##// END OF EJS Templates
Raspi2-3_GenImage
RSS

Cloner depuis https://github.com/drtyhlpr/rpi23-gen-image.git

set kernel default governor
Unknown -
r455:7f84c1cfdbfd
parent child
Show More
Show file before | Show file after | Hide comments
@@ -1,525 +1,528
1 1 # rpi23-gen-image
2 2 ## Introduction
3 3 `rpi23-gen-image.sh` is an advanced Debian Linux bootstrapping shell script for generating Debian OS images for Raspberry Pi 2 (RPi2) and Raspberry Pi 3 (RPi3) computers. The script at this time supports the bootstrapping of the Debian (armhf) releases `stretch` and `buster`. Raspberry Pi 3 images are generated for 32-bit mode only. Raspberry Pi 3 64-bit images can be generated using custom configuration parameters (```templates/rpi3-stretch-arm64-4.14.y```).
4 4
5 5 ## Build dependencies
6 6 The following list of Debian packages must be installed on the build system because they are essentially required for the bootstrapping process. The script will check if all required packages are installed and missing packages will be installed automatically if confirmed by the user.
7 7
8 8 ```debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git bc psmisc dbus sudo```
9 9
10 10 It is recommended to configure the `rpi23-gen-image.sh` script to build and install the latest Raspberry Pi Linux kernel. For the RPi3 this is mandatory. Kernel compilation and linking will be performed on the build system using an ARM (armhf) cross-compiler toolchain.
11 11
12 12 The script has been tested using the default `crossbuild-essential-armhf` toolchain meta package on Debian Linux `stretch` build systems. Please check the [Debian CrossToolchains Wiki](https://wiki.debian.org/CrossToolchains) for further information.
13 13
14 14 ## Command-line parameters
15 15 The script accepts certain command-line parameters to enable or disable specific OS features, services and configuration settings. These parameters are passed to the `rpi23-gen-image.sh` script via (simple) shell-variables. Unlike environment shell-variables (simple) shell-variables are defined at the beginning of the command-line call of the `rpi23-gen-image.sh` script.
16 16
17 17 ##### Command-line examples:
18 18 ```shell
19 19 ENABLE_UBOOT=true ./rpi23-gen-image.sh
20 20 ENABLE_CONSOLE=false ENABLE_IPV6=false ./rpi23-gen-image.sh
21 21 ENABLE_WM=xfce4 ENABLE_FBTURBO=true ENABLE_MINBASE=true ./rpi23-gen-image.sh
22 22 ENABLE_HARDNET=true ENABLE_IPTABLES=true /rpi23-gen-image.sh
23 23 APT_SERVER=ftp.de.debian.org APT_PROXY="http://127.0.0.1:3142/" ./rpi23-gen-image.sh
24 24 ENABLE_MINBASE=true ./rpi23-gen-image.sh
25 25 BUILD_KERNEL=true ENABLE_MINBASE=true ENABLE_IPV6=false ./rpi23-gen-image.sh
26 26 BUILD_KERNEL=true KERNELSRC_DIR=/tmp/linux ./rpi23-gen-image.sh
27 27 ENABLE_MINBASE=true ENABLE_REDUCE=true ENABLE_MINGPU=true BUILD_KERNEL=true ./rpi23-gen-image.sh
28 28 ENABLE_CRYPTFS=true CRYPTFS_PASSWORD=changeme EXPANDROOT=false ENABLE_MINBASE=true ENABLE_REDUCE=true ENABLE_MINGPU=true BUILD_KERNEL=true ./rpi23-gen-image.sh
29 29 RELEASE=stretch BUILD_KERNEL=true ./rpi23-gen-image.sh
30 30 RPI_MODEL=3 ENABLE_WIRELESS=true ENABLE_MINBASE=true BUILD_KERNEL=true ./rpi23-gen-image.sh
31 31 RELEASE=stretch RPI_MODEL=3 ENABLE_WIRELESS=true ENABLE_MINBASE=true BUILD_KERNEL=true ./rpi23-gen-image.sh
32 32 ```
33 33
34 34 ## Configuration template files
35 35 To avoid long lists of command-line parameters and to help to store the favourite parameter configurations the `rpi23-gen-image.sh` script supports so called configuration template files (`CONFIG_TEMPLATE`=template). These are simple text files located in the `./templates` directory that contain the list of configuration parameters that will be used. New configuration template files can be added to the `./templates` directory.
36 36
37 37 ##### Command-line examples:
38 38 ```shell
39 39 CONFIG_TEMPLATE=rpi3stretch ./rpi23-gen-image.sh
40 40 CONFIG_TEMPLATE=rpi2stretch ./rpi23-gen-image.sh
41 41 ```
42 42
43 43 ## Supported parameters and settings
44 44 #### APT settings:
45 45 ##### `APT_SERVER`="ftp.debian.org/debian"
46 46 Set Debian packages server address. Choose a server from the list of Debian worldwide [mirror sites](https://www.debian.org/mirror/list). Using a nearby server will probably speed-up all required downloads within the bootstrapping process.
47 47
48 48 ##### `APT_PROXY`=""
49 49 Set Proxy server address. Using a local Proxy-Cache like `apt-cacher-ng` will speed-up the bootstrapping process because all required Debian packages will only be downloaded from the Debian mirror site once. If `apt-cacher-ng` is running on default `http://127.0.0.1:3142` it is autodetected and you don't need to set this.
50 50
51 51 ##### `APT_INCLUDES`=""
52 52 A comma separated list of additional packages to be installed by debootstrap during bootstrapping.
53 53
54 54 ##### `APT_INCLUDES_LATE`=""
55 55 A comma separated list of additional packages to be installed by apt after bootstrapping and after APT sources are set up. This is useful for packages with pre-depends, which debootstrap do not handle well.
56 56
57 57 ---
58 58
59 59 #### General system settings:
60 60 ##### `SET_ARCH`=32
61 61 Set Architecture to default 32bit. If you want to to compile 64bit (RPI3 or RPI3+) set it to `64`. This option will set every needed crosscompiler or boeard specific option for a successful build.
62 62 If you want to change e.g. cross-compiler -> Templates always override defaults
63 63
64 64 ##### `RPI_MODEL`=2
65 65 Specifiy the target Raspberry Pi hardware model. The script at this time supports the following Raspberry Pi models:
66 66 - `0` = Used for Raspberry Pi 0 and Raspberry Pi 0 W
67 67 - `1` = Used for Pi 1 model A and B
68 68 - `1P` = Used for Pi 1 model B+ and A+
69 69 - `2` = Used for Pi 2 model B
70 70 - `3` = Used for Pi 3 model B
71 71 - `3P` = Used for Pi 3 model B+
72 72 - `BUILD_KERNEL`=true will automatically be set if the Raspberry Pi model `3` or `3P` is used.
73 73
74 74 ##### `RELEASE`="buster"
75 75 Set the desired Debian release name. The script at this time supports the bootstrapping of the Debian releases `stretch` and `buster`.
76 76
77 77 ##### `RELEASE_ARCH`="armhf"
78 78 Set the desired Debian release architecture.
79 79
80 80 ##### `HOSTNAME`="rpi$RPI_MODEL-$RELEASE"
81 81 Set system host name. It's recommended that the host name is unique in the corresponding subnet.
82 82
83 83 ##### `PASSWORD`="raspberry"
84 84 Set system `root` password. It's **STRONGLY** recommended that you choose a custom password.
85 85
86 86 ##### `USER_PASSWORD`="raspberry"
87 87 Set password for the created non-root user `USER_NAME`=pi. Ignored if `ENABLE_USER`=false. It's **STRONGLY** recommended that you choose a custom password.
88 88
89 89 ##### `DEFLOCAL`="en_US.UTF-8"
90 90 Set default system locale. This setting can also be changed inside the running OS using the `dpkg-reconfigure locales` command. Please note that on using this parameter the script will automatically install the required packages `locales`, `keyboard-configuration` and `console-setup`.
91 91
92 92 ##### `TIMEZONE`="Europe/Berlin"
93 93 Set default system timezone. All available timezones can be found in the `/usr/share/zoneinfo/` directory. This setting can also be changed inside the running OS using the `dpkg-reconfigure tzdata` command.
94 94
95 95 ##### `EXPANDROOT`=true
96 96 Expand the root partition and filesystem automatically on first boot.
97 97
98 98 ##### `ENABLE_QEMU`=false
99 99 Generate kernel (`vexpress_defconfig`), file system image (`qcow2`) and DTB files that can be used for QEMU full system emulation (`vexpress-A15`). The output files are stored in the `$(pwd)/images/qemu` directory. You can find more information about running the generated image in the QEMU section of this readme file.
100 100
101 101 ---
102 102
103 103 #### Keyboard settings:
104 104 These options are used to configure keyboard layout in `/etc/default/keyboard` for console and Xorg. These settings can also be changed inside the running OS using the `dpkg-reconfigure keyboard-configuration` command.
105 105
106 106 ##### `XKB_MODEL`=""
107 107 Set the name of the model of your keyboard type.
108 108
109 109 ##### `XKB_LAYOUT`=""
110 110 Set the supported keyboard layout(s).
111 111
112 112 ##### `XKB_VARIANT`=""
113 113 Set the supported variant(s) of the keyboard layout(s).
114 114
115 115 ##### `XKB_OPTIONS`=""
116 116 Set extra xkb configuration options.
117 117
118 118 ---
119 119
120 120 #### Networking settings (DHCP):
121 121 This parameter is used to set up networking auto configuration in `/etc/systemd/network/eth.network`. The default location of network configuration files in the Debian `stretch` release was changed to `/lib/systemd/network`.`
122 122
123 123 ##### `ENABLE_DHCP`=true
124 124 Set the system to use DHCP. This requires an DHCP server.
125 125
126 126 ---
127 127
128 128 #### Networking settings (static):
129 129 These parameters are used to set up a static networking configuration in `/etc/systemd/network/eth.network`. The following static networking parameters are only supported if `ENABLE_DHCP` was set to `false`. The default location of network configuration files in the Debian `stretch` release was changed to `/lib/systemd/network`.
130 130
131 131 ##### `NET_ADDRESS`=""
132 132 Set a static IPv4 or IPv6 address and its prefix, separated by "/", eg. "192.169.0.3/24".
133 133
134 134 ##### `NET_GATEWAY`=""
135 135 Set the IP address for the default gateway.
136 136
137 137 ##### `NET_DNS_1`=""
138 138 Set the IP address for the first DNS server.
139 139
140 140 ##### `NET_DNS_2`=""
141 141 Set the IP address for the second DNS server.
142 142
143 143 ##### `NET_DNS_DOMAINS`=""
144 144 Set the default DNS search domains to use for non fully qualified host names.
145 145
146 146 ##### `NET_NTP_1`=""
147 147 Set the IP address for the first NTP server.
148 148
149 149 ##### `NET_NTP_2`=""
150 150 Set the IP address for the second NTP server.
151 151
152 152 ---
153 153
154 154 #### Basic system features:
155 155 ##### `ENABLE_CONSOLE`=true
156 156 Enable serial console interface. Recommended if no monitor or keyboard is connected to the RPi2/3. In case of problems fe. if the network (auto) configuration failed - the serial console can be used to access the system. On RPI `0` `3` `3P` the CPU speed is locked at lowest speed.
157 157
158 158 ##### `ENABLE_PRINTK`=false
159 159 Enables printing kernel messages to konsole. printk is `3 4 1 3` as in raspbian.
160 160
161 161 ##### `ENABLE_BLUETOOTH`=false
162 162 Enable onboard Bluetooth interface on the RPi0/3/3P. See: https://spellfoundry.com/2016/05/29/configuring-gpio-serial-port-raspbian-jessie-including-pi-3/
163 163
164 164 ##### `ENABLE_MINIUART_OVERLAY`=false
165 165 Enable Bluetooth to use this. Adds overlay to swap UART0 with UART1. Enabling (slower) Bluetooth and full speed serial console. - RPI `0` `3` `3P` have a fast `hardware UART0` (ttyAMA0) and a `mini UART1` (ttyS0)! RPI `1` `1P` `2` only have a `hardware UART0`. `UART0` is considered better, because is faster and more stable than `mini UART1`. By default the Bluetooth modem is mapped to the `hardware UART0` and `mini UART` is used for console. The `mini UART` is a problem for the serial console, because its baudrate depends on the cpu frequency, which is changing on runtime. Resulting in a volatile baudrate and thus in an unusable serial console.
166 166
167 167 ##### `ENABLE_TURBO`=false
168 168 Enable Turbo mode. This setting locks cpu at highest frequency. As setting ENABLE_CONSOLE=true locks RPI to lowest CPU speed, this is can be used additionally to lock cpu hat max speed. Need a good power supply and probably cooling for the Raspberry PI.
169 169
170 170 ##### `ENABLE_I2C`=false
171 171 Enable I2C interface on the RPi2/3. Please check the [RPi2/3 pinout diagrams](https://elinux.org/RPi_Low-level_peripherals) to connect the right GPIO pins.
172 172
173 173 ##### `ENABLE_SPI`=false
174 174 Enable SPI interface on the RPi2/3. Please check the [RPi2/3 pinout diagrams](https://elinux.org/RPi_Low-level_peripherals) to connect the right GPIO pins.
175 175
176 176 ##### `ENABLE_IPV6`=true
177 177 Enable IPv6 support. The network interface configuration is managed via systemd-networkd.
178 178
179 179 ##### `ENABLE_SSHD`=true
180 180 Install and enable OpenSSH service. The default configuration of the service doesn't allow `root` to login. Please use the user `pi` instead and `su -` or `sudo` to execute commands as root.
181 181
182 182 ##### `ENABLE_NONFREE`=false
183 183 Allow the installation of non-free Debian packages that do not comply with the DFSG. This is required to install closed-source firmware binary blobs.
184 184
185 185 ##### `ENABLE_WIRELESS`=false
186 186 Download and install the [closed-source firmware binary blob](https://github.com/RPi-Distro/firmware-nonfree/raw/master/brcm) that is required to run the internal wireless interface of the Raspberry Pi model `3`. This parameter is ignored if the specified `RPI_MODEL` is not `3`.
187 187
188 188 ##### `ENABLE_RSYSLOG`=true
189 189 If set to false, disable and uninstall rsyslog (so logs will be available only in journal files)
190 190
191 191 ##### `ENABLE_SOUND`=true
192 192 Enable sound hardware and install Advanced Linux Sound Architecture.
193 193
194 194 ##### `ENABLE_HWRANDOM`=true
195 195 Enable Hardware Random Number Generator. Strong random numbers are important for most network based communications that use encryption. It's recommended to be enabled.
196 196
197 197 ##### `ENABLE_MINGPU`=false
198 198 Minimize the amount of shared memory reserved for the GPU. It doesn't seem to be possible to fully disable the GPU.
199 199
200 200 ##### `ENABLE_DBUS`=true
201 201 Install and enable D-Bus message bus. Please note that systemd should work without D-bus but it's recommended to be enabled.
202 202
203 203 ##### `ENABLE_XORG`=false
204 204 Install Xorg open-source X Window System.
205 205
206 206 ##### `ENABLE_WM`=""
207 207 Install a user defined window manager for the X Window System. To make sure all X related package dependencies are getting installed `ENABLE_XORG` will automatically get enabled if `ENABLE_WM` is used. The `rpi23-gen-image.sh` script has been tested with the following list of window managers: `blackbox`, `openbox`, `fluxbox`, `jwm`, `dwm`, `xfce4`, `awesome`.
208 208
209 209 ##### `ENABLE_SYSVINIT`=false
210 210 Support for halt,init,poweroff,reboot,runlevel,shutdown,telinit commands
211 211
212 212 ---
213 213
214 214 #### Advanced system features:
215 215 ##### `ENABLE_MINBASE`=false
216 216 Use debootstrap script variant `minbase` which only includes essential packages and apt. This will reduce the disk usage by about 65 MB.
217 217
218 218 ##### `ENABLE_REDUCE`=false
219 219 Reduce the disk space usage by deleting packages and files. See `REDUCE_*` parameters for detailed information.
220 220
221 221 ##### `ENABLE_UBOOT`=false
222 222 Replace the default RPi2/3 second stage bootloader (bootcode.bin) with [U-Boot bootloader](https://git.denx.de/?p=u-boot.git;a=summary). U-Boot can boot images via the network using the BOOTP/TFTP protocol.
223 223
224 224 ##### `UBOOTSRC_DIR`=""
225 225 Path to a directory (`u-boot`) of [U-Boot bootloader sources](https://git.denx.de/?p=u-boot.git;a=summary) that will be copied, configured, build and installed inside the chroot.
226 226
227 227 ##### `ENABLE_FBTURBO`=false
228 228 Install and enable the [hardware accelerated Xorg video driver](https://github.com/ssvb/xf86-video-fbturbo) `fbturbo`. Please note that this driver is currently limited to hardware accelerated window moving and scrolling.
229 229
230 230 ##### `FBTURBOSRC_DIR`=""
231 231 Path to a directory (`xf86-video-fbturbo`) of [hardware accelerated Xorg video driver sources](https://github.com/ssvb/xf86-video-fbturbo) that will be copied, configured, build and installed inside the chroot.
232 232
233 233 ##### `ENABLE_VIDEOCORE`=false
234 234 Install and enable the [Source code for ARM side libraries for interfacing to Raspberry Pi GPU](https://github.com/raspberrypi/userland) `vcgencmd`. Please note that this driver is currently limited to hardware accelerated window moving and scrolling.
235 235
236 236 ##### `VIDEOCORESRC_DIR`=""
237 237 Path to a directory (`userland`) of [Source code for a C-based firmware patching framework for Broadcom/Cypress WiFi chips that enables you to write your own firmware patches, for example, to enable monitor mode with radiotap headers and frame injection](https://github.com/seemoo-lab/nexmon.git) that will be copied, configured, build and installed inside the chroot.
238 238
239 239 ##### `ENABLE_NEXMON`=false
240 240 Install and enable the [Source code for a C-based firmware patching framework for Broadcom/Cypress WiFi chips that enables you to write your own firmware patches, for example, to enable monitor mode with radiotap headers and frame injection](https://github.com/seemoo-lab/nexmon.git).
241 241
242 242 ##### `NEXMON_DIR`=""
243 243 Path to a directory (`nexmon`) of [Source code for ARM side libraries for interfacing to Raspberry Pi GPU](https://github.com/raspberrypi/userland) that will be copied, configured, build and installed inside the chroot.
244 244
245 245 ##### `ENABLE_IPTABLES`=false
246 246 Enable iptables IPv4/IPv6 firewall. Simplified ruleset: Allow all outgoing connections. Block all incoming connections except to OpenSSH service.
247 247
248 248 ##### `ENABLE_USER`=true
249 249 Create non-root user with password `USER_PASSWORD`=raspberry. Unless overridden with `USER_NAME`=user, username will be `pi`.
250 250
251 251 ##### `USER_NAME`=pi
252 252 Non-root user to create. Ignored if `ENABLE_USER`=false
253 253
254 254 ##### `ENABLE_ROOT`=false
255 255 Set root user password so root login will be enabled
256 256
257 257 ##### `ENABLE_HARDNET`=false
258 258 Enable IPv4/IPv6 network stack hardening settings.
259 259
260 260 ##### `ENABLE_SPLITFS`=false
261 261 Enable having root partition on an USB drive by creating two image files: one for the `/boot/firmware` mount point, and another for `/`.
262 262
263 263 ##### `CHROOT_SCRIPTS`=""
264 264 Path to a directory with scripts that should be run in the chroot before the image is finally built. Every executable file in this directory is run in lexicographical order.
265 265
266 266 ##### `ENABLE_INITRAMFS`=false
267 267 Create an initramfs that that will be loaded during the Linux startup process. `ENABLE_INITRAMFS` will automatically get enabled if `ENABLE_CRYPTFS`=true. This parameter will be ignored if `BUILD_KERNEL`=false.
268 268
269 269 ##### `ENABLE_IFNAMES`=true
270 270 Enable automatic assignment of predictable, stable network interface names for all local Ethernet, WLAN interfaces. This might create complex and long interface names.
271 271
272 272 ##### `DISABLE_UNDERVOLT_WARNINGS`=
273 273 Disable RPi2/3 under-voltage warnings and overlays. Setting the parameter to `1` will disable the warning overlay. Setting it to `2` will additionally allow RPi2/3 turbo mode when low-voltage is present.
274 274
275 275 ---
276 276
277 277 #### SSH settings:
278 278 ##### `SSH_ENABLE_ROOT`=false
279 279 Enable password root login via SSH. This may be a security risk with default password, use only in trusted environments. `ENABLE_ROOT` must be set to `true`.
280 280
281 281 ##### `SSH_DISABLE_PASSWORD_AUTH`=false
282 282 Disable password based SSH authentication. Only public key based SSH (v2) authentication will be supported.
283 283
284 284 ##### `SSH_LIMIT_USERS`=false
285 285 Limit the users that are allowed to login via SSH. Only allow user `USER_NAME`=pi and root if `SSH_ENABLE_ROOT`=true to login. This parameter will be ignored if `dropbear` SSH is used (`REDUCE_SSHD`=true).
286 286
287 287 ##### `SSH_ROOT_PUB_KEY`=""
288 288 Add SSH (v2) public key(s) from specified file to `authorized_keys` file to enable public key based SSH (v2) authentication of user `root`. The specified file can also contain multiple SSH (v2) public keys. SSH protocol version 1 is not supported. `ENABLE_ROOT` **and** `SSH_ENABLE_ROOT` must be set to `true`.
289 289
290 290 ##### `SSH_USER_PUB_KEY`=""
291 291 Add SSH (v2) public key(s) from specified file to `authorized_keys` file to enable public key based SSH (v2) authentication of user `USER_NAME`=pi. The specified file can also contain multiple SSH (v2) public keys. SSH protocol version 1 is not supported.
292 292
293 293 ---
294 294
295 295 #### Kernel compilation:
296 296 ##### `BUILD_KERNEL`=true
297 297 Build and install the latest RPi2/3 Linux kernel. Currently only the default RPi2/3 kernel configuration is used.
298 298
299 299 ##### `CROSS_COMPILE`="arm-linux-gnueabihf-"
300 300 This sets the cross compile enviornment for the compiler.
301 301
302 302 ##### `KERNEL_ARCH`="arm"
303 303 This sets the kernel architecture for the compiler.
304 304
305 305 ##### `KERNEL_IMAGE`="kernel7.img"
306 306 Name of the image file in the boot partition. If not set, `KERNEL_IMAGE` will be set to "kernel8.img" automatically if building for arm64.
307 307
308 308 ##### `KERNEL_BRANCH`=""
309 309 Name of the requested branch from the GIT location for the RPi Kernel. Default is using the current default branch from the GIT site.
310 310
311 311 ##### `QEMU_BINARY`="/usr/bin/qemu-arm-static"
312 312 Sets the QEMU enviornment for the Debian archive. If not set, `QEMU_BINARY` will be set to "/usr/bin/qemu-aarch64-static" automatically if building for arm64.
313 313
314 314 ##### `KERNEL_DEFCONFIG`="bcm2709_defconfig"
315 315 Sets the default config for kernel compiling. If not set, `KERNEL_DEFCONFIG` will be set to "bcmrpi3\_defconfig" automatically if building for arm64.
316 316
317 317 ##### `KERNEL_REDUCE`=false
318 318 Reduce the size of the generated kernel by removing unwanted device, network and filesystem drivers (experimental).
319 319
320 320 ##### `KERNEL_THREADS`=1
321 321 Number of parallel kernel building threads. If the parameter is left untouched the script will automatically determine the number of CPU cores to set the number of parallel threads to speed the kernel compilation.
322 322
323 323 ##### `KERNEL_HEADERS`=true
324 324 Install kernel headers with built kernel.
325 325
326 326 ##### `KERNEL_MENUCONFIG`=false
327 327 Start `make menuconfig` interactive menu-driven kernel configuration. The script will continue after `make menuconfig` was terminated.
328 328
329 329 ##### `KERNEL_OLDDEFCONFIG`=false
330 330 Run `make olddefconfig` to automatically set all new kernel configuration options to their recommended default values.
331 331
332 332 ##### `KERNEL_CCACHE`=false
333 333 Compile the kernel using ccache. This speeds up kernel recompilation by caching previous compilations and detecting when the same compilation is being done again.
334 334
335 335 ##### `KERNEL_REMOVESRC`=true
336 336 Remove all kernel sources from the generated OS image after it was built and installed.
337 337
338 338 ##### `KERNELSRC_DIR`=""
339 339 Path to a directory (`linux`) of [RaspberryPi Linux kernel sources](https://github.com/raspberrypi/linux) that will be copied, configured, build and installed inside the chroot.
340 340
341 341 ##### `KERNELSRC_CLEAN`=false
342 342 Clean the existing kernel sources directory `KERNELSRC_DIR` (using `make mrproper`) after it was copied to the chroot and before the compilation of the kernel has started. This parameter will be ignored if no `KERNELSRC_DIR` was specified or if `KERNELSRC_PREBUILT`=true.
343 343
344 344 ##### `KERNELSRC_CONFIG`=true
345 345 Run `make bcm2709_defconfig` (and optional `make menuconfig`) to configure the kernel sources before building. This parameter is automatically set to `true` if no existing kernel sources directory was specified using `KERNELSRC_DIR`. This parameter is ignored if `KERNELSRC_PREBUILT`=true.
346 346
347 347 ##### `KERNELSRC_USRCONFIG`=""
348 348 Copy own config file to kernel `.config`. If `KERNEL_MENUCONFIG`=true then running after copy.
349 349
350 350 ##### `KERNELSRC_PREBUILT`=false
351 351 With this parameter set to true the script expects the existing kernel sources directory to be already successfully cross-compiled. The parameters `KERNELSRC_CLEAN`, `KERNELSRC_CONFIG`, `KERNELSRC_USRCONFIG` and `KERNEL_MENUCONFIG` are ignored and no kernel compilation tasks are performed.
352 352
353 353 ##### `RPI_FIRMWARE_DIR`=""
354 354 The directory (`firmware`) containing a local copy of the firmware from the [RaspberryPi firmware project](https://github.com/raspberrypi/firmware). Default is to download the latest firmware directly from the project.
355 355
356 ##### `KERNEL_DEFAULT_GOV`="ONDEMAND"
357 Set the default cpu governor at kernel compilation. Supported values are: PERFORMANCE POWERSAVE USERSPACE ONDEMAND CONSERVATIVE SCHEDUTIL
358
356 359 ##### `KERNEL_NF`=false
357 360 Enable Netfilter modules as kernel modules
358 361
359 362 ##### `KERNEL_VIRT`=false
360 363 Enable Kernel KVM support (/dev/kvm)
361 364
362 365 ##### `KERNEL_ZSWAP`=false
363 366 Enable Kernel Zswap support. Best use on high RAM load and mediocre CPU load usecases
364 367
365 368 ##### `KERNEL_BPF`=true
366 369 Allow attaching eBPF programs to a cgroup using the bpf syscall (CONFIG_BPF_SYSCALL CONFIG_CGROUP_BPF) [systemd compilations about it - File /lib/systemd/system/systemd-journald.server:36 configures an IP firewall (IPAddressDeny=all), but the local system does not support BPF/cgroup based firewalls]
367 370
368 371 ---
369 372
370 373 #### Reduce disk usage:
371 374 The following list of parameters is ignored if `ENABLE_REDUCE`=false.
372 375
373 376 ##### `REDUCE_APT`=true
374 377 Configure APT to use compressed package repository lists and no package caching files.
375 378
376 379 ##### `REDUCE_DOC`=true
377 380 Remove all doc files (harsh). Configure APT to not include doc files on future `apt-get` package installations.
378 381
379 382 ##### `REDUCE_MAN`=true
380 383 Remove all man pages and info files (harsh). Configure APT to not include man pages on future `apt-get` package installations.
381 384
382 385 ##### `REDUCE_VIM`=false
383 386 Replace `vim-tiny` package by `levee` a tiny vim clone.
384 387
385 388 ##### `REDUCE_BASH`=false
386 389 Remove `bash` package and switch to `dash` shell (experimental).
387 390
388 391 ##### `REDUCE_HWDB`=true
389 392 Remove PCI related hwdb files (experimental).
390 393
391 394 ##### `REDUCE_SSHD`=true
392 395 Replace `openssh-server` with `dropbear`.
393 396
394 397 ##### `REDUCE_LOCALE`=true
395 398 Remove all `locale` translation files.
396 399
397 400 ---
398 401
399 402 #### Encrypted root partition:
400 403 ##### `ENABLE_CRYPTFS`=false
401 404 Enable full system encryption with dm-crypt. Setup a fully LUKS encrypted root partition (aes-xts-plain64:sha512) and generate required initramfs. The /boot directory will not be encrypted. This parameter will be ignored if `BUILD_KERNEL`=false. `ENABLE_CRYPTFS` is experimental. SSH-to-initramfs is currently not supported but will be soon - feel free to help.
402 405
403 406 ##### `CRYPTFS_PASSWORD`=""
404 407 Set password of the encrypted root partition. This parameter is mandatory if `ENABLE_CRYPTFS`=true.
405 408
406 409 ##### `CRYPTFS_MAPPING`="secure"
407 410 Set name of dm-crypt managed device-mapper mapping.
408 411
409 412 ##### `CRYPTFS_CIPHER`="aes-xts-plain64:sha512"
410 413 Set cipher specification string. `aes-xts*` ciphers are strongly recommended.
411 414
412 415 ##### `CRYPTFS_XTSKEYSIZE`=512
413 416 Sets key size in bits. The argument has to be a multiple of 8.
414 417
415 418 ##### `CRYPTFS_DROPBEAR`=false
416 419 Enable Dropbear Initramfs support
417 420
418 421 ##### `CRYPTFS_DROPBEAR_PUBKEY`=""
419 422 Provide path to dropbear Public RSA-OpenSSH Key
420 423
421 424 ---
422 425
423 426 #### Build settings:
424 427 ##### `BASEDIR`=$(pwd)/images/${RELEASE}
425 428 Set a path to a working directory used by the script to generate an image.
426 429
427 430 ##### `IMAGE_NAME`=${BASEDIR}/${DATE}-${KERNEL_ARCH}-${KERNEL_BRANCH}-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}
428 431 Set a filename for the output file(s). Note: the script will create $IMAGE_NAME.img if `ENABLE_SPLITFS`=false or $IMAGE_NAME-frmw.img and $IMAGE_NAME-root.img if `ENABLE_SPLITFS`=true. Note 2: If the KERNEL_BRANCH is not set, the word "CURRENT" is used.
429 432
430 433 ## Understanding the script
431 434 The functions of this script that are required for the different stages of the bootstrapping are split up into single files located inside the `bootstrap.d` directory. During the bootstrapping every script in this directory gets executed in lexicographical order:
432 435
433 436 | Script | Description |
434 437 | --- | --- |
435 438 | `10-bootstrap.sh` | Debootstrap basic system |
436 439 | `11-apt.sh` | Setup APT repositories |
437 440 | `12-locale.sh` | Setup Locales and keyboard settings |
438 441 | `13-kernel.sh` | Build and install RPi2/3 Kernel |
439 442 | `14-fstab.sh` | Setup fstab and initramfs |
440 443 | `15-rpi-config.sh` | Setup RPi2/3 config and cmdline |
441 444 | `20-networking.sh` | Setup Networking |
442 445 | `21-firewall.sh` | Setup Firewall |
443 446 | `30-security.sh` | Setup Users and Security settings |
444 447 | `31-logging.sh` | Setup Logging |
445 448 | `32-sshd.sh` | Setup SSH and public keys |
446 449 | `41-uboot.sh` | Build and Setup U-Boot |
447 450 | `42-fbturbo.sh` | Build and Setup fbturbo Xorg driver |
448 451 | `50-firstboot.sh` | First boot actions |
449 452 | `99-reduce.sh` | Reduce the disk space usage |
450 453
451 454 All the required configuration files that will be copied to the generated OS image are located inside the `files` directory. It is not recommended to modify these configuration files manually.
452 455
453 456 | Directory | Description |
454 457 | --- | --- |
455 458 | `apt` | APT management configuration files |
456 459 | `boot` | Boot and RPi2/3 configuration files |
457 460 | `dpkg` | Package Manager configuration |
458 461 | `etc` | Configuration files and rc scripts |
459 462 | `firstboot` | Scripts that get executed on first boot |
460 463 | `initramfs` | Initramfs scripts |
461 464 | `iptables` | Firewall configuration files |
462 465 | `locales` | Locales configuration |
463 466 | `modules` | Kernel Modules configuration |
464 467 | `mount` | Fstab configuration |
465 468 | `network` | Networking configuration files |
466 469 | `sysctl.d` | Swapping and Network Hardening configuration |
467 470 | `xorg` | fbturbo Xorg driver configuration |
468 471
469 472 ## Custom packages and scripts
470 473 Debian custom packages, i.e. those not in the debian repositories, can be installed by placing them in the `packages` directory. They are installed immediately after packages from the repositories are installed. Any dependencies listed in the custom packages will be downloaded automatically from the repositories. Do not list these custom packages in `APT_INCLUDES`.
471 474
472 475 Scripts in the custom.d directory will be executed after all other installation is complete but before the image is created.
473 476
474 477 ## Logging of the bootstrapping process
475 478 All information related to the bootstrapping process and the commands executed by the `rpi23-gen-image.sh` script can easily be saved into a logfile. The common shell command `script` can be used for this purpose:
476 479
477 480 ```shell
478 481 script -c 'APT_SERVER=ftp.de.debian.org ./rpi23-gen-image.sh' ./build.log
479 482 ```
480 483
481 484 ## Flashing the image file
482 485 After the image file was successfully created by the `rpi23-gen-image.sh` script it can be copied to the microSD card that will be used by the RPi2/3 computer. This can be performed by using the tools `bmaptool` or `dd`. Using `bmaptool` will probably speed-up the copy process because `bmaptool` copies more wisely than `dd`.
483 486
484 487 ##### Flashing examples:
485 488 ```shell
486 489 bmaptool copy ./images/buster/2017-01-23-rpi3-buster.img /dev/mmcblk0
487 490 dd bs=4M if=./images/buster/2017-01-23-rpi3-buster.img of=/dev/mmcblk0
488 491 ```
489 492 If you have set `ENABLE_SPLITFS`, copy the `-frmw` image on the microSD card, then the `-root` one on the USB drive:
490 493 ```shell
491 494 bmaptool copy ./images/buster/2017-01-23-rpi3-buster-frmw.img /dev/mmcblk0
492 495 bmaptool copy ./images/buster/2017-01-23-rpi3-buster-root.img /dev/sdc
493 496 ```
494 497
495 498 ## QEMU emulation
496 499 Start QEMU full system emulation:
497 500 ```shell
498 501 qemu-system-arm -m 2048M -M vexpress-a15 -cpu cortex-a15 -kernel kernel7.img -no-reboot -dtb vexpress-v2p-ca15_a7.dtb -sd ${IMAGE_NAME}.qcow2 -append "root=/dev/mmcblk0p2 rw rootfstype=ext4 console=tty1"
499 502 ```
500 503
501 504 Start QEMU full system emulation and output to console:
502 505 ```shell
503 506 qemu-system-arm -m 2048M -M vexpress-a15 -cpu cortex-a15 -kernel kernel7.img -no-reboot -dtb vexpress-v2p-ca15_a7.dtb -sd ${IMAGE_NAME}.qcow2 -append "root=/dev/mmcblk0p2 rw rootfstype=ext4 console=ttyAMA0,115200 init=/bin/systemd" -serial stdio
504 507 ```
505 508
506 509 Start QEMU full system emulation with SMP and output to console:
507 510 ```shell
508 511 qemu-system-arm -m 2048M -M vexpress-a15 -cpu cortex-a15 -smp cpus=2,maxcpus=2 -kernel kernel7.img -no-reboot -dtb vexpress-v2p-ca15_a7.dtb -sd ${IMAGE_NAME}.qcow2 -append "root=/dev/mmcblk0p2 rw rootfstype=ext4 console=ttyAMA0,115200 init=/bin/systemd" -serial stdio
509 512 ```
510 513
511 514 Start QEMU full system emulation with cryptfs, initramfs and output to console:
512 515 ```shell
513 516 qemu-system-arm -m 2048M -M vexpress-a15 -cpu cortex-a15 -kernel kernel7.img -no-reboot -dtb vexpress-v2p-ca15_a7.dtb -sd ${IMAGE_NAME}.qcow2 -initrd "initramfs-${KERNEL_VERSION}" -append "root=/dev/mapper/secure cryptdevice=/dev/mmcblk0p2:secure rw rootfstype=ext4 console=ttyAMA0,115200 init=/bin/systemd" -serial stdio
514 517 ```
515 518
516 519 ## External links and references
517 520 * [Debian worldwide mirror sites](https://www.debian.org/mirror/list)
518 521 * [Debian Raspberry Pi 2 Wiki](https://wiki.debian.org/RaspberryPi2)
519 522 * [Debian CrossToolchains Wiki](https://wiki.debian.org/CrossToolchains)
520 523 * [Official Raspberry Pi Firmware on github](https://github.com/raspberrypi/firmware)
521 524 * [Official Raspberry Pi Kernel on github](https://github.com/raspberrypi/linux)
522 525 * [U-BOOT git repository](https://git.denx.de/?p=u-boot.git;a=summary)
523 526 * [Xorg DDX driver fbturbo](https://github.com/ssvb/xf86-video-fbturbo)
524 527 * [RPi3 Wireless interface firmware](https://github.com/RPi-Distro/firmware-nonfree/tree/master/brcm80211/brcm)
525 528 * [Collabora RPi2 Kernel precompiled](https://repositories.collabora.co.uk/debian/)
Show file before | Show file after | Hide comments
@@ -1,400 +1,432
1 1 #
2 2 # Build and Setup RPi2/3 Kernel
3 3 #
4 4
5 5 # Load utility functions
6 6 . ./functions.sh
7 7
8 8 # Fetch and build latest raspberry kernel
9 9 if [ "$BUILD_KERNEL" = true ] ; then
10 10 # Setup source directory
11 11 mkdir -p "${KERNEL_DIR}"
12 12
13 13 # Copy existing kernel sources into chroot directory
14 14 if [ -n "$KERNELSRC_DIR" ] && [ -d "$KERNELSRC_DIR" ] ; then
15 15 # Copy kernel sources and include hidden files
16 16 cp -r "${KERNELSRC_DIR}/". "${KERNEL_DIR}"
17 17
18 18 # Clean the kernel sources
19 19 if [ "$KERNELSRC_CLEAN" = true ] && [ "$KERNELSRC_PREBUILT" = false ] ; then
20 20 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" mrproper
21 21 fi
22 22 else # KERNELSRC_DIR=""
23 23 # Create temporary directory for kernel sources
24 24 temp_dir=$(as_nobody mktemp -d)
25 25
26 26 # Fetch current RPi2/3 kernel sources
27 27 if [ -z "${KERNEL_BRANCH}" ] ; then
28 28 as_nobody -H git -C "${temp_dir}" clone --depth=1 "${KERNEL_URL}" linux
29 29 else
30 30 as_nobody -H git -C "${temp_dir}" clone --depth=1 --branch "${KERNEL_BRANCH}" "${KERNEL_URL}" linux
31 31 fi
32 32
33 33 # Copy downloaded kernel sources
34 34 cp -r "${temp_dir}/linux/"* "${KERNEL_DIR}"
35 35
36 36 # Remove temporary directory for kernel sources
37 37 rm -fr "${temp_dir}"
38 38
39 39 # Set permissions of the kernel sources
40 40 chown -R root:root "${R}/usr/src"
41 41 fi
42 42
43 43 # Calculate optimal number of kernel building threads
44 44 if [ "$KERNEL_THREADS" = "1" ] && [ -r /proc/cpuinfo ] ; then
45 45 KERNEL_THREADS=$(grep -c processor /proc/cpuinfo)
46 46 fi
47 47
48 48 # Configure and build kernel
49 49 if [ "$KERNELSRC_PREBUILT" = false ] ; then
50 50 # Remove device, network and filesystem drivers from kernel configuration
51 51 if [ "$KERNEL_REDUCE" = true ] ; then
52 52 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" "${KERNEL_DEFCONFIG}"
53 53 sed -i\
54 54 -e "s/\(^CONFIG_SND.*\=\).*/\1n/"\
55 55 -e "s/\(^CONFIG_SOUND.*\=\).*/\1n/"\
56 56 -e "s/\(^CONFIG_AC97.*\=\).*/\1n/"\
57 57 -e "s/\(^CONFIG_VIDEO_.*\=\).*/\1n/"\
58 58 -e "s/\(^CONFIG_MEDIA_TUNER.*\=\).*/\1n/"\
59 59 -e "s/\(^CONFIG_DVB.*\=\)[ym]/\1n/"\
60 60 -e "s/\(^CONFIG_REISERFS.*\=\).*/\1n/"\
61 61 -e "s/\(^CONFIG_JFS.*\=\).*/\1n/"\
62 62 -e "s/\(^CONFIG_XFS.*\=\).*/\1n/"\
63 63 -e "s/\(^CONFIG_GFS2.*\=\).*/\1n/"\
64 64 -e "s/\(^CONFIG_OCFS2.*\=\).*/\1n/"\
65 65 -e "s/\(^CONFIG_BTRFS.*\=\).*/\1n/"\
66 66 -e "s/\(^CONFIG_HFS.*\=\).*/\1n/"\
67 67 -e "s/\(^CONFIG_JFFS2.*\=\)[ym]/\1n/"\
68 68 -e "s/\(^CONFIG_UBIFS.*\=\).*/\1n/"\
69 69 -e "s/\(^CONFIG_SQUASHFS.*\=\)[ym]/\1n/"\
70 70 -e "s/\(^CONFIG_W1.*\=\)[ym]/\1n/"\
71 71 -e "s/\(^CONFIG_HAMRADIO.*\=\).*/\1n/"\
72 72 -e "s/\(^CONFIG_CAN.*\=\).*/\1n/"\
73 73 -e "s/\(^CONFIG_IRDA.*\=\).*/\1n/"\
74 74 -e "s/\(^CONFIG_BT_.*\=\).*/\1n/"\
75 75 -e "s/\(^CONFIG_WIMAX.*\=\)[ym]/\1n/"\
76 76 -e "s/\(^CONFIG_6LOWPAN.*\=\).*/\1n/"\
77 77 -e "s/\(^CONFIG_IEEE802154.*\=\).*/\1n/"\
78 78 -e "s/\(^CONFIG_NFC.*\=\).*/\1n/"\
79 79 -e "s/\(^CONFIG_FB_TFT=.*\=\).*/\1n/"\
80 80 -e "s/\(^CONFIG_TOUCHSCREEN.*\=\).*/\1n/"\
81 81 -e "s/\(^CONFIG_USB_GSPCA_.*\=\).*/\1n/"\
82 82 -e "s/\(^CONFIG_DRM.*\=\).*/\1n/"\
83 83 "${KERNEL_DIR}/.config"
84 84 fi
85 85
86 86 if [ "$KERNELSRC_CONFIG" = true ] ; then
87 87 # Load default raspberry kernel configuration
88 88 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" "${KERNEL_DEFCONFIG}"
89 89
90 90 #Switch to KERNELSRC_DIR so we can use set_kernel_config
91 91 cd "${KERNEL_DIR}"
92 92
93 93 # enable ZSWAP see https://askubuntu.com/a/472227 or https://wiki.archlinux.org/index.php/zswap
94 94 if [ "$KERNEL_ZSWAP" = true ] && { [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; } ; then
95 95 set_kernel_config ZPOOL y
96 96 set_kernel_config ZSWAP y
97 97 set_kernel_config ZBUD y
98 98 set_kernel_config Z3FOLD y
99 99 set_kernel_config ZSMALLOC y
100 100 set_kernel_config PGTABLE_MAPPING y
101 101 fi
102 102
103 103 # enable basic KVM support; see https://www.raspberrypi.org/forums/viewtopic.php?f=63&t=210546&start=25#p1300453
104 104 if [ "$KERNEL_VIRT" = true ] && { [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; } ; then
105 105 set_kernel_config VIRTUALIZATION y
106 106 set_kernel_config KVM y
107 107 set_kernel_config VHOST_NET m
108 108 set_kernel_config VHOST_CROSS_ENDIAN_LEGACY y
109 109 fi
110 110
111 111 # Netfilter kernel support See https://github.com/raspberrypi/linux/issues/2177#issuecomment-354647406
112 112 if [ "$KERNEL_NF" = true ] && { [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; } ; then
113 113 set_kernel_config CONFIG_NETFILTER_XTABLES m
114 114 set_kernel_config CONFIG_NF_DUP_NETDEV m
115 115 set_kernel_config CONFIG_NF_NAT_SIP m
116 116 set_kernel_config CONFIG_NF_TABLES_ARP m
117 117 set_kernel_config CONFIG_NF_TABLES_BRIDGE m
118 118 set_kernel_config NF_TABLES m
119 119 set_kernel_config CONFIG_BRIDGE_EBT_BROUTE m
120 120 set_kernel_config CONFIG_BRIDGE_EBT_T_FILTER m
121 121 set_kernel_config CONFIG_BRIDGE_NF_EBTABLES m
122 122 set_kernel_config CONFIG_IP6_NF_IPTABLES m
123 123 set_kernel_config CONFIG_IP6_NF_MATCH_AH m
124 124 set_kernel_config CONFIG_IP6_NF_MATCH_EUI64 m
125 125 set_kernel_config CONFIG_IP6_NF_NAT m
126 126 set_kernel_config CONFIG_IP6_NF_TARGET_MASQUERADE m
127 127 set_kernel_config CONFIG_IP6_NF_TARGET_NPT m
128 128 set_kernel_config CONFIG_IP_SET_BITMAP_IPMAC m
129 129 set_kernel_config CONFIG_IP_SET_BITMAP_PORT m
130 130 set_kernel_config CONFIG_IP_SET_HASH_IP m
131 131 set_kernel_config CONFIG_IP_SET_HASH_IPMARK m
132 132 set_kernel_config CONFIG_IP_SET_HASH_IPPORT m
133 133 set_kernel_config CONFIG_IP_SET_HASH_IPPORTIP m
134 134 set_kernel_config CONFIG_IP_SET_HASH_IPPORTNET m
135 135 set_kernel_config CONFIG_IP_SET_HASH_MAC m
136 136 set_kernel_config CONFIG_IP_SET_HASH_NET m
137 137 set_kernel_config CONFIG_IP_SET_HASH_NETIFACE m
138 138 set_kernel_config CONFIG_IP_SET_HASH_NETNET m
139 139 set_kernel_config CONFIG_IP_SET_HASH_NETPORT m
140 140 set_kernel_config CONFIG_IP_SET_HASH_NETPORTNET m
141 141 set_kernel_config CONFIG_IP_SET_LIST_SET m
142 142 set_kernel_config CONFIG_NFT_BRIDGE_META m
143 143 set_kernel_config CONFIG_NFT_BRIDGE_REJECT m
144 144 set_kernel_config CONFIG_NFT_CHAIN_NAT_IPV4 m
145 145 set_kernel_config CONFIG_NFT_CHAIN_NAT_IPV6 m
146 146 set_kernel_config CONFIG_NFT_CHAIN_ROUTE_IPV4 m
147 147 set_kernel_config CONFIG_NFT_CHAIN_ROUTE_IPV6 m
148 148 set_kernel_config CONFIG_NFT_COMPAT m
149 149 set_kernel_config CONFIG_NFT_COUNTER m
150 150 set_kernel_config CONFIG_NFT_CT m
151 151 set_kernel_config CONFIG_NFT_DUP_IPV4 m
152 152 set_kernel_config CONFIG_NFT_DUP_IPV6 m
153 153 set_kernel_config CONFIG_NFT_DUP_NETDEV m
154 154 set_kernel_config CONFIG_NFT_EXTHDR m
155 155 set_kernel_config CONFIG_NFT_FWD_NETDEV m
156 156 set_kernel_config CONFIG_NFT_HASH m
157 157 set_kernel_config CONFIG_NFT_LIMIT m
158 158 set_kernel_config CONFIG_NFT_LOG m
159 159 set_kernel_config CONFIG_NFT_MASQ m
160 160 set_kernel_config CONFIG_NFT_MASQ_IPV4 m
161 161 set_kernel_config CONFIG_NFT_MASQ_IPV6 m
162 162 set_kernel_config CONFIG_NFT_META m
163 163 set_kernel_config CONFIG_NFT_NAT m
164 164 set_kernel_config CONFIG_NFT_NUMGEN m
165 165 set_kernel_config CONFIG_NFT_QUEUE m
166 166 set_kernel_config CONFIG_NFT_QUOTA m
167 167 set_kernel_config CONFIG_NFT_REDIR m
168 168 set_kernel_config CONFIG_NFT_REDIR_IPV4 m
169 169 set_kernel_config CONFIG_NFT_REDIR_IPV6 m
170 170 set_kernel_config CONFIG_NFT_REJECT m
171 171 set_kernel_config CONFIG_NFT_REJECT_INET m
172 172 set_kernel_config CONFIG_NFT_REJECT_IPV4 m
173 173 set_kernel_config CONFIG_NFT_REJECT_IPV6 m
174 174 set_kernel_config CONFIG_NFT_SET_HASH m
175 175 set_kernel_config CONFIG_NFT_SET_RBTREE m
176 176 set_kernel_config CONFIG_NF_CONNTRACK_IPV4 m
177 177 set_kernel_config CONFIG_NF_CONNTRACK_IPV6 m
178 178 set_kernel_config CONFIG_NF_DEFRAG_IPV4 m
179 179 set_kernel_config CONFIG_NF_DEFRAG_IPV6 m
180 180 set_kernel_config CONFIG_NF_DUP_IPV4 m
181 181 set_kernel_config CONFIG_NF_DUP_IPV6 m
182 182 set_kernel_config CONFIG_NF_LOG_BRIDGE m
183 183 set_kernel_config CONFIG_NF_LOG_IPV4 m
184 184 set_kernel_config CONFIG_NF_LOG_IPV6 m
185 185 set_kernel_config CONFIG_NF_NAT_IPV4 m
186 186 set_kernel_config CONFIG_NF_NAT_IPV6 m
187 187 set_kernel_config CONFIG_NF_NAT_MASQUERADE_IPV4 m
188 188 set_kernel_config CONFIG_NF_NAT_MASQUERADE_IPV6 m
189 189 set_kernel_config CONFIG_NF_NAT_PPTP m
190 190 set_kernel_config CONFIG_NF_NAT_PROTO_GRE m
191 191 set_kernel_config CONFIG_NF_NAT_REDIRECT m
192 192 set_kernel_config CONFIG_NF_NAT_SNMP_BASIC m
193 193 set_kernel_config CONFIG_NF_NAT_TFTP m
194 194 set_kernel_config CONFIG_NF_REJECT_IPV4 m
195 195 set_kernel_config CONFIG_NF_REJECT_IPV6 m
196 196 set_kernel_config CONFIG_NF_TABLES_INET m
197 197 set_kernel_config CONFIG_NF_TABLES_IPV4 m
198 198 set_kernel_config CONFIG_NF_TABLES_IPV6 m
199 199 set_kernel_config CONFIG_NF_TABLES_NETDEV m
200 200 set_kernel_config NETFILTER_XTABLES m
201 201 fi
202 202
203 203 # Enables BPF syscall for systemd-journald see https://github.com/torvalds/linux/blob/master/init/Kconfig#L848 or https://groups.google.com/forum/#!topic/linux.gentoo.user/_2aSc_ztGpA
204 204 if [ "$KERNEL_BPF" = true ] && { [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; } ; then
205 205 set_kernel_config CONFIG_BPF_SYSCALL y
206 206 set_kernel_config CONFIG_BPF_EVENTS y
207 207 set_kernel_config CONFIG_CGROUP_BPF y
208 208 fi
209
210 # KERNEL_DEFAULT_GOV was set by user
211 if ! [ "$KERNEL_DEFAULT_GOV" = POWERSAVE ] && [ -n "$KERNEL_DEFAULT_GOV" ]; then
212 # unset default governor
213 unset_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_POWERSAVE
214
215 case "$KERNEL_DEFAULT_GOV" in
216 "PERFORMANCE")
217 set_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_PERFORMANCE y
218 ;;
219 "USERSPACE")
220 set_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_USERSPACE y
221 ;;
222 "ONDEMAND")
223 set_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_ONDEMAND y
224 ;;
225 "CONSERVATIVE")
226 set_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_CONSERVATIVE y
227 ;;
228 "CONSERVATIVE")
229 set_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_SCHEDUTIL y
230 ;;
231 *)
232 echo "error: unsupported default cpu governor"
233 exit 1
234 ;;
235 esac
236 fi
237
238
209 239
210 240 #Revert to previous directory
211 241 cd "${WORKDIR}"
212 242
213 243 # Set kernel configuration parameters to enable qemu emulation
214 244 if [ "$ENABLE_QEMU" = true ] ; then
215 245 echo "CONFIG_FHANDLE=y" >> "${KERNEL_DIR}"/.config
216 246 echo "CONFIG_LBDAF=y" >> "${KERNEL_DIR}"/.config
217 247
218 248 if [ "$ENABLE_CRYPTFS" = true ] ; then
219 249 {
220 250 echo "CONFIG_EMBEDDED=y"
221 251 echo "CONFIG_EXPERT=y"
222 252 echo "CONFIG_DAX=y"
223 253 echo "CONFIG_MD=y"
224 254 echo "CONFIG_BLK_DEV_MD=y"
225 255 echo "CONFIG_MD_AUTODETECT=y"
226 256 echo "CONFIG_BLK_DEV_DM=y"
227 257 echo "CONFIG_BLK_DEV_DM_BUILTIN=y"
228 258 echo "CONFIG_DM_CRYPT=y"
229 259 echo "CONFIG_CRYPTO_BLKCIPHER=y"
230 260 echo "CONFIG_CRYPTO_CBC=y"
231 261 echo "CONFIG_CRYPTO_XTS=y"
232 262 echo "CONFIG_CRYPTO_SHA512=y"
233 263 echo "CONFIG_CRYPTO_MANAGER=y"
234 264 } >> "${KERNEL_DIR}"/.config
235 265 fi
236 266 fi
237 267
238 268 # Copy custom kernel configuration file
239 269 if [ -n "$KERNELSRC_USRCONFIG" ] ; then
240 270 cp "$KERNELSRC_USRCONFIG" "${KERNEL_DIR}"/.config
241 271 fi
242 272
243 273 # Set kernel configuration parameters to their default values
244 274 if [ "$KERNEL_OLDDEFCONFIG" = true ] ; then
245 275 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" olddefconfig
246 276 fi
247 277
248 278 # Start menu-driven kernel configuration (interactive)
249 279 if [ "$KERNEL_MENUCONFIG" = true ] ; then
250 280 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" menuconfig
251 281 fi
282 # end if "$KERNELSRC_CONFIG" = true
252 283 fi
253 284
254 285 # Use ccache to cross compile the kernel
255 286 if [ "$KERNEL_CCACHE" = true ] ; then
256 287 cc="ccache ${CROSS_COMPILE}gcc"
257 288 else
258 289 cc="${CROSS_COMPILE}gcc"
259 290 fi
260 291
261 292 # Cross compile kernel and dtbs
262 293 make -C "${KERNEL_DIR}" -j"${KERNEL_THREADS}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" CC="${cc}" "${KERNEL_BIN_IMAGE}" dtbs
263 294
264 295 # Cross compile kernel modules
265 296 if grep -q "CONFIG_MODULES=y" "${KERNEL_DIR}/.config" ; then
266 297 make -C "${KERNEL_DIR}" -j"${KERNEL_THREADS}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" CC="${cc}" modules
267 298 fi
299 # end if "$KERNELSRC_PREBUILT" = false
268 300 fi
269 301
270 302 # Check if kernel compilation was successful
271 303 if [ ! -r "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/${KERNEL_BIN_IMAGE}" ] ; then
272 304 echo "error: kernel compilation failed! (kernel image not found)"
273 305 cleanup
274 306 exit 1
275 307 fi
276 308
277 309 # Install kernel modules
278 310 if [ "$ENABLE_REDUCE" = true ] ; then
279 311 if grep -q "CONFIG_MODULES=y" "${KERNEL_DIR}/.config" ; then
280 312 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_MOD_STRIP=1 INSTALL_MOD_PATH=../../.. modules_install
281 313 fi
282 314 else
283 315 if grep -q "CONFIG_MODULES=y" "${KERNEL_DIR}/.config" ; then
284 316 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_MOD_PATH=../../.. modules_install
285 317 fi
286 318
287 319 # Install kernel firmware
288 320 if grep -q "^firmware_install:" "${KERNEL_DIR}/Makefile" ; then
289 321 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_FW_PATH=../../../lib firmware_install
290 322 fi
291 323 fi
292 324
293 325 # Install kernel headers
294 326 if [ "$KERNEL_HEADERS" = true ] && [ "$KERNEL_REDUCE" = false ] ; then
295 327 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_HDR_PATH=../.. headers_install
296 328 fi
297 329 # make tar.gz kernel package - missing os bzw. modules
298 330 #** ** ** WARNING ** ** **
299 331 #Your architecture did not define any architecture-dependent files
300 332 #to be placed into the tarball. Please add those to ./scripts/package/buildtar .
301 333 # make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" CC="${cc}" targz-pkg
302 334
303 335 # Prepare boot (firmware) directory
304 336 mkdir "${BOOT_DIR}"
305 337
306 338 # Get kernel release version
307 339 KERNEL_VERSION=$(cat "${KERNEL_DIR}/include/config/kernel.release")
308 340
309 341 # Copy kernel configuration file to the boot directory
310 342 install_readonly "${KERNEL_DIR}/.config" "${R}/boot/config-${KERNEL_VERSION}"
311 343
312 344 # Prepare device tree directory
313 345 mkdir "${BOOT_DIR}/overlays"
314 346
315 347 # Ensure the proper .dtb is located
316 348 if [ "$KERNEL_ARCH" = "arm" ] ; then
317 349 for dtb in "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/"*.dtb ; do
318 350 if [ -f "${dtb}" ] ; then
319 351 install_readonly "${dtb}" "${BOOT_DIR}/"
320 352 fi
321 353 done
322 354 else
323 355 for dtb in "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/broadcom/"*.dtb ; do
324 356 if [ -f "${dtb}" ] ; then
325 357 install_readonly "${dtb}" "${BOOT_DIR}/"
326 358 fi
327 359 done
328 360 fi
329 361
330 362 # Copy compiled dtb device tree files
331 363 if [ -d "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays" ] ; then
332 364 for dtb in "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays/"*.dtb ; do
333 365 if [ -f "${dtb}" ] ; then
334 366 install_readonly "${dtb}" "${BOOT_DIR}/overlays/"
335 367 fi
336 368 done
337 369
338 370 if [ -f "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays/README" ] ; then
339 371 install_readonly "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays/README" "${BOOT_DIR}/overlays/README"
340 372 fi
341 373 fi
342 374
343 375 if [ "$ENABLE_UBOOT" = false ] ; then
344 376 # Convert and copy kernel image to the boot directory
345 377 "${KERNEL_DIR}/scripts/mkknlimg" "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/${KERNEL_BIN_IMAGE}" "${BOOT_DIR}/${KERNEL_IMAGE}"
346 378 else
347 379 # Copy kernel image to the boot directory
348 380 install_readonly "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/${KERNEL_BIN_IMAGE}" "${BOOT_DIR}/${KERNEL_IMAGE}"
349 381 fi
350 382
351 383 # Remove kernel sources
352 384 if [ "$KERNEL_REMOVESRC" = true ] ; then
353 385 rm -fr "${KERNEL_DIR}"
354 386 else
355 387 # Prepare compiled kernel modules
356 388 if grep -q "CONFIG_MODULES=y" "${KERNEL_DIR}/.config" ; then
357 389 if grep -q "^modules_prepare:" "${KERNEL_DIR}/Makefile" ; then
358 390 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" modules_prepare
359 391 fi
360 392
361 393 # Create symlinks for kernel modules
362 394 chroot_exec ln -sf /usr/src/linux "/lib/modules/${KERNEL_VERSION}/build"
363 395 chroot_exec ln -sf /usr/src/linux "/lib/modules/${KERNEL_VERSION}/source"
364 396 fi
365 397 fi
366 398
367 399 else # BUILD_KERNEL=false
368 400 # echo Install precompiled kernel...
369 401 # echo error: not implemented
370 402 if [ "$KERNEL_ARCH" = arm64 ] && { [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; } ; then
371 403 # Create temporary directory for dl
372 404 temp_dir=$(as_nobody mktemp -d)
373 405
374 406 # Fetch kernel dl
375 407 as_nobody wget -O "${temp_dir}"/kernel.tar.xz -c "$RPI3_64_KERNEL_URL"
376 408 #extract download
377 409 tar -xJf "${temp_dir}"/kernel.tar.xz -C "${temp_dir}"
378 410
379 411 #move extracted kernel to /boot/firmware
380 412 mkdir "${R}/boot/firmware"
381 413 cp "${temp_dir}"/boot/* "${R}"/boot/firmware/
382 414 cp -r "${temp_dir}"/lib/* "${R}"/lib/
383 415
384 416 # Remove temporary directory for kernel sources
385 417 rm -fr "${temp_dir}"
386 418 # Set permissions of the kernel sources
387 419 chown -R root:root "${R}/boot/firmware"
388 420 chown -R root:root "${R}/lib/modules"
389 421 #Create cmdline.txt for 15-rpi-config.sh
390 422 touch "${BOOT_DIR}/cmdline.txt"
391 423 fi
392 424
393 425 # Check if kernel installation was successful
394 426 KERNEL="$(ls -1 "${R}"/boot/firmware/kernel* | sort | tail -n 1)"
395 427 if [ -z "$KERNEL" ] ; then
396 428 echo "error: kernel installation failed! (/boot/kernel* not found)"
397 429 cleanup
398 430 exit 1
399 431 fi
400 432 fi
Show file before | Show file after | Hide comments
@@ -1,84 +1,84
1 1 #
2 2 # Build and Setup nexmon with monitor mode patch
3 3 #
4 4
5 5 # Load utility functions
6 6 . ./functions.sh
7 7
8 8 if [ "$ENABLE_NEXMON" = true ] && [ "$ENABLE_WIRELESS" = true ]; then
9 9
10 10 # Create temporary directory for nexmon sources
11 11 temp_dir=$(as_nobody mktemp -d)
12 12
13 13 # Fetch nexmon sources
14 14 as_nobody git -C "${temp_dir}" clone "${NEXMON_URL}"
15 15
16 16 # Copy downloaded nexmon sources
17 17 mv "${temp_dir}/nexmon" "${R}"/tmp/
18 18
19 19 # Set permissions of the nexmon sources
20 20 chown -R root:root "${R}"/tmp/nexmon
21 21
22 22 # Set script Root
23 23 NEXMON_ROOT="${R}"/tmp/nexmon
24 24
25 25 # Remove temporary directory for nexmon sources
26 26 rm -fr "${temp_dir}"
27 27
28 28 # Build nexmon firmware outside the build system, if we can.
29 29 cd "${NEXMON_ROOT}"
30 30
31 31 # Disable statistics
32 32 touch DISABLE_STATISTICS
33 33
34 34 # Setup Enviroment: see https://github.com/NoobieDog/nexmon/blob/master/setup_env.sh
35 35 #ARCH="${KERNEL_ARCH}"
36 36 #SUBARCH="${KERNEL_ARCH}"
37 37 #KERNEL="${KERNEL_IMAGE}"
38 38 #CC="${NEXMON_ROOT}"/buildtools/gcc-arm-none-eabi-5_4-2016q2-linux-x86/bin/arm-none-eabi-
39 39 #CCPLUGIN="${NEXMON_ROOT}"/buildtools/gcc-nexmon-plugin/nexmon.so
40 40 #ZLIBFLATE="zlib-flate -compress"
41 41 #Q=@
42 42 #NEXMON_SETUP_ENV=1
43 43 . ./setup_env.sh
44 44
45 45 # Make nexmon
46 46 make
47 47
48 48 # Make ancient isl build
49 49 cd buildtools/isl-0.10
50 CC=$CCgcc
50 CC="${CC}"gcc
51 51 ./configure
52 52 make
53 53
54 54 # build patches
55 55 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 3 ] ; then
56 56 cd ${NEXMON_ROOT}/patches/bcm43430a1/7_45_41_46/nexmon
57 57 make clean
58 58
59 59 # We do this so we don't have to install the ancient isl version into /usr/local/lib on systems.
60 60 LD_LIBRARY_PATH=${NEXMON_ROOT}/buildtools/isl-0.10/.libs make ARCH="${KERNEL_ARCH}" CC=${NEXMON_ROOT}/buildtools/gcc-arm-none-eabi-5_4-2016q2-linux-x86/bin/arm-none-eabi-
61 61
62 62 # copy RPi0W & RPi3 firmware
63 63 mv "${WLAN_FIRMWARE_DIR}"/brcmfmac43430-sdio.bin "${WLAN_FIRMWARE_DIR}"/brcmfmac43430-sdio.org.bin
64 64 cp ${NEXMON_ROOT}/patches/bcm43430a1/7_45_41_46/nexmon/brcmfmac43430-sdio.bin "${WLAN_FIRMWARE_DIR}"/brcmfmac43430-sdio.nexmon.bin
65 65 cp -f ${NEXMON_ROOT}/patches/bcm43430a1/7_45_41_46/nexmon/brcmfmac43430-sdio.bin "${WLAN_FIRMWARE_DIR}"/brcmfmac43430-sdio.bin
66 66 fi
67 67
68 68 if [ "$RPI_MODEL" = 3P ] ; then
69 69 cd ${NEXMON_ROOT}/patches/bcm43455c0/7_45_154/nexmon
70 70 make clean
71 71
72 72 # We do this so we don't have to install the ancient isl version into /usr/local/lib on systems.
73 73 LD_LIBRARY_PATH=${NEXMON_ROOT}/buildtools/isl-0.10/.libs make ARCH="${KERNEL_ARCH}" CC=${NEXMON_ROOT}/buildtools/gcc-arm-none-eabi-5_4-2016q2-linux-x86/bin/arm-none-eabi-
74 74
75 75 # RPi3B+ firmware
76 76 mv "${WLAN_FIRMWARE_DIR}"/brcmfmac43455-sdio.bin "${WLAN_FIRMWARE_DIR}"/brcmfmac43455-sdio.org.bin
77 77 cp ${NEXMON_ROOT}/patches/bcm43455c0/7_45_154/nexmon/brcmfmac43455-sdio.bin "${WLAN_FIRMWARE_DIR}"/brcmfmac43455-sdio.nexmon.bin
78 78 cp -f ${NEXMON_ROOT}/patches/bcm43455c0/7_45_154/nexmon/brcmfmac43455-sdio.bin "${WLAN_FIRMWARE_DIR}"/brcmfmac43455-sdio.bin
79 79 fi
80 80
81 81 #Revert to previous directory
82 82 cd "${WORKDIR}"
83 83
84 84 fi
Show file before | Show file after | Hide comments
@@ -1,842 +1,843
1 1 #!/bin/sh
2 2 ########################################################################
3 3 # rpi23-gen-image.sh 2015-2017
4 4 #
5 5 # Advanced Debian "stretch" and "buster" bootstrap script for RPi2/3
6 6 #
7 7 # This program is free software; you can redistribute it and/or
8 8 # modify it under the terms of the GNU General Public License
9 9 # as published by the Free Software Foundation; either version 2
10 10 # of the License, or (at your option) any later version.
11 11 #
12 12 # Copyright (C) 2015 Jan Wagner <mail@jwagner.eu>
13 13 #
14 14 # Big thanks for patches and enhancements by 20+ github contributors!
15 15 ########################################################################
16 16
17 17 # Are we running as root?
18 18 if [ "$(id -u)" -ne "0" ] ; then
19 19 echo "error: this script must be executed with root privileges!"
20 20 exit 1
21 21 fi
22 22
23 23 # Check if ./functions.sh script exists
24 24 if [ ! -r "./functions.sh" ] ; then
25 25 echo "error: './functions.sh' required script not found!"
26 26 exit 1
27 27 fi
28 28
29 29 # Load utility functions
30 30 . ./functions.sh
31 31
32 32 # Load parameters from configuration template file
33 33 if [ -n "$CONFIG_TEMPLATE" ] ; then
34 34 use_template
35 35 fi
36 36
37 37 # Introduce settings
38 38 set -e
39 39 echo -n -e "\n#\n# RPi2/3 Bootstrap Settings\n#\n"
40 40 set -x
41 41
42 42 # Raspberry Pi model configuration
43 43 RPI_MODEL=${RPI_MODEL:=2}
44 44
45 45 # Debian release
46 46 RELEASE=${RELEASE:=buster}
47 47
48 48 # Kernel Branch
49 49 KERNEL_BRANCH=${KERNEL_BRANCH:=""}
50 50
51 51 # URLs
52 52 KERNEL_URL=${KERNEL_URL:=https://github.com/raspberrypi/linux}
53 53 FIRMWARE_URL=${FIRMWARE_URL:=https://github.com/raspberrypi/firmware/raw/master/boot}
54 54 WLAN_FIRMWARE_URL=${WLAN_FIRMWARE_URL:=https://github.com/RPi-Distro/firmware-nonfree/raw/master/brcm}
55 55 COLLABORA_URL=${COLLABORA_URL:=https://repositories.collabora.co.uk/debian}
56 56 FBTURBO_URL=${FBTURBO_URL:=https://github.com/ssvb/xf86-video-fbturbo.git}
57 57 UBOOT_URL=${UBOOT_URL:=https://git.denx.de/u-boot.git}
58 58 VIDEOCORE_URL=${VIDEOCORE_URL:=https://github.com/raspberrypi/userland}
59 59 #BIS= Kernel has KVM and zswap enabled
60 60 RPI3_64_BIS_KERNEL_URL=${RPI3_64_BIS_KERNEL_URL:=https://github.com/sakaki-/bcmrpi3-kernel-bis/releases/download/4.14.80.20181113/bcmrpi3-kernel-bis-4.14.80.20181113.tar.xz}
61 61 #default bcmrpi3_defconfig target kernel
62 62 RPI3_64_DEF_KERNEL_URL=${RPI3_64_DEF_KERNEL_URL:=https://github.com/sakaki-/bcmrpi3-kernel/releases/download/4.14.80.20181113/bcmrpi3-kernel-4.14.80.20181113.tar.xz}
63 63 #enhanced kernel
64 64 RPI3_64_KERNEL_URL=${RPI3_64_KERNEL_URL:=$RPI3_64_BIS_KERNEL_URL}
65 65 BLUETOOTH_URL=${BLUETOOTH_URL:=https://github.com/RPi-Distro/pi-bluetooth.git}
66 66 NEXMON_URL=${NEXMON_URL:=https://github.com/seemoo-lab/nexmon.git}
67 67
68 68 # Build directories
69 69 WORKDIR=$(pwd)
70 70 BASEDIR=${BASEDIR:=${WORKDIR}/images/${RELEASE}}
71 71 BUILDDIR="${BASEDIR}/build"
72 72
73 73 # Chroot directories
74 74 R="${BUILDDIR}/chroot"
75 75 ETC_DIR="${R}/etc"
76 76 LIB_DIR="${R}/lib"
77 77 BOOT_DIR="${R}/boot/firmware"
78 78 KERNEL_DIR="${R}/usr/src/linux"
79 79 WLAN_FIRMWARE_DIR="${LIB_DIR}/firmware/brcm"
80 80 BLUETOOTH_FIRMWARE_DIR="${ETC_DIR}/firmware/bt"
81 81
82 82 # Firmware directory: Blank if download from github
83 83 RPI_FIRMWARE_DIR=${RPI_FIRMWARE_DIR:=""}
84 84
85 85 # General settings
86 86 SET_ARCH=${SET_ARCH:=32}
87 87 HOSTNAME=${HOSTNAME:=rpi${RPI_MODEL}-${RELEASE}}
88 88 PASSWORD=${PASSWORD:=raspberry}
89 89 USER_PASSWORD=${USER_PASSWORD:=raspberry}
90 90 DEFLOCAL=${DEFLOCAL:="en_US.UTF-8"}
91 91 TIMEZONE=${TIMEZONE:="Europe/Berlin"}
92 92 EXPANDROOT=${EXPANDROOT:=true}
93 93
94 94 # Keyboard settings
95 95 XKB_MODEL=${XKB_MODEL:=""}
96 96 XKB_LAYOUT=${XKB_LAYOUT:=""}
97 97 XKB_VARIANT=${XKB_VARIANT:=""}
98 98 XKB_OPTIONS=${XKB_OPTIONS:=""}
99 99
100 100 # Network settings (DHCP)
101 101 ENABLE_DHCP=${ENABLE_DHCP:=true}
102 102
103 103 # Network settings (static)
104 104 NET_ADDRESS=${NET_ADDRESS:=""}
105 105 NET_GATEWAY=${NET_GATEWAY:=""}
106 106 NET_DNS_1=${NET_DNS_1:=""}
107 107 NET_DNS_2=${NET_DNS_2:=""}
108 108 NET_DNS_DOMAINS=${NET_DNS_DOMAINS:=""}
109 109 NET_NTP_1=${NET_NTP_1:=""}
110 110 NET_NTP_2=${NET_NTP_2:=""}
111 111
112 112 # APT settings
113 113 APT_PROXY=${APT_PROXY:=""}
114 114 APT_SERVER=${APT_SERVER:="ftp.debian.org"}
115 115
116 116 # Feature settings
117 117 ENABLE_PRINTK=${ENABLE_PRINTK:=false}
118 118 ENABLE_BLUETOOTH=${ENABLE_BLUETOOTH:=false}
119 119 ENABLE_MINIUART_OVERLAY=${ENABLE_MINIUART_OVERLAY:=false}
120 120 ENABLE_CONSOLE=${ENABLE_CONSOLE:=true}
121 121 ENABLE_I2C=${ENABLE_I2C:=false}
122 122 ENABLE_SPI=${ENABLE_SPI:=false}
123 123 ENABLE_IPV6=${ENABLE_IPV6:=true}
124 124 ENABLE_SSHD=${ENABLE_SSHD:=true}
125 125 ENABLE_NONFREE=${ENABLE_NONFREE:=false}
126 126 ENABLE_WIRELESS=${ENABLE_WIRELESS:=false}
127 127 ENABLE_SOUND=${ENABLE_SOUND:=true}
128 128 ENABLE_DBUS=${ENABLE_DBUS:=true}
129 129 ENABLE_HWRANDOM=${ENABLE_HWRANDOM:=true}
130 130 ENABLE_MINGPU=${ENABLE_MINGPU:=false}
131 131 ENABLE_XORG=${ENABLE_XORG:=false}
132 132 ENABLE_WM=${ENABLE_WM:=""}
133 133 ENABLE_RSYSLOG=${ENABLE_RSYSLOG:=true}
134 134 ENABLE_USER=${ENABLE_USER:=true}
135 135 USER_NAME=${USER_NAME:="pi"}
136 136 ENABLE_ROOT=${ENABLE_ROOT:=false}
137 137 ENABLE_QEMU=${ENABLE_QEMU:=false}
138 138 ENABLE_SYSVINIT=${ENABLE_SYSVINIT:=false}
139 139
140 140 # SSH settings
141 141 SSH_ENABLE_ROOT=${SSH_ENABLE_ROOT:=false}
142 142 SSH_DISABLE_PASSWORD_AUTH=${SSH_DISABLE_PASSWORD_AUTH:=false}
143 143 SSH_LIMIT_USERS=${SSH_LIMIT_USERS:=false}
144 144 SSH_ROOT_PUB_KEY=${SSH_ROOT_PUB_KEY:=""}
145 145 SSH_USER_PUB_KEY=${SSH_USER_PUB_KEY:=""}
146 146
147 147 # Advanced settings
148 148 ENABLE_MINBASE=${ENABLE_MINBASE:=false}
149 149 ENABLE_REDUCE=${ENABLE_REDUCE:=false}
150 150 ENABLE_UBOOT=${ENABLE_UBOOT:=false}
151 151 UBOOTSRC_DIR=${UBOOTSRC_DIR:=""}
152 152 ENABLE_UBOOTUSB=${ENABLE_UBOOTUSB=false}
153 153 ENABLE_FBTURBO=${ENABLE_FBTURBO:=false}
154 154 ENABLE_VIDEOCORE=${ENABLE_VIDEOCORE:=false}
155 155 ENABLE_NEXMON=${ENABLE_NEXMON:="false"}
156 156 VIDEOCORESRC_DIR=${VIDEOCORESRC_DIR:=""}
157 157 FBTURBOSRC_DIR=${FBTURBOSRC_DIR:=""}
158 158 NEXMON_DIR=${NEXMON_DIR:=""}
159 159 ENABLE_HARDNET=${ENABLE_HARDNET:=false}
160 160 ENABLE_IPTABLES=${ENABLE_IPTABLES:=false}
161 161 ENABLE_SPLITFS=${ENABLE_SPLITFS:=false}
162 162 ENABLE_INITRAMFS=${ENABLE_INITRAMFS:=false}
163 163 ENABLE_IFNAMES=${ENABLE_IFNAMES:=true}
164 164 DISABLE_UNDERVOLT_WARNINGS=${DISABLE_UNDERVOLT_WARNINGS:=}
165 165
166 166 # Kernel compilation settings
167 167 BUILD_KERNEL=${BUILD_KERNEL:=true}
168 168 KERNEL_REDUCE=${KERNEL_REDUCE:=false}
169 169 KERNEL_THREADS=${KERNEL_THREADS:=1}
170 170 KERNEL_HEADERS=${KERNEL_HEADERS:=true}
171 171 KERNEL_MENUCONFIG=${KERNEL_MENUCONFIG:=false}
172 172 KERNEL_REMOVESRC=${KERNEL_REMOVESRC:=true}
173 173 KERNEL_OLDDEFCONFIG=${KERNEL_OLDDEFCONFIG:=false}
174 174 KERNEL_CCACHE=${KERNEL_CCACHE:=false}
175 175 KERNEL_ZSWAP=${KERNEL_ZSWAP:=false}
176 176 KERNEL_VIRT=${KERNEL_VIRT:=false}
177 177 KERNEL_BPF=${KERNEL_BPF:=false}
178 KERNEL_DEFAULT_GOV=${KERNEL_DEFAULT_GOV:=POWERSAVE}
178 179
179 180 # Kernel compilation from source directory settings
180 181 KERNELSRC_DIR=${KERNELSRC_DIR:=""}
181 182 KERNELSRC_CLEAN=${KERNELSRC_CLEAN:=false}
182 183 KERNELSRC_CONFIG=${KERNELSRC_CONFIG:=true}
183 184 KERNELSRC_PREBUILT=${KERNELSRC_PREBUILT:=false}
184 185
185 186 # Reduce disk usage settings
186 187 REDUCE_APT=${REDUCE_APT:=true}
187 188 REDUCE_DOC=${REDUCE_DOC:=true}
188 189 REDUCE_MAN=${REDUCE_MAN:=true}
189 190 REDUCE_VIM=${REDUCE_VIM:=false}
190 191 REDUCE_BASH=${REDUCE_BASH:=false}
191 192 REDUCE_HWDB=${REDUCE_HWDB:=true}
192 193 REDUCE_SSHD=${REDUCE_SSHD:=true}
193 194 REDUCE_LOCALE=${REDUCE_LOCALE:=true}
194 195
195 196 # Encrypted filesystem settings
196 197 ENABLE_CRYPTFS=${ENABLE_CRYPTFS:=false}
197 198 CRYPTFS_PASSWORD=${CRYPTFS_PASSWORD:=""}
198 199 CRYPTFS_MAPPING=${CRYPTFS_MAPPING:="secure"}
199 200 CRYPTFS_CIPHER=${CRYPTFS_CIPHER:="aes-xts-plain64:sha512"}
200 201 CRYPTFS_XTSKEYSIZE=${CRYPTFS_XTSKEYSIZE:=512}
201 202 #Dropbear-initramfs supports unlocking encrypted filesystem via SSH on bootup
202 203 CRYPTFS_DROPBEAR=${CRYPTFS_DROPBEAR:=false}
203 204 #Provide your own Dropbear Public RSA-OpenSSH Key otherwise it will be generated
204 205 CRYPTFS_DROPBEAR_PUBKEY=${CRYPTFS_DROPBEAR_PUBKEY:=""}
205 206
206 207 # Chroot scripts directory
207 208 CHROOT_SCRIPTS=${CHROOT_SCRIPTS:=""}
208 209
209 210 # Packages required in the chroot build environment
210 211 APT_INCLUDES=${APT_INCLUDES:=""}
211 212 APT_INCLUDES="${APT_INCLUDES},apt-transport-https,apt-utils,ca-certificates,debian-archive-keyring,dialog,sudo,systemd,sysvinit-utils,locales,keyboard-configuration,console-setup,libnss-systemd"
212 213
213 214 #Packages to exclude from chroot build environment
214 215 APT_EXCLUDES=${APT_EXCLUDES:=""}
215 216
216 217 # Packages required for bootstrapping
217 218 REQUIRED_PACKAGES="debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git bc psmisc dbus sudo netselect-apt"
218 219 MISSING_PACKAGES=""
219 220
220 221 # Packages installed for c/c++ build environment in chroot (keep empty)
221 222 COMPILER_PACKAGES=""
222 223
223 224 set +x
224 225
225 226 #Check if apt-cacher-ng has port 3142 open and set APT_PROXY
226 227 APT_CACHER_RUNNING=$(lsof -i :3142 | grep apt-cacher-ng | cut -d ' ' -f3 | uniq)
227 228 if [ -n "${APT_CACHER_RUNNING}" ] ; then
228 229 APT_PROXY=http://127.0.0.1:3142/
229 230 fi
230 231
231 232 #netselect-apt does not know buster yet
232 233 if [ "$RELEASE" = "buster" ] ; then
233 234 RLS=testing
234 235 else
235 236 RLS="$RELEASE"
236 237 fi
237 238
238 239 if [ -f "$(pwd)/files/apt/sources.list" ] ; then
239 240 rm "$(pwd)/files/apt/sources.list"
240 241 fi
241 242
242 243 if [ "$ENABLE_NONFREE" = true ] ; then
243 244 netselect-apt --arch "$RELEASE_ARCH" --tests 10 --sources --nonfree --outfile "$(pwd)/files/apt/sources.list" -d "$RLS"
244 245 else
245 246 netselect-apt --arch "$RELEASE_ARCH" --tests 10 --sources --outfile "$(pwd)/files/apt/sources.list" -d "$RLS"
246 247 fi
247 248
248 249 #sed and cut the result string so we can use it as APT_SERVER
249 250 APT_SERVER=$(grep -m 1 http files/apt/sources.list | sed "s|http://| |g" | cut -d ' ' -f 3 | sed 's|/$|''|')
250 251
251 252 #make script easier and more stable to use with convenient setup switch. Just setup SET_ARCH and RPI_MODEL and your good to go!
252 253 if [ -n "$SET_ARCH" ] ; then
253 254 # 64 bit configuration
254 255 if [ "$SET_ARCH" = 64 ] ; then
255 256 # General 64 bit depended settings
256 257 QEMU_BINARY=${QEMU_BINARY:=/usr/bin/qemu-aarch64-static}
257 258 KERNEL_ARCH=${KERNEL_ARCH:=arm64}
258 259 KERNEL_BIN_IMAGE=${KERNEL_BIN_IMAGE:="Image"}
259 260
260 261 # Board specific settings
261 262 if [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then
262 263 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-arm64"
263 264 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcmrpi3_defconfig}
264 265 RELEASE_ARCH=${RELEASE_ARCH:=arm64}
265 266 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel8.img}
266 267 CROSS_COMPILE=${CROSS_COMPILE:=aarch64-linux-gnu-}
267 268 else
268 269 echo "error: Only Raspberry PI 3 and 3B+ support 64 bit"
269 270 exit 1
270 271 fi
271 272 fi
272 273
273 274 # 32 bit configuration
274 275 if [ "$SET_ARCH" = 32 ] ; then
275 276 # General 32 bit dependend settings
276 277 QEMU_BINARY=${QEMU_BINARY:=/usr/bin/qemu-arm-static}
277 278 KERNEL_ARCH=${KERNEL_ARCH:=arm}
278 279 KERNEL_BIN_IMAGE=${KERNEL_BIN_IMAGE:="zImage"}
279 280
280 281 # Hardware specific settings
281 282 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 1 ] || [ "$RPI_MODEL" = 1P ] ; then
282 283 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-armel"
283 284 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcmrpi_defconfig}
284 285 RELEASE_ARCH=${RELEASE_ARCH:=armel}
285 286 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel.img}
286 287 CROSS_COMPILE=${CROSS_COMPILE:=arm-linux-gnueabi-}
287 288 fi
288 289
289 290 # Hardware specific settings
290 291 if [ "$RPI_MODEL" = 2 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then
291 292 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-armhf"
292 293 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcm2709_defconfig}
293 294 RELEASE_ARCH=${RELEASE_ARCH:=armhf}
294 295 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel7.img}
295 296 CROSS_COMPILE=${CROSS_COMPILE:=arm-linux-gnueabihf-}
296 297 fi
297 298 fi
298 299 #SET_ARCH not set
299 300 else
300 301 echo "error: Please set '32' or '64' as value for SET_ARCH"
301 302 exit 1
302 303 fi
303 304 # Device specific configuration and U-Boot configuration
304 305 case "$RPI_MODEL" in
305 306 0)
306 307 DTB_FILE=${DTB_FILE:=bcm2708-rpi-0-w.dtb}
307 308 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_defconfig}
308 309 ;;
309 310 1)
310 311 DTB_FILE=${DTB_FILE:=bcm2708-rpi-b.dtb}
311 312 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_defconfig}
312 313 ;;
313 314 1P)
314 315 DTB_FILE=${DTB_FILE:=bcm2708-rpi-b-plus.dtb}
315 316 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_defconfig}
316 317 ;;
317 318 2)
318 319 DTB_FILE=${DTB_FILE:=bcm2709-rpi-2-b.dtb}
319 320 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_2_defconfig}
320 321 ;;
321 322 3)
322 323 DTB_FILE=${DTB_FILE:=bcm2710-rpi-3-b.dtb}
323 324 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_3_defconfig}
324 325 ;;
325 326 3P)
326 327 DTB_FILE=${DTB_FILE:=bcm2710-rpi-3-b.dtb}
327 328 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_3_defconfig}
328 329 ;;
329 330 *)
330 331 echo "error: Raspberry Pi model $RPI_MODEL is not supported!"
331 332 exit 1
332 333 ;;
333 334 esac
334 335
335 336 # Raspberry PI 0,3,3P with Bluetooth and Wifi onboard
336 337 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then
337 338 # Include bluetooth packages on supported boards
338 339 if [ "$ENABLE_BLUETOOTH" = true ] && [ "$ENABLE_CONSOLE" = false ]; then
339 340 APT_INCLUDES="${APT_INCLUDES},bluetooth,bluez"
340 341 fi
341 342 else # Raspberry PI 1,1P,2 without Wifi and bluetooth onboard
342 343 # Check if the internal wireless interface is not supported by the RPi model
343 344 if [ "$ENABLE_WIRELESS" = true ] || [ "$ENABLE_BLUETOOTH" = true ]; then
344 345 echo "error: The selected Raspberry Pi model has no integrated interface for wireless or bluetooth"
345 346 exit 1
346 347 fi
347 348 fi
348 349
349 350 # Prepare date string for default image file name
350 351 DATE="$(date +%Y-%m-%d)"
351 352 if [ -z "$KERNEL_BRANCH" ] ; then
352 353 IMAGE_NAME=${IMAGE_NAME:=${BASEDIR}/${DATE}-${KERNEL_ARCH}-CURRENT-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}}
353 354 else
354 355 IMAGE_NAME=${IMAGE_NAME:=${BASEDIR}/${DATE}-${KERNEL_ARCH}-${KERNEL_BRANCH}-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}}
355 356 fi
356 357
357 358 # Check if DISABLE_UNDERVOLT_WARNINGS parameter value is supported
358 359 if [ -n "$DISABLE_UNDERVOLT_WARNINGS" ] ; then
359 360 if [ "$DISABLE_UNDERVOLT_WARNINGS" != 1 ] && [ "$DISABLE_UNDERVOLT_WARNINGS" != 2 ] ; then
360 361 echo "error: DISABLE_UNDERVOLT_WARNINGS=${DISABLE_UNDERVOLT_WARNINGS} is not supported"
361 362 exit 1
362 363 fi
363 364 fi
364 365
365 366 # Add cmake to compile videocore sources
366 367 if [ "$ENABLE_VIDEOCORE" = true ] ; then
367 368 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} cmake"
368 369 fi
369 370
370 371 # Add libncurses5 to enable kernel menuconfig
371 372 if [ "$KERNEL_MENUCONFIG" = true ] ; then
372 373 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} libncurses-dev"
373 374 fi
374 375
375 376 # Add ccache compiler cache for (faster) kernel cross (re)compilation
376 377 if [ "$KERNEL_CCACHE" = true ] ; then
377 378 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} ccache"
378 379 fi
379 380
380 381 # Add cryptsetup package to enable filesystem encryption
381 382 if [ "$ENABLE_CRYPTFS" = true ] && [ "$BUILD_KERNEL" = true ] ; then
382 383 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} cryptsetup"
383 384 APT_INCLUDES="${APT_INCLUDES},cryptsetup,busybox,console-setup"
384 385
385 386 #If cryptfs,dropbear and initramfs are enabled include dropbear-initramfs package
386 387 if [ "$CRYPTFS_DROPBEAR" = true ] && [ "$ENABLE_INITRAMFS" = true ]; then
387 388 APT_INCLUDES="${APT_INCLUDES},dropbear-initramfs"
388 389 fi
389 390
390 391 if [ -z "$CRYPTFS_PASSWORD" ] ; then
391 392 echo "error: no password defined (CRYPTFS_PASSWORD)!"
392 393 exit 1
393 394 fi
394 395 ENABLE_INITRAMFS=true
395 396 fi
396 397
397 398 # Add initramfs generation tools
398 399 if [ "$ENABLE_INITRAMFS" = true ] && [ "$BUILD_KERNEL" = true ] ; then
399 400 APT_INCLUDES="${APT_INCLUDES},initramfs-tools"
400 401 fi
401 402
402 403 # Add device-tree-compiler required for building the U-Boot bootloader
403 404 if [ "$ENABLE_UBOOT" = true ] ; then
404 405 APT_INCLUDES="${APT_INCLUDES},device-tree-compiler,bison,flex,bc"
405 406 else
406 407 if [ "$ENABLE_UBOOTUSB" = true ] ; then
407 408 echo "error: Enabling UBOOTUSB requires u-boot to be enabled"
408 409 exit 1
409 410 fi
410 411 fi
411 412
412 413 # Check if root SSH (v2) public key file exists
413 414 if [ -n "$SSH_ROOT_PUB_KEY" ] ; then
414 415 if [ ! -f "$SSH_ROOT_PUB_KEY" ] ; then
415 416 echo "error: '$SSH_ROOT_PUB_KEY' specified SSH public key file not found (SSH_ROOT_PUB_KEY)!"
416 417 exit 1
417 418 fi
418 419 fi
419 420
420 421 # Check if $USER_NAME SSH (v2) public key file exists
421 422 if [ -n "$SSH_USER_PUB_KEY" ] ; then
422 423 if [ ! -f "$SSH_USER_PUB_KEY" ] ; then
423 424 echo "error: '$SSH_USER_PUB_KEY' specified SSH public key file not found (SSH_USER_PUB_KEY)!"
424 425 exit 1
425 426 fi
426 427 fi
427 428
428 429 # Check if all required packages are installed on the build system
429 430 for package in $REQUIRED_PACKAGES ; do
430 431 if [ "$(dpkg-query -W -f='${Status}' "$package")" != "install ok installed" ] ; then
431 432 MISSING_PACKAGES="${MISSING_PACKAGES} $package"
432 433 fi
433 434 done
434 435
435 436 # If there are missing packages ask confirmation for install, or exit
436 437 if [ -n "$MISSING_PACKAGES" ] ; then
437 438 echo "the following packages needed by this script are not installed:"
438 439 echo "$MISSING_PACKAGES"
439 440
440 441 printf "\ndo you want to install the missing packages right now? [y/n] "
441 442 read -r confirm
442 443 [ "$confirm" != "y" ] && exit 1
443 444
444 445 # Make sure all missing required packages are installed
445 446 apt-get -qq -y install "${MISSING_PACKAGES}"
446 447 fi
447 448
448 449 # Check if ./bootstrap.d directory exists
449 450 if [ ! -d "./bootstrap.d/" ] ; then
450 451 echo "error: './bootstrap.d' required directory not found!"
451 452 exit 1
452 453 fi
453 454
454 455 # Check if ./files directory exists
455 456 if [ ! -d "./files/" ] ; then
456 457 echo "error: './files' required directory not found!"
457 458 exit 1
458 459 fi
459 460
460 461 # Check if specified KERNELSRC_DIR directory exists
461 462 if [ -n "$KERNELSRC_DIR" ] && [ ! -d "$KERNELSRC_DIR" ] ; then
462 463 echo "error: '${KERNELSRC_DIR}' specified directory not found (KERNELSRC_DIR)!"
463 464 exit 1
464 465 fi
465 466
466 467 # Check if specified UBOOTSRC_DIR directory exists
467 468 if [ -n "$UBOOTSRC_DIR" ] && [ ! -d "$UBOOTSRC_DIR" ] ; then
468 469 echo "error: '${UBOOTSRC_DIR}' specified directory not found (UBOOTSRC_DIR)!"
469 470 exit 1
470 471 fi
471 472
472 473 # Check if specified VIDEOCORESRC_DIR directory exists
473 474 if [ -n "$VIDEOCORESRC_DIR" ] && [ ! -d "$VIDEOCORESRC_DIR" ] ; then
474 475 echo "error: '${VIDEOCORESRC_DIR}' specified directory not found (VIDEOCORESRC_DIR)!"
475 476 exit 1
476 477 fi
477 478
478 479 # Check if specified FBTURBOSRC_DIR directory exists
479 480 if [ -n "$FBTURBOSRC_DIR" ] && [ ! -d "$FBTURBOSRC_DIR" ] ; then
480 481 echo "error: '${FBTURBOSRC_DIR}' specified directory not found (FBTURBOSRC_DIR)!"
481 482 exit 1
482 483 fi
483 484
484 485 # Check if specified NEXMON_DIR directory exists
485 486 if [ -n "$NEXMON_DIR" ] && [ ! -d "$NEXMON_DIR" ] ; then
486 487 echo "error: '${NEXMON_DIR}' specified directory not found (NEXMON_DIR)!"
487 488 exit 1
488 489 fi
489 490
490 491 # Check if specified CHROOT_SCRIPTS directory exists
491 492 if [ -n "$CHROOT_SCRIPTS" ] && [ ! -d "$CHROOT_SCRIPTS" ] ; then
492 493 echo "error: ${CHROOT_SCRIPTS} specified directory not found (CHROOT_SCRIPTS)!"
493 494 exit 1
494 495 fi
495 496
496 497 # Check if specified device mapping already exists (will be used by cryptsetup)
497 498 if [ -r "/dev/mapping/${CRYPTFS_MAPPING}" ] ; then
498 499 echo "error: mapping /dev/mapping/${CRYPTFS_MAPPING} already exists, not proceeding"
499 500 exit 1
500 501 fi
501 502
502 503 # Don't clobber an old build
503 504 if [ -e "$BUILDDIR" ] ; then
504 505 echo "error: directory ${BUILDDIR} already exists, not proceeding"
505 506 exit 1
506 507 fi
507 508
508 509 # Setup chroot directory
509 510 mkdir -p "${R}"
510 511
511 512 # Check if build directory has enough of free disk space >512MB
512 513 if [ "$(df --output=avail "${BUILDDIR}" | sed "1d")" -le "524288" ] ; then
513 514 echo "error: ${BUILDDIR} not enough space left to generate the output image!"
514 515 exit 1
515 516 fi
516 517
517 518 set -x
518 519
519 520 # Call "cleanup" function on various signals and errors
520 521 trap cleanup 0 1 2 3 6
521 522
522 523 # Add required packages for the minbase installation
523 524 if [ "$ENABLE_MINBASE" = true ] ; then
524 525 APT_INCLUDES="${APT_INCLUDES},vim-tiny,netbase,net-tools,ifupdown"
525 526 fi
526 527
527 528 # Add parted package, required to get partprobe utility
528 529 if [ "$EXPANDROOT" = true ] ; then
529 530 APT_INCLUDES="${APT_INCLUDES},parted"
530 531 fi
531 532
532 533 # Add dbus package, recommended if using systemd
533 534 if [ "$ENABLE_DBUS" = true ] ; then
534 535 APT_INCLUDES="${APT_INCLUDES},dbus"
535 536 fi
536 537
537 538 # Add iptables IPv4/IPv6 package
538 539 if [ "$ENABLE_IPTABLES" = true ] ; then
539 540 APT_INCLUDES="${APT_INCLUDES},iptables,iptables-persistent"
540 541 fi
541 542
542 543 # Add openssh server package
543 544 if [ "$ENABLE_SSHD" = true ] ; then
544 545 APT_INCLUDES="${APT_INCLUDES},openssh-server"
545 546 fi
546 547
547 548 # Add alsa-utils package
548 549 if [ "$ENABLE_SOUND" = true ] ; then
549 550 APT_INCLUDES="${APT_INCLUDES},alsa-utils"
550 551 fi
551 552
552 553 # Add rng-tools package
553 554 if [ "$ENABLE_HWRANDOM" = true ] ; then
554 555 APT_INCLUDES="${APT_INCLUDES},rng-tools"
555 556 fi
556 557
557 558 # Add fbturbo video driver
558 559 if [ "$ENABLE_FBTURBO" = true ] ; then
559 560 # Enable xorg package dependencies
560 561 ENABLE_XORG=true
561 562 fi
562 563
563 564 # Add user defined window manager package
564 565 if [ -n "$ENABLE_WM" ] ; then
565 566 APT_INCLUDES="${APT_INCLUDES},${ENABLE_WM}"
566 567
567 568 # Enable xorg package dependencies
568 569 ENABLE_XORG=true
569 570 fi
570 571
571 572 # Add xorg package
572 573 if [ "$ENABLE_XORG" = true ] ; then
573 574 APT_INCLUDES="${APT_INCLUDES},xorg,dbus-x11"
574 575 fi
575 576
576 577 # Replace selected packages with smaller clones
577 578 if [ "$ENABLE_REDUCE" = true ] ; then
578 579 # Add levee package instead of vim-tiny
579 580 if [ "$REDUCE_VIM" = true ] ; then
580 581 APT_INCLUDES="$(echo ${APT_INCLUDES} | sed "s/vim-tiny/levee/")"
581 582 fi
582 583
583 584 # Add dropbear package instead of openssh-server
584 585 if [ "$REDUCE_SSHD" = true ] ; then
585 586 APT_INCLUDES="$(echo "${APT_INCLUDES}" | sed "s/openssh-server/dropbear/")"
586 587 fi
587 588 fi
588 589
589 590 # Configure systemd-sysv exclude to make halt/reboot/shutdown scripts available
590 591 if [ "$ENABLE_SYSVINIT" = false ] ; then
591 592 APT_EXCLUDES="--exclude=${APT_EXCLUDES},init,systemd-sysv"
592 593 fi
593 594
594 595 # Configure kernel sources if no KERNELSRC_DIR
595 596 if [ "$BUILD_KERNEL" = true ] && [ -z "$KERNELSRC_DIR" ] ; then
596 597 KERNELSRC_CONFIG=true
597 598 fi
598 599
599 600 # Configure reduced kernel
600 601 if [ "$KERNEL_REDUCE" = true ] ; then
601 602 KERNELSRC_CONFIG=false
602 603 fi
603 604
604 605 # Configure qemu compatible kernel
605 606 if [ "$ENABLE_QEMU" = true ] ; then
606 607 DTB_FILE=vexpress-v2p-ca15_a7.dtb
607 608 UBOOT_CONFIG=vexpress_ca15_tc2_defconfig
608 609 KERNEL_DEFCONFIG="vexpress_defconfig"
609 610 if [ "$KERNEL_MENUCONFIG" = false ] ; then
610 611 KERNEL_OLDDEFCONFIG=true
611 612 fi
612 613 fi
613 614
614 615 # Execute bootstrap scripts
615 616 for SCRIPT in bootstrap.d/*.sh; do
616 617 head -n 3 "$SCRIPT"
617 618 . "$SCRIPT"
618 619 done
619 620
620 621 ## Execute custom bootstrap scripts
621 622 if [ -d "custom.d" ] ; then
622 623 for SCRIPT in custom.d/*.sh; do
623 624 . "$SCRIPT"
624 625 done
625 626 fi
626 627
627 628 # Execute custom scripts inside the chroot
628 629 if [ -n "$CHROOT_SCRIPTS" ] && [ -d "$CHROOT_SCRIPTS" ] ; then
629 630 cp -r "${CHROOT_SCRIPTS}" "${R}/chroot_scripts"
630 631 chroot_exec /bin/bash -x <<'EOF'
631 632 for SCRIPT in /chroot_scripts/* ; do
632 633 if [ -f $SCRIPT -a -x $SCRIPT ] ; then
633 634 $SCRIPT
634 635 fi
635 636 done
636 637 EOF
637 638 rm -rf "${R}/chroot_scripts"
638 639 fi
639 640
640 641 # Remove c/c++ build environment from the chroot
641 642 chroot_remove_cc
642 643
643 644 # Generate required machine-id
644 645 MACHINE_ID=$(dbus-uuidgen)
645 646 echo -n "${MACHINE_ID}" > "${R}/var/lib/dbus/machine-id"
646 647 echo -n "${MACHINE_ID}" > "${ETC_DIR}/machine-id"
647 648
648 649 # APT Cleanup
649 650 chroot_exec apt-get -y clean
650 651 chroot_exec apt-get -y autoclean
651 652 chroot_exec apt-get -y autoremove
652 653
653 654 # Unmount mounted filesystems
654 655 umount -l "${R}/proc"
655 656 umount -l "${R}/sys"
656 657
657 658 # Clean up directories
658 659 rm -rf "${R}/run/*"
659 660 rm -rf "${R}/tmp/*"
660 661
661 662 # Clean up files
662 663 rm -f "${ETC_DIR}/ssh/ssh_host_*"
663 664 rm -f "${ETC_DIR}/dropbear/dropbear_*"
664 665 rm -f "${ETC_DIR}/apt/sources.list.save"
665 666 rm -f "${ETC_DIR}/resolvconf/resolv.conf.d/original"
666 667 rm -f "${ETC_DIR}/*-"
667 668 rm -f "${ETC_DIR}/apt/apt.conf.d/10proxy"
668 669 rm -f "${ETC_DIR}/resolv.conf"
669 670 rm -f "${R}/root/.bash_history"
670 671 rm -f "${R}/var/lib/urandom/random-seed"
671 672 rm -f "${R}/initrd.img"
672 673 rm -f "${R}/vmlinuz"
673 674 rm -f "${R}${QEMU_BINARY}"
674 675
675 676 if [ "$ENABLE_QEMU" = true ] ; then
676 677 # Setup QEMU directory
677 678 mkdir "${BASEDIR}/qemu"
678 679
679 680 # Copy kernel image to QEMU directory
680 681 install_readonly "${BOOT_DIR}/${KERNEL_IMAGE}" "${BASEDIR}/qemu/${KERNEL_IMAGE}"
681 682
682 683 # Copy kernel config to QEMU directory
683 684 install_readonly "${R}/boot/config-${KERNEL_VERSION}" "${BASEDIR}/qemu/config-${KERNEL_VERSION}"
684 685
685 686 # Copy kernel dtbs to QEMU directory
686 687 for dtb in "${BOOT_DIR}/"*.dtb ; do
687 688 if [ -f "${dtb}" ] ; then
688 689 install_readonly "${dtb}" "${BASEDIR}/qemu/"
689 690 fi
690 691 done
691 692
692 693 # Copy kernel overlays to QEMU directory
693 694 if [ -d "${BOOT_DIR}/overlays" ] ; then
694 695 # Setup overlays dtbs directory
695 696 mkdir "${BASEDIR}/qemu/overlays"
696 697
697 698 for dtb in "${BOOT_DIR}/overlays/"*.dtb ; do
698 699 if [ -f "${dtb}" ] ; then
699 700 install_readonly "${dtb}" "${BASEDIR}/qemu/overlays/"
700 701 fi
701 702 done
702 703 fi
703 704
704 705 # Copy u-boot files to QEMU directory
705 706 if [ "$ENABLE_UBOOT" = true ] ; then
706 707 if [ -f "${BOOT_DIR}/u-boot.bin" ] ; then
707 708 install_readonly "${BOOT_DIR}/u-boot.bin" "${BASEDIR}/qemu/u-boot.bin"
708 709 fi
709 710 if [ -f "${BOOT_DIR}/uboot.mkimage" ] ; then
710 711 install_readonly "${BOOT_DIR}/uboot.mkimage" "${BASEDIR}/qemu/uboot.mkimage"
711 712 fi
712 713 if [ -f "${BOOT_DIR}/boot.scr" ] ; then
713 714 install_readonly "${BOOT_DIR}/boot.scr" "${BASEDIR}/qemu/boot.scr"
714 715 fi
715 716 fi
716 717
717 718 # Copy initramfs to QEMU directory
718 719 if [ -f "${BOOT_DIR}/initramfs-${KERNEL_VERSION}" ] ; then
719 720 install_readonly "${BOOT_DIR}/initramfs-${KERNEL_VERSION}" "${BASEDIR}/qemu/initramfs-${KERNEL_VERSION}"
720 721 fi
721 722 fi
722 723
723 724 # Calculate size of the chroot directory in KB
724 725 CHROOT_SIZE=$(expr "$(du -s "${R}" | awk '{ print $1 }')")
725 726
726 727 # Calculate the amount of needed 512 Byte sectors
727 728 TABLE_SECTORS=$(expr 1 \* 1024 \* 1024 \/ 512)
728 729 FRMW_SECTORS=$(expr 64 \* 1024 \* 1024 \/ 512)
729 730 ROOT_OFFSET=$(expr "${TABLE_SECTORS}" + "${FRMW_SECTORS}")
730 731
731 732 # The root partition is EXT4
732 733 # This means more space than the actual used space of the chroot is used.
733 734 # As overhead for journaling and reserved blocks 35% are added.
734 735 ROOT_SECTORS=$(expr "$(expr "${CHROOT_SIZE}" + "${CHROOT_SIZE}" \/ 100 \* 35)" \* 1024 \/ 512)
735 736
736 737 # Calculate required image size in 512 Byte sectors
737 738 IMAGE_SECTORS=$(expr "${TABLE_SECTORS}" + "${FRMW_SECTORS}" + "${ROOT_SECTORS}")
738 739
739 740 # Prepare image file
740 741 if [ "$ENABLE_SPLITFS" = true ] ; then
741 742 dd if=/dev/zero of="$IMAGE_NAME-frmw.img" bs=512 count="${TABLE_SECTORS}"
742 743 dd if=/dev/zero of="$IMAGE_NAME-frmw.img" bs=512 count=0 seek="${FRMW_SECTORS}"
743 744 dd if=/dev/zero of="$IMAGE_NAME-root.img" bs=512 count="${TABLE_SECTORS}"
744 745 dd if=/dev/zero of="$IMAGE_NAME-root.img" bs=512 count=0 seek="${ROOT_SECTORS}"
745 746
746 747 # Write firmware/boot partition tables
747 748 sfdisk -q -L -uS -f "$IMAGE_NAME-frmw.img" 2> /dev/null <<EOM
748 749 ${TABLE_SECTORS},${FRMW_SECTORS},c,*
749 750 EOM
750 751
751 752 # Write root partition table
752 753 sfdisk -q -L -uS -f "$IMAGE_NAME-root.img" 2> /dev/null <<EOM
753 754 ${TABLE_SECTORS},${ROOT_SECTORS},83
754 755 EOM
755 756
756 757 # Setup temporary loop devices
757 758 FRMW_LOOP="$(losetup -o 1M --sizelimit 64M -f --show "$IMAGE_NAME"-frmw.img)"
758 759 ROOT_LOOP="$(losetup -o 1M -f --show "$IMAGE_NAME"-root.img)"
759 760 else # ENABLE_SPLITFS=false
760 761 dd if=/dev/zero of="$IMAGE_NAME.img" bs=512 count="${TABLE_SECTORS}"
761 762 dd if=/dev/zero of="$IMAGE_NAME.img" bs=512 count=0 seek="${IMAGE_SECTORS}"
762 763
763 764 # Write partition table
764 765 sfdisk -q -L -uS -f "$IMAGE_NAME.img" 2> /dev/null <<EOM
765 766 ${TABLE_SECTORS},${FRMW_SECTORS},c,*
766 767 ${ROOT_OFFSET},${ROOT_SECTORS},83
767 768 EOM
768 769
769 770 # Setup temporary loop devices
770 771 FRMW_LOOP="$(losetup -o 1M --sizelimit 64M -f --show "$IMAGE_NAME".img)"
771 772 ROOT_LOOP="$(losetup -o 65M -f --show "$IMAGE_NAME".img)"
772 773 fi
773 774
774 775 if [ "$ENABLE_CRYPTFS" = true ] ; then
775 776 # Create dummy ext4 fs
776 777 mkfs.ext4 "$ROOT_LOOP"
777 778
778 779 # Setup password keyfile
779 780 touch .password
780 781 chmod 600 .password
781 782 echo -n ${CRYPTFS_PASSWORD} > .password
782 783
783 784 # Initialize encrypted partition
784 785 echo "YES" | cryptsetup luksFormat "${ROOT_LOOP}" -c "${CRYPTFS_CIPHER}" -s "${CRYPTFS_XTSKEYSIZE}" .password
785 786
786 787 # Open encrypted partition and setup mapping
787 788 cryptsetup luksOpen "${ROOT_LOOP}" -d .password "${CRYPTFS_MAPPING}"
788 789
789 790 # Secure delete password keyfile
790 791 shred -zu .password
791 792
792 793 # Update temporary loop device
793 794 ROOT_LOOP="/dev/mapper/${CRYPTFS_MAPPING}"
794 795
795 796 # Wipe encrypted partition (encryption cipher is used for randomness)
796 797 dd if=/dev/zero of="${ROOT_LOOP}" bs=512 count="$(blockdev --getsz "${ROOT_LOOP}")"
797 798 fi
798 799
799 800 # Build filesystems
800 801 mkfs.vfat "$FRMW_LOOP"
801 802 mkfs.ext4 "$ROOT_LOOP"
802 803
803 804 # Mount the temporary loop devices
804 805 mkdir -p "$BUILDDIR/mount"
805 806 mount "$ROOT_LOOP" "$BUILDDIR/mount"
806 807
807 808 mkdir -p "$BUILDDIR/mount/boot/firmware"
808 809 mount "$FRMW_LOOP" "$BUILDDIR/mount/boot/firmware"
809 810
810 811 # Copy all files from the chroot to the loop device mount point directory
811 812 rsync -a "${R}/" "$BUILDDIR/mount/"
812 813
813 814 # Unmount all temporary loop devices and mount points
814 815 cleanup
815 816
816 817 # Create block map file(s) of image(s)
817 818 if [ "$ENABLE_SPLITFS" = true ] ; then
818 819 # Create block map files for "bmaptool"
819 820 bmaptool create -o "$IMAGE_NAME-frmw.bmap" "$IMAGE_NAME-frmw.img"
820 821 bmaptool create -o "$IMAGE_NAME-root.bmap" "$IMAGE_NAME-root.img"
821 822
822 823 # Image was successfully created
823 824 echo "$IMAGE_NAME-frmw.img ($(expr \( "${TABLE_SECTORS}" + "${FRMW_SECTORS}" \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
824 825 echo "$IMAGE_NAME-root.img ($(expr \( "${TABLE_SECTORS}" + "${ROOT_SECTORS}" \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
825 826 else
826 827 # Create block map file for "bmaptool"
827 828 bmaptool create -o "$IMAGE_NAME.bmap" "$IMAGE_NAME.img"
828 829
829 830 # Image was successfully created
830 831 echo "$IMAGE_NAME.img ($(expr \( "${TABLE_SECTORS}" + "${FRMW_SECTORS}" + "${ROOT_SECTORS}" \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
831 832
832 833 # Create qemu qcow2 image
833 834 if [ "$ENABLE_QEMU" = true ] ; then
834 835 QEMU_IMAGE=${QEMU_IMAGE:=${BASEDIR}/qemu/${DATE}-${KERNEL_ARCH}-CURRENT-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}}
835 836 QEMU_SIZE=16G
836 837
837 838 qemu-img convert -f raw -O qcow2 "$IMAGE_NAME".img "$QEMU_IMAGE".qcow2
838 839 qemu-img resize "$QEMU_IMAGE".qcow2 $QEMU_SIZE
839 840
840 841 echo "$QEMU_IMAGE.qcow2 ($QEMU_SIZE)" ": successfully created"
841 842 fi
842 843 fi
General Comments 0
Vous devez vous connecter pour laisser un commentaire. Se connecter maintenant