| @@ -1,5 +1,6 | |||||
| 1 | images |
|
1 | images | |
| 2 | custom.d |
|
2 | custom.d | |
|
|
3 | packages | |||
| 3 | *.swp |
|
4 | *.swp | |
| 4 | *.bak |
|
5 | *.bak | |
| 5 | *.log |
|
6 | *.log | |
| @@ -144,7 +144,10 Install and enable the hardware accelerated Xorg video driver `fbturbo`. Please | |||||
| 144 | Enable iptables IPv4/IPv6 firewall. Simplified ruleset: Allow all outgoing connections. Block all incoming connections except to OpenSSH service. |
|
144 | Enable iptables IPv4/IPv6 firewall. Simplified ruleset: Allow all outgoing connections. Block all incoming connections except to OpenSSH service. | |
| 145 |
|
145 | |||
| 146 | ##### `ENABLE_USER`=true |
|
146 | ##### `ENABLE_USER`=true | |
| 147 | Create pi user with password raspberry |
|
147 | Create non-root user with password raspberry. Unless overridden with `USER_NAME`=user, username will be `pi`. | |
|
|
148 | ||||
|
|
149 | ##### `USER_NAME`=pi | |||
|
|
150 | Non-root user to create. Ignored if `ENABLE_USER`=false | |||
| 148 |
|
151 | |||
| 149 | ##### `ENABLE_ROOT`=true |
|
152 | ##### `ENABLE_ROOT`=true | |
| 150 | Set root user password so root login will be enabled |
|
153 | Set root user password so root login will be enabled | |
| @@ -196,6 +199,9 Run `make bcm2709_defconfig` (and optional `make menuconfig`) to configure the k | |||||
| 196 | ##### `KERNELSRC_PREBUILT`=false |
|
199 | ##### `KERNELSRC_PREBUILT`=false | |
| 197 | With this parameter set to true the script expects the existing kernel sources directory to be already successfully cross-compiled. The parameters `KERNELSRC_CLEAN`, `KERNELSRC_CONFIG` and `KERNEL_MENUCONFIG` are ignored and no kernel compilation tasks are performed. |
|
200 | With this parameter set to true the script expects the existing kernel sources directory to be already successfully cross-compiled. The parameters `KERNELSRC_CLEAN`, `KERNELSRC_CONFIG` and `KERNEL_MENUCONFIG` are ignored and no kernel compilation tasks are performed. | |
| 198 |
|
201 | |||
|
|
202 | ##### `FIRMWAREDIR`="" | |||
|
|
203 | The directory containing a local copy of the firmware from the [RaspberryPi firmware project](https://github.com/raspberrypi/firmware). Default is to download the latest firmware directly from the project. | |||
|
|
204 | ||||
| 199 | #### Reduce disk usage: |
|
205 | #### Reduce disk usage: | |
| 200 | The following list of parameters is ignored if `ENABLE_REDUCE`=false. |
|
206 | The following list of parameters is ignored if `ENABLE_REDUCE`=false. | |
| 201 |
|
207 | |||
| @@ -275,6 +281,10 All the required configuration files that will be copied to the generated OS ima | |||||
| 275 | | `sysctl.d` | Swapping and Network Hardening configuration | |
|
281 | | `sysctl.d` | Swapping and Network Hardening configuration | | |
| 276 | | `xorg` | fbturbo Xorg driver configuration | |
|
282 | | `xorg` | fbturbo Xorg driver configuration | | |
| 277 |
|
283 | |||
|
|
284 | Debian custom packages, i.e. those not in the debian repositories, can be installed by placing them in the `packages` directory. They are installed immediately after packages from the repositories are installed. Any dependencies listed in the custom packages will be downloaded automatically from the repositories. Do not list these custom packages in `APT_INCLUDES`. | |||
|
|
285 | ||||
|
|
286 | Scripts in the custom.d directory will be executed after all other installation is complete but before the image is created. | |||
|
|
287 | ||||
| 278 | ## Logging of the bootstrapping process |
|
288 | ## Logging of the bootstrapping process | |
| 279 | All information related to the bootstrapping process and the commands executed by the `rpi2-gen-image.sh` script can easily be saved into a logfile. The common shell command `script` can be used for this purpose: |
|
289 | All information related to the bootstrapping process and the commands executed by the `rpi2-gen-image.sh` script can easily be saved into a logfile. The common shell command `script` can be used for this purpose: | |
| 280 |
|
290 | |||
| @@ -34,4 +34,13 fi | |||||
| 34 | # Upgrade package index and update all installed packages and changed dependencies |
|
34 | # Upgrade package index and update all installed packages and changed dependencies | |
| 35 | chroot_exec apt-get -qq -y update |
|
35 | chroot_exec apt-get -qq -y update | |
| 36 | chroot_exec apt-get -qq -y -u dist-upgrade |
|
36 | chroot_exec apt-get -qq -y -u dist-upgrade | |
|
|
37 | ||||
|
|
38 | if [ -d packages ] ; then | |||
|
|
39 | for package in packages/*.deb ; do | |||
|
|
40 | cp $package ${R}/tmp | |||
|
|
41 | chroot_exec dpkg --unpack /tmp/$(basename $package) | |||
|
|
42 | done | |||
|
|
43 | fi | |||
|
|
44 | chroot_exec apt-get -qq -y -f install | |||
|
|
45 | ||||
| 37 | chroot_exec apt-get -qq -y check |
|
46 | chroot_exec apt-get -qq -y check | |
| @@ -131,14 +131,25 if [ "$BUILD_KERNEL" = true ] ; then | |||||
| 131 | rm -fr "${KERNELDIR}" |
|
131 | rm -fr "${KERNELDIR}" | |
| 132 | fi |
|
132 | fi | |
| 133 |
|
133 | |||
| 134 | # Install latest boot binaries from raspberry/firmware github |
|
134 | if [ -n "$FIRMWAREDIR" ] && [ -d "$FIRMWAREDIR" ] ; then | |
| 135 | wget -q -O "${BOOTDIR}/bootcode.bin" https://github.com/raspberrypi/firmware/raw/master/boot/bootcode.bin |
|
135 | # Install boot binaries from local directory | |
| 136 | wget -q -O "${BOOTDIR}/fixup.dat" https://github.com/raspberrypi/firmware/raw/master/boot/fixup.dat |
|
136 | cp ${FIRMWAREDIR}/boot/bootcode.bin ${BOOTDIR}/bootcode.bin | |
| 137 | wget -q -O "${BOOTDIR}/fixup_cd.dat" https://github.com/raspberrypi/firmware/raw/master/boot/fixup_cd.dat |
|
137 | cp ${FIRMWAREDIR}/boot/fixup.dat ${BOOTDIR}/fixup.dat | |
| 138 | wget -q -O "${BOOTDIR}/fixup_x.dat" https://github.com/raspberrypi/firmware/raw/master/boot/fixup_x.dat |
|
138 | cp ${FIRMWAREDIR}/boot/fixup_cd.dat ${BOOTDIR}/fixup_cd.dat | |
| 139 | wget -q -O "${BOOTDIR}/start.elf" https://github.com/raspberrypi/firmware/raw/master/boot/start.elf |
|
139 | cp ${FIRMWAREDIR}/boot/fixup_x.dat ${BOOTDIR}/fixup_x.dat | |
| 140 | wget -q -O "${BOOTDIR}/start_cd.elf" https://github.com/raspberrypi/firmware/raw/master/boot/start_cd.elf |
|
140 | cp ${FIRMWAREDIR}/boot/start.elf ${BOOTDIR}/start.elf | |
| 141 | wget -q -O "${BOOTDIR}/start_x.elf" https://github.com/raspberrypi/firmware/raw/master/boot/start_x.elf |
|
141 | cp ${FIRMWAREDIR}/boot/start_cd.elf ${BOOTDIR}/start_cd.elf | |
|
|
142 | cp ${FIRMWAREDIR}/boot/start_x.elf ${BOOTDIR}/start_x.elf | |||
|
|
143 | else | |||
|
|
144 | # Install latest boot binaries from raspberry/firmware github | |||
|
|
145 | wget -q -O "${BOOTDIR}/bootcode.bin" https://github.com/raspberrypi/firmware/raw/master/boot/bootcode.bin | |||
|
|
146 | wget -q -O "${BOOTDIR}/fixup.dat" https://github.com/raspberrypi/firmware/raw/master/boot/fixup.dat | |||
|
|
147 | wget -q -O "${BOOTDIR}/fixup_cd.dat" https://github.com/raspberrypi/firmware/raw/master/boot/fixup_cd.dat | |||
|
|
148 | wget -q -O "${BOOTDIR}/fixup_x.dat" https://github.com/raspberrypi/firmware/raw/master/boot/fixup_x.dat | |||
|
|
149 | wget -q -O "${BOOTDIR}/start.elf" https://github.com/raspberrypi/firmware/raw/master/boot/start.elf | |||
|
|
150 | wget -q -O "${BOOTDIR}/start_cd.elf" https://github.com/raspberrypi/firmware/raw/master/boot/start_cd.elf | |||
|
|
151 | wget -q -O "${BOOTDIR}/start_x.elf" https://github.com/raspberrypi/firmware/raw/master/boot/start_x.elf | |||
|
|
152 | fi | |||
| 142 |
|
153 | |||
| 143 | else # BUILD_KERNEL=false |
|
154 | else # BUILD_KERNEL=false | |
| 144 | # Kernel installation |
|
155 | # Kernel installation | |
| @@ -70,3 +70,8 if [ "$ENABLE_HARDNET" = true ] ; then | |||||
| 70 | # Setup resolver warnings about spoofed addresses |
|
70 | # Setup resolver warnings about spoofed addresses | |
| 71 | sed -i "s/^# spoof warn/spoof warn/" "${ETCDIR}/host.conf" |
|
71 | sed -i "s/^# spoof warn/spoof warn/" "${ETCDIR}/host.conf" | |
| 72 | fi |
|
72 | fi | |
|
|
73 | ||||
|
|
74 | # Enable time sync | |||
|
|
75 | if [ "NET_NTP_1" != "" ] ; then | |||
|
|
76 | chroot_exec systemctl enable systemd-timesyncd.service | |||
|
|
77 | fi | |||
| @@ -10,8 +10,9 ENCRYPTED_PASSWORD=`mkpasswd -m sha-512 "${PASSWORD}"` | |||||
| 10 |
|
10 | |||
| 11 | # Setup default user |
|
11 | # Setup default user | |
| 12 | if [ "$ENABLE_USER" = true ] ; then |
|
12 | if [ "$ENABLE_USER" = true ] ; then | |
| 13 |
chroot_exec adduser --gecos |
|
13 | chroot_exec adduser --gecos $USER_NAME --add_extra_groups \ | |
| 14 | chroot_exec usermod -a -G sudo -p "${ENCRYPTED_PASSWORD}" pi |
|
14 | --disabled-password $USER_NAME | |
|
|
15 | chroot_exec usermod -a -G sudo -p "${ENCRYPTED_PASSWORD}" $USER_NAME | |||
| 15 | fi |
|
16 | fi | |
| 16 |
|
17 | |||
| 17 | # Setup root password or not |
|
18 | # Setup root password or not | |
| @@ -57,6 +57,9 ETCDIR="${R}/etc" | |||||
| 57 | BOOTDIR="${R}/boot/firmware" |
|
57 | BOOTDIR="${R}/boot/firmware" | |
| 58 | KERNELDIR="${R}/usr/src/linux" |
|
58 | KERNELDIR="${R}/usr/src/linux" | |
| 59 |
|
59 | |||
|
|
60 | # Firmware directory: Blank if download from github | |||
|
|
61 | FIRMWAREDIR=${FIRMWAREDIR:=""} | |||
|
|
62 | ||||
| 60 | # General settings |
|
63 | # General settings | |
| 61 | HOSTNAME=${HOSTNAME:=rpi2-${RELEASE}} |
|
64 | HOSTNAME=${HOSTNAME:=rpi2-${RELEASE}} | |
| 62 | PASSWORD=${PASSWORD:=raspberry} |
|
65 | PASSWORD=${PASSWORD:=raspberry} | |
| @@ -98,6 +101,7 ENABLE_XORG=${ENABLE_XORG:=false} | |||||
| 98 | ENABLE_WM=${ENABLE_WM:=""} |
|
101 | ENABLE_WM=${ENABLE_WM:=""} | |
| 99 | ENABLE_RSYSLOG=${ENABLE_RSYSLOG:=true} |
|
102 | ENABLE_RSYSLOG=${ENABLE_RSYSLOG:=true} | |
| 100 | ENABLE_USER=${ENABLE_USER:=true} |
|
103 | ENABLE_USER=${ENABLE_USER:=true} | |
|
|
104 | USER_NAME=${USER_NAME:="pi"} | |||
| 101 | ENABLE_ROOT=${ENABLE_ROOT:=false} |
|
105 | ENABLE_ROOT=${ENABLE_ROOT:=false} | |
| 102 | ENABLE_ROOT_SSH=${ENABLE_ROOT_SSH:=false} |
|
106 | ENABLE_ROOT_SSH=${ENABLE_ROOT_SSH:=false} | |
| 103 |
|
107 | |||
General Comments 0
Vous devez vous connecter pour laisser un commentaire.
Se connecter maintenant
