##// END OF EJS Templates
Merge branch 'vknecht-net-static'
Jan Wagner -
r38:8c841853ea81 Fusion
parent child
Show More
@@ -1,109 +1,135
1 1 # rpi2-gen-image
2 2 ## Introduction
3 3 `rpi2-gen-image.sh` is an advanced Debian Linux bootstrapping shell script for generating Debian OS images for the Raspberry 2 (RPi2) computer. The script at this time only supports the bootstrapping of the current stable Debian 8 "jessie" release.
4 4
5 5 ## Build dependencies
6 6 The following list of Debian packages must be installed on the build system because they are essentially required for the bootstrapping process. The script will check if all required packages are installed and missing packages will be installed automatically if confirmed by the user.
7 7
8 8 ```debootstrap debian-archive-keyring qemu-user-static dosfstools rsync bmap-tools whois git-core```
9 9
10 10 ## Command-line parameters
11 11 The script accepts certain command-line parameters to enable or disable specific OS features, services and configuration settings. These parameters are passed to the `rpi2-gen-image.sh` script via (simple) shell-variables. Unlike environment shell-variables (simple) shell-variables are defined at the beginning of the command-line call of the `rpi2-gen-image.sh` script.
12 12
13 13 #####Command-line examples:
14 14 ```shell
15 15 ENABLE_UBOOT=true ./rpi2-gen-image.sh
16 16 ENABLE_CONSOLE=false ENABLE_IPV6=false ./rpi2-gen-image.sh
17 17 ENABLE_WM=xfce4 ENABLE_FBTURBO=true ENABLE_MINBASE=true ./rpi2-gen-image.sh
18 18 ENABLE_HARDNET=true ENABLE_IPTABLES=true /rpi2-gen-image.sh
19 19 APT_SERVER=ftp.de.debian.org APT_PROXY="http://127.0.0.1:3142/" ./rpi2-gen-image.sh
20 20 ENABLE_MINBASE=true ./rpi2-gen-image.sh
21 21 ```
22 22
23 23 #### APT settings:
24 24 ##### `APT_SERVER`="ftp.debian.org"
25 25 Set Debian packages server address. Choose a server from the list of Debian worldwide [mirror sites](https://www.debian.org/mirror/list). Using a nearby server will probably speed-up all required downloads within the bootstrapping process.
26 26
27 27 ##### `APT_PROXY`=""
28 28 Set Proxy server address. Using a local Proxy-Cache like `apt-cacher-ng` will speed-up the bootstrapping process because all required Debian packages will only be downloaded from the Debian mirror site once.
29 29
30 30 #### General system settings:
31 31 ##### `HOSTNAME`="rpi2-jessie"
32 32 Set system host name. It's recommended that the host name is unique in the corresponding subnet.
33 33
34 34 ##### `PASSWORD`="raspberry"
35 35 Set system `root` password. The same password is used for the created user `pi`. It's **STRONGLY** recommended that you choose a custom password.
36 36
37 37 ##### `DEFLOCAL`="en_US.UTF-8"
38 38 Set default system locale. This setting can also be changed inside the running OS using the `dpkg-reconfigure locales` command. The script variant `minbase` (ENABLE_MINBASE=true) doesn't install `locales`.
39 39
40
41 40 ##### `TIMEZONE`="Europe/Berlin"
42 41 Set default system timezone. All available timezones can be found in the `/usr/share/zoneinfo/` directory. This setting can also be changed inside the running OS using the `dpkg-reconfigure tzdata` command.
43 42
44 43 #### Keyboard settings:
45 44 These options are used to configure keyboard layout in `/etc/default/keyboard` for console and Xorg. These settings can also be changed inside the running OS using the `dpkg-reconfigure keyboard-configuration` command.
46 45 ##### `XKBMODEL`=""
47 46 ##### `XKBLAYOUT`=""
48 47 ##### `XKBVARIANT`=""
49 48 ##### `XKBOPTIONS`=""
50 49
50 #### Networking settings
51 These settings are used to set up networking configuration in `/etc/systemd/network/eth.network`.
52
53 #####`ENABLE_DHCP`=true
54 Set the system to use DHCP. When set to "true", the following `NET_*` settings (used for static configuration) are ignored.
55
56 #####`NET_ADDRESS`=""
57 Set a static IPv4 or IPv6 address and its prefix, separated by "/", eg. "192.169.0.3/24".
58
59 #####`NET_GATEWAY`=""
60 Set the IP address for the default gateway.
61
62 #####`NET_DNS_1`=""
63 Set the IP address for the first DNS server.
64
65 #####`NET_DNS_2`=""
66 Set the IP address for the second DNS server.
67
68 #####`NET_DNS_DOMAINS`=""
69 Set the default DNS search domains to use for non fully qualified host names.
70
71 #####`NET_NTP_1`=""
72 Set the IP address for the first NTP server.
73
74 #####`NET_NTP_2`=""
75 Set the IP address for the second NTP server.
76
51 77 #### Basic system features:
52 78 ##### `ENABLE_CONSOLE`=true
53 79 Enable serial console interface. Recommended if no monitor or keyboard is connected to the RPi2. In case of problems fe. if the network (auto) configuration failed - the serial console can be used to access the system.
54 80
55 81 ##### `ENABLE_IPV6`=true
56 82 Enable IPv6 support. The network interface configuration is managed via systemd-networkd.
57 83
58 84 ##### `ENABLE_SSHD`=true
59 85 Install and enable OpenSSH service. The default configuration of the service doesn't allow `root` to login. Please use the user `pi` instead and `su -` or `sudo` to execute commands as root.
60 86
61 87 ##### `ENABLE_SOUND`=true
62 88 Enable sound hardware and install Advanced Linux Sound Architecture.
63 89
64 90 ##### `ENABLE_HWRANDOM`=true
65 91 Enable Hardware Random Number Generator. Strong random numbers are important for most network based communications that use encryption. It's recommended to be enabled.
66 92
67 93 ##### `ENABLE_MINGPU`=false
68 94 Minimize the amount of shared memory reserved for the GPU. It doesn't seem to be possible to fully disable the GPU.
69 95
70 96 ##### `ENABLE_DBUS`=true
71 97 Install and enable D-Bus message bus. Please note that systemd should work without D-bus but it's recommended to be enabled.
72 98
73 99 ##### `ENABLE_XORG`=false
74 100 Install Xorg open-source X Window System.
75 101
76 102 ##### `ENABLE_WM`=""
77 103 Install a user defined window manager for the X Window System. To make sure all X related package dependencies are getting installed `ENABLE_XORG` will automatically get enabled if `ENABLE_WM` is used. The `rpi2-gen-image.sh` script has been tested with the following list of window managers: `blackbox`, `openbox`, `fluxbox`, `jwm`, `dwm`, `xfce4`, `awesome`.
78 104
79 105 #### Advanced sytem features:
80 106 ##### `ENABLE_MINBASE`=false
81 107 Use debootstrap script variant `minbase` which only includes essential packages and apt. This will reduce the disk usage by about 65 MB.
82 108
83 109 ##### `ENABLE_UBOOT`=false
84 110 Replace default RPi2 second stage bootloader (bootcode.bin) with U-Boot bootloader. U-Boot can boot images via the network using the BOOTP/TFTP protocol.
85 111
86 112 ##### `ENABLE_FBTURBO`=false
87 113 Install and enable the hardware accelerated Xorg video driver `fbturbo`. Please note that this driver is currently limited to hardware accelerated window moving and scrolling.
88 114
89 115 ##### `ENABLE_IPTABLES`=false
90 116 Enable iptables IPv4/IPv6 firewall. Simplified ruleset: Allow all outgoing connections. Block all incoming connections except to OpenSSH service.
91 117
92 118 ##### `ENABLE_HARDNET`=false
93 119 Enable IPv4/IPv6 network stack hardening settings.
94 120
95 121 ## Logging of the bootstrapping process
96 122 All information related to the bootstrapping process and the commands executed by the `rpi2-gen-image.sh` script can easily be saved into a logfile. The common shell command `script` can be used for this purpose:
97 123
98 124 ```shell
99 125 script -c 'APT_SERVER=ftp.de.debian.org ./rpi2-gen-image.sh' ./build.log
100 126 ```
101 127
102 128 ## Flashing the image file
103 129 After the image file was successfully created by the `rpi2-gen-image.sh` script it can be copied to the microSD card that will be used by the RPi2 computer. This can be performed by using the tools `bmaptool` or `dd`. Using `bmaptool` will probably speed-up the copy process because `bmaptool` copies more wisely than `dd`.
104 130
105 131 #####Flashing examples:
106 132 ```shell
107 133 bmaptool copy ./images/jessie/2015-12-13-debian-jessie.img /dev/mmcblk0
108 134 dd bs=4M if=./images/jessie/2015-12-13-debian-jessie.img of=/dev/mmcblk0
109 135 ```
@@ -1,882 +1,915
1 1 #!/bin/sh
2 2
3 3 ########################################################################
4 4 # rpi2-gen-image.sh ver2a 12/2015
5 5 #
6 6 # Advanced debian "jessie" bootstrap script for RPi2
7 7 #
8 8 # This program is free software; you can redistribute it and/or
9 9 # modify it under the terms of the GNU General Public License
10 10 # as published by the Free Software Foundation; either version 2
11 11 # of the License, or (at your option) any later version.
12 12 #
13 13 # some parts based on rpi2-build-image:
14 14 # Copyright (C) 2015 Ryan Finnie <ryan@finnie.org>
15 15 # Copyright (C) 2015 Luca Falavigna <dktrkranz@debian.org>
16 16 ########################################################################
17 17
18 18 # Clean up all temporary mount points
19 19 cleanup (){
20 20 set +x
21 21 set +e
22 22 echo "removing temporary mount points ..."
23 23 umount -l $R/proc 2> /dev/null
24 24 umount -l $R/sys 2> /dev/null
25 25 umount -l $R/dev/pts 2> /dev/null
26 26 umount "$BUILDDIR/mount/boot/firmware" 2> /dev/null
27 27 umount "$BUILDDIR/mount" 2> /dev/null
28 28 losetup -d "$EXT4_LOOP" 2> /dev/null
29 29 losetup -d "$VFAT_LOOP" 2> /dev/null
30 30 trap - 0 1 2 3 6
31 31 }
32 32
33 33 set -e
34 34 set -x
35 35
36 36 # Debian release
37 37 RELEASE=${RELEASE:=jessie}
38 38
39 39 # Build settings
40 40 BASEDIR=./images/${RELEASE}
41 41 BUILDDIR=${BASEDIR}/build
42 42
43 43 # General settings
44 44 HOSTNAME=${HOSTNAME:=rpi2-${RELEASE}}
45 45 PASSWORD=${PASSWORD:=raspberry}
46 46 DEFLOCAL=${DEFLOCAL:="en_US.UTF-8"}
47 47 TIMEZONE=${TIMEZONE:="Europe/Berlin"}
48 48 XKBMODEL=${XKBMODEL:=""}
49 49 XKBLAYOUT=${XKBLAYOUT:=""}
50 50 XKBVARIANT=${XKBVARIANT:=""}
51 51 XKBOPTIONS=${XKBOPTIONS:=""}
52 52
53 # Network settings
54 ENABLE_DHCP=${ENABLE_DHCP:=true}
55 # NET_* settings are ignored when ENABLE_DHCP=true
56 # NET_ADDRESS is an IPv4 or IPv6 address and its prefix, separated by "/"
57 NET_ADDRESS=${NET_ADDRESS:=""}
58 NET_GATEWAY=${NET_GATEWAY:=""}
59 NET_DNS_1=${NET_DNS_1:=""}
60 NET_DNS_2=${NET_DNS_2:=""}
61 NET_DNS_DOMAINS=${NET_DNS_DOMAINS:=""}
62 NET_NTP_1=${NET_NTP_1:=""}
63 NET_NTP_2=${NET_NTP_2:=""}
64
53 65 # APT settings
54 66 APT_PROXY=${APT_PROXY:=""}
55 67 APT_SERVER=${APT_SERVER:="ftp.debian.org"}
56 68
57 69 # Feature settings
58 70 ENABLE_CONSOLE=${ENABLE_CONSOLE:=true}
59 71 ENABLE_IPV6=${ENABLE_IPV6:=true}
60 72 ENABLE_SSHD=${ENABLE_SSHD:=true}
61 73 ENABLE_SOUND=${ENABLE_SOUND:=true}
62 74 ENABLE_DBUS=${ENABLE_DBUS:=true}
63 75 ENABLE_HWRANDOM=${ENABLE_HWRANDOM:=true}
64 76 ENABLE_MINGPU=${ENABLE_MINGPU:=false}
65 77 ENABLE_XORG=${ENABLE_XORG:=false}
66 78 ENABLE_WM=${ENABLE_WM:=""}
67 79
68 80 # Advanced settings
69 81 ENABLE_MINBASE=${ENABLE_MINBASE:=false}
70 82 ENABLE_UBOOT=${ENABLE_UBOOT:=false}
71 83 ENABLE_FBTURBO=${ENABLE_FBTURBO:=false}
72 84 ENABLE_HARDNET=${ENABLE_HARDNET:=false}
73 85 ENABLE_IPTABLES=${ENABLE_IPTABLES:=false}
74 86
75 87 # Image chroot path
76 88 R=${BUILDDIR}/chroot
77 89
78 90 # Packages required for bootstrapping
79 91 REQUIRED_PACKAGES="debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git-core"
80 92
81 93 # Missing packages that need to be installed
82 94 MISSING_PACKAGES=""
83 95
84 96 # Packages required in the chroot build environment
85 97 APT_INCLUDES="apt-transport-https,ca-certificates,debian-archive-keyring,dialog,sudo"
86 98
87 99 set +x
88 100
89 101 # Are we running as root?
90 102 if [ "$(id -u)" -ne "0" ] ; then
91 103 echo "this script must be executed with root privileges"
92 104 exit 1
93 105 fi
94 106
95 107 # Check if all required packages are installed
96 108 for package in $REQUIRED_PACKAGES ; do
97 109 if [ "`dpkg-query -W -f='${Status}' $package`" != "install ok installed" ] ; then
98 110 MISSING_PACKAGES="$MISSING_PACKAGES $package"
99 111 fi
100 112 done
101 113
102 114 # Ask if missing packages should get installed right now
103 115 if [ -n "$MISSING_PACKAGES" ] ; then
104 116 echo "the following packages needed by this script are not installed:"
105 117 echo "$MISSING_PACKAGES"
106 118
107 119 echo -n "\ndo you want to install the missing packages right now? [y/n] "
108 120 read confirm
109 121 if [ "$confirm" != "y" ] ; then
110 122 exit 1
111 123 fi
112 124 fi
113 125
114 126 # Make sure all required packages are installed
115 127 apt-get -qq -y install ${REQUIRED_PACKAGES}
116 128
117 129 # Don't clobber an old build
118 130 if [ -e "$BUILDDIR" ]; then
119 131 echo "directory $BUILDDIR already exists, not proceeding"
120 132 exit 1
121 133 fi
122 134
123 135 set -x
124 136
125 137 # Call "cleanup" function on various signals and errors
126 138 trap cleanup 0 1 2 3 6
127 139
128 140 # Set up chroot directory
129 141 mkdir -p $R
130 142
131 143 # Add required packages for the minbase installation
132 144 if [ "$ENABLE_MINBASE" = true ] ; then
133 145 APT_INCLUDES="${APT_INCLUDES},vim-tiny,netbase,net-tools"
134 146 else
135 147 APT_INCLUDES="${APT_INCLUDES},locales,keyboard-configuration,console-setup"
136 148 fi
137 149
138 150 # Add dbus package, recommended if using systemd
139 151 if [ "$ENABLE_DBUS" = true ] ; then
140 152 APT_INCLUDES="${APT_INCLUDES},dbus"
141 153 fi
142 154
143 155 # Add iptables IPv4/IPv6 package
144 156 if [ "$ENABLE_IPTABLES" = true ] ; then
145 157 APT_INCLUDES="${APT_INCLUDES},iptables"
146 158 fi
147 159
148 160 # Add openssh server package
149 161 if [ "$ENABLE_SSHD" = true ] ; then
150 162 APT_INCLUDES="${APT_INCLUDES},openssh-server"
151 163 fi
152 164
153 165 # Add alsa-utils package
154 166 if [ "$ENABLE_SOUND" = true ] ; then
155 167 APT_INCLUDES="${APT_INCLUDES},alsa-utils"
156 168 fi
157 169
158 170 # Add rng-tools package
159 171 if [ "$ENABLE_HWRANDOM" = true ] ; then
160 172 APT_INCLUDES="${APT_INCLUDES},rng-tools"
161 173 fi
162 174
163 175 # Add fbturbo video driver
164 176 if [ "$ENABLE_FBTURBO" = true ] ; then
165 177 # Enable xorg package dependencies
166 178 ENABLE_XORG=true
167 179 fi
168 180
169 181 # Add user defined window manager package
170 182 if [ -n "$ENABLE_WM" ] ; then
171 183 APT_INCLUDES="${APT_INCLUDES},${ENABLE_WM}"
172 184
173 185 # Enable xorg package dependencies
174 186 ENABLE_XORG=true
175 187 fi
176 188
177 189 # Add xorg package
178 190 if [ "$ENABLE_XORG" = true ] ; then
179 191 APT_INCLUDES="${APT_INCLUDES},xorg"
180 192 fi
181 193
182 194 # Base debootstrap (unpack only)
183 195 if [ "$ENABLE_MINBASE" = true ] ; then
184 196 http_proxy=${APT_PROXY} debootstrap --arch=armhf --variant=minbase --foreign --include=${APT_INCLUDES} $RELEASE $R http://${APT_SERVER}/debian
185 197 else
186 198 http_proxy=${APT_PROXY} debootstrap --arch=armhf --foreign --include=${APT_INCLUDES} $RELEASE $R http://${APT_SERVER}/debian
187 199 fi
188 200
189 201 # Copy qemu emulator binary to chroot
190 202 cp /usr/bin/qemu-arm-static $R/usr/bin
191 203
192 204 # Copy debian-archive-keyring.pgp
193 205 chroot $R mkdir -p /usr/share/keyrings
194 206 cp /usr/share/keyrings/debian-archive-keyring.gpg $R/usr/share/keyrings/debian-archive-keyring.gpg
195 207
196 208 # Complete the bootstrapping process
197 209 chroot $R /debootstrap/debootstrap --second-stage
198 210
199 211 # Mount required filesystems
200 212 mount -t proc none $R/proc
201 213 mount -t sysfs none $R/sys
202 214 mount --bind /dev/pts $R/dev/pts
203 215
204 216 # Use proxy inside chroot
205 217 if [ -z "$APT_PROXY" ] ; then
206 218 echo "Acquire::http::Proxy \"$APT_PROXY\";" >> $R/etc/apt/apt.conf.d/10proxy
207 219 fi
208 220
209 221 # Pin package flash-kernel to repositories.collabora.co.uk
210 222 cat <<EOM >$R/etc/apt/preferences.d/flash-kernel
211 223 Package: flash-kernel
212 224 Pin: origin repositories.collabora.co.uk
213 225 Pin-Priority: 1000
214 226 EOM
215 227
216 228 # Set up timezone
217 229 echo ${TIMEZONE} >$R/etc/timezone
218 230 LANG=C chroot $R dpkg-reconfigure -f noninteractive tzdata
219 231
220 232 # Upgrade collabora package index and install collabora keyring
221 233 echo "deb https://repositories.collabora.co.uk/debian ${RELEASE} rpi2" >$R/etc/apt/sources.list
222 234 LANG=C chroot $R apt-get -qq -y update
223 235 LANG=C chroot $R apt-get -qq -y --force-yes install collabora-obs-archive-keyring
224 236
225 237 # Set up initial sources.list
226 238 cat <<EOM >$R/etc/apt/sources.list
227 239 deb http://${APT_SERVER}/debian ${RELEASE} main contrib
228 240 #deb-src http://${APT_SERVER}/debian ${RELEASE} main contrib
229 241
230 242 deb http://${APT_SERVER}/debian/ ${RELEASE}-updates main contrib
231 243 #deb-src http://${APT_SERVER}/debian/ ${RELEASE}-updates main contrib
232 244
233 245 deb http://security.debian.org/ ${RELEASE}/updates main contrib
234 246 #deb-src http://security.debian.org/ ${RELEASE}/updates main contrib
235 247
236 248 deb https://repositories.collabora.co.uk/debian ${RELEASE} rpi2
237 249 EOM
238 250
239 251 # Upgrade package index and update all installed packages and changed dependencies
240 252 LANG=C chroot $R apt-get -qq -y update
241 253 LANG=C chroot $R apt-get -qq -y -u dist-upgrade
242 254
243 255 # Set up default locale and keyboard configuration
244 256 if [ "$ENABLE_MINBASE" = false ] ; then
245 257 # Set locale choice in debconf db, even though dpkg-reconfigure ignores and overwrites them due to some bug
246 258 # https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=684134 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=685957
247 259 # ... so we have to set locales manually
248 260 if [ "$DEFLOCAL" = "en_US.UTF-8" ] ; then
249 261 LANG=C chroot $R echo "locales locales/locales_to_be_generated multiselect ${DEFLOCAL} UTF-8" | debconf-set-selections
250 262 else
251 263 # en_US.UTF-8 should be available anyway : https://www.debian.org/doc/manuals/debian-reference/ch08.en.html#_the_reconfiguration_of_the_locale
252 264 LANG=C chroot $R echo "locales locales/locales_to_be_generated multiselect en_US.UTF-8 UTF-8, ${DEFLOCAL} UTF-8" | debconf-set-selections
253 265 LANG=C chroot $R sed -i "/en_US.UTF-8/s/^#//" /etc/locale.gen
254 266 fi
255 267 LANG=C chroot $R sed -i "/${DEFLOCAL}/s/^#//" /etc/locale.gen
256 268 LANG=C chroot $R echo "locales locales/default_environment_locale select ${DEFLOCAL}" | debconf-set-selections
257 269 LANG=C chroot $R locale-gen
258 270 LANG=C chroot $R update-locale LANG=${DEFLOCAL}
259 271
260 272 # Keyboard configuration, if requested
261 273 if [ "$XKBMODEL" != "" ] ; then
262 274 LANG=C chroot $R sed -i "s/^XKBMODEL.*/XKBMODEL=\"${XKBMODEL}\"/" /etc/default/keyboard
263 275 fi
264 276 if [ "$XKBLAYOUT" != "" ] ; then
265 277 LANG=C chroot $R sed -i "s/^XKBLAYOUT.*/XKBLAYOUT=\"${XKBLAYOUT}\"/" /etc/default/keyboard
266 278 fi
267 279 if [ "$XKBVARIANT" != "" ] ; then
268 280 LANG=C chroot $R sed -i "s/^XKBVARIANT.*/XKBVARIANT=\"${XKBVARIANT}\"/" /etc/default/keyboard
269 281 fi
270 282 if [ "$XKBOPTIONS" != "" ] ; then
271 283 LANG=C chroot $R sed -i "s/^XKBOPTIONS.*/XKBOPTIONS=\"${XKBOPTIONS}\"/" /etc/default/keyboard
272 284 fi
273 285 LANG=C chroot $R dpkg-reconfigure -f noninteractive keyboard-configuration
274 286 # Set up font console
275 287 case "${DEFLOCAL}" in
276 288 *UTF-8)
277 289 LANG=C chroot $R sed -i 's/^CHARMAP.*/CHARMAP="UTF-8"/' /etc/default/console-setup
278 290 ;;
279 291 *)
280 292 LANG=C chroot $R sed -i 's/^CHARMAP.*/CHARMAP="guess"/' /etc/default/console-setup
281 293 ;;
282 294 esac
283 295 LANG=C chroot $R dpkg-reconfigure -f noninteractive console-setup
284 296 fi
285 297
286 298 # Kernel installation
287 299 # Install flash-kernel last so it doesn't try (and fail) to detect the platform in the chroot
288 300 LANG=C chroot $R apt-get -qq -y --no-install-recommends install linux-image-3.18.0-trunk-rpi2
289 301 LANG=C chroot $R apt-get -qq -y install flash-kernel
290 302
291 303 VMLINUZ="$(ls -1 $R/boot/vmlinuz-* | sort | tail -n 1)"
292 304 [ -z "$VMLINUZ" ] && exit 1
293 305 mkdir -p $R/boot/firmware
294 306
295 307 # required boot binaries from raspberry/firmware github (commit: "kernel: Bump to 3.18.10")
296 308 wget -q -O $R/boot/firmware/bootcode.bin https://github.com/raspberrypi/firmware/raw/cd355a9dd4f1f4de2e79b0c8e102840885cdf1de/boot/bootcode.bin
297 309 wget -q -O $R/boot/firmware/fixup_cd.dat https://github.com/raspberrypi/firmware/raw/cd355a9dd4f1f4de2e79b0c8e102840885cdf1de/boot/fixup_cd.dat
298 310 wget -q -O $R/boot/firmware/fixup.dat https://github.com/raspberrypi/firmware/raw/cd355a9dd4f1f4de2e79b0c8e102840885cdf1de/boot/fixup.dat
299 311 wget -q -O $R/boot/firmware/fixup_x.dat https://github.com/raspberrypi/firmware/raw/cd355a9dd4f1f4de2e79b0c8e102840885cdf1de/boot/fixup_x.dat
300 312 wget -q -O $R/boot/firmware/start_cd.elf https://github.com/raspberrypi/firmware/raw/cd355a9dd4f1f4de2e79b0c8e102840885cdf1de/boot/start_cd.elf
301 313 wget -q -O $R/boot/firmware/start.elf https://github.com/raspberrypi/firmware/raw/cd355a9dd4f1f4de2e79b0c8e102840885cdf1de/boot/start.elf
302 314 wget -q -O $R/boot/firmware/start_x.elf https://github.com/raspberrypi/firmware/raw/cd355a9dd4f1f4de2e79b0c8e102840885cdf1de/boot/start_x.elf
303 315 cp $VMLINUZ $R/boot/firmware/kernel7.img
304 316
305 317 # Set up IPv4 hosts
306 318 echo ${HOSTNAME} >$R/etc/hostname
307 319 cat <<EOM >$R/etc/hosts
308 320 127.0.0.1 localhost
309 321 127.0.1.1 ${HOSTNAME}
310 322 EOM
323 if [ "$NET_ADDRESS" != "" ] ; then
324 NET_IP=$(echo ${NET_ADDRESS} | cut -f 1 -d'/')
325 sed -i "s/^127.0.1.1/${NET_IP}/" $R/etc/hosts
326 fi
311 327
312 328 # Set up IPv6 hosts
313 329 if [ "$ENABLE_IPV6" = true ] ; then
314 330 cat <<EOM >>$R/etc/hosts
315 331
316 332 ::1 localhost ip6-localhost ip6-loopback
317 333 ff02::1 ip6-allnodes
318 334 ff02::2 ip6-allrouters
319 335 EOM
320 336 fi
321 337
322 338 # Place hint about network configuration
323 339 cat <<EOM >$R/etc/network/interfaces
324 340 # Debian switched to systemd-networkd configuration files.
325 341 # please configure your networks in '/etc/systemd/network/'
326 342 EOM
327 343
344 if [ "$ENABLE_DHCP" = true ] ; then
328 345 # Enable systemd-networkd DHCP configuration for interface eth0
329 346 cat <<EOM >$R/etc/systemd/network/eth.network
330 347 [Match]
331 348 Name=eth0
332 349
333 350 [Network]
334 351 DHCP=yes
335 352 EOM
336 353
337 354 # Set DHCP configuration to IPv4 only
338 355 if [ "$ENABLE_IPV6" = false ] ; then
339 sed -i "s/=yes/=v4/" $R/etc/systemd/network/eth.network
356 sed -i "s/^DHCP=yes/DHCP=v4/" $R/etc/systemd/network/eth.network
357 fi
358 else # ENABLE_DHCP=false
359 cat <<EOM >$R/etc/systemd/network/eth.network
360 [Match]
361 Name=eth0
362
363 [Network]
364 DHCP=no
365 Address=${NET_ADDRESS}
366 Gateway=${NET_GATEWAY}
367 DNS=${NET_DNS_1}
368 DNS=${NET_DNS_2}
369 Domains=${NET_DNS_DOMAINS}
370 NTP=${NET_NTP_1}
371 NTP=${NET_NTP_2}
372 EOM
340 373 fi
341 374
342 375 # Enable systemd-networkd service
343 376 LANG=C chroot $R systemctl enable systemd-networkd
344 377
345 378 # Generate crypt(3) password string
346 379 ENCRYPTED_PASSWORD=`mkpasswd -m sha-512 ${PASSWORD}`
347 380
348 381 # Set up default user
349 382 LANG=C chroot $R adduser --gecos "Raspberry PI user" --add_extra_groups --disabled-password pi
350 383 LANG=C chroot $R usermod -a -G sudo -p "${ENCRYPTED_PASSWORD}" pi
351 384
352 385 # Set up root password
353 386 LANG=C chroot $R usermod -p "${ENCRYPTED_PASSWORD}" root
354 387
355 388 # Set up firmware boot cmdline
356 389 CMDLINE="dwc_otg.lpm_enable=0 root=/dev/mmcblk0p2 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline rootwait net.ifnames=1 console=tty1"
357 390
358 391 # Set up serial console support (if requested)
359 392 if [ "$ENABLE_CONSOLE" = true ] ; then
360 393 CMDLINE="${CMDLINE} console=ttyAMA0,115200 kgdboc=ttyAMA0,115200"
361 394 fi
362 395
363 396 # Set up IPv6 networking support
364 397 if [ "$ENABLE_IPV6" = false ] ; then
365 398 CMDLINE="${CMDLINE} ipv6.disable=1"
366 399 fi
367 400
368 401 echo "${CMDLINE}" >$R/boot/firmware/cmdline.txt
369 402
370 403 # Set up firmware config
371 404 cat <<EOM >$R/boot/firmware/config.txt
372 405 # For more options and information see
373 406 # http://www.raspberrypi.org/documentation/configuration/config-txt.md
374 407 # Some settings may impact device functionality. See link above for details
375 408
376 409 # uncomment if you get no picture on HDMI for a default "safe" mode
377 410 #hdmi_safe=1
378 411
379 412 # uncomment this if your display has a black border of unused pixels visible
380 413 # and your display can output without overscan
381 414 #disable_overscan=1
382 415
383 416 # uncomment the following to adjust overscan. Use positive numbers if console
384 417 # goes off screen, and negative if there is too much border
385 418 #overscan_left=16
386 419 #overscan_right=16
387 420 #overscan_top=16
388 421 #overscan_bottom=16
389 422
390 423 # uncomment to force a console size. By default it will be display's size minus
391 424 # overscan.
392 425 #framebuffer_width=1280
393 426 #framebuffer_height=720
394 427
395 428 # uncomment if hdmi display is not detected and composite is being output
396 429 #hdmi_force_hotplug=1
397 430
398 431 # uncomment to force a specific HDMI mode (this will force VGA)
399 432 #hdmi_group=1
400 433 #hdmi_mode=1
401 434
402 435 # uncomment to force a HDMI mode rather than DVI. This can make audio work in
403 436 # DMT (computer monitor) modes
404 437 #hdmi_drive=2
405 438
406 439 # uncomment to increase signal to HDMI, if you have interference, blanking, or
407 440 # no display
408 441 #config_hdmi_boost=4
409 442
410 443 # uncomment for composite PAL
411 444 #sdtv_mode=2
412 445
413 446 # uncomment to overclock the arm. 700 MHz is the default.
414 447 #arm_freq=800
415 448 EOM
416 449
417 450 # Load snd_bcm2835 kernel module at boot time
418 451 if [ "$ENABLE_SOUND" = true ] ; then
419 452 echo "snd_bcm2835" >>$R/etc/modules
420 453 fi
421 454
422 455 # Set smallest possible GPU memory allocation size: 16MB (no X)
423 456 if [ "$ENABLE_MINGPU" = true ] ; then
424 457 echo "gpu_mem=16" >>$R/boot/firmware/config.txt
425 458 fi
426 459
427 460 # Create symlinks
428 461 ln -sf firmware/config.txt $R/boot/config.txt
429 462 ln -sf firmware/cmdline.txt $R/boot/cmdline.txt
430 463
431 464 # Prepare modules-load.d directory
432 465 mkdir -p $R/lib/modules-load.d/
433 466
434 467 # Load random module on boot
435 468 if [ "$ENABLE_HWRANDOM" = true ] ; then
436 469 cat <<EOM >$R/lib/modules-load.d/rpi2.conf
437 470 bcm2708_rng
438 471 EOM
439 472 fi
440 473
441 474 # Prepare modprobe.d directory
442 475 mkdir -p $R/etc/modprobe.d/
443 476
444 477 # Blacklist sound modules
445 478 cat <<EOM >$R/etc/modprobe.d/raspi-blacklist.conf
446 479 blacklist snd_soc_core
447 480 blacklist snd_pcm
448 481 blacklist snd_pcm_dmaengine
449 482 blacklist snd_timer
450 483 blacklist snd_compress
451 484 blacklist snd_soc_pcm512x_i2c
452 485 blacklist snd_soc_pcm512x
453 486 blacklist snd_soc_tas5713
454 487 blacklist snd_soc_wm8804
455 488 EOM
456 489
457 490 # Create default fstab
458 491 cat <<EOM >$R/etc/fstab
459 492 /dev/mmcblk0p2 / ext4 noatime,nodiratime,errors=remount-ro,discard,data=writeback,commit=100 0 1
460 493 /dev/mmcblk0p1 /boot/firmware vfat defaults,noatime,nodiratime 0 2
461 494 EOM
462 495
463 496 # Avoid swapping and increase cache sizes
464 497 cat <<EOM >>$R/etc/sysctl.d/99-sysctl.conf
465 498
466 499 # Avoid swapping and increase cache sizes
467 500 vm.swappiness=1
468 501 vm.dirty_background_ratio=20
469 502 vm.dirty_ratio=40
470 503 vm.dirty_writeback_centisecs=500
471 504 vm.dirty_expire_centisecs=6000
472 505 EOM
473 506
474 507 # Enable network stack hardening
475 508 if [ "$ENABLE_HARDNET" = true ] ; then
476 509 cat <<EOM >>$R/etc/sysctl.d/99-sysctl.conf
477 510
478 511 # Enable network stack hardening
479 512 net.ipv4.tcp_timestamps=0
480 513 net.ipv4.tcp_syncookies=1
481 514 net.ipv4.conf.all.rp_filter=1
482 515 net.ipv4.conf.all.accept_redirects=0
483 516 net.ipv4.conf.all.send_redirects=0
484 517 net.ipv4.conf.all.accept_source_route=0
485 518 net.ipv4.conf.default.rp_filter=1
486 519 net.ipv4.conf.default.accept_redirects=0
487 520 net.ipv4.conf.default.send_redirects=0
488 521 net.ipv4.conf.default.accept_source_route=0
489 522 net.ipv4.conf.lo.accept_redirects=0
490 523 net.ipv4.conf.lo.send_redirects=0
491 524 net.ipv4.conf.lo.accept_source_route=0
492 525 net.ipv4.conf.eth0.accept_redirects=0
493 526 net.ipv4.conf.eth0.send_redirects=0
494 527 net.ipv4.conf.eth0.accept_source_route=0
495 528 net.ipv4.icmp_echo_ignore_broadcasts=1
496 529 net.ipv4.icmp_ignore_bogus_error_responses=1
497 530
498 531 net.ipv6.conf.all.accept_redirects=0
499 532 net.ipv6.conf.all.accept_source_route=0
500 533 net.ipv6.conf.all.router_solicitations=0
501 534 net.ipv6.conf.all.accept_ra_rtr_pref=0
502 535 net.ipv6.conf.all.accept_ra_pinfo=0
503 536 net.ipv6.conf.all.accept_ra_defrtr=0
504 537 net.ipv6.conf.all.autoconf=0
505 538 net.ipv6.conf.all.dad_transmits=0
506 539 net.ipv6.conf.all.max_addresses=1
507 540
508 541 net.ipv6.conf.default.accept_redirects=0
509 542 net.ipv6.conf.default.accept_source_route=0
510 543 net.ipv6.conf.default.router_solicitations=0
511 544 net.ipv6.conf.default.accept_ra_rtr_pref=0
512 545 net.ipv6.conf.default.accept_ra_pinfo=0
513 546 net.ipv6.conf.default.accept_ra_defrtr=0
514 547 net.ipv6.conf.default.autoconf=0
515 548 net.ipv6.conf.default.dad_transmits=0
516 549 net.ipv6.conf.default.max_addresses=1
517 550
518 551 net.ipv6.conf.lo.accept_redirects=0
519 552 net.ipv6.conf.lo.accept_source_route=0
520 553 net.ipv6.conf.lo.router_solicitations=0
521 554 net.ipv6.conf.lo.accept_ra_rtr_pref=0
522 555 net.ipv6.conf.lo.accept_ra_pinfo=0
523 556 net.ipv6.conf.lo.accept_ra_defrtr=0
524 557 net.ipv6.conf.lo.autoconf=0
525 558 net.ipv6.conf.lo.dad_transmits=0
526 559 net.ipv6.conf.lo.max_addresses=1
527 560
528 561 net.ipv6.conf.eth0.accept_redirects=0
529 562 net.ipv6.conf.eth0.accept_source_route=0
530 563 net.ipv6.conf.eth0.router_solicitations=0
531 564 net.ipv6.conf.eth0.accept_ra_rtr_pref=0
532 565 net.ipv6.conf.eth0.accept_ra_pinfo=0
533 566 net.ipv6.conf.eth0.accept_ra_defrtr=0
534 567 net.ipv6.conf.eth0.autoconf=0
535 568 net.ipv6.conf.eth0.dad_transmits=0
536 569 net.ipv6.conf.eth0.max_addresses=1
537 570 EOM
538 571
539 572 # Enable resolver warnings about spoofed addresses
540 573 cat <<EOM >>$R/etc/host.conf
541 574 spoof warn
542 575 EOM
543 576 fi
544 577
545 578 # Regenerate openssh server host keys
546 579 if [ "$ENABLE_SSHD" = true ] ; then
547 580 rm -fr $R/etc/ssh/ssh_host_*
548 581 LANG=C chroot $R dpkg-reconfigure openssh-server
549 582 fi
550 583
551 584 # Enable serial console systemd style
552 585 if [ "$ENABLE_CONSOLE" = true ] ; then
553 586 LANG=C chroot $R systemctl enable serial-getty\@ttyAMA0.service
554 587 fi
555 588
556 589 # Enable firewall based on iptables started by systemd service
557 590 if [ "$ENABLE_IPTABLES" = true ] ; then
558 591 # Create iptables configuration directory
559 592 mkdir -p "$R/etc/iptables"
560 593
561 594 # Create iptables systemd service
562 595 cat <<EOM >$R/etc/systemd/system/iptables.service
563 596 [Unit]
564 597 Description=Packet Filtering Framework
565 598 DefaultDependencies=no
566 599 After=systemd-sysctl.service
567 600 Before=sysinit.target
568 601 [Service]
569 602 Type=oneshot
570 603 ExecStart=/sbin/iptables-restore /etc/iptables/iptables.rules
571 604 ExecReload=/sbin/iptables-restore /etc/iptables/iptables.rules
572 605 ExecStop=/etc/iptables/flush-iptables.sh
573 606 RemainAfterExit=yes
574 607 [Install]
575 608 WantedBy=multi-user.target
576 609 EOM
577 610
578 611 # Create flush-table script called by iptables service
579 612 cat <<EOM >$R/etc/iptables/flush-iptables.sh
580 613 #!/bin/sh
581 614 iptables -F
582 615 iptables -X
583 616 iptables -t nat -F
584 617 iptables -t nat -X
585 618 iptables -t mangle -F
586 619 iptables -t mangle -X
587 620 iptables -P INPUT ACCEPT
588 621 iptables -P FORWARD ACCEPT
589 622 iptables -P OUTPUT ACCEPT
590 623 EOM
591 624
592 625 # Create iptables rule file
593 626 cat <<EOM >$R/etc/iptables/iptables.rules
594 627 *filter
595 628 :INPUT DROP [0:0]
596 629 :FORWARD DROP [0:0]
597 630 :OUTPUT ACCEPT [0:0]
598 631 :TCP - [0:0]
599 632 :UDP - [0:0]
600 633 :SSH - [0:0]
601 634
602 635 # Rate limit ping requests
603 636 -A INPUT -p icmp --icmp-type echo-request -m limit --limit 30/min --limit-burst 8 -j ACCEPT
604 637 -A INPUT -p icmp --icmp-type echo-request -j DROP
605 638
606 639 # Accept established connections
607 640 -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
608 641
609 642 # Accept all traffic on loopback interface
610 643 -A INPUT -i lo -j ACCEPT
611 644
612 645 # Drop packets declared invalid
613 646 -A INPUT -m conntrack --ctstate INVALID -j DROP
614 647
615 648 # SSH rate limiting
616 649 -A INPUT -p tcp --dport ssh -m conntrack --ctstate NEW -j SSH
617 650 -A SSH -m recent --name sshbf --rttl --rcheck --hitcount 3 --seconds 10 -j DROP
618 651 -A SSH -m recent --name sshbf --rttl --rcheck --hitcount 20 --seconds 1800 -j DROP
619 652 -A SSH -m recent --name sshbf --set -j ACCEPT
620 653
621 654 # Send TCP and UDP connections to their respective rules chain
622 655 -A INPUT -p udp -m conntrack --ctstate NEW -j UDP
623 656 -A INPUT -p tcp --syn -m conntrack --ctstate NEW -j TCP
624 657
625 658 # Reject dropped packets with a RFC compliant responce
626 659 -A INPUT -p udp -j REJECT --reject-with icmp-port-unreachable
627 660 -A INPUT -p tcp -j REJECT --reject-with tcp-rst
628 661 -A INPUT -j REJECT --reject-with icmp-proto-unreachable
629 662
630 663 ## TCP PORT RULES
631 664 # -A TCP -p tcp -j LOG
632 665
633 666 ## UDP PORT RULES
634 667 # -A UDP -p udp -j LOG
635 668
636 669 COMMIT
637 670 EOM
638 671
639 672 # Reload systemd configuration and enable iptables service
640 673 LANG=C chroot $R systemctl daemon-reload
641 674 LANG=C chroot $R systemctl enable iptables.service
642 675
643 676 if [ "$ENABLE_IPV6" = true ] ; then
644 677 # Create ip6tables systemd service
645 678 cat <<EOM >$R/etc/systemd/system/ip6tables.service
646 679 [Unit]
647 680 Description=Packet Filtering Framework
648 681 DefaultDependencies=no
649 682 After=systemd-sysctl.service
650 683 Before=sysinit.target
651 684 [Service]
652 685 Type=oneshot
653 686 ExecStart=/sbin/ip6tables-restore /etc/iptables/ip6tables.rules
654 687 ExecReload=/sbin/ip6tables-restore /etc/iptables/ip6tables.rules
655 688 ExecStop=/etc/iptables/flush-ip6tables.sh
656 689 RemainAfterExit=yes
657 690 [Install]
658 691 WantedBy=multi-user.target
659 692 EOM
660 693
661 694 # Create ip6tables file
662 695 cat <<EOM >$R/etc/iptables/flush-ip6tables.sh
663 696 #!/bin/sh
664 697 ip6tables -F
665 698 ip6tables -X
666 699 ip6tables -Z
667 700 for table in $(</proc/net/ip6_tables_names)
668 701 do
669 702 ip6tables -t \$table -F
670 703 ip6tables -t \$table -X
671 704 ip6tables -t \$table -Z
672 705 done
673 706 ip6tables -P INPUT ACCEPT
674 707 ip6tables -P OUTPUT ACCEPT
675 708 ip6tables -P FORWARD ACCEPT
676 709 EOM
677 710
678 711 # Create ip6tables rule file
679 712 cat <<EOM >$R/etc/iptables/ip6tables.rules
680 713 *filter
681 714 :INPUT DROP [0:0]
682 715 :FORWARD DROP [0:0]
683 716 :OUTPUT ACCEPT [0:0]
684 717 :TCP - [0:0]
685 718 :UDP - [0:0]
686 719 :SSH - [0:0]
687 720
688 721 # Drop packets with RH0 headers
689 722 -A INPUT -m rt --rt-type 0 -j DROP
690 723 -A OUTPUT -m rt --rt-type 0 -j DROP
691 724 -A FORWARD -m rt --rt-type 0 -j DROP
692 725
693 726 # Rate limit ping requests
694 727 -A INPUT -p icmpv6 --icmpv6-type echo-request -m limit --limit 30/min --limit-burst 8 -j ACCEPT
695 728 -A INPUT -p icmpv6 --icmpv6-type echo-request -j DROP
696 729
697 730 # Accept established connections
698 731 -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
699 732
700 733 # Accept all traffic on loopback interface
701 734 -A INPUT -i lo -j ACCEPT
702 735
703 736 # Drop packets declared invalid
704 737 -A INPUT -m conntrack --ctstate INVALID -j DROP
705 738
706 739 # SSH rate limiting
707 740 -A INPUT -p tcp --dport ssh -m conntrack --ctstate NEW -j SSH
708 741 -A SSH -m recent --name sshbf --rttl --rcheck --hitcount 3 --seconds 10 -j DROP
709 742 -A SSH -m recent --name sshbf --rttl --rcheck --hitcount 20 --seconds 1800 -j DROP
710 743 -A SSH -m recent --name sshbf --set -j ACCEPT
711 744
712 745 # Send TCP and UDP connections to their respective rules chain
713 746 -A INPUT -p udp -m conntrack --ctstate NEW -j UDP
714 747 -A INPUT -p tcp --syn -m conntrack --ctstate NEW -j TCP
715 748
716 749 # Reject dropped packets with a RFC compliant responce
717 750 -A INPUT -p udp -j REJECT --reject-with icmp6-adm-prohibited
718 751 -A INPUT -p tcp -j REJECT --reject-with icmp6-adm-prohibited
719 752 -A INPUT -j REJECT --reject-with icmp6-adm-prohibited
720 753
721 754 ## TCP PORT RULES
722 755 # -A TCP -p tcp -j LOG
723 756
724 757 ## UDP PORT RULES
725 758 # -A UDP -p udp -j LOG
726 759
727 760 COMMIT
728 761 EOM
729 762
730 763 # Reload systemd configuration and enable iptables service
731 764 LANG=C chroot $R systemctl daemon-reload
732 765 LANG=C chroot $R systemctl enable ip6tables.service
733 766 fi
734 767 fi
735 768
736 769 # Remove SSHD related iptables rules
737 770 if [ "$ENABLE_SSHD" = false ] ; then
738 771 sed -e '/^#/! {/SSH/ s/^/# /}' -i $R/etc/iptables/iptables.rules 2> /dev/null
739 772 sed -e '/^#/! {/SSH/ s/^/# /}' -i $R/etc/iptables/ip6tables.rules 2> /dev/null
740 773 fi
741 774
742 775 # Install gcc/c++ build environment inside the chroot
743 776 if [ "$ENABLE_UBOOT" = true ] || [ "$ENABLE_FBTURBO" = true ]; then
744 777 LANG=C chroot $R apt-get install -q -y --force-yes --no-install-recommends linux-compiler-gcc-4.9-arm g++ make bc
745 778 fi
746 779
747 780 # Fetch and build U-Boot bootloader
748 781 if [ "$ENABLE_UBOOT" = true ] ; then
749 782 # Fetch U-Boot bootloader sources
750 783 git -C $R/tmp clone git://git.denx.de/u-boot.git
751 784
752 785 # Build and install U-Boot inside chroot
753 786 LANG=C chroot $R make -C /tmp/u-boot/ rpi_2_defconfig all
754 787
755 788 # Copy compiled bootloader binary and set config.txt to load it
756 789 cp $R/tmp/u-boot/u-boot.bin $R/boot/firmware/
757 790 printf "\n# boot u-boot kernel\nkernel=u-boot.bin\n" >> $R/boot/firmware/config.txt
758 791
759 792 # Set U-Boot command file
760 793 cat <<EOM >$R/boot/firmware/uboot.mkimage
761 794 # Tell Linux that it is booting on a Raspberry Pi2
762 795 setenv machid 0x00000c42
763 796
764 797 # Set the kernel boot command line
765 798 setenv bootargs "earlyprintk ${CMDLINE}"
766 799
767 800 # Save these changes to u-boot's environment
768 801 saveenv
769 802
770 803 # Load the existing Linux kernel into RAM
771 804 fatload mmc 0:1 \${kernel_addr_r} kernel7.img
772 805
773 806 # Boot the kernel we have just loaded
774 807 bootz \${kernel_addr_r}
775 808 EOM
776 809
777 810 # Generate U-Boot image from command file
778 811 LANG=C chroot $R mkimage -A arm -O linux -T script -C none -a 0x00000000 -e 0x00000000 -n "RPi2 Boot Script" -d /boot/firmware/uboot.mkimage /boot/firmware/boot.scr
779 812 fi
780 813
781 814 # Fetch and build fbturbo Xorg driver
782 815 if [ "$ENABLE_FBTURBO" = true ] ; then
783 816 # Fetch fbturbo driver sources
784 817 git -C $R/tmp clone https://github.com/ssvb/xf86-video-fbturbo.git
785 818
786 819 # Install Xorg build dependencies
787 820 LANG=C chroot $R apt-get install -q -y --no-install-recommends xorg-dev xutils-dev x11proto-dri2-dev libltdl-dev libtool automake libdrm-dev
788 821
789 822 # Build and install fbturbo driver inside chroot
790 823 LANG=C chroot $R /bin/bash -c "cd /tmp/xf86-video-fbturbo; autoreconf -vi; ./configure --prefix=/usr; make; make install"
791 824
792 825 # Add fbturbo driver to Xorg configuration
793 826 cat <<EOM >$R/usr/share/X11/xorg.conf.d/99-fbturbo.conf
794 827 Section "Device"
795 828 Identifier "Allwinner A10/A13 FBDEV"
796 829 Driver "fbturbo"
797 830 Option "fbdev" "/dev/fb0"
798 831 Option "SwapbuffersWait" "true"
799 832 EndSection
800 833 EOM
801 834
802 835 # Remove Xorg build dependencies
803 836 LANG=C chroot $R apt-get -q -y purge --auto-remove xorg-dev xutils-dev x11proto-dri2-dev libltdl-dev libtool automake libdrm-dev
804 837 fi
805 838
806 839 # Remove gcc/c++ build environment from the chroot
807 840 if [ "$ENABLE_UBOOT" = true ] || [ "$ENABLE_FBTURBO" = true ]; then
808 841 LANG=C chroot $R apt-get -y -q purge --auto-remove bc binutils cpp cpp-4.9 g++ g++-4.9 gcc gcc-4.9 libasan1 libatomic1 libc-dev-bin libc6-dev libcloog-isl4 libgcc-4.9-dev libgomp1 libisl10 libmpc3 libmpfr4 libstdc++-4.9-dev libubsan0 linux-compiler-gcc-4.9-arm linux-libc-dev make
809 842 fi
810 843
811 844 # Clean cached downloads
812 845 LANG=C chroot $R apt-get -y clean
813 846 LANG=C chroot $R apt-get -y autoclean
814 847 LANG=C chroot $R apt-get -y autoremove
815 848
816 849 # Unmount mounted filesystems
817 850 umount -l $R/proc
818 851 umount -l $R/sys
819 852
820 853 # Clean up files
821 854 rm -f $R/etc/apt/sources.list.save
822 855 rm -f $R/etc/resolvconf/resolv.conf.d/original
823 856 rm -rf $R/run
824 857 mkdir -p $R/run
825 858 rm -f $R/etc/*-
826 859 rm -f $R/root/.bash_history
827 860 rm -rf $R/tmp/*
828 861 rm -f $R/var/lib/urandom/random-seed
829 862 [ -L $R/var/lib/dbus/machine-id ] || rm -f $R/var/lib/dbus/machine-id
830 863 rm -f $R/etc/machine-id
831 864 rm -fr $R/etc/apt/apt.conf.d/10proxy
832 865
833 866 # Calculate size of the chroot directory
834 867 CHROOT_SIZE=$(expr `du -s $R | awk '{ print $1 }'` / 1024)
835 868
836 869 # Calculate required image size
837 870 IMAGE_SIZE=`expr $(expr ${CHROOT_SIZE} / 1024 + 1) \* 1024`
838 871
839 872 # Calculate number of sectors for the partition
840 873 IMAGE_SECTORS=`expr $(expr ${IMAGE_SIZE} \* 1048576) / 512 - 133120`
841 874
842 875 # Prepare date string for image file name
843 876 DATE="$(date +%Y-%m-%d)"
844 877
845 878 # Prepare image file
846 879 dd if=/dev/zero of="$BASEDIR/${DATE}-debian-${RELEASE}.img" bs=1M count=1
847 880 dd if=/dev/zero of="$BASEDIR/${DATE}-debian-${RELEASE}.img" bs=1M count=0 seek=${IMAGE_SIZE}
848 881
849 882 # Write partition table
850 883 sfdisk -q -L -f "$BASEDIR/${DATE}-debian-${RELEASE}.img" <<EOM
851 884 unit: sectors
852 885
853 886 1 : start= 2048, size= 131072, Id= c, bootable
854 887 2 : start= 133120, size= ${IMAGE_SECTORS}, Id=83
855 888 3 : start= 0, size= 0, Id= 0
856 889 4 : start= 0, size= 0, Id= 0
857 890 EOM
858 891
859 892 # Set up temporary loop devices and build filesystems
860 893 VFAT_LOOP="$(losetup -o 1M --sizelimit 64M -f --show $BASEDIR/${DATE}-debian-${RELEASE}.img)"
861 894 EXT4_LOOP="$(losetup -o 65M --sizelimit `expr ${IMAGE_SIZE} - 64`M -f --show $BASEDIR/${DATE}-debian-${RELEASE}.img)"
862 895 mkfs.vfat "$VFAT_LOOP"
863 896 mkfs.ext4 "$EXT4_LOOP"
864 897
865 898 # Mount the temporary loop devices
866 899 mkdir -p "$BUILDDIR/mount"
867 900 mount "$EXT4_LOOP" "$BUILDDIR/mount"
868 901
869 902 mkdir -p "$BUILDDIR/mount/boot/firmware"
870 903 mount "$VFAT_LOOP" "$BUILDDIR/mount/boot/firmware"
871 904
872 905 # Copy all files from the chroot to the loop device mount point directory
873 906 rsync -a "$R/" "$BUILDDIR/mount/"
874 907
875 908 # Unmount all temporary loop devices and mount points
876 909 cleanup
877 910
878 911 # (optinal) create block map file for "bmaptool"
879 912 bmaptool create -o "$BASEDIR/${DATE}-debian-${RELEASE}.bmap" "$BASEDIR/${DATE}-debian-${RELEASE}.img"
880 913
881 914 # Image was successfully created
882 915 echo "$BASEDIR/${DATE}-debian-${RELEASE}.img (${IMAGE_SIZE})" ": successfully created"
General Comments 0
Vous devez vous connecter pour laisser un commentaire. Se connecter maintenant