##// END OF EJS Templates
rebase master testing
Unknown -
r574:5a07e0ab6bd8
parent child
Show More
@@ -42,12 +42,15 CONFIG_TEMPLATE=rpi2stretch ./rpi23-gen-image.sh
42 42
43 43 ## Supported parameters and settings
44 44 #### APT settings:
45 ##### `APT_SERVER`="ftp.debian.org/debian"
45 ##### `APT_SERVER`="ftp.debian.org"
46 46 Set Debian packages server address. Choose a server from the list of Debian worldwide [mirror sites](https://www.debian.org/mirror/list). Using a nearby server will probably speed-up all required downloads within the bootstrapping process.
47 47
48 48 ##### `APT_PROXY`=""
49 49 Set Proxy server address. Using a local Proxy-Cache like `apt-cacher-ng` will speed-up the bootstrapping process because all required Debian packages will only be downloaded from the Debian mirror site once. If `apt-cacher-ng` is running on default `http://127.0.0.1:3142` it is autodetected and you don't need to set this.
50 50
51 ##### `KEEP_APT_PROXY`=false
52 Keep the APT_PROXY settings used in the bootsrapping process in the generated image.
53
51 54 ##### `APT_INCLUDES`=""
52 55 A comma-separated list of additional packages to be installed by debootstrap during bootstrapping.
53 56
@@ -270,6 +273,15 Create an initramfs that that will be loaded during the Linux startup process. `
270 273 ##### `ENABLE_IFNAMES`=true
271 274 Enable automatic assignment of predictable, stable network interface names for all local Ethernet, WLAN interfaces. This might create complex and long interface names.
272 275
276 ##### `ENABLE_SPLASH`=true
277 Enable default Raspberry Pi boot up rainbow splash screen.
278
279 ##### `ENABLE_LOGO`=true
280 Enable default Raspberry Pi console logo (image of four raspberries in the top left corner).
281
282 ##### `ENABLE_SILENT_BOOT`=false
283 Set the verbosity of console messages shown during boot up to a strict minimum.
284
273 285 ##### `DISABLE_UNDERVOLT_WARNINGS`=
274 286 Disable RPi2/3 under-voltage warnings and overlays. Setting the parameter to `1` will disable the warning overlay. Setting it to `2` will additionally allow RPi2/3 turbo mode when low-voltage is present.
275 287
@@ -99,8 +99,8 if [ "$BUILD_KERNEL" = true ] ; then
99 99 cd "${KERNEL_DIR}" || exit
100 100
101 101 if [ "$KERNEL_ARCH" = arm64 ] ; then
102 #Fix SD_DRIVER mess in 64bit config
103 # use correct driver MMC_BCM2835_MMC instead of MMC_BCM2835_SDHOST - variable naming is bs
102 #Fix SD_DRIVER upstream and downstream mess in 64bit RPIdeb_config
103 # use correct driver MMC_BCM2835_MMC instead of MMC_BCM2835_SDHOST - see https://www.raspberrypi.org/forums/viewtopic.php?t=210225
104 104 set_kernel_config CONFIG_MMC_BCM2835 n
105 105 set_kernel_config CONFIG_MMC_SDHCI_IPROC n
106 106 set_kernel_config CONFIG_USB_DWC2 n
@@ -198,7 +198,6 if [ "$BUILD_KERNEL" = true ] ; then
198 198 set_kernel_config CONFIG_INTEGRITY_AUDIT y
199 199 set_kernel_config CONFIG_INTEGRITY_SIGNATURE y
200 200 set_kernel_config CONFIG_INTEGRITY_TRUSTED_KEYRING y
201 set_kernel_config CONFIG_SYSTEM_TRUSTED_KEYS ""
202 201
203 202 # This option provides support for retaining authentication tokens and access keys in the kernel.
204 203 set_kernel_config CONFIG_KEYS y
@@ -21,11 +21,6 if [ "$ENABLE_CRYPTFS" = true ] ; then
21 21 # Add encrypted partition to crypttab and fstab
22 22 install_readonly files/mount/crypttab "${ETC_DIR}/crypttab"
23 23 echo "${CRYPTFS_MAPPING} /dev/mmcblk0p2 none luks,initramfs" >> "${ETC_DIR}/crypttab"
24
25 if [ "$ENABLE_USBBOOT" = true ] ; then
26 # Add usb/sda2 disk to crypttab
27 sed -i "s/mmcblk0p2/sda2/" "${ETC_DIR}/crypttab"
28 fi
29 24
30 25 if [ "$ENABLE_SPLITFS" = true ] ; then
31 26 # Add usb/sda1 disk to crypttab
@@ -36,6 +31,9 fi
36 31 if [ "$ENABLE_USBBOOT" = true ] ; then
37 32 sed -i "s/mmcblk0p1/sda1/" "${ETC_DIR}/fstab"
38 33 sed -i "s/mmcblk0p2/sda2/" "${ETC_DIR}/fstab"
34
35 # Add usb/sda2 disk to crypttab
36 sed -i "s/mmcblk0p2/sda2/" "${ETC_DIR}/crypttab"
39 37 fi
40 38
41 39 # Generate initramfs file
@@ -102,9 +102,24 else
102 102 CMDLINE="${CMDLINE} net.ifnames=1"
103 103 fi
104 104
105 # Disable Raspberry Pi console logo
106 if [ "$ENABLE_LOGO" = false ] ; then
107 CMDLINE="${CMDLINE} logo.nologo"
108 fi
109
110 # Strictly limit verbosity of boot up console messages
111 if [ "$ENABLE_SILENT_BOOT" = true ] ; then
112 CMDLINE="${CMDLINE} quiet loglevel=0 rd.systemd.show_status=auto rd.udev.log_priority=0"
113 fi
114
105 115 # Install firmware config
106 116 install_readonly files/boot/config.txt "${BOOT_DIR}/config.txt"
107 117
118 # Disable Raspberry Pi console logo
119 if [ "$ENABLE_SLASH" = false ] ; then
120 echo "disable_splash=1" >> "${BOOT_DIR}/config.txt"
121 fi
122
108 123 # Locks CPU frequency at maximum
109 124 if [ "$ENABLE_TURBO" = true ] ; then
110 125 echo "force_turbo=1" >> "${BOOT_DIR}/config.txt"
@@ -158,7 +173,7 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then
158 173 if [ "$ENABLE_MINIUART_OVERLAY" = true ] ; then
159 174 # set overlay to swap ttyAMA0 and ttyS0
160 175 echo "dtoverlay=pi3-miniuart-bt" >> "${BOOT_DIR}/config.txt"
161
176
162 177 if [ "$ENABLE_TURBO" = false ] ; then
163 178 echo "core_freq=250" >> "${BOOT_DIR}/config.txt"
164 179 fi
@@ -29,9 +29,10 if [ "$ENABLE_IPTABLES" = true ] ; then
29 29
30 30 if [ "$ENABLE_IPV6" = true ] ; then
31 31 if [ "$KERNEL_NF" = false ] ; then
32 # iptables-save and -restore are slaves of iptables and thus are set accordingly
33 chroot_exec update-alternatives --verbose --set ip6tables /usr/sbin/ip6tables-legacy
32 # iptables-save and -restore are slaves of iptables and thus are set accordingly
33 chroot_exec update-alternatives --verbose --set ip6tables /usr/sbin/ip6tables-legacy
34 34 fi
35
35 36 # Install ip6tables systemd service
36 37 install_readonly files/iptables/ip6tables.service "${ETC_DIR}/systemd/system/ip6tables.service"
37 38
@@ -1,4 +1,3
1 #!/bin/sh
2 1 # This file contains utility functions used by rpi23-gen-image.sh
3 2
4 3 cleanup (){
@@ -87,6 +86,16 chroot_remove_cc() {
87 86 COMPILER_PACKAGES=""
88 87 fi
89 88 }
89
90 # https://serverfault.com/a/682849 - converts e.g. /24 to 255.255.255.0
91 cdr2mask ()
92 {
93 # Number of args to shift, 255..255, first non-255 byte, zeroes
94 set -- $(( 5 - ($1 / 8) )) 255 255 255 255 $(( (255 << (8 - ($1 % 8))) & 255 )) 0 0 0
95 [ $1 -gt 1 ] && shift $1 || shift
96 echo ${1-0}.${2-0}.${3-0}.${4-0}
97 }
98
90 99 # GPL v2.0 - #https://github.com/sakaki-/bcmrpi3-kernel-bis/blob/master/conform_config.sh
91 100 set_kernel_config() {
92 101 # flag as $1, value to set as $2, config must exist at "./.config"
@@ -98,18 +107,10 set_kernel_config() {
98 107 echo "${TGT}"="${2}" >> .config
99 108 fi
100 109 }
110
101 111 # unset kernel config parameter
102 112 unset_kernel_config() {
103 113 # unsets flag with the value of $1, config must exist at "./.config"
104 114 TGT="CONFIG_${1#CONFIG_}"
105 115 sed -i "s/^${TGT}=.*/# ${TGT} is not set/" .config
106 }
107
108 # https://serverfault.com/a/682849 - converts e.g. /24 to 255.255.255.0
109 cdr2mask ()
110 {
111 # Number of args to shift, 255..255, first non-255 byte, zeroes
112 set -- $(( 5 - ($1 / 8) )) 255 255 255 255 $(( (255 << (8 - ($1 % 8))) & 255 )) 0 0 0
113 [ $1 -gt 1 ] && shift $1 || shift
114 echo ${1-0}.${2-0}.${3-0}.${4-0}
115 116 } No newline at end of file
@@ -60,7 +60,6 BLUETOOTH_URL=${BLUETOOTH_URL:=https://github.com/RPi-Distro/pi-bluetooth.git}
60 60 NEXMON_URL=${NEXMON_URL:=https://github.com/seemoo-lab/nexmon.git}
61 61 SYSTEMDSWAP_URL=${SYSTEMDSWAP_URL:=https://github.com/Nefelim4ag/systemd-swap.git}
62 62
63
64 63 # Kernel deb packages for 32bit kernel
65 64 RPI_32_KERNEL_URL=${RPI_32_KERNEL_URL:=https://github.com/hypriot/rpi-kernel/releases/download/v4.14.34/raspberrypi-kernel_20180422-141901_armhf.deb}
66 65 RPI_32_KERNELHEADER_URL=${RPI_32_KERNELHEADER_URL:=https://github.com/hypriot/rpi-kernel/releases/download/v4.14.34/raspberrypi-kernel-headers_20180422-141901_armhf.deb}
@@ -120,6 +119,7 NET_NTP_2=${NET_NTP_2:=""}
120 119 # APT settings
121 120 APT_PROXY=${APT_PROXY:=""}
122 121 APT_SERVER=${APT_SERVER:="ftp.debian.org"}
122 KEEP_APT_PROXY=${KEEP_APT_PROXY:=false}
123 123
124 124 # Feature settings
125 125 ENABLE_PRINTK=${ENABLE_PRINTK:=false}
@@ -171,6 +171,9 ENABLE_IPTABLES=${ENABLE_IPTABLES:=false}
171 171 ENABLE_SPLITFS=${ENABLE_SPLITFS:=false}
172 172 ENABLE_INITRAMFS=${ENABLE_INITRAMFS:=false}
173 173 ENABLE_IFNAMES=${ENABLE_IFNAMES:=true}
174 ENABLE_SPLASH=${ENABLE_SPLASH:=true}
175 ENABLE_LOGO=${ENABLE_LOGO:=true}
176 ENABLE_SILENT_BOOT=${ENABLE_SILENT_BOOT=false}
174 177 DISABLE_UNDERVOLT_WARNINGS=${DISABLE_UNDERVOLT_WARNINGS:=}
175 178
176 179 # Kernel compilation settings
@@ -227,7 +230,8 APT_INCLUDES="${APT_INCLUDES},apt-transport-https,apt-utils,ca-certificates,debi
227 230 APT_EXCLUDES=${APT_EXCLUDES:=""}
228 231
229 232 # Packages required for bootstrapping
230 REQUIRED_PACKAGES="debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git bc psmisc dbus sudo netselect-apt"
233 REQUIRED_PACKAGES="debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git bc psmisc dbus sudo"
234 #Requierd=netselect-apt
231 235 MISSING_PACKAGES=""
232 236
233 237 # Packages installed for c/c++ build environment in chroot (keep empty)
@@ -700,13 +704,17 umount -l "${R}/sys"
700 704 rm -rf "${R}/run/*"
701 705 rm -rf "${R}/tmp/*"
702 706
707 # Clean up APT proxy settings
708 if [ "$KEEP_APT_PROXY" = false ] ; then
709 rm -f "${ETC_DIR}/apt/apt.conf.d/10proxy"
710 fi
711
703 712 # Clean up files
704 713 rm -f "${ETC_DIR}/ssh/ssh_host_*"
705 714 rm -f "${ETC_DIR}/dropbear/dropbear_*"
706 715 rm -f "${ETC_DIR}/apt/sources.list.save"
707 716 rm -f "${ETC_DIR}/resolvconf/resolv.conf.d/original"
708 717 rm -f "${ETC_DIR}/*-"
709 rm -f "${ETC_DIR}/apt/apt.conf.d/10proxy"
710 718 rm -f "${ETC_DIR}/resolv.conf"
711 719 rm -f "${R}/root/.bash_history"
712 720 rm -f "${R}/var/lib/urandom/random-seed"
General Comments 0
Vous devez vous connecter pour laisser un commentaire. Se connecter maintenant