##// END OF EJS Templates
Raspi2-3_GenImage
RSS

Cloner depuis https://github.com/drtyhlpr/rpi23-gen-image.git

Nexmon
Unknown -
r444:8f60b41a284e
parent child
Show More
Show file before | Show file after | Hide comments
@@ -0,0 +1,49
1 #
2 # Build and Setup fbturbo Xorg driver
3 #
4
5 # Load utility functions
6 . ./functions.sh
7
8 # Build nexmon firmware outside the build system, if we can.
9 cd "${basedir}"
10 git clone https://github.com/seemoo-lab/nexmon.git "${basedir}"/nexmon --depth 1
11 cd "${basedir}"/nexmon
12 # Disable statistics
13 touch DISABLE_STATISTICS
14 source setup_env.sh
15 ls -lah /usr/lib/x86_64-linux-gnu/libl.a
16 ls -lah /usr/lib/x86_64-linux-gnu/libfl.a
17 make
18 cd buildtools/isl-0.10
19 CC=$CCgcc
20 ./configure
21 make
22 sed -i -e 's/all:.*/all: $(RAM_FILE)/g' ${NEXMON_ROOT}/patches/bcm43430a1/7_45_41_46/nexmon/Makefile
23 sed -i -e 's/all:.*/all: $(RAM_FILE)/g' ${NEXMON_ROOT}/patches/bcm43455c0/7_45_154/nexmon/Makefile
24 cd ${NEXMON_ROOT}/patches/bcm43430a1/7_45_41_46/nexmon
25 # Make sure we use the cross compiler to build the firmware.
26 # We use the x86 cross compiler because we're building on amd64
27 unset CROSS_COMPILE
28 #export CROSS_COMPILE=${NEXMON_ROOT}/buildtools/gcc-arm-none-eabi-5_4-2016q2-linux-x86/bin/arm-none-eabi-
29 make clean
30 # We do this so we don't have to install the ancient isl version into /usr/local/lib on systems.
31 LD_LIBRARY_PATH=${NEXMON_ROOT}/buildtools/isl-0.10/.libs make ARCH=arm CC=${NEXMON_ROOT}/buildtools/gcc-arm-none-eabi-5_4-2016q2-linux-x86/bin/arm-none-eabi-
32 cd ${NEXMON_ROOT}/patches/bcm43455c0/7_45_154/nexmon
33 make clean
34 LD_LIBRARY_PATH=${NEXMON_ROOT}/buildtools/isl-0.10/.libs make ARCH=arm CC=${NEXMON_ROOT}/buildtools/gcc-arm-none-eabi-5_4-2016q2-linux-x86/bin/arm-none-eabi-
35 # RPi0w->3B firmware
36 mkdir -p "${basedir}"/kali-${architecture}/lib/firmware/brcm
37 cp ${NEXMON_ROOT}/patches/bcm43430a1/7_45_41_46/nexmon/brcmfmac43430-sdio.bin "${basedir}"/kali-${architecture}/lib/firmware/brcm/brcmfmac43430-sdio.nexmon.bin
38 cp ${NEXMON_ROOT}/patches/bcm43430a1/7_45_41_46/nexmon/brcmfmac43430-sdio.bin "${basedir}"/kali-${architecture}/lib/firmware/brcm/brcmfmac43430-sdio.bin
39 wget https://raw.githubusercontent.com/RPi-Distro/firmware-nonfree/master/brcm/brcmfmac43430-sdio.txt -O "${basedir}"/kali-${architecture}/lib/firmware/brcm/brcmfmac43430-sdio.txt
40 # RPi3B+ firmware
41 cp ${NEXMON_ROOT}/patches/bcm43455c0/7_45_154/nexmon/brcmfmac43455-sdio.bin "${basedir}"/kali-${architecture}/lib/firmware/brcm/brcmfmac43455-sdio.nexmon.bin
42 cp ${NEXMON_ROOT}/patches/bcm43455c0/7_45_154/nexmon/brcmfmac43455-sdio.bin "${basedir}"/kali-${architecture}/lib/firmware/brcm/brcmfmac43455-sdio.bin
43 wget https://raw.githubusercontent.com/RPi-Distro/firmware-nonfree/master/brcm/brcmfmac43455-sdio.txt -O "${basedir}"/kali-${architecture}/lib/firmware/brcm/brcmfmac43455-sdio.txt
44 # Make a backup copy of the rpi firmware in case people don't want to use the nexmon firmware.
45 # The firmware used on the RPi is not the same firmware that is in the firmware-brcm package which is why we do this.
46 wget https://raw.githubusercontent.com/RPi-Distro/firmware-nonfree/master/brcm/brcmfmac43430-sdio.bin -O "${basedir}"/kali-${architecture}/lib/firmware/brcm/brcmfmac43430-sdio.rpi.bin
47 wget https://raw.githubusercontent.com/RPi-Distro/firmware-nonfree/master/brcm/brcmfmac43455-sdio.bin -O "${basedir}"/kali-${architecture}/lib/firmware/brcm/brcmfmac43455-sdio.rpi.bin
48 # This is required for any wifi to work on the RPi 3B+
49 wget https://raw.githubusercontent.com/RPi-Distro/firmware-nonfree/master/brcm/brcmfmac43455-sdio.clm_blob -O "${basedir}"/kali-${architecture}/lib/firmware/brcm/brcmfmac43455-sdio.clm_blob
Show file before | Show file after | Hide comments
@@ -1,513 +1,519
1 1 # rpi23-gen-image
2 2 ## Introduction
3 3 `rpi23-gen-image.sh` is an advanced Debian Linux bootstrapping shell script for generating Debian OS images for Raspberry Pi 2 (RPi2) and Raspberry Pi 3 (RPi3) computers. The script at this time supports the bootstrapping of the Debian (armhf) releases `stretch` and `buster`. Raspberry Pi 3 images are generated for 32-bit mode only. Raspberry Pi 3 64-bit images can be generated using custom configuration parameters (```templates/rpi3-stretch-arm64-4.14.y```).
4 4
5 5 ## Build dependencies
6 6 The following list of Debian packages must be installed on the build system because they are essentially required for the bootstrapping process. The script will check if all required packages are installed and missing packages will be installed automatically if confirmed by the user.
7 7
8 8 ```debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git bc psmisc dbus sudo```
9 9
10 10 It is recommended to configure the `rpi23-gen-image.sh` script to build and install the latest Raspberry Pi Linux kernel. For the RPi3 this is mandatory. Kernel compilation and linking will be performed on the build system using an ARM (armhf) cross-compiler toolchain.
11 11
12 12 The script has been tested using the default `crossbuild-essential-armhf` toolchain meta package on Debian Linux `stretch` build systems. Please check the [Debian CrossToolchains Wiki](https://wiki.debian.org/CrossToolchains) for further information.
13 13
14 14 ## Command-line parameters
15 15 The script accepts certain command-line parameters to enable or disable specific OS features, services and configuration settings. These parameters are passed to the `rpi23-gen-image.sh` script via (simple) shell-variables. Unlike environment shell-variables (simple) shell-variables are defined at the beginning of the command-line call of the `rpi23-gen-image.sh` script.
16 16
17 17 ##### Command-line examples:
18 18 ```shell
19 19 ENABLE_UBOOT=true ./rpi23-gen-image.sh
20 20 ENABLE_CONSOLE=false ENABLE_IPV6=false ./rpi23-gen-image.sh
21 21 ENABLE_WM=xfce4 ENABLE_FBTURBO=true ENABLE_MINBASE=true ./rpi23-gen-image.sh
22 22 ENABLE_HARDNET=true ENABLE_IPTABLES=true /rpi23-gen-image.sh
23 23 APT_SERVER=ftp.de.debian.org APT_PROXY="http://127.0.0.1:3142/" ./rpi23-gen-image.sh
24 24 ENABLE_MINBASE=true ./rpi23-gen-image.sh
25 25 BUILD_KERNEL=true ENABLE_MINBASE=true ENABLE_IPV6=false ./rpi23-gen-image.sh
26 26 BUILD_KERNEL=true KERNELSRC_DIR=/tmp/linux ./rpi23-gen-image.sh
27 27 ENABLE_MINBASE=true ENABLE_REDUCE=true ENABLE_MINGPU=true BUILD_KERNEL=true ./rpi23-gen-image.sh
28 28 ENABLE_CRYPTFS=true CRYPTFS_PASSWORD=changeme EXPANDROOT=false ENABLE_MINBASE=true ENABLE_REDUCE=true ENABLE_MINGPU=true BUILD_KERNEL=true ./rpi23-gen-image.sh
29 29 RELEASE=stretch BUILD_KERNEL=true ./rpi23-gen-image.sh
30 30 RPI_MODEL=3 ENABLE_WIRELESS=true ENABLE_MINBASE=true BUILD_KERNEL=true ./rpi23-gen-image.sh
31 31 RELEASE=stretch RPI_MODEL=3 ENABLE_WIRELESS=true ENABLE_MINBASE=true BUILD_KERNEL=true ./rpi23-gen-image.sh
32 32 ```
33 33
34 34 ## Configuration template files
35 35 To avoid long lists of command-line parameters and to help to store the favourite parameter configurations the `rpi23-gen-image.sh` script supports so called configuration template files (`CONFIG_TEMPLATE`=template). These are simple text files located in the `./templates` directory that contain the list of configuration parameters that will be used. New configuration template files can be added to the `./templates` directory.
36 36
37 37 ##### Command-line examples:
38 38 ```shell
39 39 CONFIG_TEMPLATE=rpi3stretch ./rpi23-gen-image.sh
40 40 CONFIG_TEMPLATE=rpi2stretch ./rpi23-gen-image.sh
41 41 ```
42 42
43 43 ## Supported parameters and settings
44 44 #### APT settings:
45 45 ##### `APT_SERVER`="ftp.debian.org/debian"
46 46 Set Debian packages server address. Choose a server from the list of Debian worldwide [mirror sites](https://www.debian.org/mirror/list). Using a nearby server will probably speed-up all required downloads within the bootstrapping process.
47 47
48 48 ##### `APT_PROXY`=""
49 49 Set Proxy server address. Using a local Proxy-Cache like `apt-cacher-ng` will speed-up the bootstrapping process because all required Debian packages will only be downloaded from the Debian mirror site once. If `apt-cacher-ng` is running on default `http://127.0.0.1:3142` it is autodetected and you don't need to set this.
50 50
51 51 ##### `APT_INCLUDES`=""
52 52 A comma separated list of additional packages to be installed by debootstrap during bootstrapping.
53 53
54 54 ##### `APT_INCLUDES_LATE`=""
55 55 A comma separated list of additional packages to be installed by apt after bootstrapping and after APT sources are set up. This is useful for packages with pre-depends, which debootstrap do not handle well.
56 56
57 57 ---
58 58
59 59 #### General system settings:
60 60 ##### `SET_ARCH`=32
61 61 Set Architecture to default 32bit. If you want to to compile 64bit (RPI3 or RPI3+) set it to `64`. This option will set every needed crosscompiler or boeard specific option for a successful build.
62 62 If you want to change e.g. cross-compiler -> Templates always override defaults
63 63
64 64 ##### `RPI_MODEL`=2
65 65 Specifiy the target Raspberry Pi hardware model. The script at this time supports the following Raspberry Pi models:
66 66 `0` = Used for Raspberry Pi 0 and Raspberry Pi 0 W
67 67 `1` = Used for Pi 1 model A and B
68 68 `1P` = Used for Pi 1 model B+ and A+
69 69 `2` = Used for Pi 2 model B
70 70 `3` = Used for Pi 3 model B
71 71 `3P` = Used for Pi 3 model B+
72 72 `BUILD_KERNEL`=true will automatically be set if the Raspberry Pi model `3` or `3P` is used.
73 73
74 74 ##### `RELEASE`="buster"
75 75 Set the desired Debian release name. The script at this time supports the bootstrapping of the Debian releases `stretch` and `buster`.
76 76
77 77 ##### `RELEASE_ARCH`="armhf"
78 78 Set the desired Debian release architecture.
79 79
80 80 ##### `HOSTNAME`="rpi$RPI_MODEL-$RELEASE"
81 81 Set system host name. It's recommended that the host name is unique in the corresponding subnet.
82 82
83 83 ##### `PASSWORD`="raspberry"
84 84 Set system `root` password. It's **STRONGLY** recommended that you choose a custom password.
85 85
86 86 ##### `USER_PASSWORD`="raspberry"
87 87 Set password for the created non-root user `USER_NAME`=pi. Ignored if `ENABLE_USER`=false. It's **STRONGLY** recommended that you choose a custom password.
88 88
89 89 ##### `DEFLOCAL`="en_US.UTF-8"
90 90 Set default system locale. This setting can also be changed inside the running OS using the `dpkg-reconfigure locales` command. Please note that on using this parameter the script will automatically install the required packages `locales`, `keyboard-configuration` and `console-setup`.
91 91
92 92 ##### `TIMEZONE`="Europe/Berlin"
93 93 Set default system timezone. All available timezones can be found in the `/usr/share/zoneinfo/` directory. This setting can also be changed inside the running OS using the `dpkg-reconfigure tzdata` command.
94 94
95 95 ##### `EXPANDROOT`=true
96 96 Expand the root partition and filesystem automatically on first boot.
97 97
98 98 ##### `ENABLE_QEMU`=false
99 99 Generate kernel (`vexpress_defconfig`), file system image (`qcow2`) and DTB files that can be used for QEMU full system emulation (`vexpress-A15`). The output files are stored in the `$(pwd)/images/qemu` directory. You can find more information about running the generated image in the QEMU section of this readme file.
100 100
101 101 ---
102 102
103 103 #### Keyboard settings:
104 104 These options are used to configure keyboard layout in `/etc/default/keyboard` for console and Xorg. These settings can also be changed inside the running OS using the `dpkg-reconfigure keyboard-configuration` command.
105 105
106 106 ##### `XKB_MODEL`=""
107 107 Set the name of the model of your keyboard type.
108 108
109 109 ##### `XKB_LAYOUT`=""
110 110 Set the supported keyboard layout(s).
111 111
112 112 ##### `XKB_VARIANT`=""
113 113 Set the supported variant(s) of the keyboard layout(s).
114 114
115 115 ##### `XKB_OPTIONS`=""
116 116 Set extra xkb configuration options.
117 117
118 118 ---
119 119
120 120 #### Networking settings (DHCP):
121 121 This parameter is used to set up networking auto configuration in `/etc/systemd/network/eth.network`. The default location of network configuration files in the Debian `stretch` release was changed to `/lib/systemd/network`.`
122 122
123 123 ##### `ENABLE_DHCP`=true
124 124 Set the system to use DHCP. This requires an DHCP server.
125 125
126 126 ---
127 127
128 128 #### Networking settings (static):
129 129 These parameters are used to set up a static networking configuration in `/etc/systemd/network/eth.network`. The following static networking parameters are only supported if `ENABLE_DHCP` was set to `false`. The default location of network configuration files in the Debian `stretch` release was changed to `/lib/systemd/network`.
130 130
131 131 ##### `NET_ADDRESS`=""
132 132 Set a static IPv4 or IPv6 address and its prefix, separated by "/", eg. "192.169.0.3/24".
133 133
134 134 ##### `NET_GATEWAY`=""
135 135 Set the IP address for the default gateway.
136 136
137 137 ##### `NET_DNS_1`=""
138 138 Set the IP address for the first DNS server.
139 139
140 140 ##### `NET_DNS_2`=""
141 141 Set the IP address for the second DNS server.
142 142
143 143 ##### `NET_DNS_DOMAINS`=""
144 144 Set the default DNS search domains to use for non fully qualified host names.
145 145
146 146 ##### `NET_NTP_1`=""
147 147 Set the IP address for the first NTP server.
148 148
149 149 ##### `NET_NTP_2`=""
150 150 Set the IP address for the second NTP server.
151 151
152 152 ---
153 153
154 154 #### Basic system features:
155 155 ##### `ENABLE_CONSOLE`=true
156 156 Enable serial console interface. Recommended if no monitor or keyboard is connected to the RPi2/3. In case of problems fe. if the network (auto) configuration failed - the serial console can be used to access the system. On RPI `0` `3` `3P` the CPU speed is locked at lowest speed.
157 157
158 158 ##### `ENABLE_PRINTK`=false
159 159 Enables printing kernel messages to konsole. printk is `3 4 1 3` as in raspbian.
160 160
161 161 ##### `ENABLE_BLUETOOTH`=false
162 162 Enable onboard Bluetooth interface on the RPi0/3/3P. See: https://spellfoundry.com/2016/05/29/configuring-gpio-serial-port-raspbian-jessie-including-pi-3/
163 163
164 164 ##### `ENABLE_MINIUART_OVERLAY`=false
165 165 Enable Bluetooth to use this. Adds overlay to swap UART0 with UART1. Enabling (slower) Bluetooth and full speed serial console. - RPI `0` `3` `3P` have a fast `hardware UART0` (ttyAMA0) and a `mini UART1` (ttyS0)! RPI `1` `1P` `2` only have a `hardware UART0`. `UART0` is considered better, because is faster and more stable than `mini UART1`. By default the Bluetooth modem is mapped to the `hardware UART0` and `mini UART` is used for console. The `mini UART` is a problem for the serial console, because its baudrate depends on the cpu frequency, which is changing on runtime. Resulting in a volatile baudrate and thus in an unusable serial console.
166 166
167 167 ##### `ENABLE_TURBO`=false
168 168 Enable Turbo mode. This setting locks cpu at highest frequency. As setting ENABLE_CONSOLE=true locks RPI to lowest CPU speed, this is can be used additionally to lock cpu hat max speed. Need a good power supply and probably cooling for the Raspberry PI.
169 169
170 170 ##### `ENABLE_I2C`=false
171 171 Enable I2C interface on the RPi2/3. Please check the [RPi2/3 pinout diagrams](https://elinux.org/RPi_Low-level_peripherals) to connect the right GPIO pins.
172 172
173 173 ##### `ENABLE_SPI`=false
174 174 Enable SPI interface on the RPi2/3. Please check the [RPi2/3 pinout diagrams](https://elinux.org/RPi_Low-level_peripherals) to connect the right GPIO pins.
175 175
176 176 ##### `ENABLE_IPV6`=true
177 177 Enable IPv6 support. The network interface configuration is managed via systemd-networkd.
178 178
179 179 ##### `ENABLE_SSHD`=true
180 180 Install and enable OpenSSH service. The default configuration of the service doesn't allow `root` to login. Please use the user `pi` instead and `su -` or `sudo` to execute commands as root.
181 181
182 182 ##### `ENABLE_NONFREE`=false
183 183 Allow the installation of non-free Debian packages that do not comply with the DFSG. This is required to install closed-source firmware binary blobs.
184 184
185 185 ##### `ENABLE_WIRELESS`=false
186 186 Download and install the [closed-source firmware binary blob](https://github.com/RPi-Distro/firmware-nonfree/raw/master/brcm) that is required to run the internal wireless interface of the Raspberry Pi model `3`. This parameter is ignored if the specified `RPI_MODEL` is not `3`.
187 187
188 188 ##### `ENABLE_RSYSLOG`=true
189 189 If set to false, disable and uninstall rsyslog (so logs will be available only in journal files)
190 190
191 191 ##### `ENABLE_SOUND`=true
192 192 Enable sound hardware and install Advanced Linux Sound Architecture.
193 193
194 194 ##### `ENABLE_HWRANDOM`=true
195 195 Enable Hardware Random Number Generator. Strong random numbers are important for most network based communications that use encryption. It's recommended to be enabled.
196 196
197 197 ##### `ENABLE_MINGPU`=false
198 198 Minimize the amount of shared memory reserved for the GPU. It doesn't seem to be possible to fully disable the GPU.
199 199
200 200 ##### `ENABLE_DBUS`=true
201 201 Install and enable D-Bus message bus. Please note that systemd should work without D-bus but it's recommended to be enabled.
202 202
203 203 ##### `ENABLE_XORG`=false
204 204 Install Xorg open-source X Window System.
205 205
206 206 ##### `ENABLE_WM`=""
207 207 Install a user defined window manager for the X Window System. To make sure all X related package dependencies are getting installed `ENABLE_XORG` will automatically get enabled if `ENABLE_WM` is used. The `rpi23-gen-image.sh` script has been tested with the following list of window managers: `blackbox`, `openbox`, `fluxbox`, `jwm`, `dwm`, `xfce4`, `awesome`.
208 208
209 209 ##### `ENABLE_SYSVINIT`=false
210 210 Support for halt,init,poweroff,reboot,runlevel,shutdown,telinit commands
211 211
212 212 ---
213 213
214 214 #### Advanced system features:
215 215 ##### `ENABLE_MINBASE`=false
216 216 Use debootstrap script variant `minbase` which only includes essential packages and apt. This will reduce the disk usage by about 65 MB.
217 217
218 218 ##### `ENABLE_REDUCE`=false
219 219 Reduce the disk space usage by deleting packages and files. See `REDUCE_*` parameters for detailed information.
220 220
221 221 ##### `ENABLE_UBOOT`=false
222 222 Replace the default RPi2/3 second stage bootloader (bootcode.bin) with [U-Boot bootloader](https://git.denx.de/?p=u-boot.git;a=summary). U-Boot can boot images via the network using the BOOTP/TFTP protocol.
223 223
224 224 ##### `UBOOTSRC_DIR`=""
225 225 Path to a directory (`u-boot`) of [U-Boot bootloader sources](https://git.denx.de/?p=u-boot.git;a=summary) that will be copied, configured, build and installed inside the chroot.
226 226
227 227 ##### `ENABLE_FBTURBO`=false
228 228 Install and enable the [hardware accelerated Xorg video driver](https://github.com/ssvb/xf86-video-fbturbo) `fbturbo`. Please note that this driver is currently limited to hardware accelerated window moving and scrolling.
229 229
230 230 ##### `FBTURBOSRC_DIR`=""
231 231 Path to a directory (`xf86-video-fbturbo`) of [hardware accelerated Xorg video driver sources](https://github.com/ssvb/xf86-video-fbturbo) that will be copied, configured, build and installed inside the chroot.
232 232
233 233 ##### `ENABLE_VIDEOCORE`=false
234 234 Install and enable the [Source code for ARM side libraries for interfacing to Raspberry Pi GPU](https://github.com/raspberrypi/userland) `vcgencmd`. Please note that this driver is currently limited to hardware accelerated window moving and scrolling.
235 235
236 236 ##### `VIDEOCORESRC_DIR`=""
237 Path to a directory (`userland`) of [Source code for ARM side libraries for interfacing to Raspberry Pi GPU](https://github.com/raspberrypi/userland) that will be copied, configured, build and installed inside the chroot.
237 Path to a directory (`userland`) of [Source code for a C-based firmware patching framework for Broadcom/Cypress WiFi chips that enables you to write your own firmware patches, for example, to enable monitor mode with radiotap headers and frame injection](https://github.com/seemoo-lab/nexmon.git) that will be copied, configured, build and installed inside the chroot.
238
239 ##### `ENABLE_NEXMON`=false
240 Install and enable the [Source code for a C-based firmware patching framework for Broadcom/Cypress WiFi chips that enables you to write your own firmware patches, for example, to enable monitor mode with radiotap headers and frame injection](https://github.com/seemoo-lab/nexmon.git).
241
242 ##### `NEXMON_DIR`=""
243 Path to a directory (`nexmon`) of [Source code for ARM side libraries for interfacing to Raspberry Pi GPU](https://github.com/raspberrypi/userland) that will be copied, configured, build and installed inside the chroot.
238 244
239 245 ##### `ENABLE_IPTABLES`=false
240 246 Enable iptables IPv4/IPv6 firewall. Simplified ruleset: Allow all outgoing connections. Block all incoming connections except to OpenSSH service.
241 247
242 248 ##### `ENABLE_USER`=true
243 249 Create non-root user with password `USER_PASSWORD`=raspberry. Unless overridden with `USER_NAME`=user, username will be `pi`.
244 250
245 251 ##### `USER_NAME`=pi
246 252 Non-root user to create. Ignored if `ENABLE_USER`=false
247 253
248 254 ##### `ENABLE_ROOT`=false
249 255 Set root user password so root login will be enabled
250 256
251 257 ##### `ENABLE_HARDNET`=false
252 258 Enable IPv4/IPv6 network stack hardening settings.
253 259
254 260 ##### `ENABLE_SPLITFS`=false
255 261 Enable having root partition on an USB drive by creating two image files: one for the `/boot/firmware` mount point, and another for `/`.
256 262
257 263 ##### `CHROOT_SCRIPTS`=""
258 264 Path to a directory with scripts that should be run in the chroot before the image is finally built. Every executable file in this directory is run in lexicographical order.
259 265
260 266 ##### `ENABLE_INITRAMFS`=false
261 267 Create an initramfs that that will be loaded during the Linux startup process. `ENABLE_INITRAMFS` will automatically get enabled if `ENABLE_CRYPTFS`=true. This parameter will be ignored if `BUILD_KERNEL`=false.
262 268
263 269 ##### `ENABLE_IFNAMES`=true
264 270 Enable automatic assignment of predictable, stable network interface names for all local Ethernet, WLAN interfaces. This might create complex and long interface names.
265 271
266 272 ##### `DISABLE_UNDERVOLT_WARNINGS`=
267 273 Disable RPi2/3 under-voltage warnings and overlays. Setting the parameter to `1` will disable the warning overlay. Setting it to `2` will additionally allow RPi2/3 turbo mode when low-voltage is present.
268 274
269 275 ---
270 276
271 277 #### SSH settings:
272 278 ##### `SSH_ENABLE_ROOT`=false
273 279 Enable password root login via SSH. This may be a security risk with default password, use only in trusted environments. `ENABLE_ROOT` must be set to `true`.
274 280
275 281 ##### `SSH_DISABLE_PASSWORD_AUTH`=false
276 282 Disable password based SSH authentication. Only public key based SSH (v2) authentication will be supported.
277 283
278 284 ##### `SSH_LIMIT_USERS`=false
279 285 Limit the users that are allowed to login via SSH. Only allow user `USER_NAME`=pi and root if `SSH_ENABLE_ROOT`=true to login. This parameter will be ignored if `dropbear` SSH is used (`REDUCE_SSHD`=true).
280 286
281 287 ##### `SSH_ROOT_PUB_KEY`=""
282 288 Add SSH (v2) public key(s) from specified file to `authorized_keys` file to enable public key based SSH (v2) authentication of user `root`. The specified file can also contain multiple SSH (v2) public keys. SSH protocol version 1 is not supported. `ENABLE_ROOT` **and** `SSH_ENABLE_ROOT` must be set to `true`.
283 289
284 290 ##### `SSH_USER_PUB_KEY`=""
285 291 Add SSH (v2) public key(s) from specified file to `authorized_keys` file to enable public key based SSH (v2) authentication of user `USER_NAME`=pi. The specified file can also contain multiple SSH (v2) public keys. SSH protocol version 1 is not supported.
286 292
287 293 ---
288 294
289 295 #### Kernel compilation:
290 296 ##### `BUILD_KERNEL`=true
291 297 Build and install the latest RPi2/3 Linux kernel. Currently only the default RPi2/3 kernel configuration is used.
292 298
293 299 ##### `CROSS_COMPILE`="arm-linux-gnueabihf-"
294 300 This sets the cross compile enviornment for the compiler.
295 301
296 302 ##### `KERNEL_ARCH`="arm"
297 303 This sets the kernel architecture for the compiler.
298 304
299 305 ##### `KERNEL_IMAGE`="kernel7.img"
300 306 Name of the image file in the boot partition. If not set, `KERNEL_IMAGE` will be set to "kernel8.img" automatically if building for arm64.
301 307
302 308 ##### `KERNEL_BRANCH`=""
303 309 Name of the requested branch from the GIT location for the RPi Kernel. Default is using the current default branch from the GIT site.
304 310
305 311 ##### `QEMU_BINARY`="/usr/bin/qemu-arm-static"
306 312 Sets the QEMU enviornment for the Debian archive. If not set, `QEMU_BINARY` will be set to "/usr/bin/qemu-aarch64-static" automatically if building for arm64.
307 313
308 314 ##### `KERNEL_DEFCONFIG`="bcm2709_defconfig"
309 315 Sets the default config for kernel compiling. If not set, `KERNEL_DEFCONFIG` will be set to "bcmrpi3\_defconfig" automatically if building for arm64.
310 316
311 317 ##### `KERNEL_REDUCE`=false
312 318 Reduce the size of the generated kernel by removing unwanted device, network and filesystem drivers (experimental).
313 319
314 320 ##### `KERNEL_THREADS`=1
315 321 Number of parallel kernel building threads. If the parameter is left untouched the script will automatically determine the number of CPU cores to set the number of parallel threads to speed the kernel compilation.
316 322
317 323 ##### `KERNEL_HEADERS`=true
318 324 Install kernel headers with built kernel.
319 325
320 326 ##### `KERNEL_MENUCONFIG`=false
321 327 Start `make menuconfig` interactive menu-driven kernel configuration. The script will continue after `make menuconfig` was terminated.
322 328
323 329 ##### `KERNEL_OLDDEFCONFIG`=false
324 330 Run `make olddefconfig` to automatically set all new kernel configuration options to their recommended default values.
325 331
326 332 ##### `KERNEL_CCACHE`=false
327 333 Compile the kernel using ccache. This speeds up kernel recompilation by caching previous compilations and detecting when the same compilation is being done again.
328 334
329 335 ##### `KERNEL_REMOVESRC`=true
330 336 Remove all kernel sources from the generated OS image after it was built and installed.
331 337
332 338 ##### `KERNELSRC_DIR`=""
333 339 Path to a directory (`linux`) of [RaspberryPi Linux kernel sources](https://github.com/raspberrypi/linux) that will be copied, configured, build and installed inside the chroot.
334 340
335 341 ##### `KERNELSRC_CLEAN`=false
336 342 Clean the existing kernel sources directory `KERNELSRC_DIR` (using `make mrproper`) after it was copied to the chroot and before the compilation of the kernel has started. This parameter will be ignored if no `KERNELSRC_DIR` was specified or if `KERNELSRC_PREBUILT`=true.
337 343
338 344 ##### `KERNELSRC_CONFIG`=true
339 345 Run `make bcm2709_defconfig` (and optional `make menuconfig`) to configure the kernel sources before building. This parameter is automatically set to `true` if no existing kernel sources directory was specified using `KERNELSRC_DIR`. This parameter is ignored if `KERNELSRC_PREBUILT`=true.
340 346
341 347 ##### `KERNELSRC_USRCONFIG`=""
342 348 Copy own config file to kernel `.config`. If `KERNEL_MENUCONFIG`=true then running after copy.
343 349
344 350 ##### `KERNELSRC_PREBUILT`=false
345 351 With this parameter set to true the script expects the existing kernel sources directory to be already successfully cross-compiled. The parameters `KERNELSRC_CLEAN`, `KERNELSRC_CONFIG`, `KERNELSRC_USRCONFIG` and `KERNEL_MENUCONFIG` are ignored and no kernel compilation tasks are performed.
346 352
347 353 ##### `RPI_FIRMWARE_DIR`=""
348 354 The directory (`firmware`) containing a local copy of the firmware from the [RaspberryPi firmware project](https://github.com/raspberrypi/firmware). Default is to download the latest firmware directly from the project.
349 355
350 356 ##### `KERNEL_NF`=false
351 357 Enable Netfilter modules as kernel modules
352 358
353 359 ##### `KERNEL_VIRT`=false
354 360 Enable Kernel KVM support (/dev/kvm)
355 361
356 362 ##### `KERNEL_ZSWAP`=false
357 363 Enable Kernel Zswap support. Best use on high RAM load and mediocre CPU load usecases
358 364
359 365 ##### `KERNEL_BPF`=true
360 366 Allow attaching eBPF programs to a cgroup using the bpf syscall (CONFIG_BPF_SYSCALL CONFIG_CGROUP_BPF) [systemd compilations about it - File /lib/systemd/system/systemd-journald.server:36 configures an IP firewall (IPAddressDeny=all), but the local system does not support BPF/cgroup based firewalls]
361 367
362 368 ---
363 369
364 370 #### Reduce disk usage:
365 371 The following list of parameters is ignored if `ENABLE_REDUCE`=false.
366 372
367 373 ##### `REDUCE_APT`=true
368 374 Configure APT to use compressed package repository lists and no package caching files.
369 375
370 376 ##### `REDUCE_DOC`=true
371 377 Remove all doc files (harsh). Configure APT to not include doc files on future `apt-get` package installations.
372 378
373 379 ##### `REDUCE_MAN`=true
374 380 Remove all man pages and info files (harsh). Configure APT to not include man pages on future `apt-get` package installations.
375 381
376 382 ##### `REDUCE_VIM`=false
377 383 Replace `vim-tiny` package by `levee` a tiny vim clone.
378 384
379 385 ##### `REDUCE_BASH`=false
380 386 Remove `bash` package and switch to `dash` shell (experimental).
381 387
382 388 ##### `REDUCE_HWDB`=true
383 389 Remove PCI related hwdb files (experimental).
384 390
385 391 ##### `REDUCE_SSHD`=true
386 392 Replace `openssh-server` with `dropbear`.
387 393
388 394 ##### `REDUCE_LOCALE`=true
389 395 Remove all `locale` translation files.
390 396
391 397 ---
392 398
393 399 #### Encrypted root partition:
394 400 ##### `ENABLE_CRYPTFS`=false
395 401 Enable full system encryption with dm-crypt. Setup a fully LUKS encrypted root partition (aes-xts-plain64:sha512) and generate required initramfs. The /boot directory will not be encrypted. This parameter will be ignored if `BUILD_KERNEL`=false. `ENABLE_CRYPTFS` is experimental. SSH-to-initramfs is currently not supported but will be soon - feel free to help.
396 402
397 403 ##### `CRYPTFS_PASSWORD`=""
398 404 Set password of the encrypted root partition. This parameter is mandatory if `ENABLE_CRYPTFS`=true.
399 405
400 406 ##### `CRYPTFS_MAPPING`="secure"
401 407 Set name of dm-crypt managed device-mapper mapping.
402 408
403 409 ##### `CRYPTFS_CIPHER`="aes-xts-plain64:sha512"
404 410 Set cipher specification string. `aes-xts*` ciphers are strongly recommended.
405 411
406 412 ##### `CRYPTFS_XTSKEYSIZE`=512
407 413 Sets key size in bits. The argument has to be a multiple of 8.
408 414
409 415 ---
410 416
411 417 #### Build settings:
412 418 ##### `BASEDIR`=$(pwd)/images/${RELEASE}
413 419 Set a path to a working directory used by the script to generate an image.
414 420
415 421 ##### `IMAGE_NAME`=${BASEDIR}/${DATE}-${KERNEL_ARCH}-${KERNEL_BRANCH}-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}
416 422 Set a filename for the output file(s). Note: the script will create $IMAGE_NAME.img if `ENABLE_SPLITFS`=false or $IMAGE_NAME-frmw.img and $IMAGE_NAME-root.img if `ENABLE_SPLITFS`=true. Note 2: If the KERNEL_BRANCH is not set, the word "CURRENT" is used.
417 423
418 424 ## Understanding the script
419 425 The functions of this script that are required for the different stages of the bootstrapping are split up into single files located inside the `bootstrap.d` directory. During the bootstrapping every script in this directory gets executed in lexicographical order:
420 426
421 427 | Script | Description |
422 428 | --- | --- |
423 429 | `10-bootstrap.sh` | Debootstrap basic system |
424 430 | `11-apt.sh` | Setup APT repositories |
425 431 | `12-locale.sh` | Setup Locales and keyboard settings |
426 432 | `13-kernel.sh` | Build and install RPi2/3 Kernel |
427 433 | `14-fstab.sh` | Setup fstab and initramfs |
428 434 | `15-rpi-config.sh` | Setup RPi2/3 config and cmdline |
429 435 | `20-networking.sh` | Setup Networking |
430 436 | `21-firewall.sh` | Setup Firewall |
431 437 | `30-security.sh` | Setup Users and Security settings |
432 438 | `31-logging.sh` | Setup Logging |
433 439 | `32-sshd.sh` | Setup SSH and public keys |
434 440 | `41-uboot.sh` | Build and Setup U-Boot |
435 441 | `42-fbturbo.sh` | Build and Setup fbturbo Xorg driver |
436 442 | `50-firstboot.sh` | First boot actions |
437 443 | `99-reduce.sh` | Reduce the disk space usage |
438 444
439 445 All the required configuration files that will be copied to the generated OS image are located inside the `files` directory. It is not recommended to modify these configuration files manually.
440 446
441 447 | Directory | Description |
442 448 | --- | --- |
443 449 | `apt` | APT management configuration files |
444 450 | `boot` | Boot and RPi2/3 configuration files |
445 451 | `dpkg` | Package Manager configuration |
446 452 | `etc` | Configuration files and rc scripts |
447 453 | `firstboot` | Scripts that get executed on first boot |
448 454 | `initramfs` | Initramfs scripts |
449 455 | `iptables` | Firewall configuration files |
450 456 | `locales` | Locales configuration |
451 457 | `modules` | Kernel Modules configuration |
452 458 | `mount` | Fstab configuration |
453 459 | `network` | Networking configuration files |
454 460 | `sysctl.d` | Swapping and Network Hardening configuration |
455 461 | `xorg` | fbturbo Xorg driver configuration |
456 462
457 463 ## Custom packages and scripts
458 464 Debian custom packages, i.e. those not in the debian repositories, can be installed by placing them in the `packages` directory. They are installed immediately after packages from the repositories are installed. Any dependencies listed in the custom packages will be downloaded automatically from the repositories. Do not list these custom packages in `APT_INCLUDES`.
459 465
460 466 Scripts in the custom.d directory will be executed after all other installation is complete but before the image is created.
461 467
462 468 ## Logging of the bootstrapping process
463 469 All information related to the bootstrapping process and the commands executed by the `rpi23-gen-image.sh` script can easily be saved into a logfile. The common shell command `script` can be used for this purpose:
464 470
465 471 ```shell
466 472 script -c 'APT_SERVER=ftp.de.debian.org ./rpi23-gen-image.sh' ./build.log
467 473 ```
468 474
469 475 ## Flashing the image file
470 476 After the image file was successfully created by the `rpi23-gen-image.sh` script it can be copied to the microSD card that will be used by the RPi2/3 computer. This can be performed by using the tools `bmaptool` or `dd`. Using `bmaptool` will probably speed-up the copy process because `bmaptool` copies more wisely than `dd`.
471 477
472 478 ##### Flashing examples:
473 479 ```shell
474 480 bmaptool copy ./images/buster/2017-01-23-rpi3-buster.img /dev/mmcblk0
475 481 dd bs=4M if=./images/buster/2017-01-23-rpi3-buster.img of=/dev/mmcblk0
476 482 ```
477 483 If you have set `ENABLE_SPLITFS`, copy the `-frmw` image on the microSD card, then the `-root` one on the USB drive:
478 484 ```shell
479 485 bmaptool copy ./images/buster/2017-01-23-rpi3-buster-frmw.img /dev/mmcblk0
480 486 bmaptool copy ./images/buster/2017-01-23-rpi3-buster-root.img /dev/sdc
481 487 ```
482 488
483 489 ## QEMU emulation
484 490 Start QEMU full system emulation:
485 491 ```shell
486 492 qemu-system-arm -m 2048M -M vexpress-a15 -cpu cortex-a15 -kernel kernel7.img -no-reboot -dtb vexpress-v2p-ca15_a7.dtb -sd ${IMAGE_NAME}.qcow2 -append "root=/dev/mmcblk0p2 rw rootfstype=ext4 console=tty1"
487 493 ```
488 494
489 495 Start QEMU full system emulation and output to console:
490 496 ```shell
491 497 qemu-system-arm -m 2048M -M vexpress-a15 -cpu cortex-a15 -kernel kernel7.img -no-reboot -dtb vexpress-v2p-ca15_a7.dtb -sd ${IMAGE_NAME}.qcow2 -append "root=/dev/mmcblk0p2 rw rootfstype=ext4 console=ttyAMA0,115200 init=/bin/systemd" -serial stdio
492 498 ```
493 499
494 500 Start QEMU full system emulation with SMP and output to console:
495 501 ```shell
496 502 qemu-system-arm -m 2048M -M vexpress-a15 -cpu cortex-a15 -smp cpus=2,maxcpus=2 -kernel kernel7.img -no-reboot -dtb vexpress-v2p-ca15_a7.dtb -sd ${IMAGE_NAME}.qcow2 -append "root=/dev/mmcblk0p2 rw rootfstype=ext4 console=ttyAMA0,115200 init=/bin/systemd" -serial stdio
497 503 ```
498 504
499 505 Start QEMU full system emulation with cryptfs, initramfs and output to console:
500 506 ```shell
501 507 qemu-system-arm -m 2048M -M vexpress-a15 -cpu cortex-a15 -kernel kernel7.img -no-reboot -dtb vexpress-v2p-ca15_a7.dtb -sd ${IMAGE_NAME}.qcow2 -initrd "initramfs-${KERNEL_VERSION}" -append "root=/dev/mapper/secure cryptdevice=/dev/mmcblk0p2:secure rw rootfstype=ext4 console=ttyAMA0,115200 init=/bin/systemd" -serial stdio
502 508 ```
503 509
504 510 ## External links and references
505 511 * [Debian worldwide mirror sites](https://www.debian.org/mirror/list)
506 512 * [Debian Raspberry Pi 2 Wiki](https://wiki.debian.org/RaspberryPi2)
507 513 * [Debian CrossToolchains Wiki](https://wiki.debian.org/CrossToolchains)
508 514 * [Official Raspberry Pi Firmware on github](https://github.com/raspberrypi/firmware)
509 515 * [Official Raspberry Pi Kernel on github](https://github.com/raspberrypi/linux)
510 516 * [U-BOOT git repository](https://git.denx.de/?p=u-boot.git;a=summary)
511 517 * [Xorg DDX driver fbturbo](https://github.com/ssvb/xf86-video-fbturbo)
512 518 * [RPi3 Wireless interface firmware](https://github.com/RPi-Distro/firmware-nonfree/tree/master/brcm80211/brcm)
513 519 * [Collabora RPi2 Kernel precompiled](https://repositories.collabora.co.uk/debian/)
Show file before | Show file after | Hide comments
@@ -1,233 +1,233
1 1 #
2 2 # Setup RPi2/3 config and cmdline
3 3 #
4 4
5 5 # Load utility functions
6 6 . ./functions.sh
7 7
8 8 if [ "$BUILD_KERNEL" = true ] ; then
9 9 if [ -n "$RPI_FIRMWARE_DIR" ] && [ -d "$RPI_FIRMWARE_DIR" ] ; then
10 10 # Install boot binaries from local directory
11 11 cp "${RPI_FIRMWARE_DIR}"/boot/bootcode.bin "${BOOT_DIR}"/bootcode.bin
12 12 cp "${RPI_FIRMWARE_DIR}"/boot/fixup.dat "${BOOT_DIR}"/fixup.dat
13 13 cp "${RPI_FIRMWARE_DIR}"/boot/fixup_cd.dat "${BOOT_DIR}"/fixup_cd.dat
14 14 cp "${RPI_FIRMWARE_DIR}"/boot/fixup_x.dat "${BOOT_DIR}"/fixup_x.dat
15 15 cp "${RPI_FIRMWARE_DIR}"/boot/start.elf "${BOOT_DIR}"/start.elf
16 16 cp "${RPI_FIRMWARE_DIR}"/boot/start_cd.elf "${BOOT_DIR}"/start_cd.elf
17 17 cp "${RPI_FIRMWARE_DIR}"/boot/start_x.elf "${BOOT_DIR}"/start_x.elf
18 18 else
19 19 # Create temporary directory for boot binaries
20 20 temp_dir=$(as_nobody mktemp -d)
21 21
22 22 # Install latest boot binaries from raspberry/firmware github
23 23 as_nobody wget -q -O "${temp_dir}/bootcode.bin" "${FIRMWARE_URL}/bootcode.bin"
24 24 as_nobody wget -q -O "${temp_dir}/fixup.dat" "${FIRMWARE_URL}/fixup.dat"
25 25 as_nobody wget -q -O "${temp_dir}/fixup_cd.dat" "${FIRMWARE_URL}/fixup_cd.dat"
26 26 as_nobody wget -q -O "${temp_dir}/fixup_x.dat" "${FIRMWARE_URL}/fixup_x.dat"
27 27 as_nobody wget -q -O "${temp_dir}/start.elf" "${FIRMWARE_URL}/start.elf"
28 28 as_nobody wget -q -O "${temp_dir}/start_cd.elf" "${FIRMWARE_URL}/start_cd.elf"
29 29 as_nobody wget -q -O "${temp_dir}/start_x.elf" "${FIRMWARE_URL}/start_x.elf"
30 30
31 31 # Move downloaded boot binaries
32 32 mv "${temp_dir}/"* "${BOOT_DIR}/"
33 33
34 34 # Remove temporary directory for boot binaries
35 35 rm -fr "${temp_dir}"
36 36
37 37 # Set permissions of the boot binaries
38 38 chown -R root:root "${BOOT_DIR}"
39 39 chmod -R 600 "${BOOT_DIR}"
40 40 fi
41 41 fi
42 42
43 43 # Setup firmware boot cmdline
44 44 if [ "$ENABLE_UBOOTUSB" = true ] ; then
45 45 CMDLINE="dwc_otg.lpm_enable=0 root=/dev/sda2 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline rootwait console=tty1 init=/bin/systemd"
46 46 else
47 47 if [ "$ENABLE_SPLITFS" = true ] ; then
48 48 CMDLINE="dwc_otg.lpm_enable=0 root=/dev/sda1 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline rootwait console=tty1 init=/bin/systemd"
49 49 else
50 50 CMDLINE="dwc_otg.lpm_enable=0 root=/dev/mmcblk0p2 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline rootwait console=tty1 init=/bin/systemd"
51 51 fi
52 52 fi
53 53
54 54 # Add encrypted root partition to cmdline.txt
55 55 if [ "$ENABLE_CRYPTFS" = true ] ; then
56 56 if [ "$ENABLE_SPLITFS" = true ] ; then
57 57 CMDLINE=$(echo "${CMDLINE}" | sed "s/sda1/mapper\/${CRYPTFS_MAPPING} cryptdevice=\/dev\/sda1:${CRYPTFS_MAPPING}/")
58 58 else
59 59 if [ "$ENABLE_UBOOTUSB" = true ] ; then
60 60 CMDLINE=$(echo "${CMDLINE}" | sed "s/sda2/mapper\/${CRYPTFS_MAPPING} cryptdevice=\/dev\/sda2:${CRYPTFS_MAPPING}/")
61 61 else
62 62 CMDLINE=$(echo "${CMDLINE}" | sed "s/mmcblk0p2/mapper\/${CRYPTFS_MAPPING} cryptdevice=\/dev\/mmcblk0p2:${CRYPTFS_MAPPING}/")
63 63 fi
64 64 fi
65 65 fi
66 66
67 67 #locks cpu at max frequency
68 68 if [ "$ENABLE_TURBO" = true ] ; then
69 69 echo "force_turbo=1" >> "${BOOT_DIR}/config.txt"
70 70 fi
71 71
72 72 if [ "$ENABLE_PRINTK" = true ] ; then
73 73 install_readonly files/sysctl.d/83-rpi-printk.conf "${ETC_DIR}/sysctl.d/83-rpi-printk.conf"
74 74 fi
75 75
76 76 # Install udev rule for serial alias
77 install_readonly files/etc/99-com.rules "${ETC_DIR}/udev/rules.d/99-com.rules"
77 install_readonly files/etc/99-com.rules "${LIB_DIR}/udev/rules.d/99-com.rules"
78 78
79 79 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then
80 80
81 81 # RPI0,3,3P Use default ttyS0 (mini-UART)as serial interface
82 82 SET_SERIAL="ttyS0"
83 83
84 84 # Bluetooth enabled
85 85 if [ "$ENABLE_BLUETOOTH" = true ] ; then
86 86 # Create temporary directory for Bluetooth sources
87 87 temp_dir=$(as_nobody mktemp -d)
88 88
89 89 # Fetch Bluetooth sources
90 90 as_nobody git -C "${temp_dir}" clone "${BLUETOOTH_URL}"
91 91
92 92 # Copy downloaded sources
93 93 mv "${temp_dir}/pi-bluetooth" "${R}/tmp/"
94 94
95 95 # Bluetooth firmware from arch aur https://aur.archlinux.org/packages/pi-bluetooth/
96 96 as_nobody wget -q -O "${R}/tmp/pi-bluetooth/LICENCE.broadcom_bcm43xx" https://aur.archlinux.org/cgit/aur.git/plain/LICENCE.broadcom_bcm43xx?h=pi-bluetooth
97 97 as_nobody wget -q -O "${R}/tmp/pi-bluetooth/BCM43430A1.hcd" https://aur.archlinux.org/cgit/aur.git/plain/BCM43430A1.hcd?h=pi-bluetooth
98 98
99 99 # Set permissions
100 100 chown -R root:root "${R}/tmp/pi-bluetooth"
101 101
102 102 # Install tools
103 103 install_readonly "${R}/tmp/pi-bluetooth/usr/bin/btuart" "${R}/usr/bin/btuart"
104 104 install_readonly "${R}/tmp/pi-bluetooth/usr/bin/bthelper" "${R}/usr/bin/bthelper"
105 105
106 106 # Install bluetooth udev rule
107 107 install_readonly "${R}/tmp/pi-bluetooth/lib/udev/rules.d/90-pi-bluetooth.rules" "${LIB_DIR}/udev/rules.d/90-pi-bluetooth.rules"
108 108
109 109 # Install Firmware Flash file and apropiate licence
110 110 mkdir "${ETC_DIR}/firmware/"
111 111 install_readonly "${R}/tmp/pi-bluetooth/LICENCE.broadcom_bcm43xx" "${ETC_DIR}/firmware/LICENCE.broadcom_bcm43xx"
112 112 install_readonly "${R}/tmp/pi-bluetooth/BCM43430A1.hcd" "${ETC_DIR}/firmware/LICENCE.broadcom_bcm43xx"
113 113 install_readonly "${R}/tmp/pi-bluetooth/debian/pi-bluetooth.bthelper@.service" "${ETC_DIR}/systemd/system/pi-bluetooth.bthelper@.service"
114 114 install_readonly "${R}/tmp/pi-bluetooth/debian/pi-bluetooth.hciuart.service" "${ETC_DIR}/systemd/system/pi-bluetooth.hciuart.service"
115 115
116 116 # Remove temporary directory
117 117 rm -fr "${temp_dir}"
118 118
119 119 # Switch Pi3 Bluetooth function to use the mini-UART (ttyS0) and restore UART0/ttyAMA0 over GPIOs 14 & 15. Slow Bluetooth and slow cpu. Use /dev/ttyS0 instead of /dev/ttyAMA0
120 120 if [ "$ENABLE_MINIUART_OVERLAY" = true ] ; then
121 121
122 122 # set overlay to swap ttyAMA0 and ttyS0
123 123 echo "dtoverlay=pi3-miniuart-bt" >> "${BOOT_DIR}/config.txt"
124 124
125 125 # if force_turbo didn't lock cpu at high speed, lock it at low speed (XOR logic) or miniuart will be broken
126 126 if [ "$ENABLE_TURBO" = false ] ; then
127 127 echo "core_freq=250" >> "${BOOT_DIR}/config.txt"
128 128 fi
129 129 fi
130 130
131 131 else # if ENABLE_BLUETOOTH = false
132 132 # set overlay to disable bluetooth
133 133 echo "dtoverlay=pi3-disable-bt" >> "${BOOT_DIR}/config.txt"
134 134 fi # ENABLE_BLUETOOTH end
135 135
136 136 else
137 137 # RPI1,1P,2 Use default ttyAMA0 (full UART) as serial interface
138 138 SET_SERIAL="ttyAMA0"
139 139 fi
140 140
141 141 # may need sudo systemctl disable hciuart
142 142 if [ "$ENABLE_CONSOLE" = true ] ; then
143 143 echo "enable_uart=1" >> "${BOOT_DIR}/config.txt"
144 144
145 145 # add string to cmdline
146 146 CMDLINE="${CMDLINE} console=serial0,115200"
147 147
148 148 # Enable serial console systemd style
149 149 chroot_exec systemctl start serial-getty@"$SET_SERIAL".service
150 150 chroot_exec systemctl enable serial-getty@"$SET_SERIAL".service
151 151 else
152 152 echo "enable_uart=0" >> "${BOOT_DIR}/config.txt"
153 153
154 154 # Enable serial console systemd style
155 155 chroot_exec systemctl stop serial-getty@"$SET_SERIAL".service
156 156 chroot_exec systemctl disable serial-getty@"$SET_SERIAL".service
157 157 fi
158 158
159 159 # Remove IPv6 networking support
160 160 if [ "$ENABLE_IPV6" = false ] ; then
161 161 CMDLINE="${CMDLINE} ipv6.disable=1"
162 162 fi
163 163
164 164 # Automatically assign predictable network interface names
165 165 if [ "$ENABLE_IFNAMES" = false ] ; then
166 166 CMDLINE="${CMDLINE} net.ifnames=0"
167 167 else
168 168 CMDLINE="${CMDLINE} net.ifnames=1"
169 169 fi
170 170
171 171 # Install firmware boot cmdline
172 172 echo "${CMDLINE}" > "${BOOT_DIR}/cmdline.txt"
173 173
174 174 # Install firmware config
175 175 install_readonly files/boot/config.txt "${BOOT_DIR}/config.txt"
176 176
177 177 # Setup minimal GPU memory allocation size: 16MB (no X)
178 178 if [ "$ENABLE_MINGPU" = true ] ; then
179 179 echo "gpu_mem=16" >> "${BOOT_DIR}/config.txt"
180 180 fi
181 181
182 182 # Setup boot with initramfs
183 183 if [ "$ENABLE_INITRAMFS" = true ] ; then
184 184 echo "initramfs initramfs-${KERNEL_VERSION} followkernel" >> "${BOOT_DIR}/config.txt"
185 185 fi
186 186
187 187 # Create firmware configuration and cmdline symlinks
188 188 ln -sf firmware/config.txt "${R}/boot/config.txt"
189 189 ln -sf firmware/cmdline.txt "${R}/boot/cmdline.txt"
190 190
191 191 # Install and setup kernel modules to load at boot
192 192 mkdir -p "${LIB_DIR}/modules-load.d/"
193 193 install_readonly files/modules/rpi2.conf "${LIB_DIR}/modules-load.d/rpi2.conf"
194 194
195 195 # Load hardware random module at boot
196 196 if [ "$ENABLE_HWRANDOM" = true ] && [ "$BUILD_KERNEL" = false ] ; then
197 197 sed -i "s/^# bcm2708_rng/bcm2708_rng/" "${LIB_DIR}/modules-load.d/rpi2.conf"
198 198 fi
199 199
200 200 # Load sound module at boot
201 201 if [ "$ENABLE_SOUND" = true ] ; then
202 202 sed -i "s/^# snd_bcm2835/snd_bcm2835/" "${LIB_DIR}/modules-load.d/rpi2.conf"
203 203 else
204 204 echo "dtparam=audio=off" >> "${BOOT_DIR}/config.txt"
205 205 fi
206 206
207 207 # Enable I2C interface
208 208 if [ "$ENABLE_I2C" = true ] ; then
209 209 echo "dtparam=i2c_arm=on" >> "${BOOT_DIR}/config.txt"
210 210 sed -i "s/^# i2c-bcm2708/i2c-bcm2708/" "${LIB_DIR}/modules-load.d/rpi2.conf"
211 211 sed -i "s/^# i2c-dev/i2c-dev/" "${LIB_DIR}/modules-load.d/rpi2.conf"
212 212 fi
213 213
214 214 # Enable SPI interface
215 215 if [ "$ENABLE_SPI" = true ] ; then
216 216 echo "dtparam=spi=on" >> "${BOOT_DIR}/config.txt"
217 217 echo "spi-bcm2708" >> "${LIB_DIR}/modules-load.d/rpi2.conf"
218 218 if [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ]; then
219 219 sed -i "s/spi-bcm2708/spi-bcm2835/" "${LIB_DIR}/modules-load.d/rpi2.conf"
220 220 fi
221 221 fi
222 222
223 223 # Disable RPi2/3 under-voltage warnings
224 224 if [ -n "$DISABLE_UNDERVOLT_WARNINGS" ] ; then
225 225 echo "avoid_warnings=${DISABLE_UNDERVOLT_WARNINGS}" >> "${BOOT_DIR}/config.txt"
226 226 fi
227 227
228 228 # Install kernel modules blacklist
229 229 mkdir -p "${ETC_DIR}/modprobe.d/"
230 230 install_readonly files/modules/raspi-blacklist.conf "${ETC_DIR}/modprobe.d/raspi-blacklist.conf"
231 231
232 232 # Install sysctl.d configuration files
233 233 install_readonly files/sysctl.d/81-rpi-vm.conf "${ETC_DIR}/sysctl.d/81-rpi-vm.conf"
Show file before | Show file after | Hide comments
1 NO CONTENT: file renamed from files/udev/99-com.rules to files/etc/99-com.rules
Show file before | Show file after | Hide comments
@@ -1,823 +1,832
1 1 #!/bin/sh
2 2 ########################################################################
3 3 # rpi23-gen-image.sh 2015-2017
4 4 #
5 5 # Advanced Debian "stretch" and "buster" bootstrap script for RPi2/3
6 6 #
7 7 # This program is free software; you can redistribute it and/or
8 8 # modify it under the terms of the GNU General Public License
9 9 # as published by the Free Software Foundation; either version 2
10 10 # of the License, or (at your option) any later version.
11 11 #
12 12 # Copyright (C) 2015 Jan Wagner <mail@jwagner.eu>
13 13 #
14 14 # Big thanks for patches and enhancements by 20+ github contributors!
15 15 ########################################################################
16 16
17 17 # Are we running as root?
18 18 if [ "$(id -u)" -ne "0" ] ; then
19 19 echo "error: this script must be executed with root privileges!"
20 20 exit 1
21 21 fi
22 22
23 23 # Check if ./functions.sh script exists
24 24 if [ ! -r "./functions.sh" ] ; then
25 25 echo "error: './functions.sh' required script not found!"
26 26 exit 1
27 27 fi
28 28
29 29 # Load utility functions
30 30 . ./functions.sh
31 31
32 32 # Load parameters from configuration template file
33 33 if [ -n "$CONFIG_TEMPLATE" ] ; then
34 34 use_template
35 35 fi
36 36
37 37 # Introduce settings
38 38 set -e
39 39 echo -n -e "\n#\n# RPi2/3 Bootstrap Settings\n#\n"
40 40 set -x
41 41
42 42 # Raspberry Pi model configuration
43 43 RPI_MODEL=${RPI_MODEL:=2}
44 44
45 45 # Debian release
46 46 RELEASE=${RELEASE:=buster}
47 47
48 48 # Kernel Branch
49 49 KERNEL_BRANCH=${KERNEL_BRANCH:=""}
50 50
51 51 # URLs
52 52 KERNEL_URL=${KERNEL_URL:=https://github.com/raspberrypi/linux}
53 53 FIRMWARE_URL=${FIRMWARE_URL:=https://github.com/raspberrypi/firmware/raw/master/boot}
54 54 WLAN_FIRMWARE_URL=${WLAN_FIRMWARE_URL:=https://github.com/RPi-Distro/firmware-nonfree/raw/master/brcm}
55 55 COLLABORA_URL=${COLLABORA_URL:=https://repositories.collabora.co.uk/debian}
56 56 FBTURBO_URL=${FBTURBO_URL:=https://github.com/ssvb/xf86-video-fbturbo.git}
57 57 UBOOT_URL=${UBOOT_URL:=https://git.denx.de/u-boot.git}
58 58 VIDEOCORE_URL=${VIDEOCORE_URL:=https://github.com/raspberrypi/userland}
59 59 #BIS= Kernel has KVM and zswap enabled
60 60 RPI3_64_BIS_KERNEL_URL=${RPI3_64_BIS_KERNEL_URL:=https://github.com/sakaki-/bcmrpi3-kernel-bis/releases/download/4.14.80.20181113/bcmrpi3-kernel-bis-4.14.80.20181113.tar.xz}
61 61 #default bcmrpi3_defconfig target kernel
62 62 RPI3_64_DEF_KERNEL_URL=${RPI3_64_DEF_KERNEL_URL:=https://github.com/sakaki-/bcmrpi3-kernel/releases/download/4.14.80.20181113/bcmrpi3-kernel-4.14.80.20181113.tar.xz}
63 63 #enhanced kernel
64 64 RPI3_64_KERNEL_URL=${RPI3_64_KERNEL_URL:=$RPI3_64_BIS_KERNEL_URL}
65 65 BLUETOOTH_URL=${BLUETOOTH_URL:=https://github.com/RPi-Distro/pi-bluetooth.git}
66 NEXMON_URL=${NEXMON_URL:=https://github.com/seemoo-lab/nexmon.git}
66 67
67 68 # Build directories
68 69 WORKDIR=$(pwd)
69 70 BASEDIR=${BASEDIR:=${WORKDIR}/images/${RELEASE}}
70 71 BUILDDIR="${BASEDIR}/build"
71 72
72 73 # Chroot directories
73 74 R="${BUILDDIR}/chroot"
74 75 ETC_DIR="${R}/etc"
75 76 LIB_DIR="${R}/lib"
76 77 BOOT_DIR="${R}/boot/firmware"
77 78 KERNEL_DIR="${R}/usr/src/linux"
78 79 WLAN_FIRMWARE_DIR="${LIB_DIR}/firmware/brcm"
79 80
80 81 # Firmware directory: Blank if download from github
81 82 RPI_FIRMWARE_DIR=${RPI_FIRMWARE_DIR:=""}
82 83
83 84 # General settings
84 85 SET_ARCH=${SET_ARCH:=32}
85 86 HOSTNAME=${HOSTNAME:=rpi${RPI_MODEL}-${RELEASE}}
86 87 PASSWORD=${PASSWORD:=raspberry}
87 88 USER_PASSWORD=${USER_PASSWORD:=raspberry}
88 89 DEFLOCAL=${DEFLOCAL:="en_US.UTF-8"}
89 90 TIMEZONE=${TIMEZONE:="Europe/Berlin"}
90 91 EXPANDROOT=${EXPANDROOT:=true}
91 92
92 93 # Keyboard settings
93 94 XKB_MODEL=${XKB_MODEL:=""}
94 95 XKB_LAYOUT=${XKB_LAYOUT:=""}
95 96 XKB_VARIANT=${XKB_VARIANT:=""}
96 97 XKB_OPTIONS=${XKB_OPTIONS:=""}
97 98
98 99 # Network settings (DHCP)
99 100 ENABLE_DHCP=${ENABLE_DHCP:=true}
100 101
101 102 # Network settings (static)
102 103 NET_ADDRESS=${NET_ADDRESS:=""}
103 104 NET_GATEWAY=${NET_GATEWAY:=""}
104 105 NET_DNS_1=${NET_DNS_1:=""}
105 106 NET_DNS_2=${NET_DNS_2:=""}
106 107 NET_DNS_DOMAINS=${NET_DNS_DOMAINS:=""}
107 108 NET_NTP_1=${NET_NTP_1:=""}
108 109 NET_NTP_2=${NET_NTP_2:=""}
109 110
110 111 # APT settings
111 112 APT_PROXY=${APT_PROXY:=""}
112 113 APT_SERVER=${APT_SERVER:="ftp.debian.org"}
113 114
114 115 # Feature settings
115 116 ENABLE_PRINTK=${ENABLE_PRINTK:=false}
116 117 ENABLE_BLUETOOTH=${ENABLE_BLUETOOTH:=false}
117 118 ENABLE_MINIUART_OVERLAY=${ENABLE_MINIUART_OVERLAY:=false}
118 119 ENABLE_CONSOLE=${ENABLE_CONSOLE:=true}
119 120 ENABLE_I2C=${ENABLE_I2C:=false}
120 121 ENABLE_SPI=${ENABLE_SPI:=false}
121 122 ENABLE_IPV6=${ENABLE_IPV6:=true}
122 123 ENABLE_SSHD=${ENABLE_SSHD:=true}
123 124 ENABLE_NONFREE=${ENABLE_NONFREE:=false}
124 125 ENABLE_WIRELESS=${ENABLE_WIRELESS:=false}
125 126 ENABLE_SOUND=${ENABLE_SOUND:=true}
126 127 ENABLE_DBUS=${ENABLE_DBUS:=true}
127 128 ENABLE_HWRANDOM=${ENABLE_HWRANDOM:=true}
128 129 ENABLE_MINGPU=${ENABLE_MINGPU:=false}
129 130 ENABLE_XORG=${ENABLE_XORG:=false}
130 131 ENABLE_WM=${ENABLE_WM:=""}
131 132 ENABLE_RSYSLOG=${ENABLE_RSYSLOG:=true}
132 133 ENABLE_USER=${ENABLE_USER:=true}
133 134 USER_NAME=${USER_NAME:="pi"}
134 135 ENABLE_ROOT=${ENABLE_ROOT:=false}
135 136 ENABLE_QEMU=${ENABLE_QEMU:=false}
136 137 ENABLE_SYSVINIT=${ENABLE_SYSVINIT:=false}
137 138
138 139 # SSH settings
139 140 SSH_ENABLE_ROOT=${SSH_ENABLE_ROOT:=false}
140 141 SSH_DISABLE_PASSWORD_AUTH=${SSH_DISABLE_PASSWORD_AUTH:=false}
141 142 SSH_LIMIT_USERS=${SSH_LIMIT_USERS:=false}
142 143 SSH_ROOT_PUB_KEY=${SSH_ROOT_PUB_KEY:=""}
143 144 SSH_USER_PUB_KEY=${SSH_USER_PUB_KEY:=""}
144 145
145 146 # Advanced settings
146 147 ENABLE_MINBASE=${ENABLE_MINBASE:=false}
147 148 ENABLE_REDUCE=${ENABLE_REDUCE:=false}
148 149 ENABLE_UBOOT=${ENABLE_UBOOT:=false}
149 150 UBOOTSRC_DIR=${UBOOTSRC_DIR:=""}
150 151 ENABLE_UBOOTUSB=${ENABLE_UBOOTUSB=false}
151 152 ENABLE_FBTURBO=${ENABLE_FBTURBO:=false}
152 153 ENABLE_VIDEOCORE=${ENABLE_VIDEOCORE:=false}
153 154 VIDEOCORESRC_DIR=${VIDEOCORESRC_DIR:=""}
154 155 FBTURBOSRC_DIR=${FBTURBOSRC_DIR:=""}
156 ENABLE_NEXMON=${ENABLE_NEXMON:=""}
157 NEXMON_DIR=${NEXMON_DIR:=""}
155 158 ENABLE_HARDNET=${ENABLE_HARDNET:=false}
156 159 ENABLE_IPTABLES=${ENABLE_IPTABLES:=false}
157 160 ENABLE_SPLITFS=${ENABLE_SPLITFS:=false}
158 161 ENABLE_INITRAMFS=${ENABLE_INITRAMFS:=false}
159 162 ENABLE_IFNAMES=${ENABLE_IFNAMES:=true}
160 163 DISABLE_UNDERVOLT_WARNINGS=${DISABLE_UNDERVOLT_WARNINGS:=}
161 164
162 165 # Kernel compilation settings
163 166 BUILD_KERNEL=${BUILD_KERNEL:=true}
164 167 KERNEL_REDUCE=${KERNEL_REDUCE:=false}
165 168 KERNEL_THREADS=${KERNEL_THREADS:=1}
166 169 KERNEL_HEADERS=${KERNEL_HEADERS:=true}
167 170 KERNEL_MENUCONFIG=${KERNEL_MENUCONFIG:=false}
168 171 KERNEL_REMOVESRC=${KERNEL_REMOVESRC:=true}
169 172 KERNEL_OLDDEFCONFIG=${KERNEL_OLDDEFCONFIG:=false}
170 173 KERNEL_CCACHE=${KERNEL_CCACHE:=false}
171 174 KERNEL_ZSWAP=${KERNEL_ZSWAP:=false}
172 175 KERNEL_VIRT=${KERNEL_VIRT:=false}
173 176 KERNEL_BPF=${KERNEL_BPF:=false}
174 177
175 178 # Kernel compilation from source directory settings
176 179 KERNELSRC_DIR=${KERNELSRC_DIR:=""}
177 180 KERNELSRC_CLEAN=${KERNELSRC_CLEAN:=false}
178 181 KERNELSRC_CONFIG=${KERNELSRC_CONFIG:=true}
179 182 KERNELSRC_PREBUILT=${KERNELSRC_PREBUILT:=false}
180 183
181 184 # Reduce disk usage settings
182 185 REDUCE_APT=${REDUCE_APT:=true}
183 186 REDUCE_DOC=${REDUCE_DOC:=true}
184 187 REDUCE_MAN=${REDUCE_MAN:=true}
185 188 REDUCE_VIM=${REDUCE_VIM:=false}
186 189 REDUCE_BASH=${REDUCE_BASH:=false}
187 190 REDUCE_HWDB=${REDUCE_HWDB:=true}
188 191 REDUCE_SSHD=${REDUCE_SSHD:=true}
189 192 REDUCE_LOCALE=${REDUCE_LOCALE:=true}
190 193
191 194 # Encrypted filesystem settings
192 195 ENABLE_CRYPTFS=${ENABLE_CRYPTFS:=false}
193 196 CRYPTFS_PASSWORD=${CRYPTFS_PASSWORD:=""}
194 197 CRYPTFS_MAPPING=${CRYPTFS_MAPPING:="secure"}
195 198 CRYPTFS_CIPHER=${CRYPTFS_CIPHER:="aes-xts-plain64:sha512"}
196 199 CRYPTFS_XTSKEYSIZE=${CRYPTFS_XTSKEYSIZE:=512}
197 200
198 201 # Chroot scripts directory
199 202 CHROOT_SCRIPTS=${CHROOT_SCRIPTS:=""}
200 203
201 204 # Packages required in the chroot build environment
202 205 APT_INCLUDES=${APT_INCLUDES:=""}
203 206 APT_INCLUDES="${APT_INCLUDES},apt-transport-https,apt-utils,ca-certificates,debian-archive-keyring,dialog,sudo,systemd,sysvinit-utils,locales,keyboard-configuration,console-setup,libnss-systemd"
204 207
205 208 #Packages to exclude from chroot build environment
206 209 APT_EXCLUDES=${APT_EXCLUDES:=""}
207 210
208 211 # Packages required for bootstrapping
209 212 REQUIRED_PACKAGES="debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git bc psmisc dbus sudo netselect-apt"
210 213 MISSING_PACKAGES=""
211 214
212 215 # Packages installed for c/c++ build environment in chroot (keep empty)
213 216 COMPILER_PACKAGES=""
214 217
215 218 set +x
216 219
217 220 #Check if apt-cacher-ng has port 3142 open and set APT_PROXY
218 221 APT_CACHER_RUNNING=$(lsof -i :3142 | grep apt-cacher-ng | cut -d ' ' -f3 | uniq)
219 222 if [ -n "${APT_CACHER_RUNNING}" ] ; then
220 223 APT_PROXY=http://127.0.0.1:3142/
221 224 fi
222 225
223 226 #netselect-apt does not know buster yet
224 227 if [ "$RELEASE" = "buster" ] ; then
225 228 RLS=testing
226 229 else
227 230 RLS="$RELEASE"
228 231 fi
229 232
230 233 if [ -f "$(pwd)/files/apt/sources.list" ] ; then
231 234 rm "$(pwd)/files/apt/sources.list"
232 235 fi
233 236
234 237 if [ "$ENABLE_NONFREE" = true ] ; then
235 238 netselect-apt --arch "$RELEASE_ARCH" --tests 10 --sources --nonfree --outfile "$(pwd)/files/apt/sources.list" -d "$RLS"
236 239 else
237 240 netselect-apt --arch "$RELEASE_ARCH" --tests 10 --sources --outfile "$(pwd)/files/apt/sources.list" -d "$RLS"
238 241 fi
239 242
240 243 #sed and cut the result string so we can use it as APT_SERVER
241 244 APT_SERVER=$(grep -m 1 http files/apt/sources.list | sed "s|http://| |g" | cut -d ' ' -f 3 | sed 's|/$|''|')
242 245
243 246 #make script easier and more stable to use with convenient setup switch. Just setup SET_ARCH and RPI_MODEL and your good to go!
244 247 if [ -n "$SET_ARCH" ] ; then
245 248 # 64 bit configuration
246 249 if [ "$SET_ARCH" = 64 ] ; then
247 250 # General 64 bit depended settings
248 251 QEMU_BINARY=${QEMU_BINARY:=/usr/bin/qemu-aarch64-static}
249 252 KERNEL_ARCH=${KERNEL_ARCH:=arm64}
250 253 KERNEL_BIN_IMAGE=${KERNEL_BIN_IMAGE:="Image"}
251 254
252 255 # Board specific settings
253 256 if [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then
254 257 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-arm64"
255 258 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcmrpi3_defconfig}
256 259 RELEASE_ARCH=${RELEASE_ARCH:=arm64}
257 260 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel8.img}
258 261 CROSS_COMPILE=${CROSS_COMPILE:=aarch64-linux-gnu-}
259 262 else
260 263 echo "error: Only Raspberry PI 3 and 3B+ support 64 bit"
261 264 exit 1
262 265 fi
263 266 fi
264 267
265 268 # 32 bit configuration
266 269 if [ "$SET_ARCH" = 32 ] ; then
267 270 # General 32 bit dependend settings
268 271 QEMU_BINARY=${QEMU_BINARY:=/usr/bin/qemu-arm-static}
269 272 KERNEL_ARCH=${KERNEL_ARCH:=arm}
270 273 KERNEL_BIN_IMAGE=${KERNEL_BIN_IMAGE:="zImage"}
271 274
272 275 # Hardware specific settings
273 276 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 1 ] || [ "$RPI_MODEL" = 1P ] ; then
274 277 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-armel"
275 278 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcmrpi_defconfig}
276 279 RELEASE_ARCH=${RELEASE_ARCH:=armel}
277 280 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel.img}
278 281 CROSS_COMPILE=${CROSS_COMPILE:=arm-linux-gnueabi-}
279 282 fi
280 283
281 284 # Hardware specific settings
282 285 if [ "$RPI_MODEL" = 2 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then
283 286 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-armhf"
284 287 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcm2709_defconfig}
285 288 RELEASE_ARCH=${RELEASE_ARCH:=armhf}
286 289 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel7.img}
287 290 CROSS_COMPILE=${CROSS_COMPILE:=arm-linux-gnueabihf-}
288 291 fi
289 292 fi
290 293 #SET_ARCH not set
291 294 else
292 295 echo "error: Please set '32' or '64' as value for SET_ARCH"
293 296 exit 1
294 297 fi
295 298 # Device specific configuration and U-Boot configuration
296 299 case "$RPI_MODEL" in
297 300 0)
298 301 DTB_FILE=${DTB_FILE:=bcm2708-rpi-0-w.dtb}
299 302 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_defconfig}
300 303 ;;
301 304 1)
302 305 DTB_FILE=${DTB_FILE:=bcm2708-rpi-b.dtb}
303 306 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_defconfig}
304 307 ;;
305 308 1P)
306 309 DTB_FILE=${DTB_FILE:=bcm2708-rpi-b-plus.dtb}
307 310 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_defconfig}
308 311 ;;
309 312 2)
310 313 DTB_FILE=${DTB_FILE:=bcm2709-rpi-2-b.dtb}
311 314 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_2_defconfig}
312 315 ;;
313 316 3)
314 317 DTB_FILE=${DTB_FILE:=bcm2710-rpi-3-b.dtb}
315 318 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_3_defconfig}
316 319 ;;
317 320 3P)
318 321 DTB_FILE=${DTB_FILE:=bcm2710-rpi-3-b.dtb}
319 322 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_3_defconfig}
320 323 ;;
321 324 *)
322 325 echo "error: Raspberry Pi model $RPI_MODEL is not supported!"
323 326 exit 1
324 327 ;;
325 328 esac
326 329
327 330 # Raspberry PI 0,3,3P with Bluetooth and Wifi onboard
328 331 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then
329 332 # Include bluetooth packages on supported boards
330 333 if [ "$ENABLE_BLUETOOTH" = true ] && [ "$ENABLE_CONSOLE" = false ]; then
331 334 APT_INCLUDES="${APT_INCLUDES},bluetooth,bluez"
332 335 fi
333 336 else # Raspberry PI 1,1P,2 without Wifi and bluetooth onboard
334 337 # Check if the internal wireless interface is not supported by the RPi model
335 338 if [ "$ENABLE_WIRELESS" = true ] || [ "$ENABLE_BLUETOOTH" = true ]; then
336 339 echo "error: The selected Raspberry Pi model has no integrated interface for wireless or bluetooth"
337 340 exit 1
338 341 fi
339 342 fi
340 343
341 344 # Prepare date string for default image file name
342 345 DATE="$(date +%Y-%m-%d)"
343 346 if [ -z "$KERNEL_BRANCH" ] ; then
344 347 IMAGE_NAME=${IMAGE_NAME:=${BASEDIR}/${DATE}-${KERNEL_ARCH}-CURRENT-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}}
345 348 else
346 349 IMAGE_NAME=${IMAGE_NAME:=${BASEDIR}/${DATE}-${KERNEL_ARCH}-${KERNEL_BRANCH}-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}}
347 350 fi
348 351
349 352 # Check if DISABLE_UNDERVOLT_WARNINGS parameter value is supported
350 353 if [ -n "$DISABLE_UNDERVOLT_WARNINGS" ] ; then
351 354 if [ "$DISABLE_UNDERVOLT_WARNINGS" != 1 ] && [ "$DISABLE_UNDERVOLT_WARNINGS" != 2 ] ; then
352 355 echo "error: DISABLE_UNDERVOLT_WARNINGS=${DISABLE_UNDERVOLT_WARNINGS} is not supported"
353 356 exit 1
354 357 fi
355 358 fi
356 359
357 360 # Add cmake to compile videocore sources
358 361 if [ "$ENABLE_VIDEOCORE" = true ] ; then
359 362 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} cmake"
360 363 fi
361 364
362 365 # Add libncurses5 to enable kernel menuconfig
363 366 if [ "$KERNEL_MENUCONFIG" = true ] ; then
364 367 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} libncurses-dev"
365 368 fi
366 369
367 370 # Add ccache compiler cache for (faster) kernel cross (re)compilation
368 371 if [ "$KERNEL_CCACHE" = true ] ; then
369 372 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} ccache"
370 373 fi
371 374
372 375 # Add cryptsetup package to enable filesystem encryption
373 376 if [ "$ENABLE_CRYPTFS" = true ] && [ "$BUILD_KERNEL" = true ] ; then
374 377 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} cryptsetup"
375 378 APT_INCLUDES="${APT_INCLUDES},cryptsetup,busybox,console-setup"
376 379
377 380 if [ -z "$CRYPTFS_PASSWORD" ] ; then
378 381 echo "error: no password defined (CRYPTFS_PASSWORD)!"
379 382 exit 1
380 383 fi
381 384 ENABLE_INITRAMFS=true
382 385 fi
383 386
384 387 # Add initramfs generation tools
385 388 if [ "$ENABLE_INITRAMFS" = true ] && [ "$BUILD_KERNEL" = true ] ; then
386 389 APT_INCLUDES="${APT_INCLUDES},initramfs-tools"
387 390 fi
388 391
389 392 # Add device-tree-compiler required for building the U-Boot bootloader
390 393 if [ "$ENABLE_UBOOT" = true ] ; then
391 394 APT_INCLUDES="${APT_INCLUDES},device-tree-compiler,bison,flex,bc"
392 395 else
393 396 if [ "$ENABLE_UBOOTUSB" = true ] ; then
394 397 echo "error: Enabling UBOOTUSB requires u-boot to be enabled"
395 398 exit 1
396 399 fi
397 400 fi
398 401
399 402 # Check if root SSH (v2) public key file exists
400 403 if [ -n "$SSH_ROOT_PUB_KEY" ] ; then
401 404 if [ ! -f "$SSH_ROOT_PUB_KEY" ] ; then
402 405 echo "error: '$SSH_ROOT_PUB_KEY' specified SSH public key file not found (SSH_ROOT_PUB_KEY)!"
403 406 exit 1
404 407 fi
405 408 fi
406 409
407 410 # Check if $USER_NAME SSH (v2) public key file exists
408 411 if [ -n "$SSH_USER_PUB_KEY" ] ; then
409 412 if [ ! -f "$SSH_USER_PUB_KEY" ] ; then
410 413 echo "error: '$SSH_USER_PUB_KEY' specified SSH public key file not found (SSH_USER_PUB_KEY)!"
411 414 exit 1
412 415 fi
413 416 fi
414 417
415 418 # Check if all required packages are installed on the build system
416 419 for package in $REQUIRED_PACKAGES ; do
417 420 if [ "$(dpkg-query -W -f='${Status}' "$package")" != "install ok installed" ] ; then
418 421 MISSING_PACKAGES="${MISSING_PACKAGES} $package"
419 422 fi
420 423 done
421 424
422 425 # If there are missing packages ask confirmation for install, or exit
423 426 if [ -n "$MISSING_PACKAGES" ] ; then
424 427 echo "the following packages needed by this script are not installed:"
425 428 echo "$MISSING_PACKAGES"
426 429
427 430 printf "\ndo you want to install the missing packages right now? [y/n] "
428 431 read -r confirm
429 432 [ "$confirm" != "y" ] && exit 1
430 433
431 434 # Make sure all missing required packages are installed
432 435 apt-get -qq -y install "${MISSING_PACKAGES}"
433 436 fi
434 437
435 438 # Check if ./bootstrap.d directory exists
436 439 if [ ! -d "./bootstrap.d/" ] ; then
437 440 echo "error: './bootstrap.d' required directory not found!"
438 441 exit 1
439 442 fi
440 443
441 444 # Check if ./files directory exists
442 445 if [ ! -d "./files/" ] ; then
443 446 echo "error: './files' required directory not found!"
444 447 exit 1
445 448 fi
446 449
447 450 # Check if specified KERNELSRC_DIR directory exists
448 451 if [ -n "$KERNELSRC_DIR" ] && [ ! -d "$KERNELSRC_DIR" ] ; then
449 452 echo "error: '${KERNELSRC_DIR}' specified directory not found (KERNELSRC_DIR)!"
450 453 exit 1
451 454 fi
452 455
453 456 # Check if specified UBOOTSRC_DIR directory exists
454 457 if [ -n "$UBOOTSRC_DIR" ] && [ ! -d "$UBOOTSRC_DIR" ] ; then
455 458 echo "error: '${UBOOTSRC_DIR}' specified directory not found (UBOOTSRC_DIR)!"
456 459 exit 1
457 460 fi
458 461
459 462 # Check if specified VIDEOCORESRC_DIR directory exists
460 463 if [ -n "$VIDEOCORESRC_DIR" ] && [ ! -d "$VIDEOCORESRC_DIR" ] ; then
461 464 echo "error: '${VIDEOCORESRC_DIR}' specified directory not found (VIDEOCORESRC_DIR)!"
462 465 exit 1
463 466 fi
464 467
465 468 # Check if specified FBTURBOSRC_DIR directory exists
466 469 if [ -n "$FBTURBOSRC_DIR" ] && [ ! -d "$FBTURBOSRC_DIR" ] ; then
467 470 echo "error: '${FBTURBOSRC_DIR}' specified directory not found (FBTURBOSRC_DIR)!"
468 471 exit 1
469 472 fi
470 473
474 # Check if specified FBTURBOSRC_DIR directory exists
475 if [ -n "$NEXMON_DIR" ] && [ ! -d "$NEXMON_DIR" ] ; then
476 echo "error: '${NEXMON_DIR}' specified directory not found (NEXMON_DIR)!"
477 exit 1
478 fi
479
471 480 # Check if specified CHROOT_SCRIPTS directory exists
472 481 if [ -n "$CHROOT_SCRIPTS" ] && [ ! -d "$CHROOT_SCRIPTS" ] ; then
473 482 echo "error: ${CHROOT_SCRIPTS} specified directory not found (CHROOT_SCRIPTS)!"
474 483 exit 1
475 484 fi
476 485
477 486 # Check if specified device mapping already exists (will be used by cryptsetup)
478 487 if [ -r "/dev/mapping/${CRYPTFS_MAPPING}" ] ; then
479 488 echo "error: mapping /dev/mapping/${CRYPTFS_MAPPING} already exists, not proceeding"
480 489 exit 1
481 490 fi
482 491
483 492 # Don't clobber an old build
484 493 if [ -e "$BUILDDIR" ] ; then
485 494 echo "error: directory ${BUILDDIR} already exists, not proceeding"
486 495 exit 1
487 496 fi
488 497
489 498 # Setup chroot directory
490 499 mkdir -p "${R}"
491 500
492 501 # Check if build directory has enough of free disk space >512MB
493 502 if [ "$(df --output=avail "${BUILDDIR}" | sed "1d")" -le "524288" ] ; then
494 503 echo "error: ${BUILDDIR} not enough space left to generate the output image!"
495 504 exit 1
496 505 fi
497 506
498 507 set -x
499 508
500 509 # Call "cleanup" function on various signals and errors
501 510 trap cleanup 0 1 2 3 6
502 511
503 512 # Add required packages for the minbase installation
504 513 if [ "$ENABLE_MINBASE" = true ] ; then
505 514 APT_INCLUDES="${APT_INCLUDES},vim-tiny,netbase,net-tools,ifupdown"
506 515 fi
507 516
508 517 # Add parted package, required to get partprobe utility
509 518 if [ "$EXPANDROOT" = true ] ; then
510 519 APT_INCLUDES="${APT_INCLUDES},parted"
511 520 fi
512 521
513 522 # Add dbus package, recommended if using systemd
514 523 if [ "$ENABLE_DBUS" = true ] ; then
515 524 APT_INCLUDES="${APT_INCLUDES},dbus"
516 525 fi
517 526
518 527 # Add iptables IPv4/IPv6 package
519 528 if [ "$ENABLE_IPTABLES" = true ] ; then
520 529 APT_INCLUDES="${APT_INCLUDES},iptables,iptables-persistent"
521 530 fi
522 531
523 532 # Add openssh server package
524 533 if [ "$ENABLE_SSHD" = true ] ; then
525 534 APT_INCLUDES="${APT_INCLUDES},openssh-server"
526 535 fi
527 536
528 537 # Add alsa-utils package
529 538 if [ "$ENABLE_SOUND" = true ] ; then
530 539 APT_INCLUDES="${APT_INCLUDES},alsa-utils"
531 540 fi
532 541
533 542 # Add rng-tools package
534 543 if [ "$ENABLE_HWRANDOM" = true ] ; then
535 544 APT_INCLUDES="${APT_INCLUDES},rng-tools"
536 545 fi
537 546
538 547 # Add fbturbo video driver
539 548 if [ "$ENABLE_FBTURBO" = true ] ; then
540 549 # Enable xorg package dependencies
541 550 ENABLE_XORG=true
542 551 fi
543 552
544 553 # Add user defined window manager package
545 554 if [ -n "$ENABLE_WM" ] ; then
546 555 APT_INCLUDES="${APT_INCLUDES},${ENABLE_WM}"
547 556
548 557 # Enable xorg package dependencies
549 558 ENABLE_XORG=true
550 559 fi
551 560
552 561 # Add xorg package
553 562 if [ "$ENABLE_XORG" = true ] ; then
554 563 APT_INCLUDES="${APT_INCLUDES},xorg,dbus-x11"
555 564 fi
556 565
557 566 # Replace selected packages with smaller clones
558 567 if [ "$ENABLE_REDUCE" = true ] ; then
559 568 # Add levee package instead of vim-tiny
560 569 if [ "$REDUCE_VIM" = true ] ; then
561 570 APT_INCLUDES="$(echo ${APT_INCLUDES} | sed "s/vim-tiny/levee/")"
562 571 fi
563 572
564 573 # Add dropbear package instead of openssh-server
565 574 if [ "$REDUCE_SSHD" = true ] ; then
566 575 APT_INCLUDES="$(echo "${APT_INCLUDES}" | sed "s/openssh-server/dropbear/")"
567 576 fi
568 577 fi
569 578
570 579 # Configure systemd-sysv exclude to make halt/reboot/shutdown scripts available
571 580 if [ "$ENABLE_SYSVINIT" = false ] ; then
572 581 APT_EXCLUDES="--exclude=${APT_EXCLUDES},init,systemd-sysv"
573 582 fi
574 583
575 584 # Configure kernel sources if no KERNELSRC_DIR
576 585 if [ "$BUILD_KERNEL" = true ] && [ -z "$KERNELSRC_DIR" ] ; then
577 586 KERNELSRC_CONFIG=true
578 587 fi
579 588
580 589 # Configure reduced kernel
581 590 if [ "$KERNEL_REDUCE" = true ] ; then
582 591 KERNELSRC_CONFIG=false
583 592 fi
584 593
585 594 # Configure qemu compatible kernel
586 595 if [ "$ENABLE_QEMU" = true ] ; then
587 596 DTB_FILE=vexpress-v2p-ca15_a7.dtb
588 597 UBOOT_CONFIG=vexpress_ca15_tc2_defconfig
589 598 KERNEL_DEFCONFIG="vexpress_defconfig"
590 599 if [ "$KERNEL_MENUCONFIG" = false ] ; then
591 600 KERNEL_OLDDEFCONFIG=true
592 601 fi
593 602 fi
594 603
595 604 # Execute bootstrap scripts
596 605 for SCRIPT in bootstrap.d/*.sh; do
597 606 head -n 3 "$SCRIPT"
598 607 . "$SCRIPT"
599 608 done
600 609
601 610 ## Execute custom bootstrap scripts
602 611 if [ -d "custom.d" ] ; then
603 612 for SCRIPT in custom.d/*.sh; do
604 613 . "$SCRIPT"
605 614 done
606 615 fi
607 616
608 617 # Execute custom scripts inside the chroot
609 618 if [ -n "$CHROOT_SCRIPTS" ] && [ -d "$CHROOT_SCRIPTS" ] ; then
610 619 cp -r "${CHROOT_SCRIPTS}" "${R}/chroot_scripts"
611 620 chroot_exec /bin/bash -x <<'EOF'
612 621 for SCRIPT in /chroot_scripts/* ; do
613 622 if [ -f $SCRIPT -a -x $SCRIPT ] ; then
614 623 $SCRIPT
615 624 fi
616 625 done
617 626 EOF
618 627 rm -rf "${R}/chroot_scripts"
619 628 fi
620 629
621 630 # Remove c/c++ build environment from the chroot
622 631 chroot_remove_cc
623 632
624 633 # Generate required machine-id
625 634 MACHINE_ID=$(dbus-uuidgen)
626 635 echo -n "${MACHINE_ID}" > "${R}/var/lib/dbus/machine-id"
627 636 echo -n "${MACHINE_ID}" > "${ETC_DIR}/machine-id"
628 637
629 638 # APT Cleanup
630 639 chroot_exec apt-get -y clean
631 640 chroot_exec apt-get -y autoclean
632 641 chroot_exec apt-get -y autoremove
633 642
634 643 # Unmount mounted filesystems
635 644 umount -l "${R}/proc"
636 645 umount -l "${R}/sys"
637 646
638 647 # Clean up directories
639 648 rm -rf "${R}/run/*"
640 649 rm -rf "${R}/tmp/*"
641 650
642 651 # Clean up files
643 652 rm -f "${ETC_DIR}/ssh/ssh_host_*"
644 653 rm -f "${ETC_DIR}/dropbear/dropbear_*"
645 654 rm -f "${ETC_DIR}/apt/sources.list.save"
646 655 rm -f "${ETC_DIR}/resolvconf/resolv.conf.d/original"
647 656 rm -f "${ETC_DIR}/*-"
648 657 rm -f "${ETC_DIR}/apt/apt.conf.d/10proxy"
649 658 rm -f "${ETC_DIR}/resolv.conf"
650 659 rm -f "${R}/root/.bash_history"
651 660 rm -f "${R}/var/lib/urandom/random-seed"
652 661 rm -f "${R}/initrd.img"
653 662 rm -f "${R}/vmlinuz"
654 663 rm -f "${R}${QEMU_BINARY}"
655 664
656 665 if [ "$ENABLE_QEMU" = true ] ; then
657 666 # Setup QEMU directory
658 667 mkdir "${BASEDIR}/qemu"
659 668
660 669 # Copy kernel image to QEMU directory
661 670 install_readonly "${BOOT_DIR}/${KERNEL_IMAGE}" "${BASEDIR}/qemu/${KERNEL_IMAGE}"
662 671
663 672 # Copy kernel config to QEMU directory
664 673 install_readonly "${R}/boot/config-${KERNEL_VERSION}" "${BASEDIR}/qemu/config-${KERNEL_VERSION}"
665 674
666 675 # Copy kernel dtbs to QEMU directory
667 676 for dtb in "${BOOT_DIR}/"*.dtb ; do
668 677 if [ -f "${dtb}" ] ; then
669 678 install_readonly "${dtb}" "${BASEDIR}/qemu/"
670 679 fi
671 680 done
672 681
673 682 # Copy kernel overlays to QEMU directory
674 683 if [ -d "${BOOT_DIR}/overlays" ] ; then
675 684 # Setup overlays dtbs directory
676 685 mkdir "${BASEDIR}/qemu/overlays"
677 686
678 687 for dtb in "${BOOT_DIR}/overlays/"*.dtb ; do
679 688 if [ -f "${dtb}" ] ; then
680 689 install_readonly "${dtb}" "${BASEDIR}/qemu/overlays/"
681 690 fi
682 691 done
683 692 fi
684 693
685 694 # Copy u-boot files to QEMU directory
686 695 if [ "$ENABLE_UBOOT" = true ] ; then
687 696 if [ -f "${BOOT_DIR}/u-boot.bin" ] ; then
688 697 install_readonly "${BOOT_DIR}/u-boot.bin" "${BASEDIR}/qemu/u-boot.bin"
689 698 fi
690 699 if [ -f "${BOOT_DIR}/uboot.mkimage" ] ; then
691 700 install_readonly "${BOOT_DIR}/uboot.mkimage" "${BASEDIR}/qemu/uboot.mkimage"
692 701 fi
693 702 if [ -f "${BOOT_DIR}/boot.scr" ] ; then
694 703 install_readonly "${BOOT_DIR}/boot.scr" "${BASEDIR}/qemu/boot.scr"
695 704 fi
696 705 fi
697 706
698 707 # Copy initramfs to QEMU directory
699 708 if [ -f "${BOOT_DIR}/initramfs-${KERNEL_VERSION}" ] ; then
700 709 install_readonly "${BOOT_DIR}/initramfs-${KERNEL_VERSION}" "${BASEDIR}/qemu/initramfs-${KERNEL_VERSION}"
701 710 fi
702 711 fi
703 712
704 713 # Calculate size of the chroot directory in KB
705 714 CHROOT_SIZE=$(expr "$(du -s "${R}" | awk '{ print $1 }')")
706 715
707 716 # Calculate the amount of needed 512 Byte sectors
708 717 TABLE_SECTORS=$(expr 1 \* 1024 \* 1024 \/ 512)
709 718 FRMW_SECTORS=$(expr 64 \* 1024 \* 1024 \/ 512)
710 719 ROOT_OFFSET=$(expr "${TABLE_SECTORS}" + "${FRMW_SECTORS}")
711 720
712 721 # The root partition is EXT4
713 722 # This means more space than the actual used space of the chroot is used.
714 723 # As overhead for journaling and reserved blocks 35% are added.
715 724 ROOT_SECTORS=$(expr "$(expr "${CHROOT_SIZE}" + "${CHROOT_SIZE}" \/ 100 \* 35)" \* 1024 \/ 512)
716 725
717 726 # Calculate required image size in 512 Byte sectors
718 727 IMAGE_SECTORS=$(expr "${TABLE_SECTORS}" + "${FRMW_SECTORS}" + "${ROOT_SECTORS}")
719 728
720 729 # Prepare image file
721 730 if [ "$ENABLE_SPLITFS" = true ] ; then
722 731 dd if=/dev/zero of="$IMAGE_NAME-frmw.img" bs=512 count="${TABLE_SECTORS}"
723 732 dd if=/dev/zero of="$IMAGE_NAME-frmw.img" bs=512 count=0 seek="${FRMW_SECTORS}"
724 733 dd if=/dev/zero of="$IMAGE_NAME-root.img" bs=512 count="${TABLE_SECTORS}"
725 734 dd if=/dev/zero of="$IMAGE_NAME-root.img" bs=512 count=0 seek="${ROOT_SECTORS}"
726 735
727 736 # Write firmware/boot partition tables
728 737 sfdisk -q -L -uS -f "$IMAGE_NAME-frmw.img" 2> /dev/null <<EOM
729 738 ${TABLE_SECTORS},${FRMW_SECTORS},c,*
730 739 EOM
731 740
732 741 # Write root partition table
733 742 sfdisk -q -L -uS -f "$IMAGE_NAME-root.img" 2> /dev/null <<EOM
734 743 ${TABLE_SECTORS},${ROOT_SECTORS},83
735 744 EOM
736 745
737 746 # Setup temporary loop devices
738 747 FRMW_LOOP="$(losetup -o 1M --sizelimit 64M -f --show "$IMAGE_NAME"-frmw.img)"
739 748 ROOT_LOOP="$(losetup -o 1M -f --show "$IMAGE_NAME"-root.img)"
740 749 else # ENABLE_SPLITFS=false
741 750 dd if=/dev/zero of="$IMAGE_NAME.img" bs=512 count="${TABLE_SECTORS}"
742 751 dd if=/dev/zero of="$IMAGE_NAME.img" bs=512 count=0 seek="${IMAGE_SECTORS}"
743 752
744 753 # Write partition table
745 754 sfdisk -q -L -uS -f "$IMAGE_NAME.img" 2> /dev/null <<EOM
746 755 ${TABLE_SECTORS},${FRMW_SECTORS},c,*
747 756 ${ROOT_OFFSET},${ROOT_SECTORS},83
748 757 EOM
749 758
750 759 # Setup temporary loop devices
751 760 FRMW_LOOP="$(losetup -o 1M --sizelimit 64M -f --show "$IMAGE_NAME".img)"
752 761 ROOT_LOOP="$(losetup -o 65M -f --show "$IMAGE_NAME".img)"
753 762 fi
754 763
755 764 if [ "$ENABLE_CRYPTFS" = true ] ; then
756 765 # Create dummy ext4 fs
757 766 mkfs.ext4 "$ROOT_LOOP"
758 767
759 768 # Setup password keyfile
760 769 touch .password
761 770 chmod 600 .password
762 771 echo -n ${CRYPTFS_PASSWORD} > .password
763 772
764 773 # Initialize encrypted partition
765 774 echo "YES" | cryptsetup luksFormat "${ROOT_LOOP}" -c "${CRYPTFS_CIPHER}" -s "${CRYPTFS_XTSKEYSIZE}" .password
766 775
767 776 # Open encrypted partition and setup mapping
768 777 cryptsetup luksOpen "${ROOT_LOOP}" -d .password "${CRYPTFS_MAPPING}"
769 778
770 779 # Secure delete password keyfile
771 780 shred -zu .password
772 781
773 782 # Update temporary loop device
774 783 ROOT_LOOP="/dev/mapper/${CRYPTFS_MAPPING}"
775 784
776 785 # Wipe encrypted partition (encryption cipher is used for randomness)
777 786 dd if=/dev/zero of="${ROOT_LOOP}" bs=512 count="$(blockdev --getsz "${ROOT_LOOP}")"
778 787 fi
779 788
780 789 # Build filesystems
781 790 mkfs.vfat "$FRMW_LOOP"
782 791 mkfs.ext4 "$ROOT_LOOP"
783 792
784 793 # Mount the temporary loop devices
785 794 mkdir -p "$BUILDDIR/mount"
786 795 mount "$ROOT_LOOP" "$BUILDDIR/mount"
787 796
788 797 mkdir -p "$BUILDDIR/mount/boot/firmware"
789 798 mount "$FRMW_LOOP" "$BUILDDIR/mount/boot/firmware"
790 799
791 800 # Copy all files from the chroot to the loop device mount point directory
792 801 rsync -a "${R}/" "$BUILDDIR/mount/"
793 802
794 803 # Unmount all temporary loop devices and mount points
795 804 cleanup
796 805
797 806 # Create block map file(s) of image(s)
798 807 if [ "$ENABLE_SPLITFS" = true ] ; then
799 808 # Create block map files for "bmaptool"
800 809 bmaptool create -o "$IMAGE_NAME-frmw.bmap" "$IMAGE_NAME-frmw.img"
801 810 bmaptool create -o "$IMAGE_NAME-root.bmap" "$IMAGE_NAME-root.img"
802 811
803 812 # Image was successfully created
804 813 echo "$IMAGE_NAME-frmw.img ($(expr \( "${TABLE_SECTORS}" + "${FRMW_SECTORS}" \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
805 814 echo "$IMAGE_NAME-root.img ($(expr \( "${TABLE_SECTORS}" + "${ROOT_SECTORS}" \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
806 815 else
807 816 # Create block map file for "bmaptool"
808 817 bmaptool create -o "$IMAGE_NAME.bmap" "$IMAGE_NAME.img"
809 818
810 819 # Image was successfully created
811 820 echo "$IMAGE_NAME.img ($(expr \( "${TABLE_SECTORS}" + "${FRMW_SECTORS}" + "${ROOT_SECTORS}" \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
812 821
813 822 # Create qemu qcow2 image
814 823 if [ "$ENABLE_QEMU" = true ] ; then
815 824 QEMU_IMAGE=${QEMU_IMAGE:=${BASEDIR}/qemu/${DATE}-${KERNEL_ARCH}-CURRENT-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}}
816 825 QEMU_SIZE=16G
817 826
818 827 qemu-img convert -f raw -O qcow2 "$IMAGE_NAME".img "$QEMU_IMAGE".qcow2
819 828 qemu-img resize "$QEMU_IMAGE".qcow2 $QEMU_SIZE
820 829
821 830 echo "$QEMU_IMAGE.qcow2 ($QEMU_SIZE)" ": successfully created"
822 831 fi
823 832 fi
General Comments 0
Vous devez vous connecter pour laisser un commentaire. Se connecter maintenant