##// END OF EJS Templates
Merge pull request #7 from drtyhlpr/master...
burnbabyburn -
r402:5e0c21732fc8 Fusion
parent child
Show More
@@ -0,0 +1,21
1 add table ip filter
2 add chain ip filter INPUT { type filter hook input priority 0; }
3 add chain ip filter FORWARD { type filter hook forward priority 0; }
4 add chain ip filter OUTPUT { type filter hook output priority 0; }
5 add chain ip filter TCP
6 add chain ip filter UDP
7 add chain ip filter SSH
8 add rule ip filter INPUT icmp type echo-request limit rate 30/minute burst 8 packets counter accept
9 add rule ip filter INPUT icmp type echo-request counter drop
10 add rule ip filter INPUT ct state related,established counter accept
11 add rule ip filter INPUT iifname lo counter accept
12 add rule ip filter INPUT ct state invalid counter drop
13 add rule ip filter INPUT tcp dport 22 ct state new counter jump SSH
14 # -t filter -A SSH -m recent --name sshbf --rttl --rcheck --hitcount 3 --seconds 10 -j DROP
15 # -t filter -A SSH -m recent --name sshbf --rttl --rcheck --hitcount 20 --seconds 1800 -j DROP
16 # -t filter -A SSH -m recent --name sshbf --set -j ACCEPT
17 add rule ip filter INPUT ip protocol udp ct state new counter jump UDP
18 add rule ip filter INPUT tcp flags & fin|syn|rst|ack == syn ct state new counter jump TCP
19 add rule ip filter INPUT ip protocol udp counter reject
20 add rule ip filter INPUT ip protocol tcp counter reject with tcp reset
21 add rule ip filter INPUT counter reject with icmp type prot-unreachable
@@ -0,0 +1,24
1 add table ip6 filter
2 add chain ip6 filter INPUT { type filter hook input priority 0; }
3 add chain ip6 filter FORWARD { type filter hook forward priority 0; }
4 add chain ip6 filter OUTPUT { type filter hook output priority 0; }
5 add chain ip6 filter TCP
6 add chain ip6 filter UDP
7 add chain ip6 filter SSH
8 add rule ip6 filter INPUT rt type 0 counter drop
9 add rule ip6 filter OUTPUT rt type 0 counter drop
10 add rule ip6 filter FORWARD rt type 0 counter drop
11 add rule ip6 filter INPUT meta l4proto ipv6-icmp icmpv6 type echo-request limit rate 30/minute burst 8 packets counter accept
12 add rule ip6 filter INPUT meta l4proto ipv6-icmp icmpv6 type echo-request counter drop
13 add rule ip6 filter INPUT ct state related,established counter accept
14 add rule ip6 filter INPUT iifname lo counter accept
15 add rule ip6 filter INPUT ct state invalid counter drop
16 add rule ip6 filter INPUT tcp dport 22 ct state new counter jump SSH
17 # -t filter -A SSH -m recent --name sshbf --rttl --rcheck --hitcount 3 --seconds 10 -j DROP
18 # -t filter -A SSH -m recent --name sshbf --rttl --rcheck --hitcount 20 --seconds 1800 -j DROP
19 # -t filter -A SSH -m recent --name sshbf --set -j ACCEPT
20 add rule ip6 filter INPUT meta l4proto udp ct state new counter jump UDP
21 add rule ip6 filter INPUT tcp flags & fin|syn|rst|ack == syn ct state new counter jump TCP
22 add rule ip6 filter INPUT meta l4proto udp counter reject with icmpv6 type admin-prohibited
23 add rule ip6 filter INPUT meta l4proto tcp counter reject with icmpv6 type admin-prohibited
24 add rule ip6 filter INPUT counter reject with icmpv6 type admin-prohibited
@@ -1,5 +1,5
1 1 ## 介绍
2 `rpi23-gen-image.sh` 是一个自动生成树莓派2/3系统镜像的脚本工具, 当前支持自动生成32位 armhf 架构的Debian, 发行版本`jessie`, `stretch``buster`. 树莓派3 64位镜像需要使用特定的配置参数 (```templates/rpi3-stretch-arm64-4.11.y```).
2 `rpi23-gen-image.sh` 是一个自动生成树莓派2/3系统镜像的脚本工具, 当前支持自动生成32位 armhf 架构的Debian, 发行版本`jessie`, `stretch``buster`. 树莓派3 64位镜像需要使用特定的配置参数 (```templates/rpi3-stretch-arm64-4.14.y```).
3 3
4 4 ## 构建环境所依赖的包
5 5 一定要安装好下列deb包, 他们是构建过程需要的核心包. 脚本会自动检查, 如果缺少,经用户确认后会自动安装.
@@ -1,6 +1,6
1 1 # rpi23-gen-image
2 2 ## Introduction
3 `rpi23-gen-image.sh` is an advanced Debian Linux bootstrapping shell script for generating Debian OS images for Raspberry Pi 2 (RPi2) and Raspberry Pi 3 (RPi3) computers. The script at this time supports the bootstrapping of the Debian (armhf) releases `stretch` and `buster`. Raspberry Pi 3 images are generated for 32-bit mode only. Raspberry Pi 3 64-bit images can be generated using custom configuration parameters (```templates/rpi3-stretch-arm64-4.11.y```).
3 `rpi23-gen-image.sh` is an advanced Debian Linux bootstrapping shell script for generating Debian OS images for Raspberry Pi 2 (RPi2) and Raspberry Pi 3 (RPi3) computers. The script at this time supports the bootstrapping of the Debian (armhf) releases `stretch` and `buster`. Raspberry Pi 3 images are generated for 32-bit mode only. Raspberry Pi 3 64-bit images can be generated using custom configuration parameters (```templates/rpi3-stretch-arm64-4.14.y```).
4 4
5 5 ## Build dependencies
6 6 The following list of Debian packages must be installed on the build system because they are essentially required for the bootstrapping process. The script will check if all required packages are installed and missing packages will be installed automatically if confirmed by the user.
@@ -11,29 +11,23 if [ -z "$APT_PROXY" ] ; then
11 11 sed -i "s/\"\"/\"${APT_PROXY}\"/" "${ETC_DIR}/apt/apt.conf.d/10proxy"
12 12 fi
13 13
14 if [ "$BUILD_KERNEL" = false ] ; then
15 echo "Downloading precompiled kernel"
16 echo "error: not configured"
17 exit 1;
18 # BUILD_KERNEL=true
19 else
20 echo "No precompiled kernel repositories were added"
21 fi
22
23 14 # Upgrade package index and update all installed packages and changed dependencies
24 15 chroot_exec apt-get -qq -y update
25 16 chroot_exec apt-get -qq -y -u dist-upgrade
26 17
18 # Install additional packages
27 19 if [ "$APT_INCLUDES_LATE" ] ; then
28 20 chroot_exec apt-get -qq -y install "$(echo "$APT_INCLUDES_LATE" |tr , ' ')"
29 21 fi
30 22
23 # Install Debian custom packages
31 24 if [ -d packages ] ; then
32 25 for package in packages/*.deb ; do
33 26 cp "$package" "${R}"/tmp
34 27 chroot_exec dpkg --unpack /tmp/"$(basename "$package")"
35 28 done
36 29 fi
30
37 31 chroot_exec apt-get -qq -y -f install
38 32
39 33 chroot_exec apt-get -qq -y check
@@ -107,36 +107,21 if [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then
107 107 # Set permissions
108 108 chown -R root:root "${R}/tmp/pi-bluetooth"
109 109
110 # Install files to chroot
111 110 # Install tools
112 111 install_readonly "${R}/tmp/pi-bluetooth/usr/bin/btuart" "${R}/usr/bin/btuart"
113 112 install_readonly "${R}/tmp/pi-bluetooth/usr/bin/bthelper" "${R}/usr/bin/bthelper"
114 113
115 114 # Install bluetooth udev rule
116 115 install_readonly "${R}/tmp/pi-bluetooth/lib/udev/rules.d/90-pi-bluetooth.rules" "${LIB_DIR}/udev/rules.d/90-pi-bluetooth.rules"
117 #aur
118 #install_readonly "${R}/tmp/pi-bluetooth/50-bluetooth-hci-auto-poweron.rules" "${ETC_DIR}/udev/rules.d/50-bluetooth-hci-auto-poweron.rules"
119 116
120 117 # Install Firmware Flash file and apropiate licence
121 118 mkdir "${ETC_DIR}/firmware/"
122 119
123 #aur https://aur.archlinux.org/packages/pi-bluetooth/
124 #install_readonly "${R}/tmp/pi-bluetooth/LICENCE.broadcom_bcm43xx" "${ETC_DIR}/firmware/LICENCE.broadcom_bcm43xx"
125 #install_readonly "${R}/tmp/pi-bluetooth/BCM43430A1.hcd" "${ETC_DIR}/firmware/BCM43430A1.hcd"
126
127 120 wget -O "${R}/tmp/pi-bluetooth/LICENCE.broadcom_bcm43xx" https://aur.archlinux.org/cgit/aur.git/plain/LICENCE.broadcom_bcm43xx?h=pi-bluetooth
128 121 wget -O "${R}/tmp/pi-bluetooth/BCM43430A1.hcd" https://aur.archlinux.org/cgit/aur.git/plain/BCM43430A1.hcd?h=pi-bluetooth
129 122
130 # Install systemd service for bluetooth
131 #install_readonly "${R}/tmp/pi-bluetooth/brcm43438.service" "${ETC_DIR}/systemd/system/brcm43438.service"
132
133 # Remove temporary directory
134 #rm -fr "${temp_dir}"
135
136 123 # Get /dev/serial back for compability
137 # Raspberry-sys-mod package
138 124 wget -O "${ETC_DIR}/udev/rules.d/99-com.rules" https://raw.githubusercontent.com/RPi-Distro/raspberrypi-sys-mods/master/etc.armhf/udev/rules.d/99-com.rules
139
140 125 fi
141 126 fi
142 127
@@ -103,11 +103,12 if [ "$ENABLE_WIRELESS" = true ] ; then
103 103
104 104 # Fetch firmware binary blob for RPI3B+
105 105 if [ "$RPI_MODEL" = 3P ] ; then
106 # Fetch firmware binary blob for RPi3P
106 107 as_nobody wget -q -O "${temp_dir}/brcmfmac43455-sdio.bin" "${WLAN_FIRMWARE_URL}/brcmfmac43455-sdio.bin"
107 108 as_nobody wget -q -O "${temp_dir}/brcmfmac43455-sdio.txt" "${WLAN_FIRMWARE_URL}/brcmfmac43455-sdio.txt"
108 109 as_nobody wget -q -O "${temp_dir}/brcmfmac43455-sdio.clm_blob" "${WLAN_FIRMWARE_URL}/brcmfmac43455-sdio.clm_blob"
109 110 elif [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 0 ] ; then
110 # Fetch firmware binary blob for RPI3
111 # Fetch firmware binary blob for RPi3
111 112 as_nobody wget -q -O "${temp_dir}/brcmfmac43430-sdio.bin" "${WLAN_FIRMWARE_URL}/brcmfmac43430-sdio.bin"
112 113 as_nobody wget -q -O "${temp_dir}/brcmfmac43430-sdio.txt" "${WLAN_FIRMWARE_URL}/brcmfmac43430-sdio.txt"
113 114 fi
@@ -72,7 +72,7 if [ "$ENABLE_UBOOT" = true ] ; then
72 72 printf "\n# 64bit-mode" >> "${BOOT_DIR}/config.txt"
73 73 printf "\n# arm_control=0x200 is deprecated https://www.raspberrypi.org/documentation/configuration/config-txt/misc.md" >> "${BOOT_DIR}/config.txt"
74 74 printf "\narm_64bit=1" >> "${BOOT_DIR}/config.txt"
75 #in 64bit uboot booti is used instead of bootz [like in KERNEL_BIN_IMAGE=zImage (armv7)|| Image(armv8)]
75
76 76 sed -i "s|bootz|booti|g" "${BOOT_DIR}/uboot.mkimage"
77 77 fi
78 78
@@ -29,6 +29,7 if [ "$ENABLE_VIDEOCORE" = true ] ; then
29 29
30 30 # Create build dir
31 31 mkdir "${R}"/tmp/userland/build
32
32 33 # push us to build directory
33 34 pushd "${R}"/tmp/userland/build
34 35
@@ -46,6 +47,7 if [ "$ENABLE_VIDEOCORE" = true ] ; then
46 47
47 48 #build userland
48 49 make -j "$(nproc)"
50
49 51 #pop us out of build dir
50 52 popd
51 53 fi
@@ -146,7 +146,7 ENABLE_REDUCE=${ENABLE_REDUCE:=false}
146 146 ENABLE_UBOOT=${ENABLE_UBOOT:=false}
147 147 UBOOTSRC_DIR=${UBOOTSRC_DIR:=""}
148 148 ENABLE_FBTURBO=${ENABLE_FBTURBO:=false}
149 ENABLE_VIDEOCORE=${ENABLE_VIDEOCORE:=true}
149 ENABLE_VIDEOCORE=${ENABLE_VIDEOCORE:=false}
150 150 VIDEOCORESRC_DIR=${VIDEOCORESRC_DIR:=""}
151 151 FBTURBOSRC_DIR=${FBTURBOSRC_DIR:=""}
152 152 ENABLE_HARDNET=${ENABLE_HARDNET:=false}
@@ -208,29 +208,17 COMPILER_PACKAGES=""
208 208
209 209 set +x
210 210
211 #If init and systemd-sysv are wanted e.g. halt/reboot/shutdown scripts
212 if [ "$ENABLE_SYSVINIT" = false ] ; then
213 APT_EXCLUDES="--exclude=${APT_EXCLUDES},init,systemd-sysv"
214 fi
215
216 #Check if apt-cacher-ng has its default port open on and set APT_PROXY
217 if [ -n "$(lsof -i :3142)" ] ; then
218 HTTP_PROXY=http://127.0.0.1:3142/
219 fi
220
221 #make script easier and more stable to use with convenient setup switch. Just setup SET_ARCH and RPI_MODEL and your good to go!
211 # Setup architecture specific settings
222 212 if [ -n "$SET_ARCH" ] ; then
223 echo "Setting Architecture specific settings"
224 ##################################
225 # 64 bit config
226 ##################################
213
214 # 64 bit configuration
227 215 if [ "$SET_ARCH" = 64 ] ; then
228 echo "64 bit mode selected - Setting up enviroment"
229 # 64 bit depended settings
216 # General 64 bit depended settings
230 217 QEMU_BINARY=${QEMU_BINARY:=/usr/bin/qemu-aarch64-static}
231 218 KERNEL_ARCH=${KERNEL_ARCH:=arm64}
232 219 KERNEL_BIN_IMAGE=${KERNEL_BIN_IMAGE:="Image"}
233 220
221 # Board specific settings
234 222 if [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then
235 223 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-arm64"
236 224 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcmrpi3_defconfig}
@@ -243,27 +231,24 if [ -n "$SET_ARCH" ] ; then
243 231 fi
244 232 fi
245 233
246 ##################################
247 # 32 bit config
248 ##################################
234 # 32 bit configuration
249 235 if [ "$SET_ARCH" = 32 ] ; then
250 echo "32 bit mode selected - Setting up enviroment"
251 #General 32bit configuration
236 # General 32 bit dependend settings
252 237 QEMU_BINARY=${QEMU_BINARY:=/usr/bin/qemu-arm-static}
253 238 KERNEL_ARCH=${KERNEL_ARCH:=arm}
254 239 KERNEL_BIN_IMAGE=${KERNEL_BIN_IMAGE:="zImage"}
255 240
256 #Raspberry setting grouped by board compability
241 # Hardware specific settings
257 242 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 1 ] || [ "$RPI_MODEL" = 1P ] ; then
258 echo "Setting settings for bcm2835 Raspberry PI boards"
259 243 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-armel"
260 244 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcmrpi_defconfig}
261 245 RELEASE_ARCH=${RELEASE_ARCH:=armel}
262 246 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel.img}
263 247 CROSS_COMPILE=${CROSS_COMPILE:=arm-linux-gnueabi-}
264 248 fi
249
250 # Hardware specific settings
265 251 if [ "$RPI_MODEL" = 2 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then
266 echo "Setting settings for bcm2837 Raspberry PI boards"
267 252 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-armhf"
268 253 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcm2709_defconfig}
269 254 RELEASE_ARCH=${RELEASE_ARCH:=armhf}
@@ -276,9 +261,7 else
276 261 echo "error: Please set '32' or '64' as value for SET_ARCH"
277 262 exit 1
278 263 fi
279
280 #Device specific configuration and uboot-config
281 echo "Select DTB-File"
264 # Device specific configuration and U-Boot configuration
282 265 case "$RPI_MODEL" in
283 266 0)
284 267 DTB_FILE=${DTB_FILE:=bcm2708-rpi-0-w.dtb}
@@ -329,6 +312,7 if [ -n "$DISABLE_UNDERVOLT_WARNINGS" ] ; then
329 312 fi
330 313 fi
331 314
315 # Add cmake to compile videocore sources
332 316 if [ "$ENABLE_VIDEOCORE" = true ] ; then
333 317 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} cmake"
334 318 fi
@@ -536,6 +520,21 if [ "$ENABLE_REDUCE" = true ] ; then
536 520 fi
537 521 fi
538 522
523 # Configure systemd-sysv exclude to make halt/reboot/shutdown scripts available
524 if [ "$ENABLE_SYSVINIT" = false ] ; then
525 APT_EXCLUDES="--exclude=${APT_EXCLUDES},init,systemd-sysv"
526 fi
527
528 # Check if kernel is getting compiled
529 if [ "$BUILD_KERNEL" = false ] ; then
530 echo "Downloading precompiled kernel"
531 echo "error: not configured"
532 exit 1;
533 # BUILD_KERNEL=true
534 else
535 echo "No precompiled kernel repositories were added"
536 fi
537
539 538 # Configure kernel sources if no KERNELSRC_DIR
540 539 if [ "$BUILD_KERNEL" = true ] && [ -z "$KERNELSRC_DIR" ] ; then
541 540 KERNELSRC_CONFIG=true
@@ -11,5 +11,5 QEMU_BINARY=/usr/bin/qemu-aarch64-static
11 11 KERNEL_DEFCONFIG=bcmrpi3_defconfig
12 12 KERNEL_BIN_IMAGE=Image
13 13 KERNEL_IMAGE=kernel8.img
14 KERNEL_BRANCH=rpi-4.11.y
14 KERNEL_BRANCH=rpi-4.14.y
15 15 ENABLE_WIRELESS=true
1 NO CONTENT: file was removed
1 NO CONTENT: file was removed
General Comments 0
Vous devez vous connecter pour laisser un commentaire. Se connecter maintenant