Raspi2-3_GenImage Commit - r706:5f25ae0fa153 · Collaboration Tremplin des Sciences

Merge branch 'drtyhlpr-master'

vidal -

r706:5f25ae0fa153

parent child

Context file:

r706:5f25ae0fa153

README.md +28 0

                ```debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git bc psmisc dbus sudo```
              It is recommended to configure the `rpi23-gen-image.sh` script to build and install the latest Raspberry Pi Linux kernel. For the Raspberry 3 this is mandatory. Kernel compilation and linking will be performed on the build system using an ARM (armhf/armel) cross-compiler toolchain.
+             It is recommended to configure the `rpi23-gen-image.sh` script to build and install the latest Raspberry Pi Linux kernel. For the Raspberry 3 this is mandatory. Kernel compilation and linking will be performed on the build system using an ARM (armhf/armel/aarch64) cross-compiler toolchain.
              The script has been tested using the default `crossbuild-essential-armhf` and `crossbuild-essential-armel` toolchain meta packages on Debian Linux `stretch` build systems. Please check the [Debian CrossToolchains Wiki](https://wiki.debian.org/CrossToolchains) for further information.
              #### General system settings:
              ##### `SET_ARCH`=32
              Set Architecture to default 32bit. If you want to compile 64-bit (RPI3 or RPI3+) set it to `64`. This option will set every needed cross-compiler or board specific option for a successful build.
+             Set Architecture to default 32bit. If you want to compile 64-bit (RPI3/RPI3+/RPI4) set it to `64`. This option will set every needed cross-compiler or board specific option for a successful build.
              ##### `RPI_MODEL`=2
              Specify the target Raspberry Pi hardware model. The script at this time supports the following Raspberry Pi models:
              - `2`  = Raspberry Pi 2 model B
              - `3`  = Raspberry Pi 3 model B
              - `3P` = Raspberry Pi 3 model B+
+             - `4`  = Raspberry Pi 4 model B
              ##### `RELEASE`="buster"
              Set the desired Debian release name. The script at this time supports the bootstrapping of the Debian releases `stretch` and `buster`.
              ---
              #### Advanced system features:
+             ##### `ENABLE_KEYGEN`=false
+             Recover your lost codec license
              ##### `ENABLE_SYSTEMDSWAP`=false
              Enables [Systemd-swap service](https://github.com/Nefelim4ag/systemd-swap). Usefull if `KERNEL_ZSWAP` is enabled.
              ##### `ENABLE_UBOOT`=false
              Replace the default RPi 0/1/2/3 second stage bootloader (bootcode.bin) with [U-Boot bootloader](https://git.denx.de/?p=u-boot.git;a=summary). U-Boot can boot images via the network using the BOOTP/TFTP protocol.
+             RPI4 needs tbd
              ##### `UBOOTSRC_DIR`=""
              Path to a directory (`u-boot`) of [U-Boot bootloader sources](https://git.denx.de/?p=u-boot.git;a=summary) that will be copied, configured, build and installed inside the chroot.
              #### Kernel compilation:
              ##### `BUILD_KERNEL`=true
              Build and install the latest RPi 0/1/2/3 Linux kernel. Currently only the default RPi 0/1/2/3 kernel configuration is used.
+             Build and install the latest RPi 0/1/2/3/4 Linux kernel. The default RPi 0/1/2/3/ kernel configuration is used most of the time.
+             ENABLE_NEXMON - Changes Kernel Source to [https://github.com/Re4son/](Kali Linux Kernel)
+             Precompiled 32bit kernel for RPI0/1/2/3 by [https://github.com/hypriot/](hypriot)
+             Precompiled 64bit kernel for RPI3/4 by [https://github.com/sakaki-/](sakaki)
              ##### `CROSS_COMPILE`="arm-linux-gnueabihf-"
              This sets the cross-compile environment for the compiler.
              ##### `KERNEL_SECURITY`=false
              Enables Apparmor, integrity subsystem, auditing.
+             ##### `KERNEL_BTRFS`="false"
+             enable btrfs kernel support
+             ##### `KERNEL_POEHAT`="false"
+             enable Enable RPI POE HAT fan kernel support
+             ##### `KERNEL_NSPAWN`="false"
+             Enable per-interface network priority control - for systemd-nspawn
+             ##### `KERNEL_DHKEY`="true"
+             Diffie-Hellman operations on retained keys - required for >keyutils-1.6
              ---
              #### Reduce disk usage:
              Set name of dm-crypt managed device-mapper mapping.
              ##### `CRYPTFS_CIPHER`="aes-xts-plain64:sha512"
+             ##### `CRYPTFS_CIPHER`="aes-xts-plain64"
              Set cipher specification string. `aes-xts*` ciphers are strongly recommended.
+             ##### `CRYPTFS_HASH`=sha512
+             Hash function and size to be used
              ##### `CRYPTFS_XTSKEYSIZE`=512
              Sets key size in bits. The argument has to be a multiple of 8.

bootstrap.d/11-apt.sh +10 0

              # Use specified APT server and release
              sed -i "s/\/ftp.debian.org\//\/${APT_SERVER}\//" "${ETC_DIR}/apt/sources.list"
+             #Fix for changing path for security updates in testing/bullseye
+             if [ "$RELEASE" = "testing" ] ; then
+             sed -i "s,stretch\\/updates,testing-security," "${ETC_DIR}/apt/sources.list"
              sed -i "s/ stretch/ ${RELEASE}/" "${ETC_DIR}/apt/sources.list"
+             fi
+             if [ -z "$RELEASE" ] ; then
+             # Change release in sources list
+             sed -i "s/ stretch/ ${RELEASE}/" "${ETC_DIR}/apt/sources.list"
+             fi
              # Upgrade package index and update all installed packages and changed dependencies
              chroot_exec apt-get -qq -y update

bootstrap.d/14-fstab.sh +81 -75

		@@ -8,108 +8,114
8	8	# Install and setup fstab
9	9	install_readonly files/mount/fstab "${ETC_DIR}/fstab"
10	10
11		# Add usb/sda disk root partition to fstab
12		if [ "$ENABLE_SPLITFS" = true ] && [ "$ENABLE_CRYPTFS" = false ] ; then
13		sed -i "s/mmcblk0p2/sda1/" "${ETC_DIR}/fstab"
14		fi
15
16		# Add encrypted root partition to fstab and crypttab
17		if [ "$ENABLE_CRYPTFS" = true ] ; then
18		# Replace fstab root partition with encrypted partition mapping
19		sed -i "s/mmcblk0p2/mapper\/${CRYPTFS_MAPPING}/" "${ETC_DIR}/fstab"
20
21		# Add encrypted partition to crypttab and fstab
22		install_readonly files/mount/crypttab "${ETC_DIR}/crypttab"
23		echo "${CRYPTFS_MAPPING} /dev/mmcblk0p2 none luks,initramfs" >> "${ETC_DIR}/crypttab"
24
25		if [ "$ENABLE_SPLITFS" = true ] ; then
26		# Add usb/sda1 disk to crypttab
27		sed -i "s/mmcblk0p2/sda1/" "${ETC_DIR}/crypttab"
28		fi
29		fi
30
31		if [ "$ENABLE_USBBOOT" = true ] ; then
32		sed -i "s/mmcblk0p1/sda1/" "${ETC_DIR}/fstab"
33		sed -i "s/mmcblk0p2/sda2/" "${ETC_DIR}/fstab"
34
35		# Add usb/sda2 disk to crypttab
36		sed -i "s/mmcblk0p2/sda2/" "${ETC_DIR}/crypttab"
37		fi
38
39	11	# Generate initramfs file
40	12	if [ "$ENABLE_INITRAMFS" = true ] ; then
41	13	if [ "$ENABLE_CRYPTFS" = true ] ; then
	14
42	15	# Include initramfs scripts to auto expand encrypted root partition
43	16	if [ "$EXPANDROOT" = true ] ; then
44	17	install_exec files/initramfs/expand_encrypted_rootfs "${ETC_DIR}/initramfs-tools/scripts/init-premount/expand_encrypted_rootfs"
45	18	install_exec files/initramfs/expand-premount "${ETC_DIR}/initramfs-tools/scripts/local-premount/expand-premount"
46	19	install_exec files/initramfs/expand-tools "${ETC_DIR}/initramfs-tools/hooks/expand-tools"
47	20	fi
48
49		if [ "$ENABLE_DHCP" = false ] ; then
50		# Get cdir from NET_ADDRESS e.g. 24
51		cdir=$(${NET_ADDRESS} \| cut -d '/' -f2)
	21
	22	# Replace fstab root partition with encrypted partition mapping
	23	sed -i "s/mmcblk0p2/mapper\/${CRYPTFS_MAPPING}/" "${ETC_DIR}/fstab"
52	24
53		# Convert cdir ro netmask e.g. 24 to 255.255.255.0
54		NET_MASK=$(cdr2mask "$cdir")
	25	# Add encrypted partition to crypttab and fstab
	26	install_readonly files/mount/crypttab "${ETC_DIR}/crypttab"
	27	echo "${CRYPTFS_MAPPING} /dev/mmcblk0p2 none luks,initramfs" >> "${ETC_DIR}/crypttab"
55	28
56		# Write static ip settings to "${ETC_DIR}"/initramfs-tools/initramfs.conf
57		sed -i "\$aIP=${NET_ADDRESS}::${NET_GATEWAY}:${NET_MASK}:${HOSTNAME}:" "${ETC_DIR}"/initramfs-tools/initramfs.conf
58
59		# Regenerate initramfs
60		chroot_exec mkinitramfs -o "/boot/firmware/initramfs-${KERNEL_VERSION}" "${KERNEL_VERSION}"
	29	if [ "$ENABLE_USBBOOT" = true ] && [ "$ENABLE_SPLITFS" = false ]; then
	30	sed -i "s/mmcblk0p1/sda1/" "${ETC_DIR}/fstab"
	31	# Add usb/sda2 disk to crypttab
	32	sed -i "s/mmcblk0p2/sda2/" "${ETC_DIR}/crypttab"
	33	fi
	34
	35	# Add encrypted root partition to fstab and crypttab
	36	if [ "$ENABLE_SPLITFS" = true ] && [ "$ENABLE_USBBOOT" = false ]; then
	37	# Add usb/sda1 disk to crypttab
	38	sed -i "s/mmcblk0p2/sda1/" "${ETC_DIR}/crypttab"
61	39	fi
62	40
63		if [ "$CRYPTFS_DROPBEAR" = true ]; then
64		if [ -n "$CRYPTFS_DROPBEAR_PUBKEY" ] && [ -f "$CRYPTFS_DROPBEAR_PUBKEY" ] ; then
65		install_readonly "${CRYPTFS_DROPBEAR_PUBKEY}" "${ETC_DIR}"/dropbear-initramfs/id_rsa.pub
66		cat "${ETC_DIR}"/dropbear-initramfs/id_rsa.pub >> "${ETC_DIR}"/dropbear-initramfs/authorized_keys
67		else
68		# Create key
69		chroot_exec /usr/bin/dropbearkey -t rsa -f /etc/dropbear-initramfs/id_rsa.dropbear
70
71		# Convert dropbear key to openssh key
72		chroot_exec /usr/lib/dropbear/dropbearconvert dropbear openssh /etc/dropbear-initramfs/id_rsa.dropbear /etc/dropbear-initramfs/id_rsa
73
74		# Get Public Key Part
75		chroot_exec /usr/bin/dropbearkey -y -f /etc/dropbear-initramfs/id_rsa.dropbear \| chroot_exec tee /etc/dropbear-initramfs/id_rsa.pub
76
77		# Delete unwanted lines
78		sed -i '/Public/d' "${ETC_DIR}"/dropbear-initramfs/id_rsa.pub
79		sed -i '/Fingerprint/d' "${ETC_DIR}"/dropbear-initramfs/id_rsa.pub
80
81		# Trust the new key
82		cat "${ETC_DIR}"/dropbear-initramfs/id_rsa.pub > "${ETC_DIR}"/dropbear-initramfs/authorized_keys
83
84		# Save Keys - convert with putty from rsa/openssh to puttkey
85		cp -f "${ETC_DIR}"/dropbear-initramfs/id_rsa "${BASEDIR}"/dropbear_initramfs_key.rsa
86
87		# Get unlock script
88		install_exec files/initramfs/crypt_unlock.sh "${ETC_DIR}"/initramfs-tools/hooks/crypt_unlock.sh
89
90		# Enable Dropbear inside initramfs
91		printf "#\n# DROPBEAR: [ y \| n ]\n#\n\nDROPBEAR=y\n" >> "${ETC_DIR}/initramfs-tools/initramfs.conf"
	41	if [ "$CRYPTFS_DROPBEAR" = true ]; then
	42	if [ "$ENABLE_DHCP" = false ] ; then
	43	# Get cdir from NET_ADDRESS e.g. 24
	44	cdir=$(printf "%s" "${NET_ADDRESS}" \| cut -d '/' -f2)
92	45
93		# Enable Dropbear inside initramfs
94		sed -i "54 i sleep 5" "${R}"/usr/share/initramfs-tools/scripts/init-premount/dropbear
95		fi
96		else
97		# Disable SSHD inside initramfs
98		printf "#\n# DROPBEAR: [ y \| n ]\n#\n\nDROPBEAR=n\n" >> "${ETC_DIR}/initramfs-tools/initramfs.conf"
99		fi
	46	# Convert cdir ro netmask e.g. 24 to 255.255.255.0
	47	NET_MASK=$(cdr2mask "$cdir")
	48
	49	# Write static ip settings to "${ETC_DIR}"/initramfs-tools/initramfs.conf
	50	# ip=<client-ip>:<server-ip>:<gw-ip>:<netmask>:<hostname>:<device>:<autoconf>
	51	sed -i "\$a\nIP=${NET_ADDRESS}::${NET_GATEWAY}:${NET_MASK}:${HOSTNAME}:" "${ETC_DIR}"/initramfs-tools/initramfs.conf
	52	else
	53	sed -i "\$a\nIP=::::${HOSTNAME}::dhcp" "${ETC_DIR}"/initramfs-tools/initramfs.conf
	54	fi
	55
	56	if [ -n "$CRYPTFS_DROPBEAR_PUBKEY" ] && [ -f "$CRYPTFS_DROPBEAR_PUBKEY" ] ; then
	57	install_readonly "${CRYPTFS_DROPBEAR_PUBKEY}" "${ETC_DIR}"/dropbear-initramfs/id_rsa.pub
	58	cat "${ETC_DIR}"/dropbear-initramfs/id_rsa.pub >> "${ETC_DIR}"/dropbear-initramfs/authorized_keys
	59	else
	60	# Create key
	61	chroot_exec /usr/bin/dropbearkey -t rsa -f /etc/dropbear-initramfs/id_rsa.dropbear
	62
	63	# Convert dropbear key to openssh key
	64	chroot_exec /usr/lib/dropbear/dropbearconvert dropbear openssh /etc/dropbear-initramfs/id_rsa.dropbear /etc/dropbear-initramfs/id_rsa
	65
	66	# Get Public Key Part
	67	chroot_exec /usr/bin/dropbearkey -y -f /etc/dropbear-initramfs/id_rsa.dropbear \| chroot_exec tee /etc/dropbear-initramfs/id_rsa.pub
	68
	69	# Delete unwanted lines
	70	sed -i '/Public/d' "${ETC_DIR}"/dropbear-initramfs/id_rsa.pub
	71	sed -i '/Fingerprint/d' "${ETC_DIR}"/dropbear-initramfs/id_rsa.pub
	72
	73	# Trust the new key
	74	cat "${ETC_DIR}"/dropbear-initramfs/id_rsa.pub > "${ETC_DIR}"/dropbear-initramfs/authorized_keys
	75
	76	# Save Keys - convert with putty from rsa/openssh to puttkey
	77	cp -f "${ETC_DIR}"/dropbear-initramfs/id_rsa "${BASEDIR}"/dropbear_initramfs_key.rsa
	78
	79	# Get unlock script
	80	install_exec files/initramfs/crypt_unlock.sh "${ETC_DIR}"/initramfs-tools/hooks/crypt_unlock.sh
	81
	82	# Enable Dropbear inside initramfs
	83	printf "#\n# DROPBEAR: [ y \| n ]\n#\n\nDROPBEAR=y\n" >> "${ETC_DIR}/initramfs-tools/initramfs.conf"
	84
	85	# Enable Dropbear inside initramfs
	86	sed -i "54 i sleep 5" "${R}"/usr/share/initramfs-tools/scripts/init-premount/dropbear
	87	fi
	88	# CRYPTFSDROPBEAR=false
	89	else
	90	# Disable SSHD inside initramfs
	91	printf "#\n# DROPBEAR: [ y \| n ]\n#\n\nDROPBEAR=n\n" >> "${ETC_DIR}/initramfs-tools/initramfs.conf"
	92	fi
100	93
101	94	# Add cryptsetup modules to initramfs
102	95	printf "#\n# CRYPTSETUP: [ y \| n ]\n#\n\nCRYPTSETUP=y\n" >> "${ETC_DIR}/initramfs-tools/conf-hook"
	96	#printf "#\n# CRYPTSETUP: [ y \| n ]\n#\n\nCRYPTSETUP=y\n" >> "${ETC_DIR}/initramfs-tools/conf-hook"
103	97
104	98	# Dummy mapping required by mkinitramfs
105	99	echo "0 1 crypt $(echo "${CRYPTFS_CIPHER}" \| cut -d ':' -f 1) ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff 0 7:0 4096" \| chroot_exec dmsetup create "${CRYPTFS_MAPPING}"
	100	echo "0 1 crypt "${CRYPTFS_CIPHER}" ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff 0 7:0 4096" \| chroot_exec dmsetup create "${CRYPTFS_MAPPING}"
106	101
107	102	# Generate initramfs with encrypted root partition support
108	103	chroot_exec mkinitramfs -o "/boot/firmware/initramfs-${KERNEL_VERSION}" "${KERNEL_VERSION}"
109	104
110	105	# Remove dummy mapping
111	106	chroot_exec cryptsetup close "${CRYPTFS_MAPPING}"
	107	# CRYPTFS=false
112	108	else
	109	#USB BOOT /boot on sda1 / on sda2
	110	if [ "$ENABLE_USBBOOT" = true ] ; then
	111	sed -i "s/mmcblk0p1/sda1/" "${ETC_DIR}/fstab"
	112	sed -i "s/mmcblk0p2/sda2/" "${ETC_DIR}/fstab"
	113	fi
	114
	115	# Add usb/sda disk root partition to fstab
	116	if [ "$ENABLE_SPLITFS" = true ] ; then
	117	sed -i "s/mmcblk0p2/sda1/" "${ETC_DIR}/fstab"
	118	fi
113	119	# Generate initramfs without encrypted root partition support
114	120	chroot_exec mkinitramfs -o "/boot/firmware/initramfs-${KERNEL_VERSION}" "${KERNEL_VERSION}"
115	121	fi

bootstrap.d/15-rpi-config.sh +11 0

              fi
              if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then
+             if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] || [ "$RPI_MODEL" = 4 ]; then
                # Bluetooth enabled
                if [ "$ENABLE_BLUETOOTH" = true ] ; then
                  # Set permissions
                  chown -R root:root "${R}/tmp/pi-bluetooth"
+                 # Bluetooth firmware from arch aur https://aur.archlinux.org/packages/pi-bluetooth/
+                 wget -q -O "${R}/tmp/pi-bluetooth/LICENCE.broadcom_bcm43xx" https://aur.archlinux.org/cgit/aur.git/plain/LICENCE.broadcom_bcm43xx?h=pi-bluetooth
+                 wget -q -O "${R}/tmp/pi-bluetooth/BCM43430A1.hcd" https://raw.githubusercontent.com/RPi-Distro/bluez-firmware/master/broadcom/BCM43430A1.hcd
                  # Install tools
                  install_readonly "${R}/tmp/pi-bluetooth/usr/bin/btuart" "${R}/usr/bin/btuart"
                # Change into downloaded src dir
                cd "${R}/tmp/systemd-swap" || exit
+               # Get Verion
+               VERSION=$(git tag | tail -n 1)
+               #sed -i "s/DEB_NAME=.*/DEB_NAME=systemd-swap_all/g" "${R}/tmp/systemd-swap/package.sh"
                # Build package
                bash ./package.sh debian
                # Install package - IMPROVE AND MAKE IT POSSIBLE WITHOUT VERSION NR.
                chroot_exec dpkg -i /tmp/systemd-swap/systemd-swap_4.0.1_any.deb
+               chroot_exec dpkg -i /tmp/systemd-swap/systemd-swap_"$VERSION"_all.deb
                # Enable service
                chroot_exec systemctl enable systemd-swap

bootstrap.d/20-networking.sh +1 0

                # Fetch firmware binary blob for RPI3B+
                if [ "$RPI_MODEL" = 3P ] ; then
+               if [ "$RPI_MODEL" = 3P ] || [ "$RPI_MODEL" = 4 ] ; then
                  # Fetch firmware binary blob for RPi3P
                  as_nobody wget -q -O "${temp_dir}/brcmfmac43455-sdio.bin" "${WLAN_FIRMWARE_URL}/brcmfmac43455-sdio.bin"
                  as_nobody wget -q -O "${temp_dir}/brcmfmac43455-sdio.txt" "${WLAN_FIRMWARE_URL}/brcmfmac43455-sdio.txt"

bootstrap.d/43-videocore.sh +2 0

                if [ "$RELEASE_ARCH" = "arm64" ] ; then
                cmake -DCMAKE_SYSTEM_NAME=Linux -DCMAKE_BUILD_TYPE=release -DARM64=ON -DCMAKE_C_COMPILER=aarch64-linux-gnu-gcc -DCMAKE_CXX_COMPILER=aarch64-linux-gnu-g++ -DCMAKE_ASM_COMPILER=aarch64-linux-gnu-gcc -DCMAKE_C_FLAGS="${CMAKE_C_FLAGS} -U_FORTIFY_SOURCE" -DCMAKE_ASM_FLAGS="${CMAKE_ASM_FLAGS} -c" -DVIDEOCORE_BUILD_DIR="${R}" "${R}/tmp/userland"
+               cmake -DCMAKE_SYSTEM_NAME=Linux -DCMAKE_BUILD_TYPE=release -DCMAKE_TOOLCHAIN_FILE="${R}"/tmp/userland/makefiles/cmake/toolchains/aarch64-linux-gnu.cmake -DARM64=ON -DCMAKE_C_COMPILER=aarch64-linux-gnu-gcc -DCMAKE_CXX_COMPILER=aarch64-linux-gnu-g++ -DCMAKE_ASM_COMPILER=aarch64-linux-gnu-gcc -DCMAKE_C_FLAGS="${CMAKE_C_FLAGS} -U_FORTIFY_SOURCE" -DCMAKE_ASM_FLAGS="${CMAKE_ASM_FLAGS} -c" -DVIDEOCORE_BUILD_DIR="${R}" "${R}/tmp/userland"
                fi
                if [ "$RELEASE_ARCH" = "armel" ] ; then
                cmake -DCMAKE_SYSTEM_NAME=Linux -DCMAKE_BUILD_TYPE=release -DCMAKE_C_COMPILER=arm-linux-gnueabi-gcc -DCMAKE_CXX_COMPILER=arm-linux-gnueabi-g++ -DCMAKE_ASM_COMPILER=arm-linux-gnueabi-gcc -DCMAKE_C_FLAGS="${CMAKE_C_FLAGS} -U_FORTIFY_SOURCE" -DCMAKE_ASM_FLAGS="${CMAKE_ASM_FLAGS} -c" -DCMAKE_SYSTEM_PROCESSOR="arm" -DVIDEOCORE_BUILD_DIR="${R}" "${R}/tmp/userland"
+               cmake -DCMAKE_SYSTEM_NAME=Linux -DCMAKE_BUILD_TYPE=release -DCMAKE_TOOLCHAIN_FILE="${R}"/tmp/userland/makefiles/cmake/toolchains/arm-linux-gnueabihf.cmake -DCMAKE_C_COMPILER=arm-linux-gnueabi-gcc -DCMAKE_CXX_COMPILER=arm-linux-gnueabi-g++ -DCMAKE_ASM_COMPILER=arm-linux-gnueabi-gcc -DCMAKE_C_FLAGS="${CMAKE_C_FLAGS} -U_FORTIFY_SOURCE" -DCMAKE_ASM_FLAGS="${CMAKE_ASM_FLAGS} -c" -DCMAKE_SYSTEM_PROCESSOR="arm" -DVIDEOCORE_BUILD_DIR="${R}" "${R}/tmp/userland"
                fi
                if [ "$RELEASE_ARCH" = "armhf" ] ; then

bootstrap.d/44-nexmon_monitor_patch.sh +1 0

                fi
                if [ "$RPI_MODEL" = 3P ] ; then
+               if [ "$RPI_MODEL" = 3P ] || [ "$RPI_MODEL" = 4 ] ; then
                  cd "${NEXMON_ROOT}"/patches/bcm43455c0/7_45_154/nexmon || exit
              	sed -i -e 's/all:.*/all: $(RAM_FILE)/g' ${NEXMON_ROOT}/patches/bcm43455c0/7_45_154/nexmon/Makefile
                  make clean

rpi23-gen-image.sh +25 0

              # Debian release
              RELEASE=${RELEASE:=buster}
+             if [ $RELEASE = "bullseye" ] ; then
+              RELEASE=testing
+             fi
              # Kernel Branch
              KERNEL_BRANCH=${KERNEL_BRANCH:=""}
              RPI_32_KERNELHEADER_URL=${RPI_32_KERNELHEADER_URL:=https://github.com/hypriot/rpi-kernel/releases/download/v4.14.34/raspberrypi-kernel-headers_20180422-141901_armhf.deb}
              # Kernel has KVM and zswap enabled - use if KERNEL_* parameters and precompiled kernel are used
              RPI3_64_BIS_KERNEL_URL=${RPI3_64_BIS_KERNEL_URL:=https://github.com/sakaki-/bcmrpi3-kernel-bis/releases/download/4.14.80.20181113/bcmrpi3-kernel-bis-4.14.80.20181113.tar.xz}
+             RPI3_64_BIS_KERNEL_URL=${RPI3_64_BIS_KERNEL_URL:=https://github.com/sakaki-/bcmrpi3-kernel-bis/releases/download/4.19.80.20191022/bcmrpi3-kernel-bis-4.19.80.20191022.tar.xz}
              # Default precompiled 64bit kernel
              RPI3_64_DEF_KERNEL_URL=${RPI3_64_DEF_KERNEL_URL:=https://github.com/sakaki-/bcmrpi3-kernel/releases/download/4.14.80.20181113/bcmrpi3-kernel-4.14.80.20181113.tar.xz}
+             RPI3_64_DEF_KERNEL_URL=${RPI3_64_DEF_KERNEL_URL:=https://github.com/sakaki-/bcmrpi3-kernel/releases/download/4.19.80.20191022/bcmrpi3-kernel-4.19.80.20191022.tar.xz}
+             # Sakaki BIS Kernel RPI4 - https://github.com/sakaki-/bcm2711-kernel-bis
+             RPI4_64_BIS_KERNEL_URL=${RPI4_64_BIS_KERNEL_URL:=https://github.com/sakaki-/bcm2711-kernel-bis/releases/download/4.19.59.20190724/bcm2711-kernel-bis-4.19.59.20190724.tar.xz}
+             # Default precompiled 64bit kernel - https://github.com/sakaki-/bcm2711-kernel
+             RPI4_64_DEF_KERNEL_URL=${RPI4_64_DEF_KERNEL_URL:=https://github.com/sakaki-/bcm2711-kernel-bis/releases/download/4.19.59.20190724/bcm2711-kernel-bis-4.19.59.20190724.tar.xz}
              # Generic
              RPI3_64_KERNEL_URL=${RPI3_64_KERNEL_URL:=$RPI3_64_DEF_KERNEL_URL}
+             RPI4_64_KERNEL_URL=${RPI4_64_KERNEL_URL:=$RPI4_64_DEF_KERNEL_URL}
              # Kali kernel src - used if ENABLE_NEXMON=true (they patch the wlan kernel modul)
              KALI_KERNEL_URL=${KALI_KERNEL_URL:=https://github.com/Re4son/re4son-raspberrypi-linux.git}
              KERNEL_DEFAULT_GOV=${KERNEL_DEFAULT_GOV:=ondemand}
              KERNEL_SECURITY=${KERNEL_SECURITY:=false}
              KERNEL_NF=${KERNEL_NF:=false}
+             KERNEL_DHKEY=${KERNEL_DHKEY:=true}
+             KERNEL_BTRFS=${KERNEL_BTRFS:=false}
+             KERNEL_NSPAN=${KERNEL_NSPAN:=false}
+             KERNEL_POEHAT=${KERNEL_POEHAT:=false}
              # Kernel compilation from source directory settings
              KERNELSRC_DIR=${KERNELSRC_DIR:=""}
              CRYPTFS_PASSWORD=${CRYPTFS_PASSWORD:=""}
              CRYPTFS_MAPPING=${CRYPTFS_MAPPING:="secure"}
              CRYPTFS_CIPHER=${CRYPTFS_CIPHER:="aes-xts-plain64:sha512"}
+             CRYPTFS_CIPHER=${CRYPTFS_CIPHER:="aes-xts-plain64"}
+             CRYPTFS_HASH=${CRYPTFS_HASH:="sha512"}
              CRYPTFS_XTSKEYSIZE=${CRYPTFS_XTSKEYSIZE:=512}
              #Dropbear-initramfs supports unlocking encrypted filesystem via SSH on bootup
              CRYPTFS_DROPBEAR=${CRYPTFS_DROPBEAR:=false}
              # Packages required in the chroot build environment
              APT_INCLUDES=${APT_INCLUDES:=""}
              APT_INCLUDES="${APT_INCLUDES},apt-transport-https,apt-utils,ca-certificates,debian-archive-keyring,dialog,sudo,systemd,sysvinit-utils,locales,keyboard-configuration,console-setup,libnss-systemd"
+             APT_INCLUDES="${APT_INCLUDES},flex,bison,libssl-dev,apt-transport-https,apt-utils,ca-certificates,debian-archive-keyring,dialog,sudo,systemd,sysvinit-utils,locales,keyboard-configuration,console-setup,libnss-systemd"
              # Packages to exclude from chroot build environment
              APT_EXCLUDES=${APT_EXCLUDES:=""}
              # Packages required for bootstrapping
              REQUIRED_PACKAGES="debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git bc psmisc dbus sudo"
+             REQUIRED_PACKAGES="debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git bc psmisc dbus bison flex libssl-dev sudo"
              MISSING_PACKAGES=""
              # Packages installed for c/c++ build environment in chroot (keep empty)
                  if [ "$RPI_MODEL" = 2 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] || [ "$RPI_MODEL" = 4 ] ; then
                    if [ "$RPI_MODEL" != 4 ] ; then
                      KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcm2709_defconfig}
+             		KERNEL_IMAGE=${KERNEL_IMAGE:=kernel7.img}
                    else
                      KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcm2711_defconfig}
+             		KERNEL_IMAGE=${KERNEL_IMAGE:=kernel7l.img}
                    fi
                    REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-armhf"
                    RELEASE_ARCH=${RELEASE_ARCH:=armhf}
                    KERNEL_IMAGE=${KERNEL_IMAGE:=kernel7.img}
                    CROSS_COMPILE=${CROSS_COMPILE:=arm-linux-gnueabihf-}
                  fi
                fi
              # Add deps for nexmon
              if [ "$ENABLE_NEXMON" = true ] ; then
                REQUIRED_PACKAGES="${REQUIRED_PACKAGES} libgmp3-dev gawk qpdf bison flex make autoconf automake build-essential libtool"
+               REQUIRED_PACKAGES="${REQUIRED_PACKAGES} libgmp3-dev gawk qpdf make autoconf automake build-essential libtool"
              fi
              # Add libncurses5 to enable kernel menuconfig
              if [ "$ENABLE_CRYPTFS" = true ]  && [ "$BUILD_KERNEL" = true ] ; then
                REQUIRED_PACKAGES="${REQUIRED_PACKAGES} cryptsetup"
                APT_INCLUDES="${APT_INCLUDES},cryptsetup,busybox,console-setup"
+               APT_INCLUDES="${APT_INCLUDES},cryptsetup,busybox,console-setup,cryptsetup-initramfs"
                # If cryptfs,dropbear and initramfs are enabled include dropbear-initramfs package
                if [ "$CRYPTFS_DROPBEAR" = true ] && [ "$ENABLE_INITRAMFS" = true ]; then
                # Make sure all missing required packages are installed
                apt-get -qq -y install `echo "${MISSING_PACKAGES}" | sed "s/ //"`
+               apt-get update && apt-get -qq -y install `echo "${MISSING_PACKAGES}" | sed "s/ //"`
              fi
              # Check if ./bootstrap.d directory exists
                # Initialize encrypted partition
                echo "YES" | cryptsetup luksFormat "${ROOT_LOOP}" -c "${CRYPTFS_CIPHER}" -s "${CRYPTFS_XTSKEYSIZE}" .password
+               cryptsetup --verbose --debug -q luksFormat "${ROOT_LOOP}" -c "${CRYPTFS_CIPHER}" -h "${CRYPTFS_HASH}" -s "${CRYPTFS_XTSKEYSIZE}" .password
                # Open encrypted partition and setup mapping
                cryptsetup luksOpen "${ROOT_LOOP}" -d .password "${CRYPTFS_MAPPING}"

General Comments 0

Écrire
Preview

Vous devez vous connecter pour laisser un commentaire. Se connecter maintenant

No TODOs yet

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Dépôts
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages