##// END OF EJS Templates
Raspi2-3_GenImage
RSS

Cloner depuis https://github.com/drtyhlpr/rpi23-gen-image.git

Added: ENABLE_SPLASH,LOGO, and SILENT_BOOT
drtyhlpr -
r539:47183035fa86
parent child
Show More
Show file before | Show file after | Hide comments
@@ -1,535 +1,544
1 1 # rpi23-gen-image
2 2 ## Introduction
3 3 `rpi23-gen-image.sh` is an advanced Debian Linux bootstrapping shell script for generating Debian OS images for all Raspberry Pi computers. The script at this time supports the bootstrapping of the Debian (armhf/armel) releases `stretch` and `buster`. Raspberry Pi 0/1/2/3 images are generated for 32-bit mode only. Raspberry Pi 3 supports 64-bit images that can be generated using custom configuration parameters (```templates/rpi3-stretch-arm64-4.14.y```).
4 4
5 5 ## Build dependencies
6 6 The following list of Debian packages must be installed on the build system because they are essentially required for the bootstrapping process. The script will check if all required packages are installed and missing packages will be installed automatically if confirmed by the user.
7 7
8 8 ```debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git bc psmisc dbus sudo```
9 9
10 10 It is recommended to configure the `rpi23-gen-image.sh` script to build and install the latest Raspberry Pi Linux kernel. For the Raspberry 3 this is mandatory. Kernel compilation and linking will be performed on the build system using an ARM (armhf/armel) cross-compiler toolchain.
11 11
12 12 The script has been tested using the default `crossbuild-essential-armhf` and `crossbuild-essential-armel` toolchain meta packages on Debian Linux `stretch` build systems. Please check the [Debian CrossToolchains Wiki](https://wiki.debian.org/CrossToolchains) for further information.
13 13
14 14 ## Command-line parameters
15 15 The script accepts certain command-line parameters to enable or disable specific OS features, services and configuration settings. These parameters are passed to the `rpi23-gen-image.sh` script via (simple) shell-variables. Unlike environment shell-variables (simple) shell-variables are defined at the beginning of the command-line call of the `rpi23-gen-image.sh` script.
16 16
17 17 ##### Command-line examples:
18 18 ```shell
19 19 ENABLE_UBOOT=true ./rpi23-gen-image.sh
20 20 ENABLE_CONSOLE=false ENABLE_IPV6=false ./rpi23-gen-image.sh
21 21 ENABLE_WM=xfce4 ENABLE_FBTURBO=true ENABLE_MINBASE=true ./rpi23-gen-image.sh
22 22 ENABLE_HARDNET=true ENABLE_IPTABLES=true /rpi23-gen-image.sh
23 23 APT_SERVER=ftp.de.debian.org APT_PROXY="http://127.0.0.1:3142/" ./rpi23-gen-image.sh
24 24 ENABLE_MINBASE=true ./rpi23-gen-image.sh
25 25 BUILD_KERNEL=true ENABLE_MINBASE=true ENABLE_IPV6=false ./rpi23-gen-image.sh
26 26 BUILD_KERNEL=true KERNELSRC_DIR=/tmp/linux ./rpi23-gen-image.sh
27 27 ENABLE_MINBASE=true ENABLE_REDUCE=true ENABLE_MINGPU=true BUILD_KERNEL=true ./rpi23-gen-image.sh
28 28 ENABLE_CRYPTFS=true CRYPTFS_PASSWORD=changeme EXPANDROOT=false ENABLE_MINBASE=true ENABLE_REDUCE=true ENABLE_MINGPU=true BUILD_KERNEL=true ./rpi23-gen-image.sh
29 29 RELEASE=stretch BUILD_KERNEL=true ./rpi23-gen-image.sh
30 30 RPI_MODEL=3 ENABLE_WIRELESS=true ENABLE_MINBASE=true BUILD_KERNEL=true ./rpi23-gen-image.sh
31 31 RELEASE=stretch RPI_MODEL=3 ENABLE_WIRELESS=true ENABLE_MINBASE=true BUILD_KERNEL=true ./rpi23-gen-image.sh
32 32 ```
33 33
34 34 ## Configuration template files
35 35 To avoid long lists of command-line parameters and to help to store the favourite parameter configurations the `rpi23-gen-image.sh` script supports so called configuration template files (`CONFIG_TEMPLATE`=template). These are simple text files located in the `./templates` directory that contain the list of configuration parameters that will be used. New configuration template files can be added to the `./templates` directory.
36 36
37 37 ##### Command-line examples:
38 38 ```shell
39 39 CONFIG_TEMPLATE=rpi3stretch ./rpi23-gen-image.sh
40 40 CONFIG_TEMPLATE=rpi2stretch ./rpi23-gen-image.sh
41 41 ```
42 42
43 43 ## Supported parameters and settings
44 44 #### APT settings:
45 45 ##### `APT_SERVER`="ftp.debian.org"
46 46 Set Debian packages server address. Choose a server from the list of Debian worldwide [mirror sites](https://www.debian.org/mirror/list). Using a nearby server will probably speed-up all required downloads within the bootstrapping process.
47 47
48 48 ##### `APT_PROXY`=""
49 49 Set Proxy server address. Using a local Proxy-Cache like `apt-cacher-ng` will speed-up the bootstrapping process because all required Debian packages will only be downloaded from the Debian mirror site once. If `apt-cacher-ng` is running on default `http://127.0.0.1:3142` it is autodetected and you don't need to set this.
50 50
51 51 ##### `KEEP_APT_PROXY`=false
52 52 Keep the APT_PROXY settings used in the bootsrapping process in the generated image.
53 53
54 54 ##### `APT_INCLUDES`=""
55 55 A comma-separated list of additional packages to be installed by debootstrap during bootstrapping.
56 56
57 57 ##### `APT_INCLUDES_LATE`=""
58 58 A comma-separated list of additional packages to be installed by apt after bootstrapping and after APT sources are set up. This is useful for packages with pre-depends, which debootstrap do not handle well.
59 59
60 60 ---
61 61
62 62 #### General system settings:
63 63 ##### `SET_ARCH`=32
64 64 Set Architecture to default 32bit. If you want to compile 64-bit (RPI3 or RPI3+) set it to `64`. This option will set every needed cross-compiler or board specific option for a successful build.
65 65
66 66 ##### `RPI_MODEL`=2
67 67 Specify the target Raspberry Pi hardware model. The script at this time supports the following Raspberry Pi models:
68 68 - `0` = Raspberry Pi 0 and Raspberry Pi 0 W
69 69 - `1` = Raspberry Pi 1 model A and B
70 70 - `1P` = Raspberry Pi 1 model B+ and A+
71 71 - `2` = Raspberry Pi 2 model B
72 72 - `3` = Raspberry Pi 3 model B
73 73 - `3P` = Raspberry Pi 3 model B+
74 74
75 75 ##### `RELEASE`="buster"
76 76 Set the desired Debian release name. The script at this time supports the bootstrapping of the Debian releases `stretch` and `buster`.
77 77
78 78 ##### `RELEASE_ARCH`="armhf"
79 79 Set the desired Debian release architecture.
80 80
81 81 ##### `HOSTNAME`="rpi$RPI_MODEL-$RELEASE"
82 82 Set system hostname. It's recommended that the hostname is unique in the corresponding subnet.
83 83
84 84 ##### `PASSWORD`="raspberry"
85 85 Set system `root` password. It's **STRONGLY** recommended that you choose a custom password.
86 86
87 87 ##### `USER_PASSWORD`="raspberry"
88 88 Set password for the created non-root user `USER_NAME`=pi. Ignored if `ENABLE_USER`=false. It's **STRONGLY** recommended that you choose a custom password.
89 89
90 90 ##### `DEFLOCAL`="en_US.UTF-8"
91 91 Set default system locale. This setting can also be changed inside the running OS using the `dpkg-reconfigure locales` command. Please note that on using this parameter the script will automatically install the required packages `locales`, `keyboard-configuration` and `console-setup`.
92 92
93 93 ##### `TIMEZONE`="Europe/Berlin"
94 94 Set default system timezone. All available timezones can be found in the `/usr/share/zoneinfo/` directory. This setting can also be changed inside the running OS using the `dpkg-reconfigure tzdata` command.
95 95
96 96 ##### `EXPANDROOT`=true
97 97 Expand the root partition and filesystem automatically on first boot.
98 98
99 99 ##### `ENABLE_QEMU`=false
100 100 Generate kernel (`vexpress_defconfig`), file system image (`qcow2`) and DTB files that can be used for QEMU full system emulation (`vexpress-A15`). The output files are stored in the `$(pwd)/images/qemu` directory. You can find more information about running the generated image in the QEMU section of this readme file.
101 101
102 102 ---
103 103
104 104 #### Keyboard settings:
105 105 These options are used to configure keyboard layout in `/etc/default/keyboard` for console and Xorg. These settings can also be changed inside the running OS using the `dpkg-reconfigure keyboard-configuration` command.
106 106
107 107 ##### `XKB_MODEL`=""
108 108 Set the name of the model of your keyboard type.
109 109
110 110 ##### `XKB_LAYOUT`=""
111 111 Set the supported keyboard layout(s).
112 112
113 113 ##### `XKB_VARIANT`=""
114 114 Set the supported variant(s) of the keyboard layout(s).
115 115
116 116 ##### `XKB_OPTIONS`=""
117 117 Set extra xkb configuration options.
118 118
119 119 ---
120 120
121 121 #### Networking settings (DHCP):
122 122 This parameter is used to set up networking auto-configuration in `/etc/systemd/network/eth.network`. The default location of network configuration files in the Debian `stretch` release was changed to `/lib/systemd/network`.`
123 123
124 124 ##### `ENABLE_DHCP`=true
125 125 Set the system to use DHCP. This requires an DHCP server.
126 126
127 127 ---
128 128
129 129 #### Networking settings (static):
130 130 These parameters are used to set up a static networking configuration in `/etc/systemd/network/eth.network`. The following static networking parameters are only supported if `ENABLE_DHCP` was set to `false`. The default location of network configuration files in the Debian `stretch` release was changed to `/lib/systemd/network`.
131 131
132 132 ##### `NET_ADDRESS`=""
133 133 Set a static IPv4 or IPv6 address and its prefix, separated by "/", eg. "192.169.0.3/24".
134 134
135 135 ##### `NET_GATEWAY`=""
136 136 Set the IP address for the default gateway.
137 137
138 138 ##### `NET_DNS_1`=""
139 139 Set the IP address for the first DNS server.
140 140
141 141 ##### `NET_DNS_2`=""
142 142 Set the IP address for the second DNS server.
143 143
144 144 ##### `NET_DNS_DOMAINS`=""
145 145 Set the default DNS search domains to use for non fully qualified hostnames.
146 146
147 147 ##### `NET_NTP_1`=""
148 148 Set the IP address for the first NTP server.
149 149
150 150 ##### `NET_NTP_2`=""
151 151 Set the IP address for the second NTP server.
152 152
153 153 ---
154 154
155 155 #### Basic system features:
156 156 ##### `ENABLE_CONSOLE`=true
157 157 Enable serial console interface. Recommended if no monitor or keyboard is connected to the RPi2/3. In case of problems fe. if the network (auto) configuration failed - the serial console can be used to access the system. On RPI `0` `3` `3P` the CPU speed is locked at lowest speed.
158 158
159 159 ##### `ENABLE_PRINTK`=false
160 160 Enables printing kernel messages to konsole. printk is `3 4 1 3` as in raspbian.
161 161
162 162 ##### `ENABLE_BLUETOOTH`=false
163 163 Enable onboard Bluetooth interface on the RPi0/3/3P. See: [Configuring the GPIO serial port on Raspbian jessie and stretch](https://spellfoundry.com/2016/05/29/configuring-gpio-serial-port-raspbian-jessie-including-pi-3/).
164 164
165 165 ##### `ENABLE_MINIUART_OVERLAY`=false
166 166 Enable Bluetooth to use this. Adds overlay to swap UART0 with UART1. Enabling (slower) Bluetooth and full speed serial console. - RPI `0` `3` `3P` have a fast `hardware UART0` (ttyAMA0) and a `mini UART1` (ttyS0)! RPI `1` `1P` `2` only have a `hardware UART0`. `UART0` is considered better, because is faster and more stable than `mini UART1`. By default the Bluetooth modem is mapped to the `hardware UART0` and `mini UART` is used for console. The `mini UART` is a problem for the serial console, because its baudrate depends on the CPU frequency, which is changing on runtime. Resulting in a volatile baudrate and thus in an unusable serial console.
167 167
168 168 ##### `ENABLE_TURBO`=false
169 169 Enable Turbo mode. This setting locks cpu at the highest frequency. As setting ENABLE_CONSOLE=true locks RPI to lowest CPU speed, this is can be used additionally to lock cpu hat max speed. Need a good power supply and probably cooling for the Raspberry PI.
170 170
171 171 ##### `ENABLE_I2C`=false
172 172 Enable I2C interface on the RPi 0/1/2/3. Please check the [RPi 0/1/2/3 pinout diagrams](https://elinux.org/RPi_Low-level_peripherals) to connect the right GPIO pins.
173 173
174 174 ##### `ENABLE_SPI`=false
175 175 Enable SPI interface on the RPi 0/1/2/3. Please check the [RPi 0/1/2/3 pinout diagrams](https://elinux.org/RPi_Low-level_peripherals) to connect the right GPIO pins.
176 176
177 177 ##### `ENABLE_IPV6`=true
178 178 Enable IPv6 support. The network interface configuration is managed via systemd-networkd.
179 179
180 180 ##### `ENABLE_SSHD`=true
181 181 Install and enable OpenSSH service. The default configuration of the service doesn't allow `root` to login. Please use the user `pi` instead and `su -` or `sudo` to execute commands as root.
182 182
183 183 ##### `ENABLE_NONFREE`=false
184 184 Allow the installation of non-free Debian packages that do not comply with the DFSG. This is required to install closed-source firmware binary blobs.
185 185
186 186 ##### `ENABLE_WIRELESS`=false
187 187 Download and install the [closed-source firmware binary blob](https://github.com/RPi-Distro/firmware-nonfree/raw/master/brcm) that is required to run the internal wireless interface of the Raspberry Pi model `3`. This parameter is ignored if the specified `RPI_MODEL` is not `3`.
188 188
189 189 ##### `ENABLE_RSYSLOG`=true
190 190 If set to false, disable and uninstall rsyslog (so logs will be available only in journal files)
191 191
192 192 ##### `ENABLE_SOUND`=true
193 193 Enable sound hardware and install Advanced Linux Sound Architecture.
194 194
195 195 ##### `ENABLE_HWRANDOM`=true
196 196 Enable Hardware Random Number Generator. Strong random numbers are important for most network-based communications that use encryption. It's recommended to be enabled.
197 197
198 198 ##### `ENABLE_MINGPU`=false
199 199 Minimize the amount of shared memory reserved for the GPU. It doesn't seem to be possible to fully disable the GPU.
200 200
201 201 ##### `ENABLE_DBUS`=true
202 202 Install and enable D-Bus message bus. Please note that systemd should work without D-bus but it's recommended to be enabled.
203 203
204 204 ##### `ENABLE_XORG`=false
205 205 Install Xorg open-source X Window System.
206 206
207 207 ##### `ENABLE_WM`=""
208 208 Install a user-defined window manager for the X Window System. To make sure all X related package dependencies are getting installed `ENABLE_XORG` will automatically get enabled if `ENABLE_WM` is used. The `rpi23-gen-image.sh` script has been tested with the following list of window managers: `blackbox`, `openbox`, `fluxbox`, `jwm`, `dwm`, `xfce4`, `awesome`.
209 209
210 210 ##### `ENABLE_SYSVINIT`=false
211 211 Support for halt,init,poweroff,reboot,runlevel,shutdown,telinit commands
212 212
213 213 ---
214 214
215 215 #### Advanced system features:
216 216 ##### `ENABLE_SYSTEMDSWAP`=false
217 217 Enables [Systemd-swap service](https://github.com/Nefelim4ag/systemd-swap). Usefull if `KERNEL_ZSWAP` is enabled.
218 218
219 219 ##### `ENABLE_MINBASE`=false
220 220 Use debootstrap script variant `minbase` which only includes essential packages and apt. This will reduce the disk usage by about 65 MB.
221 221
222 222 ##### `ENABLE_REDUCE`=false
223 223 Reduce the disk space usage by deleting packages and files. See `REDUCE_*` parameters for detailed information.
224 224
225 225 ##### `ENABLE_UBOOT`=false
226 226 Replace the default RPi 0/1/2/3 second stage bootloader (bootcode.bin) with [U-Boot bootloader](https://git.denx.de/?p=u-boot.git;a=summary). U-Boot can boot images via the network using the BOOTP/TFTP protocol.
227 227
228 228 ##### `UBOOTSRC_DIR`=""
229 229 Path to a directory (`u-boot`) of [U-Boot bootloader sources](https://git.denx.de/?p=u-boot.git;a=summary) that will be copied, configured, build and installed inside the chroot.
230 230
231 231 ##### `ENABLE_FBTURBO`=false
232 232 Install and enable the [hardware accelerated Xorg video driver](https://github.com/ssvb/xf86-video-fbturbo) `fbturbo`. Please note that this driver is currently limited to hardware accelerated window moving and scrolling.
233 233
234 234 ##### `FBTURBOSRC_DIR`=""
235 235 Path to a directory (`xf86-video-fbturbo`) of [hardware accelerated Xorg video driver sources](https://github.com/ssvb/xf86-video-fbturbo) that will be copied, configured, build and installed inside the chroot.
236 236
237 237 ##### `ENABLE_VIDEOCORE`=false
238 238 Install and enable the [ARM side libraries for interfacing to Raspberry Pi GPU](https://github.com/raspberrypi/userland) `vcgencmd`. Please note that this driver is currently limited to hardware accelerated window moving and scrolling.
239 239
240 240 ##### `VIDEOCORESRC_DIR`=""
241 241 Path to a directory (`userland`) of [ARM side libraries for interfacing to Raspberry Pi GPU](https://github.com/raspberrypi/userland) that will be copied, configured, build and installed inside the chroot.
242 242
243 243 ##### `ENABLE_NEXMON`=false
244 244 Install and enable the [Source code for a C-based firmware patching framework for Broadcom/Cypress WiFi chips that enables you to write your own firmware patches, for example, to enable monitor mode with radiotap headers and frame injection](https://github.com/seemoo-lab/nexmon.git).
245 245
246 246 ##### `NEXMONSRC_DIR`=""
247 247 Path to a directory (`nexmon`) of [Source code for ARM side libraries for interfacing to Raspberry Pi GPU](https://github.com/raspberrypi/userland) that will be copied, configured, build and installed inside the chroot.
248 248
249 249 ##### `ENABLE_IPTABLES`=false
250 250 Enable iptables IPv4/IPv6 firewall. Simplified ruleset: Allow all outgoing connections. Block all incoming connections except to OpenSSH service.
251 251
252 252 ##### `ENABLE_USER`=true
253 253 Create non-root user with password `USER_PASSWORD`=raspberry. Unless overridden with `USER_NAME`=user, the username will be `pi`.
254 254
255 255 ##### `USER_NAME`=pi
256 256 Non-root user to create. Ignored if `ENABLE_USER`=false
257 257
258 258 ##### `ENABLE_ROOT`=false
259 259 Set root user password so root login will be enabled
260 260
261 261 ##### `ENABLE_HARDNET`=false
262 262 Enable IPv4/IPv6 network stack hardening settings.
263 263
264 264 ##### `ENABLE_SPLITFS`=false
265 265 Enable having root partition on an USB drive by creating two image files: one for the `/boot/firmware` mount point, and another for `/`.
266 266
267 267 ##### `CHROOT_SCRIPTS`=""
268 268 Path to a directory with scripts that should be run in the chroot before the image is finally built. Every executable file in this directory is run in lexicographical order.
269 269
270 270 ##### `ENABLE_INITRAMFS`=false
271 271 Create an initramfs that that will be loaded during the Linux startup process. `ENABLE_INITRAMFS` will automatically get enabled if `ENABLE_CRYPTFS`=true. This parameter will be ignored if `BUILD_KERNEL`=false.
272 272
273 273 ##### `ENABLE_IFNAMES`=true
274 274 Enable automatic assignment of predictable, stable network interface names for all local Ethernet, WLAN interfaces. This might create complex and long interface names.
275 275
276 ##### `ENABLE_SPLASH`=true
277 Enable default Raspberry Pi boot up rainbow splash screen.
278
279 ##### `ENABLE_LOGO`=true
280 Enable default Raspberry Pi console logo (image of four raspberries in the top left corner).
281
282 ##### `ENABLE_SILENT_BOOT`=false
283 Set the verbosity of console messages shown during boot up to a strict minimum.
284
276 285 ##### `DISABLE_UNDERVOLT_WARNINGS`=
277 286 Disable RPi2/3 under-voltage warnings and overlays. Setting the parameter to `1` will disable the warning overlay. Setting it to `2` will additionally allow RPi2/3 turbo mode when low-voltage is present.
278 287
279 288 ---
280 289
281 290 #### SSH settings:
282 291 ##### `SSH_ENABLE_ROOT`=false
283 292 Enable password-based root login via SSH. This may be a security risk with the default password set, use only in trusted environments. `ENABLE_ROOT` must be set to `true`.
284 293
285 294 ##### `SSH_DISABLE_PASSWORD_AUTH`=false
286 295 Disable password-based SSH authentication. Only public key based SSH (v2) authentication will be supported.
287 296
288 297 ##### `SSH_LIMIT_USERS`=false
289 298 Limit the users that are allowed to login via SSH. Only allow user `USER_NAME`=pi and root if `SSH_ENABLE_ROOT`=true to login. This parameter will be ignored if `dropbear` SSH is used (`REDUCE_SSHD`=true).
290 299
291 300 ##### `SSH_ROOT_PUB_KEY`=""
292 301 Add SSH (v2) public key(s) from specified file to `authorized_keys` file to enable public key based SSH (v2) authentication of user `root`. The specified file can also contain multiple SSH (v2) public keys. SSH protocol version 1 is not supported. `ENABLE_ROOT` **and** `SSH_ENABLE_ROOT` must be set to `true`.
293 302
294 303 ##### `SSH_USER_PUB_KEY`=""
295 304 Add SSH (v2) public key(s) from specified file to `authorized_keys` file to enable public key based SSH (v2) authentication of user `USER_NAME`=pi. The specified file can also contain multiple SSH (v2) public keys. SSH protocol version 1 is not supported.
296 305
297 306 ---
298 307
299 308 #### Kernel compilation:
300 309 ##### `BUILD_KERNEL`=true
301 310 Build and install the latest RPi 0/1/2/3 Linux kernel. Currently only the default RPi 0/1/2/3 kernel configuration is used.
302 311
303 312 ##### `CROSS_COMPILE`="arm-linux-gnueabihf-"
304 313 This sets the cross-compile environment for the compiler.
305 314
306 315 ##### `KERNEL_ARCH`="arm"
307 316 This sets the kernel architecture for the compiler.
308 317
309 318 ##### `KERNEL_IMAGE`="kernel7.img"
310 319 Name of the image file in the boot partition. If not set, `KERNEL_IMAGE` will be set to "kernel8.img" automatically if building for arm64.
311 320
312 321 ##### `KERNEL_BRANCH`=""
313 322 Name of the requested branch from the GIT location for the RPi Kernel. Default is using the current default branch from the GIT site.
314 323
315 324 ##### `QEMU_BINARY`="/usr/bin/qemu-arm-static"
316 325 Sets the QEMU enviornment for the Debian archive. If not set, `QEMU_BINARY` will be set to "/usr/bin/qemu-aarch64-static" automatically if building for arm64.
317 326
318 327 ##### `KERNEL_DEFCONFIG`="bcm2709_defconfig"
319 328 Sets the default config for kernel compiling. If not set, `KERNEL_DEFCONFIG` will be set to "bcmrpi3\_defconfig" automatically if building for arm64.
320 329
321 330 ##### `KERNEL_REDUCE`=false
322 331 Reduce the size of the generated kernel by removing unwanted devices, network and filesystem drivers (experimental).
323 332
324 333 ##### `KERNEL_THREADS`=1
325 334 Number of parallel kernel building threads. If the parameter is left untouched the script will automatically determine the number of CPU cores to set the number of parallel threads to speed the kernel compilation.
326 335
327 336 ##### `KERNEL_HEADERS`=true
328 337 Install kernel headers with the built kernel.
329 338
330 339 ##### `KERNEL_MENUCONFIG`=false
331 340 Start `make menuconfig` interactive menu-driven kernel configuration. The script will continue after `make menuconfig` was terminated.
332 341
333 342 ##### `KERNEL_OLDDEFCONFIG`=false
334 343 Run `make olddefconfig` to automatically set all new kernel configuration options to their recommended default values.
335 344
336 345 ##### `KERNEL_CCACHE`=false
337 346 Compile the kernel using ccache. This speeds up kernel recompilation by caching previous compilations and detecting when the same compilation is being done again.
338 347
339 348 ##### `KERNEL_REMOVESRC`=true
340 349 Remove all kernel sources from the generated OS image after it was built and installed.
341 350
342 351 ##### `KERNELSRC_DIR`=""
343 352 Path to a directory (`linux`) of [RaspberryPi Linux kernel sources](https://github.com/raspberrypi/linux) that will be copied, configured, build and installed inside the chroot.
344 353
345 354 ##### `KERNELSRC_CLEAN`=false
346 355 Clean the existing kernel sources directory `KERNELSRC_DIR` (using `make mrproper`) after it was copied to the chroot and before the compilation of the kernel has started. This parameter will be ignored if no `KERNELSRC_DIR` was specified or if `KERNELSRC_PREBUILT`=true.
347 356
348 357 ##### `KERNELSRC_CONFIG`=true
349 358 Run `make bcm2709_defconfig` (and optional `make menuconfig`) to configure the kernel sources before building. This parameter is automatically set to `true` if no existing kernel sources directory was specified using `KERNELSRC_DIR`. This parameter is ignored if `KERNELSRC_PREBUILT`=true.
350 359
351 360 ##### `KERNELSRC_USRCONFIG`=""
352 361 Copy own config file to kernel `.config`. If `KERNEL_MENUCONFIG`=true then running after copy.
353 362
354 363 ##### `KERNELSRC_PREBUILT`=false
355 364 With this parameter set to true the script expects the existing kernel sources directory to be already successfully cross-compiled. The parameters `KERNELSRC_CLEAN`, `KERNELSRC_CONFIG`, `KERNELSRC_USRCONFIG` and `KERNEL_MENUCONFIG` are ignored and no kernel compilation tasks are performed.
356 365
357 366 ##### `RPI_FIRMWARE_DIR`=""
358 367 The directory (`firmware`) containing a local copy of the firmware from the [RaspberryPi firmware project](https://github.com/raspberrypi/firmware). Default is to download the latest firmware directly from the project.
359 368
360 369 ##### `KERNEL_DEFAULT_GOV`="ONDEMAND"
361 370 Set the default cpu governor at kernel compilation. Supported values are: PERFORMANCE POWERSAVE USERSPACE ONDEMAND CONSERVATIVE SCHEDUTIL
362 371
363 372 ##### `KERNEL_NF`=false
364 373 Enable Netfilter modules as kernel modules
365 374
366 375 ##### `KERNEL_VIRT`=false
367 376 Enable Kernel KVM support (/dev/kvm)
368 377
369 378 ##### `KERNEL_ZSWAP`=false
370 379 Enable Kernel Zswap support. Best use on high RAM load and mediocre CPU load usecases
371 380
372 381 ##### `KERNEL_BPF`=true
373 382 Allow attaching eBPF programs to a cgroup using the bpf syscall (CONFIG_BPF_SYSCALL CONFIG_CGROUP_BPF) [systemd compilations about it - File /lib/systemd/system/systemd-journald.server:36 configures an IP firewall (IPAddressDeny=all), but the local system does not support BPF/cgroup based firewalls]
374 383
375 384 ##### `KERNEL_SECURITY`=false
376 385 Enables Apparmor, integrity subsystem, auditing
377 386 ---
378 387
379 388 #### Reduce disk usage:
380 389 The following list of parameters is ignored if `ENABLE_REDUCE`=false.
381 390
382 391 ##### `REDUCE_APT`=true
383 392 Configure APT to use compressed package repository lists and no package caching files.
384 393
385 394 ##### `REDUCE_DOC`=true
386 395 Remove all doc files (harsh). Configure APT to not include doc files on future `apt-get` package installations.
387 396
388 397 ##### `REDUCE_MAN`=true
389 398 Remove all man pages and info files (harsh). Configure APT to not include man pages on future `apt-get` package installations.
390 399
391 400 ##### `REDUCE_VIM`=false
392 401 Replace `vim-tiny` package by `levee` a tiny vim clone.
393 402
394 403 ##### `REDUCE_BASH`=false
395 404 Remove `bash` package and switch to `dash` shell (experimental).
396 405
397 406 ##### `REDUCE_HWDB`=true
398 407 Remove PCI related hwdb files (experimental).
399 408
400 409 ##### `REDUCE_SSHD`=true
401 410 Replace `openssh-server` with `dropbear`.
402 411
403 412 ##### `REDUCE_LOCALE`=true
404 413 Remove all `locale` translation files.
405 414
406 415 ---
407 416
408 417 #### Encrypted root partition:
409 418 ##### `ENABLE_CRYPTFS`=false
410 419 Enable full system encryption with dm-crypt. Setup a fully LUKS encrypted root partition (aes-xts-plain64:sha512) and generate required initramfs. The /boot directory will not be encrypted. This parameter will be ignored if `BUILD_KERNEL`=false. `ENABLE_CRYPTFS` is experimental. SSH-to-initramfs is currently not supported but will be soon - feel free to help.
411 420
412 421 ##### `CRYPTFS_PASSWORD`=""
413 422 Set password of the encrypted root partition. This parameter is mandatory if `ENABLE_CRYPTFS`=true.
414 423
415 424 ##### `CRYPTFS_MAPPING`="secure"
416 425 Set name of dm-crypt managed device-mapper mapping.
417 426
418 427 ##### `CRYPTFS_CIPHER`="aes-xts-plain64:sha512"
419 428 Set cipher specification string. `aes-xts*` ciphers are strongly recommended.
420 429
421 430 ##### `CRYPTFS_XTSKEYSIZE`=512
422 431 Sets key size in bits. The argument has to be a multiple of 8.
423 432
424 433 ##### `CRYPTFS_DROPBEAR`=false
425 434 Enable Dropbear Initramfs support
426 435
427 436 ##### `CRYPTFS_DROPBEAR_PUBKEY`=""
428 437 Provide path to dropbear Public RSA-OpenSSH Key
429 438
430 439 ---
431 440
432 441 #### Build settings:
433 442 ##### `BASEDIR`=$(pwd)/images/${RELEASE}
434 443 Set a path to a working directory used by the script to generate an image.
435 444
436 445 ##### `IMAGE_NAME`=${BASEDIR}/${DATE}-${KERNEL_ARCH}-${KERNEL_BRANCH}-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}
437 446 Set a filename for the output file(s). Note: the script will create $IMAGE_NAME.img if `ENABLE_SPLITFS`=false or $IMAGE_NAME-frmw.img and $IMAGE_NAME-root.img if `ENABLE_SPLITFS`=true. Note 2: If the KERNEL_BRANCH is not set, the word "CURRENT" is used.
438 447
439 448 ## Understanding the script
440 449 The functions of this script that are required for the different stages of the bootstrapping are split up into single files located inside the `bootstrap.d` directory. During the bootstrapping every script in this directory gets executed in lexicographical order:
441 450
442 451 | Script | Description |
443 452 | --- | --- |
444 453 | `10-bootstrap.sh` | Debootstrap basic system |
445 454 | `11-apt.sh` | Setup APT repositories |
446 455 | `12-locale.sh` | Setup Locales and keyboard settings |
447 456 | `13-kernel.sh` | Build and install RPi 0/1/2/3 Kernel |
448 457 | `14-fstab.sh` | Setup fstab and initramfs |
449 458 | `15-rpi-config.sh` | Setup RPi 0/1/2/3 config and cmdline |
450 459 | `20-networking.sh` | Setup Networking |
451 460 | `21-firewall.sh` | Setup Firewall |
452 461 | `30-security.sh` | Setup Users and Security settings |
453 462 | `31-logging.sh` | Setup Logging |
454 463 | `32-sshd.sh` | Setup SSH and public keys |
455 464 | `41-uboot.sh` | Build and Setup U-Boot |
456 465 | `42-fbturbo.sh` | Build and Setup fbturbo Xorg driver |
457 466 | `43-videocore.sh` | Build and Setup videocore libraries |
458 467 | `50-firstboot.sh` | First boot actions |
459 468 | `99-reduce.sh` | Reduce the disk space usage |
460 469
461 470 All the required configuration files that will be copied to the generated OS image are located inside the `files` directory. It is not recommended to modify these configuration files manually.
462 471
463 472 | Directory | Description |
464 473 | --- | --- |
465 474 | `apt` | APT management configuration files |
466 475 | `boot` | Boot and RPi 0/1/2/3 configuration files |
467 476 | `dpkg` | Package Manager configuration |
468 477 | `etc` | Configuration files and rc scripts |
469 478 | `firstboot` | Scripts that get executed on first boot |
470 479 | `initramfs` | Initramfs scripts |
471 480 | `iptables` | Firewall configuration files |
472 481 | `locales` | Locales configuration |
473 482 | `modules` | Kernel Modules configuration |
474 483 | `mount` | Fstab configuration |
475 484 | `network` | Networking configuration files |
476 485 | `sysctl.d` | Swapping and Network Hardening configuration |
477 486 | `xorg` | fbturbo Xorg driver configuration |
478 487
479 488 ## Custom packages and scripts
480 489 Debian custom packages, i.e. those not in the debian repositories, can be installed by placing them in the `packages` directory. They are installed immediately after packages from the repositories are installed. Any dependencies listed in the custom packages will be downloaded automatically from the repositories. Do not list these custom packages in `APT_INCLUDES`.
481 490
482 491 Scripts in the custom.d directory will be executed after all other installation is complete but before the image is created.
483 492
484 493 ## Logging of the bootstrapping process
485 494 All information related to the bootstrapping process and the commands executed by the `rpi23-gen-image.sh` script can easily be saved into a logfile. The common shell command `script` can be used for this purpose:
486 495
487 496 ```shell
488 497 script -c 'APT_SERVER=ftp.de.debian.org ./rpi23-gen-image.sh' ./build.log
489 498 ```
490 499
491 500 ## Flashing the image file
492 501 After the image file was successfully created by the `rpi23-gen-image.sh` script it can be copied to the microSD card that will be used by the RPi 0/1/2/3 computer. This can be performed by using the tools `bmaptool` or `dd`. Using `bmaptool` will probably speed-up the copy process because `bmaptool` copies more wisely than `dd`.
493 502
494 503 ##### Flashing examples:
495 504 ```shell
496 505 bmaptool copy ./images/buster/2017-01-23-rpi3-buster.img /dev/mmcblk0
497 506 dd bs=4M if=./images/buster/2017-01-23-rpi3-buster.img of=/dev/mmcblk0
498 507 ```
499 508 If you have set `ENABLE_SPLITFS`, copy the `-frmw` image on the microSD card, then the `-root` one on the USB drive:
500 509 ```shell
501 510 bmaptool copy ./images/buster/2017-01-23-rpi3-buster-frmw.img /dev/mmcblk0
502 511 bmaptool copy ./images/buster/2017-01-23-rpi3-buster-root.img /dev/sdc
503 512 ```
504 513
505 514 ## QEMU emulation
506 515 Start QEMU full system emulation:
507 516 ```shell
508 517 qemu-system-arm -m 2048M -M vexpress-a15 -cpu cortex-a15 -kernel kernel7.img -no-reboot -dtb vexpress-v2p-ca15_a7.dtb -sd ${IMAGE_NAME}.qcow2 -append "root=/dev/mmcblk0p2 rw rootfstype=ext4 console=tty1"
509 518 ```
510 519
511 520 Start QEMU full system emulation and output to console:
512 521 ```shell
513 522 qemu-system-arm -m 2048M -M vexpress-a15 -cpu cortex-a15 -kernel kernel7.img -no-reboot -dtb vexpress-v2p-ca15_a7.dtb -sd ${IMAGE_NAME}.qcow2 -append "root=/dev/mmcblk0p2 rw rootfstype=ext4 console=ttyAMA0,115200 init=/bin/systemd" -serial stdio
514 523 ```
515 524
516 525 Start QEMU full system emulation with SMP and output to console:
517 526 ```shell
518 527 qemu-system-arm -m 2048M -M vexpress-a15 -cpu cortex-a15 -smp cpus=2,maxcpus=2 -kernel kernel7.img -no-reboot -dtb vexpress-v2p-ca15_a7.dtb -sd ${IMAGE_NAME}.qcow2 -append "root=/dev/mmcblk0p2 rw rootfstype=ext4 console=ttyAMA0,115200 init=/bin/systemd" -serial stdio
519 528 ```
520 529
521 530 Start QEMU full system emulation with cryptfs, initramfs and output to console:
522 531 ```shell
523 532 qemu-system-arm -m 2048M -M vexpress-a15 -cpu cortex-a15 -kernel kernel7.img -no-reboot -dtb vexpress-v2p-ca15_a7.dtb -sd ${IMAGE_NAME}.qcow2 -initrd "initramfs-${KERNEL_VERSION}" -append "root=/dev/mapper/secure cryptdevice=/dev/mmcblk0p2:secure rw rootfstype=ext4 console=ttyAMA0,115200 init=/bin/systemd" -serial stdio
524 533 ```
525 534
526 535 ## External links and references
527 536 * [Debian worldwide mirror sites](https://www.debian.org/mirror/list)
528 537 * [Debian Raspberry Pi 2 Wiki](https://wiki.debian.org/RaspberryPi2)
529 538 * [Debian CrossToolchains Wiki](https://wiki.debian.org/CrossToolchains)
530 539 * [Official Raspberry Pi Firmware on github](https://github.com/raspberrypi/firmware)
531 540 * [Official Raspberry Pi Kernel on github](https://github.com/raspberrypi/linux)
532 541 * [U-BOOT git repository](https://git.denx.de/?p=u-boot.git;a=summary)
533 542 * [Xorg DDX driver fbturbo](https://github.com/ssvb/xf86-video-fbturbo)
534 543 * [RPi3 Wireless interface firmware](https://github.com/RPi-Distro/firmware-nonfree/tree/master/brcm80211/brcm)
535 544 * [Collabora RPi2 Kernel precompiled](https://repositories.collabora.co.uk/debian/)
Show file before | Show file after | Hide comments
@@ -1,265 +1,280
1 1 #
2 2 # Setup RPi2/3 config and cmdline
3 3 #
4 4
5 5 # Load utility functions
6 6 . ./functions.sh
7 7
8 8 if [ -n "$RPI_FIRMWARE_DIR" ] && [ -d "$RPI_FIRMWARE_DIR" ] ; then
9 9 # Install boot binaries from local directory
10 10 cp "${RPI_FIRMWARE_DIR}"/boot/bootcode.bin "${BOOT_DIR}"/bootcode.bin
11 11 cp "${RPI_FIRMWARE_DIR}"/boot/fixup.dat "${BOOT_DIR}"/fixup.dat
12 12 cp "${RPI_FIRMWARE_DIR}"/boot/fixup_cd.dat "${BOOT_DIR}"/fixup_cd.dat
13 13 cp "${RPI_FIRMWARE_DIR}"/boot/fixup_x.dat "${BOOT_DIR}"/fixup_x.dat
14 14 cp "${RPI_FIRMWARE_DIR}"/boot/start.elf "${BOOT_DIR}"/start.elf
15 15 cp "${RPI_FIRMWARE_DIR}"/boot/start_cd.elf "${BOOT_DIR}"/start_cd.elf
16 16 cp "${RPI_FIRMWARE_DIR}"/boot/start_x.elf "${BOOT_DIR}"/start_x.elf
17 17 else
18 18 # Create temporary directory for boot binaries
19 19 temp_dir=$(as_nobody mktemp -d)
20 20
21 21 # Install latest boot binaries from raspberry/firmware github
22 22 as_nobody wget -q -O "${temp_dir}/bootcode.bin" "${FIRMWARE_URL}/bootcode.bin"
23 23 as_nobody wget -q -O "${temp_dir}/fixup.dat" "${FIRMWARE_URL}/fixup.dat"
24 24 as_nobody wget -q -O "${temp_dir}/fixup_cd.dat" "${FIRMWARE_URL}/fixup_cd.dat"
25 25 as_nobody wget -q -O "${temp_dir}/fixup_x.dat" "${FIRMWARE_URL}/fixup_x.dat"
26 26 as_nobody wget -q -O "${temp_dir}/start.elf" "${FIRMWARE_URL}/start.elf"
27 27 as_nobody wget -q -O "${temp_dir}/start_cd.elf" "${FIRMWARE_URL}/start_cd.elf"
28 28 as_nobody wget -q -O "${temp_dir}/start_x.elf" "${FIRMWARE_URL}/start_x.elf"
29 29
30 30 # Move downloaded boot binaries
31 31 mv "${temp_dir}/"* "${BOOT_DIR}/"
32 32
33 33 # Remove temporary directory for boot binaries
34 34 rm -fr "${temp_dir}"
35 35
36 36 # Set permissions of the boot binaries
37 37 chown -R root:root "${BOOT_DIR}"
38 38 chmod -R 600 "${BOOT_DIR}"
39 39 fi
40 40
41 41 # Setup firmware boot cmdline
42 42 if [ "$ENABLE_SPLITFS" = true ] ; then
43 43 CMDLINE="dwc_otg.lpm_enable=0 root=/dev/sda1 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline rootwait console=tty1 init=/bin/systemd"
44 44 else
45 45 CMDLINE="dwc_otg.lpm_enable=0 root=/dev/mmcblk0p2 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline rootwait console=tty1 init=/bin/systemd"
46 46 fi
47 47
48 48 # Add encrypted root partition to cmdline.txt
49 49 if [ "$ENABLE_CRYPTFS" = true ] ; then
50 50 if [ "$ENABLE_SPLITFS" = true ] ; then
51 51 CMDLINE=$(echo "${CMDLINE}" | sed "s/sda1/mapper\/${CRYPTFS_MAPPING} cryptdevice=\/dev\/sda1:${CRYPTFS_MAPPING}/")
52 52 else
53 53 CMDLINE=$(echo "${CMDLINE}" | sed "s/mmcblk0p2/mapper\/${CRYPTFS_MAPPING} cryptdevice=\/dev\/mmcblk0p2:${CRYPTFS_MAPPING}/")
54 54 fi
55 55 fi
56 56
57 57 # Enable Kernel messages on standard output
58 58 if [ "$ENABLE_PRINTK" = true ] ; then
59 59 install_readonly files/sysctl.d/83-rpi-printk.conf "${ETC_DIR}/sysctl.d/83-rpi-printk.conf"
60 60 fi
61 61
62 62 # Install udev rule for serial alias - serial0 = console serial1=bluetooth
63 63 install_readonly files/etc/99-com.rules "${LIB_DIR}/udev/rules.d/99-com.rules"
64 64
65 65 # Remove IPv6 networking support
66 66 if [ "$ENABLE_IPV6" = false ] ; then
67 67 CMDLINE="${CMDLINE} ipv6.disable=1"
68 68 fi
69 69
70 70 # Automatically assign predictable network interface names
71 71 if [ "$ENABLE_IFNAMES" = false ] ; then
72 72 CMDLINE="${CMDLINE} net.ifnames=0"
73 73 else
74 74 CMDLINE="${CMDLINE} net.ifnames=1"
75 75 fi
76 76
77 # Disable Raspberry Pi console logo
78 if [ "$ENABLE_LOGO" = false ] ; then
79 CMDLINE="${CMDLINE} logo.nologo"
80 fi
81
82 # Strictly limit verbosity of boot up console messages
83 if [ "$ENABLE_SILENT_BOOT" = true ] ; then
84 CMDLINE="${CMDLINE} quiet loglevel=0 rd.systemd.show_status=auto rd.udev.log_priority=0"
85 fi
86
77 87 # Install firmware config
78 88 install_readonly files/boot/config.txt "${BOOT_DIR}/config.txt"
79 89
90 # Disable Raspberry Pi console logo
91 if [ "$ENABLE_SLASH" = false ] ; then
92 echo "disable_splash=1" >> "${BOOT_DIR}/config.txt"
93 fi
94
80 95 # Locks CPU frequency at maximum
81 96 if [ "$ENABLE_TURBO" = true ] ; then
82 97 echo "force_turbo=1" >> "${BOOT_DIR}/config.txt"
83 98 # helps to avoid sdcard corruption when force_turbo is enabled.
84 99 echo "boot_delay=1" >> "${BOOT_DIR}/config.txt"
85 100 fi
86 101
87 102 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then
88 103
89 104 # Bluetooth enabled
90 105 if [ "$ENABLE_BLUETOOTH" = true ] ; then
91 106 # Create temporary directory for Bluetooth sources
92 107 temp_dir=$(as_nobody mktemp -d)
93 108
94 109 # Fetch Bluetooth sources
95 110 as_nobody git -C "${temp_dir}" clone "${BLUETOOTH_URL}"
96 111
97 112 # Copy downloaded sources
98 113 mv "${temp_dir}/pi-bluetooth" "${R}/tmp/"
99 114
100 115 # Bluetooth firmware from arch aur https://aur.archlinux.org/packages/pi-bluetooth/
101 116 as_nobody wget -q -O "${R}/tmp/pi-bluetooth/LICENCE.broadcom_bcm43xx" https://aur.archlinux.org/cgit/aur.git/plain/LICENCE.broadcom_bcm43xx?h=pi-bluetooth
102 117 as_nobody wget -q -O "${R}/tmp/pi-bluetooth/BCM43430A1.hcd" https://aur.archlinux.org/cgit/aur.git/plain/BCM43430A1.hcd?h=pi-bluetooth
103 118
104 119 # Set permissions
105 120 chown -R root:root "${R}/tmp/pi-bluetooth"
106 121
107 122 # Install tools
108 123 install_readonly "${R}/tmp/pi-bluetooth/usr/bin/btuart" "${R}/usr/bin/btuart"
109 124 install_readonly "${R}/tmp/pi-bluetooth/usr/bin/bthelper" "${R}/usr/bin/bthelper"
110 125
111 126 # make scripts executable
112 127 chmod +x "${R}/usr/bin/bthelper"
113 128 chmod +x "${R}/usr/bin/btuart"
114 129
115 130 # Install bluetooth udev rule
116 131 install_readonly "${R}/tmp/pi-bluetooth/lib/udev/rules.d/90-pi-bluetooth.rules" "${LIB_DIR}/udev/rules.d/90-pi-bluetooth.rules"
117 132
118 133 # Install Firmware Flash file and apropiate licence
119 134 mkdir -p "$BLUETOOTH_FIRMWARE_DIR"
120 135 install_readonly "${R}/tmp/pi-bluetooth/LICENCE.broadcom_bcm43xx" "${BLUETOOTH_FIRMWARE_DIR}/LICENCE.broadcom_bcm43xx"
121 136 install_readonly "${R}/tmp/pi-bluetooth/BCM43430A1.hcd" "${BLUETOOTH_FIRMWARE_DIR}/LICENCE.broadcom_bcm43xx"
122 137 install_readonly "${R}/tmp/pi-bluetooth/debian/pi-bluetooth.bthelper@.service" "${ETC_DIR}/systemd/system/pi-bluetooth.bthelper@.service"
123 138 install_readonly "${R}/tmp/pi-bluetooth/debian/pi-bluetooth.hciuart.service" "${ETC_DIR}/systemd/system/pi-bluetooth.hciuart.service"
124 139
125 140 # Remove temporary directories
126 141 rm -fr "${temp_dir}"
127 142 rm -fr "${R}"/tmp/pi-bluetooth
128 143
129 144 # Switch Pi3 Bluetooth function to use the mini-UART (ttyS0) and restore UART0/ttyAMA0 over GPIOs 14 & 15. Slow Bluetooth and slow cpu. Use /dev/ttyS0 instead of /dev/ttyAMA0
130 145 if [ "$ENABLE_MINIUART_OVERLAY" = true ] ; then
131 146
132 147 # set overlay to swap ttyAMA0 and ttyS0
133 148 echo "dtoverlay=pi3-miniuart-bt" >> "${BOOT_DIR}/config.txt"
134 149
135 150 # if force_turbo didn't lock cpu at high speed, lock it at low speed (XOR logic) or miniuart will be broken
136 151 if [ "$ENABLE_TURBO" = false ] ; then
137 152 echo "core_freq=250" >> "${BOOT_DIR}/config.txt"
138 153 fi
139 154 fi
140 155
141 156 # Activate services
142 157 chroot_exec systemctl enable pi-bluetooth.hciuart.service
143 158
144 159 else # if ENABLE_BLUETOOTH = false
145 160 # set overlay to disable bluetooth
146 161 echo "dtoverlay=pi3-disable-bt" >> "${BOOT_DIR}/config.txt"
147 162 fi # ENABLE_BLUETOOTH end
148 163 fi
149 164
150 165 # may need sudo systemctl disable hciuart
151 166 if [ "$ENABLE_CONSOLE" = true ] ; then
152 167 echo "enable_uart=1" >> "${BOOT_DIR}/config.txt"
153 168 # add string to cmdline
154 169 CMDLINE="${CMDLINE} console=serial0,115200"
155 170
156 171 # Enable serial console systemd style
157 172 chroot_exec systemctl enable serial-getty\@serial0.service
158 173 else
159 174 echo "enable_uart=0" >> "${BOOT_DIR}/config.txt"
160 175
161 176 # disable serial console systemd style
162 177 chroot_exec systemctl disable serial-getty\@"$SET_SERIAL".service
163 178 fi
164 179
165 180 if [ "$ENABLE_SYSTEMDSWAP" = true ] ; then
166 181 # Create temporary directory for systemd-swap sources
167 182 temp_dir=$(as_nobody mktemp -d)
168 183
169 184 # Fetch systemd-swap sources
170 185 as_nobody git -C "${temp_dir}" clone "${SYSTEMDSWAP_URL}"
171 186
172 187 # Copy downloaded systemd-swap sources
173 188 mv "${temp_dir}/systemd-swap" "${R}/tmp/"
174 189
175 190 # Set permissions of the systemd-swap sources
176 191 chown -R root:root "${R}/tmp/systemd-swap"
177 192
178 193 # Remove temporary directory for systemd-swap sources
179 194 rm -fr "${temp_dir}"
180 195
181 196 # Change into downloaded src dir
182 197 cd "${R}/tmp/systemd-swap" || exit
183 198
184 199 # Build package
185 200 . ./package.sh debian
186 201
187 202 # Install package
188 203 chroot_exec dpkg -i /tmp/systemd-swap/systemd-swap-*any.deb
189 204
190 205 # Enable service
191 206 chroot_exec systemctl enable systemd-swap
192 207
193 208 # Change back into script root dir
194 209 cd "${WORKDIR}" || exit
195 210 else
196 211 # Enable ZSWAP in cmdline if systemd-swap is not used
197 212 if [ "$KERNEL_ZSWAP" = true ] ; then
198 213 CMDLINE="${CMDLINE} zswap.enabled=1 zswap.max_pool_percent=25 zswap.compressor=lz4"
199 214 fi
200 215 fi
201 216
202 217 if [ "$KERNEL_SECURITY" = true ] ; then
203 218 CMDLINE="${CMDLINE} apparmor=1 security=apparmor"
204 219 fi
205 220
206 221 # Install firmware boot cmdline
207 222 echo "${CMDLINE}" > "${BOOT_DIR}/cmdline.txt"
208 223
209 224 # Setup minimal GPU memory allocation size: 16MB (no X)
210 225 if [ "$ENABLE_MINGPU" = true ] ; then
211 226 echo "gpu_mem=16" >> "${BOOT_DIR}/config.txt"
212 227 fi
213 228
214 229 # Setup boot with initramfs
215 230 if [ "$ENABLE_INITRAMFS" = true ] ; then
216 231 echo "initramfs initramfs-${KERNEL_VERSION} followkernel" >> "${BOOT_DIR}/config.txt"
217 232 fi
218 233
219 234 # Create firmware configuration and cmdline symlinks
220 235 ln -sf firmware/config.txt "${R}/boot/config.txt"
221 236 ln -sf firmware/cmdline.txt "${R}/boot/cmdline.txt"
222 237
223 238 # Install and setup kernel modules to load at boot
224 239 mkdir -p "${LIB_DIR}/modules-load.d/"
225 240 install_readonly files/modules/rpi2.conf "${LIB_DIR}/modules-load.d/rpi2.conf"
226 241
227 242 # Load hardware random module at boot
228 243 if [ "$ENABLE_HWRANDOM" = true ] && [ "$BUILD_KERNEL" = false ] ; then
229 244 sed -i "s/^# bcm2708_rng/bcm2708_rng/" "${LIB_DIR}/modules-load.d/rpi2.conf"
230 245 fi
231 246
232 247 # Load sound module at boot
233 248 if [ "$ENABLE_SOUND" = true ] ; then
234 249 sed -i "s/^# snd_bcm2835/snd_bcm2835/" "${LIB_DIR}/modules-load.d/rpi2.conf"
235 250 else
236 251 echo "dtparam=audio=off" >> "${BOOT_DIR}/config.txt"
237 252 fi
238 253
239 254 # Enable I2C interface
240 255 if [ "$ENABLE_I2C" = true ] ; then
241 256 echo "dtparam=i2c_arm=on" >> "${BOOT_DIR}/config.txt"
242 257 sed -i "s/^# i2c-bcm2708/i2c-bcm2708/" "${LIB_DIR}/modules-load.d/rpi2.conf"
243 258 sed -i "s/^# i2c-dev/i2c-dev/" "${LIB_DIR}/modules-load.d/rpi2.conf"
244 259 fi
245 260
246 261 # Enable SPI interface
247 262 if [ "$ENABLE_SPI" = true ] ; then
248 263 echo "dtparam=spi=on" >> "${BOOT_DIR}/config.txt"
249 264 echo "spi-bcm2708" >> "${LIB_DIR}/modules-load.d/rpi2.conf"
250 265 if [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ]; then
251 266 sed -i "s/spi-bcm2708/spi-bcm2835/" "${LIB_DIR}/modules-load.d/rpi2.conf"
252 267 fi
253 268 fi
254 269
255 270 # Disable RPi2/3 under-voltage warnings
256 271 if [ -n "$DISABLE_UNDERVOLT_WARNINGS" ] ; then
257 272 echo "avoid_warnings=${DISABLE_UNDERVOLT_WARNINGS}" >> "${BOOT_DIR}/config.txt"
258 273 fi
259 274
260 275 # Install kernel modules blacklist
261 276 mkdir -p "${ETC_DIR}/modprobe.d/"
262 277 install_readonly files/modules/raspi-blacklist.conf "${ETC_DIR}/modprobe.d/raspi-blacklist.conf"
263 278
264 279 # Install sysctl.d configuration files
265 280 install_readonly files/sysctl.d/81-rpi-vm.conf "${ETC_DIR}/sysctl.d/81-rpi-vm.conf"
Show file before | Show file after | Hide comments
@@ -1,864 +1,867
1 1 #!/bin/sh
2 2 ########################################################################
3 3 # rpi23-gen-image.sh 2015-2017
4 4 #
5 5 # Advanced Debian "stretch" and "buster" bootstrap script for Raspberry Pi
6 6 #
7 7 # This program is free software; you can redistribute it and/or
8 8 # modify it under the terms of the GNU General Public License
9 9 # as published by the Free Software Foundation; either version 2
10 10 # of the License, or (at your option) any later version.
11 11 #
12 12 # Copyright (C) 2015 Jan Wagner <mail@jwagner.eu>
13 13 #
14 14 # Big thanks for patches and enhancements by 20+ github contributors!
15 15 ########################################################################
16 16
17 17 # Are we running as root?
18 18 if [ "$(id -u)" -ne "0" ] ; then
19 19 echo "error: this script must be executed with root privileges!"
20 20 exit 1
21 21 fi
22 22
23 23 # Check if ./functions.sh script exists
24 24 if [ ! -r "./functions.sh" ] ; then
25 25 echo "error: './functions.sh' required script not found!"
26 26 exit 1
27 27 fi
28 28
29 29 # Load utility functions
30 30 . ./functions.sh
31 31
32 32 # Load parameters from configuration template file
33 33 if [ -n "$CONFIG_TEMPLATE" ] ; then
34 34 use_template
35 35 fi
36 36
37 37 # Introduce settings
38 38 set -e
39 39 echo -n -e "\n#\n# RPi 0/1/2/3 Bootstrap Settings\n#\n"
40 40 set -x
41 41
42 42 # Raspberry Pi model configuration
43 43 RPI_MODEL=${RPI_MODEL:=2}
44 44
45 45 # Debian release
46 46 RELEASE=${RELEASE:=buster}
47 47
48 48 # Kernel Branch
49 49 KERNEL_BRANCH=${KERNEL_BRANCH:=""}
50 50
51 51 # URLs
52 52 KERNEL_URL=${KERNEL_URL:=https://github.com/raspberrypi/linux}
53 53 FIRMWARE_URL=${FIRMWARE_URL:=https://github.com/raspberrypi/firmware/raw/master/boot}
54 54 WLAN_FIRMWARE_URL=${WLAN_FIRMWARE_URL:=https://github.com/RPi-Distro/firmware-nonfree/raw/master/brcm}
55 55 COLLABORA_URL=${COLLABORA_URL:=https://repositories.collabora.co.uk/debian}
56 56 FBTURBO_URL=${FBTURBO_URL:=https://github.com/ssvb/xf86-video-fbturbo.git}
57 57 UBOOT_URL=${UBOOT_URL:=https://git.denx.de/u-boot.git}
58 58 VIDEOCORE_URL=${VIDEOCORE_URL:=https://github.com/raspberrypi/userland}
59 59 BLUETOOTH_URL=${BLUETOOTH_URL:=https://github.com/RPi-Distro/pi-bluetooth.git}
60 60 NEXMON_URL=${NEXMON_URL:=https://github.com/seemoo-lab/nexmon.git}
61 61 SYSTEMDSWAP_URL=${SYSTEMDSWAP_URL:=https://github.com/Nefelim4ag/systemd-swap.git}
62 62
63 63 # Kernel deb packages for 32bit kernel
64 64 RPI_32_KERNEL_URL=${RPI_32_KERNEL_URL:=https://github.com/hypriot/rpi-kernel/releases/download/v4.14.34/raspberrypi-kernel_20180422-141901_armhf.deb}
65 65 RPI_32_KERNELHEADER_URL=${RPI_32_KERNELHEADER_URL:=https://github.com/hypriot/rpi-kernel/releases/download/v4.14.34/raspberrypi-kernel-headers_20180422-141901_armhf.deb}
66 66 # Kernel has KVM and zswap enabled - use if KERNEL_* parameters and precompiled kernel are used
67 67 RPI3_64_BIS_KERNEL_URL=${RPI3_64_BIS_KERNEL_URL:=https://github.com/sakaki-/bcmrpi3-kernel-bis/releases/download/4.14.80.20181113/bcmrpi3-kernel-bis-4.14.80.20181113.tar.xz}
68 68 # Default precompiled 64bit kernel
69 69 RPI3_64_DEF_KERNEL_URL=${RPI3_64_DEF_KERNEL_URL:=https://github.com/sakaki-/bcmrpi3-kernel/releases/download/4.14.80.20181113/bcmrpi3-kernel-4.14.80.20181113.tar.xz}
70 70 # Generic
71 71 RPI3_64_KERNEL_URL=${RPI3_64_KERNEL_URL:=$RPI3_64_DEF_KERNEL_URL}
72 72 # Kali kernel src - used if ENABLE_NEXMON=true (they patch the wlan kernel modul)
73 73 KALI_KERNEL_URL=${KALI_KERNEL_URL:=https://github.com/Re4son/re4son-raspberrypi-linux.git}
74 74
75 75 # Build directories
76 76 WORKDIR=$(pwd)
77 77 BASEDIR=${BASEDIR:=${WORKDIR}/images/${RELEASE}}
78 78 BUILDDIR="${BASEDIR}/build"
79 79
80 80 # Chroot directories
81 81 R="${BUILDDIR}/chroot"
82 82 ETC_DIR="${R}/etc"
83 83 LIB_DIR="${R}/lib"
84 84 BOOT_DIR="${R}/boot/firmware"
85 85 KERNEL_DIR="${R}/usr/src/linux"
86 86 WLAN_FIRMWARE_DIR="${LIB_DIR}/firmware/brcm"
87 87 BLUETOOTH_FIRMWARE_DIR="${ETC_DIR}/firmware/bt"
88 88
89 89 # Firmware directory: Blank if download from github
90 90 RPI_FIRMWARE_DIR=${RPI_FIRMWARE_DIR:=""}
91 91
92 92 # General settings
93 93 SET_ARCH=${SET_ARCH:=32}
94 94 HOSTNAME=${HOSTNAME:=rpi${RPI_MODEL}-${RELEASE}}
95 95 PASSWORD=${PASSWORD:=raspberry}
96 96 USER_PASSWORD=${USER_PASSWORD:=raspberry}
97 97 DEFLOCAL=${DEFLOCAL:="en_US.UTF-8"}
98 98 TIMEZONE=${TIMEZONE:="Europe/Berlin"}
99 99 EXPANDROOT=${EXPANDROOT:=true}
100 100
101 101 # Keyboard settings
102 102 XKB_MODEL=${XKB_MODEL:=""}
103 103 XKB_LAYOUT=${XKB_LAYOUT:=""}
104 104 XKB_VARIANT=${XKB_VARIANT:=""}
105 105 XKB_OPTIONS=${XKB_OPTIONS:=""}
106 106
107 107 # Network settings (DHCP)
108 108 ENABLE_DHCP=${ENABLE_DHCP:=true}
109 109
110 110 # Network settings (static)
111 111 NET_ADDRESS=${NET_ADDRESS:=""}
112 112 NET_GATEWAY=${NET_GATEWAY:=""}
113 113 NET_DNS_1=${NET_DNS_1:=""}
114 114 NET_DNS_2=${NET_DNS_2:=""}
115 115 NET_DNS_DOMAINS=${NET_DNS_DOMAINS:=""}
116 116 NET_NTP_1=${NET_NTP_1:=""}
117 117 NET_NTP_2=${NET_NTP_2:=""}
118 118
119 119 # APT settings
120 120 APT_PROXY=${APT_PROXY:=""}
121 121 APT_SERVER=${APT_SERVER:="ftp.debian.org"}
122 122 KEEP_APT_PROXY=${KEEP_APT_PROXY:=false}
123 123
124 124 # Feature settings
125 125 ENABLE_PRINTK=${ENABLE_PRINTK:=false}
126 126 ENABLE_BLUETOOTH=${ENABLE_BLUETOOTH:=false}
127 127 ENABLE_MINIUART_OVERLAY=${ENABLE_MINIUART_OVERLAY:=false}
128 128 ENABLE_CONSOLE=${ENABLE_CONSOLE:=true}
129 129 ENABLE_I2C=${ENABLE_I2C:=false}
130 130 ENABLE_SPI=${ENABLE_SPI:=false}
131 131 ENABLE_IPV6=${ENABLE_IPV6:=true}
132 132 ENABLE_SSHD=${ENABLE_SSHD:=true}
133 133 ENABLE_NONFREE=${ENABLE_NONFREE:=false}
134 134 ENABLE_WIRELESS=${ENABLE_WIRELESS:=false}
135 135 ENABLE_SOUND=${ENABLE_SOUND:=true}
136 136 ENABLE_DBUS=${ENABLE_DBUS:=true}
137 137 ENABLE_HWRANDOM=${ENABLE_HWRANDOM:=true}
138 138 ENABLE_MINGPU=${ENABLE_MINGPU:=false}
139 139 ENABLE_XORG=${ENABLE_XORG:=false}
140 140 ENABLE_WM=${ENABLE_WM:=""}
141 141 ENABLE_RSYSLOG=${ENABLE_RSYSLOG:=true}
142 142 ENABLE_USER=${ENABLE_USER:=true}
143 143 USER_NAME=${USER_NAME:="pi"}
144 144 ENABLE_ROOT=${ENABLE_ROOT:=false}
145 145 ENABLE_QEMU=${ENABLE_QEMU:=false}
146 146 ENABLE_SYSVINIT=${ENABLE_SYSVINIT:=false}
147 147
148 148 # SSH settings
149 149 SSH_ENABLE_ROOT=${SSH_ENABLE_ROOT:=false}
150 150 SSH_DISABLE_PASSWORD_AUTH=${SSH_DISABLE_PASSWORD_AUTH:=false}
151 151 SSH_LIMIT_USERS=${SSH_LIMIT_USERS:=false}
152 152 SSH_ROOT_PUB_KEY=${SSH_ROOT_PUB_KEY:=""}
153 153 SSH_USER_PUB_KEY=${SSH_USER_PUB_KEY:=""}
154 154
155 155 # Advanced settings
156 156 ENABLE_SYSTEMDSWAP=${ENABLE_SYSTEMDSWAP:=false}
157 157 ENABLE_MINBASE=${ENABLE_MINBASE:=false}
158 158 ENABLE_REDUCE=${ENABLE_REDUCE:=false}
159 159 ENABLE_UBOOT=${ENABLE_UBOOT:=false}
160 160 UBOOTSRC_DIR=${UBOOTSRC_DIR:=""}
161 161 ENABLE_UBOOTUSB=${ENABLE_UBOOTUSB=false}
162 162 ENABLE_FBTURBO=${ENABLE_FBTURBO:=false}
163 163 ENABLE_VIDEOCORE=${ENABLE_VIDEOCORE:=false}
164 164 ENABLE_NEXMON=${ENABLE_NEXMON:=false}
165 165 VIDEOCORESRC_DIR=${VIDEOCORESRC_DIR:=""}
166 166 FBTURBOSRC_DIR=${FBTURBOSRC_DIR:=""}
167 167 NEXMONSRC_DIR=${NEXMONSRC_DIR:=""}
168 168 ENABLE_HARDNET=${ENABLE_HARDNET:=false}
169 169 ENABLE_IPTABLES=${ENABLE_IPTABLES:=false}
170 170 ENABLE_SPLITFS=${ENABLE_SPLITFS:=false}
171 171 ENABLE_INITRAMFS=${ENABLE_INITRAMFS:=false}
172 172 ENABLE_IFNAMES=${ENABLE_IFNAMES:=true}
173 ENABLE_SPLASH=${ENABLE_SPLASH:=true}
174 ENABLE_LOGO=${ENABLE_LOGO:=true}
175 ENABLE_SILENT_BOOT=${ENABLE_SILENT_BOOT=false}
173 176 DISABLE_UNDERVOLT_WARNINGS=${DISABLE_UNDERVOLT_WARNINGS:=}
174 177
175 178 # Kernel compilation settings
176 179 BUILD_KERNEL=${BUILD_KERNEL:=true}
177 180 KERNEL_REDUCE=${KERNEL_REDUCE:=false}
178 181 KERNEL_THREADS=${KERNEL_THREADS:=1}
179 182 KERNEL_HEADERS=${KERNEL_HEADERS:=true}
180 183 KERNEL_MENUCONFIG=${KERNEL_MENUCONFIG:=false}
181 184 KERNEL_REMOVESRC=${KERNEL_REMOVESRC:=true}
182 185 KERNEL_OLDDEFCONFIG=${KERNEL_OLDDEFCONFIG:=false}
183 186 KERNEL_CCACHE=${KERNEL_CCACHE:=false}
184 187 KERNEL_ZSWAP=${KERNEL_ZSWAP:=false}
185 188 KERNEL_VIRT=${KERNEL_VIRT:=false}
186 189 KERNEL_BPF=${KERNEL_BPF:=false}
187 190 KERNEL_DEFAULT_GOV=${KERNEL_DEFAULT_GOV:=powersave}
188 191 KERNEL_SECURITY=${KERNEL_SECURITY:=false}
189 192 KERNEL_NF=${KERNEL_NF:=false}
190 193
191 194 # Kernel compilation from source directory settings
192 195 KERNELSRC_DIR=${KERNELSRC_DIR:=""}
193 196 KERNELSRC_CLEAN=${KERNELSRC_CLEAN:=false}
194 197 KERNELSRC_CONFIG=${KERNELSRC_CONFIG:=true}
195 198 KERNELSRC_PREBUILT=${KERNELSRC_PREBUILT:=false}
196 199
197 200 # Reduce disk usage settings
198 201 REDUCE_APT=${REDUCE_APT:=true}
199 202 REDUCE_DOC=${REDUCE_DOC:=true}
200 203 REDUCE_MAN=${REDUCE_MAN:=true}
201 204 REDUCE_VIM=${REDUCE_VIM:=false}
202 205 REDUCE_BASH=${REDUCE_BASH:=false}
203 206 REDUCE_HWDB=${REDUCE_HWDB:=true}
204 207 REDUCE_SSHD=${REDUCE_SSHD:=true}
205 208 REDUCE_LOCALE=${REDUCE_LOCALE:=true}
206 209
207 210 # Encrypted filesystem settings
208 211 ENABLE_CRYPTFS=${ENABLE_CRYPTFS:=false}
209 212 CRYPTFS_PASSWORD=${CRYPTFS_PASSWORD:=""}
210 213 CRYPTFS_MAPPING=${CRYPTFS_MAPPING:="secure"}
211 214 CRYPTFS_CIPHER=${CRYPTFS_CIPHER:="aes-xts-plain64:sha512"}
212 215 CRYPTFS_XTSKEYSIZE=${CRYPTFS_XTSKEYSIZE:=512}
213 216 #Dropbear-initramfs supports unlocking encrypted filesystem via SSH on bootup
214 217 CRYPTFS_DROPBEAR=${CRYPTFS_DROPBEAR:=false}
215 218 #Provide your own Dropbear Public RSA-OpenSSH Key otherwise it will be generated
216 219 CRYPTFS_DROPBEAR_PUBKEY=${CRYPTFS_DROPBEAR_PUBKEY:=""}
217 220
218 221 # Chroot scripts directory
219 222 CHROOT_SCRIPTS=${CHROOT_SCRIPTS:=""}
220 223
221 224 # Packages required in the chroot build environment
222 225 APT_INCLUDES=${APT_INCLUDES:=""}
223 226 APT_INCLUDES="${APT_INCLUDES},apt-transport-https,apt-utils,ca-certificates,debian-archive-keyring,dialog,sudo,systemd,sysvinit-utils,locales,keyboard-configuration,console-setup,libnss-systemd"
224 227
225 228 # Packages to exclude from chroot build environment
226 229 APT_EXCLUDES=${APT_EXCLUDES:=""}
227 230
228 231 # Packages required for bootstrapping
229 232 REQUIRED_PACKAGES="debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git bc psmisc dbus sudo"
230 233 MISSING_PACKAGES=""
231 234
232 235 # Packages installed for c/c++ build environment in chroot (keep empty)
233 236 COMPILER_PACKAGES=""
234 237
235 238 # Check if apt-cacher-ng has port 3142 open and set APT_PROXY
236 239 APT_CACHER_RUNNING=$(lsof -i :3142 | cut -d ' ' -f3 | uniq | sed '/^\s*$/d')
237 240 if [ "${APT_CACHER_RUNNING}" = "apt-cacher-ng" ] ; then
238 241 APT_PROXY=http://127.0.0.1:3142/
239 242 fi
240 243
241 244 # Setup architecture specific settings
242 245 if [ -n "$SET_ARCH" ] ; then
243 246 # 64-bit configuration
244 247 if [ "$SET_ARCH" = 64 ] ; then
245 248 # General 64-bit depended settings
246 249 QEMU_BINARY=${QEMU_BINARY:=/usr/bin/qemu-aarch64-static}
247 250 KERNEL_ARCH=${KERNEL_ARCH:=arm64}
248 251 KERNEL_BIN_IMAGE=${KERNEL_BIN_IMAGE:="Image"}
249 252
250 253 # Raspberry Pi model specific settings
251 254 if [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then
252 255 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-arm64"
253 256 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcmrpi3_defconfig}
254 257 RELEASE_ARCH=${RELEASE_ARCH:=arm64}
255 258 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel8.img}
256 259 CROSS_COMPILE=${CROSS_COMPILE:=aarch64-linux-gnu-}
257 260 else
258 261 echo "error: Only Raspberry PI 3 and 3B+ support 64-bit"
259 262 exit 1
260 263 fi
261 264 fi
262 265
263 266 # 32-bit configuration
264 267 if [ "$SET_ARCH" = 32 ] ; then
265 268 # General 32-bit dependend settings
266 269 QEMU_BINARY=${QEMU_BINARY:=/usr/bin/qemu-arm-static}
267 270 KERNEL_ARCH=${KERNEL_ARCH:=arm}
268 271 KERNEL_BIN_IMAGE=${KERNEL_BIN_IMAGE:="zImage"}
269 272
270 273 # Raspberry Pi model specific settings
271 274 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 1 ] || [ "$RPI_MODEL" = 1P ] ; then
272 275 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-armel"
273 276 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcmrpi_defconfig}
274 277 RELEASE_ARCH=${RELEASE_ARCH:=armel}
275 278 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel.img}
276 279 CROSS_COMPILE=${CROSS_COMPILE:=arm-linux-gnueabi-}
277 280 fi
278 281
279 282 # Raspberry Pi model specific settings
280 283 if [ "$RPI_MODEL" = 2 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then
281 284 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-armhf"
282 285 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcm2709_defconfig}
283 286 RELEASE_ARCH=${RELEASE_ARCH:=armhf}
284 287 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel7.img}
285 288 CROSS_COMPILE=${CROSS_COMPILE:=arm-linux-gnueabihf-}
286 289 fi
287 290 fi
288 291 # SET_ARCH not set
289 292 else
290 293 echo "error: Please set '32' or '64' as value for SET_ARCH"
291 294 exit 1
292 295 fi
293 296 # Device specific configuration and U-Boot configuration
294 297 case "$RPI_MODEL" in
295 298 0)
296 299 DTB_FILE=${DTB_FILE:=bcm2708-rpi-0-w.dtb}
297 300 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_defconfig}
298 301 ;;
299 302 1)
300 303 DTB_FILE=${DTB_FILE:=bcm2708-rpi-b.dtb}
301 304 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_defconfig}
302 305 ;;
303 306 1P)
304 307 DTB_FILE=${DTB_FILE:=bcm2708-rpi-b-plus.dtb}
305 308 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_defconfig}
306 309 ;;
307 310 2)
308 311 DTB_FILE=${DTB_FILE:=bcm2709-rpi-2-b.dtb}
309 312 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_2_defconfig}
310 313 ;;
311 314 3)
312 315 DTB_FILE=${DTB_FILE:=bcm2710-rpi-3-b.dtb}
313 316 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_3_defconfig}
314 317 ;;
315 318 3P)
316 319 DTB_FILE=${DTB_FILE:=bcm2710-rpi-3-b.dtb}
317 320 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_3_defconfig}
318 321 ;;
319 322 *)
320 323 echo "error: Raspberry Pi model $RPI_MODEL is not supported!"
321 324 exit 1
322 325 ;;
323 326 esac
324 327
325 328 if [ "$ENABLE_UBOOTUSB" = true ] ; then
326 329 if [ "$ENABLE_UBOOT" = false ] ; then
327 330 echo "error: Enabling UBOOTUSB requires u-boot to be enabled"
328 331 exit 1
329 332 fi
330 333 if [ "$RPI_MODEL" != 3 ] || [ "$RPI_MODEL" != 3P ] ; then
331 334 echo "error: Enabling UBOOTUSB requires Raspberry 3"
332 335 exit 1
333 336 fi
334 337 fi
335 338
336 339 # Raspberry PI 0,3,3P with Bluetooth and Wifi onboard
337 340 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then
338 341 # Include bluetooth packages on supported boards
339 342 if [ "$ENABLE_BLUETOOTH" = true ] ; then
340 343 APT_INCLUDES="${APT_INCLUDES},bluetooth,bluez"
341 344 fi
342 345 if [ "$ENABLE_WIRELESS" = true ] ; then
343 346 APT_INCLUDES="${APT_INCLUDES},wireless-tools,crda,wireless-regdb"
344 347 fi
345 348 else # Raspberry PI 1,1P,2 without Wifi and bluetooth onboard
346 349 # Check if the internal wireless interface is not supported by the RPi model
347 350 if [ "$ENABLE_WIRELESS" = true ] || [ "$ENABLE_BLUETOOTH" = true ]; then
348 351 echo "error: The selected Raspberry Pi model has no integrated interface for wireless or bluetooth"
349 352 exit 1
350 353 fi
351 354 fi
352 355
353 356 if [ "$BUILD_KERNEL" = false ] && [ "$ENABLE_NEXMON" = true ]; then
354 357 echo "error: You have to compile kernel sources, if you want to enable nexmon"
355 358 exit 1
356 359 fi
357 360
358 361 # Prepare date string for default image file name
359 362 DATE="$(date +%Y-%m-%d)"
360 363 if [ -z "$KERNEL_BRANCH" ] ; then
361 364 IMAGE_NAME=${IMAGE_NAME:=${BASEDIR}/${DATE}-${KERNEL_ARCH}-CURRENT-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}}
362 365 else
363 366 IMAGE_NAME=${IMAGE_NAME:=${BASEDIR}/${DATE}-${KERNEL_ARCH}-${KERNEL_BRANCH}-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}}
364 367 fi
365 368
366 369 # Check if DISABLE_UNDERVOLT_WARNINGS parameter value is supported
367 370 if [ -n "$DISABLE_UNDERVOLT_WARNINGS" ] ; then
368 371 if [ "$DISABLE_UNDERVOLT_WARNINGS" != 1 ] && [ "$DISABLE_UNDERVOLT_WARNINGS" != 2 ] ; then
369 372 echo "error: DISABLE_UNDERVOLT_WARNINGS=${DISABLE_UNDERVOLT_WARNINGS} is not supported"
370 373 exit 1
371 374 fi
372 375 fi
373 376
374 377 # Add cmake to compile videocore sources
375 378 if [ "$ENABLE_VIDEOCORE" = true ] ; then
376 379 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} cmake"
377 380 fi
378 381
379 382 # Add deps for nexmon
380 383 if [ "$ENABLE_NEXMON" = true ] ; then
381 384 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} libgmp3-dev gawk qpdf bison flex make autoconf automake build-essential libtool"
382 385 fi
383 386
384 387 # Add libncurses5 to enable kernel menuconfig
385 388 if [ "$KERNEL_MENUCONFIG" = true ] ; then
386 389 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} libncurses-dev"
387 390 fi
388 391
389 392 # Add ccache compiler cache for (faster) kernel cross (re)compilation
390 393 if [ "$KERNEL_CCACHE" = true ] ; then
391 394 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} ccache"
392 395 fi
393 396
394 397 # Add cryptsetup package to enable filesystem encryption
395 398 if [ "$ENABLE_CRYPTFS" = true ] && [ "$BUILD_KERNEL" = true ] ; then
396 399 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} cryptsetup"
397 400 APT_INCLUDES="${APT_INCLUDES},cryptsetup,busybox,console-setup"
398 401
399 402 # If cryptfs,dropbear and initramfs are enabled include dropbear-initramfs package
400 403 if [ "$CRYPTFS_DROPBEAR" = true ] && [ "$ENABLE_INITRAMFS" = true ]; then
401 404 APT_INCLUDES="${APT_INCLUDES},dropbear-initramfs"
402 405 fi
403 406
404 407 if [ -z "$CRYPTFS_PASSWORD" ] ; then
405 408 echo "error: no password defined (CRYPTFS_PASSWORD)!"
406 409 exit 1
407 410 fi
408 411 ENABLE_INITRAMFS=true
409 412 fi
410 413
411 414 # Add initramfs generation tools
412 415 if [ "$ENABLE_INITRAMFS" = true ] && [ "$BUILD_KERNEL" = true ] ; then
413 416 APT_INCLUDES="${APT_INCLUDES},initramfs-tools"
414 417 fi
415 418
416 419 # Add device-tree-compiler required for building the U-Boot bootloader
417 420 if [ "$ENABLE_UBOOT" = true ] ; then
418 421 APT_INCLUDES="${APT_INCLUDES},device-tree-compiler,bison,flex,bc"
419 422 fi
420 423
421 424 # Check if root SSH (v2) public key file exists
422 425 if [ -n "$SSH_ROOT_PUB_KEY" ] ; then
423 426 if [ ! -f "$SSH_ROOT_PUB_KEY" ] ; then
424 427 echo "error: '$SSH_ROOT_PUB_KEY' specified SSH public key file not found (SSH_ROOT_PUB_KEY)!"
425 428 exit 1
426 429 fi
427 430 fi
428 431
429 432 # Check if $USER_NAME SSH (v2) public key file exists
430 433 if [ -n "$SSH_USER_PUB_KEY" ] ; then
431 434 if [ ! -f "$SSH_USER_PUB_KEY" ] ; then
432 435 echo "error: '$SSH_USER_PUB_KEY' specified SSH public key file not found (SSH_USER_PUB_KEY)!"
433 436 exit 1
434 437 fi
435 438 fi
436 439
437 440 if [ "$ENABLE_NEXMON" = true ] && [ -n "$KERNEL_BRANCH" ] ; then
438 441 echo "error: Please unset KERNEL_BRANCH if using ENABLE_NEXMON"
439 442 exit 1
440 443 fi
441 444
442 445 # Check if all required packages are installed on the build system
443 446 for package in $REQUIRED_PACKAGES ; do
444 447 if [ "$(dpkg-query -W -f='${Status}' "$package")" != "install ok installed" ] ; then
445 448 MISSING_PACKAGES="${MISSING_PACKAGES} $package"
446 449 fi
447 450 done
448 451
449 452 # If there are missing packages ask confirmation for install, or exit
450 453 if [ -n "$MISSING_PACKAGES" ] ; then
451 454 echo "the following packages needed by this script are not installed:"
452 455 echo "$MISSING_PACKAGES"
453 456
454 457 printf "\ndo you want to install the missing packages right now? [y/n] "
455 458 read -r confirm
456 459 [ "$confirm" != "y" ] && exit 1
457 460
458 461 # Make sure all missing required packages are installed
459 462 apt-get -qq -y install `echo "${MISSING_PACKAGES}" | sed "s/ //"`
460 463 fi
461 464
462 465 # Check if ./bootstrap.d directory exists
463 466 if [ ! -d "./bootstrap.d/" ] ; then
464 467 echo "error: './bootstrap.d' required directory not found!"
465 468 exit 1
466 469 fi
467 470
468 471 # Check if ./files directory exists
469 472 if [ ! -d "./files/" ] ; then
470 473 echo "error: './files' required directory not found!"
471 474 exit 1
472 475 fi
473 476
474 477 # Check if specified KERNELSRC_DIR directory exists
475 478 if [ -n "$KERNELSRC_DIR" ] && [ ! -d "$KERNELSRC_DIR" ] ; then
476 479 echo "error: '${KERNELSRC_DIR}' specified directory not found (KERNELSRC_DIR)!"
477 480 exit 1
478 481 fi
479 482
480 483 # Check if specified UBOOTSRC_DIR directory exists
481 484 if [ -n "$UBOOTSRC_DIR" ] && [ ! -d "$UBOOTSRC_DIR" ] ; then
482 485 echo "error: '${UBOOTSRC_DIR}' specified directory not found (UBOOTSRC_DIR)!"
483 486 exit 1
484 487 fi
485 488
486 489 # Check if specified VIDEOCORESRC_DIR directory exists
487 490 if [ -n "$VIDEOCORESRC_DIR" ] && [ ! -d "$VIDEOCORESRC_DIR" ] ; then
488 491 echo "error: '${VIDEOCORESRC_DIR}' specified directory not found (VIDEOCORESRC_DIR)!"
489 492 exit 1
490 493 fi
491 494
492 495 # Check if specified FBTURBOSRC_DIR directory exists
493 496 if [ -n "$FBTURBOSRC_DIR" ] && [ ! -d "$FBTURBOSRC_DIR" ] ; then
494 497 echo "error: '${FBTURBOSRC_DIR}' specified directory not found (FBTURBOSRC_DIR)!"
495 498 exit 1
496 499 fi
497 500
498 501 # Check if specified NEXMONSRC_DIR directory exists
499 502 if [ -n "$NEXMONSRC_DIR" ] && [ ! -d "$NEXMONSRC_DIR" ] ; then
500 503 echo "error: '${NEXMONSRC_DIR}' specified directory not found (NEXMONSRC_DIR)!"
501 504 exit 1
502 505 fi
503 506
504 507 # Check if specified CHROOT_SCRIPTS directory exists
505 508 if [ -n "$CHROOT_SCRIPTS" ] && [ ! -d "$CHROOT_SCRIPTS" ] ; then
506 509 echo "error: ${CHROOT_SCRIPTS} specified directory not found (CHROOT_SCRIPTS)!"
507 510 exit 1
508 511 fi
509 512
510 513 # Check if specified device mapping already exists (will be used by cryptsetup)
511 514 if [ -r "/dev/mapping/${CRYPTFS_MAPPING}" ] ; then
512 515 echo "error: mapping /dev/mapping/${CRYPTFS_MAPPING} already exists, not proceeding"
513 516 exit 1
514 517 fi
515 518
516 519 # Don't clobber an old build
517 520 if [ -e "$BUILDDIR" ] ; then
518 521 echo "error: directory ${BUILDDIR} already exists, not proceeding"
519 522 exit 1
520 523 fi
521 524
522 525 # Setup chroot directory
523 526 mkdir -p "${R}"
524 527
525 528 # Check if build directory has enough of free disk space >512MB
526 529 if [ "$(df --output=avail "${BUILDDIR}" | sed "1d")" -le "524288" ] ; then
527 530 echo "error: ${BUILDDIR} not enough space left to generate the output image!"
528 531 exit 1
529 532 fi
530 533
531 534 set -x
532 535
533 536 # Call "cleanup" function on various signals and errors
534 537 trap cleanup 0 1 2 3 6
535 538
536 539 # Add required packages for the minbase installation
537 540 if [ "$ENABLE_MINBASE" = true ] ; then
538 541 APT_INCLUDES="${APT_INCLUDES},vim-tiny,netbase,net-tools,ifupdown"
539 542 fi
540 543
541 544 # Add parted package, required to get partprobe utility
542 545 if [ "$EXPANDROOT" = true ] ; then
543 546 APT_INCLUDES="${APT_INCLUDES},parted"
544 547 fi
545 548
546 549 # Add dbus package, recommended if using systemd
547 550 if [ "$ENABLE_DBUS" = true ] ; then
548 551 APT_INCLUDES="${APT_INCLUDES},dbus"
549 552 fi
550 553
551 554 # Add iptables IPv4/IPv6 package
552 555 if [ "$ENABLE_IPTABLES" = true ] ; then
553 556 APT_INCLUDES="${APT_INCLUDES},iptables,iptables-persistent"
554 557 fi
555 558 # Add apparmor for KERNEL_SECURITY
556 559 if [ "$KERNEL_SECURITY" = true ] ; then
557 560 APT_INCLUDES="${APT_INCLUDES},apparmor,apparmor-utils,apparmor-profiles,apparmor-profiles-extra,libapparmor-perl"
558 561 fi
559 562
560 563 # Add openssh server package
561 564 if [ "$ENABLE_SSHD" = true ] ; then
562 565 APT_INCLUDES="${APT_INCLUDES},openssh-server"
563 566 fi
564 567
565 568 # Add alsa-utils package
566 569 if [ "$ENABLE_SOUND" = true ] ; then
567 570 APT_INCLUDES="${APT_INCLUDES},alsa-utils"
568 571 fi
569 572
570 573 # Add rng-tools package
571 574 if [ "$ENABLE_HWRANDOM" = true ] ; then
572 575 APT_INCLUDES="${APT_INCLUDES},rng-tools"
573 576 fi
574 577
575 578 # Add fbturbo video driver
576 579 if [ "$ENABLE_FBTURBO" = true ] ; then
577 580 # Enable xorg package dependencies
578 581 ENABLE_XORG=true
579 582 fi
580 583
581 584 # Add user defined window manager package
582 585 if [ -n "$ENABLE_WM" ] ; then
583 586 APT_INCLUDES="${APT_INCLUDES},${ENABLE_WM}"
584 587
585 588 # Enable xorg package dependencies
586 589 ENABLE_XORG=true
587 590 fi
588 591
589 592 # Add xorg package
590 593 if [ "$ENABLE_XORG" = true ] ; then
591 594 APT_INCLUDES="${APT_INCLUDES},xorg,dbus-x11"
592 595 fi
593 596
594 597 # Replace selected packages with smaller clones
595 598 if [ "$ENABLE_REDUCE" = true ] ; then
596 599 # Add levee package instead of vim-tiny
597 600 if [ "$REDUCE_VIM" = true ] ; then
598 601 APT_INCLUDES="$(echo ${APT_INCLUDES} | sed "s/vim-tiny/levee/")"
599 602 fi
600 603
601 604 # Add dropbear package instead of openssh-server
602 605 if [ "$REDUCE_SSHD" = true ] ; then
603 606 APT_INCLUDES="$(echo "${APT_INCLUDES}" | sed "s/openssh-server/dropbear/")"
604 607 fi
605 608 fi
606 609
607 610 # Configure systemd-sysv exclude to make halt/reboot/shutdown scripts available
608 611 if [ "$ENABLE_SYSVINIT" = false ] ; then
609 612 APT_EXCLUDES="--exclude=${APT_EXCLUDES},init,systemd-sysv"
610 613 fi
611 614
612 615 # Configure kernel sources if no KERNELSRC_DIR
613 616 if [ "$BUILD_KERNEL" = true ] && [ -z "$KERNELSRC_DIR" ] ; then
614 617 KERNELSRC_CONFIG=true
615 618 fi
616 619
617 620 # Configure reduced kernel
618 621 if [ "$KERNEL_REDUCE" = true ] ; then
619 622 KERNELSRC_CONFIG=false
620 623 fi
621 624
622 625 # Configure qemu compatible kernel
623 626 if [ "$ENABLE_QEMU" = true ] ; then
624 627 DTB_FILE=vexpress-v2p-ca15_a7.dtb
625 628 UBOOT_CONFIG=vexpress_ca15_tc2_defconfig
626 629 KERNEL_DEFCONFIG="vexpress_defconfig"
627 630 if [ "$KERNEL_MENUCONFIG" = false ] ; then
628 631 KERNEL_OLDDEFCONFIG=true
629 632 fi
630 633 fi
631 634
632 635 # Execute bootstrap scripts
633 636 for SCRIPT in bootstrap.d/*.sh; do
634 637 head -n 3 "$SCRIPT"
635 638 . "$SCRIPT"
636 639 done
637 640
638 641 ## Execute custom bootstrap scripts
639 642 if [ -d "custom.d" ] ; then
640 643 for SCRIPT in custom.d/*.sh; do
641 644 . "$SCRIPT"
642 645 done
643 646 fi
644 647
645 648 # Execute custom scripts inside the chroot
646 649 if [ -n "$CHROOT_SCRIPTS" ] && [ -d "$CHROOT_SCRIPTS" ] ; then
647 650 cp -r "${CHROOT_SCRIPTS}" "${R}/chroot_scripts"
648 651 chroot_exec /bin/bash -x <<'EOF'
649 652 for SCRIPT in /chroot_scripts/* ; do
650 653 if [ -f $SCRIPT -a -x $SCRIPT ] ; then
651 654 $SCRIPT
652 655 fi
653 656 done
654 657 EOF
655 658 rm -rf "${R}/chroot_scripts"
656 659 fi
657 660
658 661 # Remove c/c++ build environment from the chroot
659 662 chroot_remove_cc
660 663
661 664 # Generate required machine-id
662 665 MACHINE_ID=$(dbus-uuidgen)
663 666 echo -n "${MACHINE_ID}" > "${R}/var/lib/dbus/machine-id"
664 667 echo -n "${MACHINE_ID}" > "${ETC_DIR}/machine-id"
665 668
666 669 # APT Cleanup
667 670 chroot_exec apt-get -y clean
668 671 chroot_exec apt-get -y autoclean
669 672 chroot_exec apt-get -y autoremove
670 673
671 674 # Unmount mounted filesystems
672 675 umount -l "${R}/proc"
673 676 umount -l "${R}/sys"
674 677
675 678 # Clean up directories
676 679 rm -rf "${R}/run/*"
677 680 rm -rf "${R}/tmp/*"
678 681
679 682 # Clean up APT proxy settings
680 683 if [ "$KEEP_APT_PROXY" = false ] ; then
681 684 rm -f "${ETC_DIR}/apt/apt.conf.d/10proxy"
682 685 fi
683 686
684 687 # Clean up files
685 688 rm -f "${ETC_DIR}/ssh/ssh_host_*"
686 689 rm -f "${ETC_DIR}/dropbear/dropbear_*"
687 690 rm -f "${ETC_DIR}/apt/sources.list.save"
688 691 rm -f "${ETC_DIR}/resolvconf/resolv.conf.d/original"
689 692 rm -f "${ETC_DIR}/*-"
690 693 rm -f "${ETC_DIR}/resolv.conf"
691 694 rm -f "${R}/root/.bash_history"
692 695 rm -f "${R}/var/lib/urandom/random-seed"
693 696 rm -f "${R}/initrd.img"
694 697 rm -f "${R}/vmlinuz"
695 698 rm -f "${R}${QEMU_BINARY}"
696 699
697 700 if [ "$ENABLE_QEMU" = true ] ; then
698 701 # Setup QEMU directory
699 702 mkdir "${BASEDIR}/qemu"
700 703
701 704 # Copy kernel image to QEMU directory
702 705 install_readonly "${BOOT_DIR}/${KERNEL_IMAGE}" "${BASEDIR}/qemu/${KERNEL_IMAGE}"
703 706
704 707 # Copy kernel config to QEMU directory
705 708 install_readonly "${R}/boot/config-${KERNEL_VERSION}" "${BASEDIR}/qemu/config-${KERNEL_VERSION}"
706 709
707 710 # Copy kernel dtbs to QEMU directory
708 711 for dtb in "${BOOT_DIR}/"*.dtb ; do
709 712 if [ -f "${dtb}" ] ; then
710 713 install_readonly "${dtb}" "${BASEDIR}/qemu/"
711 714 fi
712 715 done
713 716
714 717 # Copy kernel overlays to QEMU directory
715 718 if [ -d "${BOOT_DIR}/overlays" ] ; then
716 719 # Setup overlays dtbs directory
717 720 mkdir "${BASEDIR}/qemu/overlays"
718 721
719 722 for dtb in "${BOOT_DIR}/overlays/"*.dtb ; do
720 723 if [ -f "${dtb}" ] ; then
721 724 install_readonly "${dtb}" "${BASEDIR}/qemu/overlays/"
722 725 fi
723 726 done
724 727 fi
725 728
726 729 # Copy u-boot files to QEMU directory
727 730 if [ "$ENABLE_UBOOT" = true ] ; then
728 731 if [ -f "${BOOT_DIR}/u-boot.bin" ] ; then
729 732 install_readonly "${BOOT_DIR}/u-boot.bin" "${BASEDIR}/qemu/u-boot.bin"
730 733 fi
731 734 if [ -f "${BOOT_DIR}/uboot.mkimage" ] ; then
732 735 install_readonly "${BOOT_DIR}/uboot.mkimage" "${BASEDIR}/qemu/uboot.mkimage"
733 736 fi
734 737 if [ -f "${BOOT_DIR}/boot.scr" ] ; then
735 738 install_readonly "${BOOT_DIR}/boot.scr" "${BASEDIR}/qemu/boot.scr"
736 739 fi
737 740 fi
738 741
739 742 # Copy initramfs to QEMU directory
740 743 if [ -f "${BOOT_DIR}/initramfs-${KERNEL_VERSION}" ] ; then
741 744 install_readonly "${BOOT_DIR}/initramfs-${KERNEL_VERSION}" "${BASEDIR}/qemu/initramfs-${KERNEL_VERSION}"
742 745 fi
743 746 fi
744 747
745 748 # Calculate size of the chroot directory in KB
746 749 CHROOT_SIZE=$(expr "$(du -s "${R}" | awk '{ print $1 }')")
747 750
748 751 # Calculate the amount of needed 512 Byte sectors
749 752 TABLE_SECTORS=$(expr 1 \* 1024 \* 1024 \/ 512)
750 753 FRMW_SECTORS=$(expr 64 \* 1024 \* 1024 \/ 512)
751 754 ROOT_OFFSET=$(expr "${TABLE_SECTORS}" + "${FRMW_SECTORS}")
752 755
753 756 # The root partition is EXT4
754 757 # This means more space than the actual used space of the chroot is used.
755 758 # As overhead for journaling and reserved blocks 35% are added.
756 759 ROOT_SECTORS=$(expr "$(expr "${CHROOT_SIZE}" + "${CHROOT_SIZE}" \/ 100 \* 35)" \* 1024 \/ 512)
757 760
758 761 # Calculate required image size in 512 Byte sectors
759 762 IMAGE_SECTORS=$(expr "${TABLE_SECTORS}" + "${FRMW_SECTORS}" + "${ROOT_SECTORS}")
760 763
761 764 # Prepare image file
762 765 if [ "$ENABLE_SPLITFS" = true ] ; then
763 766 dd if=/dev/zero of="$IMAGE_NAME-frmw.img" bs=512 count="${TABLE_SECTORS}"
764 767 dd if=/dev/zero of="$IMAGE_NAME-frmw.img" bs=512 count=0 seek="${FRMW_SECTORS}"
765 768 dd if=/dev/zero of="$IMAGE_NAME-root.img" bs=512 count="${TABLE_SECTORS}"
766 769 dd if=/dev/zero of="$IMAGE_NAME-root.img" bs=512 count=0 seek="${ROOT_SECTORS}"
767 770
768 771 # Write firmware/boot partition tables
769 772 sfdisk -q -L -uS -f "$IMAGE_NAME-frmw.img" 2> /dev/null <<EOM
770 773 ${TABLE_SECTORS},${FRMW_SECTORS},c,*
771 774 EOM
772 775
773 776 # Write root partition table
774 777 sfdisk -q -L -uS -f "$IMAGE_NAME-root.img" 2> /dev/null <<EOM
775 778 ${TABLE_SECTORS},${ROOT_SECTORS},83
776 779 EOM
777 780
778 781 # Setup temporary loop devices
779 782 FRMW_LOOP="$(losetup -o 1M --sizelimit 64M -f --show "$IMAGE_NAME"-frmw.img)"
780 783 ROOT_LOOP="$(losetup -o 1M -f --show "$IMAGE_NAME"-root.img)"
781 784 else # ENABLE_SPLITFS=false
782 785 dd if=/dev/zero of="$IMAGE_NAME.img" bs=512 count="${TABLE_SECTORS}"
783 786 dd if=/dev/zero of="$IMAGE_NAME.img" bs=512 count=0 seek="${IMAGE_SECTORS}"
784 787
785 788 # Write partition table
786 789 sfdisk -q -L -uS -f "$IMAGE_NAME.img" 2> /dev/null <<EOM
787 790 ${TABLE_SECTORS},${FRMW_SECTORS},c,*
788 791 ${ROOT_OFFSET},${ROOT_SECTORS},83
789 792 EOM
790 793
791 794 # Setup temporary loop devices
792 795 FRMW_LOOP="$(losetup -o 1M --sizelimit 64M -f --show "$IMAGE_NAME".img)"
793 796 ROOT_LOOP="$(losetup -o 65M -f --show "$IMAGE_NAME".img)"
794 797 fi
795 798
796 799 if [ "$ENABLE_CRYPTFS" = true ] ; then
797 800 # Create dummy ext4 fs
798 801 mkfs.ext4 "$ROOT_LOOP"
799 802
800 803 # Setup password keyfile
801 804 touch .password
802 805 chmod 600 .password
803 806 echo -n ${CRYPTFS_PASSWORD} > .password
804 807
805 808 # Initialize encrypted partition
806 809 echo "YES" | cryptsetup luksFormat "${ROOT_LOOP}" -c "${CRYPTFS_CIPHER}" -s "${CRYPTFS_XTSKEYSIZE}" .password
807 810
808 811 # Open encrypted partition and setup mapping
809 812 cryptsetup luksOpen "${ROOT_LOOP}" -d .password "${CRYPTFS_MAPPING}"
810 813
811 814 # Secure delete password keyfile
812 815 shred -zu .password
813 816
814 817 # Update temporary loop device
815 818 ROOT_LOOP="/dev/mapper/${CRYPTFS_MAPPING}"
816 819
817 820 # Wipe encrypted partition (encryption cipher is used for randomness)
818 821 dd if=/dev/zero of="${ROOT_LOOP}" bs=512 count="$(blockdev --getsz "${ROOT_LOOP}")"
819 822 fi
820 823
821 824 # Build filesystems
822 825 mkfs.vfat "$FRMW_LOOP"
823 826 mkfs.ext4 "$ROOT_LOOP"
824 827
825 828 # Mount the temporary loop devices
826 829 mkdir -p "$BUILDDIR/mount"
827 830 mount "$ROOT_LOOP" "$BUILDDIR/mount"
828 831
829 832 mkdir -p "$BUILDDIR/mount/boot/firmware"
830 833 mount "$FRMW_LOOP" "$BUILDDIR/mount/boot/firmware"
831 834
832 835 # Copy all files from the chroot to the loop device mount point directory
833 836 rsync -a "${R}/" "$BUILDDIR/mount/"
834 837
835 838 # Unmount all temporary loop devices and mount points
836 839 cleanup
837 840
838 841 # Create block map file(s) of image(s)
839 842 if [ "$ENABLE_SPLITFS" = true ] ; then
840 843 # Create block map files for "bmaptool"
841 844 bmaptool create -o "$IMAGE_NAME-frmw.bmap" "$IMAGE_NAME-frmw.img"
842 845 bmaptool create -o "$IMAGE_NAME-root.bmap" "$IMAGE_NAME-root.img"
843 846
844 847 # Image was successfully created
845 848 echo "$IMAGE_NAME-frmw.img ($(expr \( "${TABLE_SECTORS}" + "${FRMW_SECTORS}" \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
846 849 echo "$IMAGE_NAME-root.img ($(expr \( "${TABLE_SECTORS}" + "${ROOT_SECTORS}" \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
847 850 else
848 851 # Create block map file for "bmaptool"
849 852 bmaptool create -o "$IMAGE_NAME.bmap" "$IMAGE_NAME.img"
850 853
851 854 # Image was successfully created
852 855 echo "$IMAGE_NAME.img ($(expr \( "${TABLE_SECTORS}" + "${FRMW_SECTORS}" + "${ROOT_SECTORS}" \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
853 856
854 857 # Create qemu qcow2 image
855 858 if [ "$ENABLE_QEMU" = true ] ; then
856 859 QEMU_IMAGE=${QEMU_IMAGE:=${BASEDIR}/qemu/${DATE}-${KERNEL_ARCH}-CURRENT-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}}
857 860 QEMU_SIZE=16G
858 861
859 862 qemu-img convert -f raw -O qcow2 "$IMAGE_NAME".img "$QEMU_IMAGE".qcow2
860 863 qemu-img resize "$QEMU_IMAGE".qcow2 $QEMU_SIZE
861 864
862 865 echo "$QEMU_IMAGE.qcow2 ($QEMU_SIZE)" ": successfully created"
863 866 fi
864 867 fi
General Comments 0
Vous devez vous connecter pour laisser un commentaire. Se connecter maintenant