##// END OF EJS Templates
Merge remote-tracking branch 'origin/test' into test
a <a> -
r623:7473bd66aa57 Fusion
parent child
Show More
@@ -0,0 +1,5
1 # Restart dphys-swapfile service if it exists
2 logger -t "rc.firstboot" "Restarting dphys-swapfile"
3
4 systemctl enable dphys-swapfile
5 systemctl restart dphys-swapfile
@@ -0,0 +1,4
1 # Configuration template file used by rpi23-gen-image.sh
2 RPI_MODEL=3
3 RELEASE=buster
4 BUILD_KERNEL=true
@@ -0,0 +1,4
1 # Configuration template file used by rpi23-gen-image.sh
2 RPI_MODEL=3
3 RELEASE=buster
4 BUILD_KERNEL=true
@@ -0,0 +1,15
1 # Configuration template file used by rpi23-gen-image.sh
2 # Debian Stretch using the Arm64 for kernel compilation and Debian distribution.
3
4 RPI_MODEL=3
5 RELEASE=stretch
6 BUILD_KERNEL=true
7 KERNEL_ARCH=arm64
8 RELEASE_ARCH=arm64
9 CROSS_COMPILE=aarch64-linux-gnu-
10 QEMU_BINARY=/usr/bin/qemu-aarch64-static
11 KERNEL_DEFCONFIG=bcmrpi3_defconfig
12 KERNEL_BIN_IMAGE=Image
13 KERNEL_IMAGE=kernel8.img
14 KERNEL_BRANCH=rpi-4.14.y
15 ENABLE_WIRELESS=true
@@ -0,0 +1,15
1 # Configuration template file used by rpi23-gen-image.sh
2 # Debian Stretch using the Arm64 for kernel compilation and Debian distribution.
3
4 RPI_MODEL=3
5 RELEASE=stretch
6 BUILD_KERNEL=true
7 KERNEL_ARCH=arm64
8 RELEASE_ARCH=arm64
9 CROSS_COMPILE=aarch64-linux-gnu-
10 QEMU_BINARY=/usr/bin/qemu-aarch64-static
11 KERNEL_DEFCONFIG=bcmrpi3_defconfig
12 KERNEL_BIN_IMAGE=Image
13 KERNEL_IMAGE=kernel8.img
14 KERNEL_BRANCH=rpi-4.14.y
15 ENABLE_WIRELESS=true
@@ -1,450 +1,450
1 1 ## 介绍
2 `rpi23-gen-image.sh` 是一个自动生成树莓派2/3系统镜像的脚本工具, 当前支持自动生成32位 armhf 架构的Debian, 发行版本`jessie`, `stretch``buster`. 树莓派3 64位镜像需要使用特定的配置参数 (```templates/rpi3-stretch-arm64-4.11.y```).
2 `rpi23-gen-image.sh` 是一个自动生成树莓派2/3系统镜像的脚本工具, 当前支持自动生成32位 armhf 架构的Debian, 发行版本`jessie`, `stretch``buster`. 树莓派3 64位镜像需要使用特定的配置参数 (```templates/rpi3-stretch-arm64-4.14.y```).
3 3
4 4 ## 构建环境所依赖的包
5 5 一定要安装好下列deb包, 他们是构建过程需要的核心包. 脚本会自动检查, 如果缺少,经用户确认后会自动安装.
6 6
7 7 ```debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git bc psmisc dbus sudo```
8 8
9 9 推荐通过配置 `rpi23-gen-image.sh` 脚本编译安装最新的树莓派 Linux 内核, 对于树莓派3, 只能如此. 在构建系统上使用 ARM (armhf) 交叉编译工具链编译内核.
10 10
11 11 脚本已经在Debian Liux `jessie` 和`stretch` 构建系统下使用默认的 `crossbuild-essential-armhf` 工具链进行过测试. 获取更多信息请查看 [Debian 交叉工具链 Wiki](https://wiki.debian.org/CrossToolchains) .
12 12
13 13 如果使用Debian Linux `jessie` 构建系统, 先要添加交叉编译工具链的源 [Debian 交叉工具链仓库](http://emdebian.org/tools/debian/):
14 14
15 15 ```
16 16 echo "deb http://emdebian.org/tools/debian/ jessie main" > /etc/apt/sources.list.d/crosstools.list
17 17 sudo -u nobody wget -O - http://emdebian.org/tools/debian/emdebian-toolchain-archive.key | apt-key add -
18 18 dpkg --add-architecture armhf
19 19 apt-get update
20 20 ```
21 21
22 22 ## 命令行参数
23 23 脚本可以使用特定的命令行参数来允许或禁止操作系统的某些特性、服务和配置信息. 这些参数通过(简单)脚本变量传递给 `rpi23-gen-image.sh`. 不同于环境变量, (简单)脚本变量在调用`rpi23-gen-image.sh`的命令行前面定义.
24 24
25 25 ##### 命令行示例:
26 26 ```shell
27 27 ENABLE_UBOOT=true ./rpi23-gen-image.sh
28 28 ENABLE_CONSOLE=false ENABLE_IPV6=false ./rpi23-gen-image.sh
29 29 ENABLE_WM=xfce4 ENABLE_FBTURBO=true ENABLE_MINBASE=true ./rpi23-gen-image.sh
30 30 ENABLE_HARDNET=true ENABLE_IPTABLES=true /rpi23-gen-image.sh
31 31 APT_SERVER=ftp.de.debian.org APT_PROXY="http://127.0.0.1:3142/" ./rpi23-gen-image.sh
32 32 ENABLE_MINBASE=true ./rpi23-gen-image.sh
33 33 BUILD_KERNEL=true ENABLE_MINBASE=true ENABLE_IPV6=false ./rpi23-gen-image.sh
34 34 BUILD_KERNEL=true KERNELSRC_DIR=/tmp/linux ./rpi23-gen-image.sh
35 35 ENABLE_MINBASE=true ENABLE_REDUCE=true ENABLE_MINGPU=true BUILD_KERNEL=true ./rpi23-gen-image.sh
36 36 ENABLE_CRYPTFS=true CRYPTFS_PASSWORD=changeme EXPANDROOT=false ENABLE_MINBASE=true ENABLE_REDUCE=true ENABLE_MINGPU=true BUILD_KERNEL=true ./rpi23-gen-image.sh
37 37 RELEASE=stretch BUILD_KERNEL=true ./rpi23-gen-image.sh
38 38 RPI_MODEL=3 ENABLE_WIRELESS=true ENABLE_MINBASE=true BUILD_KERNEL=true ./rpi23-gen-image.sh
39 39 RELEASE=stretch RPI_MODEL=3 ENABLE_WIRELESS=true ENABLE_MINBASE=true BUILD_KERNEL=true ./rpi23-gen-image.sh
40 40 ```
41 41
42 42 ## 参数模板文件
43 43 为了避免冗长的命令行参数以及存储感兴趣的参数配置, `rpi23-gen-image.sh` 支持所谓的参数模板文件 (`CONFIG_TEMPLATE`=template). 这些文本文件位于 `./templates` 目录, 文件中含有将会使用的配置参数. 新的配置模板文件会被添加到 `./templates` 目录.
44 44
45 45 ##### 命令行示例:
46 46 ```shell
47 47 CONFIG_TEMPLATE=rpi3stretch ./rpi23-gen-image.sh
48 48 CONFIG_TEMPLATE=rpi2stretch ./rpi23-gen-image.sh
49 49 ```
50 50
51 51 ## 支持的参数和设置
52 52 #### APT 设置:
53 53 ##### `APT_SERVER`="ftp.debian.org"
54 54 设置 Debian 仓库地址. 选择一个 [镜像站点](https://www.debian.org/mirror/list). 选一个近的镜像站点会加快镜像生成过程中所需文件的下载速度.
55 55
56 56 ##### `APT_PROXY`=""
57 57 设置代理服务器地址. 使用本地缓存代理, 比如 `apt-cacher-ng` 可以缩短镜像生成时间, 因为所需要的 Debian 包文件只需下载一次.
58 58
59 59 ##### `APT_INCLUDES`=""
60 60 生成镜像过程中最先由debootstrap程序自动安装的附加包, 逗号分隔.
61 61
62 62 ##### `APT_INCLUDES_LATE`=""
63 63 生成镜像过程中最初的debootstrap完成后, 需要的使用apt命令安装的附加包, 逗号分隔. 特别用在含有 pre-depend 依赖关系的包的, 其依赖关系在打包过程中debootstrap程序中无法正确处理.
64 64
65 65 ---
66 66
67 67 #### 通用系统设置:
68 68 ##### `RPI_MODEL`=2
69 69 指定树莓派型号. 当前支持树莓派 `2``3`. 设为 `3``BUILD_KERNEL` 自动设为true .
70 70
71 71 ##### `RELEASE`="jessie"
72 72 设置 Debian 发行版. 脚本当前支持 Debian 发行版 "jessie", "stretch" 和 "buster" 的自动生成. 设为`stretch` 或 `buster``BUILD_KERNEL` 自动设为true.
73 73
74 74 ##### `RELEASE_ARCH`="armhf"
75 75 设置期望的 Debian 发行架构.
76 76
77 77 ##### `HOSTNAME`="rpi$RPI_MODEL-$RELEASE"
78 78 设置主机名称. 建议所在的子网中主机名称是唯一的.
79 79
80 80 ##### `PASSWORD`="raspberry"
81 81 设置系统的 `root` 用户密码. **强烈**建议选择一个自定义密码 .
82 82
83 83 ##### `USER_PASSWORD`="raspberry"
84 84 设置由 `USER_NAME`=pi 参数创建的普通用户的密码. 如果 `ENABLE_USER`=false 则忽略. **强烈**建议选择一个自定义密码.
85 85
86 86 ##### `DEFLOCAL`="en_US.UTF-8"
87 87 设置系统默认 locale. 将来可以在运行的系统中执行 `dpkg-reconfigure locales` 命令更改此项设置. 设置这项脚本会自动安装 `locales`, `keyboard-configuration``console-setup` 三个包.
88 88
89 89 ##### `TIMEZONE`="Europe/Berlin"
90 90 设置系统默认时区. 可以在`/usr/share/zoneinfo/` 目录中找到全部可用时区. 将来可以在运行的系统中执行 `dpkg-reconfigure tzdata` 命令更改此项设置.
91 91
92 92 ##### `EXPANDROOT`=true
93 93 第一次运行时自动扩展根分区和文件系统.
94 94
95 95 ---
96 96
97 97 #### 键盘设置:
98 98 这些选项用来配置键盘布局文件 `/etc/default/keyboard` 影响控制台和X窗口. 将来可以在运行的系统中执行 `dpkg-reconfigure keyboard-configuration` 命令更改此项设置.
99 99
100 100 ##### `XKB_MODEL`=""
101 101 设置键盘类型, 大陆常见pc104.
102 102
103 103 ##### `XKB_LAYOUT`=""
104 104 设置键盘布局, 大陆常见us.
105 105
106 106 ##### `XKB_VARIANT`=""
107 107 设置键盘布局变种.
108 108
109 109 ##### `XKB_OPTIONS`=""
110 110 设置其它 XKB 配置选项.
111 111
112 112 ---
113 113
114 114 #### 网络设置 (动态):
115 115 设置网络为自动获取IP地址. 配置文件位于 `/etc/systemd/network/eth.network`. 在Debian `stretch`中, 默认位置更改为 `/lib/systemd/network`.
116 116
117 117 ##### `ENABLE_DHCP`=true
118 118 设置系统使用 DHCP 获取动态IP. 需要有一个 DHCP 服务器.
119 119
120 120 ---
121 121
122 122 #### 网络设置 (静态):
123 123 设置系统为手动配置IP地址. 配置文件位于 `/etc/systemd/network/eth.network`. 在Debian `stretch` 中, 默认位置更改为 `/lib/systemd/network`.
124 124 `ENABLE_DHCP`=false 时下面这些静态IP设置才起作用.
125 125
126 126 ##### `NET_ADDRESS`=""
127 127 设置静态 IPv4 或 IPv6, 使用CIDR "/"形式, 如 "192.169.0.3/24".
128 128
129 129 ##### `NET_GATEWAY`=""
130 130 设置默认网关的地址.
131 131
132 132 ##### `NET_DNS_1`=""
133 133 设置主域名服务器地址.
134 134
135 135 ##### `NET_DNS_2`=""
136 136 设置辅域名服务器地址.
137 137
138 138 ##### `NET_DNS_DOMAINS`=""
139 139 设置默认的域名搜索后缀, 当主机名称不是一个完整域名(FQDN)时使用.
140 140
141 141 ##### `NET_NTP_1`=""
142 142 设置主时间服务器地址.
143 143
144 144 ##### `NET_NTP_2`=""
145 145 设置辅时间服务器地址.
146 146
147 147 ---
148 148
149 149 #### 基本系统特性:
150 150 ##### `ENABLE_CONSOLE`=true
151 151 允许串行控制台接口. 没有连接显示器键盘的树莓派推荐打开, 此时如果网络无法连接至树莓派, 可以使用串行控制台连至系统.
152 152
153 153 ##### `ENABLE_I2C`=false
154 154 允许树莓派2/3的 I2C 接口. 请对照 [树莓派2/3 引脚示意图](https://elinux.org/RPi_Low-level_peripherals) 正确连接 GPIO 引脚.
155 155
156 156 ##### `ENABLE_SPI`=false
157 157 允许树莓派2/3的 SPI 接口. 请对照 [树莓派2/3 引脚示意图](https://elinux.org/RPi_Low-level_peripherals) 正确连接 GPIO 引脚.
158 158
159 159 ##### `ENABLE_IPV6`=true
160 160 允许 IPv6 . 通过 systemd-networkd 配置管理网络接口.
161 161
162 162 ##### `ENABLE_SSHD`=true
163 163 安装并且允许 OpenSSH 服务. 此服务默认禁止 `root` 用户远程登录. 使用普通用户 `pi` 远程登录然后使用 `su -``sudo` 来取得root权限.
164 164
165 165 ##### `ENABLE_NONFREE`=false
166 166 允许安装仓库中的 non-free 类的软件包. 需要安装闭源的固件, 二进制大对象 blob.
167 167
168 168 ##### `ENABLE_WIRELESS`=false
169 169 下载安装树莓派3无线接口所需要的闭源固件 二进制blob [树莓派3无线接口固件](https://github.com/RPi-Distro/firmware-nonfree/tree/master/brcm80211/brcm). 如果 `RPI_MODEL` 不是 `3` 则忽略.
170 170
171 171 ##### `ENABLE_RSYSLOG`=true
172 172 如果设置为 false, 禁用并卸载 rsyslog, 则只能通过日志文件查看logs.
173 173
174 174 ##### `ENABLE_SOUND`=true
175 175 允许声卡并且安装 ALSA.
176 176
177 177 ##### `ENABLE_HWRANDOM`=true
178 178 允许硬件随机数发生器. 强随机数对大多数使用加密的网络通信是非常重要的. 推荐允许此设置.
179 179
180 180 ##### `ENABLE_MINGPU`=false
181 181 最小化显存 (16MB, no X), 目前无法完全禁用GPU.
182 182
183 183 ##### `ENABLE_DBUS`=true
184 184 安装并允许 D-Bus 消息总线. 虽然 systemd 可以在没有 D-bus的情况下工作, 但是推荐允许D-Bus.
185 185
186 186 ##### `ENABLE_XORG`=false
187 187 是否安装 Xorg, 开源 X11 系统.
188 188
189 189 ##### `ENABLE_WM`=""
190 190 安装用户指定的X Window 窗口管理器. 如果设置了`ENABLE_WM`, 系统确定所有被依赖的X11相关软件包都安装好了以后`ENABLE_XORG`会自动设置为true, `rpi23-gen-image.sh` 脚本已经通过下列窗口管理器的测试: `blackbox`, `openbox`, `fluxbox`, `jwm`, `dwm`, `xfce4`, `awesome`.
191 191
192 192 ---
193 193
194 194 #### 高级系统特性:
195 195 ##### `ENABLE_MINBASE`=false
196 196 使用 debootstrap 脚本变量 `minbase`, 只含有必不可少的核心包和apt. 体积大约 65 MB.
197 197
198 198 ##### `ENABLE_REDUCE`=false
199 199 卸载包、删除文件以减小体积 详情查看 `REDUCE_*` 参数.
200 200
201 201 ##### `ENABLE_UBOOT`=false
202 202 使用 [U-Boot 引导器](https://git.denx.de/?p=u-boot.git;a=summary) 替代树莓派2/3 默认的第二阶段引导器(bootcode.bin). U-Boot 可以通过网络使用 BOOTP/TFTP 协议引导镜像文件.
203 203
204 204 ##### `UBOOTSRC_DIR`=""
205 205 存放已下载 [U-Boot 引导器源文件](https://git.denx.de/?p=u-boot.git;a=summary) 的目录(`u-boot`).
206 206
207 207 ##### `ENABLE_FBTURBO`=false
208 208 安装并且允许 [硬件加速的 Xorg 显卡驱动](https://github.com/ssvb/xf86-video-fbturbo) `fbturbo`. 当前仅支持窗口的移动和滚动的硬件加速.
209 209
210 210 ##### `FBTURBOSRC_DIR`=""
211 211 设置存放已下载的 [硬件加速的 Xorg 显卡驱动](https://github.com/ssvb/xf86-video-fbturbo) 的目录 (`xf86-video-fbturbo`) , 可以复制到chroot内配置、构建和安装.
212 212
213 213 ##### `ENABLE_IPTABLES`=false
214 214 允许 iptables 防火墙. 使用最简单的规则集: 允许所有出站连接;禁止除OpenSSH外的所有入站连接.
215 215
216 216 ##### `ENABLE_USER`=true
217 217 创建普通用户, 默认用户名`pi`, 默认密码raspberry. 可以使用 `USER_NAME`=user 更改默认用户名;使用 `USER_PASSWORD`=raspberry 更改默认密码.
218 218
219 219 ##### `USER_NAME`=pi
220 220 创建普通用户pi. 如果`ENABLE_USER`=false 此参数被忽略.
221 221
222 222 ##### `ENABLE_ROOT`=false
223 223 允许root用户登录, 需要设置 root 用户密码.
224 224
225 225 ##### `ENABLE_HARDNET`=false
226 226 允许加固 IPv4/IPv6 协议栈, 防止DoS攻击.
227 227
228 228 ##### `ENABLE_SPLITFS`=false
229 229 允许将根分区放在USB驱动器中. 将会生成两个镜像文件, 一个挂载为 `/boot/firmware` , 另一个挂载为 `/`.
230 230
231 231 ##### `CHROOT_SCRIPTS`=""
232 232 设置自定义脚本目录的路径, 该目录中的脚本在镜像文件构建完成之前在chroot中运行. 这个目录里的可执行文件按着字典序运行.
233 233
234 234 ##### `ENABLE_INITRAMFS`=false
235 235 创建 Linux 启动时加载的 initramfs .如果 `ENABLE_CRYPTFS`=true 那么 `ENABLE_INITRAMFS` 自动设为true . 如果 `BUILD_KERNEL`=false 此参数被忽略.
236 236
237 237 ##### `ENABLE_IFNAMES`=true
238 238 允许一致/可预测网络接口命名, 支持 Debian 发行版 `stretch``buster` .
239 239
240 240 ##### `DISABLE_UNDERVOLT_WARNINGS`=
241 241 禁止树莓派2/3 的低电压警告. 设为 `1` 禁止警告. 设为 `2` 额外允许低电压下的turbo增强模式.
242 242
243 243 ---
244 244
245 245 #### SSH 设置:
246 246 ##### `SSH_ENABLE_ROOT`=false
247 247 允许root通过密码验证方式远程登录系统. 如果没有修改默认密码, 这将是个巨大的安全隐患. `ENABLE_ROOT` 必须设为 `true`.
248 248
249 249 ##### `SSH_DISABLE_PASSWORD_AUTH`=false
250 250 禁用SSH的密码验证方式, 只支持SSH (v2)的公钥认证.
251 251
252 252 ##### `SSH_LIMIT_USERS`=false
253 253 限制通过SSH远程登录的用户. 只允许由 `USER_NAME`=pi 参数创建的普通用户, 以及当 `SSH_ENABLE_ROOT`=true 时 root 用户远程登录. 如果使用的守护程序是 `dropbear` (通过 `REDUCE_SSHD`=true 设置) 则忽略此参数.
254 254
255 255 ##### `SSH_ROOT_PUB_KEY`=""
256 256 从指定文件(可包含多个公钥)添加 SSH (v2) 公钥到 `authorized_keys` 文件, 使得 `root` 用户可以使用SSH (v2)的公钥验证方式远程登录, 不支持SSH (v1). `ENABLE_ROOT` **和** `SSH_ENABLE_ROOT` 必须同时设为 `true`.
257 257
258 258 ##### `SSH_USER_PUB_KEY`=""
259 259 从指定文件(可包含多个公钥)添加 SSH (v2) 公钥到 `authorized_keys` 文件, 使得由 `USER_NAME`=pi 参数创建的普通用户可以使用SSH (v2)的公钥验证方式远程登录, 不支持SSH (v1).
260 260
261 261 ---
262 262
263 263 #### 内核编译:
264 264 ##### `BUILD_KERNEL`=false
265 265 构建安装最新的树莓派 2/3 Linux 内核, 当前只支持默认内核配置. 如果设置为树莓派`3`那么自动设置`BUILD_KERNEL`=true .
266 266
267 267 ##### `CROSS_COMPILE`="arm-linux-gnueabihf-"
268 268 设置交叉编译器.
269 269
270 270 ##### `KERNEL_ARCH`="arm"
271 271 设置内核架构.
272 272
273 273 ##### `KERNEL_IMAGE`="kernel7.img"
274 274 内核镜像名称, 如果没有设置, 编译32位内核默认“kernel7.img” 64位内核默认 "kernel8.img".
275 275
276 276 ##### `KERNEL_BRANCH`=""
277 277 GIT里的树莓派内核源代码分支名称, 默认使用当前默认分支.
278 278
279 279 ##### `QEMU_BINARY`="/usr/bin/qemu-arm-static"
280 280 设置构建系统中的QEMU程序位置. 如果没有设置, 32位内核默认 “/usr/bin/qemu-arm-static” 64位内核默认 "/usr/bin/qemu-aarch64-static".
281 281
282 282 ##### `KERNEL_DEFCONFIG`="bcm2709_defconfig"
283 283 设置编译内核的默认配置. 如果没有设置, 32位内核默认"bcm2709_defconfig" 64位内核默认"bcmrpi3\_defconfig".
284 284
285 285 ##### `KERNEL_REDUCE`=false
286 286 缩小内核体积, 移除不想要的设备驱动、网络驱动和文件系统驱动 (实验性质).
287 287
288 288 ##### `KERNEL_THREADS`=1
289 289 编译内核时的并发线程数量. 如果使用默认设置, 系统会自动检测CPU的内核数量, 设置线程数量, 加速内核编译.
290 290
291 291 ##### `KERNEL_HEADERS`=true
292 292 安装内核相应的头文件.
293 293
294 294 ##### `KERNEL_MENUCONFIG`=false
295 295 运行`make menuconfig`使用菜单界面配置内核. 退出配置菜单后脚本继续运行.
296 296
297 297 ##### `KERNEL_REMOVESRC`=true
298 298 编译安装完成后, 删掉内核源代码, 产生的镜像不含内核源代码.
299 299
300 300 ##### `KERNELSRC_DIR`=""
301 301 已下载好的 [Github上的树莓派官方内核](https://github.com/raspberrypi/linux) 源码所在目录 (`linux`) 的路径, 可以复制到chroot内配置、构建和安装.
302 302
303 303 ##### `KERNELSRC_CLEAN`=false
304 304 当`KERNELSRC_DIR`被复制到 chroot 之后开始编译之前(使用 `make mrproper`)清理内核源代码. 如果 `KERNELSRC_DIR` 没有设置或者 `KERNELSRC_PREBUILT`=true时忽略此设置.
305 305
306 306 ##### `KERNELSRC_CONFIG`=true
307 307 在编译前使用 `make bcm2709_defconfig` (也可以选择 `make menuconfig`) 配置内核源代码. 如果`KERNELSRC_DIR`指定的源码存放目录不存在,这个参数自动设为 `true`. 如果 `KERNELSRC_PREBUILT`=true 忽略此参数.
308 308
309 309 ##### `KERNELSRC_USRCONFIG`=""
310 310 复制自己的配置文件到内核的 `.config`. 如果 `KERNEL_MENUCONFIG`=true 拷贝完成后自动运行 make menuconfig.
311 311
312 312 ##### `KERNELSRC_PREBUILT`=false
313 313 如果这个参数设为true 表示内核源代码目录中包含成功交叉编译好的内核. 忽略 `KERNELSRC_CLEAN`, `KERNELSRC_CONFIG`, `KERNELSRC_USRCONFIG` and `KERNEL_MENUCONFIG` 这四个参数,不再执行交叉编译操作.
314 314
315 315 ##### `RPI_FIRMWARE_DIR`=""
316 316 指定目录 (`firmware`) 含有已经从 [Github上的树莓派官方固件](https://github.com/raspberrypi/firmware)下载到本地的固件. 默认直接从网上下载最新的固件.
317 317
318 318 ---
319 319
320 320 #### 缩小体积:
321 321 如果 `ENABLE_REDUCE`=false 则忽略下列参数.
322 322
323 323 ##### `REDUCE_APT`=true
324 324 配置 APT,压缩仓库文件列表,不缓存下载的包文件.
325 325
326 326 ##### `REDUCE_DOC`=true
327 327 移除所有的doc文档文件(harsh). 配置 APT, 将来使用`apt-get`安装deb包时不包括doc文件.
328 328
329 329 ##### `REDUCE_MAN`=true
330 330 移除所有的man手册页和info文件 (harsh). 配置 APT, 将来使用`apt-get`安装deb包时不包括man手册页.
331 331
332 332 ##### `REDUCE_VIM`=false
333 333 使用vim的小型克隆 `levee` 替代 `vim-tiny`.
334 334
335 335 ##### `REDUCE_BASH`=false
336 336 使用 `dash` 代替 `bash` (实验性质).
337 337
338 338 ##### `REDUCE_HWDB`=true
339 339 移除与 PCI 相关的 hwdb 文件 (实验性质).
340 340
341 341 ##### `REDUCE_SSHD`=true
342 342 使用`dropbear`代替 `openssh-server`.
343 343
344 344 ##### `REDUCE_LOCALE`=true
345 345 移除所有的 `locale` 本地化文件.
346 346
347 347 ---
348 348
349 349 #### 加密根分区:
350 350 ##### `ENABLE_CRYPTFS`=false
351 351 使用dm-crypt进行全盘加密. 创建一个 LUKS 加密根分区 (加密方法 aes-xts-plain64:sha512) 并生成所需要的 initramfs. /boot 目录不会被加密. 当`BUILD_KERNEL`=false时忽略此参数. `ENABLE_CRYPTFS` 这个参数当前是实验性质的. SSH-to-initramfs 当前不支持,正在进行中.
352 352
353 353 ##### `CRYPTFS_PASSWORD`=""
354 354 设置根分区的加密密码. 如果 `ENABLE_CRYPTFS`=true,请务必设置此参数.
355 355
356 356 ##### `CRYPTFS_MAPPING`="secure"
357 357 设置device-mapper映射名称.
358 358
359 359 ##### `CRYPTFS_CIPHER`="aes-xts-plain64:sha512"
360 360 加密算法. 推荐 `aes-xts*`加密法.
361 361
362 362 ##### `CRYPTFS_XTSKEYSIZE`=512
363 363 设置密钥长度,8的倍数,以bit为单位.
364 364
365 365 ---
366 366
367 367 #### Build settings构建设置:
368 368 ##### `BASEDIR`=$(pwd)/images/${RELEASE}
369 369 设置产生镜像的目录.
370 370
371 371 ##### `IMAGE_NAME`=${BASEDIR}/${DATE}-${KERNEL_ARCH}-${KERNEL_BRANCH}-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}
372 372 设置镜像文件名. 如果`ENABLE_SPLITFS`=false则文件名$IMAGE_NAME.img 如果`ENABLE_SPLITFS`=true则文件名$IMAGE_NAME-frmw.img 和 $IMAGE_NAME-root.img. 如果没有设置 `KERNEL_BRANCH` 则使用 "CURRENT" .
373 373
374 374 ## 理解脚本
375 375 制作镜像的每个阶段所实现的功能都由各自的脚本完成, 位于 `bootstrap.d` 目录. 按着字典序执行:
376 376
377 377 | 脚本 | 说明 |
378 378 | --- | --- |
379 379 | `10-bootstrap.sh` | 生成基本系统 |
380 380 | `11-apt.sh` | 设置 APT 仓库源 |
381 381 | `12-locale.sh` | 设置 Locales 和 keyboard |
382 382 | `13-kernel.sh` | 编译安装树莓派 2/3 内核 |
383 383 | `14-fstab.sh` | 设置 fstab 和 initramfs |
384 384 | `15-rpi-config.sh` | 设置 RPi2/3 config and cmdline |
385 385 | `20-networking.sh` | 设置网络 |
386 386 | `21-firewall.sh` | 设置防火墙 |
387 387 | `30-security.sh` | 设置用户以及安全相关 |
388 388 | `31-logging.sh` | 设置日志 |
389 389 | `32-sshd.sh` | 设置 SSH 和公钥 |
390 390 | `41-uboot.sh` | 编译设置 U-Boot |
391 391 | `42-fbturbo.sh` | 编译设置 fbturbo Xorg 驱动 |
392 392 | `50-firstboot.sh` | 首次启动执行的任务 |
393 393 | `99-reduce.sh` | 缩小体积 |
394 394
395 395 所有需要拷贝到镜像文件的配置文件都位于 `files` 目录. 最好不要手动更改这些配置文件.
396 396
397 397 | 目录 | 说明 |
398 398 | --- | --- |
399 399 | `apt` | APT 管理配置文件 |
400 400 | `boot` | 引导文件 树莓派2/3配置文件 |
401 401 | `dpkg` | 包管理配置文件 |
402 402 | `etc` | 配置文件以及 rc 启动脚本 |
403 403 | `firstboot` | 首次引导执行的脚本 |
404 404 | `initramfs` | Initramfs 脚本 |
405 405 | `iptables` | 防火墙配置文件 |
406 406 | `locales` | Locales 配置 |
407 407 | `modules` | 内核模块配置 |
408 408 | `mount` | Fstab 配置 |
409 409 | `network` | 网络配置文件 |
410 410 | `sysctl.d` | 交换文件以及IP协议加固配置文件 |
411 411 | `xorg` | fbturbo Xorg 驱动配置 |
412 412
413 413 ## 自定义包和脚本
414 414 `packages` 目录里放置自定义deb包, 比如系统仓库里没有的软件.在安装完系统仓库中的包之后安装. 自定义包所依赖的deb包会自动从系统仓库下载. 不要把自定义包添加到 `APT_INCLUDES` 参数中.
415 415 `custom.d` 目录中的脚本会在其它安装都完成后, 创建镜像文件之前执行.
416 416
417 417 ## 记录镜像产生过程的信息
418 418 所有镜像产生过程的信息、`rpi23-gen-image.sh` 脚本执行的命令都可以通过shell的 `script` 命令保存到日志文件中:
419 419
420 420 ```shell
421 421 script -c 'APT_SERVER=ftp.de.debian.org ./rpi23-gen-image.sh' ./build.log
422 422 ```
423 423
424 424 ## 烧录镜像文件
425 425 `rpi23-gen-image.sh` 所生成的镜像文件需要使用 `bmaptool``dd` 烧录到 microSD 卡. `bmaptool` 速度快比 `dd` 聪明.
426 426
427 427 ##### 烧录示例:
428 428 ```shell
429 429 bmaptool copy ./images/jessie/2017-01-23-rpi3-jessie.img /dev/mmcblk0
430 430 dd bs=4M if=./images/jessie/2017-01-23-rpi3-jessie.img of=/dev/mmcblk0
431 431 ```
432 432 如果设置过 `ENABLE_SPLITFS`, 烧录 `-frmw` 文件到 microSD 卡, 烧录 `-root` 文件到 USB 驱动器:
433 433 ```shell
434 434 bmaptool copy ./images/jessie/2017-01-23-rpi3-jessie-frmw.img /dev/mmcblk0
435 435 bmaptool copy ./images/jessie/2017-01-23-rpi3-jessie-root.img /dev/sdc
436 436 ```
437 437 ## 每周镜像
438 438 这些镜像由JRWR'S I/O PORT提供, 每周日午夜UTC 0点编译!
439 439 * [Debian Stretch Raspberry Pi2/3 周构建镜像](https://jrwr.io/doku.php?id=projects:debianpi)
440 440
441 441 ## External links and references外部链接, 各种资源
442 442 * [Debian 全世界镜像列表](https://www.debian.org/mirror/list)
443 443 * [Debian 树莓派 2 Wiki](https://wiki.debian.org/RaspberryPi2)
444 444 * [Debian 交叉工具链 Wiki](https://wiki.debian.org/CrossToolchains)
445 445 * [Github上的树莓派官方固件](https://github.com/raspberrypi/firmware)
446 446 * [Github上的树莓派官方内核](https://github.com/raspberrypi/linux)
447 447 * [U-BOOT git 仓库](https://git.denx.de/?p=u-boot.git;a=summary)
448 448 * [Xorg DDX fbturbo驱动](https://github.com/ssvb/xf86-video-fbturbo)
449 449 * [树莓派3无线接口固件](https://github.com/RPi-Distro/firmware-nonfree/tree/master/brcm80211/brcm)
450 450 * [Collabora 树莓派2预编译内核](https://repositories.collabora.co.uk/debian/)
@@ -1,544 +1,548
1 1 # rpi23-gen-image
2 2 ## Introduction
3 3 `rpi23-gen-image.sh` is an advanced Debian Linux bootstrapping shell script for generating Debian OS images for all Raspberry Pi computers. The script at this time supports the bootstrapping of the Debian (armhf/armel) releases `stretch` and `buster`. Raspberry Pi 0/1/2/3 images are generated for 32-bit mode only. Raspberry Pi 3 supports 64-bit images that can be generated using custom configuration parameters (```templates/rpi3-stretch-arm64-4.14.y```).
4 4
5 5 ## Build dependencies
6 6 The following list of Debian packages must be installed on the build system because they are essentially required for the bootstrapping process. The script will check if all required packages are installed and missing packages will be installed automatically if confirmed by the user.
7 7
8 8 ```debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git bc psmisc dbus sudo```
9 9
10 10 It is recommended to configure the `rpi23-gen-image.sh` script to build and install the latest Raspberry Pi Linux kernel. For the Raspberry 3 this is mandatory. Kernel compilation and linking will be performed on the build system using an ARM (armhf/armel) cross-compiler toolchain.
11 11
12 12 The script has been tested using the default `crossbuild-essential-armhf` and `crossbuild-essential-armel` toolchain meta packages on Debian Linux `stretch` build systems. Please check the [Debian CrossToolchains Wiki](https://wiki.debian.org/CrossToolchains) for further information.
13 13
14 14 ## Command-line parameters
15 15 The script accepts certain command-line parameters to enable or disable specific OS features, services and configuration settings. These parameters are passed to the `rpi23-gen-image.sh` script via (simple) shell-variables. Unlike environment shell-variables (simple) shell-variables are defined at the beginning of the command-line call of the `rpi23-gen-image.sh` script.
16 16
17 17 ##### Command-line examples:
18 18 ```shell
19 19 ENABLE_UBOOT=true ./rpi23-gen-image.sh
20 20 ENABLE_CONSOLE=false ENABLE_IPV6=false ./rpi23-gen-image.sh
21 21 ENABLE_WM=xfce4 ENABLE_FBTURBO=true ENABLE_MINBASE=true ./rpi23-gen-image.sh
22 22 ENABLE_HARDNET=true ENABLE_IPTABLES=true /rpi23-gen-image.sh
23 23 APT_SERVER=ftp.de.debian.org APT_PROXY="http://127.0.0.1:3142/" ./rpi23-gen-image.sh
24 24 ENABLE_MINBASE=true ./rpi23-gen-image.sh
25 25 BUILD_KERNEL=true ENABLE_MINBASE=true ENABLE_IPV6=false ./rpi23-gen-image.sh
26 26 BUILD_KERNEL=true KERNELSRC_DIR=/tmp/linux ./rpi23-gen-image.sh
27 27 ENABLE_MINBASE=true ENABLE_REDUCE=true ENABLE_MINGPU=true BUILD_KERNEL=true ./rpi23-gen-image.sh
28 28 ENABLE_CRYPTFS=true CRYPTFS_PASSWORD=changeme EXPANDROOT=false ENABLE_MINBASE=true ENABLE_REDUCE=true ENABLE_MINGPU=true BUILD_KERNEL=true ./rpi23-gen-image.sh
29 29 RELEASE=stretch BUILD_KERNEL=true ./rpi23-gen-image.sh
30 30 RPI_MODEL=3 ENABLE_WIRELESS=true ENABLE_MINBASE=true BUILD_KERNEL=true ./rpi23-gen-image.sh
31 31 RELEASE=stretch RPI_MODEL=3 ENABLE_WIRELESS=true ENABLE_MINBASE=true BUILD_KERNEL=true ./rpi23-gen-image.sh
32 32 ```
33 33
34 34 ## Configuration template files
35 35 To avoid long lists of command-line parameters and to help to store the favourite parameter configurations the `rpi23-gen-image.sh` script supports so called configuration template files (`CONFIG_TEMPLATE`=template). These are simple text files located in the `./templates` directory that contain the list of configuration parameters that will be used. New configuration template files can be added to the `./templates` directory.
36 36
37 37 ##### Command-line examples:
38 38 ```shell
39 39 CONFIG_TEMPLATE=rpi3stretch ./rpi23-gen-image.sh
40 40 CONFIG_TEMPLATE=rpi2stretch ./rpi23-gen-image.sh
41 41 ```
42 42
43 43 ## Supported parameters and settings
44 44 #### APT settings:
45 45 ##### `APT_SERVER`="ftp.debian.org"
46 46 Set Debian packages server address. Choose a server from the list of Debian worldwide [mirror sites](https://www.debian.org/mirror/list). Using a nearby server will probably speed-up all required downloads within the bootstrapping process.
47 47
48 48 ##### `APT_PROXY`=""
49 49 Set Proxy server address. Using a local Proxy-Cache like `apt-cacher-ng` will speed-up the bootstrapping process because all required Debian packages will only be downloaded from the Debian mirror site once. If `apt-cacher-ng` is running on default `http://127.0.0.1:3142` it is autodetected and you don't need to set this.
50 50
51 51 ##### `KEEP_APT_PROXY`=false
52 52 Keep the APT_PROXY settings used in the bootsrapping process in the generated image.
53 53
54 54 ##### `APT_INCLUDES`=""
55 55 A comma-separated list of additional packages to be installed by debootstrap during bootstrapping.
56 56
57 57 ##### `APT_INCLUDES_LATE`=""
58 58 A comma-separated list of additional packages to be installed by apt after bootstrapping and after APT sources are set up. This is useful for packages with pre-depends, which debootstrap do not handle well.
59 59
60 60 ---
61 61
62 62 #### General system settings:
63 63 ##### `SET_ARCH`=32
64 64 Set Architecture to default 32bit. If you want to compile 64-bit (RPI3 or RPI3+) set it to `64`. This option will set every needed cross-compiler or board specific option for a successful build.
65 65
66 66 ##### `RPI_MODEL`=2
67 67 Specify the target Raspberry Pi hardware model. The script at this time supports the following Raspberry Pi models:
68 68 - `0` = Raspberry Pi 0 and Raspberry Pi 0 W
69 69 - `1` = Raspberry Pi 1 model A and B
70 70 - `1P` = Raspberry Pi 1 model B+ and A+
71 71 - `2` = Raspberry Pi 2 model B
72 72 - `3` = Raspberry Pi 3 model B
73 73 - `3P` = Raspberry Pi 3 model B+
74 74
75 75 ##### `RELEASE`="buster"
76 76 Set the desired Debian release name. The script at this time supports the bootstrapping of the Debian releases `stretch` and `buster`.
77 77
78 78 ##### `RELEASE_ARCH`="armhf"
79 79 Set the desired Debian release architecture.
80 80
81 81 ##### `HOSTNAME`="rpi$RPI_MODEL-$RELEASE"
82 82 Set system hostname. It's recommended that the hostname is unique in the corresponding subnet.
83 83
84 84 ##### `PASSWORD`="raspberry"
85 85 Set system `root` password. It's **STRONGLY** recommended that you choose a custom password.
86 86
87 87 ##### `USER_PASSWORD`="raspberry"
88 88 Set password for the created non-root user `USER_NAME`=pi. Ignored if `ENABLE_USER`=false. It's **STRONGLY** recommended that you choose a custom password.
89 89
90 90 ##### `DEFLOCAL`="en_US.UTF-8"
91 91 Set default system locale. This setting can also be changed inside the running OS using the `dpkg-reconfigure locales` command. Please note that on using this parameter the script will automatically install the required packages `locales`, `keyboard-configuration` and `console-setup`.
92 92
93 93 ##### `TIMEZONE`="Europe/Berlin"
94 94 Set default system timezone. All available timezones can be found in the `/usr/share/zoneinfo/` directory. This setting can also be changed inside the running OS using the `dpkg-reconfigure tzdata` command.
95 95
96 96 ##### `EXPANDROOT`=true
97 97 Expand the root partition and filesystem automatically on first boot.
98 98
99 ##### `ENABLE_DPHYSSWAP`=true
100 Enable swap. The size of the swapfile is chosen relative to the size of the root partition. It'll use the `dphys-swapfile` package for that.
101
99 102 ##### `ENABLE_QEMU`=false
100 103 Generate kernel (`vexpress_defconfig`), file system image (`qcow2`) and DTB files that can be used for QEMU full system emulation (`vexpress-A15`). The output files are stored in the `$(pwd)/images/qemu` directory. You can find more information about running the generated image in the QEMU section of this readme file.
101 104
102 105 ---
103 106
104 107 #### Keyboard settings:
105 108 These options are used to configure keyboard layout in `/etc/default/keyboard` for console and Xorg. These settings can also be changed inside the running OS using the `dpkg-reconfigure keyboard-configuration` command.
106 109
107 110 ##### `XKB_MODEL`=""
108 111 Set the name of the model of your keyboard type.
109 112
110 113 ##### `XKB_LAYOUT`=""
111 114 Set the supported keyboard layout(s).
112 115
113 116 ##### `XKB_VARIANT`=""
114 117 Set the supported variant(s) of the keyboard layout(s).
115 118
116 119 ##### `XKB_OPTIONS`=""
117 120 Set extra xkb configuration options.
118 121
119 122 ---
120 123
121 124 #### Networking settings (DHCP):
122 125 This parameter is used to set up networking auto-configuration in `/etc/systemd/network/eth.network`. The default location of network configuration files in the Debian `stretch` release was changed to `/lib/systemd/network`.`
123 126
124 127 ##### `ENABLE_DHCP`=true
125 128 Set the system to use DHCP. This requires an DHCP server.
126 129
127 130 ---
128 131
129 132 #### Networking settings (static):
130 133 These parameters are used to set up a static networking configuration in `/etc/systemd/network/eth.network`. The following static networking parameters are only supported if `ENABLE_DHCP` was set to `false`. The default location of network configuration files in the Debian `stretch` release was changed to `/lib/systemd/network`.
131 134
132 135 ##### `NET_ADDRESS`=""
133 136 Set a static IPv4 or IPv6 address and its prefix, separated by "/", eg. "192.169.0.3/24".
134 137
135 138 ##### `NET_GATEWAY`=""
136 139 Set the IP address for the default gateway.
137 140
138 141 ##### `NET_DNS_1`=""
139 142 Set the IP address for the first DNS server.
140 143
141 144 ##### `NET_DNS_2`=""
142 145 Set the IP address for the second DNS server.
143 146
144 147 ##### `NET_DNS_DOMAINS`=""
145 148 Set the default DNS search domains to use for non fully qualified hostnames.
146 149
147 150 ##### `NET_NTP_1`=""
148 151 Set the IP address for the first NTP server.
149 152
150 153 ##### `NET_NTP_2`=""
151 154 Set the IP address for the second NTP server.
152 155
153 156 ---
154 157
155 158 #### Basic system features:
156 159 ##### `ENABLE_CONSOLE`=true
157 160 Enable serial console interface. Recommended if no monitor or keyboard is connected to the RPi2/3. In case of problems fe. if the network (auto) configuration failed - the serial console can be used to access the system. On RPI `0` `3` `3P` the CPU speed is locked at lowest speed.
158 161
159 162 ##### `ENABLE_PRINTK`=false
160 163 Enables printing kernel messages to konsole. printk is `3 4 1 3` as in raspbian.
161 164
162 165 ##### `ENABLE_BLUETOOTH`=false
163 166 Enable onboard Bluetooth interface on the RPi0/3/3P. See: [Configuring the GPIO serial port on Raspbian jessie and stretch](https://spellfoundry.com/2016/05/29/configuring-gpio-serial-port-raspbian-jessie-including-pi-3/).
164 167
165 168 ##### `ENABLE_MINIUART_OVERLAY`=false
166 169 Enable Bluetooth to use this. Adds overlay to swap UART0 with UART1. Enabling (slower) Bluetooth and full speed serial console. - RPI `0` `3` `3P` have a fast `hardware UART0` (ttyAMA0) and a `mini UART1` (ttyS0)! RPI `1` `1P` `2` only have a `hardware UART0`. `UART0` is considered better, because is faster and more stable than `mini UART1`. By default the Bluetooth modem is mapped to the `hardware UART0` and `mini UART` is used for console. The `mini UART` is a problem for the serial console, because its baudrate depends on the CPU frequency, which is changing on runtime. Resulting in a volatile baudrate and thus in an unusable serial console.
167 170
168 171 ##### `ENABLE_TURBO`=false
169 172 Enable Turbo mode. This setting locks cpu at the highest frequency. As setting ENABLE_CONSOLE=true locks RPI to lowest CPU speed, this is can be used additionally to lock cpu hat max speed. Need a good power supply and probably cooling for the Raspberry PI.
170 173
171 174 ##### `ENABLE_I2C`=false
172 175 Enable I2C interface on the RPi 0/1/2/3. Please check the [RPi 0/1/2/3 pinout diagrams](https://elinux.org/RPi_Low-level_peripherals) to connect the right GPIO pins.
173 176
174 177 ##### `ENABLE_SPI`=false
175 178 Enable SPI interface on the RPi 0/1/2/3. Please check the [RPi 0/1/2/3 pinout diagrams](https://elinux.org/RPi_Low-level_peripherals) to connect the right GPIO pins.
176 179
177 180 ##### `ENABLE_IPV6`=true
178 181 Enable IPv6 support. The network interface configuration is managed via systemd-networkd.
179 182
180 183 ##### `ENABLE_SSHD`=true
181 184 Install and enable OpenSSH service. The default configuration of the service doesn't allow `root` to login. Please use the user `pi` instead and `su -` or `sudo` to execute commands as root.
182 185
183 186 ##### `ENABLE_NONFREE`=false
184 187 Allow the installation of non-free Debian packages that do not comply with the DFSG. This is required to install closed-source firmware binary blobs.
185 188
186 189 ##### `ENABLE_WIRELESS`=false
187 190 Download and install the [closed-source firmware binary blob](https://github.com/RPi-Distro/firmware-nonfree/raw/master/brcm) that is required to run the internal wireless interface of the Raspberry Pi model `3`. This parameter is ignored if the specified `RPI_MODEL` is not `3`.
188 191
189 192 ##### `ENABLE_RSYSLOG`=true
190 193 If set to false, disable and uninstall rsyslog (so logs will be available only in journal files)
191 194
192 195 ##### `ENABLE_SOUND`=true
193 196 Enable sound hardware and install Advanced Linux Sound Architecture.
194 197
195 198 ##### `ENABLE_HWRANDOM`=true
196 199 Enable Hardware Random Number Generator. Strong random numbers are important for most network-based communications that use encryption. It's recommended to be enabled.
197 200
198 201 ##### `ENABLE_MINGPU`=false
199 202 Minimize the amount of shared memory reserved for the GPU. It doesn't seem to be possible to fully disable the GPU.
200 203
201 204 ##### `ENABLE_DBUS`=true
202 205 Install and enable D-Bus message bus. Please note that systemd should work without D-bus but it's recommended to be enabled.
203 206
204 207 ##### `ENABLE_XORG`=false
205 208 Install Xorg open-source X Window System.
206 209
207 210 ##### `ENABLE_WM`=""
208 211 Install a user-defined window manager for the X Window System. To make sure all X related package dependencies are getting installed `ENABLE_XORG` will automatically get enabled if `ENABLE_WM` is used. The `rpi23-gen-image.sh` script has been tested with the following list of window managers: `blackbox`, `openbox`, `fluxbox`, `jwm`, `dwm`, `xfce4`, `awesome`.
209 212
210 213 ##### `ENABLE_SYSVINIT`=false
211 214 Support for halt,init,poweroff,reboot,runlevel,shutdown,telinit commands
212 215
213 216 ---
214 217
215 218 #### Advanced system features:
216 219 ##### `ENABLE_SYSTEMDSWAP`=false
217 220 Enables [Systemd-swap service](https://github.com/Nefelim4ag/systemd-swap). Usefull if `KERNEL_ZSWAP` is enabled.
218 221
219 222 ##### `ENABLE_MINBASE`=false
220 223 Use debootstrap script variant `minbase` which only includes essential packages and apt. This will reduce the disk usage by about 65 MB.
221 224
222 225 ##### `ENABLE_REDUCE`=false
223 226 Reduce the disk space usage by deleting packages and files. See `REDUCE_*` parameters for detailed information.
224 227
225 228 ##### `ENABLE_UBOOT`=false
226 229 Replace the default RPi 0/1/2/3 second stage bootloader (bootcode.bin) with [U-Boot bootloader](https://git.denx.de/?p=u-boot.git;a=summary). U-Boot can boot images via the network using the BOOTP/TFTP protocol.
227 230
228 231 ##### `UBOOTSRC_DIR`=""
229 232 Path to a directory (`u-boot`) of [U-Boot bootloader sources](https://git.denx.de/?p=u-boot.git;a=summary) that will be copied, configured, build and installed inside the chroot.
230 233
231 234 ##### `ENABLE_FBTURBO`=false
232 235 Install and enable the [hardware accelerated Xorg video driver](https://github.com/ssvb/xf86-video-fbturbo) `fbturbo`. Please note that this driver is currently limited to hardware accelerated window moving and scrolling.
233 236
234 237 ##### `FBTURBOSRC_DIR`=""
235 238 Path to a directory (`xf86-video-fbturbo`) of [hardware accelerated Xorg video driver sources](https://github.com/ssvb/xf86-video-fbturbo) that will be copied, configured, build and installed inside the chroot.
236 239
237 240 ##### `ENABLE_VIDEOCORE`=false
238 241 Install and enable the [ARM side libraries for interfacing to Raspberry Pi GPU](https://github.com/raspberrypi/userland) `vcgencmd`. Please note that this driver is currently limited to hardware accelerated window moving and scrolling.
239 242
240 243 ##### `VIDEOCORESRC_DIR`=""
241 244 Path to a directory (`userland`) of [ARM side libraries for interfacing to Raspberry Pi GPU](https://github.com/raspberrypi/userland) that will be copied, configured, build and installed inside the chroot.
242 245
243 246 ##### `ENABLE_NEXMON`=false
244 247 Install and enable the [Source code for a C-based firmware patching framework for Broadcom/Cypress WiFi chips that enables you to write your own firmware patches, for example, to enable monitor mode with radiotap headers and frame injection](https://github.com/seemoo-lab/nexmon.git).
245 248
246 249 ##### `NEXMONSRC_DIR`=""
247 250 Path to a directory (`nexmon`) of [Source code for ARM side libraries for interfacing to Raspberry Pi GPU](https://github.com/raspberrypi/userland) that will be copied, configured, build and installed inside the chroot.
248 251
249 252 ##### `ENABLE_IPTABLES`=false
250 253 Enable iptables IPv4/IPv6 firewall. Simplified ruleset: Allow all outgoing connections. Block all incoming connections except to OpenSSH service.
251 254
252 255 ##### `ENABLE_USER`=true
253 256 Create non-root user with password `USER_PASSWORD`=raspberry. Unless overridden with `USER_NAME`=user, the username will be `pi`.
254 257
255 258 ##### `USER_NAME`=pi
256 259 Non-root user to create. Ignored if `ENABLE_USER`=false
257 260
258 261 ##### `ENABLE_ROOT`=false
259 262 Set root user password so root login will be enabled
260 263
261 264 ##### `ENABLE_HARDNET`=false
262 265 Enable IPv4/IPv6 network stack hardening settings.
263 266
264 267 ##### `ENABLE_SPLITFS`=false
265 268 Enable having root partition on an USB drive by creating two image files: one for the `/boot/firmware` mount point, and another for `/`.
266 269
267 270 ##### `CHROOT_SCRIPTS`=""
268 271 Path to a directory with scripts that should be run in the chroot before the image is finally built. Every executable file in this directory is run in lexicographical order.
269 272
270 273 ##### `ENABLE_INITRAMFS`=false
271 274 Create an initramfs that that will be loaded during the Linux startup process. `ENABLE_INITRAMFS` will automatically get enabled if `ENABLE_CRYPTFS`=true. This parameter will be ignored if `BUILD_KERNEL`=false.
272 275
273 276 ##### `ENABLE_IFNAMES`=true
274 277 Enable automatic assignment of predictable, stable network interface names for all local Ethernet, WLAN interfaces. This might create complex and long interface names.
275 278
276 279 ##### `ENABLE_SPLASH`=true
277 280 Enable default Raspberry Pi boot up rainbow splash screen.
278 281
279 282 ##### `ENABLE_LOGO`=true
280 283 Enable default Raspberry Pi console logo (image of four raspberries in the top left corner).
281 284
282 285 ##### `ENABLE_SILENT_BOOT`=false
283 286 Set the verbosity of console messages shown during boot up to a strict minimum.
284 287
285 288 ##### `DISABLE_UNDERVOLT_WARNINGS`=
286 289 Disable RPi2/3 under-voltage warnings and overlays. Setting the parameter to `1` will disable the warning overlay. Setting it to `2` will additionally allow RPi2/3 turbo mode when low-voltage is present.
287 290
288 291 ---
289 292
290 293 #### SSH settings:
291 294 ##### `SSH_ENABLE_ROOT`=false
292 295 Enable password-based root login via SSH. This may be a security risk with the default password set, use only in trusted environments. `ENABLE_ROOT` must be set to `true`.
293 296
294 297 ##### `SSH_DISABLE_PASSWORD_AUTH`=false
295 298 Disable password-based SSH authentication. Only public key based SSH (v2) authentication will be supported.
296 299
297 300 ##### `SSH_LIMIT_USERS`=false
298 301 Limit the users that are allowed to login via SSH. Only allow user `USER_NAME`=pi and root if `SSH_ENABLE_ROOT`=true to login. This parameter will be ignored if `dropbear` SSH is used (`REDUCE_SSHD`=true).
299 302
300 303 ##### `SSH_ROOT_PUB_KEY`=""
301 304 Add SSH (v2) public key(s) from specified file to `authorized_keys` file to enable public key based SSH (v2) authentication of user `root`. The specified file can also contain multiple SSH (v2) public keys. SSH protocol version 1 is not supported. `ENABLE_ROOT` **and** `SSH_ENABLE_ROOT` must be set to `true`.
302 305
303 306 ##### `SSH_USER_PUB_KEY`=""
304 307 Add SSH (v2) public key(s) from specified file to `authorized_keys` file to enable public key based SSH (v2) authentication of user `USER_NAME`=pi. The specified file can also contain multiple SSH (v2) public keys. SSH protocol version 1 is not supported.
305 308
306 309 ---
307 310
308 311 #### Kernel compilation:
309 312 ##### `BUILD_KERNEL`=true
310 313 Build and install the latest RPi 0/1/2/3 Linux kernel. Currently only the default RPi 0/1/2/3 kernel configuration is used.
311 314
312 315 ##### `CROSS_COMPILE`="arm-linux-gnueabihf-"
313 316 This sets the cross-compile environment for the compiler.
314 317
315 318 ##### `KERNEL_ARCH`="arm"
316 319 This sets the kernel architecture for the compiler.
317 320
318 321 ##### `KERNEL_IMAGE`="kernel7.img"
319 322 Name of the image file in the boot partition. If not set, `KERNEL_IMAGE` will be set to "kernel8.img" automatically if building for arm64.
320 323
321 324 ##### `KERNEL_BRANCH`=""
322 325 Name of the requested branch from the GIT location for the RPi Kernel. Default is using the current default branch from the GIT site.
323 326
324 327 ##### `QEMU_BINARY`="/usr/bin/qemu-arm-static"
325 328 Sets the QEMU enviornment for the Debian archive. If not set, `QEMU_BINARY` will be set to "/usr/bin/qemu-aarch64-static" automatically if building for arm64.
326 329
327 330 ##### `KERNEL_DEFCONFIG`="bcm2709_defconfig"
328 331 Sets the default config for kernel compiling. If not set, `KERNEL_DEFCONFIG` will be set to "bcmrpi3\_defconfig" automatically if building for arm64.
329 332
330 333 ##### `KERNEL_REDUCE`=false
331 334 Reduce the size of the generated kernel by removing unwanted devices, network and filesystem drivers (experimental).
332 335
333 336 ##### `KERNEL_THREADS`=1
334 337 Number of parallel kernel building threads. If the parameter is left untouched the script will automatically determine the number of CPU cores to set the number of parallel threads to speed the kernel compilation.
335 338
336 339 ##### `KERNEL_HEADERS`=true
337 340 Install kernel headers with the built kernel.
338 341
339 342 ##### `KERNEL_MENUCONFIG`=false
340 343 Start `make menuconfig` interactive menu-driven kernel configuration. The script will continue after `make menuconfig` was terminated.
341 344
342 345 ##### `KERNEL_OLDDEFCONFIG`=false
343 346 Run `make olddefconfig` to automatically set all new kernel configuration options to their recommended default values.
344 347
345 348 ##### `KERNEL_CCACHE`=false
346 349 Compile the kernel using ccache. This speeds up kernel recompilation by caching previous compilations and detecting when the same compilation is being done again.
347 350
348 351 ##### `KERNEL_REMOVESRC`=true
349 352 Remove all kernel sources from the generated OS image after it was built and installed.
350 353
351 354 ##### `KERNELSRC_DIR`=""
352 355 Path to a directory (`linux`) of [RaspberryPi Linux kernel sources](https://github.com/raspberrypi/linux) that will be copied, configured, build and installed inside the chroot.
353 356
354 357 ##### `KERNELSRC_CLEAN`=false
355 358 Clean the existing kernel sources directory `KERNELSRC_DIR` (using `make mrproper`) after it was copied to the chroot and before the compilation of the kernel has started. This parameter will be ignored if no `KERNELSRC_DIR` was specified or if `KERNELSRC_PREBUILT`=true.
356 359
357 360 ##### `KERNELSRC_CONFIG`=true
358 361 Run `make bcm2709_defconfig` (and optional `make menuconfig`) to configure the kernel sources before building. This parameter is automatically set to `true` if no existing kernel sources directory was specified using `KERNELSRC_DIR`. This parameter is ignored if `KERNELSRC_PREBUILT`=true.
359 362
360 363 ##### `KERNELSRC_USRCONFIG`=""
361 364 Copy own config file to kernel `.config`. If `KERNEL_MENUCONFIG`=true then running after copy.
362 365
363 366 ##### `KERNELSRC_PREBUILT`=false
364 367 With this parameter set to true the script expects the existing kernel sources directory to be already successfully cross-compiled. The parameters `KERNELSRC_CLEAN`, `KERNELSRC_CONFIG`, `KERNELSRC_USRCONFIG` and `KERNEL_MENUCONFIG` are ignored and no kernel compilation tasks are performed.
365 368
366 369 ##### `RPI_FIRMWARE_DIR`=""
367 370 The directory (`firmware`) containing a local copy of the firmware from the [RaspberryPi firmware project](https://github.com/raspberrypi/firmware). Default is to download the latest firmware directly from the project.
368 371
369 372 ##### `KERNEL_DEFAULT_GOV`="ONDEMAND"
370 373 Set the default cpu governor at kernel compilation. Supported values are: PERFORMANCE POWERSAVE USERSPACE ONDEMAND CONSERVATIVE SCHEDUTIL
371 374
372 375 ##### `KERNEL_NF`=false
373 376 Enable Netfilter modules as kernel modules
374 377
375 378 ##### `KERNEL_VIRT`=false
376 379 Enable Kernel KVM support (/dev/kvm)
377 380
378 381 ##### `KERNEL_ZSWAP`=false
379 382 Enable Kernel Zswap support. Best use on high RAM load and mediocre CPU load usecases
380 383
381 384 ##### `KERNEL_BPF`=true
382 385 Allow attaching eBPF programs to a cgroup using the bpf syscall (CONFIG_BPF_SYSCALL CONFIG_CGROUP_BPF) [systemd compilations about it - File /lib/systemd/system/systemd-journald.server:36 configures an IP firewall (IPAddressDeny=all), but the local system does not support BPF/cgroup based firewalls]
383 386
384 387 ##### `KERNEL_SECURITY`=false
385 Enables Apparmor, integrity subsystem, auditing
388 Enables Apparmor, integrity subsystem, auditing.
389
386 390 ---
387 391
388 392 #### Reduce disk usage:
389 393 The following list of parameters is ignored if `ENABLE_REDUCE`=false.
390 394
391 395 ##### `REDUCE_APT`=true
392 396 Configure APT to use compressed package repository lists and no package caching files.
393 397
394 398 ##### `REDUCE_DOC`=true
395 399 Remove all doc files (harsh). Configure APT to not include doc files on future `apt-get` package installations.
396 400
397 401 ##### `REDUCE_MAN`=true
398 402 Remove all man pages and info files (harsh). Configure APT to not include man pages on future `apt-get` package installations.
399 403
400 404 ##### `REDUCE_VIM`=false
401 405 Replace `vim-tiny` package by `levee` a tiny vim clone.
402 406
403 407 ##### `REDUCE_BASH`=false
404 408 Remove `bash` package and switch to `dash` shell (experimental).
405 409
406 410 ##### `REDUCE_HWDB`=true
407 411 Remove PCI related hwdb files (experimental).
408 412
409 413 ##### `REDUCE_SSHD`=true
410 414 Replace `openssh-server` with `dropbear`.
411 415
412 416 ##### `REDUCE_LOCALE`=true
413 417 Remove all `locale` translation files.
414 418
415 419 ---
416 420
417 421 #### Encrypted root partition:
418 422 ##### `ENABLE_CRYPTFS`=false
419 423 Enable full system encryption with dm-crypt. Setup a fully LUKS encrypted root partition (aes-xts-plain64:sha512) and generate required initramfs. The /boot directory will not be encrypted. This parameter will be ignored if `BUILD_KERNEL`=false. `ENABLE_CRYPTFS` is experimental. SSH-to-initramfs is currently not supported but will be soon - feel free to help.
420 424
421 425 ##### `CRYPTFS_PASSWORD`=""
422 426 Set password of the encrypted root partition. This parameter is mandatory if `ENABLE_CRYPTFS`=true.
423 427
424 428 ##### `CRYPTFS_MAPPING`="secure"
425 429 Set name of dm-crypt managed device-mapper mapping.
426 430
427 431 ##### `CRYPTFS_CIPHER`="aes-xts-plain64:sha512"
428 432 Set cipher specification string. `aes-xts*` ciphers are strongly recommended.
429 433
430 434 ##### `CRYPTFS_XTSKEYSIZE`=512
431 435 Sets key size in bits. The argument has to be a multiple of 8.
432 436
433 437 ##### `CRYPTFS_DROPBEAR`=false
434 438 Enable Dropbear Initramfs support
435 439
436 440 ##### `CRYPTFS_DROPBEAR_PUBKEY`=""
437 441 Provide path to dropbear Public RSA-OpenSSH Key
438 442
439 443 ---
440 444
441 445 #### Build settings:
442 446 ##### `BASEDIR`=$(pwd)/images/${RELEASE}
443 447 Set a path to a working directory used by the script to generate an image.
444 448
445 449 ##### `IMAGE_NAME`=${BASEDIR}/${DATE}-${KERNEL_ARCH}-${KERNEL_BRANCH}-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}
446 450 Set a filename for the output file(s). Note: the script will create $IMAGE_NAME.img if `ENABLE_SPLITFS`=false or $IMAGE_NAME-frmw.img and $IMAGE_NAME-root.img if `ENABLE_SPLITFS`=true. Note 2: If the KERNEL_BRANCH is not set, the word "CURRENT" is used.
447 451
448 452 ## Understanding the script
449 453 The functions of this script that are required for the different stages of the bootstrapping are split up into single files located inside the `bootstrap.d` directory. During the bootstrapping every script in this directory gets executed in lexicographical order:
450 454
451 455 | Script | Description |
452 456 | --- | --- |
453 457 | `10-bootstrap.sh` | Debootstrap basic system |
454 458 | `11-apt.sh` | Setup APT repositories |
455 459 | `12-locale.sh` | Setup Locales and keyboard settings |
456 460 | `13-kernel.sh` | Build and install RPi 0/1/2/3 Kernel |
457 461 | `14-fstab.sh` | Setup fstab and initramfs |
458 462 | `15-rpi-config.sh` | Setup RPi 0/1/2/3 config and cmdline |
459 463 | `20-networking.sh` | Setup Networking |
460 464 | `21-firewall.sh` | Setup Firewall |
461 465 | `30-security.sh` | Setup Users and Security settings |
462 466 | `31-logging.sh` | Setup Logging |
463 467 | `32-sshd.sh` | Setup SSH and public keys |
464 468 | `41-uboot.sh` | Build and Setup U-Boot |
465 469 | `42-fbturbo.sh` | Build and Setup fbturbo Xorg driver |
466 470 | `43-videocore.sh` | Build and Setup videocore libraries |
467 471 | `50-firstboot.sh` | First boot actions |
468 472 | `99-reduce.sh` | Reduce the disk space usage |
469 473
470 474 All the required configuration files that will be copied to the generated OS image are located inside the `files` directory. It is not recommended to modify these configuration files manually.
471 475
472 476 | Directory | Description |
473 477 | --- | --- |
474 478 | `apt` | APT management configuration files |
475 479 | `boot` | Boot and RPi 0/1/2/3 configuration files |
476 480 | `dpkg` | Package Manager configuration |
477 481 | `etc` | Configuration files and rc scripts |
478 482 | `firstboot` | Scripts that get executed on first boot |
479 483 | `initramfs` | Initramfs scripts |
480 484 | `iptables` | Firewall configuration files |
481 485 | `locales` | Locales configuration |
482 486 | `modules` | Kernel Modules configuration |
483 487 | `mount` | Fstab configuration |
484 488 | `network` | Networking configuration files |
485 489 | `sysctl.d` | Swapping and Network Hardening configuration |
486 490 | `xorg` | fbturbo Xorg driver configuration |
487 491
488 492 ## Custom packages and scripts
489 493 Debian custom packages, i.e. those not in the debian repositories, can be installed by placing them in the `packages` directory. They are installed immediately after packages from the repositories are installed. Any dependencies listed in the custom packages will be downloaded automatically from the repositories. Do not list these custom packages in `APT_INCLUDES`.
490 494
491 495 Scripts in the custom.d directory will be executed after all other installation is complete but before the image is created.
492 496
493 497 ## Logging of the bootstrapping process
494 498 All information related to the bootstrapping process and the commands executed by the `rpi23-gen-image.sh` script can easily be saved into a logfile. The common shell command `script` can be used for this purpose:
495 499
496 500 ```shell
497 501 script -c 'APT_SERVER=ftp.de.debian.org ./rpi23-gen-image.sh' ./build.log
498 502 ```
499 503
500 504 ## Flashing the image file
501 505 After the image file was successfully created by the `rpi23-gen-image.sh` script it can be copied to the microSD card that will be used by the RPi 0/1/2/3 computer. This can be performed by using the tools `bmaptool` or `dd`. Using `bmaptool` will probably speed-up the copy process because `bmaptool` copies more wisely than `dd`.
502 506
503 507 ##### Flashing examples:
504 508 ```shell
505 509 bmaptool copy ./images/buster/2017-01-23-rpi3-buster.img /dev/mmcblk0
506 510 dd bs=4M if=./images/buster/2017-01-23-rpi3-buster.img of=/dev/mmcblk0
507 511 ```
508 512 If you have set `ENABLE_SPLITFS`, copy the `-frmw` image on the microSD card, then the `-root` one on the USB drive:
509 513 ```shell
510 514 bmaptool copy ./images/buster/2017-01-23-rpi3-buster-frmw.img /dev/mmcblk0
511 515 bmaptool copy ./images/buster/2017-01-23-rpi3-buster-root.img /dev/sdc
512 516 ```
513 517
514 518 ## QEMU emulation
515 519 Start QEMU full system emulation:
516 520 ```shell
517 521 qemu-system-arm -m 2048M -M vexpress-a15 -cpu cortex-a15 -kernel kernel7.img -no-reboot -dtb vexpress-v2p-ca15_a7.dtb -sd ${IMAGE_NAME}.qcow2 -append "root=/dev/mmcblk0p2 rw rootfstype=ext4 console=tty1"
518 522 ```
519 523
520 524 Start QEMU full system emulation and output to console:
521 525 ```shell
522 526 qemu-system-arm -m 2048M -M vexpress-a15 -cpu cortex-a15 -kernel kernel7.img -no-reboot -dtb vexpress-v2p-ca15_a7.dtb -sd ${IMAGE_NAME}.qcow2 -append "root=/dev/mmcblk0p2 rw rootfstype=ext4 console=ttyAMA0,115200 init=/bin/systemd" -serial stdio
523 527 ```
524 528
525 529 Start QEMU full system emulation with SMP and output to console:
526 530 ```shell
527 531 qemu-system-arm -m 2048M -M vexpress-a15 -cpu cortex-a15 -smp cpus=2,maxcpus=2 -kernel kernel7.img -no-reboot -dtb vexpress-v2p-ca15_a7.dtb -sd ${IMAGE_NAME}.qcow2 -append "root=/dev/mmcblk0p2 rw rootfstype=ext4 console=ttyAMA0,115200 init=/bin/systemd" -serial stdio
528 532 ```
529 533
530 534 Start QEMU full system emulation with cryptfs, initramfs and output to console:
531 535 ```shell
532 536 qemu-system-arm -m 2048M -M vexpress-a15 -cpu cortex-a15 -kernel kernel7.img -no-reboot -dtb vexpress-v2p-ca15_a7.dtb -sd ${IMAGE_NAME}.qcow2 -initrd "initramfs-${KERNEL_VERSION}" -append "root=/dev/mapper/secure cryptdevice=/dev/mmcblk0p2:secure rw rootfstype=ext4 console=ttyAMA0,115200 init=/bin/systemd" -serial stdio
533 537 ```
534 538
535 539 ## External links and references
536 540 * [Debian worldwide mirror sites](https://www.debian.org/mirror/list)
537 541 * [Debian Raspberry Pi 2 Wiki](https://wiki.debian.org/RaspberryPi2)
538 542 * [Debian CrossToolchains Wiki](https://wiki.debian.org/CrossToolchains)
539 543 * [Official Raspberry Pi Firmware on github](https://github.com/raspberrypi/firmware)
540 544 * [Official Raspberry Pi Kernel on github](https://github.com/raspberrypi/linux)
541 545 * [U-BOOT git repository](https://git.denx.de/?p=u-boot.git;a=summary)
542 546 * [Xorg DDX driver fbturbo](https://github.com/ssvb/xf86-video-fbturbo)
543 * [RPi3 Wireless interface firmware](https://github.com/RPi-Distro/firmware-nonfree/tree/master/brcm80211/brcm)
547 * [RPi3 Wireless interface firmware](https://github.com/RPi-Distro/firmware-nonfree/tree/master/brcm)
544 548 * [Collabora RPi2 Kernel precompiled](https://repositories.collabora.co.uk/debian/)
@@ -1,66 +1,66
1 1 #
2 2 # Setup Locales and keyboard settings
3 3 #
4 4
5 5 # Load utility functions
6 6 . ./functions.sh
7 7
8 8 # Install and setup timezone
9 9 echo "${TIMEZONE}" > "${ETC_DIR}/timezone"
10 10 if [ -f "${ETC_DIR}/localtime" ]; then
11 11 # 1. If 11-apt.sh upgrades the package 'tzdata', '/etc/localtime' was created
12 12 # because 'dpkg-reconfigure -f noninteractive tzdata' was executed by apt-get.
13 13 # 2. If '/etc/localtime' exists, our execution of 'dpkg-reconfigure -f noninteractive tzdata'
14 14 # will ignore the our timezone set in '/etc/timezone'.
15 15 # 3. Removing /etc/localtime will solve this.
16 16 rm -f "${ETC_DIR}/localtime"
17 17 fi
18 18 chroot_exec dpkg-reconfigure -f noninteractive tzdata
19 19
20 20 # Install and setup default locale and keyboard configuration
21 21 if [ "$(echo "$APT_INCLUDES" | grep ",locales")" ] ; then
22 22 # Set locale choice in debconf db, even though dpkg-reconfigure ignores and overwrites them due to some bug
23 23 # https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=684134 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=685957
24 24 # ... so we have to set locales manually
25 25 if [ "$DEFLOCAL" = "en_US.UTF-8" ] ; then
26 chroot_exec echo "locales locales/locales_to_be_generated multiselect ${DEFLOCAL} UTF-8" | debconf-set-selections
26 chroot_exec echo "locales locales/locales_to_be_generated multiselect ${DEFLOCAL} UTF-8 | debconf-set-selections"
27 27 else
28 28 # en_US.UTF-8 should be available anyway : https://www.debian.org/doc/manuals/debian-reference/ch08.en.html#_the_reconfiguration_of_the_locale
29 chroot_exec echo "locales locales/locales_to_be_generated multiselect en_US.UTF-8 UTF-8, ${DEFLOCAL} UTF-8" | debconf-set-selections
29 chroot_exec echo "locales locales/locales_to_be_generated multiselect en_US.UTF-8 UTF-8, ${DEFLOCAL} UTF-8 | debconf-set-selections"
30 30 sed -i "/en_US.UTF-8/s/^#//" "${ETC_DIR}/locale.gen"
31 31 fi
32 32
33 33 sed -i "/${DEFLOCAL}/s/^#//" "${ETC_DIR}/locale.gen"
34 chroot_exec echo "locales locales/default_environment_locale select ${DEFLOCAL}" | debconf-set-selections
34 chroot_exec echo "locales locales/default_environment_locale select ${DEFLOCAL} | debconf-set-selections"
35 35 chroot_exec locale-gen
36 36 chroot_exec update-locale LANG="${DEFLOCAL}"
37 37
38 38 # Install and setup default keyboard configuration
39 39 if [ "$XKB_MODEL" != "" ] ; then
40 40 sed -i "s/^XKBMODEL.*/XKBMODEL=\"${XKB_MODEL}\"/" "${ETC_DIR}/default/keyboard"
41 41 fi
42 42 if [ "$XKB_LAYOUT" != "" ] ; then
43 43 sed -i "s/^XKBLAYOUT.*/XKBLAYOUT=\"${XKB_LAYOUT}\"/" "${ETC_DIR}/default/keyboard"
44 44 fi
45 45 if [ "$XKB_VARIANT" != "" ] ; then
46 46 sed -i "s/^XKBVARIANT.*/XKBVARIANT=\"${XKB_VARIANT}\"/" "${ETC_DIR}/default/keyboard"
47 47 fi
48 48 if [ "$XKB_OPTIONS" != "" ] ; then
49 49 sed -i "s/^XKBOPTIONS.*/XKBOPTIONS=\"${XKB_OPTIONS}\"/" "${ETC_DIR}/default/keyboard"
50 50 fi
51 51 chroot_exec dpkg-reconfigure -f noninteractive keyboard-configuration
52 52
53 53 # Install and setup font console
54 54 case "${DEFLOCAL}" in
55 55 *UTF-8)
56 56 sed -i 's/^CHARMAP.*/CHARMAP="UTF-8"/' "${ETC_DIR}/default/console-setup"
57 57 ;;
58 58 *)
59 59 sed -i 's/^CHARMAP.*/CHARMAP="guess"/' "${ETC_DIR}/default/console-setup"
60 60 ;;
61 61 esac
62 62 chroot_exec dpkg-reconfigure -f noninteractive console-setup
63 63 else # (no locales were installed)
64 64 # Install POSIX default locale
65 65 install_readonly files/locales/locale "${ETC_DIR}/default/locale"
66 66 fi
@@ -1,642 +1,650
1 1 #
2 2 # Build and Setup RPi2/3 Kernel
3 3 #
4 4
5 5 # Load utility functions
6 6 . ./functions.sh
7 7
8 8 # Need to use kali kernel src if nexmon is enabled
9 9 if [ "$ENABLE_NEXMON" = true ] ; then
10 10 KERNEL_URL="${KALI_KERNEL_URL}"
11 11 # Clear Branch and KernelSRC_DIR if using nexmon. Everyone will forget to clone kali kernel instead of nomrla kernel
12 12 KERNEL_BRANCH=""
13 13 KERNELSRC_DIR=""
14 14 fi
15 15
16 16 # Fetch and build latest raspberry kernel
17 17 if [ "$BUILD_KERNEL" = true ] ; then
18 18 # Setup source directory
19 19 mkdir -p "${KERNEL_DIR}"
20 20
21 21 # Copy existing kernel sources into chroot directory
22 22 if [ -n "$KERNELSRC_DIR" ] && [ -d "$KERNELSRC_DIR" ] ; then
23 23 # Copy kernel sources and include hidden files
24 24 cp -r "${KERNELSRC_DIR}/". "${KERNEL_DIR}"
25 25
26 26 # Clean the kernel sources
27 27 if [ "$KERNELSRC_CLEAN" = true ] && [ "$KERNELSRC_PREBUILT" = false ] ; then
28 28 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" mrproper
29 29 fi
30 30 else # KERNELSRC_DIR=""
31 31 # Create temporary directory for kernel sources
32 32 temp_dir=$(as_nobody mktemp -d)
33 33
34 34 # Fetch current RPi2/3 kernel sources
35 35 if [ -z "${KERNEL_BRANCH}" ] ; then
36 36 as_nobody -H git -C "${temp_dir}" clone --depth=1 "${KERNEL_URL}" linux
37 37 else
38 38 as_nobody -H git -C "${temp_dir}" clone --depth=1 --branch "${KERNEL_BRANCH}" "${KERNEL_URL}" linux
39 39 fi
40 40
41 41 # Copy downloaded kernel sources
42 42 cp -r "${temp_dir}/linux/"* "${KERNEL_DIR}"
43 43
44 44 # Remove temporary directory for kernel sources
45 45 rm -fr "${temp_dir}"
46 46
47 47 # Set permissions of the kernel sources
48 48 chown -R root:root "${R}/usr/src"
49 49 fi
50 50
51 51 # Calculate optimal number of kernel building threads
52 52 if [ "$KERNEL_THREADS" = "1" ] && [ -r /proc/cpuinfo ] ; then
53 53 KERNEL_THREADS=$(grep -c processor /proc/cpuinfo)
54 54 fi
55 55
56 56 # Configure and build kernel
57 57 if [ "$KERNELSRC_PREBUILT" = false ] ; then
58 58 # Remove device, network and filesystem drivers from kernel configuration
59 59 if [ "$KERNEL_REDUCE" = true ] ; then
60 60 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" "${KERNEL_DEFCONFIG}"
61 61 sed -i\
62 62 -e "s/\(^CONFIG_SND.*\=\).*/\1n/"\
63 63 -e "s/\(^CONFIG_SOUND.*\=\).*/\1n/"\
64 64 -e "s/\(^CONFIG_AC97.*\=\).*/\1n/"\
65 65 -e "s/\(^CONFIG_VIDEO_.*\=\).*/\1n/"\
66 66 -e "s/\(^CONFIG_MEDIA_TUNER.*\=\).*/\1n/"\
67 67 -e "s/\(^CONFIG_DVB.*\=\)[ym]/\1n/"\
68 68 -e "s/\(^CONFIG_REISERFS.*\=\).*/\1n/"\
69 69 -e "s/\(^CONFIG_JFS.*\=\).*/\1n/"\
70 70 -e "s/\(^CONFIG_XFS.*\=\).*/\1n/"\
71 71 -e "s/\(^CONFIG_GFS2.*\=\).*/\1n/"\
72 72 -e "s/\(^CONFIG_OCFS2.*\=\).*/\1n/"\
73 73 -e "s/\(^CONFIG_BTRFS.*\=\).*/\1n/"\
74 74 -e "s/\(^CONFIG_HFS.*\=\).*/\1n/"\
75 75 -e "s/\(^CONFIG_JFFS2.*\=\)[ym]/\1n/"\
76 76 -e "s/\(^CONFIG_UBIFS.*\=\).*/\1n/"\
77 77 -e "s/\(^CONFIG_SQUASHFS.*\=\)[ym]/\1n/"\
78 78 -e "s/\(^CONFIG_W1.*\=\)[ym]/\1n/"\
79 79 -e "s/\(^CONFIG_HAMRADIO.*\=\).*/\1n/"\
80 80 -e "s/\(^CONFIG_CAN.*\=\).*/\1n/"\
81 81 -e "s/\(^CONFIG_IRDA.*\=\).*/\1n/"\
82 82 -e "s/\(^CONFIG_BT_.*\=\).*/\1n/"\
83 83 -e "s/\(^CONFIG_WIMAX.*\=\)[ym]/\1n/"\
84 84 -e "s/\(^CONFIG_6LOWPAN.*\=\).*/\1n/"\
85 85 -e "s/\(^CONFIG_IEEE802154.*\=\).*/\1n/"\
86 86 -e "s/\(^CONFIG_NFC.*\=\).*/\1n/"\
87 87 -e "s/\(^CONFIG_FB_TFT=.*\=\).*/\1n/"\
88 88 -e "s/\(^CONFIG_TOUCHSCREEN.*\=\).*/\1n/"\
89 89 -e "s/\(^CONFIG_USB_GSPCA_.*\=\).*/\1n/"\
90 90 -e "s/\(^CONFIG_DRM.*\=\).*/\1n/"\
91 91 "${KERNEL_DIR}/.config"
92 92 fi
93 93
94 94 if [ "$KERNELSRC_CONFIG" = true ] ; then
95 95 # Load default raspberry kernel configuration
96 96 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" "${KERNEL_DEFCONFIG}"
97 97
98 98 #Switch to KERNELSRC_DIR so we can use set_kernel_config
99 99 cd "${KERNEL_DIR}" || exit
100 100
101 101 if [ "$KERNEL_ARCH" = arm64 ] ; then
102 102 #Fix SD_DRIVER upstream and downstream mess in 64bit RPIdeb_config
103 103 # use correct driver MMC_BCM2835_MMC instead of MMC_BCM2835_SDHOST - see https://www.raspberrypi.org/forums/viewtopic.php?t=210225
104 104 set_kernel_config CONFIG_MMC_BCM2835 n
105 105 set_kernel_config CONFIG_MMC_SDHCI_IPROC n
106 106 set_kernel_config CONFIG_USB_DWC2 n
107 107 sed -i "s|depends on MMC_BCM2835_MMC && MMC_BCM2835_DMA|depends on MMC_BCM2835_MMC|" "${KERNEL_DIR}"/drivers/mmc/host/Kconfig
108 108
109 109 #VLAN got disabled without reason in arm64bit
110 110 set_kernel_config CONFIG_IPVLAN m
111 111
112 112 #V4L2 sub-device userspace API
113 113 #set_kernel_config CONFIG_VIDEO_V4L2_SUBDEV_API y
114 114 #VIDEO_MUX y
115 115 #VIDEO_XILINX n
116 116 #VIDEO_XILINX_TPG n
117 117 #VIDEO_ADV7180 m
118 118
119 119 # GPIO-based bitbanging SPI Master
120 120 set_kernel_config CONFIG_SPI_GPIO m
121 121 #SPI Slave protocol
122 122 set_kernel_config CONFIG_SPI_SLAVE y
123 123 set_kernel_config CONFIG_SPI_SLAVE_TIME m
124 124 set_kernel_config CONFIG_SPI_SLAVE_SYSTEM_CONTROL m
125 125
126 126 # Virtual (secure) IP: tunneling
127 127 set_kernel_config CONFIG_NET_IPVTI m
128 128
129 129 #Wlan driver debug info
130 130 set_kernel_config CONFIG_BRCMDBG m
131 131
132 132 #GPIO WATCHDOG
133 133 set_kernel_config CONFIG_GPIO_WATCHDOG m
134 134
135 135 #Camera
136 136 set_kernel_config VIDEO_BCM2835 m
137 137 set_kernel_config VIDEO_BCM2835_UNICAM m
138 138 fi
139 139
140 140 # enable ZSWAP see https://askubuntu.com/a/472227 or https://wiki.archlinux.org/index.php/zswap
141 141 if [ "$KERNEL_ZSWAP" = true ] ; then
142 142 set_kernel_config CONFIG_ZPOOL y
143 143 set_kernel_config CONFIG_ZSWAP y
144 144 set_kernel_config CONFIG_ZBUD y
145 145 set_kernel_config CONFIG_Z3FOLD y
146 146 set_kernel_config CONFIG_ZSMALLOC y
147 147 set_kernel_config CONFIG_PGTABLE_MAPPING y
148 148 set_kernel_config CONFIG_LZO_COMPRESS y
149 149
150 150 fi
151 151
152 152 # enable basic KVM support; see https://www.raspberrypi.org/forums/viewtopic.php?f=63&t=210546&start=25#p1300453
153 153 if [ "$KERNEL_VIRT" = true ] && { [ "$RPI_MODEL" = 2 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; } ; then
154 154 set_kernel_config CONFIG_HAVE_KVM_IRQCHIP y
155 155 set_kernel_config CONFIG_HAVE_KVM_ARCH_TLB_FLUSH_ALL y
156 156 set_kernel_config CONFIG_HAVE_KVM_CPU_RELAX_INTERCEPT y
157 157 set_kernel_config CONFIG_HAVE_KVM_EVENTFD y
158 158 set_kernel_config CONFIG_HAVE_KVM_IRQFD y
159 159 set_kernel_config CONFIG_HAVE_KVM_IRQ_ROUTING y
160 160 set_kernel_config CONFIG_HAVE_KVM_MSI y
161 161 set_kernel_config CONFIG_KVM y
162 162 set_kernel_config CONFIG_KVM_ARM_HOST y
163 163 set_kernel_config CONFIG_KVM_ARM_PMU y
164 164 set_kernel_config CONFIG_KVM_COMPAT y
165 165 set_kernel_config CONFIG_KVM_GENERIC_DIRTYLOG_READ_PROTECT y
166 166 set_kernel_config CONFIG_KVM_MMIO y
167 167 set_kernel_config CONFIG_KVM_VFIO y
168 168 set_kernel_config CONFIG_VHOST m
169 169 set_kernel_config CONFIG_VHOST_CROSS_ENDIAN_LEGACY y
170 170 set_kernel_config CONFIG_VHOST_NET m
171 171 set_kernel_config CONFIG_VIRTUALIZATION y
172 172
173 173 set_kernel_config CONFIG_MMU_NOTIFIER y
174 174
175 175 # erratum
176 176 set_kernel_config ARM64_ERRATUM_834220 y
177 177
178 178 # https://sourceforge.net/p/kvm/mailman/message/18440797/
179 179 set_kernel_config CONFIG_PREEMPT_NOTIFIERS y
180 180 fi
181 181
182 182 # enable apparmor,integrity audit,
183 183 if [ "$KERNEL_SECURITY" = true ] ; then
184 184
185 185 # security filesystem, security models and audit
186 186 set_kernel_config CONFIG_SECURITYFS y
187 187 set_kernel_config CONFIG_SECURITY y
188 188 set_kernel_config CONFIG_AUDIT y
189 189
190 190 # harden strcpy and memcpy
191 191 set_kernel_config CONFIG_HARDENED_USERCOPY y
192 192 set_kernel_config CONFIG_HAVE_HARDENED_USERCOPY_ALLOCATOR y
193 193 set_kernel_config CONFIG_FORTIFY_SOURCE y
194 194
195 195 # integrity sub-system
196 196 set_kernel_config CONFIG_INTEGRITY y
197 197 set_kernel_config CONFIG_INTEGRITY_ASYMMETRIC_KEYS y
198 198 set_kernel_config CONFIG_INTEGRITY_AUDIT y
199 199 set_kernel_config CONFIG_INTEGRITY_SIGNATURE y
200 200 set_kernel_config CONFIG_INTEGRITY_TRUSTED_KEYRING y
201 201
202 202 # This option provides support for retaining authentication tokens and access keys in the kernel.
203 203 set_kernel_config CONFIG_KEYS y
204 204 set_kernel_config CONFIG_KEYS_COMPAT y
205 205
206 206 # Apparmor
207 207 set_kernel_config CONFIG_SECURITY_APPARMOR_BOOTPARAM_VALUE 0
208 208 set_kernel_config CONFIG_SECURITY_APPARMOR_HASH_DEFAULT y
209 209 set_kernel_config CONFIG_DEFAULT_SECURITY_APPARMOR y
210 210 set_kernel_config CONFIG_SECURITY_APPARMOR y
211 211 set_kernel_config CONFIG_SECURITY_APPARMOR_HASH y
212 212 set_kernel_config CONFIG_DEFAULT_SECURITY "apparmor"
213 213
214 214 # restrictions on unprivileged users reading the kernel
215 215 set_kernel_config CONFIG_SECURITY_DMESG_RESTRICT y
216 216
217 217 # network security hooks
218 218 set_kernel_config CONFIG_SECURITY_NETWORK y
219 219 set_kernel_config CONFIG_SECURITY_NETWORK_XFRM y
220 220 set_kernel_config CONFIG_SECURITY_PATH y
221 221 set_kernel_config CONFIG_SECURITY_YAMA n
222 222
223 223 # New Options
224 224 if [ "$KERNEL_NF" = true ] ; then
225 225 set_kernel_config CONFIG_IP_NF_SECURITY m
226 226 set_kernel_config CONFIG_NETLABEL y
227 227 set_kernel_config CONFIG_IP6_NF_SECURITY m
228 228 fi
229 229 set_kernel_config CONFIG_SECURITY_SELINUX n
230 230 set_kernel_config CONFIG_SECURITY_SMACK n
231 231 set_kernel_config CONFIG_SECURITY_TOMOYO n
232 232 set_kernel_config CONFIG_SECURITY_APPARMOR_DEBUG n
233 233 set_kernel_config CONFIG_SECURITY_LOADPIN n
234 234 set_kernel_config CONFIG_HARDENED_USERCOPY_PAGESPAN n
235 235 set_kernel_config CONFIG_IMA n
236 236 set_kernel_config CONFIG_EVM n
237 237 set_kernel_config CONFIG_FANOTIFY_ACCESS_PERMISSIONS y
238 238 set_kernel_config CONFIG_NFSD_V4_SECURITY_LABEL y
239 239 set_kernel_config CONFIG_PKCS7_MESSAGE_PARSER y
240 240 set_kernel_config CONFIG_SYSTEM_TRUSTED_KEYRING y
241 241 set_kernel_config CONFIG_SYSTEM_TRUSTED_KEYS y
242 242 set_kernel_config CONFIG_SYSTEM_EXTRA_CERTIFICATE y
243 243 set_kernel_config CONFIG_SECONDARY_TRUSTED_KEYRING y
244 244 set_kernel_config CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY n
245 245 set_kernel_config CONFIG_SYSTEM_TRUSTED_KEYS m
246 246 set_kernel_config CONFIG_SYSTEM_EXTRA_CERTIFICATE_SIZE 4096
247 247
248 248 set_kernel_config CONFIG_ARM64_CRYPTO y
249 249 set_kernel_config CONFIG_CRYPTO_SHA256_ARM64 m
250 250 set_kernel_config CONFIG_CRYPTO_SHA512_ARM64 m
251 251 set_kernel_config CONFIG_CRYPTO_SHA1_ARM64_CE m
252 252 set_kernel_config CRYPTO_GHASH_ARM64_CE m
253 253 set_kernel_config CRYPTO_SHA2_ARM64_CE m
254 254 set_kernel_config CONFIG_CRYPTO_CRCT10DIF_ARM64_CE m
255 255 set_kernel_config CONFIG_CRYPTO_CRC32_ARM64_CE m
256 256 set_kernel_config CONFIG_CRYPTO_AES_ARM64 m
257 257 set_kernel_config CONFIG_CRYPTO_AES_ARM64_CE m
258 258 set_kernel_config CONFIG_CRYPTO_AES_ARM64_CE_CCM y
259 259 set_kernel_config CONFIG_CRYPTO_AES_ARM64_CE_BLK y
260 260 set_kernel_config CONFIG_CRYPTO_AES_ARM64_NEON_BLK m
261 261 set_kernel_config CONFIG_CRYPTO_CHACHA20_NEON m
262 262 set_kernel_config CONFIG_CRYPTO_AES_ARM64_BS m
263 263 set_kernel_config SYSTEM_TRUSTED_KEYS
264 264 fi
265 265
266 266 # Netfilter kernel support See https://github.com/raspberrypi/linux/issues/2177#issuecomment-354647406
267 267 if [ "$KERNEL_NF" = true ] ; then
268 268 set_kernel_config CONFIG_IP_NF_TARGET_SYNPROXY m
269 269 set_kernel_config CONFIG_NETFILTER_XT_TARGET_AUDIT m
270 270 set_kernel_config CONFIG_NETFILTER_XT_MATCH_CGROUP m
271 271 set_kernel_config CONFIG_NETFILTER_XT_MATCH_IPCOMP m
272 272 set_kernel_config CONFIG_NETFILTER_XT_MATCH_SOCKET m
273 273 set_kernel_config CONFIG_NFT_FIB_INET m
274 274 set_kernel_config CONFIG_NFT_FIB_IPV4 m
275 275 set_kernel_config CONFIG_NFT_FIB_IPV6 m
276 276 set_kernel_config CONFIG_NFT_FIB_NETDEV m
277 277 set_kernel_config CONFIG_NFT_OBJREF m
278 278 set_kernel_config CONFIG_NFT_RT m
279 279 set_kernel_config CONFIG_NFT_SET_BITMAP m
280 280 set_kernel_config CONFIG_NF_CONNTRACK_TIMEOUT y
281 281 set_kernel_config CONFIG_NF_LOG_ARP m
282 282 set_kernel_config CONFIG_NF_SOCKET_IPV4 m
283 283 set_kernel_config CONFIG_NF_SOCKET_IPV6 m
284 284 set_kernel_config CONFIG_BRIDGE_EBT_BROUTE m
285 285 set_kernel_config CONFIG_BRIDGE_EBT_T_FILTER m
286 286 set_kernel_config CONFIG_BRIDGE_NF_EBTABLES m
287 287 set_kernel_config CONFIG_IP6_NF_IPTABLES m
288 288 set_kernel_config CONFIG_IP6_NF_MATCH_AH m
289 289 set_kernel_config CONFIG_IP6_NF_MATCH_EUI64 m
290 290 set_kernel_config CONFIG_IP6_NF_NAT m
291 291 set_kernel_config CONFIG_IP6_NF_TARGET_MASQUERADE m
292 292 set_kernel_config CONFIG_IP6_NF_TARGET_NPT m
293 293 set_kernel_config CONFIG_IP_NF_SECURITY m
294 294 set_kernel_config CONFIG_IP_SET_BITMAP_IPMAC m
295 295 set_kernel_config CONFIG_IP_SET_BITMAP_PORT m
296 296 set_kernel_config CONFIG_IP_SET_HASH_IP m
297 297 set_kernel_config CONFIG_IP_SET_HASH_IPMARK m
298 298 set_kernel_config CONFIG_IP_SET_HASH_IPPORT m
299 299 set_kernel_config CONFIG_IP_SET_HASH_IPPORTIP m
300 300 set_kernel_config CONFIG_IP_SET_HASH_IPPORTNET m
301 301 set_kernel_config CONFIG_IP_SET_HASH_MAC m
302 302 set_kernel_config CONFIG_IP_SET_HASH_NET m
303 303 set_kernel_config CONFIG_IP_SET_HASH_NETIFACE m
304 304 set_kernel_config CONFIG_IP_SET_HASH_NETNET m
305 305 set_kernel_config CONFIG_IP_SET_HASH_NETPORT m
306 306 set_kernel_config CONFIG_IP_SET_HASH_NETPORTNET m
307 307 set_kernel_config CONFIG_IP_SET_LIST_SET m
308 308 set_kernel_config CONFIG_NETFILTER_XTABLES m
309 309 set_kernel_config CONFIG_NETFILTER_XTABLES m
310 310 set_kernel_config CONFIG_NFT_BRIDGE_META m
311 311 set_kernel_config CONFIG_NFT_BRIDGE_REJECT m
312 312 set_kernel_config CONFIG_NFT_CHAIN_NAT_IPV4 m
313 313 set_kernel_config CONFIG_NFT_CHAIN_NAT_IPV6 m
314 314 set_kernel_config CONFIG_NFT_CHAIN_ROUTE_IPV4 m
315 315 set_kernel_config CONFIG_NFT_CHAIN_ROUTE_IPV6 m
316 316 set_kernel_config CONFIG_NFT_COMPAT m
317 317 set_kernel_config CONFIG_NFT_COUNTER m
318 318 set_kernel_config CONFIG_NFT_CT m
319 319 set_kernel_config CONFIG_NFT_DUP_IPV4 m
320 320 set_kernel_config CONFIG_NFT_DUP_IPV6 m
321 321 set_kernel_config CONFIG_NFT_DUP_NETDEV m
322 322 set_kernel_config CONFIG_NFT_EXTHDR m
323 323 set_kernel_config CONFIG_NFT_FWD_NETDEV m
324 324 set_kernel_config CONFIG_NFT_HASH m
325 325 set_kernel_config CONFIG_NFT_LIMIT m
326 326 set_kernel_config CONFIG_NFT_LOG m
327 327 set_kernel_config CONFIG_NFT_MASQ m
328 328 set_kernel_config CONFIG_NFT_MASQ_IPV4 m
329 329 set_kernel_config CONFIG_NFT_MASQ_IPV6 m
330 330 set_kernel_config CONFIG_NFT_META m
331 331 set_kernel_config CONFIG_NFT_NAT m
332 332 set_kernel_config CONFIG_NFT_NUMGEN m
333 333 set_kernel_config CONFIG_NFT_QUEUE m
334 334 set_kernel_config CONFIG_NFT_QUOTA m
335 335 set_kernel_config CONFIG_NFT_REDIR m
336 336 set_kernel_config CONFIG_NFT_REDIR_IPV4 m
337 337 set_kernel_config CONFIG_NFT_REDIR_IPV6 m
338 338 set_kernel_config CONFIG_NFT_REJECT m
339 339 set_kernel_config CONFIG_NFT_REJECT_INET m
340 340 set_kernel_config CONFIG_NFT_REJECT_IPV4 m
341 341 set_kernel_config CONFIG_NFT_REJECT_IPV6 m
342 342 set_kernel_config CONFIG_NFT_SET_HASH m
343 343 set_kernel_config CONFIG_NFT_SET_RBTREE m
344 344 set_kernel_config CONFIG_NF_CONNTRACK_IPV4 m
345 345 set_kernel_config CONFIG_NF_CONNTRACK_IPV6 m
346 346 set_kernel_config CONFIG_NF_DEFRAG_IPV4 m
347 347 set_kernel_config CONFIG_NF_DEFRAG_IPV6 m
348 348 set_kernel_config CONFIG_NF_DUP_IPV4 m
349 349 set_kernel_config CONFIG_NF_DUP_IPV6 m
350 350 set_kernel_config CONFIG_NF_DUP_NETDEV m
351 351 set_kernel_config CONFIG_NF_LOG_BRIDGE m
352 352 set_kernel_config CONFIG_NF_LOG_IPV4 m
353 353 set_kernel_config CONFIG_NF_LOG_IPV6 m
354 354 set_kernel_config CONFIG_NF_NAT_IPV4 m
355 355 set_kernel_config CONFIG_NF_NAT_IPV6 m
356 356 set_kernel_config CONFIG_NF_NAT_MASQUERADE_IPV4 m
357 357 set_kernel_config CONFIG_NF_NAT_MASQUERADE_IPV6 m
358 358 set_kernel_config CONFIG_NF_NAT_PPTP m
359 359 set_kernel_config CONFIG_NF_NAT_PROTO_GRE m
360 360 set_kernel_config CONFIG_NF_NAT_REDIRECT m
361 361 set_kernel_config CONFIG_NF_NAT_SIP m
362 362 set_kernel_config CONFIG_NF_NAT_SNMP_BASIC m
363 363 set_kernel_config CONFIG_NF_NAT_TFTP m
364 364 set_kernel_config CONFIG_NF_REJECT_IPV4 m
365 365 set_kernel_config CONFIG_NF_REJECT_IPV6 m
366 366 set_kernel_config CONFIG_NF_TABLES m
367 367 set_kernel_config CONFIG_NF_TABLES_ARP m
368 368 set_kernel_config CONFIG_NF_TABLES_BRIDGE m
369 369 set_kernel_config CONFIG_NF_TABLES_INET m
370 370 set_kernel_config CONFIG_NF_TABLES_IPV4 m
371 371 set_kernel_config CONFIG_NF_TABLES_IPV6 m
372 372 set_kernel_config CONFIG_NF_TABLES_NETDEV m
373 373 fi
374 374
375 375 # Enables BPF syscall for systemd-journald see https://github.com/torvalds/linux/blob/master/init/Kconfig#L848 or https://groups.google.com/forum/#!topic/linux.gentoo.user/_2aSc_ztGpA
376 376 if [ "$KERNEL_BPF" = true ] ; then
377 377 set_kernel_config CONFIG_BPF_SYSCALL y
378 378 set_kernel_config CONFIG_BPF_EVENTS y
379 379 set_kernel_config CONFIG_BPF_STREAM_PARSER y
380 380 set_kernel_config CONFIG_CGROUP_BPF y
381 381 fi
382 382
383 383 # KERNEL_DEFAULT_GOV was set by user
384 384 if [ "$KERNEL_DEFAULT_GOV" != powersave ] && [ -n "$KERNEL_DEFAULT_GOV" ] ; then
385 385
386 386 case "$KERNEL_DEFAULT_GOV" in
387 387 performance)
388 388 set_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_PERFORMANCE y
389 389 ;;
390 390 userspace)
391 391 set_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_USERSPACE y
392 392 ;;
393 393 ondemand)
394 394 set_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_ONDEMAND y
395 395 ;;
396 396 conservative)
397 397 set_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_CONSERVATIVE y
398 398 ;;
399 399 shedutil)
400 400 set_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_SCHEDUTIL y
401 401 ;;
402 402 *)
403 403 echo "error: unsupported default cpu governor"
404 404 exit 1
405 405 ;;
406 406 esac
407 407
408 408 # unset previous default governor
409 409 unset_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_POWERSAVE
410 410 fi
411 411
412 412 #Revert to previous directory
413 413 cd "${WORKDIR}" || exit
414 414
415 415 # Set kernel configuration parameters to enable qemu emulation
416 416 if [ "$ENABLE_QEMU" = true ] ; then
417 417 echo "CONFIG_FHANDLE=y" >> "${KERNEL_DIR}"/.config
418 418 echo "CONFIG_LBDAF=y" >> "${KERNEL_DIR}"/.config
419 419
420 420 if [ "$ENABLE_CRYPTFS" = true ] ; then
421 421 {
422 422 echo "CONFIG_EMBEDDED=y"
423 423 echo "CONFIG_EXPERT=y"
424 424 echo "CONFIG_DAX=y"
425 425 echo "CONFIG_MD=y"
426 426 echo "CONFIG_BLK_DEV_MD=y"
427 427 echo "CONFIG_MD_AUTODETECT=y"
428 428 echo "CONFIG_BLK_DEV_DM=y"
429 429 echo "CONFIG_BLK_DEV_DM_BUILTIN=y"
430 430 echo "CONFIG_DM_CRYPT=y"
431 431 echo "CONFIG_CRYPTO_BLKCIPHER=y"
432 432 echo "CONFIG_CRYPTO_CBC=y"
433 433 echo "CONFIG_CRYPTO_XTS=y"
434 434 echo "CONFIG_CRYPTO_SHA512=y"
435 435 echo "CONFIG_CRYPTO_MANAGER=y"
436 436 } >> "${KERNEL_DIR}"/.config
437 437 fi
438 438 fi
439 439
440 440 # Copy custom kernel configuration file
441 441 if [ -n "$KERNELSRC_USRCONFIG" ] ; then
442 442 cp "$KERNELSRC_USRCONFIG" "${KERNEL_DIR}"/.config
443 443 fi
444 444
445 445 # Set kernel configuration parameters to their default values
446 446 if [ "$KERNEL_OLDDEFCONFIG" = true ] ; then
447 447 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" olddefconfig
448 448 fi
449 449
450 450 # Start menu-driven kernel configuration (interactive)
451 451 if [ "$KERNEL_MENUCONFIG" = true ] ; then
452 452 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" menuconfig
453 453 fi
454 454 # end if "$KERNELSRC_CONFIG" = true
455 455 fi
456 456
457 457 # Use ccache to cross compile the kernel
458 458 if [ "$KERNEL_CCACHE" = true ] ; then
459 459 cc="ccache ${CROSS_COMPILE}gcc"
460 460 else
461 461 cc="${CROSS_COMPILE}gcc"
462 462 fi
463 463
464 464 # Cross compile kernel and dtbs
465 465 make -C "${KERNEL_DIR}" -j"${KERNEL_THREADS}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" CC="${cc}" "${KERNEL_BIN_IMAGE}" dtbs
466 466
467 467 # Cross compile kernel modules
468 468 if grep -q "CONFIG_MODULES=y" "${KERNEL_DIR}/.config" ; then
469 469 make -C "${KERNEL_DIR}" -j"${KERNEL_THREADS}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" CC="${cc}" modules
470 470 fi
471 471 # end if "$KERNELSRC_PREBUILT" = false
472 472 fi
473 473
474 474 # Check if kernel compilation was successful
475 475 if [ ! -r "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/${KERNEL_BIN_IMAGE}" ] ; then
476 476 echo "error: kernel compilation failed! (kernel image not found)"
477 477 cleanup
478 478 exit 1
479 479 fi
480 480
481 481 # Install kernel modules
482 482 if [ "$ENABLE_REDUCE" = true ] ; then
483 483 if grep -q "CONFIG_MODULES=y" "${KERNEL_DIR}/.config" ; then
484 484 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_MOD_STRIP=1 INSTALL_MOD_PATH=../../.. modules_install
485 485 fi
486 486 else
487 487 if grep -q "CONFIG_MODULES=y" "${KERNEL_DIR}/.config" ; then
488 488 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_MOD_PATH=../../.. modules_install
489 489 fi
490 490
491 491 # Install kernel firmware
492 492 if grep -q "^firmware_install:" "${KERNEL_DIR}/Makefile" ; then
493 493 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_FW_PATH=../../../lib firmware_install
494 494 fi
495 495 fi
496 496
497 497 # Install kernel headers
498 498 if [ "$KERNEL_HEADERS" = true ] && [ "$KERNEL_REDUCE" = false ] ; then
499 499 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_HDR_PATH=../.. headers_install
500 500 fi
501 501
502 502 # Prepare boot (firmware) directory
503 503 mkdir "${BOOT_DIR}"
504 504
505 505 # Get kernel release version
506 506 KERNEL_VERSION=$(cat "${KERNEL_DIR}/include/config/kernel.release")
507 507
508 508 # Copy kernel configuration file to the boot directory
509 509 install_readonly "${KERNEL_DIR}/.config" "${R}/boot/config-${KERNEL_VERSION}"
510 510
511 511 # Prepare device tree directory
512 512 mkdir "${BOOT_DIR}/overlays"
513 513
514 514 # Ensure the proper .dtb is located
515 515 if [ "$KERNEL_ARCH" = "arm" ] ; then
516 516 for dtb in "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/"*.dtb ; do
517 517 if [ -f "${dtb}" ] ; then
518 518 install_readonly "${dtb}" "${BOOT_DIR}/"
519 519 fi
520 520 done
521 521 else
522 522 for dtb in "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/broadcom/"*.dtb ; do
523 523 if [ -f "${dtb}" ] ; then
524 524 install_readonly "${dtb}" "${BOOT_DIR}/"
525 525 fi
526 526 done
527 527 fi
528 528
529 529 # Copy compiled dtb device tree files
530 530 if [ -d "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays" ] ; then
531 531 for dtb in "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays/"*.dtbo ; do
532 532 if [ -f "${dtb}" ] ; then
533 533 install_readonly "${dtb}" "${BOOT_DIR}/overlays/"
534 534 fi
535 535 done
536 536
537 537 if [ -f "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays/README" ] ; then
538 538 install_readonly "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays/README" "${BOOT_DIR}/overlays/README"
539 539 fi
540 540 fi
541 541
542 542 if [ "$ENABLE_UBOOT" = false ] ; then
543 543 # Convert and copy kernel image to the boot directory
544 544 "${KERNEL_DIR}/scripts/mkknlimg" "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/${KERNEL_BIN_IMAGE}" "${BOOT_DIR}/${KERNEL_IMAGE}"
545 545 else
546 546 # Copy kernel image to the boot directory
547 547 install_readonly "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/${KERNEL_BIN_IMAGE}" "${BOOT_DIR}/${KERNEL_IMAGE}"
548 548 fi
549 549
550 550 # Remove kernel sources
551 551 if [ "$KERNEL_REMOVESRC" = true ] ; then
552 552 rm -fr "${KERNEL_DIR}"
553 553 else
554 554 # Prepare compiled kernel modules
555 555 if grep -q "CONFIG_MODULES=y" "${KERNEL_DIR}/.config" ; then
556 556 if grep -q "^modules_prepare:" "${KERNEL_DIR}/Makefile" ; then
557 557 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" modules_prepare
558 558 fi
559 559
560 560 # Create symlinks for kernel modules
561 561 chroot_exec ln -sf /usr/src/linux "/lib/modules/${KERNEL_VERSION}/build"
562 562 chroot_exec ln -sf /usr/src/linux "/lib/modules/${KERNEL_VERSION}/source"
563 563 fi
564 564 fi
565 565
566 566 else # BUILD_KERNEL=false
567 if [ "$SET_ARCH" = 64 ] && { [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; } ; then
568
567 if [ "$SET_ARCH" = 64 ]
568 if [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then
569 569 # Use Sakakis modified kernel if ZSWAP is active
570 570 if [ "$KERNEL_ZSWAP" = true ] || [ "$KERNEL_VIRT" = true ] || [ "$KERNEL_NF" = true ] || [ "$KERNEL_BPF" = true ] ; then
571 571 RPI3_64_KERNEL_URL="${RPI3_64_BIS_KERNEL_URL}"
572 572 fi
573 573
574 574 # Create temporary directory for dl
575 575 temp_dir=$(as_nobody mktemp -d)
576 576
577 577 # Fetch kernel dl
578 578 as_nobody wget -O "${temp_dir}"/kernel.tar.xz -c "$RPI3_64_KERNEL_URL"
579 fi
580 if [ "$SET_ARCH" = 64 ] && [ "$RPI_MODEL" = 4 ] ; then
581 # Create temporary directory for dl
582 temp_dir=$(as_nobody mktemp -d)
583
584 # Fetch kernel dl
585 as_nobody wget -O "${temp_dir}"/kernel.tar.xz -c "$RPI4_64_KERNEL_URL"
586 fi
579 587
580 588 #extract download
581 589 tar -xJf "${temp_dir}"/kernel.tar.xz -C "${temp_dir}"
582 590
583 591 #move extracted kernel to /boot/firmware
584 592 mkdir "${R}/boot/firmware"
585 593 cp "${temp_dir}"/boot/* "${R}"/boot/firmware/
586 594 cp -r "${temp_dir}"/lib/* "${R}"/lib/
587 595
588 596 # Remove temporary directory for kernel sources
589 597 rm -fr "${temp_dir}"
590 598
591 599 # Set permissions of the kernel sources
592 600 chown -R root:root "${R}/boot/firmware"
593 601 chown -R root:root "${R}/lib/modules"
594 602 fi
595 603
596 # Install Kernel from hypriot comptabile with all Raspberry PI
597 if [ "$SET_ARCH" = 32 ] ; then
604 # Install Kernel from hypriot comptabile with all Raspberry PI (dunno if its compatible with RPI4 - better compile your own kernel)
605 if [ "$SET_ARCH" = 32 ] && [ "$RPI_MODEL" != 4 ] ; then
598 606 # Create temporary directory for dl
599 607 temp_dir=$(as_nobody mktemp -d)
600 608
601 609 # Fetch kernel
602 610 as_nobody wget -O "${temp_dir}"/kernel.deb -c "$RPI_32_KERNEL_URL"
603 611
604 # Copy downloaded U-Boot sources
612 # Copy downloaded kernel package
605 613 mv "${temp_dir}"/kernel.deb "${R}"/tmp/kernel.deb
606 614
607 615 # Set permissions
608 616 chown -R root:root "${R}"/tmp/kernel.deb
609 617
610 618 # Install kernel
611 619 chroot_exec dpkg -i /tmp/kernel.deb
612 620
613 621 # move /boot to /boot/firmware to fit script env.
614 622 #mkdir "${BOOT_DIR}"
615 623 mkdir "${temp_dir}"/firmware
616 624 mv "${R}"/boot/* "${temp_dir}"/firmware/
617 625 mv "${temp_dir}"/firmware "${R}"/boot/
618 626
619 627 #same for kernel headers
620 628 if [ "$KERNEL_HEADERS" = true ] ; then
621 629 # Fetch kernel header
622 630 as_nobody wget -O "${temp_dir}"/kernel-header.deb -c "$RPI_32_KERNELHEADER_URL"
623 631 mv "${temp_dir}"/kernel-header.deb "${R}"/tmp/kernel-header.deb
624 632 chown -R root:root "${R}"/tmp/kernel-header.deb
625 633 # Install kernel header
626 634 chroot_exec dpkg -i /tmp/kernel-header.deb
627 635 rm -f "${R}"/tmp/kernel-header.deb
628 636 fi
629 637
630 638 # Remove temporary directory and files
631 639 rm -fr "${temp_dir}"
632 640 rm -f "${R}"/tmp/kernel.deb
633 641 fi
634 642
635 643 # Check if kernel installation was successful
636 644 KERNEL="$(ls -1 "${R}"/boot/firmware/kernel* | sort | tail -n 1)"
637 645 if [ -z "$KERNEL" ] ; then
638 646 echo "error: kernel installation failed! (/boot/kernel* not found)"
639 647 cleanup
640 648 exit 1
641 649 fi
642 650 fi
@@ -1,310 +1,315
1 1 #
2 2 # Setup RPi2/3 config and cmdline
3 3 #
4 4
5 5 # Load utility functions
6 6 . ./functions.sh
7 7
8 8 if [ -n "$RPI_FIRMWARE_DIR" ] && [ -d "$RPI_FIRMWARE_DIR" ] ; then
9 9 # Install boot binaries from local directory
10 10 cp "${RPI_FIRMWARE_DIR}"/boot/bootcode.bin "${BOOT_DIR}"/bootcode.bin
11 11 cp "${RPI_FIRMWARE_DIR}"/boot/fixup.dat "${BOOT_DIR}"/fixup.dat
12 12 cp "${RPI_FIRMWARE_DIR}"/boot/fixup_cd.dat "${BOOT_DIR}"/fixup_cd.dat
13 13 cp "${RPI_FIRMWARE_DIR}"/boot/fixup_x.dat "${BOOT_DIR}"/fixup_x.dat
14 14 cp "${RPI_FIRMWARE_DIR}"/boot/start.elf "${BOOT_DIR}"/start.elf
15 15 cp "${RPI_FIRMWARE_DIR}"/boot/start_cd.elf "${BOOT_DIR}"/start_cd.elf
16 16 cp "${RPI_FIRMWARE_DIR}"/boot/start_x.elf "${BOOT_DIR}"/start_x.elf
17 17 else
18 18 # Create temporary directory for boot binaries
19 19 temp_dir=$(as_nobody mktemp -d)
20 20
21 21 # Install latest boot binaries from raspberry/firmware github
22 22 as_nobody wget -q -O "${temp_dir}/bootcode.bin" "${FIRMWARE_URL}/bootcode.bin"
23 23 as_nobody wget -q -O "${temp_dir}/fixup.dat" "${FIRMWARE_URL}/fixup.dat"
24 24 as_nobody wget -q -O "${temp_dir}/fixup_cd.dat" "${FIRMWARE_URL}/fixup_cd.dat"
25 25 as_nobody wget -q -O "${temp_dir}/fixup_x.dat" "${FIRMWARE_URL}/fixup_x.dat"
26 26 as_nobody wget -q -O "${temp_dir}/start.elf" "${FIRMWARE_URL}/start.elf"
27 27 as_nobody wget -q -O "${temp_dir}/start_cd.elf" "${FIRMWARE_URL}/start_cd.elf"
28 28 as_nobody wget -q -O "${temp_dir}/start_x.elf" "${FIRMWARE_URL}/start_x.elf"
29 29
30 30 # Move downloaded boot binaries
31 31 mv "${temp_dir}/"* "${BOOT_DIR}/"
32 32
33 33 # Remove temporary directory for boot binaries
34 34 rm -fr "${temp_dir}"
35 35
36 36 # Set permissions of the boot binaries
37 37 chown -R root:root "${BOOT_DIR}"
38 38 chmod -R 600 "${BOOT_DIR}"
39 39 fi
40 40
41 41 if [ "$ENABLE_KEYGEN" = true ] ; then
42 42
43 43 # go to chroot/boot/
44 44 cd "${BOOT_DIR}/" || exit
45 45
46 46 # Make a copy of start.elf
47 47 cp start.elf start.elf_backup
48 48
49 49 # Remove codec licence checks - thx go to https://github.com/nucular/raspi-keygen - if ENABLE_VIDEOCORE is true, you can check codec status https://elinux.org/RPI_vcgencmd_usage
50 50 perl -pne 's/\x47\xE9362H\x3C\x18/\x47\xE9362H\x3C\x1F/g' < start.elf_backup > start.elf
51 51
52 52 # Back to base dir
53 53 cd "${WORKDIR}" || exit
54 54 fi
55 55
56 56 # Setup firmware boot cmdline
57 57 if [ "$ENABLE_USBBOOT" = true ] ; then
58 58 CMDLINE="dwc_otg.lpm_enable=0 root=/dev/sda2 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline console=tty1 rootwait init=/bin/systemd"
59 59 else
60 60 if [ "$ENABLE_SPLITFS" = true ] ; then
61 61 CMDLINE="dwc_otg.lpm_enable=0 root=/dev/sda1 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline console=tty1 rootwait init=/bin/systemd"
62 62 else
63 63 CMDLINE="dwc_otg.lpm_enable=0 root=/dev/mmcblk0p2 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline console=tty1 rootwait init=/bin/systemd"
64 64 fi
65 65 fi
66 66
67 67 # Add encrypted root partition to cmdline.txt
68 68 if [ "$ENABLE_CRYPTFS" = true ] ; then
69 69 if [ "$ENABLE_SPLITFS" = true ] ; then
70 70 CMDLINE=$(echo "${CMDLINE}" | sed "s/sda1/mapper\/${CRYPTFS_MAPPING} cryptdevice=\/dev\/sda1:${CRYPTFS_MAPPING}/")
71 71 else
72 72 if [ "$ENABLE_USBBOOT" = true ] ; then
73 73 CMDLINE=$(echo "${CMDLINE}" | sed "s/sda2/mapper\/${CRYPTFS_MAPPING} cryptdevice=\/dev\/sda2:${CRYPTFS_MAPPING}/")
74 74 else
75 75 CMDLINE=$(echo "${CMDLINE}" | sed "s/mmcblk0p2/mapper\/${CRYPTFS_MAPPING} cryptdevice=\/dev\/mmcblk0p2:${CRYPTFS_MAPPING}/")
76 76 fi
77 77 fi
78 78 fi
79 79
80 80 # Enable Kernel messages on standard output
81 81 if [ "$ENABLE_PRINTK" = true ] ; then
82 82 install_readonly files/sysctl.d/83-rpi-printk.conf "${ETC_DIR}/sysctl.d/83-rpi-printk.conf"
83 83 fi
84 84
85 85 # Enable Kernel messages on standard output
86 86 if [ "$KERNEL_SECURITY" = true ] ; then
87 87 install_readonly files/sysctl.d/84-rpi-ASLR.conf "${ETC_DIR}/sysctl.d/84-rpi-ASLR.conf"
88 88 fi
89 89
90 90 # Install udev rule for serial alias - serial0 = console serial1=bluetooth
91 91 install_readonly files/etc/99-com.rules "${LIB_DIR}/udev/rules.d/99-com.rules"
92 92
93 93 # Remove IPv6 networking support
94 94 if [ "$ENABLE_IPV6" = false ] ; then
95 95 CMDLINE="${CMDLINE} ipv6.disable=1"
96 96 fi
97 97
98 98 # Automatically assign predictable network interface names
99 99 if [ "$ENABLE_IFNAMES" = false ] ; then
100 100 CMDLINE="${CMDLINE} net.ifnames=0"
101 101 else
102 102 CMDLINE="${CMDLINE} net.ifnames=1"
103 103 fi
104 104
105 105 # Disable Raspberry Pi console logo
106 106 if [ "$ENABLE_LOGO" = false ] ; then
107 107 CMDLINE="${CMDLINE} logo.nologo"
108 108 fi
109 109
110 110 # Strictly limit verbosity of boot up console messages
111 111 if [ "$ENABLE_SILENT_BOOT" = true ] ; then
112 112 CMDLINE="${CMDLINE} quiet loglevel=0 rd.systemd.show_status=auto rd.udev.log_priority=0"
113 113 fi
114 114
115 115 # Install firmware config
116 116 install_readonly files/boot/config.txt "${BOOT_DIR}/config.txt"
117 117
118 118 # Disable Raspberry Pi console logo
119 119 if [ "$ENABLE_SLASH" = false ] ; then
120 120 echo "disable_splash=1" >> "${BOOT_DIR}/config.txt"
121 121 fi
122 122
123 123 # Locks CPU frequency at maximum
124 124 if [ "$ENABLE_TURBO" = true ] ; then
125 125 echo "force_turbo=1" >> "${BOOT_DIR}/config.txt"
126 126 # helps to avoid sdcard corruption when force_turbo is enabled.
127 127 echo "boot_delay=1" >> "${BOOT_DIR}/config.txt"
128 128 fi
129 129
130 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then
130 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] || [ "$RPI_MODEL" = 4 ]; then
131 131
132 132 # Bluetooth enabled
133 133 if [ "$ENABLE_BLUETOOTH" = true ] ; then
134 134 # Create temporary directory for Bluetooth sources
135 135 temp_dir=$(as_nobody mktemp -d)
136 136
137 137 # Fetch Bluetooth sources
138 138 as_nobody git -C "${temp_dir}" clone "${BLUETOOTH_URL}"
139 139
140 140 # Copy downloaded sources
141 141 mv "${temp_dir}/pi-bluetooth" "${R}/tmp/"
142 142
143 143 # Bluetooth firmware from arch aur https://aur.archlinux.org/packages/pi-bluetooth/
144 144 as_nobody wget -q -O "${R}/tmp/pi-bluetooth/LICENCE.broadcom_bcm43xx" https://aur.archlinux.org/cgit/aur.git/plain/LICENCE.broadcom_bcm43xx?h=pi-bluetooth
145 145 as_nobody wget -q -O "${R}/tmp/pi-bluetooth/BCM43430A1.hcd" https://raw.githubusercontent.com/RPi-Distro/bluez-firmware/master/broadcom/BCM43430A1.hcd
146 146
147 147 # Set permissions
148 148 chown -R root:root "${R}/tmp/pi-bluetooth"
149 149
150 150 # Install tools
151 151 install_readonly "${R}/tmp/pi-bluetooth/usr/bin/btuart" "${R}/usr/bin/btuart"
152 152 install_readonly "${R}/tmp/pi-bluetooth/usr/bin/bthelper" "${R}/usr/bin/bthelper"
153 153
154 154 # make scripts executable
155 155 chmod +x "${R}/usr/bin/bthelper"
156 156 chmod +x "${R}/usr/bin/btuart"
157 157
158 158 # Install bluetooth udev rule
159 159 install_readonly "${R}/tmp/pi-bluetooth/lib/udev/rules.d/90-pi-bluetooth.rules" "${LIB_DIR}/udev/rules.d/90-pi-bluetooth.rules"
160 160
161 161 # Install Firmware Flash file and apropiate licence
162 162 mkdir -p "$BLUETOOTH_FIRMWARE_DIR"
163 163 install_readonly "${R}/tmp/pi-bluetooth/LICENCE.broadcom_bcm43xx" "${BLUETOOTH_FIRMWARE_DIR}/LICENCE.broadcom_bcm43xx"
164 164 install_readonly "${R}/tmp/pi-bluetooth/BCM43430A1.hcd" "${BLUETOOTH_FIRMWARE_DIR}/BCM43430A1.hcd"
165 165 install_readonly "${R}/tmp/pi-bluetooth/debian/pi-bluetooth.bthelper@.service" "${ETC_DIR}/systemd/system/pi-bluetooth.bthelper@.service"
166 166 install_readonly "${R}/tmp/pi-bluetooth/debian/pi-bluetooth.hciuart.service" "${ETC_DIR}/systemd/system/pi-bluetooth.hciuart.service"
167 167
168 168 # Remove temporary directories
169 169 rm -fr "${temp_dir}"
170 170 rm -fr "${R}"/tmp/pi-bluetooth
171 171
172 172 # Switch Pi3 Bluetooth function to use the mini-UART (ttyS0) and restore UART0/ttyAMA0 over GPIOs 14 & 15. Slow Bluetooth and slow cpu. Use /dev/ttyS0 instead of /dev/ttyAMA0
173 173 if [ "$ENABLE_MINIUART_OVERLAY" = true ] ; then
174 174 # set overlay to swap ttyAMA0 and ttyS0
175 175 echo "dtoverlay=pi3-miniuart-bt" >> "${BOOT_DIR}/config.txt"
176 176
177 177 if [ "$ENABLE_TURBO" = false ] ; then
178 178 echo "core_freq=250" >> "${BOOT_DIR}/config.txt"
179 179 fi
180 180
181 181 fi
182 182
183 183 # Activate services
184 184 chroot_exec systemctl enable pi-bluetooth.hciuart.service
185 185
186 186 else # if ENABLE_BLUETOOTH = false
187 187 # set overlay to disable bluetooth
188 188 echo "dtoverlay=pi3-disable-bt" >> "${BOOT_DIR}/config.txt"
189 189 fi # ENABLE_BLUETOOTH end
190 190 fi
191 191
192 192 # may need sudo systemctl disable hciuart
193 193 if [ "$ENABLE_CONSOLE" = true ] ; then
194 194 echo "enable_uart=1" >> "${BOOT_DIR}/config.txt"
195 195 # add string to cmdline
196 196 CMDLINE="${CMDLINE} console=serial0,115200"
197 197
198 198 if [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ]|| [ "$RPI_MODEL" = 0 ]; then
199 199 # if force_turbo didn't lock cpu at high speed, lock it at low speed (XOR logic) or miniuart will be broken
200 200 if [ "$ENABLE_TURBO" = false ] ; then
201 201 echo "core_freq=250" >> "${BOOT_DIR}/config.txt"
202 202 fi
203 203 fi
204 204
205 205 # Enable serial console systemd style
206 206 chroot_exec systemctl enable serial-getty@serial0.service
207 207 else
208 208 echo "enable_uart=0" >> "${BOOT_DIR}/config.txt"
209 209 fi
210 210
211 # Disable dphys-swapfile service. Will get enabled on first boot
212 if [ "$ENABLE_DPHYSSWAP" = true ] ; then
213 chroot_exec systemctl disable dphys-swapfile
214 fi
215
211 216 if [ "$ENABLE_SYSTEMDSWAP" = true ] ; then
212 217 # Create temporary directory for systemd-swap sources
213 218 temp_dir=$(as_nobody mktemp -d)
214 219
215 220 # Fetch systemd-swap sources
216 221 as_nobody git -C "${temp_dir}" clone "${SYSTEMDSWAP_URL}"
217 222
218 223 # Copy downloaded systemd-swap sources
219 224 mv "${temp_dir}/systemd-swap" "${R}/tmp/"
220 225
221 226 # Change into downloaded src dir
222 227 cd "${R}/tmp/systemd-swap" || exit
223 228
224 229 # Build package
225 230 bash ./package.sh debian
226 231
227 232 # Change back into script root dir
228 233 cd "${WORKDIR}" || exit
229 234
230 235 # Set permissions of the systemd-swap sources
231 236 chown -R root:root "${R}/tmp/systemd-swap"
232 237
233 238 # Install package - IMPROVE AND MAKE IT POSSIBLE WITHOUT VERSION NR.
234 239 chroot_exec dpkg -i /tmp/systemd-swap/systemd-swap_4.0.1_any.deb
235 240
236 241 # Enable service
237 242 chroot_exec systemctl enable systemd-swap
238 243
239 244 # Remove temporary directory for systemd-swap sources
240 245 rm -fr "${temp_dir}"
241 246 else
242 247 # Enable ZSWAP in cmdline if systemd-swap is not used
243 248 if [ "$KERNEL_ZSWAP" = true ] ; then
244 249 CMDLINE="${CMDLINE} zswap.enabled=1 zswap.max_pool_percent=25 zswap.compressor=lz4"
245 250 fi
246 251 fi
247 252 if [ "$KERNEL_SECURITY" = true ] ; then
248 253 CMDLINE="${CMDLINE} apparmor=1 security=apparmor"
249 254 fi
250 255
251 256 # Install firmware boot cmdline
252 257 echo "${CMDLINE}" > "${BOOT_DIR}/cmdline.txt"
253 258
254 259 # Setup minimal GPU memory allocation size: 16MB (no X)
255 260 if [ "$ENABLE_MINGPU" = true ] ; then
256 261 echo "gpu_mem=16" >> "${BOOT_DIR}/config.txt"
257 262 fi
258 263
259 264 # Setup boot with initramfs
260 265 if [ "$ENABLE_INITRAMFS" = true ] ; then
261 266 echo "initramfs initramfs-${KERNEL_VERSION} followkernel" >> "${BOOT_DIR}/config.txt"
262 267 fi
263 268
264 269 # Create firmware configuration and cmdline symlinks
265 270 ln -sf firmware/config.txt "${R}/boot/config.txt"
266 271 ln -sf firmware/cmdline.txt "${R}/boot/cmdline.txt"
267 272
268 273 # Install and setup kernel modules to load at boot
269 274 mkdir -p "${LIB_DIR}/modules-load.d/"
270 275 install_readonly files/modules/rpi2.conf "${LIB_DIR}/modules-load.d/rpi2.conf"
271 276
272 277 # Load hardware random module at boot
273 278 if [ "$ENABLE_HWRANDOM" = true ] && [ "$BUILD_KERNEL" = false ] ; then
274 279 sed -i "s/^# bcm2708_rng/bcm2708_rng/" "${LIB_DIR}/modules-load.d/rpi2.conf"
275 280 fi
276 281
277 282 # Load sound module at boot
278 283 if [ "$ENABLE_SOUND" = true ] ; then
279 284 sed -i "s/^# snd_bcm2835/snd_bcm2835/" "${LIB_DIR}/modules-load.d/rpi2.conf"
280 285 else
281 286 echo "dtparam=audio=off" >> "${BOOT_DIR}/config.txt"
282 287 fi
283 288
284 289 # Enable I2C interface
285 290 if [ "$ENABLE_I2C" = true ] ; then
286 291 echo "dtparam=i2c_arm=on" >> "${BOOT_DIR}/config.txt"
287 292 sed -i "s/^# i2c-bcm2708/i2c-bcm2708/" "${LIB_DIR}/modules-load.d/rpi2.conf"
288 293 sed -i "s/^# i2c-dev/i2c-dev/" "${LIB_DIR}/modules-load.d/rpi2.conf"
289 294 fi
290 295
291 296 # Enable SPI interface
292 297 if [ "$ENABLE_SPI" = true ] ; then
293 298 echo "dtparam=spi=on" >> "${BOOT_DIR}/config.txt"
294 299 echo "spi-bcm2708" >> "${LIB_DIR}/modules-load.d/rpi2.conf"
295 300 if [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ]; then
296 301 sed -i "s/spi-bcm2708/spi-bcm2835/" "${LIB_DIR}/modules-load.d/rpi2.conf"
297 302 fi
298 303 fi
299 304
300 305 # Disable RPi2/3 under-voltage warnings
301 306 if [ -n "$DISABLE_UNDERVOLT_WARNINGS" ] ; then
302 307 echo "avoid_warnings=${DISABLE_UNDERVOLT_WARNINGS}" >> "${BOOT_DIR}/config.txt"
303 308 fi
304 309
305 310 # Install kernel modules blacklist
306 311 mkdir -p "${ETC_DIR}/modprobe.d/"
307 312 install_readonly files/modules/raspi-blacklist.conf "${ETC_DIR}/modprobe.d/raspi-blacklist.conf"
308 313
309 314 # Install sysctl.d configuration files
310 315 install_readonly files/sysctl.d/81-rpi-vm.conf "${ETC_DIR}/sysctl.d/81-rpi-vm.conf"
@@ -1,136 +1,136
1 1 #
2 2 # Setup Networking
3 3 #
4 4
5 5 # Load utility functions
6 6 . ./functions.sh
7 7
8 8 # Install and setup hostname
9 9 install_readonly files/network/hostname "${ETC_DIR}/hostname"
10 10 sed -i "s/^RaspberryPI/${HOSTNAME}/" "${ETC_DIR}/hostname"
11 11
12 12 # Install and setup hosts
13 13 install_readonly files/network/hosts "${ETC_DIR}/hosts"
14 14 sed -i "s/RaspberryPI/${HOSTNAME}/" "${ETC_DIR}/hosts"
15 15
16 16 # Setup hostname entry with static IP
17 17 if [ "$NET_ADDRESS" != "" ] ; then
18 18 NET_IP=$(echo "${NET_ADDRESS}" | cut -f 1 -d'/')
19 19 sed -i "s/^127.0.1.1/${NET_IP}/" "${ETC_DIR}/hosts"
20 20 fi
21 21
22 22 # Remove IPv6 hosts
23 23 if [ "$ENABLE_IPV6" = false ] ; then
24 24 sed -i -e "/::[1-9]/d" -e "/^$/d" "${ETC_DIR}/hosts"
25 25 fi
26 26
27 27 # Install hint about network configuration
28 28 install_readonly files/network/interfaces "${ETC_DIR}/network/interfaces"
29 29
30 30 # Install configuration for interface eth0
31 31 install_readonly files/network/eth.network "${ETC_DIR}/systemd/network/eth.network"
32 32
33 33 if [ "$RPI_MODEL" = 3P ] ; then
34 34 printf "\n[Link]\nGenericReceiveOffload=off\nTCPSegmentationOffload=off\nGenericSegmentationOffload=off" >> "${ETC_DIR}/systemd/network/eth.network"
35 35 fi
36 36
37 37 # Install configuration for interface wl*
38 38 install_readonly files/network/wlan.network "${ETC_DIR}/systemd/network/wlan.network"
39 39
40 40 #always with dhcp since wpa_supplicant integration is missing
41 41 sed -i -e "s/DHCP=.*/DHCP=yes/" -e "/DHCP/q" "${ETC_DIR}/systemd/network/wlan.network"
42 42
43 43 if [ "$ENABLE_DHCP" = true ] ; then
44 44 # Enable DHCP configuration for interface eth0
45 45 sed -i -e "s/DHCP=.*/DHCP=yes/" -e "/DHCP/q" "${ETC_DIR}/systemd/network/eth.network"
46 46
47 47 # Set DHCP configuration to IPv4 only
48 48 if [ "$ENABLE_IPV6" = false ] ; then
49 49 sed -i "s/DHCP=.*/DHCP=v4/" "${ETC_DIR}/systemd/network/eth.network"
50 50 fi
51 51
52 52 else # ENABLE_DHCP=false
53 53 # Set static network configuration for interface eth0
54 54 sed -i\
55 55 -e "s|DHCP=.*|DHCP=no|"\
56 56 -e "s|Address=\$|Address=${NET_ADDRESS}|"\
57 57 -e "s|Gateway=\$|Gateway=${NET_GATEWAY}|"\
58 58 -e "0,/DNS=\$/ s|DNS=\$|DNS=${NET_DNS_1}|"\
59 59 -e "0,/DNS=\$/ s|DNS=\$|DNS=${NET_DNS_2}|"\
60 60 -e "s|Domains=\$|Domains=${NET_DNS_DOMAINS}|"\
61 61 -e "0,/NTP=\$/ s|NTP=\$|NTP=${NET_NTP_1}|"\
62 62 -e "0,/NTP=\$/ s|NTP=\$|NTP=${NET_NTP_2}|"\
63 63 "${ETC_DIR}/systemd/network/eth.network"
64 64 fi
65 65
66 66 # Remove empty settings from network configuration
67 67 sed -i "/.*=\$/d" "${ETC_DIR}/systemd/network/eth.network"
68 68 # Remove empty settings from wlan configuration
69 69 sed -i "/.*=\$/d" "${ETC_DIR}/systemd/network/wlan.network"
70 70
71 71 # Move systemd network configuration if required by Debian release
72 72 mv -v "${ETC_DIR}/systemd/network/eth.network" "${LIB_DIR}/systemd/network/10-eth.network"
73 73 # If WLAN is enabled copy wlan configuration too
74 74 if [ "$ENABLE_WIRELESS" = true ] ; then
75 75 mv -v "${ETC_DIR}/systemd/network/wlan.network" "${LIB_DIR}/systemd/network/11-wlan.network"
76 76 fi
77 77 rm -fr "${ETC_DIR}/systemd/network"
78 78
79 79 # Enable systemd-networkd service
80 80 chroot_exec systemctl enable systemd-networkd
81 81
82 82 # Install host.conf resolver configuration
83 83 install_readonly files/network/host.conf "${ETC_DIR}/host.conf"
84 84
85 85 # Enable network stack hardening
86 86 if [ "$ENABLE_HARDNET" = true ] ; then
87 87 # Install sysctl.d configuration files
88 88 install_readonly files/sysctl.d/82-rpi-net-hardening.conf "${ETC_DIR}/sysctl.d/82-rpi-net-hardening.conf"
89 89
90 90 # Setup resolver warnings about spoofed addresses
91 91 sed -i "s/^# spoof warn/spoof warn/" "${ETC_DIR}/host.conf"
92 92 fi
93 93
94 94 # Enable time sync
95 95 if [ "$NET_NTP_1" != "" ] ; then
96 96 chroot_exec systemctl enable systemd-timesyncd.service
97 97 fi
98 98
99 99 # Download the firmware binary blob required to use the RPi3 wireless interface
100 100 if [ "$ENABLE_WIRELESS" = true ] ; then
101 101 if [ ! -d "${WLAN_FIRMWARE_DIR}" ] ; then
102 102 mkdir -p "${WLAN_FIRMWARE_DIR}"
103 103 fi
104 104
105 105 # Create temporary directory for firmware binary blob
106 106 temp_dir=$(as_nobody mktemp -d)
107 107
108 108 # Fetch firmware binary blob for RPI3B+
109 if [ "$RPI_MODEL" = 3P ] ; then
109 if [ "$RPI_MODEL" = 3P ] || [ "$RPI_MODEL" = 4 ] ; then
110 110 # Fetch firmware binary blob for RPi3P
111 111 as_nobody wget -q -O "${temp_dir}/brcmfmac43455-sdio.bin" "${WLAN_FIRMWARE_URL}/brcmfmac43455-sdio.bin"
112 112 as_nobody wget -q -O "${temp_dir}/brcmfmac43455-sdio.txt" "${WLAN_FIRMWARE_URL}/brcmfmac43455-sdio.txt"
113 113 as_nobody wget -q -O "${temp_dir}/brcmfmac43455-sdio.clm_blob" "${WLAN_FIRMWARE_URL}/brcmfmac43455-sdio.clm_blob"
114 114
115 115 # Move downloaded firmware binary blob
116 116 mv "${temp_dir}/brcmfmac43455-sdio."* "${WLAN_FIRMWARE_DIR}/"
117 117
118 118 # Set permissions of the firmware binary blob
119 119 chown root:root "${WLAN_FIRMWARE_DIR}/brcmfmac43455-sdio."*
120 120 chmod 600 "${WLAN_FIRMWARE_DIR}/brcmfmac43455-sdio."*
121 121 elif [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 0 ] ; then
122 122 # Fetch firmware binary blob for RPi3
123 123 as_nobody wget -q -O "${temp_dir}/brcmfmac43430-sdio.bin" "${WLAN_FIRMWARE_URL}/brcmfmac43430-sdio.bin"
124 124 as_nobody wget -q -O "${temp_dir}/brcmfmac43430-sdio.txt" "${WLAN_FIRMWARE_URL}/brcmfmac43430-sdio.txt"
125 125
126 126 # Move downloaded firmware binary blob
127 127 mv "${temp_dir}/brcmfmac43430-sdio."* "${WLAN_FIRMWARE_DIR}/"
128 128
129 129 # Set permissions of the firmware binary blob
130 130 chown root:root "${WLAN_FIRMWARE_DIR}/brcmfmac43430-sdio."*
131 131 chmod 600 "${WLAN_FIRMWARE_DIR}/brcmfmac43430-sdio."*
132 132 fi
133 133
134 134 # Remove temporary directory for firmware binary blob
135 135 rm -fr "${temp_dir}"
136 136 fi
@@ -1,97 +1,97
1 1 #!/bin/sh
2 2 #
3 3 # Build and Setup nexmon with monitor mode patch
4 4 #
5 5
6 6 # Load utility functions
7 7 . ./functions.sh
8 8
9 9 if [ "$ENABLE_NEXMON" = true ] && [ "$ENABLE_WIRELESS" = true ]; then
10 10 # Copy existing nexmon sources into chroot directory
11 11 if [ -n "$NEXMONSRC_DIR" ] && [ -d "$NEXMONSRC_DIR" ] ; then
12 12 # Copy local U-Boot sources
13 13 cp -r "${NEXMONSRC_DIR}" "${R}/tmp"
14 14 else
15 15 # Create temporary directory for nexmon sources
16 16 temp_dir=$(as_nobody mktemp -d)
17 17
18 18 # Fetch nexmon sources
19 19 as_nobody git -C "${temp_dir}" clone "${NEXMON_URL}"
20 20
21 21 # Copy downloaded nexmon sources
22 22 mv "${temp_dir}/nexmon" "${R}"/tmp/
23 23
24 24 # Set permissions of the nexmon sources
25 25 chown -R root:root "${R}"/tmp/nexmon
26 26
27 27 # Remove temporary directory for nexmon sources
28 28 rm -fr "${temp_dir}"
29 29 fi
30 30
31 31 # Set script Root
32 32 export NEXMON_ROOT="${R}"/tmp/nexmon
33 33
34 34 # Build nexmon firmware outside the build system, if we can.
35 35 cd "${NEXMON_ROOT}" || exit
36 36
37 37 # Make ancient isl build
38 38 cd buildtools/isl-0.10 || exit
39 39 ./configure
40 40 make
41 41 cd ../.. || exit
42 42
43 43 # Disable statistics
44 44 touch DISABLE_STATISTICS
45 45
46 46 # Setup Enviroment: see https://github.com/NoobieDog/nexmon/blob/master/setup_env.sh
47 47 export KERNEL="${KERNEL_IMAGE}"
48 48 export ARCH=arm
49 49 export SUBARCH=arm
50 50 export CC="${NEXMON_ROOT}"/buildtools/gcc-arm-none-eabi-5_4-2016q2-linux-x86/bin/arm-none-eabi-
51 51 export CC="${CC}"gcc
52 52 export CCPLUGIN="${NEXMON_ROOT}"/buildtools/gcc-nexmon-plugin/nexmon.so
53 53 export ZLIBFLATE="zlib-flate -compress"
54 54 export Q=@
55 55 export NEXMON_SETUP_ENV=1
56 56 export HOSTUNAME=$(uname -s)
57 57 export PLATFORMUNAME=$(uname -m)
58 58
59 59 # Make nexmon
60 60 make
61 61
62 62 # build patches
63 63 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 3 ] ; then
64 64 cd "${NEXMON_ROOT}"/patches/bcm43430a1/7_45_41_46/nexmon || exit
65 65 sed -i -e 's/all:.*/all: $(RAM_FILE)/g' ${NEXMON_ROOT}/patches/bcm43430a1/7_45_41_46/nexmon/Makefile
66 66 make clean
67 67
68 68 # We do this so we don't have to install the ancient isl version into /usr/local/lib on systems.
69 69 LD_LIBRARY_PATH="${NEXMON_ROOT}"/buildtools/isl-0.10/.libs make ARCH="${KERNEL_ARCH}" CC="${NEXMON_ROOT}"/buildtools/gcc-arm-none-eabi-5_4-2016q2-linux-x86/bin/arm-none-eabi-
70 70
71 71 # copy RPi0W & RPi3 firmware
72 72 mv "${WLAN_FIRMWARE_DIR}"/brcmfmac43430-sdio.bin "${WLAN_FIRMWARE_DIR}"/brcmfmac43430-sdio.org.bin
73 73 cp "${NEXMON_ROOT}"/patches/bcm43430a1/7_45_41_46/nexmon/brcmfmac43430-sdio.bin "${WLAN_FIRMWARE_DIR}"/brcmfmac43430-sdio.nexmon.bin
74 74 cp -f "${NEXMON_ROOT}"/patches/bcm43430a1/7_45_41_46/nexmon/brcmfmac43430-sdio.bin "${WLAN_FIRMWARE_DIR}"/brcmfmac43430-sdio.bin
75 75 fi
76 76
77 if [ "$RPI_MODEL" = 3P ] ; then
77 if [ "$RPI_MODEL" = 3P ] || [ "$RPI_MODEL" = 4 ] ; then
78 78 cd "${NEXMON_ROOT}"/patches/bcm43455c0/7_45_154/nexmon || exit
79 79 sed -i -e 's/all:.*/all: $(RAM_FILE)/g' ${NEXMON_ROOT}/patches/bcm43455c0/7_45_154/nexmon/Makefile
80 80 make clean
81 81
82 82 # We do this so we don't have to install the ancient isl version into /usr/local/lib on systems.
83 83 LD_LIBRARY_PATH=${NEXMON_ROOT}/buildtools/isl-0.10/.libs make ARCH="${KERNEL_ARCH}" CC="${NEXMON_ROOT}"/buildtools/gcc-arm-none-eabi-5_4-2016q2-linux-x86/bin/arm-none-eabi-
84 84
85 85 # RPi3B+ firmware
86 86 mv "${WLAN_FIRMWARE_DIR}"/brcmfmac43455-sdio.bin "${WLAN_FIRMWARE_DIR}"/brcmfmac43455-sdio.org.bin
87 87 cp "${NEXMON_ROOT}"/patches/bcm43455c0/7_45_154/nexmon/brcmfmac43455-sdio.bin "${WLAN_FIRMWARE_DIR}"/brcmfmac43455-sdio.nexmon.bin
88 88 cp -f "${NEXMON_ROOT}"/patches/bcm43455c0/7_45_154/nexmon/brcmfmac43455-sdio.bin "${WLAN_FIRMWARE_DIR}"/brcmfmac43455-sdio.bin
89 89 fi
90 90
91 91 #Revert to previous directory
92 92 cd "${WORKDIR}" || exit
93 93
94 94 # Remove nexmon sources
95 95 rm -fr "${NEXMON_ROOT}"
96 96
97 97 fi
@@ -1,49 +1,54
1 1 #
2 2 # First boot actions
3 3 #
4 4
5 5 # Load utility functions
6 6 . ./functions.sh
7 7
8 8 # Prepare rc.firstboot script
9 9 cat files/firstboot/10-begin.sh > "${ETC_DIR}/rc.firstboot"
10 10
11 # Ensure openssh server host keys are regenerated on first boot
12 if [ "$ENABLE_SSHD" = true ] ; then
13 cat files/firstboot/21-generate-ssh-keys.sh >> "${ETC_DIR}/rc.firstboot"
14 fi
15
16 11 # Prepare filesystem auto expand
17 12 if [ "$EXPANDROOT" = true ] ; then
18 13 if [ "$ENABLE_CRYPTFS" = false ] ; then
19 cat files/firstboot/22-expandroot.sh >> "${ETC_DIR}/rc.firstboot"
14 cat files/firstboot/20-expandroot.sh >> "${ETC_DIR}/rc.firstboot"
20 15 else
21 16 # Regenerate initramfs to remove encrypted root partition auto expand
22 cat files/firstboot/23-regenerate-initramfs.sh >> "${ETC_DIR}/rc.firstboot"
17 cat files/firstboot/21-regenerate-initramfs.sh >> "${ETC_DIR}/rc.firstboot"
18 fi
19
20 # Restart dphys-swapfile so the size of the swap file is relative to the resized root partition
21 if [ "$ENABLE_DPHYSSWAP" = true ] ; then
22 cat files/firstboot/23-restart-dphys-swapfile.sh >> "${ETC_DIR}/rc.firstboot"
23 fi
23 24 fi
25
26 # Ensure openssh server host keys are regenerated on first boot
27 if [ "$ENABLE_SSHD" = true ] ; then
28 cat files/firstboot/30-generate-ssh-keys.sh >> "${ETC_DIR}/rc.firstboot"
24 29 fi
25 30
26 31 # Ensure that dbus machine-id exists
27 cat files/firstboot/24-generate-machineid.sh >> "${ETC_DIR}/rc.firstboot"
32 cat files/firstboot/40-generate-machineid.sh >> "${ETC_DIR}/rc.firstboot"
28 33
29 34 # Create /etc/resolv.conf symlink
30 cat files/firstboot/25-create-resolv-symlink.sh >> "${ETC_DIR}/rc.firstboot"
35 cat files/firstboot/41-create-resolv-symlink.sh >> "${ETC_DIR}/rc.firstboot"
31 36
32 37 # Configure automatic network interface names
33 38 if [ "$ENABLE_IFNAMES" = true ] ; then
34 cat files/firstboot/26-config-ifnames.sh >> "${ETC_DIR}/rc.firstboot"
39 cat files/firstboot/42-config-ifnames.sh >> "${ETC_DIR}/rc.firstboot"
35 40 fi
36 41
37 42 # Finalize rc.firstboot script
38 43 cat files/firstboot/99-finish.sh >> "${ETC_DIR}/rc.firstboot"
39 44 chmod +x "${ETC_DIR}/rc.firstboot"
40 45
41 46 # Install default rc.local if it does not exist
42 47 if [ ! -f "${ETC_DIR}/rc.local" ] ; then
43 48 install_exec files/etc/rc.local "${ETC_DIR}/rc.local"
44 49 fi
45 50
46 51 # Add rc.firstboot script to rc.local
47 52 sed -i '/exit 0/d' "${ETC_DIR}/rc.local"
48 53 echo /etc/rc.firstboot >> "${ETC_DIR}/rc.local"
49 54 echo exit 0 >> "${ETC_DIR}/rc.local"
1 NO CONTENT: file renamed from files/firstboot/22-expandroot.sh to files/firstboot/20-expandroot.sh
1 NO CONTENT: file renamed from files/firstboot/23-regenerate-initramfs.sh to files/firstboot/21-regenerate-initramfs.sh
1 NO CONTENT: file renamed from files/firstboot/21-generate-ssh-keys.sh to files/firstboot/30-generate-ssh-keys.sh
1 NO CONTENT: file renamed from files/firstboot/24-generate-machineid.sh to files/firstboot/40-generate-machineid.sh
1 NO CONTENT: file renamed from files/firstboot/25-create-resolv-symlink.sh to files/firstboot/41-create-resolv-symlink.sh
1 NO CONTENT: file renamed from files/firstboot/26-config-ifnames.sh to files/firstboot/42-config-ifnames.sh
@@ -1,892 +1,895
1 1 #!/bin/sh
2 2 ########################################################################
3 3 # rpi23-gen-image.sh 2015-2017
4 4 #
5 5 # Advanced Debian "stretch" and "buster" bootstrap script for Raspberry Pi
6 6 #
7 7 # This program is free software; you can redistribute it and/or
8 8 # modify it under the terms of the GNU General Public License
9 9 # as published by the Free Software Foundation; either version 2
10 10 # of the License, or (at your option) any later version.
11 11 #
12 12 # Copyright (C) 2015 Jan Wagner <mail@jwagner.eu>
13 13 #
14 14 # Big thanks for patches and enhancements by 20+ github contributors!
15 15 ########################################################################
16 16
17 17 # Are we running as root?
18 18 if [ "$(id -u)" -ne "0" ] ; then
19 19 echo "error: this script must be executed with root privileges!"
20 20 exit 1
21 21 fi
22 22
23 23 # Check if ./functions.sh script exists
24 24 if [ ! -r "./functions.sh" ] ; then
25 25 echo "error: './functions.sh' required script not found!"
26 26 exit 1
27 27 fi
28 28
29 29 # Load utility functions
30 30 . ./functions.sh
31 31
32 32 # Load parameters from configuration template file
33 33 if [ -n "$CONFIG_TEMPLATE" ] ; then
34 34 use_template
35 35 fi
36 36
37 37 # Introduce settings
38 38 set -e
39 39 echo -n -e "\n#\n# RPi 0/1/2/3 Bootstrap Settings\n#\n"
40 40 set -x
41 41
42 42 # Raspberry Pi model configuration
43 43 RPI_MODEL=${RPI_MODEL:=2}
44 44
45 45 # Debian release
46 46 RELEASE=${RELEASE:=buster}
47 47
48 48 # Kernel Branch
49 49 KERNEL_BRANCH=${KERNEL_BRANCH:=""}
50 50
51 51 # URLs
52 52 KERNEL_URL=${KERNEL_URL:=https://github.com/raspberrypi/linux}
53 53 FIRMWARE_URL=${FIRMWARE_URL:=https://github.com/raspberrypi/firmware/raw/master/boot}
54 54 WLAN_FIRMWARE_URL=${WLAN_FIRMWARE_URL:=https://github.com/RPi-Distro/firmware-nonfree/raw/master/brcm}
55 55 COLLABORA_URL=${COLLABORA_URL:=https://repositories.collabora.co.uk/debian}
56 56 FBTURBO_URL=${FBTURBO_URL:=https://github.com/ssvb/xf86-video-fbturbo.git}
57 57 UBOOT_URL=${UBOOT_URL:=https://git.denx.de/u-boot.git}
58 58 VIDEOCORE_URL=${VIDEOCORE_URL:=https://github.com/raspberrypi/userland}
59 59 BLUETOOTH_URL=${BLUETOOTH_URL:=https://github.com/RPi-Distro/pi-bluetooth.git}
60 60 NEXMON_URL=${NEXMON_URL:=https://github.com/seemoo-lab/nexmon.git}
61 61 SYSTEMDSWAP_URL=${SYSTEMDSWAP_URL:=https://github.com/Nefelim4ag/systemd-swap.git}
62 62
63 63 # Kernel deb packages for 32bit kernel
64 64 RPI_32_KERNEL_URL=${RPI_32_KERNEL_URL:=https://github.com/hypriot/rpi-kernel/releases/download/v4.14.34/raspberrypi-kernel_20180422-141901_armhf.deb}
65 65 RPI_32_KERNELHEADER_URL=${RPI_32_KERNELHEADER_URL:=https://github.com/hypriot/rpi-kernel/releases/download/v4.14.34/raspberrypi-kernel-headers_20180422-141901_armhf.deb}
66 66 # Kernel has KVM and zswap enabled - use if KERNEL_* parameters and precompiled kernel are used
67 67 RPI3_64_BIS_KERNEL_URL=${RPI3_64_BIS_KERNEL_URL:=https://github.com/sakaki-/bcmrpi3-kernel-bis/releases/download/4.14.80.20181113/bcmrpi3-kernel-bis-4.14.80.20181113.tar.xz}
68 68 # Default precompiled 64bit kernel
69 69 RPI3_64_DEF_KERNEL_URL=${RPI3_64_DEF_KERNEL_URL:=https://github.com/sakaki-/bcmrpi3-kernel/releases/download/4.14.80.20181113/bcmrpi3-kernel-4.14.80.20181113.tar.xz}
70 # Sakaki BIS Kernel RPI4
71 RPI4_64_DEF_KERNEL_URL=https://github.com/sakaki-/bcm2711-kernel-bis/releases/download/4.19.59.20190724/bcm2711-kernel-bis-4.19.59.20190724.tar.xz
70 72 # Generic
71 73 RPI3_64_KERNEL_URL=${RPI3_64_KERNEL_URL:=$RPI3_64_DEF_KERNEL_URL}
74 RPI4_64_KERNEL_URL=${RPI3_64_KERNEL_URL:=$RPI4_64_DEF_KERNEL_URL}
72 75 # Kali kernel src - used if ENABLE_NEXMON=true (they patch the wlan kernel modul)
73 76 KALI_KERNEL_URL=${KALI_KERNEL_URL:=https://github.com/Re4son/re4son-raspberrypi-linux.git}
74 77
75 78 # Build directories
76 79 WORKDIR=$(pwd)
77 80 BASEDIR=${BASEDIR:=${WORKDIR}/images/${RELEASE}}
78 81 BUILDDIR="${BASEDIR}/build"
79 82
80 83 # Chroot directories
81 84 R="${BUILDDIR}/chroot"
82 85 ETC_DIR="${R}/etc"
83 86 LIB_DIR="${R}/lib"
84 87 BOOT_DIR="${R}/boot/firmware"
85 88 KERNEL_DIR="${R}/usr/src/linux"
86 89 WLAN_FIRMWARE_DIR="${LIB_DIR}/firmware/brcm"
87 90 BLUETOOTH_FIRMWARE_DIR="${ETC_DIR}/firmware/bt"
88 91
89 92 # Firmware directory: Blank if download from github
90 93 RPI_FIRMWARE_DIR=${RPI_FIRMWARE_DIR:=""}
91 94
92 95 # General settings
93 96 SET_ARCH=${SET_ARCH:=32}
94 97 HOSTNAME=${HOSTNAME:=rpi${RPI_MODEL}-${RELEASE}}
95 98 PASSWORD=${PASSWORD:=raspberry}
96 99 USER_PASSWORD=${USER_PASSWORD:=raspberry}
97 100 DEFLOCAL=${DEFLOCAL:="en_US.UTF-8"}
98 101 TIMEZONE=${TIMEZONE:="Europe/Berlin"}
99 102 EXPANDROOT=${EXPANDROOT:=true}
103 ENABLE_DPHYSSWAP=${ENABLE_DPHYSSWAP:=true}
100 104
101 105 # Keyboard settings
102 106 XKB_MODEL=${XKB_MODEL:=""}
103 107 XKB_LAYOUT=${XKB_LAYOUT:=""}
104 108 XKB_VARIANT=${XKB_VARIANT:=""}
105 109 XKB_OPTIONS=${XKB_OPTIONS:=""}
106 110
107 111 # Network settings (DHCP)
108 112 ENABLE_DHCP=${ENABLE_DHCP:=true}
109 113
110 114 # Network settings (static)
111 115 NET_ADDRESS=${NET_ADDRESS:=""}
112 116 NET_GATEWAY=${NET_GATEWAY:=""}
113 117 NET_DNS_1=${NET_DNS_1:=""}
114 118 NET_DNS_2=${NET_DNS_2:=""}
115 119 NET_DNS_DOMAINS=${NET_DNS_DOMAINS:=""}
116 120 NET_NTP_1=${NET_NTP_1:=""}
117 121 NET_NTP_2=${NET_NTP_2:=""}
118 122
119 123 # APT settings
120 124 APT_PROXY=${APT_PROXY:=""}
121 125 APT_SERVER=${APT_SERVER:="ftp.debian.org"}
122 126 KEEP_APT_PROXY=${KEEP_APT_PROXY:=false}
123 127
124 128 # Feature settings
125 129 ENABLE_PRINTK=${ENABLE_PRINTK:=false}
126 130 ENABLE_BLUETOOTH=${ENABLE_BLUETOOTH:=false}
127 131 ENABLE_MINIUART_OVERLAY=${ENABLE_MINIUART_OVERLAY:=false}
128 132 ENABLE_CONSOLE=${ENABLE_CONSOLE:=true}
129 133 ENABLE_I2C=${ENABLE_I2C:=false}
130 134 ENABLE_SPI=${ENABLE_SPI:=false}
131 135 ENABLE_IPV6=${ENABLE_IPV6:=true}
132 136 ENABLE_SSHD=${ENABLE_SSHD:=true}
133 137 ENABLE_NONFREE=${ENABLE_NONFREE:=false}
134 138 ENABLE_WIRELESS=${ENABLE_WIRELESS:=false}
135 139 ENABLE_SOUND=${ENABLE_SOUND:=true}
136 140 ENABLE_DBUS=${ENABLE_DBUS:=true}
137 141 ENABLE_HWRANDOM=${ENABLE_HWRANDOM:=true}
138 142 ENABLE_MINGPU=${ENABLE_MINGPU:=false}
139 143 ENABLE_XORG=${ENABLE_XORG:=false}
140 144 ENABLE_WM=${ENABLE_WM:=""}
141 145 ENABLE_RSYSLOG=${ENABLE_RSYSLOG:=true}
142 146 ENABLE_USER=${ENABLE_USER:=true}
143 147 USER_NAME=${USER_NAME:="pi"}
144 148 ENABLE_ROOT=${ENABLE_ROOT:=false}
145 149 ENABLE_QEMU=${ENABLE_QEMU:=false}
146 150 ENABLE_SYSVINIT=${ENABLE_SYSVINIT:=false}
147 151 ENABLE_KEYGEN=${ENABLE_KEYGEN:=true}
148 152
149 153 # SSH settings
150 154 SSH_ENABLE_ROOT=${SSH_ENABLE_ROOT:=false}
151 155 SSH_DISABLE_PASSWORD_AUTH=${SSH_DISABLE_PASSWORD_AUTH:=false}
152 156 SSH_LIMIT_USERS=${SSH_LIMIT_USERS:=false}
153 157 SSH_ROOT_PUB_KEY=${SSH_ROOT_PUB_KEY:=""}
154 158 SSH_USER_PUB_KEY=${SSH_USER_PUB_KEY:=""}
155 159
156 160 # Advanced settings
157 161 ENABLE_SYSTEMDSWAP=${ENABLE_SYSTEMDSWAP:=false}
158 162 ENABLE_MINBASE=${ENABLE_MINBASE:=false}
159 163 ENABLE_REDUCE=${ENABLE_REDUCE:=false}
160 164 ENABLE_UBOOT=${ENABLE_UBOOT:=false}
161 165 UBOOTSRC_DIR=${UBOOTSRC_DIR:=""}
162 166 ENABLE_USBBOOT=${ENABLE_USBBOOT=false}
163 167 ENABLE_FBTURBO=${ENABLE_FBTURBO:=false}
164 168 ENABLE_VIDEOCORE=${ENABLE_VIDEOCORE:=false}
165 169 ENABLE_NEXMON=${ENABLE_NEXMON:=false}
166 170 VIDEOCORESRC_DIR=${VIDEOCORESRC_DIR:=""}
167 171 FBTURBOSRC_DIR=${FBTURBOSRC_DIR:=""}
168 172 NEXMONSRC_DIR=${NEXMONSRC_DIR:=""}
169 173 ENABLE_HARDNET=${ENABLE_HARDNET:=false}
170 174 ENABLE_IPTABLES=${ENABLE_IPTABLES:=false}
171 175 ENABLE_SPLITFS=${ENABLE_SPLITFS:=false}
172 176 ENABLE_INITRAMFS=${ENABLE_INITRAMFS:=false}
173 177 ENABLE_IFNAMES=${ENABLE_IFNAMES:=true}
174 178 ENABLE_SPLASH=${ENABLE_SPLASH:=true}
175 179 ENABLE_LOGO=${ENABLE_LOGO:=true}
176 180 ENABLE_SILENT_BOOT=${ENABLE_SILENT_BOOT=false}
177 181 DISABLE_UNDERVOLT_WARNINGS=${DISABLE_UNDERVOLT_WARNINGS:=}
178 182
179 183 # Kernel compilation settings
180 184 BUILD_KERNEL=${BUILD_KERNEL:=true}
181 185 KERNEL_REDUCE=${KERNEL_REDUCE:=false}
182 186 KERNEL_THREADS=${KERNEL_THREADS:=1}
183 187 KERNEL_HEADERS=${KERNEL_HEADERS:=true}
184 188 KERNEL_MENUCONFIG=${KERNEL_MENUCONFIG:=false}
185 189 KERNEL_REMOVESRC=${KERNEL_REMOVESRC:=true}
186 190 KERNEL_OLDDEFCONFIG=${KERNEL_OLDDEFCONFIG:=false}
187 191 KERNEL_CCACHE=${KERNEL_CCACHE:=false}
188 192 KERNEL_ZSWAP=${KERNEL_ZSWAP:=false}
189 193 KERNEL_VIRT=${KERNEL_VIRT:=false}
190 194 KERNEL_BPF=${KERNEL_BPF:=false}
191 195 KERNEL_DEFAULT_GOV=${KERNEL_DEFAULT_GOV:=ondemand}
192 196 KERNEL_SECURITY=${KERNEL_SECURITY:=false}
193 197 KERNEL_NF=${KERNEL_NF:=false}
194 198
195 199 # Kernel compilation from source directory settings
196 200 KERNELSRC_DIR=${KERNELSRC_DIR:=""}
197 201 KERNELSRC_CLEAN=${KERNELSRC_CLEAN:=false}
198 202 KERNELSRC_CONFIG=${KERNELSRC_CONFIG:=true}
199 203 KERNELSRC_PREBUILT=${KERNELSRC_PREBUILT:=false}
200 204
201 205 # Reduce disk usage settings
202 206 REDUCE_APT=${REDUCE_APT:=true}
203 207 REDUCE_DOC=${REDUCE_DOC:=true}
204 208 REDUCE_MAN=${REDUCE_MAN:=true}
205 209 REDUCE_VIM=${REDUCE_VIM:=false}
206 210 REDUCE_BASH=${REDUCE_BASH:=false}
207 211 REDUCE_HWDB=${REDUCE_HWDB:=true}
208 212 REDUCE_SSHD=${REDUCE_SSHD:=true}
209 213 REDUCE_LOCALE=${REDUCE_LOCALE:=true}
210 214
211 215 # Encrypted filesystem settings
212 216 ENABLE_CRYPTFS=${ENABLE_CRYPTFS:=false}
213 217 CRYPTFS_PASSWORD=${CRYPTFS_PASSWORD:=""}
214 218 CRYPTFS_MAPPING=${CRYPTFS_MAPPING:="secure"}
215 219 CRYPTFS_CIPHER=${CRYPTFS_CIPHER:="aes-xts-plain64:sha512"}
216 220 CRYPTFS_XTSKEYSIZE=${CRYPTFS_XTSKEYSIZE:=512}
217 221 #Dropbear-initramfs supports unlocking encrypted filesystem via SSH on bootup
218 222 CRYPTFS_DROPBEAR=${CRYPTFS_DROPBEAR:=false}
219 223 #Provide your own Dropbear Public RSA-OpenSSH Key otherwise it will be generated
220 224 CRYPTFS_DROPBEAR_PUBKEY=${CRYPTFS_DROPBEAR_PUBKEY:=""}
221 225
222 226 # Chroot scripts directory
223 227 CHROOT_SCRIPTS=${CHROOT_SCRIPTS:=""}
224 228
225 229 # Packages required in the chroot build environment
226 230 APT_INCLUDES=${APT_INCLUDES:=""}
227 231 APT_INCLUDES="${APT_INCLUDES},apt-transport-https,apt-utils,ca-certificates,debian-archive-keyring,dialog,sudo,systemd,sysvinit-utils,locales,keyboard-configuration,console-setup,libnss-systemd"
228 232
229 233 # Packages to exclude from chroot build environment
230 234 APT_EXCLUDES=${APT_EXCLUDES:=""}
231 235
232 236 # Packages required for bootstrapping
233 237 REQUIRED_PACKAGES="debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git bc psmisc dbus sudo"
234 238 #Requierd=netselect-apt
235 239 MISSING_PACKAGES=""
236 240
237 241 # Packages installed for c/c++ build environment in chroot (keep empty)
238 242 COMPILER_PACKAGES=""
239 243
240 244 # Check if apt-cacher-ng has port 3142 open and set APT_PROXY
241 245 APT_CACHER_RUNNING=$(lsof -i :3142 | cut -d ' ' -f3 | uniq | sed '/^\s*$/d')
242 246 if [ "${APT_CACHER_RUNNING}" = "apt-cacher-ng" ] ; then
243 247 APT_PROXY=http://127.0.0.1:3142/
244 248 fi
245 249
246 # netselect-apt does not know buster yet
247 #if [ "$RELEASE" = "buster" ] ; then
248 # RLS=testing
249 #else
250 # RLS="$RELEASE"
251 #fi
252
253 #if [ -f "$(pwd)/files/apt/sources.list" ] ; then
254 #rm "$(pwd)/files/apt/sources.list"
255 #fi
256
257 #if [ "$ENABLE_NONFREE" = true ] ; then
258 # netselect-apt --arch "$RELEASE_ARCH" -t 3 --sources --nonfree --outfile "$(pwd)/files/apt/sources.list" -d "$RLS"
259 #else
260 # netselect-apt --arch "$RELEASE_ARCH" -t 3 --sources --outfile "$(pwd)/files/apt/sources.list" -d "$RLS"
261 #fi
262
263 # sed and cut the result string so we can use it as APT_SERVER
264 #APT_SERVER=$(grep -m 1 http files/apt/sources.list | sed "s|http://| |g" | cut -d ' ' -f 3 | sed 's|/$|''|')
265
266 # make script easier and more stable to use with convenient setup switch. Just setup SET_ARCH and RPI_MODEL and your good to go!
250 # Setup architecture specific settings
267 251 if [ -n "$SET_ARCH" ] ; then
268 252 # 64-bit configuration
269 253 if [ "$SET_ARCH" = 64 ] ; then
270 254 # General 64-bit depended settings
271 255 QEMU_BINARY=${QEMU_BINARY:=/usr/bin/qemu-aarch64-static}
272 256 KERNEL_ARCH=${KERNEL_ARCH:=arm64}
273 257 KERNEL_BIN_IMAGE=${KERNEL_BIN_IMAGE:="Image"}
274 258
275 259 # Raspberry Pi model specific settings
276 if [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then
277 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-arm64"
260 if [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] || [ "$RPI_MODEL" = 4 ] ; then
261 if [ "$RPI_MODEL" != 4 ] ; then
278 262 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcmrpi3_defconfig}
263 else
264 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcm2711_defconfig}
265 fi
266
267 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-arm64"
279 268 RELEASE_ARCH=${RELEASE_ARCH:=arm64}
280 269 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel8.img}
281 270 CROSS_COMPILE=${CROSS_COMPILE:=aarch64-linux-gnu-}
282 271 else
283 echo "error: Only Raspberry PI 3 and 3B+ support 64-bit"
272 echo "error: Only Raspberry PI 3, 3B+ and 4 support 64-bit"
284 273 exit 1
285 274 fi
286 275 fi
287 276
288 277 # 32-bit configuration
289 278 if [ "$SET_ARCH" = 32 ] ; then
290 279 # General 32-bit dependend settings
291 280 QEMU_BINARY=${QEMU_BINARY:=/usr/bin/qemu-arm-static}
292 281 KERNEL_ARCH=${KERNEL_ARCH:=arm}
293 282 KERNEL_BIN_IMAGE=${KERNEL_BIN_IMAGE:="zImage"}
294 283
295 284 # Raspberry Pi model specific settings
296 285 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 1 ] || [ "$RPI_MODEL" = 1P ] ; then
297 286 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-armel"
298 287 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcmrpi_defconfig}
299 288 RELEASE_ARCH=${RELEASE_ARCH:=armel}
300 289 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel.img}
301 290 CROSS_COMPILE=${CROSS_COMPILE:=arm-linux-gnueabi-}
302 291 fi
303 292
304 293 # Raspberry Pi model specific settings
305 if [ "$RPI_MODEL" = 2 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then
306 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-armhf"
294 if [ "$RPI_MODEL" = 2 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] || [ "$RPI_MODEL" = 4 ] ; then
295 if [ "$RPI_MODEL" != 4 ] ; then
307 296 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcm2709_defconfig}
297 else
298 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcm2711_defconfig}
299 fi
300
301 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-armhf"
308 302 RELEASE_ARCH=${RELEASE_ARCH:=armhf}
309 303 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel7.img}
310 304 CROSS_COMPILE=${CROSS_COMPILE:=arm-linux-gnueabihf-}
311 305 fi
312 306 fi
313 307 # SET_ARCH not set
314 308 else
315 309 echo "error: Please set '32' or '64' as value for SET_ARCH"
316 310 exit 1
317 311 fi
318 312 # Device specific configuration and U-Boot configuration
319 313 case "$RPI_MODEL" in
320 314 0)
321 315 DTB_FILE=${DTB_FILE:=bcm2708-rpi-0-w.dtb}
322 316 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_defconfig}
323 317 ;;
324 318 1)
325 319 DTB_FILE=${DTB_FILE:=bcm2708-rpi-b.dtb}
326 320 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_defconfig}
327 321 ;;
328 322 1P)
329 323 DTB_FILE=${DTB_FILE:=bcm2708-rpi-b-plus.dtb}
330 324 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_defconfig}
331 325 ;;
332 326 2)
333 327 DTB_FILE=${DTB_FILE:=bcm2709-rpi-2-b.dtb}
334 328 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_2_defconfig}
335 329 ;;
336 330 3)
337 331 DTB_FILE=${DTB_FILE:=bcm2710-rpi-3-b.dtb}
338 332 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_3_defconfig}
339 333 ;;
340 334 3P)
341 335 DTB_FILE=${DTB_FILE:=bcm2710-rpi-3-b.dtb}
342 336 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_3_defconfig}
343 337 ;;
338 4)
339 DTB_FILE=${DTB_FILE:=bcm2711-rpi-4-b.dtb}
340 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_4_defconfig}
341 ;;
344 342 *)
345 343 echo "error: Raspberry Pi model $RPI_MODEL is not supported!"
346 344 exit 1
347 345 ;;
348 346 esac
349 347
350 348 # Raspberry PI 0,3,3P with Bluetooth and Wifi onboard
351 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then
349 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] || [ "$RPI_MODEL" = 4 ] ; then
352 350 # Include bluetooth packages on supported boards
353 351 if [ "$ENABLE_BLUETOOTH" = true ] ; then
354 352 APT_INCLUDES="${APT_INCLUDES},bluetooth,bluez"
355 353 fi
356 354 if [ "$ENABLE_WIRELESS" = true ] ; then
357 APT_INCLUDES="${APT_INCLUDES},wireless-tools,crda,wireless-regdb,firmware-brcm80211"
355 APT_INCLUDES="${APT_INCLUDES},wireless-tools,crda,wireless-regdb"
358 356 fi
359 357 else # Raspberry PI 1,1P,2 without Wifi and bluetooth onboard
360 358 # Check if the internal wireless interface is not supported by the RPi model
361 359 if [ "$ENABLE_WIRELESS" = true ] || [ "$ENABLE_BLUETOOTH" = true ]; then
362 360 echo "error: The selected Raspberry Pi model has no integrated interface for wireless or bluetooth"
363 361 exit 1
364 362 fi
365 363 fi
366 364
367 365 if [ "$BUILD_KERNEL" = false ] && [ "$ENABLE_NEXMON" = true ]; then
368 366 echo "error: You have to compile kernel sources, if you want to enable nexmon"
369 367 exit 1
370 368 fi
371 369
372 370 # Prepare date string for default image file name
373 371 DATE="$(date +%Y-%m-%d)"
374 372 if [ -z "$KERNEL_BRANCH" ] ; then
375 373 IMAGE_NAME=${IMAGE_NAME:=${BASEDIR}/${DATE}-${KERNEL_ARCH}-CURRENT-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}}
376 374 else
377 375 IMAGE_NAME=${IMAGE_NAME:=${BASEDIR}/${DATE}-${KERNEL_ARCH}-${KERNEL_BRANCH}-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}}
378 376 fi
379 377
380 378 # Check if DISABLE_UNDERVOLT_WARNINGS parameter value is supported
381 379 if [ -n "$DISABLE_UNDERVOLT_WARNINGS" ] ; then
382 380 if [ "$DISABLE_UNDERVOLT_WARNINGS" != 1 ] && [ "$DISABLE_UNDERVOLT_WARNINGS" != 2 ] ; then
383 381 echo "error: DISABLE_UNDERVOLT_WARNINGS=${DISABLE_UNDERVOLT_WARNINGS} is not supported"
384 382 exit 1
385 383 fi
386 384 fi
387 385
388 386 set +x
389 387
390 388 # Add cmake to compile videocore sources
391 389 if [ "$ENABLE_KEYGEN" = true ] ; then
392 390 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} perl"
393 391 fi
394 392
395 393 # Add cmake to compile videocore sources
396 394 if [ "$ENABLE_VIDEOCORE" = true ] ; then
397 395 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} cmake"
398 396 fi
399 397
400 398 # Add deps for nexmon
401 399 if [ "$ENABLE_NEXMON" = true ] ; then
402 400 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} libgmp3-dev gawk qpdf bison flex make autoconf automake build-essential libtool"
403 401 fi
404 402
405 403 # Add libncurses5 to enable kernel menuconfig
406 404 if [ "$KERNEL_MENUCONFIG" = true ] ; then
407 405 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} libncurses-dev"
408 406 fi
409 407
410 408 # Add ccache compiler cache for (faster) kernel cross (re)compilation
411 409 if [ "$KERNEL_CCACHE" = true ] ; then
412 410 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} ccache"
413 411 fi
414 412
415 413 # Add cryptsetup package to enable filesystem encryption
416 414 if [ "$ENABLE_CRYPTFS" = true ] && [ "$BUILD_KERNEL" = true ] ; then
417 415 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} cryptsetup"
418 416 APT_INCLUDES="${APT_INCLUDES},cryptsetup,busybox,console-setup"
419 417
420 418 # If cryptfs,dropbear and initramfs are enabled include dropbear-initramfs package
421 419 if [ "$CRYPTFS_DROPBEAR" = true ] && [ "$ENABLE_INITRAMFS" = true ]; then
422 420 APT_INCLUDES="${APT_INCLUDES},dropbear-initramfs"
423 421 fi
424 422
425 423 if [ -z "$CRYPTFS_PASSWORD" ] ; then
426 424 echo "error: no password defined (CRYPTFS_PASSWORD)!"
427 425 exit 1
428 426 fi
429 427 ENABLE_INITRAMFS=true
430 428 fi
431 429
432 430 # Add initramfs generation tools
433 431 if [ "$ENABLE_INITRAMFS" = true ] && [ "$BUILD_KERNEL" = true ] ; then
434 432 APT_INCLUDES="${APT_INCLUDES},initramfs-tools"
435 433 fi
436 434
437 435 # Add device-tree-compiler required for building the U-Boot bootloader
438 436 if [ "$ENABLE_UBOOT" = true ] ; then
439 437 APT_INCLUDES="${APT_INCLUDES},device-tree-compiler,bison,flex,bc"
440 438 fi
441 439
442 440 if [ "$ENABLE_USBBOOT" = true ] ; then
443 441 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 1P ] || [ "$RPI_MODEL" = 1 ] || [ "$RPI_MODEL" = 2 ]; then
444 442 echo "error: Booting from USB alone is only supported by Raspberry Pi 3 and 3P"
445 443 exit 1
446 444 fi
447 445 fi
448 446
449 447 # Check if root SSH (v2) public key file exists
450 448 if [ -n "$SSH_ROOT_PUB_KEY" ] ; then
451 449 if [ ! -f "$SSH_ROOT_PUB_KEY" ] ; then
452 450 echo "error: '$SSH_ROOT_PUB_KEY' specified SSH public key file not found (SSH_ROOT_PUB_KEY)!"
453 451 exit 1
454 452 fi
455 453 fi
456 454
457 455 # Check if $USER_NAME SSH (v2) public key file exists
458 456 if [ -n "$SSH_USER_PUB_KEY" ] ; then
459 457 if [ ! -f "$SSH_USER_PUB_KEY" ] ; then
460 458 echo "error: '$SSH_USER_PUB_KEY' specified SSH public key file not found (SSH_USER_PUB_KEY)!"
461 459 exit 1
462 460 fi
463 461 fi
464 462
465 463 if [ "$ENABLE_NEXMON" = true ] && [ -n "$KERNEL_BRANCH" ] ; then
466 464 echo "error: Please unset KERNEL_BRANCH if using ENABLE_NEXMON"
467 465 exit 1
468 466 fi
469 467
470 468 # Check if all required packages are installed on the build system
471 469 for package in $REQUIRED_PACKAGES ; do
472 470 if [ "$(dpkg-query -W -f='${Status}' "$package")" != "install ok installed" ] ; then
473 471 MISSING_PACKAGES="${MISSING_PACKAGES} $package"
474 472 fi
475 473 done
476 474
477 475 # If there are missing packages ask confirmation for install, or exit
478 476 if [ -n "$MISSING_PACKAGES" ] ; then
479 477 echo "the following packages needed by this script are not installed:"
480 478 echo "$MISSING_PACKAGES"
481 479
482 480 printf "\ndo you want to install the missing packages right now? [y/n] "
483 481 read -r confirm
484 482 [ "$confirm" != "y" ] && exit 1
485 483
486 484 # Make sure all missing required packages are installed
487 485 apt-get -qq -y install `echo "${MISSING_PACKAGES}" | sed "s/ //"`
488 486 fi
489 487
490 488 # Check if ./bootstrap.d directory exists
491 489 if [ ! -d "./bootstrap.d/" ] ; then
492 490 echo "error: './bootstrap.d' required directory not found!"
493 491 exit 1
494 492 fi
495 493
496 494 # Check if ./files directory exists
497 495 if [ ! -d "./files/" ] ; then
498 496 echo "error: './files' required directory not found!"
499 497 exit 1
500 498 fi
501 499
502 500 # Check if specified KERNELSRC_DIR directory exists
503 501 if [ -n "$KERNELSRC_DIR" ] && [ ! -d "$KERNELSRC_DIR" ] ; then
504 502 echo "error: '${KERNELSRC_DIR}' specified directory not found (KERNELSRC_DIR)!"
505 503 exit 1
506 504 fi
507 505
508 506 # Check if specified UBOOTSRC_DIR directory exists
509 507 if [ -n "$UBOOTSRC_DIR" ] && [ ! -d "$UBOOTSRC_DIR" ] ; then
510 508 echo "error: '${UBOOTSRC_DIR}' specified directory not found (UBOOTSRC_DIR)!"
511 509 exit 1
512 510 fi
513 511
514 512 # Check if specified VIDEOCORESRC_DIR directory exists
515 513 if [ -n "$VIDEOCORESRC_DIR" ] && [ ! -d "$VIDEOCORESRC_DIR" ] ; then
516 514 echo "error: '${VIDEOCORESRC_DIR}' specified directory not found (VIDEOCORESRC_DIR)!"
517 515 exit 1
518 516 fi
519 517
520 518 # Check if specified FBTURBOSRC_DIR directory exists
521 519 if [ -n "$FBTURBOSRC_DIR" ] && [ ! -d "$FBTURBOSRC_DIR" ] ; then
522 520 echo "error: '${FBTURBOSRC_DIR}' specified directory not found (FBTURBOSRC_DIR)!"
523 521 exit 1
524 522 fi
525 523
526 524 # Check if specified NEXMONSRC_DIR directory exists
527 525 if [ -n "$NEXMONSRC_DIR" ] && [ ! -d "$NEXMONSRC_DIR" ] ; then
528 526 echo "error: '${NEXMONSRC_DIR}' specified directory not found (NEXMONSRC_DIR)!"
529 527 exit 1
530 528 fi
531 529
532 530 # Check if specified CHROOT_SCRIPTS directory exists
533 531 if [ -n "$CHROOT_SCRIPTS" ] && [ ! -d "$CHROOT_SCRIPTS" ] ; then
534 532 echo "error: ${CHROOT_SCRIPTS} specified directory not found (CHROOT_SCRIPTS)!"
535 533 exit 1
536 534 fi
537 535
538 536 # Check if specified device mapping already exists (will be used by cryptsetup)
539 537 if [ -r "/dev/mapping/${CRYPTFS_MAPPING}" ] ; then
540 538 echo "error: mapping /dev/mapping/${CRYPTFS_MAPPING} already exists, not proceeding"
541 539 exit 1
542 540 fi
543 541
544 542 # Don't clobber an old build
545 543 if [ -e "$BUILDDIR" ] ; then
546 544 echo "error: directory ${BUILDDIR} already exists, not proceeding"
547 545 exit 1
548 546 fi
549 547
550 548 # Setup chroot directory
551 549 mkdir -p "${R}"
552 550
553 551 # Check if build directory has enough of free disk space >512MB
554 552 if [ "$(df --output=avail "${BUILDDIR}" | sed "1d")" -le "524288" ] ; then
555 553 echo "error: ${BUILDDIR} not enough space left to generate the output image!"
556 554 exit 1
557 555 fi
558 556
559 557 set -x
560 558
561 559 # Call "cleanup" function on various signals and errors
562 560 trap cleanup 0 1 2 3 6
563 561
564 562 # Add required packages for the minbase installation
565 563 if [ "$ENABLE_MINBASE" = true ] ; then
566 564 APT_INCLUDES="${APT_INCLUDES},vim-tiny,netbase,net-tools,ifupdown"
567 565 fi
568 566
569 567 # Add parted package, required to get partprobe utility
570 568 if [ "$EXPANDROOT" = true ] ; then
571 569 APT_INCLUDES="${APT_INCLUDES},parted"
572 570 fi
573 571
572 # Add dphys-swapfile package, required to enable swap
573 if [ "$ENABLE_DPHYSSWAP" = true ] ; then
574 APT_INCLUDES="${APT_INCLUDES},dphys-swapfile"
575 fi
576
574 577 # Add dbus package, recommended if using systemd
575 578 if [ "$ENABLE_DBUS" = true ] ; then
576 579 APT_INCLUDES="${APT_INCLUDES},dbus"
577 580 fi
578 581
579 582 # Add iptables IPv4/IPv6 package
580 583 if [ "$ENABLE_IPTABLES" = true ] ; then
581 584 APT_INCLUDES="${APT_INCLUDES},iptables,iptables-persistent"
582 585 fi
583 586 # Add apparmor for KERNEL_SECURITY
584 587 if [ "$KERNEL_SECURITY" = true ] ; then
585 588 APT_INCLUDES="${APT_INCLUDES},apparmor,apparmor-utils,apparmor-profiles,apparmor-profiles-extra,libapparmor-perl"
586 589 fi
587 590
588 591 # Add openssh server package
589 592 if [ "$ENABLE_SSHD" = true ] ; then
590 593 APT_INCLUDES="${APT_INCLUDES},openssh-server"
591 594 fi
592 595
593 596 # Add alsa-utils package
594 597 if [ "$ENABLE_SOUND" = true ] ; then
595 598 APT_INCLUDES="${APT_INCLUDES},alsa-utils"
596 599 fi
597 600
598 601 # Add rng-tools package
599 602 if [ "$ENABLE_HWRANDOM" = true ] ; then
600 603 APT_INCLUDES="${APT_INCLUDES},rng-tools"
601 604 fi
602 605
603 606 # Add fbturbo video driver
604 607 if [ "$ENABLE_FBTURBO" = true ] ; then
605 608 # Enable xorg package dependencies
606 609 ENABLE_XORG=true
607 610 fi
608 611
609 612 # Add user defined window manager package
610 613 if [ -n "$ENABLE_WM" ] ; then
611 614 APT_INCLUDES="${APT_INCLUDES},${ENABLE_WM}"
612 615
613 616 # Enable xorg package dependencies
614 617 ENABLE_XORG=true
615 618 fi
616 619
617 620 # Add xorg package
618 621 if [ "$ENABLE_XORG" = true ] ; then
619 622 APT_INCLUDES="${APT_INCLUDES},xorg,dbus-x11"
620 623 fi
621 624
622 625 # Replace selected packages with smaller clones
623 626 if [ "$ENABLE_REDUCE" = true ] ; then
624 627 # Add levee package instead of vim-tiny
625 628 if [ "$REDUCE_VIM" = true ] ; then
626 629 APT_INCLUDES="$(echo ${APT_INCLUDES} | sed "s/vim-tiny/levee/")"
627 630 fi
628 631
629 632 # Add dropbear package instead of openssh-server
630 633 if [ "$REDUCE_SSHD" = true ] ; then
631 634 APT_INCLUDES="$(echo "${APT_INCLUDES}" | sed "s/openssh-server/dropbear/")"
632 635 fi
633 636 fi
634 637
635 638 # Configure systemd-sysv exclude to make halt/reboot/shutdown scripts available
636 639 if [ "$ENABLE_SYSVINIT" = false ] ; then
637 640 APT_EXCLUDES="--exclude=${APT_EXCLUDES},init,systemd-sysv"
638 641 fi
639 642
640 643 # Configure kernel sources if no KERNELSRC_DIR
641 644 if [ "$BUILD_KERNEL" = true ] && [ -z "$KERNELSRC_DIR" ] ; then
642 645 KERNELSRC_CONFIG=true
643 646 fi
644 647
645 648 # Configure reduced kernel
646 649 if [ "$KERNEL_REDUCE" = true ] ; then
647 650 KERNELSRC_CONFIG=false
648 651 fi
649 652
650 653 # Configure qemu compatible kernel
651 654 if [ "$ENABLE_QEMU" = true ] ; then
652 655 DTB_FILE=vexpress-v2p-ca15_a7.dtb
653 656 UBOOT_CONFIG=vexpress_ca15_tc2_defconfig
654 657 KERNEL_DEFCONFIG="vexpress_defconfig"
655 658 if [ "$KERNEL_MENUCONFIG" = false ] ; then
656 659 KERNEL_OLDDEFCONFIG=true
657 660 fi
658 661 fi
659 662
660 663 # Execute bootstrap scripts
661 664 for SCRIPT in bootstrap.d/*.sh; do
662 665 head -n 3 "$SCRIPT"
663 666 . "$SCRIPT"
664 667 done
665 668
666 669 ## Execute custom bootstrap scripts
667 670 if [ -d "custom.d" ] ; then
668 671 for SCRIPT in custom.d/*.sh; do
669 672 . "$SCRIPT"
670 673 done
671 674 fi
672 675
673 676 # Execute custom scripts inside the chroot
674 677 if [ -n "$CHROOT_SCRIPTS" ] && [ -d "$CHROOT_SCRIPTS" ] ; then
675 678 cp -r "${CHROOT_SCRIPTS}" "${R}/chroot_scripts"
676 679 chroot_exec /bin/bash -x <<'EOF'
677 680 for SCRIPT in /chroot_scripts/* ; do
678 681 if [ -f $SCRIPT -a -x $SCRIPT ] ; then
679 682 $SCRIPT
680 683 fi
681 684 done
682 685 EOF
683 686 rm -rf "${R}/chroot_scripts"
684 687 fi
685 688
686 689 # Remove c/c++ build environment from the chroot
687 690 chroot_remove_cc
688 691
689 692 # Generate required machine-id
690 693 MACHINE_ID=$(dbus-uuidgen)
691 694 echo -n "${MACHINE_ID}" > "${R}/var/lib/dbus/machine-id"
692 695 echo -n "${MACHINE_ID}" > "${ETC_DIR}/machine-id"
693 696
694 697 # APT Cleanup
695 698 chroot_exec apt-get -y clean
696 699 chroot_exec apt-get -y autoclean
697 700 chroot_exec apt-get -y autoremove
698 701
699 702 # Unmount mounted filesystems
700 703 umount -l "${R}/proc"
701 704 umount -l "${R}/sys"
702 705
703 706 # Clean up directories
704 707 rm -rf "${R}/run/*"
705 708 rm -rf "${R}/tmp/*"
706 709
707 710 # Clean up APT proxy settings
708 711 if [ "$KEEP_APT_PROXY" = false ] ; then
709 712 rm -f "${ETC_DIR}/apt/apt.conf.d/10proxy"
710 713 fi
711 714
712 715 # Clean up files
713 716 rm -f "${ETC_DIR}/ssh/ssh_host_*"
714 717 rm -f "${ETC_DIR}/dropbear/dropbear_*"
715 718 rm -f "${ETC_DIR}/apt/sources.list.save"
716 719 rm -f "${ETC_DIR}/resolvconf/resolv.conf.d/original"
717 720 rm -f "${ETC_DIR}/*-"
718 721 rm -f "${ETC_DIR}/resolv.conf"
719 722 rm -f "${R}/root/.bash_history"
720 723 rm -f "${R}/var/lib/urandom/random-seed"
721 724 rm -f "${R}/initrd.img"
722 725 rm -f "${R}/vmlinuz"
723 726 rm -f "${R}${QEMU_BINARY}"
724 727
725 728 if [ "$ENABLE_QEMU" = true ] ; then
726 729 # Setup QEMU directory
727 730 mkdir "${BASEDIR}/qemu"
728 731
729 732 # Copy kernel image to QEMU directory
730 733 install_readonly "${BOOT_DIR}/${KERNEL_IMAGE}" "${BASEDIR}/qemu/${KERNEL_IMAGE}"
731 734
732 735 # Copy kernel config to QEMU directory
733 736 install_readonly "${R}/boot/config-${KERNEL_VERSION}" "${BASEDIR}/qemu/config-${KERNEL_VERSION}"
734 737
735 738 # Copy kernel dtbs to QEMU directory
736 739 for dtb in "${BOOT_DIR}/"*.dtb ; do
737 740 if [ -f "${dtb}" ] ; then
738 741 install_readonly "${dtb}" "${BASEDIR}/qemu/"
739 742 fi
740 743 done
741 744
742 745 # Copy kernel overlays to QEMU directory
743 746 if [ -d "${BOOT_DIR}/overlays" ] ; then
744 747 # Setup overlays dtbs directory
745 748 mkdir "${BASEDIR}/qemu/overlays"
746 749
747 750 for dtb in "${BOOT_DIR}/overlays/"*.dtbo ; do
748 751 if [ -f "${dtb}" ] ; then
749 752 install_readonly "${dtb}" "${BASEDIR}/qemu/overlays/"
750 753 fi
751 754 done
752 755 fi
753 756
754 757 # Copy u-boot files to QEMU directory
755 758 if [ "$ENABLE_UBOOT" = true ] ; then
756 759 if [ -f "${BOOT_DIR}/u-boot.bin" ] ; then
757 760 install_readonly "${BOOT_DIR}/u-boot.bin" "${BASEDIR}/qemu/u-boot.bin"
758 761 fi
759 762 if [ -f "${BOOT_DIR}/uboot.mkimage" ] ; then
760 763 install_readonly "${BOOT_DIR}/uboot.mkimage" "${BASEDIR}/qemu/uboot.mkimage"
761 764 fi
762 765 if [ -f "${BOOT_DIR}/boot.scr" ] ; then
763 766 install_readonly "${BOOT_DIR}/boot.scr" "${BASEDIR}/qemu/boot.scr"
764 767 fi
765 768 fi
766 769
767 770 # Copy initramfs to QEMU directory
768 771 if [ -f "${BOOT_DIR}/initramfs-${KERNEL_VERSION}" ] ; then
769 772 install_readonly "${BOOT_DIR}/initramfs-${KERNEL_VERSION}" "${BASEDIR}/qemu/initramfs-${KERNEL_VERSION}"
770 773 fi
771 774 fi
772 775
773 776 # Calculate size of the chroot directory in KB
774 777 CHROOT_SIZE=$(expr "$(du -s "${R}" | awk '{ print $1 }')")
775 778
776 779 # Calculate the amount of needed 512 Byte sectors
777 780 TABLE_SECTORS=$(expr 1 \* 1024 \* 1024 \/ 512)
778 781 FRMW_SECTORS=$(expr 64 \* 1024 \* 1024 \/ 512)
779 782 ROOT_OFFSET=$(expr "${TABLE_SECTORS}" + "${FRMW_SECTORS}")
780 783
781 784 # The root partition is EXT4
782 785 # This means more space than the actual used space of the chroot is used.
783 786 # As overhead for journaling and reserved blocks 35% are added.
784 787 ROOT_SECTORS=$(expr "$(expr "${CHROOT_SIZE}" + "${CHROOT_SIZE}" \/ 100 \* 35)" \* 1024 \/ 512)
785 788
786 789 # Calculate required image size in 512 Byte sectors
787 790 IMAGE_SECTORS=$(expr "${TABLE_SECTORS}" + "${FRMW_SECTORS}" + "${ROOT_SECTORS}")
788 791
789 792 # Prepare image file
790 793 if [ "$ENABLE_SPLITFS" = true ] ; then
791 794 dd if=/dev/zero of="$IMAGE_NAME-frmw.img" bs=512 count="${TABLE_SECTORS}"
792 795 dd if=/dev/zero of="$IMAGE_NAME-frmw.img" bs=512 count=0 seek="${FRMW_SECTORS}"
793 796 dd if=/dev/zero of="$IMAGE_NAME-root.img" bs=512 count="${TABLE_SECTORS}"
794 797 dd if=/dev/zero of="$IMAGE_NAME-root.img" bs=512 count=0 seek="${ROOT_SECTORS}"
795 798
796 799 # Write firmware/boot partition tables
797 800 sfdisk -q -L -uS -f "$IMAGE_NAME-frmw.img" 2> /dev/null <<EOM
798 801 ${TABLE_SECTORS},${FRMW_SECTORS},c,*
799 802 EOM
800 803
801 804 # Write root partition table
802 805 sfdisk -q -L -uS -f "$IMAGE_NAME-root.img" 2> /dev/null <<EOM
803 806 ${TABLE_SECTORS},${ROOT_SECTORS},83
804 807 EOM
805 808
806 809 # Setup temporary loop devices
807 810 FRMW_LOOP="$(losetup -o 1M --sizelimit 64M -f --show "$IMAGE_NAME"-frmw.img)"
808 811 ROOT_LOOP="$(losetup -o 1M -f --show "$IMAGE_NAME"-root.img)"
809 812 else # ENABLE_SPLITFS=false
810 813 dd if=/dev/zero of="$IMAGE_NAME.img" bs=512 count="${TABLE_SECTORS}"
811 814 dd if=/dev/zero of="$IMAGE_NAME.img" bs=512 count=0 seek="${IMAGE_SECTORS}"
812 815
813 816 # Write partition table
814 817 sfdisk -q -L -uS -f "$IMAGE_NAME.img" 2> /dev/null <<EOM
815 818 ${TABLE_SECTORS},${FRMW_SECTORS},c,*
816 819 ${ROOT_OFFSET},${ROOT_SECTORS},83
817 820 EOM
818 821
819 822 # Setup temporary loop devices
820 823 FRMW_LOOP="$(losetup -o 1M --sizelimit 64M -f --show "$IMAGE_NAME".img)"
821 824 ROOT_LOOP="$(losetup -o 65M -f --show "$IMAGE_NAME".img)"
822 825 fi
823 826
824 827 if [ "$ENABLE_CRYPTFS" = true ] ; then
825 828 # Create dummy ext4 fs
826 829 #mkfs.ext4 "$ROOT_LOOP"
827 830
828 831 # Setup password keyfile
829 832 touch .password
830 833 chmod 600 .password
831 834 echo -n ${CRYPTFS_PASSWORD} > .password
832 835
833 836 # Initialize encrypted partition
834 837 echo "YES" | cryptsetup luksFormat "${ROOT_LOOP}" -c "${CRYPTFS_CIPHER}" -s "${CRYPTFS_XTSKEYSIZE}" .password
835 838
836 839 # Open encrypted partition and setup mapping
837 840 cryptsetup luksOpen "${ROOT_LOOP}" -d .password "${CRYPTFS_MAPPING}"
838 841
839 842 # Secure delete password keyfile
840 843 shred -zu .password
841 844
842 845 # Update temporary loop device
843 846 ROOT_LOOP="/dev/mapper/${CRYPTFS_MAPPING}"
844 847
845 848 # Wipe encrypted partition (encryption cipher is used for randomness)
846 849 dd if=/dev/zero of="${ROOT_LOOP}" bs=512 count="$(blockdev --getsz "${ROOT_LOOP}")"
847 850 fi
848 851
849 852 # Build filesystems
850 853 mkfs.vfat "$FRMW_LOOP"
851 854 mkfs.ext4 "$ROOT_LOOP"
852 855
853 856 # Mount the temporary loop devices
854 857 mkdir -p "$BUILDDIR/mount"
855 858 mount "$ROOT_LOOP" "$BUILDDIR/mount"
856 859
857 860 mkdir -p "$BUILDDIR/mount/boot/firmware"
858 861 mount "$FRMW_LOOP" "$BUILDDIR/mount/boot/firmware"
859 862
860 863 # Copy all files from the chroot to the loop device mount point directory
861 864 rsync -a "${R}/" "$BUILDDIR/mount/"
862 865
863 866 # Unmount all temporary loop devices and mount points
864 867 cleanup
865 868
866 869 # Create block map file(s) of image(s)
867 870 if [ "$ENABLE_SPLITFS" = true ] ; then
868 871 # Create block map files for "bmaptool"
869 872 bmaptool create -o "$IMAGE_NAME-frmw.bmap" "$IMAGE_NAME-frmw.img"
870 873 bmaptool create -o "$IMAGE_NAME-root.bmap" "$IMAGE_NAME-root.img"
871 874
872 875 # Image was successfully created
873 876 echo "$IMAGE_NAME-frmw.img ($(expr \( "${TABLE_SECTORS}" + "${FRMW_SECTORS}" \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
874 877 echo "$IMAGE_NAME-root.img ($(expr \( "${TABLE_SECTORS}" + "${ROOT_SECTORS}" \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
875 878 else
876 879 # Create block map file for "bmaptool"
877 880 bmaptool create -o "$IMAGE_NAME.bmap" "$IMAGE_NAME.img"
878 881
879 882 # Image was successfully created
880 883 echo "$IMAGE_NAME.img ($(expr \( "${TABLE_SECTORS}" + "${FRMW_SECTORS}" + "${ROOT_SECTORS}" \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
881 884
882 885 # Create qemu qcow2 image
883 886 if [ "$ENABLE_QEMU" = true ] ; then
884 887 QEMU_IMAGE=${QEMU_IMAGE:=${BASEDIR}/qemu/${DATE}-${KERNEL_ARCH}-CURRENT-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}}
885 888 QEMU_SIZE=16G
886 889
887 890 qemu-img convert -f raw -O qcow2 "$IMAGE_NAME".img "$QEMU_IMAGE".qcow2
888 891 qemu-img resize "$QEMU_IMAGE".qcow2 $QEMU_SIZE
889 892
890 893 echo "$QEMU_IMAGE.qcow2 ($QEMU_SIZE)" ": successfully created"
891 894 fi
892 895 fi
1 NO CONTENT: modified file
1 NO CONTENT: modified file
1 NO CONTENT: file was removed
1 NO CONTENT: file was removed
General Comments 0
Vous devez vous connecter pour laisser un commentaire. Se connecter maintenant