@@ -0,0 +1,1 | |||
|
1 | spoof warn |
@@ -1,29 +1,29 | |||
|
1 | 1 | # |
|
2 | 2 | # Setup APT repositories |
|
3 | 3 | # |
|
4 | 4 | |
|
5 | 5 | # Load utility functions |
|
6 | 6 | . ./functions.sh |
|
7 | 7 | |
|
8 | 8 | # Use proxy inside chroot |
|
9 | 9 | if [ -z "$APT_PROXY" ] ; then |
|
10 | 10 | install_readonly files/apt/10proxy $R/etc/apt/apt.conf.d/10proxy |
|
11 |
sed -i |
|
|
11 | sed -i "s/\"\"/\"${APT_PROXY}\"/" $R/etc/apt/apt.conf.d/10proxy | |
|
12 | 12 | fi |
|
13 | 13 | |
|
14 | 14 | # Pin package flash-kernel to repositories.collabora.co.uk |
|
15 | 15 | install_readonly files/apt/flash-kernel $R/etc/apt/preferences.d/flash-kernel |
|
16 | 16 | |
|
17 | 17 | # Upgrade collabora package index and install collabora keyring |
|
18 | 18 | echo "deb https://repositories.collabora.co.uk/debian ${RELEASE} rpi2" >$R/etc/apt/sources.list |
|
19 | 19 | chroot_exec apt-get -qq -y update |
|
20 | 20 | chroot_exec apt-get -qq -y --force-yes install collabora-obs-archive-keyring |
|
21 | 21 | |
|
22 | 22 | # Set up initial sources.list |
|
23 | 23 | install_readonly files/apt/sources.list $R/etc/apt/sources.list |
|
24 |
sed -i |
|
|
25 |
sed -i |
|
|
24 | sed -i "s/\/ftp.debian.org\//\/${APT_SERVER}\//" $R/etc/apt/sources.list | |
|
25 | sed -i "s/ jessie/ ${RELEASE}/" $R/etc/apt/sources.list | |
|
26 | 26 | |
|
27 | 27 | # Upgrade package index and update all installed packages and changed dependencies |
|
28 | 28 | chroot_exec apt-get -qq -y update |
|
29 | 29 | chroot_exec apt-get -qq -y -u dist-upgrade |
@@ -1,58 +1,58 | |||
|
1 | 1 | # |
|
2 | 2 | # Setup Locales and keyboard settings |
|
3 | 3 | # |
|
4 | 4 | |
|
5 | 5 | # Load utility functions |
|
6 | 6 | . ./functions.sh |
|
7 | 7 | |
|
8 | 8 | # Set up timezone |
|
9 | 9 | echo ${TIMEZONE} >$R/etc/timezone |
|
10 | 10 | chroot_exec dpkg-reconfigure -f noninteractive tzdata |
|
11 | 11 | |
|
12 | 12 | # Set up default locale and keyboard configuration |
|
13 | 13 | if [ "$ENABLE_MINBASE" = false ] ; then |
|
14 | 14 | # Set locale choice in debconf db, even though dpkg-reconfigure ignores and overwrites them due to some bug |
|
15 | 15 | # https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=684134 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=685957 |
|
16 | 16 | # ... so we have to set locales manually |
|
17 | 17 | if [ "$DEFLOCAL" = "en_US.UTF-8" ] ; then |
|
18 | 18 | chroot_exec echo "locales locales/locales_to_be_generated multiselect ${DEFLOCAL} UTF-8" | debconf-set-selections |
|
19 | 19 | else |
|
20 | 20 | # en_US.UTF-8 should be available anyway : https://www.debian.org/doc/manuals/debian-reference/ch08.en.html#_the_reconfiguration_of_the_locale |
|
21 | 21 | chroot_exec echo "locales locales/locales_to_be_generated multiselect en_US.UTF-8 UTF-8, ${DEFLOCAL} UTF-8" | debconf-set-selections |
|
22 |
|
|
|
22 | sed -i "/en_US.UTF-8/s/^#//" $R/etc/locale.gen | |
|
23 | 23 | fi |
|
24 | 24 | |
|
25 |
|
|
|
25 | sed -i "/${DEFLOCAL}/s/^#//" $R/etc/locale.gen | |
|
26 | 26 | chroot_exec echo "locales locales/default_environment_locale select ${DEFLOCAL}" | debconf-set-selections |
|
27 | 27 | chroot_exec locale-gen |
|
28 | 28 | chroot_exec update-locale LANG=${DEFLOCAL} |
|
29 | 29 | |
|
30 | 30 | # Keyboard configuration, if requested |
|
31 | 31 | if [ "$XKB_MODEL" != "" ] ; then |
|
32 |
|
|
|
32 | sed -i "s/^XKBMODEL.*/XKBMODEL=\"${XKB_MODEL}\"/" $R/etc/default/keyboard | |
|
33 | 33 | fi |
|
34 | 34 | if [ "$XKB_LAYOUT" != "" ] ; then |
|
35 |
|
|
|
35 | sed -i "s/^XKBLAYOUT.*/XKBLAYOUT=\"${XKB_LAYOUT}\"/" $R/etc/default/keyboard | |
|
36 | 36 | fi |
|
37 | 37 | if [ "$XKB_VARIANT" != "" ] ; then |
|
38 |
|
|
|
38 | sed -i "s/^XKBVARIANT.*/XKBVARIANT=\"${XKB_VARIANT}\"/" $R/etc/default/keyboard | |
|
39 | 39 | fi |
|
40 | 40 | if [ "$XKB_OPTIONS" != "" ] ; then |
|
41 |
|
|
|
41 | sed -i "s/^XKBOPTIONS.*/XKBOPTIONS=\"${XKB_OPTIONS}\"/" $R/etc/default/keyboard | |
|
42 | 42 | fi |
|
43 | 43 | chroot_exec dpkg-reconfigure -f noninteractive keyboard-configuration |
|
44 | 44 | |
|
45 | 45 | # Set up font console |
|
46 | 46 | case "${DEFLOCAL}" in |
|
47 | 47 | *UTF-8) |
|
48 |
|
|
|
48 | sed -i 's/^CHARMAP.*/CHARMAP="UTF-8"/' $R/etc/default/console-setup | |
|
49 | 49 | ;; |
|
50 | 50 | *) |
|
51 |
|
|
|
51 | sed -i 's/^CHARMAP.*/CHARMAP="guess"/' $R/etc/default/console-setup | |
|
52 | 52 | ;; |
|
53 | 53 | esac |
|
54 | 54 | chroot_exec dpkg-reconfigure -f noninteractive console-setup |
|
55 | else | |
|
55 | else # ENABLE_MINBASE=true | |
|
56 | 56 | # Set POSIX default locales |
|
57 | 57 | install_readonly files/locales/locale $R/etc/default/locale |
|
58 | 58 | fi |
@@ -1,122 +1,122 | |||
|
1 | 1 | # |
|
2 | 2 | # Build and Setup RPi2 Kernel |
|
3 | 3 | # |
|
4 | 4 | |
|
5 | 5 | # Load utility functions |
|
6 | 6 | . ./functions.sh |
|
7 | 7 | |
|
8 | 8 | # Fetch and build latest raspberry kernel |
|
9 | 9 | if [ "$BUILD_KERNEL" = true ] ; then |
|
10 | 10 | # Fetch current raspberrypi kernel sources |
|
11 | 11 | git -C $R/usr/src clone --depth=1 https://github.com/raspberrypi/linux |
|
12 | 12 | |
|
13 | 13 | # Load default raspberry kernel configuration |
|
14 | 14 | make -C $R/usr/src/linux ARCH=arm CROSS_COMPILE=arm-linux-gnueabihf- bcm2709_defconfig |
|
15 | 15 | |
|
16 | 16 | # Calculate optimal number of kernel building threads |
|
17 | 17 | if [ "KERNEL_THREADS" = 1 ] ; then |
|
18 | 18 | if [ -f /proc/cpuinfo ] ; then |
|
19 | 19 | KERNEL_THREADS=$(grep -c processor /proc/cpuinfo) |
|
20 | 20 | fi |
|
21 | 21 | fi |
|
22 | 22 | |
|
23 | 23 | # Cross compile kernel and modules |
|
24 | 24 | make -C $R/usr/src/linux -j${KERNEL_THREADS} ARCH=arm CROSS_COMPILE=arm-linux-gnueabihf- zImage modules dtbs |
|
25 | 25 | |
|
26 | 26 | # Install kernel modules |
|
27 | 27 | make -C $R/usr/src/linux ARCH=arm CROSS_COMPILE=arm-linux-gnueabihf- INSTALL_MOD_PATH=../../.. modules_install |
|
28 | 28 | |
|
29 | 29 | # Install kernel headers |
|
30 | 30 | if [ "$KERNEL_HEADERS" = true ]; then |
|
31 | 31 | make -C $R/usr/src/linux ARCH=arm CROSS_COMPILE=arm-linux-gnueabihf- INSTALL_HDR_PATH=../.. headers_install |
|
32 | 32 | fi |
|
33 | 33 | |
|
34 | 34 | # Copy and rename compiled kernel to boot directory |
|
35 | 35 | mkdir $R/boot/firmware/ |
|
36 | 36 | $R/usr/src/linux/scripts/mkknlimg $R/usr/src/linux/arch/arm/boot/zImage $R/boot/firmware/kernel7.img |
|
37 | 37 | |
|
38 | 38 | # Copy dts and dtb device definitions |
|
39 | 39 | mkdir $R/boot/firmware/overlays/ |
|
40 | 40 | cp $R/usr/src/linux/arch/arm/boot/dts/*.dtb $R/boot/firmware/ |
|
41 | 41 | cp $R/usr/src/linux/arch/arm/boot/dts/overlays/*.dtb* $R/boot/firmware/overlays/ |
|
42 | 42 | cp $R/usr/src/linux/arch/arm/boot/dts/overlays/README $R/boot/firmware/overlays/ |
|
43 | 43 | |
|
44 | 44 | # Remove kernel sources |
|
45 | 45 | if [ "$KERNEL_RMSRC" = true ]; then |
|
46 | 46 | rm -fr $R/usr/src/linux |
|
47 | 47 | fi |
|
48 | 48 | |
|
49 | 49 | # Install raspberry bootloader and flash-kernel |
|
50 | 50 | chroot_exec apt-get -qq -y --no-install-recommends install raspberrypi-bootloader-nokernel |
|
51 | else | |
|
51 | else # BUILD_KERNEL=false | |
|
52 | 52 | # Kernel installation |
|
53 | 53 | chroot_exec apt-get -qq -y --no-install-recommends install linux-image-${COLLABORA_KERNEL} raspberrypi-bootloader-nokernel |
|
54 | 54 | |
|
55 | 55 | # Install flash-kernel last so it doesn't try (and fail) to detect the platform in the chroot |
|
56 | 56 | chroot_exec apt-get -qq -y install flash-kernel |
|
57 | 57 | |
|
58 | 58 | VMLINUZ="$(ls -1 $R/boot/vmlinuz-* | sort | tail -n 1)" |
|
59 | 59 | [ -z "$VMLINUZ" ] && exit 1 |
|
60 | 60 | cp $VMLINUZ $R/boot/firmware/kernel7.img |
|
61 | 61 | fi |
|
62 | 62 | |
|
63 | 63 | # Set up firmware boot cmdline |
|
64 | 64 | if [ "$ENABLE_SPLITFS" = true ] ; then |
|
65 | 65 | CMDLINE="dwc_otg.lpm_enable=0 root=/dev/sda1 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline rootwait net.ifnames=1 console=tty1 ${CMDLINE}" |
|
66 | 66 | else |
|
67 | 67 | CMDLINE="dwc_otg.lpm_enable=0 root=/dev/mmcblk0p2 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline rootwait net.ifnames=1 console=tty1 ${CMDLINE}" |
|
68 | 68 | fi |
|
69 | 69 | |
|
70 | 70 | # Set up serial console support (if requested) |
|
71 | 71 | if [ "$ENABLE_CONSOLE" = true ] ; then |
|
72 | 72 | CMDLINE="${CMDLINE} console=ttyAMA0,115200 kgdboc=ttyAMA0,115200" |
|
73 | 73 | fi |
|
74 | 74 | |
|
75 | 75 | # Set up IPv6 networking support |
|
76 | 76 | if [ "$ENABLE_IPV6" = false ] ; then |
|
77 | 77 | CMDLINE="${CMDLINE} ipv6.disable=1" |
|
78 | 78 | fi |
|
79 | 79 | |
|
80 | 80 | echo "${CMDLINE}" >$R/boot/firmware/cmdline.txt |
|
81 | 81 | |
|
82 | 82 | # Set up firmware config |
|
83 | 83 | install_readonly files/boot/config.txt $R/boot/firmware/config.txt |
|
84 | 84 | |
|
85 | 85 | # Load snd_bcm2835 kernel module at boot time |
|
86 | 86 | if [ "$ENABLE_SOUND" = true ] ; then |
|
87 | 87 | echo "snd_bcm2835" >>$R/etc/modules |
|
88 | 88 | fi |
|
89 | 89 | |
|
90 | 90 | # Set smallest possible GPU memory allocation size: 16MB (no X) |
|
91 | 91 | if [ "$ENABLE_MINGPU" = true ] ; then |
|
92 | 92 | echo "gpu_mem=16" >>$R/boot/firmware/config.txt |
|
93 | 93 | fi |
|
94 | 94 | |
|
95 | 95 | # Create symlinks |
|
96 | 96 | ln -sf firmware/config.txt $R/boot/config.txt |
|
97 | 97 | ln -sf firmware/cmdline.txt $R/boot/cmdline.txt |
|
98 | 98 | |
|
99 | 99 | # Prepare modules-load.d directory |
|
100 | 100 | mkdir -p $R/lib/modules-load.d/ |
|
101 | 101 | |
|
102 | 102 | # Load random module on boot |
|
103 | 103 | if [ "$ENABLE_HWRANDOM" = true ] ; then |
|
104 | 104 | cat <<EOM >$R/lib/modules-load.d/rpi2.conf |
|
105 | 105 | bcm2708_rng |
|
106 | 106 | EOM |
|
107 | 107 | fi |
|
108 | 108 | |
|
109 | 109 | # Prepare modprobe.d directory |
|
110 | 110 | mkdir -p $R/etc/modprobe.d/ |
|
111 | 111 | |
|
112 | 112 | # Blacklist sound modules |
|
113 | 113 | install_readonly files/modprobe.d/raspi-blacklist.conf $R/etc/modprobe.d/raspi-blacklist.conf |
|
114 | 114 | |
|
115 | 115 | # Create default fstab |
|
116 | 116 | install_readonly files/mount/fstab $R/etc/fstab |
|
117 | 117 | if [ "$ENABLE_SPLITFS" = true ] ; then |
|
118 | 118 | sed -i 's/mmcblk0p2/sda1/' $R/etc/fstab |
|
119 | 119 | fi |
|
120 | 120 | |
|
121 | 121 | # Avoid swapping and increase cache sizes |
|
122 | 122 | install_readonly files/sysctl.d/81-rpi-vm.conf $R/etc/sysctl.d/81-rpi-vm.conf |
@@ -1,69 +1,68 | |||
|
1 | 1 | # |
|
2 | 2 | # Setup Networking |
|
3 | 3 | # |
|
4 | 4 | |
|
5 | 5 | # Load utility functions |
|
6 | 6 | . ./functions.sh |
|
7 | 7 | |
|
8 | 8 | # Set up IPv4 hosts |
|
9 | 9 | install_readonly files/network/hostname $R/etc/hostname |
|
10 |
sed -i |
|
|
10 | sed -i "s/^rpi2-jessie/${HOSTNAME}/" $R/etc/hostname | |
|
11 | 11 | |
|
12 | 12 | install_readonly files/network/hosts $R/etc/hosts |
|
13 |
sed -i |
|
|
13 | sed -i "s/rpi2-jessie/${HOSTNAME}/" $R/etc/hosts | |
|
14 | 14 | |
|
15 | 15 | if [ "$NET_ADDRESS" != "" ] ; then |
|
16 | 16 | NET_IP=$(echo ${NET_ADDRESS} | cut -f 1 -d'/') |
|
17 | 17 | sed -i "s/^127.0.1.1/${NET_IP}/" $R/etc/hosts |
|
18 | 18 | fi |
|
19 | 19 | |
|
20 | 20 | # Set up IPv6 hosts |
|
21 | 21 | if [ "$ENABLE_IPV6" = true ] ; then |
|
22 | 22 | cat <<EOM >>$R/etc/hosts |
|
23 | 23 | |
|
24 | 24 | ::1 localhost ip6-localhost ip6-loopback |
|
25 | 25 | ff02::1 ip6-allnodes |
|
26 | 26 | ff02::2 ip6-allrouters |
|
27 | 27 | EOM |
|
28 | 28 | fi |
|
29 | 29 | |
|
30 | 30 | # Place hint about network configuration |
|
31 | 31 | install_readonly files/network/interfaces $R/etc/network/interfaces |
|
32 | 32 | |
|
33 | 33 | if [ "$ENABLE_DHCP" = true ] ; then |
|
34 | # Enable systemd-networkd DHCP configuration for interface eth0 | |
|
35 | install_readonly files/network/eth.network $R/etc/systemd/network/eth.network | |
|
34 | # Enable systemd-networkd DHCP configuration for interface eth0 | |
|
35 | install_readonly files/network/eth.network $R/etc/systemd/network/eth.network | |
|
36 | 36 | |
|
37 | # Set DHCP configuration to IPv4 only | |
|
37 | # Set DHCP configuration to IPv4 only | |
|
38 | 38 | if [ "$ENABLE_IPV6" = false ] ; then |
|
39 | 39 | sed -i "s/^DHCP=yes/DHCP=v4/" $R/etc/systemd/network/eth.network |
|
40 | 40 | fi |
|
41 | ||
|
41 | 42 | else # ENABLE_DHCP=false |
|
42 | 43 | cat <<EOM >$R/etc/systemd/network/eth.network |
|
43 | 44 | [Match] |
|
44 | 45 | Name=eth0 |
|
45 | 46 | |
|
46 | 47 | [Network] |
|
47 | 48 | DHCP=no |
|
48 | 49 | Address=${NET_ADDRESS} |
|
49 | 50 | Gateway=${NET_GATEWAY} |
|
50 | 51 | DNS=${NET_DNS_1} |
|
51 | 52 | DNS=${NET_DNS_2} |
|
52 | 53 | Domains=${NET_DNS_DOMAINS} |
|
53 | 54 | NTP=${NET_NTP_1} |
|
54 | 55 | NTP=${NET_NTP_2} |
|
55 | 56 | EOM |
|
56 | 57 | fi |
|
57 | 58 | |
|
58 | 59 | # Enable systemd-networkd service |
|
59 | 60 | chroot_exec systemctl enable systemd-networkd |
|
60 | 61 | |
|
61 | 62 | # Enable network stack hardening |
|
62 | 63 | if [ "$ENABLE_HARDNET" = true ] ; then |
|
63 | 64 | install_readonly files/sysctl.d/82-rpi-net-hardening.conf $R/etc/sysctl.d/82-rpi-net-hardening.conf |
|
64 | 65 | |
|
65 | # Enable resolver warnings about spoofed addresses | |
|
66 | cat <<EOM >>$R/etc/host.conf | |
|
67 | spoof warn | |
|
68 | EOM | |
|
66 | # Enable resolver warnings about spoofed addresses | |
|
67 | install_readonly files/network/host.conf $R/etc/host.conf | |
|
69 | 68 | fi |
@@ -1,44 +1,44 | |||
|
1 | 1 | # |
|
2 | 2 | # Setup Firewall |
|
3 | 3 | # |
|
4 | 4 | |
|
5 | 5 | # Load utility functions |
|
6 | 6 | . ./functions.sh |
|
7 | 7 | |
|
8 | 8 | if [ "$ENABLE_IPTABLES" = true ] ; then |
|
9 | 9 | # Create iptables configuration directory |
|
10 | 10 | mkdir -p "$R/etc/iptables" |
|
11 | 11 | |
|
12 | 12 | # Create iptables systemd service |
|
13 | 13 | install_readonly files/iptables/iptables.service $R/etc/systemd/system/iptables.service |
|
14 | 14 | |
|
15 | 15 | # Create flush-table script called by iptables service |
|
16 | 16 | install_exec files/iptables/flush-iptables.sh $R/etc/iptables/flush-iptables.sh |
|
17 | 17 | |
|
18 | 18 | # Create iptables rule file |
|
19 | 19 | install_readonly files/iptables/iptables.rules $R/etc/iptables/iptables.rules |
|
20 | 20 | |
|
21 | 21 | # Reload systemd configuration and enable iptables service |
|
22 | 22 | chroot_exec systemctl daemon-reload |
|
23 | 23 | chroot_exec systemctl enable iptables.service |
|
24 | 24 | |
|
25 | 25 | if [ "$ENABLE_IPV6" = true ] ; then |
|
26 | 26 | # Create ip6tables systemd service |
|
27 | 27 | install_readonly files/iptables/ip6tables.service $R/etc/systemd/system/ip6tables.service |
|
28 | 28 | |
|
29 | 29 | # Create ip6tables file |
|
30 | 30 | install_exec files/iptables/flush-ip6tables.sh $R/etc/iptables/flush-ip6tables.sh |
|
31 | 31 | |
|
32 | 32 | install_readonly files/iptables/ip6tables.rules $R/etc/iptables/ip6tables.rules |
|
33 | 33 | |
|
34 | 34 | # Reload systemd configuration and enable iptables service |
|
35 | 35 | chroot_exec systemctl daemon-reload |
|
36 | 36 | chroot_exec systemctl enable ip6tables.service |
|
37 | 37 | fi |
|
38 | 38 | fi |
|
39 | 39 | |
|
40 | # Remove SSHD related iptables rules | |
|
41 | 40 | if [ "$ENABLE_SSHD" = false ] ; then |
|
42 | sed -e '/^#/! {/SSH/ s/^/# /}' -i $R/etc/iptables/iptables.rules 2> /dev/null | |
|
43 |
sed |
|
|
41 | # Remove SSHD related iptables rules | |
|
42 | sed -i "/^#/! {/SSH/ s/^/# /}" $R/etc/iptables/iptables.rules 2> /dev/null | |
|
43 | sed -i "/^#/! {/SSH/ s/^/# /}" $R/etc/iptables/ip6tables.rules 2> /dev/null | |
|
44 | 44 | fi |
@@ -1,31 +1,32 | |||
|
1 | 1 | # |
|
2 | 2 | # Setup users and security settings |
|
3 | 3 | # |
|
4 | 4 | |
|
5 | 5 | # Load utility functions |
|
6 | 6 | . ./functions.sh |
|
7 | 7 | |
|
8 | 8 | # Generate crypt(3) password string |
|
9 | 9 | ENCRYPTED_PASSWORD=`mkpasswd -m sha-512 ${PASSWORD}` |
|
10 | 10 | |
|
11 | 11 | # Set up default user |
|
12 | 12 | if [ "$ENABLE_USER" = true ] ; then |
|
13 | 13 | chroot_exec adduser --gecos pi --add_extra_groups --disabled-password pi |
|
14 | 14 | chroot_exec usermod -a -G sudo -p "${ENCRYPTED_PASSWORD}" pi |
|
15 | 15 | fi |
|
16 | 16 | |
|
17 | 17 | # Set up root password or not |
|
18 | 18 | if [ "$ENABLE_ROOT" = true ]; then |
|
19 | 19 | chroot_exec usermod -p "${ENCRYPTED_PASSWORD}" root |
|
20 | 20 | |
|
21 | 21 | if [ "$ENABLE_ROOT_SSH" = true ]; then |
|
22 |
sed -i |
|
|
22 | sed -i "s|[#]*PermitRootLogin.*|PermitRootLogin yes|g" $R/etc/ssh/sshd_config | |
|
23 | 23 | fi |
|
24 | 24 | else |
|
25 | # Set no root password to disable root login | |
|
25 | 26 | chroot_exec usermod -p \'!\' root |
|
26 | 27 | fi |
|
27 | 28 | |
|
28 | 29 | # Enable serial console systemd style |
|
29 | 30 | if [ "$ENABLE_CONSOLE" = true ] ; then |
|
30 | 31 | chroot_exec systemctl enable serial-getty\@ttyAMA0.service |
|
31 | 32 | fi |
@@ -1,13 +1,13 | |||
|
1 | 1 | # |
|
2 | 2 | # Setup Logging |
|
3 | 3 | # |
|
4 | 4 | |
|
5 | 5 | # Load utility functions |
|
6 | 6 | . ./functions.sh |
|
7 | 7 | |
|
8 | 8 | # Disable rsyslog |
|
9 | 9 | if [ "$ENABLE_RSYSLOG" = false ]; then |
|
10 |
sed -i |
|
|
10 | sed -i "s|[#]*ForwardToSyslog=yes|ForwardToSyslog=no|g" $R/etc/systemd/journald.conf | |
|
11 | 11 | chroot_exec systemctl disable rsyslog |
|
12 | 12 | chroot_exec apt-get purge -q -y --force-yes rsyslog |
|
13 | 13 | fi |
@@ -1,352 +1,353 | |||
|
1 | 1 | #!/bin/sh |
|
2 | 2 | |
|
3 | 3 | ######################################################################## |
|
4 | 4 | # rpi2-gen-image.sh ver2a 12/2015 |
|
5 | 5 | # |
|
6 | 6 | # Advanced debian "jessie" bootstrap script for RPi2 |
|
7 | 7 | # |
|
8 | 8 | # This program is free software; you can redistribute it and/or |
|
9 | 9 | # modify it under the terms of the GNU General Public License |
|
10 | 10 | # as published by the Free Software Foundation; either version 2 |
|
11 | 11 | # of the License, or (at your option) any later version. |
|
12 | 12 | # |
|
13 | 13 | # some parts based on rpi2-build-image: |
|
14 | 14 | # Copyright (C) 2015 Ryan Finnie <ryan@finnie.org> |
|
15 | 15 | # Copyright (C) 2015 Luca Falavigna <dktrkranz@debian.org> |
|
16 | 16 | ######################################################################## |
|
17 | 17 | |
|
18 | 18 | # Load utility functions |
|
19 | 19 | . ./functions.sh |
|
20 | 20 | |
|
21 | # Introduce settings | |
|
21 | 22 | set -e |
|
22 | 23 | echo -n -e "\n#\n# RPi2 Bootstrap Settings\n#\n" |
|
23 | 24 | set -x |
|
24 | 25 | |
|
25 | 26 | # Debian release |
|
26 | 27 | RELEASE=${RELEASE:=jessie} |
|
27 | 28 | COLLABORA_KERNEL=${COLLABORA_KERNEL:=3.18.0-trunk-rpi2} |
|
28 | 29 | |
|
29 | 30 | # Build settings |
|
30 | 31 | BASEDIR=$(pwd)/images/${RELEASE} |
|
31 | 32 | BUILDDIR=${BASEDIR}/build |
|
32 | 33 | |
|
33 | 34 | # General settings |
|
34 | 35 | HOSTNAME=${HOSTNAME:=rpi2-${RELEASE}} |
|
35 | 36 | PASSWORD=${PASSWORD:=raspberry} |
|
36 | 37 | DEFLOCAL=${DEFLOCAL:="en_US.UTF-8"} |
|
37 | 38 | TIMEZONE=${TIMEZONE:="Europe/Berlin"} |
|
38 | 39 | EXPANDROOT=${EXPANDROOT:=true} |
|
39 | 40 | |
|
40 | 41 | # Keyboard settings |
|
41 | 42 | XKB_MODEL=${XKB_MODEL:=""} |
|
42 | 43 | XKB_LAYOUT=${XKB_LAYOUT:=""} |
|
43 | 44 | XKB_VARIANT=${XKB_VARIANT:=""} |
|
44 | 45 | XKB_OPTIONS=${XKB_OPTIONS:=""} |
|
45 | 46 | |
|
46 | 47 | # Network settings (DHCP) |
|
47 | 48 | ENABLE_DHCP=${ENABLE_DHCP:=true} |
|
48 | 49 | |
|
49 | 50 | # Network settings (static) |
|
50 | 51 | # only used on ENABLE_DHCP=false |
|
51 | 52 | NET_ADDRESS=${NET_ADDRESS:=""} |
|
52 | 53 | NET_GATEWAY=${NET_GATEWAY:=""} |
|
53 | 54 | NET_DNS_1=${NET_DNS_1:=""} |
|
54 | 55 | NET_DNS_2=${NET_DNS_2:=""} |
|
55 | 56 | NET_DNS_DOMAINS=${NET_DNS_DOMAINS:=""} |
|
56 | 57 | NET_NTP_1=${NET_NTP_1:=""} |
|
57 | 58 | NET_NTP_2=${NET_NTP_2:=""} |
|
58 | 59 | |
|
59 | 60 | # APT settings |
|
60 | 61 | APT_PROXY=${APT_PROXY:=""} |
|
61 | 62 | APT_SERVER=${APT_SERVER:="ftp.debian.org"} |
|
62 | 63 | |
|
63 | 64 | # Feature settings |
|
64 | 65 | ENABLE_CONSOLE=${ENABLE_CONSOLE:=true} |
|
65 | 66 | ENABLE_IPV6=${ENABLE_IPV6:=true} |
|
66 | 67 | ENABLE_SSHD=${ENABLE_SSHD:=true} |
|
67 | 68 | ENABLE_SOUND=${ENABLE_SOUND:=true} |
|
68 | 69 | ENABLE_DBUS=${ENABLE_DBUS:=true} |
|
69 | 70 | ENABLE_HWRANDOM=${ENABLE_HWRANDOM:=true} |
|
70 | 71 | ENABLE_MINGPU=${ENABLE_MINGPU:=false} |
|
71 | 72 | ENABLE_XORG=${ENABLE_XORG:=false} |
|
72 | 73 | ENABLE_WM=${ENABLE_WM:=""} |
|
73 | 74 | ENABLE_RSYSLOG=${ENABLE_RSYSLOG:=true} |
|
74 | 75 | ENABLE_USER=${ENABLE_USER:=true} |
|
75 | 76 | ENABLE_ROOT=${ENABLE_ROOT:=false} |
|
76 | 77 | ENABLE_ROOT_SSH=${ENABLE_ROOT_SSH:=false} |
|
77 | 78 | |
|
78 | 79 | # Advanced settings |
|
79 | 80 | ENABLE_MINBASE=${ENABLE_MINBASE:=false} |
|
80 | 81 | ENABLE_UBOOT=${ENABLE_UBOOT:=false} |
|
81 | 82 | ENABLE_FBTURBO=${ENABLE_FBTURBO:=false} |
|
82 | 83 | ENABLE_HARDNET=${ENABLE_HARDNET:=false} |
|
83 | 84 | ENABLE_IPTABLES=${ENABLE_IPTABLES:=false} |
|
84 | 85 | ENABLE_SPLITFS=${ENABLE_SPLITFS:=false} |
|
85 | 86 | |
|
86 | 87 | # Kernel compilation settings |
|
87 | 88 | BUILD_KERNEL=${BUILD_KERNEL:=false} |
|
88 | 89 | KERNEL_THREADS=${KERNEL_THREADS:=1} |
|
89 | 90 | KERNEL_HEADERS=${KERNEL_HEADERS:=true} |
|
90 | 91 | KERNEL_RMSRC=${KERNEL_RMSRC:=true} |
|
91 | 92 | |
|
92 | 93 | # Image chroot path |
|
93 | 94 | R=${BUILDDIR}/chroot |
|
94 | 95 | CHROOT_SCRIPTS=${CHROOT_SCRIPTS:=""} |
|
95 | 96 | |
|
96 | 97 | # Packages required for bootstrapping |
|
97 | 98 | REQUIRED_PACKAGES="debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git-core" |
|
98 | 99 | |
|
99 | 100 | # Missing packages that need to be installed |
|
100 | 101 | MISSING_PACKAGES="" |
|
101 | 102 | |
|
102 | 103 | # Packages required in the chroot build environment |
|
103 | 104 | APT_INCLUDES=${APT_INCLUDES:=""} |
|
104 | 105 | APT_INCLUDES="${APT_INCLUDES},apt-transport-https,ca-certificates,debian-archive-keyring,dialog,sudo" |
|
105 | 106 | |
|
106 | 107 | set +x |
|
107 | 108 | |
|
108 | 109 | # Are we running as root? |
|
109 | 110 | if [ "$(id -u)" -ne "0" ] ; then |
|
110 | 111 | echo "this script must be executed with root privileges" |
|
111 | 112 | exit 1 |
|
112 | 113 | fi |
|
113 | 114 | |
|
114 | 115 | # Add packages required for kernel cross compilation |
|
115 | 116 | if [ "$BUILD_KERNEL" = true ] ; then |
|
116 | 117 | REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-armhf" |
|
117 | 118 | fi |
|
118 | 119 | |
|
119 | 120 | # Check if all required packages are installed |
|
120 | 121 | for package in $REQUIRED_PACKAGES ; do |
|
121 | 122 | if [ "`dpkg-query -W -f='${Status}' $package`" != "install ok installed" ] ; then |
|
122 | 123 | MISSING_PACKAGES="$MISSING_PACKAGES $package" |
|
123 | 124 | fi |
|
124 | 125 | done |
|
125 | 126 | |
|
126 | 127 | # Ask if missing packages should get installed right now |
|
127 | 128 | if [ -n "$MISSING_PACKAGES" ] ; then |
|
128 | 129 | echo "the following packages needed by this script are not installed:" |
|
129 | 130 | echo "$MISSING_PACKAGES" |
|
130 | 131 | |
|
131 | 132 | echo -n "\ndo you want to install the missing packages right now? [y/n] " |
|
132 | 133 | read confirm |
|
133 | 134 | if [ "$confirm" != "y" ] ; then |
|
134 | 135 | exit 1 |
|
135 | 136 | fi |
|
136 | 137 | fi |
|
137 | 138 | |
|
138 | 139 | # Make sure all required packages are installed |
|
139 | 140 | apt-get -qq -y install ${REQUIRED_PACKAGES} |
|
140 | 141 | |
|
141 | 142 | # Don't clobber an old build |
|
142 | 143 | if [ -e "$BUILDDIR" ]; then |
|
143 | 144 | echo "directory $BUILDDIR already exists, not proceeding" |
|
144 | 145 | exit 1 |
|
145 | 146 | fi |
|
146 | 147 | |
|
147 | 148 | set -x |
|
148 | 149 | |
|
149 | 150 | # Call "cleanup" function on various signals and errors |
|
150 | 151 | trap cleanup 0 1 2 3 6 |
|
151 | 152 | |
|
152 | 153 | # Set up chroot directory |
|
153 | 154 | mkdir -p $R |
|
154 | 155 | |
|
155 | 156 | # Add required packages for the minbase installation |
|
156 | 157 | if [ "$ENABLE_MINBASE" = true ] ; then |
|
157 | 158 | APT_INCLUDES="${APT_INCLUDES},vim-tiny,netbase,net-tools" |
|
158 | 159 | else |
|
159 | 160 | APT_INCLUDES="${APT_INCLUDES},locales,keyboard-configuration,console-setup" |
|
160 | 161 | fi |
|
161 | 162 | |
|
162 | 163 | # Add parted package, required to get partprobe utility |
|
163 | 164 | if [ "$EXPANDROOT" = true ] ; then |
|
164 | 165 | APT_INCLUDES="${APT_INCLUDES},parted" |
|
165 | 166 | fi |
|
166 | 167 | |
|
167 | 168 | # Add dbus package, recommended if using systemd |
|
168 | 169 | if [ "$ENABLE_DBUS" = true ] ; then |
|
169 | 170 | APT_INCLUDES="${APT_INCLUDES},dbus" |
|
170 | 171 | fi |
|
171 | 172 | |
|
172 | 173 | # Add iptables IPv4/IPv6 package |
|
173 | 174 | if [ "$ENABLE_IPTABLES" = true ] ; then |
|
174 | 175 | APT_INCLUDES="${APT_INCLUDES},iptables" |
|
175 | 176 | fi |
|
176 | 177 | |
|
177 | 178 | # Add openssh server package |
|
178 | 179 | if [ "$ENABLE_SSHD" = true ] ; then |
|
179 | 180 | APT_INCLUDES="${APT_INCLUDES},openssh-server" |
|
180 | 181 | fi |
|
181 | 182 | |
|
182 | 183 | # Add alsa-utils package |
|
183 | 184 | if [ "$ENABLE_SOUND" = true ] ; then |
|
184 | 185 | APT_INCLUDES="${APT_INCLUDES},alsa-utils" |
|
185 | 186 | fi |
|
186 | 187 | |
|
187 | 188 | # Add rng-tools package |
|
188 | 189 | if [ "$ENABLE_HWRANDOM" = true ] ; then |
|
189 | 190 | APT_INCLUDES="${APT_INCLUDES},rng-tools" |
|
190 | 191 | fi |
|
191 | 192 | |
|
192 | 193 | if [ "$ENABLE_USER" = true ]; then |
|
193 | 194 | APT_INCLUDES="${APT_INCLUDES},sudo" |
|
194 | 195 | fi |
|
195 | 196 | |
|
196 | 197 | # Add fbturbo video driver |
|
197 | 198 | if [ "$ENABLE_FBTURBO" = true ] ; then |
|
198 | 199 | # Enable xorg package dependencies |
|
199 | 200 | ENABLE_XORG=true |
|
200 | 201 | fi |
|
201 | 202 | |
|
202 | 203 | # Add user defined window manager package |
|
203 | 204 | if [ -n "$ENABLE_WM" ] ; then |
|
204 | 205 | APT_INCLUDES="${APT_INCLUDES},${ENABLE_WM}" |
|
205 | 206 | |
|
206 | 207 | # Enable xorg package dependencies |
|
207 | 208 | ENABLE_XORG=true |
|
208 | 209 | fi |
|
209 | 210 | |
|
210 | 211 | # Add xorg package |
|
211 | 212 | if [ "$ENABLE_XORG" = true ] ; then |
|
212 | 213 | APT_INCLUDES="${APT_INCLUDES},xorg" |
|
213 | 214 | fi |
|
214 | 215 | |
|
215 | 216 | ## Main bootstrap |
|
216 | 217 | for i in bootstrap.d/*.sh; do |
|
217 | 218 | head -n 3 $i |
|
218 | 219 | . $i |
|
219 | 220 | done |
|
220 | 221 | |
|
221 | 222 | ## Custom bootstrap scripts |
|
222 | 223 | if [ -d "custom.d" ]; then |
|
223 | 224 | for i in custom.d/*.sh; do |
|
224 | 225 | . $i |
|
225 | 226 | done |
|
226 | 227 | fi |
|
227 | 228 | |
|
228 | 229 | # Invoke custom scripts |
|
229 | 230 | if [ -n "${CHROOT_SCRIPTS}" ]; then |
|
230 | 231 | cp -r "${CHROOT_SCRIPTS}" "${R}/chroot_scripts" |
|
231 | 232 | LANG=C chroot $R bash -c 'for SCRIPT in /chroot_scripts/*; do if [ -f $SCRIPT -a -x $SCRIPT ]; then $SCRIPT; fi done;' |
|
232 | 233 | rm -rf "${R}/chroot_scripts" |
|
233 | 234 | fi |
|
234 | 235 | |
|
235 | 236 | ## Cleanup |
|
236 | 237 | chroot_exec apt-get -y clean |
|
237 | 238 | chroot_exec apt-get -y autoclean |
|
238 | 239 | chroot_exec apt-get -y autoremove |
|
239 | 240 | |
|
240 | 241 | # Unmount mounted filesystems |
|
241 | 242 | umount -l $R/proc |
|
242 | 243 | umount -l $R/sys |
|
243 | 244 | |
|
244 | 245 | # Clean up files |
|
245 | 246 | rm -f $R/etc/apt/sources.list.save |
|
246 | 247 | rm -f $R/etc/resolvconf/resolv.conf.d/original |
|
247 | 248 | rm -rf $R/run |
|
248 | 249 | mkdir -p $R/run |
|
249 | 250 | rm -f $R/etc/*- |
|
250 | 251 | rm -f $R/root/.bash_history |
|
251 | 252 | rm -rf $R/tmp/* |
|
252 | 253 | rm -f $R/var/lib/urandom/random-seed |
|
253 | 254 | [ -L $R/var/lib/dbus/machine-id ] || rm -f $R/var/lib/dbus/machine-id |
|
254 | 255 | rm -f $R/etc/machine-id |
|
255 | 256 | rm -fr $R/etc/apt/apt.conf.d/10proxy |
|
256 | 257 | rm -f $R/etc/resolv.conf |
|
257 | 258 | |
|
258 | 259 | # Calculate size of the chroot directory in KB |
|
259 | 260 | CHROOT_SIZE=$(expr `du -s $R | awk '{ print $1 }'`) |
|
260 | 261 | |
|
261 | 262 | # Calculate the amount of needed 512 Byte sectors |
|
262 | 263 | TABLE_SECTORS=$(expr 1 \* 1024 \* 1024 \/ 512) |
|
263 | 264 | FRMW_SECTORS=$(expr 64 \* 1024 \* 1024 \/ 512) |
|
264 | 265 | ROOT_OFFSET=$(expr ${TABLE_SECTORS} + ${FRMW_SECTORS}) |
|
265 | 266 | |
|
266 | 267 | # The root partition is EXT4 |
|
267 | 268 | # This means more space than the actual used space of the chroot is used. |
|
268 | 269 | # As overhead for journaling and reserved blocks 20% are added. |
|
269 | 270 | ROOT_SECTORS=$(expr $(expr ${CHROOT_SIZE} + ${CHROOT_SIZE} \/ 100 \* 20) \* 1024 \/ 512) |
|
270 | 271 | |
|
271 | 272 | # Calculate required image size in 512 Byte sectors |
|
272 | 273 | IMAGE_SECTORS=$(expr ${TABLE_SECTORS} + ${FRMW_SECTORS} + ${ROOT_SECTORS}) |
|
273 | 274 | |
|
274 | 275 | # Prepare date string for image file name |
|
275 | 276 | DATE="$(date +%Y-%m-%d)" |
|
276 | 277 | |
|
277 | 278 | # Prepare image file |
|
278 | 279 | if [ "$ENABLE_SPLITFS" = true ] ; then |
|
279 | 280 | dd if=/dev/zero of="$BASEDIR/${DATE}-debian-${RELEASE}-frmw.img" bs=512 count=${TABLE_SECTORS} |
|
280 | 281 | dd if=/dev/zero of="$BASEDIR/${DATE}-debian-${RELEASE}-frmw.img" bs=512 count=0 seek=${FRMW_SECTORS} |
|
281 | 282 | dd if=/dev/zero of="$BASEDIR/${DATE}-debian-${RELEASE}-root.img" bs=512 count=${TABLE_SECTORS} |
|
282 | 283 | dd if=/dev/zero of="$BASEDIR/${DATE}-debian-${RELEASE}-root.img" bs=512 count=0 seek=${ROOT_SECTORS} |
|
283 | 284 | # Write partition tables |
|
284 | 285 | sfdisk -q -L -f "$BASEDIR/${DATE}-debian-${RELEASE}-frmw.img" <<EOM |
|
285 | 286 | unit: sectors |
|
286 | 287 | |
|
287 | 288 | 1 : start= ${TABLE_SECTORS}, size= ${FRMW_SECTORS}, Id= c, bootable |
|
288 | 289 | 2 : start= 0, size= 0, Id= 0 |
|
289 | 290 | 3 : start= 0, size= 0, Id= 0 |
|
290 | 291 | 4 : start= 0, size= 0, Id= 0 |
|
291 | 292 | EOM |
|
292 | 293 | sfdisk -q -L -f "$BASEDIR/${DATE}-debian-${RELEASE}-root.img" <<EOM |
|
293 | 294 | unit: sectors |
|
294 | 295 | |
|
295 | 296 | 1 : start= ${TABLE_SECTORS}, size= ${ROOT_SECTORS}, Id=83 |
|
296 | 297 | 2 : start= 0, size= 0, Id= 0 |
|
297 | 298 | 3 : start= 0, size= 0, Id= 0 |
|
298 | 299 | 4 : start= 0, size= 0, Id= 0 |
|
299 | 300 | EOM |
|
300 | 301 | # Set up temporary loop devices |
|
301 | 302 | FRMW_LOOP="$(losetup -o 1M --sizelimit 64M -f --show $BASEDIR/${DATE}-debian-${RELEASE}-frmw.img)" |
|
302 | 303 | ROOT_LOOP="$(losetup -o 1M -f --show $BASEDIR/${DATE}-debian-${RELEASE}-root.img)" |
|
303 | 304 | else |
|
304 | 305 | dd if=/dev/zero of="$BASEDIR/${DATE}-debian-${RELEASE}.img" bs=512 count=${TABLE_SECTORS} |
|
305 | 306 | dd if=/dev/zero of="$BASEDIR/${DATE}-debian-${RELEASE}.img" bs=512 count=0 seek=${IMAGE_SECTORS} |
|
306 | 307 | # Write partition table |
|
307 | 308 | sfdisk -q -f "$BASEDIR/${DATE}-debian-${RELEASE}.img" <<EOM |
|
308 | 309 | unit: sectors |
|
309 | 310 | |
|
310 | 311 | 1 : start= ${TABLE_SECTORS}, size= ${FRMW_SECTORS}, Id= c, bootable |
|
311 | 312 | 2 : start= ${ROOT_OFFSET}, size= ${ROOT_SECTORS}, Id=83 |
|
312 | 313 | 3 : start= 0, size= 0, Id= 0 |
|
313 | 314 | 4 : start= 0, size= 0, Id= 0 |
|
314 | 315 | EOM |
|
315 | 316 | # Set up temporary loop devices |
|
316 | 317 | FRMW_LOOP="$(losetup -o 1M --sizelimit 64M -f --show $BASEDIR/${DATE}-debian-${RELEASE}.img)" |
|
317 | 318 | ROOT_LOOP="$(losetup -o 65M -f --show $BASEDIR/${DATE}-debian-${RELEASE}.img)" |
|
318 | 319 | fi |
|
319 | 320 | |
|
320 | 321 | # Build filesystems |
|
321 | 322 | mkfs.vfat "$FRMW_LOOP" |
|
322 | 323 | mkfs.ext4 "$ROOT_LOOP" |
|
323 | 324 | |
|
324 | 325 | # Mount the temporary loop devices |
|
325 | 326 | mkdir -p "$BUILDDIR/mount" |
|
326 | 327 | mount "$ROOT_LOOP" "$BUILDDIR/mount" |
|
327 | 328 | |
|
328 | 329 | mkdir -p "$BUILDDIR/mount/boot/firmware" |
|
329 | 330 | mount "$FRMW_LOOP" "$BUILDDIR/mount/boot/firmware" |
|
330 | 331 | |
|
331 | 332 | # Copy all files from the chroot to the loop device mount point directory |
|
332 | 333 | rsync -a "$R/" "$BUILDDIR/mount/" |
|
333 | 334 | |
|
334 | 335 | # Unmount all temporary loop devices and mount points |
|
335 | 336 | cleanup |
|
336 | 337 | |
|
337 | 338 | # Create block map file(s) of image(s) |
|
338 | 339 | if [ "$ENABLE_SPLITFS" = true ] ; then |
|
339 | 340 | # Create block map files for "bmaptool" |
|
340 | 341 | bmaptool create -o "$BASEDIR/${DATE}-debian-${RELEASE}-frmw.bmap" "$BASEDIR/${DATE}-debian-${RELEASE}-frmw.img" |
|
341 | 342 | bmaptool create -o "$BASEDIR/${DATE}-debian-${RELEASE}-root.bmap" "$BASEDIR/${DATE}-debian-${RELEASE}-root.img" |
|
342 | 343 | |
|
343 | 344 | # Image was successfully created |
|
344 | 345 | echo "$BASEDIR/${DATE}-debian-${RELEASE}-frmw.img ($(expr ${TABLE_SECTORS} + ${FRMW_SECTORS} \* 512 \/ 1024 \/ 1024)M)" ": successfully created" |
|
345 | 346 | echo "$BASEDIR/${DATE}-debian-${RELEASE}-root.img ($(expr ${TABLE_SECTORS} + ${ROOT_SECTORS} \* 512 \/ 1024 \/ 1024)M)" ": successfully created" |
|
346 | 347 | else |
|
347 | 348 | # Create block map file for "bmaptool" |
|
348 | 349 | bmaptool create -o "$BASEDIR/${DATE}-debian-${RELEASE}.bmap" "$BASEDIR/${DATE}-debian-${RELEASE}.img" |
|
349 | 350 | |
|
350 | 351 | # Image was successfully created |
|
351 | 352 | echo "$BASEDIR/${DATE}-debian-${RELEASE}.img ($(expr ${TABLE_SECTORS} + ${FRMW_SECTORS} + ${ROOT_SECTORS} \* 512 \/ 1024 \/ 1024)M)" ": successfully created" |
|
352 | 353 | fi |
General Comments 0
Vous devez vous connecter pour laisser un commentaire.
Se connecter maintenant