@@ -0,0 +1,33 | |||
|
1 | SUBSYSTEM=="input", GROUP="input", MODE="0660" | |
|
2 | SUBSYSTEM=="i2c-dev", GROUP="i2c", MODE="0660" | |
|
3 | SUBSYSTEM=="spidev", GROUP="spi", MODE="0660" | |
|
4 | SUBSYSTEM=="bcm2835-gpiomem", GROUP="gpio", MODE="0660" | |
|
5 | ||
|
6 | SUBSYSTEM=="gpio", GROUP="gpio", MODE="0660" | |
|
7 | SUBSYSTEM=="gpio*", PROGRAM="/bin/sh -c '\ | |
|
8 | chown -R root:gpio /sys/class/gpio && chmod -R 770 /sys/class/gpio;\ | |
|
9 | chown -R root:gpio /sys/devices/virtual/gpio && chmod -R 770 /sys/devices/virtual/gpio;\ | |
|
10 | chown -R root:gpio /sys$devpath && chmod -R 770 /sys$devpath\ | |
|
11 | '" | |
|
12 | ||
|
13 | KERNEL=="ttyAMA[01]", PROGRAM="/bin/sh -c '\ | |
|
14 | ALIASES=/proc/device-tree/aliases; \ | |
|
15 | if cmp -s $ALIASES/uart0 $ALIASES/serial0; then \ | |
|
16 | echo 0;\ | |
|
17 | elif cmp -s $ALIASES/uart0 $ALIASES/serial1; then \ | |
|
18 | echo 1; \ | |
|
19 | else \ | |
|
20 | exit 1; \ | |
|
21 | fi\ | |
|
22 | '", SYMLINK+="serial%c" | |
|
23 | ||
|
24 | KERNEL=="ttyS0", PROGRAM="/bin/sh -c '\ | |
|
25 | ALIASES=/proc/device-tree/aliases; \ | |
|
26 | if cmp -s $ALIASES/uart1 $ALIASES/serial0; then \ | |
|
27 | echo 0; \ | |
|
28 | elif cmp -s $ALIASES/uart1 $ALIASES/serial1; then \ | |
|
29 | echo 1; \ | |
|
30 | else \ | |
|
31 | exit 1; \ | |
|
32 | fi \ | |
|
33 | '", SYMLINK+="serial%c" |
@@ -0,0 +1,1 | |||
|
1 | kernel.printk = 3 4 1 3 No newline at end of file |
@@ -0,0 +1,5 | |||
|
1 | # Configuration template file used by rpi23-gen-image.sh | |
|
2 | RPI_MODEL=0 | |
|
3 | RELEASE=buster | |
|
4 | BUILD_KERNEL=true | |
|
5 | # ENABLE_BLUETOOTH=false |
@@ -0,0 +1,5 | |||
|
1 | # Configuration template file used by rpi23-gen-image.sh | |
|
2 | RPI_MODEL=0 | |
|
3 | RELEASE=stretch | |
|
4 | BUILD_KERNEL=true | |
|
5 | # ENABLE_BLUETOOTH=false |
@@ -0,0 +1,4 | |||
|
1 | # Configuration template file used by rpi23-gen-image.sh | |
|
2 | RPI_MODEL=1P | |
|
3 | RELEASE=buster | |
|
4 | BUILD_KERNEL=true |
@@ -0,0 +1,4 | |||
|
1 | # Configuration template file used by rpi23-gen-image.sh | |
|
2 | RPI_MODEL=1P | |
|
3 | RELEASE=stretch | |
|
4 | BUILD_KERNEL=true |
@@ -0,0 +1,4 | |||
|
1 | # Configuration template file used by rpi23-gen-image.sh | |
|
2 | RPI_MODEL=3 | |
|
3 | RELEASE=buster | |
|
4 | BUILD_KERNEL=true |
@@ -0,0 +1,4 | |||
|
1 | # Configuration template file used by rpi23-gen-image.sh | |
|
2 | RPI_MODEL=2 | |
|
3 | RELEASE=stretch | |
|
4 | BUILD_KERNEL=true |
@@ -0,0 +1,6 | |||
|
1 | # Configuration template file used by rpi23-gen-image.sh | |
|
2 | RPI_MODEL=3P | |
|
3 | RELEASE=buster | |
|
4 | BUILD_KERNEL=true | |
|
5 | # ENABLE_WIRELESS=false | |
|
6 | # ENABLE_BLUETOOTH=false |
@@ -0,0 +1,6 | |||
|
1 | # Configuration template file used by rpi23-gen-image.sh | |
|
2 | RPI_MODEL=3P | |
|
3 | RELEASE=stretch | |
|
4 | BUILD_KERNEL=true | |
|
5 | # ENABLE_WIRELESS=false | |
|
6 | # ENABLE_BLUETOOTH=false |
@@ -1,490 +1,500 | |||
|
1 | 1 | # rpi23-gen-image |
|
2 | 2 | ## Introduction |
|
3 |
`rpi23-gen-image.sh` is an advanced Debian Linux bootstrapping shell script for generating Debian OS images for |
|
|
3 | `rpi23-gen-image.sh` is an advanced Debian Linux bootstrapping shell script for generating Debian OS images for all Raspberry Pi computers. The script at this time supports the bootstrapping of the Debian (armhf/armel) releases `stretch` and `buster`. Raspberry Pi 0/1/2/3 images are generated for 32-bit mode only. Raspberry Pi 3 supports 64-bit images that can be generated using custom configuration parameters (```templates/rpi3-stretch-arm64-4.14.y```). | |
|
4 | 4 | |
|
5 | 5 | ## Build dependencies |
|
6 | 6 | The following list of Debian packages must be installed on the build system because they are essentially required for the bootstrapping process. The script will check if all required packages are installed and missing packages will be installed automatically if confirmed by the user. |
|
7 | 7 | |
|
8 | 8 | ```debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git bc psmisc dbus sudo``` |
|
9 | 9 | |
|
10 |
It is recommended to configure the `rpi23-gen-image.sh` script to build and install the latest Raspberry Pi Linux kernel. For the R |
|
|
10 | It is recommended to configure the `rpi23-gen-image.sh` script to build and install the latest Raspberry Pi Linux kernel. For the Raspberry 3 this is mandatory. Kernel compilation and linking will be performed on the build system using an ARM (armhf/armel) cross-compiler toolchain. | |
|
11 | 11 | |
|
12 | The script has been tested using the default `crossbuild-essential-armhf` toolchain meta package on Debian Linux `stretch` build systems. Please check the [Debian CrossToolchains Wiki](https://wiki.debian.org/CrossToolchains) for further information. | |
|
12 | The script has been tested using the default `crossbuild-essential-armhf` and `crossbuild-essential-armel` toolchain meta packages on Debian Linux `stretch` build systems. Please check the [Debian CrossToolchains Wiki](https://wiki.debian.org/CrossToolchains) for further information. | |
|
13 | 13 | |
|
14 | 14 | ## Command-line parameters |
|
15 | 15 | The script accepts certain command-line parameters to enable or disable specific OS features, services and configuration settings. These parameters are passed to the `rpi23-gen-image.sh` script via (simple) shell-variables. Unlike environment shell-variables (simple) shell-variables are defined at the beginning of the command-line call of the `rpi23-gen-image.sh` script. |
|
16 | 16 | |
|
17 | 17 | ##### Command-line examples: |
|
18 | 18 | ```shell |
|
19 | 19 | ENABLE_UBOOT=true ./rpi23-gen-image.sh |
|
20 | 20 | ENABLE_CONSOLE=false ENABLE_IPV6=false ./rpi23-gen-image.sh |
|
21 | 21 | ENABLE_WM=xfce4 ENABLE_FBTURBO=true ENABLE_MINBASE=true ./rpi23-gen-image.sh |
|
22 | 22 | ENABLE_HARDNET=true ENABLE_IPTABLES=true /rpi23-gen-image.sh |
|
23 | 23 | APT_SERVER=ftp.de.debian.org APT_PROXY="http://127.0.0.1:3142/" ./rpi23-gen-image.sh |
|
24 | 24 | ENABLE_MINBASE=true ./rpi23-gen-image.sh |
|
25 | 25 | BUILD_KERNEL=true ENABLE_MINBASE=true ENABLE_IPV6=false ./rpi23-gen-image.sh |
|
26 | 26 | BUILD_KERNEL=true KERNELSRC_DIR=/tmp/linux ./rpi23-gen-image.sh |
|
27 | 27 | ENABLE_MINBASE=true ENABLE_REDUCE=true ENABLE_MINGPU=true BUILD_KERNEL=true ./rpi23-gen-image.sh |
|
28 | 28 | ENABLE_CRYPTFS=true CRYPTFS_PASSWORD=changeme EXPANDROOT=false ENABLE_MINBASE=true ENABLE_REDUCE=true ENABLE_MINGPU=true BUILD_KERNEL=true ./rpi23-gen-image.sh |
|
29 | 29 | RELEASE=stretch BUILD_KERNEL=true ./rpi23-gen-image.sh |
|
30 | 30 | RPI_MODEL=3 ENABLE_WIRELESS=true ENABLE_MINBASE=true BUILD_KERNEL=true ./rpi23-gen-image.sh |
|
31 | 31 | RELEASE=stretch RPI_MODEL=3 ENABLE_WIRELESS=true ENABLE_MINBASE=true BUILD_KERNEL=true ./rpi23-gen-image.sh |
|
32 | 32 | ``` |
|
33 | 33 | |
|
34 | 34 | ## Configuration template files |
|
35 | 35 | To avoid long lists of command-line parameters and to help to store the favourite parameter configurations the `rpi23-gen-image.sh` script supports so called configuration template files (`CONFIG_TEMPLATE`=template). These are simple text files located in the `./templates` directory that contain the list of configuration parameters that will be used. New configuration template files can be added to the `./templates` directory. |
|
36 | 36 | |
|
37 | 37 | ##### Command-line examples: |
|
38 | 38 | ```shell |
|
39 | 39 | CONFIG_TEMPLATE=rpi3stretch ./rpi23-gen-image.sh |
|
40 | 40 | CONFIG_TEMPLATE=rpi2stretch ./rpi23-gen-image.sh |
|
41 | 41 | ``` |
|
42 | 42 | |
|
43 | 43 | ## Supported parameters and settings |
|
44 | 44 | #### APT settings: |
|
45 | 45 | ##### `APT_SERVER`="ftp.debian.org" |
|
46 | 46 | Set Debian packages server address. Choose a server from the list of Debian worldwide [mirror sites](https://www.debian.org/mirror/list). Using a nearby server will probably speed-up all required downloads within the bootstrapping process. |
|
47 | 47 | |
|
48 | 48 | ##### `APT_PROXY`="" |
|
49 | 49 | Set Proxy server address. Using a local Proxy-Cache like `apt-cacher-ng` will speed-up the bootstrapping process because all required Debian packages will only be downloaded from the Debian mirror site once. If `apt-cacher-ng` is running on default `http://127.0.0.1:3142` it is autodetected and you don't need to set this. |
|
50 | 50 | |
|
51 | 51 | ##### `APT_INCLUDES`="" |
|
52 |
A comma |
|
|
52 | A comma-separated list of additional packages to be installed by debootstrap during bootstrapping. | |
|
53 | 53 | |
|
54 | 54 | ##### `APT_INCLUDES_LATE`="" |
|
55 |
A comma |
|
|
55 | A comma-separated list of additional packages to be installed by apt after bootstrapping and after APT sources are set up. This is useful for packages with pre-depends, which debootstrap do not handle well. | |
|
56 | 56 | |
|
57 | 57 | --- |
|
58 | 58 | |
|
59 | 59 | #### General system settings: |
|
60 | 60 | ##### `SET_ARCH`=32 |
|
61 |
Set Architecture to default 32bit. If you want to |
|
|
62 | If you want to change e.g. cross-compiler -> Templates always override defaults | |
|
61 | Set Architecture to default 32bit. If you want to compile 64-bit (RPI3 or RPI3+) set it to `64`. This option will set every needed cross-compiler or board specific option for a successful build. | |
|
63 | 62 | |
|
64 | 63 | ##### `RPI_MODEL`=2 |
|
65 |
Specif |
|
|
66 |
`0` = |
|
|
67 |
`1` = |
|
|
68 |
`1P` = |
|
|
69 |
`2` = |
|
|
70 |
`3` = |
|
|
71 |
`3P` = |
|
|
72 | `BUILD_KERNEL`=true will automatically be set if the Raspberry Pi model `3` or `3P` is used. | |
|
64 | Specify the target Raspberry Pi hardware model. The script at this time supports the following Raspberry Pi models: | |
|
65 | - `0` = Raspberry Pi 0 and Raspberry Pi 0 W | |
|
66 | - `1` = Raspberry Pi 1 model A and B | |
|
67 | - `1P` = Raspberry Pi 1 model B+ and A+ | |
|
68 | - `2` = Raspberry Pi 2 model B | |
|
69 | - `3` = Raspberry Pi 3 model B | |
|
70 | - `3P` = Raspberry Pi 3 model B+ | |
|
73 | 71 | |
|
74 | 72 | ##### `RELEASE`="buster" |
|
75 | 73 | Set the desired Debian release name. The script at this time supports the bootstrapping of the Debian releases `stretch` and `buster`. |
|
76 | 74 | |
|
77 | 75 | ##### `RELEASE_ARCH`="armhf" |
|
78 | 76 | Set the desired Debian release architecture. |
|
79 | 77 | |
|
80 | 78 | ##### `HOSTNAME`="rpi$RPI_MODEL-$RELEASE" |
|
81 | 79 |
Set system host |
|
82 | 80 | |
|
83 | 81 | ##### `PASSWORD`="raspberry" |
|
84 | 82 | Set system `root` password. It's **STRONGLY** recommended that you choose a custom password. |
|
85 | 83 | |
|
86 | 84 | ##### `USER_PASSWORD`="raspberry" |
|
87 | 85 | Set password for the created non-root user `USER_NAME`=pi. Ignored if `ENABLE_USER`=false. It's **STRONGLY** recommended that you choose a custom password. |
|
88 | 86 | |
|
89 | 87 | ##### `DEFLOCAL`="en_US.UTF-8" |
|
90 | 88 | Set default system locale. This setting can also be changed inside the running OS using the `dpkg-reconfigure locales` command. Please note that on using this parameter the script will automatically install the required packages `locales`, `keyboard-configuration` and `console-setup`. |
|
91 | 89 | |
|
92 | 90 | ##### `TIMEZONE`="Europe/Berlin" |
|
93 | 91 | Set default system timezone. All available timezones can be found in the `/usr/share/zoneinfo/` directory. This setting can also be changed inside the running OS using the `dpkg-reconfigure tzdata` command. |
|
94 | 92 | |
|
95 | 93 | ##### `EXPANDROOT`=true |
|
96 | 94 | Expand the root partition and filesystem automatically on first boot. |
|
97 | 95 | |
|
98 | 96 | ##### `ENABLE_QEMU`=false |
|
99 | 97 | Generate kernel (`vexpress_defconfig`), file system image (`qcow2`) and DTB files that can be used for QEMU full system emulation (`vexpress-A15`). The output files are stored in the `$(pwd)/images/qemu` directory. You can find more information about running the generated image in the QEMU section of this readme file. |
|
100 | 98 | |
|
101 | 99 | --- |
|
102 | 100 | |
|
103 | 101 | #### Keyboard settings: |
|
104 | 102 | These options are used to configure keyboard layout in `/etc/default/keyboard` for console and Xorg. These settings can also be changed inside the running OS using the `dpkg-reconfigure keyboard-configuration` command. |
|
105 | 103 | |
|
106 | 104 | ##### `XKB_MODEL`="" |
|
107 | 105 | Set the name of the model of your keyboard type. |
|
108 | 106 | |
|
109 | 107 | ##### `XKB_LAYOUT`="" |
|
110 | 108 | Set the supported keyboard layout(s). |
|
111 | 109 | |
|
112 | 110 | ##### `XKB_VARIANT`="" |
|
113 | 111 | Set the supported variant(s) of the keyboard layout(s). |
|
114 | 112 | |
|
115 | 113 | ##### `XKB_OPTIONS`="" |
|
116 | 114 | Set extra xkb configuration options. |
|
117 | 115 | |
|
118 | 116 | --- |
|
119 | 117 | |
|
120 | 118 | #### Networking settings (DHCP): |
|
121 |
This parameter is used to set up networking auto |
|
|
119 | This parameter is used to set up networking auto-configuration in `/etc/systemd/network/eth.network`. The default location of network configuration files in the Debian `stretch` release was changed to `/lib/systemd/network`.` | |
|
122 | 120 | |
|
123 | 121 | ##### `ENABLE_DHCP`=true |
|
124 | 122 | Set the system to use DHCP. This requires an DHCP server. |
|
125 | 123 | |
|
126 | 124 | --- |
|
127 | 125 | |
|
128 | 126 | #### Networking settings (static): |
|
129 | 127 | These parameters are used to set up a static networking configuration in `/etc/systemd/network/eth.network`. The following static networking parameters are only supported if `ENABLE_DHCP` was set to `false`. The default location of network configuration files in the Debian `stretch` release was changed to `/lib/systemd/network`. |
|
130 | 128 | |
|
131 | 129 | ##### `NET_ADDRESS`="" |
|
132 | 130 | Set a static IPv4 or IPv6 address and its prefix, separated by "/", eg. "192.169.0.3/24". |
|
133 | 131 | |
|
134 | 132 | ##### `NET_GATEWAY`="" |
|
135 | 133 | Set the IP address for the default gateway. |
|
136 | 134 | |
|
137 | 135 | ##### `NET_DNS_1`="" |
|
138 | 136 | Set the IP address for the first DNS server. |
|
139 | 137 | |
|
140 | 138 | ##### `NET_DNS_2`="" |
|
141 | 139 | Set the IP address for the second DNS server. |
|
142 | 140 | |
|
143 | 141 | ##### `NET_DNS_DOMAINS`="" |
|
144 | 142 |
Set the default DNS search domains to use for non fully qualified host |
|
145 | 143 | |
|
146 | 144 | ##### `NET_NTP_1`="" |
|
147 | 145 | Set the IP address for the first NTP server. |
|
148 | 146 | |
|
149 | 147 | ##### `NET_NTP_2`="" |
|
150 | 148 | Set the IP address for the second NTP server. |
|
151 | 149 | |
|
152 | 150 | --- |
|
153 | 151 | |
|
154 | 152 | #### Basic system features: |
|
155 | 153 | ##### `ENABLE_CONSOLE`=true |
|
156 | Enable serial console interface. Recommended if no monitor or keyboard is connected to the RPi2/3. In case of problems fe. if the network (auto) configuration failed - the serial console can be used to access the system. | |
|
154 | Enable serial console interface. Recommended if no monitor or keyboard is connected to the RPi2/3. In case of problems fe. if the network (auto) configuration failed - the serial console can be used to access the system. On RPI `0` `3` `3P` the CPU speed is locked at lowest speed. | |
|
155 | ||
|
156 | ##### `ENABLE_PRINTK`=false | |
|
157 | Enables printing kernel messages to konsole. printk is `3 4 1 3` as in raspbian. | |
|
158 | ||
|
159 | ##### `ENABLE_BLUETOOTH`=false | |
|
160 | Enable onboard Bluetooth interface on the RPi0/3/3P. See: [Configuring the GPIO serial port on Raspbian jessie and stretch](https://spellfoundry.com/2016/05/29/configuring-gpio-serial-port-raspbian-jessie-including-pi-3/). | |
|
161 | ||
|
162 | ##### `ENABLE_MINIUART_OVERLAY`=false | |
|
163 | Enable Bluetooth to use this. Adds overlay to swap UART0 with UART1. Enabling (slower) Bluetooth and full speed serial console. - RPI `0` `3` `3P` have a fast `hardware UART0` (ttyAMA0) and a `mini UART1` (ttyS0)! RPI `1` `1P` `2` only have a `hardware UART0`. `UART0` is considered better, because is faster and more stable than `mini UART1`. By default the Bluetooth modem is mapped to the `hardware UART0` and `mini UART` is used for console. The `mini UART` is a problem for the serial console, because its baudrate depends on the CPU frequency, which is changing on runtime. Resulting in a volatile baudrate and thus in an unusable serial console. | |
|
164 | ||
|
165 | ##### `ENABLE_TURBO`=false | |
|
166 | Enable Turbo mode. This setting locks cpu at the highest frequency. As setting ENABLE_CONSOLE=true locks RPI to lowest CPU speed, this is can be used additionally to lock cpu hat max speed. Need a good power supply and probably cooling for the Raspberry PI. | |
|
157 | 167 | |
|
158 | 168 | ##### `ENABLE_I2C`=false |
|
159 | Enable I2C interface on the RPi2/3. Please check the [RPi2/3 pinout diagrams](https://elinux.org/RPi_Low-level_peripherals) to connect the right GPIO pins. | |
|
169 | Enable I2C interface on the RPi 0/1/2/3. Please check the [RPi 0/1/2/3 pinout diagrams](https://elinux.org/RPi_Low-level_peripherals) to connect the right GPIO pins. | |
|
160 | 170 | |
|
161 | 171 | ##### `ENABLE_SPI`=false |
|
162 | Enable SPI interface on the RPi2/3. Please check the [RPi2/3 pinout diagrams](https://elinux.org/RPi_Low-level_peripherals) to connect the right GPIO pins. | |
|
172 | Enable SPI interface on the RPi 0/1/2/3. Please check the [RPi 0/1/2/3 pinout diagrams](https://elinux.org/RPi_Low-level_peripherals) to connect the right GPIO pins. | |
|
163 | 173 | |
|
164 | 174 | ##### `ENABLE_IPV6`=true |
|
165 | 175 | Enable IPv6 support. The network interface configuration is managed via systemd-networkd. |
|
166 | 176 | |
|
167 | 177 | ##### `ENABLE_SSHD`=true |
|
168 | 178 | Install and enable OpenSSH service. The default configuration of the service doesn't allow `root` to login. Please use the user `pi` instead and `su -` or `sudo` to execute commands as root. |
|
169 | 179 | |
|
170 | 180 | ##### `ENABLE_NONFREE`=false |
|
171 | 181 | Allow the installation of non-free Debian packages that do not comply with the DFSG. This is required to install closed-source firmware binary blobs. |
|
172 | 182 | |
|
173 | 183 | ##### `ENABLE_WIRELESS`=false |
|
174 | 184 | Download and install the [closed-source firmware binary blob](https://github.com/RPi-Distro/firmware-nonfree/raw/master/brcm) that is required to run the internal wireless interface of the Raspberry Pi model `3`. This parameter is ignored if the specified `RPI_MODEL` is not `3`. |
|
175 | 185 | |
|
176 | 186 | ##### `ENABLE_RSYSLOG`=true |
|
177 | If set to false, disable and uninstall rsyslog (so logs will be available only | |
|
178 | in journal files) | |
|
187 | If set to false, disable and uninstall rsyslog (so logs will be available only in journal files) | |
|
179 | 188 | |
|
180 | 189 | ##### `ENABLE_SOUND`=true |
|
181 | 190 | Enable sound hardware and install Advanced Linux Sound Architecture. |
|
182 | 191 | |
|
183 | 192 | ##### `ENABLE_HWRANDOM`=true |
|
184 |
Enable Hardware Random Number Generator. Strong random numbers are important for most network |
|
|
193 | Enable Hardware Random Number Generator. Strong random numbers are important for most network-based communications that use encryption. It's recommended to be enabled. | |
|
185 | 194 | |
|
186 | 195 | ##### `ENABLE_MINGPU`=false |
|
187 | 196 | Minimize the amount of shared memory reserved for the GPU. It doesn't seem to be possible to fully disable the GPU. |
|
188 | 197 | |
|
189 | 198 | ##### `ENABLE_DBUS`=true |
|
190 | 199 | Install and enable D-Bus message bus. Please note that systemd should work without D-bus but it's recommended to be enabled. |
|
191 | 200 | |
|
192 | 201 | ##### `ENABLE_XORG`=false |
|
193 | 202 | Install Xorg open-source X Window System. |
|
194 | 203 | |
|
195 | 204 | ##### `ENABLE_WM`="" |
|
196 |
Install a user |
|
|
205 | Install a user-defined window manager for the X Window System. To make sure all X related package dependencies are getting installed `ENABLE_XORG` will automatically get enabled if `ENABLE_WM` is used. The `rpi23-gen-image.sh` script has been tested with the following list of window managers: `blackbox`, `openbox`, `fluxbox`, `jwm`, `dwm`, `xfce4`, `awesome`. | |
|
197 | 206 | |
|
198 | 207 | ##### `ENABLE_SYSVINIT`=false |
|
199 | 208 | Support for halt,init,poweroff,reboot,runlevel,shutdown,telinit commands |
|
200 | 209 | |
|
201 | 210 | --- |
|
202 | 211 | |
|
203 | 212 | #### Advanced system features: |
|
204 | 213 | ##### `ENABLE_MINBASE`=false |
|
205 | 214 | Use debootstrap script variant `minbase` which only includes essential packages and apt. This will reduce the disk usage by about 65 MB. |
|
206 | 215 | |
|
207 | 216 | ##### `ENABLE_REDUCE`=false |
|
208 | 217 | Reduce the disk space usage by deleting packages and files. See `REDUCE_*` parameters for detailed information. |
|
209 | 218 | |
|
210 | 219 | ##### `ENABLE_UBOOT`=false |
|
211 | Replace the default RPi2/3 second stage bootloader (bootcode.bin) with [U-Boot bootloader](https://git.denx.de/?p=u-boot.git;a=summary). U-Boot can boot images via the network using the BOOTP/TFTP protocol. | |
|
220 | Replace the default RPi 0/1/2/3 second stage bootloader (bootcode.bin) with [U-Boot bootloader](https://git.denx.de/?p=u-boot.git;a=summary). U-Boot can boot images via the network using the BOOTP/TFTP protocol. | |
|
212 | 221 | |
|
213 | 222 | ##### `UBOOTSRC_DIR`="" |
|
214 | 223 | Path to a directory (`u-boot`) of [U-Boot bootloader sources](https://git.denx.de/?p=u-boot.git;a=summary) that will be copied, configured, build and installed inside the chroot. |
|
215 | 224 | |
|
216 | 225 | ##### `ENABLE_FBTURBO`=false |
|
217 | 226 | Install and enable the [hardware accelerated Xorg video driver](https://github.com/ssvb/xf86-video-fbturbo) `fbturbo`. Please note that this driver is currently limited to hardware accelerated window moving and scrolling. |
|
218 | 227 | |
|
219 | 228 | ##### `FBTURBOSRC_DIR`="" |
|
220 | 229 | Path to a directory (`xf86-video-fbturbo`) of [hardware accelerated Xorg video driver sources](https://github.com/ssvb/xf86-video-fbturbo) that will be copied, configured, build and installed inside the chroot. |
|
221 | 230 | |
|
222 | 231 | ##### `ENABLE_VIDEOCORE`=false |
|
223 |
Install and enable the [ |
|
|
232 | Install and enable the [ARM side libraries for interfacing to Raspberry Pi GPU](https://github.com/raspberrypi/userland) `vcgencmd`. Please note that this driver is currently limited to hardware accelerated window moving and scrolling. | |
|
224 | 233 | |
|
225 | 234 | ##### `VIDEOCORESRC_DIR`="" |
|
226 |
Path to a directory (`userland`) of [ |
|
|
235 | Path to a directory (`userland`) of [ARM side libraries for interfacing to Raspberry Pi GPU](https://github.com/raspberrypi/userland) that will be copied, configured, build and installed inside the chroot. | |
|
227 | 236 | |
|
228 | 237 | ##### `ENABLE_IPTABLES`=false |
|
229 | 238 | Enable iptables IPv4/IPv6 firewall. Simplified ruleset: Allow all outgoing connections. Block all incoming connections except to OpenSSH service. |
|
230 | 239 | |
|
231 | 240 | ##### `ENABLE_USER`=true |
|
232 | Create non-root user with password `USER_PASSWORD`=raspberry. Unless overridden with `USER_NAME`=user, username will be `pi`. | |
|
241 | Create non-root user with password `USER_PASSWORD`=raspberry. Unless overridden with `USER_NAME`=user, the username will be `pi`. | |
|
233 | 242 | |
|
234 | 243 | ##### `USER_NAME`=pi |
|
235 | 244 | Non-root user to create. Ignored if `ENABLE_USER`=false |
|
236 | 245 | |
|
237 | 246 | ##### `ENABLE_ROOT`=false |
|
238 | 247 | Set root user password so root login will be enabled |
|
239 | 248 | |
|
240 | 249 | ##### `ENABLE_HARDNET`=false |
|
241 | 250 | Enable IPv4/IPv6 network stack hardening settings. |
|
242 | 251 | |
|
243 | 252 | ##### `ENABLE_SPLITFS`=false |
|
244 | 253 | Enable having root partition on an USB drive by creating two image files: one for the `/boot/firmware` mount point, and another for `/`. |
|
245 | 254 | |
|
246 | 255 | ##### `CHROOT_SCRIPTS`="" |
|
247 | 256 | Path to a directory with scripts that should be run in the chroot before the image is finally built. Every executable file in this directory is run in lexicographical order. |
|
248 | 257 | |
|
249 | 258 | ##### `ENABLE_INITRAMFS`=false |
|
250 | 259 | Create an initramfs that that will be loaded during the Linux startup process. `ENABLE_INITRAMFS` will automatically get enabled if `ENABLE_CRYPTFS`=true. This parameter will be ignored if `BUILD_KERNEL`=false. |
|
251 | 260 | |
|
252 | 261 | ##### `ENABLE_IFNAMES`=true |
|
253 | 262 | Enable automatic assignment of predictable, stable network interface names for all local Ethernet, WLAN interfaces. This might create complex and long interface names. |
|
254 | 263 | |
|
255 | 264 | ##### `DISABLE_UNDERVOLT_WARNINGS`= |
|
256 | 265 | Disable RPi2/3 under-voltage warnings and overlays. Setting the parameter to `1` will disable the warning overlay. Setting it to `2` will additionally allow RPi2/3 turbo mode when low-voltage is present. |
|
257 | 266 | |
|
258 | 267 | --- |
|
259 | 268 | |
|
260 | 269 | #### SSH settings: |
|
261 | 270 | ##### `SSH_ENABLE_ROOT`=false |
|
262 | Enable password root login via SSH. This may be a security risk with default password, use only in trusted environments. `ENABLE_ROOT` must be set to `true`. | |
|
271 | Enable password-based root login via SSH. This may be a security risk with the default password set, use only in trusted environments. `ENABLE_ROOT` must be set to `true`. | |
|
263 | 272 | |
|
264 | 273 | ##### `SSH_DISABLE_PASSWORD_AUTH`=false |
|
265 |
Disable password |
|
|
274 | Disable password-based SSH authentication. Only public key based SSH (v2) authentication will be supported. | |
|
266 | 275 | |
|
267 | 276 | ##### `SSH_LIMIT_USERS`=false |
|
268 | 277 | Limit the users that are allowed to login via SSH. Only allow user `USER_NAME`=pi and root if `SSH_ENABLE_ROOT`=true to login. This parameter will be ignored if `dropbear` SSH is used (`REDUCE_SSHD`=true). |
|
269 | 278 | |
|
270 | 279 | ##### `SSH_ROOT_PUB_KEY`="" |
|
271 | 280 | Add SSH (v2) public key(s) from specified file to `authorized_keys` file to enable public key based SSH (v2) authentication of user `root`. The specified file can also contain multiple SSH (v2) public keys. SSH protocol version 1 is not supported. `ENABLE_ROOT` **and** `SSH_ENABLE_ROOT` must be set to `true`. |
|
272 | 281 | |
|
273 | 282 | ##### `SSH_USER_PUB_KEY`="" |
|
274 | 283 | Add SSH (v2) public key(s) from specified file to `authorized_keys` file to enable public key based SSH (v2) authentication of user `USER_NAME`=pi. The specified file can also contain multiple SSH (v2) public keys. SSH protocol version 1 is not supported. |
|
275 | 284 | |
|
276 | 285 | --- |
|
277 | 286 | |
|
278 | 287 | #### Kernel compilation: |
|
279 | 288 | ##### `BUILD_KERNEL`=true |
|
280 | Build and install the latest RPi2/3 Linux kernel. Currently only the default RPi2/3 kernel configuration is used. | |
|
289 | Build and install the latest RPi 0/1/2/3 Linux kernel. Currently only the default RPi 0/1/2/3 kernel configuration is used. | |
|
281 | 290 | |
|
282 | 291 | ##### `CROSS_COMPILE`="arm-linux-gnueabihf-" |
|
283 |
This sets the cross |
|
|
292 | This sets the cross-compile environment for the compiler. | |
|
284 | 293 | |
|
285 | 294 | ##### `KERNEL_ARCH`="arm" |
|
286 | 295 | This sets the kernel architecture for the compiler. |
|
287 | 296 | |
|
288 | 297 | ##### `KERNEL_IMAGE`="kernel7.img" |
|
289 | 298 | Name of the image file in the boot partition. If not set, `KERNEL_IMAGE` will be set to "kernel8.img" automatically if building for arm64. |
|
290 | 299 | |
|
291 | 300 | ##### `KERNEL_BRANCH`="" |
|
292 | 301 | Name of the requested branch from the GIT location for the RPi Kernel. Default is using the current default branch from the GIT site. |
|
293 | 302 | |
|
294 | 303 | ##### `QEMU_BINARY`="/usr/bin/qemu-arm-static" |
|
295 | 304 | Sets the QEMU enviornment for the Debian archive. If not set, `QEMU_BINARY` will be set to "/usr/bin/qemu-aarch64-static" automatically if building for arm64. |
|
296 | 305 | |
|
297 | 306 | ##### `KERNEL_DEFCONFIG`="bcm2709_defconfig" |
|
298 | 307 | Sets the default config for kernel compiling. If not set, `KERNEL_DEFCONFIG` will be set to "bcmrpi3\_defconfig" automatically if building for arm64. |
|
299 | 308 | |
|
300 | 309 | ##### `KERNEL_REDUCE`=false |
|
301 | Reduce the size of the generated kernel by removing unwanted device, network and filesystem drivers (experimental). | |
|
310 | Reduce the size of the generated kernel by removing unwanted devices, network and filesystem drivers (experimental). | |
|
302 | 311 | |
|
303 | 312 | ##### `KERNEL_THREADS`=1 |
|
304 | 313 | Number of parallel kernel building threads. If the parameter is left untouched the script will automatically determine the number of CPU cores to set the number of parallel threads to speed the kernel compilation. |
|
305 | 314 | |
|
306 | 315 | ##### `KERNEL_HEADERS`=true |
|
307 | Install kernel headers with built kernel. | |
|
316 | Install kernel headers with the built kernel. | |
|
308 | 317 | |
|
309 | 318 | ##### `KERNEL_MENUCONFIG`=false |
|
310 | 319 | Start `make menuconfig` interactive menu-driven kernel configuration. The script will continue after `make menuconfig` was terminated. |
|
311 | 320 | |
|
312 | 321 | ##### `KERNEL_OLDDEFCONFIG`=false |
|
313 | 322 | Run `make olddefconfig` to automatically set all new kernel configuration options to their recommended default values. |
|
314 | 323 | |
|
315 | 324 | ##### `KERNEL_CCACHE`=false |
|
316 | 325 | Compile the kernel using ccache. This speeds up kernel recompilation by caching previous compilations and detecting when the same compilation is being done again. |
|
317 | 326 | |
|
318 | 327 | ##### `KERNEL_REMOVESRC`=true |
|
319 | 328 | Remove all kernel sources from the generated OS image after it was built and installed. |
|
320 | 329 | |
|
321 | 330 | ##### `KERNELSRC_DIR`="" |
|
322 | 331 | Path to a directory (`linux`) of [RaspberryPi Linux kernel sources](https://github.com/raspberrypi/linux) that will be copied, configured, build and installed inside the chroot. |
|
323 | 332 | |
|
324 | 333 | ##### `KERNELSRC_CLEAN`=false |
|
325 | 334 | Clean the existing kernel sources directory `KERNELSRC_DIR` (using `make mrproper`) after it was copied to the chroot and before the compilation of the kernel has started. This parameter will be ignored if no `KERNELSRC_DIR` was specified or if `KERNELSRC_PREBUILT`=true. |
|
326 | 335 | |
|
327 | 336 | ##### `KERNELSRC_CONFIG`=true |
|
328 | 337 | Run `make bcm2709_defconfig` (and optional `make menuconfig`) to configure the kernel sources before building. This parameter is automatically set to `true` if no existing kernel sources directory was specified using `KERNELSRC_DIR`. This parameter is ignored if `KERNELSRC_PREBUILT`=true. |
|
329 | 338 | |
|
330 | 339 | ##### `KERNELSRC_USRCONFIG`="" |
|
331 | 340 | Copy own config file to kernel `.config`. If `KERNEL_MENUCONFIG`=true then running after copy. |
|
332 | 341 | |
|
333 | 342 | ##### `KERNELSRC_PREBUILT`=false |
|
334 | 343 | With this parameter set to true the script expects the existing kernel sources directory to be already successfully cross-compiled. The parameters `KERNELSRC_CLEAN`, `KERNELSRC_CONFIG`, `KERNELSRC_USRCONFIG` and `KERNEL_MENUCONFIG` are ignored and no kernel compilation tasks are performed. |
|
335 | 344 | |
|
336 | 345 | ##### `RPI_FIRMWARE_DIR`="" |
|
337 | 346 | The directory (`firmware`) containing a local copy of the firmware from the [RaspberryPi firmware project](https://github.com/raspberrypi/firmware). Default is to download the latest firmware directly from the project. |
|
338 | 347 | |
|
339 | 348 | --- |
|
340 | 349 | |
|
341 | 350 | #### Reduce disk usage: |
|
342 | 351 | The following list of parameters is ignored if `ENABLE_REDUCE`=false. |
|
343 | 352 | |
|
344 | 353 | ##### `REDUCE_APT`=true |
|
345 | 354 | Configure APT to use compressed package repository lists and no package caching files. |
|
346 | 355 | |
|
347 | 356 | ##### `REDUCE_DOC`=true |
|
348 | 357 | Remove all doc files (harsh). Configure APT to not include doc files on future `apt-get` package installations. |
|
349 | 358 | |
|
350 | 359 | ##### `REDUCE_MAN`=true |
|
351 | 360 | Remove all man pages and info files (harsh). Configure APT to not include man pages on future `apt-get` package installations. |
|
352 | 361 | |
|
353 | 362 | ##### `REDUCE_VIM`=false |
|
354 | 363 | Replace `vim-tiny` package by `levee` a tiny vim clone. |
|
355 | 364 | |
|
356 | 365 | ##### `REDUCE_BASH`=false |
|
357 | 366 | Remove `bash` package and switch to `dash` shell (experimental). |
|
358 | 367 | |
|
359 | 368 | ##### `REDUCE_HWDB`=true |
|
360 | 369 | Remove PCI related hwdb files (experimental). |
|
361 | 370 | |
|
362 | 371 | ##### `REDUCE_SSHD`=true |
|
363 | 372 | Replace `openssh-server` with `dropbear`. |
|
364 | 373 | |
|
365 | 374 | ##### `REDUCE_LOCALE`=true |
|
366 | 375 | Remove all `locale` translation files. |
|
367 | 376 | |
|
368 | 377 | --- |
|
369 | 378 | |
|
370 | 379 | #### Encrypted root partition: |
|
371 | 380 | ##### `ENABLE_CRYPTFS`=false |
|
372 | 381 | Enable full system encryption with dm-crypt. Setup a fully LUKS encrypted root partition (aes-xts-plain64:sha512) and generate required initramfs. The /boot directory will not be encrypted. This parameter will be ignored if `BUILD_KERNEL`=false. `ENABLE_CRYPTFS` is experimental. SSH-to-initramfs is currently not supported but will be soon - feel free to help. |
|
373 | 382 | |
|
374 | 383 | ##### `CRYPTFS_PASSWORD`="" |
|
375 | 384 | Set password of the encrypted root partition. This parameter is mandatory if `ENABLE_CRYPTFS`=true. |
|
376 | 385 | |
|
377 | 386 | ##### `CRYPTFS_MAPPING`="secure" |
|
378 | 387 | Set name of dm-crypt managed device-mapper mapping. |
|
379 | 388 | |
|
380 | 389 | ##### `CRYPTFS_CIPHER`="aes-xts-plain64:sha512" |
|
381 | 390 | Set cipher specification string. `aes-xts*` ciphers are strongly recommended. |
|
382 | 391 | |
|
383 | 392 | ##### `CRYPTFS_XTSKEYSIZE`=512 |
|
384 | 393 | Sets key size in bits. The argument has to be a multiple of 8. |
|
385 | 394 | |
|
386 | 395 | --- |
|
387 | 396 | |
|
388 | 397 | #### Build settings: |
|
389 | 398 | ##### `BASEDIR`=$(pwd)/images/${RELEASE} |
|
390 | 399 | Set a path to a working directory used by the script to generate an image. |
|
391 | 400 | |
|
392 | 401 | ##### `IMAGE_NAME`=${BASEDIR}/${DATE}-${KERNEL_ARCH}-${KERNEL_BRANCH}-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH} |
|
393 | 402 | Set a filename for the output file(s). Note: the script will create $IMAGE_NAME.img if `ENABLE_SPLITFS`=false or $IMAGE_NAME-frmw.img and $IMAGE_NAME-root.img if `ENABLE_SPLITFS`=true. Note 2: If the KERNEL_BRANCH is not set, the word "CURRENT" is used. |
|
394 | 403 | |
|
395 | 404 | ## Understanding the script |
|
396 | 405 | The functions of this script that are required for the different stages of the bootstrapping are split up into single files located inside the `bootstrap.d` directory. During the bootstrapping every script in this directory gets executed in lexicographical order: |
|
397 | 406 | |
|
398 | 407 | | Script | Description | |
|
399 | 408 | | --- | --- | |
|
400 | 409 | | `10-bootstrap.sh` | Debootstrap basic system | |
|
401 | 410 | | `11-apt.sh` | Setup APT repositories | |
|
402 | 411 | | `12-locale.sh` | Setup Locales and keyboard settings | |
|
403 | | `13-kernel.sh` | Build and install RPi2/3 Kernel | | |
|
412 | | `13-kernel.sh` | Build and install RPi 0/1/2/3 Kernel | | |
|
404 | 413 | | `14-fstab.sh` | Setup fstab and initramfs | |
|
405 | | `15-rpi-config.sh` | Setup RPi2/3 config and cmdline | | |
|
414 | | `15-rpi-config.sh` | Setup RPi 0/1/2/3 config and cmdline | | |
|
406 | 415 | | `20-networking.sh` | Setup Networking | |
|
407 | 416 | | `21-firewall.sh` | Setup Firewall | |
|
408 | 417 | | `30-security.sh` | Setup Users and Security settings | |
|
409 | 418 | | `31-logging.sh` | Setup Logging | |
|
410 | 419 | | `32-sshd.sh` | Setup SSH and public keys | |
|
411 | 420 | | `41-uboot.sh` | Build and Setup U-Boot | |
|
412 | 421 | | `42-fbturbo.sh` | Build and Setup fbturbo Xorg driver | |
|
422 | | `43-videocore.sh` | Build and Setup videocore libraries | | |
|
413 | 423 | | `50-firstboot.sh` | First boot actions | |
|
414 | 424 | | `99-reduce.sh` | Reduce the disk space usage | |
|
415 | 425 | |
|
416 | 426 | All the required configuration files that will be copied to the generated OS image are located inside the `files` directory. It is not recommended to modify these configuration files manually. |
|
417 | 427 | |
|
418 | 428 | | Directory | Description | |
|
419 | 429 | | --- | --- | |
|
420 | 430 | | `apt` | APT management configuration files | |
|
421 | | `boot` | Boot and RPi2/3 configuration files | | |
|
431 | | `boot` | Boot and RPi 0/1/2/3 configuration files | | |
|
422 | 432 | | `dpkg` | Package Manager configuration | |
|
423 | 433 | | `etc` | Configuration files and rc scripts | |
|
424 | 434 | | `firstboot` | Scripts that get executed on first boot | |
|
425 | 435 | | `initramfs` | Initramfs scripts | |
|
426 | 436 | | `iptables` | Firewall configuration files | |
|
427 | 437 | | `locales` | Locales configuration | |
|
428 | 438 | | `modules` | Kernel Modules configuration | |
|
429 | 439 | | `mount` | Fstab configuration | |
|
430 | 440 | | `network` | Networking configuration files | |
|
431 | 441 | | `sysctl.d` | Swapping and Network Hardening configuration | |
|
432 | 442 | | `xorg` | fbturbo Xorg driver configuration | |
|
433 | 443 | |
|
434 | 444 | ## Custom packages and scripts |
|
435 | 445 | Debian custom packages, i.e. those not in the debian repositories, can be installed by placing them in the `packages` directory. They are installed immediately after packages from the repositories are installed. Any dependencies listed in the custom packages will be downloaded automatically from the repositories. Do not list these custom packages in `APT_INCLUDES`. |
|
436 | 446 | |
|
437 | 447 | Scripts in the custom.d directory will be executed after all other installation is complete but before the image is created. |
|
438 | 448 | |
|
439 | 449 | ## Logging of the bootstrapping process |
|
440 | 450 | All information related to the bootstrapping process and the commands executed by the `rpi23-gen-image.sh` script can easily be saved into a logfile. The common shell command `script` can be used for this purpose: |
|
441 | 451 | |
|
442 | 452 | ```shell |
|
443 | 453 | script -c 'APT_SERVER=ftp.de.debian.org ./rpi23-gen-image.sh' ./build.log |
|
444 | 454 | ``` |
|
445 | 455 | |
|
446 | 456 | ## Flashing the image file |
|
447 | After the image file was successfully created by the `rpi23-gen-image.sh` script it can be copied to the microSD card that will be used by the RPi2/3 computer. This can be performed by using the tools `bmaptool` or `dd`. Using `bmaptool` will probably speed-up the copy process because `bmaptool` copies more wisely than `dd`. | |
|
457 | After the image file was successfully created by the `rpi23-gen-image.sh` script it can be copied to the microSD card that will be used by the RPi 0/1/2/3 computer. This can be performed by using the tools `bmaptool` or `dd`. Using `bmaptool` will probably speed-up the copy process because `bmaptool` copies more wisely than `dd`. | |
|
448 | 458 | |
|
449 | 459 | ##### Flashing examples: |
|
450 | 460 | ```shell |
|
451 | 461 | bmaptool copy ./images/buster/2017-01-23-rpi3-buster.img /dev/mmcblk0 |
|
452 | 462 | dd bs=4M if=./images/buster/2017-01-23-rpi3-buster.img of=/dev/mmcblk0 |
|
453 | 463 | ``` |
|
454 | 464 | If you have set `ENABLE_SPLITFS`, copy the `-frmw` image on the microSD card, then the `-root` one on the USB drive: |
|
455 | 465 | ```shell |
|
456 | 466 | bmaptool copy ./images/buster/2017-01-23-rpi3-buster-frmw.img /dev/mmcblk0 |
|
457 | 467 | bmaptool copy ./images/buster/2017-01-23-rpi3-buster-root.img /dev/sdc |
|
458 | 468 | ``` |
|
459 | 469 | |
|
460 | 470 | ## QEMU emulation |
|
461 | 471 | Start QEMU full system emulation: |
|
462 | 472 | ```shell |
|
463 | 473 | qemu-system-arm -m 2048M -M vexpress-a15 -cpu cortex-a15 -kernel kernel7.img -no-reboot -dtb vexpress-v2p-ca15_a7.dtb -sd ${IMAGE_NAME}.qcow2 -append "root=/dev/mmcblk0p2 rw rootfstype=ext4 console=tty1" |
|
464 | 474 | ``` |
|
465 | 475 | |
|
466 | 476 | Start QEMU full system emulation and output to console: |
|
467 | 477 | ```shell |
|
468 | 478 | qemu-system-arm -m 2048M -M vexpress-a15 -cpu cortex-a15 -kernel kernel7.img -no-reboot -dtb vexpress-v2p-ca15_a7.dtb -sd ${IMAGE_NAME}.qcow2 -append "root=/dev/mmcblk0p2 rw rootfstype=ext4 console=ttyAMA0,115200 init=/bin/systemd" -serial stdio |
|
469 | 479 | ``` |
|
470 | 480 | |
|
471 | 481 | Start QEMU full system emulation with SMP and output to console: |
|
472 | 482 | ```shell |
|
473 | 483 | qemu-system-arm -m 2048M -M vexpress-a15 -cpu cortex-a15 -smp cpus=2,maxcpus=2 -kernel kernel7.img -no-reboot -dtb vexpress-v2p-ca15_a7.dtb -sd ${IMAGE_NAME}.qcow2 -append "root=/dev/mmcblk0p2 rw rootfstype=ext4 console=ttyAMA0,115200 init=/bin/systemd" -serial stdio |
|
474 | 484 | ``` |
|
475 | 485 | |
|
476 | 486 | Start QEMU full system emulation with cryptfs, initramfs and output to console: |
|
477 | 487 | ```shell |
|
478 | 488 | qemu-system-arm -m 2048M -M vexpress-a15 -cpu cortex-a15 -kernel kernel7.img -no-reboot -dtb vexpress-v2p-ca15_a7.dtb -sd ${IMAGE_NAME}.qcow2 -initrd "initramfs-${KERNEL_VERSION}" -append "root=/dev/mapper/secure cryptdevice=/dev/mmcblk0p2:secure rw rootfstype=ext4 console=ttyAMA0,115200 init=/bin/systemd" -serial stdio |
|
479 | 489 | ``` |
|
480 | 490 | |
|
481 | 491 | ## External links and references |
|
482 | 492 | * [Debian worldwide mirror sites](https://www.debian.org/mirror/list) |
|
483 | 493 | * [Debian Raspberry Pi 2 Wiki](https://wiki.debian.org/RaspberryPi2) |
|
484 | 494 | * [Debian CrossToolchains Wiki](https://wiki.debian.org/CrossToolchains) |
|
485 | 495 | * [Official Raspberry Pi Firmware on github](https://github.com/raspberrypi/firmware) |
|
486 | 496 | * [Official Raspberry Pi Kernel on github](https://github.com/raspberrypi/linux) |
|
487 | 497 | * [U-BOOT git repository](https://git.denx.de/?p=u-boot.git;a=summary) |
|
488 | 498 | * [Xorg DDX driver fbturbo](https://github.com/ssvb/xf86-video-fbturbo) |
|
489 | 499 | * [RPi3 Wireless interface firmware](https://github.com/RPi-Distro/firmware-nonfree/tree/master/brcm80211/brcm) |
|
490 | 500 | * [Collabora RPi2 Kernel precompiled](https://repositories.collabora.co.uk/debian/) |
@@ -1,58 +1,58 | |||
|
1 | 1 | # |
|
2 | 2 | # Setup Locales and keyboard settings |
|
3 | 3 | # |
|
4 | 4 | |
|
5 | 5 | # Load utility functions |
|
6 | 6 | . ./functions.sh |
|
7 | 7 | |
|
8 | 8 | # Install and setup timezone |
|
9 | 9 | echo "${TIMEZONE}" > "${ETC_DIR}/timezone" |
|
10 | 10 | chroot_exec dpkg-reconfigure -f noninteractive tzdata |
|
11 | 11 | |
|
12 | 12 | # Install and setup default locale and keyboard configuration |
|
13 | 13 | if [ "$(echo "$APT_INCLUDES" | grep ",locales")" ] ; then |
|
14 | 14 | # Set locale choice in debconf db, even though dpkg-reconfigure ignores and overwrites them due to some bug |
|
15 | 15 | # https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=684134 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=685957 |
|
16 | 16 | # ... so we have to set locales manually |
|
17 | 17 | if [ "$DEFLOCAL" = "en_US.UTF-8" ] ; then |
|
18 | 18 | chroot_exec echo "locales locales/locales_to_be_generated multiselect ${DEFLOCAL} UTF-8" | debconf-set-selections |
|
19 | 19 | else |
|
20 | 20 | # en_US.UTF-8 should be available anyway : https://www.debian.org/doc/manuals/debian-reference/ch08.en.html#_the_reconfiguration_of_the_locale |
|
21 | 21 | chroot_exec echo "locales locales/locales_to_be_generated multiselect en_US.UTF-8 UTF-8, ${DEFLOCAL} UTF-8" | debconf-set-selections |
|
22 | 22 | sed -i "/en_US.UTF-8/s/^#//" "${ETC_DIR}/locale.gen" |
|
23 | 23 | fi |
|
24 | 24 | |
|
25 | 25 | sed -i "/${DEFLOCAL}/s/^#//" "${ETC_DIR}/locale.gen" |
|
26 | 26 | chroot_exec echo "locales locales/default_environment_locale select ${DEFLOCAL}" | debconf-set-selections |
|
27 | 27 | chroot_exec locale-gen |
|
28 | 28 | chroot_exec update-locale LANG="${DEFLOCAL}" |
|
29 | 29 | |
|
30 | 30 | # Install and setup default keyboard configuration |
|
31 |
if [ "$XKB_MODEL" != " |
|
|
31 | if [ "$XKB_MODEL" != "" ] ; then | |
|
32 | 32 | sed -i "s/^XKBMODEL.*/XKBMODEL=\"${XKB_MODEL}\"/" "${ETC_DIR}/default/keyboard" |
|
33 | 33 | fi |
|
34 |
if [ "$XKB_LAYOUT" != " |
|
|
34 | if [ "$XKB_LAYOUT" != "" ] ; then | |
|
35 | 35 | sed -i "s/^XKBLAYOUT.*/XKBLAYOUT=\"${XKB_LAYOUT}\"/" "${ETC_DIR}/default/keyboard" |
|
36 | 36 | fi |
|
37 | 37 | if [ "$XKB_VARIANT" != "" ] ; then |
|
38 | 38 | sed -i "s/^XKBVARIANT.*/XKBVARIANT=\"${XKB_VARIANT}\"/" "${ETC_DIR}/default/keyboard" |
|
39 | 39 | fi |
|
40 | 40 | if [ "$XKB_OPTIONS" != "" ] ; then |
|
41 | 41 | sed -i "s/^XKBOPTIONS.*/XKBOPTIONS=\"${XKB_OPTIONS}\"/" "${ETC_DIR}/default/keyboard" |
|
42 | 42 | fi |
|
43 | 43 | chroot_exec dpkg-reconfigure -f noninteractive keyboard-configuration |
|
44 | 44 | |
|
45 | 45 | # Install and setup font console |
|
46 | 46 | case "${DEFLOCAL}" in |
|
47 | 47 | *UTF-8) |
|
48 | 48 | sed -i 's/^CHARMAP.*/CHARMAP="UTF-8"/' "${ETC_DIR}/default/console-setup" |
|
49 | 49 | ;; |
|
50 | 50 | *) |
|
51 | 51 | sed -i 's/^CHARMAP.*/CHARMAP="guess"/' "${ETC_DIR}/default/console-setup" |
|
52 | 52 | ;; |
|
53 | 53 | esac |
|
54 | 54 | chroot_exec dpkg-reconfigure -f noninteractive console-setup |
|
55 | 55 | else # (no locales were installed) |
|
56 | 56 | # Install POSIX default locale |
|
57 | 57 | install_readonly files/locales/locale "${ETC_DIR}/default/locale" |
|
58 | 58 | fi |
@@ -1,255 +1,255 | |||
|
1 | 1 | # |
|
2 | 2 | # Build and Setup RPi2/3 Kernel |
|
3 | 3 | # |
|
4 | 4 | |
|
5 | 5 | # Load utility functions |
|
6 | 6 | . ./functions.sh |
|
7 | 7 | |
|
8 | 8 | # Fetch and build latest raspberry kernel |
|
9 | 9 | if [ "$BUILD_KERNEL" = true ] ; then |
|
10 | 10 | # Setup source directory |
|
11 | 11 | mkdir -p "${KERNEL_DIR}" |
|
12 | 12 | |
|
13 | 13 | # Copy existing kernel sources into chroot directory |
|
14 | 14 | if [ -n "$KERNELSRC_DIR" ] && [ -d "$KERNELSRC_DIR" ] ; then |
|
15 | 15 | # Copy kernel sources and include hidden files |
|
16 | 16 | cp -r "${KERNELSRC_DIR}/". "${KERNEL_DIR}" |
|
17 | 17 | |
|
18 | 18 | # Clean the kernel sources |
|
19 | 19 | if [ "$KERNELSRC_CLEAN" = true ] && [ "$KERNELSRC_PREBUILT" = false ] ; then |
|
20 | 20 | make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" mrproper |
|
21 | 21 | fi |
|
22 | 22 | else # KERNELSRC_DIR="" |
|
23 | 23 | # Create temporary directory for kernel sources |
|
24 | 24 | temp_dir=$(as_nobody mktemp -d) |
|
25 | 25 | |
|
26 | 26 | # Fetch current RPi2/3 kernel sources |
|
27 | 27 | if [ -z "${KERNEL_BRANCH}" ] ; then |
|
28 | 28 | as_nobody -H git -C "${temp_dir}" clone --depth=1 "${KERNEL_URL}" linux |
|
29 | 29 | else |
|
30 | 30 | as_nobody -H git -C "${temp_dir}" clone --depth=1 --branch "${KERNEL_BRANCH}" "${KERNEL_URL}" linux |
|
31 | 31 | fi |
|
32 | 32 | |
|
33 | 33 | # Copy downloaded kernel sources |
|
34 | 34 | cp -r "${temp_dir}/linux/"* "${KERNEL_DIR}" |
|
35 | 35 | |
|
36 | 36 | # Remove temporary directory for kernel sources |
|
37 | 37 | rm -fr "${temp_dir}" |
|
38 | 38 | |
|
39 | 39 | # Set permissions of the kernel sources |
|
40 | 40 | chown -R root:root "${R}/usr/src" |
|
41 | 41 | fi |
|
42 | 42 | |
|
43 | 43 | # Calculate optimal number of kernel building threads |
|
44 | 44 | if [ "$KERNEL_THREADS" = "1" ] && [ -r /proc/cpuinfo ] ; then |
|
45 | 45 | KERNEL_THREADS=$(grep -c processor /proc/cpuinfo) |
|
46 | 46 | fi |
|
47 | 47 | |
|
48 | 48 | # Configure and build kernel |
|
49 | 49 | if [ "$KERNELSRC_PREBUILT" = false ] ; then |
|
50 | 50 | # Remove device, network and filesystem drivers from kernel configuration |
|
51 | 51 | if [ "$KERNEL_REDUCE" = true ] ; then |
|
52 | 52 | make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" "${KERNEL_DEFCONFIG}" |
|
53 | 53 | sed -i\ |
|
54 | 54 | -e "s/\(^CONFIG_SND.*\=\).*/\1n/"\ |
|
55 | 55 | -e "s/\(^CONFIG_SOUND.*\=\).*/\1n/"\ |
|
56 | 56 | -e "s/\(^CONFIG_AC97.*\=\).*/\1n/"\ |
|
57 | 57 | -e "s/\(^CONFIG_VIDEO_.*\=\).*/\1n/"\ |
|
58 | 58 | -e "s/\(^CONFIG_MEDIA_TUNER.*\=\).*/\1n/"\ |
|
59 | 59 | -e "s/\(^CONFIG_DVB.*\=\)[ym]/\1n/"\ |
|
60 | 60 | -e "s/\(^CONFIG_REISERFS.*\=\).*/\1n/"\ |
|
61 | 61 | -e "s/\(^CONFIG_JFS.*\=\).*/\1n/"\ |
|
62 | 62 | -e "s/\(^CONFIG_XFS.*\=\).*/\1n/"\ |
|
63 | 63 | -e "s/\(^CONFIG_GFS2.*\=\).*/\1n/"\ |
|
64 | 64 | -e "s/\(^CONFIG_OCFS2.*\=\).*/\1n/"\ |
|
65 | 65 | -e "s/\(^CONFIG_BTRFS.*\=\).*/\1n/"\ |
|
66 | 66 | -e "s/\(^CONFIG_HFS.*\=\).*/\1n/"\ |
|
67 | 67 | -e "s/\(^CONFIG_JFFS2.*\=\)[ym]/\1n/"\ |
|
68 | 68 | -e "s/\(^CONFIG_UBIFS.*\=\).*/\1n/"\ |
|
69 | 69 | -e "s/\(^CONFIG_SQUASHFS.*\=\)[ym]/\1n/"\ |
|
70 | 70 | -e "s/\(^CONFIG_W1.*\=\)[ym]/\1n/"\ |
|
71 | 71 | -e "s/\(^CONFIG_HAMRADIO.*\=\).*/\1n/"\ |
|
72 | 72 | -e "s/\(^CONFIG_CAN.*\=\).*/\1n/"\ |
|
73 | 73 | -e "s/\(^CONFIG_IRDA.*\=\).*/\1n/"\ |
|
74 | 74 | -e "s/\(^CONFIG_BT_.*\=\).*/\1n/"\ |
|
75 | 75 | -e "s/\(^CONFIG_WIMAX.*\=\)[ym]/\1n/"\ |
|
76 | 76 | -e "s/\(^CONFIG_6LOWPAN.*\=\).*/\1n/"\ |
|
77 | 77 | -e "s/\(^CONFIG_IEEE802154.*\=\).*/\1n/"\ |
|
78 | 78 | -e "s/\(^CONFIG_NFC.*\=\).*/\1n/"\ |
|
79 | 79 | -e "s/\(^CONFIG_FB_TFT=.*\=\).*/\1n/"\ |
|
80 | 80 | -e "s/\(^CONFIG_TOUCHSCREEN.*\=\).*/\1n/"\ |
|
81 | 81 | -e "s/\(^CONFIG_USB_GSPCA_.*\=\).*/\1n/"\ |
|
82 | 82 | -e "s/\(^CONFIG_DRM.*\=\).*/\1n/"\ |
|
83 | 83 | "${KERNEL_DIR}/.config" |
|
84 | 84 | fi |
|
85 | 85 | |
|
86 | 86 | if [ "$KERNELSRC_CONFIG" = true ] ; then |
|
87 | 87 | # Load default raspberry kernel configuration |
|
88 | 88 | make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" "${KERNEL_DEFCONFIG}" |
|
89 | 89 | |
|
90 | 90 | # Set kernel configuration parameters to enable qemu emulation |
|
91 | 91 | if [ "$ENABLE_QEMU" = true ] ; then |
|
92 | 92 | echo "CONFIG_FHANDLE=y" >> "${KERNEL_DIR}"/.config |
|
93 | 93 | echo "CONFIG_LBDAF=y" >> "${KERNEL_DIR}"/.config |
|
94 | 94 | |
|
95 | 95 | if [ "$ENABLE_CRYPTFS" = true ] ; then |
|
96 | 96 | { |
|
97 | 97 | echo "CONFIG_EMBEDDED=y" |
|
98 | 98 | echo "CONFIG_EXPERT=y" |
|
99 | 99 | echo "CONFIG_DAX=y" |
|
100 | 100 | echo "CONFIG_MD=y" |
|
101 | 101 | echo "CONFIG_BLK_DEV_MD=y" |
|
102 | 102 | echo "CONFIG_MD_AUTODETECT=y" |
|
103 | 103 | echo "CONFIG_BLK_DEV_DM=y" |
|
104 | 104 | echo "CONFIG_BLK_DEV_DM_BUILTIN=y" |
|
105 | 105 | echo "CONFIG_DM_CRYPT=y" |
|
106 | 106 | echo "CONFIG_CRYPTO_BLKCIPHER=y" |
|
107 | 107 | echo "CONFIG_CRYPTO_CBC=y" |
|
108 | 108 | echo "CONFIG_CRYPTO_XTS=y" |
|
109 | 109 | echo "CONFIG_CRYPTO_SHA512=y" |
|
110 | 110 | echo "CONFIG_CRYPTO_MANAGER=y" |
|
111 | } >> ${KERNEL_DIR}/.config | |
|
111 | } >> "${KERNEL_DIR}"/.config | |
|
112 | 112 | fi |
|
113 | 113 | fi |
|
114 | 114 | |
|
115 | 115 | # Copy custom kernel configuration file |
|
116 | 116 | if [ -n "$KERNELSRC_USRCONFIG" ] ; then |
|
117 | 117 | cp "$KERNELSRC_USRCONFIG" "${KERNEL_DIR}"/.config |
|
118 | 118 | fi |
|
119 | 119 | |
|
120 | 120 | # Set kernel configuration parameters to their default values |
|
121 | 121 | if [ "$KERNEL_OLDDEFCONFIG" = true ] ; then |
|
122 | 122 | make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" olddefconfig |
|
123 | 123 | fi |
|
124 | 124 | |
|
125 | 125 | # Start menu-driven kernel configuration (interactive) |
|
126 | 126 | if [ "$KERNEL_MENUCONFIG" = true ] ; then |
|
127 | 127 | make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" menuconfig |
|
128 | 128 | fi |
|
129 | 129 | fi |
|
130 | 130 | |
|
131 | 131 | # Use ccache to cross compile the kernel |
|
132 | 132 | if [ "$KERNEL_CCACHE" = true ] ; then |
|
133 | 133 | cc="ccache ${CROSS_COMPILE}gcc" |
|
134 | 134 | else |
|
135 | 135 | cc="${CROSS_COMPILE}gcc" |
|
136 | 136 | fi |
|
137 | 137 | |
|
138 | 138 | # Cross compile kernel and dtbs |
|
139 | 139 | make -C "${KERNEL_DIR}" -j"${KERNEL_THREADS}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" CC="${cc}" "${KERNEL_BIN_IMAGE}" dtbs |
|
140 | 140 | |
|
141 | 141 | # Cross compile kernel modules |
|
142 |
if |
|
|
142 | if grep -q "CONFIG_MODULES=y" "${KERNEL_DIR}/.config" ; then | |
|
143 | 143 | make -C "${KERNEL_DIR}" -j"${KERNEL_THREADS}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" CC="${cc}" modules |
|
144 | 144 | fi |
|
145 | 145 | fi |
|
146 | 146 | |
|
147 | 147 | # Check if kernel compilation was successful |
|
148 | 148 | if [ ! -r "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/${KERNEL_BIN_IMAGE}" ] ; then |
|
149 | 149 | echo "error: kernel compilation failed! (kernel image not found)" |
|
150 | 150 | cleanup |
|
151 | 151 | exit 1 |
|
152 | 152 | fi |
|
153 | 153 | |
|
154 | 154 | # Install kernel modules |
|
155 | 155 | if [ "$ENABLE_REDUCE" = true ] ; then |
|
156 |
if |
|
|
156 | if grep -q "CONFIG_MODULES=y" "${KERNEL_DIR}/.config" ; then | |
|
157 | 157 | make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_MOD_STRIP=1 INSTALL_MOD_PATH=../../.. modules_install |
|
158 | 158 | fi |
|
159 | 159 | else |
|
160 |
if |
|
|
160 | if grep -q "CONFIG_MODULES=y" "${KERNEL_DIR}/.config" ; then | |
|
161 | 161 | make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_MOD_PATH=../../.. modules_install |
|
162 | 162 | fi |
|
163 | 163 | |
|
164 | 164 | # Install kernel firmware |
|
165 |
if |
|
|
165 | if grep -q "^firmware_install:" "${KERNEL_DIR}/Makefile" ; then | |
|
166 | 166 | make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_FW_PATH=../../../lib firmware_install |
|
167 | 167 | fi |
|
168 | 168 | fi |
|
169 | 169 | |
|
170 | 170 | # Install kernel headers |
|
171 | 171 | if [ "$KERNEL_HEADERS" = true ] && [ "$KERNEL_REDUCE" = false ] ; then |
|
172 | 172 | make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_HDR_PATH=../.. headers_install |
|
173 | 173 | fi |
|
174 | 174 | |
|
175 | 175 | # Prepare boot (firmware) directory |
|
176 | 176 | mkdir "${BOOT_DIR}" |
|
177 | 177 | |
|
178 | 178 | # Get kernel release version |
|
179 | 179 | KERNEL_VERSION=$(cat "${KERNEL_DIR}/include/config/kernel.release") |
|
180 | 180 | |
|
181 | 181 | # Copy kernel configuration file to the boot directory |
|
182 | 182 | install_readonly "${KERNEL_DIR}/.config" "${R}/boot/config-${KERNEL_VERSION}" |
|
183 | 183 | |
|
184 | 184 | # Prepare device tree directory |
|
185 | 185 | mkdir "${BOOT_DIR}/overlays" |
|
186 | 186 | |
|
187 | 187 | # Ensure the proper .dtb is located |
|
188 | 188 | if [ "$KERNEL_ARCH" = "arm" ] ; then |
|
189 | 189 | for dtb in "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/"*.dtb ; do |
|
190 | 190 | if [ -f "${dtb}" ] ; then |
|
191 | 191 | install_readonly "${dtb}" "${BOOT_DIR}/" |
|
192 | 192 | fi |
|
193 | 193 | done |
|
194 | 194 | else |
|
195 | 195 | for dtb in "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/broadcom/"*.dtb ; do |
|
196 | 196 | if [ -f "${dtb}" ] ; then |
|
197 | 197 | install_readonly "${dtb}" "${BOOT_DIR}/" |
|
198 | 198 | fi |
|
199 | 199 | done |
|
200 | 200 | fi |
|
201 | 201 | |
|
202 | 202 | # Copy compiled dtb device tree files |
|
203 | 203 | if [ -d "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays" ] ; then |
|
204 | 204 | for dtb in "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays/"*.dtb ; do |
|
205 | 205 | if [ -f "${dtb}" ] ; then |
|
206 | 206 | install_readonly "${dtb}" "${BOOT_DIR}/overlays/" |
|
207 | 207 | fi |
|
208 | 208 | done |
|
209 | 209 | |
|
210 | 210 | if [ -f "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays/README" ] ; then |
|
211 | 211 | install_readonly "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays/README" "${BOOT_DIR}/overlays/README" |
|
212 | 212 | fi |
|
213 | 213 | fi |
|
214 | 214 | |
|
215 | 215 | if [ "$ENABLE_UBOOT" = false ] ; then |
|
216 | 216 | # Convert and copy kernel image to the boot directory |
|
217 | 217 | "${KERNEL_DIR}/scripts/mkknlimg" "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/${KERNEL_BIN_IMAGE}" "${BOOT_DIR}/${KERNEL_IMAGE}" |
|
218 | 218 | else |
|
219 | 219 | # Copy kernel image to the boot directory |
|
220 | 220 | install_readonly "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/${KERNEL_BIN_IMAGE}" "${BOOT_DIR}/${KERNEL_IMAGE}" |
|
221 | 221 | fi |
|
222 | 222 | |
|
223 | 223 | # Remove kernel sources |
|
224 | 224 | if [ "$KERNEL_REMOVESRC" = true ] ; then |
|
225 | 225 | rm -fr "${KERNEL_DIR}" |
|
226 | 226 | else |
|
227 | 227 | # Prepare compiled kernel modules |
|
228 |
if |
|
|
229 |
if |
|
|
228 | if grep -q "CONFIG_MODULES=y" "${KERNEL_DIR}/.config" ; then | |
|
229 | if grep -q "^modules_prepare:" "${KERNEL_DIR}/Makefile" ; then | |
|
230 | 230 | make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" modules_prepare |
|
231 | 231 | fi |
|
232 | 232 | |
|
233 | 233 | # Create symlinks for kernel modules |
|
234 | 234 | chroot_exec ln -sf /usr/src/linux "/lib/modules/${KERNEL_VERSION}/build" |
|
235 | 235 | chroot_exec ln -sf /usr/src/linux "/lib/modules/${KERNEL_VERSION}/source" |
|
236 | 236 | fi |
|
237 | 237 | fi |
|
238 | 238 | |
|
239 | 239 | else # BUILD_KERNEL=false |
|
240 | 240 | # Kernel installation |
|
241 | 241 | chroot_exec apt-get -qq -y --no-install-recommends install linux-image-"${COLLABORA_KERNEL}" raspberrypi-bootloader-nokernel |
|
242 | 242 | |
|
243 | 243 | # Install flash-kernel last so it doesn't try (and fail) to detect the platform in the chroot |
|
244 | 244 | chroot_exec apt-get -qq -y install flash-kernel |
|
245 | 245 | |
|
246 | 246 | # Check if kernel installation was successful |
|
247 | 247 | VMLINUZ="$(ls -1 "${R}"/boot/vmlinuz-* | sort | tail -n 1)" |
|
248 | 248 | if [ -z "$VMLINUZ" ] ; then |
|
249 | 249 | echo "error: kernel installation failed! (/boot/vmlinuz-* not found)" |
|
250 | 250 | cleanup |
|
251 | 251 | exit 1 |
|
252 | 252 | fi |
|
253 | 253 | # Copy vmlinuz kernel to the boot directory |
|
254 | 254 | install_readonly "${VMLINUZ}" "${BOOT_DIR}/${KERNEL_IMAGE}" |
|
255 | 255 | fi |
@@ -1,174 +1,229 | |||
|
1 | 1 | # |
|
2 | 2 | # Setup RPi2/3 config and cmdline |
|
3 | 3 | # |
|
4 | 4 | |
|
5 | 5 | # Load utility functions |
|
6 | 6 | . ./functions.sh |
|
7 | 7 | |
|
8 | 8 | if [ "$BUILD_KERNEL" = true ] ; then |
|
9 | 9 | if [ -n "$RPI_FIRMWARE_DIR" ] && [ -d "$RPI_FIRMWARE_DIR" ] ; then |
|
10 | 10 | # Install boot binaries from local directory |
|
11 | 11 | cp "${RPI_FIRMWARE_DIR}"/boot/bootcode.bin "${BOOT_DIR}"/bootcode.bin |
|
12 | 12 | cp "${RPI_FIRMWARE_DIR}"/boot/fixup.dat "${BOOT_DIR}"/fixup.dat |
|
13 | 13 | cp "${RPI_FIRMWARE_DIR}"/boot/fixup_cd.dat "${BOOT_DIR}"/fixup_cd.dat |
|
14 | 14 | cp "${RPI_FIRMWARE_DIR}"/boot/fixup_x.dat "${BOOT_DIR}"/fixup_x.dat |
|
15 | 15 | cp "${RPI_FIRMWARE_DIR}"/boot/start.elf "${BOOT_DIR}"/start.elf |
|
16 | 16 | cp "${RPI_FIRMWARE_DIR}"/boot/start_cd.elf "${BOOT_DIR}"/start_cd.elf |
|
17 | 17 | cp "${RPI_FIRMWARE_DIR}"/boot/start_x.elf "${BOOT_DIR}"/start_x.elf |
|
18 | 18 | else |
|
19 | 19 | # Create temporary directory for boot binaries |
|
20 | 20 | temp_dir=$(as_nobody mktemp -d) |
|
21 | 21 | |
|
22 | 22 | # Install latest boot binaries from raspberry/firmware github |
|
23 | 23 | as_nobody wget -q -O "${temp_dir}/bootcode.bin" "${FIRMWARE_URL}/bootcode.bin" |
|
24 | 24 | as_nobody wget -q -O "${temp_dir}/fixup.dat" "${FIRMWARE_URL}/fixup.dat" |
|
25 | 25 | as_nobody wget -q -O "${temp_dir}/fixup_cd.dat" "${FIRMWARE_URL}/fixup_cd.dat" |
|
26 | 26 | as_nobody wget -q -O "${temp_dir}/fixup_x.dat" "${FIRMWARE_URL}/fixup_x.dat" |
|
27 | 27 | as_nobody wget -q -O "${temp_dir}/start.elf" "${FIRMWARE_URL}/start.elf" |
|
28 | 28 | as_nobody wget -q -O "${temp_dir}/start_cd.elf" "${FIRMWARE_URL}/start_cd.elf" |
|
29 | 29 | as_nobody wget -q -O "${temp_dir}/start_x.elf" "${FIRMWARE_URL}/start_x.elf" |
|
30 | 30 | |
|
31 | 31 | # Move downloaded boot binaries |
|
32 | 32 | mv "${temp_dir}/"* "${BOOT_DIR}/" |
|
33 | 33 | |
|
34 | 34 | # Remove temporary directory for boot binaries |
|
35 | 35 | rm -fr "${temp_dir}" |
|
36 | 36 | |
|
37 | 37 | # Set permissions of the boot binaries |
|
38 | 38 | chown -R root:root "${BOOT_DIR}" |
|
39 | 39 | chmod -R 600 "${BOOT_DIR}" |
|
40 | 40 | fi |
|
41 | 41 | fi |
|
42 | 42 | |
|
43 | 43 | # Setup firmware boot cmdline |
|
44 | 44 | if [ "$ENABLE_SPLITFS" = true ] ; then |
|
45 | 45 | CMDLINE="dwc_otg.lpm_enable=0 root=/dev/sda1 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline rootwait console=tty1 init=/bin/systemd" |
|
46 | 46 | else |
|
47 | 47 | CMDLINE="dwc_otg.lpm_enable=0 root=/dev/mmcblk0p2 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline rootwait console=tty1 init=/bin/systemd" |
|
48 | 48 | fi |
|
49 | 49 | |
|
50 | 50 | # Add encrypted root partition to cmdline.txt |
|
51 | 51 | if [ "$ENABLE_CRYPTFS" = true ] ; then |
|
52 | 52 | if [ "$ENABLE_SPLITFS" = true ] ; then |
|
53 | 53 | CMDLINE=$(echo "${CMDLINE}" | sed "s/sda1/mapper\/${CRYPTFS_MAPPING} cryptdevice=\/dev\/sda1:${CRYPTFS_MAPPING}/") |
|
54 | 54 | else |
|
55 | 55 | CMDLINE=$(echo "${CMDLINE}" | sed "s/mmcblk0p2/mapper\/${CRYPTFS_MAPPING} cryptdevice=\/dev\/mmcblk0p2:${CRYPTFS_MAPPING}/") |
|
56 | 56 | fi |
|
57 | 57 | fi |
|
58 | 58 | |
|
59 | # Add serial console support | |
|
60 |
if [ "$ENABLE_ |
|
|
61 | CMDLINE="${CMDLINE} console=ttyAMA0,115200 kgdboc=ttyAMA0,115200" | |
|
59 | #locks cpu at max frequency | |
|
60 | if [ "$ENABLE_TURBO" = true ] ; then | |
|
61 | echo "force_turbo=1" >> "${BOOT_DIR}/config.txt" | |
|
62 | 62 | fi |
|
63 | 63 | |
|
64 | # Remove IPv6 networking support | |
|
65 | if [ "$ENABLE_IPV6" = false ] ; then | |
|
66 | CMDLINE="${CMDLINE} ipv6.disable=1" | |
|
64 | if [ "$ENABLE_PRINTK" = true ] ; then | |
|
65 | install_readonly files/sysctl.d/83-rpi-printk.conf "${ETC_DIR}/sysctl.d/83-rpi-printk.conf" | |
|
67 | 66 | fi |
|
68 | 67 | |
|
69 | # Automatically assign predictable network interface names | |
|
70 | if [ "$ENABLE_IFNAMES" = false ] ; then | |
|
71 | CMDLINE="${CMDLINE} net.ifnames=0" | |
|
72 | else | |
|
73 | CMDLINE="${CMDLINE} net.ifnames=1" | |
|
74 | fi | |
|
68 | # Install udev rule for serial alias | |
|
69 | install_readonly files/etc/99-com.rules "${LIB_DIR}/udev/rules.d/99-com.rules" | |
|
75 | 70 | |
|
76 | # Install firmware boot cmdline | |
|
77 | echo "${CMDLINE}" > "${BOOT_DIR}/cmdline.txt" | |
|
78 | ||
|
79 | # Install firmware config | |
|
80 | install_readonly files/boot/config.txt "${BOOT_DIR}/config.txt" | |
|
71 | if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then | |
|
81 | 72 | |
|
82 | # Setup minimal GPU memory allocation size: 16MB (no X) | |
|
83 | if [ "$ENABLE_MINGPU" = true ] ; then | |
|
84 | echo "gpu_mem=16" >> "${BOOT_DIR}/config.txt" | |
|
85 | fi | |
|
73 | # RPI0,3,3P Use default ttyS0 (mini-UART)as serial interface | |
|
74 | SET_SERIAL="ttyS0" | |
|
86 | 75 | |
|
87 | # Setup boot with initramfs | |
|
88 |
if [ "$ENABLE_ |
|
|
89 | echo "initramfs initramfs-${KERNEL_VERSION} followkernel" >> "${BOOT_DIR}/config.txt" | |
|
90 | fi | |
|
91 | ||
|
92 | # Disable RPi3 Bluetooth and restore ttyAMA0 serial device | |
|
93 | if [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then | |
|
94 | if [ "$ENABLE_CONSOLE" = true ] && [ "$ENABLE_UBOOT" = false ] ; then | |
|
95 | echo "dtoverlay=pi3-disable-bt" >> "${BOOT_DIR}/config.txt" | |
|
96 | echo "enable_uart=1" >> "${BOOT_DIR}/config.txt" | |
|
97 | else | |
|
76 | # Bluetooth enabled | |
|
77 | if [ "$ENABLE_BLUETOOTH" = true ] ; then | |
|
98 | 78 | # Create temporary directory for Bluetooth sources |
|
99 | 79 | temp_dir=$(as_nobody mktemp -d) |
|
100 | 80 | |
|
101 | 81 | # Fetch Bluetooth sources |
|
102 | 82 | as_nobody git -C "${temp_dir}" clone "${BLUETOOTH_URL}" |
|
103 | 83 | |
|
104 | 84 | # Copy downloaded sources |
|
105 | 85 | mv "${temp_dir}/pi-bluetooth" "${R}/tmp/" |
|
106 | 86 | |
|
87 | # Bluetooth firmware from arch aur https://aur.archlinux.org/packages/pi-bluetooth/ | |
|
88 | as_nobody wget -q -O "${R}/tmp/pi-bluetooth/LICENCE.broadcom_bcm43xx" https://aur.archlinux.org/cgit/aur.git/plain/LICENCE.broadcom_bcm43xx?h=pi-bluetooth | |
|
89 | as_nobody wget -q -O "${R}/tmp/pi-bluetooth/BCM43430A1.hcd" https://aur.archlinux.org/cgit/aur.git/plain/BCM43430A1.hcd?h=pi-bluetooth | |
|
90 | ||
|
107 | 91 | # Set permissions |
|
108 | 92 | chown -R root:root "${R}/tmp/pi-bluetooth" |
|
109 | 93 | |
|
110 | 94 | # Install tools |
|
111 | 95 | install_readonly "${R}/tmp/pi-bluetooth/usr/bin/btuart" "${R}/usr/bin/btuart" |
|
112 | 96 | install_readonly "${R}/tmp/pi-bluetooth/usr/bin/bthelper" "${R}/usr/bin/bthelper" |
|
113 | 97 | |
|
114 | 98 | # Install bluetooth udev rule |
|
115 | 99 | install_readonly "${R}/tmp/pi-bluetooth/lib/udev/rules.d/90-pi-bluetooth.rules" "${LIB_DIR}/udev/rules.d/90-pi-bluetooth.rules" |
|
116 | 100 | |
|
117 | 101 | # Install Firmware Flash file and apropiate licence |
|
118 | mkdir "${ETC_DIR}/firmware/" | |
|
102 | mkdir -p "$BLUETOOTH_FIRMWARE_DIR" | |
|
103 | install_readonly "${R}/tmp/pi-bluetooth/LICENCE.broadcom_bcm43xx" "${BLUETOOTH_FIRMWARE_DIR}/LICENCE.broadcom_bcm43xx" | |
|
104 | install_readonly "${R}/tmp/pi-bluetooth/BCM43430A1.hcd" "${BLUETOOTH_FIRMWARE_DIR}/LICENCE.broadcom_bcm43xx" | |
|
105 | install_readonly "${R}/tmp/pi-bluetooth/debian/pi-bluetooth.bthelper@.service" "${ETC_DIR}/systemd/system/pi-bluetooth.bthelper@.service" | |
|
106 | install_readonly "${R}/tmp/pi-bluetooth/debian/pi-bluetooth.hciuart.service" "${ETC_DIR}/systemd/system/pi-bluetooth.hciuart.service" | |
|
107 | ||
|
108 | # Remove temporary directory | |
|
109 | rm -fr "${temp_dir}" | |
|
119 | 110 | |
|
120 | wget -O "${R}/tmp/pi-bluetooth/LICENCE.broadcom_bcm43xx" https://aur.archlinux.org/cgit/aur.git/plain/LICENCE.broadcom_bcm43xx?h=pi-bluetooth | |
|
121 | wget -O "${R}/tmp/pi-bluetooth/BCM43430A1.hcd" https://aur.archlinux.org/cgit/aur.git/plain/BCM43430A1.hcd?h=pi-bluetooth | |
|
111 | # Switch Pi3 Bluetooth function to use the mini-UART (ttyS0) and restore UART0/ttyAMA0 over GPIOs 14 & 15. Slow Bluetooth and slow cpu. Use /dev/ttyS0 instead of /dev/ttyAMA0 | |
|
112 | if [ "$ENABLE_MINIUART_OVERLAY" = true ] ; then | |
|
113 | SET_SERIAL="ttyAMA0" | |
|
122 | 114 | |
|
123 | # Get /dev/serial back for compability | |
|
124 | wget -O "${ETC_DIR}/udev/rules.d/99-com.rules" https://raw.githubusercontent.com/RPi-Distro/raspberrypi-sys-mods/master/etc.armhf/udev/rules.d/99-com.rules | |
|
115 | # set overlay to swap ttyAMA0 and ttyS0 | |
|
116 | echo "dtoverlay=pi3-miniuart-bt" >> "${BOOT_DIR}/config.txt" | |
|
117 | ||
|
118 | # if force_turbo didn't lock cpu at high speed, lock it at low speed (XOR logic) or miniuart will be broken | |
|
119 | if [ "$ENABLE_TURBO" = false ] ; then | |
|
120 | echo "core_freq=250" >> "${BOOT_DIR}/config.txt" | |
|
125 | 121 | fi |
|
122 | ||
|
123 | # Activate services | |
|
124 | chroot_exec systemctl enable pi-bluetooth.hciuart.service | |
|
125 | #chroot_exec systemctl enable pi-bluetooth.bthelper@.service | |
|
126 | else | |
|
127 | chroot_exec systemctl enable pi-bluetooth.hciuart.service | |
|
128 | #chroot_exec systemctl enable pi-bluetooth.bthelper@.service | |
|
129 | fi | |
|
130 | ||
|
131 | else # if ENABLE_BLUETOOTH = false | |
|
132 | # set overlay to disable bluetooth | |
|
133 | echo "dtoverlay=pi3-disable-bt" >> "${BOOT_DIR}/config.txt" | |
|
134 | fi # ENABLE_BLUETOOTH end | |
|
135 | ||
|
136 | else | |
|
137 | # RPI1,1P,2 Use default ttyAMA0 (full UART) as serial interface | |
|
138 | SET_SERIAL="ttyAMA0" | |
|
139 | fi | |
|
140 | ||
|
141 | # may need sudo systemctl disable hciuart | |
|
142 | if [ "$ENABLE_CONSOLE" = true ] ; then | |
|
143 | echo "enable_uart=1" >> "${BOOT_DIR}/config.txt" | |
|
144 | # add string to cmdline | |
|
145 | CMDLINE="${CMDLINE} console=serial0,115200" | |
|
146 | ||
|
147 | # Enable serial console systemd style | |
|
148 | chroot_exec systemctl enable serial-getty\@"$SET_SERIAL".service | |
|
149 | else | |
|
150 | echo "enable_uart=0" >> "${BOOT_DIR}/config.txt" | |
|
151 | # disable serial console systemd style | |
|
152 | chroot_exec systemctl disable serial-getty\@"$SET_SERIAL".service | |
|
153 | fi | |
|
154 | ||
|
155 | # Remove IPv6 networking support | |
|
156 | if [ "$ENABLE_IPV6" = false ] ; then | |
|
157 | CMDLINE="${CMDLINE} ipv6.disable=1" | |
|
158 | fi | |
|
159 | ||
|
160 | # Automatically assign predictable network interface names | |
|
161 | if [ "$ENABLE_IFNAMES" = false ] ; then | |
|
162 | CMDLINE="${CMDLINE} net.ifnames=0" | |
|
163 | else | |
|
164 | CMDLINE="${CMDLINE} net.ifnames=1" | |
|
165 | fi | |
|
166 | ||
|
167 | # Install firmware boot cmdline | |
|
168 | echo "${CMDLINE}" > "${BOOT_DIR}/cmdline.txt" | |
|
169 | ||
|
170 | # Install firmware config | |
|
171 | install_readonly files/boot/config.txt "${BOOT_DIR}/config.txt" | |
|
172 | ||
|
173 | # Setup minimal GPU memory allocation size: 16MB (no X) | |
|
174 | if [ "$ENABLE_MINGPU" = true ] ; then | |
|
175 | echo "gpu_mem=16" >> "${BOOT_DIR}/config.txt" | |
|
176 | fi | |
|
177 | ||
|
178 | # Setup boot with initramfs | |
|
179 | if [ "$ENABLE_INITRAMFS" = true ] ; then | |
|
180 | echo "initramfs initramfs-${KERNEL_VERSION} followkernel" >> "${BOOT_DIR}/config.txt" | |
|
126 | 181 | fi |
|
127 | 182 | |
|
128 | 183 | # Create firmware configuration and cmdline symlinks |
|
129 | 184 | ln -sf firmware/config.txt "${R}/boot/config.txt" |
|
130 | 185 | ln -sf firmware/cmdline.txt "${R}/boot/cmdline.txt" |
|
131 | 186 | |
|
132 | 187 | # Install and setup kernel modules to load at boot |
|
133 | 188 | mkdir -p "${LIB_DIR}/modules-load.d/" |
|
134 | 189 | install_readonly files/modules/rpi2.conf "${LIB_DIR}/modules-load.d/rpi2.conf" |
|
135 | 190 | |
|
136 | 191 | # Load hardware random module at boot |
|
137 | 192 | if [ "$ENABLE_HWRANDOM" = true ] && [ "$BUILD_KERNEL" = false ] ; then |
|
138 | 193 | sed -i "s/^# bcm2708_rng/bcm2708_rng/" "${LIB_DIR}/modules-load.d/rpi2.conf" |
|
139 | 194 | fi |
|
140 | 195 | |
|
141 | 196 | # Load sound module at boot |
|
142 | 197 | if [ "$ENABLE_SOUND" = true ] ; then |
|
143 | 198 | sed -i "s/^# snd_bcm2835/snd_bcm2835/" "${LIB_DIR}/modules-load.d/rpi2.conf" |
|
144 | 199 | else |
|
145 | 200 | echo "dtparam=audio=off" >> "${BOOT_DIR}/config.txt" |
|
146 | 201 | fi |
|
147 | 202 | |
|
148 | 203 | # Enable I2C interface |
|
149 | 204 | if [ "$ENABLE_I2C" = true ] ; then |
|
150 | 205 | echo "dtparam=i2c_arm=on" >> "${BOOT_DIR}/config.txt" |
|
151 | 206 | sed -i "s/^# i2c-bcm2708/i2c-bcm2708/" "${LIB_DIR}/modules-load.d/rpi2.conf" |
|
152 | 207 | sed -i "s/^# i2c-dev/i2c-dev/" "${LIB_DIR}/modules-load.d/rpi2.conf" |
|
153 | 208 | fi |
|
154 | 209 | |
|
155 | 210 | # Enable SPI interface |
|
156 | 211 | if [ "$ENABLE_SPI" = true ] ; then |
|
157 | 212 | echo "dtparam=spi=on" >> "${BOOT_DIR}/config.txt" |
|
158 | 213 | echo "spi-bcm2708" >> "${LIB_DIR}/modules-load.d/rpi2.conf" |
|
159 | 214 | if [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ]; then |
|
160 | 215 | sed -i "s/spi-bcm2708/spi-bcm2835/" "${LIB_DIR}/modules-load.d/rpi2.conf" |
|
161 | 216 | fi |
|
162 | 217 | fi |
|
163 | 218 | |
|
164 | 219 | # Disable RPi2/3 under-voltage warnings |
|
165 | 220 | if [ -n "$DISABLE_UNDERVOLT_WARNINGS" ] ; then |
|
166 | 221 | echo "avoid_warnings=${DISABLE_UNDERVOLT_WARNINGS}" >> "${BOOT_DIR}/config.txt" |
|
167 | 222 | fi |
|
168 | 223 | |
|
169 | 224 | # Install kernel modules blacklist |
|
170 | 225 | mkdir -p "${ETC_DIR}/modprobe.d/" |
|
171 | 226 | install_readonly files/modules/raspi-blacklist.conf "${ETC_DIR}/modprobe.d/raspi-blacklist.conf" |
|
172 | 227 | |
|
173 | 228 | # Install sysctl.d configuration files |
|
174 | 229 | install_readonly files/sysctl.d/81-rpi-vm.conf "${ETC_DIR}/sysctl.d/81-rpi-vm.conf" |
@@ -1,134 +1,132 | |||
|
1 | 1 | # |
|
2 | 2 | # Setup Networking |
|
3 | 3 | # |
|
4 | 4 | |
|
5 | 5 | # Load utility functions |
|
6 | 6 | . ./functions.sh |
|
7 | 7 | |
|
8 | 8 | # Install and setup hostname |
|
9 | 9 | install_readonly files/network/hostname "${ETC_DIR}/hostname" |
|
10 | 10 | sed -i "s/^RaspberryPI/${HOSTNAME}/" "${ETC_DIR}/hostname" |
|
11 | 11 | |
|
12 | 12 | # Install and setup hosts |
|
13 | 13 | install_readonly files/network/hosts "${ETC_DIR}/hosts" |
|
14 | 14 | sed -i "s/RaspberryPI/${HOSTNAME}/" "${ETC_DIR}/hosts" |
|
15 | 15 | |
|
16 | 16 | # Setup hostname entry with static IP |
|
17 | 17 | if [ "$NET_ADDRESS" != "" ] ; then |
|
18 | 18 | NET_IP=$(echo "${NET_ADDRESS}" | cut -f 1 -d'/') |
|
19 | 19 | sed -i "s/^127.0.1.1/${NET_IP}/" "${ETC_DIR}/hosts" |
|
20 | 20 | fi |
|
21 | 21 | |
|
22 | 22 | # Remove IPv6 hosts |
|
23 | 23 | if [ "$ENABLE_IPV6" = false ] ; then |
|
24 | 24 | sed -i -e "/::[1-9]/d" -e "/^$/d" "${ETC_DIR}/hosts" |
|
25 | 25 | fi |
|
26 | 26 | |
|
27 | 27 | # Install hint about network configuration |
|
28 | 28 | install_readonly files/network/interfaces "${ETC_DIR}/network/interfaces" |
|
29 | 29 | |
|
30 | 30 | # Install configuration for interface eth0 |
|
31 | 31 | install_readonly files/network/eth.network "${ETC_DIR}/systemd/network/eth.network" |
|
32 | 32 | |
|
33 | 33 | # Install configuration for interface wl* |
|
34 | 34 | install_readonly files/network/wlan.network "${ETC_DIR}/systemd/network/wlan.network" |
|
35 | 35 | |
|
36 | 36 | #always with dhcp since wpa_supplicant integration is missing |
|
37 | 37 | sed -i -e "s/DHCP=.*/DHCP=yes/" -e "/DHCP/q" "${ETC_DIR}/systemd/network/wlan.network" |
|
38 | 38 | |
|
39 | 39 | if [ "$ENABLE_DHCP" = true ] ; then |
|
40 | 40 | # Enable DHCP configuration for interface eth0 |
|
41 | 41 | sed -i -e "s/DHCP=.*/DHCP=yes/" -e "/DHCP/q" "${ETC_DIR}/systemd/network/eth.network" |
|
42 | 42 | |
|
43 | 43 | # Set DHCP configuration to IPv4 only |
|
44 | 44 | if [ "$ENABLE_IPV6" = false ] ; then |
|
45 | 45 | sed -i "s/DHCP=.*/DHCP=v4/" "${ETC_DIR}/systemd/network/eth.network" |
|
46 | 46 | fi |
|
47 | 47 | |
|
48 | 48 | else # ENABLE_DHCP=false |
|
49 | 49 | # Set static network configuration for interface eth0 |
|
50 | 50 | sed -i\ |
|
51 | 51 | -e "s|DHCP=.*|DHCP=no|"\ |
|
52 | 52 | -e "s|Address=\$|Address=${NET_ADDRESS}|"\ |
|
53 | 53 | -e "s|Gateway=\$|Gateway=${NET_GATEWAY}|"\ |
|
54 | 54 | -e "0,/DNS=\$/ s|DNS=\$|DNS=${NET_DNS_1}|"\ |
|
55 | 55 | -e "0,/DNS=\$/ s|DNS=\$|DNS=${NET_DNS_2}|"\ |
|
56 | 56 | -e "s|Domains=\$|Domains=${NET_DNS_DOMAINS}|"\ |
|
57 | 57 | -e "0,/NTP=\$/ s|NTP=\$|NTP=${NET_NTP_1}|"\ |
|
58 | 58 | -e "0,/NTP=\$/ s|NTP=\$|NTP=${NET_NTP_2}|"\ |
|
59 | 59 | "${ETC_DIR}/systemd/network/eth.network" |
|
60 | 60 | fi |
|
61 | 61 | |
|
62 | 62 | # Remove empty settings from network configuration |
|
63 | 63 | sed -i "/.*=\$/d" "${ETC_DIR}/systemd/network/eth.network" |
|
64 | 64 | # Remove empty settings from wlan configuration |
|
65 | 65 | sed -i "/.*=\$/d" "${ETC_DIR}/systemd/network/wlan.network" |
|
66 | 66 | |
|
67 | 67 | # Move systemd network configuration if required by Debian release |
|
68 | 68 | mv -v "${ETC_DIR}/systemd/network/eth.network" "${LIB_DIR}/systemd/network/10-eth.network" |
|
69 | 69 | # If WLAN is enabled copy wlan configuration too |
|
70 | 70 | if [ "$ENABLE_WIRELESS" = true ] ; then |
|
71 | 71 | mv -v "${ETC_DIR}/systemd/network/wlan.network" "${LIB_DIR}/systemd/network/11-wlan.network" |
|
72 | 72 | fi |
|
73 | 73 | rm -fr "${ETC_DIR}/systemd/network" |
|
74 | 74 | |
|
75 | 75 | # Enable systemd-networkd service |
|
76 | 76 | chroot_exec systemctl enable systemd-networkd |
|
77 | 77 | |
|
78 | 78 | # Install host.conf resolver configuration |
|
79 | 79 | install_readonly files/network/host.conf "${ETC_DIR}/host.conf" |
|
80 | 80 | |
|
81 | 81 | # Enable network stack hardening |
|
82 | 82 | if [ "$ENABLE_HARDNET" = true ] ; then |
|
83 | 83 | # Install sysctl.d configuration files |
|
84 | 84 | install_readonly files/sysctl.d/82-rpi-net-hardening.conf "${ETC_DIR}/sysctl.d/82-rpi-net-hardening.conf" |
|
85 | 85 | |
|
86 | 86 | # Setup resolver warnings about spoofed addresses |
|
87 | 87 | sed -i "s/^# spoof warn/spoof warn/" "${ETC_DIR}/host.conf" |
|
88 | 88 | fi |
|
89 | 89 | |
|
90 | 90 | # Enable time sync |
|
91 | 91 | if [ "$NET_NTP_1" != "" ] ; then |
|
92 | 92 | chroot_exec systemctl enable systemd-timesyncd.service |
|
93 | 93 | fi |
|
94 | 94 | |
|
95 | 95 | # Download the firmware binary blob required to use the RPi3 wireless interface |
|
96 | 96 | if [ "$ENABLE_WIRELESS" = true ] ; then |
|
97 | 97 | if [ ! -d "${WLAN_FIRMWARE_DIR}" ] ; then |
|
98 | 98 | mkdir -p "${WLAN_FIRMWARE_DIR}" |
|
99 | 99 | fi |
|
100 | 100 | |
|
101 | 101 | # Create temporary directory for firmware binary blob |
|
102 | 102 | temp_dir=$(as_nobody mktemp -d) |
|
103 | 103 | |
|
104 | 104 | # Fetch firmware binary blob for RPI3B+ |
|
105 | 105 | if [ "$RPI_MODEL" = 3P ] ; then |
|
106 | 106 | # Fetch firmware binary blob for RPi3P |
|
107 | 107 | as_nobody wget -q -O "${temp_dir}/brcmfmac43455-sdio.bin" "${WLAN_FIRMWARE_URL}/brcmfmac43455-sdio.bin" |
|
108 | 108 | as_nobody wget -q -O "${temp_dir}/brcmfmac43455-sdio.txt" "${WLAN_FIRMWARE_URL}/brcmfmac43455-sdio.txt" |
|
109 | 109 | as_nobody wget -q -O "${temp_dir}/brcmfmac43455-sdio.clm_blob" "${WLAN_FIRMWARE_URL}/brcmfmac43455-sdio.clm_blob" |
|
110 | ||
|
111 | # Move downloaded firmware binary blob | |
|
112 | mv "${temp_dir}/brcmfmac43455-sdio."* "${WLAN_FIRMWARE_DIR}/" | |
|
113 | ||
|
114 | # Set permissions of the firmware binary blob | |
|
115 | chown root:root "${WLAN_FIRMWARE_DIR}/brcmfmac43455-sdio."* | |
|
116 | chmod 600 "${WLAN_FIRMWARE_DIR}/brcmfmac43455-sdio."* | |
|
110 | 117 | elif [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 0 ] ; then |
|
111 | 118 | # Fetch firmware binary blob for RPi3 |
|
112 | 119 | as_nobody wget -q -O "${temp_dir}/brcmfmac43430-sdio.bin" "${WLAN_FIRMWARE_URL}/brcmfmac43430-sdio.bin" |
|
113 | 120 | as_nobody wget -q -O "${temp_dir}/brcmfmac43430-sdio.txt" "${WLAN_FIRMWARE_URL}/brcmfmac43430-sdio.txt" |
|
114 | fi | |
|
115 | 121 | |
|
116 | 122 |
|
|
117 | if [ "$RPI_MODEL" = 3P ] ; then | |
|
118 | mv "${temp_dir}/brcmfmac43455-sdio."* "${WLAN_FIRMWARE_DIR}/" | |
|
119 | elif [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 0 ] ; then | |
|
120 | 123 |
|
|
121 | fi | |
|
122 | ||
|
123 | # Remove temporary directory for firmware binary blob | |
|
124 | rm -fr "${temp_dir}" | |
|
125 | 124 | |
|
126 | 125 |
|
|
127 | if [ "$RPI_MODEL" = 3P ] ; then | |
|
128 | chown root:root "${WLAN_FIRMWARE_DIR}/brcmfmac43455-sdio."* | |
|
129 | chmod 600 "${WLAN_FIRMWARE_DIR}/brcmfmac43455-sdio."* | |
|
130 | elif [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 0 ] ; then | |
|
131 | 126 |
|
|
132 | 127 | chmod 600 "${WLAN_FIRMWARE_DIR}/brcmfmac43430-sdio."* |
|
133 | 128 | fi |
|
129 | ||
|
130 | # Remove temporary directory for firmware binary blob | |
|
131 | rm -fr "${temp_dir}" | |
|
134 | 132 | fi |
@@ -1,29 +1,29 | |||
|
1 | 1 | # |
|
2 | 2 | # Setup users and security settings |
|
3 | 3 | # |
|
4 | 4 | |
|
5 | 5 | # Load utility functions |
|
6 | 6 | . ./functions.sh |
|
7 | 7 | |
|
8 | 8 | # Generate crypt(3) password string |
|
9 | 9 | ENCRYPTED_PASSWORD=$(mkpasswd -m sha-512 "${PASSWORD}") |
|
10 | 10 | ENCRYPTED_USER_PASSWORD=$(mkpasswd -m sha-512 "${USER_PASSWORD}") |
|
11 | 11 | |
|
12 | 12 | # Setup default user |
|
13 | 13 | if [ "$ENABLE_USER" = true ] ; then |
|
14 | chroot_exec adduser --gecos $USER_NAME --add_extra_groups --disabled-password $USER_NAME | |
|
15 | chroot_exec usermod -a -G sudo -p "${ENCRYPTED_USER_PASSWORD}" $USER_NAME | |
|
14 | chroot_exec adduser --gecos "$USER_NAME" --add_extra_groups --disabled-password "$USER_NAME" | |
|
15 | chroot_exec usermod -a -G sudo -p "${ENCRYPTED_USER_PASSWORD}" "$USER_NAME" | |
|
16 | 16 | fi |
|
17 | 17 | |
|
18 | 18 | # Setup root password or not |
|
19 | 19 | if [ "$ENABLE_ROOT" = true ] ; then |
|
20 | 20 | chroot_exec usermod -p "${ENCRYPTED_PASSWORD}" root |
|
21 | 21 | else |
|
22 | 22 | # Set no root password to disable root login |
|
23 | 23 | chroot_exec usermod -p \'!\' root |
|
24 | 24 | fi |
|
25 | 25 | |
|
26 | 26 | # Enable serial console systemd style |
|
27 | 27 | if [ "$ENABLE_CONSOLE" = true ] ; then |
|
28 | 28 | chroot_exec systemctl enable serial-getty\@ttyAMA0.service |
|
29 | 29 | fi |
@@ -1,98 +1,100 | |||
|
1 | 1 | # |
|
2 | 2 | # Build and Setup U-Boot |
|
3 | 3 | # |
|
4 | 4 | |
|
5 | 5 | # Load utility functions |
|
6 | 6 | . ./functions.sh |
|
7 | 7 | |
|
8 | 8 | # Fetch and build U-Boot bootloader |
|
9 | 9 | if [ "$ENABLE_UBOOT" = true ] ; then |
|
10 | 10 | # Install c/c++ build environment inside the chroot |
|
11 | 11 | chroot_install_cc |
|
12 | 12 | |
|
13 | 13 | # Copy existing U-Boot sources into chroot directory |
|
14 | 14 | if [ -n "$UBOOTSRC_DIR" ] && [ -d "$UBOOTSRC_DIR" ] ; then |
|
15 | 15 | # Copy local U-Boot sources |
|
16 | 16 | cp -r "${UBOOTSRC_DIR}" "${R}/tmp" |
|
17 | 17 | else |
|
18 | 18 | # Create temporary directory for U-Boot sources |
|
19 | 19 | temp_dir=$(as_nobody mktemp -d) |
|
20 | 20 | |
|
21 | 21 | # Fetch U-Boot sources |
|
22 | 22 | as_nobody git -C "${temp_dir}" clone "${UBOOT_URL}" |
|
23 | 23 | |
|
24 | 24 | # Copy downloaded U-Boot sources |
|
25 | 25 | mv "${temp_dir}/u-boot" "${R}/tmp/" |
|
26 | 26 | |
|
27 | 27 | # Set permissions of the U-Boot sources |
|
28 | 28 | chown -R root:root "${R}/tmp/u-boot" |
|
29 | 29 | |
|
30 | 30 | # Remove temporary directory for U-Boot sources |
|
31 | 31 | rm -fr "${temp_dir}" |
|
32 | 32 | fi |
|
33 | 33 | |
|
34 | 34 | # Build and install U-Boot inside chroot |
|
35 | 35 | chroot_exec make -j"${KERNEL_THREADS}" -C /tmp/u-boot/ "${UBOOT_CONFIG}" all |
|
36 | 36 | |
|
37 | 37 | # Copy compiled bootloader binary and set config.txt to load it |
|
38 | 38 | install_exec "${R}/tmp/u-boot/tools/mkimage" "${R}/usr/sbin/mkimage" |
|
39 | 39 | install_readonly "${R}/tmp/u-boot/u-boot.bin" "${BOOT_DIR}/u-boot.bin" |
|
40 | 40 | printf "\n# boot u-boot kernel\nkernel=u-boot.bin\n" >> "${BOOT_DIR}/config.txt" |
|
41 | 41 | |
|
42 | 42 | # Install and setup U-Boot command file |
|
43 | 43 | install_readonly files/boot/uboot.mkimage "${BOOT_DIR}/uboot.mkimage" |
|
44 | printf "# Set the kernel boot command line\nsetenv bootargs \"earlyprintk ${CMDLINE}\"\n\n$(cat ${BOOT_DIR}/uboot.mkimage)" > "${BOOT_DIR}/uboot.mkimage" | |
|
44 | printf "# Set the kernel boot command line\nsetenv bootargs \"earlyprintk ${CMDLINE}\"\n\n$(cat "${BOOT_DIR}"/uboot.mkimage)" > "${BOOT_DIR}/uboot.mkimage" | |
|
45 | 45 | |
|
46 | 46 | if [ "$ENABLE_INITRAMFS" = true ] ; then |
|
47 | 47 | # Convert generated initramfs for U-Boot using mkimage |
|
48 | 48 | chroot_exec /usr/sbin/mkimage -A "${KERNEL_ARCH}" -T ramdisk -C none -n "initramfs-${KERNEL_VERSION}" -d "/boot/firmware/initramfs-${KERNEL_VERSION}" "/boot/firmware/initramfs-${KERNEL_VERSION}.uboot" |
|
49 | 49 | |
|
50 | 50 | # Remove original initramfs file |
|
51 | 51 | rm -f "${BOOT_DIR}/initramfs-${KERNEL_VERSION}" |
|
52 | 52 | |
|
53 | 53 | # Configure U-Boot to load generated initramfs |
|
54 | printf "# Set initramfs file\nsetenv initramfs initramfs-${KERNEL_VERSION}.uboot\n\n$(cat ${BOOT_DIR}/uboot.mkimage)" > "${BOOT_DIR}/uboot.mkimage" | |
|
54 | printf "# Set initramfs file\nsetenv initramfs initramfs-${KERNEL_VERSION}.uboot\n\n$(cat "${BOOT_DIR}"/uboot.mkimage)" > "${BOOT_DIR}/uboot.mkimage" | |
|
55 | 55 | printf "\nbootz \${kernel_addr_r} \${ramdisk_addr_r} \${fdt_addr_r}" >> "${BOOT_DIR}/uboot.mkimage" |
|
56 | 56 | else # ENABLE_INITRAMFS=false |
|
57 | 57 | # Remove initramfs from U-Boot mkfile |
|
58 | 58 | sed -i '/.*initramfs.*/d' "${BOOT_DIR}/uboot.mkimage" |
|
59 | 59 | |
|
60 | 60 | if [ "$BUILD_KERNEL" = false ] ; then |
|
61 | 61 | # Remove dtbfile from U-Boot mkfile |
|
62 | 62 | sed -i '/.*dtbfile.*/d' "${BOOT_DIR}/uboot.mkimage" |
|
63 | 63 | printf "\nbootz \${kernel_addr_r}" >> "${BOOT_DIR}/uboot.mkimage" |
|
64 | 64 | else |
|
65 | 65 | printf "\nbootz \${kernel_addr_r} - \${fdt_addr_r}" >> "${BOOT_DIR}/uboot.mkimage" |
|
66 | 66 | fi |
|
67 | 67 | fi |
|
68 | 68 | |
|
69 |
if [ "$ |
|
|
69 | if [ "$SET_ARCH" = 64 ] ; then | |
|
70 | 70 | echo "Setting up config.txt to boot 64bit uboot" |
|
71 | { | |
|
72 | printf "\n# 64bit-mode" | |
|
73 | printf "\n# arm_control=0x200 is deprecated https://www.raspberrypi.org/documentation/configuration/config-txt/misc.md" | |
|
74 | printf "\narm_64bit=1" | |
|
75 | } >> "${BOOT_DIR}/config.txt" | |
|
71 | 76 | |
|
72 | printf "\n# 64bit-mode" >> "${BOOT_DIR}/config.txt" | |
|
73 | printf "\n# arm_control=0x200 is deprecated https://www.raspberrypi.org/documentation/configuration/config-txt/misc.md" >> "${BOOT_DIR}/config.txt" | |
|
74 | printf "\narm_64bit=1" >> "${BOOT_DIR}/config.txt" | |
|
75 | ||
|
77 | #in 64bit uboot booti is used instead of bootz [like in KERNEL_BIN_IMAGE=zImage (armv7)|| Image(armv8)] | |
|
76 | 78 | sed -i "s|bootz|booti|g" "${BOOT_DIR}/uboot.mkimage" |
|
77 | 79 | fi |
|
78 | 80 | |
|
79 | 81 | # Set mkfile to use the correct dtb file |
|
80 |
sed -i "s |
|
|
82 | sed -i "s|bcm2709-rpi-2-b.dtb|${DTB_FILE}|" "${BOOT_DIR}/uboot.mkimage" | |
|
81 | 83 | |
|
82 | 84 | # Set mkfile to use the correct mach id |
|
83 | 85 | if [ "$ENABLE_QEMU" = true ] ; then |
|
84 | 86 | sed -i "s/^\(setenv machid \).*/\10x000008e0/" "${BOOT_DIR}/uboot.mkimage" |
|
85 | 87 | fi |
|
86 | 88 | |
|
87 | 89 | # Set mkfile to use kernel image |
|
88 |
sed -i "s |
|
|
90 | sed -i "s|kernel7.img|${KERNEL_IMAGE}|" "${BOOT_DIR}/uboot.mkimage" | |
|
89 | 91 | |
|
90 | 92 | # Remove all leading blank lines |
|
91 | 93 | sed -i "/./,\$!d" "${BOOT_DIR}/uboot.mkimage" |
|
92 | 94 | |
|
93 | 95 | # Generate U-Boot bootloader image |
|
94 | 96 | chroot_exec /usr/sbin/mkimage -A "${KERNEL_ARCH}" -O linux -T script -C none -a 0x00000000 -e 0x00000000 -n "RPi${RPI_MODEL}" -d /boot/firmware/uboot.mkimage /boot/firmware/boot.scr |
|
95 | 97 | |
|
96 | 98 | # Remove U-Boot sources |
|
97 | 99 | rm -fr "${R}/tmp/u-boot" |
|
98 | 100 | fi |
@@ -1,53 +1,53 | |||
|
1 | 1 | # |
|
2 | 2 | # Setup videocore - Raspberry Userland |
|
3 | 3 | # |
|
4 | 4 | |
|
5 | 5 | # Load utility functions |
|
6 | 6 | . ./functions.sh |
|
7 | 7 | |
|
8 | 8 | if [ "$ENABLE_VIDEOCORE" = true ] ; then |
|
9 | 9 | # Copy existing videocore sources into chroot directory |
|
10 | 10 | if [ -n "$VIDEOCORESRC_DIR" ] && [ -d "$VIDEOCORESRC_DIR" ] ; then |
|
11 |
# Copy local |
|
|
11 | # Copy local videocore sources | |
|
12 | 12 | cp -r "${VIDEOCORESRC_DIR}" "${R}/tmp/userland" |
|
13 | 13 | else |
|
14 |
# Create temporary directory for |
|
|
14 | # Create temporary directory for videocore sources | |
|
15 | 15 | temp_dir=$(as_nobody mktemp -d) |
|
16 | 16 | |
|
17 |
# Fetch |
|
|
17 | # Fetch videocore sources | |
|
18 | 18 | as_nobody git -C "${temp_dir}" clone "${VIDEOCORE_URL}" |
|
19 | 19 | |
|
20 |
# Copy downloaded |
|
|
20 | # Copy downloaded videocore sources | |
|
21 | 21 | mv "${temp_dir}/userland" "${R}/tmp/" |
|
22 | 22 | |
|
23 | 23 | # Set permissions of the U-Boot sources |
|
24 | 24 | chown -R root:root "${R}/tmp/userland" |
|
25 | 25 | |
|
26 | 26 | # Remove temporary directory for U-Boot sources |
|
27 | 27 | rm -fr "${temp_dir}" |
|
28 | 28 | fi |
|
29 | 29 | |
|
30 | 30 | # Create build dir |
|
31 | 31 | mkdir "${R}"/tmp/userland/build |
|
32 | 32 | |
|
33 | 33 | # push us to build directory |
|
34 |
|
|
|
34 | cd "${R}"/tmp/userland/build | |
|
35 | 35 | |
|
36 | 36 | if [ "$RELEASE_ARCH" = "arm64" ] ; then |
|
37 | 37 | cmake -DCMAKE_SYSTEM_NAME=Linux -DCMAKE_BUILD_TYPE=release -DARM64=ON -DCMAKE_C_COMPILER=aarch64-linux-gnu-gcc -DCMAKE_CXX_COMPILER=aarch64-linux-gnu-g++ -DCMAKE_ASM_COMPILER=aarch64-linux-gnu-gcc -DCMAKE_C_FLAGS="${CMAKE_C_FLAGS} -U_FORTIFY_SOURCE" -DCMAKE_ASM_FLAGS="${CMAKE_ASM_FLAGS} -c" -DVIDEOCORE_BUILD_DIR="${R}" "${R}/tmp/userland" |
|
38 | 38 | fi |
|
39 | 39 | |
|
40 | 40 | if [ "$RELEASE_ARCH" = "armel" ] ; then |
|
41 | 41 | cmake -DCMAKE_SYSTEM_NAME=Linux -DCMAKE_BUILD_TYPE=release -DCMAKE_C_COMPILER=arm-linux-gnueabi-gcc -DCMAKE_CXX_COMPILER=arm-linux-gnueabi-g++ -DCMAKE_ASM_COMPILER=arm-linux-gnueabi-gcc -DCMAKE_C_FLAGS="${CMAKE_C_FLAGS} -U_FORTIFY_SOURCE" -DCMAKE_ASM_FLAGS="${CMAKE_ASM_FLAGS} -c" -DCMAKE_SYSTEM_PROCESSOR="arm" -DVIDEOCORE_BUILD_DIR="${R}" "${R}/tmp/userland" |
|
42 | 42 | fi |
|
43 | 43 | |
|
44 | 44 | if [ "$RELEASE_ARCH" = "armhf" ] ; then |
|
45 | 45 | cmake -DCMAKE_SYSTEM_NAME=Linux -DCMAKE_BUILD_TYPE=release -DCMAKE_TOOLCHAIN_FILE="${R}"/tmp/userland/makefiles/cmake/toolchains/arm-linux-gnueabihf.cmake -DVIDEOCORE_BUILD_DIR="${R}" "${R}/tmp/userland" |
|
46 | 46 | fi |
|
47 | 47 | |
|
48 | 48 | #build userland |
|
49 | 49 | make -j "$(nproc)" |
|
50 | 50 | |
|
51 | #pop us out of build dir | |
|
52 | popd | |
|
51 | #back to root of scriptdir | |
|
52 | cd "${WORKDIR}" | |
|
53 | 53 | fi |
@@ -1,77 +1,77 | |||
|
1 | 1 | # This file contains utility functions used by rpi23-gen-image.sh |
|
2 | 2 | |
|
3 | 3 | cleanup (){ |
|
4 | 4 | set +x |
|
5 | 5 | set +e |
|
6 | 6 | |
|
7 | 7 | # Identify and kill all processes still using files |
|
8 | 8 | echo "killing processes using mount point ..." |
|
9 | 9 | fuser -k "${R}" |
|
10 | 10 | sleep 3 |
|
11 | 11 | fuser -9 -k -v "${R}" |
|
12 | 12 | |
|
13 | 13 | # Clean up temporary .password file |
|
14 | 14 | if [ -r ".password" ] ; then |
|
15 | 15 | shred -zu .password |
|
16 | 16 | fi |
|
17 | 17 | |
|
18 | 18 | # Clean up all temporary mount points |
|
19 | 19 | echo "removing temporary mount points ..." |
|
20 | 20 | umount -l "${R}/proc" 2> /dev/null |
|
21 | 21 | umount -l "${R}/sys" 2> /dev/null |
|
22 | 22 | umount -l "${R}/dev/pts" 2> /dev/null |
|
23 | 23 | umount "$BUILDDIR/mount/boot/firmware" 2> /dev/null |
|
24 | 24 | umount "$BUILDDIR/mount" 2> /dev/null |
|
25 | 25 | cryptsetup close "${CRYPTFS_MAPPING}" 2> /dev/null |
|
26 | 26 | losetup -d "$ROOT_LOOP" 2> /dev/null |
|
27 | 27 | losetup -d "$FRMW_LOOP" 2> /dev/null |
|
28 | 28 | trap - 0 1 2 3 6 |
|
29 | 29 | } |
|
30 | 30 | |
|
31 | 31 | chroot_exec() { |
|
32 | 32 | # Exec command in chroot |
|
33 |
LANG=C LC_ALL=C DEBIAN_FRONTEND=noninteractive chroot ${R} |
|
|
33 | LANG=C LC_ALL=C DEBIAN_FRONTEND=noninteractive chroot "${R}" "$@" | |
|
34 | 34 | } |
|
35 | 35 | |
|
36 | 36 | as_nobody() { |
|
37 | 37 | # Exec command as user nobody |
|
38 |
sudo -E -u nobody LANG=C LC_ALL=C |
|
|
38 | sudo -E -u nobody LANG=C LC_ALL=C "$@" | |
|
39 | 39 | } |
|
40 | 40 | |
|
41 | 41 | install_readonly() { |
|
42 | 42 | # Install file with user read-only permissions |
|
43 |
install -o root -g root -m 644 |
|
|
43 | install -o root -g root -m 644 "$@" | |
|
44 | 44 | } |
|
45 | 45 | |
|
46 | 46 | install_exec() { |
|
47 | 47 | # Install file with root exec permissions |
|
48 |
install -o root -g root -m 744 |
|
|
48 | install -o root -g root -m 744 "$@" | |
|
49 | 49 | } |
|
50 | 50 | |
|
51 | 51 | use_template () { |
|
52 | 52 | # Test if configuration template file exists |
|
53 | 53 | if [ ! -r "./templates/${CONFIG_TEMPLATE}" ] ; then |
|
54 | 54 | echo "error: configuration template ${CONFIG_TEMPLATE} not found" |
|
55 | 55 | exit 1 |
|
56 | 56 | fi |
|
57 | 57 | |
|
58 | 58 | # Load template configuration parameters |
|
59 | 59 | . "./templates/${CONFIG_TEMPLATE}" |
|
60 | 60 | } |
|
61 | 61 | |
|
62 | 62 | chroot_install_cc() { |
|
63 | 63 | # Install c/c++ build environment inside the chroot |
|
64 | 64 | if [ -z "${COMPILER_PACKAGES}" ] ; then |
|
65 | 65 | COMPILER_PACKAGES=$(chroot_exec apt-get -s install g++ make bc | grep "^Inst " | awk -v ORS=" " '{ print $2 }') |
|
66 | 66 | # Install COMPILER_PACKAGES in chroot |
|
67 | chroot_exec apt-get -q -y --allow-unauthenticated --no-install-recommends install ${COMPILER_PACKAGES} | |
|
67 | chroot_exec apt-get -q -y --allow-unauthenticated --no-install-recommends install "${COMPILER_PACKAGES}" | |
|
68 | 68 | fi |
|
69 | 69 | } |
|
70 | 70 | |
|
71 | 71 | chroot_remove_cc() { |
|
72 | 72 | # Remove c/c++ build environment from the chroot |
|
73 |
if [ |
|
|
74 | chroot_exec apt-get -qq -y --auto-remove purge ${COMPILER_PACKAGES} | |
|
73 | if [ -n "${COMPILER_PACKAGES}" ] ; then | |
|
74 | chroot_exec apt-get -qq -y --auto-remove purge "${COMPILER_PACKAGES}" | |
|
75 | 75 | COMPILER_PACKAGES="" |
|
76 | 76 | fi |
|
77 | 77 | } |
@@ -1,784 +1,807 | |||
|
1 | 1 | #!/bin/sh |
|
2 | 2 | ######################################################################## |
|
3 | 3 | # rpi23-gen-image.sh 2015-2017 |
|
4 | 4 | # |
|
5 |
# Advanced Debian "stretch" and "buster" bootstrap script for RPi |
|
|
5 | # Advanced Debian "stretch" and "buster" bootstrap script for Raspberry Pi | |
|
6 | 6 | # |
|
7 | 7 | # This program is free software; you can redistribute it and/or |
|
8 | 8 | # modify it under the terms of the GNU General Public License |
|
9 | 9 | # as published by the Free Software Foundation; either version 2 |
|
10 | 10 | # of the License, or (at your option) any later version. |
|
11 | 11 | # |
|
12 | 12 | # Copyright (C) 2015 Jan Wagner <mail@jwagner.eu> |
|
13 | 13 | # |
|
14 | 14 | # Big thanks for patches and enhancements by 20+ github contributors! |
|
15 | 15 | ######################################################################## |
|
16 | 16 | |
|
17 | 17 | # Are we running as root? |
|
18 | 18 | if [ "$(id -u)" -ne "0" ] ; then |
|
19 | 19 | echo "error: this script must be executed with root privileges!" |
|
20 | 20 | exit 1 |
|
21 | 21 | fi |
|
22 | 22 | |
|
23 | 23 | # Check if ./functions.sh script exists |
|
24 | 24 | if [ ! -r "./functions.sh" ] ; then |
|
25 | 25 | echo "error: './functions.sh' required script not found!" |
|
26 | 26 | exit 1 |
|
27 | 27 | fi |
|
28 | 28 | |
|
29 | 29 | # Load utility functions |
|
30 | 30 | . ./functions.sh |
|
31 | 31 | |
|
32 | 32 | # Load parameters from configuration template file |
|
33 | 33 | if [ -n "$CONFIG_TEMPLATE" ] ; then |
|
34 | 34 | use_template |
|
35 | 35 | fi |
|
36 | 36 | |
|
37 | 37 | # Introduce settings |
|
38 | 38 | set -e |
|
39 | echo -n -e "\n#\n# RPi2/3 Bootstrap Settings\n#\n" | |
|
39 | echo -n -e "\n#\n# RPi 0/1/2/3 Bootstrap Settings\n#\n" | |
|
40 | 40 | set -x |
|
41 | 41 | |
|
42 | 42 | # Raspberry Pi model configuration |
|
43 | 43 | RPI_MODEL=${RPI_MODEL:=2} |
|
44 | 44 | |
|
45 | 45 | # Debian release |
|
46 | 46 | RELEASE=${RELEASE:=buster} |
|
47 | 47 | |
|
48 | 48 | # Kernel Branch |
|
49 | 49 | KERNEL_BRANCH=${KERNEL_BRANCH:=""} |
|
50 | 50 | |
|
51 | 51 | # URLs |
|
52 | 52 | KERNEL_URL=${KERNEL_URL:=https://github.com/raspberrypi/linux} |
|
53 | 53 | FIRMWARE_URL=${FIRMWARE_URL:=https://github.com/raspberrypi/firmware/raw/master/boot} |
|
54 | 54 | WLAN_FIRMWARE_URL=${WLAN_FIRMWARE_URL:=https://github.com/RPi-Distro/firmware-nonfree/raw/master/brcm} |
|
55 | 55 | COLLABORA_URL=${COLLABORA_URL:=https://repositories.collabora.co.uk/debian} |
|
56 | 56 | FBTURBO_URL=${FBTURBO_URL:=https://github.com/ssvb/xf86-video-fbturbo.git} |
|
57 | 57 | UBOOT_URL=${UBOOT_URL:=https://git.denx.de/u-boot.git} |
|
58 | 58 | VIDEOCORE_URL=${VIDEOCORE_URL:=https://github.com/raspberrypi/userland} |
|
59 | 59 | BLUETOOTH_URL=${BLUETOOTH_URL:=https://github.com/RPi-Distro/pi-bluetooth.git} |
|
60 | 60 | |
|
61 | 61 | # Build directories |
|
62 | BASEDIR=${BASEDIR:=$(pwd)/images/${RELEASE}} | |
|
62 | WORKDIR=$(pwd) | |
|
63 | BASEDIR=${BASEDIR:=${WORKDIR}/images/${RELEASE}} | |
|
63 | 64 | BUILDDIR="${BASEDIR}/build" |
|
64 | 65 | |
|
65 | 66 | # Chroot directories |
|
66 | 67 | R="${BUILDDIR}/chroot" |
|
67 | 68 | ETC_DIR="${R}/etc" |
|
68 | 69 | LIB_DIR="${R}/lib" |
|
69 | 70 | BOOT_DIR="${R}/boot/firmware" |
|
70 | 71 | KERNEL_DIR="${R}/usr/src/linux" |
|
71 | 72 | WLAN_FIRMWARE_DIR="${LIB_DIR}/firmware/brcm" |
|
73 | BLUETOOTH_FIRMWARE_DIR="${ETC_DIR}/firmware/bt" | |
|
72 | 74 | |
|
73 | 75 | # Firmware directory: Blank if download from github |
|
74 | 76 | RPI_FIRMWARE_DIR=${RPI_FIRMWARE_DIR:=""} |
|
75 | 77 | |
|
76 | 78 | # General settings |
|
77 | 79 | SET_ARCH=${SET_ARCH:=32} |
|
78 | 80 | HOSTNAME=${HOSTNAME:=rpi${RPI_MODEL}-${RELEASE}} |
|
79 | 81 | PASSWORD=${PASSWORD:=raspberry} |
|
80 | 82 | USER_PASSWORD=${USER_PASSWORD:=raspberry} |
|
81 | 83 | DEFLOCAL=${DEFLOCAL:="en_US.UTF-8"} |
|
82 | 84 | TIMEZONE=${TIMEZONE:="Europe/Berlin"} |
|
83 | 85 | EXPANDROOT=${EXPANDROOT:=true} |
|
84 | 86 | |
|
85 | 87 | # Keyboard settings |
|
86 | 88 | XKB_MODEL=${XKB_MODEL:=""} |
|
87 | 89 | XKB_LAYOUT=${XKB_LAYOUT:=""} |
|
88 | 90 | XKB_VARIANT=${XKB_VARIANT:=""} |
|
89 | 91 | XKB_OPTIONS=${XKB_OPTIONS:=""} |
|
90 | 92 | |
|
91 | 93 | # Network settings (DHCP) |
|
92 | 94 | ENABLE_DHCP=${ENABLE_DHCP:=true} |
|
93 | 95 | |
|
94 | 96 | # Network settings (static) |
|
95 | 97 | NET_ADDRESS=${NET_ADDRESS:=""} |
|
96 | 98 | NET_GATEWAY=${NET_GATEWAY:=""} |
|
97 | 99 | NET_DNS_1=${NET_DNS_1:=""} |
|
98 | 100 | NET_DNS_2=${NET_DNS_2:=""} |
|
99 | 101 | NET_DNS_DOMAINS=${NET_DNS_DOMAINS:=""} |
|
100 | 102 | NET_NTP_1=${NET_NTP_1:=""} |
|
101 | 103 | NET_NTP_2=${NET_NTP_2:=""} |
|
102 | 104 | |
|
103 | 105 | # APT settings |
|
104 | 106 | APT_PROXY=${APT_PROXY:=""} |
|
105 | 107 | APT_SERVER=${APT_SERVER:="ftp.debian.org"} |
|
106 | 108 | |
|
107 | 109 | # Feature settings |
|
110 | ENABLE_PRINTK=${ENABLE_PRINTK:=false} | |
|
111 | ENABLE_BLUETOOTH=${ENABLE_BLUETOOTH:=false} | |
|
112 | ENABLE_MINIUART_OVERLAY=${ENABLE_MINIUART_OVERLAY:=false} | |
|
108 | 113 | ENABLE_CONSOLE=${ENABLE_CONSOLE:=true} |
|
109 | 114 | ENABLE_I2C=${ENABLE_I2C:=false} |
|
110 | 115 | ENABLE_SPI=${ENABLE_SPI:=false} |
|
111 | 116 | ENABLE_IPV6=${ENABLE_IPV6:=true} |
|
112 | 117 | ENABLE_SSHD=${ENABLE_SSHD:=true} |
|
113 | 118 | ENABLE_NONFREE=${ENABLE_NONFREE:=false} |
|
114 | 119 | ENABLE_WIRELESS=${ENABLE_WIRELESS:=false} |
|
115 | 120 | ENABLE_SOUND=${ENABLE_SOUND:=true} |
|
116 | 121 | ENABLE_DBUS=${ENABLE_DBUS:=true} |
|
117 | 122 | ENABLE_HWRANDOM=${ENABLE_HWRANDOM:=true} |
|
118 | 123 | ENABLE_MINGPU=${ENABLE_MINGPU:=false} |
|
119 | 124 | ENABLE_XORG=${ENABLE_XORG:=false} |
|
120 | 125 | ENABLE_WM=${ENABLE_WM:=""} |
|
121 | 126 | ENABLE_RSYSLOG=${ENABLE_RSYSLOG:=true} |
|
122 | 127 | ENABLE_USER=${ENABLE_USER:=true} |
|
123 | 128 | USER_NAME=${USER_NAME:="pi"} |
|
124 | 129 | ENABLE_ROOT=${ENABLE_ROOT:=false} |
|
125 | 130 | ENABLE_QEMU=${ENABLE_QEMU:=false} |
|
126 | 131 | ENABLE_SYSVINIT=${ENABLE_SYSVINIT:=false} |
|
127 | 132 | |
|
128 | 133 | # SSH settings |
|
129 | 134 | SSH_ENABLE_ROOT=${SSH_ENABLE_ROOT:=false} |
|
130 | 135 | SSH_DISABLE_PASSWORD_AUTH=${SSH_DISABLE_PASSWORD_AUTH:=false} |
|
131 | 136 | SSH_LIMIT_USERS=${SSH_LIMIT_USERS:=false} |
|
132 | 137 | SSH_ROOT_PUB_KEY=${SSH_ROOT_PUB_KEY:=""} |
|
133 | 138 | SSH_USER_PUB_KEY=${SSH_USER_PUB_KEY:=""} |
|
134 | 139 | |
|
135 | 140 | # Advanced settings |
|
136 | 141 | ENABLE_MINBASE=${ENABLE_MINBASE:=false} |
|
137 | 142 | ENABLE_REDUCE=${ENABLE_REDUCE:=false} |
|
138 | 143 | ENABLE_UBOOT=${ENABLE_UBOOT:=false} |
|
139 | 144 | UBOOTSRC_DIR=${UBOOTSRC_DIR:=""} |
|
140 | 145 | ENABLE_FBTURBO=${ENABLE_FBTURBO:=false} |
|
141 | 146 | ENABLE_VIDEOCORE=${ENABLE_VIDEOCORE:=false} |
|
142 | 147 | VIDEOCORESRC_DIR=${VIDEOCORESRC_DIR:=""} |
|
143 | 148 | FBTURBOSRC_DIR=${FBTURBOSRC_DIR:=""} |
|
144 | 149 | ENABLE_HARDNET=${ENABLE_HARDNET:=false} |
|
145 | 150 | ENABLE_IPTABLES=${ENABLE_IPTABLES:=false} |
|
146 | 151 | ENABLE_SPLITFS=${ENABLE_SPLITFS:=false} |
|
147 | 152 | ENABLE_INITRAMFS=${ENABLE_INITRAMFS:=false} |
|
148 | 153 | ENABLE_IFNAMES=${ENABLE_IFNAMES:=true} |
|
149 | 154 | DISABLE_UNDERVOLT_WARNINGS=${DISABLE_UNDERVOLT_WARNINGS:=} |
|
150 | 155 | |
|
151 | 156 | # Kernel compilation settings |
|
152 | 157 | BUILD_KERNEL=${BUILD_KERNEL:=true} |
|
153 | 158 | KERNEL_REDUCE=${KERNEL_REDUCE:=false} |
|
154 | 159 | KERNEL_THREADS=${KERNEL_THREADS:=1} |
|
155 | 160 | KERNEL_HEADERS=${KERNEL_HEADERS:=true} |
|
156 | 161 | KERNEL_MENUCONFIG=${KERNEL_MENUCONFIG:=false} |
|
157 | 162 | KERNEL_REMOVESRC=${KERNEL_REMOVESRC:=true} |
|
158 | 163 | KERNEL_OLDDEFCONFIG=${KERNEL_OLDDEFCONFIG:=false} |
|
159 | 164 | KERNEL_CCACHE=${KERNEL_CCACHE:=false} |
|
160 | 165 | |
|
161 | 166 | # Kernel compilation from source directory settings |
|
162 | 167 | KERNELSRC_DIR=${KERNELSRC_DIR:=""} |
|
163 | 168 | KERNELSRC_CLEAN=${KERNELSRC_CLEAN:=false} |
|
164 | 169 | KERNELSRC_CONFIG=${KERNELSRC_CONFIG:=true} |
|
165 | 170 | KERNELSRC_PREBUILT=${KERNELSRC_PREBUILT:=false} |
|
166 | 171 | |
|
167 | 172 | # Reduce disk usage settings |
|
168 | 173 | REDUCE_APT=${REDUCE_APT:=true} |
|
169 | 174 | REDUCE_DOC=${REDUCE_DOC:=true} |
|
170 | 175 | REDUCE_MAN=${REDUCE_MAN:=true} |
|
171 | 176 | REDUCE_VIM=${REDUCE_VIM:=false} |
|
172 | 177 | REDUCE_BASH=${REDUCE_BASH:=false} |
|
173 | 178 | REDUCE_HWDB=${REDUCE_HWDB:=true} |
|
174 | 179 | REDUCE_SSHD=${REDUCE_SSHD:=true} |
|
175 | 180 | REDUCE_LOCALE=${REDUCE_LOCALE:=true} |
|
176 | 181 | |
|
177 | 182 | # Encrypted filesystem settings |
|
178 | 183 | ENABLE_CRYPTFS=${ENABLE_CRYPTFS:=false} |
|
179 | 184 | CRYPTFS_PASSWORD=${CRYPTFS_PASSWORD:=""} |
|
180 | 185 | CRYPTFS_MAPPING=${CRYPTFS_MAPPING:="secure"} |
|
181 | 186 | CRYPTFS_CIPHER=${CRYPTFS_CIPHER:="aes-xts-plain64:sha512"} |
|
182 | 187 | CRYPTFS_XTSKEYSIZE=${CRYPTFS_XTSKEYSIZE:=512} |
|
183 | 188 | |
|
184 | 189 | # Chroot scripts directory |
|
185 | 190 | CHROOT_SCRIPTS=${CHROOT_SCRIPTS:=""} |
|
186 | 191 | |
|
187 | 192 | # Packages required in the chroot build environment |
|
188 | 193 | APT_INCLUDES=${APT_INCLUDES:=""} |
|
189 | APT_INCLUDES="${APT_INCLUDES},apt-transport-https,apt-utils,ca-certificates,debian-archive-keyring,dialog,sudo,systemd,sysvinit-utils,locales,keyboard-configuration,console-setup" | |
|
194 | APT_INCLUDES="${APT_INCLUDES},apt-transport-https,apt-utils,ca-certificates,debian-archive-keyring,dialog,sudo,systemd,sysvinit-utils,locales,keyboard-configuration,console-setup,libnss-systemd" | |
|
190 | 195 | |
|
191 | 196 | # Packages to exclude from chroot build environment |
|
192 | 197 | APT_EXCLUDES=${APT_EXCLUDES:=""} |
|
193 | 198 | |
|
194 | 199 | # Packages required for bootstrapping |
|
195 | 200 | REQUIRED_PACKAGES="debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git bc psmisc dbus sudo" |
|
196 | 201 | MISSING_PACKAGES="" |
|
197 | 202 | |
|
198 | 203 | # Packages installed for c/c++ build environment in chroot (keep empty) |
|
199 | 204 | COMPILER_PACKAGES="" |
|
200 | 205 | |
|
201 | 206 | set +x |
|
202 | 207 | |
|
208 | #Check if apt-cacher-ng has port 3142 open and set APT_PROXY | |
|
209 | APT_CACHER_RUNNING=$(lsof -i :3142 | grep apt-cacher-ng | cut -d ' ' -f3 | uniq) | |
|
210 | if [ -n "${APT_CACHER_RUNNING}" ] ; then | |
|
211 | APT_PROXY=http://127.0.0.1:3142/ | |
|
212 | fi | |
|
213 | ||
|
203 | 214 | # Setup architecture specific settings |
|
204 | 215 | if [ -n "$SET_ARCH" ] ; then |
|
205 |
# 64 |
|
|
216 | # 64-bit configuration | |
|
206 | 217 | if [ "$SET_ARCH" = 64 ] ; then |
|
207 |
# General 64 |
|
|
218 | # General 64-bit depended settings | |
|
208 | 219 | QEMU_BINARY=${QEMU_BINARY:=/usr/bin/qemu-aarch64-static} |
|
209 | 220 | KERNEL_ARCH=${KERNEL_ARCH:=arm64} |
|
210 | 221 | KERNEL_BIN_IMAGE=${KERNEL_BIN_IMAGE:="Image"} |
|
211 | 222 | |
|
212 |
# |
|
|
223 | # Raspberry Pi model specific settings | |
|
213 | 224 | if [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then |
|
214 | 225 | REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-arm64" |
|
215 | 226 | KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcmrpi3_defconfig} |
|
216 | 227 | RELEASE_ARCH=${RELEASE_ARCH:=arm64} |
|
217 | 228 | KERNEL_IMAGE=${KERNEL_IMAGE:=kernel8.img} |
|
218 | 229 | CROSS_COMPILE=${CROSS_COMPILE:=aarch64-linux-gnu-} |
|
219 | 230 | else |
|
220 |
echo "error: Only Raspberry PI 3 and 3B+ support 64 |
|
|
231 | echo "error: Only Raspberry PI 3 and 3B+ support 64-bit" | |
|
221 | 232 | exit 1 |
|
222 | 233 | fi |
|
223 | 234 | fi |
|
224 | 235 | |
|
225 |
# 32 |
|
|
236 | # 32-bit configuration | |
|
226 | 237 | if [ "$SET_ARCH" = 32 ] ; then |
|
227 |
# General 32 |
|
|
238 | # General 32-bit dependend settings | |
|
228 | 239 | QEMU_BINARY=${QEMU_BINARY:=/usr/bin/qemu-arm-static} |
|
229 | 240 | KERNEL_ARCH=${KERNEL_ARCH:=arm} |
|
230 | 241 | KERNEL_BIN_IMAGE=${KERNEL_BIN_IMAGE:="zImage"} |
|
231 | 242 | |
|
232 |
# |
|
|
243 | # Raspberry Pi model specific settings | |
|
233 | 244 | if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 1 ] || [ "$RPI_MODEL" = 1P ] ; then |
|
234 | 245 | REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-armel" |
|
235 | 246 | KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcmrpi_defconfig} |
|
236 | 247 | RELEASE_ARCH=${RELEASE_ARCH:=armel} |
|
237 | 248 | KERNEL_IMAGE=${KERNEL_IMAGE:=kernel.img} |
|
238 | 249 | CROSS_COMPILE=${CROSS_COMPILE:=arm-linux-gnueabi-} |
|
239 | 250 | fi |
|
240 | 251 | |
|
241 |
# |
|
|
252 | # Raspberry Pi model specific settings | |
|
242 | 253 | if [ "$RPI_MODEL" = 2 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then |
|
243 | 254 | REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-armhf" |
|
244 | 255 | KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcm2709_defconfig} |
|
245 | 256 | RELEASE_ARCH=${RELEASE_ARCH:=armhf} |
|
246 | 257 | KERNEL_IMAGE=${KERNEL_IMAGE:=kernel7.img} |
|
247 | 258 | CROSS_COMPILE=${CROSS_COMPILE:=arm-linux-gnueabihf-} |
|
248 | 259 | fi |
|
249 | 260 | fi |
|
250 | 261 | #SET_ARCH not set |
|
251 | 262 | else |
|
252 | 263 | echo "error: Please set '32' or '64' as value for SET_ARCH" |
|
253 | 264 | exit 1 |
|
254 | 265 | fi |
|
255 | 266 |
|
|
256 | 267 |
|
|
257 | 268 |
|
|
258 | 269 |
|
|
259 | 270 |
|
|
260 | 271 |
|
|
261 | 272 |
|
|
262 | 273 |
|
|
263 | 274 |
|
|
264 | 275 |
|
|
265 | 276 |
|
|
266 | 277 |
|
|
267 | 278 |
|
|
268 | 279 |
|
|
269 | 280 |
|
|
270 | 281 |
|
|
271 | 282 |
|
|
272 | 283 |
|
|
273 | 284 |
|
|
274 | 285 |
|
|
275 | 286 |
|
|
276 | 287 |
|
|
277 | 288 |
|
|
278 | 289 |
|
|
279 | 290 |
|
|
280 | 291 |
|
|
281 | 292 |
|
|
282 | 293 |
|
|
283 | 294 |
|
|
284 | 295 |
|
|
285 | 296 |
|
|
286 | 297 | |
|
298 | # Raspberry PI 0,3,3P with Bluetooth and Wifi onboard | |
|
299 | if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then | |
|
300 | # Include bluetooth packages on supported boards | |
|
301 | if [ "$ENABLE_BLUETOOTH" = true ] && [ "$ENABLE_CONSOLE" = false ]; then | |
|
302 | APT_INCLUDES="${APT_INCLUDES},bluetooth,bluez" | |
|
303 | fi | |
|
304 | else # Raspberry PI 1,1P,2 without Wifi and bluetooth onboard | |
|
305 | # Check if the internal wireless interface is not supported by the RPi model | |
|
306 | if [ "$ENABLE_WIRELESS" = true ] || [ "$ENABLE_BLUETOOTH" = true ]; then | |
|
307 | echo "error: The selected Raspberry Pi model has no integrated interface for wireless or bluetooth" | |
|
308 | exit 1 | |
|
309 | fi | |
|
310 | fi | |
|
311 | ||
|
287 | 312 | # Prepare date string for default image file name |
|
288 | 313 | DATE="$(date +%Y-%m-%d)" |
|
289 | 314 | if [ -z "$KERNEL_BRANCH" ] ; then |
|
290 | 315 | IMAGE_NAME=${IMAGE_NAME:=${BASEDIR}/${DATE}-${KERNEL_ARCH}-CURRENT-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}} |
|
291 | 316 | else |
|
292 | 317 | IMAGE_NAME=${IMAGE_NAME:=${BASEDIR}/${DATE}-${KERNEL_ARCH}-${KERNEL_BRANCH}-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}} |
|
293 | 318 | fi |
|
294 | 319 | |
|
295 | # Check if the internal wireless interface is supported by the RPi model | |
|
296 | if [ "$ENABLE_WIRELESS" = true ] ; then | |
|
297 | if [ "$RPI_MODEL" = 1 ] || [ "$RPI_MODEL" = 1P ] || [ "$RPI_MODEL" = 2 ] ; then | |
|
298 | echo "error: The selected Raspberry Pi model has no internal wireless interface" | |
|
299 | exit 1 | |
|
300 | else | |
|
301 | echo "Raspberry Pi $RPI_MODEL has WIFI support" | |
|
302 | fi | |
|
303 | fi | |
|
304 | ||
|
305 | 320 | # Check if DISABLE_UNDERVOLT_WARNINGS parameter value is supported |
|
306 | 321 | if [ -n "$DISABLE_UNDERVOLT_WARNINGS" ] ; then |
|
307 | 322 | if [ "$DISABLE_UNDERVOLT_WARNINGS" != 1 ] && [ "$DISABLE_UNDERVOLT_WARNINGS" != 2 ] ; then |
|
308 | 323 | echo "error: DISABLE_UNDERVOLT_WARNINGS=${DISABLE_UNDERVOLT_WARNINGS} is not supported" |
|
309 | 324 | exit 1 |
|
310 | 325 | fi |
|
311 | 326 | fi |
|
312 | 327 | |
|
313 | 328 | # Add cmake to compile videocore sources |
|
314 | 329 | if [ "$ENABLE_VIDEOCORE" = true ] ; then |
|
315 | 330 | REQUIRED_PACKAGES="${REQUIRED_PACKAGES} cmake" |
|
316 | 331 | fi |
|
317 | 332 | |
|
318 | 333 | # Add libncurses5 to enable kernel menuconfig |
|
319 | 334 | if [ "$KERNEL_MENUCONFIG" = true ] ; then |
|
320 | 335 | REQUIRED_PACKAGES="${REQUIRED_PACKAGES} libncurses-dev" |
|
321 | 336 | fi |
|
322 | 337 | |
|
323 | 338 | # Add ccache compiler cache for (faster) kernel cross (re)compilation |
|
324 | 339 | if [ "$KERNEL_CCACHE" = true ] ; then |
|
325 | 340 | REQUIRED_PACKAGES="${REQUIRED_PACKAGES} ccache" |
|
326 | 341 | fi |
|
327 | 342 | |
|
328 | 343 | # Add cryptsetup package to enable filesystem encryption |
|
329 | 344 | if [ "$ENABLE_CRYPTFS" = true ] && [ "$BUILD_KERNEL" = true ] ; then |
|
330 | 345 | REQUIRED_PACKAGES="${REQUIRED_PACKAGES} cryptsetup" |
|
331 | 346 | APT_INCLUDES="${APT_INCLUDES},cryptsetup,busybox,console-setup" |
|
332 | 347 | |
|
333 | 348 | if [ -z "$CRYPTFS_PASSWORD" ] ; then |
|
334 | 349 | echo "error: no password defined (CRYPTFS_PASSWORD)!" |
|
335 | 350 | exit 1 |
|
336 | 351 | fi |
|
337 | 352 | ENABLE_INITRAMFS=true |
|
338 | 353 | fi |
|
339 | 354 | |
|
340 | 355 | # Add initramfs generation tools |
|
341 | 356 | if [ "$ENABLE_INITRAMFS" = true ] && [ "$BUILD_KERNEL" = true ] ; then |
|
342 | 357 | APT_INCLUDES="${APT_INCLUDES},initramfs-tools" |
|
343 | 358 | fi |
|
344 | 359 | |
|
345 | 360 | # Add device-tree-compiler required for building the U-Boot bootloader |
|
346 | 361 | if [ "$ENABLE_UBOOT" = true ] ; then |
|
347 | 362 | APT_INCLUDES="${APT_INCLUDES},device-tree-compiler,bison,flex,bc" |
|
348 | 363 | fi |
|
349 | 364 | |
|
365 | if [ "$ENABLE_BLUETOOTH" = true ] ; then | |
|
366 | if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then | |
|
367 | if [ "$ENABLE_CONSOLE" = false ] ; then | |
|
368 | APT_INCLUDES="${APT_INCLUDES},bluetooth,bluez" | |
|
369 | fi | |
|
370 | fi | |
|
371 | fi | |
|
372 | ||
|
350 | 373 | # Check if root SSH (v2) public key file exists |
|
351 | 374 | if [ -n "$SSH_ROOT_PUB_KEY" ] ; then |
|
352 | 375 | if [ ! -f "$SSH_ROOT_PUB_KEY" ] ; then |
|
353 | 376 | echo "error: '$SSH_ROOT_PUB_KEY' specified SSH public key file not found (SSH_ROOT_PUB_KEY)!" |
|
354 | 377 | exit 1 |
|
355 | 378 | fi |
|
356 | 379 | fi |
|
357 | 380 | |
|
358 | 381 | # Check if $USER_NAME SSH (v2) public key file exists |
|
359 | 382 | if [ -n "$SSH_USER_PUB_KEY" ] ; then |
|
360 | 383 | if [ ! -f "$SSH_USER_PUB_KEY" ] ; then |
|
361 | 384 | echo "error: '$SSH_USER_PUB_KEY' specified SSH public key file not found (SSH_USER_PUB_KEY)!" |
|
362 | 385 | exit 1 |
|
363 | 386 | fi |
|
364 | 387 | fi |
|
365 | 388 | |
|
366 | 389 | # Check if all required packages are installed on the build system |
|
367 | 390 | for package in $REQUIRED_PACKAGES ; do |
|
368 | if [ "$(dpkg-query -W -f='${Status}' $package)" != "install ok installed" ] ; then | |
|
391 | if [ "$(dpkg-query -W -f='${Status}' "$package")" != "install ok installed" ] ; then | |
|
369 | 392 | MISSING_PACKAGES="${MISSING_PACKAGES} $package" |
|
370 | 393 | fi |
|
371 | 394 | done |
|
372 | 395 | |
|
373 | 396 | # If there are missing packages ask confirmation for install, or exit |
|
374 | 397 | if [ -n "$MISSING_PACKAGES" ] ; then |
|
375 | 398 | echo "the following packages needed by this script are not installed:" |
|
376 | 399 | echo "$MISSING_PACKAGES" |
|
377 | 400 | |
|
378 | 401 | printf "\ndo you want to install the missing packages right now? [y/n] " |
|
379 | 402 | read -r confirm |
|
380 | 403 | [ "$confirm" != "y" ] && exit 1 |
|
381 | 404 | |
|
382 | 405 | # Make sure all missing required packages are installed |
|
383 | apt-get -qq -y install "${MISSING_PACKAGES}" | |
|
406 | apt-get -qq -y install `echo "${MISSING_PACKAGES}" | sed "s/ //"` | |
|
384 | 407 | fi |
|
385 | 408 | |
|
386 | 409 | # Check if ./bootstrap.d directory exists |
|
387 | 410 | if [ ! -d "./bootstrap.d/" ] ; then |
|
388 | 411 | echo "error: './bootstrap.d' required directory not found!" |
|
389 | 412 | exit 1 |
|
390 | 413 | fi |
|
391 | 414 | |
|
392 | 415 | # Check if ./files directory exists |
|
393 | 416 | if [ ! -d "./files/" ] ; then |
|
394 | 417 | echo "error: './files' required directory not found!" |
|
395 | 418 | exit 1 |
|
396 | 419 | fi |
|
397 | 420 | |
|
398 | 421 | # Check if specified KERNELSRC_DIR directory exists |
|
399 | 422 | if [ -n "$KERNELSRC_DIR" ] && [ ! -d "$KERNELSRC_DIR" ] ; then |
|
400 | 423 | echo "error: '${KERNELSRC_DIR}' specified directory not found (KERNELSRC_DIR)!" |
|
401 | 424 | exit 1 |
|
402 | 425 | fi |
|
403 | 426 | |
|
404 | 427 | # Check if specified UBOOTSRC_DIR directory exists |
|
405 | 428 | if [ -n "$UBOOTSRC_DIR" ] && [ ! -d "$UBOOTSRC_DIR" ] ; then |
|
406 | 429 | echo "error: '${UBOOTSRC_DIR}' specified directory not found (UBOOTSRC_DIR)!" |
|
407 | 430 | exit 1 |
|
408 | 431 | fi |
|
409 | 432 | |
|
410 | 433 | # Check if specified VIDEOCORESRC_DIR directory exists |
|
411 | 434 | if [ -n "$VIDEOCORESRC_DIR" ] && [ ! -d "$VIDEOCORESRC_DIR" ] ; then |
|
412 | 435 | echo "error: '${VIDEOCORESRC_DIR}' specified directory not found (VIDEOCORESRC_DIR)!" |
|
413 | 436 | exit 1 |
|
414 | 437 | fi |
|
415 | 438 | |
|
416 | 439 | # Check if specified FBTURBOSRC_DIR directory exists |
|
417 | 440 | if [ -n "$FBTURBOSRC_DIR" ] && [ ! -d "$FBTURBOSRC_DIR" ] ; then |
|
418 | 441 | echo "error: '${FBTURBOSRC_DIR}' specified directory not found (FBTURBOSRC_DIR)!" |
|
419 | 442 | exit 1 |
|
420 | 443 | fi |
|
421 | 444 | |
|
422 | 445 | # Check if specified CHROOT_SCRIPTS directory exists |
|
423 | 446 | if [ -n "$CHROOT_SCRIPTS" ] && [ ! -d "$CHROOT_SCRIPTS" ] ; then |
|
424 | 447 | echo "error: ${CHROOT_SCRIPTS} specified directory not found (CHROOT_SCRIPTS)!" |
|
425 | 448 | exit 1 |
|
426 | 449 | fi |
|
427 | 450 | |
|
428 | 451 | # Check if specified device mapping already exists (will be used by cryptsetup) |
|
429 | 452 | if [ -r "/dev/mapping/${CRYPTFS_MAPPING}" ] ; then |
|
430 | 453 | echo "error: mapping /dev/mapping/${CRYPTFS_MAPPING} already exists, not proceeding" |
|
431 | 454 | exit 1 |
|
432 | 455 | fi |
|
433 | 456 | |
|
434 | 457 | # Don't clobber an old build |
|
435 | 458 | if [ -e "$BUILDDIR" ] ; then |
|
436 | 459 | echo "error: directory ${BUILDDIR} already exists, not proceeding" |
|
437 | 460 | exit 1 |
|
438 | 461 | fi |
|
439 | 462 | |
|
440 | 463 | # Setup chroot directory |
|
441 | 464 | mkdir -p "${R}" |
|
442 | 465 | |
|
443 | 466 | # Check if build directory has enough of free disk space >512MB |
|
444 | 467 | if [ "$(df --output=avail "${BUILDDIR}" | sed "1d")" -le "524288" ] ; then |
|
445 | 468 | echo "error: ${BUILDDIR} not enough space left to generate the output image!" |
|
446 | 469 | exit 1 |
|
447 | 470 | fi |
|
448 | 471 | |
|
449 | 472 | set -x |
|
450 | 473 | |
|
451 | 474 | # Call "cleanup" function on various signals and errors |
|
452 | 475 | trap cleanup 0 1 2 3 6 |
|
453 | 476 | |
|
454 | 477 | # Add required packages for the minbase installation |
|
455 | 478 | if [ "$ENABLE_MINBASE" = true ] ; then |
|
456 | 479 | APT_INCLUDES="${APT_INCLUDES},vim-tiny,netbase,net-tools,ifupdown" |
|
457 | 480 | fi |
|
458 | 481 | |
|
459 | 482 | # Add parted package, required to get partprobe utility |
|
460 | 483 | if [ "$EXPANDROOT" = true ] ; then |
|
461 | 484 | APT_INCLUDES="${APT_INCLUDES},parted" |
|
462 | 485 | fi |
|
463 | 486 | |
|
464 | 487 | # Add dbus package, recommended if using systemd |
|
465 | 488 | if [ "$ENABLE_DBUS" = true ] ; then |
|
466 | 489 | APT_INCLUDES="${APT_INCLUDES},dbus" |
|
467 | 490 | fi |
|
468 | 491 | |
|
469 | 492 | # Add iptables IPv4/IPv6 package |
|
470 | 493 | if [ "$ENABLE_IPTABLES" = true ] ; then |
|
471 | 494 | APT_INCLUDES="${APT_INCLUDES},iptables,iptables-persistent" |
|
472 | 495 | fi |
|
473 | 496 | |
|
474 | 497 | # Add openssh server package |
|
475 | 498 | if [ "$ENABLE_SSHD" = true ] ; then |
|
476 | 499 | APT_INCLUDES="${APT_INCLUDES},openssh-server" |
|
477 | 500 | fi |
|
478 | 501 | |
|
479 | 502 | # Add alsa-utils package |
|
480 | 503 | if [ "$ENABLE_SOUND" = true ] ; then |
|
481 | 504 | APT_INCLUDES="${APT_INCLUDES},alsa-utils" |
|
482 | 505 | fi |
|
483 | 506 | |
|
484 | 507 | # Add rng-tools package |
|
485 | 508 | if [ "$ENABLE_HWRANDOM" = true ] ; then |
|
486 | 509 | APT_INCLUDES="${APT_INCLUDES},rng-tools" |
|
487 | 510 | fi |
|
488 | 511 | |
|
489 | 512 | # Add fbturbo video driver |
|
490 | 513 | if [ "$ENABLE_FBTURBO" = true ] ; then |
|
491 | 514 | # Enable xorg package dependencies |
|
492 | 515 | ENABLE_XORG=true |
|
493 | 516 | fi |
|
494 | 517 | |
|
495 | 518 | # Add user defined window manager package |
|
496 | 519 | if [ -n "$ENABLE_WM" ] ; then |
|
497 | 520 | APT_INCLUDES="${APT_INCLUDES},${ENABLE_WM}" |
|
498 | 521 | |
|
499 | 522 | # Enable xorg package dependencies |
|
500 | 523 | ENABLE_XORG=true |
|
501 | 524 | fi |
|
502 | 525 | |
|
503 | 526 | # Add xorg package |
|
504 | 527 | if [ "$ENABLE_XORG" = true ] ; then |
|
505 | 528 | APT_INCLUDES="${APT_INCLUDES},xorg,dbus-x11" |
|
506 | 529 | fi |
|
507 | 530 | |
|
508 | 531 | # Replace selected packages with smaller clones |
|
509 | 532 | if [ "$ENABLE_REDUCE" = true ] ; then |
|
510 | 533 | # Add levee package instead of vim-tiny |
|
511 | 534 | if [ "$REDUCE_VIM" = true ] ; then |
|
512 | 535 | APT_INCLUDES="$(echo ${APT_INCLUDES} | sed "s/vim-tiny/levee/")" |
|
513 | 536 | fi |
|
514 | 537 | |
|
515 | 538 | # Add dropbear package instead of openssh-server |
|
516 | 539 | if [ "$REDUCE_SSHD" = true ] ; then |
|
517 | 540 | APT_INCLUDES="$(echo "${APT_INCLUDES}" | sed "s/openssh-server/dropbear/")" |
|
518 | 541 | fi |
|
519 | 542 | fi |
|
520 | 543 | |
|
521 | 544 | # Configure systemd-sysv exclude to make halt/reboot/shutdown scripts available |
|
522 | 545 | if [ "$ENABLE_SYSVINIT" = false ] ; then |
|
523 | 546 | APT_EXCLUDES="--exclude=${APT_EXCLUDES},init,systemd-sysv" |
|
524 | 547 | fi |
|
525 | 548 | |
|
526 | 549 | # Check if kernel is getting compiled |
|
527 | 550 | if [ "$BUILD_KERNEL" = false ] ; then |
|
528 | 551 | echo "Downloading precompiled kernel" |
|
529 | 552 | echo "error: not configured" |
|
530 | 553 | exit 1; |
|
531 | 554 | # BUILD_KERNEL=true |
|
532 | 555 | else |
|
533 | 556 | echo "No precompiled kernel repositories were added" |
|
534 | 557 | fi |
|
535 | 558 | |
|
536 | 559 | # Configure kernel sources if no KERNELSRC_DIR |
|
537 | 560 | if [ "$BUILD_KERNEL" = true ] && [ -z "$KERNELSRC_DIR" ] ; then |
|
538 | 561 | KERNELSRC_CONFIG=true |
|
539 | 562 | fi |
|
540 | 563 | |
|
541 | 564 | # Configure reduced kernel |
|
542 | 565 | if [ "$KERNEL_REDUCE" = true ] ; then |
|
543 | 566 | KERNELSRC_CONFIG=false |
|
544 | 567 | fi |
|
545 | 568 | |
|
546 | 569 | # Configure qemu compatible kernel |
|
547 | 570 | if [ "$ENABLE_QEMU" = true ] ; then |
|
548 | 571 | DTB_FILE=vexpress-v2p-ca15_a7.dtb |
|
549 | 572 | UBOOT_CONFIG=vexpress_ca15_tc2_defconfig |
|
550 | 573 | KERNEL_DEFCONFIG="vexpress_defconfig" |
|
551 | 574 | if [ "$KERNEL_MENUCONFIG" = false ] ; then |
|
552 | 575 | KERNEL_OLDDEFCONFIG=true |
|
553 | 576 | fi |
|
554 | 577 | fi |
|
555 | 578 | |
|
556 | 579 | # Execute bootstrap scripts |
|
557 | 580 | for SCRIPT in bootstrap.d/*.sh; do |
|
558 | 581 | head -n 3 "$SCRIPT" |
|
559 | 582 | . "$SCRIPT" |
|
560 | 583 | done |
|
561 | 584 | |
|
562 | 585 | ## Execute custom bootstrap scripts |
|
563 | 586 | if [ -d "custom.d" ] ; then |
|
564 | 587 | for SCRIPT in custom.d/*.sh; do |
|
565 | 588 | . "$SCRIPT" |
|
566 | 589 | done |
|
567 | 590 | fi |
|
568 | 591 | |
|
569 | 592 | # Execute custom scripts inside the chroot |
|
570 | 593 | if [ -n "$CHROOT_SCRIPTS" ] && [ -d "$CHROOT_SCRIPTS" ] ; then |
|
571 | 594 | cp -r "${CHROOT_SCRIPTS}" "${R}/chroot_scripts" |
|
572 | 595 | chroot_exec /bin/bash -x <<'EOF' |
|
573 | 596 | for SCRIPT in /chroot_scripts/* ; do |
|
574 | 597 | if [ -f $SCRIPT -a -x $SCRIPT ] ; then |
|
575 | 598 | $SCRIPT |
|
576 | 599 | fi |
|
577 | 600 | done |
|
578 | 601 | EOF |
|
579 | 602 | rm -rf "${R}/chroot_scripts" |
|
580 | 603 | fi |
|
581 | 604 | |
|
582 | 605 | # Remove c/c++ build environment from the chroot |
|
583 | 606 | chroot_remove_cc |
|
584 | 607 | |
|
585 | 608 | # Generate required machine-id |
|
586 | 609 | MACHINE_ID=$(dbus-uuidgen) |
|
587 | 610 | echo -n "${MACHINE_ID}" > "${R}/var/lib/dbus/machine-id" |
|
588 | 611 | echo -n "${MACHINE_ID}" > "${ETC_DIR}/machine-id" |
|
589 | 612 | |
|
590 | 613 | # APT Cleanup |
|
591 | 614 | chroot_exec apt-get -y clean |
|
592 | 615 | chroot_exec apt-get -y autoclean |
|
593 | 616 | chroot_exec apt-get -y autoremove |
|
594 | 617 | |
|
595 | 618 | # Unmount mounted filesystems |
|
596 | 619 | umount -l "${R}/proc" |
|
597 | 620 | umount -l "${R}/sys" |
|
598 | 621 | |
|
599 | 622 | # Clean up directories |
|
600 | 623 | rm -rf "${R}/run/*" |
|
601 | 624 | rm -rf "${R}/tmp/*" |
|
602 | 625 | |
|
603 | 626 | # Clean up files |
|
604 | 627 | rm -f "${ETC_DIR}/ssh/ssh_host_*" |
|
605 | 628 | rm -f "${ETC_DIR}/dropbear/dropbear_*" |
|
606 | 629 | rm -f "${ETC_DIR}/apt/sources.list.save" |
|
607 | 630 | rm -f "${ETC_DIR}/resolvconf/resolv.conf.d/original" |
|
608 | 631 | rm -f "${ETC_DIR}/*-" |
|
609 | 632 | rm -f "${ETC_DIR}/apt/apt.conf.d/10proxy" |
|
610 | 633 | rm -f "${ETC_DIR}/resolv.conf" |
|
611 | 634 | rm -f "${R}/root/.bash_history" |
|
612 | 635 | rm -f "${R}/var/lib/urandom/random-seed" |
|
613 | 636 | rm -f "${R}/initrd.img" |
|
614 | 637 | rm -f "${R}/vmlinuz" |
|
615 | 638 | rm -f "${R}${QEMU_BINARY}" |
|
616 | 639 | |
|
617 | 640 | if [ "$ENABLE_QEMU" = true ] ; then |
|
618 | 641 | # Setup QEMU directory |
|
619 | 642 | mkdir "${BASEDIR}/qemu" |
|
620 | 643 | |
|
621 | 644 | # Copy kernel image to QEMU directory |
|
622 | 645 | install_readonly "${BOOT_DIR}/${KERNEL_IMAGE}" "${BASEDIR}/qemu/${KERNEL_IMAGE}" |
|
623 | 646 | |
|
624 | 647 | # Copy kernel config to QEMU directory |
|
625 | 648 | install_readonly "${R}/boot/config-${KERNEL_VERSION}" "${BASEDIR}/qemu/config-${KERNEL_VERSION}" |
|
626 | 649 | |
|
627 | 650 | # Copy kernel dtbs to QEMU directory |
|
628 | 651 | for dtb in "${BOOT_DIR}/"*.dtb ; do |
|
629 | 652 | if [ -f "${dtb}" ] ; then |
|
630 | 653 | install_readonly "${dtb}" "${BASEDIR}/qemu/" |
|
631 | 654 | fi |
|
632 | 655 | done |
|
633 | 656 | |
|
634 | 657 | # Copy kernel overlays to QEMU directory |
|
635 | 658 | if [ -d "${BOOT_DIR}/overlays" ] ; then |
|
636 | 659 | # Setup overlays dtbs directory |
|
637 | 660 | mkdir "${BASEDIR}/qemu/overlays" |
|
638 | 661 | |
|
639 | 662 | for dtb in "${BOOT_DIR}/overlays/"*.dtb ; do |
|
640 | 663 | if [ -f "${dtb}" ] ; then |
|
641 | 664 | install_readonly "${dtb}" "${BASEDIR}/qemu/overlays/" |
|
642 | 665 | fi |
|
643 | 666 | done |
|
644 | 667 | fi |
|
645 | 668 | |
|
646 | 669 | # Copy u-boot files to QEMU directory |
|
647 | 670 | if [ "$ENABLE_UBOOT" = true ] ; then |
|
648 | 671 | if [ -f "${BOOT_DIR}/u-boot.bin" ] ; then |
|
649 | 672 | install_readonly "${BOOT_DIR}/u-boot.bin" "${BASEDIR}/qemu/u-boot.bin" |
|
650 | 673 | fi |
|
651 | 674 | if [ -f "${BOOT_DIR}/uboot.mkimage" ] ; then |
|
652 | 675 | install_readonly "${BOOT_DIR}/uboot.mkimage" "${BASEDIR}/qemu/uboot.mkimage" |
|
653 | 676 | fi |
|
654 | 677 | if [ -f "${BOOT_DIR}/boot.scr" ] ; then |
|
655 | 678 | install_readonly "${BOOT_DIR}/boot.scr" "${BASEDIR}/qemu/boot.scr" |
|
656 | 679 | fi |
|
657 | 680 | fi |
|
658 | 681 | |
|
659 | 682 | # Copy initramfs to QEMU directory |
|
660 | 683 | if [ -f "${BOOT_DIR}/initramfs-${KERNEL_VERSION}" ] ; then |
|
661 | 684 | install_readonly "${BOOT_DIR}/initramfs-${KERNEL_VERSION}" "${BASEDIR}/qemu/initramfs-${KERNEL_VERSION}" |
|
662 | 685 | fi |
|
663 | 686 | fi |
|
664 | 687 | |
|
665 | 688 | # Calculate size of the chroot directory in KB |
|
666 | 689 | CHROOT_SIZE=$(expr "$(du -s "${R}" | awk '{ print $1 }')") |
|
667 | 690 | |
|
668 | 691 | # Calculate the amount of needed 512 Byte sectors |
|
669 | 692 | TABLE_SECTORS=$(expr 1 \* 1024 \* 1024 \/ 512) |
|
670 | 693 | FRMW_SECTORS=$(expr 64 \* 1024 \* 1024 \/ 512) |
|
671 | 694 | ROOT_OFFSET=$(expr "${TABLE_SECTORS}" + "${FRMW_SECTORS}") |
|
672 | 695 | |
|
673 | 696 | # The root partition is EXT4 |
|
674 | 697 | # This means more space than the actual used space of the chroot is used. |
|
675 | 698 | # As overhead for journaling and reserved blocks 35% are added. |
|
676 | 699 | ROOT_SECTORS=$(expr "$(expr "${CHROOT_SIZE}" + "${CHROOT_SIZE}" \/ 100 \* 35)" \* 1024 \/ 512) |
|
677 | 700 | |
|
678 | 701 | # Calculate required image size in 512 Byte sectors |
|
679 | 702 | IMAGE_SECTORS=$(expr "${TABLE_SECTORS}" + "${FRMW_SECTORS}" + "${ROOT_SECTORS}") |
|
680 | 703 | |
|
681 | 704 | # Prepare image file |
|
682 | 705 | if [ "$ENABLE_SPLITFS" = true ] ; then |
|
683 | 706 | dd if=/dev/zero of="$IMAGE_NAME-frmw.img" bs=512 count="${TABLE_SECTORS}" |
|
684 | 707 | dd if=/dev/zero of="$IMAGE_NAME-frmw.img" bs=512 count=0 seek="${FRMW_SECTORS}" |
|
685 | 708 | dd if=/dev/zero of="$IMAGE_NAME-root.img" bs=512 count="${TABLE_SECTORS}" |
|
686 | 709 | dd if=/dev/zero of="$IMAGE_NAME-root.img" bs=512 count=0 seek="${ROOT_SECTORS}" |
|
687 | 710 | |
|
688 | 711 | # Write firmware/boot partition tables |
|
689 | 712 | sfdisk -q -L -uS -f "$IMAGE_NAME-frmw.img" 2> /dev/null <<EOM |
|
690 | 713 | ${TABLE_SECTORS},${FRMW_SECTORS},c,* |
|
691 | 714 | EOM |
|
692 | 715 | |
|
693 | 716 | # Write root partition table |
|
694 | 717 | sfdisk -q -L -uS -f "$IMAGE_NAME-root.img" 2> /dev/null <<EOM |
|
695 | 718 | ${TABLE_SECTORS},${ROOT_SECTORS},83 |
|
696 | 719 | EOM |
|
697 | 720 | |
|
698 | 721 | # Setup temporary loop devices |
|
699 | 722 | FRMW_LOOP="$(losetup -o 1M --sizelimit 64M -f --show "$IMAGE_NAME"-frmw.img)" |
|
700 | 723 | ROOT_LOOP="$(losetup -o 1M -f --show "$IMAGE_NAME"-root.img)" |
|
701 | 724 | else # ENABLE_SPLITFS=false |
|
702 | 725 | dd if=/dev/zero of="$IMAGE_NAME.img" bs=512 count="${TABLE_SECTORS}" |
|
703 | 726 | dd if=/dev/zero of="$IMAGE_NAME.img" bs=512 count=0 seek="${IMAGE_SECTORS}" |
|
704 | 727 | |
|
705 | 728 | # Write partition table |
|
706 | 729 | sfdisk -q -L -uS -f "$IMAGE_NAME.img" 2> /dev/null <<EOM |
|
707 | 730 | ${TABLE_SECTORS},${FRMW_SECTORS},c,* |
|
708 | 731 | ${ROOT_OFFSET},${ROOT_SECTORS},83 |
|
709 | 732 | EOM |
|
710 | 733 | |
|
711 | 734 | # Setup temporary loop devices |
|
712 | 735 | FRMW_LOOP="$(losetup -o 1M --sizelimit 64M -f --show "$IMAGE_NAME".img)" |
|
713 | 736 | ROOT_LOOP="$(losetup -o 65M -f --show "$IMAGE_NAME".img)" |
|
714 | 737 | fi |
|
715 | 738 | |
|
716 | 739 | if [ "$ENABLE_CRYPTFS" = true ] ; then |
|
717 | 740 | # Create dummy ext4 fs |
|
718 | 741 | mkfs.ext4 "$ROOT_LOOP" |
|
719 | 742 | |
|
720 | 743 | # Setup password keyfile |
|
721 | 744 | touch .password |
|
722 | 745 | chmod 600 .password |
|
723 | 746 | echo -n ${CRYPTFS_PASSWORD} > .password |
|
724 | 747 | |
|
725 | 748 | # Initialize encrypted partition |
|
726 | 749 | echo "YES" | cryptsetup luksFormat "${ROOT_LOOP}" -c "${CRYPTFS_CIPHER}" -s "${CRYPTFS_XTSKEYSIZE}" .password |
|
727 | 750 | |
|
728 | 751 | # Open encrypted partition and setup mapping |
|
729 | 752 | cryptsetup luksOpen "${ROOT_LOOP}" -d .password "${CRYPTFS_MAPPING}" |
|
730 | 753 | |
|
731 | 754 | # Secure delete password keyfile |
|
732 | 755 | shred -zu .password |
|
733 | 756 | |
|
734 | 757 | # Update temporary loop device |
|
735 | 758 | ROOT_LOOP="/dev/mapper/${CRYPTFS_MAPPING}" |
|
736 | 759 | |
|
737 | 760 | # Wipe encrypted partition (encryption cipher is used for randomness) |
|
738 | 761 | dd if=/dev/zero of="${ROOT_LOOP}" bs=512 count="$(blockdev --getsz "${ROOT_LOOP}")" |
|
739 | 762 | fi |
|
740 | 763 | |
|
741 | 764 | # Build filesystems |
|
742 | 765 | mkfs.vfat "$FRMW_LOOP" |
|
743 | 766 | mkfs.ext4 "$ROOT_LOOP" |
|
744 | 767 | |
|
745 | 768 | # Mount the temporary loop devices |
|
746 | 769 | mkdir -p "$BUILDDIR/mount" |
|
747 | 770 | mount "$ROOT_LOOP" "$BUILDDIR/mount" |
|
748 | 771 | |
|
749 | 772 | mkdir -p "$BUILDDIR/mount/boot/firmware" |
|
750 | 773 | mount "$FRMW_LOOP" "$BUILDDIR/mount/boot/firmware" |
|
751 | 774 | |
|
752 | 775 | # Copy all files from the chroot to the loop device mount point directory |
|
753 | 776 | rsync -a "${R}/" "$BUILDDIR/mount/" |
|
754 | 777 | |
|
755 | 778 | # Unmount all temporary loop devices and mount points |
|
756 | 779 | cleanup |
|
757 | 780 | |
|
758 | 781 | # Create block map file(s) of image(s) |
|
759 | 782 | if [ "$ENABLE_SPLITFS" = true ] ; then |
|
760 | 783 | # Create block map files for "bmaptool" |
|
761 | 784 | bmaptool create -o "$IMAGE_NAME-frmw.bmap" "$IMAGE_NAME-frmw.img" |
|
762 | 785 | bmaptool create -o "$IMAGE_NAME-root.bmap" "$IMAGE_NAME-root.img" |
|
763 | 786 | |
|
764 | 787 | # Image was successfully created |
|
765 | 788 | echo "$IMAGE_NAME-frmw.img ($(expr \( "${TABLE_SECTORS}" + "${FRMW_SECTORS}" \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created" |
|
766 | 789 | echo "$IMAGE_NAME-root.img ($(expr \( "${TABLE_SECTORS}" + "${ROOT_SECTORS}" \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created" |
|
767 | 790 | else |
|
768 | 791 | # Create block map file for "bmaptool" |
|
769 | 792 | bmaptool create -o "$IMAGE_NAME.bmap" "$IMAGE_NAME.img" |
|
770 | 793 | |
|
771 | 794 | # Image was successfully created |
|
772 | 795 | echo "$IMAGE_NAME.img ($(expr \( "${TABLE_SECTORS}" + "${FRMW_SECTORS}" + "${ROOT_SECTORS}" \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created" |
|
773 | 796 | |
|
774 | 797 | # Create qemu qcow2 image |
|
775 | 798 | if [ "$ENABLE_QEMU" = true ] ; then |
|
776 | 799 | QEMU_IMAGE=${QEMU_IMAGE:=${BASEDIR}/qemu/${DATE}-${KERNEL_ARCH}-CURRENT-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}} |
|
777 | 800 | QEMU_SIZE=16G |
|
778 | 801 | |
|
779 | 802 | qemu-img convert -f raw -O qcow2 "$IMAGE_NAME".img "$QEMU_IMAGE".qcow2 |
|
780 | 803 | qemu-img resize "$QEMU_IMAGE".qcow2 $QEMU_SIZE |
|
781 | 804 | |
|
782 | 805 | echo "$QEMU_IMAGE.qcow2 ($QEMU_SIZE)" ": successfully created" |
|
783 | 806 | fi |
|
784 | 807 | fi |
@@ -1,3 +1,4 | |||
|
1 | 1 | # Configuration template file used by rpi23-gen-image.sh |
|
2 | RPI_MODEL=2 | |
|
2 | 3 | RELEASE=stretch |
|
3 | 4 | BUILD_KERNEL=true |
General Comments 0
Vous devez vous connecter pour laisser un commentaire.
Se connecter maintenant