##// END OF EJS Templates
Raspi2-3_GenImage
RSS

Cloner depuis https://github.com/drtyhlpr/rpi23-gen-image.git

Merge pull request #24 from drtyhlpr/master...
Gérard Vidal -
r626:6a5b0d04eb30 Fusion
parent child
Show More
Show file before | Show file after | Hide comments
@@ -1,549 +1,549
1 1 # rpi23-gen-image
2 2 ## Introduction
3 3 `rpi23-gen-image.sh` is an advanced Debian Linux bootstrapping shell script for generating Debian OS images for all Raspberry Pi computers. The script at this time supports the bootstrapping of the Debian (armhf/armel) releases `stretch` and `buster`. Raspberry Pi 0/1/2/3 images are generated for 32-bit mode only. Raspberry Pi 3 supports 64-bit images that can be generated using custom configuration parameters (```templates/rpi3-stretch-arm64-4.14.y```).
4 4
5 5
6 6 ## Build dependencies
7 7 The following list of Debian packages must be installed on the build system because they are essentially required for the bootstrapping process. The script will check if all required packages are installed and missing packages will be installed automatically if confirmed by the user.
8 8
9 9 ```debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git bc psmisc dbus sudo```
10 10
11 11 It is recommended to configure the `rpi23-gen-image.sh` script to build and install the latest Raspberry Pi Linux kernel. For the Raspberry 3 this is mandatory. Kernel compilation and linking will be performed on the build system using an ARM (armhf/armel) cross-compiler toolchain.
12 12
13 13 The script has been tested using the default `crossbuild-essential-armhf` and `crossbuild-essential-armel` toolchain meta packages on Debian Linux `stretch` build systems. Please check the [Debian CrossToolchains Wiki](https://wiki.debian.org/CrossToolchains) for further information.
14 14
15 15 ## Command-line parameters
16 16 The script accepts certain command-line parameters to enable or disable specific OS features, services and configuration settings. These parameters are passed to the `rpi23-gen-image.sh` script via (simple) shell-variables. Unlike environment shell-variables (simple) shell-variables are defined at the beginning of the command-line call of the `rpi23-gen-image.sh` script.
17 17
18 18 ##### Command-line examples:
19 19 ```shell
20 20 ENABLE_UBOOT=true ./rpi23-gen-image.sh
21 21 ENABLE_CONSOLE=false ENABLE_IPV6=false ./rpi23-gen-image.sh
22 22 ENABLE_WM=xfce4 ENABLE_FBTURBO=true ENABLE_MINBASE=true ./rpi23-gen-image.sh
23 23 ENABLE_HARDNET=true ENABLE_IPTABLES=true /rpi23-gen-image.sh
24 24 APT_SERVER=ftp.de.debian.org APT_PROXY="http://127.0.0.1:3142/" ./rpi23-gen-image.sh
25 25 ENABLE_MINBASE=true ./rpi23-gen-image.sh
26 26 BUILD_KERNEL=true ENABLE_MINBASE=true ENABLE_IPV6=false ./rpi23-gen-image.sh
27 27 BUILD_KERNEL=true KERNELSRC_DIR=/tmp/linux ./rpi23-gen-image.sh
28 28 ENABLE_MINBASE=true ENABLE_REDUCE=true ENABLE_MINGPU=true BUILD_KERNEL=true ./rpi23-gen-image.sh
29 29 ENABLE_CRYPTFS=true CRYPTFS_PASSWORD=changeme EXPANDROOT=false ENABLE_MINBASE=true ENABLE_REDUCE=true ENABLE_MINGPU=true BUILD_KERNEL=true ./rpi23-gen-image.sh
30 30 RELEASE=stretch BUILD_KERNEL=true ./rpi23-gen-image.sh
31 31 RPI_MODEL=3 ENABLE_WIRELESS=true ENABLE_MINBASE=true BUILD_KERNEL=true ./rpi23-gen-image.sh
32 32 RELEASE=stretch RPI_MODEL=3 ENABLE_WIRELESS=true ENABLE_MINBASE=true BUILD_KERNEL=true ./rpi23-gen-image.sh
33 33 ```
34 34
35 35 ## Configuration template files
36 36 To avoid long lists of command-line parameters and to help to store the favourite parameter configurations the `rpi23-gen-image.sh` script supports so called configuration template files (`CONFIG_TEMPLATE`=template). These are simple text files located in the `./templates` directory that contain the list of configuration parameters that will be used. New configuration template files can be added to the `./templates` directory.
37 37
38 38 ##### Command-line examples:
39 39 ```shell
40 40 CONFIG_TEMPLATE=rpi3stretch ./rpi23-gen-image.sh
41 41 CONFIG_TEMPLATE=rpi2stretch ./rpi23-gen-image.sh
42 42 ```
43 43
44 44 ## Supported parameters and settings
45 45 #### APT settings:
46 46 ##### `APT_SERVER`="ftp.debian.org"
47 47 Set Debian packages server address. Choose a server from the list of Debian worldwide [mirror sites](https://www.debian.org/mirror/list). Using a nearby server will probably speed-up all required downloads within the bootstrapping process.
48 48
49 49 ##### `APT_PROXY`=""
50 50 Set Proxy server address. Using a local Proxy-Cache like `apt-cacher-ng` will speed-up the bootstrapping process because all required Debian packages will only be downloaded from the Debian mirror site once. If `apt-cacher-ng` is running on default `http://127.0.0.1:3142` it is autodetected and you don't need to set this.
51 51
52 52 ##### `KEEP_APT_PROXY`=false
53 53 Keep the APT_PROXY settings used in the bootsrapping process in the generated image.
54 54
55 55 ##### `APT_INCLUDES`=""
56 56 A comma-separated list of additional packages to be installed by debootstrap during bootstrapping.
57 57
58 58 ##### `APT_INCLUDES_LATE`=""
59 59 A comma-separated list of additional packages to be installed by apt after bootstrapping and after APT sources are set up. This is useful for packages with pre-depends, which debootstrap do not handle well.
60 60
61 61 ---
62 62
63 63 #### General system settings:
64 64 ##### `SET_ARCH`=32
65 65 Set Architecture to default 32bit. If you want to compile 64-bit (RPI3 or RPI3+) set it to `64`. This option will set every needed cross-compiler or board specific option for a successful build.
66 66
67 67 ##### `RPI_MODEL`=2
68 68 Specify the target Raspberry Pi hardware model. The script at this time supports the following Raspberry Pi models:
69 69 - `0` = Raspberry Pi 0 and Raspberry Pi 0 W
70 70 - `1` = Raspberry Pi 1 model A and B
71 71 - `1P` = Raspberry Pi 1 model B+ and A+
72 72 - `2` = Raspberry Pi 2 model B
73 73 - `3` = Raspberry Pi 3 model B
74 74 - `3P` = Raspberry Pi 3 model B+
75 75
76 76 ##### `RELEASE`="buster"
77 77 Set the desired Debian release name. The script at this time supports the bootstrapping of the Debian releases `stretch` and `buster`.
78 78
79 79 ##### `RELEASE_ARCH`="armhf"
80 80 Set the desired Debian release architecture.
81 81
82 82 ##### `HOSTNAME`="rpi$RPI_MODEL-$RELEASE"
83 83 Set system hostname. It's recommended that the hostname is unique in the corresponding subnet.
84 84
85 85 ##### `PASSWORD`="raspberry"
86 86 Set system `root` password. It's **STRONGLY** recommended that you choose a custom password.
87 87
88 88 ##### `USER_PASSWORD`="raspberry"
89 89 Set password for the created non-root user `USER_NAME`=pi. Ignored if `ENABLE_USER`=false. It's **STRONGLY** recommended that you choose a custom password.
90 90
91 91 ##### `DEFLOCAL`="en_US.UTF-8"
92 92 Set default system locale. This setting can also be changed inside the running OS using the `dpkg-reconfigure locales` command. Please note that on using this parameter the script will automatically install the required packages `locales`, `keyboard-configuration` and `console-setup`.
93 93
94 94 ##### `TIMEZONE`="Europe/Berlin"
95 95 Set default system timezone. All available timezones can be found in the `/usr/share/zoneinfo/` directory. This setting can also be changed inside the running OS using the `dpkg-reconfigure tzdata` command.
96 96
97 97 ##### `EXPANDROOT`=true
98 98 Expand the root partition and filesystem automatically on first boot.
99 99
100 100 ##### `ENABLE_DPHYSSWAP`=true
101 101 Enable swap. The size of the swapfile is chosen relative to the size of the root partition. It'll use the `dphys-swapfile` package for that.
102 102
103 103 ##### `ENABLE_QEMU`=false
104 104 Generate kernel (`vexpress_defconfig`), file system image (`qcow2`) and DTB files that can be used for QEMU full system emulation (`vexpress-A15`). The output files are stored in the `$(pwd)/images/qemu` directory. You can find more information about running the generated image in the QEMU section of this readme file.
105 105
106 106 ---
107 107
108 108 #### Keyboard settings:
109 109 These options are used to configure keyboard layout in `/etc/default/keyboard` for console and Xorg. These settings can also be changed inside the running OS using the `dpkg-reconfigure keyboard-configuration` command.
110 110
111 111 ##### `XKB_MODEL`=""
112 112 Set the name of the model of your keyboard type.
113 113
114 114 ##### `XKB_LAYOUT`=""
115 115 Set the supported keyboard layout(s).
116 116
117 117 ##### `XKB_VARIANT`=""
118 118 Set the supported variant(s) of the keyboard layout(s).
119 119
120 120 ##### `XKB_OPTIONS`=""
121 121 Set extra xkb configuration options.
122 122
123 123 ---
124 124
125 125 #### Networking settings (DHCP):
126 126 This parameter is used to set up networking auto-configuration in `/etc/systemd/network/eth.network`. The default location of network configuration files in the Debian `stretch` release was changed to `/lib/systemd/network`.`
127 127
128 128 ##### `ENABLE_DHCP`=true
129 129 Set the system to use DHCP. This requires an DHCP server.
130 130
131 131 ---
132 132
133 133 #### Networking settings (static):
134 134 These parameters are used to set up a static networking configuration in `/etc/systemd/network/eth.network`. The following static networking parameters are only supported if `ENABLE_DHCP` was set to `false`. The default location of network configuration files in the Debian `stretch` release was changed to `/lib/systemd/network`.
135 135
136 136 ##### `NET_ADDRESS`=""
137 137 Set a static IPv4 or IPv6 address and its prefix, separated by "/", eg. "192.169.0.3/24".
138 138
139 139 ##### `NET_GATEWAY`=""
140 140 Set the IP address for the default gateway.
141 141
142 142 ##### `NET_DNS_1`=""
143 143 Set the IP address for the first DNS server.
144 144
145 145 ##### `NET_DNS_2`=""
146 146 Set the IP address for the second DNS server.
147 147
148 148 ##### `NET_DNS_DOMAINS`=""
149 149 Set the default DNS search domains to use for non fully qualified hostnames.
150 150
151 151 ##### `NET_NTP_1`=""
152 152 Set the IP address for the first NTP server.
153 153
154 154 ##### `NET_NTP_2`=""
155 155 Set the IP address for the second NTP server.
156 156
157 157 ---
158 158
159 159 #### Basic system features:
160 160 ##### `ENABLE_CONSOLE`=true
161 161 Enable serial console interface. Recommended if no monitor or keyboard is connected to the RPi2/3. In case of problems fe. if the network (auto) configuration failed - the serial console can be used to access the system. On RPI `0` `3` `3P` the CPU speed is locked at lowest speed.
162 162
163 163 ##### `ENABLE_PRINTK`=false
164 164 Enables printing kernel messages to konsole. printk is `3 4 1 3` as in raspbian.
165 165
166 166 ##### `ENABLE_BLUETOOTH`=false
167 167 Enable onboard Bluetooth interface on the RPi0/3/3P. See: [Configuring the GPIO serial port on Raspbian jessie and stretch](https://spellfoundry.com/2016/05/29/configuring-gpio-serial-port-raspbian-jessie-including-pi-3/).
168 168
169 169 ##### `ENABLE_MINIUART_OVERLAY`=false
170 170 Enable Bluetooth to use this. Adds overlay to swap UART0 with UART1. Enabling (slower) Bluetooth and full speed serial console. - RPI `0` `3` `3P` have a fast `hardware UART0` (ttyAMA0) and a `mini UART1` (ttyS0)! RPI `1` `1P` `2` only have a `hardware UART0`. `UART0` is considered better, because is faster and more stable than `mini UART1`. By default the Bluetooth modem is mapped to the `hardware UART0` and `mini UART` is used for console. The `mini UART` is a problem for the serial console, because its baudrate depends on the CPU frequency, which is changing on runtime. Resulting in a volatile baudrate and thus in an unusable serial console.
171 171
172 172 ##### `ENABLE_TURBO`=false
173 173 Enable Turbo mode. This setting locks cpu at the highest frequency. As setting ENABLE_CONSOLE=true locks RPI to lowest CPU speed, this is can be used additionally to lock cpu hat max speed. Need a good power supply and probably cooling for the Raspberry PI.
174 174
175 175 ##### `ENABLE_I2C`=false
176 176 Enable I2C interface on the RPi 0/1/2/3. Please check the [RPi 0/1/2/3 pinout diagrams](https://elinux.org/RPi_Low-level_peripherals) to connect the right GPIO pins.
177 177
178 178 ##### `ENABLE_SPI`=false
179 179 Enable SPI interface on the RPi 0/1/2/3. Please check the [RPi 0/1/2/3 pinout diagrams](https://elinux.org/RPi_Low-level_peripherals) to connect the right GPIO pins.
180 180
181 181 ##### `ENABLE_IPV6`=true
182 182 Enable IPv6 support. The network interface configuration is managed via systemd-networkd.
183 183
184 184 ##### `ENABLE_SSHD`=true
185 185 Install and enable OpenSSH service. The default configuration of the service doesn't allow `root` to login. Please use the user `pi` instead and `su -` or `sudo` to execute commands as root.
186 186
187 187 ##### `ENABLE_NONFREE`=false
188 188 Allow the installation of non-free Debian packages that do not comply with the DFSG. This is required to install closed-source firmware binary blobs.
189 189
190 190 ##### `ENABLE_WIRELESS`=false
191 191 Download and install the [closed-source firmware binary blob](https://github.com/RPi-Distro/firmware-nonfree/raw/master/brcm) that is required to run the internal wireless interface of the Raspberry Pi model `3`. This parameter is ignored if the specified `RPI_MODEL` is not `3`.
192 192
193 193 ##### `ENABLE_RSYSLOG`=true
194 194 If set to false, disable and uninstall rsyslog (so logs will be available only in journal files)
195 195
196 196 ##### `ENABLE_SOUND`=true
197 197 Enable sound hardware and install Advanced Linux Sound Architecture.
198 198
199 199 ##### `ENABLE_HWRANDOM`=true
200 200 Enable Hardware Random Number Generator. Strong random numbers are important for most network-based communications that use encryption. It's recommended to be enabled.
201 201
202 202 ##### `ENABLE_MINGPU`=false
203 203 Minimize the amount of shared memory reserved for the GPU. It doesn't seem to be possible to fully disable the GPU.
204 204
205 205 ##### `ENABLE_DBUS`=true
206 206 Install and enable D-Bus message bus. Please note that systemd should work without D-bus but it's recommended to be enabled.
207 207
208 208 ##### `ENABLE_XORG`=false
209 209 Install Xorg open-source X Window System.
210 210
211 211 ##### `ENABLE_WM`=""
212 212 Install a user-defined window manager for the X Window System. To make sure all X related package dependencies are getting installed `ENABLE_XORG` will automatically get enabled if `ENABLE_WM` is used. The `rpi23-gen-image.sh` script has been tested with the following list of window managers: `blackbox`, `openbox`, `fluxbox`, `jwm`, `dwm`, `xfce4`, `awesome`.
213 213
214 214 ##### `ENABLE_SYSVINIT`=false
215 215 Support for halt,init,poweroff,reboot,runlevel,shutdown,telinit commands
216 216
217 217 ---
218 218
219 219 #### Advanced system features:
220 220 ##### `ENABLE_SYSTEMDSWAP`=false
221 221 Enables [Systemd-swap service](https://github.com/Nefelim4ag/systemd-swap). Usefull if `KERNEL_ZSWAP` is enabled.
222 222
223 223 ##### `ENABLE_MINBASE`=false
224 224 Use debootstrap script variant `minbase` which only includes essential packages and apt. This will reduce the disk usage by about 65 MB.
225 225
226 226 ##### `ENABLE_REDUCE`=false
227 227 Reduce the disk space usage by deleting packages and files. See `REDUCE_*` parameters for detailed information.
228 228
229 229 ##### `ENABLE_UBOOT`=false
230 230 Replace the default RPi 0/1/2/3 second stage bootloader (bootcode.bin) with [U-Boot bootloader](https://git.denx.de/?p=u-boot.git;a=summary). U-Boot can boot images via the network using the BOOTP/TFTP protocol.
231 231
232 232 ##### `UBOOTSRC_DIR`=""
233 233 Path to a directory (`u-boot`) of [U-Boot bootloader sources](https://git.denx.de/?p=u-boot.git;a=summary) that will be copied, configured, build and installed inside the chroot.
234 234
235 235 ##### `ENABLE_FBTURBO`=false
236 236 Install and enable the [hardware accelerated Xorg video driver](https://github.com/ssvb/xf86-video-fbturbo) `fbturbo`. Please note that this driver is currently limited to hardware accelerated window moving and scrolling.
237 237
238 238 ##### `FBTURBOSRC_DIR`=""
239 239 Path to a directory (`xf86-video-fbturbo`) of [hardware accelerated Xorg video driver sources](https://github.com/ssvb/xf86-video-fbturbo) that will be copied, configured, build and installed inside the chroot.
240 240
241 241 ##### `ENABLE_VIDEOCORE`=false
242 242 Install and enable the [ARM side libraries for interfacing to Raspberry Pi GPU](https://github.com/raspberrypi/userland) `vcgencmd`. Please note that this driver is currently limited to hardware accelerated window moving and scrolling.
243 243
244 244 ##### `VIDEOCORESRC_DIR`=""
245 245 Path to a directory (`userland`) of [ARM side libraries for interfacing to Raspberry Pi GPU](https://github.com/raspberrypi/userland) that will be copied, configured, build and installed inside the chroot.
246 246
247 247 ##### `ENABLE_NEXMON`=false
248 248 Install and enable the [Source code for a C-based firmware patching framework for Broadcom/Cypress WiFi chips that enables you to write your own firmware patches, for example, to enable monitor mode with radiotap headers and frame injection](https://github.com/seemoo-lab/nexmon.git).
249 249
250 250 ##### `NEXMONSRC_DIR`=""
251 251 Path to a directory (`nexmon`) of [Source code for ARM side libraries for interfacing to Raspberry Pi GPU](https://github.com/raspberrypi/userland) that will be copied, configured, build and installed inside the chroot.
252 252
253 253 ##### `ENABLE_IPTABLES`=false
254 254 Enable iptables IPv4/IPv6 firewall. Simplified ruleset: Allow all outgoing connections. Block all incoming connections except to OpenSSH service.
255 255
256 256 ##### `ENABLE_USER`=true
257 257 Create non-root user with password `USER_PASSWORD`=raspberry. Unless overridden with `USER_NAME`=user, the username will be `pi`.
258 258
259 259 ##### `USER_NAME`=pi
260 260 Non-root user to create. Ignored if `ENABLE_USER`=false
261 261
262 262 ##### `ENABLE_ROOT`=false
263 263 Set root user password so root login will be enabled
264 264
265 265 ##### `ENABLE_HARDNET`=false
266 266 Enable IPv4/IPv6 network stack hardening settings.
267 267
268 268 ##### `ENABLE_SPLITFS`=false
269 269 Enable having root partition on an USB drive by creating two image files: one for the `/boot/firmware` mount point, and another for `/`.
270 270
271 271 ##### `CHROOT_SCRIPTS`=""
272 272 Path to a directory with scripts that should be run in the chroot before the image is finally built. Every executable file in this directory is run in lexicographical order.
273 273
274 274 ##### `ENABLE_INITRAMFS`=false
275 275 Create an initramfs that that will be loaded during the Linux startup process. `ENABLE_INITRAMFS` will automatically get enabled if `ENABLE_CRYPTFS`=true. This parameter will be ignored if `BUILD_KERNEL`=false.
276 276
277 277 ##### `ENABLE_IFNAMES`=true
278 278 Enable automatic assignment of predictable, stable network interface names for all local Ethernet, WLAN interfaces. This might create complex and long interface names.
279 279
280 280 ##### `ENABLE_SPLASH`=true
281 281 Enable default Raspberry Pi boot up rainbow splash screen.
282 282
283 283 ##### `ENABLE_LOGO`=true
284 284 Enable default Raspberry Pi console logo (image of four raspberries in the top left corner).
285 285
286 286 ##### `ENABLE_SILENT_BOOT`=false
287 287 Set the verbosity of console messages shown during boot up to a strict minimum.
288 288
289 289 ##### `DISABLE_UNDERVOLT_WARNINGS`=
290 290 Disable RPi2/3 under-voltage warnings and overlays. Setting the parameter to `1` will disable the warning overlay. Setting it to `2` will additionally allow RPi2/3 turbo mode when low-voltage is present.
291 291
292 292 ---
293 293
294 294 #### SSH settings:
295 295 ##### `SSH_ENABLE_ROOT`=false
296 296 Enable password-based root login via SSH. This may be a security risk with the default password set, use only in trusted environments. `ENABLE_ROOT` must be set to `true`.
297 297
298 298 ##### `SSH_DISABLE_PASSWORD_AUTH`=false
299 299 Disable password-based SSH authentication. Only public key based SSH (v2) authentication will be supported.
300 300
301 301 ##### `SSH_LIMIT_USERS`=false
302 302 Limit the users that are allowed to login via SSH. Only allow user `USER_NAME`=pi and root if `SSH_ENABLE_ROOT`=true to login. This parameter will be ignored if `dropbear` SSH is used (`REDUCE_SSHD`=true).
303 303
304 304 ##### `SSH_ROOT_PUB_KEY`=""
305 305 Add SSH (v2) public key(s) from specified file to `authorized_keys` file to enable public key based SSH (v2) authentication of user `root`. The specified file can also contain multiple SSH (v2) public keys. SSH protocol version 1 is not supported. `ENABLE_ROOT` **and** `SSH_ENABLE_ROOT` must be set to `true`.
306 306
307 307 ##### `SSH_USER_PUB_KEY`=""
308 308 Add SSH (v2) public key(s) from specified file to `authorized_keys` file to enable public key based SSH (v2) authentication of user `USER_NAME`=pi. The specified file can also contain multiple SSH (v2) public keys. SSH protocol version 1 is not supported.
309 309
310 310 ---
311 311
312 312 #### Kernel compilation:
313 313 ##### `BUILD_KERNEL`=true
314 314 Build and install the latest RPi 0/1/2/3 Linux kernel. Currently only the default RPi 0/1/2/3 kernel configuration is used.
315 315
316 316 ##### `CROSS_COMPILE`="arm-linux-gnueabihf-"
317 317 This sets the cross-compile environment for the compiler.
318 318
319 319 ##### `KERNEL_ARCH`="arm"
320 320 This sets the kernel architecture for the compiler.
321 321
322 322 ##### `KERNEL_IMAGE`="kernel7.img"
323 323 Name of the image file in the boot partition. If not set, `KERNEL_IMAGE` will be set to "kernel8.img" automatically if building for arm64.
324 324
325 325 ##### `KERNEL_BRANCH`=""
326 326 Name of the requested branch from the GIT location for the RPi Kernel. Default is using the current default branch from the GIT site.
327 327
328 328 ##### `QEMU_BINARY`="/usr/bin/qemu-arm-static"
329 329 Sets the QEMU enviornment for the Debian archive. If not set, `QEMU_BINARY` will be set to "/usr/bin/qemu-aarch64-static" automatically if building for arm64.
330 330
331 331 ##### `KERNEL_DEFCONFIG`="bcm2709_defconfig"
332 332 Sets the default config for kernel compiling. If not set, `KERNEL_DEFCONFIG` will be set to "bcmrpi3\_defconfig" automatically if building for arm64.
333 333
334 334 ##### `KERNEL_REDUCE`=false
335 335 Reduce the size of the generated kernel by removing unwanted devices, network and filesystem drivers (experimental).
336 336
337 337 ##### `KERNEL_THREADS`=1
338 338 Number of parallel kernel building threads. If the parameter is left untouched the script will automatically determine the number of CPU cores to set the number of parallel threads to speed the kernel compilation.
339 339
340 340 ##### `KERNEL_HEADERS`=true
341 341 Install kernel headers with the built kernel.
342 342
343 343 ##### `KERNEL_MENUCONFIG`=false
344 344 Start `make menuconfig` interactive menu-driven kernel configuration. The script will continue after `make menuconfig` was terminated.
345 345
346 346 ##### `KERNEL_OLDDEFCONFIG`=false
347 347 Run `make olddefconfig` to automatically set all new kernel configuration options to their recommended default values.
348 348
349 349 ##### `KERNEL_CCACHE`=false
350 350 Compile the kernel using ccache. This speeds up kernel recompilation by caching previous compilations and detecting when the same compilation is being done again.
351 351
352 352 ##### `KERNEL_REMOVESRC`=true
353 353 Remove all kernel sources from the generated OS image after it was built and installed.
354 354
355 355 ##### `KERNELSRC_DIR`=""
356 356 Path to a directory (`linux`) of [RaspberryPi Linux kernel sources](https://github.com/raspberrypi/linux) that will be copied, configured, build and installed inside the chroot.
357 357
358 358 ##### `KERNELSRC_CLEAN`=false
359 359 Clean the existing kernel sources directory `KERNELSRC_DIR` (using `make mrproper`) after it was copied to the chroot and before the compilation of the kernel has started. This parameter will be ignored if no `KERNELSRC_DIR` was specified or if `KERNELSRC_PREBUILT`=true.
360 360
361 361 ##### `KERNELSRC_CONFIG`=true
362 362 Run `make bcm2709_defconfig` (and optional `make menuconfig`) to configure the kernel sources before building. This parameter is automatically set to `true` if no existing kernel sources directory was specified using `KERNELSRC_DIR`. This parameter is ignored if `KERNELSRC_PREBUILT`=true.
363 363
364 364 ##### `KERNELSRC_USRCONFIG`=""
365 365 Copy own config file to kernel `.config`. If `KERNEL_MENUCONFIG`=true then running after copy.
366 366
367 367 ##### `KERNELSRC_PREBUILT`=false
368 368 With this parameter set to true the script expects the existing kernel sources directory to be already successfully cross-compiled. The parameters `KERNELSRC_CLEAN`, `KERNELSRC_CONFIG`, `KERNELSRC_USRCONFIG` and `KERNEL_MENUCONFIG` are ignored and no kernel compilation tasks are performed.
369 369
370 370 ##### `RPI_FIRMWARE_DIR`=""
371 371 The directory (`firmware`) containing a local copy of the firmware from the [RaspberryPi firmware project](https://github.com/raspberrypi/firmware). Default is to download the latest firmware directly from the project.
372 372
373 373 ##### `KERNEL_DEFAULT_GOV`="ONDEMAND"
374 374 Set the default cpu governor at kernel compilation. Supported values are: PERFORMANCE POWERSAVE USERSPACE ONDEMAND CONSERVATIVE SCHEDUTIL
375 375
376 376 ##### `KERNEL_NF`=false
377 377 Enable Netfilter modules as kernel modules
378 378
379 379 ##### `KERNEL_VIRT`=false
380 380 Enable Kernel KVM support (/dev/kvm)
381 381
382 382 ##### `KERNEL_ZSWAP`=false
383 383 Enable Kernel Zswap support. Best use on high RAM load and mediocre CPU load usecases
384 384
385 385 ##### `KERNEL_BPF`=true
386 386 Allow attaching eBPF programs to a cgroup using the bpf syscall (CONFIG_BPF_SYSCALL CONFIG_CGROUP_BPF) [systemd compilations about it - File /lib/systemd/system/systemd-journald.server:36 configures an IP firewall (IPAddressDeny=all), but the local system does not support BPF/cgroup based firewalls]
387 387
388 388 ##### `KERNEL_SECURITY`=false
389 389 Enables Apparmor, integrity subsystem, auditing.
390 390
391 391 ---
392 392
393 393 #### Reduce disk usage:
394 394 The following list of parameters is ignored if `ENABLE_REDUCE`=false.
395 395
396 396 ##### `REDUCE_APT`=true
397 397 Configure APT to use compressed package repository lists and no package caching files.
398 398
399 399 ##### `REDUCE_DOC`=true
400 400 Remove all doc files (harsh). Configure APT to not include doc files on future `apt-get` package installations.
401 401
402 402 ##### `REDUCE_MAN`=true
403 403 Remove all man pages and info files (harsh). Configure APT to not include man pages on future `apt-get` package installations.
404 404
405 405 ##### `REDUCE_VIM`=false
406 406 Replace `vim-tiny` package by `levee` a tiny vim clone.
407 407
408 408 ##### `REDUCE_BASH`=false
409 409 Remove `bash` package and switch to `dash` shell (experimental).
410 410
411 411 ##### `REDUCE_HWDB`=true
412 412 Remove PCI related hwdb files (experimental).
413 413
414 414 ##### `REDUCE_SSHD`=true
415 415 Replace `openssh-server` with `dropbear`.
416 416
417 417 ##### `REDUCE_LOCALE`=true
418 418 Remove all `locale` translation files.
419 419
420 420 ---
421 421
422 422 #### Encrypted root partition:
423 423 ##### `ENABLE_CRYPTFS`=false
424 424 Enable full system encryption with dm-crypt. Setup a fully LUKS encrypted root partition (aes-xts-plain64:sha512) and generate required initramfs. The /boot directory will not be encrypted. This parameter will be ignored if `BUILD_KERNEL`=false. `ENABLE_CRYPTFS` is experimental. SSH-to-initramfs is currently not supported but will be soon - feel free to help.
425 425
426 426 ##### `CRYPTFS_PASSWORD`=""
427 427 Set password of the encrypted root partition. This parameter is mandatory if `ENABLE_CRYPTFS`=true.
428 428
429 429 ##### `CRYPTFS_MAPPING`="secure"
430 430 Set name of dm-crypt managed device-mapper mapping.
431 431
432 432 ##### `CRYPTFS_CIPHER`="aes-xts-plain64:sha512"
433 433 Set cipher specification string. `aes-xts*` ciphers are strongly recommended.
434 434
435 435 ##### `CRYPTFS_XTSKEYSIZE`=512
436 436 Sets key size in bits. The argument has to be a multiple of 8.
437 437
438 438 ##### `CRYPTFS_DROPBEAR`=false
439 439 Enable Dropbear Initramfs support
440 440
441 441 ##### `CRYPTFS_DROPBEAR_PUBKEY`=""
442 442 Provide path to dropbear Public RSA-OpenSSH Key
443 443
444 444 ---
445 445
446 446 #### Build settings:
447 447 ##### `BASEDIR`=$(pwd)/images/${RELEASE}
448 448 Set a path to a working directory used by the script to generate an image.
449 449
450 450 ##### `IMAGE_NAME`=${BASEDIR}/${DATE}-${KERNEL_ARCH}-${KERNEL_BRANCH}-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}
451 451 Set a filename for the output file(s). Note: the script will create $IMAGE_NAME.img if `ENABLE_SPLITFS`=false or $IMAGE_NAME-frmw.img and $IMAGE_NAME-root.img if `ENABLE_SPLITFS`=true. Note 2: If the KERNEL_BRANCH is not set, the word "CURRENT" is used.
452 452
453 453 ## Understanding the script
454 454 The functions of this script that are required for the different stages of the bootstrapping are split up into single files located inside the `bootstrap.d` directory. During the bootstrapping every script in this directory gets executed in lexicographical order:
455 455
456 456 | Script | Description |
457 457 | --- | --- |
458 458 | `10-bootstrap.sh` | Debootstrap basic system |
459 459 | `11-apt.sh` | Setup APT repositories |
460 460 | `12-locale.sh` | Setup Locales and keyboard settings |
461 461 | `13-kernel.sh` | Build and install RPi 0/1/2/3 Kernel |
462 462 | `14-fstab.sh` | Setup fstab and initramfs |
463 463 | `15-rpi-config.sh` | Setup RPi 0/1/2/3 config and cmdline |
464 464 | `20-networking.sh` | Setup Networking |
465 465 | `21-firewall.sh` | Setup Firewall |
466 466 | `30-security.sh` | Setup Users and Security settings |
467 467 | `31-logging.sh` | Setup Logging |
468 468 | `32-sshd.sh` | Setup SSH and public keys |
469 469 | `41-uboot.sh` | Build and Setup U-Boot |
470 470 | `42-fbturbo.sh` | Build and Setup fbturbo Xorg driver |
471 471 | `43-videocore.sh` | Build and Setup videocore libraries |
472 472 | `50-firstboot.sh` | First boot actions |
473 473 | `99-reduce.sh` | Reduce the disk space usage |
474 474
475 475 All the required configuration files that will be copied to the generated OS image are located inside the `files` directory. It is not recommended to modify these configuration files manually.
476 476
477 477 | Directory | Description |
478 478 | --- | --- |
479 479 | `apt` | APT management configuration files |
480 480 | `boot` | Boot and RPi 0/1/2/3 configuration files |
481 481 | `dpkg` | Package Manager configuration |
482 482 | `etc` | Configuration files and rc scripts |
483 483 | `firstboot` | Scripts that get executed on first boot |
484 484 | `initramfs` | Initramfs scripts |
485 485 | `iptables` | Firewall configuration files |
486 486 | `locales` | Locales configuration |
487 487 | `modules` | Kernel Modules configuration |
488 488 | `mount` | Fstab configuration |
489 489 | `network` | Networking configuration files |
490 490 | `sysctl.d` | Swapping and Network Hardening configuration |
491 491 | `xorg` | fbturbo Xorg driver configuration |
492 492
493 493 ## Custom packages and scripts
494 494 Debian custom packages, i.e. those not in the debian repositories, can be installed by placing them in the `packages` directory. They are installed immediately after packages from the repositories are installed. Any dependencies listed in the custom packages will be downloaded automatically from the repositories. Do not list these custom packages in `APT_INCLUDES`.
495 495
496 496 Scripts in the custom.d directory will be executed after all other installation is complete but before the image is created.
497 497
498 498 ## Logging of the bootstrapping process
499 499 All information related to the bootstrapping process and the commands executed by the `rpi23-gen-image.sh` script can easily be saved into a logfile. The common shell command `script` can be used for this purpose:
500 500
501 501 ```shell
502 502 script -c 'APT_SERVER=ftp.de.debian.org ./rpi23-gen-image.sh' ./build.log
503 503 ```
504 504
505 505 ## Flashing the image file
506 506 After the image file was successfully created by the `rpi23-gen-image.sh` script it can be copied to the microSD card that will be used by the RPi 0/1/2/3 computer. This can be performed by using the tools `bmaptool` or `dd`. Using `bmaptool` will probably speed-up the copy process because `bmaptool` copies more wisely than `dd`.
507 507
508 508 ##### Flashing examples:
509 509 ```shell
510 510 bmaptool copy ./images/buster/2017-01-23-rpi3-buster.img /dev/mmcblk0
511 511 dd bs=4M if=./images/buster/2017-01-23-rpi3-buster.img of=/dev/mmcblk0
512 512 ```
513 513 If you have set `ENABLE_SPLITFS`, copy the `-frmw` image on the microSD card, then the `-root` one on the USB drive:
514 514 ```shell
515 515 bmaptool copy ./images/buster/2017-01-23-rpi3-buster-frmw.img /dev/mmcblk0
516 516 bmaptool copy ./images/buster/2017-01-23-rpi3-buster-root.img /dev/sdc
517 517 ```
518 518
519 519 ## QEMU emulation
520 520 Start QEMU full system emulation:
521 521 ```shell
522 522 qemu-system-arm -m 2048M -M vexpress-a15 -cpu cortex-a15 -kernel kernel7.img -no-reboot -dtb vexpress-v2p-ca15_a7.dtb -sd ${IMAGE_NAME}.qcow2 -append "root=/dev/mmcblk0p2 rw rootfstype=ext4 console=tty1"
523 523 ```
524 524
525 525 Start QEMU full system emulation and output to console:
526 526 ```shell
527 527 qemu-system-arm -m 2048M -M vexpress-a15 -cpu cortex-a15 -kernel kernel7.img -no-reboot -dtb vexpress-v2p-ca15_a7.dtb -sd ${IMAGE_NAME}.qcow2 -append "root=/dev/mmcblk0p2 rw rootfstype=ext4 console=ttyAMA0,115200 init=/bin/systemd" -serial stdio
528 528 ```
529 529
530 530 Start QEMU full system emulation with SMP and output to console:
531 531 ```shell
532 532 qemu-system-arm -m 2048M -M vexpress-a15 -cpu cortex-a15 -smp cpus=2,maxcpus=2 -kernel kernel7.img -no-reboot -dtb vexpress-v2p-ca15_a7.dtb -sd ${IMAGE_NAME}.qcow2 -append "root=/dev/mmcblk0p2 rw rootfstype=ext4 console=ttyAMA0,115200 init=/bin/systemd" -serial stdio
533 533 ```
534 534
535 535 Start QEMU full system emulation with cryptfs, initramfs and output to console:
536 536 ```shell
537 537 qemu-system-arm -m 2048M -M vexpress-a15 -cpu cortex-a15 -kernel kernel7.img -no-reboot -dtb vexpress-v2p-ca15_a7.dtb -sd ${IMAGE_NAME}.qcow2 -initrd "initramfs-${KERNEL_VERSION}" -append "root=/dev/mapper/secure cryptdevice=/dev/mmcblk0p2:secure rw rootfstype=ext4 console=ttyAMA0,115200 init=/bin/systemd" -serial stdio
538 538 ```
539 539
540 540 ## External links and references
541 541 * [Debian worldwide mirror sites](https://www.debian.org/mirror/list)
542 542 * [Debian Raspberry Pi 2 Wiki](https://wiki.debian.org/RaspberryPi2)
543 543 * [Debian CrossToolchains Wiki](https://wiki.debian.org/CrossToolchains)
544 544 * [Official Raspberry Pi Firmware on github](https://github.com/raspberrypi/firmware)
545 545 * [Official Raspberry Pi Kernel on github](https://github.com/raspberrypi/linux)
546 546 * [U-BOOT git repository](https://git.denx.de/?p=u-boot.git;a=summary)
547 547 * [Xorg DDX driver fbturbo](https://github.com/ssvb/xf86-video-fbturbo)
548 * [RPi3 Wireless interface firmware](https://github.com/RPi-Distro/firmware-nonfree/tree/master/brcm80211/brcm)
548 * [RPi3 Wireless interface firmware](https://github.com/RPi-Distro/firmware-nonfree/tree/master/brcm)
549 549 * [Collabora RPi2 Kernel precompiled](https://repositories.collabora.co.uk/debian/)
Show file before | Show file after | Hide comments
@@ -1,66 +1,66
1 1 #
2 2 # Setup Locales and keyboard settings
3 3 #
4 4
5 5 # Load utility functions
6 6 . ./functions.sh
7 7
8 8 # Install and setup timezone
9 9 echo "${TIMEZONE}" > "${ETC_DIR}/timezone"
10 10 if [ -f "${ETC_DIR}/localtime" ]; then
11 11 # 1. If 11-apt.sh upgrades the package 'tzdata', '/etc/localtime' was created
12 12 # because 'dpkg-reconfigure -f noninteractive tzdata' was executed by apt-get.
13 13 # 2. If '/etc/localtime' exists, our execution of 'dpkg-reconfigure -f noninteractive tzdata'
14 14 # will ignore the our timezone set in '/etc/timezone'.
15 15 # 3. Removing /etc/localtime will solve this.
16 16 rm -f "${ETC_DIR}/localtime"
17 17 fi
18 18 chroot_exec dpkg-reconfigure -f noninteractive tzdata
19 19
20 20 # Install and setup default locale and keyboard configuration
21 21 if [ "$(echo "$APT_INCLUDES" | grep ",locales")" ] ; then
22 22 # Set locale choice in debconf db, even though dpkg-reconfigure ignores and overwrites them due to some bug
23 23 # https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=684134 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=685957
24 24 # ... so we have to set locales manually
25 25 if [ "$DEFLOCAL" = "en_US.UTF-8" ] ; then
26 chroot_exec echo "locales locales/locales_to_be_generated multiselect ${DEFLOCAL} UTF-8" | debconf-set-selections
26 chroot_exec echo "locales locales/locales_to_be_generated multiselect ${DEFLOCAL} UTF-8 | debconf-set-selections"
27 27 else
28 28 # en_US.UTF-8 should be available anyway : https://www.debian.org/doc/manuals/debian-reference/ch08.en.html#_the_reconfiguration_of_the_locale
29 chroot_exec echo "locales locales/locales_to_be_generated multiselect en_US.UTF-8 UTF-8, ${DEFLOCAL} UTF-8" | debconf-set-selections
29 chroot_exec echo "locales locales/locales_to_be_generated multiselect en_US.UTF-8 UTF-8, ${DEFLOCAL} UTF-8 | debconf-set-selections"
30 30 sed -i "/en_US.UTF-8/s/^#//" "${ETC_DIR}/locale.gen"
31 31 fi
32 32
33 33 sed -i "/${DEFLOCAL}/s/^#//" "${ETC_DIR}/locale.gen"
34 chroot_exec echo "locales locales/default_environment_locale select ${DEFLOCAL}" | debconf-set-selections
34 chroot_exec echo "locales locales/default_environment_locale select ${DEFLOCAL} | debconf-set-selections"
35 35 chroot_exec locale-gen
36 36 chroot_exec update-locale LANG="${DEFLOCAL}"
37 37
38 38 # Install and setup default keyboard configuration
39 39 if [ "$XKB_MODEL" != "" ] ; then
40 40 sed -i "s/^XKBMODEL.*/XKBMODEL=\"${XKB_MODEL}\"/" "${ETC_DIR}/default/keyboard"
41 41 fi
42 42 if [ "$XKB_LAYOUT" != "" ] ; then
43 43 sed -i "s/^XKBLAYOUT.*/XKBLAYOUT=\"${XKB_LAYOUT}\"/" "${ETC_DIR}/default/keyboard"
44 44 fi
45 45 if [ "$XKB_VARIANT" != "" ] ; then
46 46 sed -i "s/^XKBVARIANT.*/XKBVARIANT=\"${XKB_VARIANT}\"/" "${ETC_DIR}/default/keyboard"
47 47 fi
48 48 if [ "$XKB_OPTIONS" != "" ] ; then
49 49 sed -i "s/^XKBOPTIONS.*/XKBOPTIONS=\"${XKB_OPTIONS}\"/" "${ETC_DIR}/default/keyboard"
50 50 fi
51 51 chroot_exec dpkg-reconfigure -f noninteractive keyboard-configuration
52 52
53 53 # Install and setup font console
54 54 case "${DEFLOCAL}" in
55 55 *UTF-8)
56 56 sed -i 's/^CHARMAP.*/CHARMAP="UTF-8"/' "${ETC_DIR}/default/console-setup"
57 57 ;;
58 58 *)
59 59 sed -i 's/^CHARMAP.*/CHARMAP="guess"/' "${ETC_DIR}/default/console-setup"
60 60 ;;
61 61 esac
62 62 chroot_exec dpkg-reconfigure -f noninteractive console-setup
63 63 else # (no locales were installed)
64 64 # Install POSIX default locale
65 65 install_readonly files/locales/locale "${ETC_DIR}/default/locale"
66 66 fi
Show file before | Show file after | Hide comments
@@ -1,869 +1,883
1 1 #!/bin/sh
2 2 ########################################################################
3 3 # rpi23-gen-image.sh 2015-2017
4 4 #
5 5 # Advanced Debian "stretch" and "buster" bootstrap script for Raspberry Pi
6 6 #
7 7 # This program is free software; you can redistribute it and/or
8 8 # modify it under the terms of the GNU General Public License
9 9 # as published by the Free Software Foundation; either version 2
10 10 # of the License, or (at your option) any later version.
11 11 #
12 12 # Copyright (C) 2015 Jan Wagner <mail@jwagner.eu>
13 13 #
14 14 # Big thanks for patches and enhancements by 20+ github contributors!
15 15 ########################################################################
16 16
17 17 # Are we running as root?
18 18 if [ "$(id -u)" -ne "0" ] ; then
19 19 echo "error: this script must be executed with root privileges!"
20 20 exit 1
21 21 fi
22 22
23 23 # Check if ./functions.sh script exists
24 24 if [ ! -r "./functions.sh" ] ; then
25 25 echo "error: './functions.sh' required script not found!"
26 26 exit 1
27 27 fi
28 28
29 29 # Load utility functions
30 30 . ./functions.sh
31 31
32 32 # Load parameters from configuration template file
33 33 if [ -n "$CONFIG_TEMPLATE" ] ; then
34 34 use_template
35 35 fi
36 36
37 37 # Introduce settings
38 38 set -e
39 39 echo -n -e "\n#\n# RPi 0/1/2/3 Bootstrap Settings\n#\n"
40 40 set -x
41 41
42 42 # Raspberry Pi model configuration
43 43 RPI_MODEL=${RPI_MODEL:=2}
44 44
45 45 # Debian release
46 46 RELEASE=${RELEASE:=buster}
47 47
48 48 # Kernel Branch
49 49 KERNEL_BRANCH=${KERNEL_BRANCH:=""}
50 50
51 51 # URLs
52 52 KERNEL_URL=${KERNEL_URL:=https://github.com/raspberrypi/linux}
53 53 FIRMWARE_URL=${FIRMWARE_URL:=https://github.com/raspberrypi/firmware/raw/master/boot}
54 54 WLAN_FIRMWARE_URL=${WLAN_FIRMWARE_URL:=https://github.com/RPi-Distro/firmware-nonfree/raw/master/brcm}
55 55 COLLABORA_URL=${COLLABORA_URL:=https://repositories.collabora.co.uk/debian}
56 56 FBTURBO_URL=${FBTURBO_URL:=https://github.com/ssvb/xf86-video-fbturbo.git}
57 57 UBOOT_URL=${UBOOT_URL:=https://git.denx.de/u-boot.git}
58 58 VIDEOCORE_URL=${VIDEOCORE_URL:=https://github.com/raspberrypi/userland}
59 59 BLUETOOTH_URL=${BLUETOOTH_URL:=https://github.com/RPi-Distro/pi-bluetooth.git}
60 60 NEXMON_URL=${NEXMON_URL:=https://github.com/seemoo-lab/nexmon.git}
61 61 SYSTEMDSWAP_URL=${SYSTEMDSWAP_URL:=https://github.com/Nefelim4ag/systemd-swap.git}
62 62
63 63 # Kernel deb packages for 32bit kernel
64 64 RPI_32_KERNEL_URL=${RPI_32_KERNEL_URL:=https://github.com/hypriot/rpi-kernel/releases/download/v4.14.34/raspberrypi-kernel_20180422-141901_armhf.deb}
65 65 RPI_32_KERNELHEADER_URL=${RPI_32_KERNELHEADER_URL:=https://github.com/hypriot/rpi-kernel/releases/download/v4.14.34/raspberrypi-kernel-headers_20180422-141901_armhf.deb}
66 66 # Kernel has KVM and zswap enabled - use if KERNEL_* parameters and precompiled kernel are used
67 67 RPI3_64_BIS_KERNEL_URL=${RPI3_64_BIS_KERNEL_URL:=https://github.com/sakaki-/bcmrpi3-kernel-bis/releases/download/4.14.80.20181113/bcmrpi3-kernel-bis-4.14.80.20181113.tar.xz}
68 68 # Default precompiled 64bit kernel
69 69 RPI3_64_DEF_KERNEL_URL=${RPI3_64_DEF_KERNEL_URL:=https://github.com/sakaki-/bcmrpi3-kernel/releases/download/4.14.80.20181113/bcmrpi3-kernel-4.14.80.20181113.tar.xz}
70 70 # Generic
71 71 RPI3_64_KERNEL_URL=${RPI3_64_KERNEL_URL:=$RPI3_64_DEF_KERNEL_URL}
72 72 # Kali kernel src - used if ENABLE_NEXMON=true (they patch the wlan kernel modul)
73 73 KALI_KERNEL_URL=${KALI_KERNEL_URL:=https://github.com/Re4son/re4son-raspberrypi-linux.git}
74 74
75 75 # Build directories
76 76 WORKDIR=$(pwd)
77 77 BASEDIR=${BASEDIR:=${WORKDIR}/images/${RELEASE}}
78 78 BUILDDIR="${BASEDIR}/build"
79 79
80 80 # Chroot directories
81 81 R="${BUILDDIR}/chroot"
82 82 ETC_DIR="${R}/etc"
83 83 LIB_DIR="${R}/lib"
84 84 BOOT_DIR="${R}/boot/firmware"
85 85 KERNEL_DIR="${R}/usr/src/linux"
86 86 WLAN_FIRMWARE_DIR="${LIB_DIR}/firmware/brcm"
87 87 BLUETOOTH_FIRMWARE_DIR="${ETC_DIR}/firmware/bt"
88 88
89 89 # Firmware directory: Blank if download from github
90 90 RPI_FIRMWARE_DIR=${RPI_FIRMWARE_DIR:=""}
91 91
92 92 # General settings
93 93 SET_ARCH=${SET_ARCH:=32}
94 94 HOSTNAME=${HOSTNAME:=rpi${RPI_MODEL}-${RELEASE}}
95 95 PASSWORD=${PASSWORD:=raspberry}
96 96 USER_PASSWORD=${USER_PASSWORD:=raspberry}
97 97 DEFLOCAL=${DEFLOCAL:="en_US.UTF-8"}
98 98 TIMEZONE=${TIMEZONE:="Europe/Berlin"}
99 99 EXPANDROOT=${EXPANDROOT:=true}
100 100 ENABLE_DPHYSSWAP=${ENABLE_DPHYSSWAP:=true}
101 101
102 102 # Keyboard settings
103 103 XKB_MODEL=${XKB_MODEL:=""}
104 104 XKB_LAYOUT=${XKB_LAYOUT:=""}
105 105 XKB_VARIANT=${XKB_VARIANT:=""}
106 106 XKB_OPTIONS=${XKB_OPTIONS:=""}
107 107
108 108 # Network settings (DHCP)
109 109 ENABLE_DHCP=${ENABLE_DHCP:=true}
110 110
111 111 # Network settings (static)
112 112 NET_ADDRESS=${NET_ADDRESS:=""}
113 113 NET_GATEWAY=${NET_GATEWAY:=""}
114 114 NET_DNS_1=${NET_DNS_1:=""}
115 115 NET_DNS_2=${NET_DNS_2:=""}
116 116 NET_DNS_DOMAINS=${NET_DNS_DOMAINS:=""}
117 117 NET_NTP_1=${NET_NTP_1:=""}
118 118 NET_NTP_2=${NET_NTP_2:=""}
119 119
120 120 # APT settings
121 121 APT_PROXY=${APT_PROXY:=""}
122 122 APT_SERVER=${APT_SERVER:="ftp.debian.org"}
123 123 KEEP_APT_PROXY=${KEEP_APT_PROXY:=false}
124 124
125 125 # Feature settings
126 126 ENABLE_PRINTK=${ENABLE_PRINTK:=false}
127 127 ENABLE_BLUETOOTH=${ENABLE_BLUETOOTH:=false}
128 128 ENABLE_MINIUART_OVERLAY=${ENABLE_MINIUART_OVERLAY:=false}
129 129 ENABLE_CONSOLE=${ENABLE_CONSOLE:=true}
130 130 ENABLE_I2C=${ENABLE_I2C:=false}
131 131 ENABLE_SPI=${ENABLE_SPI:=false}
132 132 ENABLE_IPV6=${ENABLE_IPV6:=true}
133 133 ENABLE_SSHD=${ENABLE_SSHD:=true}
134 134 ENABLE_NONFREE=${ENABLE_NONFREE:=false}
135 135 ENABLE_WIRELESS=${ENABLE_WIRELESS:=false}
136 136 ENABLE_SOUND=${ENABLE_SOUND:=true}
137 137 ENABLE_DBUS=${ENABLE_DBUS:=true}
138 138 ENABLE_HWRANDOM=${ENABLE_HWRANDOM:=true}
139 139 ENABLE_MINGPU=${ENABLE_MINGPU:=false}
140 140 ENABLE_XORG=${ENABLE_XORG:=false}
141 141 ENABLE_WM=${ENABLE_WM:=""}
142 142 ENABLE_RSYSLOG=${ENABLE_RSYSLOG:=true}
143 143 ENABLE_USER=${ENABLE_USER:=true}
144 144 USER_NAME=${USER_NAME:="pi"}
145 145 ENABLE_ROOT=${ENABLE_ROOT:=false}
146 146 ENABLE_QEMU=${ENABLE_QEMU:=false}
147 147 ENABLE_SYSVINIT=${ENABLE_SYSVINIT:=false}
148 148
149 149 # SSH settings
150 150 SSH_ENABLE_ROOT=${SSH_ENABLE_ROOT:=false}
151 151 SSH_DISABLE_PASSWORD_AUTH=${SSH_DISABLE_PASSWORD_AUTH:=false}
152 152 SSH_LIMIT_USERS=${SSH_LIMIT_USERS:=false}
153 153 SSH_ROOT_PUB_KEY=${SSH_ROOT_PUB_KEY:=""}
154 154 SSH_USER_PUB_KEY=${SSH_USER_PUB_KEY:=""}
155 155
156 156 # Advanced settings
157 157 ENABLE_SYSTEMDSWAP=${ENABLE_SYSTEMDSWAP:=false}
158 158 ENABLE_MINBASE=${ENABLE_MINBASE:=false}
159 159 ENABLE_REDUCE=${ENABLE_REDUCE:=false}
160 160 ENABLE_UBOOT=${ENABLE_UBOOT:=false}
161 161 UBOOTSRC_DIR=${UBOOTSRC_DIR:=""}
162 162 ENABLE_USBBOOT=${ENABLE_USBBOOT=false}
163 163 ENABLE_FBTURBO=${ENABLE_FBTURBO:=false}
164 164 ENABLE_VIDEOCORE=${ENABLE_VIDEOCORE:=false}
165 165 ENABLE_NEXMON=${ENABLE_NEXMON:=false}
166 166 VIDEOCORESRC_DIR=${VIDEOCORESRC_DIR:=""}
167 167 FBTURBOSRC_DIR=${FBTURBOSRC_DIR:=""}
168 168 NEXMONSRC_DIR=${NEXMONSRC_DIR:=""}
169 169 ENABLE_HARDNET=${ENABLE_HARDNET:=false}
170 170 ENABLE_IPTABLES=${ENABLE_IPTABLES:=false}
171 171 ENABLE_SPLITFS=${ENABLE_SPLITFS:=false}
172 172 ENABLE_INITRAMFS=${ENABLE_INITRAMFS:=false}
173 173 ENABLE_IFNAMES=${ENABLE_IFNAMES:=true}
174 174 ENABLE_SPLASH=${ENABLE_SPLASH:=true}
175 175 ENABLE_LOGO=${ENABLE_LOGO:=true}
176 176 ENABLE_SILENT_BOOT=${ENABLE_SILENT_BOOT=false}
177 177 DISABLE_UNDERVOLT_WARNINGS=${DISABLE_UNDERVOLT_WARNINGS:=}
178 178
179 179 # Kernel compilation settings
180 180 BUILD_KERNEL=${BUILD_KERNEL:=true}
181 181 KERNEL_REDUCE=${KERNEL_REDUCE:=false}
182 182 KERNEL_THREADS=${KERNEL_THREADS:=1}
183 183 KERNEL_HEADERS=${KERNEL_HEADERS:=true}
184 184 KERNEL_MENUCONFIG=${KERNEL_MENUCONFIG:=false}
185 185 KERNEL_REMOVESRC=${KERNEL_REMOVESRC:=true}
186 186 KERNEL_OLDDEFCONFIG=${KERNEL_OLDDEFCONFIG:=false}
187 187 KERNEL_CCACHE=${KERNEL_CCACHE:=false}
188 188 KERNEL_ZSWAP=${KERNEL_ZSWAP:=false}
189 189 KERNEL_VIRT=${KERNEL_VIRT:=false}
190 190 KERNEL_BPF=${KERNEL_BPF:=false}
191 191 KERNEL_DEFAULT_GOV=${KERNEL_DEFAULT_GOV:=ondemand}
192 192 KERNEL_SECURITY=${KERNEL_SECURITY:=false}
193 193 KERNEL_NF=${KERNEL_NF:=false}
194 194
195 195 # Kernel compilation from source directory settings
196 196 KERNELSRC_DIR=${KERNELSRC_DIR:=""}
197 197 KERNELSRC_CLEAN=${KERNELSRC_CLEAN:=false}
198 198 KERNELSRC_CONFIG=${KERNELSRC_CONFIG:=true}
199 199 KERNELSRC_PREBUILT=${KERNELSRC_PREBUILT:=false}
200 200
201 201 # Reduce disk usage settings
202 202 REDUCE_APT=${REDUCE_APT:=true}
203 203 REDUCE_DOC=${REDUCE_DOC:=true}
204 204 REDUCE_MAN=${REDUCE_MAN:=true}
205 205 REDUCE_VIM=${REDUCE_VIM:=false}
206 206 REDUCE_BASH=${REDUCE_BASH:=false}
207 207 REDUCE_HWDB=${REDUCE_HWDB:=true}
208 208 REDUCE_SSHD=${REDUCE_SSHD:=true}
209 209 REDUCE_LOCALE=${REDUCE_LOCALE:=true}
210 210
211 211 # Encrypted filesystem settings
212 212 ENABLE_CRYPTFS=${ENABLE_CRYPTFS:=false}
213 213 CRYPTFS_PASSWORD=${CRYPTFS_PASSWORD:=""}
214 214 CRYPTFS_MAPPING=${CRYPTFS_MAPPING:="secure"}
215 215 CRYPTFS_CIPHER=${CRYPTFS_CIPHER:="aes-xts-plain64:sha512"}
216 216 CRYPTFS_XTSKEYSIZE=${CRYPTFS_XTSKEYSIZE:=512}
217 217 #Dropbear-initramfs supports unlocking encrypted filesystem via SSH on bootup
218 218 CRYPTFS_DROPBEAR=${CRYPTFS_DROPBEAR:=false}
219 219 #Provide your own Dropbear Public RSA-OpenSSH Key otherwise it will be generated
220 220 CRYPTFS_DROPBEAR_PUBKEY=${CRYPTFS_DROPBEAR_PUBKEY:=""}
221 221
222 222 # Chroot scripts directory
223 223 CHROOT_SCRIPTS=${CHROOT_SCRIPTS:=""}
224 224
225 225 # Packages required in the chroot build environment
226 226 APT_INCLUDES=${APT_INCLUDES:=""}
227 227 APT_INCLUDES="${APT_INCLUDES},apt-transport-https,apt-utils,ca-certificates,debian-archive-keyring,dialog,sudo,systemd,sysvinit-utils,locales,keyboard-configuration,console-setup,libnss-systemd"
228 228
229 229 # Packages to exclude from chroot build environment
230 230 APT_EXCLUDES=${APT_EXCLUDES:=""}
231 231
232 232 # Packages required for bootstrapping
233 233 REQUIRED_PACKAGES="debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git bc psmisc dbus sudo"
234 234 MISSING_PACKAGES=""
235 235
236 236 # Packages installed for c/c++ build environment in chroot (keep empty)
237 237 COMPILER_PACKAGES=""
238 238
239 239 # Check if apt-cacher-ng has port 3142 open and set APT_PROXY
240 240 APT_CACHER_RUNNING=$(lsof -i :3142 | cut -d ' ' -f3 | uniq | sed '/^\s*$/d')
241 241 if [ "${APT_CACHER_RUNNING}" = "apt-cacher-ng" ] ; then
242 242 APT_PROXY=http://127.0.0.1:3142/
243 243 fi
244 244
245 245 # Setup architecture specific settings
246 246 if [ -n "$SET_ARCH" ] ; then
247 247 # 64-bit configuration
248 248 if [ "$SET_ARCH" = 64 ] ; then
249 249 # General 64-bit depended settings
250 250 QEMU_BINARY=${QEMU_BINARY:=/usr/bin/qemu-aarch64-static}
251 251 KERNEL_ARCH=${KERNEL_ARCH:=arm64}
252 252 KERNEL_BIN_IMAGE=${KERNEL_BIN_IMAGE:="Image"}
253 253
254 254 # Raspberry Pi model specific settings
255 if [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then
255 if [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] || [ "$RPI_MODEL" = 4 ] ; then
256 if [ "$RPI_MODEL" != 4 ] ; then
257 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcmrpi3_defconfig}
258 else
259 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcm2711_defconfig}
260 fi
261
256 262 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-arm64"
257 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcmrpi3_defconfig}
258 263 RELEASE_ARCH=${RELEASE_ARCH:=arm64}
259 264 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel8.img}
260 265 CROSS_COMPILE=${CROSS_COMPILE:=aarch64-linux-gnu-}
261 266 else
262 echo "error: Only Raspberry PI 3 and 3B+ support 64-bit"
267 echo "error: Only Raspberry PI 3, 3B+ and 4 support 64-bit"
263 268 exit 1
264 269 fi
265 270 fi
266 271
267 272 # 32-bit configuration
268 273 if [ "$SET_ARCH" = 32 ] ; then
269 274 # General 32-bit dependend settings
270 275 QEMU_BINARY=${QEMU_BINARY:=/usr/bin/qemu-arm-static}
271 276 KERNEL_ARCH=${KERNEL_ARCH:=arm}
272 277 KERNEL_BIN_IMAGE=${KERNEL_BIN_IMAGE:="zImage"}
273 278
274 279 # Raspberry Pi model specific settings
275 280 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 1 ] || [ "$RPI_MODEL" = 1P ] ; then
276 281 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-armel"
277 282 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcmrpi_defconfig}
278 283 RELEASE_ARCH=${RELEASE_ARCH:=armel}
279 284 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel.img}
280 285 CROSS_COMPILE=${CROSS_COMPILE:=arm-linux-gnueabi-}
281 286 fi
282 287
283 288 # Raspberry Pi model specific settings
284 if [ "$RPI_MODEL" = 2 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then
289 if [ "$RPI_MODEL" = 2 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] || [ "$RPI_MODEL" = 4 ] ; then
290 if [ "$RPI_MODEL" != 4 ] ; then
291 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcm2709_defconfig}
292 else
293 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcm2711_defconfig}
294 fi
295
285 296 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-armhf"
286 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcm2709_defconfig}
287 297 RELEASE_ARCH=${RELEASE_ARCH:=armhf}
288 298 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel7.img}
289 299 CROSS_COMPILE=${CROSS_COMPILE:=arm-linux-gnueabihf-}
290 300 fi
291 301 fi
292 302 # SET_ARCH not set
293 303 else
294 304 echo "error: Please set '32' or '64' as value for SET_ARCH"
295 305 exit 1
296 306 fi
297 307 # Device specific configuration and U-Boot configuration
298 308 case "$RPI_MODEL" in
299 309 0)
300 310 DTB_FILE=${DTB_FILE:=bcm2708-rpi-0-w.dtb}
301 311 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_defconfig}
302 312 ;;
303 313 1)
304 314 DTB_FILE=${DTB_FILE:=bcm2708-rpi-b.dtb}
305 315 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_defconfig}
306 316 ;;
307 317 1P)
308 318 DTB_FILE=${DTB_FILE:=bcm2708-rpi-b-plus.dtb}
309 319 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_defconfig}
310 320 ;;
311 321 2)
312 322 DTB_FILE=${DTB_FILE:=bcm2709-rpi-2-b.dtb}
313 323 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_2_defconfig}
314 324 ;;
315 325 3)
316 326 DTB_FILE=${DTB_FILE:=bcm2710-rpi-3-b.dtb}
317 327 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_3_defconfig}
318 328 ;;
319 329 3P)
320 330 DTB_FILE=${DTB_FILE:=bcm2710-rpi-3-b.dtb}
321 331 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_3_defconfig}
322 332 ;;
333 4)
334 DTB_FILE=${DTB_FILE:=bcm2711-rpi-4-b.dtb}
335 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_4_defconfig}
336 ;;
323 337 *)
324 338 echo "error: Raspberry Pi model $RPI_MODEL is not supported!"
325 339 exit 1
326 340 ;;
327 341 esac
328 342
329 343 # Raspberry PI 0,3,3P with Bluetooth and Wifi onboard
330 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then
344 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] || [ "$RPI_MODEL" = 4 ] ; then
331 345 # Include bluetooth packages on supported boards
332 346 if [ "$ENABLE_BLUETOOTH" = true ] ; then
333 347 APT_INCLUDES="${APT_INCLUDES},bluetooth,bluez"
334 348 fi
335 349 if [ "$ENABLE_WIRELESS" = true ] ; then
336 350 APT_INCLUDES="${APT_INCLUDES},wireless-tools,crda,wireless-regdb"
337 351 fi
338 352 else # Raspberry PI 1,1P,2 without Wifi and bluetooth onboard
339 353 # Check if the internal wireless interface is not supported by the RPi model
340 354 if [ "$ENABLE_WIRELESS" = true ] || [ "$ENABLE_BLUETOOTH" = true ]; then
341 355 echo "error: The selected Raspberry Pi model has no integrated interface for wireless or bluetooth"
342 356 exit 1
343 357 fi
344 358 fi
345 359
346 360 if [ "$BUILD_KERNEL" = false ] && [ "$ENABLE_NEXMON" = true ]; then
347 361 echo "error: You have to compile kernel sources, if you want to enable nexmon"
348 362 exit 1
349 363 fi
350 364
351 365 # Prepare date string for default image file name
352 366 DATE="$(date +%Y-%m-%d)"
353 367 if [ -z "$KERNEL_BRANCH" ] ; then
354 368 IMAGE_NAME=${IMAGE_NAME:=${BASEDIR}/${DATE}-${KERNEL_ARCH}-CURRENT-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}}
355 369 else
356 370 IMAGE_NAME=${IMAGE_NAME:=${BASEDIR}/${DATE}-${KERNEL_ARCH}-${KERNEL_BRANCH}-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}}
357 371 fi
358 372
359 373 # Check if DISABLE_UNDERVOLT_WARNINGS parameter value is supported
360 374 if [ -n "$DISABLE_UNDERVOLT_WARNINGS" ] ; then
361 375 if [ "$DISABLE_UNDERVOLT_WARNINGS" != 1 ] && [ "$DISABLE_UNDERVOLT_WARNINGS" != 2 ] ; then
362 376 echo "error: DISABLE_UNDERVOLT_WARNINGS=${DISABLE_UNDERVOLT_WARNINGS} is not supported"
363 377 exit 1
364 378 fi
365 379 fi
366 380
367 381 # Add cmake to compile videocore sources
368 382 if [ "$ENABLE_VIDEOCORE" = true ] ; then
369 383 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} cmake"
370 384 fi
371 385
372 386 # Add deps for nexmon
373 387 if [ "$ENABLE_NEXMON" = true ] ; then
374 388 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} libgmp3-dev gawk qpdf bison flex make autoconf automake build-essential libtool"
375 389 fi
376 390
377 391 # Add libncurses5 to enable kernel menuconfig
378 392 if [ "$KERNEL_MENUCONFIG" = true ] ; then
379 393 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} libncurses-dev"
380 394 fi
381 395
382 396 # Add ccache compiler cache for (faster) kernel cross (re)compilation
383 397 if [ "$KERNEL_CCACHE" = true ] ; then
384 398 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} ccache"
385 399 fi
386 400
387 401 # Add cryptsetup package to enable filesystem encryption
388 402 if [ "$ENABLE_CRYPTFS" = true ] && [ "$BUILD_KERNEL" = true ] ; then
389 403 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} cryptsetup"
390 404 APT_INCLUDES="${APT_INCLUDES},cryptsetup,busybox,console-setup"
391 405
392 406 # If cryptfs,dropbear and initramfs are enabled include dropbear-initramfs package
393 407 if [ "$CRYPTFS_DROPBEAR" = true ] && [ "$ENABLE_INITRAMFS" = true ]; then
394 408 APT_INCLUDES="${APT_INCLUDES},dropbear-initramfs"
395 409 fi
396 410
397 411 if [ -z "$CRYPTFS_PASSWORD" ] ; then
398 412 echo "error: no password defined (CRYPTFS_PASSWORD)!"
399 413 exit 1
400 414 fi
401 415 ENABLE_INITRAMFS=true
402 416 fi
403 417
404 418 # Add initramfs generation tools
405 419 if [ "$ENABLE_INITRAMFS" = true ] && [ "$BUILD_KERNEL" = true ] ; then
406 420 APT_INCLUDES="${APT_INCLUDES},initramfs-tools"
407 421 fi
408 422
409 423 # Add device-tree-compiler required for building the U-Boot bootloader
410 424 if [ "$ENABLE_UBOOT" = true ] ; then
411 425 APT_INCLUDES="${APT_INCLUDES},device-tree-compiler,bison,flex,bc"
412 426 fi
413 427
414 428 if [ "$ENABLE_USBBOOT" = true ] ; then
415 429 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 1P ] || [ "$RPI_MODEL" = 1 ] || [ "$RPI_MODEL" = 2 ]; then
416 430 echo "error: Booting from USB alone is only supported by Raspberry Pi 3 and 3P"
417 431 exit 1
418 432 fi
419 433 fi
420 434
421 435 # Check if root SSH (v2) public key file exists
422 436 if [ -n "$SSH_ROOT_PUB_KEY" ] ; then
423 437 if [ ! -f "$SSH_ROOT_PUB_KEY" ] ; then
424 438 echo "error: '$SSH_ROOT_PUB_KEY' specified SSH public key file not found (SSH_ROOT_PUB_KEY)!"
425 439 exit 1
426 440 fi
427 441 fi
428 442
429 443 # Check if $USER_NAME SSH (v2) public key file exists
430 444 if [ -n "$SSH_USER_PUB_KEY" ] ; then
431 445 if [ ! -f "$SSH_USER_PUB_KEY" ] ; then
432 446 echo "error: '$SSH_USER_PUB_KEY' specified SSH public key file not found (SSH_USER_PUB_KEY)!"
433 447 exit 1
434 448 fi
435 449 fi
436 450
437 451 if [ "$ENABLE_NEXMON" = true ] && [ -n "$KERNEL_BRANCH" ] ; then
438 452 echo "error: Please unset KERNEL_BRANCH if using ENABLE_NEXMON"
439 453 exit 1
440 454 fi
441 455
442 456 # Check if all required packages are installed on the build system
443 457 for package in $REQUIRED_PACKAGES ; do
444 458 if [ "$(dpkg-query -W -f='${Status}' "$package")" != "install ok installed" ] ; then
445 459 MISSING_PACKAGES="${MISSING_PACKAGES} $package"
446 460 fi
447 461 done
448 462
449 463 # If there are missing packages ask confirmation for install, or exit
450 464 if [ -n "$MISSING_PACKAGES" ] ; then
451 465 echo "the following packages needed by this script are not installed:"
452 466 echo "$MISSING_PACKAGES"
453 467
454 468 printf "\ndo you want to install the missing packages right now? [y/n] "
455 469 read -r confirm
456 470 [ "$confirm" != "y" ] && exit 1
457 471
458 472 # Make sure all missing required packages are installed
459 473 apt-get -qq -y install `echo "${MISSING_PACKAGES}" | sed "s/ //"`
460 474 fi
461 475
462 476 # Check if ./bootstrap.d directory exists
463 477 if [ ! -d "./bootstrap.d/" ] ; then
464 478 echo "error: './bootstrap.d' required directory not found!"
465 479 exit 1
466 480 fi
467 481
468 482 # Check if ./files directory exists
469 483 if [ ! -d "./files/" ] ; then
470 484 echo "error: './files' required directory not found!"
471 485 exit 1
472 486 fi
473 487
474 488 # Check if specified KERNELSRC_DIR directory exists
475 489 if [ -n "$KERNELSRC_DIR" ] && [ ! -d "$KERNELSRC_DIR" ] ; then
476 490 echo "error: '${KERNELSRC_DIR}' specified directory not found (KERNELSRC_DIR)!"
477 491 exit 1
478 492 fi
479 493
480 494 # Check if specified UBOOTSRC_DIR directory exists
481 495 if [ -n "$UBOOTSRC_DIR" ] && [ ! -d "$UBOOTSRC_DIR" ] ; then
482 496 echo "error: '${UBOOTSRC_DIR}' specified directory not found (UBOOTSRC_DIR)!"
483 497 exit 1
484 498 fi
485 499
486 500 # Check if specified VIDEOCORESRC_DIR directory exists
487 501 if [ -n "$VIDEOCORESRC_DIR" ] && [ ! -d "$VIDEOCORESRC_DIR" ] ; then
488 502 echo "error: '${VIDEOCORESRC_DIR}' specified directory not found (VIDEOCORESRC_DIR)!"
489 503 exit 1
490 504 fi
491 505
492 506 # Check if specified FBTURBOSRC_DIR directory exists
493 507 if [ -n "$FBTURBOSRC_DIR" ] && [ ! -d "$FBTURBOSRC_DIR" ] ; then
494 508 echo "error: '${FBTURBOSRC_DIR}' specified directory not found (FBTURBOSRC_DIR)!"
495 509 exit 1
496 510 fi
497 511
498 512 # Check if specified NEXMONSRC_DIR directory exists
499 513 if [ -n "$NEXMONSRC_DIR" ] && [ ! -d "$NEXMONSRC_DIR" ] ; then
500 514 echo "error: '${NEXMONSRC_DIR}' specified directory not found (NEXMONSRC_DIR)!"
501 515 exit 1
502 516 fi
503 517
504 518 # Check if specified CHROOT_SCRIPTS directory exists
505 519 if [ -n "$CHROOT_SCRIPTS" ] && [ ! -d "$CHROOT_SCRIPTS" ] ; then
506 520 echo "error: ${CHROOT_SCRIPTS} specified directory not found (CHROOT_SCRIPTS)!"
507 521 exit 1
508 522 fi
509 523
510 524 # Check if specified device mapping already exists (will be used by cryptsetup)
511 525 if [ -r "/dev/mapping/${CRYPTFS_MAPPING}" ] ; then
512 526 echo "error: mapping /dev/mapping/${CRYPTFS_MAPPING} already exists, not proceeding"
513 527 exit 1
514 528 fi
515 529
516 530 # Don't clobber an old build
517 531 if [ -e "$BUILDDIR" ] ; then
518 532 echo "error: directory ${BUILDDIR} already exists, not proceeding"
519 533 exit 1
520 534 fi
521 535
522 536 # Setup chroot directory
523 537 mkdir -p "${R}"
524 538
525 539 # Check if build directory has enough of free disk space >512MB
526 540 if [ "$(df --output=avail "${BUILDDIR}" | sed "1d")" -le "524288" ] ; then
527 541 echo "error: ${BUILDDIR} not enough space left to generate the output image!"
528 542 exit 1
529 543 fi
530 544
531 545 set -x
532 546
533 547 # Call "cleanup" function on various signals and errors
534 548 trap cleanup 0 1 2 3 6
535 549
536 550 # Add required packages for the minbase installation
537 551 if [ "$ENABLE_MINBASE" = true ] ; then
538 552 APT_INCLUDES="${APT_INCLUDES},vim-tiny,netbase,net-tools,ifupdown"
539 553 fi
540 554
541 555 # Add parted package, required to get partprobe utility
542 556 if [ "$EXPANDROOT" = true ] ; then
543 557 APT_INCLUDES="${APT_INCLUDES},parted"
544 558 fi
545 559
546 560 # Add dphys-swapfile package, required to enable swap
547 561 if [ "$ENABLE_DPHYSSWAP" = true ] ; then
548 562 APT_INCLUDES="${APT_INCLUDES},dphys-swapfile"
549 563 fi
550 564
551 565 # Add dbus package, recommended if using systemd
552 566 if [ "$ENABLE_DBUS" = true ] ; then
553 567 APT_INCLUDES="${APT_INCLUDES},dbus"
554 568 fi
555 569
556 570 # Add iptables IPv4/IPv6 package
557 571 if [ "$ENABLE_IPTABLES" = true ] ; then
558 572 APT_INCLUDES="${APT_INCLUDES},iptables,iptables-persistent"
559 573 fi
560 574 # Add apparmor for KERNEL_SECURITY
561 575 if [ "$KERNEL_SECURITY" = true ] ; then
562 576 APT_INCLUDES="${APT_INCLUDES},apparmor,apparmor-utils,apparmor-profiles,apparmor-profiles-extra,libapparmor-perl"
563 577 fi
564 578
565 579 # Add openssh server package
566 580 if [ "$ENABLE_SSHD" = true ] ; then
567 581 APT_INCLUDES="${APT_INCLUDES},openssh-server"
568 582 fi
569 583
570 584 # Add alsa-utils package
571 585 if [ "$ENABLE_SOUND" = true ] ; then
572 586 APT_INCLUDES="${APT_INCLUDES},alsa-utils"
573 587 fi
574 588
575 589 # Add rng-tools package
576 590 if [ "$ENABLE_HWRANDOM" = true ] ; then
577 591 APT_INCLUDES="${APT_INCLUDES},rng-tools"
578 592 fi
579 593
580 594 # Add fbturbo video driver
581 595 if [ "$ENABLE_FBTURBO" = true ] ; then
582 596 # Enable xorg package dependencies
583 597 ENABLE_XORG=true
584 598 fi
585 599
586 600 # Add user defined window manager package
587 601 if [ -n "$ENABLE_WM" ] ; then
588 602 APT_INCLUDES="${APT_INCLUDES},${ENABLE_WM}"
589 603
590 604 # Enable xorg package dependencies
591 605 ENABLE_XORG=true
592 606 fi
593 607
594 608 # Add xorg package
595 609 if [ "$ENABLE_XORG" = true ] ; then
596 610 APT_INCLUDES="${APT_INCLUDES},xorg,dbus-x11"
597 611 fi
598 612
599 613 # Replace selected packages with smaller clones
600 614 if [ "$ENABLE_REDUCE" = true ] ; then
601 615 # Add levee package instead of vim-tiny
602 616 if [ "$REDUCE_VIM" = true ] ; then
603 617 APT_INCLUDES="$(echo ${APT_INCLUDES} | sed "s/vim-tiny/levee/")"
604 618 fi
605 619
606 620 # Add dropbear package instead of openssh-server
607 621 if [ "$REDUCE_SSHD" = true ] ; then
608 622 APT_INCLUDES="$(echo "${APT_INCLUDES}" | sed "s/openssh-server/dropbear/")"
609 623 fi
610 624 fi
611 625
612 626 # Configure systemd-sysv exclude to make halt/reboot/shutdown scripts available
613 627 if [ "$ENABLE_SYSVINIT" = false ] ; then
614 628 APT_EXCLUDES="--exclude=${APT_EXCLUDES},init,systemd-sysv"
615 629 fi
616 630
617 631 # Configure kernel sources if no KERNELSRC_DIR
618 632 if [ "$BUILD_KERNEL" = true ] && [ -z "$KERNELSRC_DIR" ] ; then
619 633 KERNELSRC_CONFIG=true
620 634 fi
621 635
622 636 # Configure reduced kernel
623 637 if [ "$KERNEL_REDUCE" = true ] ; then
624 638 KERNELSRC_CONFIG=false
625 639 fi
626 640
627 641 # Configure qemu compatible kernel
628 642 if [ "$ENABLE_QEMU" = true ] ; then
629 643 DTB_FILE=vexpress-v2p-ca15_a7.dtb
630 644 UBOOT_CONFIG=vexpress_ca15_tc2_defconfig
631 645 KERNEL_DEFCONFIG="vexpress_defconfig"
632 646 if [ "$KERNEL_MENUCONFIG" = false ] ; then
633 647 KERNEL_OLDDEFCONFIG=true
634 648 fi
635 649 fi
636 650
637 651 # Execute bootstrap scripts
638 652 for SCRIPT in bootstrap.d/*.sh; do
639 653 head -n 3 "$SCRIPT"
640 654 . "$SCRIPT"
641 655 done
642 656
643 657 ## Execute custom bootstrap scripts
644 658 if [ -d "custom.d" ] ; then
645 659 for SCRIPT in custom.d/*.sh; do
646 660 . "$SCRIPT"
647 661 done
648 662 fi
649 663
650 664 # Execute custom scripts inside the chroot
651 665 if [ -n "$CHROOT_SCRIPTS" ] && [ -d "$CHROOT_SCRIPTS" ] ; then
652 666 cp -r "${CHROOT_SCRIPTS}" "${R}/chroot_scripts"
653 667 chroot_exec /bin/bash -x <<'EOF'
654 668 for SCRIPT in /chroot_scripts/* ; do
655 669 if [ -f $SCRIPT -a -x $SCRIPT ] ; then
656 670 $SCRIPT
657 671 fi
658 672 done
659 673 EOF
660 674 rm -rf "${R}/chroot_scripts"
661 675 fi
662 676
663 677 # Remove c/c++ build environment from the chroot
664 678 chroot_remove_cc
665 679
666 680 # Generate required machine-id
667 681 MACHINE_ID=$(dbus-uuidgen)
668 682 echo -n "${MACHINE_ID}" > "${R}/var/lib/dbus/machine-id"
669 683 echo -n "${MACHINE_ID}" > "${ETC_DIR}/machine-id"
670 684
671 685 # APT Cleanup
672 686 chroot_exec apt-get -y clean
673 687 chroot_exec apt-get -y autoclean
674 688 chroot_exec apt-get -y autoremove
675 689
676 690 # Unmount mounted filesystems
677 691 umount -l "${R}/proc"
678 692 umount -l "${R}/sys"
679 693
680 694 # Clean up directories
681 695 rm -rf "${R}/run/*"
682 696 rm -rf "${R}/tmp/*"
683 697
684 698 # Clean up APT proxy settings
685 699 if [ "$KEEP_APT_PROXY" = false ] ; then
686 700 rm -f "${ETC_DIR}/apt/apt.conf.d/10proxy"
687 701 fi
688 702
689 703 # Clean up files
690 704 rm -f "${ETC_DIR}/ssh/ssh_host_*"
691 705 rm -f "${ETC_DIR}/dropbear/dropbear_*"
692 706 rm -f "${ETC_DIR}/apt/sources.list.save"
693 707 rm -f "${ETC_DIR}/resolvconf/resolv.conf.d/original"
694 708 rm -f "${ETC_DIR}/*-"
695 709 rm -f "${ETC_DIR}/resolv.conf"
696 710 rm -f "${R}/root/.bash_history"
697 711 rm -f "${R}/var/lib/urandom/random-seed"
698 712 rm -f "${R}/initrd.img"
699 713 rm -f "${R}/vmlinuz"
700 714 rm -f "${R}${QEMU_BINARY}"
701 715
702 716 if [ "$ENABLE_QEMU" = true ] ; then
703 717 # Setup QEMU directory
704 718 mkdir "${BASEDIR}/qemu"
705 719
706 720 # Copy kernel image to QEMU directory
707 721 install_readonly "${BOOT_DIR}/${KERNEL_IMAGE}" "${BASEDIR}/qemu/${KERNEL_IMAGE}"
708 722
709 723 # Copy kernel config to QEMU directory
710 724 install_readonly "${R}/boot/config-${KERNEL_VERSION}" "${BASEDIR}/qemu/config-${KERNEL_VERSION}"
711 725
712 726 # Copy kernel dtbs to QEMU directory
713 727 for dtb in "${BOOT_DIR}/"*.dtb ; do
714 728 if [ -f "${dtb}" ] ; then
715 729 install_readonly "${dtb}" "${BASEDIR}/qemu/"
716 730 fi
717 731 done
718 732
719 733 # Copy kernel overlays to QEMU directory
720 734 if [ -d "${BOOT_DIR}/overlays" ] ; then
721 735 # Setup overlays dtbs directory
722 736 mkdir "${BASEDIR}/qemu/overlays"
723 737
724 738 for dtb in "${BOOT_DIR}/overlays/"*.dtbo ; do
725 739 if [ -f "${dtb}" ] ; then
726 740 install_readonly "${dtb}" "${BASEDIR}/qemu/overlays/"
727 741 fi
728 742 done
729 743 fi
730 744
731 745 # Copy u-boot files to QEMU directory
732 746 if [ "$ENABLE_UBOOT" = true ] ; then
733 747 if [ -f "${BOOT_DIR}/u-boot.bin" ] ; then
734 748 install_readonly "${BOOT_DIR}/u-boot.bin" "${BASEDIR}/qemu/u-boot.bin"
735 749 fi
736 750 if [ -f "${BOOT_DIR}/uboot.mkimage" ] ; then
737 751 install_readonly "${BOOT_DIR}/uboot.mkimage" "${BASEDIR}/qemu/uboot.mkimage"
738 752 fi
739 753 if [ -f "${BOOT_DIR}/boot.scr" ] ; then
740 754 install_readonly "${BOOT_DIR}/boot.scr" "${BASEDIR}/qemu/boot.scr"
741 755 fi
742 756 fi
743 757
744 758 # Copy initramfs to QEMU directory
745 759 if [ -f "${BOOT_DIR}/initramfs-${KERNEL_VERSION}" ] ; then
746 760 install_readonly "${BOOT_DIR}/initramfs-${KERNEL_VERSION}" "${BASEDIR}/qemu/initramfs-${KERNEL_VERSION}"
747 761 fi
748 762 fi
749 763
750 764 # Calculate size of the chroot directory in KB
751 765 CHROOT_SIZE=$(expr "$(du -s "${R}" | awk '{ print $1 }')")
752 766
753 767 # Calculate the amount of needed 512 Byte sectors
754 768 TABLE_SECTORS=$(expr 1 \* 1024 \* 1024 \/ 512)
755 769 FRMW_SECTORS=$(expr 64 \* 1024 \* 1024 \/ 512)
756 770 ROOT_OFFSET=$(expr "${TABLE_SECTORS}" + "${FRMW_SECTORS}")
757 771
758 772 # The root partition is EXT4
759 773 # This means more space than the actual used space of the chroot is used.
760 774 # As overhead for journaling and reserved blocks 35% are added.
761 775 ROOT_SECTORS=$(expr "$(expr "${CHROOT_SIZE}" + "${CHROOT_SIZE}" \/ 100 \* 35)" \* 1024 \/ 512)
762 776
763 777 # Calculate required image size in 512 Byte sectors
764 778 IMAGE_SECTORS=$(expr "${TABLE_SECTORS}" + "${FRMW_SECTORS}" + "${ROOT_SECTORS}")
765 779
766 780 # Prepare image file
767 781 if [ "$ENABLE_SPLITFS" = true ] ; then
768 782 dd if=/dev/zero of="$IMAGE_NAME-frmw.img" bs=512 count="${TABLE_SECTORS}"
769 783 dd if=/dev/zero of="$IMAGE_NAME-frmw.img" bs=512 count=0 seek="${FRMW_SECTORS}"
770 784 dd if=/dev/zero of="$IMAGE_NAME-root.img" bs=512 count="${TABLE_SECTORS}"
771 785 dd if=/dev/zero of="$IMAGE_NAME-root.img" bs=512 count=0 seek="${ROOT_SECTORS}"
772 786
773 787 # Write firmware/boot partition tables
774 788 sfdisk -q -L -uS -f "$IMAGE_NAME-frmw.img" 2> /dev/null <<EOM
775 789 ${TABLE_SECTORS},${FRMW_SECTORS},c,*
776 790 EOM
777 791
778 792 # Write root partition table
779 793 sfdisk -q -L -uS -f "$IMAGE_NAME-root.img" 2> /dev/null <<EOM
780 794 ${TABLE_SECTORS},${ROOT_SECTORS},83
781 795 EOM
782 796
783 797 # Setup temporary loop devices
784 798 FRMW_LOOP="$(losetup -o 1M --sizelimit 64M -f --show "$IMAGE_NAME"-frmw.img)"
785 799 ROOT_LOOP="$(losetup -o 1M -f --show "$IMAGE_NAME"-root.img)"
786 800 else # ENABLE_SPLITFS=false
787 801 dd if=/dev/zero of="$IMAGE_NAME.img" bs=512 count="${TABLE_SECTORS}"
788 802 dd if=/dev/zero of="$IMAGE_NAME.img" bs=512 count=0 seek="${IMAGE_SECTORS}"
789 803
790 804 # Write partition table
791 805 sfdisk -q -L -uS -f "$IMAGE_NAME.img" 2> /dev/null <<EOM
792 806 ${TABLE_SECTORS},${FRMW_SECTORS},c,*
793 807 ${ROOT_OFFSET},${ROOT_SECTORS},83
794 808 EOM
795 809
796 810 # Setup temporary loop devices
797 811 FRMW_LOOP="$(losetup -o 1M --sizelimit 64M -f --show "$IMAGE_NAME".img)"
798 812 ROOT_LOOP="$(losetup -o 65M -f --show "$IMAGE_NAME".img)"
799 813 fi
800 814
801 815 if [ "$ENABLE_CRYPTFS" = true ] ; then
802 816 # Create dummy ext4 fs
803 817 mkfs.ext4 "$ROOT_LOOP"
804 818
805 819 # Setup password keyfile
806 820 touch .password
807 821 chmod 600 .password
808 822 echo -n ${CRYPTFS_PASSWORD} > .password
809 823
810 824 # Initialize encrypted partition
811 825 echo "YES" | cryptsetup luksFormat "${ROOT_LOOP}" -c "${CRYPTFS_CIPHER}" -s "${CRYPTFS_XTSKEYSIZE}" .password
812 826
813 827 # Open encrypted partition and setup mapping
814 828 cryptsetup luksOpen "${ROOT_LOOP}" -d .password "${CRYPTFS_MAPPING}"
815 829
816 830 # Secure delete password keyfile
817 831 shred -zu .password
818 832
819 833 # Update temporary loop device
820 834 ROOT_LOOP="/dev/mapper/${CRYPTFS_MAPPING}"
821 835
822 836 # Wipe encrypted partition (encryption cipher is used for randomness)
823 837 dd if=/dev/zero of="${ROOT_LOOP}" bs=512 count="$(blockdev --getsz "${ROOT_LOOP}")"
824 838 fi
825 839
826 840 # Build filesystems
827 841 mkfs.vfat "$FRMW_LOOP"
828 842 mkfs.ext4 "$ROOT_LOOP"
829 843
830 844 # Mount the temporary loop devices
831 845 mkdir -p "$BUILDDIR/mount"
832 846 mount "$ROOT_LOOP" "$BUILDDIR/mount"
833 847
834 848 mkdir -p "$BUILDDIR/mount/boot/firmware"
835 849 mount "$FRMW_LOOP" "$BUILDDIR/mount/boot/firmware"
836 850
837 851 # Copy all files from the chroot to the loop device mount point directory
838 852 rsync -a "${R}/" "$BUILDDIR/mount/"
839 853
840 854 # Unmount all temporary loop devices and mount points
841 855 cleanup
842 856
843 857 # Create block map file(s) of image(s)
844 858 if [ "$ENABLE_SPLITFS" = true ] ; then
845 859 # Create block map files for "bmaptool"
846 860 bmaptool create -o "$IMAGE_NAME-frmw.bmap" "$IMAGE_NAME-frmw.img"
847 861 bmaptool create -o "$IMAGE_NAME-root.bmap" "$IMAGE_NAME-root.img"
848 862
849 863 # Image was successfully created
850 864 echo "$IMAGE_NAME-frmw.img ($(expr \( "${TABLE_SECTORS}" + "${FRMW_SECTORS}" \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
851 865 echo "$IMAGE_NAME-root.img ($(expr \( "${TABLE_SECTORS}" + "${ROOT_SECTORS}" \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
852 866 else
853 867 # Create block map file for "bmaptool"
854 868 bmaptool create -o "$IMAGE_NAME.bmap" "$IMAGE_NAME.img"
855 869
856 870 # Image was successfully created
857 871 echo "$IMAGE_NAME.img ($(expr \( "${TABLE_SECTORS}" + "${FRMW_SECTORS}" + "${ROOT_SECTORS}" \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
858 872
859 873 # Create qemu qcow2 image
860 874 if [ "$ENABLE_QEMU" = true ] ; then
861 875 QEMU_IMAGE=${QEMU_IMAGE:=${BASEDIR}/qemu/${DATE}-${KERNEL_ARCH}-CURRENT-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}}
862 876 QEMU_SIZE=16G
863 877
864 878 qemu-img convert -f raw -O qcow2 "$IMAGE_NAME".img "$QEMU_IMAGE".qcow2
865 879 qemu-img resize "$QEMU_IMAGE".qcow2 $QEMU_SIZE
866 880
867 881 echo "$QEMU_IMAGE.qcow2 ($QEMU_SIZE)" ": successfully created"
868 882 fi
869 883 fi
General Comments 0
Vous devez vous connecter pour laisser un commentaire. Se connecter maintenant