##// END OF EJS Templates
RIP4, new kernel param, ...
Unknown -
r664:a9252ff50ac6
parent child
Show More
@@ -1,553 +1,565
1 1 # rpi23-gen-image
2 2 ## Introduction
3 3 `rpi23-gen-image.sh` is an advanced Debian Linux bootstrapping shell script for generating Debian OS images for all Raspberry Pi computers. The script at this time supports the bootstrapping of the Debian (armhf/armel) releases `stretch` and `buster`. Raspberry Pi 0/1/2/3 images are generated for 32-bit mode only. Raspberry Pi 3 supports 64-bit images that can be generated using custom configuration parameters (```templates/rpi3-stretch-arm64-4.14.y```).
4 4
5 5 ## Build dependencies
6 6 The following list of Debian packages must be installed on the build system because they are essentially required for the bootstrapping process. The script will check if all required packages are installed and missing packages will be installed automatically if confirmed by the user.
7 7
8 8 ```debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git bc psmisc dbus sudo```
9 9
10 10 It is recommended to configure the `rpi23-gen-image.sh` script to build and install the latest Raspberry Pi Linux kernel. For the Raspberry 3 this is mandatory. Kernel compilation and linking will be performed on the build system using an ARM (armhf/armel) cross-compiler toolchain.
11 11
12 12 The script has been tested using the default `crossbuild-essential-armhf` and `crossbuild-essential-armel` toolchain meta packages on Debian Linux `stretch` build systems. Please check the [Debian CrossToolchains Wiki](https://wiki.debian.org/CrossToolchains) for further information.
13 13
14 14 ## Command-line parameters
15 15 The script accepts certain command-line parameters to enable or disable specific OS features, services and configuration settings. These parameters are passed to the `rpi23-gen-image.sh` script via (simple) shell-variables. Unlike environment shell-variables (simple) shell-variables are defined at the beginning of the command-line call of the `rpi23-gen-image.sh` script.
16 16
17 17 ##### Command-line examples:
18 18 ```shell
19 19 ENABLE_UBOOT=true ./rpi23-gen-image.sh
20 20 ENABLE_CONSOLE=false ENABLE_IPV6=false ./rpi23-gen-image.sh
21 21 ENABLE_WM=xfce4 ENABLE_FBTURBO=true ENABLE_MINBASE=true ./rpi23-gen-image.sh
22 22 ENABLE_HARDNET=true ENABLE_IPTABLES=true /rpi23-gen-image.sh
23 23 APT_SERVER=ftp.de.debian.org APT_PROXY="http://127.0.0.1:3142/" ./rpi23-gen-image.sh
24 24 ENABLE_MINBASE=true ./rpi23-gen-image.sh
25 25 BUILD_KERNEL=true ENABLE_MINBASE=true ENABLE_IPV6=false ./rpi23-gen-image.sh
26 26 BUILD_KERNEL=true KERNELSRC_DIR=/tmp/linux ./rpi23-gen-image.sh
27 27 ENABLE_MINBASE=true ENABLE_REDUCE=true ENABLE_MINGPU=true BUILD_KERNEL=true ./rpi23-gen-image.sh
28 28 ENABLE_CRYPTFS=true CRYPTFS_PASSWORD=changeme EXPANDROOT=false ENABLE_MINBASE=true ENABLE_REDUCE=true ENABLE_MINGPU=true BUILD_KERNEL=true ./rpi23-gen-image.sh
29 29 RELEASE=stretch BUILD_KERNEL=true ./rpi23-gen-image.sh
30 30 RPI_MODEL=3 ENABLE_WIRELESS=true ENABLE_MINBASE=true BUILD_KERNEL=true ./rpi23-gen-image.sh
31 31 RELEASE=stretch RPI_MODEL=3 ENABLE_WIRELESS=true ENABLE_MINBASE=true BUILD_KERNEL=true ./rpi23-gen-image.sh
32 32 ```
33 33
34 34 ## Configuration template files
35 35 To avoid long lists of command-line parameters and to help to store the favourite parameter configurations the `rpi23-gen-image.sh` script supports so called configuration template files (`CONFIG_TEMPLATE`=template). These are simple text files located in the `./templates` directory that contain the list of configuration parameters that will be used. New configuration template files can be added to the `./templates` directory.
36 36
37 37 ##### Command-line examples:
38 38 ```shell
39 39 CONFIG_TEMPLATE=rpi3stretch ./rpi23-gen-image.sh
40 40 CONFIG_TEMPLATE=rpi2stretch ./rpi23-gen-image.sh
41 41 ```
42 42
43 43 ## Supported parameters and settings
44 44 #### APT settings:
45 45 ##### `APT_SERVER`="ftp.debian.org"
46 46 Set Debian packages server address. Choose a server from the list of Debian worldwide [mirror sites](https://www.debian.org/mirror/list). Using a nearby server will probably speed-up all required downloads within the bootstrapping process.
47 47
48 48 ##### `APT_PROXY`=""
49 49 Set Proxy server address. Using a local Proxy-Cache like `apt-cacher-ng` will speed-up the bootstrapping process because all required Debian packages will only be downloaded from the Debian mirror site once. If `apt-cacher-ng` is running on default `http://127.0.0.1:3142` it is autodetected and you don't need to set this.
50 50
51 51 ##### `KEEP_APT_PROXY`=false
52 52 Keep the APT_PROXY settings used in the bootsrapping process in the generated image.
53 53
54 54 ##### `APT_INCLUDES`=""
55 55 A comma-separated list of additional packages to be installed by debootstrap during bootstrapping.
56 56
57 57 ##### `APT_INCLUDES_LATE`=""
58 58 A comma-separated list of additional packages to be installed by apt after bootstrapping and after APT sources are set up. This is useful for packages with pre-depends, which debootstrap do not handle well.
59 59
60 60 ---
61 61
62 62 #### General system settings:
63 63 ##### `SET_ARCH`=32
64 64 Set Architecture to default 32bit. If you want to compile 64-bit (RPI3 or RPI3+) set it to `64`. This option will set every needed cross-compiler or board specific option for a successful build.
65 65
66 66 ##### `RPI_MODEL`=2
67 67 Specify the target Raspberry Pi hardware model. The script at this time supports the following Raspberry Pi models:
68 68 - `0` = Raspberry Pi 0 and Raspberry Pi 0 W
69 69 - `1` = Raspberry Pi 1 model A and B
70 70 - `1P` = Raspberry Pi 1 model B+ and A+
71 71 - `2` = Raspberry Pi 2 model B
72 72 - `3` = Raspberry Pi 3 model B
73 73 - `3P` = Raspberry Pi 3 model B+
74 74
75 75 ##### `RELEASE`="buster"
76 76 Set the desired Debian release name. The script at this time supports the bootstrapping of the Debian releases `stretch` and `buster`.
77 77
78 78 ##### `RELEASE_ARCH`="armhf"
79 79 Set the desired Debian release architecture.
80 80
81 81 ##### `HOSTNAME`="rpi$RPI_MODEL-$RELEASE"
82 82 Set system hostname. It's recommended that the hostname is unique in the corresponding subnet.
83 83
84 84 ##### `PASSWORD`="raspberry"
85 85 Set system `root` password. It's **STRONGLY** recommended that you choose a custom password.
86 86
87 87 ##### `USER_PASSWORD`="raspberry"
88 88 Set password for the created non-root user `USER_NAME`=pi. Ignored if `ENABLE_USER`=false. It's **STRONGLY** recommended that you choose a custom password.
89 89
90 90 ##### `DEFLOCAL`="en_US.UTF-8"
91 91 Set default system locale. This setting can also be changed inside the running OS using the `dpkg-reconfigure locales` command. Please note that on using this parameter the script will automatically install the required packages `locales`, `keyboard-configuration` and `console-setup`.
92 92
93 93 ##### `TIMEZONE`="Europe/Berlin"
94 94 Set default system timezone. All available timezones can be found in the `/usr/share/zoneinfo/` directory. This setting can also be changed inside the running OS using the `dpkg-reconfigure tzdata` command.
95 95
96 96 ##### `EXPANDROOT`=true
97 97 Expand the root partition and filesystem automatically on first boot.
98 98
99 99 ##### `ENABLE_DPHYSSWAP`=true
100 100 Enable swap. The size of the swapfile is chosen relative to the size of the root partition. It'll use the `dphys-swapfile` package for that.
101 101
102 102 ##### `ENABLE_QEMU`=false
103 103 Generate kernel (`vexpress_defconfig`), file system image (`qcow2`) and DTB files that can be used for QEMU full system emulation (`vexpress-A15`). The output files are stored in the `$(pwd)/images/qemu` directory. You can find more information about running the generated image in the QEMU section of this readme file.
104 104
105 105 ---
106 106
107 107 #### Keyboard settings:
108 108 These options are used to configure keyboard layout in `/etc/default/keyboard` for console and Xorg. These settings can also be changed inside the running OS using the `dpkg-reconfigure keyboard-configuration` command.
109 109
110 110 ##### `XKB_MODEL`=""
111 111 Set the name of the model of your keyboard type.
112 112
113 113 ##### `XKB_LAYOUT`=""
114 114 Set the supported keyboard layout(s).
115 115
116 116 ##### `XKB_VARIANT`=""
117 117 Set the supported variant(s) of the keyboard layout(s).
118 118
119 119 ##### `XKB_OPTIONS`=""
120 120 Set extra xkb configuration options.
121 121
122 122 ---
123 123
124 124 #### Networking settings (DHCP):
125 125 This parameter is used to set up networking auto-configuration in `/etc/systemd/network/eth.network`. The default location of network configuration files in the Debian `stretch` release was changed to `/lib/systemd/network`.`
126 126
127 127 ##### `ENABLE_DHCP`=true
128 128 Set the system to use DHCP. This requires an DHCP server.
129 129
130 130 ---
131 131
132 132 #### Networking settings (static):
133 133 These parameters are used to set up a static networking configuration in `/etc/systemd/network/eth.network`. The following static networking parameters are only supported if `ENABLE_DHCP` was set to `false`. The default location of network configuration files in the Debian `stretch` release was changed to `/lib/systemd/network`.
134 134
135 135 ##### `NET_ADDRESS`=""
136 136 Set a static IPv4 or IPv6 address and its prefix, separated by "/", eg. "192.169.0.3/24".
137 137
138 138 ##### `NET_GATEWAY`=""
139 139 Set the IP address for the default gateway.
140 140
141 141 ##### `NET_DNS_1`=""
142 142 Set the IP address for the first DNS server.
143 143
144 144 ##### `NET_DNS_2`=""
145 145 Set the IP address for the second DNS server.
146 146
147 147 ##### `NET_DNS_DOMAINS`=""
148 148 Set the default DNS search domains to use for non fully qualified hostnames.
149 149
150 150 ##### `NET_NTP_1`=""
151 151 Set the IP address for the first NTP server.
152 152
153 153 ##### `NET_NTP_2`=""
154 154 Set the IP address for the second NTP server.
155 155
156 156 ---
157 157
158 158 #### Basic system features:
159 159 ##### `ENABLE_CONSOLE`=true
160 160 Enable serial console interface. Recommended if no monitor or keyboard is connected to the RPi2/3. In case of problems fe. if the network (auto) configuration failed - the serial console can be used to access the system. On RPI `0` `3` `3P` the CPU speed is locked at lowest speed.
161 161
162 162 ##### `ENABLE_PRINTK`=false
163 163 Enables printing kernel messages to konsole. printk is `3 4 1 3` as in raspbian.
164 164
165 165 ##### `ENABLE_BLUETOOTH`=false
166 166 Enable onboard Bluetooth interface on the RPi0/3/3P. See: [Configuring the GPIO serial port on Raspbian jessie and stretch](https://spellfoundry.com/2016/05/29/configuring-gpio-serial-port-raspbian-jessie-including-pi-3/).
167 167
168 168 ##### `ENABLE_MINIUART_OVERLAY`=false
169 169 Enable Bluetooth to use this. Adds overlay to swap UART0 with UART1. Enabling (slower) Bluetooth and full speed serial console. - RPI `0` `3` `3P` have a fast `hardware UART0` (ttyAMA0) and a `mini UART1` (ttyS0)! RPI `1` `1P` `2` only have a `hardware UART0`. `UART0` is considered better, because is faster and more stable than `mini UART1`. By default the Bluetooth modem is mapped to the `hardware UART0` and `mini UART` is used for console. The `mini UART` is a problem for the serial console, because its baudrate depends on the CPU frequency, which is changing on runtime. Resulting in a volatile baudrate and thus in an unusable serial console.
170 170
171 171 ##### `ENABLE_TURBO`=false
172 172 Enable Turbo mode. This setting locks cpu at the highest frequency. As setting ENABLE_CONSOLE=true locks RPI to lowest CPU speed, this is can be used additionally to lock cpu hat max speed. Need a good power supply and probably cooling for the Raspberry PI.
173 173
174 174 ##### `ENABLE_I2C`=false
175 175 Enable I2C interface on the RPi 0/1/2/3. Please check the [RPi 0/1/2/3 pinout diagrams](https://elinux.org/RPi_Low-level_peripherals) to connect the right GPIO pins.
176 176
177 177 ##### `ENABLE_SPI`=false
178 178 Enable SPI interface on the RPi 0/1/2/3. Please check the [RPi 0/1/2/3 pinout diagrams](https://elinux.org/RPi_Low-level_peripherals) to connect the right GPIO pins.
179 179
180 180 ##### `ENABLE_IPV6`=true
181 181 Enable IPv6 support. The network interface configuration is managed via systemd-networkd.
182 182
183 183 ##### `ENABLE_SSHD`=true
184 184 Install and enable OpenSSH service. The default configuration of the service doesn't allow `root` to login. Please use the user `pi` instead and `su -` or `sudo` to execute commands as root.
185 185
186 186 ##### `ENABLE_NONFREE`=false
187 187 Allow the installation of non-free Debian packages that do not comply with the DFSG. This is required to install closed-source firmware binary blobs.
188 188
189 189 ##### `ENABLE_WIRELESS`=false
190 190 Download and install the [closed-source firmware binary blob](https://github.com/RPi-Distro/firmware-nonfree/raw/master/brcm) that is required to run the internal wireless interface of the Raspberry Pi model `3`. This parameter is ignored if the specified `RPI_MODEL` is not `3`.
191 191
192 192 ##### `ENABLE_RSYSLOG`=true
193 193 If set to false, disable and uninstall rsyslog (so logs will be available only in journal files)
194 194
195 195 ##### `ENABLE_SOUND`=true
196 196 Enable sound hardware and install Advanced Linux Sound Architecture.
197 197
198 198 ##### `ENABLE_HWRANDOM`=true
199 199 Enable Hardware Random Number Generator. Strong random numbers are important for most network-based communications that use encryption. It's recommended to be enabled.
200 200
201 201 ##### `ENABLE_MINGPU`=false
202 202 Minimize the amount of shared memory reserved for the GPU. It doesn't seem to be possible to fully disable the GPU.
203 203
204 204 ##### `ENABLE_DBUS`=true
205 205 Install and enable D-Bus message bus. Please note that systemd should work without D-bus but it's recommended to be enabled.
206 206
207 207 ##### `ENABLE_XORG`=false
208 208 Install Xorg open-source X Window System.
209 209
210 210 ##### `ENABLE_WM`=""
211 211 Install a user-defined window manager for the X Window System. To make sure all X related package dependencies are getting installed `ENABLE_XORG` will automatically get enabled if `ENABLE_WM` is used. The `rpi23-gen-image.sh` script has been tested with the following list of window managers: `blackbox`, `openbox`, `fluxbox`, `jwm`, `dwm`, `xfce4`, `awesome`.
212 212
213 213 ##### `ENABLE_SYSVINIT`=false
214 214 Support for halt,init,poweroff,reboot,runlevel,shutdown,telinit commands
215 215
216 216 ---
217 217
218 218 #### Advanced system features:
219 219 ##### `ENABLE_KEYGEN`=false
220 220 Recover your lost codec license
221 221 ##### `ENABLE_SYSTEMDSWAP`=false
222 222 Enables [Systemd-swap service](https://github.com/Nefelim4ag/systemd-swap). Usefull if `KERNEL_ZSWAP` is enabled.
223 223
224 224 ##### `ENABLE_MINBASE`=false
225 225 Use debootstrap script variant `minbase` which only includes essential packages and apt. This will reduce the disk usage by about 65 MB.
226 226
227 227 ##### `ENABLE_REDUCE`=false
228 228 Reduce the disk space usage by deleting packages and files. See `REDUCE_*` parameters for detailed information.
229 229
230 230 ##### `ENABLE_UBOOT`=false
231 231 Replace the default RPi 0/1/2/3 second stage bootloader (bootcode.bin) with [U-Boot bootloader](https://git.denx.de/?p=u-boot.git;a=summary). U-Boot can boot images via the network using the BOOTP/TFTP protocol.
232 232
233 233 ##### `UBOOTSRC_DIR`=""
234 234 Path to a directory (`u-boot`) of [U-Boot bootloader sources](https://git.denx.de/?p=u-boot.git;a=summary) that will be copied, configured, build and installed inside the chroot.
235 235
236 236 ##### `ENABLE_FBTURBO`=false
237 237 Install and enable the [hardware accelerated Xorg video driver](https://github.com/ssvb/xf86-video-fbturbo) `fbturbo`. Please note that this driver is currently limited to hardware accelerated window moving and scrolling.
238 238
239 239 ##### `FBTURBOSRC_DIR`=""
240 240 Path to a directory (`xf86-video-fbturbo`) of [hardware accelerated Xorg video driver sources](https://github.com/ssvb/xf86-video-fbturbo) that will be copied, configured, build and installed inside the chroot.
241 241
242 242 ##### `ENABLE_VIDEOCORE`=false
243 243 Install and enable the [ARM side libraries for interfacing to Raspberry Pi GPU](https://github.com/raspberrypi/userland) `vcgencmd`. Please note that this driver is currently limited to hardware accelerated window moving and scrolling.
244 244
245 245 ##### `VIDEOCORESRC_DIR`=""
246 246 Path to a directory (`userland`) of [ARM side libraries for interfacing to Raspberry Pi GPU](https://github.com/raspberrypi/userland) that will be copied, configured, build and installed inside the chroot.
247 247
248 248 ##### `ENABLE_NEXMON`=false
249 249 Install and enable the [Source code for a C-based firmware patching framework for Broadcom/Cypress WiFi chips that enables you to write your own firmware patches, for example, to enable monitor mode with radiotap headers and frame injection](https://github.com/seemoo-lab/nexmon.git).
250 250
251 251 ##### `NEXMONSRC_DIR`=""
252 252 Path to a directory (`nexmon`) of [Source code for ARM side libraries for interfacing to Raspberry Pi GPU](https://github.com/raspberrypi/userland) that will be copied, configured, build and installed inside the chroot.
253 253
254 254 ##### `ENABLE_IPTABLES`=false
255 255 Enable iptables IPv4/IPv6 firewall. Simplified ruleset: Allow all outgoing connections. Block all incoming connections except to OpenSSH service.
256 256
257 257 ##### `ENABLE_USER`=true
258 258 Create non-root user with password `USER_PASSWORD`=raspberry. Unless overridden with `USER_NAME`=user, the username will be `pi`.
259 259
260 260 ##### `USER_NAME`=pi
261 261 Non-root user to create. Ignored if `ENABLE_USER`=false
262 262
263 263 ##### `ENABLE_ROOT`=false
264 264 Set root user password so root login will be enabled
265 265
266 266 ##### `ENABLE_HARDNET`=false
267 267 Enable IPv4/IPv6 network stack hardening settings.
268 268
269 269 ##### `ENABLE_SPLITFS`=false
270 270 Enable having root partition on an USB drive by creating two image files: one for the `/boot/firmware` mount point, and another for `/`.
271 271
272 272 ##### `CHROOT_SCRIPTS`=""
273 273 Path to a directory with scripts that should be run in the chroot before the image is finally built. Every executable file in this directory is run in lexicographical order.
274 274
275 275 ##### `ENABLE_INITRAMFS`=false
276 276 Create an initramfs that that will be loaded during the Linux startup process. `ENABLE_INITRAMFS` will automatically get enabled if `ENABLE_CRYPTFS`=true. This parameter will be ignored if `BUILD_KERNEL`=false.
277 277
278 278 ##### `ENABLE_IFNAMES`=true
279 279 Enable automatic assignment of predictable, stable network interface names for all local Ethernet, WLAN interfaces. This might create complex and long interface names.
280 280
281 281 ##### `ENABLE_SPLASH`=true
282 282 Enable default Raspberry Pi boot up rainbow splash screen.
283 283
284 284 ##### `ENABLE_LOGO`=true
285 285 Enable default Raspberry Pi console logo (image of four raspberries in the top left corner).
286 286
287 287 ##### `ENABLE_SILENT_BOOT`=false
288 288 Set the verbosity of console messages shown during boot up to a strict minimum.
289 289
290 290 ##### `DISABLE_UNDERVOLT_WARNINGS`=
291 291 Disable RPi2/3 under-voltage warnings and overlays. Setting the parameter to `1` will disable the warning overlay. Setting it to `2` will additionally allow RPi2/3 turbo mode when low-voltage is present.
292 292
293 293 ---
294 294
295 295 #### SSH settings:
296 296 ##### `SSH_ENABLE_ROOT`=false
297 297 Enable password-based root login via SSH. This may be a security risk with the default password set, use only in trusted environments. `ENABLE_ROOT` must be set to `true`.
298 298
299 299 ##### `SSH_DISABLE_PASSWORD_AUTH`=false
300 300 Disable password-based SSH authentication. Only public key based SSH (v2) authentication will be supported.
301 301
302 302 ##### `SSH_LIMIT_USERS`=false
303 303 Limit the users that are allowed to login via SSH. Only allow user `USER_NAME`=pi and root if `SSH_ENABLE_ROOT`=true to login. This parameter will be ignored if `dropbear` SSH is used (`REDUCE_SSHD`=true).
304 304
305 305 ##### `SSH_ROOT_PUB_KEY`=""
306 306 Add SSH (v2) public key(s) from specified file to `authorized_keys` file to enable public key based SSH (v2) authentication of user `root`. The specified file can also contain multiple SSH (v2) public keys. SSH protocol version 1 is not supported. `ENABLE_ROOT` **and** `SSH_ENABLE_ROOT` must be set to `true`.
307 307
308 308 ##### `SSH_USER_PUB_KEY`=""
309 309 Add SSH (v2) public key(s) from specified file to `authorized_keys` file to enable public key based SSH (v2) authentication of user `USER_NAME`=pi. The specified file can also contain multiple SSH (v2) public keys. SSH protocol version 1 is not supported.
310 310
311 311 ---
312 312
313 313 #### Kernel compilation:
314 314 ##### `BUILD_KERNEL`=true
315 315 Build and install the latest RPi 0/1/2/3 Linux kernel. Currently only the default RPi 0/1/2/3 kernel configuration is used.
316 316
317 317 ##### `CROSS_COMPILE`="arm-linux-gnueabihf-"
318 318 This sets the cross-compile environment for the compiler.
319 319
320 ##### `KERNEL_BTRFS`="false"
321 enable btrfs kernel support
322
323 ##### `KERNEL_POEHAT`="false"
324 enable Enable RPI POE HAT fan kernel support
325
326 ##### `KERNEL_NSPAWN`="false"
327 Enable per-interface network priority control - for systemd-nspawn
328
329 ##### `KERNEL_DHKEY`="true"
330 Diffie-Hellman operations on retained keys - required for >keyutils-1.6
331
320 332 ##### `KERNEL_ARCH`="arm"
321 333 This sets the kernel architecture for the compiler.
322 334
323 335 ##### `KERNEL_IMAGE`="kernel7.img"
324 336 Name of the image file in the boot partition. If not set, `KERNEL_IMAGE` will be set to "kernel8.img" automatically if building for arm64.
325 337
326 338 ##### `KERNEL_BRANCH`=""
327 339 Name of the requested branch from the GIT location for the RPi Kernel. Default is using the current default branch from the GIT site.
328 340
329 341 ##### `QEMU_BINARY`="/usr/bin/qemu-arm-static"
330 342 Sets the QEMU enviornment for the Debian archive. If not set, `QEMU_BINARY` will be set to "/usr/bin/qemu-aarch64-static" automatically if building for arm64.
331 343
332 344 ##### `KERNEL_DEFCONFIG`="bcm2709_defconfig"
333 345 Sets the default config for kernel compiling. If not set, `KERNEL_DEFCONFIG` will be set to "bcmrpi3\_defconfig" automatically if building for arm64.
334 346
335 347 ##### `KERNEL_REDUCE`=false
336 348 Reduce the size of the generated kernel by removing unwanted devices, network and filesystem drivers (experimental).
337 349
338 350 ##### `KERNEL_THREADS`=1
339 351 Number of parallel kernel building threads. If the parameter is left untouched the script will automatically determine the number of CPU cores to set the number of parallel threads to speed the kernel compilation.
340 352
341 353 ##### `KERNEL_HEADERS`=true
342 354 Install kernel headers with the built kernel.
343 355
344 356 ##### `KERNEL_MENUCONFIG`=false
345 357 Start `make menuconfig` interactive menu-driven kernel configuration. The script will continue after `make menuconfig` was terminated.
346 358
347 359 ##### `KERNEL_OLDDEFCONFIG`=false
348 360 Run `make olddefconfig` to automatically set all new kernel configuration options to their recommended default values.
349 361
350 362 ##### `KERNEL_CCACHE`=false
351 363 Compile the kernel using ccache. This speeds up kernel recompilation by caching previous compilations and detecting when the same compilation is being done again.
352 364
353 365 ##### `KERNEL_REMOVESRC`=true
354 366 Remove all kernel sources from the generated OS image after it was built and installed.
355 367
356 368 ##### `KERNELSRC_DIR`=""
357 369 Path to a directory (`linux`) of [RaspberryPi Linux kernel sources](https://github.com/raspberrypi/linux) that will be copied, configured, build and installed inside the chroot.
358 370
359 371 ##### `KERNELSRC_CLEAN`=false
360 372 Clean the existing kernel sources directory `KERNELSRC_DIR` (using `make mrproper`) after it was copied to the chroot and before the compilation of the kernel has started. This parameter will be ignored if no `KERNELSRC_DIR` was specified or if `KERNELSRC_PREBUILT`=true.
361 373
362 374 ##### `KERNELSRC_CONFIG`=true
363 375 Run `make bcm2709_defconfig` (and optional `make menuconfig`) to configure the kernel sources before building. This parameter is automatically set to `true` if no existing kernel sources directory was specified using `KERNELSRC_DIR`. This parameter is ignored if `KERNELSRC_PREBUILT`=true.
364 376
365 377 ##### `KERNELSRC_USRCONFIG`=""
366 378 Copy own config file to kernel `.config`. If `KERNEL_MENUCONFIG`=true then running after copy.
367 379
368 380 ##### `KERNELSRC_PREBUILT`=false
369 381 With this parameter set to true the script expects the existing kernel sources directory to be already successfully cross-compiled. The parameters `KERNELSRC_CLEAN`, `KERNELSRC_CONFIG`, `KERNELSRC_USRCONFIG` and `KERNEL_MENUCONFIG` are ignored and no kernel compilation tasks are performed.
370 382
371 383 ##### `RPI_FIRMWARE_DIR`=""
372 384 The directory (`firmware`) containing a local copy of the firmware from the [RaspberryPi firmware project](https://github.com/raspberrypi/firmware). Default is to download the latest firmware directly from the project.
373 385
374 386 ##### `KERNEL_DEFAULT_GOV`="ONDEMAND"
375 387 Set the default cpu governor at kernel compilation. Supported values are: PERFORMANCE POWERSAVE USERSPACE ONDEMAND CONSERVATIVE SCHEDUTIL
376 388
377 389 ##### `KERNEL_NF`=false
378 390 Enable Netfilter modules as kernel modules
379 391
380 392 ##### `KERNEL_VIRT`=false
381 393 Enable Kernel KVM support (/dev/kvm)
382 394
383 395 ##### `KERNEL_ZSWAP`=false
384 396 Enable Kernel Zswap support. Best use on high RAM load and mediocre CPU load usecases
385 397
386 398 ##### `KERNEL_BPF`=true
387 399 Allow attaching eBPF programs to a cgroup using the bpf syscall (CONFIG_BPF_SYSCALL CONFIG_CGROUP_BPF) [systemd compilations about it - File /lib/systemd/system/systemd-journald.server:36 configures an IP firewall (IPAddressDeny=all), but the local system does not support BPF/cgroup based firewalls]
388 400
389 401 ##### `KERNEL_SECURITY`=false
390 402 Enables Apparmor, integrity subsystem, auditing.
391 403
392 404 ---
393 405
394 406 #### Reduce disk usage:
395 407 The following list of parameters is ignored if `ENABLE_REDUCE`=false.
396 408
397 409 ##### `REDUCE_APT`=true
398 410 Configure APT to use compressed package repository lists and no package caching files.
399 411
400 412 ##### `REDUCE_DOC`=true
401 413 Remove all doc files (harsh). Configure APT to not include doc files on future `apt-get` package installations.
402 414
403 415 ##### `REDUCE_MAN`=true
404 416 Remove all man pages and info files (harsh). Configure APT to not include man pages on future `apt-get` package installations.
405 417
406 418 ##### `REDUCE_VIM`=false
407 419 Replace `vim-tiny` package by `levee` a tiny vim clone.
408 420
409 421 ##### `REDUCE_BASH`=false
410 422 Remove `bash` package and switch to `dash` shell (experimental).
411 423
412 424 ##### `REDUCE_HWDB`=true
413 425 Remove PCI related hwdb files (experimental).
414 426
415 427 ##### `REDUCE_SSHD`=true
416 428 Replace `openssh-server` with `dropbear`.
417 429
418 430 ##### `REDUCE_LOCALE`=true
419 431 Remove all `locale` translation files.
420 432
421 433 ---
422 434
423 435 #### Encrypted root partition:
424 436 ##### `KERNEL_CRYPTFS`=false
425 437 Enable Kernel Moduls for crypto
426 438
427 439 ##### `ENABLE_CRYPTFS`=false
428 440 Enable full system encryption with dm-crypt. Setup a fully LUKS encrypted root partition (aes-xts-plain64:sha512) and generate required initramfs. The /boot directory will not be encrypted. This parameter will be ignored if `BUILD_KERNEL`=false. `ENABLE_CRYPTFS` is experimental. SSH-to-initramfs is currently not supported but will be soon - feel free to help.
429 441
430 442 ##### `CRYPTFS_PASSWORD`=""
431 443 Set password of the encrypted root partition. This parameter is mandatory if `ENABLE_CRYPTFS`=true.
432 444
433 445 ##### `CRYPTFS_MAPPING`="secure"
434 446 Set name of dm-crypt managed device-mapper mapping.
435 447
436 448 ##### `CRYPTFS_CIPHER`="aes-xts-plain64:sha512"
437 449 Set cipher specification string. `aes-xts*` ciphers are strongly recommended.
438 450
439 451 ##### `CRYPTFS_XTSKEYSIZE`=512
440 452 Sets key size in bits. The argument has to be a multiple of 8.
441 453
442 454 ##### `CRYPTFS_DROPBEAR`=false
443 455 Enable Dropbear Initramfs support
444 456
445 457 ##### `CRYPTFS_DROPBEAR_PUBKEY`=""
446 458 Provide path to dropbear Public RSA-OpenSSH Key
447 459
448 460 ---
449 461
450 462 #### Build settings:
451 463 ##### `BASEDIR`=$(pwd)/images/${RELEASE}
452 464 Set a path to a working directory used by the script to generate an image.
453 465
454 466 ##### `IMAGE_NAME`=${BASEDIR}/${DATE}-${KERNEL_ARCH}-${KERNEL_BRANCH}-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}
455 467 Set a filename for the output file(s). Note: the script will create $IMAGE_NAME.img if `ENABLE_SPLITFS`=false or $IMAGE_NAME-frmw.img and $IMAGE_NAME-root.img if `ENABLE_SPLITFS`=true. Note 2: If the KERNEL_BRANCH is not set, the word "CURRENT" is used.
456 468
457 469 ## Understanding the script
458 470 The functions of this script that are required for the different stages of the bootstrapping are split up into single files located inside the `bootstrap.d` directory. During the bootstrapping every script in this directory gets executed in lexicographical order:
459 471
460 472 | Script | Description |
461 473 | --- | --- |
462 474 | `10-bootstrap.sh` | Debootstrap basic system |
463 475 | `11-apt.sh` | Setup APT repositories |
464 476 | `12-locale.sh` | Setup Locales and keyboard settings |
465 477 | `13-kernel.sh` | Build and install RPi 0/1/2/3 Kernel |
466 478 | `14-fstab.sh` | Setup fstab and initramfs |
467 479 | `15-rpi-config.sh` | Setup RPi 0/1/2/3 config and cmdline |
468 480 | `20-networking.sh` | Setup Networking |
469 481 | `21-firewall.sh` | Setup Firewall |
470 482 | `30-security.sh` | Setup Users and Security settings |
471 483 | `31-logging.sh` | Setup Logging |
472 484 | `32-sshd.sh` | Setup SSH and public keys |
473 485 | `41-uboot.sh` | Build and Setup U-Boot |
474 486 | `42-fbturbo.sh` | Build and Setup fbturbo Xorg driver |
475 487 | `43-videocore.sh` | Build and Setup videocore libraries |
476 488 | `50-firstboot.sh` | First boot actions |
477 489 | `99-reduce.sh` | Reduce the disk space usage |
478 490
479 491 All the required configuration files that will be copied to the generated OS image are located inside the `files` directory. It is not recommended to modify these configuration files manually.
480 492
481 493 | Directory | Description |
482 494 | --- | --- |
483 495 | `apt` | APT management configuration files |
484 496 | `boot` | Boot and RPi 0/1/2/3 configuration files |
485 497 | `dpkg` | Package Manager configuration |
486 498 | `etc` | Configuration files and rc scripts |
487 499 | `firstboot` | Scripts that get executed on first boot |
488 500 | `initramfs` | Initramfs scripts |
489 501 | `iptables` | Firewall configuration files |
490 502 | `locales` | Locales configuration |
491 503 | `modules` | Kernel Modules configuration |
492 504 | `mount` | Fstab configuration |
493 505 | `network` | Networking configuration files |
494 506 | `sysctl.d` | Swapping and Network Hardening configuration |
495 507 | `xorg` | fbturbo Xorg driver configuration |
496 508
497 509 ## Custom packages and scripts
498 510 Debian custom packages, i.e. those not in the debian repositories, can be installed by placing them in the `packages` directory. They are installed immediately after packages from the repositories are installed. Any dependencies listed in the custom packages will be downloaded automatically from the repositories. Do not list these custom packages in `APT_INCLUDES`.
499 511
500 512 Scripts in the custom.d directory will be executed after all other installation is complete but before the image is created.
501 513
502 514 ## Logging of the bootstrapping process
503 515 All information related to the bootstrapping process and the commands executed by the `rpi23-gen-image.sh` script can easily be saved into a logfile. The common shell command `script` can be used for this purpose:
504 516
505 517 ```shell
506 518 script -c 'APT_SERVER=ftp.de.debian.org ./rpi23-gen-image.sh' ./build.log
507 519 ```
508 520
509 521 ## Flashing the image file
510 522 After the image file was successfully created by the `rpi23-gen-image.sh` script it can be copied to the microSD card that will be used by the RPi 0/1/2/3 computer. This can be performed by using the tools `bmaptool` or `dd`. Using `bmaptool` will probably speed-up the copy process because `bmaptool` copies more wisely than `dd`.
511 523
512 524 ##### Flashing examples:
513 525 ```shell
514 526 bmaptool copy ./images/buster/2017-01-23-rpi3-buster.img /dev/mmcblk0
515 527 dd bs=4M if=./images/buster/2017-01-23-rpi3-buster.img of=/dev/mmcblk0
516 528 ```
517 529 If you have set `ENABLE_SPLITFS`, copy the `-frmw` image on the microSD card, then the `-root` one on the USB drive:
518 530 ```shell
519 531 bmaptool copy ./images/buster/2017-01-23-rpi3-buster-frmw.img /dev/mmcblk0
520 532 bmaptool copy ./images/buster/2017-01-23-rpi3-buster-root.img /dev/sdc
521 533 ```
522 534
523 535 ## QEMU emulation
524 536 Start QEMU full system emulation:
525 537 ```shell
526 538 qemu-system-arm -m 2048M -M vexpress-a15 -cpu cortex-a15 -kernel kernel7.img -no-reboot -dtb vexpress-v2p-ca15_a7.dtb -sd ${IMAGE_NAME}.qcow2 -append "root=/dev/mmcblk0p2 rw rootfstype=ext4 console=tty1"
527 539 ```
528 540
529 541 Start QEMU full system emulation and output to console:
530 542 ```shell
531 543 qemu-system-arm -m 2048M -M vexpress-a15 -cpu cortex-a15 -kernel kernel7.img -no-reboot -dtb vexpress-v2p-ca15_a7.dtb -sd ${IMAGE_NAME}.qcow2 -append "root=/dev/mmcblk0p2 rw rootfstype=ext4 console=ttyAMA0,115200 init=/bin/systemd" -serial stdio
532 544 ```
533 545
534 546 Start QEMU full system emulation with SMP and output to console:
535 547 ```shell
536 548 qemu-system-arm -m 2048M -M vexpress-a15 -cpu cortex-a15 -smp cpus=2,maxcpus=2 -kernel kernel7.img -no-reboot -dtb vexpress-v2p-ca15_a7.dtb -sd ${IMAGE_NAME}.qcow2 -append "root=/dev/mmcblk0p2 rw rootfstype=ext4 console=ttyAMA0,115200 init=/bin/systemd" -serial stdio
537 549 ```
538 550
539 551 Start QEMU full system emulation with cryptfs, initramfs and output to console:
540 552 ```shell
541 553 qemu-system-arm -m 2048M -M vexpress-a15 -cpu cortex-a15 -kernel kernel7.img -no-reboot -dtb vexpress-v2p-ca15_a7.dtb -sd ${IMAGE_NAME}.qcow2 -initrd "initramfs-${KERNEL_VERSION}" -append "root=/dev/mapper/secure cryptdevice=/dev/mmcblk0p2:secure rw rootfstype=ext4 console=ttyAMA0,115200 init=/bin/systemd" -serial stdio
542 554 ```
543 555
544 556 ## External links and references
545 557 * [Debian worldwide mirror sites](https://www.debian.org/mirror/list)
546 558 * [Debian Raspberry Pi 2 Wiki](https://wiki.debian.org/RaspberryPi2)
547 559 * [Debian CrossToolchains Wiki](https://wiki.debian.org/CrossToolchains)
548 560 * [Official Raspberry Pi Firmware on github](https://github.com/raspberrypi/firmware)
549 561 * [Official Raspberry Pi Kernel on github](https://github.com/raspberrypi/linux)
550 562 * [U-BOOT git repository](https://git.denx.de/?p=u-boot.git;a=summary)
551 563 * [Xorg DDX driver fbturbo](https://github.com/ssvb/xf86-video-fbturbo)
552 564 * [RPi3 Wireless interface firmware](https://github.com/RPi-Distro/firmware-nonfree/tree/master/brcm)
553 565 * [Collabora RPi2 Kernel precompiled](https://repositories.collabora.co.uk/debian/)
@@ -1,649 +1,887
1 1 #
2 2 # Build and Setup RPi2/3 Kernel
3 3 #
4 4
5 5 # Load utility functions
6 6 . ./functions.sh
7 7
8 8 # Need to use kali kernel src if nexmon is enabled
9 9 if [ "$ENABLE_NEXMON" = true ] ; then
10 10 KERNEL_URL="${KALI_KERNEL_URL}"
11 11 # Clear Branch and KernelSRC_DIR if using nexmon. Everyone will forget to clone kali kernel instead of nomrla kernel
12 12 KERNEL_BRANCH=""
13 13 KERNELSRC_DIR=""
14 14 fi
15 15
16 16 # Fetch and build latest raspberry kernel
17 17 if [ "$BUILD_KERNEL" = true ] ; then
18 18 # Setup source directory
19 19 mkdir -p "${KERNEL_DIR}"
20 20
21 21 # Copy existing kernel sources into chroot directory
22 22 if [ -n "$KERNELSRC_DIR" ] && [ -d "$KERNELSRC_DIR" ] ; then
23 23 # Copy kernel sources and include hidden files
24 24 cp -r "${KERNELSRC_DIR}/". "${KERNEL_DIR}"
25 25
26 26 # Clean the kernel sources
27 27 if [ "$KERNELSRC_CLEAN" = true ] && [ "$KERNELSRC_PREBUILT" = false ] ; then
28 28 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" mrproper
29 29 fi
30 30 else # KERNELSRC_DIR=""
31 31 # Create temporary directory for kernel sources
32 32 temp_dir=$(as_nobody mktemp -d)
33 33
34 34 # Fetch current RPi2/3 kernel sources
35 35 if [ -z "${KERNEL_BRANCH}" ] ; then
36 36 as_nobody -H git -C "${temp_dir}" clone --depth=1 "${KERNEL_URL}" linux
37 37 else
38 38 as_nobody -H git -C "${temp_dir}" clone --depth=1 --branch "${KERNEL_BRANCH}" "${KERNEL_URL}" linux
39 39 fi
40 40
41 41 # Copy downloaded kernel sources
42 42 cp -r "${temp_dir}/linux/"* "${KERNEL_DIR}"
43 43
44 44 # Remove temporary directory for kernel sources
45 45 rm -fr "${temp_dir}"
46 46
47 47 # Set permissions of the kernel sources
48 48 chown -R root:root "${R}/usr/src"
49 49 fi
50 50
51 51 # Calculate optimal number of kernel building threads
52 52 if [ "$KERNEL_THREADS" = "1" ] && [ -r /proc/cpuinfo ] ; then
53 53 KERNEL_THREADS=$(grep -c processor /proc/cpuinfo)
54 54 fi
55 55
56 56 if [ "$ENABLE_QEMU" = true ] && [ "$KERNEL_ARCH" = arm64 ]; then
57 57 cp "${KERNEL_DIR}"/arch/arm/configs/vexpress_defconfig "${KERNEL_DIR}"/arch/arm64/configs/
58 58 fi
59 59
60 60 # Configure and build kernel
61 61 if [ "$KERNELSRC_PREBUILT" = false ] ; then
62 62 # Remove device, network and filesystem drivers from kernel configuration
63 63 if [ "$KERNEL_REDUCE" = true ] ; then
64 64 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" "${KERNEL_DEFCONFIG}"
65 65 sed -i\
66 66 -e "s/\(^CONFIG_SND.*\=\).*/\1n/"\
67 67 -e "s/\(^CONFIG_SOUND.*\=\).*/\1n/"\
68 68 -e "s/\(^CONFIG_AC97.*\=\).*/\1n/"\
69 69 -e "s/\(^CONFIG_VIDEO_.*\=\).*/\1n/"\
70 70 -e "s/\(^CONFIG_MEDIA_TUNER.*\=\).*/\1n/"\
71 71 -e "s/\(^CONFIG_DVB.*\=\)[ym]/\1n/"\
72 72 -e "s/\(^CONFIG_REISERFS.*\=\).*/\1n/"\
73 73 -e "s/\(^CONFIG_JFS.*\=\).*/\1n/"\
74 74 -e "s/\(^CONFIG_XFS.*\=\).*/\1n/"\
75 75 -e "s/\(^CONFIG_GFS2.*\=\).*/\1n/"\
76 76 -e "s/\(^CONFIG_OCFS2.*\=\).*/\1n/"\
77 77 -e "s/\(^CONFIG_BTRFS.*\=\).*/\1n/"\
78 78 -e "s/\(^CONFIG_HFS.*\=\).*/\1n/"\
79 79 -e "s/\(^CONFIG_JFFS2.*\=\)[ym]/\1n/"\
80 80 -e "s/\(^CONFIG_UBIFS.*\=\).*/\1n/"\
81 81 -e "s/\(^CONFIG_SQUASHFS.*\=\)[ym]/\1n/"\
82 82 -e "s/\(^CONFIG_W1.*\=\)[ym]/\1n/"\
83 83 -e "s/\(^CONFIG_HAMRADIO.*\=\).*/\1n/"\
84 84 -e "s/\(^CONFIG_CAN.*\=\).*/\1n/"\
85 85 -e "s/\(^CONFIG_IRDA.*\=\).*/\1n/"\
86 86 -e "s/\(^CONFIG_BT_.*\=\).*/\1n/"\
87 87 -e "s/\(^CONFIG_WIMAX.*\=\)[ym]/\1n/"\
88 88 -e "s/\(^CONFIG_6LOWPAN.*\=\).*/\1n/"\
89 89 -e "s/\(^CONFIG_IEEE802154.*\=\).*/\1n/"\
90 90 -e "s/\(^CONFIG_NFC.*\=\).*/\1n/"\
91 91 -e "s/\(^CONFIG_FB_TFT=.*\=\).*/\1n/"\
92 92 -e "s/\(^CONFIG_TOUCHSCREEN.*\=\).*/\1n/"\
93 93 -e "s/\(^CONFIG_USB_GSPCA_.*\=\).*/\1n/"\
94 94 -e "s/\(^CONFIG_DRM.*\=\).*/\1n/"\
95 95 "${KERNEL_DIR}/.config"
96 96 fi
97 97
98 98 if [ "$KERNELSRC_CONFIG" = true ] ; then
99 99 # Load default raspberry kernel configuration
100 100 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" "${KERNEL_DEFCONFIG}"
101 101
102 102 #Switch to KERNELSRC_DIR so we can use set_kernel_config
103 103 cd "${KERNEL_DIR}" || exit
104 104
105 # Enable RPI POE HAT fan
106 if [ "$KERNEL_POEHAT" = true ]; then
107 set_kernel_config CONFIG_SENSORS_RPI_POE_FAN m
108 fi
109
110 # Enable per-interface network priority control
111 # (for systemd-nspawn)
112 if [ "$KERNEL_NSPAN" = true ]; then
113 set_kernel_config CONFIG_CGROUP_NET_PRIO y
114 fi
115
116 # Compile in BTRFS
117 if [ "$KERNEL_BTRFS" = true ]; then
118 set_kernel_config CONFIG_BTRFS_FS y
119 set_kernel_config CONFIG_BTRFS_FS_POSIX_ACL y
120 set_kernel_config CONFIG_BTRFS_FS_REF_VERIFY y
121 fi
122
123 # Diffie-Hellman operations on retained keys
124 # (required for >keyutils-1.6)
125 if [ "$KERNEL_DHKEY" = true ]; then
126 set_kernel_config CONFIG_KEY_DH_OPERATIONS y
127 fi
128
105 129 if [ "$KERNEL_ARCH" = arm64 ] && [ "$ENABLE_QEMU" = false ]; then
130 # Mask this temporarily during switch to rpi-4.19.y
106 131 #Fix SD_DRIVER upstream and downstream mess in 64bit RPIdeb_config
107 132 # use correct driver MMC_BCM2835_MMC instead of MMC_BCM2835_SDHOST - see https://www.raspberrypi.org/forums/viewtopic.php?t=210225
108 set_kernel_config CONFIG_MMC_BCM2835 n
109 set_kernel_config CONFIG_MMC_SDHCI_IPROC n
110 set_kernel_config CONFIG_USB_DWC2 n
111 sed -i "s|depends on MMC_BCM2835_MMC && MMC_BCM2835_DMA|depends on MMC_BCM2835_MMC|" "${KERNEL_DIR}"/drivers/mmc/host/Kconfig
133 #set_kernel_config CONFIG_MMC_BCM2835 n
134 #set_kernel_config CONFIG_MMC_SDHCI_IPROC n
135 #set_kernel_config CONFIG_USB_DWC2 n
136 #sed -i "s|depends on MMC_BCM2835_MMC && MMC_BCM2835_DMA|depends on MMC_BCM2835_MMC|" "${KERNEL_DIR}"/drivers/mmc/host/Kconfig
112 137
113 138 #VLAN got disabled without reason in arm64bit
114 139 set_kernel_config CONFIG_IPVLAN m
115 140 fi
116 141
117 142 # enable ZSWAP see https://askubuntu.com/a/472227 or https://wiki.archlinux.org/index.php/zswap
118 143 if [ "$KERNEL_ZSWAP" = true ] ; then
119 144 set_kernel_config CONFIG_ZPOOL y
120 145 set_kernel_config CONFIG_ZSWAP y
121 146 set_kernel_config CONFIG_ZBUD y
122 147 set_kernel_config CONFIG_Z3FOLD y
123 148 set_kernel_config CONFIG_ZSMALLOC y
124 149 set_kernel_config CONFIG_PGTABLE_MAPPING y
125 set_kernel_config CONFIG_LZO_COMPRESS y
126
150 set_kernel_config CONFIG_LZO_COMPRESS y
127 151 fi
152
153 if [ RPI_MODEL = 4 ] ; then
154 # Following are set in current 32-bit LPAE kernel
155 set_kernel_config CONFIG_CGROUP_PIDS y
156 set_kernel_config CONFIG_NET_IPVTI m
157 set_kernel_config CONFIG_NF_TABLES_SET m
158 set_kernel_config CONFIG_NF_TABLES_INET y
159 set_kernel_config CONFIG_NF_TABLES_NETDEV y
160 set_kernel_config CONFIG_NF_FLOW_TABLE m
161 set_kernel_config CONFIG_NFT_FLOW_OFFLOAD m
162 set_kernel_config CONFIG_NFT_CONNLIMIT m
163 set_kernel_config CONFIG_NFT_TUNNEL m
164 set_kernel_config CONFIG_NFT_OBJREF m
165 set_kernel_config CONFIG_NFT_FIB_IPV4 m
166 set_kernel_config CONFIG_NFT_FIB_IPV6 m
167 set_kernel_config CONFIG_NFT_FIB_INET m
168 set_kernel_config CONFIG_NFT_SOCKET m
169 set_kernel_config CONFIG_NFT_OSF m
170 set_kernel_config CONFIG_NFT_TPROXY m
171 set_kernel_config CONFIG_NF_DUP_NETDEV m
172 set_kernel_config CONFIG_NFT_DUP_NETDEV m
173 set_kernel_config CONFIG_NFT_FWD_NETDEV m
174 set_kernel_config CONFIG_NFT_FIB_NETDEV m
175 set_kernel_config CONFIG_NF_FLOW_TABLE_INET m
176 set_kernel_config CONFIG_NF_FLOW_TABLE m
177 set_kernel_config CONFIG_NETFILTER_XT_MATCH_SOCKET m
178 set_kernel_config CONFIG_NFT_CHAIN_ROUTE_IPV6 m
179 set_kernel_config CONFIG_NFT_CHAIN_NAT_IPV6 m
180 set_kernel_config CONFIG_NFT_MASQ_IPV6 m
181 set_kernel_config CONFIG_NFT_REDIR_IPV6 m
182 set_kernel_config CONFIG_NFT_REJECT_IPV6 m
183 set_kernel_config CONFIG_NFT_DUP_IPV6 m
184 set_kernel_config CONFIG_NFT_FIB_IPV6 m
185 set_kernel_config CONFIG_NF_FLOW_TABLE_IPV6 m
186 set_kernel_config CONFIG_NF_TABLES_BRIDGE m
187 set_kernel_config CONFIG_NFT_BRIDGE_REJECT m
188 set_kernel_config CONFIG_NF_LOG_BRIDGE m
189 set_kernel_config CONFIG_MT76_CORE m
190 set_kernel_config CONFIG_MT76_LEDS m
191 set_kernel_config CONFIG_MT76_USB m
192 set_kernel_config CONFIG_MT76x2_COMMON m
193 set_kernel_config CONFIG_MT76x0U m
194 set_kernel_config CONFIG_MT76x2U m
195 set_kernel_config CONFIG_TOUCHSCREEN_ILI210X m
196 set_kernel_config CONFIG_BCM_VC_SM m
197 set_kernel_config CONFIG_BCM2835_SMI_DEV m
198 set_kernel_config CONFIG_RPIVID_MEM m
199 set_kernel_config CONFIG_HW_RANDOM_BCM2835 y
200 set_kernel_config CONFIG_TCG_TPM m
201 set_kernel_config CONFIG_HW_RANDOM_TPM y
202 set_kernel_config CONFIG_TCG_TIS m
203 set_kernel_config CONFIG_TCG_TIS_SPI m
204 set_kernel_config CONFIG_I2C_MUX m
205 set_kernel_config CONFIG_I2C_MUX_GPMUX m
206 set_kernel_config CONFIG_I2C_MUX_PCA954x m
207 set_kernel_config CONFIG_SPI_GPIO m
208 set_kernel_config CONFIG_BATTERY_MAX17040 m
209 set_kernel_config CONFIG_SENSORS_GPIO_FAN m
210 set_kernel_config CONFIG_SENSORS_RASPBERRYPI_HWMON m
211 set_kernel_config CONFIG_BCM2835_THERMAL y
212 set_kernel_config CONFIG_RC_CORE y
213 set_kernel_config CONFIG_RC_MAP y
214 set_kernel_config CONFIG_LIRC y
215 set_kernel_config CONFIG_RC_DECODERS y
216 set_kernel_config CONFIG_IR_NEC_DECODER m
217 set_kernel_config CONFIG_IR_RC5_DECODER m
218 set_kernel_config CONFIG_IR_RC6_DECODER m
219 set_kernel_config CONFIG_IR_JVC_DECODER m
220 set_kernel_config CONFIG_IR_SONY_DECODER m
221 set_kernel_config CONFIG_IR_SANYO_DECODER m
222 set_kernel_config CONFIG_IR_SHARP_DECODER m
223 set_kernel_config CONFIG_IR_MCE_KBD_DECODER m
224 set_kernel_config CONFIG_IR_XMP_DECODER m
225 set_kernel_config CONFIG_IR_IMON_DECODER m
226 set_kernel_config CONFIG_RC_DEVICES y
227 set_kernel_config CONFIG_RC_ATI_REMOTE m
228 set_kernel_config CONFIG_IR_IMON m
229 set_kernel_config CONFIG_IR_MCEUSB m
230 set_kernel_config CONFIG_IR_REDRAT3 m
231 set_kernel_config CONFIG_IR_STREAMZAP m
232 set_kernel_config CONFIG_IR_IGUANA m
233 set_kernel_config CONFIG_IR_TTUSBIR m
234 set_kernel_config CONFIG_RC_LOOPBACK m
235 set_kernel_config CONFIG_IR_GPIO_CIR m
236 set_kernel_config CONFIG_IR_GPIO_TX m
237 set_kernel_config CONFIG_IR_PWM_TX m
238 set_kernel_config CONFIG_VIDEO_V4L2_SUBDEV_API y
239 set_kernel_config CONFIG_VIDEO_AU0828_RC y
240 set_kernel_config CONFIG_VIDEO_CX231XX m
241 set_kernel_config CONFIG_VIDEO_CX231XX_RC y
242 set_kernel_config CONFIG_VIDEO_CX231XX_ALSA m
243 set_kernel_config CONFIG_VIDEO_CX231XX_DVB m
244 set_kernel_config CONFIG_VIDEO_TM6000 m
245 set_kernel_config CONFIG_VIDEO_TM6000_ALSA m
246 set_kernel_config CONFIG_VIDEO_TM6000_DVB m
247 set_kernel_config CONFIG_DVB_USB m
248 set_kernel_config CONFIG_DVB_USB_DIB3000MC m
249 set_kernel_config CONFIG_DVB_USB_A800 m
250 set_kernel_config CONFIG_DVB_USB_DIBUSB_MB m
251 set_kernel_config CONFIG_DVB_USB_DIBUSB_MB_FAULTY y
252 set_kernel_config CONFIG_DVB_USB_DIBUSB_MC m
253 set_kernel_config CONFIG_DVB_USB_DIB0700 m
254 set_kernel_config CONFIG_DVB_USB_UMT_010 m
255 set_kernel_config CONFIG_DVB_USB_CXUSB m
256 set_kernel_config CONFIG_DVB_USB_M920X m
257 set_kernel_config CONFIG_DVB_USB_DIGITV m
258 set_kernel_config CONFIG_DVB_USB_VP7045 m
259 set_kernel_config CONFIG_DVB_USB_VP702X m
260 set_kernel_config CONFIG_DVB_USB_GP8PSK m
261 set_kernel_config CONFIG_DVB_USB_NOVA_T_USB2 m
262 set_kernel_config CONFIG_DVB_USB_TTUSB2 m
263 set_kernel_config CONFIG_DVB_USB_DTT200U m
264 set_kernel_config CONFIG_DVB_USB_OPERA1 m
265 set_kernel_config CONFIG_DVB_USB_AF9005 m
266 set_kernel_config CONFIG_DVB_USB_AF9005_REMOTE m
267 set_kernel_config CONFIG_DVB_USB_PCTV452E m
268 set_kernel_config CONFIG_DVB_USB_DW2102 m
269 set_kernel_config CONFIG_DVB_USB_CINERGY_T2 m
270 set_kernel_config CONFIG_DVB_USB_DTV5100 m
271 set_kernel_config CONFIG_DVB_USB_AZ6027 m
272 set_kernel_config CONFIG_DVB_USB_TECHNISAT_USB2 m
273 set_kernel_config CONFIG_DVB_USB_AF9015 m
274 set_kernel_config CONFIG_DVB_USB_LME2510 m
275 set_kernel_config CONFIG_DVB_USB_RTL28XXU m
276 set_kernel_config CONFIG_VIDEO_EM28XX_RC m
277 set_kernel_config CONFIG_SMS_SIANO_RC m
278 set_kernel_config CONFIG_VIDEO_IR_I2C m
279 set_kernel_config CONFIG_VIDEO_ADV7180 m
280 set_kernel_config CONFIG_VIDEO_TC358743 m
281 set_kernel_config CONFIG_VIDEO_OV5647 m
282 set_kernel_config CONFIG_DVB_M88DS3103 m
283 set_kernel_config CONFIG_DVB_AF9013 m
284 set_kernel_config CONFIG_DVB_RTL2830 m
285 set_kernel_config CONFIG_DVB_RTL2832 m
286 set_kernel_config CONFIG_DVB_SI2168 m
287 set_kernel_config CONFIG_DVB_GP8PSK_FE m
288 set_kernel_config CONFIG_DVB_USB m
289 set_kernel_config CONFIG_DVB_LGDT3306A m
290 set_kernel_config CONFIG_FB_SIMPLE y
291 set_kernel_config CONFIG_SND_BCM2708_SOC_IQAUDIO_CODEC m
292 set_kernel_config CONFIG_SND_BCM2708_SOC_I_SABRE_Q2M m
293 set_kernel_config CONFIG_SND_AUDIOSENSE_PI m
294 set_kernel_config CONFIG_SND_SOC_AD193X m
295 set_kernel_config CONFIG_SND_SOC_AD193X_SPI m
296 set_kernel_config CONFIG_SND_SOC_AD193X_I2C m
297 set_kernel_config CONFIG_SND_SOC_CS4265 m
298 set_kernel_config CONFIG_SND_SOC_DA7213 m
299 set_kernel_config CONFIG_SND_SOC_ICS43432 m
300 set_kernel_config CONFIG_SND_SOC_TLV320AIC32X4 m
301 set_kernel_config CONFIG_SND_SOC_TLV320AIC32X4_I2C m
302 set_kernel_config CONFIG_SND_SOC_I_SABRE_CODEC m
303 set_kernel_config CONFIG_HID_BIGBEN_FF m
304 #set_kernel_config CONFIG_USB_XHCI_PLATFORM y
305 set_kernel_config CONFIG_USB_TMC m
306 set_kernel_config CONFIG_USB_UAS y
307 set_kernel_config CONFIG_USBIP_VUDC m
308 set_kernel_config CONFIG_USB_CONFIGFS m
309 set_kernel_config CONFIG_USB_CONFIGFS_SERIAL y
310 set_kernel_config CONFIG_USB_CONFIGFS_ACM y
311 set_kernel_config CONFIG_USB_CONFIGFS_OBEX y
312 set_kernel_config CONFIG_USB_CONFIGFS_NCM y
313 set_kernel_config CONFIG_USB_CONFIGFS_ECM y
314 set_kernel_config CONFIG_USB_CONFIGFS_ECM_SUBSET y
315 set_kernel_config CONFIG_USB_CONFIGFS_RNDIS y
316 set_kernel_config CONFIG_USB_CONFIGFS_EEM y
317 set_kernel_config CONFIG_USB_CONFIGFS_MASS_STORAGE y
318 set_kernel_config CONFIG_USB_CONFIGFS_F_LB_SS y
319 set_kernel_config CONFIG_USB_CONFIGFS_F_FS y
320 set_kernel_config CONFIG_USB_CONFIGFS_F_UAC1 y
321 set_kernel_config CONFIG_USB_CONFIGFS_F_UAC2 y
322 set_kernel_config CONFIG_USB_CONFIGFS_F_MIDI y
323 set_kernel_config CONFIG_USB_CONFIGFS_F_HID y
324 set_kernel_config CONFIG_USB_CONFIGFS_F_UVC y
325 set_kernel_config CONFIG_USB_CONFIGFS_F_PRINTER y
326 set_kernel_config CONFIG_LEDS_PCA963X m
327 set_kernel_config CONFIG_LEDS_IS31FL32XX m
328 set_kernel_config CONFIG_LEDS_TRIGGER_NETDEV m
329 set_kernel_config CONFIG_RTC_DRV_RV3028 m
330 set_kernel_config CONFIG_AUXDISPLAY y
331 set_kernel_config CONFIG_HD44780 m
332 set_kernel_config CONFIG_FB_TFT_SH1106 m
333 set_kernel_config CONFIG_VIDEO_CODEC_BCM2835 m
334 set_kernel_config CONFIG_BCM2835_POWER y
335 set_kernel_config CONFIG_INV_MPU6050_IIO m
336 set_kernel_config CONFIG_INV_MPU6050_I2C m
337 set_kernel_config CONFIG_SECURITYFS y
338
339 # Safer to build this in
340 set_kernel_config CONFIG_BINFMT_MISC y
341
342 # pulseaudio wants a buffer of at least this size
343 set_kernel_config CONFIG_SND_HDA_PREALLOC_SIZE 2048
344
345 # PR#3063: enable 3D acceleration with 64-bit kernel on RPi4
346 # set the appropriate kernel configs unlocked by this PR
347 set_kernel_config CONFIG_ARCH_BCM y
348 set_kernel_config CONFIG_ARCH_BCM2835 y
349 set_kernel_config CONFIG_DRM_V3D m
350 set_kernel_config CONFIG_DRM_VC4 m
351 set_kernel_config CONFIG_DRM_VC4_HDMI_CEC y
352
353 # PR#3144: add arm64 pcie bounce buffers; enables 4GiB on RPi4
354 # required by PR#3144; should already be applied, but just to be safe
355 set_kernel_config CONFIG_PCIE_BRCMSTB y
356 set_kernel_config CONFIG_BCM2835_MMC y
357
358 # Snap needs squashfs. The ubuntu eoan-preinstalled-server image at
359 # http://cdimage.ubuntu.com/ubuntu-server/daily-preinstalled/current/ uses snap
360 # during cloud-init setup at first boot. Without this the login accounts are not
361 # created and the user can not login.
362 set_kernel_config CONFIG_SQUASHFS y
363
364 # Ceph support for Block Device (RBD) and Filesystem (FS)
365 # https://docs.ceph.com/docs/master/
366 set_kernel_config CONFIG_CEPH_LIB m
367 set_kernel_config CONFIG_CEPH_LIB_USE_DNS_RESOLVER y
368 set_kernel_config CONFIG_CEPH_FS m
369 set_kernel_config CONFIG_CEPH_FSCACHE y
370 set_kernel_config CONFIG_CEPH_FS_POSIX_ACL y
371 set_kernel_config CONFIG_BLK_DEV_RBD m
128 372
129 373 # enable basic KVM support; see https://www.raspberrypi.org/forums/viewtopic.php?f=63&t=210546&start=25#p1300453
130 374 if [ "$KERNEL_VIRT" = true ] && { [ "$RPI_MODEL" = 2 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] || [ "$RPI_MODEL" = 4 ]; } ; then
131 set_kernel_config CONFIG_HAVE_KVM y
132 set_kernel_config CONFIG_HIGH_RES_TIMERS y
133 set_kernel_config CONFIG_HAVE_KVM_IRQCHIP y
375 set_kernel_config CONFIG_HAVE_KVM y
376 set_kernel_config CONFIG_HIGH_RES_TIMERS y
377 set_kernel_config CONFIG_HAVE_KVM_IRQCHIP y
134 378 set_kernel_config CONFIG_HAVE_KVM_ARCH_TLB_FLUSH_ALL y
135 379 set_kernel_config CONFIG_HAVE_KVM_CPU_RELAX_INTERCEPT y
136 380 set_kernel_config CONFIG_HAVE_KVM_EVENTFD y
137 381 set_kernel_config CONFIG_HAVE_KVM_IRQFD y
138 382 set_kernel_config CONFIG_HAVE_KVM_IRQ_ROUTING y
139 383 set_kernel_config CONFIG_HAVE_KVM_MSI y
140 384 set_kernel_config CONFIG_KVM y
141 385 set_kernel_config CONFIG_KVM_ARM_HOST y
142 386 set_kernel_config CONFIG_KVM_ARM_PMU y
143 387 set_kernel_config CONFIG_KVM_COMPAT y
144 388 set_kernel_config CONFIG_KVM_GENERIC_DIRTYLOG_READ_PROTECT y
145 389 set_kernel_config CONFIG_KVM_MMIO y
146 390 set_kernel_config CONFIG_KVM_VFIO y
147 set_kernel_config CONFIG_KVM_MMU_AUDIT y
391 set_kernel_config CONFIG_KVM_MMU_AUDIT y
148 392 set_kernel_config CONFIG_VHOST m
149 393 set_kernel_config CONFIG_VHOST_CROSS_ENDIAN_LEGACY y
150 394 set_kernel_config CONFIG_VHOST_NET m
151 395 set_kernel_config CONFIG_VIRTUALIZATION y
152 396 set_kernel_config CONFIG_MMU_NOTIFIER y
153 397
154 398 set_kernel_config CONFIG_SLAB_FREELIST_RANDOM=y
155 399 set_kernel_config CONFIG_SLAB_FREELIST_HARDENED=y
156 400
157 401 # erratum
158 402 set_kernel_config ARM64_ERRATUM_834220 y
159 403 # https://sourceforge.net/p/kvm/mailman/message/18440797/
160 404 set_kernel_config CONFIG_PREEMPT_NOTIFIERS y
161 405 fi
162 406
163 407 # enable apparmor,integrity audit,
164 408 if [ "$KERNEL_SECURITY" = true ] ; then
165 409
166 410 # security filesystem, security models and audit
167 411 set_kernel_config CONFIG_SECURITYFS y
168 412 set_kernel_config CONFIG_SECURITY y
169 413 set_kernel_config CONFIG_AUDIT y
170 414
171 415 # harden strcpy and memcpy
172 416 set_kernel_config CONFIG_HARDENED_USERCOPY y
173 417 set_kernel_config CONFIG_HAVE_HARDENED_USERCOPY_ALLOCATOR y
174 418 set_kernel_config CONFIG_FORTIFY_SOURCE y
175 419
176 420 # integrity sub-system
177 421 set_kernel_config CONFIG_INTEGRITY y
178 422 set_kernel_config CONFIG_INTEGRITY_ASYMMETRIC_KEYS y
179 423 set_kernel_config CONFIG_INTEGRITY_AUDIT y
180 424 set_kernel_config CONFIG_INTEGRITY_SIGNATURE y
181 425 set_kernel_config CONFIG_INTEGRITY_TRUSTED_KEYRING y
182 426
183 427 # This option provides support for retaining authentication tokens and access keys in the kernel.
184 428 set_kernel_config CONFIG_KEYS y
185 429 set_kernel_config CONFIG_KEYS_COMPAT y
186 430
187 431 # Apparmor
188 432 set_kernel_config CONFIG_SECURITY_APPARMOR_BOOTPARAM_VALUE 0
189 433 set_kernel_config CONFIG_SECURITY_APPARMOR_HASH_DEFAULT y
190 434 set_kernel_config CONFIG_DEFAULT_SECURITY_APPARMOR y
191 435 set_kernel_config CONFIG_SECURITY_APPARMOR y
192 436 set_kernel_config CONFIG_SECURITY_APPARMOR_HASH y
193 437 set_kernel_config CONFIG_DEFAULT_SECURITY "apparmor"
194 438
195 439 # restrictions on unprivileged users reading the kernel
196 440 set_kernel_config CONFIG_SECURITY_DMESG_RESTRICT y
197 441
198 442 # network security hooks
199 443 set_kernel_config CONFIG_SECURITY_NETWORK y
200 444 set_kernel_config CONFIG_SECURITY_NETWORK_XFRM y
201 445 set_kernel_config CONFIG_SECURITY_PATH y
202 446 set_kernel_config CONFIG_SECURITY_YAMA n
203 447
204 # New Options
205 if [ "$KERNEL_NF" = true ] ; then
206 set_kernel_config CONFIG_IP_NF_SECURITY m
207 set_kernel_config CONFIG_NETLABEL y
208 set_kernel_config CONFIG_IP6_NF_SECURITY m
209 fi
210 448 set_kernel_config CONFIG_SECURITY_SELINUX n
211 449 set_kernel_config CONFIG_SECURITY_SMACK n
212 450 set_kernel_config CONFIG_SECURITY_TOMOYO n
213 451 set_kernel_config CONFIG_SECURITY_APPARMOR_DEBUG n
214 452 set_kernel_config CONFIG_SECURITY_LOADPIN n
215 453 set_kernel_config CONFIG_HARDENED_USERCOPY_PAGESPAN n
216 454 set_kernel_config CONFIG_IMA n
217 455 set_kernel_config CONFIG_EVM n
218 456 set_kernel_config CONFIG_FANOTIFY_ACCESS_PERMISSIONS y
219 457 set_kernel_config CONFIG_NFSD_V4_SECURITY_LABEL y
220 458 set_kernel_config CONFIG_PKCS7_MESSAGE_PARSER y
221 459 set_kernel_config CONFIG_SYSTEM_TRUSTED_KEYRING y
222 set_kernel_config CONFIG_SYSTEM_TRUSTED_KEYS y
223 460 set_kernel_config CONFIG_SYSTEM_EXTRA_CERTIFICATE y
224 461 set_kernel_config CONFIG_SECONDARY_TRUSTED_KEYRING y
225 462 set_kernel_config CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY n
226 set_kernel_config CONFIG_SYSTEM_TRUSTED_KEYS m
227 set_kernel_config CONFIG_SYSTEM_EXTRA_CERTIFICATE_SIZE 4096
463 set_kernel_config CONFIG_SYSTEM_TRUSTED_KEYS m
464 set_kernel_config CONFIG_SYSTEM_EXTRA_CERTIFICATE_SIZE 4096
228 465
229 466 set_kernel_config CONFIG_ARM64_CRYPTO y
230 467 set_kernel_config CONFIG_CRYPTO_SHA256_ARM64 m
231 468 set_kernel_config CONFIG_CRYPTO_SHA512_ARM64 m
232 469 set_kernel_config CONFIG_CRYPTO_SHA1_ARM64_CE m
233 470 set_kernel_config CRYPTO_GHASH_ARM64_CE m
234 471 set_kernel_config CRYPTO_SHA2_ARM64_CE m
235 472 set_kernel_config CONFIG_CRYPTO_CRCT10DIF_ARM64_CE m
236 473 set_kernel_config CONFIG_CRYPTO_CRC32_ARM64_CE m
237 474 set_kernel_config CONFIG_CRYPTO_AES_ARM64 m
238 475 set_kernel_config CONFIG_CRYPTO_AES_ARM64_CE m
239 476 set_kernel_config CONFIG_CRYPTO_AES_ARM64_CE_CCM y
240 477 set_kernel_config CONFIG_CRYPTO_AES_ARM64_CE_BLK y
241 478 set_kernel_config CONFIG_CRYPTO_AES_ARM64_NEON_BLK m
242 479 set_kernel_config CONFIG_CRYPTO_CHACHA20_NEON m
243 480 set_kernel_config CONFIG_CRYPTO_AES_ARM64_BS m
244 set_kernel_config SYSTEM_TRUSTED_KEYS
245 481 fi
246 482
247 483 # Netfilter kernel support See https://github.com/raspberrypi/linux/issues/2177#issuecomment-354647406
248 484 if [ "$KERNEL_NF" = true ] ; then
485 set_kernel_config CONFIG_IP_NF_SECURITY m
486 set_kernel_config CONFIG_NETLABEL y
487 set_kernel_config CONFIG_IP6_NF_SECURITY m
249 488 set_kernel_config CONFIG_IP_NF_TARGET_SYNPROXY m
250 489 set_kernel_config CONFIG_NETFILTER_XT_TARGET_AUDIT m
251 490 set_kernel_config CONFIG_NETFILTER_XT_MATCH_CGROUP m
252 491 set_kernel_config CONFIG_NETFILTER_XT_MATCH_IPCOMP m
253 492 set_kernel_config CONFIG_NETFILTER_XT_MATCH_SOCKET m
254 493 set_kernel_config CONFIG_NFT_FIB_INET m
255 494 set_kernel_config CONFIG_NFT_FIB_IPV4 m
256 495 set_kernel_config CONFIG_NFT_FIB_IPV6 m
257 496 set_kernel_config CONFIG_NFT_FIB_NETDEV m
258 497 set_kernel_config CONFIG_NFT_OBJREF m
259 498 set_kernel_config CONFIG_NFT_RT m
260 499 set_kernel_config CONFIG_NFT_SET_BITMAP m
261 500 set_kernel_config CONFIG_NF_CONNTRACK_TIMEOUT y
262 501 set_kernel_config CONFIG_NF_LOG_ARP m
263 502 set_kernel_config CONFIG_NF_SOCKET_IPV4 m
264 503 set_kernel_config CONFIG_NF_SOCKET_IPV6 m
265 504 set_kernel_config CONFIG_BRIDGE_EBT_BROUTE m
266 505 set_kernel_config CONFIG_BRIDGE_EBT_T_FILTER m
267 506 set_kernel_config CONFIG_BRIDGE_NF_EBTABLES m
268 507 set_kernel_config CONFIG_IP6_NF_IPTABLES m
269 508 set_kernel_config CONFIG_IP6_NF_MATCH_AH m
270 509 set_kernel_config CONFIG_IP6_NF_MATCH_EUI64 m
271 510 set_kernel_config CONFIG_IP6_NF_NAT m
272 511 set_kernel_config CONFIG_IP6_NF_TARGET_MASQUERADE m
273 512 set_kernel_config CONFIG_IP6_NF_TARGET_NPT m
274 set_kernel_config CONFIG_IP_NF_SECURITY m
275 513 set_kernel_config CONFIG_IP_SET_BITMAP_IPMAC m
276 514 set_kernel_config CONFIG_IP_SET_BITMAP_PORT m
277 515 set_kernel_config CONFIG_IP_SET_HASH_IP m
278 516 set_kernel_config CONFIG_IP_SET_HASH_IPMARK m
279 517 set_kernel_config CONFIG_IP_SET_HASH_IPPORT m
280 518 set_kernel_config CONFIG_IP_SET_HASH_IPPORTIP m
281 519 set_kernel_config CONFIG_IP_SET_HASH_IPPORTNET m
282 520 set_kernel_config CONFIG_IP_SET_HASH_MAC m
283 521 set_kernel_config CONFIG_IP_SET_HASH_NET m
284 522 set_kernel_config CONFIG_IP_SET_HASH_NETIFACE m
285 523 set_kernel_config CONFIG_IP_SET_HASH_NETNET m
286 524 set_kernel_config CONFIG_IP_SET_HASH_NETPORT m
287 525 set_kernel_config CONFIG_IP_SET_HASH_NETPORTNET m
288 526 set_kernel_config CONFIG_IP_SET_LIST_SET m
289 527 set_kernel_config CONFIG_NETFILTER_XTABLES m
290 528 set_kernel_config CONFIG_NETFILTER_XTABLES m
291 529 set_kernel_config CONFIG_NFT_BRIDGE_META m
292 530 set_kernel_config CONFIG_NFT_BRIDGE_REJECT m
293 531 set_kernel_config CONFIG_NFT_CHAIN_NAT_IPV4 m
294 532 set_kernel_config CONFIG_NFT_CHAIN_NAT_IPV6 m
295 533 set_kernel_config CONFIG_NFT_CHAIN_ROUTE_IPV4 m
296 534 set_kernel_config CONFIG_NFT_CHAIN_ROUTE_IPV6 m
297 535 set_kernel_config CONFIG_NFT_COMPAT m
298 536 set_kernel_config CONFIG_NFT_COUNTER m
299 537 set_kernel_config CONFIG_NFT_CT m
300 538 set_kernel_config CONFIG_NFT_DUP_IPV4 m
301 539 set_kernel_config CONFIG_NFT_DUP_IPV6 m
302 540 set_kernel_config CONFIG_NFT_DUP_NETDEV m
303 541 set_kernel_config CONFIG_NFT_EXTHDR m
304 542 set_kernel_config CONFIG_NFT_FWD_NETDEV m
305 543 set_kernel_config CONFIG_NFT_HASH m
306 544 set_kernel_config CONFIG_NFT_LIMIT m
307 545 set_kernel_config CONFIG_NFT_LOG m
308 546 set_kernel_config CONFIG_NFT_MASQ m
309 547 set_kernel_config CONFIG_NFT_MASQ_IPV4 m
310 548 set_kernel_config CONFIG_NFT_MASQ_IPV6 m
311 549 set_kernel_config CONFIG_NFT_META m
312 550 set_kernel_config CONFIG_NFT_NAT m
313 551 set_kernel_config CONFIG_NFT_NUMGEN m
314 552 set_kernel_config CONFIG_NFT_QUEUE m
315 553 set_kernel_config CONFIG_NFT_QUOTA m
316 554 set_kernel_config CONFIG_NFT_REDIR m
317 555 set_kernel_config CONFIG_NFT_REDIR_IPV4 m
318 556 set_kernel_config CONFIG_NFT_REDIR_IPV6 m
319 557 set_kernel_config CONFIG_NFT_REJECT m
320 558 set_kernel_config CONFIG_NFT_REJECT_INET m
321 559 set_kernel_config CONFIG_NFT_REJECT_IPV4 m
322 560 set_kernel_config CONFIG_NFT_REJECT_IPV6 m
323 561 set_kernel_config CONFIG_NFT_SET_HASH m
324 562 set_kernel_config CONFIG_NFT_SET_RBTREE m
325 563 set_kernel_config CONFIG_NF_CONNTRACK_IPV4 m
326 564 set_kernel_config CONFIG_NF_CONNTRACK_IPV6 m
327 565 set_kernel_config CONFIG_NF_DEFRAG_IPV4 m
328 566 set_kernel_config CONFIG_NF_DEFRAG_IPV6 m
329 567 set_kernel_config CONFIG_NF_DUP_IPV4 m
330 568 set_kernel_config CONFIG_NF_DUP_IPV6 m
331 569 set_kernel_config CONFIG_NF_DUP_NETDEV m
332 570 set_kernel_config CONFIG_NF_LOG_BRIDGE m
333 571 set_kernel_config CONFIG_NF_LOG_IPV4 m
334 572 set_kernel_config CONFIG_NF_LOG_IPV6 m
335 573 set_kernel_config CONFIG_NF_NAT_IPV4 m
336 574 set_kernel_config CONFIG_NF_NAT_IPV6 m
337 575 set_kernel_config CONFIG_NF_NAT_MASQUERADE_IPV4 y
338 576 set_kernel_config CONFIG_NF_NAT_MASQUERADE_IPV6 y
339 577 set_kernel_config CONFIG_NF_NAT_PPTP m
340 578 set_kernel_config CONFIG_NF_NAT_PROTO_GRE m
341 579 set_kernel_config CONFIG_NF_NAT_REDIRECT y
342 580 set_kernel_config CONFIG_NF_NAT_SIP m
343 581 set_kernel_config CONFIG_NF_NAT_SNMP_BASIC m
344 582 set_kernel_config CONFIG_NF_NAT_TFTP m
345 583 set_kernel_config CONFIG_NF_REJECT_IPV4 m
346 584 set_kernel_config CONFIG_NF_REJECT_IPV6 m
347 585 set_kernel_config CONFIG_NF_TABLES m
348 586 set_kernel_config CONFIG_NF_TABLES_ARP m
349 587 set_kernel_config CONFIG_NF_TABLES_BRIDGE m
350 588 set_kernel_config CONFIG_NF_TABLES_INET m
351 589 set_kernel_config CONFIG_NF_TABLES_IPV4 y
352 590 set_kernel_config CONFIG_NF_TABLES_IPV6 y
353 591 set_kernel_config CONFIG_NF_TABLES_NETDEV m
354 set_kernel_config CONFIG_NF_TABLES_SET m
355 set_kernel_config CONFIG_NF_TABLES_INET y
356 set_kernel_config CONFIG_NF_TABLES_NETDEV y
357 set_kernel_config CONFIG_NFT_CONNLIMIT m
358 set_kernel_config CONFIG_NFT_TUNNEL m
359 set_kernel_config CONFIG_NFT_SOCKET m
360 set_kernel_config CONFIG_NFT_TPROXY m
361 set_kernel_config CONFIG_NF_FLOW_TABLE m
362 set_kernel_config CONFIG_NFT_FLOW_OFFLOAD m
363 set_kernel_config CONFIG_NF_FLOW_TABLE_INET m
364 set_kernel_config CONFIG_NF_TABLES_ARP y
365 set_kernel_config CONFIG_NF_FLOW_TABLE_IPV4 y
366 set_kernel_config CONFIG_NF_FLOW_TABLE_IPV6 y
367 set_kernel_config CONFIG_NF_TABLES_BRIDGE y
368 set_kernel_config CONFIG_NF_CT_NETLINK_TIMEOUT m
369 set_kernel_config CONFIG_NFT_OSF m
592 set_kernel_config CONFIG_NF_TABLES_SET m
593 set_kernel_config CONFIG_NF_TABLES_INET y
594 set_kernel_config CONFIG_NF_TABLES_NETDEV y
595 set_kernel_config CONFIG_NFT_CONNLIMIT m
596 set_kernel_config CONFIG_NFT_TUNNEL m
597 set_kernel_config CONFIG_NFT_SOCKET m
598 set_kernel_config CONFIG_NFT_TPROXY m
599 set_kernel_config CONFIG_NF_FLOW_TABLE m
600 set_kernel_config CONFIG_NFT_FLOW_OFFLOAD m
601 set_kernel_config CONFIG_NF_FLOW_TABLE_INET m
602 set_kernel_config CONFIG_NF_TABLES_ARP y
603 set_kernel_config CONFIG_NF_FLOW_TABLE_IPV4 y
604 set_kernel_config CONFIG_NF_FLOW_TABLE_IPV6 y
605 set_kernel_config CONFIG_NF_TABLES_BRIDGE y
606 set_kernel_config CONFIG_NF_CT_NETLINK_TIMEOUT m
607 set_kernel_config CONFIG_NFT_OSF m
370 608
371 609 fi
372 610
373 611 # Enables BPF syscall for systemd-journald see https://github.com/torvalds/linux/blob/master/init/Kconfig#L848 or https://groups.google.com/forum/#!topic/linux.gentoo.user/_2aSc_ztGpA
374 612 if [ "$KERNEL_BPF" = true ] ; then
375 set_kernel_config CONFIG_BPF_SYSCALL y
613 set_kernel_config CONFIG_BPF_SYSCALL y
376 614 set_kernel_config CONFIG_BPF_EVENTS y
377 615 set_kernel_config CONFIG_BPF_STREAM_PARSER y
378 616 set_kernel_config CONFIG_CGROUP_BPF y
379 617 set_kernel_config CONFIG_XDP_SOCKETS y
380 618 fi
381 619
382 620 # KERNEL_DEFAULT_GOV was set by user
383 621 if [ "$KERNEL_DEFAULT_GOV" != powersave ] && [ -n "$KERNEL_DEFAULT_GOV" ] ; then
384 622
385 623 case "$KERNEL_DEFAULT_GOV" in
386 624 performance)
387 625 set_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_PERFORMANCE y
388 626 ;;
389 627 userspace)
390 628 set_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_USERSPACE y
391 629 ;;
392 630 ondemand)
393 631 set_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_ONDEMAND y
394 632 ;;
395 633 conservative)
396 634 set_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_CONSERVATIVE y
397 635 ;;
398 636 shedutil)
399 637 set_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_SCHEDUTIL y
400 638 ;;
401 639 *)
402 640 echo "error: unsupported default cpu governor"
403 641 exit 1
404 642 ;;
405 643 esac
406 644
407 645 # unset previous default governor
408 646 unset_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_POWERSAVE
409 647 fi
410 648
411 649 #Revert to previous directory
412 650 cd "${WORKDIR}" || exit
413 651
414 652 # Set kernel configuration parameters to enable qemu emulation
415 653 if [ "$ENABLE_QEMU" = true ] ; then
416 654 echo "CONFIG_FHANDLE=y" >> "${KERNEL_DIR}"/.config
417 655 echo "CONFIG_LBDAF=y" >> "${KERNEL_DIR}"/.config
418 656
419 657 if [ "$KERNEL_CRYPTFS" = true ] ; then
420 658 {
421 659 echo "CONFIG_EMBEDDED=y"
422 660 echo "CONFIG_EXPERT=y"
423 661 echo "CONFIG_DAX=y"
424 662 echo "CONFIG_MD=y"
425 663 echo "CONFIG_BLK_DEV_MD=y"
426 664 echo "CONFIG_MD_AUTODETECT=y"
427 665 echo "CONFIG_BLK_DEV_DM=y"
428 666 echo "CONFIG_BLK_DEV_DM_BUILTIN=y"
429 667 echo "CONFIG_DM_CRYPT=y"
430 668 echo "CONFIG_CRYPTO_BLKCIPHER=y"
431 669 echo "CONFIG_CRYPTO_CBC=y"
432 670 echo "CONFIG_CRYPTO_XTS=y"
433 671 echo "CONFIG_CRYPTO_SHA512=y"
434 672 echo "CONFIG_CRYPTO_MANAGER=y"
435 673 } >> "${KERNEL_DIR}"/.config
436 674 fi
437 675 fi
438 676
439 677 # Copy custom kernel configuration file
440 678 if [ -n "$KERNELSRC_USRCONFIG" ] ; then
441 679 cp "$KERNELSRC_USRCONFIG" "${KERNEL_DIR}"/.config
442 680 fi
443 681
444 682 # Set kernel configuration parameters to their default values
445 683 if [ "$KERNEL_OLDDEFCONFIG" = true ] ; then
446 684 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" olddefconfig
447 685 fi
448 686
449 687 # Start menu-driven kernel configuration (interactive)
450 688 if [ "$KERNEL_MENUCONFIG" = true ] ; then
451 689 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" menuconfig
452 690 fi
453 691 # end if "$KERNELSRC_CONFIG" = true
454 692 fi
455 693
456 694 # Use ccache to cross compile the kernel
457 695 if [ "$KERNEL_CCACHE" = true ] ; then
458 696 cc="ccache ${CROSS_COMPILE}gcc"
459 697 else
460 698 cc="${CROSS_COMPILE}gcc"
461 699 fi
462 700
463 701 # Cross compile kernel and dtbs
464 702 make -C "${KERNEL_DIR}" -j"${KERNEL_THREADS}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" CC="${cc}" "${KERNEL_BIN_IMAGE}" dtbs
465 703
466 704 # Cross compile kernel modules
467 705 if grep -q "CONFIG_MODULES=y" "${KERNEL_DIR}/.config" ; then
468 706 make -C "${KERNEL_DIR}" -j"${KERNEL_THREADS}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" CC="${cc}" modules
469 707 fi
470 708 # end if "$KERNELSRC_PREBUILT" = false
471 709 fi
472 710
473 711 # Check if kernel compilation was successful
474 712 if [ ! -r "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/${KERNEL_BIN_IMAGE}" ] ; then
475 713 echo "error: kernel compilation failed! (kernel image not found)"
476 714 cleanup
477 715 exit 1
478 716 fi
479 717
480 718 # Install kernel modules
481 719 if [ "$ENABLE_REDUCE" = true ] ; then
482 720 if grep -q "CONFIG_MODULES=y" "${KERNEL_DIR}/.config" ; then
483 721 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_MOD_STRIP=1 INSTALL_MOD_PATH=../../.. modules_install
484 722 fi
485 723 else
486 724 if grep -q "CONFIG_MODULES=y" "${KERNEL_DIR}/.config" ; then
487 725 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_MOD_PATH=../../.. modules_install
488 726 fi
489 727
490 728 # Install kernel firmware
491 729 if grep -q "^firmware_install:" "${KERNEL_DIR}/Makefile" ; then
492 730 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_FW_PATH=../../../lib firmware_install
493 731 fi
494 732 fi
495 733
496 734 # Install kernel headers
497 735 if [ "$KERNEL_HEADERS" = true ] && [ "$KERNEL_REDUCE" = false ] ; then
498 736 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_HDR_PATH=../.. headers_install
499 737 fi
500 738
501 739 # Prepare boot (firmware) directory
502 740 mkdir "${BOOT_DIR}"
503 741
504 742 # Get kernel release version
505 743 KERNEL_VERSION=$(cat "${KERNEL_DIR}/include/config/kernel.release")
506 744
507 745 # Copy kernel configuration file to the boot directory
508 746 install_readonly "${KERNEL_DIR}/.config" "${R}/boot/config-${KERNEL_VERSION}"
509 747
510 748 # Prepare device tree directory
511 749 mkdir "${BOOT_DIR}/overlays"
512 750
513 751 # Ensure the proper .dtb is located
514 752 if [ "$KERNEL_ARCH" = "arm" ] ; then
515 753 for dtb in "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/"*.dtb ; do
516 754 if [ -f "${dtb}" ] ; then
517 755 install_readonly "${dtb}" "${BOOT_DIR}/"
518 756 fi
519 757 done
520 758 else
521 759 for dtb in "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/broadcom/"*.dtb ; do
522 760 if [ -f "${dtb}" ] ; then
523 761 install_readonly "${dtb}" "${BOOT_DIR}/"
524 762 fi
525 763 done
526 764 fi
527 765
528 766 # Copy compiled dtb device tree files
529 767 if [ -d "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays" ] ; then
530 768 for dtb in "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays/"*.dtbo ; do
531 769 if [ -f "${dtb}" ] ; then
532 770 install_readonly "${dtb}" "${BOOT_DIR}/overlays/"
533 771 fi
534 772 done
535 773
536 774 if [ -f "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays/README" ] ; then
537 775 install_readonly "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays/README" "${BOOT_DIR}/overlays/README"
538 776 fi
539 777 fi
540 778
541 779 if [ "$ENABLE_UBOOT" = false ] ; then
542 780 # Convert and copy kernel image to the boot directory
543 781 "${KERNEL_DIR}/scripts/mkknlimg" "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/${KERNEL_BIN_IMAGE}" "${BOOT_DIR}/${KERNEL_IMAGE}"
544 782 else
545 783 # Copy kernel image to the boot directory
546 784 install_readonly "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/${KERNEL_BIN_IMAGE}" "${BOOT_DIR}/${KERNEL_IMAGE}"
547 785 fi
548 786
549 787 # Remove kernel sources
550 788 if [ "$KERNEL_REMOVESRC" = true ] ; then
551 789 rm -fr "${KERNEL_DIR}"
552 790 else
553 791 # Prepare compiled kernel modules
554 792 if grep -q "CONFIG_MODULES=y" "${KERNEL_DIR}/.config" ; then
555 793 if grep -q "^modules_prepare:" "${KERNEL_DIR}/Makefile" ; then
556 794 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" modules_prepare
557 795 fi
558 796
559 797 # Create symlinks for kernel modules
560 798 chroot_exec ln -sf /usr/src/linux "/lib/modules/${KERNEL_VERSION}/build"
561 799 chroot_exec ln -sf /usr/src/linux "/lib/modules/${KERNEL_VERSION}/source"
562 800 fi
563 801 fi
564 802
565 803 else # BUILD_KERNEL=false
566 804 if [ "$SET_ARCH" = 64 ] ; then
567 805 if [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then
568 806 # Use Sakakis modified kernel if ZSWAP is active
569 807 if [ "$KERNEL_ZSWAP" = true ] || [ "$KERNEL_VIRT" = true ] || [ "$KERNEL_NF" = true ] || [ "$KERNEL_BPF" = true ] ; then
570 808 RPI3_64_KERNEL_URL="${RPI3_64_BIS_KERNEL_URL}"
571 809 fi
572 810
573 811 # Create temporary directory for dl
574 812 temp_dir=$(as_nobody mktemp -d)
575 813
576 814 # Fetch kernel dl
577 815 as_nobody wget -O "${temp_dir}"/kernel.tar.xz -c "$RPI3_64_KERNEL_URL"
578 816 fi
579 817 if [ "$SET_ARCH" = 64 ] && [ "$RPI_MODEL" = 4 ] ; then
580 818 # Create temporary directory for dl
581 819 temp_dir=$(as_nobody mktemp -d)
582 820
583 821 # Fetch kernel dl
584 822 as_nobody wget -O "${temp_dir}"/kernel.tar.xz -c "$RPI4_64_KERNEL_URL"
585 823 fi
586 824
587 825 #extract download
588 826 tar -xJf "${temp_dir}"/kernel.tar.xz -C "${temp_dir}"
589 827
590 828 #move extracted kernel to /boot/firmware
591 829 mkdir "${R}/boot/firmware"
592 830 cp "${temp_dir}"/boot/* "${R}"/boot/firmware/
593 831 cp -r "${temp_dir}"/lib/* "${R}"/lib/
594 832
595 833 # Remove temporary directory for kernel sources
596 834 rm -fr "${temp_dir}"
597 835
598 836 # Set permissions of the kernel sources
599 837 chown -R root:root "${R}/boot/firmware"
600 838 chown -R root:root "${R}/lib/modules"
601 839 fi
602 840
603 841 # Install Kernel from hypriot comptabile with all Raspberry PI (dunno if its compatible with RPI4 - better compile your own kernel)
604 842 if [ "$SET_ARCH" = 32 ] && [ "$RPI_MODEL" != 4 ] ; then
605 843 # Create temporary directory for dl
606 844 temp_dir=$(as_nobody mktemp -d)
607 845
608 846 # Fetch kernel
609 847 as_nobody wget -O "${temp_dir}"/kernel.deb -c "$RPI_32_KERNEL_URL"
610 848
611 849 # Copy downloaded kernel package
612 850 mv "${temp_dir}"/kernel.deb "${R}"/tmp/kernel.deb
613 851
614 852 # Set permissions
615 853 chown -R root:root "${R}"/tmp/kernel.deb
616 854
617 855 # Install kernel
618 856 chroot_exec dpkg -i /tmp/kernel.deb
619 857
620 858 # move /boot to /boot/firmware to fit script env.
621 859 #mkdir "${BOOT_DIR}"
622 860 mkdir "${temp_dir}"/firmware
623 861 mv "${R}"/boot/* "${temp_dir}"/firmware/
624 862 mv "${temp_dir}"/firmware "${R}"/boot/
625 863
626 864 #same for kernel headers
627 865 if [ "$KERNEL_HEADERS" = true ] ; then
628 866 # Fetch kernel header
629 867 as_nobody wget -O "${temp_dir}"/kernel-header.deb -c "$RPI_32_KERNELHEADER_URL"
630 868 mv "${temp_dir}"/kernel-header.deb "${R}"/tmp/kernel-header.deb
631 869 chown -R root:root "${R}"/tmp/kernel-header.deb
632 870 # Install kernel header
633 871 chroot_exec dpkg -i /tmp/kernel-header.deb
634 872 rm -f "${R}"/tmp/kernel-header.deb
635 873 fi
636 874
637 875 # Remove temporary directory and files
638 876 rm -fr "${temp_dir}"
639 877 rm -f "${R}"/tmp/kernel.deb
640 878 fi
641 879
642 880 # Check if kernel installation was successful
643 881 KERNEL="$(ls -1 "${R}"/boot/firmware/kernel* | sort | tail -n 1)"
644 882 if [ -z "$KERNEL" ] ; then
645 883 echo "error: kernel installation failed! (/boot/kernel* not found)"
646 884 cleanup
647 885 exit 1
648 886 fi
649 887 fi
@@ -1,887 +1,893
1 1 #!/bin/sh
2 2 ########################################################################
3 3 # rpi23-gen-image.sh 2015-2017
4 4 #
5 5 # Advanced Debian "stretch" and "buster" bootstrap script for Raspberry Pi
6 6 #
7 7 # This program is free software; you can redistribute it and/or
8 8 # modify it under the terms of the GNU General Public License
9 9 # as published by the Free Software Foundation; either version 2
10 10 # of the License, or (at your option) any later version.
11 11 #
12 12 # Copyright (C) 2015 Jan Wagner <mail@jwagner.eu>
13 13 #
14 14 # Big thanks for patches and enhancements by 20+ github contributors!
15 15 ########################################################################
16 16
17 17 # Are we running as root?
18 18 if [ "$(id -u)" -ne "0" ] ; then
19 19 echo "error: this script must be executed with root privileges!"
20 20 exit 1
21 21 fi
22 22
23 23 # Check if ./functions.sh script exists
24 24 if [ ! -r "./functions.sh" ] ; then
25 25 echo "error: './functions.sh' required script not found!"
26 26 exit 1
27 27 fi
28 28
29 29 # Load utility functions
30 30 . ./functions.sh
31 31
32 32 # Load parameters from configuration template file
33 33 if [ -n "$CONFIG_TEMPLATE" ] ; then
34 34 use_template
35 35 fi
36 36
37 37 # Introduce settings
38 38 set -e
39 39 echo -n -e "\n#\n# RPi 0/1/2/3 Bootstrap Settings\n#\n"
40 40 set -x
41 41
42 42 # Raspberry Pi model configuration
43 43 RPI_MODEL=${RPI_MODEL:=2}
44 44
45 45 # Debian release
46 46 RELEASE=${RELEASE:=buster}
47 47
48 48 # Kernel Branch
49 49 KERNEL_BRANCH=${KERNEL_BRANCH:=""}
50 50
51 51 # URLs
52 52 KERNEL_URL=${KERNEL_URL:=https://github.com/raspberrypi/linux}
53 53 FIRMWARE_URL=${FIRMWARE_URL:=https://github.com/raspberrypi/firmware/raw/master/boot}
54 54 WLAN_FIRMWARE_URL=${WLAN_FIRMWARE_URL:=https://github.com/RPi-Distro/firmware-nonfree/raw/master/brcm}
55 55 COLLABORA_URL=${COLLABORA_URL:=https://repositories.collabora.co.uk/debian}
56 56 FBTURBO_URL=${FBTURBO_URL:=https://github.com/ssvb/xf86-video-fbturbo.git}
57 57 UBOOT_URL=${UBOOT_URL:=https://git.denx.de/u-boot.git}
58 58 VIDEOCORE_URL=${VIDEOCORE_URL:=https://github.com/raspberrypi/userland}
59 59 BLUETOOTH_URL=${BLUETOOTH_URL:=https://github.com/RPi-Distro/pi-bluetooth.git}
60 60 NEXMON_URL=${NEXMON_URL:=https://github.com/seemoo-lab/nexmon.git}
61 61 SYSTEMDSWAP_URL=${SYSTEMDSWAP_URL:=https://github.com/Nefelim4ag/systemd-swap.git}
62 62
63 63 # Kernel deb packages for 32bit kernel
64 64 RPI_32_KERNEL_URL=${RPI_32_KERNEL_URL:=https://github.com/hypriot/rpi-kernel/releases/download/v4.14.34/raspberrypi-kernel_20180422-141901_armhf.deb}
65 65 RPI_32_KERNELHEADER_URL=${RPI_32_KERNELHEADER_URL:=https://github.com/hypriot/rpi-kernel/releases/download/v4.14.34/raspberrypi-kernel-headers_20180422-141901_armhf.deb}
66 66 # Kernel has KVM and zswap enabled - use if KERNEL_* parameters and precompiled kernel are used
67 67 RPI3_64_BIS_KERNEL_URL=${RPI3_64_BIS_KERNEL_URL:=https://github.com/sakaki-/bcmrpi3-kernel-bis/releases/download/4.14.80.20181113/bcmrpi3-kernel-bis-4.14.80.20181113.tar.xz}
68 68 # Default precompiled 64bit kernel
69 69 RPI3_64_DEF_KERNEL_URL=${RPI3_64_DEF_KERNEL_URL:=https://github.com/sakaki-/bcmrpi3-kernel/releases/download/4.14.80.20181113/bcmrpi3-kernel-4.14.80.20181113.tar.xz}
70 70 # Sakaki BIS Kernel RPI4
71 71 RPI4_64_DEF_KERNEL_URL=https://github.com/sakaki-/bcm2711-kernel-bis/releases/download/4.19.59.20190724/bcm2711-kernel-bis-4.19.59.20190724.tar.xz
72 72 # Generic
73 73 RPI3_64_KERNEL_URL=${RPI3_64_KERNEL_URL:=$RPI3_64_DEF_KERNEL_URL}
74 74 RPI4_64_KERNEL_URL=${RPI3_64_KERNEL_URL:=$RPI4_64_DEF_KERNEL_URL}
75 75 # Kali kernel src - used if ENABLE_NEXMON=true (they patch the wlan kernel modul)
76 76 KALI_KERNEL_URL=${KALI_KERNEL_URL:=https://github.com/Re4son/re4son-raspberrypi-linux.git}
77 77
78 78 # Build directories
79 79 WORKDIR=$(pwd)
80 80 BASEDIR=${BASEDIR:=${WORKDIR}/images/${RELEASE}}
81 81 BUILDDIR="${BASEDIR}/build"
82 82
83 83 # Chroot directories
84 84 R="${BUILDDIR}/chroot"
85 85 ETC_DIR="${R}/etc"
86 86 LIB_DIR="${R}/lib"
87 87 BOOT_DIR="${R}/boot/firmware"
88 88 KERNEL_DIR="${R}/usr/src/linux"
89 89 WLAN_FIRMWARE_DIR="${LIB_DIR}/firmware/brcm"
90 90 BLUETOOTH_FIRMWARE_DIR="${ETC_DIR}/firmware/bt"
91 91
92 92 # Firmware directory: Blank if download from github
93 93 RPI_FIRMWARE_DIR=${RPI_FIRMWARE_DIR:=""}
94 94
95 95 # General settings
96 96 SET_ARCH=${SET_ARCH:=32}
97 97 HOSTNAME=${HOSTNAME:=rpi${RPI_MODEL}-${RELEASE}}
98 98 PASSWORD=${PASSWORD:=raspberry}
99 99 USER_PASSWORD=${USER_PASSWORD:=raspberry}
100 100 DEFLOCAL=${DEFLOCAL:="en_US.UTF-8"}
101 101 TIMEZONE=${TIMEZONE:="Europe/Berlin"}
102 102 EXPANDROOT=${EXPANDROOT:=true}
103 103 ENABLE_DPHYSSWAP=${ENABLE_DPHYSSWAP:=true}
104 104
105 105 # Keyboard settings
106 106 XKB_MODEL=${XKB_MODEL:=""}
107 107 XKB_LAYOUT=${XKB_LAYOUT:=""}
108 108 XKB_VARIANT=${XKB_VARIANT:=""}
109 109 XKB_OPTIONS=${XKB_OPTIONS:=""}
110 110
111 111 # Network settings (DHCP)
112 112 ENABLE_DHCP=${ENABLE_DHCP:=true}
113 113
114 114 # Network settings (static)
115 115 NET_ADDRESS=${NET_ADDRESS:=""}
116 116 NET_GATEWAY=${NET_GATEWAY:=""}
117 117 NET_DNS_1=${NET_DNS_1:=""}
118 118 NET_DNS_2=${NET_DNS_2:=""}
119 119 NET_DNS_DOMAINS=${NET_DNS_DOMAINS:=""}
120 120 NET_NTP_1=${NET_NTP_1:=""}
121 121 NET_NTP_2=${NET_NTP_2:=""}
122 122
123 123 # APT settings
124 124 APT_PROXY=${APT_PROXY:=""}
125 125 APT_SERVER=${APT_SERVER:="ftp.debian.org"}
126 126 KEEP_APT_PROXY=${KEEP_APT_PROXY:=false}
127 127
128 128 # Feature settings
129 129 ENABLE_PRINTK=${ENABLE_PRINTK:=false}
130 130 ENABLE_BLUETOOTH=${ENABLE_BLUETOOTH:=false}
131 131 ENABLE_MINIUART_OVERLAY=${ENABLE_MINIUART_OVERLAY:=false}
132 132 ENABLE_CONSOLE=${ENABLE_CONSOLE:=true}
133 133 ENABLE_I2C=${ENABLE_I2C:=false}
134 134 ENABLE_SPI=${ENABLE_SPI:=false}
135 135 ENABLE_IPV6=${ENABLE_IPV6:=true}
136 136 ENABLE_SSHD=${ENABLE_SSHD:=true}
137 137 ENABLE_NONFREE=${ENABLE_NONFREE:=false}
138 138 ENABLE_WIRELESS=${ENABLE_WIRELESS:=false}
139 139 ENABLE_SOUND=${ENABLE_SOUND:=true}
140 140 ENABLE_DBUS=${ENABLE_DBUS:=true}
141 141 ENABLE_HWRANDOM=${ENABLE_HWRANDOM:=true}
142 142 ENABLE_MINGPU=${ENABLE_MINGPU:=false}
143 143 ENABLE_XORG=${ENABLE_XORG:=false}
144 144 ENABLE_WM=${ENABLE_WM:=""}
145 145 ENABLE_RSYSLOG=${ENABLE_RSYSLOG:=true}
146 146 ENABLE_USER=${ENABLE_USER:=true}
147 147 USER_NAME=${USER_NAME:="pi"}
148 148 ENABLE_ROOT=${ENABLE_ROOT:=false}
149 149 ENABLE_QEMU=${ENABLE_QEMU:=false}
150 150 ENABLE_SYSVINIT=${ENABLE_SYSVINIT:=false}
151 151
152 152 # SSH settings
153 153 SSH_ENABLE_ROOT=${SSH_ENABLE_ROOT:=false}
154 154 SSH_DISABLE_PASSWORD_AUTH=${SSH_DISABLE_PASSWORD_AUTH:=false}
155 155 SSH_LIMIT_USERS=${SSH_LIMIT_USERS:=false}
156 156 SSH_ROOT_PUB_KEY=${SSH_ROOT_PUB_KEY:=""}
157 157 SSH_USER_PUB_KEY=${SSH_USER_PUB_KEY:=""}
158 158
159 159 # Advanced settings
160 160 ENABLE_SYSTEMDSWAP=${ENABLE_SYSTEMDSWAP:=false}
161 161 ENABLE_MINBASE=${ENABLE_MINBASE:=false}
162 162 ENABLE_REDUCE=${ENABLE_REDUCE:=false}
163 163 ENABLE_UBOOT=${ENABLE_UBOOT:=false}
164 164 UBOOTSRC_DIR=${UBOOTSRC_DIR:=""}
165 165 ENABLE_USBBOOT=${ENABLE_USBBOOT=false}
166 166 ENABLE_FBTURBO=${ENABLE_FBTURBO:=false}
167 167 ENABLE_VIDEOCORE=${ENABLE_VIDEOCORE:=false}
168 168 ENABLE_NEXMON=${ENABLE_NEXMON:=false}
169 169 VIDEOCORESRC_DIR=${VIDEOCORESRC_DIR:=""}
170 170 FBTURBOSRC_DIR=${FBTURBOSRC_DIR:=""}
171 171 NEXMONSRC_DIR=${NEXMONSRC_DIR:=""}
172 172 ENABLE_HARDNET=${ENABLE_HARDNET:=false}
173 173 ENABLE_IPTABLES=${ENABLE_IPTABLES:=false}
174 174 ENABLE_SPLITFS=${ENABLE_SPLITFS:=false}
175 175 ENABLE_INITRAMFS=${ENABLE_INITRAMFS:=false}
176 176 ENABLE_IFNAMES=${ENABLE_IFNAMES:=true}
177 177 ENABLE_SPLASH=${ENABLE_SPLASH:=true}
178 178 ENABLE_LOGO=${ENABLE_LOGO:=true}
179 179 ENABLE_SILENT_BOOT=${ENABLE_SILENT_BOOT=false}
180 180 DISABLE_UNDERVOLT_WARNINGS=${DISABLE_UNDERVOLT_WARNINGS:=}
181 181
182 182 # Kernel compilation settings
183 183 BUILD_KERNEL=${BUILD_KERNEL:=true}
184 184 KERNEL_REDUCE=${KERNEL_REDUCE:=false}
185 185 KERNEL_THREADS=${KERNEL_THREADS:=1}
186 186 KERNEL_HEADERS=${KERNEL_HEADERS:=true}
187 187 KERNEL_MENUCONFIG=${KERNEL_MENUCONFIG:=false}
188 188 KERNEL_REMOVESRC=${KERNEL_REMOVESRC:=true}
189 189 KERNEL_OLDDEFCONFIG=${KERNEL_OLDDEFCONFIG:=false}
190 190 KERNEL_CCACHE=${KERNEL_CCACHE:=false}
191 191 KERNEL_ZSWAP=${KERNEL_ZSWAP:=false}
192 192 KERNEL_VIRT=${KERNEL_VIRT:=false}
193 193 KERNEL_BPF=${KERNEL_BPF:=false}
194 194 KERNEL_DEFAULT_GOV=${KERNEL_DEFAULT_GOV:=ondemand}
195 195 KERNEL_SECURITY=${KERNEL_SECURITY:=false}
196 196 KERNEL_NF=${KERNEL_NF:=false}
197 KERNEL_DHKEY=${KERNEL_DHKEY:=true}
198 KERNEL_BTRFS=${KERNEL_BTRFS:=false}
199 KERNEL_NSPAN=${KERNEL_NSPAN:=false}
200 KERNEL_POEHAT=${KERNEL_POEHAT:=false}
197 201
198 202 # Kernel compilation from source directory settings
199 203 KERNELSRC_DIR=${KERNELSRC_DIR:=""}
200 204 KERNELSRC_CLEAN=${KERNELSRC_CLEAN:=false}
201 205 KERNELSRC_CONFIG=${KERNELSRC_CONFIG:=true}
202 206 KERNELSRC_PREBUILT=${KERNELSRC_PREBUILT:=false}
203 207
204 208 # Reduce disk usage settings
205 209 REDUCE_APT=${REDUCE_APT:=true}
206 210 REDUCE_DOC=${REDUCE_DOC:=true}
207 211 REDUCE_MAN=${REDUCE_MAN:=true}
208 212 REDUCE_VIM=${REDUCE_VIM:=false}
209 213 REDUCE_BASH=${REDUCE_BASH:=false}
210 214 REDUCE_HWDB=${REDUCE_HWDB:=true}
211 215 REDUCE_SSHD=${REDUCE_SSHD:=true}
212 216 REDUCE_LOCALE=${REDUCE_LOCALE:=true}
213 217
214 218 # Encrypted filesystem settings
215 219 ENABLE_CRYPTFS=${ENABLE_CRYPTFS:=false}
216 220 CRYPTFS_PASSWORD=${CRYPTFS_PASSWORD:=""}
217 221 CRYPTFS_MAPPING=${CRYPTFS_MAPPING:="secure"}
218 222 CRYPTFS_CIPHER=${CRYPTFS_CIPHER:="aes-xts-plain64:sha512"}
219 223 CRYPTFS_XTSKEYSIZE=${CRYPTFS_XTSKEYSIZE:=512}
220 224 #Dropbear-initramfs supports unlocking encrypted filesystem via SSH on bootup
221 225 CRYPTFS_DROPBEAR=${CRYPTFS_DROPBEAR:=false}
222 226 #Provide your own Dropbear Public RSA-OpenSSH Key otherwise it will be generated
223 227 CRYPTFS_DROPBEAR_PUBKEY=${CRYPTFS_DROPBEAR_PUBKEY:=""}
224 228
225 229 # Chroot scripts directory
226 230 CHROOT_SCRIPTS=${CHROOT_SCRIPTS:=""}
227 231
228 232 # Packages required in the chroot build environment
229 233 APT_INCLUDES=${APT_INCLUDES:=""}
230 APT_INCLUDES="${APT_INCLUDES},libssl-dev,apt-transport-https,apt-utils,ca-certificates,debian-archive-keyring,dialog,sudo,systemd,sysvinit-utils,locales,keyboard-configuration,console-setup,libnss-systemd"
234 APT_INCLUDES="${APT_INCLUDES},flex,bison,libssl-dev,apt-transport-https,apt-utils,ca-certificates,debian-archive-keyring,dialog,sudo,systemd,sysvinit-utils,locales,keyboard-configuration,console-setup,libnss-systemd"
231 235
232 236 # Packages to exclude from chroot build environment
233 237 APT_EXCLUDES=${APT_EXCLUDES:=""}
234 238
235 239 # Packages required for bootstrapping
236 240 REQUIRED_PACKAGES="debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git bc psmisc dbus sudo"
237 241 MISSING_PACKAGES=""
238 242
239 243 # Packages installed for c/c++ build environment in chroot (keep empty)
240 244 COMPILER_PACKAGES=""
241 245
242 246 # Check if apt-cacher-ng has port 3142 open and set APT_PROXY
243 247 APT_CACHER_RUNNING=$(lsof -i :3142 | cut -d ' ' -f3 | uniq | sed '/^\s*$/d')
244 248 if [ "${APT_CACHER_RUNNING}" = "apt-cacher-ng" ] ; then
245 249 APT_PROXY=http://127.0.0.1:3142/
246 250 fi
247 251
248 252 # Setup architecture specific settings
249 253 if [ -n "$SET_ARCH" ] ; then
250 254 # 64-bit configuration
251 255 if [ "$SET_ARCH" = 64 ] ; then
252 256 # General 64-bit depended settings
253 257 QEMU_BINARY=${QEMU_BINARY:=/usr/bin/qemu-aarch64-static}
254 258 KERNEL_ARCH=${KERNEL_ARCH:=arm64}
255 259 KERNEL_BIN_IMAGE=${KERNEL_BIN_IMAGE:="Image"}
256 260
257 261 # Raspberry Pi model specific settings
258 262 if [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] || [ "$RPI_MODEL" = 4 ] ; then
259 263 if [ "$RPI_MODEL" != 4 ] ; then
260 264 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcmrpi3_defconfig}
261 265 else
262 266 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcm2711_defconfig}
263 267 fi
264 268
265 269 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-arm64"
266 270 RELEASE_ARCH=${RELEASE_ARCH:=arm64}
267 271 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel8.img}
268 272 CROSS_COMPILE=${CROSS_COMPILE:=aarch64-linux-gnu-}
269 273 else
270 274 echo "error: Only Raspberry PI 3, 3B+ and 4 support 64-bit"
271 275 exit 1
272 276 fi
273 277 fi
274 278
275 279 # 32-bit configuration
276 280 if [ "$SET_ARCH" = 32 ] ; then
277 281 # General 32-bit dependend settings
278 282 QEMU_BINARY=${QEMU_BINARY:=/usr/bin/qemu-arm-static}
279 283 KERNEL_ARCH=${KERNEL_ARCH:=arm}
280 284 KERNEL_BIN_IMAGE=${KERNEL_BIN_IMAGE:="zImage"}
281 285
282 286 # Raspberry Pi model specific settings
283 287 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 1 ] || [ "$RPI_MODEL" = 1P ] ; then
284 288 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-armel"
285 289 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcmrpi_defconfig}
286 290 RELEASE_ARCH=${RELEASE_ARCH:=armel}
287 291 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel.img}
288 292 CROSS_COMPILE=${CROSS_COMPILE:=arm-linux-gnueabi-}
289 293 fi
290 294
291 295 # Raspberry Pi model specific settings
292 296 if [ "$RPI_MODEL" = 2 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] || [ "$RPI_MODEL" = 4 ] ; then
293 297 if [ "$RPI_MODEL" != 4 ] ; then
294 298 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcm2709_defconfig}
299 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel7.img}
295 300 else
296 301 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcm2711_defconfig}
302 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel7l.img}
297 303 fi
298 304
299 305 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-armhf"
300 306 RELEASE_ARCH=${RELEASE_ARCH:=armhf}
301 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel7.img}
307
302 308 CROSS_COMPILE=${CROSS_COMPILE:=arm-linux-gnueabihf-}
303 309 fi
304 310 fi
305 311 # SET_ARCH not set
306 312 else
307 313 echo "error: Please set '32' or '64' as value for SET_ARCH"
308 314 exit 1
309 315 fi
310 316 # Device specific configuration and U-Boot configuration
311 317 case "$RPI_MODEL" in
312 318 0)
313 319 DTB_FILE=${DTB_FILE:=bcm2708-rpi-0-w.dtb}
314 320 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_defconfig}
315 321 ;;
316 322 1)
317 323 DTB_FILE=${DTB_FILE:=bcm2708-rpi-b.dtb}
318 324 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_defconfig}
319 325 ;;
320 326 1P)
321 327 DTB_FILE=${DTB_FILE:=bcm2708-rpi-b-plus.dtb}
322 328 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_defconfig}
323 329 ;;
324 330 2)
325 331 DTB_FILE=${DTB_FILE:=bcm2709-rpi-2-b.dtb}
326 332 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_2_defconfig}
327 333 ;;
328 334 3)
329 335 DTB_FILE=${DTB_FILE:=bcm2710-rpi-3-b.dtb}
330 336 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_3_defconfig}
331 337 ;;
332 338 3P)
333 339 DTB_FILE=${DTB_FILE:=bcm2710-rpi-3-b.dtb}
334 340 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_3_defconfig}
335 341 ;;
336 342 4)
337 343 DTB_FILE=${DTB_FILE:=bcm2711-rpi-4-b.dtb}
338 344 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_4_defconfig}
339 345 ;;
340 346 *)
341 347 echo "error: Raspberry Pi model $RPI_MODEL is not supported!"
342 348 exit 1
343 349 ;;
344 350 esac
345 351
346 352 # Raspberry PI 0,3,3P with Bluetooth and Wifi onboard
347 353 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] || [ "$RPI_MODEL" = 4 ] ; then
348 354 # Include bluetooth packages on supported boards
349 355 if [ "$ENABLE_BLUETOOTH" = true ] ; then
350 356 APT_INCLUDES="${APT_INCLUDES},bluetooth,bluez"
351 357 fi
352 358 if [ "$ENABLE_WIRELESS" = true ] ; then
353 359 APT_INCLUDES="${APT_INCLUDES},wireless-tools,crda,wireless-regdb"
354 360 fi
355 361 else # Raspberry PI 1,1P,2 without Wifi and bluetooth onboard
356 362 # Check if the internal wireless interface is not supported by the RPi model
357 363 if [ "$ENABLE_WIRELESS" = true ] || [ "$ENABLE_BLUETOOTH" = true ]; then
358 364 echo "error: The selected Raspberry Pi model has no integrated interface for wireless or bluetooth"
359 365 exit 1
360 366 fi
361 367 fi
362 368
363 369 if [ "$BUILD_KERNEL" = false ] && [ "$ENABLE_NEXMON" = true ]; then
364 370 echo "error: You have to compile kernel sources, if you want to enable nexmon"
365 371 exit 1
366 372 fi
367 373
368 374 # Prepare date string for default image file name
369 375 DATE="$(date +%Y-%m-%d)"
370 376 if [ -z "$KERNEL_BRANCH" ] ; then
371 377 IMAGE_NAME=${IMAGE_NAME:=${BASEDIR}/${DATE}-${KERNEL_ARCH}-CURRENT-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}}
372 378 else
373 379 IMAGE_NAME=${IMAGE_NAME:=${BASEDIR}/${DATE}-${KERNEL_ARCH}-${KERNEL_BRANCH}-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}}
374 380 fi
375 381
376 382 # Check if DISABLE_UNDERVOLT_WARNINGS parameter value is supported
377 383 if [ -n "$DISABLE_UNDERVOLT_WARNINGS" ] ; then
378 384 if [ "$DISABLE_UNDERVOLT_WARNINGS" != 1 ] && [ "$DISABLE_UNDERVOLT_WARNINGS" != 2 ] ; then
379 385 echo "error: DISABLE_UNDERVOLT_WARNINGS=${DISABLE_UNDERVOLT_WARNINGS} is not supported"
380 386 exit 1
381 387 fi
382 388 fi
383 389
384 390 # Add cmake to compile videocore sources
385 391 if [ "$ENABLE_VIDEOCORE" = true ] ; then
386 392 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} cmake"
387 393 fi
388 394
389 395 # Add deps for nexmon
390 396 if [ "$ENABLE_NEXMON" = true ] ; then
391 397 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} libgmp3-dev gawk qpdf bison flex make autoconf automake build-essential libtool"
392 398 fi
393 399
394 400 # Add libncurses5 to enable kernel menuconfig
395 401 if [ "$KERNEL_MENUCONFIG" = true ] ; then
396 402 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} libncurses-dev"
397 403 fi
398 404
399 405 # Add ccache compiler cache for (faster) kernel cross (re)compilation
400 406 if [ "$KERNEL_CCACHE" = true ] ; then
401 407 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} ccache"
402 408 fi
403 409
404 410 # Add cryptsetup package to enable filesystem encryption
405 411 if [ "$ENABLE_CRYPTFS" = true ] && [ "$BUILD_KERNEL" = true ] ; then
406 412 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} cryptsetup"
407 413 APT_INCLUDES="${APT_INCLUDES},cryptsetup,busybox,console-setup"
408 414
409 415 # If cryptfs,dropbear and initramfs are enabled include dropbear-initramfs package
410 416 if [ "$CRYPTFS_DROPBEAR" = true ] && [ "$ENABLE_INITRAMFS" = true ]; then
411 417 APT_INCLUDES="${APT_INCLUDES},dropbear-initramfs"
412 418 fi
413 419
414 420 if [ -z "$CRYPTFS_PASSWORD" ] ; then
415 421 echo "error: no password defined (CRYPTFS_PASSWORD)!"
416 422 exit 1
417 423 fi
418 424 ENABLE_INITRAMFS=true
419 425 fi
420 426
421 427 # Add initramfs generation tools
422 428 if [ "$ENABLE_INITRAMFS" = true ] && [ "$BUILD_KERNEL" = true ] ; then
423 429 APT_INCLUDES="${APT_INCLUDES},initramfs-tools"
424 430 fi
425 431
426 432 # Add device-tree-compiler required for building the U-Boot bootloader
427 433 if [ "$ENABLE_UBOOT" = true ] ; then
428 434 APT_INCLUDES="${APT_INCLUDES},device-tree-compiler,bison,flex,bc"
429 435 fi
430 436
431 437 if [ "$ENABLE_USBBOOT" = true ] ; then
432 438 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 1P ] || [ "$RPI_MODEL" = 1 ] || [ "$RPI_MODEL" = 2 ]; then
433 439 echo "error: Booting from USB alone is only supported by Raspberry Pi 3 and 3P"
434 440 exit 1
435 441 fi
436 442 fi
437 443
438 444 # Check if root SSH (v2) public key file exists
439 445 if [ -n "$SSH_ROOT_PUB_KEY" ] ; then
440 446 if [ ! -f "$SSH_ROOT_PUB_KEY" ] ; then
441 447 echo "error: '$SSH_ROOT_PUB_KEY' specified SSH public key file not found (SSH_ROOT_PUB_KEY)!"
442 448 exit 1
443 449 fi
444 450 fi
445 451
446 452 # Check if $USER_NAME SSH (v2) public key file exists
447 453 if [ -n "$SSH_USER_PUB_KEY" ] ; then
448 454 if [ ! -f "$SSH_USER_PUB_KEY" ] ; then
449 455 echo "error: '$SSH_USER_PUB_KEY' specified SSH public key file not found (SSH_USER_PUB_KEY)!"
450 456 exit 1
451 457 fi
452 458 fi
453 459
454 460 if [ "$ENABLE_NEXMON" = true ] && [ -n "$KERNEL_BRANCH" ] ; then
455 461 echo "error: Please unset KERNEL_BRANCH if using ENABLE_NEXMON"
456 462 exit 1
457 463 fi
458 464
459 465 # Check if all required packages are installed on the build system
460 466 for package in $REQUIRED_PACKAGES ; do
461 467 if [ "$(dpkg-query -W -f='${Status}' "$package")" != "install ok installed" ] ; then
462 468 MISSING_PACKAGES="${MISSING_PACKAGES} $package"
463 469 fi
464 470 done
465 471
466 472 # If there are missing packages ask confirmation for install, or exit
467 473 if [ -n "$MISSING_PACKAGES" ] ; then
468 474 echo "the following packages needed by this script are not installed:"
469 475 echo "$MISSING_PACKAGES"
470 476
471 477 printf "\ndo you want to install the missing packages right now? [y/n] "
472 478 read -r confirm
473 479 [ "$confirm" != "y" ] && exit 1
474 480
475 481 # Make sure all missing required packages are installed
476 482 apt-get update
477 483 apt-get -qq -y install `echo "${MISSING_PACKAGES}" | sed "s/ //"`
478 484 fi
479 485
480 486 # Check if ./bootstrap.d directory exists
481 487 if [ ! -d "./bootstrap.d/" ] ; then
482 488 echo "error: './bootstrap.d' required directory not found!"
483 489 exit 1
484 490 fi
485 491
486 492 # Check if ./files directory exists
487 493 if [ ! -d "./files/" ] ; then
488 494 echo "error: './files' required directory not found!"
489 495 exit 1
490 496 fi
491 497
492 498 # Check if specified KERNELSRC_DIR directory exists
493 499 if [ -n "$KERNELSRC_DIR" ] && [ ! -d "$KERNELSRC_DIR" ] ; then
494 500 echo "error: '${KERNELSRC_DIR}' specified directory not found (KERNELSRC_DIR)!"
495 501 exit 1
496 502 fi
497 503
498 504 # Check if specified UBOOTSRC_DIR directory exists
499 505 if [ -n "$UBOOTSRC_DIR" ] && [ ! -d "$UBOOTSRC_DIR" ] ; then
500 506 echo "error: '${UBOOTSRC_DIR}' specified directory not found (UBOOTSRC_DIR)!"
501 507 exit 1
502 508 fi
503 509
504 510 # Check if specified VIDEOCORESRC_DIR directory exists
505 511 if [ -n "$VIDEOCORESRC_DIR" ] && [ ! -d "$VIDEOCORESRC_DIR" ] ; then
506 512 echo "error: '${VIDEOCORESRC_DIR}' specified directory not found (VIDEOCORESRC_DIR)!"
507 513 exit 1
508 514 fi
509 515
510 516 # Check if specified FBTURBOSRC_DIR directory exists
511 517 if [ -n "$FBTURBOSRC_DIR" ] && [ ! -d "$FBTURBOSRC_DIR" ] ; then
512 518 echo "error: '${FBTURBOSRC_DIR}' specified directory not found (FBTURBOSRC_DIR)!"
513 519 exit 1
514 520 fi
515 521
516 522 # Check if specified NEXMONSRC_DIR directory exists
517 523 if [ -n "$NEXMONSRC_DIR" ] && [ ! -d "$NEXMONSRC_DIR" ] ; then
518 524 echo "error: '${NEXMONSRC_DIR}' specified directory not found (NEXMONSRC_DIR)!"
519 525 exit 1
520 526 fi
521 527
522 528 # Check if specified CHROOT_SCRIPTS directory exists
523 529 if [ -n "$CHROOT_SCRIPTS" ] && [ ! -d "$CHROOT_SCRIPTS" ] ; then
524 530 echo "error: ${CHROOT_SCRIPTS} specified directory not found (CHROOT_SCRIPTS)!"
525 531 exit 1
526 532 fi
527 533
528 534 # Check if specified device mapping already exists (will be used by cryptsetup)
529 535 if [ -r "/dev/mapping/${CRYPTFS_MAPPING}" ] ; then
530 536 echo "error: mapping /dev/mapping/${CRYPTFS_MAPPING} already exists, not proceeding"
531 537 exit 1
532 538 fi
533 539
534 540 # Don't clobber an old build
535 541 if [ -e "$BUILDDIR" ] ; then
536 542 echo "error: directory ${BUILDDIR} already exists, not proceeding"
537 543 exit 1
538 544 fi
539 545
540 546 # Setup chroot directory
541 547 mkdir -p "${R}"
542 548
543 549 # Check if build directory has enough of free disk space >512MB
544 550 if [ "$(df --output=avail "${BUILDDIR}" | sed "1d")" -le "524288" ] ; then
545 551 echo "error: ${BUILDDIR} not enough space left to generate the output image!"
546 552 exit 1
547 553 fi
548 554
549 555 set -x
550 556
551 557 # Call "cleanup" function on various signals and errors
552 558 trap cleanup 0 1 2 3 6
553 559
554 560 # Add required packages for the minbase installation
555 561 if [ "$ENABLE_MINBASE" = true ] ; then
556 562 APT_INCLUDES="${APT_INCLUDES},vim-tiny,netbase,net-tools,ifupdown"
557 563 fi
558 564
559 565 # Add parted package, required to get partprobe utility
560 566 if [ "$EXPANDROOT" = true ] ; then
561 567 APT_INCLUDES="${APT_INCLUDES},parted"
562 568 fi
563 569
564 570 # Add dphys-swapfile package, required to enable swap
565 571 if [ "$ENABLE_DPHYSSWAP" = true ] ; then
566 572 APT_INCLUDES="${APT_INCLUDES},dphys-swapfile"
567 573 fi
568 574
569 575 # Add dbus package, recommended if using systemd
570 576 if [ "$ENABLE_DBUS" = true ] ; then
571 577 APT_INCLUDES="${APT_INCLUDES},dbus"
572 578 fi
573 579
574 580 # Add iptables IPv4/IPv6 package
575 581 if [ "$ENABLE_IPTABLES" = true ] ; then
576 582 APT_INCLUDES="${APT_INCLUDES},iptables,iptables-persistent"
577 583 fi
578 584 # Add apparmor for KERNEL_SECURITY
579 585 if [ "$KERNEL_SECURITY" = true ] ; then
580 586 APT_INCLUDES="${APT_INCLUDES},apparmor,apparmor-utils,apparmor-profiles,apparmor-profiles-extra,libapparmor-perl"
581 587 fi
582 588
583 589 # Add openssh server package
584 590 if [ "$ENABLE_SSHD" = true ] ; then
585 591 APT_INCLUDES="${APT_INCLUDES},openssh-server"
586 592 fi
587 593
588 594 # Add alsa-utils package
589 595 if [ "$ENABLE_SOUND" = true ] ; then
590 596 APT_INCLUDES="${APT_INCLUDES},alsa-utils"
591 597 fi
592 598
593 599 # Add rng-tools package
594 600 if [ "$ENABLE_HWRANDOM" = true ] ; then
595 601 APT_INCLUDES="${APT_INCLUDES},rng-tools"
596 602 fi
597 603
598 604 # Add fbturbo video driver
599 605 if [ "$ENABLE_FBTURBO" = true ] ; then
600 606 # Enable xorg package dependencies
601 607 ENABLE_XORG=true
602 608 fi
603 609
604 610 # Add user defined window manager package
605 611 if [ -n "$ENABLE_WM" ] ; then
606 612 APT_INCLUDES="${APT_INCLUDES},${ENABLE_WM}"
607 613
608 614 # Enable xorg package dependencies
609 615 ENABLE_XORG=true
610 616 fi
611 617
612 618 # Add xorg package
613 619 if [ "$ENABLE_XORG" = true ] ; then
614 620 APT_INCLUDES="${APT_INCLUDES},xorg,dbus-x11"
615 621 fi
616 622
617 623 # Replace selected packages with smaller clones
618 624 if [ "$ENABLE_REDUCE" = true ] ; then
619 625 # Add levee package instead of vim-tiny
620 626 if [ "$REDUCE_VIM" = true ] ; then
621 627 APT_INCLUDES="$(echo ${APT_INCLUDES} | sed "s/vim-tiny/levee/")"
622 628 fi
623 629
624 630 # Add dropbear package instead of openssh-server
625 631 if [ "$REDUCE_SSHD" = true ] ; then
626 632 APT_INCLUDES="$(echo "${APT_INCLUDES}" | sed "s/openssh-server/dropbear/")"
627 633 fi
628 634 fi
629 635
630 636 # Configure systemd-sysv exclude to make halt/reboot/shutdown scripts available
631 637 if [ "$ENABLE_SYSVINIT" = false ] ; then
632 638 APT_EXCLUDES="--exclude=${APT_EXCLUDES},init,systemd-sysv"
633 639 fi
634 640
635 641 # Configure kernel sources if no KERNELSRC_DIR
636 642 if [ "$BUILD_KERNEL" = true ] && [ -z "$KERNELSRC_DIR" ] ; then
637 643 KERNELSRC_CONFIG=true
638 644 fi
639 645
640 646 # Configure reduced kernel
641 647 if [ "$KERNEL_REDUCE" = true ] ; then
642 648 KERNELSRC_CONFIG=false
643 649 fi
644 650
645 651 # Configure qemu compatible kernel
646 652 if [ "$ENABLE_QEMU" = true ] ; then
647 653 DTB_FILE=vexpress-v2p-ca15_a7.dtb
648 654 UBOOT_CONFIG=vexpress_ca15_tc2_defconfig
649 655 KERNEL_DEFCONFIG="vexpress_defconfig"
650 656 if [ "$KERNEL_MENUCONFIG" = false ] ; then
651 657 KERNEL_OLDDEFCONFIG=true
652 658 fi
653 659 fi
654 660
655 661 # Execute bootstrap scripts
656 662 for SCRIPT in bootstrap.d/*.sh; do
657 663 head -n 3 "$SCRIPT"
658 664 . "$SCRIPT"
659 665 done
660 666
661 667 ## Execute custom bootstrap scripts
662 668 if [ -d "custom.d" ] ; then
663 669 for SCRIPT in custom.d/*.sh; do
664 670 . "$SCRIPT"
665 671 done
666 672 fi
667 673
668 674 # Execute custom scripts inside the chroot
669 675 if [ -n "$CHROOT_SCRIPTS" ] && [ -d "$CHROOT_SCRIPTS" ] ; then
670 676 cp -r "${CHROOT_SCRIPTS}" "${R}/chroot_scripts"
671 677 chroot_exec /bin/bash -x <<'EOF'
672 678 for SCRIPT in /chroot_scripts/* ; do
673 679 if [ -f $SCRIPT -a -x $SCRIPT ] ; then
674 680 $SCRIPT
675 681 fi
676 682 done
677 683 EOF
678 684 rm -rf "${R}/chroot_scripts"
679 685 fi
680 686
681 687 # Remove c/c++ build environment from the chroot
682 688 chroot_remove_cc
683 689
684 690 # Generate required machine-id
685 691 MACHINE_ID=$(dbus-uuidgen)
686 692 echo -n "${MACHINE_ID}" > "${R}/var/lib/dbus/machine-id"
687 693 echo -n "${MACHINE_ID}" > "${ETC_DIR}/machine-id"
688 694
689 695 # APT Cleanup
690 696 chroot_exec apt-get -y clean
691 697 chroot_exec apt-get -y autoclean
692 698 chroot_exec apt-get -y autoremove
693 699
694 700 # Unmount mounted filesystems
695 701 umount -l "${R}/proc"
696 702 umount -l "${R}/sys"
697 703
698 704 # Clean up directories
699 705 rm -rf "${R}/run/*"
700 706 rm -rf "${R}/tmp/*"
701 707
702 708 # Clean up APT proxy settings
703 709 if [ "$KEEP_APT_PROXY" = false ] ; then
704 710 rm -f "${ETC_DIR}/apt/apt.conf.d/10proxy"
705 711 fi
706 712
707 713 # Clean up files
708 714 rm -f "${ETC_DIR}/ssh/ssh_host_*"
709 715 rm -f "${ETC_DIR}/dropbear/dropbear_*"
710 716 rm -f "${ETC_DIR}/apt/sources.list.save"
711 717 rm -f "${ETC_DIR}/resolvconf/resolv.conf.d/original"
712 718 rm -f "${ETC_DIR}/*-"
713 719 rm -f "${ETC_DIR}/resolv.conf"
714 720 rm -f "${R}/root/.bash_history"
715 721 rm -f "${R}/var/lib/urandom/random-seed"
716 722 rm -f "${R}/initrd.img"
717 723 rm -f "${R}/vmlinuz"
718 724 rm -f "${R}${QEMU_BINARY}"
719 725
720 726 if [ "$ENABLE_QEMU" = true ] ; then
721 727 # Setup QEMU directory
722 728 mkdir "${BASEDIR}/qemu"
723 729
724 730 # Copy kernel image to QEMU directory
725 731 install_readonly "${BOOT_DIR}/${KERNEL_IMAGE}" "${BASEDIR}/qemu/${KERNEL_IMAGE}"
726 732
727 733 # Copy kernel config to QEMU directory
728 734 install_readonly "${R}/boot/config-${KERNEL_VERSION}" "${BASEDIR}/qemu/config-${KERNEL_VERSION}"
729 735
730 736 # Copy kernel dtbs to QEMU directory
731 737 for dtb in "${BOOT_DIR}/"*.dtb ; do
732 738 if [ -f "${dtb}" ] ; then
733 739 install_readonly "${dtb}" "${BASEDIR}/qemu/"
734 740 fi
735 741 done
736 742
737 743 # Copy kernel overlays to QEMU directory
738 744 if [ -d "${BOOT_DIR}/overlays" ] ; then
739 745 # Setup overlays dtbs directory
740 746 mkdir "${BASEDIR}/qemu/overlays"
741 747
742 748 for dtb in "${BOOT_DIR}/overlays/"*.dtbo ; do
743 749 if [ -f "${dtb}" ] ; then
744 750 install_readonly "${dtb}" "${BASEDIR}/qemu/overlays/"
745 751 fi
746 752 done
747 753 fi
748 754
749 755 # Copy u-boot files to QEMU directory
750 756 if [ "$ENABLE_UBOOT" = true ] ; then
751 757 if [ -f "${BOOT_DIR}/u-boot.bin" ] ; then
752 758 install_readonly "${BOOT_DIR}/u-boot.bin" "${BASEDIR}/qemu/u-boot.bin"
753 759 fi
754 760 if [ -f "${BOOT_DIR}/uboot.mkimage" ] ; then
755 761 install_readonly "${BOOT_DIR}/uboot.mkimage" "${BASEDIR}/qemu/uboot.mkimage"
756 762 fi
757 763 if [ -f "${BOOT_DIR}/boot.scr" ] ; then
758 764 install_readonly "${BOOT_DIR}/boot.scr" "${BASEDIR}/qemu/boot.scr"
759 765 fi
760 766 fi
761 767
762 768 # Copy initramfs to QEMU directory
763 769 if [ -f "${BOOT_DIR}/initramfs-${KERNEL_VERSION}" ] ; then
764 770 install_readonly "${BOOT_DIR}/initramfs-${KERNEL_VERSION}" "${BASEDIR}/qemu/initramfs-${KERNEL_VERSION}"
765 771 fi
766 772 fi
767 773
768 774 # Calculate size of the chroot directory in KB
769 775 CHROOT_SIZE=$(expr "$(du -s "${R}" | awk '{ print $1 }')")
770 776
771 777 # Calculate the amount of needed 512 Byte sectors
772 778 TABLE_SECTORS=$(expr 1 \* 1024 \* 1024 \/ 512)
773 779 FRMW_SECTORS=$(expr 64 \* 1024 \* 1024 \/ 512)
774 780 ROOT_OFFSET=$(expr "${TABLE_SECTORS}" + "${FRMW_SECTORS}")
775 781
776 782 # The root partition is EXT4
777 783 # This means more space than the actual used space of the chroot is used.
778 784 # As overhead for journaling and reserved blocks 35% are added.
779 785 ROOT_SECTORS=$(expr "$(expr "${CHROOT_SIZE}" + "${CHROOT_SIZE}" \/ 100 \* 35)" \* 1024 \/ 512)
780 786
781 787 # Calculate required image size in 512 Byte sectors
782 788 IMAGE_SECTORS=$(expr "${TABLE_SECTORS}" + "${FRMW_SECTORS}" + "${ROOT_SECTORS}")
783 789
784 790 # Prepare image file
785 791 if [ "$ENABLE_SPLITFS" = true ] ; then
786 792 dd if=/dev/zero of="$IMAGE_NAME-frmw.img" bs=512 count="${TABLE_SECTORS}"
787 793 dd if=/dev/zero of="$IMAGE_NAME-frmw.img" bs=512 count=0 seek="${FRMW_SECTORS}"
788 794 dd if=/dev/zero of="$IMAGE_NAME-root.img" bs=512 count="${TABLE_SECTORS}"
789 795 dd if=/dev/zero of="$IMAGE_NAME-root.img" bs=512 count=0 seek="${ROOT_SECTORS}"
790 796
791 797 # Write firmware/boot partition tables
792 798 sfdisk -q -L -uS -f "$IMAGE_NAME-frmw.img" 2> /dev/null <<EOM
793 799 ${TABLE_SECTORS},${FRMW_SECTORS},c,*
794 800 EOM
795 801
796 802 # Write root partition table
797 803 sfdisk -q -L -uS -f "$IMAGE_NAME-root.img" 2> /dev/null <<EOM
798 804 ${TABLE_SECTORS},${ROOT_SECTORS},83
799 805 EOM
800 806
801 807 # Setup temporary loop devices
802 808 FRMW_LOOP="$(losetup -o 1M --sizelimit 64M -f --show "$IMAGE_NAME"-frmw.img)"
803 809 ROOT_LOOP="$(losetup -o 1M -f --show "$IMAGE_NAME"-root.img)"
804 810 else # ENABLE_SPLITFS=false
805 811 dd if=/dev/zero of="$IMAGE_NAME.img" bs=512 count="${TABLE_SECTORS}"
806 812 dd if=/dev/zero of="$IMAGE_NAME.img" bs=512 count=0 seek="${IMAGE_SECTORS}"
807 813
808 814 # Write partition table
809 815 sfdisk -q -L -uS -f "$IMAGE_NAME.img" 2> /dev/null <<EOM
810 816 ${TABLE_SECTORS},${FRMW_SECTORS},c,*
811 817 ${ROOT_OFFSET},${ROOT_SECTORS},83
812 818 EOM
813 819
814 820 # Setup temporary loop devices
815 821 FRMW_LOOP="$(losetup -o 1M --sizelimit 64M -f --show "$IMAGE_NAME".img)"
816 822 ROOT_LOOP="$(losetup -o 65M -f --show "$IMAGE_NAME".img)"
817 823 fi
818 824
819 825 if [ "$ENABLE_CRYPTFS" = true ] ; then
820 826 # Create dummy ext4 fs
821 827 mkfs.ext4 "$ROOT_LOOP"
822 828
823 829 # Setup password keyfile
824 830 touch .password
825 831 chmod 600 .password
826 832 echo -n ${CRYPTFS_PASSWORD} > .password
827 833
828 834 # Initialize encrypted partition
829 835 echo "YES" | cryptsetup luksFormat "${ROOT_LOOP}" -c "${CRYPTFS_CIPHER}" -s "${CRYPTFS_XTSKEYSIZE}" .password
830 836
831 837 # Open encrypted partition and setup mapping
832 838 cryptsetup luksOpen "${ROOT_LOOP}" -d .password "${CRYPTFS_MAPPING}"
833 839
834 840 # Secure delete password keyfile
835 841 shred -zu .password
836 842
837 843 # Update temporary loop device
838 844 ROOT_LOOP="/dev/mapper/${CRYPTFS_MAPPING}"
839 845
840 846 # Wipe encrypted partition (encryption cipher is used for randomness)
841 847 dd if=/dev/zero of="${ROOT_LOOP}" bs=512 count="$(blockdev --getsz "${ROOT_LOOP}")"
842 848 fi
843 849
844 850 # Build filesystems
845 851 mkfs.vfat "$FRMW_LOOP"
846 852 mkfs.ext4 "$ROOT_LOOP"
847 853
848 854 # Mount the temporary loop devices
849 855 mkdir -p "$BUILDDIR/mount"
850 856 mount "$ROOT_LOOP" "$BUILDDIR/mount"
851 857
852 858 mkdir -p "$BUILDDIR/mount/boot/firmware"
853 859 mount "$FRMW_LOOP" "$BUILDDIR/mount/boot/firmware"
854 860
855 861 # Copy all files from the chroot to the loop device mount point directory
856 862 rsync -a "${R}/" "$BUILDDIR/mount/"
857 863
858 864 # Unmount all temporary loop devices and mount points
859 865 cleanup
860 866
861 867 # Create block map file(s) of image(s)
862 868 if [ "$ENABLE_SPLITFS" = true ] ; then
863 869 # Create block map files for "bmaptool"
864 870 bmaptool create -o "$IMAGE_NAME-frmw.bmap" "$IMAGE_NAME-frmw.img"
865 871 bmaptool create -o "$IMAGE_NAME-root.bmap" "$IMAGE_NAME-root.img"
866 872
867 873 # Image was successfully created
868 874 echo "$IMAGE_NAME-frmw.img ($(expr \( "${TABLE_SECTORS}" + "${FRMW_SECTORS}" \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
869 875 echo "$IMAGE_NAME-root.img ($(expr \( "${TABLE_SECTORS}" + "${ROOT_SECTORS}" \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
870 876 else
871 877 # Create block map file for "bmaptool"
872 878 bmaptool create -o "$IMAGE_NAME.bmap" "$IMAGE_NAME.img"
873 879
874 880 # Image was successfully created
875 881 echo "$IMAGE_NAME.img ($(expr \( "${TABLE_SECTORS}" + "${FRMW_SECTORS}" + "${ROOT_SECTORS}" \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
876 882
877 883 # Create qemu qcow2 image
878 884 if [ "$ENABLE_QEMU" = true ] ; then
879 885 QEMU_IMAGE=${QEMU_IMAGE:=${BASEDIR}/qemu/${DATE}-${KERNEL_ARCH}-CURRENT-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}}
880 886 QEMU_SIZE=16G
881 887
882 888 qemu-img convert -f raw -O qcow2 "$IMAGE_NAME".img "$QEMU_IMAGE".qcow2
883 889 qemu-img resize "$QEMU_IMAGE".qcow2 $QEMU_SIZE
884 890
885 891 echo "$QEMU_IMAGE.qcow2 ($QEMU_SIZE)" ": successfully created"
886 892 fi
887 893 fi
General Comments 0
Vous devez vous connecter pour laisser un commentaire. Se connecter maintenant