Raspi2-3_GenImage Commit - r91:491ef8b44865 · Collaboration Tremplin des Sciences

Added ENABLE_NONFREE support and more

drtyhlpr -

r91:491ef8b44865

parent child

Context file:

r91:491ef8b44865

Collapse all files

README.md +3 0

             # rpi2-gen-image
             ## Introduction
             `rpi2-gen-image.sh` is an advanced Debian Linux bootstrapping shell script for generating Debian OS images for the Raspberry 2 (RPi2) computer. The script at this time only supports the bootstrapping of the current stable Debian 8 "jessie" release.
             ## Build dependencies
             The following list of Debian packages must be installed on the build system because they are essentially required for the bootstrapping process. The script will check if all required packages are installed and missing packages will be installed automatically if confirmed by the user.
               ```debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git```
             ## Command-line parameters
             The script accepts certain command-line parameters to enable or disable specific OS features, services and configuration settings. These parameters are passed to the `rpi2-gen-image.sh` script via (simple) shell-variables. Unlike environment shell-variables (simple) shell-variables are defined at the beginning of the command-line call of the `rpi2-gen-image.sh` script.
             #####Command-line examples:
             ```shell
             ENABLE_UBOOT=true ./rpi2-gen-image.sh
             ENABLE_CONSOLE=false ENABLE_IPV6=false ./rpi2-gen-image.sh
             ENABLE_WM=xfce4 ENABLE_FBTURBO=true ENABLE_MINBASE=true ./rpi2-gen-image.sh
             ENABLE_HARDNET=true ENABLE_IPTABLES=true /rpi2-gen-image.sh
             APT_SERVER=ftp.de.debian.org APT_PROXY="http://127.0.0.1:3142/" ./rpi2-gen-image.sh
             ENABLE_MINBASE=true ./rpi2-gen-image.sh
             BUILD_KERNEL=true ENABLE_MINBASE=true ENABLE_IPV6=false ./rpi2-gen-image.sh
             BUILD_KERNEL=true KERNELSRC_DIR=/tmp/linux ./rpi2-gen-image.sh
             ENABLE_MINBASE=true ENABLE_REDUCE=true ENABLE_MINGPU=true BUILD_KERNEL=true ./rpi2-gen-image.sh
             ENABLE_CRYPTFS=true CRYPTFS_PASSWORD=changeme EXPANDROOT=false ENABLE_MINBASE=true ENABLE_REDUCE=true ENABLE_MINGPU=true BUILD_KERNEL=true ./rpi2-gen-image.sh
             ```
             #### APT settings:
             ##### `APT_SERVER`="ftp.debian.org"
             Set Debian packages server address. Choose a server from the list of Debian worldwide [mirror sites](https://www.debian.org/mirror/list). Using a nearby server will probably speed-up all required downloads within the bootstrapping process.
             ##### `APT_PROXY`=""
             Set Proxy server address. Using a local Proxy-Cache like `apt-cacher-ng` will speed-up the bootstrapping process because all required Debian packages will only be downloaded from the Debian mirror site once.
             ##### `APT_INCLUDES`=""
             A comma separated list of additional packages to be installed during bootstrapping.
             #### General system settings:
             ##### `HOSTNAME`="rpi2-jessie"
             Set system host name. It's recommended that the host name is unique in the corresponding subnet.
             ##### `PASSWORD`="raspberry"
             Set system `root` password. The same password is used for the created user `pi`. It's **STRONGLY** recommended that you choose a custom password.
             ##### `DEFLOCAL`="en_US.UTF-8"
             Set default system locale. This setting can also be changed inside the running OS using the `dpkg-reconfigure locales` command. Please note that on using this parameter the script will automatically install the required packages `locales`, `keyboard-configuration` and `console-setup`.
             ##### `TIMEZONE`="Europe/Berlin"
             Set default system timezone. All available timezones can be found in the `/usr/share/zoneinfo/` directory. This setting can also be changed inside the running OS using the `dpkg-reconfigure tzdata` command.
             ##### `EXPANDROOT`=true
             Expand the root partition and filesystem automatically on first boot.
             #### Keyboard settings:
             These options are used to configure keyboard layout in `/etc/default/keyboard` for console and Xorg. These settings can also be changed inside the running OS using the `dpkg-reconfigure keyboard-configuration` command.
             ##### `XKB_MODEL`=""
             Set the name of the model of your keyboard type.
             ##### `XKB_LAYOUT`=""
             Set the supported keyboard layout(s).
             ##### `XKB_VARIANT`=""
             Set the supported variant(s) of the keyboard layout(s).
             ##### `XKB_OPTIONS`=""
             Set extra xkb configuration options.
             #### Networking settings (DHCP):
             This parameter is used to set up networking auto configuration in `/etc/systemd/network/eth.network`.
             #####`ENABLE_DHCP`=true
             Set the system to use DHCP. This requires an DHCP server.
             #### Networking settings (static):
             These parameters are used to set up a static networking configuration in /etc/systemd/network/eth.network. The following static networking parameters are only supported if `ENABLE_DHCP` was set to `false`.
             #####`NET_ADDRESS`=""
             Set a static IPv4 or IPv6 address and its prefix, separated by "/", eg. "192.169.0.3/24".
             #####`NET_GATEWAY`=""
             Set the IP address for the default gateway.
             #####`NET_DNS_1`=""
             Set the IP address for the first DNS server.
             #####`NET_DNS_2`=""
             Set the IP address for the second DNS server.
             #####`NET_DNS_DOMAINS`=""
             Set the default DNS search domains to use for non fully qualified host names.
             #####`NET_NTP_1`=""
             Set the IP address for the first NTP server.
             #####`NET_NTP_2`=""
             Set the IP address for the second NTP server.
             #### Basic system features:
             ##### `ENABLE_CONSOLE`=true
             Enable serial console interface. Recommended if no monitor or keyboard is connected to the RPi2. In case of problems fe. if the network (auto) configuration failed - the serial console can be used to access the system.
             ##### `ENABLE_IPV6`=true
             Enable IPv6 support. The network interface configuration is managed via systemd-networkd.
             ##### `ENABLE_SSHD`=true
             Install and enable OpenSSH service. The default configuration of the service doesn't allow `root` to login. Please use the user `pi` instead and `su -` or `sudo` to execute commands as root.
+            ##### `ENABLE_NONFREE`=false
+            Allow the installation of non-free Debian packages that do not comply with the DFSG. This is required to install closed-source firmware binary blobs.
             ##### `ENABLE_RSYSLOG`=true
             If set to false, disable and uninstall rsyslog (so logs will be available only
             in journal files)
             ##### `ENABLE_SOUND`=true
             Enable sound hardware and install Advanced Linux Sound Architecture.
             ##### `ENABLE_HWRANDOM`=true
             Enable Hardware Random Number Generator. Strong random numbers are important for most network based communications that use encryption. It's recommended to be enabled.
             ##### `ENABLE_MINGPU`=false
             Minimize the amount of shared memory reserved for the GPU. It doesn't seem to be possible to fully disable the GPU.
             ##### `ENABLE_DBUS`=true
             Install and enable D-Bus message bus. Please note that systemd should work without D-bus but it's recommended to be enabled.
             ##### `ENABLE_XORG`=false
             Install Xorg open-source X Window System.
             ##### `ENABLE_WM`=""
             Install a user defined window manager for the X Window System. To make sure all X related package dependencies are getting installed `ENABLE_XORG` will automatically get enabled if `ENABLE_WM` is used. The `rpi2-gen-image.sh` script has been tested with the following list of window managers: `blackbox`, `openbox`, `fluxbox`, `jwm`, `dwm`, `xfce4`, `awesome`.
             #### Advanced system features:
             ##### `ENABLE_MINBASE`=false
             Use debootstrap script variant `minbase` which only includes essential packages and apt. This will reduce the disk usage by about 65 MB.
             ##### `ENABLE_REDUCE`=false
             Reduce the disk space usage by deleting packages and files. See `REDUCE_*` parameters for detailed information.
             ##### `ENABLE_UBOOT`=false
             Replace default RPi2 second stage bootloader (bootcode.bin) with U-Boot bootloader. U-Boot can boot images via the network using the BOOTP/TFTP protocol.
             ##### `ENABLE_FBTURBO`=false
             Install and enable the hardware accelerated Xorg video driver `fbturbo`. Please note that this driver is currently limited to hardware accelerated window moving and scrolling.
             ##### `ENABLE_IPTABLES`=false
             Enable iptables IPv4/IPv6 firewall. Simplified ruleset: Allow all outgoing connections. Block all incoming connections except to OpenSSH service.
             ##### `ENABLE_USER`=true
             Create non-root user with password raspberry. Unless overridden with `USER_NAME`=user, username will be `pi`.
             ##### `USER_NAME`=pi
             Non-root user to create.  Ignored if `ENABLE_USER`=false
             ##### `ENABLE_ROOT`=true
             Set root user password so root login will be enabled
             ##### `ENABLE_ROOT_SSH`=true
             Enable password root login via SSH. May be a security risk with default
             password, use only in trusted environments.
             ##### `ENABLE_HARDNET`=false
             Enable IPv4/IPv6 network stack hardening settings.
             ##### `ENABLE_SPLITFS`=false
             Enable having root partition on an USB drive by creating two image files: one for the `/boot/firmware` mount point, and another for `/`.
             ##### `CHROOT_SCRIPTS`=""
             Path to a directory with scripts that should be run in the chroot before the image is finally built. Every executable file in this directory is run in lexicographical order.
             ##### `ENABLE_INITRAMFS`=false
             Create an initramfs that that will be loaded during the Linux startup process. `ENABLE_INITRAMFS` will automatically get enabled if `ENABLE_CRYPTFS`=true. This parameter will be ignored if `BUILD_KERNEL`=false.
             #### Kernel compilation:
             ##### `BUILD_KERNEL`=false
             Build and install the latest RPi2 Linux kernel. Currently only the default RPi2 kernel configuration is used.
             ##### `KERNEL_REDUCE`=false
             Reduce the size of the generated kernel by removing unwanted device, network and filesystem drivers (experimental).
             ##### `KERNEL_THREADS`=1
             Number of parallel kernel building threads. If the parameter is left untouched the script will automatically determine the number of CPU cores to set the number of parallel threads to speed the kernel compilation.
             ##### `KERNEL_HEADERS`=true
             Install kernel headers with built kernel.
             ##### `KERNEL_MENUCONFIG`=false
             Start `make menuconfig` interactive menu-driven kernel configuration. The script will continue after `make menuconfig` was terminated.
             ##### `KERNEL_REMOVESRC`=true
             Remove all kernel sources from the generated OS image after it was built and installed.
             ##### `KERNELSRC_DIR`=""
             Path to a directory of [RaspberryPi Linux kernel sources](https://github.com/raspberrypi/linux) that will be copied, configured, build and installed inside the chroot.
             ##### `KERNELSRC_CLEAN`=false
             Clean the existing kernel sources directory `KERNELSRC_DIR` (using `make mrproper`) after it was copied to the chroot and before the compilation of the kernel has started. This parameter will be ignored if no `KERNELSRC_DIR` was specified or if `KERNELSRC_PREBUILT`=true.
             ##### `KERNELSRC_CONFIG`=true
             Run `make bcm2709_defconfig` (and optional `make menuconfig`) to configure the kernel sources before building. This parameter is automatically set to `true` if no existing kernel sources directory was specified using `KERNELSRC_DIR`. This parameter is ignored if `KERNELSRC_PREBUILT`=true.
             ##### `KERNELSRC_PREBUILT`=false
             With this parameter set to true the script expects the existing kernel sources directory to be already successfully cross-compiled. The parameters `KERNELSRC_CLEAN`, `KERNELSRC_CONFIG` and `KERNEL_MENUCONFIG` are ignored and no kernel compilation tasks are performed.
             ##### `FIRMWAREDIR`=""
             The directory containing a local copy of the firmware from the [RaspberryPi firmware project](https://github.com/raspberrypi/firmware). Default is to download the latest firmware directly from the project.
             #### Reduce disk usage:
             The following list of parameters is ignored if `ENABLE_REDUCE`=false.
             ##### `REDUCE_APT`=true
             Configure APT to use compressed package repository lists and no package caching files.
             ##### `REDUCE_DOC`=true
             Remove all doc files (harsh). Configure APT to not include doc files on future `apt-get` package installations.
             ##### `REDUCE_MAN`=true
             Remove all man pages and info files (harsh).  Configure APT to not include man pages on future `apt-get` package installations.
             ##### `REDUCE_VIM`=false
             Replace `vim-tiny` package by `levee` a tiny vim clone.
             ##### `REDUCE_BASH`=false
             Remove `bash` package and switch to `dash` shell (experimental).
             ##### `REDUCE_HWDB`=true
             Remove PCI related hwdb files (experimental).
             ##### `REDUCE_SSHD`=true
             Replace `openssh-server` with `dropbear`.
             ##### `REDUCE_LOCALE`=true
             Remove all `locale` translation files.
             #### Encrypted root partition:
             ##### `ENABLE_CRYPTFS`=false
             Enable full system encryption with dm-crypt. Setup a fully LUKS encrypted root partition (aes-xts-plain64:sha512) and generate required initramfs. The /boot directory will not be encrypted. This parameter will be ignored if `BUILD_KERNEL`=false. `ENABLE_CRYPTFS` is experimental. SSH-to-initramfs is currently not supported but will be soon - feel free to help.
             ##### `CRYPTFS_PASSWORD`=""
             Set password of the encrypted root partition. This parameter is mandatory if `ENABLE_CRYPTFS`=true.
             ##### `CRYPTFS_MAPPING`="secure"
             Set name of dm-crypt managed device-mapper mapping.
             ##### `CRYPTFS_CIPHER`="aes-xts-plain64:sha512"
             Set cipher specification string. `aes-xts*` ciphers are strongly recommended.
             ##### `CRYPTFS_XTSKEYSIZE`=512
             Sets key size in bits. The argument has to be a multiple of 8.
             ## Understanding the script
             The functions of this script that are required for the different stages of the bootstrapping are split up into single files located inside the `bootstrap.d` directory. During the bootstrapping every script in this directory gets executed in lexicographical order:
             | Script | Description |
             | --- | --- |
             | `10-bootstrap.sh` | Debootstrap basic system |
             | `11-apt.sh` | Setup APT repositories |
             | `12-locale.sh` | Setup Locales and keyboard settings |
             | `13-kernel.sh` | Build and install RPi2 Kernel |
             | `20-networking.sh` | Setup Networking |
             | `21-firewall.sh` | Setup Firewall |
             | `30-security.sh` | Setup Users and Security settings |
             | `31-logging.sh` | Setup Logging |
             | `41-uboot.sh` | Build and Setup U-Boot |
             | `42-fbturbo.sh` | Build and Setup fbturbo Xorg driver |
             | `50-firstboot.sh` | First boot actions |
             | `99-reduce.sh` | Reduce the disk space usage |
             All the required configuration files that will be copied to the generated OS image are located inside the `files` directory. It is not recommended to modify these configuration files manually.
             | Directory | Description |
             | --- | --- |
             | `apt` | APT management configuration files |
             | `boot` | Boot and RPi2 configuration files |
             | `dpkg` | Package Manager configuration |
             | `firstboot` | Scripts that get executed on first boot  |
             | `initramfs` | Initramfs scripts |
             | `iptables` | Firewall configuration files |
             | `locales` | Locales configuration |
             | `modules` | Kernel Modules configuration |
             | `mount` | Fstab configuration |
             | `network` | Networking configuration files |
             | `sysctl.d` | Swapping and Network Hardening configuration |
             | `xorg` | fbturbo Xorg driver configuration |
             Debian custom packages, i.e. those not in the debian repositories, can be installed by placing them in the `packages` directory. They are installed immediately after packages from the repositories are installed. Any dependencies listed in the custom packages will be downloaded automatically from the repositories. Do not list these custom packages in `APT_INCLUDES`.
             Scripts in the custom.d directory will be executed after all other installation is complete but before the image is created.
             ## Logging of the bootstrapping process
             All information related to the bootstrapping process and the commands executed by the `rpi2-gen-image.sh` script can easily be saved into a logfile. The common shell command `script` can be used for this purpose:
             ```shell
             script -c 'APT_SERVER=ftp.de.debian.org ./rpi2-gen-image.sh' ./build.log
             ```
             ## Flashing the image file
             After the image file was successfully created by the `rpi2-gen-image.sh` script it can be copied to the microSD card that will be used by the RPi2 computer. This can be performed by using the tools `bmaptool` or `dd`. Using `bmaptool` will probably speed-up the copy process because `bmaptool` copies more wisely than `dd`.
             #####Flashing examples:
             ```shell
             bmaptool copy ./images/jessie/2015-12-13-debian-jessie.img /dev/mmcblk0
             dd bs=4M if=./images/jessie/2015-12-13-debian-jessie.img of=/dev/mmcblk0
             ```
             If you have set `ENABLE_SPLITFS`, copy the `-frmw` image on the microSD card, then the `-root` one on the USB drive:
             ```shell
             bmaptool copy ./images/jessie/2015-12-13-debian-jessie-frmw.img /dev/mmcblk0
             bmaptool copy ./images/jessie/2015-12-13-debian-jessie-root.img /dev/sdc
             ```

bootstrap.d/10-bootstrap.sh +13 -4

             #
             # Debootstrap basic system
             #
             # Load utility functions
             . ./functions.sh
-            # Base debootstrap (unpack only)
+            VARIANT=""
+            COMPONENTS="main"
+            # Use non-free Debian packages if needed
+            if [ "$ENABLE_NONFREE" = true ] ; then
+              COMPONENTS="main,non-free"
+            fi
+            # Use minbase bootstrap variant which only includes essential packages
             if [ "$ENABLE_MINBASE" = true ] ; then
-              http_proxy=${APT_PROXY} debootstrap --arch="${RELEASE_ARCH}" --foreign --variant=minbase --include="${APT_INCLUDES}" "${RELEASE}" "${R}" "http://${APT_SERVER}/debian"
+              VARIANT="--variant=minbase"
-            else
-              http_proxy=${APT_PROXY} debootstrap --arch="${RELEASE_ARCH}" --foreign --include="${APT_INCLUDES}" "${RELEASE}" "${R}" "http://${APT_SERVER}/debian"
             fi
+            # Base debootstrap (unpack only)
+            http_proxy=${APT_PROXY} debootstrap --arch="${RELEASE_ARCH}" --foreign ${VARIANT} --components="${COMPONENTS}" --include="${APT_INCLUDES}" "${RELEASE}" "${R}" "http://${APT_SERVER}/debian"
             # Copy qemu emulator binary to chroot
             install_exec "${QEMU_BINARY}" "${R}${QEMU_BINARY}"
             # Copy debian-archive-keyring.pgp
             mkdir -p "${R}/usr/share/keyrings"
             install_readonly /usr/share/keyrings/debian-archive-keyring.gpg "${R}/usr/share/keyrings/debian-archive-keyring.gpg"
             # Complete the bootstrapping process
             chroot_exec /debootstrap/debootstrap --second-stage
             # Mount required filesystems
             mount -t proc none "${R}/proc"
             mount -t sysfs none "${R}/sys"
             mount --bind /dev/pts "${R}/dev/pts"

bootstrap.d/11-apt.sh +6 -1

             #
             # Setup APT repositories
             #
             # Load utility functions
             . ./functions.sh
             # Install and setup APT proxy configuration
             if [ -z "$APT_PROXY" ] ; then
               install_readonly files/apt/10proxy "${ETCDIR}/apt/apt.conf.d/10proxy"
               sed -i "s/\"\"/\"${APT_PROXY}\"/" "${ETCDIR}/apt/apt.conf.d/10proxy"
             fi
             if [ "$BUILD_KERNEL" = false ] ; then
               # Install APT pinning configuration for flash-kernel package
               install_readonly files/apt/flash-kernel "${ETCDIR}/apt/preferences.d/flash-kernel"
               # Install APT sources.list
               install_readonly files/apt/sources.list "${ETCDIR}/apt/sources.list"
-              echo "deb https://repositories.collabora.co.uk/debian ${RELEASE} rpi2" >> "${ETCDIR}/apt/sources.list"
+              echo "deb ${COLLABORA_URL} ${RELEASE} rpi2" >> "${ETCDIR}/apt/sources.list"
               # Upgrade collabora package index and install collabora keyring
               chroot_exec apt-get -qq -y update
               chroot_exec apt-get -qq -y --force-yes install collabora-obs-archive-keyring
             else # BUILD_KERNEL=true
               # Install APT sources.list
               install_readonly files/apt/sources.list "${ETCDIR}/apt/sources.list"
               # Use specified APT server and release
               sed -i "s/\/ftp.debian.org\//\/${APT_SERVER}\//" "${ETCDIR}/apt/sources.list"
               sed -i "s/ jessie/ ${RELEASE}/" "${ETCDIR}/apt/sources.list"
             fi
+            # Allow the installation of non-free Debian packages
+            if [ "$ENABLE_NONFREE" = true ] ; then
+              sed -i "s/ contrib/ contrib non-free/" "${ETCDIR}/apt/sources.list"
+            fi
             # Upgrade package index and update all installed packages and changed dependencies
             chroot_exec apt-get -qq -y update
             chroot_exec apt-get -qq -y -u dist-upgrade
             if [ -d packages ] ; then
               for package in packages/*.deb ; do
                 cp $package ${R}/tmp
                 chroot_exec dpkg --unpack /tmp/$(basename $package)
               done
             fi
             chroot_exec apt-get -qq -y -f install
             chroot_exec apt-get -qq -y check

bootstrap.d/13-kernel.sh +8 -8

             #
             # Build and Setup RPi2 Kernel
             #
             # Load utility functions
             . ./functions.sh
             # Fetch and build latest raspberry kernel
             if [ "$BUILD_KERNEL" = true ] ; then
               # Setup source directory
               mkdir -p "${R}/usr/src"
               # Copy existing kernel sources into chroot directory
               if [ -n "$KERNELSRC_DIR" ] && [ -d "$KERNELSRC_DIR" ] ; then
                 # Copy kernel sources
                 cp -r "${KERNELSRC_DIR}" "${R}/usr/src"
                 # Clean the kernel sources
                 if [ "$KERNELSRC_CLEAN" = true ] && [ "$KERNELSRC_PREBUILT" = false ] ; then
                   make -C "${KERNELDIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" mrproper
                 fi
               else # KERNELSRC_DIR=""
                 # Fetch current raspberrypi kernel sources
-                git -C "${R}/usr/src" clone --depth=1 https://github.com/raspberrypi/linux
+                git -C "${R}/usr/src" clone --depth=1 "${KERNEL_URL}"
               fi
               # Calculate optimal number of kernel building threads
               if [ "$KERNEL_THREADS" = "1" ] && [ -r /proc/cpuinfo ] ; then
                 KERNEL_THREADS=$(grep -c processor /proc/cpuinfo)
               fi
               # Configure and build kernel
               if [ "$KERNELSRC_PREBUILT" = false ] ; then
                 # Remove device, network and filesystem drivers from kernel configuration
                 if [ "$KERNEL_REDUCE" = true ] ; then
                   make -C "${KERNELDIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" "${KERNEL_DEFCONFIG}"
                   sed -i\
                   -e "s/\(^CONFIG_SND.*\=\).*/\1n/"\
                   -e "s/\(^CONFIG_SOUND.*\=\).*/\1n/"\
                   -e "s/\(^CONFIG_AC97.*\=\).*/\1n/"\
                   -e "s/\(^CONFIG_VIDEO_.*\=\).*/\1n/"\
                   -e "s/\(^CONFIG_MEDIA_TUNER.*\=\).*/\1n/"\
                   -e "s/\(^CONFIG_DVB.*\=\)[ym]/\1n/"\
                   -e "s/\(^CONFIG_REISERFS.*\=\).*/\1n/"\
                   -e "s/\(^CONFIG_JFS.*\=\).*/\1n/"\
                   -e "s/\(^CONFIG_XFS.*\=\).*/\1n/"\
                   -e "s/\(^CONFIG_GFS2.*\=\).*/\1n/"\
                   -e "s/\(^CONFIG_OCFS2.*\=\).*/\1n/"\
                   -e "s/\(^CONFIG_BTRFS.*\=\).*/\1n/"\
                   -e "s/\(^CONFIG_HFS.*\=\).*/\1n/"\
                   -e "s/\(^CONFIG_JFFS2.*\=\)[ym]/\1n/"\
                   -e "s/\(^CONFIG_UBIFS.*\=\).*/\1n/"\
                   -e "s/\(^CONFIG_SQUASHFS.*\=\)[ym]/\1n/"\
                   -e "s/\(^CONFIG_W1.*\=\)[ym]/\1n/"\
                   -e "s/\(^CONFIG_HAMRADIO.*\=\).*/\1n/"\
                   -e "s/\(^CONFIG_CAN.*\=\).*/\1n/"\
                   -e "s/\(^CONFIG_IRDA.*\=\).*/\1n/"\
                   -e "s/\(^CONFIG_BT_.*\=\).*/\1n/"\
                   -e "s/\(^CONFIG_WIMAX.*\=\)[ym]/\1n/"\
                   -e "s/\(^CONFIG_6LOWPAN.*\=\).*/\1n/"\
                   -e "s/\(^CONFIG_IEEE802154.*\=\).*/\1n/"\
                   -e "s/\(^CONFIG_NFC.*\=\).*/\1n/"\
                   -e "s/\(^CONFIG_FB_TFT=.*\=\).*/\1n/"\
                   -e "s/\(^CONFIG_TOUCHSCREEN.*\=\).*/\1n/"\
                   -e "s/\(^CONFIG_USB_GSPCA_.*\=\).*/\1n/"\
                   -e "s/\(^CONFIG_DRM.*\=\).*/\1n/"\
                   "${KERNELDIR}/.config"
                 fi
                 if [ "$KERNELSRC_CONFIG" = true ] ; then
                   # Load default raspberry kernel configuration
                   make -C "${KERNELDIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" "${KERNEL_DEFCONFIG}"
                   # Start menu-driven kernel configuration (interactive)
                   if [ "$KERNEL_MENUCONFIG" = true ] ; then
                     make -C "${KERNELDIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" menuconfig
                   fi
                 fi
                 # Cross compile kernel and modules
                 make -C "${KERNELDIR}" -j${KERNEL_THREADS} ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" zImage modules dtbs
               fi
               # Check if kernel compilation was successful
               if [ ! -r "${KERNELDIR}/arch/${KERNEL_ARCH}/boot/zImage" ] ; then
                 echo "error: kernel compilation failed! (zImage not found)"
                 cleanup
                 exit 1
               fi
               # Install kernel modules
               if [ "$ENABLE_REDUCE" = true ] ; then
                 make -C "${KERNELDIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_MOD_STRIP=1 INSTALL_MOD_PATH=../../.. modules_install
               else
                 make -C "${KERNELDIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_MOD_PATH=../../.. modules_install
                 # Install kernel firmware
                 make -C "${KERNELDIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_FW_PATH=../../../lib firmware_install
               fi
               # Install kernel headers
               if [ "$KERNEL_HEADERS" = true ] && [ "$KERNEL_REDUCE" = false ] ; then
                 make -C "${KERNELDIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_HDR_PATH=../.. headers_install
               fi
               # Prepare boot (firmware) directory
               mkdir "${BOOTDIR}"
               # Get kernel release version
               KERNEL_VERSION=`cat "${KERNELDIR}/include/config/kernel.release"`
               # Copy kernel configuration file to the boot directory
               install_readonly "${KERNELDIR}/.config" "${R}/boot/config-${KERNEL_VERSION}"
               # Copy dts and dtb device tree sources and binaries
               mkdir "${BOOTDIR}/overlays"
               install_readonly "${KERNELDIR}/arch/${KERNEL_ARCH}/boot/dts/"*.dtb "${BOOTDIR}/"
               install_readonly "${KERNELDIR}/arch/${KERNEL_ARCH}/boot/dts/overlays/"*.dtb* "${BOOTDIR}/overlays/"
               install_readonly "${KERNELDIR}/arch/${KERNEL_ARCH}/boot/dts/overlays/README" "${BOOTDIR}/overlays/README"
               if [ "$ENABLE_UBOOT" = false ] ; then
                 # Convert and copy zImage kernel to the boot directory
                 "${KERNELDIR}/scripts/mkknlimg" "${KERNELDIR}/arch/${KERNEL_ARCH}/boot/zImage" "${BOOTDIR}/${KERNEL_IMAGE}"
               else
                 # Copy zImage kernel to the boot directory
                 install_readonly "${KERNELDIR}/arch/${KERNEL_ARCH}/boot/zImage" "${BOOTDIR}/${KERNEL_IMAGE}"
               fi
               # Remove kernel sources
               if [ "$KERNEL_REMOVESRC" = true ] ; then
                 rm -fr "${KERNELDIR}"
               fi
               if [ -n "$FIRMWAREDIR" ] && [ -d "$FIRMWAREDIR" ] ; then
                 # Install boot binaries from local directory
                 cp ${FIRMWAREDIR}/boot/bootcode.bin ${BOOTDIR}/bootcode.bin
                 cp ${FIRMWAREDIR}/boot/fixup.dat ${BOOTDIR}/fixup.dat
                 cp ${FIRMWAREDIR}/boot/fixup_cd.dat ${BOOTDIR}/fixup_cd.dat
                 cp ${FIRMWAREDIR}/boot/fixup_x.dat ${BOOTDIR}/fixup_x.dat
                 cp ${FIRMWAREDIR}/boot/start.elf ${BOOTDIR}/start.elf
                 cp ${FIRMWAREDIR}/boot/start_cd.elf ${BOOTDIR}/start_cd.elf
                 cp ${FIRMWAREDIR}/boot/start_x.elf ${BOOTDIR}/start_x.elf
               else
                 # Install latest boot binaries from raspberry/firmware github
-                wget -q -O "${BOOTDIR}/bootcode.bin" https://github.com/raspberrypi/firmware/raw/master/boot/bootcode.bin
+                wget -q -O "${BOOTDIR}/bootcode.bin" "${FIRMWARE_URL}/bootcode.bin"
-                wget -q -O "${BOOTDIR}/fixup.dat" https://github.com/raspberrypi/firmware/raw/master/boot/fixup.dat
+                wget -q -O "${BOOTDIR}/fixup.dat" "${FIRMWARE_URL}/fixup.dat"
-                wget -q -O "${BOOTDIR}/fixup_cd.dat" https://github.com/raspberrypi/firmware/raw/master/boot/fixup_cd.dat
+                wget -q -O "${BOOTDIR}/fixup_cd.dat" "${FIRMWARE_URL}/fixup_cd.dat"
-                wget -q -O "${BOOTDIR}/fixup_x.dat" https://github.com/raspberrypi/firmware/raw/master/boot/fixup_x.dat
+                wget -q -O "${BOOTDIR}/fixup_x.dat" "${FIRMWARE_URL}/fixup_x.dat"
-                wget -q -O "${BOOTDIR}/start.elf" https://github.com/raspberrypi/firmware/raw/master/boot/start.elf
+                wget -q -O "${BOOTDIR}/start.elf" "${FIRMWARE_URL}/start.elf"
-                wget -q -O "${BOOTDIR}/start_cd.elf" https://github.com/raspberrypi/firmware/raw/master/boot/start_cd.elf
+                wget -q -O "${BOOTDIR}/start_cd.elf" "${FIRMWARE_URL}/start_cd.elf"
-                wget -q -O "${BOOTDIR}/start_x.elf" https://github.com/raspberrypi/firmware/raw/master/boot/start_x.elf
+                wget -q -O "${BOOTDIR}/start_x.elf" "${FIRMWARE_URL}/start_x.elf"
               fi
             else # BUILD_KERNEL=false
               # Kernel installation
               chroot_exec apt-get -qq -y --no-install-recommends install linux-image-"${COLLABORA_KERNEL}" raspberrypi-bootloader-nokernel
               # Install flash-kernel last so it doesn't try (and fail) to detect the platform in the chroot
               chroot_exec apt-get -qq -y install flash-kernel
               # Check if kernel installation was successful
               VMLINUZ="$(ls -1 ${R}/boot/vmlinuz-* | sort | tail -n 1)"
               if [ -z "$VMLINUZ" ] ; then
                 echo "error: kernel installation failed! (/boot/vmlinuz-* not found)"
                 cleanup
                 exit 1
               fi
               # Copy vmlinuz kernel to the boot directory
               install_readonly "${VMLINUZ}" "${BOOTDIR}/${KERNEL_IMAGE}"
             fi
             # Setup firmware boot cmdline
             if [ "$ENABLE_SPLITFS" = true ] ; then
               CMDLINE="dwc_otg.lpm_enable=0 root=/dev/sda1 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline rootwait net.ifnames=1 console=tty1 ${CMDLINE}"
             else
               CMDLINE="dwc_otg.lpm_enable=0 root=/dev/mmcblk0p2 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline rootwait net.ifnames=1 console=tty1 ${CMDLINE}"
             fi
             # Add encrypted root partition to cmdline.txt
             if [ "$ENABLE_CRYPTFS" = true ] ; then
               if [ "$ENABLE_SPLITFS" = true ] ; then
                 CMDLINE=$(echo ${CMDLINE} | sed "s/sda1/mapper\/${CRYPTFS_MAPPING} cryptdevice=\/dev\/sda1:${CRYPTFS_MAPPING}/")
               else
                 CMDLINE=$(echo ${CMDLINE} | sed "s/mmcblk0p2/mapper\/${CRYPTFS_MAPPING} cryptdevice=\/dev\/mmcblk0p2:${CRYPTFS_MAPPING}/")
               fi
             fi
             # Add serial console support
             if [ "$ENABLE_CONSOLE" = true ] ; then
               CMDLINE="${CMDLINE} console=ttyAMA0,115200 kgdboc=ttyAMA0,115200"
             fi
             # Remove IPv6 networking support
             if [ "$ENABLE_IPV6" = false ] ; then
               CMDLINE="${CMDLINE} ipv6.disable=1"
             fi
             # Install firmware boot cmdline
             echo "${CMDLINE}" > "${BOOTDIR}/cmdline.txt"
             # Install firmware config
             install_readonly files/boot/config.txt "${BOOTDIR}/config.txt"
             # Setup minimal GPU memory allocation size: 16MB (no X)
             if [ "$ENABLE_MINGPU" = true ] ; then
               echo "gpu_mem=16" >> "${BOOTDIR}/config.txt"
             fi
             # Setup boot with initramfs
             if [ "$ENABLE_INITRAMFS" = true ] ; then
               echo "initramfs initramfs-${KERNEL_VERSION} followkernel" >> "${BOOTDIR}/config.txt"
             fi
             # Create firmware configuration and cmdline symlinks
             ln -sf firmware/config.txt "${R}/boot/config.txt"
             ln -sf firmware/cmdline.txt "${R}/boot/cmdline.txt"
             # Install and setup kernel modules to load at boot
             mkdir -p "${R}/lib/modules-load.d/"
             install_readonly files/modules/rpi2.conf "${R}/lib/modules-load.d/rpi2.conf"
             # Load hardware random module at boot
             if [ "$ENABLE_HWRANDOM" = true ] && [ "$BUILD_KERNEL" = false ] ; then
               sed -i "s/^# bcm2708_rng/bcm2708_rng/" "${R}/lib/modules-load.d/rpi2.conf"
             fi
             # Load sound module at boot
             if [ "$ENABLE_SOUND" = true ] ; then
               sed -i "s/^# snd_bcm2835/snd_bcm2835/" "${R}/lib/modules-load.d/rpi2.conf"
             fi
             # Install kernel modules blacklist
             mkdir -p "${ETCDIR}/modprobe.d/"
             install_readonly files/modules/raspi-blacklist.conf "${ETCDIR}/modprobe.d/raspi-blacklist.conf"
             # Install and setup fstab
             install_readonly files/mount/fstab "${ETCDIR}/fstab"
             # Add usb/sda disk root partition to fstab
             if [ "$ENABLE_SPLITFS" = true ] && [ "$ENABLE_CRYPTFS" = false ] ; then
               sed -i "s/mmcblk0p2/sda1/" "${ETCDIR}/fstab"
             fi
             # Add encrypted root partition to fstab and crypttab
             if [ "$ENABLE_CRYPTFS" = true ] ; then
               # Replace fstab root partition with encrypted partition mapping
               sed -i "s/mmcblk0p2/mapper\/${CRYPTFS_MAPPING}/" "${ETCDIR}/fstab"
               # Add encrypted partition to crypttab and fstab
               install_readonly files/mount/crypttab "${ETCDIR}/crypttab"
               echo "${CRYPTFS_MAPPING} /dev/mmcblk0p2 none luks" >> "${ETCDIR}/crypttab"
               if [ "$ENABLE_SPLITFS" = true ] ; then
                 # Add usb/sda disk to crypttab
                 sed -i "s/mmcblk0p2/sda1/" "${ETCDIR}/crypttab"
               fi
             fi
             # Generate initramfs file
             if [ "$ENABLE_INITRAMFS" = true ] ; then
               if [ "$ENABLE_CRYPTFS" = true ] ; then
                 # Include initramfs scripts to auto expand encrypted root partition
                 if [ "$EXPANDROOT" = true ] ; then
                   install_exec files/initramfs/expand_encrypted_rootfs "${ETCDIR}/initramfs-tools/scripts/init-premount/expand_encrypted_rootfs"
                   install_exec files/initramfs/expand-premount "${ETCDIR}/initramfs-tools/scripts/local-premount/expand-premount"
                   install_exec files/initramfs/expand-tools "${ETCDIR}/initramfs-tools/hooks/expand-tools"
                 fi
                 # Disable SSHD inside initramfs
                 printf "#\n# DROPBEAR: [ y | n ]\n#\n\nDROPBEAR=n\n" >> "${ETCDIR}/initramfs-tools/initramfs.conf"
                 # Dummy mapping required by mkinitramfs
                 echo "0 1 crypt $(echo ${CRYPTFS_CIPHER} | cut -d ':' -f 1) ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff 0 7:0 4096" | chroot_exec dmsetup create "${CRYPTFS_MAPPING}"
                 # Generate initramfs with encrypted root partition support
                 chroot_exec mkinitramfs -o "/boot/firmware/initramfs-${KERNEL_VERSION}" "${KERNEL_VERSION}"
                 # Remove dummy mapping
                 chroot_exec cryptsetup close "${CRYPTFS_MAPPING}"
               else
                 # Generate initramfs without encrypted root partition support
                 chroot_exec mkinitramfs -o "/boot/firmware/initramfs-${KERNEL_VERSION}" "${KERNEL_VERSION}"
               fi
             fi
             # Install sysctl.d configuration files
             install_readonly files/sysctl.d/81-rpi-vm.conf "${ETCDIR}/sysctl.d/81-rpi-vm.conf"

bootstrap.d/41-uboot.sh +1 -1

             #
             # Build and Setup U-Boot
             #
             # Load utility functions
             . ./functions.sh
             # Install gcc/c++ build environment inside the chroot
             if [ "$ENABLE_UBOOT" = true ] || [ "$ENABLE_FBTURBO" = true ] ; then
               chroot_exec apt-get -q -y --force-yes --no-install-recommends install linux-compiler-gcc-4.8-arm g++ make bc
             fi
             # Fetch and build U-Boot bootloader
             if [ "$ENABLE_UBOOT" = true ] ; then
               # Fetch U-Boot bootloader sources
-              git -C "${R}/tmp" clone git://git.denx.de/u-boot.git
+              git -C "${R}/tmp" clone "${UBOOT_URL}"
               # Build and install U-Boot inside chroot
               chroot_exec make -C /tmp/u-boot/ ${UBOOT_CONFIG} all
               # Copy compiled bootloader binary and set config.txt to load it
               install_exec "${R}/tmp/u-boot/tools/mkimage" "${R}/usr/sbin/mkimage"
               install_readonly "${R}/tmp/u-boot/u-boot.bin" "${BOOTDIR}/u-boot.bin"
               printf "\n# boot u-boot kernel\nkernel=u-boot.bin\n" >> "${BOOTDIR}/config.txt"
               # Install and setup U-Boot command file
               install_readonly files/boot/uboot.mkimage "${BOOTDIR}/uboot.mkimage"
               printf "# Set the kernel boot command line\nsetenv bootargs \"earlyprintk ${CMDLINE}\"\n\n$(cat ${BOOTDIR}/uboot.mkimage)" > "${BOOTDIR}/uboot.mkimage"
               if [ "$ENABLE_INITRAMFS" = true ] ; then
                 # Convert generated initramfs for U-Boot using mkimage
                 chroot_exec /usr/sbin/mkimage -A "${KERNEL_ARCH}" -T ramdisk -C none -n "initramfs-${KERNEL_VERSION}" -d "/boot/firmware/initramfs-${KERNEL_VERSION}" "/boot/firmware/initramfs-${KERNEL_VERSION}.uboot"
                 # Remove original initramfs file
                 rm -f "${BOOTDIR}/initramfs-${KERNEL_VERSION}"
                 # Configure U-Boot to load generated initramfs
                 printf "# Set initramfs file\nsetenv initramfs initramfs-${KERNEL_VERSION}.uboot\n\n$(cat ${BOOTDIR}/uboot.mkimage)" > "${BOOTDIR}/uboot.mkimage"
                 printf "\nbootz \${kernel_addr_r} \${ramdisk_addr_r} \${fdt_addr_r}" >> "${BOOTDIR}/uboot.mkimage"
               else # ENABLE_INITRAMFS=false
                 # Remove initramfs from U-Boot mkfile
                 sed -i '/.*initramfs.*/d' "${BOOTDIR}/uboot.mkimage"
                 if [ "$BUILD_KERNEL" = false ] ; then
                   # Remove dtbfile from U-Boot mkfile
                   sed -i '/.*dtbfile.*/d' "${BOOTDIR}/uboot.mkimage"
                   printf "\nbootz \${kernel_addr_r}" >> "${BOOTDIR}/uboot.mkimage"
                 else
                   printf "\nbootz \${kernel_addr_r} - \${fdt_addr_r}" >> "${BOOTDIR}/uboot.mkimage"
                 fi
               fi
               # Set mkfile to use dtb file
               sed -i "s/^\(setenv dtbfile \).*/\1${DTB_FILE}/" "${BOOTDIR}/uboot.mkimage"
               # Set mkfile to use kernel image
               sed -i "s/^\(fatload mmc 0:1 \${kernel_addr_r} \).*/\1${KERNEL_IMAGE}/" "${BOOTDIR}/uboot.mkimage"
               # Remove all leading blank lines
               sed -i "/./,\$!d" "${BOOTDIR}/uboot.mkimage"
               # Generate U-Boot bootloader image
               chroot_exec /usr/sbin/mkimage -A "${KERNEL_ARCH}" -O linux -T script -C none -a 0x00000000 -e 0x00000000 -n RPi2 -d /boot/firmware/uboot.mkimage /boot/firmware/boot.scr
               # Remove U-Boot sources
               rm -fr "${R}/tmp/u-boot"
             fi

bootstrap.d/42-fbturbo.sh +1 -1

             #
             # Build and Setup fbturbo Xorg driver
             #
             # Load utility functions
             . ./functions.sh
             if [ "$ENABLE_FBTURBO" = true ] ; then
               # Fetch fbturbo driver sources
-              git -C "${R}/tmp" clone https://github.com/ssvb/xf86-video-fbturbo.git
+              git -C "${R}/tmp" clone "${FBTURBO_URL}"
               # Install Xorg build dependencies
               chroot_exec apt-get -q -y --no-install-recommends install xorg-dev xutils-dev x11proto-dri2-dev libltdl-dev libtool automake libdrm-dev
               # Build and install fbturbo driver inside chroot
               chroot_exec /bin/bash -x <<'EOF'
             cd /tmp/xf86-video-fbturbo
             autoreconf -vi
             ./configure --prefix=/usr
             make
             make install
             EOF
               # Install fbturbo driver Xorg configuration
               install_readonly files/xorg/99-fbturbo.conf "${R}/usr/share/X11/xorg.conf.d/99-fbturbo.conf"
               # Remove Xorg build dependencies
               chroot_exec apt-get -qq -y --auto-remove purge xorg-dev xutils-dev x11proto-dri2-dev libltdl-dev libtool automake libdrm-dev
             fi
             # Remove gcc/c++ build environment from the chroot
             if [ "$ENABLE_UBOOT" = true ] || [ "$ENABLE_FBTURBO" = true ] ; then
               chroot_exec apt-get -qq -y --auto-remove purge bc binutils cpp cpp-4.8 cpp-4.9 g++ g++-4.8 g++-4.9 gcc gcc-4.8 gcc-4.9 libasan1 libatomic1 libc-dev-bin libc6-dev libcloog-isl4 libgcc-4.8-dev libgcc-4.9-dev libgomp1 libisl10 libmpc3 libmpfr4 libstdc++-4.9-dev libubsan0 linux-compiler-gcc-4.8-arm linux-libc-dev make
             fi

rpi2-gen-image.sh +8 0

             #!/bin/sh
             ########################################################################
             # rpi2-gen-image.sh					       2015-2016
             #
             # Advanced debian "jessie" bootstrap script for RPi2
             #
             # This program is free software; you can redistribute it and/or
             # modify it under the terms of the GNU General Public License
             # as published by the Free Software Foundation; either version 2
             # of the License, or (at your option) any later version.
             #
             # Copyright (C) 2015 Jan Wagner <mail@jwagner.eu>
             #
             # Big thanks for patches and enhancements by 10+ github contributors!
             ########################################################################
             # Are we running as root?
             if [ "$(id -u)" -ne "0" ] ; then
               echo "error: this script must be executed with root privileges!"
               exit 1
             fi
             # Check if ./functions.sh script exists
             if [ ! -r "./functions.sh" ] ; then
               echo "error: './functions.sh' required script not found!"
               exit 1
             fi
             # Load utility functions
             . ./functions.sh
             # Introduce settings
             set -e
             echo -n -e "\n#\n# RPi2 Bootstrap Settings\n#\n"
             set -x
             # Debian release
             RELEASE=${RELEASE:=jessie}
             KERNEL_ARCH=${KERNEL_ARCH:=arm}
             RELEASE_ARCH=${RELEASE_ARCH:=armhf}
             CROSS_COMPILE=${CROSS_COMPILE:=arm-linux-gnueabihf-}
             COLLABORA_KERNEL=${COLLABORA_KERNEL:=3.18.0-trunk-rpi2}
             KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcm2709_defconfig}
             KERNEL_IMAGE=${KERNEL_IMAGE:=kernel7.img}
             DTB_FILE=${DTB_FILE:=bcm2709-rpi-2-b.dtb}
             UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_2_defconfig}
             QEMU_BINARY=${QEMU_BINARY:=/usr/bin/qemu-arm-static}
+            # URLs
+            KERNEL_URL=${KERNEL_URL:=https://github.com/raspberrypi/linux}
+            FIRMWARE_URL=${FIRMWARE_URL:=https://github.com/raspberrypi/firmware/raw/master/boot}
+            COLLABORA_URL=${COLLABORA_URL:=https://repositories.collabora.co.uk/debian}
+            FBTURBO_URL=${FBTURBO_URL:=https://github.com/ssvb/xf86-video-fbturbo.git}
+            UBOOT_URL=${UBOOT_URL:=git://git.denx.de/u-boot.git}
             # Build directories
             BASEDIR="$(pwd)/images/${RELEASE}"
             BUILDDIR="${BASEDIR}/build"
             # Chroot directories
             R="${BUILDDIR}/chroot"
             ETCDIR="${R}/etc"
             BOOTDIR="${R}/boot/firmware"
             KERNELDIR="${R}/usr/src/linux"
             # Firmware directory: Blank if download from github
             FIRMWAREDIR=${FIRMWAREDIR:=""}
             # General settings
             HOSTNAME=${HOSTNAME:=rpi2-${RELEASE}}
             PASSWORD=${PASSWORD:=raspberry}
             DEFLOCAL=${DEFLOCAL:="en_US.UTF-8"}
             TIMEZONE=${TIMEZONE:="Europe/Berlin"}
             EXPANDROOT=${EXPANDROOT:=true}
             # Keyboard settings
             XKB_MODEL=${XKB_MODEL:=""}
             XKB_LAYOUT=${XKB_LAYOUT:=""}
             XKB_VARIANT=${XKB_VARIANT:=""}
             XKB_OPTIONS=${XKB_OPTIONS:=""}
             # Network settings (DHCP)
             ENABLE_DHCP=${ENABLE_DHCP:=true}
             # Network settings (static)
             NET_ADDRESS=${NET_ADDRESS:=""}
             NET_GATEWAY=${NET_GATEWAY:=""}
             NET_DNS_1=${NET_DNS_1:=""}
             NET_DNS_2=${NET_DNS_2:=""}
             NET_DNS_DOMAINS=${NET_DNS_DOMAINS:=""}
             NET_NTP_1=${NET_NTP_1:=""}
             NET_NTP_2=${NET_NTP_2:=""}
             # APT settings
             APT_PROXY=${APT_PROXY:=""}
             APT_SERVER=${APT_SERVER:="ftp.debian.org"}
             # Feature settings
             ENABLE_CONSOLE=${ENABLE_CONSOLE:=true}
             ENABLE_IPV6=${ENABLE_IPV6:=true}
             ENABLE_SSHD=${ENABLE_SSHD:=true}
+            ENABLE_NONFREE=${ENABLE_NONFREE:=false}
             ENABLE_SOUND=${ENABLE_SOUND:=true}
             ENABLE_DBUS=${ENABLE_DBUS:=true}
             ENABLE_HWRANDOM=${ENABLE_HWRANDOM:=true}
             ENABLE_MINGPU=${ENABLE_MINGPU:=false}
             ENABLE_XORG=${ENABLE_XORG:=false}
             ENABLE_WM=${ENABLE_WM:=""}
             ENABLE_RSYSLOG=${ENABLE_RSYSLOG:=true}
             ENABLE_USER=${ENABLE_USER:=true}
             USER_NAME=${USER_NAME:="pi"}
             ENABLE_ROOT=${ENABLE_ROOT:=false}
             ENABLE_ROOT_SSH=${ENABLE_ROOT_SSH:=false}
             # Advanced settings
             ENABLE_MINBASE=${ENABLE_MINBASE:=false}
             ENABLE_REDUCE=${ENABLE_REDUCE:=false}
             ENABLE_UBOOT=${ENABLE_UBOOT:=false}
             ENABLE_FBTURBO=${ENABLE_FBTURBO:=false}
             ENABLE_HARDNET=${ENABLE_HARDNET:=false}
             ENABLE_IPTABLES=${ENABLE_IPTABLES:=false}
             ENABLE_SPLITFS=${ENABLE_SPLITFS:=false}
             ENABLE_INITRAMFS=${ENABLE_INITRAMFS:=false}
             # Kernel compilation settings
             BUILD_KERNEL=${BUILD_KERNEL:=false}
             KERNEL_REDUCE=${KERNEL_REDUCE:=false}
             KERNEL_THREADS=${KERNEL_THREADS:=1}
             KERNEL_HEADERS=${KERNEL_HEADERS:=true}
             KERNEL_MENUCONFIG=${KERNEL_MENUCONFIG:=false}
             KERNEL_REMOVESRC=${KERNEL_REMOVESRC:=true}
             # Kernel compilation from source directory settings
             KERNELSRC_DIR=${KERNELSRC_DIR:=""}
             KERNELSRC_CLEAN=${KERNELSRC_CLEAN:=false}
             KERNELSRC_CONFIG=${KERNELSRC_CONFIG:=true}
             KERNELSRC_PREBUILT=${KERNELSRC_PREBUILT:=false}
             # Reduce disk usage settings
             REDUCE_APT=${REDUCE_APT:=true}
             REDUCE_DOC=${REDUCE_DOC:=true}
             REDUCE_MAN=${REDUCE_MAN:=true}
             REDUCE_VIM=${REDUCE_VIM:=false}
             REDUCE_BASH=${REDUCE_BASH:=false}
             REDUCE_HWDB=${REDUCE_HWDB:=true}
             REDUCE_SSHD=${REDUCE_SSHD:=true}
             REDUCE_LOCALE=${REDUCE_LOCALE:=true}
             # Encrypted filesystem settings
             ENABLE_CRYPTFS=${ENABLE_CRYPTFS:=false}
             CRYPTFS_PASSWORD=${CRYPTFS_PASSWORD:=""}
             CRYPTFS_MAPPING=${CRYPTFS_MAPPING:="secure"}
             CRYPTFS_CIPHER=${CRYPTFS_CIPHER:="aes-xts-plain64:sha512"}
             CRYPTFS_XTSKEYSIZE=${CRYPTFS_XTSKEYSIZE:=512}
             # Stop the Crypto Wars
             DISABLE_FBI=${DISABLE_FBI:=false}
             # Chroot scripts directory
             CHROOT_SCRIPTS=${CHROOT_SCRIPTS:=""}
             # Packages required in the chroot build environment
             APT_INCLUDES=${APT_INCLUDES:=""}
             APT_INCLUDES="${APT_INCLUDES},apt-transport-https,apt-utils,ca-certificates,debian-archive-keyring,dialog,sudo"
             # Packages required for bootstrapping
             REQUIRED_PACKAGES="debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git"
             MISSING_PACKAGES=""
             set +x
             # Add packages required for kernel cross compilation
             if [ "$BUILD_KERNEL" = true ] ; then
               REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-armhf"
             fi
             # Add libncurses5 to enable kernel menuconfig
             if [ "$KERNEL_MENUCONFIG" = true ] ; then
               REQUIRED_PACKAGES="${REQUIRED_PACKAGES} libncurses5-dev"
             fi
             # Stop the Crypto Wars
             if [ "$DISABLE_FBI" = true ] ; then
               ENABLE_CRYPTFS=true
             fi
             # Add cryptsetup package to enable filesystem encryption
             if [ "$ENABLE_CRYPTFS" = true ]  && [ "$BUILD_KERNEL" = true ] ; then
               REQUIRED_PACKAGES="${REQUIRED_PACKAGES} cryptsetup"
               APT_INCLUDES="${APT_INCLUDES},cryptsetup"
               if [ -z "$CRYPTFS_PASSWORD" ] ; then
                 echo "error: no password defined (CRYPTFS_PASSWORD)!"
                 exit 1
               fi
               ENABLE_INITRAMFS=true
             fi
             # Add initramfs generation tools
             if [ "$ENABLE_INITRAMFS" = true ] && [ "$BUILD_KERNEL" = true ] ; then
               APT_INCLUDES="${APT_INCLUDES},initramfs-tools"
             fi
             # Check if all required packages are installed on the build system
             for package in $REQUIRED_PACKAGES ; do
               if [ "`dpkg-query -W -f='${Status}' $package`" != "install ok installed" ] ; then
                 MISSING_PACKAGES="${MISSING_PACKAGES} $package"
               fi
             done
             # Ask if missing packages should get installed right now
             if [ -n "$MISSING_PACKAGES" ] ; then
               echo "the following packages needed by this script are not installed:"
               echo "$MISSING_PACKAGES"
               echo -n "\ndo you want to install the missing packages right now? [y/n] "
               read confirm
               [ "$confirm" != "y" ] && exit 1
             fi
             # Make sure all required packages are installed
             apt-get -qq -y install ${REQUIRED_PACKAGES}
             # Check if ./bootstrap.d directory exists
             if [ ! -d "./bootstrap.d/" ] ; then
               echo "error: './bootstrap.d' required directory not found!"
               exit 1
             fi
             # Check if ./files directory exists
             if [ ! -d "./files/" ] ; then
               echo "error: './files' required directory not found!"
               exit 1
             fi
             # Check if specified KERNELSRC_DIR directory exists
             if [ -n "$KERNELSRC_DIR" ] && [ ! -d "$KERNELSRC_DIR" ] ; then
               echo "error: '${KERNELSRC_DIR}' specified directory not found (KERNELSRC_DIR)!"
               exit 1
             fi
             # Check if specified CHROOT_SCRIPTS directory exists
             if [ -n "$CHROOT_SCRIPTS" ] && [ ! -d "$CHROOT_SCRIPTS" ] ; then
                echo "error: ${CHROOT_SCRIPTS} specified directory not found (CHROOT_SCRIPTS)!"
                exit 1
             fi
             # Check if specified device mapping already exists (will be used by cryptsetup)
             if [ -r "/dev/mapping/${CRYPTFS_MAPPING}" ] ; then
               echo "error: mapping /dev/mapping/${CRYPTFS_MAPPING} already exists, not proceeding"
               exit 1
             fi
             # Don't clobber an old build
             if [ -e "$BUILDDIR" ] ; then
               echo "error: directory ${BUILDDIR} already exists, not proceeding"
               exit 1
             fi
             # Setup chroot directory
             mkdir -p "${R}"
             # Check if build directory has enough of free disk space >512MB
             if [ "$(df --output=avail ${BUILDDIR} | sed "1d")" -le "524288" ] ; then
               echo "error: ${BUILDDIR} not enough space left to generate the output image!"
               exit 1
             fi
             set -x
             # Call "cleanup" function on various signals and errors
             trap cleanup 0 1 2 3 6
             # Add required packages for the minbase installation
             if [ "$ENABLE_MINBASE" = true ] ; then
               APT_INCLUDES="${APT_INCLUDES},vim-tiny,netbase,net-tools,ifupdown"
             fi
             # Add required locales packages
             if [ "$DEFLOCAL" != "en_US.UTF-8" ] ; then
               APT_INCLUDES="${APT_INCLUDES},locales,keyboard-configuration,console-setup"
             fi
             # Add parted package, required to get partprobe utility
             if [ "$EXPANDROOT" = true ] ; then
               APT_INCLUDES="${APT_INCLUDES},parted"
             fi
             # Add dbus package, recommended if using systemd
             if [ "$ENABLE_DBUS" = true ] ; then
               APT_INCLUDES="${APT_INCLUDES},dbus"
             fi
             # Add iptables IPv4/IPv6 package
             if [ "$ENABLE_IPTABLES" = true ] ; then
               APT_INCLUDES="${APT_INCLUDES},iptables"
             fi
             # Add openssh server package
             if [ "$ENABLE_SSHD" = true ] ; then
               APT_INCLUDES="${APT_INCLUDES},openssh-server"
             fi
             # Add alsa-utils package
             if [ "$ENABLE_SOUND" = true ] ; then
               APT_INCLUDES="${APT_INCLUDES},alsa-utils"
             fi
             # Add rng-tools package
             if [ "$ENABLE_HWRANDOM" = true ] ; then
               APT_INCLUDES="${APT_INCLUDES},rng-tools"
             fi
             # Add fbturbo video driver
             if [ "$ENABLE_FBTURBO" = true ] ; then
               # Enable xorg package dependencies
               ENABLE_XORG=true
             fi
             # Add user defined window manager package
             if [ -n "$ENABLE_WM" ] ; then
               APT_INCLUDES="${APT_INCLUDES},${ENABLE_WM}"
               # Enable xorg package dependencies
               ENABLE_XORG=true
             fi
             # Add xorg package
             if [ "$ENABLE_XORG" = true ] ; then
               APT_INCLUDES="${APT_INCLUDES},xorg"
             fi
             # Replace selected packages with smaller clones
             if [ "$ENABLE_REDUCE" = true ] ; then
               # Add levee package instead of vim-tiny
               if [ "$REDUCE_VIM" = true ] ; then
                 APT_INCLUDES="$(echo ${APT_INCLUDES} | sed "s/vim-tiny/levee/")"
               fi
               # Add dropbear package instead of openssh-server
               if [ "$REDUCE_SSHD" = true ] ; then
                 APT_INCLUDES="$(echo ${APT_INCLUDES} | sed "s/openssh-server/dropbear/")"
               fi
             fi
             # Configure kernel sources if no KERNELSRC_DIR
             if [ "$BUILD_KERNEL" = true ] && [ -z "$KERNELSRC_DIR" ] ; then
               KERNELSRC_CONFIG=true
             fi
             # Configure reduced kernel
             if [ "$KERNEL_REDUCE" = true ] ; then
               KERNELSRC_CONFIG=false
             fi
             # Execute bootstrap scripts
             for SCRIPT in bootstrap.d/*.sh; do
               head -n 3 "$SCRIPT"
               . "$SCRIPT"
             done
             ## Execute custom bootstrap scripts
             if [ -d "custom.d" ] ; then
               for SCRIPT in custom.d/*.sh; do
                 . "$SCRIPT"
               done
             fi
             # Execute custom scripts inside the chroot
             if [ -n "$CHROOT_SCRIPTS" ] && [ -d "$CHROOT_SCRIPTS" ] ; then
               cp -r "${CHROOT_SCRIPTS}" "${R}/chroot_scripts"
               chroot_exec /bin/bash -x <<'EOF'
             for SCRIPT in /chroot_scripts/* ; do
               if [ -f $SCRIPT -a -x $SCRIPT ] ; then
                 $SCRIPT
               fi
             done
             EOF
               rm -rf "${R}/chroot_scripts"
             fi
             # Remove apt-utils
             chroot_exec apt-get purge -qq -y --force-yes apt-utils
             # Generate required machine-id
             MACHINE_ID=$(dbus-uuidgen)
             echo -n "${MACHINE_ID}" > "${R}/var/lib/dbus/machine-id"
             echo -n "${MACHINE_ID}" > "${ETCDIR}/machine-id"
             # APT Cleanup
             chroot_exec apt-get -y clean
             chroot_exec apt-get -y autoclean
             chroot_exec apt-get -y autoremove
             # Unmount mounted filesystems
             umount -l "${R}/proc"
             umount -l "${R}/sys"
             # Clean up directories
             rm -rf "${R}/run/*"
             rm -rf "${R}/tmp/*"
             # Clean up files
             rm -f "${ETCDIR}/ssh/ssh_host_*"
             rm -f "${ETCDIR}/dropbear/dropbear_*"
             rm -f "${ETCDIR}/apt/sources.list.save"
             rm -f "${ETCDIR}/resolvconf/resolv.conf.d/original"
             rm -f "${ETCDIR}/*-"
             rm -f "${ETCDIR}/apt/apt.conf.d/10proxy"
             rm -f "${ETCDIR}/resolv.conf"
             rm -f "${R}/root/.bash_history"
             rm -f "${R}/var/lib/urandom/random-seed"
             rm -f "${R}/initrd.img"
             rm -f "${R}/vmlinuz"
             rm -f "${R}${QEMU_BINARY}"
             # Calculate size of the chroot directory in KB
             CHROOT_SIZE=$(expr `du -s "${R}" | awk '{ print $1 }'`)
             # Calculate the amount of needed 512 Byte sectors
             TABLE_SECTORS=$(expr 1 \* 1024 \* 1024 \/ 512)
             FRMW_SECTORS=$(expr 64 \* 1024 \* 1024 \/ 512)
             ROOT_OFFSET=$(expr ${TABLE_SECTORS} + ${FRMW_SECTORS})
             # The root partition is EXT4
             # This means more space than the actual used space of the chroot is used.
             # As overhead for journaling and reserved blocks 20% are added.
             ROOT_SECTORS=$(expr $(expr ${CHROOT_SIZE} + ${CHROOT_SIZE} \/ 100 \* 20) \* 1024 \/ 512)
             # Calculate required image size in 512 Byte sectors
             IMAGE_SECTORS=$(expr ${TABLE_SECTORS} + ${FRMW_SECTORS} + ${ROOT_SECTORS})
             # Prepare date string for image file name
             DATE="$(date +%Y-%m-%d)"
             # Prepare image file
             if [ "$ENABLE_SPLITFS" = true ] ; then
               dd if=/dev/zero of="$BASEDIR/${DATE}-debian-${RELEASE}-frmw.img" bs=512 count=${TABLE_SECTORS}
               dd if=/dev/zero of="$BASEDIR/${DATE}-debian-${RELEASE}-frmw.img" bs=512 count=0 seek=${FRMW_SECTORS}
               dd if=/dev/zero of="$BASEDIR/${DATE}-debian-${RELEASE}-root.img" bs=512 count=${TABLE_SECTORS}
               dd if=/dev/zero of="$BASEDIR/${DATE}-debian-${RELEASE}-root.img" bs=512 count=0 seek=${ROOT_SECTORS}
               # Write firmware/boot partition tables
               sfdisk -q -L -uS -f "$BASEDIR/${DATE}-debian-${RELEASE}-frmw.img" 2> /dev/null <<EOM
             ${TABLE_SECTORS},${FRMW_SECTORS},c,*
             EOM
               # Write root partition table
               sfdisk -q -L -uS -f "$BASEDIR/${DATE}-debian-${RELEASE}-root.img" 2> /dev/null <<EOM
             ${TABLE_SECTORS},${ROOT_SECTORS},83
             EOM
               # Setup temporary loop devices
               FRMW_LOOP="$(losetup -o 1M --sizelimit 64M -f --show $BASEDIR/${DATE}-debian-${RELEASE}-frmw.img)"
               ROOT_LOOP="$(losetup -o 1M -f --show $BASEDIR/${DATE}-debian-${RELEASE}-root.img)"
             else # ENABLE_SPLITFS=false
               dd if=/dev/zero of="$BASEDIR/${DATE}-debian-${RELEASE}.img" bs=512 count=${TABLE_SECTORS}
               dd if=/dev/zero of="$BASEDIR/${DATE}-debian-${RELEASE}.img" bs=512 count=0 seek=${IMAGE_SECTORS}
               # Write partition table
               sfdisk -q -L -uS -f "$BASEDIR/${DATE}-debian-${RELEASE}.img" 2> /dev/null <<EOM
             ${TABLE_SECTORS},${FRMW_SECTORS},c,*
             ${ROOT_OFFSET},${ROOT_SECTORS},83
             EOM
               # Setup temporary loop devices
               FRMW_LOOP="$(losetup -o 1M --sizelimit 64M -f --show $BASEDIR/${DATE}-debian-${RELEASE}.img)"
               ROOT_LOOP="$(losetup -o 65M -f --show $BASEDIR/${DATE}-debian-${RELEASE}.img)"
             fi
             if [ "$ENABLE_CRYPTFS" = true ] ; then
               # Create dummy ext4 fs
               mkfs.ext4 "$ROOT_LOOP"
               # Setup password keyfile
               echo -n ${CRYPTFS_PASSWORD} > .password
               chmod 600 .password
               # Initialize encrypted partition
               echo "YES" | cryptsetup luksFormat "${ROOT_LOOP}" -c "${CRYPTFS_CIPHER}" -s "${CRYPTFS_XTSKEYSIZE}" .password
               # Open encrypted partition and setup mapping
               cryptsetup luksOpen "${ROOT_LOOP}" -d .password "${CRYPTFS_MAPPING}"
               # Secure delete password keyfile
               shred -zu .password
               # Update temporary loop device
               ROOT_LOOP="/dev/mapper/${CRYPTFS_MAPPING}"
               # Wipe encrypted partition (encryption cipher is used for randomness)
               dd if=/dev/zero of="${ROOT_LOOP}" bs=512 count=$(blockdev --getsz "${ROOT_LOOP}")
             fi
             # Build filesystems
             mkfs.vfat "$FRMW_LOOP"
             mkfs.ext4 "$ROOT_LOOP"
             # Mount the temporary loop devices
             mkdir -p "$BUILDDIR/mount"
             mount "$ROOT_LOOP" "$BUILDDIR/mount"
             mkdir -p "$BUILDDIR/mount/boot/firmware"
             mount "$FRMW_LOOP" "$BUILDDIR/mount/boot/firmware"
             # Copy all files from the chroot to the loop device mount point directory
             rsync -a "${R}/" "$BUILDDIR/mount/"
             # Unmount all temporary loop devices and mount points
             cleanup
             # Create block map file(s) of image(s)
             if [ "$ENABLE_SPLITFS" = true ] ; then
               # Create block map files for "bmaptool"
               bmaptool create -o "$BASEDIR/${DATE}-debian-${RELEASE}-frmw.bmap" "$BASEDIR/${DATE}-debian-${RELEASE}-frmw.img"
               bmaptool create -o "$BASEDIR/${DATE}-debian-${RELEASE}-root.bmap" "$BASEDIR/${DATE}-debian-${RELEASE}-root.img"
               # Image was successfully created
               echo "$BASEDIR/${DATE}-debian-${RELEASE}-frmw.img ($(expr \( ${TABLE_SECTORS} + ${FRMW_SECTORS} \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
               echo "$BASEDIR/${DATE}-debian-${RELEASE}-root.img ($(expr \( ${TABLE_SECTORS} + ${ROOT_SECTORS} \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
             else
               # Create block map file for "bmaptool"
               bmaptool create -o "$BASEDIR/${DATE}-debian-${RELEASE}.bmap" "$BASEDIR/${DATE}-debian-${RELEASE}.img"
               # Image was successfully created
               echo "$BASEDIR/${DATE}-debian-${RELEASE}.img ($(expr \( ${TABLE_SECTORS} + ${FRMW_SECTORS} + ${ROOT_SECTORS} \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
             fi

General Comments 0

Écrire
Preview

Vous devez vous connecter pour laisser un commentaire. Se connecter maintenant

No TODOs yet

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Dépôts
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages