##// END OF EJS Templates
Raspi2-3_GenImage
RSS

Cloner depuis https://github.com/drtyhlpr/rpi23-gen-image.git

fixes...
Unknown -
r338:5dd9ea36ae5f
parent child
Show More
Show file before | Show file after | Hide comments
@@ -1,255 +1,255
1 1 #
2 2 # Build and Setup RPi2/3 Kernel
3 3 #
4 4
5 5 # Load utility functions
6 6 . ./functions.sh
7 7
8 8 # Fetch and build latest raspberry kernel
9 9 if [ "$BUILD_KERNEL" = true ] ; then
10 10 # Setup source directory
11 11 mkdir -p "${R}/usr/src/linux"
12 12
13 13 # Copy existing kernel sources into chroot directory
14 14 if [ -n "$KERNELSRC_DIR" ] && [ -d "$KERNELSRC_DIR" ] ; then
15 15 # Copy kernel sources and include hidden files
16 16 cp -r "${KERNELSRC_DIR}/". "${R}/usr/src/linux"
17 17
18 18 # Clean the kernel sources
19 19 if [ "$KERNELSRC_CLEAN" = true ] && [ "$KERNELSRC_PREBUILT" = false ] ; then
20 20 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" mrproper
21 21 fi
22 22 else # KERNELSRC_DIR=""
23 23 # Create temporary directory for kernel sources
24 24 temp_dir=$(as_nobody mktemp -d)
25 25
26 26 # Fetch current RPi2/3 kernel sources
27 27 if [ -z "${KERNEL_BRANCH}" ] ; then
28 28 as_nobody -H git -C "${temp_dir}" clone --depth=1 "${KERNEL_URL}" linux
29 29 else
30 30 as_nobody -H git -C "${temp_dir}" clone --depth=1 --branch "${KERNEL_BRANCH}" "${KERNEL_URL}" linux
31 fi
32
31 fi
32
33 33 # Copy downloaded kernel sources
34 34 cp -r "${temp_dir}/linux/"* "${R}/usr/src/linux/"
35 35
36 36 # Remove temporary directory for kernel sources
37 37 rm -fr "${temp_dir}"
38 38
39 39 # Set permissions of the kernel sources
40 40 chown -R root:root "${R}/usr/src"
41 41 fi
42 42
43 43 # Calculate optimal number of kernel building threads
44 44 if [ "$KERNEL_THREADS" = "1" ] && [ -r /proc/cpuinfo ] ; then
45 45 KERNEL_THREADS=$(grep -c processor /proc/cpuinfo)
46 46 fi
47 47
48 48 # Configure and build kernel
49 49 if [ "$KERNELSRC_PREBUILT" = false ] ; then
50 50 # Remove device, network and filesystem drivers from kernel configuration
51 51 if [ "$KERNEL_REDUCE" = true ] ; then
52 52 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" "${KERNEL_DEFCONFIG}"
53 53 sed -i\
54 54 -e "s/\(^CONFIG_SND.*\=\).*/\1n/"\
55 55 -e "s/\(^CONFIG_SOUND.*\=\).*/\1n/"\
56 56 -e "s/\(^CONFIG_AC97.*\=\).*/\1n/"\
57 57 -e "s/\(^CONFIG_VIDEO_.*\=\).*/\1n/"\
58 58 -e "s/\(^CONFIG_MEDIA_TUNER.*\=\).*/\1n/"\
59 59 -e "s/\(^CONFIG_DVB.*\=\)[ym]/\1n/"\
60 60 -e "s/\(^CONFIG_REISERFS.*\=\).*/\1n/"\
61 61 -e "s/\(^CONFIG_JFS.*\=\).*/\1n/"\
62 62 -e "s/\(^CONFIG_XFS.*\=\).*/\1n/"\
63 63 -e "s/\(^CONFIG_GFS2.*\=\).*/\1n/"\
64 64 -e "s/\(^CONFIG_OCFS2.*\=\).*/\1n/"\
65 65 -e "s/\(^CONFIG_BTRFS.*\=\).*/\1n/"\
66 66 -e "s/\(^CONFIG_HFS.*\=\).*/\1n/"\
67 67 -e "s/\(^CONFIG_JFFS2.*\=\)[ym]/\1n/"\
68 68 -e "s/\(^CONFIG_UBIFS.*\=\).*/\1n/"\
69 69 -e "s/\(^CONFIG_SQUASHFS.*\=\)[ym]/\1n/"\
70 70 -e "s/\(^CONFIG_W1.*\=\)[ym]/\1n/"\
71 71 -e "s/\(^CONFIG_HAMRADIO.*\=\).*/\1n/"\
72 72 -e "s/\(^CONFIG_CAN.*\=\).*/\1n/"\
73 73 -e "s/\(^CONFIG_IRDA.*\=\).*/\1n/"\
74 74 -e "s/\(^CONFIG_BT_.*\=\).*/\1n/"\
75 75 -e "s/\(^CONFIG_WIMAX.*\=\)[ym]/\1n/"\
76 76 -e "s/\(^CONFIG_6LOWPAN.*\=\).*/\1n/"\
77 77 -e "s/\(^CONFIG_IEEE802154.*\=\).*/\1n/"\
78 78 -e "s/\(^CONFIG_NFC.*\=\).*/\1n/"\
79 79 -e "s/\(^CONFIG_FB_TFT=.*\=\).*/\1n/"\
80 80 -e "s/\(^CONFIG_TOUCHSCREEN.*\=\).*/\1n/"\
81 81 -e "s/\(^CONFIG_USB_GSPCA_.*\=\).*/\1n/"\
82 82 -e "s/\(^CONFIG_DRM.*\=\).*/\1n/"\
83 83 "${KERNEL_DIR}/.config"
84 84 fi
85 85
86 86 if [ "$KERNELSRC_CONFIG" = true ] ; then
87 87 # Load default raspberry kernel configuration
88 88 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" "${KERNEL_DEFCONFIG}"
89 89
90 90 # Set kernel configuration parameters to enable qemu emulation
91 91 if [ "$ENABLE_QEMU" = true ] ; then
92 92 echo "CONFIG_FHANDLE=y" >> "${KERNEL_DIR}"/.config
93 93 echo "CONFIG_LBDAF=y" >> "${KERNEL_DIR}"/.config
94 94
95 95 if [ "$ENABLE_CRYPTFS" = true ] ; then
96 96 {
97 97 echo "CONFIG_EMBEDDED=y"
98 98 echo "CONFIG_EXPERT=y"
99 99 echo "CONFIG_DAX=y"
100 100 echo "CONFIG_MD=y"
101 101 echo "CONFIG_BLK_DEV_MD=y"
102 102 echo "CONFIG_MD_AUTODETECT=y"
103 103 echo "CONFIG_BLK_DEV_DM=y"
104 104 echo "CONFIG_BLK_DEV_DM_BUILTIN=y"
105 105 echo "CONFIG_DM_CRYPT=y"
106 106 echo "CONFIG_CRYPTO_BLKCIPHER=y"
107 107 echo "CONFIG_CRYPTO_CBC=y"
108 108 echo "CONFIG_CRYPTO_XTS=y"
109 109 echo "CONFIG_CRYPTO_SHA512=y"
110 echo "CONFIG_CRYPTO_MANAGER=y"
110 echo "CONFIG_CRYPTO_MANAGER=y"
111 111 } >> ${KERNEL_DIR}/.config
112 fi
112 fi
113 113 fi
114 114
115 115 # Copy custom kernel configuration file
116 116 if [ -n "$KERNELSRC_USRCONFIG" ] ; then
117 117 cp "$KERNELSRC_USRCONFIG" "${KERNEL_DIR}"/.config
118 118 fi
119 119
120 120 # Set kernel configuration parameters to their default values
121 121 if [ "$KERNEL_OLDDEFCONFIG" = true ] ; then
122 122 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" olddefconfig
123 123 fi
124 124
125 125 # Start menu-driven kernel configuration (interactive)
126 126 if [ "$KERNEL_MENUCONFIG" = true ] ; then
127 127 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" menuconfig
128 128 fi
129 129 fi
130 130
131 131 # Use ccache to cross compile the kernel
132 132 if [ "$KERNEL_CCACHE" = true ] ; then
133 133 cc="ccache ${CROSS_COMPILE}gcc"
134 134 else
135 135 cc="${CROSS_COMPILE}gcc"
136 136 fi
137 137
138 138 # Cross compile kernel and dtbs
139 139 make -C "${KERNEL_DIR}" -j"${KERNEL_THREADS}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" CC="${cc}" "${KERNEL_BIN_IMAGE}" dtbs
140 140
141 141 # Cross compile kernel modules
142 142 if [ "$(grep "CONFIG_MODULES=y" "${KERNEL_DIR}/.config")" ] ; then
143 143 make -C "${KERNEL_DIR}" -j"${KERNEL_THREADS}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" CC="${cc}" modules
144 144 fi
145 145 fi
146 146
147 147 # Check if kernel compilation was successful
148 148 if [ ! -r "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/${KERNEL_BIN_IMAGE}" ] ; then
149 149 echo "error: kernel compilation failed! (kernel image not found)"
150 150 cleanup
151 151 exit 1
152 152 fi
153 153
154 154 # Install kernel modules
155 155 if [ "$ENABLE_REDUCE" = true ] ; then
156 156 if [ "$(grep "CONFIG_MODULES=y" "${KERNEL_DIR}/.config")" ] ; then
157 157 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_MOD_STRIP=1 INSTALL_MOD_PATH=../../.. modules_install
158 158 fi
159 159 else
160 160 if [ "$(grep "CONFIG_MODULES=y" "${KERNEL_DIR}/.config")" ] ; then
161 161 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_MOD_PATH=../../.. modules_install
162 162 fi
163 163
164 164 # Install kernel firmware
165 165 if [ "$(grep "^firmware_install:" "${KERNEL_DIR}/Makefile")" ] ; then
166 166 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_FW_PATH=../../../lib firmware_install
167 167 fi
168 168 fi
169 169
170 170 # Install kernel headers
171 171 if [ "$KERNEL_HEADERS" = true ] && [ "$KERNEL_REDUCE" = false ] ; then
172 172 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_HDR_PATH=../.. headers_install
173 173 fi
174 174
175 175 # Prepare boot (firmware) directory
176 176 mkdir "${BOOT_DIR}"
177 177
178 178 # Get kernel release version
179 KERNEL_VERSION=`cat "${KERNEL_DIR}/include/config/kernel.release"`
179 KERNEL_VERSION=$(cat "${KERNEL_DIR}/include/config/kernel.release")
180 180
181 181 # Copy kernel configuration file to the boot directory
182 182 install_readonly "${KERNEL_DIR}/.config" "${R}/boot/config-${KERNEL_VERSION}"
183 183
184 184 # Prepare device tree directory
185 185 mkdir "${BOOT_DIR}/overlays"
186
186
187 187 # Ensure the proper .dtb is located
188 188 if [ "$KERNEL_ARCH" = "arm" ] ; then
189 189 for dtb in "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/"*.dtb ; do
190 190 if [ -f "${dtb}" ] ; then
191 191 install_readonly "${dtb}" "${BOOT_DIR}/"
192 192 fi
193 193 done
194 194 else
195 195 for dtb in "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/broadcom/"*.dtb ; do
196 196 if [ -f "${dtb}" ] ; then
197 197 install_readonly "${dtb}" "${BOOT_DIR}/"
198 198 fi
199 199 done
200 200 fi
201 201
202 202 # Copy compiled dtb device tree files
203 203 if [ -d "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays" ] ; then
204 204 for dtb in "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays/"*.dtb ; do
205 205 if [ -f "${dtb}" ] ; then
206 206 install_readonly "${dtb}" "${BOOT_DIR}/overlays/"
207 207 fi
208 208 done
209 209
210 210 if [ -f "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays/README" ] ; then
211 211 install_readonly "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays/README" "${BOOT_DIR}/overlays/README"
212 212 fi
213 213 fi
214 214
215 215 if [ "$ENABLE_UBOOT" = false ] ; then
216 216 # Convert and copy kernel image to the boot directory
217 217 "${KERNEL_DIR}/scripts/mkknlimg" "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/${KERNEL_BIN_IMAGE}" "${BOOT_DIR}/${KERNEL_IMAGE}"
218 218 else
219 219 # Copy kernel image to the boot directory
220 220 install_readonly "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/${KERNEL_BIN_IMAGE}" "${BOOT_DIR}/${KERNEL_IMAGE}"
221 221 fi
222 222
223 223 # Remove kernel sources
224 224 if [ "$KERNEL_REMOVESRC" = true ] ; then
225 225 rm -fr "${KERNEL_DIR}"
226 226 else
227 227 # Prepare compiled kernel modules
228 228 if [ "$(grep "CONFIG_MODULES=y" "${KERNEL_DIR}/.config")" ] ; then
229 229 if [ "$(grep "^modules_prepare:" "${KERNEL_DIR}/Makefile")" ] ; then
230 230 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" modules_prepare
231 231 fi
232 232
233 233 # Create symlinks for kernel modules
234 234 chroot_exec ln -sf /usr/src/linux "/lib/modules/${KERNEL_VERSION}/build"
235 235 chroot_exec ln -sf /usr/src/linux "/lib/modules/${KERNEL_VERSION}/source"
236 236 fi
237 237 fi
238 238
239 239 else # BUILD_KERNEL=false
240 240 # Kernel installation
241 241 chroot_exec apt-get -qq -y --no-install-recommends install linux-image-"${COLLABORA_KERNEL}" raspberrypi-bootloader-nokernel
242 242
243 243 # Install flash-kernel last so it doesn't try (and fail) to detect the platform in the chroot
244 244 chroot_exec apt-get -qq -y install flash-kernel
245 245
246 246 # Check if kernel installation was successful
247 247 VMLINUZ="$(ls -1 "${R}"/boot/vmlinuz-* | sort | tail -n 1)"
248 248 if [ -z "$VMLINUZ" ] ; then
249 249 echo "error: kernel installation failed! (/boot/vmlinuz-* not found)"
250 250 cleanup
251 251 exit 1
252 252 fi
253 253 # Copy vmlinuz kernel to the boot directory
254 254 install_readonly "${VMLINUZ}" "${BOOT_DIR}/${KERNEL_IMAGE}"
255 255 fi
Show file before | Show file after | Hide comments
@@ -1,49 +1,50
1 1 #
2 2 # Setup Firewall
3 3 #
4 4
5 5 # Load utility functions
6 6 . ./functions.sh
7 7
8 8 if [ "$ENABLE_IPTABLES" = true ] ; then
9 9 # Create iptables configuration directory
10 10 mkdir -p "${ETC_DIR}/iptables"
11 11
12 # make sure iptables-legacy,iptables-legacy-restore and iptables-legacy-save are the used alternatives
13 chroot_exec update-alternatives --verbose --set iptables /usr/sbin/iptables-legacy
14 chroot_exec update-alternatives --verbose --set iptables-save /usr/sbin/iptables-legacy-save
15 chroot_exec update-alternatives --verbose --set iptables-restore /usr/sbin/iptables-legacy-restore
12 # make sure iptables-legacy is the used alternatives
13 #iptables-save and -restore are slaves of iptables and thus are set accordingly
14 if ! [ "$RELEASE" = jessie ] ; then
15 chroot_exec update-alternatives --verbose --set iptables /usr/sbin/iptables-legacy
16 fi
16 17
17 18 # Install iptables systemd service
18 19 install_readonly files/iptables/iptables.service "${ETC_DIR}/systemd/system/iptables.service"
19 20
20 21 # Install flush-table script called by iptables service
21 22 install_exec files/iptables/flush-iptables.sh "${ETC_DIR}/iptables/flush-iptables.sh"
22 23
23 24 # Install iptables rule file
24 25 install_readonly files/iptables/iptables.rules "${ETC_DIR}/iptables/iptables.rules"
25 26
26 27 # Reload systemd configuration and enable iptables service
27 28 chroot_exec systemctl daemon-reload
28 29 chroot_exec systemctl enable iptables.service
29 30
30 31 if [ "$ENABLE_IPV6" = true ] ; then
31 32 # Install ip6tables systemd service
32 33 install_readonly files/iptables/ip6tables.service "${ETC_DIR}/systemd/system/ip6tables.service"
33 34
34 35 # Install ip6tables file
35 36 install_exec files/iptables/flush-ip6tables.sh "${ETC_DIR}/iptables/flush-ip6tables.sh"
36 37
37 38 install_readonly files/iptables/ip6tables.rules "${ETC_DIR}/iptables/ip6tables.rules"
38 39
39 40 # Reload systemd configuration and enable iptables service
40 41 chroot_exec systemctl daemon-reload
41 42 chroot_exec systemctl enable ip6tables.service
42 43 fi
43 44
44 45 if [ "$ENABLE_SSHD" = false ] ; then
45 46 # Remove SSHD related iptables rules
46 47 sed -i "/^#/! {/SSH/ s/^/# /}" "${ETC_DIR}/iptables/iptables.rules" 2> /dev/null
47 48 sed -i "/^#/! {/SSH/ s/^/# /}" "${ETC_DIR}/iptables/ip6tables.rules" 2> /dev/null
48 49 fi
49 50 fi
Show file before | Show file after | Hide comments
@@ -1,29 +1,29
1 1 #
2 2 # Setup users and security settings
3 3 #
4 4
5 5 # Load utility functions
6 6 . ./functions.sh
7 7
8 8 # Generate crypt(3) password string
9 ENCRYPTED_PASSWORD=`mkpasswd -m sha-512 "${PASSWORD}"`
10 ENCRYPTED_USER_PASSWORD=`mkpasswd -m sha-512 "${USER_PASSWORD}"`
9 ENCRYPTED_PASSWORD=$(mkpasswd -m sha-512 "${PASSWORD}")
10 ENCRYPTED_USER_PASSWORD=$(mkpasswd -m sha-512 "${USER_PASSWORD}")
11 11
12 12 # Setup default user
13 13 if [ "$ENABLE_USER" = true ] ; then
14 14 chroot_exec adduser --gecos $USER_NAME --add_extra_groups --disabled-password $USER_NAME
15 15 chroot_exec usermod -a -G sudo -p "${ENCRYPTED_USER_PASSWORD}" $USER_NAME
16 16 fi
17 17
18 18 # Setup root password or not
19 19 if [ "$ENABLE_ROOT" = true ] ; then
20 20 chroot_exec usermod -p "${ENCRYPTED_PASSWORD}" root
21 21 else
22 22 # Set no root password to disable root login
23 23 chroot_exec usermod -p \'!\' root
24 24 fi
25 25
26 26 # Enable serial console systemd style
27 27 if [ "$ENABLE_CONSOLE" = true ] ; then
28 28 chroot_exec systemctl enable serial-getty\@ttyAMA0.service
29 29 fi
Show file before | Show file after | Hide comments
@@ -1,116 +1,116
1 1 #
2 2 # Setup SSH settings and public keys
3 3 #
4 4
5 5 # Load utility functions
6 6 . ./functions.sh
7 7
8 8 if [ "$ENABLE_SSHD" = true ] ; then
9 9 DROPBEAR_ARGS=""
10 10
11 11 if [ "$SSH_ENABLE_ROOT" = false ] ; then
12 12 if [ "$ENABLE_REDUCE" = false ] || [ "$REDUCE_SSHD" = false ] ; then
13 13 # User root is not allowed to log in
14 14 sed -i "s|[#]*PermitRootLogin.*|PermitRootLogin no|g" "${ETC_DIR}/ssh/sshd_config"
15 15 else
16 16 # User root is not allowed to log in
17 17 DROPBEAR_ARGS="-w"
18 18 fi
19 19 fi
20 20
21 21 if [ "$ENABLE_ROOT" = true ] && [ "$SSH_ENABLE_ROOT" = true ] ; then
22 22 if [ "$ENABLE_REDUCE" = false ] || [ "$REDUCE_SSHD" = false ] ; then
23 23 # Permit SSH root login
24 24 sed -i "s|[#]*PermitRootLogin.*|PermitRootLogin yes|g" "${ETC_DIR}/ssh/sshd_config"
25 25 else
26 26 # Permit SSH root login
27 27 DROPBEAR_ARGS=""
28 28 fi
29 29
30 30 # Add SSH (v2) public key for user root
31 if [ ! -z "$SSH_ROOT_PUB_KEY" ] ; then
31 if [ -n "$SSH_ROOT_PUB_KEY" ] ; then
32 32 # Create root SSH config directory
33 33 mkdir -p "${R}/root/.ssh"
34 34
35 35 # Set permissions of root SSH config directory
36 36 chroot_exec chmod 700 "/root/.ssh"
37 37 chroot_exec chown root:root "/root/.ssh"
38 38
39 39 # Add SSH (v2) public key(s) to authorized_keys file
40 40 cat "$SSH_ROOT_PUB_KEY" >> "${R}/root/.ssh/authorized_keys"
41 41
42 42 # Set permissions of root SSH authorized_keys file
43 43 chroot_exec chmod 600 "/root/.ssh/authorized_keys"
44 44 chroot_exec chown root:root "/root/.ssh/authorized_keys"
45 45
46 46 if [ "$ENABLE_REDUCE" = false ] || [ "$REDUCE_SSHD" = false ] ; then
47 47 # Allow SSH public key authentication
48 48 sed -i "s|[#]*PubkeyAuthentication.*|PubkeyAuthentication yes|g" "${ETC_DIR}/ssh/sshd_config"
49 49 fi
50 50 fi
51 51 fi
52 52
53 53 if [ "$ENABLE_USER" = true ] ; then
54 54 # Add SSH (v2) public key for user $USER_NAME
55 if [ ! -z "$SSH_USER_PUB_KEY" ] ; then
55 if [ -n "$SSH_USER_PUB_KEY" ] ; then
56 56 # Create $USER_NAME SSH config directory
57 57 mkdir -p "${R}/home/${USER_NAME}/.ssh"
58 58
59 59 # Set permissions of $USER_NAME SSH config directory
60 60 chroot_exec chmod 700 "/home/${USER_NAME}/.ssh"
61 chroot_exec chown ${USER_NAME}:${USER_NAME} "/home/${USER_NAME}/.ssh"
61 chroot_exec chown "${USER_NAME}":"${USER_NAME}" "/home/${USER_NAME}/.ssh"
62 62
63 63 # Add SSH (v2) public key(s) to authorized_keys file
64 64 cat "$SSH_USER_PUB_KEY" >> "${R}/home/${USER_NAME}/.ssh/authorized_keys"
65 65
66 66 # Set permissions of $USER_NAME SSH config directory
67 67 chroot_exec chmod 600 "/home/${USER_NAME}/.ssh/authorized_keys"
68 chroot_exec chown ${USER_NAME}:${USER_NAME} "/home/${USER_NAME}/.ssh/authorized_keys"
68 chroot_exec chown "${USER_NAME}":"${USER_NAME}" "/home/${USER_NAME}/.ssh/authorized_keys"
69 69
70 70 if [ "$ENABLE_REDUCE" = false ] || [ "$REDUCE_SSHD" = false ] ; then
71 71 # Allow SSH public key authentication
72 72 sed -i "s|[#]*PubkeyAuthentication.*|PubkeyAuthentication yes|g" "${ETC_DIR}/ssh/sshd_config"
73 73 fi
74 74 fi
75 75 fi
76 76
77 77 # Limit the users that are allowed to login via SSH
78 78 if [ "$SSH_LIMIT_USERS" = true ] && [ "$ENABLE_REDUCE" = false ] ; then
79 79 allowed_users=""
80 80 if [ "$ENABLE_ROOT" = true ] && [ "$SSH_ENABLE_ROOT" = true ] ; then
81 81 allowed_users="root"
82 82 fi
83 83
84 84 if [ "$ENABLE_USER" = true ] ; then
85 85 allowed_users="${allowed_users} ${USER_NAME}"
86 86 fi
87 87
88 if [ ! -z "$allowed_users" ] ; then
88 if [ -n "$allowed_users" ] ; then
89 89 echo "AllowUsers ${allowed_users}" >> "${ETC_DIR}/ssh/sshd_config"
90 90 fi
91 91 fi
92 92
93 93 # Disable password-based authentication
94 94 if [ "$SSH_DISABLE_PASSWORD_AUTH" = true ] ; then
95 95 if [ "$ENABLE_ROOT" = true ] && [ "$SSH_ENABLE_ROOT" = true ] ; then
96 96 if [ "$ENABLE_REDUCE" = false ] || [ "$REDUCE_SSHD" = false ] ; then
97 97 sed -i "s|[#]*PermitRootLogin.*|PermitRootLogin without-password|g" "${ETC_DIR}/ssh/sshd_config"
98 98 else
99 99 DROPBEAR_ARGS="-g"
100 100 fi
101 101 fi
102 102
103 103 if [ "$ENABLE_REDUCE" = false ] || [ "$REDUCE_SSHD" = false ] ; then
104 104 sed -i "s|[#]*PasswordAuthentication.*|PasswordAuthentication no|g" "${ETC_DIR}/ssh/sshd_config"
105 105 sed -i "s|[#]*ChallengeResponseAuthentication no.*|ChallengeResponseAuthentication no|g" "${ETC_DIR}/ssh/sshd_config"
106 106 sed -i "s|[#]*UsePAM.*|UsePAM no|g" "${ETC_DIR}/ssh/sshd_config"
107 107 else
108 108 DROPBEAR_ARGS="${DROPBEAR_ARGS} -s"
109 109 fi
110 110 fi
111 111
112 112 # Update dropbear SSH configuration
113 113 if [ "$ENABLE_REDUCE" = true ] && [ "$REDUCE_SSHD" = true ] ; then
114 114 sed "s|^DROPBEAR_EXTRA_ARGS=.*|DROPBEAR_EXTRA_ARGS=\"${DROPBEAR_ARGS}\"|g" "${ETC_DIR}/default/dropbear"
115 115 fi
116 fi
116 fi No newline at end of file
Show file before | Show file after | Hide comments
@@ -1,88 +1,88
1 1 #
2 2 # Build and Setup U-Boot
3 3 #
4 4
5 5 # Load utility functions
6 6 . ./functions.sh
7 7
8 8 # Fetch and build U-Boot bootloader
9 9 if [ "$ENABLE_UBOOT" = true ] ; then
10 10 # Install c/c++ build environment inside the chroot
11 11 chroot_install_cc
12 12
13 13 # Copy existing U-Boot sources into chroot directory
14 14 if [ -n "$UBOOTSRC_DIR" ] && [ -d "$UBOOTSRC_DIR" ] ; then
15 15 # Copy local U-Boot sources
16 16 cp -r "${UBOOTSRC_DIR}" "${R}/tmp"
17 17 else
18 18 # Create temporary directory for U-Boot sources
19 19 temp_dir=$(as_nobody mktemp -d)
20 20
21 21 # Fetch U-Boot sources
22 22 as_nobody git -C "${temp_dir}" clone "${UBOOT_URL}"
23 23
24 24 # Copy downloaded U-Boot sources
25 25 mv "${temp_dir}/u-boot" "${R}/tmp/"
26 26
27 27 # Set permissions of the U-Boot sources
28 28 chown -R root:root "${R}/tmp/u-boot"
29 29
30 30 # Remove temporary directory for U-Boot sources
31 31 rm -fr "${temp_dir}"
32 32 fi
33 33
34 34 # Build and install U-Boot inside chroot
35 chroot_exec make -j${KERNEL_THREADS} -C /tmp/u-boot/ ${UBOOT_CONFIG} all
35 chroot_exec make -j"${KERNEL_THREADS}" -C /tmp/u-boot/ "${UBOOT_CONFIG}" all
36 36
37 37 # Copy compiled bootloader binary and set config.txt to load it
38 38 install_exec "${R}/tmp/u-boot/tools/mkimage" "${R}/usr/sbin/mkimage"
39 39 install_readonly "${R}/tmp/u-boot/u-boot.bin" "${BOOT_DIR}/u-boot.bin"
40 40 printf "\n# boot u-boot kernel\nkernel=u-boot.bin\n" >> "${BOOT_DIR}/config.txt"
41 41
42 42 # Install and setup U-Boot command file
43 43 install_readonly files/boot/uboot.mkimage "${BOOT_DIR}/uboot.mkimage"
44 44 printf "# Set the kernel boot command line\nsetenv bootargs \"earlyprintk ${CMDLINE}\"\n\n$(cat ${BOOT_DIR}/uboot.mkimage)" > "${BOOT_DIR}/uboot.mkimage"
45 45
46 46 if [ "$ENABLE_INITRAMFS" = true ] ; then
47 47 # Convert generated initramfs for U-Boot using mkimage
48 48 chroot_exec /usr/sbin/mkimage -A "${KERNEL_ARCH}" -T ramdisk -C none -n "initramfs-${KERNEL_VERSION}" -d "/boot/firmware/initramfs-${KERNEL_VERSION}" "/boot/firmware/initramfs-${KERNEL_VERSION}.uboot"
49 49
50 50 # Remove original initramfs file
51 51 rm -f "${BOOT_DIR}/initramfs-${KERNEL_VERSION}"
52 52
53 53 # Configure U-Boot to load generated initramfs
54 54 printf "# Set initramfs file\nsetenv initramfs initramfs-${KERNEL_VERSION}.uboot\n\n$(cat ${BOOT_DIR}/uboot.mkimage)" > "${BOOT_DIR}/uboot.mkimage"
55 55 printf "\nbootz \${kernel_addr_r} \${ramdisk_addr_r} \${fdt_addr_r}" >> "${BOOT_DIR}/uboot.mkimage"
56 56 else # ENABLE_INITRAMFS=false
57 57 # Remove initramfs from U-Boot mkfile
58 58 sed -i '/.*initramfs.*/d' "${BOOT_DIR}/uboot.mkimage"
59 59
60 60 if [ "$BUILD_KERNEL" = false ] ; then
61 61 # Remove dtbfile from U-Boot mkfile
62 62 sed -i '/.*dtbfile.*/d' "${BOOT_DIR}/uboot.mkimage"
63 63 printf "\nbootz \${kernel_addr_r}" >> "${BOOT_DIR}/uboot.mkimage"
64 64 else
65 65 printf "\nbootz \${kernel_addr_r} - \${fdt_addr_r}" >> "${BOOT_DIR}/uboot.mkimage"
66 66 fi
67 67 fi
68 68
69 69 # Set mkfile to use the correct dtb file
70 70 sed -i "s/^\(setenv dtbfile \).*/\1${DTB_FILE}/" "${BOOT_DIR}/uboot.mkimage"
71 71
72 72 # Set mkfile to use the correct mach id
73 73 if [ "$ENABLE_QEMU" = true ] ; then
74 74 sed -i "s/^\(setenv machid \).*/\10x000008e0/" "${BOOT_DIR}/uboot.mkimage"
75 75 fi
76 76
77 77 # Set mkfile to use kernel image
78 78 sed -i "s/^\(fatload mmc 0:1 \${kernel_addr_r} \).*/\1${KERNEL_IMAGE}/" "${BOOT_DIR}/uboot.mkimage"
79 79
80 80 # Remove all leading blank lines
81 81 sed -i "/./,\$!d" "${BOOT_DIR}/uboot.mkimage"
82 82
83 83 # Generate U-Boot bootloader image
84 84 chroot_exec /usr/sbin/mkimage -A "${KERNEL_ARCH}" -O linux -T script -C none -a 0x00000000 -e 0x00000000 -n "RPi${RPI_MODEL}" -d /boot/firmware/uboot.mkimage /boot/firmware/boot.scr
85 85
86 86 # Remove U-Boot sources
87 87 rm -fr "${R}/tmp/u-boot"
88 88 fi
Show file before | Show file after | Hide comments
@@ -1,85 +1,85
1 1 #
2 2 # Reduce system disk usage
3 3 #
4 4
5 5 # Load utility functions
6 6 . ./functions.sh
7 7
8 8 # Reduce the image size by various operations
9 9 if [ "$ENABLE_REDUCE" = true ] ; then
10 10 if [ "$REDUCE_APT" = true ] ; then
11 11 # Install dpkg configuration file
12 12 if [ "$REDUCE_DOC" = true ] || [ "$REDUCE_MAN" = true ] ; then
13 13 install_readonly files/dpkg/01nodoc "${ETC_DIR}/dpkg/dpkg.cfg.d/01nodoc"
14 14 fi
15 15
16 16 # Install APT configuration files
17 17 install_readonly files/apt/02nocache "${ETC_DIR}/apt/apt.conf.d/02nocache"
18 18 install_readonly files/apt/03compress "${ETC_DIR}/apt/apt.conf.d/03compress"
19 19 install_readonly files/apt/04norecommends "${ETC_DIR}/apt/apt.conf.d/04norecommends"
20 20
21 21 # Remove APT cache files
22 22 rm -fr "${R}/var/cache/apt/pkgcache.bin"
23 23 rm -fr "${R}/var/cache/apt/srcpkgcache.bin"
24 24 fi
25 25
26 26 # Remove all doc files
27 27 if [ "$REDUCE_DOC" = true ] ; then
28 find "${R}/usr/share/doc" -depth -type f ! -name copyright | xargs rm || true
29 find "${R}/usr/share/doc" -empty | xargs rmdir || true
28 find "${R}/usr/share/doc" -depth -type f ! -name copyright -print0 | xargs -0 rm || true
29 find "${R}/usr/share/doc" -empty -print0 | xargs -0 rmdir || true
30 30 fi
31 31
32 32 # Remove all man pages and info files
33 33 if [ "$REDUCE_MAN" = true ] ; then
34 34 rm -rf "${R}/usr/share/man" "${R}/usr/share/groff" "${R}/usr/share/info" "${R}/usr/share/lintian" "${R}/usr/share/linda" "${R}/var/cache/man"
35 35 fi
36 36
37 37 # Remove all locale translation files
38 38 if [ "$REDUCE_LOCALE" = true ] ; then
39 find "${R}/usr/share/locale" -mindepth 1 -maxdepth 1 ! -name 'en' | xargs rm -r
39 find "${R}/usr/share/locale" -mindepth 1 -maxdepth 1 ! -name 'en' -print0 | xargs -0 rm -r
40 40 fi
41 41
42 42 # Remove hwdb PCI device classes (experimental)
43 43 if [ "$REDUCE_HWDB" = true ] ; then
44 44 rm -fr "/lib/udev/hwdb.d/20-pci-*"
45 45 fi
46 46
47 47 # Replace bash shell by dash shell (experimental)
48 48 if [ "$REDUCE_BASH" = true ] ; then
49 49 if [ "$RELEASE" = "stretch" ] || [ "$RELEASE" = "buster" ] ; then
50 50 echo "Yes, do as I say!" | chroot_exec apt-get purge -qq -y --allow-remove-essential bash
51 51 else
52 52 echo "Yes, do as I say!" | chroot_exec apt-get purge -qq -y --force-yes bash
53 53 fi
54 54
55 55 chroot_exec update-alternatives --install /bin/bash bash /bin/dash 100
56 56 fi
57 57
58 58 # Remove sound utils and libraries
59 59 if [ "$ENABLE_SOUND" = false ] ; then
60 60 chroot_exec apt-get -qq -y purge alsa-utils libsamplerate0 libasound2 libasound2-data
61 61 fi
62 62
63 63 # Re-install tools for managing kernel modules
64 64 if [ "$RELEASE" = "jessie" ] ; then
65 65 chroot_exec apt-get -qq -y install module-init-tools
66 66 fi
67 67
68 68 # Remove GPU kernels
69 69 if [ "$ENABLE_MINGPU" = true ] ; then
70 70 rm -f "${BOOT_DIR}/start.elf"
71 71 rm -f "${BOOT_DIR}/fixup.dat"
72 72 rm -f "${BOOT_DIR}/start_x.elf"
73 73 rm -f "${BOOT_DIR}/fixup_x.dat"
74 74 fi
75 75
76 76 # Remove kernel and initrd from /boot (already in /boot/firmware)
77 77 if [ "$BUILD_KERNEL" = false ] ; then
78 78 rm -f "${R}/boot/vmlinuz-*"
79 79 rm -f "${R}/boot/initrd.img-*"
80 80 fi
81 81
82 82 # Clean APT list of repositories
83 83 rm -fr "${R}/var/lib/apt/lists/*"
84 84 chroot_exec apt-get -qq -y update
85 85 fi
Show file before | Show file after | Hide comments
@@ -1,15 +1,16
1 1 # Set device tree fdtfile
2 2 setenv dtbfile bcm2709-rpi-2-b.dtb
3 3
4 4 # Tell Linux that it is booting on a Raspberry Pi2/3
5 5 setenv machid 0x00000c42
6 6
7 7 # Save these changes to u-boot's environment
8 8 saveenv
9 9
10 10 # Load the existing Linux kernel into RAM
11 mmc dev 0
11 12 fatload mmc 0:1 ${kernel_addr_r} kernel7.img
12 13 fatload mmc 0:1 ${fdt_addr_r} ${dtbfile}
13 14 fatload mmc 0:1 ${ramdisk_addr_r} ${initramfs}
14 15
15 16 # Boot the kernel we have just loaded
General Comments 0
Vous devez vous connecter pour laisser un commentaire. Se connecter maintenant