##// END OF EJS Templates
Merge pull request #15 from vknecht/locale-fix...
drtyhlpr -
r33:4b9b197735e4 Fusion
parent child
Show More
@@ -1,101 +1,109
1 1 # rpi2-gen-image
2 2 ## Introduction
3 3 `rpi2-gen-image.sh` is an advanced Debian Linux bootstrapping shell script for generating Debian OS images for the Raspberry 2 (RPi2) computer. The script at this time only supports the bootstrapping of the current stable Debian 8 "jessie" release.
4 4
5 5 ## Build dependencies
6 6 The following list of Debian packages must be installed on the build system because they are essentially required for the bootstrapping process. The script will check if all required packages are installed and missing packages will be installed automatically if confirmed by the user.
7 7
8 8 ```debootstrap debian-archive-keyring qemu-user-static dosfstools rsync bmap-tools whois git-core```
9 9
10 10 ## Command-line parameters
11 11 The script accepts certain command-line parameters to enable or disable specific OS features, services and configuration settings. These parameters are passed to the `rpi2-gen-image.sh` script via (simple) shell-variables. Unlike environment shell-variables (simple) shell-variables are defined at the beginning of the command-line call of the `rpi2-gen-image.sh` script.
12 12
13 13 #####Command-line examples:
14 14 ```shell
15 15 ENABLE_UBOOT=true ./rpi2-gen-image.sh
16 16 ENABLE_CONSOLE=false ENABLE_IPV6=false ./rpi2-gen-image.sh
17 17 ENABLE_WM=xfce4 ENABLE_FBTURBO=true ENABLE_MINBASE=true ./rpi2-gen-image.sh
18 18 ENABLE_HARDNET=true ENABLE_IPTABLES=true /rpi2-gen-image.sh
19 19 APT_SERVER=ftp.de.debian.org APT_PROXY="http://127.0.0.1:3142/" ./rpi2-gen-image.sh
20 20 ENABLE_MINBASE=true ./rpi2-gen-image.sh
21 21 ```
22 22
23 23 #### APT settings:
24 24 ##### `APT_SERVER`="ftp.debian.org"
25 25 Set Debian packages server address. Choose a server from the list of Debian worldwide [mirror sites](https://www.debian.org/mirror/list). Using a nearby server will probably speed-up all required downloads within the bootstrapping process.
26 26
27 27 ##### `APT_PROXY`=""
28 28 Set Proxy server address. Using a local Proxy-Cache like `apt-cacher-ng` will speed-up the bootstrapping process because all required Debian packages will only be downloaded from the Debian mirror site once.
29 29
30 30 #### General system settings:
31 31 ##### `HOSTNAME`="rpi2-jessie"
32 32 Set system host name. It's recommended that the host name is unique in the corresponding subnet.
33 33
34 34 ##### `PASSWORD`="raspberry"
35 35 Set system `root` password. The same password is used for the created user `pi`. It's **STRONGLY** recommended that you choose a custom password.
36 36
37 37 ##### `DEFLOCAL`="en_US.UTF-8"
38 Set default system locale and keyboard layout. This setting can also be changed inside the running OS using the `dpkg-reconfigure locales` command. The script variant `minbase` (ENABLE_MINBASE=true) doesn't install `locales`.
38 Set default system locale. This setting can also be changed inside the running OS using the `dpkg-reconfigure locales` command. The script variant `minbase` (ENABLE_MINBASE=true) doesn't install `locales`.
39
39 40
40 41 ##### `TIMEZONE`="Europe/Berlin"
41 42 Set default system timezone. All available timezones can be found in the `/usr/share/zoneinfo/` directory. This setting can also be changed inside the running OS using the `dpkg-reconfigure tzdata` command.
42 43
44 #### Keyboard settings:
45 These options are used to configure keyboard layout in `/etc/default/keyboard` for console and Xorg. These settings can also be changed inside the running OS using the `dpkg-reconfigure keyboard-configuration` command.
46 ##### `XKBMODEL`=""
47 ##### `XKBLAYOUT`=""
48 ##### `XKBVARIANT`=""
49 ##### `XKBOPTIONS`=""
50
43 51 #### Basic system features:
44 52 ##### `ENABLE_CONSOLE`=true
45 53 Enable serial console interface. Recommended if no monitor or keyboard is connected to the RPi2. In case of problems fe. if the network (auto) configuration failed - the serial console can be used to access the system.
46 54
47 55 ##### `ENABLE_IPV6`=true
48 56 Enable IPv6 support. The network interface configuration is managed via systemd-networkd.
49 57
50 58 ##### `ENABLE_SSHD`=true
51 59 Install and enable OpenSSH service. The default configuration of the service doesn't allow `root` to login. Please use the user `pi` instead and `su -` or `sudo` to execute commands as root.
52 60
53 61 ##### `ENABLE_SOUND`=true
54 62 Enable sound hardware and install Advanced Linux Sound Architecture.
55 63
56 64 ##### `ENABLE_HWRANDOM`=true
57 65 Enable Hardware Random Number Generator. Strong random numbers are important for most network based communications that use encryption. It's recommended to be enabled.
58 66
59 67 ##### `ENABLE_MINGPU`=false
60 68 Minimize the amount of shared memory reserved for the GPU. It doesn't seem to be possible to fully disable the GPU.
61 69
62 70 ##### `ENABLE_DBUS`=true
63 71 Install and enable D-Bus message bus. Please note that systemd should work without D-bus but it's recommended to be enabled.
64 72
65 73 ##### `ENABLE_XORG`=false
66 74 Install Xorg open-source X Window System.
67 75
68 76 ##### `ENABLE_WM`=""
69 77 Install a user defined window manager for the X Window System. To make sure all X related package dependencies are getting installed `ENABLE_XORG` will automatically get enabled if `ENABLE_WM` is used. The `rpi2-gen-image.sh` script has been tested with the following list of window managers: `blackbox`, `openbox`, `fluxbox`, `jwm`, `dwm`, `xfce4`, `awesome`.
70 78
71 79 #### Advanced sytem features:
72 80 ##### `ENABLE_MINBASE`=false
73 81 Use debootstrap script variant `minbase` which only includes essential packages and apt. This will reduce the disk usage by about 65 MB.
74 82
75 83 ##### `ENABLE_UBOOT`=false
76 84 Replace default RPi2 second stage bootloader (bootcode.bin) with U-Boot bootloader. U-Boot can boot images via the network using the BOOTP/TFTP protocol.
77 85
78 86 ##### `ENABLE_FBTURBO`=false
79 87 Install and enable the hardware accelerated Xorg video driver `fbturbo`. Please note that this driver is currently limited to hardware accelerated window moving and scrolling.
80 88
81 89 ##### `ENABLE_IPTABLES`=false
82 90 Enable iptables IPv4/IPv6 firewall. Simplified ruleset: Allow all outgoing connections. Block all incoming connections except to OpenSSH service.
83 91
84 92 ##### `ENABLE_HARDNET`=false
85 93 Enable IPv4/IPv6 network stack hardening settings.
86 94
87 95 ## Logging of the bootstrapping process
88 96 All information related to the bootstrapping process and the commands executed by the `rpi2-gen-image.sh` script can easily be saved into a logfile. The common shell command `script` can be used for this purpose:
89 97
90 98 ```shell
91 99 script -c 'APT_SERVER=ftp.de.debian.org ./rpi2-gen-image.sh' ./build.log
92 100 ```
93 101
94 102 ## Flashing the image file
95 103 After the image file was successfully created by the `rpi2-gen-image.sh` script it can be copied to the microSD card that will be used by the RPi2 computer. This can be performed by using the tools `bmaptool` or `dd`. Using `bmaptool` will probably speed-up the copy process because `bmaptool` copies more wisely than `dd`.
96 104
97 105 #####Flashing examples:
98 106 ```shell
99 107 bmaptool copy ./images/jessie/2015-12-13-debian-jessie.img /dev/mmcblk0
100 108 dd bs=4M if=./images/jessie/2015-12-13-debian-jessie.img of=/dev/mmcblk0
101 109 ```
@@ -1,846 +1,887
1 1 #!/bin/sh
2 2
3 3 ########################################################################
4 4 # rpi2-gen-image.sh ver2a 12/2015
5 5 #
6 6 # Advanced debian "jessie" bootstrap script for RPi2
7 7 #
8 8 # This program is free software; you can redistribute it and/or
9 9 # modify it under the terms of the GNU General Public License
10 10 # as published by the Free Software Foundation; either version 2
11 11 # of the License, or (at your option) any later version.
12 12 #
13 13 # some parts based on rpi2-build-image:
14 14 # Copyright (C) 2015 Ryan Finnie <ryan@finnie.org>
15 15 # Copyright (C) 2015 Luca Falavigna <dktrkranz@debian.org>
16 16 ########################################################################
17 17
18 18 # Clean up all temporary mount points
19 19 cleanup (){
20 20 set +x
21 21 set +e
22 22 echo "removing temporary mount points ..."
23 23 umount -l $R/proc 2> /dev/null
24 24 umount -l $R/sys 2> /dev/null
25 25 umount -l $R/dev/pts 2> /dev/null
26 26 umount "$BUILDDIR/mount/boot/firmware" 2> /dev/null
27 27 umount "$BUILDDIR/mount" 2> /dev/null
28 28 losetup -d "$EXT4_LOOP" 2> /dev/null
29 29 losetup -d "$VFAT_LOOP" 2> /dev/null
30 30 trap - 0 1 2 3 6
31 31 }
32 32
33 33 set -e
34 34 set -x
35 35
36 36 # Debian release
37 37 RELEASE=${RELEASE:=jessie}
38 38
39 39 # Build settings
40 40 BASEDIR=./images/${RELEASE}
41 41 BUILDDIR=${BASEDIR}/build
42 42
43 43 # General settings
44 44 HOSTNAME=${HOSTNAME:=rpi2-${RELEASE}}
45 45 PASSWORD=${PASSWORD:=raspberry}
46 46 DEFLOCAL=${DEFLOCAL:="en_US.UTF-8"}
47 47 TIMEZONE=${TIMEZONE:="Europe/Berlin"}
48 XKBMODEL=${XKBMODEL:=""}
49 XKBLAYOUT=${XKBLAYOUT:=""}
50 XKBVARIANT=${XKBVARIANT:=""}
51 XKBOPTIONS=${XKBOPTIONS:=""}
48 52
49 53 # APT settings
50 54 APT_PROXY=${APT_PROXY:=""}
51 55 APT_SERVER=${APT_SERVER:="ftp.debian.org"}
52 56
53 57 # Feature settings
54 58 ENABLE_CONSOLE=${ENABLE_CONSOLE:=true}
55 59 ENABLE_IPV6=${ENABLE_IPV6:=true}
56 60 ENABLE_SSHD=${ENABLE_SSHD:=true}
57 61 ENABLE_SOUND=${ENABLE_SOUND:=true}
58 62 ENABLE_DBUS=${ENABLE_DBUS:=true}
59 63 ENABLE_HWRANDOM=${ENABLE_HWRANDOM:=true}
60 64 ENABLE_MINGPU=${ENABLE_MINGPU:=false}
61 65 ENABLE_XORG=${ENABLE_XORG:=false}
62 66 ENABLE_WM=${ENABLE_WM:=""}
63 67
64 68 # Advanced settings
65 69 ENABLE_MINBASE=${ENABLE_MINBASE:=false}
66 70 ENABLE_UBOOT=${ENABLE_UBOOT:=false}
67 71 ENABLE_FBTURBO=${ENABLE_FBTURBO:=false}
68 72 ENABLE_HARDNET=${ENABLE_HARDNET:=false}
69 73 ENABLE_IPTABLES=${ENABLE_IPTABLES:=false}
70 74
71 75 # Image chroot path
72 76 R=${BUILDDIR}/chroot
73 77
74 78 # Packages required for bootstrapping
75 79 REQUIRED_PACKAGES="debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git-core"
76 80
77 81 # Missing packages that need to be installed
78 82 MISSING_PACKAGES=""
79 83
80 84 # Packages required in the chroot build environment
81 85 APT_INCLUDES="apt-transport-https,ca-certificates,debian-archive-keyring,dialog,sudo"
82 86
83 87 set +x
84 88
85 89 # Are we running as root?
86 90 if [ "$(id -u)" -ne "0" ] ; then
87 91 echo "this script must be executed with root privileges"
88 92 exit 1
89 93 fi
90 94
91 95 # Check if all required packages are installed
92 96 for package in $REQUIRED_PACKAGES ; do
93 97 if [ "`dpkg-query -W -f='${Status}' $package`" != "install ok installed" ] ; then
94 98 MISSING_PACKAGES="$MISSING_PACKAGES $package"
95 99 fi
96 100 done
97 101
98 102 # Ask if missing packages should get installed right now
99 103 if [ -n "$MISSING_PACKAGES" ] ; then
100 104 echo "the following packages needed by this script are not installed:"
101 105 echo "$MISSING_PACKAGES"
102 106
103 107 echo -n "\ndo you want to install the missing packages right now? [y/n] "
104 108 read confirm
105 109 if [ "$confirm" != "y" ] ; then
106 110 exit 1
107 111 fi
108 112 fi
109 113
110 114 # Make sure all required packages are installed
111 115 apt-get -qq -y install ${REQUIRED_PACKAGES}
112 116
113 117 # Don't clobber an old build
114 118 if [ -e "$BUILDDIR" ]; then
115 119 echo "directory $BUILDDIR already exists, not proceeding"
116 120 exit 1
117 121 fi
118 122
119 123 set -x
120 124
121 125 # Call "cleanup" function on various signals and errors
122 126 trap cleanup 0 1 2 3 6
123 127
124 128 # Set up chroot directory
125 129 mkdir -p $R
126 130
127 131 # Add required packages for the minbase installation
128 132 if [ "$ENABLE_MINBASE" = true ] ; then
129 133 APT_INCLUDES="${APT_INCLUDES},vim-tiny,netbase,net-tools"
130 134 else
131 APT_INCLUDES="${APT_INCLUDES},locales"
135 APT_INCLUDES="${APT_INCLUDES},locales,keyboard-configuration,console-setup"
132 136 fi
133 137
134 138 # Add dbus package, recommended if using systemd
135 139 if [ "$ENABLE_DBUS" = true ] ; then
136 140 APT_INCLUDES="${APT_INCLUDES},dbus"
137 141 fi
138 142
139 143 # Add iptables IPv4/IPv6 package
140 144 if [ "$ENABLE_IPTABLES" = true ] ; then
141 145 APT_INCLUDES="${APT_INCLUDES},iptables"
142 146 fi
143 147
144 148 # Add openssh server package
145 149 if [ "$ENABLE_SSHD" = true ] ; then
146 150 APT_INCLUDES="${APT_INCLUDES},openssh-server"
147 151 fi
148 152
149 153 # Add alsa-utils package
150 154 if [ "$ENABLE_SOUND" = true ] ; then
151 155 APT_INCLUDES="${APT_INCLUDES},alsa-utils"
152 156 fi
153 157
154 158 # Add rng-tools package
155 159 if [ "$ENABLE_HWRANDOM" = true ] ; then
156 160 APT_INCLUDES="${APT_INCLUDES},rng-tools"
157 161 fi
158 162
159 163 # Add fbturbo video driver
160 164 if [ "$ENABLE_FBTURBO" = true ] ; then
161 165 # Enable xorg package dependencies
162 166 ENABLE_XORG=true
163 167 fi
164 168
165 169 # Add user defined window manager package
166 170 if [ -n "$ENABLE_WM" ] ; then
167 171 APT_INCLUDES="${APT_INCLUDES},${ENABLE_WM}"
168 172
169 173 # Enable xorg package dependencies
170 174 ENABLE_XORG=true
171 175 fi
172 176
173 177 # Add xorg package
174 178 if [ "$ENABLE_XORG" = true ] ; then
175 179 APT_INCLUDES="${APT_INCLUDES},xorg"
176 180 fi
177 181
178 182 # Set empty proxy string
179 183 if [ -z "$APT_PROXY" ] ; then
180 184 APT_PROXY="http://"
181 185 fi
182 186
183 187 # Base debootstrap (unpack only)
184 188 if [ "$ENABLE_MINBASE" = true ] ; then
185 189 http_proxy=${APT_PROXY} debootstrap --arch=armhf --variant=minbase --foreign --include=${APT_INCLUDES} $RELEASE $R http://${APT_SERVER}/debian
186 190 else
187 191 http_proxy=${APT_PROXY} debootstrap --arch=armhf --foreign --include=${APT_INCLUDES} $RELEASE $R http://${APT_SERVER}/debian
188 192 fi
189 193
190 194 # Copy qemu emulator binary to chroot
191 195 cp /usr/bin/qemu-arm-static $R/usr/bin
192 196
193 197 # Copy debian-archive-keyring.pgp
194 198 chroot $R mkdir -p /usr/share/keyrings
195 199 cp /usr/share/keyrings/debian-archive-keyring.gpg $R/usr/share/keyrings/debian-archive-keyring.gpg
196 200
197 201 # Complete the bootstrapping process
198 202 chroot $R /debootstrap/debootstrap --second-stage
199 203
200 204 # Mount required filesystems
201 205 mount -t proc none $R/proc
202 206 mount -t sysfs none $R/sys
203 207 mount --bind /dev/pts $R/dev/pts
204 208
205 209 # Use proxy inside chroot
206 210 if [ -z "$APT_PROXY" ] ; then
207 211 echo "Acquire::http::Proxy \"$APT_PROXY\"" >> $R/etc/apt/apt.conf.d/10proxy
208 212 fi
209 213
210 214 # Pin package flash-kernel to repositories.collabora.co.uk
211 215 cat <<EOM >$R/etc/apt/preferences.d/flash-kernel
212 216 Package: flash-kernel
213 217 Pin: origin repositories.collabora.co.uk
214 218 Pin-Priority: 1000
215 219 EOM
216 220
217 221 # Set up timezone
218 222 echo ${TIMEZONE} >$R/etc/timezone
219 223 LANG=C chroot $R dpkg-reconfigure -f noninteractive tzdata
220 224
221 # Set up default locales to "en_US.UTF-8" default
222 if [ "$ENABLE_MINBASE" = false ] ; then
223 LANG=C chroot $R sed -i '/${DEFLOCAL}/s/^#//' /etc/locale.gen
224 LANG=C chroot $R locale-gen ${DEFLOCAL}
225 fi
226
227 225 # Upgrade collabora package index and install collabora keyring
228 226 echo "deb https://repositories.collabora.co.uk/debian ${RELEASE} rpi2" >$R/etc/apt/sources.list
229 227 LANG=C chroot $R apt-get -qq -y update
230 228 LANG=C chroot $R apt-get -qq -y --force-yes install collabora-obs-archive-keyring
231 229
232 230 # Set up initial sources.list
233 231 cat <<EOM >$R/etc/apt/sources.list
234 232 deb http://${APT_SERVER}/debian ${RELEASE} main contrib
235 233 #deb-src http://${APT_SERVER}/debian ${RELEASE} main contrib
236 234
237 235 deb http://${APT_SERVER}/debian/ ${RELEASE}-updates main contrib
238 236 #deb-src http://${APT_SERVER}/debian/ ${RELEASE}-updates main contrib
239 237
240 238 deb http://security.debian.org/ ${RELEASE}/updates main contrib
241 239 #deb-src http://security.debian.org/ ${RELEASE}/updates main contrib
242 240
243 241 deb https://repositories.collabora.co.uk/debian ${RELEASE} rpi2
244 242 EOM
245 243
246 244 # Upgrade package index and update all installed packages and changed dependencies
247 245 LANG=C chroot $R apt-get -qq -y update
248 246 LANG=C chroot $R apt-get -qq -y -u dist-upgrade
249 247
248 # Set up default locale and keyboard configuration
249 if [ "$ENABLE_MINBASE" = false ] ; then
250 # Set locale choice in debconf db, even though dpkg-reconfigure ignores and overwrites them due to some bug
251 # https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=684134 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=685957
252 # ... so we have to set locales manually
253 if [ "$DEFLOCAL" = "en_US.UTF-8" ] ; then
254 LANG=C chroot $R echo "locales locales/locales_to_be_generated multiselect ${DEFLOCAL} UTF-8" | debconf-set-selections
255 else
256 # en_US.UTF-8 should be available anyway : https://www.debian.org/doc/manuals/debian-reference/ch08.en.html#_the_reconfiguration_of_the_locale
257 LANG=C chroot $R echo "locales locales/locales_to_be_generated multiselect en_US.UTF-8 UTF-8, ${DEFLOCAL} UTF-8" | debconf-set-selections
258 LANG=C chroot $R sed -i "/en_US.UTF-8/s/^#//" /etc/locale.gen
259 fi
260 LANG=C chroot $R sed -i "/${DEFLOCAL}/s/^#//" /etc/locale.gen
261 LANG=C chroot $R echo "locales locales/default_environment_locale select ${DEFLOCAL}" | debconf-set-selections
262 LANG=C chroot $R locale-gen
263 LANG=C chroot $R update-locale LANG=${DEFLOCAL}
264
265 # Keyboard configuration, if requested
266 if [ "$XKBMODEL" != "" ] ; then
267 LANG=C chroot $R sed -i "s/^XKBMODEL.*/XKBMODEL=\"${XKBMODEL}\"/" /etc/default/keyboard
268 fi
269 if [ "$XKBLAYOUT" != "" ] ; then
270 LANG=C chroot $R sed -i "s/^XKBLAYOUT.*/XKBLAYOUT=\"${XKBLAYOUT}\"/" /etc/default/keyboard
271 fi
272 if [ "$XKBVARIANT" != "" ] ; then
273 LANG=C chroot $R sed -i "s/^XKBVARIANT.*/XKBVARIANT=\"${XKBVARIANT}\"/" /etc/default/keyboard
274 fi
275 if [ "$XKBOPTIONS" != "" ] ; then
276 LANG=C chroot $R sed -i "s/^XKBOPTIONS.*/XKBOPTIONS=\"${XKBOPTIONS}\"/" /etc/default/keyboard
277 fi
278 LANG=C chroot $R dpkg-reconfigure -f noninteractive keyboard-configuration
279 # Set up font console
280 case "${DEFLOCAL}" in
281 *UTF-8)
282 LANG=C chroot $R sed -i 's/^CHARMAP.*/CHARMAP="UTF-8"/' /etc/default/console-setup
283 ;;
284 *)
285 LANG=C chroot $R sed -i 's/^CHARMAP.*/CHARMAP="guess"/' /etc/default/console-setup
286 ;;
287 esac
288 LANG=C chroot $R dpkg-reconfigure -f noninteractive console-setup
289 fi
290
250 291 # Kernel installation
251 292 # Install flash-kernel last so it doesn't try (and fail) to detect the platform in the chroot
252 293 LANG=C chroot $R apt-get -qq -y --no-install-recommends install linux-image-3.18.0-trunk-rpi2
253 294 LANG=C chroot $R apt-get -qq -y install flash-kernel
254 295
255 296 VMLINUZ="$(ls -1 $R/boot/vmlinuz-* | sort | tail -n 1)"
256 297 [ -z "$VMLINUZ" ] && exit 1
257 298 mkdir -p $R/boot/firmware
258 299
259 300 # required boot binaries from raspberry/firmware github (commit: "kernel: Bump to 3.18.10")
260 301 wget -q -O $R/boot/firmware/bootcode.bin https://github.com/raspberrypi/firmware/raw/cd355a9dd4f1f4de2e79b0c8e102840885cdf1de/boot/bootcode.bin
261 302 wget -q -O $R/boot/firmware/fixup_cd.dat https://github.com/raspberrypi/firmware/raw/cd355a9dd4f1f4de2e79b0c8e102840885cdf1de/boot/fixup_cd.dat
262 303 wget -q -O $R/boot/firmware/fixup.dat https://github.com/raspberrypi/firmware/raw/cd355a9dd4f1f4de2e79b0c8e102840885cdf1de/boot/fixup.dat
263 304 wget -q -O $R/boot/firmware/fixup_x.dat https://github.com/raspberrypi/firmware/raw/cd355a9dd4f1f4de2e79b0c8e102840885cdf1de/boot/fixup_x.dat
264 305 wget -q -O $R/boot/firmware/start_cd.elf https://github.com/raspberrypi/firmware/raw/cd355a9dd4f1f4de2e79b0c8e102840885cdf1de/boot/start_cd.elf
265 306 wget -q -O $R/boot/firmware/start.elf https://github.com/raspberrypi/firmware/raw/cd355a9dd4f1f4de2e79b0c8e102840885cdf1de/boot/start.elf
266 307 wget -q -O $R/boot/firmware/start_x.elf https://github.com/raspberrypi/firmware/raw/cd355a9dd4f1f4de2e79b0c8e102840885cdf1de/boot/start_x.elf
267 308 cp $VMLINUZ $R/boot/firmware/kernel7.img
268 309
269 310 # Set up IPv4 hosts
270 311 echo ${HOSTNAME} >$R/etc/hostname
271 312 cat <<EOM >$R/etc/hosts
272 313 127.0.0.1 localhost
273 314 127.0.1.1 ${HOSTNAME}
274 315 EOM
275 316
276 317 # Set up IPv6 hosts
277 318 if [ "$ENABLE_IPV6" = true ] ; then
278 319 cat <<EOM >>$R/etc/hosts
279 320
280 321 ::1 localhost ip6-localhost ip6-loopback
281 322 ff02::1 ip6-allnodes
282 323 ff02::2 ip6-allrouters
283 324 EOM
284 325 fi
285 326
286 327 # Place hint about network configuration
287 328 cat <<EOM >$R/etc/network/interfaces
288 329 # Debian switched to systemd-networkd configuration files.
289 330 # please configure your networks in '/etc/systemd/network/'
290 331 EOM
291 332
292 333 # Enable systemd-networkd DHCP configuration for interface eth0
293 334 cat <<EOM >$R/etc/systemd/network/eth.network
294 335 [Match]
295 336 Name=eth0
296 337
297 338 [Network]
298 339 DHCP=yes
299 340 EOM
300 341
301 342 # Set DHCP configuration to IPv4 only
302 343 if [ "$ENABLE_IPV6" = false ] ; then
303 344 sed -i "s/=yes/=v4/" $R/etc/systemd/network/eth.network
304 345 fi
305 346
306 347 # Enable systemd-networkd service
307 348 LANG=C chroot $R systemctl enable systemd-networkd
308 349
309 350 # Generate crypt(3) password string
310 351 ENCRYPTED_PASSWORD=`mkpasswd -m sha-512 ${PASSWORD}`
311 352
312 353 # Set up default user
313 354 LANG=C chroot $R adduser --gecos "Raspberry PI user" --add_extra_groups --disabled-password pi
314 355 LANG=C chroot $R usermod -a -G sudo -p "${ENCRYPTED_PASSWORD}" pi
315 356
316 357 # Set up root password
317 358 LANG=C chroot $R usermod -p "${ENCRYPTED_PASSWORD}" root
318 359
319 360 # Set up firmware boot cmdline
320 361 CMDLINE="dwc_otg.lpm_enable=0 root=/dev/mmcblk0p2 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline rootwait net.ifnames=1 console=tty1"
321 362
322 363 # Set up serial console support (if requested)
323 364 if [ "$ENABLE_CONSOLE" = true ] ; then
324 365 CMDLINE="${CMDLINE} console=ttyAMA0,115200 kgdboc=ttyAMA0,115200"
325 366 fi
326 367
327 368 # Set up IPv6 networking support
328 369 if [ "$ENABLE_IPV6" = false ] ; then
329 370 CMDLINE="${CMDLINE} ipv6.disable=1"
330 371 fi
331 372
332 373 echo "${CMDLINE}" >$R/boot/firmware/cmdline.txt
333 374
334 375 # Set up firmware config
335 376 cat <<EOM >$R/boot/firmware/config.txt
336 377 # For more options and information see
337 378 # http://www.raspberrypi.org/documentation/configuration/config-txt.md
338 379 # Some settings may impact device functionality. See link above for details
339 380
340 381 # uncomment if you get no picture on HDMI for a default "safe" mode
341 382 #hdmi_safe=1
342 383
343 384 # uncomment this if your display has a black border of unused pixels visible
344 385 # and your display can output without overscan
345 386 #disable_overscan=1
346 387
347 388 # uncomment the following to adjust overscan. Use positive numbers if console
348 389 # goes off screen, and negative if there is too much border
349 390 #overscan_left=16
350 391 #overscan_right=16
351 392 #overscan_top=16
352 393 #overscan_bottom=16
353 394
354 395 # uncomment to force a console size. By default it will be display's size minus
355 396 # overscan.
356 397 #framebuffer_width=1280
357 398 #framebuffer_height=720
358 399
359 400 # uncomment if hdmi display is not detected and composite is being output
360 401 #hdmi_force_hotplug=1
361 402
362 403 # uncomment to force a specific HDMI mode (this will force VGA)
363 404 #hdmi_group=1
364 405 #hdmi_mode=1
365 406
366 407 # uncomment to force a HDMI mode rather than DVI. This can make audio work in
367 408 # DMT (computer monitor) modes
368 409 #hdmi_drive=2
369 410
370 411 # uncomment to increase signal to HDMI, if you have interference, blanking, or
371 412 # no display
372 413 #config_hdmi_boost=4
373 414
374 415 # uncomment for composite PAL
375 416 #sdtv_mode=2
376 417
377 418 # uncomment to overclock the arm. 700 MHz is the default.
378 419 #arm_freq=800
379 420 EOM
380 421
381 422 # Load snd_bcm2835 kernel module at boot time
382 423 if [ "$ENABLE_SOUND" = true ] ; then
383 424 echo "snd_bcm2835" >>$R/etc/modules
384 425 fi
385 426
386 427 # Set smallest possible GPU memory allocation size: 16MB (no X)
387 428 if [ "$ENABLE_MINGPU" = true ] ; then
388 429 echo "gpu_mem=16" >>$R/boot/firmware/config.txt
389 430 fi
390 431
391 432 # Create symlinks
392 433 ln -sf firmware/config.txt $R/boot/config.txt
393 434 ln -sf firmware/cmdline.txt $R/boot/cmdline.txt
394 435
395 436 # Prepare modules-load.d directory
396 437 mkdir -p $R/lib/modules-load.d/
397 438
398 439 # Load random module on boot
399 440 if [ "$ENABLE_HWRANDOM" = true ] ; then
400 441 cat <<EOM >$R/lib/modules-load.d/rpi2.conf
401 442 bcm2708_rng
402 443 EOM
403 444 fi
404 445
405 446 # Prepare modprobe.d directory
406 447 mkdir -p $R/etc/modprobe.d/
407 448
408 449 # Blacklist sound modules
409 450 cat <<EOM >$R/etc/modprobe.d/raspi-blacklist.conf
410 451 blacklist snd_soc_core
411 452 blacklist snd_pcm
412 453 blacklist snd_pcm_dmaengine
413 454 blacklist snd_timer
414 455 blacklist snd_compress
415 456 blacklist snd_soc_pcm512x_i2c
416 457 blacklist snd_soc_pcm512x
417 458 blacklist snd_soc_tas5713
418 459 blacklist snd_soc_wm8804
419 460 EOM
420 461
421 462 # Create default fstab
422 463 cat <<EOM >$R/etc/fstab
423 464 /dev/mmcblk0p2 / ext4 noatime,nodiratime,errors=remount-ro,discard,data=writeback,commit=100 0 1
424 465 /dev/mmcblk0p1 /boot/firmware vfat defaults,noatime,nodiratime 0 2
425 466 EOM
426 467
427 468 # Avoid swapping and increase cache sizes
428 469 cat <<EOM >>$R/etc/sysctl.d/99-sysctl.conf
429 470
430 471 # Avoid swapping and increase cache sizes
431 472 vm.swappiness=1
432 473 vm.dirty_background_ratio=20
433 474 vm.dirty_ratio=40
434 475 vm.dirty_writeback_centisecs=500
435 476 vm.dirty_expire_centisecs=6000
436 477 EOM
437 478
438 479 # Enable network stack hardening
439 480 if [ "$ENABLE_HARDNET" = true ] ; then
440 481 cat <<EOM >>$R/etc/sysctl.d/99-sysctl.conf
441 482
442 483 # Enable network stack hardening
443 484 net.ipv4.tcp_timestamps=0
444 485 net.ipv4.tcp_syncookies=1
445 486 net.ipv4.conf.all.rp_filter=1
446 487 net.ipv4.conf.all.accept_redirects=0
447 488 net.ipv4.conf.all.send_redirects=0
448 489 net.ipv4.conf.all.accept_source_route=0
449 490 net.ipv4.conf.default.rp_filter=1
450 491 net.ipv4.conf.default.accept_redirects=0
451 492 net.ipv4.conf.default.send_redirects=0
452 493 net.ipv4.conf.default.accept_source_route=0
453 494 net.ipv4.conf.lo.accept_redirects=0
454 495 net.ipv4.conf.lo.send_redirects=0
455 496 net.ipv4.conf.lo.accept_source_route=0
456 497 net.ipv4.conf.eth0.accept_redirects=0
457 498 net.ipv4.conf.eth0.send_redirects=0
458 499 net.ipv4.conf.eth0.accept_source_route=0
459 500 net.ipv4.icmp_echo_ignore_broadcasts=1
460 501 net.ipv4.icmp_ignore_bogus_error_responses=1
461 502
462 503 net.ipv6.conf.all.accept_redirects=0
463 504 net.ipv6.conf.all.accept_source_route=0
464 505 net.ipv6.conf.all.router_solicitations=0
465 506 net.ipv6.conf.all.accept_ra_rtr_pref=0
466 507 net.ipv6.conf.all.accept_ra_pinfo=0
467 508 net.ipv6.conf.all.accept_ra_defrtr=0
468 509 net.ipv6.conf.all.autoconf=0
469 510 net.ipv6.conf.all.dad_transmits=0
470 511 net.ipv6.conf.all.max_addresses=1
471 512
472 513 net.ipv6.conf.default.accept_redirects=0
473 514 net.ipv6.conf.default.accept_source_route=0
474 515 net.ipv6.conf.default.router_solicitations=0
475 516 net.ipv6.conf.default.accept_ra_rtr_pref=0
476 517 net.ipv6.conf.default.accept_ra_pinfo=0
477 518 net.ipv6.conf.default.accept_ra_defrtr=0
478 519 net.ipv6.conf.default.autoconf=0
479 520 net.ipv6.conf.default.dad_transmits=0
480 521 net.ipv6.conf.default.max_addresses=1
481 522
482 523 net.ipv6.conf.lo.accept_redirects=0
483 524 net.ipv6.conf.lo.accept_source_route=0
484 525 net.ipv6.conf.lo.router_solicitations=0
485 526 net.ipv6.conf.lo.accept_ra_rtr_pref=0
486 527 net.ipv6.conf.lo.accept_ra_pinfo=0
487 528 net.ipv6.conf.lo.accept_ra_defrtr=0
488 529 net.ipv6.conf.lo.autoconf=0
489 530 net.ipv6.conf.lo.dad_transmits=0
490 531 net.ipv6.conf.lo.max_addresses=1
491 532
492 533 net.ipv6.conf.eth0.accept_redirects=0
493 534 net.ipv6.conf.eth0.accept_source_route=0
494 535 net.ipv6.conf.eth0.router_solicitations=0
495 536 net.ipv6.conf.eth0.accept_ra_rtr_pref=0
496 537 net.ipv6.conf.eth0.accept_ra_pinfo=0
497 538 net.ipv6.conf.eth0.accept_ra_defrtr=0
498 539 net.ipv6.conf.eth0.autoconf=0
499 540 net.ipv6.conf.eth0.dad_transmits=0
500 541 net.ipv6.conf.eth0.max_addresses=1
501 542 EOM
502 543
503 544 # Enable resolver warnings about spoofed addresses
504 545 cat <<EOM >>$R/etc/host.conf
505 546 spoof warn
506 547 EOM
507 548 fi
508 549
509 550 # Regenerate openssh server host keys
510 551 if [ "$ENABLE_SSHD" = true ] ; then
511 552 rm -fr $R/etc/ssh/ssh_host_*
512 553 LANG=C chroot $R dpkg-reconfigure openssh-server
513 554 fi
514 555
515 556 # Enable serial console systemd style
516 557 if [ "$ENABLE_CONSOLE" = true ] ; then
517 558 LANG=C chroot $R systemctl enable serial-getty\@ttyAMA0.service
518 559 fi
519 560
520 561 # Enable firewall based on iptables started by systemd service
521 562 if [ "$ENABLE_IPTABLES" = true ] ; then
522 563 # Create iptables configuration directory
523 564 mkdir -p "$R/etc/iptables"
524 565
525 566 # Create iptables systemd service
526 567 cat <<EOM >$R/etc/systemd/system/iptables.service
527 568 [Unit]
528 569 Description=Packet Filtering Framework
529 570 DefaultDependencies=no
530 571 After=systemd-sysctl.service
531 572 Before=sysinit.target
532 573 [Service]
533 574 Type=oneshot
534 575 ExecStart=/sbin/iptables-restore /etc/iptables/iptables.rules
535 576 ExecReload=/sbin/iptables-restore /etc/iptables/iptables.rules
536 577 ExecStop=/etc/iptables/flush-iptables.sh
537 578 RemainAfterExit=yes
538 579 [Install]
539 580 WantedBy=multi-user.target
540 581 EOM
541 582
542 583 # Create flush-table script called by iptables service
543 584 cat <<EOM >$R/etc/iptables/flush-iptables.sh
544 585 #!/bin/sh
545 586 iptables -F
546 587 iptables -X
547 588 iptables -t nat -F
548 589 iptables -t nat -X
549 590 iptables -t mangle -F
550 591 iptables -t mangle -X
551 592 iptables -P INPUT ACCEPT
552 593 iptables -P FORWARD ACCEPT
553 594 iptables -P OUTPUT ACCEPT
554 595 EOM
555 596
556 597 # Create iptables rule file
557 598 cat <<EOM >$R/etc/iptables/iptables.rules
558 599 *filter
559 600 :INPUT DROP [0:0]
560 601 :FORWARD DROP [0:0]
561 602 :OUTPUT ACCEPT [0:0]
562 603 :TCP - [0:0]
563 604 :UDP - [0:0]
564 605 :SSH - [0:0]
565 606
566 607 # Rate limit ping requests
567 608 -A INPUT -p icmp --icmp-type echo-request -m limit --limit 30/min --limit-burst 8 -j ACCEPT
568 609 -A INPUT -p icmp --icmp-type echo-request -j DROP
569 610
570 611 # Accept established connections
571 612 -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
572 613
573 614 # Accept all traffic on loopback interface
574 615 -A INPUT -i lo -j ACCEPT
575 616
576 617 # Drop packets declared invalid
577 618 -A INPUT -m conntrack --ctstate INVALID -j DROP
578 619
579 620 # SSH rate limiting
580 621 -A INPUT -p tcp --dport ssh -m conntrack --ctstate NEW -j SSH
581 622 -A SSH -m recent --name sshbf --rttl --rcheck --hitcount 3 --seconds 10 -j DROP
582 623 -A SSH -m recent --name sshbf --rttl --rcheck --hitcount 20 --seconds 1800 -j DROP
583 624 -A SSH -m recent --name sshbf --set -j ACCEPT
584 625
585 626 # Send TCP and UDP connections to their respective rules chain
586 627 -A INPUT -p udp -m conntrack --ctstate NEW -j UDP
587 628 -A INPUT -p tcp --syn -m conntrack --ctstate NEW -j TCP
588 629
589 630 # Reject dropped packets with a RFC compliant responce
590 631 -A INPUT -p udp -j REJECT --reject-with icmp-port-unreachable
591 632 -A INPUT -p tcp -j REJECT --reject-with tcp-rst
592 633 -A INPUT -j REJECT --reject-with icmp-proto-unreachable
593 634
594 635 ## TCP PORT RULES
595 636 # -A TCP -p tcp -j LOG
596 637
597 638 ## UDP PORT RULES
598 639 # -A UDP -p udp -j LOG
599 640
600 641 COMMIT
601 642 EOM
602 643
603 644 # Reload systemd configuration and enable iptables service
604 645 LANG=C chroot $R systemctl daemon-reload
605 646 LANG=C chroot $R systemctl enable iptables.service
606 647
607 648 if [ "$ENABLE_IPV6" = true ] ; then
608 649 # Create ip6tables systemd service
609 650 cat <<EOM >$R/etc/systemd/system/ip6tables.service
610 651 [Unit]
611 652 Description=Packet Filtering Framework
612 653 DefaultDependencies=no
613 654 After=systemd-sysctl.service
614 655 Before=sysinit.target
615 656 [Service]
616 657 Type=oneshot
617 658 ExecStart=/sbin/ip6tables-restore /etc/iptables/ip6tables.rules
618 659 ExecReload=/sbin/ip6tables-restore /etc/iptables/ip6tables.rules
619 660 ExecStop=/etc/iptables/flush-ip6tables.sh
620 661 RemainAfterExit=yes
621 662 [Install]
622 663 WantedBy=multi-user.target
623 664 EOM
624 665
625 666 # Create ip6tables file
626 667 cat <<EOM >$R/etc/iptables/flush-ip6tables.sh
627 668 #!/bin/sh
628 669 ip6tables -F
629 670 ip6tables -X
630 671 ip6tables -Z
631 672 for table in $(</proc/net/ip6_tables_names)
632 673 do
633 674 ip6tables -t \$table -F
634 675 ip6tables -t \$table -X
635 676 ip6tables -t \$table -Z
636 677 done
637 678 ip6tables -P INPUT ACCEPT
638 679 ip6tables -P OUTPUT ACCEPT
639 680 ip6tables -P FORWARD ACCEPT
640 681 EOM
641 682
642 683 # Create ip6tables rule file
643 684 cat <<EOM >$R/etc/iptables/ip6tables.rules
644 685 *filter
645 686 :INPUT DROP [0:0]
646 687 :FORWARD DROP [0:0]
647 688 :OUTPUT ACCEPT [0:0]
648 689 :TCP - [0:0]
649 690 :UDP - [0:0]
650 691 :SSH - [0:0]
651 692
652 693 # Drop packets with RH0 headers
653 694 -A INPUT -m rt --rt-type 0 -j DROP
654 695 -A OUTPUT -m rt --rt-type 0 -j DROP
655 696 -A FORWARD -m rt --rt-type 0 -j DROP
656 697
657 698 # Rate limit ping requests
658 699 -A INPUT -p icmpv6 --icmpv6-type echo-request -m limit --limit 30/min --limit-burst 8 -j ACCEPT
659 700 -A INPUT -p icmpv6 --icmpv6-type echo-request -j DROP
660 701
661 702 # Accept established connections
662 703 -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
663 704
664 705 # Accept all traffic on loopback interface
665 706 -A INPUT -i lo -j ACCEPT
666 707
667 708 # Drop packets declared invalid
668 709 -A INPUT -m conntrack --ctstate INVALID -j DROP
669 710
670 711 # SSH rate limiting
671 712 -A INPUT -p tcp --dport ssh -m conntrack --ctstate NEW -j SSH
672 713 -A SSH -m recent --name sshbf --rttl --rcheck --hitcount 3 --seconds 10 -j DROP
673 714 -A SSH -m recent --name sshbf --rttl --rcheck --hitcount 20 --seconds 1800 -j DROP
674 715 -A SSH -m recent --name sshbf --set -j ACCEPT
675 716
676 717 # Send TCP and UDP connections to their respective rules chain
677 718 -A INPUT -p udp -m conntrack --ctstate NEW -j UDP
678 719 -A INPUT -p tcp --syn -m conntrack --ctstate NEW -j TCP
679 720
680 721 # Reject dropped packets with a RFC compliant responce
681 722 -A INPUT -p udp -j REJECT --reject-with icmp6-adm-prohibited
682 723 -A INPUT -p tcp -j REJECT --reject-with icmp6-adm-prohibited
683 724 -A INPUT -j REJECT --reject-with icmp6-adm-prohibited
684 725
685 726 ## TCP PORT RULES
686 727 # -A TCP -p tcp -j LOG
687 728
688 729 ## UDP PORT RULES
689 730 # -A UDP -p udp -j LOG
690 731
691 732 COMMIT
692 733 EOM
693 734
694 735 # Reload systemd configuration and enable iptables service
695 736 LANG=C chroot $R systemctl daemon-reload
696 737 LANG=C chroot $R systemctl enable ip6tables.service
697 738 fi
698 739 fi
699 740
700 741 # Remove SSHD related iptables rules
701 742 if [ "$ENABLE_SSHD" = false ] ; then
702 743 sed -e '/^#/! {/SSH/ s/^/# /}' -i $R/etc/iptables/iptables.rules 2> /dev/null
703 744 sed -e '/^#/! {/SSH/ s/^/# /}' -i $R/etc/iptables/ip6tables.rules 2> /dev/null
704 745 fi
705 746
706 747 # Install gcc/c++ build environment inside the chroot
707 748 if [ "$ENABLE_UBOOT" = true ] || [ "$ENABLE_FBTURBO" = true ]; then
708 749 LANG=C chroot $R apt-get install -q -y --force-yes --no-install-recommends linux-compiler-gcc-4.9-arm g++ make bc
709 750 fi
710 751
711 752 # Fetch and build U-Boot bootloader
712 753 if [ "$ENABLE_UBOOT" = true ] ; then
713 754 # Fetch U-Boot bootloader sources
714 755 git -C $R/tmp clone git://git.denx.de/u-boot.git
715 756
716 757 # Build and install U-Boot inside chroot
717 758 LANG=C chroot $R make -C /tmp/u-boot/ rpi_2_defconfig all
718 759
719 760 # Copy compiled bootloader binary and set config.txt to load it
720 761 cp $R/tmp/u-boot/u-boot.bin $R/boot/firmware/
721 762 printf "\n# boot u-boot kernel\nkernel=u-boot.bin\n" >> $R/boot/firmware/config.txt
722 763
723 764 # Set U-Boot command file
724 765 cat <<EOM >$R/boot/firmware/uboot.mkimage
725 766 # Tell Linux that it is booting on a Raspberry Pi2
726 767 setenv machid 0x00000c42
727 768
728 769 # Set the kernel boot command line
729 770 setenv bootargs "earlyprintk ${CMDLINE}"
730 771
731 772 # Save these changes to u-boot's environment
732 773 saveenv
733 774
734 775 # Load the existing Linux kernel into RAM
735 776 fatload mmc 0:1 \${kernel_addr_r} kernel7.img
736 777
737 778 # Boot the kernel we have just loaded
738 779 bootz \${kernel_addr_r}
739 780 EOM
740 781
741 782 # Generate U-Boot image from command file
742 783 LANG=C chroot $R mkimage -A arm -O linux -T script -C none -a 0x00000000 -e 0x00000000 -n "RPi2 Boot Script" -d /boot/firmware/uboot.mkimage /boot/firmware/boot.scr
743 784 fi
744 785
745 786 # Fetch and build fbturbo Xorg driver
746 787 if [ "$ENABLE_FBTURBO" = true ] ; then
747 788 # Fetch fbturbo driver sources
748 789 git -C $R/tmp clone https://github.com/ssvb/xf86-video-fbturbo.git
749 790
750 791 # Install Xorg build dependencies
751 792 LANG=C chroot $R apt-get install -q -y --no-install-recommends xorg-dev xutils-dev x11proto-dri2-dev libltdl-dev libtool automake libdrm-dev
752 793
753 794 # Build and install fbturbo driver inside chroot
754 795 LANG=C chroot $R /bin/bash -c "cd /tmp/xf86-video-fbturbo; autoreconf -vi; ./configure --prefix=/usr; make; make install"
755 796
756 797 # Add fbturbo driver to Xorg configuration
757 798 cat <<EOM >$R/usr/share/X11/xorg.conf.d/99-fbturbo.conf
758 799 Section "Device"
759 800 Identifier "Allwinner A10/A13 FBDEV"
760 801 Driver "fbturbo"
761 802 Option "fbdev" "/dev/fb0"
762 803 Option "SwapbuffersWait" "true"
763 804 EndSection
764 805 EOM
765 806
766 807 # Remove Xorg build dependencies
767 808 LANG=C chroot $R apt-get -q -y purge --auto-remove xorg-dev xutils-dev x11proto-dri2-dev libltdl-dev libtool automake libdrm-dev
768 809 fi
769 810
770 811 # Remove gcc/c++ build environment from the chroot
771 812 if [ "$ENABLE_UBOOT" = true ] || [ "$ENABLE_FBTURBO" = true ]; then
772 813 LANG=C chroot $R apt-get -y -q purge --auto-remove bc binutils cpp cpp-4.9 g++ g++-4.9 gcc gcc-4.9 libasan1 libatomic1 libc-dev-bin libc6-dev libcloog-isl4 libgcc-4.9-dev libgomp1 libisl10 libmpc3 libmpfr4 libstdc++-4.9-dev libubsan0 linux-compiler-gcc-4.9-arm linux-libc-dev make
773 814 fi
774 815
775 816 # Clean cached downloads
776 817 LANG=C chroot $R apt-get -y clean
777 818 LANG=C chroot $R apt-get -y autoclean
778 819 LANG=C chroot $R apt-get -y autoremove
779 820
780 821 # Unmount mounted filesystems
781 822 umount -l $R/proc
782 823 umount -l $R/sys
783 824
784 825 # Clean up files
785 826 rm -f $R/etc/apt/sources.list.save
786 827 rm -f $R/etc/resolvconf/resolv.conf.d/original
787 828 rm -rf $R/run
788 829 mkdir -p $R/run
789 830 rm -f $R/etc/*-
790 831 rm -f $R/root/.bash_history
791 832 rm -rf $R/tmp/*
792 833 rm -f $R/var/lib/urandom/random-seed
793 834 [ -L $R/var/lib/dbus/machine-id ] || rm -f $R/var/lib/dbus/machine-id
794 835 rm -f $R/etc/machine-id
795 836 rm -fr $R/etc/apt/apt.conf.d/10proxy
796 837
797 838 # Calculate size of the chroot directory
798 839 CHROOT_SIZE=$(expr `du -s $R | awk '{ print $1 }'` / 1024)
799 840
800 841 # Calculate required image size
801 842 IMAGE_SIZE=`expr $(expr ${CHROOT_SIZE} / 1024 + 1) \* 1024`
802 843
803 844 # Calculate number of sectors for the partition
804 845 IMAGE_SECTORS=`expr $(expr ${IMAGE_SIZE} \* 1048576) / 512 - 133120`
805 846
806 847 # Prepare date string for image file name
807 848 DATE="$(date +%Y-%m-%d)"
808 849
809 850 # Prepare image file
810 851 dd if=/dev/zero of="$BASEDIR/${DATE}-debian-${RELEASE}.img" bs=1M count=1
811 852 dd if=/dev/zero of="$BASEDIR/${DATE}-debian-${RELEASE}.img" bs=1M count=0 seek=${IMAGE_SIZE}
812 853
813 854 # Write partition table
814 855 sfdisk -q -L -f "$BASEDIR/${DATE}-debian-${RELEASE}.img" <<EOM
815 856 unit: sectors
816 857
817 858 1 : start= 2048, size= 131072, Id= c, bootable
818 859 2 : start= 133120, size= ${IMAGE_SECTORS}, Id=83
819 860 3 : start= 0, size= 0, Id= 0
820 861 4 : start= 0, size= 0, Id= 0
821 862 EOM
822 863
823 864 # Set up temporary loop devices and build filesystems
824 865 VFAT_LOOP="$(losetup -o 1M --sizelimit 64M -f --show $BASEDIR/${DATE}-debian-${RELEASE}.img)"
825 866 EXT4_LOOP="$(losetup -o 65M --sizelimit `expr ${IMAGE_SIZE} - 64`M -f --show $BASEDIR/${DATE}-debian-${RELEASE}.img)"
826 867 mkfs.vfat "$VFAT_LOOP"
827 868 mkfs.ext4 "$EXT4_LOOP"
828 869
829 870 # Mount the temporary loop devices
830 871 mkdir -p "$BUILDDIR/mount"
831 872 mount "$EXT4_LOOP" "$BUILDDIR/mount"
832 873
833 874 mkdir -p "$BUILDDIR/mount/boot/firmware"
834 875 mount "$VFAT_LOOP" "$BUILDDIR/mount/boot/firmware"
835 876
836 877 # Copy all files from the chroot to the loop device mount point directory
837 878 rsync -a "$R/" "$BUILDDIR/mount/"
838 879
839 880 # Unmount all temporary loop devices and mount points
840 881 cleanup
841 882
842 883 # (optinal) create block map file for "bmaptool"
843 884 bmaptool create -o "$BASEDIR/${DATE}-debian-${RELEASE}.bmap" "$BASEDIR/${DATE}-debian-${RELEASE}.img"
844 885
845 886 # Image was successfully created
846 887 echo "$BASEDIR/${DATE}-debian-${RELEASE}.img (${IMAGE_SIZE})" ": successfully created"
General Comments 0
Vous devez vous connecter pour laisser un commentaire. Se connecter maintenant