##// END OF EJS Templates
Rename ENANLE_SWAP to ENABLE_DPHYSSWAP
Yannick Schinko -
r528:82d7f5f597d6
parent child
Show More
@@ -1,503 +1,503
1 1 # rpi23-gen-image
2 2 ## Introduction
3 3 `rpi23-gen-image.sh` is an advanced Debian Linux bootstrapping shell script for generating Debian OS images for all Raspberry Pi computers. The script at this time supports the bootstrapping of the Debian (armhf/armel) releases `stretch` and `buster`. Raspberry Pi 0/1/2/3 images are generated for 32-bit mode only. Raspberry Pi 3 supports 64-bit images that can be generated using custom configuration parameters (```templates/rpi3-stretch-arm64-4.14.y```).
4 4
5 5 ## Build dependencies
6 6 The following list of Debian packages must be installed on the build system because they are essentially required for the bootstrapping process. The script will check if all required packages are installed and missing packages will be installed automatically if confirmed by the user.
7 7
8 8 ```debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git bc psmisc dbus sudo```
9 9
10 10 It is recommended to configure the `rpi23-gen-image.sh` script to build and install the latest Raspberry Pi Linux kernel. For the Raspberry 3 this is mandatory. Kernel compilation and linking will be performed on the build system using an ARM (armhf/armel) cross-compiler toolchain.
11 11
12 12 The script has been tested using the default `crossbuild-essential-armhf` and `crossbuild-essential-armel` toolchain meta packages on Debian Linux `stretch` build systems. Please check the [Debian CrossToolchains Wiki](https://wiki.debian.org/CrossToolchains) for further information.
13 13
14 14 ## Command-line parameters
15 15 The script accepts certain command-line parameters to enable or disable specific OS features, services and configuration settings. These parameters are passed to the `rpi23-gen-image.sh` script via (simple) shell-variables. Unlike environment shell-variables (simple) shell-variables are defined at the beginning of the command-line call of the `rpi23-gen-image.sh` script.
16 16
17 17 ##### Command-line examples:
18 18 ```shell
19 19 ENABLE_UBOOT=true ./rpi23-gen-image.sh
20 20 ENABLE_CONSOLE=false ENABLE_IPV6=false ./rpi23-gen-image.sh
21 21 ENABLE_WM=xfce4 ENABLE_FBTURBO=true ENABLE_MINBASE=true ./rpi23-gen-image.sh
22 22 ENABLE_HARDNET=true ENABLE_IPTABLES=true /rpi23-gen-image.sh
23 23 APT_SERVER=ftp.de.debian.org APT_PROXY="http://127.0.0.1:3142/" ./rpi23-gen-image.sh
24 24 ENABLE_MINBASE=true ./rpi23-gen-image.sh
25 25 BUILD_KERNEL=true ENABLE_MINBASE=true ENABLE_IPV6=false ./rpi23-gen-image.sh
26 26 BUILD_KERNEL=true KERNELSRC_DIR=/tmp/linux ./rpi23-gen-image.sh
27 27 ENABLE_MINBASE=true ENABLE_REDUCE=true ENABLE_MINGPU=true BUILD_KERNEL=true ./rpi23-gen-image.sh
28 28 ENABLE_CRYPTFS=true CRYPTFS_PASSWORD=changeme EXPANDROOT=false ENABLE_MINBASE=true ENABLE_REDUCE=true ENABLE_MINGPU=true BUILD_KERNEL=true ./rpi23-gen-image.sh
29 29 RELEASE=stretch BUILD_KERNEL=true ./rpi23-gen-image.sh
30 30 RPI_MODEL=3 ENABLE_WIRELESS=true ENABLE_MINBASE=true BUILD_KERNEL=true ./rpi23-gen-image.sh
31 31 RELEASE=stretch RPI_MODEL=3 ENABLE_WIRELESS=true ENABLE_MINBASE=true BUILD_KERNEL=true ./rpi23-gen-image.sh
32 32 ```
33 33
34 34 ## Configuration template files
35 35 To avoid long lists of command-line parameters and to help to store the favourite parameter configurations the `rpi23-gen-image.sh` script supports so called configuration template files (`CONFIG_TEMPLATE`=template). These are simple text files located in the `./templates` directory that contain the list of configuration parameters that will be used. New configuration template files can be added to the `./templates` directory.
36 36
37 37 ##### Command-line examples:
38 38 ```shell
39 39 CONFIG_TEMPLATE=rpi3stretch ./rpi23-gen-image.sh
40 40 CONFIG_TEMPLATE=rpi2stretch ./rpi23-gen-image.sh
41 41 ```
42 42
43 43 ## Supported parameters and settings
44 44 #### APT settings:
45 45 ##### `APT_SERVER`="ftp.debian.org"
46 46 Set Debian packages server address. Choose a server from the list of Debian worldwide [mirror sites](https://www.debian.org/mirror/list). Using a nearby server will probably speed-up all required downloads within the bootstrapping process.
47 47
48 48 ##### `APT_PROXY`=""
49 49 Set Proxy server address. Using a local Proxy-Cache like `apt-cacher-ng` will speed-up the bootstrapping process because all required Debian packages will only be downloaded from the Debian mirror site once. If `apt-cacher-ng` is running on default `http://127.0.0.1:3142` it is autodetected and you don't need to set this.
50 50
51 51 ##### `APT_INCLUDES`=""
52 52 A comma-separated list of additional packages to be installed by debootstrap during bootstrapping.
53 53
54 54 ##### `APT_INCLUDES_LATE`=""
55 55 A comma-separated list of additional packages to be installed by apt after bootstrapping and after APT sources are set up. This is useful for packages with pre-depends, which debootstrap do not handle well.
56 56
57 57 ---
58 58
59 59 #### General system settings:
60 60 ##### `SET_ARCH`=32
61 61 Set Architecture to default 32bit. If you want to compile 64-bit (RPI3 or RPI3+) set it to `64`. This option will set every needed cross-compiler or board specific option for a successful build.
62 62
63 63 ##### `RPI_MODEL`=2
64 64 Specify the target Raspberry Pi hardware model. The script at this time supports the following Raspberry Pi models:
65 65 - `0` = Raspberry Pi 0 and Raspberry Pi 0 W
66 66 - `1` = Raspberry Pi 1 model A and B
67 67 - `1P` = Raspberry Pi 1 model B+ and A+
68 68 - `2` = Raspberry Pi 2 model B
69 69 - `3` = Raspberry Pi 3 model B
70 70 - `3P` = Raspberry Pi 3 model B+
71 71
72 72 ##### `RELEASE`="buster"
73 73 Set the desired Debian release name. The script at this time supports the bootstrapping of the Debian releases `stretch` and `buster`.
74 74
75 75 ##### `RELEASE_ARCH`="armhf"
76 76 Set the desired Debian release architecture.
77 77
78 78 ##### `HOSTNAME`="rpi$RPI_MODEL-$RELEASE"
79 79 Set system hostname. It's recommended that the hostname is unique in the corresponding subnet.
80 80
81 81 ##### `PASSWORD`="raspberry"
82 82 Set system `root` password. It's **STRONGLY** recommended that you choose a custom password.
83 83
84 84 ##### `USER_PASSWORD`="raspberry"
85 85 Set password for the created non-root user `USER_NAME`=pi. Ignored if `ENABLE_USER`=false. It's **STRONGLY** recommended that you choose a custom password.
86 86
87 87 ##### `DEFLOCAL`="en_US.UTF-8"
88 88 Set default system locale. This setting can also be changed inside the running OS using the `dpkg-reconfigure locales` command. Please note that on using this parameter the script will automatically install the required packages `locales`, `keyboard-configuration` and `console-setup`.
89 89
90 90 ##### `TIMEZONE`="Europe/Berlin"
91 91 Set default system timezone. All available timezones can be found in the `/usr/share/zoneinfo/` directory. This setting can also be changed inside the running OS using the `dpkg-reconfigure tzdata` command.
92 92
93 93 ##### `EXPANDROOT`=true
94 94 Expand the root partition and filesystem automatically on first boot.
95 95
96 ##### `ENABLE_SWAP`=true
96 ##### `ENABLE_DPHYSSWAP`=true
97 97 Enable swap. The size of the swapfile is chosen relative to the size of the root partition. It'll use the `dphys-swapfile` package for that.
98 98
99 99 ##### `ENABLE_QEMU`=false
100 100 Generate kernel (`vexpress_defconfig`), file system image (`qcow2`) and DTB files that can be used for QEMU full system emulation (`vexpress-A15`). The output files are stored in the `$(pwd)/images/qemu` directory. You can find more information about running the generated image in the QEMU section of this readme file.
101 101
102 102 ---
103 103
104 104 #### Keyboard settings:
105 105 These options are used to configure keyboard layout in `/etc/default/keyboard` for console and Xorg. These settings can also be changed inside the running OS using the `dpkg-reconfigure keyboard-configuration` command.
106 106
107 107 ##### `XKB_MODEL`=""
108 108 Set the name of the model of your keyboard type.
109 109
110 110 ##### `XKB_LAYOUT`=""
111 111 Set the supported keyboard layout(s).
112 112
113 113 ##### `XKB_VARIANT`=""
114 114 Set the supported variant(s) of the keyboard layout(s).
115 115
116 116 ##### `XKB_OPTIONS`=""
117 117 Set extra xkb configuration options.
118 118
119 119 ---
120 120
121 121 #### Networking settings (DHCP):
122 122 This parameter is used to set up networking auto-configuration in `/etc/systemd/network/eth.network`. The default location of network configuration files in the Debian `stretch` release was changed to `/lib/systemd/network`.`
123 123
124 124 ##### `ENABLE_DHCP`=true
125 125 Set the system to use DHCP. This requires an DHCP server.
126 126
127 127 ---
128 128
129 129 #### Networking settings (static):
130 130 These parameters are used to set up a static networking configuration in `/etc/systemd/network/eth.network`. The following static networking parameters are only supported if `ENABLE_DHCP` was set to `false`. The default location of network configuration files in the Debian `stretch` release was changed to `/lib/systemd/network`.
131 131
132 132 ##### `NET_ADDRESS`=""
133 133 Set a static IPv4 or IPv6 address and its prefix, separated by "/", eg. "192.169.0.3/24".
134 134
135 135 ##### `NET_GATEWAY`=""
136 136 Set the IP address for the default gateway.
137 137
138 138 ##### `NET_DNS_1`=""
139 139 Set the IP address for the first DNS server.
140 140
141 141 ##### `NET_DNS_2`=""
142 142 Set the IP address for the second DNS server.
143 143
144 144 ##### `NET_DNS_DOMAINS`=""
145 145 Set the default DNS search domains to use for non fully qualified hostnames.
146 146
147 147 ##### `NET_NTP_1`=""
148 148 Set the IP address for the first NTP server.
149 149
150 150 ##### `NET_NTP_2`=""
151 151 Set the IP address for the second NTP server.
152 152
153 153 ---
154 154
155 155 #### Basic system features:
156 156 ##### `ENABLE_CONSOLE`=true
157 157 Enable serial console interface. Recommended if no monitor or keyboard is connected to the RPi2/3. In case of problems fe. if the network (auto) configuration failed - the serial console can be used to access the system. On RPI `0` `3` `3P` the CPU speed is locked at lowest speed.
158 158
159 159 ##### `ENABLE_PRINTK`=false
160 160 Enables printing kernel messages to konsole. printk is `3 4 1 3` as in raspbian.
161 161
162 162 ##### `ENABLE_BLUETOOTH`=false
163 163 Enable onboard Bluetooth interface on the RPi0/3/3P. See: [Configuring the GPIO serial port on Raspbian jessie and stretch](https://spellfoundry.com/2016/05/29/configuring-gpio-serial-port-raspbian-jessie-including-pi-3/).
164 164
165 165 ##### `ENABLE_MINIUART_OVERLAY`=false
166 166 Enable Bluetooth to use this. Adds overlay to swap UART0 with UART1. Enabling (slower) Bluetooth and full speed serial console. - RPI `0` `3` `3P` have a fast `hardware UART0` (ttyAMA0) and a `mini UART1` (ttyS0)! RPI `1` `1P` `2` only have a `hardware UART0`. `UART0` is considered better, because is faster and more stable than `mini UART1`. By default the Bluetooth modem is mapped to the `hardware UART0` and `mini UART` is used for console. The `mini UART` is a problem for the serial console, because its baudrate depends on the CPU frequency, which is changing on runtime. Resulting in a volatile baudrate and thus in an unusable serial console.
167 167
168 168 ##### `ENABLE_TURBO`=false
169 169 Enable Turbo mode. This setting locks cpu at the highest frequency. As setting ENABLE_CONSOLE=true locks RPI to lowest CPU speed, this is can be used additionally to lock cpu hat max speed. Need a good power supply and probably cooling for the Raspberry PI.
170 170
171 171 ##### `ENABLE_I2C`=false
172 172 Enable I2C interface on the RPi 0/1/2/3. Please check the [RPi 0/1/2/3 pinout diagrams](https://elinux.org/RPi_Low-level_peripherals) to connect the right GPIO pins.
173 173
174 174 ##### `ENABLE_SPI`=false
175 175 Enable SPI interface on the RPi 0/1/2/3. Please check the [RPi 0/1/2/3 pinout diagrams](https://elinux.org/RPi_Low-level_peripherals) to connect the right GPIO pins.
176 176
177 177 ##### `ENABLE_IPV6`=true
178 178 Enable IPv6 support. The network interface configuration is managed via systemd-networkd.
179 179
180 180 ##### `ENABLE_SSHD`=true
181 181 Install and enable OpenSSH service. The default configuration of the service doesn't allow `root` to login. Please use the user `pi` instead and `su -` or `sudo` to execute commands as root.
182 182
183 183 ##### `ENABLE_NONFREE`=false
184 184 Allow the installation of non-free Debian packages that do not comply with the DFSG. This is required to install closed-source firmware binary blobs.
185 185
186 186 ##### `ENABLE_WIRELESS`=false
187 187 Download and install the [closed-source firmware binary blob](https://github.com/RPi-Distro/firmware-nonfree/raw/master/brcm) that is required to run the internal wireless interface of the Raspberry Pi model `3`. This parameter is ignored if the specified `RPI_MODEL` is not `3`.
188 188
189 189 ##### `ENABLE_RSYSLOG`=true
190 190 If set to false, disable and uninstall rsyslog (so logs will be available only in journal files)
191 191
192 192 ##### `ENABLE_SOUND`=true
193 193 Enable sound hardware and install Advanced Linux Sound Architecture.
194 194
195 195 ##### `ENABLE_HWRANDOM`=true
196 196 Enable Hardware Random Number Generator. Strong random numbers are important for most network-based communications that use encryption. It's recommended to be enabled.
197 197
198 198 ##### `ENABLE_MINGPU`=false
199 199 Minimize the amount of shared memory reserved for the GPU. It doesn't seem to be possible to fully disable the GPU.
200 200
201 201 ##### `ENABLE_DBUS`=true
202 202 Install and enable D-Bus message bus. Please note that systemd should work without D-bus but it's recommended to be enabled.
203 203
204 204 ##### `ENABLE_XORG`=false
205 205 Install Xorg open-source X Window System.
206 206
207 207 ##### `ENABLE_WM`=""
208 208 Install a user-defined window manager for the X Window System. To make sure all X related package dependencies are getting installed `ENABLE_XORG` will automatically get enabled if `ENABLE_WM` is used. The `rpi23-gen-image.sh` script has been tested with the following list of window managers: `blackbox`, `openbox`, `fluxbox`, `jwm`, `dwm`, `xfce4`, `awesome`.
209 209
210 210 ##### `ENABLE_SYSVINIT`=false
211 211 Support for halt,init,poweroff,reboot,runlevel,shutdown,telinit commands
212 212
213 213 ---
214 214
215 215 #### Advanced system features:
216 216 ##### `ENABLE_MINBASE`=false
217 217 Use debootstrap script variant `minbase` which only includes essential packages and apt. This will reduce the disk usage by about 65 MB.
218 218
219 219 ##### `ENABLE_REDUCE`=false
220 220 Reduce the disk space usage by deleting packages and files. See `REDUCE_*` parameters for detailed information.
221 221
222 222 ##### `ENABLE_UBOOT`=false
223 223 Replace the default RPi 0/1/2/3 second stage bootloader (bootcode.bin) with [U-Boot bootloader](https://git.denx.de/?p=u-boot.git;a=summary). U-Boot can boot images via the network using the BOOTP/TFTP protocol.
224 224
225 225 ##### `UBOOTSRC_DIR`=""
226 226 Path to a directory (`u-boot`) of [U-Boot bootloader sources](https://git.denx.de/?p=u-boot.git;a=summary) that will be copied, configured, build and installed inside the chroot.
227 227
228 228 ##### `ENABLE_FBTURBO`=false
229 229 Install and enable the [hardware accelerated Xorg video driver](https://github.com/ssvb/xf86-video-fbturbo) `fbturbo`. Please note that this driver is currently limited to hardware accelerated window moving and scrolling.
230 230
231 231 ##### `FBTURBOSRC_DIR`=""
232 232 Path to a directory (`xf86-video-fbturbo`) of [hardware accelerated Xorg video driver sources](https://github.com/ssvb/xf86-video-fbturbo) that will be copied, configured, build and installed inside the chroot.
233 233
234 234 ##### `ENABLE_VIDEOCORE`=false
235 235 Install and enable the [ARM side libraries for interfacing to Raspberry Pi GPU](https://github.com/raspberrypi/userland) `vcgencmd`. Please note that this driver is currently limited to hardware accelerated window moving and scrolling.
236 236
237 237 ##### `VIDEOCORESRC_DIR`=""
238 238 Path to a directory (`userland`) of [ARM side libraries for interfacing to Raspberry Pi GPU](https://github.com/raspberrypi/userland) that will be copied, configured, build and installed inside the chroot.
239 239
240 240 ##### `ENABLE_IPTABLES`=false
241 241 Enable iptables IPv4/IPv6 firewall. Simplified ruleset: Allow all outgoing connections. Block all incoming connections except to OpenSSH service.
242 242
243 243 ##### `ENABLE_USER`=true
244 244 Create non-root user with password `USER_PASSWORD`=raspberry. Unless overridden with `USER_NAME`=user, the username will be `pi`.
245 245
246 246 ##### `USER_NAME`=pi
247 247 Non-root user to create. Ignored if `ENABLE_USER`=false
248 248
249 249 ##### `ENABLE_ROOT`=false
250 250 Set root user password so root login will be enabled
251 251
252 252 ##### `ENABLE_HARDNET`=false
253 253 Enable IPv4/IPv6 network stack hardening settings.
254 254
255 255 ##### `ENABLE_SPLITFS`=false
256 256 Enable having root partition on an USB drive by creating two image files: one for the `/boot/firmware` mount point, and another for `/`.
257 257
258 258 ##### `CHROOT_SCRIPTS`=""
259 259 Path to a directory with scripts that should be run in the chroot before the image is finally built. Every executable file in this directory is run in lexicographical order.
260 260
261 261 ##### `ENABLE_INITRAMFS`=false
262 262 Create an initramfs that that will be loaded during the Linux startup process. `ENABLE_INITRAMFS` will automatically get enabled if `ENABLE_CRYPTFS`=true. This parameter will be ignored if `BUILD_KERNEL`=false.
263 263
264 264 ##### `ENABLE_IFNAMES`=true
265 265 Enable automatic assignment of predictable, stable network interface names for all local Ethernet, WLAN interfaces. This might create complex and long interface names.
266 266
267 267 ##### `DISABLE_UNDERVOLT_WARNINGS`=
268 268 Disable RPi2/3 under-voltage warnings and overlays. Setting the parameter to `1` will disable the warning overlay. Setting it to `2` will additionally allow RPi2/3 turbo mode when low-voltage is present.
269 269
270 270 ---
271 271
272 272 #### SSH settings:
273 273 ##### `SSH_ENABLE_ROOT`=false
274 274 Enable password-based root login via SSH. This may be a security risk with the default password set, use only in trusted environments. `ENABLE_ROOT` must be set to `true`.
275 275
276 276 ##### `SSH_DISABLE_PASSWORD_AUTH`=false
277 277 Disable password-based SSH authentication. Only public key based SSH (v2) authentication will be supported.
278 278
279 279 ##### `SSH_LIMIT_USERS`=false
280 280 Limit the users that are allowed to login via SSH. Only allow user `USER_NAME`=pi and root if `SSH_ENABLE_ROOT`=true to login. This parameter will be ignored if `dropbear` SSH is used (`REDUCE_SSHD`=true).
281 281
282 282 ##### `SSH_ROOT_PUB_KEY`=""
283 283 Add SSH (v2) public key(s) from specified file to `authorized_keys` file to enable public key based SSH (v2) authentication of user `root`. The specified file can also contain multiple SSH (v2) public keys. SSH protocol version 1 is not supported. `ENABLE_ROOT` **and** `SSH_ENABLE_ROOT` must be set to `true`.
284 284
285 285 ##### `SSH_USER_PUB_KEY`=""
286 286 Add SSH (v2) public key(s) from specified file to `authorized_keys` file to enable public key based SSH (v2) authentication of user `USER_NAME`=pi. The specified file can also contain multiple SSH (v2) public keys. SSH protocol version 1 is not supported.
287 287
288 288 ---
289 289
290 290 #### Kernel compilation:
291 291 ##### `BUILD_KERNEL`=true
292 292 Build and install the latest RPi 0/1/2/3 Linux kernel. Currently only the default RPi 0/1/2/3 kernel configuration is used.
293 293
294 294 ##### `CROSS_COMPILE`="arm-linux-gnueabihf-"
295 295 This sets the cross-compile environment for the compiler.
296 296
297 297 ##### `KERNEL_ARCH`="arm"
298 298 This sets the kernel architecture for the compiler.
299 299
300 300 ##### `KERNEL_IMAGE`="kernel7.img"
301 301 Name of the image file in the boot partition. If not set, `KERNEL_IMAGE` will be set to "kernel8.img" automatically if building for arm64.
302 302
303 303 ##### `KERNEL_BRANCH`=""
304 304 Name of the requested branch from the GIT location for the RPi Kernel. Default is using the current default branch from the GIT site.
305 305
306 306 ##### `QEMU_BINARY`="/usr/bin/qemu-arm-static"
307 307 Sets the QEMU enviornment for the Debian archive. If not set, `QEMU_BINARY` will be set to "/usr/bin/qemu-aarch64-static" automatically if building for arm64.
308 308
309 309 ##### `KERNEL_DEFCONFIG`="bcm2709_defconfig"
310 310 Sets the default config for kernel compiling. If not set, `KERNEL_DEFCONFIG` will be set to "bcmrpi3\_defconfig" automatically if building for arm64.
311 311
312 312 ##### `KERNEL_REDUCE`=false
313 313 Reduce the size of the generated kernel by removing unwanted devices, network and filesystem drivers (experimental).
314 314
315 315 ##### `KERNEL_THREADS`=1
316 316 Number of parallel kernel building threads. If the parameter is left untouched the script will automatically determine the number of CPU cores to set the number of parallel threads to speed the kernel compilation.
317 317
318 318 ##### `KERNEL_HEADERS`=true
319 319 Install kernel headers with the built kernel.
320 320
321 321 ##### `KERNEL_MENUCONFIG`=false
322 322 Start `make menuconfig` interactive menu-driven kernel configuration. The script will continue after `make menuconfig` was terminated.
323 323
324 324 ##### `KERNEL_OLDDEFCONFIG`=false
325 325 Run `make olddefconfig` to automatically set all new kernel configuration options to their recommended default values.
326 326
327 327 ##### `KERNEL_CCACHE`=false
328 328 Compile the kernel using ccache. This speeds up kernel recompilation by caching previous compilations and detecting when the same compilation is being done again.
329 329
330 330 ##### `KERNEL_REMOVESRC`=true
331 331 Remove all kernel sources from the generated OS image after it was built and installed.
332 332
333 333 ##### `KERNELSRC_DIR`=""
334 334 Path to a directory (`linux`) of [RaspberryPi Linux kernel sources](https://github.com/raspberrypi/linux) that will be copied, configured, build and installed inside the chroot.
335 335
336 336 ##### `KERNELSRC_CLEAN`=false
337 337 Clean the existing kernel sources directory `KERNELSRC_DIR` (using `make mrproper`) after it was copied to the chroot and before the compilation of the kernel has started. This parameter will be ignored if no `KERNELSRC_DIR` was specified or if `KERNELSRC_PREBUILT`=true.
338 338
339 339 ##### `KERNELSRC_CONFIG`=true
340 340 Run `make bcm2709_defconfig` (and optional `make menuconfig`) to configure the kernel sources before building. This parameter is automatically set to `true` if no existing kernel sources directory was specified using `KERNELSRC_DIR`. This parameter is ignored if `KERNELSRC_PREBUILT`=true.
341 341
342 342 ##### `KERNELSRC_USRCONFIG`=""
343 343 Copy own config file to kernel `.config`. If `KERNEL_MENUCONFIG`=true then running after copy.
344 344
345 345 ##### `KERNELSRC_PREBUILT`=false
346 346 With this parameter set to true the script expects the existing kernel sources directory to be already successfully cross-compiled. The parameters `KERNELSRC_CLEAN`, `KERNELSRC_CONFIG`, `KERNELSRC_USRCONFIG` and `KERNEL_MENUCONFIG` are ignored and no kernel compilation tasks are performed.
347 347
348 348 ##### `RPI_FIRMWARE_DIR`=""
349 349 The directory (`firmware`) containing a local copy of the firmware from the [RaspberryPi firmware project](https://github.com/raspberrypi/firmware). Default is to download the latest firmware directly from the project.
350 350
351 351 ---
352 352
353 353 #### Reduce disk usage:
354 354 The following list of parameters is ignored if `ENABLE_REDUCE`=false.
355 355
356 356 ##### `REDUCE_APT`=true
357 357 Configure APT to use compressed package repository lists and no package caching files.
358 358
359 359 ##### `REDUCE_DOC`=true
360 360 Remove all doc files (harsh). Configure APT to not include doc files on future `apt-get` package installations.
361 361
362 362 ##### `REDUCE_MAN`=true
363 363 Remove all man pages and info files (harsh). Configure APT to not include man pages on future `apt-get` package installations.
364 364
365 365 ##### `REDUCE_VIM`=false
366 366 Replace `vim-tiny` package by `levee` a tiny vim clone.
367 367
368 368 ##### `REDUCE_BASH`=false
369 369 Remove `bash` package and switch to `dash` shell (experimental).
370 370
371 371 ##### `REDUCE_HWDB`=true
372 372 Remove PCI related hwdb files (experimental).
373 373
374 374 ##### `REDUCE_SSHD`=true
375 375 Replace `openssh-server` with `dropbear`.
376 376
377 377 ##### `REDUCE_LOCALE`=true
378 378 Remove all `locale` translation files.
379 379
380 380 ---
381 381
382 382 #### Encrypted root partition:
383 383 ##### `ENABLE_CRYPTFS`=false
384 384 Enable full system encryption with dm-crypt. Setup a fully LUKS encrypted root partition (aes-xts-plain64:sha512) and generate required initramfs. The /boot directory will not be encrypted. This parameter will be ignored if `BUILD_KERNEL`=false. `ENABLE_CRYPTFS` is experimental. SSH-to-initramfs is currently not supported but will be soon - feel free to help.
385 385
386 386 ##### `CRYPTFS_PASSWORD`=""
387 387 Set password of the encrypted root partition. This parameter is mandatory if `ENABLE_CRYPTFS`=true.
388 388
389 389 ##### `CRYPTFS_MAPPING`="secure"
390 390 Set name of dm-crypt managed device-mapper mapping.
391 391
392 392 ##### `CRYPTFS_CIPHER`="aes-xts-plain64:sha512"
393 393 Set cipher specification string. `aes-xts*` ciphers are strongly recommended.
394 394
395 395 ##### `CRYPTFS_XTSKEYSIZE`=512
396 396 Sets key size in bits. The argument has to be a multiple of 8.
397 397
398 398 ---
399 399
400 400 #### Build settings:
401 401 ##### `BASEDIR`=$(pwd)/images/${RELEASE}
402 402 Set a path to a working directory used by the script to generate an image.
403 403
404 404 ##### `IMAGE_NAME`=${BASEDIR}/${DATE}-${KERNEL_ARCH}-${KERNEL_BRANCH}-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}
405 405 Set a filename for the output file(s). Note: the script will create $IMAGE_NAME.img if `ENABLE_SPLITFS`=false or $IMAGE_NAME-frmw.img and $IMAGE_NAME-root.img if `ENABLE_SPLITFS`=true. Note 2: If the KERNEL_BRANCH is not set, the word "CURRENT" is used.
406 406
407 407 ## Understanding the script
408 408 The functions of this script that are required for the different stages of the bootstrapping are split up into single files located inside the `bootstrap.d` directory. During the bootstrapping every script in this directory gets executed in lexicographical order:
409 409
410 410 | Script | Description |
411 411 | --- | --- |
412 412 | `10-bootstrap.sh` | Debootstrap basic system |
413 413 | `11-apt.sh` | Setup APT repositories |
414 414 | `12-locale.sh` | Setup Locales and keyboard settings |
415 415 | `13-kernel.sh` | Build and install RPi 0/1/2/3 Kernel |
416 416 | `14-fstab.sh` | Setup fstab and initramfs |
417 417 | `15-rpi-config.sh` | Setup RPi 0/1/2/3 config and cmdline |
418 418 | `20-networking.sh` | Setup Networking |
419 419 | `21-firewall.sh` | Setup Firewall |
420 420 | `30-security.sh` | Setup Users and Security settings |
421 421 | `31-logging.sh` | Setup Logging |
422 422 | `32-sshd.sh` | Setup SSH and public keys |
423 423 | `41-uboot.sh` | Build and Setup U-Boot |
424 424 | `42-fbturbo.sh` | Build and Setup fbturbo Xorg driver |
425 425 | `43-videocore.sh` | Build and Setup videocore libraries |
426 426 | `50-firstboot.sh` | First boot actions |
427 427 | `99-reduce.sh` | Reduce the disk space usage |
428 428
429 429 All the required configuration files that will be copied to the generated OS image are located inside the `files` directory. It is not recommended to modify these configuration files manually.
430 430
431 431 | Directory | Description |
432 432 | --- | --- |
433 433 | `apt` | APT management configuration files |
434 434 | `boot` | Boot and RPi 0/1/2/3 configuration files |
435 435 | `dpkg` | Package Manager configuration |
436 436 | `etc` | Configuration files and rc scripts |
437 437 | `firstboot` | Scripts that get executed on first boot |
438 438 | `initramfs` | Initramfs scripts |
439 439 | `iptables` | Firewall configuration files |
440 440 | `locales` | Locales configuration |
441 441 | `modules` | Kernel Modules configuration |
442 442 | `mount` | Fstab configuration |
443 443 | `network` | Networking configuration files |
444 444 | `sysctl.d` | Swapping and Network Hardening configuration |
445 445 | `xorg` | fbturbo Xorg driver configuration |
446 446
447 447 ## Custom packages and scripts
448 448 Debian custom packages, i.e. those not in the debian repositories, can be installed by placing them in the `packages` directory. They are installed immediately after packages from the repositories are installed. Any dependencies listed in the custom packages will be downloaded automatically from the repositories. Do not list these custom packages in `APT_INCLUDES`.
449 449
450 450 Scripts in the custom.d directory will be executed after all other installation is complete but before the image is created.
451 451
452 452 ## Logging of the bootstrapping process
453 453 All information related to the bootstrapping process and the commands executed by the `rpi23-gen-image.sh` script can easily be saved into a logfile. The common shell command `script` can be used for this purpose:
454 454
455 455 ```shell
456 456 script -c 'APT_SERVER=ftp.de.debian.org ./rpi23-gen-image.sh' ./build.log
457 457 ```
458 458
459 459 ## Flashing the image file
460 460 After the image file was successfully created by the `rpi23-gen-image.sh` script it can be copied to the microSD card that will be used by the RPi 0/1/2/3 computer. This can be performed by using the tools `bmaptool` or `dd`. Using `bmaptool` will probably speed-up the copy process because `bmaptool` copies more wisely than `dd`.
461 461
462 462 ##### Flashing examples:
463 463 ```shell
464 464 bmaptool copy ./images/buster/2017-01-23-rpi3-buster.img /dev/mmcblk0
465 465 dd bs=4M if=./images/buster/2017-01-23-rpi3-buster.img of=/dev/mmcblk0
466 466 ```
467 467 If you have set `ENABLE_SPLITFS`, copy the `-frmw` image on the microSD card, then the `-root` one on the USB drive:
468 468 ```shell
469 469 bmaptool copy ./images/buster/2017-01-23-rpi3-buster-frmw.img /dev/mmcblk0
470 470 bmaptool copy ./images/buster/2017-01-23-rpi3-buster-root.img /dev/sdc
471 471 ```
472 472
473 473 ## QEMU emulation
474 474 Start QEMU full system emulation:
475 475 ```shell
476 476 qemu-system-arm -m 2048M -M vexpress-a15 -cpu cortex-a15 -kernel kernel7.img -no-reboot -dtb vexpress-v2p-ca15_a7.dtb -sd ${IMAGE_NAME}.qcow2 -append "root=/dev/mmcblk0p2 rw rootfstype=ext4 console=tty1"
477 477 ```
478 478
479 479 Start QEMU full system emulation and output to console:
480 480 ```shell
481 481 qemu-system-arm -m 2048M -M vexpress-a15 -cpu cortex-a15 -kernel kernel7.img -no-reboot -dtb vexpress-v2p-ca15_a7.dtb -sd ${IMAGE_NAME}.qcow2 -append "root=/dev/mmcblk0p2 rw rootfstype=ext4 console=ttyAMA0,115200 init=/bin/systemd" -serial stdio
482 482 ```
483 483
484 484 Start QEMU full system emulation with SMP and output to console:
485 485 ```shell
486 486 qemu-system-arm -m 2048M -M vexpress-a15 -cpu cortex-a15 -smp cpus=2,maxcpus=2 -kernel kernel7.img -no-reboot -dtb vexpress-v2p-ca15_a7.dtb -sd ${IMAGE_NAME}.qcow2 -append "root=/dev/mmcblk0p2 rw rootfstype=ext4 console=ttyAMA0,115200 init=/bin/systemd" -serial stdio
487 487 ```
488 488
489 489 Start QEMU full system emulation with cryptfs, initramfs and output to console:
490 490 ```shell
491 491 qemu-system-arm -m 2048M -M vexpress-a15 -cpu cortex-a15 -kernel kernel7.img -no-reboot -dtb vexpress-v2p-ca15_a7.dtb -sd ${IMAGE_NAME}.qcow2 -initrd "initramfs-${KERNEL_VERSION}" -append "root=/dev/mapper/secure cryptdevice=/dev/mmcblk0p2:secure rw rootfstype=ext4 console=ttyAMA0,115200 init=/bin/systemd" -serial stdio
492 492 ```
493 493
494 494 ## External links and references
495 495 * [Debian worldwide mirror sites](https://www.debian.org/mirror/list)
496 496 * [Debian Raspberry Pi 2 Wiki](https://wiki.debian.org/RaspberryPi2)
497 497 * [Debian CrossToolchains Wiki](https://wiki.debian.org/CrossToolchains)
498 498 * [Official Raspberry Pi Firmware on github](https://github.com/raspberrypi/firmware)
499 499 * [Official Raspberry Pi Kernel on github](https://github.com/raspberrypi/linux)
500 500 * [U-BOOT git repository](https://git.denx.de/?p=u-boot.git;a=summary)
501 501 * [Xorg DDX driver fbturbo](https://github.com/ssvb/xf86-video-fbturbo)
502 502 * [RPi3 Wireless interface firmware](https://github.com/RPi-Distro/firmware-nonfree/tree/master/brcm80211/brcm)
503 503 * [Collabora RPi2 Kernel precompiled](https://repositories.collabora.co.uk/debian/)
@@ -1,54 +1,54
1 1 #
2 2 # First boot actions
3 3 #
4 4
5 5 # Load utility functions
6 6 . ./functions.sh
7 7
8 8 # Prepare rc.firstboot script
9 9 cat files/firstboot/10-begin.sh > "${ETC_DIR}/rc.firstboot"
10 10
11 11 # Ensure openssh server host keys are regenerated on first boot
12 12 if [ "$ENABLE_SSHD" = true ] ; then
13 13 cat files/firstboot/20-generate-ssh-keys.sh >> "${ETC_DIR}/rc.firstboot"
14 14 fi
15 15
16 16 # Prepare filesystem auto expand
17 17 if [ "$EXPANDROOT" = true ] ; then
18 18 if [ "$ENABLE_CRYPTFS" = false ] ; then
19 19 cat files/firstboot/30-expandroot.sh >> "${ETC_DIR}/rc.firstboot"
20 20
21 21 # Restart dphys-swapfile so the size of the swap file is relative to the resized root partition
22 if [ "$ENABLE_SWAP" = true ] ; then
22 if [ "$ENABLE_DPHYSSWAP" = true ] ; then
23 23 cat files/firstboot/31-restart-dphys-swapfile.sh >> "${ETC_DIR}/rc.firstboot"
24 24 fi
25 25 else
26 26 # Regenerate initramfs to remove encrypted root partition auto expand
27 27 cat files/firstboot/33-regenerate-initramfs.sh >> "${ETC_DIR}/rc.firstboot"
28 28 fi
29 29 fi
30 30
31 31 # Ensure that dbus machine-id exists
32 32 cat files/firstboot/40-generate-machineid.sh >> "${ETC_DIR}/rc.firstboot"
33 33
34 34 # Create /etc/resolv.conf symlink
35 35 cat files/firstboot/41-create-resolv-symlink.sh >> "${ETC_DIR}/rc.firstboot"
36 36
37 37 # Configure automatic network interface names
38 38 if [ "$ENABLE_IFNAMES" = true ] ; then
39 39 cat files/firstboot/42-config-ifnames.sh >> "${ETC_DIR}/rc.firstboot"
40 40 fi
41 41
42 42 # Finalize rc.firstboot script
43 43 cat files/firstboot/99-finish.sh >> "${ETC_DIR}/rc.firstboot"
44 44 chmod +x "${ETC_DIR}/rc.firstboot"
45 45
46 46 # Install default rc.local if it does not exist
47 47 if [ ! -f "${ETC_DIR}/rc.local" ] ; then
48 48 install_exec files/etc/rc.local "${ETC_DIR}/rc.local"
49 49 fi
50 50
51 51 # Add rc.firstboot script to rc.local
52 52 sed -i '/exit 0/d' "${ETC_DIR}/rc.local"
53 53 echo /etc/rc.firstboot >> "${ETC_DIR}/rc.local"
54 54 echo exit 0 >> "${ETC_DIR}/rc.local"
@@ -1,813 +1,813
1 1 #!/bin/sh
2 2 ########################################################################
3 3 # rpi23-gen-image.sh 2015-2017
4 4 #
5 5 # Advanced Debian "stretch" and "buster" bootstrap script for Raspberry Pi
6 6 #
7 7 # This program is free software; you can redistribute it and/or
8 8 # modify it under the terms of the GNU General Public License
9 9 # as published by the Free Software Foundation; either version 2
10 10 # of the License, or (at your option) any later version.
11 11 #
12 12 # Copyright (C) 2015 Jan Wagner <mail@jwagner.eu>
13 13 #
14 14 # Big thanks for patches and enhancements by 20+ github contributors!
15 15 ########################################################################
16 16
17 17 # Are we running as root?
18 18 if [ "$(id -u)" -ne "0" ] ; then
19 19 echo "error: this script must be executed with root privileges!"
20 20 exit 1
21 21 fi
22 22
23 23 # Check if ./functions.sh script exists
24 24 if [ ! -r "./functions.sh" ] ; then
25 25 echo "error: './functions.sh' required script not found!"
26 26 exit 1
27 27 fi
28 28
29 29 # Load utility functions
30 30 . ./functions.sh
31 31
32 32 # Load parameters from configuration template file
33 33 if [ -n "$CONFIG_TEMPLATE" ] ; then
34 34 use_template
35 35 fi
36 36
37 37 # Introduce settings
38 38 set -e
39 39 echo -n -e "\n#\n# RPi 0/1/2/3 Bootstrap Settings\n#\n"
40 40 set -x
41 41
42 42 # Raspberry Pi model configuration
43 43 RPI_MODEL=${RPI_MODEL:=2}
44 44
45 45 # Debian release
46 46 RELEASE=${RELEASE:=buster}
47 47
48 48 # Kernel Branch
49 49 KERNEL_BRANCH=${KERNEL_BRANCH:=""}
50 50
51 51 # URLs
52 52 KERNEL_URL=${KERNEL_URL:=https://github.com/raspberrypi/linux}
53 53 FIRMWARE_URL=${FIRMWARE_URL:=https://github.com/raspberrypi/firmware/raw/master/boot}
54 54 WLAN_FIRMWARE_URL=${WLAN_FIRMWARE_URL:=https://github.com/RPi-Distro/firmware-nonfree/raw/master/brcm}
55 55 COLLABORA_URL=${COLLABORA_URL:=https://repositories.collabora.co.uk/debian}
56 56 FBTURBO_URL=${FBTURBO_URL:=https://github.com/ssvb/xf86-video-fbturbo.git}
57 57 UBOOT_URL=${UBOOT_URL:=https://git.denx.de/u-boot.git}
58 58 VIDEOCORE_URL=${VIDEOCORE_URL:=https://github.com/raspberrypi/userland}
59 59 BLUETOOTH_URL=${BLUETOOTH_URL:=https://github.com/RPi-Distro/pi-bluetooth.git}
60 60
61 61 # Build directories
62 62 WORKDIR=$(pwd)
63 63 BASEDIR=${BASEDIR:=${WORKDIR}/images/${RELEASE}}
64 64 BUILDDIR="${BASEDIR}/build"
65 65
66 66 # Chroot directories
67 67 R="${BUILDDIR}/chroot"
68 68 ETC_DIR="${R}/etc"
69 69 LIB_DIR="${R}/lib"
70 70 BOOT_DIR="${R}/boot/firmware"
71 71 KERNEL_DIR="${R}/usr/src/linux"
72 72 WLAN_FIRMWARE_DIR="${LIB_DIR}/firmware/brcm"
73 73 BLUETOOTH_FIRMWARE_DIR="${ETC_DIR}/firmware/bt"
74 74
75 75 # Firmware directory: Blank if download from github
76 76 RPI_FIRMWARE_DIR=${RPI_FIRMWARE_DIR:=""}
77 77
78 78 # General settings
79 79 SET_ARCH=${SET_ARCH:=32}
80 80 HOSTNAME=${HOSTNAME:=rpi${RPI_MODEL}-${RELEASE}}
81 81 PASSWORD=${PASSWORD:=raspberry}
82 82 USER_PASSWORD=${USER_PASSWORD:=raspberry}
83 83 DEFLOCAL=${DEFLOCAL:="en_US.UTF-8"}
84 84 TIMEZONE=${TIMEZONE:="Europe/Berlin"}
85 85 EXPANDROOT=${EXPANDROOT:=true}
86 ENABLE_SWAP=${ENABLE_SWAP:=true}
86 ENABLE_DPHYSSWAP=${ENABLE_DPHYSSWAP:=true}
87 87
88 88 # Keyboard settings
89 89 XKB_MODEL=${XKB_MODEL:=""}
90 90 XKB_LAYOUT=${XKB_LAYOUT:=""}
91 91 XKB_VARIANT=${XKB_VARIANT:=""}
92 92 XKB_OPTIONS=${XKB_OPTIONS:=""}
93 93
94 94 # Network settings (DHCP)
95 95 ENABLE_DHCP=${ENABLE_DHCP:=true}
96 96
97 97 # Network settings (static)
98 98 NET_ADDRESS=${NET_ADDRESS:=""}
99 99 NET_GATEWAY=${NET_GATEWAY:=""}
100 100 NET_DNS_1=${NET_DNS_1:=""}
101 101 NET_DNS_2=${NET_DNS_2:=""}
102 102 NET_DNS_DOMAINS=${NET_DNS_DOMAINS:=""}
103 103 NET_NTP_1=${NET_NTP_1:=""}
104 104 NET_NTP_2=${NET_NTP_2:=""}
105 105
106 106 # APT settings
107 107 APT_PROXY=${APT_PROXY:=""}
108 108 APT_SERVER=${APT_SERVER:="ftp.debian.org"}
109 109
110 110 # Feature settings
111 111 ENABLE_PRINTK=${ENABLE_PRINTK:=false}
112 112 ENABLE_BLUETOOTH=${ENABLE_BLUETOOTH:=false}
113 113 ENABLE_MINIUART_OVERLAY=${ENABLE_MINIUART_OVERLAY:=false}
114 114 ENABLE_CONSOLE=${ENABLE_CONSOLE:=true}
115 115 ENABLE_I2C=${ENABLE_I2C:=false}
116 116 ENABLE_SPI=${ENABLE_SPI:=false}
117 117 ENABLE_IPV6=${ENABLE_IPV6:=true}
118 118 ENABLE_SSHD=${ENABLE_SSHD:=true}
119 119 ENABLE_NONFREE=${ENABLE_NONFREE:=false}
120 120 ENABLE_WIRELESS=${ENABLE_WIRELESS:=false}
121 121 ENABLE_SOUND=${ENABLE_SOUND:=true}
122 122 ENABLE_DBUS=${ENABLE_DBUS:=true}
123 123 ENABLE_HWRANDOM=${ENABLE_HWRANDOM:=true}
124 124 ENABLE_MINGPU=${ENABLE_MINGPU:=false}
125 125 ENABLE_XORG=${ENABLE_XORG:=false}
126 126 ENABLE_WM=${ENABLE_WM:=""}
127 127 ENABLE_RSYSLOG=${ENABLE_RSYSLOG:=true}
128 128 ENABLE_USER=${ENABLE_USER:=true}
129 129 USER_NAME=${USER_NAME:="pi"}
130 130 ENABLE_ROOT=${ENABLE_ROOT:=false}
131 131 ENABLE_QEMU=${ENABLE_QEMU:=false}
132 132 ENABLE_SYSVINIT=${ENABLE_SYSVINIT:=false}
133 133
134 134 # SSH settings
135 135 SSH_ENABLE_ROOT=${SSH_ENABLE_ROOT:=false}
136 136 SSH_DISABLE_PASSWORD_AUTH=${SSH_DISABLE_PASSWORD_AUTH:=false}
137 137 SSH_LIMIT_USERS=${SSH_LIMIT_USERS:=false}
138 138 SSH_ROOT_PUB_KEY=${SSH_ROOT_PUB_KEY:=""}
139 139 SSH_USER_PUB_KEY=${SSH_USER_PUB_KEY:=""}
140 140
141 141 # Advanced settings
142 142 ENABLE_MINBASE=${ENABLE_MINBASE:=false}
143 143 ENABLE_REDUCE=${ENABLE_REDUCE:=false}
144 144 ENABLE_UBOOT=${ENABLE_UBOOT:=false}
145 145 UBOOTSRC_DIR=${UBOOTSRC_DIR:=""}
146 146 ENABLE_FBTURBO=${ENABLE_FBTURBO:=false}
147 147 ENABLE_VIDEOCORE=${ENABLE_VIDEOCORE:=false}
148 148 VIDEOCORESRC_DIR=${VIDEOCORESRC_DIR:=""}
149 149 FBTURBOSRC_DIR=${FBTURBOSRC_DIR:=""}
150 150 ENABLE_HARDNET=${ENABLE_HARDNET:=false}
151 151 ENABLE_IPTABLES=${ENABLE_IPTABLES:=false}
152 152 ENABLE_SPLITFS=${ENABLE_SPLITFS:=false}
153 153 ENABLE_INITRAMFS=${ENABLE_INITRAMFS:=false}
154 154 ENABLE_IFNAMES=${ENABLE_IFNAMES:=true}
155 155 DISABLE_UNDERVOLT_WARNINGS=${DISABLE_UNDERVOLT_WARNINGS:=}
156 156
157 157 # Kernel compilation settings
158 158 BUILD_KERNEL=${BUILD_KERNEL:=true}
159 159 KERNEL_REDUCE=${KERNEL_REDUCE:=false}
160 160 KERNEL_THREADS=${KERNEL_THREADS:=1}
161 161 KERNEL_HEADERS=${KERNEL_HEADERS:=true}
162 162 KERNEL_MENUCONFIG=${KERNEL_MENUCONFIG:=false}
163 163 KERNEL_REMOVESRC=${KERNEL_REMOVESRC:=true}
164 164 KERNEL_OLDDEFCONFIG=${KERNEL_OLDDEFCONFIG:=false}
165 165 KERNEL_CCACHE=${KERNEL_CCACHE:=false}
166 166
167 167 # Kernel compilation from source directory settings
168 168 KERNELSRC_DIR=${KERNELSRC_DIR:=""}
169 169 KERNELSRC_CLEAN=${KERNELSRC_CLEAN:=false}
170 170 KERNELSRC_CONFIG=${KERNELSRC_CONFIG:=true}
171 171 KERNELSRC_PREBUILT=${KERNELSRC_PREBUILT:=false}
172 172
173 173 # Reduce disk usage settings
174 174 REDUCE_APT=${REDUCE_APT:=true}
175 175 REDUCE_DOC=${REDUCE_DOC:=true}
176 176 REDUCE_MAN=${REDUCE_MAN:=true}
177 177 REDUCE_VIM=${REDUCE_VIM:=false}
178 178 REDUCE_BASH=${REDUCE_BASH:=false}
179 179 REDUCE_HWDB=${REDUCE_HWDB:=true}
180 180 REDUCE_SSHD=${REDUCE_SSHD:=true}
181 181 REDUCE_LOCALE=${REDUCE_LOCALE:=true}
182 182
183 183 # Encrypted filesystem settings
184 184 ENABLE_CRYPTFS=${ENABLE_CRYPTFS:=false}
185 185 CRYPTFS_PASSWORD=${CRYPTFS_PASSWORD:=""}
186 186 CRYPTFS_MAPPING=${CRYPTFS_MAPPING:="secure"}
187 187 CRYPTFS_CIPHER=${CRYPTFS_CIPHER:="aes-xts-plain64:sha512"}
188 188 CRYPTFS_XTSKEYSIZE=${CRYPTFS_XTSKEYSIZE:=512}
189 189
190 190 # Chroot scripts directory
191 191 CHROOT_SCRIPTS=${CHROOT_SCRIPTS:=""}
192 192
193 193 # Packages required in the chroot build environment
194 194 APT_INCLUDES=${APT_INCLUDES:=""}
195 195 APT_INCLUDES="${APT_INCLUDES},apt-transport-https,apt-utils,ca-certificates,debian-archive-keyring,dialog,sudo,systemd,sysvinit-utils,locales,keyboard-configuration,console-setup,libnss-systemd"
196 196
197 197 # Packages to exclude from chroot build environment
198 198 APT_EXCLUDES=${APT_EXCLUDES:=""}
199 199
200 200 # Packages required for bootstrapping
201 201 REQUIRED_PACKAGES="debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git bc psmisc dbus sudo"
202 202 MISSING_PACKAGES=""
203 203
204 204 # Packages installed for c/c++ build environment in chroot (keep empty)
205 205 COMPILER_PACKAGES=""
206 206
207 207 set +x
208 208
209 209 #Check if apt-cacher-ng has port 3142 open and set APT_PROXY
210 210 APT_CACHER_RUNNING=$(lsof -i :3142 | grep apt-cacher-ng | cut -d ' ' -f3 | uniq)
211 211 if [ -n "${APT_CACHER_RUNNING}" ] ; then
212 212 APT_PROXY=http://127.0.0.1:3142/
213 213 fi
214 214
215 215 # Setup architecture specific settings
216 216 if [ -n "$SET_ARCH" ] ; then
217 217 # 64-bit configuration
218 218 if [ "$SET_ARCH" = 64 ] ; then
219 219 # General 64-bit depended settings
220 220 QEMU_BINARY=${QEMU_BINARY:=/usr/bin/qemu-aarch64-static}
221 221 KERNEL_ARCH=${KERNEL_ARCH:=arm64}
222 222 KERNEL_BIN_IMAGE=${KERNEL_BIN_IMAGE:="Image"}
223 223
224 224 # Raspberry Pi model specific settings
225 225 if [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then
226 226 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-arm64"
227 227 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcmrpi3_defconfig}
228 228 RELEASE_ARCH=${RELEASE_ARCH:=arm64}
229 229 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel8.img}
230 230 CROSS_COMPILE=${CROSS_COMPILE:=aarch64-linux-gnu-}
231 231 else
232 232 echo "error: Only Raspberry PI 3 and 3B+ support 64-bit"
233 233 exit 1
234 234 fi
235 235 fi
236 236
237 237 # 32-bit configuration
238 238 if [ "$SET_ARCH" = 32 ] ; then
239 239 # General 32-bit dependend settings
240 240 QEMU_BINARY=${QEMU_BINARY:=/usr/bin/qemu-arm-static}
241 241 KERNEL_ARCH=${KERNEL_ARCH:=arm}
242 242 KERNEL_BIN_IMAGE=${KERNEL_BIN_IMAGE:="zImage"}
243 243
244 244 # Raspberry Pi model specific settings
245 245 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 1 ] || [ "$RPI_MODEL" = 1P ] ; then
246 246 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-armel"
247 247 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcmrpi_defconfig}
248 248 RELEASE_ARCH=${RELEASE_ARCH:=armel}
249 249 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel.img}
250 250 CROSS_COMPILE=${CROSS_COMPILE:=arm-linux-gnueabi-}
251 251 fi
252 252
253 253 # Raspberry Pi model specific settings
254 254 if [ "$RPI_MODEL" = 2 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then
255 255 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-armhf"
256 256 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcm2709_defconfig}
257 257 RELEASE_ARCH=${RELEASE_ARCH:=armhf}
258 258 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel7.img}
259 259 CROSS_COMPILE=${CROSS_COMPILE:=arm-linux-gnueabihf-}
260 260 fi
261 261 fi
262 262 #SET_ARCH not set
263 263 else
264 264 echo "error: Please set '32' or '64' as value for SET_ARCH"
265 265 exit 1
266 266 fi
267 267 # Device specific configuration and U-Boot configuration
268 268 case "$RPI_MODEL" in
269 269 0)
270 270 DTB_FILE=${DTB_FILE:=bcm2708-rpi-0-w.dtb}
271 271 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_defconfig}
272 272 ;;
273 273 1)
274 274 DTB_FILE=${DTB_FILE:=bcm2708-rpi-b.dtb}
275 275 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_defconfig}
276 276 ;;
277 277 1P)
278 278 DTB_FILE=${DTB_FILE:=bcm2708-rpi-b-plus.dtb}
279 279 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_defconfig}
280 280 ;;
281 281 2)
282 282 DTB_FILE=${DTB_FILE:=bcm2709-rpi-2-b.dtb}
283 283 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_2_defconfig}
284 284 ;;
285 285 3)
286 286 DTB_FILE=${DTB_FILE:=bcm2710-rpi-3-b.dtb}
287 287 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_3_defconfig}
288 288 ;;
289 289 3P)
290 290 DTB_FILE=${DTB_FILE:=bcm2710-rpi-3-b.dtb}
291 291 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_3_defconfig}
292 292 ;;
293 293 *)
294 294 echo "error: Raspberry Pi model $RPI_MODEL is not supported!"
295 295 exit 1
296 296 ;;
297 297 esac
298 298
299 299 # Raspberry PI 0,3,3P with Bluetooth and Wifi onboard
300 300 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then
301 301 # Include bluetooth packages on supported boards
302 302 if [ "$ENABLE_BLUETOOTH" = true ] && [ "$ENABLE_CONSOLE" = false ]; then
303 303 APT_INCLUDES="${APT_INCLUDES},bluetooth,bluez"
304 304 fi
305 305 else # Raspberry PI 1,1P,2 without Wifi and bluetooth onboard
306 306 # Check if the internal wireless interface is not supported by the RPi model
307 307 if [ "$ENABLE_WIRELESS" = true ] || [ "$ENABLE_BLUETOOTH" = true ]; then
308 308 echo "error: The selected Raspberry Pi model has no integrated interface for wireless or bluetooth"
309 309 exit 1
310 310 fi
311 311 fi
312 312
313 313 # Prepare date string for default image file name
314 314 DATE="$(date +%Y-%m-%d)"
315 315 if [ -z "$KERNEL_BRANCH" ] ; then
316 316 IMAGE_NAME=${IMAGE_NAME:=${BASEDIR}/${DATE}-${KERNEL_ARCH}-CURRENT-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}}
317 317 else
318 318 IMAGE_NAME=${IMAGE_NAME:=${BASEDIR}/${DATE}-${KERNEL_ARCH}-${KERNEL_BRANCH}-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}}
319 319 fi
320 320
321 321 # Check if DISABLE_UNDERVOLT_WARNINGS parameter value is supported
322 322 if [ -n "$DISABLE_UNDERVOLT_WARNINGS" ] ; then
323 323 if [ "$DISABLE_UNDERVOLT_WARNINGS" != 1 ] && [ "$DISABLE_UNDERVOLT_WARNINGS" != 2 ] ; then
324 324 echo "error: DISABLE_UNDERVOLT_WARNINGS=${DISABLE_UNDERVOLT_WARNINGS} is not supported"
325 325 exit 1
326 326 fi
327 327 fi
328 328
329 329 # Add cmake to compile videocore sources
330 330 if [ "$ENABLE_VIDEOCORE" = true ] ; then
331 331 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} cmake"
332 332 fi
333 333
334 334 # Add libncurses5 to enable kernel menuconfig
335 335 if [ "$KERNEL_MENUCONFIG" = true ] ; then
336 336 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} libncurses-dev"
337 337 fi
338 338
339 339 # Add ccache compiler cache for (faster) kernel cross (re)compilation
340 340 if [ "$KERNEL_CCACHE" = true ] ; then
341 341 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} ccache"
342 342 fi
343 343
344 344 # Add cryptsetup package to enable filesystem encryption
345 345 if [ "$ENABLE_CRYPTFS" = true ] && [ "$BUILD_KERNEL" = true ] ; then
346 346 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} cryptsetup"
347 347 APT_INCLUDES="${APT_INCLUDES},cryptsetup,busybox,console-setup"
348 348
349 349 if [ -z "$CRYPTFS_PASSWORD" ] ; then
350 350 echo "error: no password defined (CRYPTFS_PASSWORD)!"
351 351 exit 1
352 352 fi
353 353 ENABLE_INITRAMFS=true
354 354 fi
355 355
356 356 # Add initramfs generation tools
357 357 if [ "$ENABLE_INITRAMFS" = true ] && [ "$BUILD_KERNEL" = true ] ; then
358 358 APT_INCLUDES="${APT_INCLUDES},initramfs-tools"
359 359 fi
360 360
361 361 # Add device-tree-compiler required for building the U-Boot bootloader
362 362 if [ "$ENABLE_UBOOT" = true ] ; then
363 363 APT_INCLUDES="${APT_INCLUDES},device-tree-compiler,bison,flex,bc"
364 364 fi
365 365
366 366 if [ "$ENABLE_BLUETOOTH" = true ] ; then
367 367 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then
368 368 if [ "$ENABLE_CONSOLE" = false ] ; then
369 369 APT_INCLUDES="${APT_INCLUDES},bluetooth,bluez"
370 370 fi
371 371 fi
372 372 fi
373 373
374 374 # Check if root SSH (v2) public key file exists
375 375 if [ -n "$SSH_ROOT_PUB_KEY" ] ; then
376 376 if [ ! -f "$SSH_ROOT_PUB_KEY" ] ; then
377 377 echo "error: '$SSH_ROOT_PUB_KEY' specified SSH public key file not found (SSH_ROOT_PUB_KEY)!"
378 378 exit 1
379 379 fi
380 380 fi
381 381
382 382 # Check if $USER_NAME SSH (v2) public key file exists
383 383 if [ -n "$SSH_USER_PUB_KEY" ] ; then
384 384 if [ ! -f "$SSH_USER_PUB_KEY" ] ; then
385 385 echo "error: '$SSH_USER_PUB_KEY' specified SSH public key file not found (SSH_USER_PUB_KEY)!"
386 386 exit 1
387 387 fi
388 388 fi
389 389
390 390 # Check if all required packages are installed on the build system
391 391 for package in $REQUIRED_PACKAGES ; do
392 392 if [ "$(dpkg-query -W -f='${Status}' "$package")" != "install ok installed" ] ; then
393 393 MISSING_PACKAGES="${MISSING_PACKAGES} $package"
394 394 fi
395 395 done
396 396
397 397 # If there are missing packages ask confirmation for install, or exit
398 398 if [ -n "$MISSING_PACKAGES" ] ; then
399 399 echo "the following packages needed by this script are not installed:"
400 400 echo "$MISSING_PACKAGES"
401 401
402 402 printf "\ndo you want to install the missing packages right now? [y/n] "
403 403 read -r confirm
404 404 [ "$confirm" != "y" ] && exit 1
405 405
406 406 # Make sure all missing required packages are installed
407 407 apt-get -qq -y install `echo "${MISSING_PACKAGES}" | sed "s/ //"`
408 408 fi
409 409
410 410 # Check if ./bootstrap.d directory exists
411 411 if [ ! -d "./bootstrap.d/" ] ; then
412 412 echo "error: './bootstrap.d' required directory not found!"
413 413 exit 1
414 414 fi
415 415
416 416 # Check if ./files directory exists
417 417 if [ ! -d "./files/" ] ; then
418 418 echo "error: './files' required directory not found!"
419 419 exit 1
420 420 fi
421 421
422 422 # Check if specified KERNELSRC_DIR directory exists
423 423 if [ -n "$KERNELSRC_DIR" ] && [ ! -d "$KERNELSRC_DIR" ] ; then
424 424 echo "error: '${KERNELSRC_DIR}' specified directory not found (KERNELSRC_DIR)!"
425 425 exit 1
426 426 fi
427 427
428 428 # Check if specified UBOOTSRC_DIR directory exists
429 429 if [ -n "$UBOOTSRC_DIR" ] && [ ! -d "$UBOOTSRC_DIR" ] ; then
430 430 echo "error: '${UBOOTSRC_DIR}' specified directory not found (UBOOTSRC_DIR)!"
431 431 exit 1
432 432 fi
433 433
434 434 # Check if specified VIDEOCORESRC_DIR directory exists
435 435 if [ -n "$VIDEOCORESRC_DIR" ] && [ ! -d "$VIDEOCORESRC_DIR" ] ; then
436 436 echo "error: '${VIDEOCORESRC_DIR}' specified directory not found (VIDEOCORESRC_DIR)!"
437 437 exit 1
438 438 fi
439 439
440 440 # Check if specified FBTURBOSRC_DIR directory exists
441 441 if [ -n "$FBTURBOSRC_DIR" ] && [ ! -d "$FBTURBOSRC_DIR" ] ; then
442 442 echo "error: '${FBTURBOSRC_DIR}' specified directory not found (FBTURBOSRC_DIR)!"
443 443 exit 1
444 444 fi
445 445
446 446 # Check if specified CHROOT_SCRIPTS directory exists
447 447 if [ -n "$CHROOT_SCRIPTS" ] && [ ! -d "$CHROOT_SCRIPTS" ] ; then
448 448 echo "error: ${CHROOT_SCRIPTS} specified directory not found (CHROOT_SCRIPTS)!"
449 449 exit 1
450 450 fi
451 451
452 452 # Check if specified device mapping already exists (will be used by cryptsetup)
453 453 if [ -r "/dev/mapping/${CRYPTFS_MAPPING}" ] ; then
454 454 echo "error: mapping /dev/mapping/${CRYPTFS_MAPPING} already exists, not proceeding"
455 455 exit 1
456 456 fi
457 457
458 458 # Don't clobber an old build
459 459 if [ -e "$BUILDDIR" ] ; then
460 460 echo "error: directory ${BUILDDIR} already exists, not proceeding"
461 461 exit 1
462 462 fi
463 463
464 464 # Setup chroot directory
465 465 mkdir -p "${R}"
466 466
467 467 # Check if build directory has enough of free disk space >512MB
468 468 if [ "$(df --output=avail "${BUILDDIR}" | sed "1d")" -le "524288" ] ; then
469 469 echo "error: ${BUILDDIR} not enough space left to generate the output image!"
470 470 exit 1
471 471 fi
472 472
473 473 set -x
474 474
475 475 # Call "cleanup" function on various signals and errors
476 476 trap cleanup 0 1 2 3 6
477 477
478 478 # Add required packages for the minbase installation
479 479 if [ "$ENABLE_MINBASE" = true ] ; then
480 480 APT_INCLUDES="${APT_INCLUDES},vim-tiny,netbase,net-tools,ifupdown"
481 481 fi
482 482
483 483 # Add parted package, required to get partprobe utility
484 484 if [ "$EXPANDROOT" = true ] ; then
485 485 APT_INCLUDES="${APT_INCLUDES},parted"
486 486 fi
487 487
488 488 # Add dphys-swapfile package, required to enable swap
489 if [ "$ENABLE_SWAP" = true ] ; then
489 if [ "$ENABLE_DPHYSSWAP" = true ] ; then
490 490 APT_INCLUDES="${APT_INCLUDES},dphys-swapfile"
491 491 fi
492 492
493 493 # Add dbus package, recommended if using systemd
494 494 if [ "$ENABLE_DBUS" = true ] ; then
495 495 APT_INCLUDES="${APT_INCLUDES},dbus"
496 496 fi
497 497
498 498 # Add iptables IPv4/IPv6 package
499 499 if [ "$ENABLE_IPTABLES" = true ] ; then
500 500 APT_INCLUDES="${APT_INCLUDES},iptables,iptables-persistent"
501 501 fi
502 502
503 503 # Add openssh server package
504 504 if [ "$ENABLE_SSHD" = true ] ; then
505 505 APT_INCLUDES="${APT_INCLUDES},openssh-server"
506 506 fi
507 507
508 508 # Add alsa-utils package
509 509 if [ "$ENABLE_SOUND" = true ] ; then
510 510 APT_INCLUDES="${APT_INCLUDES},alsa-utils"
511 511 fi
512 512
513 513 # Add rng-tools package
514 514 if [ "$ENABLE_HWRANDOM" = true ] ; then
515 515 APT_INCLUDES="${APT_INCLUDES},rng-tools"
516 516 fi
517 517
518 518 # Add fbturbo video driver
519 519 if [ "$ENABLE_FBTURBO" = true ] ; then
520 520 # Enable xorg package dependencies
521 521 ENABLE_XORG=true
522 522 fi
523 523
524 524 # Add user defined window manager package
525 525 if [ -n "$ENABLE_WM" ] ; then
526 526 APT_INCLUDES="${APT_INCLUDES},${ENABLE_WM}"
527 527
528 528 # Enable xorg package dependencies
529 529 ENABLE_XORG=true
530 530 fi
531 531
532 532 # Add xorg package
533 533 if [ "$ENABLE_XORG" = true ] ; then
534 534 APT_INCLUDES="${APT_INCLUDES},xorg,dbus-x11"
535 535 fi
536 536
537 537 # Replace selected packages with smaller clones
538 538 if [ "$ENABLE_REDUCE" = true ] ; then
539 539 # Add levee package instead of vim-tiny
540 540 if [ "$REDUCE_VIM" = true ] ; then
541 541 APT_INCLUDES="$(echo ${APT_INCLUDES} | sed "s/vim-tiny/levee/")"
542 542 fi
543 543
544 544 # Add dropbear package instead of openssh-server
545 545 if [ "$REDUCE_SSHD" = true ] ; then
546 546 APT_INCLUDES="$(echo "${APT_INCLUDES}" | sed "s/openssh-server/dropbear/")"
547 547 fi
548 548 fi
549 549
550 550 # Configure systemd-sysv exclude to make halt/reboot/shutdown scripts available
551 551 if [ "$ENABLE_SYSVINIT" = false ] ; then
552 552 APT_EXCLUDES="--exclude=${APT_EXCLUDES},init,systemd-sysv"
553 553 fi
554 554
555 555 # Check if kernel is getting compiled
556 556 if [ "$BUILD_KERNEL" = false ] ; then
557 557 echo "Downloading precompiled kernel"
558 558 echo "error: not configured"
559 559 exit 1;
560 560 # BUILD_KERNEL=true
561 561 else
562 562 echo "No precompiled kernel repositories were added"
563 563 fi
564 564
565 565 # Configure kernel sources if no KERNELSRC_DIR
566 566 if [ "$BUILD_KERNEL" = true ] && [ -z "$KERNELSRC_DIR" ] ; then
567 567 KERNELSRC_CONFIG=true
568 568 fi
569 569
570 570 # Configure reduced kernel
571 571 if [ "$KERNEL_REDUCE" = true ] ; then
572 572 KERNELSRC_CONFIG=false
573 573 fi
574 574
575 575 # Configure qemu compatible kernel
576 576 if [ "$ENABLE_QEMU" = true ] ; then
577 577 DTB_FILE=vexpress-v2p-ca15_a7.dtb
578 578 UBOOT_CONFIG=vexpress_ca15_tc2_defconfig
579 579 KERNEL_DEFCONFIG="vexpress_defconfig"
580 580 if [ "$KERNEL_MENUCONFIG" = false ] ; then
581 581 KERNEL_OLDDEFCONFIG=true
582 582 fi
583 583 fi
584 584
585 585 # Execute bootstrap scripts
586 586 for SCRIPT in bootstrap.d/*.sh; do
587 587 head -n 3 "$SCRIPT"
588 588 . "$SCRIPT"
589 589 done
590 590
591 591 ## Execute custom bootstrap scripts
592 592 if [ -d "custom.d" ] ; then
593 593 for SCRIPT in custom.d/*.sh; do
594 594 . "$SCRIPT"
595 595 done
596 596 fi
597 597
598 598 # Execute custom scripts inside the chroot
599 599 if [ -n "$CHROOT_SCRIPTS" ] && [ -d "$CHROOT_SCRIPTS" ] ; then
600 600 cp -r "${CHROOT_SCRIPTS}" "${R}/chroot_scripts"
601 601 chroot_exec /bin/bash -x <<'EOF'
602 602 for SCRIPT in /chroot_scripts/* ; do
603 603 if [ -f $SCRIPT -a -x $SCRIPT ] ; then
604 604 $SCRIPT
605 605 fi
606 606 done
607 607 EOF
608 608 rm -rf "${R}/chroot_scripts"
609 609 fi
610 610
611 611 # Remove c/c++ build environment from the chroot
612 612 chroot_remove_cc
613 613
614 614 # Generate required machine-id
615 615 MACHINE_ID=$(dbus-uuidgen)
616 616 echo -n "${MACHINE_ID}" > "${R}/var/lib/dbus/machine-id"
617 617 echo -n "${MACHINE_ID}" > "${ETC_DIR}/machine-id"
618 618
619 619 # APT Cleanup
620 620 chroot_exec apt-get -y clean
621 621 chroot_exec apt-get -y autoclean
622 622 chroot_exec apt-get -y autoremove
623 623
624 624 # Unmount mounted filesystems
625 625 umount -l "${R}/proc"
626 626 umount -l "${R}/sys"
627 627
628 628 # Clean up directories
629 629 rm -rf "${R}/run/*"
630 630 rm -rf "${R}/tmp/*"
631 631
632 632 # Clean up files
633 633 rm -f "${ETC_DIR}/ssh/ssh_host_*"
634 634 rm -f "${ETC_DIR}/dropbear/dropbear_*"
635 635 rm -f "${ETC_DIR}/apt/sources.list.save"
636 636 rm -f "${ETC_DIR}/resolvconf/resolv.conf.d/original"
637 637 rm -f "${ETC_DIR}/*-"
638 638 rm -f "${ETC_DIR}/apt/apt.conf.d/10proxy"
639 639 rm -f "${ETC_DIR}/resolv.conf"
640 640 rm -f "${R}/root/.bash_history"
641 641 rm -f "${R}/var/lib/urandom/random-seed"
642 642 rm -f "${R}/initrd.img"
643 643 rm -f "${R}/vmlinuz"
644 644 rm -f "${R}${QEMU_BINARY}"
645 645
646 646 if [ "$ENABLE_QEMU" = true ] ; then
647 647 # Setup QEMU directory
648 648 mkdir "${BASEDIR}/qemu"
649 649
650 650 # Copy kernel image to QEMU directory
651 651 install_readonly "${BOOT_DIR}/${KERNEL_IMAGE}" "${BASEDIR}/qemu/${KERNEL_IMAGE}"
652 652
653 653 # Copy kernel config to QEMU directory
654 654 install_readonly "${R}/boot/config-${KERNEL_VERSION}" "${BASEDIR}/qemu/config-${KERNEL_VERSION}"
655 655
656 656 # Copy kernel dtbs to QEMU directory
657 657 for dtb in "${BOOT_DIR}/"*.dtb ; do
658 658 if [ -f "${dtb}" ] ; then
659 659 install_readonly "${dtb}" "${BASEDIR}/qemu/"
660 660 fi
661 661 done
662 662
663 663 # Copy kernel overlays to QEMU directory
664 664 if [ -d "${BOOT_DIR}/overlays" ] ; then
665 665 # Setup overlays dtbs directory
666 666 mkdir "${BASEDIR}/qemu/overlays"
667 667
668 668 for dtb in "${BOOT_DIR}/overlays/"*.dtb ; do
669 669 if [ -f "${dtb}" ] ; then
670 670 install_readonly "${dtb}" "${BASEDIR}/qemu/overlays/"
671 671 fi
672 672 done
673 673 fi
674 674
675 675 # Copy u-boot files to QEMU directory
676 676 if [ "$ENABLE_UBOOT" = true ] ; then
677 677 if [ -f "${BOOT_DIR}/u-boot.bin" ] ; then
678 678 install_readonly "${BOOT_DIR}/u-boot.bin" "${BASEDIR}/qemu/u-boot.bin"
679 679 fi
680 680 if [ -f "${BOOT_DIR}/uboot.mkimage" ] ; then
681 681 install_readonly "${BOOT_DIR}/uboot.mkimage" "${BASEDIR}/qemu/uboot.mkimage"
682 682 fi
683 683 if [ -f "${BOOT_DIR}/boot.scr" ] ; then
684 684 install_readonly "${BOOT_DIR}/boot.scr" "${BASEDIR}/qemu/boot.scr"
685 685 fi
686 686 fi
687 687
688 688 # Copy initramfs to QEMU directory
689 689 if [ -f "${BOOT_DIR}/initramfs-${KERNEL_VERSION}" ] ; then
690 690 install_readonly "${BOOT_DIR}/initramfs-${KERNEL_VERSION}" "${BASEDIR}/qemu/initramfs-${KERNEL_VERSION}"
691 691 fi
692 692 fi
693 693
694 694 # Calculate size of the chroot directory in KB
695 695 CHROOT_SIZE=$(expr "$(du -s "${R}" | awk '{ print $1 }')")
696 696
697 697 # Calculate the amount of needed 512 Byte sectors
698 698 TABLE_SECTORS=$(expr 1 \* 1024 \* 1024 \/ 512)
699 699 FRMW_SECTORS=$(expr 64 \* 1024 \* 1024 \/ 512)
700 700 ROOT_OFFSET=$(expr "${TABLE_SECTORS}" + "${FRMW_SECTORS}")
701 701
702 702 # The root partition is EXT4
703 703 # This means more space than the actual used space of the chroot is used.
704 704 # As overhead for journaling and reserved blocks 35% are added.
705 705 ROOT_SECTORS=$(expr "$(expr "${CHROOT_SIZE}" + "${CHROOT_SIZE}" \/ 100 \* 35)" \* 1024 \/ 512)
706 706
707 707 # Calculate required image size in 512 Byte sectors
708 708 IMAGE_SECTORS=$(expr "${TABLE_SECTORS}" + "${FRMW_SECTORS}" + "${ROOT_SECTORS}")
709 709
710 710 # Prepare image file
711 711 if [ "$ENABLE_SPLITFS" = true ] ; then
712 712 dd if=/dev/zero of="$IMAGE_NAME-frmw.img" bs=512 count="${TABLE_SECTORS}"
713 713 dd if=/dev/zero of="$IMAGE_NAME-frmw.img" bs=512 count=0 seek="${FRMW_SECTORS}"
714 714 dd if=/dev/zero of="$IMAGE_NAME-root.img" bs=512 count="${TABLE_SECTORS}"
715 715 dd if=/dev/zero of="$IMAGE_NAME-root.img" bs=512 count=0 seek="${ROOT_SECTORS}"
716 716
717 717 # Write firmware/boot partition tables
718 718 sfdisk -q -L -uS -f "$IMAGE_NAME-frmw.img" 2> /dev/null <<EOM
719 719 ${TABLE_SECTORS},${FRMW_SECTORS},c,*
720 720 EOM
721 721
722 722 # Write root partition table
723 723 sfdisk -q -L -uS -f "$IMAGE_NAME-root.img" 2> /dev/null <<EOM
724 724 ${TABLE_SECTORS},${ROOT_SECTORS},83
725 725 EOM
726 726
727 727 # Setup temporary loop devices
728 728 FRMW_LOOP="$(losetup -o 1M --sizelimit 64M -f --show "$IMAGE_NAME"-frmw.img)"
729 729 ROOT_LOOP="$(losetup -o 1M -f --show "$IMAGE_NAME"-root.img)"
730 730 else # ENABLE_SPLITFS=false
731 731 dd if=/dev/zero of="$IMAGE_NAME.img" bs=512 count="${TABLE_SECTORS}"
732 732 dd if=/dev/zero of="$IMAGE_NAME.img" bs=512 count=0 seek="${IMAGE_SECTORS}"
733 733
734 734 # Write partition table
735 735 sfdisk -q -L -uS -f "$IMAGE_NAME.img" 2> /dev/null <<EOM
736 736 ${TABLE_SECTORS},${FRMW_SECTORS},c,*
737 737 ${ROOT_OFFSET},${ROOT_SECTORS},83
738 738 EOM
739 739
740 740 # Setup temporary loop devices
741 741 FRMW_LOOP="$(losetup -o 1M --sizelimit 64M -f --show "$IMAGE_NAME".img)"
742 742 ROOT_LOOP="$(losetup -o 65M -f --show "$IMAGE_NAME".img)"
743 743 fi
744 744
745 745 if [ "$ENABLE_CRYPTFS" = true ] ; then
746 746 # Create dummy ext4 fs
747 747 mkfs.ext4 "$ROOT_LOOP"
748 748
749 749 # Setup password keyfile
750 750 touch .password
751 751 chmod 600 .password
752 752 echo -n ${CRYPTFS_PASSWORD} > .password
753 753
754 754 # Initialize encrypted partition
755 755 echo "YES" | cryptsetup luksFormat "${ROOT_LOOP}" -c "${CRYPTFS_CIPHER}" -s "${CRYPTFS_XTSKEYSIZE}" .password
756 756
757 757 # Open encrypted partition and setup mapping
758 758 cryptsetup luksOpen "${ROOT_LOOP}" -d .password "${CRYPTFS_MAPPING}"
759 759
760 760 # Secure delete password keyfile
761 761 shred -zu .password
762 762
763 763 # Update temporary loop device
764 764 ROOT_LOOP="/dev/mapper/${CRYPTFS_MAPPING}"
765 765
766 766 # Wipe encrypted partition (encryption cipher is used for randomness)
767 767 dd if=/dev/zero of="${ROOT_LOOP}" bs=512 count="$(blockdev --getsz "${ROOT_LOOP}")"
768 768 fi
769 769
770 770 # Build filesystems
771 771 mkfs.vfat "$FRMW_LOOP"
772 772 mkfs.ext4 "$ROOT_LOOP"
773 773
774 774 # Mount the temporary loop devices
775 775 mkdir -p "$BUILDDIR/mount"
776 776 mount "$ROOT_LOOP" "$BUILDDIR/mount"
777 777
778 778 mkdir -p "$BUILDDIR/mount/boot/firmware"
779 779 mount "$FRMW_LOOP" "$BUILDDIR/mount/boot/firmware"
780 780
781 781 # Copy all files from the chroot to the loop device mount point directory
782 782 rsync -a "${R}/" "$BUILDDIR/mount/"
783 783
784 784 # Unmount all temporary loop devices and mount points
785 785 cleanup
786 786
787 787 # Create block map file(s) of image(s)
788 788 if [ "$ENABLE_SPLITFS" = true ] ; then
789 789 # Create block map files for "bmaptool"
790 790 bmaptool create -o "$IMAGE_NAME-frmw.bmap" "$IMAGE_NAME-frmw.img"
791 791 bmaptool create -o "$IMAGE_NAME-root.bmap" "$IMAGE_NAME-root.img"
792 792
793 793 # Image was successfully created
794 794 echo "$IMAGE_NAME-frmw.img ($(expr \( "${TABLE_SECTORS}" + "${FRMW_SECTORS}" \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
795 795 echo "$IMAGE_NAME-root.img ($(expr \( "${TABLE_SECTORS}" + "${ROOT_SECTORS}" \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
796 796 else
797 797 # Create block map file for "bmaptool"
798 798 bmaptool create -o "$IMAGE_NAME.bmap" "$IMAGE_NAME.img"
799 799
800 800 # Image was successfully created
801 801 echo "$IMAGE_NAME.img ($(expr \( "${TABLE_SECTORS}" + "${FRMW_SECTORS}" + "${ROOT_SECTORS}" \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
802 802
803 803 # Create qemu qcow2 image
804 804 if [ "$ENABLE_QEMU" = true ] ; then
805 805 QEMU_IMAGE=${QEMU_IMAGE:=${BASEDIR}/qemu/${DATE}-${KERNEL_ARCH}-CURRENT-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}}
806 806 QEMU_SIZE=16G
807 807
808 808 qemu-img convert -f raw -O qcow2 "$IMAGE_NAME".img "$QEMU_IMAGE".qcow2
809 809 qemu-img resize "$QEMU_IMAGE".qcow2 $QEMU_SIZE
810 810
811 811 echo "$QEMU_IMAGE.qcow2 ($QEMU_SIZE)" ": successfully created"
812 812 fi
813 813 fi
General Comments 0
Vous devez vous connecter pour laisser un commentaire. Se connecter maintenant