##// END OF EJS Templates
Raspi2-3_GenImage
RSS

Cloner depuis https://github.com/drtyhlpr/rpi23-gen-image.git

a
Unknown -
r680:4a24244958f0
parent child
Show More
Show file before | Show file after | Hide comments
@@ -1,566 +1,566
1 1 # rpi23-gen-image
2 2 ## Introduction
3 3 `rpi23-gen-image.sh` is an advanced Debian Linux bootstrapping shell script for generating Debian OS images for all Raspberry Pi computers. The script at this time supports the bootstrapping of the Debian (armhf/armel) releases `stretch` and `buster`. Raspberry Pi 0/1/2/3 images are generated for 32-bit mode only. Raspberry Pi 3 supports 64-bit images that can be generated using custom configuration parameters (```templates/rpi3-stretch-arm64-4.14.y```).
4 4
5 5 ## Build dependencies
6 6 The following list of Debian packages must be installed on the build system because they are essentially required for the bootstrapping process. The script will check if all required packages are installed and missing packages will be installed automatically if confirmed by the user.
7 7
8 8 ```debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git bc psmisc dbus sudo```
9 9
10 10 It is recommended to configure the `rpi23-gen-image.sh` script to build and install the latest Raspberry Pi Linux kernel. For the Raspberry 3 this is mandatory. Kernel compilation and linking will be performed on the build system using an ARM (armhf/armel) cross-compiler toolchain.
11 11
12 12 The script has been tested using the default `crossbuild-essential-armhf` and `crossbuild-essential-armel` toolchain meta packages on Debian Linux `stretch` build systems. Please check the [Debian CrossToolchains Wiki](https://wiki.debian.org/CrossToolchains) for further information.
13 13
14 14 ## Command-line parameters
15 15 The script accepts certain command-line parameters to enable or disable specific OS features, services and configuration settings. These parameters are passed to the `rpi23-gen-image.sh` script via (simple) shell-variables. Unlike environment shell-variables (simple) shell-variables are defined at the beginning of the command-line call of the `rpi23-gen-image.sh` script.
16 16
17 17 ##### Command-line examples:
18 18 ```shell
19 19 ENABLE_UBOOT=true ./rpi23-gen-image.sh
20 20 ENABLE_CONSOLE=false ENABLE_IPV6=false ./rpi23-gen-image.sh
21 21 ENABLE_WM=xfce4 ENABLE_FBTURBO=true ENABLE_MINBASE=true ./rpi23-gen-image.sh
22 22 ENABLE_HARDNET=true ENABLE_IPTABLES=true /rpi23-gen-image.sh
23 23 APT_SERVER=ftp.de.debian.org APT_PROXY="http://127.0.0.1:3142/" ./rpi23-gen-image.sh
24 24 ENABLE_MINBASE=true ./rpi23-gen-image.sh
25 25 BUILD_KERNEL=true ENABLE_MINBASE=true ENABLE_IPV6=false ./rpi23-gen-image.sh
26 26 BUILD_KERNEL=true KERNELSRC_DIR=/tmp/linux ./rpi23-gen-image.sh
27 27 ENABLE_MINBASE=true ENABLE_REDUCE=true ENABLE_MINGPU=true BUILD_KERNEL=true ./rpi23-gen-image.sh
28 28 ENABLE_CRYPTFS=true CRYPTFS_PASSWORD=changeme EXPANDROOT=false ENABLE_MINBASE=true ENABLE_REDUCE=true ENABLE_MINGPU=true BUILD_KERNEL=true ./rpi23-gen-image.sh
29 29 RELEASE=stretch BUILD_KERNEL=true ./rpi23-gen-image.sh
30 30 RPI_MODEL=3 ENABLE_WIRELESS=true ENABLE_MINBASE=true BUILD_KERNEL=true ./rpi23-gen-image.sh
31 31 RELEASE=stretch RPI_MODEL=3 ENABLE_WIRELESS=true ENABLE_MINBASE=true BUILD_KERNEL=true ./rpi23-gen-image.sh
32 32 ```
33 33
34 34 ## Configuration template files
35 35 To avoid long lists of command-line parameters and to help to store the favourite parameter configurations the `rpi23-gen-image.sh` script supports so called configuration template files (`CONFIG_TEMPLATE`=template). These are simple text files located in the `./templates` directory that contain the list of configuration parameters that will be used. New configuration template files can be added to the `./templates` directory.
36 36
37 37 ##### Command-line examples:
38 38 ```shell
39 39 CONFIG_TEMPLATE=rpi3stretch ./rpi23-gen-image.sh
40 40 CONFIG_TEMPLATE=rpi2stretch ./rpi23-gen-image.sh
41 41 ```
42 42
43 43 ## Supported parameters and settings
44 44 #### APT settings:
45 45 ##### `APT_SERVER`="ftp.debian.org"
46 46 Set Debian packages server address. Choose a server from the list of Debian worldwide [mirror sites](https://www.debian.org/mirror/list). Using a nearby server will probably speed-up all required downloads within the bootstrapping process.
47 47
48 48 ##### `APT_PROXY`=""
49 49 Set Proxy server address. Using a local Proxy-Cache like `apt-cacher-ng` will speed-up the bootstrapping process because all required Debian packages will only be downloaded from the Debian mirror site once. If `apt-cacher-ng` is running on default `http://127.0.0.1:3142` it is autodetected and you don't need to set this.
50 50
51 51 ##### `KEEP_APT_PROXY`=false
52 52 Keep the APT_PROXY settings used in the bootsrapping process in the generated image.
53 53
54 54 ##### `APT_INCLUDES`=""
55 55 A comma-separated list of additional packages to be installed by debootstrap during bootstrapping.
56 56
57 57 ##### `APT_INCLUDES_LATE`=""
58 58 A comma-separated list of additional packages to be installed by apt after bootstrapping and after APT sources are set up. This is useful for packages with pre-depends, which debootstrap do not handle well.
59 59
60 60 ---
61 61
62 62 #### General system settings:
63 63 ##### `SET_ARCH`=32
64 64 Set Architecture to default 32bit. If you want to compile 64-bit (RPI3 or RPI3+) set it to `64`. This option will set every needed cross-compiler or board specific option for a successful build.
65 65
66 66 ##### `RPI_MODEL`=2
67 67 Specify the target Raspberry Pi hardware model. The script at this time supports the following Raspberry Pi models:
68 68 - `0` = Raspberry Pi 0 and Raspberry Pi 0 W
69 69 - `1` = Raspberry Pi 1 model A and B
70 70 - `1P` = Raspberry Pi 1 model B+ and A+
71 71 - `2` = Raspberry Pi 2 model B
72 72 - `3` = Raspberry Pi 3 model B
73 73 - `3P` = Raspberry Pi 3 model B+
74 74
75 75 ##### `RELEASE`="buster"
76 76 Set the desired Debian release name. The script at this time supports the bootstrapping of the Debian releases `stretch` and `buster`.
77 77
78 78 ##### `RELEASE_ARCH`="armhf"
79 79 Set the desired Debian release architecture.
80 80
81 81 ##### `HOSTNAME`="rpi$RPI_MODEL-$RELEASE"
82 82 Set system hostname. It's recommended that the hostname is unique in the corresponding subnet.
83 83
84 84 ##### `PASSWORD`="raspberry"
85 85 Set system `root` password. It's **STRONGLY** recommended that you choose a custom password.
86 86
87 87 ##### `USER_PASSWORD`="raspberry"
88 88 Set password for the created non-root user `USER_NAME`=pi. Ignored if `ENABLE_USER`=false. It's **STRONGLY** recommended that you choose a custom password.
89 89
90 90 ##### `DEFLOCAL`="en_US.UTF-8"
91 91 Set default system locale. This setting can also be changed inside the running OS using the `dpkg-reconfigure locales` command. Please note that on using this parameter the script will automatically install the required packages `locales`, `keyboard-configuration` and `console-setup`.
92 92
93 93 ##### `TIMEZONE`="Europe/Berlin"
94 94 Set default system timezone. All available timezones can be found in the `/usr/share/zoneinfo/` directory. This setting can also be changed inside the running OS using the `dpkg-reconfigure tzdata` command.
95 95
96 96 ##### `EXPANDROOT`=true
97 97 Expand the root partition and filesystem automatically on first boot.
98 98
99 99 ##### `ENABLE_DPHYSSWAP`=true
100 100 Enable swap. The size of the swapfile is chosen relative to the size of the root partition. It'll use the `dphys-swapfile` package for that.
101 101
102 102 ##### `ENABLE_QEMU`=false
103 103 Generate kernel (`vexpress_defconfig`), file system image (`qcow2`) and DTB files that can be used for QEMU full system emulation (`vexpress-A15`). The output files are stored in the `$(pwd)/images/qemu` directory. You can find more information about running the generated image in the QEMU section of this readme file.
104 104
105 105 ---
106 106
107 107 #### Keyboard settings:
108 108 These options are used to configure keyboard layout in `/etc/default/keyboard` for console and Xorg. These settings can also be changed inside the running OS using the `dpkg-reconfigure keyboard-configuration` command.
109 109
110 110 ##### `XKB_MODEL`=""
111 111 Set the name of the model of your keyboard type.
112 112
113 113 ##### `XKB_LAYOUT`=""
114 114 Set the supported keyboard layout(s).
115 115
116 116 ##### `XKB_VARIANT`=""
117 117 Set the supported variant(s) of the keyboard layout(s).
118 118
119 119 ##### `XKB_OPTIONS`=""
120 120 Set extra xkb configuration options.
121 121
122 122 ---
123 123
124 124 #### Networking settings (DHCP):
125 125 This parameter is used to set up networking auto-configuration in `/etc/systemd/network/eth.network`. The default location of network configuration files in the Debian `stretch` release was changed to `/lib/systemd/network`.`
126 126
127 127 ##### `ENABLE_DHCP`=true
128 128 Set the system to use DHCP. This requires an DHCP server.
129 129
130 130 ---
131 131
132 132 #### Networking settings (static):
133 133 These parameters are used to set up a static networking configuration in `/etc/systemd/network/eth.network`. The following static networking parameters are only supported if `ENABLE_DHCP` was set to `false`. The default location of network configuration files in the Debian `stretch` release was changed to `/lib/systemd/network`.
134 134
135 135 ##### `NET_ADDRESS`=""
136 136 Set a static IPv4 or IPv6 address and its prefix, separated by "/", eg. "192.169.0.3/24".
137 137
138 138 ##### `NET_GATEWAY`=""
139 139 Set the IP address for the default gateway.
140 140
141 141 ##### `NET_DNS_1`=""
142 142 Set the IP address for the first DNS server.
143 143
144 144 ##### `NET_DNS_2`=""
145 145 Set the IP address for the second DNS server.
146 146
147 147 ##### `NET_DNS_DOMAINS`=""
148 148 Set the default DNS search domains to use for non fully qualified hostnames.
149 149
150 150 ##### `NET_NTP_1`=""
151 151 Set the IP address for the first NTP server.
152 152
153 153 ##### `NET_NTP_2`=""
154 154 Set the IP address for the second NTP server.
155 155
156 156 ---
157 157
158 158 #### Basic system features:
159 159 ##### `ENABLE_CONSOLE`=true
160 160 Enable serial console interface. Recommended if no monitor or keyboard is connected to the RPi2/3. In case of problems fe. if the network (auto) configuration failed - the serial console can be used to access the system. On RPI `0` `3` `3P` the CPU speed is locked at lowest speed.
161 161
162 162 ##### `ENABLE_PRINTK`=false
163 163 Enables printing kernel messages to konsole. printk is `3 4 1 3` as in raspbian.
164 164
165 165 ##### `ENABLE_BLUETOOTH`=false
166 166 Enable onboard Bluetooth interface on the RPi0/3/3P. See: [Configuring the GPIO serial port on Raspbian jessie and stretch](https://spellfoundry.com/2016/05/29/configuring-gpio-serial-port-raspbian-jessie-including-pi-3/).
167 167
168 168 ##### `ENABLE_MINIUART_OVERLAY`=false
169 169 Enable Bluetooth to use this. Adds overlay to swap UART0 with UART1. Enabling (slower) Bluetooth and full speed serial console. - RPI `0` `3` `3P` have a fast `hardware UART0` (ttyAMA0) and a `mini UART1` (ttyS0)! RPI `1` `1P` `2` only have a `hardware UART0`. `UART0` is considered better, because is faster and more stable than `mini UART1`. By default the Bluetooth modem is mapped to the `hardware UART0` and `mini UART` is used for console. The `mini UART` is a problem for the serial console, because its baudrate depends on the CPU frequency, which is changing on runtime. Resulting in a volatile baudrate and thus in an unusable serial console.
170 170
171 171 ##### `ENABLE_TURBO`=false
172 172 Enable Turbo mode. This setting locks cpu at the highest frequency. As setting ENABLE_CONSOLE=true locks RPI to lowest CPU speed, this is can be used additionally to lock cpu hat max speed. Need a good power supply and probably cooling for the Raspberry PI.
173 173
174 174 ##### `ENABLE_I2C`=false
175 175 Enable I2C interface on the RPi 0/1/2/3. Please check the [RPi 0/1/2/3 pinout diagrams](https://elinux.org/RPi_Low-level_peripherals) to connect the right GPIO pins.
176 176
177 177 ##### `ENABLE_SPI`=false
178 178 Enable SPI interface on the RPi 0/1/2/3. Please check the [RPi 0/1/2/3 pinout diagrams](https://elinux.org/RPi_Low-level_peripherals) to connect the right GPIO pins.
179 179
180 180 ##### `ENABLE_IPV6`=true
181 181 Enable IPv6 support. The network interface configuration is managed via systemd-networkd.
182 182
183 183 ##### `ENABLE_SSHD`=true
184 184 Install and enable OpenSSH service. The default configuration of the service doesn't allow `root` to login. Please use the user `pi` instead and `su -` or `sudo` to execute commands as root.
185 185
186 186 ##### `ENABLE_NONFREE`=false
187 187 Allow the installation of non-free Debian packages that do not comply with the DFSG. This is required to install closed-source firmware binary blobs.
188 188
189 189 ##### `ENABLE_WIRELESS`=false
190 190 Download and install the [closed-source firmware binary blob](https://github.com/RPi-Distro/firmware-nonfree/raw/master/brcm) that is required to run the internal wireless interface of the Raspberry Pi model `3`. This parameter is ignored if the specified `RPI_MODEL` is not `3`.
191 191
192 192 ##### `ENABLE_RSYSLOG`=true
193 193 If set to false, disable and uninstall rsyslog (so logs will be available only in journal files)
194 194
195 195 ##### `ENABLE_SOUND`=true
196 196 Enable sound hardware and install Advanced Linux Sound Architecture.
197 197
198 198 ##### `ENABLE_HWRANDOM`=true
199 199 Enable Hardware Random Number Generator. Strong random numbers are important for most network-based communications that use encryption. It's recommended to be enabled.
200 200
201 201 ##### `ENABLE_MINGPU`=false
202 202 Minimize the amount of shared memory reserved for the GPU. It doesn't seem to be possible to fully disable the GPU.
203 203
204 204 ##### `ENABLE_DBUS`=true
205 205 Install and enable D-Bus message bus. Please note that systemd should work without D-bus but it's recommended to be enabled.
206 206
207 207 ##### `ENABLE_XORG`=false
208 208 Install Xorg open-source X Window System.
209 209
210 210 ##### `ENABLE_WM`=""
211 211 Install a user-defined window manager for the X Window System. To make sure all X related package dependencies are getting installed `ENABLE_XORG` will automatically get enabled if `ENABLE_WM` is used. The `rpi23-gen-image.sh` script has been tested with the following list of window managers: `blackbox`, `openbox`, `fluxbox`, `jwm`, `dwm`, `xfce4`, `awesome`.
212 212
213 213 ##### `ENABLE_SYSVINIT`=false
214 214 Support for halt,init,poweroff,reboot,runlevel,shutdown,telinit commands
215 215
216 216 ---
217 217
218 218 #### Advanced system features:
219 219 ##### `ENABLE_KEYGEN`=false
220 220 Recover your lost codec license
221 221
222 222 ##### `ENABLE_SYSTEMDSWAP`=false
223 223 Enables [Systemd-swap service](https://github.com/Nefelim4ag/systemd-swap). Usefull if `KERNEL_ZSWAP` is enabled.
224 224
225 225 ##### `ENABLE_MINBASE`=false
226 226 Use debootstrap script variant `minbase` which only includes essential packages and apt. This will reduce the disk usage by about 65 MB.
227 227
228 228 ##### `ENABLE_REDUCE`=false
229 229 Reduce the disk space usage by deleting packages and files. See `REDUCE_*` parameters for detailed information.
230 230
231 231 ##### `ENABLE_UBOOT`=false
232 232 Replace the default RPi 0/1/2/3 second stage bootloader (bootcode.bin) with [U-Boot bootloader](https://git.denx.de/?p=u-boot.git;a=summary). U-Boot can boot images via the network using the BOOTP/TFTP protocol.
233 233
234 234 ##### `UBOOTSRC_DIR`=""
235 235 Path to a directory (`u-boot`) of [U-Boot bootloader sources](https://git.denx.de/?p=u-boot.git;a=summary) that will be copied, configured, build and installed inside the chroot.
236 236
237 237 ##### `ENABLE_FBTURBO`=false
238 238 Install and enable the [hardware accelerated Xorg video driver](https://github.com/ssvb/xf86-video-fbturbo) `fbturbo`. Please note that this driver is currently limited to hardware accelerated window moving and scrolling.
239 239
240 240 ##### `FBTURBOSRC_DIR`=""
241 241 Path to a directory (`xf86-video-fbturbo`) of [hardware accelerated Xorg video driver sources](https://github.com/ssvb/xf86-video-fbturbo) that will be copied, configured, build and installed inside the chroot.
242 242
243 243 ##### `ENABLE_VIDEOCORE`=false
244 244 Install and enable the [ARM side libraries for interfacing to Raspberry Pi GPU](https://github.com/raspberrypi/userland) `vcgencmd`. Please note that this driver is currently limited to hardware accelerated window moving and scrolling.
245 245
246 246 ##### `VIDEOCORESRC_DIR`=""
247 247 Path to a directory (`userland`) of [ARM side libraries for interfacing to Raspberry Pi GPU](https://github.com/raspberrypi/userland) that will be copied, configured, build and installed inside the chroot.
248 248
249 249 ##### `ENABLE_NEXMON`=false
250 250 Install and enable the [Source code for a C-based firmware patching framework for Broadcom/Cypress WiFi chips that enables you to write your own firmware patches, for example, to enable monitor mode with radiotap headers and frame injection](https://github.com/seemoo-lab/nexmon.git).
251 251
252 252 ##### `NEXMONSRC_DIR`=""
253 253 Path to a directory (`nexmon`) of [Source code for ARM side libraries for interfacing to Raspberry Pi GPU](https://github.com/raspberrypi/userland) that will be copied, configured, build and installed inside the chroot.
254 254
255 255 ##### `ENABLE_IPTABLES`=false
256 256 Enable iptables IPv4/IPv6 firewall. Simplified ruleset: Allow all outgoing connections. Block all incoming connections except to OpenSSH service.
257 257
258 258 ##### `ENABLE_USER`=true
259 259 Create non-root user with password `USER_PASSWORD`=raspberry. Unless overridden with `USER_NAME`=user, the username will be `pi`.
260 260
261 261 ##### `USER_NAME`=pi
262 262 Non-root user to create. Ignored if `ENABLE_USER`=false
263 263
264 264 ##### `ENABLE_ROOT`=false
265 265 Set root user password so root login will be enabled
266 266
267 267 ##### `ENABLE_HARDNET`=false
268 268 Enable IPv4/IPv6 network stack hardening settings.
269 269
270 270 ##### `ENABLE_SPLITFS`=false
271 271 Enable having root partition on an USB drive by creating two image files: one for the `/boot/firmware` mount point, and another for `/`.
272 272
273 273 ##### `CHROOT_SCRIPTS`=""
274 274 Path to a directory with scripts that should be run in the chroot before the image is finally built. Every executable file in this directory is run in lexicographical order.
275 275
276 276 ##### `ENABLE_INITRAMFS`=false
277 277 Create an initramfs that that will be loaded during the Linux startup process. `ENABLE_INITRAMFS` will automatically get enabled if `ENABLE_CRYPTFS`=true. This parameter will be ignored if `BUILD_KERNEL`=false.
278 278
279 279 ##### `ENABLE_IFNAMES`=true
280 280 Enable automatic assignment of predictable, stable network interface names for all local Ethernet, WLAN interfaces. This might create complex and long interface names.
281 281
282 282 ##### `ENABLE_SPLASH`=true
283 283 Enable default Raspberry Pi boot up rainbow splash screen.
284 284
285 285 ##### `ENABLE_LOGO`=true
286 286 Enable default Raspberry Pi console logo (image of four raspberries in the top left corner).
287 287
288 288 ##### `ENABLE_SILENT_BOOT`=false
289 289 Set the verbosity of console messages shown during boot up to a strict minimum.
290 290
291 291 ##### `DISABLE_UNDERVOLT_WARNINGS`=
292 292 Disable RPi2/3 under-voltage warnings and overlays. Setting the parameter to `1` will disable the warning overlay. Setting it to `2` will additionally allow RPi2/3 turbo mode when low-voltage is present.
293 293
294 294 ---
295 295
296 296 #### SSH settings:
297 297 ##### `SSH_ENABLE_ROOT`=false
298 298 Enable password-based root login via SSH. This may be a security risk with the default password set, use only in trusted environments. `ENABLE_ROOT` must be set to `true`.
299 299
300 300 ##### `SSH_DISABLE_PASSWORD_AUTH`=false
301 301 Disable password-based SSH authentication. Only public key based SSH (v2) authentication will be supported.
302 302
303 303 ##### `SSH_LIMIT_USERS`=false
304 304 Limit the users that are allowed to login via SSH. Only allow user `USER_NAME`=pi and root if `SSH_ENABLE_ROOT`=true to login. This parameter will be ignored if `dropbear` SSH is used (`REDUCE_SSHD`=true).
305 305
306 306 ##### `SSH_ROOT_PUB_KEY`=""
307 307 Add SSH (v2) public key(s) from specified file to `authorized_keys` file to enable public key based SSH (v2) authentication of user `root`. The specified file can also contain multiple SSH (v2) public keys. SSH protocol version 1 is not supported. `ENABLE_ROOT` **and** `SSH_ENABLE_ROOT` must be set to `true`.
308 308
309 309 ##### `SSH_USER_PUB_KEY`=""
310 310 Add SSH (v2) public key(s) from specified file to `authorized_keys` file to enable public key based SSH (v2) authentication of user `USER_NAME`=pi. The specified file can also contain multiple SSH (v2) public keys. SSH protocol version 1 is not supported.
311 311
312 312 ---
313 313
314 314 #### Kernel compilation:
315 315 ##### `BUILD_KERNEL`=true
316 316 Build and install the latest RPi 0/1/2/3 Linux kernel. Currently only the default RPi 0/1/2/3 kernel configuration is used.
317 317
318 318 ##### `CROSS_COMPILE`="arm-linux-gnueabihf-"
319 319 This sets the cross-compile environment for the compiler.
320 320
321 321 ##### `KERNEL_BTRFS`="false"
322 322 enable btrfs kernel support
323 323
324 324 ##### `KERNEL_POEHAT`="false"
325 325 enable Enable RPI POE HAT fan kernel support
326 326
327 327 ##### `KERNEL_NSPAWN`="false"
328 328 Enable per-interface network priority control - for systemd-nspawn
329 329
330 330 ##### `KERNEL_DHKEY`="true"
331 331 Diffie-Hellman operations on retained keys - required for >keyutils-1.6
332 332
333 333 ##### `KERNEL_ARCH`="arm"
334 334 This sets the kernel architecture for the compiler.
335 335
336 336 ##### `KERNEL_IMAGE`="kernel7.img"
337 337 Name of the image file in the boot partition. If not set, `KERNEL_IMAGE` will be set to "kernel8.img" automatically if building for arm64.
338 338
339 339 ##### `KERNEL_BRANCH`=""
340 340 Name of the requested branch from the GIT location for the RPi Kernel. Default is using the current default branch from the GIT site.
341 341
342 342 ##### `QEMU_BINARY`="/usr/bin/qemu-arm-static"
343 343 Sets the QEMU enviornment for the Debian archive. If not set, `QEMU_BINARY` will be set to "/usr/bin/qemu-aarch64-static" automatically if building for arm64.
344 344
345 345 ##### `KERNEL_DEFCONFIG`="bcm2709_defconfig"
346 346 Sets the default config for kernel compiling. If not set, `KERNEL_DEFCONFIG` will be set to "bcmrpi3\_defconfig" automatically if building for arm64.
347 347
348 348 ##### `KERNEL_REDUCE`=false
349 349 Reduce the size of the generated kernel by removing unwanted devices, network and filesystem drivers (experimental).
350 350
351 351 ##### `KERNEL_THREADS`=1
352 352 Number of parallel kernel building threads. If the parameter is left untouched the script will automatically determine the number of CPU cores to set the number of parallel threads to speed the kernel compilation.
353 353
354 354 ##### `KERNEL_HEADERS`=true
355 355 Install kernel headers with the built kernel.
356 356
357 357 ##### `KERNEL_MENUCONFIG`=false
358 358 Start `make menuconfig` interactive menu-driven kernel configuration. The script will continue after `make menuconfig` was terminated.
359 359
360 360 ##### `KERNEL_OLDDEFCONFIG`=false
361 361 Run `make olddefconfig` to automatically set all new kernel configuration options to their recommended default values.
362 362
363 363 ##### `KERNEL_CCACHE`=false
364 364 Compile the kernel using ccache. This speeds up kernel recompilation by caching previous compilations and detecting when the same compilation is being done again.
365 365
366 366 ##### `KERNEL_REMOVESRC`=true
367 367 Remove all kernel sources from the generated OS image after it was built and installed.
368 368
369 369 ##### `KERNELSRC_DIR`=""
370 370 Path to a directory (`linux`) of [RaspberryPi Linux kernel sources](https://github.com/raspberrypi/linux) that will be copied, configured, build and installed inside the chroot.
371 371
372 372 ##### `KERNELSRC_CLEAN`=false
373 373 Clean the existing kernel sources directory `KERNELSRC_DIR` (using `make mrproper`) after it was copied to the chroot and before the compilation of the kernel has started. This parameter will be ignored if no `KERNELSRC_DIR` was specified or if `KERNELSRC_PREBUILT`=true.
374 374
375 375 ##### `KERNELSRC_CONFIG`=true
376 376 Run `make bcm2709_defconfig` (and optional `make menuconfig`) to configure the kernel sources before building. This parameter is automatically set to `true` if no existing kernel sources directory was specified using `KERNELSRC_DIR`. This parameter is ignored if `KERNELSRC_PREBUILT`=true.
377 377
378 378 ##### `KERNELSRC_USRCONFIG`=""
379 379 Copy own config file to kernel `.config`. If `KERNEL_MENUCONFIG`=true then running after copy.
380 380
381 381 ##### `KERNELSRC_PREBUILT`=false
382 382 With this parameter set to true the script expects the existing kernel sources directory to be already successfully cross-compiled. The parameters `KERNELSRC_CLEAN`, `KERNELSRC_CONFIG`, `KERNELSRC_USRCONFIG` and `KERNEL_MENUCONFIG` are ignored and no kernel compilation tasks are performed.
383 383
384 384 ##### `RPI_FIRMWARE_DIR`=""
385 385 The directory (`firmware`) containing a local copy of the firmware from the [RaspberryPi firmware project](https://github.com/raspberrypi/firmware). Default is to download the latest firmware directly from the project.
386 386
387 387 ##### `KERNEL_DEFAULT_GOV`="ONDEMAND"
388 388 Set the default cpu governor at kernel compilation. Supported values are: PERFORMANCE POWERSAVE USERSPACE ONDEMAND CONSERVATIVE SCHEDUTIL
389 389
390 390 ##### `KERNEL_NF`=false
391 391 Enable Netfilter modules as kernel modules
392 392
393 393 ##### `KERNEL_VIRT`=false
394 394 Enable Kernel KVM support (/dev/kvm)
395 395
396 396 ##### `KERNEL_ZSWAP`=false
397 397 Enable Kernel Zswap support. Best use on high RAM load and mediocre CPU load usecases
398 398
399 399 ##### `KERNEL_BPF`=true
400 400 Allow attaching eBPF programs to a cgroup using the bpf syscall (CONFIG_BPF_SYSCALL CONFIG_CGROUP_BPF) [systemd compilations about it - File /lib/systemd/system/systemd-journald.server:36 configures an IP firewall (IPAddressDeny=all), but the local system does not support BPF/cgroup based firewalls]
401 401
402 402 ##### `KERNEL_SECURITY`=false
403 403 Enables Apparmor, integrity subsystem, auditing.
404 404
405 405 ---
406 406
407 407 #### Reduce disk usage:
408 408 The following list of parameters is ignored if `ENABLE_REDUCE`=false.
409 409
410 410 ##### `REDUCE_APT`=true
411 411 Configure APT to use compressed package repository lists and no package caching files.
412 412
413 413 ##### `REDUCE_DOC`=true
414 414 Remove all doc files (harsh). Configure APT to not include doc files on future `apt-get` package installations.
415 415
416 416 ##### `REDUCE_MAN`=true
417 417 Remove all man pages and info files (harsh). Configure APT to not include man pages on future `apt-get` package installations.
418 418
419 419 ##### `REDUCE_VIM`=false
420 420 Replace `vim-tiny` package by `levee` a tiny vim clone.
421 421
422 422 ##### `REDUCE_BASH`=false
423 423 Remove `bash` package and switch to `dash` shell (experimental).
424 424
425 425 ##### `REDUCE_HWDB`=true
426 426 Remove PCI related hwdb files (experimental).
427 427
428 428 ##### `REDUCE_SSHD`=true
429 429 Replace `openssh-server` with `dropbear`.
430 430
431 431 ##### `REDUCE_LOCALE`=true
432 432 Remove all `locale` translation files.
433 433
434 434 ---
435 435
436 436 #### Encrypted root partition:
437 ##### `KERNEL_CRYPTFS`=false
438 Enable Kernel Moduls for crypto
439
440 437 ##### `ENABLE_CRYPTFS`=false
441 438 Enable full system encryption with dm-crypt. Setup a fully LUKS encrypted root partition (aes-xts-plain64:sha512) and generate required initramfs. The /boot directory will not be encrypted. This parameter will be ignored if `BUILD_KERNEL`=false. `ENABLE_CRYPTFS` is experimental. SSH-to-initramfs is currently not supported but will be soon - feel free to help.
442 439
443 440 ##### `CRYPTFS_PASSWORD`=""
444 441 Set password of the encrypted root partition. This parameter is mandatory if `ENABLE_CRYPTFS`=true.
445 442
446 443 ##### `CRYPTFS_MAPPING`="secure"
447 444 Set name of dm-crypt managed device-mapper mapping.
448 445
449 ##### `CRYPTFS_CIPHER`="aes-xts-plain64:sha512"
446 ##### `CRYPTFS_CIPHER`="aes-xts-plain64"
450 447 Set cipher specification string. `aes-xts*` ciphers are strongly recommended.
451 448
449 ##### `CRYPTFS_HASH`=sha512
450 Hash function and size to be used
451
452 452 ##### `CRYPTFS_XTSKEYSIZE`=512
453 453 Sets key size in bits. The argument has to be a multiple of 8.
454 454
455 455 ##### `CRYPTFS_DROPBEAR`=false
456 456 Enable Dropbear Initramfs support
457 457
458 458 ##### `CRYPTFS_DROPBEAR_PUBKEY`=""
459 459 Provide path to dropbear Public RSA-OpenSSH Key
460 460
461 461 ---
462 462
463 463 #### Build settings:
464 464 ##### `BASEDIR`=$(pwd)/images/${RELEASE}
465 465 Set a path to a working directory used by the script to generate an image.
466 466
467 467 ##### `IMAGE_NAME`=${BASEDIR}/${DATE}-${KERNEL_ARCH}-${KERNEL_BRANCH}-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}
468 468 Set a filename for the output file(s). Note: the script will create $IMAGE_NAME.img if `ENABLE_SPLITFS`=false or $IMAGE_NAME-frmw.img and $IMAGE_NAME-root.img if `ENABLE_SPLITFS`=true. Note 2: If the KERNEL_BRANCH is not set, the word "CURRENT" is used.
469 469
470 470 ## Understanding the script
471 471 The functions of this script that are required for the different stages of the bootstrapping are split up into single files located inside the `bootstrap.d` directory. During the bootstrapping every script in this directory gets executed in lexicographical order:
472 472
473 473 | Script | Description |
474 474 | --- | --- |
475 475 | `10-bootstrap.sh` | Debootstrap basic system |
476 476 | `11-apt.sh` | Setup APT repositories |
477 477 | `12-locale.sh` | Setup Locales and keyboard settings |
478 478 | `13-kernel.sh` | Build and install RPi 0/1/2/3 Kernel |
479 479 | `14-fstab.sh` | Setup fstab and initramfs |
480 480 | `15-rpi-config.sh` | Setup RPi 0/1/2/3 config and cmdline |
481 481 | `20-networking.sh` | Setup Networking |
482 482 | `21-firewall.sh` | Setup Firewall |
483 483 | `30-security.sh` | Setup Users and Security settings |
484 484 | `31-logging.sh` | Setup Logging |
485 485 | `32-sshd.sh` | Setup SSH and public keys |
486 486 | `41-uboot.sh` | Build and Setup U-Boot |
487 487 | `42-fbturbo.sh` | Build and Setup fbturbo Xorg driver |
488 488 | `43-videocore.sh` | Build and Setup videocore libraries |
489 489 | `50-firstboot.sh` | First boot actions |
490 490 | `99-reduce.sh` | Reduce the disk space usage |
491 491
492 492 All the required configuration files that will be copied to the generated OS image are located inside the `files` directory. It is not recommended to modify these configuration files manually.
493 493
494 494 | Directory | Description |
495 495 | --- | --- |
496 496 | `apt` | APT management configuration files |
497 497 | `boot` | Boot and RPi 0/1/2/3 configuration files |
498 498 | `dpkg` | Package Manager configuration |
499 499 | `etc` | Configuration files and rc scripts |
500 500 | `firstboot` | Scripts that get executed on first boot |
501 501 | `initramfs` | Initramfs scripts |
502 502 | `iptables` | Firewall configuration files |
503 503 | `locales` | Locales configuration |
504 504 | `modules` | Kernel Modules configuration |
505 505 | `mount` | Fstab configuration |
506 506 | `network` | Networking configuration files |
507 507 | `sysctl.d` | Swapping and Network Hardening configuration |
508 508 | `xorg` | fbturbo Xorg driver configuration |
509 509
510 510 ## Custom packages and scripts
511 511 Debian custom packages, i.e. those not in the debian repositories, can be installed by placing them in the `packages` directory. They are installed immediately after packages from the repositories are installed. Any dependencies listed in the custom packages will be downloaded automatically from the repositories. Do not list these custom packages in `APT_INCLUDES`.
512 512
513 513 Scripts in the custom.d directory will be executed after all other installation is complete but before the image is created.
514 514
515 515 ## Logging of the bootstrapping process
516 516 All information related to the bootstrapping process and the commands executed by the `rpi23-gen-image.sh` script can easily be saved into a logfile. The common shell command `script` can be used for this purpose:
517 517
518 518 ```shell
519 519 script -c 'APT_SERVER=ftp.de.debian.org ./rpi23-gen-image.sh' ./build.log
520 520 ```
521 521
522 522 ## Flashing the image file
523 523 After the image file was successfully created by the `rpi23-gen-image.sh` script it can be copied to the microSD card that will be used by the RPi 0/1/2/3 computer. This can be performed by using the tools `bmaptool` or `dd`. Using `bmaptool` will probably speed-up the copy process because `bmaptool` copies more wisely than `dd`.
524 524
525 525 ##### Flashing examples:
526 526 ```shell
527 527 bmaptool copy ./images/buster/2017-01-23-rpi3-buster.img /dev/mmcblk0
528 528 dd bs=4M if=./images/buster/2017-01-23-rpi3-buster.img of=/dev/mmcblk0
529 529 ```
530 530 If you have set `ENABLE_SPLITFS`, copy the `-frmw` image on the microSD card, then the `-root` one on the USB drive:
531 531 ```shell
532 532 bmaptool copy ./images/buster/2017-01-23-rpi3-buster-frmw.img /dev/mmcblk0
533 533 bmaptool copy ./images/buster/2017-01-23-rpi3-buster-root.img /dev/sdc
534 534 ```
535 535
536 536 ## QEMU emulation
537 537 Start QEMU full system emulation:
538 538 ```shell
539 539 qemu-system-arm -m 2048M -M vexpress-a15 -cpu cortex-a15 -kernel kernel7.img -no-reboot -dtb vexpress-v2p-ca15_a7.dtb -sd ${IMAGE_NAME}.qcow2 -append "root=/dev/mmcblk0p2 rw rootfstype=ext4 console=tty1"
540 540 ```
541 541
542 542 Start QEMU full system emulation and output to console:
543 543 ```shell
544 544 qemu-system-arm -m 2048M -M vexpress-a15 -cpu cortex-a15 -kernel kernel7.img -no-reboot -dtb vexpress-v2p-ca15_a7.dtb -sd ${IMAGE_NAME}.qcow2 -append "root=/dev/mmcblk0p2 rw rootfstype=ext4 console=ttyAMA0,115200 init=/bin/systemd" -serial stdio
545 545 ```
546 546
547 547 Start QEMU full system emulation with SMP and output to console:
548 548 ```shell
549 549 qemu-system-arm -m 2048M -M vexpress-a15 -cpu cortex-a15 -smp cpus=2,maxcpus=2 -kernel kernel7.img -no-reboot -dtb vexpress-v2p-ca15_a7.dtb -sd ${IMAGE_NAME}.qcow2 -append "root=/dev/mmcblk0p2 rw rootfstype=ext4 console=ttyAMA0,115200 init=/bin/systemd" -serial stdio
550 550 ```
551 551
552 552 Start QEMU full system emulation with cryptfs, initramfs and output to console:
553 553 ```shell
554 554 qemu-system-arm -m 2048M -M vexpress-a15 -cpu cortex-a15 -kernel kernel7.img -no-reboot -dtb vexpress-v2p-ca15_a7.dtb -sd ${IMAGE_NAME}.qcow2 -initrd "initramfs-${KERNEL_VERSION}" -append "root=/dev/mapper/secure cryptdevice=/dev/mmcblk0p2:secure rw rootfstype=ext4 console=ttyAMA0,115200 init=/bin/systemd" -serial stdio
555 555 ```
556 556
557 557 ## External links and references
558 558 * [Debian worldwide mirror sites](https://www.debian.org/mirror/list)
559 559 * [Debian Raspberry Pi 2 Wiki](https://wiki.debian.org/RaspberryPi2)
560 560 * [Debian CrossToolchains Wiki](https://wiki.debian.org/CrossToolchains)
561 561 * [Official Raspberry Pi Firmware on github](https://github.com/raspberrypi/firmware)
562 562 * [Official Raspberry Pi Kernel on github](https://github.com/raspberrypi/linux)
563 563 * [U-BOOT git repository](https://git.denx.de/?p=u-boot.git;a=summary)
564 564 * [Xorg DDX driver fbturbo](https://github.com/ssvb/xf86-video-fbturbo)
565 565 * [RPi3 Wireless interface firmware](https://github.com/RPi-Distro/firmware-nonfree/tree/master/brcm)
566 566 * [Collabora RPi2 Kernel precompiled](https://repositories.collabora.co.uk/debian/)
Show file before | Show file after | Hide comments
@@ -1,896 +1,897
1 1 #!/bin/sh
2 2 ########################################################################
3 3 # rpi23-gen-image.sh 2015-2017
4 4 #
5 5 # Advanced Debian "stretch" and "buster" bootstrap script for Raspberry Pi
6 6 #
7 7 # This program is free software; you can redistribute it and/or
8 8 # modify it under the terms of the GNU General Public License
9 9 # as published by the Free Software Foundation; either version 2
10 10 # of the License, or (at your option) any later version.
11 11 #
12 12 # Copyright (C) 2015 Jan Wagner <mail@jwagner.eu>
13 13 #
14 14 # Big thanks for patches and enhancements by 20+ github contributors!
15 15 ########################################################################
16 16
17 17 # Are we running as root?
18 18 if [ "$(id -u)" -ne "0" ] ; then
19 19 echo "error: this script must be executed with root privileges!"
20 20 exit 1
21 21 fi
22 22
23 23 # Check if ./functions.sh script exists
24 24 if [ ! -r "./functions.sh" ] ; then
25 25 echo "error: './functions.sh' required script not found!"
26 26 exit 1
27 27 fi
28 28
29 29 # Load utility functions
30 30 . ./functions.sh
31 31
32 32 # Load parameters from configuration template file
33 33 if [ -n "$CONFIG_TEMPLATE" ] ; then
34 34 use_template
35 35 fi
36 36
37 37 # Introduce settings
38 38 set -e
39 39 echo -n -e "\n#\n# RPi 0/1/2/3 Bootstrap Settings\n#\n"
40 40 set -x
41 41
42 42 # Raspberry Pi model configuration
43 43 RPI_MODEL=${RPI_MODEL:=2}
44 44
45 45 # Debian release
46 46 RELEASE=${RELEASE:=buster}
47 47 if [ $RELEASE = "bullseye" ] ; then
48 48 RELEASE=testing
49 49 fi
50 50
51 51 # Kernel Branch
52 52 KERNEL_BRANCH=${KERNEL_BRANCH:=""}
53 53
54 54 # URLs
55 55 KERNEL_URL=${KERNEL_URL:=https://github.com/raspberrypi/linux}
56 56 FIRMWARE_URL=${FIRMWARE_URL:=https://github.com/raspberrypi/firmware/raw/master/boot}
57 57 WLAN_FIRMWARE_URL=${WLAN_FIRMWARE_URL:=https://github.com/RPi-Distro/firmware-nonfree/raw/master/brcm}
58 58 FBTURBO_URL=${FBTURBO_URL:=https://github.com/ssvb/xf86-video-fbturbo.git}
59 59 UBOOT_URL=${UBOOT_URL:=https://git.denx.de/u-boot.git}
60 60 VIDEOCORE_URL=${VIDEOCORE_URL:=https://github.com/raspberrypi/userland}
61 61 BLUETOOTH_URL=${BLUETOOTH_URL:=https://github.com/RPi-Distro/pi-bluetooth.git}
62 62 NEXMON_URL=${NEXMON_URL:=https://github.com/seemoo-lab/nexmon.git}
63 63 SYSTEMDSWAP_URL=${SYSTEMDSWAP_URL:=https://github.com/Nefelim4ag/systemd-swap.git}
64 64
65 65 # Kernel deb packages for 32bit kernel
66 66 RPI_32_KERNEL_URL=${RPI_32_KERNEL_URL:=https://github.com/hypriot/rpi-kernel/releases/download/v4.14.34/raspberrypi-kernel_20180422-141901_armhf.deb}
67 67 RPI_32_KERNELHEADER_URL=${RPI_32_KERNELHEADER_URL:=https://github.com/hypriot/rpi-kernel/releases/download/v4.14.34/raspberrypi-kernel-headers_20180422-141901_armhf.deb}
68 68 # Kernel has KVM and zswap enabled - use if KERNEL_* parameters and precompiled kernel are used
69 69 RPI3_64_BIS_KERNEL_URL=${RPI3_64_BIS_KERNEL_URL:=https://github.com/sakaki-/bcmrpi3-kernel-bis/releases/download/4.19.80.20191022/bcmrpi3-kernel-bis-4.19.80.20191022.tar.xz}
70 70 # Default precompiled 64bit kernel
71 71 RPI3_64_DEF_KERNEL_URL=${RPI3_64_DEF_KERNEL_URL:=https://github.com/sakaki-/bcmrpi3-kernel/releases/download/4.19.80.20191022/bcmrpi3-kernel-4.19.80.20191022.tar.xz}
72 72 # Sakaki BIS Kernel RPI4 - https://github.com/sakaki-/bcm2711-kernel-bis
73 73 RPI4_64_BIS_KERNEL_URL=${RPI4_64_BIS_KERNEL_URL:=https://github.com/sakaki-/bcm2711-kernel-bis/releases/download/4.19.59.20190724/bcm2711-kernel-bis-4.19.59.20190724.tar.xz}
74 74 # Default precompiled 64bit kernel - https://github.com/sakaki-/bcm2711-kernel
75 75 RPI4_64_DEF_KERNEL_URL=${RPI4_64_DEF_KERNEL_URL:=https://github.com/sakaki-/bcm2711-kernel-bis/releases/download/4.19.59.20190724/bcm2711-kernel-bis-4.19.59.20190724.tar.xz}
76 76 # Generic
77 77 RPI3_64_KERNEL_URL=${RPI3_64_KERNEL_URL:=$RPI3_64_DEF_KERNEL_URL}
78 78 RPI4_64_KERNEL_URL=${RPI4_64_KERNEL_URL:=$RPI4_64_DEF_KERNEL_URL}
79 79 # Kali kernel src - used if ENABLE_NEXMON=true (they patch the wlan kernel modul)
80 80 KALI_KERNEL_URL=${KALI_KERNEL_URL:=https://github.com/Re4son/re4son-raspberrypi-linux.git}
81 81
82 82 # Build directories
83 83 WORKDIR=$(pwd)
84 84 BASEDIR=${BASEDIR:=${WORKDIR}/images/${RELEASE}}
85 85 BUILDDIR="${BASEDIR}/build"
86 86
87 87 # Chroot directories
88 88 R="${BUILDDIR}/chroot"
89 89 ETC_DIR="${R}/etc"
90 90 LIB_DIR="${R}/lib"
91 91 BOOT_DIR="${R}/boot/firmware"
92 92 KERNEL_DIR="${R}/usr/src/linux"
93 93 WLAN_FIRMWARE_DIR="${LIB_DIR}/firmware/brcm"
94 94 BLUETOOTH_FIRMWARE_DIR="${ETC_DIR}/firmware/bt"
95 95
96 96 # Firmware directory: Blank if download from github
97 97 RPI_FIRMWARE_DIR=${RPI_FIRMWARE_DIR:=""}
98 98
99 99 # General settings
100 100 SET_ARCH=${SET_ARCH:=32}
101 101 HOSTNAME=${HOSTNAME:=rpi${RPI_MODEL}-${RELEASE}}
102 102 PASSWORD=${PASSWORD:=raspberry}
103 103 USER_PASSWORD=${USER_PASSWORD:=raspberry}
104 104 DEFLOCAL=${DEFLOCAL:="en_US.UTF-8"}
105 105 TIMEZONE=${TIMEZONE:="Europe/Berlin"}
106 106 EXPANDROOT=${EXPANDROOT:=true}
107 107 ENABLE_DPHYSSWAP=${ENABLE_DPHYSSWAP:=true}
108 108
109 109 # Keyboard settings
110 110 XKB_MODEL=${XKB_MODEL:=""}
111 111 XKB_LAYOUT=${XKB_LAYOUT:=""}
112 112 XKB_VARIANT=${XKB_VARIANT:=""}
113 113 XKB_OPTIONS=${XKB_OPTIONS:=""}
114 114
115 115 # Network settings (DHCP)
116 116 ENABLE_DHCP=${ENABLE_DHCP:=true}
117 117
118 118 # Network settings (static)
119 119 NET_ADDRESS=${NET_ADDRESS:=""}
120 120 NET_GATEWAY=${NET_GATEWAY:=""}
121 121 NET_DNS_1=${NET_DNS_1:=""}
122 122 NET_DNS_2=${NET_DNS_2:=""}
123 123 NET_DNS_DOMAINS=${NET_DNS_DOMAINS:=""}
124 124 NET_NTP_1=${NET_NTP_1:=""}
125 125 NET_NTP_2=${NET_NTP_2:=""}
126 126
127 127 # APT settings
128 128 APT_PROXY=${APT_PROXY:=""}
129 129 APT_SERVER=${APT_SERVER:="ftp.debian.org"}
130 130 KEEP_APT_PROXY=${KEEP_APT_PROXY:=false}
131 131
132 132 # Feature settings
133 133 ENABLE_PRINTK=${ENABLE_PRINTK:=false}
134 134 ENABLE_BLUETOOTH=${ENABLE_BLUETOOTH:=false}
135 135 ENABLE_MINIUART_OVERLAY=${ENABLE_MINIUART_OVERLAY:=false}
136 136 ENABLE_CONSOLE=${ENABLE_CONSOLE:=true}
137 137 ENABLE_I2C=${ENABLE_I2C:=false}
138 138 ENABLE_SPI=${ENABLE_SPI:=false}
139 139 ENABLE_IPV6=${ENABLE_IPV6:=true}
140 140 ENABLE_SSHD=${ENABLE_SSHD:=true}
141 141 ENABLE_NONFREE=${ENABLE_NONFREE:=false}
142 142 ENABLE_WIRELESS=${ENABLE_WIRELESS:=false}
143 143 ENABLE_SOUND=${ENABLE_SOUND:=true}
144 144 ENABLE_DBUS=${ENABLE_DBUS:=true}
145 145 ENABLE_HWRANDOM=${ENABLE_HWRANDOM:=true}
146 146 ENABLE_MINGPU=${ENABLE_MINGPU:=false}
147 147 ENABLE_XORG=${ENABLE_XORG:=false}
148 148 ENABLE_WM=${ENABLE_WM:=""}
149 149 ENABLE_RSYSLOG=${ENABLE_RSYSLOG:=true}
150 150 ENABLE_USER=${ENABLE_USER:=true}
151 151 USER_NAME=${USER_NAME:="pi"}
152 152 ENABLE_ROOT=${ENABLE_ROOT:=false}
153 153 ENABLE_QEMU=${ENABLE_QEMU:=false}
154 154 ENABLE_SYSVINIT=${ENABLE_SYSVINIT:=false}
155 155
156 156 # SSH settings
157 157 SSH_ENABLE_ROOT=${SSH_ENABLE_ROOT:=false}
158 158 SSH_DISABLE_PASSWORD_AUTH=${SSH_DISABLE_PASSWORD_AUTH:=false}
159 159 SSH_LIMIT_USERS=${SSH_LIMIT_USERS:=false}
160 160 SSH_ROOT_PUB_KEY=${SSH_ROOT_PUB_KEY:=""}
161 161 SSH_USER_PUB_KEY=${SSH_USER_PUB_KEY:=""}
162 162
163 163 # Advanced settings
164 164 ENABLE_SYSTEMDSWAP=${ENABLE_SYSTEMDSWAP:=false}
165 165 ENABLE_MINBASE=${ENABLE_MINBASE:=false}
166 166 ENABLE_REDUCE=${ENABLE_REDUCE:=false}
167 167 ENABLE_UBOOT=${ENABLE_UBOOT:=false}
168 168 UBOOTSRC_DIR=${UBOOTSRC_DIR:=""}
169 169 ENABLE_USBBOOT=${ENABLE_USBBOOT=false}
170 170 ENABLE_FBTURBO=${ENABLE_FBTURBO:=false}
171 171 ENABLE_VIDEOCORE=${ENABLE_VIDEOCORE:=false}
172 172 ENABLE_NEXMON=${ENABLE_NEXMON:=false}
173 173 VIDEOCORESRC_DIR=${VIDEOCORESRC_DIR:=""}
174 174 FBTURBOSRC_DIR=${FBTURBOSRC_DIR:=""}
175 175 NEXMONSRC_DIR=${NEXMONSRC_DIR:=""}
176 176 ENABLE_HARDNET=${ENABLE_HARDNET:=false}
177 177 ENABLE_IPTABLES=${ENABLE_IPTABLES:=false}
178 178 ENABLE_SPLITFS=${ENABLE_SPLITFS:=false}
179 179 ENABLE_INITRAMFS=${ENABLE_INITRAMFS:=false}
180 180 ENABLE_IFNAMES=${ENABLE_IFNAMES:=true}
181 181 ENABLE_SPLASH=${ENABLE_SPLASH:=true}
182 182 ENABLE_LOGO=${ENABLE_LOGO:=true}
183 183 ENABLE_SILENT_BOOT=${ENABLE_SILENT_BOOT=false}
184 184 DISABLE_UNDERVOLT_WARNINGS=${DISABLE_UNDERVOLT_WARNINGS:=}
185 185
186 186 # Kernel compilation settings
187 187 BUILD_KERNEL=${BUILD_KERNEL:=true}
188 188 KERNEL_REDUCE=${KERNEL_REDUCE:=false}
189 189 KERNEL_THREADS=${KERNEL_THREADS:=1}
190 190 KERNEL_HEADERS=${KERNEL_HEADERS:=true}
191 191 KERNEL_MENUCONFIG=${KERNEL_MENUCONFIG:=false}
192 192 KERNEL_REMOVESRC=${KERNEL_REMOVESRC:=true}
193 193 KERNEL_OLDDEFCONFIG=${KERNEL_OLDDEFCONFIG:=false}
194 194 KERNEL_CCACHE=${KERNEL_CCACHE:=false}
195 195 KERNEL_ZSWAP=${KERNEL_ZSWAP:=false}
196 196 KERNEL_VIRT=${KERNEL_VIRT:=false}
197 197 KERNEL_BPF=${KERNEL_BPF:=false}
198 198 KERNEL_DEFAULT_GOV=${KERNEL_DEFAULT_GOV:=ondemand}
199 199 KERNEL_SECURITY=${KERNEL_SECURITY:=false}
200 200 KERNEL_NF=${KERNEL_NF:=false}
201 201 KERNEL_DHKEY=${KERNEL_DHKEY:=true}
202 202 KERNEL_BTRFS=${KERNEL_BTRFS:=false}
203 203 KERNEL_NSPAN=${KERNEL_NSPAN:=false}
204 204 KERNEL_POEHAT=${KERNEL_POEHAT:=false}
205 205
206 206 # Kernel compilation from source directory settings
207 207 KERNELSRC_DIR=${KERNELSRC_DIR:=""}
208 208 KERNELSRC_CLEAN=${KERNELSRC_CLEAN:=false}
209 209 KERNELSRC_CONFIG=${KERNELSRC_CONFIG:=true}
210 210 KERNELSRC_PREBUILT=${KERNELSRC_PREBUILT:=false}
211 211
212 212 # Reduce disk usage settings
213 213 REDUCE_APT=${REDUCE_APT:=true}
214 214 REDUCE_DOC=${REDUCE_DOC:=true}
215 215 REDUCE_MAN=${REDUCE_MAN:=true}
216 216 REDUCE_VIM=${REDUCE_VIM:=false}
217 217 REDUCE_BASH=${REDUCE_BASH:=false}
218 218 REDUCE_HWDB=${REDUCE_HWDB:=true}
219 219 REDUCE_SSHD=${REDUCE_SSHD:=true}
220 220 REDUCE_LOCALE=${REDUCE_LOCALE:=true}
221 221
222 222 # Encrypted filesystem settings
223 223 ENABLE_CRYPTFS=${ENABLE_CRYPTFS:=false}
224 224 CRYPTFS_PASSWORD=${CRYPTFS_PASSWORD:=""}
225 225 CRYPTFS_MAPPING=${CRYPTFS_MAPPING:="secure"}
226 CRYPTFS_CIPHER=${CRYPTFS_CIPHER:="aes-xts-plain64:sha512"}
226 CRYPTFS_CIPHER=${CRYPTFS_CIPHER:="aes-xts-plain64"}
227 CRYPTFS_HASH=${CRYPTFS_HASH:=":sha512"}
227 228 CRYPTFS_XTSKEYSIZE=${CRYPTFS_XTSKEYSIZE:=512}
228 229 #Dropbear-initramfs supports unlocking encrypted filesystem via SSH on bootup
229 230 CRYPTFS_DROPBEAR=${CRYPTFS_DROPBEAR:=false}
230 231 #Provide your own Dropbear Public RSA-OpenSSH Key otherwise it will be generated
231 232 CRYPTFS_DROPBEAR_PUBKEY=${CRYPTFS_DROPBEAR_PUBKEY:=""}
232 233
233 234 # Chroot scripts directory
234 235 CHROOT_SCRIPTS=${CHROOT_SCRIPTS:=""}
235 236
236 237 # Packages required in the chroot build environment
237 238 APT_INCLUDES=${APT_INCLUDES:=""}
238 239 APT_INCLUDES="${APT_INCLUDES},flex,bison,apt-transport-https,apt-utils,ca-certificates,debian-archive-keyring,dialog,sudo,systemd,sysvinit-utils,locales,keyboard-configuration,console-setup,libnss-systemd"
239 240
240 241 # Packages to exclude from chroot build environment
241 242 APT_EXCLUDES=${APT_EXCLUDES:=""}
242 243
243 244 # Packages required for bootstrapping
244 245 REQUIRED_PACKAGES="debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git bc psmisc dbus sudo"
245 246 MISSING_PACKAGES=""
246 247
247 248 # Packages installed for c/c++ build environment in chroot (keep empty)
248 249 COMPILER_PACKAGES=""
249 250
250 251 # Check if apt-cacher-ng has port 3142 open and set APT_PROXY
251 252 APT_CACHER_RUNNING=$(lsof -i :3142 | cut -d ' ' -f3 | uniq | sed '/^\s*$/d')
252 253 if [ "${APT_CACHER_RUNNING}" = "apt-cacher-ng" ] ; then
253 254 APT_PROXY=http://127.0.0.1:3142/
254 255 fi
255 256
256 257 # Setup architecture specific settings
257 258 if [ -n "$SET_ARCH" ] ; then
258 259 # 64-bit configuration
259 260 if [ "$SET_ARCH" = 64 ] ; then
260 261 # General 64-bit depended settings
261 262 QEMU_BINARY=${QEMU_BINARY:=/usr/bin/qemu-aarch64-static}
262 263 KERNEL_ARCH=${KERNEL_ARCH:=arm64}
263 264 KERNEL_BIN_IMAGE=${KERNEL_BIN_IMAGE:="Image"}
264 265
265 266 # Raspberry Pi model specific settings
266 267 if [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] || [ "$RPI_MODEL" = 4 ] ; then
267 268 if [ "$RPI_MODEL" != 4 ] ; then
268 269 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcmrpi3_defconfig}
269 270 else
270 271 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcm2711_defconfig}
271 272 fi
272 273
273 274 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-arm64"
274 275 RELEASE_ARCH=${RELEASE_ARCH:=arm64}
275 276 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel8.img}
276 277 CROSS_COMPILE=${CROSS_COMPILE:=aarch64-linux-gnu-}
277 278 else
278 279 echo "error: Only Raspberry PI 3, 3B+ and 4 support 64-bit"
279 280 exit 1
280 281 fi
281 282 fi
282 283
283 284 # 32-bit configuration
284 285 if [ "$SET_ARCH" = 32 ] ; then
285 286 # General 32-bit dependend settings
286 287 QEMU_BINARY=${QEMU_BINARY:=/usr/bin/qemu-arm-static}
287 288 KERNEL_ARCH=${KERNEL_ARCH:=arm}
288 289 KERNEL_BIN_IMAGE=${KERNEL_BIN_IMAGE:="zImage"}
289 290
290 291 # Raspberry Pi model specific settings
291 292 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 1 ] || [ "$RPI_MODEL" = 1P ] ; then
292 293 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-armel"
293 294 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcmrpi_defconfig}
294 295 RELEASE_ARCH=${RELEASE_ARCH:=armel}
295 296 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel.img}
296 297 CROSS_COMPILE=${CROSS_COMPILE:=arm-linux-gnueabi-}
297 298 fi
298 299
299 300 # Raspberry Pi model specific settings
300 301 if [ "$RPI_MODEL" = 2 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] || [ "$RPI_MODEL" = 4 ] ; then
301 302 if [ "$RPI_MODEL" != 4 ] ; then
302 303 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcm2709_defconfig}
303 304 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel7.img}
304 305 else
305 306 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcm2711_defconfig}
306 307 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel7l.img}
307 308 fi
308 309
309 310 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-armhf"
310 311 RELEASE_ARCH=${RELEASE_ARCH:=armhf}
311 312
312 313 CROSS_COMPILE=${CROSS_COMPILE:=arm-linux-gnueabihf-}
313 314 fi
314 315 fi
315 316 # SET_ARCH not set
316 317 else
317 318 echo "error: Please set '32' or '64' as value for SET_ARCH"
318 319 exit 1
319 320 fi
320 321 # Device specific configuration and U-Boot configuration
321 322 case "$RPI_MODEL" in
322 323 0)
323 324 DTB_FILE=${DTB_FILE:=bcm2708-rpi-0-w.dtb}
324 325 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_defconfig}
325 326 ;;
326 327 1)
327 328 DTB_FILE=${DTB_FILE:=bcm2708-rpi-b.dtb}
328 329 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_defconfig}
329 330 ;;
330 331 1P)
331 332 DTB_FILE=${DTB_FILE:=bcm2708-rpi-b-plus.dtb}
332 333 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_defconfig}
333 334 ;;
334 335 2)
335 336 DTB_FILE=${DTB_FILE:=bcm2709-rpi-2-b.dtb}
336 337 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_2_defconfig}
337 338 ;;
338 339 3)
339 340 DTB_FILE=${DTB_FILE:=bcm2710-rpi-3-b.dtb}
340 341 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_3_defconfig}
341 342 ;;
342 343 3P)
343 344 DTB_FILE=${DTB_FILE:=bcm2710-rpi-3-b.dtb}
344 345 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_3_defconfig}
345 346 ;;
346 347 4)
347 348 DTB_FILE=${DTB_FILE:=bcm2711-rpi-4-b.dtb}
348 349 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_4_defconfig}
349 350 ;;
350 351 *)
351 352 echo "error: Raspberry Pi model $RPI_MODEL is not supported!"
352 353 exit 1
353 354 ;;
354 355 esac
355 356
356 357 # Raspberry PI 0,3,3P with Bluetooth and Wifi onboard
357 358 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] || [ "$RPI_MODEL" = 4 ] ; then
358 359 # Include bluetooth packages on supported boards
359 360 if [ "$ENABLE_BLUETOOTH" = true ] ; then
360 361 APT_INCLUDES="${APT_INCLUDES},bluetooth,bluez"
361 362 fi
362 363 if [ "$ENABLE_WIRELESS" = true ] ; then
363 364 APT_INCLUDES="${APT_INCLUDES},wireless-tools,crda,wireless-regdb"
364 365 fi
365 366 else # Raspberry PI 1,1P,2 without Wifi and bluetooth onboard
366 367 # Check if the internal wireless interface is not supported by the RPi model
367 368 if [ "$ENABLE_WIRELESS" = true ] || [ "$ENABLE_BLUETOOTH" = true ]; then
368 369 echo "error: The selected Raspberry Pi model has no integrated interface for wireless or bluetooth"
369 370 exit 1
370 371 fi
371 372 fi
372 373
373 374 if [ "$BUILD_KERNEL" = false ] && [ "$ENABLE_NEXMON" = true ]; then
374 375 echo "error: You have to compile kernel sources, if you want to enable nexmon"
375 376 exit 1
376 377 fi
377 378
378 379 # Prepare date string for default image file name
379 380 DATE="$(date +%Y-%m-%d)"
380 381 if [ -z "$KERNEL_BRANCH" ] ; then
381 382 IMAGE_NAME=${IMAGE_NAME:=${BASEDIR}/${DATE}-${KERNEL_ARCH}-CURRENT-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}}
382 383 else
383 384 IMAGE_NAME=${IMAGE_NAME:=${BASEDIR}/${DATE}-${KERNEL_ARCH}-${KERNEL_BRANCH}-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}}
384 385 fi
385 386
386 387 # Check if DISABLE_UNDERVOLT_WARNINGS parameter value is supported
387 388 if [ -n "$DISABLE_UNDERVOLT_WARNINGS" ] ; then
388 389 if [ "$DISABLE_UNDERVOLT_WARNINGS" != 1 ] && [ "$DISABLE_UNDERVOLT_WARNINGS" != 2 ] ; then
389 390 echo "error: DISABLE_UNDERVOLT_WARNINGS=${DISABLE_UNDERVOLT_WARNINGS} is not supported"
390 391 exit 1
391 392 fi
392 393 fi
393 394
394 395 # Add cmake to compile videocore sources
395 396 if [ "$ENABLE_VIDEOCORE" = true ] ; then
396 397 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} cmake"
397 398 fi
398 399
399 400 # Add deps for nexmon
400 401 if [ "$ENABLE_NEXMON" = true ] ; then
401 402 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} libgmp3-dev gawk qpdf make autoconf automake build-essential libtool"
402 403 fi
403 404
404 405 # Add libncurses5 to enable kernel menuconfig
405 406 if [ "$KERNEL_MENUCONFIG" = true ] ; then
406 407 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} libncurses-dev"
407 408 fi
408 409
409 410 # Add ccache compiler cache for (faster) kernel cross (re)compilation
410 411 if [ "$KERNEL_CCACHE" = true ] ; then
411 412 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} ccache"
412 413 fi
413 414
414 415 # Add cryptsetup package to enable filesystem encryption
415 416 if [ "$ENABLE_CRYPTFS" = true ] && [ "$BUILD_KERNEL" = true ] ; then
416 417 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} cryptsetup"
417 418 APT_INCLUDES="${APT_INCLUDES},cryptsetup,busybox,console-setup"
418 419
419 420 # If cryptfs,dropbear and initramfs are enabled include dropbear-initramfs package
420 421 if [ "$CRYPTFS_DROPBEAR" = true ] && [ "$ENABLE_INITRAMFS" = true ]; then
421 422 APT_INCLUDES="${APT_INCLUDES},dropbear-initramfs"
422 423 fi
423 424
424 425 if [ -z "$CRYPTFS_PASSWORD" ] ; then
425 426 echo "error: no password defined (CRYPTFS_PASSWORD)!"
426 427 exit 1
427 428 fi
428 429 ENABLE_INITRAMFS=true
429 430 fi
430 431
431 432 # Add initramfs generation tools
432 433 if [ "$ENABLE_INITRAMFS" = true ] && [ "$BUILD_KERNEL" = true ] ; then
433 434 APT_INCLUDES="${APT_INCLUDES},initramfs-tools"
434 435 fi
435 436
436 437 # Add device-tree-compiler required for building the U-Boot bootloader
437 438 if [ "$ENABLE_UBOOT" = true ] ; then
438 439 APT_INCLUDES="${APT_INCLUDES},device-tree-compiler,bc"
439 440 fi
440 441
441 442 if [ "$ENABLE_USBBOOT" = true ] ; then
442 443 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 1P ] || [ "$RPI_MODEL" = 1 ] || [ "$RPI_MODEL" = 2 ]; then
443 444 echo "error: Booting from USB alone is only supported by Raspberry Pi 3 and 3P"
444 445 exit 1
445 446 fi
446 447 fi
447 448
448 449 # Check if root SSH (v2) public key file exists
449 450 if [ -n "$SSH_ROOT_PUB_KEY" ] ; then
450 451 if [ ! -f "$SSH_ROOT_PUB_KEY" ] ; then
451 452 echo "error: '$SSH_ROOT_PUB_KEY' specified SSH public key file not found (SSH_ROOT_PUB_KEY)!"
452 453 exit 1
453 454 fi
454 455 fi
455 456
456 457 # Check if $USER_NAME SSH (v2) public key file exists
457 458 if [ -n "$SSH_USER_PUB_KEY" ] ; then
458 459 if [ ! -f "$SSH_USER_PUB_KEY" ] ; then
459 460 echo "error: '$SSH_USER_PUB_KEY' specified SSH public key file not found (SSH_USER_PUB_KEY)!"
460 461 exit 1
461 462 fi
462 463 fi
463 464
464 465 if [ "$ENABLE_NEXMON" = true ] && [ -n "$KERNEL_BRANCH" ] ; then
465 466 echo "error: Please unset KERNEL_BRANCH if using ENABLE_NEXMON"
466 467 exit 1
467 468 fi
468 469
469 470 # Check if all required packages are installed on the build system
470 471 for package in $REQUIRED_PACKAGES ; do
471 472 if [ "$(dpkg-query -W -f='${Status}' "$package")" != "install ok installed" ] ; then
472 473 MISSING_PACKAGES="${MISSING_PACKAGES} $package"
473 474 fi
474 475 done
475 476
476 477 # If there are missing packages ask confirmation for install, or exit
477 478 if [ -n "$MISSING_PACKAGES" ] ; then
478 479 echo "the following packages needed by this script are not installed:"
479 480 echo "$MISSING_PACKAGES"
480 481
481 482 printf "\ndo you want to install the missing packages right now? [y/n] "
482 483 read -r confirm
483 484 [ "$confirm" != "y" ] && exit 1
484 485
485 486 # Make sure all missing required packages are installed
486 487 apt-get update && apt-get -qq -y install `echo "${MISSING_PACKAGES}" | sed "s/ //"`
487 488 fi
488 489
489 490 # Check if ./bootstrap.d directory exists
490 491 if [ ! -d "./bootstrap.d/" ] ; then
491 492 echo "error: './bootstrap.d' required directory not found!"
492 493 exit 1
493 494 fi
494 495
495 496 # Check if ./files directory exists
496 497 if [ ! -d "./files/" ] ; then
497 498 echo "error: './files' required directory not found!"
498 499 exit 1
499 500 fi
500 501
501 502 # Check if specified KERNELSRC_DIR directory exists
502 503 if [ -n "$KERNELSRC_DIR" ] && [ ! -d "$KERNELSRC_DIR" ] ; then
503 504 echo "error: '${KERNELSRC_DIR}' specified directory not found (KERNELSRC_DIR)!"
504 505 exit 1
505 506 fi
506 507
507 508 # Check if specified UBOOTSRC_DIR directory exists
508 509 if [ -n "$UBOOTSRC_DIR" ] && [ ! -d "$UBOOTSRC_DIR" ] ; then
509 510 echo "error: '${UBOOTSRC_DIR}' specified directory not found (UBOOTSRC_DIR)!"
510 511 exit 1
511 512 fi
512 513
513 514 # Check if specified VIDEOCORESRC_DIR directory exists
514 515 if [ -n "$VIDEOCORESRC_DIR" ] && [ ! -d "$VIDEOCORESRC_DIR" ] ; then
515 516 echo "error: '${VIDEOCORESRC_DIR}' specified directory not found (VIDEOCORESRC_DIR)!"
516 517 exit 1
517 518 fi
518 519
519 520 # Check if specified FBTURBOSRC_DIR directory exists
520 521 if [ -n "$FBTURBOSRC_DIR" ] && [ ! -d "$FBTURBOSRC_DIR" ] ; then
521 522 echo "error: '${FBTURBOSRC_DIR}' specified directory not found (FBTURBOSRC_DIR)!"
522 523 exit 1
523 524 fi
524 525
525 526 # Check if specified NEXMONSRC_DIR directory exists
526 527 if [ -n "$NEXMONSRC_DIR" ] && [ ! -d "$NEXMONSRC_DIR" ] ; then
527 528 echo "error: '${NEXMONSRC_DIR}' specified directory not found (NEXMONSRC_DIR)!"
528 529 exit 1
529 530 fi
530 531
531 532 # Check if specified CHROOT_SCRIPTS directory exists
532 533 if [ -n "$CHROOT_SCRIPTS" ] && [ ! -d "$CHROOT_SCRIPTS" ] ; then
533 534 echo "error: ${CHROOT_SCRIPTS} specified directory not found (CHROOT_SCRIPTS)!"
534 535 exit 1
535 536 fi
536 537
537 538 # Check if specified device mapping already exists (will be used by cryptsetup)
538 539 if [ -r "/dev/mapping/${CRYPTFS_MAPPING}" ] ; then
539 540 echo "error: mapping /dev/mapping/${CRYPTFS_MAPPING} already exists, not proceeding"
540 541 exit 1
541 542 fi
542 543
543 544 # Don't clobber an old build
544 545 if [ -e "$BUILDDIR" ] ; then
545 546 echo "error: directory ${BUILDDIR} already exists, not proceeding"
546 547 exit 1
547 548 fi
548 549
549 550 # Setup chroot directory
550 551 mkdir -p "${R}"
551 552
552 553 # Check if build directory has enough of free disk space >512MB
553 554 if [ "$(df --output=avail "${BUILDDIR}" | sed "1d")" -le "524288" ] ; then
554 555 echo "error: ${BUILDDIR} not enough space left to generate the output image!"
555 556 exit 1
556 557 fi
557 558
558 559 set -x
559 560
560 561 # Call "cleanup" function on various signals and errors
561 562 trap cleanup 0 1 2 3 6
562 563
563 564 # Add required packages for the minbase installation
564 565 if [ "$ENABLE_MINBASE" = true ] ; then
565 566 APT_INCLUDES="${APT_INCLUDES},vim-tiny,netbase,net-tools,ifupdown"
566 567 fi
567 568
568 569 # Add parted package, required to get partprobe utility
569 570 if [ "$EXPANDROOT" = true ] ; then
570 571 APT_INCLUDES="${APT_INCLUDES},parted"
571 572 fi
572 573
573 574 # Add dphys-swapfile package, required to enable swap
574 575 if [ "$ENABLE_DPHYSSWAP" = true ] ; then
575 576 APT_INCLUDES="${APT_INCLUDES},dphys-swapfile"
576 577 fi
577 578
578 579 # Add dbus package, recommended if using systemd
579 580 if [ "$ENABLE_DBUS" = true ] ; then
580 581 APT_INCLUDES="${APT_INCLUDES},dbus"
581 582 fi
582 583
583 584 # Add iptables IPv4/IPv6 package
584 585 if [ "$ENABLE_IPTABLES" = true ] ; then
585 586 APT_INCLUDES="${APT_INCLUDES},iptables,iptables-persistent"
586 587 fi
587 588 # Add apparmor for KERNEL_SECURITY
588 589 if [ "$KERNEL_SECURITY" = true ] ; then
589 590 APT_INCLUDES="${APT_INCLUDES},apparmor,apparmor-utils,apparmor-profiles,apparmor-profiles-extra,libapparmor-perl"
590 591 fi
591 592
592 593 # Add openssh server package
593 594 if [ "$ENABLE_SSHD" = true ] ; then
594 595 APT_INCLUDES="${APT_INCLUDES},openssh-server"
595 596 fi
596 597
597 598 # Add alsa-utils package
598 599 if [ "$ENABLE_SOUND" = true ] ; then
599 600 APT_INCLUDES="${APT_INCLUDES},alsa-utils"
600 601 fi
601 602
602 603 # Add rng-tools package
603 604 if [ "$ENABLE_HWRANDOM" = true ] ; then
604 605 APT_INCLUDES="${APT_INCLUDES},rng-tools"
605 606 fi
606 607
607 608 # Add fbturbo video driver
608 609 if [ "$ENABLE_FBTURBO" = true ] ; then
609 610 # Enable xorg package dependencies
610 611 ENABLE_XORG=true
611 612 fi
612 613
613 614 # Add user defined window manager package
614 615 if [ -n "$ENABLE_WM" ] ; then
615 616 APT_INCLUDES="${APT_INCLUDES},${ENABLE_WM}"
616 617
617 618 # Enable xorg package dependencies
618 619 ENABLE_XORG=true
619 620 fi
620 621
621 622 # Add xorg package
622 623 if [ "$ENABLE_XORG" = true ] ; then
623 624 APT_INCLUDES="${APT_INCLUDES},xorg,dbus-x11"
624 625 fi
625 626
626 627 # Replace selected packages with smaller clones
627 628 if [ "$ENABLE_REDUCE" = true ] ; then
628 629 # Add levee package instead of vim-tiny
629 630 if [ "$REDUCE_VIM" = true ] ; then
630 631 APT_INCLUDES="$(echo ${APT_INCLUDES} | sed "s/vim-tiny/levee/")"
631 632 fi
632 633
633 634 # Add dropbear package instead of openssh-server
634 635 if [ "$REDUCE_SSHD" = true ] ; then
635 636 APT_INCLUDES="$(echo "${APT_INCLUDES}" | sed "s/openssh-server/dropbear/")"
636 637 fi
637 638 fi
638 639
639 640 # Configure systemd-sysv exclude to make halt/reboot/shutdown scripts available
640 641 if [ "$ENABLE_SYSVINIT" = false ] ; then
641 642 APT_EXCLUDES="--exclude=${APT_EXCLUDES},init,systemd-sysv"
642 643 fi
643 644
644 645 # Configure kernel sources if no KERNELSRC_DIR
645 646 if [ "$BUILD_KERNEL" = true ] && [ -z "$KERNELSRC_DIR" ] ; then
646 647 KERNELSRC_CONFIG=true
647 648 fi
648 649
649 650 # Configure reduced kernel
650 651 if [ "$KERNEL_REDUCE" = true ] ; then
651 652 KERNELSRC_CONFIG=false
652 653 fi
653 654
654 655 # Configure qemu compatible kernel
655 656 if [ "$ENABLE_QEMU" = true ] ; then
656 657 DTB_FILE=vexpress-v2p-ca15_a7.dtb
657 658 UBOOT_CONFIG=vexpress_ca15_tc2_defconfig
658 659 KERNEL_DEFCONFIG="vexpress_defconfig"
659 660 if [ "$KERNEL_MENUCONFIG" = false ] ; then
660 661 KERNEL_OLDDEFCONFIG=true
661 662 fi
662 663 fi
663 664
664 665 # Execute bootstrap scripts
665 666 for SCRIPT in bootstrap.d/*.sh; do
666 667 head -n 3 "$SCRIPT"
667 668 . "$SCRIPT"
668 669 done
669 670
670 671 ## Execute custom bootstrap scripts
671 672 if [ -d "custom.d" ] ; then
672 673 for SCRIPT in custom.d/*.sh; do
673 674 . "$SCRIPT"
674 675 done
675 676 fi
676 677
677 678 # Execute custom scripts inside the chroot
678 679 if [ -n "$CHROOT_SCRIPTS" ] && [ -d "$CHROOT_SCRIPTS" ] ; then
679 680 cp -r "${CHROOT_SCRIPTS}" "${R}/chroot_scripts"
680 681 chroot_exec /bin/bash -x <<'EOF'
681 682 for SCRIPT in /chroot_scripts/* ; do
682 683 if [ -f $SCRIPT -a -x $SCRIPT ] ; then
683 684 $SCRIPT
684 685 fi
685 686 done
686 687 EOF
687 688 rm -rf "${R}/chroot_scripts"
688 689 fi
689 690
690 691 # Remove c/c++ build environment from the chroot
691 692 chroot_remove_cc
692 693
693 694 # Generate required machine-id
694 695 MACHINE_ID=$(dbus-uuidgen)
695 696 echo -n "${MACHINE_ID}" > "${R}/var/lib/dbus/machine-id"
696 697 echo -n "${MACHINE_ID}" > "${ETC_DIR}/machine-id"
697 698
698 699 # APT Cleanup
699 700 chroot_exec apt-get -y clean
700 701 chroot_exec apt-get -y autoclean
701 702 chroot_exec apt-get -y autoremove
702 703
703 704 # Unmount mounted filesystems
704 705 umount -l "${R}/proc"
705 706 umount -l "${R}/sys"
706 707
707 708 # Clean up directories
708 709 rm -rf "${R}/run/*"
709 710 rm -rf "${R}/tmp/*"
710 711
711 712 # Clean up APT proxy settings
712 713 if [ "$KEEP_APT_PROXY" = false ] ; then
713 714 rm -f "${ETC_DIR}/apt/apt.conf.d/10proxy"
714 715 fi
715 716
716 717 # Clean up files
717 718 rm -f "${ETC_DIR}/ssh/ssh_host_*"
718 719 rm -f "${ETC_DIR}/dropbear/dropbear_*"
719 720 rm -f "${ETC_DIR}/apt/sources.list.save"
720 721 rm -f "${ETC_DIR}/resolvconf/resolv.conf.d/original"
721 722 rm -f "${ETC_DIR}/*-"
722 723 rm -f "${ETC_DIR}/resolv.conf"
723 724 rm -f "${R}/root/.bash_history"
724 725 rm -f "${R}/var/lib/urandom/random-seed"
725 726 rm -f "${R}/initrd.img"
726 727 rm -f "${R}/vmlinuz"
727 728 rm -f "${R}${QEMU_BINARY}"
728 729
729 730 if [ "$ENABLE_QEMU" = true ] ; then
730 731 # Setup QEMU directory
731 732 mkdir "${BASEDIR}/qemu"
732 733
733 734 # Copy kernel image to QEMU directory
734 735 install_readonly "${BOOT_DIR}/${KERNEL_IMAGE}" "${BASEDIR}/qemu/${KERNEL_IMAGE}"
735 736
736 737 # Copy kernel config to QEMU directory
737 738 install_readonly "${R}/boot/config-${KERNEL_VERSION}" "${BASEDIR}/qemu/config-${KERNEL_VERSION}"
738 739
739 740 # Copy kernel dtbs to QEMU directory
740 741 for dtb in "${BOOT_DIR}/"*.dtb ; do
741 742 if [ -f "${dtb}" ] ; then
742 743 install_readonly "${dtb}" "${BASEDIR}/qemu/"
743 744 fi
744 745 done
745 746
746 747 # Copy kernel overlays to QEMU directory
747 748 if [ -d "${BOOT_DIR}/overlays" ] ; then
748 749 # Setup overlays dtbs directory
749 750 mkdir "${BASEDIR}/qemu/overlays"
750 751
751 752 for dtb in "${BOOT_DIR}/overlays/"*.dtbo ; do
752 753 if [ -f "${dtb}" ] ; then
753 754 install_readonly "${dtb}" "${BASEDIR}/qemu/overlays/"
754 755 fi
755 756 done
756 757 fi
757 758
758 759 # Copy u-boot files to QEMU directory
759 760 if [ "$ENABLE_UBOOT" = true ] ; then
760 761 if [ -f "${BOOT_DIR}/u-boot.bin" ] ; then
761 762 install_readonly "${BOOT_DIR}/u-boot.bin" "${BASEDIR}/qemu/u-boot.bin"
762 763 fi
763 764 if [ -f "${BOOT_DIR}/uboot.mkimage" ] ; then
764 765 install_readonly "${BOOT_DIR}/uboot.mkimage" "${BASEDIR}/qemu/uboot.mkimage"
765 766 fi
766 767 if [ -f "${BOOT_DIR}/boot.scr" ] ; then
767 768 install_readonly "${BOOT_DIR}/boot.scr" "${BASEDIR}/qemu/boot.scr"
768 769 fi
769 770 fi
770 771
771 772 # Copy initramfs to QEMU directory
772 773 if [ -f "${BOOT_DIR}/initramfs-${KERNEL_VERSION}" ] ; then
773 774 install_readonly "${BOOT_DIR}/initramfs-${KERNEL_VERSION}" "${BASEDIR}/qemu/initramfs-${KERNEL_VERSION}"
774 775 fi
775 776 fi
776 777
777 778 # Calculate size of the chroot directory in KB
778 779 CHROOT_SIZE=$(expr "$(du -s "${R}" | awk '{ print $1 }')")
779 780
780 781 # Calculate the amount of needed 512 Byte sectors
781 782 TABLE_SECTORS=$(expr 1 \* 1024 \* 1024 \/ 512)
782 783 FRMW_SECTORS=$(expr 64 \* 1024 \* 1024 \/ 512)
783 784 ROOT_OFFSET=$(expr "${TABLE_SECTORS}" + "${FRMW_SECTORS}")
784 785
785 786 # The root partition is EXT4
786 787 # This means more space than the actual used space of the chroot is used.
787 788 # As overhead for journaling and reserved blocks 35% are added.
788 789 ROOT_SECTORS=$(expr "$(expr "${CHROOT_SIZE}" + "${CHROOT_SIZE}" \/ 100 \* 35)" \* 1024 \/ 512)
789 790
790 791 # Calculate required image size in 512 Byte sectors
791 792 IMAGE_SECTORS=$(expr "${TABLE_SECTORS}" + "${FRMW_SECTORS}" + "${ROOT_SECTORS}")
792 793
793 794 # Prepare image file
794 795 if [ "$ENABLE_SPLITFS" = true ] ; then
795 796 dd if=/dev/zero of="$IMAGE_NAME-frmw.img" bs=512 count="${TABLE_SECTORS}"
796 797 dd if=/dev/zero of="$IMAGE_NAME-frmw.img" bs=512 count=0 seek="${FRMW_SECTORS}"
797 798 dd if=/dev/zero of="$IMAGE_NAME-root.img" bs=512 count="${TABLE_SECTORS}"
798 799 dd if=/dev/zero of="$IMAGE_NAME-root.img" bs=512 count=0 seek="${ROOT_SECTORS}"
799 800
800 801 # Write firmware/boot partition tables
801 802 sfdisk -q -L -uS -f "$IMAGE_NAME-frmw.img" 2> /dev/null <<EOM
802 803 ${TABLE_SECTORS},${FRMW_SECTORS},c,*
803 804 EOM
804 805
805 806 # Write root partition table
806 807 sfdisk -q -L -uS -f "$IMAGE_NAME-root.img" 2> /dev/null <<EOM
807 808 ${TABLE_SECTORS},${ROOT_SECTORS},83
808 809 EOM
809 810
810 811 # Setup temporary loop devices
811 812 FRMW_LOOP="$(losetup -o 1M --sizelimit 64M -f --show "$IMAGE_NAME"-frmw.img)"
812 813 ROOT_LOOP="$(losetup -o 1M -f --show "$IMAGE_NAME"-root.img)"
813 814 else # ENABLE_SPLITFS=false
814 815 dd if=/dev/zero of="$IMAGE_NAME.img" bs=512 count="${TABLE_SECTORS}"
815 816 dd if=/dev/zero of="$IMAGE_NAME.img" bs=512 count=0 seek="${IMAGE_SECTORS}"
816 817
817 818 # Write partition table
818 819 sfdisk -q -L -uS -f "$IMAGE_NAME.img" 2> /dev/null <<EOM
819 820 ${TABLE_SECTORS},${FRMW_SECTORS},c,*
820 821 ${ROOT_OFFSET},${ROOT_SECTORS},83
821 822 EOM
822 823
823 824 # Setup temporary loop devices
824 825 FRMW_LOOP="$(losetup -o 1M --sizelimit 64M -f --show "$IMAGE_NAME".img)"
825 826 ROOT_LOOP="$(losetup -o 65M -f --show "$IMAGE_NAME".img)"
826 827 fi
827 828
828 829 if [ "$ENABLE_CRYPTFS" = true ] ; then
829 830 # Create dummy ext4 fs
830 831 mkfs.ext4 "$ROOT_LOOP"
831 832
832 833 # Setup password keyfile
833 834 touch .password
834 835 chmod 600 .password
835 836 echo -n ${CRYPTFS_PASSWORD} > .password
836 837
837 838 # Initialize encrypted partition
838 839 cryptsetup --verbose --debug -q luksFormat "${ROOT_LOOP}" -c "${CRYPTFS_CIPHER}" -h "${CRYPTFS_HASH}" -s "${CRYPTFS_XTSKEYSIZE}" .password
839 840
840 841 # Open encrypted partition and setup mapping
841 842 cryptsetup luksOpen "${ROOT_LOOP}" -d .password "${CRYPTFS_MAPPING}"
842 843
843 844 # Secure delete password keyfile
844 845 shred -zu .password
845 846
846 847 # Update temporary loop device
847 848 ROOT_LOOP="/dev/mapper/${CRYPTFS_MAPPING}"
848 849
849 850 # Wipe encrypted partition (encryption cipher is used for randomness)
850 851 dd if=/dev/zero of="${ROOT_LOOP}" bs=512 count="$(blockdev --getsz "${ROOT_LOOP}")"
851 852 fi
852 853
853 854 # Build filesystems
854 855 mkfs.vfat "$FRMW_LOOP"
855 856 mkfs.ext4 "$ROOT_LOOP"
856 857
857 858 # Mount the temporary loop devices
858 859 mkdir -p "$BUILDDIR/mount"
859 860 mount "$ROOT_LOOP" "$BUILDDIR/mount"
860 861
861 862 mkdir -p "$BUILDDIR/mount/boot/firmware"
862 863 mount "$FRMW_LOOP" "$BUILDDIR/mount/boot/firmware"
863 864
864 865 # Copy all files from the chroot to the loop device mount point directory
865 866 rsync -a "${R}/" "$BUILDDIR/mount/"
866 867
867 868 # Unmount all temporary loop devices and mount points
868 869 cleanup
869 870
870 871 # Create block map file(s) of image(s)
871 872 if [ "$ENABLE_SPLITFS" = true ] ; then
872 873 # Create block map files for "bmaptool"
873 874 bmaptool create -o "$IMAGE_NAME-frmw.bmap" "$IMAGE_NAME-frmw.img"
874 875 bmaptool create -o "$IMAGE_NAME-root.bmap" "$IMAGE_NAME-root.img"
875 876
876 877 # Image was successfully created
877 878 echo "$IMAGE_NAME-frmw.img ($(expr \( "${TABLE_SECTORS}" + "${FRMW_SECTORS}" \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
878 879 echo "$IMAGE_NAME-root.img ($(expr \( "${TABLE_SECTORS}" + "${ROOT_SECTORS}" \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
879 880 else
880 881 # Create block map file for "bmaptool"
881 882 bmaptool create -o "$IMAGE_NAME.bmap" "$IMAGE_NAME.img"
882 883
883 884 # Image was successfully created
884 885 echo "$IMAGE_NAME.img ($(expr \( "${TABLE_SECTORS}" + "${FRMW_SECTORS}" + "${ROOT_SECTORS}" \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
885 886
886 887 # Create qemu qcow2 image
887 888 if [ "$ENABLE_QEMU" = true ] ; then
888 889 QEMU_IMAGE=${QEMU_IMAGE:=${BASEDIR}/qemu/${DATE}-${KERNEL_ARCH}-CURRENT-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}}
889 890 QEMU_SIZE=16G
890 891
891 892 qemu-img convert -f raw -O qcow2 "$IMAGE_NAME".img "$QEMU_IMAGE".qcow2
892 893 qemu-img resize "$QEMU_IMAGE".qcow2 $QEMU_SIZE
893 894
894 895 echo "$QEMU_IMAGE.qcow2 ($QEMU_SIZE)" ": successfully created"
895 896 fi
896 897 fi
General Comments 0
Vous devez vous connecter pour laisser un commentaire. Se connecter maintenant