PACKAGES=""
             # Check if apt-cacher-ng has port 3142 open and set APT_PROXY
             APT_CACHER_RUNNING=$(lsof -i :3142 | cut -d ' ' -f3 | uniq | sed '/^\s*$/d')
             if [ "${APT_CACHER_RUNNING}" = "apt-cacher-ng" ] ; then
               APT_PROXY=http://127.0.0.1:3142/
             fi
             # Setup architecture specific settings
             if [ -n "$SET_ARCH" ] ; then
               # 64-bit configuration
               if [ "$SET_ARCH" = 64 ] ; then
                 # General 64-bit depended settings
                 QEMU_BINARY=${QEMU_BINARY:=/usr/bin/qemu-aarch64-static}
                 KERNEL_ARCH=${KERNEL_ARCH:=arm64}
                 KERNEL_BIN_IMAGE=${KERNEL_BIN_IMAGE:="Image"}
                 # Raspberry Pi model specific settings
                 if [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] || [ "$RPI_MODEL" = 4 ] ; then
                   if [ "$RPI_MODEL" != 4 ] ; then
                     KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcmrpi3_defconfig}
                   else
                     KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcm2711_defconfig}
                   fi
                   REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-arm64"
                   RELEASE_ARCH=${RELEASE_ARCH:=arm64}
                   KERNEL_IMAGE=${KERNEL_IMAGE:=kernel8.img}
                   CROSS_COMPILE=${CROSS_COMPILE:=aarch64-linux-gnu-}
                 else
                   echo "error: Only Raspberry PI 3, 3B+ and 4 support 64-bit"
                   exit 1
                 fi
               fi
               # 32-bit configuration
               if [ "$SET_ARCH" = 32 ] ; then
                 # General 32-bit dependend settings
                 QEMU_BINARY=${QEMU_BINARY:=/usr/bin/qemu-arm-static}
                 KERNEL_ARCH=${KERNEL_ARCH:=arm}
                 KERNEL_BIN_IMAGE=${KERNEL_BIN_IMAGE:="zImage"}
                 # Raspberry Pi model specific settings
                 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 1 ] || [ "$RPI_MODEL" = 1P ] ; then
                   REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-armel"
                   KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcmrpi_defconfig}
                   RELEASE_ARCH=${RELEASE_ARCH:=armel}
                   KERNEL_IMAGE=${KERNEL_IMAGE:=kernel.img}
                   CROSS_COMPILE=${CROSS_COMPILE:=arm-linux-gnueabi-}
+            	  if [ $ENABLE_XORG = true ] ; then
+            	    if [$RELEASE = "stretch" ] || [$RELEASE = "oldstable" ] ; then
+            	      printf "\nBest support for armel architecture is provided under Debian stretch/oldstable. Choose yes to change release to Debian stretch[y/n] "
+            	      read -r confirm
+                      if [ "$confirm" = "y" ] ; then
+            		    $RELEASE = "stretch"
+            		  fi
+            	    fi
+            	  fi
                 fi
                 # Raspberry Pi model specific settings
                 if [ "$RPI_MODEL" = 2 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] || [ "$RPI_MODEL" = 4 ] ; then
                   if [ "$RPI_MODEL" != 4 ] ; then
                     KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcm2709_defconfig}
             		KERNEL_IMAGE=${KERNEL_IMAGE:=kernel7.img}
                   else
                     KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcm2711_defconfig}
             		KERNEL_IMAGE=${KERNEL_IMAGE:=kernel7l.img}
                   fi
                   REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-armhf"
                   RELEASE_ARCH=${RELEASE_ARCH:=armhf}
                   CROSS_COMPILE=${CROSS_COMPILE:=arm-linux-gnueabihf-}
                 fi
               fi
             # SET_ARCH not set
             else
               echo "error: Please set '32' or '64' as value for SET_ARCH"
               exit 1
             fi
             # Device specific configuration and U-Boot configuration
             case "$RPI_MODEL" in
 )
                 DTB_FILE=${DTB_FILE:=bcm2708-rpi-0-w.dtb}
                 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_defconfig}
                 ;;
 )
                 DTB_FILE=${DTB_FILE:=bcm2708-rpi-b.dtb}
                 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_defconfig}
                 ;;
 P)
                 DTB_FILE=${DTB_FILE:=bcm2708-rpi-b-plus.dtb}
                 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_defconfig}
                 ;;
 )
                 DTB_FILE=${DTB_FILE:=bcm2709-rpi-2-b.dtb}
                 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_2_defconfig}
                 ;;
 )
                 DTB_FILE=${DTB_FILE:=bcm2710-rpi-3-b.dtb}
                 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_3_defconfig}
                 ;;
 P)
                 DTB_FILE=${DTB_FILE:=bcm2710-rpi-3-b.dtb}
                 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_3_defconfig}
                 ;;
 )
                 DTB_FILE=${DTB_FILE:=bcm2711-rpi-4-b.dtb}
                 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_4_defconfig}
                 ;;
               *)
                 echo "error: Raspberry Pi model $RPI_MODEL is not supported!"
                 exit 1
                 ;;
             esac
             # Raspberry PI 0,3,3P with Bluetooth and Wifi onboard
             if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] || [ "$RPI_MODEL" = 4 ] ; then
               # Include bluetooth packages on supported boards
               if [ "$ENABLE_BLUETOOTH" = true ] ; then
                 APT_INCLUDES="${APT_INCLUDES},bluetooth,bluez"
               fi
               if [ "$ENABLE_WIRELESS" = true ] ; then
-                APT_INCLUDES="${APT_INCLUDES},wireless-tools,crda,wireless-regdb"
+                APT_INCLUDES="${APT_INCLUDES},wireless-tools,crda,wireless-regdb,wpasupplicant"
               fi
             else # Raspberry PI 1,1P,2 without Wifi and bluetooth onboard
               # Check if the internal wireless interface is not supported by the RPi model
               if [ "$ENABLE_WIRELESS" = true ] || [ "$ENABLE_BLUETOOTH" = true ]; then
                 echo "error: The selected Raspberry Pi model has no integrated interface for wireless or bluetooth"
                 exit 1
               fi
             fi
             if [ "$BUILD_KERNEL" = false ] && [ "$ENABLE_NEXMON" = true ]; then
               echo "error: You have to compile kernel sources, if you want to enable nexmon"
               exit 1
             fi
             # Prepare date string for default image file name
             DATE="$(date +%Y-%m-%d)"
             if [ -z "$KERNEL_BRANCH" ] ; then
               IMAGE_NAME=${IMAGE_NAME:=${BASEDIR}/${DATE}-${KERNEL_ARCH}-CURRENT-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}}
             else
               IMAGE_NAME=${IMAGE_NAME:=${BASEDIR}/${DATE}-${KERNEL_ARCH}-${KERNEL_BRANCH}-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}}
             fi
             # Check if DISABLE_UNDERVOLT_WARNINGS parameter value is supported
             if [ -n "$DISABLE_UNDERVOLT_WARNINGS" ] ; then
               if [ "$DISABLE_UNDERVOLT_WARNINGS" != 1 ] && [ "$DISABLE_UNDERVOLT_WARNINGS" != 2 ] ; then
                 echo "error: DISABLE_UNDERVOLT_WARNINGS=${DISABLE_UNDERVOLT_WARNINGS} is not supported"
                 exit 1
               fi
             fi
             # Add cmake to compile videocore sources
             if [ "$ENABLE_VIDEOCORE" = true ] ; then
               REQUIRED_PACKAGES="${REQUIRED_PACKAGES} cmake"
             fi
             # Add deps for nexmon
             if [ "$ENABLE_NEXMON" = true ] ; then
               REQUIRED_PACKAGES="${REQUIRED_PACKAGES} libgmp3-dev gawk qpdf make autoconf automake build-essential libtool"
             fi
             # Add libncurses5 to enable kernel menuconfig
             if [ "$KERNEL_MENUCONFIG" = true ] ; then
               REQUIRED_PACKAGES="${REQUIRED_PACKAGES} libncurses-dev"
             fi
             # Add ccache compiler cache for (faster) kernel cross (re)compilation
             if [ "$KERNEL_CCACHE" = true ] ; then
               REQUIRED_PACKAGES="${REQUIRED_PACKAGES} ccache"
             fi
             # Add cryptsetup package to enable filesystem encryption
             if [ "$ENABLE_CRYPTFS" = true ]  && [ "$BUILD_KERNEL" = true ] ; then
               REQUIRED_PACKAGES="${REQUIRED_PACKAGES} cryptsetup"
               APT_INCLUDES="${APT_INCLUDES},cryptsetup,busybox,console-setup,cryptsetup-initramfs"
               # If cryptfs,dropbear and initramfs are enabled include dropbear-initramfs package
               if [ "$CRYPTFS_DROPBEAR" = true ] && [ "$ENABLE_INITRAMFS" = true ]; then
                 APT_INCLUDES="${APT_INCLUDES},dropbear-initramfs"
               fi
               if [ -z "$CRYPTFS_PASSWORD" ] ; then
                 echo "error: no password defined (CRYPTFS_PASSWORD)!"
                 exit 1
               fi
               ENABLE_INITRAMFS=true
             fi
             # Add initramfs generation tools
             if [ "$ENABLE_INITRAMFS" = true ] && [ "$BUILD_KERNEL" = true ] ; then
               APT_INCLUDES="${APT_INCLUDES},initramfs-tools"
             fi
             # Add device-tree-compiler required for building the U-Boot bootloader
             if [ "$ENABLE_UBOOT" = true ] ; then
-              APT_INCLUDES="${APT_INCLUDES},device-tree-compiler,bison,flex,bc"
+              APT_INCLUDES="${APT_INCLUDES},device-tree-compiler,bc"
             fi
             if [ "$ENABLE_USBBOOT" = true ] ; then
               if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 1P ] || [ "$RPI_MODEL" = 1 ] || [ "$RPI_MODEL" = 2 ]; then
                 echo "error: Booting from USB alone is only supported by Raspberry Pi 3 and 3P"
                 exit 1
               fi
             fi
             # Check if root SSH (v2) public key file exists
             if [ -n "$SSH_ROOT_PUB_KEY" ] ; then
               if [ ! -f "$SSH_ROOT_PUB_KEY" ] ; then
                 echo "error: '$SSH_ROOT_PUB_KEY' specified SSH public key file not found (SSH_ROOT_PUB_KEY)!"
                 exit 1
               fi
             fi
             # Check if $USER_NAME SSH (v2) public key file exists
             if [ -n "$SSH_USER_PUB_KEY" ] ; then
               if [ ! -f "$SSH_USER_PUB_KEY" ] ; then
                 echo "error: '$SSH_USER_PUB_KEY' specified SSH public key file not found (SSH_USER_PUB_KEY)!"
                 exit 1
               fi
             fi
             if [ "$ENABLE_NEXMON" = true ] && [ -n "$KERNEL_BRANCH" ] ; then
               echo "error: Please unset KERNEL_BRANCH if using ENABLE_NEXMON"
               exit 1
             fi
             # Check if all required packages are installed on the build system
             for package in $REQUIRED_PACKAGES ; do
               if [ "$(dpkg-query -W -f='${Status}' "$package")" != "install ok installed" ] ; then
                 MISSING_PACKAGES="${MISSING_PACKAGES} $package"
               fi
             done
             # If there are missing packages ask confirmation for install, or exit
             if [ -n "$MISSING_PACKAGES" ] ; then
               echo "the following packages needed by this script are not installed:"
               echo "$MISSING_PACKAGES"
               printf "\ndo you want to install the missing packages right now? [y/n] "
               read -r confirm
               [ "$confirm" != "y" ] && exit 1
               # Make sure all missing required packages are installed
               apt-get update && apt-get -qq -y install `echo "${MISSING_PACKAGES}" | sed "s/ //"`
             fi
             # Check if ./bootstrap.d directory exists
             if [ ! -d "./bootstrap.d/" ] ; then
               echo "error: './bootstrap.d' required directory not found!"
               exit 1
             fi
             # Check if ./files directory exists
             if [ ! -d "./files/" ] ; then
               echo "error: './files' required directory not found!"
               exit 1
             fi
             # Check if specified KERNELSRC_DIR directory exists
             if [ -n "$KERNELSRC_DIR" ] && [ ! -d "$KERNELSRC_DIR" ] ; then
               echo "error: '${KERNELSRC_DIR}' specified directory not found (KERNELSRC_DIR)!"
               exit 1
             fi
             # Check if specified UBOOTSRC_DIR directory exists
             if [ -n "$UBOOTSRC_DIR" ] && [ ! -d "$UBOOTSRC_DIR" ] ; then
               echo "error: '${UBOOTSRC_DIR}' specified directory not found (UBOOTSRC_DIR)!"
               exit 1
             fi
             # Check if specified VIDEOCORESRC_DIR directory exists
             if [ -n "$VIDEOCORESRC_DIR" ] && [ ! -d "$VIDEOCORESRC_DIR" ] ; then
               echo "error: '${VIDEOCORESRC_DIR}' specified directory not found (VIDEOCORESRC_DIR)!"
               exit 1
             fi
             # Check if specified FBTURBOSRC_DIR directory exists
             if [ -n "$FBTURBOSRC_DIR" ] && [ ! -d "$FBTURBOSRC_DIR" ] ; then
               echo "error: '${FBTURBOSRC_DIR}' specified directory not found (FBTURBOSRC_DIR)!"
               exit 1
             fi
             # Check if specified NEXMONSRC_DIR directory exists
             if [ -n "$NEXMONSRC_DIR" ] && [ ! -d "$NEXMONSRC_DIR" ] ; then
               echo "error: '${NEXMONSRC_DIR}' specified directory not found (NEXMONSRC_DIR)!"
               exit 1
             fi
             # Check if specified CHROOT_SCRIPTS directory exists
             if [ -n "$CHROOT_SCRIPTS" ] && [ ! -d "$CHROOT_SCRIPTS" ] ; then
                echo "error: ${CHROOT_SCRIPTS} specified directory not found (CHROOT_SCRIPTS)!"
                exit 1
             fi
             # Check if specified device mapping already exists (will be used by cryptsetup)
             if [ -r "/dev/mapping/${CRYPTFS_MAPPING}" ] ; then
               echo "error: mapping /dev/mapping/${CRYPTFS_MAPPING} already exists, not proceeding"
               exit 1
             fi
             # Don't clobber an old build
             if [ -e "$BUILDDIR" ] ; then
               echo "error: directory ${BUILDDIR} already exists, not proceeding"
               exit 1
             fi
             # Setup chroot directory
             mkdir -p "${R}"
             # Check if build directory has enough of free disk space >512MB
             if [ "$(df --output=avail "${BUILDDIR}" | sed "1d")" -le "524288" ] ; then
               echo "error: ${BUILDDIR} not enough space left to generate the output image!"
               exit 1
             fi
             set -x
             # Call "cleanup" function on various signals and errors
             trap cleanup 0 1 2 3 6
             # Add required packages for the minbase installation
             if [ "$ENABLE_MINBASE" = true ] ; then
               APT_INCLUDES="${APT_INCLUDES},vim-tiny,netbase,net-tools,ifupdown"
             fi
             # Add parted package, required to get partprobe utility
             if [ "$EXPANDROOT" = true ] ; then
               APT_INCLUDES="${APT_INCLUDES},parted"
             fi
             # Add dphys-swapfile package, required to enable swap
             if [ "$ENABLE_DPHYSSWAP" = true ] ; then
               APT_INCLUDES="${APT_INCLUDES},dphys-swapfile"
             fi
             # Add dbus package, recommended if using systemd
             if [ "$ENABLE_DBUS" = true ] ; then
               APT_INCLUDES="${APT_INCLUDES},dbus"
             fi
             # Add iptables IPv4/IPv6 package
             if [ "$ENABLE_IPTABLES" = true ] ; then
               APT_INCLUDES="${APT_INCLUDES},iptables,iptables-persistent"
             fi
             # Add apparmor for KERNEL_SECURITY
             if [ "$KERNEL_SECURITY" = true ] ; then
               APT_INCLUDES="${APT_INCLUDES},apparmor,apparmor-utils,apparmor-profiles,apparmor-profiles-extra,libapparmor-perl"
             fi
             # Add openssh server package
-            if [ "$ENABLE_SSHD" = true ] ; then
+            if [ "$SSH_ENABLE" = true ] ; then
               APT_INCLUDES="${APT_INCLUDES},openssh-server"
             fi
             # Add alsa-utils package
             if [ "$ENABLE_SOUND" = true ] ; then
               APT_INCLUDES="${APT_INCLUDES},alsa-utils"
             fi
             # Add rng-tools package
             if [ "$ENABLE_HWRANDOM" = true ] ; then
               APT_INCLUDES="${APT_INCLUDES},rng-tools"
             fi
             # Add fbturbo video driver
             if [ "$ENABLE_FBTURBO" = true ] ; then
               # Enable xorg package dependencies
               ENABLE_XORG=true
             fi
             # Add user defined window manager package
             if [ -n "$ENABLE_WM" ] ; then
               APT_INCLUDES="${APT_INCLUDES},${ENABLE_WM}"
               # Enable xorg package dependencies
               ENABLE_XORG=true
             fi
             # Add xorg package
             if [ "$ENABLE_XORG" = true ] ; then
               APT_INCLUDES="${APT_INCLUDES},xorg,dbus-x11"
             fi
             # Replace selected packages with smaller clones
             if [ "$ENABLE_REDUCE" = true ] ; then
               # Add levee package instead of vim-tiny
               if [ "$REDUCE_VIM" = true ] ; then
                 APT_INCLUDES="$(echo ${APT_INCLUDES} | sed "s/vim-tiny/levee/")"
               fi
               # Add dropbear package instead of openssh-server
               if [ "$REDUCE_SSHD" = true ] ; then
                 APT_INCLUDES="$(echo "${APT_INCLUDES}" | sed "s/openssh-server/dropbear/")"
               fi
             fi
             # Configure systemd-sysv exclude to make halt/reboot/shutdown scripts available
             if [ "$ENABLE_SYSVINIT" = false ] ; then
               APT_EXCLUDES="--exclude=${APT_EXCLUDES},init,systemd-sysv"
             fi
             # Configure kernel sources if no KERNELSRC_DIR
             if [ "$BUILD_KERNEL" = true ] && [ -z "$KERNELSRC_DIR" ] ; then
               KERNELSRC_CONFIG=true
             fi
             # Configure reduced kernel
             if [ "$KERNEL_REDUCE" = true ] ; then
               KERNELSRC_CONFIG=false
             fi
             # Configure qemu compatible kernel
             if [ "$ENABLE_QEMU" = true ] ; then
               DTB_FILE=vexpress-v2p-ca15_a7.dtb
               UBOOT_CONFIG=vexpress_ca15_tc2_defconfig
               KERNEL_DEFCONFIG="vexpress_defconfig"
               if [ "$KERNEL_MENUCONFIG" = false ] ; then
                 KERNEL_OLDDEFCONFIG=true
               fi
             fi
             # Execute bootstrap scripts
             for SCRIPT in bootstrap.d/*.sh; do
               head -n 3 "$SCRIPT"
               . "$SCRIPT"
             done
             ## Execute custom bootstrap scripts
             if [ -d "custom.d" ] ; then
               for SCRIPT in custom.d/*.sh; do
                 . "$SCRIPT"
               done
             fi
             # Execute custom scripts inside the chroot
             if [ -n "$CHROOT_SCRIPTS" ] && [ -d "$CHROOT_SCRIPTS" ] ; then
               cp -r "${CHROOT_SCRIPTS}" "${R}/chroot_scripts"
               chroot_exec /bin/bash -x <<'EOF'
             for SCRIPT in /chroot_scripts/* ; do
               if [ -f $SCRIPT -a -x $SCRIPT ] ; then
                 $SCRIPT
               fi
             done
             EOF
               rm -rf "${R}/chroot_scripts"
             fi
             # Remove c/c++ build environment from the chroot
             chroot_remove_cc
             # Generate required machine-id
             MACHINE_ID=$(dbus-uuidgen)
             echo -n "${MACHINE_ID}" > "${R}/var/lib/dbus/machine-id"
             echo -n "${MACHINE_ID}" > "${ETC_DIR}/machine-id"
             # APT Cleanup
             chroot_exec apt-get -y clean
             chroot_exec apt-get -y autoclean
             chroot_exec apt-get -y autoremove
             # Unmount mounted filesystems
             umount -l "${R}/proc"
             umount -l "${R}/sys"
             # Clean up directories
             rm -rf "${R}/run/*"
             rm -rf "${R}/tmp/*"
             # Clean up APT proxy settings
             if [ "$KEEP_APT_PROXY" = false ] ; then
               rm -f "${ETC_DIR}/apt/apt.conf.d/10proxy"
             fi
             # Clean up files
             rm -f "${ETC_DIR}/ssh/ssh_host_*"
             rm -f "${ETC_DIR}/dropbear/dropbear_*"
             rm -f "${ETC_DIR}/apt/sources.list.save"
             rm -f "${ETC_DIR}/resolvconf/resolv.conf.d/original"
             rm -f "${ETC_DIR}/*-"
             rm -f "${ETC_DIR}/resolv.conf"
             rm -f "${R}/root/.bash_history"
             rm -f "${R}/var/lib/urandom/random-seed"
             rm -f "${R}/initrd.img"
             rm -f "${R}/vmlinuz"
             rm -f "${R}${QEMU_BINARY}"
             if [ "$ENABLE_QEMU" = true ] ; then
               # Setup QEMU directory
               mkdir "${BASEDIR}/qemu"
               # Copy kernel image to QEMU directory
               install_readonly "${BOOT_DIR}/${KERNEL_IMAGE}" "${BASEDIR}/qemu/${KERNEL_IMAGE}"
               # Copy kernel config to QEMU directory
               install_readonly "${R}/boot/config-${KERNEL_VERSION}" "${BASEDIR}/qemu/config-${KERNEL_VERSION}"
               # Copy kernel dtbs to QEMU directory
               for dtb in "${BOOT_DIR}/"*.dtb ; do
                 if [ -f "${dtb}" ] ; then
                   install_readonly "${dtb}" "${BASEDIR}/qemu/"
                 fi
               done
               # Copy kernel overlays to QEMU directory
               if [ -d "${BOOT_DIR}/overlays" ] ; then
                 # Setup overlays dtbs directory
                 mkdir "${BASEDIR}/qemu/overlays"
                 for dtb in "${BOOT_DIR}/overlays/"*.dtbo ; do
                   if [ -f "${dtb}" ] ; then
                     install_readonly "${dtb}" "${BASEDIR}/qemu/overlays/"
                   fi
                 done
               fi
               # Copy u-boot files to QEMU directory
               if [ "$ENABLE_UBOOT" = true ] ; then
                 if [ -f "${BOOT_DIR}/u-boot.bin" ] ; then
                   install_readonly "${BOOT_DIR}/u-boot.bin" "${BASEDIR}/qemu/u-boot.bin"
                 fi
                 if [ -f "${BOOT_DIR}/uboot.mkimage" ] ; then
                   install_readonly "${BOOT_DIR}/uboot.mkimage" "${BASEDIR}/qemu/uboot.mkimage"
                 fi
                 if [ -f "${BOOT_DIR}/boot.scr" ] ; then
                   install_readonly "${BOOT_DIR}/boot.scr" "${BASEDIR}/qemu/boot.scr"
                 fi
               fi
               # Copy initramfs to QEMU directory
               if [ -f "${BOOT_DIR}/initramfs-${KERNEL_VERSION}" ] ; then
                 install_readonly "${BOOT_DIR}/initramfs-${KERNEL_VERSION}" "${BASEDIR}/qemu/initramfs-${KERNEL_VERSION}"
               fi
             fi
             # Calculate size of the chroot directory in KB
             CHROOT_SIZE=$(expr "$(du -s "${R}" | awk '{ print $1 }')")
             # Calculate the amount of needed 512 Byte sectors
             TABLE_SECTORS=$(expr 1 \* 1024 \* 1024 \/ 512)
             FRMW_SECTORS=$(expr 64 \* 1024 \* 1024 \/ 512)
             ROOT_OFFSET=$(expr "${TABLE_SECTORS}" + "${FRMW_SECTORS}")
             # The root partition is EXT4
             # This means more space than the actual used space of the chroot is used.
             # As overhead for journaling and reserved blocks 35% are added.
             ROOT_SECTORS=$(expr "$(expr "${CHROOT_SIZE}" + "${CHROOT_SIZE}" \/ 100 \* 35)" \* 1024 \/ 512)
             # Calculate required image size in 512 Byte sectors
             IMAGE_SECTORS=$(expr "${TABLE_SECTORS}" + "${FRMW_SECTORS}" + "${ROOT_SECTORS}")
             # Prepare image file
             if [ "$ENABLE_SPLITFS" = true ] ; then
               dd if=/dev/zero of="$IMAGE_NAME-frmw.img" bs=512 count="${TABLE_SECTORS}"
               dd if=/dev/zero of="$IMAGE_NAME-frmw.img" bs=512 count=0 seek="${FRMW_SECTORS}"
               dd if=/dev/zero of="$IMAGE_NAME-root.img" bs=512 count="${TABLE_SECTORS}"
               dd if=/dev/zero of="$IMAGE_NAME-root.img" bs=512 count=0 seek="${ROOT_SECTORS}"
               # Write firmware/boot partition tables
               sfdisk -q -L -uS -f "$IMAGE_NAME-frmw.img" 2> /dev/null <<EOM
             ${TABLE_SECTORS},${FRMW_SECTORS},c,*
             EOM
               # Write root partition table
               sfdisk -q -L -uS -f "$IMAGE_NAME-root.img" 2> /dev/null <<EOM
             ${TABLE_SECTORS},${ROOT_SECTORS},83
             EOM
               # Setup temporary loop devices
               FRMW_LOOP="$(losetup -o 1M --sizelimit 64M -f --show "$IMAGE_NAME"-frmw.img)"
               ROOT_LOOP="$(losetup -o 1M -f --show "$IMAGE_NAME"-root.img)"
             else # ENABLE_SPLITFS=false
               dd if=/dev/zero of="$IMAGE_NAME.img" bs=512 count="${TABLE_SECTORS}"
               dd if=/dev/zero of="$IMAGE_NAME.img" bs=512 count=0 seek="${IMAGE_SECTORS}"
               # Write partition table
               sfdisk -q -L -uS -f "$IMAGE_NAME.img" 2> /dev/null <<EOM
             ${TABLE_SECTORS},${FRMW_SECTORS},c,*
             ${ROOT_OFFSET},${ROOT_SECTORS},83
             EOM
               # Setup temporary loop devices
               FRMW_LOOP="$(losetup -o 1M --sizelimit 64M -f --show "$IMAGE_NAME".img)"
               ROOT_LOOP="$(losetup -o 65M -f --show "$IMAGE_NAME".img)"
             fi
             if [ "$ENABLE_CRYPTFS" = true ] ; then
               # Create dummy ext4 fs
               mkfs.ext4 "$ROOT_LOOP"
               # Setup password keyfile
               touch .password
               chmod 600 .password
               echo -n ${CRYPTFS_PASSWORD} > .password
               # Initialize encrypted partition
               cryptsetup --verbose --debug -q luksFormat "${ROOT_LOOP}" -c "${CRYPTFS_CIPHER}" -h "${CRYPTFS_HASH}" -s "${CRYPTFS_XTSKEYSIZE}" .password
               # Open encrypted partition and setup mapping
               cryptsetup luksOpen "${ROOT_LOOP}" -d .password "${CRYPTFS_MAPPING}"
               # Secure delete password keyfile
               shred -zu .password
               # Update temporary loop device
               ROOT_LOOP="/dev/mapper/${CRYPTFS_MAPPING}"
               # Wipe encrypted partition (encryption cipher is used for randomness)
               dd if=/dev/zero of="${ROOT_LOOP}" bs=512 count="$(blockdev --getsz "${ROOT_LOOP}")"
             fi
             # Build filesystems
             mkfs.vfat "$FRMW_LOOP"
             mkfs.ext4 "$ROOT_LOOP"
             # Mount the temporary loop devices
             mkdir -p "$BUILDDIR/mount"
             mount "$ROOT_LOOP" "$BUILDDIR/mount"
             mkdir -p "$BUILDDIR/mount/boot/firmware"
             mount "$FRMW_LOOP" "$BUILDDIR/mount/boot/firmware"
             # Copy all files from the chroot to the loop device mount point directory
             rsync -a "${R}/" "$BUILDDIR/mount/"
             # Unmount all temporary loop devices and mount points
             cleanup
             # Create block map file(s) of image(s)
             if [ "$ENABLE_SPLITFS" = true ] ; then
               # Create block map files for "bmaptool"
               bmaptool create -o "$IMAGE_NAME-frmw.bmap" "$IMAGE_NAME-frmw.img"
               bmaptool create -o "$IMAGE_NAME-root.bmap" "$IMAGE_NAME-root.img"
               # Image was successfully created
               echo "$IMAGE_NAME-frmw.img ($(expr \( "${TABLE_SECTORS}" + "${FRMW_SECTORS}" \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
               echo "$IMAGE_NAME-root.img ($(expr \( "${TABLE_SECTORS}" + "${ROOT_SECTORS}" \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
             else
               # Create block map file for "bmaptool"
               bmaptool create -o "$IMAGE_NAME.bmap" "$IMAGE_NAME.img"
               # Image was successfully created
               echo "$IMAGE_NAME.img ($(expr \( "${TABLE_SECTORS}" + "${FRMW_SECTORS}" + "${ROOT_SECTORS}" \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
               # Create qemu qcow2 image
               if [ "$ENABLE_QEMU" = true ] ; then
                 QEMU_IMAGE=${QEMU_IMAGE:=${BASEDIR}/qemu/${DATE}-${KERNEL_ARCH}-CURRENT-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}}
                 QEMU_SIZE=16G
                 qemu-img convert -f raw -O qcow2 "$IMAGE_NAME".img "$QEMU_IMAGE".qcow2
                 qemu-img resize "$QEMU_IMAGE".qcow2 $QEMU_SIZE
                 echo "$QEMU_IMAGE.qcow2 ($QEMU_SIZE)" ": successfully created"
               fi
             fi

General Comments 0

Écrire
Preview

Vous devez vous connecter pour laisser un commentaire. Se connecter maintenant

No TODOs yet

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Dépôts
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages