##// END OF EJS Templates
a
Unknown -
r686:4d7380c6b0e9
parent child
Show More
@@ -1,566 +1,571
1 # rpi23-gen-image
1 # rpi23-gen-image
2 ## Introduction
2 ## Introduction
3 `rpi23-gen-image.sh` is an advanced Debian Linux bootstrapping shell script for generating Debian OS images for all Raspberry Pi computers. The script at this time supports the bootstrapping of the Debian (armhf/armel) releases `stretch` and `buster`. Raspberry Pi 0/1/2/3 images are generated for 32-bit mode only. Raspberry Pi 3 supports 64-bit images that can be generated using custom configuration parameters (```templates/rpi3-stretch-arm64-4.14.y```).
3 `rpi23-gen-image.sh` is an advanced Debian Linux bootstrapping shell script for generating Debian OS images for all Raspberry Pi computers. The script at this time supports the bootstrapping of the Debian (armhf/armel) releases `stretch` and `buster`. Raspberry Pi 0/1/2/3/4 images are generated for 32-bit mode only. Raspberry Pi 3 supports 64-bit images that can be generated using custom configuration parameters (```templates/rpi3-stretch-arm64-4.14.y```).
4
4
5 ## Build dependencies
5 ## Build dependencies
6 The following list of Debian packages must be installed on the build system because they are essentially required for the bootstrapping process. The script will check if all required packages are installed and missing packages will be installed automatically if confirmed by the user.
6 The following list of Debian packages must be installed on the build system because they are essentially required for the bootstrapping process. The script will check if all required packages are installed and missing packages will be installed automatically if confirmed by the user.
7
7
8 ```debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git bc psmisc dbus sudo```
8 ```debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git bc psmisc dbus sudo```
9
9
10 It is recommended to configure the `rpi23-gen-image.sh` script to build and install the latest Raspberry Pi Linux kernel. For the Raspberry 3 this is mandatory. Kernel compilation and linking will be performed on the build system using an ARM (armhf/armel) cross-compiler toolchain.
10 It is recommended to configure the `rpi23-gen-image.sh` script to build and install the latest Raspberry Pi Linux kernel. For the Raspberry 3 this is mandatory. Kernel compilation and linking will be performed on the build system using an ARM (armhf/armel/aarch64) cross-compiler toolchain.
11
11
12 The script has been tested using the default `crossbuild-essential-armhf` and `crossbuild-essential-armel` toolchain meta packages on Debian Linux `stretch` build systems. Please check the [Debian CrossToolchains Wiki](https://wiki.debian.org/CrossToolchains) for further information.
12 The script has been tested using the default `crossbuild-essential-armhf` and `crossbuild-essential-armel` toolchain meta packages on Debian Linux `stretch` build systems. Please check the [Debian CrossToolchains Wiki](https://wiki.debian.org/CrossToolchains) for further information.
13
13
14 ## Command-line parameters
14 ## Command-line parameters
15 The script accepts certain command-line parameters to enable or disable specific OS features, services and configuration settings. These parameters are passed to the `rpi23-gen-image.sh` script via (simple) shell-variables. Unlike environment shell-variables (simple) shell-variables are defined at the beginning of the command-line call of the `rpi23-gen-image.sh` script.
15 The script accepts certain command-line parameters to enable or disable specific OS features, services and configuration settings. These parameters are passed to the `rpi23-gen-image.sh` script via (simple) shell-variables. Unlike environment shell-variables (simple) shell-variables are defined at the beginning of the command-line call of the `rpi23-gen-image.sh` script.
16
16
17 ##### Command-line examples:
17 ##### Command-line examples:
18 ```shell
18 ```shell
19 ENABLE_UBOOT=true ./rpi23-gen-image.sh
19 ENABLE_UBOOT=true ./rpi23-gen-image.sh
20 ENABLE_CONSOLE=false ENABLE_IPV6=false ./rpi23-gen-image.sh
20 ENABLE_CONSOLE=false ENABLE_IPV6=false ./rpi23-gen-image.sh
21 ENABLE_WM=xfce4 ENABLE_FBTURBO=true ENABLE_MINBASE=true ./rpi23-gen-image.sh
21 ENABLE_WM=xfce4 ENABLE_FBTURBO=true ENABLE_MINBASE=true ./rpi23-gen-image.sh
22 ENABLE_HARDNET=true ENABLE_IPTABLES=true /rpi23-gen-image.sh
22 ENABLE_HARDNET=true ENABLE_IPTABLES=true /rpi23-gen-image.sh
23 APT_SERVER=ftp.de.debian.org APT_PROXY="http://127.0.0.1:3142/" ./rpi23-gen-image.sh
23 APT_SERVER=ftp.de.debian.org APT_PROXY="http://127.0.0.1:3142/" ./rpi23-gen-image.sh
24 ENABLE_MINBASE=true ./rpi23-gen-image.sh
24 ENABLE_MINBASE=true ./rpi23-gen-image.sh
25 BUILD_KERNEL=true ENABLE_MINBASE=true ENABLE_IPV6=false ./rpi23-gen-image.sh
25 BUILD_KERNEL=true ENABLE_MINBASE=true ENABLE_IPV6=false ./rpi23-gen-image.sh
26 BUILD_KERNEL=true KERNELSRC_DIR=/tmp/linux ./rpi23-gen-image.sh
26 BUILD_KERNEL=true KERNELSRC_DIR=/tmp/linux ./rpi23-gen-image.sh
27 ENABLE_MINBASE=true ENABLE_REDUCE=true ENABLE_MINGPU=true BUILD_KERNEL=true ./rpi23-gen-image.sh
27 ENABLE_MINBASE=true ENABLE_REDUCE=true ENABLE_MINGPU=true BUILD_KERNEL=true ./rpi23-gen-image.sh
28 ENABLE_CRYPTFS=true CRYPTFS_PASSWORD=changeme EXPANDROOT=false ENABLE_MINBASE=true ENABLE_REDUCE=true ENABLE_MINGPU=true BUILD_KERNEL=true ./rpi23-gen-image.sh
28 ENABLE_CRYPTFS=true CRYPTFS_PASSWORD=changeme EXPANDROOT=false ENABLE_MINBASE=true ENABLE_REDUCE=true ENABLE_MINGPU=true BUILD_KERNEL=true ./rpi23-gen-image.sh
29 RELEASE=stretch BUILD_KERNEL=true ./rpi23-gen-image.sh
29 RELEASE=stretch BUILD_KERNEL=true ./rpi23-gen-image.sh
30 RPI_MODEL=3 ENABLE_WIRELESS=true ENABLE_MINBASE=true BUILD_KERNEL=true ./rpi23-gen-image.sh
30 RPI_MODEL=3 ENABLE_WIRELESS=true ENABLE_MINBASE=true BUILD_KERNEL=true ./rpi23-gen-image.sh
31 RELEASE=stretch RPI_MODEL=3 ENABLE_WIRELESS=true ENABLE_MINBASE=true BUILD_KERNEL=true ./rpi23-gen-image.sh
31 RELEASE=stretch RPI_MODEL=3 ENABLE_WIRELESS=true ENABLE_MINBASE=true BUILD_KERNEL=true ./rpi23-gen-image.sh
32 ```
32 ```
33
33
34 ## Configuration template files
34 ## Configuration template files
35 To avoid long lists of command-line parameters and to help to store the favourite parameter configurations the `rpi23-gen-image.sh` script supports so called configuration template files (`CONFIG_TEMPLATE`=template). These are simple text files located in the `./templates` directory that contain the list of configuration parameters that will be used. New configuration template files can be added to the `./templates` directory.
35 To avoid long lists of command-line parameters and to help to store the favourite parameter configurations the `rpi23-gen-image.sh` script supports so called configuration template files (`CONFIG_TEMPLATE`=template). These are simple text files located in the `./templates` directory that contain the list of configuration parameters that will be used. New configuration template files can be added to the `./templates` directory.
36
36
37 ##### Command-line examples:
37 ##### Command-line examples:
38 ```shell
38 ```shell
39 CONFIG_TEMPLATE=rpi3stretch ./rpi23-gen-image.sh
39 CONFIG_TEMPLATE=rpi3stretch ./rpi23-gen-image.sh
40 CONFIG_TEMPLATE=rpi2stretch ./rpi23-gen-image.sh
40 CONFIG_TEMPLATE=rpi2stretch ./rpi23-gen-image.sh
41 ```
41 ```
42
42
43 ## Supported parameters and settings
43 ## Supported parameters and settings
44 #### APT settings:
44 #### APT settings:
45 ##### `APT_SERVER`="ftp.debian.org"
45 ##### `APT_SERVER`="ftp.debian.org"
46 Set Debian packages server address. Choose a server from the list of Debian worldwide [mirror sites](https://www.debian.org/mirror/list). Using a nearby server will probably speed-up all required downloads within the bootstrapping process.
46 Set Debian packages server address. Choose a server from the list of Debian worldwide [mirror sites](https://www.debian.org/mirror/list). Using a nearby server will probably speed-up all required downloads within the bootstrapping process.
47
47
48 ##### `APT_PROXY`=""
48 ##### `APT_PROXY`=""
49 Set Proxy server address. Using a local Proxy-Cache like `apt-cacher-ng` will speed-up the bootstrapping process because all required Debian packages will only be downloaded from the Debian mirror site once. If `apt-cacher-ng` is running on default `http://127.0.0.1:3142` it is autodetected and you don't need to set this.
49 Set Proxy server address. Using a local Proxy-Cache like `apt-cacher-ng` will speed-up the bootstrapping process because all required Debian packages will only be downloaded from the Debian mirror site once. If `apt-cacher-ng` is running on default `http://127.0.0.1:3142` it is autodetected and you don't need to set this.
50
50
51 ##### `KEEP_APT_PROXY`=false
51 ##### `KEEP_APT_PROXY`=false
52 Keep the APT_PROXY settings used in the bootsrapping process in the generated image.
52 Keep the APT_PROXY settings used in the bootsrapping process in the generated image.
53
53
54 ##### `APT_INCLUDES`=""
54 ##### `APT_INCLUDES`=""
55 A comma-separated list of additional packages to be installed by debootstrap during bootstrapping.
55 A comma-separated list of additional packages to be installed by debootstrap during bootstrapping.
56
56
57 ##### `APT_INCLUDES_LATE`=""
57 ##### `APT_INCLUDES_LATE`=""
58 A comma-separated list of additional packages to be installed by apt after bootstrapping and after APT sources are set up. This is useful for packages with pre-depends, which debootstrap do not handle well.
58 A comma-separated list of additional packages to be installed by apt after bootstrapping and after APT sources are set up. This is useful for packages with pre-depends, which debootstrap do not handle well.
59
59
60 ---
60 ---
61
61
62 #### General system settings:
62 #### General system settings:
63 ##### `SET_ARCH`=32
63 ##### `SET_ARCH`=32
64 Set Architecture to default 32bit. If you want to compile 64-bit (RPI3 or RPI3+) set it to `64`. This option will set every needed cross-compiler or board specific option for a successful build.
64 Set Architecture to default 32bit. If you want to compile 64-bit (RPI3/RPI3+/RPI4) set it to `64`. This option will set every needed cross-compiler or board specific option for a successful build.
65
65
66 ##### `RPI_MODEL`=2
66 ##### `RPI_MODEL`=2
67 Specify the target Raspberry Pi hardware model. The script at this time supports the following Raspberry Pi models:
67 Specify the target Raspberry Pi hardware model. The script at this time supports the following Raspberry Pi models:
68 - `0` = Raspberry Pi 0 and Raspberry Pi 0 W
68 - `0` = Raspberry Pi 0 and Raspberry Pi 0 W
69 - `1` = Raspberry Pi 1 model A and B
69 - `1` = Raspberry Pi 1 model A and B
70 - `1P` = Raspberry Pi 1 model B+ and A+
70 - `1P` = Raspberry Pi 1 model B+ and A+
71 - `2` = Raspberry Pi 2 model B
71 - `2` = Raspberry Pi 2 model B
72 - `3` = Raspberry Pi 3 model B
72 - `3` = Raspberry Pi 3 model B
73 - `3P` = Raspberry Pi 3 model B+
73 - `3P` = Raspberry Pi 3 model B+
74 - `4` = Raspberry Pi 4 model B
74
75
75 ##### `RELEASE`="buster"
76 ##### `RELEASE`="buster"
76 Set the desired Debian release name. The script at this time supports the bootstrapping of the Debian releases `stretch` and `buster`.
77 Set the desired Debian release name. The script at this time supports the bootstrapping of the Debian releases `stretch` and `buster`.
77
78
78 ##### `RELEASE_ARCH`="armhf"
79 ##### `RELEASE_ARCH`="armhf"
79 Set the desired Debian release architecture.
80 Set the desired Debian release architecture.
80
81
81 ##### `HOSTNAME`="rpi$RPI_MODEL-$RELEASE"
82 ##### `HOSTNAME`="rpi$RPI_MODEL-$RELEASE"
82 Set system hostname. It's recommended that the hostname is unique in the corresponding subnet.
83 Set system hostname. It's recommended that the hostname is unique in the corresponding subnet.
83
84
84 ##### `PASSWORD`="raspberry"
85 ##### `PASSWORD`="raspberry"
85 Set system `root` password. It's **STRONGLY** recommended that you choose a custom password.
86 Set system `root` password. It's **STRONGLY** recommended that you choose a custom password.
86
87
87 ##### `USER_PASSWORD`="raspberry"
88 ##### `USER_PASSWORD`="raspberry"
88 Set password for the created non-root user `USER_NAME`=pi. Ignored if `ENABLE_USER`=false. It's **STRONGLY** recommended that you choose a custom password.
89 Set password for the created non-root user `USER_NAME`=pi. Ignored if `ENABLE_USER`=false. It's **STRONGLY** recommended that you choose a custom password.
89
90
90 ##### `DEFLOCAL`="en_US.UTF-8"
91 ##### `DEFLOCAL`="en_US.UTF-8"
91 Set default system locale. This setting can also be changed inside the running OS using the `dpkg-reconfigure locales` command. Please note that on using this parameter the script will automatically install the required packages `locales`, `keyboard-configuration` and `console-setup`.
92 Set default system locale. This setting can also be changed inside the running OS using the `dpkg-reconfigure locales` command. Please note that on using this parameter the script will automatically install the required packages `locales`, `keyboard-configuration` and `console-setup`.
92
93
93 ##### `TIMEZONE`="Europe/Berlin"
94 ##### `TIMEZONE`="Europe/Berlin"
94 Set default system timezone. All available timezones can be found in the `/usr/share/zoneinfo/` directory. This setting can also be changed inside the running OS using the `dpkg-reconfigure tzdata` command.
95 Set default system timezone. All available timezones can be found in the `/usr/share/zoneinfo/` directory. This setting can also be changed inside the running OS using the `dpkg-reconfigure tzdata` command.
95
96
96 ##### `EXPANDROOT`=true
97 ##### `EXPANDROOT`=true
97 Expand the root partition and filesystem automatically on first boot.
98 Expand the root partition and filesystem automatically on first boot.
98
99
99 ##### `ENABLE_DPHYSSWAP`=true
100 ##### `ENABLE_DPHYSSWAP`=true
100 Enable swap. The size of the swapfile is chosen relative to the size of the root partition. It'll use the `dphys-swapfile` package for that.
101 Enable swap. The size of the swapfile is chosen relative to the size of the root partition. It'll use the `dphys-swapfile` package for that.
101
102
102 ##### `ENABLE_QEMU`=false
103 ##### `ENABLE_QEMU`=false
103 Generate kernel (`vexpress_defconfig`), file system image (`qcow2`) and DTB files that can be used for QEMU full system emulation (`vexpress-A15`). The output files are stored in the `$(pwd)/images/qemu` directory. You can find more information about running the generated image in the QEMU section of this readme file.
104 Generate kernel (`vexpress_defconfig`), file system image (`qcow2`) and DTB files that can be used for QEMU full system emulation (`vexpress-A15`). The output files are stored in the `$(pwd)/images/qemu` directory. You can find more information about running the generated image in the QEMU section of this readme file.
104
105
105 ---
106 ---
106
107
107 #### Keyboard settings:
108 #### Keyboard settings:
108 These options are used to configure keyboard layout in `/etc/default/keyboard` for console and Xorg. These settings can also be changed inside the running OS using the `dpkg-reconfigure keyboard-configuration` command.
109 These options are used to configure keyboard layout in `/etc/default/keyboard` for console and Xorg. These settings can also be changed inside the running OS using the `dpkg-reconfigure keyboard-configuration` command.
109
110
110 ##### `XKB_MODEL`=""
111 ##### `XKB_MODEL`=""
111 Set the name of the model of your keyboard type.
112 Set the name of the model of your keyboard type.
112
113
113 ##### `XKB_LAYOUT`=""
114 ##### `XKB_LAYOUT`=""
114 Set the supported keyboard layout(s).
115 Set the supported keyboard layout(s).
115
116
116 ##### `XKB_VARIANT`=""
117 ##### `XKB_VARIANT`=""
117 Set the supported variant(s) of the keyboard layout(s).
118 Set the supported variant(s) of the keyboard layout(s).
118
119
119 ##### `XKB_OPTIONS`=""
120 ##### `XKB_OPTIONS`=""
120 Set extra xkb configuration options.
121 Set extra xkb configuration options.
121
122
122 ---
123 ---
123
124
124 #### Networking settings (DHCP):
125 #### Networking settings (DHCP):
125 This parameter is used to set up networking auto-configuration in `/etc/systemd/network/eth.network`. The default location of network configuration files in the Debian `stretch` release was changed to `/lib/systemd/network`.`
126 This parameter is used to set up networking auto-configuration in `/etc/systemd/network/eth.network`. The default location of network configuration files in the Debian `stretch` release was changed to `/lib/systemd/network`.`
126
127
127 ##### `ENABLE_DHCP`=true
128 ##### `ENABLE_DHCP`=true
128 Set the system to use DHCP. This requires an DHCP server.
129 Set the system to use DHCP. This requires an DHCP server.
129
130
130 ---
131 ---
131
132
132 #### Networking settings (static):
133 #### Networking settings (static):
133 These parameters are used to set up a static networking configuration in `/etc/systemd/network/eth.network`. The following static networking parameters are only supported if `ENABLE_DHCP` was set to `false`. The default location of network configuration files in the Debian `stretch` release was changed to `/lib/systemd/network`.
134 These parameters are used to set up a static networking configuration in `/etc/systemd/network/eth.network`. The following static networking parameters are only supported if `ENABLE_DHCP` was set to `false`. The default location of network configuration files in the Debian `stretch` release was changed to `/lib/systemd/network`.
134
135
135 ##### `NET_ADDRESS`=""
136 ##### `NET_ADDRESS`=""
136 Set a static IPv4 or IPv6 address and its prefix, separated by "/", eg. "192.169.0.3/24".
137 Set a static IPv4 or IPv6 address and its prefix, separated by "/", eg. "192.169.0.3/24".
137
138
138 ##### `NET_GATEWAY`=""
139 ##### `NET_GATEWAY`=""
139 Set the IP address for the default gateway.
140 Set the IP address for the default gateway.
140
141
141 ##### `NET_DNS_1`=""
142 ##### `NET_DNS_1`=""
142 Set the IP address for the first DNS server.
143 Set the IP address for the first DNS server.
143
144
144 ##### `NET_DNS_2`=""
145 ##### `NET_DNS_2`=""
145 Set the IP address for the second DNS server.
146 Set the IP address for the second DNS server.
146
147
147 ##### `NET_DNS_DOMAINS`=""
148 ##### `NET_DNS_DOMAINS`=""
148 Set the default DNS search domains to use for non fully qualified hostnames.
149 Set the default DNS search domains to use for non fully qualified hostnames.
149
150
150 ##### `NET_NTP_1`=""
151 ##### `NET_NTP_1`=""
151 Set the IP address for the first NTP server.
152 Set the IP address for the first NTP server.
152
153
153 ##### `NET_NTP_2`=""
154 ##### `NET_NTP_2`=""
154 Set the IP address for the second NTP server.
155 Set the IP address for the second NTP server.
155
156
156 ---
157 ---
157
158
158 #### Basic system features:
159 #### Basic system features:
159 ##### `ENABLE_CONSOLE`=true
160 ##### `ENABLE_CONSOLE`=true
160 Enable serial console interface. Recommended if no monitor or keyboard is connected to the RPi2/3. In case of problems fe. if the network (auto) configuration failed - the serial console can be used to access the system. On RPI `0` `3` `3P` the CPU speed is locked at lowest speed.
161 Enable serial console interface. Recommended if no monitor or keyboard is connected to the RPi2/3. In case of problems fe. if the network (auto) configuration failed - the serial console can be used to access the system. On RPI `0` `3` `3P` the CPU speed is locked at lowest speed.
161
162
162 ##### `ENABLE_PRINTK`=false
163 ##### `ENABLE_PRINTK`=false
163 Enables printing kernel messages to konsole. printk is `3 4 1 3` as in raspbian.
164 Enables printing kernel messages to konsole. printk is `3 4 1 3` as in raspbian.
164
165
165 ##### `ENABLE_BLUETOOTH`=false
166 ##### `ENABLE_BLUETOOTH`=false
166 Enable onboard Bluetooth interface on the RPi0/3/3P. See: [Configuring the GPIO serial port on Raspbian jessie and stretch](https://spellfoundry.com/2016/05/29/configuring-gpio-serial-port-raspbian-jessie-including-pi-3/).
167 Enable onboard Bluetooth interface on the RPi0/3/3P. See: [Configuring the GPIO serial port on Raspbian jessie and stretch](https://spellfoundry.com/2016/05/29/configuring-gpio-serial-port-raspbian-jessie-including-pi-3/).
167
168
168 ##### `ENABLE_MINIUART_OVERLAY`=false
169 ##### `ENABLE_MINIUART_OVERLAY`=false
169 Enable Bluetooth to use this. Adds overlay to swap UART0 with UART1. Enabling (slower) Bluetooth and full speed serial console. - RPI `0` `3` `3P` have a fast `hardware UART0` (ttyAMA0) and a `mini UART1` (ttyS0)! RPI `1` `1P` `2` only have a `hardware UART0`. `UART0` is considered better, because is faster and more stable than `mini UART1`. By default the Bluetooth modem is mapped to the `hardware UART0` and `mini UART` is used for console. The `mini UART` is a problem for the serial console, because its baudrate depends on the CPU frequency, which is changing on runtime. Resulting in a volatile baudrate and thus in an unusable serial console.
170 Enable Bluetooth to use this. Adds overlay to swap UART0 with UART1. Enabling (slower) Bluetooth and full speed serial console. - RPI `0` `3` `3P` have a fast `hardware UART0` (ttyAMA0) and a `mini UART1` (ttyS0)! RPI `1` `1P` `2` only have a `hardware UART0`. `UART0` is considered better, because is faster and more stable than `mini UART1`. By default the Bluetooth modem is mapped to the `hardware UART0` and `mini UART` is used for console. The `mini UART` is a problem for the serial console, because its baudrate depends on the CPU frequency, which is changing on runtime. Resulting in a volatile baudrate and thus in an unusable serial console.
170
171
171 ##### `ENABLE_TURBO`=false
172 ##### `ENABLE_TURBO`=false
172 Enable Turbo mode. This setting locks cpu at the highest frequency. As setting ENABLE_CONSOLE=true locks RPI to lowest CPU speed, this is can be used additionally to lock cpu hat max speed. Need a good power supply and probably cooling for the Raspberry PI.
173 Enable Turbo mode. This setting locks cpu at the highest frequency. As setting ENABLE_CONSOLE=true locks RPI to lowest CPU speed, this is can be used additionally to lock cpu hat max speed. Need a good power supply and probably cooling for the Raspberry PI.
173
174
174 ##### `ENABLE_I2C`=false
175 ##### `ENABLE_I2C`=false
175 Enable I2C interface on the RPi 0/1/2/3. Please check the [RPi 0/1/2/3 pinout diagrams](https://elinux.org/RPi_Low-level_peripherals) to connect the right GPIO pins.
176 Enable I2C interface on the RPi 0/1/2/3. Please check the [RPi 0/1/2/3 pinout diagrams](https://elinux.org/RPi_Low-level_peripherals) to connect the right GPIO pins.
176
177
177 ##### `ENABLE_SPI`=false
178 ##### `ENABLE_SPI`=false
178 Enable SPI interface on the RPi 0/1/2/3. Please check the [RPi 0/1/2/3 pinout diagrams](https://elinux.org/RPi_Low-level_peripherals) to connect the right GPIO pins.
179 Enable SPI interface on the RPi 0/1/2/3. Please check the [RPi 0/1/2/3 pinout diagrams](https://elinux.org/RPi_Low-level_peripherals) to connect the right GPIO pins.
179
180
180 ##### `ENABLE_IPV6`=true
181 ##### `ENABLE_IPV6`=true
181 Enable IPv6 support. The network interface configuration is managed via systemd-networkd.
182 Enable IPv6 support. The network interface configuration is managed via systemd-networkd.
182
183
183 ##### `ENABLE_SSHD`=true
184 ##### `ENABLE_SSHD`=true
184 Install and enable OpenSSH service. The default configuration of the service doesn't allow `root` to login. Please use the user `pi` instead and `su -` or `sudo` to execute commands as root.
185 Install and enable OpenSSH service. The default configuration of the service doesn't allow `root` to login. Please use the user `pi` instead and `su -` or `sudo` to execute commands as root.
185
186
186 ##### `ENABLE_NONFREE`=false
187 ##### `ENABLE_NONFREE`=false
187 Allow the installation of non-free Debian packages that do not comply with the DFSG. This is required to install closed-source firmware binary blobs.
188 Allow the installation of non-free Debian packages that do not comply with the DFSG. This is required to install closed-source firmware binary blobs.
188
189
189 ##### `ENABLE_WIRELESS`=false
190 ##### `ENABLE_WIRELESS`=false
190 Download and install the [closed-source firmware binary blob](https://github.com/RPi-Distro/firmware-nonfree/raw/master/brcm) that is required to run the internal wireless interface of the Raspberry Pi model `3`. This parameter is ignored if the specified `RPI_MODEL` is not `3`.
191 Download and install the [closed-source firmware binary blob](https://github.com/RPi-Distro/firmware-nonfree/raw/master/brcm) that is required to run the internal wireless interface of the Raspberry Pi model `3`. This parameter is ignored if the specified `RPI_MODEL` is not `3`.
191
192
192 ##### `ENABLE_RSYSLOG`=true
193 ##### `ENABLE_RSYSLOG`=true
193 If set to false, disable and uninstall rsyslog (so logs will be available only in journal files)
194 If set to false, disable and uninstall rsyslog (so logs will be available only in journal files)
194
195
195 ##### `ENABLE_SOUND`=true
196 ##### `ENABLE_SOUND`=true
196 Enable sound hardware and install Advanced Linux Sound Architecture.
197 Enable sound hardware and install Advanced Linux Sound Architecture.
197
198
198 ##### `ENABLE_HWRANDOM`=true
199 ##### `ENABLE_HWRANDOM`=true
199 Enable Hardware Random Number Generator. Strong random numbers are important for most network-based communications that use encryption. It's recommended to be enabled.
200 Enable Hardware Random Number Generator. Strong random numbers are important for most network-based communications that use encryption. It's recommended to be enabled.
200
201
201 ##### `ENABLE_MINGPU`=false
202 ##### `ENABLE_MINGPU`=false
202 Minimize the amount of shared memory reserved for the GPU. It doesn't seem to be possible to fully disable the GPU.
203 Minimize the amount of shared memory reserved for the GPU. It doesn't seem to be possible to fully disable the GPU.
203
204
204 ##### `ENABLE_DBUS`=true
205 ##### `ENABLE_DBUS`=true
205 Install and enable D-Bus message bus. Please note that systemd should work without D-bus but it's recommended to be enabled.
206 Install and enable D-Bus message bus. Please note that systemd should work without D-bus but it's recommended to be enabled.
206
207
207 ##### `ENABLE_XORG`=false
208 ##### `ENABLE_XORG`=false
208 Install Xorg open-source X Window System.
209 Install Xorg open-source X Window System.
209
210
210 ##### `ENABLE_WM`=""
211 ##### `ENABLE_WM`=""
211 Install a user-defined window manager for the X Window System. To make sure all X related package dependencies are getting installed `ENABLE_XORG` will automatically get enabled if `ENABLE_WM` is used. The `rpi23-gen-image.sh` script has been tested with the following list of window managers: `blackbox`, `openbox`, `fluxbox`, `jwm`, `dwm`, `xfce4`, `awesome`.
212 Install a user-defined window manager for the X Window System. To make sure all X related package dependencies are getting installed `ENABLE_XORG` will automatically get enabled if `ENABLE_WM` is used. The `rpi23-gen-image.sh` script has been tested with the following list of window managers: `blackbox`, `openbox`, `fluxbox`, `jwm`, `dwm`, `xfce4`, `awesome`.
212
213
213 ##### `ENABLE_SYSVINIT`=false
214 ##### `ENABLE_SYSVINIT`=false
214 Support for halt,init,poweroff,reboot,runlevel,shutdown,telinit commands
215 Support for halt,init,poweroff,reboot,runlevel,shutdown,telinit commands
215
216
216 ---
217 ---
217
218
218 #### Advanced system features:
219 #### Advanced system features:
219 ##### `ENABLE_KEYGEN`=false
220 ##### `ENABLE_KEYGEN`=false
220 Recover your lost codec license
221 Recover your lost codec license
221
222
222 ##### `ENABLE_SYSTEMDSWAP`=false
223 ##### `ENABLE_SYSTEMDSWAP`=false
223 Enables [Systemd-swap service](https://github.com/Nefelim4ag/systemd-swap). Usefull if `KERNEL_ZSWAP` is enabled.
224 Enables [Systemd-swap service](https://github.com/Nefelim4ag/systemd-swap). Usefull if `KERNEL_ZSWAP` is enabled.
224
225
225 ##### `ENABLE_MINBASE`=false
226 ##### `ENABLE_MINBASE`=false
226 Use debootstrap script variant `minbase` which only includes essential packages and apt. This will reduce the disk usage by about 65 MB.
227 Use debootstrap script variant `minbase` which only includes essential packages and apt. This will reduce the disk usage by about 65 MB.
227
228
228 ##### `ENABLE_REDUCE`=false
229 ##### `ENABLE_REDUCE`=false
229 Reduce the disk space usage by deleting packages and files. See `REDUCE_*` parameters for detailed information.
230 Reduce the disk space usage by deleting packages and files. See `REDUCE_*` parameters for detailed information.
230
231
231 ##### `ENABLE_UBOOT`=false
232 ##### `ENABLE_UBOOT`=false
232 Replace the default RPi 0/1/2/3 second stage bootloader (bootcode.bin) with [U-Boot bootloader](https://git.denx.de/?p=u-boot.git;a=summary). U-Boot can boot images via the network using the BOOTP/TFTP protocol.
233 Replace the default RPi 0/1/2/3/4 second stage bootloader (bootcode.bin) with [U-Boot bootloader](https://git.denx.de/?p=u-boot.git;a=summary). U-Boot can boot images via the network using the BOOTP/TFTP protocol.
233
234
234 ##### `UBOOTSRC_DIR`=""
235 ##### `UBOOTSRC_DIR`=""
235 Path to a directory (`u-boot`) of [U-Boot bootloader sources](https://git.denx.de/?p=u-boot.git;a=summary) that will be copied, configured, build and installed inside the chroot.
236 Path to a directory (`u-boot`) of [U-Boot bootloader sources](https://git.denx.de/?p=u-boot.git;a=summary) that will be copied, configured, build and installed inside the chroot.
236
237
237 ##### `ENABLE_FBTURBO`=false
238 ##### `ENABLE_FBTURBO`=false
238 Install and enable the [hardware accelerated Xorg video driver](https://github.com/ssvb/xf86-video-fbturbo) `fbturbo`. Please note that this driver is currently limited to hardware accelerated window moving and scrolling.
239 Install and enable the [hardware accelerated Xorg video driver](https://github.com/ssvb/xf86-video-fbturbo) `fbturbo`. Please note that this driver is currently limited to hardware accelerated window moving and scrolling.
239
240
240 ##### `FBTURBOSRC_DIR`=""
241 ##### `FBTURBOSRC_DIR`=""
241 Path to a directory (`xf86-video-fbturbo`) of [hardware accelerated Xorg video driver sources](https://github.com/ssvb/xf86-video-fbturbo) that will be copied, configured, build and installed inside the chroot.
242 Path to a directory (`xf86-video-fbturbo`) of [hardware accelerated Xorg video driver sources](https://github.com/ssvb/xf86-video-fbturbo) that will be copied, configured, build and installed inside the chroot.
242
243
243 ##### `ENABLE_VIDEOCORE`=false
244 ##### `ENABLE_VIDEOCORE`=false
244 Install and enable the [ARM side libraries for interfacing to Raspberry Pi GPU](https://github.com/raspberrypi/userland) `vcgencmd`. Please note that this driver is currently limited to hardware accelerated window moving and scrolling.
245 Install and enable the [ARM side libraries for interfacing to Raspberry Pi GPU](https://github.com/raspberrypi/userland) `vcgencmd`. Please note that this driver is currently limited to hardware accelerated window moving and scrolling.
245
246
246 ##### `VIDEOCORESRC_DIR`=""
247 ##### `VIDEOCORESRC_DIR`=""
247 Path to a directory (`userland`) of [ARM side libraries for interfacing to Raspberry Pi GPU](https://github.com/raspberrypi/userland) that will be copied, configured, build and installed inside the chroot.
248 Path to a directory (`userland`) of [ARM side libraries for interfacing to Raspberry Pi GPU](https://github.com/raspberrypi/userland) that will be copied, configured, build and installed inside the chroot.
248
249
249 ##### `ENABLE_NEXMON`=false
250 ##### `ENABLE_NEXMON`=false
250 Install and enable the [Source code for a C-based firmware patching framework for Broadcom/Cypress WiFi chips that enables you to write your own firmware patches, for example, to enable monitor mode with radiotap headers and frame injection](https://github.com/seemoo-lab/nexmon.git).
251 Install and enable the [Source code for a C-based firmware patching framework for Broadcom/Cypress WiFi chips that enables you to write your own firmware patches, for example, to enable monitor mode with radiotap headers and frame injection](https://github.com/seemoo-lab/nexmon.git).
251
252
252 ##### `NEXMONSRC_DIR`=""
253 ##### `NEXMONSRC_DIR`=""
253 Path to a directory (`nexmon`) of [Source code for ARM side libraries for interfacing to Raspberry Pi GPU](https://github.com/raspberrypi/userland) that will be copied, configured, build and installed inside the chroot.
254 Path to a directory (`nexmon`) of [Source code for ARM side libraries for interfacing to Raspberry Pi GPU](https://github.com/raspberrypi/userland) that will be copied, configured, build and installed inside the chroot.
254
255
255 ##### `ENABLE_IPTABLES`=false
256 ##### `ENABLE_IPTABLES`=false
256 Enable iptables IPv4/IPv6 firewall. Simplified ruleset: Allow all outgoing connections. Block all incoming connections except to OpenSSH service.
257 Enable iptables IPv4/IPv6 firewall. Simplified ruleset: Allow all outgoing connections. Block all incoming connections except to OpenSSH service.
257
258
258 ##### `ENABLE_USER`=true
259 ##### `ENABLE_USER`=true
259 Create non-root user with password `USER_PASSWORD`=raspberry. Unless overridden with `USER_NAME`=user, the username will be `pi`.
260 Create non-root user with password `USER_PASSWORD`=raspberry. Unless overridden with `USER_NAME`=user, the username will be `pi`.
260
261
261 ##### `USER_NAME`=pi
262 ##### `USER_NAME`=pi
262 Non-root user to create. Ignored if `ENABLE_USER`=false
263 Non-root user to create. Ignored if `ENABLE_USER`=false
263
264
264 ##### `ENABLE_ROOT`=false
265 ##### `ENABLE_ROOT`=false
265 Set root user password so root login will be enabled
266 Set root user password so root login will be enabled
266
267
267 ##### `ENABLE_HARDNET`=false
268 ##### `ENABLE_HARDNET`=false
268 Enable IPv4/IPv6 network stack hardening settings.
269 Enable IPv4/IPv6 network stack hardening settings.
269
270
270 ##### `ENABLE_SPLITFS`=false
271 ##### `ENABLE_SPLITFS`=false
271 Enable having root partition on an USB drive by creating two image files: one for the `/boot/firmware` mount point, and another for `/`.
272 Enable having root partition on an USB drive by creating two image files: one for the `/boot/firmware` mount point, and another for `/`.
272
273
273 ##### `CHROOT_SCRIPTS`=""
274 ##### `CHROOT_SCRIPTS`=""
274 Path to a directory with scripts that should be run in the chroot before the image is finally built. Every executable file in this directory is run in lexicographical order.
275 Path to a directory with scripts that should be run in the chroot before the image is finally built. Every executable file in this directory is run in lexicographical order.
275
276
276 ##### `ENABLE_INITRAMFS`=false
277 ##### `ENABLE_INITRAMFS`=false
277 Create an initramfs that that will be loaded during the Linux startup process. `ENABLE_INITRAMFS` will automatically get enabled if `ENABLE_CRYPTFS`=true. This parameter will be ignored if `BUILD_KERNEL`=false.
278 Create an initramfs that that will be loaded during the Linux startup process. `ENABLE_INITRAMFS` will automatically get enabled if `ENABLE_CRYPTFS`=true. This parameter will be ignored if `BUILD_KERNEL`=false.
278
279
279 ##### `ENABLE_IFNAMES`=true
280 ##### `ENABLE_IFNAMES`=true
280 Enable automatic assignment of predictable, stable network interface names for all local Ethernet, WLAN interfaces. This might create complex and long interface names.
281 Enable automatic assignment of predictable, stable network interface names for all local Ethernet, WLAN interfaces. This might create complex and long interface names.
281
282
282 ##### `ENABLE_SPLASH`=true
283 ##### `ENABLE_SPLASH`=true
283 Enable default Raspberry Pi boot up rainbow splash screen.
284 Enable default Raspberry Pi boot up rainbow splash screen.
284
285
285 ##### `ENABLE_LOGO`=true
286 ##### `ENABLE_LOGO`=true
286 Enable default Raspberry Pi console logo (image of four raspberries in the top left corner).
287 Enable default Raspberry Pi console logo (image of four raspberries in the top left corner).
287
288
288 ##### `ENABLE_SILENT_BOOT`=false
289 ##### `ENABLE_SILENT_BOOT`=false
289 Set the verbosity of console messages shown during boot up to a strict minimum.
290 Set the verbosity of console messages shown during boot up to a strict minimum.
290
291
291 ##### `DISABLE_UNDERVOLT_WARNINGS`=
292 ##### `DISABLE_UNDERVOLT_WARNINGS`=
292 Disable RPi2/3 under-voltage warnings and overlays. Setting the parameter to `1` will disable the warning overlay. Setting it to `2` will additionally allow RPi2/3 turbo mode when low-voltage is present.
293 Disable RPi2/3 under-voltage warnings and overlays. Setting the parameter to `1` will disable the warning overlay. Setting it to `2` will additionally allow RPi2/3 turbo mode when low-voltage is present.
293
294
294 ---
295 ---
295
296
296 #### SSH settings:
297 #### SSH settings:
297 ##### `SSH_ENABLE_ROOT`=false
298 ##### `SSH_ENABLE_ROOT`=false
298 Enable password-based root login via SSH. This may be a security risk with the default password set, use only in trusted environments. `ENABLE_ROOT` must be set to `true`.
299 Enable password-based root login via SSH. This may be a security risk with the default password set, use only in trusted environments. `ENABLE_ROOT` must be set to `true`.
299
300
300 ##### `SSH_DISABLE_PASSWORD_AUTH`=false
301 ##### `SSH_DISABLE_PASSWORD_AUTH`=false
301 Disable password-based SSH authentication. Only public key based SSH (v2) authentication will be supported.
302 Disable password-based SSH authentication. Only public key based SSH (v2) authentication will be supported.
302
303
303 ##### `SSH_LIMIT_USERS`=false
304 ##### `SSH_LIMIT_USERS`=false
304 Limit the users that are allowed to login via SSH. Only allow user `USER_NAME`=pi and root if `SSH_ENABLE_ROOT`=true to login. This parameter will be ignored if `dropbear` SSH is used (`REDUCE_SSHD`=true).
305 Limit the users that are allowed to login via SSH. Only allow user `USER_NAME`=pi and root if `SSH_ENABLE_ROOT`=true to login. This parameter will be ignored if `dropbear` SSH is used (`REDUCE_SSHD`=true).
305
306
306 ##### `SSH_ROOT_PUB_KEY`=""
307 ##### `SSH_ROOT_PUB_KEY`=""
307 Add SSH (v2) public key(s) from specified file to `authorized_keys` file to enable public key based SSH (v2) authentication of user `root`. The specified file can also contain multiple SSH (v2) public keys. SSH protocol version 1 is not supported. `ENABLE_ROOT` **and** `SSH_ENABLE_ROOT` must be set to `true`.
308 Add SSH (v2) public key(s) from specified file to `authorized_keys` file to enable public key based SSH (v2) authentication of user `root`. The specified file can also contain multiple SSH (v2) public keys. SSH protocol version 1 is not supported. `ENABLE_ROOT` **and** `SSH_ENABLE_ROOT` must be set to `true`.
308
309
309 ##### `SSH_USER_PUB_KEY`=""
310 ##### `SSH_USER_PUB_KEY`=""
310 Add SSH (v2) public key(s) from specified file to `authorized_keys` file to enable public key based SSH (v2) authentication of user `USER_NAME`=pi. The specified file can also contain multiple SSH (v2) public keys. SSH protocol version 1 is not supported.
311 Add SSH (v2) public key(s) from specified file to `authorized_keys` file to enable public key based SSH (v2) authentication of user `USER_NAME`=pi. The specified file can also contain multiple SSH (v2) public keys. SSH protocol version 1 is not supported.
311
312
312 ---
313 ---
313
314
314 #### Kernel compilation:
315 #### Kernel compilation:
315 ##### `BUILD_KERNEL`=true
316 ##### `BUILD_KERNEL`=true
316 Build and install the latest RPi 0/1/2/3 Linux kernel. Currently only the default RPi 0/1/2/3 kernel configuration is used.
317 Build and install the latest RPi 0/1/2/3/4 Linux kernel. The default RPi 0/1/2/3/ kernel configuration is used most of the time.
318 ENABLE_NEXMON - Changes Kernel Source to [https://github.com/Re4son/](Kali Linux Kernel)
319 Precompiled 32bit kernel for RPI0/1/2/3 by [https://github.com/hypriot/](hypriot)
320 Precompiled 64bit kernel for RPI3/4 by [https://github.com/sakaki-/](sakaki)
321
317
322
318 ##### `CROSS_COMPILE`="arm-linux-gnueabihf-"
323 ##### `CROSS_COMPILE`="arm-linux-gnueabihf-"
319 This sets the cross-compile environment for the compiler.
324 This sets the cross-compile environment for the compiler.
320
321 ##### `KERNEL_BTRFS`="false"
322 enable btrfs kernel support
323
324 ##### `KERNEL_POEHAT`="false"
325 enable Enable RPI POE HAT fan kernel support
326
327 ##### `KERNEL_NSPAWN`="false"
328 Enable per-interface network priority control - for systemd-nspawn
329
330 ##### `KERNEL_DHKEY`="true"
331 Diffie-Hellman operations on retained keys - required for >keyutils-1.6
332
325
333 ##### `KERNEL_ARCH`="arm"
326 ##### `KERNEL_ARCH`="arm"
334 This sets the kernel architecture for the compiler.
327 This sets the kernel architecture for the compiler.
335
328
336 ##### `KERNEL_IMAGE`="kernel7.img"
329 ##### `KERNEL_IMAGE`="kernel7.img"
337 Name of the image file in the boot partition. If not set, `KERNEL_IMAGE` will be set to "kernel8.img" automatically if building for arm64.
330 Name of the image file in the boot partition. If not set, `KERNEL_IMAGE` will be set to "kernel8.img" automatically if building for arm64.
338
331
339 ##### `KERNEL_BRANCH`=""
332 ##### `KERNEL_BRANCH`=""
340 Name of the requested branch from the GIT location for the RPi Kernel. Default is using the current default branch from the GIT site.
333 Name of the requested branch from the GIT location for the RPi Kernel. Default is using the current default branch from the GIT site.
341
334
342 ##### `QEMU_BINARY`="/usr/bin/qemu-arm-static"
335 ##### `QEMU_BINARY`="/usr/bin/qemu-arm-static"
343 Sets the QEMU enviornment for the Debian archive. If not set, `QEMU_BINARY` will be set to "/usr/bin/qemu-aarch64-static" automatically if building for arm64.
336 Sets the QEMU enviornment for the Debian archive. If not set, `QEMU_BINARY` will be set to "/usr/bin/qemu-aarch64-static" automatically if building for arm64.
344
337
345 ##### `KERNEL_DEFCONFIG`="bcm2709_defconfig"
338 ##### `KERNEL_DEFCONFIG`="bcm2709_defconfig"
346 Sets the default config for kernel compiling. If not set, `KERNEL_DEFCONFIG` will be set to "bcmrpi3\_defconfig" automatically if building for arm64.
339 Sets the default config for kernel compiling. If not set, `KERNEL_DEFCONFIG` will be set to "bcmrpi3\_defconfig" automatically if building for arm64.
347
340
348 ##### `KERNEL_REDUCE`=false
341 ##### `KERNEL_REDUCE`=false
349 Reduce the size of the generated kernel by removing unwanted devices, network and filesystem drivers (experimental).
342 Reduce the size of the generated kernel by removing unwanted devices, network and filesystem drivers (experimental).
350
343
351 ##### `KERNEL_THREADS`=1
344 ##### `KERNEL_THREADS`=1
352 Number of parallel kernel building threads. If the parameter is left untouched the script will automatically determine the number of CPU cores to set the number of parallel threads to speed the kernel compilation.
345 Number of parallel kernel building threads. If the parameter is left untouched the script will automatically determine the number of CPU cores to set the number of parallel threads to speed the kernel compilation.
353
346
354 ##### `KERNEL_HEADERS`=true
347 ##### `KERNEL_HEADERS`=true
355 Install kernel headers with the built kernel.
348 Install kernel headers with the built kernel.
356
349
357 ##### `KERNEL_MENUCONFIG`=false
350 ##### `KERNEL_MENUCONFIG`=false
358 Start `make menuconfig` interactive menu-driven kernel configuration. The script will continue after `make menuconfig` was terminated.
351 Start `make menuconfig` interactive menu-driven kernel configuration. The script will continue after `make menuconfig` was terminated.
359
352
360 ##### `KERNEL_OLDDEFCONFIG`=false
353 ##### `KERNEL_OLDDEFCONFIG`=false
361 Run `make olddefconfig` to automatically set all new kernel configuration options to their recommended default values.
354 Run `make olddefconfig` to automatically set all new kernel configuration options to their recommended default values.
362
355
363 ##### `KERNEL_CCACHE`=false
356 ##### `KERNEL_CCACHE`=false
364 Compile the kernel using ccache. This speeds up kernel recompilation by caching previous compilations and detecting when the same compilation is being done again.
357 Compile the kernel using ccache. This speeds up kernel recompilation by caching previous compilations and detecting when the same compilation is being done again.
365
358
366 ##### `KERNEL_REMOVESRC`=true
359 ##### `KERNEL_REMOVESRC`=true
367 Remove all kernel sources from the generated OS image after it was built and installed.
360 Remove all kernel sources from the generated OS image after it was built and installed.
368
361
369 ##### `KERNELSRC_DIR`=""
362 ##### `KERNELSRC_DIR`=""
370 Path to a directory (`linux`) of [RaspberryPi Linux kernel sources](https://github.com/raspberrypi/linux) that will be copied, configured, build and installed inside the chroot.
363 Path to a directory (`linux`) of [RaspberryPi Linux kernel sources](https://github.com/raspberrypi/linux) that will be copied, configured, build and installed inside the chroot.
371
364
372 ##### `KERNELSRC_CLEAN`=false
365 ##### `KERNELSRC_CLEAN`=false
373 Clean the existing kernel sources directory `KERNELSRC_DIR` (using `make mrproper`) after it was copied to the chroot and before the compilation of the kernel has started. This parameter will be ignored if no `KERNELSRC_DIR` was specified or if `KERNELSRC_PREBUILT`=true.
366 Clean the existing kernel sources directory `KERNELSRC_DIR` (using `make mrproper`) after it was copied to the chroot and before the compilation of the kernel has started. This parameter will be ignored if no `KERNELSRC_DIR` was specified or if `KERNELSRC_PREBUILT`=true.
374
367
375 ##### `KERNELSRC_CONFIG`=true
368 ##### `KERNELSRC_CONFIG`=true
376 Run `make bcm2709_defconfig` (and optional `make menuconfig`) to configure the kernel sources before building. This parameter is automatically set to `true` if no existing kernel sources directory was specified using `KERNELSRC_DIR`. This parameter is ignored if `KERNELSRC_PREBUILT`=true.
369 Run `make bcm2709_defconfig` (and optional `make menuconfig`) to configure the kernel sources before building. This parameter is automatically set to `true` if no existing kernel sources directory was specified using `KERNELSRC_DIR`. This parameter is ignored if `KERNELSRC_PREBUILT`=true.
377
370
378 ##### `KERNELSRC_USRCONFIG`=""
371 ##### `KERNELSRC_USRCONFIG`=""
379 Copy own config file to kernel `.config`. If `KERNEL_MENUCONFIG`=true then running after copy.
372 Copy own config file to kernel `.config`. If `KERNEL_MENUCONFIG`=true then running after copy.
380
373
381 ##### `KERNELSRC_PREBUILT`=false
374 ##### `KERNELSRC_PREBUILT`=false
382 With this parameter set to true the script expects the existing kernel sources directory to be already successfully cross-compiled. The parameters `KERNELSRC_CLEAN`, `KERNELSRC_CONFIG`, `KERNELSRC_USRCONFIG` and `KERNEL_MENUCONFIG` are ignored and no kernel compilation tasks are performed.
375 With this parameter set to true the script expects the existing kernel sources directory to be already successfully cross-compiled. The parameters `KERNELSRC_CLEAN`, `KERNELSRC_CONFIG`, `KERNELSRC_USRCONFIG` and `KERNEL_MENUCONFIG` are ignored and no kernel compilation tasks are performed.
383
376
384 ##### `RPI_FIRMWARE_DIR`=""
377 ##### `RPI_FIRMWARE_DIR`=""
385 The directory (`firmware`) containing a local copy of the firmware from the [RaspberryPi firmware project](https://github.com/raspberrypi/firmware). Default is to download the latest firmware directly from the project.
378 The directory (`firmware`) containing a local copy of the firmware from the [RaspberryPi firmware project](https://github.com/raspberrypi/firmware). Default is to download the latest firmware directly from the project.
386
379
387 ##### `KERNEL_DEFAULT_GOV`="ONDEMAND"
380 ##### `KERNEL_DEFAULT_GOV`="ONDEMAND"
388 Set the default cpu governor at kernel compilation. Supported values are: PERFORMANCE POWERSAVE USERSPACE ONDEMAND CONSERVATIVE SCHEDUTIL
381 Set the default cpu governor at kernel compilation. Supported values are: PERFORMANCE POWERSAVE USERSPACE ONDEMAND CONSERVATIVE SCHEDUTIL
389
382
390 ##### `KERNEL_NF`=false
383 ##### `KERNEL_NF`=false
391 Enable Netfilter modules as kernel modules
384 Enable Netfilter modules as kernel modules
392
385
393 ##### `KERNEL_VIRT`=false
386 ##### `KERNEL_VIRT`=false
394 Enable Kernel KVM support (/dev/kvm)
387 Enable Kernel KVM support (/dev/kvm)
395
388
396 ##### `KERNEL_ZSWAP`=false
389 ##### `KERNEL_ZSWAP`=false
397 Enable Kernel Zswap support. Best use on high RAM load and mediocre CPU load usecases
390 Enable Kernel Zswap support. Best use on high RAM load and mediocre CPU load usecases
398
391
399 ##### `KERNEL_BPF`=true
392 ##### `KERNEL_BPF`=true
400 Allow attaching eBPF programs to a cgroup using the bpf syscall (CONFIG_BPF_SYSCALL CONFIG_CGROUP_BPF) [systemd compilations about it - File /lib/systemd/system/systemd-journald.server:36 configures an IP firewall (IPAddressDeny=all), but the local system does not support BPF/cgroup based firewalls]
393 Allow attaching eBPF programs to a cgroup using the bpf syscall (CONFIG_BPF_SYSCALL CONFIG_CGROUP_BPF) [systemd compilations about it - File /lib/systemd/system/systemd-journald.server:36 configures an IP firewall (IPAddressDeny=all), but the local system does not support BPF/cgroup based firewalls]
401
394
402 ##### `KERNEL_SECURITY`=false
395 ##### `KERNEL_SECURITY`=false
403 Enables Apparmor, integrity subsystem, auditing.
396 Enables Apparmor, integrity subsystem, auditing.
404
397
398 ##### `KERNEL_BTRFS`="false"
399 enable btrfs kernel support
400
401 ##### `KERNEL_POEHAT`="false"
402 enable Enable RPI POE HAT fan kernel support
403
404 ##### `KERNEL_NSPAWN`="false"
405 Enable per-interface network priority control - for systemd-nspawn
406
407 ##### `KERNEL_DHKEY`="true"
408 Diffie-Hellman operations on retained keys - required for >keyutils-1.6
409
405 ---
410 ---
406
411
407 #### Reduce disk usage:
412 #### Reduce disk usage:
408 The following list of parameters is ignored if `ENABLE_REDUCE`=false.
413 The following list of parameters is ignored if `ENABLE_REDUCE`=false.
409
414
410 ##### `REDUCE_APT`=true
415 ##### `REDUCE_APT`=true
411 Configure APT to use compressed package repository lists and no package caching files.
416 Configure APT to use compressed package repository lists and no package caching files.
412
417
413 ##### `REDUCE_DOC`=true
418 ##### `REDUCE_DOC`=true
414 Remove all doc files (harsh). Configure APT to not include doc files on future `apt-get` package installations.
419 Remove all doc files (harsh). Configure APT to not include doc files on future `apt-get` package installations.
415
420
416 ##### `REDUCE_MAN`=true
421 ##### `REDUCE_MAN`=true
417 Remove all man pages and info files (harsh). Configure APT to not include man pages on future `apt-get` package installations.
422 Remove all man pages and info files (harsh). Configure APT to not include man pages on future `apt-get` package installations.
418
423
419 ##### `REDUCE_VIM`=false
424 ##### `REDUCE_VIM`=false
420 Replace `vim-tiny` package by `levee` a tiny vim clone.
425 Replace `vim-tiny` package by `levee` a tiny vim clone.
421
426
422 ##### `REDUCE_BASH`=false
427 ##### `REDUCE_BASH`=false
423 Remove `bash` package and switch to `dash` shell (experimental).
428 Remove `bash` package and switch to `dash` shell (experimental).
424
429
425 ##### `REDUCE_HWDB`=true
430 ##### `REDUCE_HWDB`=true
426 Remove PCI related hwdb files (experimental).
431 Remove PCI related hwdb files (experimental).
427
432
428 ##### `REDUCE_SSHD`=true
433 ##### `REDUCE_SSHD`=true
429 Replace `openssh-server` with `dropbear`.
434 Replace `openssh-server` with `dropbear`.
430
435
431 ##### `REDUCE_LOCALE`=true
436 ##### `REDUCE_LOCALE`=true
432 Remove all `locale` translation files.
437 Remove all `locale` translation files.
433
438
434 ---
439 ---
435
440
436 #### Encrypted root partition:
441 #### Encrypted root partition:
437 ##### `ENABLE_CRYPTFS`=false
442 ##### `ENABLE_CRYPTFS`=false
438 Enable full system encryption with dm-crypt. Setup a fully LUKS encrypted root partition (aes-xts-plain64:sha512) and generate required initramfs. The /boot directory will not be encrypted. This parameter will be ignored if `BUILD_KERNEL`=false. `ENABLE_CRYPTFS` is experimental. SSH-to-initramfs is currently not supported but will be soon - feel free to help.
443 Enable full system encryption with dm-crypt. Setup a fully LUKS encrypted root partition (aes-xts-plain64:sha512) and generate required initramfs. The /boot directory will not be encrypted. This parameter will be ignored if `BUILD_KERNEL`=false. `ENABLE_CRYPTFS` is experimental. SSH-to-initramfs is currently not supported but will be soon - feel free to help.
439
444
440 ##### `CRYPTFS_PASSWORD`=""
445 ##### `CRYPTFS_PASSWORD`=""
441 Set password of the encrypted root partition. This parameter is mandatory if `ENABLE_CRYPTFS`=true.
446 Set password of the encrypted root partition. This parameter is mandatory if `ENABLE_CRYPTFS`=true.
442
447
443 ##### `CRYPTFS_MAPPING`="secure"
448 ##### `CRYPTFS_MAPPING`="secure"
444 Set name of dm-crypt managed device-mapper mapping.
449 Set name of dm-crypt managed device-mapper mapping.
445
450
446 ##### `CRYPTFS_CIPHER`="aes-xts-plain64"
451 ##### `CRYPTFS_CIPHER`="aes-xts-plain64"
447 Set cipher specification string. `aes-xts*` ciphers are strongly recommended.
452 Set cipher specification string. `aes-xts*` ciphers are strongly recommended.
448
453
449 ##### `CRYPTFS_HASH`=sha512
454 ##### `CRYPTFS_HASH`=sha512
450 Hash function and size to be used
455 Hash function and size to be used
451
456
452 ##### `CRYPTFS_XTSKEYSIZE`=512
457 ##### `CRYPTFS_XTSKEYSIZE`=512
453 Sets key size in bits. The argument has to be a multiple of 8.
458 Sets key size in bits. The argument has to be a multiple of 8.
454
459
455 ##### `CRYPTFS_DROPBEAR`=false
460 ##### `CRYPTFS_DROPBEAR`=false
456 Enable Dropbear Initramfs support
461 Enable Dropbear Initramfs support
457
462
458 ##### `CRYPTFS_DROPBEAR_PUBKEY`=""
463 ##### `CRYPTFS_DROPBEAR_PUBKEY`=""
459 Provide path to dropbear Public RSA-OpenSSH Key
464 Provide path to dropbear Public RSA-OpenSSH Key
460
465
461 ---
466 ---
462
467
463 #### Build settings:
468 #### Build settings:
464 ##### `BASEDIR`=$(pwd)/images/${RELEASE}
469 ##### `BASEDIR`=$(pwd)/images/${RELEASE}
465 Set a path to a working directory used by the script to generate an image.
470 Set a path to a working directory used by the script to generate an image.
466
471
467 ##### `IMAGE_NAME`=${BASEDIR}/${DATE}-${KERNEL_ARCH}-${KERNEL_BRANCH}-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}
472 ##### `IMAGE_NAME`=${BASEDIR}/${DATE}-${KERNEL_ARCH}-${KERNEL_BRANCH}-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}
468 Set a filename for the output file(s). Note: the script will create $IMAGE_NAME.img if `ENABLE_SPLITFS`=false or $IMAGE_NAME-frmw.img and $IMAGE_NAME-root.img if `ENABLE_SPLITFS`=true. Note 2: If the KERNEL_BRANCH is not set, the word "CURRENT" is used.
473 Set a filename for the output file(s). Note: the script will create $IMAGE_NAME.img if `ENABLE_SPLITFS`=false or $IMAGE_NAME-frmw.img and $IMAGE_NAME-root.img if `ENABLE_SPLITFS`=true. Note 2: If the KERNEL_BRANCH is not set, the word "CURRENT" is used.
469
474
470 ## Understanding the script
475 ## Understanding the script
471 The functions of this script that are required for the different stages of the bootstrapping are split up into single files located inside the `bootstrap.d` directory. During the bootstrapping every script in this directory gets executed in lexicographical order:
476 The functions of this script that are required for the different stages of the bootstrapping are split up into single files located inside the `bootstrap.d` directory. During the bootstrapping every script in this directory gets executed in lexicographical order:
472
477
473 | Script | Description |
478 | Script | Description |
474 | --- | --- |
479 | --- | --- |
475 | `10-bootstrap.sh` | Debootstrap basic system |
480 | `10-bootstrap.sh` | Debootstrap basic system |
476 | `11-apt.sh` | Setup APT repositories |
481 | `11-apt.sh` | Setup APT repositories |
477 | `12-locale.sh` | Setup Locales and keyboard settings |
482 | `12-locale.sh` | Setup Locales and keyboard settings |
478 | `13-kernel.sh` | Build and install RPi 0/1/2/3 Kernel |
483 | `13-kernel.sh` | Build and install RPi 0/1/2/3 Kernel |
479 | `14-fstab.sh` | Setup fstab and initramfs |
484 | `14-fstab.sh` | Setup fstab and initramfs |
480 | `15-rpi-config.sh` | Setup RPi 0/1/2/3 config and cmdline |
485 | `15-rpi-config.sh` | Setup RPi 0/1/2/3 config and cmdline |
481 | `20-networking.sh` | Setup Networking |
486 | `20-networking.sh` | Setup Networking |
482 | `21-firewall.sh` | Setup Firewall |
487 | `21-firewall.sh` | Setup Firewall |
483 | `30-security.sh` | Setup Users and Security settings |
488 | `30-security.sh` | Setup Users and Security settings |
484 | `31-logging.sh` | Setup Logging |
489 | `31-logging.sh` | Setup Logging |
485 | `32-sshd.sh` | Setup SSH and public keys |
490 | `32-sshd.sh` | Setup SSH and public keys |
486 | `41-uboot.sh` | Build and Setup U-Boot |
491 | `41-uboot.sh` | Build and Setup U-Boot |
487 | `42-fbturbo.sh` | Build and Setup fbturbo Xorg driver |
492 | `42-fbturbo.sh` | Build and Setup fbturbo Xorg driver |
488 | `43-videocore.sh` | Build and Setup videocore libraries |
493 | `43-videocore.sh` | Build and Setup videocore libraries |
489 | `50-firstboot.sh` | First boot actions |
494 | `50-firstboot.sh` | First boot actions |
490 | `99-reduce.sh` | Reduce the disk space usage |
495 | `99-reduce.sh` | Reduce the disk space usage |
491
496
492 All the required configuration files that will be copied to the generated OS image are located inside the `files` directory. It is not recommended to modify these configuration files manually.
497 All the required configuration files that will be copied to the generated OS image are located inside the `files` directory. It is not recommended to modify these configuration files manually.
493
498
494 | Directory | Description |
499 | Directory | Description |
495 | --- | --- |
500 | --- | --- |
496 | `apt` | APT management configuration files |
501 | `apt` | APT management configuration files |
497 | `boot` | Boot and RPi 0/1/2/3 configuration files |
502 | `boot` | Boot and RPi 0/1/2/3 configuration files |
498 | `dpkg` | Package Manager configuration |
503 | `dpkg` | Package Manager configuration |
499 | `etc` | Configuration files and rc scripts |
504 | `etc` | Configuration files and rc scripts |
500 | `firstboot` | Scripts that get executed on first boot |
505 | `firstboot` | Scripts that get executed on first boot |
501 | `initramfs` | Initramfs scripts |
506 | `initramfs` | Initramfs scripts |
502 | `iptables` | Firewall configuration files |
507 | `iptables` | Firewall configuration files |
503 | `locales` | Locales configuration |
508 | `locales` | Locales configuration |
504 | `modules` | Kernel Modules configuration |
509 | `modules` | Kernel Modules configuration |
505 | `mount` | Fstab configuration |
510 | `mount` | Fstab configuration |
506 | `network` | Networking configuration files |
511 | `network` | Networking configuration files |
507 | `sysctl.d` | Swapping and Network Hardening configuration |
512 | `sysctl.d` | Swapping and Network Hardening configuration |
508 | `xorg` | fbturbo Xorg driver configuration |
513 | `xorg` | fbturbo Xorg driver configuration |
509
514
510 ## Custom packages and scripts
515 ## Custom packages and scripts
511 Debian custom packages, i.e. those not in the debian repositories, can be installed by placing them in the `packages` directory. They are installed immediately after packages from the repositories are installed. Any dependencies listed in the custom packages will be downloaded automatically from the repositories. Do not list these custom packages in `APT_INCLUDES`.
516 Debian custom packages, i.e. those not in the debian repositories, can be installed by placing them in the `packages` directory. They are installed immediately after packages from the repositories are installed. Any dependencies listed in the custom packages will be downloaded automatically from the repositories. Do not list these custom packages in `APT_INCLUDES`.
512
517
513 Scripts in the custom.d directory will be executed after all other installation is complete but before the image is created.
518 Scripts in the custom.d directory will be executed after all other installation is complete but before the image is created.
514
519
515 ## Logging of the bootstrapping process
520 ## Logging of the bootstrapping process
516 All information related to the bootstrapping process and the commands executed by the `rpi23-gen-image.sh` script can easily be saved into a logfile. The common shell command `script` can be used for this purpose:
521 All information related to the bootstrapping process and the commands executed by the `rpi23-gen-image.sh` script can easily be saved into a logfile. The common shell command `script` can be used for this purpose:
517
522
518 ```shell
523 ```shell
519 script -c 'APT_SERVER=ftp.de.debian.org ./rpi23-gen-image.sh' ./build.log
524 script -c 'APT_SERVER=ftp.de.debian.org ./rpi23-gen-image.sh' ./build.log
520 ```
525 ```
521
526
522 ## Flashing the image file
527 ## Flashing the image file
523 After the image file was successfully created by the `rpi23-gen-image.sh` script it can be copied to the microSD card that will be used by the RPi 0/1/2/3 computer. This can be performed by using the tools `bmaptool` or `dd`. Using `bmaptool` will probably speed-up the copy process because `bmaptool` copies more wisely than `dd`.
528 After the image file was successfully created by the `rpi23-gen-image.sh` script it can be copied to the microSD card that will be used by the RPi 0/1/2/3 computer. This can be performed by using the tools `bmaptool` or `dd`. Using `bmaptool` will probably speed-up the copy process because `bmaptool` copies more wisely than `dd`.
524
529
525 ##### Flashing examples:
530 ##### Flashing examples:
526 ```shell
531 ```shell
527 bmaptool copy ./images/buster/2017-01-23-rpi3-buster.img /dev/mmcblk0
532 bmaptool copy ./images/buster/2017-01-23-rpi3-buster.img /dev/mmcblk0
528 dd bs=4M if=./images/buster/2017-01-23-rpi3-buster.img of=/dev/mmcblk0
533 dd bs=4M if=./images/buster/2017-01-23-rpi3-buster.img of=/dev/mmcblk0
529 ```
534 ```
530 If you have set `ENABLE_SPLITFS`, copy the `-frmw` image on the microSD card, then the `-root` one on the USB drive:
535 If you have set `ENABLE_SPLITFS`, copy the `-frmw` image on the microSD card, then the `-root` one on the USB drive:
531 ```shell
536 ```shell
532 bmaptool copy ./images/buster/2017-01-23-rpi3-buster-frmw.img /dev/mmcblk0
537 bmaptool copy ./images/buster/2017-01-23-rpi3-buster-frmw.img /dev/mmcblk0
533 bmaptool copy ./images/buster/2017-01-23-rpi3-buster-root.img /dev/sdc
538 bmaptool copy ./images/buster/2017-01-23-rpi3-buster-root.img /dev/sdc
534 ```
539 ```
535
540
536 ## QEMU emulation
541 ## QEMU emulation
537 Start QEMU full system emulation:
542 Start QEMU full system emulation:
538 ```shell
543 ```shell
539 qemu-system-arm -m 2048M -M vexpress-a15 -cpu cortex-a15 -kernel kernel7.img -no-reboot -dtb vexpress-v2p-ca15_a7.dtb -sd ${IMAGE_NAME}.qcow2 -append "root=/dev/mmcblk0p2 rw rootfstype=ext4 console=tty1"
544 qemu-system-arm -m 2048M -M vexpress-a15 -cpu cortex-a15 -kernel kernel7.img -no-reboot -dtb vexpress-v2p-ca15_a7.dtb -sd ${IMAGE_NAME}.qcow2 -append "root=/dev/mmcblk0p2 rw rootfstype=ext4 console=tty1"
540 ```
545 ```
541
546
542 Start QEMU full system emulation and output to console:
547 Start QEMU full system emulation and output to console:
543 ```shell
548 ```shell
544 qemu-system-arm -m 2048M -M vexpress-a15 -cpu cortex-a15 -kernel kernel7.img -no-reboot -dtb vexpress-v2p-ca15_a7.dtb -sd ${IMAGE_NAME}.qcow2 -append "root=/dev/mmcblk0p2 rw rootfstype=ext4 console=ttyAMA0,115200 init=/bin/systemd" -serial stdio
549 qemu-system-arm -m 2048M -M vexpress-a15 -cpu cortex-a15 -kernel kernel7.img -no-reboot -dtb vexpress-v2p-ca15_a7.dtb -sd ${IMAGE_NAME}.qcow2 -append "root=/dev/mmcblk0p2 rw rootfstype=ext4 console=ttyAMA0,115200 init=/bin/systemd" -serial stdio
545 ```
550 ```
546
551
547 Start QEMU full system emulation with SMP and output to console:
552 Start QEMU full system emulation with SMP and output to console:
548 ```shell
553 ```shell
549 qemu-system-arm -m 2048M -M vexpress-a15 -cpu cortex-a15 -smp cpus=2,maxcpus=2 -kernel kernel7.img -no-reboot -dtb vexpress-v2p-ca15_a7.dtb -sd ${IMAGE_NAME}.qcow2 -append "root=/dev/mmcblk0p2 rw rootfstype=ext4 console=ttyAMA0,115200 init=/bin/systemd" -serial stdio
554 qemu-system-arm -m 2048M -M vexpress-a15 -cpu cortex-a15 -smp cpus=2,maxcpus=2 -kernel kernel7.img -no-reboot -dtb vexpress-v2p-ca15_a7.dtb -sd ${IMAGE_NAME}.qcow2 -append "root=/dev/mmcblk0p2 rw rootfstype=ext4 console=ttyAMA0,115200 init=/bin/systemd" -serial stdio
550 ```
555 ```
551
556
552 Start QEMU full system emulation with cryptfs, initramfs and output to console:
557 Start QEMU full system emulation with cryptfs, initramfs and output to console:
553 ```shell
558 ```shell
554 qemu-system-arm -m 2048M -M vexpress-a15 -cpu cortex-a15 -kernel kernel7.img -no-reboot -dtb vexpress-v2p-ca15_a7.dtb -sd ${IMAGE_NAME}.qcow2 -initrd "initramfs-${KERNEL_VERSION}" -append "root=/dev/mapper/secure cryptdevice=/dev/mmcblk0p2:secure rw rootfstype=ext4 console=ttyAMA0,115200 init=/bin/systemd" -serial stdio
559 qemu-system-arm -m 2048M -M vexpress-a15 -cpu cortex-a15 -kernel kernel7.img -no-reboot -dtb vexpress-v2p-ca15_a7.dtb -sd ${IMAGE_NAME}.qcow2 -initrd "initramfs-${KERNEL_VERSION}" -append "root=/dev/mapper/secure cryptdevice=/dev/mmcblk0p2:secure rw rootfstype=ext4 console=ttyAMA0,115200 init=/bin/systemd" -serial stdio
555 ```
560 ```
556
561
557 ## External links and references
562 ## External links and references
558 * [Debian worldwide mirror sites](https://www.debian.org/mirror/list)
563 * [Debian worldwide mirror sites](https://www.debian.org/mirror/list)
559 * [Debian Raspberry Pi 2 Wiki](https://wiki.debian.org/RaspberryPi2)
564 * [Debian Raspberry Pi 2 Wiki](https://wiki.debian.org/RaspberryPi2)
560 * [Debian CrossToolchains Wiki](https://wiki.debian.org/CrossToolchains)
565 * [Debian CrossToolchains Wiki](https://wiki.debian.org/CrossToolchains)
561 * [Official Raspberry Pi Firmware on github](https://github.com/raspberrypi/firmware)
566 * [Official Raspberry Pi Firmware on github](https://github.com/raspberrypi/firmware)
562 * [Official Raspberry Pi Kernel on github](https://github.com/raspberrypi/linux)
567 * [Official Raspberry Pi Kernel on github](https://github.com/raspberrypi/linux)
563 * [U-BOOT git repository](https://git.denx.de/?p=u-boot.git;a=summary)
568 * [U-BOOT git repository](https://git.denx.de/?p=u-boot.git;a=summary)
564 * [Xorg DDX driver fbturbo](https://github.com/ssvb/xf86-video-fbturbo)
569 * [Xorg DDX driver fbturbo](https://github.com/ssvb/xf86-video-fbturbo)
565 * [RPi3 Wireless interface firmware](https://github.com/RPi-Distro/firmware-nonfree/tree/master/brcm)
570 * [RPi3 Wireless interface firmware](https://github.com/RPi-Distro/firmware-nonfree/tree/master/brcm)
566 * [Collabora RPi2 Kernel precompiled](https://repositories.collabora.co.uk/debian/)
571 * [Collabora RPi2 Kernel precompiled](https://repositories.collabora.co.uk/debian/)
General Comments 0
Vous devez vous connecter pour laisser un commentaire. Se connecter maintenant