##// END OF EJS Templates
Added: ENABLE_SPLASH,LOGO, and SILENT_BOOT
drtyhlpr -
r539:47183035fa86
parent child
Show More
@@ -1,535 +1,544
1 # rpi23-gen-image
1 # rpi23-gen-image
2 ## Introduction
2 ## Introduction
3 `rpi23-gen-image.sh` is an advanced Debian Linux bootstrapping shell script for generating Debian OS images for all Raspberry Pi computers. The script at this time supports the bootstrapping of the Debian (armhf/armel) releases `stretch` and `buster`. Raspberry Pi 0/1/2/3 images are generated for 32-bit mode only. Raspberry Pi 3 supports 64-bit images that can be generated using custom configuration parameters (```templates/rpi3-stretch-arm64-4.14.y```).
3 `rpi23-gen-image.sh` is an advanced Debian Linux bootstrapping shell script for generating Debian OS images for all Raspberry Pi computers. The script at this time supports the bootstrapping of the Debian (armhf/armel) releases `stretch` and `buster`. Raspberry Pi 0/1/2/3 images are generated for 32-bit mode only. Raspberry Pi 3 supports 64-bit images that can be generated using custom configuration parameters (```templates/rpi3-stretch-arm64-4.14.y```).
4
4
5 ## Build dependencies
5 ## Build dependencies
6 The following list of Debian packages must be installed on the build system because they are essentially required for the bootstrapping process. The script will check if all required packages are installed and missing packages will be installed automatically if confirmed by the user.
6 The following list of Debian packages must be installed on the build system because they are essentially required for the bootstrapping process. The script will check if all required packages are installed and missing packages will be installed automatically if confirmed by the user.
7
7
8 ```debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git bc psmisc dbus sudo```
8 ```debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git bc psmisc dbus sudo```
9
9
10 It is recommended to configure the `rpi23-gen-image.sh` script to build and install the latest Raspberry Pi Linux kernel. For the Raspberry 3 this is mandatory. Kernel compilation and linking will be performed on the build system using an ARM (armhf/armel) cross-compiler toolchain.
10 It is recommended to configure the `rpi23-gen-image.sh` script to build and install the latest Raspberry Pi Linux kernel. For the Raspberry 3 this is mandatory. Kernel compilation and linking will be performed on the build system using an ARM (armhf/armel) cross-compiler toolchain.
11
11
12 The script has been tested using the default `crossbuild-essential-armhf` and `crossbuild-essential-armel` toolchain meta packages on Debian Linux `stretch` build systems. Please check the [Debian CrossToolchains Wiki](https://wiki.debian.org/CrossToolchains) for further information.
12 The script has been tested using the default `crossbuild-essential-armhf` and `crossbuild-essential-armel` toolchain meta packages on Debian Linux `stretch` build systems. Please check the [Debian CrossToolchains Wiki](https://wiki.debian.org/CrossToolchains) for further information.
13
13
14 ## Command-line parameters
14 ## Command-line parameters
15 The script accepts certain command-line parameters to enable or disable specific OS features, services and configuration settings. These parameters are passed to the `rpi23-gen-image.sh` script via (simple) shell-variables. Unlike environment shell-variables (simple) shell-variables are defined at the beginning of the command-line call of the `rpi23-gen-image.sh` script.
15 The script accepts certain command-line parameters to enable or disable specific OS features, services and configuration settings. These parameters are passed to the `rpi23-gen-image.sh` script via (simple) shell-variables. Unlike environment shell-variables (simple) shell-variables are defined at the beginning of the command-line call of the `rpi23-gen-image.sh` script.
16
16
17 ##### Command-line examples:
17 ##### Command-line examples:
18 ```shell
18 ```shell
19 ENABLE_UBOOT=true ./rpi23-gen-image.sh
19 ENABLE_UBOOT=true ./rpi23-gen-image.sh
20 ENABLE_CONSOLE=false ENABLE_IPV6=false ./rpi23-gen-image.sh
20 ENABLE_CONSOLE=false ENABLE_IPV6=false ./rpi23-gen-image.sh
21 ENABLE_WM=xfce4 ENABLE_FBTURBO=true ENABLE_MINBASE=true ./rpi23-gen-image.sh
21 ENABLE_WM=xfce4 ENABLE_FBTURBO=true ENABLE_MINBASE=true ./rpi23-gen-image.sh
22 ENABLE_HARDNET=true ENABLE_IPTABLES=true /rpi23-gen-image.sh
22 ENABLE_HARDNET=true ENABLE_IPTABLES=true /rpi23-gen-image.sh
23 APT_SERVER=ftp.de.debian.org APT_PROXY="http://127.0.0.1:3142/" ./rpi23-gen-image.sh
23 APT_SERVER=ftp.de.debian.org APT_PROXY="http://127.0.0.1:3142/" ./rpi23-gen-image.sh
24 ENABLE_MINBASE=true ./rpi23-gen-image.sh
24 ENABLE_MINBASE=true ./rpi23-gen-image.sh
25 BUILD_KERNEL=true ENABLE_MINBASE=true ENABLE_IPV6=false ./rpi23-gen-image.sh
25 BUILD_KERNEL=true ENABLE_MINBASE=true ENABLE_IPV6=false ./rpi23-gen-image.sh
26 BUILD_KERNEL=true KERNELSRC_DIR=/tmp/linux ./rpi23-gen-image.sh
26 BUILD_KERNEL=true KERNELSRC_DIR=/tmp/linux ./rpi23-gen-image.sh
27 ENABLE_MINBASE=true ENABLE_REDUCE=true ENABLE_MINGPU=true BUILD_KERNEL=true ./rpi23-gen-image.sh
27 ENABLE_MINBASE=true ENABLE_REDUCE=true ENABLE_MINGPU=true BUILD_KERNEL=true ./rpi23-gen-image.sh
28 ENABLE_CRYPTFS=true CRYPTFS_PASSWORD=changeme EXPANDROOT=false ENABLE_MINBASE=true ENABLE_REDUCE=true ENABLE_MINGPU=true BUILD_KERNEL=true ./rpi23-gen-image.sh
28 ENABLE_CRYPTFS=true CRYPTFS_PASSWORD=changeme EXPANDROOT=false ENABLE_MINBASE=true ENABLE_REDUCE=true ENABLE_MINGPU=true BUILD_KERNEL=true ./rpi23-gen-image.sh
29 RELEASE=stretch BUILD_KERNEL=true ./rpi23-gen-image.sh
29 RELEASE=stretch BUILD_KERNEL=true ./rpi23-gen-image.sh
30 RPI_MODEL=3 ENABLE_WIRELESS=true ENABLE_MINBASE=true BUILD_KERNEL=true ./rpi23-gen-image.sh
30 RPI_MODEL=3 ENABLE_WIRELESS=true ENABLE_MINBASE=true BUILD_KERNEL=true ./rpi23-gen-image.sh
31 RELEASE=stretch RPI_MODEL=3 ENABLE_WIRELESS=true ENABLE_MINBASE=true BUILD_KERNEL=true ./rpi23-gen-image.sh
31 RELEASE=stretch RPI_MODEL=3 ENABLE_WIRELESS=true ENABLE_MINBASE=true BUILD_KERNEL=true ./rpi23-gen-image.sh
32 ```
32 ```
33
33
34 ## Configuration template files
34 ## Configuration template files
35 To avoid long lists of command-line parameters and to help to store the favourite parameter configurations the `rpi23-gen-image.sh` script supports so called configuration template files (`CONFIG_TEMPLATE`=template). These are simple text files located in the `./templates` directory that contain the list of configuration parameters that will be used. New configuration template files can be added to the `./templates` directory.
35 To avoid long lists of command-line parameters and to help to store the favourite parameter configurations the `rpi23-gen-image.sh` script supports so called configuration template files (`CONFIG_TEMPLATE`=template). These are simple text files located in the `./templates` directory that contain the list of configuration parameters that will be used. New configuration template files can be added to the `./templates` directory.
36
36
37 ##### Command-line examples:
37 ##### Command-line examples:
38 ```shell
38 ```shell
39 CONFIG_TEMPLATE=rpi3stretch ./rpi23-gen-image.sh
39 CONFIG_TEMPLATE=rpi3stretch ./rpi23-gen-image.sh
40 CONFIG_TEMPLATE=rpi2stretch ./rpi23-gen-image.sh
40 CONFIG_TEMPLATE=rpi2stretch ./rpi23-gen-image.sh
41 ```
41 ```
42
42
43 ## Supported parameters and settings
43 ## Supported parameters and settings
44 #### APT settings:
44 #### APT settings:
45 ##### `APT_SERVER`="ftp.debian.org"
45 ##### `APT_SERVER`="ftp.debian.org"
46 Set Debian packages server address. Choose a server from the list of Debian worldwide [mirror sites](https://www.debian.org/mirror/list). Using a nearby server will probably speed-up all required downloads within the bootstrapping process.
46 Set Debian packages server address. Choose a server from the list of Debian worldwide [mirror sites](https://www.debian.org/mirror/list). Using a nearby server will probably speed-up all required downloads within the bootstrapping process.
47
47
48 ##### `APT_PROXY`=""
48 ##### `APT_PROXY`=""
49 Set Proxy server address. Using a local Proxy-Cache like `apt-cacher-ng` will speed-up the bootstrapping process because all required Debian packages will only be downloaded from the Debian mirror site once. If `apt-cacher-ng` is running on default `http://127.0.0.1:3142` it is autodetected and you don't need to set this.
49 Set Proxy server address. Using a local Proxy-Cache like `apt-cacher-ng` will speed-up the bootstrapping process because all required Debian packages will only be downloaded from the Debian mirror site once. If `apt-cacher-ng` is running on default `http://127.0.0.1:3142` it is autodetected and you don't need to set this.
50
50
51 ##### `KEEP_APT_PROXY`=false
51 ##### `KEEP_APT_PROXY`=false
52 Keep the APT_PROXY settings used in the bootsrapping process in the generated image.
52 Keep the APT_PROXY settings used in the bootsrapping process in the generated image.
53
53
54 ##### `APT_INCLUDES`=""
54 ##### `APT_INCLUDES`=""
55 A comma-separated list of additional packages to be installed by debootstrap during bootstrapping.
55 A comma-separated list of additional packages to be installed by debootstrap during bootstrapping.
56
56
57 ##### `APT_INCLUDES_LATE`=""
57 ##### `APT_INCLUDES_LATE`=""
58 A comma-separated list of additional packages to be installed by apt after bootstrapping and after APT sources are set up. This is useful for packages with pre-depends, which debootstrap do not handle well.
58 A comma-separated list of additional packages to be installed by apt after bootstrapping and after APT sources are set up. This is useful for packages with pre-depends, which debootstrap do not handle well.
59
59
60 ---
60 ---
61
61
62 #### General system settings:
62 #### General system settings:
63 ##### `SET_ARCH`=32
63 ##### `SET_ARCH`=32
64 Set Architecture to default 32bit. If you want to compile 64-bit (RPI3 or RPI3+) set it to `64`. This option will set every needed cross-compiler or board specific option for a successful build.
64 Set Architecture to default 32bit. If you want to compile 64-bit (RPI3 or RPI3+) set it to `64`. This option will set every needed cross-compiler or board specific option for a successful build.
65
65
66 ##### `RPI_MODEL`=2
66 ##### `RPI_MODEL`=2
67 Specify the target Raspberry Pi hardware model. The script at this time supports the following Raspberry Pi models:
67 Specify the target Raspberry Pi hardware model. The script at this time supports the following Raspberry Pi models:
68 - `0` = Raspberry Pi 0 and Raspberry Pi 0 W
68 - `0` = Raspberry Pi 0 and Raspberry Pi 0 W
69 - `1` = Raspberry Pi 1 model A and B
69 - `1` = Raspberry Pi 1 model A and B
70 - `1P` = Raspberry Pi 1 model B+ and A+
70 - `1P` = Raspberry Pi 1 model B+ and A+
71 - `2` = Raspberry Pi 2 model B
71 - `2` = Raspberry Pi 2 model B
72 - `3` = Raspberry Pi 3 model B
72 - `3` = Raspberry Pi 3 model B
73 - `3P` = Raspberry Pi 3 model B+
73 - `3P` = Raspberry Pi 3 model B+
74
74
75 ##### `RELEASE`="buster"
75 ##### `RELEASE`="buster"
76 Set the desired Debian release name. The script at this time supports the bootstrapping of the Debian releases `stretch` and `buster`.
76 Set the desired Debian release name. The script at this time supports the bootstrapping of the Debian releases `stretch` and `buster`.
77
77
78 ##### `RELEASE_ARCH`="armhf"
78 ##### `RELEASE_ARCH`="armhf"
79 Set the desired Debian release architecture.
79 Set the desired Debian release architecture.
80
80
81 ##### `HOSTNAME`="rpi$RPI_MODEL-$RELEASE"
81 ##### `HOSTNAME`="rpi$RPI_MODEL-$RELEASE"
82 Set system hostname. It's recommended that the hostname is unique in the corresponding subnet.
82 Set system hostname. It's recommended that the hostname is unique in the corresponding subnet.
83
83
84 ##### `PASSWORD`="raspberry"
84 ##### `PASSWORD`="raspberry"
85 Set system `root` password. It's **STRONGLY** recommended that you choose a custom password.
85 Set system `root` password. It's **STRONGLY** recommended that you choose a custom password.
86
86
87 ##### `USER_PASSWORD`="raspberry"
87 ##### `USER_PASSWORD`="raspberry"
88 Set password for the created non-root user `USER_NAME`=pi. Ignored if `ENABLE_USER`=false. It's **STRONGLY** recommended that you choose a custom password.
88 Set password for the created non-root user `USER_NAME`=pi. Ignored if `ENABLE_USER`=false. It's **STRONGLY** recommended that you choose a custom password.
89
89
90 ##### `DEFLOCAL`="en_US.UTF-8"
90 ##### `DEFLOCAL`="en_US.UTF-8"
91 Set default system locale. This setting can also be changed inside the running OS using the `dpkg-reconfigure locales` command. Please note that on using this parameter the script will automatically install the required packages `locales`, `keyboard-configuration` and `console-setup`.
91 Set default system locale. This setting can also be changed inside the running OS using the `dpkg-reconfigure locales` command. Please note that on using this parameter the script will automatically install the required packages `locales`, `keyboard-configuration` and `console-setup`.
92
92
93 ##### `TIMEZONE`="Europe/Berlin"
93 ##### `TIMEZONE`="Europe/Berlin"
94 Set default system timezone. All available timezones can be found in the `/usr/share/zoneinfo/` directory. This setting can also be changed inside the running OS using the `dpkg-reconfigure tzdata` command.
94 Set default system timezone. All available timezones can be found in the `/usr/share/zoneinfo/` directory. This setting can also be changed inside the running OS using the `dpkg-reconfigure tzdata` command.
95
95
96 ##### `EXPANDROOT`=true
96 ##### `EXPANDROOT`=true
97 Expand the root partition and filesystem automatically on first boot.
97 Expand the root partition and filesystem automatically on first boot.
98
98
99 ##### `ENABLE_QEMU`=false
99 ##### `ENABLE_QEMU`=false
100 Generate kernel (`vexpress_defconfig`), file system image (`qcow2`) and DTB files that can be used for QEMU full system emulation (`vexpress-A15`). The output files are stored in the `$(pwd)/images/qemu` directory. You can find more information about running the generated image in the QEMU section of this readme file.
100 Generate kernel (`vexpress_defconfig`), file system image (`qcow2`) and DTB files that can be used for QEMU full system emulation (`vexpress-A15`). The output files are stored in the `$(pwd)/images/qemu` directory. You can find more information about running the generated image in the QEMU section of this readme file.
101
101
102 ---
102 ---
103
103
104 #### Keyboard settings:
104 #### Keyboard settings:
105 These options are used to configure keyboard layout in `/etc/default/keyboard` for console and Xorg. These settings can also be changed inside the running OS using the `dpkg-reconfigure keyboard-configuration` command.
105 These options are used to configure keyboard layout in `/etc/default/keyboard` for console and Xorg. These settings can also be changed inside the running OS using the `dpkg-reconfigure keyboard-configuration` command.
106
106
107 ##### `XKB_MODEL`=""
107 ##### `XKB_MODEL`=""
108 Set the name of the model of your keyboard type.
108 Set the name of the model of your keyboard type.
109
109
110 ##### `XKB_LAYOUT`=""
110 ##### `XKB_LAYOUT`=""
111 Set the supported keyboard layout(s).
111 Set the supported keyboard layout(s).
112
112
113 ##### `XKB_VARIANT`=""
113 ##### `XKB_VARIANT`=""
114 Set the supported variant(s) of the keyboard layout(s).
114 Set the supported variant(s) of the keyboard layout(s).
115
115
116 ##### `XKB_OPTIONS`=""
116 ##### `XKB_OPTIONS`=""
117 Set extra xkb configuration options.
117 Set extra xkb configuration options.
118
118
119 ---
119 ---
120
120
121 #### Networking settings (DHCP):
121 #### Networking settings (DHCP):
122 This parameter is used to set up networking auto-configuration in `/etc/systemd/network/eth.network`. The default location of network configuration files in the Debian `stretch` release was changed to `/lib/systemd/network`.`
122 This parameter is used to set up networking auto-configuration in `/etc/systemd/network/eth.network`. The default location of network configuration files in the Debian `stretch` release was changed to `/lib/systemd/network`.`
123
123
124 ##### `ENABLE_DHCP`=true
124 ##### `ENABLE_DHCP`=true
125 Set the system to use DHCP. This requires an DHCP server.
125 Set the system to use DHCP. This requires an DHCP server.
126
126
127 ---
127 ---
128
128
129 #### Networking settings (static):
129 #### Networking settings (static):
130 These parameters are used to set up a static networking configuration in `/etc/systemd/network/eth.network`. The following static networking parameters are only supported if `ENABLE_DHCP` was set to `false`. The default location of network configuration files in the Debian `stretch` release was changed to `/lib/systemd/network`.
130 These parameters are used to set up a static networking configuration in `/etc/systemd/network/eth.network`. The following static networking parameters are only supported if `ENABLE_DHCP` was set to `false`. The default location of network configuration files in the Debian `stretch` release was changed to `/lib/systemd/network`.
131
131
132 ##### `NET_ADDRESS`=""
132 ##### `NET_ADDRESS`=""
133 Set a static IPv4 or IPv6 address and its prefix, separated by "/", eg. "192.169.0.3/24".
133 Set a static IPv4 or IPv6 address and its prefix, separated by "/", eg. "192.169.0.3/24".
134
134
135 ##### `NET_GATEWAY`=""
135 ##### `NET_GATEWAY`=""
136 Set the IP address for the default gateway.
136 Set the IP address for the default gateway.
137
137
138 ##### `NET_DNS_1`=""
138 ##### `NET_DNS_1`=""
139 Set the IP address for the first DNS server.
139 Set the IP address for the first DNS server.
140
140
141 ##### `NET_DNS_2`=""
141 ##### `NET_DNS_2`=""
142 Set the IP address for the second DNS server.
142 Set the IP address for the second DNS server.
143
143
144 ##### `NET_DNS_DOMAINS`=""
144 ##### `NET_DNS_DOMAINS`=""
145 Set the default DNS search domains to use for non fully qualified hostnames.
145 Set the default DNS search domains to use for non fully qualified hostnames.
146
146
147 ##### `NET_NTP_1`=""
147 ##### `NET_NTP_1`=""
148 Set the IP address for the first NTP server.
148 Set the IP address for the first NTP server.
149
149
150 ##### `NET_NTP_2`=""
150 ##### `NET_NTP_2`=""
151 Set the IP address for the second NTP server.
151 Set the IP address for the second NTP server.
152
152
153 ---
153 ---
154
154
155 #### Basic system features:
155 #### Basic system features:
156 ##### `ENABLE_CONSOLE`=true
156 ##### `ENABLE_CONSOLE`=true
157 Enable serial console interface. Recommended if no monitor or keyboard is connected to the RPi2/3. In case of problems fe. if the network (auto) configuration failed - the serial console can be used to access the system. On RPI `0` `3` `3P` the CPU speed is locked at lowest speed.
157 Enable serial console interface. Recommended if no monitor or keyboard is connected to the RPi2/3. In case of problems fe. if the network (auto) configuration failed - the serial console can be used to access the system. On RPI `0` `3` `3P` the CPU speed is locked at lowest speed.
158
158
159 ##### `ENABLE_PRINTK`=false
159 ##### `ENABLE_PRINTK`=false
160 Enables printing kernel messages to konsole. printk is `3 4 1 3` as in raspbian.
160 Enables printing kernel messages to konsole. printk is `3 4 1 3` as in raspbian.
161
161
162 ##### `ENABLE_BLUETOOTH`=false
162 ##### `ENABLE_BLUETOOTH`=false
163 Enable onboard Bluetooth interface on the RPi0/3/3P. See: [Configuring the GPIO serial port on Raspbian jessie and stretch](https://spellfoundry.com/2016/05/29/configuring-gpio-serial-port-raspbian-jessie-including-pi-3/).
163 Enable onboard Bluetooth interface on the RPi0/3/3P. See: [Configuring the GPIO serial port on Raspbian jessie and stretch](https://spellfoundry.com/2016/05/29/configuring-gpio-serial-port-raspbian-jessie-including-pi-3/).
164
164
165 ##### `ENABLE_MINIUART_OVERLAY`=false
165 ##### `ENABLE_MINIUART_OVERLAY`=false
166 Enable Bluetooth to use this. Adds overlay to swap UART0 with UART1. Enabling (slower) Bluetooth and full speed serial console. - RPI `0` `3` `3P` have a fast `hardware UART0` (ttyAMA0) and a `mini UART1` (ttyS0)! RPI `1` `1P` `2` only have a `hardware UART0`. `UART0` is considered better, because is faster and more stable than `mini UART1`. By default the Bluetooth modem is mapped to the `hardware UART0` and `mini UART` is used for console. The `mini UART` is a problem for the serial console, because its baudrate depends on the CPU frequency, which is changing on runtime. Resulting in a volatile baudrate and thus in an unusable serial console.
166 Enable Bluetooth to use this. Adds overlay to swap UART0 with UART1. Enabling (slower) Bluetooth and full speed serial console. - RPI `0` `3` `3P` have a fast `hardware UART0` (ttyAMA0) and a `mini UART1` (ttyS0)! RPI `1` `1P` `2` only have a `hardware UART0`. `UART0` is considered better, because is faster and more stable than `mini UART1`. By default the Bluetooth modem is mapped to the `hardware UART0` and `mini UART` is used for console. The `mini UART` is a problem for the serial console, because its baudrate depends on the CPU frequency, which is changing on runtime. Resulting in a volatile baudrate and thus in an unusable serial console.
167
167
168 ##### `ENABLE_TURBO`=false
168 ##### `ENABLE_TURBO`=false
169 Enable Turbo mode. This setting locks cpu at the highest frequency. As setting ENABLE_CONSOLE=true locks RPI to lowest CPU speed, this is can be used additionally to lock cpu hat max speed. Need a good power supply and probably cooling for the Raspberry PI.
169 Enable Turbo mode. This setting locks cpu at the highest frequency. As setting ENABLE_CONSOLE=true locks RPI to lowest CPU speed, this is can be used additionally to lock cpu hat max speed. Need a good power supply and probably cooling for the Raspberry PI.
170
170
171 ##### `ENABLE_I2C`=false
171 ##### `ENABLE_I2C`=false
172 Enable I2C interface on the RPi 0/1/2/3. Please check the [RPi 0/1/2/3 pinout diagrams](https://elinux.org/RPi_Low-level_peripherals) to connect the right GPIO pins.
172 Enable I2C interface on the RPi 0/1/2/3. Please check the [RPi 0/1/2/3 pinout diagrams](https://elinux.org/RPi_Low-level_peripherals) to connect the right GPIO pins.
173
173
174 ##### `ENABLE_SPI`=false
174 ##### `ENABLE_SPI`=false
175 Enable SPI interface on the RPi 0/1/2/3. Please check the [RPi 0/1/2/3 pinout diagrams](https://elinux.org/RPi_Low-level_peripherals) to connect the right GPIO pins.
175 Enable SPI interface on the RPi 0/1/2/3. Please check the [RPi 0/1/2/3 pinout diagrams](https://elinux.org/RPi_Low-level_peripherals) to connect the right GPIO pins.
176
176
177 ##### `ENABLE_IPV6`=true
177 ##### `ENABLE_IPV6`=true
178 Enable IPv6 support. The network interface configuration is managed via systemd-networkd.
178 Enable IPv6 support. The network interface configuration is managed via systemd-networkd.
179
179
180 ##### `ENABLE_SSHD`=true
180 ##### `ENABLE_SSHD`=true
181 Install and enable OpenSSH service. The default configuration of the service doesn't allow `root` to login. Please use the user `pi` instead and `su -` or `sudo` to execute commands as root.
181 Install and enable OpenSSH service. The default configuration of the service doesn't allow `root` to login. Please use the user `pi` instead and `su -` or `sudo` to execute commands as root.
182
182
183 ##### `ENABLE_NONFREE`=false
183 ##### `ENABLE_NONFREE`=false
184 Allow the installation of non-free Debian packages that do not comply with the DFSG. This is required to install closed-source firmware binary blobs.
184 Allow the installation of non-free Debian packages that do not comply with the DFSG. This is required to install closed-source firmware binary blobs.
185
185
186 ##### `ENABLE_WIRELESS`=false
186 ##### `ENABLE_WIRELESS`=false
187 Download and install the [closed-source firmware binary blob](https://github.com/RPi-Distro/firmware-nonfree/raw/master/brcm) that is required to run the internal wireless interface of the Raspberry Pi model `3`. This parameter is ignored if the specified `RPI_MODEL` is not `3`.
187 Download and install the [closed-source firmware binary blob](https://github.com/RPi-Distro/firmware-nonfree/raw/master/brcm) that is required to run the internal wireless interface of the Raspberry Pi model `3`. This parameter is ignored if the specified `RPI_MODEL` is not `3`.
188
188
189 ##### `ENABLE_RSYSLOG`=true
189 ##### `ENABLE_RSYSLOG`=true
190 If set to false, disable and uninstall rsyslog (so logs will be available only in journal files)
190 If set to false, disable and uninstall rsyslog (so logs will be available only in journal files)
191
191
192 ##### `ENABLE_SOUND`=true
192 ##### `ENABLE_SOUND`=true
193 Enable sound hardware and install Advanced Linux Sound Architecture.
193 Enable sound hardware and install Advanced Linux Sound Architecture.
194
194
195 ##### `ENABLE_HWRANDOM`=true
195 ##### `ENABLE_HWRANDOM`=true
196 Enable Hardware Random Number Generator. Strong random numbers are important for most network-based communications that use encryption. It's recommended to be enabled.
196 Enable Hardware Random Number Generator. Strong random numbers are important for most network-based communications that use encryption. It's recommended to be enabled.
197
197
198 ##### `ENABLE_MINGPU`=false
198 ##### `ENABLE_MINGPU`=false
199 Minimize the amount of shared memory reserved for the GPU. It doesn't seem to be possible to fully disable the GPU.
199 Minimize the amount of shared memory reserved for the GPU. It doesn't seem to be possible to fully disable the GPU.
200
200
201 ##### `ENABLE_DBUS`=true
201 ##### `ENABLE_DBUS`=true
202 Install and enable D-Bus message bus. Please note that systemd should work without D-bus but it's recommended to be enabled.
202 Install and enable D-Bus message bus. Please note that systemd should work without D-bus but it's recommended to be enabled.
203
203
204 ##### `ENABLE_XORG`=false
204 ##### `ENABLE_XORG`=false
205 Install Xorg open-source X Window System.
205 Install Xorg open-source X Window System.
206
206
207 ##### `ENABLE_WM`=""
207 ##### `ENABLE_WM`=""
208 Install a user-defined window manager for the X Window System. To make sure all X related package dependencies are getting installed `ENABLE_XORG` will automatically get enabled if `ENABLE_WM` is used. The `rpi23-gen-image.sh` script has been tested with the following list of window managers: `blackbox`, `openbox`, `fluxbox`, `jwm`, `dwm`, `xfce4`, `awesome`.
208 Install a user-defined window manager for the X Window System. To make sure all X related package dependencies are getting installed `ENABLE_XORG` will automatically get enabled if `ENABLE_WM` is used. The `rpi23-gen-image.sh` script has been tested with the following list of window managers: `blackbox`, `openbox`, `fluxbox`, `jwm`, `dwm`, `xfce4`, `awesome`.
209
209
210 ##### `ENABLE_SYSVINIT`=false
210 ##### `ENABLE_SYSVINIT`=false
211 Support for halt,init,poweroff,reboot,runlevel,shutdown,telinit commands
211 Support for halt,init,poweroff,reboot,runlevel,shutdown,telinit commands
212
212
213 ---
213 ---
214
214
215 #### Advanced system features:
215 #### Advanced system features:
216 ##### `ENABLE_SYSTEMDSWAP`=false
216 ##### `ENABLE_SYSTEMDSWAP`=false
217 Enables [Systemd-swap service](https://github.com/Nefelim4ag/systemd-swap). Usefull if `KERNEL_ZSWAP` is enabled.
217 Enables [Systemd-swap service](https://github.com/Nefelim4ag/systemd-swap). Usefull if `KERNEL_ZSWAP` is enabled.
218
218
219 ##### `ENABLE_MINBASE`=false
219 ##### `ENABLE_MINBASE`=false
220 Use debootstrap script variant `minbase` which only includes essential packages and apt. This will reduce the disk usage by about 65 MB.
220 Use debootstrap script variant `minbase` which only includes essential packages and apt. This will reduce the disk usage by about 65 MB.
221
221
222 ##### `ENABLE_REDUCE`=false
222 ##### `ENABLE_REDUCE`=false
223 Reduce the disk space usage by deleting packages and files. See `REDUCE_*` parameters for detailed information.
223 Reduce the disk space usage by deleting packages and files. See `REDUCE_*` parameters for detailed information.
224
224
225 ##### `ENABLE_UBOOT`=false
225 ##### `ENABLE_UBOOT`=false
226 Replace the default RPi 0/1/2/3 second stage bootloader (bootcode.bin) with [U-Boot bootloader](https://git.denx.de/?p=u-boot.git;a=summary). U-Boot can boot images via the network using the BOOTP/TFTP protocol.
226 Replace the default RPi 0/1/2/3 second stage bootloader (bootcode.bin) with [U-Boot bootloader](https://git.denx.de/?p=u-boot.git;a=summary). U-Boot can boot images via the network using the BOOTP/TFTP protocol.
227
227
228 ##### `UBOOTSRC_DIR`=""
228 ##### `UBOOTSRC_DIR`=""
229 Path to a directory (`u-boot`) of [U-Boot bootloader sources](https://git.denx.de/?p=u-boot.git;a=summary) that will be copied, configured, build and installed inside the chroot.
229 Path to a directory (`u-boot`) of [U-Boot bootloader sources](https://git.denx.de/?p=u-boot.git;a=summary) that will be copied, configured, build and installed inside the chroot.
230
230
231 ##### `ENABLE_FBTURBO`=false
231 ##### `ENABLE_FBTURBO`=false
232 Install and enable the [hardware accelerated Xorg video driver](https://github.com/ssvb/xf86-video-fbturbo) `fbturbo`. Please note that this driver is currently limited to hardware accelerated window moving and scrolling.
232 Install and enable the [hardware accelerated Xorg video driver](https://github.com/ssvb/xf86-video-fbturbo) `fbturbo`. Please note that this driver is currently limited to hardware accelerated window moving and scrolling.
233
233
234 ##### `FBTURBOSRC_DIR`=""
234 ##### `FBTURBOSRC_DIR`=""
235 Path to a directory (`xf86-video-fbturbo`) of [hardware accelerated Xorg video driver sources](https://github.com/ssvb/xf86-video-fbturbo) that will be copied, configured, build and installed inside the chroot.
235 Path to a directory (`xf86-video-fbturbo`) of [hardware accelerated Xorg video driver sources](https://github.com/ssvb/xf86-video-fbturbo) that will be copied, configured, build and installed inside the chroot.
236
236
237 ##### `ENABLE_VIDEOCORE`=false
237 ##### `ENABLE_VIDEOCORE`=false
238 Install and enable the [ARM side libraries for interfacing to Raspberry Pi GPU](https://github.com/raspberrypi/userland) `vcgencmd`. Please note that this driver is currently limited to hardware accelerated window moving and scrolling.
238 Install and enable the [ARM side libraries for interfacing to Raspberry Pi GPU](https://github.com/raspberrypi/userland) `vcgencmd`. Please note that this driver is currently limited to hardware accelerated window moving and scrolling.
239
239
240 ##### `VIDEOCORESRC_DIR`=""
240 ##### `VIDEOCORESRC_DIR`=""
241 Path to a directory (`userland`) of [ARM side libraries for interfacing to Raspberry Pi GPU](https://github.com/raspberrypi/userland) that will be copied, configured, build and installed inside the chroot.
241 Path to a directory (`userland`) of [ARM side libraries for interfacing to Raspberry Pi GPU](https://github.com/raspberrypi/userland) that will be copied, configured, build and installed inside the chroot.
242
242
243 ##### `ENABLE_NEXMON`=false
243 ##### `ENABLE_NEXMON`=false
244 Install and enable the [Source code for a C-based firmware patching framework for Broadcom/Cypress WiFi chips that enables you to write your own firmware patches, for example, to enable monitor mode with radiotap headers and frame injection](https://github.com/seemoo-lab/nexmon.git).
244 Install and enable the [Source code for a C-based firmware patching framework for Broadcom/Cypress WiFi chips that enables you to write your own firmware patches, for example, to enable monitor mode with radiotap headers and frame injection](https://github.com/seemoo-lab/nexmon.git).
245
245
246 ##### `NEXMONSRC_DIR`=""
246 ##### `NEXMONSRC_DIR`=""
247 Path to a directory (`nexmon`) of [Source code for ARM side libraries for interfacing to Raspberry Pi GPU](https://github.com/raspberrypi/userland) that will be copied, configured, build and installed inside the chroot.
247 Path to a directory (`nexmon`) of [Source code for ARM side libraries for interfacing to Raspberry Pi GPU](https://github.com/raspberrypi/userland) that will be copied, configured, build and installed inside the chroot.
248
248
249 ##### `ENABLE_IPTABLES`=false
249 ##### `ENABLE_IPTABLES`=false
250 Enable iptables IPv4/IPv6 firewall. Simplified ruleset: Allow all outgoing connections. Block all incoming connections except to OpenSSH service.
250 Enable iptables IPv4/IPv6 firewall. Simplified ruleset: Allow all outgoing connections. Block all incoming connections except to OpenSSH service.
251
251
252 ##### `ENABLE_USER`=true
252 ##### `ENABLE_USER`=true
253 Create non-root user with password `USER_PASSWORD`=raspberry. Unless overridden with `USER_NAME`=user, the username will be `pi`.
253 Create non-root user with password `USER_PASSWORD`=raspberry. Unless overridden with `USER_NAME`=user, the username will be `pi`.
254
254
255 ##### `USER_NAME`=pi
255 ##### `USER_NAME`=pi
256 Non-root user to create. Ignored if `ENABLE_USER`=false
256 Non-root user to create. Ignored if `ENABLE_USER`=false
257
257
258 ##### `ENABLE_ROOT`=false
258 ##### `ENABLE_ROOT`=false
259 Set root user password so root login will be enabled
259 Set root user password so root login will be enabled
260
260
261 ##### `ENABLE_HARDNET`=false
261 ##### `ENABLE_HARDNET`=false
262 Enable IPv4/IPv6 network stack hardening settings.
262 Enable IPv4/IPv6 network stack hardening settings.
263
263
264 ##### `ENABLE_SPLITFS`=false
264 ##### `ENABLE_SPLITFS`=false
265 Enable having root partition on an USB drive by creating two image files: one for the `/boot/firmware` mount point, and another for `/`.
265 Enable having root partition on an USB drive by creating two image files: one for the `/boot/firmware` mount point, and another for `/`.
266
266
267 ##### `CHROOT_SCRIPTS`=""
267 ##### `CHROOT_SCRIPTS`=""
268 Path to a directory with scripts that should be run in the chroot before the image is finally built. Every executable file in this directory is run in lexicographical order.
268 Path to a directory with scripts that should be run in the chroot before the image is finally built. Every executable file in this directory is run in lexicographical order.
269
269
270 ##### `ENABLE_INITRAMFS`=false
270 ##### `ENABLE_INITRAMFS`=false
271 Create an initramfs that that will be loaded during the Linux startup process. `ENABLE_INITRAMFS` will automatically get enabled if `ENABLE_CRYPTFS`=true. This parameter will be ignored if `BUILD_KERNEL`=false.
271 Create an initramfs that that will be loaded during the Linux startup process. `ENABLE_INITRAMFS` will automatically get enabled if `ENABLE_CRYPTFS`=true. This parameter will be ignored if `BUILD_KERNEL`=false.
272
272
273 ##### `ENABLE_IFNAMES`=true
273 ##### `ENABLE_IFNAMES`=true
274 Enable automatic assignment of predictable, stable network interface names for all local Ethernet, WLAN interfaces. This might create complex and long interface names.
274 Enable automatic assignment of predictable, stable network interface names for all local Ethernet, WLAN interfaces. This might create complex and long interface names.
275
275
276 ##### `ENABLE_SPLASH`=true
277 Enable default Raspberry Pi boot up rainbow splash screen.
278
279 ##### `ENABLE_LOGO`=true
280 Enable default Raspberry Pi console logo (image of four raspberries in the top left corner).
281
282 ##### `ENABLE_SILENT_BOOT`=false
283 Set the verbosity of console messages shown during boot up to a strict minimum.
284
276 ##### `DISABLE_UNDERVOLT_WARNINGS`=
285 ##### `DISABLE_UNDERVOLT_WARNINGS`=
277 Disable RPi2/3 under-voltage warnings and overlays. Setting the parameter to `1` will disable the warning overlay. Setting it to `2` will additionally allow RPi2/3 turbo mode when low-voltage is present.
286 Disable RPi2/3 under-voltage warnings and overlays. Setting the parameter to `1` will disable the warning overlay. Setting it to `2` will additionally allow RPi2/3 turbo mode when low-voltage is present.
278
287
279 ---
288 ---
280
289
281 #### SSH settings:
290 #### SSH settings:
282 ##### `SSH_ENABLE_ROOT`=false
291 ##### `SSH_ENABLE_ROOT`=false
283 Enable password-based root login via SSH. This may be a security risk with the default password set, use only in trusted environments. `ENABLE_ROOT` must be set to `true`.
292 Enable password-based root login via SSH. This may be a security risk with the default password set, use only in trusted environments. `ENABLE_ROOT` must be set to `true`.
284
293
285 ##### `SSH_DISABLE_PASSWORD_AUTH`=false
294 ##### `SSH_DISABLE_PASSWORD_AUTH`=false
286 Disable password-based SSH authentication. Only public key based SSH (v2) authentication will be supported.
295 Disable password-based SSH authentication. Only public key based SSH (v2) authentication will be supported.
287
296
288 ##### `SSH_LIMIT_USERS`=false
297 ##### `SSH_LIMIT_USERS`=false
289 Limit the users that are allowed to login via SSH. Only allow user `USER_NAME`=pi and root if `SSH_ENABLE_ROOT`=true to login. This parameter will be ignored if `dropbear` SSH is used (`REDUCE_SSHD`=true).
298 Limit the users that are allowed to login via SSH. Only allow user `USER_NAME`=pi and root if `SSH_ENABLE_ROOT`=true to login. This parameter will be ignored if `dropbear` SSH is used (`REDUCE_SSHD`=true).
290
299
291 ##### `SSH_ROOT_PUB_KEY`=""
300 ##### `SSH_ROOT_PUB_KEY`=""
292 Add SSH (v2) public key(s) from specified file to `authorized_keys` file to enable public key based SSH (v2) authentication of user `root`. The specified file can also contain multiple SSH (v2) public keys. SSH protocol version 1 is not supported. `ENABLE_ROOT` **and** `SSH_ENABLE_ROOT` must be set to `true`.
301 Add SSH (v2) public key(s) from specified file to `authorized_keys` file to enable public key based SSH (v2) authentication of user `root`. The specified file can also contain multiple SSH (v2) public keys. SSH protocol version 1 is not supported. `ENABLE_ROOT` **and** `SSH_ENABLE_ROOT` must be set to `true`.
293
302
294 ##### `SSH_USER_PUB_KEY`=""
303 ##### `SSH_USER_PUB_KEY`=""
295 Add SSH (v2) public key(s) from specified file to `authorized_keys` file to enable public key based SSH (v2) authentication of user `USER_NAME`=pi. The specified file can also contain multiple SSH (v2) public keys. SSH protocol version 1 is not supported.
304 Add SSH (v2) public key(s) from specified file to `authorized_keys` file to enable public key based SSH (v2) authentication of user `USER_NAME`=pi. The specified file can also contain multiple SSH (v2) public keys. SSH protocol version 1 is not supported.
296
305
297 ---
306 ---
298
307
299 #### Kernel compilation:
308 #### Kernel compilation:
300 ##### `BUILD_KERNEL`=true
309 ##### `BUILD_KERNEL`=true
301 Build and install the latest RPi 0/1/2/3 Linux kernel. Currently only the default RPi 0/1/2/3 kernel configuration is used.
310 Build and install the latest RPi 0/1/2/3 Linux kernel. Currently only the default RPi 0/1/2/3 kernel configuration is used.
302
311
303 ##### `CROSS_COMPILE`="arm-linux-gnueabihf-"
312 ##### `CROSS_COMPILE`="arm-linux-gnueabihf-"
304 This sets the cross-compile environment for the compiler.
313 This sets the cross-compile environment for the compiler.
305
314
306 ##### `KERNEL_ARCH`="arm"
315 ##### `KERNEL_ARCH`="arm"
307 This sets the kernel architecture for the compiler.
316 This sets the kernel architecture for the compiler.
308
317
309 ##### `KERNEL_IMAGE`="kernel7.img"
318 ##### `KERNEL_IMAGE`="kernel7.img"
310 Name of the image file in the boot partition. If not set, `KERNEL_IMAGE` will be set to "kernel8.img" automatically if building for arm64.
319 Name of the image file in the boot partition. If not set, `KERNEL_IMAGE` will be set to "kernel8.img" automatically if building for arm64.
311
320
312 ##### `KERNEL_BRANCH`=""
321 ##### `KERNEL_BRANCH`=""
313 Name of the requested branch from the GIT location for the RPi Kernel. Default is using the current default branch from the GIT site.
322 Name of the requested branch from the GIT location for the RPi Kernel. Default is using the current default branch from the GIT site.
314
323
315 ##### `QEMU_BINARY`="/usr/bin/qemu-arm-static"
324 ##### `QEMU_BINARY`="/usr/bin/qemu-arm-static"
316 Sets the QEMU enviornment for the Debian archive. If not set, `QEMU_BINARY` will be set to "/usr/bin/qemu-aarch64-static" automatically if building for arm64.
325 Sets the QEMU enviornment for the Debian archive. If not set, `QEMU_BINARY` will be set to "/usr/bin/qemu-aarch64-static" automatically if building for arm64.
317
326
318 ##### `KERNEL_DEFCONFIG`="bcm2709_defconfig"
327 ##### `KERNEL_DEFCONFIG`="bcm2709_defconfig"
319 Sets the default config for kernel compiling. If not set, `KERNEL_DEFCONFIG` will be set to "bcmrpi3\_defconfig" automatically if building for arm64.
328 Sets the default config for kernel compiling. If not set, `KERNEL_DEFCONFIG` will be set to "bcmrpi3\_defconfig" automatically if building for arm64.
320
329
321 ##### `KERNEL_REDUCE`=false
330 ##### `KERNEL_REDUCE`=false
322 Reduce the size of the generated kernel by removing unwanted devices, network and filesystem drivers (experimental).
331 Reduce the size of the generated kernel by removing unwanted devices, network and filesystem drivers (experimental).
323
332
324 ##### `KERNEL_THREADS`=1
333 ##### `KERNEL_THREADS`=1
325 Number of parallel kernel building threads. If the parameter is left untouched the script will automatically determine the number of CPU cores to set the number of parallel threads to speed the kernel compilation.
334 Number of parallel kernel building threads. If the parameter is left untouched the script will automatically determine the number of CPU cores to set the number of parallel threads to speed the kernel compilation.
326
335
327 ##### `KERNEL_HEADERS`=true
336 ##### `KERNEL_HEADERS`=true
328 Install kernel headers with the built kernel.
337 Install kernel headers with the built kernel.
329
338
330 ##### `KERNEL_MENUCONFIG`=false
339 ##### `KERNEL_MENUCONFIG`=false
331 Start `make menuconfig` interactive menu-driven kernel configuration. The script will continue after `make menuconfig` was terminated.
340 Start `make menuconfig` interactive menu-driven kernel configuration. The script will continue after `make menuconfig` was terminated.
332
341
333 ##### `KERNEL_OLDDEFCONFIG`=false
342 ##### `KERNEL_OLDDEFCONFIG`=false
334 Run `make olddefconfig` to automatically set all new kernel configuration options to their recommended default values.
343 Run `make olddefconfig` to automatically set all new kernel configuration options to their recommended default values.
335
344
336 ##### `KERNEL_CCACHE`=false
345 ##### `KERNEL_CCACHE`=false
337 Compile the kernel using ccache. This speeds up kernel recompilation by caching previous compilations and detecting when the same compilation is being done again.
346 Compile the kernel using ccache. This speeds up kernel recompilation by caching previous compilations and detecting when the same compilation is being done again.
338
347
339 ##### `KERNEL_REMOVESRC`=true
348 ##### `KERNEL_REMOVESRC`=true
340 Remove all kernel sources from the generated OS image after it was built and installed.
349 Remove all kernel sources from the generated OS image after it was built and installed.
341
350
342 ##### `KERNELSRC_DIR`=""
351 ##### `KERNELSRC_DIR`=""
343 Path to a directory (`linux`) of [RaspberryPi Linux kernel sources](https://github.com/raspberrypi/linux) that will be copied, configured, build and installed inside the chroot.
352 Path to a directory (`linux`) of [RaspberryPi Linux kernel sources](https://github.com/raspberrypi/linux) that will be copied, configured, build and installed inside the chroot.
344
353
345 ##### `KERNELSRC_CLEAN`=false
354 ##### `KERNELSRC_CLEAN`=false
346 Clean the existing kernel sources directory `KERNELSRC_DIR` (using `make mrproper`) after it was copied to the chroot and before the compilation of the kernel has started. This parameter will be ignored if no `KERNELSRC_DIR` was specified or if `KERNELSRC_PREBUILT`=true.
355 Clean the existing kernel sources directory `KERNELSRC_DIR` (using `make mrproper`) after it was copied to the chroot and before the compilation of the kernel has started. This parameter will be ignored if no `KERNELSRC_DIR` was specified or if `KERNELSRC_PREBUILT`=true.
347
356
348 ##### `KERNELSRC_CONFIG`=true
357 ##### `KERNELSRC_CONFIG`=true
349 Run `make bcm2709_defconfig` (and optional `make menuconfig`) to configure the kernel sources before building. This parameter is automatically set to `true` if no existing kernel sources directory was specified using `KERNELSRC_DIR`. This parameter is ignored if `KERNELSRC_PREBUILT`=true.
358 Run `make bcm2709_defconfig` (and optional `make menuconfig`) to configure the kernel sources before building. This parameter is automatically set to `true` if no existing kernel sources directory was specified using `KERNELSRC_DIR`. This parameter is ignored if `KERNELSRC_PREBUILT`=true.
350
359
351 ##### `KERNELSRC_USRCONFIG`=""
360 ##### `KERNELSRC_USRCONFIG`=""
352 Copy own config file to kernel `.config`. If `KERNEL_MENUCONFIG`=true then running after copy.
361 Copy own config file to kernel `.config`. If `KERNEL_MENUCONFIG`=true then running after copy.
353
362
354 ##### `KERNELSRC_PREBUILT`=false
363 ##### `KERNELSRC_PREBUILT`=false
355 With this parameter set to true the script expects the existing kernel sources directory to be already successfully cross-compiled. The parameters `KERNELSRC_CLEAN`, `KERNELSRC_CONFIG`, `KERNELSRC_USRCONFIG` and `KERNEL_MENUCONFIG` are ignored and no kernel compilation tasks are performed.
364 With this parameter set to true the script expects the existing kernel sources directory to be already successfully cross-compiled. The parameters `KERNELSRC_CLEAN`, `KERNELSRC_CONFIG`, `KERNELSRC_USRCONFIG` and `KERNEL_MENUCONFIG` are ignored and no kernel compilation tasks are performed.
356
365
357 ##### `RPI_FIRMWARE_DIR`=""
366 ##### `RPI_FIRMWARE_DIR`=""
358 The directory (`firmware`) containing a local copy of the firmware from the [RaspberryPi firmware project](https://github.com/raspberrypi/firmware). Default is to download the latest firmware directly from the project.
367 The directory (`firmware`) containing a local copy of the firmware from the [RaspberryPi firmware project](https://github.com/raspberrypi/firmware). Default is to download the latest firmware directly from the project.
359
368
360 ##### `KERNEL_DEFAULT_GOV`="ONDEMAND"
369 ##### `KERNEL_DEFAULT_GOV`="ONDEMAND"
361 Set the default cpu governor at kernel compilation. Supported values are: PERFORMANCE POWERSAVE USERSPACE ONDEMAND CONSERVATIVE SCHEDUTIL
370 Set the default cpu governor at kernel compilation. Supported values are: PERFORMANCE POWERSAVE USERSPACE ONDEMAND CONSERVATIVE SCHEDUTIL
362
371
363 ##### `KERNEL_NF`=false
372 ##### `KERNEL_NF`=false
364 Enable Netfilter modules as kernel modules
373 Enable Netfilter modules as kernel modules
365
374
366 ##### `KERNEL_VIRT`=false
375 ##### `KERNEL_VIRT`=false
367 Enable Kernel KVM support (/dev/kvm)
376 Enable Kernel KVM support (/dev/kvm)
368
377
369 ##### `KERNEL_ZSWAP`=false
378 ##### `KERNEL_ZSWAP`=false
370 Enable Kernel Zswap support. Best use on high RAM load and mediocre CPU load usecases
379 Enable Kernel Zswap support. Best use on high RAM load and mediocre CPU load usecases
371
380
372 ##### `KERNEL_BPF`=true
381 ##### `KERNEL_BPF`=true
373 Allow attaching eBPF programs to a cgroup using the bpf syscall (CONFIG_BPF_SYSCALL CONFIG_CGROUP_BPF) [systemd compilations about it - File /lib/systemd/system/systemd-journald.server:36 configures an IP firewall (IPAddressDeny=all), but the local system does not support BPF/cgroup based firewalls]
382 Allow attaching eBPF programs to a cgroup using the bpf syscall (CONFIG_BPF_SYSCALL CONFIG_CGROUP_BPF) [systemd compilations about it - File /lib/systemd/system/systemd-journald.server:36 configures an IP firewall (IPAddressDeny=all), but the local system does not support BPF/cgroup based firewalls]
374
383
375 ##### `KERNEL_SECURITY`=false
384 ##### `KERNEL_SECURITY`=false
376 Enables Apparmor, integrity subsystem, auditing
385 Enables Apparmor, integrity subsystem, auditing
377 ---
386 ---
378
387
379 #### Reduce disk usage:
388 #### Reduce disk usage:
380 The following list of parameters is ignored if `ENABLE_REDUCE`=false.
389 The following list of parameters is ignored if `ENABLE_REDUCE`=false.
381
390
382 ##### `REDUCE_APT`=true
391 ##### `REDUCE_APT`=true
383 Configure APT to use compressed package repository lists and no package caching files.
392 Configure APT to use compressed package repository lists and no package caching files.
384
393
385 ##### `REDUCE_DOC`=true
394 ##### `REDUCE_DOC`=true
386 Remove all doc files (harsh). Configure APT to not include doc files on future `apt-get` package installations.
395 Remove all doc files (harsh). Configure APT to not include doc files on future `apt-get` package installations.
387
396
388 ##### `REDUCE_MAN`=true
397 ##### `REDUCE_MAN`=true
389 Remove all man pages and info files (harsh). Configure APT to not include man pages on future `apt-get` package installations.
398 Remove all man pages and info files (harsh). Configure APT to not include man pages on future `apt-get` package installations.
390
399
391 ##### `REDUCE_VIM`=false
400 ##### `REDUCE_VIM`=false
392 Replace `vim-tiny` package by `levee` a tiny vim clone.
401 Replace `vim-tiny` package by `levee` a tiny vim clone.
393
402
394 ##### `REDUCE_BASH`=false
403 ##### `REDUCE_BASH`=false
395 Remove `bash` package and switch to `dash` shell (experimental).
404 Remove `bash` package and switch to `dash` shell (experimental).
396
405
397 ##### `REDUCE_HWDB`=true
406 ##### `REDUCE_HWDB`=true
398 Remove PCI related hwdb files (experimental).
407 Remove PCI related hwdb files (experimental).
399
408
400 ##### `REDUCE_SSHD`=true
409 ##### `REDUCE_SSHD`=true
401 Replace `openssh-server` with `dropbear`.
410 Replace `openssh-server` with `dropbear`.
402
411
403 ##### `REDUCE_LOCALE`=true
412 ##### `REDUCE_LOCALE`=true
404 Remove all `locale` translation files.
413 Remove all `locale` translation files.
405
414
406 ---
415 ---
407
416
408 #### Encrypted root partition:
417 #### Encrypted root partition:
409 ##### `ENABLE_CRYPTFS`=false
418 ##### `ENABLE_CRYPTFS`=false
410 Enable full system encryption with dm-crypt. Setup a fully LUKS encrypted root partition (aes-xts-plain64:sha512) and generate required initramfs. The /boot directory will not be encrypted. This parameter will be ignored if `BUILD_KERNEL`=false. `ENABLE_CRYPTFS` is experimental. SSH-to-initramfs is currently not supported but will be soon - feel free to help.
419 Enable full system encryption with dm-crypt. Setup a fully LUKS encrypted root partition (aes-xts-plain64:sha512) and generate required initramfs. The /boot directory will not be encrypted. This parameter will be ignored if `BUILD_KERNEL`=false. `ENABLE_CRYPTFS` is experimental. SSH-to-initramfs is currently not supported but will be soon - feel free to help.
411
420
412 ##### `CRYPTFS_PASSWORD`=""
421 ##### `CRYPTFS_PASSWORD`=""
413 Set password of the encrypted root partition. This parameter is mandatory if `ENABLE_CRYPTFS`=true.
422 Set password of the encrypted root partition. This parameter is mandatory if `ENABLE_CRYPTFS`=true.
414
423
415 ##### `CRYPTFS_MAPPING`="secure"
424 ##### `CRYPTFS_MAPPING`="secure"
416 Set name of dm-crypt managed device-mapper mapping.
425 Set name of dm-crypt managed device-mapper mapping.
417
426
418 ##### `CRYPTFS_CIPHER`="aes-xts-plain64:sha512"
427 ##### `CRYPTFS_CIPHER`="aes-xts-plain64:sha512"
419 Set cipher specification string. `aes-xts*` ciphers are strongly recommended.
428 Set cipher specification string. `aes-xts*` ciphers are strongly recommended.
420
429
421 ##### `CRYPTFS_XTSKEYSIZE`=512
430 ##### `CRYPTFS_XTSKEYSIZE`=512
422 Sets key size in bits. The argument has to be a multiple of 8.
431 Sets key size in bits. The argument has to be a multiple of 8.
423
432
424 ##### `CRYPTFS_DROPBEAR`=false
433 ##### `CRYPTFS_DROPBEAR`=false
425 Enable Dropbear Initramfs support
434 Enable Dropbear Initramfs support
426
435
427 ##### `CRYPTFS_DROPBEAR_PUBKEY`=""
436 ##### `CRYPTFS_DROPBEAR_PUBKEY`=""
428 Provide path to dropbear Public RSA-OpenSSH Key
437 Provide path to dropbear Public RSA-OpenSSH Key
429
438
430 ---
439 ---
431
440
432 #### Build settings:
441 #### Build settings:
433 ##### `BASEDIR`=$(pwd)/images/${RELEASE}
442 ##### `BASEDIR`=$(pwd)/images/${RELEASE}
434 Set a path to a working directory used by the script to generate an image.
443 Set a path to a working directory used by the script to generate an image.
435
444
436 ##### `IMAGE_NAME`=${BASEDIR}/${DATE}-${KERNEL_ARCH}-${KERNEL_BRANCH}-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}
445 ##### `IMAGE_NAME`=${BASEDIR}/${DATE}-${KERNEL_ARCH}-${KERNEL_BRANCH}-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}
437 Set a filename for the output file(s). Note: the script will create $IMAGE_NAME.img if `ENABLE_SPLITFS`=false or $IMAGE_NAME-frmw.img and $IMAGE_NAME-root.img if `ENABLE_SPLITFS`=true. Note 2: If the KERNEL_BRANCH is not set, the word "CURRENT" is used.
446 Set a filename for the output file(s). Note: the script will create $IMAGE_NAME.img if `ENABLE_SPLITFS`=false or $IMAGE_NAME-frmw.img and $IMAGE_NAME-root.img if `ENABLE_SPLITFS`=true. Note 2: If the KERNEL_BRANCH is not set, the word "CURRENT" is used.
438
447
439 ## Understanding the script
448 ## Understanding the script
440 The functions of this script that are required for the different stages of the bootstrapping are split up into single files located inside the `bootstrap.d` directory. During the bootstrapping every script in this directory gets executed in lexicographical order:
449 The functions of this script that are required for the different stages of the bootstrapping are split up into single files located inside the `bootstrap.d` directory. During the bootstrapping every script in this directory gets executed in lexicographical order:
441
450
442 | Script | Description |
451 | Script | Description |
443 | --- | --- |
452 | --- | --- |
444 | `10-bootstrap.sh` | Debootstrap basic system |
453 | `10-bootstrap.sh` | Debootstrap basic system |
445 | `11-apt.sh` | Setup APT repositories |
454 | `11-apt.sh` | Setup APT repositories |
446 | `12-locale.sh` | Setup Locales and keyboard settings |
455 | `12-locale.sh` | Setup Locales and keyboard settings |
447 | `13-kernel.sh` | Build and install RPi 0/1/2/3 Kernel |
456 | `13-kernel.sh` | Build and install RPi 0/1/2/3 Kernel |
448 | `14-fstab.sh` | Setup fstab and initramfs |
457 | `14-fstab.sh` | Setup fstab and initramfs |
449 | `15-rpi-config.sh` | Setup RPi 0/1/2/3 config and cmdline |
458 | `15-rpi-config.sh` | Setup RPi 0/1/2/3 config and cmdline |
450 | `20-networking.sh` | Setup Networking |
459 | `20-networking.sh` | Setup Networking |
451 | `21-firewall.sh` | Setup Firewall |
460 | `21-firewall.sh` | Setup Firewall |
452 | `30-security.sh` | Setup Users and Security settings |
461 | `30-security.sh` | Setup Users and Security settings |
453 | `31-logging.sh` | Setup Logging |
462 | `31-logging.sh` | Setup Logging |
454 | `32-sshd.sh` | Setup SSH and public keys |
463 | `32-sshd.sh` | Setup SSH and public keys |
455 | `41-uboot.sh` | Build and Setup U-Boot |
464 | `41-uboot.sh` | Build and Setup U-Boot |
456 | `42-fbturbo.sh` | Build and Setup fbturbo Xorg driver |
465 | `42-fbturbo.sh` | Build and Setup fbturbo Xorg driver |
457 | `43-videocore.sh` | Build and Setup videocore libraries |
466 | `43-videocore.sh` | Build and Setup videocore libraries |
458 | `50-firstboot.sh` | First boot actions |
467 | `50-firstboot.sh` | First boot actions |
459 | `99-reduce.sh` | Reduce the disk space usage |
468 | `99-reduce.sh` | Reduce the disk space usage |
460
469
461 All the required configuration files that will be copied to the generated OS image are located inside the `files` directory. It is not recommended to modify these configuration files manually.
470 All the required configuration files that will be copied to the generated OS image are located inside the `files` directory. It is not recommended to modify these configuration files manually.
462
471
463 | Directory | Description |
472 | Directory | Description |
464 | --- | --- |
473 | --- | --- |
465 | `apt` | APT management configuration files |
474 | `apt` | APT management configuration files |
466 | `boot` | Boot and RPi 0/1/2/3 configuration files |
475 | `boot` | Boot and RPi 0/1/2/3 configuration files |
467 | `dpkg` | Package Manager configuration |
476 | `dpkg` | Package Manager configuration |
468 | `etc` | Configuration files and rc scripts |
477 | `etc` | Configuration files and rc scripts |
469 | `firstboot` | Scripts that get executed on first boot |
478 | `firstboot` | Scripts that get executed on first boot |
470 | `initramfs` | Initramfs scripts |
479 | `initramfs` | Initramfs scripts |
471 | `iptables` | Firewall configuration files |
480 | `iptables` | Firewall configuration files |
472 | `locales` | Locales configuration |
481 | `locales` | Locales configuration |
473 | `modules` | Kernel Modules configuration |
482 | `modules` | Kernel Modules configuration |
474 | `mount` | Fstab configuration |
483 | `mount` | Fstab configuration |
475 | `network` | Networking configuration files |
484 | `network` | Networking configuration files |
476 | `sysctl.d` | Swapping and Network Hardening configuration |
485 | `sysctl.d` | Swapping and Network Hardening configuration |
477 | `xorg` | fbturbo Xorg driver configuration |
486 | `xorg` | fbturbo Xorg driver configuration |
478
487
479 ## Custom packages and scripts
488 ## Custom packages and scripts
480 Debian custom packages, i.e. those not in the debian repositories, can be installed by placing them in the `packages` directory. They are installed immediately after packages from the repositories are installed. Any dependencies listed in the custom packages will be downloaded automatically from the repositories. Do not list these custom packages in `APT_INCLUDES`.
489 Debian custom packages, i.e. those not in the debian repositories, can be installed by placing them in the `packages` directory. They are installed immediately after packages from the repositories are installed. Any dependencies listed in the custom packages will be downloaded automatically from the repositories. Do not list these custom packages in `APT_INCLUDES`.
481
490
482 Scripts in the custom.d directory will be executed after all other installation is complete but before the image is created.
491 Scripts in the custom.d directory will be executed after all other installation is complete but before the image is created.
483
492
484 ## Logging of the bootstrapping process
493 ## Logging of the bootstrapping process
485 All information related to the bootstrapping process and the commands executed by the `rpi23-gen-image.sh` script can easily be saved into a logfile. The common shell command `script` can be used for this purpose:
494 All information related to the bootstrapping process and the commands executed by the `rpi23-gen-image.sh` script can easily be saved into a logfile. The common shell command `script` can be used for this purpose:
486
495
487 ```shell
496 ```shell
488 script -c 'APT_SERVER=ftp.de.debian.org ./rpi23-gen-image.sh' ./build.log
497 script -c 'APT_SERVER=ftp.de.debian.org ./rpi23-gen-image.sh' ./build.log
489 ```
498 ```
490
499
491 ## Flashing the image file
500 ## Flashing the image file
492 After the image file was successfully created by the `rpi23-gen-image.sh` script it can be copied to the microSD card that will be used by the RPi 0/1/2/3 computer. This can be performed by using the tools `bmaptool` or `dd`. Using `bmaptool` will probably speed-up the copy process because `bmaptool` copies more wisely than `dd`.
501 After the image file was successfully created by the `rpi23-gen-image.sh` script it can be copied to the microSD card that will be used by the RPi 0/1/2/3 computer. This can be performed by using the tools `bmaptool` or `dd`. Using `bmaptool` will probably speed-up the copy process because `bmaptool` copies more wisely than `dd`.
493
502
494 ##### Flashing examples:
503 ##### Flashing examples:
495 ```shell
504 ```shell
496 bmaptool copy ./images/buster/2017-01-23-rpi3-buster.img /dev/mmcblk0
505 bmaptool copy ./images/buster/2017-01-23-rpi3-buster.img /dev/mmcblk0
497 dd bs=4M if=./images/buster/2017-01-23-rpi3-buster.img of=/dev/mmcblk0
506 dd bs=4M if=./images/buster/2017-01-23-rpi3-buster.img of=/dev/mmcblk0
498 ```
507 ```
499 If you have set `ENABLE_SPLITFS`, copy the `-frmw` image on the microSD card, then the `-root` one on the USB drive:
508 If you have set `ENABLE_SPLITFS`, copy the `-frmw` image on the microSD card, then the `-root` one on the USB drive:
500 ```shell
509 ```shell
501 bmaptool copy ./images/buster/2017-01-23-rpi3-buster-frmw.img /dev/mmcblk0
510 bmaptool copy ./images/buster/2017-01-23-rpi3-buster-frmw.img /dev/mmcblk0
502 bmaptool copy ./images/buster/2017-01-23-rpi3-buster-root.img /dev/sdc
511 bmaptool copy ./images/buster/2017-01-23-rpi3-buster-root.img /dev/sdc
503 ```
512 ```
504
513
505 ## QEMU emulation
514 ## QEMU emulation
506 Start QEMU full system emulation:
515 Start QEMU full system emulation:
507 ```shell
516 ```shell
508 qemu-system-arm -m 2048M -M vexpress-a15 -cpu cortex-a15 -kernel kernel7.img -no-reboot -dtb vexpress-v2p-ca15_a7.dtb -sd ${IMAGE_NAME}.qcow2 -append "root=/dev/mmcblk0p2 rw rootfstype=ext4 console=tty1"
517 qemu-system-arm -m 2048M -M vexpress-a15 -cpu cortex-a15 -kernel kernel7.img -no-reboot -dtb vexpress-v2p-ca15_a7.dtb -sd ${IMAGE_NAME}.qcow2 -append "root=/dev/mmcblk0p2 rw rootfstype=ext4 console=tty1"
509 ```
518 ```
510
519
511 Start QEMU full system emulation and output to console:
520 Start QEMU full system emulation and output to console:
512 ```shell
521 ```shell
513 qemu-system-arm -m 2048M -M vexpress-a15 -cpu cortex-a15 -kernel kernel7.img -no-reboot -dtb vexpress-v2p-ca15_a7.dtb -sd ${IMAGE_NAME}.qcow2 -append "root=/dev/mmcblk0p2 rw rootfstype=ext4 console=ttyAMA0,115200 init=/bin/systemd" -serial stdio
522 qemu-system-arm -m 2048M -M vexpress-a15 -cpu cortex-a15 -kernel kernel7.img -no-reboot -dtb vexpress-v2p-ca15_a7.dtb -sd ${IMAGE_NAME}.qcow2 -append "root=/dev/mmcblk0p2 rw rootfstype=ext4 console=ttyAMA0,115200 init=/bin/systemd" -serial stdio
514 ```
523 ```
515
524
516 Start QEMU full system emulation with SMP and output to console:
525 Start QEMU full system emulation with SMP and output to console:
517 ```shell
526 ```shell
518 qemu-system-arm -m 2048M -M vexpress-a15 -cpu cortex-a15 -smp cpus=2,maxcpus=2 -kernel kernel7.img -no-reboot -dtb vexpress-v2p-ca15_a7.dtb -sd ${IMAGE_NAME}.qcow2 -append "root=/dev/mmcblk0p2 rw rootfstype=ext4 console=ttyAMA0,115200 init=/bin/systemd" -serial stdio
527 qemu-system-arm -m 2048M -M vexpress-a15 -cpu cortex-a15 -smp cpus=2,maxcpus=2 -kernel kernel7.img -no-reboot -dtb vexpress-v2p-ca15_a7.dtb -sd ${IMAGE_NAME}.qcow2 -append "root=/dev/mmcblk0p2 rw rootfstype=ext4 console=ttyAMA0,115200 init=/bin/systemd" -serial stdio
519 ```
528 ```
520
529
521 Start QEMU full system emulation with cryptfs, initramfs and output to console:
530 Start QEMU full system emulation with cryptfs, initramfs and output to console:
522 ```shell
531 ```shell
523 qemu-system-arm -m 2048M -M vexpress-a15 -cpu cortex-a15 -kernel kernel7.img -no-reboot -dtb vexpress-v2p-ca15_a7.dtb -sd ${IMAGE_NAME}.qcow2 -initrd "initramfs-${KERNEL_VERSION}" -append "root=/dev/mapper/secure cryptdevice=/dev/mmcblk0p2:secure rw rootfstype=ext4 console=ttyAMA0,115200 init=/bin/systemd" -serial stdio
532 qemu-system-arm -m 2048M -M vexpress-a15 -cpu cortex-a15 -kernel kernel7.img -no-reboot -dtb vexpress-v2p-ca15_a7.dtb -sd ${IMAGE_NAME}.qcow2 -initrd "initramfs-${KERNEL_VERSION}" -append "root=/dev/mapper/secure cryptdevice=/dev/mmcblk0p2:secure rw rootfstype=ext4 console=ttyAMA0,115200 init=/bin/systemd" -serial stdio
524 ```
533 ```
525
534
526 ## External links and references
535 ## External links and references
527 * [Debian worldwide mirror sites](https://www.debian.org/mirror/list)
536 * [Debian worldwide mirror sites](https://www.debian.org/mirror/list)
528 * [Debian Raspberry Pi 2 Wiki](https://wiki.debian.org/RaspberryPi2)
537 * [Debian Raspberry Pi 2 Wiki](https://wiki.debian.org/RaspberryPi2)
529 * [Debian CrossToolchains Wiki](https://wiki.debian.org/CrossToolchains)
538 * [Debian CrossToolchains Wiki](https://wiki.debian.org/CrossToolchains)
530 * [Official Raspberry Pi Firmware on github](https://github.com/raspberrypi/firmware)
539 * [Official Raspberry Pi Firmware on github](https://github.com/raspberrypi/firmware)
531 * [Official Raspberry Pi Kernel on github](https://github.com/raspberrypi/linux)
540 * [Official Raspberry Pi Kernel on github](https://github.com/raspberrypi/linux)
532 * [U-BOOT git repository](https://git.denx.de/?p=u-boot.git;a=summary)
541 * [U-BOOT git repository](https://git.denx.de/?p=u-boot.git;a=summary)
533 * [Xorg DDX driver fbturbo](https://github.com/ssvb/xf86-video-fbturbo)
542 * [Xorg DDX driver fbturbo](https://github.com/ssvb/xf86-video-fbturbo)
534 * [RPi3 Wireless interface firmware](https://github.com/RPi-Distro/firmware-nonfree/tree/master/brcm80211/brcm)
543 * [RPi3 Wireless interface firmware](https://github.com/RPi-Distro/firmware-nonfree/tree/master/brcm80211/brcm)
535 * [Collabora RPi2 Kernel precompiled](https://repositories.collabora.co.uk/debian/)
544 * [Collabora RPi2 Kernel precompiled](https://repositories.collabora.co.uk/debian/)
@@ -1,265 +1,280
1 #
1 #
2 # Setup RPi2/3 config and cmdline
2 # Setup RPi2/3 config and cmdline
3 #
3 #
4
4
5 # Load utility functions
5 # Load utility functions
6 . ./functions.sh
6 . ./functions.sh
7
7
8 if [ -n "$RPI_FIRMWARE_DIR" ] && [ -d "$RPI_FIRMWARE_DIR" ] ; then
8 if [ -n "$RPI_FIRMWARE_DIR" ] && [ -d "$RPI_FIRMWARE_DIR" ] ; then
9 # Install boot binaries from local directory
9 # Install boot binaries from local directory
10 cp "${RPI_FIRMWARE_DIR}"/boot/bootcode.bin "${BOOT_DIR}"/bootcode.bin
10 cp "${RPI_FIRMWARE_DIR}"/boot/bootcode.bin "${BOOT_DIR}"/bootcode.bin
11 cp "${RPI_FIRMWARE_DIR}"/boot/fixup.dat "${BOOT_DIR}"/fixup.dat
11 cp "${RPI_FIRMWARE_DIR}"/boot/fixup.dat "${BOOT_DIR}"/fixup.dat
12 cp "${RPI_FIRMWARE_DIR}"/boot/fixup_cd.dat "${BOOT_DIR}"/fixup_cd.dat
12 cp "${RPI_FIRMWARE_DIR}"/boot/fixup_cd.dat "${BOOT_DIR}"/fixup_cd.dat
13 cp "${RPI_FIRMWARE_DIR}"/boot/fixup_x.dat "${BOOT_DIR}"/fixup_x.dat
13 cp "${RPI_FIRMWARE_DIR}"/boot/fixup_x.dat "${BOOT_DIR}"/fixup_x.dat
14 cp "${RPI_FIRMWARE_DIR}"/boot/start.elf "${BOOT_DIR}"/start.elf
14 cp "${RPI_FIRMWARE_DIR}"/boot/start.elf "${BOOT_DIR}"/start.elf
15 cp "${RPI_FIRMWARE_DIR}"/boot/start_cd.elf "${BOOT_DIR}"/start_cd.elf
15 cp "${RPI_FIRMWARE_DIR}"/boot/start_cd.elf "${BOOT_DIR}"/start_cd.elf
16 cp "${RPI_FIRMWARE_DIR}"/boot/start_x.elf "${BOOT_DIR}"/start_x.elf
16 cp "${RPI_FIRMWARE_DIR}"/boot/start_x.elf "${BOOT_DIR}"/start_x.elf
17 else
17 else
18 # Create temporary directory for boot binaries
18 # Create temporary directory for boot binaries
19 temp_dir=$(as_nobody mktemp -d)
19 temp_dir=$(as_nobody mktemp -d)
20
20
21 # Install latest boot binaries from raspberry/firmware github
21 # Install latest boot binaries from raspberry/firmware github
22 as_nobody wget -q -O "${temp_dir}/bootcode.bin" "${FIRMWARE_URL}/bootcode.bin"
22 as_nobody wget -q -O "${temp_dir}/bootcode.bin" "${FIRMWARE_URL}/bootcode.bin"
23 as_nobody wget -q -O "${temp_dir}/fixup.dat" "${FIRMWARE_URL}/fixup.dat"
23 as_nobody wget -q -O "${temp_dir}/fixup.dat" "${FIRMWARE_URL}/fixup.dat"
24 as_nobody wget -q -O "${temp_dir}/fixup_cd.dat" "${FIRMWARE_URL}/fixup_cd.dat"
24 as_nobody wget -q -O "${temp_dir}/fixup_cd.dat" "${FIRMWARE_URL}/fixup_cd.dat"
25 as_nobody wget -q -O "${temp_dir}/fixup_x.dat" "${FIRMWARE_URL}/fixup_x.dat"
25 as_nobody wget -q -O "${temp_dir}/fixup_x.dat" "${FIRMWARE_URL}/fixup_x.dat"
26 as_nobody wget -q -O "${temp_dir}/start.elf" "${FIRMWARE_URL}/start.elf"
26 as_nobody wget -q -O "${temp_dir}/start.elf" "${FIRMWARE_URL}/start.elf"
27 as_nobody wget -q -O "${temp_dir}/start_cd.elf" "${FIRMWARE_URL}/start_cd.elf"
27 as_nobody wget -q -O "${temp_dir}/start_cd.elf" "${FIRMWARE_URL}/start_cd.elf"
28 as_nobody wget -q -O "${temp_dir}/start_x.elf" "${FIRMWARE_URL}/start_x.elf"
28 as_nobody wget -q -O "${temp_dir}/start_x.elf" "${FIRMWARE_URL}/start_x.elf"
29
29
30 # Move downloaded boot binaries
30 # Move downloaded boot binaries
31 mv "${temp_dir}/"* "${BOOT_DIR}/"
31 mv "${temp_dir}/"* "${BOOT_DIR}/"
32
32
33 # Remove temporary directory for boot binaries
33 # Remove temporary directory for boot binaries
34 rm -fr "${temp_dir}"
34 rm -fr "${temp_dir}"
35
35
36 # Set permissions of the boot binaries
36 # Set permissions of the boot binaries
37 chown -R root:root "${BOOT_DIR}"
37 chown -R root:root "${BOOT_DIR}"
38 chmod -R 600 "${BOOT_DIR}"
38 chmod -R 600 "${BOOT_DIR}"
39 fi
39 fi
40
40
41 # Setup firmware boot cmdline
41 # Setup firmware boot cmdline
42 if [ "$ENABLE_SPLITFS" = true ] ; then
42 if [ "$ENABLE_SPLITFS" = true ] ; then
43 CMDLINE="dwc_otg.lpm_enable=0 root=/dev/sda1 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline rootwait console=tty1 init=/bin/systemd"
43 CMDLINE="dwc_otg.lpm_enable=0 root=/dev/sda1 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline rootwait console=tty1 init=/bin/systemd"
44 else
44 else
45 CMDLINE="dwc_otg.lpm_enable=0 root=/dev/mmcblk0p2 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline rootwait console=tty1 init=/bin/systemd"
45 CMDLINE="dwc_otg.lpm_enable=0 root=/dev/mmcblk0p2 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline rootwait console=tty1 init=/bin/systemd"
46 fi
46 fi
47
47
48 # Add encrypted root partition to cmdline.txt
48 # Add encrypted root partition to cmdline.txt
49 if [ "$ENABLE_CRYPTFS" = true ] ; then
49 if [ "$ENABLE_CRYPTFS" = true ] ; then
50 if [ "$ENABLE_SPLITFS" = true ] ; then
50 if [ "$ENABLE_SPLITFS" = true ] ; then
51 CMDLINE=$(echo "${CMDLINE}" | sed "s/sda1/mapper\/${CRYPTFS_MAPPING} cryptdevice=\/dev\/sda1:${CRYPTFS_MAPPING}/")
51 CMDLINE=$(echo "${CMDLINE}" | sed "s/sda1/mapper\/${CRYPTFS_MAPPING} cryptdevice=\/dev\/sda1:${CRYPTFS_MAPPING}/")
52 else
52 else
53 CMDLINE=$(echo "${CMDLINE}" | sed "s/mmcblk0p2/mapper\/${CRYPTFS_MAPPING} cryptdevice=\/dev\/mmcblk0p2:${CRYPTFS_MAPPING}/")
53 CMDLINE=$(echo "${CMDLINE}" | sed "s/mmcblk0p2/mapper\/${CRYPTFS_MAPPING} cryptdevice=\/dev\/mmcblk0p2:${CRYPTFS_MAPPING}/")
54 fi
54 fi
55 fi
55 fi
56
56
57 # Enable Kernel messages on standard output
57 # Enable Kernel messages on standard output
58 if [ "$ENABLE_PRINTK" = true ] ; then
58 if [ "$ENABLE_PRINTK" = true ] ; then
59 install_readonly files/sysctl.d/83-rpi-printk.conf "${ETC_DIR}/sysctl.d/83-rpi-printk.conf"
59 install_readonly files/sysctl.d/83-rpi-printk.conf "${ETC_DIR}/sysctl.d/83-rpi-printk.conf"
60 fi
60 fi
61
61
62 # Install udev rule for serial alias - serial0 = console serial1=bluetooth
62 # Install udev rule for serial alias - serial0 = console serial1=bluetooth
63 install_readonly files/etc/99-com.rules "${LIB_DIR}/udev/rules.d/99-com.rules"
63 install_readonly files/etc/99-com.rules "${LIB_DIR}/udev/rules.d/99-com.rules"
64
64
65 # Remove IPv6 networking support
65 # Remove IPv6 networking support
66 if [ "$ENABLE_IPV6" = false ] ; then
66 if [ "$ENABLE_IPV6" = false ] ; then
67 CMDLINE="${CMDLINE} ipv6.disable=1"
67 CMDLINE="${CMDLINE} ipv6.disable=1"
68 fi
68 fi
69
69
70 # Automatically assign predictable network interface names
70 # Automatically assign predictable network interface names
71 if [ "$ENABLE_IFNAMES" = false ] ; then
71 if [ "$ENABLE_IFNAMES" = false ] ; then
72 CMDLINE="${CMDLINE} net.ifnames=0"
72 CMDLINE="${CMDLINE} net.ifnames=0"
73 else
73 else
74 CMDLINE="${CMDLINE} net.ifnames=1"
74 CMDLINE="${CMDLINE} net.ifnames=1"
75 fi
75 fi
76
76
77 # Disable Raspberry Pi console logo
78 if [ "$ENABLE_LOGO" = false ] ; then
79 CMDLINE="${CMDLINE} logo.nologo"
80 fi
81
82 # Strictly limit verbosity of boot up console messages
83 if [ "$ENABLE_SILENT_BOOT" = true ] ; then
84 CMDLINE="${CMDLINE} quiet loglevel=0 rd.systemd.show_status=auto rd.udev.log_priority=0"
85 fi
86
77 # Install firmware config
87 # Install firmware config
78 install_readonly files/boot/config.txt "${BOOT_DIR}/config.txt"
88 install_readonly files/boot/config.txt "${BOOT_DIR}/config.txt"
79
89
90 # Disable Raspberry Pi console logo
91 if [ "$ENABLE_SLASH" = false ] ; then
92 echo "disable_splash=1" >> "${BOOT_DIR}/config.txt"
93 fi
94
80 # Locks CPU frequency at maximum
95 # Locks CPU frequency at maximum
81 if [ "$ENABLE_TURBO" = true ] ; then
96 if [ "$ENABLE_TURBO" = true ] ; then
82 echo "force_turbo=1" >> "${BOOT_DIR}/config.txt"
97 echo "force_turbo=1" >> "${BOOT_DIR}/config.txt"
83 # helps to avoid sdcard corruption when force_turbo is enabled.
98 # helps to avoid sdcard corruption when force_turbo is enabled.
84 echo "boot_delay=1" >> "${BOOT_DIR}/config.txt"
99 echo "boot_delay=1" >> "${BOOT_DIR}/config.txt"
85 fi
100 fi
86
101
87 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then
102 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then
88
103
89 # Bluetooth enabled
104 # Bluetooth enabled
90 if [ "$ENABLE_BLUETOOTH" = true ] ; then
105 if [ "$ENABLE_BLUETOOTH" = true ] ; then
91 # Create temporary directory for Bluetooth sources
106 # Create temporary directory for Bluetooth sources
92 temp_dir=$(as_nobody mktemp -d)
107 temp_dir=$(as_nobody mktemp -d)
93
108
94 # Fetch Bluetooth sources
109 # Fetch Bluetooth sources
95 as_nobody git -C "${temp_dir}" clone "${BLUETOOTH_URL}"
110 as_nobody git -C "${temp_dir}" clone "${BLUETOOTH_URL}"
96
111
97 # Copy downloaded sources
112 # Copy downloaded sources
98 mv "${temp_dir}/pi-bluetooth" "${R}/tmp/"
113 mv "${temp_dir}/pi-bluetooth" "${R}/tmp/"
99
114
100 # Bluetooth firmware from arch aur https://aur.archlinux.org/packages/pi-bluetooth/
115 # Bluetooth firmware from arch aur https://aur.archlinux.org/packages/pi-bluetooth/
101 as_nobody wget -q -O "${R}/tmp/pi-bluetooth/LICENCE.broadcom_bcm43xx" https://aur.archlinux.org/cgit/aur.git/plain/LICENCE.broadcom_bcm43xx?h=pi-bluetooth
116 as_nobody wget -q -O "${R}/tmp/pi-bluetooth/LICENCE.broadcom_bcm43xx" https://aur.archlinux.org/cgit/aur.git/plain/LICENCE.broadcom_bcm43xx?h=pi-bluetooth
102 as_nobody wget -q -O "${R}/tmp/pi-bluetooth/BCM43430A1.hcd" https://aur.archlinux.org/cgit/aur.git/plain/BCM43430A1.hcd?h=pi-bluetooth
117 as_nobody wget -q -O "${R}/tmp/pi-bluetooth/BCM43430A1.hcd" https://aur.archlinux.org/cgit/aur.git/plain/BCM43430A1.hcd?h=pi-bluetooth
103
118
104 # Set permissions
119 # Set permissions
105 chown -R root:root "${R}/tmp/pi-bluetooth"
120 chown -R root:root "${R}/tmp/pi-bluetooth"
106
121
107 # Install tools
122 # Install tools
108 install_readonly "${R}/tmp/pi-bluetooth/usr/bin/btuart" "${R}/usr/bin/btuart"
123 install_readonly "${R}/tmp/pi-bluetooth/usr/bin/btuart" "${R}/usr/bin/btuart"
109 install_readonly "${R}/tmp/pi-bluetooth/usr/bin/bthelper" "${R}/usr/bin/bthelper"
124 install_readonly "${R}/tmp/pi-bluetooth/usr/bin/bthelper" "${R}/usr/bin/bthelper"
110
125
111 # make scripts executable
126 # make scripts executable
112 chmod +x "${R}/usr/bin/bthelper"
127 chmod +x "${R}/usr/bin/bthelper"
113 chmod +x "${R}/usr/bin/btuart"
128 chmod +x "${R}/usr/bin/btuart"
114
129
115 # Install bluetooth udev rule
130 # Install bluetooth udev rule
116 install_readonly "${R}/tmp/pi-bluetooth/lib/udev/rules.d/90-pi-bluetooth.rules" "${LIB_DIR}/udev/rules.d/90-pi-bluetooth.rules"
131 install_readonly "${R}/tmp/pi-bluetooth/lib/udev/rules.d/90-pi-bluetooth.rules" "${LIB_DIR}/udev/rules.d/90-pi-bluetooth.rules"
117
132
118 # Install Firmware Flash file and apropiate licence
133 # Install Firmware Flash file and apropiate licence
119 mkdir -p "$BLUETOOTH_FIRMWARE_DIR"
134 mkdir -p "$BLUETOOTH_FIRMWARE_DIR"
120 install_readonly "${R}/tmp/pi-bluetooth/LICENCE.broadcom_bcm43xx" "${BLUETOOTH_FIRMWARE_DIR}/LICENCE.broadcom_bcm43xx"
135 install_readonly "${R}/tmp/pi-bluetooth/LICENCE.broadcom_bcm43xx" "${BLUETOOTH_FIRMWARE_DIR}/LICENCE.broadcom_bcm43xx"
121 install_readonly "${R}/tmp/pi-bluetooth/BCM43430A1.hcd" "${BLUETOOTH_FIRMWARE_DIR}/LICENCE.broadcom_bcm43xx"
136 install_readonly "${R}/tmp/pi-bluetooth/BCM43430A1.hcd" "${BLUETOOTH_FIRMWARE_DIR}/LICENCE.broadcom_bcm43xx"
122 install_readonly "${R}/tmp/pi-bluetooth/debian/pi-bluetooth.bthelper@.service" "${ETC_DIR}/systemd/system/pi-bluetooth.bthelper@.service"
137 install_readonly "${R}/tmp/pi-bluetooth/debian/pi-bluetooth.bthelper@.service" "${ETC_DIR}/systemd/system/pi-bluetooth.bthelper@.service"
123 install_readonly "${R}/tmp/pi-bluetooth/debian/pi-bluetooth.hciuart.service" "${ETC_DIR}/systemd/system/pi-bluetooth.hciuart.service"
138 install_readonly "${R}/tmp/pi-bluetooth/debian/pi-bluetooth.hciuart.service" "${ETC_DIR}/systemd/system/pi-bluetooth.hciuart.service"
124
139
125 # Remove temporary directories
140 # Remove temporary directories
126 rm -fr "${temp_dir}"
141 rm -fr "${temp_dir}"
127 rm -fr "${R}"/tmp/pi-bluetooth
142 rm -fr "${R}"/tmp/pi-bluetooth
128
143
129 # Switch Pi3 Bluetooth function to use the mini-UART (ttyS0) and restore UART0/ttyAMA0 over GPIOs 14 & 15. Slow Bluetooth and slow cpu. Use /dev/ttyS0 instead of /dev/ttyAMA0
144 # Switch Pi3 Bluetooth function to use the mini-UART (ttyS0) and restore UART0/ttyAMA0 over GPIOs 14 & 15. Slow Bluetooth and slow cpu. Use /dev/ttyS0 instead of /dev/ttyAMA0
130 if [ "$ENABLE_MINIUART_OVERLAY" = true ] ; then
145 if [ "$ENABLE_MINIUART_OVERLAY" = true ] ; then
131
146
132 # set overlay to swap ttyAMA0 and ttyS0
147 # set overlay to swap ttyAMA0 and ttyS0
133 echo "dtoverlay=pi3-miniuart-bt" >> "${BOOT_DIR}/config.txt"
148 echo "dtoverlay=pi3-miniuart-bt" >> "${BOOT_DIR}/config.txt"
134
149
135 # if force_turbo didn't lock cpu at high speed, lock it at low speed (XOR logic) or miniuart will be broken
150 # if force_turbo didn't lock cpu at high speed, lock it at low speed (XOR logic) or miniuart will be broken
136 if [ "$ENABLE_TURBO" = false ] ; then
151 if [ "$ENABLE_TURBO" = false ] ; then
137 echo "core_freq=250" >> "${BOOT_DIR}/config.txt"
152 echo "core_freq=250" >> "${BOOT_DIR}/config.txt"
138 fi
153 fi
139 fi
154 fi
140
155
141 # Activate services
156 # Activate services
142 chroot_exec systemctl enable pi-bluetooth.hciuart.service
157 chroot_exec systemctl enable pi-bluetooth.hciuart.service
143
158
144 else # if ENABLE_BLUETOOTH = false
159 else # if ENABLE_BLUETOOTH = false
145 # set overlay to disable bluetooth
160 # set overlay to disable bluetooth
146 echo "dtoverlay=pi3-disable-bt" >> "${BOOT_DIR}/config.txt"
161 echo "dtoverlay=pi3-disable-bt" >> "${BOOT_DIR}/config.txt"
147 fi # ENABLE_BLUETOOTH end
162 fi # ENABLE_BLUETOOTH end
148 fi
163 fi
149
164
150 # may need sudo systemctl disable hciuart
165 # may need sudo systemctl disable hciuart
151 if [ "$ENABLE_CONSOLE" = true ] ; then
166 if [ "$ENABLE_CONSOLE" = true ] ; then
152 echo "enable_uart=1" >> "${BOOT_DIR}/config.txt"
167 echo "enable_uart=1" >> "${BOOT_DIR}/config.txt"
153 # add string to cmdline
168 # add string to cmdline
154 CMDLINE="${CMDLINE} console=serial0,115200"
169 CMDLINE="${CMDLINE} console=serial0,115200"
155
170
156 # Enable serial console systemd style
171 # Enable serial console systemd style
157 chroot_exec systemctl enable serial-getty\@serial0.service
172 chroot_exec systemctl enable serial-getty\@serial0.service
158 else
173 else
159 echo "enable_uart=0" >> "${BOOT_DIR}/config.txt"
174 echo "enable_uart=0" >> "${BOOT_DIR}/config.txt"
160
175
161 # disable serial console systemd style
176 # disable serial console systemd style
162 chroot_exec systemctl disable serial-getty\@"$SET_SERIAL".service
177 chroot_exec systemctl disable serial-getty\@"$SET_SERIAL".service
163 fi
178 fi
164
179
165 if [ "$ENABLE_SYSTEMDSWAP" = true ] ; then
180 if [ "$ENABLE_SYSTEMDSWAP" = true ] ; then
166 # Create temporary directory for systemd-swap sources
181 # Create temporary directory for systemd-swap sources
167 temp_dir=$(as_nobody mktemp -d)
182 temp_dir=$(as_nobody mktemp -d)
168
183
169 # Fetch systemd-swap sources
184 # Fetch systemd-swap sources
170 as_nobody git -C "${temp_dir}" clone "${SYSTEMDSWAP_URL}"
185 as_nobody git -C "${temp_dir}" clone "${SYSTEMDSWAP_URL}"
171
186
172 # Copy downloaded systemd-swap sources
187 # Copy downloaded systemd-swap sources
173 mv "${temp_dir}/systemd-swap" "${R}/tmp/"
188 mv "${temp_dir}/systemd-swap" "${R}/tmp/"
174
189
175 # Set permissions of the systemd-swap sources
190 # Set permissions of the systemd-swap sources
176 chown -R root:root "${R}/tmp/systemd-swap"
191 chown -R root:root "${R}/tmp/systemd-swap"
177
192
178 # Remove temporary directory for systemd-swap sources
193 # Remove temporary directory for systemd-swap sources
179 rm -fr "${temp_dir}"
194 rm -fr "${temp_dir}"
180
195
181 # Change into downloaded src dir
196 # Change into downloaded src dir
182 cd "${R}/tmp/systemd-swap" || exit
197 cd "${R}/tmp/systemd-swap" || exit
183
198
184 # Build package
199 # Build package
185 . ./package.sh debian
200 . ./package.sh debian
186
201
187 # Install package
202 # Install package
188 chroot_exec dpkg -i /tmp/systemd-swap/systemd-swap-*any.deb
203 chroot_exec dpkg -i /tmp/systemd-swap/systemd-swap-*any.deb
189
204
190 # Enable service
205 # Enable service
191 chroot_exec systemctl enable systemd-swap
206 chroot_exec systemctl enable systemd-swap
192
207
193 # Change back into script root dir
208 # Change back into script root dir
194 cd "${WORKDIR}" || exit
209 cd "${WORKDIR}" || exit
195 else
210 else
196 # Enable ZSWAP in cmdline if systemd-swap is not used
211 # Enable ZSWAP in cmdline if systemd-swap is not used
197 if [ "$KERNEL_ZSWAP" = true ] ; then
212 if [ "$KERNEL_ZSWAP" = true ] ; then
198 CMDLINE="${CMDLINE} zswap.enabled=1 zswap.max_pool_percent=25 zswap.compressor=lz4"
213 CMDLINE="${CMDLINE} zswap.enabled=1 zswap.max_pool_percent=25 zswap.compressor=lz4"
199 fi
214 fi
200 fi
215 fi
201
216
202 if [ "$KERNEL_SECURITY" = true ] ; then
217 if [ "$KERNEL_SECURITY" = true ] ; then
203 CMDLINE="${CMDLINE} apparmor=1 security=apparmor"
218 CMDLINE="${CMDLINE} apparmor=1 security=apparmor"
204 fi
219 fi
205
220
206 # Install firmware boot cmdline
221 # Install firmware boot cmdline
207 echo "${CMDLINE}" > "${BOOT_DIR}/cmdline.txt"
222 echo "${CMDLINE}" > "${BOOT_DIR}/cmdline.txt"
208
223
209 # Setup minimal GPU memory allocation size: 16MB (no X)
224 # Setup minimal GPU memory allocation size: 16MB (no X)
210 if [ "$ENABLE_MINGPU" = true ] ; then
225 if [ "$ENABLE_MINGPU" = true ] ; then
211 echo "gpu_mem=16" >> "${BOOT_DIR}/config.txt"
226 echo "gpu_mem=16" >> "${BOOT_DIR}/config.txt"
212 fi
227 fi
213
228
214 # Setup boot with initramfs
229 # Setup boot with initramfs
215 if [ "$ENABLE_INITRAMFS" = true ] ; then
230 if [ "$ENABLE_INITRAMFS" = true ] ; then
216 echo "initramfs initramfs-${KERNEL_VERSION} followkernel" >> "${BOOT_DIR}/config.txt"
231 echo "initramfs initramfs-${KERNEL_VERSION} followkernel" >> "${BOOT_DIR}/config.txt"
217 fi
232 fi
218
233
219 # Create firmware configuration and cmdline symlinks
234 # Create firmware configuration and cmdline symlinks
220 ln -sf firmware/config.txt "${R}/boot/config.txt"
235 ln -sf firmware/config.txt "${R}/boot/config.txt"
221 ln -sf firmware/cmdline.txt "${R}/boot/cmdline.txt"
236 ln -sf firmware/cmdline.txt "${R}/boot/cmdline.txt"
222
237
223 # Install and setup kernel modules to load at boot
238 # Install and setup kernel modules to load at boot
224 mkdir -p "${LIB_DIR}/modules-load.d/"
239 mkdir -p "${LIB_DIR}/modules-load.d/"
225 install_readonly files/modules/rpi2.conf "${LIB_DIR}/modules-load.d/rpi2.conf"
240 install_readonly files/modules/rpi2.conf "${LIB_DIR}/modules-load.d/rpi2.conf"
226
241
227 # Load hardware random module at boot
242 # Load hardware random module at boot
228 if [ "$ENABLE_HWRANDOM" = true ] && [ "$BUILD_KERNEL" = false ] ; then
243 if [ "$ENABLE_HWRANDOM" = true ] && [ "$BUILD_KERNEL" = false ] ; then
229 sed -i "s/^# bcm2708_rng/bcm2708_rng/" "${LIB_DIR}/modules-load.d/rpi2.conf"
244 sed -i "s/^# bcm2708_rng/bcm2708_rng/" "${LIB_DIR}/modules-load.d/rpi2.conf"
230 fi
245 fi
231
246
232 # Load sound module at boot
247 # Load sound module at boot
233 if [ "$ENABLE_SOUND" = true ] ; then
248 if [ "$ENABLE_SOUND" = true ] ; then
234 sed -i "s/^# snd_bcm2835/snd_bcm2835/" "${LIB_DIR}/modules-load.d/rpi2.conf"
249 sed -i "s/^# snd_bcm2835/snd_bcm2835/" "${LIB_DIR}/modules-load.d/rpi2.conf"
235 else
250 else
236 echo "dtparam=audio=off" >> "${BOOT_DIR}/config.txt"
251 echo "dtparam=audio=off" >> "${BOOT_DIR}/config.txt"
237 fi
252 fi
238
253
239 # Enable I2C interface
254 # Enable I2C interface
240 if [ "$ENABLE_I2C" = true ] ; then
255 if [ "$ENABLE_I2C" = true ] ; then
241 echo "dtparam=i2c_arm=on" >> "${BOOT_DIR}/config.txt"
256 echo "dtparam=i2c_arm=on" >> "${BOOT_DIR}/config.txt"
242 sed -i "s/^# i2c-bcm2708/i2c-bcm2708/" "${LIB_DIR}/modules-load.d/rpi2.conf"
257 sed -i "s/^# i2c-bcm2708/i2c-bcm2708/" "${LIB_DIR}/modules-load.d/rpi2.conf"
243 sed -i "s/^# i2c-dev/i2c-dev/" "${LIB_DIR}/modules-load.d/rpi2.conf"
258 sed -i "s/^# i2c-dev/i2c-dev/" "${LIB_DIR}/modules-load.d/rpi2.conf"
244 fi
259 fi
245
260
246 # Enable SPI interface
261 # Enable SPI interface
247 if [ "$ENABLE_SPI" = true ] ; then
262 if [ "$ENABLE_SPI" = true ] ; then
248 echo "dtparam=spi=on" >> "${BOOT_DIR}/config.txt"
263 echo "dtparam=spi=on" >> "${BOOT_DIR}/config.txt"
249 echo "spi-bcm2708" >> "${LIB_DIR}/modules-load.d/rpi2.conf"
264 echo "spi-bcm2708" >> "${LIB_DIR}/modules-load.d/rpi2.conf"
250 if [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ]; then
265 if [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ]; then
251 sed -i "s/spi-bcm2708/spi-bcm2835/" "${LIB_DIR}/modules-load.d/rpi2.conf"
266 sed -i "s/spi-bcm2708/spi-bcm2835/" "${LIB_DIR}/modules-load.d/rpi2.conf"
252 fi
267 fi
253 fi
268 fi
254
269
255 # Disable RPi2/3 under-voltage warnings
270 # Disable RPi2/3 under-voltage warnings
256 if [ -n "$DISABLE_UNDERVOLT_WARNINGS" ] ; then
271 if [ -n "$DISABLE_UNDERVOLT_WARNINGS" ] ; then
257 echo "avoid_warnings=${DISABLE_UNDERVOLT_WARNINGS}" >> "${BOOT_DIR}/config.txt"
272 echo "avoid_warnings=${DISABLE_UNDERVOLT_WARNINGS}" >> "${BOOT_DIR}/config.txt"
258 fi
273 fi
259
274
260 # Install kernel modules blacklist
275 # Install kernel modules blacklist
261 mkdir -p "${ETC_DIR}/modprobe.d/"
276 mkdir -p "${ETC_DIR}/modprobe.d/"
262 install_readonly files/modules/raspi-blacklist.conf "${ETC_DIR}/modprobe.d/raspi-blacklist.conf"
277 install_readonly files/modules/raspi-blacklist.conf "${ETC_DIR}/modprobe.d/raspi-blacklist.conf"
263
278
264 # Install sysctl.d configuration files
279 # Install sysctl.d configuration files
265 install_readonly files/sysctl.d/81-rpi-vm.conf "${ETC_DIR}/sysctl.d/81-rpi-vm.conf"
280 install_readonly files/sysctl.d/81-rpi-vm.conf "${ETC_DIR}/sysctl.d/81-rpi-vm.conf"
@@ -1,864 +1,867
1 #!/bin/sh
1 #!/bin/sh
2 ########################################################################
2 ########################################################################
3 # rpi23-gen-image.sh 2015-2017
3 # rpi23-gen-image.sh 2015-2017
4 #
4 #
5 # Advanced Debian "stretch" and "buster" bootstrap script for Raspberry Pi
5 # Advanced Debian "stretch" and "buster" bootstrap script for Raspberry Pi
6 #
6 #
7 # This program is free software; you can redistribute it and/or
7 # This program is free software; you can redistribute it and/or
8 # modify it under the terms of the GNU General Public License
8 # modify it under the terms of the GNU General Public License
9 # as published by the Free Software Foundation; either version 2
9 # as published by the Free Software Foundation; either version 2
10 # of the License, or (at your option) any later version.
10 # of the License, or (at your option) any later version.
11 #
11 #
12 # Copyright (C) 2015 Jan Wagner <mail@jwagner.eu>
12 # Copyright (C) 2015 Jan Wagner <mail@jwagner.eu>
13 #
13 #
14 # Big thanks for patches and enhancements by 20+ github contributors!
14 # Big thanks for patches and enhancements by 20+ github contributors!
15 ########################################################################
15 ########################################################################
16
16
17 # Are we running as root?
17 # Are we running as root?
18 if [ "$(id -u)" -ne "0" ] ; then
18 if [ "$(id -u)" -ne "0" ] ; then
19 echo "error: this script must be executed with root privileges!"
19 echo "error: this script must be executed with root privileges!"
20 exit 1
20 exit 1
21 fi
21 fi
22
22
23 # Check if ./functions.sh script exists
23 # Check if ./functions.sh script exists
24 if [ ! -r "./functions.sh" ] ; then
24 if [ ! -r "./functions.sh" ] ; then
25 echo "error: './functions.sh' required script not found!"
25 echo "error: './functions.sh' required script not found!"
26 exit 1
26 exit 1
27 fi
27 fi
28
28
29 # Load utility functions
29 # Load utility functions
30 . ./functions.sh
30 . ./functions.sh
31
31
32 # Load parameters from configuration template file
32 # Load parameters from configuration template file
33 if [ -n "$CONFIG_TEMPLATE" ] ; then
33 if [ -n "$CONFIG_TEMPLATE" ] ; then
34 use_template
34 use_template
35 fi
35 fi
36
36
37 # Introduce settings
37 # Introduce settings
38 set -e
38 set -e
39 echo -n -e "\n#\n# RPi 0/1/2/3 Bootstrap Settings\n#\n"
39 echo -n -e "\n#\n# RPi 0/1/2/3 Bootstrap Settings\n#\n"
40 set -x
40 set -x
41
41
42 # Raspberry Pi model configuration
42 # Raspberry Pi model configuration
43 RPI_MODEL=${RPI_MODEL:=2}
43 RPI_MODEL=${RPI_MODEL:=2}
44
44
45 # Debian release
45 # Debian release
46 RELEASE=${RELEASE:=buster}
46 RELEASE=${RELEASE:=buster}
47
47
48 # Kernel Branch
48 # Kernel Branch
49 KERNEL_BRANCH=${KERNEL_BRANCH:=""}
49 KERNEL_BRANCH=${KERNEL_BRANCH:=""}
50
50
51 # URLs
51 # URLs
52 KERNEL_URL=${KERNEL_URL:=https://github.com/raspberrypi/linux}
52 KERNEL_URL=${KERNEL_URL:=https://github.com/raspberrypi/linux}
53 FIRMWARE_URL=${FIRMWARE_URL:=https://github.com/raspberrypi/firmware/raw/master/boot}
53 FIRMWARE_URL=${FIRMWARE_URL:=https://github.com/raspberrypi/firmware/raw/master/boot}
54 WLAN_FIRMWARE_URL=${WLAN_FIRMWARE_URL:=https://github.com/RPi-Distro/firmware-nonfree/raw/master/brcm}
54 WLAN_FIRMWARE_URL=${WLAN_FIRMWARE_URL:=https://github.com/RPi-Distro/firmware-nonfree/raw/master/brcm}
55 COLLABORA_URL=${COLLABORA_URL:=https://repositories.collabora.co.uk/debian}
55 COLLABORA_URL=${COLLABORA_URL:=https://repositories.collabora.co.uk/debian}
56 FBTURBO_URL=${FBTURBO_URL:=https://github.com/ssvb/xf86-video-fbturbo.git}
56 FBTURBO_URL=${FBTURBO_URL:=https://github.com/ssvb/xf86-video-fbturbo.git}
57 UBOOT_URL=${UBOOT_URL:=https://git.denx.de/u-boot.git}
57 UBOOT_URL=${UBOOT_URL:=https://git.denx.de/u-boot.git}
58 VIDEOCORE_URL=${VIDEOCORE_URL:=https://github.com/raspberrypi/userland}
58 VIDEOCORE_URL=${VIDEOCORE_URL:=https://github.com/raspberrypi/userland}
59 BLUETOOTH_URL=${BLUETOOTH_URL:=https://github.com/RPi-Distro/pi-bluetooth.git}
59 BLUETOOTH_URL=${BLUETOOTH_URL:=https://github.com/RPi-Distro/pi-bluetooth.git}
60 NEXMON_URL=${NEXMON_URL:=https://github.com/seemoo-lab/nexmon.git}
60 NEXMON_URL=${NEXMON_URL:=https://github.com/seemoo-lab/nexmon.git}
61 SYSTEMDSWAP_URL=${SYSTEMDSWAP_URL:=https://github.com/Nefelim4ag/systemd-swap.git}
61 SYSTEMDSWAP_URL=${SYSTEMDSWAP_URL:=https://github.com/Nefelim4ag/systemd-swap.git}
62
62
63 # Kernel deb packages for 32bit kernel
63 # Kernel deb packages for 32bit kernel
64 RPI_32_KERNEL_URL=${RPI_32_KERNEL_URL:=https://github.com/hypriot/rpi-kernel/releases/download/v4.14.34/raspberrypi-kernel_20180422-141901_armhf.deb}
64 RPI_32_KERNEL_URL=${RPI_32_KERNEL_URL:=https://github.com/hypriot/rpi-kernel/releases/download/v4.14.34/raspberrypi-kernel_20180422-141901_armhf.deb}
65 RPI_32_KERNELHEADER_URL=${RPI_32_KERNELHEADER_URL:=https://github.com/hypriot/rpi-kernel/releases/download/v4.14.34/raspberrypi-kernel-headers_20180422-141901_armhf.deb}
65 RPI_32_KERNELHEADER_URL=${RPI_32_KERNELHEADER_URL:=https://github.com/hypriot/rpi-kernel/releases/download/v4.14.34/raspberrypi-kernel-headers_20180422-141901_armhf.deb}
66 # Kernel has KVM and zswap enabled - use if KERNEL_* parameters and precompiled kernel are used
66 # Kernel has KVM and zswap enabled - use if KERNEL_* parameters and precompiled kernel are used
67 RPI3_64_BIS_KERNEL_URL=${RPI3_64_BIS_KERNEL_URL:=https://github.com/sakaki-/bcmrpi3-kernel-bis/releases/download/4.14.80.20181113/bcmrpi3-kernel-bis-4.14.80.20181113.tar.xz}
67 RPI3_64_BIS_KERNEL_URL=${RPI3_64_BIS_KERNEL_URL:=https://github.com/sakaki-/bcmrpi3-kernel-bis/releases/download/4.14.80.20181113/bcmrpi3-kernel-bis-4.14.80.20181113.tar.xz}
68 # Default precompiled 64bit kernel
68 # Default precompiled 64bit kernel
69 RPI3_64_DEF_KERNEL_URL=${RPI3_64_DEF_KERNEL_URL:=https://github.com/sakaki-/bcmrpi3-kernel/releases/download/4.14.80.20181113/bcmrpi3-kernel-4.14.80.20181113.tar.xz}
69 RPI3_64_DEF_KERNEL_URL=${RPI3_64_DEF_KERNEL_URL:=https://github.com/sakaki-/bcmrpi3-kernel/releases/download/4.14.80.20181113/bcmrpi3-kernel-4.14.80.20181113.tar.xz}
70 # Generic
70 # Generic
71 RPI3_64_KERNEL_URL=${RPI3_64_KERNEL_URL:=$RPI3_64_DEF_KERNEL_URL}
71 RPI3_64_KERNEL_URL=${RPI3_64_KERNEL_URL:=$RPI3_64_DEF_KERNEL_URL}
72 # Kali kernel src - used if ENABLE_NEXMON=true (they patch the wlan kernel modul)
72 # Kali kernel src - used if ENABLE_NEXMON=true (they patch the wlan kernel modul)
73 KALI_KERNEL_URL=${KALI_KERNEL_URL:=https://github.com/Re4son/re4son-raspberrypi-linux.git}
73 KALI_KERNEL_URL=${KALI_KERNEL_URL:=https://github.com/Re4son/re4son-raspberrypi-linux.git}
74
74
75 # Build directories
75 # Build directories
76 WORKDIR=$(pwd)
76 WORKDIR=$(pwd)
77 BASEDIR=${BASEDIR:=${WORKDIR}/images/${RELEASE}}
77 BASEDIR=${BASEDIR:=${WORKDIR}/images/${RELEASE}}
78 BUILDDIR="${BASEDIR}/build"
78 BUILDDIR="${BASEDIR}/build"
79
79
80 # Chroot directories
80 # Chroot directories
81 R="${BUILDDIR}/chroot"
81 R="${BUILDDIR}/chroot"
82 ETC_DIR="${R}/etc"
82 ETC_DIR="${R}/etc"
83 LIB_DIR="${R}/lib"
83 LIB_DIR="${R}/lib"
84 BOOT_DIR="${R}/boot/firmware"
84 BOOT_DIR="${R}/boot/firmware"
85 KERNEL_DIR="${R}/usr/src/linux"
85 KERNEL_DIR="${R}/usr/src/linux"
86 WLAN_FIRMWARE_DIR="${LIB_DIR}/firmware/brcm"
86 WLAN_FIRMWARE_DIR="${LIB_DIR}/firmware/brcm"
87 BLUETOOTH_FIRMWARE_DIR="${ETC_DIR}/firmware/bt"
87 BLUETOOTH_FIRMWARE_DIR="${ETC_DIR}/firmware/bt"
88
88
89 # Firmware directory: Blank if download from github
89 # Firmware directory: Blank if download from github
90 RPI_FIRMWARE_DIR=${RPI_FIRMWARE_DIR:=""}
90 RPI_FIRMWARE_DIR=${RPI_FIRMWARE_DIR:=""}
91
91
92 # General settings
92 # General settings
93 SET_ARCH=${SET_ARCH:=32}
93 SET_ARCH=${SET_ARCH:=32}
94 HOSTNAME=${HOSTNAME:=rpi${RPI_MODEL}-${RELEASE}}
94 HOSTNAME=${HOSTNAME:=rpi${RPI_MODEL}-${RELEASE}}
95 PASSWORD=${PASSWORD:=raspberry}
95 PASSWORD=${PASSWORD:=raspberry}
96 USER_PASSWORD=${USER_PASSWORD:=raspberry}
96 USER_PASSWORD=${USER_PASSWORD:=raspberry}
97 DEFLOCAL=${DEFLOCAL:="en_US.UTF-8"}
97 DEFLOCAL=${DEFLOCAL:="en_US.UTF-8"}
98 TIMEZONE=${TIMEZONE:="Europe/Berlin"}
98 TIMEZONE=${TIMEZONE:="Europe/Berlin"}
99 EXPANDROOT=${EXPANDROOT:=true}
99 EXPANDROOT=${EXPANDROOT:=true}
100
100
101 # Keyboard settings
101 # Keyboard settings
102 XKB_MODEL=${XKB_MODEL:=""}
102 XKB_MODEL=${XKB_MODEL:=""}
103 XKB_LAYOUT=${XKB_LAYOUT:=""}
103 XKB_LAYOUT=${XKB_LAYOUT:=""}
104 XKB_VARIANT=${XKB_VARIANT:=""}
104 XKB_VARIANT=${XKB_VARIANT:=""}
105 XKB_OPTIONS=${XKB_OPTIONS:=""}
105 XKB_OPTIONS=${XKB_OPTIONS:=""}
106
106
107 # Network settings (DHCP)
107 # Network settings (DHCP)
108 ENABLE_DHCP=${ENABLE_DHCP:=true}
108 ENABLE_DHCP=${ENABLE_DHCP:=true}
109
109
110 # Network settings (static)
110 # Network settings (static)
111 NET_ADDRESS=${NET_ADDRESS:=""}
111 NET_ADDRESS=${NET_ADDRESS:=""}
112 NET_GATEWAY=${NET_GATEWAY:=""}
112 NET_GATEWAY=${NET_GATEWAY:=""}
113 NET_DNS_1=${NET_DNS_1:=""}
113 NET_DNS_1=${NET_DNS_1:=""}
114 NET_DNS_2=${NET_DNS_2:=""}
114 NET_DNS_2=${NET_DNS_2:=""}
115 NET_DNS_DOMAINS=${NET_DNS_DOMAINS:=""}
115 NET_DNS_DOMAINS=${NET_DNS_DOMAINS:=""}
116 NET_NTP_1=${NET_NTP_1:=""}
116 NET_NTP_1=${NET_NTP_1:=""}
117 NET_NTP_2=${NET_NTP_2:=""}
117 NET_NTP_2=${NET_NTP_2:=""}
118
118
119 # APT settings
119 # APT settings
120 APT_PROXY=${APT_PROXY:=""}
120 APT_PROXY=${APT_PROXY:=""}
121 APT_SERVER=${APT_SERVER:="ftp.debian.org"}
121 APT_SERVER=${APT_SERVER:="ftp.debian.org"}
122 KEEP_APT_PROXY=${KEEP_APT_PROXY:=false}
122 KEEP_APT_PROXY=${KEEP_APT_PROXY:=false}
123
123
124 # Feature settings
124 # Feature settings
125 ENABLE_PRINTK=${ENABLE_PRINTK:=false}
125 ENABLE_PRINTK=${ENABLE_PRINTK:=false}
126 ENABLE_BLUETOOTH=${ENABLE_BLUETOOTH:=false}
126 ENABLE_BLUETOOTH=${ENABLE_BLUETOOTH:=false}
127 ENABLE_MINIUART_OVERLAY=${ENABLE_MINIUART_OVERLAY:=false}
127 ENABLE_MINIUART_OVERLAY=${ENABLE_MINIUART_OVERLAY:=false}
128 ENABLE_CONSOLE=${ENABLE_CONSOLE:=true}
128 ENABLE_CONSOLE=${ENABLE_CONSOLE:=true}
129 ENABLE_I2C=${ENABLE_I2C:=false}
129 ENABLE_I2C=${ENABLE_I2C:=false}
130 ENABLE_SPI=${ENABLE_SPI:=false}
130 ENABLE_SPI=${ENABLE_SPI:=false}
131 ENABLE_IPV6=${ENABLE_IPV6:=true}
131 ENABLE_IPV6=${ENABLE_IPV6:=true}
132 ENABLE_SSHD=${ENABLE_SSHD:=true}
132 ENABLE_SSHD=${ENABLE_SSHD:=true}
133 ENABLE_NONFREE=${ENABLE_NONFREE:=false}
133 ENABLE_NONFREE=${ENABLE_NONFREE:=false}
134 ENABLE_WIRELESS=${ENABLE_WIRELESS:=false}
134 ENABLE_WIRELESS=${ENABLE_WIRELESS:=false}
135 ENABLE_SOUND=${ENABLE_SOUND:=true}
135 ENABLE_SOUND=${ENABLE_SOUND:=true}
136 ENABLE_DBUS=${ENABLE_DBUS:=true}
136 ENABLE_DBUS=${ENABLE_DBUS:=true}
137 ENABLE_HWRANDOM=${ENABLE_HWRANDOM:=true}
137 ENABLE_HWRANDOM=${ENABLE_HWRANDOM:=true}
138 ENABLE_MINGPU=${ENABLE_MINGPU:=false}
138 ENABLE_MINGPU=${ENABLE_MINGPU:=false}
139 ENABLE_XORG=${ENABLE_XORG:=false}
139 ENABLE_XORG=${ENABLE_XORG:=false}
140 ENABLE_WM=${ENABLE_WM:=""}
140 ENABLE_WM=${ENABLE_WM:=""}
141 ENABLE_RSYSLOG=${ENABLE_RSYSLOG:=true}
141 ENABLE_RSYSLOG=${ENABLE_RSYSLOG:=true}
142 ENABLE_USER=${ENABLE_USER:=true}
142 ENABLE_USER=${ENABLE_USER:=true}
143 USER_NAME=${USER_NAME:="pi"}
143 USER_NAME=${USER_NAME:="pi"}
144 ENABLE_ROOT=${ENABLE_ROOT:=false}
144 ENABLE_ROOT=${ENABLE_ROOT:=false}
145 ENABLE_QEMU=${ENABLE_QEMU:=false}
145 ENABLE_QEMU=${ENABLE_QEMU:=false}
146 ENABLE_SYSVINIT=${ENABLE_SYSVINIT:=false}
146 ENABLE_SYSVINIT=${ENABLE_SYSVINIT:=false}
147
147
148 # SSH settings
148 # SSH settings
149 SSH_ENABLE_ROOT=${SSH_ENABLE_ROOT:=false}
149 SSH_ENABLE_ROOT=${SSH_ENABLE_ROOT:=false}
150 SSH_DISABLE_PASSWORD_AUTH=${SSH_DISABLE_PASSWORD_AUTH:=false}
150 SSH_DISABLE_PASSWORD_AUTH=${SSH_DISABLE_PASSWORD_AUTH:=false}
151 SSH_LIMIT_USERS=${SSH_LIMIT_USERS:=false}
151 SSH_LIMIT_USERS=${SSH_LIMIT_USERS:=false}
152 SSH_ROOT_PUB_KEY=${SSH_ROOT_PUB_KEY:=""}
152 SSH_ROOT_PUB_KEY=${SSH_ROOT_PUB_KEY:=""}
153 SSH_USER_PUB_KEY=${SSH_USER_PUB_KEY:=""}
153 SSH_USER_PUB_KEY=${SSH_USER_PUB_KEY:=""}
154
154
155 # Advanced settings
155 # Advanced settings
156 ENABLE_SYSTEMDSWAP=${ENABLE_SYSTEMDSWAP:=false}
156 ENABLE_SYSTEMDSWAP=${ENABLE_SYSTEMDSWAP:=false}
157 ENABLE_MINBASE=${ENABLE_MINBASE:=false}
157 ENABLE_MINBASE=${ENABLE_MINBASE:=false}
158 ENABLE_REDUCE=${ENABLE_REDUCE:=false}
158 ENABLE_REDUCE=${ENABLE_REDUCE:=false}
159 ENABLE_UBOOT=${ENABLE_UBOOT:=false}
159 ENABLE_UBOOT=${ENABLE_UBOOT:=false}
160 UBOOTSRC_DIR=${UBOOTSRC_DIR:=""}
160 UBOOTSRC_DIR=${UBOOTSRC_DIR:=""}
161 ENABLE_UBOOTUSB=${ENABLE_UBOOTUSB=false}
161 ENABLE_UBOOTUSB=${ENABLE_UBOOTUSB=false}
162 ENABLE_FBTURBO=${ENABLE_FBTURBO:=false}
162 ENABLE_FBTURBO=${ENABLE_FBTURBO:=false}
163 ENABLE_VIDEOCORE=${ENABLE_VIDEOCORE:=false}
163 ENABLE_VIDEOCORE=${ENABLE_VIDEOCORE:=false}
164 ENABLE_NEXMON=${ENABLE_NEXMON:=false}
164 ENABLE_NEXMON=${ENABLE_NEXMON:=false}
165 VIDEOCORESRC_DIR=${VIDEOCORESRC_DIR:=""}
165 VIDEOCORESRC_DIR=${VIDEOCORESRC_DIR:=""}
166 FBTURBOSRC_DIR=${FBTURBOSRC_DIR:=""}
166 FBTURBOSRC_DIR=${FBTURBOSRC_DIR:=""}
167 NEXMONSRC_DIR=${NEXMONSRC_DIR:=""}
167 NEXMONSRC_DIR=${NEXMONSRC_DIR:=""}
168 ENABLE_HARDNET=${ENABLE_HARDNET:=false}
168 ENABLE_HARDNET=${ENABLE_HARDNET:=false}
169 ENABLE_IPTABLES=${ENABLE_IPTABLES:=false}
169 ENABLE_IPTABLES=${ENABLE_IPTABLES:=false}
170 ENABLE_SPLITFS=${ENABLE_SPLITFS:=false}
170 ENABLE_SPLITFS=${ENABLE_SPLITFS:=false}
171 ENABLE_INITRAMFS=${ENABLE_INITRAMFS:=false}
171 ENABLE_INITRAMFS=${ENABLE_INITRAMFS:=false}
172 ENABLE_IFNAMES=${ENABLE_IFNAMES:=true}
172 ENABLE_IFNAMES=${ENABLE_IFNAMES:=true}
173 ENABLE_SPLASH=${ENABLE_SPLASH:=true}
174 ENABLE_LOGO=${ENABLE_LOGO:=true}
175 ENABLE_SILENT_BOOT=${ENABLE_SILENT_BOOT=false}
173 DISABLE_UNDERVOLT_WARNINGS=${DISABLE_UNDERVOLT_WARNINGS:=}
176 DISABLE_UNDERVOLT_WARNINGS=${DISABLE_UNDERVOLT_WARNINGS:=}
174
177
175 # Kernel compilation settings
178 # Kernel compilation settings
176 BUILD_KERNEL=${BUILD_KERNEL:=true}
179 BUILD_KERNEL=${BUILD_KERNEL:=true}
177 KERNEL_REDUCE=${KERNEL_REDUCE:=false}
180 KERNEL_REDUCE=${KERNEL_REDUCE:=false}
178 KERNEL_THREADS=${KERNEL_THREADS:=1}
181 KERNEL_THREADS=${KERNEL_THREADS:=1}
179 KERNEL_HEADERS=${KERNEL_HEADERS:=true}
182 KERNEL_HEADERS=${KERNEL_HEADERS:=true}
180 KERNEL_MENUCONFIG=${KERNEL_MENUCONFIG:=false}
183 KERNEL_MENUCONFIG=${KERNEL_MENUCONFIG:=false}
181 KERNEL_REMOVESRC=${KERNEL_REMOVESRC:=true}
184 KERNEL_REMOVESRC=${KERNEL_REMOVESRC:=true}
182 KERNEL_OLDDEFCONFIG=${KERNEL_OLDDEFCONFIG:=false}
185 KERNEL_OLDDEFCONFIG=${KERNEL_OLDDEFCONFIG:=false}
183 KERNEL_CCACHE=${KERNEL_CCACHE:=false}
186 KERNEL_CCACHE=${KERNEL_CCACHE:=false}
184 KERNEL_ZSWAP=${KERNEL_ZSWAP:=false}
187 KERNEL_ZSWAP=${KERNEL_ZSWAP:=false}
185 KERNEL_VIRT=${KERNEL_VIRT:=false}
188 KERNEL_VIRT=${KERNEL_VIRT:=false}
186 KERNEL_BPF=${KERNEL_BPF:=false}
189 KERNEL_BPF=${KERNEL_BPF:=false}
187 KERNEL_DEFAULT_GOV=${KERNEL_DEFAULT_GOV:=powersave}
190 KERNEL_DEFAULT_GOV=${KERNEL_DEFAULT_GOV:=powersave}
188 KERNEL_SECURITY=${KERNEL_SECURITY:=false}
191 KERNEL_SECURITY=${KERNEL_SECURITY:=false}
189 KERNEL_NF=${KERNEL_NF:=false}
192 KERNEL_NF=${KERNEL_NF:=false}
190
193
191 # Kernel compilation from source directory settings
194 # Kernel compilation from source directory settings
192 KERNELSRC_DIR=${KERNELSRC_DIR:=""}
195 KERNELSRC_DIR=${KERNELSRC_DIR:=""}
193 KERNELSRC_CLEAN=${KERNELSRC_CLEAN:=false}
196 KERNELSRC_CLEAN=${KERNELSRC_CLEAN:=false}
194 KERNELSRC_CONFIG=${KERNELSRC_CONFIG:=true}
197 KERNELSRC_CONFIG=${KERNELSRC_CONFIG:=true}
195 KERNELSRC_PREBUILT=${KERNELSRC_PREBUILT:=false}
198 KERNELSRC_PREBUILT=${KERNELSRC_PREBUILT:=false}
196
199
197 # Reduce disk usage settings
200 # Reduce disk usage settings
198 REDUCE_APT=${REDUCE_APT:=true}
201 REDUCE_APT=${REDUCE_APT:=true}
199 REDUCE_DOC=${REDUCE_DOC:=true}
202 REDUCE_DOC=${REDUCE_DOC:=true}
200 REDUCE_MAN=${REDUCE_MAN:=true}
203 REDUCE_MAN=${REDUCE_MAN:=true}
201 REDUCE_VIM=${REDUCE_VIM:=false}
204 REDUCE_VIM=${REDUCE_VIM:=false}
202 REDUCE_BASH=${REDUCE_BASH:=false}
205 REDUCE_BASH=${REDUCE_BASH:=false}
203 REDUCE_HWDB=${REDUCE_HWDB:=true}
206 REDUCE_HWDB=${REDUCE_HWDB:=true}
204 REDUCE_SSHD=${REDUCE_SSHD:=true}
207 REDUCE_SSHD=${REDUCE_SSHD:=true}
205 REDUCE_LOCALE=${REDUCE_LOCALE:=true}
208 REDUCE_LOCALE=${REDUCE_LOCALE:=true}
206
209
207 # Encrypted filesystem settings
210 # Encrypted filesystem settings
208 ENABLE_CRYPTFS=${ENABLE_CRYPTFS:=false}
211 ENABLE_CRYPTFS=${ENABLE_CRYPTFS:=false}
209 CRYPTFS_PASSWORD=${CRYPTFS_PASSWORD:=""}
212 CRYPTFS_PASSWORD=${CRYPTFS_PASSWORD:=""}
210 CRYPTFS_MAPPING=${CRYPTFS_MAPPING:="secure"}
213 CRYPTFS_MAPPING=${CRYPTFS_MAPPING:="secure"}
211 CRYPTFS_CIPHER=${CRYPTFS_CIPHER:="aes-xts-plain64:sha512"}
214 CRYPTFS_CIPHER=${CRYPTFS_CIPHER:="aes-xts-plain64:sha512"}
212 CRYPTFS_XTSKEYSIZE=${CRYPTFS_XTSKEYSIZE:=512}
215 CRYPTFS_XTSKEYSIZE=${CRYPTFS_XTSKEYSIZE:=512}
213 #Dropbear-initramfs supports unlocking encrypted filesystem via SSH on bootup
216 #Dropbear-initramfs supports unlocking encrypted filesystem via SSH on bootup
214 CRYPTFS_DROPBEAR=${CRYPTFS_DROPBEAR:=false}
217 CRYPTFS_DROPBEAR=${CRYPTFS_DROPBEAR:=false}
215 #Provide your own Dropbear Public RSA-OpenSSH Key otherwise it will be generated
218 #Provide your own Dropbear Public RSA-OpenSSH Key otherwise it will be generated
216 CRYPTFS_DROPBEAR_PUBKEY=${CRYPTFS_DROPBEAR_PUBKEY:=""}
219 CRYPTFS_DROPBEAR_PUBKEY=${CRYPTFS_DROPBEAR_PUBKEY:=""}
217
220
218 # Chroot scripts directory
221 # Chroot scripts directory
219 CHROOT_SCRIPTS=${CHROOT_SCRIPTS:=""}
222 CHROOT_SCRIPTS=${CHROOT_SCRIPTS:=""}
220
223
221 # Packages required in the chroot build environment
224 # Packages required in the chroot build environment
222 APT_INCLUDES=${APT_INCLUDES:=""}
225 APT_INCLUDES=${APT_INCLUDES:=""}
223 APT_INCLUDES="${APT_INCLUDES},apt-transport-https,apt-utils,ca-certificates,debian-archive-keyring,dialog,sudo,systemd,sysvinit-utils,locales,keyboard-configuration,console-setup,libnss-systemd"
226 APT_INCLUDES="${APT_INCLUDES},apt-transport-https,apt-utils,ca-certificates,debian-archive-keyring,dialog,sudo,systemd,sysvinit-utils,locales,keyboard-configuration,console-setup,libnss-systemd"
224
227
225 # Packages to exclude from chroot build environment
228 # Packages to exclude from chroot build environment
226 APT_EXCLUDES=${APT_EXCLUDES:=""}
229 APT_EXCLUDES=${APT_EXCLUDES:=""}
227
230
228 # Packages required for bootstrapping
231 # Packages required for bootstrapping
229 REQUIRED_PACKAGES="debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git bc psmisc dbus sudo"
232 REQUIRED_PACKAGES="debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git bc psmisc dbus sudo"
230 MISSING_PACKAGES=""
233 MISSING_PACKAGES=""
231
234
232 # Packages installed for c/c++ build environment in chroot (keep empty)
235 # Packages installed for c/c++ build environment in chroot (keep empty)
233 COMPILER_PACKAGES=""
236 COMPILER_PACKAGES=""
234
237
235 # Check if apt-cacher-ng has port 3142 open and set APT_PROXY
238 # Check if apt-cacher-ng has port 3142 open and set APT_PROXY
236 APT_CACHER_RUNNING=$(lsof -i :3142 | cut -d ' ' -f3 | uniq | sed '/^\s*$/d')
239 APT_CACHER_RUNNING=$(lsof -i :3142 | cut -d ' ' -f3 | uniq | sed '/^\s*$/d')
237 if [ "${APT_CACHER_RUNNING}" = "apt-cacher-ng" ] ; then
240 if [ "${APT_CACHER_RUNNING}" = "apt-cacher-ng" ] ; then
238 APT_PROXY=http://127.0.0.1:3142/
241 APT_PROXY=http://127.0.0.1:3142/
239 fi
242 fi
240
243
241 # Setup architecture specific settings
244 # Setup architecture specific settings
242 if [ -n "$SET_ARCH" ] ; then
245 if [ -n "$SET_ARCH" ] ; then
243 # 64-bit configuration
246 # 64-bit configuration
244 if [ "$SET_ARCH" = 64 ] ; then
247 if [ "$SET_ARCH" = 64 ] ; then
245 # General 64-bit depended settings
248 # General 64-bit depended settings
246 QEMU_BINARY=${QEMU_BINARY:=/usr/bin/qemu-aarch64-static}
249 QEMU_BINARY=${QEMU_BINARY:=/usr/bin/qemu-aarch64-static}
247 KERNEL_ARCH=${KERNEL_ARCH:=arm64}
250 KERNEL_ARCH=${KERNEL_ARCH:=arm64}
248 KERNEL_BIN_IMAGE=${KERNEL_BIN_IMAGE:="Image"}
251 KERNEL_BIN_IMAGE=${KERNEL_BIN_IMAGE:="Image"}
249
252
250 # Raspberry Pi model specific settings
253 # Raspberry Pi model specific settings
251 if [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then
254 if [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then
252 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-arm64"
255 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-arm64"
253 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcmrpi3_defconfig}
256 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcmrpi3_defconfig}
254 RELEASE_ARCH=${RELEASE_ARCH:=arm64}
257 RELEASE_ARCH=${RELEASE_ARCH:=arm64}
255 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel8.img}
258 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel8.img}
256 CROSS_COMPILE=${CROSS_COMPILE:=aarch64-linux-gnu-}
259 CROSS_COMPILE=${CROSS_COMPILE:=aarch64-linux-gnu-}
257 else
260 else
258 echo "error: Only Raspberry PI 3 and 3B+ support 64-bit"
261 echo "error: Only Raspberry PI 3 and 3B+ support 64-bit"
259 exit 1
262 exit 1
260 fi
263 fi
261 fi
264 fi
262
265
263 # 32-bit configuration
266 # 32-bit configuration
264 if [ "$SET_ARCH" = 32 ] ; then
267 if [ "$SET_ARCH" = 32 ] ; then
265 # General 32-bit dependend settings
268 # General 32-bit dependend settings
266 QEMU_BINARY=${QEMU_BINARY:=/usr/bin/qemu-arm-static}
269 QEMU_BINARY=${QEMU_BINARY:=/usr/bin/qemu-arm-static}
267 KERNEL_ARCH=${KERNEL_ARCH:=arm}
270 KERNEL_ARCH=${KERNEL_ARCH:=arm}
268 KERNEL_BIN_IMAGE=${KERNEL_BIN_IMAGE:="zImage"}
271 KERNEL_BIN_IMAGE=${KERNEL_BIN_IMAGE:="zImage"}
269
272
270 # Raspberry Pi model specific settings
273 # Raspberry Pi model specific settings
271 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 1 ] || [ "$RPI_MODEL" = 1P ] ; then
274 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 1 ] || [ "$RPI_MODEL" = 1P ] ; then
272 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-armel"
275 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-armel"
273 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcmrpi_defconfig}
276 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcmrpi_defconfig}
274 RELEASE_ARCH=${RELEASE_ARCH:=armel}
277 RELEASE_ARCH=${RELEASE_ARCH:=armel}
275 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel.img}
278 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel.img}
276 CROSS_COMPILE=${CROSS_COMPILE:=arm-linux-gnueabi-}
279 CROSS_COMPILE=${CROSS_COMPILE:=arm-linux-gnueabi-}
277 fi
280 fi
278
281
279 # Raspberry Pi model specific settings
282 # Raspberry Pi model specific settings
280 if [ "$RPI_MODEL" = 2 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then
283 if [ "$RPI_MODEL" = 2 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then
281 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-armhf"
284 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-armhf"
282 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcm2709_defconfig}
285 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcm2709_defconfig}
283 RELEASE_ARCH=${RELEASE_ARCH:=armhf}
286 RELEASE_ARCH=${RELEASE_ARCH:=armhf}
284 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel7.img}
287 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel7.img}
285 CROSS_COMPILE=${CROSS_COMPILE:=arm-linux-gnueabihf-}
288 CROSS_COMPILE=${CROSS_COMPILE:=arm-linux-gnueabihf-}
286 fi
289 fi
287 fi
290 fi
288 # SET_ARCH not set
291 # SET_ARCH not set
289 else
292 else
290 echo "error: Please set '32' or '64' as value for SET_ARCH"
293 echo "error: Please set '32' or '64' as value for SET_ARCH"
291 exit 1
294 exit 1
292 fi
295 fi
293 # Device specific configuration and U-Boot configuration
296 # Device specific configuration and U-Boot configuration
294 case "$RPI_MODEL" in
297 case "$RPI_MODEL" in
295 0)
298 0)
296 DTB_FILE=${DTB_FILE:=bcm2708-rpi-0-w.dtb}
299 DTB_FILE=${DTB_FILE:=bcm2708-rpi-0-w.dtb}
297 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_defconfig}
300 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_defconfig}
298 ;;
301 ;;
299 1)
302 1)
300 DTB_FILE=${DTB_FILE:=bcm2708-rpi-b.dtb}
303 DTB_FILE=${DTB_FILE:=bcm2708-rpi-b.dtb}
301 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_defconfig}
304 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_defconfig}
302 ;;
305 ;;
303 1P)
306 1P)
304 DTB_FILE=${DTB_FILE:=bcm2708-rpi-b-plus.dtb}
307 DTB_FILE=${DTB_FILE:=bcm2708-rpi-b-plus.dtb}
305 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_defconfig}
308 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_defconfig}
306 ;;
309 ;;
307 2)
310 2)
308 DTB_FILE=${DTB_FILE:=bcm2709-rpi-2-b.dtb}
311 DTB_FILE=${DTB_FILE:=bcm2709-rpi-2-b.dtb}
309 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_2_defconfig}
312 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_2_defconfig}
310 ;;
313 ;;
311 3)
314 3)
312 DTB_FILE=${DTB_FILE:=bcm2710-rpi-3-b.dtb}
315 DTB_FILE=${DTB_FILE:=bcm2710-rpi-3-b.dtb}
313 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_3_defconfig}
316 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_3_defconfig}
314 ;;
317 ;;
315 3P)
318 3P)
316 DTB_FILE=${DTB_FILE:=bcm2710-rpi-3-b.dtb}
319 DTB_FILE=${DTB_FILE:=bcm2710-rpi-3-b.dtb}
317 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_3_defconfig}
320 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_3_defconfig}
318 ;;
321 ;;
319 *)
322 *)
320 echo "error: Raspberry Pi model $RPI_MODEL is not supported!"
323 echo "error: Raspberry Pi model $RPI_MODEL is not supported!"
321 exit 1
324 exit 1
322 ;;
325 ;;
323 esac
326 esac
324
327
325 if [ "$ENABLE_UBOOTUSB" = true ] ; then
328 if [ "$ENABLE_UBOOTUSB" = true ] ; then
326 if [ "$ENABLE_UBOOT" = false ] ; then
329 if [ "$ENABLE_UBOOT" = false ] ; then
327 echo "error: Enabling UBOOTUSB requires u-boot to be enabled"
330 echo "error: Enabling UBOOTUSB requires u-boot to be enabled"
328 exit 1
331 exit 1
329 fi
332 fi
330 if [ "$RPI_MODEL" != 3 ] || [ "$RPI_MODEL" != 3P ] ; then
333 if [ "$RPI_MODEL" != 3 ] || [ "$RPI_MODEL" != 3P ] ; then
331 echo "error: Enabling UBOOTUSB requires Raspberry 3"
334 echo "error: Enabling UBOOTUSB requires Raspberry 3"
332 exit 1
335 exit 1
333 fi
336 fi
334 fi
337 fi
335
338
336 # Raspberry PI 0,3,3P with Bluetooth and Wifi onboard
339 # Raspberry PI 0,3,3P with Bluetooth and Wifi onboard
337 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then
340 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then
338 # Include bluetooth packages on supported boards
341 # Include bluetooth packages on supported boards
339 if [ "$ENABLE_BLUETOOTH" = true ] ; then
342 if [ "$ENABLE_BLUETOOTH" = true ] ; then
340 APT_INCLUDES="${APT_INCLUDES},bluetooth,bluez"
343 APT_INCLUDES="${APT_INCLUDES},bluetooth,bluez"
341 fi
344 fi
342 if [ "$ENABLE_WIRELESS" = true ] ; then
345 if [ "$ENABLE_WIRELESS" = true ] ; then
343 APT_INCLUDES="${APT_INCLUDES},wireless-tools,crda,wireless-regdb"
346 APT_INCLUDES="${APT_INCLUDES},wireless-tools,crda,wireless-regdb"
344 fi
347 fi
345 else # Raspberry PI 1,1P,2 without Wifi and bluetooth onboard
348 else # Raspberry PI 1,1P,2 without Wifi and bluetooth onboard
346 # Check if the internal wireless interface is not supported by the RPi model
349 # Check if the internal wireless interface is not supported by the RPi model
347 if [ "$ENABLE_WIRELESS" = true ] || [ "$ENABLE_BLUETOOTH" = true ]; then
350 if [ "$ENABLE_WIRELESS" = true ] || [ "$ENABLE_BLUETOOTH" = true ]; then
348 echo "error: The selected Raspberry Pi model has no integrated interface for wireless or bluetooth"
351 echo "error: The selected Raspberry Pi model has no integrated interface for wireless or bluetooth"
349 exit 1
352 exit 1
350 fi
353 fi
351 fi
354 fi
352
355
353 if [ "$BUILD_KERNEL" = false ] && [ "$ENABLE_NEXMON" = true ]; then
356 if [ "$BUILD_KERNEL" = false ] && [ "$ENABLE_NEXMON" = true ]; then
354 echo "error: You have to compile kernel sources, if you want to enable nexmon"
357 echo "error: You have to compile kernel sources, if you want to enable nexmon"
355 exit 1
358 exit 1
356 fi
359 fi
357
360
358 # Prepare date string for default image file name
361 # Prepare date string for default image file name
359 DATE="$(date +%Y-%m-%d)"
362 DATE="$(date +%Y-%m-%d)"
360 if [ -z "$KERNEL_BRANCH" ] ; then
363 if [ -z "$KERNEL_BRANCH" ] ; then
361 IMAGE_NAME=${IMAGE_NAME:=${BASEDIR}/${DATE}-${KERNEL_ARCH}-CURRENT-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}}
364 IMAGE_NAME=${IMAGE_NAME:=${BASEDIR}/${DATE}-${KERNEL_ARCH}-CURRENT-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}}
362 else
365 else
363 IMAGE_NAME=${IMAGE_NAME:=${BASEDIR}/${DATE}-${KERNEL_ARCH}-${KERNEL_BRANCH}-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}}
366 IMAGE_NAME=${IMAGE_NAME:=${BASEDIR}/${DATE}-${KERNEL_ARCH}-${KERNEL_BRANCH}-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}}
364 fi
367 fi
365
368
366 # Check if DISABLE_UNDERVOLT_WARNINGS parameter value is supported
369 # Check if DISABLE_UNDERVOLT_WARNINGS parameter value is supported
367 if [ -n "$DISABLE_UNDERVOLT_WARNINGS" ] ; then
370 if [ -n "$DISABLE_UNDERVOLT_WARNINGS" ] ; then
368 if [ "$DISABLE_UNDERVOLT_WARNINGS" != 1 ] && [ "$DISABLE_UNDERVOLT_WARNINGS" != 2 ] ; then
371 if [ "$DISABLE_UNDERVOLT_WARNINGS" != 1 ] && [ "$DISABLE_UNDERVOLT_WARNINGS" != 2 ] ; then
369 echo "error: DISABLE_UNDERVOLT_WARNINGS=${DISABLE_UNDERVOLT_WARNINGS} is not supported"
372 echo "error: DISABLE_UNDERVOLT_WARNINGS=${DISABLE_UNDERVOLT_WARNINGS} is not supported"
370 exit 1
373 exit 1
371 fi
374 fi
372 fi
375 fi
373
376
374 # Add cmake to compile videocore sources
377 # Add cmake to compile videocore sources
375 if [ "$ENABLE_VIDEOCORE" = true ] ; then
378 if [ "$ENABLE_VIDEOCORE" = true ] ; then
376 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} cmake"
379 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} cmake"
377 fi
380 fi
378
381
379 # Add deps for nexmon
382 # Add deps for nexmon
380 if [ "$ENABLE_NEXMON" = true ] ; then
383 if [ "$ENABLE_NEXMON" = true ] ; then
381 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} libgmp3-dev gawk qpdf bison flex make autoconf automake build-essential libtool"
384 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} libgmp3-dev gawk qpdf bison flex make autoconf automake build-essential libtool"
382 fi
385 fi
383
386
384 # Add libncurses5 to enable kernel menuconfig
387 # Add libncurses5 to enable kernel menuconfig
385 if [ "$KERNEL_MENUCONFIG" = true ] ; then
388 if [ "$KERNEL_MENUCONFIG" = true ] ; then
386 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} libncurses-dev"
389 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} libncurses-dev"
387 fi
390 fi
388
391
389 # Add ccache compiler cache for (faster) kernel cross (re)compilation
392 # Add ccache compiler cache for (faster) kernel cross (re)compilation
390 if [ "$KERNEL_CCACHE" = true ] ; then
393 if [ "$KERNEL_CCACHE" = true ] ; then
391 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} ccache"
394 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} ccache"
392 fi
395 fi
393
396
394 # Add cryptsetup package to enable filesystem encryption
397 # Add cryptsetup package to enable filesystem encryption
395 if [ "$ENABLE_CRYPTFS" = true ] && [ "$BUILD_KERNEL" = true ] ; then
398 if [ "$ENABLE_CRYPTFS" = true ] && [ "$BUILD_KERNEL" = true ] ; then
396 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} cryptsetup"
399 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} cryptsetup"
397 APT_INCLUDES="${APT_INCLUDES},cryptsetup,busybox,console-setup"
400 APT_INCLUDES="${APT_INCLUDES},cryptsetup,busybox,console-setup"
398
401
399 # If cryptfs,dropbear and initramfs are enabled include dropbear-initramfs package
402 # If cryptfs,dropbear and initramfs are enabled include dropbear-initramfs package
400 if [ "$CRYPTFS_DROPBEAR" = true ] && [ "$ENABLE_INITRAMFS" = true ]; then
403 if [ "$CRYPTFS_DROPBEAR" = true ] && [ "$ENABLE_INITRAMFS" = true ]; then
401 APT_INCLUDES="${APT_INCLUDES},dropbear-initramfs"
404 APT_INCLUDES="${APT_INCLUDES},dropbear-initramfs"
402 fi
405 fi
403
406
404 if [ -z "$CRYPTFS_PASSWORD" ] ; then
407 if [ -z "$CRYPTFS_PASSWORD" ] ; then
405 echo "error: no password defined (CRYPTFS_PASSWORD)!"
408 echo "error: no password defined (CRYPTFS_PASSWORD)!"
406 exit 1
409 exit 1
407 fi
410 fi
408 ENABLE_INITRAMFS=true
411 ENABLE_INITRAMFS=true
409 fi
412 fi
410
413
411 # Add initramfs generation tools
414 # Add initramfs generation tools
412 if [ "$ENABLE_INITRAMFS" = true ] && [ "$BUILD_KERNEL" = true ] ; then
415 if [ "$ENABLE_INITRAMFS" = true ] && [ "$BUILD_KERNEL" = true ] ; then
413 APT_INCLUDES="${APT_INCLUDES},initramfs-tools"
416 APT_INCLUDES="${APT_INCLUDES},initramfs-tools"
414 fi
417 fi
415
418
416 # Add device-tree-compiler required for building the U-Boot bootloader
419 # Add device-tree-compiler required for building the U-Boot bootloader
417 if [ "$ENABLE_UBOOT" = true ] ; then
420 if [ "$ENABLE_UBOOT" = true ] ; then
418 APT_INCLUDES="${APT_INCLUDES},device-tree-compiler,bison,flex,bc"
421 APT_INCLUDES="${APT_INCLUDES},device-tree-compiler,bison,flex,bc"
419 fi
422 fi
420
423
421 # Check if root SSH (v2) public key file exists
424 # Check if root SSH (v2) public key file exists
422 if [ -n "$SSH_ROOT_PUB_KEY" ] ; then
425 if [ -n "$SSH_ROOT_PUB_KEY" ] ; then
423 if [ ! -f "$SSH_ROOT_PUB_KEY" ] ; then
426 if [ ! -f "$SSH_ROOT_PUB_KEY" ] ; then
424 echo "error: '$SSH_ROOT_PUB_KEY' specified SSH public key file not found (SSH_ROOT_PUB_KEY)!"
427 echo "error: '$SSH_ROOT_PUB_KEY' specified SSH public key file not found (SSH_ROOT_PUB_KEY)!"
425 exit 1
428 exit 1
426 fi
429 fi
427 fi
430 fi
428
431
429 # Check if $USER_NAME SSH (v2) public key file exists
432 # Check if $USER_NAME SSH (v2) public key file exists
430 if [ -n "$SSH_USER_PUB_KEY" ] ; then
433 if [ -n "$SSH_USER_PUB_KEY" ] ; then
431 if [ ! -f "$SSH_USER_PUB_KEY" ] ; then
434 if [ ! -f "$SSH_USER_PUB_KEY" ] ; then
432 echo "error: '$SSH_USER_PUB_KEY' specified SSH public key file not found (SSH_USER_PUB_KEY)!"
435 echo "error: '$SSH_USER_PUB_KEY' specified SSH public key file not found (SSH_USER_PUB_KEY)!"
433 exit 1
436 exit 1
434 fi
437 fi
435 fi
438 fi
436
439
437 if [ "$ENABLE_NEXMON" = true ] && [ -n "$KERNEL_BRANCH" ] ; then
440 if [ "$ENABLE_NEXMON" = true ] && [ -n "$KERNEL_BRANCH" ] ; then
438 echo "error: Please unset KERNEL_BRANCH if using ENABLE_NEXMON"
441 echo "error: Please unset KERNEL_BRANCH if using ENABLE_NEXMON"
439 exit 1
442 exit 1
440 fi
443 fi
441
444
442 # Check if all required packages are installed on the build system
445 # Check if all required packages are installed on the build system
443 for package in $REQUIRED_PACKAGES ; do
446 for package in $REQUIRED_PACKAGES ; do
444 if [ "$(dpkg-query -W -f='${Status}' "$package")" != "install ok installed" ] ; then
447 if [ "$(dpkg-query -W -f='${Status}' "$package")" != "install ok installed" ] ; then
445 MISSING_PACKAGES="${MISSING_PACKAGES} $package"
448 MISSING_PACKAGES="${MISSING_PACKAGES} $package"
446 fi
449 fi
447 done
450 done
448
451
449 # If there are missing packages ask confirmation for install, or exit
452 # If there are missing packages ask confirmation for install, or exit
450 if [ -n "$MISSING_PACKAGES" ] ; then
453 if [ -n "$MISSING_PACKAGES" ] ; then
451 echo "the following packages needed by this script are not installed:"
454 echo "the following packages needed by this script are not installed:"
452 echo "$MISSING_PACKAGES"
455 echo "$MISSING_PACKAGES"
453
456
454 printf "\ndo you want to install the missing packages right now? [y/n] "
457 printf "\ndo you want to install the missing packages right now? [y/n] "
455 read -r confirm
458 read -r confirm
456 [ "$confirm" != "y" ] && exit 1
459 [ "$confirm" != "y" ] && exit 1
457
460
458 # Make sure all missing required packages are installed
461 # Make sure all missing required packages are installed
459 apt-get -qq -y install `echo "${MISSING_PACKAGES}" | sed "s/ //"`
462 apt-get -qq -y install `echo "${MISSING_PACKAGES}" | sed "s/ //"`
460 fi
463 fi
461
464
462 # Check if ./bootstrap.d directory exists
465 # Check if ./bootstrap.d directory exists
463 if [ ! -d "./bootstrap.d/" ] ; then
466 if [ ! -d "./bootstrap.d/" ] ; then
464 echo "error: './bootstrap.d' required directory not found!"
467 echo "error: './bootstrap.d' required directory not found!"
465 exit 1
468 exit 1
466 fi
469 fi
467
470
468 # Check if ./files directory exists
471 # Check if ./files directory exists
469 if [ ! -d "./files/" ] ; then
472 if [ ! -d "./files/" ] ; then
470 echo "error: './files' required directory not found!"
473 echo "error: './files' required directory not found!"
471 exit 1
474 exit 1
472 fi
475 fi
473
476
474 # Check if specified KERNELSRC_DIR directory exists
477 # Check if specified KERNELSRC_DIR directory exists
475 if [ -n "$KERNELSRC_DIR" ] && [ ! -d "$KERNELSRC_DIR" ] ; then
478 if [ -n "$KERNELSRC_DIR" ] && [ ! -d "$KERNELSRC_DIR" ] ; then
476 echo "error: '${KERNELSRC_DIR}' specified directory not found (KERNELSRC_DIR)!"
479 echo "error: '${KERNELSRC_DIR}' specified directory not found (KERNELSRC_DIR)!"
477 exit 1
480 exit 1
478 fi
481 fi
479
482
480 # Check if specified UBOOTSRC_DIR directory exists
483 # Check if specified UBOOTSRC_DIR directory exists
481 if [ -n "$UBOOTSRC_DIR" ] && [ ! -d "$UBOOTSRC_DIR" ] ; then
484 if [ -n "$UBOOTSRC_DIR" ] && [ ! -d "$UBOOTSRC_DIR" ] ; then
482 echo "error: '${UBOOTSRC_DIR}' specified directory not found (UBOOTSRC_DIR)!"
485 echo "error: '${UBOOTSRC_DIR}' specified directory not found (UBOOTSRC_DIR)!"
483 exit 1
486 exit 1
484 fi
487 fi
485
488
486 # Check if specified VIDEOCORESRC_DIR directory exists
489 # Check if specified VIDEOCORESRC_DIR directory exists
487 if [ -n "$VIDEOCORESRC_DIR" ] && [ ! -d "$VIDEOCORESRC_DIR" ] ; then
490 if [ -n "$VIDEOCORESRC_DIR" ] && [ ! -d "$VIDEOCORESRC_DIR" ] ; then
488 echo "error: '${VIDEOCORESRC_DIR}' specified directory not found (VIDEOCORESRC_DIR)!"
491 echo "error: '${VIDEOCORESRC_DIR}' specified directory not found (VIDEOCORESRC_DIR)!"
489 exit 1
492 exit 1
490 fi
493 fi
491
494
492 # Check if specified FBTURBOSRC_DIR directory exists
495 # Check if specified FBTURBOSRC_DIR directory exists
493 if [ -n "$FBTURBOSRC_DIR" ] && [ ! -d "$FBTURBOSRC_DIR" ] ; then
496 if [ -n "$FBTURBOSRC_DIR" ] && [ ! -d "$FBTURBOSRC_DIR" ] ; then
494 echo "error: '${FBTURBOSRC_DIR}' specified directory not found (FBTURBOSRC_DIR)!"
497 echo "error: '${FBTURBOSRC_DIR}' specified directory not found (FBTURBOSRC_DIR)!"
495 exit 1
498 exit 1
496 fi
499 fi
497
500
498 # Check if specified NEXMONSRC_DIR directory exists
501 # Check if specified NEXMONSRC_DIR directory exists
499 if [ -n "$NEXMONSRC_DIR" ] && [ ! -d "$NEXMONSRC_DIR" ] ; then
502 if [ -n "$NEXMONSRC_DIR" ] && [ ! -d "$NEXMONSRC_DIR" ] ; then
500 echo "error: '${NEXMONSRC_DIR}' specified directory not found (NEXMONSRC_DIR)!"
503 echo "error: '${NEXMONSRC_DIR}' specified directory not found (NEXMONSRC_DIR)!"
501 exit 1
504 exit 1
502 fi
505 fi
503
506
504 # Check if specified CHROOT_SCRIPTS directory exists
507 # Check if specified CHROOT_SCRIPTS directory exists
505 if [ -n "$CHROOT_SCRIPTS" ] && [ ! -d "$CHROOT_SCRIPTS" ] ; then
508 if [ -n "$CHROOT_SCRIPTS" ] && [ ! -d "$CHROOT_SCRIPTS" ] ; then
506 echo "error: ${CHROOT_SCRIPTS} specified directory not found (CHROOT_SCRIPTS)!"
509 echo "error: ${CHROOT_SCRIPTS} specified directory not found (CHROOT_SCRIPTS)!"
507 exit 1
510 exit 1
508 fi
511 fi
509
512
510 # Check if specified device mapping already exists (will be used by cryptsetup)
513 # Check if specified device mapping already exists (will be used by cryptsetup)
511 if [ -r "/dev/mapping/${CRYPTFS_MAPPING}" ] ; then
514 if [ -r "/dev/mapping/${CRYPTFS_MAPPING}" ] ; then
512 echo "error: mapping /dev/mapping/${CRYPTFS_MAPPING} already exists, not proceeding"
515 echo "error: mapping /dev/mapping/${CRYPTFS_MAPPING} already exists, not proceeding"
513 exit 1
516 exit 1
514 fi
517 fi
515
518
516 # Don't clobber an old build
519 # Don't clobber an old build
517 if [ -e "$BUILDDIR" ] ; then
520 if [ -e "$BUILDDIR" ] ; then
518 echo "error: directory ${BUILDDIR} already exists, not proceeding"
521 echo "error: directory ${BUILDDIR} already exists, not proceeding"
519 exit 1
522 exit 1
520 fi
523 fi
521
524
522 # Setup chroot directory
525 # Setup chroot directory
523 mkdir -p "${R}"
526 mkdir -p "${R}"
524
527
525 # Check if build directory has enough of free disk space >512MB
528 # Check if build directory has enough of free disk space >512MB
526 if [ "$(df --output=avail "${BUILDDIR}" | sed "1d")" -le "524288" ] ; then
529 if [ "$(df --output=avail "${BUILDDIR}" | sed "1d")" -le "524288" ] ; then
527 echo "error: ${BUILDDIR} not enough space left to generate the output image!"
530 echo "error: ${BUILDDIR} not enough space left to generate the output image!"
528 exit 1
531 exit 1
529 fi
532 fi
530
533
531 set -x
534 set -x
532
535
533 # Call "cleanup" function on various signals and errors
536 # Call "cleanup" function on various signals and errors
534 trap cleanup 0 1 2 3 6
537 trap cleanup 0 1 2 3 6
535
538
536 # Add required packages for the minbase installation
539 # Add required packages for the minbase installation
537 if [ "$ENABLE_MINBASE" = true ] ; then
540 if [ "$ENABLE_MINBASE" = true ] ; then
538 APT_INCLUDES="${APT_INCLUDES},vim-tiny,netbase,net-tools,ifupdown"
541 APT_INCLUDES="${APT_INCLUDES},vim-tiny,netbase,net-tools,ifupdown"
539 fi
542 fi
540
543
541 # Add parted package, required to get partprobe utility
544 # Add parted package, required to get partprobe utility
542 if [ "$EXPANDROOT" = true ] ; then
545 if [ "$EXPANDROOT" = true ] ; then
543 APT_INCLUDES="${APT_INCLUDES},parted"
546 APT_INCLUDES="${APT_INCLUDES},parted"
544 fi
547 fi
545
548
546 # Add dbus package, recommended if using systemd
549 # Add dbus package, recommended if using systemd
547 if [ "$ENABLE_DBUS" = true ] ; then
550 if [ "$ENABLE_DBUS" = true ] ; then
548 APT_INCLUDES="${APT_INCLUDES},dbus"
551 APT_INCLUDES="${APT_INCLUDES},dbus"
549 fi
552 fi
550
553
551 # Add iptables IPv4/IPv6 package
554 # Add iptables IPv4/IPv6 package
552 if [ "$ENABLE_IPTABLES" = true ] ; then
555 if [ "$ENABLE_IPTABLES" = true ] ; then
553 APT_INCLUDES="${APT_INCLUDES},iptables,iptables-persistent"
556 APT_INCLUDES="${APT_INCLUDES},iptables,iptables-persistent"
554 fi
557 fi
555 # Add apparmor for KERNEL_SECURITY
558 # Add apparmor for KERNEL_SECURITY
556 if [ "$KERNEL_SECURITY" = true ] ; then
559 if [ "$KERNEL_SECURITY" = true ] ; then
557 APT_INCLUDES="${APT_INCLUDES},apparmor,apparmor-utils,apparmor-profiles,apparmor-profiles-extra,libapparmor-perl"
560 APT_INCLUDES="${APT_INCLUDES},apparmor,apparmor-utils,apparmor-profiles,apparmor-profiles-extra,libapparmor-perl"
558 fi
561 fi
559
562
560 # Add openssh server package
563 # Add openssh server package
561 if [ "$ENABLE_SSHD" = true ] ; then
564 if [ "$ENABLE_SSHD" = true ] ; then
562 APT_INCLUDES="${APT_INCLUDES},openssh-server"
565 APT_INCLUDES="${APT_INCLUDES},openssh-server"
563 fi
566 fi
564
567
565 # Add alsa-utils package
568 # Add alsa-utils package
566 if [ "$ENABLE_SOUND" = true ] ; then
569 if [ "$ENABLE_SOUND" = true ] ; then
567 APT_INCLUDES="${APT_INCLUDES},alsa-utils"
570 APT_INCLUDES="${APT_INCLUDES},alsa-utils"
568 fi
571 fi
569
572
570 # Add rng-tools package
573 # Add rng-tools package
571 if [ "$ENABLE_HWRANDOM" = true ] ; then
574 if [ "$ENABLE_HWRANDOM" = true ] ; then
572 APT_INCLUDES="${APT_INCLUDES},rng-tools"
575 APT_INCLUDES="${APT_INCLUDES},rng-tools"
573 fi
576 fi
574
577
575 # Add fbturbo video driver
578 # Add fbturbo video driver
576 if [ "$ENABLE_FBTURBO" = true ] ; then
579 if [ "$ENABLE_FBTURBO" = true ] ; then
577 # Enable xorg package dependencies
580 # Enable xorg package dependencies
578 ENABLE_XORG=true
581 ENABLE_XORG=true
579 fi
582 fi
580
583
581 # Add user defined window manager package
584 # Add user defined window manager package
582 if [ -n "$ENABLE_WM" ] ; then
585 if [ -n "$ENABLE_WM" ] ; then
583 APT_INCLUDES="${APT_INCLUDES},${ENABLE_WM}"
586 APT_INCLUDES="${APT_INCLUDES},${ENABLE_WM}"
584
587
585 # Enable xorg package dependencies
588 # Enable xorg package dependencies
586 ENABLE_XORG=true
589 ENABLE_XORG=true
587 fi
590 fi
588
591
589 # Add xorg package
592 # Add xorg package
590 if [ "$ENABLE_XORG" = true ] ; then
593 if [ "$ENABLE_XORG" = true ] ; then
591 APT_INCLUDES="${APT_INCLUDES},xorg,dbus-x11"
594 APT_INCLUDES="${APT_INCLUDES},xorg,dbus-x11"
592 fi
595 fi
593
596
594 # Replace selected packages with smaller clones
597 # Replace selected packages with smaller clones
595 if [ "$ENABLE_REDUCE" = true ] ; then
598 if [ "$ENABLE_REDUCE" = true ] ; then
596 # Add levee package instead of vim-tiny
599 # Add levee package instead of vim-tiny
597 if [ "$REDUCE_VIM" = true ] ; then
600 if [ "$REDUCE_VIM" = true ] ; then
598 APT_INCLUDES="$(echo ${APT_INCLUDES} | sed "s/vim-tiny/levee/")"
601 APT_INCLUDES="$(echo ${APT_INCLUDES} | sed "s/vim-tiny/levee/")"
599 fi
602 fi
600
603
601 # Add dropbear package instead of openssh-server
604 # Add dropbear package instead of openssh-server
602 if [ "$REDUCE_SSHD" = true ] ; then
605 if [ "$REDUCE_SSHD" = true ] ; then
603 APT_INCLUDES="$(echo "${APT_INCLUDES}" | sed "s/openssh-server/dropbear/")"
606 APT_INCLUDES="$(echo "${APT_INCLUDES}" | sed "s/openssh-server/dropbear/")"
604 fi
607 fi
605 fi
608 fi
606
609
607 # Configure systemd-sysv exclude to make halt/reboot/shutdown scripts available
610 # Configure systemd-sysv exclude to make halt/reboot/shutdown scripts available
608 if [ "$ENABLE_SYSVINIT" = false ] ; then
611 if [ "$ENABLE_SYSVINIT" = false ] ; then
609 APT_EXCLUDES="--exclude=${APT_EXCLUDES},init,systemd-sysv"
612 APT_EXCLUDES="--exclude=${APT_EXCLUDES},init,systemd-sysv"
610 fi
613 fi
611
614
612 # Configure kernel sources if no KERNELSRC_DIR
615 # Configure kernel sources if no KERNELSRC_DIR
613 if [ "$BUILD_KERNEL" = true ] && [ -z "$KERNELSRC_DIR" ] ; then
616 if [ "$BUILD_KERNEL" = true ] && [ -z "$KERNELSRC_DIR" ] ; then
614 KERNELSRC_CONFIG=true
617 KERNELSRC_CONFIG=true
615 fi
618 fi
616
619
617 # Configure reduced kernel
620 # Configure reduced kernel
618 if [ "$KERNEL_REDUCE" = true ] ; then
621 if [ "$KERNEL_REDUCE" = true ] ; then
619 KERNELSRC_CONFIG=false
622 KERNELSRC_CONFIG=false
620 fi
623 fi
621
624
622 # Configure qemu compatible kernel
625 # Configure qemu compatible kernel
623 if [ "$ENABLE_QEMU" = true ] ; then
626 if [ "$ENABLE_QEMU" = true ] ; then
624 DTB_FILE=vexpress-v2p-ca15_a7.dtb
627 DTB_FILE=vexpress-v2p-ca15_a7.dtb
625 UBOOT_CONFIG=vexpress_ca15_tc2_defconfig
628 UBOOT_CONFIG=vexpress_ca15_tc2_defconfig
626 KERNEL_DEFCONFIG="vexpress_defconfig"
629 KERNEL_DEFCONFIG="vexpress_defconfig"
627 if [ "$KERNEL_MENUCONFIG" = false ] ; then
630 if [ "$KERNEL_MENUCONFIG" = false ] ; then
628 KERNEL_OLDDEFCONFIG=true
631 KERNEL_OLDDEFCONFIG=true
629 fi
632 fi
630 fi
633 fi
631
634
632 # Execute bootstrap scripts
635 # Execute bootstrap scripts
633 for SCRIPT in bootstrap.d/*.sh; do
636 for SCRIPT in bootstrap.d/*.sh; do
634 head -n 3 "$SCRIPT"
637 head -n 3 "$SCRIPT"
635 . "$SCRIPT"
638 . "$SCRIPT"
636 done
639 done
637
640
638 ## Execute custom bootstrap scripts
641 ## Execute custom bootstrap scripts
639 if [ -d "custom.d" ] ; then
642 if [ -d "custom.d" ] ; then
640 for SCRIPT in custom.d/*.sh; do
643 for SCRIPT in custom.d/*.sh; do
641 . "$SCRIPT"
644 . "$SCRIPT"
642 done
645 done
643 fi
646 fi
644
647
645 # Execute custom scripts inside the chroot
648 # Execute custom scripts inside the chroot
646 if [ -n "$CHROOT_SCRIPTS" ] && [ -d "$CHROOT_SCRIPTS" ] ; then
649 if [ -n "$CHROOT_SCRIPTS" ] && [ -d "$CHROOT_SCRIPTS" ] ; then
647 cp -r "${CHROOT_SCRIPTS}" "${R}/chroot_scripts"
650 cp -r "${CHROOT_SCRIPTS}" "${R}/chroot_scripts"
648 chroot_exec /bin/bash -x <<'EOF'
651 chroot_exec /bin/bash -x <<'EOF'
649 for SCRIPT in /chroot_scripts/* ; do
652 for SCRIPT in /chroot_scripts/* ; do
650 if [ -f $SCRIPT -a -x $SCRIPT ] ; then
653 if [ -f $SCRIPT -a -x $SCRIPT ] ; then
651 $SCRIPT
654 $SCRIPT
652 fi
655 fi
653 done
656 done
654 EOF
657 EOF
655 rm -rf "${R}/chroot_scripts"
658 rm -rf "${R}/chroot_scripts"
656 fi
659 fi
657
660
658 # Remove c/c++ build environment from the chroot
661 # Remove c/c++ build environment from the chroot
659 chroot_remove_cc
662 chroot_remove_cc
660
663
661 # Generate required machine-id
664 # Generate required machine-id
662 MACHINE_ID=$(dbus-uuidgen)
665 MACHINE_ID=$(dbus-uuidgen)
663 echo -n "${MACHINE_ID}" > "${R}/var/lib/dbus/machine-id"
666 echo -n "${MACHINE_ID}" > "${R}/var/lib/dbus/machine-id"
664 echo -n "${MACHINE_ID}" > "${ETC_DIR}/machine-id"
667 echo -n "${MACHINE_ID}" > "${ETC_DIR}/machine-id"
665
668
666 # APT Cleanup
669 # APT Cleanup
667 chroot_exec apt-get -y clean
670 chroot_exec apt-get -y clean
668 chroot_exec apt-get -y autoclean
671 chroot_exec apt-get -y autoclean
669 chroot_exec apt-get -y autoremove
672 chroot_exec apt-get -y autoremove
670
673
671 # Unmount mounted filesystems
674 # Unmount mounted filesystems
672 umount -l "${R}/proc"
675 umount -l "${R}/proc"
673 umount -l "${R}/sys"
676 umount -l "${R}/sys"
674
677
675 # Clean up directories
678 # Clean up directories
676 rm -rf "${R}/run/*"
679 rm -rf "${R}/run/*"
677 rm -rf "${R}/tmp/*"
680 rm -rf "${R}/tmp/*"
678
681
679 # Clean up APT proxy settings
682 # Clean up APT proxy settings
680 if [ "$KEEP_APT_PROXY" = false ] ; then
683 if [ "$KEEP_APT_PROXY" = false ] ; then
681 rm -f "${ETC_DIR}/apt/apt.conf.d/10proxy"
684 rm -f "${ETC_DIR}/apt/apt.conf.d/10proxy"
682 fi
685 fi
683
686
684 # Clean up files
687 # Clean up files
685 rm -f "${ETC_DIR}/ssh/ssh_host_*"
688 rm -f "${ETC_DIR}/ssh/ssh_host_*"
686 rm -f "${ETC_DIR}/dropbear/dropbear_*"
689 rm -f "${ETC_DIR}/dropbear/dropbear_*"
687 rm -f "${ETC_DIR}/apt/sources.list.save"
690 rm -f "${ETC_DIR}/apt/sources.list.save"
688 rm -f "${ETC_DIR}/resolvconf/resolv.conf.d/original"
691 rm -f "${ETC_DIR}/resolvconf/resolv.conf.d/original"
689 rm -f "${ETC_DIR}/*-"
692 rm -f "${ETC_DIR}/*-"
690 rm -f "${ETC_DIR}/resolv.conf"
693 rm -f "${ETC_DIR}/resolv.conf"
691 rm -f "${R}/root/.bash_history"
694 rm -f "${R}/root/.bash_history"
692 rm -f "${R}/var/lib/urandom/random-seed"
695 rm -f "${R}/var/lib/urandom/random-seed"
693 rm -f "${R}/initrd.img"
696 rm -f "${R}/initrd.img"
694 rm -f "${R}/vmlinuz"
697 rm -f "${R}/vmlinuz"
695 rm -f "${R}${QEMU_BINARY}"
698 rm -f "${R}${QEMU_BINARY}"
696
699
697 if [ "$ENABLE_QEMU" = true ] ; then
700 if [ "$ENABLE_QEMU" = true ] ; then
698 # Setup QEMU directory
701 # Setup QEMU directory
699 mkdir "${BASEDIR}/qemu"
702 mkdir "${BASEDIR}/qemu"
700
703
701 # Copy kernel image to QEMU directory
704 # Copy kernel image to QEMU directory
702 install_readonly "${BOOT_DIR}/${KERNEL_IMAGE}" "${BASEDIR}/qemu/${KERNEL_IMAGE}"
705 install_readonly "${BOOT_DIR}/${KERNEL_IMAGE}" "${BASEDIR}/qemu/${KERNEL_IMAGE}"
703
706
704 # Copy kernel config to QEMU directory
707 # Copy kernel config to QEMU directory
705 install_readonly "${R}/boot/config-${KERNEL_VERSION}" "${BASEDIR}/qemu/config-${KERNEL_VERSION}"
708 install_readonly "${R}/boot/config-${KERNEL_VERSION}" "${BASEDIR}/qemu/config-${KERNEL_VERSION}"
706
709
707 # Copy kernel dtbs to QEMU directory
710 # Copy kernel dtbs to QEMU directory
708 for dtb in "${BOOT_DIR}/"*.dtb ; do
711 for dtb in "${BOOT_DIR}/"*.dtb ; do
709 if [ -f "${dtb}" ] ; then
712 if [ -f "${dtb}" ] ; then
710 install_readonly "${dtb}" "${BASEDIR}/qemu/"
713 install_readonly "${dtb}" "${BASEDIR}/qemu/"
711 fi
714 fi
712 done
715 done
713
716
714 # Copy kernel overlays to QEMU directory
717 # Copy kernel overlays to QEMU directory
715 if [ -d "${BOOT_DIR}/overlays" ] ; then
718 if [ -d "${BOOT_DIR}/overlays" ] ; then
716 # Setup overlays dtbs directory
719 # Setup overlays dtbs directory
717 mkdir "${BASEDIR}/qemu/overlays"
720 mkdir "${BASEDIR}/qemu/overlays"
718
721
719 for dtb in "${BOOT_DIR}/overlays/"*.dtb ; do
722 for dtb in "${BOOT_DIR}/overlays/"*.dtb ; do
720 if [ -f "${dtb}" ] ; then
723 if [ -f "${dtb}" ] ; then
721 install_readonly "${dtb}" "${BASEDIR}/qemu/overlays/"
724 install_readonly "${dtb}" "${BASEDIR}/qemu/overlays/"
722 fi
725 fi
723 done
726 done
724 fi
727 fi
725
728
726 # Copy u-boot files to QEMU directory
729 # Copy u-boot files to QEMU directory
727 if [ "$ENABLE_UBOOT" = true ] ; then
730 if [ "$ENABLE_UBOOT" = true ] ; then
728 if [ -f "${BOOT_DIR}/u-boot.bin" ] ; then
731 if [ -f "${BOOT_DIR}/u-boot.bin" ] ; then
729 install_readonly "${BOOT_DIR}/u-boot.bin" "${BASEDIR}/qemu/u-boot.bin"
732 install_readonly "${BOOT_DIR}/u-boot.bin" "${BASEDIR}/qemu/u-boot.bin"
730 fi
733 fi
731 if [ -f "${BOOT_DIR}/uboot.mkimage" ] ; then
734 if [ -f "${BOOT_DIR}/uboot.mkimage" ] ; then
732 install_readonly "${BOOT_DIR}/uboot.mkimage" "${BASEDIR}/qemu/uboot.mkimage"
735 install_readonly "${BOOT_DIR}/uboot.mkimage" "${BASEDIR}/qemu/uboot.mkimage"
733 fi
736 fi
734 if [ -f "${BOOT_DIR}/boot.scr" ] ; then
737 if [ -f "${BOOT_DIR}/boot.scr" ] ; then
735 install_readonly "${BOOT_DIR}/boot.scr" "${BASEDIR}/qemu/boot.scr"
738 install_readonly "${BOOT_DIR}/boot.scr" "${BASEDIR}/qemu/boot.scr"
736 fi
739 fi
737 fi
740 fi
738
741
739 # Copy initramfs to QEMU directory
742 # Copy initramfs to QEMU directory
740 if [ -f "${BOOT_DIR}/initramfs-${KERNEL_VERSION}" ] ; then
743 if [ -f "${BOOT_DIR}/initramfs-${KERNEL_VERSION}" ] ; then
741 install_readonly "${BOOT_DIR}/initramfs-${KERNEL_VERSION}" "${BASEDIR}/qemu/initramfs-${KERNEL_VERSION}"
744 install_readonly "${BOOT_DIR}/initramfs-${KERNEL_VERSION}" "${BASEDIR}/qemu/initramfs-${KERNEL_VERSION}"
742 fi
745 fi
743 fi
746 fi
744
747
745 # Calculate size of the chroot directory in KB
748 # Calculate size of the chroot directory in KB
746 CHROOT_SIZE=$(expr "$(du -s "${R}" | awk '{ print $1 }')")
749 CHROOT_SIZE=$(expr "$(du -s "${R}" | awk '{ print $1 }')")
747
750
748 # Calculate the amount of needed 512 Byte sectors
751 # Calculate the amount of needed 512 Byte sectors
749 TABLE_SECTORS=$(expr 1 \* 1024 \* 1024 \/ 512)
752 TABLE_SECTORS=$(expr 1 \* 1024 \* 1024 \/ 512)
750 FRMW_SECTORS=$(expr 64 \* 1024 \* 1024 \/ 512)
753 FRMW_SECTORS=$(expr 64 \* 1024 \* 1024 \/ 512)
751 ROOT_OFFSET=$(expr "${TABLE_SECTORS}" + "${FRMW_SECTORS}")
754 ROOT_OFFSET=$(expr "${TABLE_SECTORS}" + "${FRMW_SECTORS}")
752
755
753 # The root partition is EXT4
756 # The root partition is EXT4
754 # This means more space than the actual used space of the chroot is used.
757 # This means more space than the actual used space of the chroot is used.
755 # As overhead for journaling and reserved blocks 35% are added.
758 # As overhead for journaling and reserved blocks 35% are added.
756 ROOT_SECTORS=$(expr "$(expr "${CHROOT_SIZE}" + "${CHROOT_SIZE}" \/ 100 \* 35)" \* 1024 \/ 512)
759 ROOT_SECTORS=$(expr "$(expr "${CHROOT_SIZE}" + "${CHROOT_SIZE}" \/ 100 \* 35)" \* 1024 \/ 512)
757
760
758 # Calculate required image size in 512 Byte sectors
761 # Calculate required image size in 512 Byte sectors
759 IMAGE_SECTORS=$(expr "${TABLE_SECTORS}" + "${FRMW_SECTORS}" + "${ROOT_SECTORS}")
762 IMAGE_SECTORS=$(expr "${TABLE_SECTORS}" + "${FRMW_SECTORS}" + "${ROOT_SECTORS}")
760
763
761 # Prepare image file
764 # Prepare image file
762 if [ "$ENABLE_SPLITFS" = true ] ; then
765 if [ "$ENABLE_SPLITFS" = true ] ; then
763 dd if=/dev/zero of="$IMAGE_NAME-frmw.img" bs=512 count="${TABLE_SECTORS}"
766 dd if=/dev/zero of="$IMAGE_NAME-frmw.img" bs=512 count="${TABLE_SECTORS}"
764 dd if=/dev/zero of="$IMAGE_NAME-frmw.img" bs=512 count=0 seek="${FRMW_SECTORS}"
767 dd if=/dev/zero of="$IMAGE_NAME-frmw.img" bs=512 count=0 seek="${FRMW_SECTORS}"
765 dd if=/dev/zero of="$IMAGE_NAME-root.img" bs=512 count="${TABLE_SECTORS}"
768 dd if=/dev/zero of="$IMAGE_NAME-root.img" bs=512 count="${TABLE_SECTORS}"
766 dd if=/dev/zero of="$IMAGE_NAME-root.img" bs=512 count=0 seek="${ROOT_SECTORS}"
769 dd if=/dev/zero of="$IMAGE_NAME-root.img" bs=512 count=0 seek="${ROOT_SECTORS}"
767
770
768 # Write firmware/boot partition tables
771 # Write firmware/boot partition tables
769 sfdisk -q -L -uS -f "$IMAGE_NAME-frmw.img" 2> /dev/null <<EOM
772 sfdisk -q -L -uS -f "$IMAGE_NAME-frmw.img" 2> /dev/null <<EOM
770 ${TABLE_SECTORS},${FRMW_SECTORS},c,*
773 ${TABLE_SECTORS},${FRMW_SECTORS},c,*
771 EOM
774 EOM
772
775
773 # Write root partition table
776 # Write root partition table
774 sfdisk -q -L -uS -f "$IMAGE_NAME-root.img" 2> /dev/null <<EOM
777 sfdisk -q -L -uS -f "$IMAGE_NAME-root.img" 2> /dev/null <<EOM
775 ${TABLE_SECTORS},${ROOT_SECTORS},83
778 ${TABLE_SECTORS},${ROOT_SECTORS},83
776 EOM
779 EOM
777
780
778 # Setup temporary loop devices
781 # Setup temporary loop devices
779 FRMW_LOOP="$(losetup -o 1M --sizelimit 64M -f --show "$IMAGE_NAME"-frmw.img)"
782 FRMW_LOOP="$(losetup -o 1M --sizelimit 64M -f --show "$IMAGE_NAME"-frmw.img)"
780 ROOT_LOOP="$(losetup -o 1M -f --show "$IMAGE_NAME"-root.img)"
783 ROOT_LOOP="$(losetup -o 1M -f --show "$IMAGE_NAME"-root.img)"
781 else # ENABLE_SPLITFS=false
784 else # ENABLE_SPLITFS=false
782 dd if=/dev/zero of="$IMAGE_NAME.img" bs=512 count="${TABLE_SECTORS}"
785 dd if=/dev/zero of="$IMAGE_NAME.img" bs=512 count="${TABLE_SECTORS}"
783 dd if=/dev/zero of="$IMAGE_NAME.img" bs=512 count=0 seek="${IMAGE_SECTORS}"
786 dd if=/dev/zero of="$IMAGE_NAME.img" bs=512 count=0 seek="${IMAGE_SECTORS}"
784
787
785 # Write partition table
788 # Write partition table
786 sfdisk -q -L -uS -f "$IMAGE_NAME.img" 2> /dev/null <<EOM
789 sfdisk -q -L -uS -f "$IMAGE_NAME.img" 2> /dev/null <<EOM
787 ${TABLE_SECTORS},${FRMW_SECTORS},c,*
790 ${TABLE_SECTORS},${FRMW_SECTORS},c,*
788 ${ROOT_OFFSET},${ROOT_SECTORS},83
791 ${ROOT_OFFSET},${ROOT_SECTORS},83
789 EOM
792 EOM
790
793
791 # Setup temporary loop devices
794 # Setup temporary loop devices
792 FRMW_LOOP="$(losetup -o 1M --sizelimit 64M -f --show "$IMAGE_NAME".img)"
795 FRMW_LOOP="$(losetup -o 1M --sizelimit 64M -f --show "$IMAGE_NAME".img)"
793 ROOT_LOOP="$(losetup -o 65M -f --show "$IMAGE_NAME".img)"
796 ROOT_LOOP="$(losetup -o 65M -f --show "$IMAGE_NAME".img)"
794 fi
797 fi
795
798
796 if [ "$ENABLE_CRYPTFS" = true ] ; then
799 if [ "$ENABLE_CRYPTFS" = true ] ; then
797 # Create dummy ext4 fs
800 # Create dummy ext4 fs
798 mkfs.ext4 "$ROOT_LOOP"
801 mkfs.ext4 "$ROOT_LOOP"
799
802
800 # Setup password keyfile
803 # Setup password keyfile
801 touch .password
804 touch .password
802 chmod 600 .password
805 chmod 600 .password
803 echo -n ${CRYPTFS_PASSWORD} > .password
806 echo -n ${CRYPTFS_PASSWORD} > .password
804
807
805 # Initialize encrypted partition
808 # Initialize encrypted partition
806 echo "YES" | cryptsetup luksFormat "${ROOT_LOOP}" -c "${CRYPTFS_CIPHER}" -s "${CRYPTFS_XTSKEYSIZE}" .password
809 echo "YES" | cryptsetup luksFormat "${ROOT_LOOP}" -c "${CRYPTFS_CIPHER}" -s "${CRYPTFS_XTSKEYSIZE}" .password
807
810
808 # Open encrypted partition and setup mapping
811 # Open encrypted partition and setup mapping
809 cryptsetup luksOpen "${ROOT_LOOP}" -d .password "${CRYPTFS_MAPPING}"
812 cryptsetup luksOpen "${ROOT_LOOP}" -d .password "${CRYPTFS_MAPPING}"
810
813
811 # Secure delete password keyfile
814 # Secure delete password keyfile
812 shred -zu .password
815 shred -zu .password
813
816
814 # Update temporary loop device
817 # Update temporary loop device
815 ROOT_LOOP="/dev/mapper/${CRYPTFS_MAPPING}"
818 ROOT_LOOP="/dev/mapper/${CRYPTFS_MAPPING}"
816
819
817 # Wipe encrypted partition (encryption cipher is used for randomness)
820 # Wipe encrypted partition (encryption cipher is used for randomness)
818 dd if=/dev/zero of="${ROOT_LOOP}" bs=512 count="$(blockdev --getsz "${ROOT_LOOP}")"
821 dd if=/dev/zero of="${ROOT_LOOP}" bs=512 count="$(blockdev --getsz "${ROOT_LOOP}")"
819 fi
822 fi
820
823
821 # Build filesystems
824 # Build filesystems
822 mkfs.vfat "$FRMW_LOOP"
825 mkfs.vfat "$FRMW_LOOP"
823 mkfs.ext4 "$ROOT_LOOP"
826 mkfs.ext4 "$ROOT_LOOP"
824
827
825 # Mount the temporary loop devices
828 # Mount the temporary loop devices
826 mkdir -p "$BUILDDIR/mount"
829 mkdir -p "$BUILDDIR/mount"
827 mount "$ROOT_LOOP" "$BUILDDIR/mount"
830 mount "$ROOT_LOOP" "$BUILDDIR/mount"
828
831
829 mkdir -p "$BUILDDIR/mount/boot/firmware"
832 mkdir -p "$BUILDDIR/mount/boot/firmware"
830 mount "$FRMW_LOOP" "$BUILDDIR/mount/boot/firmware"
833 mount "$FRMW_LOOP" "$BUILDDIR/mount/boot/firmware"
831
834
832 # Copy all files from the chroot to the loop device mount point directory
835 # Copy all files from the chroot to the loop device mount point directory
833 rsync -a "${R}/" "$BUILDDIR/mount/"
836 rsync -a "${R}/" "$BUILDDIR/mount/"
834
837
835 # Unmount all temporary loop devices and mount points
838 # Unmount all temporary loop devices and mount points
836 cleanup
839 cleanup
837
840
838 # Create block map file(s) of image(s)
841 # Create block map file(s) of image(s)
839 if [ "$ENABLE_SPLITFS" = true ] ; then
842 if [ "$ENABLE_SPLITFS" = true ] ; then
840 # Create block map files for "bmaptool"
843 # Create block map files for "bmaptool"
841 bmaptool create -o "$IMAGE_NAME-frmw.bmap" "$IMAGE_NAME-frmw.img"
844 bmaptool create -o "$IMAGE_NAME-frmw.bmap" "$IMAGE_NAME-frmw.img"
842 bmaptool create -o "$IMAGE_NAME-root.bmap" "$IMAGE_NAME-root.img"
845 bmaptool create -o "$IMAGE_NAME-root.bmap" "$IMAGE_NAME-root.img"
843
846
844 # Image was successfully created
847 # Image was successfully created
845 echo "$IMAGE_NAME-frmw.img ($(expr \( "${TABLE_SECTORS}" + "${FRMW_SECTORS}" \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
848 echo "$IMAGE_NAME-frmw.img ($(expr \( "${TABLE_SECTORS}" + "${FRMW_SECTORS}" \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
846 echo "$IMAGE_NAME-root.img ($(expr \( "${TABLE_SECTORS}" + "${ROOT_SECTORS}" \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
849 echo "$IMAGE_NAME-root.img ($(expr \( "${TABLE_SECTORS}" + "${ROOT_SECTORS}" \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
847 else
850 else
848 # Create block map file for "bmaptool"
851 # Create block map file for "bmaptool"
849 bmaptool create -o "$IMAGE_NAME.bmap" "$IMAGE_NAME.img"
852 bmaptool create -o "$IMAGE_NAME.bmap" "$IMAGE_NAME.img"
850
853
851 # Image was successfully created
854 # Image was successfully created
852 echo "$IMAGE_NAME.img ($(expr \( "${TABLE_SECTORS}" + "${FRMW_SECTORS}" + "${ROOT_SECTORS}" \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
855 echo "$IMAGE_NAME.img ($(expr \( "${TABLE_SECTORS}" + "${FRMW_SECTORS}" + "${ROOT_SECTORS}" \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
853
856
854 # Create qemu qcow2 image
857 # Create qemu qcow2 image
855 if [ "$ENABLE_QEMU" = true ] ; then
858 if [ "$ENABLE_QEMU" = true ] ; then
856 QEMU_IMAGE=${QEMU_IMAGE:=${BASEDIR}/qemu/${DATE}-${KERNEL_ARCH}-CURRENT-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}}
859 QEMU_IMAGE=${QEMU_IMAGE:=${BASEDIR}/qemu/${DATE}-${KERNEL_ARCH}-CURRENT-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}}
857 QEMU_SIZE=16G
860 QEMU_SIZE=16G
858
861
859 qemu-img convert -f raw -O qcow2 "$IMAGE_NAME".img "$QEMU_IMAGE".qcow2
862 qemu-img convert -f raw -O qcow2 "$IMAGE_NAME".img "$QEMU_IMAGE".qcow2
860 qemu-img resize "$QEMU_IMAGE".qcow2 $QEMU_SIZE
863 qemu-img resize "$QEMU_IMAGE".qcow2 $QEMU_SIZE
861
864
862 echo "$QEMU_IMAGE.qcow2 ($QEMU_SIZE)" ": successfully created"
865 echo "$QEMU_IMAGE.qcow2 ($QEMU_SIZE)" ": successfully created"
863 fi
866 fi
864 fi
867 fi
General Comments 0
Vous devez vous connecter pour laisser un commentaire. Se connecter maintenant