##// END OF EJS Templates
Raspi2-3_GenImage
RSS

Cloner depuis https://github.com/drtyhlpr/rpi23-gen-image.git

zswap systemdswap
Unknown -
r460:63d5bd9df575
parent child
Show More
Show file before | Show file after | Hide comments
@@ -1,528 +1,531
1 1 # rpi23-gen-image
2 2 ## Introduction
3 3 `rpi23-gen-image.sh` is an advanced Debian Linux bootstrapping shell script for generating Debian OS images for Raspberry Pi 2 (RPi2) and Raspberry Pi 3 (RPi3) computers. The script at this time supports the bootstrapping of the Debian (armhf) releases `stretch` and `buster`. Raspberry Pi 3 images are generated for 32-bit mode only. Raspberry Pi 3 64-bit images can be generated using custom configuration parameters (```templates/rpi3-stretch-arm64-4.14.y```).
4 4
5 5 ## Build dependencies
6 6 The following list of Debian packages must be installed on the build system because they are essentially required for the bootstrapping process. The script will check if all required packages are installed and missing packages will be installed automatically if confirmed by the user.
7 7
8 8 ```debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git bc psmisc dbus sudo```
9 9
10 10 It is recommended to configure the `rpi23-gen-image.sh` script to build and install the latest Raspberry Pi Linux kernel. For the RPi3 this is mandatory. Kernel compilation and linking will be performed on the build system using an ARM (armhf) cross-compiler toolchain.
11 11
12 12 The script has been tested using the default `crossbuild-essential-armhf` toolchain meta package on Debian Linux `stretch` build systems. Please check the [Debian CrossToolchains Wiki](https://wiki.debian.org/CrossToolchains) for further information.
13 13
14 14 ## Command-line parameters
15 15 The script accepts certain command-line parameters to enable or disable specific OS features, services and configuration settings. These parameters are passed to the `rpi23-gen-image.sh` script via (simple) shell-variables. Unlike environment shell-variables (simple) shell-variables are defined at the beginning of the command-line call of the `rpi23-gen-image.sh` script.
16 16
17 17 ##### Command-line examples:
18 18 ```shell
19 19 ENABLE_UBOOT=true ./rpi23-gen-image.sh
20 20 ENABLE_CONSOLE=false ENABLE_IPV6=false ./rpi23-gen-image.sh
21 21 ENABLE_WM=xfce4 ENABLE_FBTURBO=true ENABLE_MINBASE=true ./rpi23-gen-image.sh
22 22 ENABLE_HARDNET=true ENABLE_IPTABLES=true /rpi23-gen-image.sh
23 23 APT_SERVER=ftp.de.debian.org APT_PROXY="http://127.0.0.1:3142/" ./rpi23-gen-image.sh
24 24 ENABLE_MINBASE=true ./rpi23-gen-image.sh
25 25 BUILD_KERNEL=true ENABLE_MINBASE=true ENABLE_IPV6=false ./rpi23-gen-image.sh
26 26 BUILD_KERNEL=true KERNELSRC_DIR=/tmp/linux ./rpi23-gen-image.sh
27 27 ENABLE_MINBASE=true ENABLE_REDUCE=true ENABLE_MINGPU=true BUILD_KERNEL=true ./rpi23-gen-image.sh
28 28 ENABLE_CRYPTFS=true CRYPTFS_PASSWORD=changeme EXPANDROOT=false ENABLE_MINBASE=true ENABLE_REDUCE=true ENABLE_MINGPU=true BUILD_KERNEL=true ./rpi23-gen-image.sh
29 29 RELEASE=stretch BUILD_KERNEL=true ./rpi23-gen-image.sh
30 30 RPI_MODEL=3 ENABLE_WIRELESS=true ENABLE_MINBASE=true BUILD_KERNEL=true ./rpi23-gen-image.sh
31 31 RELEASE=stretch RPI_MODEL=3 ENABLE_WIRELESS=true ENABLE_MINBASE=true BUILD_KERNEL=true ./rpi23-gen-image.sh
32 32 ```
33 33
34 34 ## Configuration template files
35 35 To avoid long lists of command-line parameters and to help to store the favourite parameter configurations the `rpi23-gen-image.sh` script supports so called configuration template files (`CONFIG_TEMPLATE`=template). These are simple text files located in the `./templates` directory that contain the list of configuration parameters that will be used. New configuration template files can be added to the `./templates` directory.
36 36
37 37 ##### Command-line examples:
38 38 ```shell
39 39 CONFIG_TEMPLATE=rpi3stretch ./rpi23-gen-image.sh
40 40 CONFIG_TEMPLATE=rpi2stretch ./rpi23-gen-image.sh
41 41 ```
42 42
43 43 ## Supported parameters and settings
44 44 #### APT settings:
45 45 ##### `APT_SERVER`="ftp.debian.org/debian"
46 46 Set Debian packages server address. Choose a server from the list of Debian worldwide [mirror sites](https://www.debian.org/mirror/list). Using a nearby server will probably speed-up all required downloads within the bootstrapping process.
47 47
48 48 ##### `APT_PROXY`=""
49 49 Set Proxy server address. Using a local Proxy-Cache like `apt-cacher-ng` will speed-up the bootstrapping process because all required Debian packages will only be downloaded from the Debian mirror site once. If `apt-cacher-ng` is running on default `http://127.0.0.1:3142` it is autodetected and you don't need to set this.
50 50
51 51 ##### `APT_INCLUDES`=""
52 52 A comma separated list of additional packages to be installed by debootstrap during bootstrapping.
53 53
54 54 ##### `APT_INCLUDES_LATE`=""
55 55 A comma separated list of additional packages to be installed by apt after bootstrapping and after APT sources are set up. This is useful for packages with pre-depends, which debootstrap do not handle well.
56 56
57 57 ---
58 58
59 59 #### General system settings:
60 60 ##### `SET_ARCH`=32
61 61 Set Architecture to default 32bit. If you want to to compile 64bit (RPI3 or RPI3+) set it to `64`. This option will set every needed crosscompiler or boeard specific option for a successful build.
62 62 If you want to change e.g. cross-compiler -> Templates always override defaults
63 63
64 64 ##### `RPI_MODEL`=2
65 65 Specifiy the target Raspberry Pi hardware model. The script at this time supports the following Raspberry Pi models:
66 66 - `0` = Used for Raspberry Pi 0 and Raspberry Pi 0 W
67 67 - `1` = Used for Pi 1 model A and B
68 68 - `1P` = Used for Pi 1 model B+ and A+
69 69 - `2` = Used for Pi 2 model B
70 70 - `3` = Used for Pi 3 model B
71 71 - `3P` = Used for Pi 3 model B+
72 72 - `BUILD_KERNEL`=true will automatically be set if the Raspberry Pi model `3` or `3P` is used.
73 73
74 74 ##### `RELEASE`="buster"
75 75 Set the desired Debian release name. The script at this time supports the bootstrapping of the Debian releases `stretch` and `buster`.
76 76
77 77 ##### `RELEASE_ARCH`="armhf"
78 78 Set the desired Debian release architecture.
79 79
80 80 ##### `HOSTNAME`="rpi$RPI_MODEL-$RELEASE"
81 81 Set system host name. It's recommended that the host name is unique in the corresponding subnet.
82 82
83 83 ##### `PASSWORD`="raspberry"
84 84 Set system `root` password. It's **STRONGLY** recommended that you choose a custom password.
85 85
86 86 ##### `USER_PASSWORD`="raspberry"
87 87 Set password for the created non-root user `USER_NAME`=pi. Ignored if `ENABLE_USER`=false. It's **STRONGLY** recommended that you choose a custom password.
88 88
89 89 ##### `DEFLOCAL`="en_US.UTF-8"
90 90 Set default system locale. This setting can also be changed inside the running OS using the `dpkg-reconfigure locales` command. Please note that on using this parameter the script will automatically install the required packages `locales`, `keyboard-configuration` and `console-setup`.
91 91
92 92 ##### `TIMEZONE`="Europe/Berlin"
93 93 Set default system timezone. All available timezones can be found in the `/usr/share/zoneinfo/` directory. This setting can also be changed inside the running OS using the `dpkg-reconfigure tzdata` command.
94 94
95 95 ##### `EXPANDROOT`=true
96 96 Expand the root partition and filesystem automatically on first boot.
97 97
98 98 ##### `ENABLE_QEMU`=false
99 99 Generate kernel (`vexpress_defconfig`), file system image (`qcow2`) and DTB files that can be used for QEMU full system emulation (`vexpress-A15`). The output files are stored in the `$(pwd)/images/qemu` directory. You can find more information about running the generated image in the QEMU section of this readme file.
100 100
101 101 ---
102 102
103 103 #### Keyboard settings:
104 104 These options are used to configure keyboard layout in `/etc/default/keyboard` for console and Xorg. These settings can also be changed inside the running OS using the `dpkg-reconfigure keyboard-configuration` command.
105 105
106 106 ##### `XKB_MODEL`=""
107 107 Set the name of the model of your keyboard type.
108 108
109 109 ##### `XKB_LAYOUT`=""
110 110 Set the supported keyboard layout(s).
111 111
112 112 ##### `XKB_VARIANT`=""
113 113 Set the supported variant(s) of the keyboard layout(s).
114 114
115 115 ##### `XKB_OPTIONS`=""
116 116 Set extra xkb configuration options.
117 117
118 118 ---
119 119
120 120 #### Networking settings (DHCP):
121 121 This parameter is used to set up networking auto configuration in `/etc/systemd/network/eth.network`. The default location of network configuration files in the Debian `stretch` release was changed to `/lib/systemd/network`.`
122 122
123 123 ##### `ENABLE_DHCP`=true
124 124 Set the system to use DHCP. This requires an DHCP server.
125 125
126 126 ---
127 127
128 128 #### Networking settings (static):
129 129 These parameters are used to set up a static networking configuration in `/etc/systemd/network/eth.network`. The following static networking parameters are only supported if `ENABLE_DHCP` was set to `false`. The default location of network configuration files in the Debian `stretch` release was changed to `/lib/systemd/network`.
130 130
131 131 ##### `NET_ADDRESS`=""
132 132 Set a static IPv4 or IPv6 address and its prefix, separated by "/", eg. "192.169.0.3/24".
133 133
134 134 ##### `NET_GATEWAY`=""
135 135 Set the IP address for the default gateway.
136 136
137 137 ##### `NET_DNS_1`=""
138 138 Set the IP address for the first DNS server.
139 139
140 140 ##### `NET_DNS_2`=""
141 141 Set the IP address for the second DNS server.
142 142
143 143 ##### `NET_DNS_DOMAINS`=""
144 144 Set the default DNS search domains to use for non fully qualified host names.
145 145
146 146 ##### `NET_NTP_1`=""
147 147 Set the IP address for the first NTP server.
148 148
149 149 ##### `NET_NTP_2`=""
150 150 Set the IP address for the second NTP server.
151 151
152 152 ---
153 153
154 154 #### Basic system features:
155 155 ##### `ENABLE_CONSOLE`=true
156 156 Enable serial console interface. Recommended if no monitor or keyboard is connected to the RPi2/3. In case of problems fe. if the network (auto) configuration failed - the serial console can be used to access the system. On RPI `0` `3` `3P` the CPU speed is locked at lowest speed.
157 157
158 158 ##### `ENABLE_PRINTK`=false
159 159 Enables printing kernel messages to konsole. printk is `3 4 1 3` as in raspbian.
160 160
161 161 ##### `ENABLE_BLUETOOTH`=false
162 162 Enable onboard Bluetooth interface on the RPi0/3/3P. See: https://spellfoundry.com/2016/05/29/configuring-gpio-serial-port-raspbian-jessie-including-pi-3/
163 163
164 164 ##### `ENABLE_MINIUART_OVERLAY`=false
165 165 Enable Bluetooth to use this. Adds overlay to swap UART0 with UART1. Enabling (slower) Bluetooth and full speed serial console. - RPI `0` `3` `3P` have a fast `hardware UART0` (ttyAMA0) and a `mini UART1` (ttyS0)! RPI `1` `1P` `2` only have a `hardware UART0`. `UART0` is considered better, because is faster and more stable than `mini UART1`. By default the Bluetooth modem is mapped to the `hardware UART0` and `mini UART` is used for console. The `mini UART` is a problem for the serial console, because its baudrate depends on the cpu frequency, which is changing on runtime. Resulting in a volatile baudrate and thus in an unusable serial console.
166 166
167 167 ##### `ENABLE_TURBO`=false
168 168 VOIDS WARRANTY! Enable Turbo mode - NO overclocking. This setting locks cpu at highest frequency. As setting ENABLE_CONSOLE=true locks RPI to lowest CPU speed, this is can be used additionally to lock cpu hat max speed. Need a good power supply and probably cooling for the Raspberry PI.
169 169
170 170 ##### `ENABLE_I2C`=false
171 171 Enable I2C interface on the RPi2/3. Please check the [RPi2/3 pinout diagrams](https://elinux.org/RPi_Low-level_peripherals) to connect the right GPIO pins.
172 172
173 173 ##### `ENABLE_SPI`=false
174 174 Enable SPI interface on the RPi2/3. Please check the [RPi2/3 pinout diagrams](https://elinux.org/RPi_Low-level_peripherals) to connect the right GPIO pins.
175 175
176 176 ##### `ENABLE_IPV6`=true
177 177 Enable IPv6 support. The network interface configuration is managed via systemd-networkd.
178 178
179 179 ##### `ENABLE_SSHD`=true
180 180 Install and enable OpenSSH service. The default configuration of the service doesn't allow `root` to login. Please use the user `pi` instead and `su -` or `sudo` to execute commands as root.
181 181
182 182 ##### `ENABLE_NONFREE`=false
183 183 Allow the installation of non-free Debian packages that do not comply with the DFSG. This is required to install closed-source firmware binary blobs.
184 184
185 185 ##### `ENABLE_WIRELESS`=false
186 186 Download and install the [closed-source firmware binary blob](https://github.com/RPi-Distro/firmware-nonfree/raw/master/brcm) that is required to run the internal wireless interface of the Raspberry Pi model `3`. This parameter is ignored if the specified `RPI_MODEL` is not `3`.
187 187
188 188 ##### `ENABLE_RSYSLOG`=true
189 189 If set to false, disable and uninstall rsyslog (so logs will be available only in journal files)
190 190
191 191 ##### `ENABLE_SOUND`=true
192 192 Enable sound hardware and install Advanced Linux Sound Architecture.
193 193
194 194 ##### `ENABLE_HWRANDOM`=true
195 195 Enable Hardware Random Number Generator. Strong random numbers are important for most network based communications that use encryption. It's recommended to be enabled.
196 196
197 197 ##### `ENABLE_MINGPU`=false
198 198 Minimize the amount of shared memory reserved for the GPU. It doesn't seem to be possible to fully disable the GPU.
199 199
200 200 ##### `ENABLE_DBUS`=true
201 201 Install and enable D-Bus message bus. Please note that systemd should work without D-bus but it's recommended to be enabled.
202 202
203 203 ##### `ENABLE_XORG`=false
204 204 Install Xorg open-source X Window System.
205 205
206 206 ##### `ENABLE_WM`=""
207 207 Install a user defined window manager for the X Window System. To make sure all X related package dependencies are getting installed `ENABLE_XORG` will automatically get enabled if `ENABLE_WM` is used. The `rpi23-gen-image.sh` script has been tested with the following list of window managers: `blackbox`, `openbox`, `fluxbox`, `jwm`, `dwm`, `xfce4`, `awesome`.
208 208
209 209 ##### `ENABLE_SYSVINIT`=false
210 210 Support for halt,init,poweroff,reboot,runlevel,shutdown,telinit commands
211 211
212 212 ---
213 213
214 214 #### Advanced system features:
215 ##### `ENABLE_SYSTEMDSWAP`=false
216 Enables [Systemd-swap service](https://github.com/Nefelim4ag/systemd-swap). Usefull if `KERNEL_ZSWAP` is enabled.
217
215 218 ##### `ENABLE_MINBASE`=false
216 219 Use debootstrap script variant `minbase` which only includes essential packages and apt. This will reduce the disk usage by about 65 MB.
217 220
218 221 ##### `ENABLE_REDUCE`=false
219 222 Reduce the disk space usage by deleting packages and files. See `REDUCE_*` parameters for detailed information.
220 223
221 224 ##### `ENABLE_UBOOT`=false
222 225 Replace the default RPi2/3 second stage bootloader (bootcode.bin) with [U-Boot bootloader](https://git.denx.de/?p=u-boot.git;a=summary). U-Boot can boot images via the network using the BOOTP/TFTP protocol.
223 226
224 227 ##### `UBOOTSRC_DIR`=""
225 228 Path to a directory (`u-boot`) of [U-Boot bootloader sources](https://git.denx.de/?p=u-boot.git;a=summary) that will be copied, configured, build and installed inside the chroot.
226 229
227 230 ##### `ENABLE_FBTURBO`=false
228 231 Install and enable the [hardware accelerated Xorg video driver](https://github.com/ssvb/xf86-video-fbturbo) `fbturbo`. Please note that this driver is currently limited to hardware accelerated window moving and scrolling.
229 232
230 233 ##### `FBTURBOSRC_DIR`=""
231 234 Path to a directory (`xf86-video-fbturbo`) of [hardware accelerated Xorg video driver sources](https://github.com/ssvb/xf86-video-fbturbo) that will be copied, configured, build and installed inside the chroot.
232 235
233 236 ##### `ENABLE_VIDEOCORE`=false
234 237 Install and enable the [Source code for ARM side libraries for interfacing to Raspberry Pi GPU](https://github.com/raspberrypi/userland) `vcgencmd`. Please note that this driver is currently limited to hardware accelerated window moving and scrolling.
235 238
236 239 ##### `VIDEOCORESRC_DIR`=""
237 240 Path to a directory (`userland`) of [Source code for a C-based firmware patching framework for Broadcom/Cypress WiFi chips that enables you to write your own firmware patches, for example, to enable monitor mode with radiotap headers and frame injection](https://github.com/seemoo-lab/nexmon.git) that will be copied, configured, build and installed inside the chroot.
238 241
239 242 ##### `ENABLE_NEXMON`=false
240 243 Install and enable the [Source code for a C-based firmware patching framework for Broadcom/Cypress WiFi chips that enables you to write your own firmware patches, for example, to enable monitor mode with radiotap headers and frame injection](https://github.com/seemoo-lab/nexmon.git).
241 244
242 245 ##### `NEXMON_DIR`=""
243 246 Path to a directory (`nexmon`) of [Source code for ARM side libraries for interfacing to Raspberry Pi GPU](https://github.com/raspberrypi/userland) that will be copied, configured, build and installed inside the chroot.
244 247
245 248 ##### `ENABLE_IPTABLES`=false
246 249 Enable iptables IPv4/IPv6 firewall. Simplified ruleset: Allow all outgoing connections. Block all incoming connections except to OpenSSH service.
247 250
248 251 ##### `ENABLE_USER`=true
249 252 Create non-root user with password `USER_PASSWORD`=raspberry. Unless overridden with `USER_NAME`=user, username will be `pi`.
250 253
251 254 ##### `USER_NAME`=pi
252 255 Non-root user to create. Ignored if `ENABLE_USER`=false
253 256
254 257 ##### `ENABLE_ROOT`=false
255 258 Set root user password so root login will be enabled
256 259
257 260 ##### `ENABLE_HARDNET`=false
258 261 Enable IPv4/IPv6 network stack hardening settings.
259 262
260 263 ##### `ENABLE_SPLITFS`=false
261 264 Enable having root partition on an USB drive by creating two image files: one for the `/boot/firmware` mount point, and another for `/`.
262 265
263 266 ##### `CHROOT_SCRIPTS`=""
264 267 Path to a directory with scripts that should be run in the chroot before the image is finally built. Every executable file in this directory is run in lexicographical order.
265 268
266 269 ##### `ENABLE_INITRAMFS`=false
267 270 Create an initramfs that that will be loaded during the Linux startup process. `ENABLE_INITRAMFS` will automatically get enabled if `ENABLE_CRYPTFS`=true. This parameter will be ignored if `BUILD_KERNEL`=false.
268 271
269 272 ##### `ENABLE_IFNAMES`=true
270 273 Enable automatic assignment of predictable, stable network interface names for all local Ethernet, WLAN interfaces. This might create complex and long interface names.
271 274
272 275 ##### `DISABLE_UNDERVOLT_WARNINGS`=
273 276 Disable RPi2/3 under-voltage warnings and overlays. Setting the parameter to `1` will disable the warning overlay. Setting it to `2` will additionally allow RPi2/3 turbo mode when low-voltage is present.
274 277
275 278 ---
276 279
277 280 #### SSH settings:
278 281 ##### `SSH_ENABLE_ROOT`=false
279 282 Enable password root login via SSH. This may be a security risk with default password, use only in trusted environments. `ENABLE_ROOT` must be set to `true`.
280 283
281 284 ##### `SSH_DISABLE_PASSWORD_AUTH`=false
282 285 Disable password based SSH authentication. Only public key based SSH (v2) authentication will be supported.
283 286
284 287 ##### `SSH_LIMIT_USERS`=false
285 288 Limit the users that are allowed to login via SSH. Only allow user `USER_NAME`=pi and root if `SSH_ENABLE_ROOT`=true to login. This parameter will be ignored if `dropbear` SSH is used (`REDUCE_SSHD`=true).
286 289
287 290 ##### `SSH_ROOT_PUB_KEY`=""
288 291 Add SSH (v2) public key(s) from specified file to `authorized_keys` file to enable public key based SSH (v2) authentication of user `root`. The specified file can also contain multiple SSH (v2) public keys. SSH protocol version 1 is not supported. `ENABLE_ROOT` **and** `SSH_ENABLE_ROOT` must be set to `true`.
289 292
290 293 ##### `SSH_USER_PUB_KEY`=""
291 294 Add SSH (v2) public key(s) from specified file to `authorized_keys` file to enable public key based SSH (v2) authentication of user `USER_NAME`=pi. The specified file can also contain multiple SSH (v2) public keys. SSH protocol version 1 is not supported.
292 295
293 296 ---
294 297
295 298 #### Kernel compilation:
296 299 ##### `BUILD_KERNEL`=true
297 300 Build and install the latest RPi2/3 Linux kernel. Currently only the default RPi2/3 kernel configuration is used.
298 301
299 302 ##### `CROSS_COMPILE`="arm-linux-gnueabihf-"
300 303 This sets the cross compile enviornment for the compiler.
301 304
302 305 ##### `KERNEL_ARCH`="arm"
303 306 This sets the kernel architecture for the compiler.
304 307
305 308 ##### `KERNEL_IMAGE`="kernel7.img"
306 309 Name of the image file in the boot partition. If not set, `KERNEL_IMAGE` will be set to "kernel8.img" automatically if building for arm64.
307 310
308 311 ##### `KERNEL_BRANCH`=""
309 312 Name of the requested branch from the GIT location for the RPi Kernel. Default is using the current default branch from the GIT site.
310 313
311 314 ##### `QEMU_BINARY`="/usr/bin/qemu-arm-static"
312 315 Sets the QEMU enviornment for the Debian archive. If not set, `QEMU_BINARY` will be set to "/usr/bin/qemu-aarch64-static" automatically if building for arm64.
313 316
314 317 ##### `KERNEL_DEFCONFIG`="bcm2709_defconfig"
315 318 Sets the default config for kernel compiling. If not set, `KERNEL_DEFCONFIG` will be set to "bcmrpi3\_defconfig" automatically if building for arm64.
316 319
317 320 ##### `KERNEL_REDUCE`=false
318 321 Reduce the size of the generated kernel by removing unwanted device, network and filesystem drivers (experimental).
319 322
320 323 ##### `KERNEL_THREADS`=1
321 324 Number of parallel kernel building threads. If the parameter is left untouched the script will automatically determine the number of CPU cores to set the number of parallel threads to speed the kernel compilation.
322 325
323 326 ##### `KERNEL_HEADERS`=true
324 327 Install kernel headers with built kernel.
325 328
326 329 ##### `KERNEL_MENUCONFIG`=false
327 330 Start `make menuconfig` interactive menu-driven kernel configuration. The script will continue after `make menuconfig` was terminated.
328 331
329 332 ##### `KERNEL_OLDDEFCONFIG`=false
330 333 Run `make olddefconfig` to automatically set all new kernel configuration options to their recommended default values.
331 334
332 335 ##### `KERNEL_CCACHE`=false
333 336 Compile the kernel using ccache. This speeds up kernel recompilation by caching previous compilations and detecting when the same compilation is being done again.
334 337
335 338 ##### `KERNEL_REMOVESRC`=true
336 339 Remove all kernel sources from the generated OS image after it was built and installed.
337 340
338 341 ##### `KERNELSRC_DIR`=""
339 342 Path to a directory (`linux`) of [RaspberryPi Linux kernel sources](https://github.com/raspberrypi/linux) that will be copied, configured, build and installed inside the chroot.
340 343
341 344 ##### `KERNELSRC_CLEAN`=false
342 345 Clean the existing kernel sources directory `KERNELSRC_DIR` (using `make mrproper`) after it was copied to the chroot and before the compilation of the kernel has started. This parameter will be ignored if no `KERNELSRC_DIR` was specified or if `KERNELSRC_PREBUILT`=true.
343 346
344 347 ##### `KERNELSRC_CONFIG`=true
345 348 Run `make bcm2709_defconfig` (and optional `make menuconfig`) to configure the kernel sources before building. This parameter is automatically set to `true` if no existing kernel sources directory was specified using `KERNELSRC_DIR`. This parameter is ignored if `KERNELSRC_PREBUILT`=true.
346 349
347 350 ##### `KERNELSRC_USRCONFIG`=""
348 351 Copy own config file to kernel `.config`. If `KERNEL_MENUCONFIG`=true then running after copy.
349 352
350 353 ##### `KERNELSRC_PREBUILT`=false
351 354 With this parameter set to true the script expects the existing kernel sources directory to be already successfully cross-compiled. The parameters `KERNELSRC_CLEAN`, `KERNELSRC_CONFIG`, `KERNELSRC_USRCONFIG` and `KERNEL_MENUCONFIG` are ignored and no kernel compilation tasks are performed.
352 355
353 356 ##### `RPI_FIRMWARE_DIR`=""
354 357 The directory (`firmware`) containing a local copy of the firmware from the [RaspberryPi firmware project](https://github.com/raspberrypi/firmware). Default is to download the latest firmware directly from the project.
355 358
356 359 ##### `KERNEL_DEFAULT_GOV`="ONDEMAND"
357 360 Set the default cpu governor at kernel compilation. Supported values are: PERFORMANCE POWERSAVE USERSPACE ONDEMAND CONSERVATIVE SCHEDUTIL
358 361
359 362 ##### `KERNEL_NF`=false
360 363 Enable Netfilter modules as kernel modules
361 364
362 365 ##### `KERNEL_VIRT`=false
363 366 Enable Kernel KVM support (/dev/kvm)
364 367
365 368 ##### `KERNEL_ZSWAP`=false
366 369 Enable Kernel Zswap support. Best use on high RAM load and mediocre CPU load usecases
367 370
368 371 ##### `KERNEL_BPF`=true
369 372 Allow attaching eBPF programs to a cgroup using the bpf syscall (CONFIG_BPF_SYSCALL CONFIG_CGROUP_BPF) [systemd compilations about it - File /lib/systemd/system/systemd-journald.server:36 configures an IP firewall (IPAddressDeny=all), but the local system does not support BPF/cgroup based firewalls]
370 373
371 374 ---
372 375
373 376 #### Reduce disk usage:
374 377 The following list of parameters is ignored if `ENABLE_REDUCE`=false.
375 378
376 379 ##### `REDUCE_APT`=true
377 380 Configure APT to use compressed package repository lists and no package caching files.
378 381
379 382 ##### `REDUCE_DOC`=true
380 383 Remove all doc files (harsh). Configure APT to not include doc files on future `apt-get` package installations.
381 384
382 385 ##### `REDUCE_MAN`=true
383 386 Remove all man pages and info files (harsh). Configure APT to not include man pages on future `apt-get` package installations.
384 387
385 388 ##### `REDUCE_VIM`=false
386 389 Replace `vim-tiny` package by `levee` a tiny vim clone.
387 390
388 391 ##### `REDUCE_BASH`=false
389 392 Remove `bash` package and switch to `dash` shell (experimental).
390 393
391 394 ##### `REDUCE_HWDB`=true
392 395 Remove PCI related hwdb files (experimental).
393 396
394 397 ##### `REDUCE_SSHD`=true
395 398 Replace `openssh-server` with `dropbear`.
396 399
397 400 ##### `REDUCE_LOCALE`=true
398 401 Remove all `locale` translation files.
399 402
400 403 ---
401 404
402 405 #### Encrypted root partition:
403 406 ##### `ENABLE_CRYPTFS`=false
404 407 Enable full system encryption with dm-crypt. Setup a fully LUKS encrypted root partition (aes-xts-plain64:sha512) and generate required initramfs. The /boot directory will not be encrypted. This parameter will be ignored if `BUILD_KERNEL`=false. `ENABLE_CRYPTFS` is experimental. SSH-to-initramfs is currently not supported but will be soon - feel free to help.
405 408
406 409 ##### `CRYPTFS_PASSWORD`=""
407 410 Set password of the encrypted root partition. This parameter is mandatory if `ENABLE_CRYPTFS`=true.
408 411
409 412 ##### `CRYPTFS_MAPPING`="secure"
410 413 Set name of dm-crypt managed device-mapper mapping.
411 414
412 415 ##### `CRYPTFS_CIPHER`="aes-xts-plain64:sha512"
413 416 Set cipher specification string. `aes-xts*` ciphers are strongly recommended.
414 417
415 418 ##### `CRYPTFS_XTSKEYSIZE`=512
416 419 Sets key size in bits. The argument has to be a multiple of 8.
417 420
418 421 ##### `CRYPTFS_DROPBEAR`=false
419 422 Enable Dropbear Initramfs support
420 423
421 424 ##### `CRYPTFS_DROPBEAR_PUBKEY`=""
422 425 Provide path to dropbear Public RSA-OpenSSH Key
423 426
424 427 ---
425 428
426 429 #### Build settings:
427 430 ##### `BASEDIR`=$(pwd)/images/${RELEASE}
428 431 Set a path to a working directory used by the script to generate an image.
429 432
430 433 ##### `IMAGE_NAME`=${BASEDIR}/${DATE}-${KERNEL_ARCH}-${KERNEL_BRANCH}-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}
431 434 Set a filename for the output file(s). Note: the script will create $IMAGE_NAME.img if `ENABLE_SPLITFS`=false or $IMAGE_NAME-frmw.img and $IMAGE_NAME-root.img if `ENABLE_SPLITFS`=true. Note 2: If the KERNEL_BRANCH is not set, the word "CURRENT" is used.
432 435
433 436 ## Understanding the script
434 437 The functions of this script that are required for the different stages of the bootstrapping are split up into single files located inside the `bootstrap.d` directory. During the bootstrapping every script in this directory gets executed in lexicographical order:
435 438
436 439 | Script | Description |
437 440 | --- | --- |
438 441 | `10-bootstrap.sh` | Debootstrap basic system |
439 442 | `11-apt.sh` | Setup APT repositories |
440 443 | `12-locale.sh` | Setup Locales and keyboard settings |
441 444 | `13-kernel.sh` | Build and install RPi2/3 Kernel |
442 445 | `14-fstab.sh` | Setup fstab and initramfs |
443 446 | `15-rpi-config.sh` | Setup RPi2/3 config and cmdline |
444 447 | `20-networking.sh` | Setup Networking |
445 448 | `21-firewall.sh` | Setup Firewall |
446 449 | `30-security.sh` | Setup Users and Security settings |
447 450 | `31-logging.sh` | Setup Logging |
448 451 | `32-sshd.sh` | Setup SSH and public keys |
449 452 | `41-uboot.sh` | Build and Setup U-Boot |
450 453 | `42-fbturbo.sh` | Build and Setup fbturbo Xorg driver |
451 454 | `50-firstboot.sh` | First boot actions |
452 455 | `99-reduce.sh` | Reduce the disk space usage |
453 456
454 457 All the required configuration files that will be copied to the generated OS image are located inside the `files` directory. It is not recommended to modify these configuration files manually.
455 458
456 459 | Directory | Description |
457 460 | --- | --- |
458 461 | `apt` | APT management configuration files |
459 462 | `boot` | Boot and RPi2/3 configuration files |
460 463 | `dpkg` | Package Manager configuration |
461 464 | `etc` | Configuration files and rc scripts |
462 465 | `firstboot` | Scripts that get executed on first boot |
463 466 | `initramfs` | Initramfs scripts |
464 467 | `iptables` | Firewall configuration files |
465 468 | `locales` | Locales configuration |
466 469 | `modules` | Kernel Modules configuration |
467 470 | `mount` | Fstab configuration |
468 471 | `network` | Networking configuration files |
469 472 | `sysctl.d` | Swapping and Network Hardening configuration |
470 473 | `xorg` | fbturbo Xorg driver configuration |
471 474
472 475 ## Custom packages and scripts
473 476 Debian custom packages, i.e. those not in the debian repositories, can be installed by placing them in the `packages` directory. They are installed immediately after packages from the repositories are installed. Any dependencies listed in the custom packages will be downloaded automatically from the repositories. Do not list these custom packages in `APT_INCLUDES`.
474 477
475 478 Scripts in the custom.d directory will be executed after all other installation is complete but before the image is created.
476 479
477 480 ## Logging of the bootstrapping process
478 481 All information related to the bootstrapping process and the commands executed by the `rpi23-gen-image.sh` script can easily be saved into a logfile. The common shell command `script` can be used for this purpose:
479 482
480 483 ```shell
481 484 script -c 'APT_SERVER=ftp.de.debian.org ./rpi23-gen-image.sh' ./build.log
482 485 ```
483 486
484 487 ## Flashing the image file
485 488 After the image file was successfully created by the `rpi23-gen-image.sh` script it can be copied to the microSD card that will be used by the RPi2/3 computer. This can be performed by using the tools `bmaptool` or `dd`. Using `bmaptool` will probably speed-up the copy process because `bmaptool` copies more wisely than `dd`.
486 489
487 490 ##### Flashing examples:
488 491 ```shell
489 492 bmaptool copy ./images/buster/2017-01-23-rpi3-buster.img /dev/mmcblk0
490 493 dd bs=4M if=./images/buster/2017-01-23-rpi3-buster.img of=/dev/mmcblk0
491 494 ```
492 495 If you have set `ENABLE_SPLITFS`, copy the `-frmw` image on the microSD card, then the `-root` one on the USB drive:
493 496 ```shell
494 497 bmaptool copy ./images/buster/2017-01-23-rpi3-buster-frmw.img /dev/mmcblk0
495 498 bmaptool copy ./images/buster/2017-01-23-rpi3-buster-root.img /dev/sdc
496 499 ```
497 500
498 501 ## QEMU emulation
499 502 Start QEMU full system emulation:
500 503 ```shell
501 504 qemu-system-arm -m 2048M -M vexpress-a15 -cpu cortex-a15 -kernel kernel7.img -no-reboot -dtb vexpress-v2p-ca15_a7.dtb -sd ${IMAGE_NAME}.qcow2 -append "root=/dev/mmcblk0p2 rw rootfstype=ext4 console=tty1"
502 505 ```
503 506
504 507 Start QEMU full system emulation and output to console:
505 508 ```shell
506 509 qemu-system-arm -m 2048M -M vexpress-a15 -cpu cortex-a15 -kernel kernel7.img -no-reboot -dtb vexpress-v2p-ca15_a7.dtb -sd ${IMAGE_NAME}.qcow2 -append "root=/dev/mmcblk0p2 rw rootfstype=ext4 console=ttyAMA0,115200 init=/bin/systemd" -serial stdio
507 510 ```
508 511
509 512 Start QEMU full system emulation with SMP and output to console:
510 513 ```shell
511 514 qemu-system-arm -m 2048M -M vexpress-a15 -cpu cortex-a15 -smp cpus=2,maxcpus=2 -kernel kernel7.img -no-reboot -dtb vexpress-v2p-ca15_a7.dtb -sd ${IMAGE_NAME}.qcow2 -append "root=/dev/mmcblk0p2 rw rootfstype=ext4 console=ttyAMA0,115200 init=/bin/systemd" -serial stdio
512 515 ```
513 516
514 517 Start QEMU full system emulation with cryptfs, initramfs and output to console:
515 518 ```shell
516 519 qemu-system-arm -m 2048M -M vexpress-a15 -cpu cortex-a15 -kernel kernel7.img -no-reboot -dtb vexpress-v2p-ca15_a7.dtb -sd ${IMAGE_NAME}.qcow2 -initrd "initramfs-${KERNEL_VERSION}" -append "root=/dev/mapper/secure cryptdevice=/dev/mmcblk0p2:secure rw rootfstype=ext4 console=ttyAMA0,115200 init=/bin/systemd" -serial stdio
517 520 ```
518 521
519 522 ## External links and references
520 523 * [Debian worldwide mirror sites](https://www.debian.org/mirror/list)
521 524 * [Debian Raspberry Pi 2 Wiki](https://wiki.debian.org/RaspberryPi2)
522 525 * [Debian CrossToolchains Wiki](https://wiki.debian.org/CrossToolchains)
523 526 * [Official Raspberry Pi Firmware on github](https://github.com/raspberrypi/firmware)
524 527 * [Official Raspberry Pi Kernel on github](https://github.com/raspberrypi/linux)
525 528 * [U-BOOT git repository](https://git.denx.de/?p=u-boot.git;a=summary)
526 529 * [Xorg DDX driver fbturbo](https://github.com/ssvb/xf86-video-fbturbo)
527 530 * [RPi3 Wireless interface firmware](https://github.com/RPi-Distro/firmware-nonfree/tree/master/brcm80211/brcm)
528 531 * [Collabora RPi2 Kernel precompiled](https://repositories.collabora.co.uk/debian/)
Show file before | Show file after | Hide comments
@@ -1,448 +1,472
1 1 #
2 2 # Build and Setup RPi2/3 Kernel
3 3 #
4 4
5 5 # Load utility functions
6 6 . ./functions.sh
7 7
8 8 # Fetch and build latest raspberry kernel
9 9 if [ "$BUILD_KERNEL" = true ] ; then
10 10 # Setup source directory
11 11 mkdir -p "${KERNEL_DIR}"
12 12
13 13 # Copy existing kernel sources into chroot directory
14 14 if [ -n "$KERNELSRC_DIR" ] && [ -d "$KERNELSRC_DIR" ] ; then
15 15 # Copy kernel sources and include hidden files
16 16 cp -r "${KERNELSRC_DIR}/". "${KERNEL_DIR}"
17 17
18 18 # Clean the kernel sources
19 19 if [ "$KERNELSRC_CLEAN" = true ] && [ "$KERNELSRC_PREBUILT" = false ] ; then
20 20 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" mrproper
21 21 fi
22 22 else # KERNELSRC_DIR=""
23 23 # Create temporary directory for kernel sources
24 24 temp_dir=$(as_nobody mktemp -d)
25 25
26 26 # Fetch current RPi2/3 kernel sources
27 27 if [ -z "${KERNEL_BRANCH}" ] ; then
28 28 as_nobody -H git -C "${temp_dir}" clone --depth=1 "${KERNEL_URL}" linux
29 29 else
30 30 as_nobody -H git -C "${temp_dir}" clone --depth=1 --branch "${KERNEL_BRANCH}" "${KERNEL_URL}" linux
31 31 fi
32 32
33 33 # Copy downloaded kernel sources
34 34 cp -r "${temp_dir}/linux/"* "${KERNEL_DIR}"
35 35
36 36 # Remove temporary directory for kernel sources
37 37 rm -fr "${temp_dir}"
38 38
39 39 # Set permissions of the kernel sources
40 40 chown -R root:root "${R}/usr/src"
41 41 fi
42 42
43 43 # Calculate optimal number of kernel building threads
44 44 if [ "$KERNEL_THREADS" = "1" ] && [ -r /proc/cpuinfo ] ; then
45 45 KERNEL_THREADS=$(grep -c processor /proc/cpuinfo)
46 46 fi
47 47
48 48 # Configure and build kernel
49 49 if [ "$KERNELSRC_PREBUILT" = false ] ; then
50 50 # Remove device, network and filesystem drivers from kernel configuration
51 51 if [ "$KERNEL_REDUCE" = true ] ; then
52 52 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" "${KERNEL_DEFCONFIG}"
53 53 sed -i\
54 54 -e "s/\(^CONFIG_SND.*\=\).*/\1n/"\
55 55 -e "s/\(^CONFIG_SOUND.*\=\).*/\1n/"\
56 56 -e "s/\(^CONFIG_AC97.*\=\).*/\1n/"\
57 57 -e "s/\(^CONFIG_VIDEO_.*\=\).*/\1n/"\
58 58 -e "s/\(^CONFIG_MEDIA_TUNER.*\=\).*/\1n/"\
59 59 -e "s/\(^CONFIG_DVB.*\=\)[ym]/\1n/"\
60 60 -e "s/\(^CONFIG_REISERFS.*\=\).*/\1n/"\
61 61 -e "s/\(^CONFIG_JFS.*\=\).*/\1n/"\
62 62 -e "s/\(^CONFIG_XFS.*\=\).*/\1n/"\
63 63 -e "s/\(^CONFIG_GFS2.*\=\).*/\1n/"\
64 64 -e "s/\(^CONFIG_OCFS2.*\=\).*/\1n/"\
65 65 -e "s/\(^CONFIG_BTRFS.*\=\).*/\1n/"\
66 66 -e "s/\(^CONFIG_HFS.*\=\).*/\1n/"\
67 67 -e "s/\(^CONFIG_JFFS2.*\=\)[ym]/\1n/"\
68 68 -e "s/\(^CONFIG_UBIFS.*\=\).*/\1n/"\
69 69 -e "s/\(^CONFIG_SQUASHFS.*\=\)[ym]/\1n/"\
70 70 -e "s/\(^CONFIG_W1.*\=\)[ym]/\1n/"\
71 71 -e "s/\(^CONFIG_HAMRADIO.*\=\).*/\1n/"\
72 72 -e "s/\(^CONFIG_CAN.*\=\).*/\1n/"\
73 73 -e "s/\(^CONFIG_IRDA.*\=\).*/\1n/"\
74 74 -e "s/\(^CONFIG_BT_.*\=\).*/\1n/"\
75 75 -e "s/\(^CONFIG_WIMAX.*\=\)[ym]/\1n/"\
76 76 -e "s/\(^CONFIG_6LOWPAN.*\=\).*/\1n/"\
77 77 -e "s/\(^CONFIG_IEEE802154.*\=\).*/\1n/"\
78 78 -e "s/\(^CONFIG_NFC.*\=\).*/\1n/"\
79 79 -e "s/\(^CONFIG_FB_TFT=.*\=\).*/\1n/"\
80 80 -e "s/\(^CONFIG_TOUCHSCREEN.*\=\).*/\1n/"\
81 81 -e "s/\(^CONFIG_USB_GSPCA_.*\=\).*/\1n/"\
82 82 -e "s/\(^CONFIG_DRM.*\=\).*/\1n/"\
83 83 "${KERNEL_DIR}/.config"
84 84 fi
85 85
86 86 if [ "$KERNELSRC_CONFIG" = true ] ; then
87 87 # Load default raspberry kernel configuration
88 88 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" "${KERNEL_DEFCONFIG}"
89 89
90 90 #Switch to KERNELSRC_DIR so we can use set_kernel_config
91 91 cd "${KERNEL_DIR}" || exit
92 92
93 93 # enable ZSWAP see https://askubuntu.com/a/472227 or https://wiki.archlinux.org/index.php/zswap
94 94 if [ "$KERNEL_ZSWAP" = true ] ; then
95 95 set_kernel_config CONFIG_ZPOOL y
96 96 set_kernel_config CONFIG_ZSWAP y
97 97 set_kernel_config CONFIG_ZBUD y
98 98 set_kernel_config CONFIG_Z3FOLD y
99 99 set_kernel_config CONFIG_ZSMALLOC y
100 100 set_kernel_config CONFIG_PGTABLE_MAPPING y
101 101 fi
102 102
103 103 # enable basic KVM support; see https://www.raspberrypi.org/forums/viewtopic.php?f=63&t=210546&start=25#p1300453
104 104 if [ "$KERNEL_VIRT" = true ] && { [ "$RPI_MODEL" = 2 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; } ; then
105 105 set_kernel_config CONFIG_VIRTUALIZATION y
106 106 set_kernel_config CONFIG_KVM y
107 107 set_kernel_config CONFIG_VHOST_NET m
108 108 set_kernel_config CONFIG_VHOST_CROSS_ENDIAN_LEGACY y
109 109 fi
110 110
111 111 # Netfilter kernel support See https://github.com/raspberrypi/linux/issues/2177#issuecomment-354647406
112 112 if [ "$KERNEL_NF" = true ] ; then
113 113 set_kernel_config CONFIG_IP_NF_TARGET_SYNPROXY m
114 114 set_kernel_config CONFIG_NETFILTER_XT_MATCH_CGROUP m
115 115 set_kernel_config CONFIG_NETFILTER_XT_MATCH_IPCOMP m
116 116 set_kernel_config CONFIG_NETFILTER_XT_MATCH_SOCKET m
117 117 set_kernel_config CONFIG_NFT_FIB_INET m
118 118 set_kernel_config CONFIG_NFT_FIB_IPV4 m
119 119 set_kernel_config CONFIG_NFT_FIB_IPV6 m
120 120 set_kernel_config CONFIG_NFT_FIB_NETDEV m
121 121 set_kernel_config CONFIG_NFT_OBJREF m
122 122 set_kernel_config CONFIG_NFT_RT m
123 123 set_kernel_config CONFIG_NFT_SET_BITMAP m
124 124 set_kernel_config CONFIG_NF_CONNTRACK_TIMEOUT y
125 125 set_kernel_config CONFIG_NF_LOG_ARP m
126 126 set_kernel_config CONFIG_NF_SOCKET_IPV4 m
127 127 set_kernel_config CONFIG_NF_SOCKET_IPV6 m
128 128 set_kernel_config CONFIG_BRIDGE_EBT_BROUTE m
129 129 set_kernel_config CONFIG_BRIDGE_EBT_T_FILTER m
130 130 set_kernel_config CONFIG_BRIDGE_NF_EBTABLES m
131 131 set_kernel_config CONFIG_IP6_NF_IPTABLES m
132 132 set_kernel_config CONFIG_IP6_NF_MATCH_AH m
133 133 set_kernel_config CONFIG_IP6_NF_MATCH_EUI64 m
134 134 set_kernel_config CONFIG_IP6_NF_NAT m
135 135 set_kernel_config CONFIG_IP6_NF_TARGET_MASQUERADE m
136 136 set_kernel_config CONFIG_IP6_NF_TARGET_NPT m
137 137 set_kernel_config CONFIG_IP_SET_BITMAP_IPMAC m
138 138 set_kernel_config CONFIG_IP_SET_BITMAP_PORT m
139 139 set_kernel_config CONFIG_IP_SET_HASH_IP m
140 140 set_kernel_config CONFIG_IP_SET_HASH_IPMARK m
141 141 set_kernel_config CONFIG_IP_SET_HASH_IPPORT m
142 142 set_kernel_config CONFIG_IP_SET_HASH_IPPORTIP m
143 143 set_kernel_config CONFIG_IP_SET_HASH_IPPORTNET m
144 144 set_kernel_config CONFIG_IP_SET_HASH_MAC m
145 145 set_kernel_config CONFIG_IP_SET_HASH_NET m
146 146 set_kernel_config CONFIG_IP_SET_HASH_NETIFACE m
147 147 set_kernel_config CONFIG_IP_SET_HASH_NETNET m
148 148 set_kernel_config CONFIG_IP_SET_HASH_NETPORT m
149 149 set_kernel_config CONFIG_IP_SET_HASH_NETPORTNET m
150 150 set_kernel_config CONFIG_IP_SET_LIST_SET m
151 151 set_kernel_config CONFIG_NETFILTER_XTABLES m
152 152 set_kernel_config CONFIG_NETFILTER_XTABLES m
153 153 set_kernel_config CONFIG_NFT_BRIDGE_META m
154 154 set_kernel_config CONFIG_NFT_BRIDGE_REJECT m
155 155 set_kernel_config CONFIG_NFT_CHAIN_NAT_IPV4 m
156 156 set_kernel_config CONFIG_NFT_CHAIN_NAT_IPV6 m
157 157 set_kernel_config CONFIG_NFT_CHAIN_ROUTE_IPV4 m
158 158 set_kernel_config CONFIG_NFT_CHAIN_ROUTE_IPV6 m
159 159 set_kernel_config CONFIG_NFT_COMPAT m
160 160 set_kernel_config CONFIG_NFT_COUNTER m
161 161 set_kernel_config CONFIG_NFT_CT m
162 162 set_kernel_config CONFIG_NFT_DUP_IPV4 m
163 163 set_kernel_config CONFIG_NFT_DUP_IPV6 m
164 164 set_kernel_config CONFIG_NFT_DUP_NETDEV m
165 165 set_kernel_config CONFIG_NFT_EXTHDR m
166 166 set_kernel_config CONFIG_NFT_FWD_NETDEV m
167 167 set_kernel_config CONFIG_NFT_HASH m
168 168 set_kernel_config CONFIG_NFT_LIMIT m
169 169 set_kernel_config CONFIG_NFT_LOG m
170 170 set_kernel_config CONFIG_NFT_MASQ m
171 171 set_kernel_config CONFIG_NFT_MASQ_IPV4 m
172 172 set_kernel_config CONFIG_NFT_MASQ_IPV6 m
173 173 set_kernel_config CONFIG_NFT_META m
174 174 set_kernel_config CONFIG_NFT_NAT m
175 175 set_kernel_config CONFIG_NFT_NUMGEN m
176 176 set_kernel_config CONFIG_NFT_QUEUE m
177 177 set_kernel_config CONFIG_NFT_QUOTA m
178 178 set_kernel_config CONFIG_NFT_REDIR m
179 179 set_kernel_config CONFIG_NFT_REDIR_IPV4 m
180 180 set_kernel_config CONFIG_NFT_REDIR_IPV6 m
181 181 set_kernel_config CONFIG_NFT_REJECT m
182 182 set_kernel_config CONFIG_NFT_REJECT_INET m
183 183 set_kernel_config CONFIG_NFT_REJECT_IPV4 m
184 184 set_kernel_config CONFIG_NFT_REJECT_IPV6 m
185 185 set_kernel_config CONFIG_NFT_SET_HASH m
186 186 set_kernel_config CONFIG_NFT_SET_RBTREE m
187 187 set_kernel_config CONFIG_NF_CONNTRACK_IPV4 m
188 188 set_kernel_config CONFIG_NF_CONNTRACK_IPV6 m
189 189 set_kernel_config CONFIG_NF_DEFRAG_IPV4 m
190 190 set_kernel_config CONFIG_NF_DEFRAG_IPV6 m
191 191 set_kernel_config CONFIG_NF_DUP_IPV4 m
192 192 set_kernel_config CONFIG_NF_DUP_IPV6 m
193 193 set_kernel_config CONFIG_NF_DUP_NETDEV m
194 194 set_kernel_config CONFIG_NF_LOG_BRIDGE m
195 195 set_kernel_config CONFIG_NF_LOG_IPV4 m
196 196 set_kernel_config CONFIG_NF_LOG_IPV6 m
197 197 set_kernel_config CONFIG_NF_NAT_IPV4 m
198 198 set_kernel_config CONFIG_NF_NAT_IPV6 m
199 199 set_kernel_config CONFIG_NF_NAT_MASQUERADE_IPV4 m
200 200 set_kernel_config CONFIG_NF_NAT_MASQUERADE_IPV6 m
201 201 set_kernel_config CONFIG_NF_NAT_PPTP m
202 202 set_kernel_config CONFIG_NF_NAT_PROTO_GRE m
203 203 set_kernel_config CONFIG_NF_NAT_REDIRECT m
204 204 set_kernel_config CONFIG_NF_NAT_SIP m
205 205 set_kernel_config CONFIG_NF_NAT_SNMP_BASIC m
206 206 set_kernel_config CONFIG_NF_NAT_TFTP m
207 207 set_kernel_config CONFIG_NF_REJECT_IPV4 m
208 208 set_kernel_config CONFIG_NF_REJECT_IPV6 m
209 209 set_kernel_config CONFIG_NF_TABLES m
210 210 set_kernel_config CONFIG_NF_TABLES_ARP m
211 211 set_kernel_config CONFIG_NF_TABLES_BRIDGE m
212 212 set_kernel_config CONFIG_NF_TABLES_INET m
213 213 set_kernel_config CONFIG_NF_TABLES_IPV4 m
214 214 set_kernel_config CONFIG_NF_TABLES_IPV6 m
215 215 set_kernel_config CONFIG_NF_TABLES_NETDEV m
216 216 fi
217 217
218 218 # Enables BPF syscall for systemd-journald see https://github.com/torvalds/linux/blob/master/init/Kconfig#L848 or https://groups.google.com/forum/#!topic/linux.gentoo.user/_2aSc_ztGpA
219 219 if [ "$KERNEL_BPF" = true ] ; then
220 220 set_kernel_config CONFIG_BPF_SYSCALL y
221 221 set_kernel_config CONFIG_BPF_EVENTS y
222 222 set_kernel_config CONFIG_BPF_STREAM_PARSER y
223 223 set_kernel_config CONFIG_CGROUP_BPF y
224 224 fi
225 225
226 226 # KERNEL_DEFAULT_GOV was set by user
227 227 if ! [ "$KERNEL_DEFAULT_GOV" = POWERSAVE ] && [ -n "$KERNEL_DEFAULT_GOV" ]; then
228 228 # unset default governor
229 229 unset_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_POWERSAVE
230 230
231 231 case "$KERNEL_DEFAULT_GOV" in
232 232 "PERFORMANCE")
233 233 set_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_PERFORMANCE y
234 234 ;;
235 235 "USERSPACE")
236 236 set_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_USERSPACE y
237 237 ;;
238 238 "ONDEMAND")
239 239 set_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_ONDEMAND y
240 240 ;;
241 241 "CONSERVATIVE")
242 242 set_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_CONSERVATIVE y
243 243 ;;
244 244 "CONSERVATIVE")
245 245 set_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_SCHEDUTIL y
246 246 ;;
247 247 *)
248 248 echo "error: unsupported default cpu governor"
249 249 exit 1
250 250 ;;
251 251 esac
252 252 fi
253 253
254 254
255 255
256 256 #Revert to previous directory
257 257 cd "${WORKDIR}" || exit
258 258
259 259 # Set kernel configuration parameters to enable qemu emulation
260 260 if [ "$ENABLE_QEMU" = true ] ; then
261 261 echo "CONFIG_FHANDLE=y" >> "${KERNEL_DIR}"/.config
262 262 echo "CONFIG_LBDAF=y" >> "${KERNEL_DIR}"/.config
263 263
264 264 if [ "$ENABLE_CRYPTFS" = true ] ; then
265 265 {
266 266 echo "CONFIG_EMBEDDED=y"
267 267 echo "CONFIG_EXPERT=y"
268 268 echo "CONFIG_DAX=y"
269 269 echo "CONFIG_MD=y"
270 270 echo "CONFIG_BLK_DEV_MD=y"
271 271 echo "CONFIG_MD_AUTODETECT=y"
272 272 echo "CONFIG_BLK_DEV_DM=y"
273 273 echo "CONFIG_BLK_DEV_DM_BUILTIN=y"
274 274 echo "CONFIG_DM_CRYPT=y"
275 275 echo "CONFIG_CRYPTO_BLKCIPHER=y"
276 276 echo "CONFIG_CRYPTO_CBC=y"
277 277 echo "CONFIG_CRYPTO_XTS=y"
278 278 echo "CONFIG_CRYPTO_SHA512=y"
279 279 echo "CONFIG_CRYPTO_MANAGER=y"
280 280 } >> "${KERNEL_DIR}"/.config
281 281 fi
282 282 fi
283 283
284 284 # Copy custom kernel configuration file
285 285 if [ -n "$KERNELSRC_USRCONFIG" ] ; then
286 286 cp "$KERNELSRC_USRCONFIG" "${KERNEL_DIR}"/.config
287 287 fi
288 288
289 289 # Set kernel configuration parameters to their default values
290 290 if [ "$KERNEL_OLDDEFCONFIG" = true ] ; then
291 291 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" olddefconfig
292 292 fi
293 293
294 294 # Start menu-driven kernel configuration (interactive)
295 295 if [ "$KERNEL_MENUCONFIG" = true ] ; then
296 296 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" menuconfig
297 297 fi
298 298 # end if "$KERNELSRC_CONFIG" = true
299 299 fi
300 300
301 301 # Use ccache to cross compile the kernel
302 302 if [ "$KERNEL_CCACHE" = true ] ; then
303 303 cc="ccache ${CROSS_COMPILE}gcc"
304 304 else
305 305 cc="${CROSS_COMPILE}gcc"
306 306 fi
307 307
308 308 # Cross compile kernel and dtbs
309 309 make -C "${KERNEL_DIR}" -j"${KERNEL_THREADS}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" CC="${cc}" "${KERNEL_BIN_IMAGE}" dtbs
310 310
311 311 # Cross compile kernel modules
312 312 if grep -q "CONFIG_MODULES=y" "${KERNEL_DIR}/.config" ; then
313 313 make -C "${KERNEL_DIR}" -j"${KERNEL_THREADS}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" CC="${cc}" modules
314 314 fi
315 315 # end if "$KERNELSRC_PREBUILT" = false
316 316 fi
317 317
318 318 # Check if kernel compilation was successful
319 319 if [ ! -r "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/${KERNEL_BIN_IMAGE}" ] ; then
320 320 echo "error: kernel compilation failed! (kernel image not found)"
321 321 cleanup
322 322 exit 1
323 323 fi
324 324
325 325 # Install kernel modules
326 326 if [ "$ENABLE_REDUCE" = true ] ; then
327 327 if grep -q "CONFIG_MODULES=y" "${KERNEL_DIR}/.config" ; then
328 328 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_MOD_STRIP=1 INSTALL_MOD_PATH=../../.. modules_install
329 329 fi
330 330 else
331 331 if grep -q "CONFIG_MODULES=y" "${KERNEL_DIR}/.config" ; then
332 332 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_MOD_PATH=../../.. modules_install
333 333 fi
334 334
335 335 # Install kernel firmware
336 336 if grep -q "^firmware_install:" "${KERNEL_DIR}/Makefile" ; then
337 337 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_FW_PATH=../../../lib firmware_install
338 338 fi
339 339 fi
340 340
341 341 # Install kernel headers
342 342 if [ "$KERNEL_HEADERS" = true ] && [ "$KERNEL_REDUCE" = false ] ; then
343 343 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_HDR_PATH=../.. headers_install
344 344 fi
345 345 # make tar.gz kernel package - missing os bzw. modules
346 346 #** ** ** WARNING ** ** **
347 347 #Your architecture did not define any architecture-dependent files
348 348 #to be placed into the tarball. Please add those to ./scripts/package/buildtar .
349 349 # make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" CC="${cc}" targz-pkg
350 350
351 351 # Prepare boot (firmware) directory
352 352 mkdir "${BOOT_DIR}"
353 353
354 354 # Get kernel release version
355 355 KERNEL_VERSION=$(cat "${KERNEL_DIR}/include/config/kernel.release")
356 356
357 357 # Copy kernel configuration file to the boot directory
358 358 install_readonly "${KERNEL_DIR}/.config" "${R}/boot/config-${KERNEL_VERSION}"
359 359
360 360 # Prepare device tree directory
361 361 mkdir "${BOOT_DIR}/overlays"
362 362
363 363 # Ensure the proper .dtb is located
364 364 if [ "$KERNEL_ARCH" = "arm" ] ; then
365 365 for dtb in "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/"*.dtb ; do
366 366 if [ -f "${dtb}" ] ; then
367 367 install_readonly "${dtb}" "${BOOT_DIR}/"
368 368 fi
369 369 done
370 370 else
371 371 for dtb in "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/broadcom/"*.dtb ; do
372 372 if [ -f "${dtb}" ] ; then
373 373 install_readonly "${dtb}" "${BOOT_DIR}/"
374 374 fi
375 375 done
376 376 fi
377 377
378 378 # Copy compiled dtb device tree files
379 379 if [ -d "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays" ] ; then
380 380 for dtb in "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays/"*.dtb ; do
381 381 if [ -f "${dtb}" ] ; then
382 382 install_readonly "${dtb}" "${BOOT_DIR}/overlays/"
383 383 fi
384 384 done
385 385
386 386 if [ -f "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays/README" ] ; then
387 387 install_readonly "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays/README" "${BOOT_DIR}/overlays/README"
388 388 fi
389 389 fi
390 390
391 391 if [ "$ENABLE_UBOOT" = false ] ; then
392 392 # Convert and copy kernel image to the boot directory
393 393 "${KERNEL_DIR}/scripts/mkknlimg" "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/${KERNEL_BIN_IMAGE}" "${BOOT_DIR}/${KERNEL_IMAGE}"
394 394 else
395 395 # Copy kernel image to the boot directory
396 396 install_readonly "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/${KERNEL_BIN_IMAGE}" "${BOOT_DIR}/${KERNEL_IMAGE}"
397 397 fi
398 398
399 399 # Remove kernel sources
400 400 if [ "$KERNEL_REMOVESRC" = true ] ; then
401 401 rm -fr "${KERNEL_DIR}"
402 402 else
403 403 # Prepare compiled kernel modules
404 404 if grep -q "CONFIG_MODULES=y" "${KERNEL_DIR}/.config" ; then
405 405 if grep -q "^modules_prepare:" "${KERNEL_DIR}/Makefile" ; then
406 406 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" modules_prepare
407 407 fi
408 408
409 409 # Create symlinks for kernel modules
410 410 chroot_exec ln -sf /usr/src/linux "/lib/modules/${KERNEL_VERSION}/build"
411 411 chroot_exec ln -sf /usr/src/linux "/lib/modules/${KERNEL_VERSION}/source"
412 412 fi
413 413 fi
414 414
415 415 else # BUILD_KERNEL=false
416 416 # echo Install precompiled kernel...
417 417 # echo error: not implemented
418 if [ "$KERNEL_ARCH" = arm64 ] && { [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; } ; then
418 if [ "$SET_ARCH" = 64 ] && { [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; } ; then
419 if [ "$KERNEL_ZSWAP" = true ] ; then
420 RPI3_64_KERNEL_URL=RPI3_64_BIS_KERNEL_URL
421 fi
419 422 # Create temporary directory for dl
420 423 temp_dir=$(as_nobody mktemp -d)
421 424
422 425 # Fetch kernel dl
423 426 as_nobody wget -O "${temp_dir}"/kernel.tar.xz -c "$RPI3_64_KERNEL_URL"
424 427 #extract download
425 428 tar -xJf "${temp_dir}"/kernel.tar.xz -C "${temp_dir}"
426 429
427 430 #move extracted kernel to /boot/firmware
428 431 mkdir "${R}/boot/firmware"
429 432 cp "${temp_dir}"/boot/* "${R}"/boot/firmware/
430 433 cp -r "${temp_dir}"/lib/* "${R}"/lib/
431 434
432 435 # Remove temporary directory for kernel sources
433 436 rm -fr "${temp_dir}"
434 437 # Set permissions of the kernel sources
435 438 chown -R root:root "${R}/boot/firmware"
436 439 chown -R root:root "${R}/lib/modules"
437 440 #Create cmdline.txt for 15-rpi-config.sh
438 441 touch "${BOOT_DIR}/cmdline.txt"
439 442 fi
440 443
444 # INstall Kernel from hypriot comptabile with all Raspberry PI
445 if [ "$SET_ARCH" = 32 ] ; then
446 # Create temporary directory for dl
447 temp_dir=$(as_nobody mktemp -d)
448
449 # Fetch kernel
450 as_nobody wget -O "${temp_dir}"/kernel.deb -c "$RPI_32_KERNEL_URL"
451
452 # Fetch kernel header
453 as_nobody wget -O "${temp_dir}"/kernel-header.deb -c "$RPI_32_KERNELHEADER_URL"
454
455 # Install kernel
456 chroot_exec dpkg -i "${temp_dir}"/kernel.deb
457
458 # Install kernel header
459 chroot_exec dpkg -i "${temp_dir}"/kernel-header.deb
460
461 # Remove temporary directory for U-Boot sources
462 rm -fr "${temp_dir}"
463 fi
464
441 465 # Check if kernel installation was successful
442 466 KERNEL="$(ls -1 "${R}"/boot/firmware/kernel* | sort | tail -n 1)"
443 467 if [ -z "$KERNEL" ] ; then
444 468 echo "error: kernel installation failed! (/boot/kernel* not found)"
445 469 cleanup
446 470 exit 1
447 471 fi
448 472 fi
Show file before | Show file after | Hide comments
@@ -1,268 +1,281
1 1 #
2 2 # Setup RPi2/3 config and cmdline
3 3 #
4 4
5 5 # Load utility functions
6 6 . ./functions.sh
7 7
8 8 if [ "$BUILD_KERNEL" = true ] ; then
9 9 if [ -n "$RPI_FIRMWARE_DIR" ] && [ -d "$RPI_FIRMWARE_DIR" ] ; then
10 10 # Install boot binaries from local directory
11 11 cp "${RPI_FIRMWARE_DIR}"/boot/bootcode.bin "${BOOT_DIR}"/bootcode.bin
12 12 cp "${RPI_FIRMWARE_DIR}"/boot/fixup.dat "${BOOT_DIR}"/fixup.dat
13 13 cp "${RPI_FIRMWARE_DIR}"/boot/fixup_cd.dat "${BOOT_DIR}"/fixup_cd.dat
14 14 cp "${RPI_FIRMWARE_DIR}"/boot/fixup_x.dat "${BOOT_DIR}"/fixup_x.dat
15 15 cp "${RPI_FIRMWARE_DIR}"/boot/start.elf "${BOOT_DIR}"/start.elf
16 16 cp "${RPI_FIRMWARE_DIR}"/boot/start_cd.elf "${BOOT_DIR}"/start_cd.elf
17 17 cp "${RPI_FIRMWARE_DIR}"/boot/start_x.elf "${BOOT_DIR}"/start_x.elf
18 18 else
19 19 # Create temporary directory for boot binaries
20 20 temp_dir=$(as_nobody mktemp -d)
21 21
22 22 # Install latest boot binaries from raspberry/firmware github
23 23 as_nobody wget -q -O "${temp_dir}/bootcode.bin" "${FIRMWARE_URL}/bootcode.bin"
24 24 as_nobody wget -q -O "${temp_dir}/fixup.dat" "${FIRMWARE_URL}/fixup.dat"
25 25 as_nobody wget -q -O "${temp_dir}/fixup_cd.dat" "${FIRMWARE_URL}/fixup_cd.dat"
26 26 as_nobody wget -q -O "${temp_dir}/fixup_x.dat" "${FIRMWARE_URL}/fixup_x.dat"
27 27 as_nobody wget -q -O "${temp_dir}/start.elf" "${FIRMWARE_URL}/start.elf"
28 28 as_nobody wget -q -O "${temp_dir}/start_cd.elf" "${FIRMWARE_URL}/start_cd.elf"
29 29 as_nobody wget -q -O "${temp_dir}/start_x.elf" "${FIRMWARE_URL}/start_x.elf"
30 30
31 31 # Move downloaded boot binaries
32 32 mv "${temp_dir}/"* "${BOOT_DIR}/"
33 33
34 34 # Remove temporary directory for boot binaries
35 35 rm -fr "${temp_dir}"
36 36
37 37 # Set permissions of the boot binaries
38 38 chown -R root:root "${BOOT_DIR}"
39 39 chmod -R 600 "${BOOT_DIR}"
40 40 fi
41 41 fi
42 42
43 43 # Setup firmware boot cmdline
44 44 if [ "$ENABLE_UBOOTUSB" = true ] ; then
45 45 CMDLINE="dwc_otg.lpm_enable=0 root=/dev/sda2 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline rootwait console=tty1 init=/bin/systemd"
46 46 else
47 47 if [ "$ENABLE_SPLITFS" = true ] ; then
48 48 CMDLINE="dwc_otg.lpm_enable=0 root=/dev/sda1 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline rootwait console=tty1 init=/bin/systemd"
49 49 else
50 50 CMDLINE="dwc_otg.lpm_enable=0 root=/dev/mmcblk0p2 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline rootwait console=tty1 init=/bin/systemd"
51 51 fi
52 52 fi
53 53
54 54 # Add encrypted root partition to cmdline.txt
55 55 if [ "$ENABLE_CRYPTFS" = true ] ; then
56 56 if [ "$ENABLE_SPLITFS" = true ] ; then
57 57 CMDLINE=$(echo "${CMDLINE}" | sed "s/sda1/mapper\/${CRYPTFS_MAPPING} cryptdevice=\/dev\/sda1:${CRYPTFS_MAPPING}/")
58 58 else
59 59 if [ "$ENABLE_UBOOTUSB" = true ] ; then
60 60 CMDLINE=$(echo "${CMDLINE}" | sed "s/sda2/mapper\/${CRYPTFS_MAPPING} cryptdevice=\/dev\/sda2:${CRYPTFS_MAPPING}/")
61 61 else
62 62 CMDLINE=$(echo "${CMDLINE}" | sed "s/mmcblk0p2/mapper\/${CRYPTFS_MAPPING} cryptdevice=\/dev\/mmcblk0p2:${CRYPTFS_MAPPING}/")
63 63 fi
64 64 fi
65 65 fi
66 66
67 if [ "$KERNEL_ZSWAP" = true ] ; then
68 # Create temporary directory for systemd-swap sources
69 temp_dir=$(as_nobody mktemp -d)
70
71 # Fetch systemd-swap sources
72 as_nobody git -C "${temp_dir}" clone "${ZSWAP_URL}"
73
74 # Copy downloaded systemd-swap sources
75 mv "${temp_dir}/systemd-swap" "${R}/tmp/"
76
77 # Set permissions of the systemd-swap sources
78 chown -R root:root "${R}/tmp/systemd-swap"
79
80 # Remove temporary directory for systemd-swap sources
81 rm -fr "${temp_dir}"
82
83 # Change into downloaded src dir
84 cd "${R}/tmp/systemd-swap" || exit
85
86 # Build package
87 . ./systemd-swap/package.sh debian
88
89 # Install package
90 chroot_exec dpkg -i /tmp/systemd-swap/systemd-swap-*any.deb
91
92 # Change back into script root dir
93 cd "${WORKDIR}" || exit
94 fi
95
96 67 #locks cpu at max frequency
97 68 if [ "$ENABLE_TURBO" = true ] ; then
98 69 echo "force_turbo=1" >> "${BOOT_DIR}/config.txt"
99 70 # helps to avoid sdcard corruption when force_turbo is enabled.
100 71 echo "boot_delay=1" >> "${BOOT_DIR}/config.txt"
101 72 fi
102 73
103 74 if [ "$ENABLE_PRINTK" = true ] ; then
104 75 install_readonly files/sysctl.d/83-rpi-printk.conf "${ETC_DIR}/sysctl.d/83-rpi-printk.conf"
105 76 fi
106 77
107 78 # Install udev rule for serial alias
108 79 install_readonly files/etc/99-com.rules "${LIB_DIR}/udev/rules.d/99-com.rules"
109 80
110 81 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then
111 82
112 83 # RPI0,3,3P Use default ttyS0 (mini-UART)as serial interface
113 84 SET_SERIAL="ttyS0"
114 85
115 86 # Bluetooth enabled
116 87 if [ "$ENABLE_BLUETOOTH" = true ] ; then
117 88 # Create temporary directory for Bluetooth sources
118 89 temp_dir=$(as_nobody mktemp -d)
119 90
120 91 # Fetch Bluetooth sources
121 92 as_nobody git -C "${temp_dir}" clone "${BLUETOOTH_URL}"
122 93
123 94 # Copy downloaded sources
124 95 mv "${temp_dir}/pi-bluetooth" "${R}/tmp/"
125 96
126 97 # Bluetooth firmware from arch aur https://aur.archlinux.org/packages/pi-bluetooth/
127 98 as_nobody wget -q -O "${R}/tmp/pi-bluetooth/LICENCE.broadcom_bcm43xx" https://aur.archlinux.org/cgit/aur.git/plain/LICENCE.broadcom_bcm43xx?h=pi-bluetooth
128 99 as_nobody wget -q -O "${R}/tmp/pi-bluetooth/BCM43430A1.hcd" https://aur.archlinux.org/cgit/aur.git/plain/BCM43430A1.hcd?h=pi-bluetooth
129 100
130 101 # Set permissions
131 102 chown -R root:root "${R}/tmp/pi-bluetooth"
132 103
133 104 # Install tools
134 105 install_readonly "${R}/tmp/pi-bluetooth/usr/bin/btuart" "${R}/usr/bin/btuart"
135 106 install_readonly "${R}/tmp/pi-bluetooth/usr/bin/bthelper" "${R}/usr/bin/bthelper"
136 107
137 108 # Install bluetooth udev rule
138 109 install_readonly "${R}/tmp/pi-bluetooth/lib/udev/rules.d/90-pi-bluetooth.rules" "${LIB_DIR}/udev/rules.d/90-pi-bluetooth.rules"
139 110
140 111 # Install Firmware Flash file and apropiate licence
141 112 mkdir -p "$BLUETOOTH_FIRMWARE_DIR"
142 113 install_readonly "${R}/tmp/pi-bluetooth/LICENCE.broadcom_bcm43xx" "${BLUETOOTH_FIRMWARE_DIR}/LICENCE.broadcom_bcm43xx"
143 114 install_readonly "${R}/tmp/pi-bluetooth/BCM43430A1.hcd" "${BLUETOOTH_FIRMWARE_DIR}/LICENCE.broadcom_bcm43xx"
144 115 install_readonly "${R}/tmp/pi-bluetooth/debian/pi-bluetooth.bthelper@.service" "${ETC_DIR}/systemd/system/pi-bluetooth.bthelper@.service"
145 116 install_readonly "${R}/tmp/pi-bluetooth/debian/pi-bluetooth.hciuart.service" "${ETC_DIR}/systemd/system/pi-bluetooth.hciuart.service"
146 117
147 118 # Remove temporary directory
148 119 rm -fr "${temp_dir}"
149 120
150 121 # Switch Pi3 Bluetooth function to use the mini-UART (ttyS0) and restore UART0/ttyAMA0 over GPIOs 14 & 15. Slow Bluetooth and slow cpu. Use /dev/ttyS0 instead of /dev/ttyAMA0
151 122 if [ "$ENABLE_MINIUART_OVERLAY" = true ] ; then
152 123 SET_SERIAL="ttyAMA0"
153 124
154 125 # set overlay to swap ttyAMA0 and ttyS0
155 126 echo "dtoverlay=pi3-miniuart-bt" >> "${BOOT_DIR}/config.txt"
156 127
157 128 # if force_turbo didn't lock cpu at high speed, lock it at low speed (XOR logic) or miniuart will be broken
158 129 if [ "$ENABLE_TURBO" = false ] ; then
159 130 echo "core_freq=250" >> "${BOOT_DIR}/config.txt"
160 131 fi
161 132
162 133 # Activate services
163 134 chroot_exec systemctl enable pi-bluetooth.hciuart.service
164 135 #chroot_exec systemctl enable pi-bluetooth.bthelper@.service
165 136 else
166 137 chroot_exec systemctl enable pi-bluetooth.hciuart.service
167 138 #chroot_exec systemctl enable pi-bluetooth.bthelper@.service
168 139 fi
169 140
170 141 else # if ENABLE_BLUETOOTH = false
171 142 # set overlay to disable bluetooth
172 143 echo "dtoverlay=pi3-disable-bt" >> "${BOOT_DIR}/config.txt"
173 144 fi # ENABLE_BLUETOOTH end
174 145
175 146 else
176 147 # RPI1,1P,2 Use default ttyAMA0 (full UART) as serial interface
177 148 SET_SERIAL="ttyAMA0"
178 149 fi
179 150
180 151 # may need sudo systemctl disable hciuart
181 152 if [ "$ENABLE_CONSOLE" = true ] ; then
182 153 echo "enable_uart=1" >> "${BOOT_DIR}/config.txt"
183 154 # add string to cmdline
184 155 CMDLINE="${CMDLINE} console=serial0,115200"
185 156
186 157 # Enable serial console systemd style
187 158 chroot_exec systemctl enable serial-getty@"$SET_SERIAL".service
188 159 else
189 160 echo "enable_uart=0" >> "${BOOT_DIR}/config.txt"
190 161 # disable serial console systemd style
191 162 chroot_exec systemctl disable serial-getty@"$SET_SERIAL".service
192 163 fi
193 164
165 # Remove cmdline.txt entry of starting zswap
166 if [ "$KERNEL_ZSWAP" = true ] ; then
167 CMDLINE="${CMDLINE} zswap.enabled=1 zswap.max_pool_percent=25 zswap.compressor=lz4"
168 fi
169
170 if [ "$ENABLE_SYSTEMDSWAP" = true ] ; then
171
172 # Remove cmdline.txt entry of starting zswap
173 if [ "$KERNEL_ZSWAP" = true ] ; then
174 sed -i 's|zswap.enabled=1 zswap.max_pool_percent=25 zswap.compressor=lz4||g'
175 fi
176 # Create temporary directory for systemd-swap sources
177 temp_dir=$(as_nobody mktemp -d)
178
179 # Fetch systemd-swap sources
180 as_nobody git -C "${temp_dir}" clone "${ZSWAP_URL}"
181
182 # Copy downloaded systemd-swap sources
183 mv "${temp_dir}/systemd-swap" "${R}/tmp/"
184
185 # Set permissions of the systemd-swap sources
186 chown -R root:root "${R}/tmp/systemd-swap"
187
188 # Remove temporary directory for systemd-swap sources
189 rm -fr "${temp_dir}"
190
191 # Change into downloaded src dir
192 cd "${R}/tmp/systemd-swap" || exit
193
194 # Build package
195 . ./systemd-swap/package.sh debian
196
197 # Install package
198 chroot_exec dpkg -i /tmp/systemd-swap/systemd-swap-*any.deb
199
200 # Enable service
201 chroot_exec systemctl enable systemd-swap
202
203 # Change back into script root dir
204 cd "${WORKDIR}" || exit
205 fi
206
194 207 # Remove IPv6 networking support
195 208 if [ "$ENABLE_IPV6" = false ] ; then
196 209 CMDLINE="${CMDLINE} ipv6.disable=1"
197 210 fi
198 211
199 212 # Automatically assign predictable network interface names
200 213 if [ "$ENABLE_IFNAMES" = false ] ; then
201 214 CMDLINE="${CMDLINE} net.ifnames=0"
202 215 else
203 216 CMDLINE="${CMDLINE} net.ifnames=1"
204 217 fi
205 218
206 219 # Install firmware boot cmdline
207 220 echo "${CMDLINE}" > "${BOOT_DIR}/cmdline.txt"
208 221
209 222 # Install firmware config
210 223 install_readonly files/boot/config.txt "${BOOT_DIR}/config.txt"
211 224
212 225 # Setup minimal GPU memory allocation size: 16MB (no X)
213 226 if [ "$ENABLE_MINGPU" = true ] ; then
214 227 echo "gpu_mem=16" >> "${BOOT_DIR}/config.txt"
215 228 fi
216 229
217 230 # Setup boot with initramfs
218 231 if [ "$ENABLE_INITRAMFS" = true ] ; then
219 232 echo "initramfs initramfs-${KERNEL_VERSION} followkernel" >> "${BOOT_DIR}/config.txt"
220 233 fi
221 234
222 235 # Create firmware configuration and cmdline symlinks
223 236 ln -sf firmware/config.txt "${R}/boot/config.txt"
224 237 ln -sf firmware/cmdline.txt "${R}/boot/cmdline.txt"
225 238
226 239 # Install and setup kernel modules to load at boot
227 240 mkdir -p "${LIB_DIR}/modules-load.d/"
228 241 install_readonly files/modules/rpi2.conf "${LIB_DIR}/modules-load.d/rpi2.conf"
229 242
230 243 # Load hardware random module at boot
231 244 if [ "$ENABLE_HWRANDOM" = true ] && [ "$BUILD_KERNEL" = false ] ; then
232 245 sed -i "s/^# bcm2708_rng/bcm2708_rng/" "${LIB_DIR}/modules-load.d/rpi2.conf"
233 246 fi
234 247
235 248 # Load sound module at boot
236 249 if [ "$ENABLE_SOUND" = true ] ; then
237 250 sed -i "s/^# snd_bcm2835/snd_bcm2835/" "${LIB_DIR}/modules-load.d/rpi2.conf"
238 251 else
239 252 echo "dtparam=audio=off" >> "${BOOT_DIR}/config.txt"
240 253 fi
241 254
242 255 # Enable I2C interface
243 256 if [ "$ENABLE_I2C" = true ] ; then
244 257 echo "dtparam=i2c_arm=on" >> "${BOOT_DIR}/config.txt"
245 258 sed -i "s/^# i2c-bcm2708/i2c-bcm2708/" "${LIB_DIR}/modules-load.d/rpi2.conf"
246 259 sed -i "s/^# i2c-dev/i2c-dev/" "${LIB_DIR}/modules-load.d/rpi2.conf"
247 260 fi
248 261
249 262 # Enable SPI interface
250 263 if [ "$ENABLE_SPI" = true ] ; then
251 264 echo "dtparam=spi=on" >> "${BOOT_DIR}/config.txt"
252 265 echo "spi-bcm2708" >> "${LIB_DIR}/modules-load.d/rpi2.conf"
253 266 if [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ]; then
254 267 sed -i "s/spi-bcm2708/spi-bcm2835/" "${LIB_DIR}/modules-load.d/rpi2.conf"
255 268 fi
256 269 fi
257 270
258 271 # Disable RPi2/3 under-voltage warnings
259 272 if [ -n "$DISABLE_UNDERVOLT_WARNINGS" ] ; then
260 273 echo "avoid_warnings=${DISABLE_UNDERVOLT_WARNINGS}" >> "${BOOT_DIR}/config.txt"
261 274 fi
262 275
263 276 # Install kernel modules blacklist
264 277 mkdir -p "${ETC_DIR}/modprobe.d/"
265 278 install_readonly files/modules/raspi-blacklist.conf "${ETC_DIR}/modprobe.d/raspi-blacklist.conf"
266 279
267 280 # Install sysctl.d configuration files
268 281 install_readonly files/sysctl.d/81-rpi-vm.conf "${ETC_DIR}/sysctl.d/81-rpi-vm.conf"
Show file before | Show file after | Hide comments
@@ -1,845 +1,847
1 1 #!/bin/sh
2 2 ########################################################################
3 3 # rpi23-gen-image.sh 2015-2017
4 4 #
5 5 # Advanced Debian "stretch" and "buster" bootstrap script for RPi2/3
6 6 #
7 7 # This program is free software; you can redistribute it and/or
8 8 # modify it under the terms of the GNU General Public License
9 9 # as published by the Free Software Foundation; either version 2
10 10 # of the License, or (at your option) any later version.
11 11 #
12 12 # Copyright (C) 2015 Jan Wagner <mail@jwagner.eu>
13 13 #
14 14 # Big thanks for patches and enhancements by 20+ github contributors!
15 15 ########################################################################
16 16
17 17 # Are we running as root?
18 18 if [ "$(id -u)" -ne "0" ] ; then
19 19 echo "error: this script must be executed with root privileges!"
20 20 exit 1
21 21 fi
22 22
23 23 # Check if ./functions.sh script exists
24 24 if [ ! -r "./functions.sh" ] ; then
25 25 echo "error: './functions.sh' required script not found!"
26 26 exit 1
27 27 fi
28 28
29 29 # Load utility functions
30 30 . ./functions.sh
31 31
32 32 # Load parameters from configuration template file
33 33 if [ -n "$CONFIG_TEMPLATE" ] ; then
34 34 use_template
35 35 fi
36 36
37 37 # Introduce settings
38 38 set -e
39 39 echo -n -e "\n#\n# RPi2/3 Bootstrap Settings\n#\n"
40 40 set -x
41 41
42 42 # Raspberry Pi model configuration
43 43 RPI_MODEL=${RPI_MODEL:=2}
44 44
45 45 # Debian release
46 46 RELEASE=${RELEASE:=buster}
47 47
48 48 # Kernel Branch
49 49 KERNEL_BRANCH=${KERNEL_BRANCH:=""}
50 50
51 51 # URLs
52 52 KERNEL_URL=${KERNEL_URL:=https://github.com/raspberrypi/linux}
53 53 FIRMWARE_URL=${FIRMWARE_URL:=https://github.com/raspberrypi/firmware/raw/master/boot}
54 54 WLAN_FIRMWARE_URL=${WLAN_FIRMWARE_URL:=https://github.com/RPi-Distro/firmware-nonfree/raw/master/brcm}
55 55 COLLABORA_URL=${COLLABORA_URL:=https://repositories.collabora.co.uk/debian}
56 56 FBTURBO_URL=${FBTURBO_URL:=https://github.com/ssvb/xf86-video-fbturbo.git}
57 57 UBOOT_URL=${UBOOT_URL:=https://git.denx.de/u-boot.git}
58 58 VIDEOCORE_URL=${VIDEOCORE_URL:=https://github.com/raspberrypi/userland}
59 59 #BIS= Kernel has KVM and zswap enabled
60 60 RPI3_64_BIS_KERNEL_URL=${RPI3_64_BIS_KERNEL_URL:=https://github.com/sakaki-/bcmrpi3-kernel-bis/releases/download/4.14.80.20181113/bcmrpi3-kernel-bis-4.14.80.20181113.tar.xz}
61 61 #default bcmrpi3_defconfig target kernel
62 62 RPI3_64_DEF_KERNEL_URL=${RPI3_64_DEF_KERNEL_URL:=https://github.com/sakaki-/bcmrpi3-kernel/releases/download/4.14.80.20181113/bcmrpi3-kernel-4.14.80.20181113.tar.xz}
63 63 #enhanced kernel
64 RPI3_64_KERNEL_URL=${RPI3_64_KERNEL_URL:=$RPI3_64_BIS_KERNEL_URL}
64 RPI3_64_KERNEL_URL=${RPI3_64_KERNEL_URL:=$RPI3_64_DEF_KERNEL_URL}
65 65 BLUETOOTH_URL=${BLUETOOTH_URL:=https://github.com/RPi-Distro/pi-bluetooth.git}
66 66 NEXMON_URL=${NEXMON_URL:=https://github.com/seemoo-lab/nexmon.git}
67 ZSWAP_URL=${ZSWAP_URL:=https://github.com/Nefelim4ag/systemd-swap.git}
68
67 SYSTEMDSWAP_URL=${SYSTEMDSWAP_URL:=https://github.com/Nefelim4ag/systemd-swap.git}
68 RPI_32_KERNEL_URL=${RPI_32_KERNEL_URL:=https://github.com/hypriot/rpi-kernel/releases/download/v4.14.34/raspberrypi-kernel_20180422-141901_armhf.deb}
69 RPI_32_KERNELHEADER_URL=${RPI_32_KERNELHEADER_URL:=https://github.com/hypriot/rpi-kernel/releases/download/v4.14.34/raspberrypi-kernel-headers_20180422-141901_armhf.deb}
69 70
70 71 # Build directories
71 72 WORKDIR=$(pwd)
72 73 BASEDIR=${BASEDIR:=${WORKDIR}/images/${RELEASE}}
73 74 BUILDDIR="${BASEDIR}/build"
74 75
75 76 # Chroot directories
76 77 R="${BUILDDIR}/chroot"
77 78 ETC_DIR="${R}/etc"
78 79 LIB_DIR="${R}/lib"
79 80 BOOT_DIR="${R}/boot/firmware"
80 81 KERNEL_DIR="${R}/usr/src/linux"
81 82 WLAN_FIRMWARE_DIR="${LIB_DIR}/firmware/brcm"
82 83 BLUETOOTH_FIRMWARE_DIR="${ETC_DIR}/firmware/bt"
83 84
84 85 # Firmware directory: Blank if download from github
85 86 RPI_FIRMWARE_DIR=${RPI_FIRMWARE_DIR:=""}
86 87
87 88 # General settings
88 89 SET_ARCH=${SET_ARCH:=32}
89 90 HOSTNAME=${HOSTNAME:=rpi${RPI_MODEL}-${RELEASE}}
90 91 PASSWORD=${PASSWORD:=raspberry}
91 92 USER_PASSWORD=${USER_PASSWORD:=raspberry}
92 93 DEFLOCAL=${DEFLOCAL:="en_US.UTF-8"}
93 94 TIMEZONE=${TIMEZONE:="Europe/Berlin"}
94 95 EXPANDROOT=${EXPANDROOT:=true}
95 96
96 97 # Keyboard settings
97 98 XKB_MODEL=${XKB_MODEL:=""}
98 99 XKB_LAYOUT=${XKB_LAYOUT:=""}
99 100 XKB_VARIANT=${XKB_VARIANT:=""}
100 101 XKB_OPTIONS=${XKB_OPTIONS:=""}
101 102
102 103 # Network settings (DHCP)
103 104 ENABLE_DHCP=${ENABLE_DHCP:=true}
104 105
105 106 # Network settings (static)
106 107 NET_ADDRESS=${NET_ADDRESS:=""}
107 108 NET_GATEWAY=${NET_GATEWAY:=""}
108 109 NET_DNS_1=${NET_DNS_1:=""}
109 110 NET_DNS_2=${NET_DNS_2:=""}
110 111 NET_DNS_DOMAINS=${NET_DNS_DOMAINS:=""}
111 112 NET_NTP_1=${NET_NTP_1:=""}
112 113 NET_NTP_2=${NET_NTP_2:=""}
113 114
114 115 # APT settings
115 116 APT_PROXY=${APT_PROXY:=""}
116 117 APT_SERVER=${APT_SERVER:="ftp.debian.org"}
117 118
118 119 # Feature settings
119 120 ENABLE_PRINTK=${ENABLE_PRINTK:=false}
120 121 ENABLE_BLUETOOTH=${ENABLE_BLUETOOTH:=false}
121 122 ENABLE_MINIUART_OVERLAY=${ENABLE_MINIUART_OVERLAY:=false}
122 123 ENABLE_CONSOLE=${ENABLE_CONSOLE:=true}
123 124 ENABLE_I2C=${ENABLE_I2C:=false}
124 125 ENABLE_SPI=${ENABLE_SPI:=false}
125 126 ENABLE_IPV6=${ENABLE_IPV6:=true}
126 127 ENABLE_SSHD=${ENABLE_SSHD:=true}
127 128 ENABLE_NONFREE=${ENABLE_NONFREE:=false}
128 129 ENABLE_WIRELESS=${ENABLE_WIRELESS:=false}
129 130 ENABLE_SOUND=${ENABLE_SOUND:=true}
130 131 ENABLE_DBUS=${ENABLE_DBUS:=true}
131 132 ENABLE_HWRANDOM=${ENABLE_HWRANDOM:=true}
132 133 ENABLE_MINGPU=${ENABLE_MINGPU:=false}
133 134 ENABLE_XORG=${ENABLE_XORG:=false}
134 135 ENABLE_WM=${ENABLE_WM:=""}
135 136 ENABLE_RSYSLOG=${ENABLE_RSYSLOG:=true}
136 137 ENABLE_USER=${ENABLE_USER:=true}
137 138 USER_NAME=${USER_NAME:="pi"}
138 139 ENABLE_ROOT=${ENABLE_ROOT:=false}
139 140 ENABLE_QEMU=${ENABLE_QEMU:=false}
140 141 ENABLE_SYSVINIT=${ENABLE_SYSVINIT:=false}
141 142
142 143 # SSH settings
143 144 SSH_ENABLE_ROOT=${SSH_ENABLE_ROOT:=false}
144 145 SSH_DISABLE_PASSWORD_AUTH=${SSH_DISABLE_PASSWORD_AUTH:=false}
145 146 SSH_LIMIT_USERS=${SSH_LIMIT_USERS:=false}
146 147 SSH_ROOT_PUB_KEY=${SSH_ROOT_PUB_KEY:=""}
147 148 SSH_USER_PUB_KEY=${SSH_USER_PUB_KEY:=""}
148 149
149 150 # Advanced settings
151 ENABLE_SYSTEMDSWAP=${ENABLE_MINBASE:=false}
150 152 ENABLE_MINBASE=${ENABLE_MINBASE:=false}
151 153 ENABLE_REDUCE=${ENABLE_REDUCE:=false}
152 154 ENABLE_UBOOT=${ENABLE_UBOOT:=false}
153 155 UBOOTSRC_DIR=${UBOOTSRC_DIR:=""}
154 156 ENABLE_UBOOTUSB=${ENABLE_UBOOTUSB=false}
155 157 ENABLE_FBTURBO=${ENABLE_FBTURBO:=false}
156 158 ENABLE_VIDEOCORE=${ENABLE_VIDEOCORE:=false}
157 159 ENABLE_NEXMON=${ENABLE_NEXMON:="false"}
158 160 VIDEOCORESRC_DIR=${VIDEOCORESRC_DIR:=""}
159 161 FBTURBOSRC_DIR=${FBTURBOSRC_DIR:=""}
160 162 NEXMON_DIR=${NEXMON_DIR:=""}
161 163 ENABLE_HARDNET=${ENABLE_HARDNET:=false}
162 164 ENABLE_IPTABLES=${ENABLE_IPTABLES:=false}
163 165 ENABLE_SPLITFS=${ENABLE_SPLITFS:=false}
164 166 ENABLE_INITRAMFS=${ENABLE_INITRAMFS:=false}
165 167 ENABLE_IFNAMES=${ENABLE_IFNAMES:=true}
166 168 DISABLE_UNDERVOLT_WARNINGS=${DISABLE_UNDERVOLT_WARNINGS:=}
167 169
168 170 # Kernel compilation settings
169 171 BUILD_KERNEL=${BUILD_KERNEL:=true}
170 172 KERNEL_REDUCE=${KERNEL_REDUCE:=false}
171 173 KERNEL_THREADS=${KERNEL_THREADS:=1}
172 174 KERNEL_HEADERS=${KERNEL_HEADERS:=true}
173 175 KERNEL_MENUCONFIG=${KERNEL_MENUCONFIG:=false}
174 176 KERNEL_REMOVESRC=${KERNEL_REMOVESRC:=true}
175 177 KERNEL_OLDDEFCONFIG=${KERNEL_OLDDEFCONFIG:=false}
176 178 KERNEL_CCACHE=${KERNEL_CCACHE:=false}
177 179 KERNEL_ZSWAP=${KERNEL_ZSWAP:=false}
178 180 KERNEL_VIRT=${KERNEL_VIRT:=false}
179 181 KERNEL_BPF=${KERNEL_BPF:=false}
180 182 KERNEL_DEFAULT_GOV=${KERNEL_DEFAULT_GOV:=POWERSAVE}
181 183
182 184 # Kernel compilation from source directory settings
183 185 KERNELSRC_DIR=${KERNELSRC_DIR:=""}
184 186 KERNELSRC_CLEAN=${KERNELSRC_CLEAN:=false}
185 187 KERNELSRC_CONFIG=${KERNELSRC_CONFIG:=true}
186 188 KERNELSRC_PREBUILT=${KERNELSRC_PREBUILT:=false}
187 189
188 190 # Reduce disk usage settings
189 191 REDUCE_APT=${REDUCE_APT:=true}
190 192 REDUCE_DOC=${REDUCE_DOC:=true}
191 193 REDUCE_MAN=${REDUCE_MAN:=true}
192 194 REDUCE_VIM=${REDUCE_VIM:=false}
193 195 REDUCE_BASH=${REDUCE_BASH:=false}
194 196 REDUCE_HWDB=${REDUCE_HWDB:=true}
195 197 REDUCE_SSHD=${REDUCE_SSHD:=true}
196 198 REDUCE_LOCALE=${REDUCE_LOCALE:=true}
197 199
198 200 # Encrypted filesystem settings
199 201 ENABLE_CRYPTFS=${ENABLE_CRYPTFS:=false}
200 202 CRYPTFS_PASSWORD=${CRYPTFS_PASSWORD:=""}
201 203 CRYPTFS_MAPPING=${CRYPTFS_MAPPING:="secure"}
202 204 CRYPTFS_CIPHER=${CRYPTFS_CIPHER:="aes-xts-plain64:sha512"}
203 205 CRYPTFS_XTSKEYSIZE=${CRYPTFS_XTSKEYSIZE:=512}
204 206 #Dropbear-initramfs supports unlocking encrypted filesystem via SSH on bootup
205 207 CRYPTFS_DROPBEAR=${CRYPTFS_DROPBEAR:=false}
206 208 #Provide your own Dropbear Public RSA-OpenSSH Key otherwise it will be generated
207 209 CRYPTFS_DROPBEAR_PUBKEY=${CRYPTFS_DROPBEAR_PUBKEY:=""}
208 210
209 211 # Chroot scripts directory
210 212 CHROOT_SCRIPTS=${CHROOT_SCRIPTS:=""}
211 213
212 214 # Packages required in the chroot build environment
213 215 APT_INCLUDES=${APT_INCLUDES:=""}
214 216 APT_INCLUDES="${APT_INCLUDES},apt-transport-https,apt-utils,ca-certificates,debian-archive-keyring,dialog,sudo,systemd,sysvinit-utils,locales,keyboard-configuration,console-setup,libnss-systemd"
215 217
216 218 #Packages to exclude from chroot build environment
217 219 APT_EXCLUDES=${APT_EXCLUDES:=""}
218 220
219 221 # Packages required for bootstrapping
220 222 REQUIRED_PACKAGES="debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git bc psmisc dbus sudo netselect-apt"
221 223 MISSING_PACKAGES=""
222 224
223 225 # Packages installed for c/c++ build environment in chroot (keep empty)
224 226 COMPILER_PACKAGES=""
225 227
226 228 set +x
227 229
228 230 #Check if apt-cacher-ng has port 3142 open and set APT_PROXY
229 231 APT_CACHER_RUNNING=$(lsof -i :3142 | grep apt-cacher-ng | cut -d ' ' -f3 | uniq)
230 232 if [ -n "${APT_CACHER_RUNNING}" ] ; then
231 233 APT_PROXY=http://127.0.0.1:3142/
232 234 fi
233 235
234 236 #netselect-apt does not know buster yet
235 237 if [ "$RELEASE" = "buster" ] ; then
236 238 RLS=testing
237 239 else
238 240 RLS="$RELEASE"
239 241 fi
240 242
241 243 if [ -f "$(pwd)/files/apt/sources.list" ] ; then
242 244 rm "$(pwd)/files/apt/sources.list"
243 245 fi
244 246
245 247 if [ "$ENABLE_NONFREE" = true ] ; then
246 248 netselect-apt --arch "$RELEASE_ARCH" --tests 10 --sources --nonfree --outfile "$(pwd)/files/apt/sources.list" -d "$RLS"
247 249 else
248 250 netselect-apt --arch "$RELEASE_ARCH" --tests 10 --sources --outfile "$(pwd)/files/apt/sources.list" -d "$RLS"
249 251 fi
250 252
251 253 #sed and cut the result string so we can use it as APT_SERVER
252 254 APT_SERVER=$(grep -m 1 http files/apt/sources.list | sed "s|http://| |g" | cut -d ' ' -f 3 | sed 's|/$|''|')
253 255
254 256 #make script easier and more stable to use with convenient setup switch. Just setup SET_ARCH and RPI_MODEL and your good to go!
255 257 if [ -n "$SET_ARCH" ] ; then
256 258 # 64 bit configuration
257 259 if [ "$SET_ARCH" = 64 ] ; then
258 260 # General 64 bit depended settings
259 261 QEMU_BINARY=${QEMU_BINARY:=/usr/bin/qemu-aarch64-static}
260 262 KERNEL_ARCH=${KERNEL_ARCH:=arm64}
261 263 KERNEL_BIN_IMAGE=${KERNEL_BIN_IMAGE:="Image"}
262 264
263 265 # Board specific settings
264 266 if [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then
265 267 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-arm64"
266 268 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcmrpi3_defconfig}
267 269 RELEASE_ARCH=${RELEASE_ARCH:=arm64}
268 270 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel8.img}
269 271 CROSS_COMPILE=${CROSS_COMPILE:=aarch64-linux-gnu-}
270 272 else
271 273 echo "error: Only Raspberry PI 3 and 3B+ support 64 bit"
272 274 exit 1
273 275 fi
274 276 fi
275 277
276 278 # 32 bit configuration
277 279 if [ "$SET_ARCH" = 32 ] ; then
278 280 # General 32 bit dependend settings
279 281 QEMU_BINARY=${QEMU_BINARY:=/usr/bin/qemu-arm-static}
280 282 KERNEL_ARCH=${KERNEL_ARCH:=arm}
281 283 KERNEL_BIN_IMAGE=${KERNEL_BIN_IMAGE:="zImage"}
282 284
283 285 # Hardware specific settings
284 286 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 1 ] || [ "$RPI_MODEL" = 1P ] ; then
285 287 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-armel"
286 288 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcmrpi_defconfig}
287 289 RELEASE_ARCH=${RELEASE_ARCH:=armel}
288 290 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel.img}
289 291 CROSS_COMPILE=${CROSS_COMPILE:=arm-linux-gnueabi-}
290 292 fi
291 293
292 294 # Hardware specific settings
293 295 if [ "$RPI_MODEL" = 2 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then
294 296 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-armhf"
295 297 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcm2709_defconfig}
296 298 RELEASE_ARCH=${RELEASE_ARCH:=armhf}
297 299 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel7.img}
298 300 CROSS_COMPILE=${CROSS_COMPILE:=arm-linux-gnueabihf-}
299 301 fi
300 302 fi
301 303 #SET_ARCH not set
302 304 else
303 305 echo "error: Please set '32' or '64' as value for SET_ARCH"
304 306 exit 1
305 307 fi
306 308 # Device specific configuration and U-Boot configuration
307 309 case "$RPI_MODEL" in
308 310 0)
309 311 DTB_FILE=${DTB_FILE:=bcm2708-rpi-0-w.dtb}
310 312 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_defconfig}
311 313 ;;
312 314 1)
313 315 DTB_FILE=${DTB_FILE:=bcm2708-rpi-b.dtb}
314 316 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_defconfig}
315 317 ;;
316 318 1P)
317 319 DTB_FILE=${DTB_FILE:=bcm2708-rpi-b-plus.dtb}
318 320 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_defconfig}
319 321 ;;
320 322 2)
321 323 DTB_FILE=${DTB_FILE:=bcm2709-rpi-2-b.dtb}
322 324 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_2_defconfig}
323 325 ;;
324 326 3)
325 327 DTB_FILE=${DTB_FILE:=bcm2710-rpi-3-b.dtb}
326 328 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_3_defconfig}
327 329 ;;
328 330 3P)
329 331 DTB_FILE=${DTB_FILE:=bcm2710-rpi-3-b.dtb}
330 332 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_3_defconfig}
331 333 ;;
332 334 *)
333 335 echo "error: Raspberry Pi model $RPI_MODEL is not supported!"
334 336 exit 1
335 337 ;;
336 338 esac
337 339
338 340 # Raspberry PI 0,3,3P with Bluetooth and Wifi onboard
339 341 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then
340 342 # Include bluetooth packages on supported boards
341 343 if [ "$ENABLE_BLUETOOTH" = true ] && [ "$ENABLE_CONSOLE" = false ]; then
342 344 APT_INCLUDES="${APT_INCLUDES},bluetooth,bluez"
343 345 fi
344 346 else # Raspberry PI 1,1P,2 without Wifi and bluetooth onboard
345 347 # Check if the internal wireless interface is not supported by the RPi model
346 348 if [ "$ENABLE_WIRELESS" = true ] || [ "$ENABLE_BLUETOOTH" = true ]; then
347 349 echo "error: The selected Raspberry Pi model has no integrated interface for wireless or bluetooth"
348 350 exit 1
349 351 fi
350 352 fi
351 353
352 354 # Prepare date string for default image file name
353 355 DATE="$(date +%Y-%m-%d)"
354 356 if [ -z "$KERNEL_BRANCH" ] ; then
355 357 IMAGE_NAME=${IMAGE_NAME:=${BASEDIR}/${DATE}-${KERNEL_ARCH}-CURRENT-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}}
356 358 else
357 359 IMAGE_NAME=${IMAGE_NAME:=${BASEDIR}/${DATE}-${KERNEL_ARCH}-${KERNEL_BRANCH}-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}}
358 360 fi
359 361
360 362 # Check if DISABLE_UNDERVOLT_WARNINGS parameter value is supported
361 363 if [ -n "$DISABLE_UNDERVOLT_WARNINGS" ] ; then
362 364 if [ "$DISABLE_UNDERVOLT_WARNINGS" != 1 ] && [ "$DISABLE_UNDERVOLT_WARNINGS" != 2 ] ; then
363 365 echo "error: DISABLE_UNDERVOLT_WARNINGS=${DISABLE_UNDERVOLT_WARNINGS} is not supported"
364 366 exit 1
365 367 fi
366 368 fi
367 369
368 370 # Add cmake to compile videocore sources
369 371 if [ "$ENABLE_VIDEOCORE" = true ] ; then
370 372 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} cmake"
371 373 fi
372 374
373 375 # Add libncurses5 to enable kernel menuconfig
374 376 if [ "$KERNEL_MENUCONFIG" = true ] ; then
375 377 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} libncurses-dev"
376 378 fi
377 379
378 380 # Add ccache compiler cache for (faster) kernel cross (re)compilation
379 381 if [ "$KERNEL_CCACHE" = true ] ; then
380 382 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} ccache"
381 383 fi
382 384
383 385 # Add cryptsetup package to enable filesystem encryption
384 386 if [ "$ENABLE_CRYPTFS" = true ] && [ "$BUILD_KERNEL" = true ] ; then
385 387 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} cryptsetup"
386 388 APT_INCLUDES="${APT_INCLUDES},cryptsetup,busybox,console-setup"
387 389
388 390 #If cryptfs,dropbear and initramfs are enabled include dropbear-initramfs package
389 391 if [ "$CRYPTFS_DROPBEAR" = true ] && [ "$ENABLE_INITRAMFS" = true ]; then
390 392 APT_INCLUDES="${APT_INCLUDES},dropbear-initramfs"
391 393 fi
392 394
393 395 if [ -z "$CRYPTFS_PASSWORD" ] ; then
394 396 echo "error: no password defined (CRYPTFS_PASSWORD)!"
395 397 exit 1
396 398 fi
397 399 ENABLE_INITRAMFS=true
398 400 fi
399 401
400 402 # Add initramfs generation tools
401 403 if [ "$ENABLE_INITRAMFS" = true ] && [ "$BUILD_KERNEL" = true ] ; then
402 404 APT_INCLUDES="${APT_INCLUDES},initramfs-tools"
403 405 fi
404 406
405 407 # Add device-tree-compiler required for building the U-Boot bootloader
406 408 if [ "$ENABLE_UBOOT" = true ] ; then
407 409 APT_INCLUDES="${APT_INCLUDES},device-tree-compiler,bison,flex,bc"
408 410 else
409 411 if [ "$ENABLE_UBOOTUSB" = true ] ; then
410 412 echo "error: Enabling UBOOTUSB requires u-boot to be enabled"
411 413 exit 1
412 414 fi
413 415 fi
414 416
415 417 # Check if root SSH (v2) public key file exists
416 418 if [ -n "$SSH_ROOT_PUB_KEY" ] ; then
417 419 if [ ! -f "$SSH_ROOT_PUB_KEY" ] ; then
418 420 echo "error: '$SSH_ROOT_PUB_KEY' specified SSH public key file not found (SSH_ROOT_PUB_KEY)!"
419 421 exit 1
420 422 fi
421 423 fi
422 424
423 425 # Check if $USER_NAME SSH (v2) public key file exists
424 426 if [ -n "$SSH_USER_PUB_KEY" ] ; then
425 427 if [ ! -f "$SSH_USER_PUB_KEY" ] ; then
426 428 echo "error: '$SSH_USER_PUB_KEY' specified SSH public key file not found (SSH_USER_PUB_KEY)!"
427 429 exit 1
428 430 fi
429 431 fi
430 432
431 433 # Check if all required packages are installed on the build system
432 434 for package in $REQUIRED_PACKAGES ; do
433 435 if [ "$(dpkg-query -W -f='${Status}' "$package")" != "install ok installed" ] ; then
434 436 MISSING_PACKAGES="${MISSING_PACKAGES} $package"
435 437 fi
436 438 done
437 439
438 440 # If there are missing packages ask confirmation for install, or exit
439 441 if [ -n "$MISSING_PACKAGES" ] ; then
440 442 echo "the following packages needed by this script are not installed:"
441 443 echo "$MISSING_PACKAGES"
442 444
443 445 printf "\ndo you want to install the missing packages right now? [y/n] "
444 446 read -r confirm
445 447 [ "$confirm" != "y" ] && exit 1
446 448
447 449 # Make sure all missing required packages are installed
448 450 apt-get -qq -y install "${MISSING_PACKAGES}"
449 451 fi
450 452
451 453 # Check if ./bootstrap.d directory exists
452 454 if [ ! -d "./bootstrap.d/" ] ; then
453 455 echo "error: './bootstrap.d' required directory not found!"
454 456 exit 1
455 457 fi
456 458
457 459 # Check if ./files directory exists
458 460 if [ ! -d "./files/" ] ; then
459 461 echo "error: './files' required directory not found!"
460 462 exit 1
461 463 fi
462 464
463 465 # Check if specified KERNELSRC_DIR directory exists
464 466 if [ -n "$KERNELSRC_DIR" ] && [ ! -d "$KERNELSRC_DIR" ] ; then
465 467 echo "error: '${KERNELSRC_DIR}' specified directory not found (KERNELSRC_DIR)!"
466 468 exit 1
467 469 fi
468 470
469 471 # Check if specified UBOOTSRC_DIR directory exists
470 472 if [ -n "$UBOOTSRC_DIR" ] && [ ! -d "$UBOOTSRC_DIR" ] ; then
471 473 echo "error: '${UBOOTSRC_DIR}' specified directory not found (UBOOTSRC_DIR)!"
472 474 exit 1
473 475 fi
474 476
475 477 # Check if specified VIDEOCORESRC_DIR directory exists
476 478 if [ -n "$VIDEOCORESRC_DIR" ] && [ ! -d "$VIDEOCORESRC_DIR" ] ; then
477 479 echo "error: '${VIDEOCORESRC_DIR}' specified directory not found (VIDEOCORESRC_DIR)!"
478 480 exit 1
479 481 fi
480 482
481 483 # Check if specified FBTURBOSRC_DIR directory exists
482 484 if [ -n "$FBTURBOSRC_DIR" ] && [ ! -d "$FBTURBOSRC_DIR" ] ; then
483 485 echo "error: '${FBTURBOSRC_DIR}' specified directory not found (FBTURBOSRC_DIR)!"
484 486 exit 1
485 487 fi
486 488
487 489 # Check if specified NEXMON_DIR directory exists
488 490 if [ -n "$NEXMON_DIR" ] && [ ! -d "$NEXMON_DIR" ] ; then
489 491 echo "error: '${NEXMON_DIR}' specified directory not found (NEXMON_DIR)!"
490 492 exit 1
491 493 fi
492 494
493 495 # Check if specified CHROOT_SCRIPTS directory exists
494 496 if [ -n "$CHROOT_SCRIPTS" ] && [ ! -d "$CHROOT_SCRIPTS" ] ; then
495 497 echo "error: ${CHROOT_SCRIPTS} specified directory not found (CHROOT_SCRIPTS)!"
496 498 exit 1
497 499 fi
498 500
499 501 # Check if specified device mapping already exists (will be used by cryptsetup)
500 502 if [ -r "/dev/mapping/${CRYPTFS_MAPPING}" ] ; then
501 503 echo "error: mapping /dev/mapping/${CRYPTFS_MAPPING} already exists, not proceeding"
502 504 exit 1
503 505 fi
504 506
505 507 # Don't clobber an old build
506 508 if [ -e "$BUILDDIR" ] ; then
507 509 echo "error: directory ${BUILDDIR} already exists, not proceeding"
508 510 exit 1
509 511 fi
510 512
511 513 # Setup chroot directory
512 514 mkdir -p "${R}"
513 515
514 516 # Check if build directory has enough of free disk space >512MB
515 517 if [ "$(df --output=avail "${BUILDDIR}" | sed "1d")" -le "524288" ] ; then
516 518 echo "error: ${BUILDDIR} not enough space left to generate the output image!"
517 519 exit 1
518 520 fi
519 521
520 522 set -x
521 523
522 524 # Call "cleanup" function on various signals and errors
523 525 trap cleanup 0 1 2 3 6
524 526
525 527 # Add required packages for the minbase installation
526 528 if [ "$ENABLE_MINBASE" = true ] ; then
527 529 APT_INCLUDES="${APT_INCLUDES},vim-tiny,netbase,net-tools,ifupdown"
528 530 fi
529 531
530 532 # Add parted package, required to get partprobe utility
531 533 if [ "$EXPANDROOT" = true ] ; then
532 534 APT_INCLUDES="${APT_INCLUDES},parted"
533 535 fi
534 536
535 537 # Add dbus package, recommended if using systemd
536 538 if [ "$ENABLE_DBUS" = true ] ; then
537 539 APT_INCLUDES="${APT_INCLUDES},dbus"
538 540 fi
539 541
540 542 # Add iptables IPv4/IPv6 package
541 543 if [ "$ENABLE_IPTABLES" = true ] ; then
542 544 APT_INCLUDES="${APT_INCLUDES},iptables,iptables-persistent"
543 545 fi
544 546
545 547 # Add openssh server package
546 548 if [ "$ENABLE_SSHD" = true ] ; then
547 549 APT_INCLUDES="${APT_INCLUDES},openssh-server"
548 550 fi
549 551
550 552 # Add alsa-utils package
551 553 if [ "$ENABLE_SOUND" = true ] ; then
552 554 APT_INCLUDES="${APT_INCLUDES},alsa-utils"
553 555 fi
554 556
555 557 # Add rng-tools package
556 558 if [ "$ENABLE_HWRANDOM" = true ] ; then
557 559 APT_INCLUDES="${APT_INCLUDES},rng-tools"
558 560 fi
559 561
560 562 # Add fbturbo video driver
561 563 if [ "$ENABLE_FBTURBO" = true ] ; then
562 564 # Enable xorg package dependencies
563 565 ENABLE_XORG=true
564 566 fi
565 567
566 568 # Add user defined window manager package
567 569 if [ -n "$ENABLE_WM" ] ; then
568 570 APT_INCLUDES="${APT_INCLUDES},${ENABLE_WM}"
569 571
570 572 # Enable xorg package dependencies
571 573 ENABLE_XORG=true
572 574 fi
573 575
574 576 # Add xorg package
575 577 if [ "$ENABLE_XORG" = true ] ; then
576 578 APT_INCLUDES="${APT_INCLUDES},xorg,dbus-x11"
577 579 fi
578 580
579 581 # Replace selected packages with smaller clones
580 582 if [ "$ENABLE_REDUCE" = true ] ; then
581 583 # Add levee package instead of vim-tiny
582 584 if [ "$REDUCE_VIM" = true ] ; then
583 585 APT_INCLUDES="$(echo ${APT_INCLUDES} | sed "s/vim-tiny/levee/")"
584 586 fi
585 587
586 588 # Add dropbear package instead of openssh-server
587 589 if [ "$REDUCE_SSHD" = true ] ; then
588 590 APT_INCLUDES="$(echo "${APT_INCLUDES}" | sed "s/openssh-server/dropbear/")"
589 591 fi
590 592 fi
591 593
592 594 # Configure systemd-sysv exclude to make halt/reboot/shutdown scripts available
593 595 if [ "$ENABLE_SYSVINIT" = false ] ; then
594 596 APT_EXCLUDES="--exclude=${APT_EXCLUDES},init,systemd-sysv"
595 597 fi
596 598
597 599 # Configure kernel sources if no KERNELSRC_DIR
598 600 if [ "$BUILD_KERNEL" = true ] && [ -z "$KERNELSRC_DIR" ] ; then
599 601 KERNELSRC_CONFIG=true
600 602 fi
601 603
602 604 # Configure reduced kernel
603 605 if [ "$KERNEL_REDUCE" = true ] ; then
604 606 KERNELSRC_CONFIG=false
605 607 fi
606 608
607 609 # Configure qemu compatible kernel
608 610 if [ "$ENABLE_QEMU" = true ] ; then
609 611 DTB_FILE=vexpress-v2p-ca15_a7.dtb
610 612 UBOOT_CONFIG=vexpress_ca15_tc2_defconfig
611 613 KERNEL_DEFCONFIG="vexpress_defconfig"
612 614 if [ "$KERNEL_MENUCONFIG" = false ] ; then
613 615 KERNEL_OLDDEFCONFIG=true
614 616 fi
615 617 fi
616 618
617 619 # Execute bootstrap scripts
618 620 for SCRIPT in bootstrap.d/*.sh; do
619 621 head -n 3 "$SCRIPT"
620 622 . "$SCRIPT"
621 623 done
622 624
623 625 ## Execute custom bootstrap scripts
624 626 if [ -d "custom.d" ] ; then
625 627 for SCRIPT in custom.d/*.sh; do
626 628 . "$SCRIPT"
627 629 done
628 630 fi
629 631
630 632 # Execute custom scripts inside the chroot
631 633 if [ -n "$CHROOT_SCRIPTS" ] && [ -d "$CHROOT_SCRIPTS" ] ; then
632 634 cp -r "${CHROOT_SCRIPTS}" "${R}/chroot_scripts"
633 635 chroot_exec /bin/bash -x <<'EOF'
634 636 for SCRIPT in /chroot_scripts/* ; do
635 637 if [ -f $SCRIPT -a -x $SCRIPT ] ; then
636 638 $SCRIPT
637 639 fi
638 640 done
639 641 EOF
640 642 rm -rf "${R}/chroot_scripts"
641 643 fi
642 644
643 645 # Remove c/c++ build environment from the chroot
644 646 chroot_remove_cc
645 647
646 648 # Generate required machine-id
647 649 MACHINE_ID=$(dbus-uuidgen)
648 650 echo -n "${MACHINE_ID}" > "${R}/var/lib/dbus/machine-id"
649 651 echo -n "${MACHINE_ID}" > "${ETC_DIR}/machine-id"
650 652
651 653 # APT Cleanup
652 654 chroot_exec apt-get -y clean
653 655 chroot_exec apt-get -y autoclean
654 656 chroot_exec apt-get -y autoremove
655 657
656 658 # Unmount mounted filesystems
657 659 umount -l "${R}/proc"
658 660 umount -l "${R}/sys"
659 661
660 662 # Clean up directories
661 663 rm -rf "${R}/run/*"
662 664 rm -rf "${R}/tmp/*"
663 665
664 666 # Clean up files
665 667 rm -f "${ETC_DIR}/ssh/ssh_host_*"
666 668 rm -f "${ETC_DIR}/dropbear/dropbear_*"
667 669 rm -f "${ETC_DIR}/apt/sources.list.save"
668 670 rm -f "${ETC_DIR}/resolvconf/resolv.conf.d/original"
669 671 rm -f "${ETC_DIR}/*-"
670 672 rm -f "${ETC_DIR}/apt/apt.conf.d/10proxy"
671 673 rm -f "${ETC_DIR}/resolv.conf"
672 674 rm -f "${R}/root/.bash_history"
673 675 rm -f "${R}/var/lib/urandom/random-seed"
674 676 rm -f "${R}/initrd.img"
675 677 rm -f "${R}/vmlinuz"
676 678 rm -f "${R}${QEMU_BINARY}"
677 679
678 680 if [ "$ENABLE_QEMU" = true ] ; then
679 681 # Setup QEMU directory
680 682 mkdir "${BASEDIR}/qemu"
681 683
682 684 # Copy kernel image to QEMU directory
683 685 install_readonly "${BOOT_DIR}/${KERNEL_IMAGE}" "${BASEDIR}/qemu/${KERNEL_IMAGE}"
684 686
685 687 # Copy kernel config to QEMU directory
686 688 install_readonly "${R}/boot/config-${KERNEL_VERSION}" "${BASEDIR}/qemu/config-${KERNEL_VERSION}"
687 689
688 690 # Copy kernel dtbs to QEMU directory
689 691 for dtb in "${BOOT_DIR}/"*.dtb ; do
690 692 if [ -f "${dtb}" ] ; then
691 693 install_readonly "${dtb}" "${BASEDIR}/qemu/"
692 694 fi
693 695 done
694 696
695 697 # Copy kernel overlays to QEMU directory
696 698 if [ -d "${BOOT_DIR}/overlays" ] ; then
697 699 # Setup overlays dtbs directory
698 700 mkdir "${BASEDIR}/qemu/overlays"
699 701
700 702 for dtb in "${BOOT_DIR}/overlays/"*.dtb ; do
701 703 if [ -f "${dtb}" ] ; then
702 704 install_readonly "${dtb}" "${BASEDIR}/qemu/overlays/"
703 705 fi
704 706 done
705 707 fi
706 708
707 709 # Copy u-boot files to QEMU directory
708 710 if [ "$ENABLE_UBOOT" = true ] ; then
709 711 if [ -f "${BOOT_DIR}/u-boot.bin" ] ; then
710 712 install_readonly "${BOOT_DIR}/u-boot.bin" "${BASEDIR}/qemu/u-boot.bin"
711 713 fi
712 714 if [ -f "${BOOT_DIR}/uboot.mkimage" ] ; then
713 715 install_readonly "${BOOT_DIR}/uboot.mkimage" "${BASEDIR}/qemu/uboot.mkimage"
714 716 fi
715 717 if [ -f "${BOOT_DIR}/boot.scr" ] ; then
716 718 install_readonly "${BOOT_DIR}/boot.scr" "${BASEDIR}/qemu/boot.scr"
717 719 fi
718 720 fi
719 721
720 722 # Copy initramfs to QEMU directory
721 723 if [ -f "${BOOT_DIR}/initramfs-${KERNEL_VERSION}" ] ; then
722 724 install_readonly "${BOOT_DIR}/initramfs-${KERNEL_VERSION}" "${BASEDIR}/qemu/initramfs-${KERNEL_VERSION}"
723 725 fi
724 726 fi
725 727
726 728 # Calculate size of the chroot directory in KB
727 729 CHROOT_SIZE=$(expr "$(du -s "${R}" | awk '{ print $1 }')")
728 730
729 731 # Calculate the amount of needed 512 Byte sectors
730 732 TABLE_SECTORS=$(expr 1 \* 1024 \* 1024 \/ 512)
731 733 FRMW_SECTORS=$(expr 64 \* 1024 \* 1024 \/ 512)
732 734 ROOT_OFFSET=$(expr "${TABLE_SECTORS}" + "${FRMW_SECTORS}")
733 735
734 736 # The root partition is EXT4
735 737 # This means more space than the actual used space of the chroot is used.
736 738 # As overhead for journaling and reserved blocks 35% are added.
737 739 ROOT_SECTORS=$(expr "$(expr "${CHROOT_SIZE}" + "${CHROOT_SIZE}" \/ 100 \* 35)" \* 1024 \/ 512)
738 740
739 741 # Calculate required image size in 512 Byte sectors
740 742 IMAGE_SECTORS=$(expr "${TABLE_SECTORS}" + "${FRMW_SECTORS}" + "${ROOT_SECTORS}")
741 743
742 744 # Prepare image file
743 745 if [ "$ENABLE_SPLITFS" = true ] ; then
744 746 dd if=/dev/zero of="$IMAGE_NAME-frmw.img" bs=512 count="${TABLE_SECTORS}"
745 747 dd if=/dev/zero of="$IMAGE_NAME-frmw.img" bs=512 count=0 seek="${FRMW_SECTORS}"
746 748 dd if=/dev/zero of="$IMAGE_NAME-root.img" bs=512 count="${TABLE_SECTORS}"
747 749 dd if=/dev/zero of="$IMAGE_NAME-root.img" bs=512 count=0 seek="${ROOT_SECTORS}"
748 750
749 751 # Write firmware/boot partition tables
750 752 sfdisk -q -L -uS -f "$IMAGE_NAME-frmw.img" 2> /dev/null <<EOM
751 753 ${TABLE_SECTORS},${FRMW_SECTORS},c,*
752 754 EOM
753 755
754 756 # Write root partition table
755 757 sfdisk -q -L -uS -f "$IMAGE_NAME-root.img" 2> /dev/null <<EOM
756 758 ${TABLE_SECTORS},${ROOT_SECTORS},83
757 759 EOM
758 760
759 761 # Setup temporary loop devices
760 762 FRMW_LOOP="$(losetup -o 1M --sizelimit 64M -f --show "$IMAGE_NAME"-frmw.img)"
761 763 ROOT_LOOP="$(losetup -o 1M -f --show "$IMAGE_NAME"-root.img)"
762 764 else # ENABLE_SPLITFS=false
763 765 dd if=/dev/zero of="$IMAGE_NAME.img" bs=512 count="${TABLE_SECTORS}"
764 766 dd if=/dev/zero of="$IMAGE_NAME.img" bs=512 count=0 seek="${IMAGE_SECTORS}"
765 767
766 768 # Write partition table
767 769 sfdisk -q -L -uS -f "$IMAGE_NAME.img" 2> /dev/null <<EOM
768 770 ${TABLE_SECTORS},${FRMW_SECTORS},c,*
769 771 ${ROOT_OFFSET},${ROOT_SECTORS},83
770 772 EOM
771 773
772 774 # Setup temporary loop devices
773 775 FRMW_LOOP="$(losetup -o 1M --sizelimit 64M -f --show "$IMAGE_NAME".img)"
774 776 ROOT_LOOP="$(losetup -o 65M -f --show "$IMAGE_NAME".img)"
775 777 fi
776 778
777 779 if [ "$ENABLE_CRYPTFS" = true ] ; then
778 780 # Create dummy ext4 fs
779 781 mkfs.ext4 "$ROOT_LOOP"
780 782
781 783 # Setup password keyfile
782 784 touch .password
783 785 chmod 600 .password
784 786 echo -n ${CRYPTFS_PASSWORD} > .password
785 787
786 788 # Initialize encrypted partition
787 789 echo "YES" | cryptsetup luksFormat "${ROOT_LOOP}" -c "${CRYPTFS_CIPHER}" -s "${CRYPTFS_XTSKEYSIZE}" .password
788 790
789 791 # Open encrypted partition and setup mapping
790 792 cryptsetup luksOpen "${ROOT_LOOP}" -d .password "${CRYPTFS_MAPPING}"
791 793
792 794 # Secure delete password keyfile
793 795 shred -zu .password
794 796
795 797 # Update temporary loop device
796 798 ROOT_LOOP="/dev/mapper/${CRYPTFS_MAPPING}"
797 799
798 800 # Wipe encrypted partition (encryption cipher is used for randomness)
799 801 dd if=/dev/zero of="${ROOT_LOOP}" bs=512 count="$(blockdev --getsz "${ROOT_LOOP}")"
800 802 fi
801 803
802 804 # Build filesystems
803 805 mkfs.vfat "$FRMW_LOOP"
804 806 mkfs.ext4 "$ROOT_LOOP"
805 807
806 808 # Mount the temporary loop devices
807 809 mkdir -p "$BUILDDIR/mount"
808 810 mount "$ROOT_LOOP" "$BUILDDIR/mount"
809 811
810 812 mkdir -p "$BUILDDIR/mount/boot/firmware"
811 813 mount "$FRMW_LOOP" "$BUILDDIR/mount/boot/firmware"
812 814
813 815 # Copy all files from the chroot to the loop device mount point directory
814 816 rsync -a "${R}/" "$BUILDDIR/mount/"
815 817
816 818 # Unmount all temporary loop devices and mount points
817 819 cleanup
818 820
819 821 # Create block map file(s) of image(s)
820 822 if [ "$ENABLE_SPLITFS" = true ] ; then
821 823 # Create block map files for "bmaptool"
822 824 bmaptool create -o "$IMAGE_NAME-frmw.bmap" "$IMAGE_NAME-frmw.img"
823 825 bmaptool create -o "$IMAGE_NAME-root.bmap" "$IMAGE_NAME-root.img"
824 826
825 827 # Image was successfully created
826 828 echo "$IMAGE_NAME-frmw.img ($(expr \( "${TABLE_SECTORS}" + "${FRMW_SECTORS}" \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
827 829 echo "$IMAGE_NAME-root.img ($(expr \( "${TABLE_SECTORS}" + "${ROOT_SECTORS}" \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
828 830 else
829 831 # Create block map file for "bmaptool"
830 832 bmaptool create -o "$IMAGE_NAME.bmap" "$IMAGE_NAME.img"
831 833
832 834 # Image was successfully created
833 835 echo "$IMAGE_NAME.img ($(expr \( "${TABLE_SECTORS}" + "${FRMW_SECTORS}" + "${ROOT_SECTORS}" \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
834 836
835 837 # Create qemu qcow2 image
836 838 if [ "$ENABLE_QEMU" = true ] ; then
837 839 QEMU_IMAGE=${QEMU_IMAGE:=${BASEDIR}/qemu/${DATE}-${KERNEL_ARCH}-CURRENT-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}}
838 840 QEMU_SIZE=16G
839 841
840 842 qemu-img convert -f raw -O qcow2 "$IMAGE_NAME".img "$QEMU_IMAGE".qcow2
841 843 qemu-img resize "$QEMU_IMAGE".qcow2 $QEMU_SIZE
842 844
843 845 echo "$QEMU_IMAGE.qcow2 ($QEMU_SIZE)" ": successfully created"
844 846 fi
845 847 fi
General Comments 0
Vous devez vous connecter pour laisser un commentaire. Se connecter maintenant