##// END OF EJS Templates
Raspi2-3_GenImage
RSS

Cloner depuis https://github.com/drtyhlpr/rpi23-gen-image.git

-Enable_nonfree no longer enables non-free packages while install. now it enables non free packacges in sources.list...
Unknown -
r732:4551fcf06923
parent child
Show More
Show file before | Show file after | Hide comments
@@ -0,0 +1,14
1 [Match]
2 Name=eth0
3
4 [Network]
5 RouteMetric=10
6 IPv6PrivacyExtensions=true
7 DHCP=no
8 Address=
9 Gateway=
10 DNS=
11 DNS=
12 Domains=
13 NTP=
14 NTP=
Show file before | Show file after | Hide comments
@@ -0,0 +1,14
1 [Match]
2 Name=wlan0
3
4 [Network]
5 RouteMetric=20
6 IPv6PrivacyExtensions=true
7 DHCP=no
8 Address=
9 Gateway=
10 DNS=
11 DNS=
12 Domains=
13 NTP=
14 NTP=
Show file before | Show file after | Hide comments
@@ -0,0 +1,188
1 ############################
2 ########APT settings########
3 ############################
4 APT_SERVER=ftp.debian.org
5 APT_PROXY=
6 KEEP_APT_PROXY=false
7 APT_INCLUDES_LATE=
8 APT_INCLUDES=
9 ############################
10 ##General system settings###
11 ############################
12 SET_ARCH=32
13 RPI_MODEL=3P
14 RELEASE=buster
15 HOSTNAME=
16 DEFLOCAL=en_US.UTF-8
17 TIMEZONE=Europe/Berlin
18 EXPANDROOT=true
19 ############################
20 #######User settings########
21 ############################
22 ENABLE_ROOT=false
23 ROOT_PASSWORD=raspberry
24 ENABLE_USER=true
25 USER_NAME=pi
26 USER_PASSWORD=raspberry
27 ############################
28 ####Keyboard settings#######
29 ############################
30 XKB_MODEL=
31 XKB_LAYOUT=
32 XKB_VARIANT=
33 XKB_OPTIONS=
34 ############################
35 ######Network settings######
36 ############################
37 ENABLE_IPV6=true
38 ENABLE_WIRELESS=false
39 ENABLE_IPTABLES=false
40 ENABLE_HARDNET=false
41 ENABLE_IFNAMES=true
42 ############################
43 # Network settings (DHCP)
44 ENABLE_ETH_DHCP=true
45 ENABLE_WIFI_DHCP=true
46 ############################
47 # Network settings (static)
48 NET_ETH_ADDRESS=
49 NET_ETH_GATEWAY=
50 NET_ETH_DNS_1=
51 NET_ETH_DNS_2=
52 NET_ETH_DNS_DOMAINS=
53 NET_ETH_NTP_1=
54 NET_ETH_NTP_2=
55 ############################
56 NET_WIFI_SSID=
57 NET_WIFI_PSK=
58 ############################
59 # Network settings (static)
60 NET_WIFI_ADDRESS=
61 NET_WIFI_GATEWAY=
62 NET_WIFI_DNS_1=
63 NET_WIFI_DNS_2=
64 NET_WIFI_DNS_DOMAINS=
65 NET_WIFI_NTP_1=
66 NET_WIFI_NTP_2=
67 ############################
68 ###Basic system settings####
69 ############################
70 ENABLE_CONSOLE=false
71 ENABLE_PRINTK=false
72 ENABLE_BLUETOOTH=false
73 ENABLE_MINIUART_OVERLAY=false
74 ENABLE_TURBO=false
75 ENABLE_I2C=true
76 ENABLE_SPI=true
77 ENABLE_NONFREE=false
78 ENABLE_RSYSLOG=false
79 ENABLE_SOUND=false
80 ENABLE_HWRANDOM=true
81 ENABLE_MINGPU=false
82 ENABLE_XORG=false
83 ENABLE_WM=
84 ENABLE_SYSVINIT=false
85 ENABLE_SPLASH=true
86 ENABLE_LOGO=true
87 ENABLE_SILENT_BOOT=false
88 ############################
89 #1=disable overlay,2=turbo+overlay, otherwise leave unset
90 DISABLE_UNDERVOLT_WARNINGS=
91 ############################
92 ##Advanced system settings##
93 ############################
94 ENABLE_DPHYSSWAP=true
95 ENABLE_SYSTEMDSWAP=false
96 ############################
97 ENABLE_QEMU=false
98 QEMU_BINARY=
99 ENABLE_KEYGEN=false
100 ENABLE_MINBASE=false
101 ENABLE_SPLITFS=false
102 ENABLE_INITRAMFS=false
103 ENABLE_DBUS=true
104 ENABLE_USBBOOT=false
105 ############################
106 CHROOT_SCRIPTS=
107 ############################
108 ENABLE_UBOOT=false
109 UBOOTSRC_DIR=
110 ############################
111 ENABLE_FBTURBO=false
112 FBTURBOSRC_DIR=
113 ############################
114 ENABLE_VIDEOCORE=false
115 VIDEOCORESRC_DIR=
116 ############################
117 ENABLE_NEXMON=false
118 NEXMONSRC_DIR=
119 ############################
120 ########SSH settings########
121 ############################
122 SSH_ENABLE=true
123 SSH_ENABLE_ROOT=false
124 SSH_DISABLE_PASSWORD_AUTH=false
125 SSH_LIMIT_USERS=false
126 SSH_ROOT_PUB_KEY=
127 SSH_USER_PUB_KEY=
128 ############################
129 #####Kernel settings########
130 ############################
131 BUILD_KERNEL=true
132 CROSS_COMPILE=
133 KERNEL_ARCH=
134 KERNEL_IMAGE=
135 KERNEL_BRANCH=
136 KERNEL_DEFCONFIG=
137
138 KERNEL_THREADS=1
139 KERNEL_HEADERS=true
140 KERNEL_MENUCONFIG=false
141 KERNEL_OLDDEFCONFIG=false
142 KERNEL_CCACHE=false
143 KERNEL_REMOVESRC=true
144 KERNELSRC_DIR=
145 KERNELSRC_CLEAN=false
146 KERNELSRC_CONFIG=true
147 KERNELSRC_USRCONFIG=
148 KERNELSRC_PREBUILT=false
149 RPI_FIRMWARE_DIR=
150 KERNEL_DEFAULT_GOV=ondemand
151 KERNEL_NF=false
152 KERNEL_VIRT=false
153 KERNEL_ZSWAP=false
154 KERNEL_BPF=true
155 KERNEL_SECURITY=false
156 KERNEL_BTRFS=false
157 KERNEL_POEHAT=false
158 KERNEL_NSPAWN=false
159 KERNEL_DHKEY=true
160 ############################
161 #######Save diskspace#######
162 ############################
163 ENABLE_REDUCE=false
164 REDUCE_APT=true
165 REDUCE_DOC=false
166 REDUCE_MAN=false
167 REDUCE_VIM=false
168 REDUCE_BASH=false
169 REDUCE_HWDB=false
170 REDUCE_SSHD=false
171 REDUCE_LOCALE=false
172 REDUCE_KERNEL=false
173 ############################
174 ######CryptFS Settings######
175 ############################
176 ENABLE_CRYPTFS=false
177 CRYPTFS_PASSWORD=
178 CRYPTFS_MAPPING=secure
179 CRYPTFS_CIPHER=aes-xts-plain64
180 CRYPTFS_HASH=sha256
181 CRYPTFS_XTSKEYSIZE=256
182 CRYPTFS_DROPBEAR=false
183 CRYPTFS_DROPBEAR_PUBKEY=
184 ############################
185 #######Build settings#######
186 ############################
187 BASEDIR=
188 IMAGE_NAME= No newline at end of file
Show file before | Show file after | Hide comments
@@ -1,41 +1,42
1 1 #
2 2 # Debootstrap basic system
3 3 #
4 4
5 5 # Load utility functions
6 6 . ./functions.sh
7 7
8 8 VARIANT=""
9 9 COMPONENTS="main"
10 10
11 11 # Use non-free Debian packages if needed
12 if [ "$ENABLE_NONFREE" = true ] ; then
12 # One use variable which is only needed by wifi firmware blob => reworked to use non free in /etc/apt/sources.list - we could just use ENABLE_WIRELESS here
13 if [ "$ENABLE_WIRELESS" = true ] ; then
13 14 COMPONENTS="main,non-free,contrib"
14 15 fi
15 16
16 17 # Use minbase bootstrap variant which only includes essential packages
17 18 if [ "$ENABLE_MINBASE" = true ] ; then
18 19 VARIANT="--variant=minbase"
19 20 fi
20 21
21 22 # Base debootstrap (unpack only)
22 23 http_proxy=${APT_PROXY} debootstrap ${APT_EXCLUDES} --arch="${RELEASE_ARCH}" --foreign ${VARIANT} --components="${COMPONENTS}" --include="${APT_INCLUDES}" "${RELEASE}" "${R}" "http://${APT_SERVER}/debian"
23 24
24 25 # Copy qemu emulator binary to chroot
25 26 install -m 755 -o root -g root "${QEMU_BINARY}" "${R}${QEMU_BINARY}"
26 27
27 28 # Copy debian-archive-keyring.pgp
28 29 mkdir -p "${R}/usr/share/keyrings"
29 30 install_readonly /usr/share/keyrings/debian-archive-keyring.gpg "${R}/usr/share/keyrings/debian-archive-keyring.gpg"
30 31
31 32 # Complete the bootstrapping process
32 33 chroot_exec /debootstrap/debootstrap --second-stage
33 34
34 35 # Mount required filesystems
35 36 mount -t proc none "${R}/proc"
36 37 mount -t sysfs none "${R}/sys"
37 38
38 39 # Mount pseudo terminal slave if supported by Debian release
39 40 if [ -d "${R}/dev/pts" ] ; then
40 41 mount --bind /dev/pts "${R}/dev/pts"
41 42 fi
Show file before | Show file after | Hide comments
@@ -1,889 +1,890
1 1 #
2 2 # Build and Setup RPi2/3 Kernel
3 3 #
4 4
5 5 # Load utility functions
6 6 . ./functions.sh
7 7
8 8 # Need to use kali kernel src if nexmon is enabled
9 9 if [ "$ENABLE_NEXMON" = true ] ; then
10 10 KERNEL_URL="${KALI_KERNEL_URL}"
11 11 # Clear Branch and KernelSRC_DIR if using nexmon. Everyone will forget to clone kali kernel instead of nomrla kernel
12 12 KERNEL_BRANCH=""
13 13 KERNELSRC_DIR=""
14 14 fi
15 15
16 16 # Fetch and build latest raspberry kernel
17 17 if [ "$BUILD_KERNEL" = true ] ; then
18 18 # Setup source directory
19 19 mkdir -p "${KERNEL_DIR}"
20 20
21 21 # Copy existing kernel sources into chroot directory
22 22 if [ -n "$KERNELSRC_DIR" ] && [ -d "$KERNELSRC_DIR" ] ; then
23 23 # Copy kernel sources and include hidden files
24 24 cp -r "${KERNELSRC_DIR}/". "${KERNEL_DIR}"
25 25
26 26 # Clean the kernel sources
27 27 if [ "$KERNELSRC_CLEAN" = true ] && [ "$KERNELSRC_PREBUILT" = false ] ; then
28 28 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" mrproper
29 29 fi
30 30 else # KERNELSRC_DIR=""
31 31 # Create temporary directory for kernel sources
32 32 temp_dir=$(as_nobody mktemp -d)
33 33
34 34 # Fetch current RPi2/3 kernel sources
35 35 if [ -z "${KERNEL_BRANCH}" ] ; then
36 36 as_nobody -H git -C "${temp_dir}" clone --depth=1 "${KERNEL_URL}" linux
37 37 else
38 38 as_nobody -H git -C "${temp_dir}" clone --depth=1 --branch "${KERNEL_BRANCH}" "${KERNEL_URL}" linux
39 39 fi
40 40
41 41 # Copy downloaded kernel sources
42 42 cp -r "${temp_dir}/linux/"* "${KERNEL_DIR}"
43 43
44 44 # Remove temporary directory for kernel sources
45 45 rm -fr "${temp_dir}"
46 46
47 47 # Set permissions of the kernel sources
48 48 chown -R root:root "${R}/usr/src"
49 49 fi
50 50
51 51 # Calculate optimal number of kernel building threads
52 if [ "$KERNEL_THREADS" = "1" ] && [ -r /proc/cpuinfo ] ; then
52 if [ -n "$KERNEL_THREADS" ] && [ -r /proc/cpuinfo ] ; then
53 53 KERNEL_THREADS=$(grep -c processor /proc/cpuinfo)
54 54 fi
55 55
56 # TODO: Check if defined Threadcount is higher than actual cores
57 # if [ "$KERNEL_THREADS" > grep -c processor /proc/cpuinfo] ; then
58 # echo "Defined more Threads than core assigned to this system"
59 # exit 1
60 # fi
61
56 62 #Copy 32bit config to 64bit
57 63 if [ "$ENABLE_QEMU" = true ] && [ "$KERNEL_ARCH" = arm64 ]; then
58 64 cp "${KERNEL_DIR}"/arch/arm/configs/vexpress_defconfig "${KERNEL_DIR}"/arch/arm64/configs/
59 65 fi
60 66
61 67 # Configure and build kernel
62 68 if [ "$KERNELSRC_PREBUILT" = false ] ; then
63 69 # Remove device, network and filesystem drivers from kernel configuration
64 if [ "$KERNEL_REDUCE" = true ] ; then
70 if [ "$REDUCE_KERNEL" = true ] ; then
65 71 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" "${KERNEL_DEFCONFIG}"
66 72 sed -i\
67 73 -e "s/\(^CONFIG_SND.*\=\).*/\1n/"\
68 74 -e "s/\(^CONFIG_SOUND.*\=\).*/\1n/"\
69 75 -e "s/\(^CONFIG_AC97.*\=\).*/\1n/"\
70 76 -e "s/\(^CONFIG_VIDEO_.*\=\).*/\1n/"\
71 77 -e "s/\(^CONFIG_MEDIA_TUNER.*\=\).*/\1n/"\
72 78 -e "s/\(^CONFIG_DVB.*\=\)[ym]/\1n/"\
73 79 -e "s/\(^CONFIG_REISERFS.*\=\).*/\1n/"\
74 80 -e "s/\(^CONFIG_JFS.*\=\).*/\1n/"\
75 81 -e "s/\(^CONFIG_XFS.*\=\).*/\1n/"\
76 82 -e "s/\(^CONFIG_GFS2.*\=\).*/\1n/"\
77 83 -e "s/\(^CONFIG_OCFS2.*\=\).*/\1n/"\
78 84 -e "s/\(^CONFIG_BTRFS.*\=\).*/\1n/"\
79 85 -e "s/\(^CONFIG_HFS.*\=\).*/\1n/"\
80 86 -e "s/\(^CONFIG_JFFS2.*\=\)[ym]/\1n/"\
81 87 -e "s/\(^CONFIG_UBIFS.*\=\).*/\1n/"\
82 88 -e "s/\(^CONFIG_SQUASHFS.*\=\)[ym]/\1n/"\
83 89 -e "s/\(^CONFIG_W1.*\=\)[ym]/\1n/"\
84 90 -e "s/\(^CONFIG_HAMRADIO.*\=\).*/\1n/"\
85 91 -e "s/\(^CONFIG_CAN.*\=\).*/\1n/"\
86 92 -e "s/\(^CONFIG_IRDA.*\=\).*/\1n/"\
87 93 -e "s/\(^CONFIG_BT_.*\=\).*/\1n/"\
88 94 -e "s/\(^CONFIG_WIMAX.*\=\)[ym]/\1n/"\
89 95 -e "s/\(^CONFIG_6LOWPAN.*\=\).*/\1n/"\
90 96 -e "s/\(^CONFIG_IEEE802154.*\=\).*/\1n/"\
91 97 -e "s/\(^CONFIG_NFC.*\=\).*/\1n/"\
92 98 -e "s/\(^CONFIG_FB_TFT=.*\=\).*/\1n/"\
93 99 -e "s/\(^CONFIG_TOUCHSCREEN.*\=\).*/\1n/"\
94 100 -e "s/\(^CONFIG_USB_GSPCA_.*\=\).*/\1n/"\
95 101 -e "s/\(^CONFIG_DRM.*\=\).*/\1n/"\
96 102 "${KERNEL_DIR}/.config"
97 103 fi
98 104
99 105 if [ "$KERNELSRC_CONFIG" = true ] ; then
100 106 # Load default raspberry kernel configuration
101 107 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" "${KERNEL_DEFCONFIG}"
102 108
103 109 #Switch to KERNELSRC_DIR so we can use set_kernel_config
104 110 cd "${KERNEL_DIR}" || exit
105 111
106 112 # Enable RPI POE HAT fan
107 113 if [ "$KERNEL_POEHAT" = true ]; then
108 114 set_kernel_config CONFIG_SENSORS_RPI_POE_FAN m
109 115 fi
110 116
111 117 # Enable per-interface network priority control
112 118 # (for systemd-nspawn)
113 119 if [ "$KERNEL_NSPAN" = true ]; then
114 120 set_kernel_config CONFIG_CGROUP_NET_PRIO y
115 121 fi
116 122
117 123 # Compile in BTRFS
118 124 if [ "$KERNEL_BTRFS" = true ]; then
119 125 set_kernel_config CONFIG_BTRFS_FS y
120 126 set_kernel_config CONFIG_BTRFS_FS_POSIX_ACL y
121 127 set_kernel_config CONFIG_BTRFS_FS_REF_VERIFY y
122 128 fi
123 129
124 130 # Diffie-Hellman operations on retained keys
125 131 # (required for >keyutils-1.6)
126 132 if [ "$KERNEL_DHKEY" = true ]; then
127 133 set_kernel_config CONFIG_KEY_DH_OPERATIONS y
128 134 fi
129 135
130 136 if [ "$KERNEL_ARCH" = arm64 ] && [ "$ENABLE_QEMU" = false ]; then
131 137 # Mask this temporarily during switch to rpi-4.19.y
132 138 #Fix SD_DRIVER upstream and downstream mess in 64bit RPIdeb_config
133 139 # use correct driver MMC_BCM2835_MMC instead of MMC_BCM2835_SDHOST - see https://www.raspberrypi.org/forums/viewtopic.php?t=210225
134 140 #set_kernel_config CONFIG_MMC_BCM2835 n
135 141 #set_kernel_config CONFIG_MMC_SDHCI_IPROC n
136 142 #set_kernel_config CONFIG_USB_DWC2 n
137 143 #sed -i "s|depends on MMC_BCM2835_MMC && MMC_BCM2835_DMA|depends on MMC_BCM2835_MMC|" "${KERNEL_DIR}"/drivers/mmc/host/Kconfig
138 144
139 145 #VLAN got disabled without reason in arm64bit
140 146 set_kernel_config CONFIG_IPVLAN m
141 147 fi
142 148
143 149 # enable ZSWAP see https://askubuntu.com/a/472227 or https://wiki.archlinux.org/index.php/zswap
144 150 if [ "$KERNEL_ZSWAP" = true ] ; then
145 151 set_kernel_config CONFIG_ZPOOL y
146 152 set_kernel_config CONFIG_ZSWAP y
147 153 set_kernel_config CONFIG_ZBUD y
148 154 set_kernel_config CONFIG_Z3FOLD y
149 155 set_kernel_config CONFIG_ZSMALLOC y
150 156 set_kernel_config CONFIG_PGTABLE_MAPPING y
151 157 set_kernel_config CONFIG_LZO_COMPRESS y
152 158 fi
153 159
154 160 if [ "$RPI_MODEL" = 4 ] ; then
155 161 # Following are set in current 32-bit LPAE kernel
156 162 set_kernel_config CONFIG_CGROUP_PIDS y
157 163 set_kernel_config CONFIG_NET_IPVTI m
158 164 set_kernel_config CONFIG_NF_TABLES_SET m
159 165 set_kernel_config CONFIG_NF_TABLES_INET y
160 166 set_kernel_config CONFIG_NF_TABLES_NETDEV y
161 167 set_kernel_config CONFIG_NF_FLOW_TABLE m
162 168 set_kernel_config CONFIG_NFT_FLOW_OFFLOAD m
163 169 set_kernel_config CONFIG_NFT_CONNLIMIT m
164 170 set_kernel_config CONFIG_NFT_TUNNEL m
165 171 set_kernel_config CONFIG_NFT_OBJREF m
166 172 set_kernel_config CONFIG_NFT_FIB_IPV4 m
167 173 set_kernel_config CONFIG_NFT_FIB_IPV6 m
168 174 set_kernel_config CONFIG_NFT_FIB_INET m
169 175 set_kernel_config CONFIG_NFT_SOCKET m
170 176 set_kernel_config CONFIG_NFT_OSF m
171 177 set_kernel_config CONFIG_NFT_TPROXY m
172 178 set_kernel_config CONFIG_NF_DUP_NETDEV m
173 179 set_kernel_config CONFIG_NFT_DUP_NETDEV m
174 180 set_kernel_config CONFIG_NFT_FWD_NETDEV m
175 181 set_kernel_config CONFIG_NFT_FIB_NETDEV m
176 182 set_kernel_config CONFIG_NF_FLOW_TABLE_INET m
177 183 set_kernel_config CONFIG_NF_FLOW_TABLE m
178 184 set_kernel_config CONFIG_NETFILTER_XT_MATCH_SOCKET m
179 185 set_kernel_config CONFIG_NFT_CHAIN_ROUTE_IPV6 m
180 186 set_kernel_config CONFIG_NFT_CHAIN_NAT_IPV6 m
181 187 set_kernel_config CONFIG_NFT_MASQ_IPV6 m
182 188 set_kernel_config CONFIG_NFT_REDIR_IPV6 m
183 189 set_kernel_config CONFIG_NFT_REJECT_IPV6 m
184 190 set_kernel_config CONFIG_NFT_DUP_IPV6 m
185 191 set_kernel_config CONFIG_NFT_FIB_IPV6 m
186 192 set_kernel_config CONFIG_NF_FLOW_TABLE_IPV6 m
187 193 set_kernel_config CONFIG_NF_TABLES_BRIDGE m
188 194 set_kernel_config CONFIG_NFT_BRIDGE_REJECT m
189 195 set_kernel_config CONFIG_NF_LOG_BRIDGE m
190 196 set_kernel_config CONFIG_MT76_CORE m
191 197 set_kernel_config CONFIG_MT76_LEDS m
192 198 set_kernel_config CONFIG_MT76_USB m
193 199 set_kernel_config CONFIG_MT76x2_COMMON m
194 200 set_kernel_config CONFIG_MT76x0U m
195 201 set_kernel_config CONFIG_MT76x2U m
196 202 set_kernel_config CONFIG_TOUCHSCREEN_ILI210X m
197 203 set_kernel_config CONFIG_BCM_VC_SM m
198 204 set_kernel_config CONFIG_BCM2835_SMI_DEV m
199 205 set_kernel_config CONFIG_RPIVID_MEM m
200 206 set_kernel_config CONFIG_HW_RANDOM_BCM2835 y
201 207 set_kernel_config CONFIG_TCG_TPM m
202 208 set_kernel_config CONFIG_HW_RANDOM_TPM y
203 209 set_kernel_config CONFIG_TCG_TIS m
204 210 set_kernel_config CONFIG_TCG_TIS_SPI m
205 211 set_kernel_config CONFIG_I2C_MUX m
206 212 set_kernel_config CONFIG_I2C_MUX_GPMUX m
207 213 set_kernel_config CONFIG_I2C_MUX_PCA954x m
208 214 set_kernel_config CONFIG_SPI_GPIO m
209 215 set_kernel_config CONFIG_BATTERY_MAX17040 m
210 216 set_kernel_config CONFIG_SENSORS_GPIO_FAN m
211 217 set_kernel_config CONFIG_SENSORS_RASPBERRYPI_HWMON m
212 218 set_kernel_config CONFIG_BCM2835_THERMAL y
213 219 set_kernel_config CONFIG_RC_CORE y
214 220 set_kernel_config CONFIG_RC_MAP y
215 221 set_kernel_config CONFIG_LIRC y
216 222 set_kernel_config CONFIG_RC_DECODERS y
217 223 set_kernel_config CONFIG_IR_NEC_DECODER m
218 224 set_kernel_config CONFIG_IR_RC5_DECODER m
219 225 set_kernel_config CONFIG_IR_RC6_DECODER m
220 226 set_kernel_config CONFIG_IR_JVC_DECODER m
221 227 set_kernel_config CONFIG_IR_SONY_DECODER m
222 228 set_kernel_config CONFIG_IR_SANYO_DECODER m
223 229 set_kernel_config CONFIG_IR_SHARP_DECODER m
224 230 set_kernel_config CONFIG_IR_MCE_KBD_DECODER m
225 231 set_kernel_config CONFIG_IR_XMP_DECODER m
226 232 set_kernel_config CONFIG_IR_IMON_DECODER m
227 233 set_kernel_config CONFIG_RC_DEVICES y
228 234 set_kernel_config CONFIG_RC_ATI_REMOTE m
229 235 set_kernel_config CONFIG_IR_IMON m
230 236 set_kernel_config CONFIG_IR_MCEUSB m
231 237 set_kernel_config CONFIG_IR_REDRAT3 m
232 238 set_kernel_config CONFIG_IR_STREAMZAP m
233 239 set_kernel_config CONFIG_IR_IGUANA m
234 240 set_kernel_config CONFIG_IR_TTUSBIR m
235 241 set_kernel_config CONFIG_RC_LOOPBACK m
236 242 set_kernel_config CONFIG_IR_GPIO_CIR m
237 243 set_kernel_config CONFIG_IR_GPIO_TX m
238 244 set_kernel_config CONFIG_IR_PWM_TX m
239 245 set_kernel_config CONFIG_VIDEO_V4L2_SUBDEV_API y
240 246 set_kernel_config CONFIG_VIDEO_AU0828_RC y
241 247 set_kernel_config CONFIG_VIDEO_CX231XX m
242 248 set_kernel_config CONFIG_VIDEO_CX231XX_RC y
243 249 set_kernel_config CONFIG_VIDEO_CX231XX_ALSA m
244 250 set_kernel_config CONFIG_VIDEO_CX231XX_DVB m
245 251 set_kernel_config CONFIG_VIDEO_TM6000 m
246 252 set_kernel_config CONFIG_VIDEO_TM6000_ALSA m
247 253 set_kernel_config CONFIG_VIDEO_TM6000_DVB m
248 254 set_kernel_config CONFIG_DVB_USB m
249 255 set_kernel_config CONFIG_DVB_USB_DIB3000MC m
250 256 set_kernel_config CONFIG_DVB_USB_A800 m
251 257 set_kernel_config CONFIG_DVB_USB_DIBUSB_MB m
252 258 set_kernel_config CONFIG_DVB_USB_DIBUSB_MB_FAULTY y
253 259 set_kernel_config CONFIG_DVB_USB_DIBUSB_MC m
254 260 set_kernel_config CONFIG_DVB_USB_DIB0700 m
255 261 set_kernel_config CONFIG_DVB_USB_UMT_010 m
256 262 set_kernel_config CONFIG_DVB_USB_CXUSB m
257 263 set_kernel_config CONFIG_DVB_USB_M920X m
258 264 set_kernel_config CONFIG_DVB_USB_DIGITV m
259 265 set_kernel_config CONFIG_DVB_USB_VP7045 m
260 266 set_kernel_config CONFIG_DVB_USB_VP702X m
261 267 set_kernel_config CONFIG_DVB_USB_GP8PSK m
262 268 set_kernel_config CONFIG_DVB_USB_NOVA_T_USB2 m
263 269 set_kernel_config CONFIG_DVB_USB_TTUSB2 m
264 270 set_kernel_config CONFIG_DVB_USB_DTT200U m
265 271 set_kernel_config CONFIG_DVB_USB_OPERA1 m
266 272 set_kernel_config CONFIG_DVB_USB_AF9005 m
267 273 set_kernel_config CONFIG_DVB_USB_AF9005_REMOTE m
268 274 set_kernel_config CONFIG_DVB_USB_PCTV452E m
269 275 set_kernel_config CONFIG_DVB_USB_DW2102 m
270 276 set_kernel_config CONFIG_DVB_USB_CINERGY_T2 m
271 277 set_kernel_config CONFIG_DVB_USB_DTV5100 m
272 278 set_kernel_config CONFIG_DVB_USB_AZ6027 m
273 279 set_kernel_config CONFIG_DVB_USB_TECHNISAT_USB2 m
274 280 set_kernel_config CONFIG_DVB_USB_AF9015 m
275 281 set_kernel_config CONFIG_DVB_USB_LME2510 m
276 282 set_kernel_config CONFIG_DVB_USB_RTL28XXU m
277 283 set_kernel_config CONFIG_VIDEO_EM28XX_RC m
278 284 set_kernel_config CONFIG_SMS_SIANO_RC m
279 285 set_kernel_config CONFIG_VIDEO_IR_I2C m
280 286 set_kernel_config CONFIG_VIDEO_ADV7180 m
281 287 set_kernel_config CONFIG_VIDEO_TC358743 m
282 288 set_kernel_config CONFIG_VIDEO_OV5647 m
283 289 set_kernel_config CONFIG_DVB_M88DS3103 m
284 290 set_kernel_config CONFIG_DVB_AF9013 m
285 291 set_kernel_config CONFIG_DVB_RTL2830 m
286 292 set_kernel_config CONFIG_DVB_RTL2832 m
287 293 set_kernel_config CONFIG_DVB_SI2168 m
288 294 set_kernel_config CONFIG_DVB_GP8PSK_FE m
289 295 set_kernel_config CONFIG_DVB_USB m
290 296 set_kernel_config CONFIG_DVB_LGDT3306A m
291 297 set_kernel_config CONFIG_FB_SIMPLE y
292 298 set_kernel_config CONFIG_SND_BCM2708_SOC_IQAUDIO_CODEC m
293 299 set_kernel_config CONFIG_SND_BCM2708_SOC_I_SABRE_Q2M m
294 300 set_kernel_config CONFIG_SND_AUDIOSENSE_PI m
295 301 set_kernel_config CONFIG_SND_SOC_AD193X m
296 302 set_kernel_config CONFIG_SND_SOC_AD193X_SPI m
297 303 set_kernel_config CONFIG_SND_SOC_AD193X_I2C m
298 304 set_kernel_config CONFIG_SND_SOC_CS4265 m
299 305 set_kernel_config CONFIG_SND_SOC_DA7213 m
300 306 set_kernel_config CONFIG_SND_SOC_ICS43432 m
301 307 set_kernel_config CONFIG_SND_SOC_TLV320AIC32X4 m
302 308 set_kernel_config CONFIG_SND_SOC_TLV320AIC32X4_I2C m
303 309 set_kernel_config CONFIG_SND_SOC_I_SABRE_CODEC m
304 310 set_kernel_config CONFIG_HID_BIGBEN_FF m
305 311 #set_kernel_config CONFIG_USB_XHCI_PLATFORM y
306 312 set_kernel_config CONFIG_USB_TMC m
307 313 set_kernel_config CONFIG_USB_UAS y
308 314 set_kernel_config CONFIG_USBIP_VUDC m
309 315 set_kernel_config CONFIG_USB_CONFIGFS m
310 316 set_kernel_config CONFIG_USB_CONFIGFS_SERIAL y
311 317 set_kernel_config CONFIG_USB_CONFIGFS_ACM y
312 318 set_kernel_config CONFIG_USB_CONFIGFS_OBEX y
313 319 set_kernel_config CONFIG_USB_CONFIGFS_NCM y
314 320 set_kernel_config CONFIG_USB_CONFIGFS_ECM y
315 321 set_kernel_config CONFIG_USB_CONFIGFS_ECM_SUBSET y
316 322 set_kernel_config CONFIG_USB_CONFIGFS_RNDIS y
317 323 set_kernel_config CONFIG_USB_CONFIGFS_EEM y
318 324 set_kernel_config CONFIG_USB_CONFIGFS_MASS_STORAGE y
319 325 set_kernel_config CONFIG_USB_CONFIGFS_F_LB_SS y
320 326 set_kernel_config CONFIG_USB_CONFIGFS_F_FS y
321 327 set_kernel_config CONFIG_USB_CONFIGFS_F_UAC1 y
322 328 set_kernel_config CONFIG_USB_CONFIGFS_F_UAC2 y
323 329 set_kernel_config CONFIG_USB_CONFIGFS_F_MIDI y
324 330 set_kernel_config CONFIG_USB_CONFIGFS_F_HID y
325 331 set_kernel_config CONFIG_USB_CONFIGFS_F_UVC y
326 332 set_kernel_config CONFIG_USB_CONFIGFS_F_PRINTER y
327 333 set_kernel_config CONFIG_LEDS_PCA963X m
328 334 set_kernel_config CONFIG_LEDS_IS31FL32XX m
329 335 set_kernel_config CONFIG_LEDS_TRIGGER_NETDEV m
330 336 set_kernel_config CONFIG_RTC_DRV_RV3028 m
331 337 set_kernel_config CONFIG_AUXDISPLAY y
332 338 set_kernel_config CONFIG_HD44780 m
333 339 set_kernel_config CONFIG_FB_TFT_SH1106 m
334 340 set_kernel_config CONFIG_VIDEO_CODEC_BCM2835 m
335 341 set_kernel_config CONFIG_BCM2835_POWER y
336 342 set_kernel_config CONFIG_INV_MPU6050_IIO m
337 343 set_kernel_config CONFIG_INV_MPU6050_I2C m
338 344 set_kernel_config CONFIG_SECURITYFS y
339 345
340 346 # Safer to build this in
341 347 set_kernel_config CONFIG_BINFMT_MISC y
342 348
343 349 # pulseaudio wants a buffer of at least this size
344 350 set_kernel_config CONFIG_SND_HDA_PREALLOC_SIZE 2048
345 351
346 352 # PR#3063: enable 3D acceleration with 64-bit kernel on RPi4
347 353 # set the appropriate kernel configs unlocked by this PR
348 354 set_kernel_config CONFIG_ARCH_BCM y
349 355 set_kernel_config CONFIG_ARCH_BCM2835 y
350 356 set_kernel_config CONFIG_DRM_V3D m
351 357 set_kernel_config CONFIG_DRM_VC4 m
352 358 set_kernel_config CONFIG_DRM_VC4_HDMI_CEC y
353 359
354 360 # PR#3144: add arm64 pcie bounce buffers; enables 4GiB on RPi4
355 361 # required by PR#3144; should already be applied, but just to be safe
356 362 set_kernel_config CONFIG_PCIE_BRCMSTB y
357 363 set_kernel_config CONFIG_BCM2835_MMC y
358 364
359 365 # Snap needs squashfs. The ubuntu eoan-preinstalled-server image at
360 366 # http://cdimage.ubuntu.com/ubuntu-server/daily-preinstalled/current/ uses snap
361 367 # during cloud-init setup at first boot. Without this the login accounts are not
362 368 # created and the user can not login.
363 369 set_kernel_config CONFIG_SQUASHFS y
364 370
365 371 # Ceph support for Block Device (RBD) and Filesystem (FS)
366 372 # https://docs.ceph.com/docs/master/
367 373 set_kernel_config CONFIG_CEPH_LIB m
368 374 set_kernel_config CONFIG_CEPH_LIB_USE_DNS_RESOLVER y
369 375 set_kernel_config CONFIG_CEPH_FS m
370 376 set_kernel_config CONFIG_CEPH_FSCACHE y
371 377 set_kernel_config CONFIG_CEPH_FS_POSIX_ACL y
372 378 set_kernel_config CONFIG_BLK_DEV_RBD m
373 379 fi
374 380
375 381 # enable basic KVM support; see https://www.raspberrypi.org/forums/viewtopic.php?f=63&t=210546&start=25#p1300453
376 382 if [ "$KERNEL_VIRT" = true ] && { [ "$RPI_MODEL" = 2 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] || [ "$RPI_MODEL" = 4 ]; } ; then
377 383 set_kernel_config CONFIG_HAVE_KVM y
378 384 set_kernel_config CONFIG_HIGH_RES_TIMERS y
379 385 set_kernel_config CONFIG_HAVE_KVM_IRQCHIP y
380 386 set_kernel_config CONFIG_HAVE_KVM_ARCH_TLB_FLUSH_ALL y
381 387 set_kernel_config CONFIG_HAVE_KVM_CPU_RELAX_INTERCEPT y
382 388 set_kernel_config CONFIG_HAVE_KVM_EVENTFD y
383 389 set_kernel_config CONFIG_HAVE_KVM_IRQFD y
384 390 set_kernel_config CONFIG_HAVE_KVM_IRQ_ROUTING y
385 391 set_kernel_config CONFIG_HAVE_KVM_MSI y
386 392 set_kernel_config CONFIG_KVM y
387 393 set_kernel_config CONFIG_KVM_ARM_HOST y
388 394 set_kernel_config CONFIG_KVM_ARM_PMU y
389 395 set_kernel_config CONFIG_KVM_COMPAT y
390 396 set_kernel_config CONFIG_KVM_GENERIC_DIRTYLOG_READ_PROTECT y
391 397 set_kernel_config CONFIG_KVM_MMIO y
392 398 set_kernel_config CONFIG_KVM_VFIO y
393 399 set_kernel_config CONFIG_KVM_MMU_AUDIT y
394 400 set_kernel_config CONFIG_VHOST m
395 401 set_kernel_config CONFIG_VHOST_CROSS_ENDIAN_LEGACY y
396 402 set_kernel_config CONFIG_VHOST_NET m
397 403 set_kernel_config CONFIG_VIRTUALIZATION y
398 404 set_kernel_config CONFIG_SLAB_FREELIST_RANDOM=y
399 405 set_kernel_config CONFIG_SLAB_FREELIST_HARDENED=y
400 406 set_kernel_config CONFIG_MMU_NOTIFIER y
401 407
402 408 # erratum
403 409 set_kernel_config ARM64_ERRATUM_834220 y
404 410
405 411 # https://sourceforge.net/p/kvm/mailman/message/18440797/
406 412 set_kernel_config CONFIG_PREEMPT_NOTIFIERS y
407 413 fi
408 414
409 415 # enable apparmor,integrity audit,
410 416 if [ "$KERNEL_SECURITY" = true ] ; then
411 417
412 418 # security filesystem, security models and audit
413 419 set_kernel_config CONFIG_SECURITYFS y
414 420 set_kernel_config CONFIG_SECURITY y
415 421 set_kernel_config CONFIG_AUDIT y
416 422
417 423 # harden strcpy and memcpy
418 424 set_kernel_config CONFIG_HARDENED_USERCOPY y
419 425 set_kernel_config CONFIG_HAVE_HARDENED_USERCOPY_ALLOCATOR y
420 426 set_kernel_config CONFIG_FORTIFY_SOURCE y
421 427
422 428 # integrity sub-system
423 429 set_kernel_config CONFIG_INTEGRITY y
424 430 set_kernel_config CONFIG_INTEGRITY_ASYMMETRIC_KEYS y
425 431 set_kernel_config CONFIG_INTEGRITY_AUDIT y
426 432 set_kernel_config CONFIG_INTEGRITY_SIGNATURE y
427 433 set_kernel_config CONFIG_INTEGRITY_TRUSTED_KEYRING y
428 434
429 435 # This option provides support for retaining authentication tokens and access keys in the kernel.
430 436 set_kernel_config CONFIG_KEYS y
431 437 set_kernel_config CONFIG_KEYS_COMPAT y
432 438
433 439 # Apparmor
434 440 set_kernel_config CONFIG_SECURITY_APPARMOR_BOOTPARAM_VALUE 0
435 441 set_kernel_config CONFIG_SECURITY_APPARMOR_HASH_DEFAULT y
436 442 set_kernel_config CONFIG_DEFAULT_SECURITY_APPARMOR y
437 443 set_kernel_config CONFIG_SECURITY_APPARMOR y
438 444 set_kernel_config CONFIG_SECURITY_APPARMOR_HASH y
439 445 set_kernel_config CONFIG_DEFAULT_SECURITY "apparmor"
440 446
441 447 # restrictions on unprivileged users reading the kernel
442 448 set_kernel_config CONFIG_SECURITY_DMESG_RESTRICT y
443 449
444 450 # network security hooks
445 451 set_kernel_config CONFIG_SECURITY_NETWORK y
446 452 set_kernel_config CONFIG_SECURITY_NETWORK_XFRM y
447 453 set_kernel_config CONFIG_SECURITY_PATH y
448 454 set_kernel_config CONFIG_SECURITY_YAMA n
449 455
450 456 set_kernel_config CONFIG_SECURITY_SELINUX n
451 457 set_kernel_config CONFIG_SECURITY_SMACK n
452 458 set_kernel_config CONFIG_SECURITY_TOMOYO n
453 459 set_kernel_config CONFIG_SECURITY_APPARMOR_DEBUG n
454 460 set_kernel_config CONFIG_SECURITY_LOADPIN n
455 461 set_kernel_config CONFIG_HARDENED_USERCOPY_PAGESPAN n
456 462 set_kernel_config CONFIG_IMA n
457 463 set_kernel_config CONFIG_EVM n
458 464 set_kernel_config CONFIG_FANOTIFY_ACCESS_PERMISSIONS y
459 465 set_kernel_config CONFIG_NFSD_V4_SECURITY_LABEL y
460 466 set_kernel_config CONFIG_PKCS7_MESSAGE_PARSER y
461 467 set_kernel_config CONFIG_SYSTEM_TRUSTED_KEYRING y
462 468 set_kernel_config CONFIG_SYSTEM_EXTRA_CERTIFICATE y
463 469 set_kernel_config CONFIG_SECONDARY_TRUSTED_KEYRING y
464 470 set_kernel_config CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY n
465 471 set_kernel_config CONFIG_SYSTEM_TRUSTED_KEYS m
466 472 set_kernel_config CONFIG_SYSTEM_EXTRA_CERTIFICATE_SIZE 4096
467
468 set_kernel_config CONFIG_ARM64_CRYPTO y
473 fi
474
475 if [ "$ENABLE_CRYPTFS" = true ] ; then
476 set_kernel_config CONFIG_EMBEDDED y
477 set_kernel_config CONFIG_EXPERT y
478 set_kernel_config CONFIG_DAX y
479 set_kernel_config CONFIG_MD y
480 set_kernel_config CONFIG_BLK_DEV_MD y
481 set_kernel_config CONFIG_MD_AUTODETECT y
482 set_kernel_config CONFIG_BLK_DEV_DM y
483 set_kernel_config CONFIG_BLK_DEV_DM_BUILTIN y
484 set_kernel_config CONFIG_DM_CRYPT y
485 set_kernel_config CONFIG_CRYPTO_BLKCIPHER y
486 set_kernel_config CONFIG_CRYPTO_CBC y
487 set_kernel_config CONFIG_CRYPTO_XTS y
488 set_kernel_config CONFIG_CRYPTO_SHA512 y
489 set_kernel_config CONFIG_CRYPTO_MANAGER y
490 set_kernel_config CONFIG_ARM64_CRYPTO y
469 491 set_kernel_config CONFIG_CRYPTO_SHA256_ARM64 m
470 492 set_kernel_config CONFIG_CRYPTO_SHA512_ARM64 m
471 493 set_kernel_config CONFIG_CRYPTO_SHA1_ARM64_CE m
472 494 set_kernel_config CRYPTO_GHASH_ARM64_CE m
473 495 set_kernel_config CRYPTO_SHA2_ARM64_CE m
474 496 set_kernel_config CONFIG_CRYPTO_CRCT10DIF_ARM64_CE m
475 497 set_kernel_config CONFIG_CRYPTO_CRC32_ARM64_CE m
476 498 set_kernel_config CONFIG_CRYPTO_AES_ARM64 m
477 499 set_kernel_config CONFIG_CRYPTO_AES_ARM64_CE m
478 500 set_kernel_config CONFIG_CRYPTO_AES_ARM64_CE_CCM y
479 501 set_kernel_config CONFIG_CRYPTO_AES_ARM64_CE_BLK y
480 502 set_kernel_config CONFIG_CRYPTO_AES_ARM64_NEON_BLK m
481 503 set_kernel_config CONFIG_CRYPTO_CHACHA20_NEON m
482 504 set_kernel_config CONFIG_CRYPTO_AES_ARM64_BS m
483 505 fi
484 506
485 507 # Netfilter kernel support See https://github.com/raspberrypi/linux/issues/2177#issuecomment-354647406
486 508 if [ "$KERNEL_NF" = true ] ; then
487 509 set_kernel_config CONFIG_IP_NF_SECURITY m
488 510 set_kernel_config CONFIG_NETLABEL y
489 511 set_kernel_config CONFIG_IP6_NF_SECURITY m
490 512 set_kernel_config CONFIG_IP_NF_TARGET_SYNPROXY m
491 513 set_kernel_config CONFIG_NETFILTER_XT_TARGET_AUDIT m
492 514 set_kernel_config CONFIG_NETFILTER_XT_MATCH_CGROUP m
493 515 set_kernel_config CONFIG_NETFILTER_XT_MATCH_IPCOMP m
494 516 set_kernel_config CONFIG_NETFILTER_XT_MATCH_SOCKET m
495 517 set_kernel_config CONFIG_NFT_FIB_INET m
496 518 set_kernel_config CONFIG_NFT_FIB_IPV4 m
497 519 set_kernel_config CONFIG_NFT_FIB_IPV6 m
498 520 set_kernel_config CONFIG_NFT_FIB_NETDEV m
499 521 set_kernel_config CONFIG_NFT_OBJREF m
500 522 set_kernel_config CONFIG_NFT_RT m
501 523 set_kernel_config CONFIG_NFT_SET_BITMAP m
502 524 set_kernel_config CONFIG_NF_CONNTRACK_TIMEOUT y
503 525 set_kernel_config CONFIG_NF_LOG_ARP m
504 526 set_kernel_config CONFIG_NF_SOCKET_IPV4 m
505 527 set_kernel_config CONFIG_NF_SOCKET_IPV6 m
506 528 set_kernel_config CONFIG_BRIDGE_EBT_BROUTE m
507 529 set_kernel_config CONFIG_BRIDGE_EBT_T_FILTER m
508 530 set_kernel_config CONFIG_BRIDGE_NF_EBTABLES m
509 531 set_kernel_config CONFIG_IP6_NF_IPTABLES m
510 532 set_kernel_config CONFIG_IP6_NF_MATCH_AH m
511 533 set_kernel_config CONFIG_IP6_NF_MATCH_EUI64 m
512 534 set_kernel_config CONFIG_IP6_NF_NAT m
513 535 set_kernel_config CONFIG_IP6_NF_TARGET_MASQUERADE m
514 536 set_kernel_config CONFIG_IP6_NF_TARGET_NPT m
515 537 set_kernel_config CONFIG_IP_SET_BITMAP_IPMAC m
516 538 set_kernel_config CONFIG_IP_SET_BITMAP_PORT m
517 539 set_kernel_config CONFIG_IP_SET_HASH_IP m
518 540 set_kernel_config CONFIG_IP_SET_HASH_IPMARK m
519 541 set_kernel_config CONFIG_IP_SET_HASH_IPPORT m
520 542 set_kernel_config CONFIG_IP_SET_HASH_IPPORTIP m
521 543 set_kernel_config CONFIG_IP_SET_HASH_IPPORTNET m
522 544 set_kernel_config CONFIG_IP_SET_HASH_MAC m
523 545 set_kernel_config CONFIG_IP_SET_HASH_NET m
524 546 set_kernel_config CONFIG_IP_SET_HASH_NETIFACE m
525 547 set_kernel_config CONFIG_IP_SET_HASH_NETNET m
526 548 set_kernel_config CONFIG_IP_SET_HASH_NETPORT m
527 549 set_kernel_config CONFIG_IP_SET_HASH_NETPORTNET m
528 550 set_kernel_config CONFIG_IP_SET_LIST_SET m
529 551 set_kernel_config CONFIG_NETFILTER_XTABLES m
530 552 set_kernel_config CONFIG_NETFILTER_XTABLES m
531 553 set_kernel_config CONFIG_NFT_BRIDGE_META m
532 554 set_kernel_config CONFIG_NFT_BRIDGE_REJECT m
533 555 set_kernel_config CONFIG_NFT_CHAIN_NAT_IPV4 m
534 556 set_kernel_config CONFIG_NFT_CHAIN_NAT_IPV6 m
535 557 set_kernel_config CONFIG_NFT_CHAIN_ROUTE_IPV4 m
536 558 set_kernel_config CONFIG_NFT_CHAIN_ROUTE_IPV6 m
537 559 set_kernel_config CONFIG_NFT_COMPAT m
538 560 set_kernel_config CONFIG_NFT_COUNTER m
539 561 set_kernel_config CONFIG_NFT_CT m
540 562 set_kernel_config CONFIG_NFT_DUP_IPV4 m
541 563 set_kernel_config CONFIG_NFT_DUP_IPV6 m
542 564 set_kernel_config CONFIG_NFT_DUP_NETDEV m
543 565 set_kernel_config CONFIG_NFT_EXTHDR m
544 566 set_kernel_config CONFIG_NFT_FWD_NETDEV m
545 567 set_kernel_config CONFIG_NFT_HASH m
546 568 set_kernel_config CONFIG_NFT_LIMIT m
547 569 set_kernel_config CONFIG_NFT_LOG m
548 570 set_kernel_config CONFIG_NFT_MASQ m
549 571 set_kernel_config CONFIG_NFT_MASQ_IPV4 m
550 572 set_kernel_config CONFIG_NFT_MASQ_IPV6 m
551 573 set_kernel_config CONFIG_NFT_META m
552 574 set_kernel_config CONFIG_NFT_NAT m
553 575 set_kernel_config CONFIG_NFT_NUMGEN m
554 576 set_kernel_config CONFIG_NFT_QUEUE m
555 577 set_kernel_config CONFIG_NFT_QUOTA m
556 578 set_kernel_config CONFIG_NFT_REDIR m
557 579 set_kernel_config CONFIG_NFT_REDIR_IPV4 m
558 580 set_kernel_config CONFIG_NFT_REDIR_IPV6 m
559 581 set_kernel_config CONFIG_NFT_REJECT m
560 582 set_kernel_config CONFIG_NFT_REJECT_INET m
561 583 set_kernel_config CONFIG_NFT_REJECT_IPV4 m
562 584 set_kernel_config CONFIG_NFT_REJECT_IPV6 m
563 585 set_kernel_config CONFIG_NFT_SET_HASH m
564 586 set_kernel_config CONFIG_NFT_SET_RBTREE m
565 587 set_kernel_config CONFIG_NF_CONNTRACK_IPV4 m
566 588 set_kernel_config CONFIG_NF_CONNTRACK_IPV6 m
567 589 set_kernel_config CONFIG_NF_DEFRAG_IPV4 m
568 590 set_kernel_config CONFIG_NF_DEFRAG_IPV6 m
569 591 set_kernel_config CONFIG_NF_DUP_IPV4 m
570 592 set_kernel_config CONFIG_NF_DUP_IPV6 m
571 593 set_kernel_config CONFIG_NF_DUP_NETDEV m
572 594 set_kernel_config CONFIG_NF_LOG_BRIDGE m
573 595 set_kernel_config CONFIG_NF_LOG_IPV4 m
574 596 set_kernel_config CONFIG_NF_LOG_IPV6 m
575 597 set_kernel_config CONFIG_NF_NAT_IPV4 m
576 598 set_kernel_config CONFIG_NF_NAT_IPV6 m
577 599 set_kernel_config CONFIG_NF_NAT_MASQUERADE_IPV4 y
578 600 set_kernel_config CONFIG_NF_NAT_MASQUERADE_IPV6 y
579 601 set_kernel_config CONFIG_NF_NAT_PPTP m
580 602 set_kernel_config CONFIG_NF_NAT_PROTO_GRE m
581 603 set_kernel_config CONFIG_NF_NAT_REDIRECT y
582 604 set_kernel_config CONFIG_NF_NAT_SIP m
583 605 set_kernel_config CONFIG_NF_NAT_SNMP_BASIC m
584 606 set_kernel_config CONFIG_NF_NAT_TFTP m
585 607 set_kernel_config CONFIG_NF_REJECT_IPV4 m
586 608 set_kernel_config CONFIG_NF_REJECT_IPV6 m
587 609 set_kernel_config CONFIG_NF_TABLES m
588 610 set_kernel_config CONFIG_NF_TABLES_ARP m
589 611 set_kernel_config CONFIG_NF_TABLES_BRIDGE m
590 612 set_kernel_config CONFIG_NF_TABLES_INET m
591 613 set_kernel_config CONFIG_NF_TABLES_IPV4 y
592 614 set_kernel_config CONFIG_NF_TABLES_IPV6 y
593 615 set_kernel_config CONFIG_NF_TABLES_NETDEV m
594 616 set_kernel_config CONFIG_NF_TABLES_SET m
595 617 set_kernel_config CONFIG_NF_TABLES_INET y
596 618 set_kernel_config CONFIG_NF_TABLES_NETDEV y
597 619 set_kernel_config CONFIG_NFT_CONNLIMIT m
598 620 set_kernel_config CONFIG_NFT_TUNNEL m
599 621 set_kernel_config CONFIG_NFT_SOCKET m
600 622 set_kernel_config CONFIG_NFT_TPROXY m
601 623 set_kernel_config CONFIG_NF_FLOW_TABLE m
602 624 set_kernel_config CONFIG_NFT_FLOW_OFFLOAD m
603 625 set_kernel_config CONFIG_NF_FLOW_TABLE_INET m
604 626 set_kernel_config CONFIG_NF_TABLES_ARP y
605 627 set_kernel_config CONFIG_NF_FLOW_TABLE_IPV4 y
606 628 set_kernel_config CONFIG_NF_FLOW_TABLE_IPV6 y
607 629 set_kernel_config CONFIG_NF_TABLES_BRIDGE y
608 630 set_kernel_config CONFIG_NF_CT_NETLINK_TIMEOUT m
609 631 set_kernel_config CONFIG_NFT_OSF m
610 632
611 633 fi
612 634
613 635 # Enables BPF syscall for systemd-journald see https://github.com/torvalds/linux/blob/master/init/Kconfig#L848 or https://groups.google.com/forum/#!topic/linux.gentoo.user/_2aSc_ztGpA
614 636 if [ "$KERNEL_BPF" = true ] ; then
615 637 set_kernel_config CONFIG_BPF_SYSCALL y
616 638 set_kernel_config CONFIG_BPF_EVENTS y
617 639 set_kernel_config CONFIG_BPF_STREAM_PARSER y
618 640 set_kernel_config CONFIG_CGROUP_BPF y
619 641 set_kernel_config CONFIG_XDP_SOCKETS y
620 642 fi
621 643
622 644 # KERNEL_DEFAULT_GOV was set by user
623 if [ "$KERNEL_DEFAULT_GOV" != powersave ] && [ -n "$KERNEL_DEFAULT_GOV" ] ; then
624
645 if [ "$KERNEL_DEFAULT_GOV" != ondemand ] && [ -n "$KERNEL_DEFAULT_GOV" ] ; then
625 646 case "$KERNEL_DEFAULT_GOV" in
626 647 performance)
627 648 set_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_PERFORMANCE y
628 649 ;;
629 650 userspace)
630 651 set_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_USERSPACE y
631 652 ;;
632 653 ondemand)
633 654 set_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_ONDEMAND y
634 655 ;;
635 656 conservative)
636 657 set_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_CONSERVATIVE y
637 658 ;;
638 659 shedutil)
639 660 set_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_SCHEDUTIL y
640 661 ;;
641 662 *)
642 663 echo "error: unsupported default cpu governor"
643 664 exit 1
644 665 ;;
645 666 esac
646
647 # unset previous default governor
648 unset_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_POWERSAVE
667 # unset previous default governor
668 unset_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_ONDEMAND
649 669 fi
650 670
651 671 #Revert to previous directory
652 672 cd "${WORKDIR}" || exit
653 673
654 674 # Set kernel configuration parameters to enable qemu emulation
655 675 if [ "$ENABLE_QEMU" = true ] ; then
656 676 echo "CONFIG_FHANDLE=y" >> "${KERNEL_DIR}"/.config
657 677 echo "CONFIG_LBDAF=y" >> "${KERNEL_DIR}"/.config
658
659 if [ "$ENABLE_CRYPTFS" = true ] ; then
660 {
661 echo "CONFIG_EMBEDDED=y"
662 echo "CONFIG_EXPERT=y"
663 echo "CONFIG_DAX=y"
664 echo "CONFIG_MD=y"
665 echo "CONFIG_BLK_DEV_MD=y"
666 echo "CONFIG_MD_AUTODETECT=y"
667 echo "CONFIG_BLK_DEV_DM=y"
668 echo "CONFIG_BLK_DEV_DM_BUILTIN=y"
669 echo "CONFIG_DM_CRYPT=y"
670 echo "CONFIG_CRYPTO_BLKCIPHER=y"
671 echo "CONFIG_CRYPTO_CBC=y"
672 echo "CONFIG_CRYPTO_XTS=y"
673 echo "CONFIG_CRYPTO_SHA512=y"
674 echo "CONFIG_CRYPTO_MANAGER=y"
675 } >> "${KERNEL_DIR}"/.config
676 fi
677 678 fi
678 679
679 680 # Copy custom kernel configuration file
680 681 if [ -n "$KERNELSRC_USRCONFIG" ] ; then
681 682 cp "$KERNELSRC_USRCONFIG" "${KERNEL_DIR}"/.config
682 683 fi
683 684
684 685 # Set kernel configuration parameters to their default values
685 686 if [ "$KERNEL_OLDDEFCONFIG" = true ] ; then
686 687 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" olddefconfig
687 688 fi
688 689
689 690 # Start menu-driven kernel configuration (interactive)
690 691 if [ "$KERNEL_MENUCONFIG" = true ] ; then
691 692 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" menuconfig
692 693 fi
693 694 # end if "$KERNELSRC_CONFIG" = true
694 695 fi
695 696
696 697 # Use ccache to cross compile the kernel
697 698 if [ "$KERNEL_CCACHE" = true ] ; then
698 699 cc="ccache ${CROSS_COMPILE}gcc"
699 700 else
700 701 cc="${CROSS_COMPILE}gcc"
701 702 fi
702 703
703 704 # Cross compile kernel and dtbs
704 705 make -C "${KERNEL_DIR}" -j"${KERNEL_THREADS}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" CC="${cc}" "${KERNEL_BIN_IMAGE}" dtbs
705 706
706 707 # Cross compile kernel modules
707 708 if grep -q "CONFIG_MODULES=y" "${KERNEL_DIR}/.config" ; then
708 709 make -C "${KERNEL_DIR}" -j"${KERNEL_THREADS}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" CC="${cc}" modules
709 710 fi
710 711 # end if "$KERNELSRC_PREBUILT" = false
711 712 fi
712 713
713 714 # Check if kernel compilation was successful
714 715 if [ ! -r "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/${KERNEL_BIN_IMAGE}" ] ; then
715 716 echo "error: kernel compilation failed! (kernel image not found)"
716 717 cleanup
717 718 exit 1
718 719 fi
719 720
720 721 # Install kernel modules
721 722 if [ "$ENABLE_REDUCE" = true ] ; then
722 723 if grep -q "CONFIG_MODULES=y" "${KERNEL_DIR}/.config" ; then
723 724 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_MOD_STRIP=1 INSTALL_MOD_PATH=../../.. modules_install
724 725 fi
725 726 else
726 727 if grep -q "CONFIG_MODULES=y" "${KERNEL_DIR}/.config" ; then
727 728 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_MOD_PATH=../../.. modules_install
728 729 fi
729 730
730 731 # Install kernel firmware
731 732 if grep -q "^firmware_install:" "${KERNEL_DIR}/Makefile" ; then
732 733 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_FW_PATH=../../../lib firmware_install
733 734 fi
734 735 fi
735 736
736 737 # Install kernel headers
737 if [ "$KERNEL_HEADERS" = true ] && [ "$KERNEL_REDUCE" = false ] ; then
738 if [ "$KERNEL_HEADERS" = true ] && [ "$REDUCE_KERNEL" = false ] ; then
738 739 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_HDR_PATH=../.. headers_install
739 740 fi
740 741
741 742 # Prepare boot (firmware) directory
742 743 mkdir "${BOOT_DIR}"
743 744
744 745 # Get kernel release version
745 746 KERNEL_VERSION=$(cat "${KERNEL_DIR}/include/config/kernel.release")
746 747
747 748 # Copy kernel configuration file to the boot directory
748 749 install_readonly "${KERNEL_DIR}/.config" "${R}/boot/config-${KERNEL_VERSION}"
749 750
750 751 # Prepare device tree directory
751 752 mkdir "${BOOT_DIR}/overlays"
752 753
753 754 # Ensure the proper .dtb is located
754 755 if [ "$KERNEL_ARCH" = "arm" ] ; then
755 756 for dtb in "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/"*.dtb ; do
756 757 if [ -f "${dtb}" ] ; then
757 758 install_readonly "${dtb}" "${BOOT_DIR}/"
758 759 fi
759 760 done
760 761 else
761 762 for dtb in "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/broadcom/"*.dtb ; do
762 763 if [ -f "${dtb}" ] ; then
763 764 install_readonly "${dtb}" "${BOOT_DIR}/"
764 765 fi
765 766 done
766 767 fi
767 768
768 769 # Copy compiled dtb device tree files
769 770 if [ -d "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays" ] ; then
770 771 for dtb in "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays/"*.dtbo ; do
771 772 if [ -f "${dtb}" ] ; then
772 773 install_readonly "${dtb}" "${BOOT_DIR}/overlays/"
773 774 fi
774 775 done
775 776
776 777 if [ -f "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays/README" ] ; then
777 778 install_readonly "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays/README" "${BOOT_DIR}/overlays/README"
778 779 fi
779 780 fi
780 781
781 782 if [ "$ENABLE_UBOOT" = false ] ; then
782 783 # Convert and copy kernel image to the boot directory
783 784 "${KERNEL_DIR}/scripts/mkknlimg" "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/${KERNEL_BIN_IMAGE}" "${BOOT_DIR}/${KERNEL_IMAGE}"
784 785 else
785 786 # Copy kernel image to the boot directory
786 787 install_readonly "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/${KERNEL_BIN_IMAGE}" "${BOOT_DIR}/${KERNEL_IMAGE}"
787 788 fi
788 789
789 790 # Remove kernel sources
790 791 if [ "$KERNEL_REMOVESRC" = true ] ; then
791 792 rm -fr "${KERNEL_DIR}"
792 793 else
793 794 # Prepare compiled kernel modules
794 795 if grep -q "CONFIG_MODULES=y" "${KERNEL_DIR}/.config" ; then
795 796 if grep -q "^modules_prepare:" "${KERNEL_DIR}/Makefile" ; then
796 797 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" modules_prepare
797 798 fi
798 799
799 800 # Create symlinks for kernel modules
800 801 chroot_exec ln -sf /usr/src/linux "/lib/modules/${KERNEL_VERSION}/build"
801 802 chroot_exec ln -sf /usr/src/linux "/lib/modules/${KERNEL_VERSION}/source"
802 803 fi
803 804 fi
804 805
805 806 else # BUILD_KERNEL=false
806 807 if [ "$SET_ARCH" = 64 ] ; then
807 808 if [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then
808 809 # Use Sakakis modified kernel if ZSWAP is active
809 810 if [ "$KERNEL_ZSWAP" = true ] || [ "$KERNEL_VIRT" = true ] || [ "$KERNEL_NF" = true ] || [ "$KERNEL_BPF" = true ] ; then
810 811 RPI3_64_KERNEL_URL="${RPI3_64_BIS_KERNEL_URL}"
811 812 fi
812 813
813 814 # Create temporary directory for dl
814 815 temp_dir=$(as_nobody mktemp -d)
815 816
816 817 # Fetch kernel dl
817 818 as_nobody wget -O "${temp_dir}"/kernel.tar.xz -c "$RPI3_64_KERNEL_URL"
818 819 fi
819 820 if [ "$SET_ARCH" = 64 ] && [ "$RPI_MODEL" = 4 ] ; then
820 821 # Create temporary directory for dl
821 822 temp_dir=$(as_nobody mktemp -d)
822 823
823 824 # Fetch kernel dl
824 825 as_nobody wget -O "${temp_dir}"/kernel.tar.xz -c "$RPI4_64_KERNEL_URL"
825 826 fi
826 827
827 828 #extract download
828 829 tar -xJf "${temp_dir}"/kernel.tar.xz -C "${temp_dir}"
829 830
830 831 #move extracted kernel to /boot/firmware
831 832 mkdir "${R}/boot/firmware"
832 833 cp "${temp_dir}"/boot/* "${R}"/boot/firmware/
833 834 cp -r "${temp_dir}"/lib/* "${R}"/lib/
834 835
835 836 # Remove temporary directory for kernel sources
836 837 rm -fr "${temp_dir}"
837 838
838 839 # Set permissions of the kernel sources
839 840 chown -R root:root "${R}/boot/firmware"
840 841 chown -R root:root "${R}/lib/modules"
841 842 fi
842 843
843 844 # Install Kernel from hypriot comptabile with all Raspberry PI (dunno if its compatible with RPI4 - better compile your own kernel)
844 845 if [ "$SET_ARCH" = 32 ] && [ "$RPI_MODEL" != 4 ] ; then
845 846 # Create temporary directory for dl
846 847 temp_dir=$(as_nobody mktemp -d)
847 848
848 849 # Fetch kernel
849 850 as_nobody wget -O "${temp_dir}"/kernel.deb -c "$RPI_32_KERNEL_URL"
850 851
851 852 # Copy downloaded kernel package
852 853 mv "${temp_dir}"/kernel.deb "${R}"/tmp/kernel.deb
853 854
854 855 # Set permissions
855 856 chown -R root:root "${R}"/tmp/kernel.deb
856 857
857 858 # Install kernel
858 859 chroot_exec dpkg -i /tmp/kernel.deb
859 860
860 861 # move /boot to /boot/firmware to fit script env.
861 862 #mkdir "${BOOT_DIR}"
862 863 mkdir "${temp_dir}"/firmware
863 864 mv "${R}"/boot/* "${temp_dir}"/firmware/
864 865 mv "${temp_dir}"/firmware "${R}"/boot/
865 866
866 867 #same for kernel headers
867 868 if [ "$KERNEL_HEADERS" = true ] ; then
868 869 # Fetch kernel header
869 870 as_nobody wget -O "${temp_dir}"/kernel-header.deb -c "$RPI_32_KERNELHEADER_URL"
870 871 mv "${temp_dir}"/kernel-header.deb "${R}"/tmp/kernel-header.deb
871 872 chown -R root:root "${R}"/tmp/kernel-header.deb
872 873 # Install kernel header
873 874 chroot_exec dpkg -i /tmp/kernel-header.deb
874 875 rm -f "${R}"/tmp/kernel-header.deb
875 876 fi
876 877
877 878 # Remove temporary directory and files
878 879 rm -fr "${temp_dir}"
879 880 rm -f "${R}"/tmp/kernel.deb
880 881 fi
881 882
882 883 # Check if kernel installation was successful
883 884 KERNEL="$(ls -1 "${R}"/boot/firmware/kernel* | sort | tail -n 1)"
884 885 if [ -z "$KERNEL" ] ; then
885 886 echo "error: kernel installation failed! (/boot/kernel* not found)"
886 887 cleanup
887 888 exit 1
888 889 fi
889 fi
890 fi No newline at end of file
Show file before | Show file after | Hide comments
@@ -1,120 +1,120
1 1 #
2 2 # Setup fstab and initramfs
3 3 #
4 4
5 5 # Load utility functions
6 6 . ./functions.sh
7 7
8 8 # Install and setup fstab
9 9 install_readonly files/mount/fstab "${ETC_DIR}/fstab"
10 10
11 11 # Generate initramfs file
12 12 if [ "$ENABLE_INITRAMFS" = true ] ; then
13 13 if [ "$ENABLE_CRYPTFS" = true ] ; then
14 14
15 15 # Include initramfs scripts to auto expand encrypted root partition
16 16 if [ "$EXPANDROOT" = true ] ; then
17 17 install_exec files/initramfs/expand_encrypted_rootfs "${ETC_DIR}/initramfs-tools/scripts/init-premount/expand_encrypted_rootfs"
18 18 install_exec files/initramfs/expand-premount "${ETC_DIR}/initramfs-tools/scripts/local-premount/expand-premount"
19 19 install_exec files/initramfs/expand-tools "${ETC_DIR}/initramfs-tools/hooks/expand-tools"
20 20 fi
21 21
22 22 # Replace fstab root partition with encrypted partition mapping
23 23 sed -i "s/mmcblk0p2/mapper\/${CRYPTFS_MAPPING}/" "${ETC_DIR}/fstab"
24 24
25 25 # Add encrypted partition to crypttab and fstab
26 26 install_readonly files/mount/crypttab "${ETC_DIR}/crypttab"
27 27 echo "${CRYPTFS_MAPPING} /dev/mmcblk0p2 none luks,initramfs" >> "${ETC_DIR}/crypttab"
28 28
29 29 if [ "$ENABLE_USBBOOT" = true ] && [ "$ENABLE_SPLITFS" = false ]; then
30 30 sed -i "s/mmcblk0p1/sda1/" "${ETC_DIR}/fstab"
31 31 # Add usb/sda2 disk to crypttab
32 32 sed -i "s/mmcblk0p2/sda2/" "${ETC_DIR}/crypttab"
33 33 fi
34 34
35 35 # Add encrypted root partition to fstab and crypttab
36 36 if [ "$ENABLE_SPLITFS" = true ] && [ "$ENABLE_USBBOOT" = false ]; then
37 37 # Add usb/sda1 disk to crypttab
38 38 sed -i "s/mmcblk0p2/sda1/" "${ETC_DIR}/crypttab"
39 39 fi
40 40
41 if [ "$CRYPTFS_DROPBEAR" = true ]; then
42 if [ "$ENABLE_DHCP" = false ] ; then
41 if [ "$CRYPTFS_DROPBEAR" = true ] ; then
42 if [ "$ENABLE_ETH_DHCP" = false ] ; then
43 43 # Get cdir from NET_ADDRESS e.g. 24
44 cdir=$(printf "%s" "${NET_ADDRESS}" | cut -d '/' -f2)
44 cdir=$(printf "%s" "${NET_ETH_ADDRESS}" | cut -d '/' -f2)
45 45
46 46 # Convert cdir ro netmask e.g. 24 to 255.255.255.0
47 47 NET_MASK=$(cdr2mask "$cdir")
48 48
49 49 # Write static ip settings to "${ETC_DIR}"/initramfs-tools/initramfs.conf
50 # ip=<client-ip>:<server-ip>:<gw-ip>:<netmask>:<hostname>:<device>:<autoconf>
51 sed -i "\$a\nIP=${NET_ADDRESS}::${NET_GATEWAY}:${NET_MASK}:${HOSTNAME}:" "${ETC_DIR}"/initramfs-tools/initramfs.conf
50 # ip=<client-ip>:<server-ip>:<gw-ip>:<netmask>:<HOSTNAME>:<device>:<autoconf>
51 sed -i "\$a\nIP=${NET_ETH_ADDRESS}::${NET_ETH_GATEWAY}:${NET_MASK}:${HOSTNAME}:" "${ETC_DIR}"/initramfs-tools/initramfs.conf
52 52 else
53 53 sed -i "\$a\nIP=::::${HOSTNAME}::dhcp" "${ETC_DIR}"/initramfs-tools/initramfs.conf
54 54 fi
55 55
56 56 if [ -n "$CRYPTFS_DROPBEAR_PUBKEY" ] && [ -f "$CRYPTFS_DROPBEAR_PUBKEY" ] ; then
57 57 install_readonly "${CRYPTFS_DROPBEAR_PUBKEY}" "${ETC_DIR}"/dropbear-initramfs/id_rsa.pub
58 58 cat "${ETC_DIR}"/dropbear-initramfs/id_rsa.pub >> "${ETC_DIR}"/dropbear-initramfs/authorized_keys
59 59 else
60 60 # Create key
61 61 chroot_exec /usr/bin/dropbearkey -t rsa -f /etc/dropbear-initramfs/id_rsa.dropbear
62 62
63 63 # Convert dropbear key to openssh key
64 64 chroot_exec /usr/lib/dropbear/dropbearconvert dropbear openssh /etc/dropbear-initramfs/id_rsa.dropbear /etc/dropbear-initramfs/id_rsa
65 65
66 66 # Get Public Key Part
67 67 chroot_exec /usr/bin/dropbearkey -y -f /etc/dropbear-initramfs/id_rsa.dropbear | chroot_exec tee /etc/dropbear-initramfs/id_rsa.pub
68 68
69 69 # Delete unwanted lines
70 70 sed -i '/Public/d' "${ETC_DIR}"/dropbear-initramfs/id_rsa.pub
71 71 sed -i '/Fingerprint/d' "${ETC_DIR}"/dropbear-initramfs/id_rsa.pub
72 72
73 73 # Trust the new key
74 74 cat "${ETC_DIR}"/dropbear-initramfs/id_rsa.pub > "${ETC_DIR}"/dropbear-initramfs/authorized_keys
75 75
76 76 # Save Keys - convert with putty from rsa/openssh to puttkey
77 77 cp -f "${ETC_DIR}"/dropbear-initramfs/id_rsa "${BASEDIR}"/dropbear_initramfs_key.rsa
78 78
79 79 # Get unlock script
80 80 install_exec files/initramfs/crypt_unlock.sh "${ETC_DIR}"/initramfs-tools/hooks/crypt_unlock.sh
81 81
82 82 # Enable Dropbear inside initramfs
83 83 printf "#\n# DROPBEAR: [ y | n ]\n#\n\nDROPBEAR=y\n" >> "${ETC_DIR}/initramfs-tools/initramfs.conf"
84 84
85 85 # Enable Dropbear inside initramfs
86 86 sed -i "54 i sleep 5" "${R}"/usr/share/initramfs-tools/scripts/init-premount/dropbear
87 87 fi
88 88 # CRYPTFSDROPBEAR=false
89 89 else
90 90 # Disable SSHD inside initramfs
91 91 printf "#\n# DROPBEAR: [ y | n ]\n#\n\nDROPBEAR=n\n" >> "${ETC_DIR}/initramfs-tools/initramfs.conf"
92 92 fi
93 93
94 94 # Add cryptsetup modules to initramfs
95 95 #printf "#\n# CRYPTSETUP: [ y | n ]\n#\n\nCRYPTSETUP=y\n" >> "${ETC_DIR}/initramfs-tools/conf-hook"
96 96
97 97 # Dummy mapping required by mkinitramfs
98 98 echo "0 1 crypt "${CRYPTFS_CIPHER}" ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff 0 7:0 4096" | chroot_exec dmsetup create "${CRYPTFS_MAPPING}"
99 99
100 100 # Generate initramfs with encrypted root partition support
101 101 chroot_exec mkinitramfs -o "/boot/firmware/initramfs-${KERNEL_VERSION}" "${KERNEL_VERSION}"
102 102
103 103 # Remove dummy mapping
104 104 chroot_exec cryptsetup close "${CRYPTFS_MAPPING}"
105 105 # CRYPTFS=false
106 106 else
107 107 #USB BOOT /boot on sda1 / on sda2
108 108 if [ "$ENABLE_USBBOOT" = true ] ; then
109 109 sed -i "s/mmcblk0p1/sda1/" "${ETC_DIR}/fstab"
110 110 sed -i "s/mmcblk0p2/sda2/" "${ETC_DIR}/fstab"
111 111 fi
112 112
113 113 # Add usb/sda disk root partition to fstab
114 114 if [ "$ENABLE_SPLITFS" = true ] ; then
115 115 sed -i "s/mmcblk0p2/sda1/" "${ETC_DIR}/fstab"
116 116 fi
117 117 # Generate initramfs without encrypted root partition support
118 118 chroot_exec mkinitramfs -o "/boot/firmware/initramfs-${KERNEL_VERSION}" "${KERNEL_VERSION}"
119 119 fi
120 120 fi
Show file before | Show file after | Hide comments
@@ -1,304 +1,307
1 1 #
2 2 # Setup RPi2/3 config and cmdline
3 3 #
4 4
5 5 # Load utility functions
6 6 . ./functions.sh
7 7
8 8 if [ -n "$RPI_FIRMWARE_DIR" ] && [ -d "$RPI_FIRMWARE_DIR" ] ; then
9 9 # Install boot binaries from local directory
10 10 cp "${RPI_FIRMWARE_DIR}"/boot/bootcode.bin "${BOOT_DIR}"/bootcode.bin
11 11 cp "${RPI_FIRMWARE_DIR}"/boot/fixup.dat "${BOOT_DIR}"/fixup.dat
12 12 cp "${RPI_FIRMWARE_DIR}"/boot/fixup_cd.dat "${BOOT_DIR}"/fixup_cd.dat
13 13 cp "${RPI_FIRMWARE_DIR}"/boot/fixup_x.dat "${BOOT_DIR}"/fixup_x.dat
14 14 cp "${RPI_FIRMWARE_DIR}"/boot/start.elf "${BOOT_DIR}"/start.elf
15 15 cp "${RPI_FIRMWARE_DIR}"/boot/start_cd.elf "${BOOT_DIR}"/start_cd.elf
16 16 cp "${RPI_FIRMWARE_DIR}"/boot/start_x.elf "${BOOT_DIR}"/start_x.elf
17 17 else
18 18 # Create temporary directory for boot binaries
19 19 temp_dir=$(as_nobody mktemp -d)
20 20
21 21 # Install latest boot binaries from raspberry/firmware github
22 22 as_nobody wget -q -O "${temp_dir}/bootcode.bin" "${FIRMWARE_URL}/bootcode.bin"
23 23 as_nobody wget -q -O "${temp_dir}/fixup.dat" "${FIRMWARE_URL}/fixup.dat"
24 24 as_nobody wget -q -O "${temp_dir}/fixup_cd.dat" "${FIRMWARE_URL}/fixup_cd.dat"
25 25 as_nobody wget -q -O "${temp_dir}/fixup_x.dat" "${FIRMWARE_URL}/fixup_x.dat"
26 26 as_nobody wget -q -O "${temp_dir}/start.elf" "${FIRMWARE_URL}/start.elf"
27 27 as_nobody wget -q -O "${temp_dir}/start_cd.elf" "${FIRMWARE_URL}/start_cd.elf"
28 28 as_nobody wget -q -O "${temp_dir}/start_x.elf" "${FIRMWARE_URL}/start_x.elf"
29 29
30 30 # Move downloaded boot binaries
31 31 mv "${temp_dir}/"* "${BOOT_DIR}/"
32 32
33 33 # Remove temporary directory for boot binaries
34 34 rm -fr "${temp_dir}"
35 35
36 36 # Set permissions of the boot binaries
37 37 chown -R root:root "${BOOT_DIR}"
38 38 chmod -R 600 "${BOOT_DIR}"
39 39 fi
40 40
41 41 # Setup firmware boot cmdline
42 42 if [ "$ENABLE_USBBOOT" = true ] ; then
43 43 CMDLINE="dwc_otg.lpm_enable=0 root=/dev/sda2 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline console=tty1 rootwait init=/bin/systemd"
44 44 else
45 45 if [ "$ENABLE_SPLITFS" = true ] ; then
46 46 CMDLINE="dwc_otg.lpm_enable=0 root=/dev/sda1 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline console=tty1 rootwait init=/bin/systemd"
47 47 else
48 48 CMDLINE="dwc_otg.lpm_enable=0 root=/dev/mmcblk0p2 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline console=tty1 rootwait init=/bin/systemd"
49 49 fi
50 50 fi
51 51
52 52 # Add encrypted root partition to cmdline.txt
53 53 if [ "$ENABLE_CRYPTFS" = true ] ; then
54 54 if [ "$ENABLE_SPLITFS" = true ] ; then
55 55 CMDLINE=$(echo "${CMDLINE}" | sed "s/sda1/mapper\/${CRYPTFS_MAPPING} cryptdevice=\/dev\/sda1:${CRYPTFS_MAPPING}/")
56 56 else
57 57 if [ "$ENABLE_USBBOOT" = true ] ; then
58 58 CMDLINE=$(echo "${CMDLINE}" | sed "s/sda2/mapper\/${CRYPTFS_MAPPING} cryptdevice=\/dev\/sda2:${CRYPTFS_MAPPING}/")
59 59 else
60 60 CMDLINE=$(echo "${CMDLINE}" | sed "s/mmcblk0p2/mapper\/${CRYPTFS_MAPPING} cryptdevice=\/dev\/mmcblk0p2:${CRYPTFS_MAPPING}/")
61 61 fi
62 62 fi
63 63 fi
64 64
65 65 # Enable Kernel messages on standard output
66 66 if [ "$ENABLE_PRINTK" = true ] ; then
67 67 install_readonly files/sysctl.d/83-rpi-printk.conf "${ETC_DIR}/sysctl.d/83-rpi-printk.conf"
68 68 fi
69 69
70 70 # Enable Kernel messages on standard output
71 71 if [ "$KERNEL_SECURITY" = true ] ; then
72 72 install_readonly files/sysctl.d/84-rpi-ASLR.conf "${ETC_DIR}/sysctl.d/84-rpi-ASLR.conf"
73 73 fi
74 74
75 75 # Install udev rule for serial alias - serial0 = console serial1=bluetooth
76 76 install_readonly files/etc/99-com.rules "${LIB_DIR}/udev/rules.d/99-com.rules"
77 77
78 78 # Remove IPv6 networking support
79 79 if [ "$ENABLE_IPV6" = false ] ; then
80 80 CMDLINE="${CMDLINE} ipv6.disable=1"
81 81 fi
82 82
83 83 # Automatically assign predictable network interface names
84 84 if [ "$ENABLE_IFNAMES" = false ] ; then
85 85 CMDLINE="${CMDLINE} net.ifnames=0"
86 86 else
87 87 CMDLINE="${CMDLINE} net.ifnames=1"
88 88 fi
89 89
90 90 # Disable Raspberry Pi console logo
91 91 if [ "$ENABLE_LOGO" = false ] ; then
92 92 CMDLINE="${CMDLINE} logo.nologo"
93 93 fi
94 94
95 95 # Strictly limit verbosity of boot up console messages
96 96 if [ "$ENABLE_SILENT_BOOT" = true ] ; then
97 97 CMDLINE="${CMDLINE} quiet loglevel=0 rd.systemd.show_status=auto rd.udev.log_priority=0"
98 98 fi
99 99
100 100 # Install firmware config
101 101 install_readonly files/boot/config.txt "${BOOT_DIR}/config.txt"
102 102
103 103 # Disable Raspberry Pi console logo
104 104 if [ "$ENABLE_SLASH" = false ] ; then
105 105 echo "disable_splash=1" >> "${BOOT_DIR}/config.txt"
106 106 fi
107 107
108 108 # Locks CPU frequency at maximum
109 109 if [ "$ENABLE_TURBO" = true ] ; then
110 110 echo "force_turbo=1" >> "${BOOT_DIR}/config.txt"
111 111 # helps to avoid sdcard corruption when force_turbo is enabled.
112 112 echo "boot_delay=1" >> "${BOOT_DIR}/config.txt"
113 113 fi
114 114
115 115 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] || [ "$RPI_MODEL" = 4 ]; then
116 116
117 117 # Bluetooth enabled
118 118 if [ "$ENABLE_BLUETOOTH" = true ] ; then
119 119 # Create temporary directory for Bluetooth sources
120 120 temp_dir=$(as_nobody mktemp -d)
121 121
122 122 # Fetch Bluetooth sources
123 123 as_nobody git -C "${temp_dir}" clone "${BLUETOOTH_URL}"
124 124
125 125 # Copy downloaded sources
126 126 mv "${temp_dir}/pi-bluetooth" "${R}/tmp/"
127 127
128 128 # Set permissions
129 129 chown -R root:root "${R}/tmp/pi-bluetooth"
130 130
131 131 # Bluetooth firmware from arch aur https://aur.archlinux.org/packages/pi-bluetooth/
132 132 wget -q -O "${R}/tmp/pi-bluetooth/LICENCE.broadcom_bcm43xx" https://aur.archlinux.org/cgit/aur.git/plain/LICENCE.broadcom_bcm43xx?h=pi-bluetooth
133 133 wget -q -O "${R}/tmp/pi-bluetooth/BCM43430A1.hcd" https://raw.githubusercontent.com/RPi-Distro/bluez-firmware/master/broadcom/BCM43430A1.hcd
134 134
135 135 # Install tools
136 136 install_readonly "${R}/tmp/pi-bluetooth/usr/bin/btuart" "${R}/usr/bin/btuart"
137 137 install_readonly "${R}/tmp/pi-bluetooth/usr/bin/bthelper" "${R}/usr/bin/bthelper"
138 138
139 139 # make scripts executable
140 140 chmod +x "${R}/usr/bin/bthelper"
141 141 chmod +x "${R}/usr/bin/btuart"
142 142
143 143 # Install bluetooth udev rule
144 144 install_readonly "${R}/tmp/pi-bluetooth/lib/udev/rules.d/90-pi-bluetooth.rules" "${LIB_DIR}/udev/rules.d/90-pi-bluetooth.rules"
145 145
146 146 # Install Firmware Flash file and apropiate licence
147 147 mkdir -p "$BLUETOOTH_FIRMWARE_DIR"
148 148 install_readonly "${R}/tmp/pi-bluetooth/LICENCE.broadcom_bcm43xx" "${BLUETOOTH_FIRMWARE_DIR}/LICENCE.broadcom_bcm43xx"
149 149 install_readonly "${R}/tmp/pi-bluetooth/BCM43430A1.hcd" "${BLUETOOTH_FIRMWARE_DIR}/BCM43430A1.hcd"
150 150 install_readonly "${R}/tmp/pi-bluetooth/debian/pi-bluetooth.bthelper@.service" "${ETC_DIR}/systemd/system/pi-bluetooth.bthelper@.service"
151 151 install_readonly "${R}/tmp/pi-bluetooth/debian/pi-bluetooth.hciuart.service" "${ETC_DIR}/systemd/system/pi-bluetooth.hciuart.service"
152 152
153 153 # Remove temporary directories
154 154 rm -fr "${temp_dir}"
155 155 rm -fr "${R}"/tmp/pi-bluetooth
156 156
157 157 # Switch Pi3 Bluetooth function to use the mini-UART (ttyS0) and restore UART0/ttyAMA0 over GPIOs 14 & 15. Slow Bluetooth and slow cpu. Use /dev/ttyS0 instead of /dev/ttyAMA0
158 158 if [ "$ENABLE_MINIUART_OVERLAY" = true ] ; then
159 159 # set overlay to swap ttyAMA0 and ttyS0
160 160 echo "dtoverlay=pi3-miniuart-bt" >> "${BOOT_DIR}/config.txt"
161 161
162 162 if [ "$ENABLE_TURBO" = false ] ; then
163 163 echo "core_freq=250" >> "${BOOT_DIR}/config.txt"
164 164 fi
165 165
166 166 fi
167 167
168 168 # Activate services
169 169 chroot_exec systemctl enable pi-bluetooth.hciuart.service
170 170
171 171 else # if ENABLE_BLUETOOTH = false
172 172 # set overlay to disable bluetooth
173 173 echo "dtoverlay=pi3-disable-bt" >> "${BOOT_DIR}/config.txt"
174 174 fi # ENABLE_BLUETOOTH end
175 175 fi
176 176
177 177 # may need sudo systemctl disable hciuart
178 178 if [ "$ENABLE_CONSOLE" = true ] ; then
179 echo "enable_uart=1" >> "${BOOT_DIR}/config.txt"
179 echo "enable_uart=1" >> "${BOOT_DIR}/config.txt"
180 #More debug output on early but with serial console
181 echo "uart_2ndstage=1" >> "${BOOT_DIR}/config.txt"
182
180 183 # add string to cmdline
181 184 CMDLINE="${CMDLINE} console=serial0,115200"
182 185
183 186 if [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ]|| [ "$RPI_MODEL" = 0 ]; then
184 187 # if force_turbo didn't lock cpu at high speed, lock it at low speed (XOR logic) or miniuart will be broken
185 188 if [ "$ENABLE_TURBO" = false ] ; then
186 189 echo "core_freq=250" >> "${BOOT_DIR}/config.txt"
187 190 fi
188 191 fi
189 192
190 193 # Enable serial console systemd style
191 194 chroot_exec systemctl enable serial-getty@serial0.service
192 195 else
193 196 echo "enable_uart=0" >> "${BOOT_DIR}/config.txt"
194 197 fi
195 198
196 199 # Disable dphys-swapfile service. Will get enabled on first boot
197 200 if [ "$ENABLE_DPHYSSWAP" = true ] ; then
198 201 chroot_exec systemctl disable dphys-swapfile
199 202 fi
200 203
201 204 if [ "$ENABLE_SYSTEMDSWAP" = true ] ; then
202 205 # Create temporary directory for systemd-swap sources
203 206 temp_dir=$(as_nobody mktemp -d)
204 207
205 208 # Fetch systemd-swap sources
206 209 as_nobody git -C "${temp_dir}" clone "${SYSTEMDSWAP_URL}"
207 210
208 211 # Copy downloaded systemd-swap sources
209 212 mv "${temp_dir}/systemd-swap" "${R}/tmp/"
210 213
211 214 # Change into downloaded src dir
212 215 cd "${R}/tmp/systemd-swap" || exit
213 216
214 217 # Get Verion
215 218 VERSION=$(git tag | tail -n 1)
216 219 #sed -i "s/DEB_NAME=.*/DEB_NAME=systemd-swap_all/g" "${R}/tmp/systemd-swap/package.sh"
217 220
218 221 # Build package
219 222 bash ./package.sh debian
220 223
221 224 # Change back into script root dir
222 225 cd "${WORKDIR}" || exit
223 226
224 227 # Set permissions of the systemd-swap sources
225 228 chown -R root:root "${R}/tmp/systemd-swap"
226 229
227 230 # Install package - IMPROVE AND MAKE IT POSSIBLE WITHOUT VERSION NR.
228 231 chroot_exec dpkg -i /tmp/systemd-swap/systemd-swap_"$VERSION"_all.deb
229 232
230 233 # Enable service
231 234 chroot_exec systemctl enable systemd-swap
232 235
233 236 # Remove temporary directory for systemd-swap sources
234 237 rm -fr "${temp_dir}"
235 238 else
236 239 # Enable ZSWAP in cmdline if systemd-swap is not used
237 240 if [ "$KERNEL_ZSWAP" = true ] ; then
238 241 CMDLINE="${CMDLINE} zswap.enabled=1 zswap.max_pool_percent=25 zswap.compressor=lz4"
239 242 fi
240 243 fi
241 244 if [ "$KERNEL_SECURITY" = true ] ; then
242 245 CMDLINE="${CMDLINE} apparmor=1 security=apparmor"
243 246 fi
244 247
245 248 # Install firmware boot cmdline
246 249 echo "${CMDLINE}" > "${BOOT_DIR}/cmdline.txt"
247 250
248 251 # Setup minimal GPU memory allocation size: 16MB (no X)
249 252 if [ "$ENABLE_MINGPU" = true ] ; then
250 253 echo "gpu_mem=16" >> "${BOOT_DIR}/config.txt"
251 254 fi
252 255
253 256 # Setup boot with initramfs
254 257 if [ "$ENABLE_INITRAMFS" = true ] ; then
255 258 echo "initramfs initramfs-${KERNEL_VERSION} followkernel" >> "${BOOT_DIR}/config.txt"
256 259 fi
257 260
258 261 # Create firmware configuration and cmdline symlinks
259 262 ln -sf firmware/config.txt "${R}/boot/config.txt"
260 263 ln -sf firmware/cmdline.txt "${R}/boot/cmdline.txt"
261 264
262 265 # Install and setup kernel modules to load at boot
263 266 mkdir -p "${LIB_DIR}/modules-load.d/"
264 267 install_readonly files/modules/rpi2.conf "${LIB_DIR}/modules-load.d/rpi2.conf"
265 268
266 269 # Load hardware random module at boot
267 270 if [ "$ENABLE_HWRANDOM" = true ] && [ "$BUILD_KERNEL" = false ] ; then
268 271 sed -i "s/^# bcm2708_rng/bcm2708_rng/" "${LIB_DIR}/modules-load.d/rpi2.conf"
269 272 fi
270 273
271 274 # Load sound module at boot
272 275 if [ "$ENABLE_SOUND" = true ] ; then
273 276 sed -i "s/^# snd_bcm2835/snd_bcm2835/" "${LIB_DIR}/modules-load.d/rpi2.conf"
274 277 else
275 278 echo "dtparam=audio=off" >> "${BOOT_DIR}/config.txt"
276 279 fi
277 280
278 281 # Enable I2C interface
279 282 if [ "$ENABLE_I2C" = true ] ; then
280 283 echo "dtparam=i2c_arm=on" >> "${BOOT_DIR}/config.txt"
281 284 sed -i "s/^# i2c-bcm2708/i2c-bcm2708/" "${LIB_DIR}/modules-load.d/rpi2.conf"
282 285 sed -i "s/^# i2c-dev/i2c-dev/" "${LIB_DIR}/modules-load.d/rpi2.conf"
283 286 fi
284 287
285 288 # Enable SPI interface
286 289 if [ "$ENABLE_SPI" = true ] ; then
287 290 echo "dtparam=spi=on" >> "${BOOT_DIR}/config.txt"
288 291 echo "spi-bcm2708" >> "${LIB_DIR}/modules-load.d/rpi2.conf"
289 292 if [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ]; then
290 293 sed -i "s/spi-bcm2708/spi-bcm2835/" "${LIB_DIR}/modules-load.d/rpi2.conf"
291 294 fi
292 295 fi
293 296
294 297 # Disable RPi2/3 under-voltage warnings
295 298 if [ -n "$DISABLE_UNDERVOLT_WARNINGS" ] ; then
296 299 echo "avoid_warnings=${DISABLE_UNDERVOLT_WARNINGS}" >> "${BOOT_DIR}/config.txt"
297 300 fi
298 301
299 302 # Install kernel modules blacklist
300 303 mkdir -p "${ETC_DIR}/modprobe.d/"
301 304 install_readonly files/modules/raspi-blacklist.conf "${ETC_DIR}/modprobe.d/raspi-blacklist.conf"
302 305
303 306 # Install sysctl.d configuration files
304 307 install_readonly files/sysctl.d/81-rpi-vm.conf "${ETC_DIR}/sysctl.d/81-rpi-vm.conf"
Show file before | Show file after | Hide comments
@@ -1,136 +1,186
1 1 #
2 2 # Setup Networking
3 3 #
4 4
5 5 # Load utility functions
6 6 . ./functions.sh
7 7
8 8 # Install and setup hostname
9 9 install_readonly files/network/hostname "${ETC_DIR}/hostname"
10 10 sed -i "s/^RaspberryPI/${HOSTNAME}/" "${ETC_DIR}/hostname"
11 11
12 12 # Install and setup hosts
13 13 install_readonly files/network/hosts "${ETC_DIR}/hosts"
14 14 sed -i "s/RaspberryPI/${HOSTNAME}/" "${ETC_DIR}/hosts"
15 15
16 16 # Setup hostname entry with static IP
17 if [ "$NET_ADDRESS" != "" ] ; then
18 NET_IP=$(echo "${NET_ADDRESS}" | cut -f 1 -d'/')
17 if [ "$NET_ETH_ADDRESS" != "" ] ; then
18 NET_IP=$(echo "${NET_ETH_ADDRESS}" | cut -f 1 -d'/')
19 19 sed -i "s/^127.0.1.1/${NET_IP}/" "${ETC_DIR}/hosts"
20 20 fi
21 21
22 22 # Remove IPv6 hosts
23 23 if [ "$ENABLE_IPV6" = false ] ; then
24 24 sed -i -e "/::[1-9]/d" -e "/^$/d" "${ETC_DIR}/hosts"
25 25 fi
26 26
27 27 # Install hint about network configuration
28 28 install_readonly files/network/interfaces "${ETC_DIR}/network/interfaces"
29 29
30 30 # Install configuration for interface eth0
31 install_readonly files/network/eth.network "${ETC_DIR}/systemd/network/eth.network"
31 install_readonly files/network/eth0.network "${ETC_DIR}/systemd/network/eth0.network"
32 32
33 33 if [ "$RPI_MODEL" = 3P ] ; then
34 printf "\n[Link]\nGenericReceiveOffload=off\nTCPSegmentationOffload=off\nGenericSegmentationOffload=off" >> "${ETC_DIR}/systemd/network/eth.network"
34 printf "\n[Link]\nGenericReceiveOffload=off\nTCPSegmentationOffload=off\nGenericSegmentationOffload=off" >> "${ETC_DIR}/systemd/network/eth0.network"
35 35 fi
36 36
37 37 # Install configuration for interface wl*
38 install_readonly files/network/wlan.network "${ETC_DIR}/systemd/network/wlan.network"
38 install_readonly files/network/wlan0.network "${ETC_DIR}/systemd/network/wlan0.network"
39 39
40 40 #always with dhcp since wpa_supplicant integration is missing
41 sed -i -e "s/DHCP=.*/DHCP=yes/" -e "/DHCP/q" "${ETC_DIR}/systemd/network/wlan.network"
41 sed -i -e "s/DHCP=.*/DHCP=yes/" -e "/DHCP/q" "${ETC_DIR}/systemd/network/wlan0.network"
42 42
43 if [ "$ENABLE_DHCP" = true ] ; then
43 if [ "$ENABLE_ETH_DHCP" = true ] ; then
44 44 # Enable DHCP configuration for interface eth0
45 sed -i -e "s/DHCP=.*/DHCP=yes/" -e "/DHCP/q" "${ETC_DIR}/systemd/network/eth.network"
45 sed -i -e "s/DHCP=.*/DHCP=yes/" -e "/DHCP/q" "${ETC_DIR}/systemd/network/eth0.network"
46 46
47 47 # Set DHCP configuration to IPv4 only
48 48 if [ "$ENABLE_IPV6" = false ] ; then
49 sed -i "s/DHCP=.*/DHCP=v4/" "${ETC_DIR}/systemd/network/eth.network"
49 sed -i "s/DHCP=.*/DHCP=v4/" "${ETC_DIR}/systemd/network/eth0.network"
50 sed '/IPv6PrivacyExtensions=true/d' "${ETC_DIR}/systemd/network/eth0.network"
50 51 fi
51 52
52 else # ENABLE_DHCP=false
53 else # ENABLE_ETH_DHCP=false
53 54 # Set static network configuration for interface eth0
54 sed -i\
55 -e "s|DHCP=.*|DHCP=no|"\
56 -e "s|Address=\$|Address=${NET_ADDRESS}|"\
57 -e "s|Gateway=\$|Gateway=${NET_GATEWAY}|"\
58 -e "0,/DNS=\$/ s|DNS=\$|DNS=${NET_DNS_1}|"\
59 -e "0,/DNS=\$/ s|DNS=\$|DNS=${NET_DNS_2}|"\
60 -e "s|Domains=\$|Domains=${NET_DNS_DOMAINS}|"\
61 -e "0,/NTP=\$/ s|NTP=\$|NTP=${NET_NTP_1}|"\
62 -e "0,/NTP=\$/ s|NTP=\$|NTP=${NET_NTP_2}|"\
63 "${ETC_DIR}/systemd/network/eth.network"
55 if [ -n NET_ETH_ADDRESS ] && [ -n NET_ETH_GATEWAY ] && [ -n NET_ETH_DNS_1 ] ; then
56 sed -i\
57 -e "s|DHCP=.*|DHCP=no|"\
58 -e "s|Address=\$|Address=${NET_ETH_ADDRESS}|"\
59 -e "s|Gateway=\$|Gateway=${NET_ETH_GATEWAY}|"\
60 -e "0,/DNS=\$/ s|DNS=\$|DNS=${NET_ETH_DNS_1}|"\
61 -e "0,/DNS=\$/ s|DNS=\$|DNS=${NET_ETH_DNS_2}|"\
62 -e "s|Domains=\$|Domains=${NET_ETH_DNS_DOMAINS}|"\
63 -e "0,/NTP=\$/ s|NTP=\$|NTP=${NET_ETH_NTP_1}|"\
64 -e "0,/NTP=\$/ s|NTP=\$|NTP=${NET_ETH_NTP_2}|"\
65 "${ETC_DIR}/systemd/network/eth0.network"
66 fi
64 67 fi
65 68
66 # Remove empty settings from network configuration
67 sed -i "/.*=\$/d" "${ETC_DIR}/systemd/network/eth.network"
68 # Remove empty settings from wlan configuration
69 sed -i "/.*=\$/d" "${ETC_DIR}/systemd/network/wlan.network"
70 69
71 # Move systemd network configuration if required by Debian release
72 mv -v "${ETC_DIR}/systemd/network/eth.network" "${LIB_DIR}/systemd/network/10-eth.network"
73 # If WLAN is enabled copy wlan configuration too
74 70 if [ "$ENABLE_WIRELESS" = true ] ; then
75 mv -v "${ETC_DIR}/systemd/network/wlan.network" "${LIB_DIR}/systemd/network/11-wlan.network"
71 if [ "$ENABLE_WIFI_DHCP" = true ] ; then
72 # Enable DHCP configuration for interface eth0
73 sed -i -e "s/DHCP=.*/DHCP=yes/" -e "/DHCP/q" "${ETC_DIR}/systemd/network/wlan0.network"
74
75 # Set DHCP configuration to IPv4 only
76 if [ "$ENABLE_IPV6" = false ] ; then
77 sed -i "s/DHCP=.*/DHCP=v4/" "${ETC_DIR}/systemd/network/wlan0.network"
78 sed '/IPv6PrivacyExtensions=true/d' "${ETC_DIR}/systemd/network/wlan0.network"
79 fi
80
81 else # ENABLE_WIFI_DHCP=false
82 # Set static network configuration for interface eth0
83 if [ -n NET_WIFI_ADDRESS ] && [ -n NET_WIFI_GATEWAY ] && [ -n NET_WIFI_DNS_1 ] ; then
84 sed -i\
85 -e "s|DHCP=.*|DHCP=no|"\
86 -e "s|Address=\$|Address=${NET_WIFI_ADDRESS}|"\
87 -e "s|Gateway=\$|Gateway=${NET_WIFI_GATEWAY}|"\
88 -e "0,/DNS=\$/ s|DNS=\$|DNS=${NET_WIFI_DNS_1}|"\
89 -e "0,/DNS=\$/ s|DNS=\$|DNS=${NET_WIFI_DNS_2}|"\
90 -e "s|Domains=\$|Domains=${NET_WIFI_DNS_DOMAINS}|"\
91 -e "0,/NTP=\$/ s|NTP=\$|NTP=${NET_WIFI_NTP_1}|"\
92 -e "0,/NTP=\$/ s|NTP=\$|NTP=${NET_WIFI_NTP_2}|"\
93 "${ETC_DIR}/systemd/network/wlan0.network"
94 fi
95 fi
96
97 if [ -z "$NET_WIFI_SSID" ] && [ -z "$NET_WIFI_PSK" ] ; then
98 printf "
99 ctrl_interface=/run/wpa_supplicant
100 ctrl_interface_group=wheel
101 update_config=1
102 eapol_version=1
103 ap_scan=1
104 fast_reauth=1
105
106 " > /etc/wpa_supplicant/wpa_supplicant-wlan0.conf
107
108 #Configure WPA_supplicant
109 chroot_exec wpa_passphrase "$NET_SSID" "$NET_WPAPSK" >> /etc/wpa_supplicant/wpa_supplicant-wlan0.conf
110
111 chroot_exec systemctl enable wpa_supplicant.service
112 chroot_exec systemctl enable wpa_supplicant@wlan0.service
113 fi
114 # Remove empty settings from wlan configuration
115 sed -i "/.*=\$/d" "${ETC_DIR}/systemd/network/wlan0.network"
116 # If WLAN is enabled copy wlan configuration too
117 mv -v "${ETC_DIR}/systemd/network/wlan0.network" "${LIB_DIR}/systemd/network/11-wlan0.network"
76 118 fi
119
120 # Remove empty settings from network configuration
121 sed -i "/.*=\$/d" "${ETC_DIR}/systemd/network/eth0.network"
122
123 # Move systemd network configuration if required by Debian release
124 mv -v "${ETC_DIR}/systemd/network/eth0.network" "${LIB_DIR}/systemd/network/10-eth0.network"
125
126 #Clean up
77 127 rm -fr "${ETC_DIR}/systemd/network"
78 128
79 129 # Enable systemd-networkd service
80 130 chroot_exec systemctl enable systemd-networkd
81 131
82 132 # Install host.conf resolver configuration
83 133 install_readonly files/network/host.conf "${ETC_DIR}/host.conf"
84 134
85 135 # Enable network stack hardening
86 136 if [ "$ENABLE_HARDNET" = true ] ; then
87 137 # Install sysctl.d configuration files
88 138 install_readonly files/sysctl.d/82-rpi-net-hardening.conf "${ETC_DIR}/sysctl.d/82-rpi-net-hardening.conf"
89 139
90 140 # Setup resolver warnings about spoofed addresses
91 141 sed -i "s/^# spoof warn/spoof warn/" "${ETC_DIR}/host.conf"
92 142 fi
93 143
94 144 # Enable time sync
95 145 if [ "$NET_NTP_1" != "" ] ; then
96 146 chroot_exec systemctl enable systemd-timesyncd.service
97 147 fi
98 148
99 149 # Download the firmware binary blob required to use the RPi3 wireless interface
100 150 if [ "$ENABLE_WIRELESS" = true ] ; then
101 151 if [ ! -d "${WLAN_FIRMWARE_DIR}" ] ; then
102 152 mkdir -p "${WLAN_FIRMWARE_DIR}"
103 153 fi
104 154
105 155 # Create temporary directory for firmware binary blob
106 156 temp_dir=$(as_nobody mktemp -d)
107 157
108 158 # Fetch firmware binary blob for RPI3B+
109 159 if [ "$RPI_MODEL" = 3P ] || [ "$RPI_MODEL" = 4 ] ; then
110 160 # Fetch firmware binary blob for RPi3P
111 161 as_nobody wget -q -O "${temp_dir}/brcmfmac43455-sdio.bin" "${WLAN_FIRMWARE_URL}/brcmfmac43455-sdio.bin"
112 162 as_nobody wget -q -O "${temp_dir}/brcmfmac43455-sdio.txt" "${WLAN_FIRMWARE_URL}/brcmfmac43455-sdio.txt"
113 163 as_nobody wget -q -O "${temp_dir}/brcmfmac43455-sdio.clm_blob" "${WLAN_FIRMWARE_URL}/brcmfmac43455-sdio.clm_blob"
114 164
115 165 # Move downloaded firmware binary blob
116 166 mv "${temp_dir}/brcmfmac43455-sdio."* "${WLAN_FIRMWARE_DIR}/"
117 167
118 168 # Set permissions of the firmware binary blob
119 169 chown root:root "${WLAN_FIRMWARE_DIR}/brcmfmac43455-sdio."*
120 170 chmod 600 "${WLAN_FIRMWARE_DIR}/brcmfmac43455-sdio."*
121 171 elif [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 0 ] ; then
122 172 # Fetch firmware binary blob for RPi3
123 173 as_nobody wget -q -O "${temp_dir}/brcmfmac43430-sdio.bin" "${WLAN_FIRMWARE_URL}/brcmfmac43430-sdio.bin"
124 174 as_nobody wget -q -O "${temp_dir}/brcmfmac43430-sdio.txt" "${WLAN_FIRMWARE_URL}/brcmfmac43430-sdio.txt"
125 175
126 176 # Move downloaded firmware binary blob
127 177 mv "${temp_dir}/brcmfmac43430-sdio."* "${WLAN_FIRMWARE_DIR}/"
128 178
129 179 # Set permissions of the firmware binary blob
130 180 chown root:root "${WLAN_FIRMWARE_DIR}/brcmfmac43430-sdio."*
131 181 chmod 600 "${WLAN_FIRMWARE_DIR}/brcmfmac43430-sdio."*
132 182 fi
133 183
134 184 # Remove temporary directory for firmware binary blob
135 185 rm -fr "${temp_dir}"
136 186 fi
Show file before | Show file after | Hide comments
@@ -1,54 +1,54
1 1 #
2 2 # Setup Firewall
3 3 #
4 4
5 5 # Load utility functions
6 6 . ./functions.sh
7 7
8 8 if [ "$ENABLE_IPTABLES" = true ] ; then
9 9 # Create iptables configuration directory
10 10 mkdir -p "${ETC_DIR}/iptables"
11 11
12 12 if [ "$KERNEL_NF" = false ] ; then
13 13 # iptables-save and -restore are slaves of iptables and thus are set accordingly
14 14 chroot_exec update-alternatives --verbose --set iptables /usr/sbin/iptables-legacy
15 15 fi
16 16
17 17 # Install iptables systemd service
18 18 install_readonly files/iptables/iptables.service "${ETC_DIR}/systemd/system/iptables.service"
19 19
20 20 # Install flush-table script called by iptables service
21 21 install_exec files/iptables/flush-iptables.sh "${ETC_DIR}/iptables/flush-iptables.sh"
22 22
23 23 # Install iptables rule file
24 24 install_readonly files/iptables/iptables.rules "${ETC_DIR}/iptables/iptables.rules"
25 25
26 26 # Reload systemd configuration and enable iptables service
27 27 chroot_exec systemctl daemon-reload
28 28 chroot_exec systemctl enable iptables.service
29 29
30 30 if [ "$ENABLE_IPV6" = true ] ; then
31 31 if [ "$KERNEL_NF" = false ] ; then
32 32 # iptables-save and -restore are slaves of iptables and thus are set accordingly
33 33 chroot_exec update-alternatives --verbose --set ip6tables /usr/sbin/ip6tables-legacy
34 34 fi
35 35
36 36 # Install ip6tables systemd service
37 37 install_readonly files/iptables/ip6tables.service "${ETC_DIR}/systemd/system/ip6tables.service"
38 38
39 39 # Install ip6tables file
40 40 install_exec files/iptables/flush-ip6tables.sh "${ETC_DIR}/iptables/flush-ip6tables.sh"
41 41
42 42 install_readonly files/iptables/ip6tables.rules "${ETC_DIR}/iptables/ip6tables.rules"
43 43
44 44 # Reload systemd configuration and enable iptables service
45 45 chroot_exec systemctl daemon-reload
46 46 chroot_exec systemctl enable ip6tables.service
47 47 fi
48 48
49 if [ "$ENABLE_SSHD" = false ] ; then
49 if [ "$SSH_ENABLE" = false ] ; then
50 50 # Remove SSHD related iptables rules
51 51 sed -i "/^#/! {/SSH/ s/^/# /}" "${ETC_DIR}/iptables/iptables.rules" 2> /dev/null
52 52 sed -i "/^#/! {/SSH/ s/^/# /}" "${ETC_DIR}/iptables/ip6tables.rules" 2> /dev/null
53 53 fi
54 54 fi
Show file before | Show file after | Hide comments
@@ -1,24 +1,24
1 1 #
2 2 # Setup users and security settings
3 3 #
4 4
5 5 # Load utility functions
6 6 . ./functions.sh
7 7
8 8 # Generate crypt(3) password string
9 ENCRYPTED_PASSWORD=$(mkpasswd -m sha-512 "${PASSWORD}")
9 ENCRYPTED_PASSWORD=$(mkpasswd -m sha-512 "${ROOT_PASSWORD}")
10 10 ENCRYPTED_USER_PASSWORD=$(mkpasswd -m sha-512 "${USER_PASSWORD}")
11 11
12 12 # Setup default user
13 13 if [ "$ENABLE_USER" = true ] ; then
14 14 chroot_exec adduser --gecos "$USER_NAME" --add_extra_groups --disabled-password "$USER_NAME"
15 15 chroot_exec usermod -a -G sudo -p "${ENCRYPTED_USER_PASSWORD}" "$USER_NAME"
16 16 fi
17 17
18 18 # Setup root password or not
19 19 if [ "$ENABLE_ROOT" = true ] ; then
20 20 chroot_exec usermod -p "${ENCRYPTED_PASSWORD}" root
21 21 else
22 22 # Set no root password to disable root login
23 23 chroot_exec usermod -p \'!\' root
24 24 fi
Show file before | Show file after | Hide comments
@@ -1,116 +1,116
1 1 #
2 2 # Setup SSH settings and public keys
3 3 #
4 4
5 5 # Load utility functions
6 6 . ./functions.sh
7 7
8 if [ "$ENABLE_SSHD" = true ] ; then
8 if [ "$SSH_ENABLE" = true ] ; then
9 9 DROPBEAR_ARGS=""
10 10
11 11 if [ "$SSH_ENABLE_ROOT" = false ] ; then
12 12 if [ "$ENABLE_REDUCE" = false ] || [ "$REDUCE_SSHD" = false ] ; then
13 13 # User root is not allowed to log in
14 14 sed -i "s|[#]*PermitRootLogin.*|PermitRootLogin no|g" "${ETC_DIR}/ssh/sshd_config"
15 15 else
16 16 # User root is not allowed to log in
17 17 DROPBEAR_ARGS="-w"
18 18 fi
19 19 fi
20 20
21 21 if [ "$ENABLE_ROOT" = true ] && [ "$SSH_ENABLE_ROOT" = true ] ; then
22 22 if [ "$ENABLE_REDUCE" = false ] || [ "$REDUCE_SSHD" = false ] ; then
23 23 # Permit SSH root login
24 24 sed -i "s|[#]*PermitRootLogin.*|PermitRootLogin yes|g" "${ETC_DIR}/ssh/sshd_config"
25 25 else
26 26 # Permit SSH root login
27 27 DROPBEAR_ARGS=""
28 28 fi
29 29
30 30 # Add SSH (v2) public key for user root
31 31 if [ -n "$SSH_ROOT_PUB_KEY" ] ; then
32 32 # Create root SSH config directory
33 33 mkdir -p "${R}/root/.ssh"
34 34
35 35 # Set permissions of root SSH config directory
36 36 chroot_exec chmod 700 "/root/.ssh"
37 37 chroot_exec chown root:root "/root/.ssh"
38 38
39 39 # Add SSH (v2) public key(s) to authorized_keys file
40 40 cat "$SSH_ROOT_PUB_KEY" >> "${R}/root/.ssh/authorized_keys"
41 41
42 42 # Set permissions of root SSH authorized_keys file
43 43 chroot_exec chmod 600 "/root/.ssh/authorized_keys"
44 44 chroot_exec chown root:root "/root/.ssh/authorized_keys"
45 45
46 46 if [ "$ENABLE_REDUCE" = false ] || [ "$REDUCE_SSHD" = false ] ; then
47 47 # Allow SSH public key authentication
48 48 sed -i "s|[#]*PubkeyAuthentication.*|PubkeyAuthentication yes|g" "${ETC_DIR}/ssh/sshd_config"
49 49 fi
50 50 fi
51 51 fi
52 52
53 53 if [ "$ENABLE_USER" = true ] ; then
54 54 # Add SSH (v2) public key for user $USER_NAME
55 55 if [ -n "$SSH_USER_PUB_KEY" ] ; then
56 56 # Create $USER_NAME SSH config directory
57 57 mkdir -p "${R}/home/${USER_NAME}/.ssh"
58 58
59 59 # Set permissions of $USER_NAME SSH config directory
60 60 chroot_exec chmod 700 "/home/${USER_NAME}/.ssh"
61 61 chroot_exec chown "${USER_NAME}":"${USER_NAME}" "/home/${USER_NAME}/.ssh"
62 62
63 63 # Add SSH (v2) public key(s) to authorized_keys file
64 64 cat "$SSH_USER_PUB_KEY" >> "${R}/home/${USER_NAME}/.ssh/authorized_keys"
65 65
66 66 # Set permissions of $USER_NAME SSH config directory
67 67 chroot_exec chmod 600 "/home/${USER_NAME}/.ssh/authorized_keys"
68 68 chroot_exec chown "${USER_NAME}":"${USER_NAME}" "/home/${USER_NAME}/.ssh/authorized_keys"
69 69
70 70 if [ "$ENABLE_REDUCE" = false ] || [ "$REDUCE_SSHD" = false ] ; then
71 71 # Allow SSH public key authentication
72 72 sed -i "s|[#]*PubkeyAuthentication.*|PubkeyAuthentication yes|g" "${ETC_DIR}/ssh/sshd_config"
73 73 fi
74 74 fi
75 75 fi
76 76
77 77 # Limit the users that are allowed to login via SSH
78 78 if [ "$SSH_LIMIT_USERS" = true ] && [ "$ENABLE_REDUCE" = false ] ; then
79 79 allowed_users=""
80 80 if [ "$ENABLE_ROOT" = true ] && [ "$SSH_ENABLE_ROOT" = true ] ; then
81 81 allowed_users="root"
82 82 fi
83 83
84 84 if [ "$ENABLE_USER" = true ] ; then
85 85 allowed_users="${allowed_users} ${USER_NAME}"
86 86 fi
87 87
88 88 if [ -n "$allowed_users" ] ; then
89 89 echo "AllowUsers ${allowed_users}" >> "${ETC_DIR}/ssh/sshd_config"
90 90 fi
91 91 fi
92 92
93 93 # Disable password-based authentication
94 94 if [ "$SSH_DISABLE_PASSWORD_AUTH" = true ] ; then
95 95 if [ "$ENABLE_ROOT" = true ] && [ "$SSH_ENABLE_ROOT" = true ] ; then
96 96 if [ "$ENABLE_REDUCE" = false ] || [ "$REDUCE_SSHD" = false ] ; then
97 97 sed -i "s|[#]*PermitRootLogin.*|PermitRootLogin without-password|g" "${ETC_DIR}/ssh/sshd_config"
98 98 else
99 99 DROPBEAR_ARGS="-g"
100 100 fi
101 101 fi
102 102
103 103 if [ "$ENABLE_REDUCE" = false ] || [ "$REDUCE_SSHD" = false ] ; then
104 104 sed -i "s|[#]*PasswordAuthentication.*|PasswordAuthentication no|g" "${ETC_DIR}/ssh/sshd_config"
105 105 sed -i "s|[#]*ChallengeResponseAuthentication no.*|ChallengeResponseAuthentication no|g" "${ETC_DIR}/ssh/sshd_config"
106 106 sed -i "s|[#]*UsePAM.*|UsePAM no|g" "${ETC_DIR}/ssh/sshd_config"
107 107 else
108 108 DROPBEAR_ARGS="${DROPBEAR_ARGS} -s"
109 109 fi
110 110 fi
111 111
112 112 # Update dropbear SSH configuration
113 113 if [ "$ENABLE_REDUCE" = true ] && [ "$REDUCE_SSHD" = true ] ; then
114 114 sed "s|^DROPBEAR_EXTRA_ARGS=.*|DROPBEAR_EXTRA_ARGS=\"${DROPBEAR_ARGS}\"|g" "${ETC_DIR}/default/dropbear"
115 115 fi
116 116 fi No newline at end of file
Show file before | Show file after | Hide comments
@@ -1,54 +1,56
1 1 #
2 2 # First boot actions
3 3 #
4 4
5 5 # Load utility functions
6 6 . ./functions.sh
7 7
8 8 # Prepare rc.firstboot script
9 9 cat files/firstboot/10-begin.sh > "${ETC_DIR}/rc.firstboot"
10 10
11 11 # Prepare filesystem auto expand
12 12 if [ "$EXPANDROOT" = true ] ; then
13 13 if [ "$ENABLE_CRYPTFS" = false ] ; then
14 14 cat files/firstboot/20-expandroot.sh >> "${ETC_DIR}/rc.firstboot"
15 15 else
16 16 # Regenerate initramfs to remove encrypted root partition auto expand
17 17 cat files/firstboot/21-regenerate-initramfs.sh >> "${ETC_DIR}/rc.firstboot"
18 18 fi
19 19
20 20 # Restart dphys-swapfile so the size of the swap file is relative to the resized root partition
21 21 if [ "$ENABLE_DPHYSSWAP" = true ] ; then
22 22 cat files/firstboot/23-restart-dphys-swapfile.sh >> "${ETC_DIR}/rc.firstboot"
23 23 fi
24 24 fi
25 25
26 26 # Ensure openssh server host keys are regenerated on first boot
27 if [ "$ENABLE_SSHD" = true ] ; then
27 if [ "$SSH_ENABLE" = true ] ; then
28 28 cat files/firstboot/30-generate-ssh-keys.sh >> "${ETC_DIR}/rc.firstboot"
29 29 fi
30 30
31 if [ "$ENABLE_DBUS" = true ] ; then
31 32 # Ensure that dbus machine-id exists
32 33 cat files/firstboot/40-generate-machineid.sh >> "${ETC_DIR}/rc.firstboot"
34 fi
33 35
34 36 # Create /etc/resolv.conf symlink
35 37 cat files/firstboot/41-create-resolv-symlink.sh >> "${ETC_DIR}/rc.firstboot"
36 38
37 39 # Configure automatic network interface names
38 40 if [ "$ENABLE_IFNAMES" = true ] ; then
39 41 cat files/firstboot/42-config-ifnames.sh >> "${ETC_DIR}/rc.firstboot"
40 42 fi
41 43
42 44 # Finalize rc.firstboot script
43 45 cat files/firstboot/99-finish.sh >> "${ETC_DIR}/rc.firstboot"
44 46 chmod +x "${ETC_DIR}/rc.firstboot"
45 47
46 48 # Install default rc.local if it does not exist
47 49 if [ ! -f "${ETC_DIR}/rc.local" ] ; then
48 50 install_exec files/etc/rc.local "${ETC_DIR}/rc.local"
49 51 fi
50 52
51 53 # Add rc.firstboot script to rc.local
52 54 sed -i '/exit 0/d' "${ETC_DIR}/rc.local"
53 55 echo /etc/rc.firstboot >> "${ETC_DIR}/rc.local"
54 56 echo exit 0 >> "${ETC_DIR}/rc.local"
Show file before | Show file after | Hide comments
@@ -1,76 +1,98
1 1 #
2 2 # Reduce system disk usage
3 3 #
4 4
5 5 # Load utility functions
6 6 . ./functions.sh
7 7
8 if [ "$ENABLE_IPV6" = false ] ; then
9 "$LIB_DIR"/xtables/libip6t_ah.so
10 "$LIB_DIR"/xtables/libip6t_dst.so
11 "$LIB_DIR"/xtables/libip6t_eui64.so
12 "$LIB_DIR"/xtables/libip6t_frag.so
13 "$LIB_DIR"/xtables/libip6t_hbh.so
14 "$LIB_DIR"/xtables/libip6t_hl.so
15 "$LIB_DIR"/xtables/libip6t_HL.so
16 "$LIB_DIR"/xtables/libip6t_icmp6.so
17 "$LIB_DIR"/xtables/libip6t_ipv6header.so
18 "$LIB_DIR"/xtables/libip6t_LOG.so
19 "$LIB_DIR"/xtables/libip6t_mh.so
20 "$LIB_DIR"/xtables/libip6t_REJECT.so
21 "$LIB_DIR"/xtables/libip6t_rt.so
22 "$LIB_DIR"/xtables/libip6t_DNAT.so
23 "$LIB_DIR"/xtables/libip6t_DNPT.so
24 "$LIB_DIR"/xtables/libip6t_MASQUERADE.so
25 "$LIB_DIR"/xtables/libip6t_NETMAP.so
26 "$LIB_DIR"/xtables/libip6t_REDIRECT.so
27 "$LIB_DIR"/xtables/libip6t_SNAT.so
28 "$LIB_DIR"/xtables/libip6t_SNPT.so
29 fi
8 30 # Reduce the image size by various operations
9 31 if [ "$ENABLE_REDUCE" = true ] ; then
10 32 if [ "$REDUCE_APT" = true ] ; then
11 33 # Install dpkg configuration file
12 34 if [ "$REDUCE_DOC" = true ] || [ "$REDUCE_MAN" = true ] ; then
13 35 install_readonly files/dpkg/01nodoc "${ETC_DIR}/dpkg/dpkg.cfg.d/01nodoc"
14 36 fi
15 37
16 38 # Install APT configuration files
17 39 install_readonly files/apt/02nocache "${ETC_DIR}/apt/apt.conf.d/02nocache"
18 40 install_readonly files/apt/03compress "${ETC_DIR}/apt/apt.conf.d/03compress"
19 41 install_readonly files/apt/04norecommends "${ETC_DIR}/apt/apt.conf.d/04norecommends"
20 42
21 43 # Remove APT cache files
22 44 rm -fr "${R}/var/cache/apt/pkgcache.bin"
23 45 rm -fr "${R}/var/cache/apt/srcpkgcache.bin"
24 46 fi
25 47
26 48 # Remove all doc files
27 49 if [ "$REDUCE_DOC" = true ] ; then
28 50 find "${R}/usr/share/doc" -depth -type f ! -name copyright -print0 | xargs -0 rm || true
29 51 find "${R}/usr/share/doc" -empty -print0 | xargs -0 rmdir || true
30 52 fi
31 53
32 54 # Remove all man pages and info files
33 55 if [ "$REDUCE_MAN" = true ] ; then
34 56 rm -rf "${R}/usr/share/man" "${R}/usr/share/groff" "${R}/usr/share/info" "${R}/usr/share/lintian" "${R}/usr/share/linda" "${R}/var/cache/man"
35 57 fi
36 58
37 59 # Remove all locale translation files
38 60 if [ "$REDUCE_LOCALE" = true ] ; then
39 61 find "${R}/usr/share/locale" -mindepth 1 -maxdepth 1 ! -name 'en' -print0 | xargs -0 rm -r
40 62 fi
41 63
42 64 # Remove hwdb PCI device classes (experimental)
43 65 if [ "$REDUCE_HWDB" = true ] ; then
44 66 rm -fr "/lib/udev/hwdb.d/20-pci-*"
45 67 fi
46 68
47 69 # Replace bash shell by dash shell (experimental)
48 70 if [ "$REDUCE_BASH" = true ] ; then
49 71 # Purge bash and update alternatives
50 72 echo "Yes, do as I say!" | chroot_exec apt-get purge -qq -y --allow-remove-essential bash
51 73 chroot_exec update-alternatives --install /bin/bash bash /bin/dash 100
52 74 fi
53 75
54 76 # Remove sound utils and libraries
55 77 if [ "$ENABLE_SOUND" = false ] ; then
56 78 chroot_exec apt-get -qq -y purge alsa-utils libsamplerate0 libasound2 libasound2-data
57 79 fi
58 80
59 81 # Remove GPU kernels
60 82 if [ "$ENABLE_MINGPU" = true ] ; then
61 83 rm -f "${BOOT_DIR}/start.elf"
62 84 rm -f "${BOOT_DIR}/fixup.dat"
63 85 rm -f "${BOOT_DIR}/start_x.elf"
64 86 rm -f "${BOOT_DIR}/fixup_x.dat"
65 87 fi
66 88
67 89 # Remove kernel and initrd from /boot (already in /boot/firmware)
68 90 if [ "$BUILD_KERNEL" = false ] ; then
69 91 rm -f "${R}/boot/vmlinuz-*"
70 92 rm -f "${R}/boot/initrd.img-*"
71 93 fi
72 94
73 95 # Clean APT list of repositories
74 96 rm -fr "${R}/var/lib/apt/lists/*"
75 97 chroot_exec apt-get -qq -y update
76 98 fi
Show file before | Show file after | Hide comments
@@ -1,13 +1,32
1 1 logger -t "rc.firstboot" "Configuring network interface name"
2 2
3 INTERFACE_NAME=$(dmesg | grep "renamed from eth0" | awk -F ":| " '{ print $9 }')
3 INTERFACE_NAME_ETH=$(dmesg | grep "renamed from eth0" | awk -F ":| " '{ print $9 }')
4 INTERFACE_NAME_WIFI=$(dmesg | grep "renamed from wlan0" | awk -F ":| " '{ print $9 }')
4 5
5 if [ ! -z INTERFACE_NAME ] ; then
6 if [ -r "/etc/systemd/network/eth.network" ] ; then
7 sed -i "s/eth0/${INTERFACE_NAME}/" /etc/systemd/network/eth.network
6 if [ ! -z INTERFACE_NAME_ETH ] ; then
7 if [ -r "/etc/systemd/network/eth0.network" ] ; then
8 sed -i "s/eth0/${INTERFACE_NAME_ETH}/" /etc/systemd/network/eth0.network
8 9 fi
9 10
10 if [ -r "/lib/systemd/network/10-eth.network" ] ; then
11 sed -i "s/eth0/${INTERFACE_NAME}/" /lib/systemd/network/10-eth.network
11 if [ -r "/lib/systemd/network/10-eth0.network" ] ; then
12 sed -i "s/eth0/${INTERFACE_NAME_ETH}/" /lib/systemd/network/10-eth0.network
12 13 fi
14 # Move config to new interface name
15 mv /etc/systemd/network/eth0.network /etc/systemd/network/"${INTERFACE_NAME_ETH}".network
16 fi
17
18 if [ ! -z INTERFACE_NAME_WIFI ] ; then
19 if [ -r "/etc/systemd/network/wlan0.network" ] ; then
20 sed -i "s/wlan0/${INTERFACE_NAME_WIFI}/" /etc/systemd/network/wlan0.network
21 fi
22
23 if [ -r "/lib/systemd/network/11-wlan0.network" ] ; then
24 sed -i "s/wlan0/${INTERFACE_NAME_WIFI}/" /lib/systemd/network/11-wlan0.network
25 fi
26 # Move config to new interface name
27 mv /etc/systemd/network/wlan0.network /etc/systemd/network/"${INTERFACE_NAME_WIFI}".network
28
29 systemctl disable wpa_supplicant@wlan0.service
30 systemctl enable wpa_supplicant@"${INTERFACE_NAME_WIFI}".service
31 systemctl start wpa_supplicant@"${INTERFACE_NAME_WIFI}".service
13 32 fi
Show file before | Show file after | Hide comments
@@ -1,897 +1,920
1 1 #!/bin/sh
2 2 ########################################################################
3 3 # rpi23-gen-image.sh 2015-2017
4 4 #
5 5 # Advanced Debian "stretch" and "buster" bootstrap script for Raspberry Pi
6 6 #
7 7 # This program is free software; you can redistribute it and/or
8 8 # modify it under the terms of the GNU General Public License
9 9 # as published by the Free Software Foundation; either version 2
10 10 # of the License, or (at your option) any later version.
11 11 #
12 12 # Copyright (C) 2015 Jan Wagner <mail@jwagner.eu>
13 13 #
14 14 # Big thanks for patches and enhancements by 20+ github contributors!
15 15 ########################################################################
16 16
17 17 # Are we running as root?
18 18 if [ "$(id -u)" -ne "0" ] ; then
19 19 echo "error: this script must be executed with root privileges!"
20 20 exit 1
21 21 fi
22 22
23 23 # Check if ./functions.sh script exists
24 24 if [ ! -r "./functions.sh" ] ; then
25 25 echo "error: './functions.sh' required script not found!"
26 26 exit 1
27 27 fi
28 28
29 29 # Load utility functions
30 30 . ./functions.sh
31 31
32 32 # Load parameters from configuration template file
33 33 if [ -n "$CONFIG_TEMPLATE" ] ; then
34 34 use_template
35 35 fi
36 36
37 37 # Introduce settings
38 38 set -e
39 echo -n -e "\n#\n# RPi 0/1/2/3 Bootstrap Settings\n#\n"
39 echo -n -e "\n#\n# RPi 0/1/2/3/4 Bootstrap Settings\n#\n"
40 40 set -x
41 41
42 42 # Raspberry Pi model configuration
43 RPI_MODEL=${RPI_MODEL:=2}
43 RPI_MODEL=${RPI_MODEL:=3P}
44 44
45 45 # Debian release
46 46 RELEASE=${RELEASE:=buster}
47 47 if [ $RELEASE = "bullseye" ] ; then
48 48 RELEASE=testing
49 49 fi
50 50
51 51 # Kernel Branch
52 52 KERNEL_BRANCH=${KERNEL_BRANCH:=""}
53 53
54 54 # URLs
55 55 KERNEL_URL=${KERNEL_URL:=https://github.com/raspberrypi/linux}
56 56 FIRMWARE_URL=${FIRMWARE_URL:=https://github.com/raspberrypi/firmware/raw/master/boot}
57 57 WLAN_FIRMWARE_URL=${WLAN_FIRMWARE_URL:=https://github.com/RPi-Distro/firmware-nonfree/raw/master/brcm}
58 58 FBTURBO_URL=${FBTURBO_URL:=https://github.com/ssvb/xf86-video-fbturbo.git}
59 59 UBOOT_URL=${UBOOT_URL:=https://git.denx.de/u-boot.git}
60 60 VIDEOCORE_URL=${VIDEOCORE_URL:=https://github.com/raspberrypi/userland}
61 61 BLUETOOTH_URL=${BLUETOOTH_URL:=https://github.com/RPi-Distro/pi-bluetooth.git}
62 62 NEXMON_URL=${NEXMON_URL:=https://github.com/seemoo-lab/nexmon.git}
63 63 SYSTEMDSWAP_URL=${SYSTEMDSWAP_URL:=https://github.com/Nefelim4ag/systemd-swap.git}
64 64
65 65 # Kernel deb packages for 32bit kernel
66 66 RPI_32_KERNEL_URL=${RPI_32_KERNEL_URL:=https://github.com/hypriot/rpi-kernel/releases/download/v4.14.34/raspberrypi-kernel_20180422-141901_armhf.deb}
67 67 RPI_32_KERNELHEADER_URL=${RPI_32_KERNELHEADER_URL:=https://github.com/hypriot/rpi-kernel/releases/download/v4.14.34/raspberrypi-kernel-headers_20180422-141901_armhf.deb}
68 68 # Kernel has KVM and zswap enabled - use if KERNEL_* parameters and precompiled kernel are used
69 RPI3_64_BIS_KERNEL_URL=${RPI3_64_BIS_KERNEL_URL:=https://github.com/sakaki-/bcmrpi3-kernel-bis/releases/download/4.19.80.20191022/bcmrpi3-kernel-bis-4.19.80.20191022.tar.xz}
69 RPI3_64_BIS_KERNEL_URL=${RPI3_64_BIS_KERNEL_URL:=https://github.com/sakaki-/bcmrpi3-kernel-bis/releases/download/4.19.102.20200211/bcmrpi3-kernel-bis-4.19.102.20200211.tar.xz}
70 70 # Default precompiled 64bit kernel
71 RPI3_64_DEF_KERNEL_URL=${RPI3_64_DEF_KERNEL_URL:=https://github.com/sakaki-/bcmrpi3-kernel/releases/download/4.19.80.20191022/bcmrpi3-kernel-4.19.80.20191022.tar.xz}
71 RPI3_64_DEF_KERNEL_URL=${RPI3_64_DEF_KERNEL_URL:=https://github.com/sakaki-/bcmrpi3-kernel/releases/download/4.19.102.20200211/bcmrpi3-kernel-4.19.102.20200211.tar.xz}
72 72 # Sakaki BIS Kernel RPI4 - https://github.com/sakaki-/bcm2711-kernel-bis
73 RPI4_64_BIS_KERNEL_URL=${RPI4_64_BIS_KERNEL_URL:=https://github.com/sakaki-/bcm2711-kernel-bis/releases/download/4.19.59.20190724/bcm2711-kernel-bis-4.19.59.20190724.tar.xz}
73 RPI4_64_BIS_KERNEL_URL=${RPI4_64_BIS_KERNEL_URL:=https://github.com/sakaki-/bcm2711-kernel-bis/releases/download/4.19.102.20200211/bcm2711-kernel-bis-4.19.102.20200211.tar.xz}
74 74 # Default precompiled 64bit kernel - https://github.com/sakaki-/bcm2711-kernel
75 RPI4_64_DEF_KERNEL_URL=${RPI4_64_DEF_KERNEL_URL:=https://github.com/sakaki-/bcm2711-kernel-bis/releases/download/4.19.59.20190724/bcm2711-kernel-bis-4.19.59.20190724.tar.xz}
75 RPI4_64_DEF_KERNEL_URL=${RPI4_64_DEF_KERNEL_URL:=https://github.com/sakaki-/bcm2711-kernel-bis/releases/download/4.19.102.20200211/bcm2711-kernel-bis-4.19.102.20200211.tar.xz}
76 76 # Generic
77 77 RPI3_64_KERNEL_URL=${RPI3_64_KERNEL_URL:=$RPI3_64_DEF_KERNEL_URL}
78 78 RPI4_64_KERNEL_URL=${RPI4_64_KERNEL_URL:=$RPI4_64_DEF_KERNEL_URL}
79 79 # Kali kernel src - used if ENABLE_NEXMON=true (they patch the wlan kernel modul)
80 80 KALI_KERNEL_URL=${KALI_KERNEL_URL:=https://github.com/Re4son/re4son-raspberrypi-linux.git}
81 81
82 82 # Build directories
83 83 WORKDIR=$(pwd)
84 84 BASEDIR=${BASEDIR:=${WORKDIR}/images/${RELEASE}}
85 85 BUILDDIR="${BASEDIR}/build"
86 86
87 87 # Chroot directories
88 88 R="${BUILDDIR}/chroot"
89 89 ETC_DIR="${R}/etc"
90 90 LIB_DIR="${R}/lib"
91 91 BOOT_DIR="${R}/boot/firmware"
92 92 KERNEL_DIR="${R}/usr/src/linux"
93 93 WLAN_FIRMWARE_DIR="${LIB_DIR}/firmware/brcm"
94 94 BLUETOOTH_FIRMWARE_DIR="${ETC_DIR}/firmware/bt"
95 95
96 # Firmware directory: Blank if download from github
97 RPI_FIRMWARE_DIR=${RPI_FIRMWARE_DIR:=""}
96 # APT settings
97 APT_SERVER=${APT_SERVER:="ftp.debian.org"}
98 APT_PROXY=${APT_PROXY:=""}
99 KEEP_APT_PROXY=${KEEP_APT_PROXY:=false}
100 # Packages required in the chroot build environment
101 APT_INCLUDES=${APT_INCLUDES:=""}
102 APT_INCLUDES="${APT_INCLUDES},apt-transport-https,apt-utils,ca-certificates,debian-archive-keyring,dialog,sudo,systemd,sysvinit-utils,locales,keyboard-configuration,console-setup,libnss-systemd"
103 # Packages to exclude from chroot build environment
104 APT_EXCLUDES=${APT_EXCLUDES:=""}
98 105
99 106 # General settings
100 107 SET_ARCH=${SET_ARCH:=32}
101 108 HOSTNAME=${HOSTNAME:=rpi${RPI_MODEL}-${RELEASE}}
102 PASSWORD=${PASSWORD:=raspberry}
103 USER_PASSWORD=${USER_PASSWORD:=raspberry}
104 109 DEFLOCAL=${DEFLOCAL:="en_US.UTF-8"}
105 110 TIMEZONE=${TIMEZONE:="Europe/Berlin"}
106 111 EXPANDROOT=${EXPANDROOT:=true}
107 ENABLE_DPHYSSWAP=${ENABLE_DPHYSSWAP:=true}
112
113 ENABLE_ROOT=${ENABLE_ROOT:=false}
114 ROOT_PASSWORD=${ROOT_PASSWORD:=raspberry}
115 ENABLE_USER=${ENABLE_USER:=true}
116 USER_NAME=${USER_NAME:="pi"}
117 USER_PASSWORD=${USER_PASSWORD:=raspberry}
108 118
109 119 # Keyboard settings
110 120 XKB_MODEL=${XKB_MODEL:=""}
111 121 XKB_LAYOUT=${XKB_LAYOUT:=""}
112 122 XKB_VARIANT=${XKB_VARIANT:=""}
113 123 XKB_OPTIONS=${XKB_OPTIONS:=""}
114 124
125 # Networking settings:
126 ENABLE_IPV6=${ENABLE_IPV6:=true}
127 ENABLE_WIRELESS=${ENABLE_WIRELESS:=false}
128 ENABLE_IPTABLES=${ENABLE_IPTABLES:=false}
129 ENABLE_HARDNET=${ENABLE_HARDNET:=false}
130 ENABLE_IFNAMES=${ENABLE_IFNAMES:=true}
131
115 132 # Network settings (DHCP)
116 ENABLE_DHCP=${ENABLE_DHCP:=true}
133 ENABLE_ETH_DHCP=${ENABLE_ETH_DHCP:=true}
134 ENABLE_WIFI_DHCP=${ENABLE_ETH_DHCP:=true}
117 135
118 136 # Network settings (static)
119 NET_ADDRESS=${NET_ADDRESS:=""}
120 NET_GATEWAY=${NET_GATEWAY:=""}
121 NET_DNS_1=${NET_DNS_1:=""}
122 NET_DNS_2=${NET_DNS_2:=""}
123 NET_DNS_DOMAINS=${NET_DNS_DOMAINS:=""}
124 NET_NTP_1=${NET_NTP_1:=""}
125 NET_NTP_2=${NET_NTP_2:=""}
137 NET_ETH_ADDRESS=${NET_ETH_ADDRESS:=""}
138 NET_ETH_GATEWAY=${NET_ETH_GATEWAY:=""}
139 NET_ETH_DNS_1=${NET_ETH_DNS_1:=""}
140 NET_ETH_DNS_2=${NET_ETH_DNS_2:=""}
141 NET_ETH_DNS_DOMAINS=${NET_ETH_DNS_DOMAINS:=""}
142 NET_ETH_NTP_1=${NET_ETH_NTP_1:=""}
143 NET_ETH_NTP_2=${NET_ETH_NTP_2:=""}
144
145 # Networking settings (WIFI):
146 NET_WIFI_SSID=${NET_WIFI_SSID:=""}
147 NET_WIFI_PSK=${NET_WIFI_PSK:=""}
126 148
127 # APT settings
128 APT_PROXY=${APT_PROXY:=""}
129 APT_SERVER=${APT_SERVER:="ftp.debian.org"}
130 KEEP_APT_PROXY=${KEEP_APT_PROXY:=false}
149 # Network settings (static)
150 NET_WIFI_ADDRESS=${NET_WIFI_ADDRESS:=""}
151 NET_WIFI_GATEWAY=${NET_WIFI_GATEWAY:=""}
152 NET_WIFI_DNS_1=${NET_WIFI_DNS_1:=""}
153 NET_WIFI_DNS_2=${NET_WIFI_DNS_2:=""}
154 NET_WIFI_DNS_DOMAINS=${NET_WIFI_DNS_DOMAINS:=""}
155 NET_WIFI_NTP_1=${NET_WIFI_NTP_1:=""}
156 NET_WIFI_NTP_2=${NET_WIFI_NTP_2:=""}
131 157
132 158 # Feature settings
159 ENABLE_CONSOLE=${ENABLE_CONSOLE:=false}
133 160 ENABLE_PRINTK=${ENABLE_PRINTK:=false}
134 161 ENABLE_BLUETOOTH=${ENABLE_BLUETOOTH:=false}
135 162 ENABLE_MINIUART_OVERLAY=${ENABLE_MINIUART_OVERLAY:=false}
136 ENABLE_CONSOLE=${ENABLE_CONSOLE:=true}
163 ENABLE_TURBO=${ENABLE_TURBO:=false}
137 164 ENABLE_I2C=${ENABLE_I2C:=false}
138 165 ENABLE_SPI=${ENABLE_SPI:=false}
139 ENABLE_IPV6=${ENABLE_IPV6:=true}
140 ENABLE_SSHD=${ENABLE_SSHD:=true}
166
141 167 ENABLE_NONFREE=${ENABLE_NONFREE:=false}
142 ENABLE_WIRELESS=${ENABLE_WIRELESS:=false}
143 ENABLE_SOUND=${ENABLE_SOUND:=true}
144 ENABLE_DBUS=${ENABLE_DBUS:=true}
168 ENABLE_RSYSLOG=${ENABLE_RSYSLOG:=true}
169 ENABLE_SOUND=${ENABLE_SOUND:=false}
145 170 ENABLE_HWRANDOM=${ENABLE_HWRANDOM:=true}
146 171 ENABLE_MINGPU=${ENABLE_MINGPU:=false}
147 172 ENABLE_XORG=${ENABLE_XORG:=false}
148 173 ENABLE_WM=${ENABLE_WM:=""}
149 ENABLE_RSYSLOG=${ENABLE_RSYSLOG:=true}
150 ENABLE_USER=${ENABLE_USER:=true}
151 USER_NAME=${USER_NAME:="pi"}
152 ENABLE_ROOT=${ENABLE_ROOT:=false}
153 ENABLE_QEMU=${ENABLE_QEMU:=false}
154 174 ENABLE_SYSVINIT=${ENABLE_SYSVINIT:=false}
155
156 # SSH settings
157 SSH_ENABLE_ROOT=${SSH_ENABLE_ROOT:=false}
158 SSH_DISABLE_PASSWORD_AUTH=${SSH_DISABLE_PASSWORD_AUTH:=false}
159 SSH_LIMIT_USERS=${SSH_LIMIT_USERS:=false}
160 SSH_ROOT_PUB_KEY=${SSH_ROOT_PUB_KEY:=""}
161 SSH_USER_PUB_KEY=${SSH_USER_PUB_KEY:=""}
175 ENABLE_SPLASH=${ENABLE_SPLASH:=true}
176 ENABLE_LOGO=${ENABLE_LOGO:=true}
177 ENABLE_SILENT_BOOT=${ENABLE_SILENT_BOOT=false}
178 DISABLE_UNDERVOLT_WARNINGS=${DISABLE_UNDERVOLT_WARNINGS:=}
162 179
163 180 # Advanced settings
181 ENABLE_DPHYSSWAP=${ENABLE_DPHYSSWAP:=true}
164 182 ENABLE_SYSTEMDSWAP=${ENABLE_SYSTEMDSWAP:=false}
183 ENABLE_QEMU=${ENABLE_QEMU:=false}
184 ENABLE_KEYGEN=${ENABLE_KEYGEN:=false}
165 185 ENABLE_MINBASE=${ENABLE_MINBASE:=false}
166 ENABLE_REDUCE=${ENABLE_REDUCE:=false}
186 ENABLE_SPLITFS=${ENABLE_SPLITFS:=false}
187 ENABLE_INITRAMFS=${ENABLE_INITRAMFS:=false}
188 ENABLE_DBUS=${ENABLE_DBUS:=true}
189 ENABLE_USBBOOT=${ENABLE_USBBOOT=false}
190 CHROOT_SCRIPTS=${CHROOT_SCRIPTS:=""}
167 191 ENABLE_UBOOT=${ENABLE_UBOOT:=false}
168 192 UBOOTSRC_DIR=${UBOOTSRC_DIR:=""}
169 ENABLE_USBBOOT=${ENABLE_USBBOOT=false}
170 193 ENABLE_FBTURBO=${ENABLE_FBTURBO:=false}
194 FBTURBOSRC_DIR=${FBTURBOSRC_DIR:=""}
171 195 ENABLE_VIDEOCORE=${ENABLE_VIDEOCORE:=false}
172 ENABLE_NEXMON=${ENABLE_NEXMON:=false}
173 196 VIDEOCORESRC_DIR=${VIDEOCORESRC_DIR:=""}
174 FBTURBOSRC_DIR=${FBTURBOSRC_DIR:=""}
197 ENABLE_NEXMON=${ENABLE_NEXMON:=false}
175 198 NEXMONSRC_DIR=${NEXMONSRC_DIR:=""}
176 ENABLE_HARDNET=${ENABLE_HARDNET:=false}
177 ENABLE_IPTABLES=${ENABLE_IPTABLES:=false}
178 ENABLE_SPLITFS=${ENABLE_SPLITFS:=false}
179 ENABLE_INITRAMFS=${ENABLE_INITRAMFS:=false}
180 ENABLE_IFNAMES=${ENABLE_IFNAMES:=true}
181 ENABLE_SPLASH=${ENABLE_SPLASH:=true}
182 ENABLE_LOGO=${ENABLE_LOGO:=true}
183 ENABLE_SILENT_BOOT=${ENABLE_SILENT_BOOT=false}
184 DISABLE_UNDERVOLT_WARNINGS=${DISABLE_UNDERVOLT_WARNINGS:=}
199
200 # SSH settings
201 SSH_ENABLE=${SSH_ENABLE:=true}
202 SSH_ENABLE_ROOT=${SSH_ENABLE_ROOT:=false}
203 SSH_DISABLE_PASSWORD_AUTH=${SSH_DISABLE_PASSWORD_AUTH:=false}
204 SSH_LIMIT_USERS=${SSH_LIMIT_USERS:=false}
205 SSH_ROOT_PUB_KEY=${SSH_ROOT_PUB_KEY:=""}
206 SSH_USER_PUB_KEY=${SSH_USER_PUB_KEY:=""}
185 207
186 208 # Kernel compilation settings
187 209 BUILD_KERNEL=${BUILD_KERNEL:=true}
188 KERNEL_REDUCE=${KERNEL_REDUCE:=false}
189 210 KERNEL_THREADS=${KERNEL_THREADS:=1}
190 211 KERNEL_HEADERS=${KERNEL_HEADERS:=true}
191 212 KERNEL_MENUCONFIG=${KERNEL_MENUCONFIG:=false}
192 KERNEL_REMOVESRC=${KERNEL_REMOVESRC:=true}
193 213 KERNEL_OLDDEFCONFIG=${KERNEL_OLDDEFCONFIG:=false}
194 214 KERNEL_CCACHE=${KERNEL_CCACHE:=false}
195 KERNEL_ZSWAP=${KERNEL_ZSWAP:=false}
215 KERNEL_REMOVESRC=${KERNEL_REMOVESRC:=true}
216 KERNELSRC_DIR=${KERNELSRC_DIR:=""}
217 KERNELSRC_CLEAN=${KERNELSRC_CLEAN:=false}
218 KERNELSRC_CONFIG=${KERNELSRC_CONFIG:=true}
219 KERNELSRC_USRCONFIG=${KERNELSRC_USRCONFIG:=""}
220 KERNELSRC_PREBUILT=${KERNELSRC_PREBUILT:=false}
221 # Firmware directory: Blank if download from github
222 RPI_FIRMWARE_DIR=${RPI_FIRMWARE_DIR:=""}
223 KERNEL_DEFAULT_GOV=${KERNEL_DEFAULT_GOV:=ondemand}
224 KERNEL_NF=${KERNEL_NF:=false}
196 225 KERNEL_VIRT=${KERNEL_VIRT:=false}
226 KERNEL_ZSWAP=${KERNEL_ZSWAP:=false}
197 227 KERNEL_BPF=${KERNEL_BPF:=false}
198 KERNEL_DEFAULT_GOV=${KERNEL_DEFAULT_GOV:=ondemand}
199 228 KERNEL_SECURITY=${KERNEL_SECURITY:=false}
200 KERNEL_NF=${KERNEL_NF:=false}
201 KERNEL_DHKEY=${KERNEL_DHKEY:=true}
202 229 KERNEL_BTRFS=${KERNEL_BTRFS:=false}
203 KERNEL_NSPAN=${KERNEL_NSPAN:=false}
204 230 KERNEL_POEHAT=${KERNEL_POEHAT:=false}
205
206 # Kernel compilation from source directory settings
207 KERNELSRC_DIR=${KERNELSRC_DIR:=""}
208 KERNELSRC_CLEAN=${KERNELSRC_CLEAN:=false}
209 KERNELSRC_CONFIG=${KERNELSRC_CONFIG:=true}
210 KERNELSRC_PREBUILT=${KERNELSRC_PREBUILT:=false}
231 KERNEL_NSPAN=${KERNEL_NSPAN:=false}
232 KERNEL_DHKEY=${KERNEL_DHKEY:=true}
211 233
212 234 # Reduce disk usage settings
235 ENABLE_REDUCE=${ENABLE_REDUCE:=false}
213 236 REDUCE_APT=${REDUCE_APT:=true}
214 REDUCE_DOC=${REDUCE_DOC:=true}
215 REDUCE_MAN=${REDUCE_MAN:=true}
237 REDUCE_DOC=${REDUCE_DOC:=false}
238 REDUCE_MAN=${REDUCE_MAN:=false}
216 239 REDUCE_VIM=${REDUCE_VIM:=false}
217 240 REDUCE_BASH=${REDUCE_BASH:=false}
218 REDUCE_HWDB=${REDUCE_HWDB:=true}
219 REDUCE_SSHD=${REDUCE_SSHD:=true}
220 REDUCE_LOCALE=${REDUCE_LOCALE:=true}
241 REDUCE_HWDB=${REDUCE_HWDB:=false}
242 REDUCE_SSHD=${REDUCE_SSHD:=false}
243 REDUCE_LOCALE=${REDUCE_LOCALE:=false}
244 REDUCE_KERNEL=${REDUCE_KERNEL:=false}
221 245
222 246 # Encrypted filesystem settings
223 247 ENABLE_CRYPTFS=${ENABLE_CRYPTFS:=false}
224 248 CRYPTFS_PASSWORD=${CRYPTFS_PASSWORD:=""}
225 249 CRYPTFS_MAPPING=${CRYPTFS_MAPPING:="secure"}
226 250 CRYPTFS_CIPHER=${CRYPTFS_CIPHER:="aes-xts-plain64"}
227 CRYPTFS_HASH=${CRYPTFS_HASH:="sha512"}
228 CRYPTFS_XTSKEYSIZE=${CRYPTFS_XTSKEYSIZE:=512}
251 CRYPTFS_HASH=${CRYPTFS_HASH:="sha256"}
252 CRYPTFS_XTSKEYSIZE=${CRYPTFS_XTSKEYSIZE:=256}
229 253 #Dropbear-initramfs supports unlocking encrypted filesystem via SSH on bootup
230 254 CRYPTFS_DROPBEAR=${CRYPTFS_DROPBEAR:=false}
231 255 #Provide your own Dropbear Public RSA-OpenSSH Key otherwise it will be generated
232 256 CRYPTFS_DROPBEAR_PUBKEY=${CRYPTFS_DROPBEAR_PUBKEY:=""}
233 257
234 # Chroot scripts directory
235 CHROOT_SCRIPTS=${CHROOT_SCRIPTS:=""}
236
237 # Packages required in the chroot build environment
238 APT_INCLUDES=${APT_INCLUDES:=""}
239 APT_INCLUDES="${APT_INCLUDES},flex,bison,libssl-dev,apt-transport-https,apt-utils,ca-certificates,debian-archive-keyring,dialog,sudo,systemd,sysvinit-utils,locales,keyboard-configuration,console-setup,libnss-systemd"
240
241 # Packages to exclude from chroot build environment
242 APT_EXCLUDES=${APT_EXCLUDES:=""}
243
244 258 # Packages required for bootstrapping
245 259 REQUIRED_PACKAGES="debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git bc psmisc dbus bison flex libssl-dev sudo"
246 260 MISSING_PACKAGES=""
247 261
248 262 # Packages installed for c/c++ build environment in chroot (keep empty)
249 263 COMPILER_PACKAGES=""
250 264
251 265 # Check if apt-cacher-ng has port 3142 open and set APT_PROXY
252 266 APT_CACHER_RUNNING=$(lsof -i :3142 | cut -d ' ' -f3 | uniq | sed '/^\s*$/d')
253 267 if [ "${APT_CACHER_RUNNING}" = "apt-cacher-ng" ] ; then
254 268 APT_PROXY=http://127.0.0.1:3142/
255 269 fi
256 270
257 271 # Setup architecture specific settings
258 272 if [ -n "$SET_ARCH" ] ; then
259 273 # 64-bit configuration
260 274 if [ "$SET_ARCH" = 64 ] ; then
261 275 # General 64-bit depended settings
262 276 QEMU_BINARY=${QEMU_BINARY:=/usr/bin/qemu-aarch64-static}
263 277 KERNEL_ARCH=${KERNEL_ARCH:=arm64}
264 278 KERNEL_BIN_IMAGE=${KERNEL_BIN_IMAGE:="Image"}
265 279
266 280 # Raspberry Pi model specific settings
267 281 if [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] || [ "$RPI_MODEL" = 4 ] ; then
268 282 if [ "$RPI_MODEL" != 4 ] ; then
269 283 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcmrpi3_defconfig}
270 284 else
271 285 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcm2711_defconfig}
272 286 fi
273 287
274 288 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-arm64"
275 289 RELEASE_ARCH=${RELEASE_ARCH:=arm64}
276 290 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel8.img}
277 291 CROSS_COMPILE=${CROSS_COMPILE:=aarch64-linux-gnu-}
278 292 else
279 293 echo "error: Only Raspberry PI 3, 3B+ and 4 support 64-bit"
280 294 exit 1
281 295 fi
282 296 fi
283 297
284 298 # 32-bit configuration
285 299 if [ "$SET_ARCH" = 32 ] ; then
286 300 # General 32-bit dependend settings
287 301 QEMU_BINARY=${QEMU_BINARY:=/usr/bin/qemu-arm-static}
288 302 KERNEL_ARCH=${KERNEL_ARCH:=arm}
289 303 KERNEL_BIN_IMAGE=${KERNEL_BIN_IMAGE:="zImage"}
290 304
291 305 # Raspberry Pi model specific settings
292 306 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 1 ] || [ "$RPI_MODEL" = 1P ] ; then
293 307 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-armel"
294 308 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcmrpi_defconfig}
295 309 RELEASE_ARCH=${RELEASE_ARCH:=armel}
296 310 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel.img}
297 311 CROSS_COMPILE=${CROSS_COMPILE:=arm-linux-gnueabi-}
312
313 if [ $ENABLE_XORG = true ] ; then
314 if [$RELEASE = "stretch" ] || [$RELEASE = "oldstable" ] ; then
315 printf "\nBest support for armel architecture is provided under Debian stretch/oldstable. Choose yes to change release to Debian stretch[y/n] "
316 read -r confirm
317 if [ "$confirm" = "y" ] ; then
318 $RELEASE = "stretch"
319 fi
320 fi
321 fi
298 322 fi
299
300 323 # Raspberry Pi model specific settings
301 324 if [ "$RPI_MODEL" = 2 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] || [ "$RPI_MODEL" = 4 ] ; then
302 325 if [ "$RPI_MODEL" != 4 ] ; then
303 326 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcm2709_defconfig}
304 327 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel7.img}
305 328 else
306 329 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcm2711_defconfig}
307 330 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel7l.img}
308 331 fi
309 332
310 333 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-armhf"
311 334 RELEASE_ARCH=${RELEASE_ARCH:=armhf}
312 335
313 336 CROSS_COMPILE=${CROSS_COMPILE:=arm-linux-gnueabihf-}
314 337 fi
315 338 fi
316 339 # SET_ARCH not set
317 340 else
318 341 echo "error: Please set '32' or '64' as value for SET_ARCH"
319 342 exit 1
320 343 fi
321 344 # Device specific configuration and U-Boot configuration
322 345 case "$RPI_MODEL" in
323 346 0)
324 347 DTB_FILE=${DTB_FILE:=bcm2708-rpi-0-w.dtb}
325 348 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_defconfig}
326 349 ;;
327 350 1)
328 351 DTB_FILE=${DTB_FILE:=bcm2708-rpi-b.dtb}
329 352 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_defconfig}
330 353 ;;
331 354 1P)
332 355 DTB_FILE=${DTB_FILE:=bcm2708-rpi-b-plus.dtb}
333 356 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_defconfig}
334 357 ;;
335 358 2)
336 359 DTB_FILE=${DTB_FILE:=bcm2709-rpi-2-b.dtb}
337 360 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_2_defconfig}
338 361 ;;
339 362 3)
340 363 DTB_FILE=${DTB_FILE:=bcm2710-rpi-3-b.dtb}
341 364 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_3_defconfig}
342 365 ;;
343 366 3P)
344 367 DTB_FILE=${DTB_FILE:=bcm2710-rpi-3-b.dtb}
345 368 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_3_defconfig}
346 369 ;;
347 370 4)
348 371 DTB_FILE=${DTB_FILE:=bcm2711-rpi-4-b.dtb}
349 372 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_4_defconfig}
350 373 ;;
351 374 *)
352 375 echo "error: Raspberry Pi model $RPI_MODEL is not supported!"
353 376 exit 1
354 377 ;;
355 378 esac
356 379
357 380 # Raspberry PI 0,3,3P with Bluetooth and Wifi onboard
358 381 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] || [ "$RPI_MODEL" = 4 ] ; then
359 382 # Include bluetooth packages on supported boards
360 383 if [ "$ENABLE_BLUETOOTH" = true ] ; then
361 384 APT_INCLUDES="${APT_INCLUDES},bluetooth,bluez"
362 385 fi
363 386 if [ "$ENABLE_WIRELESS" = true ] ; then
364 APT_INCLUDES="${APT_INCLUDES},wireless-tools,crda,wireless-regdb"
387 APT_INCLUDES="${APT_INCLUDES},wireless-tools,crda,wireless-regdb,wpasupplicant"
365 388 fi
366 389 else # Raspberry PI 1,1P,2 without Wifi and bluetooth onboard
367 390 # Check if the internal wireless interface is not supported by the RPi model
368 391 if [ "$ENABLE_WIRELESS" = true ] || [ "$ENABLE_BLUETOOTH" = true ]; then
369 392 echo "error: The selected Raspberry Pi model has no integrated interface for wireless or bluetooth"
370 393 exit 1
371 394 fi
372 395 fi
373 396
374 397 if [ "$BUILD_KERNEL" = false ] && [ "$ENABLE_NEXMON" = true ]; then
375 398 echo "error: You have to compile kernel sources, if you want to enable nexmon"
376 399 exit 1
377 400 fi
378 401
379 402 # Prepare date string for default image file name
380 403 DATE="$(date +%Y-%m-%d)"
381 404 if [ -z "$KERNEL_BRANCH" ] ; then
382 405 IMAGE_NAME=${IMAGE_NAME:=${BASEDIR}/${DATE}-${KERNEL_ARCH}-CURRENT-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}}
383 406 else
384 407 IMAGE_NAME=${IMAGE_NAME:=${BASEDIR}/${DATE}-${KERNEL_ARCH}-${KERNEL_BRANCH}-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}}
385 408 fi
386 409
387 410 # Check if DISABLE_UNDERVOLT_WARNINGS parameter value is supported
388 411 if [ -n "$DISABLE_UNDERVOLT_WARNINGS" ] ; then
389 412 if [ "$DISABLE_UNDERVOLT_WARNINGS" != 1 ] && [ "$DISABLE_UNDERVOLT_WARNINGS" != 2 ] ; then
390 413 echo "error: DISABLE_UNDERVOLT_WARNINGS=${DISABLE_UNDERVOLT_WARNINGS} is not supported"
391 414 exit 1
392 415 fi
393 416 fi
394 417
395 418 # Add cmake to compile videocore sources
396 419 if [ "$ENABLE_VIDEOCORE" = true ] ; then
397 420 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} cmake"
398 421 fi
399 422
400 423 # Add deps for nexmon
401 424 if [ "$ENABLE_NEXMON" = true ] ; then
402 425 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} libgmp3-dev gawk qpdf make autoconf automake build-essential libtool"
403 426 fi
404 427
405 428 # Add libncurses5 to enable kernel menuconfig
406 429 if [ "$KERNEL_MENUCONFIG" = true ] ; then
407 430 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} libncurses-dev"
408 431 fi
409 432
410 433 # Add ccache compiler cache for (faster) kernel cross (re)compilation
411 434 if [ "$KERNEL_CCACHE" = true ] ; then
412 435 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} ccache"
413 436 fi
414 437
415 438 # Add cryptsetup package to enable filesystem encryption
416 439 if [ "$ENABLE_CRYPTFS" = true ] && [ "$BUILD_KERNEL" = true ] ; then
417 440 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} cryptsetup"
418 441 APT_INCLUDES="${APT_INCLUDES},cryptsetup,busybox,console-setup,cryptsetup-initramfs"
419 442
420 443 # If cryptfs,dropbear and initramfs are enabled include dropbear-initramfs package
421 444 if [ "$CRYPTFS_DROPBEAR" = true ] && [ "$ENABLE_INITRAMFS" = true ]; then
422 445 APT_INCLUDES="${APT_INCLUDES},dropbear-initramfs"
423 446 fi
424 447
425 448 if [ -z "$CRYPTFS_PASSWORD" ] ; then
426 449 echo "error: no password defined (CRYPTFS_PASSWORD)!"
427 450 exit 1
428 451 fi
429 452 ENABLE_INITRAMFS=true
430 453 fi
431 454
432 455 # Add initramfs generation tools
433 456 if [ "$ENABLE_INITRAMFS" = true ] && [ "$BUILD_KERNEL" = true ] ; then
434 457 APT_INCLUDES="${APT_INCLUDES},initramfs-tools"
435 458 fi
436 459
437 460 # Add device-tree-compiler required for building the U-Boot bootloader
438 461 if [ "$ENABLE_UBOOT" = true ] ; then
439 APT_INCLUDES="${APT_INCLUDES},device-tree-compiler,bison,flex,bc"
462 APT_INCLUDES="${APT_INCLUDES},device-tree-compiler,bc"
440 463 fi
441 464
442 465 if [ "$ENABLE_USBBOOT" = true ] ; then
443 466 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 1P ] || [ "$RPI_MODEL" = 1 ] || [ "$RPI_MODEL" = 2 ]; then
444 467 echo "error: Booting from USB alone is only supported by Raspberry Pi 3 and 3P"
445 468 exit 1
446 469 fi
447 470 fi
448 471
449 472 # Check if root SSH (v2) public key file exists
450 473 if [ -n "$SSH_ROOT_PUB_KEY" ] ; then
451 474 if [ ! -f "$SSH_ROOT_PUB_KEY" ] ; then
452 475 echo "error: '$SSH_ROOT_PUB_KEY' specified SSH public key file not found (SSH_ROOT_PUB_KEY)!"
453 476 exit 1
454 477 fi
455 478 fi
456 479
457 480 # Check if $USER_NAME SSH (v2) public key file exists
458 481 if [ -n "$SSH_USER_PUB_KEY" ] ; then
459 482 if [ ! -f "$SSH_USER_PUB_KEY" ] ; then
460 483 echo "error: '$SSH_USER_PUB_KEY' specified SSH public key file not found (SSH_USER_PUB_KEY)!"
461 484 exit 1
462 485 fi
463 486 fi
464 487
465 488 if [ "$ENABLE_NEXMON" = true ] && [ -n "$KERNEL_BRANCH" ] ; then
466 489 echo "error: Please unset KERNEL_BRANCH if using ENABLE_NEXMON"
467 490 exit 1
468 491 fi
469 492
470 493 # Check if all required packages are installed on the build system
471 494 for package in $REQUIRED_PACKAGES ; do
472 495 if [ "$(dpkg-query -W -f='${Status}' "$package")" != "install ok installed" ] ; then
473 496 MISSING_PACKAGES="${MISSING_PACKAGES} $package"
474 497 fi
475 498 done
476 499
477 500 # If there are missing packages ask confirmation for install, or exit
478 501 if [ -n "$MISSING_PACKAGES" ] ; then
479 502 echo "the following packages needed by this script are not installed:"
480 503 echo "$MISSING_PACKAGES"
481 504
482 505 printf "\ndo you want to install the missing packages right now? [y/n] "
483 506 read -r confirm
484 507 [ "$confirm" != "y" ] && exit 1
485 508
486 509 # Make sure all missing required packages are installed
487 510 apt-get update && apt-get -qq -y install `echo "${MISSING_PACKAGES}" | sed "s/ //"`
488 511 fi
489 512
490 513 # Check if ./bootstrap.d directory exists
491 514 if [ ! -d "./bootstrap.d/" ] ; then
492 515 echo "error: './bootstrap.d' required directory not found!"
493 516 exit 1
494 517 fi
495 518
496 519 # Check if ./files directory exists
497 520 if [ ! -d "./files/" ] ; then
498 521 echo "error: './files' required directory not found!"
499 522 exit 1
500 523 fi
501 524
502 525 # Check if specified KERNELSRC_DIR directory exists
503 526 if [ -n "$KERNELSRC_DIR" ] && [ ! -d "$KERNELSRC_DIR" ] ; then
504 527 echo "error: '${KERNELSRC_DIR}' specified directory not found (KERNELSRC_DIR)!"
505 528 exit 1
506 529 fi
507 530
508 531 # Check if specified UBOOTSRC_DIR directory exists
509 532 if [ -n "$UBOOTSRC_DIR" ] && [ ! -d "$UBOOTSRC_DIR" ] ; then
510 533 echo "error: '${UBOOTSRC_DIR}' specified directory not found (UBOOTSRC_DIR)!"
511 534 exit 1
512 535 fi
513 536
514 537 # Check if specified VIDEOCORESRC_DIR directory exists
515 538 if [ -n "$VIDEOCORESRC_DIR" ] && [ ! -d "$VIDEOCORESRC_DIR" ] ; then
516 539 echo "error: '${VIDEOCORESRC_DIR}' specified directory not found (VIDEOCORESRC_DIR)!"
517 540 exit 1
518 541 fi
519 542
520 543 # Check if specified FBTURBOSRC_DIR directory exists
521 544 if [ -n "$FBTURBOSRC_DIR" ] && [ ! -d "$FBTURBOSRC_DIR" ] ; then
522 545 echo "error: '${FBTURBOSRC_DIR}' specified directory not found (FBTURBOSRC_DIR)!"
523 546 exit 1
524 547 fi
525 548
526 549 # Check if specified NEXMONSRC_DIR directory exists
527 550 if [ -n "$NEXMONSRC_DIR" ] && [ ! -d "$NEXMONSRC_DIR" ] ; then
528 551 echo "error: '${NEXMONSRC_DIR}' specified directory not found (NEXMONSRC_DIR)!"
529 552 exit 1
530 553 fi
531 554
532 555 # Check if specified CHROOT_SCRIPTS directory exists
533 556 if [ -n "$CHROOT_SCRIPTS" ] && [ ! -d "$CHROOT_SCRIPTS" ] ; then
534 557 echo "error: ${CHROOT_SCRIPTS} specified directory not found (CHROOT_SCRIPTS)!"
535 558 exit 1
536 559 fi
537 560
538 561 # Check if specified device mapping already exists (will be used by cryptsetup)
539 562 if [ -r "/dev/mapping/${CRYPTFS_MAPPING}" ] ; then
540 563 echo "error: mapping /dev/mapping/${CRYPTFS_MAPPING} already exists, not proceeding"
541 564 exit 1
542 565 fi
543 566
544 567 # Don't clobber an old build
545 568 if [ -e "$BUILDDIR" ] ; then
546 569 echo "error: directory ${BUILDDIR} already exists, not proceeding"
547 570 exit 1
548 571 fi
549 572
550 573 # Setup chroot directory
551 574 mkdir -p "${R}"
552 575
553 576 # Check if build directory has enough of free disk space >512MB
554 577 if [ "$(df --output=avail "${BUILDDIR}" | sed "1d")" -le "524288" ] ; then
555 578 echo "error: ${BUILDDIR} not enough space left to generate the output image!"
556 579 exit 1
557 580 fi
558 581
559 582 set -x
560 583
561 584 # Call "cleanup" function on various signals and errors
562 585 trap cleanup 0 1 2 3 6
563 586
564 587 # Add required packages for the minbase installation
565 588 if [ "$ENABLE_MINBASE" = true ] ; then
566 589 APT_INCLUDES="${APT_INCLUDES},vim-tiny,netbase,net-tools,ifupdown"
567 590 fi
568 591
569 592 # Add parted package, required to get partprobe utility
570 593 if [ "$EXPANDROOT" = true ] ; then
571 594 APT_INCLUDES="${APT_INCLUDES},parted"
572 595 fi
573 596
574 597 # Add dphys-swapfile package, required to enable swap
575 598 if [ "$ENABLE_DPHYSSWAP" = true ] ; then
576 599 APT_INCLUDES="${APT_INCLUDES},dphys-swapfile"
577 600 fi
578 601
579 602 # Add dbus package, recommended if using systemd
580 603 if [ "$ENABLE_DBUS" = true ] ; then
581 604 APT_INCLUDES="${APT_INCLUDES},dbus"
582 605 fi
583 606
584 607 # Add iptables IPv4/IPv6 package
585 608 if [ "$ENABLE_IPTABLES" = true ] ; then
586 609 APT_INCLUDES="${APT_INCLUDES},iptables,iptables-persistent"
587 610 fi
588 611 # Add apparmor for KERNEL_SECURITY
589 612 if [ "$KERNEL_SECURITY" = true ] ; then
590 613 APT_INCLUDES="${APT_INCLUDES},apparmor,apparmor-utils,apparmor-profiles,apparmor-profiles-extra,libapparmor-perl"
591 614 fi
592 615
593 616 # Add openssh server package
594 if [ "$ENABLE_SSHD" = true ] ; then
617 if [ "$SSH_ENABLE" = true ] ; then
595 618 APT_INCLUDES="${APT_INCLUDES},openssh-server"
596 619 fi
597 620
598 621 # Add alsa-utils package
599 622 if [ "$ENABLE_SOUND" = true ] ; then
600 623 APT_INCLUDES="${APT_INCLUDES},alsa-utils"
601 624 fi
602 625
603 626 # Add rng-tools package
604 627 if [ "$ENABLE_HWRANDOM" = true ] ; then
605 628 APT_INCLUDES="${APT_INCLUDES},rng-tools"
606 629 fi
607 630
608 631 # Add fbturbo video driver
609 632 if [ "$ENABLE_FBTURBO" = true ] ; then
610 633 # Enable xorg package dependencies
611 634 ENABLE_XORG=true
612 635 fi
613 636
614 637 # Add user defined window manager package
615 638 if [ -n "$ENABLE_WM" ] ; then
616 639 APT_INCLUDES="${APT_INCLUDES},${ENABLE_WM}"
617 640
618 641 # Enable xorg package dependencies
619 642 ENABLE_XORG=true
620 643 fi
621 644
622 645 # Add xorg package
623 646 if [ "$ENABLE_XORG" = true ] ; then
624 647 APT_INCLUDES="${APT_INCLUDES},xorg,dbus-x11"
625 648 fi
626 649
627 650 # Replace selected packages with smaller clones
628 651 if [ "$ENABLE_REDUCE" = true ] ; then
629 652 # Add levee package instead of vim-tiny
630 653 if [ "$REDUCE_VIM" = true ] ; then
631 654 APT_INCLUDES="$(echo ${APT_INCLUDES} | sed "s/vim-tiny/levee/")"
632 655 fi
633 656
634 657 # Add dropbear package instead of openssh-server
635 658 if [ "$REDUCE_SSHD" = true ] ; then
636 659 APT_INCLUDES="$(echo "${APT_INCLUDES}" | sed "s/openssh-server/dropbear/")"
637 660 fi
638 661 fi
639 662
640 663 # Configure systemd-sysv exclude to make halt/reboot/shutdown scripts available
641 664 if [ "$ENABLE_SYSVINIT" = false ] ; then
642 665 APT_EXCLUDES="--exclude=${APT_EXCLUDES},init,systemd-sysv"
643 666 fi
644 667
645 668 # Configure kernel sources if no KERNELSRC_DIR
646 669 if [ "$BUILD_KERNEL" = true ] && [ -z "$KERNELSRC_DIR" ] ; then
647 670 KERNELSRC_CONFIG=true
648 671 fi
649 672
650 673 # Configure reduced kernel
651 674 if [ "$KERNEL_REDUCE" = true ] ; then
652 675 KERNELSRC_CONFIG=false
653 676 fi
654 677
655 678 # Configure qemu compatible kernel
656 679 if [ "$ENABLE_QEMU" = true ] ; then
657 680 DTB_FILE=vexpress-v2p-ca15_a7.dtb
658 681 UBOOT_CONFIG=vexpress_ca15_tc2_defconfig
659 682 KERNEL_DEFCONFIG="vexpress_defconfig"
660 683 if [ "$KERNEL_MENUCONFIG" = false ] ; then
661 684 KERNEL_OLDDEFCONFIG=true
662 685 fi
663 686 fi
664 687
665 688 # Execute bootstrap scripts
666 689 for SCRIPT in bootstrap.d/*.sh; do
667 690 head -n 3 "$SCRIPT"
668 691 . "$SCRIPT"
669 692 done
670 693
671 694 ## Execute custom bootstrap scripts
672 695 if [ -d "custom.d" ] ; then
673 696 for SCRIPT in custom.d/*.sh; do
674 697 . "$SCRIPT"
675 698 done
676 699 fi
677 700
678 701 # Execute custom scripts inside the chroot
679 702 if [ -n "$CHROOT_SCRIPTS" ] && [ -d "$CHROOT_SCRIPTS" ] ; then
680 703 cp -r "${CHROOT_SCRIPTS}" "${R}/chroot_scripts"
681 704 chroot_exec /bin/bash -x <<'EOF'
682 705 for SCRIPT in /chroot_scripts/* ; do
683 706 if [ -f $SCRIPT -a -x $SCRIPT ] ; then
684 707 $SCRIPT
685 708 fi
686 709 done
687 710 EOF
688 711 rm -rf "${R}/chroot_scripts"
689 712 fi
690 713
691 714 # Remove c/c++ build environment from the chroot
692 715 chroot_remove_cc
693 716
694 717 # Generate required machine-id
695 718 MACHINE_ID=$(dbus-uuidgen)
696 719 echo -n "${MACHINE_ID}" > "${R}/var/lib/dbus/machine-id"
697 720 echo -n "${MACHINE_ID}" > "${ETC_DIR}/machine-id"
698 721
699 722 # APT Cleanup
700 723 chroot_exec apt-get -y clean
701 724 chroot_exec apt-get -y autoclean
702 725 chroot_exec apt-get -y autoremove
703 726
704 727 # Unmount mounted filesystems
705 728 umount -l "${R}/proc"
706 729 umount -l "${R}/sys"
707 730
708 731 # Clean up directories
709 732 rm -rf "${R}/run/*"
710 733 rm -rf "${R}/tmp/*"
711 734
712 735 # Clean up APT proxy settings
713 736 if [ "$KEEP_APT_PROXY" = false ] ; then
714 737 rm -f "${ETC_DIR}/apt/apt.conf.d/10proxy"
715 738 fi
716 739
717 740 # Clean up files
718 741 rm -f "${ETC_DIR}/ssh/ssh_host_*"
719 742 rm -f "${ETC_DIR}/dropbear/dropbear_*"
720 743 rm -f "${ETC_DIR}/apt/sources.list.save"
721 744 rm -f "${ETC_DIR}/resolvconf/resolv.conf.d/original"
722 745 rm -f "${ETC_DIR}/*-"
723 746 rm -f "${ETC_DIR}/resolv.conf"
724 747 rm -f "${R}/root/.bash_history"
725 748 rm -f "${R}/var/lib/urandom/random-seed"
726 749 rm -f "${R}/initrd.img"
727 750 rm -f "${R}/vmlinuz"
728 751 rm -f "${R}${QEMU_BINARY}"
729 752
730 753 if [ "$ENABLE_QEMU" = true ] ; then
731 754 # Setup QEMU directory
732 755 mkdir "${BASEDIR}/qemu"
733 756
734 757 # Copy kernel image to QEMU directory
735 758 install_readonly "${BOOT_DIR}/${KERNEL_IMAGE}" "${BASEDIR}/qemu/${KERNEL_IMAGE}"
736 759
737 760 # Copy kernel config to QEMU directory
738 761 install_readonly "${R}/boot/config-${KERNEL_VERSION}" "${BASEDIR}/qemu/config-${KERNEL_VERSION}"
739 762
740 763 # Copy kernel dtbs to QEMU directory
741 764 for dtb in "${BOOT_DIR}/"*.dtb ; do
742 765 if [ -f "${dtb}" ] ; then
743 766 install_readonly "${dtb}" "${BASEDIR}/qemu/"
744 767 fi
745 768 done
746 769
747 770 # Copy kernel overlays to QEMU directory
748 771 if [ -d "${BOOT_DIR}/overlays" ] ; then
749 772 # Setup overlays dtbs directory
750 773 mkdir "${BASEDIR}/qemu/overlays"
751 774
752 775 for dtb in "${BOOT_DIR}/overlays/"*.dtbo ; do
753 776 if [ -f "${dtb}" ] ; then
754 777 install_readonly "${dtb}" "${BASEDIR}/qemu/overlays/"
755 778 fi
756 779 done
757 780 fi
758 781
759 782 # Copy u-boot files to QEMU directory
760 783 if [ "$ENABLE_UBOOT" = true ] ; then
761 784 if [ -f "${BOOT_DIR}/u-boot.bin" ] ; then
762 785 install_readonly "${BOOT_DIR}/u-boot.bin" "${BASEDIR}/qemu/u-boot.bin"
763 786 fi
764 787 if [ -f "${BOOT_DIR}/uboot.mkimage" ] ; then
765 788 install_readonly "${BOOT_DIR}/uboot.mkimage" "${BASEDIR}/qemu/uboot.mkimage"
766 789 fi
767 790 if [ -f "${BOOT_DIR}/boot.scr" ] ; then
768 791 install_readonly "${BOOT_DIR}/boot.scr" "${BASEDIR}/qemu/boot.scr"
769 792 fi
770 793 fi
771 794
772 795 # Copy initramfs to QEMU directory
773 796 if [ -f "${BOOT_DIR}/initramfs-${KERNEL_VERSION}" ] ; then
774 797 install_readonly "${BOOT_DIR}/initramfs-${KERNEL_VERSION}" "${BASEDIR}/qemu/initramfs-${KERNEL_VERSION}"
775 798 fi
776 799 fi
777 800
778 801 # Calculate size of the chroot directory in KB
779 802 CHROOT_SIZE=$(expr "$(du -s "${R}" | awk '{ print $1 }')")
780 803
781 804 # Calculate the amount of needed 512 Byte sectors
782 805 TABLE_SECTORS=$(expr 1 \* 1024 \* 1024 \/ 512)
783 806 FRMW_SECTORS=$(expr 64 \* 1024 \* 1024 \/ 512)
784 807 ROOT_OFFSET=$(expr "${TABLE_SECTORS}" + "${FRMW_SECTORS}")
785 808
786 809 # The root partition is EXT4
787 810 # This means more space than the actual used space of the chroot is used.
788 811 # As overhead for journaling and reserved blocks 35% are added.
789 812 ROOT_SECTORS=$(expr "$(expr "${CHROOT_SIZE}" + "${CHROOT_SIZE}" \/ 100 \* 35)" \* 1024 \/ 512)
790 813
791 814 # Calculate required image size in 512 Byte sectors
792 815 IMAGE_SECTORS=$(expr "${TABLE_SECTORS}" + "${FRMW_SECTORS}" + "${ROOT_SECTORS}")
793 816
794 817 # Prepare image file
795 818 if [ "$ENABLE_SPLITFS" = true ] ; then
796 819 dd if=/dev/zero of="$IMAGE_NAME-frmw.img" bs=512 count="${TABLE_SECTORS}"
797 820 dd if=/dev/zero of="$IMAGE_NAME-frmw.img" bs=512 count=0 seek="${FRMW_SECTORS}"
798 821 dd if=/dev/zero of="$IMAGE_NAME-root.img" bs=512 count="${TABLE_SECTORS}"
799 822 dd if=/dev/zero of="$IMAGE_NAME-root.img" bs=512 count=0 seek="${ROOT_SECTORS}"
800 823
801 824 # Write firmware/boot partition tables
802 825 sfdisk -q -L -uS -f "$IMAGE_NAME-frmw.img" 2> /dev/null <<EOM
803 826 ${TABLE_SECTORS},${FRMW_SECTORS},c,*
804 827 EOM
805 828
806 829 # Write root partition table
807 830 sfdisk -q -L -uS -f "$IMAGE_NAME-root.img" 2> /dev/null <<EOM
808 831 ${TABLE_SECTORS},${ROOT_SECTORS},83
809 832 EOM
810 833
811 834 # Setup temporary loop devices
812 835 FRMW_LOOP="$(losetup -o 1M --sizelimit 64M -f --show "$IMAGE_NAME"-frmw.img)"
813 836 ROOT_LOOP="$(losetup -o 1M -f --show "$IMAGE_NAME"-root.img)"
814 837 else # ENABLE_SPLITFS=false
815 838 dd if=/dev/zero of="$IMAGE_NAME.img" bs=512 count="${TABLE_SECTORS}"
816 839 dd if=/dev/zero of="$IMAGE_NAME.img" bs=512 count=0 seek="${IMAGE_SECTORS}"
817 840
818 841 # Write partition table
819 842 sfdisk -q -L -uS -f "$IMAGE_NAME.img" 2> /dev/null <<EOM
820 843 ${TABLE_SECTORS},${FRMW_SECTORS},c,*
821 844 ${ROOT_OFFSET},${ROOT_SECTORS},83
822 845 EOM
823 846
824 847 # Setup temporary loop devices
825 848 FRMW_LOOP="$(losetup -o 1M --sizelimit 64M -f --show "$IMAGE_NAME".img)"
826 849 ROOT_LOOP="$(losetup -o 65M -f --show "$IMAGE_NAME".img)"
827 850 fi
828 851
829 852 if [ "$ENABLE_CRYPTFS" = true ] ; then
830 853 # Create dummy ext4 fs
831 854 mkfs.ext4 "$ROOT_LOOP"
832 855
833 856 # Setup password keyfile
834 857 touch .password
835 858 chmod 600 .password
836 859 echo -n ${CRYPTFS_PASSWORD} > .password
837 860
838 861 # Initialize encrypted partition
839 862 cryptsetup --verbose --debug -q luksFormat "${ROOT_LOOP}" -c "${CRYPTFS_CIPHER}" -h "${CRYPTFS_HASH}" -s "${CRYPTFS_XTSKEYSIZE}" .password
840 863
841 864 # Open encrypted partition and setup mapping
842 865 cryptsetup luksOpen "${ROOT_LOOP}" -d .password "${CRYPTFS_MAPPING}"
843 866
844 867 # Secure delete password keyfile
845 868 shred -zu .password
846 869
847 870 # Update temporary loop device
848 871 ROOT_LOOP="/dev/mapper/${CRYPTFS_MAPPING}"
849 872
850 873 # Wipe encrypted partition (encryption cipher is used for randomness)
851 874 dd if=/dev/zero of="${ROOT_LOOP}" bs=512 count="$(blockdev --getsz "${ROOT_LOOP}")"
852 875 fi
853 876
854 877 # Build filesystems
855 878 mkfs.vfat "$FRMW_LOOP"
856 879 mkfs.ext4 "$ROOT_LOOP"
857 880
858 881 # Mount the temporary loop devices
859 882 mkdir -p "$BUILDDIR/mount"
860 883 mount "$ROOT_LOOP" "$BUILDDIR/mount"
861 884
862 885 mkdir -p "$BUILDDIR/mount/boot/firmware"
863 886 mount "$FRMW_LOOP" "$BUILDDIR/mount/boot/firmware"
864 887
865 888 # Copy all files from the chroot to the loop device mount point directory
866 889 rsync -a "${R}/" "$BUILDDIR/mount/"
867 890
868 891 # Unmount all temporary loop devices and mount points
869 892 cleanup
870 893
871 894 # Create block map file(s) of image(s)
872 895 if [ "$ENABLE_SPLITFS" = true ] ; then
873 896 # Create block map files for "bmaptool"
874 897 bmaptool create -o "$IMAGE_NAME-frmw.bmap" "$IMAGE_NAME-frmw.img"
875 898 bmaptool create -o "$IMAGE_NAME-root.bmap" "$IMAGE_NAME-root.img"
876 899
877 900 # Image was successfully created
878 901 echo "$IMAGE_NAME-frmw.img ($(expr \( "${TABLE_SECTORS}" + "${FRMW_SECTORS}" \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
879 902 echo "$IMAGE_NAME-root.img ($(expr \( "${TABLE_SECTORS}" + "${ROOT_SECTORS}" \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
880 903 else
881 904 # Create block map file for "bmaptool"
882 905 bmaptool create -o "$IMAGE_NAME.bmap" "$IMAGE_NAME.img"
883 906
884 907 # Image was successfully created
885 908 echo "$IMAGE_NAME.img ($(expr \( "${TABLE_SECTORS}" + "${FRMW_SECTORS}" + "${ROOT_SECTORS}" \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
886 909
887 910 # Create qemu qcow2 image
888 911 if [ "$ENABLE_QEMU" = true ] ; then
889 912 QEMU_IMAGE=${QEMU_IMAGE:=${BASEDIR}/qemu/${DATE}-${KERNEL_ARCH}-CURRENT-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}}
890 913 QEMU_SIZE=16G
891 914
892 915 qemu-img convert -f raw -O qcow2 "$IMAGE_NAME".img "$QEMU_IMAGE".qcow2
893 916 qemu-img resize "$QEMU_IMAGE".qcow2 $QEMU_SIZE
894 917
895 918 echo "$QEMU_IMAGE.qcow2 ($QEMU_SIZE)" ": successfully created"
896 919 fi
897 920 fi
General Comments 0
Vous devez vous connecter pour laisser un commentaire. Se connecter maintenant