@@ -12,6 +12,7 The following list of Debian packages must be installed on the build system beca | |||||
12 | ```debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git bc psmisc dbus sudo``` |
|
12 | ```debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git bc psmisc dbus sudo``` | |
13 |
|
13 | |||
14 | It is recommended to configure the `rpi23-gen-image.sh` script to build and install the latest Raspberry Pi Linux kernel. For the Raspberry 3 this is mandatory. Kernel compilation and linking will be performed on the build system using an ARM (armhf/armel) cross-compiler toolchain. |
|
14 | It is recommended to configure the `rpi23-gen-image.sh` script to build and install the latest Raspberry Pi Linux kernel. For the Raspberry 3 this is mandatory. Kernel compilation and linking will be performed on the build system using an ARM (armhf/armel) cross-compiler toolchain. | |
|
15 | It is recommended to configure the `rpi23-gen-image.sh` script to build and install the latest Raspberry Pi Linux kernel. For the Raspberry 3 this is mandatory. Kernel compilation and linking will be performed on the build system using an ARM (armhf/armel/aarch64) cross-compiler toolchain. | |||
15 |
|
16 | |||
16 | The script has been tested using the default `crossbuild-essential-armhf` and `crossbuild-essential-armel` toolchain meta packages on Debian Linux `stretch` build systems. Please check the [Debian CrossToolchains Wiki](https://wiki.debian.org/CrossToolchains) for further information. |
|
17 | The script has been tested using the default `crossbuild-essential-armhf` and `crossbuild-essential-armel` toolchain meta packages on Debian Linux `stretch` build systems. Please check the [Debian CrossToolchains Wiki](https://wiki.debian.org/CrossToolchains) for further information. | |
17 |
|
18 | |||
@@ -66,6 +67,7 A comma-separated list of additional packages to be installed by apt after boots | |||||
66 | #### General system settings: |
|
67 | #### General system settings: | |
67 | ##### `SET_ARCH`=32 |
|
68 | ##### `SET_ARCH`=32 | |
68 | Set Architecture to default 32bit. If you want to compile 64-bit (RPI3 or RPI3+) set it to `64`. This option will set every needed cross-compiler or board specific option for a successful build. |
|
69 | Set Architecture to default 32bit. If you want to compile 64-bit (RPI3 or RPI3+) set it to `64`. This option will set every needed cross-compiler or board specific option for a successful build. | |
|
70 | Set Architecture to default 32bit. If you want to compile 64-bit (RPI3/RPI3+/RPI4) set it to `64`. This option will set every needed cross-compiler or board specific option for a successful build. | |||
69 |
|
71 | |||
70 | ##### `RPI_MODEL`=2 |
|
72 | ##### `RPI_MODEL`=2 | |
71 | Specify the target Raspberry Pi hardware model. The script at this time supports the following Raspberry Pi models: |
|
73 | Specify the target Raspberry Pi hardware model. The script at this time supports the following Raspberry Pi models: | |
@@ -75,6 +77,7 Specify the target Raspberry Pi hardware model. The script at this time supports | |||||
75 | - `2` = Raspberry Pi 2 model B |
|
77 | - `2` = Raspberry Pi 2 model B | |
76 | - `3` = Raspberry Pi 3 model B |
|
78 | - `3` = Raspberry Pi 3 model B | |
77 | - `3P` = Raspberry Pi 3 model B+ |
|
79 | - `3P` = Raspberry Pi 3 model B+ | |
|
80 | - `4` = Raspberry Pi 4 model B | |||
78 |
|
81 | |||
79 | ##### `RELEASE`="buster" |
|
82 | ##### `RELEASE`="buster" | |
80 | Set the desired Debian release name. The script at this time supports the bootstrapping of the Debian releases `stretch` and `buster`. |
|
83 | Set the desired Debian release name. The script at this time supports the bootstrapping of the Debian releases `stretch` and `buster`. | |
@@ -220,6 +223,9 Support for halt,init,poweroff,reboot,runlevel,shutdown,telinit commands | |||||
220 | --- |
|
223 | --- | |
221 |
|
224 | |||
222 | #### Advanced system features: |
|
225 | #### Advanced system features: | |
|
226 | ##### `ENABLE_KEYGEN`=false | |||
|
227 | Recover your lost codec license | |||
|
228 | ||||
223 | ##### `ENABLE_SYSTEMDSWAP`=false |
|
229 | ##### `ENABLE_SYSTEMDSWAP`=false | |
224 | Enables [Systemd-swap service](https://github.com/Nefelim4ag/systemd-swap). Usefull if `KERNEL_ZSWAP` is enabled. |
|
230 | Enables [Systemd-swap service](https://github.com/Nefelim4ag/systemd-swap). Usefull if `KERNEL_ZSWAP` is enabled. | |
225 |
|
231 | |||
@@ -231,6 +237,7 Reduce the disk space usage by deleting packages and files. See `REDUCE_*` param | |||||
231 |
|
237 | |||
232 | ##### `ENABLE_UBOOT`=false |
|
238 | ##### `ENABLE_UBOOT`=false | |
233 | Replace the default RPi 0/1/2/3 second stage bootloader (bootcode.bin) with [U-Boot bootloader](https://git.denx.de/?p=u-boot.git;a=summary). U-Boot can boot images via the network using the BOOTP/TFTP protocol. |
|
239 | Replace the default RPi 0/1/2/3 second stage bootloader (bootcode.bin) with [U-Boot bootloader](https://git.denx.de/?p=u-boot.git;a=summary). U-Boot can boot images via the network using the BOOTP/TFTP protocol. | |
|
240 | RPI4 needs tbd | |||
234 |
|
241 | |||
235 | ##### `UBOOTSRC_DIR`="" |
|
242 | ##### `UBOOTSRC_DIR`="" | |
236 | Path to a directory (`u-boot`) of [U-Boot bootloader sources](https://git.denx.de/?p=u-boot.git;a=summary) that will be copied, configured, build and installed inside the chroot. |
|
243 | Path to a directory (`u-boot`) of [U-Boot bootloader sources](https://git.denx.de/?p=u-boot.git;a=summary) that will be copied, configured, build and installed inside the chroot. | |
@@ -315,6 +322,11 Add SSH (v2) public key(s) from specified file to `authorized_keys` file to enab | |||||
315 | #### Kernel compilation: |
|
322 | #### Kernel compilation: | |
316 | ##### `BUILD_KERNEL`=true |
|
323 | ##### `BUILD_KERNEL`=true | |
317 | Build and install the latest RPi 0/1/2/3 Linux kernel. Currently only the default RPi 0/1/2/3 kernel configuration is used. |
|
324 | Build and install the latest RPi 0/1/2/3 Linux kernel. Currently only the default RPi 0/1/2/3 kernel configuration is used. | |
|
325 | Build and install the latest RPi 0/1/2/3/4 Linux kernel. The default RPi 0/1/2/3/ kernel configuration is used most of the time. | |||
|
326 | ENABLE_NEXMON - Changes Kernel Source to [https://github.com/Re4son/](Kali Linux Kernel) | |||
|
327 | Precompiled 32bit kernel for RPI0/1/2/3 by [https://github.com/hypriot/](hypriot) | |||
|
328 | Precompiled 64bit kernel for RPI3/4 by [https://github.com/sakaki-/](sakaki) | |||
|
329 | ||||
318 |
|
330 | |||
319 | ##### `CROSS_COMPILE`="arm-linux-gnueabihf-" |
|
331 | ##### `CROSS_COMPILE`="arm-linux-gnueabihf-" | |
320 | This sets the cross-compile environment for the compiler. |
|
332 | This sets the cross-compile environment for the compiler. | |
@@ -391,6 +403,18 Allow attaching eBPF programs to a cgroup using the bpf syscall (CONFIG_BPF_SYSC | |||||
391 | ##### `KERNEL_SECURITY`=false |
|
403 | ##### `KERNEL_SECURITY`=false | |
392 | Enables Apparmor, integrity subsystem, auditing. |
|
404 | Enables Apparmor, integrity subsystem, auditing. | |
393 |
|
405 | |||
|
406 | ##### `KERNEL_BTRFS`="false" | |||
|
407 | enable btrfs kernel support | |||
|
408 | ||||
|
409 | ##### `KERNEL_POEHAT`="false" | |||
|
410 | enable Enable RPI POE HAT fan kernel support | |||
|
411 | ||||
|
412 | ##### `KERNEL_NSPAWN`="false" | |||
|
413 | Enable per-interface network priority control - for systemd-nspawn | |||
|
414 | ||||
|
415 | ##### `KERNEL_DHKEY`="true" | |||
|
416 | Diffie-Hellman operations on retained keys - required for >keyutils-1.6 | |||
|
417 | ||||
394 | --- |
|
418 | --- | |
395 |
|
419 | |||
396 | #### Reduce disk usage: |
|
420 | #### Reduce disk usage: | |
@@ -433,8 +457,12 Set password of the encrypted root partition. This parameter is mandatory if `EN | |||||
433 | Set name of dm-crypt managed device-mapper mapping. |
|
457 | Set name of dm-crypt managed device-mapper mapping. | |
434 |
|
458 | |||
435 | ##### `CRYPTFS_CIPHER`="aes-xts-plain64:sha512" |
|
459 | ##### `CRYPTFS_CIPHER`="aes-xts-plain64:sha512" | |
|
460 | ##### `CRYPTFS_CIPHER`="aes-xts-plain64" | |||
436 | Set cipher specification string. `aes-xts*` ciphers are strongly recommended. |
|
461 | Set cipher specification string. `aes-xts*` ciphers are strongly recommended. | |
437 |
|
462 | |||
|
463 | ##### `CRYPTFS_HASH`=sha512 | |||
|
464 | Hash function and size to be used | |||
|
465 | ||||
438 | ##### `CRYPTFS_XTSKEYSIZE`=512 |
|
466 | ##### `CRYPTFS_XTSKEYSIZE`=512 | |
439 | Sets key size in bits. The argument has to be a multiple of 8. |
|
467 | Sets key size in bits. The argument has to be a multiple of 8. | |
440 |
|
468 |
@@ -35,7 +35,17 fi | |||||
35 |
|
35 | |||
36 | # Use specified APT server and release |
|
36 | # Use specified APT server and release | |
37 | sed -i "s/\/ftp.debian.org\//\/${APT_SERVER}\//" "${ETC_DIR}/apt/sources.list" |
|
37 | sed -i "s/\/ftp.debian.org\//\/${APT_SERVER}\//" "${ETC_DIR}/apt/sources.list" | |
|
38 | ||||
|
39 | #Fix for changing path for security updates in testing/bullseye | |||
|
40 | if [ "$RELEASE" = "testing" ] ; then | |||
|
41 | sed -i "s,stretch\\/updates,testing-security," "${ETC_DIR}/apt/sources.list" | |||
38 | sed -i "s/ stretch/ ${RELEASE}/" "${ETC_DIR}/apt/sources.list" |
|
42 | sed -i "s/ stretch/ ${RELEASE}/" "${ETC_DIR}/apt/sources.list" | |
|
43 | fi | |||
|
44 | ||||
|
45 | if [ -z "$RELEASE" ] ; then | |||
|
46 | # Change release in sources list | |||
|
47 | sed -i "s/ stretch/ ${RELEASE}/" "${ETC_DIR}/apt/sources.list" | |||
|
48 | fi | |||
39 |
|
49 | |||
40 | # Upgrade package index and update all installed packages and changed dependencies |
|
50 | # Upgrade package index and update all installed packages and changed dependencies | |
41 | chroot_exec apt-get -qq -y update |
|
51 | chroot_exec apt-get -qq -y update |
@@ -8,108 +8,114 | |||||
8 | # Install and setup fstab |
|
8 | # Install and setup fstab | |
9 | install_readonly files/mount/fstab "${ETC_DIR}/fstab" |
|
9 | install_readonly files/mount/fstab "${ETC_DIR}/fstab" | |
10 |
|
10 | |||
11 | # Add usb/sda disk root partition to fstab |
|
|||
12 | if [ "$ENABLE_SPLITFS" = true ] && [ "$ENABLE_CRYPTFS" = false ] ; then |
|
|||
13 | sed -i "s/mmcblk0p2/sda1/" "${ETC_DIR}/fstab" |
|
|||
14 | fi |
|
|||
15 |
|
||||
16 | # Add encrypted root partition to fstab and crypttab |
|
|||
17 | if [ "$ENABLE_CRYPTFS" = true ] ; then |
|
|||
18 | # Replace fstab root partition with encrypted partition mapping |
|
|||
19 | sed -i "s/mmcblk0p2/mapper\/${CRYPTFS_MAPPING}/" "${ETC_DIR}/fstab" |
|
|||
20 |
|
||||
21 | # Add encrypted partition to crypttab and fstab |
|
|||
22 | install_readonly files/mount/crypttab "${ETC_DIR}/crypttab" |
|
|||
23 | echo "${CRYPTFS_MAPPING} /dev/mmcblk0p2 none luks,initramfs" >> "${ETC_DIR}/crypttab" |
|
|||
24 |
|
||||
25 | if [ "$ENABLE_SPLITFS" = true ] ; then |
|
|||
26 | # Add usb/sda1 disk to crypttab |
|
|||
27 | sed -i "s/mmcblk0p2/sda1/" "${ETC_DIR}/crypttab" |
|
|||
28 | fi |
|
|||
29 | fi |
|
|||
30 |
|
||||
31 | if [ "$ENABLE_USBBOOT" = true ] ; then |
|
|||
32 | sed -i "s/mmcblk0p1/sda1/" "${ETC_DIR}/fstab" |
|
|||
33 | sed -i "s/mmcblk0p2/sda2/" "${ETC_DIR}/fstab" |
|
|||
34 |
|
||||
35 | # Add usb/sda2 disk to crypttab |
|
|||
36 | sed -i "s/mmcblk0p2/sda2/" "${ETC_DIR}/crypttab" |
|
|||
37 | fi |
|
|||
38 |
|
||||
39 | # Generate initramfs file |
|
11 | # Generate initramfs file | |
40 | if [ "$ENABLE_INITRAMFS" = true ] ; then |
|
12 | if [ "$ENABLE_INITRAMFS" = true ] ; then | |
41 | if [ "$ENABLE_CRYPTFS" = true ] ; then |
|
13 | if [ "$ENABLE_CRYPTFS" = true ] ; then | |
|
14 | ||||
42 | # Include initramfs scripts to auto expand encrypted root partition |
|
15 | # Include initramfs scripts to auto expand encrypted root partition | |
43 | if [ "$EXPANDROOT" = true ] ; then |
|
16 | if [ "$EXPANDROOT" = true ] ; then | |
44 | install_exec files/initramfs/expand_encrypted_rootfs "${ETC_DIR}/initramfs-tools/scripts/init-premount/expand_encrypted_rootfs" |
|
17 | install_exec files/initramfs/expand_encrypted_rootfs "${ETC_DIR}/initramfs-tools/scripts/init-premount/expand_encrypted_rootfs" | |
45 | install_exec files/initramfs/expand-premount "${ETC_DIR}/initramfs-tools/scripts/local-premount/expand-premount" |
|
18 | install_exec files/initramfs/expand-premount "${ETC_DIR}/initramfs-tools/scripts/local-premount/expand-premount" | |
46 | install_exec files/initramfs/expand-tools "${ETC_DIR}/initramfs-tools/hooks/expand-tools" |
|
19 | install_exec files/initramfs/expand-tools "${ETC_DIR}/initramfs-tools/hooks/expand-tools" | |
47 | fi |
|
20 | fi | |
48 |
|
21 | |||
49 | if [ "$ENABLE_DHCP" = false ] ; then |
|
22 | # Replace fstab root partition with encrypted partition mapping | |
50 | # Get cdir from NET_ADDRESS e.g. 24 |
|
23 | sed -i "s/mmcblk0p2/mapper\/${CRYPTFS_MAPPING}/" "${ETC_DIR}/fstab" | |
51 | cdir=$(${NET_ADDRESS} | cut -d '/' -f2) |
|
|||
52 |
|
24 | |||
53 | # Convert cdir ro netmask e.g. 24 to 255.255.255.0 |
|
25 | # Add encrypted partition to crypttab and fstab | |
54 | NET_MASK=$(cdr2mask "$cdir") |
|
26 | install_readonly files/mount/crypttab "${ETC_DIR}/crypttab" | |
|
27 | echo "${CRYPTFS_MAPPING} /dev/mmcblk0p2 none luks,initramfs" >> "${ETC_DIR}/crypttab" | |||
55 |
|
28 | |||
56 | # Write static ip settings to "${ETC_DIR}"/initramfs-tools/initramfs.conf |
|
29 | if [ "$ENABLE_USBBOOT" = true ] && [ "$ENABLE_SPLITFS" = false ]; then | |
57 | sed -i "\$aIP=${NET_ADDRESS}::${NET_GATEWAY}:${NET_MASK}:${HOSTNAME}:" "${ETC_DIR}"/initramfs-tools/initramfs.conf |
|
30 | sed -i "s/mmcblk0p1/sda1/" "${ETC_DIR}/fstab" | |
58 |
|
31 | # Add usb/sda2 disk to crypttab | ||
59 | # Regenerate initramfs |
|
32 | sed -i "s/mmcblk0p2/sda2/" "${ETC_DIR}/crypttab" | |
60 | chroot_exec mkinitramfs -o "/boot/firmware/initramfs-${KERNEL_VERSION}" "${KERNEL_VERSION}" |
|
33 | fi | |
|
34 | ||||
|
35 | # Add encrypted root partition to fstab and crypttab | |||
|
36 | if [ "$ENABLE_SPLITFS" = true ] && [ "$ENABLE_USBBOOT" = false ]; then | |||
|
37 | # Add usb/sda1 disk to crypttab | |||
|
38 | sed -i "s/mmcblk0p2/sda1/" "${ETC_DIR}/crypttab" | |||
61 | fi |
|
39 | fi | |
62 |
|
40 | |||
63 |
|
|
41 | if [ "$CRYPTFS_DROPBEAR" = true ]; then | |
64 | if [ -n "$CRYPTFS_DROPBEAR_PUBKEY" ] && [ -f "$CRYPTFS_DROPBEAR_PUBKEY" ] ; then |
|
42 | if [ "$ENABLE_DHCP" = false ] ; then | |
65 | install_readonly "${CRYPTFS_DROPBEAR_PUBKEY}" "${ETC_DIR}"/dropbear-initramfs/id_rsa.pub |
|
43 | # Get cdir from NET_ADDRESS e.g. 24 | |
66 | cat "${ETC_DIR}"/dropbear-initramfs/id_rsa.pub >> "${ETC_DIR}"/dropbear-initramfs/authorized_keys |
|
44 | cdir=$(printf "%s" "${NET_ADDRESS}" | cut -d '/' -f2) | |
67 | else |
|
|||
68 | # Create key |
|
|||
69 | chroot_exec /usr/bin/dropbearkey -t rsa -f /etc/dropbear-initramfs/id_rsa.dropbear |
|
|||
70 |
|
||||
71 | # Convert dropbear key to openssh key |
|
|||
72 | chroot_exec /usr/lib/dropbear/dropbearconvert dropbear openssh /etc/dropbear-initramfs/id_rsa.dropbear /etc/dropbear-initramfs/id_rsa |
|
|||
73 |
|
||||
74 | # Get Public Key Part |
|
|||
75 | chroot_exec /usr/bin/dropbearkey -y -f /etc/dropbear-initramfs/id_rsa.dropbear | chroot_exec tee /etc/dropbear-initramfs/id_rsa.pub |
|
|||
76 |
|
||||
77 | # Delete unwanted lines |
|
|||
78 | sed -i '/Public/d' "${ETC_DIR}"/dropbear-initramfs/id_rsa.pub |
|
|||
79 | sed -i '/Fingerprint/d' "${ETC_DIR}"/dropbear-initramfs/id_rsa.pub |
|
|||
80 |
|
||||
81 | # Trust the new key |
|
|||
82 | cat "${ETC_DIR}"/dropbear-initramfs/id_rsa.pub > "${ETC_DIR}"/dropbear-initramfs/authorized_keys |
|
|||
83 |
|
||||
84 | # Save Keys - convert with putty from rsa/openssh to puttkey |
|
|||
85 | cp -f "${ETC_DIR}"/dropbear-initramfs/id_rsa "${BASEDIR}"/dropbear_initramfs_key.rsa |
|
|||
86 |
|
||||
87 | # Get unlock script |
|
|||
88 | install_exec files/initramfs/crypt_unlock.sh "${ETC_DIR}"/initramfs-tools/hooks/crypt_unlock.sh |
|
|||
89 |
|
||||
90 | # Enable Dropbear inside initramfs |
|
|||
91 | printf "#\n# DROPBEAR: [ y | n ]\n#\n\nDROPBEAR=y\n" >> "${ETC_DIR}/initramfs-tools/initramfs.conf" |
|
|||
92 |
|
45 | |||
93 | # Enable Dropbear inside initramfs |
|
46 | # Convert cdir ro netmask e.g. 24 to 255.255.255.0 | |
94 | sed -i "54 i sleep 5" "${R}"/usr/share/initramfs-tools/scripts/init-premount/dropbear |
|
47 | NET_MASK=$(cdr2mask "$cdir") | |
95 | fi |
|
48 | ||
96 | else |
|
49 | # Write static ip settings to "${ETC_DIR}"/initramfs-tools/initramfs.conf | |
97 | # Disable SSHD inside initramfs |
|
50 | # ip=<client-ip>:<server-ip>:<gw-ip>:<netmask>:<hostname>:<device>:<autoconf> | |
98 | printf "#\n# DROPBEAR: [ y | n ]\n#\n\nDROPBEAR=n\n" >> "${ETC_DIR}/initramfs-tools/initramfs.conf" |
|
51 | sed -i "\$a\nIP=${NET_ADDRESS}::${NET_GATEWAY}:${NET_MASK}:${HOSTNAME}:" "${ETC_DIR}"/initramfs-tools/initramfs.conf | |
99 | fi |
|
52 | else | |
|
53 | sed -i "\$a\nIP=::::${HOSTNAME}::dhcp" "${ETC_DIR}"/initramfs-tools/initramfs.conf | |||
|
54 | fi | |||
|
55 | ||||
|
56 | if [ -n "$CRYPTFS_DROPBEAR_PUBKEY" ] && [ -f "$CRYPTFS_DROPBEAR_PUBKEY" ] ; then | |||
|
57 | install_readonly "${CRYPTFS_DROPBEAR_PUBKEY}" "${ETC_DIR}"/dropbear-initramfs/id_rsa.pub | |||
|
58 | cat "${ETC_DIR}"/dropbear-initramfs/id_rsa.pub >> "${ETC_DIR}"/dropbear-initramfs/authorized_keys | |||
|
59 | else | |||
|
60 | # Create key | |||
|
61 | chroot_exec /usr/bin/dropbearkey -t rsa -f /etc/dropbear-initramfs/id_rsa.dropbear | |||
|
62 | ||||
|
63 | # Convert dropbear key to openssh key | |||
|
64 | chroot_exec /usr/lib/dropbear/dropbearconvert dropbear openssh /etc/dropbear-initramfs/id_rsa.dropbear /etc/dropbear-initramfs/id_rsa | |||
|
65 | ||||
|
66 | # Get Public Key Part | |||
|
67 | chroot_exec /usr/bin/dropbearkey -y -f /etc/dropbear-initramfs/id_rsa.dropbear | chroot_exec tee /etc/dropbear-initramfs/id_rsa.pub | |||
|
68 | ||||
|
69 | # Delete unwanted lines | |||
|
70 | sed -i '/Public/d' "${ETC_DIR}"/dropbear-initramfs/id_rsa.pub | |||
|
71 | sed -i '/Fingerprint/d' "${ETC_DIR}"/dropbear-initramfs/id_rsa.pub | |||
|
72 | ||||
|
73 | # Trust the new key | |||
|
74 | cat "${ETC_DIR}"/dropbear-initramfs/id_rsa.pub > "${ETC_DIR}"/dropbear-initramfs/authorized_keys | |||
|
75 | ||||
|
76 | # Save Keys - convert with putty from rsa/openssh to puttkey | |||
|
77 | cp -f "${ETC_DIR}"/dropbear-initramfs/id_rsa "${BASEDIR}"/dropbear_initramfs_key.rsa | |||
|
78 | ||||
|
79 | # Get unlock script | |||
|
80 | install_exec files/initramfs/crypt_unlock.sh "${ETC_DIR}"/initramfs-tools/hooks/crypt_unlock.sh | |||
|
81 | ||||
|
82 | # Enable Dropbear inside initramfs | |||
|
83 | printf "#\n# DROPBEAR: [ y | n ]\n#\n\nDROPBEAR=y\n" >> "${ETC_DIR}/initramfs-tools/initramfs.conf" | |||
|
84 | ||||
|
85 | # Enable Dropbear inside initramfs | |||
|
86 | sed -i "54 i sleep 5" "${R}"/usr/share/initramfs-tools/scripts/init-premount/dropbear | |||
|
87 | fi | |||
|
88 | # CRYPTFSDROPBEAR=false | |||
|
89 | else | |||
|
90 | # Disable SSHD inside initramfs | |||
|
91 | printf "#\n# DROPBEAR: [ y | n ]\n#\n\nDROPBEAR=n\n" >> "${ETC_DIR}/initramfs-tools/initramfs.conf" | |||
|
92 | fi | |||
100 |
|
93 | |||
101 | # Add cryptsetup modules to initramfs |
|
94 | # Add cryptsetup modules to initramfs | |
102 | printf "#\n# CRYPTSETUP: [ y | n ]\n#\n\nCRYPTSETUP=y\n" >> "${ETC_DIR}/initramfs-tools/conf-hook" |
|
95 | printf "#\n# CRYPTSETUP: [ y | n ]\n#\n\nCRYPTSETUP=y\n" >> "${ETC_DIR}/initramfs-tools/conf-hook" | |
|
96 | #printf "#\n# CRYPTSETUP: [ y | n ]\n#\n\nCRYPTSETUP=y\n" >> "${ETC_DIR}/initramfs-tools/conf-hook" | |||
103 |
|
97 | |||
104 | # Dummy mapping required by mkinitramfs |
|
98 | # Dummy mapping required by mkinitramfs | |
105 | echo "0 1 crypt $(echo "${CRYPTFS_CIPHER}" | cut -d ':' -f 1) ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff 0 7:0 4096" | chroot_exec dmsetup create "${CRYPTFS_MAPPING}" |
|
99 | echo "0 1 crypt $(echo "${CRYPTFS_CIPHER}" | cut -d ':' -f 1) ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff 0 7:0 4096" | chroot_exec dmsetup create "${CRYPTFS_MAPPING}" | |
|
100 | echo "0 1 crypt "${CRYPTFS_CIPHER}" ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff 0 7:0 4096" | chroot_exec dmsetup create "${CRYPTFS_MAPPING}" | |||
106 |
|
101 | |||
107 | # Generate initramfs with encrypted root partition support |
|
102 | # Generate initramfs with encrypted root partition support | |
108 | chroot_exec mkinitramfs -o "/boot/firmware/initramfs-${KERNEL_VERSION}" "${KERNEL_VERSION}" |
|
103 | chroot_exec mkinitramfs -o "/boot/firmware/initramfs-${KERNEL_VERSION}" "${KERNEL_VERSION}" | |
109 |
|
104 | |||
110 | # Remove dummy mapping |
|
105 | # Remove dummy mapping | |
111 | chroot_exec cryptsetup close "${CRYPTFS_MAPPING}" |
|
106 | chroot_exec cryptsetup close "${CRYPTFS_MAPPING}" | |
|
107 | # CRYPTFS=false | |||
112 | else |
|
108 | else | |
|
109 | #USB BOOT /boot on sda1 / on sda2 | |||
|
110 | if [ "$ENABLE_USBBOOT" = true ] ; then | |||
|
111 | sed -i "s/mmcblk0p1/sda1/" "${ETC_DIR}/fstab" | |||
|
112 | sed -i "s/mmcblk0p2/sda2/" "${ETC_DIR}/fstab" | |||
|
113 | fi | |||
|
114 | ||||
|
115 | # Add usb/sda disk root partition to fstab | |||
|
116 | if [ "$ENABLE_SPLITFS" = true ] ; then | |||
|
117 | sed -i "s/mmcblk0p2/sda1/" "${ETC_DIR}/fstab" | |||
|
118 | fi | |||
113 | # Generate initramfs without encrypted root partition support |
|
119 | # Generate initramfs without encrypted root partition support | |
114 | chroot_exec mkinitramfs -o "/boot/firmware/initramfs-${KERNEL_VERSION}" "${KERNEL_VERSION}" |
|
120 | chroot_exec mkinitramfs -o "/boot/firmware/initramfs-${KERNEL_VERSION}" "${KERNEL_VERSION}" | |
115 | fi |
|
121 | fi |
@@ -113,6 +113,7 if [ "$ENABLE_TURBO" = true ] ; then | |||||
113 | fi |
|
113 | fi | |
114 |
|
114 | |||
115 | if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then |
|
115 | if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then | |
|
116 | if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] || [ "$RPI_MODEL" = 4 ]; then | |||
116 |
|
117 | |||
117 | # Bluetooth enabled |
|
118 | # Bluetooth enabled | |
118 | if [ "$ENABLE_BLUETOOTH" = true ] ; then |
|
119 | if [ "$ENABLE_BLUETOOTH" = true ] ; then | |
@@ -131,6 +132,10 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then | |||||
131 |
|
132 | |||
132 | # Set permissions |
|
133 | # Set permissions | |
133 | chown -R root:root "${R}/tmp/pi-bluetooth" |
|
134 | chown -R root:root "${R}/tmp/pi-bluetooth" | |
|
135 | ||||
|
136 | # Bluetooth firmware from arch aur https://aur.archlinux.org/packages/pi-bluetooth/ | |||
|
137 | wget -q -O "${R}/tmp/pi-bluetooth/LICENCE.broadcom_bcm43xx" https://aur.archlinux.org/cgit/aur.git/plain/LICENCE.broadcom_bcm43xx?h=pi-bluetooth | |||
|
138 | wget -q -O "${R}/tmp/pi-bluetooth/BCM43430A1.hcd" https://raw.githubusercontent.com/RPi-Distro/bluez-firmware/master/broadcom/BCM43430A1.hcd | |||
134 |
|
139 | |||
135 | # Install tools |
|
140 | # Install tools | |
136 | install_readonly "${R}/tmp/pi-bluetooth/usr/bin/btuart" "${R}/usr/bin/btuart" |
|
141 | install_readonly "${R}/tmp/pi-bluetooth/usr/bin/btuart" "${R}/usr/bin/btuart" | |
@@ -211,6 +216,11 if [ "$ENABLE_SYSTEMDSWAP" = true ] ; then | |||||
211 | # Change into downloaded src dir |
|
216 | # Change into downloaded src dir | |
212 | cd "${R}/tmp/systemd-swap" || exit |
|
217 | cd "${R}/tmp/systemd-swap" || exit | |
213 |
|
218 | |||
|
219 | ||||
|
220 | # Get Verion | |||
|
221 | VERSION=$(git tag | tail -n 1) | |||
|
222 | #sed -i "s/DEB_NAME=.*/DEB_NAME=systemd-swap_all/g" "${R}/tmp/systemd-swap/package.sh" | |||
|
223 | ||||
214 | # Build package |
|
224 | # Build package | |
215 | bash ./package.sh debian |
|
225 | bash ./package.sh debian | |
216 |
|
226 | |||
@@ -222,6 +232,7 if [ "$ENABLE_SYSTEMDSWAP" = true ] ; then | |||||
222 |
|
232 | |||
223 | # Install package - IMPROVE AND MAKE IT POSSIBLE WITHOUT VERSION NR. |
|
233 | # Install package - IMPROVE AND MAKE IT POSSIBLE WITHOUT VERSION NR. | |
224 | chroot_exec dpkg -i /tmp/systemd-swap/systemd-swap_4.0.1_any.deb |
|
234 | chroot_exec dpkg -i /tmp/systemd-swap/systemd-swap_4.0.1_any.deb | |
|
235 | chroot_exec dpkg -i /tmp/systemd-swap/systemd-swap_"$VERSION"_all.deb | |||
225 |
|
236 | |||
226 | # Enable service |
|
237 | # Enable service | |
227 | chroot_exec systemctl enable systemd-swap |
|
238 | chroot_exec systemctl enable systemd-swap |
@@ -107,6 +107,7 if [ "$ENABLE_WIRELESS" = true ] ; then | |||||
107 |
|
107 | |||
108 | # Fetch firmware binary blob for RPI3B+ |
|
108 | # Fetch firmware binary blob for RPI3B+ | |
109 | if [ "$RPI_MODEL" = 3P ] ; then |
|
109 | if [ "$RPI_MODEL" = 3P ] ; then | |
|
110 | if [ "$RPI_MODEL" = 3P ] || [ "$RPI_MODEL" = 4 ] ; then | |||
110 | # Fetch firmware binary blob for RPi3P |
|
111 | # Fetch firmware binary blob for RPi3P | |
111 | as_nobody wget -q -O "${temp_dir}/brcmfmac43455-sdio.bin" "${WLAN_FIRMWARE_URL}/brcmfmac43455-sdio.bin" |
|
112 | as_nobody wget -q -O "${temp_dir}/brcmfmac43455-sdio.bin" "${WLAN_FIRMWARE_URL}/brcmfmac43455-sdio.bin" | |
112 | as_nobody wget -q -O "${temp_dir}/brcmfmac43455-sdio.txt" "${WLAN_FIRMWARE_URL}/brcmfmac43455-sdio.txt" |
|
113 | as_nobody wget -q -O "${temp_dir}/brcmfmac43455-sdio.txt" "${WLAN_FIRMWARE_URL}/brcmfmac43455-sdio.txt" |
@@ -35,10 +35,12 if [ "$ENABLE_VIDEOCORE" = true ] ; then | |||||
35 |
|
35 | |||
36 | if [ "$RELEASE_ARCH" = "arm64" ] ; then |
|
36 | if [ "$RELEASE_ARCH" = "arm64" ] ; then | |
37 | cmake -DCMAKE_SYSTEM_NAME=Linux -DCMAKE_BUILD_TYPE=release -DARM64=ON -DCMAKE_C_COMPILER=aarch64-linux-gnu-gcc -DCMAKE_CXX_COMPILER=aarch64-linux-gnu-g++ -DCMAKE_ASM_COMPILER=aarch64-linux-gnu-gcc -DCMAKE_C_FLAGS="${CMAKE_C_FLAGS} -U_FORTIFY_SOURCE" -DCMAKE_ASM_FLAGS="${CMAKE_ASM_FLAGS} -c" -DVIDEOCORE_BUILD_DIR="${R}" "${R}/tmp/userland" |
|
37 | cmake -DCMAKE_SYSTEM_NAME=Linux -DCMAKE_BUILD_TYPE=release -DARM64=ON -DCMAKE_C_COMPILER=aarch64-linux-gnu-gcc -DCMAKE_CXX_COMPILER=aarch64-linux-gnu-g++ -DCMAKE_ASM_COMPILER=aarch64-linux-gnu-gcc -DCMAKE_C_FLAGS="${CMAKE_C_FLAGS} -U_FORTIFY_SOURCE" -DCMAKE_ASM_FLAGS="${CMAKE_ASM_FLAGS} -c" -DVIDEOCORE_BUILD_DIR="${R}" "${R}/tmp/userland" | |
|
38 | cmake -DCMAKE_SYSTEM_NAME=Linux -DCMAKE_BUILD_TYPE=release -DCMAKE_TOOLCHAIN_FILE="${R}"/tmp/userland/makefiles/cmake/toolchains/aarch64-linux-gnu.cmake -DARM64=ON -DCMAKE_C_COMPILER=aarch64-linux-gnu-gcc -DCMAKE_CXX_COMPILER=aarch64-linux-gnu-g++ -DCMAKE_ASM_COMPILER=aarch64-linux-gnu-gcc -DCMAKE_C_FLAGS="${CMAKE_C_FLAGS} -U_FORTIFY_SOURCE" -DCMAKE_ASM_FLAGS="${CMAKE_ASM_FLAGS} -c" -DVIDEOCORE_BUILD_DIR="${R}" "${R}/tmp/userland" | |||
38 | fi |
|
39 | fi | |
39 |
|
40 | |||
40 | if [ "$RELEASE_ARCH" = "armel" ] ; then |
|
41 | if [ "$RELEASE_ARCH" = "armel" ] ; then | |
41 | cmake -DCMAKE_SYSTEM_NAME=Linux -DCMAKE_BUILD_TYPE=release -DCMAKE_C_COMPILER=arm-linux-gnueabi-gcc -DCMAKE_CXX_COMPILER=arm-linux-gnueabi-g++ -DCMAKE_ASM_COMPILER=arm-linux-gnueabi-gcc -DCMAKE_C_FLAGS="${CMAKE_C_FLAGS} -U_FORTIFY_SOURCE" -DCMAKE_ASM_FLAGS="${CMAKE_ASM_FLAGS} -c" -DCMAKE_SYSTEM_PROCESSOR="arm" -DVIDEOCORE_BUILD_DIR="${R}" "${R}/tmp/userland" |
|
42 | cmake -DCMAKE_SYSTEM_NAME=Linux -DCMAKE_BUILD_TYPE=release -DCMAKE_C_COMPILER=arm-linux-gnueabi-gcc -DCMAKE_CXX_COMPILER=arm-linux-gnueabi-g++ -DCMAKE_ASM_COMPILER=arm-linux-gnueabi-gcc -DCMAKE_C_FLAGS="${CMAKE_C_FLAGS} -U_FORTIFY_SOURCE" -DCMAKE_ASM_FLAGS="${CMAKE_ASM_FLAGS} -c" -DCMAKE_SYSTEM_PROCESSOR="arm" -DVIDEOCORE_BUILD_DIR="${R}" "${R}/tmp/userland" | |
|
43 | cmake -DCMAKE_SYSTEM_NAME=Linux -DCMAKE_BUILD_TYPE=release -DCMAKE_TOOLCHAIN_FILE="${R}"/tmp/userland/makefiles/cmake/toolchains/arm-linux-gnueabihf.cmake -DCMAKE_C_COMPILER=arm-linux-gnueabi-gcc -DCMAKE_CXX_COMPILER=arm-linux-gnueabi-g++ -DCMAKE_ASM_COMPILER=arm-linux-gnueabi-gcc -DCMAKE_C_FLAGS="${CMAKE_C_FLAGS} -U_FORTIFY_SOURCE" -DCMAKE_ASM_FLAGS="${CMAKE_ASM_FLAGS} -c" -DCMAKE_SYSTEM_PROCESSOR="arm" -DVIDEOCORE_BUILD_DIR="${R}" "${R}/tmp/userland" | |||
42 | fi |
|
44 | fi | |
43 |
|
45 | |||
44 | if [ "$RELEASE_ARCH" = "armhf" ] ; then |
|
46 | if [ "$RELEASE_ARCH" = "armhf" ] ; then |
@@ -75,6 +75,7 if [ "$ENABLE_NEXMON" = true ] && [ "$ENABLE_WIRELESS" = true ]; then | |||||
75 | fi |
|
75 | fi | |
76 |
|
76 | |||
77 | if [ "$RPI_MODEL" = 3P ] ; then |
|
77 | if [ "$RPI_MODEL" = 3P ] ; then | |
|
78 | if [ "$RPI_MODEL" = 3P ] || [ "$RPI_MODEL" = 4 ] ; then | |||
78 | cd "${NEXMON_ROOT}"/patches/bcm43455c0/7_45_154/nexmon || exit |
|
79 | cd "${NEXMON_ROOT}"/patches/bcm43455c0/7_45_154/nexmon || exit | |
79 | sed -i -e 's/all:.*/all: $(RAM_FILE)/g' ${NEXMON_ROOT}/patches/bcm43455c0/7_45_154/nexmon/Makefile |
|
80 | sed -i -e 's/all:.*/all: $(RAM_FILE)/g' ${NEXMON_ROOT}/patches/bcm43455c0/7_45_154/nexmon/Makefile | |
80 | make clean |
|
81 | make clean |
@@ -44,6 +44,9 RPI_MODEL=${RPI_MODEL:=2} | |||||
44 |
|
44 | |||
45 | # Debian release |
|
45 | # Debian release | |
46 | RELEASE=${RELEASE:=buster} |
|
46 | RELEASE=${RELEASE:=buster} | |
|
47 | if [ $RELEASE = "bullseye" ] ; then | |||
|
48 | RELEASE=testing | |||
|
49 | fi | |||
47 |
|
50 | |||
48 | # Kernel Branch |
|
51 | # Kernel Branch | |
49 | KERNEL_BRANCH=${KERNEL_BRANCH:=""} |
|
52 | KERNEL_BRANCH=${KERNEL_BRANCH:=""} | |
@@ -65,10 +68,17 RPI_32_KERNEL_URL=${RPI_32_KERNEL_URL:=https://github.com/hypriot/rpi-kernel/rel | |||||
65 | RPI_32_KERNELHEADER_URL=${RPI_32_KERNELHEADER_URL:=https://github.com/hypriot/rpi-kernel/releases/download/v4.14.34/raspberrypi-kernel-headers_20180422-141901_armhf.deb} |
|
68 | RPI_32_KERNELHEADER_URL=${RPI_32_KERNELHEADER_URL:=https://github.com/hypriot/rpi-kernel/releases/download/v4.14.34/raspberrypi-kernel-headers_20180422-141901_armhf.deb} | |
66 | # Kernel has KVM and zswap enabled - use if KERNEL_* parameters and precompiled kernel are used |
|
69 | # Kernel has KVM and zswap enabled - use if KERNEL_* parameters and precompiled kernel are used | |
67 | RPI3_64_BIS_KERNEL_URL=${RPI3_64_BIS_KERNEL_URL:=https://github.com/sakaki-/bcmrpi3-kernel-bis/releases/download/4.14.80.20181113/bcmrpi3-kernel-bis-4.14.80.20181113.tar.xz} |
|
70 | RPI3_64_BIS_KERNEL_URL=${RPI3_64_BIS_KERNEL_URL:=https://github.com/sakaki-/bcmrpi3-kernel-bis/releases/download/4.14.80.20181113/bcmrpi3-kernel-bis-4.14.80.20181113.tar.xz} | |
|
71 | RPI3_64_BIS_KERNEL_URL=${RPI3_64_BIS_KERNEL_URL:=https://github.com/sakaki-/bcmrpi3-kernel-bis/releases/download/4.19.80.20191022/bcmrpi3-kernel-bis-4.19.80.20191022.tar.xz} | |||
68 | # Default precompiled 64bit kernel |
|
72 | # Default precompiled 64bit kernel | |
69 | RPI3_64_DEF_KERNEL_URL=${RPI3_64_DEF_KERNEL_URL:=https://github.com/sakaki-/bcmrpi3-kernel/releases/download/4.14.80.20181113/bcmrpi3-kernel-4.14.80.20181113.tar.xz} |
|
73 | RPI3_64_DEF_KERNEL_URL=${RPI3_64_DEF_KERNEL_URL:=https://github.com/sakaki-/bcmrpi3-kernel/releases/download/4.14.80.20181113/bcmrpi3-kernel-4.14.80.20181113.tar.xz} | |
|
74 | RPI3_64_DEF_KERNEL_URL=${RPI3_64_DEF_KERNEL_URL:=https://github.com/sakaki-/bcmrpi3-kernel/releases/download/4.19.80.20191022/bcmrpi3-kernel-4.19.80.20191022.tar.xz} | |||
|
75 | # Sakaki BIS Kernel RPI4 - https://github.com/sakaki-/bcm2711-kernel-bis | |||
|
76 | RPI4_64_BIS_KERNEL_URL=${RPI4_64_BIS_KERNEL_URL:=https://github.com/sakaki-/bcm2711-kernel-bis/releases/download/4.19.59.20190724/bcm2711-kernel-bis-4.19.59.20190724.tar.xz} | |||
|
77 | # Default precompiled 64bit kernel - https://github.com/sakaki-/bcm2711-kernel | |||
|
78 | RPI4_64_DEF_KERNEL_URL=${RPI4_64_DEF_KERNEL_URL:=https://github.com/sakaki-/bcm2711-kernel-bis/releases/download/4.19.59.20190724/bcm2711-kernel-bis-4.19.59.20190724.tar.xz} | |||
70 | # Generic |
|
79 | # Generic | |
71 | RPI3_64_KERNEL_URL=${RPI3_64_KERNEL_URL:=$RPI3_64_DEF_KERNEL_URL} |
|
80 | RPI3_64_KERNEL_URL=${RPI3_64_KERNEL_URL:=$RPI3_64_DEF_KERNEL_URL} | |
|
81 | RPI4_64_KERNEL_URL=${RPI4_64_KERNEL_URL:=$RPI4_64_DEF_KERNEL_URL} | |||
72 | # Kali kernel src - used if ENABLE_NEXMON=true (they patch the wlan kernel modul) |
|
82 | # Kali kernel src - used if ENABLE_NEXMON=true (they patch the wlan kernel modul) | |
73 | KALI_KERNEL_URL=${KALI_KERNEL_URL:=https://github.com/Re4son/re4son-raspberrypi-linux.git} |
|
83 | KALI_KERNEL_URL=${KALI_KERNEL_URL:=https://github.com/Re4son/re4son-raspberrypi-linux.git} | |
74 |
|
84 | |||
@@ -191,6 +201,10 KERNEL_BPF=${KERNEL_BPF:=false} | |||||
191 | KERNEL_DEFAULT_GOV=${KERNEL_DEFAULT_GOV:=ondemand} |
|
201 | KERNEL_DEFAULT_GOV=${KERNEL_DEFAULT_GOV:=ondemand} | |
192 | KERNEL_SECURITY=${KERNEL_SECURITY:=false} |
|
202 | KERNEL_SECURITY=${KERNEL_SECURITY:=false} | |
193 | KERNEL_NF=${KERNEL_NF:=false} |
|
203 | KERNEL_NF=${KERNEL_NF:=false} | |
|
204 | KERNEL_DHKEY=${KERNEL_DHKEY:=true} | |||
|
205 | KERNEL_BTRFS=${KERNEL_BTRFS:=false} | |||
|
206 | KERNEL_NSPAN=${KERNEL_NSPAN:=false} | |||
|
207 | KERNEL_POEHAT=${KERNEL_POEHAT:=false} | |||
194 |
|
208 | |||
195 | # Kernel compilation from source directory settings |
|
209 | # Kernel compilation from source directory settings | |
196 | KERNELSRC_DIR=${KERNELSRC_DIR:=""} |
|
210 | KERNELSRC_DIR=${KERNELSRC_DIR:=""} | |
@@ -213,6 +227,8 ENABLE_CRYPTFS=${ENABLE_CRYPTFS:=false} | |||||
213 | CRYPTFS_PASSWORD=${CRYPTFS_PASSWORD:=""} |
|
227 | CRYPTFS_PASSWORD=${CRYPTFS_PASSWORD:=""} | |
214 | CRYPTFS_MAPPING=${CRYPTFS_MAPPING:="secure"} |
|
228 | CRYPTFS_MAPPING=${CRYPTFS_MAPPING:="secure"} | |
215 | CRYPTFS_CIPHER=${CRYPTFS_CIPHER:="aes-xts-plain64:sha512"} |
|
229 | CRYPTFS_CIPHER=${CRYPTFS_CIPHER:="aes-xts-plain64:sha512"} | |
|
230 | CRYPTFS_CIPHER=${CRYPTFS_CIPHER:="aes-xts-plain64"} | |||
|
231 | CRYPTFS_HASH=${CRYPTFS_HASH:="sha512"} | |||
216 | CRYPTFS_XTSKEYSIZE=${CRYPTFS_XTSKEYSIZE:=512} |
|
232 | CRYPTFS_XTSKEYSIZE=${CRYPTFS_XTSKEYSIZE:=512} | |
217 | #Dropbear-initramfs supports unlocking encrypted filesystem via SSH on bootup |
|
233 | #Dropbear-initramfs supports unlocking encrypted filesystem via SSH on bootup | |
218 | CRYPTFS_DROPBEAR=${CRYPTFS_DROPBEAR:=false} |
|
234 | CRYPTFS_DROPBEAR=${CRYPTFS_DROPBEAR:=false} | |
@@ -225,12 +241,14 CHROOT_SCRIPTS=${CHROOT_SCRIPTS:=""} | |||||
225 | # Packages required in the chroot build environment |
|
241 | # Packages required in the chroot build environment | |
226 | APT_INCLUDES=${APT_INCLUDES:=""} |
|
242 | APT_INCLUDES=${APT_INCLUDES:=""} | |
227 | APT_INCLUDES="${APT_INCLUDES},apt-transport-https,apt-utils,ca-certificates,debian-archive-keyring,dialog,sudo,systemd,sysvinit-utils,locales,keyboard-configuration,console-setup,libnss-systemd" |
|
243 | APT_INCLUDES="${APT_INCLUDES},apt-transport-https,apt-utils,ca-certificates,debian-archive-keyring,dialog,sudo,systemd,sysvinit-utils,locales,keyboard-configuration,console-setup,libnss-systemd" | |
|
244 | APT_INCLUDES="${APT_INCLUDES},flex,bison,libssl-dev,apt-transport-https,apt-utils,ca-certificates,debian-archive-keyring,dialog,sudo,systemd,sysvinit-utils,locales,keyboard-configuration,console-setup,libnss-systemd" | |||
228 |
|
245 | |||
229 | # Packages to exclude from chroot build environment |
|
246 | # Packages to exclude from chroot build environment | |
230 | APT_EXCLUDES=${APT_EXCLUDES:=""} |
|
247 | APT_EXCLUDES=${APT_EXCLUDES:=""} | |
231 |
|
248 | |||
232 | # Packages required for bootstrapping |
|
249 | # Packages required for bootstrapping | |
233 | REQUIRED_PACKAGES="debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git bc psmisc dbus sudo" |
|
250 | REQUIRED_PACKAGES="debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git bc psmisc dbus sudo" | |
|
251 | REQUIRED_PACKAGES="debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git bc psmisc dbus bison flex libssl-dev sudo" | |||
234 | MISSING_PACKAGES="" |
|
252 | MISSING_PACKAGES="" | |
235 |
|
253 | |||
236 | # Packages installed for c/c++ build environment in chroot (keep empty) |
|
254 | # Packages installed for c/c++ build environment in chroot (keep empty) | |
@@ -289,13 +307,16 if [ -n "$SET_ARCH" ] ; then | |||||
289 | if [ "$RPI_MODEL" = 2 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] || [ "$RPI_MODEL" = 4 ] ; then |
|
307 | if [ "$RPI_MODEL" = 2 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] || [ "$RPI_MODEL" = 4 ] ; then | |
290 | if [ "$RPI_MODEL" != 4 ] ; then |
|
308 | if [ "$RPI_MODEL" != 4 ] ; then | |
291 | KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcm2709_defconfig} |
|
309 | KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcm2709_defconfig} | |
|
310 | KERNEL_IMAGE=${KERNEL_IMAGE:=kernel7.img} | |||
292 | else |
|
311 | else | |
293 | KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcm2711_defconfig} |
|
312 | KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcm2711_defconfig} | |
|
313 | KERNEL_IMAGE=${KERNEL_IMAGE:=kernel7l.img} | |||
294 | fi |
|
314 | fi | |
295 |
|
315 | |||
296 | REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-armhf" |
|
316 | REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-armhf" | |
297 | RELEASE_ARCH=${RELEASE_ARCH:=armhf} |
|
317 | RELEASE_ARCH=${RELEASE_ARCH:=armhf} | |
298 | KERNEL_IMAGE=${KERNEL_IMAGE:=kernel7.img} |
|
318 | KERNEL_IMAGE=${KERNEL_IMAGE:=kernel7.img} | |
|
319 | ||||
299 | CROSS_COMPILE=${CROSS_COMPILE:=arm-linux-gnueabihf-} |
|
320 | CROSS_COMPILE=${CROSS_COMPILE:=arm-linux-gnueabihf-} | |
300 | fi |
|
321 | fi | |
301 | fi |
|
322 | fi | |
@@ -386,6 +407,7 fi | |||||
386 | # Add deps for nexmon |
|
407 | # Add deps for nexmon | |
387 | if [ "$ENABLE_NEXMON" = true ] ; then |
|
408 | if [ "$ENABLE_NEXMON" = true ] ; then | |
388 | REQUIRED_PACKAGES="${REQUIRED_PACKAGES} libgmp3-dev gawk qpdf bison flex make autoconf automake build-essential libtool" |
|
409 | REQUIRED_PACKAGES="${REQUIRED_PACKAGES} libgmp3-dev gawk qpdf bison flex make autoconf automake build-essential libtool" | |
|
410 | REQUIRED_PACKAGES="${REQUIRED_PACKAGES} libgmp3-dev gawk qpdf make autoconf automake build-essential libtool" | |||
389 | fi |
|
411 | fi | |
390 |
|
412 | |||
391 | # Add libncurses5 to enable kernel menuconfig |
|
413 | # Add libncurses5 to enable kernel menuconfig | |
@@ -402,6 +424,7 fi | |||||
402 | if [ "$ENABLE_CRYPTFS" = true ] && [ "$BUILD_KERNEL" = true ] ; then |
|
424 | if [ "$ENABLE_CRYPTFS" = true ] && [ "$BUILD_KERNEL" = true ] ; then | |
403 | REQUIRED_PACKAGES="${REQUIRED_PACKAGES} cryptsetup" |
|
425 | REQUIRED_PACKAGES="${REQUIRED_PACKAGES} cryptsetup" | |
404 | APT_INCLUDES="${APT_INCLUDES},cryptsetup,busybox,console-setup" |
|
426 | APT_INCLUDES="${APT_INCLUDES},cryptsetup,busybox,console-setup" | |
|
427 | APT_INCLUDES="${APT_INCLUDES},cryptsetup,busybox,console-setup,cryptsetup-initramfs" | |||
405 |
|
428 | |||
406 | # If cryptfs,dropbear and initramfs are enabled include dropbear-initramfs package |
|
429 | # If cryptfs,dropbear and initramfs are enabled include dropbear-initramfs package | |
407 | if [ "$CRYPTFS_DROPBEAR" = true ] && [ "$ENABLE_INITRAMFS" = true ]; then |
|
430 | if [ "$CRYPTFS_DROPBEAR" = true ] && [ "$ENABLE_INITRAMFS" = true ]; then | |
@@ -471,6 +494,7 if [ -n "$MISSING_PACKAGES" ] ; then | |||||
471 |
|
494 | |||
472 | # Make sure all missing required packages are installed |
|
495 | # Make sure all missing required packages are installed | |
473 | apt-get -qq -y install `echo "${MISSING_PACKAGES}" | sed "s/ //"` |
|
496 | apt-get -qq -y install `echo "${MISSING_PACKAGES}" | sed "s/ //"` | |
|
497 | apt-get update && apt-get -qq -y install `echo "${MISSING_PACKAGES}" | sed "s/ //"` | |||
474 | fi |
|
498 | fi | |
475 |
|
499 | |||
476 | # Check if ./bootstrap.d directory exists |
|
500 | # Check if ./bootstrap.d directory exists | |
@@ -823,6 +847,7 if [ "$ENABLE_CRYPTFS" = true ] ; then | |||||
823 |
|
847 | |||
824 | # Initialize encrypted partition |
|
848 | # Initialize encrypted partition | |
825 | echo "YES" | cryptsetup luksFormat "${ROOT_LOOP}" -c "${CRYPTFS_CIPHER}" -s "${CRYPTFS_XTSKEYSIZE}" .password |
|
849 | echo "YES" | cryptsetup luksFormat "${ROOT_LOOP}" -c "${CRYPTFS_CIPHER}" -s "${CRYPTFS_XTSKEYSIZE}" .password | |
|
850 | cryptsetup --verbose --debug -q luksFormat "${ROOT_LOOP}" -c "${CRYPTFS_CIPHER}" -h "${CRYPTFS_HASH}" -s "${CRYPTFS_XTSKEYSIZE}" .password | |||
826 |
|
851 | |||
827 | # Open encrypted partition and setup mapping |
|
852 | # Open encrypted partition and setup mapping | |
828 | cryptsetup luksOpen "${ROOT_LOOP}" -d .password "${CRYPTFS_MAPPING}" |
|
853 | cryptsetup luksOpen "${ROOT_LOOP}" -d .password "${CRYPTFS_MAPPING}" |
General Comments 0
Vous devez vous connecter pour laisser un commentaire.
Se connecter maintenant