Raspi2-3_GenImage Commit - r580:74c2ebe5476a · Collaboration Tremplin des Sciences

Merge branch 'master' of git://github.com/drtyhlpr/rpi23-gen-image into drtyhlpr-master

vidal -

r580:74c2ebe5476a

parent child

Context file:

r580:74c2ebe5476a

bootstrap.d/43-videocore.sh created 644 +53 0

@@ -0,0 +1,53
	1	#
	2	# Setup videocore - Raspberry Userland
	3	#
	4
	5	# Load utility functions
	6	. ./functions.sh
	7
	8	if [ "$ENABLE_VIDEOCORE" = true ] ; then
	9	# Copy existing videocore sources into chroot directory
	10	if [ -n "$VIDEOCORESRC_DIR" ] && [ -d "$VIDEOCORESRC_DIR" ] ; then
	11	# Copy local videocore sources
	12	cp -r "${VIDEOCORESRC_DIR}" "${R}/tmp/userland"
	13	else
	14	# Create temporary directory for videocore sources
	15	temp_dir=$(as_nobody mktemp -d)
	16
	17	# Fetch videocore sources
	18	as_nobody git -C "${temp_dir}" clone "${VIDEOCORE_URL}"
	19
	20	# Copy downloaded videocore sources
	21	mv "${temp_dir}/userland" "${R}/tmp/"
	22
	23	# Set permissions of the U-Boot sources
	24	chown -R root:root "${R}/tmp/userland"
	25
	26	# Remove temporary directory for U-Boot sources
	27	rm -fr "${temp_dir}"
	28	fi
	29
	30	# Create build dir
	31	mkdir "${R}"/tmp/userland/build
	32
	33	# push us to build directory
	34	cd "${R}"/tmp/userland/build
	35
	36	if [ "$RELEASE_ARCH" = "arm64" ] ; then
	37	cmake -DCMAKE_SYSTEM_NAME=Linux -DCMAKE_BUILD_TYPE=release -DARM64=ON -DCMAKE_C_COMPILER=aarch64-linux-gnu-gcc -DCMAKE_CXX_COMPILER=aarch64-linux-gnu-g++ -DCMAKE_ASM_COMPILER=aarch64-linux-gnu-gcc -DCMAKE_C_FLAGS="${CMAKE_C_FLAGS} -U_FORTIFY_SOURCE" -DCMAKE_ASM_FLAGS="${CMAKE_ASM_FLAGS} -c" -DVIDEOCORE_BUILD_DIR="${R}" "${R}/tmp/userland"
	38	fi
	39
	40	if [ "$RELEASE_ARCH" = "armel" ] ; then
	41	cmake -DCMAKE_SYSTEM_NAME=Linux -DCMAKE_BUILD_TYPE=release -DCMAKE_C_COMPILER=arm-linux-gnueabi-gcc -DCMAKE_CXX_COMPILER=arm-linux-gnueabi-g++ -DCMAKE_ASM_COMPILER=arm-linux-gnueabi-gcc -DCMAKE_C_FLAGS="${CMAKE_C_FLAGS} -U_FORTIFY_SOURCE" -DCMAKE_ASM_FLAGS="${CMAKE_ASM_FLAGS} -c" -DCMAKE_SYSTEM_PROCESSOR="arm" -DVIDEOCORE_BUILD_DIR="${R}" "${R}/tmp/userland"
	42	fi
	43
	44	if [ "$RELEASE_ARCH" = "armhf" ] ; then
	45	cmake -DCMAKE_SYSTEM_NAME=Linux -DCMAKE_BUILD_TYPE=release -DCMAKE_TOOLCHAIN_FILE="${R}"/tmp/userland/makefiles/cmake/toolchains/arm-linux-gnueabihf.cmake -DVIDEOCORE_BUILD_DIR="${R}" "${R}/tmp/userland"
	46	fi
	47
	48	#build userland
	49	make -j "$(nproc)"
	50
	51	#back to root of scriptdir
	52	cd "${WORKDIR}"
	53	fi

files/etc/99-com.rules created 644 +33 0

@@ -0,0 +1,33
	1	SUBSYSTEM=="input", GROUP="input", MODE="0660"
	2	SUBSYSTEM=="i2c-dev", GROUP="i2c", MODE="0660"
	3	SUBSYSTEM=="spidev", GROUP="spi", MODE="0660"
	4	SUBSYSTEM=="bcm2835-gpiomem", GROUP="gpio", MODE="0660"
	5
	6	SUBSYSTEM=="gpio", GROUP="gpio", MODE="0660"
	7	SUBSYSTEM=="gpio*", PROGRAM="/bin/sh -c '\
	8	chown -R root:gpio /sys/class/gpio && chmod -R 770 /sys/class/gpio;\
	9	chown -R root:gpio /sys/devices/virtual/gpio && chmod -R 770 /sys/devices/virtual/gpio;\
	10	chown -R root:gpio /sys$devpath && chmod -R 770 /sys$devpath\
	11	'"
	12
	13	KERNEL=="ttyAMA[01]", PROGRAM="/bin/sh -c '\
	14	ALIASES=/proc/device-tree/aliases; \
	15	if cmp -s $ALIASES/uart0 $ALIASES/serial0; then \
	16	echo 0;\
	17	elif cmp -s $ALIASES/uart0 $ALIASES/serial1; then \
	18	echo 1; \
	19	else \
	20	exit 1; \
	21	fi\
	22	'", SYMLINK+="serial%c"
	23
	24	KERNEL=="ttyS0", PROGRAM="/bin/sh -c '\
	25	ALIASES=/proc/device-tree/aliases; \
	26	if cmp -s $ALIASES/uart1 $ALIASES/serial0; then \
	27	echo 0; \
	28	elif cmp -s $ALIASES/uart1 $ALIASES/serial1; then \
	29	echo 1; \
	30	else \
	31	exit 1; \
	32	fi \
	33	'", SYMLINK+="serial%c"

files/iptables/nftables.rules created 644 +21 0

@@ -0,0 +1,21
	1	add table ip filter
	2	add chain ip filter INPUT { type filter hook input priority 0; }
	3	add chain ip filter FORWARD { type filter hook forward priority 0; }
	4	add chain ip filter OUTPUT { type filter hook output priority 0; }
	5	add chain ip filter TCP
	6	add chain ip filter UDP
	7	add chain ip filter SSH
	8	add rule ip filter INPUT icmp type echo-request limit rate 30/minute burst 8 packets counter accept
	9	add rule ip filter INPUT icmp type echo-request counter drop
	10	add rule ip filter INPUT ct state related,established counter accept
	11	add rule ip filter INPUT iifname lo counter accept
	12	add rule ip filter INPUT ct state invalid counter drop
	13	add rule ip filter INPUT tcp dport 22 ct state new counter jump SSH
	14	# -t filter -A SSH -m recent --name sshbf --rttl --rcheck --hitcount 3 --seconds 10 -j DROP
	15	# -t filter -A SSH -m recent --name sshbf --rttl --rcheck --hitcount 20 --seconds 1800 -j DROP
	16	# -t filter -A SSH -m recent --name sshbf --set -j ACCEPT
	17	add rule ip filter INPUT ip protocol udp ct state new counter jump UDP
	18	add rule ip filter INPUT tcp flags & fin\|syn\|rst\|ack == syn ct state new counter jump TCP
	19	add rule ip filter INPUT ip protocol udp counter reject
	20	add rule ip filter INPUT ip protocol tcp counter reject with tcp reset
	21	add rule ip filter INPUT counter reject with icmp type prot-unreachable

files/iptables/nftables6.rules created 644 +24 0

@@ -0,0 +1,24
	1	add table ip6 filter
	2	add chain ip6 filter INPUT { type filter hook input priority 0; }
	3	add chain ip6 filter FORWARD { type filter hook forward priority 0; }
	4	add chain ip6 filter OUTPUT { type filter hook output priority 0; }
	5	add chain ip6 filter TCP
	6	add chain ip6 filter UDP
	7	add chain ip6 filter SSH
	8	add rule ip6 filter INPUT rt type 0 counter drop
	9	add rule ip6 filter OUTPUT rt type 0 counter drop
	10	add rule ip6 filter FORWARD rt type 0 counter drop
	11	add rule ip6 filter INPUT meta l4proto ipv6-icmp icmpv6 type echo-request limit rate 30/minute burst 8 packets counter accept
	12	add rule ip6 filter INPUT meta l4proto ipv6-icmp icmpv6 type echo-request counter drop
	13	add rule ip6 filter INPUT ct state related,established counter accept
	14	add rule ip6 filter INPUT iifname lo counter accept
	15	add rule ip6 filter INPUT ct state invalid counter drop
	16	add rule ip6 filter INPUT tcp dport 22 ct state new counter jump SSH
	17	# -t filter -A SSH -m recent --name sshbf --rttl --rcheck --hitcount 3 --seconds 10 -j DROP
	18	# -t filter -A SSH -m recent --name sshbf --rttl --rcheck --hitcount 20 --seconds 1800 -j DROP
	19	# -t filter -A SSH -m recent --name sshbf --set -j ACCEPT
	20	add rule ip6 filter INPUT meta l4proto udp ct state new counter jump UDP
	21	add rule ip6 filter INPUT tcp flags & fin\|syn\|rst\|ack == syn ct state new counter jump TCP
	22	add rule ip6 filter INPUT meta l4proto udp counter reject with icmpv6 type admin-prohibited
	23	add rule ip6 filter INPUT meta l4proto tcp counter reject with icmpv6 type admin-prohibited
	24	add rule ip6 filter INPUT counter reject with icmpv6 type admin-prohibited

files/sysctl.d/83-rpi-printk.conf created 644 +1 0

	@@ -0,0 +1,1
				1	kernel.printk = 3 4 1 3 No newline at end of file

templates/rpi0buster created 644 +5 0

@@ -0,0 +1,5
	1	# Configuration template file used by rpi23-gen-image.sh
	2	RPI_MODEL=0
	3	RELEASE=buster
	4	BUILD_KERNEL=true
	5	# ENABLE_BLUETOOTH=false

templates/rpi0stretch created 644 +5 0

@@ -0,0 +1,5
	1	# Configuration template file used by rpi23-gen-image.sh
	2	RPI_MODEL=0
	3	RELEASE=stretch
	4	BUILD_KERNEL=true
	5	# ENABLE_BLUETOOTH=false

templates/rpi1Pbuster created 644 +4 0

@@ -0,0 +1,4
	1	# Configuration template file used by rpi23-gen-image.sh
	2	RPI_MODEL=1P
	3	RELEASE=buster
	4	BUILD_KERNEL=true

templates/rpi1Pstretch created 644 +4 0

@@ -0,0 +1,4
	1	# Configuration template file used by rpi23-gen-image.sh
	2	RPI_MODEL=1P
	3	RELEASE=stretch
	4	BUILD_KERNEL=true

templates/rpi1stretch created 644 +4 0

@@ -0,0 +1,4
	1	# Configuration template file used by rpi23-gen-image.sh
	2	RPI_MODEL=2
	3	RELEASE=stretch
	4	BUILD_KERNEL=true

templates/rpi3Pbuster created 644 +6 0

@@ -0,0 +1,6
	1	# Configuration template file used by rpi23-gen-image.sh
	2	RPI_MODEL=3P
	3	RELEASE=buster
	4	BUILD_KERNEL=true
	5	# ENABLE_WIRELESS=false
	6	# ENABLE_BLUETOOTH=false

templates/rpi3Pstretch created 644 +6 0

@@ -0,0 +1,6
	1	# Configuration template file used by rpi23-gen-image.sh
	2	RPI_MODEL=3P
	3	RELEASE=stretch
	4	BUILD_KERNEL=true
	5	# ENABLE_WIRELESS=false
	6	# ENABLE_BLUETOOTH=false

README-CN.md +1 -1

             ## 介绍
-            `rpi23-gen-image.sh` 是一个自动生成树莓派2/3系统镜像的脚本工具, 当前支持自动生成32位 armhf 架构的Debian, 发行版本`jessie`, `stretch` 和 `buster`. 树莓派3 64位镜像需要使用特定的配置参数 (```templates/rpi3-stretch-arm64-4.11.y```).
+            `rpi23-gen-image.sh` 是一个自动生成树莓派2/3系统镜像的脚本工具, 当前支持自动生成32位 armhf 架构的Debian, 发行版本`jessie`, `stretch` 和 `buster`. 树莓派3 64位镜像需要使用特定的配置参数 (```templates/rpi3-stretch-arm64-4.14.y```).
             ## 构建环境所依赖的包
             一定要安装好下列deb包, 他们是构建过程需要的核心包. 脚本会自动检查, 如果缺少,经用户确认后会自动安装.
               ```debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git bc psmisc dbus sudo```
             推荐通过配置 `rpi23-gen-image.sh` 脚本编译安装最新的树莓派 Linux 内核, 对于树莓派3, 只能如此. 在构建系统上使用 ARM (armhf) 交叉编译工具链编译内核.
             脚本已经在Debian Liux `jessie` 和`stretch` 构建系统下使用默认的 `crossbuild-essential-armhf` 工具链进行过测试. 获取更多信息请查看 [Debian 交叉工具链 Wiki](https://wiki.debian.org/CrossToolchains) .
             如果使用Debian Linux `jessie` 构建系统, 先要添加交叉编译工具链的源 [Debian 交叉工具链仓库](http://emdebian.org/tools/debian/):
             ```
             echo "deb http://emdebian.org/tools/debian/ jessie main" > /etc/apt/sources.list.d/crosstools.list
             sudo -u nobody wget -O - http://emdebian.org/tools/debian/emdebian-toolchain-archive.key | apt-key add -
             dpkg --add-architecture armhf
             apt-get update
             ```
             ## 命令行参数
             脚本可以使用特定的命令行参数来允许或禁止操作系统的某些特性、服务和配置信息. 这些参数通过（简单）脚本变量传递给 `rpi23-gen-image.sh`. 不同于环境变量, （简单）脚本变量在调用`rpi23-gen-image.sh`的命令行前面定义.
             ##### 命令行示例:
             ```shell
             ENABLE_UBOOT=true ./rpi23-gen-image.sh
             ENABLE_CONSOLE=false ENABLE_IPV6=false ./rpi23-gen-image.sh
             ENABLE_WM=xfce4 ENABLE_FBTURBO=true ENABLE_MINBASE=true ./rpi23-gen-image.sh
             ENABLE_HARDNET=true ENABLE_IPTABLES=true /rpi23-gen-image.sh
             APT_SERVER=ftp.de.debian.org APT_PROXY="http://127.0.0.1:3142/" ./rpi23-gen-image.sh
             ENABLE_MINBASE=true ./rpi23-gen-image.sh
             BUILD_KERNEL=true ENABLE_MINBASE=true ENABLE_IPV6=false ./rpi23-gen-image.sh
             BUILD_KERNEL=true KERNELSRC_DIR=/tmp/linux ./rpi23-gen-image.sh
             ENABLE_MINBASE=true ENABLE_REDUCE=true ENABLE_MINGPU=true BUILD_KERNEL=true ./rpi23-gen-image.sh
             ENABLE_CRYPTFS=true CRYPTFS_PASSWORD=changeme EXPANDROOT=false ENABLE_MINBASE=true ENABLE_REDUCE=true ENABLE_MINGPU=true BUILD_KERNEL=true ./rpi23-gen-image.sh
             RELEASE=stretch BUILD_KERNEL=true ./rpi23-gen-image.sh
             RPI_MODEL=3 ENABLE_WIRELESS=true ENABLE_MINBASE=true BUILD_KERNEL=true ./rpi23-gen-image.sh
             RELEASE=stretch RPI_MODEL=3 ENABLE_WIRELESS=true ENABLE_MINBASE=true BUILD_KERNEL=true ./rpi23-gen-image.sh
             ```
             ## 参数模板文件
             为了避免冗长的命令行参数以及存储感兴趣的参数配置, `rpi23-gen-image.sh` 支持所谓的参数模板文件 (`CONFIG_TEMPLATE`=template). 这些文本文件位于 `./templates` 目录, 文件中含有将会使用的配置参数. 新的配置模板文件会被添加到 `./templates` 目录.
             ##### 命令行示例:
             ```shell
             CONFIG_TEMPLATE=rpi3stretch ./rpi23-gen-image.sh
             CONFIG_TEMPLATE=rpi2stretch ./rpi23-gen-image.sh
             ```
             ## 支持的参数和设置
             #### APT 设置:
             ##### `APT_SERVER`="ftp.debian.org"
             设置 Debian 仓库地址. 选择一个 [镜像站点](https://www.debian.org/mirror/list). 选一个近的镜像站点会加快镜像生成过程中所需文件的下载速度.
             ##### `APT_PROXY`=""
             设置代理服务器地址. 使用本地缓存代理, 比如 `apt-cacher-ng` 可以缩短镜像生成时间, 因为所需要的 Debian 包文件只需下载一次.
             ##### `APT_INCLUDES`=""
             生成镜像过程中最先由debootstrap程序自动安装的附加包, 逗号分隔.
             ##### `APT_INCLUDES_LATE`=""
             生成镜像过程中最初的debootstrap完成后, 需要的使用apt命令安装的附加包, 逗号分隔. 特别用在含有 pre-depend 依赖关系的包的, 其依赖关系在打包过程中debootstrap程序中无法正确处理.
             ---
             #### 通用系统设置:
             ##### `RPI_MODEL`=2
             指定树莓派型号. 当前支持树莓派 `2` 和 `3`. 设为 `3` 时 `BUILD_KERNEL` 自动设为true .
             ##### `RELEASE`="jessie"
             设置 Debian 发行版. 脚本当前支持 Debian 发行版 "jessie", "stretch" 和 "buster" 的自动生成. 设为`stretch` 或 `buster`时 `BUILD_KERNEL` 自动设为true.
             ##### `RELEASE_ARCH`="armhf"
             设置期望的 Debian 发行架构.
             ##### `HOSTNAME`="rpi$RPI_MODEL-$RELEASE"
             设置主机名称. 建议所在的子网中主机名称是唯一的.
             ##### `PASSWORD`="raspberry"
             设置系统的 `root` 用户密码.  **强烈**建议选择一个自定义密码 .
             ##### `USER_PASSWORD`="raspberry"
             设置由 `USER_NAME`=pi 参数创建的普通用户的密码.  如果 `ENABLE_USER`=false 则忽略. **强烈**建议选择一个自定义密码.
             ##### `DEFLOCAL`="en_US.UTF-8"
             设置系统默认 locale.  将来可以在运行的系统中执行 `dpkg-reconfigure locales` 命令更改此项设置. 设置这项脚本会自动安装 `locales`, `keyboard-configuration` 和 `console-setup` 三个包.
             ##### `TIMEZONE`="Europe/Berlin"
             设置系统默认时区.  可以在`/usr/share/zoneinfo/` 目录中找到全部可用时区. 将来可以在运行的系统中执行 `dpkg-reconfigure tzdata` 命令更改此项设置.
             ##### `EXPANDROOT`=true
             第一次运行时自动扩展根分区和文件系统.
             ---
             #### 键盘设置:
             这些选项用来配置键盘布局文件 `/etc/default/keyboard` 影响控制台和X窗口. 将来可以在运行的系统中执行 `dpkg-reconfigure keyboard-configuration` 命令更改此项设置.
             ##### `XKB_MODEL`=""
             设置键盘类型, 大陆常见pc104.
             ##### `XKB_LAYOUT`=""
             设置键盘布局, 大陆常见us.
             ##### `XKB_VARIANT`=""
             设置键盘布局变种.
             ##### `XKB_OPTIONS`=""
             设置其它 XKB 配置选项.
             ---
             #### 网络设置 (动态):
             设置网络为自动获取IP地址. 配置文件位于 `/etc/systemd/network/eth.network`. 在Debian `stretch`中, 默认位置更改为 `/lib/systemd/network`.
             ##### `ENABLE_DHCP`=true
             设置系统使用 DHCP 获取动态IP. 需要有一个 DHCP 服务器.
             ---
             #### 网络设置 (静态):
             设置系统为手动配置IP地址. 配置文件位于 `/etc/systemd/network/eth.network`. 在Debian `stretch` 中, 默认位置更改为 `/lib/systemd/network`.
             当 `ENABLE_DHCP`=false 时下面这些静态IP设置才起作用.
             ##### `NET_ADDRESS`=""
             设置静态 IPv4 或 IPv6, 使用CIDR "/"形式, 如 "192.169.0.3/24".
             ##### `NET_GATEWAY`=""
             设置默认网关的地址.
             ##### `NET_DNS_1`=""
             设置主域名服务器地址.
             ##### `NET_DNS_2`=""
             设置辅域名服务器地址.
             ##### `NET_DNS_DOMAINS`=""
             设置默认的域名搜索后缀, 当主机名称不是一个完整域名(FQDN)时使用.
             ##### `NET_NTP_1`=""
             设置主时间服务器地址.
             ##### `NET_NTP_2`=""
             设置辅时间服务器地址.
             ---
             #### 基本系统特性:
             ##### `ENABLE_CONSOLE`=true
             允许串行控制台接口. 没有连接显示器键盘的树莓派推荐打开, 此时如果网络无法连接至树莓派, 可以使用串行控制台连至系统.
             ##### `ENABLE_I2C`=false
             允许树莓派2/3的 I2C 接口. 请对照 [树莓派2/3 引脚示意图](https://elinux.org/RPi_Low-level_peripherals) 正确连接 GPIO 引脚.
             ##### `ENABLE_SPI`=false
             允许树莓派2/3的 SPI 接口. 请对照 [树莓派2/3 引脚示意图](https://elinux.org/RPi_Low-level_peripherals) 正确连接 GPIO 引脚.
             ##### `ENABLE_IPV6`=true
             允许 IPv6 . 通过 systemd-networkd 配置管理网络接口.
             ##### `ENABLE_SSHD`=true
             安装并且允许 OpenSSH 服务. 此服务默认禁止 `root` 用户远程登录. 使用普通用户 `pi` 远程登录然后使用 `su -` 或 `sudo` 来取得root权限.
             ##### `ENABLE_NONFREE`=false
             允许安装仓库中的 non-free 类的软件包. 需要安装闭源的固件, 二进制大对象 blob.
             ##### `ENABLE_WIRELESS`=false
             下载安装树莓派3无线接口所需要的闭源固件 二进制blob [树莓派3无线接口固件](https://github.com/RPi-Distro/firmware-nonfree/tree/master/brcm80211/brcm). 如果 `RPI_MODEL` 不是 `3` 则忽略.
             ##### `ENABLE_RSYSLOG`=true
             如果设置为 false, 禁用并卸载 rsyslog,  则只能通过日志文件查看logs.
             ##### `ENABLE_SOUND`=true
             允许声卡并且安装 ALSA.
             ##### `ENABLE_HWRANDOM`=true
             允许硬件随机数发生器. 强随机数对大多数使用加密的网络通信是非常重要的. 推荐允许此设置.
             ##### `ENABLE_MINGPU`=false
             最小化显存 (16MB, no X), 目前无法完全禁用GPU.
             ##### `ENABLE_DBUS`=true
             安装并允许 D-Bus 消息总线.  虽然 systemd 可以在没有 D-bus的情况下工作, 但是推荐允许D-Bus.
             ##### `ENABLE_XORG`=false
             是否安装 Xorg, 开源 X11 系统.
             ##### `ENABLE_WM`=""
             安装用户指定的X Window 窗口管理器. 如果设置了`ENABLE_WM`, 系统确定所有被依赖的X11相关软件包都安装好了以后`ENABLE_XORG`会自动设置为true,  `rpi23-gen-image.sh` 脚本已经通过下列窗口管理器的测试: `blackbox`, `openbox`, `fluxbox`, `jwm`, `dwm`, `xfce4`, `awesome`.
             ---
             #### 高级系统特性:
             ##### `ENABLE_MINBASE`=false
             使用 debootstrap 脚本变量 `minbase`, 只含有必不可少的核心包和apt. 体积大约 65 MB.
             ##### `ENABLE_REDUCE`=false
             卸载包、删除文件以减小体积 详情查看 `REDUCE_*` 参数.
             ##### `ENABLE_UBOOT`=false
             使用 [U-Boot 引导器](https://git.denx.de/?p=u-boot.git;a=summary) 替代树莓派2/3 默认的第二阶段引导器(bootcode.bin).  U-Boot 可以通过网络使用 BOOTP/TFTP 协议引导镜像文件.
             ##### `UBOOTSRC_DIR`=""
             存放已下载 [U-Boot 引导器源文件](https://git.denx.de/?p=u-boot.git;a=summary) 的目录(`u-boot`).
             ##### `ENABLE_FBTURBO`=false
             安装并且允许 [硬件加速的 Xorg 显卡驱动](https://github.com/ssvb/xf86-video-fbturbo) `fbturbo`. 当前仅支持窗口的移动和滚动的硬件加速.
             ##### `FBTURBOSRC_DIR`=""
             设置存放已下载的 [硬件加速的 Xorg 显卡驱动](https://github.com/ssvb/xf86-video-fbturbo) 的目录 (`xf86-video-fbturbo`) , 可以复制到chroot内配置、构建和安装.
             ##### `ENABLE_IPTABLES`=false
             允许 iptables 防火墙. 使用最简单的规则集: 允许所有出站连接;禁止除OpenSSH外的所有入站连接.
             ##### `ENABLE_USER`=true
             创建普通用户, 默认用户名`pi`, 默认密码raspberry.  可以使用 `USER_NAME`=user 更改默认用户名;使用 `USER_PASSWORD`=raspberry 更改默认密码.
             ##### `USER_NAME`=pi
             创建普通用户pi. 如果`ENABLE_USER`=false 此参数被忽略.
             ##### `ENABLE_ROOT`=false
             允许root用户登录, 需要设置 root 用户密码.
             ##### `ENABLE_HARDNET`=false
             允许加固 IPv4/IPv6 协议栈, 防止DoS攻击.
             ##### `ENABLE_SPLITFS`=false
             允许将根分区放在USB驱动器中. 将会生成两个镜像文件, 一个挂载为 `/boot/firmware` , 另一个挂载为 `/`.
             ##### `CHROOT_SCRIPTS`=""
             设置自定义脚本目录的路径, 该目录中的脚本在镜像文件构建完成之前在chroot中运行. 这个目录里的可执行文件按着字典序运行.
             ##### `ENABLE_INITRAMFS`=false
             创建 Linux 启动时加载的 initramfs .如果 `ENABLE_CRYPTFS`=true 那么 `ENABLE_INITRAMFS` 自动设为true . 如果 `BUILD_KERNEL`=false 此参数被忽略.
             ##### `ENABLE_IFNAMES`=true
             允许一致/可预测网络接口命名, 支持 Debian 发行版 `stretch` 或 `buster` .
             ##### `DISABLE_UNDERVOLT_WARNINGS`=
             禁止树莓派2/3 的低电压警告. 设为 `1` 禁止警告. 设为 `2` 额外允许低电压下的turbo增强模式.
             ---
             #### SSH 设置:
             ##### `SSH_ENABLE_ROOT`=false
             允许root通过密码验证方式远程登录系统. 如果没有修改默认密码, 这将是个巨大的安全隐患. `ENABLE_ROOT` 必须设为 `true`.
             ##### `SSH_DISABLE_PASSWORD_AUTH`=false
             禁用SSH的密码验证方式, 只支持SSH (v2)的公钥认证.
             ##### `SSH_LIMIT_USERS`=false
             限制通过SSH远程登录的用户. 只允许由 `USER_NAME`=pi 参数创建的普通用户, 以及当 `SSH_ENABLE_ROOT`=true 时 root 用户远程登录. 如果使用的守护程序是 `dropbear` (通过 `REDUCE_SSHD`=true 设置) 则忽略此参数.
             ##### `SSH_ROOT_PUB_KEY`=""
             从指定文件(可包含多个公钥)添加 SSH (v2) 公钥到 `authorized_keys` 文件, 使得 `root` 用户可以使用SSH (v2)的公钥验证方式远程登录, 不支持SSH (v1).  `ENABLE_ROOT` **和** `SSH_ENABLE_ROOT` 必须同时设为 `true`.
             ##### `SSH_USER_PUB_KEY`=""
             从指定文件(可包含多个公钥)添加 SSH (v2) 公钥到 `authorized_keys` 文件, 使得由 `USER_NAME`=pi 参数创建的普通用户可以使用SSH (v2)的公钥验证方式远程登录, 不支持SSH (v1).
             ---
             #### 内核编译:
             ##### `BUILD_KERNEL`=false
             构建安装最新的树莓派 2/3 Linux 内核, 当前只支持默认内核配置. 如果设置为树莓派`3`那么自动设置`BUILD_KERNEL`=true .
             ##### `CROSS_COMPILE`="arm-linux-gnueabihf-"
             设置交叉编译器.
             ##### `KERNEL_ARCH`="arm"
             设置内核架构.
             ##### `KERNEL_IMAGE`="kernel7.img"
             内核镜像名称, 如果没有设置, 编译32位内核默认“kernel7.img” 64位内核默认 "kernel8.img".
             ##### `KERNEL_BRANCH`=""
             GIT里的树莓派内核源代码分支名称, 默认使用当前默认分支.
             ##### `QEMU_BINARY`="/usr/bin/qemu-arm-static"
             设置构建系统中的QEMU程序位置. 如果没有设置, 32位内核默认 “/usr/bin/qemu-arm-static” 64位内核默认 "/usr/bin/qemu-aarch64-static".
             ##### `KERNEL_DEFCONFIG`="bcm2709_defconfig"
             设置编译内核的默认配置. 如果没有设置, 32位内核默认"bcm2709_defconfig" 64位内核默认"bcmrpi3\_defconfig".
             ##### `KERNEL_REDUCE`=false
             缩小内核体积, 移除不想要的设备驱动、网络驱动和文件系统驱动 (实验性质).
             ##### `KERNEL_THREADS`=1
             编译内核时的并发线程数量. 如果使用默认设置, 系统会自动检测CPU的内核数量, 设置线程数量, 加速内核编译.
             ##### `KERNEL_HEADERS`=true
             安装内核相应的头文件.
             ##### `KERNEL_MENUCONFIG`=false
             运行`make menuconfig`使用菜单界面配置内核. 退出配置菜单后脚本继续运行.
             ##### `KERNEL_REMOVESRC`=true
             编译安装完成后, 删掉内核源代码, 产生的镜像不含内核源代码.
             ##### `KERNELSRC_DIR`=""
             已下载好的 [Github上的树莓派官方内核](https://github.com/raspberrypi/linux) 源码所在目录 (`linux`) 的路径, 可以复制到chroot内配置、构建和安装.
             ##### `KERNELSRC_CLEAN`=false
             当`KERNELSRC_DIR`被复制到 chroot 之后开始编译之前(使用 `make mrproper`)清理内核源代码. 如果 `KERNELSRC_DIR` 没有设置或者 `KERNELSRC_PREBUILT`=true时忽略此设置.
             ##### `KERNELSRC_CONFIG`=true
             在编译前使用 `make bcm2709_defconfig` (也可以选择 `make menuconfig`) 配置内核源代码. 如果`KERNELSRC_DIR`指定的源码存放目录不存在,这个参数自动设为 `true`. 如果 `KERNELSRC_PREBUILT`=true 忽略此参数.
             ##### `KERNELSRC_USRCONFIG`=""
             复制自己的配置文件到内核的 `.config`. 如果 `KERNEL_MENUCONFIG`=true 拷贝完成后自动运行 make menuconfig.
             ##### `KERNELSRC_PREBUILT`=false
             如果这个参数设为true 表示内核源代码目录中包含成功交叉编译好的内核. 忽略 `KERNELSRC_CLEAN`, `KERNELSRC_CONFIG`, `KERNELSRC_USRCONFIG` and `KERNEL_MENUCONFIG` 这四个参数,不再执行交叉编译操作.
             ##### `RPI_FIRMWARE_DIR`=""
             指定目录 (`firmware`) 含有已经从 [Github上的树莓派官方固件](https://github.com/raspberrypi/firmware)下载到本地的固件. 默认直接从网上下载最新的固件.
             ---
             #### 缩小体积:
             如果 `ENABLE_REDUCE`=false 则忽略下列参数.
             ##### `REDUCE_APT`=true
             配置 APT,压缩仓库文件列表,不缓存下载的包文件.
             ##### `REDUCE_DOC`=true
             移除所有的doc文档文件(harsh). 配置 APT, 将来使用`apt-get`安装deb包时不包括doc文件.
             ##### `REDUCE_MAN`=true
             移除所有的man手册页和info文件 (harsh).  配置 APT, 将来使用`apt-get`安装deb包时不包括man手册页.
             ##### `REDUCE_VIM`=false
             使用vim的小型克隆 `levee` 替代 `vim-tiny`.
             ##### `REDUCE_BASH`=false
             使用 `dash` 代替 `bash` (实验性质).
             ##### `REDUCE_HWDB`=true
             移除与 PCI 相关的 hwdb 文件 (实验性质).
             ##### `REDUCE_SSHD`=true
             使用`dropbear`代替 `openssh-server`.
             ##### `REDUCE_LOCALE`=true
             移除所有的 `locale` 本地化文件.
             ---
             #### 加密根分区:
             ##### `ENABLE_CRYPTFS`=false
             使用dm-crypt进行全盘加密. 创建一个 LUKS 加密根分区 (加密方法 aes-xts-plain64:sha512) 并生成所需要的 initramfs.  /boot 目录不会被加密. 当`BUILD_KERNEL`=false时忽略此参数. `ENABLE_CRYPTFS` 这个参数当前是实验性质的. SSH-to-initramfs 当前不支持,正在进行中.
             ##### `CRYPTFS_PASSWORD`=""
             设置根分区的加密密码. 如果 `ENABLE_CRYPTFS`=true,请务必设置此参数.
             ##### `CRYPTFS_MAPPING`="secure"
             设置device-mapper映射名称.
             ##### `CRYPTFS_CIPHER`="aes-xts-plain64:sha512"
             加密算法. 推荐 `aes-xts*`加密法.
             ##### `CRYPTFS_XTSKEYSIZE`=512
             设置密钥长度,8的倍数,以bit为单位.
             ---
             #### Build settings构建设置:
             ##### `BASEDIR`=$(pwd)/images/${RELEASE}
             设置产生镜像的目录.
             ##### `IMAGE_NAME`=${BASEDIR}/${DATE}-${KERNEL_ARCH}-${KERNEL_BRANCH}-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}
             设置镜像文件名. 如果`ENABLE_SPLITFS`=false则文件名$IMAGE_NAME.img 如果`ENABLE_SPLITFS`=true则文件名$IMAGE_NAME-frmw.img 和 $IMAGE_NAME-root.img. 如果没有设置 `KERNEL_BRANCH` 则使用 "CURRENT" .
             ## 理解脚本
             制作镜像的每个阶段所实现的功能都由各自的脚本完成, 位于 `bootstrap.d` 目录. 按着字典序执行:
             | 脚本 | 说明 |
             | --- | --- |
             | `10-bootstrap.sh` | 生成基本系统 |
             | `11-apt.sh` | 设置 APT 仓库源 |
             | `12-locale.sh` | 设置 Locales 和 keyboard |
             | `13-kernel.sh` | 编译安装树莓派 2/3 内核 |
             | `14-fstab.sh` | 设置 fstab 和 initramfs |
             | `15-rpi-config.sh` | 设置 RPi2/3 config and cmdline |
             | `20-networking.sh` | 设置网络 |
             | `21-firewall.sh` | 设置防火墙 |
             | `30-security.sh` | 设置用户以及安全相关 |
             | `31-logging.sh` | 设置日志 |
             | `32-sshd.sh` | 设置 SSH 和公钥 |
             | `41-uboot.sh` | 编译设置 U-Boot |
             | `42-fbturbo.sh` | 编译设置 fbturbo Xorg 驱动 |
             | `50-firstboot.sh` | 首次启动执行的任务 |
             | `99-reduce.sh` | 缩小体积 |
             所有需要拷贝到镜像文件的配置文件都位于 `files` 目录. 最好不要手动更改这些配置文件.
             | 目录 | 说明 |
             | --- | --- |
             | `apt` | APT 管理配置文件 |
             | `boot` | 引导文件 树莓派2/3配置文件 |
             | `dpkg` | 包管理配置文件 |
             | `etc` | 配置文件以及 rc 启动脚本 |
             | `firstboot` | 首次引导执行的脚本  |
             | `initramfs` | Initramfs 脚本 |
             | `iptables` | 防火墙配置文件 |
             | `locales` | Locales 配置 |
             | `modules` | 内核模块配置 |
             | `mount` | Fstab 配置 |
             | `network` | 网络配置文件 |
             | `sysctl.d` | 交换文件以及IP协议加固配置文件 |
             | `xorg` | fbturbo Xorg 驱动配置 |
             ## 自定义包和脚本
              `packages` 目录里放置自定义deb包, 比如系统仓库里没有的软件.在安装完系统仓库中的包之后安装. 自定义包所依赖的deb包会自动从系统仓库下载. 不要把自定义包添加到 `APT_INCLUDES` 参数中.
              `custom.d` 目录中的脚本会在其它安装都完成后, 创建镜像文件之前执行.
             ## 记录镜像产生过程的信息
             所有镜像产生过程的信息、`rpi23-gen-image.sh` 脚本执行的命令都可以通过shell的 `script` 命令保存到日志文件中:
             ```shell
             script -c 'APT_SERVER=ftp.de.debian.org ./rpi23-gen-image.sh' ./build.log
             ```
             ## 烧录镜像文件
             `rpi23-gen-image.sh` 所生成的镜像文件需要使用 `bmaptool` 或 `dd` 烧录到 microSD 卡. `bmaptool` 速度快比 `dd` 聪明.
             ##### 烧录示例:
             ```shell
             bmaptool copy ./images/jessie/2017-01-23-rpi3-jessie.img /dev/mmcblk0
             dd bs=4M if=./images/jessie/2017-01-23-rpi3-jessie.img of=/dev/mmcblk0
             ```
             如果设置过 `ENABLE_SPLITFS`, 烧录 `-frmw` 文件到 microSD 卡, 烧录 `-root` 文件到 USB 驱动器:
             ```shell
             bmaptool copy ./images/jessie/2017-01-23-rpi3-jessie-frmw.img /dev/mmcblk0
             bmaptool copy ./images/jessie/2017-01-23-rpi3-jessie-root.img /dev/sdc
             ```
             ## 每周镜像
             这些镜像由JRWR'S I/O PORT提供, 每周日午夜UTC 0点编译!
             * [Debian Stretch Raspberry Pi2/3 周构建镜像](https://jrwr.io/doku.php?id=projects:debianpi)
             ## External links and references外部链接, 各种资源
             * [Debian 全世界镜像列表](https://www.debian.org/mirror/list)
             * [Debian 树莓派 2 Wiki](https://wiki.debian.org/RaspberryPi2)
             * [Debian 交叉工具链 Wiki](https://wiki.debian.org/CrossToolchains)
             * [Github上的树莓派官方固件](https://github.com/raspberrypi/firmware)
             * [Github上的树莓派官方内核](https://github.com/raspberrypi/linux)
             * [U-BOOT git 仓库](https://git.denx.de/?p=u-boot.git;a=summary)
             * [Xorg DDX fbturbo驱动](https://github.com/ssvb/xf86-video-fbturbo)
             * [树莓派3无线接口固件](https://github.com/RPi-Distro/firmware-nonfree/tree/master/brcm80211/brcm)
             * [Collabora 树莓派2预编译内核](https://repositories.collabora.co.uk/debian/)

README.md +69 -59

             # rpi23-gen-image
             ## Introduction
+            `rpi23-gen-image.sh` is an advanced Debian Linux bootstrapping shell script for generating Debian OS images for all Raspberry Pi computers. The script at this time supports the bootstrapping of the Debian (armhf/armel) releases `stretch` and `buster`. Raspberry Pi 0/1/2/3 images are generated for 32-bit mode only. Raspberry Pi 3 supports 64-bit images that can be generated using custom configuration parameters (```templates/rpi3-stretch-arm64-4.14.y```).
-            `rpi23-gen-image.sh` is an advanced Debian Linux bootstrapping shell script for generating Debian OS images for Raspberry Pi 2 (RPi2) and Raspberry Pi 3 (RPi3) computers. The script at this time supports the bootstrapping of the Debian (armhf) releases `jessie`, `stretch` and `buster`. Raspberry Pi 3 images are generated for 32-bit mode only. Raspberry Pi 3 64-bit images can be generated using custom configuration parameters (```templates/rpi3-stretch-arm64-4.11.y```).
             ## Build dependencies
             The following list of Debian packages must be installed on the build system because they are essentially required for the bootstrapping process. The script will check if all required packages are installed and missing packages will be installed automatically if confirmed by the user.
               ```debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git bc psmisc dbus sudo```
-            It is recommended to configure the `rpi23-gen-image.sh` script to build and install the latest Raspberry Pi Linux kernel. For the RPi3 this is mandatory. Kernel compilation and linking will be performed on the build system using an ARM (armhf) cross-compiler toolchain.
+            It is recommended to configure the `rpi23-gen-image.sh` script to build and install the latest Raspberry Pi Linux kernel. For the Raspberry 3 this is mandatory. Kernel compilation and linking will be performed on the build system using an ARM (armhf/armel) cross-compiler toolchain.
-            The script has been tested using the default `crossbuild-essential-armhf` toolchain meta package on Debian Linux `jessie` and `stretch` build systems. Please check the [Debian CrossToolchains Wiki](https://wiki.debian.org/CrossToolchains) for further information.
+            The script has been tested using the default `crossbuild-essential-armhf` and `crossbuild-essential-armel` toolchain meta packages on Debian Linux `stretch` build systems. Please check the [Debian CrossToolchains Wiki](https://wiki.debian.org/CrossToolchains) for further information.
-            If a Debian Linux `jessie` build system is used it will be required to add the [Debian Cross-toolchains repository](http://emdebian.org/tools/debian/) first:
-            ```
-            echo "deb http://emdebian.org/tools/debian/ jessie main" > /etc/apt/sources.list.d/crosstools.list
-            sudo -u nobody wget -O - http://emdebian.org/tools/debian/emdebian-toolchain-archive.key | apt-key add -
-            dpkg --add-architecture armhf
-            apt-get update
-            ```
             ## Command-line parameters
             The script accepts certain command-line parameters to enable or disable specific OS features, services and configuration settings. These parameters are passed to the `rpi23-gen-image.sh` script via (simple) shell-variables. Unlike environment shell-variables (simple) shell-variables are defined at the beginning of the command-line call of the `rpi23-gen-image.sh` script.
             ##### Command-line examples:
             ```shell
             ENABLE_UBOOT=true ./rpi23-gen-image.sh
             ENABLE_CONSOLE=false ENABLE_IPV6=false ./rpi23-gen-image.sh
             ENABLE_WM=xfce4 ENABLE_FBTURBO=true ENABLE_MINBASE=true ./rpi23-gen-image.sh
             ENABLE_HARDNET=true ENABLE_IPTABLES=true /rpi23-gen-image.sh
             APT_SERVER=ftp.de.debian.org APT_PROXY="http://127.0.0.1:3142/" ./rpi23-gen-image.sh
             ENABLE_MINBASE=true ./rpi23-gen-image.sh
             BUILD_KERNEL=true ENABLE_MINBASE=true ENABLE_IPV6=false ./rpi23-gen-image.sh
             BUILD_KERNEL=true KERNELSRC_DIR=/tmp/linux ./rpi23-gen-image.sh
             ENABLE_MINBASE=true ENABLE_REDUCE=true ENABLE_MINGPU=true BUILD_KERNEL=true ./rpi23-gen-image.sh
             ENABLE_CRYPTFS=true CRYPTFS_PASSWORD=changeme EXPANDROOT=false ENABLE_MINBASE=true ENABLE_REDUCE=true ENABLE_MINGPU=true BUILD_KERNEL=true ./rpi23-gen-image.sh
             RELEASE=stretch BUILD_KERNEL=true ./rpi23-gen-image.sh
             RPI_MODEL=3 ENABLE_WIRELESS=true ENABLE_MINBASE=true BUILD_KERNEL=true ./rpi23-gen-image.sh
             RELEASE=stretch RPI_MODEL=3 ENABLE_WIRELESS=true ENABLE_MINBASE=true BUILD_KERNEL=true ./rpi23-gen-image.sh
             ```
             ## Configuration template files
             To avoid long lists of command-line parameters and to help to store the favourite parameter configurations the `rpi23-gen-image.sh` script supports so called configuration template files (`CONFIG_TEMPLATE`=template). These are simple text files located in the `./templates` directory that contain the list of configuration parameters that will be used. New configuration template files can be added to the `./templates` directory.
             ##### Command-line examples:
             ```shell
             CONFIG_TEMPLATE=rpi3stretch ./rpi23-gen-image.sh
             CONFIG_TEMPLATE=rpi2stretch ./rpi23-gen-image.sh
             ```
             ## Supported parameters and settings
             #### APT settings:
             ##### `APT_SERVER`="ftp.debian.org"
             Set Debian packages server address. Choose a server from the list of Debian worldwide [mirror sites](https://www.debian.org/mirror/list). Using a nearby server will probably speed-up all required downloads within the bootstrapping process.
             ##### `APT_PROXY`=""
-            Set Proxy server address. Using a local Proxy-Cache like `apt-cacher-ng` will speed-up the bootstrapping process because all required Debian packages will only be downloaded from the Debian mirror site once.
+            Set Proxy server address. Using a local Proxy-Cache like `apt-cacher-ng` will speed-up the bootstrapping process because all required Debian packages will only be downloaded from the Debian mirror site once. If `apt-cacher-ng` is running on default `http://127.0.0.1:3142` it is autodetected and you don't need to set this.
             ##### `APT_INCLUDES`=""
-            A comma separated list of additional packages to be installed by debootstrap during bootstrapping.
+            A comma-separated list of additional packages to be installed by debootstrap during bootstrapping.
             ##### `APT_INCLUDES_LATE`=""
-            A comma separated list of additional packages to be installed by apt after bootstrapping and after APT sources are set up.  This is useful for packages with pre-depends, which debootstrap do not handle well.
+            A comma-separated list of additional packages to be installed by apt after bootstrapping and after APT sources are set up.  This is useful for packages with pre-depends, which debootstrap do not handle well.
             ---
             #### General system settings:
+            ##### `SET_ARCH`=32
+            Set Architecture to default 32bit. If you want to compile 64-bit (RPI3 or RPI3+) set it to `64`. This option will set every needed cross-compiler or board specific option for a successful build.
             ##### `RPI_MODEL`=2
-            Specifiy the target Raspberry Pi hardware model. The script at this time supports the following Raspberry Pi models:
+            Specify the target Raspberry Pi hardware model. The script at this time supports the following Raspberry Pi models:
-            `0`  = Used for Raspberry Pi 0 and Raspberry Pi 0 W
+            - `0`  = Raspberry Pi 0 and Raspberry Pi 0 W
-            `1`  = Used for Pi 1 model A and B
+            - `1`  = Raspberry Pi 1 model A and B
-            `1P` = Used for Pi 1 model B+ and A+
+            - `1P` = Raspberry Pi 1 model B+ and A+
-            `2`  = Used for Pi 2 model B
+            - `2`  = Raspberry Pi 2 model B
-            `3`  = Used for Pi 3 model B
+            - `3`  = Raspberry Pi 3 model B
-            `3P` = Used for Pi 3 model B+
+            - `3P` = Raspberry Pi 3 model B+
-            `BUILD_KERNEL`=true will automatically be set if the Raspberry Pi model `3` or `3P` is used.
+            ##### `RELEASE`="buster"
-            ##### `RELEASE`="jessie"
+            Set the desired Debian release name. The script at this time supports the bootstrapping of the Debian releases `stretch` and `buster`.
-            Set the desired Debian release name. The script at this time supports the bootstrapping of the Debian releases "jessie", "stretch" and "buster". `BUILD_KERNEL`=true will automatically be set if the Debian releases `stretch` or `buster` are used.
             ##### `RELEASE_ARCH`="armhf"
             Set the desired Debian release architecture.
             ##### `HOSTNAME`="rpi$RPI_MODEL-$RELEASE"
-            Set system host name. It's recommended that the host name is unique in the corresponding subnet.
+            Set system hostname. It's recommended that the hostname is unique in the corresponding subnet.
             ##### `PASSWORD`="raspberry"
             Set system `root` password. It's **STRONGLY** recommended that you choose a custom password.
             ##### `USER_PASSWORD`="raspberry"
             Set password for the created non-root user `USER_NAME`=pi. Ignored if `ENABLE_USER`=false. It's **STRONGLY** recommended that you choose a custom password.
             ##### `DEFLOCAL`="en_US.UTF-8"
             Set default system locale. This setting can also be changed inside the running OS using the `dpkg-reconfigure locales` command. Please note that on using this parameter the script will automatically install the required packages `locales`, `keyboard-configuration` and `console-setup`.
             ##### `TIMEZONE`="Europe/Berlin"
             Set default system timezone. All available timezones can be found in the `/usr/share/zoneinfo/` directory. This setting can also be changed inside the running OS using the `dpkg-reconfigure tzdata` command.
             ##### `EXPANDROOT`=true
             Expand the root partition and filesystem automatically on first boot.
             ##### `ENABLE_QEMU`=false
             Generate kernel (`vexpress_defconfig`), file system image (`qcow2`) and DTB files that can be used for QEMU full system emulation (`vexpress-A15`). The output files are stored in the `$(pwd)/images/qemu` directory. You can find more information about running the generated image in the QEMU section of this readme file.
             ---
             #### Keyboard settings:
             These options are used to configure keyboard layout in `/etc/default/keyboard` for console and Xorg. These settings can also be changed inside the running OS using the `dpkg-reconfigure keyboard-configuration` command.
             ##### `XKB_MODEL`=""
             Set the name of the model of your keyboard type.
             ##### `XKB_LAYOUT`=""
             Set the supported keyboard layout(s).
             ##### `XKB_VARIANT`=""
             Set the supported variant(s) of the keyboard layout(s).
             ##### `XKB_OPTIONS`=""
             Set extra xkb configuration options.
             ---
             #### Networking settings (DHCP):
-            This parameter is used to set up networking auto configuration in `/etc/systemd/network/eth.network`. The default location of network configuration files in the Debian `stretch` release was changed to `/lib/systemd/network`.`
+            This parameter is used to set up networking auto-configuration in `/etc/systemd/network/eth.network`. The default location of network configuration files in the Debian `stretch` release was changed to `/lib/systemd/network`.`
             ##### `ENABLE_DHCP`=true
             Set the system to use DHCP. This requires an DHCP server.
             ---
             #### Networking settings (static):
             These parameters are used to set up a static networking configuration in `/etc/systemd/network/eth.network`. The following static networking parameters are only supported if `ENABLE_DHCP` was set to `false`. The default location of network configuration files in the Debian `stretch` release was changed to `/lib/systemd/network`.
             ##### `NET_ADDRESS`=""
             Set a static IPv4 or IPv6 address and its prefix, separated by "/", eg. "192.169.0.3/24".
             ##### `NET_GATEWAY`=""
             Set the IP address for the default gateway.
             ##### `NET_DNS_1`=""
             Set the IP address for the first DNS server.
             ##### `NET_DNS_2`=""
             Set the IP address for the second DNS server.
             ##### `NET_DNS_DOMAINS`=""
-            Set the default DNS search domains to use for non fully qualified host names.
+            Set the default DNS search domains to use for non fully qualified hostnames.
             ##### `NET_NTP_1`=""
             Set the IP address for the first NTP server.
             ##### `NET_NTP_2`=""
             Set the IP address for the second NTP server.
             ---
             #### Basic system features:
             ##### `ENABLE_CONSOLE`=true
-            Enable serial console interface. Recommended if no monitor or keyboard is connected to the RPi2/3. In case of problems fe. if the network (auto) configuration failed - the serial console can be used to access the system.
+            Enable serial console interface. Recommended if no monitor or keyboard is connected to the RPi2/3. In case of problems fe. if the network (auto) configuration failed - the serial console can be used to access the system. On RPI `0` `3` `3P` the CPU speed is locked at lowest speed.
+            ##### `ENABLE_PRINTK`=false
+            Enables printing kernel messages to konsole. printk is `3 4 1 3` as in raspbian.
+            ##### `ENABLE_BLUETOOTH`=false
+            Enable onboard Bluetooth interface on the RPi0/3/3P. See: [Configuring the GPIO serial port on Raspbian jessie and stretch](https://spellfoundry.com/2016/05/29/configuring-gpio-serial-port-raspbian-jessie-including-pi-3/).
+            ##### `ENABLE_MINIUART_OVERLAY`=false
+            Enable Bluetooth to use this. Adds overlay to swap UART0 with UART1. Enabling (slower) Bluetooth and full speed serial console. - RPI `0` `3` `3P` have a fast `hardware UART0` (ttyAMA0) and a `mini UART1` (ttyS0)! RPI `1` `1P` `2` only have a `hardware UART0`. `UART0` is considered better, because is faster and more stable than `mini UART1`. By default the Bluetooth modem is mapped to the `hardware UART0` and `mini UART` is used for console. The `mini UART` is a problem for the serial console, because its baudrate depends on the CPU frequency, which is changing on runtime. Resulting in a volatile baudrate and thus in an unusable serial console.
+            ##### `ENABLE_TURBO`=false
+            Enable Turbo mode. This setting locks cpu at the highest frequency. As setting ENABLE_CONSOLE=true locks RPI to lowest CPU speed, this is can be used additionally to lock cpu hat max speed. Need a good power supply and probably cooling for the Raspberry PI.
             ##### `ENABLE_I2C`=false
-            Enable I2C interface on the RPi2/3. Please check the [RPi2/3 pinout diagrams](https://elinux.org/RPi_Low-level_peripherals) to connect the right GPIO pins.
+            Enable I2C interface on the RPi 0/1/2/3. Please check the [RPi 0/1/2/3 pinout diagrams](https://elinux.org/RPi_Low-level_peripherals) to connect the right GPIO pins.
             ##### `ENABLE_SPI`=false
-            Enable SPI interface on the RPi2/3. Please check the [RPi2/3 pinout diagrams](https://elinux.org/RPi_Low-level_peripherals) to connect the right GPIO pins.
+            Enable SPI interface on the RPi 0/1/2/3. Please check the [RPi 0/1/2/3 pinout diagrams](https://elinux.org/RPi_Low-level_peripherals) to connect the right GPIO pins.
             ##### `ENABLE_IPV6`=true
             Enable IPv6 support. The network interface configuration is managed via systemd-networkd.
             ##### `ENABLE_SSHD`=true
             Install and enable OpenSSH service. The default configuration of the service doesn't allow `root` to login. Please use the user `pi` instead and `su -` or `sudo` to execute commands as root.
             ##### `ENABLE_NONFREE`=false
             Allow the installation of non-free Debian packages that do not comply with the DFSG. This is required to install closed-source firmware binary blobs.
             ##### `ENABLE_WIRELESS`=false
-            Download and install the [closed-source firmware binary blob](https://github.com/RPi-Distro/firmware-nonfree/tree/master/brcm80211/brcm) that is required to run the internal wireless interface of the Raspberry Pi model `3`. This parameter is ignored if the specified `RPI_MODEL` is not `3`.
+            Download and install the [closed-source firmware binary blob](https://github.com/RPi-Distro/firmware-nonfree/raw/master/brcm) that is required to run the internal wireless interface of the Raspberry Pi model `3`. This parameter is ignored if the specified `RPI_MODEL` is not `3`.
             ##### `ENABLE_RSYSLOG`=true
-            If set to false, disable and uninstall rsyslog (so logs will be available only
+            If set to false, disable and uninstall rsyslog (so logs will be available only in journal files)
-            in journal files)
             ##### `ENABLE_SOUND`=true
             Enable sound hardware and install Advanced Linux Sound Architecture.
             ##### `ENABLE_HWRANDOM`=true
-            Enable Hardware Random Number Generator. Strong random numbers are important for most network based communications that use encryption. It's recommended to be enabled.
+            Enable Hardware Random Number Generator. Strong random numbers are important for most network-based communications that use encryption. It's recommended to be enabled.
             ##### `ENABLE_MINGPU`=false
             Minimize the amount of shared memory reserved for the GPU. It doesn't seem to be possible to fully disable the GPU.
             ##### `ENABLE_DBUS`=true
             Install and enable D-Bus message bus. Please note that systemd should work without D-bus but it's recommended to be enabled.
             ##### `ENABLE_XORG`=false
             Install Xorg open-source X Window System.
             ##### `ENABLE_WM`=""
-            Install a user defined window manager for the X Window System. To make sure all X related package dependencies are getting installed `ENABLE_XORG` will automatically get enabled if `ENABLE_WM` is used. The `rpi23-gen-image.sh` script has been tested with the following list of window managers: `blackbox`, `openbox`, `fluxbox`, `jwm`, `dwm`, `xfce4`, `awesome`.
+            Install a user-defined window manager for the X Window System. To make sure all X related package dependencies are getting installed `ENABLE_XORG` will automatically get enabled if `ENABLE_WM` is used. The `rpi23-gen-image.sh` script has been tested with the following list of window managers: `blackbox`, `openbox`, `fluxbox`, `jwm`, `dwm`, `xfce4`, `awesome`.
+            ##### `ENABLE_SYSVINIT`=false
+            Support for halt,init,poweroff,reboot,runlevel,shutdown,telinit commands
             ---
             #### Advanced system features:
             ##### `ENABLE_MINBASE`=false
             Use debootstrap script variant `minbase` which only includes essential packages and apt. This will reduce the disk usage by about 65 MB.
             ##### `ENABLE_REDUCE`=false
             Reduce the disk space usage by deleting packages and files. See `REDUCE_*` parameters for detailed information.
             ##### `ENABLE_UBOOT`=false
-            Replace the default RPi2/3 second stage bootloader (bootcode.bin) with [U-Boot bootloader](https://git.denx.de/?p=u-boot.git;a=summary). U-Boot can boot images via the network using the BOOTP/TFTP protocol.
+            Replace the default RPi 0/1/2/3 second stage bootloader (bootcode.bin) with [U-Boot bootloader](https://git.denx.de/?p=u-boot.git;a=summary). U-Boot can boot images via the network using the BOOTP/TFTP protocol.
             ##### `UBOOTSRC_DIR`=""
             Path to a directory (`u-boot`) of [U-Boot bootloader sources](https://git.denx.de/?p=u-boot.git;a=summary) that will be copied, configured, build and installed inside the chroot.
             ##### `ENABLE_FBTURBO`=false
             Install and enable the [hardware accelerated Xorg video driver](https://github.com/ssvb/xf86-video-fbturbo) `fbturbo`. Please note that this driver is currently limited to hardware accelerated window moving and scrolling.
             ##### `FBTURBOSRC_DIR`=""
             Path to a directory (`xf86-video-fbturbo`) of [hardware accelerated Xorg video driver sources](https://github.com/ssvb/xf86-video-fbturbo) that will be copied, configured, build and installed inside the chroot.
+            ##### `ENABLE_VIDEOCORE`=false
+            Install and enable the [ARM side libraries for interfacing to Raspberry Pi GPU](https://github.com/raspberrypi/userland) `vcgencmd`. Please note that this driver is currently limited to hardware accelerated window moving and scrolling.
+            ##### `VIDEOCORESRC_DIR`=""
+            Path to a directory (`userland`) of [ARM side libraries for interfacing to Raspberry Pi GPU](https://github.com/raspberrypi/userland) that will be copied, configured, build and installed inside the chroot.
             ##### `ENABLE_IPTABLES`=false
             Enable iptables IPv4/IPv6 firewall. Simplified ruleset: Allow all outgoing connections. Block all incoming connections except to OpenSSH service.
             ##### `ENABLE_USER`=true
-            Create non-root user with password `USER_PASSWORD`=raspberry. Unless overridden with `USER_NAME`=user, username will be `pi`.
+            Create non-root user with password `USER_PASSWORD`=raspberry. Unless overridden with `USER_NAME`=user, the username will be `pi`.
             ##### `USER_NAME`=pi
             Non-root user to create.  Ignored if `ENABLE_USER`=false
             ##### `ENABLE_ROOT`=false
             Set root user password so root login will be enabled
             ##### `ENABLE_HARDNET`=false
             Enable IPv4/IPv6 network stack hardening settings.
             ##### `ENABLE_SPLITFS`=false
             Enable having root partition on an USB drive by creating two image files: one for the `/boot/firmware` mount point, and another for `/`.
             ##### `CHROOT_SCRIPTS`=""
             Path to a directory with scripts that should be run in the chroot before the image is finally built. Every executable file in this directory is run in lexicographical order.
             ##### `ENABLE_INITRAMFS`=false
             Create an initramfs that that will be loaded during the Linux startup process. `ENABLE_INITRAMFS` will automatically get enabled if `ENABLE_CRYPTFS`=true. This parameter will be ignored if `BUILD_KERNEL`=false.
             ##### `ENABLE_IFNAMES`=true
-            Enable automatic assignment of predictable, stable network interface names for all local Ethernet, WLAN interfaces. This might create complex and long interface names. This parameter is only supported if the Debian releases `stretch` or `buster` are used.
+            Enable automatic assignment of predictable, stable network interface names for all local Ethernet, WLAN interfaces. This might create complex and long interface names.
             ##### `DISABLE_UNDERVOLT_WARNINGS`=
             Disable RPi2/3 under-voltage warnings and overlays. Setting the parameter to `1` will disable the warning overlay. Setting it to `2` will additionally allow RPi2/3 turbo mode when low-voltage is present.
             ---
             #### SSH settings:
             ##### `SSH_ENABLE_ROOT`=false
-            Enable password root login via SSH. This may be a security risk with default password, use only in trusted environments. `ENABLE_ROOT` must be set to `true`.
+            Enable password-based root login via SSH. This may be a security risk with the default password set, use only in trusted environments. `ENABLE_ROOT` must be set to `true`.
             ##### `SSH_DISABLE_PASSWORD_AUTH`=false
-            Disable password based SSH authentication. Only public key based SSH (v2) authentication will be supported.
+            Disable password-based SSH authentication. Only public key based SSH (v2) authentication will be supported.
             ##### `SSH_LIMIT_USERS`=false
             Limit the users that are allowed to login via SSH. Only allow user `USER_NAME`=pi and root if `SSH_ENABLE_ROOT`=true to login. This parameter will be ignored if `dropbear` SSH is used (`REDUCE_SSHD`=true).
             ##### `SSH_ROOT_PUB_KEY`=""
             Add SSH (v2) public key(s) from specified file to `authorized_keys` file to enable public key based SSH (v2) authentication of user `root`. The specified file can also contain multiple SSH (v2) public keys. SSH protocol version 1 is not supported. `ENABLE_ROOT` **and** `SSH_ENABLE_ROOT` must be set to `true`.
             ##### `SSH_USER_PUB_KEY`=""
             Add SSH (v2) public key(s) from specified file to `authorized_keys` file to enable public key based SSH (v2) authentication of user `USER_NAME`=pi. The specified file can also contain multiple SSH (v2) public keys. SSH protocol version 1 is not supported.
             ---
             #### Kernel compilation:
-            ##### `BUILD_KERNEL`=false
+            ##### `BUILD_KERNEL`=true
-            Build and install the latest RPi2/3 Linux kernel. Currently only the default RPi2/3 kernel configuration is used. `BUILD_KERNEL`=true will automatically be set if the Raspberry Pi model `3` is used.
+            Build and install the latest RPi 0/1/2/3 Linux kernel. Currently only the default RPi 0/1/2/3 kernel configuration is used.
             ##### `CROSS_COMPILE`="arm-linux-gnueabihf-"
-            This sets the cross compile enviornment for the compiler.
+            This sets the cross-compile environment for the compiler.
             ##### `KERNEL_ARCH`="arm"
             This sets the kernel architecture for the compiler.
             ##### `KERNEL_IMAGE`="kernel7.img"
             Name of the image file in the boot partition. If not set, `KERNEL_IMAGE` will be set to "kernel8.img" automatically if building for arm64.
             ##### `KERNEL_BRANCH`=""
             Name of the requested branch from the GIT location for the RPi Kernel. Default is using the current default branch from the GIT site.
             ##### `QEMU_BINARY`="/usr/bin/qemu-arm-static"
             Sets the QEMU enviornment for the Debian archive. If not set, `QEMU_BINARY` will be set to "/usr/bin/qemu-aarch64-static" automatically if building for arm64.
             ##### `KERNEL_DEFCONFIG`="bcm2709_defconfig"
             Sets the default config for kernel compiling. If not set, `KERNEL_DEFCONFIG` will be set to "bcmrpi3\_defconfig" automatically if building for arm64.
             ##### `KERNEL_REDUCE`=false
-            Reduce the size of the generated kernel by removing unwanted device, network and filesystem drivers (experimental).
+            Reduce the size of the generated kernel by removing unwanted devices, network and filesystem drivers (experimental).
             ##### `KERNEL_THREADS`=1
             Number of parallel kernel building threads. If the parameter is left untouched the script will automatically determine the number of CPU cores to set the number of parallel threads to speed the kernel compilation.
             ##### `KERNEL_HEADERS`=true
-            Install kernel headers with built kernel.
+            Install kernel headers with the built kernel.
             ##### `KERNEL_MENUCONFIG`=false
             Start `make menuconfig` interactive menu-driven kernel configuration. The script will continue after `make menuconfig` was terminated.
             ##### `KERNEL_OLDDEFCONFIG`=false
             Run `make olddefconfig` to automatically set all new kernel configuration options to their recommended default values.
             ##### `KERNEL_CCACHE`=false
             Compile the kernel using ccache. This speeds up kernel recompilation by caching previous compilations and detecting when the same compilation is being done again.
             ##### `KERNEL_REMOVESRC`=true
             Remove all kernel sources from the generated OS image after it was built and installed.
             ##### `KERNELSRC_DIR`=""
             Path to a directory (`linux`) of [RaspberryPi Linux kernel sources](https://github.com/raspberrypi/linux) that will be copied, configured, build and installed inside the chroot.
             ##### `KERNELSRC_CLEAN`=false
             Clean the existing kernel sources directory `KERNELSRC_DIR` (using `make mrproper`) after it was copied to the chroot and before the compilation of the kernel has started. This parameter will be ignored if no `KERNELSRC_DIR` was specified or if `KERNELSRC_PREBUILT`=true.
             ##### `KERNELSRC_CONFIG`=true
             Run `make bcm2709_defconfig` (and optional `make menuconfig`) to configure the kernel sources before building. This parameter is automatically set to `true` if no existing kernel sources directory was specified using `KERNELSRC_DIR`. This parameter is ignored if `KERNELSRC_PREBUILT`=true.
             ##### `KERNELSRC_USRCONFIG`=""
             Copy own config file to kernel `.config`. If `KERNEL_MENUCONFIG`=true then running after copy.
             ##### `KERNELSRC_PREBUILT`=false
             With this parameter set to true the script expects the existing kernel sources directory to be already successfully cross-compiled. The parameters `KERNELSRC_CLEAN`, `KERNELSRC_CONFIG`, `KERNELSRC_USRCONFIG` and `KERNEL_MENUCONFIG` are ignored and no kernel compilation tasks are performed.
             ##### `RPI_FIRMWARE_DIR`=""
             The directory (`firmware`) containing a local copy of the firmware from the [RaspberryPi firmware project](https://github.com/raspberrypi/firmware). Default is to download the latest firmware directly from the project.
             ---
             #### Reduce disk usage:
             The following list of parameters is ignored if `ENABLE_REDUCE`=false.
             ##### `REDUCE_APT`=true
             Configure APT to use compressed package repository lists and no package caching files.
             ##### `REDUCE_DOC`=true
             Remove all doc files (harsh). Configure APT to not include doc files on future `apt-get` package installations.
             ##### `REDUCE_MAN`=true
             Remove all man pages and info files (harsh).  Configure APT to not include man pages on future `apt-get` package installations.
             ##### `REDUCE_VIM`=false
             Replace `vim-tiny` package by `levee` a tiny vim clone.
             ##### `REDUCE_BASH`=false
             Remove `bash` package and switch to `dash` shell (experimental).
             ##### `REDUCE_HWDB`=true
             Remove PCI related hwdb files (experimental).
             ##### `REDUCE_SSHD`=true
             Replace `openssh-server` with `dropbear`.
             ##### `REDUCE_LOCALE`=true
             Remove all `locale` translation files.
             ---
             #### Encrypted root partition:
             ##### `ENABLE_CRYPTFS`=false
             Enable full system encryption with dm-crypt. Setup a fully LUKS encrypted root partition (aes-xts-plain64:sha512) and generate required initramfs. The /boot directory will not be encrypted. This parameter will be ignored if `BUILD_KERNEL`=false. `ENABLE_CRYPTFS` is experimental. SSH-to-initramfs is currently not supported but will be soon - feel free to help.
             ##### `CRYPTFS_PASSWORD`=""
             Set password of the encrypted root partition. This parameter is mandatory if `ENABLE_CRYPTFS`=true.
             ##### `CRYPTFS_MAPPING`="secure"
             Set name of dm-crypt managed device-mapper mapping.
             ##### `CRYPTFS_CIPHER`="aes-xts-plain64:sha512"
             Set cipher specification string. `aes-xts*` ciphers are strongly recommended.
             ##### `CRYPTFS_XTSKEYSIZE`=512
             Sets key size in bits. The argument has to be a multiple of 8.
             ---
             #### Build settings:
             ##### `BASEDIR`=$(pwd)/images/${RELEASE}
             Set a path to a working directory used by the script to generate an image.
             ##### `IMAGE_NAME`=${BASEDIR}/${DATE}-${KERNEL_ARCH}-${KERNEL_BRANCH}-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}
             Set a filename for the output file(s). Note: the script will create $IMAGE_NAME.img if `ENABLE_SPLITFS`=false or $IMAGE_NAME-frmw.img and $IMAGE_NAME-root.img if `ENABLE_SPLITFS`=true. Note 2: If the KERNEL_BRANCH is not set, the word "CURRENT" is used.
             ## Understanding the script
             The functions of this script that are required for the different stages of the bootstrapping are split up into single files located inside the `bootstrap.d` directory. During the bootstrapping every script in this directory gets executed in lexicographical order:
             | Script | Description |
             | --- | --- |
             | `10-bootstrap.sh` | Debootstrap basic system |
             | `11-apt.sh` | Setup APT repositories |
             | `12-locale.sh` | Setup Locales and keyboard settings |
-            | `13-kernel.sh` | Build and install RPi2/3 Kernel |
+            | `13-kernel.sh` | Build and install RPi 0/1/2/3 Kernel |
             | `14-fstab.sh` | Setup fstab and initramfs |
-            | `15-rpi-config.sh` | Setup RPi2/3 config and cmdline |
+            | `15-rpi-config.sh` | Setup RPi 0/1/2/3 config and cmdline |
             | `20-networking.sh` | Setup Networking |
             | `21-firewall.sh` | Setup Firewall |
             | `30-security.sh` | Setup Users and Security settings |
             | `31-logging.sh` | Setup Logging |
             | `32-sshd.sh` | Setup SSH and public keys |
             | `41-uboot.sh` | Build and Setup U-Boot |
             | `42-fbturbo.sh` | Build and Setup fbturbo Xorg driver |
+            | `43-videocore.sh` | Build and Setup videocore libraries |
             | `50-firstboot.sh` | First boot actions |
             | `99-reduce.sh` | Reduce the disk space usage |
             All the required configuration files that will be copied to the generated OS image are located inside the `files` directory. It is not recommended to modify these configuration files manually.
             | Directory | Description |
             | --- | --- |
             | `apt` | APT management configuration files |
-            | `boot` | Boot and RPi2/3 configuration files |
+            | `boot` | Boot and RPi 0/1/2/3 configuration files |
             | `dpkg` | Package Manager configuration |
             | `etc` | Configuration files and rc scripts |
             | `firstboot` | Scripts that get executed on first boot  |
             | `initramfs` | Initramfs scripts |
             | `iptables` | Firewall configuration files |
             | `locales` | Locales configuration |
             | `modules` | Kernel Modules configuration |
             | `mount` | Fstab configuration |
             | `network` | Networking configuration files |
             | `sysctl.d` | Swapping and Network Hardening configuration |
             | `xorg` | fbturbo Xorg driver configuration |
             ## Custom packages and scripts
             Debian custom packages, i.e. those not in the debian repositories, can be installed by placing them in the `packages` directory. They are installed immediately after packages from the repositories are installed. Any dependencies listed in the custom packages will be downloaded automatically from the repositories. Do not list these custom packages in `APT_INCLUDES`.
             Scripts in the custom.d directory will be executed after all other installation is complete but before the image is created.
             ## Logging of the bootstrapping process
             All information related to the bootstrapping process and the commands executed by the `rpi23-gen-image.sh` script can easily be saved into a logfile. The common shell command `script` can be used for this purpose:
             ```shell
             script -c 'APT_SERVER=ftp.de.debian.org ./rpi23-gen-image.sh' ./build.log
             ```
             ## Flashing the image file
-            After the image file was successfully created by the `rpi23-gen-image.sh` script it can be copied to the microSD card that will be used by the RPi2/3 computer. This can be performed by using the tools `bmaptool` or `dd`. Using `bmaptool` will probably speed-up the copy process because `bmaptool` copies more wisely than `dd`.
+            After the image file was successfully created by the `rpi23-gen-image.sh` script it can be copied to the microSD card that will be used by the RPi 0/1/2/3 computer. This can be performed by using the tools `bmaptool` or `dd`. Using `bmaptool` will probably speed-up the copy process because `bmaptool` copies more wisely than `dd`.
             ##### Flashing examples:
             ```shell
-            bmaptool copy ./images/jessie/2017-01-23-rpi3-jessie.img /dev/mmcblk0
+            bmaptool copy ./images/buster/2017-01-23-rpi3-buster.img /dev/mmcblk0
-            dd bs=4M if=./images/jessie/2017-01-23-rpi3-jessie.img of=/dev/mmcblk0
+            dd bs=4M if=./images/buster/2017-01-23-rpi3-buster.img of=/dev/mmcblk0
             ```
             If you have set `ENABLE_SPLITFS`, copy the `-frmw` image on the microSD card, then the `-root` one on the USB drive:
             ```shell
-            bmaptool copy ./images/jessie/2017-01-23-rpi3-jessie-frmw.img /dev/mmcblk0
+            bmaptool copy ./images/buster/2017-01-23-rpi3-buster-frmw.img /dev/mmcblk0
-            bmaptool copy ./images/jessie/2017-01-23-rpi3-jessie-root.img /dev/sdc
+            bmaptool copy ./images/buster/2017-01-23-rpi3-buster-root.img /dev/sdc
             ```
             ## QEMU emulation
             Start QEMU full system emulation:
             ```shell
             qemu-system-arm -m 2048M -M vexpress-a15 -cpu cortex-a15 -kernel kernel7.img -no-reboot -dtb vexpress-v2p-ca15_a7.dtb -sd ${IMAGE_NAME}.qcow2 -append "root=/dev/mmcblk0p2 rw rootfstype=ext4 console=tty1"
             ```
             Start QEMU full system emulation and output to console:
             ```shell
             qemu-system-arm -m 2048M -M vexpress-a15 -cpu cortex-a15 -kernel kernel7.img -no-reboot -dtb vexpress-v2p-ca15_a7.dtb -sd ${IMAGE_NAME}.qcow2 -append "root=/dev/mmcblk0p2 rw rootfstype=ext4 console=ttyAMA0,115200 init=/bin/systemd" -serial stdio
             ```
             Start QEMU full system emulation with SMP and output to console:
             ```shell
             qemu-system-arm -m 2048M -M vexpress-a15 -cpu cortex-a15 -smp cpus=2,maxcpus=2 -kernel kernel7.img -no-reboot -dtb vexpress-v2p-ca15_a7.dtb -sd ${IMAGE_NAME}.qcow2 -append "root=/dev/mmcblk0p2 rw rootfstype=ext4 console=ttyAMA0,115200 init=/bin/systemd" -serial stdio
             ```
             Start QEMU full system emulation with cryptfs, initramfs and output to console:
             ```shell
             qemu-system-arm -m 2048M -M vexpress-a15 -cpu cortex-a15 -kernel kernel7.img -no-reboot -dtb vexpress-v2p-ca15_a7.dtb -sd ${IMAGE_NAME}.qcow2 -initrd "initramfs-${KERNEL_VERSION}" -append "root=/dev/mapper/secure cryptdevice=/dev/mmcblk0p2:secure rw rootfstype=ext4 console=ttyAMA0,115200 init=/bin/systemd" -serial stdio
             ```
-            ## Weekly image builds
-            The image files are provided by JRWR'S I/O PORT and are built once a Sunday at midnight UTC!
-            * [Debian Stretch Raspberry Pi2/3 Weekly Image Builds](https://jrwr.io/doku.php?id=projects:debianpi)
             ## External links and references
             * [Debian worldwide mirror sites](https://www.debian.org/mirror/list)
             * [Debian Raspberry Pi 2 Wiki](https://wiki.debian.org/RaspberryPi2)
             * [Debian CrossToolchains Wiki](https://wiki.debian.org/CrossToolchains)
             * [Official Raspberry Pi Firmware on github](https://github.com/raspberrypi/firmware)
             * [Official Raspberry Pi Kernel on github](https://github.com/raspberrypi/linux)
             * [U-BOOT git repository](https://git.denx.de/?p=u-boot.git;a=summary)
             * [Xorg DDX driver fbturbo](https://github.com/ssvb/xf86-video-fbturbo)
             * [RPi3 Wireless interface firmware](https://github.com/RPi-Distro/firmware-nonfree/tree/master/brcm80211/brcm)
             * [Collabora RPi2 Kernel precompiled](https://repositories.collabora.co.uk/debian/)

bootstrap.d/10-bootstrap.sh +1 -7

             #
             # Debootstrap basic system
             #
             # Load utility functions
             . ./functions.sh
             VARIANT=""
             COMPONENTS="main"
-            EXCLUDES=""
             # Use non-free Debian packages if needed
             if [ "$ENABLE_NONFREE" = true ] ; then
               COMPONENTS="main,non-free,contrib"
             fi
             # Use minbase bootstrap variant which only includes essential packages
             if [ "$ENABLE_MINBASE" = true ] ; then
               VARIANT="--variant=minbase"
             fi
-            # Exclude packages if required by Debian release
-            if [ "$RELEASE" = "stretch" ] || [ "$RELEASE" = "buster" ] ; then
-              EXCLUDES="--exclude=init,systemd-sysv"
-            fi
             # Base debootstrap (unpack only)
-            http_proxy=${APT_PROXY} debootstrap ${EXCLUDES} --arch="${RELEASE_ARCH}" --foreign ${VARIANT} --components="${COMPONENTS}" --include="${APT_INCLUDES}" "${RELEASE}" "${R}" "http://${APT_SERVER}/debian"
+            http_proxy=${APT_PROXY} debootstrap ${APT_EXCLUDES} --arch="${RELEASE_ARCH}" --foreign ${VARIANT} --components="${COMPONENTS}" --include="${APT_INCLUDES}" "${RELEASE}" "${R}" "http://${APT_SERVER}/debian"
             # Copy qemu emulator binary to chroot
             install -m 755 -o root -g root "${QEMU_BINARY}" "${R}${QEMU_BINARY}"
             # Copy debian-archive-keyring.pgp
             mkdir -p "${R}/usr/share/keyrings"
             install_readonly /usr/share/keyrings/debian-archive-keyring.gpg "${R}/usr/share/keyrings/debian-archive-keyring.gpg"
             # Complete the bootstrapping process
             chroot_exec /debootstrap/debootstrap --second-stage
             # Mount required filesystems
             mount -t proc none "${R}/proc"
             mount -t sysfs none "${R}/sys"
             # Mount pseudo terminal slave if supported by Debian release
             if [ -d "${R}/dev/pts" ] ; then
               mount --bind /dev/pts "${R}/dev/pts"
             fi

bootstrap.d/11-apt.sh +6 -29

             #
             # Setup APT repositories
             #
             # Load utility functions
             . ./functions.sh
             # Install and setup APT proxy configuration
             if [ -z "$APT_PROXY" ] ; then
               install_readonly files/apt/10proxy "${ETC_DIR}/apt/apt.conf.d/10proxy"
               sed -i "s/\"\"/\"${APT_PROXY}\"/" "${ETC_DIR}/apt/apt.conf.d/10proxy"
             fi
-            if [ "$BUILD_KERNEL" = false ] ; then
-              # Install APT pinning configuration for flash-kernel package
-              install_readonly files/apt/flash-kernel "${ETC_DIR}/apt/preferences.d/flash-kernel"
-              # Install APT sources.list
-              install_readonly files/apt/sources.list "${ETC_DIR}/apt/sources.list"
-              echo "deb ${COLLABORA_URL} ${RELEASE} rpi2" >> "${ETC_DIR}/apt/sources.list"
-              # Upgrade collabora package index and install collabora keyring
-              chroot_exec apt-get -qq -y update
-              # Removed --allow-unauthenticated as suggested after modification on _apt privileges
-              chroot_exec apt-get -qq -y install collabora-obs-archive-keyring
-            else # BUILD_KERNEL=true
-              # Install APT sources.list
-              install_readonly files/apt/sources.list "${ETC_DIR}/apt/sources.list"
-              # Use specified APT server and release
-              sed -i "s/\/ftp.debian.org\//\/${APT_SERVER}\//" "${ETC_DIR}/apt/sources.list"
-              sed -i "s/ jessie/ ${RELEASE}/" "${ETC_DIR}/apt/sources.list"
-            fi
-            # Allow the installation of non-free Debian packages
-            if [ "$ENABLE_NONFREE" = true ] ; then
-              sed -i "s/ contrib/ contrib non-free/" "${ETC_DIR}/apt/sources.list"
-            fi
             # Upgrade package index and update all installed packages and changed dependencies
             chroot_exec apt-get -qq -y update
             chroot_exec apt-get -qq -y -u dist-upgrade
+            # Install additional packages
             if [ "$APT_INCLUDES_LATE" ] ; then
-              chroot_exec apt-get -qq -y install $(echo $APT_INCLUDES_LATE |tr , ' ')
+              chroot_exec apt-get -qq -y install "$(echo "$APT_INCLUDES_LATE" |tr , ' ')"
             fi
+            # Install Debian custom packages
             if [ -d packages ] ; then
               for package in packages/*.deb ; do
-                cp $package ${R}/tmp
+                cp "$package" "${R}"/tmp
-                chroot_exec dpkg --unpack /tmp/$(basename $package)
+                chroot_exec dpkg --unpack /tmp/"$(basename "$package")"
               done
             fi
             chroot_exec apt-get -qq -y -f install
             chroot_exec apt-get -qq -y check

bootstrap.d/12-locale.sh +2 -2

             #
             # Setup Locales and keyboard settings
             #
             # Load utility functions
             . ./functions.sh
             # Install and setup timezone
-            echo ${TIMEZONE} > "${ETC_DIR}/timezone"
+            echo "${TIMEZONE}" > "${ETC_DIR}/timezone"
             chroot_exec dpkg-reconfigure -f noninteractive tzdata
             # Install and setup default locale and keyboard configuration
-            if [ $(echo "$APT_INCLUDES" | grep ",locales") ] ; then
+            if [ "$(echo "$APT_INCLUDES" | grep ",locales")" ] ; then
               # Set locale choice in debconf db, even though dpkg-reconfigure ignores and overwrites them due to some bug
               # https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=684134 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=685957
               # ... so we have to set locales manually
               if [ "$DEFLOCAL" = "en_US.UTF-8" ] ; then
                 chroot_exec echo "locales locales/locales_to_be_generated multiselect ${DEFLOCAL} UTF-8" | debconf-set-selections
               else
                 # en_US.UTF-8 should be available anyway : https://www.debian.org/doc/manuals/debian-reference/ch08.en.html#_the_reconfiguration_of_the_locale
                 chroot_exec echo "locales locales/locales_to_be_generated multiselect en_US.UTF-8 UTF-8, ${DEFLOCAL} UTF-8" | debconf-set-selections
                 sed -i "/en_US.UTF-8/s/^#//" "${ETC_DIR}/locale.gen"
               fi
               sed -i "/${DEFLOCAL}/s/^#//" "${ETC_DIR}/locale.gen"
               chroot_exec echo "locales locales/default_environment_locale select ${DEFLOCAL}" | debconf-set-selections
               chroot_exec locale-gen
               chroot_exec update-locale LANG="${DEFLOCAL}"
               # Install and setup default keyboard configuration
               if [ "$XKB_MODEL" != "" ] ; then
                 sed -i "s/^XKBMODEL.*/XKBMODEL=\"${XKB_MODEL}\"/" "${ETC_DIR}/default/keyboard"
               fi
               if [ "$XKB_LAYOUT" != "" ] ; then
                 sed -i "s/^XKBLAYOUT.*/XKBLAYOUT=\"${XKB_LAYOUT}\"/" "${ETC_DIR}/default/keyboard"
               fi
               if [ "$XKB_VARIANT" != "" ] ; then
                 sed -i "s/^XKBVARIANT.*/XKBVARIANT=\"${XKB_VARIANT}\"/" "${ETC_DIR}/default/keyboard"
               fi
               if [ "$XKB_OPTIONS" != "" ] ; then
                 sed -i "s/^XKBOPTIONS.*/XKBOPTIONS=\"${XKB_OPTIONS}\"/" "${ETC_DIR}/default/keyboard"
               fi
               chroot_exec dpkg-reconfigure -f noninteractive keyboard-configuration
               # Install and setup font console
               case "${DEFLOCAL}" in
                 *UTF-8)
                   sed -i 's/^CHARMAP.*/CHARMAP="UTF-8"/' "${ETC_DIR}/default/console-setup"
                   ;;
                 *)
                   sed -i 's/^CHARMAP.*/CHARMAP="guess"/' "${ETC_DIR}/default/console-setup"
                   ;;
               esac
               chroot_exec dpkg-reconfigure -f noninteractive console-setup
             else # (no locales were installed)
               # Install POSIX default locale
               install_readonly files/locales/locale "${ETC_DIR}/default/locale"
             fi

bootstrap.d/13-kernel.sh +37 -35

             #
             # Build and Setup RPi2/3 Kernel
             #
             # Load utility functions
             . ./functions.sh
             # Fetch and build latest raspberry kernel
             if [ "$BUILD_KERNEL" = true ] ; then
               # Setup source directory
-              mkdir -p "${R}/usr/src/linux"
+              mkdir -p "${KERNEL_DIR}"
               # Copy existing kernel sources into chroot directory
               if [ -n "$KERNELSRC_DIR" ] && [ -d "$KERNELSRC_DIR" ] ; then
                 # Copy kernel sources and include hidden files
-                cp -r "${KERNELSRC_DIR}/". "${R}/usr/src/linux"
+                cp -r "${KERNELSRC_DIR}/". "${KERNEL_DIR}"
                 # Clean the kernel sources
                 if [ "$KERNELSRC_CLEAN" = true ] && [ "$KERNELSRC_PREBUILT" = false ] ; then
                   make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" mrproper
                 fi
               else # KERNELSRC_DIR=""
                 # Create temporary directory for kernel sources
                 temp_dir=$(as_nobody mktemp -d)
                 # Fetch current RPi2/3 kernel sources
                 if [ -z "${KERNEL_BRANCH}" ] ; then
                   as_nobody -H git -C "${temp_dir}" clone --depth=1 "${KERNEL_URL}" linux
                 else
                   as_nobody -H git -C "${temp_dir}" clone --depth=1 --branch "${KERNEL_BRANCH}" "${KERNEL_URL}" linux
-               fi
+                fi
                 # Copy downloaded kernel sources
-                cp -r "${temp_dir}/linux/"* "${R}/usr/src/linux/"
+                cp -r "${temp_dir}/linux/"* "${KERNEL_DIR}"
                 # Remove temporary directory for kernel sources
                 rm -fr "${temp_dir}"
                 # Set permissions of the kernel sources
                 chown -R root:root "${R}/usr/src"
               fi
               # Calculate optimal number of kernel building threads
               if [ "$KERNEL_THREADS" = "1" ] && [ -r /proc/cpuinfo ] ; then
                 KERNEL_THREADS=$(grep -c processor /proc/cpuinfo)
               fi
               # Configure and build kernel
               if [ "$KERNELSRC_PREBUILT" = false ] ; then
                 # Remove device, network and filesystem drivers from kernel configuration
                 if [ "$KERNEL_REDUCE" = true ] ; then
                   make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" "${KERNEL_DEFCONFIG}"
                   sed -i\
                   -e "s/\(^CONFIG_SND.*\=\).*/\1n/"\
                   -e "s/\(^CONFIG_SOUND.*\=\).*/\1n/"\
                   -e "s/\(^CONFIG_AC97.*\=\).*/\1n/"\
                   -e "s/\(^CONFIG_VIDEO_.*\=\).*/\1n/"\
                   -e "s/\(^CONFIG_MEDIA_TUNER.*\=\).*/\1n/"\
                   -e "s/\(^CONFIG_DVB.*\=\)[ym]/\1n/"\
                   -e "s/\(^CONFIG_REISERFS.*\=\).*/\1n/"\
                   -e "s/\(^CONFIG_JFS.*\=\).*/\1n/"\
                   -e "s/\(^CONFIG_XFS.*\=\).*/\1n/"\
                   -e "s/\(^CONFIG_GFS2.*\=\).*/\1n/"\
                   -e "s/\(^CONFIG_OCFS2.*\=\).*/\1n/"\
                   -e "s/\(^CONFIG_BTRFS.*\=\).*/\1n/"\
                   -e "s/\(^CONFIG_HFS.*\=\).*/\1n/"\
                   -e "s/\(^CONFIG_JFFS2.*\=\)[ym]/\1n/"\
                   -e "s/\(^CONFIG_UBIFS.*\=\).*/\1n/"\
                   -e "s/\(^CONFIG_SQUASHFS.*\=\)[ym]/\1n/"\
                   -e "s/\(^CONFIG_W1.*\=\)[ym]/\1n/"\
                   -e "s/\(^CONFIG_HAMRADIO.*\=\).*/\1n/"\
                   -e "s/\(^CONFIG_CAN.*\=\).*/\1n/"\
                   -e "s/\(^CONFIG_IRDA.*\=\).*/\1n/"\
                   -e "s/\(^CONFIG_BT_.*\=\).*/\1n/"\
                   -e "s/\(^CONFIG_WIMAX.*\=\)[ym]/\1n/"\
                   -e "s/\(^CONFIG_6LOWPAN.*\=\).*/\1n/"\
                   -e "s/\(^CONFIG_IEEE802154.*\=\).*/\1n/"\
                   -e "s/\(^CONFIG_NFC.*\=\).*/\1n/"\
                   -e "s/\(^CONFIG_FB_TFT=.*\=\).*/\1n/"\
                   -e "s/\(^CONFIG_TOUCHSCREEN.*\=\).*/\1n/"\
                   -e "s/\(^CONFIG_USB_GSPCA_.*\=\).*/\1n/"\
                   -e "s/\(^CONFIG_DRM.*\=\).*/\1n/"\
                   "${KERNEL_DIR}/.config"
                 fi
                 if [ "$KERNELSRC_CONFIG" = true ] ; then
                   # Load default raspberry kernel configuration
                   make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" "${KERNEL_DEFCONFIG}"
                   # Set kernel configuration parameters to enable qemu emulation
                   if [ "$ENABLE_QEMU" = true ] ; then
-                    echo "CONFIG_FHANDLE=y" >> ${KERNEL_DIR}/.config
+                    echo "CONFIG_FHANDLE=y" >> "${KERNEL_DIR}"/.config
-                    echo "CONFIG_LBDAF=y" >> ${KERNEL_DIR}/.config
+                    echo "CONFIG_LBDAF=y" >> "${KERNEL_DIR}"/.config
                     if [ "$ENABLE_CRYPTFS" = true ] ; then
-                      echo "CONFIG_EMBEDDED=y" >> ${KERNEL_DIR}/.config
-                      echo "CONFIG_EXPERT=y" >> ${KERNEL_DIR}/.config
+                        echo "CONFIG_EMBEDDED=y"
-                      echo "CONFIG_DAX=y" >> ${KERNEL_DIR}/.config
+                        echo "CONFIG_EXPERT=y"
-                      echo "CONFIG_MD=y" >> ${KERNEL_DIR}/.config
+                        echo "CONFIG_DAX=y"
-                      echo "CONFIG_BLK_DEV_MD=y" >> ${KERNEL_DIR}/.config
+                        echo "CONFIG_MD=y"
-                      echo "CONFIG_MD_AUTODETECT=y" >> ${KERNEL_DIR}/.config
+                        echo "CONFIG_BLK_DEV_MD=y"
-                      echo "CONFIG_BLK_DEV_DM=y" >> ${KERNEL_DIR}/.config
+                        echo "CONFIG_MD_AUTODETECT=y"
-                      echo "CONFIG_BLK_DEV_DM_BUILTIN=y" >> ${KERNEL_DIR}/.config
+                        echo "CONFIG_BLK_DEV_DM=y"
-                      echo "CONFIG_DM_CRYPT=y" >> ${KERNEL_DIR}/.config
+                        echo "CONFIG_BLK_DEV_DM_BUILTIN=y"
-                      echo "CONFIG_CRYPTO_BLKCIPHER=y" >> ${KERNEL_DIR}/.config
+                        echo "CONFIG_DM_CRYPT=y"
-                      echo "CONFIG_CRYPTO_CBC=y" >> ${KERNEL_DIR}/.config
+                        echo "CONFIG_CRYPTO_BLKCIPHER=y"
-                      echo "CONFIG_CRYPTO_XTS=y" >> ${KERNEL_DIR}/.config
+                        echo "CONFIG_CRYPTO_CBC=y"
-                      echo "CONFIG_CRYPTO_SHA512=y" >> ${KERNEL_DIR}/.config
+                        echo "CONFIG_CRYPTO_XTS=y"
-                      echo "CONFIG_CRYPTO_MANAGER=y" >> ${KERNEL_DIR}/.config
+                        echo "CONFIG_CRYPTO_SHA512=y"
-            	fi
+                        echo "CONFIG_CRYPTO_MANAGER=y"
+                      } >> "${KERNEL_DIR}"/.config
+                    fi
                   fi
                   # Copy custom kernel configuration file
-                  if [ ! -z "$KERNELSRC_USRCONFIG" ] ; then
+                  if [ -n "$KERNELSRC_USRCONFIG" ] ; then
-                    cp $KERNELSRC_USRCONFIG ${KERNEL_DIR}/.config
+                    cp "$KERNELSRC_USRCONFIG" "${KERNEL_DIR}"/.config
                   fi
                   # Set kernel configuration parameters to their default values
                   if [ "$KERNEL_OLDDEFCONFIG" = true ] ; then
                     make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" olddefconfig
                   fi
                   # Start menu-driven kernel configuration (interactive)
                   if [ "$KERNEL_MENUCONFIG" = true ] ; then
                     make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" menuconfig
                   fi
                 fi
                 # Use ccache to cross compile the kernel
                 if [ "$KERNEL_CCACHE" = true ] ; then
                   cc="ccache ${CROSS_COMPILE}gcc"
                 else
                   cc="${CROSS_COMPILE}gcc"
                 fi
                 # Cross compile kernel and dtbs
-                make -C "${KERNEL_DIR}" -j${KERNEL_THREADS} ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" CC="${cc}" "${KERNEL_BIN_IMAGE}" dtbs
+                make -C "${KERNEL_DIR}" -j"${KERNEL_THREADS}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" CC="${cc}" "${KERNEL_BIN_IMAGE}" dtbs
                 # Cross compile kernel modules
-                if [ $(grep "CONFIG_MODULES=y" "${KERNEL_DIR}/.config") ] ; then
+                if grep -q "CONFIG_MODULES=y" "${KERNEL_DIR}/.config" ; then
-                  make -C "${KERNEL_DIR}" -j${KERNEL_THREADS} ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" CC="${cc}" modules
+                  make -C "${KERNEL_DIR}" -j"${KERNEL_THREADS}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" CC="${cc}" modules
                 fi
               fi
               # Check if kernel compilation was successful
               if [ ! -r "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/${KERNEL_BIN_IMAGE}" ] ; then
                 echo "error: kernel compilation failed! (kernel image not found)"
                 cleanup
                 exit 1
               fi
               # Install kernel modules
               if [ "$ENABLE_REDUCE" = true ] ; then
-                if [ $(grep "CONFIG_MODULES=y" "${KERNEL_DIR}/.config") ] ; then
+                if grep -q "CONFIG_MODULES=y" "${KERNEL_DIR}/.config" ; then
                   make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_MOD_STRIP=1 INSTALL_MOD_PATH=../../.. modules_install
                 fi
               else
-                if [ $(grep "CONFIG_MODULES=y" "${KERNEL_DIR}/.config") ] ; then
+                if grep -q "CONFIG_MODULES=y" "${KERNEL_DIR}/.config" ; then
                   make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_MOD_PATH=../../.. modules_install
                 fi
                 # Install kernel firmware
-                if [ $(grep "^firmware_install:" "${KERNEL_DIR}/Makefile") ] ; then
+                if grep -q "^firmware_install:" "${KERNEL_DIR}/Makefile" ; then
                   make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_FW_PATH=../../../lib firmware_install
                 fi
               fi
               # Install kernel headers
               if [ "$KERNEL_HEADERS" = true ] && [ "$KERNEL_REDUCE" = false ] ; then
                 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_HDR_PATH=../.. headers_install
               fi
               # Prepare boot (firmware) directory
               mkdir "${BOOT_DIR}"
               # Get kernel release version
-              KERNEL_VERSION=`cat "${KERNEL_DIR}/include/config/kernel.release"`
+              KERNEL_VERSION=$(cat "${KERNEL_DIR}/include/config/kernel.release")
               # Copy kernel configuration file to the boot directory
               install_readonly "${KERNEL_DIR}/.config" "${R}/boot/config-${KERNEL_VERSION}"
               # Prepare device tree directory
               mkdir "${BOOT_DIR}/overlays"
               # Ensure the proper .dtb is located
               if [ "$KERNEL_ARCH" = "arm" ] ; then
                 for dtb in "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/"*.dtb ; do
                   if [ -f "${dtb}" ] ; then
                     install_readonly "${dtb}" "${BOOT_DIR}/"
                   fi
                 done
               else
                 for dtb in "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/broadcom/"*.dtb ; do
                   if [ -f "${dtb}" ] ; then
                     install_readonly "${dtb}" "${BOOT_DIR}/"
                   fi
                 done
               fi
               # Copy compiled dtb device tree files
               if [ -d "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays" ] ; then
                 for dtb in "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays/"*.dtb ; do
                   if [ -f "${dtb}" ] ; then
                     install_readonly "${dtb}" "${BOOT_DIR}/overlays/"
                   fi
                 done
                 if [ -f "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays/README" ] ; then
                   install_readonly "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays/README" "${BOOT_DIR}/overlays/README"
                 fi
               fi
               if [ "$ENABLE_UBOOT" = false ] ; then
                 # Convert and copy kernel image to the boot directory
                 "${KERNEL_DIR}/scripts/mkknlimg" "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/${KERNEL_BIN_IMAGE}" "${BOOT_DIR}/${KERNEL_IMAGE}"
               else
                 # Copy kernel image to the boot directory
                 install_readonly "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/${KERNEL_BIN_IMAGE}" "${BOOT_DIR}/${KERNEL_IMAGE}"
               fi
               # Remove kernel sources
               if [ "$KERNEL_REMOVESRC" = true ] ; then
                 rm -fr "${KERNEL_DIR}"
               else
                 # Prepare compiled kernel modules
-                if [ $(grep "CONFIG_MODULES=y" "${KERNEL_DIR}/.config") ] ; then
+                if grep -q "CONFIG_MODULES=y" "${KERNEL_DIR}/.config" ; then
-                  if [ $(grep "^modules_prepare:" "${KERNEL_DIR}/Makefile") ] ; then
+                  if grep -q "^modules_prepare:" "${KERNEL_DIR}/Makefile" ; then
                     make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" modules_prepare
                   fi
                   # Create symlinks for kernel modules
                   chroot_exec ln -sf /usr/src/linux "/lib/modules/${KERNEL_VERSION}/build"
                   chroot_exec ln -sf /usr/src/linux "/lib/modules/${KERNEL_VERSION}/source"
                 fi
               fi
             else # BUILD_KERNEL=false
               # Kernel installation
               chroot_exec apt-get -qq -y --no-install-recommends install linux-image-"${COLLABORA_KERNEL}" raspberrypi-bootloader-nokernel
               # Install flash-kernel last so it doesn't try (and fail) to detect the platform in the chroot
               chroot_exec apt-get -qq -y install flash-kernel
               # Check if kernel installation was successful
-              VMLINUZ="$(ls -1 ${R}/boot/vmlinuz-* | sort | tail -n 1)"
+              VMLINUZ="$(ls -1 "${R}"/boot/vmlinuz-* | sort | tail -n 1)"
               if [ -z "$VMLINUZ" ] ; then
                 echo "error: kernel installation failed! (/boot/vmlinuz-* not found)"
                 cleanup
                 exit 1
               fi
               # Copy vmlinuz kernel to the boot directory
               install_readonly "${VMLINUZ}" "${BOOT_DIR}/${KERNEL_IMAGE}"
             fi

bootstrap.d/14-fstab.sh +1 -1

             #
             # Setup fstab and initramfs
             #
             # Load utility functions
             . ./functions.sh
             # Install and setup fstab
             install_readonly files/mount/fstab "${ETC_DIR}/fstab"
             # Add usb/sda disk root partition to fstab
             if [ "$ENABLE_SPLITFS" = true ] && [ "$ENABLE_CRYPTFS" = false ] ; then
               sed -i "s/mmcblk0p2/sda1/" "${ETC_DIR}/fstab"
             fi
             # Add encrypted root partition to fstab and crypttab
             if [ "$ENABLE_CRYPTFS" = true ] ; then
               # Replace fstab root partition with encrypted partition mapping
               sed -i "s/mmcblk0p2/mapper\/${CRYPTFS_MAPPING}/" "${ETC_DIR}/fstab"
               # Add encrypted partition to crypttab and fstab
               install_readonly files/mount/crypttab "${ETC_DIR}/crypttab"
               echo "${CRYPTFS_MAPPING} /dev/mmcblk0p2 none luks,initramfs" >> "${ETC_DIR}/crypttab"
               if [ "$ENABLE_SPLITFS" = true ] ; then
                 # Add usb/sda disk to crypttab
                 sed -i "s/mmcblk0p2/sda1/" "${ETC_DIR}/crypttab"
               fi
             fi
             # Generate initramfs file
             if [ "$BUILD_KERNEL" = true ] && [ "$ENABLE_INITRAMFS" = true ] ; then
               if [ "$ENABLE_CRYPTFS" = true ] ; then
                 # Include initramfs scripts to auto expand encrypted root partition
                 if [ "$EXPANDROOT" = true ] ; then
                   install_exec files/initramfs/expand_encrypted_rootfs "${ETC_DIR}/initramfs-tools/scripts/init-premount/expand_encrypted_rootfs"
                   install_exec files/initramfs/expand-premount "${ETC_DIR}/initramfs-tools/scripts/local-premount/expand-premount"
                   install_exec files/initramfs/expand-tools "${ETC_DIR}/initramfs-tools/hooks/expand-tools"
                 fi
                 # Disable SSHD inside initramfs
                 printf "#\n# DROPBEAR: [ y | n ]\n#\n\nDROPBEAR=n\n" >> "${ETC_DIR}/initramfs-tools/initramfs.conf"
                 # Add cryptsetup modules to initramfs
                 printf "#\n# CRYPTSETUP: [ y | n ]\n#\n\nCRYPTSETUP=y\n" >> "${ETC_DIR}/initramfs-tools/conf-hook"
                 # Dummy mapping required by mkinitramfs
-                echo "0 1 crypt $(echo ${CRYPTFS_CIPHER} | cut -d ':' -f 1) ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff 0 7:0 4096" | chroot_exec dmsetup create "${CRYPTFS_MAPPING}"
+                echo "0 1 crypt $(echo "${CRYPTFS_CIPHER}" | cut -d ':' -f 1) ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff 0 7:0 4096" | chroot_exec dmsetup create "${CRYPTFS_MAPPING}"
                 # Generate initramfs with encrypted root partition support
                 chroot_exec mkinitramfs -o "/boot/firmware/initramfs-${KERNEL_VERSION}" "${KERNEL_VERSION}"
                 # Remove dummy mapping
                 chroot_exec cryptsetup close "${CRYPTFS_MAPPING}"
               else
                 # Generate initramfs without encrypted root partition support
                 chroot_exec mkinitramfs -o "/boot/firmware/initramfs-${KERNEL_VERSION}" "${KERNEL_VERSION}"
               fi
             fi

bootstrap.d/15-rpi-config.sh +114 -36

             #
             # Setup RPi2/3 config and cmdline
             #
             # Load utility functions
             . ./functions.sh
             if [ "$BUILD_KERNEL" = true ] ; then
               if [ -n "$RPI_FIRMWARE_DIR" ] && [ -d "$RPI_FIRMWARE_DIR" ] ; then
                 # Install boot binaries from local directory
-                cp ${RPI_FIRMWARE_DIR}/boot/bootcode.bin ${BOOT_DIR}/bootcode.bin
+                cp "${RPI_FIRMWARE_DIR}"/boot/bootcode.bin "${BOOT_DIR}"/bootcode.bin
-                cp ${RPI_FIRMWARE_DIR}/boot/fixup.dat ${BOOT_DIR}/fixup.dat
+                cp "${RPI_FIRMWARE_DIR}"/boot/fixup.dat "${BOOT_DIR}"/fixup.dat
-                cp ${RPI_FIRMWARE_DIR}/boot/fixup_cd.dat ${BOOT_DIR}/fixup_cd.dat
+                cp "${RPI_FIRMWARE_DIR}"/boot/fixup_cd.dat "${BOOT_DIR}"/fixup_cd.dat
-                cp ${RPI_FIRMWARE_DIR}/boot/fixup_x.dat ${BOOT_DIR}/fixup_x.dat
+                cp "${RPI_FIRMWARE_DIR}"/boot/fixup_x.dat "${BOOT_DIR}"/fixup_x.dat
-                cp ${RPI_FIRMWARE_DIR}/boot/start.elf ${BOOT_DIR}/start.elf
+                cp "${RPI_FIRMWARE_DIR}"/boot/start.elf "${BOOT_DIR}"/start.elf
-                cp ${RPI_FIRMWARE_DIR}/boot/start_cd.elf ${BOOT_DIR}/start_cd.elf
+                cp "${RPI_FIRMWARE_DIR}"/boot/start_cd.elf "${BOOT_DIR}"/start_cd.elf
-                cp ${RPI_FIRMWARE_DIR}/boot/start_x.elf ${BOOT_DIR}/start_x.elf
+                cp "${RPI_FIRMWARE_DIR}"/boot/start_x.elf "${BOOT_DIR}"/start_x.elf
               else
                 # Create temporary directory for boot binaries
                 temp_dir=$(as_nobody mktemp -d)
                 # Install latest boot binaries from raspberry/firmware github
                 as_nobody wget -q -O "${temp_dir}/bootcode.bin" "${FIRMWARE_URL}/bootcode.bin"
                 as_nobody wget -q -O "${temp_dir}/fixup.dat" "${FIRMWARE_URL}/fixup.dat"
                 as_nobody wget -q -O "${temp_dir}/fixup_cd.dat" "${FIRMWARE_URL}/fixup_cd.dat"
                 as_nobody wget -q -O "${temp_dir}/fixup_x.dat" "${FIRMWARE_URL}/fixup_x.dat"
                 as_nobody wget -q -O "${temp_dir}/start.elf" "${FIRMWARE_URL}/start.elf"
                 as_nobody wget -q -O "${temp_dir}/start_cd.elf" "${FIRMWARE_URL}/start_cd.elf"
                 as_nobody wget -q -O "${temp_dir}/start_x.elf" "${FIRMWARE_URL}/start_x.elf"
                 # Move downloaded boot binaries
                 mv "${temp_dir}/"* "${BOOT_DIR}/"
                 # Remove temporary directory for boot binaries
                 rm -fr "${temp_dir}"
                 # Set permissions of the boot binaries
                 chown -R root:root "${BOOT_DIR}"
                 chmod -R 600 "${BOOT_DIR}"
               fi
             fi
             # Setup firmware boot cmdline
             if [ "$ENABLE_SPLITFS" = true ] ; then
-              CMDLINE="dwc_otg.lpm_enable=0 root=/dev/sda1 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline rootwait console=tty1"
+              CMDLINE="dwc_otg.lpm_enable=0 root=/dev/sda1 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline rootwait console=tty1 init=/bin/systemd"
             else
-              CMDLINE="dwc_otg.lpm_enable=0 root=/dev/mmcblk0p2 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline rootwait console=tty1"
+              CMDLINE="dwc_otg.lpm_enable=0 root=/dev/mmcblk0p2 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline rootwait console=tty1 init=/bin/systemd"
             fi
             # Add encrypted root partition to cmdline.txt
             if [ "$ENABLE_CRYPTFS" = true ] ; then
               if [ "$ENABLE_SPLITFS" = true ] ; then
-                CMDLINE=$(echo ${CMDLINE} | sed "s/sda1/mapper\/${CRYPTFS_MAPPING} cryptdevice=\/dev\/sda1:${CRYPTFS_MAPPING}/")
+                CMDLINE=$(echo "${CMDLINE}" | sed "s/sda1/mapper\/${CRYPTFS_MAPPING} cryptdevice=\/dev\/sda1:${CRYPTFS_MAPPING}/")
               else
-                CMDLINE=$(echo ${CMDLINE} | sed "s/mmcblk0p2/mapper\/${CRYPTFS_MAPPING} cryptdevice=\/dev\/mmcblk0p2:${CRYPTFS_MAPPING}/")
+                CMDLINE=$(echo "${CMDLINE}" | sed "s/mmcblk0p2/mapper\/${CRYPTFS_MAPPING} cryptdevice=\/dev\/mmcblk0p2:${CRYPTFS_MAPPING}/")
               fi
             fi
-            # Add serial console support
+            #locks cpu at max frequency
+            if [ "$ENABLE_TURBO" = true ] ; then
+              echo "force_turbo=1" >> "${BOOT_DIR}/config.txt"
+            fi
+            if [ "$ENABLE_PRINTK" = true ] ; then
+              install_readonly files/sysctl.d/83-rpi-printk.conf "${ETC_DIR}/sysctl.d/83-rpi-printk.conf"
+            fi
+            # Install udev rule for serial alias
+            install_readonly files/etc/99-com.rules "${LIB_DIR}/udev/rules.d/99-com.rules"
+            if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then
+              # RPI0,3,3P Use default ttyS0 (mini-UART)as serial interface
+              SET_SERIAL="ttyS0"
+              # Bluetooth enabled
+              if [ "$ENABLE_BLUETOOTH" = true ] ; then
+                # Create temporary directory for Bluetooth sources
+                temp_dir=$(as_nobody mktemp -d)
+                # Fetch Bluetooth sources
+                as_nobody git -C "${temp_dir}" clone "${BLUETOOTH_URL}"
+                # Copy downloaded sources
+                mv "${temp_dir}/pi-bluetooth" "${R}/tmp/"
+                # Bluetooth firmware from arch aur https://aur.archlinux.org/packages/pi-bluetooth/
+                as_nobody wget -q -O "${R}/tmp/pi-bluetooth/LICENCE.broadcom_bcm43xx" https://aur.archlinux.org/cgit/aur.git/plain/LICENCE.broadcom_bcm43xx?h=pi-bluetooth
+                as_nobody wget -q -O "${R}/tmp/pi-bluetooth/BCM43430A1.hcd" https://aur.archlinux.org/cgit/aur.git/plain/BCM43430A1.hcd?h=pi-bluetooth
+                # Set permissions
+                chown -R root:root "${R}/tmp/pi-bluetooth"
+                # Install tools
+                install_readonly "${R}/tmp/pi-bluetooth/usr/bin/btuart" "${R}/usr/bin/btuart"
+                install_readonly "${R}/tmp/pi-bluetooth/usr/bin/bthelper" "${R}/usr/bin/bthelper"
+                # Install bluetooth udev rule
+                install_readonly "${R}/tmp/pi-bluetooth/lib/udev/rules.d/90-pi-bluetooth.rules" "${LIB_DIR}/udev/rules.d/90-pi-bluetooth.rules"
+                # Install Firmware Flash file and apropiate licence
+                mkdir -p "$BLUETOOTH_FIRMWARE_DIR"
+                install_readonly "${R}/tmp/pi-bluetooth/LICENCE.broadcom_bcm43xx" "${BLUETOOTH_FIRMWARE_DIR}/LICENCE.broadcom_bcm43xx"
+                install_readonly "${R}/tmp/pi-bluetooth/BCM43430A1.hcd" "${BLUETOOTH_FIRMWARE_DIR}/LICENCE.broadcom_bcm43xx"
+                install_readonly "${R}/tmp/pi-bluetooth/debian/pi-bluetooth.bthelper@.service" "${ETC_DIR}/systemd/system/pi-bluetooth.bthelper@.service"
+                install_readonly "${R}/tmp/pi-bluetooth/debian/pi-bluetooth.hciuart.service" "${ETC_DIR}/systemd/system/pi-bluetooth.hciuart.service"
+                # Remove temporary directory
+                rm -fr "${temp_dir}"
+                # Switch Pi3 Bluetooth function to use the mini-UART (ttyS0) and restore UART0/ttyAMA0 over GPIOs 14 & 15. Slow Bluetooth and slow cpu. Use /dev/ttyS0 instead of /dev/ttyAMA0
+                if [ "$ENABLE_MINIUART_OVERLAY" = true ] ; then
+            	  SET_SERIAL="ttyAMA0"
+            	  # set overlay to swap ttyAMA0 and ttyS0
+                  echo "dtoverlay=pi3-miniuart-bt" >> "${BOOT_DIR}/config.txt"
+            	  # if force_turbo didn't lock cpu at high speed, lock it at low speed (XOR logic) or miniuart will be broken
+            	  if [ "$ENABLE_TURBO" = false ] ; then
+            	    echo "core_freq=250" >> "${BOOT_DIR}/config.txt"
+            	  fi
+            	  # Activate services
+            	  chroot_exec systemctl enable pi-bluetooth.hciuart.service
+            	  #chroot_exec systemctl enable pi-bluetooth.bthelper@.service
+            	else
+            	  chroot_exec systemctl enable pi-bluetooth.hciuart.service
+            	  #chroot_exec systemctl enable pi-bluetooth.bthelper@.service
+            	fi
+              else # if ENABLE_BLUETOOTH = false
+              	# set overlay to disable bluetooth
+                echo "dtoverlay=pi3-disable-bt" >> "${BOOT_DIR}/config.txt"
+              fi # ENABLE_BLUETOOTH end
+            else
+              # RPI1,1P,2 Use default ttyAMA0 (full UART) as serial interface
+              SET_SERIAL="ttyAMA0"
+            fi
+            # may need sudo systemctl disable hciuart
             if [ "$ENABLE_CONSOLE" = true ] ; then
-              CMDLINE="${CMDLINE} console=ttyAMA0,115200 kgdboc=ttyAMA0,115200"
+              echo "enable_uart=1"  >> "${BOOT_DIR}/config.txt"
+              # add string to cmdline
+              CMDLINE="${CMDLINE} console=serial0,115200"
+              # Enable serial console systemd style
+              chroot_exec systemctl enable serial-getty\@"$SET_SERIAL".service
+            else
+              echo "enable_uart=0"  >> "${BOOT_DIR}/config.txt"
+              # disable serial console systemd style
+              chroot_exec systemctl disable serial-getty\@"$SET_SERIAL".service
             fi
             # Remove IPv6 networking support
             if [ "$ENABLE_IPV6" = false ] ; then
               CMDLINE="${CMDLINE} ipv6.disable=1"
             fi
             # Automatically assign predictable network interface names
             if [ "$ENABLE_IFNAMES" = false ] ; then
               CMDLINE="${CMDLINE} net.ifnames=0"
             else
               CMDLINE="${CMDLINE} net.ifnames=1"
             fi
-            # Set init to systemd if required by Debian release
-            if [ "$RELEASE" = "stretch" ] || [ "$RELEASE" = "buster" ] ; then
-              CMDLINE="${CMDLINE} init=/bin/systemd"
-            fi
             # Install firmware boot cmdline
             echo "${CMDLINE}" > "${BOOT_DIR}/cmdline.txt"
             # Install firmware config
             install_readonly files/boot/config.txt "${BOOT_DIR}/config.txt"
             # Setup minimal GPU memory allocation size: 16MB (no X)
             if [ "$ENABLE_MINGPU" = true ] ; then
               echo "gpu_mem=16" >> "${BOOT_DIR}/config.txt"
             fi
             # Setup boot with initramfs
             if [ "$ENABLE_INITRAMFS" = true ] ; then
               echo "initramfs initramfs-${KERNEL_VERSION} followkernel" >> "${BOOT_DIR}/config.txt"
             fi
-            # Disable RPi3 Bluetooth and restore ttyAMA0 serial device
-            if [ "$RPI_MODEL" = 3 ] ; then
-              if [ "$ENABLE_CONSOLE" = true ] && [ "$ENABLE_UBOOT" = false ] ; then
-                echo "dtoverlay=pi3-disable-bt" >> "${BOOT_DIR}/config.txt"
-                echo "enable_uart=1" >> "${BOOT_DIR}/config.txt"
-              fi
-            fi
             # Create firmware configuration and cmdline symlinks
             ln -sf firmware/config.txt "${R}/boot/config.txt"
             ln -sf firmware/cmdline.txt "${R}/boot/cmdline.txt"
             # Install and setup kernel modules to load at boot
-            mkdir -p "${R}/lib/modules-load.d/"
+            mkdir -p "${LIB_DIR}/modules-load.d/"
-            install_readonly files/modules/rpi2.conf "${R}/lib/modules-load.d/rpi2.conf"
+            install_readonly files/modules/rpi2.conf "${LIB_DIR}/modules-load.d/rpi2.conf"
             # Load hardware random module at boot
             if [ "$ENABLE_HWRANDOM" = true ] && [ "$BUILD_KERNEL" = false ] ; then
-              sed -i "s/^# bcm2708_rng/bcm2708_rng/" "${R}/lib/modules-load.d/rpi2.conf"
+              sed -i "s/^# bcm2708_rng/bcm2708_rng/" "${LIB_DIR}/modules-load.d/rpi2.conf"
             fi
             # Load sound module at boot
             if [ "$ENABLE_SOUND" = true ] ; then
-              sed -i "s/^# snd_bcm2835/snd_bcm2835/" "${R}/lib/modules-load.d/rpi2.conf"
+              sed -i "s/^# snd_bcm2835/snd_bcm2835/" "${LIB_DIR}/modules-load.d/rpi2.conf"
             else
               echo "dtparam=audio=off" >> "${BOOT_DIR}/config.txt"
             fi
             # Enable I2C interface
             if [ "$ENABLE_I2C" = true ] ; then
               echo "dtparam=i2c_arm=on" >> "${BOOT_DIR}/config.txt"
-              sed -i "s/^# i2c-bcm2708/i2c-bcm2708/" "${R}/lib/modules-load.d/rpi2.conf"
+              sed -i "s/^# i2c-bcm2708/i2c-bcm2708/" "${LIB_DIR}/modules-load.d/rpi2.conf"
-              sed -i "s/^# i2c-dev/i2c-dev/" "${R}/lib/modules-load.d/rpi2.conf"
+              sed -i "s/^# i2c-dev/i2c-dev/" "${LIB_DIR}/modules-load.d/rpi2.conf"
             fi
             # Enable SPI interface
             if [ "$ENABLE_SPI" = true ] ; then
               echo "dtparam=spi=on" >> "${BOOT_DIR}/config.txt"
-              echo "spi-bcm2708" >> "${R}/lib/modules-load.d/rpi2.conf"
+              echo "spi-bcm2708" >> "${LIB_DIR}/modules-load.d/rpi2.conf"
-              if [ "$RPI_MODEL" = 3 ] ; then
+              if [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ]; then
-                sed -i "s/spi-bcm2708/spi-bcm2835/" "${R}/lib/modules-load.d/rpi2.conf"
+                sed -i "s/spi-bcm2708/spi-bcm2835/" "${LIB_DIR}/modules-load.d/rpi2.conf"
               fi
             fi
             # Disable RPi2/3 under-voltage warnings
-            if [ ! -z "$DISABLE_UNDERVOLT_WARNINGS" ] ; then
+            if [ -n "$DISABLE_UNDERVOLT_WARNINGS" ] ; then
               echo "avoid_warnings=${DISABLE_UNDERVOLT_WARNINGS}" >> "${BOOT_DIR}/config.txt"
             fi
             # Install kernel modules blacklist
             mkdir -p "${ETC_DIR}/modprobe.d/"
             install_readonly files/modules/raspi-blacklist.conf "${ETC_DIR}/modprobe.d/raspi-blacklist.conf"
             # Install sysctl.d configuration files
             install_readonly files/sysctl.d/81-rpi-vm.conf "${ETC_DIR}/sysctl.d/81-rpi-vm.conf"

bootstrap.d/20-networking.sh +32 -34

             #
             # Setup Networking
             #
             # Load utility functions
             . ./functions.sh
             # Install and setup hostname
             install_readonly files/network/hostname "${ETC_DIR}/hostname"
-            sed -i "s/^rpi2-jessie/${HOSTNAME}/" "${ETC_DIR}/hostname"
+            sed -i "s/^RaspberryPI/${HOSTNAME}/" "${ETC_DIR}/hostname"
             # Install and setup hosts
             install_readonly files/network/hosts "${ETC_DIR}/hosts"
-            sed -i "s/rpi2-jessie/${HOSTNAME}/" "${ETC_DIR}/hosts"
+            sed -i "s/RaspberryPI/${HOSTNAME}/" "${ETC_DIR}/hosts"
             # Setup hostname entry with static IP
             if [ "$NET_ADDRESS" != "" ] ; then
               NET_IP=$(echo "${NET_ADDRESS}" | cut -f 1 -d'/')
               sed -i "s/^127.0.1.1/${NET_IP}/" "${ETC_DIR}/hosts"
             fi
             # Remove IPv6 hosts
             if [ "$ENABLE_IPV6" = false ] ; then
               sed -i -e "/::[1-9]/d" -e "/^$/d" "${ETC_DIR}/hosts"
             fi
             # Install hint about network configuration
             install_readonly files/network/interfaces "${ETC_DIR}/network/interfaces"
             # Install configuration for interface eth0
             install_readonly files/network/eth.network "${ETC_DIR}/systemd/network/eth.network"
             # Install configuration for interface wl*
             install_readonly files/network/wlan.network "${ETC_DIR}/systemd/network/wlan.network"
             #always with dhcp since wpa_supplicant integration is missing
             sed -i -e "s/DHCP=.*/DHCP=yes/" -e "/DHCP/q" "${ETC_DIR}/systemd/network/wlan.network"
             if [ "$ENABLE_DHCP" = true ] ; then
               # Enable DHCP configuration for interface eth0
               sed -i -e "s/DHCP=.*/DHCP=yes/" -e "/DHCP/q" "${ETC_DIR}/systemd/network/eth.network"
               # Set DHCP configuration to IPv4 only
               if [ "$ENABLE_IPV6" = false ] ; then
                 sed -i "s/DHCP=.*/DHCP=v4/" "${ETC_DIR}/systemd/network/eth.network"
               fi
             else # ENABLE_DHCP=false
               # Set static network configuration for interface eth0
               sed -i\
               -e "s|DHCP=.*|DHCP=no|"\
               -e "s|Address=\$|Address=${NET_ADDRESS}|"\
               -e "s|Gateway=\$|Gateway=${NET_GATEWAY}|"\
               -e "0,/DNS=\$/ s|DNS=\$|DNS=${NET_DNS_1}|"\
               -e "0,/DNS=\$/ s|DNS=\$|DNS=${NET_DNS_2}|"\
               -e "s|Domains=\$|Domains=${NET_DNS_DOMAINS}|"\
               -e "0,/NTP=\$/ s|NTP=\$|NTP=${NET_NTP_1}|"\
               -e "0,/NTP=\$/ s|NTP=\$|NTP=${NET_NTP_2}|"\
               "${ETC_DIR}/systemd/network/eth.network"
             fi
             # Remove empty settings from network configuration
             sed -i "/.*=\$/d" "${ETC_DIR}/systemd/network/eth.network"
             # Remove empty settings from wlan configuration
             sed -i "/.*=\$/d" "${ETC_DIR}/systemd/network/wlan.network"
             # Move systemd network configuration if required by Debian release
-            if [ "$RELEASE" = "stretch" ] || [ "$RELEASE" = "buster" ] ; then
+            mv -v "${ETC_DIR}/systemd/network/eth.network" "${LIB_DIR}/systemd/network/10-eth.network"
-              mv -v "${ETC_DIR}/systemd/network/eth.network" "${LIB_DIR}/systemd/network/10-eth.network"
+            # If WLAN is enabled copy wlan configuration too
-            	if [ "$ENABLE_WIRELESS" = true ] ; then
+            if [ "$ENABLE_WIRELESS" = true ] ; then
-            	mv -v "${ETC_DIR}/systemd/network/wlan.network" "${LIB_DIR}/systemd/network/11-wlan.network"
+              mv -v "${ETC_DIR}/systemd/network/wlan.network" "${LIB_DIR}/systemd/network/11-wlan.network"
-            	fi
-              rm -fr "${ETC_DIR}/systemd/network"
             fi
+            rm -fr "${ETC_DIR}/systemd/network"
             # Enable systemd-networkd service
             chroot_exec systemctl enable systemd-networkd
             # Install host.conf resolver configuration
             install_readonly files/network/host.conf "${ETC_DIR}/host.conf"
             # Enable network stack hardening
             if [ "$ENABLE_HARDNET" = true ] ; then
               # Install sysctl.d configuration files
               install_readonly files/sysctl.d/82-rpi-net-hardening.conf "${ETC_DIR}/sysctl.d/82-rpi-net-hardening.conf"
               # Setup resolver warnings about spoofed addresses
               sed -i "s/^# spoof warn/spoof warn/" "${ETC_DIR}/host.conf"
             fi
             # Enable time sync
-            if [ "NET_NTP_1" != "" ] ; then
+            if [ "$NET_NTP_1" != "" ] ; then
               chroot_exec systemctl enable systemd-timesyncd.service
             fi
             # Download the firmware binary blob required to use the RPi3 wireless interface
             if [ "$ENABLE_WIRELESS" = true ] ; then
-              if [ ! -d ${WLAN_FIRMWARE_DIR} ] ; then
+              if [ ! -d "${WLAN_FIRMWARE_DIR}" ] ; then
-            	mkdir -p ${WLAN_FIRMWARE_DIR}
+                mkdir -p "${WLAN_FIRMWARE_DIR}"
               fi
               # Create temporary directory for firmware binary blob
               temp_dir=$(as_nobody mktemp -d)
               # Fetch firmware binary blob for RPI3B+
               if [ "$RPI_MODEL" = 3P ] ; then
-              as_nobody wget -q -O "${temp_dir}/brcmfmac43455-sdio.bin" "${WLAN_FIRMWARE_URL}/brcmfmac43455-sdio.bin"
+                # Fetch firmware binary blob for RPi3P
-              as_nobody wget -q -O "${temp_dir}/brcmfmac43455-sdio.txt" "${WLAN_FIRMWARE_URL}/brcmfmac43455-sdio.txt"
+                as_nobody wget -q -O "${temp_dir}/brcmfmac43455-sdio.bin" "${WLAN_FIRMWARE_URL}/brcmfmac43455-sdio.bin"
-              as_nobody wget -q -O "${temp_dir}/brcmfmac43455-sdio.clm_blob" "${WLAN_FIRMWARE_URL}/brcmfmac43455-sdio.clm_blob"
+                as_nobody wget -q -O "${temp_dir}/brcmfmac43455-sdio.txt" "${WLAN_FIRMWARE_URL}/brcmfmac43455-sdio.txt"
-              else
+                as_nobody wget -q -O "${temp_dir}/brcmfmac43455-sdio.clm_blob" "${WLAN_FIRMWARE_URL}/brcmfmac43455-sdio.clm_blob"
-              # Fetch firmware binary blob for RPI3
-              as_nobody wget -q -O "${temp_dir}/brcmfmac43430-sdio.bin" "${WLAN_FIRMWARE_URL}/brcmfmac43430-sdio.bin"
+            	# Move downloaded firmware binary blob
-              as_nobody wget -q -O "${temp_dir}/brcmfmac43430-sdio.txt" "${WLAN_FIRMWARE_URL}/brcmfmac43430-sdio.txt"
+            	mv "${temp_dir}/brcmfmac43455-sdio."* "${WLAN_FIRMWARE_DIR}/"
-              fi
+            	# Set permissions of the firmware binary blob
-              # Move downloaded firmware binary blob
+            	chown root:root "${WLAN_FIRMWARE_DIR}/brcmfmac43455-sdio."*
-              if [ "$RPI_MODEL" = 3P ] ; then
+                chmod 600 "${WLAN_FIRMWARE_DIR}/brcmfmac43455-sdio."*
-              mv "${temp_dir}/brcmfmac43455-sdio."* "${WLAN_FIRMWARE_DIR}/"
+              elif [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 0 ] ; then
-              else
+                # Fetch firmware binary blob for RPi3
-              mv "${temp_dir}/brcmfmac43430-sdio."* "${WLAN_FIRMWARE_DIR}/"
+                as_nobody wget -q -O "${temp_dir}/brcmfmac43430-sdio.bin" "${WLAN_FIRMWARE_URL}/brcmfmac43430-sdio.bin"
+                as_nobody wget -q -O "${temp_dir}/brcmfmac43430-sdio.txt" "${WLAN_FIRMWARE_URL}/brcmfmac43430-sdio.txt"
+            	# Move downloaded firmware binary blob
+            	mv "${temp_dir}/brcmfmac43430-sdio."* "${WLAN_FIRMWARE_DIR}/"
+            	# Set permissions of the firmware binary blob
+            	chown root:root "${WLAN_FIRMWARE_DIR}/brcmfmac43430-sdio."*
+                chmod 600 "${WLAN_FIRMWARE_DIR}/brcmfmac43430-sdio."*
               fi
               # Remove temporary directory for firmware binary blob
               rm -fr "${temp_dir}"
-              # Set permissions of the firmware binary blob
-              if [ "$RPI_MODEL" = 3P ] ; then
-              chown root:root "${WLAN_FIRMWARE_DIR}/brcmfmac43455-sdio."*
-              chmod 600 "${WLAN_FIRMWARE_DIR}/brcmfmac43455-sdio."*
-              else
-              chown root:root "${WLAN_FIRMWARE_DIR}/brcmfmac43430-sdio."*
-              chmod 600 "${WLAN_FIRMWARE_DIR}/brcmfmac43430-sdio."*
-              fi
             fi

bootstrap.d/21-firewall.sh +5 -1

             #
             # Setup Firewall
             #
             # Load utility functions
             . ./functions.sh
             if [ "$ENABLE_IPTABLES" = true ] ; then
               # Create iptables configuration directory
               mkdir -p "${ETC_DIR}/iptables"
+              # make sure iptables-legacy is the used alternatives
+              #iptables-save and -restore are slaves of iptables and thus are set accordingly
+              chroot_exec update-alternatives --verbose --set iptables /usr/sbin/iptables-legacy
               # Install iptables systemd service
               install_readonly files/iptables/iptables.service "${ETC_DIR}/systemd/system/iptables.service"
               # Install flush-table script called by iptables service
               install_exec files/iptables/flush-iptables.sh "${ETC_DIR}/iptables/flush-iptables.sh"
               # Install iptables rule file
               install_readonly files/iptables/iptables.rules "${ETC_DIR}/iptables/iptables.rules"
               # Reload systemd configuration and enable iptables service
               chroot_exec systemctl daemon-reload
               chroot_exec systemctl enable iptables.service
               if [ "$ENABLE_IPV6" = true ] ; then
                 # Install ip6tables systemd service
                 install_readonly files/iptables/ip6tables.service "${ETC_DIR}/systemd/system/ip6tables.service"
                 # Install ip6tables file
                 install_exec files/iptables/flush-ip6tables.sh "${ETC_DIR}/iptables/flush-ip6tables.sh"
                 install_readonly files/iptables/ip6tables.rules "${ETC_DIR}/iptables/ip6tables.rules"
                 # Reload systemd configuration and enable iptables service
                 chroot_exec systemctl daemon-reload
                 chroot_exec systemctl enable ip6tables.service
               fi
               if [ "$ENABLE_SSHD" = false ] ; then
                # Remove SSHD related iptables rules
                sed -i "/^#/! {/SSH/ s/^/# /}" "${ETC_DIR}/iptables/iptables.rules" 2> /dev/null
                sed -i "/^#/! {/SSH/ s/^/# /}" "${ETC_DIR}/iptables/ip6tables.rules" 2> /dev/null
               fi
             fi

bootstrap.d/30-security.sh +4 -4

             #
             # Setup users and security settings
             #
             # Load utility functions
             . ./functions.sh
             # Generate crypt(3) password string
-            ENCRYPTED_PASSWORD=`mkpasswd -m sha-512 "${PASSWORD}"`
+            ENCRYPTED_PASSWORD=$(mkpasswd -m sha-512 "${PASSWORD}")
-            ENCRYPTED_USER_PASSWORD=`mkpasswd -m sha-512 "${USER_PASSWORD}"`
+            ENCRYPTED_USER_PASSWORD=$(mkpasswd -m sha-512 "${USER_PASSWORD}")
             # Setup default user
             if [ "$ENABLE_USER" = true ] ; then
-              chroot_exec adduser --gecos $USER_NAME --add_extra_groups --disabled-password $USER_NAME
+              chroot_exec adduser --gecos "$USER_NAME" --add_extra_groups --disabled-password "$USER_NAME"
-              chroot_exec usermod -a -G sudo -p "${ENCRYPTED_USER_PASSWORD}" $USER_NAME
+              chroot_exec usermod -a -G sudo -p "${ENCRYPTED_USER_PASSWORD}" "$USER_NAME"
             fi
             # Setup root password or not
             if [ "$ENABLE_ROOT" = true ] ; then
               chroot_exec usermod -p "${ENCRYPTED_PASSWORD}" root
             else
               # Set no root password to disable root login
               chroot_exec usermod -p \'!\' root
             fi
             # Enable serial console systemd style
             if [ "$ENABLE_CONSOLE" = true ] ; then
               chroot_exec systemctl enable serial-getty\@ttyAMA0.service
             fi

bootstrap.d/32-sshd.sh +6 -6

             #
             # Setup SSH settings and public keys
             #
             # Load utility functions
             . ./functions.sh
             if [ "$ENABLE_SSHD" = true ] ; then
               DROPBEAR_ARGS=""
               if [ "$SSH_ENABLE_ROOT" = false ] ; then
                 if [ "$ENABLE_REDUCE" = false ] || [ "$REDUCE_SSHD" = false ] ; then
                   # User root is not allowed to log in
                   sed -i "s|[#]*PermitRootLogin.*|PermitRootLogin no|g" "${ETC_DIR}/ssh/sshd_config"
                 else
                   # User root is not allowed to log in
                   DROPBEAR_ARGS="-w"
                 fi
               fi
               if [ "$ENABLE_ROOT" = true ] && [ "$SSH_ENABLE_ROOT" = true ] ; then
                 if [ "$ENABLE_REDUCE" = false ] || [ "$REDUCE_SSHD" = false ] ; then
                   # Permit SSH root login
                   sed -i "s|[#]*PermitRootLogin.*|PermitRootLogin yes|g" "${ETC_DIR}/ssh/sshd_config"
                 else
                   # Permit SSH root login
                   DROPBEAR_ARGS=""
                 fi
                 # Add SSH (v2) public key for user root
-                if [ ! -z "$SSH_ROOT_PUB_KEY" ] ; then
+                if [ -n "$SSH_ROOT_PUB_KEY" ] ; then
                   # Create root SSH config directory
                   mkdir -p "${R}/root/.ssh"
                   # Set permissions of root SSH config directory
                   chroot_exec chmod 700 "/root/.ssh"
                   chroot_exec chown root:root "/root/.ssh"
                   # Add SSH (v2) public key(s) to authorized_keys file
                   cat "$SSH_ROOT_PUB_KEY" >> "${R}/root/.ssh/authorized_keys"
                   # Set permissions of root SSH authorized_keys file
                   chroot_exec chmod 600 "/root/.ssh/authorized_keys"
                   chroot_exec chown root:root "/root/.ssh/authorized_keys"
                   if [ "$ENABLE_REDUCE" = false ] || [ "$REDUCE_SSHD" = false ] ; then
                     # Allow SSH public key authentication
                     sed -i "s|[#]*PubkeyAuthentication.*|PubkeyAuthentication yes|g" "${ETC_DIR}/ssh/sshd_config"
                   fi
                 fi
               fi
               if [ "$ENABLE_USER" = true ] ; then
                 # Add SSH (v2) public key for user $USER_NAME
-                if [ ! -z "$SSH_USER_PUB_KEY" ] ; then
+                if [ -n "$SSH_USER_PUB_KEY" ] ; then
                   # Create $USER_NAME SSH config directory
                   mkdir -p "${R}/home/${USER_NAME}/.ssh"
                   # Set permissions of $USER_NAME SSH config directory
                   chroot_exec chmod 700 "/home/${USER_NAME}/.ssh"
-                  chroot_exec chown ${USER_NAME}:${USER_NAME} "/home/${USER_NAME}/.ssh"
+                  chroot_exec chown "${USER_NAME}":"${USER_NAME}" "/home/${USER_NAME}/.ssh"
                   # Add SSH (v2) public key(s) to authorized_keys file
                   cat "$SSH_USER_PUB_KEY" >> "${R}/home/${USER_NAME}/.ssh/authorized_keys"
                   # Set permissions of $USER_NAME SSH config directory
                   chroot_exec chmod 600 "/home/${USER_NAME}/.ssh/authorized_keys"
-                  chroot_exec chown ${USER_NAME}:${USER_NAME} "/home/${USER_NAME}/.ssh/authorized_keys"
+                  chroot_exec chown "${USER_NAME}":"${USER_NAME}" "/home/${USER_NAME}/.ssh/authorized_keys"
                   if [ "$ENABLE_REDUCE" = false ] || [ "$REDUCE_SSHD" = false ] ; then
                     # Allow SSH public key authentication
                     sed -i "s|[#]*PubkeyAuthentication.*|PubkeyAuthentication yes|g" "${ETC_DIR}/ssh/sshd_config"
                   fi
                 fi
               fi
               # Limit the users that are allowed to login via SSH
               if [ "$SSH_LIMIT_USERS" = true ] && [ "$ENABLE_REDUCE" = false ] ; then
                 allowed_users=""
                 if [ "$ENABLE_ROOT" = true ] && [ "$SSH_ENABLE_ROOT" = true ] ; then
                   allowed_users="root"
                 fi
                 if [ "$ENABLE_USER" = true ] ; then
                   allowed_users="${allowed_users} ${USER_NAME}"
                 fi
-                if [ ! -z "$allowed_users" ] ; then
+                if [ -n "$allowed_users" ] ; then
                   echo "AllowUsers ${allowed_users}" >> "${ETC_DIR}/ssh/sshd_config"
                 fi
               fi
               # Disable password-based authentication
               if [ "$SSH_DISABLE_PASSWORD_AUTH" = true ] ; then
                 if [ "$ENABLE_ROOT" = true ] && [ "$SSH_ENABLE_ROOT" = true ] ; then
                   if [ "$ENABLE_REDUCE" = false ] || [ "$REDUCE_SSHD" = false ] ; then
                     sed -i "s|[#]*PermitRootLogin.*|PermitRootLogin without-password|g" "${ETC_DIR}/ssh/sshd_config"
                   else
                     DROPBEAR_ARGS="-g"
                   fi
                 fi
                 if [ "$ENABLE_REDUCE" = false ] || [ "$REDUCE_SSHD" = false ] ; then
                   sed -i "s|[#]*PasswordAuthentication.*|PasswordAuthentication no|g" "${ETC_DIR}/ssh/sshd_config"
                   sed -i "s|[#]*ChallengeResponseAuthentication no.*|ChallengeResponseAuthentication no|g" "${ETC_DIR}/ssh/sshd_config"
                   sed -i "s|[#]*UsePAM.*|UsePAM no|g" "${ETC_DIR}/ssh/sshd_config"
                 else
                   DROPBEAR_ARGS="${DROPBEAR_ARGS} -s"
                 fi
               fi
               # Update dropbear SSH configuration
               if [ "$ENABLE_REDUCE" = true ] && [ "$REDUCE_SSHD" = true ] ; then
                 sed "s|^DROPBEAR_EXTRA_ARGS=.*|DROPBEAR_EXTRA_ARGS=\"${DROPBEAR_ARGS}\"|g" "${ETC_DIR}/default/dropbear"
               fi
-            fi
+            fi
  No newline at end of file

bootstrap.d/41-uboot.sh +17 -5

             #
             # Build and Setup U-Boot
             #
             # Load utility functions
             . ./functions.sh
             # Fetch and build U-Boot bootloader
             if [ "$ENABLE_UBOOT" = true ] ; then
               # Install c/c++ build environment inside the chroot
               chroot_install_cc
               # Copy existing U-Boot sources into chroot directory
               if [ -n "$UBOOTSRC_DIR" ] && [ -d "$UBOOTSRC_DIR" ] ; then
                 # Copy local U-Boot sources
                 cp -r "${UBOOTSRC_DIR}" "${R}/tmp"
               else
                 # Create temporary directory for U-Boot sources
                 temp_dir=$(as_nobody mktemp -d)
                 # Fetch U-Boot sources
                 as_nobody git -C "${temp_dir}" clone "${UBOOT_URL}"
                 # Copy downloaded U-Boot sources
                 mv "${temp_dir}/u-boot" "${R}/tmp/"
                 # Set permissions of the U-Boot sources
                 chown -R root:root "${R}/tmp/u-boot"
                 # Remove temporary directory for U-Boot sources
                 rm -fr "${temp_dir}"
               fi
               # Build and install U-Boot inside chroot
-              chroot_exec make -j${KERNEL_THREADS} -C /tmp/u-boot/ ${UBOOT_CONFIG} all
+              chroot_exec make -j"${KERNEL_THREADS}" -C /tmp/u-boot/ "${UBOOT_CONFIG}" all
               # Copy compiled bootloader binary and set config.txt to load it
               install_exec "${R}/tmp/u-boot/tools/mkimage" "${R}/usr/sbin/mkimage"
               install_readonly "${R}/tmp/u-boot/u-boot.bin" "${BOOT_DIR}/u-boot.bin"
               printf "\n# boot u-boot kernel\nkernel=u-boot.bin\n" >> "${BOOT_DIR}/config.txt"
               # Install and setup U-Boot command file
               install_readonly files/boot/uboot.mkimage "${BOOT_DIR}/uboot.mkimage"
-              printf "# Set the kernel boot command line\nsetenv bootargs \"earlyprintk ${CMDLINE}\"\n\n$(cat ${BOOT_DIR}/uboot.mkimage)" > "${BOOT_DIR}/uboot.mkimage"
+              printf "# Set the kernel boot command line\nsetenv bootargs \"earlyprintk ${CMDLINE}\"\n\n$(cat "${BOOT_DIR}"/uboot.mkimage)" > "${BOOT_DIR}/uboot.mkimage"
               if [ "$ENABLE_INITRAMFS" = true ] ; then
                 # Convert generated initramfs for U-Boot using mkimage
                 chroot_exec /usr/sbin/mkimage -A "${KERNEL_ARCH}" -T ramdisk -C none -n "initramfs-${KERNEL_VERSION}" -d "/boot/firmware/initramfs-${KERNEL_VERSION}" "/boot/firmware/initramfs-${KERNEL_VERSION}.uboot"
                 # Remove original initramfs file
                 rm -f "${BOOT_DIR}/initramfs-${KERNEL_VERSION}"
                 # Configure U-Boot to load generated initramfs
-                printf "# Set initramfs file\nsetenv initramfs initramfs-${KERNEL_VERSION}.uboot\n\n$(cat ${BOOT_DIR}/uboot.mkimage)" > "${BOOT_DIR}/uboot.mkimage"
+                printf "# Set initramfs file\nsetenv initramfs initramfs-${KERNEL_VERSION}.uboot\n\n$(cat "${BOOT_DIR}"/uboot.mkimage)" > "${BOOT_DIR}/uboot.mkimage"
                 printf "\nbootz \${kernel_addr_r} \${ramdisk_addr_r} \${fdt_addr_r}" >> "${BOOT_DIR}/uboot.mkimage"
               else # ENABLE_INITRAMFS=false
                 # Remove initramfs from U-Boot mkfile
                 sed -i '/.*initramfs.*/d' "${BOOT_DIR}/uboot.mkimage"
                 if [ "$BUILD_KERNEL" = false ] ; then
                   # Remove dtbfile from U-Boot mkfile
                   sed -i '/.*dtbfile.*/d' "${BOOT_DIR}/uboot.mkimage"
                   printf "\nbootz \${kernel_addr_r}" >> "${BOOT_DIR}/uboot.mkimage"
                 else
                   printf "\nbootz \${kernel_addr_r} - \${fdt_addr_r}" >> "${BOOT_DIR}/uboot.mkimage"
                 fi
               fi
+              if [ "$SET_ARCH" = 64 ] ; then
+                echo "Setting up config.txt to boot 64bit uboot"
+                {
+                  printf "\n# 64bit-mode"
+                  printf "\n# arm_control=0x200 is deprecated https://www.raspberrypi.org/documentation/configuration/config-txt/misc.md"
+                  printf "\narm_64bit=1"
+                } >> "${BOOT_DIR}/config.txt"
+                #in 64bit uboot booti is used instead of bootz [like in KERNEL_BIN_IMAGE=zImage (armv7)|| Image(armv8)]
+                sed -i "s|bootz|booti|g" "${BOOT_DIR}/uboot.mkimage"
+              fi
               # Set mkfile to use the correct dtb file
-              sed -i "s/^\(setenv dtbfile \).*/\1${DTB_FILE}/" "${BOOT_DIR}/uboot.mkimage"
+              sed -i "s|bcm2709-rpi-2-b.dtb|${DTB_FILE}|" "${BOOT_DIR}/uboot.mkimage"
               # Set mkfile to use the correct mach id
               if [ "$ENABLE_QEMU" = true ] ; then
                 sed -i "s/^\(setenv machid \).*/\10x000008e0/" "${BOOT_DIR}/uboot.mkimage"
               fi
               # Set mkfile to use kernel image
-              sed -i "s/^\(fatload mmc 0:1 \${kernel_addr_r} \).*/\1${KERNEL_IMAGE}/" "${BOOT_DIR}/uboot.mkimage"
+              sed -i "s|kernel7.img|${KERNEL_IMAGE}|" "${BOOT_DIR}/uboot.mkimage"
               # Remove all leading blank lines
               sed -i "/./,\$!d" "${BOOT_DIR}/uboot.mkimage"
               # Generate U-Boot bootloader image
               chroot_exec /usr/sbin/mkimage -A "${KERNEL_ARCH}" -O linux -T script -C none -a 0x00000000 -e 0x00000000 -n "RPi${RPI_MODEL}" -d /boot/firmware/uboot.mkimage /boot/firmware/boot.scr
               # Remove U-Boot sources
               rm -fr "${R}/tmp/u-boot"
             fi

bootstrap.d/42-fbturbo.sh +1 -5

             #
             # Build and Setup fbturbo Xorg driver
             #
             # Load utility functions
             . ./functions.sh
             if [ "$ENABLE_FBTURBO" = true ] ; then
               # Install c/c++ build environment inside the chroot
               chroot_install_cc
               # Copy existing fbturbo sources into chroot directory
               if [ -n "$FBTURBOSRC_DIR" ] && [ -d "$FBTURBOSRC_DIR" ] ; then
                 # Copy local fbturbo sources
                 cp -r "${FBTURBOSRC_DIR}" "${R}/tmp"
               else
                 # Create temporary directory for fbturbo sources
                 temp_dir=$(as_nobody mktemp -d)
                 # Fetch fbturbo sources
                 as_nobody git -C "${temp_dir}" clone "${FBTURBO_URL}"
                 # Move downloaded fbturbo sources
                 mv "${temp_dir}/xf86-video-fbturbo" "${R}/tmp/"
                 # Remove temporary directory for fbturbo sources
                 rm -fr "${temp_dir}"
               fi
               # Install Xorg build dependencies
-              if [ "$RELEASE" = "jessie" ] || [ "$RELEASE" = "stretch" ] || [ "$RELEASE" = "buster" ] ; then
+              chroot_exec apt-get -q -y --no-install-recommends --allow-unauthenticated install xorg-dev xutils-dev x11proto-dri2-dev libltdl-dev libtool automake libdrm-dev
-                chroot_exec apt-get -q -y --no-install-recommends install xorg-dev xutils-dev x11proto-dri2-dev libltdl-dev libtool automake libdrm-dev
-              elif [ "$RELEASE" = "stretch" ] || [ "$RELEASE" = "buster" ] ; then
-                chroot_exec apt-get -q -y --no-install-recommends --allow-unauthenticated install xorg-dev xutils-dev x11proto-dri2-dev libltdl-dev libtool automake libdrm-dev
-              fi
               # Build and install fbturbo driver inside chroot
               chroot_exec /bin/bash -x <<'EOF'
             cd /tmp/xf86-video-fbturbo
             autoreconf -vi
             ./configure --prefix=/usr
             make
             make install
             EOF
               # Install fbturbo driver Xorg configuration
               install_readonly files/xorg/99-fbturbo.conf "${R}/usr/share/X11/xorg.conf.d/99-fbturbo.conf"
               # Remove Xorg build dependencies
               chroot_exec apt-get -qq -y --auto-remove purge xorg-dev xutils-dev x11proto-dri2-dev libltdl-dev libtool automake libdrm-dev
             fi

bootstrap.d/99-reduce.sh +5 -14

             #
             # Reduce system disk usage
             #
             # Load utility functions
             . ./functions.sh
             # Reduce the image size by various operations
             if [ "$ENABLE_REDUCE" = true ] ; then
               if [ "$REDUCE_APT" = true ] ; then
                 # Install dpkg configuration file
                 if [ "$REDUCE_DOC" = true ] || [ "$REDUCE_MAN" = true ] ; then
                   install_readonly files/dpkg/01nodoc "${ETC_DIR}/dpkg/dpkg.cfg.d/01nodoc"
                 fi
                 # Install APT configuration files
                 install_readonly files/apt/02nocache "${ETC_DIR}/apt/apt.conf.d/02nocache"
                 install_readonly files/apt/03compress "${ETC_DIR}/apt/apt.conf.d/03compress"
                 install_readonly files/apt/04norecommends "${ETC_DIR}/apt/apt.conf.d/04norecommends"
                 # Remove APT cache files
                 rm -fr "${R}/var/cache/apt/pkgcache.bin"
                 rm -fr "${R}/var/cache/apt/srcpkgcache.bin"
               fi
               # Remove all doc files
               if [ "$REDUCE_DOC" = true ] ; then
-                find "${R}/usr/share/doc" -depth -type f ! -name copyright | xargs rm || true
+                find "${R}/usr/share/doc" -depth -type f ! -name copyright -print0 | xargs -0 rm || true
-                find "${R}/usr/share/doc" -empty | xargs rmdir || true
+                find "${R}/usr/share/doc" -empty -print0 | xargs -0 rmdir || true
               fi
               # Remove all man pages and info files
               if [ "$REDUCE_MAN" = true ] ; then
                 rm -rf "${R}/usr/share/man" "${R}/usr/share/groff" "${R}/usr/share/info" "${R}/usr/share/lintian" "${R}/usr/share/linda" "${R}/var/cache/man"
               fi
               # Remove all locale translation files
               if [ "$REDUCE_LOCALE" = true ] ; then
-                find "${R}/usr/share/locale" -mindepth 1 -maxdepth 1 ! -name 'en' | xargs rm -r
+                find "${R}/usr/share/locale" -mindepth 1 -maxdepth 1 ! -name 'en' -print0 | xargs -0 rm -r
               fi
               # Remove hwdb PCI device classes (experimental)
               if [ "$REDUCE_HWDB" = true ] ; then
                 rm -fr "/lib/udev/hwdb.d/20-pci-*"
               fi
               # Replace bash shell by dash shell (experimental)
               if [ "$REDUCE_BASH" = true ] ; then
-                if [ "$RELEASE" = "stretch" ] || [ "$RELEASE" = "buster" ] ; then
+                # Purge bash and update alternatives
-                  echo "Yes, do as I say!" | chroot_exec apt-get purge -qq -y --allow-remove-essential bash
+                echo "Yes, do as I say!" | chroot_exec apt-get purge -qq -y --allow-remove-essential bash
-                else
-                  echo "Yes, do as I say!" | chroot_exec apt-get purge -qq -y --force-yes bash
-                fi
                 chroot_exec update-alternatives --install /bin/bash bash /bin/dash 100
               fi
               # Remove sound utils and libraries
               if [ "$ENABLE_SOUND" = false ] ; then
                 chroot_exec apt-get -qq -y purge alsa-utils libsamplerate0 libasound2 libasound2-data
               fi
-              # Re-install tools for managing kernel modules
-              if [ "$RELEASE" = "jessie" ] ; then
-                chroot_exec apt-get -qq -y install module-init-tools
-              fi
               # Remove GPU kernels
               if [ "$ENABLE_MINGPU" = true ] ; then
                 rm -f "${BOOT_DIR}/start.elf"
                 rm -f "${BOOT_DIR}/fixup.dat"
                 rm -f "${BOOT_DIR}/start_x.elf"
                 rm -f "${BOOT_DIR}/fixup_x.dat"
               fi
               # Remove kernel and initrd from /boot (already in /boot/firmware)
               if [ "$BUILD_KERNEL" = false ] ; then
                 rm -f "${R}/boot/vmlinuz-*"
                 rm -f "${R}/boot/initrd.img-*"
               fi
               # Clean APT list of repositories
               rm -fr "${R}/var/lib/apt/lists/*"
               chroot_exec apt-get -qq -y update
             fi

files/boot/uboot.mkimage +1 0

             # Set device tree fdtfile
             setenv dtbfile bcm2709-rpi-2-b.dtb
             # Tell Linux that it is booting on a Raspberry Pi2/3
             setenv machid 0x00000c42
             # Save these changes to u-boot's environment
             saveenv
             # Load the existing Linux kernel into RAM
+            mmc dev 0
             fatload mmc 0:1 ${kernel_addr_r} kernel7.img
             fatload mmc 0:1 ${fdt_addr_r} ${dtbfile}
             fatload mmc 0:1 ${ramdisk_addr_r} ${initramfs}
             # Boot the kernel we have just loaded

files/iptables/ip6tables.service +1 -1

             [Unit]
             Description=Packet Filtering Framework
             DefaultDependencies=no
             After=systemd-sysctl.service
             Before=sysinit.target
             [Service]
             Type=oneshot
-            ExecStart=/sbin/ip6tables-restore /etc/iptables/ip6tables.rules
+            ExecStart=/sbin/ip6tables-restore -w 5 /etc/iptables/ip6tables.rules
             ExecReload=/sbin/ip6tables-restore /etc/iptables/ip6tables.rules
             ExecStop=/etc/iptables/flush-ip6tables.sh
             RemainAfterExit=yes
             [Install]
             WantedBy=multi-user.target

files/iptables/iptables.service +1 -1

             [Unit]
             Description=Packet Filtering Framework
             DefaultDependencies=no
             After=systemd-sysctl.service
             Before=sysinit.target
             [Service]
             Type=oneshot
-            ExecStart=/sbin/iptables-restore /etc/iptables/iptables.rules
+            ExecStart=/sbin/iptables-restore -w 5 /etc/iptables/iptables.rules
             ExecReload=/sbin/iptables-restore /etc/iptables/iptables.rules
             ExecStop=/etc/iptables/flush-iptables.sh
             RemainAfterExit=yes
             [Install]
             WantedBy=multi-user.target

files/network/hostname +1 -1

	@@ -1,1 +1,1
	1	rpi2-jessie		1	RaspberryPI

files/network/hosts +1 -1

 .0.0.1       localhost
-.0.1.1       rpi2-jessie
+.0.1.1       RaspberryPI
             ::1             localhost ip6-localhost ip6-loopback
             ff02::1         ip6-allnodes
             ff02::2         ip6-allrouters

functions.sh +8 -12

             # This file contains utility functions used by rpi23-gen-image.sh
             cleanup (){
               set +x
               set +e
               # Identify and kill all processes still using files
               echo "killing processes using mount point ..."
               fuser -k "${R}"
               sleep 3
               fuser -9 -k -v "${R}"
               # Clean up temporary .password file
               if [ -r ".password" ] ; then
                 shred -zu .password
               fi
               # Clean up all temporary mount points
               echo "removing temporary mount points ..."
               umount -l "${R}/proc" 2> /dev/null
               umount -l "${R}/sys" 2> /dev/null
               umount -l "${R}/dev/pts" 2> /dev/null
               umount "$BUILDDIR/mount/boot/firmware" 2> /dev/null
               umount "$BUILDDIR/mount" 2> /dev/null
               cryptsetup close "${CRYPTFS_MAPPING}" 2> /dev/null
               losetup -d "$ROOT_LOOP" 2> /dev/null
               losetup -d "$FRMW_LOOP" 2> /dev/null
               trap - 0 1 2 3 6
             }
             chroot_exec() {
               # Exec command in chroot
-              LANG=C LC_ALL=C DEBIAN_FRONTEND=noninteractive chroot ${R} $*
+              LANG=C LC_ALL=C DEBIAN_FRONTEND=noninteractive chroot "${R}" "$@"
             }
             as_nobody() {
               # Exec command as user nobody
-              sudo -E -u nobody LANG=C LC_ALL=C $*
+              sudo -E -u nobody LANG=C LC_ALL=C "$@"
             }
             install_readonly() {
               # Install file with user read-only permissions
-              install -o root -g root -m 644 $*
+              install -o root -g root -m 644 "$@"
             }
             install_exec() {
               # Install file with root exec permissions
-              install -o root -g root -m 744 $*
+              install -o root -g root -m 744 "$@"
             }
             use_template () {
               # Test if configuration template file exists
               if [ ! -r "./templates/${CONFIG_TEMPLATE}" ] ; then
                 echo "error: configuration template ${CONFIG_TEMPLATE} not found"
                 exit 1
               fi
               # Load template configuration parameters
               . "./templates/${CONFIG_TEMPLATE}"
             }
             chroot_install_cc() {
               # Install c/c++ build environment inside the chroot
               if [ -z "${COMPILER_PACKAGES}" ] ; then
                 COMPILER_PACKAGES=$(chroot_exec apt-get -s install g++ make bc | grep "^Inst " | awk -v ORS=" " '{ print $2 }')
+            	# Install COMPILER_PACKAGES in chroot
-                if [ "$RELEASE" = "jessie" ] || [ "$RELEASE" = "stretch" ] || [ "$RELEASE" = "buster" ] ; then
+                chroot_exec apt-get -q -y --allow-unauthenticated --no-install-recommends install "${COMPILER_PACKAGES}"
-                  chroot_exec apt-get -q -y --no-install-recommends install ${COMPILER_PACKAGES}
-                elif [ "$RELEASE" = "stretch" ] || [ "$RELEASE" = "buster" ] ; then
-                  chroot_exec apt-get -q -y --allow-unauthenticated --no-install-recommends install ${COMPILER_PACKAGES}
-                fi
               fi
             }
             chroot_remove_cc() {
               # Remove c/c++ build environment from the chroot
-              if [ ! -z "${COMPILER_PACKAGES}" ] ; then
+              if [ -n "${COMPILER_PACKAGES}" ] ; then
-                chroot_exec apt-get -qq -y --auto-remove purge ${COMPILER_PACKAGES}
+                chroot_exec apt-get -qq -y --auto-remove purge "${COMPILER_PACKAGES}"
                 COMPILER_PACKAGES=""
               fi
             }

rpi23-gen-image.sh +192 -159

             #!/bin/sh
             ########################################################################
             # rpi23-gen-image.sh					       2015-2017
             #
-            # Advanced Debian "jessie", "stretch" and "buster" bootstrap script for RPi2/3
+            # Advanced Debian "stretch" and "buster" bootstrap script for Raspberry Pi
             #
             # This program is free software; you can redistribute it and/or
             # modify it under the terms of the GNU General Public License
             # as published by the Free Software Foundation; either version 2
             # of the License, or (at your option) any later version.
             #
             # Copyright (C) 2015 Jan Wagner <mail@jwagner.eu>
             #
             # Big thanks for patches and enhancements by 20+ github contributors!
             ########################################################################
             # Are we running as root?
             if [ "$(id -u)" -ne "0" ] ; then
               echo "error: this script must be executed with root privileges!"
               exit 1
             fi
             # Check if ./functions.sh script exists
             if [ ! -r "./functions.sh" ] ; then
               echo "error: './functions.sh' required script not found!"
               exit 1
             fi
             # Load utility functions
             . ./functions.sh
             # Load parameters from configuration template file
-            if [ ! -z "$CONFIG_TEMPLATE" ] ; then
+            if [ -n "$CONFIG_TEMPLATE" ] ; then
               use_template
             fi
             # Introduce settings
             set -e
-            echo -n -e "\n#\n# RPi2/3 Bootstrap Settings\n#\n"
+            echo -n -e "\n#\n# RPi 0/1/2/3 Bootstrap Settings\n#\n"
             set -x
             # Raspberry Pi model configuration
             RPI_MODEL=${RPI_MODEL:=2}
-            #bcm2708-rpi-0-w.dtb (Used for Pi 0 and PI 0W)
-            RPI0_DTB_FILE=${RPI0_DTB_FILE:=bcm2708-rpi-0-w.dtb}
-            RPI0_UBOOT_CONFIG=${RPI0_UBOOT_CONFIG:=rpi_defconfig}
-            #bcm2708-rpi-b.dtb (Used for Pi 1 model A and B)
-            RPI1_DTB_FILE=${RPI1_DTB_FILE:=bcm2708-rpi-b.dtb}
-            RPI1_UBOOT_CONFIG=${RPI1_UBOOT_CONFIG:=rpi_defconfig}
-            #bcm2708-rpi-b-plus.dtb (Used for Pi 1 model B+ and A+)
-            RPI1P_DTB_FILE=${RPI1P_DTB_FILE:=bcm2708-rpi-b-plus.dtb}
-            RPI1P_UBOOT_CONFIG=${RPI1P_UBOOT_CONFIG:=rpi_defconfig}
-            #bcm2709-rpi-2-b.dtb (Used for Pi 2 model B)
-            RPI2_DTB_FILE=${RPI2_DTB_FILE:=bcm2709-rpi-2-b.dtb}
-            RPI2_UBOOT_CONFIG=${RPI2_UBOOT_CONFIG:=rpi_2_defconfig}
-            #bcm2710-rpi-3-b.dtb (Used for Pi 3 model B)
-            RPI3_DTB_FILE=${RPI3_DTB_FILE:=bcm2710-rpi-3-b.dtb}
-            RPI3_UBOOT_CONFIG=${RPI3_UBOOT_CONFIG:=rpi_3_32b_defconfig}
-            #bcm2710-rpi-3-b-plus.dtb (Used for Pi 3 model B+)
-            RPI3P_DTB_FILE=${RPI3P_DTB_FILE:=bcm2710-rpi-3-b-plus.dtb}
-            RPI3P_UBOOT_CONFIG=${RPI3P_UBOOT_CONFIG:=rpi_3_32b_defconfig}
             # Debian release
-            RELEASE=${RELEASE:=jessie}
+            RELEASE=${RELEASE:=buster}
-            KERNEL_ARCH=${KERNEL_ARCH:=arm}
-            RELEASE_ARCH=${RELEASE_ARCH:=armhf}
-            CROSS_COMPILE=${CROSS_COMPILE:=arm-linux-gnueabihf-}
-            COLLABORA_KERNEL=${COLLABORA_KERNEL:=3.18.0-trunk-rpi2}
-            if [ "$KERNEL_ARCH" = "arm64" ] ; then
-              KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcmrpi3_defconfig}
-              KERNEL_IMAGE=${KERNEL_IMAGE:=kernel8.img}
-            fi
-            if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 1 ] || [ "$RPI_MODEL" = 1P ] ; then
-            #RASPBERRY PI 1, PI ZERO, PI ZERO W, AND COMPUTE MODULE DEFAULT Kernel BUILD CONFIGURATION
-              KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcmrpi_defconfig}
-              KERNEL_IMAGE=${KERNEL_IMAGE:=kernel7.img}
-            else
-            #RASPBERRY PI 2, PI 3, PI 3+, AND COMPUTE MODULE 3 DEFAULT Kernel BUILD CONFIGURATION
-            #https://www.raspberrypi.org/documentation/linux/kernel/building.md
-              KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcm2709_defconfig}
-              KERNEL_IMAGE=${KERNEL_IMAGE:=kernel7.img}
-            fi
-            if [ "$RELEASE_ARCH" = "arm64" ] ; then
+            # Kernel Branch
-              QEMU_BINARY=${QEMU_BINARY:=/usr/bin/qemu-aarch64-static}
-            else
-              QEMU_BINARY=${QEMU_BINARY:=/usr/bin/qemu-arm-static}
-            fi
             KERNEL_BRANCH=${KERNEL_BRANCH:=""}
             # URLs
             KERNEL_URL=${KERNEL_URL:=https://github.com/raspberrypi/linux}
             FIRMWARE_URL=${FIRMWARE_URL:=https://github.com/raspberrypi/firmware/raw/master/boot}
             WLAN_FIRMWARE_URL=${WLAN_FIRMWARE_URL:=https://github.com/RPi-Distro/firmware-nonfree/raw/master/brcm}
             COLLABORA_URL=${COLLABORA_URL:=https://repositories.collabora.co.uk/debian}
             FBTURBO_URL=${FBTURBO_URL:=https://github.com/ssvb/xf86-video-fbturbo.git}
             UBOOT_URL=${UBOOT_URL:=https://git.denx.de/u-boot.git}
+            VIDEOCORE_URL=${VIDEOCORE_URL:=https://github.com/raspberrypi/userland}
+            BLUETOOTH_URL=${BLUETOOTH_URL:=https://github.com/RPi-Distro/pi-bluetooth.git}
             # Build directories
-            BASEDIR=${BASEDIR:=$(pwd)/images/${RELEASE}}
+            WORKDIR=$(pwd)
+            BASEDIR=${BASEDIR:=${WORKDIR}/images/${RELEASE}}
             BUILDDIR="${BASEDIR}/build"
-            # Prepare date string for default image file name
-            DATE="$(date +%Y-%m-%d)"
-            if [ -z "$KERNEL_BRANCH" ] ; then
-              IMAGE_NAME=${IMAGE_NAME:=${BASEDIR}/${DATE}-${KERNEL_ARCH}-CURRENT-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}}
-            else
-              IMAGE_NAME=${IMAGE_NAME:=${BASEDIR}/${DATE}-${KERNEL_ARCH}-${KERNEL_BRANCH}-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}}
-            fi
             # Chroot directories
             R="${BUILDDIR}/chroot"
             ETC_DIR="${R}/etc"
             LIB_DIR="${R}/lib"
             BOOT_DIR="${R}/boot/firmware"
             KERNEL_DIR="${R}/usr/src/linux"
-            WLAN_FIRMWARE_DIR="${R}/lib/firmware/brcm"
+            WLAN_FIRMWARE_DIR="${LIB_DIR}/firmware/brcm"
+            BLUETOOTH_FIRMWARE_DIR="${ETC_DIR}/firmware/bt"
             # Firmware directory: Blank if download from github
             RPI_FIRMWARE_DIR=${RPI_FIRMWARE_DIR:=""}
             # General settings
+            SET_ARCH=${SET_ARCH:=32}
             HOSTNAME=${HOSTNAME:=rpi${RPI_MODEL}-${RELEASE}}
             PASSWORD=${PASSWORD:=raspberry}
             USER_PASSWORD=${USER_PASSWORD:=raspberry}
             DEFLOCAL=${DEFLOCAL:="en_US.UTF-8"}
             TIMEZONE=${TIMEZONE:="Europe/Berlin"}
             EXPANDROOT=${EXPANDROOT:=true}
             # Keyboard settings
             XKB_MODEL=${XKB_MODEL:=""}
             XKB_LAYOUT=${XKB_LAYOUT:=""}
             XKB_VARIANT=${XKB_VARIANT:=""}
             XKB_OPTIONS=${XKB_OPTIONS:=""}
             # Network settings (DHCP)
             ENABLE_DHCP=${ENABLE_DHCP:=true}
             # Network settings (static)
             NET_ADDRESS=${NET_ADDRESS:=""}
             NET_GATEWAY=${NET_GATEWAY:=""}
             NET_DNS_1=${NET_DNS_1:=""}
             NET_DNS_2=${NET_DNS_2:=""}
             NET_DNS_DOMAINS=${NET_DNS_DOMAINS:=""}
             NET_NTP_1=${NET_NTP_1:=""}
             NET_NTP_2=${NET_NTP_2:=""}
             # APT settings
             APT_PROXY=${APT_PROXY:=""}
             APT_SERVER=${APT_SERVER:="ftp.debian.org"}
             # Feature settings
+            ENABLE_PRINTK=${ENABLE_PRINTK:=false}
+            ENABLE_BLUETOOTH=${ENABLE_BLUETOOTH:=false}
+            ENABLE_MINIUART_OVERLAY=${ENABLE_MINIUART_OVERLAY:=false}
             ENABLE_CONSOLE=${ENABLE_CONSOLE:=true}
             ENABLE_I2C=${ENABLE_I2C:=false}
             ENABLE_SPI=${ENABLE_SPI:=false}
             ENABLE_IPV6=${ENABLE_IPV6:=true}
             ENABLE_SSHD=${ENABLE_SSHD:=true}
             ENABLE_NONFREE=${ENABLE_NONFREE:=false}
             ENABLE_WIRELESS=${ENABLE_WIRELESS:=false}
             ENABLE_SOUND=${ENABLE_SOUND:=true}
             ENABLE_DBUS=${ENABLE_DBUS:=true}
             ENABLE_HWRANDOM=${ENABLE_HWRANDOM:=true}
             ENABLE_MINGPU=${ENABLE_MINGPU:=false}
             ENABLE_XORG=${ENABLE_XORG:=false}
             ENABLE_WM=${ENABLE_WM:=""}
             ENABLE_RSYSLOG=${ENABLE_RSYSLOG:=true}
             ENABLE_USER=${ENABLE_USER:=true}
             USER_NAME=${USER_NAME:="pi"}
             ENABLE_ROOT=${ENABLE_ROOT:=false}
             ENABLE_QEMU=${ENABLE_QEMU:=false}
+            ENABLE_SYSVINIT=${ENABLE_SYSVINIT:=false}
             # SSH settings
             SSH_ENABLE_ROOT=${SSH_ENABLE_ROOT:=false}
             SSH_DISABLE_PASSWORD_AUTH=${SSH_DISABLE_PASSWORD_AUTH:=false}
             SSH_LIMIT_USERS=${SSH_LIMIT_USERS:=false}
             SSH_ROOT_PUB_KEY=${SSH_ROOT_PUB_KEY:=""}
             SSH_USER_PUB_KEY=${SSH_USER_PUB_KEY:=""}
             # Advanced settings
             ENABLE_MINBASE=${ENABLE_MINBASE:=false}
             ENABLE_REDUCE=${ENABLE_REDUCE:=false}
             ENABLE_UBOOT=${ENABLE_UBOOT:=false}
             UBOOTSRC_DIR=${UBOOTSRC_DIR:=""}
             ENABLE_FBTURBO=${ENABLE_FBTURBO:=false}
+            ENABLE_VIDEOCORE=${ENABLE_VIDEOCORE:=false}
+            VIDEOCORESRC_DIR=${VIDEOCORESRC_DIR:=""}
             FBTURBOSRC_DIR=${FBTURBOSRC_DIR:=""}
             ENABLE_HARDNET=${ENABLE_HARDNET:=false}
             ENABLE_IPTABLES=${ENABLE_IPTABLES:=false}
             ENABLE_SPLITFS=${ENABLE_SPLITFS:=false}
             ENABLE_INITRAMFS=${ENABLE_INITRAMFS:=false}
             ENABLE_IFNAMES=${ENABLE_IFNAMES:=true}
             DISABLE_UNDERVOLT_WARNINGS=${DISABLE_UNDERVOLT_WARNINGS:=}
             # Kernel compilation settings
-            BUILD_KERNEL=${BUILD_KERNEL:=false}
+            BUILD_KERNEL=${BUILD_KERNEL:=true}
             KERNEL_REDUCE=${KERNEL_REDUCE:=false}
             KERNEL_THREADS=${KERNEL_THREADS:=1}
             KERNEL_HEADERS=${KERNEL_HEADERS:=true}
             KERNEL_MENUCONFIG=${KERNEL_MENUCONFIG:=false}
             KERNEL_REMOVESRC=${KERNEL_REMOVESRC:=true}
             KERNEL_OLDDEFCONFIG=${KERNEL_OLDDEFCONFIG:=false}
             KERNEL_CCACHE=${KERNEL_CCACHE:=false}
-            if [ "$KERNEL_ARCH" = "arm64" ] ; then
-              KERNEL_BIN_IMAGE=${KERNEL_BIN_IMAGE:="Image"}
-            else
-              KERNEL_BIN_IMAGE=${KERNEL_BIN_IMAGE:="zImage"}
-            fi
             # Kernel compilation from source directory settings
             KERNELSRC_DIR=${KERNELSRC_DIR:=""}
             KERNELSRC_CLEAN=${KERNELSRC_CLEAN:=false}
             KERNELSRC_CONFIG=${KERNELSRC_CONFIG:=true}
             KERNELSRC_PREBUILT=${KERNELSRC_PREBUILT:=false}
             # Reduce disk usage settings
             REDUCE_APT=${REDUCE_APT:=true}
             REDUCE_DOC=${REDUCE_DOC:=true}
             REDUCE_MAN=${REDUCE_MAN:=true}
             REDUCE_VIM=${REDUCE_VIM:=false}
             REDUCE_BASH=${REDUCE_BASH:=false}
             REDUCE_HWDB=${REDUCE_HWDB:=true}
             REDUCE_SSHD=${REDUCE_SSHD:=true}
             REDUCE_LOCALE=${REDUCE_LOCALE:=true}
             # Encrypted filesystem settings
             ENABLE_CRYPTFS=${ENABLE_CRYPTFS:=false}
             CRYPTFS_PASSWORD=${CRYPTFS_PASSWORD:=""}
             CRYPTFS_MAPPING=${CRYPTFS_MAPPING:="secure"}
             CRYPTFS_CIPHER=${CRYPTFS_CIPHER:="aes-xts-plain64:sha512"}
             CRYPTFS_XTSKEYSIZE=${CRYPTFS_XTSKEYSIZE:=512}
             # Chroot scripts directory
             CHROOT_SCRIPTS=${CHROOT_SCRIPTS:=""}
             # Packages required in the chroot build environment
             APT_INCLUDES=${APT_INCLUDES:=""}
-            APT_INCLUDES="${APT_INCLUDES},apt-transport-https,apt-utils,ca-certificates,debian-archive-keyring,dialog,sudo,systemd,sysvinit-utils"
+            APT_INCLUDES="${APT_INCLUDES},apt-transport-https,apt-utils,ca-certificates,debian-archive-keyring,dialog,sudo,systemd,sysvinit-utils,locales,keyboard-configuration,console-setup,libnss-systemd"
+            # Packages to exclude from chroot build environment
+            APT_EXCLUDES=${APT_EXCLUDES:=""}
             # Packages required for bootstrapping
             REQUIRED_PACKAGES="debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git bc psmisc dbus sudo"
             MISSING_PACKAGES=""
             # Packages installed for c/c++ build environment in chroot (keep empty)
             COMPILER_PACKAGES=""
             set +x
-            # Set Raspberry Pi model specific configuration
+            #Check if apt-cacher-ng has port 3142 open and set APT_PROXY
-            if [ "$RPI_MODEL" = 0 ] ; then
+            APT_CACHER_RUNNING=$(lsof -i :3142 | grep apt-cacher-ng |  cut -d ' ' -f3 | uniq)
-              DTB_FILE=${RPI0_DTB_FILE}
+            if [ -n "${APT_CACHER_RUNNING}" ] ; then
-              UBOOT_CONFIG=${RPI0_UBOOT_CONFIG}
+              APT_PROXY=http://127.0.0.1:3142/
-            elif [ "$RPI_MODEL" = 1 ] ; then
-              DTB_FILE=${RPI1_DTB_FILE}
-              UBOOT_CONFIG=${RPI1_UBOOT_CONFIG}
-            elif [ "$RPI_MODEL" = 1P ] ; then
-              DTB_FILE=${RPI1P_DTB_FILE}
-              UBOOT_CONFIG=${RPI1P_UBOOT_CONFIG}
-            elif [ "$RPI_MODEL" = 2 ] ; then
-              DTB_FILE=${RPI2_DTB_FILE}
-              UBOOT_CONFIG=${RPI2_UBOOT_CONFIG}
-            elif [ "$RPI_MODEL" = 3 ] ; then
-              DTB_FILE=${RPI3_DTB_FILE}
-              UBOOT_CONFIG=${RPI3_UBOOT_CONFIG}
-            elif [ "$RPI_MODEL" = 3P ] ; then
-              DTB_FILE=${RPI3P_DTB_FILE}
-              UBOOT_CONFIG=${RPI3P_UBOOT_CONFIG}
-            else
-              echo "error: Raspberry Pi model ${RPI_MODEL} is not supported!"
-              exit 1
             fi
-            # Check if the internal wireless interface is supported by the RPi model
+            # Setup architecture specific settings
-            if [ "$ENABLE_WIRELESS" = true ] && ([ "$RPI_MODEL" = 1 ] || [ "$RPI_MODEL" = 1P ] || [ "$RPI_MODEL" = 2 ]); then
+            if [ -n "$SET_ARCH" ] ; then
+              # 64-bit configuration
+              if [ "$SET_ARCH" = 64 ] ; then
+                # General 64-bit depended settings
+                QEMU_BINARY=${QEMU_BINARY:=/usr/bin/qemu-aarch64-static}
+                KERNEL_ARCH=${KERNEL_ARCH:=arm64}
+                KERNEL_BIN_IMAGE=${KERNEL_BIN_IMAGE:="Image"}
+                # Raspberry Pi model specific settings
+                if [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then
+                  REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-arm64"
+                  KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcmrpi3_defconfig}
+                  RELEASE_ARCH=${RELEASE_ARCH:=arm64}
+                  KERNEL_IMAGE=${KERNEL_IMAGE:=kernel8.img}
+                  CROSS_COMPILE=${CROSS_COMPILE:=aarch64-linux-gnu-}
+                else
+                  echo "error: Only Raspberry PI 3 and 3B+ support 64-bit"
+                  exit 1
+                fi
+              fi
+              # 32-bit configuration
+              if [ "$SET_ARCH" = 32 ] ; then
+                # General 32-bit dependend settings
+                QEMU_BINARY=${QEMU_BINARY:=/usr/bin/qemu-arm-static}
+                KERNEL_ARCH=${KERNEL_ARCH:=arm}
+                KERNEL_BIN_IMAGE=${KERNEL_BIN_IMAGE:="zImage"}
+                # Raspberry Pi model specific settings
+                if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 1 ] || [ "$RPI_MODEL" = 1P ] ; then
+                  REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-armel"
+                  KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcmrpi_defconfig}
+                  RELEASE_ARCH=${RELEASE_ARCH:=armel}
+                  KERNEL_IMAGE=${KERNEL_IMAGE:=kernel.img}
+                  CROSS_COMPILE=${CROSS_COMPILE:=arm-linux-gnueabi-}
+                fi
-              echo "error: The selected Raspberry Pi model has no internal wireless interface"
+                # Raspberry Pi model specific settings
+                if [ "$RPI_MODEL" = 2 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then
+                  REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-armhf"
+                  KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcm2709_defconfig}
+                  RELEASE_ARCH=${RELEASE_ARCH:=armhf}
+                  KERNEL_IMAGE=${KERNEL_IMAGE:=kernel7.img}
+                  CROSS_COMPILE=${CROSS_COMPILE:=arm-linux-gnueabihf-}
+                fi
+              fi
+            #SET_ARCH not set
+            else
+              echo "error: Please set '32' or '64' as value for SET_ARCH"
               exit 1
             fi
+            # Device specific configuration and U-Boot configuration
+            case "$RPI_MODEL" in
+)
+                DTB_FILE=${DTB_FILE:=bcm2708-rpi-0-w.dtb}
+                UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_defconfig}
+                ;;
+)
+                DTB_FILE=${DTB_FILE:=bcm2708-rpi-b.dtb}
+                UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_defconfig}
+                ;;
+P)
+                DTB_FILE=${DTB_FILE:=bcm2708-rpi-b-plus.dtb}
+                UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_defconfig}
+                ;;
+)
+                DTB_FILE=${DTB_FILE:=bcm2709-rpi-2-b.dtb}
+                UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_2_defconfig}
+                ;;
+)
+                DTB_FILE=${DTB_FILE:=bcm2710-rpi-3-b.dtb}
+                UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_3_defconfig}
+                ;;
+P)
+                DTB_FILE=${DTB_FILE:=bcm2710-rpi-3-b.dtb}
+                UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_3_defconfig}
+                ;;
+              *)
+                echo "error: Raspberry Pi model $RPI_MODEL is not supported!"
+                exit 1
+                ;;
+            esac
+            # Raspberry PI 0,3,3P with Bluetooth and Wifi onboard
+            if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then
+              # Include bluetooth packages on supported boards
+              if [ "$ENABLE_BLUETOOTH" = true ] && [ "$ENABLE_CONSOLE" = false ]; then
+                APT_INCLUDES="${APT_INCLUDES},bluetooth,bluez"
+              fi
+            else # Raspberry PI 1,1P,2 without Wifi and bluetooth onboard
+              # Check if the internal wireless interface is not supported by the RPi model
+              if [ "$ENABLE_WIRELESS" = true ] || [ "$ENABLE_BLUETOOTH" = true ]; then
+                echo "error: The selected Raspberry Pi model has no integrated interface for wireless or bluetooth"
+                exit 1
+              fi
+            fi
+            # Prepare date string for default image file name
+            DATE="$(date +%Y-%m-%d)"
+            if [ -z "$KERNEL_BRANCH" ] ; then
+              IMAGE_NAME=${IMAGE_NAME:=${BASEDIR}/${DATE}-${KERNEL_ARCH}-CURRENT-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}}
+            else
+              IMAGE_NAME=${IMAGE_NAME:=${BASEDIR}/${DATE}-${KERNEL_ARCH}-${KERNEL_BRANCH}-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}}
+            fi
             # Check if DISABLE_UNDERVOLT_WARNINGS parameter value is supported
-            if [ ! -z "$DISABLE_UNDERVOLT_WARNINGS" ] ; then
+            if [ -n "$DISABLE_UNDERVOLT_WARNINGS" ] ; then
               if [ "$DISABLE_UNDERVOLT_WARNINGS" != 1 ] && [ "$DISABLE_UNDERVOLT_WARNINGS" != 2 ] ; then
                 echo "error: DISABLE_UNDERVOLT_WARNINGS=${DISABLE_UNDERVOLT_WARNINGS} is not supported"
                 exit 1
               fi
             fi
-            # Build RPi2/3 Linux kernel if required by Debian release
+            # Add cmake to compile videocore sources
-            if [ "$RELEASE" = "stretch" ]  || [ "$RELEASE" = "buster" ] ; then
+            if [ "$ENABLE_VIDEOCORE" = true ] ; then
-              BUILD_KERNEL=true
+              REQUIRED_PACKAGES="${REQUIRED_PACKAGES} cmake"
-            fi
-            # Add packages required for kernel cross compilation
-            if [ "$BUILD_KERNEL" = true ] ; then
-              if [ "$KERNEL_ARCH" = "arm" ] ; then
-                if [ "$RELEASE_ARCH" = "armel" ]; then
-                  REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-armel"
-                fi
-                if [ "$RELEASE_ARCH" = "armhf" ]; then
-                  REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-armhf"
-                fi
-                if [ "$RELEASE_ARCH" = "arm64" ]; then
-                  REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-arm64"
-                fi
-              fi
             fi
             # Add libncurses5 to enable kernel menuconfig
             if [ "$KERNEL_MENUCONFIG" = true ] ; then
-              REQUIRED_PACKAGES="${REQUIRED_PACKAGES} libncurses5-dev"
+              REQUIRED_PACKAGES="${REQUIRED_PACKAGES} libncurses-dev"
             fi
             # Add ccache compiler cache for (faster) kernel cross (re)compilation
             if [ "$KERNEL_CCACHE" = true ] ; then
               REQUIRED_PACKAGES="${REQUIRED_PACKAGES} ccache"
             fi
             # Add cryptsetup package to enable filesystem encryption
             if [ "$ENABLE_CRYPTFS" = true ]  && [ "$BUILD_KERNEL" = true ] ; then
               REQUIRED_PACKAGES="${REQUIRED_PACKAGES} cryptsetup"
               APT_INCLUDES="${APT_INCLUDES},cryptsetup,busybox,console-setup"
               if [ -z "$CRYPTFS_PASSWORD" ] ; then
                 echo "error: no password defined (CRYPTFS_PASSWORD)!"
                 exit 1
               fi
               ENABLE_INITRAMFS=true
             fi
             # Add initramfs generation tools
             if [ "$ENABLE_INITRAMFS" = true ] && [ "$BUILD_KERNEL" = true ] ; then
               APT_INCLUDES="${APT_INCLUDES},initramfs-tools"
             fi
             # Add device-tree-compiler required for building the U-Boot bootloader
             if [ "$ENABLE_UBOOT" = true ] ; then
-              APT_INCLUDES="${APT_INCLUDES},device-tree-compiler,bison,flex"
+              APT_INCLUDES="${APT_INCLUDES},device-tree-compiler,bison,flex,bc"
+            fi
+            if [ "$ENABLE_BLUETOOTH" = true ] ; then
+              if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then
+                if [ "$ENABLE_CONSOLE" = false ] ; then
+            	  APT_INCLUDES="${APT_INCLUDES},bluetooth,bluez"
+            	fi
+              fi
             fi
             # Check if root SSH (v2) public key file exists
-            if [ ! -z "$SSH_ROOT_PUB_KEY" ] ; then
+            if [ -n "$SSH_ROOT_PUB_KEY" ] ; then
               if [ ! -f "$SSH_ROOT_PUB_KEY" ] ; then
                 echo "error: '$SSH_ROOT_PUB_KEY' specified SSH public key file not found (SSH_ROOT_PUB_KEY)!"
                 exit 1
               fi
             fi
             # Check if $USER_NAME SSH (v2) public key file exists
-            if [ ! -z "$SSH_USER_PUB_KEY" ] ; then
+            if [ -n "$SSH_USER_PUB_KEY" ] ; then
               if [ ! -f "$SSH_USER_PUB_KEY" ] ; then
                 echo "error: '$SSH_USER_PUB_KEY' specified SSH public key file not found (SSH_USER_PUB_KEY)!"
                 exit 1
               fi
             fi
             # Check if all required packages are installed on the build system
             for package in $REQUIRED_PACKAGES ; do
-              if [ "`dpkg-query -W -f='${Status}' $package`" != "install ok installed" ] ; then
+              if [ "$(dpkg-query -W -f='${Status}' "$package")" != "install ok installed" ] ; then
                 MISSING_PACKAGES="${MISSING_PACKAGES} $package"
               fi
             done
             # If there are missing packages ask confirmation for install, or exit
             if [ -n "$MISSING_PACKAGES" ] ; then
               echo "the following packages needed by this script are not installed:"
               echo "$MISSING_PACKAGES"
-              echo -n "\ndo you want to install the missing packages right now? [y/n] "
+              printf "\ndo you want to install the missing packages right now? [y/n] "
-              read confirm
+              read -r confirm
               [ "$confirm" != "y" ] && exit 1
               # Make sure all missing required packages are installed
-              apt-get -qq -y install ${MISSING_PACKAGES}
+              apt-get -qq -y install `echo "${MISSING_PACKAGES}" | sed "s/ //"`
             fi
             # Check if ./bootstrap.d directory exists
             if [ ! -d "./bootstrap.d/" ] ; then
               echo "error: './bootstrap.d' required directory not found!"
               exit 1
             fi
             # Check if ./files directory exists
             if [ ! -d "./files/" ] ; then
               echo "error: './files' required directory not found!"
               exit 1
             fi
             # Check if specified KERNELSRC_DIR directory exists
             if [ -n "$KERNELSRC_DIR" ] && [ ! -d "$KERNELSRC_DIR" ] ; then
               echo "error: '${KERNELSRC_DIR}' specified directory not found (KERNELSRC_DIR)!"
               exit 1
             fi
             # Check if specified UBOOTSRC_DIR directory exists
             if [ -n "$UBOOTSRC_DIR" ] && [ ! -d "$UBOOTSRC_DIR" ] ; then
               echo "error: '${UBOOTSRC_DIR}' specified directory not found (UBOOTSRC_DIR)!"
               exit 1
             fi
+            # Check if specified VIDEOCORESRC_DIR directory exists
+            if [ -n "$VIDEOCORESRC_DIR" ] && [ ! -d "$VIDEOCORESRC_DIR" ] ; then
+              echo "error: '${VIDEOCORESRC_DIR}' specified directory not found (VIDEOCORESRC_DIR)!"
+              exit 1
+            fi
             # Check if specified FBTURBOSRC_DIR directory exists
             if [ -n "$FBTURBOSRC_DIR" ] && [ ! -d "$FBTURBOSRC_DIR" ] ; then
               echo "error: '${FBTURBOSRC_DIR}' specified directory not found (FBTURBOSRC_DIR)!"
               exit 1
             fi
             # Check if specified CHROOT_SCRIPTS directory exists
             if [ -n "$CHROOT_SCRIPTS" ] && [ ! -d "$CHROOT_SCRIPTS" ] ; then
                echo "error: ${CHROOT_SCRIPTS} specified directory not found (CHROOT_SCRIPTS)!"
                exit 1
             fi
             # Check if specified device mapping already exists (will be used by cryptsetup)
             if [ -r "/dev/mapping/${CRYPTFS_MAPPING}" ] ; then
               echo "error: mapping /dev/mapping/${CRYPTFS_MAPPING} already exists, not proceeding"
               exit 1
             fi
             # Don't clobber an old build
             if [ -e "$BUILDDIR" ] ; then
               echo "error: directory ${BUILDDIR} already exists, not proceeding"
               exit 1
             fi
             # Setup chroot directory
             mkdir -p "${R}"
             # Check if build directory has enough of free disk space >512MB
-            if [ "$(df --output=avail ${BUILDDIR} | sed "1d")" -le "524288" ] ; then
+            if [ "$(df --output=avail "${BUILDDIR}" | sed "1d")" -le "524288" ] ; then
               echo "error: ${BUILDDIR} not enough space left to generate the output image!"
               exit 1
             fi
             set -x
             # Call "cleanup" function on various signals and errors
             trap cleanup 0 1 2 3 6
             # Add required packages for the minbase installation
             if [ "$ENABLE_MINBASE" = true ] ; then
               APT_INCLUDES="${APT_INCLUDES},vim-tiny,netbase,net-tools,ifupdown"
             fi
-            # Add required locales packages
-            if [ "$DEFLOCAL" != "en_US.UTF-8" ] ; then
-              APT_INCLUDES="${APT_INCLUDES},locales,keyboard-configuration,console-setup"
-            fi
             # Add parted package, required to get partprobe utility
             if [ "$EXPANDROOT" = true ] ; then
               APT_INCLUDES="${APT_INCLUDES},parted"
             fi
             # Add dbus package, recommended if using systemd
             if [ "$ENABLE_DBUS" = true ] ; then
               APT_INCLUDES="${APT_INCLUDES},dbus"
             fi
             # Add iptables IPv4/IPv6 package
             if [ "$ENABLE_IPTABLES" = true ] ; then
-              APT_INCLUDES="${APT_INCLUDES},iptables"
+              APT_INCLUDES="${APT_INCLUDES},iptables,iptables-persistent"
             fi
             # Add openssh server package
             if [ "$ENABLE_SSHD" = true ] ; then
               APT_INCLUDES="${APT_INCLUDES},openssh-server"
             fi
             # Add alsa-utils package
             if [ "$ENABLE_SOUND" = true ] ; then
               APT_INCLUDES="${APT_INCLUDES},alsa-utils"
             fi
             # Add rng-tools package
             if [ "$ENABLE_HWRANDOM" = true ] ; then
               APT_INCLUDES="${APT_INCLUDES},rng-tools"
             fi
             # Add fbturbo video driver
             if [ "$ENABLE_FBTURBO" = true ] ; then
               # Enable xorg package dependencies
               ENABLE_XORG=true
             fi
             # Add user defined window manager package
             if [ -n "$ENABLE_WM" ] ; then
               APT_INCLUDES="${APT_INCLUDES},${ENABLE_WM}"
               # Enable xorg package dependencies
               ENABLE_XORG=true
             fi
             # Add xorg package
             if [ "$ENABLE_XORG" = true ] ; then
               APT_INCLUDES="${APT_INCLUDES},xorg,dbus-x11"
             fi
             # Replace selected packages with smaller clones
             if [ "$ENABLE_REDUCE" = true ] ; then
               # Add levee package instead of vim-tiny
               if [ "$REDUCE_VIM" = true ] ; then
                 APT_INCLUDES="$(echo ${APT_INCLUDES} | sed "s/vim-tiny/levee/")"
               fi
               # Add dropbear package instead of openssh-server
               if [ "$REDUCE_SSHD" = true ] ; then
-                APT_INCLUDES="$(echo ${APT_INCLUDES} | sed "s/openssh-server/dropbear/")"
+                APT_INCLUDES="$(echo "${APT_INCLUDES}" | sed "s/openssh-server/dropbear/")"
               fi
             fi
-            if [ "$RELEASE" != "jessie" ] ; then
+            # Configure systemd-sysv exclude to make halt/reboot/shutdown scripts available
-              APT_INCLUDES="${APT_INCLUDES},libnss-systemd"
+            if [ "$ENABLE_SYSVINIT" = false ] ; then
+              APT_EXCLUDES="--exclude=${APT_EXCLUDES},init,systemd-sysv"
+            fi
+            # Check if kernel is getting compiled
+            if [ "$BUILD_KERNEL" = false ] ; then
+              echo "Downloading precompiled kernel"
+              echo "error: not configured"
+              exit 1;
+            # BUILD_KERNEL=true
+            else
+              echo "No precompiled kernel repositories were added"
             fi
             # Configure kernel sources if no KERNELSRC_DIR
             if [ "$BUILD_KERNEL" = true ] && [ -z "$KERNELSRC_DIR" ] ; then
               KERNELSRC_CONFIG=true
             fi
             # Configure reduced kernel
             if [ "$KERNEL_REDUCE" = true ] ; then
               KERNELSRC_CONFIG=false
             fi
             # Configure qemu compatible kernel
             if [ "$ENABLE_QEMU" = true ] ; then
               DTB_FILE=vexpress-v2p-ca15_a7.dtb
               UBOOT_CONFIG=vexpress_ca15_tc2_defconfig
               KERNEL_DEFCONFIG="vexpress_defconfig"
               if [ "$KERNEL_MENUCONFIG" = false ] ; then
                 KERNEL_OLDDEFCONFIG=true
               fi
             fi
             # Execute bootstrap scripts
             for SCRIPT in bootstrap.d/*.sh; do
               head -n 3 "$SCRIPT"
               . "$SCRIPT"
             done
             ## Execute custom bootstrap scripts
             if [ -d "custom.d" ] ; then
               for SCRIPT in custom.d/*.sh; do
                 . "$SCRIPT"
               done
             fi
             # Execute custom scripts inside the chroot
             if [ -n "$CHROOT_SCRIPTS" ] && [ -d "$CHROOT_SCRIPTS" ] ; then
               cp -r "${CHROOT_SCRIPTS}" "${R}/chroot_scripts"
               chroot_exec /bin/bash -x <<'EOF'
             for SCRIPT in /chroot_scripts/* ; do
               if [ -f $SCRIPT -a -x $SCRIPT ] ; then
                 $SCRIPT
               fi
             done
             EOF
               rm -rf "${R}/chroot_scripts"
             fi
             # Remove c/c++ build environment from the chroot
             chroot_remove_cc
-            # Remove apt-utils
-            if [ "$RELEASE" = "jessie" ] ; then
-              chroot_exec apt-get purge -qq -y --force-yes apt-utils
-            fi
             # Generate required machine-id
             MACHINE_ID=$(dbus-uuidgen)
             echo -n "${MACHINE_ID}" > "${R}/var/lib/dbus/machine-id"
             echo -n "${MACHINE_ID}" > "${ETC_DIR}/machine-id"
             # APT Cleanup
             chroot_exec apt-get -y clean
             chroot_exec apt-get -y autoclean
             chroot_exec apt-get -y autoremove
             # Unmount mounted filesystems
             umount -l "${R}/proc"
             umount -l "${R}/sys"
             # Clean up directories
             rm -rf "${R}/run/*"
             rm -rf "${R}/tmp/*"
             # Clean up files
             rm -f "${ETC_DIR}/ssh/ssh_host_*"
             rm -f "${ETC_DIR}/dropbear/dropbear_*"
             rm -f "${ETC_DIR}/apt/sources.list.save"
             rm -f "${ETC_DIR}/resolvconf/resolv.conf.d/original"
             rm -f "${ETC_DIR}/*-"
             rm -f "${ETC_DIR}/apt/apt.conf.d/10proxy"
             rm -f "${ETC_DIR}/resolv.conf"
             rm -f "${R}/root/.bash_history"
             rm -f "${R}/var/lib/urandom/random-seed"
             rm -f "${R}/initrd.img"
             rm -f "${R}/vmlinuz"
             rm -f "${R}${QEMU_BINARY}"
             if [ "$ENABLE_QEMU" = true ] ; then
               # Setup QEMU directory
               mkdir "${BASEDIR}/qemu"
               # Copy kernel image to QEMU directory
               install_readonly "${BOOT_DIR}/${KERNEL_IMAGE}" "${BASEDIR}/qemu/${KERNEL_IMAGE}"
               # Copy kernel config to QEMU directory
               install_readonly "${R}/boot/config-${KERNEL_VERSION}" "${BASEDIR}/qemu/config-${KERNEL_VERSION}"
               # Copy kernel dtbs to QEMU directory
               for dtb in "${BOOT_DIR}/"*.dtb ; do
                 if [ -f "${dtb}" ] ; then
                   install_readonly "${dtb}" "${BASEDIR}/qemu/"
                 fi
               done
               # Copy kernel overlays to QEMU directory
               if [ -d "${BOOT_DIR}/overlays" ] ; then
                 # Setup overlays dtbs directory
                 mkdir "${BASEDIR}/qemu/overlays"
                 for dtb in "${BOOT_DIR}/overlays/"*.dtb ; do
                   if [ -f "${dtb}" ] ; then
                     install_readonly "${dtb}" "${BASEDIR}/qemu/overlays/"
                   fi
                 done
               fi
               # Copy u-boot files to QEMU directory
               if [ "$ENABLE_UBOOT" = true ] ; then
                 if [ -f "${BOOT_DIR}/u-boot.bin" ] ; then
                   install_readonly "${BOOT_DIR}/u-boot.bin" "${BASEDIR}/qemu/u-boot.bin"
                 fi
                 if [ -f "${BOOT_DIR}/uboot.mkimage" ] ; then
                   install_readonly "${BOOT_DIR}/uboot.mkimage" "${BASEDIR}/qemu/uboot.mkimage"
                 fi
                 if [ -f "${BOOT_DIR}/boot.scr" ] ; then
                   install_readonly "${BOOT_DIR}/boot.scr" "${BASEDIR}/qemu/boot.scr"
                 fi
               fi
               # Copy initramfs to QEMU directory
               if [ -f "${BOOT_DIR}/initramfs-${KERNEL_VERSION}" ] ; then
                 install_readonly "${BOOT_DIR}/initramfs-${KERNEL_VERSION}" "${BASEDIR}/qemu/initramfs-${KERNEL_VERSION}"
               fi
             fi
             # Calculate size of the chroot directory in KB
-            CHROOT_SIZE=$(expr `du -s "${R}" | awk '{ print $1 }'`)
+            CHROOT_SIZE=$(expr "$(du -s "${R}" | awk '{ print $1 }')")
             # Calculate the amount of needed 512 Byte sectors
             TABLE_SECTORS=$(expr 1 \* 1024 \* 1024 \/ 512)
             FRMW_SECTORS=$(expr 64 \* 1024 \* 1024 \/ 512)
-            ROOT_OFFSET=$(expr ${TABLE_SECTORS} + ${FRMW_SECTORS})
+            ROOT_OFFSET=$(expr "${TABLE_SECTORS}" + "${FRMW_SECTORS}")
             # The root partition is EXT4
             # This means more space than the actual used space of the chroot is used.
             # As overhead for journaling and reserved blocks 35% are added.
-            ROOT_SECTORS=$(expr $(expr ${CHROOT_SIZE} + ${CHROOT_SIZE} \/ 100 \* 35) \* 1024 \/ 512)
+            ROOT_SECTORS=$(expr "$(expr "${CHROOT_SIZE}" + "${CHROOT_SIZE}" \/ 100 \* 35)" \* 1024 \/ 512)
             # Calculate required image size in 512 Byte sectors
-            IMAGE_SECTORS=$(expr ${TABLE_SECTORS} + ${FRMW_SECTORS} + ${ROOT_SECTORS})
+            IMAGE_SECTORS=$(expr "${TABLE_SECTORS}" + "${FRMW_SECTORS}" + "${ROOT_SECTORS}")
             # Prepare image file
             if [ "$ENABLE_SPLITFS" = true ] ; then
-              dd if=/dev/zero of="$IMAGE_NAME-frmw.img" bs=512 count=${TABLE_SECTORS}
+              dd if=/dev/zero of="$IMAGE_NAME-frmw.img" bs=512 count="${TABLE_SECTORS}"
-              dd if=/dev/zero of="$IMAGE_NAME-frmw.img" bs=512 count=0 seek=${FRMW_SECTORS}
+              dd if=/dev/zero of="$IMAGE_NAME-frmw.img" bs=512 count=0 seek="${FRMW_SECTORS}"
-              dd if=/dev/zero of="$IMAGE_NAME-root.img" bs=512 count=${TABLE_SECTORS}
+              dd if=/dev/zero of="$IMAGE_NAME-root.img" bs=512 count="${TABLE_SECTORS}"
-              dd if=/dev/zero of="$IMAGE_NAME-root.img" bs=512 count=0 seek=${ROOT_SECTORS}
+              dd if=/dev/zero of="$IMAGE_NAME-root.img" bs=512 count=0 seek="${ROOT_SECTORS}"
               # Write firmware/boot partition tables
               sfdisk -q -L -uS -f "$IMAGE_NAME-frmw.img" 2> /dev/null <<EOM
             ${TABLE_SECTORS},${FRMW_SECTORS},c,*
             EOM
               # Write root partition table
               sfdisk -q -L -uS -f "$IMAGE_NAME-root.img" 2> /dev/null <<EOM
             ${TABLE_SECTORS},${ROOT_SECTORS},83
             EOM
               # Setup temporary loop devices
-              FRMW_LOOP="$(losetup -o 1M --sizelimit 64M -f --show $IMAGE_NAME-frmw.img)"
+              FRMW_LOOP="$(losetup -o 1M --sizelimit 64M -f --show "$IMAGE_NAME"-frmw.img)"
-              ROOT_LOOP="$(losetup -o 1M -f --show $IMAGE_NAME-root.img)"
+              ROOT_LOOP="$(losetup -o 1M -f --show "$IMAGE_NAME"-root.img)"
             else # ENABLE_SPLITFS=false
-              dd if=/dev/zero of="$IMAGE_NAME.img" bs=512 count=${TABLE_SECTORS}
+              dd if=/dev/zero of="$IMAGE_NAME.img" bs=512 count="${TABLE_SECTORS}"
-              dd if=/dev/zero of="$IMAGE_NAME.img" bs=512 count=0 seek=${IMAGE_SECTORS}
+              dd if=/dev/zero of="$IMAGE_NAME.img" bs=512 count=0 seek="${IMAGE_SECTORS}"
               # Write partition table
               sfdisk -q -L -uS -f "$IMAGE_NAME.img" 2> /dev/null <<EOM
             ${TABLE_SECTORS},${FRMW_SECTORS},c,*
             ${ROOT_OFFSET},${ROOT_SECTORS},83
             EOM
               # Setup temporary loop devices
-              FRMW_LOOP="$(losetup -o 1M --sizelimit 64M -f --show $IMAGE_NAME.img)"
+              FRMW_LOOP="$(losetup -o 1M --sizelimit 64M -f --show "$IMAGE_NAME".img)"
-              ROOT_LOOP="$(losetup -o 65M -f --show $IMAGE_NAME.img)"
+              ROOT_LOOP="$(losetup -o 65M -f --show "$IMAGE_NAME".img)"
             fi
             if [ "$ENABLE_CRYPTFS" = true ] ; then
               # Create dummy ext4 fs
               mkfs.ext4 "$ROOT_LOOP"
               # Setup password keyfile
               touch .password
               chmod 600 .password
               echo -n ${CRYPTFS_PASSWORD} > .password
               # Initialize encrypted partition
               echo "YES" | cryptsetup luksFormat "${ROOT_LOOP}" -c "${CRYPTFS_CIPHER}" -s "${CRYPTFS_XTSKEYSIZE}" .password
               # Open encrypted partition and setup mapping
               cryptsetup luksOpen "${ROOT_LOOP}" -d .password "${CRYPTFS_MAPPING}"
               # Secure delete password keyfile
               shred -zu .password
               # Update temporary loop device
               ROOT_LOOP="/dev/mapper/${CRYPTFS_MAPPING}"
               # Wipe encrypted partition (encryption cipher is used for randomness)
-              dd if=/dev/zero of="${ROOT_LOOP}" bs=512 count=$(blockdev --getsz "${ROOT_LOOP}")
+              dd if=/dev/zero of="${ROOT_LOOP}" bs=512 count="$(blockdev --getsz "${ROOT_LOOP}")"
             fi
             # Build filesystems
             mkfs.vfat "$FRMW_LOOP"
             mkfs.ext4 "$ROOT_LOOP"
             # Mount the temporary loop devices
             mkdir -p "$BUILDDIR/mount"
             mount "$ROOT_LOOP" "$BUILDDIR/mount"
             mkdir -p "$BUILDDIR/mount/boot/firmware"
             mount "$FRMW_LOOP" "$BUILDDIR/mount/boot/firmware"
             # Copy all files from the chroot to the loop device mount point directory
             rsync -a "${R}/" "$BUILDDIR/mount/"
             # Unmount all temporary loop devices and mount points
             cleanup
             # Create block map file(s) of image(s)
             if [ "$ENABLE_SPLITFS" = true ] ; then
               # Create block map files for "bmaptool"
               bmaptool create -o "$IMAGE_NAME-frmw.bmap" "$IMAGE_NAME-frmw.img"
               bmaptool create -o "$IMAGE_NAME-root.bmap" "$IMAGE_NAME-root.img"
               # Image was successfully created
-              echo "$IMAGE_NAME-frmw.img ($(expr \( ${TABLE_SECTORS} + ${FRMW_SECTORS} \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
+              echo "$IMAGE_NAME-frmw.img ($(expr \( "${TABLE_SECTORS}" + "${FRMW_SECTORS}" \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
-              echo "$IMAGE_NAME-root.img ($(expr \( ${TABLE_SECTORS} + ${ROOT_SECTORS} \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
+              echo "$IMAGE_NAME-root.img ($(expr \( "${TABLE_SECTORS}" + "${ROOT_SECTORS}" \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
             else
               # Create block map file for "bmaptool"
               bmaptool create -o "$IMAGE_NAME.bmap" "$IMAGE_NAME.img"
               # Image was successfully created
-              echo "$IMAGE_NAME.img ($(expr \( ${TABLE_SECTORS} + ${FRMW_SECTORS} + ${ROOT_SECTORS} \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
+              echo "$IMAGE_NAME.img ($(expr \( "${TABLE_SECTORS}" + "${FRMW_SECTORS}" + "${ROOT_SECTORS}" \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
               # Create qemu qcow2 image
               if [ "$ENABLE_QEMU" = true ] ; then
                 QEMU_IMAGE=${QEMU_IMAGE:=${BASEDIR}/qemu/${DATE}-${KERNEL_ARCH}-CURRENT-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}}
                 QEMU_SIZE=16G
-                qemu-img convert -f raw -O qcow2 $IMAGE_NAME.img $QEMU_IMAGE.qcow2
+                qemu-img convert -f raw -O qcow2 "$IMAGE_NAME".img "$QEMU_IMAGE".qcow2
-                qemu-img resize $QEMU_IMAGE.qcow2 $QEMU_SIZE
+                qemu-img resize "$QEMU_IMAGE".qcow2 $QEMU_SIZE
                 echo "$QEMU_IMAGE.qcow2 ($QEMU_SIZE)" ": successfully created"
               fi
             fi

templates/rpi1buster ~~templates/rpi3jessie~~ renamed +1 -1

             # Configuration template file used by rpi23-gen-image.sh
             RPI_MODEL=3
-            RELEASE=jessie
+            RELEASE=buster
             BUILD_KERNEL=true

templates/rpi2stretch +1 0

             # Configuration template file used by rpi23-gen-image.sh
+            RPI_MODEL=2
             RELEASE=stretch
             BUILD_KERNEL=true

templates/rpi3-stretch-arm64-4.14.y ~~templates/rpi3-stretch-arm64-4.11.y~~ renamed +1 -1

             # Configuration template file used by rpi23-gen-image.sh
             # Debian Stretch using the Arm64 for kernel compilation and Debian distribution.
             RPI_MODEL=3
             RELEASE=stretch
             BUILD_KERNEL=true
             KERNEL_ARCH=arm64
             RELEASE_ARCH=arm64
             CROSS_COMPILE=aarch64-linux-gnu-
             QEMU_BINARY=/usr/bin/qemu-aarch64-static
             KERNEL_DEFCONFIG=bcmrpi3_defconfig
             KERNEL_BIN_IMAGE=Image
             KERNEL_IMAGE=kernel8.img
-            KERNEL_BRANCH=rpi-4.11.y
+            KERNEL_BRANCH=rpi-4.14.y
             ENABLE_WIRELESS=true

templates/rpi3buster +2 0

             # Configuration template file used by rpi23-gen-image.sh
             RPI_MODEL=3
             RELEASE=buster
             BUILD_KERNEL=true
+            # ENABLE_WIRELESS=false
+            # ENABLE_BLUETOOTH=false

templates/rpi3stretch +2 0

             # Configuration template file used by rpi23-gen-image.sh
             RPI_MODEL=3
             RELEASE=stretch
             BUILD_KERNEL=true
+            # ENABLE_WIRELESS=false
+            # ENABLE_BLUETOOTH=false

templates/rpi2jessie removed 0 -2

NO CONTENT: file was removed

General Comments 0

Écrire
Preview

Vous devez vous connecter pour laisser un commentaire. Se connecter maintenant

No TODOs yet

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Dépôts
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages