@@ -28,8 +28,8 if [ "$BUILD_KERNEL" = true ] ; then | |||||
28 | as_nobody -H git -C "${temp_dir}" clone --depth=1 "${KERNEL_URL}" linux |
|
28 | as_nobody -H git -C "${temp_dir}" clone --depth=1 "${KERNEL_URL}" linux | |
29 | else |
|
29 | else | |
30 | as_nobody -H git -C "${temp_dir}" clone --depth=1 --branch "${KERNEL_BRANCH}" "${KERNEL_URL}" linux |
|
30 | as_nobody -H git -C "${temp_dir}" clone --depth=1 --branch "${KERNEL_BRANCH}" "${KERNEL_URL}" linux | |
31 | fi |
|
31 | fi | |
32 |
|
32 | |||
33 | # Copy downloaded kernel sources |
|
33 | # Copy downloaded kernel sources | |
34 | cp -r "${temp_dir}/linux/"* "${R}/usr/src/linux/" |
|
34 | cp -r "${temp_dir}/linux/"* "${R}/usr/src/linux/" | |
35 |
|
35 | |||
@@ -107,9 +107,9 if [ "$BUILD_KERNEL" = true ] ; then | |||||
107 | echo "CONFIG_CRYPTO_CBC=y" |
|
107 | echo "CONFIG_CRYPTO_CBC=y" | |
108 | echo "CONFIG_CRYPTO_XTS=y" |
|
108 | echo "CONFIG_CRYPTO_XTS=y" | |
109 | echo "CONFIG_CRYPTO_SHA512=y" |
|
109 | echo "CONFIG_CRYPTO_SHA512=y" | |
110 |
echo "CONFIG_CRYPTO_MANAGER=y" |
|
110 | echo "CONFIG_CRYPTO_MANAGER=y" | |
111 | } >> ${KERNEL_DIR}/.config |
|
111 | } >> ${KERNEL_DIR}/.config | |
112 | fi |
|
112 | fi | |
113 | fi |
|
113 | fi | |
114 |
|
114 | |||
115 | # Copy custom kernel configuration file |
|
115 | # Copy custom kernel configuration file | |
@@ -176,14 +176,14 if [ "$BUILD_KERNEL" = true ] ; then | |||||
176 | mkdir "${BOOT_DIR}" |
|
176 | mkdir "${BOOT_DIR}" | |
177 |
|
177 | |||
178 | # Get kernel release version |
|
178 | # Get kernel release version | |
179 |
KERNEL_VERSION= |
|
179 | KERNEL_VERSION=$(cat "${KERNEL_DIR}/include/config/kernel.release") | |
180 |
|
180 | |||
181 | # Copy kernel configuration file to the boot directory |
|
181 | # Copy kernel configuration file to the boot directory | |
182 | install_readonly "${KERNEL_DIR}/.config" "${R}/boot/config-${KERNEL_VERSION}" |
|
182 | install_readonly "${KERNEL_DIR}/.config" "${R}/boot/config-${KERNEL_VERSION}" | |
183 |
|
183 | |||
184 | # Prepare device tree directory |
|
184 | # Prepare device tree directory | |
185 | mkdir "${BOOT_DIR}/overlays" |
|
185 | mkdir "${BOOT_DIR}/overlays" | |
186 |
|
186 | |||
187 | # Ensure the proper .dtb is located |
|
187 | # Ensure the proper .dtb is located | |
188 | if [ "$KERNEL_ARCH" = "arm" ] ; then |
|
188 | if [ "$KERNEL_ARCH" = "arm" ] ; then | |
189 | for dtb in "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/"*.dtb ; do |
|
189 | for dtb in "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/"*.dtb ; do |
@@ -9,10 +9,11 if [ "$ENABLE_IPTABLES" = true ] ; then | |||||
9 | # Create iptables configuration directory |
|
9 | # Create iptables configuration directory | |
10 | mkdir -p "${ETC_DIR}/iptables" |
|
10 | mkdir -p "${ETC_DIR}/iptables" | |
11 |
|
11 | |||
12 |
# make sure iptables-legacy |
|
12 | # make sure iptables-legacy is the used alternatives | |
13 | chroot_exec update-alternatives --verbose --set iptables /usr/sbin/iptables-legacy |
|
13 | #iptables-save and -restore are slaves of iptables and thus are set accordingly | |
14 | chroot_exec update-alternatives --verbose --set iptables-save /usr/sbin/iptables-legacy-save |
|
14 | if ! [ "$RELEASE" = jessie ] ; then | |
15 |
|
|
15 | chroot_exec update-alternatives --verbose --set iptables /usr/sbin/iptables-legacy | |
|
16 | fi | |||
16 |
|
17 | |||
17 | # Install iptables systemd service |
|
18 | # Install iptables systemd service | |
18 | install_readonly files/iptables/iptables.service "${ETC_DIR}/systemd/system/iptables.service" |
|
19 | install_readonly files/iptables/iptables.service "${ETC_DIR}/systemd/system/iptables.service" |
@@ -6,8 +6,8 | |||||
6 | . ./functions.sh |
|
6 | . ./functions.sh | |
7 |
|
7 | |||
8 | # Generate crypt(3) password string |
|
8 | # Generate crypt(3) password string | |
9 |
ENCRYPTED_PASSWORD= |
|
9 | ENCRYPTED_PASSWORD=$(mkpasswd -m sha-512 "${PASSWORD}") | |
10 |
ENCRYPTED_USER_PASSWORD= |
|
10 | ENCRYPTED_USER_PASSWORD=$(mkpasswd -m sha-512 "${USER_PASSWORD}") | |
11 |
|
11 | |||
12 | # Setup default user |
|
12 | # Setup default user | |
13 | if [ "$ENABLE_USER" = true ] ; then |
|
13 | if [ "$ENABLE_USER" = true ] ; then |
@@ -28,7 +28,7 if [ "$ENABLE_SSHD" = true ] ; then | |||||
28 | fi |
|
28 | fi | |
29 |
|
29 | |||
30 | # Add SSH (v2) public key for user root |
|
30 | # Add SSH (v2) public key for user root | |
31 |
if [ |
|
31 | if [ -n "$SSH_ROOT_PUB_KEY" ] ; then | |
32 | # Create root SSH config directory |
|
32 | # Create root SSH config directory | |
33 | mkdir -p "${R}/root/.ssh" |
|
33 | mkdir -p "${R}/root/.ssh" | |
34 |
|
34 | |||
@@ -52,20 +52,20 if [ "$ENABLE_SSHD" = true ] ; then | |||||
52 |
|
52 | |||
53 | if [ "$ENABLE_USER" = true ] ; then |
|
53 | if [ "$ENABLE_USER" = true ] ; then | |
54 | # Add SSH (v2) public key for user $USER_NAME |
|
54 | # Add SSH (v2) public key for user $USER_NAME | |
55 |
if [ |
|
55 | if [ -n "$SSH_USER_PUB_KEY" ] ; then | |
56 | # Create $USER_NAME SSH config directory |
|
56 | # Create $USER_NAME SSH config directory | |
57 | mkdir -p "${R}/home/${USER_NAME}/.ssh" |
|
57 | mkdir -p "${R}/home/${USER_NAME}/.ssh" | |
58 |
|
58 | |||
59 | # Set permissions of $USER_NAME SSH config directory |
|
59 | # Set permissions of $USER_NAME SSH config directory | |
60 | chroot_exec chmod 700 "/home/${USER_NAME}/.ssh" |
|
60 | chroot_exec chmod 700 "/home/${USER_NAME}/.ssh" | |
61 | chroot_exec chown ${USER_NAME}:${USER_NAME} "/home/${USER_NAME}/.ssh" |
|
61 | chroot_exec chown "${USER_NAME}":"${USER_NAME}" "/home/${USER_NAME}/.ssh" | |
62 |
|
62 | |||
63 | # Add SSH (v2) public key(s) to authorized_keys file |
|
63 | # Add SSH (v2) public key(s) to authorized_keys file | |
64 | cat "$SSH_USER_PUB_KEY" >> "${R}/home/${USER_NAME}/.ssh/authorized_keys" |
|
64 | cat "$SSH_USER_PUB_KEY" >> "${R}/home/${USER_NAME}/.ssh/authorized_keys" | |
65 |
|
65 | |||
66 | # Set permissions of $USER_NAME SSH config directory |
|
66 | # Set permissions of $USER_NAME SSH config directory | |
67 | chroot_exec chmod 600 "/home/${USER_NAME}/.ssh/authorized_keys" |
|
67 | chroot_exec chmod 600 "/home/${USER_NAME}/.ssh/authorized_keys" | |
68 | chroot_exec chown ${USER_NAME}:${USER_NAME} "/home/${USER_NAME}/.ssh/authorized_keys" |
|
68 | chroot_exec chown "${USER_NAME}":"${USER_NAME}" "/home/${USER_NAME}/.ssh/authorized_keys" | |
69 |
|
69 | |||
70 | if [ "$ENABLE_REDUCE" = false ] || [ "$REDUCE_SSHD" = false ] ; then |
|
70 | if [ "$ENABLE_REDUCE" = false ] || [ "$REDUCE_SSHD" = false ] ; then | |
71 | # Allow SSH public key authentication |
|
71 | # Allow SSH public key authentication | |
@@ -85,7 +85,7 if [ "$ENABLE_SSHD" = true ] ; then | |||||
85 | allowed_users="${allowed_users} ${USER_NAME}" |
|
85 | allowed_users="${allowed_users} ${USER_NAME}" | |
86 | fi |
|
86 | fi | |
87 |
|
87 | |||
88 |
if [ |
|
88 | if [ -n "$allowed_users" ] ; then | |
89 | echo "AllowUsers ${allowed_users}" >> "${ETC_DIR}/ssh/sshd_config" |
|
89 | echo "AllowUsers ${allowed_users}" >> "${ETC_DIR}/ssh/sshd_config" | |
90 | fi |
|
90 | fi | |
91 | fi |
|
91 | fi | |
@@ -113,4 +113,4 if [ "$ENABLE_SSHD" = true ] ; then | |||||
113 | if [ "$ENABLE_REDUCE" = true ] && [ "$REDUCE_SSHD" = true ] ; then |
|
113 | if [ "$ENABLE_REDUCE" = true ] && [ "$REDUCE_SSHD" = true ] ; then | |
114 | sed "s|^DROPBEAR_EXTRA_ARGS=.*|DROPBEAR_EXTRA_ARGS=\"${DROPBEAR_ARGS}\"|g" "${ETC_DIR}/default/dropbear" |
|
114 | sed "s|^DROPBEAR_EXTRA_ARGS=.*|DROPBEAR_EXTRA_ARGS=\"${DROPBEAR_ARGS}\"|g" "${ETC_DIR}/default/dropbear" | |
115 | fi |
|
115 | fi | |
116 |
fi |
|
116 | fi No newline at end of file |
@@ -32,7 +32,7 if [ "$ENABLE_UBOOT" = true ] ; then | |||||
32 | fi |
|
32 | fi | |
33 |
|
33 | |||
34 | # Build and install U-Boot inside chroot |
|
34 | # Build and install U-Boot inside chroot | |
35 | chroot_exec make -j${KERNEL_THREADS} -C /tmp/u-boot/ ${UBOOT_CONFIG} all |
|
35 | chroot_exec make -j"${KERNEL_THREADS}" -C /tmp/u-boot/ "${UBOOT_CONFIG}" all | |
36 |
|
36 | |||
37 | # Copy compiled bootloader binary and set config.txt to load it |
|
37 | # Copy compiled bootloader binary and set config.txt to load it | |
38 | install_exec "${R}/tmp/u-boot/tools/mkimage" "${R}/usr/sbin/mkimage" |
|
38 | install_exec "${R}/tmp/u-boot/tools/mkimage" "${R}/usr/sbin/mkimage" |
@@ -25,8 +25,8 if [ "$ENABLE_REDUCE" = true ] ; then | |||||
25 |
|
25 | |||
26 | # Remove all doc files |
|
26 | # Remove all doc files | |
27 | if [ "$REDUCE_DOC" = true ] ; then |
|
27 | if [ "$REDUCE_DOC" = true ] ; then | |
28 | find "${R}/usr/share/doc" -depth -type f ! -name copyright | xargs rm || true |
|
28 | find "${R}/usr/share/doc" -depth -type f ! -name copyright -print0 | xargs -0 rm || true | |
29 | find "${R}/usr/share/doc" -empty | xargs rmdir || true |
|
29 | find "${R}/usr/share/doc" -empty -print0 | xargs -0 rmdir || true | |
30 | fi |
|
30 | fi | |
31 |
|
31 | |||
32 | # Remove all man pages and info files |
|
32 | # Remove all man pages and info files | |
@@ -36,7 +36,7 if [ "$ENABLE_REDUCE" = true ] ; then | |||||
36 |
|
36 | |||
37 | # Remove all locale translation files |
|
37 | # Remove all locale translation files | |
38 | if [ "$REDUCE_LOCALE" = true ] ; then |
|
38 | if [ "$REDUCE_LOCALE" = true ] ; then | |
39 | find "${R}/usr/share/locale" -mindepth 1 -maxdepth 1 ! -name 'en' | xargs rm -r |
|
39 | find "${R}/usr/share/locale" -mindepth 1 -maxdepth 1 ! -name 'en' -print0 | xargs -0 rm -r | |
40 | fi |
|
40 | fi | |
41 |
|
41 | |||
42 | # Remove hwdb PCI device classes (experimental) |
|
42 | # Remove hwdb PCI device classes (experimental) |
@@ -8,6 +8,7 setenv machid 0x00000c42 | |||||
8 | saveenv |
|
8 | saveenv | |
9 |
|
9 | |||
10 | # Load the existing Linux kernel into RAM |
|
10 | # Load the existing Linux kernel into RAM | |
|
11 | mmc dev 0 | |||
11 | fatload mmc 0:1 ${kernel_addr_r} kernel7.img |
|
12 | fatload mmc 0:1 ${kernel_addr_r} kernel7.img | |
12 | fatload mmc 0:1 ${fdt_addr_r} ${dtbfile} |
|
13 | fatload mmc 0:1 ${fdt_addr_r} ${dtbfile} | |
13 | fatload mmc 0:1 ${ramdisk_addr_r} ${initramfs} |
|
14 | fatload mmc 0:1 ${ramdisk_addr_r} ${initramfs} |
General Comments 0
Vous devez vous connecter pour laisser un commentaire.
Se connecter maintenant