##// END OF EJS Templates
Added ENABLE_SWAP...
Yannick Schinko -
r520:4faf10532824
parent child
Show More
@@ -0,0 +1,5
1 logger -t "rc.firstboot" "Restarting dphys-swapfile"
2
3 if systemctl is-enabled dphys-swapfile ; then
4 systemctl restart dphys-swapfile
5 fi
@@ -1,500 +1,503
1 1 # rpi23-gen-image
2 2 ## Introduction
3 3 `rpi23-gen-image.sh` is an advanced Debian Linux bootstrapping shell script for generating Debian OS images for all Raspberry Pi computers. The script at this time supports the bootstrapping of the Debian (armhf/armel) releases `stretch` and `buster`. Raspberry Pi 0/1/2/3 images are generated for 32-bit mode only. Raspberry Pi 3 supports 64-bit images that can be generated using custom configuration parameters (```templates/rpi3-stretch-arm64-4.14.y```).
4 4
5 5 ## Build dependencies
6 6 The following list of Debian packages must be installed on the build system because they are essentially required for the bootstrapping process. The script will check if all required packages are installed and missing packages will be installed automatically if confirmed by the user.
7 7
8 8 ```debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git bc psmisc dbus sudo```
9 9
10 10 It is recommended to configure the `rpi23-gen-image.sh` script to build and install the latest Raspberry Pi Linux kernel. For the Raspberry 3 this is mandatory. Kernel compilation and linking will be performed on the build system using an ARM (armhf/armel) cross-compiler toolchain.
11 11
12 12 The script has been tested using the default `crossbuild-essential-armhf` and `crossbuild-essential-armel` toolchain meta packages on Debian Linux `stretch` build systems. Please check the [Debian CrossToolchains Wiki](https://wiki.debian.org/CrossToolchains) for further information.
13 13
14 14 ## Command-line parameters
15 15 The script accepts certain command-line parameters to enable or disable specific OS features, services and configuration settings. These parameters are passed to the `rpi23-gen-image.sh` script via (simple) shell-variables. Unlike environment shell-variables (simple) shell-variables are defined at the beginning of the command-line call of the `rpi23-gen-image.sh` script.
16 16
17 17 ##### Command-line examples:
18 18 ```shell
19 19 ENABLE_UBOOT=true ./rpi23-gen-image.sh
20 20 ENABLE_CONSOLE=false ENABLE_IPV6=false ./rpi23-gen-image.sh
21 21 ENABLE_WM=xfce4 ENABLE_FBTURBO=true ENABLE_MINBASE=true ./rpi23-gen-image.sh
22 22 ENABLE_HARDNET=true ENABLE_IPTABLES=true /rpi23-gen-image.sh
23 23 APT_SERVER=ftp.de.debian.org APT_PROXY="http://127.0.0.1:3142/" ./rpi23-gen-image.sh
24 24 ENABLE_MINBASE=true ./rpi23-gen-image.sh
25 25 BUILD_KERNEL=true ENABLE_MINBASE=true ENABLE_IPV6=false ./rpi23-gen-image.sh
26 26 BUILD_KERNEL=true KERNELSRC_DIR=/tmp/linux ./rpi23-gen-image.sh
27 27 ENABLE_MINBASE=true ENABLE_REDUCE=true ENABLE_MINGPU=true BUILD_KERNEL=true ./rpi23-gen-image.sh
28 28 ENABLE_CRYPTFS=true CRYPTFS_PASSWORD=changeme EXPANDROOT=false ENABLE_MINBASE=true ENABLE_REDUCE=true ENABLE_MINGPU=true BUILD_KERNEL=true ./rpi23-gen-image.sh
29 29 RELEASE=stretch BUILD_KERNEL=true ./rpi23-gen-image.sh
30 30 RPI_MODEL=3 ENABLE_WIRELESS=true ENABLE_MINBASE=true BUILD_KERNEL=true ./rpi23-gen-image.sh
31 31 RELEASE=stretch RPI_MODEL=3 ENABLE_WIRELESS=true ENABLE_MINBASE=true BUILD_KERNEL=true ./rpi23-gen-image.sh
32 32 ```
33 33
34 34 ## Configuration template files
35 35 To avoid long lists of command-line parameters and to help to store the favourite parameter configurations the `rpi23-gen-image.sh` script supports so called configuration template files (`CONFIG_TEMPLATE`=template). These are simple text files located in the `./templates` directory that contain the list of configuration parameters that will be used. New configuration template files can be added to the `./templates` directory.
36 36
37 37 ##### Command-line examples:
38 38 ```shell
39 39 CONFIG_TEMPLATE=rpi3stretch ./rpi23-gen-image.sh
40 40 CONFIG_TEMPLATE=rpi2stretch ./rpi23-gen-image.sh
41 41 ```
42 42
43 43 ## Supported parameters and settings
44 44 #### APT settings:
45 45 ##### `APT_SERVER`="ftp.debian.org"
46 46 Set Debian packages server address. Choose a server from the list of Debian worldwide [mirror sites](https://www.debian.org/mirror/list). Using a nearby server will probably speed-up all required downloads within the bootstrapping process.
47 47
48 48 ##### `APT_PROXY`=""
49 49 Set Proxy server address. Using a local Proxy-Cache like `apt-cacher-ng` will speed-up the bootstrapping process because all required Debian packages will only be downloaded from the Debian mirror site once. If `apt-cacher-ng` is running on default `http://127.0.0.1:3142` it is autodetected and you don't need to set this.
50 50
51 51 ##### `APT_INCLUDES`=""
52 52 A comma-separated list of additional packages to be installed by debootstrap during bootstrapping.
53 53
54 54 ##### `APT_INCLUDES_LATE`=""
55 55 A comma-separated list of additional packages to be installed by apt after bootstrapping and after APT sources are set up. This is useful for packages with pre-depends, which debootstrap do not handle well.
56 56
57 57 ---
58 58
59 59 #### General system settings:
60 60 ##### `SET_ARCH`=32
61 61 Set Architecture to default 32bit. If you want to compile 64-bit (RPI3 or RPI3+) set it to `64`. This option will set every needed cross-compiler or board specific option for a successful build.
62 62
63 63 ##### `RPI_MODEL`=2
64 64 Specify the target Raspberry Pi hardware model. The script at this time supports the following Raspberry Pi models:
65 65 - `0` = Raspberry Pi 0 and Raspberry Pi 0 W
66 66 - `1` = Raspberry Pi 1 model A and B
67 67 - `1P` = Raspberry Pi 1 model B+ and A+
68 68 - `2` = Raspberry Pi 2 model B
69 69 - `3` = Raspberry Pi 3 model B
70 70 - `3P` = Raspberry Pi 3 model B+
71 71
72 72 ##### `RELEASE`="buster"
73 73 Set the desired Debian release name. The script at this time supports the bootstrapping of the Debian releases `stretch` and `buster`.
74 74
75 75 ##### `RELEASE_ARCH`="armhf"
76 76 Set the desired Debian release architecture.
77 77
78 78 ##### `HOSTNAME`="rpi$RPI_MODEL-$RELEASE"
79 79 Set system hostname. It's recommended that the hostname is unique in the corresponding subnet.
80 80
81 81 ##### `PASSWORD`="raspberry"
82 82 Set system `root` password. It's **STRONGLY** recommended that you choose a custom password.
83 83
84 84 ##### `USER_PASSWORD`="raspberry"
85 85 Set password for the created non-root user `USER_NAME`=pi. Ignored if `ENABLE_USER`=false. It's **STRONGLY** recommended that you choose a custom password.
86 86
87 87 ##### `DEFLOCAL`="en_US.UTF-8"
88 88 Set default system locale. This setting can also be changed inside the running OS using the `dpkg-reconfigure locales` command. Please note that on using this parameter the script will automatically install the required packages `locales`, `keyboard-configuration` and `console-setup`.
89 89
90 90 ##### `TIMEZONE`="Europe/Berlin"
91 91 Set default system timezone. All available timezones can be found in the `/usr/share/zoneinfo/` directory. This setting can also be changed inside the running OS using the `dpkg-reconfigure tzdata` command.
92 92
93 93 ##### `EXPANDROOT`=true
94 94 Expand the root partition and filesystem automatically on first boot.
95 95
96 ##### `ENABLE_SWAP`=true
97 Enable swap. The size of the swapfile is chosen relative to the size of the root partition. It'll use the `dphys-swapfile` package for that.
98
96 99 ##### `ENABLE_QEMU`=false
97 100 Generate kernel (`vexpress_defconfig`), file system image (`qcow2`) and DTB files that can be used for QEMU full system emulation (`vexpress-A15`). The output files are stored in the `$(pwd)/images/qemu` directory. You can find more information about running the generated image in the QEMU section of this readme file.
98 101
99 102 ---
100 103
101 104 #### Keyboard settings:
102 105 These options are used to configure keyboard layout in `/etc/default/keyboard` for console and Xorg. These settings can also be changed inside the running OS using the `dpkg-reconfigure keyboard-configuration` command.
103 106
104 107 ##### `XKB_MODEL`=""
105 108 Set the name of the model of your keyboard type.
106 109
107 110 ##### `XKB_LAYOUT`=""
108 111 Set the supported keyboard layout(s).
109 112
110 113 ##### `XKB_VARIANT`=""
111 114 Set the supported variant(s) of the keyboard layout(s).
112 115
113 116 ##### `XKB_OPTIONS`=""
114 117 Set extra xkb configuration options.
115 118
116 119 ---
117 120
118 121 #### Networking settings (DHCP):
119 122 This parameter is used to set up networking auto-configuration in `/etc/systemd/network/eth.network`. The default location of network configuration files in the Debian `stretch` release was changed to `/lib/systemd/network`.`
120 123
121 124 ##### `ENABLE_DHCP`=true
122 125 Set the system to use DHCP. This requires an DHCP server.
123 126
124 127 ---
125 128
126 129 #### Networking settings (static):
127 130 These parameters are used to set up a static networking configuration in `/etc/systemd/network/eth.network`. The following static networking parameters are only supported if `ENABLE_DHCP` was set to `false`. The default location of network configuration files in the Debian `stretch` release was changed to `/lib/systemd/network`.
128 131
129 132 ##### `NET_ADDRESS`=""
130 133 Set a static IPv4 or IPv6 address and its prefix, separated by "/", eg. "192.169.0.3/24".
131 134
132 135 ##### `NET_GATEWAY`=""
133 136 Set the IP address for the default gateway.
134 137
135 138 ##### `NET_DNS_1`=""
136 139 Set the IP address for the first DNS server.
137 140
138 141 ##### `NET_DNS_2`=""
139 142 Set the IP address for the second DNS server.
140 143
141 144 ##### `NET_DNS_DOMAINS`=""
142 145 Set the default DNS search domains to use for non fully qualified hostnames.
143 146
144 147 ##### `NET_NTP_1`=""
145 148 Set the IP address for the first NTP server.
146 149
147 150 ##### `NET_NTP_2`=""
148 151 Set the IP address for the second NTP server.
149 152
150 153 ---
151 154
152 155 #### Basic system features:
153 156 ##### `ENABLE_CONSOLE`=true
154 157 Enable serial console interface. Recommended if no monitor or keyboard is connected to the RPi2/3. In case of problems fe. if the network (auto) configuration failed - the serial console can be used to access the system. On RPI `0` `3` `3P` the CPU speed is locked at lowest speed.
155 158
156 159 ##### `ENABLE_PRINTK`=false
157 160 Enables printing kernel messages to konsole. printk is `3 4 1 3` as in raspbian.
158 161
159 162 ##### `ENABLE_BLUETOOTH`=false
160 163 Enable onboard Bluetooth interface on the RPi0/3/3P. See: [Configuring the GPIO serial port on Raspbian jessie and stretch](https://spellfoundry.com/2016/05/29/configuring-gpio-serial-port-raspbian-jessie-including-pi-3/).
161 164
162 165 ##### `ENABLE_MINIUART_OVERLAY`=false
163 166 Enable Bluetooth to use this. Adds overlay to swap UART0 with UART1. Enabling (slower) Bluetooth and full speed serial console. - RPI `0` `3` `3P` have a fast `hardware UART0` (ttyAMA0) and a `mini UART1` (ttyS0)! RPI `1` `1P` `2` only have a `hardware UART0`. `UART0` is considered better, because is faster and more stable than `mini UART1`. By default the Bluetooth modem is mapped to the `hardware UART0` and `mini UART` is used for console. The `mini UART` is a problem for the serial console, because its baudrate depends on the CPU frequency, which is changing on runtime. Resulting in a volatile baudrate and thus in an unusable serial console.
164 167
165 168 ##### `ENABLE_TURBO`=false
166 169 Enable Turbo mode. This setting locks cpu at the highest frequency. As setting ENABLE_CONSOLE=true locks RPI to lowest CPU speed, this is can be used additionally to lock cpu hat max speed. Need a good power supply and probably cooling for the Raspberry PI.
167 170
168 171 ##### `ENABLE_I2C`=false
169 172 Enable I2C interface on the RPi 0/1/2/3. Please check the [RPi 0/1/2/3 pinout diagrams](https://elinux.org/RPi_Low-level_peripherals) to connect the right GPIO pins.
170 173
171 174 ##### `ENABLE_SPI`=false
172 175 Enable SPI interface on the RPi 0/1/2/3. Please check the [RPi 0/1/2/3 pinout diagrams](https://elinux.org/RPi_Low-level_peripherals) to connect the right GPIO pins.
173 176
174 177 ##### `ENABLE_IPV6`=true
175 178 Enable IPv6 support. The network interface configuration is managed via systemd-networkd.
176 179
177 180 ##### `ENABLE_SSHD`=true
178 181 Install and enable OpenSSH service. The default configuration of the service doesn't allow `root` to login. Please use the user `pi` instead and `su -` or `sudo` to execute commands as root.
179 182
180 183 ##### `ENABLE_NONFREE`=false
181 184 Allow the installation of non-free Debian packages that do not comply with the DFSG. This is required to install closed-source firmware binary blobs.
182 185
183 186 ##### `ENABLE_WIRELESS`=false
184 187 Download and install the [closed-source firmware binary blob](https://github.com/RPi-Distro/firmware-nonfree/raw/master/brcm) that is required to run the internal wireless interface of the Raspberry Pi model `3`. This parameter is ignored if the specified `RPI_MODEL` is not `3`.
185 188
186 189 ##### `ENABLE_RSYSLOG`=true
187 190 If set to false, disable and uninstall rsyslog (so logs will be available only in journal files)
188 191
189 192 ##### `ENABLE_SOUND`=true
190 193 Enable sound hardware and install Advanced Linux Sound Architecture.
191 194
192 195 ##### `ENABLE_HWRANDOM`=true
193 196 Enable Hardware Random Number Generator. Strong random numbers are important for most network-based communications that use encryption. It's recommended to be enabled.
194 197
195 198 ##### `ENABLE_MINGPU`=false
196 199 Minimize the amount of shared memory reserved for the GPU. It doesn't seem to be possible to fully disable the GPU.
197 200
198 201 ##### `ENABLE_DBUS`=true
199 202 Install and enable D-Bus message bus. Please note that systemd should work without D-bus but it's recommended to be enabled.
200 203
201 204 ##### `ENABLE_XORG`=false
202 205 Install Xorg open-source X Window System.
203 206
204 207 ##### `ENABLE_WM`=""
205 208 Install a user-defined window manager for the X Window System. To make sure all X related package dependencies are getting installed `ENABLE_XORG` will automatically get enabled if `ENABLE_WM` is used. The `rpi23-gen-image.sh` script has been tested with the following list of window managers: `blackbox`, `openbox`, `fluxbox`, `jwm`, `dwm`, `xfce4`, `awesome`.
206 209
207 210 ##### `ENABLE_SYSVINIT`=false
208 211 Support for halt,init,poweroff,reboot,runlevel,shutdown,telinit commands
209 212
210 213 ---
211 214
212 215 #### Advanced system features:
213 216 ##### `ENABLE_MINBASE`=false
214 217 Use debootstrap script variant `minbase` which only includes essential packages and apt. This will reduce the disk usage by about 65 MB.
215 218
216 219 ##### `ENABLE_REDUCE`=false
217 220 Reduce the disk space usage by deleting packages and files. See `REDUCE_*` parameters for detailed information.
218 221
219 222 ##### `ENABLE_UBOOT`=false
220 223 Replace the default RPi 0/1/2/3 second stage bootloader (bootcode.bin) with [U-Boot bootloader](https://git.denx.de/?p=u-boot.git;a=summary). U-Boot can boot images via the network using the BOOTP/TFTP protocol.
221 224
222 225 ##### `UBOOTSRC_DIR`=""
223 226 Path to a directory (`u-boot`) of [U-Boot bootloader sources](https://git.denx.de/?p=u-boot.git;a=summary) that will be copied, configured, build and installed inside the chroot.
224 227
225 228 ##### `ENABLE_FBTURBO`=false
226 229 Install and enable the [hardware accelerated Xorg video driver](https://github.com/ssvb/xf86-video-fbturbo) `fbturbo`. Please note that this driver is currently limited to hardware accelerated window moving and scrolling.
227 230
228 231 ##### `FBTURBOSRC_DIR`=""
229 232 Path to a directory (`xf86-video-fbturbo`) of [hardware accelerated Xorg video driver sources](https://github.com/ssvb/xf86-video-fbturbo) that will be copied, configured, build and installed inside the chroot.
230 233
231 234 ##### `ENABLE_VIDEOCORE`=false
232 235 Install and enable the [ARM side libraries for interfacing to Raspberry Pi GPU](https://github.com/raspberrypi/userland) `vcgencmd`. Please note that this driver is currently limited to hardware accelerated window moving and scrolling.
233 236
234 237 ##### `VIDEOCORESRC_DIR`=""
235 238 Path to a directory (`userland`) of [ARM side libraries for interfacing to Raspberry Pi GPU](https://github.com/raspberrypi/userland) that will be copied, configured, build and installed inside the chroot.
236 239
237 240 ##### `ENABLE_IPTABLES`=false
238 241 Enable iptables IPv4/IPv6 firewall. Simplified ruleset: Allow all outgoing connections. Block all incoming connections except to OpenSSH service.
239 242
240 243 ##### `ENABLE_USER`=true
241 244 Create non-root user with password `USER_PASSWORD`=raspberry. Unless overridden with `USER_NAME`=user, the username will be `pi`.
242 245
243 246 ##### `USER_NAME`=pi
244 247 Non-root user to create. Ignored if `ENABLE_USER`=false
245 248
246 249 ##### `ENABLE_ROOT`=false
247 250 Set root user password so root login will be enabled
248 251
249 252 ##### `ENABLE_HARDNET`=false
250 253 Enable IPv4/IPv6 network stack hardening settings.
251 254
252 255 ##### `ENABLE_SPLITFS`=false
253 256 Enable having root partition on an USB drive by creating two image files: one for the `/boot/firmware` mount point, and another for `/`.
254 257
255 258 ##### `CHROOT_SCRIPTS`=""
256 259 Path to a directory with scripts that should be run in the chroot before the image is finally built. Every executable file in this directory is run in lexicographical order.
257 260
258 261 ##### `ENABLE_INITRAMFS`=false
259 262 Create an initramfs that that will be loaded during the Linux startup process. `ENABLE_INITRAMFS` will automatically get enabled if `ENABLE_CRYPTFS`=true. This parameter will be ignored if `BUILD_KERNEL`=false.
260 263
261 264 ##### `ENABLE_IFNAMES`=true
262 265 Enable automatic assignment of predictable, stable network interface names for all local Ethernet, WLAN interfaces. This might create complex and long interface names.
263 266
264 267 ##### `DISABLE_UNDERVOLT_WARNINGS`=
265 268 Disable RPi2/3 under-voltage warnings and overlays. Setting the parameter to `1` will disable the warning overlay. Setting it to `2` will additionally allow RPi2/3 turbo mode when low-voltage is present.
266 269
267 270 ---
268 271
269 272 #### SSH settings:
270 273 ##### `SSH_ENABLE_ROOT`=false
271 274 Enable password-based root login via SSH. This may be a security risk with the default password set, use only in trusted environments. `ENABLE_ROOT` must be set to `true`.
272 275
273 276 ##### `SSH_DISABLE_PASSWORD_AUTH`=false
274 277 Disable password-based SSH authentication. Only public key based SSH (v2) authentication will be supported.
275 278
276 279 ##### `SSH_LIMIT_USERS`=false
277 280 Limit the users that are allowed to login via SSH. Only allow user `USER_NAME`=pi and root if `SSH_ENABLE_ROOT`=true to login. This parameter will be ignored if `dropbear` SSH is used (`REDUCE_SSHD`=true).
278 281
279 282 ##### `SSH_ROOT_PUB_KEY`=""
280 283 Add SSH (v2) public key(s) from specified file to `authorized_keys` file to enable public key based SSH (v2) authentication of user `root`. The specified file can also contain multiple SSH (v2) public keys. SSH protocol version 1 is not supported. `ENABLE_ROOT` **and** `SSH_ENABLE_ROOT` must be set to `true`.
281 284
282 285 ##### `SSH_USER_PUB_KEY`=""
283 286 Add SSH (v2) public key(s) from specified file to `authorized_keys` file to enable public key based SSH (v2) authentication of user `USER_NAME`=pi. The specified file can also contain multiple SSH (v2) public keys. SSH protocol version 1 is not supported.
284 287
285 288 ---
286 289
287 290 #### Kernel compilation:
288 291 ##### `BUILD_KERNEL`=true
289 292 Build and install the latest RPi 0/1/2/3 Linux kernel. Currently only the default RPi 0/1/2/3 kernel configuration is used.
290 293
291 294 ##### `CROSS_COMPILE`="arm-linux-gnueabihf-"
292 295 This sets the cross-compile environment for the compiler.
293 296
294 297 ##### `KERNEL_ARCH`="arm"
295 298 This sets the kernel architecture for the compiler.
296 299
297 300 ##### `KERNEL_IMAGE`="kernel7.img"
298 301 Name of the image file in the boot partition. If not set, `KERNEL_IMAGE` will be set to "kernel8.img" automatically if building for arm64.
299 302
300 303 ##### `KERNEL_BRANCH`=""
301 304 Name of the requested branch from the GIT location for the RPi Kernel. Default is using the current default branch from the GIT site.
302 305
303 306 ##### `QEMU_BINARY`="/usr/bin/qemu-arm-static"
304 307 Sets the QEMU enviornment for the Debian archive. If not set, `QEMU_BINARY` will be set to "/usr/bin/qemu-aarch64-static" automatically if building for arm64.
305 308
306 309 ##### `KERNEL_DEFCONFIG`="bcm2709_defconfig"
307 310 Sets the default config for kernel compiling. If not set, `KERNEL_DEFCONFIG` will be set to "bcmrpi3\_defconfig" automatically if building for arm64.
308 311
309 312 ##### `KERNEL_REDUCE`=false
310 313 Reduce the size of the generated kernel by removing unwanted devices, network and filesystem drivers (experimental).
311 314
312 315 ##### `KERNEL_THREADS`=1
313 316 Number of parallel kernel building threads. If the parameter is left untouched the script will automatically determine the number of CPU cores to set the number of parallel threads to speed the kernel compilation.
314 317
315 318 ##### `KERNEL_HEADERS`=true
316 319 Install kernel headers with the built kernel.
317 320
318 321 ##### `KERNEL_MENUCONFIG`=false
319 322 Start `make menuconfig` interactive menu-driven kernel configuration. The script will continue after `make menuconfig` was terminated.
320 323
321 324 ##### `KERNEL_OLDDEFCONFIG`=false
322 325 Run `make olddefconfig` to automatically set all new kernel configuration options to their recommended default values.
323 326
324 327 ##### `KERNEL_CCACHE`=false
325 328 Compile the kernel using ccache. This speeds up kernel recompilation by caching previous compilations and detecting when the same compilation is being done again.
326 329
327 330 ##### `KERNEL_REMOVESRC`=true
328 331 Remove all kernel sources from the generated OS image after it was built and installed.
329 332
330 333 ##### `KERNELSRC_DIR`=""
331 334 Path to a directory (`linux`) of [RaspberryPi Linux kernel sources](https://github.com/raspberrypi/linux) that will be copied, configured, build and installed inside the chroot.
332 335
333 336 ##### `KERNELSRC_CLEAN`=false
334 337 Clean the existing kernel sources directory `KERNELSRC_DIR` (using `make mrproper`) after it was copied to the chroot and before the compilation of the kernel has started. This parameter will be ignored if no `KERNELSRC_DIR` was specified or if `KERNELSRC_PREBUILT`=true.
335 338
336 339 ##### `KERNELSRC_CONFIG`=true
337 340 Run `make bcm2709_defconfig` (and optional `make menuconfig`) to configure the kernel sources before building. This parameter is automatically set to `true` if no existing kernel sources directory was specified using `KERNELSRC_DIR`. This parameter is ignored if `KERNELSRC_PREBUILT`=true.
338 341
339 342 ##### `KERNELSRC_USRCONFIG`=""
340 343 Copy own config file to kernel `.config`. If `KERNEL_MENUCONFIG`=true then running after copy.
341 344
342 345 ##### `KERNELSRC_PREBUILT`=false
343 346 With this parameter set to true the script expects the existing kernel sources directory to be already successfully cross-compiled. The parameters `KERNELSRC_CLEAN`, `KERNELSRC_CONFIG`, `KERNELSRC_USRCONFIG` and `KERNEL_MENUCONFIG` are ignored and no kernel compilation tasks are performed.
344 347
345 348 ##### `RPI_FIRMWARE_DIR`=""
346 349 The directory (`firmware`) containing a local copy of the firmware from the [RaspberryPi firmware project](https://github.com/raspberrypi/firmware). Default is to download the latest firmware directly from the project.
347 350
348 351 ---
349 352
350 353 #### Reduce disk usage:
351 354 The following list of parameters is ignored if `ENABLE_REDUCE`=false.
352 355
353 356 ##### `REDUCE_APT`=true
354 357 Configure APT to use compressed package repository lists and no package caching files.
355 358
356 359 ##### `REDUCE_DOC`=true
357 360 Remove all doc files (harsh). Configure APT to not include doc files on future `apt-get` package installations.
358 361
359 362 ##### `REDUCE_MAN`=true
360 363 Remove all man pages and info files (harsh). Configure APT to not include man pages on future `apt-get` package installations.
361 364
362 365 ##### `REDUCE_VIM`=false
363 366 Replace `vim-tiny` package by `levee` a tiny vim clone.
364 367
365 368 ##### `REDUCE_BASH`=false
366 369 Remove `bash` package and switch to `dash` shell (experimental).
367 370
368 371 ##### `REDUCE_HWDB`=true
369 372 Remove PCI related hwdb files (experimental).
370 373
371 374 ##### `REDUCE_SSHD`=true
372 375 Replace `openssh-server` with `dropbear`.
373 376
374 377 ##### `REDUCE_LOCALE`=true
375 378 Remove all `locale` translation files.
376 379
377 380 ---
378 381
379 382 #### Encrypted root partition:
380 383 ##### `ENABLE_CRYPTFS`=false
381 384 Enable full system encryption with dm-crypt. Setup a fully LUKS encrypted root partition (aes-xts-plain64:sha512) and generate required initramfs. The /boot directory will not be encrypted. This parameter will be ignored if `BUILD_KERNEL`=false. `ENABLE_CRYPTFS` is experimental. SSH-to-initramfs is currently not supported but will be soon - feel free to help.
382 385
383 386 ##### `CRYPTFS_PASSWORD`=""
384 387 Set password of the encrypted root partition. This parameter is mandatory if `ENABLE_CRYPTFS`=true.
385 388
386 389 ##### `CRYPTFS_MAPPING`="secure"
387 390 Set name of dm-crypt managed device-mapper mapping.
388 391
389 392 ##### `CRYPTFS_CIPHER`="aes-xts-plain64:sha512"
390 393 Set cipher specification string. `aes-xts*` ciphers are strongly recommended.
391 394
392 395 ##### `CRYPTFS_XTSKEYSIZE`=512
393 396 Sets key size in bits. The argument has to be a multiple of 8.
394 397
395 398 ---
396 399
397 400 #### Build settings:
398 401 ##### `BASEDIR`=$(pwd)/images/${RELEASE}
399 402 Set a path to a working directory used by the script to generate an image.
400 403
401 404 ##### `IMAGE_NAME`=${BASEDIR}/${DATE}-${KERNEL_ARCH}-${KERNEL_BRANCH}-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}
402 405 Set a filename for the output file(s). Note: the script will create $IMAGE_NAME.img if `ENABLE_SPLITFS`=false or $IMAGE_NAME-frmw.img and $IMAGE_NAME-root.img if `ENABLE_SPLITFS`=true. Note 2: If the KERNEL_BRANCH is not set, the word "CURRENT" is used.
403 406
404 407 ## Understanding the script
405 408 The functions of this script that are required for the different stages of the bootstrapping are split up into single files located inside the `bootstrap.d` directory. During the bootstrapping every script in this directory gets executed in lexicographical order:
406 409
407 410 | Script | Description |
408 411 | --- | --- |
409 412 | `10-bootstrap.sh` | Debootstrap basic system |
410 413 | `11-apt.sh` | Setup APT repositories |
411 414 | `12-locale.sh` | Setup Locales and keyboard settings |
412 415 | `13-kernel.sh` | Build and install RPi 0/1/2/3 Kernel |
413 416 | `14-fstab.sh` | Setup fstab and initramfs |
414 417 | `15-rpi-config.sh` | Setup RPi 0/1/2/3 config and cmdline |
415 418 | `20-networking.sh` | Setup Networking |
416 419 | `21-firewall.sh` | Setup Firewall |
417 420 | `30-security.sh` | Setup Users and Security settings |
418 421 | `31-logging.sh` | Setup Logging |
419 422 | `32-sshd.sh` | Setup SSH and public keys |
420 423 | `41-uboot.sh` | Build and Setup U-Boot |
421 424 | `42-fbturbo.sh` | Build and Setup fbturbo Xorg driver |
422 425 | `43-videocore.sh` | Build and Setup videocore libraries |
423 426 | `50-firstboot.sh` | First boot actions |
424 427 | `99-reduce.sh` | Reduce the disk space usage |
425 428
426 429 All the required configuration files that will be copied to the generated OS image are located inside the `files` directory. It is not recommended to modify these configuration files manually.
427 430
428 431 | Directory | Description |
429 432 | --- | --- |
430 433 | `apt` | APT management configuration files |
431 434 | `boot` | Boot and RPi 0/1/2/3 configuration files |
432 435 | `dpkg` | Package Manager configuration |
433 436 | `etc` | Configuration files and rc scripts |
434 437 | `firstboot` | Scripts that get executed on first boot |
435 438 | `initramfs` | Initramfs scripts |
436 439 | `iptables` | Firewall configuration files |
437 440 | `locales` | Locales configuration |
438 441 | `modules` | Kernel Modules configuration |
439 442 | `mount` | Fstab configuration |
440 443 | `network` | Networking configuration files |
441 444 | `sysctl.d` | Swapping and Network Hardening configuration |
442 445 | `xorg` | fbturbo Xorg driver configuration |
443 446
444 447 ## Custom packages and scripts
445 448 Debian custom packages, i.e. those not in the debian repositories, can be installed by placing them in the `packages` directory. They are installed immediately after packages from the repositories are installed. Any dependencies listed in the custom packages will be downloaded automatically from the repositories. Do not list these custom packages in `APT_INCLUDES`.
446 449
447 450 Scripts in the custom.d directory will be executed after all other installation is complete but before the image is created.
448 451
449 452 ## Logging of the bootstrapping process
450 453 All information related to the bootstrapping process and the commands executed by the `rpi23-gen-image.sh` script can easily be saved into a logfile. The common shell command `script` can be used for this purpose:
451 454
452 455 ```shell
453 456 script -c 'APT_SERVER=ftp.de.debian.org ./rpi23-gen-image.sh' ./build.log
454 457 ```
455 458
456 459 ## Flashing the image file
457 460 After the image file was successfully created by the `rpi23-gen-image.sh` script it can be copied to the microSD card that will be used by the RPi 0/1/2/3 computer. This can be performed by using the tools `bmaptool` or `dd`. Using `bmaptool` will probably speed-up the copy process because `bmaptool` copies more wisely than `dd`.
458 461
459 462 ##### Flashing examples:
460 463 ```shell
461 464 bmaptool copy ./images/buster/2017-01-23-rpi3-buster.img /dev/mmcblk0
462 465 dd bs=4M if=./images/buster/2017-01-23-rpi3-buster.img of=/dev/mmcblk0
463 466 ```
464 467 If you have set `ENABLE_SPLITFS`, copy the `-frmw` image on the microSD card, then the `-root` one on the USB drive:
465 468 ```shell
466 469 bmaptool copy ./images/buster/2017-01-23-rpi3-buster-frmw.img /dev/mmcblk0
467 470 bmaptool copy ./images/buster/2017-01-23-rpi3-buster-root.img /dev/sdc
468 471 ```
469 472
470 473 ## QEMU emulation
471 474 Start QEMU full system emulation:
472 475 ```shell
473 476 qemu-system-arm -m 2048M -M vexpress-a15 -cpu cortex-a15 -kernel kernel7.img -no-reboot -dtb vexpress-v2p-ca15_a7.dtb -sd ${IMAGE_NAME}.qcow2 -append "root=/dev/mmcblk0p2 rw rootfstype=ext4 console=tty1"
474 477 ```
475 478
476 479 Start QEMU full system emulation and output to console:
477 480 ```shell
478 481 qemu-system-arm -m 2048M -M vexpress-a15 -cpu cortex-a15 -kernel kernel7.img -no-reboot -dtb vexpress-v2p-ca15_a7.dtb -sd ${IMAGE_NAME}.qcow2 -append "root=/dev/mmcblk0p2 rw rootfstype=ext4 console=ttyAMA0,115200 init=/bin/systemd" -serial stdio
479 482 ```
480 483
481 484 Start QEMU full system emulation with SMP and output to console:
482 485 ```shell
483 486 qemu-system-arm -m 2048M -M vexpress-a15 -cpu cortex-a15 -smp cpus=2,maxcpus=2 -kernel kernel7.img -no-reboot -dtb vexpress-v2p-ca15_a7.dtb -sd ${IMAGE_NAME}.qcow2 -append "root=/dev/mmcblk0p2 rw rootfstype=ext4 console=ttyAMA0,115200 init=/bin/systemd" -serial stdio
484 487 ```
485 488
486 489 Start QEMU full system emulation with cryptfs, initramfs and output to console:
487 490 ```shell
488 491 qemu-system-arm -m 2048M -M vexpress-a15 -cpu cortex-a15 -kernel kernel7.img -no-reboot -dtb vexpress-v2p-ca15_a7.dtb -sd ${IMAGE_NAME}.qcow2 -initrd "initramfs-${KERNEL_VERSION}" -append "root=/dev/mapper/secure cryptdevice=/dev/mmcblk0p2:secure rw rootfstype=ext4 console=ttyAMA0,115200 init=/bin/systemd" -serial stdio
489 492 ```
490 493
491 494 ## External links and references
492 495 * [Debian worldwide mirror sites](https://www.debian.org/mirror/list)
493 496 * [Debian Raspberry Pi 2 Wiki](https://wiki.debian.org/RaspberryPi2)
494 497 * [Debian CrossToolchains Wiki](https://wiki.debian.org/CrossToolchains)
495 498 * [Official Raspberry Pi Firmware on github](https://github.com/raspberrypi/firmware)
496 499 * [Official Raspberry Pi Kernel on github](https://github.com/raspberrypi/linux)
497 500 * [U-BOOT git repository](https://git.denx.de/?p=u-boot.git;a=summary)
498 501 * [Xorg DDX driver fbturbo](https://github.com/ssvb/xf86-video-fbturbo)
499 502 * [RPi3 Wireless interface firmware](https://github.com/RPi-Distro/firmware-nonfree/tree/master/brcm80211/brcm)
500 503 * [Collabora RPi2 Kernel precompiled](https://repositories.collabora.co.uk/debian/)
@@ -1,49 +1,54
1 1 #
2 2 # First boot actions
3 3 #
4 4
5 5 # Load utility functions
6 6 . ./functions.sh
7 7
8 8 # Prepare rc.firstboot script
9 9 cat files/firstboot/10-begin.sh > "${ETC_DIR}/rc.firstboot"
10 10
11 11 # Ensure openssh server host keys are regenerated on first boot
12 12 if [ "$ENABLE_SSHD" = true ] ; then
13 cat files/firstboot/21-generate-ssh-keys.sh >> "${ETC_DIR}/rc.firstboot"
13 cat files/firstboot/20-generate-ssh-keys.sh >> "${ETC_DIR}/rc.firstboot"
14 14 fi
15 15
16 16 # Prepare filesystem auto expand
17 17 if [ "$EXPANDROOT" = true ] ; then
18 18 if [ "$ENABLE_CRYPTFS" = false ] ; then
19 cat files/firstboot/22-expandroot.sh >> "${ETC_DIR}/rc.firstboot"
19 cat files/firstboot/30-expandroot.sh >> "${ETC_DIR}/rc.firstboot"
20
21 # Restart dphys-swapfile so the size of the swap file is relative to the resized root partition
22 if [ "$ENABLE_SWAP" = true ] ; then
23 cat files/firstboot/31-restart-dphys-swapfile.sh >> "${ETC_DIR}/rc.firstboot"
24 fi
20 25 else
21 26 # Regenerate initramfs to remove encrypted root partition auto expand
22 cat files/firstboot/23-regenerate-initramfs.sh >> "${ETC_DIR}/rc.firstboot"
27 cat files/firstboot/33-regenerate-initramfs.sh >> "${ETC_DIR}/rc.firstboot"
23 28 fi
24 29 fi
25 30
26 31 # Ensure that dbus machine-id exists
27 cat files/firstboot/24-generate-machineid.sh >> "${ETC_DIR}/rc.firstboot"
32 cat files/firstboot/40-generate-machineid.sh >> "${ETC_DIR}/rc.firstboot"
28 33
29 34 # Create /etc/resolv.conf symlink
30 cat files/firstboot/25-create-resolv-symlink.sh >> "${ETC_DIR}/rc.firstboot"
35 cat files/firstboot/41-create-resolv-symlink.sh >> "${ETC_DIR}/rc.firstboot"
31 36
32 37 # Configure automatic network interface names
33 38 if [ "$ENABLE_IFNAMES" = true ] ; then
34 cat files/firstboot/26-config-ifnames.sh >> "${ETC_DIR}/rc.firstboot"
39 cat files/firstboot/42-config-ifnames.sh >> "${ETC_DIR}/rc.firstboot"
35 40 fi
36 41
37 42 # Finalize rc.firstboot script
38 43 cat files/firstboot/99-finish.sh >> "${ETC_DIR}/rc.firstboot"
39 44 chmod +x "${ETC_DIR}/rc.firstboot"
40 45
41 46 # Install default rc.local if it does not exist
42 47 if [ ! -f "${ETC_DIR}/rc.local" ] ; then
43 48 install_exec files/etc/rc.local "${ETC_DIR}/rc.local"
44 49 fi
45 50
46 51 # Add rc.firstboot script to rc.local
47 52 sed -i '/exit 0/d' "${ETC_DIR}/rc.local"
48 53 echo /etc/rc.firstboot >> "${ETC_DIR}/rc.local"
49 54 echo exit 0 >> "${ETC_DIR}/rc.local"
1 NO CONTENT: file renamed from files/firstboot/21-generate-ssh-keys.sh to files/firstboot/20-generate-ssh-keys.sh
1 NO CONTENT: file renamed from files/firstboot/22-expandroot.sh to files/firstboot/30-expandroot.sh
1 NO CONTENT: file renamed from files/firstboot/23-regenerate-initramfs.sh to files/firstboot/33-regenerate-initramfs.sh
1 NO CONTENT: file renamed from files/firstboot/24-generate-machineid.sh to files/firstboot/40-generate-machineid.sh
1 NO CONTENT: file renamed from files/firstboot/25-create-resolv-symlink.sh to files/firstboot/41-create-resolv-symlink.sh
1 NO CONTENT: file renamed from files/firstboot/26-config-ifnames.sh to files/firstboot/42-config-ifnames.sh
@@ -1,807 +1,813
1 1 #!/bin/sh
2 2 ########################################################################
3 3 # rpi23-gen-image.sh 2015-2017
4 4 #
5 5 # Advanced Debian "stretch" and "buster" bootstrap script for Raspberry Pi
6 6 #
7 7 # This program is free software; you can redistribute it and/or
8 8 # modify it under the terms of the GNU General Public License
9 9 # as published by the Free Software Foundation; either version 2
10 10 # of the License, or (at your option) any later version.
11 11 #
12 12 # Copyright (C) 2015 Jan Wagner <mail@jwagner.eu>
13 13 #
14 14 # Big thanks for patches and enhancements by 20+ github contributors!
15 15 ########################################################################
16 16
17 17 # Are we running as root?
18 18 if [ "$(id -u)" -ne "0" ] ; then
19 19 echo "error: this script must be executed with root privileges!"
20 20 exit 1
21 21 fi
22 22
23 23 # Check if ./functions.sh script exists
24 24 if [ ! -r "./functions.sh" ] ; then
25 25 echo "error: './functions.sh' required script not found!"
26 26 exit 1
27 27 fi
28 28
29 29 # Load utility functions
30 30 . ./functions.sh
31 31
32 32 # Load parameters from configuration template file
33 33 if [ -n "$CONFIG_TEMPLATE" ] ; then
34 34 use_template
35 35 fi
36 36
37 37 # Introduce settings
38 38 set -e
39 39 echo -n -e "\n#\n# RPi 0/1/2/3 Bootstrap Settings\n#\n"
40 40 set -x
41 41
42 42 # Raspberry Pi model configuration
43 43 RPI_MODEL=${RPI_MODEL:=2}
44 44
45 45 # Debian release
46 46 RELEASE=${RELEASE:=buster}
47 47
48 48 # Kernel Branch
49 49 KERNEL_BRANCH=${KERNEL_BRANCH:=""}
50 50
51 51 # URLs
52 52 KERNEL_URL=${KERNEL_URL:=https://github.com/raspberrypi/linux}
53 53 FIRMWARE_URL=${FIRMWARE_URL:=https://github.com/raspberrypi/firmware/raw/master/boot}
54 54 WLAN_FIRMWARE_URL=${WLAN_FIRMWARE_URL:=https://github.com/RPi-Distro/firmware-nonfree/raw/master/brcm}
55 55 COLLABORA_URL=${COLLABORA_URL:=https://repositories.collabora.co.uk/debian}
56 56 FBTURBO_URL=${FBTURBO_URL:=https://github.com/ssvb/xf86-video-fbturbo.git}
57 57 UBOOT_URL=${UBOOT_URL:=https://git.denx.de/u-boot.git}
58 58 VIDEOCORE_URL=${VIDEOCORE_URL:=https://github.com/raspberrypi/userland}
59 59 BLUETOOTH_URL=${BLUETOOTH_URL:=https://github.com/RPi-Distro/pi-bluetooth.git}
60 60
61 61 # Build directories
62 62 WORKDIR=$(pwd)
63 63 BASEDIR=${BASEDIR:=${WORKDIR}/images/${RELEASE}}
64 64 BUILDDIR="${BASEDIR}/build"
65 65
66 66 # Chroot directories
67 67 R="${BUILDDIR}/chroot"
68 68 ETC_DIR="${R}/etc"
69 69 LIB_DIR="${R}/lib"
70 70 BOOT_DIR="${R}/boot/firmware"
71 71 KERNEL_DIR="${R}/usr/src/linux"
72 72 WLAN_FIRMWARE_DIR="${LIB_DIR}/firmware/brcm"
73 73 BLUETOOTH_FIRMWARE_DIR="${ETC_DIR}/firmware/bt"
74 74
75 75 # Firmware directory: Blank if download from github
76 76 RPI_FIRMWARE_DIR=${RPI_FIRMWARE_DIR:=""}
77 77
78 78 # General settings
79 79 SET_ARCH=${SET_ARCH:=32}
80 80 HOSTNAME=${HOSTNAME:=rpi${RPI_MODEL}-${RELEASE}}
81 81 PASSWORD=${PASSWORD:=raspberry}
82 82 USER_PASSWORD=${USER_PASSWORD:=raspberry}
83 83 DEFLOCAL=${DEFLOCAL:="en_US.UTF-8"}
84 84 TIMEZONE=${TIMEZONE:="Europe/Berlin"}
85 85 EXPANDROOT=${EXPANDROOT:=true}
86 ENABLE_SWAP=${ENABLE_SWAP:=true}
86 87
87 88 # Keyboard settings
88 89 XKB_MODEL=${XKB_MODEL:=""}
89 90 XKB_LAYOUT=${XKB_LAYOUT:=""}
90 91 XKB_VARIANT=${XKB_VARIANT:=""}
91 92 XKB_OPTIONS=${XKB_OPTIONS:=""}
92 93
93 94 # Network settings (DHCP)
94 95 ENABLE_DHCP=${ENABLE_DHCP:=true}
95 96
96 97 # Network settings (static)
97 98 NET_ADDRESS=${NET_ADDRESS:=""}
98 99 NET_GATEWAY=${NET_GATEWAY:=""}
99 100 NET_DNS_1=${NET_DNS_1:=""}
100 101 NET_DNS_2=${NET_DNS_2:=""}
101 102 NET_DNS_DOMAINS=${NET_DNS_DOMAINS:=""}
102 103 NET_NTP_1=${NET_NTP_1:=""}
103 104 NET_NTP_2=${NET_NTP_2:=""}
104 105
105 106 # APT settings
106 107 APT_PROXY=${APT_PROXY:=""}
107 108 APT_SERVER=${APT_SERVER:="ftp.debian.org"}
108 109
109 110 # Feature settings
110 111 ENABLE_PRINTK=${ENABLE_PRINTK:=false}
111 112 ENABLE_BLUETOOTH=${ENABLE_BLUETOOTH:=false}
112 113 ENABLE_MINIUART_OVERLAY=${ENABLE_MINIUART_OVERLAY:=false}
113 114 ENABLE_CONSOLE=${ENABLE_CONSOLE:=true}
114 115 ENABLE_I2C=${ENABLE_I2C:=false}
115 116 ENABLE_SPI=${ENABLE_SPI:=false}
116 117 ENABLE_IPV6=${ENABLE_IPV6:=true}
117 118 ENABLE_SSHD=${ENABLE_SSHD:=true}
118 119 ENABLE_NONFREE=${ENABLE_NONFREE:=false}
119 120 ENABLE_WIRELESS=${ENABLE_WIRELESS:=false}
120 121 ENABLE_SOUND=${ENABLE_SOUND:=true}
121 122 ENABLE_DBUS=${ENABLE_DBUS:=true}
122 123 ENABLE_HWRANDOM=${ENABLE_HWRANDOM:=true}
123 124 ENABLE_MINGPU=${ENABLE_MINGPU:=false}
124 125 ENABLE_XORG=${ENABLE_XORG:=false}
125 126 ENABLE_WM=${ENABLE_WM:=""}
126 127 ENABLE_RSYSLOG=${ENABLE_RSYSLOG:=true}
127 128 ENABLE_USER=${ENABLE_USER:=true}
128 129 USER_NAME=${USER_NAME:="pi"}
129 130 ENABLE_ROOT=${ENABLE_ROOT:=false}
130 131 ENABLE_QEMU=${ENABLE_QEMU:=false}
131 132 ENABLE_SYSVINIT=${ENABLE_SYSVINIT:=false}
132 133
133 134 # SSH settings
134 135 SSH_ENABLE_ROOT=${SSH_ENABLE_ROOT:=false}
135 136 SSH_DISABLE_PASSWORD_AUTH=${SSH_DISABLE_PASSWORD_AUTH:=false}
136 137 SSH_LIMIT_USERS=${SSH_LIMIT_USERS:=false}
137 138 SSH_ROOT_PUB_KEY=${SSH_ROOT_PUB_KEY:=""}
138 139 SSH_USER_PUB_KEY=${SSH_USER_PUB_KEY:=""}
139 140
140 141 # Advanced settings
141 142 ENABLE_MINBASE=${ENABLE_MINBASE:=false}
142 143 ENABLE_REDUCE=${ENABLE_REDUCE:=false}
143 144 ENABLE_UBOOT=${ENABLE_UBOOT:=false}
144 145 UBOOTSRC_DIR=${UBOOTSRC_DIR:=""}
145 146 ENABLE_FBTURBO=${ENABLE_FBTURBO:=false}
146 147 ENABLE_VIDEOCORE=${ENABLE_VIDEOCORE:=false}
147 148 VIDEOCORESRC_DIR=${VIDEOCORESRC_DIR:=""}
148 149 FBTURBOSRC_DIR=${FBTURBOSRC_DIR:=""}
149 150 ENABLE_HARDNET=${ENABLE_HARDNET:=false}
150 151 ENABLE_IPTABLES=${ENABLE_IPTABLES:=false}
151 152 ENABLE_SPLITFS=${ENABLE_SPLITFS:=false}
152 153 ENABLE_INITRAMFS=${ENABLE_INITRAMFS:=false}
153 154 ENABLE_IFNAMES=${ENABLE_IFNAMES:=true}
154 155 DISABLE_UNDERVOLT_WARNINGS=${DISABLE_UNDERVOLT_WARNINGS:=}
155 156
156 157 # Kernel compilation settings
157 158 BUILD_KERNEL=${BUILD_KERNEL:=true}
158 159 KERNEL_REDUCE=${KERNEL_REDUCE:=false}
159 160 KERNEL_THREADS=${KERNEL_THREADS:=1}
160 161 KERNEL_HEADERS=${KERNEL_HEADERS:=true}
161 162 KERNEL_MENUCONFIG=${KERNEL_MENUCONFIG:=false}
162 163 KERNEL_REMOVESRC=${KERNEL_REMOVESRC:=true}
163 164 KERNEL_OLDDEFCONFIG=${KERNEL_OLDDEFCONFIG:=false}
164 165 KERNEL_CCACHE=${KERNEL_CCACHE:=false}
165 166
166 167 # Kernel compilation from source directory settings
167 168 KERNELSRC_DIR=${KERNELSRC_DIR:=""}
168 169 KERNELSRC_CLEAN=${KERNELSRC_CLEAN:=false}
169 170 KERNELSRC_CONFIG=${KERNELSRC_CONFIG:=true}
170 171 KERNELSRC_PREBUILT=${KERNELSRC_PREBUILT:=false}
171 172
172 173 # Reduce disk usage settings
173 174 REDUCE_APT=${REDUCE_APT:=true}
174 175 REDUCE_DOC=${REDUCE_DOC:=true}
175 176 REDUCE_MAN=${REDUCE_MAN:=true}
176 177 REDUCE_VIM=${REDUCE_VIM:=false}
177 178 REDUCE_BASH=${REDUCE_BASH:=false}
178 179 REDUCE_HWDB=${REDUCE_HWDB:=true}
179 180 REDUCE_SSHD=${REDUCE_SSHD:=true}
180 181 REDUCE_LOCALE=${REDUCE_LOCALE:=true}
181 182
182 183 # Encrypted filesystem settings
183 184 ENABLE_CRYPTFS=${ENABLE_CRYPTFS:=false}
184 185 CRYPTFS_PASSWORD=${CRYPTFS_PASSWORD:=""}
185 186 CRYPTFS_MAPPING=${CRYPTFS_MAPPING:="secure"}
186 187 CRYPTFS_CIPHER=${CRYPTFS_CIPHER:="aes-xts-plain64:sha512"}
187 188 CRYPTFS_XTSKEYSIZE=${CRYPTFS_XTSKEYSIZE:=512}
188 189
189 190 # Chroot scripts directory
190 191 CHROOT_SCRIPTS=${CHROOT_SCRIPTS:=""}
191 192
192 193 # Packages required in the chroot build environment
193 194 APT_INCLUDES=${APT_INCLUDES:=""}
194 195 APT_INCLUDES="${APT_INCLUDES},apt-transport-https,apt-utils,ca-certificates,debian-archive-keyring,dialog,sudo,systemd,sysvinit-utils,locales,keyboard-configuration,console-setup,libnss-systemd"
195 196
196 197 # Packages to exclude from chroot build environment
197 198 APT_EXCLUDES=${APT_EXCLUDES:=""}
198 199
199 200 # Packages required for bootstrapping
200 201 REQUIRED_PACKAGES="debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git bc psmisc dbus sudo"
201 202 MISSING_PACKAGES=""
202 203
203 204 # Packages installed for c/c++ build environment in chroot (keep empty)
204 205 COMPILER_PACKAGES=""
205 206
206 207 set +x
207 208
208 209 #Check if apt-cacher-ng has port 3142 open and set APT_PROXY
209 210 APT_CACHER_RUNNING=$(lsof -i :3142 | grep apt-cacher-ng | cut -d ' ' -f3 | uniq)
210 211 if [ -n "${APT_CACHER_RUNNING}" ] ; then
211 212 APT_PROXY=http://127.0.0.1:3142/
212 213 fi
213 214
214 215 # Setup architecture specific settings
215 216 if [ -n "$SET_ARCH" ] ; then
216 217 # 64-bit configuration
217 218 if [ "$SET_ARCH" = 64 ] ; then
218 219 # General 64-bit depended settings
219 220 QEMU_BINARY=${QEMU_BINARY:=/usr/bin/qemu-aarch64-static}
220 221 KERNEL_ARCH=${KERNEL_ARCH:=arm64}
221 222 KERNEL_BIN_IMAGE=${KERNEL_BIN_IMAGE:="Image"}
222 223
223 224 # Raspberry Pi model specific settings
224 225 if [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then
225 226 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-arm64"
226 227 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcmrpi3_defconfig}
227 228 RELEASE_ARCH=${RELEASE_ARCH:=arm64}
228 229 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel8.img}
229 230 CROSS_COMPILE=${CROSS_COMPILE:=aarch64-linux-gnu-}
230 231 else
231 232 echo "error: Only Raspberry PI 3 and 3B+ support 64-bit"
232 233 exit 1
233 234 fi
234 235 fi
235 236
236 237 # 32-bit configuration
237 238 if [ "$SET_ARCH" = 32 ] ; then
238 239 # General 32-bit dependend settings
239 240 QEMU_BINARY=${QEMU_BINARY:=/usr/bin/qemu-arm-static}
240 241 KERNEL_ARCH=${KERNEL_ARCH:=arm}
241 242 KERNEL_BIN_IMAGE=${KERNEL_BIN_IMAGE:="zImage"}
242 243
243 244 # Raspberry Pi model specific settings
244 245 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 1 ] || [ "$RPI_MODEL" = 1P ] ; then
245 246 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-armel"
246 247 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcmrpi_defconfig}
247 248 RELEASE_ARCH=${RELEASE_ARCH:=armel}
248 249 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel.img}
249 250 CROSS_COMPILE=${CROSS_COMPILE:=arm-linux-gnueabi-}
250 251 fi
251 252
252 253 # Raspberry Pi model specific settings
253 254 if [ "$RPI_MODEL" = 2 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then
254 255 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-armhf"
255 256 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcm2709_defconfig}
256 257 RELEASE_ARCH=${RELEASE_ARCH:=armhf}
257 258 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel7.img}
258 259 CROSS_COMPILE=${CROSS_COMPILE:=arm-linux-gnueabihf-}
259 260 fi
260 261 fi
261 262 #SET_ARCH not set
262 263 else
263 264 echo "error: Please set '32' or '64' as value for SET_ARCH"
264 265 exit 1
265 266 fi
266 267 # Device specific configuration and U-Boot configuration
267 268 case "$RPI_MODEL" in
268 269 0)
269 270 DTB_FILE=${DTB_FILE:=bcm2708-rpi-0-w.dtb}
270 271 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_defconfig}
271 272 ;;
272 273 1)
273 274 DTB_FILE=${DTB_FILE:=bcm2708-rpi-b.dtb}
274 275 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_defconfig}
275 276 ;;
276 277 1P)
277 278 DTB_FILE=${DTB_FILE:=bcm2708-rpi-b-plus.dtb}
278 279 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_defconfig}
279 280 ;;
280 281 2)
281 282 DTB_FILE=${DTB_FILE:=bcm2709-rpi-2-b.dtb}
282 283 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_2_defconfig}
283 284 ;;
284 285 3)
285 286 DTB_FILE=${DTB_FILE:=bcm2710-rpi-3-b.dtb}
286 287 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_3_defconfig}
287 288 ;;
288 289 3P)
289 290 DTB_FILE=${DTB_FILE:=bcm2710-rpi-3-b.dtb}
290 291 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_3_defconfig}
291 292 ;;
292 293 *)
293 294 echo "error: Raspberry Pi model $RPI_MODEL is not supported!"
294 295 exit 1
295 296 ;;
296 297 esac
297 298
298 299 # Raspberry PI 0,3,3P with Bluetooth and Wifi onboard
299 300 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then
300 301 # Include bluetooth packages on supported boards
301 302 if [ "$ENABLE_BLUETOOTH" = true ] && [ "$ENABLE_CONSOLE" = false ]; then
302 303 APT_INCLUDES="${APT_INCLUDES},bluetooth,bluez"
303 304 fi
304 305 else # Raspberry PI 1,1P,2 without Wifi and bluetooth onboard
305 306 # Check if the internal wireless interface is not supported by the RPi model
306 307 if [ "$ENABLE_WIRELESS" = true ] || [ "$ENABLE_BLUETOOTH" = true ]; then
307 308 echo "error: The selected Raspberry Pi model has no integrated interface for wireless or bluetooth"
308 309 exit 1
309 310 fi
310 311 fi
311 312
312 313 # Prepare date string for default image file name
313 314 DATE="$(date +%Y-%m-%d)"
314 315 if [ -z "$KERNEL_BRANCH" ] ; then
315 316 IMAGE_NAME=${IMAGE_NAME:=${BASEDIR}/${DATE}-${KERNEL_ARCH}-CURRENT-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}}
316 317 else
317 318 IMAGE_NAME=${IMAGE_NAME:=${BASEDIR}/${DATE}-${KERNEL_ARCH}-${KERNEL_BRANCH}-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}}
318 319 fi
319 320
320 321 # Check if DISABLE_UNDERVOLT_WARNINGS parameter value is supported
321 322 if [ -n "$DISABLE_UNDERVOLT_WARNINGS" ] ; then
322 323 if [ "$DISABLE_UNDERVOLT_WARNINGS" != 1 ] && [ "$DISABLE_UNDERVOLT_WARNINGS" != 2 ] ; then
323 324 echo "error: DISABLE_UNDERVOLT_WARNINGS=${DISABLE_UNDERVOLT_WARNINGS} is not supported"
324 325 exit 1
325 326 fi
326 327 fi
327 328
328 329 # Add cmake to compile videocore sources
329 330 if [ "$ENABLE_VIDEOCORE" = true ] ; then
330 331 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} cmake"
331 332 fi
332 333
333 334 # Add libncurses5 to enable kernel menuconfig
334 335 if [ "$KERNEL_MENUCONFIG" = true ] ; then
335 336 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} libncurses-dev"
336 337 fi
337 338
338 339 # Add ccache compiler cache for (faster) kernel cross (re)compilation
339 340 if [ "$KERNEL_CCACHE" = true ] ; then
340 341 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} ccache"
341 342 fi
342 343
343 344 # Add cryptsetup package to enable filesystem encryption
344 345 if [ "$ENABLE_CRYPTFS" = true ] && [ "$BUILD_KERNEL" = true ] ; then
345 346 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} cryptsetup"
346 347 APT_INCLUDES="${APT_INCLUDES},cryptsetup,busybox,console-setup"
347 348
348 349 if [ -z "$CRYPTFS_PASSWORD" ] ; then
349 350 echo "error: no password defined (CRYPTFS_PASSWORD)!"
350 351 exit 1
351 352 fi
352 353 ENABLE_INITRAMFS=true
353 354 fi
354 355
355 356 # Add initramfs generation tools
356 357 if [ "$ENABLE_INITRAMFS" = true ] && [ "$BUILD_KERNEL" = true ] ; then
357 358 APT_INCLUDES="${APT_INCLUDES},initramfs-tools"
358 359 fi
359 360
360 361 # Add device-tree-compiler required for building the U-Boot bootloader
361 362 if [ "$ENABLE_UBOOT" = true ] ; then
362 363 APT_INCLUDES="${APT_INCLUDES},device-tree-compiler,bison,flex,bc"
363 364 fi
364 365
365 366 if [ "$ENABLE_BLUETOOTH" = true ] ; then
366 367 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then
367 368 if [ "$ENABLE_CONSOLE" = false ] ; then
368 369 APT_INCLUDES="${APT_INCLUDES},bluetooth,bluez"
369 370 fi
370 371 fi
371 372 fi
372 373
373 374 # Check if root SSH (v2) public key file exists
374 375 if [ -n "$SSH_ROOT_PUB_KEY" ] ; then
375 376 if [ ! -f "$SSH_ROOT_PUB_KEY" ] ; then
376 377 echo "error: '$SSH_ROOT_PUB_KEY' specified SSH public key file not found (SSH_ROOT_PUB_KEY)!"
377 378 exit 1
378 379 fi
379 380 fi
380 381
381 382 # Check if $USER_NAME SSH (v2) public key file exists
382 383 if [ -n "$SSH_USER_PUB_KEY" ] ; then
383 384 if [ ! -f "$SSH_USER_PUB_KEY" ] ; then
384 385 echo "error: '$SSH_USER_PUB_KEY' specified SSH public key file not found (SSH_USER_PUB_KEY)!"
385 386 exit 1
386 387 fi
387 388 fi
388 389
389 390 # Check if all required packages are installed on the build system
390 391 for package in $REQUIRED_PACKAGES ; do
391 392 if [ "$(dpkg-query -W -f='${Status}' "$package")" != "install ok installed" ] ; then
392 393 MISSING_PACKAGES="${MISSING_PACKAGES} $package"
393 394 fi
394 395 done
395 396
396 397 # If there are missing packages ask confirmation for install, or exit
397 398 if [ -n "$MISSING_PACKAGES" ] ; then
398 399 echo "the following packages needed by this script are not installed:"
399 400 echo "$MISSING_PACKAGES"
400 401
401 402 printf "\ndo you want to install the missing packages right now? [y/n] "
402 403 read -r confirm
403 404 [ "$confirm" != "y" ] && exit 1
404 405
405 406 # Make sure all missing required packages are installed
406 407 apt-get -qq -y install `echo "${MISSING_PACKAGES}" | sed "s/ //"`
407 408 fi
408 409
409 410 # Check if ./bootstrap.d directory exists
410 411 if [ ! -d "./bootstrap.d/" ] ; then
411 412 echo "error: './bootstrap.d' required directory not found!"
412 413 exit 1
413 414 fi
414 415
415 416 # Check if ./files directory exists
416 417 if [ ! -d "./files/" ] ; then
417 418 echo "error: './files' required directory not found!"
418 419 exit 1
419 420 fi
420 421
421 422 # Check if specified KERNELSRC_DIR directory exists
422 423 if [ -n "$KERNELSRC_DIR" ] && [ ! -d "$KERNELSRC_DIR" ] ; then
423 424 echo "error: '${KERNELSRC_DIR}' specified directory not found (KERNELSRC_DIR)!"
424 425 exit 1
425 426 fi
426 427
427 428 # Check if specified UBOOTSRC_DIR directory exists
428 429 if [ -n "$UBOOTSRC_DIR" ] && [ ! -d "$UBOOTSRC_DIR" ] ; then
429 430 echo "error: '${UBOOTSRC_DIR}' specified directory not found (UBOOTSRC_DIR)!"
430 431 exit 1
431 432 fi
432 433
433 434 # Check if specified VIDEOCORESRC_DIR directory exists
434 435 if [ -n "$VIDEOCORESRC_DIR" ] && [ ! -d "$VIDEOCORESRC_DIR" ] ; then
435 436 echo "error: '${VIDEOCORESRC_DIR}' specified directory not found (VIDEOCORESRC_DIR)!"
436 437 exit 1
437 438 fi
438 439
439 440 # Check if specified FBTURBOSRC_DIR directory exists
440 441 if [ -n "$FBTURBOSRC_DIR" ] && [ ! -d "$FBTURBOSRC_DIR" ] ; then
441 442 echo "error: '${FBTURBOSRC_DIR}' specified directory not found (FBTURBOSRC_DIR)!"
442 443 exit 1
443 444 fi
444 445
445 446 # Check if specified CHROOT_SCRIPTS directory exists
446 447 if [ -n "$CHROOT_SCRIPTS" ] && [ ! -d "$CHROOT_SCRIPTS" ] ; then
447 448 echo "error: ${CHROOT_SCRIPTS} specified directory not found (CHROOT_SCRIPTS)!"
448 449 exit 1
449 450 fi
450 451
451 452 # Check if specified device mapping already exists (will be used by cryptsetup)
452 453 if [ -r "/dev/mapping/${CRYPTFS_MAPPING}" ] ; then
453 454 echo "error: mapping /dev/mapping/${CRYPTFS_MAPPING} already exists, not proceeding"
454 455 exit 1
455 456 fi
456 457
457 458 # Don't clobber an old build
458 459 if [ -e "$BUILDDIR" ] ; then
459 460 echo "error: directory ${BUILDDIR} already exists, not proceeding"
460 461 exit 1
461 462 fi
462 463
463 464 # Setup chroot directory
464 465 mkdir -p "${R}"
465 466
466 467 # Check if build directory has enough of free disk space >512MB
467 468 if [ "$(df --output=avail "${BUILDDIR}" | sed "1d")" -le "524288" ] ; then
468 469 echo "error: ${BUILDDIR} not enough space left to generate the output image!"
469 470 exit 1
470 471 fi
471 472
472 473 set -x
473 474
474 475 # Call "cleanup" function on various signals and errors
475 476 trap cleanup 0 1 2 3 6
476 477
477 478 # Add required packages for the minbase installation
478 479 if [ "$ENABLE_MINBASE" = true ] ; then
479 480 APT_INCLUDES="${APT_INCLUDES},vim-tiny,netbase,net-tools,ifupdown"
480 481 fi
481 482
482 483 # Add parted package, required to get partprobe utility
483 484 if [ "$EXPANDROOT" = true ] ; then
484 485 APT_INCLUDES="${APT_INCLUDES},parted"
485 486 fi
486 487
488 # Add dphys-swapfile package, required to enable swap
489 if [ "$ENABLE_SWAP" = true ] ; then
490 APT_INCLUDES="${APT_INCLUDES},dphys-swapfile"
491 fi
492
487 493 # Add dbus package, recommended if using systemd
488 494 if [ "$ENABLE_DBUS" = true ] ; then
489 495 APT_INCLUDES="${APT_INCLUDES},dbus"
490 496 fi
491 497
492 498 # Add iptables IPv4/IPv6 package
493 499 if [ "$ENABLE_IPTABLES" = true ] ; then
494 500 APT_INCLUDES="${APT_INCLUDES},iptables,iptables-persistent"
495 501 fi
496 502
497 503 # Add openssh server package
498 504 if [ "$ENABLE_SSHD" = true ] ; then
499 505 APT_INCLUDES="${APT_INCLUDES},openssh-server"
500 506 fi
501 507
502 508 # Add alsa-utils package
503 509 if [ "$ENABLE_SOUND" = true ] ; then
504 510 APT_INCLUDES="${APT_INCLUDES},alsa-utils"
505 511 fi
506 512
507 513 # Add rng-tools package
508 514 if [ "$ENABLE_HWRANDOM" = true ] ; then
509 515 APT_INCLUDES="${APT_INCLUDES},rng-tools"
510 516 fi
511 517
512 518 # Add fbturbo video driver
513 519 if [ "$ENABLE_FBTURBO" = true ] ; then
514 520 # Enable xorg package dependencies
515 521 ENABLE_XORG=true
516 522 fi
517 523
518 524 # Add user defined window manager package
519 525 if [ -n "$ENABLE_WM" ] ; then
520 526 APT_INCLUDES="${APT_INCLUDES},${ENABLE_WM}"
521 527
522 528 # Enable xorg package dependencies
523 529 ENABLE_XORG=true
524 530 fi
525 531
526 532 # Add xorg package
527 533 if [ "$ENABLE_XORG" = true ] ; then
528 534 APT_INCLUDES="${APT_INCLUDES},xorg,dbus-x11"
529 535 fi
530 536
531 537 # Replace selected packages with smaller clones
532 538 if [ "$ENABLE_REDUCE" = true ] ; then
533 539 # Add levee package instead of vim-tiny
534 540 if [ "$REDUCE_VIM" = true ] ; then
535 541 APT_INCLUDES="$(echo ${APT_INCLUDES} | sed "s/vim-tiny/levee/")"
536 542 fi
537 543
538 544 # Add dropbear package instead of openssh-server
539 545 if [ "$REDUCE_SSHD" = true ] ; then
540 546 APT_INCLUDES="$(echo "${APT_INCLUDES}" | sed "s/openssh-server/dropbear/")"
541 547 fi
542 548 fi
543 549
544 550 # Configure systemd-sysv exclude to make halt/reboot/shutdown scripts available
545 551 if [ "$ENABLE_SYSVINIT" = false ] ; then
546 552 APT_EXCLUDES="--exclude=${APT_EXCLUDES},init,systemd-sysv"
547 553 fi
548 554
549 555 # Check if kernel is getting compiled
550 556 if [ "$BUILD_KERNEL" = false ] ; then
551 557 echo "Downloading precompiled kernel"
552 558 echo "error: not configured"
553 559 exit 1;
554 560 # BUILD_KERNEL=true
555 561 else
556 562 echo "No precompiled kernel repositories were added"
557 563 fi
558 564
559 565 # Configure kernel sources if no KERNELSRC_DIR
560 566 if [ "$BUILD_KERNEL" = true ] && [ -z "$KERNELSRC_DIR" ] ; then
561 567 KERNELSRC_CONFIG=true
562 568 fi
563 569
564 570 # Configure reduced kernel
565 571 if [ "$KERNEL_REDUCE" = true ] ; then
566 572 KERNELSRC_CONFIG=false
567 573 fi
568 574
569 575 # Configure qemu compatible kernel
570 576 if [ "$ENABLE_QEMU" = true ] ; then
571 577 DTB_FILE=vexpress-v2p-ca15_a7.dtb
572 578 UBOOT_CONFIG=vexpress_ca15_tc2_defconfig
573 579 KERNEL_DEFCONFIG="vexpress_defconfig"
574 580 if [ "$KERNEL_MENUCONFIG" = false ] ; then
575 581 KERNEL_OLDDEFCONFIG=true
576 582 fi
577 583 fi
578 584
579 585 # Execute bootstrap scripts
580 586 for SCRIPT in bootstrap.d/*.sh; do
581 587 head -n 3 "$SCRIPT"
582 588 . "$SCRIPT"
583 589 done
584 590
585 591 ## Execute custom bootstrap scripts
586 592 if [ -d "custom.d" ] ; then
587 593 for SCRIPT in custom.d/*.sh; do
588 594 . "$SCRIPT"
589 595 done
590 596 fi
591 597
592 598 # Execute custom scripts inside the chroot
593 599 if [ -n "$CHROOT_SCRIPTS" ] && [ -d "$CHROOT_SCRIPTS" ] ; then
594 600 cp -r "${CHROOT_SCRIPTS}" "${R}/chroot_scripts"
595 601 chroot_exec /bin/bash -x <<'EOF'
596 602 for SCRIPT in /chroot_scripts/* ; do
597 603 if [ -f $SCRIPT -a -x $SCRIPT ] ; then
598 604 $SCRIPT
599 605 fi
600 606 done
601 607 EOF
602 608 rm -rf "${R}/chroot_scripts"
603 609 fi
604 610
605 611 # Remove c/c++ build environment from the chroot
606 612 chroot_remove_cc
607 613
608 614 # Generate required machine-id
609 615 MACHINE_ID=$(dbus-uuidgen)
610 616 echo -n "${MACHINE_ID}" > "${R}/var/lib/dbus/machine-id"
611 617 echo -n "${MACHINE_ID}" > "${ETC_DIR}/machine-id"
612 618
613 619 # APT Cleanup
614 620 chroot_exec apt-get -y clean
615 621 chroot_exec apt-get -y autoclean
616 622 chroot_exec apt-get -y autoremove
617 623
618 624 # Unmount mounted filesystems
619 625 umount -l "${R}/proc"
620 626 umount -l "${R}/sys"
621 627
622 628 # Clean up directories
623 629 rm -rf "${R}/run/*"
624 630 rm -rf "${R}/tmp/*"
625 631
626 632 # Clean up files
627 633 rm -f "${ETC_DIR}/ssh/ssh_host_*"
628 634 rm -f "${ETC_DIR}/dropbear/dropbear_*"
629 635 rm -f "${ETC_DIR}/apt/sources.list.save"
630 636 rm -f "${ETC_DIR}/resolvconf/resolv.conf.d/original"
631 637 rm -f "${ETC_DIR}/*-"
632 638 rm -f "${ETC_DIR}/apt/apt.conf.d/10proxy"
633 639 rm -f "${ETC_DIR}/resolv.conf"
634 640 rm -f "${R}/root/.bash_history"
635 641 rm -f "${R}/var/lib/urandom/random-seed"
636 642 rm -f "${R}/initrd.img"
637 643 rm -f "${R}/vmlinuz"
638 644 rm -f "${R}${QEMU_BINARY}"
639 645
640 646 if [ "$ENABLE_QEMU" = true ] ; then
641 647 # Setup QEMU directory
642 648 mkdir "${BASEDIR}/qemu"
643 649
644 650 # Copy kernel image to QEMU directory
645 651 install_readonly "${BOOT_DIR}/${KERNEL_IMAGE}" "${BASEDIR}/qemu/${KERNEL_IMAGE}"
646 652
647 653 # Copy kernel config to QEMU directory
648 654 install_readonly "${R}/boot/config-${KERNEL_VERSION}" "${BASEDIR}/qemu/config-${KERNEL_VERSION}"
649 655
650 656 # Copy kernel dtbs to QEMU directory
651 657 for dtb in "${BOOT_DIR}/"*.dtb ; do
652 658 if [ -f "${dtb}" ] ; then
653 659 install_readonly "${dtb}" "${BASEDIR}/qemu/"
654 660 fi
655 661 done
656 662
657 663 # Copy kernel overlays to QEMU directory
658 664 if [ -d "${BOOT_DIR}/overlays" ] ; then
659 665 # Setup overlays dtbs directory
660 666 mkdir "${BASEDIR}/qemu/overlays"
661 667
662 668 for dtb in "${BOOT_DIR}/overlays/"*.dtb ; do
663 669 if [ -f "${dtb}" ] ; then
664 670 install_readonly "${dtb}" "${BASEDIR}/qemu/overlays/"
665 671 fi
666 672 done
667 673 fi
668 674
669 675 # Copy u-boot files to QEMU directory
670 676 if [ "$ENABLE_UBOOT" = true ] ; then
671 677 if [ -f "${BOOT_DIR}/u-boot.bin" ] ; then
672 678 install_readonly "${BOOT_DIR}/u-boot.bin" "${BASEDIR}/qemu/u-boot.bin"
673 679 fi
674 680 if [ -f "${BOOT_DIR}/uboot.mkimage" ] ; then
675 681 install_readonly "${BOOT_DIR}/uboot.mkimage" "${BASEDIR}/qemu/uboot.mkimage"
676 682 fi
677 683 if [ -f "${BOOT_DIR}/boot.scr" ] ; then
678 684 install_readonly "${BOOT_DIR}/boot.scr" "${BASEDIR}/qemu/boot.scr"
679 685 fi
680 686 fi
681 687
682 688 # Copy initramfs to QEMU directory
683 689 if [ -f "${BOOT_DIR}/initramfs-${KERNEL_VERSION}" ] ; then
684 690 install_readonly "${BOOT_DIR}/initramfs-${KERNEL_VERSION}" "${BASEDIR}/qemu/initramfs-${KERNEL_VERSION}"
685 691 fi
686 692 fi
687 693
688 694 # Calculate size of the chroot directory in KB
689 695 CHROOT_SIZE=$(expr "$(du -s "${R}" | awk '{ print $1 }')")
690 696
691 697 # Calculate the amount of needed 512 Byte sectors
692 698 TABLE_SECTORS=$(expr 1 \* 1024 \* 1024 \/ 512)
693 699 FRMW_SECTORS=$(expr 64 \* 1024 \* 1024 \/ 512)
694 700 ROOT_OFFSET=$(expr "${TABLE_SECTORS}" + "${FRMW_SECTORS}")
695 701
696 702 # The root partition is EXT4
697 703 # This means more space than the actual used space of the chroot is used.
698 704 # As overhead for journaling and reserved blocks 35% are added.
699 705 ROOT_SECTORS=$(expr "$(expr "${CHROOT_SIZE}" + "${CHROOT_SIZE}" \/ 100 \* 35)" \* 1024 \/ 512)
700 706
701 707 # Calculate required image size in 512 Byte sectors
702 708 IMAGE_SECTORS=$(expr "${TABLE_SECTORS}" + "${FRMW_SECTORS}" + "${ROOT_SECTORS}")
703 709
704 710 # Prepare image file
705 711 if [ "$ENABLE_SPLITFS" = true ] ; then
706 712 dd if=/dev/zero of="$IMAGE_NAME-frmw.img" bs=512 count="${TABLE_SECTORS}"
707 713 dd if=/dev/zero of="$IMAGE_NAME-frmw.img" bs=512 count=0 seek="${FRMW_SECTORS}"
708 714 dd if=/dev/zero of="$IMAGE_NAME-root.img" bs=512 count="${TABLE_SECTORS}"
709 715 dd if=/dev/zero of="$IMAGE_NAME-root.img" bs=512 count=0 seek="${ROOT_SECTORS}"
710 716
711 717 # Write firmware/boot partition tables
712 718 sfdisk -q -L -uS -f "$IMAGE_NAME-frmw.img" 2> /dev/null <<EOM
713 719 ${TABLE_SECTORS},${FRMW_SECTORS},c,*
714 720 EOM
715 721
716 722 # Write root partition table
717 723 sfdisk -q -L -uS -f "$IMAGE_NAME-root.img" 2> /dev/null <<EOM
718 724 ${TABLE_SECTORS},${ROOT_SECTORS},83
719 725 EOM
720 726
721 727 # Setup temporary loop devices
722 728 FRMW_LOOP="$(losetup -o 1M --sizelimit 64M -f --show "$IMAGE_NAME"-frmw.img)"
723 729 ROOT_LOOP="$(losetup -o 1M -f --show "$IMAGE_NAME"-root.img)"
724 730 else # ENABLE_SPLITFS=false
725 731 dd if=/dev/zero of="$IMAGE_NAME.img" bs=512 count="${TABLE_SECTORS}"
726 732 dd if=/dev/zero of="$IMAGE_NAME.img" bs=512 count=0 seek="${IMAGE_SECTORS}"
727 733
728 734 # Write partition table
729 735 sfdisk -q -L -uS -f "$IMAGE_NAME.img" 2> /dev/null <<EOM
730 736 ${TABLE_SECTORS},${FRMW_SECTORS},c,*
731 737 ${ROOT_OFFSET},${ROOT_SECTORS},83
732 738 EOM
733 739
734 740 # Setup temporary loop devices
735 741 FRMW_LOOP="$(losetup -o 1M --sizelimit 64M -f --show "$IMAGE_NAME".img)"
736 742 ROOT_LOOP="$(losetup -o 65M -f --show "$IMAGE_NAME".img)"
737 743 fi
738 744
739 745 if [ "$ENABLE_CRYPTFS" = true ] ; then
740 746 # Create dummy ext4 fs
741 747 mkfs.ext4 "$ROOT_LOOP"
742 748
743 749 # Setup password keyfile
744 750 touch .password
745 751 chmod 600 .password
746 752 echo -n ${CRYPTFS_PASSWORD} > .password
747 753
748 754 # Initialize encrypted partition
749 755 echo "YES" | cryptsetup luksFormat "${ROOT_LOOP}" -c "${CRYPTFS_CIPHER}" -s "${CRYPTFS_XTSKEYSIZE}" .password
750 756
751 757 # Open encrypted partition and setup mapping
752 758 cryptsetup luksOpen "${ROOT_LOOP}" -d .password "${CRYPTFS_MAPPING}"
753 759
754 760 # Secure delete password keyfile
755 761 shred -zu .password
756 762
757 763 # Update temporary loop device
758 764 ROOT_LOOP="/dev/mapper/${CRYPTFS_MAPPING}"
759 765
760 766 # Wipe encrypted partition (encryption cipher is used for randomness)
761 767 dd if=/dev/zero of="${ROOT_LOOP}" bs=512 count="$(blockdev --getsz "${ROOT_LOOP}")"
762 768 fi
763 769
764 770 # Build filesystems
765 771 mkfs.vfat "$FRMW_LOOP"
766 772 mkfs.ext4 "$ROOT_LOOP"
767 773
768 774 # Mount the temporary loop devices
769 775 mkdir -p "$BUILDDIR/mount"
770 776 mount "$ROOT_LOOP" "$BUILDDIR/mount"
771 777
772 778 mkdir -p "$BUILDDIR/mount/boot/firmware"
773 779 mount "$FRMW_LOOP" "$BUILDDIR/mount/boot/firmware"
774 780
775 781 # Copy all files from the chroot to the loop device mount point directory
776 782 rsync -a "${R}/" "$BUILDDIR/mount/"
777 783
778 784 # Unmount all temporary loop devices and mount points
779 785 cleanup
780 786
781 787 # Create block map file(s) of image(s)
782 788 if [ "$ENABLE_SPLITFS" = true ] ; then
783 789 # Create block map files for "bmaptool"
784 790 bmaptool create -o "$IMAGE_NAME-frmw.bmap" "$IMAGE_NAME-frmw.img"
785 791 bmaptool create -o "$IMAGE_NAME-root.bmap" "$IMAGE_NAME-root.img"
786 792
787 793 # Image was successfully created
788 794 echo "$IMAGE_NAME-frmw.img ($(expr \( "${TABLE_SECTORS}" + "${FRMW_SECTORS}" \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
789 795 echo "$IMAGE_NAME-root.img ($(expr \( "${TABLE_SECTORS}" + "${ROOT_SECTORS}" \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
790 796 else
791 797 # Create block map file for "bmaptool"
792 798 bmaptool create -o "$IMAGE_NAME.bmap" "$IMAGE_NAME.img"
793 799
794 800 # Image was successfully created
795 801 echo "$IMAGE_NAME.img ($(expr \( "${TABLE_SECTORS}" + "${FRMW_SECTORS}" + "${ROOT_SECTORS}" \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
796 802
797 803 # Create qemu qcow2 image
798 804 if [ "$ENABLE_QEMU" = true ] ; then
799 805 QEMU_IMAGE=${QEMU_IMAGE:=${BASEDIR}/qemu/${DATE}-${KERNEL_ARCH}-CURRENT-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}}
800 806 QEMU_SIZE=16G
801 807
802 808 qemu-img convert -f raw -O qcow2 "$IMAGE_NAME".img "$QEMU_IMAGE".qcow2
803 809 qemu-img resize "$QEMU_IMAGE".qcow2 $QEMU_SIZE
804 810
805 811 echo "$QEMU_IMAGE.qcow2 ($QEMU_SIZE)" ": successfully created"
806 812 fi
807 813 fi
General Comments 0
Vous devez vous connecter pour laisser un commentaire. Se connecter maintenant