##// END OF EJS Templates
Merge branch 'master' of git://github.com/drtyhlpr/rpi23-gen-image into drtyhlpr-master
vidal -
r707:4b0de60ca6dc Fusion
parent child
Show More
@@ -1,17 +1,24
1 1 # rpi23-gen-image
2 2 ## Introduction
3 <<<<<<< HEAD
3 4
4 5
5 6 `rpi23-gen-image.sh` is an advanced Debian Linux bootstrapping shell script for generating Debian OS images for Raspberry Pi 2 (RPi2) and Raspberry Pi 3 (RPi3) computers. The script at this time supports the bootstrapping of the Debian (armhf) releases `jessie`, `stretch` and `buster`. Raspberry Pi 3 images are generated for 32-bit mode only. Raspberry Pi 3 64-bit images can be generated using custom configuration parameters (```templates/rpi3-stretch-arm64-4.11.y```).
6 7
7 8
9 =======
10 `rpi23-gen-image.sh` is an advanced Debian Linux bootstrapping shell script for generating Debian OS images for all Raspberry Pi computers. The script at this time supports the bootstrapping of the Debian (armhf/armel) releases `stretch` and `buster`. Raspberry Pi 0/1/2/3/4 images are generated for 32-bit mode only. Raspberry Pi 3 supports 64-bit images that can be generated using custom configuration parameters (```templates/rpi3-stretch-arm64-4.14.y```).
11 >>>>>>> af203dbe173e4e5ca755058b3284dc61375ca579
8 12
9 13 ## Build dependencies
10 14 The following list of Debian packages must be installed on the build system because they are essentially required for the bootstrapping process. The script will check if all required packages are installed and missing packages will be installed automatically if confirmed by the user.
11 15
12 16 ```debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git bc psmisc dbus sudo```
13 17
18 <<<<<<< HEAD
14 19 It is recommended to configure the `rpi23-gen-image.sh` script to build and install the latest Raspberry Pi Linux kernel. For the Raspberry 3 this is mandatory. Kernel compilation and linking will be performed on the build system using an ARM (armhf/armel) cross-compiler toolchain.
20 =======
21 >>>>>>> af203dbe173e4e5ca755058b3284dc61375ca579
15 22 It is recommended to configure the `rpi23-gen-image.sh` script to build and install the latest Raspberry Pi Linux kernel. For the Raspberry 3 this is mandatory. Kernel compilation and linking will be performed on the build system using an ARM (armhf/armel/aarch64) cross-compiler toolchain.
16 23
17 24 The script has been tested using the default `crossbuild-essential-armhf` and `crossbuild-essential-armel` toolchain meta packages on Debian Linux `stretch` build systems. Please check the [Debian CrossToolchains Wiki](https://wiki.debian.org/CrossToolchains) for further information.
@@ -66,7 +73,10 A comma-separated list of additional packages to be installed by apt after boots
66 73
67 74 #### General system settings:
68 75 ##### `SET_ARCH`=32
76 <<<<<<< HEAD
69 77 Set Architecture to default 32bit. If you want to compile 64-bit (RPI3 or RPI3+) set it to `64`. This option will set every needed cross-compiler or board specific option for a successful build.
78 =======
79 >>>>>>> af203dbe173e4e5ca755058b3284dc61375ca579
70 80 Set Architecture to default 32bit. If you want to compile 64-bit (RPI3/RPI3+/RPI4) set it to `64`. This option will set every needed cross-compiler or board specific option for a successful build.
71 81
72 82 ##### `RPI_MODEL`=2
@@ -321,7 +331,10 Add SSH (v2) public key(s) from specified file to `authorized_keys` file to enab
321 331
322 332 #### Kernel compilation:
323 333 ##### `BUILD_KERNEL`=true
334 <<<<<<< HEAD
324 335 Build and install the latest RPi 0/1/2/3 Linux kernel. Currently only the default RPi 0/1/2/3 kernel configuration is used.
336 =======
337 >>>>>>> af203dbe173e4e5ca755058b3284dc61375ca579
325 338 Build and install the latest RPi 0/1/2/3/4 Linux kernel. The default RPi 0/1/2/3/ kernel configuration is used most of the time.
326 339 ENABLE_NEXMON - Changes Kernel Source to [https://github.com/Re4son/](Kali Linux Kernel)
327 340 Precompiled 32bit kernel for RPI0/1/2/3 by [https://github.com/hypriot/](hypriot)
@@ -456,7 +469,10 Set password of the encrypted root partition. This parameter is mandatory if `EN
456 469 ##### `CRYPTFS_MAPPING`="secure"
457 470 Set name of dm-crypt managed device-mapper mapping.
458 471
472 <<<<<<< HEAD
459 473 ##### `CRYPTFS_CIPHER`="aes-xts-plain64:sha512"
474 =======
475 >>>>>>> af203dbe173e4e5ca755058b3284dc61375ca579
460 476 ##### `CRYPTFS_CIPHER`="aes-xts-plain64"
461 477 Set cipher specification string. `aes-xts*` ciphers are strongly recommended.
462 478
@@ -53,6 +53,11 if [ "$BUILD_KERNEL" = true ] ; then
53 53 KERNEL_THREADS=$(grep -c processor /proc/cpuinfo)
54 54 fi
55 55
56 #Copy 32bit config to 64bit
57 if [ "$ENABLE_QEMU" = true ] && [ "$KERNEL_ARCH" = arm64 ]; then
58 cp "${KERNEL_DIR}"/arch/arm/configs/vexpress_defconfig "${KERNEL_DIR}"/arch/arm64/configs/
59 fi
60
56 61 # Configure and build kernel
57 62 if [ "$KERNELSRC_PREBUILT" = false ] ; then
58 63 # Remove device, network and filesystem drivers from kernel configuration
@@ -98,13 +103,38 if [ "$BUILD_KERNEL" = true ] ; then
98 103 #Switch to KERNELSRC_DIR so we can use set_kernel_config
99 104 cd "${KERNEL_DIR}" || exit
100 105
101 if [ "$KERNEL_ARCH" = arm64 ] ; then
106 # Enable RPI POE HAT fan
107 if [ "$KERNEL_POEHAT" = true ]; then
108 set_kernel_config CONFIG_SENSORS_RPI_POE_FAN m
109 fi
110
111 # Enable per-interface network priority control
112 # (for systemd-nspawn)
113 if [ "$KERNEL_NSPAN" = true ]; then
114 set_kernel_config CONFIG_CGROUP_NET_PRIO y
115 fi
116
117 # Compile in BTRFS
118 if [ "$KERNEL_BTRFS" = true ]; then
119 set_kernel_config CONFIG_BTRFS_FS y
120 set_kernel_config CONFIG_BTRFS_FS_POSIX_ACL y
121 set_kernel_config CONFIG_BTRFS_FS_REF_VERIFY y
122 fi
123
124 # Diffie-Hellman operations on retained keys
125 # (required for >keyutils-1.6)
126 if [ "$KERNEL_DHKEY" = true ]; then
127 set_kernel_config CONFIG_KEY_DH_OPERATIONS y
128 fi
129
130 if [ "$KERNEL_ARCH" = arm64 ] && [ "$ENABLE_QEMU" = false ]; then
131 # Mask this temporarily during switch to rpi-4.19.y
102 132 #Fix SD_DRIVER upstream and downstream mess in 64bit RPIdeb_config
103 133 # use correct driver MMC_BCM2835_MMC instead of MMC_BCM2835_SDHOST - see https://www.raspberrypi.org/forums/viewtopic.php?t=210225
104 set_kernel_config CONFIG_MMC_BCM2835 n
105 set_kernel_config CONFIG_MMC_SDHCI_IPROC n
106 set_kernel_config CONFIG_USB_DWC2 n
107 sed -i "s|depends on MMC_BCM2835_MMC && MMC_BCM2835_DMA|depends on MMC_BCM2835_MMC|" "${KERNEL_DIR}"/drivers/mmc/host/Kconfig
134 #set_kernel_config CONFIG_MMC_BCM2835 n
135 #set_kernel_config CONFIG_MMC_SDHCI_IPROC n
136 #set_kernel_config CONFIG_USB_DWC2 n
137 #sed -i "s|depends on MMC_BCM2835_MMC && MMC_BCM2835_DMA|depends on MMC_BCM2835_MMC|" "${KERNEL_DIR}"/drivers/mmc/host/Kconfig
108 138
109 139 #VLAN got disabled without reason in arm64bit
110 140 set_kernel_config CONFIG_IPVLAN m
@@ -119,11 +149,233 if [ "$BUILD_KERNEL" = true ] ; then
119 149 set_kernel_config CONFIG_ZSMALLOC y
120 150 set_kernel_config CONFIG_PGTABLE_MAPPING y
121 151 set_kernel_config CONFIG_LZO_COMPRESS y
152 fi
153
154 if [ "$RPI_MODEL" = 4 ] ; then
155 # Following are set in current 32-bit LPAE kernel
156 set_kernel_config CONFIG_CGROUP_PIDS y
157 set_kernel_config CONFIG_NET_IPVTI m
158 set_kernel_config CONFIG_NF_TABLES_SET m
159 set_kernel_config CONFIG_NF_TABLES_INET y
160 set_kernel_config CONFIG_NF_TABLES_NETDEV y
161 set_kernel_config CONFIG_NF_FLOW_TABLE m
162 set_kernel_config CONFIG_NFT_FLOW_OFFLOAD m
163 set_kernel_config CONFIG_NFT_CONNLIMIT m
164 set_kernel_config CONFIG_NFT_TUNNEL m
165 set_kernel_config CONFIG_NFT_OBJREF m
166 set_kernel_config CONFIG_NFT_FIB_IPV4 m
167 set_kernel_config CONFIG_NFT_FIB_IPV6 m
168 set_kernel_config CONFIG_NFT_FIB_INET m
169 set_kernel_config CONFIG_NFT_SOCKET m
170 set_kernel_config CONFIG_NFT_OSF m
171 set_kernel_config CONFIG_NFT_TPROXY m
172 set_kernel_config CONFIG_NF_DUP_NETDEV m
173 set_kernel_config CONFIG_NFT_DUP_NETDEV m
174 set_kernel_config CONFIG_NFT_FWD_NETDEV m
175 set_kernel_config CONFIG_NFT_FIB_NETDEV m
176 set_kernel_config CONFIG_NF_FLOW_TABLE_INET m
177 set_kernel_config CONFIG_NF_FLOW_TABLE m
178 set_kernel_config CONFIG_NETFILTER_XT_MATCH_SOCKET m
179 set_kernel_config CONFIG_NFT_CHAIN_ROUTE_IPV6 m
180 set_kernel_config CONFIG_NFT_CHAIN_NAT_IPV6 m
181 set_kernel_config CONFIG_NFT_MASQ_IPV6 m
182 set_kernel_config CONFIG_NFT_REDIR_IPV6 m
183 set_kernel_config CONFIG_NFT_REJECT_IPV6 m
184 set_kernel_config CONFIG_NFT_DUP_IPV6 m
185 set_kernel_config CONFIG_NFT_FIB_IPV6 m
186 set_kernel_config CONFIG_NF_FLOW_TABLE_IPV6 m
187 set_kernel_config CONFIG_NF_TABLES_BRIDGE m
188 set_kernel_config CONFIG_NFT_BRIDGE_REJECT m
189 set_kernel_config CONFIG_NF_LOG_BRIDGE m
190 set_kernel_config CONFIG_MT76_CORE m
191 set_kernel_config CONFIG_MT76_LEDS m
192 set_kernel_config CONFIG_MT76_USB m
193 set_kernel_config CONFIG_MT76x2_COMMON m
194 set_kernel_config CONFIG_MT76x0U m
195 set_kernel_config CONFIG_MT76x2U m
196 set_kernel_config CONFIG_TOUCHSCREEN_ILI210X m
197 set_kernel_config CONFIG_BCM_VC_SM m
198 set_kernel_config CONFIG_BCM2835_SMI_DEV m
199 set_kernel_config CONFIG_RPIVID_MEM m
200 set_kernel_config CONFIG_HW_RANDOM_BCM2835 y
201 set_kernel_config CONFIG_TCG_TPM m
202 set_kernel_config CONFIG_HW_RANDOM_TPM y
203 set_kernel_config CONFIG_TCG_TIS m
204 set_kernel_config CONFIG_TCG_TIS_SPI m
205 set_kernel_config CONFIG_I2C_MUX m
206 set_kernel_config CONFIG_I2C_MUX_GPMUX m
207 set_kernel_config CONFIG_I2C_MUX_PCA954x m
208 set_kernel_config CONFIG_SPI_GPIO m
209 set_kernel_config CONFIG_BATTERY_MAX17040 m
210 set_kernel_config CONFIG_SENSORS_GPIO_FAN m
211 set_kernel_config CONFIG_SENSORS_RASPBERRYPI_HWMON m
212 set_kernel_config CONFIG_BCM2835_THERMAL y
213 set_kernel_config CONFIG_RC_CORE y
214 set_kernel_config CONFIG_RC_MAP y
215 set_kernel_config CONFIG_LIRC y
216 set_kernel_config CONFIG_RC_DECODERS y
217 set_kernel_config CONFIG_IR_NEC_DECODER m
218 set_kernel_config CONFIG_IR_RC5_DECODER m
219 set_kernel_config CONFIG_IR_RC6_DECODER m
220 set_kernel_config CONFIG_IR_JVC_DECODER m
221 set_kernel_config CONFIG_IR_SONY_DECODER m
222 set_kernel_config CONFIG_IR_SANYO_DECODER m
223 set_kernel_config CONFIG_IR_SHARP_DECODER m
224 set_kernel_config CONFIG_IR_MCE_KBD_DECODER m
225 set_kernel_config CONFIG_IR_XMP_DECODER m
226 set_kernel_config CONFIG_IR_IMON_DECODER m
227 set_kernel_config CONFIG_RC_DEVICES y
228 set_kernel_config CONFIG_RC_ATI_REMOTE m
229 set_kernel_config CONFIG_IR_IMON m
230 set_kernel_config CONFIG_IR_MCEUSB m
231 set_kernel_config CONFIG_IR_REDRAT3 m
232 set_kernel_config CONFIG_IR_STREAMZAP m
233 set_kernel_config CONFIG_IR_IGUANA m
234 set_kernel_config CONFIG_IR_TTUSBIR m
235 set_kernel_config CONFIG_RC_LOOPBACK m
236 set_kernel_config CONFIG_IR_GPIO_CIR m
237 set_kernel_config CONFIG_IR_GPIO_TX m
238 set_kernel_config CONFIG_IR_PWM_TX m
239 set_kernel_config CONFIG_VIDEO_V4L2_SUBDEV_API y
240 set_kernel_config CONFIG_VIDEO_AU0828_RC y
241 set_kernel_config CONFIG_VIDEO_CX231XX m
242 set_kernel_config CONFIG_VIDEO_CX231XX_RC y
243 set_kernel_config CONFIG_VIDEO_CX231XX_ALSA m
244 set_kernel_config CONFIG_VIDEO_CX231XX_DVB m
245 set_kernel_config CONFIG_VIDEO_TM6000 m
246 set_kernel_config CONFIG_VIDEO_TM6000_ALSA m
247 set_kernel_config CONFIG_VIDEO_TM6000_DVB m
248 set_kernel_config CONFIG_DVB_USB m
249 set_kernel_config CONFIG_DVB_USB_DIB3000MC m
250 set_kernel_config CONFIG_DVB_USB_A800 m
251 set_kernel_config CONFIG_DVB_USB_DIBUSB_MB m
252 set_kernel_config CONFIG_DVB_USB_DIBUSB_MB_FAULTY y
253 set_kernel_config CONFIG_DVB_USB_DIBUSB_MC m
254 set_kernel_config CONFIG_DVB_USB_DIB0700 m
255 set_kernel_config CONFIG_DVB_USB_UMT_010 m
256 set_kernel_config CONFIG_DVB_USB_CXUSB m
257 set_kernel_config CONFIG_DVB_USB_M920X m
258 set_kernel_config CONFIG_DVB_USB_DIGITV m
259 set_kernel_config CONFIG_DVB_USB_VP7045 m
260 set_kernel_config CONFIG_DVB_USB_VP702X m
261 set_kernel_config CONFIG_DVB_USB_GP8PSK m
262 set_kernel_config CONFIG_DVB_USB_NOVA_T_USB2 m
263 set_kernel_config CONFIG_DVB_USB_TTUSB2 m
264 set_kernel_config CONFIG_DVB_USB_DTT200U m
265 set_kernel_config CONFIG_DVB_USB_OPERA1 m
266 set_kernel_config CONFIG_DVB_USB_AF9005 m
267 set_kernel_config CONFIG_DVB_USB_AF9005_REMOTE m
268 set_kernel_config CONFIG_DVB_USB_PCTV452E m
269 set_kernel_config CONFIG_DVB_USB_DW2102 m
270 set_kernel_config CONFIG_DVB_USB_CINERGY_T2 m
271 set_kernel_config CONFIG_DVB_USB_DTV5100 m
272 set_kernel_config CONFIG_DVB_USB_AZ6027 m
273 set_kernel_config CONFIG_DVB_USB_TECHNISAT_USB2 m
274 set_kernel_config CONFIG_DVB_USB_AF9015 m
275 set_kernel_config CONFIG_DVB_USB_LME2510 m
276 set_kernel_config CONFIG_DVB_USB_RTL28XXU m
277 set_kernel_config CONFIG_VIDEO_EM28XX_RC m
278 set_kernel_config CONFIG_SMS_SIANO_RC m
279 set_kernel_config CONFIG_VIDEO_IR_I2C m
280 set_kernel_config CONFIG_VIDEO_ADV7180 m
281 set_kernel_config CONFIG_VIDEO_TC358743 m
282 set_kernel_config CONFIG_VIDEO_OV5647 m
283 set_kernel_config CONFIG_DVB_M88DS3103 m
284 set_kernel_config CONFIG_DVB_AF9013 m
285 set_kernel_config CONFIG_DVB_RTL2830 m
286 set_kernel_config CONFIG_DVB_RTL2832 m
287 set_kernel_config CONFIG_DVB_SI2168 m
288 set_kernel_config CONFIG_DVB_GP8PSK_FE m
289 set_kernel_config CONFIG_DVB_USB m
290 set_kernel_config CONFIG_DVB_LGDT3306A m
291 set_kernel_config CONFIG_FB_SIMPLE y
292 set_kernel_config CONFIG_SND_BCM2708_SOC_IQAUDIO_CODEC m
293 set_kernel_config CONFIG_SND_BCM2708_SOC_I_SABRE_Q2M m
294 set_kernel_config CONFIG_SND_AUDIOSENSE_PI m
295 set_kernel_config CONFIG_SND_SOC_AD193X m
296 set_kernel_config CONFIG_SND_SOC_AD193X_SPI m
297 set_kernel_config CONFIG_SND_SOC_AD193X_I2C m
298 set_kernel_config CONFIG_SND_SOC_CS4265 m
299 set_kernel_config CONFIG_SND_SOC_DA7213 m
300 set_kernel_config CONFIG_SND_SOC_ICS43432 m
301 set_kernel_config CONFIG_SND_SOC_TLV320AIC32X4 m
302 set_kernel_config CONFIG_SND_SOC_TLV320AIC32X4_I2C m
303 set_kernel_config CONFIG_SND_SOC_I_SABRE_CODEC m
304 set_kernel_config CONFIG_HID_BIGBEN_FF m
305 #set_kernel_config CONFIG_USB_XHCI_PLATFORM y
306 set_kernel_config CONFIG_USB_TMC m
307 set_kernel_config CONFIG_USB_UAS y
308 set_kernel_config CONFIG_USBIP_VUDC m
309 set_kernel_config CONFIG_USB_CONFIGFS m
310 set_kernel_config CONFIG_USB_CONFIGFS_SERIAL y
311 set_kernel_config CONFIG_USB_CONFIGFS_ACM y
312 set_kernel_config CONFIG_USB_CONFIGFS_OBEX y
313 set_kernel_config CONFIG_USB_CONFIGFS_NCM y
314 set_kernel_config CONFIG_USB_CONFIGFS_ECM y
315 set_kernel_config CONFIG_USB_CONFIGFS_ECM_SUBSET y
316 set_kernel_config CONFIG_USB_CONFIGFS_RNDIS y
317 set_kernel_config CONFIG_USB_CONFIGFS_EEM y
318 set_kernel_config CONFIG_USB_CONFIGFS_MASS_STORAGE y
319 set_kernel_config CONFIG_USB_CONFIGFS_F_LB_SS y
320 set_kernel_config CONFIG_USB_CONFIGFS_F_FS y
321 set_kernel_config CONFIG_USB_CONFIGFS_F_UAC1 y
322 set_kernel_config CONFIG_USB_CONFIGFS_F_UAC2 y
323 set_kernel_config CONFIG_USB_CONFIGFS_F_MIDI y
324 set_kernel_config CONFIG_USB_CONFIGFS_F_HID y
325 set_kernel_config CONFIG_USB_CONFIGFS_F_UVC y
326 set_kernel_config CONFIG_USB_CONFIGFS_F_PRINTER y
327 set_kernel_config CONFIG_LEDS_PCA963X m
328 set_kernel_config CONFIG_LEDS_IS31FL32XX m
329 set_kernel_config CONFIG_LEDS_TRIGGER_NETDEV m
330 set_kernel_config CONFIG_RTC_DRV_RV3028 m
331 set_kernel_config CONFIG_AUXDISPLAY y
332 set_kernel_config CONFIG_HD44780 m
333 set_kernel_config CONFIG_FB_TFT_SH1106 m
334 set_kernel_config CONFIG_VIDEO_CODEC_BCM2835 m
335 set_kernel_config CONFIG_BCM2835_POWER y
336 set_kernel_config CONFIG_INV_MPU6050_IIO m
337 set_kernel_config CONFIG_INV_MPU6050_I2C m
338 set_kernel_config CONFIG_SECURITYFS y
122 339
340 # Safer to build this in
341 set_kernel_config CONFIG_BINFMT_MISC y
342
343 # pulseaudio wants a buffer of at least this size
344 set_kernel_config CONFIG_SND_HDA_PREALLOC_SIZE 2048
345
346 # PR#3063: enable 3D acceleration with 64-bit kernel on RPi4
347 # set the appropriate kernel configs unlocked by this PR
348 set_kernel_config CONFIG_ARCH_BCM y
349 set_kernel_config CONFIG_ARCH_BCM2835 y
350 set_kernel_config CONFIG_DRM_V3D m
351 set_kernel_config CONFIG_DRM_VC4 m
352 set_kernel_config CONFIG_DRM_VC4_HDMI_CEC y
353
354 # PR#3144: add arm64 pcie bounce buffers; enables 4GiB on RPi4
355 # required by PR#3144; should already be applied, but just to be safe
356 set_kernel_config CONFIG_PCIE_BRCMSTB y
357 set_kernel_config CONFIG_BCM2835_MMC y
358
359 # Snap needs squashfs. The ubuntu eoan-preinstalled-server image at
360 # http://cdimage.ubuntu.com/ubuntu-server/daily-preinstalled/current/ uses snap
361 # during cloud-init setup at first boot. Without this the login accounts are not
362 # created and the user can not login.
363 set_kernel_config CONFIG_SQUASHFS y
364
365 # Ceph support for Block Device (RBD) and Filesystem (FS)
366 # https://docs.ceph.com/docs/master/
367 set_kernel_config CONFIG_CEPH_LIB m
368 set_kernel_config CONFIG_CEPH_LIB_USE_DNS_RESOLVER y
369 set_kernel_config CONFIG_CEPH_FS m
370 set_kernel_config CONFIG_CEPH_FSCACHE y
371 set_kernel_config CONFIG_CEPH_FS_POSIX_ACL y
372 set_kernel_config CONFIG_BLK_DEV_RBD m
123 373 fi
124 374
125 375 # enable basic KVM support; see https://www.raspberrypi.org/forums/viewtopic.php?f=63&t=210546&start=25#p1300453
126 if [ "$KERNEL_VIRT" = true ] && { [ "$RPI_MODEL" = 2 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; } ; then
376 if [ "$KERNEL_VIRT" = true ] && { [ "$RPI_MODEL" = 2 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] || [ "$RPI_MODEL" = 4 ]; } ; then
377 set_kernel_config CONFIG_HAVE_KVM y
378 set_kernel_config CONFIG_HIGH_RES_TIMERS y
127 379 set_kernel_config CONFIG_HAVE_KVM_IRQCHIP y
128 380 set_kernel_config CONFIG_HAVE_KVM_ARCH_TLB_FLUSH_ALL y
129 381 set_kernel_config CONFIG_HAVE_KVM_CPU_RELAX_INTERCEPT y
@@ -138,11 +390,13 if [ "$BUILD_KERNEL" = true ] ; then
138 390 set_kernel_config CONFIG_KVM_GENERIC_DIRTYLOG_READ_PROTECT y
139 391 set_kernel_config CONFIG_KVM_MMIO y
140 392 set_kernel_config CONFIG_KVM_VFIO y
393 set_kernel_config CONFIG_KVM_MMU_AUDIT y
141 394 set_kernel_config CONFIG_VHOST m
142 395 set_kernel_config CONFIG_VHOST_CROSS_ENDIAN_LEGACY y
143 396 set_kernel_config CONFIG_VHOST_NET m
144 397 set_kernel_config CONFIG_VIRTUALIZATION y
145
398 set_kernel_config CONFIG_SLAB_FREELIST_RANDOM=y
399 set_kernel_config CONFIG_SLAB_FREELIST_HARDENED=y
146 400 set_kernel_config CONFIG_MMU_NOTIFIER y
147 401
148 402 # erratum
@@ -193,12 +447,6 if [ "$BUILD_KERNEL" = true ] ; then
193 447 set_kernel_config CONFIG_SECURITY_PATH y
194 448 set_kernel_config CONFIG_SECURITY_YAMA n
195 449
196 # New Options
197 if [ "$KERNEL_NF" = true ] ; then
198 set_kernel_config CONFIG_IP_NF_SECURITY m
199 set_kernel_config CONFIG_NETLABEL y
200 set_kernel_config CONFIG_IP6_NF_SECURITY m
201 fi
202 450 set_kernel_config CONFIG_SECURITY_SELINUX n
203 451 set_kernel_config CONFIG_SECURITY_SMACK n
204 452 set_kernel_config CONFIG_SECURITY_TOMOYO n
@@ -211,7 +459,6 if [ "$BUILD_KERNEL" = true ] ; then
211 459 set_kernel_config CONFIG_NFSD_V4_SECURITY_LABEL y
212 460 set_kernel_config CONFIG_PKCS7_MESSAGE_PARSER y
213 461 set_kernel_config CONFIG_SYSTEM_TRUSTED_KEYRING y
214 set_kernel_config CONFIG_SYSTEM_TRUSTED_KEYS y
215 462 set_kernel_config CONFIG_SYSTEM_EXTRA_CERTIFICATE y
216 463 set_kernel_config CONFIG_SECONDARY_TRUSTED_KEYRING y
217 464 set_kernel_config CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY n
@@ -233,11 +480,13 if [ "$BUILD_KERNEL" = true ] ; then
233 480 set_kernel_config CONFIG_CRYPTO_AES_ARM64_NEON_BLK m
234 481 set_kernel_config CONFIG_CRYPTO_CHACHA20_NEON m
235 482 set_kernel_config CONFIG_CRYPTO_AES_ARM64_BS m
236 set_kernel_config SYSTEM_TRUSTED_KEYS
237 483 fi
238 484
239 485 # Netfilter kernel support See https://github.com/raspberrypi/linux/issues/2177#issuecomment-354647406
240 486 if [ "$KERNEL_NF" = true ] ; then
487 set_kernel_config CONFIG_IP_NF_SECURITY m
488 set_kernel_config CONFIG_NETLABEL y
489 set_kernel_config CONFIG_IP6_NF_SECURITY m
241 490 set_kernel_config CONFIG_IP_NF_TARGET_SYNPROXY m
242 491 set_kernel_config CONFIG_NETFILTER_XT_TARGET_AUDIT m
243 492 set_kernel_config CONFIG_NETFILTER_XT_MATCH_CGROUP m
@@ -263,7 +512,6 if [ "$BUILD_KERNEL" = true ] ; then
263 512 set_kernel_config CONFIG_IP6_NF_NAT m
264 513 set_kernel_config CONFIG_IP6_NF_TARGET_MASQUERADE m
265 514 set_kernel_config CONFIG_IP6_NF_TARGET_NPT m
266 set_kernel_config CONFIG_IP_NF_SECURITY m
267 515 set_kernel_config CONFIG_IP_SET_BITMAP_IPMAC m
268 516 set_kernel_config CONFIG_IP_SET_BITMAP_PORT m
269 517 set_kernel_config CONFIG_IP_SET_HASH_IP m
@@ -326,11 +574,11 if [ "$BUILD_KERNEL" = true ] ; then
326 574 set_kernel_config CONFIG_NF_LOG_IPV6 m
327 575 set_kernel_config CONFIG_NF_NAT_IPV4 m
328 576 set_kernel_config CONFIG_NF_NAT_IPV6 m
329 set_kernel_config CONFIG_NF_NAT_MASQUERADE_IPV4 m
330 set_kernel_config CONFIG_NF_NAT_MASQUERADE_IPV6 m
577 set_kernel_config CONFIG_NF_NAT_MASQUERADE_IPV4 y
578 set_kernel_config CONFIG_NF_NAT_MASQUERADE_IPV6 y
331 579 set_kernel_config CONFIG_NF_NAT_PPTP m
332 580 set_kernel_config CONFIG_NF_NAT_PROTO_GRE m
333 set_kernel_config CONFIG_NF_NAT_REDIRECT m
581 set_kernel_config CONFIG_NF_NAT_REDIRECT y
334 582 set_kernel_config CONFIG_NF_NAT_SIP m
335 583 set_kernel_config CONFIG_NF_NAT_SNMP_BASIC m
336 584 set_kernel_config CONFIG_NF_NAT_TFTP m
@@ -340,9 +588,26 if [ "$BUILD_KERNEL" = true ] ; then
340 588 set_kernel_config CONFIG_NF_TABLES_ARP m
341 589 set_kernel_config CONFIG_NF_TABLES_BRIDGE m
342 590 set_kernel_config CONFIG_NF_TABLES_INET m
343 set_kernel_config CONFIG_NF_TABLES_IPV4 m
344 set_kernel_config CONFIG_NF_TABLES_IPV6 m
591 set_kernel_config CONFIG_NF_TABLES_IPV4 y
592 set_kernel_config CONFIG_NF_TABLES_IPV6 y
345 593 set_kernel_config CONFIG_NF_TABLES_NETDEV m
594 set_kernel_config CONFIG_NF_TABLES_SET m
595 set_kernel_config CONFIG_NF_TABLES_INET y
596 set_kernel_config CONFIG_NF_TABLES_NETDEV y
597 set_kernel_config CONFIG_NFT_CONNLIMIT m
598 set_kernel_config CONFIG_NFT_TUNNEL m
599 set_kernel_config CONFIG_NFT_SOCKET m
600 set_kernel_config CONFIG_NFT_TPROXY m
601 set_kernel_config CONFIG_NF_FLOW_TABLE m
602 set_kernel_config CONFIG_NFT_FLOW_OFFLOAD m
603 set_kernel_config CONFIG_NF_FLOW_TABLE_INET m
604 set_kernel_config CONFIG_NF_TABLES_ARP y
605 set_kernel_config CONFIG_NF_FLOW_TABLE_IPV4 y
606 set_kernel_config CONFIG_NF_FLOW_TABLE_IPV6 y
607 set_kernel_config CONFIG_NF_TABLES_BRIDGE y
608 set_kernel_config CONFIG_NF_CT_NETLINK_TIMEOUT m
609 set_kernel_config CONFIG_NFT_OSF m
610
346 611 fi
347 612
348 613 # Enables BPF syscall for systemd-journald see https://github.com/torvalds/linux/blob/master/init/Kconfig#L848 or https://groups.google.com/forum/#!topic/linux.gentoo.user/_2aSc_ztGpA
@@ -351,6 +616,7 if [ "$BUILD_KERNEL" = true ] ; then
351 616 set_kernel_config CONFIG_BPF_EVENTS y
352 617 set_kernel_config CONFIG_BPF_STREAM_PARSER y
353 618 set_kernel_config CONFIG_CGROUP_BPF y
619 set_kernel_config CONFIG_XDP_SOCKETS y
354 620 fi
355 621
356 622 # KERNEL_DEFAULT_GOV was set by user
@@ -537,8 +803,8 if [ "$BUILD_KERNEL" = true ] ; then
537 803 fi
538 804
539 805 else # BUILD_KERNEL=false
540 if [ "$SET_ARCH" = 64 ] && { [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; } ; then
541
806 if [ "$SET_ARCH" = 64 ] ; then
807 if [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then
542 808 # Use Sakakis modified kernel if ZSWAP is active
543 809 if [ "$KERNEL_ZSWAP" = true ] || [ "$KERNEL_VIRT" = true ] || [ "$KERNEL_NF" = true ] || [ "$KERNEL_BPF" = true ] ; then
544 810 RPI3_64_KERNEL_URL="${RPI3_64_BIS_KERNEL_URL}"
@@ -549,6 +815,14 else # BUILD_KERNEL=false
549 815
550 816 # Fetch kernel dl
551 817 as_nobody wget -O "${temp_dir}"/kernel.tar.xz -c "$RPI3_64_KERNEL_URL"
818 fi
819 if [ "$SET_ARCH" = 64 ] && [ "$RPI_MODEL" = 4 ] ; then
820 # Create temporary directory for dl
821 temp_dir=$(as_nobody mktemp -d)
822
823 # Fetch kernel dl
824 as_nobody wget -O "${temp_dir}"/kernel.tar.xz -c "$RPI4_64_KERNEL_URL"
825 fi
552 826
553 827 #extract download
554 828 tar -xJf "${temp_dir}"/kernel.tar.xz -C "${temp_dir}"
@@ -566,15 +840,15 else # BUILD_KERNEL=false
566 840 chown -R root:root "${R}/lib/modules"
567 841 fi
568 842
569 # Install Kernel from hypriot comptabile with all Raspberry PI
570 if [ "$SET_ARCH" = 32 ] ; then
843 # Install Kernel from hypriot comptabile with all Raspberry PI (dunno if its compatible with RPI4 - better compile your own kernel)
844 if [ "$SET_ARCH" = 32 ] && [ "$RPI_MODEL" != 4 ] ; then
571 845 # Create temporary directory for dl
572 846 temp_dir=$(as_nobody mktemp -d)
573 847
574 848 # Fetch kernel
575 849 as_nobody wget -O "${temp_dir}"/kernel.deb -c "$RPI_32_KERNEL_URL"
576 850
577 # Copy downloaded U-Boot sources
851 # Copy downloaded kernel package
578 852 mv "${temp_dir}"/kernel.deb "${R}"/tmp/kernel.deb
579 853
580 854 # Set permissions
@@ -92,11 +92,17 if [ "$ENABLE_INITRAMFS" = true ] ; then
92 92 fi
93 93
94 94 # Add cryptsetup modules to initramfs
95 <<<<<<< HEAD
95 96 printf "#\n# CRYPTSETUP: [ y | n ]\n#\n\nCRYPTSETUP=y\n" >> "${ETC_DIR}/initramfs-tools/conf-hook"
96 97 #printf "#\n# CRYPTSETUP: [ y | n ]\n#\n\nCRYPTSETUP=y\n" >> "${ETC_DIR}/initramfs-tools/conf-hook"
97 98
98 99 # Dummy mapping required by mkinitramfs
99 100 echo "0 1 crypt $(echo "${CRYPTFS_CIPHER}" | cut -d ':' -f 1) ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff 0 7:0 4096" | chroot_exec dmsetup create "${CRYPTFS_MAPPING}"
101 =======
102 #printf "#\n# CRYPTSETUP: [ y | n ]\n#\n\nCRYPTSETUP=y\n" >> "${ETC_DIR}/initramfs-tools/conf-hook"
103
104 # Dummy mapping required by mkinitramfs
105 >>>>>>> af203dbe173e4e5ca755058b3284dc61375ca579
100 106 echo "0 1 crypt "${CRYPTFS_CIPHER}" ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff 0 7:0 4096" | chroot_exec dmsetup create "${CRYPTFS_MAPPING}"
101 107
102 108 # Generate initramfs with encrypted root partition support
@@ -112,7 +112,10 if [ "$ENABLE_TURBO" = true ] ; then
112 112 echo "boot_delay=1" >> "${BOOT_DIR}/config.txt"
113 113 fi
114 114
115 <<<<<<< HEAD
115 116 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then
117 =======
118 >>>>>>> af203dbe173e4e5ca755058b3284dc61375ca579
116 119 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] || [ "$RPI_MODEL" = 4 ]; then
117 120
118 121 # Bluetooth enabled
@@ -126,10 +129,6 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] || [ "$
126 129 # Copy downloaded sources
127 130 mv "${temp_dir}/pi-bluetooth" "${R}/tmp/"
128 131
129 # Bluetooth firmware from arch aur https://aur.archlinux.org/packages/pi-bluetooth/
130 as_nobody wget -q -O "${R}/tmp/pi-bluetooth/LICENCE.broadcom_bcm43xx" https://aur.archlinux.org/cgit/aur.git/plain/LICENCE.broadcom_bcm43xx?h=pi-bluetooth
131 as_nobody wget -q -O "${R}/tmp/pi-bluetooth/BCM43430A1.hcd" https://raw.githubusercontent.com/RPi-Distro/bluez-firmware/master/broadcom/BCM43430A1.hcd
132
133 132 # Set permissions
134 133 chown -R root:root "${R}/tmp/pi-bluetooth"
135 134
@@ -215,7 +214,10 if [ "$ENABLE_SYSTEMDSWAP" = true ] ; then
215 214
216 215 # Change into downloaded src dir
217 216 cd "${R}/tmp/systemd-swap" || exit
217 <<<<<<< HEAD
218 218
219 =======
220 >>>>>>> af203dbe173e4e5ca755058b3284dc61375ca579
219 221
220 222 # Get Verion
221 223 VERSION=$(git tag | tail -n 1)
@@ -231,7 +233,10 if [ "$ENABLE_SYSTEMDSWAP" = true ] ; then
231 233 chown -R root:root "${R}/tmp/systemd-swap"
232 234
233 235 # Install package - IMPROVE AND MAKE IT POSSIBLE WITHOUT VERSION NR.
236 <<<<<<< HEAD
234 237 chroot_exec dpkg -i /tmp/systemd-swap/systemd-swap_4.0.1_any.deb
238 =======
239 >>>>>>> af203dbe173e4e5ca755058b3284dc61375ca579
235 240 chroot_exec dpkg -i /tmp/systemd-swap/systemd-swap_"$VERSION"_all.deb
236 241
237 242 # Enable service
@@ -106,7 +106,10 if [ "$ENABLE_WIRELESS" = true ] ; then
106 106 temp_dir=$(as_nobody mktemp -d)
107 107
108 108 # Fetch firmware binary blob for RPI3B+
109 <<<<<<< HEAD
109 110 if [ "$RPI_MODEL" = 3P ] ; then
111 =======
112 >>>>>>> af203dbe173e4e5ca755058b3284dc61375ca579
110 113 if [ "$RPI_MODEL" = 3P ] || [ "$RPI_MODEL" = 4 ] ; then
111 114 # Fetch firmware binary blob for RPi3P
112 115 as_nobody wget -q -O "${temp_dir}/brcmfmac43455-sdio.bin" "${WLAN_FIRMWARE_URL}/brcmfmac43455-sdio.bin"
@@ -34,12 +34,18 if [ "$ENABLE_VIDEOCORE" = true ] ; then
34 34 cd "${R}"/tmp/userland/build
35 35
36 36 if [ "$RELEASE_ARCH" = "arm64" ] ; then
37 <<<<<<< HEAD
37 38 cmake -DCMAKE_SYSTEM_NAME=Linux -DCMAKE_BUILD_TYPE=release -DARM64=ON -DCMAKE_C_COMPILER=aarch64-linux-gnu-gcc -DCMAKE_CXX_COMPILER=aarch64-linux-gnu-g++ -DCMAKE_ASM_COMPILER=aarch64-linux-gnu-gcc -DCMAKE_C_FLAGS="${CMAKE_C_FLAGS} -U_FORTIFY_SOURCE" -DCMAKE_ASM_FLAGS="${CMAKE_ASM_FLAGS} -c" -DVIDEOCORE_BUILD_DIR="${R}" "${R}/tmp/userland"
39 =======
40 >>>>>>> af203dbe173e4e5ca755058b3284dc61375ca579
38 41 cmake -DCMAKE_SYSTEM_NAME=Linux -DCMAKE_BUILD_TYPE=release -DCMAKE_TOOLCHAIN_FILE="${R}"/tmp/userland/makefiles/cmake/toolchains/aarch64-linux-gnu.cmake -DARM64=ON -DCMAKE_C_COMPILER=aarch64-linux-gnu-gcc -DCMAKE_CXX_COMPILER=aarch64-linux-gnu-g++ -DCMAKE_ASM_COMPILER=aarch64-linux-gnu-gcc -DCMAKE_C_FLAGS="${CMAKE_C_FLAGS} -U_FORTIFY_SOURCE" -DCMAKE_ASM_FLAGS="${CMAKE_ASM_FLAGS} -c" -DVIDEOCORE_BUILD_DIR="${R}" "${R}/tmp/userland"
39 42 fi
40 43
41 44 if [ "$RELEASE_ARCH" = "armel" ] ; then
45 <<<<<<< HEAD
42 46 cmake -DCMAKE_SYSTEM_NAME=Linux -DCMAKE_BUILD_TYPE=release -DCMAKE_C_COMPILER=arm-linux-gnueabi-gcc -DCMAKE_CXX_COMPILER=arm-linux-gnueabi-g++ -DCMAKE_ASM_COMPILER=arm-linux-gnueabi-gcc -DCMAKE_C_FLAGS="${CMAKE_C_FLAGS} -U_FORTIFY_SOURCE" -DCMAKE_ASM_FLAGS="${CMAKE_ASM_FLAGS} -c" -DCMAKE_SYSTEM_PROCESSOR="arm" -DVIDEOCORE_BUILD_DIR="${R}" "${R}/tmp/userland"
47 =======
48 >>>>>>> af203dbe173e4e5ca755058b3284dc61375ca579
43 49 cmake -DCMAKE_SYSTEM_NAME=Linux -DCMAKE_BUILD_TYPE=release -DCMAKE_TOOLCHAIN_FILE="${R}"/tmp/userland/makefiles/cmake/toolchains/arm-linux-gnueabihf.cmake -DCMAKE_C_COMPILER=arm-linux-gnueabi-gcc -DCMAKE_CXX_COMPILER=arm-linux-gnueabi-g++ -DCMAKE_ASM_COMPILER=arm-linux-gnueabi-gcc -DCMAKE_C_FLAGS="${CMAKE_C_FLAGS} -U_FORTIFY_SOURCE" -DCMAKE_ASM_FLAGS="${CMAKE_ASM_FLAGS} -c" -DCMAKE_SYSTEM_PROCESSOR="arm" -DVIDEOCORE_BUILD_DIR="${R}" "${R}/tmp/userland"
44 50 fi
45 51
@@ -74,7 +74,10 if [ "$ENABLE_NEXMON" = true ] && [ "$ENABLE_WIRELESS" = true ]; then
74 74 cp -f "${NEXMON_ROOT}"/patches/bcm43430a1/7_45_41_46/nexmon/brcmfmac43430-sdio.bin "${WLAN_FIRMWARE_DIR}"/brcmfmac43430-sdio.bin
75 75 fi
76 76
77 <<<<<<< HEAD
77 78 if [ "$RPI_MODEL" = 3P ] ; then
79 =======
80 >>>>>>> af203dbe173e4e5ca755058b3284dc61375ca579
78 81 if [ "$RPI_MODEL" = 3P ] || [ "$RPI_MODEL" = 4 ] ; then
79 82 cd "${NEXMON_ROOT}"/patches/bcm43455c0/7_45_154/nexmon || exit
80 83 sed -i -e 's/all:.*/all: $(RAM_FILE)/g' ${NEXMON_ROOT}/patches/bcm43455c0/7_45_154/nexmon/Makefile
@@ -55,7 +55,6 KERNEL_BRANCH=${KERNEL_BRANCH:=""}
55 55 KERNEL_URL=${KERNEL_URL:=https://github.com/raspberrypi/linux}
56 56 FIRMWARE_URL=${FIRMWARE_URL:=https://github.com/raspberrypi/firmware/raw/master/boot}
57 57 WLAN_FIRMWARE_URL=${WLAN_FIRMWARE_URL:=https://github.com/RPi-Distro/firmware-nonfree/raw/master/brcm}
58 COLLABORA_URL=${COLLABORA_URL:=https://repositories.collabora.co.uk/debian}
59 58 FBTURBO_URL=${FBTURBO_URL:=https://github.com/ssvb/xf86-video-fbturbo.git}
60 59 UBOOT_URL=${UBOOT_URL:=https://git.denx.de/u-boot.git}
61 60 VIDEOCORE_URL=${VIDEOCORE_URL:=https://github.com/raspberrypi/userland}
@@ -67,10 +66,15 SYSTEMDSWAP_URL=${SYSTEMDSWAP_URL:=https://github.com/Nefelim4ag/systemd-swap.gi
67 66 RPI_32_KERNEL_URL=${RPI_32_KERNEL_URL:=https://github.com/hypriot/rpi-kernel/releases/download/v4.14.34/raspberrypi-kernel_20180422-141901_armhf.deb}
68 67 RPI_32_KERNELHEADER_URL=${RPI_32_KERNELHEADER_URL:=https://github.com/hypriot/rpi-kernel/releases/download/v4.14.34/raspberrypi-kernel-headers_20180422-141901_armhf.deb}
69 68 # Kernel has KVM and zswap enabled - use if KERNEL_* parameters and precompiled kernel are used
69 <<<<<<< HEAD
70 70 RPI3_64_BIS_KERNEL_URL=${RPI3_64_BIS_KERNEL_URL:=https://github.com/sakaki-/bcmrpi3-kernel-bis/releases/download/4.14.80.20181113/bcmrpi3-kernel-bis-4.14.80.20181113.tar.xz}
71 71 RPI3_64_BIS_KERNEL_URL=${RPI3_64_BIS_KERNEL_URL:=https://github.com/sakaki-/bcmrpi3-kernel-bis/releases/download/4.19.80.20191022/bcmrpi3-kernel-bis-4.19.80.20191022.tar.xz}
72 72 # Default precompiled 64bit kernel
73 73 RPI3_64_DEF_KERNEL_URL=${RPI3_64_DEF_KERNEL_URL:=https://github.com/sakaki-/bcmrpi3-kernel/releases/download/4.14.80.20181113/bcmrpi3-kernel-4.14.80.20181113.tar.xz}
74 =======
75 RPI3_64_BIS_KERNEL_URL=${RPI3_64_BIS_KERNEL_URL:=https://github.com/sakaki-/bcmrpi3-kernel-bis/releases/download/4.19.80.20191022/bcmrpi3-kernel-bis-4.19.80.20191022.tar.xz}
76 # Default precompiled 64bit kernel
77 >>>>>>> af203dbe173e4e5ca755058b3284dc61375ca579
74 78 RPI3_64_DEF_KERNEL_URL=${RPI3_64_DEF_KERNEL_URL:=https://github.com/sakaki-/bcmrpi3-kernel/releases/download/4.19.80.20191022/bcmrpi3-kernel-4.19.80.20191022.tar.xz}
75 79 # Sakaki BIS Kernel RPI4 - https://github.com/sakaki-/bcm2711-kernel-bis
76 80 RPI4_64_BIS_KERNEL_URL=${RPI4_64_BIS_KERNEL_URL:=https://github.com/sakaki-/bcm2711-kernel-bis/releases/download/4.19.59.20190724/bcm2711-kernel-bis-4.19.59.20190724.tar.xz}
@@ -226,7 +230,10 REDUCE_LOCALE=${REDUCE_LOCALE:=true}
226 230 ENABLE_CRYPTFS=${ENABLE_CRYPTFS:=false}
227 231 CRYPTFS_PASSWORD=${CRYPTFS_PASSWORD:=""}
228 232 CRYPTFS_MAPPING=${CRYPTFS_MAPPING:="secure"}
233 <<<<<<< HEAD
229 234 CRYPTFS_CIPHER=${CRYPTFS_CIPHER:="aes-xts-plain64:sha512"}
235 =======
236 >>>>>>> af203dbe173e4e5ca755058b3284dc61375ca579
230 237 CRYPTFS_CIPHER=${CRYPTFS_CIPHER:="aes-xts-plain64"}
231 238 CRYPTFS_HASH=${CRYPTFS_HASH:="sha512"}
232 239 CRYPTFS_XTSKEYSIZE=${CRYPTFS_XTSKEYSIZE:=512}
@@ -240,14 +247,20 CHROOT_SCRIPTS=${CHROOT_SCRIPTS:=""}
240 247
241 248 # Packages required in the chroot build environment
242 249 APT_INCLUDES=${APT_INCLUDES:=""}
250 <<<<<<< HEAD
243 251 APT_INCLUDES="${APT_INCLUDES},apt-transport-https,apt-utils,ca-certificates,debian-archive-keyring,dialog,sudo,systemd,sysvinit-utils,locales,keyboard-configuration,console-setup,libnss-systemd"
252 =======
253 >>>>>>> af203dbe173e4e5ca755058b3284dc61375ca579
244 254 APT_INCLUDES="${APT_INCLUDES},flex,bison,libssl-dev,apt-transport-https,apt-utils,ca-certificates,debian-archive-keyring,dialog,sudo,systemd,sysvinit-utils,locales,keyboard-configuration,console-setup,libnss-systemd"
245 255
246 256 # Packages to exclude from chroot build environment
247 257 APT_EXCLUDES=${APT_EXCLUDES:=""}
248 258
249 259 # Packages required for bootstrapping
260 <<<<<<< HEAD
250 261 REQUIRED_PACKAGES="debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git bc psmisc dbus sudo"
262 =======
263 >>>>>>> af203dbe173e4e5ca755058b3284dc61375ca579
251 264 REQUIRED_PACKAGES="debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git bc psmisc dbus bison flex libssl-dev sudo"
252 265 MISSING_PACKAGES=""
253 266
@@ -315,7 +328,10 if [ -n "$SET_ARCH" ] ; then
315 328
316 329 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-armhf"
317 330 RELEASE_ARCH=${RELEASE_ARCH:=armhf}
331 <<<<<<< HEAD
318 332 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel7.img}
333 =======
334 >>>>>>> af203dbe173e4e5ca755058b3284dc61375ca579
319 335
320 336 CROSS_COMPILE=${CROSS_COMPILE:=arm-linux-gnueabihf-}
321 337 fi
@@ -406,7 +422,10 fi
406 422
407 423 # Add deps for nexmon
408 424 if [ "$ENABLE_NEXMON" = true ] ; then
425 <<<<<<< HEAD
409 426 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} libgmp3-dev gawk qpdf bison flex make autoconf automake build-essential libtool"
427 =======
428 >>>>>>> af203dbe173e4e5ca755058b3284dc61375ca579
410 429 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} libgmp3-dev gawk qpdf make autoconf automake build-essential libtool"
411 430 fi
412 431
@@ -423,7 +442,10 fi
423 442 # Add cryptsetup package to enable filesystem encryption
424 443 if [ "$ENABLE_CRYPTFS" = true ] && [ "$BUILD_KERNEL" = true ] ; then
425 444 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} cryptsetup"
445 <<<<<<< HEAD
426 446 APT_INCLUDES="${APT_INCLUDES},cryptsetup,busybox,console-setup"
447 =======
448 >>>>>>> af203dbe173e4e5ca755058b3284dc61375ca579
427 449 APT_INCLUDES="${APT_INCLUDES},cryptsetup,busybox,console-setup,cryptsetup-initramfs"
428 450
429 451 # If cryptfs,dropbear and initramfs are enabled include dropbear-initramfs package
@@ -493,7 +515,10 if [ -n "$MISSING_PACKAGES" ] ; then
493 515 [ "$confirm" != "y" ] && exit 1
494 516
495 517 # Make sure all missing required packages are installed
518 <<<<<<< HEAD
496 519 apt-get -qq -y install `echo "${MISSING_PACKAGES}" | sed "s/ //"`
520 =======
521 >>>>>>> af203dbe173e4e5ca755058b3284dc61375ca579
497 522 apt-get update && apt-get -qq -y install `echo "${MISSING_PACKAGES}" | sed "s/ //"`
498 523 fi
499 524
@@ -846,7 +871,10 if [ "$ENABLE_CRYPTFS" = true ] ; then
846 871 echo -n ${CRYPTFS_PASSWORD} > .password
847 872
848 873 # Initialize encrypted partition
874 <<<<<<< HEAD
849 875 echo "YES" | cryptsetup luksFormat "${ROOT_LOOP}" -c "${CRYPTFS_CIPHER}" -s "${CRYPTFS_XTSKEYSIZE}" .password
876 =======
877 >>>>>>> af203dbe173e4e5ca755058b3284dc61375ca579
850 878 cryptsetup --verbose --debug -q luksFormat "${ROOT_LOOP}" -c "${CRYPTFS_CIPHER}" -h "${CRYPTFS_HASH}" -s "${CRYPTFS_XTSKEYSIZE}" .password
851 879
852 880 # Open encrypted partition and setup mapping
General Comments 0
Vous devez vous connecter pour laisser un commentaire. Se connecter maintenant