| @@ -42,12 +42,15 CONFIG_TEMPLATE=rpi2stretch ./rpi23-gen-image.sh | |||
|
|
42 | 42 | |
|
|
43 | 43 | ## Supported parameters and settings |
|
|
44 | 44 | #### APT settings: |
|
|
45 |
##### `APT_SERVER`="ftp.debian.org |
|
|
|
45 | ##### `APT_SERVER`="ftp.debian.org" | |
|
|
46 | 46 | Set Debian packages server address. Choose a server from the list of Debian worldwide [mirror sites](https://www.debian.org/mirror/list). Using a nearby server will probably speed-up all required downloads within the bootstrapping process. |
|
|
47 | 47 | |
|
|
48 | 48 | ##### `APT_PROXY`="" |
|
|
49 | 49 | Set Proxy server address. Using a local Proxy-Cache like `apt-cacher-ng` will speed-up the bootstrapping process because all required Debian packages will only be downloaded from the Debian mirror site once. If `apt-cacher-ng` is running on default `http://127.0.0.1:3142` it is autodetected and you don't need to set this. |
|
|
50 | 50 | |
|
|
51 | ##### `KEEP_APT_PROXY`=false | |
|
|
52 | Keep the APT_PROXY settings used in the bootsrapping process in the generated image. | |
|
|
53 | ||
|
|
51 | 54 | ##### `APT_INCLUDES`="" |
|
|
52 | 55 | A comma-separated list of additional packages to be installed by debootstrap during bootstrapping. |
|
|
53 | 56 | |
| @@ -270,6 +273,15 Create an initramfs that that will be loaded during the Linux startup process. ` | |||
|
|
270 | 273 | ##### `ENABLE_IFNAMES`=true |
|
|
271 | 274 | Enable automatic assignment of predictable, stable network interface names for all local Ethernet, WLAN interfaces. This might create complex and long interface names. |
|
|
272 | 275 | |
|
|
276 | ##### `ENABLE_SPLASH`=true | |
|
|
277 | Enable default Raspberry Pi boot up rainbow splash screen. | |
|
|
278 | ||
|
|
279 | ##### `ENABLE_LOGO`=true | |
|
|
280 | Enable default Raspberry Pi console logo (image of four raspberries in the top left corner). | |
|
|
281 | ||
|
|
282 | ##### `ENABLE_SILENT_BOOT`=false | |
|
|
283 | Set the verbosity of console messages shown during boot up to a strict minimum. | |
|
|
284 | ||
|
|
273 | 285 | ##### `DISABLE_UNDERVOLT_WARNINGS`= |
|
|
274 | 286 | Disable RPi2/3 under-voltage warnings and overlays. Setting the parameter to `1` will disable the warning overlay. Setting it to `2` will additionally allow RPi2/3 turbo mode when low-voltage is present. |
|
|
275 | 287 | |
| @@ -99,8 +99,8 if [ "$BUILD_KERNEL" = true ] ; then | |||
|
|
99 | 99 | cd "${KERNEL_DIR}" || exit |
|
|
100 | 100 | |
|
|
101 | 101 | if [ "$KERNEL_ARCH" = arm64 ] ; then |
|
|
102 | #Fix SD_DRIVER mess in 64bit config | |
|
|
103 |
# use correct driver MMC_BCM2835_MMC instead of MMC_BCM2835_SDHOST - |
|
|
|
102 | #Fix SD_DRIVER upstream and downstream mess in 64bit RPIdeb_config | |
|
|
103 | # use correct driver MMC_BCM2835_MMC instead of MMC_BCM2835_SDHOST - see https://www.raspberrypi.org/forums/viewtopic.php?t=210225 | |
|
|
104 | 104 | set_kernel_config CONFIG_MMC_BCM2835 n |
|
|
105 | 105 | set_kernel_config CONFIG_MMC_SDHCI_IPROC n |
|
|
106 | 106 | set_kernel_config CONFIG_USB_DWC2 n |
| @@ -198,7 +198,6 if [ "$BUILD_KERNEL" = true ] ; then | |||
|
|
198 | 198 | set_kernel_config CONFIG_INTEGRITY_AUDIT y |
|
|
199 | 199 | set_kernel_config CONFIG_INTEGRITY_SIGNATURE y |
|
|
200 | 200 | set_kernel_config CONFIG_INTEGRITY_TRUSTED_KEYRING y |
|
|
201 | set_kernel_config CONFIG_SYSTEM_TRUSTED_KEYS "" | |
|
|
202 | 201 | |
|
|
203 | 202 | # This option provides support for retaining authentication tokens and access keys in the kernel. |
|
|
204 | 203 | set_kernel_config CONFIG_KEYS y |
| @@ -21,11 +21,6 if [ "$ENABLE_CRYPTFS" = true ] ; then | |||
|
|
21 | 21 | # Add encrypted partition to crypttab and fstab |
|
|
22 | 22 | install_readonly files/mount/crypttab "${ETC_DIR}/crypttab" |
|
|
23 | 23 | echo "${CRYPTFS_MAPPING} /dev/mmcblk0p2 none luks,initramfs" >> "${ETC_DIR}/crypttab" |
|
|
24 | ||
|
|
25 | if [ "$ENABLE_USBBOOT" = true ] ; then | |
|
|
26 | # Add usb/sda2 disk to crypttab | |
|
|
27 | sed -i "s/mmcblk0p2/sda2/" "${ETC_DIR}/crypttab" | |
|
|
28 | fi | |
|
|
29 | 24 | |
|
|
30 | 25 | if [ "$ENABLE_SPLITFS" = true ] ; then |
|
|
31 | 26 | # Add usb/sda1 disk to crypttab |
| @@ -36,6 +31,9 fi | |||
|
|
36 | 31 | if [ "$ENABLE_USBBOOT" = true ] ; then |
|
|
37 | 32 | sed -i "s/mmcblk0p1/sda1/" "${ETC_DIR}/fstab" |
|
|
38 | 33 | sed -i "s/mmcblk0p2/sda2/" "${ETC_DIR}/fstab" |
|
|
34 | ||
|
|
35 | # Add usb/sda2 disk to crypttab | |
|
|
36 | sed -i "s/mmcblk0p2/sda2/" "${ETC_DIR}/crypttab" | |
|
|
39 | 37 | fi |
|
|
40 | 38 | |
|
|
41 | 39 | # Generate initramfs file |
| @@ -102,9 +102,24 else | |||
|
|
102 | 102 | CMDLINE="${CMDLINE} net.ifnames=1" |
|
|
103 | 103 | fi |
|
|
104 | 104 | |
|
|
105 | # Disable Raspberry Pi console logo | |
|
|
106 | if [ "$ENABLE_LOGO" = false ] ; then | |
|
|
107 | CMDLINE="${CMDLINE} logo.nologo" | |
|
|
108 | fi | |
|
|
109 | ||
|
|
110 | # Strictly limit verbosity of boot up console messages | |
|
|
111 | if [ "$ENABLE_SILENT_BOOT" = true ] ; then | |
|
|
112 | CMDLINE="${CMDLINE} quiet loglevel=0 rd.systemd.show_status=auto rd.udev.log_priority=0" | |
|
|
113 | fi | |
|
|
114 | ||
|
|
105 | 115 | # Install firmware config |
|
|
106 | 116 | install_readonly files/boot/config.txt "${BOOT_DIR}/config.txt" |
|
|
107 | 117 | |
|
|
118 | # Disable Raspberry Pi console logo | |
|
|
119 | if [ "$ENABLE_SLASH" = false ] ; then | |
|
|
120 | echo "disable_splash=1" >> "${BOOT_DIR}/config.txt" | |
|
|
121 | fi | |
|
|
122 | ||
|
|
108 | 123 | # Locks CPU frequency at maximum |
|
|
109 | 124 | if [ "$ENABLE_TURBO" = true ] ; then |
|
|
110 | 125 | echo "force_turbo=1" >> "${BOOT_DIR}/config.txt" |
| @@ -158,7 +173,7 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then | |||
|
|
158 | 173 | if [ "$ENABLE_MINIUART_OVERLAY" = true ] ; then |
|
|
159 | 174 | # set overlay to swap ttyAMA0 and ttyS0 |
|
|
160 | 175 | echo "dtoverlay=pi3-miniuart-bt" >> "${BOOT_DIR}/config.txt" |
|
|
161 | ||
|
|
176 | ||
|
|
162 | 177 | if [ "$ENABLE_TURBO" = false ] ; then |
|
|
163 | 178 | echo "core_freq=250" >> "${BOOT_DIR}/config.txt" |
|
|
164 | 179 | fi |
| @@ -29,9 +29,10 if [ "$ENABLE_IPTABLES" = true ] ; then | |||
|
|
29 | 29 | |
|
|
30 | 30 | if [ "$ENABLE_IPV6" = true ] ; then |
|
|
31 | 31 | if [ "$KERNEL_NF" = false ] ; then |
|
|
32 | # iptables-save and -restore are slaves of iptables and thus are set accordingly | |
|
|
33 | chroot_exec update-alternatives --verbose --set ip6tables /usr/sbin/ip6tables-legacy | |
|
|
32 | # iptables-save and -restore are slaves of iptables and thus are set accordingly | |
|
|
33 | chroot_exec update-alternatives --verbose --set ip6tables /usr/sbin/ip6tables-legacy | |
|
|
34 | 34 | fi |
|
|
35 | ||
|
|
35 | 36 | # Install ip6tables systemd service |
|
|
36 | 37 | install_readonly files/iptables/ip6tables.service "${ETC_DIR}/systemd/system/ip6tables.service" |
|
|
37 | 38 | |
| @@ -1,4 +1,3 | |||
|
|
1 | #!/bin/sh | |
|
|
2 | 1 |
|
|
|
3 | 2 | |
|
|
4 | 3 | cleanup (){ |
| @@ -87,6 +86,16 chroot_remove_cc() { | |||
|
|
87 | 86 | COMPILER_PACKAGES="" |
|
|
88 | 87 | fi |
|
|
89 | 88 | } |
|
|
89 | ||
|
|
90 | # https://serverfault.com/a/682849 - converts e.g. /24 to 255.255.255.0 | |
|
|
91 | cdr2mask () | |
|
|
92 | { | |
|
|
93 | # Number of args to shift, 255..255, first non-255 byte, zeroes | |
|
|
94 | set -- $(( 5 - ($1 / 8) )) 255 255 255 255 $(( (255 << (8 - ($1 % 8))) & 255 )) 0 0 0 | |
|
|
95 | [ $1 -gt 1 ] && shift $1 || shift | |
|
|
96 | echo ${1-0}.${2-0}.${3-0}.${4-0} | |
|
|
97 | } | |
|
|
98 | ||
|
|
90 | 99 | # GPL v2.0 - #https://github.com/sakaki-/bcmrpi3-kernel-bis/blob/master/conform_config.sh |
|
|
91 | 100 | set_kernel_config() { |
|
|
92 | 101 | # flag as $1, value to set as $2, config must exist at "./.config" |
| @@ -98,18 +107,10 set_kernel_config() { | |||
|
|
98 | 107 | echo "${TGT}"="${2}" >> .config |
|
|
99 | 108 | fi |
|
|
100 | 109 | } |
|
|
110 | ||
|
|
101 | 111 | # unset kernel config parameter |
|
|
102 | 112 | unset_kernel_config() { |
|
|
103 | 113 | # unsets flag with the value of $1, config must exist at "./.config" |
|
|
104 | 114 | TGT="CONFIG_${1#CONFIG_}" |
|
|
105 | 115 | sed -i "s/^${TGT}=.*/# ${TGT} is not set/" .config |
|
|
106 | } | |
|
|
107 | ||
|
|
108 | # https://serverfault.com/a/682849 - converts e.g. /24 to 255.255.255.0 | |
|
|
109 | cdr2mask () | |
|
|
110 | { | |
|
|
111 | # Number of args to shift, 255..255, first non-255 byte, zeroes | |
|
|
112 | set -- $(( 5 - ($1 / 8) )) 255 255 255 255 $(( (255 << (8 - ($1 % 8))) & 255 )) 0 0 0 | |
|
|
113 | [ $1 -gt 1 ] && shift $1 || shift | |
|
|
114 | echo ${1-0}.${2-0}.${3-0}.${4-0} | |
|
|
115 | 116 | } No newline at end of file |
| @@ -60,7 +60,6 BLUETOOTH_URL=${BLUETOOTH_URL:=https://github.com/RPi-Distro/pi-bluetooth.git} | |||
|
|
60 | 60 | NEXMON_URL=${NEXMON_URL:=https://github.com/seemoo-lab/nexmon.git} |
|
|
61 | 61 | SYSTEMDSWAP_URL=${SYSTEMDSWAP_URL:=https://github.com/Nefelim4ag/systemd-swap.git} |
|
|
62 | 62 | |
|
|
63 | ||
|
|
64 | 63 | # Kernel deb packages for 32bit kernel |
|
|
65 | 64 | RPI_32_KERNEL_URL=${RPI_32_KERNEL_URL:=https://github.com/hypriot/rpi-kernel/releases/download/v4.14.34/raspberrypi-kernel_20180422-141901_armhf.deb} |
|
|
66 | 65 | RPI_32_KERNELHEADER_URL=${RPI_32_KERNELHEADER_URL:=https://github.com/hypriot/rpi-kernel/releases/download/v4.14.34/raspberrypi-kernel-headers_20180422-141901_armhf.deb} |
| @@ -120,6 +119,7 NET_NTP_2=${NET_NTP_2:=""} | |||
|
|
120 | 119 | # APT settings |
|
|
121 | 120 | APT_PROXY=${APT_PROXY:=""} |
|
|
122 | 121 | APT_SERVER=${APT_SERVER:="ftp.debian.org"} |
|
|
122 | KEEP_APT_PROXY=${KEEP_APT_PROXY:=false} | |
|
|
123 | 123 | |
|
|
124 | 124 | # Feature settings |
|
|
125 | 125 | ENABLE_PRINTK=${ENABLE_PRINTK:=false} |
| @@ -171,6 +171,9 ENABLE_IPTABLES=${ENABLE_IPTABLES:=false} | |||
|
|
171 | 171 | ENABLE_SPLITFS=${ENABLE_SPLITFS:=false} |
|
|
172 | 172 | ENABLE_INITRAMFS=${ENABLE_INITRAMFS:=false} |
|
|
173 | 173 | ENABLE_IFNAMES=${ENABLE_IFNAMES:=true} |
|
|
174 | ENABLE_SPLASH=${ENABLE_SPLASH:=true} | |
|
|
175 | ENABLE_LOGO=${ENABLE_LOGO:=true} | |
|
|
176 | ENABLE_SILENT_BOOT=${ENABLE_SILENT_BOOT=false} | |
|
|
174 | 177 | DISABLE_UNDERVOLT_WARNINGS=${DISABLE_UNDERVOLT_WARNINGS:=} |
|
|
175 | 178 | |
|
|
176 | 179 | # Kernel compilation settings |
| @@ -227,7 +230,8 APT_INCLUDES="${APT_INCLUDES},apt-transport-https,apt-utils,ca-certificates,debi | |||
|
|
227 | 230 | APT_EXCLUDES=${APT_EXCLUDES:=""} |
|
|
228 | 231 | |
|
|
229 | 232 | # Packages required for bootstrapping |
|
|
230 |
REQUIRED_PACKAGES="debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git bc psmisc dbus sudo |
|
|
|
233 | REQUIRED_PACKAGES="debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git bc psmisc dbus sudo" | |
|
|
234 | #Requierd=netselect-apt | |
|
|
231 | 235 | MISSING_PACKAGES="" |
|
|
232 | 236 | |
|
|
233 | 237 | # Packages installed for c/c++ build environment in chroot (keep empty) |
| @@ -700,13 +704,17 umount -l "${R}/sys" | |||
|
|
700 | 704 | rm -rf "${R}/run/*" |
|
|
701 | 705 | rm -rf "${R}/tmp/*" |
|
|
702 | 706 | |
|
|
707 | # Clean up APT proxy settings | |
|
|
708 | if [ "$KEEP_APT_PROXY" = false ] ; then | |
|
|
709 | rm -f "${ETC_DIR}/apt/apt.conf.d/10proxy" | |
|
|
710 | fi | |
|
|
711 | ||
|
|
703 | 712 | # Clean up files |
|
|
704 | 713 | rm -f "${ETC_DIR}/ssh/ssh_host_*" |
|
|
705 | 714 | rm -f "${ETC_DIR}/dropbear/dropbear_*" |
|
|
706 | 715 | rm -f "${ETC_DIR}/apt/sources.list.save" |
|
|
707 | 716 | rm -f "${ETC_DIR}/resolvconf/resolv.conf.d/original" |
|
|
708 | 717 | rm -f "${ETC_DIR}/*-" |
|
|
709 | rm -f "${ETC_DIR}/apt/apt.conf.d/10proxy" | |
|
|
710 | 718 | rm -f "${ETC_DIR}/resolv.conf" |
|
|
711 | 719 | rm -f "${R}/root/.bash_history" |
|
|
712 | 720 | rm -f "${R}/var/lib/urandom/random-seed" |
General Comments 0
Vous devez vous connecter pour laisser un commentaire.
Se connecter maintenant
