##// END OF EJS Templates
Raspi2-3_GenImage
RSS

Cloner depuis https://github.com/drtyhlpr/rpi23-gen-image.git

Typing errors and changes on README file
vidal -
r759:7588b4f62cfa
parent child
Show More
Show file before | Show file after | Hide comments
@@ -1,403 +1,404
1 1 # rpi23-gen-image
2 2 ## Introduction
3 3 `rpi23-gen-image.sh` is an advanced Debian Linux bootstrapping shell script for generating Debian OS images for all Raspberry Pi computers. The script at this time supports the bootstrapping of the Debian (armhf/armel) releases `stretch` and `buster`. Raspberry Pi 0/1/2/3/4 images are generated for 32-bit mode only. Raspberry Pi 3 supports 64-bit images that can be generated using custom configuration parameters (```templates/rpi3-stretch-arm64-4.14.y```).
4 4
5 5 ## Build dependencies
6 6 The following list of Debian packages must be installed on the build system because they are essentially required for the bootstrapping process. The script will check if all required packages are installed and missing packages will be installed automatically if confirmed by the user.
7 7
8 8 ```debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git bc psmisc dbus sudo```
9 9
10 10 It is recommended to configure the `rpi23-gen-image.sh` script to build and install the latest Raspberry Pi Linux kernel. For the Raspberry 3 this is mandatory. Kernel compilation and linking will be performed on the build system using an ARM (armhf/armel/aarch64) cross-compiler toolchain.
11 11
12 12 The script has been tested using the default `crossbuild-essential-armhf` and `crossbuild-essential-armel` toolchain meta packages on Debian Linux `stretch` build systems. Please check the [Debian CrossToolchains Wiki](https://wiki.debian.org/CrossToolchains) for further information.
13 13
14 14 ## Command-line parameters
15 15 The script accepts certain command-line parameters to enable or disable specific OS features, services and configuration settings. These parameters are passed to the `rpi23-gen-image.sh` script via (simple) shell-variables. Unlike environment shell-variables (simple) shell-variables are defined at the beginning of the command-line call of the `rpi23-gen-image.sh` script.
16 16
17 17 ##### Command-line examples:
18 18 ```shell
19 19 ENABLE_UBOOT=true ./rpi23-gen-image.sh
20 20 ENABLE_CONSOLE=false ENABLE_IPV6=false ./rpi23-gen-image.sh
21 21 ENABLE_WM=xfce4 ENABLE_FBTURBO=true ENABLE_MINBASE=true ./rpi23-gen-image.sh
22 22 ENABLE_HARDNET=true ENABLE_IPTABLES=true /rpi23-gen-image.sh
23 23 APT_SERVER=ftp.de.debian.org APT_PROXY="http://127.0.0.1:3142/" ./rpi23-gen-image.sh
24 24 ENABLE_MINBASE=true ./rpi23-gen-image.sh
25 25 BUILD_KERNEL=true ENABLE_MINBASE=true ENABLE_IPV6=false ./rpi23-gen-image.sh
26 26 BUILD_KERNEL=true KERNELSRC_DIR=/tmp/linux ./rpi23-gen-image.sh
27 27 ENABLE_MINBASE=true ENABLE_REDUCE=true ENABLE_MINGPU=true BUILD_KERNEL=true ./rpi23-gen-image.sh
28 28 ENABLE_CRYPTFS=true CRYPTFS_PASSWORD=changeme EXPANDROOT=false ENABLE_MINBASE=true ENABLE_REDUCE=true ENABLE_MINGPU=true BUILD_KERNEL=true ./rpi23-gen-image.sh
29 29 RELEASE=buster BUILD_KERNEL=true ./rpi23-gen-image.sh
30 30 RPI_MODEL=3 ENABLE_WIRELESS=true ENABLE_MINBASE=true BUILD_KERNEL=true ./rpi23-gen-image.sh
31 31 RELEASE=buster RPI_MODEL=3 ENABLE_WIRELESS=true ENABLE_MINBASE=true BUILD_KERNEL=true ./rpi23-gen-image.sh
32 32 ```
33 33
34 34 ## Configuration template files
35 35 To avoid long lists of command-line parameters and to help to store the favourite parameter configurations the `rpi23-gen-image.sh` script supports so called configuration template files (`CONFIG_TEMPLATE`=template). These are simple text files located in the `./templates` directory that contain the list of configuration parameters that will be used. New configuration template files can be added to the `./templates` directory.
36 36
37 37 ##### Command-line examples:
38 38 ```shell
39 39 CONFIG_TEMPLATE=rpi3stretch ./rpi23-gen-image.sh
40 40 CONFIG_TEMPLATE=rpi2stretch ./rpi23-gen-image.sh
41 41 ```
42 42
43 43 ## Working with the your template:
44 44 * **A Pipe ("|") represents a logical OR**
45 45 * **A valuetype of boolean represents the options true or false**
46 46 * **Values without a default are required if you want do use that feature. It is possible that not every feature has a (working) sanity check.**
47 47 * **If it's not working as expected, search your option in all the files in this repository (With e.g.grep or notepad++).**
48 48 * **Check if your missing a required option while looking at the code**
49 49
50 50 ## Supported parameters and settings
51 51
52 52 #### APT settings:
53 53 |Option|Value|default value|value format|desciption|
54 54 |---|---|---|---|---|
55 55 |APT_SERVER|string|ftp.debian.org|`URL`|Set Debian packages server address. Choose a server from the list of Debian worldwide [mirror sites](https://www.debian.org/mirror/list). Using a nearby server will probably speed-up all required downloads within the bootstrapping process.|
56 56 |APT_PROXY|string||`URL`|Set Proxy server address. Using a local Proxy-Cache like `apt-cacher-ng` will speed-up the bootstrapping process because all required Debian packages will only be downloaded from the Debian mirror site once. If `apt-cacher-ng` is running on default `http://127.0.0.1:3142` it is autodetected and you don't need to set this.|
57 57 |KEEP_APT_PROXY|boolean|false|`true`\|`false`|true=Keep the APT_PROXY settings used in the bootsrapping process in the generated image|
58 58 |APT_INCLUDES|string list||`packageA`,`packageB`,...|A comma-separated list of additional packages to be installed by debootstrap during bootstrapping.|
59 59 |APT_INCLUDES_LATE|string list||`packageA`,`packageB`,...|A comma-separated list of additional packages to be installed by apt after bootstrapping and after APT sources are set up. This is useful for packages with pre-depends, which debootstrap do not handle well.|
60 60 |APT_EXCLUDES|string list||`packageA`,`packageB`,...|A comma-separated list of packages to exclude. Use carefully|
61 61 ---
62 62
63 63 #### General system settings:
64 64 |Option|Value|default value|value format|desciption|
65 65 |---|---|---|---|---|
66 66 |SET_ARCH|integer|32|`32`\|`64`|Set Architecture to default 32bit. If you want to compile 64-bit (RPI3/RPI3+/RPI4) set it to `64`. This option will set every needed cross-compiler or board specific option for a successful build.|
67 67 |RPI_MODEL|string|3P|`0`\|`1`\|`1P`\|`2`\|`3`\|`3P`\|`4`|Set Architecture. This option will set most build options accordingly. Specify the target Raspberry Pi hardware model.|
68 68 |RELEASE|string|buster|`jessie`\|`buster`\|`stretch`<br>\|`bullseye`\|`testing`\|`stable`<br>\|`oldstable`|Set the desired Debian release name. The script at this time supports the bootstrapping of the Debian releases `stretch` and `buster`.|
69 69 |HOSTNAME|string|RPI_MODEL-RELEASE(e.g. RPI3-buster)|`SomeImageName.img`|Set system hostname. It's recommended that the hostname is unique in the corresponding subnet.|
70 70 |DEFLOCAL|string|en_US.UTF-8|`Locale.Charset`|Set default system locale. This setting can also be changed inside the running OS using the `dpkg-reconfigure locales` command. Please note that on using this parameter the script will automatically install the required packages `locales`, `keyboard-configuration` and `console-setup`.|
71 71 |TIMEZONE|string|Europe/Berlin|`Timezone`|Set default system timezone. All available timezones can be found in the `/usr/share/zoneinfo/` directory. This setting can also be changed inside the running OS using the `dpkg-reconfigure tzdata` command.|
72 72 |EXPANDROOT|boolean|true|`true`\|`false`|true=Expand the root partition and filesystem automatically on first boot|
73 73
74 74 ---
75 75
76 76 #### User settings:
77 77 |Option|Value|default value|desciption|
78 78 |---|---|---|---|
79 79 |ENABLE_ROOT|boolean|false|true=root login if ROOT_PASSWORD is set|
80 80 |ROOT_PASSWORD|string|raspberry|Set password for `root` user. It's **STRONGLY** recommended that you choose a custom password.|
81 81 |ENABLE_USER|boolean|true|true=Create non-root user with password `USER_PASSWORD` and username `USER_NAME`|
82 82 |USER_NAME|string|pi|Set username for non-root user, if `ENABLE_USER` is true|
83 83 |USER_PASSWORD|string|raspberry|Set password for non-root user, if `ENABLE_USER` is true. It's **STRONGLY** recommended that you choose a custom password.|
84 84
85 85 ---
86 86
87 87 #### Keyboard settings:
88 88
89 89 These options are used to configure keyboard layout in `/etc/default/keyboard` for console and Xorg. These settings can also be changed inside the running OS using the `dpkg-reconfigure keyboard-configuration` command.
90 90
91 91 |Option|Value|default value|value format|desciption|
92 92 |---|---|---|---|---|
93 93 |XKB_MODEL|string||`pc104`|Set the name of the model of your keyboard type|
94 94 |XKB_LAYOUT|string||`us`|Set the supported keyboard layout(s)|
95 95 |XKB_VARIANT|string||`basic`|Set the supported variant(s) of the keyboard layout(s)|
96 96 |XKB_OPTIONS|string||`grp:alt_shift_toggle`|Set extra xkb configuration options|
97 97
98 98 ---
99 99
100 100 #### Networking settings:
101 101 ethernet setting go to `/etc/systemd/network/eth0.network`.
102 102 wifi settings go to `/etc/systemd/network/wlan0.network`.
103 103
104 104 The default location of network configuration files in the Debian `stretch` release was changed to `/lib/systemd/network`.`
105 105
106 106 |Option|Value|default value|desciption|
107 107 |---|---|---|---|
108 108 |ENABLE_IPV6|boolean|true|true=Enable IPv6 support via systemd-networkd|
109 109 |ENABLE_WIRELESS|boolean|false|true=Download and install the [closed-source firmware binary blob](https://github.com/RPi-Distro/firmware-nonfree/raw/master/brcm) that is required to run the internal wireless interface of the Raspberry Pi model `3`. This parameter is ignored if the specified `RPI_MODEL` is not `0`,`3`,`3P`,`4`|
110 110 |ENABLE_IPTABLES|boolean|false|true=Enable iptables IPv4/IPv6 firewall. Simplified ruleset: Allow all outgoing connections. Block all incoming connections except to OpenSSH service.|
111 111 |ENABLE_HARDNET|boolean|false|true=Enable IPv4/IPv6 network stack hardening settings|
112 112 |ENABLE_IFNAMES|boolean|true|true=creates complex and long interface names like e.g. encx8945924. Enable automatic assignment of predictable, stable network interface names for all NICs|
113 113
114 114 ---
115 115
116 116 #### Networking settings (DHCP):
117 117
118 118
119 119 |Option|Value|default value|desciption|
120 120 |---|---|---|---|
121 121 |ENABLE_ETH_DHCP|boolean|true|Set the system to use DHCP on wired interface. This requires an DHCP server|
122 122 |ENABLE_WIFI_DHCP|boolean|true|Set the system to use DHCP on wifi interface. This requires an DHCP server. Requires ENABLE_WIRELESS|
123 123
124 124 ---
125 125
126 126 #### Networking settings (ethernet static):
127 127 The following static networking parameters are only supported if `ENABLE_ETH_DHCP` was set to `false`.
128 128
129 129 |Option|Value|value format|desciption|
130 130 |---|---|---|---|
131 131 |NET_ETH_ADDRESS|string|`CIDR`|static IPv4 or IPv6 address and its prefix, separated by "/", eg. "192.169.0.3/24"|
132 132 |NET_ETH_GATEWAY|string|`IP`|default gateway|
133 133 |NET_ETH_DNS_1|string|`IP`|first DNS server|
134 134 |NET_ETH_DNS_2|string|`IP`|second DNS server|
135 135 |NET_ETH_DNS_DOMAINS|string|`example.local`|default DNS search domains to use for non fully qualified hostnames|
136 136 |NET_ETH_NTP_1|string|`IP`|first NTP server|
137 137 |NET_ETH_NTP_2|string|`IP`|second NTP server|
138 138
139 139 ---
140 140
141 141 #### Networking settings (WIFI):
142 142
143 143 |Option|Value|value format|desciption|
144 144 |---|---|---|---|
145 145 |NET_WIFI_SSID|string|`yourwifiname`|WIFI SSID|
146 146 |NET_WIFI_PSK|string|`yourwifikeytojoinnetwork`|WPA/WPA2 PSK|
147 147
148 148 ---
149 149
150 150 #### Networking settings (WIFI static):
151 151 The following static networking parameters are only supported if `ENABLE_WIFI_DHCP` was set to `false`.
152 152
153 153 |Option|Value|value format|desciption|
154 154 |---|---|---|---|
155 155 |NET_WIFI_ADDRESS|string|`CIDR`|static IPv4 or IPv6 address and its prefix, separated by "/", eg. "192.169.0.3/24"|
156 156 |NET_WIFI_GATEWAY|string|`IP`|default gateway|
157 157 |NET_WIFI_DNS_1|string|`IP`|first DNS server|
158 158 |NET_WIFI_DNS_2|string|`IP`|second DNS server|
159 159 |NET_WIFI_DNS_DOMAINS|string|`example.local`|default DNS search domains to use for non fully qualified hostnames|
160 160 |NET_WIFI_NTP_1|string|`IP`|first NTP server|
161 161 |NET_WIFI_NTP_2|string|`IP`|second NTP server|
162 162
163 163 ---
164 164
165 165 #### Basic system features:
166 166
167 167 |Option|Value|default value|value format|desciption|
168 168 |---|---|---|---|---|
169 169 |ENABLE_CONSOLE|boolean|false|`true`\|`false`|true=Enable serial console interface.Recommended if no monitor or keyboard is connected to the RPi2/3. In case of problems fe. if the network (auto) configuration failed - the serial console can be used to access the system. On RPI `0` `3` `3P` the CPU speed is locked at lowest speed.|
170 170 |ENABLE_PRINTK|boolean|false|`true`\|`false`|true=Enables printing kernel messages to konsole. printk is `3 4 1 3` as in raspbian|
171 171 |ENABLE_BLUETOOTH|boolean|false|`true`\|`false`|true=Enable onboard Bluetooth interface on the RPi0/3/3P. See: [Configuring the GPIO serial port on Raspbian jessie and stretch](https://spellfoundry.com/2016/05/29/configuring-gpio-serial-port-raspbian-jessie-including-pi-3/)|
172 172 |ENABLE_MINIUART_OVERLAY|boolean|false|`true`\|`false`|true=Enable Bluetooth to use this. Adds overlay to swap UART0 with UART1. Enabling (slower) Bluetooth and full speed serial console. - RPI `0` `3` `3P` have a fast `hardware UART0` (ttyAMA0) and a `mini UART1` (ttyS0)! RPI `1` `1P` `2` only have a `hardware UART0`. `UART0` is considered better, because is faster and more stable than `mini UART1`. By default the Bluetooth modem is mapped to the `hardware UART0` and `mini UART` is used for console. The `mini UART` is a problem for the serial console, because its baudrate depends on the CPU frequency, which is changing on runtime. Resulting in a volatile baudrate and thus in an unusable serial console.|
173 173 |ENABLE_TURBO|boolean|false|`true`\|`false`|true=Enable Turbo mode. This setting locks cpu at the highest frequency. As setting ENABLE_CONSOLE=true locks RPI to lowest CPU speed, this is can be used additionally to lock cpu hat max speed. Need a good power supply and probably cooling for the Raspberry PI|
174 174 |ENABLE_I2C|boolean|true|`true`\|`false`|true=Enable I2C interface on the RPi 0/1/2/3. Please check the [RPi 0/1/2/3 pinout diagrams](https://elinux.org/RPi_Low-level_peripherals) to connect the right GPIO pins|
175 175 |ENABLE_SPI|boolean|true|`true`\|`false`|true=Enable SPI interface on the RPi 0/1/2/3. Please check the [RPi 0/1/2/3 pinout diagrams](https://elinux.org/RPi_Low-level_peripherals) to connect the right GPIO pins|
176 176 |SSH_ENABLE|boolean|true|`true`\|`false`|Install and enable OpenSSH service. The default configuration of the service doesn't allow `root` to login. Please use the user `pi` instead and `su -` or `sudo` to execute commands as root|
177 177 |ENABLE_NONFREE|boolean|false|`true`\|`false`|true=enable non-free\|false=disable non free. Edits /etc/apt/sources.list in your resulting image|
178 178 |ENABLE_RSYSLOG|boolean|false|`true`\|`false`|true=keep rsyslog\|false=remove rsyslog. If rsyslog is removed (false), logs will be available only in journal files)|
179 179 |ENABLE_SOUND|boolean|false|`true`\|`false`|true=Enable sound\|false=Disable sound|
180 180 |ENABLE_HWRANDOM|boolean|true|`true`\|`false`|true=Enable Hardware Random Number Generator(RNG)\|false=Disable Hardware RNG\|Strong random numbers are important for most network-based communications that use encryption. It's recommended to be enabled|
181 181 |ENABLE_MINGPU|boolean|false|`true`\|`false`|true=GPU 16MB RAM\|false=64MB RAM\|Minimize the amount of shared memory reserved for the GPU. It doesn't seem to be possible to fully disable the GPU. Also removes start.elf,fixup.dat,start_x.elf,fixup_x.dat form /boot|
182 182 |ENABLE_XORG|boolean|false|`true`\|`false`|true=Install Xorg X Window System|\false=install no Xorg|
183 183 |ENABLE_WM|string||`blackbox`, `openbox`, `fluxbox`,<br> `jwm`, `dwm`, `xfce4`, `awesome`|Install a user-defined window manager for the X Window System. To make sure all X related package dependencies are getting installed `ENABLE_XORG` will automatically set true if `ENABLE_WM` is used|
184 184 |ENABLE_SYSVINIT|boolean|false|`true`\|`false`|true=Support for halt,init,poweroff,reboot,runlevel,shutdown,init commands\|false=use systemd commands|
185 185 |ENABLE_SPLASH|boolean|true|`true`\|`false`|true=Enable default Raspberry Pi boot up rainbow splash screen|
186 186 |ENABLE_LOGO|boolean|true|`true`\|`false`|true=Enable default Raspberry Pi console logo (image of four raspberries in the top left corner)|
187 187 |ENABLE_SILENT_BOOT|boolean|false|`true`\|`false`|true=Set the verbosity of console messages shown during boot up to a strict minimum|
188 188 |DISABLE_UNDERVOLT_WARNINGS|integer||`1`\|`2`|Unset to keep default behaviour. Setting the parameter to `1` will disable the warning overlay. Setting it to `2` will additionally allow RPi2/3 turbo mode when low-voltage is present|
189 189
190 190 ---
191 191
192 192 #### Advanced system features:
193 193
194 194 |Option|Value|default value|value format|desciption|
195 195 |---|---|---|---|---|
196 196 |ENABLE_DPHYSSWAP|boolean|true|`true`\|`false`|Enable swap. The size of the swapfile is chosen relative to the size of the root partition. It'll use the `dphys-swapfile` package for that|
197 197 |ENABLE_SYSTEMDSWAP|boolean|false|`true`\|`false`|Enables [Systemd-swap service](https://github.com/Nefelim4ag/systemd-swap). Usefull if `KERNEL_ZSWAP` is enabled|
198 198 |ENABLE_QEMU|boolean|false|`true`\|`false`|Generate kernel (`vexpress_defconfig`), file system image (`qcow2`) and DTB files that can be used for QEMU full system emulation (`vexpress-A15`). The output files are stored in the `$(pwd)/images/qemu` directory. You can find more information about running the generated image in the QEMU section of this readme file|
199 199 |QEMU_BINARY|string||`FullPathToQemuBinaryFile`|Sets the QEMU enviornment for the Debian archive. **Set by RPI_MODEL**|
200 200 |ENABLE_KEYGEN|boolean|false|`true`\|`false`|Recover your lost codec license|
201 201 |ENABLE_MINBASE|boolean|false|`true`\|`false`|Use debootstrap script variant `minbase` which only includes essential packages and apt. This will reduce the disk usage by about 65 MB|
202 202 |ENABLE_SPLITFS|boolean|false|`true`\|`false`|Enable having root partition on an USB drive by creating two image files: one for the `/boot/firmware` mount point, and another for `/`|
203 203 |ENABLE_INITRAMFS|boolean|false|`true`\|`false`|Create an initramfs that that will be loaded during the Linux startup process. `ENABLE_INITRAMFS` will automatically get enabled if `ENABLE_CRYPTFS`=true. This parameter will be ignored if `BUILD_KERNEL`=false|
204 204 |ENABLE_DBUS|boolean|true|`true`\|`false`|Install and enable D-Bus message bus. Please note that systemd should work without D-bus but it's recommended to be enabled|
205 205 |ENABLE_USBBOOT|boolean|false|`true`\|`false`|true=prepare image for usbboot. use with `ENABLE_SPLTFS`=true|
206 206 |CHROOT_SCRIPTS|string||`FullPathToScriptFolder`|Full path to a directory with scripts that should be run in the chroot before the image is finally built. Every executable file in this directory is run in lexicographical order|
207 207 |ENABLE_UBOOT|boolean|false|`true`\|`false`|Replace the default RPi 0/1/2/3 second stage bootloader (bootcode.bin) with [U-Boot bootloader](https://git.denx.de/?p=u-boot.git;a=summary). U-Boot can boot images via the network using the BOOTP/TFTP protocol. RPI4 needs tbd|
208 208 |UBOOTSRC_DIR|string||`FullPathToUBootFolder`|Full path to a directory named `u-boot` of [U-Boot bootloader sources](https://git.denx.de/?p=u-boot.git;a=summary) that will be copied, configured, build and installed inside the chroot|
209 209 |ENABLE_FBTURBO|boolean|false|`true`\|`false`|Install and enable the [hardware accelerated Xorg video driver](https://github.com/ssvb/xf86-video-fbturbo) `fbturbo`. Please note that this driver is currently limited to hardware accelerated window moving and scrolling|
210 |ENABLE_GR_ACCEL|boolean|true|`true`\|`false`|Install and enable [one of the 3D graphics accelerators for Raspi4](https://www.raspberrypi.org/documentation/configuration/config-txt/video.md) `vc4-fkms-v3d`. Not compatible with `fbturbo` and installed for Raspberry4 only.
210 211 |FBTURBOSRC_DIR|string||`FullPathToFbTurboFolder`|Full path to a directory named `xf86-video-fbturbo` of [hardware accelerated Xorg video driver sources](https://github.com/ssvb/xf86-video-fbturbo) that will be copied, configured, build and installed inside the chroot|
211 212 |ENABLE_VIDEOCORE|boolean|false|`true`\|`false`|Install and enable the [ARM side libraries for interfacing to Raspberry Pi GPU](https://github.com/raspberrypi/userland) `vcgencmd`. Please note that this driver is currently limited to hardware accelerated window moving and scrolling|
212 213 |VIDEOCORESRC_DIR|string||`FullPathToVideoSrcFolder`|Full path to a directory named `userland` of [ARM side libraries for interfacing to Raspberry Pi GPU](https://github.com/raspberrypi/userland) that will be copied, configured, build and installed inside the chroot|
213 214 |ENABLE_NEXMON|boolean|false|`true`\|`false`|Install and enable the source code for a C-based firmware patching framework for Broadcom/Cypress WiFi chips that enables you to write your own firmware patches, for example, to enable monitor mode with radiotap headers and frame injection](https://github.com/seemoo-lab/nexmon.git)|
214 215 |NEXMONSRC_DIR|string||`FullPathToNexmonFolder`|Full path to a directory named `nexmon` of [Source code for ARM side libraries for interfacing to Raspberry Pi GPU](https://github.com/raspberrypi/userland) that will be copied, configured, build and installed inside the chroot|
215 216
216 217 ---
217 218
218 219 #### SSH settings:
219 220
220 221 |Option|Value|default value|value format|desciption|
221 222 |---|---|---|---|---|
222 223 |SSH_ENABLE_ROOT|boolean|false|`true`\|`false`|Enable password-based root login via SSH. This may be a security risk with the default password set, use only in trusted environments. `ENABLE_ROOT` must be set to `true`|
223 224 |SSH_DISABLE_PASSWORD_AUTH|boolean|false|`true`\|`false`|Disable password-based SSH authentication. Only public key based SSH (v2) authentication will be supported|
224 225 |SSH_LIMIT_USERS|boolean|false|`true`\|`false`|Limit the users that are allowed to login via SSH. Only allow user `USER_NAME`=pi and root if `SSH_ENABLE_ROOT`=true to login. This parameter will be ignored if `dropbear` SSH is used (`REDUCE_SSHD`=true)|
225 226 |SSH_ROOT_PUB_KEY|string||`PathToYourROOT`<br>`RSAPublicKeyFile`|Full path to file. Add SSH (v2) public key(s) from specified file to `authorized_keys` file to enable public key based SSH (v2) authentication of user `root`. The specified file can also contain multiple SSH (v2) public keys. SSH protocol version 1 is not supported. `ENABLE_ROOT` **and** `SSH_ENABLE_ROOT` must be set to `true`|
226 227 |SSH_USER_PUB_KEY|string||`PathToYourUSER`<br>`RSAPublicKeyFile`|Full path to file. Add SSH (v2) public key(s) from specified file to `authorized_keys` file to enable public key based SSH (v2) authentication of user `USER_NAME`=pi. The specified file can also contain multiple SSH (v2) public keys. SSH protocol version 1 is not supported|
227 228
228 229 ---
229 230
230 231 #### Kernel settings:
231 232
232 233 |Option|Value|default value|value format|desciption|
233 234 |---|---|---|---|---|
234 235 |BUILD_KERNEL||true|`true`\|`false`|Build and install the latest RPi 0/1/2/3/4 Linux kernel. The default RPi 0/1/2/3/ kernel configuration is used most of the time. ENABLE_NEXMON - Changes Kernel Source to [https://github.com/Re4son/](Kali Linux Kernel) Precompiled 32bit kernel for RPI0/1/2/3 by [https://github.com/hypriot/](hypriot) Precompiled 64bit kernel for RPI3/4 by [https://github.com/sakaki-/](sakaki)|
235 236 |CROSS_COMPILE|string|||This sets the cross-compile environment for the compiler. Set by RPI_MODEL|
236 237 |KERNEL_ARCH|string|||This sets the kernel architecture for the compiler. Set by RPI_MODEL|
237 238 |KERNEL_IMAGE|string|||Name of the image file in the boot partition. Set by RPI_MODEL|
238 239 |KERNEL_BRANCH|string|||Name of the requested branch from the GIT location for the RPi Kernel. Default is using the current default branch from the GIT site|
239 240 |KERNEL_DEFCONFIG|string|||Sets the default config for kernel compiling. Set by RPI_MODEL|
240 241 |KERNEL_THREADS|integer|1|`1`\|`2`\|`3`\|...|Number of threads to build the kernel. If not set, the script will automatically determine the maximum number of CPU cores to speed up kernel compilation|
241 242 |KERNEL_HEADERS|boolean|true|`true`\|`false`|Install kernel headers with the built kernel|
242 243 |KERNEL_MENUCONFIG|boolean|false|`true`\|`false`|Start `make menuconfig` interactive menu-driven kernel configuration. The script will continue after `make menuconfig` was terminated|
243 244 |KERNEL_OLDDEFCONFIG|boolean|false|`true`\|`false`|Run `make olddefconfig` to automatically set all new kernel configuration options to their recommended default values|
244 245 |KERNEL_CCACHE|boolean|false|`true`\|`false`|Compile the kernel using ccache. This speeds up kernel recompilation by caching previous compilations and detecting when the same compilation is being done again|
245 246 |KERNEL_REMOVESRC|boolean|true|`true`\|`false`|Remove all kernel sources from the generated OS image after it was built and installed|
246 247 |KERNELSRC_DIR|string||`FullPathToKernelSrcDir`|Full path to a directory named `linux` of [RaspberryPi Linux kernel sources](https://github.com/raspberrypi/linux) that will be copied, configured, build and installed inside the chroot|
247 248 |KERNELSRC_CLEAN|boolean|false|`true`\|`false`|Clean the existing kernel sources directory `KERNELSRC_DIR` (using `make mrproper`) after it was copied to the chroot and before the compilation of the kernel has started. This parameter will be ignored if no `KERNELSRC_DIR` was specified or if `KERNELSRC_PREBUILT`=true|
248 249 |KERNELSRC_CONFIG|boolean|true|`true`\|`false`|true=enable custom kernel options. This parameter is automatically set to `true` if no existing kernel sources directory was specified using `KERNELSRC_DIR`. This parameter is ignored if `KERNELSRC_PREBUILT`=true|
249 250 |KERNELSRC_USRCONFIG|string||`FullPathToUserKernel.config`|Copy own config file to kernel `.config`. If `KERNEL_MENUCONFIG`=true then running after copy|
250 251 |KERNELSRC_PREBUILT|boolean|false|`true`\|`false`|With this parameter set to true the script expects the existing kernel sources directory to be already successfully cross-compiled. The parameters `KERNELSRC_CLEAN`, `KERNELSRC_CONFIG`, `KERNELSRC_USRCONFIG` and `KERNEL_MENUCONFIG` are ignored and no kernel compilation tasks are performed|
251 252 |RPI_FIRMWARE_DIR|string||`FullPathToFolder`|Full path to a directory named `firmware`, containing a local copy of the firmware from the [RaspberryPi firmware project](https://github.com/raspberrypi/firmware). Default is to download the latest firmware directly from the project|
252 253 |KERNEL_DEFAULT_GOV|string|ondemand|`performance`\|`powersave`<br>\|`userspace`\|`ondemand`<br>\|`conservative`\|`schedutil`|Set the default cpu governor at kernel compilation|
253 254 |KERNEL_NF|boolean|false|`true`\|`false`|Enable Netfilter modules as kernel modules. You want that for iptables|
254 255 |KERNEL_VIRT|boolean|false|`true`\|`false`|Enable Kernel KVM support (/dev/kvm)|
255 256 |KERNEL_ZSWAP|boolean|false|`true`\|`false`|Enable Kernel Zswap support. Best use on high RAM load and mediocre CPU load usecases|
256 257 |KERNEL_BPF|boolean|true|`true`\|`false`|Allow attaching eBPF programs to a cgroup using the bpf syscall (CONFIG_BPF_SYSCALL CONFIG_CGROUP_BPF) [systemd wants it - File /lib/systemd/system/systemd-journald.server:36 configures an IP firewall (IPAddressDeny=all), but the local system does not support BPF/cgroup based firewalls]|
257 258 |KERNEL_SECURITY|boolean|false|`true`\|`false`|Enables Apparmor, integrity subsystem, auditing|
258 259 |KERNEL_BTRFS|boolean|false|`true`\|`false`|enable btrfs kernel support|
259 260 |KERNEL_POEHAT|boolean|false|`true`\|`false`|enable Enable RPI POE HAT fan kernel support|
260 261 |KERNEL_NSPAWN|boolean|false|`true`\|`false`|Enable per-interface network priority control - for systemd-nspawn|
261 262 |KERNEL_DHKEY|boolean|true|`true`\|`false`|Diffie-Hellman operations on retained keys - required for >keyutils-1.6|
262 263
263 264 ---
264 265
265 266 #### Reduce disk usage:
266 267 The following list of parameters is ignored if `ENABLE_REDUCE`=false.
267 268
268 269 |Option|Value|default value|value format|desciption|
269 270 |---|---|---|---|---|
270 271 |ENABLE_REDUCE|boolean|false|`true`\|`false`|Reduce the disk space usage by deleting packages and files. See `REDUCE_*` parameters for detailed information|
271 272 |REDUCE_APT|boolean|true|`true`\|`false`|Configure APT to use compressed package repository lists and no package caching files|
272 273 |REDUCE_DOC|boolean|false|`true`\|`false`|Remove all doc files (harsh). Configure APT to not include doc files on future `apt-get` package installations|
273 274 |REDUCE_MAN|boolean|false|`true`\|`false`|Remove all man pages and info files (harsh). Configure APT to not include man pages on future `apt-get` package installations|
274 275 |REDUCE_VIM|boolean|false|`true`\|`false`|Replace `vim-tiny` package by `levee` a tiny vim clone|
275 276 |REDUCE_BASH|boolean|false|`true`\|`false`|Remove `bash` package and switch to `dash` shell (experimental)|
276 277 |REDUCE_HWDB|boolean|false|`true`\|`false`|Remove PCI related hwdb files (experimental)|
277 278 |REDUCE_SSHD|boolean|false|`true`\|`false`|Replace `openssh-server` with `dropbear`|
278 279 |REDUCE_LOCALE|boolean|false|`true`\|`false`|Remove all `locale` translation files|
279 280 |REDUCE_KERNEL|boolean|false|`true`\|`false`|Reduce the size of the generated kernel by removing unwanted devices, network and filesystem drivers (experimental)|
280 281 ---
281 282
282 283 #### Encrypted root partition:
283 284 #### On first boot, you will be asked to enter you password several time
284 285 #### See cryptsetup options for a more information about opttion values(https://wiki.archlinux.org/index.php/Dm-crypt/Device_encryption)
285 286
286 287 |Option|Value|default value|value format|desciption|
287 288 |---|---|---|---|---|
288 289 |ENABLE_CRYPTFS|boolean|false|`true`\|`false`|Enable full system encryption with dm-crypt. Setup a fully LUKS encrypted root partition (aes-xts-plain64:sha512) and generate required initramfs. The /boot directory will not be encrypted. This parameter will be ignored if `BUILD_KERNEL`=false. `ENABLE_CRYPTFS` is experimental|
289 290 |CRYPTFS_PASSWORD|string||`YourPasswordToUnlockCrypto`|Set password of the encrypted root partition. This parameter is mandatory if `ENABLE_CRYPTFS`=true|
290 291 |CRYPTFS_MAPPING|string|secure|`YourDevMNapperName`|crypsetup device-mapper name|
291 292 |CRYPTFS_CIPHER|string|aes-xts-plain64|`aes-cbc-essiv:sha256`|cryptsetup cipher `aes-xts*` ciphers are strongly recommended|
292 293 |CRYPTFS_HASH|string|sha256|`sha256`\|`sha512`|cryptsetup hash algorithm|
293 294 |CRYPTFS_XTSKEYSIZE|integer|256|`256`\|`512`||Sets key size in bits. The argument has to be a multiple of 8|
294 295 |CRYPTFS_DROPBEAR|boolean|false|`true`\|`false`|true=Enable Dropbear Initramfs support\|false=disable dropbear|
295 296 |CRYPTFS_DROPBEAR_PUBKEY|string||`PathToYourPublicDropbearKeyFile`|Full path to dropbear Public RSA-OpenSSH Key|
296 297
297 298 ---
298 299
299 300 #### Build settings:
300 301 |Option|Value|default value|value format|desciption|
301 302 |---|---|---|---|---|
302 303 |BASEDIR|string||`FullPathToScriptRootDir`|If unset start from scriptroot or set to Full path to rpi123-gen-image directory|
303 304 |IMAGE_NAME|string||`YourImageName`|if unset creates a name after this template: rpi`RPI_MODEL`-`RELEASE`-`RELEASE_ARCH`|
304 305
305 306 ---
306 307
307 308 ## Understanding the script
308 309 The functions of this script that are required for the different stages of the bootstrapping are split up into single files located inside the `bootstrap.d` directory. During the bootstrapping every script in this directory gets executed in lexicographical order:
309 310
310 311 | Script | Description |
311 312 | --- | --- |
312 313 | `10-bootstrap.sh` | Debootstrap basic system |
313 314 | `11-apt.sh` | Setup APT repositories |
314 315 | `12-locale.sh` | Setup Locales and keyboard settings |
315 316 | `13-kernel.sh` | Build and install RPi 0/1/2/3 Kernel |
316 317 | `14-fstab.sh` | Setup fstab and initramfs |
317 318 | `15-rpi-config.sh` | Setup RPi 0/1/2/3 config and cmdline |
318 319 | `20-networking.sh` | Setup Networking |
319 320 | `21-firewall.sh` | Setup Firewall |
320 321 | `30-security.sh` | Setup Users and Security settings |
321 322 | `31-logging.sh` | Setup Logging |
322 323 | `32-sshd.sh` | Setup SSH and public keys |
323 324 | `41-uboot.sh` | Build and Setup U-Boot |
324 325 | `42-fbturbo.sh` | Build and Setup fbturbo Xorg driver |
325 326 | `43-videocore.sh` | Build and Setup videocore libraries |
326 327 | `50-firstboot.sh` | First boot actions |
327 328 | `99-reduce.sh` | Reduce the disk space usage |
328 329
329 330 All the required configuration files that will be copied to the generated OS image are located inside the `files` directory. It is not recommended to modify these configuration files manually.
330 331
331 332 | Directory | Description |
332 333 | --- | --- |
333 334 | `apt` | APT management configuration files |
334 335 | `boot` | Boot and RPi 0/1/2/3 configuration files |
335 336 | `dpkg` | Package Manager configuration |
336 337 | `etc` | Configuration files and rc scripts |
337 338 | `firstboot` | Scripts that get executed on first boot |
338 339 | `initramfs` | Initramfs scripts |
339 340 | `iptables` | Firewall configuration files |
340 341 | `locales` | Locales configuration |
341 342 | `modules` | Kernel Modules configuration |
342 343 | `mount` | Fstab configuration |
343 344 | `network` | Networking configuration files |
344 345 | `sysctl.d` | Swapping and Network Hardening configuration |
345 346 | `xorg` | fbturbo Xorg driver configuration |
346 347
347 348 ## Custom packages and scripts
348 349 Debian custom packages, i.e. those not in the debian repositories, can be installed by placing them in the `packages` directory. They are installed immediately after packages from the repositories are installed. Any dependencies listed in the custom packages will be downloaded automatically from the repositories. Do not list these custom packages in `APT_INCLUDES`.
349 350
350 351 Scripts in the custom.d directory will be executed after all other installation is complete but before the image is created.
351 352
352 353 ## Logging of the bootstrapping process
353 354 All information related to the bootstrapping process and the commands executed by the `rpi23-gen-image.sh` script can easily be saved into a logfile. The common shell command `script` can be used for this purpose:
354 355
355 356 ```shell
356 357 script -c 'APT_SERVER=ftp.de.debian.org ./rpi23-gen-image.sh' ./build.log
357 358 ```
358 359
359 360 ## Flashing the image file
360 361 After the image file was successfully created by the `rpi23-gen-image.sh` script it can be copied to the microSD card that will be used by the RPi 0/1/2/3 computer. This can be performed by using the tools `bmaptool` or `dd`. Using `bmaptool` will probably speed-up the copy process because `bmaptool` copies more wisely than `dd`.
361 362
362 363 ##### Flashing examples:
363 364 ```shell
364 365 bmaptool copy ./images/buster/2017-01-23-rpi3-buster.img /dev/mmcblk0
365 366 dd bs=4M if=./images/buster/2017-01-23-rpi3-buster.img of=/dev/mmcblk0
366 367 ```
367 368 If you have set `ENABLE_SPLITFS`, copy the `-frmw` image on the microSD card, then the `-root` one on the USB drive:
368 369 ```shell
369 370 bmaptool copy ./images/buster/2017-01-23-rpi3-buster-frmw.img /dev/mmcblk0
370 371 bmaptool copy ./images/buster/2017-01-23-rpi3-buster-root.img /dev/sdc
371 372 ```
372 373
373 374 ## QEMU emulation
374 375 Start QEMU full system emulation:
375 376 ```shell
376 377 qemu-system-arm -m 2048M -M vexpress-a15 -cpu cortex-a15 -kernel kernel7.img -no-reboot -dtb vexpress-v2p-ca15_a7.dtb -sd ${IMAGE_NAME}.qcow2 -append "root=/dev/mmcblk0p2 rw rootfstype=ext4 console=tty1"
377 378 ```
378 379
379 380 Start QEMU full system emulation and output to console:
380 381 ```shell
381 382 qemu-system-arm -m 2048M -M vexpress-a15 -cpu cortex-a15 -kernel kernel7.img -no-reboot -dtb vexpress-v2p-ca15_a7.dtb -sd ${IMAGE_NAME}.qcow2 -append "root=/dev/mmcblk0p2 rw rootfstype=ext4 console=ttyAMA0,115200 init=/bin/systemd" -serial stdio
382 383 ```
383 384
384 385 Start QEMU full system emulation with SMP and output to console:
385 386 ```shell
386 387 qemu-system-arm -m 2048M -M vexpress-a15 -cpu cortex-a15 -smp cpus=2,maxcpus=2 -kernel kernel7.img -no-reboot -dtb vexpress-v2p-ca15_a7.dtb -sd ${IMAGE_NAME}.qcow2 -append "root=/dev/mmcblk0p2 rw rootfstype=ext4 console=ttyAMA0,115200 init=/bin/systemd" -serial stdio
387 388 ```
388 389
389 390 Start QEMU full system emulation with cryptfs, initramfs and output to console:
390 391 ```shell
391 392 qemu-system-arm -m 2048M -M vexpress-a15 -cpu cortex-a15 -kernel kernel7.img -no-reboot -dtb vexpress-v2p-ca15_a7.dtb -sd ${IMAGE_NAME}.qcow2 -initrd "initramfs-${KERNEL_VERSION}" -append "root=/dev/mapper/secure cryptdevice=/dev/mmcblk0p2:secure rw rootfstype=ext4 console=ttyAMA0,115200 init=/bin/systemd" -serial stdio
392 393 ```
393 394
394 395 ## External links and references
395 396 * [Debian worldwide mirror sites](https://www.debian.org/mirror/list)
396 397 * [Debian Raspberry Pi 2 Wiki](https://wiki.debian.org/RaspberryPi2)
397 398 * [Debian CrossToolchains Wiki](https://wiki.debian.org/CrossToolchains)
398 399 * [Official Raspberry Pi Firmware on github](https://github.com/raspberrypi/firmware)
399 400 * [Official Raspberry Pi Kernel on github](https://github.com/raspberrypi/linux)
400 401 * [U-BOOT git repository](https://git.denx.de/?p=u-boot.git;a=summary)
401 * [Xorg DDX driver fbturbo](https://github.com/ssvb/xf86-video-fbturbo)
402 * [Xorg DDX driver #FFFFFF#FFFFFF#FFFFFF](https://github.com/ssvb/xf86-video-fbturbo)
402 403 * [RPi3 Wireless interface firmware](https://github.com/RPi-Distro/firmware-nonfree/tree/master/brcm)
403 404 * [Collabora RPi2 Kernel precompiled](https://repositories.collabora.co.uk/debian/)
Show file before | Show file after | Hide comments
@@ -1,923 +1,923
1 1 #!/bin/sh
2 2 ########################################################################
3 3 # rpi23-gen-image.sh 2015-2017
4 4 #
5 5 # Advanced Debian "stretch" and "buster" bootstrap script for Raspberry Pi
6 6 #
7 7 # This program is free software; you can redistribute it and/or
8 8 # modify it under the terms of the GNU General Public License
9 9 # as published by the Free Software Foundation; either version 2
10 10 # of the License, or (at your option) any later version.
11 11 #
12 12 # Copyright (C) 2015 Jan Wagner <mail@jwagner.eu>
13 13 #
14 14 # Big thanks for patches and enhancements by 20+ github contributors!
15 15 ########################################################################
16 16
17 17 # Are we running as root?
18 18 if [ "$(id -u)" -ne "0" ] ; then
19 19 echo "error: this script must be executed with root privileges!"
20 20 exit 1
21 21 fi
22 22
23 23 # Check if ./functions.sh script exists
24 24 if [ ! -r "./functions.sh" ] ; then
25 25 echo "error: './functions.sh' required script not found!"
26 26 exit 1
27 27 fi
28 28
29 29 # Load utility functions
30 30 . ./functions.sh
31 31
32 32 # Load parameters from configuration template file
33 33 if [ -n "$CONFIG_TEMPLATE" ] ; then
34 34 use_template
35 35 fi
36 36
37 37 # Introduce settings
38 38 set -e
39 39 echo -n -e "\n#\n# RPi 0/1/2/3/4 Bootstrap Settings\n#\n"
40 40 set -x
41 41
42 42 # Raspberry Pi model configuration
43 43 RPI_MODEL=${RPI_MODEL:=3P}
44 44
45 45 # Debian release
46 46 RELEASE=${RELEASE:=buster}
47 47 if [ $RELEASE = "bullseye" ] ; then
48 48 RELEASE=testing
49 49 fi
50 50
51 51 # Kernel Branch
52 52 KERNEL_BRANCH=${KERNEL_BRANCH:=""}
53 53
54 54 # URLs
55 55 KERNEL_URL=${KERNEL_URL:=https://github.com/raspberrypi/linux}
56 56 FIRMWARE_URL=${FIRMWARE_URL:=https://github.com/raspberrypi/firmware/raw/master/boot}
57 57 WLAN_FIRMWARE_URL=${WLAN_FIRMWARE_URL:=https://github.com/RPi-Distro/firmware-nonfree/raw/master/brcm}
58 58 FBTURBO_URL=${FBTURBO_URL:=https://github.com/ssvb/xf86-video-fbturbo.git}
59 59 UBOOT_URL=${UBOOT_URL:=https://git.denx.de/u-boot.git}
60 60 VIDEOCORE_URL=${VIDEOCORE_URL:=https://github.com/raspberrypi/userland}
61 61 BLUETOOTH_URL=${BLUETOOTH_URL:=https://github.com/RPi-Distro/pi-bluetooth.git}
62 62 NEXMON_URL=${NEXMON_URL:=https://github.com/seemoo-lab/nexmon.git}
63 63 SYSTEMDSWAP_URL=${SYSTEMDSWAP_URL:=https://github.com/Nefelim4ag/systemd-swap.git}
64 64
65 65 # Kernel deb packages for 32bit kernel
66 66 RPI_32_KERNEL_URL=${RPI_32_KERNEL_URL:=https://github.com/hypriot/rpi-kernel/releases/download/v4.14.34/raspberrypi-kernel_20180422-141901_armhf.deb}
67 67 RPI_32_KERNELHEADER_URL=${RPI_32_KERNELHEADER_URL:=https://github.com/hypriot/rpi-kernel/releases/download/v4.14.34/raspberrypi-kernel-headers_20180422-141901_armhf.deb}
68 68 # Kernel has KVM and zswap enabled - use if KERNEL_* parameters and precompiled kernel are used
69 69 RPI3_64_BIS_KERNEL_URL=${RPI3_64_BIS_KERNEL_URL:=https://github.com/sakaki-/bcmrpi3-kernel-bis/releases/download/4.19.102.20200211/bcmrpi3-kernel-bis-4.19.102.20200211.tar.xz}
70 70 # Default precompiled 64bit kernel
71 71 RPI3_64_DEF_KERNEL_URL=${RPI3_64_DEF_KERNEL_URL:=https://github.com/sakaki-/bcmrpi3-kernel/releases/download/4.19.102.20200211/bcmrpi3-kernel-4.19.102.20200211.tar.xz}
72 72 # Sakaki BIS Kernel RPI4 - https://github.com/sakaki-/bcm2711-kernel-bis
73 73 RPI4_64_BIS_KERNEL_URL=${RPI4_64_BIS_KERNEL_URL:=https://github.com/sakaki-/bcm2711-kernel-bis/releases/download/4.19.102.20200211/bcm2711-kernel-bis-4.19.102.20200211.tar.xz}
74 74 # Default precompiled 64bit kernel - https://github.com/sakaki-/bcm2711-kernel
75 75 RPI4_64_DEF_KERNEL_URL=${RPI4_64_DEF_KERNEL_URL:=https://github.com/sakaki-/bcm2711-kernel-bis/releases/download/4.19.102.20200211/bcm2711-kernel-bis-4.19.102.20200211.tar.xz}
76 76 # Generic
77 77 RPI3_64_KERNEL_URL=${RPI3_64_KERNEL_URL:=$RPI3_64_DEF_KERNEL_URL}
78 78 RPI4_64_KERNEL_URL=${RPI4_64_KERNEL_URL:=$RPI4_64_DEF_KERNEL_URL}
79 79 # Kali kernel src - used if ENABLE_NEXMON=true (they patch the wlan kernel modul)
80 80 KALI_KERNEL_URL=${KALI_KERNEL_URL:=https://github.com/Re4son/re4son-raspberrypi-linux.git}
81 81
82 82 # Build directories
83 83 WORKDIR=$(pwd)
84 84 BASEDIR=${BASEDIR:=${WORKDIR}/images/${RELEASE}}
85 85 BUILDDIR="${BASEDIR}/build"
86 86
87 87 # Chroot directories
88 88 R="${BUILDDIR}/chroot"
89 89 ETC_DIR="${R}/etc"
90 90 LIB_DIR="${R}/lib"
91 91 BOOT_DIR="${R}/boot/firmware"
92 92 KERNEL_DIR="${R}/usr/src/linux"
93 93 WLAN_FIRMWARE_DIR="${LIB_DIR}/firmware/brcm"
94 94 BLUETOOTH_FIRMWARE_DIR="${ETC_DIR}/firmware/bt"
95 95
96 96 # APT settings
97 97 APT_SERVER=${APT_SERVER:="ftp.debian.org"}
98 98 APT_PROXY=${APT_PROXY:=""}
99 99 KEEP_APT_PROXY=${KEEP_APT_PROXY:=false}
100 100 # Packages required in the chroot build environment
101 101 APT_INCLUDES=${APT_INCLUDES:=""}
102 102 APT_INCLUDES="${APT_INCLUDES},apt-transport-https,apt-utils,ca-certificates,debian-archive-keyring,dialog,sudo,systemd,sysvinit-utils,locales,keyboard-configuration,console-setup,libnss-systemd"
103 103 # Packages to exclude from chroot build environment
104 104 APT_EXCLUDES=${APT_EXCLUDES:=""}
105 105
106 106 # General settings
107 107 SET_ARCH=${SET_ARCH:=32}
108 108 HOSTNAME=${HOSTNAME:=rpi${RPI_MODEL}-${RELEASE}}
109 109 DEFLOCAL=${DEFLOCAL:="en_US.UTF-8"}
110 110 TIMEZONE=${TIMEZONE:="Europe/Berlin"}
111 111 EXPANDROOT=${EXPANDROOT:=true}
112 112
113 113 ENABLE_ROOT=${ENABLE_ROOT:=false}
114 114 ROOT_PASSWORD=${ROOT_PASSWORD:=raspberry}
115 115 ENABLE_USER=${ENABLE_USER:=true}
116 116 USER_NAME=${USER_NAME:="pi"}
117 117 USER_PASSWORD=${USER_PASSWORD:=raspberry}
118 118
119 119 # Keyboard settings
120 120 XKB_MODEL=${XKB_MODEL:=""}
121 121 XKB_LAYOUT=${XKB_LAYOUT:=""}
122 122 XKB_VARIANT=${XKB_VARIANT:=""}
123 123 XKB_OPTIONS=${XKB_OPTIONS:=""}
124 124
125 125 # Networking settings:
126 126 ENABLE_IPV6=${ENABLE_IPV6:=true}
127 127 ENABLE_WIRELESS=${ENABLE_WIRELESS:=false}
128 128 ENABLE_IPTABLES=${ENABLE_IPTABLES:=false}
129 129 ENABLE_HARDNET=${ENABLE_HARDNET:=false}
130 130 ENABLE_IFNAMES=${ENABLE_IFNAMES:=true}
131 131
132 132 # Network settings (DHCP)
133 133 ENABLE_ETH_DHCP=${ENABLE_ETH_DHCP:=true}
134 134 ENABLE_WIFI_DHCP=${ENABLE_ETH_DHCP:=true}
135 135
136 136 # Network settings (static)
137 137 NET_ETH_ADDRESS=${NET_ETH_ADDRESS:=""}
138 138 NET_ETH_GATEWAY=${NET_ETH_GATEWAY:=""}
139 139 NET_ETH_DNS_1=${NET_ETH_DNS_1:=""}
140 140 NET_ETH_DNS_2=${NET_ETH_DNS_2:=""}
141 141 NET_ETH_DNS_DOMAINS=${NET_ETH_DNS_DOMAINS:=""}
142 142 NET_ETH_NTP_1=${NET_ETH_NTP_1:=""}
143 143 NET_ETH_NTP_2=${NET_ETH_NTP_2:=""}
144 144
145 145 # Networking settings (WIFI):
146 146 NET_WIFI_SSID=${NET_WIFI_SSID:=""}
147 147 NET_WIFI_PSK=${NET_WIFI_PSK:=""}
148 148
149 149 # Network settings (static)
150 150 NET_WIFI_ADDRESS=${NET_WIFI_ADDRESS:=""}
151 151 NET_WIFI_GATEWAY=${NET_WIFI_GATEWAY:=""}
152 152 NET_WIFI_DNS_1=${NET_WIFI_DNS_1:=""}
153 153 NET_WIFI_DNS_2=${NET_WIFI_DNS_2:=""}
154 154 NET_WIFI_DNS_DOMAINS=${NET_WIFI_DNS_DOMAINS:=""}
155 155 NET_WIFI_NTP_1=${NET_WIFI_NTP_1:=""}
156 156 NET_WIFI_NTP_2=${NET_WIFI_NTP_2:=""}
157 157
158 158 # Feature settings
159 159 ENABLE_CONSOLE=${ENABLE_CONSOLE:=false}
160 160 ENABLE_PRINTK=${ENABLE_PRINTK:=false}
161 161 ENABLE_BLUETOOTH=${ENABLE_BLUETOOTH:=false}
162 162 ENABLE_MINIUART_OVERLAY=${ENABLE_MINIUART_OVERLAY:=false}
163 163 ENABLE_TURBO=${ENABLE_TURBO:=false}
164 164 ENABLE_I2C=${ENABLE_I2C:=false}
165 165 ENABLE_SPI=${ENABLE_SPI:=false}
166 166
167 167 ENABLE_NONFREE=${ENABLE_NONFREE:=false}
168 168 ENABLE_RSYSLOG=${ENABLE_RSYSLOG:=true}
169 169 ENABLE_SOUND=${ENABLE_SOUND:=false}
170 170 ENABLE_HWRANDOM=${ENABLE_HWRANDOM:=true}
171 171 ENABLE_MINGPU=${ENABLE_MINGPU:=false}
172 172 ENABLE_XORG=${ENABLE_XORG:=false}
173 173 ENABLE_WM=${ENABLE_WM:=""}
174 174 ENABLE_SYSVINIT=${ENABLE_SYSVINIT:=false}
175 175 ENABLE_SPLASH=${ENABLE_SPLASH:=true}
176 176 ENABLE_LOGO=${ENABLE_LOGO:=true}
177 177 ENABLE_SILENT_BOOT=${ENABLE_SILENT_BOOT=false}
178 178 DISABLE_UNDERVOLT_WARNINGS=${DISABLE_UNDERVOLT_WARNINGS:=}
179 179
180 180 # Advanced settings
181 181 ENABLE_DPHYSSWAP=${ENABLE_DPHYSSWAP:=true}
182 182 ENABLE_SYSTEMDSWAP=${ENABLE_SYSTEMDSWAP:=false}
183 183 ENABLE_QEMU=${ENABLE_QEMU:=false}
184 184 ENABLE_KEYGEN=${ENABLE_KEYGEN:=false}
185 185 ENABLE_MINBASE=${ENABLE_MINBASE:=false}
186 186 ENABLE_SPLITFS=${ENABLE_SPLITFS:=false}
187 187 ENABLE_INITRAMFS=${ENABLE_INITRAMFS:=false}
188 188 ENABLE_DBUS=${ENABLE_DBUS:=true}
189 189 ENABLE_USBBOOT=${ENABLE_USBBOOT=false}
190 190 CHROOT_SCRIPTS=${CHROOT_SCRIPTS:=""}
191 191 ENABLE_UBOOT=${ENABLE_UBOOT:=false}
192 192 UBOOTSRC_DIR=${UBOOTSRC_DIR:=""}
193 193 ENABLE_FBTURBO=${ENABLE_FBTURBO:=false}
194 ENABLE_GR_ACCEL=$ENABLE_GR_ACCEL:=true}
194 ENABLE_GR_ACCEL=${ENABLE_GR_ACCEL:=true}
195 195 FBTURBOSRC_DIR=${FBTURBOSRC_DIR:=""}
196 196 ENABLE_VIDEOCORE=${ENABLE_VIDEOCORE:=false}
197 197 VIDEOCORESRC_DIR=${VIDEOCORESRC_DIR:=""}
198 198 ENABLE_NEXMON=${ENABLE_NEXMON:=false}
199 199 NEXMONSRC_DIR=${NEXMONSRC_DIR:=""}
200 200
201 201 # SSH settings
202 202 SSH_ENABLE=${SSH_ENABLE:=true}
203 203 SSH_ENABLE_ROOT=${SSH_ENABLE_ROOT:=false}
204 204 SSH_DISABLE_PASSWORD_AUTH=${SSH_DISABLE_PASSWORD_AUTH:=false}
205 205 SSH_LIMIT_USERS=${SSH_LIMIT_USERS:=false}
206 206 SSH_ROOT_PUB_KEY=${SSH_ROOT_PUB_KEY:=""}
207 207 SSH_USER_PUB_KEY=${SSH_USER_PUB_KEY:=""}
208 208
209 209 # Kernel compilation settings
210 210 BUILD_KERNEL=${BUILD_KERNEL:=true}
211 211 KERNEL_THREADS=${KERNEL_THREADS:=1}
212 212 KERNEL_HEADERS=${KERNEL_HEADERS:=true}
213 213 KERNEL_MENUCONFIG=${KERNEL_MENUCONFIG:=false}
214 214 KERNEL_OLDDEFCONFIG=${KERNEL_OLDDEFCONFIG:=false}
215 215 KERNEL_CCACHE=${KERNEL_CCACHE:=false}
216 216 KERNEL_REMOVESRC=${KERNEL_REMOVESRC:=true}
217 217 KERNELSRC_DIR=${KERNELSRC_DIR:=""}
218 218 KERNELSRC_CLEAN=${KERNELSRC_CLEAN:=false}
219 219 KERNELSRC_CONFIG=${KERNELSRC_CONFIG:=true}
220 220 KERNELSRC_USRCONFIG=${KERNELSRC_USRCONFIG:=""}
221 221 KERNELSRC_PREBUILT=${KERNELSRC_PREBUILT:=false}
222 222 # Firmware directory: Blank if download from github
223 223 RPI_FIRMWARE_DIR=${RPI_FIRMWARE_DIR:=""}
224 224 KERNEL_DEFAULT_GOV=${KERNEL_DEFAULT_GOV:=ondemand}
225 225 KERNEL_NF=${KERNEL_NF:=false}
226 226 KERNEL_VIRT=${KERNEL_VIRT:=false}
227 227 KERNEL_ZSWAP=${KERNEL_ZSWAP:=false}
228 228 KERNEL_BPF=${KERNEL_BPF:=false}
229 229 KERNEL_SECURITY=${KERNEL_SECURITY:=false}
230 230 KERNEL_BTRFS=${KERNEL_BTRFS:=false}
231 231 KERNEL_POEHAT=${KERNEL_POEHAT:=false}
232 232 KERNEL_NSPAN=${KERNEL_NSPAN:=false}
233 233 KERNEL_DHKEY=${KERNEL_DHKEY:=true}
234 234
235 235 # Reduce disk usage settings
236 236 ENABLE_REDUCE=${ENABLE_REDUCE:=false}
237 237 REDUCE_APT=${REDUCE_APT:=true}
238 238 REDUCE_DOC=${REDUCE_DOC:=false}
239 239 REDUCE_MAN=${REDUCE_MAN:=false}
240 240 REDUCE_VIM=${REDUCE_VIM:=false}
241 241 REDUCE_BASH=${REDUCE_BASH:=false}
242 242 REDUCE_HWDB=${REDUCE_HWDB:=false}
243 243 REDUCE_SSHD=${REDUCE_SSHD:=false}
244 244 REDUCE_LOCALE=${REDUCE_LOCALE:=false}
245 245 REDUCE_KERNEL=${REDUCE_KERNEL:=false}
246 246
247 247 # Encrypted filesystem settings
248 248 ENABLE_CRYPTFS=${ENABLE_CRYPTFS:=false}
249 249 CRYPTFS_PASSWORD=${CRYPTFS_PASSWORD:=""}
250 250 CRYPTFS_MAPPING=${CRYPTFS_MAPPING:="secure"}
251 251 CRYPTFS_CIPHER=${CRYPTFS_CIPHER:="aes-xts-plain64"}
252 252 CRYPTFS_HASH=${CRYPTFS_HASH:="sha256"}
253 253 CRYPTFS_XTSKEYSIZE=${CRYPTFS_XTSKEYSIZE:=256}
254 254 #Dropbear-initramfs supports unlocking encrypted filesystem via SSH on bootup
255 255 CRYPTFS_DROPBEAR=${CRYPTFS_DROPBEAR:=false}
256 256 #Provide your own Dropbear Public RSA-OpenSSH Key otherwise it will be generated
257 257 CRYPTFS_DROPBEAR_PUBKEY=${CRYPTFS_DROPBEAR_PUBKEY:=""}
258 258
259 259 # Packages required for bootstrapping
260 260 REQUIRED_PACKAGES="debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git bc psmisc dbus bison flex libssl-dev sudo"
261 261 MISSING_PACKAGES=""
262 262
263 263 # Packages installed for c/c++ build environment in chroot (keep empty)
264 264 COMPILER_PACKAGES=""
265 265
266 266 # Check if apt-cacher-ng has port 3142 open and set APT_PROXY
267 267 APT_CACHER_RUNNING=$(lsof -i :3142 | cut -d ' ' -f3 | uniq | sed '/^\s*$/d')
268 268 if [ "${APT_CACHER_RUNNING}" = "apt-cacher-ng" ] ; then
269 269 APT_PROXY=http://127.0.0.1:3142/
270 270 fi
271 271
272 272 # Setup architecture specific settings
273 273 if [ -n "$SET_ARCH" ] ; then
274 274 ## 64-bit configuration
275 275 if [ "$SET_ARCH" = 64 ] ; then
276 276 ### General 64-bit depended settings
277 277 QEMU_BINARY=${QEMU_BINARY:=/usr/bin/qemu-aarch64-static}
278 278 KERNEL_ARCH=${KERNEL_ARCH:=arm64}
279 279 KERNEL_BIN_IMAGE=${KERNEL_BIN_IMAGE:="Image"}
280 280
281 281 ### Raspberry Pi 64-bit model specific settings
282 282 if [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] || [ "$RPI_MODEL" = 4 ] ; then
283 283 if [ "$RPI_MODEL" != 4 ] ; then
284 284 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcmrpi3_defconfig}
285 285 else
286 286 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcm2711_defconfig}
287 287 fi
288 288
289 289 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-arm64"
290 290 RELEASE_ARCH=${RELEASE_ARCH:=arm64}
291 291 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel8.img}
292 292 CROSS_COMPILE=${CROSS_COMPILE:=aarch64-linux-gnu-}
293 293
294 294 else
295 295 echo "error: Only Raspberry PI 3, 3B+ and 4 support 64-bit"
296 296 exit 1
297 297 fi
298 298 fi
299 299
300 300 ## 32-bit configuration
301 301 if [ "$SET_ARCH" = 32 ] ; then
302 302 ### General 32-bit dependend settings
303 303 QEMU_BINARY=${QEMU_BINARY:=/usr/bin/qemu-arm-static}
304 304 KERNEL_ARCH=${KERNEL_ARCH:=arm}
305 305 KERNEL_BIN_IMAGE=${KERNEL_BIN_IMAGE:="zImage"}
306 306
307 307 ### Raspberry Pi (0-1P) model specific settings
308 308 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 1 ] || [ "$RPI_MODEL" = 1P ] ; then
309 309 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-armel"
310 310 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcmrpi_defconfig}
311 311 RELEASE_ARCH=${RELEASE_ARCH:=armel}
312 312 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel.img}
313 313 CROSS_COMPILE=${CROSS_COMPILE:=arm-linux-gnueabi-}
314 314 if [ $ENABLE_XORG = true ] ; then
315 315 if [$RELEASE = "stretch" ] || [$RELEASE = "oldstable" ] ; then
316 316 printf "\nBest support for armel architecture is provided under Debian stretch/oldstable. Choose yes to change release to Debian stretch[y/n] "
317 317 read -r confirm
318 318 if [ "$confirm" = "y" ] ; then
319 319 $RELEASE = "stretch"
320 320 fi
321 321 fi
322 322 fi
323 323 fi
324 324 ### Raspberry Pi (2-4) model specific settings
325 325 if [ "$RPI_MODEL" = 2 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] || [ "$RPI_MODEL" = 4 ] ; then
326 326 if [ "$RPI_MODEL" != 4 ] ; then
327 327 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcm2709_defconfig}
328 328 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel7.img}
329 329 else
330 330 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcm2711_defconfig}
331 331 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel7l.img}
332 332 fi
333 333
334 334 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-armhf"
335 335 RELEASE_ARCH=${RELEASE_ARCH:=armhf}
336 336
337 337 CROSS_COMPILE=${CROSS_COMPILE:=arm-linux-gnueabihf-}
338 338 fi
339 339 fi
340 340
341 341 # SET_ARCH not set
342 342 else
343 343 echo "error: Please set '32' or '64' as value for SET_ARCH"
344 344 exit 1
345 345 fi
346 346 # Device specific configuration and U-Boot configuration
347 347 case "$RPI_MODEL" in
348 348 0)
349 349 DTB_FILE=${DTB_FILE:=bcm2708-rpi-0-w.dtb}
350 350 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_defconfig}
351 351 ;;
352 352 1)
353 353 DTB_FILE=${DTB_FILE:=bcm2708-rpi-b.dtb}
354 354 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_defconfig}
355 355 ;;
356 356 1P)
357 357 DTB_FILE=${DTB_FILE:=bcm2708-rpi-b-plus.dtb}
358 358 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_defconfig}
359 359 ;;
360 360 2)
361 361 DTB_FILE=${DTB_FILE:=bcm2709-rpi-2-b.dtb}
362 362 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_2_defconfig}
363 363 ;;
364 364 3)
365 365 DTB_FILE=${DTB_FILE:=bcm2710-rpi-3-b.dtb}
366 366 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_3_defconfig}
367 367 ;;
368 368 3P)
369 369 DTB_FILE=${DTB_FILE:=bcm2710-rpi-3-b.dtb}
370 370 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_3_defconfig}
371 371 ;;
372 372 4)
373 373 DTB_FILE=${DTB_FILE:=bcm2711-rpi-4-b.dtb}
374 374 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_4_defconfig}
375 375 ;;
376 376 *)
377 377 echo "error: Raspberry Pi model $RPI_MODEL is not supported!"
378 378 exit 1
379 379 ;;
380 380 esac
381 381
382 382 # Raspberry PI 0,3,3P with Bluetooth and Wifi onboard
383 383 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] || [ "$RPI_MODEL" = 4 ] ; then
384 384 ## Include bluetooth packages on supported boards
385 385 if [ "$ENABLE_BLUETOOTH" = true ] ; then
386 386 APT_INCLUDES="${APT_INCLUDES},bluetooth,bluez"
387 387 fi
388 388 if [ "$ENABLE_WIRELESS" = true ] ; then
389 389 APT_INCLUDES="${APT_INCLUDES},wireless-tools,crda,wireless-regdb,wpasupplicant"
390 390 fi
391 391 # Raspberry PI 1,1P,2 without Wifi and bluetooth onboard
392 392 else
393 393 ## Check if the internal wireless interface is not supported by the RPi model
394 394 if [ "$ENABLE_WIRELESS" = true ] || [ "$ENABLE_BLUETOOTH" = true ]; then
395 395 echo "error: The selected Raspberry Pi model has no integrated interface for wireless or bluetooth"
396 396 exit 1
397 397 fi
398 398 fi
399 399
400 400 if [ "$BUILD_KERNEL" = false ] && [ "$ENABLE_NEXMON" = true ]; then
401 401 echo "error: You have to compile kernel sources, if you want to enable nexmon"
402 402 exit 1
403 403 fi
404 404
405 405 # Prepare date string for default image file name
406 406 DATE="$(date +%Y-%m-%d)"
407 407 if [ -z "$KERNEL_BRANCH" ] ; then
408 408 IMAGE_NAME=${IMAGE_NAME:=${BASEDIR}/${DATE}-${KERNEL_ARCH}-CURRENT-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}}
409 409 else
410 410 IMAGE_NAME=${IMAGE_NAME:=${BASEDIR}/${DATE}-${KERNEL_ARCH}-${KERNEL_BRANCH}-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}}
411 411 fi
412 412
413 413 # Check if DISABLE_UNDERVOLT_WARNINGS parameter value is supported
414 414 if [ -n "$DISABLE_UNDERVOLT_WARNINGS" ] ; then
415 415 if [ "$DISABLE_UNDERVOLT_WARNINGS" != 1 ] && [ "$DISABLE_UNDERVOLT_WARNINGS" != 2 ] ; then
416 416 echo "error: DISABLE_UNDERVOLT_WARNINGS=${DISABLE_UNDERVOLT_WARNINGS} is not supported"
417 417 exit 1
418 418 fi
419 419 fi
420 420
421 421 # Add cmake to compile videocore sources
422 422 if [ "$ENABLE_VIDEOCORE" = true ] ; then
423 423 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} cmake"
424 424 fi
425 425
426 426 # Add deps for nexmon
427 427 if [ "$ENABLE_NEXMON" = true ] ; then
428 428 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} libgmp3-dev gawk qpdf make autoconf automake build-essential libtool"
429 429 fi
430 430
431 431 # Add libncurses5 to enable kernel menuconfig
432 432 if [ "$KERNEL_MENUCONFIG" = true ] ; then
433 433 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} libncurses-dev"
434 434 fi
435 435
436 436 # Add ccache compiler cache for (faster) kernel cross (re)compilation
437 437 if [ "$KERNEL_CCACHE" = true ] ; then
438 438 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} ccache"
439 439 fi
440 440
441 441 # Add cryptsetup package to enable filesystem encryption
442 442 if [ "$ENABLE_CRYPTFS" = true ] && [ "$BUILD_KERNEL" = true ] ; then
443 443 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} cryptsetup"
444 444 APT_INCLUDES="${APT_INCLUDES},cryptsetup,busybox,console-setup,cryptsetup-initramfs"
445 445
446 446 ## If cryptfs,dropbear and initramfs are enabled include dropbear-initramfs package
447 447 if [ "$CRYPTFS_DROPBEAR" = true ] && [ "$ENABLE_INITRAMFS" = true ]; then
448 448 APT_INCLUDES="${APT_INCLUDES},dropbear-initramfs"
449 449 fi
450 450
451 451 if [ -z "$CRYPTFS_PASSWORD" ] ; then
452 452 echo "error: no password defined (CRYPTFS_PASSWORD)!"
453 453 exit 1
454 454 fi
455 455 ENABLE_INITRAMFS=true
456 456 fi
457 457
458 458 # Add initramfs generation tools
459 459 if [ "$ENABLE_INITRAMFS" = true ] && [ "$BUILD_KERNEL" = true ] ; then
460 460 APT_INCLUDES="${APT_INCLUDES},initramfs-tools"
461 461 fi
462 462
463 463 # Add device-tree-compiler required for building the U-Boot bootloader
464 464 if [ "$ENABLE_UBOOT" = true ] ; then
465 465 APT_INCLUDES="${APT_INCLUDES},device-tree-compiler,bc"
466 466 fi
467 467
468 468 if [ "$ENABLE_USBBOOT" = true ] ; then
469 469 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 1P ] || [ "$RPI_MODEL" = 1 ] || [ "$RPI_MODEL" = 2 ]; then
470 470 echo "error: Booting from USB alone is only supported by Raspberry Pi 3 and 3P"
471 471 exit 1
472 472 fi
473 473 fi
474 474
475 475 # Check if root SSH (v2) public key file exists
476 476 if [ -n "$SSH_ROOT_PUB_KEY" ] ; then
477 477 if [ ! -f "$SSH_ROOT_PUB_KEY" ] ; then
478 478 echo "error: '$SSH_ROOT_PUB_KEY' specified SSH public key file not found (SSH_ROOT_PUB_KEY)!"
479 479 exit 1
480 480 fi
481 481 fi
482 482
483 483 # Check if $USER_NAME SSH (v2) public key file exists
484 484 if [ -n "$SSH_USER_PUB_KEY" ] ; then
485 485 if [ ! -f "$SSH_USER_PUB_KEY" ] ; then
486 486 echo "error: '$SSH_USER_PUB_KEY' specified SSH public key file not found (SSH_USER_PUB_KEY)!"
487 487 exit 1
488 488 fi
489 489 fi
490 490
491 491 if [ "$ENABLE_NEXMON" = true ] && [ -n "$KERNEL_BRANCH" ] ; then
492 492 echo "error: Please unset KERNEL_BRANCH if using ENABLE_NEXMON"
493 493 exit 1
494 494 fi
495 495
496 496 # Check if all required packages are installed on the build system
497 497 for package in $REQUIRED_PACKAGES ; do
498 498 if [ "$(dpkg-query -W -f='${Status}' "$package")" != "install ok installed" ] ; then
499 499 MISSING_PACKAGES="${MISSING_PACKAGES} $package"
500 500 fi
501 501 done
502 502
503 503 # If there are missing packages ask confirmation for install, or exit
504 504 if [ -n "$MISSING_PACKAGES" ] ; then
505 505 echo "the following packages needed by this script are not installed:"
506 506 echo "$MISSING_PACKAGES"
507 507
508 508 printf "\ndo you want to install the missing packages right now? [y/n] "
509 509 read -r confirm
510 510 [ "$confirm" != "y" ] && exit 1
511 511
512 512 ## Make sure all missing required packages are installed
513 513 apt-get update && apt-get -qq -y install `echo "${MISSING_PACKAGES}" | sed "s/ //"`
514 514 fi
515 515
516 516 # Check if ./bootstrap.d directory exists
517 517 if [ ! -d "./bootstrap.d/" ] ; then
518 518 echo "error: './bootstrap.d' required directory not found!"
519 519 exit 1
520 520 fi
521 521
522 522 # Check if ./files directory exists
523 523 if [ ! -d "./files/" ] ; then
524 524 echo "error: './files' required directory not found!"
525 525 exit 1
526 526 fi
527 527
528 528 # Check if specified KERNELSRC_DIR directory exists
529 529 if [ -n "$KERNELSRC_DIR" ] && [ ! -d "$KERNELSRC_DIR" ] ; then
530 530 echo "error: '${KERNELSRC_DIR}' specified directory not found (KERNELSRC_DIR)!"
531 531 exit 1
532 532 fi
533 533
534 534 # Check if specified UBOOTSRC_DIR directory exists
535 535 if [ -n "$UBOOTSRC_DIR" ] && [ ! -d "$UBOOTSRC_DIR" ] ; then
536 536 echo "error: '${UBOOTSRC_DIR}' specified directory not found (UBOOTSRC_DIR)!"
537 537 exit 1
538 538 fi
539 539
540 540 # Check if specified VIDEOCORESRC_DIR directory exists
541 541 if [ -n "$VIDEOCORESRC_DIR" ] && [ ! -d "$VIDEOCORESRC_DIR" ] ; then
542 542 echo "error: '${VIDEOCORESRC_DIR}' specified directory not found (VIDEOCORESRC_DIR)!"
543 543 exit 1
544 544 fi
545 545
546 546 # Check if specified FBTURBOSRC_DIR directory exists
547 547 if [ -n "$FBTURBOSRC_DIR" ] && [ ! -d "$FBTURBOSRC_DIR" ] ; then
548 548 echo "error: '${FBTURBOSRC_DIR}' specified directory not found (FBTURBOSRC_DIR)!"
549 549 exit 1
550 550 fi
551 551
552 552 # Check if specified NEXMONSRC_DIR directory exists
553 553 if [ -n "$NEXMONSRC_DIR" ] && [ ! -d "$NEXMONSRC_DIR" ] ; then
554 554 echo "error: '${NEXMONSRC_DIR}' specified directory not found (NEXMONSRC_DIR)!"
555 555 exit 1
556 556 fi
557 557
558 558 # Check if specified CHROOT_SCRIPTS directory exists
559 559 if [ -n "$CHROOT_SCRIPTS" ] && [ ! -d "$CHROOT_SCRIPTS" ] ; then
560 560 echo "error: ${CHROOT_SCRIPTS} specified directory not found (CHROOT_SCRIPTS)!"
561 561 exit 1
562 562 fi
563 563
564 564 # Check if specified device mapping already exists (will be used by cryptsetup)
565 565 if [ -r "/dev/mapping/${CRYPTFS_MAPPING}" ] ; then
566 566 echo "error: mapping /dev/mapping/${CRYPTFS_MAPPING} already exists, not proceeding"
567 567 exit 1
568 568 fi
569 569
570 570 # Don't clobber an old build
571 571 if [ -e "$BUILDDIR" ] ; then
572 572 echo "error: directory ${BUILDDIR} already exists, not proceeding"
573 573 exit 1
574 574 fi
575 575
576 576 # Setup chroot directory
577 577 mkdir -p "${R}"
578 578
579 579 # Check if build directory has enough of free disk space >512MB
580 580 if [ "$(df --output=avail "${BUILDDIR}" | sed "1d")" -le "524288" ] ; then
581 581 echo "error: ${BUILDDIR} not enough space left to generate the output image!"
582 582 exit 1
583 583 fi
584 584
585 585 set -x
586 586
587 587 # Call "cleanup" function on various signals and errors
588 588 trap cleanup 0 1 2 3 6
589 589
590 590 # Add required packages for the minbase installation
591 591 if [ "$ENABLE_MINBASE" = true ] ; then
592 592 APT_INCLUDES="${APT_INCLUDES},vim-tiny,netbase,net-tools,ifupdown"
593 593 fi
594 594
595 595 # Add parted package, required to get partprobe utility
596 596 if [ "$EXPANDROOT" = true ] ; then
597 597 APT_INCLUDES="${APT_INCLUDES},parted"
598 598 fi
599 599
600 600 # Add dphys-swapfile package, required to enable swap
601 601 if [ "$ENABLE_DPHYSSWAP" = true ] ; then
602 602 APT_INCLUDES="${APT_INCLUDES},dphys-swapfile"
603 603 fi
604 604
605 605 # Add dbus package, recommended if using systemd
606 606 if [ "$ENABLE_DBUS" = true ] ; then
607 607 APT_INCLUDES="${APT_INCLUDES},dbus"
608 608 fi
609 609
610 610 # Add iptables IPv4/IPv6 package
611 611 if [ "$ENABLE_IPTABLES" = true ] ; then
612 612 APT_INCLUDES="${APT_INCLUDES},iptables,iptables-persistent"
613 613 fi
614 614 # Add apparmor for KERNEL_SECURITY
615 615 if [ "$KERNEL_SECURITY" = true ] ; then
616 616 APT_INCLUDES="${APT_INCLUDES},apparmor,apparmor-utils,apparmor-profiles,apparmor-profiles-extra,libapparmor-perl"
617 617 fi
618 618
619 619 # Add openssh server package
620 620 if [ "$SSH_ENABLE" = true ] ; then
621 621 APT_INCLUDES="${APT_INCLUDES},openssh-server"
622 622 fi
623 623
624 624 # Add alsa-utils package
625 625 if [ "$ENABLE_SOUND" = true ] ; then
626 626 APT_INCLUDES="${APT_INCLUDES},alsa-utils"
627 627 fi
628 628
629 629 # Add rng-tools package
630 630 if [ "$ENABLE_HWRANDOM" = true ] ; then
631 631 APT_INCLUDES="${APT_INCLUDES},rng-tools"
632 632 fi
633 633
634 634 # Add fbturbo video driver
635 635 if [ "$ENABLE_FBTURBO" = true ] ; then
636 636 # Enable xorg package dependencies
637 637 ENABLE_XORG=true
638 638 fi
639 639
640 640 # Add user defined window manager package
641 641 if [ -n "$ENABLE_WM" ] ; then
642 642 APT_INCLUDES="${APT_INCLUDES},${ENABLE_WM}"
643 643
644 644 # Enable xorg package dependencies
645 645 ENABLE_XORG=true
646 646 fi
647 647
648 648 # Add xorg package
649 649 if [ "$ENABLE_XORG" = true ] ; then
650 650 APT_INCLUDES="${APT_INCLUDES},xorg,dbus-x11"
651 651 fi
652 652
653 653 # Replace selected packages with smaller clones
654 654 if [ "$ENABLE_REDUCE" = true ] ; then
655 655 ## Add levee package instead of vim-tiny
656 656 if [ "$REDUCE_VIM" = true ] ; then
657 657 APT_INCLUDES="$(echo ${APT_INCLUDES} | sed "s/vim-tiny/levee/")"
658 658 fi
659 659
660 660 ## Add dropbear package instead of openssh-server
661 661 if [ "$REDUCE_SSHD" = true ] ; then
662 662 APT_INCLUDES="$(echo "${APT_INCLUDES}" | sed "s/openssh-server/dropbear/")"
663 663 fi
664 664 fi
665 665
666 666 # Configure systemd-sysv exclude to make halt/reboot/shutdown scripts available
667 667 if [ "$ENABLE_SYSVINIT" = false ] ; then
668 668 APT_EXCLUDES="--exclude=${APT_EXCLUDES},init,systemd-sysv"
669 669 fi
670 670
671 671 # Configure kernel sources if no KERNELSRC_DIR
672 672 if [ "$BUILD_KERNEL" = true ] && [ -z "$KERNELSRC_DIR" ] ; then
673 673 KERNELSRC_CONFIG=true
674 674 fi
675 675
676 676 # Configure reduced kernel
677 677 if [ "$KERNEL_REDUCE" = true ] ; then
678 678 KERNELSRC_CONFIG=false
679 679 fi
680 680
681 681 # Configure qemu compatible kernel
682 682 if [ "$ENABLE_QEMU" = true ] ; then
683 683 DTB_FILE=vexpress-v2p-ca15_a7.dtb
684 684 UBOOT_CONFIG=vexpress_ca15_tc2_defconfig
685 685 KERNEL_DEFCONFIG="vexpress_defconfig"
686 686 if [ "$KERNEL_MENUCONFIG" = false ] ; then
687 687 KERNEL_OLDDEFCONFIG=true
688 688 fi
689 689 fi
690 690
691 691 # Execute bootstrap scripts
692 692 for SCRIPT in bootstrap.d/*.sh; do
693 693 head -n 3 "$SCRIPT"
694 694 . "$SCRIPT"
695 695 done
696 696
697 697 ## Execute custom bootstrap scripts
698 698 if [ -d "custom.d" ] ; then
699 699 for SCRIPT in custom.d/*.sh; do
700 700 . "$SCRIPT"
701 701 done
702 702 fi
703 703
704 704 # Execute custom scripts inside the chroot
705 705 if [ -n "$CHROOT_SCRIPTS" ] && [ -d "$CHROOT_SCRIPTS" ] ; then
706 706 cp -r "${CHROOT_SCRIPTS}" "${R}/chroot_scripts"
707 707 chroot_exec /bin/bash -x << EOF
708 708 for SCRIPT in /chroot_scripts/* ; do
709 709 if [ -f $SCRIPT -a -x $SCRIPT ] ; then
710 710 $SCRIPT
711 711 fi
712 712 done
713 713 EOF
714 714 rm -rf "${R}/chroot_scripts"
715 715 fi
716 716
717 717 # Remove c/c++ build environment from the chroot
718 718 chroot_remove_cc
719 719
720 720 # Generate required machine-id
721 721 MACHINE_ID=$(dbus-uuidgen)
722 722 echo -n "${MACHINE_ID}" > "${R}/var/lib/dbus/machine-id"
723 723 echo -n "${MACHINE_ID}" > "${ETC_DIR}/machine-id"
724 724
725 725 # APT Cleanup
726 726 chroot_exec apt-get -y clean
727 727 chroot_exec apt-get -y autoclean
728 728 chroot_exec apt-get -y autoremove
729 729
730 730 # Unmount mounted filesystems
731 731 umount -l "${R}/proc"
732 732 umount -l "${R}/sys"
733 733
734 734 # Clean up directories
735 735 rm -rf "${R}/run/*"
736 736 rm -rf "${R}/tmp/*"
737 737
738 738 # Clean up APT proxy settings
739 739 if [ "$KEEP_APT_PROXY" = false ] ; then
740 740 rm -f "${ETC_DIR}/apt/apt.conf.d/10proxy"
741 741 fi
742 742
743 743 # Clean up files
744 744 rm -f "${ETC_DIR}/ssh/ssh_host_*"
745 745 rm -f "${ETC_DIR}/dropbear/dropbear_*"
746 746 rm -f "${ETC_DIR}/apt/sources.list.save"
747 747 rm -f "${ETC_DIR}/resolvconf/resolv.conf.d/original"
748 748 rm -f "${ETC_DIR}/*-"
749 749 rm -f "${ETC_DIR}/resolv.conf"
750 750 rm -f "${R}/root/.bash_history"
751 751 rm -f "${R}/var/lib/urandom/random-seed"
752 752 rm -f "${R}/initrd.img"
753 753 rm -f "${R}/vmlinuz"
754 754 rm -f "${R}${QEMU_BINARY}"
755 755
756 756 if [ "$ENABLE_QEMU" = true ] ; then
757 757 # Setup QEMU directory
758 758 mkdir "${BASEDIR}/qemu"
759 759
760 760 # Copy kernel image to QEMU directory
761 761 install_readonly "${BOOT_DIR}/${KERNEL_IMAGE}" "${BASEDIR}/qemu/${KERNEL_IMAGE}"
762 762
763 763 # Copy kernel config to QEMU directory
764 764 install_readonly "${R}/boot/config-${KERNEL_VERSION}" "${BASEDIR}/qemu/config-${KERNEL_VERSION}"
765 765
766 766 # Copy kernel dtbs to QEMU directory
767 767 for dtb in "${BOOT_DIR}/"*.dtb ; do
768 768 if [ -f "${dtb}" ] ; then
769 769 install_readonly "${dtb}" "${BASEDIR}/qemu/"
770 770 fi
771 771 done
772 772
773 773 # Copy kernel overlays to QEMU directory
774 774 if [ -d "${BOOT_DIR}/overlays" ] ; then
775 775 # Setup overlays dtbs directory
776 776 mkdir "${BASEDIR}/qemu/overlays"
777 777
778 778 for dtb in "${BOOT_DIR}/overlays/"*.dtbo ; do
779 779 if [ -f "${dtb}" ] ; then
780 780 install_readonly "${dtb}" "${BASEDIR}/qemu/overlays/"
781 781 fi
782 782 done
783 783 fi
784 784
785 785 # Copy u-boot files to QEMU directory
786 786 if [ "$ENABLE_UBOOT" = true ] ; then
787 787 if [ -f "${BOOT_DIR}/u-boot.bin" ] ; then
788 788 install_readonly "${BOOT_DIR}/u-boot.bin" "${BASEDIR}/qemu/u-boot.bin"
789 789 fi
790 790 if [ -f "${BOOT_DIR}/uboot.mkimage" ] ; then
791 791 install_readonly "${BOOT_DIR}/uboot.mkimage" "${BASEDIR}/qemu/uboot.mkimage"
792 792 fi
793 793 if [ -f "${BOOT_DIR}/boot.scr" ] ; then
794 794 install_readonly "${BOOT_DIR}/boot.scr" "${BASEDIR}/qemu/boot.scr"
795 795 fi
796 796 fi
797 797
798 798 # Copy initramfs to QEMU directory
799 799 if [ -f "${BOOT_DIR}/initramfs-${KERNEL_VERSION}" ] ; then
800 800 install_readonly "${BOOT_DIR}/initramfs-${KERNEL_VERSION}" "${BASEDIR}/qemu/initramfs-${KERNEL_VERSION}"
801 801 fi
802 802 fi
803 803
804 804 # Calculate size of the chroot directory in KB
805 805 CHROOT_SIZE=$(expr "$(du -s "${R}" | awk '{ print $1 }')")
806 806
807 807 # Calculate the amount of needed 512 Byte sectors
808 808 TABLE_SECTORS=$(expr 1 \* 1024 \* 1024 \/ 512)
809 809 FRMW_SECTORS=$(expr 64 \* 1024 \* 1024 \/ 512)
810 810 ROOT_OFFSET=$(expr "${TABLE_SECTORS}" + "${FRMW_SECTORS}")
811 811
812 812 # The root partition is EXT4
813 813 # This means more space than the actual used space of the chroot is used.
814 814 # As overhead for journaling and reserved blocks 35% are added.
815 815 ROOT_SECTORS=$(expr "$(expr "${CHROOT_SIZE}" + "${CHROOT_SIZE}" \/ 100 \* 35)" \* 1024 \/ 512)
816 816
817 817 # Calculate required image size in 512 Byte sectors
818 818 IMAGE_SECTORS=$(expr "${TABLE_SECTORS}" + "${FRMW_SECTORS}" + "${ROOT_SECTORS}")
819 819
820 820 # Prepare image file
821 821 if [ "$ENABLE_SPLITFS" = true ] ; then
822 822 dd if=/dev/zero of="$IMAGE_NAME-frmw.img" bs=512 count="${TABLE_SECTORS}"
823 823 dd if=/dev/zero of="$IMAGE_NAME-frmw.img" bs=512 count=0 seek="${FRMW_SECTORS}"
824 824 dd if=/dev/zero of="$IMAGE_NAME-root.img" bs=512 count="${TABLE_SECTORS}"
825 825 dd if=/dev/zero of="$IMAGE_NAME-root.img" bs=512 count=0 seek="${ROOT_SECTORS}"
826 826
827 827 # Write firmware/boot partition tables
828 828 sfdisk -q -L -uS -f "$IMAGE_NAME-frmw.img" 2> /dev/null << EOM
829 829 ${TABLE_SECTORS},${FRMW_SECTORS},c,*
830 830 EOM
831 831
832 832 # Write root partition table
833 833 sfdisk -q -L -uS -f "$IMAGE_NAME-root.img" 2> /dev/null << EOM
834 834 ${TABLE_SECTORS},${ROOT_SECTORS},83
835 835 EOM
836 836
837 837 # Setup temporary loop devices
838 838 FRMW_LOOP="$(losetup -o 1M --sizelimit 64M -f --show "$IMAGE_NAME"-frmw.img)"
839 839 ROOT_LOOP="$(losetup -o 1M -f --show "$IMAGE_NAME"-root.img)"
840 840 else # ENABLE_SPLITFS=false
841 841 dd if=/dev/zero of="$IMAGE_NAME.img" bs=512 count="${TABLE_SECTORS}"
842 842 dd if=/dev/zero of="$IMAGE_NAME.img" bs=512 count=0 seek="${IMAGE_SECTORS}"
843 843
844 844 # Write partition table
845 845 sfdisk -q -L -uS -f "$IMAGE_NAME.img" 2> /dev/null << EOM
846 846 ${TABLE_SECTORS},${FRMW_SECTORS},c,*
847 847 ${ROOT_OFFSET},${ROOT_SECTORS},83
848 848 EOM
849 849
850 850 # Setup temporary loop devices
851 851 FRMW_LOOP="$(losetup -o 1M --sizelimit 64M -f --show "$IMAGE_NAME".img)"
852 852 ROOT_LOOP="$(losetup -o 65M -f --show "$IMAGE_NAME".img)"
853 853 fi
854 854
855 855 if [ "$ENABLE_CRYPTFS" = true ] ; then
856 856 # Create dummy ext4 fs
857 857 mkfs.ext4 "$ROOT_LOOP"
858 858
859 859 # Setup password keyfile
860 860 touch .password
861 861 chmod 600 .password
862 862 echo -n ${CRYPTFS_PASSWORD} > .password
863 863
864 864 # Initialize encrypted partition
865 865 cryptsetup --verbose --debug -q luksFormat "${ROOT_LOOP}" -c "${CRYPTFS_CIPHER}" -h "${CRYPTFS_HASH}" -s "${CRYPTFS_XTSKEYSIZE}" .password
866 866
867 867 # Open encrypted partition and setup mapping
868 868 cryptsetup luksOpen "${ROOT_LOOP}" -d .password "${CRYPTFS_MAPPING}"
869 869
870 870 # Secure delete password keyfile
871 871 shred -zu .password
872 872
873 873 # Update temporary loop device
874 874 ROOT_LOOP="/dev/mapper/${CRYPTFS_MAPPING}"
875 875
876 876 # Wipe encrypted partition (encryption cipher is used for randomness)
877 877 dd if=/dev/zero of="${ROOT_LOOP}" bs=512 count="$(blockdev --getsz "${ROOT_LOOP}")"
878 878 fi
879 879
880 880 # Build filesystems
881 881 mkfs.vfat "$FRMW_LOOP"
882 882 mkfs.ext4 "$ROOT_LOOP"
883 883
884 884 # Mount the temporary loop devices
885 885 mkdir -p "$BUILDDIR/mount"
886 886 mount "$ROOT_LOOP" "$BUILDDIR/mount"
887 887
888 888 mkdir -p "$BUILDDIR/mount/boot/firmware"
889 889 mount "$FRMW_LOOP" "$BUILDDIR/mount/boot/firmware"
890 890
891 891 # Copy all files from the chroot to the loop device mount point directory
892 892 rsync -a "${R}/" "$BUILDDIR/mount/"
893 893
894 894 # Unmount all temporary loop devices and mount points
895 895 cleanup
896 896
897 897 # Create block map file(s) of image(s)
898 898 if [ "$ENABLE_SPLITFS" = true ] ; then
899 899 # Create block map files for "bmaptool"
900 900 bmaptool create -o "$IMAGE_NAME-frmw.bmap" "$IMAGE_NAME-frmw.img"
901 901 bmaptool create -o "$IMAGE_NAME-root.bmap" "$IMAGE_NAME-root.img"
902 902
903 903 # Image was successfully created
904 904 echo "$IMAGE_NAME-frmw.img ($(expr \( "${TABLE_SECTORS}" + "${FRMW_SECTORS}" \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
905 905 echo "$IMAGE_NAME-root.img ($(expr \( "${TABLE_SECTORS}" + "${ROOT_SECTORS}" \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
906 906 else
907 907 # Create block map file for "bmaptool"
908 908 bmaptool create -o "$IMAGE_NAME.bmap" "$IMAGE_NAME.img"
909 909
910 910 # Image was successfully created
911 911 echo "$IMAGE_NAME.img ($(expr \( "${TABLE_SECTORS}" + "${FRMW_SECTORS}" + "${ROOT_SECTORS}" \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
912 912
913 913 # Create qemu qcow2 image
914 914 if [ "$ENABLE_QEMU" = true ] ; then
915 915 QEMU_IMAGE=${QEMU_IMAGE:=${BASEDIR}/qemu/${DATE}-${KERNEL_ARCH}-CURRENT-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}}
916 916 QEMU_SIZE=16G
917 917
918 918 qemu-img convert -f raw -O qcow2 "$IMAGE_NAME".img "$QEMU_IMAGE".qcow2
919 919 qemu-img resize "$QEMU_IMAGE".qcow2 $QEMU_SIZE
920 920
921 921 echo "$QEMU_IMAGE.qcow2 ($QEMU_SIZE)" ": successfully created"
922 922 fi
923 923 fi
General Comments 0
Vous devez vous connecter pour laisser un commentaire. Se connecter maintenant