##// END OF EJS Templates
.
burnbabyburn -
r327:486b4ea08ef2
parent child
Show More
@@ -1,481 +1,481
1 1 # rpi23-gen-image
2 2 ## Introduction
3 3 `rpi23-gen-image.sh` is an advanced Debian Linux bootstrapping shell script for generating Debian OS images for Raspberry Pi 2 (RPi2) and Raspberry Pi 3 (RPi3) computers. The script at this time supports the bootstrapping of the Debian (armhf) releases `stretch` and `buster`. Raspberry Pi 3 images are generated for 32-bit mode only. Raspberry Pi 3 64-bit images can be generated using custom configuration parameters (```templates/rpi3-stretch-arm64-4.11.y```).
4 4
5 5 ## Build dependencies
6 6 The following list of Debian packages must be installed on the build system because they are essentially required for the bootstrapping process. The script will check if all required packages are installed and missing packages will be installed automatically if confirmed by the user.
7 7
8 8 ```debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git bc psmisc dbus sudo```
9 9
10 10 It is recommended to configure the `rpi23-gen-image.sh` script to build and install the latest Raspberry Pi Linux kernel. For the RPi3 this is mandatory. Kernel compilation and linking will be performed on the build system using an ARM (armhf) cross-compiler toolchain.
11 11
12 12 The script has been tested using the default `crossbuild-essential-armhf` toolchain meta package on Debian Linux and `stretch` build systems. Please check the [Debian CrossToolchains Wiki](https://wiki.debian.org/CrossToolchains) for further information.
13 13
14 14 ## Command-line parameters
15 15 The script accepts certain command-line parameters to enable or disable specific OS features, services and configuration settings. These parameters are passed to the `rpi23-gen-image.sh` script via (simple) shell-variables. Unlike environment shell-variables (simple) shell-variables are defined at the beginning of the command-line call of the `rpi23-gen-image.sh` script.
16 16
17 17 ##### Command-line examples:
18 18 ```shell
19 19 ENABLE_UBOOT=true ./rpi23-gen-image.sh
20 20 ENABLE_CONSOLE=false ENABLE_IPV6=false ./rpi23-gen-image.sh
21 21 ENABLE_WM=xfce4 ENABLE_FBTURBO=true ENABLE_MINBASE=true ./rpi23-gen-image.sh
22 22 ENABLE_HARDNET=true ENABLE_IPTABLES=true /rpi23-gen-image.sh
23 23 APT_SERVER=ftp.de.debian.org APT_PROXY="http://127.0.0.1:3142/" ./rpi23-gen-image.sh
24 24 ENABLE_MINBASE=true ./rpi23-gen-image.sh
25 25 BUILD_KERNEL=true ENABLE_MINBASE=true ENABLE_IPV6=false ./rpi23-gen-image.sh
26 26 BUILD_KERNEL=true KERNELSRC_DIR=/tmp/linux ./rpi23-gen-image.sh
27 27 ENABLE_MINBASE=true ENABLE_REDUCE=true ENABLE_MINGPU=true BUILD_KERNEL=true ./rpi23-gen-image.sh
28 28 ENABLE_CRYPTFS=true CRYPTFS_PASSWORD=changeme EXPANDROOT=false ENABLE_MINBASE=true ENABLE_REDUCE=true ENABLE_MINGPU=true BUILD_KERNEL=true ./rpi23-gen-image.sh
29 29 RELEASE=stretch BUILD_KERNEL=true ./rpi23-gen-image.sh
30 30 RPI_MODEL=3 ENABLE_WIRELESS=true ENABLE_MINBASE=true BUILD_KERNEL=true ./rpi23-gen-image.sh
31 31 RELEASE=stretch RPI_MODEL=3 ENABLE_WIRELESS=true ENABLE_MINBASE=true BUILD_KERNEL=true ./rpi23-gen-image.sh
32 32 ```
33 33
34 34 ## Configuration template files
35 35 To avoid long lists of command-line parameters and to help to store the favourite parameter configurations the `rpi23-gen-image.sh` script supports so called configuration template files (`CONFIG_TEMPLATE`=template). These are simple text files located in the `./templates` directory that contain the list of configuration parameters that will be used. New configuration template files can be added to the `./templates` directory.
36 36
37 37 ##### Command-line examples:
38 38 ```shell
39 39 CONFIG_TEMPLATE=rpi3stretch ./rpi23-gen-image.sh
40 40 CONFIG_TEMPLATE=rpi2stretch ./rpi23-gen-image.sh
41 41 ```
42 42
43 43 ## Supported parameters and settings
44 44 #### APT settings:
45 ##### `APT_SERVER`="ftp.debian.org"
45 ##### `APT_SERVER`="ftp.debian.org/debian"
46 46 Set Debian packages server address. Choose a server from the list of Debian worldwide [mirror sites](https://www.debian.org/mirror/list). Using a nearby server will probably speed-up all required downloads within the bootstrapping process.
47 47
48 48 ##### `APT_PROXY`=""
49 49 Set Proxy server address. Using a local Proxy-Cache like `apt-cacher-ng` will speed-up the bootstrapping process because all required Debian packages will only be downloaded from the Debian mirror site once.
50 50
51 51 ##### `APT_INCLUDES`=""
52 52 A comma separated list of additional packages to be installed by debootstrap during bootstrapping.
53 53
54 54 ##### `APT_INCLUDES_LATE`=""
55 55 A comma separated list of additional packages to be installed by apt after bootstrapping and after APT sources are set up. This is useful for packages with pre-depends, which debootstrap do not handle well.
56 56
57 57 ---
58 58
59 59 #### General system settings:
60 60 ##### `RPI_MODEL`=2
61 61 Specifiy the target Raspberry Pi hardware model. The script at this time supports the following Raspberry Pi models:
62 62 `0` = Used for Raspberry Pi 0 and Raspberry Pi 0 W
63 63 `1` = Used for Pi 1 model A and B
64 64 `1P` = Used for Pi 1 model B+ and A+
65 65 `2` = Used for Pi 2 model B
66 66 `3` = Used for Pi 3 model B
67 67 `3P` = Used for Pi 3 model B+
68 68 `BUILD_KERNEL`=true will automatically be set if the Raspberry Pi model `3` or `3P` is used.
69 69
70 70 ##### `RELEASE`="buster"
71 71 Set the desired Debian release name. The script at this time supports the bootstrapping of the Debian releases "stretch" and "buster". `BUILD_KERNEL`=true will automatically be set if the Debian releases `stretch` or `buster` are used.
72 72
73 73 ##### `RELEASE_ARCH`="armhf"
74 74 Set the desired Debian release architecture.
75 75
76 76 ##### `HOSTNAME`="rpi$RPI_MODEL-$RELEASE"
77 77 Set system host name. It's recommended that the host name is unique in the corresponding subnet.
78 78
79 79 ##### `PASSWORD`="raspberry"
80 80 Set system `root` password. It's **STRONGLY** recommended that you choose a custom password.
81 81
82 82 ##### `USER_PASSWORD`="raspberry"
83 83 Set password for the created non-root user `USER_NAME`=pi. Ignored if `ENABLE_USER`=false. It's **STRONGLY** recommended that you choose a custom password.
84 84
85 85 ##### `DEFLOCAL`="en_US.UTF-8"
86 86 Set default system locale. This setting can also be changed inside the running OS using the `dpkg-reconfigure locales` command. Please note that on using this parameter the script will automatically install the required packages `locales`, `keyboard-configuration` and `console-setup`.
87 87
88 88 ##### `TIMEZONE`="Europe/Berlin"
89 89 Set default system timezone. All available timezones can be found in the `/usr/share/zoneinfo/` directory. This setting can also be changed inside the running OS using the `dpkg-reconfigure tzdata` command.
90 90
91 91 ##### `EXPANDROOT`=true
92 92 Expand the root partition and filesystem automatically on first boot.
93 93
94 94 ##### `ENABLE_QEMU`=false
95 95 Generate kernel (`vexpress_defconfig`), file system image (`qcow2`) and DTB files that can be used for QEMU full system emulation (`vexpress-A15`). The output files are stored in the `$(pwd)/images/qemu` directory. You can find more information about running the generated image in the QEMU section of this readme file.
96 96
97 97 ---
98 98
99 99 #### Keyboard settings:
100 100 These options are used to configure keyboard layout in `/etc/default/keyboard` for console and Xorg. These settings can also be changed inside the running OS using the `dpkg-reconfigure keyboard-configuration` command.
101 101
102 102 ##### `XKB_MODEL`=""
103 103 Set the name of the model of your keyboard type.
104 104
105 105 ##### `XKB_LAYOUT`=""
106 106 Set the supported keyboard layout(s).
107 107
108 108 ##### `XKB_VARIANT`=""
109 109 Set the supported variant(s) of the keyboard layout(s).
110 110
111 111 ##### `XKB_OPTIONS`=""
112 112 Set extra xkb configuration options.
113 113
114 114 ---
115 115
116 116 #### Networking settings (DHCP):
117 117 This parameter is used to set up networking auto configuration in `/etc/systemd/network/eth.network`. The default location of network configuration files in the Debian `stretch` release was changed to `/lib/systemd/network`.`
118 118
119 119 ##### `ENABLE_DHCP`=true
120 120 Set the system to use DHCP. This requires an DHCP server.
121 121
122 122 ---
123 123
124 124 #### Networking settings (static):
125 125 These parameters are used to set up a static networking configuration in `/etc/systemd/network/eth.network`. The following static networking parameters are only supported if `ENABLE_DHCP` was set to `false`. The default location of network configuration files in the Debian `stretch` release was changed to `/lib/systemd/network`.
126 126
127 127 ##### `NET_ADDRESS`=""
128 128 Set a static IPv4 or IPv6 address and its prefix, separated by "/", eg. "192.169.0.3/24".
129 129
130 130 ##### `NET_GATEWAY`=""
131 131 Set the IP address for the default gateway.
132 132
133 133 ##### `NET_DNS_1`=""
134 134 Set the IP address for the first DNS server.
135 135
136 136 ##### `NET_DNS_2`=""
137 137 Set the IP address for the second DNS server.
138 138
139 139 ##### `NET_DNS_DOMAINS`=""
140 140 Set the default DNS search domains to use for non fully qualified host names.
141 141
142 142 ##### `NET_NTP_1`=""
143 143 Set the IP address for the first NTP server.
144 144
145 145 ##### `NET_NTP_2`=""
146 146 Set the IP address for the second NTP server.
147 147
148 148 ---
149 149
150 150 #### Basic system features:
151 151 ##### `ENABLE_CONSOLE`=true
152 152 Enable serial console interface. Recommended if no monitor or keyboard is connected to the RPi2/3. In case of problems fe. if the network (auto) configuration failed - the serial console can be used to access the system.
153 153
154 154 ##### `ENABLE_I2C`=false
155 155 Enable I2C interface on the RPi2/3. Please check the [RPi2/3 pinout diagrams](https://elinux.org/RPi_Low-level_peripherals) to connect the right GPIO pins.
156 156
157 157 ##### `ENABLE_SPI`=false
158 158 Enable SPI interface on the RPi2/3. Please check the [RPi2/3 pinout diagrams](https://elinux.org/RPi_Low-level_peripherals) to connect the right GPIO pins.
159 159
160 160 ##### `ENABLE_IPV6`=true
161 161 Enable IPv6 support. The network interface configuration is managed via systemd-networkd.
162 162
163 163 ##### `ENABLE_SSHD`=true
164 164 Install and enable OpenSSH service. The default configuration of the service doesn't allow `root` to login. Please use the user `pi` instead and `su -` or `sudo` to execute commands as root.
165 165
166 166 ##### `ENABLE_NONFREE`=false
167 167 Allow the installation of non-free Debian packages that do not comply with the DFSG. This is required to install closed-source firmware binary blobs.
168 168
169 169 ##### `ENABLE_WIRELESS`=false
170 170 Download and install the [closed-source firmware binary blob](https://github.com/RPi-Distro/firmware-nonfree/raw/master/brcm) that is required to run the internal wireless interface of the Raspberry Pi model `3`. This parameter is ignored if the specified `RPI_MODEL` is not `3`.
171 171
172 172 ##### `ENABLE_RSYSLOG`=true
173 173 If set to false, disable and uninstall rsyslog (so logs will be available only
174 174 in journal files)
175 175
176 176 ##### `ENABLE_SOUND`=true
177 177 Enable sound hardware and install Advanced Linux Sound Architecture.
178 178
179 179 ##### `ENABLE_HWRANDOM`=true
180 180 Enable Hardware Random Number Generator. Strong random numbers are important for most network based communications that use encryption. It's recommended to be enabled.
181 181
182 182 ##### `ENABLE_MINGPU`=false
183 183 Minimize the amount of shared memory reserved for the GPU. It doesn't seem to be possible to fully disable the GPU.
184 184
185 185 ##### `ENABLE_DBUS`=true
186 186 Install and enable D-Bus message bus. Please note that systemd should work without D-bus but it's recommended to be enabled.
187 187
188 188 ##### `ENABLE_XORG`=false
189 189 Install Xorg open-source X Window System.
190 190
191 191 ##### `ENABLE_WM`=""
192 192 Install a user defined window manager for the X Window System. To make sure all X related package dependencies are getting installed `ENABLE_XORG` will automatically get enabled if `ENABLE_WM` is used. The `rpi23-gen-image.sh` script has been tested with the following list of window managers: `blackbox`, `openbox`, `fluxbox`, `jwm`, `dwm`, `xfce4`, `awesome`.
193 193
194 194 ---
195 195
196 196 #### Advanced system features:
197 197 ##### `ENABLE_MINBASE`=false
198 198 Use debootstrap script variant `minbase` which only includes essential packages and apt. This will reduce the disk usage by about 65 MB.
199 199
200 200 ##### `ENABLE_REDUCE`=false
201 201 Reduce the disk space usage by deleting packages and files. See `REDUCE_*` parameters for detailed information.
202 202
203 203 ##### `ENABLE_UBOOT`=false
204 204 Replace the default RPi2/3 second stage bootloader (bootcode.bin) with [U-Boot bootloader](https://git.denx.de/?p=u-boot.git;a=summary). U-Boot can boot images via the network using the BOOTP/TFTP protocol.
205 205
206 206 ##### `UBOOTSRC_DIR`=""
207 207 Path to a directory (`u-boot`) of [U-Boot bootloader sources](https://git.denx.de/?p=u-boot.git;a=summary) that will be copied, configured, build and installed inside the chroot.
208 208
209 209 ##### `ENABLE_FBTURBO`=false
210 210 Install and enable the [hardware accelerated Xorg video driver](https://github.com/ssvb/xf86-video-fbturbo) `fbturbo`. Please note that this driver is currently limited to hardware accelerated window moving and scrolling.
211 211
212 212 ##### `FBTURBOSRC_DIR`=""
213 213 Path to a directory (`xf86-video-fbturbo`) of [hardware accelerated Xorg video driver sources](https://github.com/ssvb/xf86-video-fbturbo) that will be copied, configured, build and installed inside the chroot.
214 214
215 215 ##### `ENABLE_IPTABLES`=false
216 216 Enable iptables IPv4/IPv6 firewall. Simplified ruleset: Allow all outgoing connections. Block all incoming connections except to OpenSSH service.
217 217
218 218 ##### `ENABLE_USER`=true
219 219 Create non-root user with password `USER_PASSWORD`=raspberry. Unless overridden with `USER_NAME`=user, username will be `pi`.
220 220
221 221 ##### `USER_NAME`=pi
222 222 Non-root user to create. Ignored if `ENABLE_USER`=false
223 223
224 224 ##### `ENABLE_ROOT`=false
225 225 Set root user password so root login will be enabled
226 226
227 227 ##### `ENABLE_HARDNET`=false
228 228 Enable IPv4/IPv6 network stack hardening settings.
229 229
230 230 ##### `ENABLE_SPLITFS`=false
231 231 Enable having root partition on an USB drive by creating two image files: one for the `/boot/firmware` mount point, and another for `/`.
232 232
233 233 ##### `CHROOT_SCRIPTS`=""
234 234 Path to a directory with scripts that should be run in the chroot before the image is finally built. Every executable file in this directory is run in lexicographical order.
235 235
236 236 ##### `ENABLE_INITRAMFS`=false
237 237 Create an initramfs that that will be loaded during the Linux startup process. `ENABLE_INITRAMFS` will automatically get enabled if `ENABLE_CRYPTFS`=true. This parameter will be ignored if `BUILD_KERNEL`=false.
238 238
239 239 ##### `ENABLE_IFNAMES`=true
240 240 Enable automatic assignment of predictable, stable network interface names for all local Ethernet, WLAN interfaces. This might create complex and long interface names. This parameter is only supported if the Debian releases `stretch` or `buster` are used.
241 241
242 242 ##### `DISABLE_UNDERVOLT_WARNINGS`=
243 243 Disable RPi2/3 under-voltage warnings and overlays. Setting the parameter to `1` will disable the warning overlay. Setting it to `2` will additionally allow RPi2/3 turbo mode when low-voltage is present.
244 244
245 245 ---
246 246
247 247 #### SSH settings:
248 248 ##### `SSH_ENABLE_ROOT`=false
249 249 Enable password root login via SSH. This may be a security risk with default password, use only in trusted environments. `ENABLE_ROOT` must be set to `true`.
250 250
251 251 ##### `SSH_DISABLE_PASSWORD_AUTH`=false
252 252 Disable password based SSH authentication. Only public key based SSH (v2) authentication will be supported.
253 253
254 254 ##### `SSH_LIMIT_USERS`=false
255 255 Limit the users that are allowed to login via SSH. Only allow user `USER_NAME`=pi and root if `SSH_ENABLE_ROOT`=true to login. This parameter will be ignored if `dropbear` SSH is used (`REDUCE_SSHD`=true).
256 256
257 257 ##### `SSH_ROOT_PUB_KEY`=""
258 258 Add SSH (v2) public key(s) from specified file to `authorized_keys` file to enable public key based SSH (v2) authentication of user `root`. The specified file can also contain multiple SSH (v2) public keys. SSH protocol version 1 is not supported. `ENABLE_ROOT` **and** `SSH_ENABLE_ROOT` must be set to `true`.
259 259
260 260 ##### `SSH_USER_PUB_KEY`=""
261 261 Add SSH (v2) public key(s) from specified file to `authorized_keys` file to enable public key based SSH (v2) authentication of user `USER_NAME`=pi. The specified file can also contain multiple SSH (v2) public keys. SSH protocol version 1 is not supported.
262 262
263 263 ---
264 264
265 265 #### Kernel compilation:
266 266 ##### `BUILD_KERNEL`=false
267 267 Build and install the latest RPi2/3 Linux kernel. Currently only the default RPi2/3 kernel configuration is used. `BUILD_KERNEL`=true will automatically be set if the Raspberry Pi model `3` is used.
268 268
269 269 ##### `CROSS_COMPILE`="arm-linux-gnueabihf-"
270 270 This sets the cross compile enviornment for the compiler.
271 271
272 272 ##### `KERNEL_ARCH`="arm"
273 273 This sets the kernel architecture for the compiler.
274 274
275 275 ##### `KERNEL_IMAGE`="kernel7.img"
276 276 Name of the image file in the boot partition. If not set, `KERNEL_IMAGE` will be set to "kernel8.img" automatically if building for arm64.
277 277
278 278 ##### `KERNEL_BRANCH`=""
279 279 Name of the requested branch from the GIT location for the RPi Kernel. Default is using the current default branch from the GIT site.
280 280
281 281 ##### `QEMU_BINARY`="/usr/bin/qemu-arm-static"
282 282 Sets the QEMU enviornment for the Debian archive. If not set, `QEMU_BINARY` will be set to "/usr/bin/qemu-aarch64-static" automatically if building for arm64.
283 283
284 284 ##### `KERNEL_DEFCONFIG`="bcm2709_defconfig"
285 285 Sets the default config for kernel compiling. If not set, `KERNEL_DEFCONFIG` will be set to "bcmrpi3\_defconfig" automatically if building for arm64.
286 286
287 287 ##### `KERNEL_REDUCE`=false
288 288 Reduce the size of the generated kernel by removing unwanted device, network and filesystem drivers (experimental).
289 289
290 290 ##### `KERNEL_THREADS`=1
291 291 Number of parallel kernel building threads. If the parameter is left untouched the script will automatically determine the number of CPU cores to set the number of parallel threads to speed the kernel compilation.
292 292
293 293 ##### `KERNEL_HEADERS`=true
294 294 Install kernel headers with built kernel.
295 295
296 296 ##### `KERNEL_MENUCONFIG`=false
297 297 Start `make menuconfig` interactive menu-driven kernel configuration. The script will continue after `make menuconfig` was terminated.
298 298
299 299 ##### `KERNEL_OLDDEFCONFIG`=false
300 300 Run `make olddefconfig` to automatically set all new kernel configuration options to their recommended default values.
301 301
302 302 ##### `KERNEL_CCACHE`=false
303 303 Compile the kernel using ccache. This speeds up kernel recompilation by caching previous compilations and detecting when the same compilation is being done again.
304 304
305 305 ##### `KERNEL_REMOVESRC`=true
306 306 Remove all kernel sources from the generated OS image after it was built and installed.
307 307
308 308 ##### `KERNELSRC_DIR`=""
309 309 Path to a directory (`linux`) of [RaspberryPi Linux kernel sources](https://github.com/raspberrypi/linux) that will be copied, configured, build and installed inside the chroot.
310 310
311 311 ##### `KERNELSRC_CLEAN`=false
312 312 Clean the existing kernel sources directory `KERNELSRC_DIR` (using `make mrproper`) after it was copied to the chroot and before the compilation of the kernel has started. This parameter will be ignored if no `KERNELSRC_DIR` was specified or if `KERNELSRC_PREBUILT`=true.
313 313
314 314 ##### `KERNELSRC_CONFIG`=true
315 315 Run `make bcm2709_defconfig` (and optional `make menuconfig`) to configure the kernel sources before building. This parameter is automatically set to `true` if no existing kernel sources directory was specified using `KERNELSRC_DIR`. This parameter is ignored if `KERNELSRC_PREBUILT`=true.
316 316
317 317 ##### `KERNELSRC_USRCONFIG`=""
318 318 Copy own config file to kernel `.config`. If `KERNEL_MENUCONFIG`=true then running after copy.
319 319
320 320 ##### `KERNELSRC_PREBUILT`=false
321 321 With this parameter set to true the script expects the existing kernel sources directory to be already successfully cross-compiled. The parameters `KERNELSRC_CLEAN`, `KERNELSRC_CONFIG`, `KERNELSRC_USRCONFIG` and `KERNEL_MENUCONFIG` are ignored and no kernel compilation tasks are performed.
322 322
323 323 ##### `RPI_FIRMWARE_DIR`=""
324 324 The directory (`firmware`) containing a local copy of the firmware from the [RaspberryPi firmware project](https://github.com/raspberrypi/firmware). Default is to download the latest firmware directly from the project.
325 325
326 326 ---
327 327
328 328 #### Reduce disk usage:
329 329 The following list of parameters is ignored if `ENABLE_REDUCE`=false.
330 330
331 331 ##### `REDUCE_APT`=true
332 332 Configure APT to use compressed package repository lists and no package caching files.
333 333
334 334 ##### `REDUCE_DOC`=true
335 335 Remove all doc files (harsh). Configure APT to not include doc files on future `apt-get` package installations.
336 336
337 337 ##### `REDUCE_MAN`=true
338 338 Remove all man pages and info files (harsh). Configure APT to not include man pages on future `apt-get` package installations.
339 339
340 340 ##### `REDUCE_VIM`=false
341 341 Replace `vim-tiny` package by `levee` a tiny vim clone.
342 342
343 343 ##### `REDUCE_BASH`=false
344 344 Remove `bash` package and switch to `dash` shell (experimental).
345 345
346 346 ##### `REDUCE_HWDB`=true
347 347 Remove PCI related hwdb files (experimental).
348 348
349 349 ##### `REDUCE_SSHD`=true
350 350 Replace `openssh-server` with `dropbear`.
351 351
352 352 ##### `REDUCE_LOCALE`=true
353 353 Remove all `locale` translation files.
354 354
355 355 ---
356 356
357 357 #### Encrypted root partition:
358 358 ##### `ENABLE_CRYPTFS`=false
359 359 Enable full system encryption with dm-crypt. Setup a fully LUKS encrypted root partition (aes-xts-plain64:sha512) and generate required initramfs. The /boot directory will not be encrypted. This parameter will be ignored if `BUILD_KERNEL`=false. `ENABLE_CRYPTFS` is experimental. SSH-to-initramfs is currently not supported but will be soon - feel free to help.
360 360
361 361 ##### `CRYPTFS_PASSWORD`=""
362 362 Set password of the encrypted root partition. This parameter is mandatory if `ENABLE_CRYPTFS`=true.
363 363
364 364 ##### `CRYPTFS_MAPPING`="secure"
365 365 Set name of dm-crypt managed device-mapper mapping.
366 366
367 367 ##### `CRYPTFS_CIPHER`="aes-xts-plain64:sha512"
368 368 Set cipher specification string. `aes-xts*` ciphers are strongly recommended.
369 369
370 370 ##### `CRYPTFS_XTSKEYSIZE`=512
371 371 Sets key size in bits. The argument has to be a multiple of 8.
372 372
373 373 ---
374 374
375 375 #### Build settings:
376 376 ##### `BASEDIR`=$(pwd)/images/${RELEASE}
377 377 Set a path to a working directory used by the script to generate an image.
378 378
379 379 ##### `IMAGE_NAME`=${BASEDIR}/${DATE}-${KERNEL_ARCH}-${KERNEL_BRANCH}-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}
380 380 Set a filename for the output file(s). Note: the script will create $IMAGE_NAME.img if `ENABLE_SPLITFS`=false or $IMAGE_NAME-frmw.img and $IMAGE_NAME-root.img if `ENABLE_SPLITFS`=true. Note 2: If the KERNEL_BRANCH is not set, the word "CURRENT" is used.
381 381
382 382 ## Understanding the script
383 383 The functions of this script that are required for the different stages of the bootstrapping are split up into single files located inside the `bootstrap.d` directory. During the bootstrapping every script in this directory gets executed in lexicographical order:
384 384
385 385 | Script | Description |
386 386 | --- | --- |
387 387 | `10-bootstrap.sh` | Debootstrap basic system |
388 388 | `11-apt.sh` | Setup APT repositories |
389 389 | `12-locale.sh` | Setup Locales and keyboard settings |
390 390 | `13-kernel.sh` | Build and install RPi2/3 Kernel |
391 391 | `14-fstab.sh` | Setup fstab and initramfs |
392 392 | `15-rpi-config.sh` | Setup RPi2/3 config and cmdline |
393 393 | `20-networking.sh` | Setup Networking |
394 394 | `21-firewall.sh` | Setup Firewall |
395 395 | `30-security.sh` | Setup Users and Security settings |
396 396 | `31-logging.sh` | Setup Logging |
397 397 | `32-sshd.sh` | Setup SSH and public keys |
398 398 | `41-uboot.sh` | Build and Setup U-Boot |
399 399 | `42-fbturbo.sh` | Build and Setup fbturbo Xorg driver |
400 400 | `50-firstboot.sh` | First boot actions |
401 401 | `99-reduce.sh` | Reduce the disk space usage |
402 402
403 403 All the required configuration files that will be copied to the generated OS image are located inside the `files` directory. It is not recommended to modify these configuration files manually.
404 404
405 405 | Directory | Description |
406 406 | --- | --- |
407 407 | `apt` | APT management configuration files |
408 408 | `boot` | Boot and RPi2/3 configuration files |
409 409 | `dpkg` | Package Manager configuration |
410 410 | `etc` | Configuration files and rc scripts |
411 411 | `firstboot` | Scripts that get executed on first boot |
412 412 | `initramfs` | Initramfs scripts |
413 413 | `iptables` | Firewall configuration files |
414 414 | `locales` | Locales configuration |
415 415 | `modules` | Kernel Modules configuration |
416 416 | `mount` | Fstab configuration |
417 417 | `network` | Networking configuration files |
418 418 | `sysctl.d` | Swapping and Network Hardening configuration |
419 419 | `xorg` | fbturbo Xorg driver configuration |
420 420
421 421 ## Custom packages and scripts
422 422 Debian custom packages, i.e. those not in the debian repositories, can be installed by placing them in the `packages` directory. They are installed immediately after packages from the repositories are installed. Any dependencies listed in the custom packages will be downloaded automatically from the repositories. Do not list these custom packages in `APT_INCLUDES`.
423 423
424 424 Scripts in the custom.d directory will be executed after all other installation is complete but before the image is created.
425 425
426 426 ## Logging of the bootstrapping process
427 427 All information related to the bootstrapping process and the commands executed by the `rpi23-gen-image.sh` script can easily be saved into a logfile. The common shell command `script` can be used for this purpose:
428 428
429 429 ```shell
430 430 script -c 'APT_SERVER=ftp.de.debian.org ./rpi23-gen-image.sh' ./build.log
431 431 ```
432 432
433 433 ## Flashing the image file
434 434 After the image file was successfully created by the `rpi23-gen-image.sh` script it can be copied to the microSD card that will be used by the RPi2/3 computer. This can be performed by using the tools `bmaptool` or `dd`. Using `bmaptool` will probably speed-up the copy process because `bmaptool` copies more wisely than `dd`.
435 435
436 436 ##### Flashing examples:
437 437 ```shell
438 438 bmaptool copy ./images/jessie/2017-01-23-rpi3-jessie.img /dev/mmcblk0
439 439 dd bs=4M if=./images/jessie/2017-01-23-rpi3-jessie.img of=/dev/mmcblk0
440 440 ```
441 441 If you have set `ENABLE_SPLITFS`, copy the `-frmw` image on the microSD card, then the `-root` one on the USB drive:
442 442 ```shell
443 443 bmaptool copy ./images/jessie/2017-01-23-rpi3-jessie-frmw.img /dev/mmcblk0
444 444 bmaptool copy ./images/jessie/2017-01-23-rpi3-jessie-root.img /dev/sdc
445 445 ```
446 446
447 447 ## QEMU emulation
448 448 Start QEMU full system emulation:
449 449 ```shell
450 450 qemu-system-arm -m 2048M -M vexpress-a15 -cpu cortex-a15 -kernel kernel7.img -no-reboot -dtb vexpress-v2p-ca15_a7.dtb -sd ${IMAGE_NAME}.qcow2 -append "root=/dev/mmcblk0p2 rw rootfstype=ext4 console=tty1"
451 451 ```
452 452
453 453 Start QEMU full system emulation and output to console:
454 454 ```shell
455 455 qemu-system-arm -m 2048M -M vexpress-a15 -cpu cortex-a15 -kernel kernel7.img -no-reboot -dtb vexpress-v2p-ca15_a7.dtb -sd ${IMAGE_NAME}.qcow2 -append "root=/dev/mmcblk0p2 rw rootfstype=ext4 console=ttyAMA0,115200 init=/bin/systemd" -serial stdio
456 456 ```
457 457
458 458 Start QEMU full system emulation with SMP and output to console:
459 459 ```shell
460 460 qemu-system-arm -m 2048M -M vexpress-a15 -cpu cortex-a15 -smp cpus=2,maxcpus=2 -kernel kernel7.img -no-reboot -dtb vexpress-v2p-ca15_a7.dtb -sd ${IMAGE_NAME}.qcow2 -append "root=/dev/mmcblk0p2 rw rootfstype=ext4 console=ttyAMA0,115200 init=/bin/systemd" -serial stdio
461 461 ```
462 462
463 463 Start QEMU full system emulation with cryptfs, initramfs and output to console:
464 464 ```shell
465 465 qemu-system-arm -m 2048M -M vexpress-a15 -cpu cortex-a15 -kernel kernel7.img -no-reboot -dtb vexpress-v2p-ca15_a7.dtb -sd ${IMAGE_NAME}.qcow2 -initrd "initramfs-${KERNEL_VERSION}" -append "root=/dev/mapper/secure cryptdevice=/dev/mmcblk0p2:secure rw rootfstype=ext4 console=ttyAMA0,115200 init=/bin/systemd" -serial stdio
466 466 ```
467 467
468 468 ## Weekly image builds
469 469 The image files are provided by JRWR'S I/O PORT and are built once a Sunday at midnight UTC!
470 470 * [Debian Stretch Raspberry Pi2/3 Weekly Image Builds](https://jrwr.io/doku.php?id=projects:debianpi)
471 471
472 472 ## External links and references
473 473 * [Debian worldwide mirror sites](https://www.debian.org/mirror/list)
474 474 * [Debian Raspberry Pi 2 Wiki](https://wiki.debian.org/RaspberryPi2)
475 475 * [Debian CrossToolchains Wiki](https://wiki.debian.org/CrossToolchains)
476 476 * [Official Raspberry Pi Firmware on github](https://github.com/raspberrypi/firmware)
477 477 * [Official Raspberry Pi Kernel on github](https://github.com/raspberrypi/linux)
478 478 * [U-BOOT git repository](https://git.denx.de/?p=u-boot.git;a=summary)
479 479 * [Xorg DDX driver fbturbo](https://github.com/ssvb/xf86-video-fbturbo)
480 480 * [RPi3 Wireless interface firmware](https://github.com/RPi-Distro/firmware-nonfree/tree/master/brcm80211/brcm)
481 481 * [Collabora RPi2 Kernel precompiled](https://repositories.collabora.co.uk/debian/)
@@ -1,48 +1,48
1 1 #!/bin/bash
2 2 #
3 3 # Debootstrap basic system
4 4 #
5 5
6 6 # Load utility functions
7 7 . ./functions.sh
8 8
9 9 VARIANT=""
10 10 COMPONENTS="main"
11 11 EXCLUDES=""
12 12
13 13 # Use non-free Debian packages if needed
14 14 if [ "$ENABLE_NONFREE" = true ] ; then
15 15 COMPONENTS="main,non-free,contrib"
16 16 fi
17 17
18 18 # Use minbase bootstrap variant which only includes essential packages
19 19 if [ "$ENABLE_MINBASE" = true ] ; then
20 20 VARIANT="--variant=minbase"
21 21 fi
22 22
23 23 # Exclude packages if required by Debian release
24 24 if [ "$RELEASE" = "stretch" ] || [ "$RELEASE" = "buster" ] ; then
25 25 EXCLUDES="--exclude=init,systemd-sysv"
26 26 fi
27 27
28 28 # Base debootstrap (unpack only)
29 http_proxy=${APT_PROXY} debootstrap ${EXCLUDES} --arch="${RELEASE_ARCH}" --foreign ${VARIANT} --components="${COMPONENTS}" --include="${APT_INCLUDES}" "${RELEASE}" "${R}" "http://${APT_SERVER}/debian"
29 http_proxy=${APT_PROXY} debootstrap ${EXCLUDES} --arch="${RELEASE_ARCH}" --foreign ${VARIANT} --components="${COMPONENTS}" --include="${APT_INCLUDES}" "${RELEASE}" "${R}" "http://${APT_SERVER}"
30 30
31 31 # Copy qemu emulator binary to chroot
32 32 install -m 755 -o root -g root "${QEMU_BINARY}" "${R}${QEMU_BINARY}"
33 33
34 34 # Copy debian-archive-keyring.pgp
35 35 mkdir -p "${R}/usr/share/keyrings"
36 36 install_readonly /usr/share/keyrings/debian-archive-keyring.gpg "${R}/usr/share/keyrings/debian-archive-keyring.gpg"
37 37
38 38 # Complete the bootstrapping process
39 39 chroot_exec /debootstrap/debootstrap --second-stage
40 40
41 41 # Mount required filesystems
42 42 mount -t proc none "${R}/proc"
43 43 mount -t sysfs none "${R}/sys"
44 44
45 45 # Mount pseudo terminal slave if supported by Debian release
46 46 if [ -d "${R}/dev/pts" ] ; then
47 47 mount --bind /dev/pts "${R}/dev/pts"
48 48 fi
@@ -1,260 +1,265
1 1 #!/bin/bash
2 2 #
3 3 # Build and Setup RPi2/3 Kernel
4 4 #
5 5
6 6 # Load utility functions
7 7 . ./functions.sh
8 8
9 9 # Fetch and build latest raspberry kernel
10 10 if [ "$BUILD_KERNEL" = true ] ; then
11 11 # Setup source directory
12 12 mkdir -p "${R}/usr/src/linux"
13 13
14 14 # Copy existing kernel sources into chroot directory
15 15 if [ -n "$KERNELSRC_DIR" ] && [ -d "$KERNELSRC_DIR" ] ; then
16 16 # Copy kernel sources and include hidden files
17 17 cp -r "${KERNELSRC_DIR}/". "${R}/usr/src/linux"
18 18
19 19 # Clean the kernel sources
20 20 if [ "$KERNELSRC_CLEAN" = true ] && [ "$KERNELSRC_PREBUILT" = false ] ; then
21 21 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" mrproper
22 22 fi
23 23 else # KERNELSRC_DIR=""
24 24 # Create temporary directory for kernel sources
25 25 temp_dir=$(as_nobody mktemp -d)
26 26
27 27 # Fetch current RPi2/3 kernel sources
28 28 if [ -z "${KERNEL_BRANCH}" ] ; then
29 29 as_nobody -H git -C "${temp_dir}" clone --depth=1 "${KERNEL_URL}" linux
30 30 else
31 31 as_nobody -H git -C "${temp_dir}" clone --depth=1 --branch "${KERNEL_BRANCH}" "${KERNEL_URL}" linux
32 32 fi
33 33
34 34 # Copy downloaded kernel sources
35 35 cp -r "${temp_dir}/linux/"* "${R}/usr/src/linux/"
36 36
37 37 # Remove temporary directory for kernel sources
38 38 rm -fr "${temp_dir}"
39 39
40 40 # Set permissions of the kernel sources
41 41 chown -R root:root "${R}/usr/src"
42 42 fi
43 43
44 44 # Calculate optimal number of kernel building threads
45 45 if [ "$KERNEL_THREADS" = "1" ] && [ -r /proc/cpuinfo ] ; then
46 46 KERNEL_THREADS=$(grep -c processor /proc/cpuinfo)
47 47 fi
48 48
49 49 # Configure and build kernel
50 50 if [ "$KERNELSRC_PREBUILT" = false ] ; then
51 51 # Remove device, network and filesystem drivers from kernel configuration
52 52 if [ "$KERNEL_REDUCE" = true ] ; then
53 53 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" "${KERNEL_DEFCONFIG}"
54 54 sed -i\
55 55 -e "s/\(^CONFIG_SND.*\=\).*/\1n/"\
56 56 -e "s/\(^CONFIG_SOUND.*\=\).*/\1n/"\
57 57 -e "s/\(^CONFIG_AC97.*\=\).*/\1n/"\
58 58 -e "s/\(^CONFIG_VIDEO_.*\=\).*/\1n/"\
59 59 -e "s/\(^CONFIG_MEDIA_TUNER.*\=\).*/\1n/"\
60 60 -e "s/\(^CONFIG_DVB.*\=\)[ym]/\1n/"\
61 61 -e "s/\(^CONFIG_REISERFS.*\=\).*/\1n/"\
62 62 -e "s/\(^CONFIG_JFS.*\=\).*/\1n/"\
63 63 -e "s/\(^CONFIG_XFS.*\=\).*/\1n/"\
64 64 -e "s/\(^CONFIG_GFS2.*\=\).*/\1n/"\
65 65 -e "s/\(^CONFIG_OCFS2.*\=\).*/\1n/"\
66 66 -e "s/\(^CONFIG_BTRFS.*\=\).*/\1n/"\
67 67 -e "s/\(^CONFIG_HFS.*\=\).*/\1n/"\
68 68 -e "s/\(^CONFIG_JFFS2.*\=\)[ym]/\1n/"\
69 69 -e "s/\(^CONFIG_UBIFS.*\=\).*/\1n/"\
70 70 -e "s/\(^CONFIG_SQUASHFS.*\=\)[ym]/\1n/"\
71 71 -e "s/\(^CONFIG_W1.*\=\)[ym]/\1n/"\
72 72 -e "s/\(^CONFIG_HAMRADIO.*\=\).*/\1n/"\
73 73 -e "s/\(^CONFIG_CAN.*\=\).*/\1n/"\
74 74 -e "s/\(^CONFIG_IRDA.*\=\).*/\1n/"\
75 75 -e "s/\(^CONFIG_BT_.*\=\).*/\1n/"\
76 76 -e "s/\(^CONFIG_WIMAX.*\=\)[ym]/\1n/"\
77 77 -e "s/\(^CONFIG_6LOWPAN.*\=\).*/\1n/"\
78 78 -e "s/\(^CONFIG_IEEE802154.*\=\).*/\1n/"\
79 79 -e "s/\(^CONFIG_NFC.*\=\).*/\1n/"\
80 80 -e "s/\(^CONFIG_FB_TFT=.*\=\).*/\1n/"\
81 81 -e "s/\(^CONFIG_TOUCHSCREEN.*\=\).*/\1n/"\
82 82 -e "s/\(^CONFIG_USB_GSPCA_.*\=\).*/\1n/"\
83 83 -e "s/\(^CONFIG_DRM.*\=\).*/\1n/"\
84 84 "${KERNEL_DIR}/.config"
85 85 fi
86 86
87 87 if [ "$KERNELSRC_CONFIG" = true ] ; then
88 88 # Load default raspberry kernel configuration
89 89 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" "${KERNEL_DEFCONFIG}"
90 90
91 91 # Set kernel configuration parameters to enable qemu emulation
92 92 if [ "$ENABLE_QEMU" = true ] ; then
93 93 echo "CONFIG_FHANDLE=y" >> "${KERNEL_DIR}"/.config
94 94 echo "CONFIG_LBDAF=y" >> "${KERNEL_DIR}"/.config
95 95
96 96 if [ "$ENABLE_CRYPTFS" = true ] ; then
97 97 {
98 98 echo "CONFIG_EMBEDDED=y"
99 99 echo "CONFIG_EXPERT=y"
100 100 echo "CONFIG_DAX=y"
101 101 echo "CONFIG_MD=y"
102 102 echo "CONFIG_BLK_DEV_MD=y"
103 103 echo "CONFIG_MD_AUTODETECT=y"
104 104 echo "CONFIG_BLK_DEV_DM=y"
105 105 echo "CONFIG_BLK_DEV_DM_BUILTIN=y"
106 106 echo "CONFIG_DM_CRYPT=y"
107 107 echo "CONFIG_CRYPTO_BLKCIPHER=y"
108 108 echo "CONFIG_CRYPTO_CBC=y"
109 109 echo "CONFIG_CRYPTO_XTS=y"
110 110 echo "CONFIG_CRYPTO_SHA512=y"
111 111 echo "CONFIG_CRYPTO_MANAGER=y"
112 112 } >> "${KERNEL_DIR}"/.config
113 113 fi
114 114 fi
115 115
116 116 # Copy custom kernel configuration file
117 117 if [ -n "$KERNELSRC_USRCONFIG" ] ; then
118 118 cp "$KERNELSRC_USRCONFIG" "${KERNEL_DIR}"/.config
119 119 fi
120 120
121 121 # Set kernel configuration parameters to their default values
122 122 if [ "$KERNEL_OLDDEFCONFIG" = true ] ; then
123 123 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" olddefconfig
124 124 fi
125 125
126 126 # Start menu-driven kernel configuration (interactive)
127 127 if [ "$KERNEL_MENUCONFIG" = true ] ; then
128 128 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" menuconfig
129 129 fi
130 130 fi
131 131
132 132 # Use ccache to cross compile the kernel
133 133 if [ "$KERNEL_CCACHE" = true ] ; then
134 134 cc="ccache ${CROSS_COMPILE}gcc"
135 135 else
136 136 cc="${CROSS_COMPILE}gcc"
137 137 fi
138 138
139 139 # Cross compile kernel and dtbs
140 140 make -C "${KERNEL_DIR}" -j"${KERNEL_THREADS}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" CC="${cc}" "${KERNEL_BIN_IMAGE}" dtbs
141 141
142 142 # Cross compile kernel modules
143 143 if [ "$(grep "CONFIG_MODULES=y" "${KERNEL_DIR}/.config")" ] ; then
144 144 make -C "${KERNEL_DIR}" -j"${KERNEL_THREADS}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" CC="${cc}" modules
145 145 fi
146 146 fi
147 147
148 148 # Check if kernel compilation was successful
149 149 if [ ! -r "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/${KERNEL_BIN_IMAGE}" ] ; then
150 150 echo "error: kernel compilation failed! (kernel image not found)"
151 151 cleanup
152 152 exit 1
153 153 fi
154 154
155 155 # Install kernel modules
156 156 if [ "$ENABLE_REDUCE" = true ] ; then
157 157 if [ "$(grep "CONFIG_MODULES=y" "${KERNEL_DIR}/.config")" ] ; then
158 158 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_MOD_STRIP=1 INSTALL_MOD_PATH=../../.. modules_install
159 159 fi
160 160 else
161 161 if [ "$(grep "CONFIG_MODULES=y" "${KERNEL_DIR}/.config")" ] ; then
162 162 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_MOD_PATH=../../.. modules_install
163 163 fi
164 164
165 165 # Install kernel firmware
166 166 if [ "$(grep "^firmware_install:" "${KERNEL_DIR}/Makefile")" ] ; then
167 167 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_FW_PATH=../../../lib firmware_install
168 168 fi
169 169 fi
170 170
171 171 # Install kernel headers
172 172 if [ "$KERNEL_HEADERS" = true ] && [ "$KERNEL_REDUCE" = false ] ; then
173 173 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_HDR_PATH=../.. headers_install
174 174 fi
175 # make tar.gz kernel package - missing os bzw. modules
176 #** ** ** WARNING ** ** **
177 #Your architecture did not define any architecture-dependent files
178 #to be placed into the tarball. Please add those to ./scripts/package/buildtar .
179 # make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" CC="${cc}" targz-pkg
175 180
176 181 # Prepare boot (firmware) directory
177 182 mkdir "${BOOT_DIR}"
178 183
179 184 # Get kernel release version
180 185 KERNEL_VERSION=$(cat "${KERNEL_DIR}/include/config/kernel.release")
181 186
182 187 # Copy kernel configuration file to the boot directory
183 188 install_readonly "${KERNEL_DIR}/.config" "${R}/boot/config-${KERNEL_VERSION}"
184 189
185 190 # Prepare device tree directory
186 191 mkdir "${BOOT_DIR}/overlays"
187 192
188 193 # Ensure the proper .dtb is located
189 194 if [ "$KERNEL_ARCH" = "arm" ] ; then
190 195 for dtb in "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/"*.dtb ; do
191 196 if [ -f "${dtb}" ] ; then
192 197 install_readonly "${dtb}" "${BOOT_DIR}/"
193 198 fi
194 199 done
195 200 else
196 201 for dtb in "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/broadcom/"*.dtb ; do
197 202 if [ -f "${dtb}" ] ; then
198 203 install_readonly "${dtb}" "${BOOT_DIR}/"
199 204 fi
200 205 done
201 206 fi
202 207
203 208 # Copy compiled dtb device tree files
204 209 if [ -d "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays" ] ; then
205 210 for dtb in "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays/"*.dtb ; do
206 211 if [ -f "${dtb}" ] ; then
207 212 install_readonly "${dtb}" "${BOOT_DIR}/overlays/"
208 213 fi
209 214 done
210 215
211 216 if [ -f "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays/README" ] ; then
212 217 install_readonly "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays/README" "${BOOT_DIR}/overlays/README"
213 218 fi
214 219 fi
215 220
216 221 if [ "$ENABLE_UBOOT" = false ] ; then
217 222 # Convert and copy kernel image to the boot directory
218 223 "${KERNEL_DIR}/scripts/mkknlimg" "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/${KERNEL_BIN_IMAGE}" "${BOOT_DIR}/${KERNEL_IMAGE}"
219 224 else
220 225 # Copy kernel image to the boot directory
221 226 install_readonly "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/${KERNEL_BIN_IMAGE}" "${BOOT_DIR}/${KERNEL_IMAGE}"
222 227 fi
223 228
224 229 # Remove kernel sources
225 230 if [ "$KERNEL_REMOVESRC" = true ] ; then
226 231 rm -fr "${KERNEL_DIR}"
227 232 else
228 233 # Prepare compiled kernel modules
229 234 if [ "$(grep "CONFIG_MODULES=y" "${KERNEL_DIR}/.config")" ] ; then
230 235 if [ "$(grep "^modules_prepare:" "${KERNEL_DIR}/Makefile")" ] ; then
231 236 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" modules_prepare
232 237 fi
233 238
234 239 # Create symlinks for kernel modules
235 240 chroot_exec ln -sf /usr/src/linux "/lib/modules/${KERNEL_VERSION}/build"
236 241 chroot_exec ln -sf /usr/src/linux "/lib/modules/${KERNEL_VERSION}/source"
237 242 fi
238 243 fi
239 244 elif [ "$BUILD_KERNEL" = false ] ; then
240 245 echo " Install precompiled kernel..."
241 246 echo "error: not implemented"
242 247 # Check if kernel installation was successful
243 248 VMLINUZ="$(ls -1 "${R}"/boot/vmlinuz-* | sort | tail -n 1)"
244 249 if [ -z "$VMLINUZ" ] ; then
245 250 echo "error: kernel installation failed! (/boot/vmlinuz-* not found)"
246 251 cleanup
247 252 exit 1
248 253 fi
249 254 # Copy vmlinuz kernel to the boot directory
250 255 install_readonly "${VMLINUZ}" "${BOOT_DIR}/${KERNEL_IMAGE}"
251 256
252 257 if [ "$SET_ARCH" = 64 ] ; then
253 258 echo "Using precompiled arm64 kernel"
254 259 else
255 260 echo "error: no precompiled arm64 (bcmrpi3) kernel found"
256 261 exit 1
257 262 # inset precompiled 64 bit kernel code here
258 263 fi
259 264 #fi build_kernel=true
260 265 fi
@@ -1,61 +1,66
1 1 #!/bin/bash
2 2 #
3 3 # Setup fstab and initramfs
4 4 #
5 5
6 6 # Load utility functions
7 7 . ./functions.sh
8 8
9 9 # Install and setup fstab
10 10 install_readonly files/mount/fstab "${ETC_DIR}/fstab"
11 11
12 if [ "$ENABLE_UBOOTUSB" = true ] ; then
13 sed -i "s/mmcblk0p1/sda1/" "${ETC_DIR}/fstab"
14 sed -i "s/mmcblk0p2/sda2/" "${ETC_DIR}/fstab"
15 fi
16
12 17 # Add usb/sda disk root partition to fstab
13 18 if [ "$ENABLE_SPLITFS" = true ] && [ "$ENABLE_CRYPTFS" = false ] ; then
14 19 sed -i "s/mmcblk0p2/sda1/" "${ETC_DIR}/fstab"
15 20 fi
16 21
17 22 # Add encrypted root partition to fstab and crypttab
18 23 if [ "$ENABLE_CRYPTFS" = true ] ; then
19 24 # Replace fstab root partition with encrypted partition mapping
20 25 sed -i "s/mmcblk0p2/mapper\/${CRYPTFS_MAPPING}/" "${ETC_DIR}/fstab"
21 26
22 27 # Add encrypted partition to crypttab and fstab
23 28 install_readonly files/mount/crypttab "${ETC_DIR}/crypttab"
24 29 echo "${CRYPTFS_MAPPING} /dev/mmcblk0p2 none luks,initramfs" >> "${ETC_DIR}/crypttab"
25 30
26 31 if [ "$ENABLE_SPLITFS" = true ] ; then
27 32 # Add usb/sda disk to crypttab
28 33 sed -i "s/mmcblk0p2/sda1/" "${ETC_DIR}/crypttab"
29 34 fi
30 35 fi
31 36
32 37 # Generate initramfs file
33 38 if [ "$BUILD_KERNEL" = true ] && [ "$ENABLE_INITRAMFS" = true ] ; then
34 39 if [ "$ENABLE_CRYPTFS" = true ] ; then
35 40 # Include initramfs scripts to auto expand encrypted root partition
36 41 if [ "$EXPANDROOT" = true ] ; then
37 42 install_exec files/initramfs/expand_encrypted_rootfs "${ETC_DIR}/initramfs-tools/scripts/init-premount/expand_encrypted_rootfs"
38 43 install_exec files/initramfs/expand-premount "${ETC_DIR}/initramfs-tools/scripts/local-premount/expand-premount"
39 44 install_exec files/initramfs/expand-tools "${ETC_DIR}/initramfs-tools/hooks/expand-tools"
40 45 fi
41 46
42 47 # Disable SSHD inside initramfs
43 48 printf "#\n# DROPBEAR: [ y | n ]\n#\n\nDROPBEAR=n\n" >> "${ETC_DIR}/initramfs-tools/initramfs.conf"
44 49
45 50 # Add cryptsetup modules to initramfs
46 51 printf "#\n# CRYPTSETUP: [ y | n ]\n#\n\nCRYPTSETUP=y\n" >> "${ETC_DIR}/initramfs-tools/conf-hook"
47 52
48 53 # Dummy mapping required by mkinitramfs
49 54 echo "0 1 crypt $(echo "${CRYPTFS_CIPHER}" | cut -d ':' -f 1) ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff 0 7:0 4096" | chroot_exec dmsetup create "${CRYPTFS_MAPPING}"
50 55
51 56 # Generate initramfs with encrypted root partition support
52 57 chroot_exec mkinitramfs -o "/boot/firmware/initramfs-${KERNEL_VERSION}" "${KERNEL_VERSION}"
53 58
54 59 # Remove dummy mapping
55 60 chroot_exec cryptsetup close "${CRYPTFS_MAPPING}"
56 61 else
57 62 # Generate initramfs without encrypted root partition support
58 63 chroot_exec mkinitramfs -o "/boot/firmware/initramfs-${KERNEL_VERSION}" "${KERNEL_VERSION}"
59 64 fi
60 65 fi
61 66
@@ -1,153 +1,161
1 1 #!/bin/bash
2 2 #
3 3 # Setup RPi2/3 config and cmdline
4 4 #
5 5
6 6 # Load utility functions
7 7 . ./functions.sh
8 8
9 9 if [ "$BUILD_KERNEL" = true ] ; then
10 10 if [ -n "$RPI_FIRMWARE_DIR" ] && [ -d "$RPI_FIRMWARE_DIR" ] ; then
11 11 # Install boot binaries from local directory
12 12 cp "${RPI_FIRMWARE_DIR}"/boot/bootcode.bin "${BOOT_DIR}"/bootcode.bin
13 13 cp "${RPI_FIRMWARE_DIR}"/boot/fixup.dat "${BOOT_DIR}"/fixup.dat
14 14 cp "${RPI_FIRMWARE_DIR}"/boot/fixup_cd.dat "${BOOT_DIR}"/fixup_cd.dat
15 15 cp "${RPI_FIRMWARE_DIR}"/boot/fixup_x.dat "${BOOT_DIR}"/fixup_x.dat
16 16 cp "${RPI_FIRMWARE_DIR}"/boot/start.elf "${BOOT_DIR}"/start.elf
17 17 cp "${RPI_FIRMWARE_DIR}"/boot/start_cd.elf "${BOOT_DIR}"/start_cd.elf
18 18 cp "${RPI_FIRMWARE_DIR}"/boot/start_x.elf "${BOOT_DIR}"/start_x.elf
19 19 else
20 20 # Create temporary directory for boot binaries
21 21 temp_dir=$(as_nobody mktemp -d)
22 22
23 23 # Install latest boot binaries from raspberry/firmware github
24 24 as_nobody wget -q -O "${temp_dir}/bootcode.bin" "${FIRMWARE_URL}/bootcode.bin"
25 25 as_nobody wget -q -O "${temp_dir}/fixup.dat" "${FIRMWARE_URL}/fixup.dat"
26 26 as_nobody wget -q -O "${temp_dir}/fixup_cd.dat" "${FIRMWARE_URL}/fixup_cd.dat"
27 27 as_nobody wget -q -O "${temp_dir}/fixup_x.dat" "${FIRMWARE_URL}/fixup_x.dat"
28 28 as_nobody wget -q -O "${temp_dir}/start.elf" "${FIRMWARE_URL}/start.elf"
29 29 as_nobody wget -q -O "${temp_dir}/start_cd.elf" "${FIRMWARE_URL}/start_cd.elf"
30 30 as_nobody wget -q -O "${temp_dir}/start_x.elf" "${FIRMWARE_URL}/start_x.elf"
31 31
32 32 # Move downloaded boot binaries
33 33 mv "${temp_dir}/"* "${BOOT_DIR}/"
34 34
35 35 # Remove temporary directory for boot binaries
36 36 rm -fr "${temp_dir}"
37 37
38 38 # Set permissions of the boot binaries
39 39 chown -R root:root "${BOOT_DIR}"
40 40 chmod -R 600 "${BOOT_DIR}"
41 41 fi
42 42 fi
43 43
44 44 # Setup firmware boot cmdline
45 if [ "$ENABLE_UBOOTUSB" = true ] ; then
46 CMDLINE="dwc_otg.lpm_enable=0 root=/dev/sda2 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline rootwait console=tty1"
47 else
45 48 if [ "$ENABLE_SPLITFS" = true ] ; then
46 49 CMDLINE="dwc_otg.lpm_enable=0 root=/dev/sda1 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline rootwait console=tty1"
47 50 else
48 51 CMDLINE="dwc_otg.lpm_enable=0 root=/dev/mmcblk0p2 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline rootwait console=tty1"
49 52 fi
53 fi
54
50 55
51 56 # Add encrypted root partition to cmdline.txt
52 57 if [ "$ENABLE_CRYPTFS" = true ] ; then
53 58 if [ "$ENABLE_SPLITFS" = true ] ; then
54 59 CMDLINE=$(echo "${CMDLINE}" | sed "s/sda1/mapper\/${CRYPTFS_MAPPING} cryptdevice=\/dev\/sda1:${CRYPTFS_MAPPING}/")
55 60 else
61 if [ "$ENABLE_UBOOTUSB" = true ] ; then
62 CMDLINE=$(echo "${CMDLINE}" | sed "s/sda2/mapper\/${CRYPTFS_MAPPING} cryptdevice=\/dev\/sda2:${CRYPTFS_MAPPING}/")
63 else
56 64 CMDLINE=$(echo "${CMDLINE}" | sed "s/mmcblk0p2/mapper\/${CRYPTFS_MAPPING} cryptdevice=\/dev\/mmcblk0p2:${CRYPTFS_MAPPING}/")
57 65 fi
58 66 fi
59 67
60 68 # Add serial console support
61 69 if [ "$ENABLE_CONSOLE" = true ] ; then
62 70 CMDLINE="${CMDLINE} console=ttyAMA0,115200 kgdboc=ttyAMA0,115200"
63 71 fi
64 72
65 73 # Remove IPv6 networking support
66 74 if [ "$ENABLE_IPV6" = false ] ; then
67 75 CMDLINE="${CMDLINE} ipv6.disable=1"
68 76 fi
69 77
70 78 # Automatically assign predictable network interface names
71 79 if [ "$ENABLE_IFNAMES" = false ] ; then
72 80 CMDLINE="${CMDLINE} net.ifnames=0"
73 81 else
74 82 CMDLINE="${CMDLINE} net.ifnames=1"
75 83 fi
76 84
77 85 # Set init to systemd if required by Debian release
78 86 if [ "$RELEASE" = "stretch" ] || [ "$RELEASE" = "buster" ] ; then
79 87 CMDLINE="${CMDLINE} init=/bin/systemd"
80 88 fi
81 89
82 90 # Install firmware boot cmdline
83 91 echo "${CMDLINE}" > "${BOOT_DIR}/cmdline.txt"
84 92
85 93 # Install firmware config
86 94 install_readonly files/boot/config.txt "${BOOT_DIR}/config.txt"
87 95
88 96 # Setup minimal GPU memory allocation size: 16MB (no X)
89 97 if [ "$ENABLE_MINGPU" = true ] ; then
90 98 echo "gpu_mem=16" >> "${BOOT_DIR}/config.txt"
91 99 fi
92 100
93 101 # Setup boot with initramfs
94 102 if [ "$ENABLE_INITRAMFS" = true ] ; then
95 103 echo "initramfs initramfs-${KERNEL_VERSION} followkernel" >> "${BOOT_DIR}/config.txt"
96 104 fi
97 105
98 106 # Disable RPi3 Bluetooth and restore ttyAMA0 serial device
99 107 if [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then
100 108 if [ "$ENABLE_CONSOLE" = true ] && [ "$ENABLE_UBOOT" = false ] ; then
101 109 echo "dtoverlay=pi3-disable-bt" >> "${BOOT_DIR}/config.txt"
102 110 echo "enable_uart=1" >> "${BOOT_DIR}/config.txt"
103 111 fi
104 112 fi
105 113
106 114 # Create firmware configuration and cmdline symlinks
107 115 ln -sf firmware/config.txt "${R}/boot/config.txt"
108 116 ln -sf firmware/cmdline.txt "${R}/boot/cmdline.txt"
109 117
110 118 # Install and setup kernel modules to load at boot
111 119 mkdir -p "${R}/lib/modules-load.d/"
112 120 install_readonly files/modules/rpi2.conf "${R}/lib/modules-load.d/rpi2.conf"
113 121
114 122 # Load hardware random module at boot
115 123 if [ "$ENABLE_HWRANDOM" = true ] && [ "$BUILD_KERNEL" = false ] ; then
116 124 sed -i "s/^# bcm2708_rng/bcm2708_rng/" "${R}/lib/modules-load.d/rpi2.conf"
117 125 fi
118 126
119 127 # Load sound module at boot
120 128 if [ "$ENABLE_SOUND" = true ] ; then
121 129 sed -i "s/^# snd_bcm2835/snd_bcm2835/" "${R}/lib/modules-load.d/rpi2.conf"
122 130 else
123 131 echo "dtparam=audio=off" >> "${BOOT_DIR}/config.txt"
124 132 fi
125 133
126 134 # Enable I2C interface
127 135 if [ "$ENABLE_I2C" = true ] ; then
128 136 echo "dtparam=i2c_arm=on" >> "${BOOT_DIR}/config.txt"
129 137 sed -i "s/^# i2c-bcm2708/i2c-bcm2708/" "${R}/lib/modules-load.d/rpi2.conf"
130 138 sed -i "s/^# i2c-dev/i2c-dev/" "${R}/lib/modules-load.d/rpi2.conf"
131 139 fi
132 140
133 141 # Enable SPI interface
134 142 if [ "$ENABLE_SPI" = true ] ; then
135 143 echo "dtparam=spi=on" >> "${BOOT_DIR}/config.txt"
136 144 echo "spi-bcm2708" >> "${R}/lib/modules-load.d/rpi2.conf"
137 145 if [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ]; then
138 146 sed -i "s/spi-bcm2708/spi-bcm2835/" "${R}/lib/modules-load.d/rpi2.conf"
139 147 fi
140 148 fi
141 149
142 150 # Disable RPi2/3 under-voltage warnings
143 151 if [ -n "$DISABLE_UNDERVOLT_WARNINGS" ] ; then
144 152 echo "avoid_warnings=${DISABLE_UNDERVOLT_WARNINGS}" >> "${BOOT_DIR}/config.txt"
145 153 fi
146 154
147 155 # Install kernel modules blacklist
148 156 mkdir -p "${ETC_DIR}/modprobe.d/"
149 157 install_readonly files/modules/raspi-blacklist.conf "${ETC_DIR}/modprobe.d/raspi-blacklist.conf"
150 158
151 159 # Install sysctl.d configuration files
152 160 install_readonly files/sysctl.d/81-rpi-vm.conf "${ETC_DIR}/sysctl.d/81-rpi-vm.conf"
153 161
@@ -1,102 +1,104
1 1 #!/bin/bash
2 2 #
3 3 # Build and Setup U-Boot
4 4 #
5 5
6 6 # Load utility functions
7 7 . ./functions.sh
8 8
9 9 # Fetch and build U-Boot bootloader
10 10 if [ "$ENABLE_UBOOT" = true ] ; then
11 11 # Install c/c++ build environment inside the chroot
12 12 chroot_install_cc
13 13
14 14 # Copy existing U-Boot sources into chroot directory
15 15 if [ -n "$UBOOTSRC_DIR" ] && [ -d "$UBOOTSRC_DIR" ] ; then
16 16 # Copy local U-Boot sources
17 17 cp -r "${UBOOTSRC_DIR}" "${R}/tmp"
18 18 else
19 19 # Create temporary directory for U-Boot sources
20 20 temp_dir=$(as_nobody mktemp -d)
21 21
22 22 # Fetch U-Boot sources
23 23 as_nobody git -C "${temp_dir}" clone "${UBOOT_URL}"
24 24
25 25 # Copy downloaded U-Boot sources
26 26 mv "${temp_dir}/u-boot" "${R}/tmp/"
27 27
28 28 # Set permissions of the U-Boot sources
29 29 chown -R root:root "${R}/tmp/u-boot"
30 30
31 31 # Remove temporary directory for U-Boot sources
32 32 rm -fr "${temp_dir}"
33 33 fi
34 34
35 35 # Build and install U-Boot inside chroot
36 36 chroot_exec make -j"${KERNEL_THREADS}" -C /tmp/u-boot/ "${UBOOT_CONFIG}" all
37 37
38 38 # Copy compiled bootloader binary and set config.txt to load it
39 39 install_exec "${R}/tmp/u-boot/tools/mkimage" "${R}/usr/sbin/mkimage"
40 40 install_readonly "${R}/tmp/u-boot/u-boot.bin" "${BOOT_DIR}/u-boot.bin"
41 41 printf "\n# boot u-boot kernel\nkernel=u-boot.bin\n" >> "${BOOT_DIR}/config.txt"
42 42
43 # Install and setup U-Boot command file
44 # Set correct KERNEL_IMAGE in mkfile
45 sed -i "s/kernel7.img/$KERNEL_BIN_IMAGE/g" files/boot/uboot.mkimage
46 # Set correct DTB_FILE
47 sed -i "s/bcm2709-rpi-2-b.dtb/$DTB_FILE/g" files/boot/uboot.mkimage
48 43 install_readonly files/boot/uboot.mkimage "${BOOT_DIR}/uboot.mkimage"
49 printf "# Set the kernel boot command line\nsetenv bootargs \"earlyprintk ${CMDLINE}\"\n\n$(cat "${BOOT_DIR}"/uboot.mkimage)" > "${BOOT_DIR}/uboot.mkimage"
44 printf "# Set the kernel boot command line\nsetenv bootargs \"earlyprintk ${CMDLINE}\"\n\n$(cat ${BOOT_DIR}/uboot.mkimage)" > "${BOOT_DIR}/uboot.mkimage"
50 45
51 46 if [ "$ENABLE_INITRAMFS" = true ] ; then
52 47 # Convert generated initramfs for U-Boot using mkimage
53 48 chroot_exec /usr/sbin/mkimage -A "${KERNEL_ARCH}" -T ramdisk -C none -n "initramfs-${KERNEL_VERSION}" -d "/boot/firmware/initramfs-${KERNEL_VERSION}" "/boot/firmware/initramfs-${KERNEL_VERSION}.uboot"
54 49
55 50 # Remove original initramfs file
56 51 rm -f "${BOOT_DIR}/initramfs-${KERNEL_VERSION}"
57 52
58 53 # Configure U-Boot to load generated initramfs
59 printf "# Set initramfs file\nsetenv initramfs initramfs-${KERNEL_VERSION}.uboot\n\n$(cat "${BOOT_DIR}"/uboot.mkimage)" > "${BOOT_DIR}/uboot.mkimage"
60 printf "\nbootz \${kernel_addr_r} \${ramdisk_addr_r} \${fdt_addr_r}" >> "${BOOT_DIR}/uboot.mkimage"
54 printf "# Set initramfs file\nsetenv initramfs initramfs-${KERNEL_VERSION}.uboot\n\n$(cat ${BOOT_DIR}/uboot.mkimage)" > "${BOOT_DIR}/uboot.mkimage"
55
56 fi
61 57 else # ENABLE_INITRAMFS=false
62 58 # Remove initramfs from U-Boot mkfile
63 59 sed -i '/.*initramfs.*/d' "${BOOT_DIR}/uboot.mkimage"
64 60
65 61 if [ "$BUILD_KERNEL" = false ] ; then
66 62 # Remove dtbfile from U-Boot mkfile
67 63 sed -i '/.*dtbfile.*/d' "${BOOT_DIR}/uboot.mkimage"
68 64 printf "\nbootz \${kernel_addr_r}" >> "${BOOT_DIR}/uboot.mkimage"
69 65 else
70 66 printf "\nbootz \${kernel_addr_r} - \${fdt_addr_r}" >> "${BOOT_DIR}/uboot.mkimage"
71 67 fi
72 68 fi
73 69
74 70 if [ "$SET_ARCH" = 64 ] ; then
75 71 echo "Setting up config.txt to boot 64bit uboot"
76 printf "\n# Enable CPU 64 bit mode\narm_control=0x200\n" >> "${BOOT_DIR}/config.txt"
77 printf "\n# Tell u-boot a 64bit kernel is used\narm_64bit=1\n" >> "${BOOT_DIR}/config.txt"
78 printf "\n# Device tree start addr\ndevice_tree_address=0x100\n" >> "${BOOT_DIR}/config.txt"
79 printf "\n# Device tree stop adrr\ndevice_tree_end=0x8000\n" >> "${BOOT_DIR}/config.txt"
72
73 printf "\n# 64bit-mode" >> "${BOOT_DIR}/config.txt"
74 printf "\n# arm_control=0x200 is deprecated https://www.raspberrypi.org/documentation/configuration/config-txt/misc.md" >> "${BOOT_DIR}/config.txt"
75 printf "\narm_64bit=1" >> "${BOOT_DIR}/config.txt"
76 sed -i "s|bootz|booti|g" "${BOOT_DIR}/uboot.mkimage"
80 77 fi
81 78
79 if [ "$ENABLE_UBOOTUSB" = true ] ; then
80 sed -i "s|mmc|usb|g" "${BOOT_DIR}/uboot.mkimage"
81 fi
82
83
82 84 # Set mkfile to use the correct mach id
83 85 if [ "$ENABLE_QEMU" = true ] ; then
84 86 sed -i "s/^\(setenv machid \).*/\10x000008e0/" "${BOOT_DIR}/uboot.mkimage"
85 87 fi
86 88
87 89 # Set mkfile to use the correct dtb file
88 90 sed -i "s/^\(setenv dtbfile \).*/\1${DTB_FILE}/" "${BOOT_DIR}/uboot.mkimage"
89 91
90 92 # Set mkfile to use kernel image
91 sed "s/^\(fatload mmc 0:1 \${kernel_addr_r} \).*/\1${KERNEL_IMAGE}/" "${BOOT_DIR}/uboot.mkimage"
93 sed -i "s/^\(fatload mmc 0:1 \${kernel_addr_r} \).*/\1${KERNEL_IMAGE}/" "${BOOT_DIR}/uboot.mkimage"
92 94
93 95 # Remove all leading blank lines
94 96 sed -i "/./,\$!d" "${BOOT_DIR}/uboot.mkimage"
95 97
96 98 # Generate U-Boot bootloader image
97 99 chroot_exec /usr/sbin/mkimage -A "${KERNEL_ARCH}" -O linux -T script -C none -a 0x00000000 -e 0x00000000 -n "RPi${RPI_MODEL}" -d /boot/firmware/uboot.mkimage /boot/firmware/boot.scr
98 100
99 101 # Remove U-Boot sources
100 102 rm -fr "${R}/tmp/u-boot"
101 103 fi
102 104
@@ -1,9 +1,8
1 deb http://ftp.debian.org/debian jessie main contrib
2 #deb-src http://ftp.debian.org/debian jessie main contrib
3
4 deb http://ftp.debian.org/debian/ jessie-updates main contrib
5 #deb-src http://ftp.debian.org/debian/ jessie-updates main contrib
6
7 #deb http://security.debian.org/ jessie/updates main contrib
8 #deb-src http://security.debian.org/ jessie/updates main contrib
1 # Debian packages for testing
2 deb http://mirror.united-gameserver.de/debian/ testing main contrib non-free
3 # Uncomment the deb-src line if you want 'apt-get source'
4 # to work with most packages.
5 deb-src http://mirror.united-gameserver.de/debian/ testing main contrib non-free
9 6
7 # Security updates for stable
8 # deb http://security.debian.org/ stable/updates main contrib non-free
@@ -1,15 +1,16
1 1 # Set device tree fdtfile
2 setenv dtbfile bcm2709-rpi-2-b.dtb
2 setenv dtbfile bcm2710-rpi-3-b.dtb
3 3
4 4 # Tell Linux that it is booting on a Raspberry Pi2/3
5 5 setenv machid 0x00000c42
6 6
7 7 # Save these changes to u-boot's environment
8 8 saveenv
9 9
10 10 # Load the existing Linux kernel into RAM
11 fatload mmc 0:1 ${kernel_addr_r} kernel7.img
11 mmc dev 0
12 fatload mmc 0:1 ${kernel_addr_r} Image
12 13 fatload mmc 0:1 ${fdt_addr_r} ${dtbfile}
13 14 fatload mmc 0:1 ${ramdisk_addr_r} ${initramfs}
14 15
15 16 # Boot the kernel we have just loaded
@@ -1,775 +1,778
1 1 #!/bin/bash
2 2 ########################################################################
3 3 # rpi23-gen-image.sh 2015-2017
4 4 #
5 5 # Advanced Debian "stretch" and "buster" bootstrap script for RPi2/3
6 6 #
7 7 # This program is free software; you can redistribute it and/or
8 8 # modify it under the terms of the GNU General Public License
9 9 # as published by the Free Software Foundation; either version 2
10 10 # of the License, or (at your option) any later version.
11 11 #
12 12 # Copyright (C) 2015 Jan Wagner <mail@jwagner.eu>
13 13 #
14 14 # Big thanks for patches and enhancements by 20+ github contributors!
15 15 ########################################################################
16 16
17 17 # Are we running as root?
18 18 if [ "$(id -u)" -ne "0" ] ; then
19 19 echo "error: this script must be executed with root privileges!"
20 20 exit 1
21 21 fi
22 22
23 23 # Check if ./functions.sh script exists
24 24 if [ ! -r "./functions.sh" ] ; then
25 25 echo "error: './functions.sh' required script not found!"
26 26 exit 1
27 27 fi
28 28
29 29 # Load utility functions
30 30 . ./functions.sh
31 31
32 32 # Load parameters from configuration template file
33 33 if [ -n "$CONFIG_TEMPLATE" ] ; then
34 34 use_template
35 35 fi
36 36
37 37 # Introduce settings
38 38 set -e
39 39 echo -n -e "\n#\n# RPi2/3 Bootstrap Settings\n#\n"
40 40 set -x
41 41
42 42 # Raspberry Pi model configuration
43 43 export RPI_MODEL=${RPI_MODEL:=2}
44 44
45 45 # Debian release
46 46 export RELEASE=${RELEASE:=buster}
47 47
48 48 #Kernel Branch
49 49 export KERNEL_BRANCH=${KERNEL_BRANCH:=""}
50 50
51 51 # URLs
52 52 export KERNEL_URL=${KERNEL_URL:=https://github.com/raspberrypi/linux}
53 53 export FIRMWARE_URL=${FIRMWARE_URL:=https://github.com/raspberrypi/firmware/raw/master/boot}
54 54 export WLAN_FIRMWARE_URL=${WLAN_FIRMWARE_URL:=https://github.com/RPi-Distro/firmware-nonfree/raw/master/brcm}
55 55 export FBTURBO_URL=${FBTURBO_URL:=https://github.com/ssvb/xf86-video-fbturbo.git}
56 56 export UBOOT_URL=${UBOOT_URL:=https://git.denx.de/u-boot.git}
57 57
58 58 # Firmware directory: Blank if download from github
59 59 export RPI_FIRMWARE_DIR=${RPI_FIRMWARE_DIR:=""}
60 60
61 61 # Build directories
62 62 export BASEDIR=${BASEDIR:=$(pwd)/images/${RELEASE}}
63 63 export BUILDDIR="${BASEDIR}/build"
64 64
65 65 # Prepare date string for default image file name
66 66 DATE="$(date +%Y-%m-%d)"
67 67 if [ -z "$KERNEL_BRANCH" ] ; then
68 68 export IMAGE_NAME=${IMAGE_NAME:=${BASEDIR}/${DATE}-${KERNEL_ARCH}-CURRENT-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}}
69 69 else
70 70 export IMAGE_NAME=${IMAGE_NAME:=${BASEDIR}/${DATE}-${KERNEL_ARCH}-${KERNEL_BRANCH}-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}}
71 71 fi
72 72
73 73 # Chroot directories
74 74 export R="${BUILDDIR}/chroot"
75 75 export ETC_DIR="${R}/etc"
76 76 export LIB_DIR="${R}/lib"
77 77 export BOOT_DIR="${R}/boot/firmware"
78 78 export KERNEL_DIR="${R}/usr/src/linux"
79 79 export WLAN_FIRMWARE_DIR="${R}/lib/firmware/brcm"
80 80
81 81 # General settings
82 82 export SET_ARCH=${SET_ARCH:=32}
83 83 export HOSTNAME=${HOSTNAME:=rpi${RPI_MODEL}-${RELEASE}}
84 84 export PASSWORD=${PASSWORD:=raspberry}
85 85 export USER_PASSWORD=${USER_PASSWORD:=raspberry}
86 86 export DEFLOCAL=${DEFLOCAL:="en_US.UTF-8"}
87 87 export TIMEZONE=${TIMEZONE:="Europe/Berlin"}
88 88 export EXPANDROOT=${EXPANDROOT:=true}
89 89
90 90 # Keyboard settings
91 91 export XKB_MODEL=${XKB_MODEL:=""}
92 92 export XKB_LAYOUT=${XKB_LAYOUT:=""}
93 93 export XKB_VARIANT=${XKB_VARIANT:=""}
94 94 export XKB_OPTIONS=${XKB_OPTIONS:=""}
95 95
96 96 # Network settings (DHCP)
97 97 export ENABLE_DHCP=${ENABLE_DHCP:=true}
98 98
99 99 # Network settings (static)
100 100 export NET_ADDRESS=${NET_ADDRESS:=""}
101 101 export NET_GATEWAY=${NET_GATEWAY:=""}
102 102 export NET_DNS_1=${NET_DNS_1:=""}
103 103 export NET_DNS_2=${NET_DNS_2:=""}
104 104 export NET_DNS_DOMAINS=${NET_DNS_DOMAINS:=""}
105 105 export NET_NTP_1=${NET_NTP_1:=""}
106 106 export NET_NTP_2=${NET_NTP_2:=""}
107 107
108 108 # APT settings
109 109 export APT_PROXY=${APT_PROXY:=""}
110 110 export APT_SERVER=${APT_SERVER:="ftp.debian.org"}
111 111
112 112 # Feature settings
113 113 export ENABLE_CONSOLE=${ENABLE_CONSOLE:=true}
114 114 export ENABLE_I2C=${ENABLE_I2C:=false}
115 115 export ENABLE_SPI=${ENABLE_SPI:=false}
116 116 export ENABLE_IPV6=${ENABLE_IPV6:=true}
117 117 export ENABLE_SSHD=${ENABLE_SSHD:=true}
118 118 export ENABLE_NONFREE=${ENABLE_NONFREE:=false}
119 119 export ENABLE_WIRELESS=${ENABLE_WIRELESS:=false}
120 120 export ENABLE_SOUND=${ENABLE_SOUND:=true}
121 121 export ENABLE_DBUS=${ENABLE_DBUS:=true}
122 122 export ENABLE_HWRANDOM=${ENABLE_HWRANDOM:=true}
123 123 export ENABLE_MINGPU=${ENABLE_MINGPU:=false}
124 124 export ENABLE_XORG=${ENABLE_XORG:=false}
125 125 export ENABLE_WM=${ENABLE_WM:=""}
126 126 export ENABLE_RSYSLOG=${ENABLE_RSYSLOG:=true}
127 127 export ENABLE_USER=${ENABLE_USER:=true}
128 128 export USER_NAME=${USER_NAME:="pi"}
129 129 export ENABLE_ROOT=${ENABLE_ROOT:=false}
130 130 export ENABLE_QEMU=${ENABLE_QEMU:=false}
131 131
132 132 # SSH settings
133 133 export SSH_ENABLE_ROOT=${SSH_ENABLE_ROOT:=false}
134 134 export SSH_DISABLE_PASSWORD_AUTH=${SSH_DISABLE_PASSWORD_AUTH:=false}
135 135 export SSH_LIMIT_USERS=${SSH_LIMIT_USERS:=false}
136 136 export SSH_ROOT_PUB_KEY=${SSH_ROOT_PUB_KEY:=""}
137 137 export SSH_USER_PUB_KEY=${SSH_USER_PUB_KEY:=""}
138 138
139 139 # Advanced settings
140 140 export ENABLE_MINBASE=${ENABLE_MINBASE:=false}
141 141 export ENABLE_REDUCE=${ENABLE_REDUCE:=false}
142 142 export ENABLE_UBOOT=${ENABLE_UBOOT:=false}
143 143 export UBOOTSRC_DIR=${UBOOTSRC_DIR:=""}
144 144 export ENABLE_FBTURBO=${ENABLE_FBTURBO:=false}
145 145 export FBTURBOSRC_DIR=${FBTURBOSRC_DIR:=""}
146 146 export export ENABLE_HARDNET=${ENABLE_HARDNET:=false}
147 147 export ENABLE_IPTABLES=${ENABLE_IPTABLES:=false}
148 148 export ENABLE_SPLITFS=${ENABLE_SPLITFS:=false}
149 149 export ENABLE_INITRAMFS=${ENABLE_INITRAMFS:=false}
150 150 export ENABLE_IFNAMES=${ENABLE_IFNAMES:=true}
151 151 export DISABLE_UNDERVOLT_WARNINGS=${DISABLE_UNDERVOLT_WARNINGS:=}
152 152
153 153 # Kernel compilation settings
154 154 export BUILD_KERNEL=${BUILD_KERNEL:=true}
155 155 export KERNEL_REDUCE=${KERNEL_REDUCE:=false}
156 156 export KERNEL_THREADS=${KERNEL_THREADS:=1}
157 157 export KERNEL_HEADERS=${KERNEL_HEADERS:=true}
158 158 export KERNEL_MENUCONFIG=${KERNEL_MENUCONFIG:=false}
159 159 export KERNEL_REMOVESRC=${KERNEL_REMOVESRC:=true}
160 160 export KERNEL_OLDDEFCONFIG=${KERNEL_OLDDEFCONFIG:=false}
161 161 export KERNEL_CCACHE=${KERNEL_CCACHE:=false}
162 162
163 163 # Kernel compilation from source directory settings
164 164 export KERNELSRC_DIR=${KERNELSRC_DIR:=""}
165 165 export KERNELSRC_CLEAN=${KERNELSRC_CLEAN:=false}
166 166 export KERNELSRC_CONFIG=${KERNELSRC_CONFIG:=true}
167 167 export KERNELSRC_PREBUILT=${KERNELSRC_PREBUILT:=false}
168 168
169 169 # Reduce disk usage settings
170 170 export REDUCE_APT=${REDUCE_APT:=true}
171 171 export REDUCE_DOC=${REDUCE_DOC:=true}
172 172 export REDUCE_MAN=${REDUCE_MAN:=true}
173 173 export REDUCE_VIM=${REDUCE_VIM:=false}
174 174 export REDUCE_BASH=${REDUCE_BASH:=false}
175 175 export REDUCE_HWDB=${REDUCE_HWDB:=true}
176 176 export REDUCE_SSHD=${REDUCE_SSHD:=true}
177 177 export REDUCE_LOCALE=${REDUCE_LOCALE:=true}
178 178
179 179 # Encrypted filesystem settings
180 180 ENABLE_CRYPTFS=${ENABLE_CRYPTFS:=false}
181 181 CRYPTFS_PASSWORD=${CRYPTFS_PASSWORD:=""}
182 182 CRYPTFS_MAPPING=${CRYPTFS_MAPPING:="secure"}
183 183 CRYPTFS_CIPHER=${CRYPTFS_CIPHER:="aes-xts-plain64:sha512"}
184 184 CRYPTFS_XTSKEYSIZE=${CRYPTFS_XTSKEYSIZE:=512}
185 185
186 186 # Chroot scripts directory
187 187 CHROOT_SCRIPTS=${CHROOT_SCRIPTS:=""}
188 188
189 189 # Packages required in the chroot build environment
190 190 export APT_INCLUDES=${APT_INCLUDES:=""}
191 191 APT_INCLUDES="${APT_INCLUDES},apt-transport-https,apt-utils,ca-certificates,debian-archive-keyring,dialog,sudo,systemd,sysvinit-utils,locales,keyboard-configuration,console-setup"
192 192
193 193 # Packages required for bootstrapping
194 194 export REQUIRED_PACKAGES="debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git bc psmisc dbus sudo netselect-apt"
195 195 export MISSING_PACKAGES=""
196 196
197 197 # Packages installed for c/c++ build environment in chroot (keep empty)
198 198 export COMPILER_PACKAGES=""
199 199
200 200 #autconfigure best apt server to not spam ftp.debian.org
201 201 #rm files/apt/sources.list
202 202 #netselect-apt does not know buster yet
203 203 if [ "$RELEASE" = "buster" ] ; then
204 204 RLS=testing
205 205 else
206 206 RLS="$RELEASE"
207 207 fi
208 208
209 rm "${ETC_DIR}/apt/sources.list"
209 if [ -f "$(pwd)/files/apt/sources.list" ] ; then
210 rm "$(pwd)/files/apt/sources.list"
211 fi
210 212
211 213 if [ "$ENABLE_NONFREE" = true ] ; then
212 netselect-apt --arch "$RELEASE_ARCH" --tests 10 --sources --nonfree --outfile "${ETC_DIR}/apt/sources.list" -d "$RLS"
214 netselect-apt --arch "$RELEASE_ARCH" --tests 10 --sources --nonfree --outfile "$(pwd)/files/apt/sources.list" -d "$RLS"
213 215 else
214 netselect-apt --arch "$RELEASE_ARCH" --tests 10 --sources --outfile "${ETC_DIR}/apt/sources.list" -d "$RLS"
216 netselect-apt --arch "$RELEASE_ARCH" --tests 10 --sources --outfile "$(pwd)/files/apt/sources.list" -d "$RLS"
215 217 fi
216 APT_SERVER=$(grep -m 1 http /etc/apt/sources.list | cut -d ' ' -f 2)
218 APT_SERVER=$(grep -m 1 http files/apt/sources.list | sed "s|http://| |g" | cut -d ' ' -f 3)
219 APT_SERVER=${APT_SERVER::-1}
217 220
218 221 #make script easier and more stable to use with convenient setup switch. Just setup SET_ARCH and RPI_MODEL and your good to go!
219 222 if [ -n "$SET_ARCH" ] ; then
220 223 echo "Setting Architecture specific settings"
221 224 ##################################
222 225 # 64 bit config
223 226 ##################################
224 227 if [ "$SET_ARCH" = 64 ] ; then
225 228 echo "64 bit mode selected - Setting up enviroment"
226 229 # 64 bit depended settings
227 230 QEMU_BINARY=${QEMU_BINARY:=/usr/bin/qemu-aarch64-static}
228 231 KERNEL_ARCH=${KERNEL_ARCH:=arm64}
229 232 KERNEL_BIN_IMAGE=${KERNEL_BIN_IMAGE:="Image"}
230 233
231 234 if [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then
232 235 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-arm64"
233 236 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcmrpi3_defconfig}
234 237 RELEASE_ARCH=${RELEASE_ARCH:=arm64}
235 238 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel8.img}
236 239 CROSS_COMPILE=${CROSS_COMPILE:=aarch64-linux-gnu-}
237 240 else
238 241 echo "error: At the moment Raspberry PI 3 and 3B+ are the only Models which support 64bit"
239 242 exit 1
240 243 fi
241 244 fi
242 245
243 246 ##################################
244 247 # 32 bit config
245 248 ##################################
246 249 if [ "$SET_ARCH" = 32 ] ; then
247 250 echo "32 bit mode selected - Setting up enviroment"
248 251 #General 32bit configuration
249 252 QEMU_BINARY=${QEMU_BINARY:=/usr/bin/qemu-arm-static}
250 253 KERNEL_ARCH=${KERNEL_ARCH:=arm}
251 254 KERNEL_BIN_IMAGE=${KERNEL_BIN_IMAGE:="zImage"}
252 255
253 256 #Raspberry setting grouped by board compability
254 257 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 1 ] || [ "$RPI_MODEL" = 1P ] ; then
255 258 echo "Setting settings for bcm2835 Raspberry PI boards"
256 259 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-armel"
257 260 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcmrpi_defconfig}
258 261 RELEASE_ARCH=${RELEASE_ARCH:=armel}
259 262 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel.img}
260 263 CROSS_COMPILE=${CROSS_COMPILE:=arm-linux-gnueabi-}
261 264 fi
262 265 if [ "$RPI_MODEL" = 2 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then
263 266 echo "Setting settings for bcm2837 Raspberry PI boards"
264 267 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-armhf"
265 268 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcm2709_defconfig}
266 269 RELEASE_ARCH=${RELEASE_ARCH:=armhf}
267 270 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel7.img}
268 271 CROSS_COMPILE=${CROSS_COMPILE:=arm-linux-gnueabihf-}
269 272 fi
270 273 fi
271 274 #SET_ARCH not set
272 275 else
273 276 echo "error: Please set '32' or '64' as value for SET_ARCH"
274 277 exit 1
275 278 fi
276 279
277 280 #Device specific configuration
278 281 echo "Select DTB-File"
279 282 case "$RPI_MODEL" in
280 283 0)
281 284 DTB_FILE=${DTB_FILE:=bcm2708-rpi-0-w.dtb}
282 285 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_defconfig}
283 286 ;;
284 287 1)
285 288 DTB_FILE=${DTB_FILE:=bcm2708-rpi-b.dtb}
286 289 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_defconfig}
287 290 ;;
288 291 1P)
289 292 DTB_FILE=${DTB_FILE:=bcm2708-rpi-b-plus.dtb}
290 293 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_defconfig}
291 294 ;;
292 295 2)
293 296 DTB_FILE=${DTB_FILE:=bcm2709-rpi-2-b.dtb}
294 297 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_2_defconfig}
295 298 ;;
296 299 3)
297 300 DTB_FILE=${DTB_FILE:=bcm2710-rpi-3-b.dtb}
298 301 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_3_defconfig}
299 302 ;;
300 303 3P)
301 304 DTB_FILE=${DTB_FILE:=bcm2710-rpi-3-b.dtb}
302 305 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_3_defconfig}
303 306 ;;
304 307 *)
305 308 echo "error: Raspberry Pi model $RPI_MODEL is not supported!"
306 309 exit 1
307 310 ;;
308 311 esac
309 312 echo "$DTB_FILE selected"
310 313
311 314 #DEBUG off
312 315 set +x
313 316
314 317 # Check if the internal wireless interface is supported by the RPi model
315 318 if [ "$ENABLE_WIRELESS" = true ] ; then
316 319 if [ "$RPI_MODEL" = 1 ] || [ "$RPI_MODEL" = 1P ] || [ "$RPI_MODEL" = 2 ] ; then
317 320 echo "error: The selected Raspberry Pi model has no internal wireless interface"
318 321 exit 1
319 322 else
320 323 echo "Raspberry Pi $RPI_MODEL has WIFI support"
321 324 fi
322 325 fi
323 326
324 327 # Check if DISABLE_UNDERVOLT_WARNINGS parameter value is supported
325 328 if [ -n "$DISABLE_UNDERVOLT_WARNINGS" ] ; then
326 329 if [ "$DISABLE_UNDERVOLT_WARNINGS" != 1 ] && [ "$DISABLE_UNDERVOLT_WARNINGS" != 2 ] ; then
327 330 echo "error: DISABLE_UNDERVOLT_WARNINGS=${DISABLE_UNDERVOLT_WARNINGS} is not supported"
328 331 exit 1
329 332 fi
330 333 fi
331 334
332 335 # Add libncurses5 to enable kernel menuconfig
333 336 if [ "$KERNEL_MENUCONFIG" = true ] ; then
334 337 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} libncurses5-dev"
335 338 fi
336 339
337 340 # Add ccache compiler cache for (faster) kernel cross (re)compilation
338 341 if [ "$KERNEL_CCACHE" = true ] ; then
339 342 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} ccache"
340 343 fi
341 344
342 345 # Add cryptsetup package to enable filesystem encryption
343 346 if [ "$ENABLE_CRYPTFS" = true ] && [ "$BUILD_KERNEL" = true ] ; then
344 347 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} cryptsetup"
345 348 APT_INCLUDES="${APT_INCLUDES},cryptsetup,busybox,console-setup"
346 349
347 350 if [ -z "$CRYPTFS_PASSWORD" ] ; then
348 351 echo "error: no password defined (CRYPTFS_PASSWORD)!"
349 352 exit 1
350 353 fi
351 354 ENABLE_INITRAMFS=true
352 355 fi
353 356
354 357 # Add initramfs generation tools
355 358 if [ "$ENABLE_INITRAMFS" = true ] && [ "$BUILD_KERNEL" = true ] ; then
356 359 APT_INCLUDES="${APT_INCLUDES},initramfs-tools"
357 360 fi
358 361
359 362 # Add device-tree-compiler required for building the U-Boot bootloader
360 363 if [ "$ENABLE_UBOOT" = true ] ; then
361 364 APT_INCLUDES="${APT_INCLUDES},device-tree-compiler,bison,flex,bc"
362 365 fi
363 366
364 367 # Check if root SSH (v2) public key file exists
365 368 if [ -n "$SSH_ROOT_PUB_KEY" ] ; then
366 369 if [ ! -f "$SSH_ROOT_PUB_KEY" ] ; then
367 370 echo "error: '$SSH_ROOT_PUB_KEY' specified SSH public key file not found (SSH_ROOT_PUB_KEY)!"
368 371 exit 1
369 372 fi
370 373 fi
371 374
372 375 # Check if $USER_NAME SSH (v2) public key file exists
373 376 if [ -n "$SSH_USER_PUB_KEY" ] ; then
374 377 if [ ! -f "$SSH_USER_PUB_KEY" ] ; then
375 378 echo "error: '$SSH_USER_PUB_KEY' specified SSH public key file not found (SSH_USER_PUB_KEY)!"
376 379 exit 1
377 380 fi
378 381 fi
379 382
380 383 # Check if all required packages are installed on the build system
381 384 for package in $REQUIRED_PACKAGES ; do
382 385 if [ "$(dpkg-query -W -f='${Status}' "$package")" != "install ok installed" ] ; then
383 386 MISSING_PACKAGES="${MISSING_PACKAGES} $package"
384 387 fi
385 388 done
386 389
387 390 # If there are missing packages ask confirmation for install, or exit
388 391 if [ -n "$MISSING_PACKAGES" ] ; then
389 392 echo "the following packages needed by this script are not installed:"
390 393 echo "$MISSING_PACKAGES"
391 394
392 395 printf "\ndo you want to install the missing packages right now? [y/n] "
393 396 read -r confirm
394 397 [ "$confirm" != "y" ] && exit 1
395 398
396 399 # Make sure all missing required packages are installed
397 400 apt-get -qq -y install "${MISSING_PACKAGES}"
398 401 fi
399 402
400 403 # Check if ./bootstrap.d directory exists
401 404 if [ ! -d "./bootstrap.d/" ] ; then
402 405 echo "error: './bootstrap.d' required directory not found!"
403 406 exit 1
404 407 fi
405 408
406 409 # Check if ./files directory exists
407 410 if [ ! -d "./files/" ] ; then
408 411 echo "error: './files' required directory not found!"
409 412 exit 1
410 413 fi
411 414
412 415 # Check if specified KERNELSRC_DIR directory exists
413 416 if [ -n "$KERNELSRC_DIR" ] && [ ! -d "$KERNELSRC_DIR" ] ; then
414 417 echo "error: '${KERNELSRC_DIR}' specified directory not found (KERNELSRC_DIR)!"
415 418 exit 1
416 419 fi
417 420
418 421 # Check if specified UBOOTSRC_DIR directory exists
419 422 if [ -n "$UBOOTSRC_DIR" ] && [ ! -d "$UBOOTSRC_DIR" ] ; then
420 423 echo "error: '${UBOOTSRC_DIR}' specified directory not found (UBOOTSRC_DIR)!"
421 424 exit 1
422 425 fi
423 426
424 427 # Check if specified FBTURBOSRC_DIR directory exists
425 428 if [ -n "$FBTURBOSRC_DIR" ] && [ ! -d "$FBTURBOSRC_DIR" ] ; then
426 429 echo "error: '${FBTURBOSRC_DIR}' specified directory not found (FBTURBOSRC_DIR)!"
427 430 exit 1
428 431 fi
429 432
430 433 # Check if specified CHROOT_SCRIPTS directory exists
431 434 if [ -n "$CHROOT_SCRIPTS" ] && [ ! -d "$CHROOT_SCRIPTS" ] ; then
432 435 echo "error: ${CHROOT_SCRIPTS} specified directory not found (CHROOT_SCRIPTS)!"
433 436 exit 1
434 437 fi
435 438
436 439 # Check if specified device mapping already exists (will be used by cryptsetup)
437 440 if [ -r "/dev/mapping/${CRYPTFS_MAPPING}" ] ; then
438 441 echo "error: mapping /dev/mapping/${CRYPTFS_MAPPING} already exists, not proceeding"
439 442 exit 1
440 443 fi
441 444
442 445 # Don't clobber an old build
443 446 if [ -e "$BUILDDIR" ] ; then
444 447 echo "error: directory ${BUILDDIR} already exists, not proceeding"
445 448 exit 1
446 449 fi
447 450
448 451 # Setup chroot directory
449 452 mkdir -p "${R}"
450 453
451 454 # Check if build directory has enough of free disk space >512MB
452 455 if [ "$(df --output=avail "${BUILDDIR}" | sed "1d")" -le "524288" ] ; then
453 456 echo "error: ${BUILDDIR} not enough space left to generate the output image!"
454 457 exit 1
455 458 fi
456 459
457 460 # Call "cleanup" function on various signals and errors
458 461 trap cleanup 0 1 2 3 6
459 462
460 463 # Add required packages for the minbase installation
461 464 if [ "$ENABLE_MINBASE" = true ] ; then
462 465 APT_INCLUDES="${APT_INCLUDES},vim-tiny,netbase,net-tools,ifupdown"
463 466 fi
464 467
465 468 # Add parted package, required to get partprobe utility
466 469 if [ "$EXPANDROOT" = true ] ; then
467 470 APT_INCLUDES="${APT_INCLUDES},parted"
468 471 fi
469 472
470 473 # Add dbus package, recommended if using systemd
471 474 if [ "$ENABLE_DBUS" = true ] ; then
472 475 APT_INCLUDES="${APT_INCLUDES},dbus"
473 476 fi
474 477
475 478 # Add iptables IPv4/IPv6 package
476 479 if [ "$ENABLE_IPTABLES" = true ] ; then
477 480 APT_INCLUDES="${APT_INCLUDES},iptables,iptables-persistent"
478 481 fi
479 482
480 483 # Add openssh server package
481 484 if [ "$ENABLE_SSHD" = true ] ; then
482 485 APT_INCLUDES="${APT_INCLUDES},openssh-server"
483 486 fi
484 487
485 488 # Add alsa-utils package
486 489 if [ "$ENABLE_SOUND" = true ] ; then
487 490 APT_INCLUDES="${APT_INCLUDES},alsa-utils"
488 491 fi
489 492
490 493 # Add rng-tools package
491 494 if [ "$ENABLE_HWRANDOM" = true ] ; then
492 495 APT_INCLUDES="${APT_INCLUDES},rng-tools"
493 496 fi
494 497
495 498 # Add fbturbo video driver
496 499 if [ "$ENABLE_FBTURBO" = true ] ; then
497 500 # Enable xorg package dependencies
498 501 ENABLE_XORG=true
499 502 fi
500 503
501 504 # Add user defined window manager package
502 505 if [ -n "$ENABLE_WM" ] ; then
503 506 APT_INCLUDES="${APT_INCLUDES},${ENABLE_WM}"
504 507
505 508 # Enable xorg package dependencies
506 509 ENABLE_XORG=true
507 510 fi
508 511
509 512 # Add xorg package
510 513 if [ "$ENABLE_XORG" = true ] ; then
511 514 APT_INCLUDES="${APT_INCLUDES},xorg,dbus-x11"
512 515 fi
513 516
514 517 # Replace selected packages with smaller clones
515 518 if [ "$ENABLE_REDUCE" = true ] ; then
516 519 # Add levee package instead of vim-tiny
517 520 if [ "$REDUCE_VIM" = true ] ; then
518 521 APT_INCLUDES="$(echo ${APT_INCLUDES} | sed "s/vim-tiny/levee/")"
519 522 fi
520 523
521 524 # Add dropbear package instead of openssh-server
522 525 if [ "$REDUCE_SSHD" = true ] ; then
523 526 APT_INCLUDES="$(echo "${APT_INCLUDES}" | sed "s/openssh-server/dropbear/")"
524 527 fi
525 528 fi
526 529
527 530 # Configure kernel sources if no KERNELSRC_DIR
528 531 if [ "$BUILD_KERNEL" = true ] && [ -z "$KERNELSRC_DIR" ] ; then
529 532 KERNELSRC_CONFIG=true
530 533 fi
531 534
532 535 # Configure reduced kernel
533 536 if [ "$KERNEL_REDUCE" = true ] ; then
534 537 KERNELSRC_CONFIG=false
535 538 fi
536 539
537 540 set -x
538 541
539 542 # Execute bootstrap scripts
540 543 for SCRIPT in bootstrap.d/*.sh; do
541 544 head -n 4 "$SCRIPT"
542 545 . "$SCRIPT"
543 546 done
544 547
545 548 ## Execute custom bootstrap scripts
546 549 if [ -d "custom.d" ] ; then
547 550 for SCRIPT in custom.d/*.sh; do
548 551 . "$SCRIPT"
549 552 done
550 553 fi
551 554
552 555 # Execute custom scripts inside the chroot
553 556 if [ -n "$CHROOT_SCRIPTS" ] && [ -d "$CHROOT_SCRIPTS" ] ; then
554 557 cp -r "${CHROOT_SCRIPTS}" "${R}/chroot_scripts"
555 558 chroot_exec /bin/bash -x <<'EOF'
556 559 for SCRIPT in /chroot_scripts/* ; do
557 560 if [ -f $SCRIPT -a -x $SCRIPT ] ; then
558 561 $SCRIPT
559 562 fi
560 563 done
561 564 EOF
562 565 rm -rf "${R}/chroot_scripts"
563 566 fi
564 567
565 568 # Remove c/c++ build environment from the chroot
566 569 chroot_remove_cc
567 570
568 571 # Generate required machine-id
569 572 MACHINE_ID=$(dbus-uuidgen)
570 573 echo -n "${MACHINE_ID}" > "${R}/var/lib/dbus/machine-id"
571 574 echo -n "${MACHINE_ID}" > "${ETC_DIR}/machine-id"
572 575
573 576 # APT Cleanup
574 577 chroot_exec apt-get -y clean
575 578 chroot_exec apt-get -y autoclean
576 579 chroot_exec apt-get -y autoremove
577 580
578 581 # Unmount mounted filesystems
579 582 umount -l "${R}/proc"
580 583 umount -l "${R}/sys"
581 584
582 585 # Clean up directories
583 586 rm -rf "${R}/run/*"
584 587 rm -rf "${R}/tmp/*"
585 588
586 589 # Clean up files
587 590 rm -f "${ETC_DIR}/ssh/ssh_host_*"
588 591 rm -f "${ETC_DIR}/dropbear/dropbear_*"
589 592 rm -f "${ETC_DIR}/apt/sources.list.save"
590 593 rm -f "${ETC_DIR}/resolvconf/resolv.conf.d/original"
591 594 rm -f "${ETC_DIR}/*-"
592 595 rm -f "${ETC_DIR}/apt/apt.conf.d/10proxy"
593 596 rm -f "${ETC_DIR}/resolv.conf"
594 597 rm -f "${R}/root/.bash_history"
595 598 rm -f "${R}/var/lib/urandom/random-seed"
596 599 rm -f "${R}/initrd.img"
597 600 rm -f "${R}/vmlinuz"
598 601 rm -f "${R}${QEMU_BINARY}"
599 602
600 603 if [ "$ENABLE_QEMU" = true ] ; then
601 604 # Configure qemu compatible kernel
602 605 DTB_FILE=vexpress-v2p-ca15_a7.dtb
603 606 UBOOT_CONFIG=vexpress_ca15_tc2_defconfig
604 607 KERNEL_DEFCONFIG="vexpress_defconfig"
605 608 if [ "$KERNEL_MENUCONFIG" = false ] ; then
606 609 KERNEL_OLDDEFCONFIG=true
607 610 fi
608 611
609 612 # Setup QEMU directory
610 613 mkdir "${BASEDIR}/qemu"
611 614
612 615 # Copy kernel image to QEMU directory
613 616 install_readonly "${BOOT_DIR}/${KERNEL_IMAGE}" "${BASEDIR}/qemu/${KERNEL_IMAGE}"
614 617
615 618 # Copy kernel config to QEMU directory
616 619 install_readonly "${R}/boot/config-${KERNEL_VERSION}" "${BASEDIR}/qemu/config-${KERNEL_VERSION}"
617 620
618 621 # Copy kernel dtbs to QEMU directory
619 622 for dtb in "${BOOT_DIR}/"*.dtb ; do
620 623 if [ -f "${dtb}" ] ; then
621 624 install_readonly "${dtb}" "${BASEDIR}/qemu/"
622 625 fi
623 626 done
624 627
625 628 # Copy kernel overlays to QEMU directory
626 629 if [ -d "${BOOT_DIR}/overlays" ] ; then
627 630 # Setup overlays dtbs directory
628 631 mkdir "${BASEDIR}/qemu/overlays"
629 632
630 633 for dtb in "${BOOT_DIR}/overlays/"*.dtb ; do
631 634 if [ -f "${dtb}" ] ; then
632 635 install_readonly "${dtb}" "${BASEDIR}/qemu/overlays/"
633 636 fi
634 637 done
635 638 fi
636 639
637 640 # Copy u-boot files to QEMU directory
638 641 if [ "$ENABLE_UBOOT" = true ] ; then
639 642 if [ -f "${BOOT_DIR}/u-boot.bin" ] ; then
640 643 install_readonly "${BOOT_DIR}/u-boot.bin" "${BASEDIR}/qemu/u-boot.bin"
641 644 fi
642 645 if [ -f "${BOOT_DIR}/uboot.mkimage" ] ; then
643 646 install_readonly "${BOOT_DIR}/uboot.mkimage" "${BASEDIR}/qemu/uboot.mkimage"
644 647 fi
645 648 if [ -f "${BOOT_DIR}/boot.scr" ] ; then
646 649 install_readonly "${BOOT_DIR}/boot.scr" "${BASEDIR}/qemu/boot.scr"
647 650 fi
648 651 fi
649 652
650 653 # Copy initramfs to QEMU directory
651 654 if [ -f "${BOOT_DIR}/initramfs-${KERNEL_VERSION}" ] ; then
652 655 install_readonly "${BOOT_DIR}/initramfs-${KERNEL_VERSION}" "${BASEDIR}/qemu/initramfs-${KERNEL_VERSION}"
653 656 fi
654 657 fi
655 658
656 659 # Calculate size of the chroot directory in KB
657 660 CHROOT_SIZE=$(expr "$(du -s "${R}" | awk '{ print $1 }')")
658 661
659 662 # Calculate the amount of needed 512 Byte sectors
660 663 TABLE_SECTORS=$(expr 1 \* 1024 \* 1024 \/ 512)
661 664 FRMW_SECTORS=$(expr 64 \* 1024 \* 1024 \/ 512)
662 665 ROOT_OFFSET=$(expr "${TABLE_SECTORS}" + "${FRMW_SECTORS}")
663 666
664 667 # The root partition is EXT4
665 668 # This means more space than the actual used space of the chroot is used.
666 669 # As overhead for journaling and reserved blocks 35% are added.
667 670 ROOT_SECTORS=$(expr "$(expr "${CHROOT_SIZE}" + "${CHROOT_SIZE}" \/ 100 \* 35)" \* 1024 \/ 512)
668 671
669 672 # Calculate required image size in 512 Byte sectors
670 673 IMAGE_SECTORS=$(expr "${TABLE_SECTORS}" + "${FRMW_SECTORS}" + "${ROOT_SECTORS}")
671 674
672 675 # Prepare image file
673 676 if [ "$ENABLE_SPLITFS" = true ] ; then
674 677 dd if=/dev/zero of="$IMAGE_NAME-frmw.img" bs=512 count="${TABLE_SECTORS}"
675 678 dd if=/dev/zero of="$IMAGE_NAME-frmw.img" bs=512 count=0 seek="${FRMW_SECTORS}"
676 679 dd if=/dev/zero of="$IMAGE_NAME-root.img" bs=512 count="${TABLE_SECTORS}"
677 680 dd if=/dev/zero of="$IMAGE_NAME-root.img" bs=512 count=0 seek="${ROOT_SECTORS}"
678 681
679 682 # Write firmware/boot partition tables
680 683 sfdisk -q -L -uS -f "$IMAGE_NAME-frmw.img" 2> /dev/null <<EOM
681 684 "${TABLE_SECTORS}","${FRMW_SECTORS}",c,*
682 685 EOM
683 686
684 687 # Write root partition table
685 688 sfdisk -q -L -uS -f "$IMAGE_NAME-root.img" 2> /dev/null <<EOM
686 689 "${TABLE_SECTORS}","${ROOT_SECTORS}",83
687 690 EOM
688 691
689 692 # Setup temporary loop devices
690 693 FRMW_LOOP="$(losetup -o 1M --sizelimit 64M -f --show "$IMAGE_NAME"-frmw.img)"
691 694 ROOT_LOOP="$(losetup -o 1M -f --show "$IMAGE_NAME"-root.img)"
692 695 else # ENABLE_SPLITFS=false
693 696 dd if=/dev/zero of="$IMAGE_NAME.img" bs=512 count="${TABLE_SECTORS}"
694 697 dd if=/dev/zero of="$IMAGE_NAME.img" bs=512 count=0 seek="${IMAGE_SECTORS}"
695 698
696 699 # Write partition table
697 700 sfdisk -q -L -uS -f "$IMAGE_NAME.img" 2> /dev/null <<EOM
698 701 "${TABLE_SECTORS}","${FRMW_SECTORS}",c,*
699 702 "${ROOT_OFFSET}","${ROOT_SECTORS}",83
700 703 EOM
701 704
702 705 # Setup temporary loop devices
703 706 FRMW_LOOP="$(losetup -o 1M --sizelimit 64M -f --show "$IMAGE_NAME".img)"
704 707 ROOT_LOOP="$(losetup -o 65M -f --show "$IMAGE_NAME".img)"
705 708 fi
706 709
707 710 if [ "$ENABLE_CRYPTFS" = true ] ; then
708 711 # Create dummy ext4 fs
709 712 mkfs.ext4 "$ROOT_LOOP"
710 713
711 714 # Setup password keyfile
712 715 touch .password
713 716 chmod 600 .password
714 717 echo -n "${CRYPTFS_PASSWORD}" > .password
715 718
716 719 # Initialize encrypted partition
717 720 echo "YES" | cryptsetup luksFormat "${ROOT_LOOP}" -c "${CRYPTFS_CIPHER}" -s "${CRYPTFS_XTSKEYSIZE}" .password
718 721
719 722 # Open encrypted partition and setup mapping
720 723 cryptsetup luksOpen "${ROOT_LOOP}" -d .password "${CRYPTFS_MAPPING}"
721 724
722 725 # Secure delete password keyfile
723 726 shred -zu .password
724 727
725 728 # Update temporary loop device
726 729 ROOT_LOOP="/dev/mapper/${CRYPTFS_MAPPING}"
727 730
728 731 # Wipe encrypted partition (encryption cipher is used for randomness)
729 732 dd if=/dev/zero of="${ROOT_LOOP}" bs=512 count="$(blockdev --getsz "${ROOT_LOOP}")"
730 733 fi
731 734
732 735 # Build filesystems
733 736 mkfs.vfat "$FRMW_LOOP"
734 737 mkfs.ext4 "$ROOT_LOOP"
735 738
736 739 # Mount the temporary loop devices
737 740 mkdir -p "$BUILDDIR/mount"
738 741 mount "$ROOT_LOOP" "$BUILDDIR/mount"
739 742
740 743 mkdir -p "$BUILDDIR/mount/boot/firmware"
741 744 mount "$FRMW_LOOP" "$BUILDDIR/mount/boot/firmware"
742 745
743 746 # Copy all files from the chroot to the loop device mount point directory
744 747 rsync -a "${R}/" "$BUILDDIR/mount/"
745 748
746 749 # Unmount all temporary loop devices and mount points
747 750 cleanup
748 751
749 752 # Create block map file(s) of image(s)
750 753 if [ "$ENABLE_SPLITFS" = true ] ; then
751 754 # Create block map files for "bmaptool"
752 755 bmaptool create -o "$IMAGE_NAME-frmw.bmap" "$IMAGE_NAME-frmw.img"
753 756 bmaptool create -o "$IMAGE_NAME-root.bmap" "$IMAGE_NAME-root.img"
754 757
755 758 # Image was successfully created
756 759 echo "$IMAGE_NAME-frmw.img ($(expr \( "${TABLE_SECTORS}" + "${FRMW_SECTORS}" \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
757 760 echo "$IMAGE_NAME-root.img ($(expr \( "${TABLE_SECTORS}" + "${ROOT_SECTORS}" \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
758 761 else
759 762 # Create block map file for "bmaptool"
760 763 bmaptool create -o "$IMAGE_NAME.bmap" "$IMAGE_NAME.img"
761 764
762 765 # Image was successfully created
763 766 echo "$IMAGE_NAME.img ($(expr \( "${TABLE_SECTORS}" + "${FRMW_SECTORS}" + "${ROOT_SECTORS}" \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
764 767
765 768 # Create qemu qcow2 image
766 769 if [ "$ENABLE_QEMU" = true ] ; then
767 770 QEMU_IMAGE=${QEMU_IMAGE:=${BASEDIR}/qemu/${DATE}-${KERNEL_ARCH}-CURRENT-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}}
768 771 QEMU_SIZE=16G
769 772
770 773 qemu-img convert -f raw -O qcow2 "$IMAGE_NAME".img "$QEMU_IMAGE".qcow2
771 774 qemu-img resize "$QEMU_IMAGE".qcow2 $QEMU_SIZE
772 775
773 776 echo "$QEMU_IMAGE.qcow2 ($QEMU_SIZE)" ": successfully created"
774 777 fi
775 778 fi
General Comments 0
Vous devez vous connecter pour laisser un commentaire. Se connecter maintenant