##// END OF EJS Templates
Bluetooth and serial...
Unknown -
r451:7dc74afc7302
parent child
Show More
@@ -1,492 +1,501
1 1 # rpi23-gen-image
2 2 ## Introduction
3 3 `rpi23-gen-image.sh` is an advanced Debian Linux bootstrapping shell script for generating Debian OS images for Raspberry Pi 2 (RPi2) and Raspberry Pi 3 (RPi3) computers. The script at this time supports the bootstrapping of the Debian (armhf) releases `stretch` and `buster`. Raspberry Pi 3 images are generated for 32-bit mode only. Raspberry Pi 3 64-bit images can be generated using custom configuration parameters (```templates/rpi3-stretch-arm64-4.14.y```).
4 4
5 5 ## Build dependencies
6 6 The following list of Debian packages must be installed on the build system because they are essentially required for the bootstrapping process. The script will check if all required packages are installed and missing packages will be installed automatically if confirmed by the user.
7 7
8 8 ```debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git bc psmisc dbus sudo```
9 9
10 10 It is recommended to configure the `rpi23-gen-image.sh` script to build and install the latest Raspberry Pi Linux kernel. For the RPi3 this is mandatory. Kernel compilation and linking will be performed on the build system using an ARM (armhf) cross-compiler toolchain.
11 11
12 12 The script has been tested using the default `crossbuild-essential-armhf` toolchain meta package on Debian Linux `stretch` build systems. Please check the [Debian CrossToolchains Wiki](https://wiki.debian.org/CrossToolchains) for further information.
13 13
14 14 ## Command-line parameters
15 15 The script accepts certain command-line parameters to enable or disable specific OS features, services and configuration settings. These parameters are passed to the `rpi23-gen-image.sh` script via (simple) shell-variables. Unlike environment shell-variables (simple) shell-variables are defined at the beginning of the command-line call of the `rpi23-gen-image.sh` script.
16 16
17 17 ##### Command-line examples:
18 18 ```shell
19 19 ENABLE_UBOOT=true ./rpi23-gen-image.sh
20 20 ENABLE_CONSOLE=false ENABLE_IPV6=false ./rpi23-gen-image.sh
21 21 ENABLE_WM=xfce4 ENABLE_FBTURBO=true ENABLE_MINBASE=true ./rpi23-gen-image.sh
22 22 ENABLE_HARDNET=true ENABLE_IPTABLES=true /rpi23-gen-image.sh
23 23 APT_SERVER=ftp.de.debian.org APT_PROXY="http://127.0.0.1:3142/" ./rpi23-gen-image.sh
24 24 ENABLE_MINBASE=true ./rpi23-gen-image.sh
25 25 BUILD_KERNEL=true ENABLE_MINBASE=true ENABLE_IPV6=false ./rpi23-gen-image.sh
26 26 BUILD_KERNEL=true KERNELSRC_DIR=/tmp/linux ./rpi23-gen-image.sh
27 27 ENABLE_MINBASE=true ENABLE_REDUCE=true ENABLE_MINGPU=true BUILD_KERNEL=true ./rpi23-gen-image.sh
28 28 ENABLE_CRYPTFS=true CRYPTFS_PASSWORD=changeme EXPANDROOT=false ENABLE_MINBASE=true ENABLE_REDUCE=true ENABLE_MINGPU=true BUILD_KERNEL=true ./rpi23-gen-image.sh
29 29 RELEASE=stretch BUILD_KERNEL=true ./rpi23-gen-image.sh
30 30 RPI_MODEL=3 ENABLE_WIRELESS=true ENABLE_MINBASE=true BUILD_KERNEL=true ./rpi23-gen-image.sh
31 31 RELEASE=stretch RPI_MODEL=3 ENABLE_WIRELESS=true ENABLE_MINBASE=true BUILD_KERNEL=true ./rpi23-gen-image.sh
32 32 ```
33 33
34 34 ## Configuration template files
35 35 To avoid long lists of command-line parameters and to help to store the favourite parameter configurations the `rpi23-gen-image.sh` script supports so called configuration template files (`CONFIG_TEMPLATE`=template). These are simple text files located in the `./templates` directory that contain the list of configuration parameters that will be used. New configuration template files can be added to the `./templates` directory.
36 36
37 37 ##### Command-line examples:
38 38 ```shell
39 39 CONFIG_TEMPLATE=rpi3stretch ./rpi23-gen-image.sh
40 40 CONFIG_TEMPLATE=rpi2stretch ./rpi23-gen-image.sh
41 41 ```
42 42
43 43 ## Supported parameters and settings
44 44 #### APT settings:
45 45 ##### `APT_SERVER`="ftp.debian.org"
46 46 Set Debian packages server address. Choose a server from the list of Debian worldwide [mirror sites](https://www.debian.org/mirror/list). Using a nearby server will probably speed-up all required downloads within the bootstrapping process.
47 47
48 48 ##### `APT_PROXY`=""
49 49 Set Proxy server address. Using a local Proxy-Cache like `apt-cacher-ng` will speed-up the bootstrapping process because all required Debian packages will only be downloaded from the Debian mirror site once. If `apt-cacher-ng` is running on default `http://127.0.0.1:3142` it is autodetected and you don't need to set this.
50 50
51 51 ##### `APT_INCLUDES`=""
52 52 A comma separated list of additional packages to be installed by debootstrap during bootstrapping.
53 53
54 54 ##### `APT_INCLUDES_LATE`=""
55 55 A comma separated list of additional packages to be installed by apt after bootstrapping and after APT sources are set up. This is useful for packages with pre-depends, which debootstrap do not handle well.
56 56
57 57 ---
58 58
59 59 #### General system settings:
60 60 ##### `SET_ARCH`=32
61 61 Set Architecture to default 32bit. If you want to to compile 64bit (RPI3 or RPI3+) set it to `64`. This option will set every needed crosscompiler or boeard specific option for a successful build.
62 62 If you want to change e.g. cross-compiler -> Templates always override defaults
63 63
64 64 ##### `RPI_MODEL`=2
65 65 Specifiy the target Raspberry Pi hardware model. The script at this time supports the following Raspberry Pi models:
66 `0` = Used for Raspberry Pi 0 and Raspberry Pi 0 W
67 `1` = Used for Pi 1 model A and B
68 `1P` = Used for Pi 1 model B+ and A+
69 `2` = Used for Pi 2 model B
70 `3` = Used for Pi 3 model B
71 `3P` = Used for Pi 3 model B+
72 `BUILD_KERNEL`=true will automatically be set if the Raspberry Pi model `3` or `3P` is used.
66 - `0` = Used for Raspberry Pi 0 and Raspberry Pi 0 W
67 - `1` = Used for Pi 1 model A and B
68 - `1P` = Used for Pi 1 model B+ and A+
69 - `2` = Used for Pi 2 model B
70 - `3` = Used for Pi 3 model B
71 - `3P` = Used for Pi 3 model B+
72 - `BUILD_KERNEL`=true will automatically be set if the Raspberry Pi model `3` or `3P` is used.
73 73
74 74 ##### `RELEASE`="buster"
75 75 Set the desired Debian release name. The script at this time supports the bootstrapping of the Debian releases `stretch` and `buster`.
76 76
77 77 ##### `RELEASE_ARCH`="armhf"
78 78 Set the desired Debian release architecture.
79 79
80 80 ##### `HOSTNAME`="rpi$RPI_MODEL-$RELEASE"
81 81 Set system host name. It's recommended that the host name is unique in the corresponding subnet.
82 82
83 83 ##### `PASSWORD`="raspberry"
84 84 Set system `root` password. It's **STRONGLY** recommended that you choose a custom password.
85 85
86 86 ##### `USER_PASSWORD`="raspberry"
87 87 Set password for the created non-root user `USER_NAME`=pi. Ignored if `ENABLE_USER`=false. It's **STRONGLY** recommended that you choose a custom password.
88 88
89 89 ##### `DEFLOCAL`="en_US.UTF-8"
90 90 Set default system locale. This setting can also be changed inside the running OS using the `dpkg-reconfigure locales` command. Please note that on using this parameter the script will automatically install the required packages `locales`, `keyboard-configuration` and `console-setup`.
91 91
92 92 ##### `TIMEZONE`="Europe/Berlin"
93 93 Set default system timezone. All available timezones can be found in the `/usr/share/zoneinfo/` directory. This setting can also be changed inside the running OS using the `dpkg-reconfigure tzdata` command.
94 94
95 95 ##### `EXPANDROOT`=true
96 96 Expand the root partition and filesystem automatically on first boot.
97 97
98 98 ##### `ENABLE_QEMU`=false
99 99 Generate kernel (`vexpress_defconfig`), file system image (`qcow2`) and DTB files that can be used for QEMU full system emulation (`vexpress-A15`). The output files are stored in the `$(pwd)/images/qemu` directory. You can find more information about running the generated image in the QEMU section of this readme file.
100 100
101 101 ---
102 102
103 103 #### Keyboard settings:
104 104 These options are used to configure keyboard layout in `/etc/default/keyboard` for console and Xorg. These settings can also be changed inside the running OS using the `dpkg-reconfigure keyboard-configuration` command.
105 105
106 106 ##### `XKB_MODEL`=""
107 107 Set the name of the model of your keyboard type.
108 108
109 109 ##### `XKB_LAYOUT`=""
110 110 Set the supported keyboard layout(s).
111 111
112 112 ##### `XKB_VARIANT`=""
113 113 Set the supported variant(s) of the keyboard layout(s).
114 114
115 115 ##### `XKB_OPTIONS`=""
116 116 Set extra xkb configuration options.
117 117
118 118 ---
119 119
120 120 #### Networking settings (DHCP):
121 121 This parameter is used to set up networking auto configuration in `/etc/systemd/network/eth.network`. The default location of network configuration files in the Debian `stretch` release was changed to `/lib/systemd/network`.`
122 122
123 123 ##### `ENABLE_DHCP`=true
124 124 Set the system to use DHCP. This requires an DHCP server.
125 125
126 126 ---
127 127
128 128 #### Networking settings (static):
129 129 These parameters are used to set up a static networking configuration in `/etc/systemd/network/eth.network`. The following static networking parameters are only supported if `ENABLE_DHCP` was set to `false`. The default location of network configuration files in the Debian `stretch` release was changed to `/lib/systemd/network`.
130 130
131 131 ##### `NET_ADDRESS`=""
132 132 Set a static IPv4 or IPv6 address and its prefix, separated by "/", eg. "192.169.0.3/24".
133 133
134 134 ##### `NET_GATEWAY`=""
135 135 Set the IP address for the default gateway.
136 136
137 137 ##### `NET_DNS_1`=""
138 138 Set the IP address for the first DNS server.
139 139
140 140 ##### `NET_DNS_2`=""
141 141 Set the IP address for the second DNS server.
142 142
143 143 ##### `NET_DNS_DOMAINS`=""
144 144 Set the default DNS search domains to use for non fully qualified host names.
145 145
146 146 ##### `NET_NTP_1`=""
147 147 Set the IP address for the first NTP server.
148 148
149 149 ##### `NET_NTP_2`=""
150 150 Set the IP address for the second NTP server.
151 151
152 152 ---
153 153
154 154 #### Basic system features:
155 155 ##### `ENABLE_CONSOLE`=true
156 Enable serial console interface. Recommended if no monitor or keyboard is connected to the RPi2/3. In case of problems fe. if the network (auto) configuration failed - the serial console can be used to access the system.
156 Enable serial console interface. Recommended if no monitor or keyboard is connected to the RPi2/3. In case of problems fe. if the network (auto) configuration failed - the serial console can be used to access the system. On RPI `0` `3` `3P` the CPU speed is locked at lowest speed.
157
158 ##### `ENABLE_PRINTK`=false
159 Enables printing kernel messages to konsole. printk is `3 4 1 3` as in raspbian.
160
161 ##### `ENABLE_BLUETOOTH`=false
162 Enable onboard Bluetooth interface on the RPi0/3/3P. See: https://spellfoundry.com/2016/05/29/configuring-gpio-serial-port-raspbian-jessie-including-pi-3/
163
164 ##### `ENABLE_MINIUART_OVERLAY`=false
165 Enable Bluetooth to use this. Adds overlay to swap UART0 with UART1. Enabling (slower) Bluetooth and full speed serial console. - RPI `0` `3` `3P` have a fast `hardware UART0` (ttyAMA0) and a `mini UART1` (ttyS0)! RPI `1` `1P` `2` only have a `hardware UART0`. `UART0` is considered better, because is faster and more stable than `mini UART1`. By default the Bluetooth modem is mapped to the `hardware UART0` and `mini UART` is used for console. The `mini UART` is a problem for the serial console, because its baudrate depends on the cpu frequency, which is changing on runtime. Resulting in a volatile baudrate and thus in an unusable serial console.
166
167 ##### `ENABLE_TURBO`=false
168 Enable Turbo mode. This setting locks cpu at highest frequency. As setting ENABLE_CONSOLE=true locks RPI to lowest CPU speed, this is can be used additionally to lock cpu hat max speed. Need a good power supply and probably cooling for the Raspberry PI.
157 169
158 170 ##### `ENABLE_I2C`=false
159 171 Enable I2C interface on the RPi2/3. Please check the [RPi2/3 pinout diagrams](https://elinux.org/RPi_Low-level_peripherals) to connect the right GPIO pins.
160 172
161 173 ##### `ENABLE_SPI`=false
162 174 Enable SPI interface on the RPi2/3. Please check the [RPi2/3 pinout diagrams](https://elinux.org/RPi_Low-level_peripherals) to connect the right GPIO pins.
163 175
164 176 ##### `ENABLE_IPV6`=true
165 177 Enable IPv6 support. The network interface configuration is managed via systemd-networkd.
166 178
167 179 ##### `ENABLE_SSHD`=true
168 180 Install and enable OpenSSH service. The default configuration of the service doesn't allow `root` to login. Please use the user `pi` instead and `su -` or `sudo` to execute commands as root.
169 181
170 182 ##### `ENABLE_NONFREE`=false
171 183 Allow the installation of non-free Debian packages that do not comply with the DFSG. This is required to install closed-source firmware binary blobs.
172 184
173 185 ##### `ENABLE_WIRELESS`=false
174 186 Download and install the [closed-source firmware binary blob](https://github.com/RPi-Distro/firmware-nonfree/raw/master/brcm) that is required to run the internal wireless interface of the Raspberry Pi model `3`. This parameter is ignored if the specified `RPI_MODEL` is not `3`.
175 187
176 ##### `ENABLE_BLUETOOTH`=false
177 Enable Bluetooth interface on the RPi0/3.
178
179 188 ##### `ENABLE_RSYSLOG`=true
180 189 If set to false, disable and uninstall rsyslog (so logs will be available only in journal files)
181 190
182 191 ##### `ENABLE_SOUND`=true
183 192 Enable sound hardware and install Advanced Linux Sound Architecture.
184 193
185 194 ##### `ENABLE_HWRANDOM`=true
186 195 Enable Hardware Random Number Generator. Strong random numbers are important for most network based communications that use encryption. It's recommended to be enabled.
187 196
188 197 ##### `ENABLE_MINGPU`=false
189 198 Minimize the amount of shared memory reserved for the GPU. It doesn't seem to be possible to fully disable the GPU.
190 199
191 200 ##### `ENABLE_DBUS`=true
192 201 Install and enable D-Bus message bus. Please note that systemd should work without D-bus but it's recommended to be enabled.
193 202
194 203 ##### `ENABLE_XORG`=false
195 204 Install Xorg open-source X Window System.
196 205
197 206 ##### `ENABLE_WM`=""
198 207 Install a user defined window manager for the X Window System. To make sure all X related package dependencies are getting installed `ENABLE_XORG` will automatically get enabled if `ENABLE_WM` is used. The `rpi23-gen-image.sh` script has been tested with the following list of window managers: `blackbox`, `openbox`, `fluxbox`, `jwm`, `dwm`, `xfce4`, `awesome`.
199 208
200 209 ##### `ENABLE_SYSVINIT`=false
201 210 Support for halt,init,poweroff,reboot,runlevel,shutdown,telinit commands
202 211
203 212 ---
204 213
205 214 #### Advanced system features:
206 215 ##### `ENABLE_MINBASE`=false
207 216 Use debootstrap script variant `minbase` which only includes essential packages and apt. This will reduce the disk usage by about 65 MB.
208 217
209 218 ##### `ENABLE_REDUCE`=false
210 219 Reduce the disk space usage by deleting packages and files. See `REDUCE_*` parameters for detailed information.
211 220
212 221 ##### `ENABLE_UBOOT`=false
213 222 Replace the default RPi2/3 second stage bootloader (bootcode.bin) with [U-Boot bootloader](https://git.denx.de/?p=u-boot.git;a=summary). U-Boot can boot images via the network using the BOOTP/TFTP protocol.
214 223
215 224 ##### `UBOOTSRC_DIR`=""
216 225 Path to a directory (`u-boot`) of [U-Boot bootloader sources](https://git.denx.de/?p=u-boot.git;a=summary) that will be copied, configured, build and installed inside the chroot.
217 226
218 227 ##### `ENABLE_FBTURBO`=false
219 228 Install and enable the [hardware accelerated Xorg video driver](https://github.com/ssvb/xf86-video-fbturbo) `fbturbo`. Please note that this driver is currently limited to hardware accelerated window moving and scrolling.
220 229
221 230 ##### `FBTURBOSRC_DIR`=""
222 231 Path to a directory (`xf86-video-fbturbo`) of [hardware accelerated Xorg video driver sources](https://github.com/ssvb/xf86-video-fbturbo) that will be copied, configured, build and installed inside the chroot.
223 232
224 233 ##### `ENABLE_VIDEOCORE`=false
225 234 Install and enable the [Source code for ARM side libraries for interfacing to Raspberry Pi GPU](https://github.com/raspberrypi/userland) `vcgencmd`. Please note that this driver is currently limited to hardware accelerated window moving and scrolling.
226 235
227 236 ##### `VIDEOCORESRC_DIR`=""
228 237 Path to a directory (`userland`) of [Source code for ARM side libraries for interfacing to Raspberry Pi GPU](https://github.com/raspberrypi/userland) that will be copied, configured, build and installed inside the chroot.
229 238
230 239 ##### `ENABLE_IPTABLES`=false
231 240 Enable iptables IPv4/IPv6 firewall. Simplified ruleset: Allow all outgoing connections. Block all incoming connections except to OpenSSH service.
232 241
233 242 ##### `ENABLE_USER`=true
234 243 Create non-root user with password `USER_PASSWORD`=raspberry. Unless overridden with `USER_NAME`=user, username will be `pi`.
235 244
236 245 ##### `USER_NAME`=pi
237 246 Non-root user to create. Ignored if `ENABLE_USER`=false
238 247
239 248 ##### `ENABLE_ROOT`=false
240 249 Set root user password so root login will be enabled
241 250
242 251 ##### `ENABLE_HARDNET`=false
243 252 Enable IPv4/IPv6 network stack hardening settings.
244 253
245 254 ##### `ENABLE_SPLITFS`=false
246 255 Enable having root partition on an USB drive by creating two image files: one for the `/boot/firmware` mount point, and another for `/`.
247 256
248 257 ##### `CHROOT_SCRIPTS`=""
249 258 Path to a directory with scripts that should be run in the chroot before the image is finally built. Every executable file in this directory is run in lexicographical order.
250 259
251 260 ##### `ENABLE_INITRAMFS`=false
252 261 Create an initramfs that that will be loaded during the Linux startup process. `ENABLE_INITRAMFS` will automatically get enabled if `ENABLE_CRYPTFS`=true. This parameter will be ignored if `BUILD_KERNEL`=false.
253 262
254 263 ##### `ENABLE_IFNAMES`=true
255 264 Enable automatic assignment of predictable, stable network interface names for all local Ethernet, WLAN interfaces. This might create complex and long interface names.
256 265
257 266 ##### `DISABLE_UNDERVOLT_WARNINGS`=
258 267 Disable RPi2/3 under-voltage warnings and overlays. Setting the parameter to `1` will disable the warning overlay. Setting it to `2` will additionally allow RPi2/3 turbo mode when low-voltage is present.
259 268
260 269 ---
261 270
262 271 #### SSH settings:
263 272 ##### `SSH_ENABLE_ROOT`=false
264 273 Enable password root login via SSH. This may be a security risk with default password, use only in trusted environments. `ENABLE_ROOT` must be set to `true`.
265 274
266 275 ##### `SSH_DISABLE_PASSWORD_AUTH`=false
267 276 Disable password based SSH authentication. Only public key based SSH (v2) authentication will be supported.
268 277
269 278 ##### `SSH_LIMIT_USERS`=false
270 279 Limit the users that are allowed to login via SSH. Only allow user `USER_NAME`=pi and root if `SSH_ENABLE_ROOT`=true to login. This parameter will be ignored if `dropbear` SSH is used (`REDUCE_SSHD`=true).
271 280
272 281 ##### `SSH_ROOT_PUB_KEY`=""
273 282 Add SSH (v2) public key(s) from specified file to `authorized_keys` file to enable public key based SSH (v2) authentication of user `root`. The specified file can also contain multiple SSH (v2) public keys. SSH protocol version 1 is not supported. `ENABLE_ROOT` **and** `SSH_ENABLE_ROOT` must be set to `true`.
274 283
275 284 ##### `SSH_USER_PUB_KEY`=""
276 285 Add SSH (v2) public key(s) from specified file to `authorized_keys` file to enable public key based SSH (v2) authentication of user `USER_NAME`=pi. The specified file can also contain multiple SSH (v2) public keys. SSH protocol version 1 is not supported.
277 286
278 287 ---
279 288
280 289 #### Kernel compilation:
281 290 ##### `BUILD_KERNEL`=true
282 291 Build and install the latest RPi2/3 Linux kernel. Currently only the default RPi2/3 kernel configuration is used.
283 292
284 293 ##### `CROSS_COMPILE`="arm-linux-gnueabihf-"
285 294 This sets the cross compile enviornment for the compiler.
286 295
287 296 ##### `KERNEL_ARCH`="arm"
288 297 This sets the kernel architecture for the compiler.
289 298
290 299 ##### `KERNEL_IMAGE`="kernel7.img"
291 300 Name of the image file in the boot partition. If not set, `KERNEL_IMAGE` will be set to "kernel8.img" automatically if building for arm64.
292 301
293 302 ##### `KERNEL_BRANCH`=""
294 303 Name of the requested branch from the GIT location for the RPi Kernel. Default is using the current default branch from the GIT site.
295 304
296 305 ##### `QEMU_BINARY`="/usr/bin/qemu-arm-static"
297 306 Sets the QEMU enviornment for the Debian archive. If not set, `QEMU_BINARY` will be set to "/usr/bin/qemu-aarch64-static" automatically if building for arm64.
298 307
299 308 ##### `KERNEL_DEFCONFIG`="bcm2709_defconfig"
300 309 Sets the default config for kernel compiling. If not set, `KERNEL_DEFCONFIG` will be set to "bcmrpi3\_defconfig" automatically if building for arm64.
301 310
302 311 ##### `KERNEL_REDUCE`=false
303 312 Reduce the size of the generated kernel by removing unwanted device, network and filesystem drivers (experimental).
304 313
305 314 ##### `KERNEL_THREADS`=1
306 315 Number of parallel kernel building threads. If the parameter is left untouched the script will automatically determine the number of CPU cores to set the number of parallel threads to speed the kernel compilation.
307 316
308 317 ##### `KERNEL_HEADERS`=true
309 318 Install kernel headers with built kernel.
310 319
311 320 ##### `KERNEL_MENUCONFIG`=false
312 321 Start `make menuconfig` interactive menu-driven kernel configuration. The script will continue after `make menuconfig` was terminated.
313 322
314 323 ##### `KERNEL_OLDDEFCONFIG`=false
315 324 Run `make olddefconfig` to automatically set all new kernel configuration options to their recommended default values.
316 325
317 326 ##### `KERNEL_CCACHE`=false
318 327 Compile the kernel using ccache. This speeds up kernel recompilation by caching previous compilations and detecting when the same compilation is being done again.
319 328
320 329 ##### `KERNEL_REMOVESRC`=true
321 330 Remove all kernel sources from the generated OS image after it was built and installed.
322 331
323 332 ##### `KERNELSRC_DIR`=""
324 333 Path to a directory (`linux`) of [RaspberryPi Linux kernel sources](https://github.com/raspberrypi/linux) that will be copied, configured, build and installed inside the chroot.
325 334
326 335 ##### `KERNELSRC_CLEAN`=false
327 336 Clean the existing kernel sources directory `KERNELSRC_DIR` (using `make mrproper`) after it was copied to the chroot and before the compilation of the kernel has started. This parameter will be ignored if no `KERNELSRC_DIR` was specified or if `KERNELSRC_PREBUILT`=true.
328 337
329 338 ##### `KERNELSRC_CONFIG`=true
330 339 Run `make bcm2709_defconfig` (and optional `make menuconfig`) to configure the kernel sources before building. This parameter is automatically set to `true` if no existing kernel sources directory was specified using `KERNELSRC_DIR`. This parameter is ignored if `KERNELSRC_PREBUILT`=true.
331 340
332 341 ##### `KERNELSRC_USRCONFIG`=""
333 342 Copy own config file to kernel `.config`. If `KERNEL_MENUCONFIG`=true then running after copy.
334 343
335 344 ##### `KERNELSRC_PREBUILT`=false
336 345 With this parameter set to true the script expects the existing kernel sources directory to be already successfully cross-compiled. The parameters `KERNELSRC_CLEAN`, `KERNELSRC_CONFIG`, `KERNELSRC_USRCONFIG` and `KERNEL_MENUCONFIG` are ignored and no kernel compilation tasks are performed.
337 346
338 347 ##### `RPI_FIRMWARE_DIR`=""
339 348 The directory (`firmware`) containing a local copy of the firmware from the [RaspberryPi firmware project](https://github.com/raspberrypi/firmware). Default is to download the latest firmware directly from the project.
340 349
341 350 ---
342 351
343 352 #### Reduce disk usage:
344 353 The following list of parameters is ignored if `ENABLE_REDUCE`=false.
345 354
346 355 ##### `REDUCE_APT`=true
347 356 Configure APT to use compressed package repository lists and no package caching files.
348 357
349 358 ##### `REDUCE_DOC`=true
350 359 Remove all doc files (harsh). Configure APT to not include doc files on future `apt-get` package installations.
351 360
352 361 ##### `REDUCE_MAN`=true
353 362 Remove all man pages and info files (harsh). Configure APT to not include man pages on future `apt-get` package installations.
354 363
355 364 ##### `REDUCE_VIM`=false
356 365 Replace `vim-tiny` package by `levee` a tiny vim clone.
357 366
358 367 ##### `REDUCE_BASH`=false
359 368 Remove `bash` package and switch to `dash` shell (experimental).
360 369
361 370 ##### `REDUCE_HWDB`=true
362 371 Remove PCI related hwdb files (experimental).
363 372
364 373 ##### `REDUCE_SSHD`=true
365 374 Replace `openssh-server` with `dropbear`.
366 375
367 376 ##### `REDUCE_LOCALE`=true
368 377 Remove all `locale` translation files.
369 378
370 379 ---
371 380
372 381 #### Encrypted root partition:
373 382 ##### `ENABLE_CRYPTFS`=false
374 383 Enable full system encryption with dm-crypt. Setup a fully LUKS encrypted root partition (aes-xts-plain64:sha512) and generate required initramfs. The /boot directory will not be encrypted. This parameter will be ignored if `BUILD_KERNEL`=false. `ENABLE_CRYPTFS` is experimental. SSH-to-initramfs is currently not supported but will be soon - feel free to help.
375 384
376 385 ##### `CRYPTFS_PASSWORD`=""
377 386 Set password of the encrypted root partition. This parameter is mandatory if `ENABLE_CRYPTFS`=true.
378 387
379 388 ##### `CRYPTFS_MAPPING`="secure"
380 389 Set name of dm-crypt managed device-mapper mapping.
381 390
382 391 ##### `CRYPTFS_CIPHER`="aes-xts-plain64:sha512"
383 392 Set cipher specification string. `aes-xts*` ciphers are strongly recommended.
384 393
385 394 ##### `CRYPTFS_XTSKEYSIZE`=512
386 395 Sets key size in bits. The argument has to be a multiple of 8.
387 396
388 397 ---
389 398
390 399 #### Build settings:
391 400 ##### `BASEDIR`=$(pwd)/images/${RELEASE}
392 401 Set a path to a working directory used by the script to generate an image.
393 402
394 403 ##### `IMAGE_NAME`=${BASEDIR}/${DATE}-${KERNEL_ARCH}-${KERNEL_BRANCH}-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}
395 404 Set a filename for the output file(s). Note: the script will create $IMAGE_NAME.img if `ENABLE_SPLITFS`=false or $IMAGE_NAME-frmw.img and $IMAGE_NAME-root.img if `ENABLE_SPLITFS`=true. Note 2: If the KERNEL_BRANCH is not set, the word "CURRENT" is used.
396 405
397 406 ## Understanding the script
398 407 The functions of this script that are required for the different stages of the bootstrapping are split up into single files located inside the `bootstrap.d` directory. During the bootstrapping every script in this directory gets executed in lexicographical order:
399 408
400 409 | Script | Description |
401 410 | --- | --- |
402 411 | `10-bootstrap.sh` | Debootstrap basic system |
403 412 | `11-apt.sh` | Setup APT repositories |
404 413 | `12-locale.sh` | Setup Locales and keyboard settings |
405 414 | `13-kernel.sh` | Build and install RPi2/3 Kernel |
406 415 | `14-fstab.sh` | Setup fstab and initramfs |
407 416 | `15-rpi-config.sh` | Setup RPi2/3 config and cmdline |
408 417 | `20-networking.sh` | Setup Networking |
409 418 | `21-firewall.sh` | Setup Firewall |
410 419 | `30-security.sh` | Setup Users and Security settings |
411 420 | `31-logging.sh` | Setup Logging |
412 421 | `32-sshd.sh` | Setup SSH and public keys |
413 422 | `41-uboot.sh` | Build and Setup U-Boot |
414 423 | `42-fbturbo.sh` | Build and Setup fbturbo Xorg driver |
415 424 | `50-firstboot.sh` | First boot actions |
416 425 | `99-reduce.sh` | Reduce the disk space usage |
417 426
418 427 All the required configuration files that will be copied to the generated OS image are located inside the `files` directory. It is not recommended to modify these configuration files manually.
419 428
420 429 | Directory | Description |
421 430 | --- | --- |
422 431 | `apt` | APT management configuration files |
423 432 | `boot` | Boot and RPi2/3 configuration files |
424 433 | `dpkg` | Package Manager configuration |
425 434 | `etc` | Configuration files and rc scripts |
426 435 | `firstboot` | Scripts that get executed on first boot |
427 436 | `initramfs` | Initramfs scripts |
428 437 | `iptables` | Firewall configuration files |
429 438 | `locales` | Locales configuration |
430 439 | `modules` | Kernel Modules configuration |
431 440 | `mount` | Fstab configuration |
432 441 | `network` | Networking configuration files |
433 442 | `sysctl.d` | Swapping and Network Hardening configuration |
434 443 | `xorg` | fbturbo Xorg driver configuration |
435 444
436 445 ## Custom packages and scripts
437 446 Debian custom packages, i.e. those not in the debian repositories, can be installed by placing them in the `packages` directory. They are installed immediately after packages from the repositories are installed. Any dependencies listed in the custom packages will be downloaded automatically from the repositories. Do not list these custom packages in `APT_INCLUDES`.
438 447
439 448 Scripts in the custom.d directory will be executed after all other installation is complete but before the image is created.
440 449
441 450 ## Logging of the bootstrapping process
442 451 All information related to the bootstrapping process and the commands executed by the `rpi23-gen-image.sh` script can easily be saved into a logfile. The common shell command `script` can be used for this purpose:
443 452
444 453 ```shell
445 454 script -c 'APT_SERVER=ftp.de.debian.org ./rpi23-gen-image.sh' ./build.log
446 455 ```
447 456
448 457 ## Flashing the image file
449 458 After the image file was successfully created by the `rpi23-gen-image.sh` script it can be copied to the microSD card that will be used by the RPi2/3 computer. This can be performed by using the tools `bmaptool` or `dd`. Using `bmaptool` will probably speed-up the copy process because `bmaptool` copies more wisely than `dd`.
450 459
451 460 ##### Flashing examples:
452 461 ```shell
453 462 bmaptool copy ./images/buster/2017-01-23-rpi3-buster.img /dev/mmcblk0
454 463 dd bs=4M if=./images/buster/2017-01-23-rpi3-buster.img of=/dev/mmcblk0
455 464 ```
456 465 If you have set `ENABLE_SPLITFS`, copy the `-frmw` image on the microSD card, then the `-root` one on the USB drive:
457 466 ```shell
458 467 bmaptool copy ./images/buster/2017-01-23-rpi3-buster-frmw.img /dev/mmcblk0
459 468 bmaptool copy ./images/buster/2017-01-23-rpi3-buster-root.img /dev/sdc
460 469 ```
461 470
462 471 ## QEMU emulation
463 472 Start QEMU full system emulation:
464 473 ```shell
465 474 qemu-system-arm -m 2048M -M vexpress-a15 -cpu cortex-a15 -kernel kernel7.img -no-reboot -dtb vexpress-v2p-ca15_a7.dtb -sd ${IMAGE_NAME}.qcow2 -append "root=/dev/mmcblk0p2 rw rootfstype=ext4 console=tty1"
466 475 ```
467 476
468 477 Start QEMU full system emulation and output to console:
469 478 ```shell
470 479 qemu-system-arm -m 2048M -M vexpress-a15 -cpu cortex-a15 -kernel kernel7.img -no-reboot -dtb vexpress-v2p-ca15_a7.dtb -sd ${IMAGE_NAME}.qcow2 -append "root=/dev/mmcblk0p2 rw rootfstype=ext4 console=ttyAMA0,115200 init=/bin/systemd" -serial stdio
471 480 ```
472 481
473 482 Start QEMU full system emulation with SMP and output to console:
474 483 ```shell
475 484 qemu-system-arm -m 2048M -M vexpress-a15 -cpu cortex-a15 -smp cpus=2,maxcpus=2 -kernel kernel7.img -no-reboot -dtb vexpress-v2p-ca15_a7.dtb -sd ${IMAGE_NAME}.qcow2 -append "root=/dev/mmcblk0p2 rw rootfstype=ext4 console=ttyAMA0,115200 init=/bin/systemd" -serial stdio
476 485 ```
477 486
478 487 Start QEMU full system emulation with cryptfs, initramfs and output to console:
479 488 ```shell
480 489 qemu-system-arm -m 2048M -M vexpress-a15 -cpu cortex-a15 -kernel kernel7.img -no-reboot -dtb vexpress-v2p-ca15_a7.dtb -sd ${IMAGE_NAME}.qcow2 -initrd "initramfs-${KERNEL_VERSION}" -append "root=/dev/mapper/secure cryptdevice=/dev/mmcblk0p2:secure rw rootfstype=ext4 console=ttyAMA0,115200 init=/bin/systemd" -serial stdio
481 490 ```
482 491
483 492 ## External links and references
484 493 * [Debian worldwide mirror sites](https://www.debian.org/mirror/list)
485 494 * [Debian Raspberry Pi 2 Wiki](https://wiki.debian.org/RaspberryPi2)
486 495 * [Debian CrossToolchains Wiki](https://wiki.debian.org/CrossToolchains)
487 496 * [Official Raspberry Pi Firmware on github](https://github.com/raspberrypi/firmware)
488 497 * [Official Raspberry Pi Kernel on github](https://github.com/raspberrypi/linux)
489 498 * [U-BOOT git repository](https://git.denx.de/?p=u-boot.git;a=summary)
490 499 * [Xorg DDX driver fbturbo](https://github.com/ssvb/xf86-video-fbturbo)
491 500 * [RPi3 Wireless interface firmware](https://github.com/RPi-Distro/firmware-nonfree/tree/master/brcm80211/brcm)
492 501 * [Collabora RPi2 Kernel precompiled](https://repositories.collabora.co.uk/debian/)
@@ -1,185 +1,229
1 1 #
2 2 # Setup RPi2/3 config and cmdline
3 3 #
4 4
5 5 # Load utility functions
6 6 . ./functions.sh
7 7
8 8 if [ "$BUILD_KERNEL" = true ] ; then
9 9 if [ -n "$RPI_FIRMWARE_DIR" ] && [ -d "$RPI_FIRMWARE_DIR" ] ; then
10 10 # Install boot binaries from local directory
11 11 cp "${RPI_FIRMWARE_DIR}"/boot/bootcode.bin "${BOOT_DIR}"/bootcode.bin
12 12 cp "${RPI_FIRMWARE_DIR}"/boot/fixup.dat "${BOOT_DIR}"/fixup.dat
13 13 cp "${RPI_FIRMWARE_DIR}"/boot/fixup_cd.dat "${BOOT_DIR}"/fixup_cd.dat
14 14 cp "${RPI_FIRMWARE_DIR}"/boot/fixup_x.dat "${BOOT_DIR}"/fixup_x.dat
15 15 cp "${RPI_FIRMWARE_DIR}"/boot/start.elf "${BOOT_DIR}"/start.elf
16 16 cp "${RPI_FIRMWARE_DIR}"/boot/start_cd.elf "${BOOT_DIR}"/start_cd.elf
17 17 cp "${RPI_FIRMWARE_DIR}"/boot/start_x.elf "${BOOT_DIR}"/start_x.elf
18 18 else
19 19 # Create temporary directory for boot binaries
20 20 temp_dir=$(as_nobody mktemp -d)
21 21
22 22 # Install latest boot binaries from raspberry/firmware github
23 23 as_nobody wget -q -O "${temp_dir}/bootcode.bin" "${FIRMWARE_URL}/bootcode.bin"
24 24 as_nobody wget -q -O "${temp_dir}/fixup.dat" "${FIRMWARE_URL}/fixup.dat"
25 25 as_nobody wget -q -O "${temp_dir}/fixup_cd.dat" "${FIRMWARE_URL}/fixup_cd.dat"
26 26 as_nobody wget -q -O "${temp_dir}/fixup_x.dat" "${FIRMWARE_URL}/fixup_x.dat"
27 27 as_nobody wget -q -O "${temp_dir}/start.elf" "${FIRMWARE_URL}/start.elf"
28 28 as_nobody wget -q -O "${temp_dir}/start_cd.elf" "${FIRMWARE_URL}/start_cd.elf"
29 29 as_nobody wget -q -O "${temp_dir}/start_x.elf" "${FIRMWARE_URL}/start_x.elf"
30 30
31 31 # Move downloaded boot binaries
32 32 mv "${temp_dir}/"* "${BOOT_DIR}/"
33 33
34 34 # Remove temporary directory for boot binaries
35 35 rm -fr "${temp_dir}"
36 36
37 37 # Set permissions of the boot binaries
38 38 chown -R root:root "${BOOT_DIR}"
39 39 chmod -R 600 "${BOOT_DIR}"
40 40 fi
41 41 fi
42 42
43 43 # Setup firmware boot cmdline
44 44 if [ "$ENABLE_SPLITFS" = true ] ; then
45 45 CMDLINE="dwc_otg.lpm_enable=0 root=/dev/sda1 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline rootwait console=tty1 init=/bin/systemd"
46 46 else
47 47 CMDLINE="dwc_otg.lpm_enable=0 root=/dev/mmcblk0p2 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline rootwait console=tty1 init=/bin/systemd"
48 48 fi
49 49
50 50 # Add encrypted root partition to cmdline.txt
51 51 if [ "$ENABLE_CRYPTFS" = true ] ; then
52 52 if [ "$ENABLE_SPLITFS" = true ] ; then
53 53 CMDLINE=$(echo "${CMDLINE}" | sed "s/sda1/mapper\/${CRYPTFS_MAPPING} cryptdevice=\/dev\/sda1:${CRYPTFS_MAPPING}/")
54 54 else
55 55 CMDLINE=$(echo "${CMDLINE}" | sed "s/mmcblk0p2/mapper\/${CRYPTFS_MAPPING} cryptdevice=\/dev\/mmcblk0p2:${CRYPTFS_MAPPING}/")
56 56 fi
57 57 fi
58 58
59 # Add serial console support
60 if [ "$ENABLE_CONSOLE" = true ] ; then
61 CMDLINE="${CMDLINE} console=ttyAMA0,115200 kgdboc=ttyAMA0,115200"
59 #locks cpu at max frequency
60 if [ "$ENABLE_TURBO" = true ] ; then
61 echo "force_turbo=1" >> "${BOOT_DIR}/config.txt"
62 62 fi
63 63
64 # Remove IPv6 networking support
65 if [ "$ENABLE_IPV6" = false ] ; then
66 CMDLINE="${CMDLINE} ipv6.disable=1"
64 if [ "$ENABLE_PRINTK" = true ] ; then
65 install_readonly files/sysctl.d/83-rpi-printk.conf "${ETC_DIR}/sysctl.d/83-rpi-printk.conf"
67 66 fi
68 67
69 # Automatically assign predictable network interface names
70 if [ "$ENABLE_IFNAMES" = false ] ; then
71 CMDLINE="${CMDLINE} net.ifnames=0"
72 else
73 CMDLINE="${CMDLINE} net.ifnames=1"
74 fi
75
76 # Install firmware boot cmdline
77 echo "${CMDLINE}" > "${BOOT_DIR}/cmdline.txt"
78
79 # Install firmware config
80 install_readonly files/boot/config.txt "${BOOT_DIR}/config.txt"
81
82 # Setup minimal GPU memory allocation size: 16MB (no X)
83 if [ "$ENABLE_MINGPU" = true ] ; then
84 echo "gpu_mem=16" >> "${BOOT_DIR}/config.txt"
85 fi
68 # Install udev rule for serial alias
69 install_readonly files/etc/99-com.rules "${LIB_DIR}/udev/rules.d/99-com.rules"
86 70
87 # Setup boot with initramfs
88 if [ "$ENABLE_INITRAMFS" = true ] ; then
89 echo "initramfs initramfs-${KERNEL_VERSION} followkernel" >> "${BOOT_DIR}/config.txt"
90 fi
71 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then
91 72
92 # Disable RPi3 Bluetooth and restore ttyAMA0 serial device
93 if [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then
94 if [ "$ENABLE_CONSOLE" = true ] && [ "$ENABLE_UBOOT" = false ] ; then
95 echo "dtoverlay=pi3-disable-bt" >> "${BOOT_DIR}/config.txt"
96 echo "enable_uart=1" >> "${BOOT_DIR}/config.txt"
97 fi
98 fi
73 # RPI0,3,3P Use default ttyS0 (mini-UART)as serial interface
74 SET_SERIAL="ttyS0"
99 75
76 # Bluetooth enabled
100 77 if [ "$ENABLE_BLUETOOTH" = true ] ; then
101 78 # Create temporary directory for Bluetooth sources
102 79 temp_dir=$(as_nobody mktemp -d)
103 80
104 81 # Fetch Bluetooth sources
105 82 as_nobody git -C "${temp_dir}" clone "${BLUETOOTH_URL}"
106 83
107 84 # Copy downloaded sources
108 85 mv "${temp_dir}/pi-bluetooth" "${R}/tmp/"
109 86
110 # Raspberry-sys-mod package for /dev/serial device needed by bluetooth service
111 as_nobody wget -q -O "${R}/tmp/pi-bluetooth/99-com.rules" https://raw.githubusercontent.com/RPi-Distro/raspberrypi-sys-mods/master/etc.armhf/udev/rules.d/99-com.rules
112 87 # Bluetooth firmware from arch aur https://aur.archlinux.org/packages/pi-bluetooth/
113 88 as_nobody wget -q -O "${R}/tmp/pi-bluetooth/LICENCE.broadcom_bcm43xx" https://aur.archlinux.org/cgit/aur.git/plain/LICENCE.broadcom_bcm43xx?h=pi-bluetooth
114 89 as_nobody wget -q -O "${R}/tmp/pi-bluetooth/BCM43430A1.hcd" https://aur.archlinux.org/cgit/aur.git/plain/BCM43430A1.hcd?h=pi-bluetooth
115 90
116 91 # Set permissions
117 92 chown -R root:root "${R}/tmp/pi-bluetooth"
118 93
119 94 # Install tools
120 95 install_readonly "${R}/tmp/pi-bluetooth/usr/bin/btuart" "${R}/usr/bin/btuart"
121 96 install_readonly "${R}/tmp/pi-bluetooth/usr/bin/bthelper" "${R}/usr/bin/bthelper"
122 97
123 98 # Install bluetooth udev rule
124 99 install_readonly "${R}/tmp/pi-bluetooth/lib/udev/rules.d/90-pi-bluetooth.rules" "${LIB_DIR}/udev/rules.d/90-pi-bluetooth.rules"
125 100
126 101 # Install Firmware Flash file and apropiate licence
127 mkdir "${ETC_DIR}/firmware/"
128 install_readonly "${R}/tmp/pi-bluetooth/LICENCE.broadcom_bcm43xx" "${ETC_DIR}/firmware/LICENCE.broadcom_bcm43xx"
129 install_readonly "${R}/tmp/pi-bluetooth/BCM43430A1.hcd" "${ETC_DIR}/firmware/LICENCE.broadcom_bcm43xx"
102 mkdir -p "$BLUETOOTH_FIRMWARE_DIR"
103 install_readonly "${R}/tmp/pi-bluetooth/LICENCE.broadcom_bcm43xx" "${BLUETOOTH_FIRMWARE_DIR}/LICENCE.broadcom_bcm43xx"
104 install_readonly "${R}/tmp/pi-bluetooth/BCM43430A1.hcd" "${BLUETOOTH_FIRMWARE_DIR}/LICENCE.broadcom_bcm43xx"
130 105 install_readonly "${R}/tmp/pi-bluetooth/debian/pi-bluetooth.bthelper@.service" "${ETC_DIR}/systemd/system/pi-bluetooth.bthelper@.service"
131 106 install_readonly "${R}/tmp/pi-bluetooth/debian/pi-bluetooth.hciuart.service" "${ETC_DIR}/systemd/system/pi-bluetooth.hciuart.service"
132 # Install udev rule for bluetooth device
133 install_readonly "${R}/tmp/pi-bluetooth/99-com.rules" "${ETC_DIR}/udev/rules.d/99-com.rules"
134 107
135 108 # Remove temporary directory
136 109 rm -fr "${temp_dir}"
110
111 # Switch Pi3 Bluetooth function to use the mini-UART (ttyS0) and restore UART0/ttyAMA0 over GPIOs 14 & 15. Slow Bluetooth and slow cpu. Use /dev/ttyS0 instead of /dev/ttyAMA0
112 if [ "$ENABLE_MINIUART_OVERLAY" = true ] ; then
113 SET_SERIAL="ttyAMA0"
114
115 # set overlay to swap ttyAMA0 and ttyS0
116 echo "dtoverlay=pi3-miniuart-bt" >> "${BOOT_DIR}/config.txt"
117
118 # if force_turbo didn't lock cpu at high speed, lock it at low speed (XOR logic) or miniuart will be broken
119 if [ "$ENABLE_TURBO" = false ] ; then
120 echo "core_freq=250" >> "${BOOT_DIR}/config.txt"
121 fi
122
123 # Activate services
124 chroot_exec systemctl enable pi-bluetooth.hciuart.service
125 #chroot_exec systemctl enable pi-bluetooth.bthelper@.service
126 else
127 chroot_exec systemctl enable pi-bluetooth.hciuart.service
128 #chroot_exec systemctl enable pi-bluetooth.bthelper@.service
129 fi
130
131 else # if ENABLE_BLUETOOTH = false
132 # set overlay to disable bluetooth
133 echo "dtoverlay=pi3-disable-bt" >> "${BOOT_DIR}/config.txt"
134 fi # ENABLE_BLUETOOTH end
135
136 else
137 # RPI1,1P,2 Use default ttyAMA0 (full UART) as serial interface
138 SET_SERIAL="ttyAMA0"
139 fi
140
141 # may need sudo systemctl disable hciuart
142 if [ "$ENABLE_CONSOLE" = true ] ; then
143 echo "enable_uart=1" >> "${BOOT_DIR}/config.txt"
144 # add string to cmdline
145 CMDLINE="${CMDLINE} console=serial0,115200"
146
147 # Enable serial console systemd style
148 chroot_exec systemctl enable serial-getty\@"$SET_SERIAL".service
149 else
150 echo "enable_uart=0" >> "${BOOT_DIR}/config.txt"
151 # disable serial console systemd style
152 chroot_exec systemctl disable serial-getty\@"$SET_SERIAL".service
153 fi
154
155 # Remove IPv6 networking support
156 if [ "$ENABLE_IPV6" = false ] ; then
157 CMDLINE="${CMDLINE} ipv6.disable=1"
158 fi
159
160 # Automatically assign predictable network interface names
161 if [ "$ENABLE_IFNAMES" = false ] ; then
162 CMDLINE="${CMDLINE} net.ifnames=0"
163 else
164 CMDLINE="${CMDLINE} net.ifnames=1"
165 fi
166
167 # Install firmware boot cmdline
168 echo "${CMDLINE}" > "${BOOT_DIR}/cmdline.txt"
169
170 # Install firmware config
171 install_readonly files/boot/config.txt "${BOOT_DIR}/config.txt"
172
173 # Setup minimal GPU memory allocation size: 16MB (no X)
174 if [ "$ENABLE_MINGPU" = true ] ; then
175 echo "gpu_mem=16" >> "${BOOT_DIR}/config.txt"
176 fi
177
178 # Setup boot with initramfs
179 if [ "$ENABLE_INITRAMFS" = true ] ; then
180 echo "initramfs initramfs-${KERNEL_VERSION} followkernel" >> "${BOOT_DIR}/config.txt"
137 181 fi
138 182
139 183 # Create firmware configuration and cmdline symlinks
140 184 ln -sf firmware/config.txt "${R}/boot/config.txt"
141 185 ln -sf firmware/cmdline.txt "${R}/boot/cmdline.txt"
142 186
143 187 # Install and setup kernel modules to load at boot
144 188 mkdir -p "${LIB_DIR}/modules-load.d/"
145 189 install_readonly files/modules/rpi2.conf "${LIB_DIR}/modules-load.d/rpi2.conf"
146 190
147 191 # Load hardware random module at boot
148 192 if [ "$ENABLE_HWRANDOM" = true ] && [ "$BUILD_KERNEL" = false ] ; then
149 193 sed -i "s/^# bcm2708_rng/bcm2708_rng/" "${LIB_DIR}/modules-load.d/rpi2.conf"
150 194 fi
151 195
152 196 # Load sound module at boot
153 197 if [ "$ENABLE_SOUND" = true ] ; then
154 198 sed -i "s/^# snd_bcm2835/snd_bcm2835/" "${LIB_DIR}/modules-load.d/rpi2.conf"
155 199 else
156 200 echo "dtparam=audio=off" >> "${BOOT_DIR}/config.txt"
157 201 fi
158 202
159 203 # Enable I2C interface
160 204 if [ "$ENABLE_I2C" = true ] ; then
161 205 echo "dtparam=i2c_arm=on" >> "${BOOT_DIR}/config.txt"
162 206 sed -i "s/^# i2c-bcm2708/i2c-bcm2708/" "${LIB_DIR}/modules-load.d/rpi2.conf"
163 207 sed -i "s/^# i2c-dev/i2c-dev/" "${LIB_DIR}/modules-load.d/rpi2.conf"
164 208 fi
165 209
166 210 # Enable SPI interface
167 211 if [ "$ENABLE_SPI" = true ] ; then
168 212 echo "dtparam=spi=on" >> "${BOOT_DIR}/config.txt"
169 213 echo "spi-bcm2708" >> "${LIB_DIR}/modules-load.d/rpi2.conf"
170 214 if [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ]; then
171 215 sed -i "s/spi-bcm2708/spi-bcm2835/" "${LIB_DIR}/modules-load.d/rpi2.conf"
172 216 fi
173 217 fi
174 218
175 219 # Disable RPi2/3 under-voltage warnings
176 220 if [ -n "$DISABLE_UNDERVOLT_WARNINGS" ] ; then
177 221 echo "avoid_warnings=${DISABLE_UNDERVOLT_WARNINGS}" >> "${BOOT_DIR}/config.txt"
178 222 fi
179 223
180 224 # Install kernel modules blacklist
181 225 mkdir -p "${ETC_DIR}/modprobe.d/"
182 226 install_readonly files/modules/raspi-blacklist.conf "${ETC_DIR}/modprobe.d/raspi-blacklist.conf"
183 227
184 228 # Install sysctl.d configuration files
185 229 install_readonly files/sysctl.d/81-rpi-vm.conf "${ETC_DIR}/sysctl.d/81-rpi-vm.conf"
@@ -1,798 +1,807
1 1 #!/bin/sh
2 2 ########################################################################
3 3 # rpi23-gen-image.sh 2015-2017
4 4 #
5 5 # Advanced Debian "stretch" and "buster" bootstrap script for RPi2/3
6 6 #
7 7 # This program is free software; you can redistribute it and/or
8 8 # modify it under the terms of the GNU General Public License
9 9 # as published by the Free Software Foundation; either version 2
10 10 # of the License, or (at your option) any later version.
11 11 #
12 12 # Copyright (C) 2015 Jan Wagner <mail@jwagner.eu>
13 13 #
14 14 # Big thanks for patches and enhancements by 20+ github contributors!
15 15 ########################################################################
16 16
17 17 # Are we running as root?
18 18 if [ "$(id -u)" -ne "0" ] ; then
19 19 echo "error: this script must be executed with root privileges!"
20 20 exit 1
21 21 fi
22 22
23 23 # Check if ./functions.sh script exists
24 24 if [ ! -r "./functions.sh" ] ; then
25 25 echo "error: './functions.sh' required script not found!"
26 26 exit 1
27 27 fi
28 28
29 29 # Load utility functions
30 30 . ./functions.sh
31 31
32 32 # Load parameters from configuration template file
33 33 if [ -n "$CONFIG_TEMPLATE" ] ; then
34 34 use_template
35 35 fi
36 36
37 37 # Introduce settings
38 38 set -e
39 39 echo -n -e "\n#\n# RPi2/3 Bootstrap Settings\n#\n"
40 40 set -x
41 41
42 42 # Raspberry Pi model configuration
43 43 RPI_MODEL=${RPI_MODEL:=2}
44 44
45 45 # Debian release
46 46 RELEASE=${RELEASE:=buster}
47 47
48 48 # Kernel Branch
49 49 KERNEL_BRANCH=${KERNEL_BRANCH:=""}
50 50
51 51 # URLs
52 52 KERNEL_URL=${KERNEL_URL:=https://github.com/raspberrypi/linux}
53 53 FIRMWARE_URL=${FIRMWARE_URL:=https://github.com/raspberrypi/firmware/raw/master/boot}
54 54 WLAN_FIRMWARE_URL=${WLAN_FIRMWARE_URL:=https://github.com/RPi-Distro/firmware-nonfree/raw/master/brcm}
55 55 COLLABORA_URL=${COLLABORA_URL:=https://repositories.collabora.co.uk/debian}
56 56 FBTURBO_URL=${FBTURBO_URL:=https://github.com/ssvb/xf86-video-fbturbo.git}
57 57 UBOOT_URL=${UBOOT_URL:=https://git.denx.de/u-boot.git}
58 58 VIDEOCORE_URL=${VIDEOCORE_URL:=https://github.com/raspberrypi/userland}
59 59 BLUETOOTH_URL=${BLUETOOTH_URL:=https://github.com/RPi-Distro/pi-bluetooth.git}
60 60
61 61 # Build directories
62 62 WORKDIR=$(pwd)
63 63 BASEDIR=${BASEDIR:=${WORKDIR}/images/${RELEASE}}
64 64 BUILDDIR="${BASEDIR}/build"
65 65
66 66 # Chroot directories
67 67 R="${BUILDDIR}/chroot"
68 68 ETC_DIR="${R}/etc"
69 69 LIB_DIR="${R}/lib"
70 70 BOOT_DIR="${R}/boot/firmware"
71 71 KERNEL_DIR="${R}/usr/src/linux"
72 72 WLAN_FIRMWARE_DIR="${LIB_DIR}/firmware/brcm"
73 BLUETOOTH_FIRMWARE_DIR="${ETC_DIR}/firmware/bt"
73 74
74 75 # Firmware directory: Blank if download from github
75 76 RPI_FIRMWARE_DIR=${RPI_FIRMWARE_DIR:=""}
76 77
77 78 # General settings
78 79 SET_ARCH=${SET_ARCH:=32}
79 80 HOSTNAME=${HOSTNAME:=rpi${RPI_MODEL}-${RELEASE}}
80 81 PASSWORD=${PASSWORD:=raspberry}
81 82 USER_PASSWORD=${USER_PASSWORD:=raspberry}
82 83 DEFLOCAL=${DEFLOCAL:="en_US.UTF-8"}
83 84 TIMEZONE=${TIMEZONE:="Europe/Berlin"}
84 85 EXPANDROOT=${EXPANDROOT:=true}
85 86
86 87 # Keyboard settings
87 88 XKB_MODEL=${XKB_MODEL:=""}
88 89 XKB_LAYOUT=${XKB_LAYOUT:=""}
89 90 XKB_VARIANT=${XKB_VARIANT:=""}
90 91 XKB_OPTIONS=${XKB_OPTIONS:=""}
91 92
92 93 # Network settings (DHCP)
93 94 ENABLE_DHCP=${ENABLE_DHCP:=true}
94 95
95 96 # Network settings (static)
96 97 NET_ADDRESS=${NET_ADDRESS:=""}
97 98 NET_GATEWAY=${NET_GATEWAY:=""}
98 99 NET_DNS_1=${NET_DNS_1:=""}
99 100 NET_DNS_2=${NET_DNS_2:=""}
100 101 NET_DNS_DOMAINS=${NET_DNS_DOMAINS:=""}
101 102 NET_NTP_1=${NET_NTP_1:=""}
102 103 NET_NTP_2=${NET_NTP_2:=""}
103 104
104 105 # APT settings
105 106 APT_PROXY=${APT_PROXY:=""}
106 107 APT_SERVER=${APT_SERVER:="ftp.debian.org"}
107 108
108 109 # Feature settings
110 ENABLE_PRINTK=${ENABLE_PRINTK:=false}
109 111 ENABLE_BLUETOOTH=${ENABLE_BLUETOOTH:=false}
112 ENABLE_MINIUART_OVERLAY=${ENABLE_MINIUART_OVERLAY:=false}
110 113 ENABLE_CONSOLE=${ENABLE_CONSOLE:=true}
111 114 ENABLE_I2C=${ENABLE_I2C:=false}
112 115 ENABLE_SPI=${ENABLE_SPI:=false}
113 116 ENABLE_IPV6=${ENABLE_IPV6:=true}
114 117 ENABLE_SSHD=${ENABLE_SSHD:=true}
115 118 ENABLE_NONFREE=${ENABLE_NONFREE:=false}
116 119 ENABLE_WIRELESS=${ENABLE_WIRELESS:=false}
117 120 ENABLE_SOUND=${ENABLE_SOUND:=true}
118 121 ENABLE_DBUS=${ENABLE_DBUS:=true}
119 122 ENABLE_HWRANDOM=${ENABLE_HWRANDOM:=true}
120 123 ENABLE_MINGPU=${ENABLE_MINGPU:=false}
121 124 ENABLE_XORG=${ENABLE_XORG:=false}
122 125 ENABLE_WM=${ENABLE_WM:=""}
123 126 ENABLE_RSYSLOG=${ENABLE_RSYSLOG:=true}
124 127 ENABLE_USER=${ENABLE_USER:=true}
125 128 USER_NAME=${USER_NAME:="pi"}
126 129 ENABLE_ROOT=${ENABLE_ROOT:=false}
127 130 ENABLE_QEMU=${ENABLE_QEMU:=false}
128 131 ENABLE_SYSVINIT=${ENABLE_SYSVINIT:=false}
129 132
130 133 # SSH settings
131 134 SSH_ENABLE_ROOT=${SSH_ENABLE_ROOT:=false}
132 135 SSH_DISABLE_PASSWORD_AUTH=${SSH_DISABLE_PASSWORD_AUTH:=false}
133 136 SSH_LIMIT_USERS=${SSH_LIMIT_USERS:=false}
134 137 SSH_ROOT_PUB_KEY=${SSH_ROOT_PUB_KEY:=""}
135 138 SSH_USER_PUB_KEY=${SSH_USER_PUB_KEY:=""}
136 139
137 140 # Advanced settings
138 141 ENABLE_MINBASE=${ENABLE_MINBASE:=false}
139 142 ENABLE_REDUCE=${ENABLE_REDUCE:=false}
140 143 ENABLE_UBOOT=${ENABLE_UBOOT:=false}
141 144 UBOOTSRC_DIR=${UBOOTSRC_DIR:=""}
142 145 ENABLE_FBTURBO=${ENABLE_FBTURBO:=false}
143 146 ENABLE_VIDEOCORE=${ENABLE_VIDEOCORE:=false}
144 147 VIDEOCORESRC_DIR=${VIDEOCORESRC_DIR:=""}
145 148 FBTURBOSRC_DIR=${FBTURBOSRC_DIR:=""}
146 149 ENABLE_HARDNET=${ENABLE_HARDNET:=false}
147 150 ENABLE_IPTABLES=${ENABLE_IPTABLES:=false}
148 151 ENABLE_SPLITFS=${ENABLE_SPLITFS:=false}
149 152 ENABLE_INITRAMFS=${ENABLE_INITRAMFS:=false}
150 153 ENABLE_IFNAMES=${ENABLE_IFNAMES:=true}
151 154 DISABLE_UNDERVOLT_WARNINGS=${DISABLE_UNDERVOLT_WARNINGS:=}
152 155
153 156 # Kernel compilation settings
154 157 BUILD_KERNEL=${BUILD_KERNEL:=true}
155 158 KERNEL_REDUCE=${KERNEL_REDUCE:=false}
156 159 KERNEL_THREADS=${KERNEL_THREADS:=1}
157 160 KERNEL_HEADERS=${KERNEL_HEADERS:=true}
158 161 KERNEL_MENUCONFIG=${KERNEL_MENUCONFIG:=false}
159 162 KERNEL_REMOVESRC=${KERNEL_REMOVESRC:=true}
160 163 KERNEL_OLDDEFCONFIG=${KERNEL_OLDDEFCONFIG:=false}
161 164 KERNEL_CCACHE=${KERNEL_CCACHE:=false}
162 165
163 166 # Kernel compilation from source directory settings
164 167 KERNELSRC_DIR=${KERNELSRC_DIR:=""}
165 168 KERNELSRC_CLEAN=${KERNELSRC_CLEAN:=false}
166 169 KERNELSRC_CONFIG=${KERNELSRC_CONFIG:=true}
167 170 KERNELSRC_PREBUILT=${KERNELSRC_PREBUILT:=false}
168 171
169 172 # Reduce disk usage settings
170 173 REDUCE_APT=${REDUCE_APT:=true}
171 174 REDUCE_DOC=${REDUCE_DOC:=true}
172 175 REDUCE_MAN=${REDUCE_MAN:=true}
173 176 REDUCE_VIM=${REDUCE_VIM:=false}
174 177 REDUCE_BASH=${REDUCE_BASH:=false}
175 178 REDUCE_HWDB=${REDUCE_HWDB:=true}
176 179 REDUCE_SSHD=${REDUCE_SSHD:=true}
177 180 REDUCE_LOCALE=${REDUCE_LOCALE:=true}
178 181
179 182 # Encrypted filesystem settings
180 183 ENABLE_CRYPTFS=${ENABLE_CRYPTFS:=false}
181 184 CRYPTFS_PASSWORD=${CRYPTFS_PASSWORD:=""}
182 185 CRYPTFS_MAPPING=${CRYPTFS_MAPPING:="secure"}
183 186 CRYPTFS_CIPHER=${CRYPTFS_CIPHER:="aes-xts-plain64:sha512"}
184 187 CRYPTFS_XTSKEYSIZE=${CRYPTFS_XTSKEYSIZE:=512}
185 188
186 189 # Chroot scripts directory
187 190 CHROOT_SCRIPTS=${CHROOT_SCRIPTS:=""}
188 191
189 192 # Packages required in the chroot build environment
190 193 APT_INCLUDES=${APT_INCLUDES:=""}
191 194 APT_INCLUDES="${APT_INCLUDES},apt-transport-https,apt-utils,ca-certificates,debian-archive-keyring,dialog,sudo,systemd,sysvinit-utils,locales,keyboard-configuration,console-setup,libnss-systemd"
192 195
193 196 # Packages to exclude from chroot build environment
194 197 APT_EXCLUDES=${APT_EXCLUDES:=""}
195 198
196 199 # Packages required for bootstrapping
197 200 REQUIRED_PACKAGES="debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git bc psmisc dbus sudo"
198 201 MISSING_PACKAGES=""
199 202
200 203 # Packages installed for c/c++ build environment in chroot (keep empty)
201 204 COMPILER_PACKAGES=""
202 205
203 206 set +x
204 207
205 208 #Check if apt-cacher-ng has port 3142 open and set APT_PROXY
206 209 APT_CACHER_RUNNING=$(lsof -i :3142 | grep apt-cacher-ng | cut -d ' ' -f3 | uniq)
207 if [ -n ${APT_CACHER_RUNNING} ] ; then
210 if [ -n "${APT_CACHER_RUNNING}" ] ; then
208 211 APT_PROXY=http://127.0.0.1:3142/
209 212 fi
210 213
211 214 # Setup architecture specific settings
212 215 if [ -n "$SET_ARCH" ] ; then
213 216 # 64 bit configuration
214 217 if [ "$SET_ARCH" = 64 ] ; then
215 218 # General 64 bit depended settings
216 219 QEMU_BINARY=${QEMU_BINARY:=/usr/bin/qemu-aarch64-static}
217 220 KERNEL_ARCH=${KERNEL_ARCH:=arm64}
218 221 KERNEL_BIN_IMAGE=${KERNEL_BIN_IMAGE:="Image"}
219 222
220 223 # Board specific settings
221 224 if [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then
222 225 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-arm64"
223 226 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcmrpi3_defconfig}
224 227 RELEASE_ARCH=${RELEASE_ARCH:=arm64}
225 228 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel8.img}
226 229 CROSS_COMPILE=${CROSS_COMPILE:=aarch64-linux-gnu-}
227 230 else
228 231 echo "error: Only Raspberry PI 3 and 3B+ support 64 bit"
229 232 exit 1
230 233 fi
231 234 fi
232 235
233 236 # 32 bit configuration
234 237 if [ "$SET_ARCH" = 32 ] ; then
235 238 # General 32 bit dependend settings
236 239 QEMU_BINARY=${QEMU_BINARY:=/usr/bin/qemu-arm-static}
237 240 KERNEL_ARCH=${KERNEL_ARCH:=arm}
238 241 KERNEL_BIN_IMAGE=${KERNEL_BIN_IMAGE:="zImage"}
239 242
240 243 # Hardware specific settings
241 244 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 1 ] || [ "$RPI_MODEL" = 1P ] ; then
242 245 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-armel"
243 246 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcmrpi_defconfig}
244 247 RELEASE_ARCH=${RELEASE_ARCH:=armel}
245 248 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel.img}
246 249 CROSS_COMPILE=${CROSS_COMPILE:=arm-linux-gnueabi-}
247 250 fi
248 251
249 252 # Hardware specific settings
250 253 if [ "$RPI_MODEL" = 2 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then
251 254 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-armhf"
252 255 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcm2709_defconfig}
253 256 RELEASE_ARCH=${RELEASE_ARCH:=armhf}
254 257 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel7.img}
255 258 CROSS_COMPILE=${CROSS_COMPILE:=arm-linux-gnueabihf-}
256 259 fi
257 260 fi
258 261 #SET_ARCH not set
259 262 else
260 263 echo "error: Please set '32' or '64' as value for SET_ARCH"
261 264 exit 1
262 265 fi
263 266 # Device specific configuration and U-Boot configuration
264 267 case "$RPI_MODEL" in
265 268 0)
266 269 DTB_FILE=${DTB_FILE:=bcm2708-rpi-0-w.dtb}
267 270 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_defconfig}
268 271 ;;
269 272 1)
270 273 DTB_FILE=${DTB_FILE:=bcm2708-rpi-b.dtb}
271 274 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_defconfig}
272 275 ;;
273 276 1P)
274 277 DTB_FILE=${DTB_FILE:=bcm2708-rpi-b-plus.dtb}
275 278 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_defconfig}
276 279 ;;
277 280 2)
278 281 DTB_FILE=${DTB_FILE:=bcm2709-rpi-2-b.dtb}
279 282 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_2_defconfig}
280 283 ;;
281 284 3)
282 285 DTB_FILE=${DTB_FILE:=bcm2710-rpi-3-b.dtb}
283 286 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_3_defconfig}
284 287 ;;
285 288 3P)
286 289 DTB_FILE=${DTB_FILE:=bcm2710-rpi-3-b.dtb}
287 290 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_3_defconfig}
288 291 ;;
289 292 *)
290 293 echo "error: Raspberry Pi model $RPI_MODEL is not supported!"
291 294 exit 1
292 295 ;;
293 296 esac
294 297
298 # Raspberry PI 0,3,3P with Bluetooth and Wifi onboard
299 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then
300 # Include bluetooth packages on supported boards
301 if [ "$ENABLE_BLUETOOTH" = true ] && [ "$ENABLE_CONSOLE" = false ]; then
302 APT_INCLUDES="${APT_INCLUDES},bluetooth,bluez"
303 fi
304 else # Raspberry PI 1,1P,2 without Wifi and bluetooth onboard
305 # Check if the internal wireless interface is not supported by the RPi model
306 if [ "$ENABLE_WIRELESS" = true ] || [ "$ENABLE_BLUETOOTH" = true ]; then
307 echo "error: The selected Raspberry Pi model has no integrated interface for wireless or bluetooth"
308 exit 1
309 fi
310 fi
311
295 312 # Prepare date string for default image file name
296 313 DATE="$(date +%Y-%m-%d)"
297 314 if [ -z "$KERNEL_BRANCH" ] ; then
298 315 IMAGE_NAME=${IMAGE_NAME:=${BASEDIR}/${DATE}-${KERNEL_ARCH}-CURRENT-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}}
299 316 else
300 317 IMAGE_NAME=${IMAGE_NAME:=${BASEDIR}/${DATE}-${KERNEL_ARCH}-${KERNEL_BRANCH}-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}}
301 318 fi
302 319
303 # Check if the internal wireless interface is supported by the RPi model
304 if [ "$ENABLE_WIRELESS" = true ] ; then
305 if [ "$RPI_MODEL" = 1 ] || [ "$RPI_MODEL" = 1P ] || [ "$RPI_MODEL" = 2 ] ; then
306 echo "error: The selected Raspberry Pi model has no internal wireless interface"
307 exit 1
308 fi
309 fi
310
311 320 # Check if DISABLE_UNDERVOLT_WARNINGS parameter value is supported
312 321 if [ -n "$DISABLE_UNDERVOLT_WARNINGS" ] ; then
313 322 if [ "$DISABLE_UNDERVOLT_WARNINGS" != 1 ] && [ "$DISABLE_UNDERVOLT_WARNINGS" != 2 ] ; then
314 323 echo "error: DISABLE_UNDERVOLT_WARNINGS=${DISABLE_UNDERVOLT_WARNINGS} is not supported"
315 324 exit 1
316 325 fi
317 326 fi
318 327
319 328 # Add cmake to compile videocore sources
320 329 if [ "$ENABLE_VIDEOCORE" = true ] ; then
321 330 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} cmake"
322 331 fi
323 332
324 333 # Add libncurses5 to enable kernel menuconfig
325 334 if [ "$KERNEL_MENUCONFIG" = true ] ; then
326 335 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} libncurses-dev"
327 336 fi
328 337
329 338 # Add ccache compiler cache for (faster) kernel cross (re)compilation
330 339 if [ "$KERNEL_CCACHE" = true ] ; then
331 340 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} ccache"
332 341 fi
333 342
334 343 # Add cryptsetup package to enable filesystem encryption
335 344 if [ "$ENABLE_CRYPTFS" = true ] && [ "$BUILD_KERNEL" = true ] ; then
336 345 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} cryptsetup"
337 346 APT_INCLUDES="${APT_INCLUDES},cryptsetup,busybox,console-setup"
338 347
339 348 if [ -z "$CRYPTFS_PASSWORD" ] ; then
340 349 echo "error: no password defined (CRYPTFS_PASSWORD)!"
341 350 exit 1
342 351 fi
343 352 ENABLE_INITRAMFS=true
344 353 fi
345 354
346 355 # Add initramfs generation tools
347 356 if [ "$ENABLE_INITRAMFS" = true ] && [ "$BUILD_KERNEL" = true ] ; then
348 357 APT_INCLUDES="${APT_INCLUDES},initramfs-tools"
349 358 fi
350 359
351 360 # Add device-tree-compiler required for building the U-Boot bootloader
352 361 if [ "$ENABLE_UBOOT" = true ] ; then
353 362 APT_INCLUDES="${APT_INCLUDES},device-tree-compiler,bison,flex,bc"
354 363 fi
355 364
356 365 if [ "$ENABLE_BLUETOOTH" = true ] ; then
357 366 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then
358 367 if [ "$ENABLE_CONSOLE" = false ] ; then
359 368 APT_INCLUDES="${APT_INCLUDES},bluetooth,bluez"
360 369 fi
361 370 fi
362 371 fi
363 372
364 373 # Check if root SSH (v2) public key file exists
365 374 if [ -n "$SSH_ROOT_PUB_KEY" ] ; then
366 375 if [ ! -f "$SSH_ROOT_PUB_KEY" ] ; then
367 376 echo "error: '$SSH_ROOT_PUB_KEY' specified SSH public key file not found (SSH_ROOT_PUB_KEY)!"
368 377 exit 1
369 378 fi
370 379 fi
371 380
372 381 # Check if $USER_NAME SSH (v2) public key file exists
373 382 if [ -n "$SSH_USER_PUB_KEY" ] ; then
374 383 if [ ! -f "$SSH_USER_PUB_KEY" ] ; then
375 384 echo "error: '$SSH_USER_PUB_KEY' specified SSH public key file not found (SSH_USER_PUB_KEY)!"
376 385 exit 1
377 386 fi
378 387 fi
379 388
380 389 # Check if all required packages are installed on the build system
381 390 for package in $REQUIRED_PACKAGES ; do
382 391 if [ "$(dpkg-query -W -f='${Status}' "$package")" != "install ok installed" ] ; then
383 392 MISSING_PACKAGES="${MISSING_PACKAGES} $package"
384 393 fi
385 394 done
386 395
387 396 # If there are missing packages ask confirmation for install, or exit
388 397 if [ -n "$MISSING_PACKAGES" ] ; then
389 398 echo "the following packages needed by this script are not installed:"
390 399 echo "$MISSING_PACKAGES"
391 400
392 401 printf "\ndo you want to install the missing packages right now? [y/n] "
393 402 read -r confirm
394 403 [ "$confirm" != "y" ] && exit 1
395 404
396 405 # Make sure all missing required packages are installed
397 406 apt-get -qq -y install "${MISSING_PACKAGES}"
398 407 fi
399 408
400 409 # Check if ./bootstrap.d directory exists
401 410 if [ ! -d "./bootstrap.d/" ] ; then
402 411 echo "error: './bootstrap.d' required directory not found!"
403 412 exit 1
404 413 fi
405 414
406 415 # Check if ./files directory exists
407 416 if [ ! -d "./files/" ] ; then
408 417 echo "error: './files' required directory not found!"
409 418 exit 1
410 419 fi
411 420
412 421 # Check if specified KERNELSRC_DIR directory exists
413 422 if [ -n "$KERNELSRC_DIR" ] && [ ! -d "$KERNELSRC_DIR" ] ; then
414 423 echo "error: '${KERNELSRC_DIR}' specified directory not found (KERNELSRC_DIR)!"
415 424 exit 1
416 425 fi
417 426
418 427 # Check if specified UBOOTSRC_DIR directory exists
419 428 if [ -n "$UBOOTSRC_DIR" ] && [ ! -d "$UBOOTSRC_DIR" ] ; then
420 429 echo "error: '${UBOOTSRC_DIR}' specified directory not found (UBOOTSRC_DIR)!"
421 430 exit 1
422 431 fi
423 432
424 433 # Check if specified VIDEOCORESRC_DIR directory exists
425 434 if [ -n "$VIDEOCORESRC_DIR" ] && [ ! -d "$VIDEOCORESRC_DIR" ] ; then
426 435 echo "error: '${VIDEOCORESRC_DIR}' specified directory not found (VIDEOCORESRC_DIR)!"
427 436 exit 1
428 437 fi
429 438
430 439 # Check if specified FBTURBOSRC_DIR directory exists
431 440 if [ -n "$FBTURBOSRC_DIR" ] && [ ! -d "$FBTURBOSRC_DIR" ] ; then
432 441 echo "error: '${FBTURBOSRC_DIR}' specified directory not found (FBTURBOSRC_DIR)!"
433 442 exit 1
434 443 fi
435 444
436 445 # Check if specified CHROOT_SCRIPTS directory exists
437 446 if [ -n "$CHROOT_SCRIPTS" ] && [ ! -d "$CHROOT_SCRIPTS" ] ; then
438 447 echo "error: ${CHROOT_SCRIPTS} specified directory not found (CHROOT_SCRIPTS)!"
439 448 exit 1
440 449 fi
441 450
442 451 # Check if specified device mapping already exists (will be used by cryptsetup)
443 452 if [ -r "/dev/mapping/${CRYPTFS_MAPPING}" ] ; then
444 453 echo "error: mapping /dev/mapping/${CRYPTFS_MAPPING} already exists, not proceeding"
445 454 exit 1
446 455 fi
447 456
448 457 # Don't clobber an old build
449 458 if [ -e "$BUILDDIR" ] ; then
450 459 echo "error: directory ${BUILDDIR} already exists, not proceeding"
451 460 exit 1
452 461 fi
453 462
454 463 # Setup chroot directory
455 464 mkdir -p "${R}"
456 465
457 466 # Check if build directory has enough of free disk space >512MB
458 467 if [ "$(df --output=avail "${BUILDDIR}" | sed "1d")" -le "524288" ] ; then
459 468 echo "error: ${BUILDDIR} not enough space left to generate the output image!"
460 469 exit 1
461 470 fi
462 471
463 472 set -x
464 473
465 474 # Call "cleanup" function on various signals and errors
466 475 trap cleanup 0 1 2 3 6
467 476
468 477 # Add required packages for the minbase installation
469 478 if [ "$ENABLE_MINBASE" = true ] ; then
470 479 APT_INCLUDES="${APT_INCLUDES},vim-tiny,netbase,net-tools,ifupdown"
471 480 fi
472 481
473 482 # Add parted package, required to get partprobe utility
474 483 if [ "$EXPANDROOT" = true ] ; then
475 484 APT_INCLUDES="${APT_INCLUDES},parted"
476 485 fi
477 486
478 487 # Add dbus package, recommended if using systemd
479 488 if [ "$ENABLE_DBUS" = true ] ; then
480 489 APT_INCLUDES="${APT_INCLUDES},dbus"
481 490 fi
482 491
483 492 # Add iptables IPv4/IPv6 package
484 493 if [ "$ENABLE_IPTABLES" = true ] ; then
485 494 APT_INCLUDES="${APT_INCLUDES},iptables,iptables-persistent"
486 495 fi
487 496
488 497 # Add openssh server package
489 498 if [ "$ENABLE_SSHD" = true ] ; then
490 499 APT_INCLUDES="${APT_INCLUDES},openssh-server"
491 500 fi
492 501
493 502 # Add alsa-utils package
494 503 if [ "$ENABLE_SOUND" = true ] ; then
495 504 APT_INCLUDES="${APT_INCLUDES},alsa-utils"
496 505 fi
497 506
498 507 # Add rng-tools package
499 508 if [ "$ENABLE_HWRANDOM" = true ] ; then
500 509 APT_INCLUDES="${APT_INCLUDES},rng-tools"
501 510 fi
502 511
503 512 # Add fbturbo video driver
504 513 if [ "$ENABLE_FBTURBO" = true ] ; then
505 514 # Enable xorg package dependencies
506 515 ENABLE_XORG=true
507 516 fi
508 517
509 518 # Add user defined window manager package
510 519 if [ -n "$ENABLE_WM" ] ; then
511 520 APT_INCLUDES="${APT_INCLUDES},${ENABLE_WM}"
512 521
513 522 # Enable xorg package dependencies
514 523 ENABLE_XORG=true
515 524 fi
516 525
517 526 # Add xorg package
518 527 if [ "$ENABLE_XORG" = true ] ; then
519 528 APT_INCLUDES="${APT_INCLUDES},xorg,dbus-x11"
520 529 fi
521 530
522 531 # Replace selected packages with smaller clones
523 532 if [ "$ENABLE_REDUCE" = true ] ; then
524 533 # Add levee package instead of vim-tiny
525 534 if [ "$REDUCE_VIM" = true ] ; then
526 535 APT_INCLUDES="$(echo ${APT_INCLUDES} | sed "s/vim-tiny/levee/")"
527 536 fi
528 537
529 538 # Add dropbear package instead of openssh-server
530 539 if [ "$REDUCE_SSHD" = true ] ; then
531 540 APT_INCLUDES="$(echo "${APT_INCLUDES}" | sed "s/openssh-server/dropbear/")"
532 541 fi
533 542 fi
534 543
535 544 # Configure systemd-sysv exclude to make halt/reboot/shutdown scripts available
536 545 if [ "$ENABLE_SYSVINIT" = false ] ; then
537 546 APT_EXCLUDES="--exclude=${APT_EXCLUDES},init,systemd-sysv"
538 547 fi
539 548
540 549 # Check if kernel is getting compiled
541 550 if [ "$BUILD_KERNEL" = false ] ; then
542 551 echo "Downloading precompiled kernel"
543 552 echo "error: not configured"
544 553 exit 1;
545 554 # BUILD_KERNEL=true
546 555 else
547 556 echo "No precompiled kernel repositories were added"
548 557 fi
549 558
550 559 # Configure kernel sources if no KERNELSRC_DIR
551 560 if [ "$BUILD_KERNEL" = true ] && [ -z "$KERNELSRC_DIR" ] ; then
552 561 KERNELSRC_CONFIG=true
553 562 fi
554 563
555 564 # Configure reduced kernel
556 565 if [ "$KERNEL_REDUCE" = true ] ; then
557 566 KERNELSRC_CONFIG=false
558 567 fi
559 568
560 569 # Configure qemu compatible kernel
561 570 if [ "$ENABLE_QEMU" = true ] ; then
562 571 DTB_FILE=vexpress-v2p-ca15_a7.dtb
563 572 UBOOT_CONFIG=vexpress_ca15_tc2_defconfig
564 573 KERNEL_DEFCONFIG="vexpress_defconfig"
565 574 if [ "$KERNEL_MENUCONFIG" = false ] ; then
566 575 KERNEL_OLDDEFCONFIG=true
567 576 fi
568 577 fi
569 578
570 579 # Execute bootstrap scripts
571 580 for SCRIPT in bootstrap.d/*.sh; do
572 581 head -n 3 "$SCRIPT"
573 582 . "$SCRIPT"
574 583 done
575 584
576 585 ## Execute custom bootstrap scripts
577 586 if [ -d "custom.d" ] ; then
578 587 for SCRIPT in custom.d/*.sh; do
579 588 . "$SCRIPT"
580 589 done
581 590 fi
582 591
583 592 # Execute custom scripts inside the chroot
584 593 if [ -n "$CHROOT_SCRIPTS" ] && [ -d "$CHROOT_SCRIPTS" ] ; then
585 594 cp -r "${CHROOT_SCRIPTS}" "${R}/chroot_scripts"
586 595 chroot_exec /bin/bash -x <<'EOF'
587 596 for SCRIPT in /chroot_scripts/* ; do
588 597 if [ -f $SCRIPT -a -x $SCRIPT ] ; then
589 598 $SCRIPT
590 599 fi
591 600 done
592 601 EOF
593 602 rm -rf "${R}/chroot_scripts"
594 603 fi
595 604
596 605 # Remove c/c++ build environment from the chroot
597 606 chroot_remove_cc
598 607
599 608 # Generate required machine-id
600 609 MACHINE_ID=$(dbus-uuidgen)
601 610 echo -n "${MACHINE_ID}" > "${R}/var/lib/dbus/machine-id"
602 611 echo -n "${MACHINE_ID}" > "${ETC_DIR}/machine-id"
603 612
604 613 # APT Cleanup
605 614 chroot_exec apt-get -y clean
606 615 chroot_exec apt-get -y autoclean
607 616 chroot_exec apt-get -y autoremove
608 617
609 618 # Unmount mounted filesystems
610 619 umount -l "${R}/proc"
611 620 umount -l "${R}/sys"
612 621
613 622 # Clean up directories
614 623 rm -rf "${R}/run/*"
615 624 rm -rf "${R}/tmp/*"
616 625
617 626 # Clean up files
618 627 rm -f "${ETC_DIR}/ssh/ssh_host_*"
619 628 rm -f "${ETC_DIR}/dropbear/dropbear_*"
620 629 rm -f "${ETC_DIR}/apt/sources.list.save"
621 630 rm -f "${ETC_DIR}/resolvconf/resolv.conf.d/original"
622 631 rm -f "${ETC_DIR}/*-"
623 632 rm -f "${ETC_DIR}/apt/apt.conf.d/10proxy"
624 633 rm -f "${ETC_DIR}/resolv.conf"
625 634 rm -f "${R}/root/.bash_history"
626 635 rm -f "${R}/var/lib/urandom/random-seed"
627 636 rm -f "${R}/initrd.img"
628 637 rm -f "${R}/vmlinuz"
629 638 rm -f "${R}${QEMU_BINARY}"
630 639
631 640 if [ "$ENABLE_QEMU" = true ] ; then
632 641 # Setup QEMU directory
633 642 mkdir "${BASEDIR}/qemu"
634 643
635 644 # Copy kernel image to QEMU directory
636 645 install_readonly "${BOOT_DIR}/${KERNEL_IMAGE}" "${BASEDIR}/qemu/${KERNEL_IMAGE}"
637 646
638 647 # Copy kernel config to QEMU directory
639 648 install_readonly "${R}/boot/config-${KERNEL_VERSION}" "${BASEDIR}/qemu/config-${KERNEL_VERSION}"
640 649
641 650 # Copy kernel dtbs to QEMU directory
642 651 for dtb in "${BOOT_DIR}/"*.dtb ; do
643 652 if [ -f "${dtb}" ] ; then
644 653 install_readonly "${dtb}" "${BASEDIR}/qemu/"
645 654 fi
646 655 done
647 656
648 657 # Copy kernel overlays to QEMU directory
649 658 if [ -d "${BOOT_DIR}/overlays" ] ; then
650 659 # Setup overlays dtbs directory
651 660 mkdir "${BASEDIR}/qemu/overlays"
652 661
653 662 for dtb in "${BOOT_DIR}/overlays/"*.dtb ; do
654 663 if [ -f "${dtb}" ] ; then
655 664 install_readonly "${dtb}" "${BASEDIR}/qemu/overlays/"
656 665 fi
657 666 done
658 667 fi
659 668
660 669 # Copy u-boot files to QEMU directory
661 670 if [ "$ENABLE_UBOOT" = true ] ; then
662 671 if [ -f "${BOOT_DIR}/u-boot.bin" ] ; then
663 672 install_readonly "${BOOT_DIR}/u-boot.bin" "${BASEDIR}/qemu/u-boot.bin"
664 673 fi
665 674 if [ -f "${BOOT_DIR}/uboot.mkimage" ] ; then
666 675 install_readonly "${BOOT_DIR}/uboot.mkimage" "${BASEDIR}/qemu/uboot.mkimage"
667 676 fi
668 677 if [ -f "${BOOT_DIR}/boot.scr" ] ; then
669 678 install_readonly "${BOOT_DIR}/boot.scr" "${BASEDIR}/qemu/boot.scr"
670 679 fi
671 680 fi
672 681
673 682 # Copy initramfs to QEMU directory
674 683 if [ -f "${BOOT_DIR}/initramfs-${KERNEL_VERSION}" ] ; then
675 684 install_readonly "${BOOT_DIR}/initramfs-${KERNEL_VERSION}" "${BASEDIR}/qemu/initramfs-${KERNEL_VERSION}"
676 685 fi
677 686 fi
678 687
679 688 # Calculate size of the chroot directory in KB
680 689 CHROOT_SIZE=$(expr "$(du -s "${R}" | awk '{ print $1 }')")
681 690
682 691 # Calculate the amount of needed 512 Byte sectors
683 692 TABLE_SECTORS=$(expr 1 \* 1024 \* 1024 \/ 512)
684 693 FRMW_SECTORS=$(expr 64 \* 1024 \* 1024 \/ 512)
685 694 ROOT_OFFSET=$(expr "${TABLE_SECTORS}" + "${FRMW_SECTORS}")
686 695
687 696 # The root partition is EXT4
688 697 # This means more space than the actual used space of the chroot is used.
689 698 # As overhead for journaling and reserved blocks 35% are added.
690 699 ROOT_SECTORS=$(expr "$(expr "${CHROOT_SIZE}" + "${CHROOT_SIZE}" \/ 100 \* 35)" \* 1024 \/ 512)
691 700
692 701 # Calculate required image size in 512 Byte sectors
693 702 IMAGE_SECTORS=$(expr "${TABLE_SECTORS}" + "${FRMW_SECTORS}" + "${ROOT_SECTORS}")
694 703
695 704 # Prepare image file
696 705 if [ "$ENABLE_SPLITFS" = true ] ; then
697 706 dd if=/dev/zero of="$IMAGE_NAME-frmw.img" bs=512 count="${TABLE_SECTORS}"
698 707 dd if=/dev/zero of="$IMAGE_NAME-frmw.img" bs=512 count=0 seek="${FRMW_SECTORS}"
699 708 dd if=/dev/zero of="$IMAGE_NAME-root.img" bs=512 count="${TABLE_SECTORS}"
700 709 dd if=/dev/zero of="$IMAGE_NAME-root.img" bs=512 count=0 seek="${ROOT_SECTORS}"
701 710
702 711 # Write firmware/boot partition tables
703 712 sfdisk -q -L -uS -f "$IMAGE_NAME-frmw.img" 2> /dev/null <<EOM
704 713 ${TABLE_SECTORS},${FRMW_SECTORS},c,*
705 714 EOM
706 715
707 716 # Write root partition table
708 717 sfdisk -q -L -uS -f "$IMAGE_NAME-root.img" 2> /dev/null <<EOM
709 718 ${TABLE_SECTORS},${ROOT_SECTORS},83
710 719 EOM
711 720
712 721 # Setup temporary loop devices
713 722 FRMW_LOOP="$(losetup -o 1M --sizelimit 64M -f --show "$IMAGE_NAME"-frmw.img)"
714 723 ROOT_LOOP="$(losetup -o 1M -f --show "$IMAGE_NAME"-root.img)"
715 724 else # ENABLE_SPLITFS=false
716 725 dd if=/dev/zero of="$IMAGE_NAME.img" bs=512 count="${TABLE_SECTORS}"
717 726 dd if=/dev/zero of="$IMAGE_NAME.img" bs=512 count=0 seek="${IMAGE_SECTORS}"
718 727
719 728 # Write partition table
720 729 sfdisk -q -L -uS -f "$IMAGE_NAME.img" 2> /dev/null <<EOM
721 730 ${TABLE_SECTORS},${FRMW_SECTORS},c,*
722 731 ${ROOT_OFFSET},${ROOT_SECTORS},83
723 732 EOM
724 733
725 734 # Setup temporary loop devices
726 735 FRMW_LOOP="$(losetup -o 1M --sizelimit 64M -f --show "$IMAGE_NAME".img)"
727 736 ROOT_LOOP="$(losetup -o 65M -f --show "$IMAGE_NAME".img)"
728 737 fi
729 738
730 739 if [ "$ENABLE_CRYPTFS" = true ] ; then
731 740 # Create dummy ext4 fs
732 741 mkfs.ext4 "$ROOT_LOOP"
733 742
734 743 # Setup password keyfile
735 744 touch .password
736 745 chmod 600 .password
737 746 echo -n ${CRYPTFS_PASSWORD} > .password
738 747
739 748 # Initialize encrypted partition
740 749 echo "YES" | cryptsetup luksFormat "${ROOT_LOOP}" -c "${CRYPTFS_CIPHER}" -s "${CRYPTFS_XTSKEYSIZE}" .password
741 750
742 751 # Open encrypted partition and setup mapping
743 752 cryptsetup luksOpen "${ROOT_LOOP}" -d .password "${CRYPTFS_MAPPING}"
744 753
745 754 # Secure delete password keyfile
746 755 shred -zu .password
747 756
748 757 # Update temporary loop device
749 758 ROOT_LOOP="/dev/mapper/${CRYPTFS_MAPPING}"
750 759
751 760 # Wipe encrypted partition (encryption cipher is used for randomness)
752 761 dd if=/dev/zero of="${ROOT_LOOP}" bs=512 count="$(blockdev --getsz "${ROOT_LOOP}")"
753 762 fi
754 763
755 764 # Build filesystems
756 765 mkfs.vfat "$FRMW_LOOP"
757 766 mkfs.ext4 "$ROOT_LOOP"
758 767
759 768 # Mount the temporary loop devices
760 769 mkdir -p "$BUILDDIR/mount"
761 770 mount "$ROOT_LOOP" "$BUILDDIR/mount"
762 771
763 772 mkdir -p "$BUILDDIR/mount/boot/firmware"
764 773 mount "$FRMW_LOOP" "$BUILDDIR/mount/boot/firmware"
765 774
766 775 # Copy all files from the chroot to the loop device mount point directory
767 776 rsync -a "${R}/" "$BUILDDIR/mount/"
768 777
769 778 # Unmount all temporary loop devices and mount points
770 779 cleanup
771 780
772 781 # Create block map file(s) of image(s)
773 782 if [ "$ENABLE_SPLITFS" = true ] ; then
774 783 # Create block map files for "bmaptool"
775 784 bmaptool create -o "$IMAGE_NAME-frmw.bmap" "$IMAGE_NAME-frmw.img"
776 785 bmaptool create -o "$IMAGE_NAME-root.bmap" "$IMAGE_NAME-root.img"
777 786
778 787 # Image was successfully created
779 788 echo "$IMAGE_NAME-frmw.img ($(expr \( "${TABLE_SECTORS}" + "${FRMW_SECTORS}" \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
780 789 echo "$IMAGE_NAME-root.img ($(expr \( "${TABLE_SECTORS}" + "${ROOT_SECTORS}" \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
781 790 else
782 791 # Create block map file for "bmaptool"
783 792 bmaptool create -o "$IMAGE_NAME.bmap" "$IMAGE_NAME.img"
784 793
785 794 # Image was successfully created
786 795 echo "$IMAGE_NAME.img ($(expr \( "${TABLE_SECTORS}" + "${FRMW_SECTORS}" + "${ROOT_SECTORS}" \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
787 796
788 797 # Create qemu qcow2 image
789 798 if [ "$ENABLE_QEMU" = true ] ; then
790 799 QEMU_IMAGE=${QEMU_IMAGE:=${BASEDIR}/qemu/${DATE}-${KERNEL_ARCH}-CURRENT-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}}
791 800 QEMU_SIZE=16G
792 801
793 802 qemu-img convert -f raw -O qcow2 "$IMAGE_NAME".img "$QEMU_IMAGE".qcow2
794 803 qemu-img resize "$QEMU_IMAGE".qcow2 $QEMU_SIZE
795 804
796 805 echo "$QEMU_IMAGE.qcow2 ($QEMU_SIZE)" ": successfully created"
797 806 fi
798 807 fi
General Comments 0
Vous devez vous connecter pour laisser un commentaire. Se connecter maintenant