##// END OF EJS Templates
Merge branch 'drtyhlpr-master' into rpifegen
vidal -
r581:8d963d5ee168 Fusion
parent child
Show More
@@ -0,0 +1,53
1 #
2 # Setup videocore - Raspberry Userland
3 #
4
5 # Load utility functions
6 . ./functions.sh
7
8 if [ "$ENABLE_VIDEOCORE" = true ] ; then
9 # Copy existing videocore sources into chroot directory
10 if [ -n "$VIDEOCORESRC_DIR" ] && [ -d "$VIDEOCORESRC_DIR" ] ; then
11 # Copy local videocore sources
12 cp -r "${VIDEOCORESRC_DIR}" "${R}/tmp/userland"
13 else
14 # Create temporary directory for videocore sources
15 temp_dir=$(as_nobody mktemp -d)
16
17 # Fetch videocore sources
18 as_nobody git -C "${temp_dir}" clone "${VIDEOCORE_URL}"
19
20 # Copy downloaded videocore sources
21 mv "${temp_dir}/userland" "${R}/tmp/"
22
23 # Set permissions of the U-Boot sources
24 chown -R root:root "${R}/tmp/userland"
25
26 # Remove temporary directory for U-Boot sources
27 rm -fr "${temp_dir}"
28 fi
29
30 # Create build dir
31 mkdir "${R}"/tmp/userland/build
32
33 # push us to build directory
34 cd "${R}"/tmp/userland/build
35
36 if [ "$RELEASE_ARCH" = "arm64" ] ; then
37 cmake -DCMAKE_SYSTEM_NAME=Linux -DCMAKE_BUILD_TYPE=release -DARM64=ON -DCMAKE_C_COMPILER=aarch64-linux-gnu-gcc -DCMAKE_CXX_COMPILER=aarch64-linux-gnu-g++ -DCMAKE_ASM_COMPILER=aarch64-linux-gnu-gcc -DCMAKE_C_FLAGS="${CMAKE_C_FLAGS} -U_FORTIFY_SOURCE" -DCMAKE_ASM_FLAGS="${CMAKE_ASM_FLAGS} -c" -DVIDEOCORE_BUILD_DIR="${R}" "${R}/tmp/userland"
38 fi
39
40 if [ "$RELEASE_ARCH" = "armel" ] ; then
41 cmake -DCMAKE_SYSTEM_NAME=Linux -DCMAKE_BUILD_TYPE=release -DCMAKE_C_COMPILER=arm-linux-gnueabi-gcc -DCMAKE_CXX_COMPILER=arm-linux-gnueabi-g++ -DCMAKE_ASM_COMPILER=arm-linux-gnueabi-gcc -DCMAKE_C_FLAGS="${CMAKE_C_FLAGS} -U_FORTIFY_SOURCE" -DCMAKE_ASM_FLAGS="${CMAKE_ASM_FLAGS} -c" -DCMAKE_SYSTEM_PROCESSOR="arm" -DVIDEOCORE_BUILD_DIR="${R}" "${R}/tmp/userland"
42 fi
43
44 if [ "$RELEASE_ARCH" = "armhf" ] ; then
45 cmake -DCMAKE_SYSTEM_NAME=Linux -DCMAKE_BUILD_TYPE=release -DCMAKE_TOOLCHAIN_FILE="${R}"/tmp/userland/makefiles/cmake/toolchains/arm-linux-gnueabihf.cmake -DVIDEOCORE_BUILD_DIR="${R}" "${R}/tmp/userland"
46 fi
47
48 #build userland
49 make -j "$(nproc)"
50
51 #back to root of scriptdir
52 cd "${WORKDIR}"
53 fi
@@ -0,0 +1,33
1 SUBSYSTEM=="input", GROUP="input", MODE="0660"
2 SUBSYSTEM=="i2c-dev", GROUP="i2c", MODE="0660"
3 SUBSYSTEM=="spidev", GROUP="spi", MODE="0660"
4 SUBSYSTEM=="bcm2835-gpiomem", GROUP="gpio", MODE="0660"
5
6 SUBSYSTEM=="gpio", GROUP="gpio", MODE="0660"
7 SUBSYSTEM=="gpio*", PROGRAM="/bin/sh -c '\
8 chown -R root:gpio /sys/class/gpio && chmod -R 770 /sys/class/gpio;\
9 chown -R root:gpio /sys/devices/virtual/gpio && chmod -R 770 /sys/devices/virtual/gpio;\
10 chown -R root:gpio /sys$devpath && chmod -R 770 /sys$devpath\
11 '"
12
13 KERNEL=="ttyAMA[01]", PROGRAM="/bin/sh -c '\
14 ALIASES=/proc/device-tree/aliases; \
15 if cmp -s $ALIASES/uart0 $ALIASES/serial0; then \
16 echo 0;\
17 elif cmp -s $ALIASES/uart0 $ALIASES/serial1; then \
18 echo 1; \
19 else \
20 exit 1; \
21 fi\
22 '", SYMLINK+="serial%c"
23
24 KERNEL=="ttyS0", PROGRAM="/bin/sh -c '\
25 ALIASES=/proc/device-tree/aliases; \
26 if cmp -s $ALIASES/uart1 $ALIASES/serial0; then \
27 echo 0; \
28 elif cmp -s $ALIASES/uart1 $ALIASES/serial1; then \
29 echo 1; \
30 else \
31 exit 1; \
32 fi \
33 '", SYMLINK+="serial%c"
@@ -0,0 +1,21
1 add table ip filter
2 add chain ip filter INPUT { type filter hook input priority 0; }
3 add chain ip filter FORWARD { type filter hook forward priority 0; }
4 add chain ip filter OUTPUT { type filter hook output priority 0; }
5 add chain ip filter TCP
6 add chain ip filter UDP
7 add chain ip filter SSH
8 add rule ip filter INPUT icmp type echo-request limit rate 30/minute burst 8 packets counter accept
9 add rule ip filter INPUT icmp type echo-request counter drop
10 add rule ip filter INPUT ct state related,established counter accept
11 add rule ip filter INPUT iifname lo counter accept
12 add rule ip filter INPUT ct state invalid counter drop
13 add rule ip filter INPUT tcp dport 22 ct state new counter jump SSH
14 # -t filter -A SSH -m recent --name sshbf --rttl --rcheck --hitcount 3 --seconds 10 -j DROP
15 # -t filter -A SSH -m recent --name sshbf --rttl --rcheck --hitcount 20 --seconds 1800 -j DROP
16 # -t filter -A SSH -m recent --name sshbf --set -j ACCEPT
17 add rule ip filter INPUT ip protocol udp ct state new counter jump UDP
18 add rule ip filter INPUT tcp flags & fin|syn|rst|ack == syn ct state new counter jump TCP
19 add rule ip filter INPUT ip protocol udp counter reject
20 add rule ip filter INPUT ip protocol tcp counter reject with tcp reset
21 add rule ip filter INPUT counter reject with icmp type prot-unreachable
@@ -0,0 +1,24
1 add table ip6 filter
2 add chain ip6 filter INPUT { type filter hook input priority 0; }
3 add chain ip6 filter FORWARD { type filter hook forward priority 0; }
4 add chain ip6 filter OUTPUT { type filter hook output priority 0; }
5 add chain ip6 filter TCP
6 add chain ip6 filter UDP
7 add chain ip6 filter SSH
8 add rule ip6 filter INPUT rt type 0 counter drop
9 add rule ip6 filter OUTPUT rt type 0 counter drop
10 add rule ip6 filter FORWARD rt type 0 counter drop
11 add rule ip6 filter INPUT meta l4proto ipv6-icmp icmpv6 type echo-request limit rate 30/minute burst 8 packets counter accept
12 add rule ip6 filter INPUT meta l4proto ipv6-icmp icmpv6 type echo-request counter drop
13 add rule ip6 filter INPUT ct state related,established counter accept
14 add rule ip6 filter INPUT iifname lo counter accept
15 add rule ip6 filter INPUT ct state invalid counter drop
16 add rule ip6 filter INPUT tcp dport 22 ct state new counter jump SSH
17 # -t filter -A SSH -m recent --name sshbf --rttl --rcheck --hitcount 3 --seconds 10 -j DROP
18 # -t filter -A SSH -m recent --name sshbf --rttl --rcheck --hitcount 20 --seconds 1800 -j DROP
19 # -t filter -A SSH -m recent --name sshbf --set -j ACCEPT
20 add rule ip6 filter INPUT meta l4proto udp ct state new counter jump UDP
21 add rule ip6 filter INPUT tcp flags & fin|syn|rst|ack == syn ct state new counter jump TCP
22 add rule ip6 filter INPUT meta l4proto udp counter reject with icmpv6 type admin-prohibited
23 add rule ip6 filter INPUT meta l4proto tcp counter reject with icmpv6 type admin-prohibited
24 add rule ip6 filter INPUT counter reject with icmpv6 type admin-prohibited
@@ -0,0 +1,12
1 [Match]
2 Name=wlan0
3
4 [Network]
5 DHCP=no
6 Address=
7 Gateway=
8 DNS=
9 DNS=
10 Domains=
11 NTP=
12 NTP=
@@ -0,0 +1,1
1 kernel.printk = 3 4 1 3 No newline at end of file
@@ -0,0 +1,5
1 # Configuration template file used by rpi23-gen-image.sh
2 RPI_MODEL=0
3 RELEASE=buster
4 BUILD_KERNEL=true
5 # ENABLE_BLUETOOTH=false
@@ -0,0 +1,5
1 # Configuration template file used by rpi23-gen-image.sh
2 RPI_MODEL=0
3 RELEASE=stretch
4 BUILD_KERNEL=true
5 # ENABLE_BLUETOOTH=false
@@ -0,0 +1,4
1 # Configuration template file used by rpi23-gen-image.sh
2 RPI_MODEL=1P
3 RELEASE=buster
4 BUILD_KERNEL=true
@@ -0,0 +1,4
1 # Configuration template file used by rpi23-gen-image.sh
2 RPI_MODEL=1P
3 RELEASE=stretch
4 BUILD_KERNEL=true
@@ -0,0 +1,4
1 # Configuration template file used by rpi23-gen-image.sh
2 RPI_MODEL=3
3 RELEASE=buster
4 BUILD_KERNEL=true
@@ -0,0 +1,4
1 # Configuration template file used by rpi23-gen-image.sh
2 RPI_MODEL=2
3 RELEASE=stretch
4 BUILD_KERNEL=true
@@ -0,0 +1,4
1 # Configuration template file used by rpi23-gen-image.sh
2 RPI_MODEL=2
3 RELEASE=stretch
4 BUILD_KERNEL=true
@@ -0,0 +1,15
1 # Configuration template file used by rpi23-gen-image.sh
2 # Debian Stretch using the Arm64 for kernel compilation and Debian distribution.
3
4 RPI_MODEL=3
5 RELEASE=stretch
6 BUILD_KERNEL=true
7 KERNEL_ARCH=arm64
8 RELEASE_ARCH=arm64
9 CROSS_COMPILE=aarch64-linux-gnu-
10 QEMU_BINARY=/usr/bin/qemu-aarch64-static
11 KERNEL_DEFCONFIG=bcmrpi3_defconfig
12 KERNEL_BIN_IMAGE=Image
13 KERNEL_IMAGE=kernel8.img
14 KERNEL_BRANCH=rpi-4.14.y
15 ENABLE_WIRELESS=true
@@ -0,0 +1,6
1 # Configuration template file used by rpi23-gen-image.sh
2 RPI_MODEL=3P
3 RELEASE=buster
4 BUILD_KERNEL=true
5 # ENABLE_WIRELESS=false
6 # ENABLE_BLUETOOTH=false
@@ -0,0 +1,6
1 # Configuration template file used by rpi23-gen-image.sh
2 RPI_MODEL=3P
3 RELEASE=stretch
4 BUILD_KERNEL=true
5 # ENABLE_WIRELESS=false
6 # ENABLE_BLUETOOTH=false
@@ -0,0 +1,6
1 # Configuration template file used by rpi23-gen-image.sh
2 RPI_MODEL=3
3 RELEASE=buster
4 BUILD_KERNEL=true
5 # ENABLE_WIRELESS=false
6 # ENABLE_BLUETOOTH=false
@@ -0,0 +1,6
1 # Configuration template file used by rpi23-gen-image.sh
2 RPI_MODEL=3
3 RELEASE=stretch
4 BUILD_KERNEL=true
5 # ENABLE_WIRELESS=false
6 # ENABLE_BLUETOOTH=false
@@ -1,450 +1,450
1 1 ## 介绍
2 `rpi23-gen-image.sh` 是一个自动生成树莓派2/3系统镜像的脚本工具, 当前支持自动生成32位 armhf 架构的Debian, 发行版本`jessie`, `stretch``buster`. 树莓派3 64位镜像需要使用特定的配置参数 (```templates/rpi3-stretch-arm64-4.11.y```).
2 `rpi23-gen-image.sh` 是一个自动生成树莓派2/3系统镜像的脚本工具, 当前支持自动生成32位 armhf 架构的Debian, 发行版本`jessie`, `stretch``buster`. 树莓派3 64位镜像需要使用特定的配置参数 (```templates/rpi3-stretch-arm64-4.14.y```).
3 3
4 4 ## 构建环境所依赖的包
5 5 一定要安装好下列deb包, 他们是构建过程需要的核心包. 脚本会自动检查, 如果缺少,经用户确认后会自动安装.
6 6
7 7 ```debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git bc psmisc dbus sudo```
8 8
9 9 推荐通过配置 `rpi23-gen-image.sh` 脚本编译安装最新的树莓派 Linux 内核, 对于树莓派3, 只能如此. 在构建系统上使用 ARM (armhf) 交叉编译工具链编译内核.
10 10
11 11 脚本已经在Debian Liux `jessie` 和`stretch` 构建系统下使用默认的 `crossbuild-essential-armhf` 工具链进行过测试. 获取更多信息请查看 [Debian 交叉工具链 Wiki](https://wiki.debian.org/CrossToolchains) .
12 12
13 13 如果使用Debian Linux `jessie` 构建系统, 先要添加交叉编译工具链的源 [Debian 交叉工具链仓库](http://emdebian.org/tools/debian/):
14 14
15 15 ```
16 16 echo "deb http://emdebian.org/tools/debian/ jessie main" > /etc/apt/sources.list.d/crosstools.list
17 17 sudo -u nobody wget -O - http://emdebian.org/tools/debian/emdebian-toolchain-archive.key | apt-key add -
18 18 dpkg --add-architecture armhf
19 19 apt-get update
20 20 ```
21 21
22 22 ## 命令行参数
23 23 脚本可以使用特定的命令行参数来允许或禁止操作系统的某些特性、服务和配置信息. 这些参数通过(简单)脚本变量传递给 `rpi23-gen-image.sh`. 不同于环境变量, (简单)脚本变量在调用`rpi23-gen-image.sh`的命令行前面定义.
24 24
25 25 ##### 命令行示例:
26 26 ```shell
27 27 ENABLE_UBOOT=true ./rpi23-gen-image.sh
28 28 ENABLE_CONSOLE=false ENABLE_IPV6=false ./rpi23-gen-image.sh
29 29 ENABLE_WM=xfce4 ENABLE_FBTURBO=true ENABLE_MINBASE=true ./rpi23-gen-image.sh
30 30 ENABLE_HARDNET=true ENABLE_IPTABLES=true /rpi23-gen-image.sh
31 31 APT_SERVER=ftp.de.debian.org APT_PROXY="http://127.0.0.1:3142/" ./rpi23-gen-image.sh
32 32 ENABLE_MINBASE=true ./rpi23-gen-image.sh
33 33 BUILD_KERNEL=true ENABLE_MINBASE=true ENABLE_IPV6=false ./rpi23-gen-image.sh
34 34 BUILD_KERNEL=true KERNELSRC_DIR=/tmp/linux ./rpi23-gen-image.sh
35 35 ENABLE_MINBASE=true ENABLE_REDUCE=true ENABLE_MINGPU=true BUILD_KERNEL=true ./rpi23-gen-image.sh
36 36 ENABLE_CRYPTFS=true CRYPTFS_PASSWORD=changeme EXPANDROOT=false ENABLE_MINBASE=true ENABLE_REDUCE=true ENABLE_MINGPU=true BUILD_KERNEL=true ./rpi23-gen-image.sh
37 37 RELEASE=stretch BUILD_KERNEL=true ./rpi23-gen-image.sh
38 38 RPI_MODEL=3 ENABLE_WIRELESS=true ENABLE_MINBASE=true BUILD_KERNEL=true ./rpi23-gen-image.sh
39 39 RELEASE=stretch RPI_MODEL=3 ENABLE_WIRELESS=true ENABLE_MINBASE=true BUILD_KERNEL=true ./rpi23-gen-image.sh
40 40 ```
41 41
42 42 ## 参数模板文件
43 43 为了避免冗长的命令行参数以及存储感兴趣的参数配置, `rpi23-gen-image.sh` 支持所谓的参数模板文件 (`CONFIG_TEMPLATE`=template). 这些文本文件位于 `./templates` 目录, 文件中含有将会使用的配置参数. 新的配置模板文件会被添加到 `./templates` 目录.
44 44
45 45 ##### 命令行示例:
46 46 ```shell
47 47 CONFIG_TEMPLATE=rpi3stretch ./rpi23-gen-image.sh
48 48 CONFIG_TEMPLATE=rpi2stretch ./rpi23-gen-image.sh
49 49 ```
50 50
51 51 ## 支持的参数和设置
52 52 #### APT 设置:
53 53 ##### `APT_SERVER`="ftp.debian.org"
54 54 设置 Debian 仓库地址. 选择一个 [镜像站点](https://www.debian.org/mirror/list). 选一个近的镜像站点会加快镜像生成过程中所需文件的下载速度.
55 55
56 56 ##### `APT_PROXY`=""
57 57 设置代理服务器地址. 使用本地缓存代理, 比如 `apt-cacher-ng` 可以缩短镜像生成时间, 因为所需要的 Debian 包文件只需下载一次.
58 58
59 59 ##### `APT_INCLUDES`=""
60 60 生成镜像过程中最先由debootstrap程序自动安装的附加包, 逗号分隔.
61 61
62 62 ##### `APT_INCLUDES_LATE`=""
63 63 生成镜像过程中最初的debootstrap完成后, 需要的使用apt命令安装的附加包, 逗号分隔. 特别用在含有 pre-depend 依赖关系的包的, 其依赖关系在打包过程中debootstrap程序中无法正确处理.
64 64
65 65 ---
66 66
67 67 #### 通用系统设置:
68 68 ##### `RPI_MODEL`=2
69 69 指定树莓派型号. 当前支持树莓派 `2``3`. 设为 `3``BUILD_KERNEL` 自动设为true .
70 70
71 71 ##### `RELEASE`="jessie"
72 72 设置 Debian 发行版. 脚本当前支持 Debian 发行版 "jessie", "stretch" 和 "buster" 的自动生成. 设为`stretch` 或 `buster``BUILD_KERNEL` 自动设为true.
73 73
74 74 ##### `RELEASE_ARCH`="armhf"
75 75 设置期望的 Debian 发行架构.
76 76
77 77 ##### `HOSTNAME`="rpi$RPI_MODEL-$RELEASE"
78 78 设置主机名称. 建议所在的子网中主机名称是唯一的.
79 79
80 80 ##### `PASSWORD`="raspberry"
81 81 设置系统的 `root` 用户密码. **强烈**建议选择一个自定义密码 .
82 82
83 83 ##### `USER_PASSWORD`="raspberry"
84 84 设置由 `USER_NAME`=pi 参数创建的普通用户的密码. 如果 `ENABLE_USER`=false 则忽略. **强烈**建议选择一个自定义密码.
85 85
86 86 ##### `DEFLOCAL`="en_US.UTF-8"
87 87 设置系统默认 locale. 将来可以在运行的系统中执行 `dpkg-reconfigure locales` 命令更改此项设置. 设置这项脚本会自动安装 `locales`, `keyboard-configuration``console-setup` 三个包.
88 88
89 89 ##### `TIMEZONE`="Europe/Berlin"
90 90 设置系统默认时区. 可以在`/usr/share/zoneinfo/` 目录中找到全部可用时区. 将来可以在运行的系统中执行 `dpkg-reconfigure tzdata` 命令更改此项设置.
91 91
92 92 ##### `EXPANDROOT`=true
93 93 第一次运行时自动扩展根分区和文件系统.
94 94
95 95 ---
96 96
97 97 #### 键盘设置:
98 98 这些选项用来配置键盘布局文件 `/etc/default/keyboard` 影响控制台和X窗口. 将来可以在运行的系统中执行 `dpkg-reconfigure keyboard-configuration` 命令更改此项设置.
99 99
100 100 ##### `XKB_MODEL`=""
101 101 设置键盘类型, 大陆常见pc104.
102 102
103 103 ##### `XKB_LAYOUT`=""
104 104 设置键盘布局, 大陆常见us.
105 105
106 106 ##### `XKB_VARIANT`=""
107 107 设置键盘布局变种.
108 108
109 109 ##### `XKB_OPTIONS`=""
110 110 设置其它 XKB 配置选项.
111 111
112 112 ---
113 113
114 114 #### 网络设置 (动态):
115 115 设置网络为自动获取IP地址. 配置文件位于 `/etc/systemd/network/eth.network`. 在Debian `stretch`中, 默认位置更改为 `/lib/systemd/network`.
116 116
117 117 ##### `ENABLE_DHCP`=true
118 118 设置系统使用 DHCP 获取动态IP. 需要有一个 DHCP 服务器.
119 119
120 120 ---
121 121
122 122 #### 网络设置 (静态):
123 123 设置系统为手动配置IP地址. 配置文件位于 `/etc/systemd/network/eth.network`. 在Debian `stretch` 中, 默认位置更改为 `/lib/systemd/network`.
124 124 `ENABLE_DHCP`=false 时下面这些静态IP设置才起作用.
125 125
126 126 ##### `NET_ADDRESS`=""
127 127 设置静态 IPv4 或 IPv6, 使用CIDR "/"形式, 如 "192.169.0.3/24".
128 128
129 129 ##### `NET_GATEWAY`=""
130 130 设置默认网关的地址.
131 131
132 132 ##### `NET_DNS_1`=""
133 133 设置主域名服务器地址.
134 134
135 135 ##### `NET_DNS_2`=""
136 136 设置辅域名服务器地址.
137 137
138 138 ##### `NET_DNS_DOMAINS`=""
139 139 设置默认的域名搜索后缀, 当主机名称不是一个完整域名(FQDN)时使用.
140 140
141 141 ##### `NET_NTP_1`=""
142 142 设置主时间服务器地址.
143 143
144 144 ##### `NET_NTP_2`=""
145 145 设置辅时间服务器地址.
146 146
147 147 ---
148 148
149 149 #### 基本系统特性:
150 150 ##### `ENABLE_CONSOLE`=true
151 151 允许串行控制台接口. 没有连接显示器键盘的树莓派推荐打开, 此时如果网络无法连接至树莓派, 可以使用串行控制台连至系统.
152 152
153 153 ##### `ENABLE_I2C`=false
154 允许树莓派2/3的 I2C 接口. 请对照 [树莓派2/3 引脚示意图](http://elinux.org/RPi_Low-level_peripherals) 正确连接 GPIO 引脚.
154 允许树莓派2/3的 I2C 接口. 请对照 [树莓派2/3 引脚示意图](https://elinux.org/RPi_Low-level_peripherals) 正确连接 GPIO 引脚.
155 155
156 156 ##### `ENABLE_SPI`=false
157 允许树莓派2/3的 SPI 接口. 请对照 [树莓派2/3 引脚示意图](http://elinux.org/RPi_Low-level_peripherals) 正确连接 GPIO 引脚.
157 允许树莓派2/3的 SPI 接口. 请对照 [树莓派2/3 引脚示意图](https://elinux.org/RPi_Low-level_peripherals) 正确连接 GPIO 引脚.
158 158
159 159 ##### `ENABLE_IPV6`=true
160 160 允许 IPv6 . 通过 systemd-networkd 配置管理网络接口.
161 161
162 162 ##### `ENABLE_SSHD`=true
163 163 安装并且允许 OpenSSH 服务. 此服务默认禁止 `root` 用户远程登录. 使用普通用户 `pi` 远程登录然后使用 `su -``sudo` 来取得root权限.
164 164
165 165 ##### `ENABLE_NONFREE`=false
166 166 允许安装仓库中的 non-free 类的软件包. 需要安装闭源的固件, 二进制大对象 blob.
167 167
168 168 ##### `ENABLE_WIRELESS`=false
169 169 下载安装树莓派3无线接口所需要的闭源固件 二进制blob [树莓派3无线接口固件](https://github.com/RPi-Distro/firmware-nonfree/tree/master/brcm80211/brcm). 如果 `RPI_MODEL` 不是 `3` 则忽略.
170 170
171 171 ##### `ENABLE_RSYSLOG`=true
172 172 如果设置为 false, 禁用并卸载 rsyslog, 则只能通过日志文件查看logs.
173 173
174 174 ##### `ENABLE_SOUND`=true
175 175 允许声卡并且安装 ALSA.
176 176
177 177 ##### `ENABLE_HWRANDOM`=true
178 178 允许硬件随机数发生器. 强随机数对大多数使用加密的网络通信是非常重要的. 推荐允许此设置.
179 179
180 180 ##### `ENABLE_MINGPU`=false
181 181 最小化显存 (16MB, no X), 目前无法完全禁用GPU.
182 182
183 183 ##### `ENABLE_DBUS`=true
184 184 安装并允许 D-Bus 消息总线. 虽然 systemd 可以在没有 D-bus的情况下工作, 但是推荐允许D-Bus.
185 185
186 186 ##### `ENABLE_XORG`=false
187 187 是否安装 Xorg, 开源 X11 系统.
188 188
189 189 ##### `ENABLE_WM`=""
190 190 安装用户指定的X Window 窗口管理器. 如果设置了`ENABLE_WM`, 系统确定所有被依赖的X11相关软件包都安装好了以后`ENABLE_XORG`会自动设置为true, `rpi23-gen-image.sh` 脚本已经通过下列窗口管理器的测试: `blackbox`, `openbox`, `fluxbox`, `jwm`, `dwm`, `xfce4`, `awesome`.
191 191
192 192 ---
193 193
194 194 #### 高级系统特性:
195 195 ##### `ENABLE_MINBASE`=false
196 196 使用 debootstrap 脚本变量 `minbase`, 只含有必不可少的核心包和apt. 体积大约 65 MB.
197 197
198 198 ##### `ENABLE_REDUCE`=false
199 199 卸载包、删除文件以减小体积 详情查看 `REDUCE_*` 参数.
200 200
201 201 ##### `ENABLE_UBOOT`=false
202 使用 [U-Boot 引导器](http://git.denx.de/?p=u-boot.git;a=summary) 替代树莓派2/3 默认的第二阶段引导器(bootcode.bin). U-Boot 可以通过网络使用 BOOTP/TFTP 协议引导镜像文件.
202 使用 [U-Boot 引导器](https://git.denx.de/?p=u-boot.git;a=summary) 替代树莓派2/3 默认的第二阶段引导器(bootcode.bin). U-Boot 可以通过网络使用 BOOTP/TFTP 协议引导镜像文件.
203 203
204 204 ##### `UBOOTSRC_DIR`=""
205 存放已下载 [U-Boot 引导器源文件](http://git.denx.de/?p=u-boot.git;a=summary) 的目录(`u-boot`).
205 存放已下载 [U-Boot 引导器源文件](https://git.denx.de/?p=u-boot.git;a=summary) 的目录(`u-boot`).
206 206
207 207 ##### `ENABLE_FBTURBO`=false
208 208 安装并且允许 [硬件加速的 Xorg 显卡驱动](https://github.com/ssvb/xf86-video-fbturbo) `fbturbo`. 当前仅支持窗口的移动和滚动的硬件加速.
209 209
210 210 ##### `FBTURBOSRC_DIR`=""
211 211 设置存放已下载的 [硬件加速的 Xorg 显卡驱动](https://github.com/ssvb/xf86-video-fbturbo) 的目录 (`xf86-video-fbturbo`) , 可以复制到chroot内配置、构建和安装.
212 212
213 213 ##### `ENABLE_IPTABLES`=false
214 214 允许 iptables 防火墙. 使用最简单的规则集: 允许所有出站连接;禁止除OpenSSH外的所有入站连接.
215 215
216 216 ##### `ENABLE_USER`=true
217 217 创建普通用户, 默认用户名`pi`, 默认密码raspberry. 可以使用 `USER_NAME`=user 更改默认用户名;使用 `USER_PASSWORD`=raspberry 更改默认密码.
218 218
219 219 ##### `USER_NAME`=pi
220 220 创建普通用户pi. 如果`ENABLE_USER`=false 此参数被忽略.
221 221
222 222 ##### `ENABLE_ROOT`=false
223 223 允许root用户登录, 需要设置 root 用户密码.
224 224
225 225 ##### `ENABLE_HARDNET`=false
226 226 允许加固 IPv4/IPv6 协议栈, 防止DoS攻击.
227 227
228 228 ##### `ENABLE_SPLITFS`=false
229 229 允许将根分区放在USB驱动器中. 将会生成两个镜像文件, 一个挂载为 `/boot/firmware` , 另一个挂载为 `/`.
230 230
231 231 ##### `CHROOT_SCRIPTS`=""
232 232 设置自定义脚本目录的路径, 该目录中的脚本在镜像文件构建完成之前在chroot中运行. 这个目录里的可执行文件按着字典序运行.
233 233
234 234 ##### `ENABLE_INITRAMFS`=false
235 235 创建 Linux 启动时加载的 initramfs .如果 `ENABLE_CRYPTFS`=true 那么 `ENABLE_INITRAMFS` 自动设为true . 如果 `BUILD_KERNEL`=false 此参数被忽略.
236 236
237 237 ##### `ENABLE_IFNAMES`=true
238 238 允许一致/可预测网络接口命名, 支持 Debian 发行版 `stretch``buster` .
239 239
240 240 ##### `DISABLE_UNDERVOLT_WARNINGS`=
241 241 禁止树莓派2/3 的低电压警告. 设为 `1` 禁止警告. 设为 `2` 额外允许低电压下的turbo增强模式.
242 242
243 243 ---
244 244
245 245 #### SSH 设置:
246 246 ##### `SSH_ENABLE_ROOT`=false
247 247 允许root通过密码验证方式远程登录系统. 如果没有修改默认密码, 这将是个巨大的安全隐患. `ENABLE_ROOT` 必须设为 `true`.
248 248
249 249 ##### `SSH_DISABLE_PASSWORD_AUTH`=false
250 250 禁用SSH的密码验证方式, 只支持SSH (v2)的公钥认证.
251 251
252 252 ##### `SSH_LIMIT_USERS`=false
253 253 限制通过SSH远程登录的用户. 只允许由 `USER_NAME`=pi 参数创建的普通用户, 以及当 `SSH_ENABLE_ROOT`=true 时 root 用户远程登录. 如果使用的守护程序是 `dropbear` (通过 `REDUCE_SSHD`=true 设置) 则忽略此参数.
254 254
255 255 ##### `SSH_ROOT_PUB_KEY`=""
256 256 从指定文件(可包含多个公钥)添加 SSH (v2) 公钥到 `authorized_keys` 文件, 使得 `root` 用户可以使用SSH (v2)的公钥验证方式远程登录, 不支持SSH (v1). `ENABLE_ROOT` **和** `SSH_ENABLE_ROOT` 必须同时设为 `true`.
257 257
258 258 ##### `SSH_USER_PUB_KEY`=""
259 259 从指定文件(可包含多个公钥)添加 SSH (v2) 公钥到 `authorized_keys` 文件, 使得由 `USER_NAME`=pi 参数创建的普通用户可以使用SSH (v2)的公钥验证方式远程登录, 不支持SSH (v1).
260 260
261 261 ---
262 262
263 263 #### 内核编译:
264 264 ##### `BUILD_KERNEL`=false
265 265 构建安装最新的树莓派 2/3 Linux 内核, 当前只支持默认内核配置. 如果设置为树莓派`3`那么自动设置`BUILD_KERNEL`=true .
266 266
267 267 ##### `CROSS_COMPILE`="arm-linux-gnueabihf-"
268 268 设置交叉编译器.
269 269
270 270 ##### `KERNEL_ARCH`="arm"
271 271 设置内核架构.
272 272
273 273 ##### `KERNEL_IMAGE`="kernel7.img"
274 274 内核镜像名称, 如果没有设置, 编译32位内核默认“kernel7.img” 64位内核默认 "kernel8.img".
275 275
276 276 ##### `KERNEL_BRANCH`=""
277 277 GIT里的树莓派内核源代码分支名称, 默认使用当前默认分支.
278 278
279 279 ##### `QEMU_BINARY`="/usr/bin/qemu-arm-static"
280 280 设置构建系统中的QEMU程序位置. 如果没有设置, 32位内核默认 “/usr/bin/qemu-arm-static” 64位内核默认 "/usr/bin/qemu-aarch64-static".
281 281
282 282 ##### `KERNEL_DEFCONFIG`="bcm2709_defconfig"
283 283 设置编译内核的默认配置. 如果没有设置, 32位内核默认"bcm2709_defconfig" 64位内核默认"bcmrpi3\_defconfig".
284 284
285 285 ##### `KERNEL_REDUCE`=false
286 286 缩小内核体积, 移除不想要的设备驱动、网络驱动和文件系统驱动 (实验性质).
287 287
288 288 ##### `KERNEL_THREADS`=1
289 289 编译内核时的并发线程数量. 如果使用默认设置, 系统会自动检测CPU的内核数量, 设置线程数量, 加速内核编译.
290 290
291 291 ##### `KERNEL_HEADERS`=true
292 292 安装内核相应的头文件.
293 293
294 294 ##### `KERNEL_MENUCONFIG`=false
295 295 运行`make menuconfig`使用菜单界面配置内核. 退出配置菜单后脚本继续运行.
296 296
297 297 ##### `KERNEL_REMOVESRC`=true
298 298 编译安装完成后, 删掉内核源代码, 产生的镜像不含内核源代码.
299 299
300 300 ##### `KERNELSRC_DIR`=""
301 301 已下载好的 [Github上的树莓派官方内核](https://github.com/raspberrypi/linux) 源码所在目录 (`linux`) 的路径, 可以复制到chroot内配置、构建和安装.
302 302
303 303 ##### `KERNELSRC_CLEAN`=false
304 304 当`KERNELSRC_DIR`被复制到 chroot 之后开始编译之前(使用 `make mrproper`)清理内核源代码. 如果 `KERNELSRC_DIR` 没有设置或者 `KERNELSRC_PREBUILT`=true时忽略此设置.
305 305
306 306 ##### `KERNELSRC_CONFIG`=true
307 307 在编译前使用 `make bcm2709_defconfig` (也可以选择 `make menuconfig`) 配置内核源代码. 如果`KERNELSRC_DIR`指定的源码存放目录不存在,这个参数自动设为 `true`. 如果 `KERNELSRC_PREBUILT`=true 忽略此参数.
308 308
309 309 ##### `KERNELSRC_USRCONFIG`=""
310 310 复制自己的配置文件到内核的 `.config`. 如果 `KERNEL_MENUCONFIG`=true 拷贝完成后自动运行 make menuconfig.
311 311
312 312 ##### `KERNELSRC_PREBUILT`=false
313 313 如果这个参数设为true 表示内核源代码目录中包含成功交叉编译好的内核. 忽略 `KERNELSRC_CLEAN`, `KERNELSRC_CONFIG`, `KERNELSRC_USRCONFIG` and `KERNEL_MENUCONFIG` 这四个参数,不再执行交叉编译操作.
314 314
315 315 ##### `RPI_FIRMWARE_DIR`=""
316 316 指定目录 (`firmware`) 含有已经从 [Github上的树莓派官方固件](https://github.com/raspberrypi/firmware)下载到本地的固件. 默认直接从网上下载最新的固件.
317 317
318 318 ---
319 319
320 320 #### 缩小体积:
321 321 如果 `ENABLE_REDUCE`=false 则忽略下列参数.
322 322
323 323 ##### `REDUCE_APT`=true
324 324 配置 APT,压缩仓库文件列表,不缓存下载的包文件.
325 325
326 326 ##### `REDUCE_DOC`=true
327 327 移除所有的doc文档文件(harsh). 配置 APT, 将来使用`apt-get`安装deb包时不包括doc文件.
328 328
329 329 ##### `REDUCE_MAN`=true
330 330 移除所有的man手册页和info文件 (harsh). 配置 APT, 将来使用`apt-get`安装deb包时不包括man手册页.
331 331
332 332 ##### `REDUCE_VIM`=false
333 333 使用vim的小型克隆 `levee` 替代 `vim-tiny`.
334 334
335 335 ##### `REDUCE_BASH`=false
336 336 使用 `dash` 代替 `bash` (实验性质).
337 337
338 338 ##### `REDUCE_HWDB`=true
339 339 移除与 PCI 相关的 hwdb 文件 (实验性质).
340 340
341 341 ##### `REDUCE_SSHD`=true
342 342 使用`dropbear`代替 `openssh-server`.
343 343
344 344 ##### `REDUCE_LOCALE`=true
345 345 移除所有的 `locale` 本地化文件.
346 346
347 347 ---
348 348
349 349 #### 加密根分区:
350 350 ##### `ENABLE_CRYPTFS`=false
351 351 使用dm-crypt进行全盘加密. 创建一个 LUKS 加密根分区 (加密方法 aes-xts-plain64:sha512) 并生成所需要的 initramfs. /boot 目录不会被加密. 当`BUILD_KERNEL`=false时忽略此参数. `ENABLE_CRYPTFS` 这个参数当前是实验性质的. SSH-to-initramfs 当前不支持,正在进行中.
352 352
353 353 ##### `CRYPTFS_PASSWORD`=""
354 354 设置根分区的加密密码. 如果 `ENABLE_CRYPTFS`=true,请务必设置此参数.
355 355
356 356 ##### `CRYPTFS_MAPPING`="secure"
357 357 设置device-mapper映射名称.
358 358
359 359 ##### `CRYPTFS_CIPHER`="aes-xts-plain64:sha512"
360 360 加密算法. 推荐 `aes-xts*`加密法.
361 361
362 362 ##### `CRYPTFS_XTSKEYSIZE`=512
363 363 设置密钥长度,8的倍数,以bit为单位.
364 364
365 365 ---
366 366
367 367 #### Build settings构建设置:
368 368 ##### `BASEDIR`=$(pwd)/images/${RELEASE}
369 369 设置产生镜像的目录.
370 370
371 371 ##### `IMAGE_NAME`=${BASEDIR}/${DATE}-${KERNEL_ARCH}-${KERNEL_BRANCH}-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}
372 372 设置镜像文件名. 如果`ENABLE_SPLITFS`=false则文件名$IMAGE_NAME.img 如果`ENABLE_SPLITFS`=true则文件名$IMAGE_NAME-frmw.img 和 $IMAGE_NAME-root.img. 如果没有设置 `KERNEL_BRANCH` 则使用 "CURRENT" .
373 373
374 374 ## 理解脚本
375 375 制作镜像的每个阶段所实现的功能都由各自的脚本完成, 位于 `bootstrap.d` 目录. 按着字典序执行:
376 376
377 377 | 脚本 | 说明 |
378 378 | --- | --- |
379 379 | `10-bootstrap.sh` | 生成基本系统 |
380 380 | `11-apt.sh` | 设置 APT 仓库源 |
381 381 | `12-locale.sh` | 设置 Locales 和 keyboard |
382 382 | `13-kernel.sh` | 编译安装树莓派 2/3 内核 |
383 383 | `14-fstab.sh` | 设置 fstab 和 initramfs |
384 384 | `15-rpi-config.sh` | 设置 RPi2/3 config and cmdline |
385 385 | `20-networking.sh` | 设置网络 |
386 386 | `21-firewall.sh` | 设置防火墙 |
387 387 | `30-security.sh` | 设置用户以及安全相关 |
388 388 | `31-logging.sh` | 设置日志 |
389 389 | `32-sshd.sh` | 设置 SSH 和公钥 |
390 390 | `41-uboot.sh` | 编译设置 U-Boot |
391 391 | `42-fbturbo.sh` | 编译设置 fbturbo Xorg 驱动 |
392 392 | `50-firstboot.sh` | 首次启动执行的任务 |
393 393 | `99-reduce.sh` | 缩小体积 |
394 394
395 395 所有需要拷贝到镜像文件的配置文件都位于 `files` 目录. 最好不要手动更改这些配置文件.
396 396
397 397 | 目录 | 说明 |
398 398 | --- | --- |
399 399 | `apt` | APT 管理配置文件 |
400 400 | `boot` | 引导文件 树莓派2/3配置文件 |
401 401 | `dpkg` | 包管理配置文件 |
402 402 | `etc` | 配置文件以及 rc 启动脚本 |
403 403 | `firstboot` | 首次引导执行的脚本 |
404 404 | `initramfs` | Initramfs 脚本 |
405 405 | `iptables` | 防火墙配置文件 |
406 406 | `locales` | Locales 配置 |
407 407 | `modules` | 内核模块配置 |
408 408 | `mount` | Fstab 配置 |
409 409 | `network` | 网络配置文件 |
410 410 | `sysctl.d` | 交换文件以及IP协议加固配置文件 |
411 411 | `xorg` | fbturbo Xorg 驱动配置 |
412 412
413 413 ## 自定义包和脚本
414 414 `packages` 目录里放置自定义deb包, 比如系统仓库里没有的软件.在安装完系统仓库中的包之后安装. 自定义包所依赖的deb包会自动从系统仓库下载. 不要把自定义包添加到 `APT_INCLUDES` 参数中.
415 415 `custom.d` 目录中的脚本会在其它安装都完成后, 创建镜像文件之前执行.
416 416
417 417 ## 记录镜像产生过程的信息
418 418 所有镜像产生过程的信息、`rpi23-gen-image.sh` 脚本执行的命令都可以通过shell的 `script` 命令保存到日志文件中:
419 419
420 420 ```shell
421 421 script -c 'APT_SERVER=ftp.de.debian.org ./rpi23-gen-image.sh' ./build.log
422 422 ```
423 423
424 424 ## 烧录镜像文件
425 425 `rpi23-gen-image.sh` 所生成的镜像文件需要使用 `bmaptool``dd` 烧录到 microSD 卡. `bmaptool` 速度快比 `dd` 聪明.
426 426
427 427 ##### 烧录示例:
428 428 ```shell
429 429 bmaptool copy ./images/jessie/2017-01-23-rpi3-jessie.img /dev/mmcblk0
430 430 dd bs=4M if=./images/jessie/2017-01-23-rpi3-jessie.img of=/dev/mmcblk0
431 431 ```
432 432 如果设置过 `ENABLE_SPLITFS`, 烧录 `-frmw` 文件到 microSD 卡, 烧录 `-root` 文件到 USB 驱动器:
433 433 ```shell
434 434 bmaptool copy ./images/jessie/2017-01-23-rpi3-jessie-frmw.img /dev/mmcblk0
435 435 bmaptool copy ./images/jessie/2017-01-23-rpi3-jessie-root.img /dev/sdc
436 436 ```
437 437 ## 每周镜像
438 438 这些镜像由JRWR'S I/O PORT提供, 每周日午夜UTC 0点编译!
439 439 * [Debian Stretch Raspberry Pi2/3 周构建镜像](https://jrwr.io/doku.php?id=projects:debianpi)
440 440
441 441 ## External links and references外部链接, 各种资源
442 442 * [Debian 全世界镜像列表](https://www.debian.org/mirror/list)
443 443 * [Debian 树莓派 2 Wiki](https://wiki.debian.org/RaspberryPi2)
444 444 * [Debian 交叉工具链 Wiki](https://wiki.debian.org/CrossToolchains)
445 445 * [Github上的树莓派官方固件](https://github.com/raspberrypi/firmware)
446 446 * [Github上的树莓派官方内核](https://github.com/raspberrypi/linux)
447 * [U-BOOT git 仓库](http://git.denx.de/?p=u-boot.git;a=summary)
447 * [U-BOOT git 仓库](https://git.denx.de/?p=u-boot.git;a=summary)
448 448 * [Xorg DDX fbturbo驱动](https://github.com/ssvb/xf86-video-fbturbo)
449 449 * [树莓派3无线接口固件](https://github.com/RPi-Distro/firmware-nonfree/tree/master/brcm80211/brcm)
450 450 * [Collabora 树莓派2预编译内核](https://repositories.collabora.co.uk/debian/)
@@ -1,454 +1,502
1 1 # rpi23-gen-image
2 2 ## Introduction
3 `rpi23-gen-image.sh` is an advanced Debian Linux bootstrapping shell script for generating Debian OS images for all Raspberry Pi computers. The script at this time supports the bootstrapping of the Debian (armhf/armel) releases `stretch` and `buster`. Raspberry Pi 0/1/2/3 images are generated for 32-bit mode only. Raspberry Pi 3 supports 64-bit images that can be generated using custom configuration parameters (```templates/rpi3-stretch-arm64-4.14.y```).
3 4
4 `rpi23-gen-image.sh` is an advanced Debian Linux bootstrapping shell script for generating Debian OS images for Raspberry Pi 2 (RPi2) and Raspberry Pi 3 (RPi3) computers. The script at this time supports the bootstrapping of the Debian (armhf) releases `jessie`, `stretch` and `buster`. Raspberry Pi 3 images are generated for 32-bit mode only. Raspberry Pi 3 64-bit images can be generated using custom configuration parameters (```templates/rpi3-stretch-arm64-4.11.y```).
5 5
6 6
7 7 ## Build dependencies
8 8 The following list of Debian packages must be installed on the build system because they are essentially required for the bootstrapping process. The script will check if all required packages are installed and missing packages will be installed automatically if confirmed by the user.
9 9
10 10 ```debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git bc psmisc dbus sudo```
11 11
12 It is recommended to configure the `rpi23-gen-image.sh` script to build and install the latest Raspberry Pi Linux kernel. For the RPi3 this is mandatory. Kernel compilation and linking will be performed on the build system using an ARM (armhf) cross-compiler toolchain.
12 It is recommended to configure the `rpi23-gen-image.sh` script to build and install the latest Raspberry Pi Linux kernel. For the Raspberry 3 this is mandatory. Kernel compilation and linking will be performed on the build system using an ARM (armhf/armel) cross-compiler toolchain.
13 13
14 The script has been tested using the default `crossbuild-essential-armhf` toolchain meta package on Debian Linux `jessie` and `stretch` build systems. Please check the [Debian CrossToolchains Wiki](https://wiki.debian.org/CrossToolchains) for further information.
15
16 If a Debian Linux `jessie` build system is used it will be required to add the [Debian Cross-toolchains repository](http://emdebian.org/tools/debian/) first:
17
18 ```
19 echo "deb http://emdebian.org/tools/debian/ jessie main" > /etc/apt/sources.list.d/crosstools.list
20 sudo -u nobody wget -O - http://emdebian.org/tools/debian/emdebian-toolchain-archive.key | apt-key add -
21 dpkg --add-architecture armhf
22 apt-get update
23 ```
14 The script has been tested using the default `crossbuild-essential-armhf` and `crossbuild-essential-armel` toolchain meta packages on Debian Linux `stretch` build systems. Please check the [Debian CrossToolchains Wiki](https://wiki.debian.org/CrossToolchains) for further information.
24 15
25 16 ## Command-line parameters
26 17 The script accepts certain command-line parameters to enable or disable specific OS features, services and configuration settings. These parameters are passed to the `rpi23-gen-image.sh` script via (simple) shell-variables. Unlike environment shell-variables (simple) shell-variables are defined at the beginning of the command-line call of the `rpi23-gen-image.sh` script.
27 18
28 19 ##### Command-line examples:
29 20 ```shell
30 21 ENABLE_UBOOT=true ./rpi23-gen-image.sh
31 22 ENABLE_CONSOLE=false ENABLE_IPV6=false ./rpi23-gen-image.sh
32 23 ENABLE_WM=xfce4 ENABLE_FBTURBO=true ENABLE_MINBASE=true ./rpi23-gen-image.sh
33 24 ENABLE_HARDNET=true ENABLE_IPTABLES=true /rpi23-gen-image.sh
34 25 APT_SERVER=ftp.de.debian.org APT_PROXY="http://127.0.0.1:3142/" ./rpi23-gen-image.sh
35 26 ENABLE_MINBASE=true ./rpi23-gen-image.sh
36 27 BUILD_KERNEL=true ENABLE_MINBASE=true ENABLE_IPV6=false ./rpi23-gen-image.sh
37 28 BUILD_KERNEL=true KERNELSRC_DIR=/tmp/linux ./rpi23-gen-image.sh
38 29 ENABLE_MINBASE=true ENABLE_REDUCE=true ENABLE_MINGPU=true BUILD_KERNEL=true ./rpi23-gen-image.sh
39 30 ENABLE_CRYPTFS=true CRYPTFS_PASSWORD=changeme EXPANDROOT=false ENABLE_MINBASE=true ENABLE_REDUCE=true ENABLE_MINGPU=true BUILD_KERNEL=true ./rpi23-gen-image.sh
40 31 RELEASE=stretch BUILD_KERNEL=true ./rpi23-gen-image.sh
41 32 RPI_MODEL=3 ENABLE_WIRELESS=true ENABLE_MINBASE=true BUILD_KERNEL=true ./rpi23-gen-image.sh
42 33 RELEASE=stretch RPI_MODEL=3 ENABLE_WIRELESS=true ENABLE_MINBASE=true BUILD_KERNEL=true ./rpi23-gen-image.sh
43 34 ```
44 35
45 36 ## Configuration template files
46 37 To avoid long lists of command-line parameters and to help to store the favourite parameter configurations the `rpi23-gen-image.sh` script supports so called configuration template files (`CONFIG_TEMPLATE`=template). These are simple text files located in the `./templates` directory that contain the list of configuration parameters that will be used. New configuration template files can be added to the `./templates` directory.
47 38
48 39 ##### Command-line examples:
49 40 ```shell
50 41 CONFIG_TEMPLATE=rpi3stretch ./rpi23-gen-image.sh
51 42 CONFIG_TEMPLATE=rpi2stretch ./rpi23-gen-image.sh
52 43 ```
53 44
54 45 ## Supported parameters and settings
55 46 #### APT settings:
56 47 ##### `APT_SERVER`="ftp.debian.org"
57 48 Set Debian packages server address. Choose a server from the list of Debian worldwide [mirror sites](https://www.debian.org/mirror/list). Using a nearby server will probably speed-up all required downloads within the bootstrapping process.
58 49
59 50 ##### `APT_PROXY`=""
60 Set Proxy server address. Using a local Proxy-Cache like `apt-cacher-ng` will speed-up the bootstrapping process because all required Debian packages will only be downloaded from the Debian mirror site once.
51 Set Proxy server address. Using a local Proxy-Cache like `apt-cacher-ng` will speed-up the bootstrapping process because all required Debian packages will only be downloaded from the Debian mirror site once. If `apt-cacher-ng` is running on default `http://127.0.0.1:3142` it is autodetected and you don't need to set this.
61 52
62 53 ##### `APT_INCLUDES`=""
63 A comma separated list of additional packages to be installed by debootstrap during bootstrapping.
54 A comma-separated list of additional packages to be installed by debootstrap during bootstrapping.
64 55
65 56 ##### `APT_INCLUDES_LATE`=""
66 A comma separated list of additional packages to be installed by apt after bootstrapping and after APT sources are set up. This is useful for packages with pre-depends, which debootstrap do not handle well.
57 A comma-separated list of additional packages to be installed by apt after bootstrapping and after APT sources are set up. This is useful for packages with pre-depends, which debootstrap do not handle well.
67 58
68 59 ---
69 60
70 61 #### General system settings:
62 ##### `SET_ARCH`=32
63 Set Architecture to default 32bit. If you want to compile 64-bit (RPI3 or RPI3+) set it to `64`. This option will set every needed cross-compiler or board specific option for a successful build.
64
71 65 ##### `RPI_MODEL`=2
72 Specifiy the target Raspberry Pi hardware model. The script at this time supports the Raspberry Pi models `2` and `3`. `BUILD_KERNEL`=true will automatically be set if the Raspberry Pi model `3` is used.
66 Specify the target Raspberry Pi hardware model. The script at this time supports the following Raspberry Pi models:
67 - `0` = Raspberry Pi 0 and Raspberry Pi 0 W
68 - `1` = Raspberry Pi 1 model A and B
69 - `1P` = Raspberry Pi 1 model B+ and A+
70 - `2` = Raspberry Pi 2 model B
71 - `3` = Raspberry Pi 3 model B
72 - `3P` = Raspberry Pi 3 model B+
73 73
74 ##### `RELEASE`="jessie"
75 Set the desired Debian release name. The script at this time supports the bootstrapping of the Debian releases "jessie", "stretch" and "buster". `BUILD_KERNEL`=true will automatically be set if the Debian releases `stretch` or `buster` are used.
74 ##### `RELEASE`="buster"
75 Set the desired Debian release name. The script at this time supports the bootstrapping of the Debian releases `stretch` and `buster`.
76 76
77 77 ##### `RELEASE_ARCH`="armhf"
78 78 Set the desired Debian release architecture.
79 79
80 80 ##### `HOSTNAME`="rpi$RPI_MODEL-$RELEASE"
81 Set system host name. It's recommended that the host name is unique in the corresponding subnet.
81 Set system hostname. It's recommended that the hostname is unique in the corresponding subnet.
82 82
83 83 ##### `PASSWORD`="raspberry"
84 84 Set system `root` password. It's **STRONGLY** recommended that you choose a custom password.
85 85
86 86 ##### `USER_PASSWORD`="raspberry"
87 87 Set password for the created non-root user `USER_NAME`=pi. Ignored if `ENABLE_USER`=false. It's **STRONGLY** recommended that you choose a custom password.
88 88
89 89 ##### `DEFLOCAL`="en_US.UTF-8"
90 90 Set default system locale. This setting can also be changed inside the running OS using the `dpkg-reconfigure locales` command. Please note that on using this parameter the script will automatically install the required packages `locales`, `keyboard-configuration` and `console-setup`.
91 91
92 92 ##### `TIMEZONE`="Europe/Berlin"
93 93 Set default system timezone. All available timezones can be found in the `/usr/share/zoneinfo/` directory. This setting can also be changed inside the running OS using the `dpkg-reconfigure tzdata` command.
94 94
95 95 ##### `EXPANDROOT`=true
96 96 Expand the root partition and filesystem automatically on first boot.
97 97
98 ##### `ENABLE_QEMU`=false
99 Generate kernel (`vexpress_defconfig`), file system image (`qcow2`) and DTB files that can be used for QEMU full system emulation (`vexpress-A15`). The output files are stored in the `$(pwd)/images/qemu` directory. You can find more information about running the generated image in the QEMU section of this readme file.
100
98 101 ---
99 102
100 103 #### Keyboard settings:
101 104 These options are used to configure keyboard layout in `/etc/default/keyboard` for console and Xorg. These settings can also be changed inside the running OS using the `dpkg-reconfigure keyboard-configuration` command.
102 105
103 106 ##### `XKB_MODEL`=""
104 107 Set the name of the model of your keyboard type.
105 108
106 109 ##### `XKB_LAYOUT`=""
107 110 Set the supported keyboard layout(s).
108 111
109 112 ##### `XKB_VARIANT`=""
110 113 Set the supported variant(s) of the keyboard layout(s).
111 114
112 115 ##### `XKB_OPTIONS`=""
113 116 Set extra xkb configuration options.
114 117
115 118 ---
116 119
117 120 #### Networking settings (DHCP):
118 This parameter is used to set up networking auto configuration in `/etc/systemd/network/eth.network`. The default location of network configuration files in the Debian `stretch` release was changed to `/lib/systemd/network`.`
121 This parameter is used to set up networking auto-configuration in `/etc/systemd/network/eth.network`. The default location of network configuration files in the Debian `stretch` release was changed to `/lib/systemd/network`.`
119 122
120 123 ##### `ENABLE_DHCP`=true
121 124 Set the system to use DHCP. This requires an DHCP server.
122 125
123 126 ---
124 127
125 128 #### Networking settings (static):
126 129 These parameters are used to set up a static networking configuration in `/etc/systemd/network/eth.network`. The following static networking parameters are only supported if `ENABLE_DHCP` was set to `false`. The default location of network configuration files in the Debian `stretch` release was changed to `/lib/systemd/network`.
127 130
128 131 ##### `NET_ADDRESS`=""
129 132 Set a static IPv4 or IPv6 address and its prefix, separated by "/", eg. "192.169.0.3/24".
130 133
131 134 ##### `NET_GATEWAY`=""
132 135 Set the IP address for the default gateway.
133 136
134 137 ##### `NET_DNS_1`=""
135 138 Set the IP address for the first DNS server.
136 139
137 140 ##### `NET_DNS_2`=""
138 141 Set the IP address for the second DNS server.
139 142
140 143 ##### `NET_DNS_DOMAINS`=""
141 Set the default DNS search domains to use for non fully qualified host names.
144 Set the default DNS search domains to use for non fully qualified hostnames.
142 145
143 146 ##### `NET_NTP_1`=""
144 147 Set the IP address for the first NTP server.
145 148
146 149 ##### `NET_NTP_2`=""
147 150 Set the IP address for the second NTP server.
148 151
149 152 ---
150 153
151 154 #### Basic system features:
152 155 ##### `ENABLE_CONSOLE`=true
153 Enable serial console interface. Recommended if no monitor or keyboard is connected to the RPi2/3. In case of problems fe. if the network (auto) configuration failed - the serial console can be used to access the system.
156 Enable serial console interface. Recommended if no monitor or keyboard is connected to the RPi2/3. In case of problems fe. if the network (auto) configuration failed - the serial console can be used to access the system. On RPI `0` `3` `3P` the CPU speed is locked at lowest speed.
157
158 ##### `ENABLE_PRINTK`=false
159 Enables printing kernel messages to konsole. printk is `3 4 1 3` as in raspbian.
160
161 ##### `ENABLE_BLUETOOTH`=false
162 Enable onboard Bluetooth interface on the RPi0/3/3P. See: [Configuring the GPIO serial port on Raspbian jessie and stretch](https://spellfoundry.com/2016/05/29/configuring-gpio-serial-port-raspbian-jessie-including-pi-3/).
163
164 ##### `ENABLE_MINIUART_OVERLAY`=false
165 Enable Bluetooth to use this. Adds overlay to swap UART0 with UART1. Enabling (slower) Bluetooth and full speed serial console. - RPI `0` `3` `3P` have a fast `hardware UART0` (ttyAMA0) and a `mini UART1` (ttyS0)! RPI `1` `1P` `2` only have a `hardware UART0`. `UART0` is considered better, because is faster and more stable than `mini UART1`. By default the Bluetooth modem is mapped to the `hardware UART0` and `mini UART` is used for console. The `mini UART` is a problem for the serial console, because its baudrate depends on the CPU frequency, which is changing on runtime. Resulting in a volatile baudrate and thus in an unusable serial console.
166
167 ##### `ENABLE_TURBO`=false
168 Enable Turbo mode. This setting locks cpu at the highest frequency. As setting ENABLE_CONSOLE=true locks RPI to lowest CPU speed, this is can be used additionally to lock cpu hat max speed. Need a good power supply and probably cooling for the Raspberry PI.
154 169
155 170 ##### `ENABLE_I2C`=false
156 Enable I2C interface on the RPi2/3. Please check the [RPi2/3 pinout diagrams](http://elinux.org/RPi_Low-level_peripherals) to connect the right GPIO pins.
171 Enable I2C interface on the RPi 0/1/2/3. Please check the [RPi 0/1/2/3 pinout diagrams](https://elinux.org/RPi_Low-level_peripherals) to connect the right GPIO pins.
157 172
158 173 ##### `ENABLE_SPI`=false
159 Enable SPI interface on the RPi2/3. Please check the [RPi2/3 pinout diagrams](http://elinux.org/RPi_Low-level_peripherals) to connect the right GPIO pins.
174 Enable SPI interface on the RPi 0/1/2/3. Please check the [RPi 0/1/2/3 pinout diagrams](https://elinux.org/RPi_Low-level_peripherals) to connect the right GPIO pins.
160 175
161 176 ##### `ENABLE_IPV6`=true
162 177 Enable IPv6 support. The network interface configuration is managed via systemd-networkd.
163 178
164 179 ##### `ENABLE_SSHD`=true
165 180 Install and enable OpenSSH service. The default configuration of the service doesn't allow `root` to login. Please use the user `pi` instead and `su -` or `sudo` to execute commands as root.
166 181
167 182 ##### `ENABLE_NONFREE`=false
168 183 Allow the installation of non-free Debian packages that do not comply with the DFSG. This is required to install closed-source firmware binary blobs.
169 184
170 185 ##### `ENABLE_WIRELESS`=false
171 Download and install the [closed-source firmware binary blob](https://github.com/RPi-Distro/firmware-nonfree/tree/master/brcm80211/brcm) that is required to run the internal wireless interface of the Raspberry Pi model `3`. This parameter is ignored if the specified `RPI_MODEL` is not `3`.
186 Download and install the [closed-source firmware binary blob](https://github.com/RPi-Distro/firmware-nonfree/raw/master/brcm) that is required to run the internal wireless interface of the Raspberry Pi model `3`. This parameter is ignored if the specified `RPI_MODEL` is not `3`.
172 187
173 188 ##### `ENABLE_RSYSLOG`=true
174 If set to false, disable and uninstall rsyslog (so logs will be available only
175 in journal files)
189 If set to false, disable and uninstall rsyslog (so logs will be available only in journal files)
176 190
177 191 ##### `ENABLE_SOUND`=true
178 192 Enable sound hardware and install Advanced Linux Sound Architecture.
179 193
180 194 ##### `ENABLE_HWRANDOM`=true
181 Enable Hardware Random Number Generator. Strong random numbers are important for most network based communications that use encryption. It's recommended to be enabled.
195 Enable Hardware Random Number Generator. Strong random numbers are important for most network-based communications that use encryption. It's recommended to be enabled.
182 196
183 197 ##### `ENABLE_MINGPU`=false
184 198 Minimize the amount of shared memory reserved for the GPU. It doesn't seem to be possible to fully disable the GPU.
185 199
186 200 ##### `ENABLE_DBUS`=true
187 201 Install and enable D-Bus message bus. Please note that systemd should work without D-bus but it's recommended to be enabled.
188 202
189 203 ##### `ENABLE_XORG`=false
190 204 Install Xorg open-source X Window System.
191 205
192 206 ##### `ENABLE_WM`=""
193 Install a user defined window manager for the X Window System. To make sure all X related package dependencies are getting installed `ENABLE_XORG` will automatically get enabled if `ENABLE_WM` is used. The `rpi23-gen-image.sh` script has been tested with the following list of window managers: `blackbox`, `openbox`, `fluxbox`, `jwm`, `dwm`, `xfce4`, `awesome`.
207 Install a user-defined window manager for the X Window System. To make sure all X related package dependencies are getting installed `ENABLE_XORG` will automatically get enabled if `ENABLE_WM` is used. The `rpi23-gen-image.sh` script has been tested with the following list of window managers: `blackbox`, `openbox`, `fluxbox`, `jwm`, `dwm`, `xfce4`, `awesome`.
208
209 ##### `ENABLE_SYSVINIT`=false
210 Support for halt,init,poweroff,reboot,runlevel,shutdown,telinit commands
194 211
195 212 ---
196 213
197 214 #### Advanced system features:
198 215 ##### `ENABLE_MINBASE`=false
199 216 Use debootstrap script variant `minbase` which only includes essential packages and apt. This will reduce the disk usage by about 65 MB.
200 217
201 218 ##### `ENABLE_REDUCE`=false
202 219 Reduce the disk space usage by deleting packages and files. See `REDUCE_*` parameters for detailed information.
203 220
204 221 ##### `ENABLE_UBOOT`=false
205 Replace the default RPi2/3 second stage bootloader (bootcode.bin) with [U-Boot bootloader](http://git.denx.de/?p=u-boot.git;a=summary). U-Boot can boot images via the network using the BOOTP/TFTP protocol.
222 Replace the default RPi 0/1/2/3 second stage bootloader (bootcode.bin) with [U-Boot bootloader](https://git.denx.de/?p=u-boot.git;a=summary). U-Boot can boot images via the network using the BOOTP/TFTP protocol.
206 223
207 224 ##### `UBOOTSRC_DIR`=""
208 Path to a directory (`u-boot`) of [U-Boot bootloader sources](http://git.denx.de/?p=u-boot.git;a=summary) that will be copied, configured, build and installed inside the chroot.
225 Path to a directory (`u-boot`) of [U-Boot bootloader sources](https://git.denx.de/?p=u-boot.git;a=summary) that will be copied, configured, build and installed inside the chroot.
209 226
210 227 ##### `ENABLE_FBTURBO`=false
211 228 Install and enable the [hardware accelerated Xorg video driver](https://github.com/ssvb/xf86-video-fbturbo) `fbturbo`. Please note that this driver is currently limited to hardware accelerated window moving and scrolling.
212 229
213 230 ##### `FBTURBOSRC_DIR`=""
214 231 Path to a directory (`xf86-video-fbturbo`) of [hardware accelerated Xorg video driver sources](https://github.com/ssvb/xf86-video-fbturbo) that will be copied, configured, build and installed inside the chroot.
215 232
233 ##### `ENABLE_VIDEOCORE`=false
234 Install and enable the [ARM side libraries for interfacing to Raspberry Pi GPU](https://github.com/raspberrypi/userland) `vcgencmd`. Please note that this driver is currently limited to hardware accelerated window moving and scrolling.
235
236 ##### `VIDEOCORESRC_DIR`=""
237 Path to a directory (`userland`) of [ARM side libraries for interfacing to Raspberry Pi GPU](https://github.com/raspberrypi/userland) that will be copied, configured, build and installed inside the chroot.
238
216 239 ##### `ENABLE_IPTABLES`=false
217 240 Enable iptables IPv4/IPv6 firewall. Simplified ruleset: Allow all outgoing connections. Block all incoming connections except to OpenSSH service.
218 241
219 242 ##### `ENABLE_USER`=true
220 Create non-root user with password `USER_PASSWORD`=raspberry. Unless overridden with `USER_NAME`=user, username will be `pi`.
243 Create non-root user with password `USER_PASSWORD`=raspberry. Unless overridden with `USER_NAME`=user, the username will be `pi`.
221 244
222 245 ##### `USER_NAME`=pi
223 246 Non-root user to create. Ignored if `ENABLE_USER`=false
224 247
225 248 ##### `ENABLE_ROOT`=false
226 249 Set root user password so root login will be enabled
227 250
228 251 ##### `ENABLE_HARDNET`=false
229 252 Enable IPv4/IPv6 network stack hardening settings.
230 253
231 254 ##### `ENABLE_SPLITFS`=false
232 255 Enable having root partition on an USB drive by creating two image files: one for the `/boot/firmware` mount point, and another for `/`.
233 256
234 257 ##### `CHROOT_SCRIPTS`=""
235 258 Path to a directory with scripts that should be run in the chroot before the image is finally built. Every executable file in this directory is run in lexicographical order.
236 259
237 260 ##### `ENABLE_INITRAMFS`=false
238 261 Create an initramfs that that will be loaded during the Linux startup process. `ENABLE_INITRAMFS` will automatically get enabled if `ENABLE_CRYPTFS`=true. This parameter will be ignored if `BUILD_KERNEL`=false.
239 262
240 263 ##### `ENABLE_IFNAMES`=true
241 Enable automatic assignment of predictable, stable network interface names for all local Ethernet, WLAN interfaces. This might create complex and long interface names. This parameter is only supported if the Debian releases `stretch` or `buster` are used.
264 Enable automatic assignment of predictable, stable network interface names for all local Ethernet, WLAN interfaces. This might create complex and long interface names.
242 265
243 266 ##### `DISABLE_UNDERVOLT_WARNINGS`=
244 267 Disable RPi2/3 under-voltage warnings and overlays. Setting the parameter to `1` will disable the warning overlay. Setting it to `2` will additionally allow RPi2/3 turbo mode when low-voltage is present.
245 268
246 269 ---
247 270
248 271 #### SSH settings:
249 272 ##### `SSH_ENABLE_ROOT`=false
250 Enable password root login via SSH. This may be a security risk with default password, use only in trusted environments. `ENABLE_ROOT` must be set to `true`.
273 Enable password-based root login via SSH. This may be a security risk with the default password set, use only in trusted environments. `ENABLE_ROOT` must be set to `true`.
251 274
252 275 ##### `SSH_DISABLE_PASSWORD_AUTH`=false
253 Disable password based SSH authentication. Only public key based SSH (v2) authentication will be supported.
276 Disable password-based SSH authentication. Only public key based SSH (v2) authentication will be supported.
254 277
255 278 ##### `SSH_LIMIT_USERS`=false
256 279 Limit the users that are allowed to login via SSH. Only allow user `USER_NAME`=pi and root if `SSH_ENABLE_ROOT`=true to login. This parameter will be ignored if `dropbear` SSH is used (`REDUCE_SSHD`=true).
257 280
258 281 ##### `SSH_ROOT_PUB_KEY`=""
259 282 Add SSH (v2) public key(s) from specified file to `authorized_keys` file to enable public key based SSH (v2) authentication of user `root`. The specified file can also contain multiple SSH (v2) public keys. SSH protocol version 1 is not supported. `ENABLE_ROOT` **and** `SSH_ENABLE_ROOT` must be set to `true`.
260 283
261 284 ##### `SSH_USER_PUB_KEY`=""
262 285 Add SSH (v2) public key(s) from specified file to `authorized_keys` file to enable public key based SSH (v2) authentication of user `USER_NAME`=pi. The specified file can also contain multiple SSH (v2) public keys. SSH protocol version 1 is not supported.
263 286
264 287 ---
265 288
266 289 #### Kernel compilation:
267 ##### `BUILD_KERNEL`=false
268 Build and install the latest RPi2/3 Linux kernel. Currently only the default RPi2/3 kernel configuration is used. `BUILD_KERNEL`=true will automatically be set if the Raspberry Pi model `3` is used.
290 ##### `BUILD_KERNEL`=true
291 Build and install the latest RPi 0/1/2/3 Linux kernel. Currently only the default RPi 0/1/2/3 kernel configuration is used.
269 292
270 293 ##### `CROSS_COMPILE`="arm-linux-gnueabihf-"
271 This sets the cross compile enviornment for the compiler.
294 This sets the cross-compile environment for the compiler.
272 295
273 296 ##### `KERNEL_ARCH`="arm"
274 297 This sets the kernel architecture for the compiler.
275 298
276 299 ##### `KERNEL_IMAGE`="kernel7.img"
277 300 Name of the image file in the boot partition. If not set, `KERNEL_IMAGE` will be set to "kernel8.img" automatically if building for arm64.
278 301
279 302 ##### `KERNEL_BRANCH`=""
280 303 Name of the requested branch from the GIT location for the RPi Kernel. Default is using the current default branch from the GIT site.
281 304
282 305 ##### `QEMU_BINARY`="/usr/bin/qemu-arm-static"
283 306 Sets the QEMU enviornment for the Debian archive. If not set, `QEMU_BINARY` will be set to "/usr/bin/qemu-aarch64-static" automatically if building for arm64.
284 307
285 308 ##### `KERNEL_DEFCONFIG`="bcm2709_defconfig"
286 309 Sets the default config for kernel compiling. If not set, `KERNEL_DEFCONFIG` will be set to "bcmrpi3\_defconfig" automatically if building for arm64.
287 310
288 311 ##### `KERNEL_REDUCE`=false
289 Reduce the size of the generated kernel by removing unwanted device, network and filesystem drivers (experimental).
312 Reduce the size of the generated kernel by removing unwanted devices, network and filesystem drivers (experimental).
290 313
291 314 ##### `KERNEL_THREADS`=1
292 315 Number of parallel kernel building threads. If the parameter is left untouched the script will automatically determine the number of CPU cores to set the number of parallel threads to speed the kernel compilation.
293 316
294 317 ##### `KERNEL_HEADERS`=true
295 Install kernel headers with built kernel.
318 Install kernel headers with the built kernel.
296 319
297 320 ##### `KERNEL_MENUCONFIG`=false
298 321 Start `make menuconfig` interactive menu-driven kernel configuration. The script will continue after `make menuconfig` was terminated.
299 322
323 ##### `KERNEL_OLDDEFCONFIG`=false
324 Run `make olddefconfig` to automatically set all new kernel configuration options to their recommended default values.
325
326 ##### `KERNEL_CCACHE`=false
327 Compile the kernel using ccache. This speeds up kernel recompilation by caching previous compilations and detecting when the same compilation is being done again.
328
300 329 ##### `KERNEL_REMOVESRC`=true
301 330 Remove all kernel sources from the generated OS image after it was built and installed.
302 331
303 332 ##### `KERNELSRC_DIR`=""
304 333 Path to a directory (`linux`) of [RaspberryPi Linux kernel sources](https://github.com/raspberrypi/linux) that will be copied, configured, build and installed inside the chroot.
305 334
306 335 ##### `KERNELSRC_CLEAN`=false
307 336 Clean the existing kernel sources directory `KERNELSRC_DIR` (using `make mrproper`) after it was copied to the chroot and before the compilation of the kernel has started. This parameter will be ignored if no `KERNELSRC_DIR` was specified or if `KERNELSRC_PREBUILT`=true.
308 337
309 338 ##### `KERNELSRC_CONFIG`=true
310 339 Run `make bcm2709_defconfig` (and optional `make menuconfig`) to configure the kernel sources before building. This parameter is automatically set to `true` if no existing kernel sources directory was specified using `KERNELSRC_DIR`. This parameter is ignored if `KERNELSRC_PREBUILT`=true.
311 340
312 341 ##### `KERNELSRC_USRCONFIG`=""
313 342 Copy own config file to kernel `.config`. If `KERNEL_MENUCONFIG`=true then running after copy.
314 343
315 344 ##### `KERNELSRC_PREBUILT`=false
316 345 With this parameter set to true the script expects the existing kernel sources directory to be already successfully cross-compiled. The parameters `KERNELSRC_CLEAN`, `KERNELSRC_CONFIG`, `KERNELSRC_USRCONFIG` and `KERNEL_MENUCONFIG` are ignored and no kernel compilation tasks are performed.
317 346
318 347 ##### `RPI_FIRMWARE_DIR`=""
319 348 The directory (`firmware`) containing a local copy of the firmware from the [RaspberryPi firmware project](https://github.com/raspberrypi/firmware). Default is to download the latest firmware directly from the project.
320 349
321 350 ---
322 351
323 352 #### Reduce disk usage:
324 353 The following list of parameters is ignored if `ENABLE_REDUCE`=false.
325 354
326 355 ##### `REDUCE_APT`=true
327 356 Configure APT to use compressed package repository lists and no package caching files.
328 357
329 358 ##### `REDUCE_DOC`=true
330 359 Remove all doc files (harsh). Configure APT to not include doc files on future `apt-get` package installations.
331 360
332 361 ##### `REDUCE_MAN`=true
333 362 Remove all man pages and info files (harsh). Configure APT to not include man pages on future `apt-get` package installations.
334 363
335 364 ##### `REDUCE_VIM`=false
336 365 Replace `vim-tiny` package by `levee` a tiny vim clone.
337 366
338 367 ##### `REDUCE_BASH`=false
339 368 Remove `bash` package and switch to `dash` shell (experimental).
340 369
341 370 ##### `REDUCE_HWDB`=true
342 371 Remove PCI related hwdb files (experimental).
343 372
344 373 ##### `REDUCE_SSHD`=true
345 374 Replace `openssh-server` with `dropbear`.
346 375
347 376 ##### `REDUCE_LOCALE`=true
348 377 Remove all `locale` translation files.
349 378
350 379 ---
351 380
352 381 #### Encrypted root partition:
353 382 ##### `ENABLE_CRYPTFS`=false
354 383 Enable full system encryption with dm-crypt. Setup a fully LUKS encrypted root partition (aes-xts-plain64:sha512) and generate required initramfs. The /boot directory will not be encrypted. This parameter will be ignored if `BUILD_KERNEL`=false. `ENABLE_CRYPTFS` is experimental. SSH-to-initramfs is currently not supported but will be soon - feel free to help.
355 384
356 385 ##### `CRYPTFS_PASSWORD`=""
357 386 Set password of the encrypted root partition. This parameter is mandatory if `ENABLE_CRYPTFS`=true.
358 387
359 388 ##### `CRYPTFS_MAPPING`="secure"
360 389 Set name of dm-crypt managed device-mapper mapping.
361 390
362 391 ##### `CRYPTFS_CIPHER`="aes-xts-plain64:sha512"
363 392 Set cipher specification string. `aes-xts*` ciphers are strongly recommended.
364 393
365 394 ##### `CRYPTFS_XTSKEYSIZE`=512
366 395 Sets key size in bits. The argument has to be a multiple of 8.
367 396
368 397 ---
369 398
370 399 #### Build settings:
371 400 ##### `BASEDIR`=$(pwd)/images/${RELEASE}
372 401 Set a path to a working directory used by the script to generate an image.
373 402
374 403 ##### `IMAGE_NAME`=${BASEDIR}/${DATE}-${KERNEL_ARCH}-${KERNEL_BRANCH}-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}
375 404 Set a filename for the output file(s). Note: the script will create $IMAGE_NAME.img if `ENABLE_SPLITFS`=false or $IMAGE_NAME-frmw.img and $IMAGE_NAME-root.img if `ENABLE_SPLITFS`=true. Note 2: If the KERNEL_BRANCH is not set, the word "CURRENT" is used.
376 405
377 406 ## Understanding the script
378 407 The functions of this script that are required for the different stages of the bootstrapping are split up into single files located inside the `bootstrap.d` directory. During the bootstrapping every script in this directory gets executed in lexicographical order:
379 408
380 409 | Script | Description |
381 410 | --- | --- |
382 411 | `10-bootstrap.sh` | Debootstrap basic system |
383 412 | `11-apt.sh` | Setup APT repositories |
384 413 | `12-locale.sh` | Setup Locales and keyboard settings |
385 | `13-kernel.sh` | Build and install RPi2/3 Kernel |
414 | `13-kernel.sh` | Build and install RPi 0/1/2/3 Kernel |
386 415 | `14-fstab.sh` | Setup fstab and initramfs |
387 | `15-rpi-config.sh` | Setup RPi2/3 config and cmdline |
416 | `15-rpi-config.sh` | Setup RPi 0/1/2/3 config and cmdline |
388 417 | `20-networking.sh` | Setup Networking |
389 418 | `21-firewall.sh` | Setup Firewall |
390 419 | `30-security.sh` | Setup Users and Security settings |
391 420 | `31-logging.sh` | Setup Logging |
392 421 | `32-sshd.sh` | Setup SSH and public keys |
393 422 | `41-uboot.sh` | Build and Setup U-Boot |
394 423 | `42-fbturbo.sh` | Build and Setup fbturbo Xorg driver |
424 | `43-videocore.sh` | Build and Setup videocore libraries |
395 425 | `50-firstboot.sh` | First boot actions |
396 426 | `99-reduce.sh` | Reduce the disk space usage |
397 427
398 428 All the required configuration files that will be copied to the generated OS image are located inside the `files` directory. It is not recommended to modify these configuration files manually.
399 429
400 430 | Directory | Description |
401 431 | --- | --- |
402 432 | `apt` | APT management configuration files |
403 | `boot` | Boot and RPi2/3 configuration files |
433 | `boot` | Boot and RPi 0/1/2/3 configuration files |
404 434 | `dpkg` | Package Manager configuration |
405 435 | `etc` | Configuration files and rc scripts |
406 436 | `firstboot` | Scripts that get executed on first boot |
407 437 | `initramfs` | Initramfs scripts |
408 438 | `iptables` | Firewall configuration files |
409 439 | `locales` | Locales configuration |
410 440 | `modules` | Kernel Modules configuration |
411 441 | `mount` | Fstab configuration |
412 442 | `network` | Networking configuration files |
413 443 | `sysctl.d` | Swapping and Network Hardening configuration |
414 444 | `xorg` | fbturbo Xorg driver configuration |
415 445
416 446 ## Custom packages and scripts
417 447 Debian custom packages, i.e. those not in the debian repositories, can be installed by placing them in the `packages` directory. They are installed immediately after packages from the repositories are installed. Any dependencies listed in the custom packages will be downloaded automatically from the repositories. Do not list these custom packages in `APT_INCLUDES`.
418 448
419 449 Scripts in the custom.d directory will be executed after all other installation is complete but before the image is created.
420 450
421 451 ## Logging of the bootstrapping process
422 452 All information related to the bootstrapping process and the commands executed by the `rpi23-gen-image.sh` script can easily be saved into a logfile. The common shell command `script` can be used for this purpose:
423 453
424 454 ```shell
425 455 script -c 'APT_SERVER=ftp.de.debian.org ./rpi23-gen-image.sh' ./build.log
426 456 ```
427 457
428 458 ## Flashing the image file
429 After the image file was successfully created by the `rpi23-gen-image.sh` script it can be copied to the microSD card that will be used by the RPi2/3 computer. This can be performed by using the tools `bmaptool` or `dd`. Using `bmaptool` will probably speed-up the copy process because `bmaptool` copies more wisely than `dd`.
459 After the image file was successfully created by the `rpi23-gen-image.sh` script it can be copied to the microSD card that will be used by the RPi 0/1/2/3 computer. This can be performed by using the tools `bmaptool` or `dd`. Using `bmaptool` will probably speed-up the copy process because `bmaptool` copies more wisely than `dd`.
430 460
431 461 ##### Flashing examples:
432 462 ```shell
433 bmaptool copy ./images/jessie/2017-01-23-rpi3-jessie.img /dev/mmcblk0
434 dd bs=4M if=./images/jessie/2017-01-23-rpi3-jessie.img of=/dev/mmcblk0
463 bmaptool copy ./images/buster/2017-01-23-rpi3-buster.img /dev/mmcblk0
464 dd bs=4M if=./images/buster/2017-01-23-rpi3-buster.img of=/dev/mmcblk0
435 465 ```
436 466 If you have set `ENABLE_SPLITFS`, copy the `-frmw` image on the microSD card, then the `-root` one on the USB drive:
437 467 ```shell
438 bmaptool copy ./images/jessie/2017-01-23-rpi3-jessie-frmw.img /dev/mmcblk0
439 bmaptool copy ./images/jessie/2017-01-23-rpi3-jessie-root.img /dev/sdc
468 bmaptool copy ./images/buster/2017-01-23-rpi3-buster-frmw.img /dev/mmcblk0
469 bmaptool copy ./images/buster/2017-01-23-rpi3-buster-root.img /dev/sdc
470 ```
471
472 ## QEMU emulation
473 Start QEMU full system emulation:
474 ```shell
475 qemu-system-arm -m 2048M -M vexpress-a15 -cpu cortex-a15 -kernel kernel7.img -no-reboot -dtb vexpress-v2p-ca15_a7.dtb -sd ${IMAGE_NAME}.qcow2 -append "root=/dev/mmcblk0p2 rw rootfstype=ext4 console=tty1"
476 ```
477
478 Start QEMU full system emulation and output to console:
479 ```shell
480 qemu-system-arm -m 2048M -M vexpress-a15 -cpu cortex-a15 -kernel kernel7.img -no-reboot -dtb vexpress-v2p-ca15_a7.dtb -sd ${IMAGE_NAME}.qcow2 -append "root=/dev/mmcblk0p2 rw rootfstype=ext4 console=ttyAMA0,115200 init=/bin/systemd" -serial stdio
481 ```
482
483 Start QEMU full system emulation with SMP and output to console:
484 ```shell
485 qemu-system-arm -m 2048M -M vexpress-a15 -cpu cortex-a15 -smp cpus=2,maxcpus=2 -kernel kernel7.img -no-reboot -dtb vexpress-v2p-ca15_a7.dtb -sd ${IMAGE_NAME}.qcow2 -append "root=/dev/mmcblk0p2 rw rootfstype=ext4 console=ttyAMA0,115200 init=/bin/systemd" -serial stdio
486 ```
487
488 Start QEMU full system emulation with cryptfs, initramfs and output to console:
489 ```shell
490 qemu-system-arm -m 2048M -M vexpress-a15 -cpu cortex-a15 -kernel kernel7.img -no-reboot -dtb vexpress-v2p-ca15_a7.dtb -sd ${IMAGE_NAME}.qcow2 -initrd "initramfs-${KERNEL_VERSION}" -append "root=/dev/mapper/secure cryptdevice=/dev/mmcblk0p2:secure rw rootfstype=ext4 console=ttyAMA0,115200 init=/bin/systemd" -serial stdio
440 491 ```
441 ## Weekly image builds
442 The image files are provided by JRWR'S I/O PORT and are built once a Sunday at midnight UTC!
443 * [Debian Stretch Raspberry Pi2/3 Weekly Image Builds](https://jrwr.io/doku.php?id=projects:debianpi)
444 492
445 493 ## External links and references
446 494 * [Debian worldwide mirror sites](https://www.debian.org/mirror/list)
447 495 * [Debian Raspberry Pi 2 Wiki](https://wiki.debian.org/RaspberryPi2)
448 496 * [Debian CrossToolchains Wiki](https://wiki.debian.org/CrossToolchains)
449 497 * [Official Raspberry Pi Firmware on github](https://github.com/raspberrypi/firmware)
450 498 * [Official Raspberry Pi Kernel on github](https://github.com/raspberrypi/linux)
451 * [U-BOOT git repository](http://git.denx.de/?p=u-boot.git;a=summary)
499 * [U-BOOT git repository](https://git.denx.de/?p=u-boot.git;a=summary)
452 500 * [Xorg DDX driver fbturbo](https://github.com/ssvb/xf86-video-fbturbo)
453 501 * [RPi3 Wireless interface firmware](https://github.com/RPi-Distro/firmware-nonfree/tree/master/brcm80211/brcm)
454 502 * [Collabora RPi2 Kernel precompiled](https://repositories.collabora.co.uk/debian/)
@@ -1,47 +1,41
1 1 #
2 2 # Debootstrap basic system
3 3 #
4 4
5 5 # Load utility functions
6 6 . ./functions.sh
7 7
8 8 VARIANT=""
9 9 COMPONENTS="main"
10 EXCLUDES=""
11 10
12 11 # Use non-free Debian packages if needed
13 12 if [ "$ENABLE_NONFREE" = true ] ; then
14 13 COMPONENTS="main,non-free,contrib"
15 14 fi
16 15
17 16 # Use minbase bootstrap variant which only includes essential packages
18 17 if [ "$ENABLE_MINBASE" = true ] ; then
19 18 VARIANT="--variant=minbase"
20 19 fi
21 20
22 # Exclude packages if required by Debian release
23 if [ "$RELEASE" = "stretch" ] || [ "$RELEASE" = "buster" ] ; then
24 EXCLUDES="--exclude=init,systemd-sysv"
25 fi
26
27 21 # Base debootstrap (unpack only)
28 http_proxy=${APT_PROXY} debootstrap ${EXCLUDES} --arch="${RELEASE_ARCH}" --foreign ${VARIANT} --components="${COMPONENTS}" --include="${APT_INCLUDES}" "${RELEASE}" "${R}" "http://${APT_SERVER}/debian"
22 http_proxy=${APT_PROXY} debootstrap ${APT_EXCLUDES} --arch="${RELEASE_ARCH}" --foreign ${VARIANT} --components="${COMPONENTS}" --include="${APT_INCLUDES}" "${RELEASE}" "${R}" "http://${APT_SERVER}/debian"
29 23
30 24 # Copy qemu emulator binary to chroot
31 25 install -m 755 -o root -g root "${QEMU_BINARY}" "${R}${QEMU_BINARY}"
32 26
33 27 # Copy debian-archive-keyring.pgp
34 28 mkdir -p "${R}/usr/share/keyrings"
35 29 install_readonly /usr/share/keyrings/debian-archive-keyring.gpg "${R}/usr/share/keyrings/debian-archive-keyring.gpg"
36 30
37 31 # Complete the bootstrapping process
38 32 chroot_exec /debootstrap/debootstrap --second-stage
39 33
40 34 # Mount required filesystems
41 35 mount -t proc none "${R}/proc"
42 36 mount -t sysfs none "${R}/sys"
43 37
44 38 # Mount pseudo terminal slave if supported by Debian release
45 39 if [ -d "${R}/dev/pts" ] ; then
46 40 mount --bind /dev/pts "${R}/dev/pts"
47 41 fi
@@ -1,56 +1,33
1 1 #
2 2 # Setup APT repositories
3 3 #
4 4
5 5 # Load utility functions
6 6 . ./functions.sh
7 7
8 8 # Install and setup APT proxy configuration
9 9 if [ -z "$APT_PROXY" ] ; then
10 10 install_readonly files/apt/10proxy "${ETC_DIR}/apt/apt.conf.d/10proxy"
11 11 sed -i "s/\"\"/\"${APT_PROXY}\"/" "${ETC_DIR}/apt/apt.conf.d/10proxy"
12 12 fi
13 13
14 if [ "$BUILD_KERNEL" = false ] ; then
15 # Install APT pinning configuration for flash-kernel package
16 install_readonly files/apt/flash-kernel "${ETC_DIR}/apt/preferences.d/flash-kernel"
17
18 # Install APT sources.list
19 install_readonly files/apt/sources.list "${ETC_DIR}/apt/sources.list"
20 echo "deb ${COLLABORA_URL} ${RELEASE} rpi2" >> "${ETC_DIR}/apt/sources.list"
21
22 # Upgrade collabora package index and install collabora keyring
23 chroot_exec apt-get -qq -y update
24 # Removed --allow-unauthenticated as suggested after modification on _apt privileges
25 chroot_exec apt-get -qq -y install collabora-obs-archive-keyring
26 else # BUILD_KERNEL=true
27 # Install APT sources.list
28 install_readonly files/apt/sources.list "${ETC_DIR}/apt/sources.list"
29
30 # Use specified APT server and release
31 sed -i "s/\/ftp.debian.org\//\/${APT_SERVER}\//" "${ETC_DIR}/apt/sources.list"
32 sed -i "s/ jessie/ ${RELEASE}/" "${ETC_DIR}/apt/sources.list"
33 fi
34
35 # Allow the installation of non-free Debian packages
36 if [ "$ENABLE_NONFREE" = true ] ; then
37 sed -i "s/ contrib/ contrib non-free/" "${ETC_DIR}/apt/sources.list"
38 fi
39
40 14 # Upgrade package index and update all installed packages and changed dependencies
41 15 chroot_exec apt-get -qq -y update
42 16 chroot_exec apt-get -qq -y -u dist-upgrade
43 17
18 # Install additional packages
44 19 if [ "$APT_INCLUDES_LATE" ] ; then
45 chroot_exec apt-get -qq -y install $(echo $APT_INCLUDES_LATE |tr , ' ')
20 chroot_exec apt-get -qq -y install "$(echo "$APT_INCLUDES_LATE" |tr , ' ')"
46 21 fi
47 22
23 # Install Debian custom packages
48 24 if [ -d packages ] ; then
49 25 for package in packages/*.deb ; do
50 cp $package ${R}/tmp
51 chroot_exec dpkg --unpack /tmp/$(basename $package)
26 cp "$package" "${R}"/tmp
27 chroot_exec dpkg --unpack /tmp/"$(basename "$package")"
52 28 done
53 29 fi
30
54 31 chroot_exec apt-get -qq -y -f install
55 32
56 33 chroot_exec apt-get -qq -y check
@@ -1,58 +1,58
1 1 #
2 2 # Setup Locales and keyboard settings
3 3 #
4 4
5 5 # Load utility functions
6 6 . ./functions.sh
7 7
8 8 # Install and setup timezone
9 echo ${TIMEZONE} > "${ETC_DIR}/timezone"
9 echo "${TIMEZONE}" > "${ETC_DIR}/timezone"
10 10 chroot_exec dpkg-reconfigure -f noninteractive tzdata
11 11
12 12 # Install and setup default locale and keyboard configuration
13 if [ $(echo "$APT_INCLUDES" | grep ",locales") ] ; then
13 if [ "$(echo "$APT_INCLUDES" | grep ",locales")" ] ; then
14 14 # Set locale choice in debconf db, even though dpkg-reconfigure ignores and overwrites them due to some bug
15 15 # https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=684134 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=685957
16 16 # ... so we have to set locales manually
17 17 if [ "$DEFLOCAL" = "en_US.UTF-8" ] ; then
18 18 chroot_exec echo "locales locales/locales_to_be_generated multiselect ${DEFLOCAL} UTF-8" | debconf-set-selections
19 19 else
20 20 # en_US.UTF-8 should be available anyway : https://www.debian.org/doc/manuals/debian-reference/ch08.en.html#_the_reconfiguration_of_the_locale
21 21 chroot_exec echo "locales locales/locales_to_be_generated multiselect en_US.UTF-8 UTF-8, ${DEFLOCAL} UTF-8" | debconf-set-selections
22 22 sed -i "/en_US.UTF-8/s/^#//" "${ETC_DIR}/locale.gen"
23 23 fi
24 24
25 25 sed -i "/${DEFLOCAL}/s/^#//" "${ETC_DIR}/locale.gen"
26 26 chroot_exec echo "locales locales/default_environment_locale select ${DEFLOCAL}" | debconf-set-selections
27 27 chroot_exec locale-gen
28 28 chroot_exec update-locale LANG="${DEFLOCAL}"
29 29
30 30 # Install and setup default keyboard configuration
31 31 if [ "$XKB_MODEL" != "" ] ; then
32 32 sed -i "s/^XKBMODEL.*/XKBMODEL=\"${XKB_MODEL}\"/" "${ETC_DIR}/default/keyboard"
33 33 fi
34 34 if [ "$XKB_LAYOUT" != "" ] ; then
35 35 sed -i "s/^XKBLAYOUT.*/XKBLAYOUT=\"${XKB_LAYOUT}\"/" "${ETC_DIR}/default/keyboard"
36 36 fi
37 37 if [ "$XKB_VARIANT" != "" ] ; then
38 38 sed -i "s/^XKBVARIANT.*/XKBVARIANT=\"${XKB_VARIANT}\"/" "${ETC_DIR}/default/keyboard"
39 39 fi
40 40 if [ "$XKB_OPTIONS" != "" ] ; then
41 41 sed -i "s/^XKBOPTIONS.*/XKBOPTIONS=\"${XKB_OPTIONS}\"/" "${ETC_DIR}/default/keyboard"
42 42 fi
43 43 chroot_exec dpkg-reconfigure -f noninteractive keyboard-configuration
44 44
45 45 # Install and setup font console
46 46 case "${DEFLOCAL}" in
47 47 *UTF-8)
48 48 sed -i 's/^CHARMAP.*/CHARMAP="UTF-8"/' "${ETC_DIR}/default/console-setup"
49 49 ;;
50 50 *)
51 51 sed -i 's/^CHARMAP.*/CHARMAP="guess"/' "${ETC_DIR}/default/console-setup"
52 52 ;;
53 53 esac
54 54 chroot_exec dpkg-reconfigure -f noninteractive console-setup
55 55 else # (no locales were installed)
56 56 # Install POSIX default locale
57 57 install_readonly files/locales/locale "${ETC_DIR}/default/locale"
58 58 fi
@@ -1,185 +1,255
1 1 #
2 2 # Build and Setup RPi2/3 Kernel
3 3 #
4 4
5 5 # Load utility functions
6 6 . ./functions.sh
7 7
8 8 # Fetch and build latest raspberry kernel
9 9 if [ "$BUILD_KERNEL" = true ] ; then
10 10 # Setup source directory
11 mkdir -p "${R}/usr/src/linux"
11 mkdir -p "${KERNEL_DIR}"
12 12
13 13 # Copy existing kernel sources into chroot directory
14 14 if [ -n "$KERNELSRC_DIR" ] && [ -d "$KERNELSRC_DIR" ] ; then
15 15 # Copy kernel sources and include hidden files
16 cp -r "${KERNELSRC_DIR}/". "${R}/usr/src/linux"
16 cp -r "${KERNELSRC_DIR}/". "${KERNEL_DIR}"
17 17
18 18 # Clean the kernel sources
19 19 if [ "$KERNELSRC_CLEAN" = true ] && [ "$KERNELSRC_PREBUILT" = false ] ; then
20 20 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" mrproper
21 21 fi
22 22 else # KERNELSRC_DIR=""
23 23 # Create temporary directory for kernel sources
24 24 temp_dir=$(as_nobody mktemp -d)
25 25
26 26 # Fetch current RPi2/3 kernel sources
27 27 if [ -z "${KERNEL_BRANCH}" ] ; then
28 as_nobody git -C "${temp_dir}" clone --depth=1 "${KERNEL_URL}" linux
28 as_nobody -H git -C "${temp_dir}" clone --depth=1 "${KERNEL_URL}" linux
29 29 else
30 as_nobody git -C "${temp_dir}" clone --depth=1 --branch "${KERNEL_BRANCH}" "${KERNEL_URL}" linux
31 fi
32
30 as_nobody -H git -C "${temp_dir}" clone --depth=1 --branch "${KERNEL_BRANCH}" "${KERNEL_URL}" linux
31 fi
32
33 33 # Copy downloaded kernel sources
34 cp -r "${temp_dir}/linux/"* "${R}/usr/src/linux/"
34 cp -r "${temp_dir}/linux/"* "${KERNEL_DIR}"
35 35
36 36 # Remove temporary directory for kernel sources
37 37 rm -fr "${temp_dir}"
38 38
39 39 # Set permissions of the kernel sources
40 40 chown -R root:root "${R}/usr/src"
41 41 fi
42 42
43 43 # Calculate optimal number of kernel building threads
44 44 if [ "$KERNEL_THREADS" = "1" ] && [ -r /proc/cpuinfo ] ; then
45 45 KERNEL_THREADS=$(grep -c processor /proc/cpuinfo)
46 46 fi
47 47
48 48 # Configure and build kernel
49 49 if [ "$KERNELSRC_PREBUILT" = false ] ; then
50 50 # Remove device, network and filesystem drivers from kernel configuration
51 51 if [ "$KERNEL_REDUCE" = true ] ; then
52 52 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" "${KERNEL_DEFCONFIG}"
53 53 sed -i\
54 54 -e "s/\(^CONFIG_SND.*\=\).*/\1n/"\
55 55 -e "s/\(^CONFIG_SOUND.*\=\).*/\1n/"\
56 56 -e "s/\(^CONFIG_AC97.*\=\).*/\1n/"\
57 57 -e "s/\(^CONFIG_VIDEO_.*\=\).*/\1n/"\
58 58 -e "s/\(^CONFIG_MEDIA_TUNER.*\=\).*/\1n/"\
59 59 -e "s/\(^CONFIG_DVB.*\=\)[ym]/\1n/"\
60 60 -e "s/\(^CONFIG_REISERFS.*\=\).*/\1n/"\
61 61 -e "s/\(^CONFIG_JFS.*\=\).*/\1n/"\
62 62 -e "s/\(^CONFIG_XFS.*\=\).*/\1n/"\
63 63 -e "s/\(^CONFIG_GFS2.*\=\).*/\1n/"\
64 64 -e "s/\(^CONFIG_OCFS2.*\=\).*/\1n/"\
65 65 -e "s/\(^CONFIG_BTRFS.*\=\).*/\1n/"\
66 66 -e "s/\(^CONFIG_HFS.*\=\).*/\1n/"\
67 67 -e "s/\(^CONFIG_JFFS2.*\=\)[ym]/\1n/"\
68 68 -e "s/\(^CONFIG_UBIFS.*\=\).*/\1n/"\
69 69 -e "s/\(^CONFIG_SQUASHFS.*\=\)[ym]/\1n/"\
70 70 -e "s/\(^CONFIG_W1.*\=\)[ym]/\1n/"\
71 71 -e "s/\(^CONFIG_HAMRADIO.*\=\).*/\1n/"\
72 72 -e "s/\(^CONFIG_CAN.*\=\).*/\1n/"\
73 73 -e "s/\(^CONFIG_IRDA.*\=\).*/\1n/"\
74 74 -e "s/\(^CONFIG_BT_.*\=\).*/\1n/"\
75 75 -e "s/\(^CONFIG_WIMAX.*\=\)[ym]/\1n/"\
76 76 -e "s/\(^CONFIG_6LOWPAN.*\=\).*/\1n/"\
77 77 -e "s/\(^CONFIG_IEEE802154.*\=\).*/\1n/"\
78 78 -e "s/\(^CONFIG_NFC.*\=\).*/\1n/"\
79 79 -e "s/\(^CONFIG_FB_TFT=.*\=\).*/\1n/"\
80 80 -e "s/\(^CONFIG_TOUCHSCREEN.*\=\).*/\1n/"\
81 81 -e "s/\(^CONFIG_USB_GSPCA_.*\=\).*/\1n/"\
82 82 -e "s/\(^CONFIG_DRM.*\=\).*/\1n/"\
83 83 "${KERNEL_DIR}/.config"
84 84 fi
85 85
86 86 if [ "$KERNELSRC_CONFIG" = true ] ; then
87 87 # Load default raspberry kernel configuration
88 88 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" "${KERNEL_DEFCONFIG}"
89 89
90 if [ ! -z "$KERNELSRC_USRCONFIG" ] ; then
91 cp $KERNELSRC_USRCONFIG ${KERNEL_DIR}/.config
90 # Set kernel configuration parameters to enable qemu emulation
91 if [ "$ENABLE_QEMU" = true ] ; then
92 echo "CONFIG_FHANDLE=y" >> "${KERNEL_DIR}"/.config
93 echo "CONFIG_LBDAF=y" >> "${KERNEL_DIR}"/.config
94
95 if [ "$ENABLE_CRYPTFS" = true ] ; then
96 {
97 echo "CONFIG_EMBEDDED=y"
98 echo "CONFIG_EXPERT=y"
99 echo "CONFIG_DAX=y"
100 echo "CONFIG_MD=y"
101 echo "CONFIG_BLK_DEV_MD=y"
102 echo "CONFIG_MD_AUTODETECT=y"
103 echo "CONFIG_BLK_DEV_DM=y"
104 echo "CONFIG_BLK_DEV_DM_BUILTIN=y"
105 echo "CONFIG_DM_CRYPT=y"
106 echo "CONFIG_CRYPTO_BLKCIPHER=y"
107 echo "CONFIG_CRYPTO_CBC=y"
108 echo "CONFIG_CRYPTO_XTS=y"
109 echo "CONFIG_CRYPTO_SHA512=y"
110 echo "CONFIG_CRYPTO_MANAGER=y"
111 } >> "${KERNEL_DIR}"/.config
112 fi
113 fi
114
115 # Copy custom kernel configuration file
116 if [ -n "$KERNELSRC_USRCONFIG" ] ; then
117 cp "$KERNELSRC_USRCONFIG" "${KERNEL_DIR}"/.config
118 fi
119
120 # Set kernel configuration parameters to their default values
121 if [ "$KERNEL_OLDDEFCONFIG" = true ] ; then
122 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" olddefconfig
92 123 fi
93 124
94 125 # Start menu-driven kernel configuration (interactive)
95 126 if [ "$KERNEL_MENUCONFIG" = true ] ; then
96 127 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" menuconfig
97 128 fi
98 129 fi
99 130
100 # Cross compile kernel and modules
101 make -C "${KERNEL_DIR}" -j${KERNEL_THREADS} ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" "${KERNEL_BIN_IMAGE}" modules dtbs
131 # Use ccache to cross compile the kernel
132 if [ "$KERNEL_CCACHE" = true ] ; then
133 cc="ccache ${CROSS_COMPILE}gcc"
134 else
135 cc="${CROSS_COMPILE}gcc"
136 fi
137
138 # Cross compile kernel and dtbs
139 make -C "${KERNEL_DIR}" -j"${KERNEL_THREADS}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" CC="${cc}" "${KERNEL_BIN_IMAGE}" dtbs
140
141 # Cross compile kernel modules
142 if grep -q "CONFIG_MODULES=y" "${KERNEL_DIR}/.config" ; then
143 make -C "${KERNEL_DIR}" -j"${KERNEL_THREADS}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" CC="${cc}" modules
144 fi
102 145 fi
103 146
104 147 # Check if kernel compilation was successful
105 148 if [ ! -r "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/${KERNEL_BIN_IMAGE}" ] ; then
106 149 echo "error: kernel compilation failed! (kernel image not found)"
107 150 cleanup
108 151 exit 1
109 152 fi
110 153
111 154 # Install kernel modules
112 155 if [ "$ENABLE_REDUCE" = true ] ; then
113 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_MOD_STRIP=1 INSTALL_MOD_PATH=../../.. modules_install
156 if grep -q "CONFIG_MODULES=y" "${KERNEL_DIR}/.config" ; then
157 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_MOD_STRIP=1 INSTALL_MOD_PATH=../../.. modules_install
158 fi
114 159 else
115 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_MOD_PATH=../../.. modules_install
160 if grep -q "CONFIG_MODULES=y" "${KERNEL_DIR}/.config" ; then
161 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_MOD_PATH=../../.. modules_install
162 fi
116 163
117 164 # Install kernel firmware
118 if [ $(cat ./Makefile | grep "^firmware_install:") ] ; then
165 if grep -q "^firmware_install:" "${KERNEL_DIR}/Makefile" ; then
119 166 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_FW_PATH=../../../lib firmware_install
120 167 fi
121 168 fi
122 169
123 170 # Install kernel headers
124 171 if [ "$KERNEL_HEADERS" = true ] && [ "$KERNEL_REDUCE" = false ] ; then
125 172 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_HDR_PATH=../.. headers_install
126 173 fi
127 174
128 175 # Prepare boot (firmware) directory
129 176 mkdir "${BOOT_DIR}"
130 177
131 178 # Get kernel release version
132 KERNEL_VERSION=`cat "${KERNEL_DIR}/include/config/kernel.release"`
179 KERNEL_VERSION=$(cat "${KERNEL_DIR}/include/config/kernel.release")
133 180
134 181 # Copy kernel configuration file to the boot directory
135 182 install_readonly "${KERNEL_DIR}/.config" "${R}/boot/config-${KERNEL_VERSION}"
136 183
137 # Copy dts and dtb device tree sources and binaries
184 # Prepare device tree directory
138 185 mkdir "${BOOT_DIR}/overlays"
139
186
140 187 # Ensure the proper .dtb is located
141 188 if [ "$KERNEL_ARCH" = "arm" ] ; then
142 install_readonly "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/"*.dtb "${BOOT_DIR}/"
189 for dtb in "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/"*.dtb ; do
190 if [ -f "${dtb}" ] ; then
191 install_readonly "${dtb}" "${BOOT_DIR}/"
192 fi
193 done
143 194 else
144 install_readonly "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/broadcom/"*.dtb "${BOOT_DIR}/"
195 for dtb in "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/broadcom/"*.dtb ; do
196 if [ -f "${dtb}" ] ; then
197 install_readonly "${dtb}" "${BOOT_DIR}/"
198 fi
199 done
145 200 fi
146 201
147 install_readonly "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays/"*.dtb* "${BOOT_DIR}/overlays/"
148 install_readonly "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays/README" "${BOOT_DIR}/overlays/README"
202 # Copy compiled dtb device tree files
203 if [ -d "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays" ] ; then
204 for dtb in "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays/"*.dtb ; do
205 if [ -f "${dtb}" ] ; then
206 install_readonly "${dtb}" "${BOOT_DIR}/overlays/"
207 fi
208 done
209
210 if [ -f "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays/README" ] ; then
211 install_readonly "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays/README" "${BOOT_DIR}/overlays/README"
212 fi
213 fi
149 214
150 215 if [ "$ENABLE_UBOOT" = false ] ; then
151 216 # Convert and copy kernel image to the boot directory
152 217 "${KERNEL_DIR}/scripts/mkknlimg" "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/${KERNEL_BIN_IMAGE}" "${BOOT_DIR}/${KERNEL_IMAGE}"
153 218 else
154 219 # Copy kernel image to the boot directory
155 220 install_readonly "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/${KERNEL_BIN_IMAGE}" "${BOOT_DIR}/${KERNEL_IMAGE}"
156 221 fi
157 222
158 223 # Remove kernel sources
159 224 if [ "$KERNEL_REMOVESRC" = true ] ; then
160 225 rm -fr "${KERNEL_DIR}"
161 226 else
162 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" modules_prepare
227 # Prepare compiled kernel modules
228 if grep -q "CONFIG_MODULES=y" "${KERNEL_DIR}/.config" ; then
229 if grep -q "^modules_prepare:" "${KERNEL_DIR}/Makefile" ; then
230 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" modules_prepare
231 fi
163 232
164 # Create symlinks for kernel modules
165 chroot_exec ln -sf /usr/src/linux "/lib/modules/${KERNEL_VERSION}/build"
166 chroot_exec ln -sf /usr/src/linux "/lib/modules/${KERNEL_VERSION}/source"
233 # Create symlinks for kernel modules
234 chroot_exec ln -sf /usr/src/linux "/lib/modules/${KERNEL_VERSION}/build"
235 chroot_exec ln -sf /usr/src/linux "/lib/modules/${KERNEL_VERSION}/source"
236 fi
167 237 fi
168 238
169 239 else # BUILD_KERNEL=false
170 240 # Kernel installation
171 241 chroot_exec apt-get -qq -y --no-install-recommends install linux-image-"${COLLABORA_KERNEL}" raspberrypi-bootloader-nokernel
172 242
173 243 # Install flash-kernel last so it doesn't try (and fail) to detect the platform in the chroot
174 244 chroot_exec apt-get -qq -y install flash-kernel
175 245
176 246 # Check if kernel installation was successful
177 VMLINUZ="$(ls -1 ${R}/boot/vmlinuz-* | sort | tail -n 1)"
247 VMLINUZ="$(ls -1 "${R}"/boot/vmlinuz-* | sort | tail -n 1)"
178 248 if [ -z "$VMLINUZ" ] ; then
179 249 echo "error: kernel installation failed! (/boot/vmlinuz-* not found)"
180 250 cleanup
181 251 exit 1
182 252 fi
183 253 # Copy vmlinuz kernel to the boot directory
184 254 install_readonly "${VMLINUZ}" "${BOOT_DIR}/${KERNEL_IMAGE}"
185 255 fi
@@ -1,56 +1,59
1 1 #
2 2 # Setup fstab and initramfs
3 3 #
4 4
5 5 # Load utility functions
6 6 . ./functions.sh
7 7
8 8 # Install and setup fstab
9 9 install_readonly files/mount/fstab "${ETC_DIR}/fstab"
10 10
11 11 # Add usb/sda disk root partition to fstab
12 12 if [ "$ENABLE_SPLITFS" = true ] && [ "$ENABLE_CRYPTFS" = false ] ; then
13 13 sed -i "s/mmcblk0p2/sda1/" "${ETC_DIR}/fstab"
14 14 fi
15 15
16 16 # Add encrypted root partition to fstab and crypttab
17 17 if [ "$ENABLE_CRYPTFS" = true ] ; then
18 18 # Replace fstab root partition with encrypted partition mapping
19 19 sed -i "s/mmcblk0p2/mapper\/${CRYPTFS_MAPPING}/" "${ETC_DIR}/fstab"
20 20
21 21 # Add encrypted partition to crypttab and fstab
22 22 install_readonly files/mount/crypttab "${ETC_DIR}/crypttab"
23 echo "${CRYPTFS_MAPPING} /dev/mmcblk0p2 none luks" >> "${ETC_DIR}/crypttab"
23 echo "${CRYPTFS_MAPPING} /dev/mmcblk0p2 none luks,initramfs" >> "${ETC_DIR}/crypttab"
24 24
25 25 if [ "$ENABLE_SPLITFS" = true ] ; then
26 26 # Add usb/sda disk to crypttab
27 27 sed -i "s/mmcblk0p2/sda1/" "${ETC_DIR}/crypttab"
28 28 fi
29 29 fi
30 30
31 31 # Generate initramfs file
32 32 if [ "$BUILD_KERNEL" = true ] && [ "$ENABLE_INITRAMFS" = true ] ; then
33 33 if [ "$ENABLE_CRYPTFS" = true ] ; then
34 34 # Include initramfs scripts to auto expand encrypted root partition
35 35 if [ "$EXPANDROOT" = true ] ; then
36 36 install_exec files/initramfs/expand_encrypted_rootfs "${ETC_DIR}/initramfs-tools/scripts/init-premount/expand_encrypted_rootfs"
37 37 install_exec files/initramfs/expand-premount "${ETC_DIR}/initramfs-tools/scripts/local-premount/expand-premount"
38 38 install_exec files/initramfs/expand-tools "${ETC_DIR}/initramfs-tools/hooks/expand-tools"
39 39 fi
40 40
41 41 # Disable SSHD inside initramfs
42 42 printf "#\n# DROPBEAR: [ y | n ]\n#\n\nDROPBEAR=n\n" >> "${ETC_DIR}/initramfs-tools/initramfs.conf"
43 43
44 # Add cryptsetup modules to initramfs
45 printf "#\n# CRYPTSETUP: [ y | n ]\n#\n\nCRYPTSETUP=y\n" >> "${ETC_DIR}/initramfs-tools/conf-hook"
46
44 47 # Dummy mapping required by mkinitramfs
45 echo "0 1 crypt $(echo ${CRYPTFS_CIPHER} | cut -d ':' -f 1) ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff 0 7:0 4096" | chroot_exec dmsetup create "${CRYPTFS_MAPPING}"
48 echo "0 1 crypt $(echo "${CRYPTFS_CIPHER}" | cut -d ':' -f 1) ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff 0 7:0 4096" | chroot_exec dmsetup create "${CRYPTFS_MAPPING}"
46 49
47 50 # Generate initramfs with encrypted root partition support
48 51 chroot_exec mkinitramfs -o "/boot/firmware/initramfs-${KERNEL_VERSION}" "${KERNEL_VERSION}"
49 52
50 53 # Remove dummy mapping
51 54 chroot_exec cryptsetup close "${CRYPTFS_MAPPING}"
52 55 else
53 56 # Generate initramfs without encrypted root partition support
54 57 chroot_exec mkinitramfs -o "/boot/firmware/initramfs-${KERNEL_VERSION}" "${KERNEL_VERSION}"
55 58 fi
56 59 fi
@@ -1,151 +1,229
1 1 #
2 2 # Setup RPi2/3 config and cmdline
3 3 #
4 4
5 5 # Load utility functions
6 6 . ./functions.sh
7 7
8 8 if [ "$BUILD_KERNEL" = true ] ; then
9 9 if [ -n "$RPI_FIRMWARE_DIR" ] && [ -d "$RPI_FIRMWARE_DIR" ] ; then
10 10 # Install boot binaries from local directory
11 cp ${RPI_FIRMWARE_DIR}/boot/bootcode.bin ${BOOT_DIR}/bootcode.bin
12 cp ${RPI_FIRMWARE_DIR}/boot/fixup.dat ${BOOT_DIR}/fixup.dat
13 cp ${RPI_FIRMWARE_DIR}/boot/fixup_cd.dat ${BOOT_DIR}/fixup_cd.dat
14 cp ${RPI_FIRMWARE_DIR}/boot/fixup_x.dat ${BOOT_DIR}/fixup_x.dat
15 cp ${RPI_FIRMWARE_DIR}/boot/start.elf ${BOOT_DIR}/start.elf
16 cp ${RPI_FIRMWARE_DIR}/boot/start_cd.elf ${BOOT_DIR}/start_cd.elf
17 cp ${RPI_FIRMWARE_DIR}/boot/start_x.elf ${BOOT_DIR}/start_x.elf
11 cp "${RPI_FIRMWARE_DIR}"/boot/bootcode.bin "${BOOT_DIR}"/bootcode.bin
12 cp "${RPI_FIRMWARE_DIR}"/boot/fixup.dat "${BOOT_DIR}"/fixup.dat
13 cp "${RPI_FIRMWARE_DIR}"/boot/fixup_cd.dat "${BOOT_DIR}"/fixup_cd.dat
14 cp "${RPI_FIRMWARE_DIR}"/boot/fixup_x.dat "${BOOT_DIR}"/fixup_x.dat
15 cp "${RPI_FIRMWARE_DIR}"/boot/start.elf "${BOOT_DIR}"/start.elf
16 cp "${RPI_FIRMWARE_DIR}"/boot/start_cd.elf "${BOOT_DIR}"/start_cd.elf
17 cp "${RPI_FIRMWARE_DIR}"/boot/start_x.elf "${BOOT_DIR}"/start_x.elf
18 18 else
19 19 # Create temporary directory for boot binaries
20 20 temp_dir=$(as_nobody mktemp -d)
21 21
22 22 # Install latest boot binaries from raspberry/firmware github
23 23 as_nobody wget -q -O "${temp_dir}/bootcode.bin" "${FIRMWARE_URL}/bootcode.bin"
24 24 as_nobody wget -q -O "${temp_dir}/fixup.dat" "${FIRMWARE_URL}/fixup.dat"
25 25 as_nobody wget -q -O "${temp_dir}/fixup_cd.dat" "${FIRMWARE_URL}/fixup_cd.dat"
26 26 as_nobody wget -q -O "${temp_dir}/fixup_x.dat" "${FIRMWARE_URL}/fixup_x.dat"
27 27 as_nobody wget -q -O "${temp_dir}/start.elf" "${FIRMWARE_URL}/start.elf"
28 28 as_nobody wget -q -O "${temp_dir}/start_cd.elf" "${FIRMWARE_URL}/start_cd.elf"
29 29 as_nobody wget -q -O "${temp_dir}/start_x.elf" "${FIRMWARE_URL}/start_x.elf"
30 30
31 31 # Move downloaded boot binaries
32 32 mv "${temp_dir}/"* "${BOOT_DIR}/"
33 33
34 34 # Remove temporary directory for boot binaries
35 35 rm -fr "${temp_dir}"
36 36
37 37 # Set permissions of the boot binaries
38 38 chown -R root:root "${BOOT_DIR}"
39 39 chmod -R 600 "${BOOT_DIR}"
40 40 fi
41 41 fi
42 42
43 43 # Setup firmware boot cmdline
44 44 if [ "$ENABLE_SPLITFS" = true ] ; then
45 CMDLINE="dwc_otg.lpm_enable=0 root=/dev/sda1 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline rootwait console=tty1"
45 CMDLINE="dwc_otg.lpm_enable=0 root=/dev/sda1 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline rootwait console=tty1 init=/bin/systemd"
46 46 else
47 CMDLINE="dwc_otg.lpm_enable=0 root=/dev/mmcblk0p2 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline rootwait console=tty1"
47 CMDLINE="dwc_otg.lpm_enable=0 root=/dev/mmcblk0p2 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline rootwait console=tty1 init=/bin/systemd"
48 48 fi
49 49
50 50 # Add encrypted root partition to cmdline.txt
51 51 if [ "$ENABLE_CRYPTFS" = true ] ; then
52 52 if [ "$ENABLE_SPLITFS" = true ] ; then
53 CMDLINE=$(echo ${CMDLINE} | sed "s/sda1/mapper\/${CRYPTFS_MAPPING} cryptdevice=\/dev\/sda1:${CRYPTFS_MAPPING}/")
53 CMDLINE=$(echo "${CMDLINE}" | sed "s/sda1/mapper\/${CRYPTFS_MAPPING} cryptdevice=\/dev\/sda1:${CRYPTFS_MAPPING}/")
54 54 else
55 CMDLINE=$(echo ${CMDLINE} | sed "s/mmcblk0p2/mapper\/${CRYPTFS_MAPPING} cryptdevice=\/dev\/mmcblk0p2:${CRYPTFS_MAPPING}/")
55 CMDLINE=$(echo "${CMDLINE}" | sed "s/mmcblk0p2/mapper\/${CRYPTFS_MAPPING} cryptdevice=\/dev\/mmcblk0p2:${CRYPTFS_MAPPING}/")
56 56 fi
57 57 fi
58 58
59 # Add serial console support
59 #locks cpu at max frequency
60 if [ "$ENABLE_TURBO" = true ] ; then
61 echo "force_turbo=1" >> "${BOOT_DIR}/config.txt"
62 fi
63
64 if [ "$ENABLE_PRINTK" = true ] ; then
65 install_readonly files/sysctl.d/83-rpi-printk.conf "${ETC_DIR}/sysctl.d/83-rpi-printk.conf"
66 fi
67
68 # Install udev rule for serial alias
69 install_readonly files/etc/99-com.rules "${LIB_DIR}/udev/rules.d/99-com.rules"
70
71 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then
72
73 # RPI0,3,3P Use default ttyS0 (mini-UART)as serial interface
74 SET_SERIAL="ttyS0"
75
76 # Bluetooth enabled
77 if [ "$ENABLE_BLUETOOTH" = true ] ; then
78 # Create temporary directory for Bluetooth sources
79 temp_dir=$(as_nobody mktemp -d)
80
81 # Fetch Bluetooth sources
82 as_nobody git -C "${temp_dir}" clone "${BLUETOOTH_URL}"
83
84 # Copy downloaded sources
85 mv "${temp_dir}/pi-bluetooth" "${R}/tmp/"
86
87 # Bluetooth firmware from arch aur https://aur.archlinux.org/packages/pi-bluetooth/
88 as_nobody wget -q -O "${R}/tmp/pi-bluetooth/LICENCE.broadcom_bcm43xx" https://aur.archlinux.org/cgit/aur.git/plain/LICENCE.broadcom_bcm43xx?h=pi-bluetooth
89 as_nobody wget -q -O "${R}/tmp/pi-bluetooth/BCM43430A1.hcd" https://aur.archlinux.org/cgit/aur.git/plain/BCM43430A1.hcd?h=pi-bluetooth
90
91 # Set permissions
92 chown -R root:root "${R}/tmp/pi-bluetooth"
93
94 # Install tools
95 install_readonly "${R}/tmp/pi-bluetooth/usr/bin/btuart" "${R}/usr/bin/btuart"
96 install_readonly "${R}/tmp/pi-bluetooth/usr/bin/bthelper" "${R}/usr/bin/bthelper"
97
98 # Install bluetooth udev rule
99 install_readonly "${R}/tmp/pi-bluetooth/lib/udev/rules.d/90-pi-bluetooth.rules" "${LIB_DIR}/udev/rules.d/90-pi-bluetooth.rules"
100
101 # Install Firmware Flash file and apropiate licence
102 mkdir -p "$BLUETOOTH_FIRMWARE_DIR"
103 install_readonly "${R}/tmp/pi-bluetooth/LICENCE.broadcom_bcm43xx" "${BLUETOOTH_FIRMWARE_DIR}/LICENCE.broadcom_bcm43xx"
104 install_readonly "${R}/tmp/pi-bluetooth/BCM43430A1.hcd" "${BLUETOOTH_FIRMWARE_DIR}/LICENCE.broadcom_bcm43xx"
105 install_readonly "${R}/tmp/pi-bluetooth/debian/pi-bluetooth.bthelper@.service" "${ETC_DIR}/systemd/system/pi-bluetooth.bthelper@.service"
106 install_readonly "${R}/tmp/pi-bluetooth/debian/pi-bluetooth.hciuart.service" "${ETC_DIR}/systemd/system/pi-bluetooth.hciuart.service"
107
108 # Remove temporary directory
109 rm -fr "${temp_dir}"
110
111 # Switch Pi3 Bluetooth function to use the mini-UART (ttyS0) and restore UART0/ttyAMA0 over GPIOs 14 & 15. Slow Bluetooth and slow cpu. Use /dev/ttyS0 instead of /dev/ttyAMA0
112 if [ "$ENABLE_MINIUART_OVERLAY" = true ] ; then
113 SET_SERIAL="ttyAMA0"
114
115 # set overlay to swap ttyAMA0 and ttyS0
116 echo "dtoverlay=pi3-miniuart-bt" >> "${BOOT_DIR}/config.txt"
117
118 # if force_turbo didn't lock cpu at high speed, lock it at low speed (XOR logic) or miniuart will be broken
119 if [ "$ENABLE_TURBO" = false ] ; then
120 echo "core_freq=250" >> "${BOOT_DIR}/config.txt"
121 fi
122
123 # Activate services
124 chroot_exec systemctl enable pi-bluetooth.hciuart.service
125 #chroot_exec systemctl enable pi-bluetooth.bthelper@.service
126 else
127 chroot_exec systemctl enable pi-bluetooth.hciuart.service
128 #chroot_exec systemctl enable pi-bluetooth.bthelper@.service
129 fi
130
131 else # if ENABLE_BLUETOOTH = false
132 # set overlay to disable bluetooth
133 echo "dtoverlay=pi3-disable-bt" >> "${BOOT_DIR}/config.txt"
134 fi # ENABLE_BLUETOOTH end
135
136 else
137 # RPI1,1P,2 Use default ttyAMA0 (full UART) as serial interface
138 SET_SERIAL="ttyAMA0"
139 fi
140
141 # may need sudo systemctl disable hciuart
60 142 if [ "$ENABLE_CONSOLE" = true ] ; then
61 CMDLINE="${CMDLINE} console=ttyAMA0,115200 kgdboc=ttyAMA0,115200"
143 echo "enable_uart=1" >> "${BOOT_DIR}/config.txt"
144 # add string to cmdline
145 CMDLINE="${CMDLINE} console=serial0,115200"
146
147 # Enable serial console systemd style
148 chroot_exec systemctl enable serial-getty\@"$SET_SERIAL".service
149 else
150 echo "enable_uart=0" >> "${BOOT_DIR}/config.txt"
151 # disable serial console systemd style
152 chroot_exec systemctl disable serial-getty\@"$SET_SERIAL".service
62 153 fi
63 154
64 155 # Remove IPv6 networking support
65 156 if [ "$ENABLE_IPV6" = false ] ; then
66 157 CMDLINE="${CMDLINE} ipv6.disable=1"
67 158 fi
68 159
69 160 # Automatically assign predictable network interface names
70 161 if [ "$ENABLE_IFNAMES" = false ] ; then
71 162 CMDLINE="${CMDLINE} net.ifnames=0"
72 163 else
73 164 CMDLINE="${CMDLINE} net.ifnames=1"
74 165 fi
75 166
76 # Set init to systemd if required by Debian release
77 if [ "$RELEASE" = "stretch" ] || [ "$RELEASE" = "buster" ] ; then
78 CMDLINE="${CMDLINE} init=/bin/systemd"
79 fi
80
81 167 # Install firmware boot cmdline
82 168 echo "${CMDLINE}" > "${BOOT_DIR}/cmdline.txt"
83 169
84 170 # Install firmware config
85 171 install_readonly files/boot/config.txt "${BOOT_DIR}/config.txt"
86 172
87 173 # Setup minimal GPU memory allocation size: 16MB (no X)
88 174 if [ "$ENABLE_MINGPU" = true ] ; then
89 175 echo "gpu_mem=16" >> "${BOOT_DIR}/config.txt"
90 176 fi
91 177
92 178 # Setup boot with initramfs
93 179 if [ "$ENABLE_INITRAMFS" = true ] ; then
94 180 echo "initramfs initramfs-${KERNEL_VERSION} followkernel" >> "${BOOT_DIR}/config.txt"
95 181 fi
96 182
97 # Disable RPi3 Bluetooth and restore ttyAMA0 serial device
98 if [ "$RPI_MODEL" = 3 ] ; then
99 if [ "$ENABLE_CONSOLE" = true ] && [ "$ENABLE_UBOOT" = false ] ; then
100 echo "dtoverlay=pi3-disable-bt" >> "${BOOT_DIR}/config.txt"
101 echo "enable_uart=1" >> "${BOOT_DIR}/config.txt"
102 fi
103 fi
104
105 183 # Create firmware configuration and cmdline symlinks
106 184 ln -sf firmware/config.txt "${R}/boot/config.txt"
107 185 ln -sf firmware/cmdline.txt "${R}/boot/cmdline.txt"
108 186
109 187 # Install and setup kernel modules to load at boot
110 mkdir -p "${R}/lib/modules-load.d/"
111 install_readonly files/modules/rpi2.conf "${R}/lib/modules-load.d/rpi2.conf"
188 mkdir -p "${LIB_DIR}/modules-load.d/"
189 install_readonly files/modules/rpi2.conf "${LIB_DIR}/modules-load.d/rpi2.conf"
112 190
113 191 # Load hardware random module at boot
114 192 if [ "$ENABLE_HWRANDOM" = true ] && [ "$BUILD_KERNEL" = false ] ; then
115 sed -i "s/^# bcm2708_rng/bcm2708_rng/" "${R}/lib/modules-load.d/rpi2.conf"
193 sed -i "s/^# bcm2708_rng/bcm2708_rng/" "${LIB_DIR}/modules-load.d/rpi2.conf"
116 194 fi
117 195
118 196 # Load sound module at boot
119 197 if [ "$ENABLE_SOUND" = true ] ; then
120 sed -i "s/^# snd_bcm2835/snd_bcm2835/" "${R}/lib/modules-load.d/rpi2.conf"
198 sed -i "s/^# snd_bcm2835/snd_bcm2835/" "${LIB_DIR}/modules-load.d/rpi2.conf"
121 199 else
122 200 echo "dtparam=audio=off" >> "${BOOT_DIR}/config.txt"
123 201 fi
124 202
125 203 # Enable I2C interface
126 204 if [ "$ENABLE_I2C" = true ] ; then
127 205 echo "dtparam=i2c_arm=on" >> "${BOOT_DIR}/config.txt"
128 sed -i "s/^# i2c-bcm2708/i2c-bcm2708/" "${R}/lib/modules-load.d/rpi2.conf"
129 sed -i "s/^# i2c-dev/i2c-dev/" "${R}/lib/modules-load.d/rpi2.conf"
206 sed -i "s/^# i2c-bcm2708/i2c-bcm2708/" "${LIB_DIR}/modules-load.d/rpi2.conf"
207 sed -i "s/^# i2c-dev/i2c-dev/" "${LIB_DIR}/modules-load.d/rpi2.conf"
130 208 fi
131 209
132 210 # Enable SPI interface
133 211 if [ "$ENABLE_SPI" = true ] ; then
134 212 echo "dtparam=spi=on" >> "${BOOT_DIR}/config.txt"
135 echo "spi-bcm2708" >> "${R}/lib/modules-load.d/rpi2.conf"
136 if [ "$RPI_MODEL" = 3 ] ; then
137 sed -i "s/spi-bcm2708/spi-bcm2835/" "${R}/lib/modules-load.d/rpi2.conf"
213 echo "spi-bcm2708" >> "${LIB_DIR}/modules-load.d/rpi2.conf"
214 if [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ]; then
215 sed -i "s/spi-bcm2708/spi-bcm2835/" "${LIB_DIR}/modules-load.d/rpi2.conf"
138 216 fi
139 217 fi
140 218
141 219 # Disable RPi2/3 under-voltage warnings
142 if [ ! -z "$DISABLE_UNDERVOLT_WARNINGS" ] ; then
220 if [ -n "$DISABLE_UNDERVOLT_WARNINGS" ] ; then
143 221 echo "avoid_warnings=${DISABLE_UNDERVOLT_WARNINGS}" >> "${BOOT_DIR}/config.txt"
144 222 fi
145 223
146 224 # Install kernel modules blacklist
147 225 mkdir -p "${ETC_DIR}/modprobe.d/"
148 226 install_readonly files/modules/raspi-blacklist.conf "${ETC_DIR}/modprobe.d/raspi-blacklist.conf"
149 227
150 228 # Install sysctl.d configuration files
151 229 install_readonly files/sysctl.d/81-rpi-vm.conf "${ETC_DIR}/sysctl.d/81-rpi-vm.conf"
@@ -1,107 +1,132
1 1 #
2 2 # Setup Networking
3 3 #
4 4
5 5 # Load utility functions
6 6 . ./functions.sh
7 7
8 8 # Install and setup hostname
9 9 install_readonly files/network/hostname "${ETC_DIR}/hostname"
10 sed -i "s/^rpi2-jessie/${HOSTNAME}/" "${ETC_DIR}/hostname"
10 sed -i "s/^RaspberryPI/${HOSTNAME}/" "${ETC_DIR}/hostname"
11 11
12 12 # Install and setup hosts
13 13 install_readonly files/network/hosts "${ETC_DIR}/hosts"
14 sed -i "s/rpi2-jessie/${HOSTNAME}/" "${ETC_DIR}/hosts"
14 sed -i "s/RaspberryPI/${HOSTNAME}/" "${ETC_DIR}/hosts"
15 15
16 16 # Setup hostname entry with static IP
17 17 if [ "$NET_ADDRESS" != "" ] ; then
18 18 NET_IP=$(echo "${NET_ADDRESS}" | cut -f 1 -d'/')
19 19 sed -i "s/^127.0.1.1/${NET_IP}/" "${ETC_DIR}/hosts"
20 20 fi
21 21
22 22 # Remove IPv6 hosts
23 23 if [ "$ENABLE_IPV6" = false ] ; then
24 24 sed -i -e "/::[1-9]/d" -e "/^$/d" "${ETC_DIR}/hosts"
25 25 fi
26 26
27 27 # Install hint about network configuration
28 28 install_readonly files/network/interfaces "${ETC_DIR}/network/interfaces"
29 29
30 30 # Install configuration for interface eth0
31 31 install_readonly files/network/eth.network "${ETC_DIR}/systemd/network/eth.network"
32 32
33 # Install configuration for interface wl*
34 install_readonly files/network/wlan.network "${ETC_DIR}/systemd/network/wlan.network"
35
36 #always with dhcp since wpa_supplicant integration is missing
37 sed -i -e "s/DHCP=.*/DHCP=yes/" -e "/DHCP/q" "${ETC_DIR}/systemd/network/wlan.network"
38
33 39 if [ "$ENABLE_DHCP" = true ] ; then
34 40 # Enable DHCP configuration for interface eth0
35 41 sed -i -e "s/DHCP=.*/DHCP=yes/" -e "/DHCP/q" "${ETC_DIR}/systemd/network/eth.network"
36
42
37 43 # Set DHCP configuration to IPv4 only
38 44 if [ "$ENABLE_IPV6" = false ] ; then
39 45 sed -i "s/DHCP=.*/DHCP=v4/" "${ETC_DIR}/systemd/network/eth.network"
40 46 fi
41 47
42 48 else # ENABLE_DHCP=false
43 49 # Set static network configuration for interface eth0
44 50 sed -i\
45 51 -e "s|DHCP=.*|DHCP=no|"\
46 52 -e "s|Address=\$|Address=${NET_ADDRESS}|"\
47 53 -e "s|Gateway=\$|Gateway=${NET_GATEWAY}|"\
48 54 -e "0,/DNS=\$/ s|DNS=\$|DNS=${NET_DNS_1}|"\
49 55 -e "0,/DNS=\$/ s|DNS=\$|DNS=${NET_DNS_2}|"\
50 56 -e "s|Domains=\$|Domains=${NET_DNS_DOMAINS}|"\
51 57 -e "0,/NTP=\$/ s|NTP=\$|NTP=${NET_NTP_1}|"\
52 58 -e "0,/NTP=\$/ s|NTP=\$|NTP=${NET_NTP_2}|"\
53 59 "${ETC_DIR}/systemd/network/eth.network"
54 60 fi
55 61
56 62 # Remove empty settings from network configuration
57 63 sed -i "/.*=\$/d" "${ETC_DIR}/systemd/network/eth.network"
64 # Remove empty settings from wlan configuration
65 sed -i "/.*=\$/d" "${ETC_DIR}/systemd/network/wlan.network"
58 66
59 67 # Move systemd network configuration if required by Debian release
60 if [ "$RELEASE" = "stretch" ] || [ "$RELEASE" = "buster" ] ; then
61 mv -v "${ETC_DIR}/systemd/network/eth.network" "${LIB_DIR}/systemd/network/10-eth.network"
62 rm -fr "${ETC_DIR}/systemd/network"
68 mv -v "${ETC_DIR}/systemd/network/eth.network" "${LIB_DIR}/systemd/network/10-eth.network"
69 # If WLAN is enabled copy wlan configuration too
70 if [ "$ENABLE_WIRELESS" = true ] ; then
71 mv -v "${ETC_DIR}/systemd/network/wlan.network" "${LIB_DIR}/systemd/network/11-wlan.network"
63 72 fi
73 rm -fr "${ETC_DIR}/systemd/network"
64 74
65 75 # Enable systemd-networkd service
66 76 chroot_exec systemctl enable systemd-networkd
67 77
68 78 # Install host.conf resolver configuration
69 79 install_readonly files/network/host.conf "${ETC_DIR}/host.conf"
70 80
71 81 # Enable network stack hardening
72 82 if [ "$ENABLE_HARDNET" = true ] ; then
73 83 # Install sysctl.d configuration files
74 84 install_readonly files/sysctl.d/82-rpi-net-hardening.conf "${ETC_DIR}/sysctl.d/82-rpi-net-hardening.conf"
75 85
76 86 # Setup resolver warnings about spoofed addresses
77 87 sed -i "s/^# spoof warn/spoof warn/" "${ETC_DIR}/host.conf"
78 88 fi
79 89
80 90 # Enable time sync
81 if [ "NET_NTP_1" != "" ] ; then
91 if [ "$NET_NTP_1" != "" ] ; then
82 92 chroot_exec systemctl enable systemd-timesyncd.service
83 93 fi
84 94
85 95 # Download the firmware binary blob required to use the RPi3 wireless interface
86 96 if [ "$ENABLE_WIRELESS" = true ] ; then
87 if [ ! -d ${WLAN_FIRMWARE_DIR} ] ; then
88 mkdir -p ${WLAN_FIRMWARE_DIR}
97 if [ ! -d "${WLAN_FIRMWARE_DIR}" ] ; then
98 mkdir -p "${WLAN_FIRMWARE_DIR}"
89 99 fi
90 100
91 101 # Create temporary directory for firmware binary blob
92 102 temp_dir=$(as_nobody mktemp -d)
93 103
94 # Fetch firmware binary blob
95 as_nobody wget -q -O "${temp_dir}/brcmfmac43430-sdio.bin" "${WLAN_FIRMWARE_URL}/brcmfmac43430-sdio.bin"
96 as_nobody wget -q -O "${temp_dir}/brcmfmac43430-sdio.txt" "${WLAN_FIRMWARE_URL}/brcmfmac43430-sdio.txt"
97
98 # Move downloaded firmware binary blob
99 mv "${temp_dir}/brcmfmac43430-sdio."* "${WLAN_FIRMWARE_DIR}/"
100
104 # Fetch firmware binary blob for RPI3B+
105 if [ "$RPI_MODEL" = 3P ] ; then
106 # Fetch firmware binary blob for RPi3P
107 as_nobody wget -q -O "${temp_dir}/brcmfmac43455-sdio.bin" "${WLAN_FIRMWARE_URL}/brcmfmac43455-sdio.bin"
108 as_nobody wget -q -O "${temp_dir}/brcmfmac43455-sdio.txt" "${WLAN_FIRMWARE_URL}/brcmfmac43455-sdio.txt"
109 as_nobody wget -q -O "${temp_dir}/brcmfmac43455-sdio.clm_blob" "${WLAN_FIRMWARE_URL}/brcmfmac43455-sdio.clm_blob"
110
111 # Move downloaded firmware binary blob
112 mv "${temp_dir}/brcmfmac43455-sdio."* "${WLAN_FIRMWARE_DIR}/"
113
114 # Set permissions of the firmware binary blob
115 chown root:root "${WLAN_FIRMWARE_DIR}/brcmfmac43455-sdio."*
116 chmod 600 "${WLAN_FIRMWARE_DIR}/brcmfmac43455-sdio."*
117 elif [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 0 ] ; then
118 # Fetch firmware binary blob for RPi3
119 as_nobody wget -q -O "${temp_dir}/brcmfmac43430-sdio.bin" "${WLAN_FIRMWARE_URL}/brcmfmac43430-sdio.bin"
120 as_nobody wget -q -O "${temp_dir}/brcmfmac43430-sdio.txt" "${WLAN_FIRMWARE_URL}/brcmfmac43430-sdio.txt"
121
122 # Move downloaded firmware binary blob
123 mv "${temp_dir}/brcmfmac43430-sdio."* "${WLAN_FIRMWARE_DIR}/"
124
125 # Set permissions of the firmware binary blob
126 chown root:root "${WLAN_FIRMWARE_DIR}/brcmfmac43430-sdio."*
127 chmod 600 "${WLAN_FIRMWARE_DIR}/brcmfmac43430-sdio."*
128 fi
129
101 130 # Remove temporary directory for firmware binary blob
102 131 rm -fr "${temp_dir}"
103
104 # Set permissions of the firmware binary blob
105 chown root:root "${WLAN_FIRMWARE_DIR}/brcmfmac43430-sdio."*
106 chmod 600 "${WLAN_FIRMWARE_DIR}/brcmfmac43430-sdio."*
107 132 fi
@@ -1,44 +1,48
1 1 #
2 2 # Setup Firewall
3 3 #
4 4
5 5 # Load utility functions
6 6 . ./functions.sh
7 7
8 8 if [ "$ENABLE_IPTABLES" = true ] ; then
9 9 # Create iptables configuration directory
10 10 mkdir -p "${ETC_DIR}/iptables"
11
11
12 # make sure iptables-legacy is the used alternatives
13 #iptables-save and -restore are slaves of iptables and thus are set accordingly
14 chroot_exec update-alternatives --verbose --set iptables /usr/sbin/iptables-legacy
15
12 16 # Install iptables systemd service
13 17 install_readonly files/iptables/iptables.service "${ETC_DIR}/systemd/system/iptables.service"
14 18
15 19 # Install flush-table script called by iptables service
16 20 install_exec files/iptables/flush-iptables.sh "${ETC_DIR}/iptables/flush-iptables.sh"
17 21
18 22 # Install iptables rule file
19 23 install_readonly files/iptables/iptables.rules "${ETC_DIR}/iptables/iptables.rules"
20 24
21 25 # Reload systemd configuration and enable iptables service
22 26 chroot_exec systemctl daemon-reload
23 27 chroot_exec systemctl enable iptables.service
24 28
25 29 if [ "$ENABLE_IPV6" = true ] ; then
26 30 # Install ip6tables systemd service
27 31 install_readonly files/iptables/ip6tables.service "${ETC_DIR}/systemd/system/ip6tables.service"
28 32
29 33 # Install ip6tables file
30 34 install_exec files/iptables/flush-ip6tables.sh "${ETC_DIR}/iptables/flush-ip6tables.sh"
31 35
32 36 install_readonly files/iptables/ip6tables.rules "${ETC_DIR}/iptables/ip6tables.rules"
33 37
34 38 # Reload systemd configuration and enable iptables service
35 39 chroot_exec systemctl daemon-reload
36 40 chroot_exec systemctl enable ip6tables.service
37 41 fi
38 42
39 43 if [ "$ENABLE_SSHD" = false ] ; then
40 44 # Remove SSHD related iptables rules
41 45 sed -i "/^#/! {/SSH/ s/^/# /}" "${ETC_DIR}/iptables/iptables.rules" 2> /dev/null
42 46 sed -i "/^#/! {/SSH/ s/^/# /}" "${ETC_DIR}/iptables/ip6tables.rules" 2> /dev/null
43 47 fi
44 48 fi
@@ -1,29 +1,29
1 1 #
2 2 # Setup users and security settings
3 3 #
4 4
5 5 # Load utility functions
6 6 . ./functions.sh
7 7
8 8 # Generate crypt(3) password string
9 ENCRYPTED_PASSWORD=`mkpasswd -m sha-512 "${PASSWORD}"`
10 ENCRYPTED_USER_PASSWORD=`mkpasswd -m sha-512 "${USER_PASSWORD}"`
9 ENCRYPTED_PASSWORD=$(mkpasswd -m sha-512 "${PASSWORD}")
10 ENCRYPTED_USER_PASSWORD=$(mkpasswd -m sha-512 "${USER_PASSWORD}")
11 11
12 12 # Setup default user
13 13 if [ "$ENABLE_USER" = true ] ; then
14 chroot_exec adduser --gecos $USER_NAME --add_extra_groups --disabled-password $USER_NAME
15 chroot_exec usermod -a -G sudo -p "${ENCRYPTED_USER_PASSWORD}" $USER_NAME
14 chroot_exec adduser --gecos "$USER_NAME" --add_extra_groups --disabled-password "$USER_NAME"
15 chroot_exec usermod -a -G sudo -p "${ENCRYPTED_USER_PASSWORD}" "$USER_NAME"
16 16 fi
17 17
18 18 # Setup root password or not
19 19 if [ "$ENABLE_ROOT" = true ] ; then
20 20 chroot_exec usermod -p "${ENCRYPTED_PASSWORD}" root
21 21 else
22 22 # Set no root password to disable root login
23 23 chroot_exec usermod -p \'!\' root
24 24 fi
25 25
26 26 # Enable serial console systemd style
27 27 if [ "$ENABLE_CONSOLE" = true ] ; then
28 28 chroot_exec systemctl enable serial-getty\@ttyAMA0.service
29 29 fi
@@ -1,116 +1,116
1 1 #
2 2 # Setup SSH settings and public keys
3 3 #
4 4
5 5 # Load utility functions
6 6 . ./functions.sh
7 7
8 8 if [ "$ENABLE_SSHD" = true ] ; then
9 9 DROPBEAR_ARGS=""
10 10
11 11 if [ "$SSH_ENABLE_ROOT" = false ] ; then
12 12 if [ "$ENABLE_REDUCE" = false ] || [ "$REDUCE_SSHD" = false ] ; then
13 13 # User root is not allowed to log in
14 14 sed -i "s|[#]*PermitRootLogin.*|PermitRootLogin no|g" "${ETC_DIR}/ssh/sshd_config"
15 15 else
16 16 # User root is not allowed to log in
17 17 DROPBEAR_ARGS="-w"
18 18 fi
19 19 fi
20 20
21 21 if [ "$ENABLE_ROOT" = true ] && [ "$SSH_ENABLE_ROOT" = true ] ; then
22 22 if [ "$ENABLE_REDUCE" = false ] || [ "$REDUCE_SSHD" = false ] ; then
23 23 # Permit SSH root login
24 24 sed -i "s|[#]*PermitRootLogin.*|PermitRootLogin yes|g" "${ETC_DIR}/ssh/sshd_config"
25 25 else
26 26 # Permit SSH root login
27 27 DROPBEAR_ARGS=""
28 28 fi
29 29
30 30 # Add SSH (v2) public key for user root
31 if [ ! -z "$SSH_ROOT_PUB_KEY" ] ; then
31 if [ -n "$SSH_ROOT_PUB_KEY" ] ; then
32 32 # Create root SSH config directory
33 33 mkdir -p "${R}/root/.ssh"
34 34
35 35 # Set permissions of root SSH config directory
36 36 chroot_exec chmod 700 "/root/.ssh"
37 37 chroot_exec chown root:root "/root/.ssh"
38 38
39 39 # Add SSH (v2) public key(s) to authorized_keys file
40 40 cat "$SSH_ROOT_PUB_KEY" >> "${R}/root/.ssh/authorized_keys"
41 41
42 42 # Set permissions of root SSH authorized_keys file
43 43 chroot_exec chmod 600 "/root/.ssh/authorized_keys"
44 44 chroot_exec chown root:root "/root/.ssh/authorized_keys"
45 45
46 46 if [ "$ENABLE_REDUCE" = false ] || [ "$REDUCE_SSHD" = false ] ; then
47 47 # Allow SSH public key authentication
48 48 sed -i "s|[#]*PubkeyAuthentication.*|PubkeyAuthentication yes|g" "${ETC_DIR}/ssh/sshd_config"
49 49 fi
50 50 fi
51 51 fi
52 52
53 53 if [ "$ENABLE_USER" = true ] ; then
54 54 # Add SSH (v2) public key for user $USER_NAME
55 if [ ! -z "$SSH_USER_PUB_KEY" ] ; then
55 if [ -n "$SSH_USER_PUB_KEY" ] ; then
56 56 # Create $USER_NAME SSH config directory
57 57 mkdir -p "${R}/home/${USER_NAME}/.ssh"
58 58
59 59 # Set permissions of $USER_NAME SSH config directory
60 60 chroot_exec chmod 700 "/home/${USER_NAME}/.ssh"
61 chroot_exec chown ${USER_NAME}:${USER_NAME} "/home/${USER_NAME}/.ssh"
61 chroot_exec chown "${USER_NAME}":"${USER_NAME}" "/home/${USER_NAME}/.ssh"
62 62
63 63 # Add SSH (v2) public key(s) to authorized_keys file
64 64 cat "$SSH_USER_PUB_KEY" >> "${R}/home/${USER_NAME}/.ssh/authorized_keys"
65 65
66 66 # Set permissions of $USER_NAME SSH config directory
67 67 chroot_exec chmod 600 "/home/${USER_NAME}/.ssh/authorized_keys"
68 chroot_exec chown ${USER_NAME}:${USER_NAME} "/home/${USER_NAME}/.ssh/authorized_keys"
68 chroot_exec chown "${USER_NAME}":"${USER_NAME}" "/home/${USER_NAME}/.ssh/authorized_keys"
69 69
70 70 if [ "$ENABLE_REDUCE" = false ] || [ "$REDUCE_SSHD" = false ] ; then
71 71 # Allow SSH public key authentication
72 72 sed -i "s|[#]*PubkeyAuthentication.*|PubkeyAuthentication yes|g" "${ETC_DIR}/ssh/sshd_config"
73 73 fi
74 74 fi
75 75 fi
76 76
77 77 # Limit the users that are allowed to login via SSH
78 78 if [ "$SSH_LIMIT_USERS" = true ] && [ "$ENABLE_REDUCE" = false ] ; then
79 79 allowed_users=""
80 80 if [ "$ENABLE_ROOT" = true ] && [ "$SSH_ENABLE_ROOT" = true ] ; then
81 81 allowed_users="root"
82 82 fi
83 83
84 84 if [ "$ENABLE_USER" = true ] ; then
85 85 allowed_users="${allowed_users} ${USER_NAME}"
86 86 fi
87 87
88 if [ ! -z "$allowed_users" ] ; then
88 if [ -n "$allowed_users" ] ; then
89 89 echo "AllowUsers ${allowed_users}" >> "${ETC_DIR}/ssh/sshd_config"
90 90 fi
91 91 fi
92 92
93 93 # Disable password-based authentication
94 94 if [ "$SSH_DISABLE_PASSWORD_AUTH" = true ] ; then
95 95 if [ "$ENABLE_ROOT" = true ] && [ "$SSH_ENABLE_ROOT" = true ] ; then
96 96 if [ "$ENABLE_REDUCE" = false ] || [ "$REDUCE_SSHD" = false ] ; then
97 97 sed -i "s|[#]*PermitRootLogin.*|PermitRootLogin without-password|g" "${ETC_DIR}/ssh/sshd_config"
98 98 else
99 99 DROPBEAR_ARGS="-g"
100 100 fi
101 101 fi
102 102
103 103 if [ "$ENABLE_REDUCE" = false ] || [ "$REDUCE_SSHD" = false ] ; then
104 104 sed -i "s|[#]*PasswordAuthentication.*|PasswordAuthentication no|g" "${ETC_DIR}/ssh/sshd_config"
105 105 sed -i "s|[#]*ChallengeResponseAuthentication no.*|ChallengeResponseAuthentication no|g" "${ETC_DIR}/ssh/sshd_config"
106 106 sed -i "s|[#]*UsePAM.*|UsePAM no|g" "${ETC_DIR}/ssh/sshd_config"
107 107 else
108 108 DROPBEAR_ARGS="${DROPBEAR_ARGS} -s"
109 109 fi
110 110 fi
111 111
112 112 # Update dropbear SSH configuration
113 113 if [ "$ENABLE_REDUCE" = true ] && [ "$REDUCE_SSHD" = true ] ; then
114 114 sed "s|^DROPBEAR_EXTRA_ARGS=.*|DROPBEAR_EXTRA_ARGS=\"${DROPBEAR_ARGS}\"|g" "${ETC_DIR}/default/dropbear"
115 115 fi
116 fi
116 fi No newline at end of file
@@ -1,83 +1,100
1 1 #
2 2 # Build and Setup U-Boot
3 3 #
4 4
5 5 # Load utility functions
6 6 . ./functions.sh
7 7
8 8 # Fetch and build U-Boot bootloader
9 9 if [ "$ENABLE_UBOOT" = true ] ; then
10 10 # Install c/c++ build environment inside the chroot
11 11 chroot_install_cc
12 12
13 13 # Copy existing U-Boot sources into chroot directory
14 14 if [ -n "$UBOOTSRC_DIR" ] && [ -d "$UBOOTSRC_DIR" ] ; then
15 15 # Copy local U-Boot sources
16 16 cp -r "${UBOOTSRC_DIR}" "${R}/tmp"
17 17 else
18 18 # Create temporary directory for U-Boot sources
19 19 temp_dir=$(as_nobody mktemp -d)
20 20
21 21 # Fetch U-Boot sources
22 22 as_nobody git -C "${temp_dir}" clone "${UBOOT_URL}"
23 23
24 24 # Copy downloaded U-Boot sources
25 25 mv "${temp_dir}/u-boot" "${R}/tmp/"
26 26
27 27 # Set permissions of the U-Boot sources
28 28 chown -R root:root "${R}/tmp/u-boot"
29 29
30 30 # Remove temporary directory for U-Boot sources
31 31 rm -fr "${temp_dir}"
32 32 fi
33 33
34 34 # Build and install U-Boot inside chroot
35 chroot_exec make -j${KERNEL_THREADS} -C /tmp/u-boot/ ${UBOOT_CONFIG} all
35 chroot_exec make -j"${KERNEL_THREADS}" -C /tmp/u-boot/ "${UBOOT_CONFIG}" all
36 36
37 37 # Copy compiled bootloader binary and set config.txt to load it
38 38 install_exec "${R}/tmp/u-boot/tools/mkimage" "${R}/usr/sbin/mkimage"
39 39 install_readonly "${R}/tmp/u-boot/u-boot.bin" "${BOOT_DIR}/u-boot.bin"
40 40 printf "\n# boot u-boot kernel\nkernel=u-boot.bin\n" >> "${BOOT_DIR}/config.txt"
41 41
42 42 # Install and setup U-Boot command file
43 43 install_readonly files/boot/uboot.mkimage "${BOOT_DIR}/uboot.mkimage"
44 printf "# Set the kernel boot command line\nsetenv bootargs \"earlyprintk ${CMDLINE}\"\n\n$(cat ${BOOT_DIR}/uboot.mkimage)" > "${BOOT_DIR}/uboot.mkimage"
44 printf "# Set the kernel boot command line\nsetenv bootargs \"earlyprintk ${CMDLINE}\"\n\n$(cat "${BOOT_DIR}"/uboot.mkimage)" > "${BOOT_DIR}/uboot.mkimage"
45 45
46 46 if [ "$ENABLE_INITRAMFS" = true ] ; then
47 47 # Convert generated initramfs for U-Boot using mkimage
48 48 chroot_exec /usr/sbin/mkimage -A "${KERNEL_ARCH}" -T ramdisk -C none -n "initramfs-${KERNEL_VERSION}" -d "/boot/firmware/initramfs-${KERNEL_VERSION}" "/boot/firmware/initramfs-${KERNEL_VERSION}.uboot"
49 49
50 50 # Remove original initramfs file
51 51 rm -f "${BOOT_DIR}/initramfs-${KERNEL_VERSION}"
52 52
53 53 # Configure U-Boot to load generated initramfs
54 printf "# Set initramfs file\nsetenv initramfs initramfs-${KERNEL_VERSION}.uboot\n\n$(cat ${BOOT_DIR}/uboot.mkimage)" > "${BOOT_DIR}/uboot.mkimage"
54 printf "# Set initramfs file\nsetenv initramfs initramfs-${KERNEL_VERSION}.uboot\n\n$(cat "${BOOT_DIR}"/uboot.mkimage)" > "${BOOT_DIR}/uboot.mkimage"
55 55 printf "\nbootz \${kernel_addr_r} \${ramdisk_addr_r} \${fdt_addr_r}" >> "${BOOT_DIR}/uboot.mkimage"
56 56 else # ENABLE_INITRAMFS=false
57 57 # Remove initramfs from U-Boot mkfile
58 58 sed -i '/.*initramfs.*/d' "${BOOT_DIR}/uboot.mkimage"
59 59
60 60 if [ "$BUILD_KERNEL" = false ] ; then
61 61 # Remove dtbfile from U-Boot mkfile
62 62 sed -i '/.*dtbfile.*/d' "${BOOT_DIR}/uboot.mkimage"
63 63 printf "\nbootz \${kernel_addr_r}" >> "${BOOT_DIR}/uboot.mkimage"
64 64 else
65 65 printf "\nbootz \${kernel_addr_r} - \${fdt_addr_r}" >> "${BOOT_DIR}/uboot.mkimage"
66 66 fi
67 67 fi
68 68
69 if [ "$SET_ARCH" = 64 ] ; then
70 echo "Setting up config.txt to boot 64bit uboot"
71 {
72 printf "\n# 64bit-mode"
73 printf "\n# arm_control=0x200 is deprecated https://www.raspberrypi.org/documentation/configuration/config-txt/misc.md"
74 printf "\narm_64bit=1"
75 } >> "${BOOT_DIR}/config.txt"
76
77 #in 64bit uboot booti is used instead of bootz [like in KERNEL_BIN_IMAGE=zImage (armv7)|| Image(armv8)]
78 sed -i "s|bootz|booti|g" "${BOOT_DIR}/uboot.mkimage"
79 fi
80
69 81 # Set mkfile to use the correct dtb file
70 sed -i "s/^\(setenv dtbfile \).*/\1${DTB_FILE}/" "${BOOT_DIR}/uboot.mkimage"
82 sed -i "s|bcm2709-rpi-2-b.dtb|${DTB_FILE}|" "${BOOT_DIR}/uboot.mkimage"
83
84 # Set mkfile to use the correct mach id
85 if [ "$ENABLE_QEMU" = true ] ; then
86 sed -i "s/^\(setenv machid \).*/\10x000008e0/" "${BOOT_DIR}/uboot.mkimage"
87 fi
71 88
72 89 # Set mkfile to use kernel image
73 sed -i "s/^\(fatload mmc 0:1 \${kernel_addr_r} \).*/\1${KERNEL_IMAGE}/" "${BOOT_DIR}/uboot.mkimage"
90 sed -i "s|kernel7.img|${KERNEL_IMAGE}|" "${BOOT_DIR}/uboot.mkimage"
74 91
75 92 # Remove all leading blank lines
76 93 sed -i "/./,\$!d" "${BOOT_DIR}/uboot.mkimage"
77 94
78 95 # Generate U-Boot bootloader image
79 96 chroot_exec /usr/sbin/mkimage -A "${KERNEL_ARCH}" -O linux -T script -C none -a 0x00000000 -e 0x00000000 -n "RPi${RPI_MODEL}" -d /boot/firmware/uboot.mkimage /boot/firmware/boot.scr
80 97
81 98 # Remove U-Boot sources
82 99 rm -fr "${R}/tmp/u-boot"
83 100 fi
@@ -1,51 +1,47
1 1 #
2 2 # Build and Setup fbturbo Xorg driver
3 3 #
4 4
5 5 # Load utility functions
6 6 . ./functions.sh
7 7
8 8 if [ "$ENABLE_FBTURBO" = true ] ; then
9 9 # Install c/c++ build environment inside the chroot
10 10 chroot_install_cc
11 11
12 12 # Copy existing fbturbo sources into chroot directory
13 13 if [ -n "$FBTURBOSRC_DIR" ] && [ -d "$FBTURBOSRC_DIR" ] ; then
14 14 # Copy local fbturbo sources
15 15 cp -r "${FBTURBOSRC_DIR}" "${R}/tmp"
16 16 else
17 17 # Create temporary directory for fbturbo sources
18 18 temp_dir=$(as_nobody mktemp -d)
19 19
20 20 # Fetch fbturbo sources
21 21 as_nobody git -C "${temp_dir}" clone "${FBTURBO_URL}"
22 22
23 23 # Move downloaded fbturbo sources
24 24 mv "${temp_dir}/xf86-video-fbturbo" "${R}/tmp/"
25 25
26 26 # Remove temporary directory for fbturbo sources
27 27 rm -fr "${temp_dir}"
28 28 fi
29 29
30 30 # Install Xorg build dependencies
31 if [ "$RELEASE" = "jessie" ] || [ "$RELEASE" = "stretch" ] || [ "$RELEASE" = "buster" ] ; then
32 chroot_exec apt-get -q -y --no-install-recommends install xorg-dev xutils-dev x11proto-dri2-dev libltdl-dev libtool automake libdrm-dev
33 elif [ "$RELEASE" = "stretch" ] || [ "$RELEASE" = "buster" ] ; then
34 chroot_exec apt-get -q -y --no-install-recommends --allow-unauthenticated install xorg-dev xutils-dev x11proto-dri2-dev libltdl-dev libtool automake libdrm-dev
35 fi
31 chroot_exec apt-get -q -y --no-install-recommends --allow-unauthenticated install xorg-dev xutils-dev x11proto-dri2-dev libltdl-dev libtool automake libdrm-dev
36 32
37 33 # Build and install fbturbo driver inside chroot
38 34 chroot_exec /bin/bash -x <<'EOF'
39 35 cd /tmp/xf86-video-fbturbo
40 36 autoreconf -vi
41 37 ./configure --prefix=/usr
42 38 make
43 39 make install
44 40 EOF
45 41
46 42 # Install fbturbo driver Xorg configuration
47 43 install_readonly files/xorg/99-fbturbo.conf "${R}/usr/share/X11/xorg.conf.d/99-fbturbo.conf"
48 44
49 45 # Remove Xorg build dependencies
50 46 chroot_exec apt-get -qq -y --auto-remove purge xorg-dev xutils-dev x11proto-dri2-dev libltdl-dev libtool automake libdrm-dev
51 47 fi
@@ -1,85 +1,76
1 1 #
2 2 # Reduce system disk usage
3 3 #
4 4
5 5 # Load utility functions
6 6 . ./functions.sh
7 7
8 8 # Reduce the image size by various operations
9 9 if [ "$ENABLE_REDUCE" = true ] ; then
10 10 if [ "$REDUCE_APT" = true ] ; then
11 11 # Install dpkg configuration file
12 12 if [ "$REDUCE_DOC" = true ] || [ "$REDUCE_MAN" = true ] ; then
13 13 install_readonly files/dpkg/01nodoc "${ETC_DIR}/dpkg/dpkg.cfg.d/01nodoc"
14 14 fi
15 15
16 16 # Install APT configuration files
17 17 install_readonly files/apt/02nocache "${ETC_DIR}/apt/apt.conf.d/02nocache"
18 18 install_readonly files/apt/03compress "${ETC_DIR}/apt/apt.conf.d/03compress"
19 19 install_readonly files/apt/04norecommends "${ETC_DIR}/apt/apt.conf.d/04norecommends"
20 20
21 21 # Remove APT cache files
22 22 rm -fr "${R}/var/cache/apt/pkgcache.bin"
23 23 rm -fr "${R}/var/cache/apt/srcpkgcache.bin"
24 24 fi
25 25
26 26 # Remove all doc files
27 27 if [ "$REDUCE_DOC" = true ] ; then
28 find "${R}/usr/share/doc" -depth -type f ! -name copyright | xargs rm || true
29 find "${R}/usr/share/doc" -empty | xargs rmdir || true
28 find "${R}/usr/share/doc" -depth -type f ! -name copyright -print0 | xargs -0 rm || true
29 find "${R}/usr/share/doc" -empty -print0 | xargs -0 rmdir || true
30 30 fi
31 31
32 32 # Remove all man pages and info files
33 33 if [ "$REDUCE_MAN" = true ] ; then
34 34 rm -rf "${R}/usr/share/man" "${R}/usr/share/groff" "${R}/usr/share/info" "${R}/usr/share/lintian" "${R}/usr/share/linda" "${R}/var/cache/man"
35 35 fi
36 36
37 37 # Remove all locale translation files
38 38 if [ "$REDUCE_LOCALE" = true ] ; then
39 find "${R}/usr/share/locale" -mindepth 1 -maxdepth 1 ! -name 'en' | xargs rm -r
39 find "${R}/usr/share/locale" -mindepth 1 -maxdepth 1 ! -name 'en' -print0 | xargs -0 rm -r
40 40 fi
41 41
42 42 # Remove hwdb PCI device classes (experimental)
43 43 if [ "$REDUCE_HWDB" = true ] ; then
44 44 rm -fr "/lib/udev/hwdb.d/20-pci-*"
45 45 fi
46 46
47 47 # Replace bash shell by dash shell (experimental)
48 48 if [ "$REDUCE_BASH" = true ] ; then
49 if [ "$RELEASE" = "stretch" ] || [ "$RELEASE" = "buster" ] ; then
50 echo "Yes, do as I say!" | chroot_exec apt-get purge -qq -y --allow-remove-essential bash
51 else
52 echo "Yes, do as I say!" | chroot_exec apt-get purge -qq -y --force-yes bash
53 fi
54
49 # Purge bash and update alternatives
50 echo "Yes, do as I say!" | chroot_exec apt-get purge -qq -y --allow-remove-essential bash
55 51 chroot_exec update-alternatives --install /bin/bash bash /bin/dash 100
56 52 fi
57 53
58 54 # Remove sound utils and libraries
59 55 if [ "$ENABLE_SOUND" = false ] ; then
60 56 chroot_exec apt-get -qq -y purge alsa-utils libsamplerate0 libasound2 libasound2-data
61 57 fi
62 58
63 # Re-install tools for managing kernel modules
64 if [ "$RELEASE" = "jessie" ] ; then
65 chroot_exec apt-get -qq -y install module-init-tools
66 fi
67
68 59 # Remove GPU kernels
69 60 if [ "$ENABLE_MINGPU" = true ] ; then
70 61 rm -f "${BOOT_DIR}/start.elf"
71 62 rm -f "${BOOT_DIR}/fixup.dat"
72 63 rm -f "${BOOT_DIR}/start_x.elf"
73 64 rm -f "${BOOT_DIR}/fixup_x.dat"
74 65 fi
75 66
76 67 # Remove kernel and initrd from /boot (already in /boot/firmware)
77 68 if [ "$BUILD_KERNEL" = false ] ; then
78 69 rm -f "${R}/boot/vmlinuz-*"
79 70 rm -f "${R}/boot/initrd.img-*"
80 71 fi
81 72
82 73 # Clean APT list of repositories
83 74 rm -fr "${R}/var/lib/apt/lists/*"
84 75 chroot_exec apt-get -qq -y update
85 76 fi
@@ -1,15 +1,16
1 1 # Set device tree fdtfile
2 2 setenv dtbfile bcm2709-rpi-2-b.dtb
3 3
4 4 # Tell Linux that it is booting on a Raspberry Pi2/3
5 5 setenv machid 0x00000c42
6 6
7 7 # Save these changes to u-boot's environment
8 8 saveenv
9 9
10 10 # Load the existing Linux kernel into RAM
11 mmc dev 0
11 12 fatload mmc 0:1 ${kernel_addr_r} kernel7.img
12 13 fatload mmc 0:1 ${fdt_addr_r} ${dtbfile}
13 14 fatload mmc 0:1 ${ramdisk_addr_r} ${initramfs}
14 15
15 16 # Boot the kernel we have just loaded
@@ -1,85 +1,96
1 1 #!/bin/sh
2 2 # expand_encrypted_rootfs initramfs-tools boot script
3 3
4 4 # dependencies: grep awk cut tail fdisk parted e2fsck resize2fs
5 5
6 6 set -e
7 7
8 8 # Wait for USB devices to be ready
9 9 sleep 5
10 10
11 11 # Use initramfs utility functions
12 12 if [ -r "/scripts/functions" ] ; then
13 13 . /scripts/functions
14 14 fi
15 15
16 16 # Check for cryptdevice variable
17 17 if [ -z "$cryptdevice" ] ; then
18 18 echo "unable to get cryptdevice variable (init-premount)"
19 19 return 1
20 20 fi
21 21
22 22 # Detect root partition device
23 23 ROOT_PART=$(echo $cryptdevice | awk -F"/|:" '{ print $3 }')
24 24 if [ -z "$ROOT_PART" ] ; then
25 25 log_warning_msg "unable to detect encrypted root partition device (cryptdevice)"
26 26 return 1
27 27 fi
28 28
29 29 # Extract root device name
30 30 case "${ROOT_PART}" in
31 31 mmcblk0*) ROOT_DEV=mmcblk0 ;;
32 32 sda*) ROOT_DEV=sda ;;
33 33 esac
34 34
35 35 # Check detected root partition name
36 36 PART_NUM=$(echo ${ROOT_PART} | grep -o '[1-9][0-9]*$')
37 37 if [ "$PART_NUM" = "$ROOT_PART" ] ; then
38 38 log_warning_msg "$ROOT_PART is not an SD card. Don't know how to expand"
39 39 return 1
40 40 fi
41 41
42 42 # NOTE: the NOOBS partition layout confuses parted. For now, let's only
43 43 # agree to work with a sufficiently simple partition layout
44 44 if [ "$PART_NUM" -gt 2 ] ; then
45 45 log_warning_msg "Your partition layout is not currently supported by this tool."
46 46 return 1
47 47 fi
48 48
49 49 # Check if last partition number
50 50 LAST_PART_NUM=$(parted /dev/${ROOT_DEV} -ms unit s p | tail -n 1 | cut -f 1 -d:)
51 51 if [ $LAST_PART_NUM -ne $PART_NUM ]; then
52 52 log_warning_msg "$ROOT_PART is not the last partition. Don't know how to expand"
53 53 return 1
54 54 fi
55 55
56 56 # Get the starting offset of the root partition
57 57 PART_START=$(parted /dev/${ROOT_DEV} -ms unit s p | grep "^${PART_NUM}" | cut -f 2 -d: | sed 's/[^0-9]//g')
58 58 if [ -z "$PART_START" ] ; then
59 59 log_warning_msg "${ROOT_DEV} unable to get starting sector of the partition"
60 60 return 1
61 61 fi
62 62
63 # Get the current last sector of the root partition
64 PART_END=$(parted /dev/${ROOT_DEV} -ms unit s p | grep "^${PART_NUM}" | cut -f 3 -d: | sed 's/[^0-9]//g')
65 if [ -z "$PART_END" ] ; then
66 log_warning_msg "${ROOT_DEV} unable to get last sector of the partition"
67 return 1
68 fi
69
63 70 # Get the possible last sector for the root partition
64 71 PART_LAST=$(fdisk -l /dev/${ROOT_DEV} | grep '^Disk.*sectors' | awk '{ print $7 - 1 }')
65 72 if [ -z "$PART_LAST" ] ; then
66 log_warning_msg "${ROOT_DEV} unable to get last sector of the partition"
73 log_warning_msg "${ROOT_DEV} unable to get last possible sector of the partition"
67 74 return 1
68 75 fi
69 76
70 77 ### Since rc.local is run with "sh -e", let's add "|| true" to prevent premature exit
71 fdisk /dev/${ROOT_DEV} 2> /dev/null <<EOF2 || true
78 if [ $PART_END != $PART_LAST ] ; then
79 fdisk /dev/${ROOT_DEV} 2> /dev/null <<EOF2 || true
72 80 p
73 81 d
74 82 $PART_NUM
75 83 n
76 84 p
77 85 $PART_NUM
78 86 $PART_START
79 87 $PART_LAST
80 88 p
81 89 w
82 90 EOF2
83 91
84 partprobe
85 log_success_msg "Root partition successfully resized."
92 partprobe
93 log_success_msg "Root partition successfully resized."
94 else
95 log_success_msg "Root partition already resized."
96 fi
@@ -1,15 +1,15
1 1 [Unit]
2 2 Description=Packet Filtering Framework
3 3 DefaultDependencies=no
4 4 After=systemd-sysctl.service
5 5 Before=sysinit.target
6 6
7 7 [Service]
8 8 Type=oneshot
9 ExecStart=/sbin/ip6tables-restore /etc/iptables/ip6tables.rules
9 ExecStart=/sbin/ip6tables-restore -w 5 /etc/iptables/ip6tables.rules
10 10 ExecReload=/sbin/ip6tables-restore /etc/iptables/ip6tables.rules
11 11 ExecStop=/etc/iptables/flush-ip6tables.sh
12 12 RemainAfterExit=yes
13 13
14 14 [Install]
15 15 WantedBy=multi-user.target
@@ -1,15 +1,15
1 1 [Unit]
2 2 Description=Packet Filtering Framework
3 3 DefaultDependencies=no
4 4 After=systemd-sysctl.service
5 5 Before=sysinit.target
6 6
7 7 [Service]
8 8 Type=oneshot
9 ExecStart=/sbin/iptables-restore /etc/iptables/iptables.rules
9 ExecStart=/sbin/iptables-restore -w 5 /etc/iptables/iptables.rules
10 10 ExecReload=/sbin/iptables-restore /etc/iptables/iptables.rules
11 11 ExecStop=/etc/iptables/flush-iptables.sh
12 12 RemainAfterExit=yes
13 13
14 14 [Install]
15 15 WantedBy=multi-user.target
@@ -1,1 +1,1
1 rpi2-jessie
1 RaspberryPI
@@ -1,6 +1,6
1 1 127.0.0.1 localhost
2 127.0.1.1 rpi2-jessie
2 127.0.1.1 RaspberryPI
3 3
4 4 ::1 localhost ip6-localhost ip6-loopback
5 5 ff02::1 ip6-allnodes
6 6 ff02::2 ip6-allrouters
@@ -1,81 +1,77
1 1 # This file contains utility functions used by rpi23-gen-image.sh
2 2
3 3 cleanup (){
4 4 set +x
5 5 set +e
6 6
7 7 # Identify and kill all processes still using files
8 8 echo "killing processes using mount point ..."
9 9 fuser -k "${R}"
10 10 sleep 3
11 11 fuser -9 -k -v "${R}"
12 12
13 13 # Clean up temporary .password file
14 14 if [ -r ".password" ] ; then
15 15 shred -zu .password
16 16 fi
17 17
18 18 # Clean up all temporary mount points
19 19 echo "removing temporary mount points ..."
20 20 umount -l "${R}/proc" 2> /dev/null
21 21 umount -l "${R}/sys" 2> /dev/null
22 22 umount -l "${R}/dev/pts" 2> /dev/null
23 23 umount "$BUILDDIR/mount/boot/firmware" 2> /dev/null
24 24 umount "$BUILDDIR/mount" 2> /dev/null
25 25 cryptsetup close "${CRYPTFS_MAPPING}" 2> /dev/null
26 26 losetup -d "$ROOT_LOOP" 2> /dev/null
27 27 losetup -d "$FRMW_LOOP" 2> /dev/null
28 28 trap - 0 1 2 3 6
29 29 }
30 30
31 31 chroot_exec() {
32 32 # Exec command in chroot
33 LANG=C LC_ALL=C DEBIAN_FRONTEND=noninteractive chroot ${R} $*
33 LANG=C LC_ALL=C DEBIAN_FRONTEND=noninteractive chroot "${R}" "$@"
34 34 }
35 35
36 36 as_nobody() {
37 37 # Exec command as user nobody
38 sudo -E -u nobody LANG=C LC_ALL=C $*
38 sudo -E -u nobody LANG=C LC_ALL=C "$@"
39 39 }
40 40
41 41 install_readonly() {
42 42 # Install file with user read-only permissions
43 install -o root -g root -m 644 $*
43 install -o root -g root -m 644 "$@"
44 44 }
45 45
46 46 install_exec() {
47 47 # Install file with root exec permissions
48 install -o root -g root -m 744 $*
48 install -o root -g root -m 744 "$@"
49 49 }
50 50
51 51 use_template () {
52 52 # Test if configuration template file exists
53 53 if [ ! -r "./templates/${CONFIG_TEMPLATE}" ] ; then
54 54 echo "error: configuration template ${CONFIG_TEMPLATE} not found"
55 55 exit 1
56 56 fi
57 57
58 58 # Load template configuration parameters
59 59 . "./templates/${CONFIG_TEMPLATE}"
60 60 }
61 61
62 62 chroot_install_cc() {
63 63 # Install c/c++ build environment inside the chroot
64 64 if [ -z "${COMPILER_PACKAGES}" ] ; then
65 65 COMPILER_PACKAGES=$(chroot_exec apt-get -s install g++ make bc | grep "^Inst " | awk -v ORS=" " '{ print $2 }')
66
67 if [ "$RELEASE" = "jessie" ] || [ "$RELEASE" = "stretch" ] || [ "$RELEASE" = "buster" ] ; then
68 chroot_exec apt-get -q -y --no-install-recommends install ${COMPILER_PACKAGES}
69 elif [ "$RELEASE" = "stretch" ] || [ "$RELEASE" = "buster" ] ; then
70 chroot_exec apt-get -q -y --allow-unauthenticated --no-install-recommends install ${COMPILER_PACKAGES}
71 fi
66 # Install COMPILER_PACKAGES in chroot
67 chroot_exec apt-get -q -y --allow-unauthenticated --no-install-recommends install "${COMPILER_PACKAGES}"
72 68 fi
73 69 }
74 70
75 71 chroot_remove_cc() {
76 72 # Remove c/c++ build environment from the chroot
77 if [ ! -z "${COMPILER_PACKAGES}" ] ; then
78 chroot_exec apt-get -qq -y --auto-remove purge ${COMPILER_PACKAGES}
73 if [ -n "${COMPILER_PACKAGES}" ] ; then
74 chroot_exec apt-get -qq -y --auto-remove purge "${COMPILER_PACKAGES}"
79 75 COMPILER_PACKAGES=""
80 76 fi
81 77 }
@@ -1,657 +1,807
1 1 #!/bin/sh
2
3 2 ########################################################################
4 3 # rpi23-gen-image.sh 2015-2017
5 4 #
6 # Advanced Debian "jessie", "stretch" and "buster" bootstrap script for RPi2/3
5 # Advanced Debian "stretch" and "buster" bootstrap script for Raspberry Pi
7 6 #
8 7 # This program is free software; you can redistribute it and/or
9 8 # modify it under the terms of the GNU General Public License
10 9 # as published by the Free Software Foundation; either version 2
11 10 # of the License, or (at your option) any later version.
12 11 #
13 12 # Copyright (C) 2015 Jan Wagner <mail@jwagner.eu>
14 13 #
15 14 # Big thanks for patches and enhancements by 20+ github contributors!
16 15 ########################################################################
17 16
18 17 # Are we running as root?
19 18 if [ "$(id -u)" -ne "0" ] ; then
20 19 echo "error: this script must be executed with root privileges!"
21 20 exit 1
22 21 fi
23 22
24 23 # Check if ./functions.sh script exists
25 24 if [ ! -r "./functions.sh" ] ; then
26 25 echo "error: './functions.sh' required script not found!"
27 26 exit 1
28 27 fi
29 28
30 29 # Load utility functions
31 30 . ./functions.sh
32 31
33 32 # Load parameters from configuration template file
34 if [ ! -z "$CONFIG_TEMPLATE" ] ; then
33 if [ -n "$CONFIG_TEMPLATE" ] ; then
35 34 use_template
36 35 fi
37 36
38 37 # Introduce settings
39 38 set -e
40 echo -n -e "\n#\n# RPi2/3 Bootstrap Settings\n#\n"
39 echo -n -e "\n#\n# RPi 0/1/2/3 Bootstrap Settings\n#\n"
41 40 set -x
42 41
43 42 # Raspberry Pi model configuration
44 43 RPI_MODEL=${RPI_MODEL:=2}
45 RPI2_DTB_FILE=${RPI2_DTB_FILE:=bcm2709-rpi-2-b.dtb}
46 RPI2_UBOOT_CONFIG=${RPI2_UBOOT_CONFIG:=rpi_2_defconfig}
47 RPI3_DTB_FILE=${RPI3_DTB_FILE:=bcm2710-rpi-3-b.dtb}
48 RPI3_UBOOT_CONFIG=${RPI3_UBOOT_CONFIG:=rpi_3_32b_defconfig}
49 44
50 45 # Debian release
51 RELEASE=${RELEASE:=jessie}
52 KERNEL_ARCH=${KERNEL_ARCH:=arm}
53 RELEASE_ARCH=${RELEASE_ARCH:=armhf}
54 CROSS_COMPILE=${CROSS_COMPILE:=arm-linux-gnueabihf-}
55 COLLABORA_KERNEL=${COLLABORA_KERNEL:=3.18.0-trunk-rpi2}
56 if [ "$KERNEL_ARCH" = "arm64" ] ; then
57 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcmrpi3_defconfig}
58 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel8.img}
59 else
60 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcm2709_defconfig}
61 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel7.img}
62 fi
63 if [ "$RELEASE_ARCH" = "arm64" ] ; then
64 QEMU_BINARY=${QEMU_BINARY:=/usr/bin/qemu-aarch64-static}
65 else
66 QEMU_BINARY=${QEMU_BINARY:=/usr/bin/qemu-arm-static}
67 fi
46 RELEASE=${RELEASE:=buster}
47
48 # Kernel Branch
68 49 KERNEL_BRANCH=${KERNEL_BRANCH:=""}
69 50
70 51 # URLs
71 52 KERNEL_URL=${KERNEL_URL:=https://github.com/raspberrypi/linux}
72 53 FIRMWARE_URL=${FIRMWARE_URL:=https://github.com/raspberrypi/firmware/raw/master/boot}
73 54 WLAN_FIRMWARE_URL=${WLAN_FIRMWARE_URL:=https://github.com/RPi-Distro/firmware-nonfree/raw/master/brcm}
74 55 COLLABORA_URL=${COLLABORA_URL:=https://repositories.collabora.co.uk/debian}
75 56 FBTURBO_URL=${FBTURBO_URL:=https://github.com/ssvb/xf86-video-fbturbo.git}
76 UBOOT_URL=${UBOOT_URL:=git://git.denx.de/u-boot.git}
57 UBOOT_URL=${UBOOT_URL:=https://git.denx.de/u-boot.git}
58 VIDEOCORE_URL=${VIDEOCORE_URL:=https://github.com/raspberrypi/userland}
59 BLUETOOTH_URL=${BLUETOOTH_URL:=https://github.com/RPi-Distro/pi-bluetooth.git}
77 60
78 61 # Build directories
79 BASEDIR=${BASEDIR:=$(pwd)/images/${RELEASE}}
62 WORKDIR=$(pwd)
63 BASEDIR=${BASEDIR:=${WORKDIR}/images/${RELEASE}}
80 64 BUILDDIR="${BASEDIR}/build"
81 65
82 # Prepare date string for default image file name
83 DATE="$(date +%Y-%m-%d)"
84 if [ -z "$KERNEL_BRANCH" ] ; then
85 IMAGE_NAME=${IMAGE_NAME:=${BASEDIR}/${DATE}-${KERNEL_ARCH}-CURRENT-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}}
86 else
87 IMAGE_NAME=${IMAGE_NAME:=${BASEDIR}/${DATE}-${KERNEL_ARCH}-${KERNEL_BRANCH}-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}}
88 fi
89
90 66 # Chroot directories
91 67 R="${BUILDDIR}/chroot"
92 68 ETC_DIR="${R}/etc"
93 69 LIB_DIR="${R}/lib"
94 70 BOOT_DIR="${R}/boot/firmware"
95 71 KERNEL_DIR="${R}/usr/src/linux"
96 WLAN_FIRMWARE_DIR="${R}/lib/firmware/brcm"
72 WLAN_FIRMWARE_DIR="${LIB_DIR}/firmware/brcm"
73 BLUETOOTH_FIRMWARE_DIR="${ETC_DIR}/firmware/bt"
97 74
98 75 # Firmware directory: Blank if download from github
99 76 RPI_FIRMWARE_DIR=${RPI_FIRMWARE_DIR:=""}
100 77
101 78 # General settings
79 SET_ARCH=${SET_ARCH:=32}
102 80 HOSTNAME=${HOSTNAME:=rpi${RPI_MODEL}-${RELEASE}}
103 81 PASSWORD=${PASSWORD:=raspberry}
104 82 USER_PASSWORD=${USER_PASSWORD:=raspberry}
105 83 DEFLOCAL=${DEFLOCAL:="en_US.UTF-8"}
106 84 TIMEZONE=${TIMEZONE:="Europe/Berlin"}
107 85 EXPANDROOT=${EXPANDROOT:=true}
108 86
109 87 # Keyboard settings
110 88 XKB_MODEL=${XKB_MODEL:=""}
111 89 XKB_LAYOUT=${XKB_LAYOUT:=""}
112 90 XKB_VARIANT=${XKB_VARIANT:=""}
113 91 XKB_OPTIONS=${XKB_OPTIONS:=""}
114 92
115 93 # Network settings (DHCP)
116 94 ENABLE_DHCP=${ENABLE_DHCP:=true}
117 95
118 96 # Network settings (static)
119 97 NET_ADDRESS=${NET_ADDRESS:=""}
120 98 NET_GATEWAY=${NET_GATEWAY:=""}
121 99 NET_DNS_1=${NET_DNS_1:=""}
122 100 NET_DNS_2=${NET_DNS_2:=""}
123 101 NET_DNS_DOMAINS=${NET_DNS_DOMAINS:=""}
124 102 NET_NTP_1=${NET_NTP_1:=""}
125 103 NET_NTP_2=${NET_NTP_2:=""}
126 104
127 105 # APT settings
128 106 APT_PROXY=${APT_PROXY:=""}
129 107 APT_SERVER=${APT_SERVER:="ftp.debian.org"}
130 108
131 109 # Feature settings
110 ENABLE_PRINTK=${ENABLE_PRINTK:=false}
111 ENABLE_BLUETOOTH=${ENABLE_BLUETOOTH:=false}
112 ENABLE_MINIUART_OVERLAY=${ENABLE_MINIUART_OVERLAY:=false}
132 113 ENABLE_CONSOLE=${ENABLE_CONSOLE:=true}
133 114 ENABLE_I2C=${ENABLE_I2C:=false}
134 115 ENABLE_SPI=${ENABLE_SPI:=false}
135 116 ENABLE_IPV6=${ENABLE_IPV6:=true}
136 117 ENABLE_SSHD=${ENABLE_SSHD:=true}
137 118 ENABLE_NONFREE=${ENABLE_NONFREE:=false}
138 119 ENABLE_WIRELESS=${ENABLE_WIRELESS:=false}
139 120 ENABLE_SOUND=${ENABLE_SOUND:=true}
140 121 ENABLE_DBUS=${ENABLE_DBUS:=true}
141 122 ENABLE_HWRANDOM=${ENABLE_HWRANDOM:=true}
142 123 ENABLE_MINGPU=${ENABLE_MINGPU:=false}
143 124 ENABLE_XORG=${ENABLE_XORG:=false}
144 125 ENABLE_WM=${ENABLE_WM:=""}
145 126 ENABLE_RSYSLOG=${ENABLE_RSYSLOG:=true}
146 127 ENABLE_USER=${ENABLE_USER:=true}
147 128 USER_NAME=${USER_NAME:="pi"}
148 129 ENABLE_ROOT=${ENABLE_ROOT:=false}
130 ENABLE_QEMU=${ENABLE_QEMU:=false}
131 ENABLE_SYSVINIT=${ENABLE_SYSVINIT:=false}
149 132
150 133 # SSH settings
151 134 SSH_ENABLE_ROOT=${SSH_ENABLE_ROOT:=false}
152 135 SSH_DISABLE_PASSWORD_AUTH=${SSH_DISABLE_PASSWORD_AUTH:=false}
153 136 SSH_LIMIT_USERS=${SSH_LIMIT_USERS:=false}
154 137 SSH_ROOT_PUB_KEY=${SSH_ROOT_PUB_KEY:=""}
155 138 SSH_USER_PUB_KEY=${SSH_USER_PUB_KEY:=""}
156 139
157 140 # Advanced settings
158 141 ENABLE_MINBASE=${ENABLE_MINBASE:=false}
159 142 ENABLE_REDUCE=${ENABLE_REDUCE:=false}
160 143 ENABLE_UBOOT=${ENABLE_UBOOT:=false}
161 144 UBOOTSRC_DIR=${UBOOTSRC_DIR:=""}
162 145 ENABLE_FBTURBO=${ENABLE_FBTURBO:=false}
146 ENABLE_VIDEOCORE=${ENABLE_VIDEOCORE:=false}
147 VIDEOCORESRC_DIR=${VIDEOCORESRC_DIR:=""}
163 148 FBTURBOSRC_DIR=${FBTURBOSRC_DIR:=""}
164 149 ENABLE_HARDNET=${ENABLE_HARDNET:=false}
165 150 ENABLE_IPTABLES=${ENABLE_IPTABLES:=false}
166 151 ENABLE_SPLITFS=${ENABLE_SPLITFS:=false}
167 152 ENABLE_INITRAMFS=${ENABLE_INITRAMFS:=false}
168 153 ENABLE_IFNAMES=${ENABLE_IFNAMES:=true}
169 154 DISABLE_UNDERVOLT_WARNINGS=${DISABLE_UNDERVOLT_WARNINGS:=}
170 155
171 156 # Kernel compilation settings
172 BUILD_KERNEL=${BUILD_KERNEL:=false}
157 BUILD_KERNEL=${BUILD_KERNEL:=true}
173 158 KERNEL_REDUCE=${KERNEL_REDUCE:=false}
174 159 KERNEL_THREADS=${KERNEL_THREADS:=1}
175 160 KERNEL_HEADERS=${KERNEL_HEADERS:=true}
176 161 KERNEL_MENUCONFIG=${KERNEL_MENUCONFIG:=false}
177 162 KERNEL_REMOVESRC=${KERNEL_REMOVESRC:=true}
178 if [ "$KERNEL_ARCH" = "arm64" ] ; then
179 KERNEL_BIN_IMAGE=${KERNEL_BIN_IMAGE:="Image"}
180 else
181 KERNEL_BIN_IMAGE=${KERNEL_BIN_IMAGE:="zImage"}
182 fi
163 KERNEL_OLDDEFCONFIG=${KERNEL_OLDDEFCONFIG:=false}
164 KERNEL_CCACHE=${KERNEL_CCACHE:=false}
183 165
184 166 # Kernel compilation from source directory settings
185 167 KERNELSRC_DIR=${KERNELSRC_DIR:=""}
186 168 KERNELSRC_CLEAN=${KERNELSRC_CLEAN:=false}
187 169 KERNELSRC_CONFIG=${KERNELSRC_CONFIG:=true}
188 170 KERNELSRC_PREBUILT=${KERNELSRC_PREBUILT:=false}
189 171
190 172 # Reduce disk usage settings
191 173 REDUCE_APT=${REDUCE_APT:=true}
192 174 REDUCE_DOC=${REDUCE_DOC:=true}
193 175 REDUCE_MAN=${REDUCE_MAN:=true}
194 176 REDUCE_VIM=${REDUCE_VIM:=false}
195 177 REDUCE_BASH=${REDUCE_BASH:=false}
196 178 REDUCE_HWDB=${REDUCE_HWDB:=true}
197 179 REDUCE_SSHD=${REDUCE_SSHD:=true}
198 180 REDUCE_LOCALE=${REDUCE_LOCALE:=true}
199 181
200 182 # Encrypted filesystem settings
201 183 ENABLE_CRYPTFS=${ENABLE_CRYPTFS:=false}
202 184 CRYPTFS_PASSWORD=${CRYPTFS_PASSWORD:=""}
203 185 CRYPTFS_MAPPING=${CRYPTFS_MAPPING:="secure"}
204 186 CRYPTFS_CIPHER=${CRYPTFS_CIPHER:="aes-xts-plain64:sha512"}
205 187 CRYPTFS_XTSKEYSIZE=${CRYPTFS_XTSKEYSIZE:=512}
206 188
207 # Stop the Crypto Wars
208 DISABLE_FBI=${DISABLE_FBI:=false}
209
210 189 # Chroot scripts directory
211 190 CHROOT_SCRIPTS=${CHROOT_SCRIPTS:=""}
212 191
213 192 # Packages required in the chroot build environment
214 193 APT_INCLUDES=${APT_INCLUDES:=""}
215 APT_INCLUDES="${APT_INCLUDES},apt-transport-https,apt-utils,ca-certificates,debian-archive-keyring,dialog,sudo,systemd,sysvinit-utils"
194 APT_INCLUDES="${APT_INCLUDES},apt-transport-https,apt-utils,ca-certificates,debian-archive-keyring,dialog,sudo,systemd,sysvinit-utils,locales,keyboard-configuration,console-setup,libnss-systemd"
195
196 # Packages to exclude from chroot build environment
197 APT_EXCLUDES=${APT_EXCLUDES:=""}
216 198
217 199 # Packages required for bootstrapping
218 200 REQUIRED_PACKAGES="debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git bc psmisc dbus sudo"
219 201 MISSING_PACKAGES=""
220 202
221 203 # Packages installed for c/c++ build environment in chroot (keep empty)
222 204 COMPILER_PACKAGES=""
223 205
224 206 set +x
225 207
226 # Set Raspberry Pi model specific configuration
227 if [ "$RPI_MODEL" = 2 ] ; then
228 DTB_FILE=${RPI2_DTB_FILE}
229 UBOOT_CONFIG=${RPI2_UBOOT_CONFIG}
230 elif [ "$RPI_MODEL" = 3 ] ; then
231 DTB_FILE=${RPI3_DTB_FILE}
232 UBOOT_CONFIG=${RPI3_UBOOT_CONFIG}
233 BUILD_KERNEL=true
208 #Check if apt-cacher-ng has port 3142 open and set APT_PROXY
209 APT_CACHER_RUNNING=$(lsof -i :3142 | grep apt-cacher-ng | cut -d ' ' -f3 | uniq)
210 if [ -n "${APT_CACHER_RUNNING}" ] ; then
211 APT_PROXY=http://127.0.0.1:3142/
212 fi
213
214 # Setup architecture specific settings
215 if [ -n "$SET_ARCH" ] ; then
216 # 64-bit configuration
217 if [ "$SET_ARCH" = 64 ] ; then
218 # General 64-bit depended settings
219 QEMU_BINARY=${QEMU_BINARY:=/usr/bin/qemu-aarch64-static}
220 KERNEL_ARCH=${KERNEL_ARCH:=arm64}
221 KERNEL_BIN_IMAGE=${KERNEL_BIN_IMAGE:="Image"}
222
223 # Raspberry Pi model specific settings
224 if [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then
225 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-arm64"
226 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcmrpi3_defconfig}
227 RELEASE_ARCH=${RELEASE_ARCH:=arm64}
228 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel8.img}
229 CROSS_COMPILE=${CROSS_COMPILE:=aarch64-linux-gnu-}
230 else
231 echo "error: Only Raspberry PI 3 and 3B+ support 64-bit"
232 exit 1
233 fi
234 fi
235
236 # 32-bit configuration
237 if [ "$SET_ARCH" = 32 ] ; then
238 # General 32-bit dependend settings
239 QEMU_BINARY=${QEMU_BINARY:=/usr/bin/qemu-arm-static}
240 KERNEL_ARCH=${KERNEL_ARCH:=arm}
241 KERNEL_BIN_IMAGE=${KERNEL_BIN_IMAGE:="zImage"}
242
243 # Raspberry Pi model specific settings
244 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 1 ] || [ "$RPI_MODEL" = 1P ] ; then
245 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-armel"
246 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcmrpi_defconfig}
247 RELEASE_ARCH=${RELEASE_ARCH:=armel}
248 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel.img}
249 CROSS_COMPILE=${CROSS_COMPILE:=arm-linux-gnueabi-}
250 fi
251
252 # Raspberry Pi model specific settings
253 if [ "$RPI_MODEL" = 2 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then
254 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-armhf"
255 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcm2709_defconfig}
256 RELEASE_ARCH=${RELEASE_ARCH:=armhf}
257 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel7.img}
258 CROSS_COMPILE=${CROSS_COMPILE:=arm-linux-gnueabihf-}
259 fi
260 fi
261 #SET_ARCH not set
234 262 else
235 echo "error: Raspberry Pi model ${RPI_MODEL} is not supported!"
263 echo "error: Please set '32' or '64' as value for SET_ARCH"
236 264 exit 1
237 265 fi
266 # Device specific configuration and U-Boot configuration
267 case "$RPI_MODEL" in
268 0)
269 DTB_FILE=${DTB_FILE:=bcm2708-rpi-0-w.dtb}
270 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_defconfig}
271 ;;
272 1)
273 DTB_FILE=${DTB_FILE:=bcm2708-rpi-b.dtb}
274 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_defconfig}
275 ;;
276 1P)
277 DTB_FILE=${DTB_FILE:=bcm2708-rpi-b-plus.dtb}
278 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_defconfig}
279 ;;
280 2)
281 DTB_FILE=${DTB_FILE:=bcm2709-rpi-2-b.dtb}
282 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_2_defconfig}
283 ;;
284 3)
285 DTB_FILE=${DTB_FILE:=bcm2710-rpi-3-b.dtb}
286 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_3_defconfig}
287 ;;
288 3P)
289 DTB_FILE=${DTB_FILE:=bcm2710-rpi-3-b.dtb}
290 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_3_defconfig}
291 ;;
292 *)
293 echo "error: Raspberry Pi model $RPI_MODEL is not supported!"
294 exit 1
295 ;;
296 esac
297
298 # Raspberry PI 0,3,3P with Bluetooth and Wifi onboard
299 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then
300 # Include bluetooth packages on supported boards
301 if [ "$ENABLE_BLUETOOTH" = true ] && [ "$ENABLE_CONSOLE" = false ]; then
302 APT_INCLUDES="${APT_INCLUDES},bluetooth,bluez"
303 fi
304 else # Raspberry PI 1,1P,2 without Wifi and bluetooth onboard
305 # Check if the internal wireless interface is not supported by the RPi model
306 if [ "$ENABLE_WIRELESS" = true ] || [ "$ENABLE_BLUETOOTH" = true ]; then
307 echo "error: The selected Raspberry Pi model has no integrated interface for wireless or bluetooth"
308 exit 1
309 fi
310 fi
238 311
239 # Check if the internal wireless interface is supported by the RPi model
240 if [ "$ENABLE_WIRELESS" = true ] && [ "$RPI_MODEL" != 3 ] ; then
241 echo "error: The selected Raspberry Pi model has no internal wireless interface"
242 exit 1
312 # Prepare date string for default image file name
313 DATE="$(date +%Y-%m-%d)"
314 if [ -z "$KERNEL_BRANCH" ] ; then
315 IMAGE_NAME=${IMAGE_NAME:=${BASEDIR}/${DATE}-${KERNEL_ARCH}-CURRENT-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}}
316 else
317 IMAGE_NAME=${IMAGE_NAME:=${BASEDIR}/${DATE}-${KERNEL_ARCH}-${KERNEL_BRANCH}-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}}
243 318 fi
244 319
245 320 # Check if DISABLE_UNDERVOLT_WARNINGS parameter value is supported
246 if [ ! -z "$DISABLE_UNDERVOLT_WARNINGS" ] ; then
321 if [ -n "$DISABLE_UNDERVOLT_WARNINGS" ] ; then
247 322 if [ "$DISABLE_UNDERVOLT_WARNINGS" != 1 ] && [ "$DISABLE_UNDERVOLT_WARNINGS" != 2 ] ; then
248 323 echo "error: DISABLE_UNDERVOLT_WARNINGS=${DISABLE_UNDERVOLT_WARNINGS} is not supported"
249 324 exit 1
250 325 fi
251 326 fi
252 327
253 # Build RPi2/3 Linux kernel if required by Debian release
254 if [ "$RELEASE" = "stretch" ] || [ "$RELEASE" = "buster" ] ; then
255 BUILD_KERNEL=true
256 fi
257
258 # Add packages required for kernel cross compilation
259 if [ "$BUILD_KERNEL" = true ] ; then
260 if [ "$KERNEL_ARCH" = "arm" ] ; then
261 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-armhf"
262 else
263 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-arm64"
264 fi
328 # Add cmake to compile videocore sources
329 if [ "$ENABLE_VIDEOCORE" = true ] ; then
330 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} cmake"
265 331 fi
266 332
267 333 # Add libncurses5 to enable kernel menuconfig
268 334 if [ "$KERNEL_MENUCONFIG" = true ] ; then
269 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} libncurses5-dev"
335 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} libncurses-dev"
270 336 fi
271 337
272 # Stop the Crypto Wars
273 if [ "$DISABLE_FBI" = true ] ; then
274 ENABLE_CRYPTFS=true
338 # Add ccache compiler cache for (faster) kernel cross (re)compilation
339 if [ "$KERNEL_CCACHE" = true ] ; then
340 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} ccache"
275 341 fi
276 342
277 343 # Add cryptsetup package to enable filesystem encryption
278 344 if [ "$ENABLE_CRYPTFS" = true ] && [ "$BUILD_KERNEL" = true ] ; then
279 345 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} cryptsetup"
280 APT_INCLUDES="${APT_INCLUDES},cryptsetup"
346 APT_INCLUDES="${APT_INCLUDES},cryptsetup,busybox,console-setup"
281 347
282 348 if [ -z "$CRYPTFS_PASSWORD" ] ; then
283 349 echo "error: no password defined (CRYPTFS_PASSWORD)!"
284 350 exit 1
285 351 fi
286 352 ENABLE_INITRAMFS=true
287 353 fi
288 354
289 355 # Add initramfs generation tools
290 356 if [ "$ENABLE_INITRAMFS" = true ] && [ "$BUILD_KERNEL" = true ] ; then
291 357 APT_INCLUDES="${APT_INCLUDES},initramfs-tools"
292 358 fi
293 359
294 360 # Add device-tree-compiler required for building the U-Boot bootloader
295 361 if [ "$ENABLE_UBOOT" = true ] ; then
296 APT_INCLUDES="${APT_INCLUDES},device-tree-compiler"
362 APT_INCLUDES="${APT_INCLUDES},device-tree-compiler,bison,flex,bc"
363 fi
364
365 if [ "$ENABLE_BLUETOOTH" = true ] ; then
366 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then
367 if [ "$ENABLE_CONSOLE" = false ] ; then
368 APT_INCLUDES="${APT_INCLUDES},bluetooth,bluez"
369 fi
370 fi
297 371 fi
298 372
299 373 # Check if root SSH (v2) public key file exists
300 if [ ! -z "$SSH_ROOT_PUB_KEY" ] ; then
374 if [ -n "$SSH_ROOT_PUB_KEY" ] ; then
301 375 if [ ! -f "$SSH_ROOT_PUB_KEY" ] ; then
302 376 echo "error: '$SSH_ROOT_PUB_KEY' specified SSH public key file not found (SSH_ROOT_PUB_KEY)!"
303 377 exit 1
304 378 fi
305 379 fi
306 380
307 381 # Check if $USER_NAME SSH (v2) public key file exists
308 if [ ! -z "$SSH_USER_PUB_KEY" ] ; then
382 if [ -n "$SSH_USER_PUB_KEY" ] ; then
309 383 if [ ! -f "$SSH_USER_PUB_KEY" ] ; then
310 384 echo "error: '$SSH_USER_PUB_KEY' specified SSH public key file not found (SSH_USER_PUB_KEY)!"
311 385 exit 1
312 386 fi
313 387 fi
314 388
315 389 # Check if all required packages are installed on the build system
316 390 for package in $REQUIRED_PACKAGES ; do
317 if [ "`dpkg-query -W -f='${Status}' $package`" != "install ok installed" ] ; then
391 if [ "$(dpkg-query -W -f='${Status}' "$package")" != "install ok installed" ] ; then
318 392 MISSING_PACKAGES="${MISSING_PACKAGES} $package"
319 393 fi
320 394 done
321 395
322 396 # If there are missing packages ask confirmation for install, or exit
323 397 if [ -n "$MISSING_PACKAGES" ] ; then
324 398 echo "the following packages needed by this script are not installed:"
325 399 echo "$MISSING_PACKAGES"
326 400
327 echo -n "\ndo you want to install the missing packages right now? [y/n] "
328 read confirm
401 printf "\ndo you want to install the missing packages right now? [y/n] "
402 read -r confirm
329 403 [ "$confirm" != "y" ] && exit 1
330 404
331 405 # Make sure all missing required packages are installed
332 apt-get -qq -y install ${MISSING_PACKAGES}
406 apt-get -qq -y install `echo "${MISSING_PACKAGES}" | sed "s/ //"`
333 407 fi
334 408
335 409 # Check if ./bootstrap.d directory exists
336 410 if [ ! -d "./bootstrap.d/" ] ; then
337 411 echo "error: './bootstrap.d' required directory not found!"
338 412 exit 1
339 413 fi
340 414
341 415 # Check if ./files directory exists
342 416 if [ ! -d "./files/" ] ; then
343 417 echo "error: './files' required directory not found!"
344 418 exit 1
345 419 fi
346 420
347 421 # Check if specified KERNELSRC_DIR directory exists
348 422 if [ -n "$KERNELSRC_DIR" ] && [ ! -d "$KERNELSRC_DIR" ] ; then
349 423 echo "error: '${KERNELSRC_DIR}' specified directory not found (KERNELSRC_DIR)!"
350 424 exit 1
351 425 fi
352 426
353 427 # Check if specified UBOOTSRC_DIR directory exists
354 428 if [ -n "$UBOOTSRC_DIR" ] && [ ! -d "$UBOOTSRC_DIR" ] ; then
355 429 echo "error: '${UBOOTSRC_DIR}' specified directory not found (UBOOTSRC_DIR)!"
356 430 exit 1
357 431 fi
358 432
433 # Check if specified VIDEOCORESRC_DIR directory exists
434 if [ -n "$VIDEOCORESRC_DIR" ] && [ ! -d "$VIDEOCORESRC_DIR" ] ; then
435 echo "error: '${VIDEOCORESRC_DIR}' specified directory not found (VIDEOCORESRC_DIR)!"
436 exit 1
437 fi
438
359 439 # Check if specified FBTURBOSRC_DIR directory exists
360 440 if [ -n "$FBTURBOSRC_DIR" ] && [ ! -d "$FBTURBOSRC_DIR" ] ; then
361 441 echo "error: '${FBTURBOSRC_DIR}' specified directory not found (FBTURBOSRC_DIR)!"
362 442 exit 1
363 443 fi
364 444
365 445 # Check if specified CHROOT_SCRIPTS directory exists
366 446 if [ -n "$CHROOT_SCRIPTS" ] && [ ! -d "$CHROOT_SCRIPTS" ] ; then
367 447 echo "error: ${CHROOT_SCRIPTS} specified directory not found (CHROOT_SCRIPTS)!"
368 448 exit 1
369 449 fi
370 450
371 451 # Check if specified device mapping already exists (will be used by cryptsetup)
372 452 if [ -r "/dev/mapping/${CRYPTFS_MAPPING}" ] ; then
373 453 echo "error: mapping /dev/mapping/${CRYPTFS_MAPPING} already exists, not proceeding"
374 454 exit 1
375 455 fi
376 456
377 457 # Don't clobber an old build
378 458 if [ -e "$BUILDDIR" ] ; then
379 459 echo "error: directory ${BUILDDIR} already exists, not proceeding"
380 460 exit 1
381 461 fi
382 462
383 463 # Setup chroot directory
384 464 mkdir -p "${R}"
385 465
386 466 # Check if build directory has enough of free disk space >512MB
387 if [ "$(df --output=avail ${BUILDDIR} | sed "1d")" -le "524288" ] ; then
467 if [ "$(df --output=avail "${BUILDDIR}" | sed "1d")" -le "524288" ] ; then
388 468 echo "error: ${BUILDDIR} not enough space left to generate the output image!"
389 469 exit 1
390 470 fi
391 471
392 472 set -x
393 473
394 474 # Call "cleanup" function on various signals and errors
395 475 trap cleanup 0 1 2 3 6
396 476
397 477 # Add required packages for the minbase installation
398 478 if [ "$ENABLE_MINBASE" = true ] ; then
399 479 APT_INCLUDES="${APT_INCLUDES},vim-tiny,netbase,net-tools,ifupdown"
400 480 fi
401 481
402 # Add required locales packages
403 if [ "$DEFLOCAL" != "en_US.UTF-8" ] ; then
404 APT_INCLUDES="${APT_INCLUDES},locales,keyboard-configuration,console-setup"
405 fi
406
407 482 # Add parted package, required to get partprobe utility
408 483 if [ "$EXPANDROOT" = true ] ; then
409 484 APT_INCLUDES="${APT_INCLUDES},parted"
410 485 fi
411 486
412 487 # Add dbus package, recommended if using systemd
413 488 if [ "$ENABLE_DBUS" = true ] ; then
414 489 APT_INCLUDES="${APT_INCLUDES},dbus"
415 490 fi
416 491
417 492 # Add iptables IPv4/IPv6 package
418 493 if [ "$ENABLE_IPTABLES" = true ] ; then
419 APT_INCLUDES="${APT_INCLUDES},iptables"
494 APT_INCLUDES="${APT_INCLUDES},iptables,iptables-persistent"
420 495 fi
421 496
422 497 # Add openssh server package
423 498 if [ "$ENABLE_SSHD" = true ] ; then
424 499 APT_INCLUDES="${APT_INCLUDES},openssh-server"
425 500 fi
426 501
427 502 # Add alsa-utils package
428 503 if [ "$ENABLE_SOUND" = true ] ; then
429 504 APT_INCLUDES="${APT_INCLUDES},alsa-utils"
430 505 fi
431 506
432 507 # Add rng-tools package
433 508 if [ "$ENABLE_HWRANDOM" = true ] ; then
434 509 APT_INCLUDES="${APT_INCLUDES},rng-tools"
435 510 fi
436 511
437 512 # Add fbturbo video driver
438 513 if [ "$ENABLE_FBTURBO" = true ] ; then
439 514 # Enable xorg package dependencies
440 515 ENABLE_XORG=true
441 516 fi
442 517
443 518 # Add user defined window manager package
444 519 if [ -n "$ENABLE_WM" ] ; then
445 520 APT_INCLUDES="${APT_INCLUDES},${ENABLE_WM}"
446 521
447 522 # Enable xorg package dependencies
448 523 ENABLE_XORG=true
449 524 fi
450 525
451 526 # Add xorg package
452 527 if [ "$ENABLE_XORG" = true ] ; then
453 528 APT_INCLUDES="${APT_INCLUDES},xorg,dbus-x11"
454 529 fi
455 530
456 531 # Replace selected packages with smaller clones
457 532 if [ "$ENABLE_REDUCE" = true ] ; then
458 533 # Add levee package instead of vim-tiny
459 534 if [ "$REDUCE_VIM" = true ] ; then
460 535 APT_INCLUDES="$(echo ${APT_INCLUDES} | sed "s/vim-tiny/levee/")"
461 536 fi
462 537
463 538 # Add dropbear package instead of openssh-server
464 539 if [ "$REDUCE_SSHD" = true ] ; then
465 APT_INCLUDES="$(echo ${APT_INCLUDES} | sed "s/openssh-server/dropbear/")"
540 APT_INCLUDES="$(echo "${APT_INCLUDES}" | sed "s/openssh-server/dropbear/")"
466 541 fi
467 542 fi
468 543
469 if [ "$RELEASE" != "jessie" ] ; then
470 APT_INCLUDES="${APT_INCLUDES},libnss-systemd"
544 # Configure systemd-sysv exclude to make halt/reboot/shutdown scripts available
545 if [ "$ENABLE_SYSVINIT" = false ] ; then
546 APT_EXCLUDES="--exclude=${APT_EXCLUDES},init,systemd-sysv"
547 fi
548
549 # Check if kernel is getting compiled
550 if [ "$BUILD_KERNEL" = false ] ; then
551 echo "Downloading precompiled kernel"
552 echo "error: not configured"
553 exit 1;
554 # BUILD_KERNEL=true
555 else
556 echo "No precompiled kernel repositories were added"
471 557 fi
472 558
473 559 # Configure kernel sources if no KERNELSRC_DIR
474 560 if [ "$BUILD_KERNEL" = true ] && [ -z "$KERNELSRC_DIR" ] ; then
475 561 KERNELSRC_CONFIG=true
476 562 fi
477 563
478 564 # Configure reduced kernel
479 565 if [ "$KERNEL_REDUCE" = true ] ; then
480 566 KERNELSRC_CONFIG=false
481 567 fi
482 568
569 # Configure qemu compatible kernel
570 if [ "$ENABLE_QEMU" = true ] ; then
571 DTB_FILE=vexpress-v2p-ca15_a7.dtb
572 UBOOT_CONFIG=vexpress_ca15_tc2_defconfig
573 KERNEL_DEFCONFIG="vexpress_defconfig"
574 if [ "$KERNEL_MENUCONFIG" = false ] ; then
575 KERNEL_OLDDEFCONFIG=true
576 fi
577 fi
578
483 579 # Execute bootstrap scripts
484 580 for SCRIPT in bootstrap.d/*.sh; do
485 581 head -n 3 "$SCRIPT"
486 582 . "$SCRIPT"
487 583 done
488 584
489 585 ## Execute custom bootstrap scripts
490 586 if [ -d "custom.d" ] ; then
491 587 for SCRIPT in custom.d/*.sh; do
492 588 . "$SCRIPT"
493 589 done
494 590 fi
495 591
496 592 # Execute custom scripts inside the chroot
497 593 if [ -n "$CHROOT_SCRIPTS" ] && [ -d "$CHROOT_SCRIPTS" ] ; then
498 594 cp -r "${CHROOT_SCRIPTS}" "${R}/chroot_scripts"
499 595 chroot_exec /bin/bash -x <<'EOF'
500 596 for SCRIPT in /chroot_scripts/* ; do
501 597 if [ -f $SCRIPT -a -x $SCRIPT ] ; then
502 598 $SCRIPT
503 599 fi
504 600 done
505 601 EOF
506 602 rm -rf "${R}/chroot_scripts"
507 603 fi
508 604
509 605 # Remove c/c++ build environment from the chroot
510 606 chroot_remove_cc
511 607
512 # Remove apt-utils
513 if [ "$RELEASE" = "jessie" ] ; then
514 chroot_exec apt-get purge -qq -y --force-yes apt-utils
515 fi
516
517 608 # Generate required machine-id
518 609 MACHINE_ID=$(dbus-uuidgen)
519 610 echo -n "${MACHINE_ID}" > "${R}/var/lib/dbus/machine-id"
520 611 echo -n "${MACHINE_ID}" > "${ETC_DIR}/machine-id"
521 612
522 613 # APT Cleanup
523 614 chroot_exec apt-get -y clean
524 615 chroot_exec apt-get -y autoclean
525 616 chroot_exec apt-get -y autoremove
526 617
527 618 # Unmount mounted filesystems
528 619 umount -l "${R}/proc"
529 620 umount -l "${R}/sys"
530 621
531 622 # Clean up directories
532 623 rm -rf "${R}/run/*"
533 624 rm -rf "${R}/tmp/*"
534 625
535 626 # Clean up files
536 627 rm -f "${ETC_DIR}/ssh/ssh_host_*"
537 628 rm -f "${ETC_DIR}/dropbear/dropbear_*"
538 629 rm -f "${ETC_DIR}/apt/sources.list.save"
539 630 rm -f "${ETC_DIR}/resolvconf/resolv.conf.d/original"
540 631 rm -f "${ETC_DIR}/*-"
541 632 rm -f "${ETC_DIR}/apt/apt.conf.d/10proxy"
542 633 rm -f "${ETC_DIR}/resolv.conf"
543 634 rm -f "${R}/root/.bash_history"
544 635 rm -f "${R}/var/lib/urandom/random-seed"
545 636 rm -f "${R}/initrd.img"
546 637 rm -f "${R}/vmlinuz"
547 638 rm -f "${R}${QEMU_BINARY}"
548 639
640 if [ "$ENABLE_QEMU" = true ] ; then
641 # Setup QEMU directory
642 mkdir "${BASEDIR}/qemu"
643
644 # Copy kernel image to QEMU directory
645 install_readonly "${BOOT_DIR}/${KERNEL_IMAGE}" "${BASEDIR}/qemu/${KERNEL_IMAGE}"
646
647 # Copy kernel config to QEMU directory
648 install_readonly "${R}/boot/config-${KERNEL_VERSION}" "${BASEDIR}/qemu/config-${KERNEL_VERSION}"
649
650 # Copy kernel dtbs to QEMU directory
651 for dtb in "${BOOT_DIR}/"*.dtb ; do
652 if [ -f "${dtb}" ] ; then
653 install_readonly "${dtb}" "${BASEDIR}/qemu/"
654 fi
655 done
656
657 # Copy kernel overlays to QEMU directory
658 if [ -d "${BOOT_DIR}/overlays" ] ; then
659 # Setup overlays dtbs directory
660 mkdir "${BASEDIR}/qemu/overlays"
661
662 for dtb in "${BOOT_DIR}/overlays/"*.dtb ; do
663 if [ -f "${dtb}" ] ; then
664 install_readonly "${dtb}" "${BASEDIR}/qemu/overlays/"
665 fi
666 done
667 fi
668
669 # Copy u-boot files to QEMU directory
670 if [ "$ENABLE_UBOOT" = true ] ; then
671 if [ -f "${BOOT_DIR}/u-boot.bin" ] ; then
672 install_readonly "${BOOT_DIR}/u-boot.bin" "${BASEDIR}/qemu/u-boot.bin"
673 fi
674 if [ -f "${BOOT_DIR}/uboot.mkimage" ] ; then
675 install_readonly "${BOOT_DIR}/uboot.mkimage" "${BASEDIR}/qemu/uboot.mkimage"
676 fi
677 if [ -f "${BOOT_DIR}/boot.scr" ] ; then
678 install_readonly "${BOOT_DIR}/boot.scr" "${BASEDIR}/qemu/boot.scr"
679 fi
680 fi
681
682 # Copy initramfs to QEMU directory
683 if [ -f "${BOOT_DIR}/initramfs-${KERNEL_VERSION}" ] ; then
684 install_readonly "${BOOT_DIR}/initramfs-${KERNEL_VERSION}" "${BASEDIR}/qemu/initramfs-${KERNEL_VERSION}"
685 fi
686 fi
687
549 688 # Calculate size of the chroot directory in KB
550 CHROOT_SIZE=$(expr `du -s "${R}" | awk '{ print $1 }'`)
689 CHROOT_SIZE=$(expr "$(du -s "${R}" | awk '{ print $1 }')")
551 690
552 691 # Calculate the amount of needed 512 Byte sectors
553 692 TABLE_SECTORS=$(expr 1 \* 1024 \* 1024 \/ 512)
554 693 FRMW_SECTORS=$(expr 64 \* 1024 \* 1024 \/ 512)
555 ROOT_OFFSET=$(expr ${TABLE_SECTORS} + ${FRMW_SECTORS})
694 ROOT_OFFSET=$(expr "${TABLE_SECTORS}" + "${FRMW_SECTORS}")
556 695
557 696 # The root partition is EXT4
558 697 # This means more space than the actual used space of the chroot is used.
559 698 # As overhead for journaling and reserved blocks 35% are added.
560 ROOT_SECTORS=$(expr $(expr ${CHROOT_SIZE} + ${CHROOT_SIZE} \/ 100 \* 35) \* 1024 \/ 512)
699 ROOT_SECTORS=$(expr "$(expr "${CHROOT_SIZE}" + "${CHROOT_SIZE}" \/ 100 \* 35)" \* 1024 \/ 512)
561 700
562 701 # Calculate required image size in 512 Byte sectors
563 IMAGE_SECTORS=$(expr ${TABLE_SECTORS} + ${FRMW_SECTORS} + ${ROOT_SECTORS})
702 IMAGE_SECTORS=$(expr "${TABLE_SECTORS}" + "${FRMW_SECTORS}" + "${ROOT_SECTORS}")
564 703
565 704 # Prepare image file
566 705 if [ "$ENABLE_SPLITFS" = true ] ; then
567 dd if=/dev/zero of="$IMAGE_NAME-frmw.img" bs=512 count=${TABLE_SECTORS}
568 dd if=/dev/zero of="$IMAGE_NAME-frmw.img" bs=512 count=0 seek=${FRMW_SECTORS}
569 dd if=/dev/zero of="$IMAGE_NAME-root.img" bs=512 count=${TABLE_SECTORS}
570 dd if=/dev/zero of="$IMAGE_NAME-root.img" bs=512 count=0 seek=${ROOT_SECTORS}
706 dd if=/dev/zero of="$IMAGE_NAME-frmw.img" bs=512 count="${TABLE_SECTORS}"
707 dd if=/dev/zero of="$IMAGE_NAME-frmw.img" bs=512 count=0 seek="${FRMW_SECTORS}"
708 dd if=/dev/zero of="$IMAGE_NAME-root.img" bs=512 count="${TABLE_SECTORS}"
709 dd if=/dev/zero of="$IMAGE_NAME-root.img" bs=512 count=0 seek="${ROOT_SECTORS}"
571 710
572 711 # Write firmware/boot partition tables
573 712 sfdisk -q -L -uS -f "$IMAGE_NAME-frmw.img" 2> /dev/null <<EOM
574 713 ${TABLE_SECTORS},${FRMW_SECTORS},c,*
575 714 EOM
576 715
577 716 # Write root partition table
578 717 sfdisk -q -L -uS -f "$IMAGE_NAME-root.img" 2> /dev/null <<EOM
579 718 ${TABLE_SECTORS},${ROOT_SECTORS},83
580 719 EOM
581 720
582 721 # Setup temporary loop devices
583 FRMW_LOOP="$(losetup -o 1M --sizelimit 64M -f --show $IMAGE_NAME-frmw.img)"
584 ROOT_LOOP="$(losetup -o 1M -f --show $IMAGE_NAME-root.img)"
722 FRMW_LOOP="$(losetup -o 1M --sizelimit 64M -f --show "$IMAGE_NAME"-frmw.img)"
723 ROOT_LOOP="$(losetup -o 1M -f --show "$IMAGE_NAME"-root.img)"
585 724 else # ENABLE_SPLITFS=false
586 dd if=/dev/zero of="$IMAGE_NAME.img" bs=512 count=${TABLE_SECTORS}
587 dd if=/dev/zero of="$IMAGE_NAME.img" bs=512 count=0 seek=${IMAGE_SECTORS}
725 dd if=/dev/zero of="$IMAGE_NAME.img" bs=512 count="${TABLE_SECTORS}"
726 dd if=/dev/zero of="$IMAGE_NAME.img" bs=512 count=0 seek="${IMAGE_SECTORS}"
588 727
589 728 # Write partition table
590 729 sfdisk -q -L -uS -f "$IMAGE_NAME.img" 2> /dev/null <<EOM
591 730 ${TABLE_SECTORS},${FRMW_SECTORS},c,*
592 731 ${ROOT_OFFSET},${ROOT_SECTORS},83
593 732 EOM
594 733
595 734 # Setup temporary loop devices
596 FRMW_LOOP="$(losetup -o 1M --sizelimit 64M -f --show $IMAGE_NAME.img)"
597 ROOT_LOOP="$(losetup -o 65M -f --show $IMAGE_NAME.img)"
735 FRMW_LOOP="$(losetup -o 1M --sizelimit 64M -f --show "$IMAGE_NAME".img)"
736 ROOT_LOOP="$(losetup -o 65M -f --show "$IMAGE_NAME".img)"
598 737 fi
599 738
600 739 if [ "$ENABLE_CRYPTFS" = true ] ; then
601 740 # Create dummy ext4 fs
602 741 mkfs.ext4 "$ROOT_LOOP"
603 742
604 743 # Setup password keyfile
605 744 touch .password
606 745 chmod 600 .password
607 746 echo -n ${CRYPTFS_PASSWORD} > .password
608 747
609 748 # Initialize encrypted partition
610 749 echo "YES" | cryptsetup luksFormat "${ROOT_LOOP}" -c "${CRYPTFS_CIPHER}" -s "${CRYPTFS_XTSKEYSIZE}" .password
611 750
612 751 # Open encrypted partition and setup mapping
613 752 cryptsetup luksOpen "${ROOT_LOOP}" -d .password "${CRYPTFS_MAPPING}"
614 753
615 754 # Secure delete password keyfile
616 755 shred -zu .password
617 756
618 757 # Update temporary loop device
619 758 ROOT_LOOP="/dev/mapper/${CRYPTFS_MAPPING}"
620 759
621 760 # Wipe encrypted partition (encryption cipher is used for randomness)
622 dd if=/dev/zero of="${ROOT_LOOP}" bs=512 count=$(blockdev --getsz "${ROOT_LOOP}")
761 dd if=/dev/zero of="${ROOT_LOOP}" bs=512 count="$(blockdev --getsz "${ROOT_LOOP}")"
623 762 fi
624 763
625 764 # Build filesystems
626 765 mkfs.vfat "$FRMW_LOOP"
627 766 mkfs.ext4 "$ROOT_LOOP"
628 767
629 768 # Mount the temporary loop devices
630 769 mkdir -p "$BUILDDIR/mount"
631 770 mount "$ROOT_LOOP" "$BUILDDIR/mount"
632 771
633 772 mkdir -p "$BUILDDIR/mount/boot/firmware"
634 773 mount "$FRMW_LOOP" "$BUILDDIR/mount/boot/firmware"
635 774
636 775 # Copy all files from the chroot to the loop device mount point directory
637 776 rsync -a "${R}/" "$BUILDDIR/mount/"
638 777
639 778 # Unmount all temporary loop devices and mount points
640 779 cleanup
641 780
642 781 # Create block map file(s) of image(s)
643 782 if [ "$ENABLE_SPLITFS" = true ] ; then
644 783 # Create block map files for "bmaptool"
645 784 bmaptool create -o "$IMAGE_NAME-frmw.bmap" "$IMAGE_NAME-frmw.img"
646 785 bmaptool create -o "$IMAGE_NAME-root.bmap" "$IMAGE_NAME-root.img"
647 786
648 787 # Image was successfully created
649 echo "$IMAGE_NAME-frmw.img ($(expr \( ${TABLE_SECTORS} + ${FRMW_SECTORS} \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
650 echo "$IMAGE_NAME-root.img ($(expr \( ${TABLE_SECTORS} + ${ROOT_SECTORS} \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
788 echo "$IMAGE_NAME-frmw.img ($(expr \( "${TABLE_SECTORS}" + "${FRMW_SECTORS}" \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
789 echo "$IMAGE_NAME-root.img ($(expr \( "${TABLE_SECTORS}" + "${ROOT_SECTORS}" \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
651 790 else
652 791 # Create block map file for "bmaptool"
653 792 bmaptool create -o "$IMAGE_NAME.bmap" "$IMAGE_NAME.img"
654 793
655 794 # Image was successfully created
656 echo "$IMAGE_NAME.img ($(expr \( ${TABLE_SECTORS} + ${FRMW_SECTORS} + ${ROOT_SECTORS} \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
795 echo "$IMAGE_NAME.img ($(expr \( "${TABLE_SECTORS}" + "${FRMW_SECTORS}" + "${ROOT_SECTORS}" \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
796
797 # Create qemu qcow2 image
798 if [ "$ENABLE_QEMU" = true ] ; then
799 QEMU_IMAGE=${QEMU_IMAGE:=${BASEDIR}/qemu/${DATE}-${KERNEL_ARCH}-CURRENT-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}}
800 QEMU_SIZE=16G
801
802 qemu-img convert -f raw -O qcow2 "$IMAGE_NAME".img "$QEMU_IMAGE".qcow2
803 qemu-img resize "$QEMU_IMAGE".qcow2 $QEMU_SIZE
804
805 echo "$QEMU_IMAGE.qcow2 ($QEMU_SIZE)" ": successfully created"
806 fi
657 807 fi
General Comments 0
Vous devez vous connecter pour laisser un commentaire. Se connecter maintenant