##// END OF EJS Templates
Raspi2-3_GenImage
RSS

Cloner depuis https://github.com/drtyhlpr/rpi23-gen-image.git

Merge branch 'master' of https://github.com/g-vidal/rpi23-gen-image into gitGV
vidal -
r772:93555ad8d7c4 Fusion
parent child
Show More
Show file before | Show file after | Hide comments
1 NO CONTENT: new file 100644, binary diff hidden
Show file before | Show file after | Hide comments
@@ -0,0 +1,122
1 # Configuration file raspi3 buster IFÉ 2020/01/28
2 #
3 APT_SERVER=debian.mirrors.ovh.net
4 #APT_SERVER=debian.proxad.net
5 APT_INCLUDES="gawk,gnupg,firmware-linux,\
6 firmware-linux-nonfree,firmware-misc-nonfree,\
7 firmware-realtek,firmware-brcm80211,dh-autoreconf,\
8 gettext,build-essential,git,systemd-sysv,bc,\
9 cmake,libjson-c-dev,unzip,usbutils,bison,\
10 automake,autoconf,autogen,\
11 libtool,libtool-bin,libltdl-dev,pkg-config,\
12 menulibre,libnotify-bin,pandoc,pm-utils,\
13 acpi-support,python3,python3-dev,python3-pypandoc,\
14 python3-scipy,python3-tk,python3-pandocfilters,\
15 python3-geopy,python3-pip,python,python-dev,\
16 python-tk,python-pip,\
17 python-tk,pandoc,python-configobj,python-cheetah,\
18 python-pil,python-serial,python-usb,pcre2-utils,\
19 libpcre++-dev,libpcre2-dev,libjpeg-dev,i2c-tools,\
20 python3-smbus,policykit-1,pmount,ntpdate,ntp,\
21 rsync,gnome-backgrounds,mate-backgrounds,texlive,\
22 texlive-xetex,nginx-extras,ffmpeg,network-manager,\
23 console-data,keyboard-configuration,\
24 libqt5webkit5-dev,libudev-dev,gfortran-9,\
25 libgfortran-9-dev,\
26 libzzip-dev,zlib1g-dev,libcanberra-gtk-module,\
27 libnss-myhostname,libfreetype6-dev,libpng16-16,\
28 libffi-dev,libltdl-dev,dbus-user-session,\
29 debian-archive-keyring,curl,wget,mousepad,\
30 xutils-dev,\
31 tightvncserver,geany,openbox-menu,\
32 autotools-dev,htop,ca-certificates-java,\
33 icedtea-netx,openjdk-11-jdk,\
34 openjdk-11-jre,openjdk-11-jre-headless,\
35 jed,nmap,terminator,libboost-all-dev"
36 #x11proto-randr-dev,lxrandr,\
37 #APT_INCLUDES_LATE="jed,\
38 #"
39 #----------------------
40 RPI_MODEL=3
41 RELEASE="bullseye"
42 RELEASE_ARCH="armhf"
43 SET_ARCH=32
44 HOSTNAME="raspife3"
45 PASSWORD="AChanger1$"
46 USER_PASSWORD="AChanger1$"
47 DEFLOCAL="fr_FR.UTF-8"
48 TIMEZONE="Europe/Paris"
49 EXPANDROOT=false
50 ENABLE_QEMU=false
51 #-----------------------
52 XKB_MODEL="pc105"
53 XKB_LAYOUT="fr"
54 XKB_VARIANT="latin9"
55 XKB_OPTIONS=""
56 #------------------------
57 ENABLE_DHCP=true
58 #------------------------
59 ENABLE_CONSOLE=false
60 ENABLE_BLUETOOTH=false
61 ENABLE_I2C=true
62 ENABLE_SPI=true
63 ENABLE_IPV6=true
64 ENABLE_SSHD=true
65 ENABLE_NONFREE=true
66 ENABLE_WIRELESS=true
67 ENABLE_RSYSLOG=true
68 ENABLE_SOUND=true
69 ENABLE_HWRANDOM=true
70 ENABLE_MINGPU=true
71 ENABLE_DBUS=true
72 ENABLE_XORG=true
73 ENABLE_WM="openbox"
74 ENABLE_SYSVINIT=true
75 #------------------------
76 ENABLE_MINBASE=false
77 ENABLE_REDUCE=false
78 ENABLE_UBOOT=false
79 ENABLE_FBTURBO=false
80 ENABLE_VIDEOCORE=true
81 ENABLE_IPTABLES=false
82 ENABLE_USER=true
83 USER_NAME=ens-ife
84 ENABLE_ROOT=false
85 ENABLE_HARDNET=true
86 ENABLE_INITRAMFS=true
87 ENABLE_IFNAMES=true
88 #DISABLE_UNDERVOLT_WARNINGS=
89 #------------------------
90 SSH_ENABLE_ROOT=false
91 SSH_LIMIT_USERS=false
92 SSH_ROOT_PUB_KEY="/home/vidal/.ssh/authorized_keys"
93 SSH_USER_PUB_KEY="/home/vidal/.ssh/authorized_keys"
94 #------------------------
95 BUILD_KERNEL=true
96 KERNEL_BRANCH=rpi-5.4.y
97 KERNEL_REDUCE=false
98 KERNEL_HEADERS=true
99 KERNEL_REMOVESRC=true
100 KERNELSRC_CLEAN=true
101 KERNELSRC_CONFIG=true
102 #KERNEL_DEFCONFIG=bcm2835_defconfig
103 #KERNEL_BIN_IMAGE=Image
104 #KERNEL_IMAGE=kernel7.img
105 KERNEL_CCACHE=true
106 #------------------------
107 REDUCE_APT=false
108 REDUCE_DOC=true
109 REDUCE_MAN=true
110 REDUCE_HWDB=false
111 REDUCE_BASH=false
112 REDUCE_SSHD=false
113 REDUCE_LOCALE=false
114 #-------------------------
115 ENABLE_CRYPTFS=false
116 #-------------------------
117 BASEDIR=/storage/RpiGenImage/Images/${RELEASE}
118 #BASEDIR=/media/*******/*********/Nano-Ordinateurs/RaspberryPi/RpiGenImage/Images/${RELEASE}
119 DATE=`date +%Y-%m-%d`
120 IMAGE_NAME=${BASEDIR}/${DATE}-rpi${RPI_MODEL}-${RELEASE}
121
122
Show file before | Show file after | Hide comments
@@ -0,0 +1,122
1 # Configuration file raspi3 buster IFÉ 2020/02/04
2 #
3 APT_SERVER=debian.mirrors.ovh.net
4 #APT_SERVER=debian.proxad.net
5 APT_INCLUDES="gawk,gnupg,firmware-linux,\
6 firmware-linux-nonfree,firmware-misc-nonfree,\
7 firmware-realtek,firmware-brcm80211,dh-autoreconf,\
8 gettext,build-essential,git,systemd-sysv,bc,\
9 cmake,libjson-c-dev,unzip,usbutils,bison,\
10 automake,autoconf,autogen,\
11 libtool,libtool-bin,libltdl-dev,pkg-config,\
12 menulibre,libnotify-bin,pandoc,pm-utils,\
13 acpi-support,python3,python3-dev,python3-pypandoc,\
14 python3-scipy,python3-tk,python3-pandocfilters,\
15 python3-geopy,python3-pip,python,python-dev,\
16 python-tk,python-pip,\
17 python-tk,pandoc,python-configobj,python-cheetah,\
18 python-pil,python-serial,python-usb,pcre2-utils,\
19 libpcre++-dev,libpcre2-dev,libjpeg-dev,i2c-tools,\
20 python3-smbus,policykit-1,pmount,ntpdate,ntp,\
21 rsync,gnome-backgrounds,mate-backgrounds,texlive,\
22 texlive-xetex,nginx-extras,ffmpeg,network-manager,\
23 console-data,keyboard-configuration,\
24 libqt5webkit5-dev,libudev-dev,gfortran-8,\
25 libgfortran-8-dev,\
26 libzzip-dev,zlib1g-dev,libcanberra-gtk-module,\
27 libnss-myhostname,libfreetype6-dev,libpng16-16,\
28 libffi-dev,libltdl-dev,dbus-user-session,\
29 debian-archive-keyring,curl,wget,mousepad,\
30 xutils-dev,\
31 tightvncserver,geany,openbox-menu,\
32 autotools-dev,htop,ca-certificates-java,\
33 icedtea-netx,openjdk-11-jdk,\
34 openjdk-11-jre,openjdk-11-jre-headless,\
35 jed,nmap,terminator,libboost-all-dev"
36 #x11proto-randr-dev,lxrandr,\
37 #APT_INCLUDES_LATE="jed,\
38 #"
39 #----------------------
40 RPI_MODEL=4
41 RELEASE="buster"
42 RELEASE_ARCH="arm64"
43 SET_ARCH=32
44 HOSTNAME="raspife4"
45 PASSWORD="AChanger1$"
46 USER_PASSWORD="AChanger1$"
47 DEFLOCAL="fr_FR.UTF-8"
48 TIMEZONE="Europe/Paris"
49 EXPANDROOT=false
50 ENABLE_QEMU=false
51 #-----------------------
52 XKB_MODEL="pc105"
53 XKB_LAYOUT="fr"
54 XKB_VARIANT="latin9"
55 XKB_OPTIONS=""
56 #------------------------
57 ENABLE_DHCP=true
58 #------------------------
59 ENABLE_CONSOLE=false
60 ENABLE_BLUETOOTH=false
61 ENABLE_I2C=true
62 ENABLE_SPI=true
63 ENABLE_IPV6=true
64 ENABLE_SSHD=true
65 ENABLE_NONFREE=true
66 ENABLE_WIRELESS=true
67 ENABLE_RSYSLOG=true
68 ENABLE_SOUND=true
69 ENABLE_HWRANDOM=true
70 ENABLE_MINGPU=true
71 ENABLE_DBUS=true
72 ENABLE_XORG=true
73 ENABLE_WM="openbox"
74 ENABLE_SYSVINIT=true
75 #------------------------
76 ENABLE_MINBASE=false
77 ENABLE_REDUCE=false
78 ENABLE_UBOOT=false
79 ENABLE_FBTURBO=false
80 ENABLE_VIDEOCORE=true
81 ENABLE_IPTABLES=false
82 ENABLE_USER=true
83 USER_NAME=ens-ife
84 ENABLE_ROOT=false
85 ENABLE_HARDNET=true
86 ENABLE_INITRAMFS=true
87 ENABLE_IFNAMES=true
88 #DISABLE_UNDERVOLT_WARNINGS=
89 #------------------------
90 SSH_ENABLE_ROOT=false
91 SSH_LIMIT_USERS=false
92 SSH_ROOT_PUB_KEY="/home/vidal/.ssh/authorized_keys"
93 SSH_USER_PUB_KEY="/home/vidal/.ssh/authorized_keys"
94 #------------------------
95 BUILD_KERNEL=true
96 KERNEL_BRANCH=rpi-4.19.y
97 KERNEL_REDUCE=false
98 KERNEL_HEADERS=true
99 KERNEL_REMOVESRC=true
100 KERNELSRC_CLEAN=true
101 KERNELSRC_CONFIG=true
102 #KERNEL_DEFCONFIG=bcm2835_defconfig
103 #KERNEL_BIN_IMAGE=Image
104 #KERNEL_IMAGE=kernel7.img
105 KERNEL_CCACHE=true
106 #------------------------
107 REDUCE_APT=false
108 REDUCE_DOC=true
109 REDUCE_MAN=true
110 REDUCE_HWDB=false
111 REDUCE_BASH=false
112 REDUCE_SSHD=false
113 REDUCE_LOCALE=false
114 #-------------------------
115 ENABLE_CRYPTFS=false
116 #-------------------------
117 BASEDIR=/storage/RpiGenImage/Images/${RELEASE}
118 #BASEDIR=/media/*******/*********/Nano-Ordinateurs/RaspberryPi/RpiGenImage/Images/${RELEASE}
119 DATE=`date +%Y-%m-%d`
120 IMAGE_NAME=${BASEDIR}/${DATE}-rpi${RPI_MODEL}-${RELEASE}-${SET_ARCH}
121
122
Show file before | Show file after | Hide comments
@@ -1,406 +1,404
1 1 # rpi23-gen-image
2 2 ## Introduction
3 3 `rpi23-gen-image.sh` is an advanced Debian Linux bootstrapping shell script for generating Debian OS images for all Raspberry Pi computers. The script at this time supports the bootstrapping of the Debian (armhf/armel) releases `stretch` and `buster`. Raspberry Pi 0/1/2/3/4 images are generated for 32-bit mode only. Raspberry Pi 3 supports 64-bit images that can be generated using custom configuration parameters (```templates/rpi3-stretch-arm64-4.14.y```).
4 4
5
6
7 5 ## Build dependencies
8 6 The following list of Debian packages must be installed on the build system because they are essentially required for the bootstrapping process. The script will check if all required packages are installed and missing packages will be installed automatically if confirmed by the user.
9 7
10 8 ```debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git bc psmisc dbus sudo```
11 9
12 10 It is recommended to configure the `rpi23-gen-image.sh` script to build and install the latest Raspberry Pi Linux kernel. For the Raspberry 3 this is mandatory. Kernel compilation and linking will be performed on the build system using an ARM (armhf/armel/aarch64) cross-compiler toolchain.
13 11
14 12 The script has been tested using the default `crossbuild-essential-armhf` and `crossbuild-essential-armel` toolchain meta packages on Debian Linux `stretch` build systems. Please check the [Debian CrossToolchains Wiki](https://wiki.debian.org/CrossToolchains) for further information.
15 13
16 14 ## Command-line parameters
17 15 The script accepts certain command-line parameters to enable or disable specific OS features, services and configuration settings. These parameters are passed to the `rpi23-gen-image.sh` script via (simple) shell-variables. Unlike environment shell-variables (simple) shell-variables are defined at the beginning of the command-line call of the `rpi23-gen-image.sh` script.
18 16
19 17 ##### Command-line examples:
20 18 ```shell
21 19 ENABLE_UBOOT=true ./rpi23-gen-image.sh
22 20 ENABLE_CONSOLE=false ENABLE_IPV6=false ./rpi23-gen-image.sh
23 21 ENABLE_WM=xfce4 ENABLE_FBTURBO=true ENABLE_MINBASE=true ./rpi23-gen-image.sh
24 22 ENABLE_HARDNET=true ENABLE_IPTABLES=true /rpi23-gen-image.sh
25 23 APT_SERVER=ftp.de.debian.org APT_PROXY="http://127.0.0.1:3142/" ./rpi23-gen-image.sh
26 24 ENABLE_MINBASE=true ./rpi23-gen-image.sh
27 25 BUILD_KERNEL=true ENABLE_MINBASE=true ENABLE_IPV6=false ./rpi23-gen-image.sh
28 26 BUILD_KERNEL=true KERNELSRC_DIR=/tmp/linux ./rpi23-gen-image.sh
29 27 ENABLE_MINBASE=true ENABLE_REDUCE=true ENABLE_MINGPU=true BUILD_KERNEL=true ./rpi23-gen-image.sh
30 28 ENABLE_CRYPTFS=true CRYPTFS_PASSWORD=changeme EXPANDROOT=false ENABLE_MINBASE=true ENABLE_REDUCE=true ENABLE_MINGPU=true BUILD_KERNEL=true ./rpi23-gen-image.sh
31 29 RELEASE=buster BUILD_KERNEL=true ./rpi23-gen-image.sh
32 30 RPI_MODEL=3 ENABLE_WIRELESS=true ENABLE_MINBASE=true BUILD_KERNEL=true ./rpi23-gen-image.sh
33 31 RELEASE=buster RPI_MODEL=3 ENABLE_WIRELESS=true ENABLE_MINBASE=true BUILD_KERNEL=true ./rpi23-gen-image.sh
34 32 ```
35 33
36 34 ## Configuration template files
37 35 To avoid long lists of command-line parameters and to help to store the favourite parameter configurations the `rpi23-gen-image.sh` script supports so called configuration template files (`CONFIG_TEMPLATE`=template). These are simple text files located in the `./templates` directory that contain the list of configuration parameters that will be used. New configuration template files can be added to the `./templates` directory.
38 36
39 37 ##### Command-line examples:
40 38 ```shell
41 39 CONFIG_TEMPLATE=rpi3stretch ./rpi23-gen-image.sh
42 40 CONFIG_TEMPLATE=rpi2stretch ./rpi23-gen-image.sh
43 41 ```
44 42
45 43 ## Working with the your template:
46 44 * **A Pipe ("|") represents a logical OR**
47 45 * **A valuetype of boolean represents the options true or false**
48 46 * **Values without a default are required if you want do use that feature. It is possible that not every feature has a (working) sanity check.**
49 47 * **If it's not working as expected, search your option in all the files in this repository (With e.g.grep or notepad++).**
50 48 * **Check if your missing a required option while looking at the code**
51 49
52 50 ## Supported parameters and settings
53 51
54 52 #### APT settings:
55 53 |Option|Value|default value|value format|desciption|
56 54 |---|---|---|---|---|
57 55 |APT_SERVER|string|ftp.debian.org|`URL`|Set Debian packages server address. Choose a server from the list of Debian worldwide [mirror sites](https://www.debian.org/mirror/list). Using a nearby server will probably speed-up all required downloads within the bootstrapping process.|
58 56 |APT_PROXY|string||`URL`|Set Proxy server address. Using a local Proxy-Cache like `apt-cacher-ng` will speed-up the bootstrapping process because all required Debian packages will only be downloaded from the Debian mirror site once. If `apt-cacher-ng` is running on default `http://127.0.0.1:3142` it is autodetected and you don't need to set this.|
59 57 |KEEP_APT_PROXY|boolean|false|`true`\|`false`|true=Keep the APT_PROXY settings used in the bootsrapping process in the generated image|
60 58 |APT_INCLUDES|string list||`packageA`,`packageB`,...|A comma-separated list of additional packages to be installed by debootstrap during bootstrapping.|
61 59 |APT_INCLUDES_LATE|string list||`packageA`,`packageB`,...|A comma-separated list of additional packages to be installed by apt after bootstrapping and after APT sources are set up. This is useful for packages with pre-depends, which debootstrap do not handle well.|
62 60 |APT_EXCLUDES|string list||`packageA`,`packageB`,...|A comma-separated list of packages to exclude. Use carefully|
63 61 ---
64 62
65 63 #### General system settings:
66 64 |Option|Value|default value|value format|desciption|
67 65 |---|---|---|---|---|
68 66 |SET_ARCH|integer|32|`32`\|`64`|Set Architecture to default 32bit. If you want to compile 64-bit (RPI3/RPI3+/RPI4) set it to `64`. This option will set every needed cross-compiler or board specific option for a successful build.|
69 67 |RPI_MODEL|string|3P|`0`\|`1`\|`1P`\|`2`\|`3`\|`3P`\|`4`|Set Architecture. This option will set most build options accordingly. Specify the target Raspberry Pi hardware model.|
70 68 |RELEASE|string|buster|`jessie`\|`buster`\|`stretch`<br>\|`bullseye`\|`testing`\|`stable`<br>\|`oldstable`|Set the desired Debian release name. The script at this time supports the bootstrapping of the Debian releases `stretch` and `buster`.|
71 69 |HOSTNAME|string|RPI_MODEL-RELEASE(e.g. RPI3-buster)|`SomeImageName.img`|Set system hostname. It's recommended that the hostname is unique in the corresponding subnet.|
72 70 |DEFLOCAL|string|en_US.UTF-8|`Locale.Charset`|Set default system locale. This setting can also be changed inside the running OS using the `dpkg-reconfigure locales` command. Please note that on using this parameter the script will automatically install the required packages `locales`, `keyboard-configuration` and `console-setup`.|
73 71 |TIMEZONE|string|Europe/Berlin|`Timezone`|Set default system timezone. All available timezones can be found in the `/usr/share/zoneinfo/` directory. This setting can also be changed inside the running OS using the `dpkg-reconfigure tzdata` command.|
74 72 |EXPANDROOT|boolean|true|`true`\|`false`|true=Expand the root partition and filesystem automatically on first boot|
75 73
76 74 ---
77 75
78 76 #### User settings:
79 77 |Option|Value|default value|desciption|
80 78 |---|---|---|---|
81 79 |ENABLE_ROOT|boolean|false|true=root login if ROOT_PASSWORD is set|
82 80 |ROOT_PASSWORD|string|raspberry|Set password for `root` user. It's **STRONGLY** recommended that you choose a custom password.|
83 81 |ENABLE_USER|boolean|true|true=Create non-root user with password `USER_PASSWORD` and username `USER_NAME`|
84 82 |USER_NAME|string|pi|Set username for non-root user, if `ENABLE_USER` is true|
85 83 |USER_PASSWORD|string|raspberry|Set password for non-root user, if `ENABLE_USER` is true. It's **STRONGLY** recommended that you choose a custom password.|
86 84
87 85 ---
88 86
89 87 #### Keyboard settings:
90 88
91 89 These options are used to configure keyboard layout in `/etc/default/keyboard` for console and Xorg. These settings can also be changed inside the running OS using the `dpkg-reconfigure keyboard-configuration` command.
92 90
93 91 |Option|Value|default value|value format|desciption|
94 92 |---|---|---|---|---|
95 93 |XKB_MODEL|string||`pc104`|Set the name of the model of your keyboard type|
96 94 |XKB_LAYOUT|string||`us`|Set the supported keyboard layout(s)|
97 95 |XKB_VARIANT|string||`basic`|Set the supported variant(s) of the keyboard layout(s)|
98 96 |XKB_OPTIONS|string||`grp:alt_shift_toggle`|Set extra xkb configuration options|
99 97
100 98 ---
101 99
102 100 #### Networking settings:
103 101 ethernet setting go to `/etc/systemd/network/eth0.network`.
104 102 wifi settings go to `/etc/systemd/network/wlan0.network`.
105 103
106 104 The default location of network configuration files in the Debian `stretch` release was changed to `/lib/systemd/network`.`
107 105
108 106 |Option|Value|default value|desciption|
109 107 |---|---|---|---|
110 108 |ENABLE_IPV6|boolean|true|true=Enable IPv6 support via systemd-networkd|
111 109 |ENABLE_WIRELESS|boolean|false|true=Download and install the [closed-source firmware binary blob](https://github.com/RPi-Distro/firmware-nonfree/raw/master/brcm) that is required to run the internal wireless interface of the Raspberry Pi model `3`. This parameter is ignored if the specified `RPI_MODEL` is not `0`,`3`,`3P`,`4`|
112 110 |ENABLE_IPTABLES|boolean|false|true=Enable iptables IPv4/IPv6 firewall. Simplified ruleset: Allow all outgoing connections. Block all incoming connections except to OpenSSH service.|
113 111 |ENABLE_HARDNET|boolean|false|true=Enable IPv4/IPv6 network stack hardening settings|
114 112 |ENABLE_IFNAMES|boolean|true|true=creates complex and long interface names like e.g. encx8945924. Enable automatic assignment of predictable, stable network interface names for all NICs|
115 113
116 114 ---
117 115
118 116 #### Networking settings (DHCP):
119 117
120 118
121 119 |Option|Value|default value|desciption|
122 120 |---|---|---|---|
123 121 |ENABLE_ETH_DHCP|boolean|true|Set the system to use DHCP on wired interface. This requires an DHCP server|
124 122 |ENABLE_WIFI_DHCP|boolean|true|Set the system to use DHCP on wifi interface. This requires an DHCP server. Requires ENABLE_WIRELESS|
125 123
126 124 ---
127 125
128 126 #### Networking settings (ethernet static):
129 127 The following static networking parameters are only supported if `ENABLE_ETH_DHCP` was set to `false`.
130 128
131 129 |Option|Value|value format|desciption|
132 130 |---|---|---|---|
133 131 |NET_ETH_ADDRESS|string|`CIDR`|static IPv4 or IPv6 address and its prefix, separated by "/", eg. "192.169.0.3/24"|
134 132 |NET_ETH_GATEWAY|string|`IP`|default gateway|
135 133 |NET_ETH_DNS_1|string|`IP`|first DNS server|
136 134 |NET_ETH_DNS_2|string|`IP`|second DNS server|
137 135 |NET_ETH_DNS_DOMAINS|string|`example.local`|default DNS search domains to use for non fully qualified hostnames|
138 136 |NET_ETH_NTP_1|string|`IP`|first NTP server|
139 137 |NET_ETH_NTP_2|string|`IP`|second NTP server|
140 138
141 139 ---
142 140
143 141 #### Networking settings (WIFI):
144 142
145 143 |Option|Value|value format|desciption|
146 144 |---|---|---|---|
147 145 |NET_WIFI_SSID|string|`yourwifiname`|WIFI SSID|
148 146 |NET_WIFI_PSK|string|`yourwifikeytojoinnetwork`|WPA/WPA2 PSK|
149 147
150 148 ---
151 149
152 150 #### Networking settings (WIFI static):
153 151 The following static networking parameters are only supported if `ENABLE_WIFI_DHCP` was set to `false`.
154 152
155 153 |Option|Value|value format|desciption|
156 154 |---|---|---|---|
157 155 |NET_WIFI_ADDRESS|string|`CIDR`|static IPv4 or IPv6 address and its prefix, separated by "/", eg. "192.169.0.3/24"|
158 156 |NET_WIFI_GATEWAY|string|`IP`|default gateway|
159 157 |NET_WIFI_DNS_1|string|`IP`|first DNS server|
160 158 |NET_WIFI_DNS_2|string|`IP`|second DNS server|
161 159 |NET_WIFI_DNS_DOMAINS|string|`example.local`|default DNS search domains to use for non fully qualified hostnames|
162 160 |NET_WIFI_NTP_1|string|`IP`|first NTP server|
163 161 |NET_WIFI_NTP_2|string|`IP`|second NTP server|
164 162
165 163 ---
166 164
167 165 #### Basic system features:
168 166
169 167 |Option|Value|default value|value format|desciption|
170 168 |---|---|---|---|---|
171 169 |ENABLE_CONSOLE|boolean|false|`true`\|`false`|true=Enable serial console interface.Recommended if no monitor or keyboard is connected to the RPi2/3. In case of problems fe. if the network (auto) configuration failed - the serial console can be used to access the system. On RPI `0` `3` `3P` the CPU speed is locked at lowest speed.|
172 170 |ENABLE_PRINTK|boolean|false|`true`\|`false`|true=Enables printing kernel messages to konsole. printk is `3 4 1 3` as in raspbian|
173 171 |ENABLE_BLUETOOTH|boolean|false|`true`\|`false`|true=Enable onboard Bluetooth interface on the RPi0/3/3P. See: [Configuring the GPIO serial port on Raspbian jessie and stretch](https://spellfoundry.com/2016/05/29/configuring-gpio-serial-port-raspbian-jessie-including-pi-3/)|
174 172 |ENABLE_MINIUART_OVERLAY|boolean|false|`true`\|`false`|true=Enable Bluetooth to use this. Adds overlay to swap UART0 with UART1. Enabling (slower) Bluetooth and full speed serial console. - RPI `0` `3` `3P` have a fast `hardware UART0` (ttyAMA0) and a `mini UART1` (ttyS0)! RPI `1` `1P` `2` only have a `hardware UART0`. `UART0` is considered better, because is faster and more stable than `mini UART1`. By default the Bluetooth modem is mapped to the `hardware UART0` and `mini UART` is used for console. The `mini UART` is a problem for the serial console, because its baudrate depends on the CPU frequency, which is changing on runtime. Resulting in a volatile baudrate and thus in an unusable serial console.|
175 173 |ENABLE_TURBO|boolean|false|`true`\|`false`|true=Enable Turbo mode. This setting locks cpu at the highest frequency. As setting ENABLE_CONSOLE=true locks RPI to lowest CPU speed, this is can be used additionally to lock cpu hat max speed. Need a good power supply and probably cooling for the Raspberry PI|
176 174 |ENABLE_I2C|boolean|true|`true`\|`false`|true=Enable I2C interface on the RPi 0/1/2/3. Please check the [RPi 0/1/2/3 pinout diagrams](https://elinux.org/RPi_Low-level_peripherals) to connect the right GPIO pins|
177 175 |ENABLE_SPI|boolean|true|`true`\|`false`|true=Enable SPI interface on the RPi 0/1/2/3. Please check the [RPi 0/1/2/3 pinout diagrams](https://elinux.org/RPi_Low-level_peripherals) to connect the right GPIO pins|
178 176 |SSH_ENABLE|boolean|true|`true`\|`false`|Install and enable OpenSSH service. The default configuration of the service doesn't allow `root` to login. Please use the user `pi` instead and `su -` or `sudo` to execute commands as root|
179 177 |ENABLE_NONFREE|boolean|false|`true`\|`false`|true=enable non-free\|false=disable non free. Edits /etc/apt/sources.list in your resulting image|
180 178 |ENABLE_RSYSLOG|boolean|false|`true`\|`false`|true=keep rsyslog\|false=remove rsyslog. If rsyslog is removed (false), logs will be available only in journal files)|
181 179 |ENABLE_SOUND|boolean|false|`true`\|`false`|true=Enable sound\|false=Disable sound|
182 180 |ENABLE_HWRANDOM|boolean|true|`true`\|`false`|true=Enable Hardware Random Number Generator(RNG)\|false=Disable Hardware RNG\|Strong random numbers are important for most network-based communications that use encryption. It's recommended to be enabled|
183 181 |ENABLE_MINGPU|boolean|false|`true`\|`false`|true=GPU 16MB RAM\|false=64MB RAM\|Minimize the amount of shared memory reserved for the GPU. It doesn't seem to be possible to fully disable the GPU. Also removes start.elf,fixup.dat,start_x.elf,fixup_x.dat form /boot|
184 182 |ENABLE_XORG|boolean|false|`true`\|`false`|true=Install Xorg X Window System|\false=install no Xorg|
185 183 |ENABLE_WM|string||`blackbox`, `openbox`, `fluxbox`,<br> `jwm`, `dwm`, `xfce4`, `awesome`|Install a user-defined window manager for the X Window System. To make sure all X related package dependencies are getting installed `ENABLE_XORG` will automatically set true if `ENABLE_WM` is used|
186 184 |ENABLE_SYSVINIT|boolean|false|`true`\|`false`|true=Support for halt,init,poweroff,reboot,runlevel,shutdown,init commands\|false=use systemd commands|
187 185 |ENABLE_SPLASH|boolean|true|`true`\|`false`|true=Enable default Raspberry Pi boot up rainbow splash screen|
188 186 |ENABLE_LOGO|boolean|true|`true`\|`false`|true=Enable default Raspberry Pi console logo (image of four raspberries in the top left corner)|
189 187 |ENABLE_SILENT_BOOT|boolean|false|`true`\|`false`|true=Set the verbosity of console messages shown during boot up to a strict minimum|
190 188 |DISABLE_UNDERVOLT_WARNINGS|integer||`1`\|`2`|Unset to keep default behaviour. Setting the parameter to `1` will disable the warning overlay. Setting it to `2` will additionally allow RPi2/3 turbo mode when low-voltage is present|
191 189
192 190 ---
193 191
194 192 #### Advanced system features:
195 193
196 194 |Option|Value|default value|value format|desciption|
197 195 |---|---|---|---|---|
198 196 |ENABLE_DPHYSSWAP|boolean|true|`true`\|`false`|Enable swap. The size of the swapfile is chosen relative to the size of the root partition. It'll use the `dphys-swapfile` package for that|
199 197 |ENABLE_SYSTEMDSWAP|boolean|false|`true`\|`false`|Enables [Systemd-swap service](https://github.com/Nefelim4ag/systemd-swap). Usefull if `KERNEL_ZSWAP` is enabled|
200 198 |ENABLE_QEMU|boolean|false|`true`\|`false`|Generate kernel (`vexpress_defconfig`), file system image (`qcow2`) and DTB files that can be used for QEMU full system emulation (`vexpress-A15`). The output files are stored in the `$(pwd)/images/qemu` directory. You can find more information about running the generated image in the QEMU section of this readme file|
201 199 |QEMU_BINARY|string||`FullPathToQemuBinaryFile`|Sets the QEMU enviornment for the Debian archive. **Set by RPI_MODEL**|
202 200 |ENABLE_KEYGEN|boolean|false|`true`\|`false`|Recover your lost codec license|
203 201 |ENABLE_MINBASE|boolean|false|`true`\|`false`|Use debootstrap script variant `minbase` which only includes essential packages and apt. This will reduce the disk usage by about 65 MB|
204 202 |ENABLE_SPLITFS|boolean|false|`true`\|`false`|Enable having root partition on an USB drive by creating two image files: one for the `/boot/firmware` mount point, and another for `/`|
205 203 |ENABLE_INITRAMFS|boolean|false|`true`\|`false`|Create an initramfs that that will be loaded during the Linux startup process. `ENABLE_INITRAMFS` will automatically get enabled if `ENABLE_CRYPTFS`=true. This parameter will be ignored if `BUILD_KERNEL`=false|
206 204 |ENABLE_DBUS|boolean|true|`true`\|`false`|Install and enable D-Bus message bus. Please note that systemd should work without D-bus but it's recommended to be enabled|
207 205 |ENABLE_USBBOOT|boolean|false|`true`\|`false`|true=prepare image for usbboot. use with `ENABLE_SPLTFS`=true|
208 206 |CHROOT_SCRIPTS|string||`FullPathToScriptFolder`|Full path to a directory with scripts that should be run in the chroot before the image is finally built. Every executable file in this directory is run in lexicographical order|
209 207 |ENABLE_UBOOT|boolean|false|`true`\|`false`|Replace the default RPi 0/1/2/3 second stage bootloader (bootcode.bin) with [U-Boot bootloader](https://git.denx.de/?p=u-boot.git;a=summary). U-Boot can boot images via the network using the BOOTP/TFTP protocol. RPI4 needs tbd|
210 208 |UBOOTSRC_DIR|string||`FullPathToUBootFolder`|Full path to a directory named `u-boot` of [U-Boot bootloader sources](https://git.denx.de/?p=u-boot.git;a=summary) that will be copied, configured, build and installed inside the chroot|
211 209 |ENABLE_FBTURBO|boolean|false|`true`\|`false`|Install and enable the [hardware accelerated Xorg video driver](https://github.com/ssvb/xf86-video-fbturbo) `fbturbo`. Please note that this driver is currently limited to hardware accelerated window moving and scrolling|
212 210 |ENABLE_GR_ACCEL|boolean|false|`true`\|`false`|Install and enable [one of the 3D graphics accelerators for Raspi4](https://www.raspberrypi.org/documentation/configuration/config-txt/video.md) `vc4-fkms-v3d`. Not compatible with `fbturbo` mutually excluded and installed for Raspberry4 only|
213 211 |FBTURBOSRC_DIR|string||`FullPathToFbTurboFolder`|Full path to a directory named `xf86-video-fbturbo` of [hardware accelerated Xorg video driver sources](https://github.com/ssvb/xf86-video-fbturbo) that will be copied, configured, build and installed inside the chroot|
214 212 |ENABLE_VIDEOCORE|boolean|false|`true`\|`false`|Install and enable the [ARM side libraries for interfacing to Raspberry Pi GPU](https://github.com/raspberrypi/userland) `vcgencmd`. Please note that this driver is currently limited to hardware accelerated window moving and scrolling|
215 213 |VIDEOCORESRC_DIR|string||`FullPathToVideoSrcFolder`|Full path to a directory named `userland` of [ARM side libraries for interfacing to Raspberry Pi GPU](https://github.com/raspberrypi/userland) that will be copied, configured, build and installed inside the chroot|
216 214 |ENABLE_NEXMON|boolean|false|`true`\|`false`|Install and enable the source code for a C-based firmware patching framework for Broadcom/Cypress WiFi chips that enables you to write your own firmware patches, for example, to enable monitor mode with radiotap headers and frame injection](https://github.com/seemoo-lab/nexmon.git)|
217 215 |NEXMONSRC_DIR|string||`FullPathToNexmonFolder`|Full path to a directory named `nexmon` of [Source code for ARM side libraries for interfacing to Raspberry Pi GPU](https://github.com/raspberrypi/userland) that will be copied, configured, build and installed inside the chroot|
218 216
219 217 ---
220 218
221 219 #### SSH settings:
222 220
223 221 |Option|Value|default value|value format|desciption|
224 222 |---|---|---|---|---|
225 223 |SSH_ENABLE_ROOT|boolean|false|`true`\|`false`|Enable password-based root login via SSH. This may be a security risk with the default password set, use only in trusted environments. `ENABLE_ROOT` must be set to `true`|
226 224 |SSH_DISABLE_PASSWORD_AUTH|boolean|false|`true`\|`false`|Disable password-based SSH authentication. Only public key based SSH (v2) authentication will be supported|
227 225 |SSH_LIMIT_USERS|boolean|false|`true`\|`false`|Limit the users that are allowed to login via SSH. Only allow user `USER_NAME`=pi and root if `SSH_ENABLE_ROOT`=true to login. This parameter will be ignored if `dropbear` SSH is used (`REDUCE_SSHD`=true)|
228 226 |SSH_ROOT_PUB_KEY|string||`PathToYourROOT`<br>`RSAPublicKeyFile`|Full path to file. Add SSH (v2) public key(s) from specified file to `authorized_keys` file to enable public key based SSH (v2) authentication of user `root`. The specified file can also contain multiple SSH (v2) public keys. SSH protocol version 1 is not supported. `ENABLE_ROOT` **and** `SSH_ENABLE_ROOT` must be set to `true`|
229 227 |SSH_USER_PUB_KEY|string||`PathToYourUSER`<br>`RSAPublicKeyFile`|Full path to file. Add SSH (v2) public key(s) from specified file to `authorized_keys` file to enable public key based SSH (v2) authentication of user `USER_NAME`=pi. The specified file can also contain multiple SSH (v2) public keys. SSH protocol version 1 is not supported|
230 228
231 229 ---
232 230
233 231 #### Kernel settings:
234 232
235 233 |Option|Value|default value|value format|desciption|
236 234 |---|---|---|---|---|
237 235 |BUILD_KERNEL||true|`true`\|`false`|Build and install the latest RPi 0/1/2/3/4 Linux kernel. The default RPi 0/1/2/3/ kernel configuration is used most of the time. ENABLE_NEXMON - Changes Kernel Source to [https://github.com/Re4son/](Kali Linux Kernel) Precompiled 32bit kernel for RPI0/1/2/3 by [https://github.com/hypriot/](hypriot) Precompiled 64bit kernel for RPI3/4 by [https://github.com/sakaki-/](sakaki)|
238 236 |CROSS_COMPILE|string|||This sets the cross-compile environment for the compiler. Set by RPI_MODEL|
239 237 |KERNEL_ARCH|string|||This sets the kernel architecture for the compiler. Set by RPI_MODEL|
240 238 |KERNEL_IMAGE|string|||Name of the image file in the boot partition. Set by RPI_MODEL|
241 239 |KERNEL_BRANCH|string|||Name of the requested branch from the GIT location for the RPi Kernel. Default is using the current default branch from the GIT site|
242 240 |KERNEL_DEFCONFIG|string|||Sets the default config for kernel compiling. Set by RPI_MODEL|
243 241 |KERNEL_THREADS|integer|1|`1`\|`2`\|`3`\|...|Number of threads to build the kernel. If not set, the script will automatically determine the maximum number of CPU cores to speed up kernel compilation|
244 242 |KERNEL_HEADERS|boolean|true|`true`\|`false`|Install kernel headers with the built kernel|
245 243 |KERNEL_MENUCONFIG|boolean|false|`true`\|`false`|Start `make menuconfig` interactive menu-driven kernel configuration. The script will continue after `make menuconfig` was terminated|
246 244 |KERNEL_OLDDEFCONFIG|boolean|false|`true`\|`false`|Run `make olddefconfig` to automatically set all new kernel configuration options to their recommended default values|
247 245 |KERNEL_CCACHE|boolean|false|`true`\|`false`|Compile the kernel using ccache. This speeds up kernel recompilation by caching previous compilations and detecting when the same compilation is being done again|
248 246 |KERNEL_REMOVESRC|boolean|true|`true`\|`false`|Remove all kernel sources from the generated OS image after it was built and installed|
249 247 |KERNELSRC_DIR|string||`FullPathToKernelSrcDir`|Full path to a directory named `linux` of [RaspberryPi Linux kernel sources](https://github.com/raspberrypi/linux) that will be copied, configured, build and installed inside the chroot|
250 248 |KERNELSRC_CLEAN|boolean|false|`true`\|`false`|Clean the existing kernel sources directory `KERNELSRC_DIR` (using `make mrproper`) after it was copied to the chroot and before the compilation of the kernel has started. This parameter will be ignored if no `KERNELSRC_DIR` was specified or if `KERNELSRC_PREBUILT`=true|
251 249 |KERNELSRC_CONFIG|boolean|true|`true`\|`false`|true=enable custom kernel options. This parameter is automatically set to `true` if no existing kernel sources directory was specified using `KERNELSRC_DIR`. This parameter is ignored if `KERNELSRC_PREBUILT`=true|
252 250 |KERNELSRC_USRCONFIG|string||`FullPathToUserKernel.config`|Copy own config file to kernel `.config`. If `KERNEL_MENUCONFIG`=true then running after copy|
253 251 |KERNELSRC_PREBUILT|boolean|false|`true`\|`false`|With this parameter set to true the script expects the existing kernel sources directory to be already successfully cross-compiled. The parameters `KERNELSRC_CLEAN`, `KERNELSRC_CONFIG`, `KERNELSRC_USRCONFIG` and `KERNEL_MENUCONFIG` are ignored and no kernel compilation tasks are performed|
254 252 |RPI_FIRMWARE_DIR|string||`FullPathToFolder`|Full path to a directory named `firmware`, containing a local copy of the firmware from the [RaspberryPi firmware project](https://github.com/raspberrypi/firmware). Default is to download the latest firmware directly from the project|
255 253 |KERNEL_DEFAULT_GOV|string|ondemand|`performance`\|`powersave`<br>\|`userspace`\|`ondemand`<br>\|`conservative`\|`schedutil`|Set the default cpu governor at kernel compilation|
256 254 |KERNEL_NF|boolean|false|`true`\|`false`|Enable Netfilter modules as kernel modules. You want that for iptables|
257 255 |KERNEL_VIRT|boolean|false|`true`\|`false`|Enable Kernel KVM support (/dev/kvm)|
258 256 |KERNEL_ZSWAP|boolean|false|`true`\|`false`|Enable Kernel Zswap support. Best use on high RAM load and mediocre CPU load usecases|
259 257 |KERNEL_BPF|boolean|true|`true`\|`false`|Allow attaching eBPF programs to a cgroup using the bpf syscall (CONFIG_BPF_SYSCALL CONFIG_CGROUP_BPF) [systemd wants it - File /lib/systemd/system/systemd-journald.server:36 configures an IP firewall (IPAddressDeny=all), but the local system does not support BPF/cgroup based firewalls]|
260 258 |KERNEL_SECURITY|boolean|false|`true`\|`false`|Enables Apparmor, integrity subsystem, auditing|
261 259 |KERNEL_BTRFS|boolean|false|`true`\|`false`|enable btrfs kernel support|
262 260 |KERNEL_POEHAT|boolean|false|`true`\|`false`|enable Enable RPI POE HAT fan kernel support|
263 261 |KERNEL_NSPAWN|boolean|false|`true`\|`false`|Enable per-interface network priority control - for systemd-nspawn|
264 262 |KERNEL_DHKEY|boolean|true|`true`\|`false`|Diffie-Hellman operations on retained keys - required for >keyutils-1.6|
265 263
266 264 ---
267 265
268 266 #### Reduce disk usage:
269 267 The following list of parameters is ignored if `ENABLE_REDUCE`=false.
270 268
271 269 |Option|Value|default value|value format|desciption|
272 270 |---|---|---|---|---|
273 271 |ENABLE_REDUCE|boolean|false|`true`\|`false`|Reduce the disk space usage by deleting packages and files. See `REDUCE_*` parameters for detailed information|
274 272 |REDUCE_APT|boolean|true|`true`\|`false`|Configure APT to use compressed package repository lists and no package caching files|
275 273 |REDUCE_DOC|boolean|false|`true`\|`false`|Remove all doc files (harsh). Configure APT to not include doc files on future `apt-get` package installations|
276 274 |REDUCE_MAN|boolean|false|`true`\|`false`|Remove all man pages and info files (harsh). Configure APT to not include man pages on future `apt-get` package installations|
277 275 |REDUCE_VIM|boolean|false|`true`\|`false`|Replace `vim-tiny` package by `levee` a tiny vim clone|
278 276 |REDUCE_BASH|boolean|false|`true`\|`false`|Remove `bash` package and switch to `dash` shell (experimental)|
279 277 |REDUCE_HWDB|boolean|false|`true`\|`false`|Remove PCI related hwdb files (experimental)|
280 278 |REDUCE_SSHD|boolean|false|`true`\|`false`|Replace `openssh-server` with `dropbear`|
281 279 |REDUCE_LOCALE|boolean|false|`true`\|`false`|Remove all `locale` translation files|
282 280 |REDUCE_KERNEL|boolean|false|`true`\|`false`|Reduce the size of the generated kernel by removing unwanted devices, network and filesystem drivers (experimental)|
283 281 ---
284 282
285 283 #### Encrypted root partition:
286 284 #### On first boot, you will be asked to enter you password several time
287 285 #### See cryptsetup options for a more information about opttion values(https://wiki.archlinux.org/index.php/Dm-crypt/Device_encryption)
288 286
289 287 |Option|Value|default value|value format|desciption|
290 288 |---|---|---|---|---|
291 289 |ENABLE_CRYPTFS|boolean|false|`true`\|`false`|Enable full system encryption with dm-crypt. Setup a fully LUKS encrypted root partition (aes-xts-plain64:sha512) and generate required initramfs. The /boot directory will not be encrypted. This parameter will be ignored if `BUILD_KERNEL`=false. `ENABLE_CRYPTFS` is experimental|
292 290 |CRYPTFS_PASSWORD|string||`YourPasswordToUnlockCrypto`|Set password of the encrypted root partition. This parameter is mandatory if `ENABLE_CRYPTFS`=true|
293 291 |CRYPTFS_MAPPING|string|secure|`YourDevMNapperName`|crypsetup device-mapper name|
294 292 |CRYPTFS_CIPHER|string|aes-xts-plain64|`aes-cbc-essiv:sha256`|cryptsetup cipher `aes-xts*` ciphers are strongly recommended|
295 293 |CRYPTFS_HASH|string|sha256|`sha256`\|`sha512`|cryptsetup hash algorithm|
296 294 |CRYPTFS_XTSKEYSIZE|integer|256|`256`\|`512`||Sets key size in bits. The argument has to be a multiple of 8|
297 295 |CRYPTFS_DROPBEAR|boolean|false|`true`\|`false`|true=Enable Dropbear Initramfs support\|false=disable dropbear|
298 296 |CRYPTFS_DROPBEAR_PUBKEY|string||`PathToYourPublicDropbearKeyFile`|Full path to dropbear Public RSA-OpenSSH Key|
299 297
300 298 ---
301 299
302 300 #### Build settings:
303 301 |Option|Value|default value|value format|desciption|
304 302 |---|---|---|---|---|
305 303 |BASEDIR|string||`FullPathToScriptRootDir`|If unset start from scriptroot or set to Full path to rpi123-gen-image directory|
306 304 |IMAGE_NAME|string||`YourImageName`|if unset creates a name after this template: rpi`RPI_MODEL`-`RELEASE`-`RELEASE_ARCH`|
307 305
308 306 ---
309 307
310 308 ## Understanding the script
311 309 The functions of this script that are required for the different stages of the bootstrapping are split up into single files located inside the `bootstrap.d` directory. During the bootstrapping every script in this directory gets executed in lexicographical order:
312 310
313 311 | Script | Description |
314 312 | --- | --- |
315 313 | `10-bootstrap.sh` | Debootstrap basic system |
316 314 | `11-apt.sh` | Setup APT repositories |
317 315 | `12-locale.sh` | Setup Locales and keyboard settings |
318 316 | `13-kernel.sh` | Build and install RPi 0/1/2/3 Kernel |
319 317 | `14-fstab.sh` | Setup fstab and initramfs |
320 318 | `15-rpi-config.sh` | Setup RPi 0/1/2/3 config and cmdline |
321 319 | `20-networking.sh` | Setup Networking |
322 320 | `21-firewall.sh` | Setup Firewall |
323 321 | `30-security.sh` | Setup Users and Security settings |
324 322 | `31-logging.sh` | Setup Logging |
325 323 | `32-sshd.sh` | Setup SSH and public keys |
326 324 | `41-uboot.sh` | Build and Setup U-Boot |
327 325 | `42-fbturbo.sh` | Build and Setup fbturbo Xorg driver |
328 326 | `43-videocore.sh` | Build and Setup videocore libraries |
329 327 | `50-firstboot.sh` | First boot actions |
330 328 | `99-reduce.sh` | Reduce the disk space usage |
331 329
332 330 All the required configuration files that will be copied to the generated OS image are located inside the `files` directory. It is not recommended to modify these configuration files manually.
333 331
334 332 | Directory | Description |
335 333 | --- | --- |
336 334 | `apt` | APT management configuration files |
337 335 | `boot` | Boot and RPi 0/1/2/3 configuration files |
338 336 | `dpkg` | Package Manager configuration |
339 337 | `etc` | Configuration files and rc scripts |
340 338 | `firstboot` | Scripts that get executed on first boot |
341 339 | `initramfs` | Initramfs scripts |
342 340 | `iptables` | Firewall configuration files |
343 341 | `locales` | Locales configuration |
344 342 | `modules` | Kernel Modules configuration |
345 343 | `mount` | Fstab configuration |
346 344 | `network` | Networking configuration files |
347 345 | `sysctl.d` | Swapping and Network Hardening configuration |
348 346 | `xorg` | fbturbo Xorg driver configuration |
349 347
350 348 ## Custom packages and scripts
351 349 Debian custom packages, i.e. those not in the debian repositories, can be installed by placing them in the `packages` directory. They are installed immediately after packages from the repositories are installed. Any dependencies listed in the custom packages will be downloaded automatically from the repositories. Do not list these custom packages in `APT_INCLUDES`.
352 350
353 351 Scripts in the custom.d directory will be executed after all other installation is complete but before the image is created.
354 352
355 353 ## Logging of the bootstrapping process
356 354 All information related to the bootstrapping process and the commands executed by the `rpi23-gen-image.sh` script can easily be saved into a logfile. The common shell command `script` can be used for this purpose:
357 355
358 356 ```shell
359 357 script -c 'APT_SERVER=ftp.de.debian.org ./rpi23-gen-image.sh' ./build.log
360 358 ```
361 359
362 360 ## Flashing the image file
363 361 After the image file was successfully created by the `rpi23-gen-image.sh` script it can be copied to the microSD card that will be used by the RPi 0/1/2/3 computer. This can be performed by using the tools `bmaptool` or `dd`. Using `bmaptool` will probably speed-up the copy process because `bmaptool` copies more wisely than `dd`.
364 362
365 363 ##### Flashing examples:
366 364 ```shell
367 365 bmaptool copy ./images/buster/2017-01-23-rpi3-buster.img /dev/mmcblk0
368 366 dd bs=4M if=./images/buster/2017-01-23-rpi3-buster.img of=/dev/mmcblk0
369 367 ```
370 368 If you have set `ENABLE_SPLITFS`, copy the `-frmw` image on the microSD card, then the `-root` one on the USB drive:
371 369 ```shell
372 370 bmaptool copy ./images/buster/2017-01-23-rpi3-buster-frmw.img /dev/mmcblk0
373 371 bmaptool copy ./images/buster/2017-01-23-rpi3-buster-root.img /dev/sdc
374 372 ```
375 373
376 374 ## QEMU emulation
377 375 Start QEMU full system emulation:
378 376 ```shell
379 377 qemu-system-arm -m 2048M -M vexpress-a15 -cpu cortex-a15 -kernel kernel7.img -no-reboot -dtb vexpress-v2p-ca15_a7.dtb -sd ${IMAGE_NAME}.qcow2 -append "root=/dev/mmcblk0p2 rw rootfstype=ext4 console=tty1"
380 378 ```
381 379
382 380 Start QEMU full system emulation and output to console:
383 381 ```shell
384 382 qemu-system-arm -m 2048M -M vexpress-a15 -cpu cortex-a15 -kernel kernel7.img -no-reboot -dtb vexpress-v2p-ca15_a7.dtb -sd ${IMAGE_NAME}.qcow2 -append "root=/dev/mmcblk0p2 rw rootfstype=ext4 console=ttyAMA0,115200 init=/bin/systemd" -serial stdio
385 383 ```
386 384
387 385 Start QEMU full system emulation with SMP and output to console:
388 386 ```shell
389 387 qemu-system-arm -m 2048M -M vexpress-a15 -cpu cortex-a15 -smp cpus=2,maxcpus=2 -kernel kernel7.img -no-reboot -dtb vexpress-v2p-ca15_a7.dtb -sd ${IMAGE_NAME}.qcow2 -append "root=/dev/mmcblk0p2 rw rootfstype=ext4 console=ttyAMA0,115200 init=/bin/systemd" -serial stdio
390 388 ```
391 389
392 390 Start QEMU full system emulation with cryptfs, initramfs and output to console:
393 391 ```shell
394 392 qemu-system-arm -m 2048M -M vexpress-a15 -cpu cortex-a15 -kernel kernel7.img -no-reboot -dtb vexpress-v2p-ca15_a7.dtb -sd ${IMAGE_NAME}.qcow2 -initrd "initramfs-${KERNEL_VERSION}" -append "root=/dev/mapper/secure cryptdevice=/dev/mmcblk0p2:secure rw rootfstype=ext4 console=ttyAMA0,115200 init=/bin/systemd" -serial stdio
395 393 ```
396 394
397 395 ## External links and references
398 396 * [Debian worldwide mirror sites](https://www.debian.org/mirror/list)
399 397 * [Debian Raspberry Pi 2 Wiki](https://wiki.debian.org/RaspberryPi2)
400 398 * [Debian CrossToolchains Wiki](https://wiki.debian.org/CrossToolchains)
401 399 * [Official Raspberry Pi Firmware on github](https://github.com/raspberrypi/firmware)
402 400 * [Official Raspberry Pi Kernel on github](https://github.com/raspberrypi/linux)
403 401 * [U-BOOT git repository](https://git.denx.de/?p=u-boot.git;a=summary)
404 402 * [Xorg DDX driver fbturbo](https://github.com/ssvb/xf86-video-fbturbo)
405 403 * [RPi3 Wireless interface firmware](https://github.com/RPi-Distro/firmware-nonfree/tree/master/brcm)
406 404 * [Collabora RPi2 Kernel precompiled](https://repositories.collabora.co.uk/debian/)
Show file before | Show file after | Hide comments
@@ -1,42 +1,49
1 1 #
2 2 # Debootstrap basic system
3 3 #
4 4
5 5 # Load utility functions
6 6 . ./functions.sh
7 7
8 8 VARIANT=""
9 9 COMPONENTS="main"
10 10
11 11 # Use non-free Debian packages if needed
12 12 # One use variable which is only needed by wifi firmware blob => reworked to use non free in /etc/apt/sources.list - we could just use ENABLE_WIRELESS here
13 13 if [ "$ENABLE_WIRELESS" = true ] ; then
14 14 COMPONENTS="main,non-free,contrib"
15 15 fi
16 16
17 17 # Use minbase bootstrap variant which only includes essential packages
18 18 if [ "$ENABLE_MINBASE" = true ] ; then
19 19 VARIANT="--variant=minbase"
20 20 fi
21 21
22
23 # Exclude packages if required by Debian release
24 #if [ "$RELEASE" = "stretch" ] || [ "$RELEASE" = "buster" ] ; then
25 # APT_EXCLUDES="--exclude=init,systemd-sysv"
26 #fi
27
28
22 29 # Base debootstrap (unpack only)
23 30 http_proxy=${APT_PROXY} debootstrap ${APT_EXCLUDES} --arch="${RELEASE_ARCH}" --foreign ${VARIANT} --components="${COMPONENTS}" --include="${APT_INCLUDES}" "${RELEASE}" "${R}" "http://${APT_SERVER}/debian"
24 31
25 32 # Copy qemu emulator binary to chroot
26 33 install -m 755 -o root -g root "${QEMU_BINARY}" "${R}${QEMU_BINARY}"
27 34
28 35 # Copy debian-archive-keyring.pgp
29 36 mkdir -p "${R}/usr/share/keyrings"
30 37 install_readonly /usr/share/keyrings/debian-archive-keyring.gpg "${R}/usr/share/keyrings/debian-archive-keyring.gpg"
31 38
32 39 # Complete the bootstrapping process
33 40 chroot_exec /debootstrap/debootstrap --second-stage
34 41
35 42 # Mount required filesystems
36 43 mount -t proc none "${R}/proc"
37 44 mount -t sysfs none "${R}/sys"
38 45
39 46 # Mount pseudo terminal slave if supported by Debian release
40 47 if [ -d "${R}/dev/pts" ] ; then
41 48 mount --bind /dev/pts "${R}/dev/pts"
42 49 fi
Show file before | Show file after | Hide comments
@@ -1,54 +1,54
1 1 #
2 2 # Setup APT repositories
3 3 #
4 4
5 5 # Load utility functions
6 6 . ./functions.sh
7 7
8 8 # Install and setup APT proxy configuration
9 9 if [ -z "$APT_PROXY" ] ; then
10 10 install_readonly files/apt/10proxy "${ETC_DIR}/apt/apt.conf.d/10proxy"
11 11 sed -i "s/\"\"/\"${APT_PROXY}\"/" "${ETC_DIR}/apt/apt.conf.d/10proxy"
12 12 fi
13 13
14 14 # Install APT sources.list
15 15 install_readonly files/apt/sources.list "${ETC_DIR}/apt/sources.list"
16 16
17 17 # Use specified APT server and release
18 18 sed -i "s/\/ftp.debian.org\//\/${APT_SERVER}\//" "${ETC_DIR}/apt/sources.list"
19 19
20 #Fix for changing path for security updates in testing/bullseye
20 #Fix for changing path for security updates in testing
21 21 if [ "$RELEASE" = "testing" ] ; then
22 22 sed -i "s,buster\\/updates,testing-security," "${ETC_DIR}/apt/sources.list"
23 23 sed -i "s/ buster/ ${RELEASE}/" "${ETC_DIR}/apt/sources.list"
24 24 fi
25 25
26 26 if [ "$ENABLE_NONFREE" = "true" ] ; then
27 27 sed -i "s,main contrib,main contrib non-free," "${ETC_DIR}/apt/sources.list"
28 28 fi
29 29
30 30 if [ -z "$RELEASE" ] ; then
31 31 # Change release in sources list
32 32 sed -i "s/ buster/ ${RELEASE}/" "${ETC_DIR}/apt/sources.list"
33 33 fi
34 34
35 35 # Upgrade package index and update all installed packages and changed dependencies
36 36 chroot_exec apt-get -qq -y update
37 37 chroot_exec apt-get -qq -y -u dist-upgrade
38 38
39 39 # Install additional packages
40 40 if [ "$APT_INCLUDES_LATE" ] ; then
41 41 chroot_exec apt-get -qq -y install $(echo "$APT_INCLUDES_LATE" |tr , ' ')
42 42 fi
43 43
44 44 # Install Debian custom packages
45 45 if [ -d packages ] ; then
46 46 for package in packages/*.deb ; do
47 47 cp "$package" "${R}"/tmp
48 48 chroot_exec dpkg --unpack /tmp/"$(basename "$package")"
49 49 done
50 50 fi
51 51
52 52 chroot_exec apt-get -qq -y -f install
53 53
54 54 chroot_exec apt-get -qq -y check
Show file before | Show file after | Hide comments
@@ -1,189 +1,189
1 1 #
2 2 # Setup Networking
3 3 #
4 4
5 5 # Load utility functions
6 6 . ./functions.sh
7 7
8 8 # Install and setup hostname
9 9 install_readonly files/network/hostname "${ETC_DIR}/hostname"
10 10 sed -i "s/^RaspberryPI/${HOSTNAME}/" "${ETC_DIR}/hostname"
11 11
12 12 # Install and setup hosts
13 13 install_readonly files/network/hosts "${ETC_DIR}/hosts"
14 14 sed -i "s/RaspberryPI/${HOSTNAME}/" "${ETC_DIR}/hosts"
15 15
16 16 # Ensure /etc/systemd/network directory is available
17 17 mkdir -p "${ETC_DIR}/systemd/network"
18 18
19 19 # Setup hostname entry with static IP
20 20 if [ "$NET_ETH_ADDRESS" != "" ] ; then
21 21 NET_IP=$(echo "${NET_ETH_ADDRESS}" | cut -f 1 -d'/')
22 22 sed -i "s/^127.0.1.1/${NET_IP}/" "${ETC_DIR}/hosts"
23 23 fi
24 24
25 25 # Remove IPv6 hosts
26 26 if [ "$ENABLE_IPV6" = false ] ; then
27 27 sed -i -e "/::[1-9]/d" -e "/^$/d" "${ETC_DIR}/hosts"
28 28 fi
29 29
30 30 # Install hint about network configuration
31 31 install_readonly files/network/interfaces "${ETC_DIR}/network/interfaces"
32 32
33 33 # Install configuration for interface eth0
34 34 install_readonly files/network/eth0.network "${ETC_DIR}/systemd/network/eth0.network"
35 35
36 36 if [ "$RPI_MODEL" = 3P ] ; then
37 37 printf "\n[Link]\nGenericReceiveOffload=off\nTCPSegmentationOffload=off\nGenericSegmentationOffload=off" >> "${ETC_DIR}/systemd/network/eth0.network"
38 38 fi
39 39
40 40 # Install configuration for interface wl*
41 41 install_readonly files/network/wlan0.network "${ETC_DIR}/systemd/network/wlan0.network"
42 42
43 43 #always with dhcp since wpa_supplicant integration is missing
44 44 sed -i -e "s/DHCP=.*/DHCP=yes/" -e "/DHCP/q" "${ETC_DIR}/systemd/network/wlan0.network"
45 45
46 46 if [ "$ENABLE_ETH_DHCP" = true ] ; then
47 47 # Enable DHCP configuration for interface eth0
48 48 sed -i -e "s/DHCP=.*/DHCP=yes/" -e "/DHCP/q" "${ETC_DIR}/systemd/network/eth0.network"
49 49
50 50 # Set DHCP configuration to IPv4 only
51 51 if [ "$ENABLE_IPV6" = false ] ; then
52 52 sed -i "s/DHCP=.*/DHCP=v4/" "${ETC_DIR}/systemd/network/eth0.network"
53 53 sed '/IPv6PrivacyExtensions=true/d' "${ETC_DIR}/systemd/network/eth0.network"
54 54 fi
55 55
56 56 else # ENABLE_ETH_DHCP=false
57 57 # Set static network configuration for interface eth0
58 58 if [ -n NET_ETH_ADDRESS ] && [ -n NET_ETH_GATEWAY ] && [ -n NET_ETH_DNS_1 ] ; then
59 59 sed -i\
60 60 -e "s|DHCP=.*|DHCP=no|"\
61 61 -e "s|Address=\$|Address=${NET_ETH_ADDRESS}|"\
62 62 -e "s|Gateway=\$|Gateway=${NET_ETH_GATEWAY}|"\
63 63 -e "0,/DNS=\$/ s|DNS=\$|DNS=${NET_ETH_DNS_1}|"\
64 64 -e "0,/DNS=\$/ s|DNS=\$|DNS=${NET_ETH_DNS_2}|"\
65 65 -e "s|Domains=\$|Domains=${NET_ETH_DNS_DOMAINS}|"\
66 66 -e "0,/NTP=\$/ s|NTP=\$|NTP=${NET_ETH_NTP_1}|"\
67 67 -e "0,/NTP=\$/ s|NTP=\$|NTP=${NET_ETH_NTP_2}|"\
68 68 "${ETC_DIR}/systemd/network/eth0.network"
69 69 fi
70 70 fi
71 71
72 72
73 73 if [ "$ENABLE_WIRELESS" = true ] ; then
74 74 mkdir -p "${ETC_DIR}/wpa_supplicant"
75 75 if [ "$ENABLE_WIFI_DHCP" = true ] ; then
76 76 # Enable DHCP configuration for interface eth0
77 77 sed -i -e "s/DHCP=.*/DHCP=yes/" -e "/DHCP/q" "${ETC_DIR}/systemd/network/wlan0.network"
78 78
79 79 # Set DHCP configuration to IPv4 only
80 80 if [ "$ENABLE_IPV6" = false ] ; then
81 81 sed -i "s/DHCP=.*/DHCP=v4/" "${ETC_DIR}/systemd/network/wlan0.network"
82 82 sed '/IPv6PrivacyExtensions=true/d' "${ETC_DIR}/systemd/network/wlan0.network"
83 83 fi
84 84
85 85 else # ENABLE_WIFI_DHCP=false
86 86 # Set static network configuration for interface eth0
87 87 if [ -n NET_WIFI_ADDRESS ] && [ -n NET_WIFI_GATEWAY ] && [ -n NET_WIFI_DNS_1 ] ; then
88 88 sed -i\
89 89 -e "s|DHCP=.*|DHCP=no|"\
90 90 -e "s|Address=\$|Address=${NET_WIFI_ADDRESS}|"\
91 91 -e "s|Gateway=\$|Gateway=${NET_WIFI_GATEWAY}|"\
92 92 -e "0,/DNS=\$/ s|DNS=\$|DNS=${NET_WIFI_DNS_1}|"\
93 93 -e "0,/DNS=\$/ s|DNS=\$|DNS=${NET_WIFI_DNS_2}|"\
94 94 -e "s|Domains=\$|Domains=${NET_WIFI_DNS_DOMAINS}|"\
95 95 -e "0,/NTP=\$/ s|NTP=\$|NTP=${NET_WIFI_NTP_1}|"\
96 96 -e "0,/NTP=\$/ s|NTP=\$|NTP=${NET_WIFI_NTP_2}|"\
97 97 "${ETC_DIR}/systemd/network/wlan0.network"
98 98 fi
99 99 fi
100 100
101 101 if [ ! -z "$NET_WIFI_SSID" ] && [ ! -z "$NET_WIFI_PSK" ] ; then
102 102 chroot_exec printf "
103 103 ctrl_interface=/run/wpa_supplicant
104 104 update_config=1
105 105 eapol_version=1
106 106 ap_scan=1
107 107 fast_reauth=1
108 108
109 109 " > "${ETC_DIR}/wpa_supplicant/wpa_supplicant-wlan0.conf"
110 110
111 111 #Configure WPA_supplicant
112 112 chroot_exec wpa_passphrase "$NET_WIFI_SSID" "$NET_WIFI_PSK" >> "${ETC_DIR}/wpa_supplicant/wpa_supplicant-wlan0.conf"
113 113
114 114 chroot_exec systemctl enable wpa_supplicant.service
115 115 chroot_exec systemctl enable wpa_supplicant@wlan0.service
116 116 fi
117 117 # Remove empty settings from wlan configuration
118 118 sed -i "/.*=\$/d" "${ETC_DIR}/systemd/network/wlan0.network"
119 119 # If WLAN is enabled copy wlan configuration too
120 120 mv -v "${ETC_DIR}/systemd/network/wlan0.network" "${LIB_DIR}/systemd/network/11-wlan0.network"
121 121 fi
122 122
123 123 # Remove empty settings from network configuration
124 124 sed -i "/.*=\$/d" "${ETC_DIR}/systemd/network/eth0.network"
125 125
126 126 # Move systemd network configuration if required by Debian release
127 127 mv -v "${ETC_DIR}/systemd/network/eth0.network" "${LIB_DIR}/systemd/network/10-eth0.network"
128 128
129 129 #Clean up
130 130 rm -fr "${ETC_DIR}/systemd/network"
131 131
132 132 # Enable systemd-networkd service
133 133 chroot_exec systemctl enable systemd-networkd
134 134
135 135 # Install host.conf resolver configuration
136 136 install_readonly files/network/host.conf "${ETC_DIR}/host.conf"
137 137
138 138 # Enable network stack hardening
139 139 if [ "$ENABLE_HARDNET" = true ] ; then
140 140 # Install sysctl.d configuration files
141 141 install_readonly files/sysctl.d/82-rpi-net-hardening.conf "${ETC_DIR}/sysctl.d/82-rpi-net-hardening.conf"
142 142
143 143 # Setup resolver warnings about spoofed addresses
144 144 sed -i "s/^# spoof warn/spoof warn/" "${ETC_DIR}/host.conf"
145 145 fi
146 146
147 147 # Enable time sync
148 148 if [ "$NET_NTP_1" != "" ] ; then
149 149 chroot_exec systemctl enable systemd-timesyncd.service
150 150 fi
151 151
152 152 # Download the firmware binary blob required to use the RPi3 wireless interface
153 153 if [ "$ENABLE_WIRELESS" = true ] ; then
154 154 if [ ! -d "${WLAN_FIRMWARE_DIR}" ] ; then
155 155 mkdir -p "${WLAN_FIRMWARE_DIR}"
156 156 fi
157 157
158 158 # Create temporary directory for firmware binary blob
159 159 temp_dir=$(as_nobody mktemp -d)
160 160
161 # Fetch firmware binary blob for RPI3B+
161 # Fetch firmware binary blob for RPI3B+ or Pi4
162 162 if [ "$RPI_MODEL" = 3P ] || [ "$RPI_MODEL" = 4 ] ; then
163 163 # Fetch firmware binary blob for RPi3P
164 164 as_nobody wget -q -O "${temp_dir}/brcmfmac43455-sdio.bin" "${WLAN_FIRMWARE_URL}/brcmfmac43455-sdio.bin"
165 165 as_nobody wget -q -O "${temp_dir}/brcmfmac43455-sdio.txt" "${WLAN_FIRMWARE_URL}/brcmfmac43455-sdio.txt"
166 166 as_nobody wget -q -O "${temp_dir}/brcmfmac43455-sdio.clm_blob" "${WLAN_FIRMWARE_URL}/brcmfmac43455-sdio.clm_blob"
167 167
168 168 # Move downloaded firmware binary blob
169 169 mv "${temp_dir}/brcmfmac43455-sdio."* "${WLAN_FIRMWARE_DIR}/"
170 170
171 171 # Set permissions of the firmware binary blob
172 172 chown root:root "${WLAN_FIRMWARE_DIR}/brcmfmac43455-sdio."*
173 173 chmod 600 "${WLAN_FIRMWARE_DIR}/brcmfmac43455-sdio."*
174 174 elif [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 0 ] ; then
175 175 # Fetch firmware binary blob for RPi3
176 176 as_nobody wget -q -O "${temp_dir}/brcmfmac43430-sdio.bin" "${WLAN_FIRMWARE_URL}/brcmfmac43430-sdio.bin"
177 177 as_nobody wget -q -O "${temp_dir}/brcmfmac43430-sdio.txt" "${WLAN_FIRMWARE_URL}/brcmfmac43430-sdio.txt"
178 178
179 179 # Move downloaded firmware binary blob
180 180 mv "${temp_dir}/brcmfmac43430-sdio."* "${WLAN_FIRMWARE_DIR}/"
181 181
182 182 # Set permissions of the firmware binary blob
183 183 chown root:root "${WLAN_FIRMWARE_DIR}/brcmfmac43430-sdio."*
184 184 chmod 600 "${WLAN_FIRMWARE_DIR}/brcmfmac43430-sdio."*
185 185 fi
186 186
187 187 # Remove temporary directory for firmware binary blob
188 188 rm -fr "${temp_dir}"
189 189 fi
Show file before | Show file after | Hide comments
@@ -1,116 +1,122
1 1 # This file contains utility functions used by rpi23-gen-image.sh
2 2
3 3 cleanup (){
4 4 set +x
5 5 set +e
6 6
7 7 # Remove exports from nexmon
8 8 unset KERNEL
9 9 unset ARCH
10 10 unset SUBARCH
11 11 unset CCPLUGIN
12 12 unset ZLIBFLATE
13 13 unset Q
14 14 unset NEXMON_SETUP_ENV
15 15 unset HOSTUNAME
16 16 unset PLATFORMUNAME
17 17
18 18 # Identify and kill all processes still using files
19 19 echo "killing processes using mount point ..."
20 20 fuser -k "${R}"
21 21 sleep 3
22 22 fuser -9 -k -v "${R}"
23 23
24 24 # Clean up temporary .password file
25 25 if [ -r ".password" ] ; then
26 26 shred -zu .password
27 27 fi
28 28
29 29 # Clean up all temporary mount points
30 30 echo "removing temporary mount points ..."
31 31 umount -l "${R}/proc" 2> /dev/null
32 32 umount -l "${R}/sys" 2> /dev/null
33 33 umount -l "${R}/dev/pts" 2> /dev/null
34 34 umount "$BUILDDIR/mount/boot/firmware" 2> /dev/null
35 35 umount "$BUILDDIR/mount" 2> /dev/null
36 36 cryptsetup close "${CRYPTFS_MAPPING}" 2> /dev/null
37 37 losetup -d "$ROOT_LOOP" 2> /dev/null
38 38 losetup -d "$FRMW_LOOP" 2> /dev/null
39 39 trap - 0 1 2 3 6
40 40 }
41 41
42 42 chroot_exec() {
43 43 # Exec command in chroot
44 44 LANG=C LC_ALL=C DEBIAN_FRONTEND=noninteractive chroot "${R}" "$@"
45 45 }
46 46
47 47 as_nobody() {
48 48 # Exec command as user nobody
49 49 sudo -E -u nobody LANG=C LC_ALL=C "$@"
50 50 }
51 51
52 52 install_readonly() {
53 53 # Install file with user read-only permissions
54 54 install -o root -g root -m 644 "$@"
55 55 }
56 56
57 57 install_exec() {
58 58 # Install file with root exec permissions
59 59 install -o root -g root -m 744 "$@"
60 60 }
61 61
62 62 use_template () {
63 63 # Test if configuration template file exists
64 64 if [ ! -r "./templates/${CONFIG_TEMPLATE}" ] ; then
65 65 echo "error: configuration template ${CONFIG_TEMPLATE} not found"
66 66 exit 1
67 67 fi
68 68
69 69 # Load template configuration parameters
70 70 . "./templates/${CONFIG_TEMPLATE}"
71 71 }
72 72
73 73 chroot_install_cc() {
74 74 # Install c/c++ build environment inside the chroot
75 75 if [ -z "${COMPILER_PACKAGES}" ] ; then
76 76 COMPILER_PACKAGES=$(chroot_exec apt-get -s install g++ make bc | grep "^Inst " | awk -v ORS=" " '{ print $2 }')
77 # Install COMPILER_PACKAGES in chroot - NEVER do "${COMPILER_PACKAGES}" -> breaks uboot
77
78
79 if [ "$RELEASE" = "stretch" ] || [ "$RELEASE" = "buster" ] || [ "$RELEASE" = "bullseye" ] ; then
80 chroot_exec apt-get -q -y --no-install-recommends install ${COMPILER_PACKAGES}
81 elif [ "$RELEASE" = "buster" ] || [ "$RELEASE" = "bullseye" ] ; then
78 82 chroot_exec apt-get -q -y --allow-unauthenticated --no-install-recommends install ${COMPILER_PACKAGES}
79 83 fi
84
85 fi
80 86 }
81 87
82 88 chroot_remove_cc() {
83 89 # Remove c/c++ build environment from the chroot
84 90 if [ -n "${COMPILER_PACKAGES}" ] ; then
85 91 chroot_exec apt-get -qq -y --auto-remove purge ${COMPILER_PACKAGES}
86 92 COMPILER_PACKAGES=""
87 93 fi
88 94 }
89 95
90 96 # https://serverfault.com/a/682849 - converts e.g. /24 to 255.255.255.0
91 97 cdr2mask ()
92 98 {
93 99 # Number of args to shift, 255..255, first non-255 byte, zeroes
94 100 set -- $(( 5 - ($1 / 8) )) 255 255 255 255 $(( (255 << (8 - ($1 % 8))) & 255 )) 0 0 0
95 101 [ $1 -gt 1 ] && shift $1 || shift
96 102 echo ${1-0}.${2-0}.${3-0}.${4-0}
97 103 }
98 104
99 105 # GPL v2.0 - #https://github.com/sakaki-/bcmrpi3-kernel-bis/blob/master/conform_config.sh
100 106 set_kernel_config() {
101 107 # flag as $1, value to set as $2, config must exist at "./.config"
102 108 TGT="CONFIG_${1#CONFIG_}"
103 109 REP="${2}"
104 110 if grep -q "^${TGT}[^_]" .config; then
105 111 sed -i "s/^\(${TGT}=.*\|# ${TGT} is not set\)/${TGT}=${REP}/" .config
106 112 else
107 113 echo "${TGT}"="${2}" >> .config
108 114 fi
109 115 }
110 116
111 117 # unset kernel config parameter
112 118 unset_kernel_config() {
113 119 # unsets flag with the value of $1, config must exist at "./.config"
114 120 TGT="CONFIG_${1#CONFIG_}"
115 121 sed -i "s/^${TGT}=.*/# ${TGT} is not set/" .config
116 122 }
Show file before | Show file after | Hide comments
@@ -1,924 +1,924
1 1 #!/bin/bash
2 2 ########################################################################
3 3 # rpi23-gen-image.sh 2015-2017
4 4 #
5 # Advanced Debian "stretch" and "buster" bootstrap script for Raspberry Pi
5 # Advanced Debian "buster" and "bullseye" bootstrap script for Raspberry Pi
6 6 #
7 7 # This program is free software; you can redistribute it and/or
8 8 # modify it under the terms of the GNU General Public License
9 9 # as published by the Free Software Foundation; either version 2
10 10 # of the License, or (at your option) any later version.
11 11 #
12 12 # Copyright (C) 2015 Jan Wagner <mail@jwagner.eu>
13 13 #
14 14 # Big thanks for patches and enhancements by 20+ github contributors!
15 15 ########################################################################
16 16
17 17 # Are we running as root?
18 18 if [ "$(id -u)" -ne "0" ] ; then
19 19 echo "error: this script must be executed with root privileges!"
20 20 exit 1
21 21 fi
22 22
23 23 # Check if ./functions.sh script exists
24 24 if [ ! -r "./functions.sh" ] ; then
25 25 echo "error: './functions.sh' required script not found!"
26 26 exit 1
27 27 fi
28 28
29 29 # Load utility functions
30 30 . ./functions.sh
31 31
32 32 # Load parameters from configuration template file
33 33 if [ -n "$CONFIG_TEMPLATE" ] ; then
34 34 use_template
35 35 fi
36 36
37 37 # Introduce settings
38 38 set -e
39 39 echo -n -e "\n#\n# RPi 0/1/2/3/4 Bootstrap Settings\n#\n"
40 40 set -x
41 41
42 42 # Raspberry Pi model configuration
43 43 RPI_MODEL=${RPI_MODEL:=3P}
44 44
45 45 # Debian release
46 46 RELEASE=${RELEASE:=buster}
47 47 if [ $RELEASE = "bullseye" ] ; then
48 48 RELEASE=testing
49 49 fi
50 50
51 51 # Kernel Branch
52 52 KERNEL_BRANCH=${KERNEL_BRANCH:=""}
53 53
54 54 # URLs
55 55 KERNEL_URL=${KERNEL_URL:=https://github.com/raspberrypi/linux}
56 56 FIRMWARE_URL=${FIRMWARE_URL:=https://github.com/raspberrypi/firmware/raw/master/boot}
57 57 WLAN_FIRMWARE_URL=${WLAN_FIRMWARE_URL:=https://github.com/RPi-Distro/firmware-nonfree/raw/master/brcm}
58 58 FBTURBO_URL=${FBTURBO_URL:=https://github.com/ssvb/xf86-video-fbturbo.git}
59 59 UBOOT_URL=${UBOOT_URL:=https://git.denx.de/u-boot.git}
60 60 VIDEOCORE_URL=${VIDEOCORE_URL:=https://github.com/raspberrypi/userland}
61 61 BLUETOOTH_URL=${BLUETOOTH_URL:=https://github.com/RPi-Distro/pi-bluetooth.git}
62 62 NEXMON_URL=${NEXMON_URL:=https://github.com/seemoo-lab/nexmon.git}
63 63 SYSTEMDSWAP_URL=${SYSTEMDSWAP_URL:=https://github.com/Nefelim4ag/systemd-swap.git}
64 64
65 65 # Kernel deb packages for 32bit kernel
66 66 RPI_32_KERNEL_URL=${RPI_32_KERNEL_URL:=https://github.com/hypriot/rpi-kernel/releases/download/v4.14.34/raspberrypi-kernel_20180422-141901_armhf.deb}
67 67 RPI_32_KERNELHEADER_URL=${RPI_32_KERNELHEADER_URL:=https://github.com/hypriot/rpi-kernel/releases/download/v4.14.34/raspberrypi-kernel-headers_20180422-141901_armhf.deb}
68 68 # Kernel has KVM and zswap enabled - use if KERNEL_* parameters and precompiled kernel are used
69 69 RPI3_64_BIS_KERNEL_URL=${RPI3_64_BIS_KERNEL_URL:=https://github.com/sakaki-/bcmrpi3-kernel-bis/releases/download/4.19.102.20200211/bcmrpi3-kernel-bis-4.19.102.20200211.tar.xz}
70 70 # Default precompiled 64bit kernel
71 71 RPI3_64_DEF_KERNEL_URL=${RPI3_64_DEF_KERNEL_URL:=https://github.com/sakaki-/bcmrpi3-kernel/releases/download/4.19.102.20200211/bcmrpi3-kernel-4.19.102.20200211.tar.xz}
72 72 # Sakaki BIS Kernel RPI4 - https://github.com/sakaki-/bcm2711-kernel-bis
73 73 RPI4_64_BIS_KERNEL_URL=${RPI4_64_BIS_KERNEL_URL:=https://github.com/sakaki-/bcm2711-kernel-bis/releases/download/4.19.102.20200211/bcm2711-kernel-bis-4.19.102.20200211.tar.xz}
74 74 # Default precompiled 64bit kernel - https://github.com/sakaki-/bcm2711-kernel
75 75 RPI4_64_DEF_KERNEL_URL=${RPI4_64_DEF_KERNEL_URL:=https://github.com/sakaki-/bcm2711-kernel-bis/releases/download/4.19.102.20200211/bcm2711-kernel-bis-4.19.102.20200211.tar.xz}
76 76 # Generic
77 77 RPI3_64_KERNEL_URL=${RPI3_64_KERNEL_URL:=$RPI3_64_DEF_KERNEL_URL}
78 78 RPI4_64_KERNEL_URL=${RPI4_64_KERNEL_URL:=$RPI4_64_DEF_KERNEL_URL}
79 79 # Kali kernel src - used if ENABLE_NEXMON=true (they patch the wlan kernel modul)
80 80 KALI_KERNEL_URL=${KALI_KERNEL_URL:=https://github.com/Re4son/re4son-raspberrypi-linux.git}
81 81
82 82 # Build directories
83 83 WORKDIR=$(pwd)
84 84 BASEDIR=${BASEDIR:=${WORKDIR}/images/${RELEASE}}
85 85 BUILDDIR="${BASEDIR}/build"
86 86
87 87 # Chroot directories
88 88 R="${BUILDDIR}/chroot"
89 89 ETC_DIR="${R}/etc"
90 90 LIB_DIR="${R}/lib"
91 91 BOOT_DIR="${R}/boot/firmware"
92 92 KERNEL_DIR="${R}/usr/src/linux"
93 93 WLAN_FIRMWARE_DIR="${LIB_DIR}/firmware/brcm"
94 94 BLUETOOTH_FIRMWARE_DIR="${ETC_DIR}/firmware/bt"
95 95
96 96 # APT settings
97 97 APT_SERVER=${APT_SERVER:="ftp.debian.org"}
98 98 APT_PROXY=${APT_PROXY:=""}
99 99 KEEP_APT_PROXY=${KEEP_APT_PROXY:=false}
100 100 # Packages required in the chroot build environment
101 101 APT_INCLUDES=${APT_INCLUDES:=""}
102 102 APT_INCLUDES="${APT_INCLUDES},apt-transport-https,apt-utils,ca-certificates,debian-archive-keyring,dialog,sudo,systemd,sysvinit-utils,locales,keyboard-configuration,console-setup,libnss-systemd"
103 103 # Packages to exclude from chroot build environment
104 104 APT_EXCLUDES=${APT_EXCLUDES:=""}
105 105
106 106 # General settings
107 107 SET_ARCH=${SET_ARCH:=32}
108 108 HOSTNAME=${HOSTNAME:=rpi${RPI_MODEL}-${RELEASE}}
109 109 DEFLOCAL=${DEFLOCAL:="en_US.UTF-8"}
110 110 TIMEZONE=${TIMEZONE:="Europe/Berlin"}
111 111 EXPANDROOT=${EXPANDROOT:=true}
112 112
113 113 ENABLE_ROOT=${ENABLE_ROOT:=false}
114 114 ROOT_PASSWORD=${ROOT_PASSWORD:=raspberry}
115 115 ENABLE_USER=${ENABLE_USER:=true}
116 116 USER_NAME=${USER_NAME:="pi"}
117 117 USER_PASSWORD=${USER_PASSWORD:=raspberry}
118 118
119 119 # Keyboard settings
120 120 XKB_MODEL=${XKB_MODEL:=""}
121 121 XKB_LAYOUT=${XKB_LAYOUT:=""}
122 122 XKB_VARIANT=${XKB_VARIANT:=""}
123 123 XKB_OPTIONS=${XKB_OPTIONS:=""}
124 124
125 125 # Networking settings:
126 126 ENABLE_IPV6=${ENABLE_IPV6:=true}
127 127 ENABLE_WIRELESS=${ENABLE_WIRELESS:=false}
128 128 ENABLE_IPTABLES=${ENABLE_IPTABLES:=false}
129 129 ENABLE_HARDNET=${ENABLE_HARDNET:=false}
130 130 ENABLE_IFNAMES=${ENABLE_IFNAMES:=true}
131 131
132 132 # Network settings (DHCP)
133 133 ENABLE_ETH_DHCP=${ENABLE_ETH_DHCP:=true}
134 134 ENABLE_WIFI_DHCP=${ENABLE_ETH_DHCP:=true}
135 135
136 136 # Network settings (static)
137 137 NET_ETH_ADDRESS=${NET_ETH_ADDRESS:=""}
138 138 NET_ETH_GATEWAY=${NET_ETH_GATEWAY:=""}
139 139 NET_ETH_DNS_1=${NET_ETH_DNS_1:=""}
140 140 NET_ETH_DNS_2=${NET_ETH_DNS_2:=""}
141 141 NET_ETH_DNS_DOMAINS=${NET_ETH_DNS_DOMAINS:=""}
142 142 NET_ETH_NTP_1=${NET_ETH_NTP_1:=""}
143 143 NET_ETH_NTP_2=${NET_ETH_NTP_2:=""}
144 144
145 145 # Networking settings (WIFI):
146 146 NET_WIFI_SSID=${NET_WIFI_SSID:=""}
147 147 NET_WIFI_PSK=${NET_WIFI_PSK:=""}
148 148
149 149 # Network settings (static)
150 150 NET_WIFI_ADDRESS=${NET_WIFI_ADDRESS:=""}
151 151 NET_WIFI_GATEWAY=${NET_WIFI_GATEWAY:=""}
152 152 NET_WIFI_DNS_1=${NET_WIFI_DNS_1:=""}
153 153 NET_WIFI_DNS_2=${NET_WIFI_DNS_2:=""}
154 154 NET_WIFI_DNS_DOMAINS=${NET_WIFI_DNS_DOMAINS:=""}
155 155 NET_WIFI_NTP_1=${NET_WIFI_NTP_1:=""}
156 156 NET_WIFI_NTP_2=${NET_WIFI_NTP_2:=""}
157 157
158 158 # Feature settings
159 159 ENABLE_CONSOLE=${ENABLE_CONSOLE:=false}
160 160 ENABLE_PRINTK=${ENABLE_PRINTK:=false}
161 161 ENABLE_BLUETOOTH=${ENABLE_BLUETOOTH:=false}
162 162 ENABLE_MINIUART_OVERLAY=${ENABLE_MINIUART_OVERLAY:=false}
163 163 ENABLE_TURBO=${ENABLE_TURBO:=false}
164 164 ENABLE_I2C=${ENABLE_I2C:=false}
165 165 ENABLE_SPI=${ENABLE_SPI:=false}
166 166
167 167 ENABLE_NONFREE=${ENABLE_NONFREE:=false}
168 168 ENABLE_RSYSLOG=${ENABLE_RSYSLOG:=true}
169 169 ENABLE_SOUND=${ENABLE_SOUND:=false}
170 170 ENABLE_HWRANDOM=${ENABLE_HWRANDOM:=true}
171 171 ENABLE_MINGPU=${ENABLE_MINGPU:=false}
172 172 ENABLE_XORG=${ENABLE_XORG:=false}
173 173 ENABLE_WM=${ENABLE_WM:=""}
174 174 ENABLE_SYSVINIT=${ENABLE_SYSVINIT:=false}
175 175 ENABLE_SPLASH=${ENABLE_SPLASH:=true}
176 176 ENABLE_LOGO=${ENABLE_LOGO:=true}
177 177 ENABLE_SILENT_BOOT=${ENABLE_SILENT_BOOT=false}
178 178 DISABLE_UNDERVOLT_WARNINGS=${DISABLE_UNDERVOLT_WARNINGS:=}
179 179
180 180 # Advanced settings
181 181 ENABLE_DPHYSSWAP=${ENABLE_DPHYSSWAP:=true}
182 182 ENABLE_SYSTEMDSWAP=${ENABLE_SYSTEMDSWAP:=false}
183 183 ENABLE_QEMU=${ENABLE_QEMU:=false}
184 184 ENABLE_KEYGEN=${ENABLE_KEYGEN:=false}
185 185 ENABLE_MINBASE=${ENABLE_MINBASE:=false}
186 186 ENABLE_SPLITFS=${ENABLE_SPLITFS:=false}
187 187 ENABLE_INITRAMFS=${ENABLE_INITRAMFS:=false}
188 188 ENABLE_DBUS=${ENABLE_DBUS:=true}
189 189 ENABLE_USBBOOT=${ENABLE_USBBOOT=false}
190 190 CHROOT_SCRIPTS=${CHROOT_SCRIPTS:=""}
191 191 ENABLE_UBOOT=${ENABLE_UBOOT:=false}
192 192 UBOOTSRC_DIR=${UBOOTSRC_DIR:=""}
193 193 ENABLE_FBTURBO=${ENABLE_FBTURBO:=false}
194 194 ENABLE_GR_ACCEL=${ENABLE_GR_ACCEL:=true}
195 195 FBTURBOSRC_DIR=${FBTURBOSRC_DIR:=""}
196 196 ENABLE_VIDEOCORE=${ENABLE_VIDEOCORE:=false}
197 197 VIDEOCORESRC_DIR=${VIDEOCORESRC_DIR:=""}
198 198 ENABLE_NEXMON=${ENABLE_NEXMON:=false}
199 199 NEXMONSRC_DIR=${NEXMONSRC_DIR:=""}
200 200
201 201 # SSH settings
202 202 SSH_ENABLE=${SSH_ENABLE:=true}
203 203 SSH_ENABLE_ROOT=${SSH_ENABLE_ROOT:=false}
204 204 SSH_DISABLE_PASSWORD_AUTH=${SSH_DISABLE_PASSWORD_AUTH:=false}
205 205 SSH_LIMIT_USERS=${SSH_LIMIT_USERS:=false}
206 206 SSH_ROOT_PUB_KEY=${SSH_ROOT_PUB_KEY:=""}
207 207 SSH_USER_PUB_KEY=${SSH_USER_PUB_KEY:=""}
208 208
209 209 # Kernel compilation settings
210 210 BUILD_KERNEL=${BUILD_KERNEL:=true}
211 211 KERNEL_THREADS=${KERNEL_THREADS:=1}
212 212 KERNEL_HEADERS=${KERNEL_HEADERS:=true}
213 213 KERNEL_MENUCONFIG=${KERNEL_MENUCONFIG:=false}
214 214 KERNEL_OLDDEFCONFIG=${KERNEL_OLDDEFCONFIG:=false}
215 215 KERNEL_CCACHE=${KERNEL_CCACHE:=false}
216 216 KERNEL_REMOVESRC=${KERNEL_REMOVESRC:=true}
217 217 KERNELSRC_DIR=${KERNELSRC_DIR:=""}
218 218 KERNELSRC_CLEAN=${KERNELSRC_CLEAN:=false}
219 219 KERNELSRC_CONFIG=${KERNELSRC_CONFIG:=true}
220 220 KERNELSRC_USRCONFIG=${KERNELSRC_USRCONFIG:=""}
221 221 KERNELSRC_PREBUILT=${KERNELSRC_PREBUILT:=false}
222 222 # Firmware directory: Blank if download from github
223 223 RPI_FIRMWARE_DIR=${RPI_FIRMWARE_DIR:=""}
224 224 KERNEL_DEFAULT_GOV=${KERNEL_DEFAULT_GOV:=ondemand}
225 225 KERNEL_NF=${KERNEL_NF:=false}
226 226 KERNEL_VIRT=${KERNEL_VIRT:=false}
227 227 KERNEL_ZSWAP=${KERNEL_ZSWAP:=false}
228 228 KERNEL_BPF=${KERNEL_BPF:=false}
229 229 KERNEL_SECURITY=${KERNEL_SECURITY:=false}
230 230 KERNEL_BTRFS=${KERNEL_BTRFS:=false}
231 231 KERNEL_POEHAT=${KERNEL_POEHAT:=false}
232 232 KERNEL_NSPAN=${KERNEL_NSPAN:=false}
233 233 KERNEL_DHKEY=${KERNEL_DHKEY:=true}
234 234
235 235 # Reduce disk usage settings
236 236 ENABLE_REDUCE=${ENABLE_REDUCE:=false}
237 237 REDUCE_APT=${REDUCE_APT:=true}
238 238 REDUCE_DOC=${REDUCE_DOC:=false}
239 239 REDUCE_MAN=${REDUCE_MAN:=false}
240 240 REDUCE_VIM=${REDUCE_VIM:=false}
241 241 REDUCE_BASH=${REDUCE_BASH:=false}
242 242 REDUCE_HWDB=${REDUCE_HWDB:=false}
243 243 REDUCE_SSHD=${REDUCE_SSHD:=false}
244 244 REDUCE_LOCALE=${REDUCE_LOCALE:=false}
245 245 REDUCE_KERNEL=${REDUCE_KERNEL:=false}
246 246
247 247 # Encrypted filesystem settings
248 248 ENABLE_CRYPTFS=${ENABLE_CRYPTFS:=false}
249 249 CRYPTFS_PASSWORD=${CRYPTFS_PASSWORD:=""}
250 250 CRYPTFS_MAPPING=${CRYPTFS_MAPPING:="secure"}
251 251 CRYPTFS_CIPHER=${CRYPTFS_CIPHER:="aes-xts-plain64"}
252 252 CRYPTFS_HASH=${CRYPTFS_HASH:="sha256"}
253 253 CRYPTFS_XTSKEYSIZE=${CRYPTFS_XTSKEYSIZE:=256}
254 254 #Dropbear-initramfs supports unlocking encrypted filesystem via SSH on bootup
255 255 CRYPTFS_DROPBEAR=${CRYPTFS_DROPBEAR:=false}
256 256 #Provide your own Dropbear Public RSA-OpenSSH Key otherwise it will be generated
257 257 CRYPTFS_DROPBEAR_PUBKEY=${CRYPTFS_DROPBEAR_PUBKEY:=""}
258 258
259 259 # Packages required for bootstrapping
260 260 REQUIRED_PACKAGES="debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git bc psmisc dbus bison flex libssl-dev sudo"
261 261 MISSING_PACKAGES=""
262 262
263 263 # Packages installed for c/c++ build environment in chroot (keep empty)
264 264 COMPILER_PACKAGES=""
265 265
266 266 # Check if apt-cacher-ng has port 3142 open and set APT_PROXY
267 267 APT_CACHER_RUNNING=$(lsof -i :3142 | cut -d ' ' -f3 | uniq | sed '/^\s*$/d')
268 268 if [ "${APT_CACHER_RUNNING}" = "apt-cacher-ng" ] ; then
269 269 APT_PROXY=http://127.0.0.1:3142/
270 270 fi
271 271
272 272 # Setup architecture specific settings
273 273 if [ -n "$SET_ARCH" ] ; then
274 274 ## 64-bit configuration
275 275 if [ "$SET_ARCH" = 64 ] ; then
276 276 ### General 64-bit depended settings
277 277 QEMU_BINARY=${QEMU_BINARY:=/usr/bin/qemu-aarch64-static}
278 278 KERNEL_ARCH=${KERNEL_ARCH:=arm64}
279 279 KERNEL_BIN_IMAGE=${KERNEL_BIN_IMAGE:="Image"}
280 280
281 281 ### Raspberry Pi model specific settings
282 282 if [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] || [ "$RPI_MODEL" = 4 ] ; then
283 283 if [ "$RPI_MODEL" != 4 ] ; then
284 284 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcmrpi3_defconfig}
285 285 else
286 286 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcm2711_defconfig}
287 287 fi
288 288
289 289 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-arm64"
290 290 RELEASE_ARCH=${RELEASE_ARCH:=arm64}
291 291 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel8.img}
292 292 CROSS_COMPILE=${CROSS_COMPILE:=aarch64-linux-gnu-}
293 293
294 294 else
295 295 echo "error: Only Raspberry PI 3, 3B+ and 4 support 64-bit"
296 296 exit 1
297 297 fi
298 298 fi
299 299
300 300 ## 32-bit configuration
301 301 if [ "$SET_ARCH" = 32 ] ; then
302 302 ### General 32-bit dependend settings
303 303 QEMU_BINARY=${QEMU_BINARY:=/usr/bin/qemu-arm-static}
304 304 KERNEL_ARCH=${KERNEL_ARCH:=arm}
305 305 KERNEL_BIN_IMAGE=${KERNEL_BIN_IMAGE:="zImage"}
306 306
307 307 ### Raspberry Pi (0-1P) model specific settings
308 308 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 1 ] || [ "$RPI_MODEL" = 1P ] ; then
309 309 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-armel"
310 310 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcmrpi_defconfig}
311 311 RELEASE_ARCH=${RELEASE_ARCH:=armel}
312 312 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel.img}
313 313 CROSS_COMPILE=${CROSS_COMPILE:=arm-linux-gnueabi-}
314 314
315 315 if [ $ENABLE_XORG = true ] ; then
316 316 if [$RELEASE = "stretch" ] || [$RELEASE = "oldstable" ] ; then
317 317 printf "\nBest support for armel architecture is provided under Debian stretch/oldstable. Choose yes to change release to Debian stretch[y/n] "
318 318 read -r confirm
319 319 if [ "$confirm" = "y" ] ; then
320 320 $RELEASE = "stretch"
321 321 fi
322 322 fi
323 323 fi
324 324 fi
325 325 ### Raspberry Pi (2-4) model specific settings
326 326 if [ "$RPI_MODEL" = 2 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] || [ "$RPI_MODEL" = 4 ] ; then
327 327 if [ "$RPI_MODEL" != 4 ] ; then
328 328 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcm2709_defconfig}
329 329 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel7.img}
330 330 else
331 331 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcm2711_defconfig}
332 332 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel7l.img}
333 333 fi
334 334
335 335 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-armhf"
336 336 RELEASE_ARCH=${RELEASE_ARCH:=armhf}
337 337
338 338 CROSS_COMPILE=${CROSS_COMPILE:=arm-linux-gnueabihf-}
339 339 fi
340 340 fi
341 341 # SET_ARCH not set
342 342 else
343 343 echo "error: Please set '32' or '64' as value for SET_ARCH"
344 344 exit 1
345 345 fi
346 346 # Device specific configuration and U-Boot configuration
347 347 case "$RPI_MODEL" in
348 348 0)
349 349 DTB_FILE=${DTB_FILE:=bcm2708-rpi-0-w.dtb}
350 350 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_defconfig}
351 351 ;;
352 352 1)
353 353 DTB_FILE=${DTB_FILE:=bcm2708-rpi-b.dtb}
354 354 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_defconfig}
355 355 ;;
356 356 1P)
357 357 DTB_FILE=${DTB_FILE:=bcm2708-rpi-b-plus.dtb}
358 358 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_defconfig}
359 359 ;;
360 360 2)
361 361 DTB_FILE=${DTB_FILE:=bcm2709-rpi-2-b.dtb}
362 362 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_2_defconfig}
363 363 ;;
364 364 3)
365 365 DTB_FILE=${DTB_FILE:=bcm2710-rpi-3-b.dtb}
366 366 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_3_defconfig}
367 367 ;;
368 368 3P)
369 369 DTB_FILE=${DTB_FILE:=bcm2710-rpi-3-b.dtb}
370 370 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_3_defconfig}
371 371 ;;
372 372 4)
373 373 DTB_FILE=${DTB_FILE:=bcm2711-rpi-4-b.dtb}
374 374 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_4_defconfig}
375 375 ;;
376 376 *)
377 377 echo "error: Raspberry Pi model $RPI_MODEL is not supported!"
378 378 exit 1
379 379 ;;
380 380 esac
381 381
382 382 # Raspberry PI 0,3,3P,4 with Bluetooth and Wifi onboard
383 383 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] || [ "$RPI_MODEL" = 4 ] ; then
384 384 ## Include bluetooth packages on supported boards
385 385 if [ "$ENABLE_BLUETOOTH" = true ] ; then
386 386 APT_INCLUDES="${APT_INCLUDES},bluetooth,bluez"
387 387 fi
388 388 if [ "$ENABLE_WIRELESS" = true ] ; then
389 389 APT_INCLUDES="${APT_INCLUDES},wireless-tools,crda,wireless-regdb,wpasupplicant"
390 390 fi
391 391 # Raspberry PI 1,1P,2 without Wifi and bluetooth onboard
392 392 else
393 393 ## Check if the internal wireless interface is not supported by the RPi model
394 394 if [ "$ENABLE_WIRELESS" = true ] || [ "$ENABLE_BLUETOOTH" = true ]; then
395 395 echo "error: The selected Raspberry Pi model has no integrated interface for wireless or bluetooth"
396 396 exit 1
397 397 fi
398 398 fi
399 399
400 400 if [ "$BUILD_KERNEL" = false ] && [ "$ENABLE_NEXMON" = true ]; then
401 401 echo "error: You have to compile kernel sources, if you want to enable nexmon"
402 402 exit 1
403 403 fi
404 404
405 405 # Prepare date string for default image file name
406 406 DATE="$(date +%Y-%m-%d)"
407 407 if [ -z "$KERNEL_BRANCH" ] ; then
408 408 IMAGE_NAME=${IMAGE_NAME:=${BASEDIR}/${DATE}-${KERNEL_ARCH}-CURRENT-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}}
409 409 else
410 410 IMAGE_NAME=${IMAGE_NAME:=${BASEDIR}/${DATE}-${KERNEL_ARCH}-${KERNEL_BRANCH}-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}}
411 411 fi
412 412
413 413 # Check if DISABLE_UNDERVOLT_WARNINGS parameter value is supported
414 414 if [ -n "$DISABLE_UNDERVOLT_WARNINGS" ] ; then
415 415 if [ "$DISABLE_UNDERVOLT_WARNINGS" != 1 ] && [ "$DISABLE_UNDERVOLT_WARNINGS" != 2 ] ; then
416 416 echo "error: DISABLE_UNDERVOLT_WARNINGS=${DISABLE_UNDERVOLT_WARNINGS} is not supported"
417 417 exit 1
418 418 fi
419 419 fi
420 420
421 421 # Add cmake to compile videocore sources
422 422 if [ "$ENABLE_VIDEOCORE" = true ] ; then
423 423 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} cmake"
424 424 fi
425 425
426 426 # Add deps for nexmon
427 427 if [ "$ENABLE_NEXMON" = true ] ; then
428 428 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} libgmp3-dev gawk qpdf make autoconf automake build-essential libtool"
429 429 fi
430 430
431 431 # Add libncurses5 to enable kernel menuconfig
432 432 if [ "$KERNEL_MENUCONFIG" = true ] ; then
433 433 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} libncurses-dev"
434 434 fi
435 435
436 436 # Add ccache compiler cache for (faster) kernel cross (re)compilation
437 437 if [ "$KERNEL_CCACHE" = true ] ; then
438 438 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} ccache"
439 439 fi
440 440
441 441 # Add cryptsetup package to enable filesystem encryption
442 442 if [ "$ENABLE_CRYPTFS" = true ] && [ "$BUILD_KERNEL" = true ] ; then
443 443 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} cryptsetup"
444 444 APT_INCLUDES="${APT_INCLUDES},cryptsetup,busybox,console-setup,cryptsetup-initramfs"
445 445
446 446 # If cryptfs,dropbear and initramfs are enabled include dropbear-initramfs package
447 447 if [ "$CRYPTFS_DROPBEAR" = true ] && [ "$ENABLE_INITRAMFS" = true ]; then
448 448 APT_INCLUDES="${APT_INCLUDES},dropbear-initramfs"
449 449 fi
450 450
451 451 if [ -z "$CRYPTFS_PASSWORD" ] ; then
452 452 echo "error: no password defined (CRYPTFS_PASSWORD)!"
453 453 exit 1
454 454 fi
455 455 ENABLE_INITRAMFS=true
456 456 fi
457 457
458 458 # Add initramfs generation tools
459 459 if [ "$ENABLE_INITRAMFS" = true ] && [ "$BUILD_KERNEL" = true ] ; then
460 460 APT_INCLUDES="${APT_INCLUDES},initramfs-tools"
461 461 fi
462 462
463 463 # Add device-tree-compiler required for building the U-Boot bootloader
464 464 if [ "$ENABLE_UBOOT" = true ] ; then
465 465 APT_INCLUDES="${APT_INCLUDES},device-tree-compiler,bc"
466 466 fi
467 467
468 468 if [ "$ENABLE_USBBOOT" = true ] ; then
469 469 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 1P ] || [ "$RPI_MODEL" = 1 ] || [ "$RPI_MODEL" = 2 ]; then
470 470 echo "error: Booting from USB alone is only supported by Raspberry Pi 3 and 3P"
471 471 exit 1
472 472 fi
473 473 fi
474 474
475 475 # Check if root SSH (v2) public key file exists
476 476 if [ -n "$SSH_ROOT_PUB_KEY" ] ; then
477 477 if [ ! -f "$SSH_ROOT_PUB_KEY" ] ; then
478 478 echo "error: '$SSH_ROOT_PUB_KEY' specified SSH public key file not found (SSH_ROOT_PUB_KEY)!"
479 479 exit 1
480 480 fi
481 481 fi
482 482
483 483 # Check if $USER_NAME SSH (v2) public key file exists
484 484 if [ -n "$SSH_USER_PUB_KEY" ] ; then
485 485 if [ ! -f "$SSH_USER_PUB_KEY" ] ; then
486 486 echo "error: '$SSH_USER_PUB_KEY' specified SSH public key file not found (SSH_USER_PUB_KEY)!"
487 487 exit 1
488 488 fi
489 489 fi
490 490
491 491 if [ "$ENABLE_NEXMON" = true ] && [ -n "$KERNEL_BRANCH" ] ; then
492 492 echo "error: Please unset KERNEL_BRANCH if using ENABLE_NEXMON"
493 493 exit 1
494 494 fi
495 495
496 496 # Check if all required packages are installed on the build system
497 497 for package in $REQUIRED_PACKAGES ; do
498 498 if [ "$(dpkg-query -W -f='${Status}' "$package")" != "install ok installed" ] ; then
499 499 MISSING_PACKAGES="${MISSING_PACKAGES} $package"
500 500 fi
501 501 done
502 502
503 503 # If there are missing packages ask confirmation for install, or exit
504 504 if [ -n "$MISSING_PACKAGES" ] ; then
505 505 echo "the following packages needed by this script are not installed:"
506 506 echo "$MISSING_PACKAGES"
507 507
508 508 printf "\ndo you want to install the missing packages right now? [y/n] "
509 509 read -r confirm
510 510 [ "$confirm" != "y" ] && exit 1
511 511
512 512 ## Make sure all missing required packages are installed
513 513 apt-get update && apt-get -qq -y install `echo "${MISSING_PACKAGES}" | sed "s/ //"`
514 514 fi
515 515
516 516 # Check if ./bootstrap.d directory exists
517 517 if [ ! -d "./bootstrap.d/" ] ; then
518 518 echo "error: './bootstrap.d' required directory not found!"
519 519 exit 1
520 520 fi
521 521
522 522 # Check if ./files directory exists
523 523 if [ ! -d "./files/" ] ; then
524 524 echo "error: './files' required directory not found!"
525 525 exit 1
526 526 fi
527 527
528 528 # Check if specified KERNELSRC_DIR directory exists
529 529 if [ -n "$KERNELSRC_DIR" ] && [ ! -d "$KERNELSRC_DIR" ] ; then
530 530 echo "error: '${KERNELSRC_DIR}' specified directory not found (KERNELSRC_DIR)!"
531 531 exit 1
532 532 fi
533 533
534 534 # Check if specified UBOOTSRC_DIR directory exists
535 535 if [ -n "$UBOOTSRC_DIR" ] && [ ! -d "$UBOOTSRC_DIR" ] ; then
536 536 echo "error: '${UBOOTSRC_DIR}' specified directory not found (UBOOTSRC_DIR)!"
537 537 exit 1
538 538 fi
539 539
540 540 # Check if specified VIDEOCORESRC_DIR directory exists
541 541 if [ -n "$VIDEOCORESRC_DIR" ] && [ ! -d "$VIDEOCORESRC_DIR" ] ; then
542 542 echo "error: '${VIDEOCORESRC_DIR}' specified directory not found (VIDEOCORESRC_DIR)!"
543 543 exit 1
544 544 fi
545 545
546 546 # Check if specified FBTURBOSRC_DIR directory exists
547 547 if [ -n "$FBTURBOSRC_DIR" ] && [ ! -d "$FBTURBOSRC_DIR" ] ; then
548 548 echo "error: '${FBTURBOSRC_DIR}' specified directory not found (FBTURBOSRC_DIR)!"
549 549 exit 1
550 550 fi
551 551
552 552 # Check if specified NEXMONSRC_DIR directory exists
553 553 if [ -n "$NEXMONSRC_DIR" ] && [ ! -d "$NEXMONSRC_DIR" ] ; then
554 554 echo "error: '${NEXMONSRC_DIR}' specified directory not found (NEXMONSRC_DIR)!"
555 555 exit 1
556 556 fi
557 557
558 558 # Check if specified CHROOT_SCRIPTS directory exists
559 559 if [ -n "$CHROOT_SCRIPTS" ] && [ ! -d "$CHROOT_SCRIPTS" ] ; then
560 560 echo "error: ${CHROOT_SCRIPTS} specified directory not found (CHROOT_SCRIPTS)!"
561 561 exit 1
562 562 fi
563 563
564 564 # Check if specified device mapping already exists (will be used by cryptsetup)
565 565 if [ -r "/dev/mapping/${CRYPTFS_MAPPING}" ] ; then
566 566 echo "error: mapping /dev/mapping/${CRYPTFS_MAPPING} already exists, not proceeding"
567 567 exit 1
568 568 fi
569 569
570 570 # Don't clobber an old build
571 571 if [ -e "$BUILDDIR" ] ; then
572 572 echo "error: directory ${BUILDDIR} already exists, not proceeding"
573 573 exit 1
574 574 fi
575 575
576 576 # Setup chroot directory
577 577 mkdir -p "${R}"
578 578
579 579 # Check if build directory has enough of free disk space >512MB
580 580 if [ "$(df --output=avail "${BUILDDIR}" | sed "1d")" -le "524288" ] ; then
581 581 echo "error: ${BUILDDIR} not enough space left to generate the output image!"
582 582 exit 1
583 583 fi
584 584
585 585 set -x
586 586
587 587 # Call "cleanup" function on various signals and errors
588 588 trap cleanup 0 1 2 3 6
589 589
590 590 # Add required packages for the minbase installation
591 591 if [ "$ENABLE_MINBASE" = true ] ; then
592 592 APT_INCLUDES="${APT_INCLUDES},vim-tiny,netbase,net-tools,ifupdown"
593 593 fi
594 594
595 595 # Add parted package, required to get partprobe utility
596 596 if [ "$EXPANDROOT" = true ] ; then
597 597 APT_INCLUDES="${APT_INCLUDES},parted"
598 598 fi
599 599
600 600 # Add dphys-swapfile package, required to enable swap
601 601 if [ "$ENABLE_DPHYSSWAP" = true ] ; then
602 602 APT_INCLUDES="${APT_INCLUDES},dphys-swapfile"
603 603 fi
604 604
605 605 # Add dbus package, recommended if using systemd
606 606 if [ "$ENABLE_DBUS" = true ] ; then
607 607 APT_INCLUDES="${APT_INCLUDES},dbus"
608 608 fi
609 609
610 610 # Add iptables IPv4/IPv6 package
611 611 if [ "$ENABLE_IPTABLES" = true ] ; then
612 612 APT_INCLUDES="${APT_INCLUDES},iptables,iptables-persistent"
613 613 fi
614 614 # Add apparmor for KERNEL_SECURITY
615 615 if [ "$KERNEL_SECURITY" = true ] ; then
616 616 APT_INCLUDES="${APT_INCLUDES},apparmor,apparmor-utils,apparmor-profiles,apparmor-profiles-extra,libapparmor-perl"
617 617 fi
618 618
619 619 # Add openssh server package
620 620 if [ "$SSH_ENABLE" = true ] ; then
621 621 APT_INCLUDES="${APT_INCLUDES},openssh-server"
622 622 fi
623 623
624 624 # Add alsa-utils package
625 625 if [ "$ENABLE_SOUND" = true ] ; then
626 626 APT_INCLUDES="${APT_INCLUDES},alsa-utils"
627 627 fi
628 628
629 629 # Add rng-tools package
630 630 if [ "$ENABLE_HWRANDOM" = true ] ; then
631 631 APT_INCLUDES="${APT_INCLUDES},rng-tools"
632 632 fi
633 633
634 634 # Add fbturbo video driver
635 635 if [ "$ENABLE_FBTURBO" = true ] ; then
636 636 # Enable xorg package dependencies
637 637 ENABLE_XORG=true
638 638 fi
639 639
640 640 # Add user defined window manager package
641 641 if [ -n "$ENABLE_WM" ] ; then
642 642 APT_INCLUDES="${APT_INCLUDES},${ENABLE_WM}"
643 643
644 644 # Enable xorg package dependencies
645 645 ENABLE_XORG=true
646 646 fi
647 647
648 648 # Add xorg package
649 649 if [ "$ENABLE_XORG" = true ] ; then
650 650 APT_INCLUDES="${APT_INCLUDES},xorg,dbus-x11"
651 651 fi
652 652
653 653 # Replace selected packages with smaller clones
654 654 if [ "$ENABLE_REDUCE" = true ] ; then
655 655 ## Add levee package instead of vim-tiny
656 656 if [ "$REDUCE_VIM" = true ] ; then
657 657 APT_INCLUDES="$(echo ${APT_INCLUDES} | sed "s/vim-tiny/levee/")"
658 658 fi
659 659
660 660 ## Add dropbear package instead of openssh-server
661 661 if [ "$REDUCE_SSHD" = true ] ; then
662 662 APT_INCLUDES="$(echo "${APT_INCLUDES}" | sed "s/openssh-server/dropbear/")"
663 663 fi
664 664 fi
665 665
666 666 # Configure systemd-sysv exclude to make halt/reboot/shutdown scripts available
667 667 if [ "$ENABLE_SYSVINIT" = false ] ; then
668 668 APT_EXCLUDES="--exclude=${APT_EXCLUDES},init,systemd-sysv"
669 669 fi
670 670
671 671 # Configure kernel sources if no KERNELSRC_DIR
672 672 if [ "$BUILD_KERNEL" = true ] && [ -z "$KERNELSRC_DIR" ] ; then
673 673 KERNELSRC_CONFIG=true
674 674 fi
675 675
676 676 # Configure reduced kernel
677 677 if [ "$KERNEL_REDUCE" = true ] ; then
678 678 KERNELSRC_CONFIG=false
679 679 fi
680 680
681 681 # Configure qemu compatible kernel
682 682 if [ "$ENABLE_QEMU" = true ] ; then
683 683 DTB_FILE=vexpress-v2p-ca15_a7.dtb
684 684 UBOOT_CONFIG=vexpress_ca15_tc2_defconfig
685 685 KERNEL_DEFCONFIG="vexpress_defconfig"
686 686 if [ "$KERNEL_MENUCONFIG" = false ] ; then
687 687 KERNEL_OLDDEFCONFIG=true
688 688 fi
689 689 fi
690 690
691 691 # Execute bootstrap scripts
692 692 for SCRIPT in bootstrap.d/*.sh; do
693 693 head -n 3 "$SCRIPT"
694 694 . "$SCRIPT"
695 695 done
696 696
697 697 ## Execute custom bootstrap scripts
698 698 if [ -d "custom.d" ] ; then
699 699 for SCRIPT in custom.d/*.sh; do
700 700 . "$SCRIPT"
701 701 done
702 702 fi
703 703
704 704 # Execute custom scripts inside the chroot
705 705 if [ -n "$CHROOT_SCRIPTS" ] && [ -d "$CHROOT_SCRIPTS" ] ; then
706 706 cp -r "${CHROOT_SCRIPTS}" "${R}/chroot_scripts"
707 707 chroot_exec /bin/bash -x <<'EOF'
708 708 for SCRIPT in /chroot_scripts/* ; do
709 709 if [ -f $SCRIPT -a -x $SCRIPT ] ; then
710 710 $SCRIPT
711 711 fi
712 712 done
713 713 EOF
714 714 rm -rf "${R}/chroot_scripts"
715 715 fi
716 716
717 717 # Remove c/c++ build environment from the chroot
718 718 chroot_remove_cc
719 719
720 720 # Generate required machine-id
721 721 MACHINE_ID=$(dbus-uuidgen)
722 722 echo -n "${MACHINE_ID}" > "${R}/var/lib/dbus/machine-id"
723 723 echo -n "${MACHINE_ID}" > "${ETC_DIR}/machine-id"
724 724
725 725 # APT Cleanup
726 726 chroot_exec apt-get -y clean
727 727 chroot_exec apt-get -y autoclean
728 728 chroot_exec apt-get -y autoremove
729 729
730 730 # Unmount mounted filesystems
731 731 umount -l "${R}/proc"
732 732 umount -l "${R}/sys"
733 733
734 734 # Clean up directories
735 735 rm -rf "${R}/run/*"
736 736 rm -rf "${R}/tmp/*"
737 737
738 738 # Clean up APT proxy settings
739 739 if [ "$KEEP_APT_PROXY" = false ] ; then
740 740 rm -f "${ETC_DIR}/apt/apt.conf.d/10proxy"
741 741 fi
742 742
743 743 # Clean up files
744 744 rm -f "${ETC_DIR}/ssh/ssh_host_*"
745 745 rm -f "${ETC_DIR}/dropbear/dropbear_*"
746 746 rm -f "${ETC_DIR}/apt/sources.list.save"
747 747 rm -f "${ETC_DIR}/resolvconf/resolv.conf.d/original"
748 748 rm -f "${ETC_DIR}/*-"
749 749 rm -f "${ETC_DIR}/resolv.conf"
750 750 rm -f "${R}/root/.bash_history"
751 751 rm -f "${R}/var/lib/urandom/random-seed"
752 752 rm -f "${R}/initrd.img"
753 753 rm -f "${R}/vmlinuz"
754 754 rm -f "${R}${QEMU_BINARY}"
755 755
756 756 if [ "$ENABLE_QEMU" = true ] ; then
757 757 # Setup QEMU directory
758 758 mkdir "${BASEDIR}/qemu"
759 759
760 760 # Copy kernel image to QEMU directory
761 761 install_readonly "${BOOT_DIR}/${KERNEL_IMAGE}" "${BASEDIR}/qemu/${KERNEL_IMAGE}"
762 762
763 763 # Copy kernel config to QEMU directory
764 764 install_readonly "${R}/boot/config-${KERNEL_VERSION}" "${BASEDIR}/qemu/config-${KERNEL_VERSION}"
765 765
766 766 # Copy kernel dtbs to QEMU directory
767 767 for dtb in "${BOOT_DIR}/"*.dtb ; do
768 768 if [ -f "${dtb}" ] ; then
769 769 install_readonly "${dtb}" "${BASEDIR}/qemu/"
770 770 fi
771 771 done
772 772
773 773 # Copy kernel overlays to QEMU directory
774 774 if [ -d "${BOOT_DIR}/overlays" ] ; then
775 775 # Setup overlays dtbs directory
776 776 mkdir "${BASEDIR}/qemu/overlays"
777 777
778 778 for dtb in "${BOOT_DIR}/overlays/"*.dtbo ; do
779 779 if [ -f "${dtb}" ] ; then
780 780 install_readonly "${dtb}" "${BASEDIR}/qemu/overlays/"
781 781 fi
782 782 done
783 783 fi
784 784
785 785 # Copy u-boot files to QEMU directory
786 786 if [ "$ENABLE_UBOOT" = true ] ; then
787 787 if [ -f "${BOOT_DIR}/u-boot.bin" ] ; then
788 788 install_readonly "${BOOT_DIR}/u-boot.bin" "${BASEDIR}/qemu/u-boot.bin"
789 789 fi
790 790 if [ -f "${BOOT_DIR}/uboot.mkimage" ] ; then
791 791 install_readonly "${BOOT_DIR}/uboot.mkimage" "${BASEDIR}/qemu/uboot.mkimage"
792 792 fi
793 793 if [ -f "${BOOT_DIR}/boot.scr" ] ; then
794 794 install_readonly "${BOOT_DIR}/boot.scr" "${BASEDIR}/qemu/boot.scr"
795 795 fi
796 796 fi
797 797
798 798 # Copy initramfs to QEMU directory
799 799 if [ -f "${BOOT_DIR}/initramfs-${KERNEL_VERSION}" ] ; then
800 800 install_readonly "${BOOT_DIR}/initramfs-${KERNEL_VERSION}" "${BASEDIR}/qemu/initramfs-${KERNEL_VERSION}"
801 801 fi
802 802 fi
803 803
804 804 # Calculate size of the chroot directory in KB
805 805 CHROOT_SIZE=$(expr "$(du -s "${R}" | awk '{ print $1 }')")
806 806
807 807 # Calculate the amount of needed 512 Byte sectors
808 808 TABLE_SECTORS=$(expr 1 \* 1024 \* 1024 \/ 512)
809 809 FRMW_SECTORS=$(expr 128 \* 1024 \* 1024 \/ 512)
810 810 ROOT_OFFSET=$(expr "${TABLE_SECTORS}" + "${FRMW_SECTORS}")
811 811
812 812 # The root partition is EXT4
813 813 # This means more space than the actual used space of the chroot is used.
814 814 # As overhead for journaling and reserved blocks 35% are added.
815 815 ROOT_SECTORS=$(expr "$(expr "${CHROOT_SIZE}" + "${CHROOT_SIZE}" \/ 100 \* 35)" \* 1024 \/ 512)
816 816
817 817 # Calculate required image size in 512 Byte sectors
818 818 IMAGE_SECTORS=$(expr "${TABLE_SECTORS}" + "${FRMW_SECTORS}" + "${ROOT_SECTORS}")
819 819
820 820 # Prepare image file
821 821 if [ "$ENABLE_SPLITFS" = true ] ; then
822 822 dd if=/dev/zero of="$IMAGE_NAME-frmw.img" bs=512 count="${TABLE_SECTORS}"
823 823 dd if=/dev/zero of="$IMAGE_NAME-frmw.img" bs=512 count=0 seek="${FRMW_SECTORS}"
824 824 dd if=/dev/zero of="$IMAGE_NAME-root.img" bs=512 count="${TABLE_SECTORS}"
825 825 dd if=/dev/zero of="$IMAGE_NAME-root.img" bs=512 count=0 seek="${ROOT_SECTORS}"
826 826
827 827 ## Write firmware/boot partition tables
828 828 sfdisk -q -L -uS -f "$IMAGE_NAME-frmw.img" 2> /dev/null <<EOM
829 829 ${TABLE_SECTORS},${FRMW_SECTORS},c,*
830 830 EOM
831 831
832 832 ## Write root partition table
833 833 sfdisk -q -L -uS -f "$IMAGE_NAME-root.img" 2> /dev/null <<EOM
834 834 ${TABLE_SECTORS},${ROOT_SECTORS},83
835 835 EOM
836 836
837 837 # Setup temporary loop devices
838 838 FRMW_LOOP="$(losetup -o 1M --sizelimit 128M -f --show "$IMAGE_NAME"-frmw.img)"
839 839 ROOT_LOOP="$(losetup -o 1M -f --show "$IMAGE_NAME"-root.img)"
840 840 # ENABLE_SPLITFS=false
841 841 else
842 842 dd if=/dev/zero of="$IMAGE_NAME.img" bs=512 count="${TABLE_SECTORS}"
843 843 dd if=/dev/zero of="$IMAGE_NAME.img" bs=512 count=0 seek="${IMAGE_SECTORS}"
844 844
845 845 # Write partition table
846 846 sfdisk -q -L -uS -f "$IMAGE_NAME.img" 2> /dev/null <<EOM
847 847 ${TABLE_SECTORS},${FRMW_SECTORS},c,*
848 848 ${ROOT_OFFSET},${ROOT_SECTORS},83
849 849 EOM
850 850
851 851 # Setup temporary loop devices
852 852 FRMW_LOOP="$(losetup -o 1M --sizelimit 128M -f --show "$IMAGE_NAME".img)"
853 853 ROOT_LOOP="$(losetup -o 129M -f --show "$IMAGE_NAME".img)"
854 854 fi
855 855
856 856 if [ "$ENABLE_CRYPTFS" = true ] ; then
857 857 # Create dummy ext4 fs
858 858 mkfs.ext4 "$ROOT_LOOP"
859 859
860 860 # Setup password keyfile
861 861 touch .password
862 862 chmod 600 .password
863 863 echo -n ${CRYPTFS_PASSWORD} > .password
864 864
865 865 # Initialize encrypted partition
866 866 cryptsetup --verbose --debug -q luksFormat "${ROOT_LOOP}" -c "${CRYPTFS_CIPHER}" -h "${CRYPTFS_HASH}" -s "${CRYPTFS_XTSKEYSIZE}" .password
867 867
868 868 # Open encrypted partition and setup mapping
869 869 cryptsetup luksOpen "${ROOT_LOOP}" -d .password "${CRYPTFS_MAPPING}"
870 870
871 871 # Secure delete password keyfile
872 872 shred -zu .password
873 873
874 874 # Update temporary loop device
875 875 ROOT_LOOP="/dev/mapper/${CRYPTFS_MAPPING}"
876 876
877 877 # Wipe encrypted partition (encryption cipher is used for randomness)
878 878 dd if=/dev/zero of="${ROOT_LOOP}" bs=512 count="$(blockdev --getsz "${ROOT_LOOP}")"
879 879 fi
880 880
881 881 # Build filesystems
882 882 mkfs.vfat "$FRMW_LOOP"
883 883 mkfs.ext4 "$ROOT_LOOP"
884 884
885 885 # Mount the temporary loop devices
886 886 mkdir -p "$BUILDDIR/mount"
887 887 mount "$ROOT_LOOP" "$BUILDDIR/mount"
888 888
889 889 mkdir -p "$BUILDDIR/mount/boot/firmware"
890 890 mount "$FRMW_LOOP" "$BUILDDIR/mount/boot/firmware"
891 891
892 892 # Copy all files from the chroot to the loop device mount point directory
893 893 rsync -a "${R}/" "$BUILDDIR/mount/"
894 894
895 895 # Unmount all temporary loop devices and mount points
896 896 cleanup
897 897
898 898 # Create block map file(s) of image(s)
899 899 if [ "$ENABLE_SPLITFS" = true ] ; then
900 900 # Create block map files for "bmaptool"
901 901 bmaptool create -o "$IMAGE_NAME-frmw.bmap" "$IMAGE_NAME-frmw.img"
902 902 bmaptool create -o "$IMAGE_NAME-root.bmap" "$IMAGE_NAME-root.img"
903 903
904 904 # Image was successfully created
905 905 echo "$IMAGE_NAME-frmw.img ($(expr \( "${TABLE_SECTORS}" + "${FRMW_SECTORS}" \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
906 906 echo "$IMAGE_NAME-root.img ($(expr \( "${TABLE_SECTORS}" + "${ROOT_SECTORS}" \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
907 907 else
908 908 # Create block map file for "bmaptool"
909 909 bmaptool create -o "$IMAGE_NAME.bmap" "$IMAGE_NAME.img"
910 910
911 911 # Image was successfully created
912 912 echo "$IMAGE_NAME.img ($(expr \( "${TABLE_SECTORS}" + "${FRMW_SECTORS}" + "${ROOT_SECTORS}" \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
913 913
914 914 # Create qemu qcow2 image
915 915 if [ "$ENABLE_QEMU" = true ] ; then
916 916 QEMU_IMAGE=${QEMU_IMAGE:=${BASEDIR}/qemu/${DATE}-${KERNEL_ARCH}-CURRENT-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}}
917 917 QEMU_SIZE=16G
918 918
919 919 qemu-img convert -f raw -O qcow2 "$IMAGE_NAME".img "$QEMU_IMAGE".qcow2
920 920 qemu-img resize "$QEMU_IMAGE".qcow2 $QEMU_SIZE
921 921
922 922 echo "$QEMU_IMAGE.qcow2 ($QEMU_SIZE)" ": successfully created"
923 923 fi
924 924 fi
Show file before | Show file after | Hide comments
1 NO CONTENT: file was removed
General Comments 0
Vous devez vous connecter pour laisser un commentaire. Se connecter maintenant