##// END OF EJS Templates
a
Unknown -
r471:88966a4516b3
parent child
Show More
@@ -1,531 +1,531
1 1 # rpi23-gen-image
2 2 ## Introduction
3 3 `rpi23-gen-image.sh` is an advanced Debian Linux bootstrapping shell script for generating Debian OS images for Raspberry Pi 2 (RPi2) and Raspberry Pi 3 (RPi3) computers. The script at this time supports the bootstrapping of the Debian (armhf) releases `stretch` and `buster`. Raspberry Pi 3 images are generated for 32-bit mode only. Raspberry Pi 3 64-bit images can be generated using custom configuration parameters (```templates/rpi3-stretch-arm64-4.14.y```).
4 4
5 5 ## Build dependencies
6 6 The following list of Debian packages must be installed on the build system because they are essentially required for the bootstrapping process. The script will check if all required packages are installed and missing packages will be installed automatically if confirmed by the user.
7 7
8 8 ```debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git bc psmisc dbus sudo```
9 9
10 10 It is recommended to configure the `rpi23-gen-image.sh` script to build and install the latest Raspberry Pi Linux kernel. For the RPi3 this is mandatory. Kernel compilation and linking will be performed on the build system using an ARM (armhf) cross-compiler toolchain.
11 11
12 12 The script has been tested using the default `crossbuild-essential-armhf` toolchain meta package on Debian Linux `stretch` build systems. Please check the [Debian CrossToolchains Wiki](https://wiki.debian.org/CrossToolchains) for further information.
13 13
14 14 ## Command-line parameters
15 15 The script accepts certain command-line parameters to enable or disable specific OS features, services and configuration settings. These parameters are passed to the `rpi23-gen-image.sh` script via (simple) shell-variables. Unlike environment shell-variables (simple) shell-variables are defined at the beginning of the command-line call of the `rpi23-gen-image.sh` script.
16 16
17 17 ##### Command-line examples:
18 18 ```shell
19 19 ENABLE_UBOOT=true ./rpi23-gen-image.sh
20 20 ENABLE_CONSOLE=false ENABLE_IPV6=false ./rpi23-gen-image.sh
21 21 ENABLE_WM=xfce4 ENABLE_FBTURBO=true ENABLE_MINBASE=true ./rpi23-gen-image.sh
22 22 ENABLE_HARDNET=true ENABLE_IPTABLES=true /rpi23-gen-image.sh
23 23 APT_SERVER=ftp.de.debian.org APT_PROXY="http://127.0.0.1:3142/" ./rpi23-gen-image.sh
24 24 ENABLE_MINBASE=true ./rpi23-gen-image.sh
25 25 BUILD_KERNEL=true ENABLE_MINBASE=true ENABLE_IPV6=false ./rpi23-gen-image.sh
26 26 BUILD_KERNEL=true KERNELSRC_DIR=/tmp/linux ./rpi23-gen-image.sh
27 27 ENABLE_MINBASE=true ENABLE_REDUCE=true ENABLE_MINGPU=true BUILD_KERNEL=true ./rpi23-gen-image.sh
28 28 ENABLE_CRYPTFS=true CRYPTFS_PASSWORD=changeme EXPANDROOT=false ENABLE_MINBASE=true ENABLE_REDUCE=true ENABLE_MINGPU=true BUILD_KERNEL=true ./rpi23-gen-image.sh
29 29 RELEASE=stretch BUILD_KERNEL=true ./rpi23-gen-image.sh
30 30 RPI_MODEL=3 ENABLE_WIRELESS=true ENABLE_MINBASE=true BUILD_KERNEL=true ./rpi23-gen-image.sh
31 31 RELEASE=stretch RPI_MODEL=3 ENABLE_WIRELESS=true ENABLE_MINBASE=true BUILD_KERNEL=true ./rpi23-gen-image.sh
32 32 ```
33 33
34 34 ## Configuration template files
35 35 To avoid long lists of command-line parameters and to help to store the favourite parameter configurations the `rpi23-gen-image.sh` script supports so called configuration template files (`CONFIG_TEMPLATE`=template). These are simple text files located in the `./templates` directory that contain the list of configuration parameters that will be used. New configuration template files can be added to the `./templates` directory.
36 36
37 37 ##### Command-line examples:
38 38 ```shell
39 39 CONFIG_TEMPLATE=rpi3stretch ./rpi23-gen-image.sh
40 40 CONFIG_TEMPLATE=rpi2stretch ./rpi23-gen-image.sh
41 41 ```
42 42
43 43 ## Supported parameters and settings
44 44 #### APT settings:
45 45 ##### `APT_SERVER`="ftp.debian.org/debian"
46 46 Set Debian packages server address. Choose a server from the list of Debian worldwide [mirror sites](https://www.debian.org/mirror/list). Using a nearby server will probably speed-up all required downloads within the bootstrapping process.
47 47
48 48 ##### `APT_PROXY`=""
49 49 Set Proxy server address. Using a local Proxy-Cache like `apt-cacher-ng` will speed-up the bootstrapping process because all required Debian packages will only be downloaded from the Debian mirror site once. If `apt-cacher-ng` is running on default `http://127.0.0.1:3142` it is autodetected and you don't need to set this.
50 50
51 51 ##### `APT_INCLUDES`=""
52 52 A comma separated list of additional packages to be installed by debootstrap during bootstrapping.
53 53
54 54 ##### `APT_INCLUDES_LATE`=""
55 55 A comma separated list of additional packages to be installed by apt after bootstrapping and after APT sources are set up. This is useful for packages with pre-depends, which debootstrap do not handle well.
56 56
57 57 ---
58 58
59 59 #### General system settings:
60 60 ##### `SET_ARCH`=32
61 61 Set Architecture to default 32bit. If you want to to compile 64bit (RPI3 or RPI3+) set it to `64`. This option will set every needed crosscompiler or boeard specific option for a successful build.
62 62 If you want to change e.g. cross-compiler -> Templates always override defaults
63 63
64 64 ##### `RPI_MODEL`=2
65 65 Specifiy the target Raspberry Pi hardware model. The script at this time supports the following Raspberry Pi models:
66 66 - `0` = Used for Raspberry Pi 0 and Raspberry Pi 0 W
67 67 - `1` = Used for Pi 1 model A and B
68 68 - `1P` = Used for Pi 1 model B+ and A+
69 69 - `2` = Used for Pi 2 model B
70 70 - `3` = Used for Pi 3 model B
71 71 - `3P` = Used for Pi 3 model B+
72 72 - `BUILD_KERNEL`=true will automatically be set if the Raspberry Pi model `3` or `3P` is used.
73 73
74 74 ##### `RELEASE`="buster"
75 75 Set the desired Debian release name. The script at this time supports the bootstrapping of the Debian releases `stretch` and `buster`.
76 76
77 77 ##### `RELEASE_ARCH`="armhf"
78 78 Set the desired Debian release architecture.
79 79
80 80 ##### `HOSTNAME`="rpi$RPI_MODEL-$RELEASE"
81 81 Set system host name. It's recommended that the host name is unique in the corresponding subnet.
82 82
83 83 ##### `PASSWORD`="raspberry"
84 84 Set system `root` password. It's **STRONGLY** recommended that you choose a custom password.
85 85
86 86 ##### `USER_PASSWORD`="raspberry"
87 87 Set password for the created non-root user `USER_NAME`=pi. Ignored if `ENABLE_USER`=false. It's **STRONGLY** recommended that you choose a custom password.
88 88
89 89 ##### `DEFLOCAL`="en_US.UTF-8"
90 90 Set default system locale. This setting can also be changed inside the running OS using the `dpkg-reconfigure locales` command. Please note that on using this parameter the script will automatically install the required packages `locales`, `keyboard-configuration` and `console-setup`.
91 91
92 92 ##### `TIMEZONE`="Europe/Berlin"
93 93 Set default system timezone. All available timezones can be found in the `/usr/share/zoneinfo/` directory. This setting can also be changed inside the running OS using the `dpkg-reconfigure tzdata` command.
94 94
95 95 ##### `EXPANDROOT`=true
96 96 Expand the root partition and filesystem automatically on first boot.
97 97
98 98 ##### `ENABLE_QEMU`=false
99 99 Generate kernel (`vexpress_defconfig`), file system image (`qcow2`) and DTB files that can be used for QEMU full system emulation (`vexpress-A15`). The output files are stored in the `$(pwd)/images/qemu` directory. You can find more information about running the generated image in the QEMU section of this readme file.
100 100
101 101 ---
102 102
103 103 #### Keyboard settings:
104 104 These options are used to configure keyboard layout in `/etc/default/keyboard` for console and Xorg. These settings can also be changed inside the running OS using the `dpkg-reconfigure keyboard-configuration` command.
105 105
106 106 ##### `XKB_MODEL`=""
107 107 Set the name of the model of your keyboard type.
108 108
109 109 ##### `XKB_LAYOUT`=""
110 110 Set the supported keyboard layout(s).
111 111
112 112 ##### `XKB_VARIANT`=""
113 113 Set the supported variant(s) of the keyboard layout(s).
114 114
115 115 ##### `XKB_OPTIONS`=""
116 116 Set extra xkb configuration options.
117 117
118 118 ---
119 119
120 120 #### Networking settings (DHCP):
121 121 This parameter is used to set up networking auto configuration in `/etc/systemd/network/eth.network`. The default location of network configuration files in the Debian `stretch` release was changed to `/lib/systemd/network`.`
122 122
123 123 ##### `ENABLE_DHCP`=true
124 124 Set the system to use DHCP. This requires an DHCP server.
125 125
126 126 ---
127 127
128 128 #### Networking settings (static):
129 129 These parameters are used to set up a static networking configuration in `/etc/systemd/network/eth.network`. The following static networking parameters are only supported if `ENABLE_DHCP` was set to `false`. The default location of network configuration files in the Debian `stretch` release was changed to `/lib/systemd/network`.
130 130
131 131 ##### `NET_ADDRESS`=""
132 132 Set a static IPv4 or IPv6 address and its prefix, separated by "/", eg. "192.169.0.3/24".
133 133
134 134 ##### `NET_GATEWAY`=""
135 135 Set the IP address for the default gateway.
136 136
137 137 ##### `NET_DNS_1`=""
138 138 Set the IP address for the first DNS server.
139 139
140 140 ##### `NET_DNS_2`=""
141 141 Set the IP address for the second DNS server.
142 142
143 143 ##### `NET_DNS_DOMAINS`=""
144 144 Set the default DNS search domains to use for non fully qualified host names.
145 145
146 146 ##### `NET_NTP_1`=""
147 147 Set the IP address for the first NTP server.
148 148
149 149 ##### `NET_NTP_2`=""
150 150 Set the IP address for the second NTP server.
151 151
152 152 ---
153 153
154 154 #### Basic system features:
155 155 ##### `ENABLE_CONSOLE`=true
156 156 Enable serial console interface. Recommended if no monitor or keyboard is connected to the RPi2/3. In case of problems fe. if the network (auto) configuration failed - the serial console can be used to access the system. On RPI `0` `3` `3P` the CPU speed is locked at lowest speed.
157 157
158 158 ##### `ENABLE_PRINTK`=false
159 159 Enables printing kernel messages to konsole. printk is `3 4 1 3` as in raspbian.
160 160
161 161 ##### `ENABLE_BLUETOOTH`=false
162 162 Enable onboard Bluetooth interface on the RPi0/3/3P. See: https://spellfoundry.com/2016/05/29/configuring-gpio-serial-port-raspbian-jessie-including-pi-3/
163 163
164 164 ##### `ENABLE_MINIUART_OVERLAY`=false
165 165 Enable Bluetooth to use this. Adds overlay to swap UART0 with UART1. Enabling (slower) Bluetooth and full speed serial console. - RPI `0` `3` `3P` have a fast `hardware UART0` (ttyAMA0) and a `mini UART1` (ttyS0)! RPI `1` `1P` `2` only have a `hardware UART0`. `UART0` is considered better, because is faster and more stable than `mini UART1`. By default the Bluetooth modem is mapped to the `hardware UART0` and `mini UART` is used for console. The `mini UART` is a problem for the serial console, because its baudrate depends on the cpu frequency, which is changing on runtime. Resulting in a volatile baudrate and thus in an unusable serial console.
166 166
167 167 ##### `ENABLE_TURBO`=false
168 168 VOIDS WARRANTY! Enable Turbo mode - NO overclocking. This setting locks cpu at highest frequency. As setting ENABLE_CONSOLE=true locks RPI to lowest CPU speed, this is can be used additionally to lock cpu hat max speed. Need a good power supply and probably cooling for the Raspberry PI.
169 169
170 170 ##### `ENABLE_I2C`=false
171 171 Enable I2C interface on the RPi2/3. Please check the [RPi2/3 pinout diagrams](https://elinux.org/RPi_Low-level_peripherals) to connect the right GPIO pins.
172 172
173 173 ##### `ENABLE_SPI`=false
174 174 Enable SPI interface on the RPi2/3. Please check the [RPi2/3 pinout diagrams](https://elinux.org/RPi_Low-level_peripherals) to connect the right GPIO pins.
175 175
176 176 ##### `ENABLE_IPV6`=true
177 177 Enable IPv6 support. The network interface configuration is managed via systemd-networkd.
178 178
179 179 ##### `ENABLE_SSHD`=true
180 180 Install and enable OpenSSH service. The default configuration of the service doesn't allow `root` to login. Please use the user `pi` instead and `su -` or `sudo` to execute commands as root.
181 181
182 182 ##### `ENABLE_NONFREE`=false
183 183 Allow the installation of non-free Debian packages that do not comply with the DFSG. This is required to install closed-source firmware binary blobs.
184 184
185 185 ##### `ENABLE_WIRELESS`=false
186 186 Download and install the [closed-source firmware binary blob](https://github.com/RPi-Distro/firmware-nonfree/raw/master/brcm) that is required to run the internal wireless interface of the Raspberry Pi model `3`. This parameter is ignored if the specified `RPI_MODEL` is not `3`.
187 187
188 188 ##### `ENABLE_RSYSLOG`=true
189 189 If set to false, disable and uninstall rsyslog (so logs will be available only in journal files)
190 190
191 191 ##### `ENABLE_SOUND`=true
192 192 Enable sound hardware and install Advanced Linux Sound Architecture.
193 193
194 194 ##### `ENABLE_HWRANDOM`=true
195 195 Enable Hardware Random Number Generator. Strong random numbers are important for most network based communications that use encryption. It's recommended to be enabled.
196 196
197 197 ##### `ENABLE_MINGPU`=false
198 198 Minimize the amount of shared memory reserved for the GPU. It doesn't seem to be possible to fully disable the GPU.
199 199
200 200 ##### `ENABLE_DBUS`=true
201 201 Install and enable D-Bus message bus. Please note that systemd should work without D-bus but it's recommended to be enabled.
202 202
203 203 ##### `ENABLE_XORG`=false
204 204 Install Xorg open-source X Window System.
205 205
206 206 ##### `ENABLE_WM`=""
207 207 Install a user defined window manager for the X Window System. To make sure all X related package dependencies are getting installed `ENABLE_XORG` will automatically get enabled if `ENABLE_WM` is used. The `rpi23-gen-image.sh` script has been tested with the following list of window managers: `blackbox`, `openbox`, `fluxbox`, `jwm`, `dwm`, `xfce4`, `awesome`.
208 208
209 209 ##### `ENABLE_SYSVINIT`=false
210 210 Support for halt,init,poweroff,reboot,runlevel,shutdown,telinit commands
211 211
212 212 ---
213 213
214 214 #### Advanced system features:
215 215 ##### `ENABLE_SYSTEMDSWAP`=false
216 216 Enables [Systemd-swap service](https://github.com/Nefelim4ag/systemd-swap). Usefull if `KERNEL_ZSWAP` is enabled.
217 217
218 218 ##### `ENABLE_MINBASE`=false
219 219 Use debootstrap script variant `minbase` which only includes essential packages and apt. This will reduce the disk usage by about 65 MB.
220 220
221 221 ##### `ENABLE_REDUCE`=false
222 222 Reduce the disk space usage by deleting packages and files. See `REDUCE_*` parameters for detailed information.
223 223
224 224 ##### `ENABLE_UBOOT`=false
225 225 Replace the default RPi2/3 second stage bootloader (bootcode.bin) with [U-Boot bootloader](https://git.denx.de/?p=u-boot.git;a=summary). U-Boot can boot images via the network using the BOOTP/TFTP protocol.
226 226
227 227 ##### `UBOOTSRC_DIR`=""
228 228 Path to a directory (`u-boot`) of [U-Boot bootloader sources](https://git.denx.de/?p=u-boot.git;a=summary) that will be copied, configured, build and installed inside the chroot.
229 229
230 230 ##### `ENABLE_FBTURBO`=false
231 231 Install and enable the [hardware accelerated Xorg video driver](https://github.com/ssvb/xf86-video-fbturbo) `fbturbo`. Please note that this driver is currently limited to hardware accelerated window moving and scrolling.
232 232
233 233 ##### `FBTURBOSRC_DIR`=""
234 234 Path to a directory (`xf86-video-fbturbo`) of [hardware accelerated Xorg video driver sources](https://github.com/ssvb/xf86-video-fbturbo) that will be copied, configured, build and installed inside the chroot.
235 235
236 236 ##### `ENABLE_VIDEOCORE`=false
237 237 Install and enable the [Source code for ARM side libraries for interfacing to Raspberry Pi GPU](https://github.com/raspberrypi/userland) `vcgencmd`. Please note that this driver is currently limited to hardware accelerated window moving and scrolling.
238 238
239 239 ##### `VIDEOCORESRC_DIR`=""
240 240 Path to a directory (`userland`) of [Source code for a C-based firmware patching framework for Broadcom/Cypress WiFi chips that enables you to write your own firmware patches, for example, to enable monitor mode with radiotap headers and frame injection](https://github.com/seemoo-lab/nexmon.git) that will be copied, configured, build and installed inside the chroot.
241 241
242 242 ##### `ENABLE_NEXMON`=false
243 243 Install and enable the [Source code for a C-based firmware patching framework for Broadcom/Cypress WiFi chips that enables you to write your own firmware patches, for example, to enable monitor mode with radiotap headers and frame injection](https://github.com/seemoo-lab/nexmon.git).
244 244
245 ##### `NEXMON_DIR`=""
245 ##### `NEXMONSRC_DIR`=""
246 246 Path to a directory (`nexmon`) of [Source code for ARM side libraries for interfacing to Raspberry Pi GPU](https://github.com/raspberrypi/userland) that will be copied, configured, build and installed inside the chroot.
247 247
248 248 ##### `ENABLE_IPTABLES`=false
249 249 Enable iptables IPv4/IPv6 firewall. Simplified ruleset: Allow all outgoing connections. Block all incoming connections except to OpenSSH service.
250 250
251 251 ##### `ENABLE_USER`=true
252 252 Create non-root user with password `USER_PASSWORD`=raspberry. Unless overridden with `USER_NAME`=user, username will be `pi`.
253 253
254 254 ##### `USER_NAME`=pi
255 255 Non-root user to create. Ignored if `ENABLE_USER`=false
256 256
257 257 ##### `ENABLE_ROOT`=false
258 258 Set root user password so root login will be enabled
259 259
260 260 ##### `ENABLE_HARDNET`=false
261 261 Enable IPv4/IPv6 network stack hardening settings.
262 262
263 263 ##### `ENABLE_SPLITFS`=false
264 264 Enable having root partition on an USB drive by creating two image files: one for the `/boot/firmware` mount point, and another for `/`.
265 265
266 266 ##### `CHROOT_SCRIPTS`=""
267 267 Path to a directory with scripts that should be run in the chroot before the image is finally built. Every executable file in this directory is run in lexicographical order.
268 268
269 269 ##### `ENABLE_INITRAMFS`=false
270 270 Create an initramfs that that will be loaded during the Linux startup process. `ENABLE_INITRAMFS` will automatically get enabled if `ENABLE_CRYPTFS`=true. This parameter will be ignored if `BUILD_KERNEL`=false.
271 271
272 272 ##### `ENABLE_IFNAMES`=true
273 273 Enable automatic assignment of predictable, stable network interface names for all local Ethernet, WLAN interfaces. This might create complex and long interface names.
274 274
275 275 ##### `DISABLE_UNDERVOLT_WARNINGS`=
276 276 Disable RPi2/3 under-voltage warnings and overlays. Setting the parameter to `1` will disable the warning overlay. Setting it to `2` will additionally allow RPi2/3 turbo mode when low-voltage is present.
277 277
278 278 ---
279 279
280 280 #### SSH settings:
281 281 ##### `SSH_ENABLE_ROOT`=false
282 282 Enable password root login via SSH. This may be a security risk with default password, use only in trusted environments. `ENABLE_ROOT` must be set to `true`.
283 283
284 284 ##### `SSH_DISABLE_PASSWORD_AUTH`=false
285 285 Disable password based SSH authentication. Only public key based SSH (v2) authentication will be supported.
286 286
287 287 ##### `SSH_LIMIT_USERS`=false
288 288 Limit the users that are allowed to login via SSH. Only allow user `USER_NAME`=pi and root if `SSH_ENABLE_ROOT`=true to login. This parameter will be ignored if `dropbear` SSH is used (`REDUCE_SSHD`=true).
289 289
290 290 ##### `SSH_ROOT_PUB_KEY`=""
291 291 Add SSH (v2) public key(s) from specified file to `authorized_keys` file to enable public key based SSH (v2) authentication of user `root`. The specified file can also contain multiple SSH (v2) public keys. SSH protocol version 1 is not supported. `ENABLE_ROOT` **and** `SSH_ENABLE_ROOT` must be set to `true`.
292 292
293 293 ##### `SSH_USER_PUB_KEY`=""
294 294 Add SSH (v2) public key(s) from specified file to `authorized_keys` file to enable public key based SSH (v2) authentication of user `USER_NAME`=pi. The specified file can also contain multiple SSH (v2) public keys. SSH protocol version 1 is not supported.
295 295
296 296 ---
297 297
298 298 #### Kernel compilation:
299 299 ##### `BUILD_KERNEL`=true
300 300 Build and install the latest RPi2/3 Linux kernel. Currently only the default RPi2/3 kernel configuration is used.
301 301
302 302 ##### `CROSS_COMPILE`="arm-linux-gnueabihf-"
303 303 This sets the cross compile enviornment for the compiler.
304 304
305 305 ##### `KERNEL_ARCH`="arm"
306 306 This sets the kernel architecture for the compiler.
307 307
308 308 ##### `KERNEL_IMAGE`="kernel7.img"
309 309 Name of the image file in the boot partition. If not set, `KERNEL_IMAGE` will be set to "kernel8.img" automatically if building for arm64.
310 310
311 311 ##### `KERNEL_BRANCH`=""
312 312 Name of the requested branch from the GIT location for the RPi Kernel. Default is using the current default branch from the GIT site.
313 313
314 314 ##### `QEMU_BINARY`="/usr/bin/qemu-arm-static"
315 315 Sets the QEMU enviornment for the Debian archive. If not set, `QEMU_BINARY` will be set to "/usr/bin/qemu-aarch64-static" automatically if building for arm64.
316 316
317 317 ##### `KERNEL_DEFCONFIG`="bcm2709_defconfig"
318 318 Sets the default config for kernel compiling. If not set, `KERNEL_DEFCONFIG` will be set to "bcmrpi3\_defconfig" automatically if building for arm64.
319 319
320 320 ##### `KERNEL_REDUCE`=false
321 321 Reduce the size of the generated kernel by removing unwanted device, network and filesystem drivers (experimental).
322 322
323 323 ##### `KERNEL_THREADS`=1
324 324 Number of parallel kernel building threads. If the parameter is left untouched the script will automatically determine the number of CPU cores to set the number of parallel threads to speed the kernel compilation.
325 325
326 326 ##### `KERNEL_HEADERS`=true
327 327 Install kernel headers with built kernel.
328 328
329 329 ##### `KERNEL_MENUCONFIG`=false
330 330 Start `make menuconfig` interactive menu-driven kernel configuration. The script will continue after `make menuconfig` was terminated.
331 331
332 332 ##### `KERNEL_OLDDEFCONFIG`=false
333 333 Run `make olddefconfig` to automatically set all new kernel configuration options to their recommended default values.
334 334
335 335 ##### `KERNEL_CCACHE`=false
336 336 Compile the kernel using ccache. This speeds up kernel recompilation by caching previous compilations and detecting when the same compilation is being done again.
337 337
338 338 ##### `KERNEL_REMOVESRC`=true
339 339 Remove all kernel sources from the generated OS image after it was built and installed.
340 340
341 341 ##### `KERNELSRC_DIR`=""
342 342 Path to a directory (`linux`) of [RaspberryPi Linux kernel sources](https://github.com/raspberrypi/linux) that will be copied, configured, build and installed inside the chroot.
343 343
344 344 ##### `KERNELSRC_CLEAN`=false
345 345 Clean the existing kernel sources directory `KERNELSRC_DIR` (using `make mrproper`) after it was copied to the chroot and before the compilation of the kernel has started. This parameter will be ignored if no `KERNELSRC_DIR` was specified or if `KERNELSRC_PREBUILT`=true.
346 346
347 347 ##### `KERNELSRC_CONFIG`=true
348 348 Run `make bcm2709_defconfig` (and optional `make menuconfig`) to configure the kernel sources before building. This parameter is automatically set to `true` if no existing kernel sources directory was specified using `KERNELSRC_DIR`. This parameter is ignored if `KERNELSRC_PREBUILT`=true.
349 349
350 350 ##### `KERNELSRC_USRCONFIG`=""
351 351 Copy own config file to kernel `.config`. If `KERNEL_MENUCONFIG`=true then running after copy.
352 352
353 353 ##### `KERNELSRC_PREBUILT`=false
354 354 With this parameter set to true the script expects the existing kernel sources directory to be already successfully cross-compiled. The parameters `KERNELSRC_CLEAN`, `KERNELSRC_CONFIG`, `KERNELSRC_USRCONFIG` and `KERNEL_MENUCONFIG` are ignored and no kernel compilation tasks are performed.
355 355
356 356 ##### `RPI_FIRMWARE_DIR`=""
357 357 The directory (`firmware`) containing a local copy of the firmware from the [RaspberryPi firmware project](https://github.com/raspberrypi/firmware). Default is to download the latest firmware directly from the project.
358 358
359 359 ##### `KERNEL_DEFAULT_GOV`="ONDEMAND"
360 360 Set the default cpu governor at kernel compilation. Supported values are: PERFORMANCE POWERSAVE USERSPACE ONDEMAND CONSERVATIVE SCHEDUTIL
361 361
362 362 ##### `KERNEL_NF`=false
363 363 Enable Netfilter modules as kernel modules
364 364
365 365 ##### `KERNEL_VIRT`=false
366 366 Enable Kernel KVM support (/dev/kvm)
367 367
368 368 ##### `KERNEL_ZSWAP`=false
369 369 Enable Kernel Zswap support. Best use on high RAM load and mediocre CPU load usecases
370 370
371 371 ##### `KERNEL_BPF`=true
372 372 Allow attaching eBPF programs to a cgroup using the bpf syscall (CONFIG_BPF_SYSCALL CONFIG_CGROUP_BPF) [systemd compilations about it - File /lib/systemd/system/systemd-journald.server:36 configures an IP firewall (IPAddressDeny=all), but the local system does not support BPF/cgroup based firewalls]
373 373
374 374 ---
375 375
376 376 #### Reduce disk usage:
377 377 The following list of parameters is ignored if `ENABLE_REDUCE`=false.
378 378
379 379 ##### `REDUCE_APT`=true
380 380 Configure APT to use compressed package repository lists and no package caching files.
381 381
382 382 ##### `REDUCE_DOC`=true
383 383 Remove all doc files (harsh). Configure APT to not include doc files on future `apt-get` package installations.
384 384
385 385 ##### `REDUCE_MAN`=true
386 386 Remove all man pages and info files (harsh). Configure APT to not include man pages on future `apt-get` package installations.
387 387
388 388 ##### `REDUCE_VIM`=false
389 389 Replace `vim-tiny` package by `levee` a tiny vim clone.
390 390
391 391 ##### `REDUCE_BASH`=false
392 392 Remove `bash` package and switch to `dash` shell (experimental).
393 393
394 394 ##### `REDUCE_HWDB`=true
395 395 Remove PCI related hwdb files (experimental).
396 396
397 397 ##### `REDUCE_SSHD`=true
398 398 Replace `openssh-server` with `dropbear`.
399 399
400 400 ##### `REDUCE_LOCALE`=true
401 401 Remove all `locale` translation files.
402 402
403 403 ---
404 404
405 405 #### Encrypted root partition:
406 406 ##### `ENABLE_CRYPTFS`=false
407 407 Enable full system encryption with dm-crypt. Setup a fully LUKS encrypted root partition (aes-xts-plain64:sha512) and generate required initramfs. The /boot directory will not be encrypted. This parameter will be ignored if `BUILD_KERNEL`=false. `ENABLE_CRYPTFS` is experimental. SSH-to-initramfs is currently not supported but will be soon - feel free to help.
408 408
409 409 ##### `CRYPTFS_PASSWORD`=""
410 410 Set password of the encrypted root partition. This parameter is mandatory if `ENABLE_CRYPTFS`=true.
411 411
412 412 ##### `CRYPTFS_MAPPING`="secure"
413 413 Set name of dm-crypt managed device-mapper mapping.
414 414
415 415 ##### `CRYPTFS_CIPHER`="aes-xts-plain64:sha512"
416 416 Set cipher specification string. `aes-xts*` ciphers are strongly recommended.
417 417
418 418 ##### `CRYPTFS_XTSKEYSIZE`=512
419 419 Sets key size in bits. The argument has to be a multiple of 8.
420 420
421 421 ##### `CRYPTFS_DROPBEAR`=false
422 422 Enable Dropbear Initramfs support
423 423
424 424 ##### `CRYPTFS_DROPBEAR_PUBKEY`=""
425 425 Provide path to dropbear Public RSA-OpenSSH Key
426 426
427 427 ---
428 428
429 429 #### Build settings:
430 430 ##### `BASEDIR`=$(pwd)/images/${RELEASE}
431 431 Set a path to a working directory used by the script to generate an image.
432 432
433 433 ##### `IMAGE_NAME`=${BASEDIR}/${DATE}-${KERNEL_ARCH}-${KERNEL_BRANCH}-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}
434 434 Set a filename for the output file(s). Note: the script will create $IMAGE_NAME.img if `ENABLE_SPLITFS`=false or $IMAGE_NAME-frmw.img and $IMAGE_NAME-root.img if `ENABLE_SPLITFS`=true. Note 2: If the KERNEL_BRANCH is not set, the word "CURRENT" is used.
435 435
436 436 ## Understanding the script
437 437 The functions of this script that are required for the different stages of the bootstrapping are split up into single files located inside the `bootstrap.d` directory. During the bootstrapping every script in this directory gets executed in lexicographical order:
438 438
439 439 | Script | Description |
440 440 | --- | --- |
441 441 | `10-bootstrap.sh` | Debootstrap basic system |
442 442 | `11-apt.sh` | Setup APT repositories |
443 443 | `12-locale.sh` | Setup Locales and keyboard settings |
444 444 | `13-kernel.sh` | Build and install RPi2/3 Kernel |
445 445 | `14-fstab.sh` | Setup fstab and initramfs |
446 446 | `15-rpi-config.sh` | Setup RPi2/3 config and cmdline |
447 447 | `20-networking.sh` | Setup Networking |
448 448 | `21-firewall.sh` | Setup Firewall |
449 449 | `30-security.sh` | Setup Users and Security settings |
450 450 | `31-logging.sh` | Setup Logging |
451 451 | `32-sshd.sh` | Setup SSH and public keys |
452 452 | `41-uboot.sh` | Build and Setup U-Boot |
453 453 | `42-fbturbo.sh` | Build and Setup fbturbo Xorg driver |
454 454 | `50-firstboot.sh` | First boot actions |
455 455 | `99-reduce.sh` | Reduce the disk space usage |
456 456
457 457 All the required configuration files that will be copied to the generated OS image are located inside the `files` directory. It is not recommended to modify these configuration files manually.
458 458
459 459 | Directory | Description |
460 460 | --- | --- |
461 461 | `apt` | APT management configuration files |
462 462 | `boot` | Boot and RPi2/3 configuration files |
463 463 | `dpkg` | Package Manager configuration |
464 464 | `etc` | Configuration files and rc scripts |
465 465 | `firstboot` | Scripts that get executed on first boot |
466 466 | `initramfs` | Initramfs scripts |
467 467 | `iptables` | Firewall configuration files |
468 468 | `locales` | Locales configuration |
469 469 | `modules` | Kernel Modules configuration |
470 470 | `mount` | Fstab configuration |
471 471 | `network` | Networking configuration files |
472 472 | `sysctl.d` | Swapping and Network Hardening configuration |
473 473 | `xorg` | fbturbo Xorg driver configuration |
474 474
475 475 ## Custom packages and scripts
476 476 Debian custom packages, i.e. those not in the debian repositories, can be installed by placing them in the `packages` directory. They are installed immediately after packages from the repositories are installed. Any dependencies listed in the custom packages will be downloaded automatically from the repositories. Do not list these custom packages in `APT_INCLUDES`.
477 477
478 478 Scripts in the custom.d directory will be executed after all other installation is complete but before the image is created.
479 479
480 480 ## Logging of the bootstrapping process
481 481 All information related to the bootstrapping process and the commands executed by the `rpi23-gen-image.sh` script can easily be saved into a logfile. The common shell command `script` can be used for this purpose:
482 482
483 483 ```shell
484 484 script -c 'APT_SERVER=ftp.de.debian.org ./rpi23-gen-image.sh' ./build.log
485 485 ```
486 486
487 487 ## Flashing the image file
488 488 After the image file was successfully created by the `rpi23-gen-image.sh` script it can be copied to the microSD card that will be used by the RPi2/3 computer. This can be performed by using the tools `bmaptool` or `dd`. Using `bmaptool` will probably speed-up the copy process because `bmaptool` copies more wisely than `dd`.
489 489
490 490 ##### Flashing examples:
491 491 ```shell
492 492 bmaptool copy ./images/buster/2017-01-23-rpi3-buster.img /dev/mmcblk0
493 493 dd bs=4M if=./images/buster/2017-01-23-rpi3-buster.img of=/dev/mmcblk0
494 494 ```
495 495 If you have set `ENABLE_SPLITFS`, copy the `-frmw` image on the microSD card, then the `-root` one on the USB drive:
496 496 ```shell
497 497 bmaptool copy ./images/buster/2017-01-23-rpi3-buster-frmw.img /dev/mmcblk0
498 498 bmaptool copy ./images/buster/2017-01-23-rpi3-buster-root.img /dev/sdc
499 499 ```
500 500
501 501 ## QEMU emulation
502 502 Start QEMU full system emulation:
503 503 ```shell
504 504 qemu-system-arm -m 2048M -M vexpress-a15 -cpu cortex-a15 -kernel kernel7.img -no-reboot -dtb vexpress-v2p-ca15_a7.dtb -sd ${IMAGE_NAME}.qcow2 -append "root=/dev/mmcblk0p2 rw rootfstype=ext4 console=tty1"
505 505 ```
506 506
507 507 Start QEMU full system emulation and output to console:
508 508 ```shell
509 509 qemu-system-arm -m 2048M -M vexpress-a15 -cpu cortex-a15 -kernel kernel7.img -no-reboot -dtb vexpress-v2p-ca15_a7.dtb -sd ${IMAGE_NAME}.qcow2 -append "root=/dev/mmcblk0p2 rw rootfstype=ext4 console=ttyAMA0,115200 init=/bin/systemd" -serial stdio
510 510 ```
511 511
512 512 Start QEMU full system emulation with SMP and output to console:
513 513 ```shell
514 514 qemu-system-arm -m 2048M -M vexpress-a15 -cpu cortex-a15 -smp cpus=2,maxcpus=2 -kernel kernel7.img -no-reboot -dtb vexpress-v2p-ca15_a7.dtb -sd ${IMAGE_NAME}.qcow2 -append "root=/dev/mmcblk0p2 rw rootfstype=ext4 console=ttyAMA0,115200 init=/bin/systemd" -serial stdio
515 515 ```
516 516
517 517 Start QEMU full system emulation with cryptfs, initramfs and output to console:
518 518 ```shell
519 519 qemu-system-arm -m 2048M -M vexpress-a15 -cpu cortex-a15 -kernel kernel7.img -no-reboot -dtb vexpress-v2p-ca15_a7.dtb -sd ${IMAGE_NAME}.qcow2 -initrd "initramfs-${KERNEL_VERSION}" -append "root=/dev/mapper/secure cryptdevice=/dev/mmcblk0p2:secure rw rootfstype=ext4 console=ttyAMA0,115200 init=/bin/systemd" -serial stdio
520 520 ```
521 521
522 522 ## External links and references
523 523 * [Debian worldwide mirror sites](https://www.debian.org/mirror/list)
524 524 * [Debian Raspberry Pi 2 Wiki](https://wiki.debian.org/RaspberryPi2)
525 525 * [Debian CrossToolchains Wiki](https://wiki.debian.org/CrossToolchains)
526 526 * [Official Raspberry Pi Firmware on github](https://github.com/raspberrypi/firmware)
527 527 * [Official Raspberry Pi Kernel on github](https://github.com/raspberrypi/linux)
528 528 * [U-BOOT git repository](https://git.denx.de/?p=u-boot.git;a=summary)
529 529 * [Xorg DDX driver fbturbo](https://github.com/ssvb/xf86-video-fbturbo)
530 530 * [RPi3 Wireless interface firmware](https://github.com/RPi-Distro/firmware-nonfree/tree/master/brcm80211/brcm)
531 531 * [Collabora RPi2 Kernel precompiled](https://repositories.collabora.co.uk/debian/)
@@ -1,497 +1,496
1 1 #
2 2 # Build and Setup RPi2/3 Kernel
3 3 #
4 4
5 5 # Load utility functions
6 6 . ./functions.sh
7 7
8 8 # Fetch and build latest raspberry kernel
9 9 if [ "$BUILD_KERNEL" = true ] ; then
10 10 # Setup source directory
11 11 mkdir -p "${KERNEL_DIR}"
12 12
13 13 # Copy existing kernel sources into chroot directory
14 14 if [ -n "$KERNELSRC_DIR" ] && [ -d "$KERNELSRC_DIR" ] ; then
15 15 # Copy kernel sources and include hidden files
16 16 cp -r "${KERNELSRC_DIR}/". "${KERNEL_DIR}"
17 17
18 18 # Clean the kernel sources
19 19 if [ "$KERNELSRC_CLEAN" = true ] && [ "$KERNELSRC_PREBUILT" = false ] ; then
20 20 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" mrproper
21 21 fi
22 22 else # KERNELSRC_DIR=""
23 23 # Create temporary directory for kernel sources
24 24 temp_dir=$(as_nobody mktemp -d)
25 25
26 26 if [ "$ENABLE_NEXMON" = true ] ; then
27 27 NEXMON_URL
28 28 else
29 29 # Fetch current RPi2/3 kernel sources
30 30 if [ -z "${KERNEL_BRANCH}" ] ; then
31 31 as_nobody -H git -C "${temp_dir}" clone --depth=1 "${KERNEL_URL}" linux
32 32 else
33 33 as_nobody -H git -C "${temp_dir}" clone --depth=1 --branch "${KERNEL_BRANCH}" "${KERNEL_URL}" linux
34 34 fi
35 35 fi
36
37 36 # Copy downloaded kernel sources
38 37 cp -r "${temp_dir}/linux/"* "${KERNEL_DIR}"
39 38
40 39 # Remove temporary directory for kernel sources
41 40 rm -fr "${temp_dir}"
42 41
43 42 # Set permissions of the kernel sources
44 43 chown -R root:root "${R}/usr/src"
45 44 fi
46 45
47 46 # Calculate optimal number of kernel building threads
48 47 if [ "$KERNEL_THREADS" = "1" ] && [ -r /proc/cpuinfo ] ; then
49 48 KERNEL_THREADS=$(grep -c processor /proc/cpuinfo)
50 49 fi
51 50
52 51 # Configure and build kernel
53 52 if [ "$KERNELSRC_PREBUILT" = false ] ; then
54 53 # Remove device, network and filesystem drivers from kernel configuration
55 54 if [ "$KERNEL_REDUCE" = true ] ; then
56 55 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" "${KERNEL_DEFCONFIG}"
57 56 sed -i\
58 57 -e "s/\(^CONFIG_SND.*\=\).*/\1n/"\
59 58 -e "s/\(^CONFIG_SOUND.*\=\).*/\1n/"\
60 59 -e "s/\(^CONFIG_AC97.*\=\).*/\1n/"\
61 60 -e "s/\(^CONFIG_VIDEO_.*\=\).*/\1n/"\
62 61 -e "s/\(^CONFIG_MEDIA_TUNER.*\=\).*/\1n/"\
63 62 -e "s/\(^CONFIG_DVB.*\=\)[ym]/\1n/"\
64 63 -e "s/\(^CONFIG_REISERFS.*\=\).*/\1n/"\
65 64 -e "s/\(^CONFIG_JFS.*\=\).*/\1n/"\
66 65 -e "s/\(^CONFIG_XFS.*\=\).*/\1n/"\
67 66 -e "s/\(^CONFIG_GFS2.*\=\).*/\1n/"\
68 67 -e "s/\(^CONFIG_OCFS2.*\=\).*/\1n/"\
69 68 -e "s/\(^CONFIG_BTRFS.*\=\).*/\1n/"\
70 69 -e "s/\(^CONFIG_HFS.*\=\).*/\1n/"\
71 70 -e "s/\(^CONFIG_JFFS2.*\=\)[ym]/\1n/"\
72 71 -e "s/\(^CONFIG_UBIFS.*\=\).*/\1n/"\
73 72 -e "s/\(^CONFIG_SQUASHFS.*\=\)[ym]/\1n/"\
74 73 -e "s/\(^CONFIG_W1.*\=\)[ym]/\1n/"\
75 74 -e "s/\(^CONFIG_HAMRADIO.*\=\).*/\1n/"\
76 75 -e "s/\(^CONFIG_CAN.*\=\).*/\1n/"\
77 76 -e "s/\(^CONFIG_IRDA.*\=\).*/\1n/"\
78 77 -e "s/\(^CONFIG_BT_.*\=\).*/\1n/"\
79 78 -e "s/\(^CONFIG_WIMAX.*\=\)[ym]/\1n/"\
80 79 -e "s/\(^CONFIG_6LOWPAN.*\=\).*/\1n/"\
81 80 -e "s/\(^CONFIG_IEEE802154.*\=\).*/\1n/"\
82 81 -e "s/\(^CONFIG_NFC.*\=\).*/\1n/"\
83 82 -e "s/\(^CONFIG_FB_TFT=.*\=\).*/\1n/"\
84 83 -e "s/\(^CONFIG_TOUCHSCREEN.*\=\).*/\1n/"\
85 84 -e "s/\(^CONFIG_USB_GSPCA_.*\=\).*/\1n/"\
86 85 -e "s/\(^CONFIG_DRM.*\=\).*/\1n/"\
87 86 "${KERNEL_DIR}/.config"
88 87 fi
89 88
90 89 if [ "$KERNELSRC_CONFIG" = true ] ; then
91 90 # Load default raspberry kernel configuration
92 91 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" "${KERNEL_DEFCONFIG}"
93 92
94 93 #Switch to KERNELSRC_DIR so we can use set_kernel_config
95 94 cd "${KERNEL_DIR}" || exit
96 95
97 96 # enable ZSWAP see https://askubuntu.com/a/472227 or https://wiki.archlinux.org/index.php/zswap
98 97 if [ "$KERNEL_ZSWAP" = true ] ; then
99 98 set_kernel_config CONFIG_ZPOOL y
100 99 set_kernel_config CONFIG_ZSWAP y
101 100 set_kernel_config CONFIG_ZBUD y
102 101 set_kernel_config CONFIG_Z3FOLD y
103 102 set_kernel_config CONFIG_ZSMALLOC y
104 103 set_kernel_config CONFIG_PGTABLE_MAPPING y
105 104 fi
106 105
107 106 # enable basic KVM support; see https://www.raspberrypi.org/forums/viewtopic.php?f=63&t=210546&start=25#p1300453
108 107 if [ "$KERNEL_VIRT" = true ] && { [ "$RPI_MODEL" = 2 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; } ; then
109 108 set_kernel_config CONFIG_VIRTUALIZATION y
110 109 set_kernel_config CONFIG_KVM y
111 110 set_kernel_config CONFIG_VHOST_NET m
112 111 set_kernel_config CONFIG_VHOST_CROSS_ENDIAN_LEGACY y
113 112 fi
114 113
115 114 # Netfilter kernel support See https://github.com/raspberrypi/linux/issues/2177#issuecomment-354647406
116 115 if [ "$KERNEL_NF" = true ] ; then
117 116 set_kernel_config CONFIG_IP_NF_TARGET_SYNPROXY m
118 117 set_kernel_config CONFIG_NETFILTER_XT_MATCH_CGROUP m
119 118 set_kernel_config CONFIG_NETFILTER_XT_MATCH_IPCOMP m
120 119 set_kernel_config CONFIG_NETFILTER_XT_MATCH_SOCKET m
121 120 set_kernel_config CONFIG_NFT_FIB_INET m
122 121 set_kernel_config CONFIG_NFT_FIB_IPV4 m
123 122 set_kernel_config CONFIG_NFT_FIB_IPV6 m
124 123 set_kernel_config CONFIG_NFT_FIB_NETDEV m
125 124 set_kernel_config CONFIG_NFT_OBJREF m
126 125 set_kernel_config CONFIG_NFT_RT m
127 126 set_kernel_config CONFIG_NFT_SET_BITMAP m
128 127 set_kernel_config CONFIG_NF_CONNTRACK_TIMEOUT y
129 128 set_kernel_config CONFIG_NF_LOG_ARP m
130 129 set_kernel_config CONFIG_NF_SOCKET_IPV4 m
131 130 set_kernel_config CONFIG_NF_SOCKET_IPV6 m
132 131 set_kernel_config CONFIG_BRIDGE_EBT_BROUTE m
133 132 set_kernel_config CONFIG_BRIDGE_EBT_T_FILTER m
134 133 set_kernel_config CONFIG_BRIDGE_NF_EBTABLES m
135 134 set_kernel_config CONFIG_IP6_NF_IPTABLES m
136 135 set_kernel_config CONFIG_IP6_NF_MATCH_AH m
137 136 set_kernel_config CONFIG_IP6_NF_MATCH_EUI64 m
138 137 set_kernel_config CONFIG_IP6_NF_NAT m
139 138 set_kernel_config CONFIG_IP6_NF_TARGET_MASQUERADE m
140 139 set_kernel_config CONFIG_IP6_NF_TARGET_NPT m
141 140 set_kernel_config CONFIG_IP_SET_BITMAP_IPMAC m
142 141 set_kernel_config CONFIG_IP_SET_BITMAP_PORT m
143 142 set_kernel_config CONFIG_IP_SET_HASH_IP m
144 143 set_kernel_config CONFIG_IP_SET_HASH_IPMARK m
145 144 set_kernel_config CONFIG_IP_SET_HASH_IPPORT m
146 145 set_kernel_config CONFIG_IP_SET_HASH_IPPORTIP m
147 146 set_kernel_config CONFIG_IP_SET_HASH_IPPORTNET m
148 147 set_kernel_config CONFIG_IP_SET_HASH_MAC m
149 148 set_kernel_config CONFIG_IP_SET_HASH_NET m
150 149 set_kernel_config CONFIG_IP_SET_HASH_NETIFACE m
151 150 set_kernel_config CONFIG_IP_SET_HASH_NETNET m
152 151 set_kernel_config CONFIG_IP_SET_HASH_NETPORT m
153 152 set_kernel_config CONFIG_IP_SET_HASH_NETPORTNET m
154 153 set_kernel_config CONFIG_IP_SET_LIST_SET m
155 154 set_kernel_config CONFIG_NETFILTER_XTABLES m
156 155 set_kernel_config CONFIG_NETFILTER_XTABLES m
157 156 set_kernel_config CONFIG_NFT_BRIDGE_META m
158 157 set_kernel_config CONFIG_NFT_BRIDGE_REJECT m
159 158 set_kernel_config CONFIG_NFT_CHAIN_NAT_IPV4 m
160 159 set_kernel_config CONFIG_NFT_CHAIN_NAT_IPV6 m
161 160 set_kernel_config CONFIG_NFT_CHAIN_ROUTE_IPV4 m
162 161 set_kernel_config CONFIG_NFT_CHAIN_ROUTE_IPV6 m
163 162 set_kernel_config CONFIG_NFT_COMPAT m
164 163 set_kernel_config CONFIG_NFT_COUNTER m
165 164 set_kernel_config CONFIG_NFT_CT m
166 165 set_kernel_config CONFIG_NFT_DUP_IPV4 m
167 166 set_kernel_config CONFIG_NFT_DUP_IPV6 m
168 167 set_kernel_config CONFIG_NFT_DUP_NETDEV m
169 168 set_kernel_config CONFIG_NFT_EXTHDR m
170 169 set_kernel_config CONFIG_NFT_FWD_NETDEV m
171 170 set_kernel_config CONFIG_NFT_HASH m
172 171 set_kernel_config CONFIG_NFT_LIMIT m
173 172 set_kernel_config CONFIG_NFT_LOG m
174 173 set_kernel_config CONFIG_NFT_MASQ m
175 174 set_kernel_config CONFIG_NFT_MASQ_IPV4 m
176 175 set_kernel_config CONFIG_NFT_MASQ_IPV6 m
177 176 set_kernel_config CONFIG_NFT_META m
178 177 set_kernel_config CONFIG_NFT_NAT m
179 178 set_kernel_config CONFIG_NFT_NUMGEN m
180 179 set_kernel_config CONFIG_NFT_QUEUE m
181 180 set_kernel_config CONFIG_NFT_QUOTA m
182 181 set_kernel_config CONFIG_NFT_REDIR m
183 182 set_kernel_config CONFIG_NFT_REDIR_IPV4 m
184 183 set_kernel_config CONFIG_NFT_REDIR_IPV6 m
185 184 set_kernel_config CONFIG_NFT_REJECT m
186 185 set_kernel_config CONFIG_NFT_REJECT_INET m
187 186 set_kernel_config CONFIG_NFT_REJECT_IPV4 m
188 187 set_kernel_config CONFIG_NFT_REJECT_IPV6 m
189 188 set_kernel_config CONFIG_NFT_SET_HASH m
190 189 set_kernel_config CONFIG_NFT_SET_RBTREE m
191 190 set_kernel_config CONFIG_NF_CONNTRACK_IPV4 m
192 191 set_kernel_config CONFIG_NF_CONNTRACK_IPV6 m
193 192 set_kernel_config CONFIG_NF_DEFRAG_IPV4 m
194 193 set_kernel_config CONFIG_NF_DEFRAG_IPV6 m
195 194 set_kernel_config CONFIG_NF_DUP_IPV4 m
196 195 set_kernel_config CONFIG_NF_DUP_IPV6 m
197 196 set_kernel_config CONFIG_NF_DUP_NETDEV m
198 197 set_kernel_config CONFIG_NF_LOG_BRIDGE m
199 198 set_kernel_config CONFIG_NF_LOG_IPV4 m
200 199 set_kernel_config CONFIG_NF_LOG_IPV6 m
201 200 set_kernel_config CONFIG_NF_NAT_IPV4 m
202 201 set_kernel_config CONFIG_NF_NAT_IPV6 m
203 202 set_kernel_config CONFIG_NF_NAT_MASQUERADE_IPV4 m
204 203 set_kernel_config CONFIG_NF_NAT_MASQUERADE_IPV6 m
205 204 set_kernel_config CONFIG_NF_NAT_PPTP m
206 205 set_kernel_config CONFIG_NF_NAT_PROTO_GRE m
207 206 set_kernel_config CONFIG_NF_NAT_REDIRECT m
208 207 set_kernel_config CONFIG_NF_NAT_SIP m
209 208 set_kernel_config CONFIG_NF_NAT_SNMP_BASIC m
210 209 set_kernel_config CONFIG_NF_NAT_TFTP m
211 210 set_kernel_config CONFIG_NF_REJECT_IPV4 m
212 211 set_kernel_config CONFIG_NF_REJECT_IPV6 m
213 212 set_kernel_config CONFIG_NF_TABLES m
214 213 set_kernel_config CONFIG_NF_TABLES_ARP m
215 214 set_kernel_config CONFIG_NF_TABLES_BRIDGE m
216 215 set_kernel_config CONFIG_NF_TABLES_INET m
217 216 set_kernel_config CONFIG_NF_TABLES_IPV4 m
218 217 set_kernel_config CONFIG_NF_TABLES_IPV6 m
219 218 set_kernel_config CONFIG_NF_TABLES_NETDEV m
220 219 fi
221 220
222 221 # Enables BPF syscall for systemd-journald see https://github.com/torvalds/linux/blob/master/init/Kconfig#L848 or https://groups.google.com/forum/#!topic/linux.gentoo.user/_2aSc_ztGpA
223 222 if [ "$KERNEL_BPF" = true ] ; then
224 223 set_kernel_config CONFIG_BPF_SYSCALL y
225 224 set_kernel_config CONFIG_BPF_EVENTS y
226 225 set_kernel_config CONFIG_BPF_STREAM_PARSER y
227 226 set_kernel_config CONFIG_CGROUP_BPF y
228 227 fi
229 228
230 229 # KERNEL_DEFAULT_GOV was set by user
231 230 if ! [ "$KERNEL_DEFAULT_GOV" = POWERSAVE ] && [ -n "$KERNEL_DEFAULT_GOV" ]; then
232 231 # unset default governor
233 232 unset_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_POWERSAVE
234 233
235 234 case "$KERNEL_DEFAULT_GOV" in
236 235 "PERFORMANCE")
237 236 set_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_PERFORMANCE y
238 237 ;;
239 238 "USERSPACE")
240 239 set_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_USERSPACE y
241 240 ;;
242 241 "ONDEMAND")
243 242 set_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_ONDEMAND y
244 243 ;;
245 244 "CONSERVATIVE")
246 245 set_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_CONSERVATIVE y
247 246 ;;
248 247 "CONSERVATIVE")
249 248 set_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_SCHEDUTIL y
250 249 ;;
251 250 *)
252 251 echo "error: unsupported default cpu governor"
253 252 exit 1
254 253 ;;
255 254 esac
256 255 fi
257 256
258 257
259 258
260 259 #Revert to previous directory
261 260 cd "${WORKDIR}" || exit
262 261
263 262 # Set kernel configuration parameters to enable qemu emulation
264 263 if [ "$ENABLE_QEMU" = true ] ; then
265 264 echo "CONFIG_FHANDLE=y" >> "${KERNEL_DIR}"/.config
266 265 echo "CONFIG_LBDAF=y" >> "${KERNEL_DIR}"/.config
267 266
268 267 if [ "$ENABLE_CRYPTFS" = true ] ; then
269 268 {
270 269 echo "CONFIG_EMBEDDED=y"
271 270 echo "CONFIG_EXPERT=y"
272 271 echo "CONFIG_DAX=y"
273 272 echo "CONFIG_MD=y"
274 273 echo "CONFIG_BLK_DEV_MD=y"
275 274 echo "CONFIG_MD_AUTODETECT=y"
276 275 echo "CONFIG_BLK_DEV_DM=y"
277 276 echo "CONFIG_BLK_DEV_DM_BUILTIN=y"
278 277 echo "CONFIG_DM_CRYPT=y"
279 278 echo "CONFIG_CRYPTO_BLKCIPHER=y"
280 279 echo "CONFIG_CRYPTO_CBC=y"
281 280 echo "CONFIG_CRYPTO_XTS=y"
282 281 echo "CONFIG_CRYPTO_SHA512=y"
283 282 echo "CONFIG_CRYPTO_MANAGER=y"
284 283 } >> "${KERNEL_DIR}"/.config
285 284 fi
286 285 fi
287 286
288 287 # Copy custom kernel configuration file
289 288 if [ -n "$KERNELSRC_USRCONFIG" ] ; then
290 289 cp "$KERNELSRC_USRCONFIG" "${KERNEL_DIR}"/.config
291 290 fi
292 291
293 292 # Set kernel configuration parameters to their default values
294 293 if [ "$KERNEL_OLDDEFCONFIG" = true ] ; then
295 294 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" olddefconfig
296 295 fi
297 296
298 297 # Start menu-driven kernel configuration (interactive)
299 298 if [ "$KERNEL_MENUCONFIG" = true ] ; then
300 299 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" menuconfig
301 300 fi
302 301 # end if "$KERNELSRC_CONFIG" = true
303 302 fi
304 303
305 304 # Use ccache to cross compile the kernel
306 305 if [ "$KERNEL_CCACHE" = true ] ; then
307 306 cc="ccache ${CROSS_COMPILE}gcc"
308 307 else
309 308 cc="${CROSS_COMPILE}gcc"
310 309 fi
311 310
312 311 # Cross compile kernel and dtbs
313 312 make -C "${KERNEL_DIR}" -j"${KERNEL_THREADS}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" CC="${cc}" "${KERNEL_BIN_IMAGE}" dtbs
314 313
315 314 # Cross compile kernel modules
316 315 if grep -q "CONFIG_MODULES=y" "${KERNEL_DIR}/.config" ; then
317 316 make -C "${KERNEL_DIR}" -j"${KERNEL_THREADS}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" CC="${cc}" modules
318 317 fi
319 318 # end if "$KERNELSRC_PREBUILT" = false
320 319 fi
321 320
322 321 # Check if kernel compilation was successful
323 322 if [ ! -r "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/${KERNEL_BIN_IMAGE}" ] ; then
324 323 echo "error: kernel compilation failed! (kernel image not found)"
325 324 cleanup
326 325 exit 1
327 326 fi
328 327
329 328 # Install kernel modules
330 329 if [ "$ENABLE_REDUCE" = true ] ; then
331 330 if grep -q "CONFIG_MODULES=y" "${KERNEL_DIR}/.config" ; then
332 331 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_MOD_STRIP=1 INSTALL_MOD_PATH=../../.. modules_install
333 332 fi
334 333 else
335 334 if grep -q "CONFIG_MODULES=y" "${KERNEL_DIR}/.config" ; then
336 335 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_MOD_PATH=../../.. modules_install
337 336 fi
338 337
339 338 # Install kernel firmware
340 339 if grep -q "^firmware_install:" "${KERNEL_DIR}/Makefile" ; then
341 340 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_FW_PATH=../../../lib firmware_install
342 341 fi
343 342 fi
344 343
345 344 # Install kernel headers
346 345 if [ "$KERNEL_HEADERS" = true ] && [ "$KERNEL_REDUCE" = false ] ; then
347 346 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_HDR_PATH=../.. headers_install
348 347 fi
349 348 # make tar.gz kernel package - missing os bzw. modules
350 349 #** ** ** WARNING ** ** **
351 350 #Your architecture did not define any architecture-dependent files
352 351 #to be placed into the tarball. Please add those to ./scripts/package/buildtar .
353 352 # make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" CC="${cc}" targz-pkg
354 353
355 354 # Prepare boot (firmware) directory
356 355 mkdir "${BOOT_DIR}"
357 356
358 357 # Get kernel release version
359 358 KERNEL_VERSION=$(cat "${KERNEL_DIR}/include/config/kernel.release")
360 359
361 360 # Copy kernel configuration file to the boot directory
362 361 install_readonly "${KERNEL_DIR}/.config" "${R}/boot/config-${KERNEL_VERSION}"
363 362
364 363 # Prepare device tree directory
365 364 mkdir "${BOOT_DIR}/overlays"
366 365
367 366 # Ensure the proper .dtb is located
368 367 if [ "$KERNEL_ARCH" = "arm" ] ; then
369 368 for dtb in "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/"*.dtb ; do
370 369 if [ -f "${dtb}" ] ; then
371 370 install_readonly "${dtb}" "${BOOT_DIR}/"
372 371 fi
373 372 done
374 373 else
375 374 for dtb in "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/broadcom/"*.dtb ; do
376 375 if [ -f "${dtb}" ] ; then
377 376 install_readonly "${dtb}" "${BOOT_DIR}/"
378 377 fi
379 378 done
380 379 fi
381 380
382 381 # Copy compiled dtb device tree files
383 382 if [ -d "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays" ] ; then
384 383 for dtb in "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays/"*.dtb ; do
385 384 if [ -f "${dtb}" ] ; then
386 385 install_readonly "${dtb}" "${BOOT_DIR}/overlays/"
387 386 fi
388 387 done
389 388
390 389 if [ -f "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays/README" ] ; then
391 390 install_readonly "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays/README" "${BOOT_DIR}/overlays/README"
392 391 fi
393 392 fi
394 393
395 394 if [ "$ENABLE_UBOOT" = false ] ; then
396 395 # Convert and copy kernel image to the boot directory
397 396 "${KERNEL_DIR}/scripts/mkknlimg" "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/${KERNEL_BIN_IMAGE}" "${BOOT_DIR}/${KERNEL_IMAGE}"
398 397 else
399 398 # Copy kernel image to the boot directory
400 399 install_readonly "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/${KERNEL_BIN_IMAGE}" "${BOOT_DIR}/${KERNEL_IMAGE}"
401 400 fi
402 401
403 402 # Remove kernel sources
404 403 if [ "$KERNEL_REMOVESRC" = true ] ; then
405 404 rm -fr "${KERNEL_DIR}"
406 405 else
407 406 # Prepare compiled kernel modules
408 407 if grep -q "CONFIG_MODULES=y" "${KERNEL_DIR}/.config" ; then
409 408 if grep -q "^modules_prepare:" "${KERNEL_DIR}/Makefile" ; then
410 409 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" modules_prepare
411 410 fi
412 411
413 412 # Create symlinks for kernel modules
414 413 chroot_exec ln -sf /usr/src/linux "/lib/modules/${KERNEL_VERSION}/build"
415 414 chroot_exec ln -sf /usr/src/linux "/lib/modules/${KERNEL_VERSION}/source"
416 415 fi
417 416 fi
418 417
419 418 else # BUILD_KERNEL=false
420 419 # echo Install precompiled kernel...
421 420 # echo error: not implemented
422 421 if [ "$SET_ARCH" = 64 ] && { [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; } ; then
423 422
424 423 # Use Sakakis modified kernel if ZSWAP is active
425 424 if [ "$KERNEL_ZSWAP" = true ] || [ "$KERNEL_VIRT" = true ] || [ "$KERNEL_NF" = true ] || [ "$KERNEL_BPF" = true ] ; then
426 425 RPI3_64_KERNEL_URL=RPI3_64_BIS_KERNEL_URL
427 426 fi
428 427
429 428 # Create temporary directory for dl
430 429 temp_dir=$(as_nobody mktemp -d)
431 430
432 431 # Fetch kernel dl
433 432 as_nobody wget -O "${temp_dir}"/kernel.tar.xz -c "$RPI3_64_KERNEL_URL"
434 433
435 434 #extract download
436 435 tar -xJf "${temp_dir}"/kernel.tar.xz -C "${temp_dir}"
437 436
438 437 #move extracted kernel to /boot/firmware
439 438 mkdir "${R}/boot/firmware"
440 439 cp "${temp_dir}"/boot/* "${R}"/boot/firmware/
441 440 cp -r "${temp_dir}"/lib/* "${R}"/lib/
442 441
443 442 # Remove temporary directory for kernel sources
444 443 rm -fr "${temp_dir}"
445 444
446 445 # Set permissions of the kernel sources
447 446 chown -R root:root "${R}/boot/firmware"
448 447 chown -R root:root "${R}/lib/modules"
449 448 fi
450 449
451 450 # INstall Kernel from hypriot comptabile with all Raspberry PI
452 451 if [ "$SET_ARCH" = 32 ] ; then
453 452 # Create temporary directory for dl
454 453 temp_dir=$(as_nobody mktemp -d)
455 454
456 455 # Fetch kernel
457 456 as_nobody wget -O "${temp_dir}"/kernel.deb -c "$RPI_32_KERNEL_URL"
458 457
459 458 # Copy downloaded U-Boot sources
460 459 mv "${temp_dir}"/kernel.deb "${R}"/tmp/kernel.deb
461 460
462 461 # Set permissions
463 462 chown -R root:root "${R}"/tmp/kernel.deb
464 463
465 464 # Install kernel
466 465 chroot_exec dpkg -i /tmp/kernel.deb
467 466
468 467 # move /boot to /boot/firmware to fit script env.
469 468 #mkdir "${BOOT_DIR}"
470 469 mkdir "${temp_dir}"/firmware
471 470 mv "${R}"/boot/* "${temp_dir}"/firmware/
472 471 mv "${temp_dir}"/firmware "${R}"/boot/
473 472
474 473 #same for kernel headers
475 474 if [ "$KERNEL_HEADERS" = true ] ; then
476 475 # Fetch kernel header
477 476 as_nobody wget -O "${temp_dir}"/kernel-header.deb -c "$RPI_32_KERNELHEADER_URL"
478 477 mv "${temp_dir}"/kernel-header.deb "${R}"/tmp/kernel-header.deb
479 478 chown -R root:root "${R}"/tmp/kernel-header.deb
480 479 # Install kernel header
481 480 chroot_exec dpkg -i /tmp/kernel-header.deb
482 481 rm -f "${R}"/tmp/kernel-header.deb
483 482 fi
484 483
485 484 # Remove temporary directory and files
486 485 rm -fr "${temp_dir}"
487 486 rm -f "${R}"/tmp/kernel.deb
488 487 fi
489 488
490 489 # Check if kernel installation was successful
491 490 KERNEL="$(ls -1 "${R}"/boot/firmware/kernel* | sort | tail -n 1)"
492 491 if [ -z "$KERNEL" ] ; then
493 492 echo "error: kernel installation failed! (/boot/kernel* not found)"
494 493 cleanup
495 494 exit 1
496 495 fi
497 496 fi
@@ -1,270 +1,270
1 1 #
2 2 # Setup RPi2/3 config and cmdline
3 3 #
4 4
5 5 # Load utility functions
6 6 . ./functions.sh
7 7
8 if [ "$BUILD_KERNEL" = true ] ; then
8 #if [ "$BUILD_KERNEL" = true ] ; then
9 9 if [ -n "$RPI_FIRMWARE_DIR" ] && [ -d "$RPI_FIRMWARE_DIR" ] ; then
10 10 # Install boot binaries from local directory
11 11 cp "${RPI_FIRMWARE_DIR}"/boot/bootcode.bin "${BOOT_DIR}"/bootcode.bin
12 12 cp "${RPI_FIRMWARE_DIR}"/boot/fixup.dat "${BOOT_DIR}"/fixup.dat
13 13 cp "${RPI_FIRMWARE_DIR}"/boot/fixup_cd.dat "${BOOT_DIR}"/fixup_cd.dat
14 14 cp "${RPI_FIRMWARE_DIR}"/boot/fixup_x.dat "${BOOT_DIR}"/fixup_x.dat
15 15 cp "${RPI_FIRMWARE_DIR}"/boot/start.elf "${BOOT_DIR}"/start.elf
16 16 cp "${RPI_FIRMWARE_DIR}"/boot/start_cd.elf "${BOOT_DIR}"/start_cd.elf
17 17 cp "${RPI_FIRMWARE_DIR}"/boot/start_x.elf "${BOOT_DIR}"/start_x.elf
18 18 else
19 19 # Create temporary directory for boot binaries
20 20 temp_dir=$(as_nobody mktemp -d)
21 21
22 22 # Install latest boot binaries from raspberry/firmware github
23 23 as_nobody wget -q -O "${temp_dir}/bootcode.bin" "${FIRMWARE_URL}/bootcode.bin"
24 24 as_nobody wget -q -O "${temp_dir}/fixup.dat" "${FIRMWARE_URL}/fixup.dat"
25 25 as_nobody wget -q -O "${temp_dir}/fixup_cd.dat" "${FIRMWARE_URL}/fixup_cd.dat"
26 26 as_nobody wget -q -O "${temp_dir}/fixup_x.dat" "${FIRMWARE_URL}/fixup_x.dat"
27 27 as_nobody wget -q -O "${temp_dir}/start.elf" "${FIRMWARE_URL}/start.elf"
28 28 as_nobody wget -q -O "${temp_dir}/start_cd.elf" "${FIRMWARE_URL}/start_cd.elf"
29 29 as_nobody wget -q -O "${temp_dir}/start_x.elf" "${FIRMWARE_URL}/start_x.elf"
30 30
31 31 # Move downloaded boot binaries
32 32 mv "${temp_dir}/"* "${BOOT_DIR}/"
33 33
34 34 # Remove temporary directory for boot binaries
35 35 rm -fr "${temp_dir}"
36 36
37 37 # Set permissions of the boot binaries
38 38 chown -R root:root "${BOOT_DIR}"
39 39 chmod -R 600 "${BOOT_DIR}"
40 40 fi
41 fi
41 #fi
42 42
43 43 # Setup firmware boot cmdline
44 44 if [ "$ENABLE_UBOOTUSB" = true ] ; then
45 45 CMDLINE="dwc_otg.lpm_enable=0 root=/dev/sda2 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline rootwait console=tty1 init=/bin/systemd"
46 46 else
47 47 if [ "$ENABLE_SPLITFS" = true ] ; then
48 48 CMDLINE="dwc_otg.lpm_enable=0 root=/dev/sda1 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline rootwait console=tty1 init=/bin/systemd"
49 49 else
50 50 CMDLINE="dwc_otg.lpm_enable=0 root=/dev/mmcblk0p2 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline rootwait console=tty1 init=/bin/systemd"
51 51 fi
52 52 fi
53 53
54 54 # Add encrypted root partition to cmdline.txt
55 55 if [ "$ENABLE_CRYPTFS" = true ] ; then
56 56 if [ "$ENABLE_SPLITFS" = true ] ; then
57 57 CMDLINE=$(echo "${CMDLINE}" | sed "s/sda1/mapper\/${CRYPTFS_MAPPING} cryptdevice=\/dev\/sda1:${CRYPTFS_MAPPING}/")
58 58 else
59 59 if [ "$ENABLE_UBOOTUSB" = true ] ; then
60 60 CMDLINE=$(echo "${CMDLINE}" | sed "s/sda2/mapper\/${CRYPTFS_MAPPING} cryptdevice=\/dev\/sda2:${CRYPTFS_MAPPING}/")
61 61 else
62 62 CMDLINE=$(echo "${CMDLINE}" | sed "s/mmcblk0p2/mapper\/${CRYPTFS_MAPPING} cryptdevice=\/dev\/mmcblk0p2:${CRYPTFS_MAPPING}/")
63 63 fi
64 64 fi
65 65 fi
66 66
67 67 if [ "$ENABLE_PRINTK" = true ] ; then
68 68 install_readonly files/sysctl.d/83-rpi-printk.conf "${ETC_DIR}/sysctl.d/83-rpi-printk.conf"
69 69 fi
70 70
71 71 # Install udev rule for serial alias - serial0 = console serial1=bluetooth
72 72 install_readonly files/etc/99-com.rules "${LIB_DIR}/udev/rules.d/99-com.rules"
73 73
74 74 # Remove IPv6 networking support
75 75 if [ "$ENABLE_IPV6" = false ] ; then
76 76 CMDLINE="${CMDLINE} ipv6.disable=1"
77 77 fi
78 78
79 79 # Automatically assign predictable network interface names
80 80 if [ "$ENABLE_IFNAMES" = false ] ; then
81 81 CMDLINE="${CMDLINE} net.ifnames=0"
82 82 else
83 83 CMDLINE="${CMDLINE} net.ifnames=1"
84 84 fi
85 85
86 86 # Install firmware config
87 87 install_readonly files/boot/config.txt "${BOOT_DIR}/config.txt"
88 88
89 89 #locks cpu at max frequency
90 90 if [ "$ENABLE_TURBO" = true ] ; then
91 91 echo "force_turbo=1" >> "${BOOT_DIR}/config.txt"
92 92 # helps to avoid sdcard corruption when force_turbo is enabled.
93 93 echo "boot_delay=1" >> "${BOOT_DIR}/config.txt"
94 94 fi
95 95
96 96 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then
97 97
98 98 # Bluetooth enabled
99 99 if [ "$ENABLE_BLUETOOTH" = true ] ; then
100 100 # Create temporary directory for Bluetooth sources
101 101 temp_dir=$(as_nobody mktemp -d)
102 102
103 103 # Fetch Bluetooth sources
104 104 as_nobody git -C "${temp_dir}" clone "${BLUETOOTH_URL}"
105 105
106 106 # Copy downloaded sources
107 107 mv "${temp_dir}/pi-bluetooth" "${R}/tmp/"
108 108
109 109 # Bluetooth firmware from arch aur https://aur.archlinux.org/packages/pi-bluetooth/
110 110 as_nobody wget -q -O "${R}/tmp/pi-bluetooth/LICENCE.broadcom_bcm43xx" https://aur.archlinux.org/cgit/aur.git/plain/LICENCE.broadcom_bcm43xx?h=pi-bluetooth
111 111 as_nobody wget -q -O "${R}/tmp/pi-bluetooth/BCM43430A1.hcd" https://aur.archlinux.org/cgit/aur.git/plain/BCM43430A1.hcd?h=pi-bluetooth
112 112
113 113 # Set permissions
114 114 chown -R root:root "${R}/tmp/pi-bluetooth"
115 115
116 116 # Install tools
117 117 install_readonly "${R}/tmp/pi-bluetooth/usr/bin/btuart" "${R}/usr/bin/btuart"
118 118 install_readonly "${R}/tmp/pi-bluetooth/usr/bin/bthelper" "${R}/usr/bin/bthelper"
119 119
120 120 # Install bluetooth udev rule
121 121 install_readonly "${R}/tmp/pi-bluetooth/lib/udev/rules.d/90-pi-bluetooth.rules" "${LIB_DIR}/udev/rules.d/90-pi-bluetooth.rules"
122 122
123 123 # Install Firmware Flash file and apropiate licence
124 124 mkdir -p "$BLUETOOTH_FIRMWARE_DIR"
125 125 install_readonly "${R}/tmp/pi-bluetooth/LICENCE.broadcom_bcm43xx" "${BLUETOOTH_FIRMWARE_DIR}/LICENCE.broadcom_bcm43xx"
126 126 install_readonly "${R}/tmp/pi-bluetooth/BCM43430A1.hcd" "${BLUETOOTH_FIRMWARE_DIR}/LICENCE.broadcom_bcm43xx"
127 127 install_readonly "${R}/tmp/pi-bluetooth/debian/pi-bluetooth.bthelper@.service" "${ETC_DIR}/systemd/system/pi-bluetooth.bthelper@.service"
128 128 install_readonly "${R}/tmp/pi-bluetooth/debian/pi-bluetooth.hciuart.service" "${ETC_DIR}/systemd/system/pi-bluetooth.hciuart.service"
129 129
130 130 # Remove temporary directory
131 131 rm -fr "${temp_dir}"
132 132
133 133 # Switch Pi3 Bluetooth function to use the mini-UART (ttyS0) and restore UART0/ttyAMA0 over GPIOs 14 & 15. Slow Bluetooth and slow cpu. Use /dev/ttyS0 instead of /dev/ttyAMA0
134 134 if [ "$ENABLE_MINIUART_OVERLAY" = true ] ; then
135 135
136 136 # set overlay to swap ttyAMA0 and ttyS0
137 137 echo "dtoverlay=pi3-miniuart-bt" >> "${BOOT_DIR}/config.txt"
138 138
139 139 # if force_turbo didn't lock cpu at high speed, lock it at low speed (XOR logic) or miniuart will be broken
140 140 if [ "$ENABLE_TURBO" = false ] ; then
141 141 echo "core_freq=250" >> "${BOOT_DIR}/config.txt"
142 142 fi
143 143 fi
144 144
145 145 # Activate services
146 146 chroot_exec systemctl enable pi-bluetooth.hciuart.service
147 147 chroot_exec systemctl enable pi-bluetooth.bthelper@serial1.service
148 148
149 149 else # if ENABLE_BLUETOOTH = false
150 150 # set overlay to disable bluetooth
151 151 echo "dtoverlay=pi3-disable-bt" >> "${BOOT_DIR}/config.txt"
152 152 fi # ENABLE_BLUETOOTH end
153 153 fi
154 154
155 155 # may need sudo systemctl disable hciuart
156 156 if [ "$ENABLE_CONSOLE" = true ] ; then
157 157 echo "enable_uart=1" >> "${BOOT_DIR}/config.txt"
158 158 # add string to cmdline
159 159 CMDLINE="${CMDLINE} console=serial0,115200"
160 160
161 161 # Enable serial console systemd style
162 162 chroot_exec systemctl enable serial-getty@serial0.service
163 163 else
164 164 echo "enable_uart=0" >> "${BOOT_DIR}/config.txt"
165 165 # disable serial console systemd style
166 166 #chroot_exec systemctl disable serial-getty@serial0.service
167 167 fi
168 168
169 169 # Remove cmdline.txt entry of starting zswap
170 170 if [ "$KERNEL_ZSWAP" = true ] ; then
171 171 CMDLINE="${CMDLINE} zswap.enabled=1 zswap.max_pool_percent=25 zswap.compressor=lz4"
172 172 fi
173 173
174 174 if [ "$ENABLE_SYSTEMDSWAP" = true ] ; then
175 175
176 176 # Remove cmdline.txt entry of starting zswap
177 177 if [ "$KERNEL_ZSWAP" = true ] ; then
178 178 sed -i 's|zswap.enabled=1 zswap.max_pool_percent=25 zswap.compressor=lz4||g'
179 179 fi
180 180 # Create temporary directory for systemd-swap sources
181 181 temp_dir=$(as_nobody mktemp -d)
182 182
183 183 # Fetch systemd-swap sources
184 184 as_nobody git -C "${temp_dir}" clone "${ZSWAP_URL}"
185 185
186 186 # Copy downloaded systemd-swap sources
187 187 mv "${temp_dir}/systemd-swap" "${R}/tmp/"
188 188
189 189 # Set permissions of the systemd-swap sources
190 190 chown -R root:root "${R}/tmp/systemd-swap"
191 191
192 192 # Remove temporary directory for systemd-swap sources
193 193 rm -fr "${temp_dir}"
194 194
195 195 # Change into downloaded src dir
196 196 cd "${R}/tmp/systemd-swap" || exit
197 197
198 198 # Build package
199 199 . ./systemd-swap/package.sh debian
200 200
201 201 # Install package
202 202 chroot_exec dpkg -i /tmp/systemd-swap/systemd-swap-*any.deb
203 203
204 204 # Enable service
205 205 chroot_exec systemctl enable systemd-swap
206 206
207 207 # Change back into script root dir
208 208 cd "${WORKDIR}" || exit
209 209 fi
210 210
211 211 # Install firmware boot cmdline
212 212 echo "${CMDLINE}" > "${BOOT_DIR}/cmdline.txt"
213 213
214 214 # Setup minimal GPU memory allocation size: 16MB (no X)
215 215 if [ "$ENABLE_MINGPU" = true ] ; then
216 216 echo "gpu_mem=16" >> "${BOOT_DIR}/config.txt"
217 217 fi
218 218
219 219 # Setup boot with initramfs
220 220 if [ "$ENABLE_INITRAMFS" = true ] ; then
221 221 echo "initramfs initramfs-${KERNEL_VERSION} followkernel" >> "${BOOT_DIR}/config.txt"
222 222 fi
223 223
224 224 # Create firmware configuration and cmdline symlinks
225 225 ln -sf firmware/config.txt "${R}/boot/config.txt"
226 226 ln -sf firmware/cmdline.txt "${R}/boot/cmdline.txt"
227 227
228 228 # Install and setup kernel modules to load at boot
229 229 mkdir -p "${LIB_DIR}/modules-load.d/"
230 230 install_readonly files/modules/rpi2.conf "${LIB_DIR}/modules-load.d/rpi2.conf"
231 231
232 232 # Load hardware random module at boot
233 233 if [ "$ENABLE_HWRANDOM" = true ] && [ "$BUILD_KERNEL" = false ] ; then
234 234 sed -i "s/^# bcm2708_rng/bcm2708_rng/" "${LIB_DIR}/modules-load.d/rpi2.conf"
235 235 fi
236 236
237 237 # Load sound module at boot
238 238 if [ "$ENABLE_SOUND" = true ] ; then
239 239 sed -i "s/^# snd_bcm2835/snd_bcm2835/" "${LIB_DIR}/modules-load.d/rpi2.conf"
240 240 else
241 241 echo "dtparam=audio=off" >> "${BOOT_DIR}/config.txt"
242 242 fi
243 243
244 244 # Enable I2C interface
245 245 if [ "$ENABLE_I2C" = true ] ; then
246 246 echo "dtparam=i2c_arm=on" >> "${BOOT_DIR}/config.txt"
247 247 sed -i "s/^# i2c-bcm2708/i2c-bcm2708/" "${LIB_DIR}/modules-load.d/rpi2.conf"
248 248 sed -i "s/^# i2c-dev/i2c-dev/" "${LIB_DIR}/modules-load.d/rpi2.conf"
249 249 fi
250 250
251 251 # Enable SPI interface
252 252 if [ "$ENABLE_SPI" = true ] ; then
253 253 echo "dtparam=spi=on" >> "${BOOT_DIR}/config.txt"
254 254 echo "spi-bcm2708" >> "${LIB_DIR}/modules-load.d/rpi2.conf"
255 255 if [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ]; then
256 256 sed -i "s/spi-bcm2708/spi-bcm2835/" "${LIB_DIR}/modules-load.d/rpi2.conf"
257 257 fi
258 258 fi
259 259
260 260 # Disable RPi2/3 under-voltage warnings
261 261 if [ -n "$DISABLE_UNDERVOLT_WARNINGS" ] ; then
262 262 echo "avoid_warnings=${DISABLE_UNDERVOLT_WARNINGS}" >> "${BOOT_DIR}/config.txt"
263 263 fi
264 264
265 265 # Install kernel modules blacklist
266 266 mkdir -p "${ETC_DIR}/modprobe.d/"
267 267 install_readonly files/modules/raspi-blacklist.conf "${ETC_DIR}/modprobe.d/raspi-blacklist.conf"
268 268
269 269 # Install sysctl.d configuration files
270 270 install_readonly files/sysctl.d/81-rpi-vm.conf "${ETC_DIR}/sysctl.d/81-rpi-vm.conf"
@@ -1,95 +1,100
1 1 #!/bin/sh
2 2 #
3 3 # Build and Setup nexmon with monitor mode patch
4 4 #
5 5
6 6 # Load utility functions
7 7 . ./functions.sh
8 8
9 9 if [ "$ENABLE_NEXMON" = true ] && [ "$ENABLE_WIRELESS" = true ]; then
10
10 # Copy existing nexmon sources into chroot directory
11 if [ -n "$NEXMONSRC_DIR" ] && [ -d "$NEXMONSRC_DIR" ] ; then
12 # Copy local U-Boot sources
13 cp -r "${NEXMONSRC_DIR}" "${R}/tmp"
14 else
11 15 # Create temporary directory for nexmon sources
12 16 temp_dir=$(as_nobody mktemp -d)
13 17
14 18 # Fetch nexmon sources
15 19 as_nobody git -C "${temp_dir}" clone "${NEXMON_URL}"
16 20
17 21 # Copy downloaded nexmon sources
18 22 mv "${temp_dir}/nexmon" "${R}"/tmp/
19 23
20 24 # Set permissions of the nexmon sources
21 25 chown -R root:root "${R}"/tmp/nexmon
22 26
23 # Set script Root
24 export NEXMON_ROOT="${R}"/tmp/nexmon
25
26 27 # Remove temporary directory for nexmon sources
27 28 rm -fr "${temp_dir}"
29 fi
30
31 # Set script Root
32 export NEXMON_ROOT="${R}"/tmp/nexmon
28 33
29 34 # Build nexmon firmware outside the build system, if we can.
30 35 cd "${NEXMON_ROOT}" || exit
31 36
37 # Make ancient isl build
38 cd buildtools/isl-0.10 || exit
39 CC="${CC}"gcc
40 ./configure
41 make
42
32 43 # Disable statistics
33 44 touch DISABLE_STATISTICS
34 45
35 46 # Setup Enviroment: see https://github.com/NoobieDog/nexmon/blob/master/setup_env.sh
36 47 #ARCH="${KERNEL_ARCH}"
37 48 #SUBARCH="${KERNEL_ARCH}"
38 49 export KERNEL="${KERNEL_IMAGE}"
39 50 export ARCH=arm
40 51 export SUBARCH=arm
41 52 export CC="${NEXMON_ROOT}"/buildtools/gcc-arm-none-eabi-5_4-2016q2-linux-x86/bin/arm-none-eabi-
42 53 export CCPLUGIN="${NEXMON_ROOT}"/buildtools/gcc-nexmon-plugin/nexmon.so
43 54 export ZLIBFLATE="zlib-flate -compress"
44 55 export Q=@
45 56 export NEXMON_SETUP_ENV=1
46 57 export HOSTUNAME=$(uname -s)
47 58 export PLATFORMUNAME=$(uname -m)
48 59 #. ./setup_env.sh
49 60
50 61 # Make nexmon
51 62 make
52 63
53 # Make ancient isl build
54 cd buildtools/isl-0.10 || exit
55 CC="${CC}"gcc
56 ./configure
57 make
58
59 64 # Backup stock broadcom wlan driver - "${LIB_DIR}"/modules/${KERNEL_VERSION}/kernel/drivers/net/wireless/broadcom/brcm80211/brcmfmac/brcmfmac.ko
60 65 brcmfmac_path=$(modinfo brcmfmac | grep -m 1 -oP "^filename:(\s*?)(.*)$" | sed -e 's/^filename:\(\s*\)\(.*\)$/\2/g')
61 66 mv "${brcmfmac_path}" "${brcmfmac_path}".orig
62 67
63 68 # build patches
64 69 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 3 ] ; then
65 70 cd "${NEXMON_ROOT}"/patches/bcm43430a1/7_45_41_46/nexmon || exit
66 71 make clean
67 72
68 73 # We do this so we don't have to install the ancient isl version into /usr/local/lib on systems.
69 74 LD_LIBRARY_PATH="${NEXMON_ROOT}"/buildtools/isl-0.10/.libs make ARCH="${KERNEL_ARCH}" CC="${NEXMON_ROOT}"/buildtools/gcc-arm-none-eabi-5_4-2016q2-linux-x86/bin/arm-none-eabi-
70 75
71 76 # copy RPi0W & RPi3 firmware
72 77 mv "${WLAN_FIRMWARE_DIR}"/brcmfmac43430-sdio.bin "${WLAN_FIRMWARE_DIR}"/brcmfmac43430-sdio.org.bin
73 78 cp "${NEXMON_ROOT}"/patches/bcm43430a1/7_45_41_46/nexmon/brcmfmac43430-sdio.bin "${WLAN_FIRMWARE_DIR}"/brcmfmac43430-sdio.nexmon.bin
74 79 cp -f "${NEXMON_ROOT}"/patches/bcm43430a1/7_45_41_46/nexmon/brcmfmac43430-sdio.bin "${WLAN_FIRMWARE_DIR}"/brcmfmac43430-sdio.bin
75 80
76 81 cp "${NEXMON_ROOT}"/patches/bcm43430a1/7_45_41_46/nexmon/brcmfmac_4.14.y-nexmon/brcmfmac.ko "${brcmfmac_path}"
77 82 fi
78 83
79 84 if [ "$RPI_MODEL" = 3P ] ; then
80 85 cd "${NEXMON_ROOT}"/patches/bcm43455c0/7_45_154/nexmon || exit
81 86 make clean
82 87
83 88 # We do this so we don't have to install the ancient isl version into /usr/local/lib on systems.
84 89 LD_LIBRARY_PATH=${NEXMON_ROOT}/buildtools/isl-0.10/.libs make ARCH="${KERNEL_ARCH}" CC="${NEXMON_ROOT}"/buildtools/gcc-arm-none-eabi-5_4-2016q2-linux-x86/bin/arm-none-eabi-
85 90
86 91 # RPi3B+ firmware
87 92 mv "${WLAN_FIRMWARE_DIR}"/brcmfmac43455-sdio.bin "${WLAN_FIRMWARE_DIR}"/brcmfmac43455-sdio.org.bin
88 93 cp "${NEXMON_ROOT}"/patches/bcm43455c0/7_45_154/nexmon/brcmfmac43455-sdio.bin "${WLAN_FIRMWARE_DIR}"/brcmfmac43455-sdio.nexmon.bin
89 94 cp -f "${NEXMON_ROOT}"/patches/bcm43455c0/7_45_154/nexmon/brcmfmac43455-sdio.bin "${WLAN_FIRMWARE_DIR}"/brcmfmac43455-sdio.bin
90 95 fi
91 96
92 97 #Revert to previous directory
93 98 cd "${WORKDIR}" || exit
94 99
95 100 fi
@@ -1,847 +1,852
1 1 #!/bin/sh
2 2 ########################################################################
3 3 # rpi23-gen-image.sh 2015-2017
4 4 #
5 5 # Advanced Debian "stretch" and "buster" bootstrap script for RPi2/3
6 6 #
7 7 # This program is free software; you can redistribute it and/or
8 8 # modify it under the terms of the GNU General Public License
9 9 # as published by the Free Software Foundation; either version 2
10 10 # of the License, or (at your option) any later version.
11 11 #
12 12 # Copyright (C) 2015 Jan Wagner <mail@jwagner.eu>
13 13 #
14 14 # Big thanks for patches and enhancements by 20+ github contributors!
15 15 ########################################################################
16 16
17 17 # Are we running as root?
18 18 if [ "$(id -u)" -ne "0" ] ; then
19 19 echo "error: this script must be executed with root privileges!"
20 20 exit 1
21 21 fi
22 22
23 23 # Check if ./functions.sh script exists
24 24 if [ ! -r "./functions.sh" ] ; then
25 25 echo "error: './functions.sh' required script not found!"
26 26 exit 1
27 27 fi
28 28
29 29 # Load utility functions
30 30 . ./functions.sh
31 31
32 32 # Load parameters from configuration template file
33 33 if [ -n "$CONFIG_TEMPLATE" ] ; then
34 34 use_template
35 35 fi
36 36
37 37 # Introduce settings
38 38 set -e
39 39 echo -n -e "\n#\n# RPi2/3 Bootstrap Settings\n#\n"
40 40 set -x
41 41
42 42 # Raspberry Pi model configuration
43 43 RPI_MODEL=${RPI_MODEL:=2}
44 44
45 45 # Debian release
46 46 RELEASE=${RELEASE:=buster}
47 47
48 48 # Kernel Branch
49 49 KERNEL_BRANCH=${KERNEL_BRANCH:=""}
50 50
51 51 # URLs
52 52 KERNEL_URL=${KERNEL_URL:=https://github.com/raspberrypi/linux}
53 53 FIRMWARE_URL=${FIRMWARE_URL:=https://github.com/raspberrypi/firmware/raw/master/boot}
54 54 WLAN_FIRMWARE_URL=${WLAN_FIRMWARE_URL:=https://github.com/RPi-Distro/firmware-nonfree/raw/master/brcm}
55 55 COLLABORA_URL=${COLLABORA_URL:=https://repositories.collabora.co.uk/debian}
56 56 FBTURBO_URL=${FBTURBO_URL:=https://github.com/ssvb/xf86-video-fbturbo.git}
57 57 UBOOT_URL=${UBOOT_URL:=https://git.denx.de/u-boot.git}
58 58 VIDEOCORE_URL=${VIDEOCORE_URL:=https://github.com/raspberrypi/userland}
59 59 #BIS= Kernel has KVM and zswap enabled
60 60 RPI3_64_BIS_KERNEL_URL=${RPI3_64_BIS_KERNEL_URL:=https://github.com/sakaki-/bcmrpi3-kernel-bis/releases/download/4.14.80.20181113/bcmrpi3-kernel-bis-4.14.80.20181113.tar.xz}
61 61 #default bcmrpi3_defconfig target kernel
62 62 RPI3_64_DEF_KERNEL_URL=${RPI3_64_DEF_KERNEL_URL:=https://github.com/sakaki-/bcmrpi3-kernel/releases/download/4.14.80.20181113/bcmrpi3-kernel-4.14.80.20181113.tar.xz}
63 63 #enhanced kernel
64 64 RPI3_64_KERNEL_URL=${RPI3_64_KERNEL_URL:=$RPI3_64_DEF_KERNEL_URL}
65 65 BLUETOOTH_URL=${BLUETOOTH_URL:=https://github.com/RPi-Distro/pi-bluetooth.git}
66 66 NEXMON_URL=${NEXMON_URL:=https://github.com/seemoo-lab/nexmon.git}
67 67 SYSTEMDSWAP_URL=${SYSTEMDSWAP_URL:=https://github.com/Nefelim4ag/systemd-swap.git}
68 68 RPI_32_KERNEL_URL=${RPI_32_KERNEL_URL:=https://github.com/hypriot/rpi-kernel/releases/download/v4.14.34/raspberrypi-kernel_20180422-141901_armhf.deb}
69 69 RPI_32_KERNELHEADER_URL=${RPI_32_KERNELHEADER_URL:=https://github.com/hypriot/rpi-kernel/releases/download/v4.14.34/raspberrypi-kernel-headers_20180422-141901_armhf.deb}
70 70
71 71 # Build directories
72 72 WORKDIR=$(pwd)
73 73 BASEDIR=${BASEDIR:=${WORKDIR}/images/${RELEASE}}
74 74 BUILDDIR="${BASEDIR}/build"
75 75
76 76 # Chroot directories
77 77 R="${BUILDDIR}/chroot"
78 78 ETC_DIR="${R}/etc"
79 79 LIB_DIR="${R}/lib"
80 80 BOOT_DIR="${R}/boot/firmware"
81 81 KERNEL_DIR="${R}/usr/src/linux"
82 82 WLAN_FIRMWARE_DIR="${LIB_DIR}/firmware/brcm"
83 83 BLUETOOTH_FIRMWARE_DIR="${ETC_DIR}/firmware/bt"
84 84
85 85 # Firmware directory: Blank if download from github
86 86 RPI_FIRMWARE_DIR=${RPI_FIRMWARE_DIR:=""}
87 87
88 88 # General settings
89 89 SET_ARCH=${SET_ARCH:=32}
90 90 HOSTNAME=${HOSTNAME:=rpi${RPI_MODEL}-${RELEASE}}
91 91 PASSWORD=${PASSWORD:=raspberry}
92 92 USER_PASSWORD=${USER_PASSWORD:=raspberry}
93 93 DEFLOCAL=${DEFLOCAL:="en_US.UTF-8"}
94 94 TIMEZONE=${TIMEZONE:="Europe/Berlin"}
95 95 EXPANDROOT=${EXPANDROOT:=true}
96 96
97 97 # Keyboard settings
98 98 XKB_MODEL=${XKB_MODEL:=""}
99 99 XKB_LAYOUT=${XKB_LAYOUT:=""}
100 100 XKB_VARIANT=${XKB_VARIANT:=""}
101 101 XKB_OPTIONS=${XKB_OPTIONS:=""}
102 102
103 103 # Network settings (DHCP)
104 104 ENABLE_DHCP=${ENABLE_DHCP:=true}
105 105
106 106 # Network settings (static)
107 107 NET_ADDRESS=${NET_ADDRESS:=""}
108 108 NET_GATEWAY=${NET_GATEWAY:=""}
109 109 NET_DNS_1=${NET_DNS_1:=""}
110 110 NET_DNS_2=${NET_DNS_2:=""}
111 111 NET_DNS_DOMAINS=${NET_DNS_DOMAINS:=""}
112 112 NET_NTP_1=${NET_NTP_1:=""}
113 113 NET_NTP_2=${NET_NTP_2:=""}
114 114
115 115 # APT settings
116 116 APT_PROXY=${APT_PROXY:=""}
117 117 APT_SERVER=${APT_SERVER:="ftp.debian.org"}
118 118
119 119 # Feature settings
120 120 ENABLE_PRINTK=${ENABLE_PRINTK:=false}
121 121 ENABLE_BLUETOOTH=${ENABLE_BLUETOOTH:=false}
122 122 ENABLE_MINIUART_OVERLAY=${ENABLE_MINIUART_OVERLAY:=false}
123 123 ENABLE_CONSOLE=${ENABLE_CONSOLE:=true}
124 124 ENABLE_I2C=${ENABLE_I2C:=false}
125 125 ENABLE_SPI=${ENABLE_SPI:=false}
126 126 ENABLE_IPV6=${ENABLE_IPV6:=true}
127 127 ENABLE_SSHD=${ENABLE_SSHD:=true}
128 128 ENABLE_NONFREE=${ENABLE_NONFREE:=false}
129 129 ENABLE_WIRELESS=${ENABLE_WIRELESS:=false}
130 130 ENABLE_SOUND=${ENABLE_SOUND:=true}
131 131 ENABLE_DBUS=${ENABLE_DBUS:=true}
132 132 ENABLE_HWRANDOM=${ENABLE_HWRANDOM:=true}
133 133 ENABLE_MINGPU=${ENABLE_MINGPU:=false}
134 134 ENABLE_XORG=${ENABLE_XORG:=false}
135 135 ENABLE_WM=${ENABLE_WM:=""}
136 136 ENABLE_RSYSLOG=${ENABLE_RSYSLOG:=true}
137 137 ENABLE_USER=${ENABLE_USER:=true}
138 138 USER_NAME=${USER_NAME:="pi"}
139 139 ENABLE_ROOT=${ENABLE_ROOT:=false}
140 140 ENABLE_QEMU=${ENABLE_QEMU:=false}
141 141 ENABLE_SYSVINIT=${ENABLE_SYSVINIT:=false}
142 142
143 143 # SSH settings
144 144 SSH_ENABLE_ROOT=${SSH_ENABLE_ROOT:=false}
145 145 SSH_DISABLE_PASSWORD_AUTH=${SSH_DISABLE_PASSWORD_AUTH:=false}
146 146 SSH_LIMIT_USERS=${SSH_LIMIT_USERS:=false}
147 147 SSH_ROOT_PUB_KEY=${SSH_ROOT_PUB_KEY:=""}
148 148 SSH_USER_PUB_KEY=${SSH_USER_PUB_KEY:=""}
149 149
150 150 # Advanced settings
151 151 ENABLE_SYSTEMDSWAP=${ENABLE_MINBASE:=false}
152 152 ENABLE_MINBASE=${ENABLE_MINBASE:=false}
153 153 ENABLE_REDUCE=${ENABLE_REDUCE:=false}
154 154 ENABLE_UBOOT=${ENABLE_UBOOT:=false}
155 155 UBOOTSRC_DIR=${UBOOTSRC_DIR:=""}
156 156 ENABLE_UBOOTUSB=${ENABLE_UBOOTUSB=false}
157 157 ENABLE_FBTURBO=${ENABLE_FBTURBO:=false}
158 158 ENABLE_VIDEOCORE=${ENABLE_VIDEOCORE:=false}
159 159 ENABLE_NEXMON=${ENABLE_NEXMON:=false}
160 160 VIDEOCORESRC_DIR=${VIDEOCORESRC_DIR:=""}
161 161 FBTURBOSRC_DIR=${FBTURBOSRC_DIR:=""}
162 NEXMON_DIR=${NEXMON_DIR:=""}
162 NEXMONSRC_DIR=${NEXMONSRC_DIR:=""}
163 163 ENABLE_HARDNET=${ENABLE_HARDNET:=false}
164 164 ENABLE_IPTABLES=${ENABLE_IPTABLES:=false}
165 165 ENABLE_SPLITFS=${ENABLE_SPLITFS:=false}
166 166 ENABLE_INITRAMFS=${ENABLE_INITRAMFS:=false}
167 167 ENABLE_IFNAMES=${ENABLE_IFNAMES:=true}
168 168 DISABLE_UNDERVOLT_WARNINGS=${DISABLE_UNDERVOLT_WARNINGS:=}
169 169
170 170 # Kernel compilation settings
171 171 BUILD_KERNEL=${BUILD_KERNEL:=true}
172 172 KERNEL_REDUCE=${KERNEL_REDUCE:=false}
173 173 KERNEL_THREADS=${KERNEL_THREADS:=1}
174 174 KERNEL_HEADERS=${KERNEL_HEADERS:=true}
175 175 KERNEL_MENUCONFIG=${KERNEL_MENUCONFIG:=false}
176 176 KERNEL_REMOVESRC=${KERNEL_REMOVESRC:=true}
177 177 KERNEL_OLDDEFCONFIG=${KERNEL_OLDDEFCONFIG:=false}
178 178 KERNEL_CCACHE=${KERNEL_CCACHE:=false}
179 179 KERNEL_ZSWAP=${KERNEL_ZSWAP:=false}
180 180 KERNEL_VIRT=${KERNEL_VIRT:=false}
181 181 KERNEL_BPF=${KERNEL_BPF:=false}
182 182 KERNEL_DEFAULT_GOV=${KERNEL_DEFAULT_GOV:=POWERSAVE}
183 183
184 184 # Kernel compilation from source directory settings
185 185 KERNELSRC_DIR=${KERNELSRC_DIR:=""}
186 186 KERNELSRC_CLEAN=${KERNELSRC_CLEAN:=false}
187 187 KERNELSRC_CONFIG=${KERNELSRC_CONFIG:=true}
188 188 KERNELSRC_PREBUILT=${KERNELSRC_PREBUILT:=false}
189 189
190 190 # Reduce disk usage settings
191 191 REDUCE_APT=${REDUCE_APT:=true}
192 192 REDUCE_DOC=${REDUCE_DOC:=true}
193 193 REDUCE_MAN=${REDUCE_MAN:=true}
194 194 REDUCE_VIM=${REDUCE_VIM:=false}
195 195 REDUCE_BASH=${REDUCE_BASH:=false}
196 196 REDUCE_HWDB=${REDUCE_HWDB:=true}
197 197 REDUCE_SSHD=${REDUCE_SSHD:=true}
198 198 REDUCE_LOCALE=${REDUCE_LOCALE:=true}
199 199
200 200 # Encrypted filesystem settings
201 201 ENABLE_CRYPTFS=${ENABLE_CRYPTFS:=false}
202 202 CRYPTFS_PASSWORD=${CRYPTFS_PASSWORD:=""}
203 203 CRYPTFS_MAPPING=${CRYPTFS_MAPPING:="secure"}
204 204 CRYPTFS_CIPHER=${CRYPTFS_CIPHER:="aes-xts-plain64:sha512"}
205 205 CRYPTFS_XTSKEYSIZE=${CRYPTFS_XTSKEYSIZE:=512}
206 206 #Dropbear-initramfs supports unlocking encrypted filesystem via SSH on bootup
207 207 CRYPTFS_DROPBEAR=${CRYPTFS_DROPBEAR:=false}
208 208 #Provide your own Dropbear Public RSA-OpenSSH Key otherwise it will be generated
209 209 CRYPTFS_DROPBEAR_PUBKEY=${CRYPTFS_DROPBEAR_PUBKEY:=""}
210 210
211 211 # Chroot scripts directory
212 212 CHROOT_SCRIPTS=${CHROOT_SCRIPTS:=""}
213 213
214 214 # Packages required in the chroot build environment
215 215 APT_INCLUDES=${APT_INCLUDES:=""}
216 216 APT_INCLUDES="${APT_INCLUDES},apt-transport-https,apt-utils,ca-certificates,debian-archive-keyring,dialog,sudo,systemd,sysvinit-utils,locales,keyboard-configuration,console-setup,libnss-systemd"
217 217
218 218 #Packages to exclude from chroot build environment
219 219 APT_EXCLUDES=${APT_EXCLUDES:=""}
220 220
221 221 # Packages required for bootstrapping
222 222 REQUIRED_PACKAGES="debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git bc psmisc dbus sudo netselect-apt"
223 223 MISSING_PACKAGES=""
224 224
225 225 # Packages installed for c/c++ build environment in chroot (keep empty)
226 226 COMPILER_PACKAGES=""
227 227
228 228 #Check if apt-cacher-ng has port 3142 open and set APT_PROXY
229 229 APT_CACHER_RUNNING=$(lsof -i :3142 | cut -d ' ' -f3 | uniq | sed '/^\s*$/d')
230 230 if [ "${APT_CACHER_RUNNING}" = "apt-cacher-ng" ] ; then
231 231 APT_PROXY=http://127.0.0.1:3142/
232 232 fi
233 233
234 234 #netselect-apt does not know buster yet
235 235 if [ "$RELEASE" = "buster" ] ; then
236 236 RLS=testing
237 237 else
238 238 RLS="$RELEASE"
239 239 fi
240 240
241 241 if [ -f "$(pwd)/files/apt/sources.list" ] ; then
242 242 rm "$(pwd)/files/apt/sources.list"
243 243 fi
244 244
245 245 if [ "$ENABLE_NONFREE" = true ] ; then
246 246 netselect-apt --arch "$RELEASE_ARCH" -t 3 --sources --nonfree --outfile "$(pwd)/files/apt/sources.list" -d "$RLS"
247 247 else
248 248 netselect-apt --arch "$RELEASE_ARCH" -t 3 --sources --outfile "$(pwd)/files/apt/sources.list" -d "$RLS"
249 249 fi
250 250
251 251 #sed and cut the result string so we can use it as APT_SERVER
252 252 APT_SERVER=$(grep -m 1 http files/apt/sources.list | sed "s|http://| |g" | cut -d ' ' -f 3 | sed 's|/$|''|')
253 253
254 254 #make script easier and more stable to use with convenient setup switch. Just setup SET_ARCH and RPI_MODEL and your good to go!
255 255 if [ -n "$SET_ARCH" ] ; then
256 256 # 64 bit configuration
257 257 if [ "$SET_ARCH" = 64 ] ; then
258 258 # General 64 bit depended settings
259 259 QEMU_BINARY=${QEMU_BINARY:=/usr/bin/qemu-aarch64-static}
260 260 KERNEL_ARCH=${KERNEL_ARCH:=arm64}
261 261 KERNEL_BIN_IMAGE=${KERNEL_BIN_IMAGE:="Image"}
262 262
263 263 # Board specific settings
264 264 if [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then
265 265 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-arm64"
266 266 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcmrpi3_defconfig}
267 267 RELEASE_ARCH=${RELEASE_ARCH:=arm64}
268 268 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel8.img}
269 269 CROSS_COMPILE=${CROSS_COMPILE:=aarch64-linux-gnu-}
270 270 else
271 271 echo "error: Only Raspberry PI 3 and 3B+ support 64 bit"
272 272 exit 1
273 273 fi
274 274 fi
275 275
276 276 # 32 bit configuration
277 277 if [ "$SET_ARCH" = 32 ] ; then
278 278 # General 32 bit dependend settings
279 279 QEMU_BINARY=${QEMU_BINARY:=/usr/bin/qemu-arm-static}
280 280 KERNEL_ARCH=${KERNEL_ARCH:=arm}
281 281 KERNEL_BIN_IMAGE=${KERNEL_BIN_IMAGE:="zImage"}
282 282
283 283 # Hardware specific settings
284 284 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 1 ] || [ "$RPI_MODEL" = 1P ] ; then
285 285 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-armel"
286 286 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcmrpi_defconfig}
287 287 RELEASE_ARCH=${RELEASE_ARCH:=armel}
288 288 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel.img}
289 289 CROSS_COMPILE=${CROSS_COMPILE:=arm-linux-gnueabi-}
290 290 fi
291 291
292 292 # Hardware specific settings
293 293 if [ "$RPI_MODEL" = 2 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then
294 294 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-armhf"
295 295 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcm2709_defconfig}
296 296 RELEASE_ARCH=${RELEASE_ARCH:=armhf}
297 297 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel7.img}
298 298 CROSS_COMPILE=${CROSS_COMPILE:=arm-linux-gnueabihf-}
299 299 fi
300 300 fi
301 301 #SET_ARCH not set
302 302 else
303 303 echo "error: Please set '32' or '64' as value for SET_ARCH"
304 304 exit 1
305 305 fi
306 306 # Device specific configuration and U-Boot configuration
307 307 case "$RPI_MODEL" in
308 308 0)
309 309 DTB_FILE=${DTB_FILE:=bcm2708-rpi-0-w.dtb}
310 310 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_defconfig}
311 311 ;;
312 312 1)
313 313 DTB_FILE=${DTB_FILE:=bcm2708-rpi-b.dtb}
314 314 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_defconfig}
315 315 ;;
316 316 1P)
317 317 DTB_FILE=${DTB_FILE:=bcm2708-rpi-b-plus.dtb}
318 318 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_defconfig}
319 319 ;;
320 320 2)
321 321 DTB_FILE=${DTB_FILE:=bcm2709-rpi-2-b.dtb}
322 322 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_2_defconfig}
323 323 ;;
324 324 3)
325 325 DTB_FILE=${DTB_FILE:=bcm2710-rpi-3-b.dtb}
326 326 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_3_defconfig}
327 327 ;;
328 328 3P)
329 329 DTB_FILE=${DTB_FILE:=bcm2710-rpi-3-b.dtb}
330 330 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_3_defconfig}
331 331 ;;
332 332 *)
333 333 echo "error: Raspberry Pi model $RPI_MODEL is not supported!"
334 334 exit 1
335 335 ;;
336 336 esac
337 337
338 338 # Raspberry PI 0,3,3P with Bluetooth and Wifi onboard
339 339 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then
340 340 # Include bluetooth packages on supported boards
341 341 if [ "$ENABLE_BLUETOOTH" = true ] && [ "$ENABLE_CONSOLE" = false ]; then
342 342 APT_INCLUDES="${APT_INCLUDES},bluetooth,bluez"
343 343 fi
344 344 else # Raspberry PI 1,1P,2 without Wifi and bluetooth onboard
345 345 # Check if the internal wireless interface is not supported by the RPi model
346 346 if [ "$ENABLE_WIRELESS" = true ] || [ "$ENABLE_BLUETOOTH" = true ]; then
347 347 echo "error: The selected Raspberry Pi model has no integrated interface for wireless or bluetooth"
348 348 exit 1
349 349 fi
350 350 fi
351 351
352 352 # Prepare date string for default image file name
353 353 DATE="$(date +%Y-%m-%d)"
354 354 if [ -z "$KERNEL_BRANCH" ] ; then
355 355 IMAGE_NAME=${IMAGE_NAME:=${BASEDIR}/${DATE}-${KERNEL_ARCH}-CURRENT-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}}
356 356 else
357 357 IMAGE_NAME=${IMAGE_NAME:=${BASEDIR}/${DATE}-${KERNEL_ARCH}-${KERNEL_BRANCH}-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}}
358 358 fi
359 359
360 360 # Check if DISABLE_UNDERVOLT_WARNINGS parameter value is supported
361 361 if [ -n "$DISABLE_UNDERVOLT_WARNINGS" ] ; then
362 362 if [ "$DISABLE_UNDERVOLT_WARNINGS" != 1 ] && [ "$DISABLE_UNDERVOLT_WARNINGS" != 2 ] ; then
363 363 echo "error: DISABLE_UNDERVOLT_WARNINGS=${DISABLE_UNDERVOLT_WARNINGS} is not supported"
364 364 exit 1
365 365 fi
366 366 fi
367 367
368 368 set +x
369 369
370 370 # Add cmake to compile videocore sources
371 371 if [ "$ENABLE_VIDEOCORE" = true ] ; then
372 372 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} cmake"
373 373 fi
374 374
375 # Add deps for nexmon
376 if [ "$ENABLE_NEXMON" = true ] ; then
377 REQUIRED_PACKAGES="${REQUIRED_PACKAGES},libgmp3-dev,gawk,qpdf,bison,flex,make,autoconf,automake,build-essential,libtool"
378 fi
379
375 380 # Add libncurses5 to enable kernel menuconfig
376 381 if [ "$KERNEL_MENUCONFIG" = true ] ; then
377 382 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} libncurses-dev"
378 383 fi
379 384
380 385 # Add ccache compiler cache for (faster) kernel cross (re)compilation
381 386 if [ "$KERNEL_CCACHE" = true ] ; then
382 387 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} ccache"
383 388 fi
384 389
385 390 # Add cryptsetup package to enable filesystem encryption
386 391 if [ "$ENABLE_CRYPTFS" = true ] && [ "$BUILD_KERNEL" = true ] ; then
387 392 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} cryptsetup"
388 393 APT_INCLUDES="${APT_INCLUDES},cryptsetup,busybox,console-setup"
389 394
390 395 #If cryptfs,dropbear and initramfs are enabled include dropbear-initramfs package
391 396 if [ "$CRYPTFS_DROPBEAR" = true ] && [ "$ENABLE_INITRAMFS" = true ]; then
392 397 APT_INCLUDES="${APT_INCLUDES},dropbear-initramfs"
393 398 fi
394 399
395 400 if [ -z "$CRYPTFS_PASSWORD" ] ; then
396 401 echo "error: no password defined (CRYPTFS_PASSWORD)!"
397 402 exit 1
398 403 fi
399 404 ENABLE_INITRAMFS=true
400 405 fi
401 406
402 407 # Add initramfs generation tools
403 408 if [ "$ENABLE_INITRAMFS" = true ] && [ "$BUILD_KERNEL" = true ] ; then
404 409 APT_INCLUDES="${APT_INCLUDES},initramfs-tools"
405 410 fi
406 411
407 412 # Add device-tree-compiler required for building the U-Boot bootloader
408 413 if [ "$ENABLE_UBOOT" = true ] ; then
409 414 APT_INCLUDES="${APT_INCLUDES},device-tree-compiler,bison,flex,bc"
410 415 else
411 416 if [ "$ENABLE_UBOOTUSB" = true ] ; then
412 417 echo "error: Enabling UBOOTUSB requires u-boot to be enabled"
413 418 exit 1
414 419 fi
415 420 fi
416 421
417 422 # Check if root SSH (v2) public key file exists
418 423 if [ -n "$SSH_ROOT_PUB_KEY" ] ; then
419 424 if [ ! -f "$SSH_ROOT_PUB_KEY" ] ; then
420 425 echo "error: '$SSH_ROOT_PUB_KEY' specified SSH public key file not found (SSH_ROOT_PUB_KEY)!"
421 426 exit 1
422 427 fi
423 428 fi
424 429
425 430 # Check if $USER_NAME SSH (v2) public key file exists
426 431 if [ -n "$SSH_USER_PUB_KEY" ] ; then
427 432 if [ ! -f "$SSH_USER_PUB_KEY" ] ; then
428 433 echo "error: '$SSH_USER_PUB_KEY' specified SSH public key file not found (SSH_USER_PUB_KEY)!"
429 434 exit 1
430 435 fi
431 436 fi
432 437
433 438 # Check if all required packages are installed on the build system
434 439 for package in $REQUIRED_PACKAGES ; do
435 440 if [ "$(dpkg-query -W -f='${Status}' "$package")" != "install ok installed" ] ; then
436 441 MISSING_PACKAGES="${MISSING_PACKAGES} $package"
437 442 fi
438 443 done
439 444
440 445 # If there are missing packages ask confirmation for install, or exit
441 446 if [ -n "$MISSING_PACKAGES" ] ; then
442 447 echo "the following packages needed by this script are not installed:"
443 448 echo "$MISSING_PACKAGES"
444 449
445 450 printf "\ndo you want to install the missing packages right now? [y/n] "
446 451 read -r confirm
447 452 [ "$confirm" != "y" ] && exit 1
448 453
449 454 # Make sure all missing required packages are installed
450 455 apt-get -qq -y install "${MISSING_PACKAGES}"
451 456 fi
452 457
453 458 # Check if ./bootstrap.d directory exists
454 459 if [ ! -d "./bootstrap.d/" ] ; then
455 460 echo "error: './bootstrap.d' required directory not found!"
456 461 exit 1
457 462 fi
458 463
459 464 # Check if ./files directory exists
460 465 if [ ! -d "./files/" ] ; then
461 466 echo "error: './files' required directory not found!"
462 467 exit 1
463 468 fi
464 469
465 470 # Check if specified KERNELSRC_DIR directory exists
466 471 if [ -n "$KERNELSRC_DIR" ] && [ ! -d "$KERNELSRC_DIR" ] ; then
467 472 echo "error: '${KERNELSRC_DIR}' specified directory not found (KERNELSRC_DIR)!"
468 473 exit 1
469 474 fi
470 475
471 476 # Check if specified UBOOTSRC_DIR directory exists
472 477 if [ -n "$UBOOTSRC_DIR" ] && [ ! -d "$UBOOTSRC_DIR" ] ; then
473 478 echo "error: '${UBOOTSRC_DIR}' specified directory not found (UBOOTSRC_DIR)!"
474 479 exit 1
475 480 fi
476 481
477 482 # Check if specified VIDEOCORESRC_DIR directory exists
478 483 if [ -n "$VIDEOCORESRC_DIR" ] && [ ! -d "$VIDEOCORESRC_DIR" ] ; then
479 484 echo "error: '${VIDEOCORESRC_DIR}' specified directory not found (VIDEOCORESRC_DIR)!"
480 485 exit 1
481 486 fi
482 487
483 488 # Check if specified FBTURBOSRC_DIR directory exists
484 489 if [ -n "$FBTURBOSRC_DIR" ] && [ ! -d "$FBTURBOSRC_DIR" ] ; then
485 490 echo "error: '${FBTURBOSRC_DIR}' specified directory not found (FBTURBOSRC_DIR)!"
486 491 exit 1
487 492 fi
488 493
489 # Check if specified NEXMON_DIR directory exists
490 if [ -n "$NEXMON_DIR" ] && [ ! -d "$NEXMON_DIR" ] ; then
491 echo "error: '${NEXMON_DIR}' specified directory not found (NEXMON_DIR)!"
494 # Check if specified NEXMONSRC_DIR directory exists
495 if [ -n "$NEXMONSRC_DIR" ] && [ ! -d "$NEXMONSRC_DIR" ] ; then
496 echo "error: '${NEXMONSRC_DIR}' specified directory not found (NEXMONSRC_DIR)!"
492 497 exit 1
493 498 fi
494 499
495 500 # Check if specified CHROOT_SCRIPTS directory exists
496 501 if [ -n "$CHROOT_SCRIPTS" ] && [ ! -d "$CHROOT_SCRIPTS" ] ; then
497 502 echo "error: ${CHROOT_SCRIPTS} specified directory not found (CHROOT_SCRIPTS)!"
498 503 exit 1
499 504 fi
500 505
501 506 # Check if specified device mapping already exists (will be used by cryptsetup)
502 507 if [ -r "/dev/mapping/${CRYPTFS_MAPPING}" ] ; then
503 508 echo "error: mapping /dev/mapping/${CRYPTFS_MAPPING} already exists, not proceeding"
504 509 exit 1
505 510 fi
506 511
507 512 # Don't clobber an old build
508 513 if [ -e "$BUILDDIR" ] ; then
509 514 echo "error: directory ${BUILDDIR} already exists, not proceeding"
510 515 exit 1
511 516 fi
512 517
513 518 # Setup chroot directory
514 519 mkdir -p "${R}"
515 520
516 521 # Check if build directory has enough of free disk space >512MB
517 522 if [ "$(df --output=avail "${BUILDDIR}" | sed "1d")" -le "524288" ] ; then
518 523 echo "error: ${BUILDDIR} not enough space left to generate the output image!"
519 524 exit 1
520 525 fi
521 526
522 527 set -x
523 528
524 529 # Call "cleanup" function on various signals and errors
525 530 trap cleanup 0 1 2 3 6
526 531
527 532 # Add required packages for the minbase installation
528 533 if [ "$ENABLE_MINBASE" = true ] ; then
529 534 APT_INCLUDES="${APT_INCLUDES},vim-tiny,netbase,net-tools,ifupdown"
530 535 fi
531 536
532 537 # Add parted package, required to get partprobe utility
533 538 if [ "$EXPANDROOT" = true ] ; then
534 539 APT_INCLUDES="${APT_INCLUDES},parted"
535 540 fi
536 541
537 542 # Add dbus package, recommended if using systemd
538 543 if [ "$ENABLE_DBUS" = true ] ; then
539 544 APT_INCLUDES="${APT_INCLUDES},dbus"
540 545 fi
541 546
542 547 # Add iptables IPv4/IPv6 package
543 548 if [ "$ENABLE_IPTABLES" = true ] ; then
544 549 APT_INCLUDES="${APT_INCLUDES},iptables,iptables-persistent"
545 550 fi
546 551
547 552 # Add openssh server package
548 553 if [ "$ENABLE_SSHD" = true ] ; then
549 554 APT_INCLUDES="${APT_INCLUDES},openssh-server"
550 555 fi
551 556
552 557 # Add alsa-utils package
553 558 if [ "$ENABLE_SOUND" = true ] ; then
554 559 APT_INCLUDES="${APT_INCLUDES},alsa-utils"
555 560 fi
556 561
557 562 # Add rng-tools package
558 563 if [ "$ENABLE_HWRANDOM" = true ] ; then
559 564 APT_INCLUDES="${APT_INCLUDES},rng-tools"
560 565 fi
561 566
562 567 # Add fbturbo video driver
563 568 if [ "$ENABLE_FBTURBO" = true ] ; then
564 569 # Enable xorg package dependencies
565 570 ENABLE_XORG=true
566 571 fi
567 572
568 573 # Add user defined window manager package
569 574 if [ -n "$ENABLE_WM" ] ; then
570 575 APT_INCLUDES="${APT_INCLUDES},${ENABLE_WM}"
571 576
572 577 # Enable xorg package dependencies
573 578 ENABLE_XORG=true
574 579 fi
575 580
576 581 # Add xorg package
577 582 if [ "$ENABLE_XORG" = true ] ; then
578 583 APT_INCLUDES="${APT_INCLUDES},xorg,dbus-x11"
579 584 fi
580 585
581 586 # Replace selected packages with smaller clones
582 587 if [ "$ENABLE_REDUCE" = true ] ; then
583 588 # Add levee package instead of vim-tiny
584 589 if [ "$REDUCE_VIM" = true ] ; then
585 590 APT_INCLUDES="$(echo ${APT_INCLUDES} | sed "s/vim-tiny/levee/")"
586 591 fi
587 592
588 593 # Add dropbear package instead of openssh-server
589 594 if [ "$REDUCE_SSHD" = true ] ; then
590 595 APT_INCLUDES="$(echo "${APT_INCLUDES}" | sed "s/openssh-server/dropbear/")"
591 596 fi
592 597 fi
593 598
594 599 # Configure systemd-sysv exclude to make halt/reboot/shutdown scripts available
595 600 if [ "$ENABLE_SYSVINIT" = false ] ; then
596 601 APT_EXCLUDES="--exclude=${APT_EXCLUDES},init,systemd-sysv"
597 602 fi
598 603
599 604 # Configure kernel sources if no KERNELSRC_DIR
600 605 if [ "$BUILD_KERNEL" = true ] && [ -z "$KERNELSRC_DIR" ] ; then
601 606 KERNELSRC_CONFIG=true
602 607 fi
603 608
604 609 # Configure reduced kernel
605 610 if [ "$KERNEL_REDUCE" = true ] ; then
606 611 KERNELSRC_CONFIG=false
607 612 fi
608 613
609 614 # Configure qemu compatible kernel
610 615 if [ "$ENABLE_QEMU" = true ] ; then
611 616 DTB_FILE=vexpress-v2p-ca15_a7.dtb
612 617 UBOOT_CONFIG=vexpress_ca15_tc2_defconfig
613 618 KERNEL_DEFCONFIG="vexpress_defconfig"
614 619 if [ "$KERNEL_MENUCONFIG" = false ] ; then
615 620 KERNEL_OLDDEFCONFIG=true
616 621 fi
617 622 fi
618 623
619 624 # Execute bootstrap scripts
620 625 for SCRIPT in bootstrap.d/*.sh; do
621 626 head -n 3 "$SCRIPT"
622 627 . "$SCRIPT"
623 628 done
624 629
625 630 ## Execute custom bootstrap scripts
626 631 if [ -d "custom.d" ] ; then
627 632 for SCRIPT in custom.d/*.sh; do
628 633 . "$SCRIPT"
629 634 done
630 635 fi
631 636
632 637 # Execute custom scripts inside the chroot
633 638 if [ -n "$CHROOT_SCRIPTS" ] && [ -d "$CHROOT_SCRIPTS" ] ; then
634 639 cp -r "${CHROOT_SCRIPTS}" "${R}/chroot_scripts"
635 640 chroot_exec /bin/bash -x <<'EOF'
636 641 for SCRIPT in /chroot_scripts/* ; do
637 642 if [ -f $SCRIPT -a -x $SCRIPT ] ; then
638 643 $SCRIPT
639 644 fi
640 645 done
641 646 EOF
642 647 rm -rf "${R}/chroot_scripts"
643 648 fi
644 649
645 650 # Remove c/c++ build environment from the chroot
646 651 chroot_remove_cc
647 652
648 653 # Generate required machine-id
649 654 MACHINE_ID=$(dbus-uuidgen)
650 655 echo -n "${MACHINE_ID}" > "${R}/var/lib/dbus/machine-id"
651 656 echo -n "${MACHINE_ID}" > "${ETC_DIR}/machine-id"
652 657
653 658 # APT Cleanup
654 659 chroot_exec apt-get -y clean
655 660 chroot_exec apt-get -y autoclean
656 661 chroot_exec apt-get -y autoremove
657 662
658 663 # Unmount mounted filesystems
659 664 umount -l "${R}/proc"
660 665 umount -l "${R}/sys"
661 666
662 667 # Clean up directories
663 668 rm -rf "${R}/run/*"
664 669 rm -rf "${R}/tmp/*"
665 670
666 671 # Clean up files
667 672 rm -f "${ETC_DIR}/ssh/ssh_host_*"
668 673 rm -f "${ETC_DIR}/dropbear/dropbear_*"
669 674 rm -f "${ETC_DIR}/apt/sources.list.save"
670 675 rm -f "${ETC_DIR}/resolvconf/resolv.conf.d/original"
671 676 rm -f "${ETC_DIR}/*-"
672 677 rm -f "${ETC_DIR}/apt/apt.conf.d/10proxy"
673 678 rm -f "${ETC_DIR}/resolv.conf"
674 679 rm -f "${R}/root/.bash_history"
675 680 rm -f "${R}/var/lib/urandom/random-seed"
676 681 rm -f "${R}/initrd.img"
677 682 rm -f "${R}/vmlinuz"
678 683 rm -f "${R}${QEMU_BINARY}"
679 684
680 685 if [ "$ENABLE_QEMU" = true ] ; then
681 686 # Setup QEMU directory
682 687 mkdir "${BASEDIR}/qemu"
683 688
684 689 # Copy kernel image to QEMU directory
685 690 install_readonly "${BOOT_DIR}/${KERNEL_IMAGE}" "${BASEDIR}/qemu/${KERNEL_IMAGE}"
686 691
687 692 # Copy kernel config to QEMU directory
688 693 install_readonly "${R}/boot/config-${KERNEL_VERSION}" "${BASEDIR}/qemu/config-${KERNEL_VERSION}"
689 694
690 695 # Copy kernel dtbs to QEMU directory
691 696 for dtb in "${BOOT_DIR}/"*.dtb ; do
692 697 if [ -f "${dtb}" ] ; then
693 698 install_readonly "${dtb}" "${BASEDIR}/qemu/"
694 699 fi
695 700 done
696 701
697 702 # Copy kernel overlays to QEMU directory
698 703 if [ -d "${BOOT_DIR}/overlays" ] ; then
699 704 # Setup overlays dtbs directory
700 705 mkdir "${BASEDIR}/qemu/overlays"
701 706
702 707 for dtb in "${BOOT_DIR}/overlays/"*.dtb ; do
703 708 if [ -f "${dtb}" ] ; then
704 709 install_readonly "${dtb}" "${BASEDIR}/qemu/overlays/"
705 710 fi
706 711 done
707 712 fi
708 713
709 714 # Copy u-boot files to QEMU directory
710 715 if [ "$ENABLE_UBOOT" = true ] ; then
711 716 if [ -f "${BOOT_DIR}/u-boot.bin" ] ; then
712 717 install_readonly "${BOOT_DIR}/u-boot.bin" "${BASEDIR}/qemu/u-boot.bin"
713 718 fi
714 719 if [ -f "${BOOT_DIR}/uboot.mkimage" ] ; then
715 720 install_readonly "${BOOT_DIR}/uboot.mkimage" "${BASEDIR}/qemu/uboot.mkimage"
716 721 fi
717 722 if [ -f "${BOOT_DIR}/boot.scr" ] ; then
718 723 install_readonly "${BOOT_DIR}/boot.scr" "${BASEDIR}/qemu/boot.scr"
719 724 fi
720 725 fi
721 726
722 727 # Copy initramfs to QEMU directory
723 728 if [ -f "${BOOT_DIR}/initramfs-${KERNEL_VERSION}" ] ; then
724 729 install_readonly "${BOOT_DIR}/initramfs-${KERNEL_VERSION}" "${BASEDIR}/qemu/initramfs-${KERNEL_VERSION}"
725 730 fi
726 731 fi
727 732
728 733 # Calculate size of the chroot directory in KB
729 734 CHROOT_SIZE=$(expr "$(du -s "${R}" | awk '{ print $1 }')")
730 735
731 736 # Calculate the amount of needed 512 Byte sectors
732 737 TABLE_SECTORS=$(expr 1 \* 1024 \* 1024 \/ 512)
733 738 FRMW_SECTORS=$(expr 64 \* 1024 \* 1024 \/ 512)
734 739 ROOT_OFFSET=$(expr "${TABLE_SECTORS}" + "${FRMW_SECTORS}")
735 740
736 741 # The root partition is EXT4
737 742 # This means more space than the actual used space of the chroot is used.
738 743 # As overhead for journaling and reserved blocks 35% are added.
739 744 ROOT_SECTORS=$(expr "$(expr "${CHROOT_SIZE}" + "${CHROOT_SIZE}" \/ 100 \* 35)" \* 1024 \/ 512)
740 745
741 746 # Calculate required image size in 512 Byte sectors
742 747 IMAGE_SECTORS=$(expr "${TABLE_SECTORS}" + "${FRMW_SECTORS}" + "${ROOT_SECTORS}")
743 748
744 749 # Prepare image file
745 750 if [ "$ENABLE_SPLITFS" = true ] ; then
746 751 dd if=/dev/zero of="$IMAGE_NAME-frmw.img" bs=512 count="${TABLE_SECTORS}"
747 752 dd if=/dev/zero of="$IMAGE_NAME-frmw.img" bs=512 count=0 seek="${FRMW_SECTORS}"
748 753 dd if=/dev/zero of="$IMAGE_NAME-root.img" bs=512 count="${TABLE_SECTORS}"
749 754 dd if=/dev/zero of="$IMAGE_NAME-root.img" bs=512 count=0 seek="${ROOT_SECTORS}"
750 755
751 756 # Write firmware/boot partition tables
752 757 sfdisk -q -L -uS -f "$IMAGE_NAME-frmw.img" 2> /dev/null <<EOM
753 758 ${TABLE_SECTORS},${FRMW_SECTORS},c,*
754 759 EOM
755 760
756 761 # Write root partition table
757 762 sfdisk -q -L -uS -f "$IMAGE_NAME-root.img" 2> /dev/null <<EOM
758 763 ${TABLE_SECTORS},${ROOT_SECTORS},83
759 764 EOM
760 765
761 766 # Setup temporary loop devices
762 767 FRMW_LOOP="$(losetup -o 1M --sizelimit 64M -f --show "$IMAGE_NAME"-frmw.img)"
763 768 ROOT_LOOP="$(losetup -o 1M -f --show "$IMAGE_NAME"-root.img)"
764 769 else # ENABLE_SPLITFS=false
765 770 dd if=/dev/zero of="$IMAGE_NAME.img" bs=512 count="${TABLE_SECTORS}"
766 771 dd if=/dev/zero of="$IMAGE_NAME.img" bs=512 count=0 seek="${IMAGE_SECTORS}"
767 772
768 773 # Write partition table
769 774 sfdisk -q -L -uS -f "$IMAGE_NAME.img" 2> /dev/null <<EOM
770 775 ${TABLE_SECTORS},${FRMW_SECTORS},c,*
771 776 ${ROOT_OFFSET},${ROOT_SECTORS},83
772 777 EOM
773 778
774 779 # Setup temporary loop devices
775 780 FRMW_LOOP="$(losetup -o 1M --sizelimit 64M -f --show "$IMAGE_NAME".img)"
776 781 ROOT_LOOP="$(losetup -o 65M -f --show "$IMAGE_NAME".img)"
777 782 fi
778 783
779 784 if [ "$ENABLE_CRYPTFS" = true ] ; then
780 785 # Create dummy ext4 fs
781 786 mkfs.ext4 "$ROOT_LOOP"
782 787
783 788 # Setup password keyfile
784 789 touch .password
785 790 chmod 600 .password
786 791 echo -n ${CRYPTFS_PASSWORD} > .password
787 792
788 793 # Initialize encrypted partition
789 794 echo "YES" | cryptsetup luksFormat "${ROOT_LOOP}" -c "${CRYPTFS_CIPHER}" -s "${CRYPTFS_XTSKEYSIZE}" .password
790 795
791 796 # Open encrypted partition and setup mapping
792 797 cryptsetup luksOpen "${ROOT_LOOP}" -d .password "${CRYPTFS_MAPPING}"
793 798
794 799 # Secure delete password keyfile
795 800 shred -zu .password
796 801
797 802 # Update temporary loop device
798 803 ROOT_LOOP="/dev/mapper/${CRYPTFS_MAPPING}"
799 804
800 805 # Wipe encrypted partition (encryption cipher is used for randomness)
801 806 dd if=/dev/zero of="${ROOT_LOOP}" bs=512 count="$(blockdev --getsz "${ROOT_LOOP}")"
802 807 fi
803 808
804 809 # Build filesystems
805 810 mkfs.vfat "$FRMW_LOOP"
806 811 mkfs.ext4 "$ROOT_LOOP"
807 812
808 813 # Mount the temporary loop devices
809 814 mkdir -p "$BUILDDIR/mount"
810 815 mount "$ROOT_LOOP" "$BUILDDIR/mount"
811 816
812 817 mkdir -p "$BUILDDIR/mount/boot/firmware"
813 818 mount "$FRMW_LOOP" "$BUILDDIR/mount/boot/firmware"
814 819
815 820 # Copy all files from the chroot to the loop device mount point directory
816 821 rsync -a "${R}/" "$BUILDDIR/mount/"
817 822
818 823 # Unmount all temporary loop devices and mount points
819 824 cleanup
820 825
821 826 # Create block map file(s) of image(s)
822 827 if [ "$ENABLE_SPLITFS" = true ] ; then
823 828 # Create block map files for "bmaptool"
824 829 bmaptool create -o "$IMAGE_NAME-frmw.bmap" "$IMAGE_NAME-frmw.img"
825 830 bmaptool create -o "$IMAGE_NAME-root.bmap" "$IMAGE_NAME-root.img"
826 831
827 832 # Image was successfully created
828 833 echo "$IMAGE_NAME-frmw.img ($(expr \( "${TABLE_SECTORS}" + "${FRMW_SECTORS}" \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
829 834 echo "$IMAGE_NAME-root.img ($(expr \( "${TABLE_SECTORS}" + "${ROOT_SECTORS}" \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
830 835 else
831 836 # Create block map file for "bmaptool"
832 837 bmaptool create -o "$IMAGE_NAME.bmap" "$IMAGE_NAME.img"
833 838
834 839 # Image was successfully created
835 840 echo "$IMAGE_NAME.img ($(expr \( "${TABLE_SECTORS}" + "${FRMW_SECTORS}" + "${ROOT_SECTORS}" \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
836 841
837 842 # Create qemu qcow2 image
838 843 if [ "$ENABLE_QEMU" = true ] ; then
839 844 QEMU_IMAGE=${QEMU_IMAGE:=${BASEDIR}/qemu/${DATE}-${KERNEL_ARCH}-CURRENT-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}}
840 845 QEMU_SIZE=16G
841 846
842 847 qemu-img convert -f raw -O qcow2 "$IMAGE_NAME".img "$QEMU_IMAGE".qcow2
843 848 qemu-img resize "$QEMU_IMAGE".qcow2 $QEMU_SIZE
844 849
845 850 echo "$QEMU_IMAGE.qcow2 ($QEMU_SIZE)" ": successfully created"
846 851 fi
847 852 fi
General Comments 0
Vous devez vous connecter pour laisser un commentaire. Se connecter maintenant