##// END OF EJS Templates
rebase master testing
Unknown -
r574:5a07e0ab6bd8
parent child
Show More
@@ -1,532 +1,544
1 # rpi23-gen-image
1 # rpi23-gen-image
2 ## Introduction
2 ## Introduction
3 `rpi23-gen-image.sh` is an advanced Debian Linux bootstrapping shell script for generating Debian OS images for all Raspberry Pi computers. The script at this time supports the bootstrapping of the Debian (armhf/armel) releases `stretch` and `buster`. Raspberry Pi 0/1/2/3 images are generated for 32-bit mode only. Raspberry Pi 3 supports 64-bit images that can be generated using custom configuration parameters (```templates/rpi3-stretch-arm64-4.14.y```).
3 `rpi23-gen-image.sh` is an advanced Debian Linux bootstrapping shell script for generating Debian OS images for all Raspberry Pi computers. The script at this time supports the bootstrapping of the Debian (armhf/armel) releases `stretch` and `buster`. Raspberry Pi 0/1/2/3 images are generated for 32-bit mode only. Raspberry Pi 3 supports 64-bit images that can be generated using custom configuration parameters (```templates/rpi3-stretch-arm64-4.14.y```).
4
4
5 ## Build dependencies
5 ## Build dependencies
6 The following list of Debian packages must be installed on the build system because they are essentially required for the bootstrapping process. The script will check if all required packages are installed and missing packages will be installed automatically if confirmed by the user.
6 The following list of Debian packages must be installed on the build system because they are essentially required for the bootstrapping process. The script will check if all required packages are installed and missing packages will be installed automatically if confirmed by the user.
7
7
8 ```debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git bc psmisc dbus sudo```
8 ```debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git bc psmisc dbus sudo```
9
9
10 It is recommended to configure the `rpi23-gen-image.sh` script to build and install the latest Raspberry Pi Linux kernel. For the Raspberry 3 this is mandatory. Kernel compilation and linking will be performed on the build system using an ARM (armhf/armel) cross-compiler toolchain.
10 It is recommended to configure the `rpi23-gen-image.sh` script to build and install the latest Raspberry Pi Linux kernel. For the Raspberry 3 this is mandatory. Kernel compilation and linking will be performed on the build system using an ARM (armhf/armel) cross-compiler toolchain.
11
11
12 The script has been tested using the default `crossbuild-essential-armhf` and `crossbuild-essential-armel` toolchain meta packages on Debian Linux `stretch` build systems. Please check the [Debian CrossToolchains Wiki](https://wiki.debian.org/CrossToolchains) for further information.
12 The script has been tested using the default `crossbuild-essential-armhf` and `crossbuild-essential-armel` toolchain meta packages on Debian Linux `stretch` build systems. Please check the [Debian CrossToolchains Wiki](https://wiki.debian.org/CrossToolchains) for further information.
13
13
14 ## Command-line parameters
14 ## Command-line parameters
15 The script accepts certain command-line parameters to enable or disable specific OS features, services and configuration settings. These parameters are passed to the `rpi23-gen-image.sh` script via (simple) shell-variables. Unlike environment shell-variables (simple) shell-variables are defined at the beginning of the command-line call of the `rpi23-gen-image.sh` script.
15 The script accepts certain command-line parameters to enable or disable specific OS features, services and configuration settings. These parameters are passed to the `rpi23-gen-image.sh` script via (simple) shell-variables. Unlike environment shell-variables (simple) shell-variables are defined at the beginning of the command-line call of the `rpi23-gen-image.sh` script.
16
16
17 ##### Command-line examples:
17 ##### Command-line examples:
18 ```shell
18 ```shell
19 ENABLE_UBOOT=true ./rpi23-gen-image.sh
19 ENABLE_UBOOT=true ./rpi23-gen-image.sh
20 ENABLE_CONSOLE=false ENABLE_IPV6=false ./rpi23-gen-image.sh
20 ENABLE_CONSOLE=false ENABLE_IPV6=false ./rpi23-gen-image.sh
21 ENABLE_WM=xfce4 ENABLE_FBTURBO=true ENABLE_MINBASE=true ./rpi23-gen-image.sh
21 ENABLE_WM=xfce4 ENABLE_FBTURBO=true ENABLE_MINBASE=true ./rpi23-gen-image.sh
22 ENABLE_HARDNET=true ENABLE_IPTABLES=true /rpi23-gen-image.sh
22 ENABLE_HARDNET=true ENABLE_IPTABLES=true /rpi23-gen-image.sh
23 APT_SERVER=ftp.de.debian.org APT_PROXY="http://127.0.0.1:3142/" ./rpi23-gen-image.sh
23 APT_SERVER=ftp.de.debian.org APT_PROXY="http://127.0.0.1:3142/" ./rpi23-gen-image.sh
24 ENABLE_MINBASE=true ./rpi23-gen-image.sh
24 ENABLE_MINBASE=true ./rpi23-gen-image.sh
25 BUILD_KERNEL=true ENABLE_MINBASE=true ENABLE_IPV6=false ./rpi23-gen-image.sh
25 BUILD_KERNEL=true ENABLE_MINBASE=true ENABLE_IPV6=false ./rpi23-gen-image.sh
26 BUILD_KERNEL=true KERNELSRC_DIR=/tmp/linux ./rpi23-gen-image.sh
26 BUILD_KERNEL=true KERNELSRC_DIR=/tmp/linux ./rpi23-gen-image.sh
27 ENABLE_MINBASE=true ENABLE_REDUCE=true ENABLE_MINGPU=true BUILD_KERNEL=true ./rpi23-gen-image.sh
27 ENABLE_MINBASE=true ENABLE_REDUCE=true ENABLE_MINGPU=true BUILD_KERNEL=true ./rpi23-gen-image.sh
28 ENABLE_CRYPTFS=true CRYPTFS_PASSWORD=changeme EXPANDROOT=false ENABLE_MINBASE=true ENABLE_REDUCE=true ENABLE_MINGPU=true BUILD_KERNEL=true ./rpi23-gen-image.sh
28 ENABLE_CRYPTFS=true CRYPTFS_PASSWORD=changeme EXPANDROOT=false ENABLE_MINBASE=true ENABLE_REDUCE=true ENABLE_MINGPU=true BUILD_KERNEL=true ./rpi23-gen-image.sh
29 RELEASE=stretch BUILD_KERNEL=true ./rpi23-gen-image.sh
29 RELEASE=stretch BUILD_KERNEL=true ./rpi23-gen-image.sh
30 RPI_MODEL=3 ENABLE_WIRELESS=true ENABLE_MINBASE=true BUILD_KERNEL=true ./rpi23-gen-image.sh
30 RPI_MODEL=3 ENABLE_WIRELESS=true ENABLE_MINBASE=true BUILD_KERNEL=true ./rpi23-gen-image.sh
31 RELEASE=stretch RPI_MODEL=3 ENABLE_WIRELESS=true ENABLE_MINBASE=true BUILD_KERNEL=true ./rpi23-gen-image.sh
31 RELEASE=stretch RPI_MODEL=3 ENABLE_WIRELESS=true ENABLE_MINBASE=true BUILD_KERNEL=true ./rpi23-gen-image.sh
32 ```
32 ```
33
33
34 ## Configuration template files
34 ## Configuration template files
35 To avoid long lists of command-line parameters and to help to store the favourite parameter configurations the `rpi23-gen-image.sh` script supports so called configuration template files (`CONFIG_TEMPLATE`=template). These are simple text files located in the `./templates` directory that contain the list of configuration parameters that will be used. New configuration template files can be added to the `./templates` directory.
35 To avoid long lists of command-line parameters and to help to store the favourite parameter configurations the `rpi23-gen-image.sh` script supports so called configuration template files (`CONFIG_TEMPLATE`=template). These are simple text files located in the `./templates` directory that contain the list of configuration parameters that will be used. New configuration template files can be added to the `./templates` directory.
36
36
37 ##### Command-line examples:
37 ##### Command-line examples:
38 ```shell
38 ```shell
39 CONFIG_TEMPLATE=rpi3stretch ./rpi23-gen-image.sh
39 CONFIG_TEMPLATE=rpi3stretch ./rpi23-gen-image.sh
40 CONFIG_TEMPLATE=rpi2stretch ./rpi23-gen-image.sh
40 CONFIG_TEMPLATE=rpi2stretch ./rpi23-gen-image.sh
41 ```
41 ```
42
42
43 ## Supported parameters and settings
43 ## Supported parameters and settings
44 #### APT settings:
44 #### APT settings:
45 ##### `APT_SERVER`="ftp.debian.org/debian"
45 ##### `APT_SERVER`="ftp.debian.org"
46 Set Debian packages server address. Choose a server from the list of Debian worldwide [mirror sites](https://www.debian.org/mirror/list). Using a nearby server will probably speed-up all required downloads within the bootstrapping process.
46 Set Debian packages server address. Choose a server from the list of Debian worldwide [mirror sites](https://www.debian.org/mirror/list). Using a nearby server will probably speed-up all required downloads within the bootstrapping process.
47
47
48 ##### `APT_PROXY`=""
48 ##### `APT_PROXY`=""
49 Set Proxy server address. Using a local Proxy-Cache like `apt-cacher-ng` will speed-up the bootstrapping process because all required Debian packages will only be downloaded from the Debian mirror site once. If `apt-cacher-ng` is running on default `http://127.0.0.1:3142` it is autodetected and you don't need to set this.
49 Set Proxy server address. Using a local Proxy-Cache like `apt-cacher-ng` will speed-up the bootstrapping process because all required Debian packages will only be downloaded from the Debian mirror site once. If `apt-cacher-ng` is running on default `http://127.0.0.1:3142` it is autodetected and you don't need to set this.
50
50
51 ##### `KEEP_APT_PROXY`=false
52 Keep the APT_PROXY settings used in the bootsrapping process in the generated image.
53
51 ##### `APT_INCLUDES`=""
54 ##### `APT_INCLUDES`=""
52 A comma-separated list of additional packages to be installed by debootstrap during bootstrapping.
55 A comma-separated list of additional packages to be installed by debootstrap during bootstrapping.
53
56
54 ##### `APT_INCLUDES_LATE`=""
57 ##### `APT_INCLUDES_LATE`=""
55 A comma-separated list of additional packages to be installed by apt after bootstrapping and after APT sources are set up. This is useful for packages with pre-depends, which debootstrap do not handle well.
58 A comma-separated list of additional packages to be installed by apt after bootstrapping and after APT sources are set up. This is useful for packages with pre-depends, which debootstrap do not handle well.
56
59
57 ---
60 ---
58
61
59 #### General system settings:
62 #### General system settings:
60 ##### `SET_ARCH`=32
63 ##### `SET_ARCH`=32
61 Set Architecture to default 32bit. If you want to compile 64-bit (RPI3 or RPI3+) set it to `64`. This option will set every needed cross-compiler or board specific option for a successful build.
64 Set Architecture to default 32bit. If you want to compile 64-bit (RPI3 or RPI3+) set it to `64`. This option will set every needed cross-compiler or board specific option for a successful build.
62
65
63 ##### `RPI_MODEL`=2
66 ##### `RPI_MODEL`=2
64 Specify the target Raspberry Pi hardware model. The script at this time supports the following Raspberry Pi models:
67 Specify the target Raspberry Pi hardware model. The script at this time supports the following Raspberry Pi models:
65 - `0` = Raspberry Pi 0 and Raspberry Pi 0 W
68 - `0` = Raspberry Pi 0 and Raspberry Pi 0 W
66 - `1` = Raspberry Pi 1 model A and B
69 - `1` = Raspberry Pi 1 model A and B
67 - `1P` = Raspberry Pi 1 model B+ and A+
70 - `1P` = Raspberry Pi 1 model B+ and A+
68 - `2` = Raspberry Pi 2 model B
71 - `2` = Raspberry Pi 2 model B
69 - `3` = Raspberry Pi 3 model B
72 - `3` = Raspberry Pi 3 model B
70 - `3P` = Raspberry Pi 3 model B+
73 - `3P` = Raspberry Pi 3 model B+
71
74
72 ##### `RELEASE`="buster"
75 ##### `RELEASE`="buster"
73 Set the desired Debian release name. The script at this time supports the bootstrapping of the Debian releases `stretch` and `buster`.
76 Set the desired Debian release name. The script at this time supports the bootstrapping of the Debian releases `stretch` and `buster`.
74
77
75 ##### `RELEASE_ARCH`="armhf"
78 ##### `RELEASE_ARCH`="armhf"
76 Set the desired Debian release architecture.
79 Set the desired Debian release architecture.
77
80
78 ##### `HOSTNAME`="rpi$RPI_MODEL-$RELEASE"
81 ##### `HOSTNAME`="rpi$RPI_MODEL-$RELEASE"
79 Set system hostname. It's recommended that the hostname is unique in the corresponding subnet.
82 Set system hostname. It's recommended that the hostname is unique in the corresponding subnet.
80
83
81 ##### `PASSWORD`="raspberry"
84 ##### `PASSWORD`="raspberry"
82 Set system `root` password. It's **STRONGLY** recommended that you choose a custom password.
85 Set system `root` password. It's **STRONGLY** recommended that you choose a custom password.
83
86
84 ##### `USER_PASSWORD`="raspberry"
87 ##### `USER_PASSWORD`="raspberry"
85 Set password for the created non-root user `USER_NAME`=pi. Ignored if `ENABLE_USER`=false. It's **STRONGLY** recommended that you choose a custom password.
88 Set password for the created non-root user `USER_NAME`=pi. Ignored if `ENABLE_USER`=false. It's **STRONGLY** recommended that you choose a custom password.
86
89
87 ##### `DEFLOCAL`="en_US.UTF-8"
90 ##### `DEFLOCAL`="en_US.UTF-8"
88 Set default system locale. This setting can also be changed inside the running OS using the `dpkg-reconfigure locales` command. Please note that on using this parameter the script will automatically install the required packages `locales`, `keyboard-configuration` and `console-setup`.
91 Set default system locale. This setting can also be changed inside the running OS using the `dpkg-reconfigure locales` command. Please note that on using this parameter the script will automatically install the required packages `locales`, `keyboard-configuration` and `console-setup`.
89
92
90 ##### `TIMEZONE`="Europe/Berlin"
93 ##### `TIMEZONE`="Europe/Berlin"
91 Set default system timezone. All available timezones can be found in the `/usr/share/zoneinfo/` directory. This setting can also be changed inside the running OS using the `dpkg-reconfigure tzdata` command.
94 Set default system timezone. All available timezones can be found in the `/usr/share/zoneinfo/` directory. This setting can also be changed inside the running OS using the `dpkg-reconfigure tzdata` command.
92
95
93 ##### `EXPANDROOT`=true
96 ##### `EXPANDROOT`=true
94 Expand the root partition and filesystem automatically on first boot.
97 Expand the root partition and filesystem automatically on first boot.
95
98
96 ##### `ENABLE_QEMU`=false
99 ##### `ENABLE_QEMU`=false
97 Generate kernel (`vexpress_defconfig`), file system image (`qcow2`) and DTB files that can be used for QEMU full system emulation (`vexpress-A15`). The output files are stored in the `$(pwd)/images/qemu` directory. You can find more information about running the generated image in the QEMU section of this readme file.
100 Generate kernel (`vexpress_defconfig`), file system image (`qcow2`) and DTB files that can be used for QEMU full system emulation (`vexpress-A15`). The output files are stored in the `$(pwd)/images/qemu` directory. You can find more information about running the generated image in the QEMU section of this readme file.
98
101
99 ---
102 ---
100
103
101 #### Keyboard settings:
104 #### Keyboard settings:
102 These options are used to configure keyboard layout in `/etc/default/keyboard` for console and Xorg. These settings can also be changed inside the running OS using the `dpkg-reconfigure keyboard-configuration` command.
105 These options are used to configure keyboard layout in `/etc/default/keyboard` for console and Xorg. These settings can also be changed inside the running OS using the `dpkg-reconfigure keyboard-configuration` command.
103
106
104 ##### `XKB_MODEL`=""
107 ##### `XKB_MODEL`=""
105 Set the name of the model of your keyboard type.
108 Set the name of the model of your keyboard type.
106
109
107 ##### `XKB_LAYOUT`=""
110 ##### `XKB_LAYOUT`=""
108 Set the supported keyboard layout(s).
111 Set the supported keyboard layout(s).
109
112
110 ##### `XKB_VARIANT`=""
113 ##### `XKB_VARIANT`=""
111 Set the supported variant(s) of the keyboard layout(s).
114 Set the supported variant(s) of the keyboard layout(s).
112
115
113 ##### `XKB_OPTIONS`=""
116 ##### `XKB_OPTIONS`=""
114 Set extra xkb configuration options.
117 Set extra xkb configuration options.
115
118
116 ---
119 ---
117
120
118 #### Networking settings (DHCP):
121 #### Networking settings (DHCP):
119 This parameter is used to set up networking auto-configuration in `/etc/systemd/network/eth.network`. The default location of network configuration files in the Debian `stretch` release was changed to `/lib/systemd/network`.`
122 This parameter is used to set up networking auto-configuration in `/etc/systemd/network/eth.network`. The default location of network configuration files in the Debian `stretch` release was changed to `/lib/systemd/network`.`
120
123
121 ##### `ENABLE_DHCP`=true
124 ##### `ENABLE_DHCP`=true
122 Set the system to use DHCP. This requires an DHCP server.
125 Set the system to use DHCP. This requires an DHCP server.
123
126
124 ---
127 ---
125
128
126 #### Networking settings (static):
129 #### Networking settings (static):
127 These parameters are used to set up a static networking configuration in `/etc/systemd/network/eth.network`. The following static networking parameters are only supported if `ENABLE_DHCP` was set to `false`. The default location of network configuration files in the Debian `stretch` release was changed to `/lib/systemd/network`.
130 These parameters are used to set up a static networking configuration in `/etc/systemd/network/eth.network`. The following static networking parameters are only supported if `ENABLE_DHCP` was set to `false`. The default location of network configuration files in the Debian `stretch` release was changed to `/lib/systemd/network`.
128
131
129 ##### `NET_ADDRESS`=""
132 ##### `NET_ADDRESS`=""
130 Set a static IPv4 or IPv6 address and its prefix, separated by "/", eg. "192.169.0.3/24".
133 Set a static IPv4 or IPv6 address and its prefix, separated by "/", eg. "192.169.0.3/24".
131
134
132 ##### `NET_GATEWAY`=""
135 ##### `NET_GATEWAY`=""
133 Set the IP address for the default gateway.
136 Set the IP address for the default gateway.
134
137
135 ##### `NET_DNS_1`=""
138 ##### `NET_DNS_1`=""
136 Set the IP address for the first DNS server.
139 Set the IP address for the first DNS server.
137
140
138 ##### `NET_DNS_2`=""
141 ##### `NET_DNS_2`=""
139 Set the IP address for the second DNS server.
142 Set the IP address for the second DNS server.
140
143
141 ##### `NET_DNS_DOMAINS`=""
144 ##### `NET_DNS_DOMAINS`=""
142 Set the default DNS search domains to use for non fully qualified hostnames.
145 Set the default DNS search domains to use for non fully qualified hostnames.
143
146
144 ##### `NET_NTP_1`=""
147 ##### `NET_NTP_1`=""
145 Set the IP address for the first NTP server.
148 Set the IP address for the first NTP server.
146
149
147 ##### `NET_NTP_2`=""
150 ##### `NET_NTP_2`=""
148 Set the IP address for the second NTP server.
151 Set the IP address for the second NTP server.
149
152
150 ---
153 ---
151
154
152 #### Basic system features:
155 #### Basic system features:
153 ##### `ENABLE_CONSOLE`=true
156 ##### `ENABLE_CONSOLE`=true
154 Enable serial console interface. Recommended if no monitor or keyboard is connected to the RPi2/3. In case of problems fe. if the network (auto) configuration failed - the serial console can be used to access the system. On RPI `0` `3` `3P` the CPU speed is locked at lowest speed.
157 Enable serial console interface. Recommended if no monitor or keyboard is connected to the RPi2/3. In case of problems fe. if the network (auto) configuration failed - the serial console can be used to access the system. On RPI `0` `3` `3P` the CPU speed is locked at lowest speed.
155
158
156 ##### `ENABLE_PRINTK`=false
159 ##### `ENABLE_PRINTK`=false
157 Enables printing kernel messages to konsole. printk is `3 4 1 3` as in raspbian.
160 Enables printing kernel messages to konsole. printk is `3 4 1 3` as in raspbian.
158
161
159 ##### `ENABLE_BLUETOOTH`=false
162 ##### `ENABLE_BLUETOOTH`=false
160 Enable onboard Bluetooth interface on the RPi0/3/3P. See: [Configuring the GPIO serial port on Raspbian jessie and stretch](https://spellfoundry.com/2016/05/29/configuring-gpio-serial-port-raspbian-jessie-including-pi-3/).
163 Enable onboard Bluetooth interface on the RPi0/3/3P. See: [Configuring the GPIO serial port on Raspbian jessie and stretch](https://spellfoundry.com/2016/05/29/configuring-gpio-serial-port-raspbian-jessie-including-pi-3/).
161
164
162 ##### `ENABLE_MINIUART_OVERLAY`=false
165 ##### `ENABLE_MINIUART_OVERLAY`=false
163 Enable Bluetooth to use this. Adds overlay to swap UART0 with UART1. Enabling (slower) Bluetooth and full speed serial console. - RPI `0` `3` `3P` have a fast `hardware UART0` (ttyAMA0) and a `mini UART1` (ttyS0)! RPI `1` `1P` `2` only have a `hardware UART0`. `UART0` is considered better, because is faster and more stable than `mini UART1`. By default the Bluetooth modem is mapped to the `hardware UART0` and `mini UART` is used for console. The `mini UART` is a problem for the serial console, because its baudrate depends on the CPU frequency, which is changing on runtime. Resulting in a volatile baudrate and thus in an unusable serial console.
166 Enable Bluetooth to use this. Adds overlay to swap UART0 with UART1. Enabling (slower) Bluetooth and full speed serial console. - RPI `0` `3` `3P` have a fast `hardware UART0` (ttyAMA0) and a `mini UART1` (ttyS0)! RPI `1` `1P` `2` only have a `hardware UART0`. `UART0` is considered better, because is faster and more stable than `mini UART1`. By default the Bluetooth modem is mapped to the `hardware UART0` and `mini UART` is used for console. The `mini UART` is a problem for the serial console, because its baudrate depends on the CPU frequency, which is changing on runtime. Resulting in a volatile baudrate and thus in an unusable serial console.
164
167
165 ##### `ENABLE_TURBO`=false
168 ##### `ENABLE_TURBO`=false
166 Enable Turbo mode. This setting locks cpu at the highest frequency. As setting ENABLE_CONSOLE=true locks RPI to lowest CPU speed, this is can be used additionally to lock cpu hat max speed. Need a good power supply and probably cooling for the Raspberry PI.
169 Enable Turbo mode. This setting locks cpu at the highest frequency. As setting ENABLE_CONSOLE=true locks RPI to lowest CPU speed, this is can be used additionally to lock cpu hat max speed. Need a good power supply and probably cooling for the Raspberry PI.
167
170
168 ##### `ENABLE_I2C`=false
171 ##### `ENABLE_I2C`=false
169 Enable I2C interface on the RPi 0/1/2/3. Please check the [RPi 0/1/2/3 pinout diagrams](https://elinux.org/RPi_Low-level_peripherals) to connect the right GPIO pins.
172 Enable I2C interface on the RPi 0/1/2/3. Please check the [RPi 0/1/2/3 pinout diagrams](https://elinux.org/RPi_Low-level_peripherals) to connect the right GPIO pins.
170
173
171 ##### `ENABLE_SPI`=false
174 ##### `ENABLE_SPI`=false
172 Enable SPI interface on the RPi 0/1/2/3. Please check the [RPi 0/1/2/3 pinout diagrams](https://elinux.org/RPi_Low-level_peripherals) to connect the right GPIO pins.
175 Enable SPI interface on the RPi 0/1/2/3. Please check the [RPi 0/1/2/3 pinout diagrams](https://elinux.org/RPi_Low-level_peripherals) to connect the right GPIO pins.
173
176
174 ##### `ENABLE_IPV6`=true
177 ##### `ENABLE_IPV6`=true
175 Enable IPv6 support. The network interface configuration is managed via systemd-networkd.
178 Enable IPv6 support. The network interface configuration is managed via systemd-networkd.
176
179
177 ##### `ENABLE_SSHD`=true
180 ##### `ENABLE_SSHD`=true
178 Install and enable OpenSSH service. The default configuration of the service doesn't allow `root` to login. Please use the user `pi` instead and `su -` or `sudo` to execute commands as root.
181 Install and enable OpenSSH service. The default configuration of the service doesn't allow `root` to login. Please use the user `pi` instead and `su -` or `sudo` to execute commands as root.
179
182
180 ##### `ENABLE_NONFREE`=false
183 ##### `ENABLE_NONFREE`=false
181 Allow the installation of non-free Debian packages that do not comply with the DFSG. This is required to install closed-source firmware binary blobs.
184 Allow the installation of non-free Debian packages that do not comply with the DFSG. This is required to install closed-source firmware binary blobs.
182
185
183 ##### `ENABLE_WIRELESS`=false
186 ##### `ENABLE_WIRELESS`=false
184 Download and install the [closed-source firmware binary blob](https://github.com/RPi-Distro/firmware-nonfree/raw/master/brcm) that is required to run the internal wireless interface of the Raspberry Pi model `3`. This parameter is ignored if the specified `RPI_MODEL` is not `3`.
187 Download and install the [closed-source firmware binary blob](https://github.com/RPi-Distro/firmware-nonfree/raw/master/brcm) that is required to run the internal wireless interface of the Raspberry Pi model `3`. This parameter is ignored if the specified `RPI_MODEL` is not `3`.
185
188
186 ##### `ENABLE_RSYSLOG`=true
189 ##### `ENABLE_RSYSLOG`=true
187 If set to false, disable and uninstall rsyslog (so logs will be available only in journal files)
190 If set to false, disable and uninstall rsyslog (so logs will be available only in journal files)
188
191
189 ##### `ENABLE_SOUND`=true
192 ##### `ENABLE_SOUND`=true
190 Enable sound hardware and install Advanced Linux Sound Architecture.
193 Enable sound hardware and install Advanced Linux Sound Architecture.
191
194
192 ##### `ENABLE_HWRANDOM`=true
195 ##### `ENABLE_HWRANDOM`=true
193 Enable Hardware Random Number Generator. Strong random numbers are important for most network-based communications that use encryption. It's recommended to be enabled.
196 Enable Hardware Random Number Generator. Strong random numbers are important for most network-based communications that use encryption. It's recommended to be enabled.
194
197
195 ##### `ENABLE_MINGPU`=false
198 ##### `ENABLE_MINGPU`=false
196 Minimize the amount of shared memory reserved for the GPU. It doesn't seem to be possible to fully disable the GPU.
199 Minimize the amount of shared memory reserved for the GPU. It doesn't seem to be possible to fully disable the GPU.
197
200
198 ##### `ENABLE_DBUS`=true
201 ##### `ENABLE_DBUS`=true
199 Install and enable D-Bus message bus. Please note that systemd should work without D-bus but it's recommended to be enabled.
202 Install and enable D-Bus message bus. Please note that systemd should work without D-bus but it's recommended to be enabled.
200
203
201 ##### `ENABLE_XORG`=false
204 ##### `ENABLE_XORG`=false
202 Install Xorg open-source X Window System.
205 Install Xorg open-source X Window System.
203
206
204 ##### `ENABLE_WM`=""
207 ##### `ENABLE_WM`=""
205 Install a user-defined window manager for the X Window System. To make sure all X related package dependencies are getting installed `ENABLE_XORG` will automatically get enabled if `ENABLE_WM` is used. The `rpi23-gen-image.sh` script has been tested with the following list of window managers: `blackbox`, `openbox`, `fluxbox`, `jwm`, `dwm`, `xfce4`, `awesome`.
208 Install a user-defined window manager for the X Window System. To make sure all X related package dependencies are getting installed `ENABLE_XORG` will automatically get enabled if `ENABLE_WM` is used. The `rpi23-gen-image.sh` script has been tested with the following list of window managers: `blackbox`, `openbox`, `fluxbox`, `jwm`, `dwm`, `xfce4`, `awesome`.
206
209
207 ##### `ENABLE_SYSVINIT`=false
210 ##### `ENABLE_SYSVINIT`=false
208 Support for halt,init,poweroff,reboot,runlevel,shutdown,telinit commands
211 Support for halt,init,poweroff,reboot,runlevel,shutdown,telinit commands
209
212
210 ---
213 ---
211
214
212 #### Advanced system features:
215 #### Advanced system features:
213 ##### `ENABLE_SYSTEMDSWAP`=false
216 ##### `ENABLE_SYSTEMDSWAP`=false
214 Enables [Systemd-swap service](https://github.com/Nefelim4ag/systemd-swap). Usefull if `KERNEL_ZSWAP` is enabled.
217 Enables [Systemd-swap service](https://github.com/Nefelim4ag/systemd-swap). Usefull if `KERNEL_ZSWAP` is enabled.
215
218
216 ##### `ENABLE_MINBASE`=false
219 ##### `ENABLE_MINBASE`=false
217 Use debootstrap script variant `minbase` which only includes essential packages and apt. This will reduce the disk usage by about 65 MB.
220 Use debootstrap script variant `minbase` which only includes essential packages and apt. This will reduce the disk usage by about 65 MB.
218
221
219 ##### `ENABLE_REDUCE`=false
222 ##### `ENABLE_REDUCE`=false
220 Reduce the disk space usage by deleting packages and files. See `REDUCE_*` parameters for detailed information.
223 Reduce the disk space usage by deleting packages and files. See `REDUCE_*` parameters for detailed information.
221
224
222 ##### `ENABLE_UBOOT`=false
225 ##### `ENABLE_UBOOT`=false
223 Replace the default RPi 0/1/2/3 second stage bootloader (bootcode.bin) with [U-Boot bootloader](https://git.denx.de/?p=u-boot.git;a=summary). U-Boot can boot images via the network using the BOOTP/TFTP protocol.
226 Replace the default RPi 0/1/2/3 second stage bootloader (bootcode.bin) with [U-Boot bootloader](https://git.denx.de/?p=u-boot.git;a=summary). U-Boot can boot images via the network using the BOOTP/TFTP protocol.
224
227
225 ##### `UBOOTSRC_DIR`=""
228 ##### `UBOOTSRC_DIR`=""
226 Path to a directory (`u-boot`) of [U-Boot bootloader sources](https://git.denx.de/?p=u-boot.git;a=summary) that will be copied, configured, build and installed inside the chroot.
229 Path to a directory (`u-boot`) of [U-Boot bootloader sources](https://git.denx.de/?p=u-boot.git;a=summary) that will be copied, configured, build and installed inside the chroot.
227
230
228 ##### `ENABLE_FBTURBO`=false
231 ##### `ENABLE_FBTURBO`=false
229 Install and enable the [hardware accelerated Xorg video driver](https://github.com/ssvb/xf86-video-fbturbo) `fbturbo`. Please note that this driver is currently limited to hardware accelerated window moving and scrolling.
232 Install and enable the [hardware accelerated Xorg video driver](https://github.com/ssvb/xf86-video-fbturbo) `fbturbo`. Please note that this driver is currently limited to hardware accelerated window moving and scrolling.
230
233
231 ##### `FBTURBOSRC_DIR`=""
234 ##### `FBTURBOSRC_DIR`=""
232 Path to a directory (`xf86-video-fbturbo`) of [hardware accelerated Xorg video driver sources](https://github.com/ssvb/xf86-video-fbturbo) that will be copied, configured, build and installed inside the chroot.
235 Path to a directory (`xf86-video-fbturbo`) of [hardware accelerated Xorg video driver sources](https://github.com/ssvb/xf86-video-fbturbo) that will be copied, configured, build and installed inside the chroot.
233
236
234 ##### `ENABLE_VIDEOCORE`=false
237 ##### `ENABLE_VIDEOCORE`=false
235 Install and enable the [ARM side libraries for interfacing to Raspberry Pi GPU](https://github.com/raspberrypi/userland) `vcgencmd`. Please note that this driver is currently limited to hardware accelerated window moving and scrolling.
238 Install and enable the [ARM side libraries for interfacing to Raspberry Pi GPU](https://github.com/raspberrypi/userland) `vcgencmd`. Please note that this driver is currently limited to hardware accelerated window moving and scrolling.
236
239
237 ##### `VIDEOCORESRC_DIR`=""
240 ##### `VIDEOCORESRC_DIR`=""
238 Path to a directory (`userland`) of [ARM side libraries for interfacing to Raspberry Pi GPU](https://github.com/raspberrypi/userland) that will be copied, configured, build and installed inside the chroot.
241 Path to a directory (`userland`) of [ARM side libraries for interfacing to Raspberry Pi GPU](https://github.com/raspberrypi/userland) that will be copied, configured, build and installed inside the chroot.
239
242
240 ##### `ENABLE_NEXMON`=false
243 ##### `ENABLE_NEXMON`=false
241 Install and enable the [Source code for a C-based firmware patching framework for Broadcom/Cypress WiFi chips that enables you to write your own firmware patches, for example, to enable monitor mode with radiotap headers and frame injection](https://github.com/seemoo-lab/nexmon.git).
244 Install and enable the [Source code for a C-based firmware patching framework for Broadcom/Cypress WiFi chips that enables you to write your own firmware patches, for example, to enable monitor mode with radiotap headers and frame injection](https://github.com/seemoo-lab/nexmon.git).
242
245
243 ##### `NEXMONSRC_DIR`=""
246 ##### `NEXMONSRC_DIR`=""
244 Path to a directory (`nexmon`) of [Source code for ARM side libraries for interfacing to Raspberry Pi GPU](https://github.com/raspberrypi/userland) that will be copied, configured, build and installed inside the chroot.
247 Path to a directory (`nexmon`) of [Source code for ARM side libraries for interfacing to Raspberry Pi GPU](https://github.com/raspberrypi/userland) that will be copied, configured, build and installed inside the chroot.
245
248
246 ##### `ENABLE_IPTABLES`=false
249 ##### `ENABLE_IPTABLES`=false
247 Enable iptables IPv4/IPv6 firewall. Simplified ruleset: Allow all outgoing connections. Block all incoming connections except to OpenSSH service.
250 Enable iptables IPv4/IPv6 firewall. Simplified ruleset: Allow all outgoing connections. Block all incoming connections except to OpenSSH service.
248
251
249 ##### `ENABLE_USER`=true
252 ##### `ENABLE_USER`=true
250 Create non-root user with password `USER_PASSWORD`=raspberry. Unless overridden with `USER_NAME`=user, the username will be `pi`.
253 Create non-root user with password `USER_PASSWORD`=raspberry. Unless overridden with `USER_NAME`=user, the username will be `pi`.
251
254
252 ##### `USER_NAME`=pi
255 ##### `USER_NAME`=pi
253 Non-root user to create. Ignored if `ENABLE_USER`=false
256 Non-root user to create. Ignored if `ENABLE_USER`=false
254
257
255 ##### `ENABLE_ROOT`=false
258 ##### `ENABLE_ROOT`=false
256 Set root user password so root login will be enabled
259 Set root user password so root login will be enabled
257
260
258 ##### `ENABLE_HARDNET`=false
261 ##### `ENABLE_HARDNET`=false
259 Enable IPv4/IPv6 network stack hardening settings.
262 Enable IPv4/IPv6 network stack hardening settings.
260
263
261 ##### `ENABLE_SPLITFS`=false
264 ##### `ENABLE_SPLITFS`=false
262 Enable having root partition on an USB drive by creating two image files: one for the `/boot/firmware` mount point, and another for `/`.
265 Enable having root partition on an USB drive by creating two image files: one for the `/boot/firmware` mount point, and another for `/`.
263
266
264 ##### `CHROOT_SCRIPTS`=""
267 ##### `CHROOT_SCRIPTS`=""
265 Path to a directory with scripts that should be run in the chroot before the image is finally built. Every executable file in this directory is run in lexicographical order.
268 Path to a directory with scripts that should be run in the chroot before the image is finally built. Every executable file in this directory is run in lexicographical order.
266
269
267 ##### `ENABLE_INITRAMFS`=false
270 ##### `ENABLE_INITRAMFS`=false
268 Create an initramfs that that will be loaded during the Linux startup process. `ENABLE_INITRAMFS` will automatically get enabled if `ENABLE_CRYPTFS`=true. This parameter will be ignored if `BUILD_KERNEL`=false.
271 Create an initramfs that that will be loaded during the Linux startup process. `ENABLE_INITRAMFS` will automatically get enabled if `ENABLE_CRYPTFS`=true. This parameter will be ignored if `BUILD_KERNEL`=false.
269
272
270 ##### `ENABLE_IFNAMES`=true
273 ##### `ENABLE_IFNAMES`=true
271 Enable automatic assignment of predictable, stable network interface names for all local Ethernet, WLAN interfaces. This might create complex and long interface names.
274 Enable automatic assignment of predictable, stable network interface names for all local Ethernet, WLAN interfaces. This might create complex and long interface names.
272
275
276 ##### `ENABLE_SPLASH`=true
277 Enable default Raspberry Pi boot up rainbow splash screen.
278
279 ##### `ENABLE_LOGO`=true
280 Enable default Raspberry Pi console logo (image of four raspberries in the top left corner).
281
282 ##### `ENABLE_SILENT_BOOT`=false
283 Set the verbosity of console messages shown during boot up to a strict minimum.
284
273 ##### `DISABLE_UNDERVOLT_WARNINGS`=
285 ##### `DISABLE_UNDERVOLT_WARNINGS`=
274 Disable RPi2/3 under-voltage warnings and overlays. Setting the parameter to `1` will disable the warning overlay. Setting it to `2` will additionally allow RPi2/3 turbo mode when low-voltage is present.
286 Disable RPi2/3 under-voltage warnings and overlays. Setting the parameter to `1` will disable the warning overlay. Setting it to `2` will additionally allow RPi2/3 turbo mode when low-voltage is present.
275
287
276 ---
288 ---
277
289
278 #### SSH settings:
290 #### SSH settings:
279 ##### `SSH_ENABLE_ROOT`=false
291 ##### `SSH_ENABLE_ROOT`=false
280 Enable password-based root login via SSH. This may be a security risk with the default password set, use only in trusted environments. `ENABLE_ROOT` must be set to `true`.
292 Enable password-based root login via SSH. This may be a security risk with the default password set, use only in trusted environments. `ENABLE_ROOT` must be set to `true`.
281
293
282 ##### `SSH_DISABLE_PASSWORD_AUTH`=false
294 ##### `SSH_DISABLE_PASSWORD_AUTH`=false
283 Disable password-based SSH authentication. Only public key based SSH (v2) authentication will be supported.
295 Disable password-based SSH authentication. Only public key based SSH (v2) authentication will be supported.
284
296
285 ##### `SSH_LIMIT_USERS`=false
297 ##### `SSH_LIMIT_USERS`=false
286 Limit the users that are allowed to login via SSH. Only allow user `USER_NAME`=pi and root if `SSH_ENABLE_ROOT`=true to login. This parameter will be ignored if `dropbear` SSH is used (`REDUCE_SSHD`=true).
298 Limit the users that are allowed to login via SSH. Only allow user `USER_NAME`=pi and root if `SSH_ENABLE_ROOT`=true to login. This parameter will be ignored if `dropbear` SSH is used (`REDUCE_SSHD`=true).
287
299
288 ##### `SSH_ROOT_PUB_KEY`=""
300 ##### `SSH_ROOT_PUB_KEY`=""
289 Add SSH (v2) public key(s) from specified file to `authorized_keys` file to enable public key based SSH (v2) authentication of user `root`. The specified file can also contain multiple SSH (v2) public keys. SSH protocol version 1 is not supported. `ENABLE_ROOT` **and** `SSH_ENABLE_ROOT` must be set to `true`.
301 Add SSH (v2) public key(s) from specified file to `authorized_keys` file to enable public key based SSH (v2) authentication of user `root`. The specified file can also contain multiple SSH (v2) public keys. SSH protocol version 1 is not supported. `ENABLE_ROOT` **and** `SSH_ENABLE_ROOT` must be set to `true`.
290
302
291 ##### `SSH_USER_PUB_KEY`=""
303 ##### `SSH_USER_PUB_KEY`=""
292 Add SSH (v2) public key(s) from specified file to `authorized_keys` file to enable public key based SSH (v2) authentication of user `USER_NAME`=pi. The specified file can also contain multiple SSH (v2) public keys. SSH protocol version 1 is not supported.
304 Add SSH (v2) public key(s) from specified file to `authorized_keys` file to enable public key based SSH (v2) authentication of user `USER_NAME`=pi. The specified file can also contain multiple SSH (v2) public keys. SSH protocol version 1 is not supported.
293
305
294 ---
306 ---
295
307
296 #### Kernel compilation:
308 #### Kernel compilation:
297 ##### `BUILD_KERNEL`=true
309 ##### `BUILD_KERNEL`=true
298 Build and install the latest RPi 0/1/2/3 Linux kernel. Currently only the default RPi 0/1/2/3 kernel configuration is used.
310 Build and install the latest RPi 0/1/2/3 Linux kernel. Currently only the default RPi 0/1/2/3 kernel configuration is used.
299
311
300 ##### `CROSS_COMPILE`="arm-linux-gnueabihf-"
312 ##### `CROSS_COMPILE`="arm-linux-gnueabihf-"
301 This sets the cross-compile environment for the compiler.
313 This sets the cross-compile environment for the compiler.
302
314
303 ##### `KERNEL_ARCH`="arm"
315 ##### `KERNEL_ARCH`="arm"
304 This sets the kernel architecture for the compiler.
316 This sets the kernel architecture for the compiler.
305
317
306 ##### `KERNEL_IMAGE`="kernel7.img"
318 ##### `KERNEL_IMAGE`="kernel7.img"
307 Name of the image file in the boot partition. If not set, `KERNEL_IMAGE` will be set to "kernel8.img" automatically if building for arm64.
319 Name of the image file in the boot partition. If not set, `KERNEL_IMAGE` will be set to "kernel8.img" automatically if building for arm64.
308
320
309 ##### `KERNEL_BRANCH`=""
321 ##### `KERNEL_BRANCH`=""
310 Name of the requested branch from the GIT location for the RPi Kernel. Default is using the current default branch from the GIT site.
322 Name of the requested branch from the GIT location for the RPi Kernel. Default is using the current default branch from the GIT site.
311
323
312 ##### `QEMU_BINARY`="/usr/bin/qemu-arm-static"
324 ##### `QEMU_BINARY`="/usr/bin/qemu-arm-static"
313 Sets the QEMU enviornment for the Debian archive. If not set, `QEMU_BINARY` will be set to "/usr/bin/qemu-aarch64-static" automatically if building for arm64.
325 Sets the QEMU enviornment for the Debian archive. If not set, `QEMU_BINARY` will be set to "/usr/bin/qemu-aarch64-static" automatically if building for arm64.
314
326
315 ##### `KERNEL_DEFCONFIG`="bcm2709_defconfig"
327 ##### `KERNEL_DEFCONFIG`="bcm2709_defconfig"
316 Sets the default config for kernel compiling. If not set, `KERNEL_DEFCONFIG` will be set to "bcmrpi3\_defconfig" automatically if building for arm64.
328 Sets the default config for kernel compiling. If not set, `KERNEL_DEFCONFIG` will be set to "bcmrpi3\_defconfig" automatically if building for arm64.
317
329
318 ##### `KERNEL_REDUCE`=false
330 ##### `KERNEL_REDUCE`=false
319 Reduce the size of the generated kernel by removing unwanted devices, network and filesystem drivers (experimental).
331 Reduce the size of the generated kernel by removing unwanted devices, network and filesystem drivers (experimental).
320
332
321 ##### `KERNEL_THREADS`=1
333 ##### `KERNEL_THREADS`=1
322 Number of parallel kernel building threads. If the parameter is left untouched the script will automatically determine the number of CPU cores to set the number of parallel threads to speed the kernel compilation.
334 Number of parallel kernel building threads. If the parameter is left untouched the script will automatically determine the number of CPU cores to set the number of parallel threads to speed the kernel compilation.
323
335
324 ##### `KERNEL_HEADERS`=true
336 ##### `KERNEL_HEADERS`=true
325 Install kernel headers with the built kernel.
337 Install kernel headers with the built kernel.
326
338
327 ##### `KERNEL_MENUCONFIG`=false
339 ##### `KERNEL_MENUCONFIG`=false
328 Start `make menuconfig` interactive menu-driven kernel configuration. The script will continue after `make menuconfig` was terminated.
340 Start `make menuconfig` interactive menu-driven kernel configuration. The script will continue after `make menuconfig` was terminated.
329
341
330 ##### `KERNEL_OLDDEFCONFIG`=false
342 ##### `KERNEL_OLDDEFCONFIG`=false
331 Run `make olddefconfig` to automatically set all new kernel configuration options to their recommended default values.
343 Run `make olddefconfig` to automatically set all new kernel configuration options to their recommended default values.
332
344
333 ##### `KERNEL_CCACHE`=false
345 ##### `KERNEL_CCACHE`=false
334 Compile the kernel using ccache. This speeds up kernel recompilation by caching previous compilations and detecting when the same compilation is being done again.
346 Compile the kernel using ccache. This speeds up kernel recompilation by caching previous compilations and detecting when the same compilation is being done again.
335
347
336 ##### `KERNEL_REMOVESRC`=true
348 ##### `KERNEL_REMOVESRC`=true
337 Remove all kernel sources from the generated OS image after it was built and installed.
349 Remove all kernel sources from the generated OS image after it was built and installed.
338
350
339 ##### `KERNELSRC_DIR`=""
351 ##### `KERNELSRC_DIR`=""
340 Path to a directory (`linux`) of [RaspberryPi Linux kernel sources](https://github.com/raspberrypi/linux) that will be copied, configured, build and installed inside the chroot.
352 Path to a directory (`linux`) of [RaspberryPi Linux kernel sources](https://github.com/raspberrypi/linux) that will be copied, configured, build and installed inside the chroot.
341
353
342 ##### `KERNELSRC_CLEAN`=false
354 ##### `KERNELSRC_CLEAN`=false
343 Clean the existing kernel sources directory `KERNELSRC_DIR` (using `make mrproper`) after it was copied to the chroot and before the compilation of the kernel has started. This parameter will be ignored if no `KERNELSRC_DIR` was specified or if `KERNELSRC_PREBUILT`=true.
355 Clean the existing kernel sources directory `KERNELSRC_DIR` (using `make mrproper`) after it was copied to the chroot and before the compilation of the kernel has started. This parameter will be ignored if no `KERNELSRC_DIR` was specified or if `KERNELSRC_PREBUILT`=true.
344
356
345 ##### `KERNELSRC_CONFIG`=true
357 ##### `KERNELSRC_CONFIG`=true
346 Run `make bcm2709_defconfig` (and optional `make menuconfig`) to configure the kernel sources before building. This parameter is automatically set to `true` if no existing kernel sources directory was specified using `KERNELSRC_DIR`. This parameter is ignored if `KERNELSRC_PREBUILT`=true.
358 Run `make bcm2709_defconfig` (and optional `make menuconfig`) to configure the kernel sources before building. This parameter is automatically set to `true` if no existing kernel sources directory was specified using `KERNELSRC_DIR`. This parameter is ignored if `KERNELSRC_PREBUILT`=true.
347
359
348 ##### `KERNELSRC_USRCONFIG`=""
360 ##### `KERNELSRC_USRCONFIG`=""
349 Copy own config file to kernel `.config`. If `KERNEL_MENUCONFIG`=true then running after copy.
361 Copy own config file to kernel `.config`. If `KERNEL_MENUCONFIG`=true then running after copy.
350
362
351 ##### `KERNELSRC_PREBUILT`=false
363 ##### `KERNELSRC_PREBUILT`=false
352 With this parameter set to true the script expects the existing kernel sources directory to be already successfully cross-compiled. The parameters `KERNELSRC_CLEAN`, `KERNELSRC_CONFIG`, `KERNELSRC_USRCONFIG` and `KERNEL_MENUCONFIG` are ignored and no kernel compilation tasks are performed.
364 With this parameter set to true the script expects the existing kernel sources directory to be already successfully cross-compiled. The parameters `KERNELSRC_CLEAN`, `KERNELSRC_CONFIG`, `KERNELSRC_USRCONFIG` and `KERNEL_MENUCONFIG` are ignored and no kernel compilation tasks are performed.
353
365
354 ##### `RPI_FIRMWARE_DIR`=""
366 ##### `RPI_FIRMWARE_DIR`=""
355 The directory (`firmware`) containing a local copy of the firmware from the [RaspberryPi firmware project](https://github.com/raspberrypi/firmware). Default is to download the latest firmware directly from the project.
367 The directory (`firmware`) containing a local copy of the firmware from the [RaspberryPi firmware project](https://github.com/raspberrypi/firmware). Default is to download the latest firmware directly from the project.
356
368
357 ##### `KERNEL_DEFAULT_GOV`="ONDEMAND"
369 ##### `KERNEL_DEFAULT_GOV`="ONDEMAND"
358 Set the default cpu governor at kernel compilation. Supported values are: PERFORMANCE POWERSAVE USERSPACE ONDEMAND CONSERVATIVE SCHEDUTIL
370 Set the default cpu governor at kernel compilation. Supported values are: PERFORMANCE POWERSAVE USERSPACE ONDEMAND CONSERVATIVE SCHEDUTIL
359
371
360 ##### `KERNEL_NF`=false
372 ##### `KERNEL_NF`=false
361 Enable Netfilter modules as kernel modules
373 Enable Netfilter modules as kernel modules
362
374
363 ##### `KERNEL_VIRT`=false
375 ##### `KERNEL_VIRT`=false
364 Enable Kernel KVM support (/dev/kvm)
376 Enable Kernel KVM support (/dev/kvm)
365
377
366 ##### `KERNEL_ZSWAP`=false
378 ##### `KERNEL_ZSWAP`=false
367 Enable Kernel Zswap support. Best use on high RAM load and mediocre CPU load usecases
379 Enable Kernel Zswap support. Best use on high RAM load and mediocre CPU load usecases
368
380
369 ##### `KERNEL_BPF`=true
381 ##### `KERNEL_BPF`=true
370 Allow attaching eBPF programs to a cgroup using the bpf syscall (CONFIG_BPF_SYSCALL CONFIG_CGROUP_BPF) [systemd compilations about it - File /lib/systemd/system/systemd-journald.server:36 configures an IP firewall (IPAddressDeny=all), but the local system does not support BPF/cgroup based firewalls]
382 Allow attaching eBPF programs to a cgroup using the bpf syscall (CONFIG_BPF_SYSCALL CONFIG_CGROUP_BPF) [systemd compilations about it - File /lib/systemd/system/systemd-journald.server:36 configures an IP firewall (IPAddressDeny=all), but the local system does not support BPF/cgroup based firewalls]
371
383
372 ##### `KERNEL_SECURITY`=false
384 ##### `KERNEL_SECURITY`=false
373 Enables Apparmor, integrity subsystem, auditing
385 Enables Apparmor, integrity subsystem, auditing
374 ---
386 ---
375
387
376 #### Reduce disk usage:
388 #### Reduce disk usage:
377 The following list of parameters is ignored if `ENABLE_REDUCE`=false.
389 The following list of parameters is ignored if `ENABLE_REDUCE`=false.
378
390
379 ##### `REDUCE_APT`=true
391 ##### `REDUCE_APT`=true
380 Configure APT to use compressed package repository lists and no package caching files.
392 Configure APT to use compressed package repository lists and no package caching files.
381
393
382 ##### `REDUCE_DOC`=true
394 ##### `REDUCE_DOC`=true
383 Remove all doc files (harsh). Configure APT to not include doc files on future `apt-get` package installations.
395 Remove all doc files (harsh). Configure APT to not include doc files on future `apt-get` package installations.
384
396
385 ##### `REDUCE_MAN`=true
397 ##### `REDUCE_MAN`=true
386 Remove all man pages and info files (harsh). Configure APT to not include man pages on future `apt-get` package installations.
398 Remove all man pages and info files (harsh). Configure APT to not include man pages on future `apt-get` package installations.
387
399
388 ##### `REDUCE_VIM`=false
400 ##### `REDUCE_VIM`=false
389 Replace `vim-tiny` package by `levee` a tiny vim clone.
401 Replace `vim-tiny` package by `levee` a tiny vim clone.
390
402
391 ##### `REDUCE_BASH`=false
403 ##### `REDUCE_BASH`=false
392 Remove `bash` package and switch to `dash` shell (experimental).
404 Remove `bash` package and switch to `dash` shell (experimental).
393
405
394 ##### `REDUCE_HWDB`=true
406 ##### `REDUCE_HWDB`=true
395 Remove PCI related hwdb files (experimental).
407 Remove PCI related hwdb files (experimental).
396
408
397 ##### `REDUCE_SSHD`=true
409 ##### `REDUCE_SSHD`=true
398 Replace `openssh-server` with `dropbear`.
410 Replace `openssh-server` with `dropbear`.
399
411
400 ##### `REDUCE_LOCALE`=true
412 ##### `REDUCE_LOCALE`=true
401 Remove all `locale` translation files.
413 Remove all `locale` translation files.
402
414
403 ---
415 ---
404
416
405 #### Encrypted root partition:
417 #### Encrypted root partition:
406 ##### `ENABLE_CRYPTFS`=false
418 ##### `ENABLE_CRYPTFS`=false
407 Enable full system encryption with dm-crypt. Setup a fully LUKS encrypted root partition (aes-xts-plain64:sha512) and generate required initramfs. The /boot directory will not be encrypted. This parameter will be ignored if `BUILD_KERNEL`=false. `ENABLE_CRYPTFS` is experimental. SSH-to-initramfs is currently not supported but will be soon - feel free to help.
419 Enable full system encryption with dm-crypt. Setup a fully LUKS encrypted root partition (aes-xts-plain64:sha512) and generate required initramfs. The /boot directory will not be encrypted. This parameter will be ignored if `BUILD_KERNEL`=false. `ENABLE_CRYPTFS` is experimental. SSH-to-initramfs is currently not supported but will be soon - feel free to help.
408
420
409 ##### `CRYPTFS_PASSWORD`=""
421 ##### `CRYPTFS_PASSWORD`=""
410 Set password of the encrypted root partition. This parameter is mandatory if `ENABLE_CRYPTFS`=true.
422 Set password of the encrypted root partition. This parameter is mandatory if `ENABLE_CRYPTFS`=true.
411
423
412 ##### `CRYPTFS_MAPPING`="secure"
424 ##### `CRYPTFS_MAPPING`="secure"
413 Set name of dm-crypt managed device-mapper mapping.
425 Set name of dm-crypt managed device-mapper mapping.
414
426
415 ##### `CRYPTFS_CIPHER`="aes-xts-plain64:sha512"
427 ##### `CRYPTFS_CIPHER`="aes-xts-plain64:sha512"
416 Set cipher specification string. `aes-xts*` ciphers are strongly recommended.
428 Set cipher specification string. `aes-xts*` ciphers are strongly recommended.
417
429
418 ##### `CRYPTFS_XTSKEYSIZE`=512
430 ##### `CRYPTFS_XTSKEYSIZE`=512
419 Sets key size in bits. The argument has to be a multiple of 8.
431 Sets key size in bits. The argument has to be a multiple of 8.
420
432
421 ##### `CRYPTFS_DROPBEAR`=false
433 ##### `CRYPTFS_DROPBEAR`=false
422 Enable Dropbear Initramfs support
434 Enable Dropbear Initramfs support
423
435
424 ##### `CRYPTFS_DROPBEAR_PUBKEY`=""
436 ##### `CRYPTFS_DROPBEAR_PUBKEY`=""
425 Provide path to dropbear Public RSA-OpenSSH Key
437 Provide path to dropbear Public RSA-OpenSSH Key
426
438
427 ---
439 ---
428
440
429 #### Build settings:
441 #### Build settings:
430 ##### `BASEDIR`=$(pwd)/images/${RELEASE}
442 ##### `BASEDIR`=$(pwd)/images/${RELEASE}
431 Set a path to a working directory used by the script to generate an image.
443 Set a path to a working directory used by the script to generate an image.
432
444
433 ##### `IMAGE_NAME`=${BASEDIR}/${DATE}-${KERNEL_ARCH}-${KERNEL_BRANCH}-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}
445 ##### `IMAGE_NAME`=${BASEDIR}/${DATE}-${KERNEL_ARCH}-${KERNEL_BRANCH}-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}
434 Set a filename for the output file(s). Note: the script will create $IMAGE_NAME.img if `ENABLE_SPLITFS`=false or $IMAGE_NAME-frmw.img and $IMAGE_NAME-root.img if `ENABLE_SPLITFS`=true. Note 2: If the KERNEL_BRANCH is not set, the word "CURRENT" is used.
446 Set a filename for the output file(s). Note: the script will create $IMAGE_NAME.img if `ENABLE_SPLITFS`=false or $IMAGE_NAME-frmw.img and $IMAGE_NAME-root.img if `ENABLE_SPLITFS`=true. Note 2: If the KERNEL_BRANCH is not set, the word "CURRENT" is used.
435
447
436 ## Understanding the script
448 ## Understanding the script
437 The functions of this script that are required for the different stages of the bootstrapping are split up into single files located inside the `bootstrap.d` directory. During the bootstrapping every script in this directory gets executed in lexicographical order:
449 The functions of this script that are required for the different stages of the bootstrapping are split up into single files located inside the `bootstrap.d` directory. During the bootstrapping every script in this directory gets executed in lexicographical order:
438
450
439 | Script | Description |
451 | Script | Description |
440 | --- | --- |
452 | --- | --- |
441 | `10-bootstrap.sh` | Debootstrap basic system |
453 | `10-bootstrap.sh` | Debootstrap basic system |
442 | `11-apt.sh` | Setup APT repositories |
454 | `11-apt.sh` | Setup APT repositories |
443 | `12-locale.sh` | Setup Locales and keyboard settings |
455 | `12-locale.sh` | Setup Locales and keyboard settings |
444 | `13-kernel.sh` | Build and install RPi 0/1/2/3 Kernel |
456 | `13-kernel.sh` | Build and install RPi 0/1/2/3 Kernel |
445 | `14-fstab.sh` | Setup fstab and initramfs |
457 | `14-fstab.sh` | Setup fstab and initramfs |
446 | `15-rpi-config.sh` | Setup RPi 0/1/2/3 config and cmdline |
458 | `15-rpi-config.sh` | Setup RPi 0/1/2/3 config and cmdline |
447 | `20-networking.sh` | Setup Networking |
459 | `20-networking.sh` | Setup Networking |
448 | `21-firewall.sh` | Setup Firewall |
460 | `21-firewall.sh` | Setup Firewall |
449 | `30-security.sh` | Setup Users and Security settings |
461 | `30-security.sh` | Setup Users and Security settings |
450 | `31-logging.sh` | Setup Logging |
462 | `31-logging.sh` | Setup Logging |
451 | `32-sshd.sh` | Setup SSH and public keys |
463 | `32-sshd.sh` | Setup SSH and public keys |
452 | `41-uboot.sh` | Build and Setup U-Boot |
464 | `41-uboot.sh` | Build and Setup U-Boot |
453 | `42-fbturbo.sh` | Build and Setup fbturbo Xorg driver |
465 | `42-fbturbo.sh` | Build and Setup fbturbo Xorg driver |
454 | `43-videocore.sh` | Build and Setup videocore libraries |
466 | `43-videocore.sh` | Build and Setup videocore libraries |
455 | `50-firstboot.sh` | First boot actions |
467 | `50-firstboot.sh` | First boot actions |
456 | `99-reduce.sh` | Reduce the disk space usage |
468 | `99-reduce.sh` | Reduce the disk space usage |
457
469
458 All the required configuration files that will be copied to the generated OS image are located inside the `files` directory. It is not recommended to modify these configuration files manually.
470 All the required configuration files that will be copied to the generated OS image are located inside the `files` directory. It is not recommended to modify these configuration files manually.
459
471
460 | Directory | Description |
472 | Directory | Description |
461 | --- | --- |
473 | --- | --- |
462 | `apt` | APT management configuration files |
474 | `apt` | APT management configuration files |
463 | `boot` | Boot and RPi 0/1/2/3 configuration files |
475 | `boot` | Boot and RPi 0/1/2/3 configuration files |
464 | `dpkg` | Package Manager configuration |
476 | `dpkg` | Package Manager configuration |
465 | `etc` | Configuration files and rc scripts |
477 | `etc` | Configuration files and rc scripts |
466 | `firstboot` | Scripts that get executed on first boot |
478 | `firstboot` | Scripts that get executed on first boot |
467 | `initramfs` | Initramfs scripts |
479 | `initramfs` | Initramfs scripts |
468 | `iptables` | Firewall configuration files |
480 | `iptables` | Firewall configuration files |
469 | `locales` | Locales configuration |
481 | `locales` | Locales configuration |
470 | `modules` | Kernel Modules configuration |
482 | `modules` | Kernel Modules configuration |
471 | `mount` | Fstab configuration |
483 | `mount` | Fstab configuration |
472 | `network` | Networking configuration files |
484 | `network` | Networking configuration files |
473 | `sysctl.d` | Swapping and Network Hardening configuration |
485 | `sysctl.d` | Swapping and Network Hardening configuration |
474 | `xorg` | fbturbo Xorg driver configuration |
486 | `xorg` | fbturbo Xorg driver configuration |
475
487
476 ## Custom packages and scripts
488 ## Custom packages and scripts
477 Debian custom packages, i.e. those not in the debian repositories, can be installed by placing them in the `packages` directory. They are installed immediately after packages from the repositories are installed. Any dependencies listed in the custom packages will be downloaded automatically from the repositories. Do not list these custom packages in `APT_INCLUDES`.
489 Debian custom packages, i.e. those not in the debian repositories, can be installed by placing them in the `packages` directory. They are installed immediately after packages from the repositories are installed. Any dependencies listed in the custom packages will be downloaded automatically from the repositories. Do not list these custom packages in `APT_INCLUDES`.
478
490
479 Scripts in the custom.d directory will be executed after all other installation is complete but before the image is created.
491 Scripts in the custom.d directory will be executed after all other installation is complete but before the image is created.
480
492
481 ## Logging of the bootstrapping process
493 ## Logging of the bootstrapping process
482 All information related to the bootstrapping process and the commands executed by the `rpi23-gen-image.sh` script can easily be saved into a logfile. The common shell command `script` can be used for this purpose:
494 All information related to the bootstrapping process and the commands executed by the `rpi23-gen-image.sh` script can easily be saved into a logfile. The common shell command `script` can be used for this purpose:
483
495
484 ```shell
496 ```shell
485 script -c 'APT_SERVER=ftp.de.debian.org ./rpi23-gen-image.sh' ./build.log
497 script -c 'APT_SERVER=ftp.de.debian.org ./rpi23-gen-image.sh' ./build.log
486 ```
498 ```
487
499
488 ## Flashing the image file
500 ## Flashing the image file
489 After the image file was successfully created by the `rpi23-gen-image.sh` script it can be copied to the microSD card that will be used by the RPi 0/1/2/3 computer. This can be performed by using the tools `bmaptool` or `dd`. Using `bmaptool` will probably speed-up the copy process because `bmaptool` copies more wisely than `dd`.
501 After the image file was successfully created by the `rpi23-gen-image.sh` script it can be copied to the microSD card that will be used by the RPi 0/1/2/3 computer. This can be performed by using the tools `bmaptool` or `dd`. Using `bmaptool` will probably speed-up the copy process because `bmaptool` copies more wisely than `dd`.
490
502
491 ##### Flashing examples:
503 ##### Flashing examples:
492 ```shell
504 ```shell
493 bmaptool copy ./images/buster/2017-01-23-rpi3-buster.img /dev/mmcblk0
505 bmaptool copy ./images/buster/2017-01-23-rpi3-buster.img /dev/mmcblk0
494 dd bs=4M if=./images/buster/2017-01-23-rpi3-buster.img of=/dev/mmcblk0
506 dd bs=4M if=./images/buster/2017-01-23-rpi3-buster.img of=/dev/mmcblk0
495 ```
507 ```
496 If you have set `ENABLE_SPLITFS`, copy the `-frmw` image on the microSD card, then the `-root` one on the USB drive:
508 If you have set `ENABLE_SPLITFS`, copy the `-frmw` image on the microSD card, then the `-root` one on the USB drive:
497 ```shell
509 ```shell
498 bmaptool copy ./images/buster/2017-01-23-rpi3-buster-frmw.img /dev/mmcblk0
510 bmaptool copy ./images/buster/2017-01-23-rpi3-buster-frmw.img /dev/mmcblk0
499 bmaptool copy ./images/buster/2017-01-23-rpi3-buster-root.img /dev/sdc
511 bmaptool copy ./images/buster/2017-01-23-rpi3-buster-root.img /dev/sdc
500 ```
512 ```
501
513
502 ## QEMU emulation
514 ## QEMU emulation
503 Start QEMU full system emulation:
515 Start QEMU full system emulation:
504 ```shell
516 ```shell
505 qemu-system-arm -m 2048M -M vexpress-a15 -cpu cortex-a15 -kernel kernel7.img -no-reboot -dtb vexpress-v2p-ca15_a7.dtb -sd ${IMAGE_NAME}.qcow2 -append "root=/dev/mmcblk0p2 rw rootfstype=ext4 console=tty1"
517 qemu-system-arm -m 2048M -M vexpress-a15 -cpu cortex-a15 -kernel kernel7.img -no-reboot -dtb vexpress-v2p-ca15_a7.dtb -sd ${IMAGE_NAME}.qcow2 -append "root=/dev/mmcblk0p2 rw rootfstype=ext4 console=tty1"
506 ```
518 ```
507
519
508 Start QEMU full system emulation and output to console:
520 Start QEMU full system emulation and output to console:
509 ```shell
521 ```shell
510 qemu-system-arm -m 2048M -M vexpress-a15 -cpu cortex-a15 -kernel kernel7.img -no-reboot -dtb vexpress-v2p-ca15_a7.dtb -sd ${IMAGE_NAME}.qcow2 -append "root=/dev/mmcblk0p2 rw rootfstype=ext4 console=ttyAMA0,115200 init=/bin/systemd" -serial stdio
522 qemu-system-arm -m 2048M -M vexpress-a15 -cpu cortex-a15 -kernel kernel7.img -no-reboot -dtb vexpress-v2p-ca15_a7.dtb -sd ${IMAGE_NAME}.qcow2 -append "root=/dev/mmcblk0p2 rw rootfstype=ext4 console=ttyAMA0,115200 init=/bin/systemd" -serial stdio
511 ```
523 ```
512
524
513 Start QEMU full system emulation with SMP and output to console:
525 Start QEMU full system emulation with SMP and output to console:
514 ```shell
526 ```shell
515 qemu-system-arm -m 2048M -M vexpress-a15 -cpu cortex-a15 -smp cpus=2,maxcpus=2 -kernel kernel7.img -no-reboot -dtb vexpress-v2p-ca15_a7.dtb -sd ${IMAGE_NAME}.qcow2 -append "root=/dev/mmcblk0p2 rw rootfstype=ext4 console=ttyAMA0,115200 init=/bin/systemd" -serial stdio
527 qemu-system-arm -m 2048M -M vexpress-a15 -cpu cortex-a15 -smp cpus=2,maxcpus=2 -kernel kernel7.img -no-reboot -dtb vexpress-v2p-ca15_a7.dtb -sd ${IMAGE_NAME}.qcow2 -append "root=/dev/mmcblk0p2 rw rootfstype=ext4 console=ttyAMA0,115200 init=/bin/systemd" -serial stdio
516 ```
528 ```
517
529
518 Start QEMU full system emulation with cryptfs, initramfs and output to console:
530 Start QEMU full system emulation with cryptfs, initramfs and output to console:
519 ```shell
531 ```shell
520 qemu-system-arm -m 2048M -M vexpress-a15 -cpu cortex-a15 -kernel kernel7.img -no-reboot -dtb vexpress-v2p-ca15_a7.dtb -sd ${IMAGE_NAME}.qcow2 -initrd "initramfs-${KERNEL_VERSION}" -append "root=/dev/mapper/secure cryptdevice=/dev/mmcblk0p2:secure rw rootfstype=ext4 console=ttyAMA0,115200 init=/bin/systemd" -serial stdio
532 qemu-system-arm -m 2048M -M vexpress-a15 -cpu cortex-a15 -kernel kernel7.img -no-reboot -dtb vexpress-v2p-ca15_a7.dtb -sd ${IMAGE_NAME}.qcow2 -initrd "initramfs-${KERNEL_VERSION}" -append "root=/dev/mapper/secure cryptdevice=/dev/mmcblk0p2:secure rw rootfstype=ext4 console=ttyAMA0,115200 init=/bin/systemd" -serial stdio
521 ```
533 ```
522
534
523 ## External links and references
535 ## External links and references
524 * [Debian worldwide mirror sites](https://www.debian.org/mirror/list)
536 * [Debian worldwide mirror sites](https://www.debian.org/mirror/list)
525 * [Debian Raspberry Pi 2 Wiki](https://wiki.debian.org/RaspberryPi2)
537 * [Debian Raspberry Pi 2 Wiki](https://wiki.debian.org/RaspberryPi2)
526 * [Debian CrossToolchains Wiki](https://wiki.debian.org/CrossToolchains)
538 * [Debian CrossToolchains Wiki](https://wiki.debian.org/CrossToolchains)
527 * [Official Raspberry Pi Firmware on github](https://github.com/raspberrypi/firmware)
539 * [Official Raspberry Pi Firmware on github](https://github.com/raspberrypi/firmware)
528 * [Official Raspberry Pi Kernel on github](https://github.com/raspberrypi/linux)
540 * [Official Raspberry Pi Kernel on github](https://github.com/raspberrypi/linux)
529 * [U-BOOT git repository](https://git.denx.de/?p=u-boot.git;a=summary)
541 * [U-BOOT git repository](https://git.denx.de/?p=u-boot.git;a=summary)
530 * [Xorg DDX driver fbturbo](https://github.com/ssvb/xf86-video-fbturbo)
542 * [Xorg DDX driver fbturbo](https://github.com/ssvb/xf86-video-fbturbo)
531 * [RPi3 Wireless interface firmware](https://github.com/RPi-Distro/firmware-nonfree/tree/master/brcm80211/brcm)
543 * [RPi3 Wireless interface firmware](https://github.com/RPi-Distro/firmware-nonfree/tree/master/brcm80211/brcm)
532 * [Collabora RPi2 Kernel precompiled](https://repositories.collabora.co.uk/debian/)
544 * [Collabora RPi2 Kernel precompiled](https://repositories.collabora.co.uk/debian/)
@@ -1,643 +1,642
1 #
1 #
2 # Build and Setup RPi2/3 Kernel
2 # Build and Setup RPi2/3 Kernel
3 #
3 #
4
4
5 # Load utility functions
5 # Load utility functions
6 . ./functions.sh
6 . ./functions.sh
7
7
8 # Need to use kali kernel src if nexmon is enabled
8 # Need to use kali kernel src if nexmon is enabled
9 if [ "$ENABLE_NEXMON" = true ] ; then
9 if [ "$ENABLE_NEXMON" = true ] ; then
10 KERNEL_URL="${KALI_KERNEL_URL}"
10 KERNEL_URL="${KALI_KERNEL_URL}"
11 # Clear Branch and KernelSRC_DIR if using nexmon. Everyone will forget to clone kali kernel instead of nomrla kernel
11 # Clear Branch and KernelSRC_DIR if using nexmon. Everyone will forget to clone kali kernel instead of nomrla kernel
12 KERNEL_BRANCH=""
12 KERNEL_BRANCH=""
13 KERNELSRC_DIR=""
13 KERNELSRC_DIR=""
14 fi
14 fi
15
15
16 # Fetch and build latest raspberry kernel
16 # Fetch and build latest raspberry kernel
17 if [ "$BUILD_KERNEL" = true ] ; then
17 if [ "$BUILD_KERNEL" = true ] ; then
18 # Setup source directory
18 # Setup source directory
19 mkdir -p "${KERNEL_DIR}"
19 mkdir -p "${KERNEL_DIR}"
20
20
21 # Copy existing kernel sources into chroot directory
21 # Copy existing kernel sources into chroot directory
22 if [ -n "$KERNELSRC_DIR" ] && [ -d "$KERNELSRC_DIR" ] ; then
22 if [ -n "$KERNELSRC_DIR" ] && [ -d "$KERNELSRC_DIR" ] ; then
23 # Copy kernel sources and include hidden files
23 # Copy kernel sources and include hidden files
24 cp -r "${KERNELSRC_DIR}/". "${KERNEL_DIR}"
24 cp -r "${KERNELSRC_DIR}/". "${KERNEL_DIR}"
25
25
26 # Clean the kernel sources
26 # Clean the kernel sources
27 if [ "$KERNELSRC_CLEAN" = true ] && [ "$KERNELSRC_PREBUILT" = false ] ; then
27 if [ "$KERNELSRC_CLEAN" = true ] && [ "$KERNELSRC_PREBUILT" = false ] ; then
28 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" mrproper
28 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" mrproper
29 fi
29 fi
30 else # KERNELSRC_DIR=""
30 else # KERNELSRC_DIR=""
31 # Create temporary directory for kernel sources
31 # Create temporary directory for kernel sources
32 temp_dir=$(as_nobody mktemp -d)
32 temp_dir=$(as_nobody mktemp -d)
33
33
34 # Fetch current RPi2/3 kernel sources
34 # Fetch current RPi2/3 kernel sources
35 if [ -z "${KERNEL_BRANCH}" ] ; then
35 if [ -z "${KERNEL_BRANCH}" ] ; then
36 as_nobody -H git -C "${temp_dir}" clone --depth=1 "${KERNEL_URL}" linux
36 as_nobody -H git -C "${temp_dir}" clone --depth=1 "${KERNEL_URL}" linux
37 else
37 else
38 as_nobody -H git -C "${temp_dir}" clone --depth=1 --branch "${KERNEL_BRANCH}" "${KERNEL_URL}" linux
38 as_nobody -H git -C "${temp_dir}" clone --depth=1 --branch "${KERNEL_BRANCH}" "${KERNEL_URL}" linux
39 fi
39 fi
40
40
41 # Copy downloaded kernel sources
41 # Copy downloaded kernel sources
42 cp -r "${temp_dir}/linux/"* "${KERNEL_DIR}"
42 cp -r "${temp_dir}/linux/"* "${KERNEL_DIR}"
43
43
44 # Remove temporary directory for kernel sources
44 # Remove temporary directory for kernel sources
45 rm -fr "${temp_dir}"
45 rm -fr "${temp_dir}"
46
46
47 # Set permissions of the kernel sources
47 # Set permissions of the kernel sources
48 chown -R root:root "${R}/usr/src"
48 chown -R root:root "${R}/usr/src"
49 fi
49 fi
50
50
51 # Calculate optimal number of kernel building threads
51 # Calculate optimal number of kernel building threads
52 if [ "$KERNEL_THREADS" = "1" ] && [ -r /proc/cpuinfo ] ; then
52 if [ "$KERNEL_THREADS" = "1" ] && [ -r /proc/cpuinfo ] ; then
53 KERNEL_THREADS=$(grep -c processor /proc/cpuinfo)
53 KERNEL_THREADS=$(grep -c processor /proc/cpuinfo)
54 fi
54 fi
55
55
56 # Configure and build kernel
56 # Configure and build kernel
57 if [ "$KERNELSRC_PREBUILT" = false ] ; then
57 if [ "$KERNELSRC_PREBUILT" = false ] ; then
58 # Remove device, network and filesystem drivers from kernel configuration
58 # Remove device, network and filesystem drivers from kernel configuration
59 if [ "$KERNEL_REDUCE" = true ] ; then
59 if [ "$KERNEL_REDUCE" = true ] ; then
60 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" "${KERNEL_DEFCONFIG}"
60 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" "${KERNEL_DEFCONFIG}"
61 sed -i\
61 sed -i\
62 -e "s/\(^CONFIG_SND.*\=\).*/\1n/"\
62 -e "s/\(^CONFIG_SND.*\=\).*/\1n/"\
63 -e "s/\(^CONFIG_SOUND.*\=\).*/\1n/"\
63 -e "s/\(^CONFIG_SOUND.*\=\).*/\1n/"\
64 -e "s/\(^CONFIG_AC97.*\=\).*/\1n/"\
64 -e "s/\(^CONFIG_AC97.*\=\).*/\1n/"\
65 -e "s/\(^CONFIG_VIDEO_.*\=\).*/\1n/"\
65 -e "s/\(^CONFIG_VIDEO_.*\=\).*/\1n/"\
66 -e "s/\(^CONFIG_MEDIA_TUNER.*\=\).*/\1n/"\
66 -e "s/\(^CONFIG_MEDIA_TUNER.*\=\).*/\1n/"\
67 -e "s/\(^CONFIG_DVB.*\=\)[ym]/\1n/"\
67 -e "s/\(^CONFIG_DVB.*\=\)[ym]/\1n/"\
68 -e "s/\(^CONFIG_REISERFS.*\=\).*/\1n/"\
68 -e "s/\(^CONFIG_REISERFS.*\=\).*/\1n/"\
69 -e "s/\(^CONFIG_JFS.*\=\).*/\1n/"\
69 -e "s/\(^CONFIG_JFS.*\=\).*/\1n/"\
70 -e "s/\(^CONFIG_XFS.*\=\).*/\1n/"\
70 -e "s/\(^CONFIG_XFS.*\=\).*/\1n/"\
71 -e "s/\(^CONFIG_GFS2.*\=\).*/\1n/"\
71 -e "s/\(^CONFIG_GFS2.*\=\).*/\1n/"\
72 -e "s/\(^CONFIG_OCFS2.*\=\).*/\1n/"\
72 -e "s/\(^CONFIG_OCFS2.*\=\).*/\1n/"\
73 -e "s/\(^CONFIG_BTRFS.*\=\).*/\1n/"\
73 -e "s/\(^CONFIG_BTRFS.*\=\).*/\1n/"\
74 -e "s/\(^CONFIG_HFS.*\=\).*/\1n/"\
74 -e "s/\(^CONFIG_HFS.*\=\).*/\1n/"\
75 -e "s/\(^CONFIG_JFFS2.*\=\)[ym]/\1n/"\
75 -e "s/\(^CONFIG_JFFS2.*\=\)[ym]/\1n/"\
76 -e "s/\(^CONFIG_UBIFS.*\=\).*/\1n/"\
76 -e "s/\(^CONFIG_UBIFS.*\=\).*/\1n/"\
77 -e "s/\(^CONFIG_SQUASHFS.*\=\)[ym]/\1n/"\
77 -e "s/\(^CONFIG_SQUASHFS.*\=\)[ym]/\1n/"\
78 -e "s/\(^CONFIG_W1.*\=\)[ym]/\1n/"\
78 -e "s/\(^CONFIG_W1.*\=\)[ym]/\1n/"\
79 -e "s/\(^CONFIG_HAMRADIO.*\=\).*/\1n/"\
79 -e "s/\(^CONFIG_HAMRADIO.*\=\).*/\1n/"\
80 -e "s/\(^CONFIG_CAN.*\=\).*/\1n/"\
80 -e "s/\(^CONFIG_CAN.*\=\).*/\1n/"\
81 -e "s/\(^CONFIG_IRDA.*\=\).*/\1n/"\
81 -e "s/\(^CONFIG_IRDA.*\=\).*/\1n/"\
82 -e "s/\(^CONFIG_BT_.*\=\).*/\1n/"\
82 -e "s/\(^CONFIG_BT_.*\=\).*/\1n/"\
83 -e "s/\(^CONFIG_WIMAX.*\=\)[ym]/\1n/"\
83 -e "s/\(^CONFIG_WIMAX.*\=\)[ym]/\1n/"\
84 -e "s/\(^CONFIG_6LOWPAN.*\=\).*/\1n/"\
84 -e "s/\(^CONFIG_6LOWPAN.*\=\).*/\1n/"\
85 -e "s/\(^CONFIG_IEEE802154.*\=\).*/\1n/"\
85 -e "s/\(^CONFIG_IEEE802154.*\=\).*/\1n/"\
86 -e "s/\(^CONFIG_NFC.*\=\).*/\1n/"\
86 -e "s/\(^CONFIG_NFC.*\=\).*/\1n/"\
87 -e "s/\(^CONFIG_FB_TFT=.*\=\).*/\1n/"\
87 -e "s/\(^CONFIG_FB_TFT=.*\=\).*/\1n/"\
88 -e "s/\(^CONFIG_TOUCHSCREEN.*\=\).*/\1n/"\
88 -e "s/\(^CONFIG_TOUCHSCREEN.*\=\).*/\1n/"\
89 -e "s/\(^CONFIG_USB_GSPCA_.*\=\).*/\1n/"\
89 -e "s/\(^CONFIG_USB_GSPCA_.*\=\).*/\1n/"\
90 -e "s/\(^CONFIG_DRM.*\=\).*/\1n/"\
90 -e "s/\(^CONFIG_DRM.*\=\).*/\1n/"\
91 "${KERNEL_DIR}/.config"
91 "${KERNEL_DIR}/.config"
92 fi
92 fi
93
93
94 if [ "$KERNELSRC_CONFIG" = true ] ; then
94 if [ "$KERNELSRC_CONFIG" = true ] ; then
95 # Load default raspberry kernel configuration
95 # Load default raspberry kernel configuration
96 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" "${KERNEL_DEFCONFIG}"
96 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" "${KERNEL_DEFCONFIG}"
97
97
98 #Switch to KERNELSRC_DIR so we can use set_kernel_config
98 #Switch to KERNELSRC_DIR so we can use set_kernel_config
99 cd "${KERNEL_DIR}" || exit
99 cd "${KERNEL_DIR}" || exit
100
100
101 if [ "$KERNEL_ARCH" = arm64 ] ; then
101 if [ "$KERNEL_ARCH" = arm64 ] ; then
102 #Fix SD_DRIVER mess in 64bit config
102 #Fix SD_DRIVER upstream and downstream mess in 64bit RPIdeb_config
103 # use correct driver MMC_BCM2835_MMC instead of MMC_BCM2835_SDHOST - variable naming is bs
103 # use correct driver MMC_BCM2835_MMC instead of MMC_BCM2835_SDHOST - see https://www.raspberrypi.org/forums/viewtopic.php?t=210225
104 set_kernel_config CONFIG_MMC_BCM2835 n
104 set_kernel_config CONFIG_MMC_BCM2835 n
105 set_kernel_config CONFIG_MMC_SDHCI_IPROC n
105 set_kernel_config CONFIG_MMC_SDHCI_IPROC n
106 set_kernel_config CONFIG_USB_DWC2 n
106 set_kernel_config CONFIG_USB_DWC2 n
107 sed -i "s|depends on MMC_BCM2835_MMC && MMC_BCM2835_DMA|depends on MMC_BCM2835_MMC|" "${KERNEL_DIR}"/drivers/mmc/host/Kconfig
107 sed -i "s|depends on MMC_BCM2835_MMC && MMC_BCM2835_DMA|depends on MMC_BCM2835_MMC|" "${KERNEL_DIR}"/drivers/mmc/host/Kconfig
108
108
109 #VLAN got disabled without reason in arm64bit
109 #VLAN got disabled without reason in arm64bit
110 set_kernel_config CONFIG_IPVLAN m
110 set_kernel_config CONFIG_IPVLAN m
111
111
112 #V4L2 sub-device userspace API
112 #V4L2 sub-device userspace API
113 #set_kernel_config CONFIG_VIDEO_V4L2_SUBDEV_API y
113 #set_kernel_config CONFIG_VIDEO_V4L2_SUBDEV_API y
114 #VIDEO_MUX y
114 #VIDEO_MUX y
115 #VIDEO_XILINX n
115 #VIDEO_XILINX n
116 #VIDEO_XILINX_TPG n
116 #VIDEO_XILINX_TPG n
117 #VIDEO_ADV7180 m
117 #VIDEO_ADV7180 m
118
118
119 # GPIO-based bitbanging SPI Master
119 # GPIO-based bitbanging SPI Master
120 set_kernel_config CONFIG_SPI_GPIO m
120 set_kernel_config CONFIG_SPI_GPIO m
121 #SPI Slave protocol
121 #SPI Slave protocol
122 set_kernel_config CONFIG_SPI_SLAVE y
122 set_kernel_config CONFIG_SPI_SLAVE y
123 set_kernel_config CONFIG_SPI_SLAVE_TIME m
123 set_kernel_config CONFIG_SPI_SLAVE_TIME m
124 set_kernel_config CONFIG_SPI_SLAVE_SYSTEM_CONTROL m
124 set_kernel_config CONFIG_SPI_SLAVE_SYSTEM_CONTROL m
125
125
126 # Virtual (secure) IP: tunneling
126 # Virtual (secure) IP: tunneling
127 set_kernel_config CONFIG_NET_IPVTI m
127 set_kernel_config CONFIG_NET_IPVTI m
128
128
129 #Wlan driver debug info
129 #Wlan driver debug info
130 set_kernel_config CONFIG_BRCMDBG m
130 set_kernel_config CONFIG_BRCMDBG m
131
131
132 #GPIO WATCHDOG
132 #GPIO WATCHDOG
133 set_kernel_config CONFIG_GPIO_WATCHDOG m
133 set_kernel_config CONFIG_GPIO_WATCHDOG m
134
134
135 #Camera
135 #Camera
136 set_kernel_config VIDEO_BCM2835 m
136 set_kernel_config VIDEO_BCM2835 m
137 set_kernel_config VIDEO_BCM2835_UNICAM m
137 set_kernel_config VIDEO_BCM2835_UNICAM m
138 fi
138 fi
139
139
140 # enable ZSWAP see https://askubuntu.com/a/472227 or https://wiki.archlinux.org/index.php/zswap
140 # enable ZSWAP see https://askubuntu.com/a/472227 or https://wiki.archlinux.org/index.php/zswap
141 if [ "$KERNEL_ZSWAP" = true ] ; then
141 if [ "$KERNEL_ZSWAP" = true ] ; then
142 set_kernel_config CONFIG_ZPOOL y
142 set_kernel_config CONFIG_ZPOOL y
143 set_kernel_config CONFIG_ZSWAP y
143 set_kernel_config CONFIG_ZSWAP y
144 set_kernel_config CONFIG_ZBUD y
144 set_kernel_config CONFIG_ZBUD y
145 set_kernel_config CONFIG_Z3FOLD y
145 set_kernel_config CONFIG_Z3FOLD y
146 set_kernel_config CONFIG_ZSMALLOC y
146 set_kernel_config CONFIG_ZSMALLOC y
147 set_kernel_config CONFIG_PGTABLE_MAPPING y
147 set_kernel_config CONFIG_PGTABLE_MAPPING y
148 set_kernel_config CONFIG_LZO_COMPRESS y
148 set_kernel_config CONFIG_LZO_COMPRESS y
149
149
150 fi
150 fi
151
151
152 # enable basic KVM support; see https://www.raspberrypi.org/forums/viewtopic.php?f=63&t=210546&start=25#p1300453
152 # enable basic KVM support; see https://www.raspberrypi.org/forums/viewtopic.php?f=63&t=210546&start=25#p1300453
153 if [ "$KERNEL_VIRT" = true ] && { [ "$RPI_MODEL" = 2 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; } ; then
153 if [ "$KERNEL_VIRT" = true ] && { [ "$RPI_MODEL" = 2 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; } ; then
154 set_kernel_config CONFIG_HAVE_KVM_IRQCHIP y
154 set_kernel_config CONFIG_HAVE_KVM_IRQCHIP y
155 set_kernel_config CONFIG_HAVE_KVM_ARCH_TLB_FLUSH_ALL y
155 set_kernel_config CONFIG_HAVE_KVM_ARCH_TLB_FLUSH_ALL y
156 set_kernel_config CONFIG_HAVE_KVM_CPU_RELAX_INTERCEPT y
156 set_kernel_config CONFIG_HAVE_KVM_CPU_RELAX_INTERCEPT y
157 set_kernel_config CONFIG_HAVE_KVM_EVENTFD y
157 set_kernel_config CONFIG_HAVE_KVM_EVENTFD y
158 set_kernel_config CONFIG_HAVE_KVM_IRQFD y
158 set_kernel_config CONFIG_HAVE_KVM_IRQFD y
159 set_kernel_config CONFIG_HAVE_KVM_IRQ_ROUTING y
159 set_kernel_config CONFIG_HAVE_KVM_IRQ_ROUTING y
160 set_kernel_config CONFIG_HAVE_KVM_MSI y
160 set_kernel_config CONFIG_HAVE_KVM_MSI y
161 set_kernel_config CONFIG_KVM y
161 set_kernel_config CONFIG_KVM y
162 set_kernel_config CONFIG_KVM_ARM_HOST y
162 set_kernel_config CONFIG_KVM_ARM_HOST y
163 set_kernel_config CONFIG_KVM_ARM_PMU y
163 set_kernel_config CONFIG_KVM_ARM_PMU y
164 set_kernel_config CONFIG_KVM_COMPAT y
164 set_kernel_config CONFIG_KVM_COMPAT y
165 set_kernel_config CONFIG_KVM_GENERIC_DIRTYLOG_READ_PROTECT y
165 set_kernel_config CONFIG_KVM_GENERIC_DIRTYLOG_READ_PROTECT y
166 set_kernel_config CONFIG_KVM_MMIO y
166 set_kernel_config CONFIG_KVM_MMIO y
167 set_kernel_config CONFIG_KVM_VFIO y
167 set_kernel_config CONFIG_KVM_VFIO y
168 set_kernel_config CONFIG_VHOST m
168 set_kernel_config CONFIG_VHOST m
169 set_kernel_config CONFIG_VHOST_CROSS_ENDIAN_LEGACY y
169 set_kernel_config CONFIG_VHOST_CROSS_ENDIAN_LEGACY y
170 set_kernel_config CONFIG_VHOST_NET m
170 set_kernel_config CONFIG_VHOST_NET m
171 set_kernel_config CONFIG_VIRTUALIZATION y
171 set_kernel_config CONFIG_VIRTUALIZATION y
172
172
173 set_kernel_config CONFIG_MMU_NOTIFIER y
173 set_kernel_config CONFIG_MMU_NOTIFIER y
174
174
175 # erratum
175 # erratum
176 set_kernel_config ARM64_ERRATUM_834220 y
176 set_kernel_config ARM64_ERRATUM_834220 y
177
177
178 # https://sourceforge.net/p/kvm/mailman/message/18440797/
178 # https://sourceforge.net/p/kvm/mailman/message/18440797/
179 set_kernel_config CONFIG_PREEMPT_NOTIFIERS y
179 set_kernel_config CONFIG_PREEMPT_NOTIFIERS y
180 fi
180 fi
181
181
182 # enable apparmor,integrity audit,
182 # enable apparmor,integrity audit,
183 if [ "$KERNEL_SECURITY" = true ] ; then
183 if [ "$KERNEL_SECURITY" = true ] ; then
184
184
185 # security filesystem, security models and audit
185 # security filesystem, security models and audit
186 set_kernel_config CONFIG_SECURITYFS y
186 set_kernel_config CONFIG_SECURITYFS y
187 set_kernel_config CONFIG_SECURITY y
187 set_kernel_config CONFIG_SECURITY y
188 set_kernel_config CONFIG_AUDIT y
188 set_kernel_config CONFIG_AUDIT y
189
189
190 # harden strcpy and memcpy
190 # harden strcpy and memcpy
191 set_kernel_config CONFIG_HARDENED_USERCOPY y
191 set_kernel_config CONFIG_HARDENED_USERCOPY y
192 set_kernel_config CONFIG_HAVE_HARDENED_USERCOPY_ALLOCATOR y
192 set_kernel_config CONFIG_HAVE_HARDENED_USERCOPY_ALLOCATOR y
193 set_kernel_config CONFIG_FORTIFY_SOURCE y
193 set_kernel_config CONFIG_FORTIFY_SOURCE y
194
194
195 # integrity sub-system
195 # integrity sub-system
196 set_kernel_config CONFIG_INTEGRITY y
196 set_kernel_config CONFIG_INTEGRITY y
197 set_kernel_config CONFIG_INTEGRITY_ASYMMETRIC_KEYS y
197 set_kernel_config CONFIG_INTEGRITY_ASYMMETRIC_KEYS y
198 set_kernel_config CONFIG_INTEGRITY_AUDIT y
198 set_kernel_config CONFIG_INTEGRITY_AUDIT y
199 set_kernel_config CONFIG_INTEGRITY_SIGNATURE y
199 set_kernel_config CONFIG_INTEGRITY_SIGNATURE y
200 set_kernel_config CONFIG_INTEGRITY_TRUSTED_KEYRING y
200 set_kernel_config CONFIG_INTEGRITY_TRUSTED_KEYRING y
201 set_kernel_config CONFIG_SYSTEM_TRUSTED_KEYS ""
202
201
203 # This option provides support for retaining authentication tokens and access keys in the kernel.
202 # This option provides support for retaining authentication tokens and access keys in the kernel.
204 set_kernel_config CONFIG_KEYS y
203 set_kernel_config CONFIG_KEYS y
205 set_kernel_config CONFIG_KEYS_COMPAT y
204 set_kernel_config CONFIG_KEYS_COMPAT y
206
205
207 # Apparmor
206 # Apparmor
208 set_kernel_config CONFIG_SECURITY_APPARMOR_BOOTPARAM_VALUE 0
207 set_kernel_config CONFIG_SECURITY_APPARMOR_BOOTPARAM_VALUE 0
209 set_kernel_config CONFIG_SECURITY_APPARMOR_HASH_DEFAULT y
208 set_kernel_config CONFIG_SECURITY_APPARMOR_HASH_DEFAULT y
210 set_kernel_config CONFIG_DEFAULT_SECURITY_APPARMOR y
209 set_kernel_config CONFIG_DEFAULT_SECURITY_APPARMOR y
211 set_kernel_config CONFIG_SECURITY_APPARMOR y
210 set_kernel_config CONFIG_SECURITY_APPARMOR y
212 set_kernel_config CONFIG_SECURITY_APPARMOR_HASH y
211 set_kernel_config CONFIG_SECURITY_APPARMOR_HASH y
213 set_kernel_config CONFIG_DEFAULT_SECURITY "apparmor"
212 set_kernel_config CONFIG_DEFAULT_SECURITY "apparmor"
214
213
215 # restrictions on unprivileged users reading the kernel
214 # restrictions on unprivileged users reading the kernel
216 set_kernel_config CONFIG_SECURITY_DMESG_RESTRICT y
215 set_kernel_config CONFIG_SECURITY_DMESG_RESTRICT y
217
216
218 # network security hooks
217 # network security hooks
219 set_kernel_config CONFIG_SECURITY_NETWORK y
218 set_kernel_config CONFIG_SECURITY_NETWORK y
220 set_kernel_config CONFIG_SECURITY_NETWORK_XFRM y
219 set_kernel_config CONFIG_SECURITY_NETWORK_XFRM y
221 set_kernel_config CONFIG_SECURITY_PATH y
220 set_kernel_config CONFIG_SECURITY_PATH y
222 set_kernel_config CONFIG_SECURITY_YAMA n
221 set_kernel_config CONFIG_SECURITY_YAMA n
223
222
224 # New Options
223 # New Options
225 if [ "$KERNEL_NF" = true ] ; then
224 if [ "$KERNEL_NF" = true ] ; then
226 set_kernel_config CONFIG_IP_NF_SECURITY m
225 set_kernel_config CONFIG_IP_NF_SECURITY m
227 set_kernel_config CONFIG_NETLABEL y
226 set_kernel_config CONFIG_NETLABEL y
228 set_kernel_config CONFIG_IP6_NF_SECURITY m
227 set_kernel_config CONFIG_IP6_NF_SECURITY m
229 fi
228 fi
230 set_kernel_config CONFIG_SECURITY_SELINUX n
229 set_kernel_config CONFIG_SECURITY_SELINUX n
231 set_kernel_config CONFIG_SECURITY_SMACK n
230 set_kernel_config CONFIG_SECURITY_SMACK n
232 set_kernel_config CONFIG_SECURITY_TOMOYO n
231 set_kernel_config CONFIG_SECURITY_TOMOYO n
233 set_kernel_config CONFIG_SECURITY_APPARMOR_DEBUG n
232 set_kernel_config CONFIG_SECURITY_APPARMOR_DEBUG n
234 set_kernel_config CONFIG_SECURITY_LOADPIN n
233 set_kernel_config CONFIG_SECURITY_LOADPIN n
235 set_kernel_config CONFIG_HARDENED_USERCOPY_PAGESPAN n
234 set_kernel_config CONFIG_HARDENED_USERCOPY_PAGESPAN n
236 set_kernel_config CONFIG_IMA n
235 set_kernel_config CONFIG_IMA n
237 set_kernel_config CONFIG_EVM n
236 set_kernel_config CONFIG_EVM n
238 set_kernel_config CONFIG_FANOTIFY_ACCESS_PERMISSIONS y
237 set_kernel_config CONFIG_FANOTIFY_ACCESS_PERMISSIONS y
239 set_kernel_config CONFIG_NFSD_V4_SECURITY_LABEL y
238 set_kernel_config CONFIG_NFSD_V4_SECURITY_LABEL y
240 set_kernel_config CONFIG_PKCS7_MESSAGE_PARSER y
239 set_kernel_config CONFIG_PKCS7_MESSAGE_PARSER y
241 set_kernel_config CONFIG_SYSTEM_TRUSTED_KEYRING y
240 set_kernel_config CONFIG_SYSTEM_TRUSTED_KEYRING y
242 set_kernel_config CONFIG_SYSTEM_TRUSTED_KEYS y
241 set_kernel_config CONFIG_SYSTEM_TRUSTED_KEYS y
243 set_kernel_config CONFIG_SYSTEM_EXTRA_CERTIFICATE y
242 set_kernel_config CONFIG_SYSTEM_EXTRA_CERTIFICATE y
244 set_kernel_config CONFIG_SECONDARY_TRUSTED_KEYRING y
243 set_kernel_config CONFIG_SECONDARY_TRUSTED_KEYRING y
245 set_kernel_config CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY n
244 set_kernel_config CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY n
246 set_kernel_config CONFIG_SYSTEM_TRUSTED_KEYS m
245 set_kernel_config CONFIG_SYSTEM_TRUSTED_KEYS m
247 set_kernel_config CONFIG_SYSTEM_EXTRA_CERTIFICATE_SIZE 4096
246 set_kernel_config CONFIG_SYSTEM_EXTRA_CERTIFICATE_SIZE 4096
248
247
249 set_kernel_config CONFIG_ARM64_CRYPTO y
248 set_kernel_config CONFIG_ARM64_CRYPTO y
250 set_kernel_config CONFIG_CRYPTO_SHA256_ARM64 m
249 set_kernel_config CONFIG_CRYPTO_SHA256_ARM64 m
251 set_kernel_config CONFIG_CRYPTO_SHA512_ARM64 m
250 set_kernel_config CONFIG_CRYPTO_SHA512_ARM64 m
252 set_kernel_config CONFIG_CRYPTO_SHA1_ARM64_CE m
251 set_kernel_config CONFIG_CRYPTO_SHA1_ARM64_CE m
253 set_kernel_config CRYPTO_GHASH_ARM64_CE m
252 set_kernel_config CRYPTO_GHASH_ARM64_CE m
254 set_kernel_config CRYPTO_SHA2_ARM64_CE m
253 set_kernel_config CRYPTO_SHA2_ARM64_CE m
255 set_kernel_config CONFIG_CRYPTO_CRCT10DIF_ARM64_CE m
254 set_kernel_config CONFIG_CRYPTO_CRCT10DIF_ARM64_CE m
256 set_kernel_config CONFIG_CRYPTO_CRC32_ARM64_CE m
255 set_kernel_config CONFIG_CRYPTO_CRC32_ARM64_CE m
257 set_kernel_config CONFIG_CRYPTO_AES_ARM64 m
256 set_kernel_config CONFIG_CRYPTO_AES_ARM64 m
258 set_kernel_config CONFIG_CRYPTO_AES_ARM64_CE m
257 set_kernel_config CONFIG_CRYPTO_AES_ARM64_CE m
259 set_kernel_config CONFIG_CRYPTO_AES_ARM64_CE_CCM y
258 set_kernel_config CONFIG_CRYPTO_AES_ARM64_CE_CCM y
260 set_kernel_config CONFIG_CRYPTO_AES_ARM64_CE_BLK y
259 set_kernel_config CONFIG_CRYPTO_AES_ARM64_CE_BLK y
261 set_kernel_config CONFIG_CRYPTO_AES_ARM64_NEON_BLK m
260 set_kernel_config CONFIG_CRYPTO_AES_ARM64_NEON_BLK m
262 set_kernel_config CONFIG_CRYPTO_CHACHA20_NEON m
261 set_kernel_config CONFIG_CRYPTO_CHACHA20_NEON m
263 set_kernel_config CONFIG_CRYPTO_AES_ARM64_BS m
262 set_kernel_config CONFIG_CRYPTO_AES_ARM64_BS m
264 echo CONFIG_SYSTEM_TRUSTED_KEYS="" >> .config
263 echo CONFIG_SYSTEM_TRUSTED_KEYS="" >> .config
265 fi
264 fi
266
265
267 # Netfilter kernel support See https://github.com/raspberrypi/linux/issues/2177#issuecomment-354647406
266 # Netfilter kernel support See https://github.com/raspberrypi/linux/issues/2177#issuecomment-354647406
268 if [ "$KERNEL_NF" = true ] ; then
267 if [ "$KERNEL_NF" = true ] ; then
269 set_kernel_config CONFIG_IP_NF_TARGET_SYNPROXY m
268 set_kernel_config CONFIG_IP_NF_TARGET_SYNPROXY m
270 set_kernel_config CONFIG_NETFILTER_XT_TARGET_AUDIT m
269 set_kernel_config CONFIG_NETFILTER_XT_TARGET_AUDIT m
271 set_kernel_config CONFIG_NETFILTER_XT_MATCH_CGROUP m
270 set_kernel_config CONFIG_NETFILTER_XT_MATCH_CGROUP m
272 set_kernel_config CONFIG_NETFILTER_XT_MATCH_IPCOMP m
271 set_kernel_config CONFIG_NETFILTER_XT_MATCH_IPCOMP m
273 set_kernel_config CONFIG_NETFILTER_XT_MATCH_SOCKET m
272 set_kernel_config CONFIG_NETFILTER_XT_MATCH_SOCKET m
274 set_kernel_config CONFIG_NFT_FIB_INET m
273 set_kernel_config CONFIG_NFT_FIB_INET m
275 set_kernel_config CONFIG_NFT_FIB_IPV4 m
274 set_kernel_config CONFIG_NFT_FIB_IPV4 m
276 set_kernel_config CONFIG_NFT_FIB_IPV6 m
275 set_kernel_config CONFIG_NFT_FIB_IPV6 m
277 set_kernel_config CONFIG_NFT_FIB_NETDEV m
276 set_kernel_config CONFIG_NFT_FIB_NETDEV m
278 set_kernel_config CONFIG_NFT_OBJREF m
277 set_kernel_config CONFIG_NFT_OBJREF m
279 set_kernel_config CONFIG_NFT_RT m
278 set_kernel_config CONFIG_NFT_RT m
280 set_kernel_config CONFIG_NFT_SET_BITMAP m
279 set_kernel_config CONFIG_NFT_SET_BITMAP m
281 set_kernel_config CONFIG_NF_CONNTRACK_TIMEOUT y
280 set_kernel_config CONFIG_NF_CONNTRACK_TIMEOUT y
282 set_kernel_config CONFIG_NF_LOG_ARP m
281 set_kernel_config CONFIG_NF_LOG_ARP m
283 set_kernel_config CONFIG_NF_SOCKET_IPV4 m
282 set_kernel_config CONFIG_NF_SOCKET_IPV4 m
284 set_kernel_config CONFIG_NF_SOCKET_IPV6 m
283 set_kernel_config CONFIG_NF_SOCKET_IPV6 m
285 set_kernel_config CONFIG_BRIDGE_EBT_BROUTE m
284 set_kernel_config CONFIG_BRIDGE_EBT_BROUTE m
286 set_kernel_config CONFIG_BRIDGE_EBT_T_FILTER m
285 set_kernel_config CONFIG_BRIDGE_EBT_T_FILTER m
287 set_kernel_config CONFIG_BRIDGE_NF_EBTABLES m
286 set_kernel_config CONFIG_BRIDGE_NF_EBTABLES m
288 set_kernel_config CONFIG_IP6_NF_IPTABLES m
287 set_kernel_config CONFIG_IP6_NF_IPTABLES m
289 set_kernel_config CONFIG_IP6_NF_MATCH_AH m
288 set_kernel_config CONFIG_IP6_NF_MATCH_AH m
290 set_kernel_config CONFIG_IP6_NF_MATCH_EUI64 m
289 set_kernel_config CONFIG_IP6_NF_MATCH_EUI64 m
291 set_kernel_config CONFIG_IP6_NF_NAT m
290 set_kernel_config CONFIG_IP6_NF_NAT m
292 set_kernel_config CONFIG_IP6_NF_TARGET_MASQUERADE m
291 set_kernel_config CONFIG_IP6_NF_TARGET_MASQUERADE m
293 set_kernel_config CONFIG_IP6_NF_TARGET_NPT m
292 set_kernel_config CONFIG_IP6_NF_TARGET_NPT m
294 set_kernel_config CONFIG_IP_NF_SECURITY m
293 set_kernel_config CONFIG_IP_NF_SECURITY m
295 set_kernel_config CONFIG_IP_SET_BITMAP_IPMAC m
294 set_kernel_config CONFIG_IP_SET_BITMAP_IPMAC m
296 set_kernel_config CONFIG_IP_SET_BITMAP_PORT m
295 set_kernel_config CONFIG_IP_SET_BITMAP_PORT m
297 set_kernel_config CONFIG_IP_SET_HASH_IP m
296 set_kernel_config CONFIG_IP_SET_HASH_IP m
298 set_kernel_config CONFIG_IP_SET_HASH_IPMARK m
297 set_kernel_config CONFIG_IP_SET_HASH_IPMARK m
299 set_kernel_config CONFIG_IP_SET_HASH_IPPORT m
298 set_kernel_config CONFIG_IP_SET_HASH_IPPORT m
300 set_kernel_config CONFIG_IP_SET_HASH_IPPORTIP m
299 set_kernel_config CONFIG_IP_SET_HASH_IPPORTIP m
301 set_kernel_config CONFIG_IP_SET_HASH_IPPORTNET m
300 set_kernel_config CONFIG_IP_SET_HASH_IPPORTNET m
302 set_kernel_config CONFIG_IP_SET_HASH_MAC m
301 set_kernel_config CONFIG_IP_SET_HASH_MAC m
303 set_kernel_config CONFIG_IP_SET_HASH_NET m
302 set_kernel_config CONFIG_IP_SET_HASH_NET m
304 set_kernel_config CONFIG_IP_SET_HASH_NETIFACE m
303 set_kernel_config CONFIG_IP_SET_HASH_NETIFACE m
305 set_kernel_config CONFIG_IP_SET_HASH_NETNET m
304 set_kernel_config CONFIG_IP_SET_HASH_NETNET m
306 set_kernel_config CONFIG_IP_SET_HASH_NETPORT m
305 set_kernel_config CONFIG_IP_SET_HASH_NETPORT m
307 set_kernel_config CONFIG_IP_SET_HASH_NETPORTNET m
306 set_kernel_config CONFIG_IP_SET_HASH_NETPORTNET m
308 set_kernel_config CONFIG_IP_SET_LIST_SET m
307 set_kernel_config CONFIG_IP_SET_LIST_SET m
309 set_kernel_config CONFIG_NETFILTER_XTABLES m
308 set_kernel_config CONFIG_NETFILTER_XTABLES m
310 set_kernel_config CONFIG_NETFILTER_XTABLES m
309 set_kernel_config CONFIG_NETFILTER_XTABLES m
311 set_kernel_config CONFIG_NFT_BRIDGE_META m
310 set_kernel_config CONFIG_NFT_BRIDGE_META m
312 set_kernel_config CONFIG_NFT_BRIDGE_REJECT m
311 set_kernel_config CONFIG_NFT_BRIDGE_REJECT m
313 set_kernel_config CONFIG_NFT_CHAIN_NAT_IPV4 m
312 set_kernel_config CONFIG_NFT_CHAIN_NAT_IPV4 m
314 set_kernel_config CONFIG_NFT_CHAIN_NAT_IPV6 m
313 set_kernel_config CONFIG_NFT_CHAIN_NAT_IPV6 m
315 set_kernel_config CONFIG_NFT_CHAIN_ROUTE_IPV4 m
314 set_kernel_config CONFIG_NFT_CHAIN_ROUTE_IPV4 m
316 set_kernel_config CONFIG_NFT_CHAIN_ROUTE_IPV6 m
315 set_kernel_config CONFIG_NFT_CHAIN_ROUTE_IPV6 m
317 set_kernel_config CONFIG_NFT_COMPAT m
316 set_kernel_config CONFIG_NFT_COMPAT m
318 set_kernel_config CONFIG_NFT_COUNTER m
317 set_kernel_config CONFIG_NFT_COUNTER m
319 set_kernel_config CONFIG_NFT_CT m
318 set_kernel_config CONFIG_NFT_CT m
320 set_kernel_config CONFIG_NFT_DUP_IPV4 m
319 set_kernel_config CONFIG_NFT_DUP_IPV4 m
321 set_kernel_config CONFIG_NFT_DUP_IPV6 m
320 set_kernel_config CONFIG_NFT_DUP_IPV6 m
322 set_kernel_config CONFIG_NFT_DUP_NETDEV m
321 set_kernel_config CONFIG_NFT_DUP_NETDEV m
323 set_kernel_config CONFIG_NFT_EXTHDR m
322 set_kernel_config CONFIG_NFT_EXTHDR m
324 set_kernel_config CONFIG_NFT_FWD_NETDEV m
323 set_kernel_config CONFIG_NFT_FWD_NETDEV m
325 set_kernel_config CONFIG_NFT_HASH m
324 set_kernel_config CONFIG_NFT_HASH m
326 set_kernel_config CONFIG_NFT_LIMIT m
325 set_kernel_config CONFIG_NFT_LIMIT m
327 set_kernel_config CONFIG_NFT_LOG m
326 set_kernel_config CONFIG_NFT_LOG m
328 set_kernel_config CONFIG_NFT_MASQ m
327 set_kernel_config CONFIG_NFT_MASQ m
329 set_kernel_config CONFIG_NFT_MASQ_IPV4 m
328 set_kernel_config CONFIG_NFT_MASQ_IPV4 m
330 set_kernel_config CONFIG_NFT_MASQ_IPV6 m
329 set_kernel_config CONFIG_NFT_MASQ_IPV6 m
331 set_kernel_config CONFIG_NFT_META m
330 set_kernel_config CONFIG_NFT_META m
332 set_kernel_config CONFIG_NFT_NAT m
331 set_kernel_config CONFIG_NFT_NAT m
333 set_kernel_config CONFIG_NFT_NUMGEN m
332 set_kernel_config CONFIG_NFT_NUMGEN m
334 set_kernel_config CONFIG_NFT_QUEUE m
333 set_kernel_config CONFIG_NFT_QUEUE m
335 set_kernel_config CONFIG_NFT_QUOTA m
334 set_kernel_config CONFIG_NFT_QUOTA m
336 set_kernel_config CONFIG_NFT_REDIR m
335 set_kernel_config CONFIG_NFT_REDIR m
337 set_kernel_config CONFIG_NFT_REDIR_IPV4 m
336 set_kernel_config CONFIG_NFT_REDIR_IPV4 m
338 set_kernel_config CONFIG_NFT_REDIR_IPV6 m
337 set_kernel_config CONFIG_NFT_REDIR_IPV6 m
339 set_kernel_config CONFIG_NFT_REJECT m
338 set_kernel_config CONFIG_NFT_REJECT m
340 set_kernel_config CONFIG_NFT_REJECT_INET m
339 set_kernel_config CONFIG_NFT_REJECT_INET m
341 set_kernel_config CONFIG_NFT_REJECT_IPV4 m
340 set_kernel_config CONFIG_NFT_REJECT_IPV4 m
342 set_kernel_config CONFIG_NFT_REJECT_IPV6 m
341 set_kernel_config CONFIG_NFT_REJECT_IPV6 m
343 set_kernel_config CONFIG_NFT_SET_HASH m
342 set_kernel_config CONFIG_NFT_SET_HASH m
344 set_kernel_config CONFIG_NFT_SET_RBTREE m
343 set_kernel_config CONFIG_NFT_SET_RBTREE m
345 set_kernel_config CONFIG_NF_CONNTRACK_IPV4 m
344 set_kernel_config CONFIG_NF_CONNTRACK_IPV4 m
346 set_kernel_config CONFIG_NF_CONNTRACK_IPV6 m
345 set_kernel_config CONFIG_NF_CONNTRACK_IPV6 m
347 set_kernel_config CONFIG_NF_DEFRAG_IPV4 m
346 set_kernel_config CONFIG_NF_DEFRAG_IPV4 m
348 set_kernel_config CONFIG_NF_DEFRAG_IPV6 m
347 set_kernel_config CONFIG_NF_DEFRAG_IPV6 m
349 set_kernel_config CONFIG_NF_DUP_IPV4 m
348 set_kernel_config CONFIG_NF_DUP_IPV4 m
350 set_kernel_config CONFIG_NF_DUP_IPV6 m
349 set_kernel_config CONFIG_NF_DUP_IPV6 m
351 set_kernel_config CONFIG_NF_DUP_NETDEV m
350 set_kernel_config CONFIG_NF_DUP_NETDEV m
352 set_kernel_config CONFIG_NF_LOG_BRIDGE m
351 set_kernel_config CONFIG_NF_LOG_BRIDGE m
353 set_kernel_config CONFIG_NF_LOG_IPV4 m
352 set_kernel_config CONFIG_NF_LOG_IPV4 m
354 set_kernel_config CONFIG_NF_LOG_IPV6 m
353 set_kernel_config CONFIG_NF_LOG_IPV6 m
355 set_kernel_config CONFIG_NF_NAT_IPV4 m
354 set_kernel_config CONFIG_NF_NAT_IPV4 m
356 set_kernel_config CONFIG_NF_NAT_IPV6 m
355 set_kernel_config CONFIG_NF_NAT_IPV6 m
357 set_kernel_config CONFIG_NF_NAT_MASQUERADE_IPV4 m
356 set_kernel_config CONFIG_NF_NAT_MASQUERADE_IPV4 m
358 set_kernel_config CONFIG_NF_NAT_MASQUERADE_IPV6 m
357 set_kernel_config CONFIG_NF_NAT_MASQUERADE_IPV6 m
359 set_kernel_config CONFIG_NF_NAT_PPTP m
358 set_kernel_config CONFIG_NF_NAT_PPTP m
360 set_kernel_config CONFIG_NF_NAT_PROTO_GRE m
359 set_kernel_config CONFIG_NF_NAT_PROTO_GRE m
361 set_kernel_config CONFIG_NF_NAT_REDIRECT m
360 set_kernel_config CONFIG_NF_NAT_REDIRECT m
362 set_kernel_config CONFIG_NF_NAT_SIP m
361 set_kernel_config CONFIG_NF_NAT_SIP m
363 set_kernel_config CONFIG_NF_NAT_SNMP_BASIC m
362 set_kernel_config CONFIG_NF_NAT_SNMP_BASIC m
364 set_kernel_config CONFIG_NF_NAT_TFTP m
363 set_kernel_config CONFIG_NF_NAT_TFTP m
365 set_kernel_config CONFIG_NF_REJECT_IPV4 m
364 set_kernel_config CONFIG_NF_REJECT_IPV4 m
366 set_kernel_config CONFIG_NF_REJECT_IPV6 m
365 set_kernel_config CONFIG_NF_REJECT_IPV6 m
367 set_kernel_config CONFIG_NF_TABLES m
366 set_kernel_config CONFIG_NF_TABLES m
368 set_kernel_config CONFIG_NF_TABLES_ARP m
367 set_kernel_config CONFIG_NF_TABLES_ARP m
369 set_kernel_config CONFIG_NF_TABLES_BRIDGE m
368 set_kernel_config CONFIG_NF_TABLES_BRIDGE m
370 set_kernel_config CONFIG_NF_TABLES_INET m
369 set_kernel_config CONFIG_NF_TABLES_INET m
371 set_kernel_config CONFIG_NF_TABLES_IPV4 m
370 set_kernel_config CONFIG_NF_TABLES_IPV4 m
372 set_kernel_config CONFIG_NF_TABLES_IPV6 m
371 set_kernel_config CONFIG_NF_TABLES_IPV6 m
373 set_kernel_config CONFIG_NF_TABLES_NETDEV m
372 set_kernel_config CONFIG_NF_TABLES_NETDEV m
374 fi
373 fi
375
374
376 # Enables BPF syscall for systemd-journald see https://github.com/torvalds/linux/blob/master/init/Kconfig#L848 or https://groups.google.com/forum/#!topic/linux.gentoo.user/_2aSc_ztGpA
375 # Enables BPF syscall for systemd-journald see https://github.com/torvalds/linux/blob/master/init/Kconfig#L848 or https://groups.google.com/forum/#!topic/linux.gentoo.user/_2aSc_ztGpA
377 if [ "$KERNEL_BPF" = true ] ; then
376 if [ "$KERNEL_BPF" = true ] ; then
378 set_kernel_config CONFIG_BPF_SYSCALL y
377 set_kernel_config CONFIG_BPF_SYSCALL y
379 set_kernel_config CONFIG_BPF_EVENTS y
378 set_kernel_config CONFIG_BPF_EVENTS y
380 set_kernel_config CONFIG_BPF_STREAM_PARSER y
379 set_kernel_config CONFIG_BPF_STREAM_PARSER y
381 set_kernel_config CONFIG_CGROUP_BPF y
380 set_kernel_config CONFIG_CGROUP_BPF y
382 fi
381 fi
383
382
384 # KERNEL_DEFAULT_GOV was set by user
383 # KERNEL_DEFAULT_GOV was set by user
385 if [ "$KERNEL_DEFAULT_GOV" != powersave ] && [ -n "$KERNEL_DEFAULT_GOV" ] ; then
384 if [ "$KERNEL_DEFAULT_GOV" != powersave ] && [ -n "$KERNEL_DEFAULT_GOV" ] ; then
386
385
387 case "$KERNEL_DEFAULT_GOV" in
386 case "$KERNEL_DEFAULT_GOV" in
388 performance)
387 performance)
389 set_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_PERFORMANCE y
388 set_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_PERFORMANCE y
390 ;;
389 ;;
391 userspace)
390 userspace)
392 set_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_USERSPACE y
391 set_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_USERSPACE y
393 ;;
392 ;;
394 ondemand)
393 ondemand)
395 set_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_ONDEMAND y
394 set_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_ONDEMAND y
396 ;;
395 ;;
397 conservative)
396 conservative)
398 set_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_CONSERVATIVE y
397 set_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_CONSERVATIVE y
399 ;;
398 ;;
400 shedutil)
399 shedutil)
401 set_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_SCHEDUTIL y
400 set_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_SCHEDUTIL y
402 ;;
401 ;;
403 *)
402 *)
404 echo "error: unsupported default cpu governor"
403 echo "error: unsupported default cpu governor"
405 exit 1
404 exit 1
406 ;;
405 ;;
407 esac
406 esac
408
407
409 # unset previous default governor
408 # unset previous default governor
410 unset_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_POWERSAVE
409 unset_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_POWERSAVE
411 fi
410 fi
412
411
413 #Revert to previous directory
412 #Revert to previous directory
414 cd "${WORKDIR}" || exit
413 cd "${WORKDIR}" || exit
415
414
416 # Set kernel configuration parameters to enable qemu emulation
415 # Set kernel configuration parameters to enable qemu emulation
417 if [ "$ENABLE_QEMU" = true ] ; then
416 if [ "$ENABLE_QEMU" = true ] ; then
418 echo "CONFIG_FHANDLE=y" >> "${KERNEL_DIR}"/.config
417 echo "CONFIG_FHANDLE=y" >> "${KERNEL_DIR}"/.config
419 echo "CONFIG_LBDAF=y" >> "${KERNEL_DIR}"/.config
418 echo "CONFIG_LBDAF=y" >> "${KERNEL_DIR}"/.config
420
419
421 if [ "$ENABLE_CRYPTFS" = true ] ; then
420 if [ "$ENABLE_CRYPTFS" = true ] ; then
422 {
421 {
423 echo "CONFIG_EMBEDDED=y"
422 echo "CONFIG_EMBEDDED=y"
424 echo "CONFIG_EXPERT=y"
423 echo "CONFIG_EXPERT=y"
425 echo "CONFIG_DAX=y"
424 echo "CONFIG_DAX=y"
426 echo "CONFIG_MD=y"
425 echo "CONFIG_MD=y"
427 echo "CONFIG_BLK_DEV_MD=y"
426 echo "CONFIG_BLK_DEV_MD=y"
428 echo "CONFIG_MD_AUTODETECT=y"
427 echo "CONFIG_MD_AUTODETECT=y"
429 echo "CONFIG_BLK_DEV_DM=y"
428 echo "CONFIG_BLK_DEV_DM=y"
430 echo "CONFIG_BLK_DEV_DM_BUILTIN=y"
429 echo "CONFIG_BLK_DEV_DM_BUILTIN=y"
431 echo "CONFIG_DM_CRYPT=y"
430 echo "CONFIG_DM_CRYPT=y"
432 echo "CONFIG_CRYPTO_BLKCIPHER=y"
431 echo "CONFIG_CRYPTO_BLKCIPHER=y"
433 echo "CONFIG_CRYPTO_CBC=y"
432 echo "CONFIG_CRYPTO_CBC=y"
434 echo "CONFIG_CRYPTO_XTS=y"
433 echo "CONFIG_CRYPTO_XTS=y"
435 echo "CONFIG_CRYPTO_SHA512=y"
434 echo "CONFIG_CRYPTO_SHA512=y"
436 echo "CONFIG_CRYPTO_MANAGER=y"
435 echo "CONFIG_CRYPTO_MANAGER=y"
437 } >> "${KERNEL_DIR}"/.config
436 } >> "${KERNEL_DIR}"/.config
438 fi
437 fi
439 fi
438 fi
440
439
441 # Copy custom kernel configuration file
440 # Copy custom kernel configuration file
442 if [ -n "$KERNELSRC_USRCONFIG" ] ; then
441 if [ -n "$KERNELSRC_USRCONFIG" ] ; then
443 cp "$KERNELSRC_USRCONFIG" "${KERNEL_DIR}"/.config
442 cp "$KERNELSRC_USRCONFIG" "${KERNEL_DIR}"/.config
444 fi
443 fi
445
444
446 # Set kernel configuration parameters to their default values
445 # Set kernel configuration parameters to their default values
447 if [ "$KERNEL_OLDDEFCONFIG" = true ] ; then
446 if [ "$KERNEL_OLDDEFCONFIG" = true ] ; then
448 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" olddefconfig
447 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" olddefconfig
449 fi
448 fi
450
449
451 # Start menu-driven kernel configuration (interactive)
450 # Start menu-driven kernel configuration (interactive)
452 if [ "$KERNEL_MENUCONFIG" = true ] ; then
451 if [ "$KERNEL_MENUCONFIG" = true ] ; then
453 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" menuconfig
452 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" menuconfig
454 fi
453 fi
455 # end if "$KERNELSRC_CONFIG" = true
454 # end if "$KERNELSRC_CONFIG" = true
456 fi
455 fi
457
456
458 # Use ccache to cross compile the kernel
457 # Use ccache to cross compile the kernel
459 if [ "$KERNEL_CCACHE" = true ] ; then
458 if [ "$KERNEL_CCACHE" = true ] ; then
460 cc="ccache ${CROSS_COMPILE}gcc"
459 cc="ccache ${CROSS_COMPILE}gcc"
461 else
460 else
462 cc="${CROSS_COMPILE}gcc"
461 cc="${CROSS_COMPILE}gcc"
463 fi
462 fi
464
463
465 # Cross compile kernel and dtbs
464 # Cross compile kernel and dtbs
466 make -C "${KERNEL_DIR}" -j"${KERNEL_THREADS}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" CC="${cc}" "${KERNEL_BIN_IMAGE}" dtbs
465 make -C "${KERNEL_DIR}" -j"${KERNEL_THREADS}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" CC="${cc}" "${KERNEL_BIN_IMAGE}" dtbs
467
466
468 # Cross compile kernel modules
467 # Cross compile kernel modules
469 if grep -q "CONFIG_MODULES=y" "${KERNEL_DIR}/.config" ; then
468 if grep -q "CONFIG_MODULES=y" "${KERNEL_DIR}/.config" ; then
470 make -C "${KERNEL_DIR}" -j"${KERNEL_THREADS}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" CC="${cc}" modules
469 make -C "${KERNEL_DIR}" -j"${KERNEL_THREADS}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" CC="${cc}" modules
471 fi
470 fi
472 # end if "$KERNELSRC_PREBUILT" = false
471 # end if "$KERNELSRC_PREBUILT" = false
473 fi
472 fi
474
473
475 # Check if kernel compilation was successful
474 # Check if kernel compilation was successful
476 if [ ! -r "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/${KERNEL_BIN_IMAGE}" ] ; then
475 if [ ! -r "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/${KERNEL_BIN_IMAGE}" ] ; then
477 echo "error: kernel compilation failed! (kernel image not found)"
476 echo "error: kernel compilation failed! (kernel image not found)"
478 cleanup
477 cleanup
479 exit 1
478 exit 1
480 fi
479 fi
481
480
482 # Install kernel modules
481 # Install kernel modules
483 if [ "$ENABLE_REDUCE" = true ] ; then
482 if [ "$ENABLE_REDUCE" = true ] ; then
484 if grep -q "CONFIG_MODULES=y" "${KERNEL_DIR}/.config" ; then
483 if grep -q "CONFIG_MODULES=y" "${KERNEL_DIR}/.config" ; then
485 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_MOD_STRIP=1 INSTALL_MOD_PATH=../../.. modules_install
484 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_MOD_STRIP=1 INSTALL_MOD_PATH=../../.. modules_install
486 fi
485 fi
487 else
486 else
488 if grep -q "CONFIG_MODULES=y" "${KERNEL_DIR}/.config" ; then
487 if grep -q "CONFIG_MODULES=y" "${KERNEL_DIR}/.config" ; then
489 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_MOD_PATH=../../.. modules_install
488 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_MOD_PATH=../../.. modules_install
490 fi
489 fi
491
490
492 # Install kernel firmware
491 # Install kernel firmware
493 if grep -q "^firmware_install:" "${KERNEL_DIR}/Makefile" ; then
492 if grep -q "^firmware_install:" "${KERNEL_DIR}/Makefile" ; then
494 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_FW_PATH=../../../lib firmware_install
493 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_FW_PATH=../../../lib firmware_install
495 fi
494 fi
496 fi
495 fi
497
496
498 # Install kernel headers
497 # Install kernel headers
499 if [ "$KERNEL_HEADERS" = true ] && [ "$KERNEL_REDUCE" = false ] ; then
498 if [ "$KERNEL_HEADERS" = true ] && [ "$KERNEL_REDUCE" = false ] ; then
500 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_HDR_PATH=../.. headers_install
499 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_HDR_PATH=../.. headers_install
501 fi
500 fi
502
501
503 # Prepare boot (firmware) directory
502 # Prepare boot (firmware) directory
504 mkdir "${BOOT_DIR}"
503 mkdir "${BOOT_DIR}"
505
504
506 # Get kernel release version
505 # Get kernel release version
507 KERNEL_VERSION=$(cat "${KERNEL_DIR}/include/config/kernel.release")
506 KERNEL_VERSION=$(cat "${KERNEL_DIR}/include/config/kernel.release")
508
507
509 # Copy kernel configuration file to the boot directory
508 # Copy kernel configuration file to the boot directory
510 install_readonly "${KERNEL_DIR}/.config" "${R}/boot/config-${KERNEL_VERSION}"
509 install_readonly "${KERNEL_DIR}/.config" "${R}/boot/config-${KERNEL_VERSION}"
511
510
512 # Prepare device tree directory
511 # Prepare device tree directory
513 mkdir "${BOOT_DIR}/overlays"
512 mkdir "${BOOT_DIR}/overlays"
514
513
515 # Ensure the proper .dtb is located
514 # Ensure the proper .dtb is located
516 if [ "$KERNEL_ARCH" = "arm" ] ; then
515 if [ "$KERNEL_ARCH" = "arm" ] ; then
517 for dtb in "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/"*.dtb ; do
516 for dtb in "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/"*.dtb ; do
518 if [ -f "${dtb}" ] ; then
517 if [ -f "${dtb}" ] ; then
519 install_readonly "${dtb}" "${BOOT_DIR}/"
518 install_readonly "${dtb}" "${BOOT_DIR}/"
520 fi
519 fi
521 done
520 done
522 else
521 else
523 for dtb in "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/broadcom/"*.dtb ; do
522 for dtb in "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/broadcom/"*.dtb ; do
524 if [ -f "${dtb}" ] ; then
523 if [ -f "${dtb}" ] ; then
525 install_readonly "${dtb}" "${BOOT_DIR}/"
524 install_readonly "${dtb}" "${BOOT_DIR}/"
526 fi
525 fi
527 done
526 done
528 fi
527 fi
529
528
530 # Copy compiled dtb device tree files
529 # Copy compiled dtb device tree files
531 if [ -d "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays" ] ; then
530 if [ -d "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays" ] ; then
532 for dtb in "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays/"*.dtbo ; do
531 for dtb in "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays/"*.dtbo ; do
533 if [ -f "${dtb}" ] ; then
532 if [ -f "${dtb}" ] ; then
534 install_readonly "${dtb}" "${BOOT_DIR}/overlays/"
533 install_readonly "${dtb}" "${BOOT_DIR}/overlays/"
535 fi
534 fi
536 done
535 done
537
536
538 if [ -f "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays/README" ] ; then
537 if [ -f "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays/README" ] ; then
539 install_readonly "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays/README" "${BOOT_DIR}/overlays/README"
538 install_readonly "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays/README" "${BOOT_DIR}/overlays/README"
540 fi
539 fi
541 fi
540 fi
542
541
543 if [ "$ENABLE_UBOOT" = false ] ; then
542 if [ "$ENABLE_UBOOT" = false ] ; then
544 # Convert and copy kernel image to the boot directory
543 # Convert and copy kernel image to the boot directory
545 "${KERNEL_DIR}/scripts/mkknlimg" "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/${KERNEL_BIN_IMAGE}" "${BOOT_DIR}/${KERNEL_IMAGE}"
544 "${KERNEL_DIR}/scripts/mkknlimg" "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/${KERNEL_BIN_IMAGE}" "${BOOT_DIR}/${KERNEL_IMAGE}"
546 else
545 else
547 # Copy kernel image to the boot directory
546 # Copy kernel image to the boot directory
548 install_readonly "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/${KERNEL_BIN_IMAGE}" "${BOOT_DIR}/${KERNEL_IMAGE}"
547 install_readonly "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/${KERNEL_BIN_IMAGE}" "${BOOT_DIR}/${KERNEL_IMAGE}"
549 fi
548 fi
550
549
551 # Remove kernel sources
550 # Remove kernel sources
552 if [ "$KERNEL_REMOVESRC" = true ] ; then
551 if [ "$KERNEL_REMOVESRC" = true ] ; then
553 rm -fr "${KERNEL_DIR}"
552 rm -fr "${KERNEL_DIR}"
554 else
553 else
555 # Prepare compiled kernel modules
554 # Prepare compiled kernel modules
556 if grep -q "CONFIG_MODULES=y" "${KERNEL_DIR}/.config" ; then
555 if grep -q "CONFIG_MODULES=y" "${KERNEL_DIR}/.config" ; then
557 if grep -q "^modules_prepare:" "${KERNEL_DIR}/Makefile" ; then
556 if grep -q "^modules_prepare:" "${KERNEL_DIR}/Makefile" ; then
558 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" modules_prepare
557 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" modules_prepare
559 fi
558 fi
560
559
561 # Create symlinks for kernel modules
560 # Create symlinks for kernel modules
562 chroot_exec ln -sf /usr/src/linux "/lib/modules/${KERNEL_VERSION}/build"
561 chroot_exec ln -sf /usr/src/linux "/lib/modules/${KERNEL_VERSION}/build"
563 chroot_exec ln -sf /usr/src/linux "/lib/modules/${KERNEL_VERSION}/source"
562 chroot_exec ln -sf /usr/src/linux "/lib/modules/${KERNEL_VERSION}/source"
564 fi
563 fi
565 fi
564 fi
566
565
567 else # BUILD_KERNEL=false
566 else # BUILD_KERNEL=false
568 if [ "$SET_ARCH" = 64 ] && { [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; } ; then
567 if [ "$SET_ARCH" = 64 ] && { [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; } ; then
569
568
570 # Use Sakakis modified kernel if ZSWAP is active
569 # Use Sakakis modified kernel if ZSWAP is active
571 if [ "$KERNEL_ZSWAP" = true ] || [ "$KERNEL_VIRT" = true ] || [ "$KERNEL_NF" = true ] || [ "$KERNEL_BPF" = true ] ; then
570 if [ "$KERNEL_ZSWAP" = true ] || [ "$KERNEL_VIRT" = true ] || [ "$KERNEL_NF" = true ] || [ "$KERNEL_BPF" = true ] ; then
572 RPI3_64_KERNEL_URL="${RPI3_64_BIS_KERNEL_URL}"
571 RPI3_64_KERNEL_URL="${RPI3_64_BIS_KERNEL_URL}"
573 fi
572 fi
574
573
575 # Create temporary directory for dl
574 # Create temporary directory for dl
576 temp_dir=$(as_nobody mktemp -d)
575 temp_dir=$(as_nobody mktemp -d)
577
576
578 # Fetch kernel dl
577 # Fetch kernel dl
579 as_nobody wget -O "${temp_dir}"/kernel.tar.xz -c "$RPI3_64_KERNEL_URL"
578 as_nobody wget -O "${temp_dir}"/kernel.tar.xz -c "$RPI3_64_KERNEL_URL"
580
579
581 #extract download
580 #extract download
582 tar -xJf "${temp_dir}"/kernel.tar.xz -C "${temp_dir}"
581 tar -xJf "${temp_dir}"/kernel.tar.xz -C "${temp_dir}"
583
582
584 #move extracted kernel to /boot/firmware
583 #move extracted kernel to /boot/firmware
585 mkdir "${R}/boot/firmware"
584 mkdir "${R}/boot/firmware"
586 cp "${temp_dir}"/boot/* "${R}"/boot/firmware/
585 cp "${temp_dir}"/boot/* "${R}"/boot/firmware/
587 cp -r "${temp_dir}"/lib/* "${R}"/lib/
586 cp -r "${temp_dir}"/lib/* "${R}"/lib/
588
587
589 # Remove temporary directory for kernel sources
588 # Remove temporary directory for kernel sources
590 rm -fr "${temp_dir}"
589 rm -fr "${temp_dir}"
591
590
592 # Set permissions of the kernel sources
591 # Set permissions of the kernel sources
593 chown -R root:root "${R}/boot/firmware"
592 chown -R root:root "${R}/boot/firmware"
594 chown -R root:root "${R}/lib/modules"
593 chown -R root:root "${R}/lib/modules"
595 fi
594 fi
596
595
597 # Install Kernel from hypriot comptabile with all Raspberry PI
596 # Install Kernel from hypriot comptabile with all Raspberry PI
598 if [ "$SET_ARCH" = 32 ] ; then
597 if [ "$SET_ARCH" = 32 ] ; then
599 # Create temporary directory for dl
598 # Create temporary directory for dl
600 temp_dir=$(as_nobody mktemp -d)
599 temp_dir=$(as_nobody mktemp -d)
601
600
602 # Fetch kernel
601 # Fetch kernel
603 as_nobody wget -O "${temp_dir}"/kernel.deb -c "$RPI_32_KERNEL_URL"
602 as_nobody wget -O "${temp_dir}"/kernel.deb -c "$RPI_32_KERNEL_URL"
604
603
605 # Copy downloaded U-Boot sources
604 # Copy downloaded U-Boot sources
606 mv "${temp_dir}"/kernel.deb "${R}"/tmp/kernel.deb
605 mv "${temp_dir}"/kernel.deb "${R}"/tmp/kernel.deb
607
606
608 # Set permissions
607 # Set permissions
609 chown -R root:root "${R}"/tmp/kernel.deb
608 chown -R root:root "${R}"/tmp/kernel.deb
610
609
611 # Install kernel
610 # Install kernel
612 chroot_exec dpkg -i /tmp/kernel.deb
611 chroot_exec dpkg -i /tmp/kernel.deb
613
612
614 # move /boot to /boot/firmware to fit script env.
613 # move /boot to /boot/firmware to fit script env.
615 #mkdir "${BOOT_DIR}"
614 #mkdir "${BOOT_DIR}"
616 mkdir "${temp_dir}"/firmware
615 mkdir "${temp_dir}"/firmware
617 mv "${R}"/boot/* "${temp_dir}"/firmware/
616 mv "${R}"/boot/* "${temp_dir}"/firmware/
618 mv "${temp_dir}"/firmware "${R}"/boot/
617 mv "${temp_dir}"/firmware "${R}"/boot/
619
618
620 #same for kernel headers
619 #same for kernel headers
621 if [ "$KERNEL_HEADERS" = true ] ; then
620 if [ "$KERNEL_HEADERS" = true ] ; then
622 # Fetch kernel header
621 # Fetch kernel header
623 as_nobody wget -O "${temp_dir}"/kernel-header.deb -c "$RPI_32_KERNELHEADER_URL"
622 as_nobody wget -O "${temp_dir}"/kernel-header.deb -c "$RPI_32_KERNELHEADER_URL"
624 mv "${temp_dir}"/kernel-header.deb "${R}"/tmp/kernel-header.deb
623 mv "${temp_dir}"/kernel-header.deb "${R}"/tmp/kernel-header.deb
625 chown -R root:root "${R}"/tmp/kernel-header.deb
624 chown -R root:root "${R}"/tmp/kernel-header.deb
626 # Install kernel header
625 # Install kernel header
627 chroot_exec dpkg -i /tmp/kernel-header.deb
626 chroot_exec dpkg -i /tmp/kernel-header.deb
628 rm -f "${R}"/tmp/kernel-header.deb
627 rm -f "${R}"/tmp/kernel-header.deb
629 fi
628 fi
630
629
631 # Remove temporary directory and files
630 # Remove temporary directory and files
632 rm -fr "${temp_dir}"
631 rm -fr "${temp_dir}"
633 rm -f "${R}"/tmp/kernel.deb
632 rm -f "${R}"/tmp/kernel.deb
634 fi
633 fi
635
634
636 # Check if kernel installation was successful
635 # Check if kernel installation was successful
637 KERNEL="$(ls -1 "${R}"/boot/firmware/kernel* | sort | tail -n 1)"
636 KERNEL="$(ls -1 "${R}"/boot/firmware/kernel* | sort | tail -n 1)"
638 if [ -z "$KERNEL" ] ; then
637 if [ -z "$KERNEL" ] ; then
639 echo "error: kernel installation failed! (/boot/kernel* not found)"
638 echo "error: kernel installation failed! (/boot/kernel* not found)"
640 cleanup
639 cleanup
641 exit 1
640 exit 1
642 fi
641 fi
643 fi
642 fi
@@ -1,118 +1,116
1 #
1 #
2 # Setup fstab and initramfs
2 # Setup fstab and initramfs
3 #
3 #
4
4
5 # Load utility functions
5 # Load utility functions
6 . ./functions.sh
6 . ./functions.sh
7
7
8 # Install and setup fstab
8 # Install and setup fstab
9 install_readonly files/mount/fstab "${ETC_DIR}/fstab"
9 install_readonly files/mount/fstab "${ETC_DIR}/fstab"
10
10
11 # Add usb/sda disk root partition to fstab
11 # Add usb/sda disk root partition to fstab
12 if [ "$ENABLE_SPLITFS" = true ] && [ "$ENABLE_CRYPTFS" = false ] ; then
12 if [ "$ENABLE_SPLITFS" = true ] && [ "$ENABLE_CRYPTFS" = false ] ; then
13 sed -i "s/mmcblk0p2/sda1/" "${ETC_DIR}/fstab"
13 sed -i "s/mmcblk0p2/sda1/" "${ETC_DIR}/fstab"
14 fi
14 fi
15
15
16 # Add encrypted root partition to fstab and crypttab
16 # Add encrypted root partition to fstab and crypttab
17 if [ "$ENABLE_CRYPTFS" = true ] ; then
17 if [ "$ENABLE_CRYPTFS" = true ] ; then
18 # Replace fstab root partition with encrypted partition mapping
18 # Replace fstab root partition with encrypted partition mapping
19 sed -i "s/mmcblk0p2/mapper\/${CRYPTFS_MAPPING}/" "${ETC_DIR}/fstab"
19 sed -i "s/mmcblk0p2/mapper\/${CRYPTFS_MAPPING}/" "${ETC_DIR}/fstab"
20
20
21 # Add encrypted partition to crypttab and fstab
21 # Add encrypted partition to crypttab and fstab
22 install_readonly files/mount/crypttab "${ETC_DIR}/crypttab"
22 install_readonly files/mount/crypttab "${ETC_DIR}/crypttab"
23 echo "${CRYPTFS_MAPPING} /dev/mmcblk0p2 none luks,initramfs" >> "${ETC_DIR}/crypttab"
23 echo "${CRYPTFS_MAPPING} /dev/mmcblk0p2 none luks,initramfs" >> "${ETC_DIR}/crypttab"
24
25 if [ "$ENABLE_USBBOOT" = true ] ; then
26 # Add usb/sda2 disk to crypttab
27 sed -i "s/mmcblk0p2/sda2/" "${ETC_DIR}/crypttab"
28 fi
29
24
30 if [ "$ENABLE_SPLITFS" = true ] ; then
25 if [ "$ENABLE_SPLITFS" = true ] ; then
31 # Add usb/sda1 disk to crypttab
26 # Add usb/sda1 disk to crypttab
32 sed -i "s/mmcblk0p2/sda1/" "${ETC_DIR}/crypttab"
27 sed -i "s/mmcblk0p2/sda1/" "${ETC_DIR}/crypttab"
33 fi
28 fi
34 fi
29 fi
35
30
36 if [ "$ENABLE_USBBOOT" = true ] ; then
31 if [ "$ENABLE_USBBOOT" = true ] ; then
37 sed -i "s/mmcblk0p1/sda1/" "${ETC_DIR}/fstab"
32 sed -i "s/mmcblk0p1/sda1/" "${ETC_DIR}/fstab"
38 sed -i "s/mmcblk0p2/sda2/" "${ETC_DIR}/fstab"
33 sed -i "s/mmcblk0p2/sda2/" "${ETC_DIR}/fstab"
34
35 # Add usb/sda2 disk to crypttab
36 sed -i "s/mmcblk0p2/sda2/" "${ETC_DIR}/crypttab"
39 fi
37 fi
40
38
41 # Generate initramfs file
39 # Generate initramfs file
42 if [ "$ENABLE_INITRAMFS" = true ] ; then
40 if [ "$ENABLE_INITRAMFS" = true ] ; then
43 if [ "$ENABLE_CRYPTFS" = true ] ; then
41 if [ "$ENABLE_CRYPTFS" = true ] ; then
44 # Include initramfs scripts to auto expand encrypted root partition
42 # Include initramfs scripts to auto expand encrypted root partition
45 if [ "$EXPANDROOT" = true ] ; then
43 if [ "$EXPANDROOT" = true ] ; then
46 install_exec files/initramfs/expand_encrypted_rootfs "${ETC_DIR}/initramfs-tools/scripts/init-premount/expand_encrypted_rootfs"
44 install_exec files/initramfs/expand_encrypted_rootfs "${ETC_DIR}/initramfs-tools/scripts/init-premount/expand_encrypted_rootfs"
47 install_exec files/initramfs/expand-premount "${ETC_DIR}/initramfs-tools/scripts/local-premount/expand-premount"
45 install_exec files/initramfs/expand-premount "${ETC_DIR}/initramfs-tools/scripts/local-premount/expand-premount"
48 install_exec files/initramfs/expand-tools "${ETC_DIR}/initramfs-tools/hooks/expand-tools"
46 install_exec files/initramfs/expand-tools "${ETC_DIR}/initramfs-tools/hooks/expand-tools"
49 fi
47 fi
50
48
51 if [ "$ENABLE_DHCP" = false ] ; then
49 if [ "$ENABLE_DHCP" = false ] ; then
52 # Get cdir from NET_ADDRESS e.g. 24
50 # Get cdir from NET_ADDRESS e.g. 24
53 cdir=$(printf ${NET_ADDRESS} | cut -d '/' -f2)
51 cdir=$(printf ${NET_ADDRESS} | cut -d '/' -f2)
54
52
55 # Convert cdir ro netmask e.g. 24 to 255.255.255.0
53 # Convert cdir ro netmask e.g. 24 to 255.255.255.0
56 NET_MASK=$(cdr2mask "$cdir")
54 NET_MASK=$(cdr2mask "$cdir")
57
55
58 # Write static ip settings to "${ETC_DIR}"/initramfs-tools/initramfs.conf
56 # Write static ip settings to "${ETC_DIR}"/initramfs-tools/initramfs.conf
59 sed -i "\$aIP=${NET_ADDRESS}::${NET_GATEWAY}:${NET_MASK}:${HOSTNAME}:" "${ETC_DIR}"/initramfs-tools/initramfs.conf
57 sed -i "\$aIP=${NET_ADDRESS}::${NET_GATEWAY}:${NET_MASK}:${HOSTNAME}:" "${ETC_DIR}"/initramfs-tools/initramfs.conf
60
58
61 # Regenerate initramfs
59 # Regenerate initramfs
62 chroot_exec mkinitramfs -o "/boot/firmware/initramfs-${KERNEL_VERSION}" "${KERNEL_VERSION}"
60 chroot_exec mkinitramfs -o "/boot/firmware/initramfs-${KERNEL_VERSION}" "${KERNEL_VERSION}"
63 fi
61 fi
64
62
65 if [ "$CRYPTFS_DROPBEAR" = true ]; then
63 if [ "$CRYPTFS_DROPBEAR" = true ]; then
66 if [ -n "$CRYPTFS_DROPBEAR_PUBKEY" ] && [ -f "$CRYPTFS_DROPBEAR_PUBKEY" ] ; then
64 if [ -n "$CRYPTFS_DROPBEAR_PUBKEY" ] && [ -f "$CRYPTFS_DROPBEAR_PUBKEY" ] ; then
67 install_readonly "${CRYPTFS_DROPBEAR_PUBKEY}" "${ETC_DIR}"/dropbear-initramfs/id_rsa.pub
65 install_readonly "${CRYPTFS_DROPBEAR_PUBKEY}" "${ETC_DIR}"/dropbear-initramfs/id_rsa.pub
68 cat "${ETC_DIR}"/dropbear-initramfs/id_rsa.pub >> "${ETC_DIR}"/dropbear-initramfs/authorized_keys
66 cat "${ETC_DIR}"/dropbear-initramfs/id_rsa.pub >> "${ETC_DIR}"/dropbear-initramfs/authorized_keys
69 else
67 else
70 # Create key
68 # Create key
71 chroot_exec /usr/bin/dropbearkey -t rsa -f /etc/dropbear-initramfs/id_rsa.dropbear
69 chroot_exec /usr/bin/dropbearkey -t rsa -f /etc/dropbear-initramfs/id_rsa.dropbear
72
70
73 # Convert dropbear key to openssh key
71 # Convert dropbear key to openssh key
74 chroot_exec /usr/lib/dropbear/dropbearconvert dropbear openssh /etc/dropbear-initramfs/id_rsa.dropbear /etc/dropbear-initramfs/id_rsa
72 chroot_exec /usr/lib/dropbear/dropbearconvert dropbear openssh /etc/dropbear-initramfs/id_rsa.dropbear /etc/dropbear-initramfs/id_rsa
75
73
76 # Get Public Key Part
74 # Get Public Key Part
77 chroot_exec /usr/bin/dropbearkey -y -f /etc/dropbear-initramfs/id_rsa.dropbear | chroot_exec tee /etc/dropbear-initramfs/id_rsa.pub
75 chroot_exec /usr/bin/dropbearkey -y -f /etc/dropbear-initramfs/id_rsa.dropbear | chroot_exec tee /etc/dropbear-initramfs/id_rsa.pub
78
76
79 # Delete unwanted lines
77 # Delete unwanted lines
80 sed -i '/Public/d' "${ETC_DIR}"/dropbear-initramfs/id_rsa.pub
78 sed -i '/Public/d' "${ETC_DIR}"/dropbear-initramfs/id_rsa.pub
81 sed -i '/Fingerprint/d' "${ETC_DIR}"/dropbear-initramfs/id_rsa.pub
79 sed -i '/Fingerprint/d' "${ETC_DIR}"/dropbear-initramfs/id_rsa.pub
82
80
83 # Trust the new key
81 # Trust the new key
84 cat "${ETC_DIR}"/dropbear-initramfs/id_rsa.pub > "${ETC_DIR}"/dropbear-initramfs/authorized_keys
82 cat "${ETC_DIR}"/dropbear-initramfs/id_rsa.pub > "${ETC_DIR}"/dropbear-initramfs/authorized_keys
85
83
86 # Save Keys - convert with putty from rsa/openssh to puttkey
84 # Save Keys - convert with putty from rsa/openssh to puttkey
87 cp -f "${ETC_DIR}"/dropbear-initramfs/id_rsa "${BASEDIR}"/dropbear_initramfs_key.rsa
85 cp -f "${ETC_DIR}"/dropbear-initramfs/id_rsa "${BASEDIR}"/dropbear_initramfs_key.rsa
88
86
89 # Get unlock script
87 # Get unlock script
90 install_exec files/initramfs/crypt_unlock.sh "${ETC_DIR}"/initramfs-tools/hooks/crypt_unlock.sh
88 install_exec files/initramfs/crypt_unlock.sh "${ETC_DIR}"/initramfs-tools/hooks/crypt_unlock.sh
91
89
92 # Enable Dropbear inside initramfs
90 # Enable Dropbear inside initramfs
93 printf "#\n# DROPBEAR: [ y | n ]\n#\n\nDROPBEAR=y\n" >> "${ETC_DIR}/initramfs-tools/initramfs.conf"
91 printf "#\n# DROPBEAR: [ y | n ]\n#\n\nDROPBEAR=y\n" >> "${ETC_DIR}/initramfs-tools/initramfs.conf"
94
92
95 # Enable Dropbear inside initramfs
93 # Enable Dropbear inside initramfs
96 sed -i "54 i sleep 5" "${R}"/usr/share/initramfs-tools/scripts/init-premount/dropbear
94 sed -i "54 i sleep 5" "${R}"/usr/share/initramfs-tools/scripts/init-premount/dropbear
97 fi
95 fi
98 else
96 else
99 # Disable SSHD inside initramfs
97 # Disable SSHD inside initramfs
100 printf "#\n# DROPBEAR: [ y | n ]\n#\n\nDROPBEAR=n\n" >> "${ETC_DIR}/initramfs-tools/initramfs.conf"
98 printf "#\n# DROPBEAR: [ y | n ]\n#\n\nDROPBEAR=n\n" >> "${ETC_DIR}/initramfs-tools/initramfs.conf"
101 fi
99 fi
102
100
103 # Add cryptsetup modules to initramfs
101 # Add cryptsetup modules to initramfs
104 printf "#\n# CRYPTSETUP: [ y | n ]\n#\n\nCRYPTSETUP=y\n" >> "${ETC_DIR}/initramfs-tools/conf-hook"
102 printf "#\n# CRYPTSETUP: [ y | n ]\n#\n\nCRYPTSETUP=y\n" >> "${ETC_DIR}/initramfs-tools/conf-hook"
105
103
106 # Dummy mapping required by mkinitramfs
104 # Dummy mapping required by mkinitramfs
107 echo "0 1 crypt $(echo "${CRYPTFS_CIPHER}" | cut -d ':' -f 1) ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff 0 7:0 4096" | chroot_exec dmsetup create "${CRYPTFS_MAPPING}"
105 echo "0 1 crypt $(echo "${CRYPTFS_CIPHER}" | cut -d ':' -f 1) ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff 0 7:0 4096" | chroot_exec dmsetup create "${CRYPTFS_MAPPING}"
108
106
109 # Generate initramfs with encrypted root partition support
107 # Generate initramfs with encrypted root partition support
110 chroot_exec mkinitramfs -o "/boot/firmware/initramfs-${KERNEL_VERSION}" "${KERNEL_VERSION}"
108 chroot_exec mkinitramfs -o "/boot/firmware/initramfs-${KERNEL_VERSION}" "${KERNEL_VERSION}"
111
109
112 # Remove dummy mapping
110 # Remove dummy mapping
113 chroot_exec cryptsetup close "${CRYPTFS_MAPPING}"
111 chroot_exec cryptsetup close "${CRYPTFS_MAPPING}"
114 else
112 else
115 # Generate initramfs without encrypted root partition support
113 # Generate initramfs without encrypted root partition support
116 chroot_exec mkinitramfs -o "/boot/firmware/initramfs-${KERNEL_VERSION}" "${KERNEL_VERSION}"
114 chroot_exec mkinitramfs -o "/boot/firmware/initramfs-${KERNEL_VERSION}" "${KERNEL_VERSION}"
117 fi
115 fi
118 fi
116 fi
@@ -1,295 +1,310
1 #
1 #
2 # Setup RPi2/3 config and cmdline
2 # Setup RPi2/3 config and cmdline
3 #
3 #
4
4
5 # Load utility functions
5 # Load utility functions
6 . ./functions.sh
6 . ./functions.sh
7
7
8 if [ -n "$RPI_FIRMWARE_DIR" ] && [ -d "$RPI_FIRMWARE_DIR" ] ; then
8 if [ -n "$RPI_FIRMWARE_DIR" ] && [ -d "$RPI_FIRMWARE_DIR" ] ; then
9 # Install boot binaries from local directory
9 # Install boot binaries from local directory
10 cp "${RPI_FIRMWARE_DIR}"/boot/bootcode.bin "${BOOT_DIR}"/bootcode.bin
10 cp "${RPI_FIRMWARE_DIR}"/boot/bootcode.bin "${BOOT_DIR}"/bootcode.bin
11 cp "${RPI_FIRMWARE_DIR}"/boot/fixup.dat "${BOOT_DIR}"/fixup.dat
11 cp "${RPI_FIRMWARE_DIR}"/boot/fixup.dat "${BOOT_DIR}"/fixup.dat
12 cp "${RPI_FIRMWARE_DIR}"/boot/fixup_cd.dat "${BOOT_DIR}"/fixup_cd.dat
12 cp "${RPI_FIRMWARE_DIR}"/boot/fixup_cd.dat "${BOOT_DIR}"/fixup_cd.dat
13 cp "${RPI_FIRMWARE_DIR}"/boot/fixup_x.dat "${BOOT_DIR}"/fixup_x.dat
13 cp "${RPI_FIRMWARE_DIR}"/boot/fixup_x.dat "${BOOT_DIR}"/fixup_x.dat
14 cp "${RPI_FIRMWARE_DIR}"/boot/start.elf "${BOOT_DIR}"/start.elf
14 cp "${RPI_FIRMWARE_DIR}"/boot/start.elf "${BOOT_DIR}"/start.elf
15 cp "${RPI_FIRMWARE_DIR}"/boot/start_cd.elf "${BOOT_DIR}"/start_cd.elf
15 cp "${RPI_FIRMWARE_DIR}"/boot/start_cd.elf "${BOOT_DIR}"/start_cd.elf
16 cp "${RPI_FIRMWARE_DIR}"/boot/start_x.elf "${BOOT_DIR}"/start_x.elf
16 cp "${RPI_FIRMWARE_DIR}"/boot/start_x.elf "${BOOT_DIR}"/start_x.elf
17 else
17 else
18 # Create temporary directory for boot binaries
18 # Create temporary directory for boot binaries
19 temp_dir=$(as_nobody mktemp -d)
19 temp_dir=$(as_nobody mktemp -d)
20
20
21 # Install latest boot binaries from raspberry/firmware github
21 # Install latest boot binaries from raspberry/firmware github
22 as_nobody wget -q -O "${temp_dir}/bootcode.bin" "${FIRMWARE_URL}/bootcode.bin"
22 as_nobody wget -q -O "${temp_dir}/bootcode.bin" "${FIRMWARE_URL}/bootcode.bin"
23 as_nobody wget -q -O "${temp_dir}/fixup.dat" "${FIRMWARE_URL}/fixup.dat"
23 as_nobody wget -q -O "${temp_dir}/fixup.dat" "${FIRMWARE_URL}/fixup.dat"
24 as_nobody wget -q -O "${temp_dir}/fixup_cd.dat" "${FIRMWARE_URL}/fixup_cd.dat"
24 as_nobody wget -q -O "${temp_dir}/fixup_cd.dat" "${FIRMWARE_URL}/fixup_cd.dat"
25 as_nobody wget -q -O "${temp_dir}/fixup_x.dat" "${FIRMWARE_URL}/fixup_x.dat"
25 as_nobody wget -q -O "${temp_dir}/fixup_x.dat" "${FIRMWARE_URL}/fixup_x.dat"
26 as_nobody wget -q -O "${temp_dir}/start.elf" "${FIRMWARE_URL}/start.elf"
26 as_nobody wget -q -O "${temp_dir}/start.elf" "${FIRMWARE_URL}/start.elf"
27 as_nobody wget -q -O "${temp_dir}/start_cd.elf" "${FIRMWARE_URL}/start_cd.elf"
27 as_nobody wget -q -O "${temp_dir}/start_cd.elf" "${FIRMWARE_URL}/start_cd.elf"
28 as_nobody wget -q -O "${temp_dir}/start_x.elf" "${FIRMWARE_URL}/start_x.elf"
28 as_nobody wget -q -O "${temp_dir}/start_x.elf" "${FIRMWARE_URL}/start_x.elf"
29
29
30 # Move downloaded boot binaries
30 # Move downloaded boot binaries
31 mv "${temp_dir}/"* "${BOOT_DIR}/"
31 mv "${temp_dir}/"* "${BOOT_DIR}/"
32
32
33 # Remove temporary directory for boot binaries
33 # Remove temporary directory for boot binaries
34 rm -fr "${temp_dir}"
34 rm -fr "${temp_dir}"
35
35
36 # Set permissions of the boot binaries
36 # Set permissions of the boot binaries
37 chown -R root:root "${BOOT_DIR}"
37 chown -R root:root "${BOOT_DIR}"
38 chmod -R 600 "${BOOT_DIR}"
38 chmod -R 600 "${BOOT_DIR}"
39 fi
39 fi
40
40
41 if [ "$ENABLE_KEYGEN" = true ] ; then
41 if [ "$ENABLE_KEYGEN" = true ] ; then
42
42
43 # go to chroot/boot/
43 # go to chroot/boot/
44 cd "${BOOT_DIR}/" || exit
44 cd "${BOOT_DIR}/" || exit
45
45
46 # Make a copy of start.elf
46 # Make a copy of start.elf
47 cp start.elf start.elf_backup
47 cp start.elf start.elf_backup
48
48
49 # Remove codec licence checks - thx go to https://github.com/nucular/raspi-keygen - if ENABLE_VIDEOCORE is true, you can check codec status https://elinux.org/RPI_vcgencmd_usage
49 # Remove codec licence checks - thx go to https://github.com/nucular/raspi-keygen - if ENABLE_VIDEOCORE is true, you can check codec status https://elinux.org/RPI_vcgencmd_usage
50 perl -pne 's/\x47\xE9362H\x3C\x18/\x47\xE9362H\x3C\x1F/g' < start.elf_backup > start.elf
50 perl -pne 's/\x47\xE9362H\x3C\x18/\x47\xE9362H\x3C\x1F/g' < start.elf_backup > start.elf
51
51
52 # Back to base dir
52 # Back to base dir
53 cd "${WORKDIR}" || exit
53 cd "${WORKDIR}" || exit
54 fi
54 fi
55
55
56 # Setup firmware boot cmdline
56 # Setup firmware boot cmdline
57 if [ "$ENABLE_USBBOOT" = true ] ; then
57 if [ "$ENABLE_USBBOOT" = true ] ; then
58 CMDLINE="dwc_otg.lpm_enable=0 root=/dev/sda2 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline console=tty1 rootwait init=/bin/systemd"
58 CMDLINE="dwc_otg.lpm_enable=0 root=/dev/sda2 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline console=tty1 rootwait init=/bin/systemd"
59 else
59 else
60 if [ "$ENABLE_SPLITFS" = true ] ; then
60 if [ "$ENABLE_SPLITFS" = true ] ; then
61 CMDLINE="dwc_otg.lpm_enable=0 root=/dev/sda1 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline console=tty1 rootwait init=/bin/systemd"
61 CMDLINE="dwc_otg.lpm_enable=0 root=/dev/sda1 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline console=tty1 rootwait init=/bin/systemd"
62 else
62 else
63 CMDLINE="dwc_otg.lpm_enable=0 root=/dev/mmcblk0p2 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline console=tty1 rootwait init=/bin/systemd"
63 CMDLINE="dwc_otg.lpm_enable=0 root=/dev/mmcblk0p2 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline console=tty1 rootwait init=/bin/systemd"
64 fi
64 fi
65 fi
65 fi
66
66
67 # Add encrypted root partition to cmdline.txt
67 # Add encrypted root partition to cmdline.txt
68 if [ "$ENABLE_CRYPTFS" = true ] ; then
68 if [ "$ENABLE_CRYPTFS" = true ] ; then
69 if [ "$ENABLE_SPLITFS" = true ] ; then
69 if [ "$ENABLE_SPLITFS" = true ] ; then
70 CMDLINE=$(echo "${CMDLINE}" | sed "s/sda1/mapper\/${CRYPTFS_MAPPING} cryptdevice=\/dev\/sda1:${CRYPTFS_MAPPING}/")
70 CMDLINE=$(echo "${CMDLINE}" | sed "s/sda1/mapper\/${CRYPTFS_MAPPING} cryptdevice=\/dev\/sda1:${CRYPTFS_MAPPING}/")
71 else
71 else
72 if [ "$ENABLE_USBBOOT" = true ] ; then
72 if [ "$ENABLE_USBBOOT" = true ] ; then
73 CMDLINE=$(echo "${CMDLINE}" | sed "s/sda2/mapper\/${CRYPTFS_MAPPING} cryptdevice=\/dev\/sda2:${CRYPTFS_MAPPING}/")
73 CMDLINE=$(echo "${CMDLINE}" | sed "s/sda2/mapper\/${CRYPTFS_MAPPING} cryptdevice=\/dev\/sda2:${CRYPTFS_MAPPING}/")
74 else
74 else
75 CMDLINE=$(echo "${CMDLINE}" | sed "s/mmcblk0p2/mapper\/${CRYPTFS_MAPPING} cryptdevice=\/dev\/mmcblk0p2:${CRYPTFS_MAPPING}/")
75 CMDLINE=$(echo "${CMDLINE}" | sed "s/mmcblk0p2/mapper\/${CRYPTFS_MAPPING} cryptdevice=\/dev\/mmcblk0p2:${CRYPTFS_MAPPING}/")
76 fi
76 fi
77 fi
77 fi
78 fi
78 fi
79
79
80 # Enable Kernel messages on standard output
80 # Enable Kernel messages on standard output
81 if [ "$ENABLE_PRINTK" = true ] ; then
81 if [ "$ENABLE_PRINTK" = true ] ; then
82 install_readonly files/sysctl.d/83-rpi-printk.conf "${ETC_DIR}/sysctl.d/83-rpi-printk.conf"
82 install_readonly files/sysctl.d/83-rpi-printk.conf "${ETC_DIR}/sysctl.d/83-rpi-printk.conf"
83 fi
83 fi
84
84
85 # Enable Kernel messages on standard output
85 # Enable Kernel messages on standard output
86 if [ "$KERNEL_SECURITY" = true ] ; then
86 if [ "$KERNEL_SECURITY" = true ] ; then
87 install_readonly files/sysctl.d/84-rpi-ASLR.conf "${ETC_DIR}/sysctl.d/84-rpi-ASLR.conf"
87 install_readonly files/sysctl.d/84-rpi-ASLR.conf "${ETC_DIR}/sysctl.d/84-rpi-ASLR.conf"
88 fi
88 fi
89
89
90 # Install udev rule for serial alias - serial0 = console serial1=bluetooth
90 # Install udev rule for serial alias - serial0 = console serial1=bluetooth
91 install_readonly files/etc/99-com.rules "${LIB_DIR}/udev/rules.d/99-com.rules"
91 install_readonly files/etc/99-com.rules "${LIB_DIR}/udev/rules.d/99-com.rules"
92
92
93 # Remove IPv6 networking support
93 # Remove IPv6 networking support
94 if [ "$ENABLE_IPV6" = false ] ; then
94 if [ "$ENABLE_IPV6" = false ] ; then
95 CMDLINE="${CMDLINE} ipv6.disable=1"
95 CMDLINE="${CMDLINE} ipv6.disable=1"
96 fi
96 fi
97
97
98 # Automatically assign predictable network interface names
98 # Automatically assign predictable network interface names
99 if [ "$ENABLE_IFNAMES" = false ] ; then
99 if [ "$ENABLE_IFNAMES" = false ] ; then
100 CMDLINE="${CMDLINE} net.ifnames=0"
100 CMDLINE="${CMDLINE} net.ifnames=0"
101 else
101 else
102 CMDLINE="${CMDLINE} net.ifnames=1"
102 CMDLINE="${CMDLINE} net.ifnames=1"
103 fi
103 fi
104
104
105 # Disable Raspberry Pi console logo
106 if [ "$ENABLE_LOGO" = false ] ; then
107 CMDLINE="${CMDLINE} logo.nologo"
108 fi
109
110 # Strictly limit verbosity of boot up console messages
111 if [ "$ENABLE_SILENT_BOOT" = true ] ; then
112 CMDLINE="${CMDLINE} quiet loglevel=0 rd.systemd.show_status=auto rd.udev.log_priority=0"
113 fi
114
105 # Install firmware config
115 # Install firmware config
106 install_readonly files/boot/config.txt "${BOOT_DIR}/config.txt"
116 install_readonly files/boot/config.txt "${BOOT_DIR}/config.txt"
107
117
118 # Disable Raspberry Pi console logo
119 if [ "$ENABLE_SLASH" = false ] ; then
120 echo "disable_splash=1" >> "${BOOT_DIR}/config.txt"
121 fi
122
108 # Locks CPU frequency at maximum
123 # Locks CPU frequency at maximum
109 if [ "$ENABLE_TURBO" = true ] ; then
124 if [ "$ENABLE_TURBO" = true ] ; then
110 echo "force_turbo=1" >> "${BOOT_DIR}/config.txt"
125 echo "force_turbo=1" >> "${BOOT_DIR}/config.txt"
111 # helps to avoid sdcard corruption when force_turbo is enabled.
126 # helps to avoid sdcard corruption when force_turbo is enabled.
112 echo "boot_delay=1" >> "${BOOT_DIR}/config.txt"
127 echo "boot_delay=1" >> "${BOOT_DIR}/config.txt"
113 fi
128 fi
114
129
115 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then
130 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then
116
131
117 # Bluetooth enabled
132 # Bluetooth enabled
118 if [ "$ENABLE_BLUETOOTH" = true ] ; then
133 if [ "$ENABLE_BLUETOOTH" = true ] ; then
119 # Create temporary directory for Bluetooth sources
134 # Create temporary directory for Bluetooth sources
120 temp_dir=$(as_nobody mktemp -d)
135 temp_dir=$(as_nobody mktemp -d)
121
136
122 # Fetch Bluetooth sources
137 # Fetch Bluetooth sources
123 as_nobody git -C "${temp_dir}" clone "${BLUETOOTH_URL}"
138 as_nobody git -C "${temp_dir}" clone "${BLUETOOTH_URL}"
124
139
125 # Copy downloaded sources
140 # Copy downloaded sources
126 mv "${temp_dir}/pi-bluetooth" "${R}/tmp/"
141 mv "${temp_dir}/pi-bluetooth" "${R}/tmp/"
127
142
128 # Bluetooth firmware from arch aur https://aur.archlinux.org/packages/pi-bluetooth/
143 # Bluetooth firmware from arch aur https://aur.archlinux.org/packages/pi-bluetooth/
129 as_nobody wget -q -O "${R}/tmp/pi-bluetooth/LICENCE.broadcom_bcm43xx" https://aur.archlinux.org/cgit/aur.git/plain/LICENCE.broadcom_bcm43xx?h=pi-bluetooth
144 as_nobody wget -q -O "${R}/tmp/pi-bluetooth/LICENCE.broadcom_bcm43xx" https://aur.archlinux.org/cgit/aur.git/plain/LICENCE.broadcom_bcm43xx?h=pi-bluetooth
130 as_nobody wget -q -O "${R}/tmp/pi-bluetooth/BCM43430A1.hcd" https://aur.archlinux.org/cgit/aur.git/plain/BCM43430A1.hcd?h=pi-bluetooth
145 as_nobody wget -q -O "${R}/tmp/pi-bluetooth/BCM43430A1.hcd" https://aur.archlinux.org/cgit/aur.git/plain/BCM43430A1.hcd?h=pi-bluetooth
131
146
132 # Set permissions
147 # Set permissions
133 chown -R root:root "${R}/tmp/pi-bluetooth"
148 chown -R root:root "${R}/tmp/pi-bluetooth"
134
149
135 # Install tools
150 # Install tools
136 install_readonly "${R}/tmp/pi-bluetooth/usr/bin/btuart" "${R}/usr/bin/btuart"
151 install_readonly "${R}/tmp/pi-bluetooth/usr/bin/btuart" "${R}/usr/bin/btuart"
137 install_readonly "${R}/tmp/pi-bluetooth/usr/bin/bthelper" "${R}/usr/bin/bthelper"
152 install_readonly "${R}/tmp/pi-bluetooth/usr/bin/bthelper" "${R}/usr/bin/bthelper"
138
153
139 # make scripts executable
154 # make scripts executable
140 chmod +x "${R}/usr/bin/bthelper"
155 chmod +x "${R}/usr/bin/bthelper"
141 chmod +x "${R}/usr/bin/btuart"
156 chmod +x "${R}/usr/bin/btuart"
142
157
143 # Install bluetooth udev rule
158 # Install bluetooth udev rule
144 install_readonly "${R}/tmp/pi-bluetooth/lib/udev/rules.d/90-pi-bluetooth.rules" "${LIB_DIR}/udev/rules.d/90-pi-bluetooth.rules"
159 install_readonly "${R}/tmp/pi-bluetooth/lib/udev/rules.d/90-pi-bluetooth.rules" "${LIB_DIR}/udev/rules.d/90-pi-bluetooth.rules"
145
160
146 # Install Firmware Flash file and apropiate licence
161 # Install Firmware Flash file and apropiate licence
147 mkdir -p "$BLUETOOTH_FIRMWARE_DIR"
162 mkdir -p "$BLUETOOTH_FIRMWARE_DIR"
148 install_readonly "${R}/tmp/pi-bluetooth/LICENCE.broadcom_bcm43xx" "${BLUETOOTH_FIRMWARE_DIR}/LICENCE.broadcom_bcm43xx"
163 install_readonly "${R}/tmp/pi-bluetooth/LICENCE.broadcom_bcm43xx" "${BLUETOOTH_FIRMWARE_DIR}/LICENCE.broadcom_bcm43xx"
149 install_readonly "${R}/tmp/pi-bluetooth/BCM43430A1.hcd" "${BLUETOOTH_FIRMWARE_DIR}/LICENCE.broadcom_bcm43xx"
164 install_readonly "${R}/tmp/pi-bluetooth/BCM43430A1.hcd" "${BLUETOOTH_FIRMWARE_DIR}/LICENCE.broadcom_bcm43xx"
150 install_readonly "${R}/tmp/pi-bluetooth/debian/pi-bluetooth.bthelper@.service" "${ETC_DIR}/systemd/system/pi-bluetooth.bthelper@.service"
165 install_readonly "${R}/tmp/pi-bluetooth/debian/pi-bluetooth.bthelper@.service" "${ETC_DIR}/systemd/system/pi-bluetooth.bthelper@.service"
151 install_readonly "${R}/tmp/pi-bluetooth/debian/pi-bluetooth.hciuart.service" "${ETC_DIR}/systemd/system/pi-bluetooth.hciuart.service"
166 install_readonly "${R}/tmp/pi-bluetooth/debian/pi-bluetooth.hciuart.service" "${ETC_DIR}/systemd/system/pi-bluetooth.hciuart.service"
152
167
153 # Remove temporary directories
168 # Remove temporary directories
154 rm -fr "${temp_dir}"
169 rm -fr "${temp_dir}"
155 rm -fr "${R}"/tmp/pi-bluetooth
170 rm -fr "${R}"/tmp/pi-bluetooth
156
171
157 # Switch Pi3 Bluetooth function to use the mini-UART (ttyS0) and restore UART0/ttyAMA0 over GPIOs 14 & 15. Slow Bluetooth and slow cpu. Use /dev/ttyS0 instead of /dev/ttyAMA0
172 # Switch Pi3 Bluetooth function to use the mini-UART (ttyS0) and restore UART0/ttyAMA0 over GPIOs 14 & 15. Slow Bluetooth and slow cpu. Use /dev/ttyS0 instead of /dev/ttyAMA0
158 if [ "$ENABLE_MINIUART_OVERLAY" = true ] ; then
173 if [ "$ENABLE_MINIUART_OVERLAY" = true ] ; then
159 # set overlay to swap ttyAMA0 and ttyS0
174 # set overlay to swap ttyAMA0 and ttyS0
160 echo "dtoverlay=pi3-miniuart-bt" >> "${BOOT_DIR}/config.txt"
175 echo "dtoverlay=pi3-miniuart-bt" >> "${BOOT_DIR}/config.txt"
161
176
162 if [ "$ENABLE_TURBO" = false ] ; then
177 if [ "$ENABLE_TURBO" = false ] ; then
163 echo "core_freq=250" >> "${BOOT_DIR}/config.txt"
178 echo "core_freq=250" >> "${BOOT_DIR}/config.txt"
164 fi
179 fi
165
180
166 fi
181 fi
167
182
168 # Activate services
183 # Activate services
169 chroot_exec systemctl enable pi-bluetooth.hciuart.service
184 chroot_exec systemctl enable pi-bluetooth.hciuart.service
170
185
171 else # if ENABLE_BLUETOOTH = false
186 else # if ENABLE_BLUETOOTH = false
172 # set overlay to disable bluetooth
187 # set overlay to disable bluetooth
173 echo "dtoverlay=pi3-disable-bt" >> "${BOOT_DIR}/config.txt"
188 echo "dtoverlay=pi3-disable-bt" >> "${BOOT_DIR}/config.txt"
174 fi # ENABLE_BLUETOOTH end
189 fi # ENABLE_BLUETOOTH end
175 fi
190 fi
176
191
177 # may need sudo systemctl disable hciuart
192 # may need sudo systemctl disable hciuart
178 if [ "$ENABLE_CONSOLE" = true ] ; then
193 if [ "$ENABLE_CONSOLE" = true ] ; then
179 echo "enable_uart=1" >> "${BOOT_DIR}/config.txt"
194 echo "enable_uart=1" >> "${BOOT_DIR}/config.txt"
180 # add string to cmdline
195 # add string to cmdline
181 CMDLINE="${CMDLINE} console=serial0,115200"
196 CMDLINE="${CMDLINE} console=serial0,115200"
182
197
183 if [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ]|| [ "$RPI_MODEL" = 0 ]; then
198 if [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ]|| [ "$RPI_MODEL" = 0 ]; then
184 # if force_turbo didn't lock cpu at high speed, lock it at low speed (XOR logic) or miniuart will be broken
199 # if force_turbo didn't lock cpu at high speed, lock it at low speed (XOR logic) or miniuart will be broken
185 if [ "$ENABLE_TURBO" = false ] ; then
200 if [ "$ENABLE_TURBO" = false ] ; then
186 echo "core_freq=250" >> "${BOOT_DIR}/config.txt"
201 echo "core_freq=250" >> "${BOOT_DIR}/config.txt"
187 fi
202 fi
188 fi
203 fi
189
204
190 # Enable serial console systemd style
205 # Enable serial console systemd style
191 chroot_exec systemctl enable serial-getty@serial0.service
206 chroot_exec systemctl enable serial-getty@serial0.service
192 else
207 else
193 echo "enable_uart=0" >> "${BOOT_DIR}/config.txt"
208 echo "enable_uart=0" >> "${BOOT_DIR}/config.txt"
194 fi
209 fi
195
210
196 if [ "$ENABLE_SYSTEMDSWAP" = true ] ; then
211 if [ "$ENABLE_SYSTEMDSWAP" = true ] ; then
197 # Create temporary directory for systemd-swap sources
212 # Create temporary directory for systemd-swap sources
198 temp_dir=$(as_nobody mktemp -d)
213 temp_dir=$(as_nobody mktemp -d)
199
214
200 # Fetch systemd-swap sources
215 # Fetch systemd-swap sources
201 as_nobody git -C "${temp_dir}" clone "${SYSTEMDSWAP_URL}"
216 as_nobody git -C "${temp_dir}" clone "${SYSTEMDSWAP_URL}"
202
217
203 # Copy downloaded systemd-swap sources
218 # Copy downloaded systemd-swap sources
204 mv "${temp_dir}/systemd-swap" "${R}/tmp/"
219 mv "${temp_dir}/systemd-swap" "${R}/tmp/"
205
220
206 # Change into downloaded src dir
221 # Change into downloaded src dir
207 cd "${R}/tmp/systemd-swap" || exit
222 cd "${R}/tmp/systemd-swap" || exit
208
223
209 # Build package
224 # Build package
210 bash ./package.sh debian
225 bash ./package.sh debian
211
226
212 # Change back into script root dir
227 # Change back into script root dir
213 cd "${WORKDIR}" || exit
228 cd "${WORKDIR}" || exit
214
229
215 # Set permissions of the systemd-swap sources
230 # Set permissions of the systemd-swap sources
216 chown -R root:root "${R}/tmp/systemd-swap"
231 chown -R root:root "${R}/tmp/systemd-swap"
217
232
218 # Install package - IMPROVE AND MAKE IT POSSIBLE WITHOUT VERSION NR.
233 # Install package - IMPROVE AND MAKE IT POSSIBLE WITHOUT VERSION NR.
219 chroot_exec dpkg -i /tmp/systemd-swap/systemd-swap_4.0.1_any.deb
234 chroot_exec dpkg -i /tmp/systemd-swap/systemd-swap_4.0.1_any.deb
220
235
221 # Enable service
236 # Enable service
222 chroot_exec systemctl enable systemd-swap
237 chroot_exec systemctl enable systemd-swap
223
238
224 # Remove temporary directory for systemd-swap sources
239 # Remove temporary directory for systemd-swap sources
225 rm -fr "${temp_dir}"
240 rm -fr "${temp_dir}"
226 else
241 else
227 # Enable ZSWAP in cmdline if systemd-swap is not used
242 # Enable ZSWAP in cmdline if systemd-swap is not used
228 if [ "$KERNEL_ZSWAP" = true ] ; then
243 if [ "$KERNEL_ZSWAP" = true ] ; then
229 CMDLINE="${CMDLINE} zswap.enabled=1 zswap.max_pool_percent=25 zswap.compressor=lz4"
244 CMDLINE="${CMDLINE} zswap.enabled=1 zswap.max_pool_percent=25 zswap.compressor=lz4"
230 fi
245 fi
231 fi
246 fi
232 if [ "$KERNEL_SECURITY" = true ] ; then
247 if [ "$KERNEL_SECURITY" = true ] ; then
233 CMDLINE="${CMDLINE} apparmor=1 security=apparmor"
248 CMDLINE="${CMDLINE} apparmor=1 security=apparmor"
234 fi
249 fi
235
250
236 # Install firmware boot cmdline
251 # Install firmware boot cmdline
237 echo "${CMDLINE}" > "${BOOT_DIR}/cmdline.txt"
252 echo "${CMDLINE}" > "${BOOT_DIR}/cmdline.txt"
238
253
239 # Setup minimal GPU memory allocation size: 16MB (no X)
254 # Setup minimal GPU memory allocation size: 16MB (no X)
240 if [ "$ENABLE_MINGPU" = true ] ; then
255 if [ "$ENABLE_MINGPU" = true ] ; then
241 echo "gpu_mem=16" >> "${BOOT_DIR}/config.txt"
256 echo "gpu_mem=16" >> "${BOOT_DIR}/config.txt"
242 fi
257 fi
243
258
244 # Setup boot with initramfs
259 # Setup boot with initramfs
245 if [ "$ENABLE_INITRAMFS" = true ] ; then
260 if [ "$ENABLE_INITRAMFS" = true ] ; then
246 echo "initramfs initramfs-${KERNEL_VERSION} followkernel" >> "${BOOT_DIR}/config.txt"
261 echo "initramfs initramfs-${KERNEL_VERSION} followkernel" >> "${BOOT_DIR}/config.txt"
247 fi
262 fi
248
263
249 # Create firmware configuration and cmdline symlinks
264 # Create firmware configuration and cmdline symlinks
250 ln -sf firmware/config.txt "${R}/boot/config.txt"
265 ln -sf firmware/config.txt "${R}/boot/config.txt"
251 ln -sf firmware/cmdline.txt "${R}/boot/cmdline.txt"
266 ln -sf firmware/cmdline.txt "${R}/boot/cmdline.txt"
252
267
253 # Install and setup kernel modules to load at boot
268 # Install and setup kernel modules to load at boot
254 mkdir -p "${LIB_DIR}/modules-load.d/"
269 mkdir -p "${LIB_DIR}/modules-load.d/"
255 install_readonly files/modules/rpi2.conf "${LIB_DIR}/modules-load.d/rpi2.conf"
270 install_readonly files/modules/rpi2.conf "${LIB_DIR}/modules-load.d/rpi2.conf"
256
271
257 # Load hardware random module at boot
272 # Load hardware random module at boot
258 if [ "$ENABLE_HWRANDOM" = true ] && [ "$BUILD_KERNEL" = false ] ; then
273 if [ "$ENABLE_HWRANDOM" = true ] && [ "$BUILD_KERNEL" = false ] ; then
259 sed -i "s/^# bcm2708_rng/bcm2708_rng/" "${LIB_DIR}/modules-load.d/rpi2.conf"
274 sed -i "s/^# bcm2708_rng/bcm2708_rng/" "${LIB_DIR}/modules-load.d/rpi2.conf"
260 fi
275 fi
261
276
262 # Load sound module at boot
277 # Load sound module at boot
263 if [ "$ENABLE_SOUND" = true ] ; then
278 if [ "$ENABLE_SOUND" = true ] ; then
264 sed -i "s/^# snd_bcm2835/snd_bcm2835/" "${LIB_DIR}/modules-load.d/rpi2.conf"
279 sed -i "s/^# snd_bcm2835/snd_bcm2835/" "${LIB_DIR}/modules-load.d/rpi2.conf"
265 else
280 else
266 echo "dtparam=audio=off" >> "${BOOT_DIR}/config.txt"
281 echo "dtparam=audio=off" >> "${BOOT_DIR}/config.txt"
267 fi
282 fi
268
283
269 # Enable I2C interface
284 # Enable I2C interface
270 if [ "$ENABLE_I2C" = true ] ; then
285 if [ "$ENABLE_I2C" = true ] ; then
271 echo "dtparam=i2c_arm=on" >> "${BOOT_DIR}/config.txt"
286 echo "dtparam=i2c_arm=on" >> "${BOOT_DIR}/config.txt"
272 sed -i "s/^# i2c-bcm2708/i2c-bcm2708/" "${LIB_DIR}/modules-load.d/rpi2.conf"
287 sed -i "s/^# i2c-bcm2708/i2c-bcm2708/" "${LIB_DIR}/modules-load.d/rpi2.conf"
273 sed -i "s/^# i2c-dev/i2c-dev/" "${LIB_DIR}/modules-load.d/rpi2.conf"
288 sed -i "s/^# i2c-dev/i2c-dev/" "${LIB_DIR}/modules-load.d/rpi2.conf"
274 fi
289 fi
275
290
276 # Enable SPI interface
291 # Enable SPI interface
277 if [ "$ENABLE_SPI" = true ] ; then
292 if [ "$ENABLE_SPI" = true ] ; then
278 echo "dtparam=spi=on" >> "${BOOT_DIR}/config.txt"
293 echo "dtparam=spi=on" >> "${BOOT_DIR}/config.txt"
279 echo "spi-bcm2708" >> "${LIB_DIR}/modules-load.d/rpi2.conf"
294 echo "spi-bcm2708" >> "${LIB_DIR}/modules-load.d/rpi2.conf"
280 if [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ]; then
295 if [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ]; then
281 sed -i "s/spi-bcm2708/spi-bcm2835/" "${LIB_DIR}/modules-load.d/rpi2.conf"
296 sed -i "s/spi-bcm2708/spi-bcm2835/" "${LIB_DIR}/modules-load.d/rpi2.conf"
282 fi
297 fi
283 fi
298 fi
284
299
285 # Disable RPi2/3 under-voltage warnings
300 # Disable RPi2/3 under-voltage warnings
286 if [ -n "$DISABLE_UNDERVOLT_WARNINGS" ] ; then
301 if [ -n "$DISABLE_UNDERVOLT_WARNINGS" ] ; then
287 echo "avoid_warnings=${DISABLE_UNDERVOLT_WARNINGS}" >> "${BOOT_DIR}/config.txt"
302 echo "avoid_warnings=${DISABLE_UNDERVOLT_WARNINGS}" >> "${BOOT_DIR}/config.txt"
288 fi
303 fi
289
304
290 # Install kernel modules blacklist
305 # Install kernel modules blacklist
291 mkdir -p "${ETC_DIR}/modprobe.d/"
306 mkdir -p "${ETC_DIR}/modprobe.d/"
292 install_readonly files/modules/raspi-blacklist.conf "${ETC_DIR}/modprobe.d/raspi-blacklist.conf"
307 install_readonly files/modules/raspi-blacklist.conf "${ETC_DIR}/modprobe.d/raspi-blacklist.conf"
293
308
294 # Install sysctl.d configuration files
309 # Install sysctl.d configuration files
295 install_readonly files/sysctl.d/81-rpi-vm.conf "${ETC_DIR}/sysctl.d/81-rpi-vm.conf"
310 install_readonly files/sysctl.d/81-rpi-vm.conf "${ETC_DIR}/sysctl.d/81-rpi-vm.conf"
@@ -1,53 +1,54
1 #
1 #
2 # Setup Firewall
2 # Setup Firewall
3 #
3 #
4
4
5 # Load utility functions
5 # Load utility functions
6 . ./functions.sh
6 . ./functions.sh
7
7
8 if [ "$ENABLE_IPTABLES" = true ] ; then
8 if [ "$ENABLE_IPTABLES" = true ] ; then
9 # Create iptables configuration directory
9 # Create iptables configuration directory
10 mkdir -p "${ETC_DIR}/iptables"
10 mkdir -p "${ETC_DIR}/iptables"
11
11
12 if [ "$KERNEL_NF" = false ] ; then
12 if [ "$KERNEL_NF" = false ] ; then
13 # iptables-save and -restore are slaves of iptables and thus are set accordingly
13 # iptables-save and -restore are slaves of iptables and thus are set accordingly
14 chroot_exec update-alternatives --verbose --set iptables /usr/sbin/iptables-legacy
14 chroot_exec update-alternatives --verbose --set iptables /usr/sbin/iptables-legacy
15 fi
15 fi
16
16
17 # Install iptables systemd service
17 # Install iptables systemd service
18 install_readonly files/iptables/iptables.service "${ETC_DIR}/systemd/system/iptables.service"
18 install_readonly files/iptables/iptables.service "${ETC_DIR}/systemd/system/iptables.service"
19
19
20 # Install flush-table script called by iptables service
20 # Install flush-table script called by iptables service
21 install_exec files/iptables/flush-iptables.sh "${ETC_DIR}/iptables/flush-iptables.sh"
21 install_exec files/iptables/flush-iptables.sh "${ETC_DIR}/iptables/flush-iptables.sh"
22
22
23 # Install iptables rule file
23 # Install iptables rule file
24 install_readonly files/iptables/iptables.rules "${ETC_DIR}/iptables/iptables.rules"
24 install_readonly files/iptables/iptables.rules "${ETC_DIR}/iptables/iptables.rules"
25
25
26 # Reload systemd configuration and enable iptables service
26 # Reload systemd configuration and enable iptables service
27 chroot_exec systemctl daemon-reload
27 chroot_exec systemctl daemon-reload
28 chroot_exec systemctl enable iptables.service
28 chroot_exec systemctl enable iptables.service
29
29
30 if [ "$ENABLE_IPV6" = true ] ; then
30 if [ "$ENABLE_IPV6" = true ] ; then
31 if [ "$KERNEL_NF" = false ] ; then
31 if [ "$KERNEL_NF" = false ] ; then
32 # iptables-save and -restore are slaves of iptables and thus are set accordingly
32 # iptables-save and -restore are slaves of iptables and thus are set accordingly
33 chroot_exec update-alternatives --verbose --set ip6tables /usr/sbin/ip6tables-legacy
33 chroot_exec update-alternatives --verbose --set ip6tables /usr/sbin/ip6tables-legacy
34 fi
34 fi
35
35 # Install ip6tables systemd service
36 # Install ip6tables systemd service
36 install_readonly files/iptables/ip6tables.service "${ETC_DIR}/systemd/system/ip6tables.service"
37 install_readonly files/iptables/ip6tables.service "${ETC_DIR}/systemd/system/ip6tables.service"
37
38
38 # Install ip6tables file
39 # Install ip6tables file
39 install_exec files/iptables/flush-ip6tables.sh "${ETC_DIR}/iptables/flush-ip6tables.sh"
40 install_exec files/iptables/flush-ip6tables.sh "${ETC_DIR}/iptables/flush-ip6tables.sh"
40
41
41 install_readonly files/iptables/ip6tables.rules "${ETC_DIR}/iptables/ip6tables.rules"
42 install_readonly files/iptables/ip6tables.rules "${ETC_DIR}/iptables/ip6tables.rules"
42
43
43 # Reload systemd configuration and enable iptables service
44 # Reload systemd configuration and enable iptables service
44 chroot_exec systemctl daemon-reload
45 chroot_exec systemctl daemon-reload
45 chroot_exec systemctl enable ip6tables.service
46 chroot_exec systemctl enable ip6tables.service
46 fi
47 fi
47
48
48 if [ "$ENABLE_SSHD" = false ] ; then
49 if [ "$ENABLE_SSHD" = false ] ; then
49 # Remove SSHD related iptables rules
50 # Remove SSHD related iptables rules
50 sed -i "/^#/! {/SSH/ s/^/# /}" "${ETC_DIR}/iptables/iptables.rules" 2> /dev/null
51 sed -i "/^#/! {/SSH/ s/^/# /}" "${ETC_DIR}/iptables/iptables.rules" 2> /dev/null
51 sed -i "/^#/! {/SSH/ s/^/# /}" "${ETC_DIR}/iptables/ip6tables.rules" 2> /dev/null
52 sed -i "/^#/! {/SSH/ s/^/# /}" "${ETC_DIR}/iptables/ip6tables.rules" 2> /dev/null
52 fi
53 fi
53 fi
54 fi
@@ -1,115 +1,116
1 #!/bin/sh
2 # This file contains utility functions used by rpi23-gen-image.sh
1 # This file contains utility functions used by rpi23-gen-image.sh
3
2
4 cleanup (){
3 cleanup (){
5 set +x
4 set +x
6 set +e
5 set +e
7
6
8 # Remove exports from nexmon
7 # Remove exports from nexmon
9 unset KERNEL
8 unset KERNEL
10 unset ARCH
9 unset ARCH
11 unset SUBARCH
10 unset SUBARCH
12 unset CCPLUGIN
11 unset CCPLUGIN
13 unset ZLIBFLATE
12 unset ZLIBFLATE
14 unset Q
13 unset Q
15 unset NEXMON_SETUP_ENV
14 unset NEXMON_SETUP_ENV
16 unset HOSTUNAME
15 unset HOSTUNAME
17 unset PLATFORMUNAME
16 unset PLATFORMUNAME
18
17
19 # Identify and kill all processes still using files
18 # Identify and kill all processes still using files
20 echo "killing processes using mount point ..."
19 echo "killing processes using mount point ..."
21 fuser -k "${R}"
20 fuser -k "${R}"
22 sleep 3
21 sleep 3
23 fuser -9 -k -v "${R}"
22 fuser -9 -k -v "${R}"
24
23
25 # Clean up temporary .password file
24 # Clean up temporary .password file
26 if [ -r ".password" ] ; then
25 if [ -r ".password" ] ; then
27 shred -zu .password
26 shred -zu .password
28 fi
27 fi
29
28
30 # Clean up all temporary mount points
29 # Clean up all temporary mount points
31 echo "removing temporary mount points ..."
30 echo "removing temporary mount points ..."
32 umount -l "${R}/proc" 2> /dev/null
31 umount -l "${R}/proc" 2> /dev/null
33 umount -l "${R}/sys" 2> /dev/null
32 umount -l "${R}/sys" 2> /dev/null
34 umount -l "${R}/dev/pts" 2> /dev/null
33 umount -l "${R}/dev/pts" 2> /dev/null
35 umount "$BUILDDIR/mount/boot/firmware" 2> /dev/null
34 umount "$BUILDDIR/mount/boot/firmware" 2> /dev/null
36 umount "$BUILDDIR/mount" 2> /dev/null
35 umount "$BUILDDIR/mount" 2> /dev/null
37 cryptsetup close "${CRYPTFS_MAPPING}" 2> /dev/null
36 cryptsetup close "${CRYPTFS_MAPPING}" 2> /dev/null
38 losetup -d "$ROOT_LOOP" 2> /dev/null
37 losetup -d "$ROOT_LOOP" 2> /dev/null
39 losetup -d "$FRMW_LOOP" 2> /dev/null
38 losetup -d "$FRMW_LOOP" 2> /dev/null
40 trap - 0 1 2 3 6
39 trap - 0 1 2 3 6
41 }
40 }
42
41
43 chroot_exec() {
42 chroot_exec() {
44 # Exec command in chroot
43 # Exec command in chroot
45 LANG=C LC_ALL=C DEBIAN_FRONTEND=noninteractive chroot "${R}" "$@"
44 LANG=C LC_ALL=C DEBIAN_FRONTEND=noninteractive chroot "${R}" "$@"
46 }
45 }
47
46
48 as_nobody() {
47 as_nobody() {
49 # Exec command as user nobody
48 # Exec command as user nobody
50 sudo -E -u nobody LANG=C LC_ALL=C "$@"
49 sudo -E -u nobody LANG=C LC_ALL=C "$@"
51 }
50 }
52
51
53 install_readonly() {
52 install_readonly() {
54 # Install file with user read-only permissions
53 # Install file with user read-only permissions
55 install -o root -g root -m 644 "$@"
54 install -o root -g root -m 644 "$@"
56 }
55 }
57
56
58 install_exec() {
57 install_exec() {
59 # Install file with root exec permissions
58 # Install file with root exec permissions
60 install -o root -g root -m 744 "$@"
59 install -o root -g root -m 744 "$@"
61 }
60 }
62
61
63 use_template () {
62 use_template () {
64 # Test if configuration template file exists
63 # Test if configuration template file exists
65 if [ ! -r "./templates/${CONFIG_TEMPLATE}" ] ; then
64 if [ ! -r "./templates/${CONFIG_TEMPLATE}" ] ; then
66 echo "error: configuration template ${CONFIG_TEMPLATE} not found"
65 echo "error: configuration template ${CONFIG_TEMPLATE} not found"
67 exit 1
66 exit 1
68 fi
67 fi
69
68
70 # Load template configuration parameters
69 # Load template configuration parameters
71 . "./templates/${CONFIG_TEMPLATE}"
70 . "./templates/${CONFIG_TEMPLATE}"
72 }
71 }
73
72
74 chroot_install_cc() {
73 chroot_install_cc() {
75 # Install c/c++ build environment inside the chroot
74 # Install c/c++ build environment inside the chroot
76 if [ -z "${COMPILER_PACKAGES}" ] ; then
75 if [ -z "${COMPILER_PACKAGES}" ] ; then
77 COMPILER_PACKAGES=$(chroot_exec apt-get -s install g++ make bc | grep "^Inst " | awk -v ORS=" " '{ print $2 }')
76 COMPILER_PACKAGES=$(chroot_exec apt-get -s install g++ make bc | grep "^Inst " | awk -v ORS=" " '{ print $2 }')
78 # Install COMPILER_PACKAGES in chroot - NEVER do "${COMPILER_PACKAGES}" -> breaks uboot
77 # Install COMPILER_PACKAGES in chroot - NEVER do "${COMPILER_PACKAGES}" -> breaks uboot
79 chroot_exec apt-get -q -y --allow-unauthenticated --no-install-recommends install ${COMPILER_PACKAGES}
78 chroot_exec apt-get -q -y --allow-unauthenticated --no-install-recommends install ${COMPILER_PACKAGES}
80 fi
79 fi
81 }
80 }
82
81
83 chroot_remove_cc() {
82 chroot_remove_cc() {
84 # Remove c/c++ build environment from the chroot
83 # Remove c/c++ build environment from the chroot
85 if [ -n "${COMPILER_PACKAGES}" ] ; then
84 if [ -n "${COMPILER_PACKAGES}" ] ; then
86 chroot_exec apt-get -qq -y --auto-remove purge ${COMPILER_PACKAGES}
85 chroot_exec apt-get -qq -y --auto-remove purge ${COMPILER_PACKAGES}
87 COMPILER_PACKAGES=""
86 COMPILER_PACKAGES=""
88 fi
87 fi
89 }
88 }
89
90 # https://serverfault.com/a/682849 - converts e.g. /24 to 255.255.255.0
91 cdr2mask ()
92 {
93 # Number of args to shift, 255..255, first non-255 byte, zeroes
94 set -- $(( 5 - ($1 / 8) )) 255 255 255 255 $(( (255 << (8 - ($1 % 8))) & 255 )) 0 0 0
95 [ $1 -gt 1 ] && shift $1 || shift
96 echo ${1-0}.${2-0}.${3-0}.${4-0}
97 }
98
90 # GPL v2.0 - #https://github.com/sakaki-/bcmrpi3-kernel-bis/blob/master/conform_config.sh
99 # GPL v2.0 - #https://github.com/sakaki-/bcmrpi3-kernel-bis/blob/master/conform_config.sh
91 set_kernel_config() {
100 set_kernel_config() {
92 # flag as $1, value to set as $2, config must exist at "./.config"
101 # flag as $1, value to set as $2, config must exist at "./.config"
93 TGT="CONFIG_${1#CONFIG_}"
102 TGT="CONFIG_${1#CONFIG_}"
94 REP="${2}"
103 REP="${2}"
95 if grep -q "^${TGT}[^_]" .config; then
104 if grep -q "^${TGT}[^_]" .config; then
96 sed -i "s/^\(${TGT}=.*\|# ${TGT} is not set\)/${TGT}=${REP}/" .config
105 sed -i "s/^\(${TGT}=.*\|# ${TGT} is not set\)/${TGT}=${REP}/" .config
97 else
106 else
98 echo "${TGT}"="${2}" >> .config
107 echo "${TGT}"="${2}" >> .config
99 fi
108 fi
100 }
109 }
110
101 # unset kernel config parameter
111 # unset kernel config parameter
102 unset_kernel_config() {
112 unset_kernel_config() {
103 # unsets flag with the value of $1, config must exist at "./.config"
113 # unsets flag with the value of $1, config must exist at "./.config"
104 TGT="CONFIG_${1#CONFIG_}"
114 TGT="CONFIG_${1#CONFIG_}"
105 sed -i "s/^${TGT}=.*/# ${TGT} is not set/" .config
115 sed -i "s/^${TGT}=.*/# ${TGT} is not set/" .config
106 }
107
108 # https://serverfault.com/a/682849 - converts e.g. /24 to 255.255.255.0
109 cdr2mask ()
110 {
111 # Number of args to shift, 255..255, first non-255 byte, zeroes
112 set -- $(( 5 - ($1 / 8) )) 255 255 255 255 $(( (255 << (8 - ($1 % 8))) & 255 )) 0 0 0
113 [ $1 -gt 1 ] && shift $1 || shift
114 echo ${1-0}.${2-0}.${3-0}.${4-0}
115 } No newline at end of file
116 }
@@ -1,884 +1,892
1 #!/bin/sh
1 #!/bin/sh
2 ########################################################################
2 ########################################################################
3 # rpi23-gen-image.sh 2015-2017
3 # rpi23-gen-image.sh 2015-2017
4 #
4 #
5 # Advanced Debian "stretch" and "buster" bootstrap script for Raspberry Pi
5 # Advanced Debian "stretch" and "buster" bootstrap script for Raspberry Pi
6 #
6 #
7 # This program is free software; you can redistribute it and/or
7 # This program is free software; you can redistribute it and/or
8 # modify it under the terms of the GNU General Public License
8 # modify it under the terms of the GNU General Public License
9 # as published by the Free Software Foundation; either version 2
9 # as published by the Free Software Foundation; either version 2
10 # of the License, or (at your option) any later version.
10 # of the License, or (at your option) any later version.
11 #
11 #
12 # Copyright (C) 2015 Jan Wagner <mail@jwagner.eu>
12 # Copyright (C) 2015 Jan Wagner <mail@jwagner.eu>
13 #
13 #
14 # Big thanks for patches and enhancements by 20+ github contributors!
14 # Big thanks for patches and enhancements by 20+ github contributors!
15 ########################################################################
15 ########################################################################
16
16
17 # Are we running as root?
17 # Are we running as root?
18 if [ "$(id -u)" -ne "0" ] ; then
18 if [ "$(id -u)" -ne "0" ] ; then
19 echo "error: this script must be executed with root privileges!"
19 echo "error: this script must be executed with root privileges!"
20 exit 1
20 exit 1
21 fi
21 fi
22
22
23 # Check if ./functions.sh script exists
23 # Check if ./functions.sh script exists
24 if [ ! -r "./functions.sh" ] ; then
24 if [ ! -r "./functions.sh" ] ; then
25 echo "error: './functions.sh' required script not found!"
25 echo "error: './functions.sh' required script not found!"
26 exit 1
26 exit 1
27 fi
27 fi
28
28
29 # Load utility functions
29 # Load utility functions
30 . ./functions.sh
30 . ./functions.sh
31
31
32 # Load parameters from configuration template file
32 # Load parameters from configuration template file
33 if [ -n "$CONFIG_TEMPLATE" ] ; then
33 if [ -n "$CONFIG_TEMPLATE" ] ; then
34 use_template
34 use_template
35 fi
35 fi
36
36
37 # Introduce settings
37 # Introduce settings
38 set -e
38 set -e
39 echo -n -e "\n#\n# RPi 0/1/2/3 Bootstrap Settings\n#\n"
39 echo -n -e "\n#\n# RPi 0/1/2/3 Bootstrap Settings\n#\n"
40 set -x
40 set -x
41
41
42 # Raspberry Pi model configuration
42 # Raspberry Pi model configuration
43 RPI_MODEL=${RPI_MODEL:=2}
43 RPI_MODEL=${RPI_MODEL:=2}
44
44
45 # Debian release
45 # Debian release
46 RELEASE=${RELEASE:=buster}
46 RELEASE=${RELEASE:=buster}
47
47
48 # Kernel Branch
48 # Kernel Branch
49 KERNEL_BRANCH=${KERNEL_BRANCH:=""}
49 KERNEL_BRANCH=${KERNEL_BRANCH:=""}
50
50
51 # URLs
51 # URLs
52 KERNEL_URL=${KERNEL_URL:=https://github.com/raspberrypi/linux}
52 KERNEL_URL=${KERNEL_URL:=https://github.com/raspberrypi/linux}
53 FIRMWARE_URL=${FIRMWARE_URL:=https://github.com/raspberrypi/firmware/raw/master/boot}
53 FIRMWARE_URL=${FIRMWARE_URL:=https://github.com/raspberrypi/firmware/raw/master/boot}
54 WLAN_FIRMWARE_URL=${WLAN_FIRMWARE_URL:=https://github.com/RPi-Distro/firmware-nonfree/raw/master/brcm}
54 WLAN_FIRMWARE_URL=${WLAN_FIRMWARE_URL:=https://github.com/RPi-Distro/firmware-nonfree/raw/master/brcm}
55 COLLABORA_URL=${COLLABORA_URL:=https://repositories.collabora.co.uk/debian}
55 COLLABORA_URL=${COLLABORA_URL:=https://repositories.collabora.co.uk/debian}
56 FBTURBO_URL=${FBTURBO_URL:=https://github.com/ssvb/xf86-video-fbturbo.git}
56 FBTURBO_URL=${FBTURBO_URL:=https://github.com/ssvb/xf86-video-fbturbo.git}
57 UBOOT_URL=${UBOOT_URL:=https://git.denx.de/u-boot.git}
57 UBOOT_URL=${UBOOT_URL:=https://git.denx.de/u-boot.git}
58 VIDEOCORE_URL=${VIDEOCORE_URL:=https://github.com/raspberrypi/userland}
58 VIDEOCORE_URL=${VIDEOCORE_URL:=https://github.com/raspberrypi/userland}
59 BLUETOOTH_URL=${BLUETOOTH_URL:=https://github.com/RPi-Distro/pi-bluetooth.git}
59 BLUETOOTH_URL=${BLUETOOTH_URL:=https://github.com/RPi-Distro/pi-bluetooth.git}
60 NEXMON_URL=${NEXMON_URL:=https://github.com/seemoo-lab/nexmon.git}
60 NEXMON_URL=${NEXMON_URL:=https://github.com/seemoo-lab/nexmon.git}
61 SYSTEMDSWAP_URL=${SYSTEMDSWAP_URL:=https://github.com/Nefelim4ag/systemd-swap.git}
61 SYSTEMDSWAP_URL=${SYSTEMDSWAP_URL:=https://github.com/Nefelim4ag/systemd-swap.git}
62
62
63
64 # Kernel deb packages for 32bit kernel
63 # Kernel deb packages for 32bit kernel
65 RPI_32_KERNEL_URL=${RPI_32_KERNEL_URL:=https://github.com/hypriot/rpi-kernel/releases/download/v4.14.34/raspberrypi-kernel_20180422-141901_armhf.deb}
64 RPI_32_KERNEL_URL=${RPI_32_KERNEL_URL:=https://github.com/hypriot/rpi-kernel/releases/download/v4.14.34/raspberrypi-kernel_20180422-141901_armhf.deb}
66 RPI_32_KERNELHEADER_URL=${RPI_32_KERNELHEADER_URL:=https://github.com/hypriot/rpi-kernel/releases/download/v4.14.34/raspberrypi-kernel-headers_20180422-141901_armhf.deb}
65 RPI_32_KERNELHEADER_URL=${RPI_32_KERNELHEADER_URL:=https://github.com/hypriot/rpi-kernel/releases/download/v4.14.34/raspberrypi-kernel-headers_20180422-141901_armhf.deb}
67 # Kernel has KVM and zswap enabled - use if KERNEL_* parameters and precompiled kernel are used
66 # Kernel has KVM and zswap enabled - use if KERNEL_* parameters and precompiled kernel are used
68 RPI3_64_BIS_KERNEL_URL=${RPI3_64_BIS_KERNEL_URL:=https://github.com/sakaki-/bcmrpi3-kernel-bis/releases/download/4.14.80.20181113/bcmrpi3-kernel-bis-4.14.80.20181113.tar.xz}
67 RPI3_64_BIS_KERNEL_URL=${RPI3_64_BIS_KERNEL_URL:=https://github.com/sakaki-/bcmrpi3-kernel-bis/releases/download/4.14.80.20181113/bcmrpi3-kernel-bis-4.14.80.20181113.tar.xz}
69 # Default precompiled 64bit kernel
68 # Default precompiled 64bit kernel
70 RPI3_64_DEF_KERNEL_URL=${RPI3_64_DEF_KERNEL_URL:=https://github.com/sakaki-/bcmrpi3-kernel/releases/download/4.14.80.20181113/bcmrpi3-kernel-4.14.80.20181113.tar.xz}
69 RPI3_64_DEF_KERNEL_URL=${RPI3_64_DEF_KERNEL_URL:=https://github.com/sakaki-/bcmrpi3-kernel/releases/download/4.14.80.20181113/bcmrpi3-kernel-4.14.80.20181113.tar.xz}
71 # Generic
70 # Generic
72 RPI3_64_KERNEL_URL=${RPI3_64_KERNEL_URL:=$RPI3_64_DEF_KERNEL_URL}
71 RPI3_64_KERNEL_URL=${RPI3_64_KERNEL_URL:=$RPI3_64_DEF_KERNEL_URL}
73 # Kali kernel src - used if ENABLE_NEXMON=true (they patch the wlan kernel modul)
72 # Kali kernel src - used if ENABLE_NEXMON=true (they patch the wlan kernel modul)
74 KALI_KERNEL_URL=${KALI_KERNEL_URL:=https://github.com/Re4son/re4son-raspberrypi-linux.git}
73 KALI_KERNEL_URL=${KALI_KERNEL_URL:=https://github.com/Re4son/re4son-raspberrypi-linux.git}
75
74
76 # Build directories
75 # Build directories
77 WORKDIR=$(pwd)
76 WORKDIR=$(pwd)
78 BASEDIR=${BASEDIR:=${WORKDIR}/images/${RELEASE}}
77 BASEDIR=${BASEDIR:=${WORKDIR}/images/${RELEASE}}
79 BUILDDIR="${BASEDIR}/build"
78 BUILDDIR="${BASEDIR}/build"
80
79
81 # Chroot directories
80 # Chroot directories
82 R="${BUILDDIR}/chroot"
81 R="${BUILDDIR}/chroot"
83 ETC_DIR="${R}/etc"
82 ETC_DIR="${R}/etc"
84 LIB_DIR="${R}/lib"
83 LIB_DIR="${R}/lib"
85 BOOT_DIR="${R}/boot/firmware"
84 BOOT_DIR="${R}/boot/firmware"
86 KERNEL_DIR="${R}/usr/src/linux"
85 KERNEL_DIR="${R}/usr/src/linux"
87 WLAN_FIRMWARE_DIR="${LIB_DIR}/firmware/brcm"
86 WLAN_FIRMWARE_DIR="${LIB_DIR}/firmware/brcm"
88 BLUETOOTH_FIRMWARE_DIR="${ETC_DIR}/firmware/bt"
87 BLUETOOTH_FIRMWARE_DIR="${ETC_DIR}/firmware/bt"
89
88
90 # Firmware directory: Blank if download from github
89 # Firmware directory: Blank if download from github
91 RPI_FIRMWARE_DIR=${RPI_FIRMWARE_DIR:=""}
90 RPI_FIRMWARE_DIR=${RPI_FIRMWARE_DIR:=""}
92
91
93 # General settings
92 # General settings
94 SET_ARCH=${SET_ARCH:=32}
93 SET_ARCH=${SET_ARCH:=32}
95 HOSTNAME=${HOSTNAME:=rpi${RPI_MODEL}-${RELEASE}}
94 HOSTNAME=${HOSTNAME:=rpi${RPI_MODEL}-${RELEASE}}
96 PASSWORD=${PASSWORD:=raspberry}
95 PASSWORD=${PASSWORD:=raspberry}
97 USER_PASSWORD=${USER_PASSWORD:=raspberry}
96 USER_PASSWORD=${USER_PASSWORD:=raspberry}
98 DEFLOCAL=${DEFLOCAL:="en_US.UTF-8"}
97 DEFLOCAL=${DEFLOCAL:="en_US.UTF-8"}
99 TIMEZONE=${TIMEZONE:="Europe/Berlin"}
98 TIMEZONE=${TIMEZONE:="Europe/Berlin"}
100 EXPANDROOT=${EXPANDROOT:=true}
99 EXPANDROOT=${EXPANDROOT:=true}
101
100
102 # Keyboard settings
101 # Keyboard settings
103 XKB_MODEL=${XKB_MODEL:=""}
102 XKB_MODEL=${XKB_MODEL:=""}
104 XKB_LAYOUT=${XKB_LAYOUT:=""}
103 XKB_LAYOUT=${XKB_LAYOUT:=""}
105 XKB_VARIANT=${XKB_VARIANT:=""}
104 XKB_VARIANT=${XKB_VARIANT:=""}
106 XKB_OPTIONS=${XKB_OPTIONS:=""}
105 XKB_OPTIONS=${XKB_OPTIONS:=""}
107
106
108 # Network settings (DHCP)
107 # Network settings (DHCP)
109 ENABLE_DHCP=${ENABLE_DHCP:=true}
108 ENABLE_DHCP=${ENABLE_DHCP:=true}
110
109
111 # Network settings (static)
110 # Network settings (static)
112 NET_ADDRESS=${NET_ADDRESS:=""}
111 NET_ADDRESS=${NET_ADDRESS:=""}
113 NET_GATEWAY=${NET_GATEWAY:=""}
112 NET_GATEWAY=${NET_GATEWAY:=""}
114 NET_DNS_1=${NET_DNS_1:=""}
113 NET_DNS_1=${NET_DNS_1:=""}
115 NET_DNS_2=${NET_DNS_2:=""}
114 NET_DNS_2=${NET_DNS_2:=""}
116 NET_DNS_DOMAINS=${NET_DNS_DOMAINS:=""}
115 NET_DNS_DOMAINS=${NET_DNS_DOMAINS:=""}
117 NET_NTP_1=${NET_NTP_1:=""}
116 NET_NTP_1=${NET_NTP_1:=""}
118 NET_NTP_2=${NET_NTP_2:=""}
117 NET_NTP_2=${NET_NTP_2:=""}
119
118
120 # APT settings
119 # APT settings
121 APT_PROXY=${APT_PROXY:=""}
120 APT_PROXY=${APT_PROXY:=""}
122 APT_SERVER=${APT_SERVER:="ftp.debian.org"}
121 APT_SERVER=${APT_SERVER:="ftp.debian.org"}
122 KEEP_APT_PROXY=${KEEP_APT_PROXY:=false}
123
123
124 # Feature settings
124 # Feature settings
125 ENABLE_PRINTK=${ENABLE_PRINTK:=false}
125 ENABLE_PRINTK=${ENABLE_PRINTK:=false}
126 ENABLE_BLUETOOTH=${ENABLE_BLUETOOTH:=false}
126 ENABLE_BLUETOOTH=${ENABLE_BLUETOOTH:=false}
127 ENABLE_MINIUART_OVERLAY=${ENABLE_MINIUART_OVERLAY:=false}
127 ENABLE_MINIUART_OVERLAY=${ENABLE_MINIUART_OVERLAY:=false}
128 ENABLE_CONSOLE=${ENABLE_CONSOLE:=true}
128 ENABLE_CONSOLE=${ENABLE_CONSOLE:=true}
129 ENABLE_I2C=${ENABLE_I2C:=false}
129 ENABLE_I2C=${ENABLE_I2C:=false}
130 ENABLE_SPI=${ENABLE_SPI:=false}
130 ENABLE_SPI=${ENABLE_SPI:=false}
131 ENABLE_IPV6=${ENABLE_IPV6:=true}
131 ENABLE_IPV6=${ENABLE_IPV6:=true}
132 ENABLE_SSHD=${ENABLE_SSHD:=true}
132 ENABLE_SSHD=${ENABLE_SSHD:=true}
133 ENABLE_NONFREE=${ENABLE_NONFREE:=false}
133 ENABLE_NONFREE=${ENABLE_NONFREE:=false}
134 ENABLE_WIRELESS=${ENABLE_WIRELESS:=false}
134 ENABLE_WIRELESS=${ENABLE_WIRELESS:=false}
135 ENABLE_SOUND=${ENABLE_SOUND:=true}
135 ENABLE_SOUND=${ENABLE_SOUND:=true}
136 ENABLE_DBUS=${ENABLE_DBUS:=true}
136 ENABLE_DBUS=${ENABLE_DBUS:=true}
137 ENABLE_HWRANDOM=${ENABLE_HWRANDOM:=true}
137 ENABLE_HWRANDOM=${ENABLE_HWRANDOM:=true}
138 ENABLE_MINGPU=${ENABLE_MINGPU:=false}
138 ENABLE_MINGPU=${ENABLE_MINGPU:=false}
139 ENABLE_XORG=${ENABLE_XORG:=false}
139 ENABLE_XORG=${ENABLE_XORG:=false}
140 ENABLE_WM=${ENABLE_WM:=""}
140 ENABLE_WM=${ENABLE_WM:=""}
141 ENABLE_RSYSLOG=${ENABLE_RSYSLOG:=true}
141 ENABLE_RSYSLOG=${ENABLE_RSYSLOG:=true}
142 ENABLE_USER=${ENABLE_USER:=true}
142 ENABLE_USER=${ENABLE_USER:=true}
143 USER_NAME=${USER_NAME:="pi"}
143 USER_NAME=${USER_NAME:="pi"}
144 ENABLE_ROOT=${ENABLE_ROOT:=false}
144 ENABLE_ROOT=${ENABLE_ROOT:=false}
145 ENABLE_QEMU=${ENABLE_QEMU:=false}
145 ENABLE_QEMU=${ENABLE_QEMU:=false}
146 ENABLE_SYSVINIT=${ENABLE_SYSVINIT:=false}
146 ENABLE_SYSVINIT=${ENABLE_SYSVINIT:=false}
147 ENABLE_KEYGEN=${ENABLE_KEYGEN:=true}
147 ENABLE_KEYGEN=${ENABLE_KEYGEN:=true}
148
148
149 # SSH settings
149 # SSH settings
150 SSH_ENABLE_ROOT=${SSH_ENABLE_ROOT:=false}
150 SSH_ENABLE_ROOT=${SSH_ENABLE_ROOT:=false}
151 SSH_DISABLE_PASSWORD_AUTH=${SSH_DISABLE_PASSWORD_AUTH:=false}
151 SSH_DISABLE_PASSWORD_AUTH=${SSH_DISABLE_PASSWORD_AUTH:=false}
152 SSH_LIMIT_USERS=${SSH_LIMIT_USERS:=false}
152 SSH_LIMIT_USERS=${SSH_LIMIT_USERS:=false}
153 SSH_ROOT_PUB_KEY=${SSH_ROOT_PUB_KEY:=""}
153 SSH_ROOT_PUB_KEY=${SSH_ROOT_PUB_KEY:=""}
154 SSH_USER_PUB_KEY=${SSH_USER_PUB_KEY:=""}
154 SSH_USER_PUB_KEY=${SSH_USER_PUB_KEY:=""}
155
155
156 # Advanced settings
156 # Advanced settings
157 ENABLE_SYSTEMDSWAP=${ENABLE_SYSTEMDSWAP:=false}
157 ENABLE_SYSTEMDSWAP=${ENABLE_SYSTEMDSWAP:=false}
158 ENABLE_MINBASE=${ENABLE_MINBASE:=false}
158 ENABLE_MINBASE=${ENABLE_MINBASE:=false}
159 ENABLE_REDUCE=${ENABLE_REDUCE:=false}
159 ENABLE_REDUCE=${ENABLE_REDUCE:=false}
160 ENABLE_UBOOT=${ENABLE_UBOOT:=false}
160 ENABLE_UBOOT=${ENABLE_UBOOT:=false}
161 UBOOTSRC_DIR=${UBOOTSRC_DIR:=""}
161 UBOOTSRC_DIR=${UBOOTSRC_DIR:=""}
162 ENABLE_USBBOOT=${ENABLE_USBBOOT=false}
162 ENABLE_USBBOOT=${ENABLE_USBBOOT=false}
163 ENABLE_FBTURBO=${ENABLE_FBTURBO:=false}
163 ENABLE_FBTURBO=${ENABLE_FBTURBO:=false}
164 ENABLE_VIDEOCORE=${ENABLE_VIDEOCORE:=false}
164 ENABLE_VIDEOCORE=${ENABLE_VIDEOCORE:=false}
165 ENABLE_NEXMON=${ENABLE_NEXMON:=false}
165 ENABLE_NEXMON=${ENABLE_NEXMON:=false}
166 VIDEOCORESRC_DIR=${VIDEOCORESRC_DIR:=""}
166 VIDEOCORESRC_DIR=${VIDEOCORESRC_DIR:=""}
167 FBTURBOSRC_DIR=${FBTURBOSRC_DIR:=""}
167 FBTURBOSRC_DIR=${FBTURBOSRC_DIR:=""}
168 NEXMONSRC_DIR=${NEXMONSRC_DIR:=""}
168 NEXMONSRC_DIR=${NEXMONSRC_DIR:=""}
169 ENABLE_HARDNET=${ENABLE_HARDNET:=false}
169 ENABLE_HARDNET=${ENABLE_HARDNET:=false}
170 ENABLE_IPTABLES=${ENABLE_IPTABLES:=false}
170 ENABLE_IPTABLES=${ENABLE_IPTABLES:=false}
171 ENABLE_SPLITFS=${ENABLE_SPLITFS:=false}
171 ENABLE_SPLITFS=${ENABLE_SPLITFS:=false}
172 ENABLE_INITRAMFS=${ENABLE_INITRAMFS:=false}
172 ENABLE_INITRAMFS=${ENABLE_INITRAMFS:=false}
173 ENABLE_IFNAMES=${ENABLE_IFNAMES:=true}
173 ENABLE_IFNAMES=${ENABLE_IFNAMES:=true}
174 ENABLE_SPLASH=${ENABLE_SPLASH:=true}
175 ENABLE_LOGO=${ENABLE_LOGO:=true}
176 ENABLE_SILENT_BOOT=${ENABLE_SILENT_BOOT=false}
174 DISABLE_UNDERVOLT_WARNINGS=${DISABLE_UNDERVOLT_WARNINGS:=}
177 DISABLE_UNDERVOLT_WARNINGS=${DISABLE_UNDERVOLT_WARNINGS:=}
175
178
176 # Kernel compilation settings
179 # Kernel compilation settings
177 BUILD_KERNEL=${BUILD_KERNEL:=true}
180 BUILD_KERNEL=${BUILD_KERNEL:=true}
178 KERNEL_REDUCE=${KERNEL_REDUCE:=false}
181 KERNEL_REDUCE=${KERNEL_REDUCE:=false}
179 KERNEL_THREADS=${KERNEL_THREADS:=1}
182 KERNEL_THREADS=${KERNEL_THREADS:=1}
180 KERNEL_HEADERS=${KERNEL_HEADERS:=true}
183 KERNEL_HEADERS=${KERNEL_HEADERS:=true}
181 KERNEL_MENUCONFIG=${KERNEL_MENUCONFIG:=false}
184 KERNEL_MENUCONFIG=${KERNEL_MENUCONFIG:=false}
182 KERNEL_REMOVESRC=${KERNEL_REMOVESRC:=true}
185 KERNEL_REMOVESRC=${KERNEL_REMOVESRC:=true}
183 KERNEL_OLDDEFCONFIG=${KERNEL_OLDDEFCONFIG:=false}
186 KERNEL_OLDDEFCONFIG=${KERNEL_OLDDEFCONFIG:=false}
184 KERNEL_CCACHE=${KERNEL_CCACHE:=false}
187 KERNEL_CCACHE=${KERNEL_CCACHE:=false}
185 KERNEL_ZSWAP=${KERNEL_ZSWAP:=false}
188 KERNEL_ZSWAP=${KERNEL_ZSWAP:=false}
186 KERNEL_VIRT=${KERNEL_VIRT:=false}
189 KERNEL_VIRT=${KERNEL_VIRT:=false}
187 KERNEL_BPF=${KERNEL_BPF:=false}
190 KERNEL_BPF=${KERNEL_BPF:=false}
188 KERNEL_DEFAULT_GOV=${KERNEL_DEFAULT_GOV:=powersave}
191 KERNEL_DEFAULT_GOV=${KERNEL_DEFAULT_GOV:=powersave}
189 KERNEL_SECURITY=${KERNEL_SECURITY:=false}
192 KERNEL_SECURITY=${KERNEL_SECURITY:=false}
190 KERNEL_NF=${KERNEL_NF:=false}
193 KERNEL_NF=${KERNEL_NF:=false}
191
194
192 # Kernel compilation from source directory settings
195 # Kernel compilation from source directory settings
193 KERNELSRC_DIR=${KERNELSRC_DIR:=""}
196 KERNELSRC_DIR=${KERNELSRC_DIR:=""}
194 KERNELSRC_CLEAN=${KERNELSRC_CLEAN:=false}
197 KERNELSRC_CLEAN=${KERNELSRC_CLEAN:=false}
195 KERNELSRC_CONFIG=${KERNELSRC_CONFIG:=true}
198 KERNELSRC_CONFIG=${KERNELSRC_CONFIG:=true}
196 KERNELSRC_PREBUILT=${KERNELSRC_PREBUILT:=false}
199 KERNELSRC_PREBUILT=${KERNELSRC_PREBUILT:=false}
197
200
198 # Reduce disk usage settings
201 # Reduce disk usage settings
199 REDUCE_APT=${REDUCE_APT:=true}
202 REDUCE_APT=${REDUCE_APT:=true}
200 REDUCE_DOC=${REDUCE_DOC:=true}
203 REDUCE_DOC=${REDUCE_DOC:=true}
201 REDUCE_MAN=${REDUCE_MAN:=true}
204 REDUCE_MAN=${REDUCE_MAN:=true}
202 REDUCE_VIM=${REDUCE_VIM:=false}
205 REDUCE_VIM=${REDUCE_VIM:=false}
203 REDUCE_BASH=${REDUCE_BASH:=false}
206 REDUCE_BASH=${REDUCE_BASH:=false}
204 REDUCE_HWDB=${REDUCE_HWDB:=true}
207 REDUCE_HWDB=${REDUCE_HWDB:=true}
205 REDUCE_SSHD=${REDUCE_SSHD:=true}
208 REDUCE_SSHD=${REDUCE_SSHD:=true}
206 REDUCE_LOCALE=${REDUCE_LOCALE:=true}
209 REDUCE_LOCALE=${REDUCE_LOCALE:=true}
207
210
208 # Encrypted filesystem settings
211 # Encrypted filesystem settings
209 ENABLE_CRYPTFS=${ENABLE_CRYPTFS:=false}
212 ENABLE_CRYPTFS=${ENABLE_CRYPTFS:=false}
210 CRYPTFS_PASSWORD=${CRYPTFS_PASSWORD:=""}
213 CRYPTFS_PASSWORD=${CRYPTFS_PASSWORD:=""}
211 CRYPTFS_MAPPING=${CRYPTFS_MAPPING:="secure"}
214 CRYPTFS_MAPPING=${CRYPTFS_MAPPING:="secure"}
212 CRYPTFS_CIPHER=${CRYPTFS_CIPHER:="aes-xts-plain64:sha512"}
215 CRYPTFS_CIPHER=${CRYPTFS_CIPHER:="aes-xts-plain64:sha512"}
213 CRYPTFS_XTSKEYSIZE=${CRYPTFS_XTSKEYSIZE:=512}
216 CRYPTFS_XTSKEYSIZE=${CRYPTFS_XTSKEYSIZE:=512}
214 #Dropbear-initramfs supports unlocking encrypted filesystem via SSH on bootup
217 #Dropbear-initramfs supports unlocking encrypted filesystem via SSH on bootup
215 CRYPTFS_DROPBEAR=${CRYPTFS_DROPBEAR:=false}
218 CRYPTFS_DROPBEAR=${CRYPTFS_DROPBEAR:=false}
216 #Provide your own Dropbear Public RSA-OpenSSH Key otherwise it will be generated
219 #Provide your own Dropbear Public RSA-OpenSSH Key otherwise it will be generated
217 CRYPTFS_DROPBEAR_PUBKEY=${CRYPTFS_DROPBEAR_PUBKEY:=""}
220 CRYPTFS_DROPBEAR_PUBKEY=${CRYPTFS_DROPBEAR_PUBKEY:=""}
218
221
219 # Chroot scripts directory
222 # Chroot scripts directory
220 CHROOT_SCRIPTS=${CHROOT_SCRIPTS:=""}
223 CHROOT_SCRIPTS=${CHROOT_SCRIPTS:=""}
221
224
222 # Packages required in the chroot build environment
225 # Packages required in the chroot build environment
223 APT_INCLUDES=${APT_INCLUDES:=""}
226 APT_INCLUDES=${APT_INCLUDES:=""}
224 APT_INCLUDES="${APT_INCLUDES},apt-transport-https,apt-utils,ca-certificates,debian-archive-keyring,dialog,sudo,systemd,sysvinit-utils,locales,keyboard-configuration,console-setup,libnss-systemd"
227 APT_INCLUDES="${APT_INCLUDES},apt-transport-https,apt-utils,ca-certificates,debian-archive-keyring,dialog,sudo,systemd,sysvinit-utils,locales,keyboard-configuration,console-setup,libnss-systemd"
225
228
226 # Packages to exclude from chroot build environment
229 # Packages to exclude from chroot build environment
227 APT_EXCLUDES=${APT_EXCLUDES:=""}
230 APT_EXCLUDES=${APT_EXCLUDES:=""}
228
231
229 # Packages required for bootstrapping
232 # Packages required for bootstrapping
230 REQUIRED_PACKAGES="debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git bc psmisc dbus sudo netselect-apt"
233 REQUIRED_PACKAGES="debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git bc psmisc dbus sudo"
234 #Requierd=netselect-apt
231 MISSING_PACKAGES=""
235 MISSING_PACKAGES=""
232
236
233 # Packages installed for c/c++ build environment in chroot (keep empty)
237 # Packages installed for c/c++ build environment in chroot (keep empty)
234 COMPILER_PACKAGES=""
238 COMPILER_PACKAGES=""
235
239
236 # Check if apt-cacher-ng has port 3142 open and set APT_PROXY
240 # Check if apt-cacher-ng has port 3142 open and set APT_PROXY
237 APT_CACHER_RUNNING=$(lsof -i :3142 | cut -d ' ' -f3 | uniq | sed '/^\s*$/d')
241 APT_CACHER_RUNNING=$(lsof -i :3142 | cut -d ' ' -f3 | uniq | sed '/^\s*$/d')
238 if [ "${APT_CACHER_RUNNING}" = "apt-cacher-ng" ] ; then
242 if [ "${APT_CACHER_RUNNING}" = "apt-cacher-ng" ] ; then
239 APT_PROXY=http://127.0.0.1:3142/
243 APT_PROXY=http://127.0.0.1:3142/
240 fi
244 fi
241
245
242 # netselect-apt does not know buster yet
246 # netselect-apt does not know buster yet
243 #if [ "$RELEASE" = "buster" ] ; then
247 #if [ "$RELEASE" = "buster" ] ; then
244 # RLS=testing
248 # RLS=testing
245 #else
249 #else
246 # RLS="$RELEASE"
250 # RLS="$RELEASE"
247 #fi
251 #fi
248
252
249 #if [ -f "$(pwd)/files/apt/sources.list" ] ; then
253 #if [ -f "$(pwd)/files/apt/sources.list" ] ; then
250 #rm "$(pwd)/files/apt/sources.list"
254 #rm "$(pwd)/files/apt/sources.list"
251 #fi
255 #fi
252
256
253 #if [ "$ENABLE_NONFREE" = true ] ; then
257 #if [ "$ENABLE_NONFREE" = true ] ; then
254 # netselect-apt --arch "$RELEASE_ARCH" -t 3 --sources --nonfree --outfile "$(pwd)/files/apt/sources.list" -d "$RLS"
258 # netselect-apt --arch "$RELEASE_ARCH" -t 3 --sources --nonfree --outfile "$(pwd)/files/apt/sources.list" -d "$RLS"
255 #else
259 #else
256 # netselect-apt --arch "$RELEASE_ARCH" -t 3 --sources --outfile "$(pwd)/files/apt/sources.list" -d "$RLS"
260 # netselect-apt --arch "$RELEASE_ARCH" -t 3 --sources --outfile "$(pwd)/files/apt/sources.list" -d "$RLS"
257 #fi
261 #fi
258
262
259 # sed and cut the result string so we can use it as APT_SERVER
263 # sed and cut the result string so we can use it as APT_SERVER
260 #APT_SERVER=$(grep -m 1 http files/apt/sources.list | sed "s|http://| |g" | cut -d ' ' -f 3 | sed 's|/$|''|')
264 #APT_SERVER=$(grep -m 1 http files/apt/sources.list | sed "s|http://| |g" | cut -d ' ' -f 3 | sed 's|/$|''|')
261
265
262 # make script easier and more stable to use with convenient setup switch. Just setup SET_ARCH and RPI_MODEL and your good to go!
266 # make script easier and more stable to use with convenient setup switch. Just setup SET_ARCH and RPI_MODEL and your good to go!
263 if [ -n "$SET_ARCH" ] ; then
267 if [ -n "$SET_ARCH" ] ; then
264 # 64-bit configuration
268 # 64-bit configuration
265 if [ "$SET_ARCH" = 64 ] ; then
269 if [ "$SET_ARCH" = 64 ] ; then
266 # General 64-bit depended settings
270 # General 64-bit depended settings
267 QEMU_BINARY=${QEMU_BINARY:=/usr/bin/qemu-aarch64-static}
271 QEMU_BINARY=${QEMU_BINARY:=/usr/bin/qemu-aarch64-static}
268 KERNEL_ARCH=${KERNEL_ARCH:=arm64}
272 KERNEL_ARCH=${KERNEL_ARCH:=arm64}
269 KERNEL_BIN_IMAGE=${KERNEL_BIN_IMAGE:="Image"}
273 KERNEL_BIN_IMAGE=${KERNEL_BIN_IMAGE:="Image"}
270
274
271 # Raspberry Pi model specific settings
275 # Raspberry Pi model specific settings
272 if [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then
276 if [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then
273 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-arm64"
277 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-arm64"
274 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcmrpi3_defconfig}
278 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcmrpi3_defconfig}
275 RELEASE_ARCH=${RELEASE_ARCH:=arm64}
279 RELEASE_ARCH=${RELEASE_ARCH:=arm64}
276 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel8.img}
280 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel8.img}
277 CROSS_COMPILE=${CROSS_COMPILE:=aarch64-linux-gnu-}
281 CROSS_COMPILE=${CROSS_COMPILE:=aarch64-linux-gnu-}
278 else
282 else
279 echo "error: Only Raspberry PI 3 and 3B+ support 64-bit"
283 echo "error: Only Raspberry PI 3 and 3B+ support 64-bit"
280 exit 1
284 exit 1
281 fi
285 fi
282 fi
286 fi
283
287
284 # 32-bit configuration
288 # 32-bit configuration
285 if [ "$SET_ARCH" = 32 ] ; then
289 if [ "$SET_ARCH" = 32 ] ; then
286 # General 32-bit dependend settings
290 # General 32-bit dependend settings
287 QEMU_BINARY=${QEMU_BINARY:=/usr/bin/qemu-arm-static}
291 QEMU_BINARY=${QEMU_BINARY:=/usr/bin/qemu-arm-static}
288 KERNEL_ARCH=${KERNEL_ARCH:=arm}
292 KERNEL_ARCH=${KERNEL_ARCH:=arm}
289 KERNEL_BIN_IMAGE=${KERNEL_BIN_IMAGE:="zImage"}
293 KERNEL_BIN_IMAGE=${KERNEL_BIN_IMAGE:="zImage"}
290
294
291 # Raspberry Pi model specific settings
295 # Raspberry Pi model specific settings
292 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 1 ] || [ "$RPI_MODEL" = 1P ] ; then
296 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 1 ] || [ "$RPI_MODEL" = 1P ] ; then
293 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-armel"
297 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-armel"
294 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcmrpi_defconfig}
298 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcmrpi_defconfig}
295 RELEASE_ARCH=${RELEASE_ARCH:=armel}
299 RELEASE_ARCH=${RELEASE_ARCH:=armel}
296 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel.img}
300 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel.img}
297 CROSS_COMPILE=${CROSS_COMPILE:=arm-linux-gnueabi-}
301 CROSS_COMPILE=${CROSS_COMPILE:=arm-linux-gnueabi-}
298 fi
302 fi
299
303
300 # Raspberry Pi model specific settings
304 # Raspberry Pi model specific settings
301 if [ "$RPI_MODEL" = 2 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then
305 if [ "$RPI_MODEL" = 2 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then
302 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-armhf"
306 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-armhf"
303 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcm2709_defconfig}
307 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcm2709_defconfig}
304 RELEASE_ARCH=${RELEASE_ARCH:=armhf}
308 RELEASE_ARCH=${RELEASE_ARCH:=armhf}
305 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel7.img}
309 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel7.img}
306 CROSS_COMPILE=${CROSS_COMPILE:=arm-linux-gnueabihf-}
310 CROSS_COMPILE=${CROSS_COMPILE:=arm-linux-gnueabihf-}
307 fi
311 fi
308 fi
312 fi
309 # SET_ARCH not set
313 # SET_ARCH not set
310 else
314 else
311 echo "error: Please set '32' or '64' as value for SET_ARCH"
315 echo "error: Please set '32' or '64' as value for SET_ARCH"
312 exit 1
316 exit 1
313 fi
317 fi
314 # Device specific configuration and U-Boot configuration
318 # Device specific configuration and U-Boot configuration
315 case "$RPI_MODEL" in
319 case "$RPI_MODEL" in
316 0)
320 0)
317 DTB_FILE=${DTB_FILE:=bcm2708-rpi-0-w.dtb}
321 DTB_FILE=${DTB_FILE:=bcm2708-rpi-0-w.dtb}
318 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_defconfig}
322 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_defconfig}
319 ;;
323 ;;
320 1)
324 1)
321 DTB_FILE=${DTB_FILE:=bcm2708-rpi-b.dtb}
325 DTB_FILE=${DTB_FILE:=bcm2708-rpi-b.dtb}
322 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_defconfig}
326 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_defconfig}
323 ;;
327 ;;
324 1P)
328 1P)
325 DTB_FILE=${DTB_FILE:=bcm2708-rpi-b-plus.dtb}
329 DTB_FILE=${DTB_FILE:=bcm2708-rpi-b-plus.dtb}
326 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_defconfig}
330 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_defconfig}
327 ;;
331 ;;
328 2)
332 2)
329 DTB_FILE=${DTB_FILE:=bcm2709-rpi-2-b.dtb}
333 DTB_FILE=${DTB_FILE:=bcm2709-rpi-2-b.dtb}
330 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_2_defconfig}
334 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_2_defconfig}
331 ;;
335 ;;
332 3)
336 3)
333 DTB_FILE=${DTB_FILE:=bcm2710-rpi-3-b.dtb}
337 DTB_FILE=${DTB_FILE:=bcm2710-rpi-3-b.dtb}
334 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_3_defconfig}
338 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_3_defconfig}
335 ;;
339 ;;
336 3P)
340 3P)
337 DTB_FILE=${DTB_FILE:=bcm2710-rpi-3-b.dtb}
341 DTB_FILE=${DTB_FILE:=bcm2710-rpi-3-b.dtb}
338 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_3_defconfig}
342 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_3_defconfig}
339 ;;
343 ;;
340 *)
344 *)
341 echo "error: Raspberry Pi model $RPI_MODEL is not supported!"
345 echo "error: Raspberry Pi model $RPI_MODEL is not supported!"
342 exit 1
346 exit 1
343 ;;
347 ;;
344 esac
348 esac
345
349
346 # Raspberry PI 0,3,3P with Bluetooth and Wifi onboard
350 # Raspberry PI 0,3,3P with Bluetooth and Wifi onboard
347 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then
351 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then
348 # Include bluetooth packages on supported boards
352 # Include bluetooth packages on supported boards
349 if [ "$ENABLE_BLUETOOTH" = true ] ; then
353 if [ "$ENABLE_BLUETOOTH" = true ] ; then
350 APT_INCLUDES="${APT_INCLUDES},bluetooth,bluez"
354 APT_INCLUDES="${APT_INCLUDES},bluetooth,bluez"
351 fi
355 fi
352 if [ "$ENABLE_WIRELESS" = true ] ; then
356 if [ "$ENABLE_WIRELESS" = true ] ; then
353 APT_INCLUDES="${APT_INCLUDES},wireless-tools,crda,wireless-regdb,firmware-brcm80211"
357 APT_INCLUDES="${APT_INCLUDES},wireless-tools,crda,wireless-regdb,firmware-brcm80211"
354 fi
358 fi
355 else # Raspberry PI 1,1P,2 without Wifi and bluetooth onboard
359 else # Raspberry PI 1,1P,2 without Wifi and bluetooth onboard
356 # Check if the internal wireless interface is not supported by the RPi model
360 # Check if the internal wireless interface is not supported by the RPi model
357 if [ "$ENABLE_WIRELESS" = true ] || [ "$ENABLE_BLUETOOTH" = true ]; then
361 if [ "$ENABLE_WIRELESS" = true ] || [ "$ENABLE_BLUETOOTH" = true ]; then
358 echo "error: The selected Raspberry Pi model has no integrated interface for wireless or bluetooth"
362 echo "error: The selected Raspberry Pi model has no integrated interface for wireless or bluetooth"
359 exit 1
363 exit 1
360 fi
364 fi
361 fi
365 fi
362
366
363 if [ "$BUILD_KERNEL" = false ] && [ "$ENABLE_NEXMON" = true ]; then
367 if [ "$BUILD_KERNEL" = false ] && [ "$ENABLE_NEXMON" = true ]; then
364 echo "error: You have to compile kernel sources, if you want to enable nexmon"
368 echo "error: You have to compile kernel sources, if you want to enable nexmon"
365 exit 1
369 exit 1
366 fi
370 fi
367
371
368 # Prepare date string for default image file name
372 # Prepare date string for default image file name
369 DATE="$(date +%Y-%m-%d)"
373 DATE="$(date +%Y-%m-%d)"
370 if [ -z "$KERNEL_BRANCH" ] ; then
374 if [ -z "$KERNEL_BRANCH" ] ; then
371 IMAGE_NAME=${IMAGE_NAME:=${BASEDIR}/${DATE}-${KERNEL_ARCH}-CURRENT-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}}
375 IMAGE_NAME=${IMAGE_NAME:=${BASEDIR}/${DATE}-${KERNEL_ARCH}-CURRENT-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}}
372 else
376 else
373 IMAGE_NAME=${IMAGE_NAME:=${BASEDIR}/${DATE}-${KERNEL_ARCH}-${KERNEL_BRANCH}-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}}
377 IMAGE_NAME=${IMAGE_NAME:=${BASEDIR}/${DATE}-${KERNEL_ARCH}-${KERNEL_BRANCH}-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}}
374 fi
378 fi
375
379
376 # Check if DISABLE_UNDERVOLT_WARNINGS parameter value is supported
380 # Check if DISABLE_UNDERVOLT_WARNINGS parameter value is supported
377 if [ -n "$DISABLE_UNDERVOLT_WARNINGS" ] ; then
381 if [ -n "$DISABLE_UNDERVOLT_WARNINGS" ] ; then
378 if [ "$DISABLE_UNDERVOLT_WARNINGS" != 1 ] && [ "$DISABLE_UNDERVOLT_WARNINGS" != 2 ] ; then
382 if [ "$DISABLE_UNDERVOLT_WARNINGS" != 1 ] && [ "$DISABLE_UNDERVOLT_WARNINGS" != 2 ] ; then
379 echo "error: DISABLE_UNDERVOLT_WARNINGS=${DISABLE_UNDERVOLT_WARNINGS} is not supported"
383 echo "error: DISABLE_UNDERVOLT_WARNINGS=${DISABLE_UNDERVOLT_WARNINGS} is not supported"
380 exit 1
384 exit 1
381 fi
385 fi
382 fi
386 fi
383
387
384 set +x
388 set +x
385
389
386 # Add cmake to compile videocore sources
390 # Add cmake to compile videocore sources
387 if [ "$ENABLE_KEYGEN" = true ] ; then
391 if [ "$ENABLE_KEYGEN" = true ] ; then
388 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} perl"
392 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} perl"
389 fi
393 fi
390
394
391 # Add cmake to compile videocore sources
395 # Add cmake to compile videocore sources
392 if [ "$ENABLE_VIDEOCORE" = true ] ; then
396 if [ "$ENABLE_VIDEOCORE" = true ] ; then
393 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} cmake"
397 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} cmake"
394 fi
398 fi
395
399
396 # Add deps for nexmon
400 # Add deps for nexmon
397 if [ "$ENABLE_NEXMON" = true ] ; then
401 if [ "$ENABLE_NEXMON" = true ] ; then
398 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} libgmp3-dev gawk qpdf bison flex make autoconf automake build-essential libtool"
402 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} libgmp3-dev gawk qpdf bison flex make autoconf automake build-essential libtool"
399 fi
403 fi
400
404
401 # Add libncurses5 to enable kernel menuconfig
405 # Add libncurses5 to enable kernel menuconfig
402 if [ "$KERNEL_MENUCONFIG" = true ] ; then
406 if [ "$KERNEL_MENUCONFIG" = true ] ; then
403 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} libncurses-dev"
407 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} libncurses-dev"
404 fi
408 fi
405
409
406 # Add ccache compiler cache for (faster) kernel cross (re)compilation
410 # Add ccache compiler cache for (faster) kernel cross (re)compilation
407 if [ "$KERNEL_CCACHE" = true ] ; then
411 if [ "$KERNEL_CCACHE" = true ] ; then
408 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} ccache"
412 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} ccache"
409 fi
413 fi
410
414
411 # Add cryptsetup package to enable filesystem encryption
415 # Add cryptsetup package to enable filesystem encryption
412 if [ "$ENABLE_CRYPTFS" = true ] && [ "$BUILD_KERNEL" = true ] ; then
416 if [ "$ENABLE_CRYPTFS" = true ] && [ "$BUILD_KERNEL" = true ] ; then
413 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} cryptsetup"
417 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} cryptsetup"
414 APT_INCLUDES="${APT_INCLUDES},cryptsetup,busybox,console-setup"
418 APT_INCLUDES="${APT_INCLUDES},cryptsetup,busybox,console-setup"
415
419
416 # If cryptfs,dropbear and initramfs are enabled include dropbear-initramfs package
420 # If cryptfs,dropbear and initramfs are enabled include dropbear-initramfs package
417 if [ "$CRYPTFS_DROPBEAR" = true ] && [ "$ENABLE_INITRAMFS" = true ]; then
421 if [ "$CRYPTFS_DROPBEAR" = true ] && [ "$ENABLE_INITRAMFS" = true ]; then
418 APT_INCLUDES="${APT_INCLUDES},dropbear-initramfs"
422 APT_INCLUDES="${APT_INCLUDES},dropbear-initramfs"
419 fi
423 fi
420
424
421 if [ -z "$CRYPTFS_PASSWORD" ] ; then
425 if [ -z "$CRYPTFS_PASSWORD" ] ; then
422 echo "error: no password defined (CRYPTFS_PASSWORD)!"
426 echo "error: no password defined (CRYPTFS_PASSWORD)!"
423 exit 1
427 exit 1
424 fi
428 fi
425 ENABLE_INITRAMFS=true
429 ENABLE_INITRAMFS=true
426 fi
430 fi
427
431
428 # Add initramfs generation tools
432 # Add initramfs generation tools
429 if [ "$ENABLE_INITRAMFS" = true ] && [ "$BUILD_KERNEL" = true ] ; then
433 if [ "$ENABLE_INITRAMFS" = true ] && [ "$BUILD_KERNEL" = true ] ; then
430 APT_INCLUDES="${APT_INCLUDES},initramfs-tools"
434 APT_INCLUDES="${APT_INCLUDES},initramfs-tools"
431 fi
435 fi
432
436
433 # Add device-tree-compiler required for building the U-Boot bootloader
437 # Add device-tree-compiler required for building the U-Boot bootloader
434 if [ "$ENABLE_UBOOT" = true ] ; then
438 if [ "$ENABLE_UBOOT" = true ] ; then
435 APT_INCLUDES="${APT_INCLUDES},device-tree-compiler,bison,flex,bc"
439 APT_INCLUDES="${APT_INCLUDES},device-tree-compiler,bison,flex,bc"
436 fi
440 fi
437
441
438 if [ "$ENABLE_USBBOOT" = true ] ; then
442 if [ "$ENABLE_USBBOOT" = true ] ; then
439 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 1P ] || [ "$RPI_MODEL" = 1 ] || [ "$RPI_MODEL" = 2 ]; then
443 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 1P ] || [ "$RPI_MODEL" = 1 ] || [ "$RPI_MODEL" = 2 ]; then
440 echo "error: Booting from USB alone is only supported by Raspberry Pi 3 and 3P"
444 echo "error: Booting from USB alone is only supported by Raspberry Pi 3 and 3P"
441 exit 1
445 exit 1
442 fi
446 fi
443 fi
447 fi
444
448
445 # Check if root SSH (v2) public key file exists
449 # Check if root SSH (v2) public key file exists
446 if [ -n "$SSH_ROOT_PUB_KEY" ] ; then
450 if [ -n "$SSH_ROOT_PUB_KEY" ] ; then
447 if [ ! -f "$SSH_ROOT_PUB_KEY" ] ; then
451 if [ ! -f "$SSH_ROOT_PUB_KEY" ] ; then
448 echo "error: '$SSH_ROOT_PUB_KEY' specified SSH public key file not found (SSH_ROOT_PUB_KEY)!"
452 echo "error: '$SSH_ROOT_PUB_KEY' specified SSH public key file not found (SSH_ROOT_PUB_KEY)!"
449 exit 1
453 exit 1
450 fi
454 fi
451 fi
455 fi
452
456
453 # Check if $USER_NAME SSH (v2) public key file exists
457 # Check if $USER_NAME SSH (v2) public key file exists
454 if [ -n "$SSH_USER_PUB_KEY" ] ; then
458 if [ -n "$SSH_USER_PUB_KEY" ] ; then
455 if [ ! -f "$SSH_USER_PUB_KEY" ] ; then
459 if [ ! -f "$SSH_USER_PUB_KEY" ] ; then
456 echo "error: '$SSH_USER_PUB_KEY' specified SSH public key file not found (SSH_USER_PUB_KEY)!"
460 echo "error: '$SSH_USER_PUB_KEY' specified SSH public key file not found (SSH_USER_PUB_KEY)!"
457 exit 1
461 exit 1
458 fi
462 fi
459 fi
463 fi
460
464
461 if [ "$ENABLE_NEXMON" = true ] && [ -n "$KERNEL_BRANCH" ] ; then
465 if [ "$ENABLE_NEXMON" = true ] && [ -n "$KERNEL_BRANCH" ] ; then
462 echo "error: Please unset KERNEL_BRANCH if using ENABLE_NEXMON"
466 echo "error: Please unset KERNEL_BRANCH if using ENABLE_NEXMON"
463 exit 1
467 exit 1
464 fi
468 fi
465
469
466 # Check if all required packages are installed on the build system
470 # Check if all required packages are installed on the build system
467 for package in $REQUIRED_PACKAGES ; do
471 for package in $REQUIRED_PACKAGES ; do
468 if [ "$(dpkg-query -W -f='${Status}' "$package")" != "install ok installed" ] ; then
472 if [ "$(dpkg-query -W -f='${Status}' "$package")" != "install ok installed" ] ; then
469 MISSING_PACKAGES="${MISSING_PACKAGES} $package"
473 MISSING_PACKAGES="${MISSING_PACKAGES} $package"
470 fi
474 fi
471 done
475 done
472
476
473 # If there are missing packages ask confirmation for install, or exit
477 # If there are missing packages ask confirmation for install, or exit
474 if [ -n "$MISSING_PACKAGES" ] ; then
478 if [ -n "$MISSING_PACKAGES" ] ; then
475 echo "the following packages needed by this script are not installed:"
479 echo "the following packages needed by this script are not installed:"
476 echo "$MISSING_PACKAGES"
480 echo "$MISSING_PACKAGES"
477
481
478 printf "\ndo you want to install the missing packages right now? [y/n] "
482 printf "\ndo you want to install the missing packages right now? [y/n] "
479 read -r confirm
483 read -r confirm
480 [ "$confirm" != "y" ] && exit 1
484 [ "$confirm" != "y" ] && exit 1
481
485
482 # Make sure all missing required packages are installed
486 # Make sure all missing required packages are installed
483 apt-get -qq -y install `echo "${MISSING_PACKAGES}" | sed "s/ //"`
487 apt-get -qq -y install `echo "${MISSING_PACKAGES}" | sed "s/ //"`
484 fi
488 fi
485
489
486 # Check if ./bootstrap.d directory exists
490 # Check if ./bootstrap.d directory exists
487 if [ ! -d "./bootstrap.d/" ] ; then
491 if [ ! -d "./bootstrap.d/" ] ; then
488 echo "error: './bootstrap.d' required directory not found!"
492 echo "error: './bootstrap.d' required directory not found!"
489 exit 1
493 exit 1
490 fi
494 fi
491
495
492 # Check if ./files directory exists
496 # Check if ./files directory exists
493 if [ ! -d "./files/" ] ; then
497 if [ ! -d "./files/" ] ; then
494 echo "error: './files' required directory not found!"
498 echo "error: './files' required directory not found!"
495 exit 1
499 exit 1
496 fi
500 fi
497
501
498 # Check if specified KERNELSRC_DIR directory exists
502 # Check if specified KERNELSRC_DIR directory exists
499 if [ -n "$KERNELSRC_DIR" ] && [ ! -d "$KERNELSRC_DIR" ] ; then
503 if [ -n "$KERNELSRC_DIR" ] && [ ! -d "$KERNELSRC_DIR" ] ; then
500 echo "error: '${KERNELSRC_DIR}' specified directory not found (KERNELSRC_DIR)!"
504 echo "error: '${KERNELSRC_DIR}' specified directory not found (KERNELSRC_DIR)!"
501 exit 1
505 exit 1
502 fi
506 fi
503
507
504 # Check if specified UBOOTSRC_DIR directory exists
508 # Check if specified UBOOTSRC_DIR directory exists
505 if [ -n "$UBOOTSRC_DIR" ] && [ ! -d "$UBOOTSRC_DIR" ] ; then
509 if [ -n "$UBOOTSRC_DIR" ] && [ ! -d "$UBOOTSRC_DIR" ] ; then
506 echo "error: '${UBOOTSRC_DIR}' specified directory not found (UBOOTSRC_DIR)!"
510 echo "error: '${UBOOTSRC_DIR}' specified directory not found (UBOOTSRC_DIR)!"
507 exit 1
511 exit 1
508 fi
512 fi
509
513
510 # Check if specified VIDEOCORESRC_DIR directory exists
514 # Check if specified VIDEOCORESRC_DIR directory exists
511 if [ -n "$VIDEOCORESRC_DIR" ] && [ ! -d "$VIDEOCORESRC_DIR" ] ; then
515 if [ -n "$VIDEOCORESRC_DIR" ] && [ ! -d "$VIDEOCORESRC_DIR" ] ; then
512 echo "error: '${VIDEOCORESRC_DIR}' specified directory not found (VIDEOCORESRC_DIR)!"
516 echo "error: '${VIDEOCORESRC_DIR}' specified directory not found (VIDEOCORESRC_DIR)!"
513 exit 1
517 exit 1
514 fi
518 fi
515
519
516 # Check if specified FBTURBOSRC_DIR directory exists
520 # Check if specified FBTURBOSRC_DIR directory exists
517 if [ -n "$FBTURBOSRC_DIR" ] && [ ! -d "$FBTURBOSRC_DIR" ] ; then
521 if [ -n "$FBTURBOSRC_DIR" ] && [ ! -d "$FBTURBOSRC_DIR" ] ; then
518 echo "error: '${FBTURBOSRC_DIR}' specified directory not found (FBTURBOSRC_DIR)!"
522 echo "error: '${FBTURBOSRC_DIR}' specified directory not found (FBTURBOSRC_DIR)!"
519 exit 1
523 exit 1
520 fi
524 fi
521
525
522 # Check if specified NEXMONSRC_DIR directory exists
526 # Check if specified NEXMONSRC_DIR directory exists
523 if [ -n "$NEXMONSRC_DIR" ] && [ ! -d "$NEXMONSRC_DIR" ] ; then
527 if [ -n "$NEXMONSRC_DIR" ] && [ ! -d "$NEXMONSRC_DIR" ] ; then
524 echo "error: '${NEXMONSRC_DIR}' specified directory not found (NEXMONSRC_DIR)!"
528 echo "error: '${NEXMONSRC_DIR}' specified directory not found (NEXMONSRC_DIR)!"
525 exit 1
529 exit 1
526 fi
530 fi
527
531
528 # Check if specified CHROOT_SCRIPTS directory exists
532 # Check if specified CHROOT_SCRIPTS directory exists
529 if [ -n "$CHROOT_SCRIPTS" ] && [ ! -d "$CHROOT_SCRIPTS" ] ; then
533 if [ -n "$CHROOT_SCRIPTS" ] && [ ! -d "$CHROOT_SCRIPTS" ] ; then
530 echo "error: ${CHROOT_SCRIPTS} specified directory not found (CHROOT_SCRIPTS)!"
534 echo "error: ${CHROOT_SCRIPTS} specified directory not found (CHROOT_SCRIPTS)!"
531 exit 1
535 exit 1
532 fi
536 fi
533
537
534 # Check if specified device mapping already exists (will be used by cryptsetup)
538 # Check if specified device mapping already exists (will be used by cryptsetup)
535 if [ -r "/dev/mapping/${CRYPTFS_MAPPING}" ] ; then
539 if [ -r "/dev/mapping/${CRYPTFS_MAPPING}" ] ; then
536 echo "error: mapping /dev/mapping/${CRYPTFS_MAPPING} already exists, not proceeding"
540 echo "error: mapping /dev/mapping/${CRYPTFS_MAPPING} already exists, not proceeding"
537 exit 1
541 exit 1
538 fi
542 fi
539
543
540 # Don't clobber an old build
544 # Don't clobber an old build
541 if [ -e "$BUILDDIR" ] ; then
545 if [ -e "$BUILDDIR" ] ; then
542 echo "error: directory ${BUILDDIR} already exists, not proceeding"
546 echo "error: directory ${BUILDDIR} already exists, not proceeding"
543 exit 1
547 exit 1
544 fi
548 fi
545
549
546 # Setup chroot directory
550 # Setup chroot directory
547 mkdir -p "${R}"
551 mkdir -p "${R}"
548
552
549 # Check if build directory has enough of free disk space >512MB
553 # Check if build directory has enough of free disk space >512MB
550 if [ "$(df --output=avail "${BUILDDIR}" | sed "1d")" -le "524288" ] ; then
554 if [ "$(df --output=avail "${BUILDDIR}" | sed "1d")" -le "524288" ] ; then
551 echo "error: ${BUILDDIR} not enough space left to generate the output image!"
555 echo "error: ${BUILDDIR} not enough space left to generate the output image!"
552 exit 1
556 exit 1
553 fi
557 fi
554
558
555 set -x
559 set -x
556
560
557 # Call "cleanup" function on various signals and errors
561 # Call "cleanup" function on various signals and errors
558 trap cleanup 0 1 2 3 6
562 trap cleanup 0 1 2 3 6
559
563
560 # Add required packages for the minbase installation
564 # Add required packages for the minbase installation
561 if [ "$ENABLE_MINBASE" = true ] ; then
565 if [ "$ENABLE_MINBASE" = true ] ; then
562 APT_INCLUDES="${APT_INCLUDES},vim-tiny,netbase,net-tools,ifupdown"
566 APT_INCLUDES="${APT_INCLUDES},vim-tiny,netbase,net-tools,ifupdown"
563 fi
567 fi
564
568
565 # Add parted package, required to get partprobe utility
569 # Add parted package, required to get partprobe utility
566 if [ "$EXPANDROOT" = true ] ; then
570 if [ "$EXPANDROOT" = true ] ; then
567 APT_INCLUDES="${APT_INCLUDES},parted"
571 APT_INCLUDES="${APT_INCLUDES},parted"
568 fi
572 fi
569
573
570 # Add dbus package, recommended if using systemd
574 # Add dbus package, recommended if using systemd
571 if [ "$ENABLE_DBUS" = true ] ; then
575 if [ "$ENABLE_DBUS" = true ] ; then
572 APT_INCLUDES="${APT_INCLUDES},dbus"
576 APT_INCLUDES="${APT_INCLUDES},dbus"
573 fi
577 fi
574
578
575 # Add iptables IPv4/IPv6 package
579 # Add iptables IPv4/IPv6 package
576 if [ "$ENABLE_IPTABLES" = true ] ; then
580 if [ "$ENABLE_IPTABLES" = true ] ; then
577 APT_INCLUDES="${APT_INCLUDES},iptables,iptables-persistent"
581 APT_INCLUDES="${APT_INCLUDES},iptables,iptables-persistent"
578 fi
582 fi
579 # Add apparmor for KERNEL_SECURITY
583 # Add apparmor for KERNEL_SECURITY
580 if [ "$KERNEL_SECURITY" = true ] ; then
584 if [ "$KERNEL_SECURITY" = true ] ; then
581 APT_INCLUDES="${APT_INCLUDES},apparmor,apparmor-utils,apparmor-profiles,apparmor-profiles-extra,libapparmor-perl"
585 APT_INCLUDES="${APT_INCLUDES},apparmor,apparmor-utils,apparmor-profiles,apparmor-profiles-extra,libapparmor-perl"
582 fi
586 fi
583
587
584 # Add openssh server package
588 # Add openssh server package
585 if [ "$ENABLE_SSHD" = true ] ; then
589 if [ "$ENABLE_SSHD" = true ] ; then
586 APT_INCLUDES="${APT_INCLUDES},openssh-server"
590 APT_INCLUDES="${APT_INCLUDES},openssh-server"
587 fi
591 fi
588
592
589 # Add alsa-utils package
593 # Add alsa-utils package
590 if [ "$ENABLE_SOUND" = true ] ; then
594 if [ "$ENABLE_SOUND" = true ] ; then
591 APT_INCLUDES="${APT_INCLUDES},alsa-utils"
595 APT_INCLUDES="${APT_INCLUDES},alsa-utils"
592 fi
596 fi
593
597
594 # Add rng-tools package
598 # Add rng-tools package
595 if [ "$ENABLE_HWRANDOM" = true ] ; then
599 if [ "$ENABLE_HWRANDOM" = true ] ; then
596 APT_INCLUDES="${APT_INCLUDES},rng-tools"
600 APT_INCLUDES="${APT_INCLUDES},rng-tools"
597 fi
601 fi
598
602
599 # Add fbturbo video driver
603 # Add fbturbo video driver
600 if [ "$ENABLE_FBTURBO" = true ] ; then
604 if [ "$ENABLE_FBTURBO" = true ] ; then
601 # Enable xorg package dependencies
605 # Enable xorg package dependencies
602 ENABLE_XORG=true
606 ENABLE_XORG=true
603 fi
607 fi
604
608
605 # Add user defined window manager package
609 # Add user defined window manager package
606 if [ -n "$ENABLE_WM" ] ; then
610 if [ -n "$ENABLE_WM" ] ; then
607 APT_INCLUDES="${APT_INCLUDES},${ENABLE_WM}"
611 APT_INCLUDES="${APT_INCLUDES},${ENABLE_WM}"
608
612
609 # Enable xorg package dependencies
613 # Enable xorg package dependencies
610 ENABLE_XORG=true
614 ENABLE_XORG=true
611 fi
615 fi
612
616
613 # Add xorg package
617 # Add xorg package
614 if [ "$ENABLE_XORG" = true ] ; then
618 if [ "$ENABLE_XORG" = true ] ; then
615 APT_INCLUDES="${APT_INCLUDES},xorg,dbus-x11"
619 APT_INCLUDES="${APT_INCLUDES},xorg,dbus-x11"
616 fi
620 fi
617
621
618 # Replace selected packages with smaller clones
622 # Replace selected packages with smaller clones
619 if [ "$ENABLE_REDUCE" = true ] ; then
623 if [ "$ENABLE_REDUCE" = true ] ; then
620 # Add levee package instead of vim-tiny
624 # Add levee package instead of vim-tiny
621 if [ "$REDUCE_VIM" = true ] ; then
625 if [ "$REDUCE_VIM" = true ] ; then
622 APT_INCLUDES="$(echo ${APT_INCLUDES} | sed "s/vim-tiny/levee/")"
626 APT_INCLUDES="$(echo ${APT_INCLUDES} | sed "s/vim-tiny/levee/")"
623 fi
627 fi
624
628
625 # Add dropbear package instead of openssh-server
629 # Add dropbear package instead of openssh-server
626 if [ "$REDUCE_SSHD" = true ] ; then
630 if [ "$REDUCE_SSHD" = true ] ; then
627 APT_INCLUDES="$(echo "${APT_INCLUDES}" | sed "s/openssh-server/dropbear/")"
631 APT_INCLUDES="$(echo "${APT_INCLUDES}" | sed "s/openssh-server/dropbear/")"
628 fi
632 fi
629 fi
633 fi
630
634
631 # Configure systemd-sysv exclude to make halt/reboot/shutdown scripts available
635 # Configure systemd-sysv exclude to make halt/reboot/shutdown scripts available
632 if [ "$ENABLE_SYSVINIT" = false ] ; then
636 if [ "$ENABLE_SYSVINIT" = false ] ; then
633 APT_EXCLUDES="--exclude=${APT_EXCLUDES},init,systemd-sysv"
637 APT_EXCLUDES="--exclude=${APT_EXCLUDES},init,systemd-sysv"
634 fi
638 fi
635
639
636 # Configure kernel sources if no KERNELSRC_DIR
640 # Configure kernel sources if no KERNELSRC_DIR
637 if [ "$BUILD_KERNEL" = true ] && [ -z "$KERNELSRC_DIR" ] ; then
641 if [ "$BUILD_KERNEL" = true ] && [ -z "$KERNELSRC_DIR" ] ; then
638 KERNELSRC_CONFIG=true
642 KERNELSRC_CONFIG=true
639 fi
643 fi
640
644
641 # Configure reduced kernel
645 # Configure reduced kernel
642 if [ "$KERNEL_REDUCE" = true ] ; then
646 if [ "$KERNEL_REDUCE" = true ] ; then
643 KERNELSRC_CONFIG=false
647 KERNELSRC_CONFIG=false
644 fi
648 fi
645
649
646 # Configure qemu compatible kernel
650 # Configure qemu compatible kernel
647 if [ "$ENABLE_QEMU" = true ] ; then
651 if [ "$ENABLE_QEMU" = true ] ; then
648 DTB_FILE=vexpress-v2p-ca15_a7.dtb
652 DTB_FILE=vexpress-v2p-ca15_a7.dtb
649 UBOOT_CONFIG=vexpress_ca15_tc2_defconfig
653 UBOOT_CONFIG=vexpress_ca15_tc2_defconfig
650 KERNEL_DEFCONFIG="vexpress_defconfig"
654 KERNEL_DEFCONFIG="vexpress_defconfig"
651 if [ "$KERNEL_MENUCONFIG" = false ] ; then
655 if [ "$KERNEL_MENUCONFIG" = false ] ; then
652 KERNEL_OLDDEFCONFIG=true
656 KERNEL_OLDDEFCONFIG=true
653 fi
657 fi
654 fi
658 fi
655
659
656 # Execute bootstrap scripts
660 # Execute bootstrap scripts
657 for SCRIPT in bootstrap.d/*.sh; do
661 for SCRIPT in bootstrap.d/*.sh; do
658 head -n 3 "$SCRIPT"
662 head -n 3 "$SCRIPT"
659 . "$SCRIPT"
663 . "$SCRIPT"
660 done
664 done
661
665
662 ## Execute custom bootstrap scripts
666 ## Execute custom bootstrap scripts
663 if [ -d "custom.d" ] ; then
667 if [ -d "custom.d" ] ; then
664 for SCRIPT in custom.d/*.sh; do
668 for SCRIPT in custom.d/*.sh; do
665 . "$SCRIPT"
669 . "$SCRIPT"
666 done
670 done
667 fi
671 fi
668
672
669 # Execute custom scripts inside the chroot
673 # Execute custom scripts inside the chroot
670 if [ -n "$CHROOT_SCRIPTS" ] && [ -d "$CHROOT_SCRIPTS" ] ; then
674 if [ -n "$CHROOT_SCRIPTS" ] && [ -d "$CHROOT_SCRIPTS" ] ; then
671 cp -r "${CHROOT_SCRIPTS}" "${R}/chroot_scripts"
675 cp -r "${CHROOT_SCRIPTS}" "${R}/chroot_scripts"
672 chroot_exec /bin/bash -x <<'EOF'
676 chroot_exec /bin/bash -x <<'EOF'
673 for SCRIPT in /chroot_scripts/* ; do
677 for SCRIPT in /chroot_scripts/* ; do
674 if [ -f $SCRIPT -a -x $SCRIPT ] ; then
678 if [ -f $SCRIPT -a -x $SCRIPT ] ; then
675 $SCRIPT
679 $SCRIPT
676 fi
680 fi
677 done
681 done
678 EOF
682 EOF
679 rm -rf "${R}/chroot_scripts"
683 rm -rf "${R}/chroot_scripts"
680 fi
684 fi
681
685
682 # Remove c/c++ build environment from the chroot
686 # Remove c/c++ build environment from the chroot
683 chroot_remove_cc
687 chroot_remove_cc
684
688
685 # Generate required machine-id
689 # Generate required machine-id
686 MACHINE_ID=$(dbus-uuidgen)
690 MACHINE_ID=$(dbus-uuidgen)
687 echo -n "${MACHINE_ID}" > "${R}/var/lib/dbus/machine-id"
691 echo -n "${MACHINE_ID}" > "${R}/var/lib/dbus/machine-id"
688 echo -n "${MACHINE_ID}" > "${ETC_DIR}/machine-id"
692 echo -n "${MACHINE_ID}" > "${ETC_DIR}/machine-id"
689
693
690 # APT Cleanup
694 # APT Cleanup
691 chroot_exec apt-get -y clean
695 chroot_exec apt-get -y clean
692 chroot_exec apt-get -y autoclean
696 chroot_exec apt-get -y autoclean
693 chroot_exec apt-get -y autoremove
697 chroot_exec apt-get -y autoremove
694
698
695 # Unmount mounted filesystems
699 # Unmount mounted filesystems
696 umount -l "${R}/proc"
700 umount -l "${R}/proc"
697 umount -l "${R}/sys"
701 umount -l "${R}/sys"
698
702
699 # Clean up directories
703 # Clean up directories
700 rm -rf "${R}/run/*"
704 rm -rf "${R}/run/*"
701 rm -rf "${R}/tmp/*"
705 rm -rf "${R}/tmp/*"
702
706
707 # Clean up APT proxy settings
708 if [ "$KEEP_APT_PROXY" = false ] ; then
709 rm -f "${ETC_DIR}/apt/apt.conf.d/10proxy"
710 fi
711
703 # Clean up files
712 # Clean up files
704 rm -f "${ETC_DIR}/ssh/ssh_host_*"
713 rm -f "${ETC_DIR}/ssh/ssh_host_*"
705 rm -f "${ETC_DIR}/dropbear/dropbear_*"
714 rm -f "${ETC_DIR}/dropbear/dropbear_*"
706 rm -f "${ETC_DIR}/apt/sources.list.save"
715 rm -f "${ETC_DIR}/apt/sources.list.save"
707 rm -f "${ETC_DIR}/resolvconf/resolv.conf.d/original"
716 rm -f "${ETC_DIR}/resolvconf/resolv.conf.d/original"
708 rm -f "${ETC_DIR}/*-"
717 rm -f "${ETC_DIR}/*-"
709 rm -f "${ETC_DIR}/apt/apt.conf.d/10proxy"
710 rm -f "${ETC_DIR}/resolv.conf"
718 rm -f "${ETC_DIR}/resolv.conf"
711 rm -f "${R}/root/.bash_history"
719 rm -f "${R}/root/.bash_history"
712 rm -f "${R}/var/lib/urandom/random-seed"
720 rm -f "${R}/var/lib/urandom/random-seed"
713 rm -f "${R}/initrd.img"
721 rm -f "${R}/initrd.img"
714 rm -f "${R}/vmlinuz"
722 rm -f "${R}/vmlinuz"
715 rm -f "${R}${QEMU_BINARY}"
723 rm -f "${R}${QEMU_BINARY}"
716
724
717 if [ "$ENABLE_QEMU" = true ] ; then
725 if [ "$ENABLE_QEMU" = true ] ; then
718 # Setup QEMU directory
726 # Setup QEMU directory
719 mkdir "${BASEDIR}/qemu"
727 mkdir "${BASEDIR}/qemu"
720
728
721 # Copy kernel image to QEMU directory
729 # Copy kernel image to QEMU directory
722 install_readonly "${BOOT_DIR}/${KERNEL_IMAGE}" "${BASEDIR}/qemu/${KERNEL_IMAGE}"
730 install_readonly "${BOOT_DIR}/${KERNEL_IMAGE}" "${BASEDIR}/qemu/${KERNEL_IMAGE}"
723
731
724 # Copy kernel config to QEMU directory
732 # Copy kernel config to QEMU directory
725 install_readonly "${R}/boot/config-${KERNEL_VERSION}" "${BASEDIR}/qemu/config-${KERNEL_VERSION}"
733 install_readonly "${R}/boot/config-${KERNEL_VERSION}" "${BASEDIR}/qemu/config-${KERNEL_VERSION}"
726
734
727 # Copy kernel dtbs to QEMU directory
735 # Copy kernel dtbs to QEMU directory
728 for dtb in "${BOOT_DIR}/"*.dtb ; do
736 for dtb in "${BOOT_DIR}/"*.dtb ; do
729 if [ -f "${dtb}" ] ; then
737 if [ -f "${dtb}" ] ; then
730 install_readonly "${dtb}" "${BASEDIR}/qemu/"
738 install_readonly "${dtb}" "${BASEDIR}/qemu/"
731 fi
739 fi
732 done
740 done
733
741
734 # Copy kernel overlays to QEMU directory
742 # Copy kernel overlays to QEMU directory
735 if [ -d "${BOOT_DIR}/overlays" ] ; then
743 if [ -d "${BOOT_DIR}/overlays" ] ; then
736 # Setup overlays dtbs directory
744 # Setup overlays dtbs directory
737 mkdir "${BASEDIR}/qemu/overlays"
745 mkdir "${BASEDIR}/qemu/overlays"
738
746
739 for dtb in "${BOOT_DIR}/overlays/"*.dtbo ; do
747 for dtb in "${BOOT_DIR}/overlays/"*.dtbo ; do
740 if [ -f "${dtb}" ] ; then
748 if [ -f "${dtb}" ] ; then
741 install_readonly "${dtb}" "${BASEDIR}/qemu/overlays/"
749 install_readonly "${dtb}" "${BASEDIR}/qemu/overlays/"
742 fi
750 fi
743 done
751 done
744 fi
752 fi
745
753
746 # Copy u-boot files to QEMU directory
754 # Copy u-boot files to QEMU directory
747 if [ "$ENABLE_UBOOT" = true ] ; then
755 if [ "$ENABLE_UBOOT" = true ] ; then
748 if [ -f "${BOOT_DIR}/u-boot.bin" ] ; then
756 if [ -f "${BOOT_DIR}/u-boot.bin" ] ; then
749 install_readonly "${BOOT_DIR}/u-boot.bin" "${BASEDIR}/qemu/u-boot.bin"
757 install_readonly "${BOOT_DIR}/u-boot.bin" "${BASEDIR}/qemu/u-boot.bin"
750 fi
758 fi
751 if [ -f "${BOOT_DIR}/uboot.mkimage" ] ; then
759 if [ -f "${BOOT_DIR}/uboot.mkimage" ] ; then
752 install_readonly "${BOOT_DIR}/uboot.mkimage" "${BASEDIR}/qemu/uboot.mkimage"
760 install_readonly "${BOOT_DIR}/uboot.mkimage" "${BASEDIR}/qemu/uboot.mkimage"
753 fi
761 fi
754 if [ -f "${BOOT_DIR}/boot.scr" ] ; then
762 if [ -f "${BOOT_DIR}/boot.scr" ] ; then
755 install_readonly "${BOOT_DIR}/boot.scr" "${BASEDIR}/qemu/boot.scr"
763 install_readonly "${BOOT_DIR}/boot.scr" "${BASEDIR}/qemu/boot.scr"
756 fi
764 fi
757 fi
765 fi
758
766
759 # Copy initramfs to QEMU directory
767 # Copy initramfs to QEMU directory
760 if [ -f "${BOOT_DIR}/initramfs-${KERNEL_VERSION}" ] ; then
768 if [ -f "${BOOT_DIR}/initramfs-${KERNEL_VERSION}" ] ; then
761 install_readonly "${BOOT_DIR}/initramfs-${KERNEL_VERSION}" "${BASEDIR}/qemu/initramfs-${KERNEL_VERSION}"
769 install_readonly "${BOOT_DIR}/initramfs-${KERNEL_VERSION}" "${BASEDIR}/qemu/initramfs-${KERNEL_VERSION}"
762 fi
770 fi
763 fi
771 fi
764
772
765 # Calculate size of the chroot directory in KB
773 # Calculate size of the chroot directory in KB
766 CHROOT_SIZE=$(expr "$(du -s "${R}" | awk '{ print $1 }')")
774 CHROOT_SIZE=$(expr "$(du -s "${R}" | awk '{ print $1 }')")
767
775
768 # Calculate the amount of needed 512 Byte sectors
776 # Calculate the amount of needed 512 Byte sectors
769 TABLE_SECTORS=$(expr 1 \* 1024 \* 1024 \/ 512)
777 TABLE_SECTORS=$(expr 1 \* 1024 \* 1024 \/ 512)
770 FRMW_SECTORS=$(expr 64 \* 1024 \* 1024 \/ 512)
778 FRMW_SECTORS=$(expr 64 \* 1024 \* 1024 \/ 512)
771 ROOT_OFFSET=$(expr "${TABLE_SECTORS}" + "${FRMW_SECTORS}")
779 ROOT_OFFSET=$(expr "${TABLE_SECTORS}" + "${FRMW_SECTORS}")
772
780
773 # The root partition is EXT4
781 # The root partition is EXT4
774 # This means more space than the actual used space of the chroot is used.
782 # This means more space than the actual used space of the chroot is used.
775 # As overhead for journaling and reserved blocks 35% are added.
783 # As overhead for journaling and reserved blocks 35% are added.
776 ROOT_SECTORS=$(expr "$(expr "${CHROOT_SIZE}" + "${CHROOT_SIZE}" \/ 100 \* 35)" \* 1024 \/ 512)
784 ROOT_SECTORS=$(expr "$(expr "${CHROOT_SIZE}" + "${CHROOT_SIZE}" \/ 100 \* 35)" \* 1024 \/ 512)
777
785
778 # Calculate required image size in 512 Byte sectors
786 # Calculate required image size in 512 Byte sectors
779 IMAGE_SECTORS=$(expr "${TABLE_SECTORS}" + "${FRMW_SECTORS}" + "${ROOT_SECTORS}")
787 IMAGE_SECTORS=$(expr "${TABLE_SECTORS}" + "${FRMW_SECTORS}" + "${ROOT_SECTORS}")
780
788
781 # Prepare image file
789 # Prepare image file
782 if [ "$ENABLE_SPLITFS" = true ] ; then
790 if [ "$ENABLE_SPLITFS" = true ] ; then
783 dd if=/dev/zero of="$IMAGE_NAME-frmw.img" bs=512 count="${TABLE_SECTORS}"
791 dd if=/dev/zero of="$IMAGE_NAME-frmw.img" bs=512 count="${TABLE_SECTORS}"
784 dd if=/dev/zero of="$IMAGE_NAME-frmw.img" bs=512 count=0 seek="${FRMW_SECTORS}"
792 dd if=/dev/zero of="$IMAGE_NAME-frmw.img" bs=512 count=0 seek="${FRMW_SECTORS}"
785 dd if=/dev/zero of="$IMAGE_NAME-root.img" bs=512 count="${TABLE_SECTORS}"
793 dd if=/dev/zero of="$IMAGE_NAME-root.img" bs=512 count="${TABLE_SECTORS}"
786 dd if=/dev/zero of="$IMAGE_NAME-root.img" bs=512 count=0 seek="${ROOT_SECTORS}"
794 dd if=/dev/zero of="$IMAGE_NAME-root.img" bs=512 count=0 seek="${ROOT_SECTORS}"
787
795
788 # Write firmware/boot partition tables
796 # Write firmware/boot partition tables
789 sfdisk -q -L -uS -f "$IMAGE_NAME-frmw.img" 2> /dev/null <<EOM
797 sfdisk -q -L -uS -f "$IMAGE_NAME-frmw.img" 2> /dev/null <<EOM
790 ${TABLE_SECTORS},${FRMW_SECTORS},c,*
798 ${TABLE_SECTORS},${FRMW_SECTORS},c,*
791 EOM
799 EOM
792
800
793 # Write root partition table
801 # Write root partition table
794 sfdisk -q -L -uS -f "$IMAGE_NAME-root.img" 2> /dev/null <<EOM
802 sfdisk -q -L -uS -f "$IMAGE_NAME-root.img" 2> /dev/null <<EOM
795 ${TABLE_SECTORS},${ROOT_SECTORS},83
803 ${TABLE_SECTORS},${ROOT_SECTORS},83
796 EOM
804 EOM
797
805
798 # Setup temporary loop devices
806 # Setup temporary loop devices
799 FRMW_LOOP="$(losetup -o 1M --sizelimit 64M -f --show "$IMAGE_NAME"-frmw.img)"
807 FRMW_LOOP="$(losetup -o 1M --sizelimit 64M -f --show "$IMAGE_NAME"-frmw.img)"
800 ROOT_LOOP="$(losetup -o 1M -f --show "$IMAGE_NAME"-root.img)"
808 ROOT_LOOP="$(losetup -o 1M -f --show "$IMAGE_NAME"-root.img)"
801 else # ENABLE_SPLITFS=false
809 else # ENABLE_SPLITFS=false
802 dd if=/dev/zero of="$IMAGE_NAME.img" bs=512 count="${TABLE_SECTORS}"
810 dd if=/dev/zero of="$IMAGE_NAME.img" bs=512 count="${TABLE_SECTORS}"
803 dd if=/dev/zero of="$IMAGE_NAME.img" bs=512 count=0 seek="${IMAGE_SECTORS}"
811 dd if=/dev/zero of="$IMAGE_NAME.img" bs=512 count=0 seek="${IMAGE_SECTORS}"
804
812
805 # Write partition table
813 # Write partition table
806 sfdisk -q -L -uS -f "$IMAGE_NAME.img" 2> /dev/null <<EOM
814 sfdisk -q -L -uS -f "$IMAGE_NAME.img" 2> /dev/null <<EOM
807 ${TABLE_SECTORS},${FRMW_SECTORS},c,*
815 ${TABLE_SECTORS},${FRMW_SECTORS},c,*
808 ${ROOT_OFFSET},${ROOT_SECTORS},83
816 ${ROOT_OFFSET},${ROOT_SECTORS},83
809 EOM
817 EOM
810
818
811 # Setup temporary loop devices
819 # Setup temporary loop devices
812 FRMW_LOOP="$(losetup -o 1M --sizelimit 64M -f --show "$IMAGE_NAME".img)"
820 FRMW_LOOP="$(losetup -o 1M --sizelimit 64M -f --show "$IMAGE_NAME".img)"
813 ROOT_LOOP="$(losetup -o 65M -f --show "$IMAGE_NAME".img)"
821 ROOT_LOOP="$(losetup -o 65M -f --show "$IMAGE_NAME".img)"
814 fi
822 fi
815
823
816 if [ "$ENABLE_CRYPTFS" = true ] ; then
824 if [ "$ENABLE_CRYPTFS" = true ] ; then
817 # Create dummy ext4 fs
825 # Create dummy ext4 fs
818 mkfs.ext4 "$ROOT_LOOP"
826 mkfs.ext4 "$ROOT_LOOP"
819
827
820 # Setup password keyfile
828 # Setup password keyfile
821 touch .password
829 touch .password
822 chmod 600 .password
830 chmod 600 .password
823 echo -n ${CRYPTFS_PASSWORD} > .password
831 echo -n ${CRYPTFS_PASSWORD} > .password
824
832
825 # Initialize encrypted partition
833 # Initialize encrypted partition
826 echo "YES" | cryptsetup luksFormat "${ROOT_LOOP}" -c "${CRYPTFS_CIPHER}" -s "${CRYPTFS_XTSKEYSIZE}" .password
834 echo "YES" | cryptsetup luksFormat "${ROOT_LOOP}" -c "${CRYPTFS_CIPHER}" -s "${CRYPTFS_XTSKEYSIZE}" .password
827
835
828 # Open encrypted partition and setup mapping
836 # Open encrypted partition and setup mapping
829 cryptsetup luksOpen "${ROOT_LOOP}" -d .password "${CRYPTFS_MAPPING}"
837 cryptsetup luksOpen "${ROOT_LOOP}" -d .password "${CRYPTFS_MAPPING}"
830
838
831 # Secure delete password keyfile
839 # Secure delete password keyfile
832 shred -zu .password
840 shred -zu .password
833
841
834 # Update temporary loop device
842 # Update temporary loop device
835 ROOT_LOOP="/dev/mapper/${CRYPTFS_MAPPING}"
843 ROOT_LOOP="/dev/mapper/${CRYPTFS_MAPPING}"
836
844
837 # Wipe encrypted partition (encryption cipher is used for randomness)
845 # Wipe encrypted partition (encryption cipher is used for randomness)
838 dd if=/dev/zero of="${ROOT_LOOP}" bs=512 count="$(blockdev --getsz "${ROOT_LOOP}")"
846 dd if=/dev/zero of="${ROOT_LOOP}" bs=512 count="$(blockdev --getsz "${ROOT_LOOP}")"
839 fi
847 fi
840
848
841 # Build filesystems
849 # Build filesystems
842 mkfs.vfat "$FRMW_LOOP"
850 mkfs.vfat "$FRMW_LOOP"
843 mkfs.ext4 "$ROOT_LOOP"
851 mkfs.ext4 "$ROOT_LOOP"
844
852
845 # Mount the temporary loop devices
853 # Mount the temporary loop devices
846 mkdir -p "$BUILDDIR/mount"
854 mkdir -p "$BUILDDIR/mount"
847 mount "$ROOT_LOOP" "$BUILDDIR/mount"
855 mount "$ROOT_LOOP" "$BUILDDIR/mount"
848
856
849 mkdir -p "$BUILDDIR/mount/boot/firmware"
857 mkdir -p "$BUILDDIR/mount/boot/firmware"
850 mount "$FRMW_LOOP" "$BUILDDIR/mount/boot/firmware"
858 mount "$FRMW_LOOP" "$BUILDDIR/mount/boot/firmware"
851
859
852 # Copy all files from the chroot to the loop device mount point directory
860 # Copy all files from the chroot to the loop device mount point directory
853 rsync -a "${R}/" "$BUILDDIR/mount/"
861 rsync -a "${R}/" "$BUILDDIR/mount/"
854
862
855 # Unmount all temporary loop devices and mount points
863 # Unmount all temporary loop devices and mount points
856 cleanup
864 cleanup
857
865
858 # Create block map file(s) of image(s)
866 # Create block map file(s) of image(s)
859 if [ "$ENABLE_SPLITFS" = true ] ; then
867 if [ "$ENABLE_SPLITFS" = true ] ; then
860 # Create block map files for "bmaptool"
868 # Create block map files for "bmaptool"
861 bmaptool create -o "$IMAGE_NAME-frmw.bmap" "$IMAGE_NAME-frmw.img"
869 bmaptool create -o "$IMAGE_NAME-frmw.bmap" "$IMAGE_NAME-frmw.img"
862 bmaptool create -o "$IMAGE_NAME-root.bmap" "$IMAGE_NAME-root.img"
870 bmaptool create -o "$IMAGE_NAME-root.bmap" "$IMAGE_NAME-root.img"
863
871
864 # Image was successfully created
872 # Image was successfully created
865 echo "$IMAGE_NAME-frmw.img ($(expr \( "${TABLE_SECTORS}" + "${FRMW_SECTORS}" \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
873 echo "$IMAGE_NAME-frmw.img ($(expr \( "${TABLE_SECTORS}" + "${FRMW_SECTORS}" \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
866 echo "$IMAGE_NAME-root.img ($(expr \( "${TABLE_SECTORS}" + "${ROOT_SECTORS}" \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
874 echo "$IMAGE_NAME-root.img ($(expr \( "${TABLE_SECTORS}" + "${ROOT_SECTORS}" \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
867 else
875 else
868 # Create block map file for "bmaptool"
876 # Create block map file for "bmaptool"
869 bmaptool create -o "$IMAGE_NAME.bmap" "$IMAGE_NAME.img"
877 bmaptool create -o "$IMAGE_NAME.bmap" "$IMAGE_NAME.img"
870
878
871 # Image was successfully created
879 # Image was successfully created
872 echo "$IMAGE_NAME.img ($(expr \( "${TABLE_SECTORS}" + "${FRMW_SECTORS}" + "${ROOT_SECTORS}" \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
880 echo "$IMAGE_NAME.img ($(expr \( "${TABLE_SECTORS}" + "${FRMW_SECTORS}" + "${ROOT_SECTORS}" \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
873
881
874 # Create qemu qcow2 image
882 # Create qemu qcow2 image
875 if [ "$ENABLE_QEMU" = true ] ; then
883 if [ "$ENABLE_QEMU" = true ] ; then
876 QEMU_IMAGE=${QEMU_IMAGE:=${BASEDIR}/qemu/${DATE}-${KERNEL_ARCH}-CURRENT-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}}
884 QEMU_IMAGE=${QEMU_IMAGE:=${BASEDIR}/qemu/${DATE}-${KERNEL_ARCH}-CURRENT-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}}
877 QEMU_SIZE=16G
885 QEMU_SIZE=16G
878
886
879 qemu-img convert -f raw -O qcow2 "$IMAGE_NAME".img "$QEMU_IMAGE".qcow2
887 qemu-img convert -f raw -O qcow2 "$IMAGE_NAME".img "$QEMU_IMAGE".qcow2
880 qemu-img resize "$QEMU_IMAGE".qcow2 $QEMU_SIZE
888 qemu-img resize "$QEMU_IMAGE".qcow2 $QEMU_SIZE
881
889
882 echo "$QEMU_IMAGE.qcow2 ($QEMU_SIZE)" ": successfully created"
890 echo "$QEMU_IMAGE.qcow2 ($QEMU_SIZE)" ": successfully created"
883 fi
891 fi
884 fi
892 fi
General Comments 0
Vous devez vous connecter pour laisser un commentaire. Se connecter maintenant