##// END OF EJS Templates
RIP4, new kernel param, ...
Unknown -
r664:a9252ff50ac6
parent child
Show More
@@ -1,553 +1,565
1 # rpi23-gen-image
1 # rpi23-gen-image
2 ## Introduction
2 ## Introduction
3 `rpi23-gen-image.sh` is an advanced Debian Linux bootstrapping shell script for generating Debian OS images for all Raspberry Pi computers. The script at this time supports the bootstrapping of the Debian (armhf/armel) releases `stretch` and `buster`. Raspberry Pi 0/1/2/3 images are generated for 32-bit mode only. Raspberry Pi 3 supports 64-bit images that can be generated using custom configuration parameters (```templates/rpi3-stretch-arm64-4.14.y```).
3 `rpi23-gen-image.sh` is an advanced Debian Linux bootstrapping shell script for generating Debian OS images for all Raspberry Pi computers. The script at this time supports the bootstrapping of the Debian (armhf/armel) releases `stretch` and `buster`. Raspberry Pi 0/1/2/3 images are generated for 32-bit mode only. Raspberry Pi 3 supports 64-bit images that can be generated using custom configuration parameters (```templates/rpi3-stretch-arm64-4.14.y```).
4
4
5 ## Build dependencies
5 ## Build dependencies
6 The following list of Debian packages must be installed on the build system because they are essentially required for the bootstrapping process. The script will check if all required packages are installed and missing packages will be installed automatically if confirmed by the user.
6 The following list of Debian packages must be installed on the build system because they are essentially required for the bootstrapping process. The script will check if all required packages are installed and missing packages will be installed automatically if confirmed by the user.
7
7
8 ```debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git bc psmisc dbus sudo```
8 ```debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git bc psmisc dbus sudo```
9
9
10 It is recommended to configure the `rpi23-gen-image.sh` script to build and install the latest Raspberry Pi Linux kernel. For the Raspberry 3 this is mandatory. Kernel compilation and linking will be performed on the build system using an ARM (armhf/armel) cross-compiler toolchain.
10 It is recommended to configure the `rpi23-gen-image.sh` script to build and install the latest Raspberry Pi Linux kernel. For the Raspberry 3 this is mandatory. Kernel compilation and linking will be performed on the build system using an ARM (armhf/armel) cross-compiler toolchain.
11
11
12 The script has been tested using the default `crossbuild-essential-armhf` and `crossbuild-essential-armel` toolchain meta packages on Debian Linux `stretch` build systems. Please check the [Debian CrossToolchains Wiki](https://wiki.debian.org/CrossToolchains) for further information.
12 The script has been tested using the default `crossbuild-essential-armhf` and `crossbuild-essential-armel` toolchain meta packages on Debian Linux `stretch` build systems. Please check the [Debian CrossToolchains Wiki](https://wiki.debian.org/CrossToolchains) for further information.
13
13
14 ## Command-line parameters
14 ## Command-line parameters
15 The script accepts certain command-line parameters to enable or disable specific OS features, services and configuration settings. These parameters are passed to the `rpi23-gen-image.sh` script via (simple) shell-variables. Unlike environment shell-variables (simple) shell-variables are defined at the beginning of the command-line call of the `rpi23-gen-image.sh` script.
15 The script accepts certain command-line parameters to enable or disable specific OS features, services and configuration settings. These parameters are passed to the `rpi23-gen-image.sh` script via (simple) shell-variables. Unlike environment shell-variables (simple) shell-variables are defined at the beginning of the command-line call of the `rpi23-gen-image.sh` script.
16
16
17 ##### Command-line examples:
17 ##### Command-line examples:
18 ```shell
18 ```shell
19 ENABLE_UBOOT=true ./rpi23-gen-image.sh
19 ENABLE_UBOOT=true ./rpi23-gen-image.sh
20 ENABLE_CONSOLE=false ENABLE_IPV6=false ./rpi23-gen-image.sh
20 ENABLE_CONSOLE=false ENABLE_IPV6=false ./rpi23-gen-image.sh
21 ENABLE_WM=xfce4 ENABLE_FBTURBO=true ENABLE_MINBASE=true ./rpi23-gen-image.sh
21 ENABLE_WM=xfce4 ENABLE_FBTURBO=true ENABLE_MINBASE=true ./rpi23-gen-image.sh
22 ENABLE_HARDNET=true ENABLE_IPTABLES=true /rpi23-gen-image.sh
22 ENABLE_HARDNET=true ENABLE_IPTABLES=true /rpi23-gen-image.sh
23 APT_SERVER=ftp.de.debian.org APT_PROXY="http://127.0.0.1:3142/" ./rpi23-gen-image.sh
23 APT_SERVER=ftp.de.debian.org APT_PROXY="http://127.0.0.1:3142/" ./rpi23-gen-image.sh
24 ENABLE_MINBASE=true ./rpi23-gen-image.sh
24 ENABLE_MINBASE=true ./rpi23-gen-image.sh
25 BUILD_KERNEL=true ENABLE_MINBASE=true ENABLE_IPV6=false ./rpi23-gen-image.sh
25 BUILD_KERNEL=true ENABLE_MINBASE=true ENABLE_IPV6=false ./rpi23-gen-image.sh
26 BUILD_KERNEL=true KERNELSRC_DIR=/tmp/linux ./rpi23-gen-image.sh
26 BUILD_KERNEL=true KERNELSRC_DIR=/tmp/linux ./rpi23-gen-image.sh
27 ENABLE_MINBASE=true ENABLE_REDUCE=true ENABLE_MINGPU=true BUILD_KERNEL=true ./rpi23-gen-image.sh
27 ENABLE_MINBASE=true ENABLE_REDUCE=true ENABLE_MINGPU=true BUILD_KERNEL=true ./rpi23-gen-image.sh
28 ENABLE_CRYPTFS=true CRYPTFS_PASSWORD=changeme EXPANDROOT=false ENABLE_MINBASE=true ENABLE_REDUCE=true ENABLE_MINGPU=true BUILD_KERNEL=true ./rpi23-gen-image.sh
28 ENABLE_CRYPTFS=true CRYPTFS_PASSWORD=changeme EXPANDROOT=false ENABLE_MINBASE=true ENABLE_REDUCE=true ENABLE_MINGPU=true BUILD_KERNEL=true ./rpi23-gen-image.sh
29 RELEASE=stretch BUILD_KERNEL=true ./rpi23-gen-image.sh
29 RELEASE=stretch BUILD_KERNEL=true ./rpi23-gen-image.sh
30 RPI_MODEL=3 ENABLE_WIRELESS=true ENABLE_MINBASE=true BUILD_KERNEL=true ./rpi23-gen-image.sh
30 RPI_MODEL=3 ENABLE_WIRELESS=true ENABLE_MINBASE=true BUILD_KERNEL=true ./rpi23-gen-image.sh
31 RELEASE=stretch RPI_MODEL=3 ENABLE_WIRELESS=true ENABLE_MINBASE=true BUILD_KERNEL=true ./rpi23-gen-image.sh
31 RELEASE=stretch RPI_MODEL=3 ENABLE_WIRELESS=true ENABLE_MINBASE=true BUILD_KERNEL=true ./rpi23-gen-image.sh
32 ```
32 ```
33
33
34 ## Configuration template files
34 ## Configuration template files
35 To avoid long lists of command-line parameters and to help to store the favourite parameter configurations the `rpi23-gen-image.sh` script supports so called configuration template files (`CONFIG_TEMPLATE`=template). These are simple text files located in the `./templates` directory that contain the list of configuration parameters that will be used. New configuration template files can be added to the `./templates` directory.
35 To avoid long lists of command-line parameters and to help to store the favourite parameter configurations the `rpi23-gen-image.sh` script supports so called configuration template files (`CONFIG_TEMPLATE`=template). These are simple text files located in the `./templates` directory that contain the list of configuration parameters that will be used. New configuration template files can be added to the `./templates` directory.
36
36
37 ##### Command-line examples:
37 ##### Command-line examples:
38 ```shell
38 ```shell
39 CONFIG_TEMPLATE=rpi3stretch ./rpi23-gen-image.sh
39 CONFIG_TEMPLATE=rpi3stretch ./rpi23-gen-image.sh
40 CONFIG_TEMPLATE=rpi2stretch ./rpi23-gen-image.sh
40 CONFIG_TEMPLATE=rpi2stretch ./rpi23-gen-image.sh
41 ```
41 ```
42
42
43 ## Supported parameters and settings
43 ## Supported parameters and settings
44 #### APT settings:
44 #### APT settings:
45 ##### `APT_SERVER`="ftp.debian.org"
45 ##### `APT_SERVER`="ftp.debian.org"
46 Set Debian packages server address. Choose a server from the list of Debian worldwide [mirror sites](https://www.debian.org/mirror/list). Using a nearby server will probably speed-up all required downloads within the bootstrapping process.
46 Set Debian packages server address. Choose a server from the list of Debian worldwide [mirror sites](https://www.debian.org/mirror/list). Using a nearby server will probably speed-up all required downloads within the bootstrapping process.
47
47
48 ##### `APT_PROXY`=""
48 ##### `APT_PROXY`=""
49 Set Proxy server address. Using a local Proxy-Cache like `apt-cacher-ng` will speed-up the bootstrapping process because all required Debian packages will only be downloaded from the Debian mirror site once. If `apt-cacher-ng` is running on default `http://127.0.0.1:3142` it is autodetected and you don't need to set this.
49 Set Proxy server address. Using a local Proxy-Cache like `apt-cacher-ng` will speed-up the bootstrapping process because all required Debian packages will only be downloaded from the Debian mirror site once. If `apt-cacher-ng` is running on default `http://127.0.0.1:3142` it is autodetected and you don't need to set this.
50
50
51 ##### `KEEP_APT_PROXY`=false
51 ##### `KEEP_APT_PROXY`=false
52 Keep the APT_PROXY settings used in the bootsrapping process in the generated image.
52 Keep the APT_PROXY settings used in the bootsrapping process in the generated image.
53
53
54 ##### `APT_INCLUDES`=""
54 ##### `APT_INCLUDES`=""
55 A comma-separated list of additional packages to be installed by debootstrap during bootstrapping.
55 A comma-separated list of additional packages to be installed by debootstrap during bootstrapping.
56
56
57 ##### `APT_INCLUDES_LATE`=""
57 ##### `APT_INCLUDES_LATE`=""
58 A comma-separated list of additional packages to be installed by apt after bootstrapping and after APT sources are set up. This is useful for packages with pre-depends, which debootstrap do not handle well.
58 A comma-separated list of additional packages to be installed by apt after bootstrapping and after APT sources are set up. This is useful for packages with pre-depends, which debootstrap do not handle well.
59
59
60 ---
60 ---
61
61
62 #### General system settings:
62 #### General system settings:
63 ##### `SET_ARCH`=32
63 ##### `SET_ARCH`=32
64 Set Architecture to default 32bit. If you want to compile 64-bit (RPI3 or RPI3+) set it to `64`. This option will set every needed cross-compiler or board specific option for a successful build.
64 Set Architecture to default 32bit. If you want to compile 64-bit (RPI3 or RPI3+) set it to `64`. This option will set every needed cross-compiler or board specific option for a successful build.
65
65
66 ##### `RPI_MODEL`=2
66 ##### `RPI_MODEL`=2
67 Specify the target Raspberry Pi hardware model. The script at this time supports the following Raspberry Pi models:
67 Specify the target Raspberry Pi hardware model. The script at this time supports the following Raspberry Pi models:
68 - `0` = Raspberry Pi 0 and Raspberry Pi 0 W
68 - `0` = Raspberry Pi 0 and Raspberry Pi 0 W
69 - `1` = Raspberry Pi 1 model A and B
69 - `1` = Raspberry Pi 1 model A and B
70 - `1P` = Raspberry Pi 1 model B+ and A+
70 - `1P` = Raspberry Pi 1 model B+ and A+
71 - `2` = Raspberry Pi 2 model B
71 - `2` = Raspberry Pi 2 model B
72 - `3` = Raspberry Pi 3 model B
72 - `3` = Raspberry Pi 3 model B
73 - `3P` = Raspberry Pi 3 model B+
73 - `3P` = Raspberry Pi 3 model B+
74
74
75 ##### `RELEASE`="buster"
75 ##### `RELEASE`="buster"
76 Set the desired Debian release name. The script at this time supports the bootstrapping of the Debian releases `stretch` and `buster`.
76 Set the desired Debian release name. The script at this time supports the bootstrapping of the Debian releases `stretch` and `buster`.
77
77
78 ##### `RELEASE_ARCH`="armhf"
78 ##### `RELEASE_ARCH`="armhf"
79 Set the desired Debian release architecture.
79 Set the desired Debian release architecture.
80
80
81 ##### `HOSTNAME`="rpi$RPI_MODEL-$RELEASE"
81 ##### `HOSTNAME`="rpi$RPI_MODEL-$RELEASE"
82 Set system hostname. It's recommended that the hostname is unique in the corresponding subnet.
82 Set system hostname. It's recommended that the hostname is unique in the corresponding subnet.
83
83
84 ##### `PASSWORD`="raspberry"
84 ##### `PASSWORD`="raspberry"
85 Set system `root` password. It's **STRONGLY** recommended that you choose a custom password.
85 Set system `root` password. It's **STRONGLY** recommended that you choose a custom password.
86
86
87 ##### `USER_PASSWORD`="raspberry"
87 ##### `USER_PASSWORD`="raspberry"
88 Set password for the created non-root user `USER_NAME`=pi. Ignored if `ENABLE_USER`=false. It's **STRONGLY** recommended that you choose a custom password.
88 Set password for the created non-root user `USER_NAME`=pi. Ignored if `ENABLE_USER`=false. It's **STRONGLY** recommended that you choose a custom password.
89
89
90 ##### `DEFLOCAL`="en_US.UTF-8"
90 ##### `DEFLOCAL`="en_US.UTF-8"
91 Set default system locale. This setting can also be changed inside the running OS using the `dpkg-reconfigure locales` command. Please note that on using this parameter the script will automatically install the required packages `locales`, `keyboard-configuration` and `console-setup`.
91 Set default system locale. This setting can also be changed inside the running OS using the `dpkg-reconfigure locales` command. Please note that on using this parameter the script will automatically install the required packages `locales`, `keyboard-configuration` and `console-setup`.
92
92
93 ##### `TIMEZONE`="Europe/Berlin"
93 ##### `TIMEZONE`="Europe/Berlin"
94 Set default system timezone. All available timezones can be found in the `/usr/share/zoneinfo/` directory. This setting can also be changed inside the running OS using the `dpkg-reconfigure tzdata` command.
94 Set default system timezone. All available timezones can be found in the `/usr/share/zoneinfo/` directory. This setting can also be changed inside the running OS using the `dpkg-reconfigure tzdata` command.
95
95
96 ##### `EXPANDROOT`=true
96 ##### `EXPANDROOT`=true
97 Expand the root partition and filesystem automatically on first boot.
97 Expand the root partition and filesystem automatically on first boot.
98
98
99 ##### `ENABLE_DPHYSSWAP`=true
99 ##### `ENABLE_DPHYSSWAP`=true
100 Enable swap. The size of the swapfile is chosen relative to the size of the root partition. It'll use the `dphys-swapfile` package for that.
100 Enable swap. The size of the swapfile is chosen relative to the size of the root partition. It'll use the `dphys-swapfile` package for that.
101
101
102 ##### `ENABLE_QEMU`=false
102 ##### `ENABLE_QEMU`=false
103 Generate kernel (`vexpress_defconfig`), file system image (`qcow2`) and DTB files that can be used for QEMU full system emulation (`vexpress-A15`). The output files are stored in the `$(pwd)/images/qemu` directory. You can find more information about running the generated image in the QEMU section of this readme file.
103 Generate kernel (`vexpress_defconfig`), file system image (`qcow2`) and DTB files that can be used for QEMU full system emulation (`vexpress-A15`). The output files are stored in the `$(pwd)/images/qemu` directory. You can find more information about running the generated image in the QEMU section of this readme file.
104
104
105 ---
105 ---
106
106
107 #### Keyboard settings:
107 #### Keyboard settings:
108 These options are used to configure keyboard layout in `/etc/default/keyboard` for console and Xorg. These settings can also be changed inside the running OS using the `dpkg-reconfigure keyboard-configuration` command.
108 These options are used to configure keyboard layout in `/etc/default/keyboard` for console and Xorg. These settings can also be changed inside the running OS using the `dpkg-reconfigure keyboard-configuration` command.
109
109
110 ##### `XKB_MODEL`=""
110 ##### `XKB_MODEL`=""
111 Set the name of the model of your keyboard type.
111 Set the name of the model of your keyboard type.
112
112
113 ##### `XKB_LAYOUT`=""
113 ##### `XKB_LAYOUT`=""
114 Set the supported keyboard layout(s).
114 Set the supported keyboard layout(s).
115
115
116 ##### `XKB_VARIANT`=""
116 ##### `XKB_VARIANT`=""
117 Set the supported variant(s) of the keyboard layout(s).
117 Set the supported variant(s) of the keyboard layout(s).
118
118
119 ##### `XKB_OPTIONS`=""
119 ##### `XKB_OPTIONS`=""
120 Set extra xkb configuration options.
120 Set extra xkb configuration options.
121
121
122 ---
122 ---
123
123
124 #### Networking settings (DHCP):
124 #### Networking settings (DHCP):
125 This parameter is used to set up networking auto-configuration in `/etc/systemd/network/eth.network`. The default location of network configuration files in the Debian `stretch` release was changed to `/lib/systemd/network`.`
125 This parameter is used to set up networking auto-configuration in `/etc/systemd/network/eth.network`. The default location of network configuration files in the Debian `stretch` release was changed to `/lib/systemd/network`.`
126
126
127 ##### `ENABLE_DHCP`=true
127 ##### `ENABLE_DHCP`=true
128 Set the system to use DHCP. This requires an DHCP server.
128 Set the system to use DHCP. This requires an DHCP server.
129
129
130 ---
130 ---
131
131
132 #### Networking settings (static):
132 #### Networking settings (static):
133 These parameters are used to set up a static networking configuration in `/etc/systemd/network/eth.network`. The following static networking parameters are only supported if `ENABLE_DHCP` was set to `false`. The default location of network configuration files in the Debian `stretch` release was changed to `/lib/systemd/network`.
133 These parameters are used to set up a static networking configuration in `/etc/systemd/network/eth.network`. The following static networking parameters are only supported if `ENABLE_DHCP` was set to `false`. The default location of network configuration files in the Debian `stretch` release was changed to `/lib/systemd/network`.
134
134
135 ##### `NET_ADDRESS`=""
135 ##### `NET_ADDRESS`=""
136 Set a static IPv4 or IPv6 address and its prefix, separated by "/", eg. "192.169.0.3/24".
136 Set a static IPv4 or IPv6 address and its prefix, separated by "/", eg. "192.169.0.3/24".
137
137
138 ##### `NET_GATEWAY`=""
138 ##### `NET_GATEWAY`=""
139 Set the IP address for the default gateway.
139 Set the IP address for the default gateway.
140
140
141 ##### `NET_DNS_1`=""
141 ##### `NET_DNS_1`=""
142 Set the IP address for the first DNS server.
142 Set the IP address for the first DNS server.
143
143
144 ##### `NET_DNS_2`=""
144 ##### `NET_DNS_2`=""
145 Set the IP address for the second DNS server.
145 Set the IP address for the second DNS server.
146
146
147 ##### `NET_DNS_DOMAINS`=""
147 ##### `NET_DNS_DOMAINS`=""
148 Set the default DNS search domains to use for non fully qualified hostnames.
148 Set the default DNS search domains to use for non fully qualified hostnames.
149
149
150 ##### `NET_NTP_1`=""
150 ##### `NET_NTP_1`=""
151 Set the IP address for the first NTP server.
151 Set the IP address for the first NTP server.
152
152
153 ##### `NET_NTP_2`=""
153 ##### `NET_NTP_2`=""
154 Set the IP address for the second NTP server.
154 Set the IP address for the second NTP server.
155
155
156 ---
156 ---
157
157
158 #### Basic system features:
158 #### Basic system features:
159 ##### `ENABLE_CONSOLE`=true
159 ##### `ENABLE_CONSOLE`=true
160 Enable serial console interface. Recommended if no monitor or keyboard is connected to the RPi2/3. In case of problems fe. if the network (auto) configuration failed - the serial console can be used to access the system. On RPI `0` `3` `3P` the CPU speed is locked at lowest speed.
160 Enable serial console interface. Recommended if no monitor or keyboard is connected to the RPi2/3. In case of problems fe. if the network (auto) configuration failed - the serial console can be used to access the system. On RPI `0` `3` `3P` the CPU speed is locked at lowest speed.
161
161
162 ##### `ENABLE_PRINTK`=false
162 ##### `ENABLE_PRINTK`=false
163 Enables printing kernel messages to konsole. printk is `3 4 1 3` as in raspbian.
163 Enables printing kernel messages to konsole. printk is `3 4 1 3` as in raspbian.
164
164
165 ##### `ENABLE_BLUETOOTH`=false
165 ##### `ENABLE_BLUETOOTH`=false
166 Enable onboard Bluetooth interface on the RPi0/3/3P. See: [Configuring the GPIO serial port on Raspbian jessie and stretch](https://spellfoundry.com/2016/05/29/configuring-gpio-serial-port-raspbian-jessie-including-pi-3/).
166 Enable onboard Bluetooth interface on the RPi0/3/3P. See: [Configuring the GPIO serial port on Raspbian jessie and stretch](https://spellfoundry.com/2016/05/29/configuring-gpio-serial-port-raspbian-jessie-including-pi-3/).
167
167
168 ##### `ENABLE_MINIUART_OVERLAY`=false
168 ##### `ENABLE_MINIUART_OVERLAY`=false
169 Enable Bluetooth to use this. Adds overlay to swap UART0 with UART1. Enabling (slower) Bluetooth and full speed serial console. - RPI `0` `3` `3P` have a fast `hardware UART0` (ttyAMA0) and a `mini UART1` (ttyS0)! RPI `1` `1P` `2` only have a `hardware UART0`. `UART0` is considered better, because is faster and more stable than `mini UART1`. By default the Bluetooth modem is mapped to the `hardware UART0` and `mini UART` is used for console. The `mini UART` is a problem for the serial console, because its baudrate depends on the CPU frequency, which is changing on runtime. Resulting in a volatile baudrate and thus in an unusable serial console.
169 Enable Bluetooth to use this. Adds overlay to swap UART0 with UART1. Enabling (slower) Bluetooth and full speed serial console. - RPI `0` `3` `3P` have a fast `hardware UART0` (ttyAMA0) and a `mini UART1` (ttyS0)! RPI `1` `1P` `2` only have a `hardware UART0`. `UART0` is considered better, because is faster and more stable than `mini UART1`. By default the Bluetooth modem is mapped to the `hardware UART0` and `mini UART` is used for console. The `mini UART` is a problem for the serial console, because its baudrate depends on the CPU frequency, which is changing on runtime. Resulting in a volatile baudrate and thus in an unusable serial console.
170
170
171 ##### `ENABLE_TURBO`=false
171 ##### `ENABLE_TURBO`=false
172 Enable Turbo mode. This setting locks cpu at the highest frequency. As setting ENABLE_CONSOLE=true locks RPI to lowest CPU speed, this is can be used additionally to lock cpu hat max speed. Need a good power supply and probably cooling for the Raspberry PI.
172 Enable Turbo mode. This setting locks cpu at the highest frequency. As setting ENABLE_CONSOLE=true locks RPI to lowest CPU speed, this is can be used additionally to lock cpu hat max speed. Need a good power supply and probably cooling for the Raspberry PI.
173
173
174 ##### `ENABLE_I2C`=false
174 ##### `ENABLE_I2C`=false
175 Enable I2C interface on the RPi 0/1/2/3. Please check the [RPi 0/1/2/3 pinout diagrams](https://elinux.org/RPi_Low-level_peripherals) to connect the right GPIO pins.
175 Enable I2C interface on the RPi 0/1/2/3. Please check the [RPi 0/1/2/3 pinout diagrams](https://elinux.org/RPi_Low-level_peripherals) to connect the right GPIO pins.
176
176
177 ##### `ENABLE_SPI`=false
177 ##### `ENABLE_SPI`=false
178 Enable SPI interface on the RPi 0/1/2/3. Please check the [RPi 0/1/2/3 pinout diagrams](https://elinux.org/RPi_Low-level_peripherals) to connect the right GPIO pins.
178 Enable SPI interface on the RPi 0/1/2/3. Please check the [RPi 0/1/2/3 pinout diagrams](https://elinux.org/RPi_Low-level_peripherals) to connect the right GPIO pins.
179
179
180 ##### `ENABLE_IPV6`=true
180 ##### `ENABLE_IPV6`=true
181 Enable IPv6 support. The network interface configuration is managed via systemd-networkd.
181 Enable IPv6 support. The network interface configuration is managed via systemd-networkd.
182
182
183 ##### `ENABLE_SSHD`=true
183 ##### `ENABLE_SSHD`=true
184 Install and enable OpenSSH service. The default configuration of the service doesn't allow `root` to login. Please use the user `pi` instead and `su -` or `sudo` to execute commands as root.
184 Install and enable OpenSSH service. The default configuration of the service doesn't allow `root` to login. Please use the user `pi` instead and `su -` or `sudo` to execute commands as root.
185
185
186 ##### `ENABLE_NONFREE`=false
186 ##### `ENABLE_NONFREE`=false
187 Allow the installation of non-free Debian packages that do not comply with the DFSG. This is required to install closed-source firmware binary blobs.
187 Allow the installation of non-free Debian packages that do not comply with the DFSG. This is required to install closed-source firmware binary blobs.
188
188
189 ##### `ENABLE_WIRELESS`=false
189 ##### `ENABLE_WIRELESS`=false
190 Download and install the [closed-source firmware binary blob](https://github.com/RPi-Distro/firmware-nonfree/raw/master/brcm) that is required to run the internal wireless interface of the Raspberry Pi model `3`. This parameter is ignored if the specified `RPI_MODEL` is not `3`.
190 Download and install the [closed-source firmware binary blob](https://github.com/RPi-Distro/firmware-nonfree/raw/master/brcm) that is required to run the internal wireless interface of the Raspberry Pi model `3`. This parameter is ignored if the specified `RPI_MODEL` is not `3`.
191
191
192 ##### `ENABLE_RSYSLOG`=true
192 ##### `ENABLE_RSYSLOG`=true
193 If set to false, disable and uninstall rsyslog (so logs will be available only in journal files)
193 If set to false, disable and uninstall rsyslog (so logs will be available only in journal files)
194
194
195 ##### `ENABLE_SOUND`=true
195 ##### `ENABLE_SOUND`=true
196 Enable sound hardware and install Advanced Linux Sound Architecture.
196 Enable sound hardware and install Advanced Linux Sound Architecture.
197
197
198 ##### `ENABLE_HWRANDOM`=true
198 ##### `ENABLE_HWRANDOM`=true
199 Enable Hardware Random Number Generator. Strong random numbers are important for most network-based communications that use encryption. It's recommended to be enabled.
199 Enable Hardware Random Number Generator. Strong random numbers are important for most network-based communications that use encryption. It's recommended to be enabled.
200
200
201 ##### `ENABLE_MINGPU`=false
201 ##### `ENABLE_MINGPU`=false
202 Minimize the amount of shared memory reserved for the GPU. It doesn't seem to be possible to fully disable the GPU.
202 Minimize the amount of shared memory reserved for the GPU. It doesn't seem to be possible to fully disable the GPU.
203
203
204 ##### `ENABLE_DBUS`=true
204 ##### `ENABLE_DBUS`=true
205 Install and enable D-Bus message bus. Please note that systemd should work without D-bus but it's recommended to be enabled.
205 Install and enable D-Bus message bus. Please note that systemd should work without D-bus but it's recommended to be enabled.
206
206
207 ##### `ENABLE_XORG`=false
207 ##### `ENABLE_XORG`=false
208 Install Xorg open-source X Window System.
208 Install Xorg open-source X Window System.
209
209
210 ##### `ENABLE_WM`=""
210 ##### `ENABLE_WM`=""
211 Install a user-defined window manager for the X Window System. To make sure all X related package dependencies are getting installed `ENABLE_XORG` will automatically get enabled if `ENABLE_WM` is used. The `rpi23-gen-image.sh` script has been tested with the following list of window managers: `blackbox`, `openbox`, `fluxbox`, `jwm`, `dwm`, `xfce4`, `awesome`.
211 Install a user-defined window manager for the X Window System. To make sure all X related package dependencies are getting installed `ENABLE_XORG` will automatically get enabled if `ENABLE_WM` is used. The `rpi23-gen-image.sh` script has been tested with the following list of window managers: `blackbox`, `openbox`, `fluxbox`, `jwm`, `dwm`, `xfce4`, `awesome`.
212
212
213 ##### `ENABLE_SYSVINIT`=false
213 ##### `ENABLE_SYSVINIT`=false
214 Support for halt,init,poweroff,reboot,runlevel,shutdown,telinit commands
214 Support for halt,init,poweroff,reboot,runlevel,shutdown,telinit commands
215
215
216 ---
216 ---
217
217
218 #### Advanced system features:
218 #### Advanced system features:
219 ##### `ENABLE_KEYGEN`=false
219 ##### `ENABLE_KEYGEN`=false
220 Recover your lost codec license
220 Recover your lost codec license
221 ##### `ENABLE_SYSTEMDSWAP`=false
221 ##### `ENABLE_SYSTEMDSWAP`=false
222 Enables [Systemd-swap service](https://github.com/Nefelim4ag/systemd-swap). Usefull if `KERNEL_ZSWAP` is enabled.
222 Enables [Systemd-swap service](https://github.com/Nefelim4ag/systemd-swap). Usefull if `KERNEL_ZSWAP` is enabled.
223
223
224 ##### `ENABLE_MINBASE`=false
224 ##### `ENABLE_MINBASE`=false
225 Use debootstrap script variant `minbase` which only includes essential packages and apt. This will reduce the disk usage by about 65 MB.
225 Use debootstrap script variant `minbase` which only includes essential packages and apt. This will reduce the disk usage by about 65 MB.
226
226
227 ##### `ENABLE_REDUCE`=false
227 ##### `ENABLE_REDUCE`=false
228 Reduce the disk space usage by deleting packages and files. See `REDUCE_*` parameters for detailed information.
228 Reduce the disk space usage by deleting packages and files. See `REDUCE_*` parameters for detailed information.
229
229
230 ##### `ENABLE_UBOOT`=false
230 ##### `ENABLE_UBOOT`=false
231 Replace the default RPi 0/1/2/3 second stage bootloader (bootcode.bin) with [U-Boot bootloader](https://git.denx.de/?p=u-boot.git;a=summary). U-Boot can boot images via the network using the BOOTP/TFTP protocol.
231 Replace the default RPi 0/1/2/3 second stage bootloader (bootcode.bin) with [U-Boot bootloader](https://git.denx.de/?p=u-boot.git;a=summary). U-Boot can boot images via the network using the BOOTP/TFTP protocol.
232
232
233 ##### `UBOOTSRC_DIR`=""
233 ##### `UBOOTSRC_DIR`=""
234 Path to a directory (`u-boot`) of [U-Boot bootloader sources](https://git.denx.de/?p=u-boot.git;a=summary) that will be copied, configured, build and installed inside the chroot.
234 Path to a directory (`u-boot`) of [U-Boot bootloader sources](https://git.denx.de/?p=u-boot.git;a=summary) that will be copied, configured, build and installed inside the chroot.
235
235
236 ##### `ENABLE_FBTURBO`=false
236 ##### `ENABLE_FBTURBO`=false
237 Install and enable the [hardware accelerated Xorg video driver](https://github.com/ssvb/xf86-video-fbturbo) `fbturbo`. Please note that this driver is currently limited to hardware accelerated window moving and scrolling.
237 Install and enable the [hardware accelerated Xorg video driver](https://github.com/ssvb/xf86-video-fbturbo) `fbturbo`. Please note that this driver is currently limited to hardware accelerated window moving and scrolling.
238
238
239 ##### `FBTURBOSRC_DIR`=""
239 ##### `FBTURBOSRC_DIR`=""
240 Path to a directory (`xf86-video-fbturbo`) of [hardware accelerated Xorg video driver sources](https://github.com/ssvb/xf86-video-fbturbo) that will be copied, configured, build and installed inside the chroot.
240 Path to a directory (`xf86-video-fbturbo`) of [hardware accelerated Xorg video driver sources](https://github.com/ssvb/xf86-video-fbturbo) that will be copied, configured, build and installed inside the chroot.
241
241
242 ##### `ENABLE_VIDEOCORE`=false
242 ##### `ENABLE_VIDEOCORE`=false
243 Install and enable the [ARM side libraries for interfacing to Raspberry Pi GPU](https://github.com/raspberrypi/userland) `vcgencmd`. Please note that this driver is currently limited to hardware accelerated window moving and scrolling.
243 Install and enable the [ARM side libraries for interfacing to Raspberry Pi GPU](https://github.com/raspberrypi/userland) `vcgencmd`. Please note that this driver is currently limited to hardware accelerated window moving and scrolling.
244
244
245 ##### `VIDEOCORESRC_DIR`=""
245 ##### `VIDEOCORESRC_DIR`=""
246 Path to a directory (`userland`) of [ARM side libraries for interfacing to Raspberry Pi GPU](https://github.com/raspberrypi/userland) that will be copied, configured, build and installed inside the chroot.
246 Path to a directory (`userland`) of [ARM side libraries for interfacing to Raspberry Pi GPU](https://github.com/raspberrypi/userland) that will be copied, configured, build and installed inside the chroot.
247
247
248 ##### `ENABLE_NEXMON`=false
248 ##### `ENABLE_NEXMON`=false
249 Install and enable the [Source code for a C-based firmware patching framework for Broadcom/Cypress WiFi chips that enables you to write your own firmware patches, for example, to enable monitor mode with radiotap headers and frame injection](https://github.com/seemoo-lab/nexmon.git).
249 Install and enable the [Source code for a C-based firmware patching framework for Broadcom/Cypress WiFi chips that enables you to write your own firmware patches, for example, to enable monitor mode with radiotap headers and frame injection](https://github.com/seemoo-lab/nexmon.git).
250
250
251 ##### `NEXMONSRC_DIR`=""
251 ##### `NEXMONSRC_DIR`=""
252 Path to a directory (`nexmon`) of [Source code for ARM side libraries for interfacing to Raspberry Pi GPU](https://github.com/raspberrypi/userland) that will be copied, configured, build and installed inside the chroot.
252 Path to a directory (`nexmon`) of [Source code for ARM side libraries for interfacing to Raspberry Pi GPU](https://github.com/raspberrypi/userland) that will be copied, configured, build and installed inside the chroot.
253
253
254 ##### `ENABLE_IPTABLES`=false
254 ##### `ENABLE_IPTABLES`=false
255 Enable iptables IPv4/IPv6 firewall. Simplified ruleset: Allow all outgoing connections. Block all incoming connections except to OpenSSH service.
255 Enable iptables IPv4/IPv6 firewall. Simplified ruleset: Allow all outgoing connections. Block all incoming connections except to OpenSSH service.
256
256
257 ##### `ENABLE_USER`=true
257 ##### `ENABLE_USER`=true
258 Create non-root user with password `USER_PASSWORD`=raspberry. Unless overridden with `USER_NAME`=user, the username will be `pi`.
258 Create non-root user with password `USER_PASSWORD`=raspberry. Unless overridden with `USER_NAME`=user, the username will be `pi`.
259
259
260 ##### `USER_NAME`=pi
260 ##### `USER_NAME`=pi
261 Non-root user to create. Ignored if `ENABLE_USER`=false
261 Non-root user to create. Ignored if `ENABLE_USER`=false
262
262
263 ##### `ENABLE_ROOT`=false
263 ##### `ENABLE_ROOT`=false
264 Set root user password so root login will be enabled
264 Set root user password so root login will be enabled
265
265
266 ##### `ENABLE_HARDNET`=false
266 ##### `ENABLE_HARDNET`=false
267 Enable IPv4/IPv6 network stack hardening settings.
267 Enable IPv4/IPv6 network stack hardening settings.
268
268
269 ##### `ENABLE_SPLITFS`=false
269 ##### `ENABLE_SPLITFS`=false
270 Enable having root partition on an USB drive by creating two image files: one for the `/boot/firmware` mount point, and another for `/`.
270 Enable having root partition on an USB drive by creating two image files: one for the `/boot/firmware` mount point, and another for `/`.
271
271
272 ##### `CHROOT_SCRIPTS`=""
272 ##### `CHROOT_SCRIPTS`=""
273 Path to a directory with scripts that should be run in the chroot before the image is finally built. Every executable file in this directory is run in lexicographical order.
273 Path to a directory with scripts that should be run in the chroot before the image is finally built. Every executable file in this directory is run in lexicographical order.
274
274
275 ##### `ENABLE_INITRAMFS`=false
275 ##### `ENABLE_INITRAMFS`=false
276 Create an initramfs that that will be loaded during the Linux startup process. `ENABLE_INITRAMFS` will automatically get enabled if `ENABLE_CRYPTFS`=true. This parameter will be ignored if `BUILD_KERNEL`=false.
276 Create an initramfs that that will be loaded during the Linux startup process. `ENABLE_INITRAMFS` will automatically get enabled if `ENABLE_CRYPTFS`=true. This parameter will be ignored if `BUILD_KERNEL`=false.
277
277
278 ##### `ENABLE_IFNAMES`=true
278 ##### `ENABLE_IFNAMES`=true
279 Enable automatic assignment of predictable, stable network interface names for all local Ethernet, WLAN interfaces. This might create complex and long interface names.
279 Enable automatic assignment of predictable, stable network interface names for all local Ethernet, WLAN interfaces. This might create complex and long interface names.
280
280
281 ##### `ENABLE_SPLASH`=true
281 ##### `ENABLE_SPLASH`=true
282 Enable default Raspberry Pi boot up rainbow splash screen.
282 Enable default Raspberry Pi boot up rainbow splash screen.
283
283
284 ##### `ENABLE_LOGO`=true
284 ##### `ENABLE_LOGO`=true
285 Enable default Raspberry Pi console logo (image of four raspberries in the top left corner).
285 Enable default Raspberry Pi console logo (image of four raspberries in the top left corner).
286
286
287 ##### `ENABLE_SILENT_BOOT`=false
287 ##### `ENABLE_SILENT_BOOT`=false
288 Set the verbosity of console messages shown during boot up to a strict minimum.
288 Set the verbosity of console messages shown during boot up to a strict minimum.
289
289
290 ##### `DISABLE_UNDERVOLT_WARNINGS`=
290 ##### `DISABLE_UNDERVOLT_WARNINGS`=
291 Disable RPi2/3 under-voltage warnings and overlays. Setting the parameter to `1` will disable the warning overlay. Setting it to `2` will additionally allow RPi2/3 turbo mode when low-voltage is present.
291 Disable RPi2/3 under-voltage warnings and overlays. Setting the parameter to `1` will disable the warning overlay. Setting it to `2` will additionally allow RPi2/3 turbo mode when low-voltage is present.
292
292
293 ---
293 ---
294
294
295 #### SSH settings:
295 #### SSH settings:
296 ##### `SSH_ENABLE_ROOT`=false
296 ##### `SSH_ENABLE_ROOT`=false
297 Enable password-based root login via SSH. This may be a security risk with the default password set, use only in trusted environments. `ENABLE_ROOT` must be set to `true`.
297 Enable password-based root login via SSH. This may be a security risk with the default password set, use only in trusted environments. `ENABLE_ROOT` must be set to `true`.
298
298
299 ##### `SSH_DISABLE_PASSWORD_AUTH`=false
299 ##### `SSH_DISABLE_PASSWORD_AUTH`=false
300 Disable password-based SSH authentication. Only public key based SSH (v2) authentication will be supported.
300 Disable password-based SSH authentication. Only public key based SSH (v2) authentication will be supported.
301
301
302 ##### `SSH_LIMIT_USERS`=false
302 ##### `SSH_LIMIT_USERS`=false
303 Limit the users that are allowed to login via SSH. Only allow user `USER_NAME`=pi and root if `SSH_ENABLE_ROOT`=true to login. This parameter will be ignored if `dropbear` SSH is used (`REDUCE_SSHD`=true).
303 Limit the users that are allowed to login via SSH. Only allow user `USER_NAME`=pi and root if `SSH_ENABLE_ROOT`=true to login. This parameter will be ignored if `dropbear` SSH is used (`REDUCE_SSHD`=true).
304
304
305 ##### `SSH_ROOT_PUB_KEY`=""
305 ##### `SSH_ROOT_PUB_KEY`=""
306 Add SSH (v2) public key(s) from specified file to `authorized_keys` file to enable public key based SSH (v2) authentication of user `root`. The specified file can also contain multiple SSH (v2) public keys. SSH protocol version 1 is not supported. `ENABLE_ROOT` **and** `SSH_ENABLE_ROOT` must be set to `true`.
306 Add SSH (v2) public key(s) from specified file to `authorized_keys` file to enable public key based SSH (v2) authentication of user `root`. The specified file can also contain multiple SSH (v2) public keys. SSH protocol version 1 is not supported. `ENABLE_ROOT` **and** `SSH_ENABLE_ROOT` must be set to `true`.
307
307
308 ##### `SSH_USER_PUB_KEY`=""
308 ##### `SSH_USER_PUB_KEY`=""
309 Add SSH (v2) public key(s) from specified file to `authorized_keys` file to enable public key based SSH (v2) authentication of user `USER_NAME`=pi. The specified file can also contain multiple SSH (v2) public keys. SSH protocol version 1 is not supported.
309 Add SSH (v2) public key(s) from specified file to `authorized_keys` file to enable public key based SSH (v2) authentication of user `USER_NAME`=pi. The specified file can also contain multiple SSH (v2) public keys. SSH protocol version 1 is not supported.
310
310
311 ---
311 ---
312
312
313 #### Kernel compilation:
313 #### Kernel compilation:
314 ##### `BUILD_KERNEL`=true
314 ##### `BUILD_KERNEL`=true
315 Build and install the latest RPi 0/1/2/3 Linux kernel. Currently only the default RPi 0/1/2/3 kernel configuration is used.
315 Build and install the latest RPi 0/1/2/3 Linux kernel. Currently only the default RPi 0/1/2/3 kernel configuration is used.
316
316
317 ##### `CROSS_COMPILE`="arm-linux-gnueabihf-"
317 ##### `CROSS_COMPILE`="arm-linux-gnueabihf-"
318 This sets the cross-compile environment for the compiler.
318 This sets the cross-compile environment for the compiler.
319
319
320 ##### `KERNEL_BTRFS`="false"
321 enable btrfs kernel support
322
323 ##### `KERNEL_POEHAT`="false"
324 enable Enable RPI POE HAT fan kernel support
325
326 ##### `KERNEL_NSPAWN`="false"
327 Enable per-interface network priority control - for systemd-nspawn
328
329 ##### `KERNEL_DHKEY`="true"
330 Diffie-Hellman operations on retained keys - required for >keyutils-1.6
331
320 ##### `KERNEL_ARCH`="arm"
332 ##### `KERNEL_ARCH`="arm"
321 This sets the kernel architecture for the compiler.
333 This sets the kernel architecture for the compiler.
322
334
323 ##### `KERNEL_IMAGE`="kernel7.img"
335 ##### `KERNEL_IMAGE`="kernel7.img"
324 Name of the image file in the boot partition. If not set, `KERNEL_IMAGE` will be set to "kernel8.img" automatically if building for arm64.
336 Name of the image file in the boot partition. If not set, `KERNEL_IMAGE` will be set to "kernel8.img" automatically if building for arm64.
325
337
326 ##### `KERNEL_BRANCH`=""
338 ##### `KERNEL_BRANCH`=""
327 Name of the requested branch from the GIT location for the RPi Kernel. Default is using the current default branch from the GIT site.
339 Name of the requested branch from the GIT location for the RPi Kernel. Default is using the current default branch from the GIT site.
328
340
329 ##### `QEMU_BINARY`="/usr/bin/qemu-arm-static"
341 ##### `QEMU_BINARY`="/usr/bin/qemu-arm-static"
330 Sets the QEMU enviornment for the Debian archive. If not set, `QEMU_BINARY` will be set to "/usr/bin/qemu-aarch64-static" automatically if building for arm64.
342 Sets the QEMU enviornment for the Debian archive. If not set, `QEMU_BINARY` will be set to "/usr/bin/qemu-aarch64-static" automatically if building for arm64.
331
343
332 ##### `KERNEL_DEFCONFIG`="bcm2709_defconfig"
344 ##### `KERNEL_DEFCONFIG`="bcm2709_defconfig"
333 Sets the default config for kernel compiling. If not set, `KERNEL_DEFCONFIG` will be set to "bcmrpi3\_defconfig" automatically if building for arm64.
345 Sets the default config for kernel compiling. If not set, `KERNEL_DEFCONFIG` will be set to "bcmrpi3\_defconfig" automatically if building for arm64.
334
346
335 ##### `KERNEL_REDUCE`=false
347 ##### `KERNEL_REDUCE`=false
336 Reduce the size of the generated kernel by removing unwanted devices, network and filesystem drivers (experimental).
348 Reduce the size of the generated kernel by removing unwanted devices, network and filesystem drivers (experimental).
337
349
338 ##### `KERNEL_THREADS`=1
350 ##### `KERNEL_THREADS`=1
339 Number of parallel kernel building threads. If the parameter is left untouched the script will automatically determine the number of CPU cores to set the number of parallel threads to speed the kernel compilation.
351 Number of parallel kernel building threads. If the parameter is left untouched the script will automatically determine the number of CPU cores to set the number of parallel threads to speed the kernel compilation.
340
352
341 ##### `KERNEL_HEADERS`=true
353 ##### `KERNEL_HEADERS`=true
342 Install kernel headers with the built kernel.
354 Install kernel headers with the built kernel.
343
355
344 ##### `KERNEL_MENUCONFIG`=false
356 ##### `KERNEL_MENUCONFIG`=false
345 Start `make menuconfig` interactive menu-driven kernel configuration. The script will continue after `make menuconfig` was terminated.
357 Start `make menuconfig` interactive menu-driven kernel configuration. The script will continue after `make menuconfig` was terminated.
346
358
347 ##### `KERNEL_OLDDEFCONFIG`=false
359 ##### `KERNEL_OLDDEFCONFIG`=false
348 Run `make olddefconfig` to automatically set all new kernel configuration options to their recommended default values.
360 Run `make olddefconfig` to automatically set all new kernel configuration options to their recommended default values.
349
361
350 ##### `KERNEL_CCACHE`=false
362 ##### `KERNEL_CCACHE`=false
351 Compile the kernel using ccache. This speeds up kernel recompilation by caching previous compilations and detecting when the same compilation is being done again.
363 Compile the kernel using ccache. This speeds up kernel recompilation by caching previous compilations and detecting when the same compilation is being done again.
352
364
353 ##### `KERNEL_REMOVESRC`=true
365 ##### `KERNEL_REMOVESRC`=true
354 Remove all kernel sources from the generated OS image after it was built and installed.
366 Remove all kernel sources from the generated OS image after it was built and installed.
355
367
356 ##### `KERNELSRC_DIR`=""
368 ##### `KERNELSRC_DIR`=""
357 Path to a directory (`linux`) of [RaspberryPi Linux kernel sources](https://github.com/raspberrypi/linux) that will be copied, configured, build and installed inside the chroot.
369 Path to a directory (`linux`) of [RaspberryPi Linux kernel sources](https://github.com/raspberrypi/linux) that will be copied, configured, build and installed inside the chroot.
358
370
359 ##### `KERNELSRC_CLEAN`=false
371 ##### `KERNELSRC_CLEAN`=false
360 Clean the existing kernel sources directory `KERNELSRC_DIR` (using `make mrproper`) after it was copied to the chroot and before the compilation of the kernel has started. This parameter will be ignored if no `KERNELSRC_DIR` was specified or if `KERNELSRC_PREBUILT`=true.
372 Clean the existing kernel sources directory `KERNELSRC_DIR` (using `make mrproper`) after it was copied to the chroot and before the compilation of the kernel has started. This parameter will be ignored if no `KERNELSRC_DIR` was specified or if `KERNELSRC_PREBUILT`=true.
361
373
362 ##### `KERNELSRC_CONFIG`=true
374 ##### `KERNELSRC_CONFIG`=true
363 Run `make bcm2709_defconfig` (and optional `make menuconfig`) to configure the kernel sources before building. This parameter is automatically set to `true` if no existing kernel sources directory was specified using `KERNELSRC_DIR`. This parameter is ignored if `KERNELSRC_PREBUILT`=true.
375 Run `make bcm2709_defconfig` (and optional `make menuconfig`) to configure the kernel sources before building. This parameter is automatically set to `true` if no existing kernel sources directory was specified using `KERNELSRC_DIR`. This parameter is ignored if `KERNELSRC_PREBUILT`=true.
364
376
365 ##### `KERNELSRC_USRCONFIG`=""
377 ##### `KERNELSRC_USRCONFIG`=""
366 Copy own config file to kernel `.config`. If `KERNEL_MENUCONFIG`=true then running after copy.
378 Copy own config file to kernel `.config`. If `KERNEL_MENUCONFIG`=true then running after copy.
367
379
368 ##### `KERNELSRC_PREBUILT`=false
380 ##### `KERNELSRC_PREBUILT`=false
369 With this parameter set to true the script expects the existing kernel sources directory to be already successfully cross-compiled. The parameters `KERNELSRC_CLEAN`, `KERNELSRC_CONFIG`, `KERNELSRC_USRCONFIG` and `KERNEL_MENUCONFIG` are ignored and no kernel compilation tasks are performed.
381 With this parameter set to true the script expects the existing kernel sources directory to be already successfully cross-compiled. The parameters `KERNELSRC_CLEAN`, `KERNELSRC_CONFIG`, `KERNELSRC_USRCONFIG` and `KERNEL_MENUCONFIG` are ignored and no kernel compilation tasks are performed.
370
382
371 ##### `RPI_FIRMWARE_DIR`=""
383 ##### `RPI_FIRMWARE_DIR`=""
372 The directory (`firmware`) containing a local copy of the firmware from the [RaspberryPi firmware project](https://github.com/raspberrypi/firmware). Default is to download the latest firmware directly from the project.
384 The directory (`firmware`) containing a local copy of the firmware from the [RaspberryPi firmware project](https://github.com/raspberrypi/firmware). Default is to download the latest firmware directly from the project.
373
385
374 ##### `KERNEL_DEFAULT_GOV`="ONDEMAND"
386 ##### `KERNEL_DEFAULT_GOV`="ONDEMAND"
375 Set the default cpu governor at kernel compilation. Supported values are: PERFORMANCE POWERSAVE USERSPACE ONDEMAND CONSERVATIVE SCHEDUTIL
387 Set the default cpu governor at kernel compilation. Supported values are: PERFORMANCE POWERSAVE USERSPACE ONDEMAND CONSERVATIVE SCHEDUTIL
376
388
377 ##### `KERNEL_NF`=false
389 ##### `KERNEL_NF`=false
378 Enable Netfilter modules as kernel modules
390 Enable Netfilter modules as kernel modules
379
391
380 ##### `KERNEL_VIRT`=false
392 ##### `KERNEL_VIRT`=false
381 Enable Kernel KVM support (/dev/kvm)
393 Enable Kernel KVM support (/dev/kvm)
382
394
383 ##### `KERNEL_ZSWAP`=false
395 ##### `KERNEL_ZSWAP`=false
384 Enable Kernel Zswap support. Best use on high RAM load and mediocre CPU load usecases
396 Enable Kernel Zswap support. Best use on high RAM load and mediocre CPU load usecases
385
397
386 ##### `KERNEL_BPF`=true
398 ##### `KERNEL_BPF`=true
387 Allow attaching eBPF programs to a cgroup using the bpf syscall (CONFIG_BPF_SYSCALL CONFIG_CGROUP_BPF) [systemd compilations about it - File /lib/systemd/system/systemd-journald.server:36 configures an IP firewall (IPAddressDeny=all), but the local system does not support BPF/cgroup based firewalls]
399 Allow attaching eBPF programs to a cgroup using the bpf syscall (CONFIG_BPF_SYSCALL CONFIG_CGROUP_BPF) [systemd compilations about it - File /lib/systemd/system/systemd-journald.server:36 configures an IP firewall (IPAddressDeny=all), but the local system does not support BPF/cgroup based firewalls]
388
400
389 ##### `KERNEL_SECURITY`=false
401 ##### `KERNEL_SECURITY`=false
390 Enables Apparmor, integrity subsystem, auditing.
402 Enables Apparmor, integrity subsystem, auditing.
391
403
392 ---
404 ---
393
405
394 #### Reduce disk usage:
406 #### Reduce disk usage:
395 The following list of parameters is ignored if `ENABLE_REDUCE`=false.
407 The following list of parameters is ignored if `ENABLE_REDUCE`=false.
396
408
397 ##### `REDUCE_APT`=true
409 ##### `REDUCE_APT`=true
398 Configure APT to use compressed package repository lists and no package caching files.
410 Configure APT to use compressed package repository lists and no package caching files.
399
411
400 ##### `REDUCE_DOC`=true
412 ##### `REDUCE_DOC`=true
401 Remove all doc files (harsh). Configure APT to not include doc files on future `apt-get` package installations.
413 Remove all doc files (harsh). Configure APT to not include doc files on future `apt-get` package installations.
402
414
403 ##### `REDUCE_MAN`=true
415 ##### `REDUCE_MAN`=true
404 Remove all man pages and info files (harsh). Configure APT to not include man pages on future `apt-get` package installations.
416 Remove all man pages and info files (harsh). Configure APT to not include man pages on future `apt-get` package installations.
405
417
406 ##### `REDUCE_VIM`=false
418 ##### `REDUCE_VIM`=false
407 Replace `vim-tiny` package by `levee` a tiny vim clone.
419 Replace `vim-tiny` package by `levee` a tiny vim clone.
408
420
409 ##### `REDUCE_BASH`=false
421 ##### `REDUCE_BASH`=false
410 Remove `bash` package and switch to `dash` shell (experimental).
422 Remove `bash` package and switch to `dash` shell (experimental).
411
423
412 ##### `REDUCE_HWDB`=true
424 ##### `REDUCE_HWDB`=true
413 Remove PCI related hwdb files (experimental).
425 Remove PCI related hwdb files (experimental).
414
426
415 ##### `REDUCE_SSHD`=true
427 ##### `REDUCE_SSHD`=true
416 Replace `openssh-server` with `dropbear`.
428 Replace `openssh-server` with `dropbear`.
417
429
418 ##### `REDUCE_LOCALE`=true
430 ##### `REDUCE_LOCALE`=true
419 Remove all `locale` translation files.
431 Remove all `locale` translation files.
420
432
421 ---
433 ---
422
434
423 #### Encrypted root partition:
435 #### Encrypted root partition:
424 ##### `KERNEL_CRYPTFS`=false
436 ##### `KERNEL_CRYPTFS`=false
425 Enable Kernel Moduls for crypto
437 Enable Kernel Moduls for crypto
426
438
427 ##### `ENABLE_CRYPTFS`=false
439 ##### `ENABLE_CRYPTFS`=false
428 Enable full system encryption with dm-crypt. Setup a fully LUKS encrypted root partition (aes-xts-plain64:sha512) and generate required initramfs. The /boot directory will not be encrypted. This parameter will be ignored if `BUILD_KERNEL`=false. `ENABLE_CRYPTFS` is experimental. SSH-to-initramfs is currently not supported but will be soon - feel free to help.
440 Enable full system encryption with dm-crypt. Setup a fully LUKS encrypted root partition (aes-xts-plain64:sha512) and generate required initramfs. The /boot directory will not be encrypted. This parameter will be ignored if `BUILD_KERNEL`=false. `ENABLE_CRYPTFS` is experimental. SSH-to-initramfs is currently not supported but will be soon - feel free to help.
429
441
430 ##### `CRYPTFS_PASSWORD`=""
442 ##### `CRYPTFS_PASSWORD`=""
431 Set password of the encrypted root partition. This parameter is mandatory if `ENABLE_CRYPTFS`=true.
443 Set password of the encrypted root partition. This parameter is mandatory if `ENABLE_CRYPTFS`=true.
432
444
433 ##### `CRYPTFS_MAPPING`="secure"
445 ##### `CRYPTFS_MAPPING`="secure"
434 Set name of dm-crypt managed device-mapper mapping.
446 Set name of dm-crypt managed device-mapper mapping.
435
447
436 ##### `CRYPTFS_CIPHER`="aes-xts-plain64:sha512"
448 ##### `CRYPTFS_CIPHER`="aes-xts-plain64:sha512"
437 Set cipher specification string. `aes-xts*` ciphers are strongly recommended.
449 Set cipher specification string. `aes-xts*` ciphers are strongly recommended.
438
450
439 ##### `CRYPTFS_XTSKEYSIZE`=512
451 ##### `CRYPTFS_XTSKEYSIZE`=512
440 Sets key size in bits. The argument has to be a multiple of 8.
452 Sets key size in bits. The argument has to be a multiple of 8.
441
453
442 ##### `CRYPTFS_DROPBEAR`=false
454 ##### `CRYPTFS_DROPBEAR`=false
443 Enable Dropbear Initramfs support
455 Enable Dropbear Initramfs support
444
456
445 ##### `CRYPTFS_DROPBEAR_PUBKEY`=""
457 ##### `CRYPTFS_DROPBEAR_PUBKEY`=""
446 Provide path to dropbear Public RSA-OpenSSH Key
458 Provide path to dropbear Public RSA-OpenSSH Key
447
459
448 ---
460 ---
449
461
450 #### Build settings:
462 #### Build settings:
451 ##### `BASEDIR`=$(pwd)/images/${RELEASE}
463 ##### `BASEDIR`=$(pwd)/images/${RELEASE}
452 Set a path to a working directory used by the script to generate an image.
464 Set a path to a working directory used by the script to generate an image.
453
465
454 ##### `IMAGE_NAME`=${BASEDIR}/${DATE}-${KERNEL_ARCH}-${KERNEL_BRANCH}-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}
466 ##### `IMAGE_NAME`=${BASEDIR}/${DATE}-${KERNEL_ARCH}-${KERNEL_BRANCH}-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}
455 Set a filename for the output file(s). Note: the script will create $IMAGE_NAME.img if `ENABLE_SPLITFS`=false or $IMAGE_NAME-frmw.img and $IMAGE_NAME-root.img if `ENABLE_SPLITFS`=true. Note 2: If the KERNEL_BRANCH is not set, the word "CURRENT" is used.
467 Set a filename for the output file(s). Note: the script will create $IMAGE_NAME.img if `ENABLE_SPLITFS`=false or $IMAGE_NAME-frmw.img and $IMAGE_NAME-root.img if `ENABLE_SPLITFS`=true. Note 2: If the KERNEL_BRANCH is not set, the word "CURRENT" is used.
456
468
457 ## Understanding the script
469 ## Understanding the script
458 The functions of this script that are required for the different stages of the bootstrapping are split up into single files located inside the `bootstrap.d` directory. During the bootstrapping every script in this directory gets executed in lexicographical order:
470 The functions of this script that are required for the different stages of the bootstrapping are split up into single files located inside the `bootstrap.d` directory. During the bootstrapping every script in this directory gets executed in lexicographical order:
459
471
460 | Script | Description |
472 | Script | Description |
461 | --- | --- |
473 | --- | --- |
462 | `10-bootstrap.sh` | Debootstrap basic system |
474 | `10-bootstrap.sh` | Debootstrap basic system |
463 | `11-apt.sh` | Setup APT repositories |
475 | `11-apt.sh` | Setup APT repositories |
464 | `12-locale.sh` | Setup Locales and keyboard settings |
476 | `12-locale.sh` | Setup Locales and keyboard settings |
465 | `13-kernel.sh` | Build and install RPi 0/1/2/3 Kernel |
477 | `13-kernel.sh` | Build and install RPi 0/1/2/3 Kernel |
466 | `14-fstab.sh` | Setup fstab and initramfs |
478 | `14-fstab.sh` | Setup fstab and initramfs |
467 | `15-rpi-config.sh` | Setup RPi 0/1/2/3 config and cmdline |
479 | `15-rpi-config.sh` | Setup RPi 0/1/2/3 config and cmdline |
468 | `20-networking.sh` | Setup Networking |
480 | `20-networking.sh` | Setup Networking |
469 | `21-firewall.sh` | Setup Firewall |
481 | `21-firewall.sh` | Setup Firewall |
470 | `30-security.sh` | Setup Users and Security settings |
482 | `30-security.sh` | Setup Users and Security settings |
471 | `31-logging.sh` | Setup Logging |
483 | `31-logging.sh` | Setup Logging |
472 | `32-sshd.sh` | Setup SSH and public keys |
484 | `32-sshd.sh` | Setup SSH and public keys |
473 | `41-uboot.sh` | Build and Setup U-Boot |
485 | `41-uboot.sh` | Build and Setup U-Boot |
474 | `42-fbturbo.sh` | Build and Setup fbturbo Xorg driver |
486 | `42-fbturbo.sh` | Build and Setup fbturbo Xorg driver |
475 | `43-videocore.sh` | Build and Setup videocore libraries |
487 | `43-videocore.sh` | Build and Setup videocore libraries |
476 | `50-firstboot.sh` | First boot actions |
488 | `50-firstboot.sh` | First boot actions |
477 | `99-reduce.sh` | Reduce the disk space usage |
489 | `99-reduce.sh` | Reduce the disk space usage |
478
490
479 All the required configuration files that will be copied to the generated OS image are located inside the `files` directory. It is not recommended to modify these configuration files manually.
491 All the required configuration files that will be copied to the generated OS image are located inside the `files` directory. It is not recommended to modify these configuration files manually.
480
492
481 | Directory | Description |
493 | Directory | Description |
482 | --- | --- |
494 | --- | --- |
483 | `apt` | APT management configuration files |
495 | `apt` | APT management configuration files |
484 | `boot` | Boot and RPi 0/1/2/3 configuration files |
496 | `boot` | Boot and RPi 0/1/2/3 configuration files |
485 | `dpkg` | Package Manager configuration |
497 | `dpkg` | Package Manager configuration |
486 | `etc` | Configuration files and rc scripts |
498 | `etc` | Configuration files and rc scripts |
487 | `firstboot` | Scripts that get executed on first boot |
499 | `firstboot` | Scripts that get executed on first boot |
488 | `initramfs` | Initramfs scripts |
500 | `initramfs` | Initramfs scripts |
489 | `iptables` | Firewall configuration files |
501 | `iptables` | Firewall configuration files |
490 | `locales` | Locales configuration |
502 | `locales` | Locales configuration |
491 | `modules` | Kernel Modules configuration |
503 | `modules` | Kernel Modules configuration |
492 | `mount` | Fstab configuration |
504 | `mount` | Fstab configuration |
493 | `network` | Networking configuration files |
505 | `network` | Networking configuration files |
494 | `sysctl.d` | Swapping and Network Hardening configuration |
506 | `sysctl.d` | Swapping and Network Hardening configuration |
495 | `xorg` | fbturbo Xorg driver configuration |
507 | `xorg` | fbturbo Xorg driver configuration |
496
508
497 ## Custom packages and scripts
509 ## Custom packages and scripts
498 Debian custom packages, i.e. those not in the debian repositories, can be installed by placing them in the `packages` directory. They are installed immediately after packages from the repositories are installed. Any dependencies listed in the custom packages will be downloaded automatically from the repositories. Do not list these custom packages in `APT_INCLUDES`.
510 Debian custom packages, i.e. those not in the debian repositories, can be installed by placing them in the `packages` directory. They are installed immediately after packages from the repositories are installed. Any dependencies listed in the custom packages will be downloaded automatically from the repositories. Do not list these custom packages in `APT_INCLUDES`.
499
511
500 Scripts in the custom.d directory will be executed after all other installation is complete but before the image is created.
512 Scripts in the custom.d directory will be executed after all other installation is complete but before the image is created.
501
513
502 ## Logging of the bootstrapping process
514 ## Logging of the bootstrapping process
503 All information related to the bootstrapping process and the commands executed by the `rpi23-gen-image.sh` script can easily be saved into a logfile. The common shell command `script` can be used for this purpose:
515 All information related to the bootstrapping process and the commands executed by the `rpi23-gen-image.sh` script can easily be saved into a logfile. The common shell command `script` can be used for this purpose:
504
516
505 ```shell
517 ```shell
506 script -c 'APT_SERVER=ftp.de.debian.org ./rpi23-gen-image.sh' ./build.log
518 script -c 'APT_SERVER=ftp.de.debian.org ./rpi23-gen-image.sh' ./build.log
507 ```
519 ```
508
520
509 ## Flashing the image file
521 ## Flashing the image file
510 After the image file was successfully created by the `rpi23-gen-image.sh` script it can be copied to the microSD card that will be used by the RPi 0/1/2/3 computer. This can be performed by using the tools `bmaptool` or `dd`. Using `bmaptool` will probably speed-up the copy process because `bmaptool` copies more wisely than `dd`.
522 After the image file was successfully created by the `rpi23-gen-image.sh` script it can be copied to the microSD card that will be used by the RPi 0/1/2/3 computer. This can be performed by using the tools `bmaptool` or `dd`. Using `bmaptool` will probably speed-up the copy process because `bmaptool` copies more wisely than `dd`.
511
523
512 ##### Flashing examples:
524 ##### Flashing examples:
513 ```shell
525 ```shell
514 bmaptool copy ./images/buster/2017-01-23-rpi3-buster.img /dev/mmcblk0
526 bmaptool copy ./images/buster/2017-01-23-rpi3-buster.img /dev/mmcblk0
515 dd bs=4M if=./images/buster/2017-01-23-rpi3-buster.img of=/dev/mmcblk0
527 dd bs=4M if=./images/buster/2017-01-23-rpi3-buster.img of=/dev/mmcblk0
516 ```
528 ```
517 If you have set `ENABLE_SPLITFS`, copy the `-frmw` image on the microSD card, then the `-root` one on the USB drive:
529 If you have set `ENABLE_SPLITFS`, copy the `-frmw` image on the microSD card, then the `-root` one on the USB drive:
518 ```shell
530 ```shell
519 bmaptool copy ./images/buster/2017-01-23-rpi3-buster-frmw.img /dev/mmcblk0
531 bmaptool copy ./images/buster/2017-01-23-rpi3-buster-frmw.img /dev/mmcblk0
520 bmaptool copy ./images/buster/2017-01-23-rpi3-buster-root.img /dev/sdc
532 bmaptool copy ./images/buster/2017-01-23-rpi3-buster-root.img /dev/sdc
521 ```
533 ```
522
534
523 ## QEMU emulation
535 ## QEMU emulation
524 Start QEMU full system emulation:
536 Start QEMU full system emulation:
525 ```shell
537 ```shell
526 qemu-system-arm -m 2048M -M vexpress-a15 -cpu cortex-a15 -kernel kernel7.img -no-reboot -dtb vexpress-v2p-ca15_a7.dtb -sd ${IMAGE_NAME}.qcow2 -append "root=/dev/mmcblk0p2 rw rootfstype=ext4 console=tty1"
538 qemu-system-arm -m 2048M -M vexpress-a15 -cpu cortex-a15 -kernel kernel7.img -no-reboot -dtb vexpress-v2p-ca15_a7.dtb -sd ${IMAGE_NAME}.qcow2 -append "root=/dev/mmcblk0p2 rw rootfstype=ext4 console=tty1"
527 ```
539 ```
528
540
529 Start QEMU full system emulation and output to console:
541 Start QEMU full system emulation and output to console:
530 ```shell
542 ```shell
531 qemu-system-arm -m 2048M -M vexpress-a15 -cpu cortex-a15 -kernel kernel7.img -no-reboot -dtb vexpress-v2p-ca15_a7.dtb -sd ${IMAGE_NAME}.qcow2 -append "root=/dev/mmcblk0p2 rw rootfstype=ext4 console=ttyAMA0,115200 init=/bin/systemd" -serial stdio
543 qemu-system-arm -m 2048M -M vexpress-a15 -cpu cortex-a15 -kernel kernel7.img -no-reboot -dtb vexpress-v2p-ca15_a7.dtb -sd ${IMAGE_NAME}.qcow2 -append "root=/dev/mmcblk0p2 rw rootfstype=ext4 console=ttyAMA0,115200 init=/bin/systemd" -serial stdio
532 ```
544 ```
533
545
534 Start QEMU full system emulation with SMP and output to console:
546 Start QEMU full system emulation with SMP and output to console:
535 ```shell
547 ```shell
536 qemu-system-arm -m 2048M -M vexpress-a15 -cpu cortex-a15 -smp cpus=2,maxcpus=2 -kernel kernel7.img -no-reboot -dtb vexpress-v2p-ca15_a7.dtb -sd ${IMAGE_NAME}.qcow2 -append "root=/dev/mmcblk0p2 rw rootfstype=ext4 console=ttyAMA0,115200 init=/bin/systemd" -serial stdio
548 qemu-system-arm -m 2048M -M vexpress-a15 -cpu cortex-a15 -smp cpus=2,maxcpus=2 -kernel kernel7.img -no-reboot -dtb vexpress-v2p-ca15_a7.dtb -sd ${IMAGE_NAME}.qcow2 -append "root=/dev/mmcblk0p2 rw rootfstype=ext4 console=ttyAMA0,115200 init=/bin/systemd" -serial stdio
537 ```
549 ```
538
550
539 Start QEMU full system emulation with cryptfs, initramfs and output to console:
551 Start QEMU full system emulation with cryptfs, initramfs and output to console:
540 ```shell
552 ```shell
541 qemu-system-arm -m 2048M -M vexpress-a15 -cpu cortex-a15 -kernel kernel7.img -no-reboot -dtb vexpress-v2p-ca15_a7.dtb -sd ${IMAGE_NAME}.qcow2 -initrd "initramfs-${KERNEL_VERSION}" -append "root=/dev/mapper/secure cryptdevice=/dev/mmcblk0p2:secure rw rootfstype=ext4 console=ttyAMA0,115200 init=/bin/systemd" -serial stdio
553 qemu-system-arm -m 2048M -M vexpress-a15 -cpu cortex-a15 -kernel kernel7.img -no-reboot -dtb vexpress-v2p-ca15_a7.dtb -sd ${IMAGE_NAME}.qcow2 -initrd "initramfs-${KERNEL_VERSION}" -append "root=/dev/mapper/secure cryptdevice=/dev/mmcblk0p2:secure rw rootfstype=ext4 console=ttyAMA0,115200 init=/bin/systemd" -serial stdio
542 ```
554 ```
543
555
544 ## External links and references
556 ## External links and references
545 * [Debian worldwide mirror sites](https://www.debian.org/mirror/list)
557 * [Debian worldwide mirror sites](https://www.debian.org/mirror/list)
546 * [Debian Raspberry Pi 2 Wiki](https://wiki.debian.org/RaspberryPi2)
558 * [Debian Raspberry Pi 2 Wiki](https://wiki.debian.org/RaspberryPi2)
547 * [Debian CrossToolchains Wiki](https://wiki.debian.org/CrossToolchains)
559 * [Debian CrossToolchains Wiki](https://wiki.debian.org/CrossToolchains)
548 * [Official Raspberry Pi Firmware on github](https://github.com/raspberrypi/firmware)
560 * [Official Raspberry Pi Firmware on github](https://github.com/raspberrypi/firmware)
549 * [Official Raspberry Pi Kernel on github](https://github.com/raspberrypi/linux)
561 * [Official Raspberry Pi Kernel on github](https://github.com/raspberrypi/linux)
550 * [U-BOOT git repository](https://git.denx.de/?p=u-boot.git;a=summary)
562 * [U-BOOT git repository](https://git.denx.de/?p=u-boot.git;a=summary)
551 * [Xorg DDX driver fbturbo](https://github.com/ssvb/xf86-video-fbturbo)
563 * [Xorg DDX driver fbturbo](https://github.com/ssvb/xf86-video-fbturbo)
552 * [RPi3 Wireless interface firmware](https://github.com/RPi-Distro/firmware-nonfree/tree/master/brcm)
564 * [RPi3 Wireless interface firmware](https://github.com/RPi-Distro/firmware-nonfree/tree/master/brcm)
553 * [Collabora RPi2 Kernel precompiled](https://repositories.collabora.co.uk/debian/)
565 * [Collabora RPi2 Kernel precompiled](https://repositories.collabora.co.uk/debian/)
@@ -1,649 +1,887
1 #
1 #
2 # Build and Setup RPi2/3 Kernel
2 # Build and Setup RPi2/3 Kernel
3 #
3 #
4
4
5 # Load utility functions
5 # Load utility functions
6 . ./functions.sh
6 . ./functions.sh
7
7
8 # Need to use kali kernel src if nexmon is enabled
8 # Need to use kali kernel src if nexmon is enabled
9 if [ "$ENABLE_NEXMON" = true ] ; then
9 if [ "$ENABLE_NEXMON" = true ] ; then
10 KERNEL_URL="${KALI_KERNEL_URL}"
10 KERNEL_URL="${KALI_KERNEL_URL}"
11 # Clear Branch and KernelSRC_DIR if using nexmon. Everyone will forget to clone kali kernel instead of nomrla kernel
11 # Clear Branch and KernelSRC_DIR if using nexmon. Everyone will forget to clone kali kernel instead of nomrla kernel
12 KERNEL_BRANCH=""
12 KERNEL_BRANCH=""
13 KERNELSRC_DIR=""
13 KERNELSRC_DIR=""
14 fi
14 fi
15
15
16 # Fetch and build latest raspberry kernel
16 # Fetch and build latest raspberry kernel
17 if [ "$BUILD_KERNEL" = true ] ; then
17 if [ "$BUILD_KERNEL" = true ] ; then
18 # Setup source directory
18 # Setup source directory
19 mkdir -p "${KERNEL_DIR}"
19 mkdir -p "${KERNEL_DIR}"
20
20
21 # Copy existing kernel sources into chroot directory
21 # Copy existing kernel sources into chroot directory
22 if [ -n "$KERNELSRC_DIR" ] && [ -d "$KERNELSRC_DIR" ] ; then
22 if [ -n "$KERNELSRC_DIR" ] && [ -d "$KERNELSRC_DIR" ] ; then
23 # Copy kernel sources and include hidden files
23 # Copy kernel sources and include hidden files
24 cp -r "${KERNELSRC_DIR}/". "${KERNEL_DIR}"
24 cp -r "${KERNELSRC_DIR}/". "${KERNEL_DIR}"
25
25
26 # Clean the kernel sources
26 # Clean the kernel sources
27 if [ "$KERNELSRC_CLEAN" = true ] && [ "$KERNELSRC_PREBUILT" = false ] ; then
27 if [ "$KERNELSRC_CLEAN" = true ] && [ "$KERNELSRC_PREBUILT" = false ] ; then
28 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" mrproper
28 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" mrproper
29 fi
29 fi
30 else # KERNELSRC_DIR=""
30 else # KERNELSRC_DIR=""
31 # Create temporary directory for kernel sources
31 # Create temporary directory for kernel sources
32 temp_dir=$(as_nobody mktemp -d)
32 temp_dir=$(as_nobody mktemp -d)
33
33
34 # Fetch current RPi2/3 kernel sources
34 # Fetch current RPi2/3 kernel sources
35 if [ -z "${KERNEL_BRANCH}" ] ; then
35 if [ -z "${KERNEL_BRANCH}" ] ; then
36 as_nobody -H git -C "${temp_dir}" clone --depth=1 "${KERNEL_URL}" linux
36 as_nobody -H git -C "${temp_dir}" clone --depth=1 "${KERNEL_URL}" linux
37 else
37 else
38 as_nobody -H git -C "${temp_dir}" clone --depth=1 --branch "${KERNEL_BRANCH}" "${KERNEL_URL}" linux
38 as_nobody -H git -C "${temp_dir}" clone --depth=1 --branch "${KERNEL_BRANCH}" "${KERNEL_URL}" linux
39 fi
39 fi
40
40
41 # Copy downloaded kernel sources
41 # Copy downloaded kernel sources
42 cp -r "${temp_dir}/linux/"* "${KERNEL_DIR}"
42 cp -r "${temp_dir}/linux/"* "${KERNEL_DIR}"
43
43
44 # Remove temporary directory for kernel sources
44 # Remove temporary directory for kernel sources
45 rm -fr "${temp_dir}"
45 rm -fr "${temp_dir}"
46
46
47 # Set permissions of the kernel sources
47 # Set permissions of the kernel sources
48 chown -R root:root "${R}/usr/src"
48 chown -R root:root "${R}/usr/src"
49 fi
49 fi
50
50
51 # Calculate optimal number of kernel building threads
51 # Calculate optimal number of kernel building threads
52 if [ "$KERNEL_THREADS" = "1" ] && [ -r /proc/cpuinfo ] ; then
52 if [ "$KERNEL_THREADS" = "1" ] && [ -r /proc/cpuinfo ] ; then
53 KERNEL_THREADS=$(grep -c processor /proc/cpuinfo)
53 KERNEL_THREADS=$(grep -c processor /proc/cpuinfo)
54 fi
54 fi
55
55
56 if [ "$ENABLE_QEMU" = true ] && [ "$KERNEL_ARCH" = arm64 ]; then
56 if [ "$ENABLE_QEMU" = true ] && [ "$KERNEL_ARCH" = arm64 ]; then
57 cp "${KERNEL_DIR}"/arch/arm/configs/vexpress_defconfig "${KERNEL_DIR}"/arch/arm64/configs/
57 cp "${KERNEL_DIR}"/arch/arm/configs/vexpress_defconfig "${KERNEL_DIR}"/arch/arm64/configs/
58 fi
58 fi
59
59
60 # Configure and build kernel
60 # Configure and build kernel
61 if [ "$KERNELSRC_PREBUILT" = false ] ; then
61 if [ "$KERNELSRC_PREBUILT" = false ] ; then
62 # Remove device, network and filesystem drivers from kernel configuration
62 # Remove device, network and filesystem drivers from kernel configuration
63 if [ "$KERNEL_REDUCE" = true ] ; then
63 if [ "$KERNEL_REDUCE" = true ] ; then
64 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" "${KERNEL_DEFCONFIG}"
64 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" "${KERNEL_DEFCONFIG}"
65 sed -i\
65 sed -i\
66 -e "s/\(^CONFIG_SND.*\=\).*/\1n/"\
66 -e "s/\(^CONFIG_SND.*\=\).*/\1n/"\
67 -e "s/\(^CONFIG_SOUND.*\=\).*/\1n/"\
67 -e "s/\(^CONFIG_SOUND.*\=\).*/\1n/"\
68 -e "s/\(^CONFIG_AC97.*\=\).*/\1n/"\
68 -e "s/\(^CONFIG_AC97.*\=\).*/\1n/"\
69 -e "s/\(^CONFIG_VIDEO_.*\=\).*/\1n/"\
69 -e "s/\(^CONFIG_VIDEO_.*\=\).*/\1n/"\
70 -e "s/\(^CONFIG_MEDIA_TUNER.*\=\).*/\1n/"\
70 -e "s/\(^CONFIG_MEDIA_TUNER.*\=\).*/\1n/"\
71 -e "s/\(^CONFIG_DVB.*\=\)[ym]/\1n/"\
71 -e "s/\(^CONFIG_DVB.*\=\)[ym]/\1n/"\
72 -e "s/\(^CONFIG_REISERFS.*\=\).*/\1n/"\
72 -e "s/\(^CONFIG_REISERFS.*\=\).*/\1n/"\
73 -e "s/\(^CONFIG_JFS.*\=\).*/\1n/"\
73 -e "s/\(^CONFIG_JFS.*\=\).*/\1n/"\
74 -e "s/\(^CONFIG_XFS.*\=\).*/\1n/"\
74 -e "s/\(^CONFIG_XFS.*\=\).*/\1n/"\
75 -e "s/\(^CONFIG_GFS2.*\=\).*/\1n/"\
75 -e "s/\(^CONFIG_GFS2.*\=\).*/\1n/"\
76 -e "s/\(^CONFIG_OCFS2.*\=\).*/\1n/"\
76 -e "s/\(^CONFIG_OCFS2.*\=\).*/\1n/"\
77 -e "s/\(^CONFIG_BTRFS.*\=\).*/\1n/"\
77 -e "s/\(^CONFIG_BTRFS.*\=\).*/\1n/"\
78 -e "s/\(^CONFIG_HFS.*\=\).*/\1n/"\
78 -e "s/\(^CONFIG_HFS.*\=\).*/\1n/"\
79 -e "s/\(^CONFIG_JFFS2.*\=\)[ym]/\1n/"\
79 -e "s/\(^CONFIG_JFFS2.*\=\)[ym]/\1n/"\
80 -e "s/\(^CONFIG_UBIFS.*\=\).*/\1n/"\
80 -e "s/\(^CONFIG_UBIFS.*\=\).*/\1n/"\
81 -e "s/\(^CONFIG_SQUASHFS.*\=\)[ym]/\1n/"\
81 -e "s/\(^CONFIG_SQUASHFS.*\=\)[ym]/\1n/"\
82 -e "s/\(^CONFIG_W1.*\=\)[ym]/\1n/"\
82 -e "s/\(^CONFIG_W1.*\=\)[ym]/\1n/"\
83 -e "s/\(^CONFIG_HAMRADIO.*\=\).*/\1n/"\
83 -e "s/\(^CONFIG_HAMRADIO.*\=\).*/\1n/"\
84 -e "s/\(^CONFIG_CAN.*\=\).*/\1n/"\
84 -e "s/\(^CONFIG_CAN.*\=\).*/\1n/"\
85 -e "s/\(^CONFIG_IRDA.*\=\).*/\1n/"\
85 -e "s/\(^CONFIG_IRDA.*\=\).*/\1n/"\
86 -e "s/\(^CONFIG_BT_.*\=\).*/\1n/"\
86 -e "s/\(^CONFIG_BT_.*\=\).*/\1n/"\
87 -e "s/\(^CONFIG_WIMAX.*\=\)[ym]/\1n/"\
87 -e "s/\(^CONFIG_WIMAX.*\=\)[ym]/\1n/"\
88 -e "s/\(^CONFIG_6LOWPAN.*\=\).*/\1n/"\
88 -e "s/\(^CONFIG_6LOWPAN.*\=\).*/\1n/"\
89 -e "s/\(^CONFIG_IEEE802154.*\=\).*/\1n/"\
89 -e "s/\(^CONFIG_IEEE802154.*\=\).*/\1n/"\
90 -e "s/\(^CONFIG_NFC.*\=\).*/\1n/"\
90 -e "s/\(^CONFIG_NFC.*\=\).*/\1n/"\
91 -e "s/\(^CONFIG_FB_TFT=.*\=\).*/\1n/"\
91 -e "s/\(^CONFIG_FB_TFT=.*\=\).*/\1n/"\
92 -e "s/\(^CONFIG_TOUCHSCREEN.*\=\).*/\1n/"\
92 -e "s/\(^CONFIG_TOUCHSCREEN.*\=\).*/\1n/"\
93 -e "s/\(^CONFIG_USB_GSPCA_.*\=\).*/\1n/"\
93 -e "s/\(^CONFIG_USB_GSPCA_.*\=\).*/\1n/"\
94 -e "s/\(^CONFIG_DRM.*\=\).*/\1n/"\
94 -e "s/\(^CONFIG_DRM.*\=\).*/\1n/"\
95 "${KERNEL_DIR}/.config"
95 "${KERNEL_DIR}/.config"
96 fi
96 fi
97
97
98 if [ "$KERNELSRC_CONFIG" = true ] ; then
98 if [ "$KERNELSRC_CONFIG" = true ] ; then
99 # Load default raspberry kernel configuration
99 # Load default raspberry kernel configuration
100 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" "${KERNEL_DEFCONFIG}"
100 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" "${KERNEL_DEFCONFIG}"
101
101
102 #Switch to KERNELSRC_DIR so we can use set_kernel_config
102 #Switch to KERNELSRC_DIR so we can use set_kernel_config
103 cd "${KERNEL_DIR}" || exit
103 cd "${KERNEL_DIR}" || exit
104
104
105 # Enable RPI POE HAT fan
106 if [ "$KERNEL_POEHAT" = true ]; then
107 set_kernel_config CONFIG_SENSORS_RPI_POE_FAN m
108 fi
109
110 # Enable per-interface network priority control
111 # (for systemd-nspawn)
112 if [ "$KERNEL_NSPAN" = true ]; then
113 set_kernel_config CONFIG_CGROUP_NET_PRIO y
114 fi
115
116 # Compile in BTRFS
117 if [ "$KERNEL_BTRFS" = true ]; then
118 set_kernel_config CONFIG_BTRFS_FS y
119 set_kernel_config CONFIG_BTRFS_FS_POSIX_ACL y
120 set_kernel_config CONFIG_BTRFS_FS_REF_VERIFY y
121 fi
122
123 # Diffie-Hellman operations on retained keys
124 # (required for >keyutils-1.6)
125 if [ "$KERNEL_DHKEY" = true ]; then
126 set_kernel_config CONFIG_KEY_DH_OPERATIONS y
127 fi
128
105 if [ "$KERNEL_ARCH" = arm64 ] && [ "$ENABLE_QEMU" = false ]; then
129 if [ "$KERNEL_ARCH" = arm64 ] && [ "$ENABLE_QEMU" = false ]; then
130 # Mask this temporarily during switch to rpi-4.19.y
106 #Fix SD_DRIVER upstream and downstream mess in 64bit RPIdeb_config
131 #Fix SD_DRIVER upstream and downstream mess in 64bit RPIdeb_config
107 # use correct driver MMC_BCM2835_MMC instead of MMC_BCM2835_SDHOST - see https://www.raspberrypi.org/forums/viewtopic.php?t=210225
132 # use correct driver MMC_BCM2835_MMC instead of MMC_BCM2835_SDHOST - see https://www.raspberrypi.org/forums/viewtopic.php?t=210225
108 set_kernel_config CONFIG_MMC_BCM2835 n
133 #set_kernel_config CONFIG_MMC_BCM2835 n
109 set_kernel_config CONFIG_MMC_SDHCI_IPROC n
134 #set_kernel_config CONFIG_MMC_SDHCI_IPROC n
110 set_kernel_config CONFIG_USB_DWC2 n
135 #set_kernel_config CONFIG_USB_DWC2 n
111 sed -i "s|depends on MMC_BCM2835_MMC && MMC_BCM2835_DMA|depends on MMC_BCM2835_MMC|" "${KERNEL_DIR}"/drivers/mmc/host/Kconfig
136 #sed -i "s|depends on MMC_BCM2835_MMC && MMC_BCM2835_DMA|depends on MMC_BCM2835_MMC|" "${KERNEL_DIR}"/drivers/mmc/host/Kconfig
112
137
113 #VLAN got disabled without reason in arm64bit
138 #VLAN got disabled without reason in arm64bit
114 set_kernel_config CONFIG_IPVLAN m
139 set_kernel_config CONFIG_IPVLAN m
115 fi
140 fi
116
141
117 # enable ZSWAP see https://askubuntu.com/a/472227 or https://wiki.archlinux.org/index.php/zswap
142 # enable ZSWAP see https://askubuntu.com/a/472227 or https://wiki.archlinux.org/index.php/zswap
118 if [ "$KERNEL_ZSWAP" = true ] ; then
143 if [ "$KERNEL_ZSWAP" = true ] ; then
119 set_kernel_config CONFIG_ZPOOL y
144 set_kernel_config CONFIG_ZPOOL y
120 set_kernel_config CONFIG_ZSWAP y
145 set_kernel_config CONFIG_ZSWAP y
121 set_kernel_config CONFIG_ZBUD y
146 set_kernel_config CONFIG_ZBUD y
122 set_kernel_config CONFIG_Z3FOLD y
147 set_kernel_config CONFIG_Z3FOLD y
123 set_kernel_config CONFIG_ZSMALLOC y
148 set_kernel_config CONFIG_ZSMALLOC y
124 set_kernel_config CONFIG_PGTABLE_MAPPING y
149 set_kernel_config CONFIG_PGTABLE_MAPPING y
125 set_kernel_config CONFIG_LZO_COMPRESS y
150 set_kernel_config CONFIG_LZO_COMPRESS y
126
127 fi
151 fi
128
152
153 if [ RPI_MODEL = 4 ] ; then
154 # Following are set in current 32-bit LPAE kernel
155 set_kernel_config CONFIG_CGROUP_PIDS y
156 set_kernel_config CONFIG_NET_IPVTI m
157 set_kernel_config CONFIG_NF_TABLES_SET m
158 set_kernel_config CONFIG_NF_TABLES_INET y
159 set_kernel_config CONFIG_NF_TABLES_NETDEV y
160 set_kernel_config CONFIG_NF_FLOW_TABLE m
161 set_kernel_config CONFIG_NFT_FLOW_OFFLOAD m
162 set_kernel_config CONFIG_NFT_CONNLIMIT m
163 set_kernel_config CONFIG_NFT_TUNNEL m
164 set_kernel_config CONFIG_NFT_OBJREF m
165 set_kernel_config CONFIG_NFT_FIB_IPV4 m
166 set_kernel_config CONFIG_NFT_FIB_IPV6 m
167 set_kernel_config CONFIG_NFT_FIB_INET m
168 set_kernel_config CONFIG_NFT_SOCKET m
169 set_kernel_config CONFIG_NFT_OSF m
170 set_kernel_config CONFIG_NFT_TPROXY m
171 set_kernel_config CONFIG_NF_DUP_NETDEV m
172 set_kernel_config CONFIG_NFT_DUP_NETDEV m
173 set_kernel_config CONFIG_NFT_FWD_NETDEV m
174 set_kernel_config CONFIG_NFT_FIB_NETDEV m
175 set_kernel_config CONFIG_NF_FLOW_TABLE_INET m
176 set_kernel_config CONFIG_NF_FLOW_TABLE m
177 set_kernel_config CONFIG_NETFILTER_XT_MATCH_SOCKET m
178 set_kernel_config CONFIG_NFT_CHAIN_ROUTE_IPV6 m
179 set_kernel_config CONFIG_NFT_CHAIN_NAT_IPV6 m
180 set_kernel_config CONFIG_NFT_MASQ_IPV6 m
181 set_kernel_config CONFIG_NFT_REDIR_IPV6 m
182 set_kernel_config CONFIG_NFT_REJECT_IPV6 m
183 set_kernel_config CONFIG_NFT_DUP_IPV6 m
184 set_kernel_config CONFIG_NFT_FIB_IPV6 m
185 set_kernel_config CONFIG_NF_FLOW_TABLE_IPV6 m
186 set_kernel_config CONFIG_NF_TABLES_BRIDGE m
187 set_kernel_config CONFIG_NFT_BRIDGE_REJECT m
188 set_kernel_config CONFIG_NF_LOG_BRIDGE m
189 set_kernel_config CONFIG_MT76_CORE m
190 set_kernel_config CONFIG_MT76_LEDS m
191 set_kernel_config CONFIG_MT76_USB m
192 set_kernel_config CONFIG_MT76x2_COMMON m
193 set_kernel_config CONFIG_MT76x0U m
194 set_kernel_config CONFIG_MT76x2U m
195 set_kernel_config CONFIG_TOUCHSCREEN_ILI210X m
196 set_kernel_config CONFIG_BCM_VC_SM m
197 set_kernel_config CONFIG_BCM2835_SMI_DEV m
198 set_kernel_config CONFIG_RPIVID_MEM m
199 set_kernel_config CONFIG_HW_RANDOM_BCM2835 y
200 set_kernel_config CONFIG_TCG_TPM m
201 set_kernel_config CONFIG_HW_RANDOM_TPM y
202 set_kernel_config CONFIG_TCG_TIS m
203 set_kernel_config CONFIG_TCG_TIS_SPI m
204 set_kernel_config CONFIG_I2C_MUX m
205 set_kernel_config CONFIG_I2C_MUX_GPMUX m
206 set_kernel_config CONFIG_I2C_MUX_PCA954x m
207 set_kernel_config CONFIG_SPI_GPIO m
208 set_kernel_config CONFIG_BATTERY_MAX17040 m
209 set_kernel_config CONFIG_SENSORS_GPIO_FAN m
210 set_kernel_config CONFIG_SENSORS_RASPBERRYPI_HWMON m
211 set_kernel_config CONFIG_BCM2835_THERMAL y
212 set_kernel_config CONFIG_RC_CORE y
213 set_kernel_config CONFIG_RC_MAP y
214 set_kernel_config CONFIG_LIRC y
215 set_kernel_config CONFIG_RC_DECODERS y
216 set_kernel_config CONFIG_IR_NEC_DECODER m
217 set_kernel_config CONFIG_IR_RC5_DECODER m
218 set_kernel_config CONFIG_IR_RC6_DECODER m
219 set_kernel_config CONFIG_IR_JVC_DECODER m
220 set_kernel_config CONFIG_IR_SONY_DECODER m
221 set_kernel_config CONFIG_IR_SANYO_DECODER m
222 set_kernel_config CONFIG_IR_SHARP_DECODER m
223 set_kernel_config CONFIG_IR_MCE_KBD_DECODER m
224 set_kernel_config CONFIG_IR_XMP_DECODER m
225 set_kernel_config CONFIG_IR_IMON_DECODER m
226 set_kernel_config CONFIG_RC_DEVICES y
227 set_kernel_config CONFIG_RC_ATI_REMOTE m
228 set_kernel_config CONFIG_IR_IMON m
229 set_kernel_config CONFIG_IR_MCEUSB m
230 set_kernel_config CONFIG_IR_REDRAT3 m
231 set_kernel_config CONFIG_IR_STREAMZAP m
232 set_kernel_config CONFIG_IR_IGUANA m
233 set_kernel_config CONFIG_IR_TTUSBIR m
234 set_kernel_config CONFIG_RC_LOOPBACK m
235 set_kernel_config CONFIG_IR_GPIO_CIR m
236 set_kernel_config CONFIG_IR_GPIO_TX m
237 set_kernel_config CONFIG_IR_PWM_TX m
238 set_kernel_config CONFIG_VIDEO_V4L2_SUBDEV_API y
239 set_kernel_config CONFIG_VIDEO_AU0828_RC y
240 set_kernel_config CONFIG_VIDEO_CX231XX m
241 set_kernel_config CONFIG_VIDEO_CX231XX_RC y
242 set_kernel_config CONFIG_VIDEO_CX231XX_ALSA m
243 set_kernel_config CONFIG_VIDEO_CX231XX_DVB m
244 set_kernel_config CONFIG_VIDEO_TM6000 m
245 set_kernel_config CONFIG_VIDEO_TM6000_ALSA m
246 set_kernel_config CONFIG_VIDEO_TM6000_DVB m
247 set_kernel_config CONFIG_DVB_USB m
248 set_kernel_config CONFIG_DVB_USB_DIB3000MC m
249 set_kernel_config CONFIG_DVB_USB_A800 m
250 set_kernel_config CONFIG_DVB_USB_DIBUSB_MB m
251 set_kernel_config CONFIG_DVB_USB_DIBUSB_MB_FAULTY y
252 set_kernel_config CONFIG_DVB_USB_DIBUSB_MC m
253 set_kernel_config CONFIG_DVB_USB_DIB0700 m
254 set_kernel_config CONFIG_DVB_USB_UMT_010 m
255 set_kernel_config CONFIG_DVB_USB_CXUSB m
256 set_kernel_config CONFIG_DVB_USB_M920X m
257 set_kernel_config CONFIG_DVB_USB_DIGITV m
258 set_kernel_config CONFIG_DVB_USB_VP7045 m
259 set_kernel_config CONFIG_DVB_USB_VP702X m
260 set_kernel_config CONFIG_DVB_USB_GP8PSK m
261 set_kernel_config CONFIG_DVB_USB_NOVA_T_USB2 m
262 set_kernel_config CONFIG_DVB_USB_TTUSB2 m
263 set_kernel_config CONFIG_DVB_USB_DTT200U m
264 set_kernel_config CONFIG_DVB_USB_OPERA1 m
265 set_kernel_config CONFIG_DVB_USB_AF9005 m
266 set_kernel_config CONFIG_DVB_USB_AF9005_REMOTE m
267 set_kernel_config CONFIG_DVB_USB_PCTV452E m
268 set_kernel_config CONFIG_DVB_USB_DW2102 m
269 set_kernel_config CONFIG_DVB_USB_CINERGY_T2 m
270 set_kernel_config CONFIG_DVB_USB_DTV5100 m
271 set_kernel_config CONFIG_DVB_USB_AZ6027 m
272 set_kernel_config CONFIG_DVB_USB_TECHNISAT_USB2 m
273 set_kernel_config CONFIG_DVB_USB_AF9015 m
274 set_kernel_config CONFIG_DVB_USB_LME2510 m
275 set_kernel_config CONFIG_DVB_USB_RTL28XXU m
276 set_kernel_config CONFIG_VIDEO_EM28XX_RC m
277 set_kernel_config CONFIG_SMS_SIANO_RC m
278 set_kernel_config CONFIG_VIDEO_IR_I2C m
279 set_kernel_config CONFIG_VIDEO_ADV7180 m
280 set_kernel_config CONFIG_VIDEO_TC358743 m
281 set_kernel_config CONFIG_VIDEO_OV5647 m
282 set_kernel_config CONFIG_DVB_M88DS3103 m
283 set_kernel_config CONFIG_DVB_AF9013 m
284 set_kernel_config CONFIG_DVB_RTL2830 m
285 set_kernel_config CONFIG_DVB_RTL2832 m
286 set_kernel_config CONFIG_DVB_SI2168 m
287 set_kernel_config CONFIG_DVB_GP8PSK_FE m
288 set_kernel_config CONFIG_DVB_USB m
289 set_kernel_config CONFIG_DVB_LGDT3306A m
290 set_kernel_config CONFIG_FB_SIMPLE y
291 set_kernel_config CONFIG_SND_BCM2708_SOC_IQAUDIO_CODEC m
292 set_kernel_config CONFIG_SND_BCM2708_SOC_I_SABRE_Q2M m
293 set_kernel_config CONFIG_SND_AUDIOSENSE_PI m
294 set_kernel_config CONFIG_SND_SOC_AD193X m
295 set_kernel_config CONFIG_SND_SOC_AD193X_SPI m
296 set_kernel_config CONFIG_SND_SOC_AD193X_I2C m
297 set_kernel_config CONFIG_SND_SOC_CS4265 m
298 set_kernel_config CONFIG_SND_SOC_DA7213 m
299 set_kernel_config CONFIG_SND_SOC_ICS43432 m
300 set_kernel_config CONFIG_SND_SOC_TLV320AIC32X4 m
301 set_kernel_config CONFIG_SND_SOC_TLV320AIC32X4_I2C m
302 set_kernel_config CONFIG_SND_SOC_I_SABRE_CODEC m
303 set_kernel_config CONFIG_HID_BIGBEN_FF m
304 #set_kernel_config CONFIG_USB_XHCI_PLATFORM y
305 set_kernel_config CONFIG_USB_TMC m
306 set_kernel_config CONFIG_USB_UAS y
307 set_kernel_config CONFIG_USBIP_VUDC m
308 set_kernel_config CONFIG_USB_CONFIGFS m
309 set_kernel_config CONFIG_USB_CONFIGFS_SERIAL y
310 set_kernel_config CONFIG_USB_CONFIGFS_ACM y
311 set_kernel_config CONFIG_USB_CONFIGFS_OBEX y
312 set_kernel_config CONFIG_USB_CONFIGFS_NCM y
313 set_kernel_config CONFIG_USB_CONFIGFS_ECM y
314 set_kernel_config CONFIG_USB_CONFIGFS_ECM_SUBSET y
315 set_kernel_config CONFIG_USB_CONFIGFS_RNDIS y
316 set_kernel_config CONFIG_USB_CONFIGFS_EEM y
317 set_kernel_config CONFIG_USB_CONFIGFS_MASS_STORAGE y
318 set_kernel_config CONFIG_USB_CONFIGFS_F_LB_SS y
319 set_kernel_config CONFIG_USB_CONFIGFS_F_FS y
320 set_kernel_config CONFIG_USB_CONFIGFS_F_UAC1 y
321 set_kernel_config CONFIG_USB_CONFIGFS_F_UAC2 y
322 set_kernel_config CONFIG_USB_CONFIGFS_F_MIDI y
323 set_kernel_config CONFIG_USB_CONFIGFS_F_HID y
324 set_kernel_config CONFIG_USB_CONFIGFS_F_UVC y
325 set_kernel_config CONFIG_USB_CONFIGFS_F_PRINTER y
326 set_kernel_config CONFIG_LEDS_PCA963X m
327 set_kernel_config CONFIG_LEDS_IS31FL32XX m
328 set_kernel_config CONFIG_LEDS_TRIGGER_NETDEV m
329 set_kernel_config CONFIG_RTC_DRV_RV3028 m
330 set_kernel_config CONFIG_AUXDISPLAY y
331 set_kernel_config CONFIG_HD44780 m
332 set_kernel_config CONFIG_FB_TFT_SH1106 m
333 set_kernel_config CONFIG_VIDEO_CODEC_BCM2835 m
334 set_kernel_config CONFIG_BCM2835_POWER y
335 set_kernel_config CONFIG_INV_MPU6050_IIO m
336 set_kernel_config CONFIG_INV_MPU6050_I2C m
337 set_kernel_config CONFIG_SECURITYFS y
338
339 # Safer to build this in
340 set_kernel_config CONFIG_BINFMT_MISC y
341
342 # pulseaudio wants a buffer of at least this size
343 set_kernel_config CONFIG_SND_HDA_PREALLOC_SIZE 2048
344
345 # PR#3063: enable 3D acceleration with 64-bit kernel on RPi4
346 # set the appropriate kernel configs unlocked by this PR
347 set_kernel_config CONFIG_ARCH_BCM y
348 set_kernel_config CONFIG_ARCH_BCM2835 y
349 set_kernel_config CONFIG_DRM_V3D m
350 set_kernel_config CONFIG_DRM_VC4 m
351 set_kernel_config CONFIG_DRM_VC4_HDMI_CEC y
352
353 # PR#3144: add arm64 pcie bounce buffers; enables 4GiB on RPi4
354 # required by PR#3144; should already be applied, but just to be safe
355 set_kernel_config CONFIG_PCIE_BRCMSTB y
356 set_kernel_config CONFIG_BCM2835_MMC y
357
358 # Snap needs squashfs. The ubuntu eoan-preinstalled-server image at
359 # http://cdimage.ubuntu.com/ubuntu-server/daily-preinstalled/current/ uses snap
360 # during cloud-init setup at first boot. Without this the login accounts are not
361 # created and the user can not login.
362 set_kernel_config CONFIG_SQUASHFS y
363
364 # Ceph support for Block Device (RBD) and Filesystem (FS)
365 # https://docs.ceph.com/docs/master/
366 set_kernel_config CONFIG_CEPH_LIB m
367 set_kernel_config CONFIG_CEPH_LIB_USE_DNS_RESOLVER y
368 set_kernel_config CONFIG_CEPH_FS m
369 set_kernel_config CONFIG_CEPH_FSCACHE y
370 set_kernel_config CONFIG_CEPH_FS_POSIX_ACL y
371 set_kernel_config CONFIG_BLK_DEV_RBD m
372
129 # enable basic KVM support; see https://www.raspberrypi.org/forums/viewtopic.php?f=63&t=210546&start=25#p1300453
373 # enable basic KVM support; see https://www.raspberrypi.org/forums/viewtopic.php?f=63&t=210546&start=25#p1300453
130 if [ "$KERNEL_VIRT" = true ] && { [ "$RPI_MODEL" = 2 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] || [ "$RPI_MODEL" = 4 ]; } ; then
374 if [ "$KERNEL_VIRT" = true ] && { [ "$RPI_MODEL" = 2 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] || [ "$RPI_MODEL" = 4 ]; } ; then
131 set_kernel_config CONFIG_HAVE_KVM y
375 set_kernel_config CONFIG_HAVE_KVM y
132 set_kernel_config CONFIG_HIGH_RES_TIMERS y
376 set_kernel_config CONFIG_HIGH_RES_TIMERS y
133 set_kernel_config CONFIG_HAVE_KVM_IRQCHIP y
377 set_kernel_config CONFIG_HAVE_KVM_IRQCHIP y
134 set_kernel_config CONFIG_HAVE_KVM_ARCH_TLB_FLUSH_ALL y
378 set_kernel_config CONFIG_HAVE_KVM_ARCH_TLB_FLUSH_ALL y
135 set_kernel_config CONFIG_HAVE_KVM_CPU_RELAX_INTERCEPT y
379 set_kernel_config CONFIG_HAVE_KVM_CPU_RELAX_INTERCEPT y
136 set_kernel_config CONFIG_HAVE_KVM_EVENTFD y
380 set_kernel_config CONFIG_HAVE_KVM_EVENTFD y
137 set_kernel_config CONFIG_HAVE_KVM_IRQFD y
381 set_kernel_config CONFIG_HAVE_KVM_IRQFD y
138 set_kernel_config CONFIG_HAVE_KVM_IRQ_ROUTING y
382 set_kernel_config CONFIG_HAVE_KVM_IRQ_ROUTING y
139 set_kernel_config CONFIG_HAVE_KVM_MSI y
383 set_kernel_config CONFIG_HAVE_KVM_MSI y
140 set_kernel_config CONFIG_KVM y
384 set_kernel_config CONFIG_KVM y
141 set_kernel_config CONFIG_KVM_ARM_HOST y
385 set_kernel_config CONFIG_KVM_ARM_HOST y
142 set_kernel_config CONFIG_KVM_ARM_PMU y
386 set_kernel_config CONFIG_KVM_ARM_PMU y
143 set_kernel_config CONFIG_KVM_COMPAT y
387 set_kernel_config CONFIG_KVM_COMPAT y
144 set_kernel_config CONFIG_KVM_GENERIC_DIRTYLOG_READ_PROTECT y
388 set_kernel_config CONFIG_KVM_GENERIC_DIRTYLOG_READ_PROTECT y
145 set_kernel_config CONFIG_KVM_MMIO y
389 set_kernel_config CONFIG_KVM_MMIO y
146 set_kernel_config CONFIG_KVM_VFIO y
390 set_kernel_config CONFIG_KVM_VFIO y
147 set_kernel_config CONFIG_KVM_MMU_AUDIT y
391 set_kernel_config CONFIG_KVM_MMU_AUDIT y
148 set_kernel_config CONFIG_VHOST m
392 set_kernel_config CONFIG_VHOST m
149 set_kernel_config CONFIG_VHOST_CROSS_ENDIAN_LEGACY y
393 set_kernel_config CONFIG_VHOST_CROSS_ENDIAN_LEGACY y
150 set_kernel_config CONFIG_VHOST_NET m
394 set_kernel_config CONFIG_VHOST_NET m
151 set_kernel_config CONFIG_VIRTUALIZATION y
395 set_kernel_config CONFIG_VIRTUALIZATION y
152 set_kernel_config CONFIG_MMU_NOTIFIER y
396 set_kernel_config CONFIG_MMU_NOTIFIER y
153
397
154 set_kernel_config CONFIG_SLAB_FREELIST_RANDOM=y
398 set_kernel_config CONFIG_SLAB_FREELIST_RANDOM=y
155 set_kernel_config CONFIG_SLAB_FREELIST_HARDENED=y
399 set_kernel_config CONFIG_SLAB_FREELIST_HARDENED=y
156
400
157 # erratum
401 # erratum
158 set_kernel_config ARM64_ERRATUM_834220 y
402 set_kernel_config ARM64_ERRATUM_834220 y
159 # https://sourceforge.net/p/kvm/mailman/message/18440797/
403 # https://sourceforge.net/p/kvm/mailman/message/18440797/
160 set_kernel_config CONFIG_PREEMPT_NOTIFIERS y
404 set_kernel_config CONFIG_PREEMPT_NOTIFIERS y
161 fi
405 fi
162
406
163 # enable apparmor,integrity audit,
407 # enable apparmor,integrity audit,
164 if [ "$KERNEL_SECURITY" = true ] ; then
408 if [ "$KERNEL_SECURITY" = true ] ; then
165
409
166 # security filesystem, security models and audit
410 # security filesystem, security models and audit
167 set_kernel_config CONFIG_SECURITYFS y
411 set_kernel_config CONFIG_SECURITYFS y
168 set_kernel_config CONFIG_SECURITY y
412 set_kernel_config CONFIG_SECURITY y
169 set_kernel_config CONFIG_AUDIT y
413 set_kernel_config CONFIG_AUDIT y
170
414
171 # harden strcpy and memcpy
415 # harden strcpy and memcpy
172 set_kernel_config CONFIG_HARDENED_USERCOPY y
416 set_kernel_config CONFIG_HARDENED_USERCOPY y
173 set_kernel_config CONFIG_HAVE_HARDENED_USERCOPY_ALLOCATOR y
417 set_kernel_config CONFIG_HAVE_HARDENED_USERCOPY_ALLOCATOR y
174 set_kernel_config CONFIG_FORTIFY_SOURCE y
418 set_kernel_config CONFIG_FORTIFY_SOURCE y
175
419
176 # integrity sub-system
420 # integrity sub-system
177 set_kernel_config CONFIG_INTEGRITY y
421 set_kernel_config CONFIG_INTEGRITY y
178 set_kernel_config CONFIG_INTEGRITY_ASYMMETRIC_KEYS y
422 set_kernel_config CONFIG_INTEGRITY_ASYMMETRIC_KEYS y
179 set_kernel_config CONFIG_INTEGRITY_AUDIT y
423 set_kernel_config CONFIG_INTEGRITY_AUDIT y
180 set_kernel_config CONFIG_INTEGRITY_SIGNATURE y
424 set_kernel_config CONFIG_INTEGRITY_SIGNATURE y
181 set_kernel_config CONFIG_INTEGRITY_TRUSTED_KEYRING y
425 set_kernel_config CONFIG_INTEGRITY_TRUSTED_KEYRING y
182
426
183 # This option provides support for retaining authentication tokens and access keys in the kernel.
427 # This option provides support for retaining authentication tokens and access keys in the kernel.
184 set_kernel_config CONFIG_KEYS y
428 set_kernel_config CONFIG_KEYS y
185 set_kernel_config CONFIG_KEYS_COMPAT y
429 set_kernel_config CONFIG_KEYS_COMPAT y
186
430
187 # Apparmor
431 # Apparmor
188 set_kernel_config CONFIG_SECURITY_APPARMOR_BOOTPARAM_VALUE 0
432 set_kernel_config CONFIG_SECURITY_APPARMOR_BOOTPARAM_VALUE 0
189 set_kernel_config CONFIG_SECURITY_APPARMOR_HASH_DEFAULT y
433 set_kernel_config CONFIG_SECURITY_APPARMOR_HASH_DEFAULT y
190 set_kernel_config CONFIG_DEFAULT_SECURITY_APPARMOR y
434 set_kernel_config CONFIG_DEFAULT_SECURITY_APPARMOR y
191 set_kernel_config CONFIG_SECURITY_APPARMOR y
435 set_kernel_config CONFIG_SECURITY_APPARMOR y
192 set_kernel_config CONFIG_SECURITY_APPARMOR_HASH y
436 set_kernel_config CONFIG_SECURITY_APPARMOR_HASH y
193 set_kernel_config CONFIG_DEFAULT_SECURITY "apparmor"
437 set_kernel_config CONFIG_DEFAULT_SECURITY "apparmor"
194
438
195 # restrictions on unprivileged users reading the kernel
439 # restrictions on unprivileged users reading the kernel
196 set_kernel_config CONFIG_SECURITY_DMESG_RESTRICT y
440 set_kernel_config CONFIG_SECURITY_DMESG_RESTRICT y
197
441
198 # network security hooks
442 # network security hooks
199 set_kernel_config CONFIG_SECURITY_NETWORK y
443 set_kernel_config CONFIG_SECURITY_NETWORK y
200 set_kernel_config CONFIG_SECURITY_NETWORK_XFRM y
444 set_kernel_config CONFIG_SECURITY_NETWORK_XFRM y
201 set_kernel_config CONFIG_SECURITY_PATH y
445 set_kernel_config CONFIG_SECURITY_PATH y
202 set_kernel_config CONFIG_SECURITY_YAMA n
446 set_kernel_config CONFIG_SECURITY_YAMA n
203
447
204 # New Options
205 if [ "$KERNEL_NF" = true ] ; then
206 set_kernel_config CONFIG_IP_NF_SECURITY m
207 set_kernel_config CONFIG_NETLABEL y
208 set_kernel_config CONFIG_IP6_NF_SECURITY m
209 fi
210 set_kernel_config CONFIG_SECURITY_SELINUX n
448 set_kernel_config CONFIG_SECURITY_SELINUX n
211 set_kernel_config CONFIG_SECURITY_SMACK n
449 set_kernel_config CONFIG_SECURITY_SMACK n
212 set_kernel_config CONFIG_SECURITY_TOMOYO n
450 set_kernel_config CONFIG_SECURITY_TOMOYO n
213 set_kernel_config CONFIG_SECURITY_APPARMOR_DEBUG n
451 set_kernel_config CONFIG_SECURITY_APPARMOR_DEBUG n
214 set_kernel_config CONFIG_SECURITY_LOADPIN n
452 set_kernel_config CONFIG_SECURITY_LOADPIN n
215 set_kernel_config CONFIG_HARDENED_USERCOPY_PAGESPAN n
453 set_kernel_config CONFIG_HARDENED_USERCOPY_PAGESPAN n
216 set_kernel_config CONFIG_IMA n
454 set_kernel_config CONFIG_IMA n
217 set_kernel_config CONFIG_EVM n
455 set_kernel_config CONFIG_EVM n
218 set_kernel_config CONFIG_FANOTIFY_ACCESS_PERMISSIONS y
456 set_kernel_config CONFIG_FANOTIFY_ACCESS_PERMISSIONS y
219 set_kernel_config CONFIG_NFSD_V4_SECURITY_LABEL y
457 set_kernel_config CONFIG_NFSD_V4_SECURITY_LABEL y
220 set_kernel_config CONFIG_PKCS7_MESSAGE_PARSER y
458 set_kernel_config CONFIG_PKCS7_MESSAGE_PARSER y
221 set_kernel_config CONFIG_SYSTEM_TRUSTED_KEYRING y
459 set_kernel_config CONFIG_SYSTEM_TRUSTED_KEYRING y
222 set_kernel_config CONFIG_SYSTEM_TRUSTED_KEYS y
223 set_kernel_config CONFIG_SYSTEM_EXTRA_CERTIFICATE y
460 set_kernel_config CONFIG_SYSTEM_EXTRA_CERTIFICATE y
224 set_kernel_config CONFIG_SECONDARY_TRUSTED_KEYRING y
461 set_kernel_config CONFIG_SECONDARY_TRUSTED_KEYRING y
225 set_kernel_config CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY n
462 set_kernel_config CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY n
226 set_kernel_config CONFIG_SYSTEM_TRUSTED_KEYS m
463 set_kernel_config CONFIG_SYSTEM_TRUSTED_KEYS m
227 set_kernel_config CONFIG_SYSTEM_EXTRA_CERTIFICATE_SIZE 4096
464 set_kernel_config CONFIG_SYSTEM_EXTRA_CERTIFICATE_SIZE 4096
228
465
229 set_kernel_config CONFIG_ARM64_CRYPTO y
466 set_kernel_config CONFIG_ARM64_CRYPTO y
230 set_kernel_config CONFIG_CRYPTO_SHA256_ARM64 m
467 set_kernel_config CONFIG_CRYPTO_SHA256_ARM64 m
231 set_kernel_config CONFIG_CRYPTO_SHA512_ARM64 m
468 set_kernel_config CONFIG_CRYPTO_SHA512_ARM64 m
232 set_kernel_config CONFIG_CRYPTO_SHA1_ARM64_CE m
469 set_kernel_config CONFIG_CRYPTO_SHA1_ARM64_CE m
233 set_kernel_config CRYPTO_GHASH_ARM64_CE m
470 set_kernel_config CRYPTO_GHASH_ARM64_CE m
234 set_kernel_config CRYPTO_SHA2_ARM64_CE m
471 set_kernel_config CRYPTO_SHA2_ARM64_CE m
235 set_kernel_config CONFIG_CRYPTO_CRCT10DIF_ARM64_CE m
472 set_kernel_config CONFIG_CRYPTO_CRCT10DIF_ARM64_CE m
236 set_kernel_config CONFIG_CRYPTO_CRC32_ARM64_CE m
473 set_kernel_config CONFIG_CRYPTO_CRC32_ARM64_CE m
237 set_kernel_config CONFIG_CRYPTO_AES_ARM64 m
474 set_kernel_config CONFIG_CRYPTO_AES_ARM64 m
238 set_kernel_config CONFIG_CRYPTO_AES_ARM64_CE m
475 set_kernel_config CONFIG_CRYPTO_AES_ARM64_CE m
239 set_kernel_config CONFIG_CRYPTO_AES_ARM64_CE_CCM y
476 set_kernel_config CONFIG_CRYPTO_AES_ARM64_CE_CCM y
240 set_kernel_config CONFIG_CRYPTO_AES_ARM64_CE_BLK y
477 set_kernel_config CONFIG_CRYPTO_AES_ARM64_CE_BLK y
241 set_kernel_config CONFIG_CRYPTO_AES_ARM64_NEON_BLK m
478 set_kernel_config CONFIG_CRYPTO_AES_ARM64_NEON_BLK m
242 set_kernel_config CONFIG_CRYPTO_CHACHA20_NEON m
479 set_kernel_config CONFIG_CRYPTO_CHACHA20_NEON m
243 set_kernel_config CONFIG_CRYPTO_AES_ARM64_BS m
480 set_kernel_config CONFIG_CRYPTO_AES_ARM64_BS m
244 set_kernel_config SYSTEM_TRUSTED_KEYS
245 fi
481 fi
246
482
247 # Netfilter kernel support See https://github.com/raspberrypi/linux/issues/2177#issuecomment-354647406
483 # Netfilter kernel support See https://github.com/raspberrypi/linux/issues/2177#issuecomment-354647406
248 if [ "$KERNEL_NF" = true ] ; then
484 if [ "$KERNEL_NF" = true ] ; then
485 set_kernel_config CONFIG_IP_NF_SECURITY m
486 set_kernel_config CONFIG_NETLABEL y
487 set_kernel_config CONFIG_IP6_NF_SECURITY m
249 set_kernel_config CONFIG_IP_NF_TARGET_SYNPROXY m
488 set_kernel_config CONFIG_IP_NF_TARGET_SYNPROXY m
250 set_kernel_config CONFIG_NETFILTER_XT_TARGET_AUDIT m
489 set_kernel_config CONFIG_NETFILTER_XT_TARGET_AUDIT m
251 set_kernel_config CONFIG_NETFILTER_XT_MATCH_CGROUP m
490 set_kernel_config CONFIG_NETFILTER_XT_MATCH_CGROUP m
252 set_kernel_config CONFIG_NETFILTER_XT_MATCH_IPCOMP m
491 set_kernel_config CONFIG_NETFILTER_XT_MATCH_IPCOMP m
253 set_kernel_config CONFIG_NETFILTER_XT_MATCH_SOCKET m
492 set_kernel_config CONFIG_NETFILTER_XT_MATCH_SOCKET m
254 set_kernel_config CONFIG_NFT_FIB_INET m
493 set_kernel_config CONFIG_NFT_FIB_INET m
255 set_kernel_config CONFIG_NFT_FIB_IPV4 m
494 set_kernel_config CONFIG_NFT_FIB_IPV4 m
256 set_kernel_config CONFIG_NFT_FIB_IPV6 m
495 set_kernel_config CONFIG_NFT_FIB_IPV6 m
257 set_kernel_config CONFIG_NFT_FIB_NETDEV m
496 set_kernel_config CONFIG_NFT_FIB_NETDEV m
258 set_kernel_config CONFIG_NFT_OBJREF m
497 set_kernel_config CONFIG_NFT_OBJREF m
259 set_kernel_config CONFIG_NFT_RT m
498 set_kernel_config CONFIG_NFT_RT m
260 set_kernel_config CONFIG_NFT_SET_BITMAP m
499 set_kernel_config CONFIG_NFT_SET_BITMAP m
261 set_kernel_config CONFIG_NF_CONNTRACK_TIMEOUT y
500 set_kernel_config CONFIG_NF_CONNTRACK_TIMEOUT y
262 set_kernel_config CONFIG_NF_LOG_ARP m
501 set_kernel_config CONFIG_NF_LOG_ARP m
263 set_kernel_config CONFIG_NF_SOCKET_IPV4 m
502 set_kernel_config CONFIG_NF_SOCKET_IPV4 m
264 set_kernel_config CONFIG_NF_SOCKET_IPV6 m
503 set_kernel_config CONFIG_NF_SOCKET_IPV6 m
265 set_kernel_config CONFIG_BRIDGE_EBT_BROUTE m
504 set_kernel_config CONFIG_BRIDGE_EBT_BROUTE m
266 set_kernel_config CONFIG_BRIDGE_EBT_T_FILTER m
505 set_kernel_config CONFIG_BRIDGE_EBT_T_FILTER m
267 set_kernel_config CONFIG_BRIDGE_NF_EBTABLES m
506 set_kernel_config CONFIG_BRIDGE_NF_EBTABLES m
268 set_kernel_config CONFIG_IP6_NF_IPTABLES m
507 set_kernel_config CONFIG_IP6_NF_IPTABLES m
269 set_kernel_config CONFIG_IP6_NF_MATCH_AH m
508 set_kernel_config CONFIG_IP6_NF_MATCH_AH m
270 set_kernel_config CONFIG_IP6_NF_MATCH_EUI64 m
509 set_kernel_config CONFIG_IP6_NF_MATCH_EUI64 m
271 set_kernel_config CONFIG_IP6_NF_NAT m
510 set_kernel_config CONFIG_IP6_NF_NAT m
272 set_kernel_config CONFIG_IP6_NF_TARGET_MASQUERADE m
511 set_kernel_config CONFIG_IP6_NF_TARGET_MASQUERADE m
273 set_kernel_config CONFIG_IP6_NF_TARGET_NPT m
512 set_kernel_config CONFIG_IP6_NF_TARGET_NPT m
274 set_kernel_config CONFIG_IP_NF_SECURITY m
275 set_kernel_config CONFIG_IP_SET_BITMAP_IPMAC m
513 set_kernel_config CONFIG_IP_SET_BITMAP_IPMAC m
276 set_kernel_config CONFIG_IP_SET_BITMAP_PORT m
514 set_kernel_config CONFIG_IP_SET_BITMAP_PORT m
277 set_kernel_config CONFIG_IP_SET_HASH_IP m
515 set_kernel_config CONFIG_IP_SET_HASH_IP m
278 set_kernel_config CONFIG_IP_SET_HASH_IPMARK m
516 set_kernel_config CONFIG_IP_SET_HASH_IPMARK m
279 set_kernel_config CONFIG_IP_SET_HASH_IPPORT m
517 set_kernel_config CONFIG_IP_SET_HASH_IPPORT m
280 set_kernel_config CONFIG_IP_SET_HASH_IPPORTIP m
518 set_kernel_config CONFIG_IP_SET_HASH_IPPORTIP m
281 set_kernel_config CONFIG_IP_SET_HASH_IPPORTNET m
519 set_kernel_config CONFIG_IP_SET_HASH_IPPORTNET m
282 set_kernel_config CONFIG_IP_SET_HASH_MAC m
520 set_kernel_config CONFIG_IP_SET_HASH_MAC m
283 set_kernel_config CONFIG_IP_SET_HASH_NET m
521 set_kernel_config CONFIG_IP_SET_HASH_NET m
284 set_kernel_config CONFIG_IP_SET_HASH_NETIFACE m
522 set_kernel_config CONFIG_IP_SET_HASH_NETIFACE m
285 set_kernel_config CONFIG_IP_SET_HASH_NETNET m
523 set_kernel_config CONFIG_IP_SET_HASH_NETNET m
286 set_kernel_config CONFIG_IP_SET_HASH_NETPORT m
524 set_kernel_config CONFIG_IP_SET_HASH_NETPORT m
287 set_kernel_config CONFIG_IP_SET_HASH_NETPORTNET m
525 set_kernel_config CONFIG_IP_SET_HASH_NETPORTNET m
288 set_kernel_config CONFIG_IP_SET_LIST_SET m
526 set_kernel_config CONFIG_IP_SET_LIST_SET m
289 set_kernel_config CONFIG_NETFILTER_XTABLES m
527 set_kernel_config CONFIG_NETFILTER_XTABLES m
290 set_kernel_config CONFIG_NETFILTER_XTABLES m
528 set_kernel_config CONFIG_NETFILTER_XTABLES m
291 set_kernel_config CONFIG_NFT_BRIDGE_META m
529 set_kernel_config CONFIG_NFT_BRIDGE_META m
292 set_kernel_config CONFIG_NFT_BRIDGE_REJECT m
530 set_kernel_config CONFIG_NFT_BRIDGE_REJECT m
293 set_kernel_config CONFIG_NFT_CHAIN_NAT_IPV4 m
531 set_kernel_config CONFIG_NFT_CHAIN_NAT_IPV4 m
294 set_kernel_config CONFIG_NFT_CHAIN_NAT_IPV6 m
532 set_kernel_config CONFIG_NFT_CHAIN_NAT_IPV6 m
295 set_kernel_config CONFIG_NFT_CHAIN_ROUTE_IPV4 m
533 set_kernel_config CONFIG_NFT_CHAIN_ROUTE_IPV4 m
296 set_kernel_config CONFIG_NFT_CHAIN_ROUTE_IPV6 m
534 set_kernel_config CONFIG_NFT_CHAIN_ROUTE_IPV6 m
297 set_kernel_config CONFIG_NFT_COMPAT m
535 set_kernel_config CONFIG_NFT_COMPAT m
298 set_kernel_config CONFIG_NFT_COUNTER m
536 set_kernel_config CONFIG_NFT_COUNTER m
299 set_kernel_config CONFIG_NFT_CT m
537 set_kernel_config CONFIG_NFT_CT m
300 set_kernel_config CONFIG_NFT_DUP_IPV4 m
538 set_kernel_config CONFIG_NFT_DUP_IPV4 m
301 set_kernel_config CONFIG_NFT_DUP_IPV6 m
539 set_kernel_config CONFIG_NFT_DUP_IPV6 m
302 set_kernel_config CONFIG_NFT_DUP_NETDEV m
540 set_kernel_config CONFIG_NFT_DUP_NETDEV m
303 set_kernel_config CONFIG_NFT_EXTHDR m
541 set_kernel_config CONFIG_NFT_EXTHDR m
304 set_kernel_config CONFIG_NFT_FWD_NETDEV m
542 set_kernel_config CONFIG_NFT_FWD_NETDEV m
305 set_kernel_config CONFIG_NFT_HASH m
543 set_kernel_config CONFIG_NFT_HASH m
306 set_kernel_config CONFIG_NFT_LIMIT m
544 set_kernel_config CONFIG_NFT_LIMIT m
307 set_kernel_config CONFIG_NFT_LOG m
545 set_kernel_config CONFIG_NFT_LOG m
308 set_kernel_config CONFIG_NFT_MASQ m
546 set_kernel_config CONFIG_NFT_MASQ m
309 set_kernel_config CONFIG_NFT_MASQ_IPV4 m
547 set_kernel_config CONFIG_NFT_MASQ_IPV4 m
310 set_kernel_config CONFIG_NFT_MASQ_IPV6 m
548 set_kernel_config CONFIG_NFT_MASQ_IPV6 m
311 set_kernel_config CONFIG_NFT_META m
549 set_kernel_config CONFIG_NFT_META m
312 set_kernel_config CONFIG_NFT_NAT m
550 set_kernel_config CONFIG_NFT_NAT m
313 set_kernel_config CONFIG_NFT_NUMGEN m
551 set_kernel_config CONFIG_NFT_NUMGEN m
314 set_kernel_config CONFIG_NFT_QUEUE m
552 set_kernel_config CONFIG_NFT_QUEUE m
315 set_kernel_config CONFIG_NFT_QUOTA m
553 set_kernel_config CONFIG_NFT_QUOTA m
316 set_kernel_config CONFIG_NFT_REDIR m
554 set_kernel_config CONFIG_NFT_REDIR m
317 set_kernel_config CONFIG_NFT_REDIR_IPV4 m
555 set_kernel_config CONFIG_NFT_REDIR_IPV4 m
318 set_kernel_config CONFIG_NFT_REDIR_IPV6 m
556 set_kernel_config CONFIG_NFT_REDIR_IPV6 m
319 set_kernel_config CONFIG_NFT_REJECT m
557 set_kernel_config CONFIG_NFT_REJECT m
320 set_kernel_config CONFIG_NFT_REJECT_INET m
558 set_kernel_config CONFIG_NFT_REJECT_INET m
321 set_kernel_config CONFIG_NFT_REJECT_IPV4 m
559 set_kernel_config CONFIG_NFT_REJECT_IPV4 m
322 set_kernel_config CONFIG_NFT_REJECT_IPV6 m
560 set_kernel_config CONFIG_NFT_REJECT_IPV6 m
323 set_kernel_config CONFIG_NFT_SET_HASH m
561 set_kernel_config CONFIG_NFT_SET_HASH m
324 set_kernel_config CONFIG_NFT_SET_RBTREE m
562 set_kernel_config CONFIG_NFT_SET_RBTREE m
325 set_kernel_config CONFIG_NF_CONNTRACK_IPV4 m
563 set_kernel_config CONFIG_NF_CONNTRACK_IPV4 m
326 set_kernel_config CONFIG_NF_CONNTRACK_IPV6 m
564 set_kernel_config CONFIG_NF_CONNTRACK_IPV6 m
327 set_kernel_config CONFIG_NF_DEFRAG_IPV4 m
565 set_kernel_config CONFIG_NF_DEFRAG_IPV4 m
328 set_kernel_config CONFIG_NF_DEFRAG_IPV6 m
566 set_kernel_config CONFIG_NF_DEFRAG_IPV6 m
329 set_kernel_config CONFIG_NF_DUP_IPV4 m
567 set_kernel_config CONFIG_NF_DUP_IPV4 m
330 set_kernel_config CONFIG_NF_DUP_IPV6 m
568 set_kernel_config CONFIG_NF_DUP_IPV6 m
331 set_kernel_config CONFIG_NF_DUP_NETDEV m
569 set_kernel_config CONFIG_NF_DUP_NETDEV m
332 set_kernel_config CONFIG_NF_LOG_BRIDGE m
570 set_kernel_config CONFIG_NF_LOG_BRIDGE m
333 set_kernel_config CONFIG_NF_LOG_IPV4 m
571 set_kernel_config CONFIG_NF_LOG_IPV4 m
334 set_kernel_config CONFIG_NF_LOG_IPV6 m
572 set_kernel_config CONFIG_NF_LOG_IPV6 m
335 set_kernel_config CONFIG_NF_NAT_IPV4 m
573 set_kernel_config CONFIG_NF_NAT_IPV4 m
336 set_kernel_config CONFIG_NF_NAT_IPV6 m
574 set_kernel_config CONFIG_NF_NAT_IPV6 m
337 set_kernel_config CONFIG_NF_NAT_MASQUERADE_IPV4 y
575 set_kernel_config CONFIG_NF_NAT_MASQUERADE_IPV4 y
338 set_kernel_config CONFIG_NF_NAT_MASQUERADE_IPV6 y
576 set_kernel_config CONFIG_NF_NAT_MASQUERADE_IPV6 y
339 set_kernel_config CONFIG_NF_NAT_PPTP m
577 set_kernel_config CONFIG_NF_NAT_PPTP m
340 set_kernel_config CONFIG_NF_NAT_PROTO_GRE m
578 set_kernel_config CONFIG_NF_NAT_PROTO_GRE m
341 set_kernel_config CONFIG_NF_NAT_REDIRECT y
579 set_kernel_config CONFIG_NF_NAT_REDIRECT y
342 set_kernel_config CONFIG_NF_NAT_SIP m
580 set_kernel_config CONFIG_NF_NAT_SIP m
343 set_kernel_config CONFIG_NF_NAT_SNMP_BASIC m
581 set_kernel_config CONFIG_NF_NAT_SNMP_BASIC m
344 set_kernel_config CONFIG_NF_NAT_TFTP m
582 set_kernel_config CONFIG_NF_NAT_TFTP m
345 set_kernel_config CONFIG_NF_REJECT_IPV4 m
583 set_kernel_config CONFIG_NF_REJECT_IPV4 m
346 set_kernel_config CONFIG_NF_REJECT_IPV6 m
584 set_kernel_config CONFIG_NF_REJECT_IPV6 m
347 set_kernel_config CONFIG_NF_TABLES m
585 set_kernel_config CONFIG_NF_TABLES m
348 set_kernel_config CONFIG_NF_TABLES_ARP m
586 set_kernel_config CONFIG_NF_TABLES_ARP m
349 set_kernel_config CONFIG_NF_TABLES_BRIDGE m
587 set_kernel_config CONFIG_NF_TABLES_BRIDGE m
350 set_kernel_config CONFIG_NF_TABLES_INET m
588 set_kernel_config CONFIG_NF_TABLES_INET m
351 set_kernel_config CONFIG_NF_TABLES_IPV4 y
589 set_kernel_config CONFIG_NF_TABLES_IPV4 y
352 set_kernel_config CONFIG_NF_TABLES_IPV6 y
590 set_kernel_config CONFIG_NF_TABLES_IPV6 y
353 set_kernel_config CONFIG_NF_TABLES_NETDEV m
591 set_kernel_config CONFIG_NF_TABLES_NETDEV m
354 set_kernel_config CONFIG_NF_TABLES_SET m
592 set_kernel_config CONFIG_NF_TABLES_SET m
355 set_kernel_config CONFIG_NF_TABLES_INET y
593 set_kernel_config CONFIG_NF_TABLES_INET y
356 set_kernel_config CONFIG_NF_TABLES_NETDEV y
594 set_kernel_config CONFIG_NF_TABLES_NETDEV y
357 set_kernel_config CONFIG_NFT_CONNLIMIT m
595 set_kernel_config CONFIG_NFT_CONNLIMIT m
358 set_kernel_config CONFIG_NFT_TUNNEL m
596 set_kernel_config CONFIG_NFT_TUNNEL m
359 set_kernel_config CONFIG_NFT_SOCKET m
597 set_kernel_config CONFIG_NFT_SOCKET m
360 set_kernel_config CONFIG_NFT_TPROXY m
598 set_kernel_config CONFIG_NFT_TPROXY m
361 set_kernel_config CONFIG_NF_FLOW_TABLE m
599 set_kernel_config CONFIG_NF_FLOW_TABLE m
362 set_kernel_config CONFIG_NFT_FLOW_OFFLOAD m
600 set_kernel_config CONFIG_NFT_FLOW_OFFLOAD m
363 set_kernel_config CONFIG_NF_FLOW_TABLE_INET m
601 set_kernel_config CONFIG_NF_FLOW_TABLE_INET m
364 set_kernel_config CONFIG_NF_TABLES_ARP y
602 set_kernel_config CONFIG_NF_TABLES_ARP y
365 set_kernel_config CONFIG_NF_FLOW_TABLE_IPV4 y
603 set_kernel_config CONFIG_NF_FLOW_TABLE_IPV4 y
366 set_kernel_config CONFIG_NF_FLOW_TABLE_IPV6 y
604 set_kernel_config CONFIG_NF_FLOW_TABLE_IPV6 y
367 set_kernel_config CONFIG_NF_TABLES_BRIDGE y
605 set_kernel_config CONFIG_NF_TABLES_BRIDGE y
368 set_kernel_config CONFIG_NF_CT_NETLINK_TIMEOUT m
606 set_kernel_config CONFIG_NF_CT_NETLINK_TIMEOUT m
369 set_kernel_config CONFIG_NFT_OSF m
607 set_kernel_config CONFIG_NFT_OSF m
370
608
371 fi
609 fi
372
610
373 # Enables BPF syscall for systemd-journald see https://github.com/torvalds/linux/blob/master/init/Kconfig#L848 or https://groups.google.com/forum/#!topic/linux.gentoo.user/_2aSc_ztGpA
611 # Enables BPF syscall for systemd-journald see https://github.com/torvalds/linux/blob/master/init/Kconfig#L848 or https://groups.google.com/forum/#!topic/linux.gentoo.user/_2aSc_ztGpA
374 if [ "$KERNEL_BPF" = true ] ; then
612 if [ "$KERNEL_BPF" = true ] ; then
375 set_kernel_config CONFIG_BPF_SYSCALL y
613 set_kernel_config CONFIG_BPF_SYSCALL y
376 set_kernel_config CONFIG_BPF_EVENTS y
614 set_kernel_config CONFIG_BPF_EVENTS y
377 set_kernel_config CONFIG_BPF_STREAM_PARSER y
615 set_kernel_config CONFIG_BPF_STREAM_PARSER y
378 set_kernel_config CONFIG_CGROUP_BPF y
616 set_kernel_config CONFIG_CGROUP_BPF y
379 set_kernel_config CONFIG_XDP_SOCKETS y
617 set_kernel_config CONFIG_XDP_SOCKETS y
380 fi
618 fi
381
619
382 # KERNEL_DEFAULT_GOV was set by user
620 # KERNEL_DEFAULT_GOV was set by user
383 if [ "$KERNEL_DEFAULT_GOV" != powersave ] && [ -n "$KERNEL_DEFAULT_GOV" ] ; then
621 if [ "$KERNEL_DEFAULT_GOV" != powersave ] && [ -n "$KERNEL_DEFAULT_GOV" ] ; then
384
622
385 case "$KERNEL_DEFAULT_GOV" in
623 case "$KERNEL_DEFAULT_GOV" in
386 performance)
624 performance)
387 set_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_PERFORMANCE y
625 set_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_PERFORMANCE y
388 ;;
626 ;;
389 userspace)
627 userspace)
390 set_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_USERSPACE y
628 set_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_USERSPACE y
391 ;;
629 ;;
392 ondemand)
630 ondemand)
393 set_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_ONDEMAND y
631 set_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_ONDEMAND y
394 ;;
632 ;;
395 conservative)
633 conservative)
396 set_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_CONSERVATIVE y
634 set_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_CONSERVATIVE y
397 ;;
635 ;;
398 shedutil)
636 shedutil)
399 set_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_SCHEDUTIL y
637 set_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_SCHEDUTIL y
400 ;;
638 ;;
401 *)
639 *)
402 echo "error: unsupported default cpu governor"
640 echo "error: unsupported default cpu governor"
403 exit 1
641 exit 1
404 ;;
642 ;;
405 esac
643 esac
406
644
407 # unset previous default governor
645 # unset previous default governor
408 unset_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_POWERSAVE
646 unset_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_POWERSAVE
409 fi
647 fi
410
648
411 #Revert to previous directory
649 #Revert to previous directory
412 cd "${WORKDIR}" || exit
650 cd "${WORKDIR}" || exit
413
651
414 # Set kernel configuration parameters to enable qemu emulation
652 # Set kernel configuration parameters to enable qemu emulation
415 if [ "$ENABLE_QEMU" = true ] ; then
653 if [ "$ENABLE_QEMU" = true ] ; then
416 echo "CONFIG_FHANDLE=y" >> "${KERNEL_DIR}"/.config
654 echo "CONFIG_FHANDLE=y" >> "${KERNEL_DIR}"/.config
417 echo "CONFIG_LBDAF=y" >> "${KERNEL_DIR}"/.config
655 echo "CONFIG_LBDAF=y" >> "${KERNEL_DIR}"/.config
418
656
419 if [ "$KERNEL_CRYPTFS" = true ] ; then
657 if [ "$KERNEL_CRYPTFS" = true ] ; then
420 {
658 {
421 echo "CONFIG_EMBEDDED=y"
659 echo "CONFIG_EMBEDDED=y"
422 echo "CONFIG_EXPERT=y"
660 echo "CONFIG_EXPERT=y"
423 echo "CONFIG_DAX=y"
661 echo "CONFIG_DAX=y"
424 echo "CONFIG_MD=y"
662 echo "CONFIG_MD=y"
425 echo "CONFIG_BLK_DEV_MD=y"
663 echo "CONFIG_BLK_DEV_MD=y"
426 echo "CONFIG_MD_AUTODETECT=y"
664 echo "CONFIG_MD_AUTODETECT=y"
427 echo "CONFIG_BLK_DEV_DM=y"
665 echo "CONFIG_BLK_DEV_DM=y"
428 echo "CONFIG_BLK_DEV_DM_BUILTIN=y"
666 echo "CONFIG_BLK_DEV_DM_BUILTIN=y"
429 echo "CONFIG_DM_CRYPT=y"
667 echo "CONFIG_DM_CRYPT=y"
430 echo "CONFIG_CRYPTO_BLKCIPHER=y"
668 echo "CONFIG_CRYPTO_BLKCIPHER=y"
431 echo "CONFIG_CRYPTO_CBC=y"
669 echo "CONFIG_CRYPTO_CBC=y"
432 echo "CONFIG_CRYPTO_XTS=y"
670 echo "CONFIG_CRYPTO_XTS=y"
433 echo "CONFIG_CRYPTO_SHA512=y"
671 echo "CONFIG_CRYPTO_SHA512=y"
434 echo "CONFIG_CRYPTO_MANAGER=y"
672 echo "CONFIG_CRYPTO_MANAGER=y"
435 } >> "${KERNEL_DIR}"/.config
673 } >> "${KERNEL_DIR}"/.config
436 fi
674 fi
437 fi
675 fi
438
676
439 # Copy custom kernel configuration file
677 # Copy custom kernel configuration file
440 if [ -n "$KERNELSRC_USRCONFIG" ] ; then
678 if [ -n "$KERNELSRC_USRCONFIG" ] ; then
441 cp "$KERNELSRC_USRCONFIG" "${KERNEL_DIR}"/.config
679 cp "$KERNELSRC_USRCONFIG" "${KERNEL_DIR}"/.config
442 fi
680 fi
443
681
444 # Set kernel configuration parameters to their default values
682 # Set kernel configuration parameters to their default values
445 if [ "$KERNEL_OLDDEFCONFIG" = true ] ; then
683 if [ "$KERNEL_OLDDEFCONFIG" = true ] ; then
446 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" olddefconfig
684 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" olddefconfig
447 fi
685 fi
448
686
449 # Start menu-driven kernel configuration (interactive)
687 # Start menu-driven kernel configuration (interactive)
450 if [ "$KERNEL_MENUCONFIG" = true ] ; then
688 if [ "$KERNEL_MENUCONFIG" = true ] ; then
451 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" menuconfig
689 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" menuconfig
452 fi
690 fi
453 # end if "$KERNELSRC_CONFIG" = true
691 # end if "$KERNELSRC_CONFIG" = true
454 fi
692 fi
455
693
456 # Use ccache to cross compile the kernel
694 # Use ccache to cross compile the kernel
457 if [ "$KERNEL_CCACHE" = true ] ; then
695 if [ "$KERNEL_CCACHE" = true ] ; then
458 cc="ccache ${CROSS_COMPILE}gcc"
696 cc="ccache ${CROSS_COMPILE}gcc"
459 else
697 else
460 cc="${CROSS_COMPILE}gcc"
698 cc="${CROSS_COMPILE}gcc"
461 fi
699 fi
462
700
463 # Cross compile kernel and dtbs
701 # Cross compile kernel and dtbs
464 make -C "${KERNEL_DIR}" -j"${KERNEL_THREADS}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" CC="${cc}" "${KERNEL_BIN_IMAGE}" dtbs
702 make -C "${KERNEL_DIR}" -j"${KERNEL_THREADS}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" CC="${cc}" "${KERNEL_BIN_IMAGE}" dtbs
465
703
466 # Cross compile kernel modules
704 # Cross compile kernel modules
467 if grep -q "CONFIG_MODULES=y" "${KERNEL_DIR}/.config" ; then
705 if grep -q "CONFIG_MODULES=y" "${KERNEL_DIR}/.config" ; then
468 make -C "${KERNEL_DIR}" -j"${KERNEL_THREADS}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" CC="${cc}" modules
706 make -C "${KERNEL_DIR}" -j"${KERNEL_THREADS}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" CC="${cc}" modules
469 fi
707 fi
470 # end if "$KERNELSRC_PREBUILT" = false
708 # end if "$KERNELSRC_PREBUILT" = false
471 fi
709 fi
472
710
473 # Check if kernel compilation was successful
711 # Check if kernel compilation was successful
474 if [ ! -r "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/${KERNEL_BIN_IMAGE}" ] ; then
712 if [ ! -r "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/${KERNEL_BIN_IMAGE}" ] ; then
475 echo "error: kernel compilation failed! (kernel image not found)"
713 echo "error: kernel compilation failed! (kernel image not found)"
476 cleanup
714 cleanup
477 exit 1
715 exit 1
478 fi
716 fi
479
717
480 # Install kernel modules
718 # Install kernel modules
481 if [ "$ENABLE_REDUCE" = true ] ; then
719 if [ "$ENABLE_REDUCE" = true ] ; then
482 if grep -q "CONFIG_MODULES=y" "${KERNEL_DIR}/.config" ; then
720 if grep -q "CONFIG_MODULES=y" "${KERNEL_DIR}/.config" ; then
483 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_MOD_STRIP=1 INSTALL_MOD_PATH=../../.. modules_install
721 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_MOD_STRIP=1 INSTALL_MOD_PATH=../../.. modules_install
484 fi
722 fi
485 else
723 else
486 if grep -q "CONFIG_MODULES=y" "${KERNEL_DIR}/.config" ; then
724 if grep -q "CONFIG_MODULES=y" "${KERNEL_DIR}/.config" ; then
487 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_MOD_PATH=../../.. modules_install
725 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_MOD_PATH=../../.. modules_install
488 fi
726 fi
489
727
490 # Install kernel firmware
728 # Install kernel firmware
491 if grep -q "^firmware_install:" "${KERNEL_DIR}/Makefile" ; then
729 if grep -q "^firmware_install:" "${KERNEL_DIR}/Makefile" ; then
492 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_FW_PATH=../../../lib firmware_install
730 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_FW_PATH=../../../lib firmware_install
493 fi
731 fi
494 fi
732 fi
495
733
496 # Install kernel headers
734 # Install kernel headers
497 if [ "$KERNEL_HEADERS" = true ] && [ "$KERNEL_REDUCE" = false ] ; then
735 if [ "$KERNEL_HEADERS" = true ] && [ "$KERNEL_REDUCE" = false ] ; then
498 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_HDR_PATH=../.. headers_install
736 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_HDR_PATH=../.. headers_install
499 fi
737 fi
500
738
501 # Prepare boot (firmware) directory
739 # Prepare boot (firmware) directory
502 mkdir "${BOOT_DIR}"
740 mkdir "${BOOT_DIR}"
503
741
504 # Get kernel release version
742 # Get kernel release version
505 KERNEL_VERSION=$(cat "${KERNEL_DIR}/include/config/kernel.release")
743 KERNEL_VERSION=$(cat "${KERNEL_DIR}/include/config/kernel.release")
506
744
507 # Copy kernel configuration file to the boot directory
745 # Copy kernel configuration file to the boot directory
508 install_readonly "${KERNEL_DIR}/.config" "${R}/boot/config-${KERNEL_VERSION}"
746 install_readonly "${KERNEL_DIR}/.config" "${R}/boot/config-${KERNEL_VERSION}"
509
747
510 # Prepare device tree directory
748 # Prepare device tree directory
511 mkdir "${BOOT_DIR}/overlays"
749 mkdir "${BOOT_DIR}/overlays"
512
750
513 # Ensure the proper .dtb is located
751 # Ensure the proper .dtb is located
514 if [ "$KERNEL_ARCH" = "arm" ] ; then
752 if [ "$KERNEL_ARCH" = "arm" ] ; then
515 for dtb in "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/"*.dtb ; do
753 for dtb in "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/"*.dtb ; do
516 if [ -f "${dtb}" ] ; then
754 if [ -f "${dtb}" ] ; then
517 install_readonly "${dtb}" "${BOOT_DIR}/"
755 install_readonly "${dtb}" "${BOOT_DIR}/"
518 fi
756 fi
519 done
757 done
520 else
758 else
521 for dtb in "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/broadcom/"*.dtb ; do
759 for dtb in "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/broadcom/"*.dtb ; do
522 if [ -f "${dtb}" ] ; then
760 if [ -f "${dtb}" ] ; then
523 install_readonly "${dtb}" "${BOOT_DIR}/"
761 install_readonly "${dtb}" "${BOOT_DIR}/"
524 fi
762 fi
525 done
763 done
526 fi
764 fi
527
765
528 # Copy compiled dtb device tree files
766 # Copy compiled dtb device tree files
529 if [ -d "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays" ] ; then
767 if [ -d "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays" ] ; then
530 for dtb in "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays/"*.dtbo ; do
768 for dtb in "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays/"*.dtbo ; do
531 if [ -f "${dtb}" ] ; then
769 if [ -f "${dtb}" ] ; then
532 install_readonly "${dtb}" "${BOOT_DIR}/overlays/"
770 install_readonly "${dtb}" "${BOOT_DIR}/overlays/"
533 fi
771 fi
534 done
772 done
535
773
536 if [ -f "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays/README" ] ; then
774 if [ -f "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays/README" ] ; then
537 install_readonly "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays/README" "${BOOT_DIR}/overlays/README"
775 install_readonly "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays/README" "${BOOT_DIR}/overlays/README"
538 fi
776 fi
539 fi
777 fi
540
778
541 if [ "$ENABLE_UBOOT" = false ] ; then
779 if [ "$ENABLE_UBOOT" = false ] ; then
542 # Convert and copy kernel image to the boot directory
780 # Convert and copy kernel image to the boot directory
543 "${KERNEL_DIR}/scripts/mkknlimg" "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/${KERNEL_BIN_IMAGE}" "${BOOT_DIR}/${KERNEL_IMAGE}"
781 "${KERNEL_DIR}/scripts/mkknlimg" "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/${KERNEL_BIN_IMAGE}" "${BOOT_DIR}/${KERNEL_IMAGE}"
544 else
782 else
545 # Copy kernel image to the boot directory
783 # Copy kernel image to the boot directory
546 install_readonly "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/${KERNEL_BIN_IMAGE}" "${BOOT_DIR}/${KERNEL_IMAGE}"
784 install_readonly "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/${KERNEL_BIN_IMAGE}" "${BOOT_DIR}/${KERNEL_IMAGE}"
547 fi
785 fi
548
786
549 # Remove kernel sources
787 # Remove kernel sources
550 if [ "$KERNEL_REMOVESRC" = true ] ; then
788 if [ "$KERNEL_REMOVESRC" = true ] ; then
551 rm -fr "${KERNEL_DIR}"
789 rm -fr "${KERNEL_DIR}"
552 else
790 else
553 # Prepare compiled kernel modules
791 # Prepare compiled kernel modules
554 if grep -q "CONFIG_MODULES=y" "${KERNEL_DIR}/.config" ; then
792 if grep -q "CONFIG_MODULES=y" "${KERNEL_DIR}/.config" ; then
555 if grep -q "^modules_prepare:" "${KERNEL_DIR}/Makefile" ; then
793 if grep -q "^modules_prepare:" "${KERNEL_DIR}/Makefile" ; then
556 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" modules_prepare
794 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" modules_prepare
557 fi
795 fi
558
796
559 # Create symlinks for kernel modules
797 # Create symlinks for kernel modules
560 chroot_exec ln -sf /usr/src/linux "/lib/modules/${KERNEL_VERSION}/build"
798 chroot_exec ln -sf /usr/src/linux "/lib/modules/${KERNEL_VERSION}/build"
561 chroot_exec ln -sf /usr/src/linux "/lib/modules/${KERNEL_VERSION}/source"
799 chroot_exec ln -sf /usr/src/linux "/lib/modules/${KERNEL_VERSION}/source"
562 fi
800 fi
563 fi
801 fi
564
802
565 else # BUILD_KERNEL=false
803 else # BUILD_KERNEL=false
566 if [ "$SET_ARCH" = 64 ] ; then
804 if [ "$SET_ARCH" = 64 ] ; then
567 if [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then
805 if [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then
568 # Use Sakakis modified kernel if ZSWAP is active
806 # Use Sakakis modified kernel if ZSWAP is active
569 if [ "$KERNEL_ZSWAP" = true ] || [ "$KERNEL_VIRT" = true ] || [ "$KERNEL_NF" = true ] || [ "$KERNEL_BPF" = true ] ; then
807 if [ "$KERNEL_ZSWAP" = true ] || [ "$KERNEL_VIRT" = true ] || [ "$KERNEL_NF" = true ] || [ "$KERNEL_BPF" = true ] ; then
570 RPI3_64_KERNEL_URL="${RPI3_64_BIS_KERNEL_URL}"
808 RPI3_64_KERNEL_URL="${RPI3_64_BIS_KERNEL_URL}"
571 fi
809 fi
572
810
573 # Create temporary directory for dl
811 # Create temporary directory for dl
574 temp_dir=$(as_nobody mktemp -d)
812 temp_dir=$(as_nobody mktemp -d)
575
813
576 # Fetch kernel dl
814 # Fetch kernel dl
577 as_nobody wget -O "${temp_dir}"/kernel.tar.xz -c "$RPI3_64_KERNEL_URL"
815 as_nobody wget -O "${temp_dir}"/kernel.tar.xz -c "$RPI3_64_KERNEL_URL"
578 fi
816 fi
579 if [ "$SET_ARCH" = 64 ] && [ "$RPI_MODEL" = 4 ] ; then
817 if [ "$SET_ARCH" = 64 ] && [ "$RPI_MODEL" = 4 ] ; then
580 # Create temporary directory for dl
818 # Create temporary directory for dl
581 temp_dir=$(as_nobody mktemp -d)
819 temp_dir=$(as_nobody mktemp -d)
582
820
583 # Fetch kernel dl
821 # Fetch kernel dl
584 as_nobody wget -O "${temp_dir}"/kernel.tar.xz -c "$RPI4_64_KERNEL_URL"
822 as_nobody wget -O "${temp_dir}"/kernel.tar.xz -c "$RPI4_64_KERNEL_URL"
585 fi
823 fi
586
824
587 #extract download
825 #extract download
588 tar -xJf "${temp_dir}"/kernel.tar.xz -C "${temp_dir}"
826 tar -xJf "${temp_dir}"/kernel.tar.xz -C "${temp_dir}"
589
827
590 #move extracted kernel to /boot/firmware
828 #move extracted kernel to /boot/firmware
591 mkdir "${R}/boot/firmware"
829 mkdir "${R}/boot/firmware"
592 cp "${temp_dir}"/boot/* "${R}"/boot/firmware/
830 cp "${temp_dir}"/boot/* "${R}"/boot/firmware/
593 cp -r "${temp_dir}"/lib/* "${R}"/lib/
831 cp -r "${temp_dir}"/lib/* "${R}"/lib/
594
832
595 # Remove temporary directory for kernel sources
833 # Remove temporary directory for kernel sources
596 rm -fr "${temp_dir}"
834 rm -fr "${temp_dir}"
597
835
598 # Set permissions of the kernel sources
836 # Set permissions of the kernel sources
599 chown -R root:root "${R}/boot/firmware"
837 chown -R root:root "${R}/boot/firmware"
600 chown -R root:root "${R}/lib/modules"
838 chown -R root:root "${R}/lib/modules"
601 fi
839 fi
602
840
603 # Install Kernel from hypriot comptabile with all Raspberry PI (dunno if its compatible with RPI4 - better compile your own kernel)
841 # Install Kernel from hypriot comptabile with all Raspberry PI (dunno if its compatible with RPI4 - better compile your own kernel)
604 if [ "$SET_ARCH" = 32 ] && [ "$RPI_MODEL" != 4 ] ; then
842 if [ "$SET_ARCH" = 32 ] && [ "$RPI_MODEL" != 4 ] ; then
605 # Create temporary directory for dl
843 # Create temporary directory for dl
606 temp_dir=$(as_nobody mktemp -d)
844 temp_dir=$(as_nobody mktemp -d)
607
845
608 # Fetch kernel
846 # Fetch kernel
609 as_nobody wget -O "${temp_dir}"/kernel.deb -c "$RPI_32_KERNEL_URL"
847 as_nobody wget -O "${temp_dir}"/kernel.deb -c "$RPI_32_KERNEL_URL"
610
848
611 # Copy downloaded kernel package
849 # Copy downloaded kernel package
612 mv "${temp_dir}"/kernel.deb "${R}"/tmp/kernel.deb
850 mv "${temp_dir}"/kernel.deb "${R}"/tmp/kernel.deb
613
851
614 # Set permissions
852 # Set permissions
615 chown -R root:root "${R}"/tmp/kernel.deb
853 chown -R root:root "${R}"/tmp/kernel.deb
616
854
617 # Install kernel
855 # Install kernel
618 chroot_exec dpkg -i /tmp/kernel.deb
856 chroot_exec dpkg -i /tmp/kernel.deb
619
857
620 # move /boot to /boot/firmware to fit script env.
858 # move /boot to /boot/firmware to fit script env.
621 #mkdir "${BOOT_DIR}"
859 #mkdir "${BOOT_DIR}"
622 mkdir "${temp_dir}"/firmware
860 mkdir "${temp_dir}"/firmware
623 mv "${R}"/boot/* "${temp_dir}"/firmware/
861 mv "${R}"/boot/* "${temp_dir}"/firmware/
624 mv "${temp_dir}"/firmware "${R}"/boot/
862 mv "${temp_dir}"/firmware "${R}"/boot/
625
863
626 #same for kernel headers
864 #same for kernel headers
627 if [ "$KERNEL_HEADERS" = true ] ; then
865 if [ "$KERNEL_HEADERS" = true ] ; then
628 # Fetch kernel header
866 # Fetch kernel header
629 as_nobody wget -O "${temp_dir}"/kernel-header.deb -c "$RPI_32_KERNELHEADER_URL"
867 as_nobody wget -O "${temp_dir}"/kernel-header.deb -c "$RPI_32_KERNELHEADER_URL"
630 mv "${temp_dir}"/kernel-header.deb "${R}"/tmp/kernel-header.deb
868 mv "${temp_dir}"/kernel-header.deb "${R}"/tmp/kernel-header.deb
631 chown -R root:root "${R}"/tmp/kernel-header.deb
869 chown -R root:root "${R}"/tmp/kernel-header.deb
632 # Install kernel header
870 # Install kernel header
633 chroot_exec dpkg -i /tmp/kernel-header.deb
871 chroot_exec dpkg -i /tmp/kernel-header.deb
634 rm -f "${R}"/tmp/kernel-header.deb
872 rm -f "${R}"/tmp/kernel-header.deb
635 fi
873 fi
636
874
637 # Remove temporary directory and files
875 # Remove temporary directory and files
638 rm -fr "${temp_dir}"
876 rm -fr "${temp_dir}"
639 rm -f "${R}"/tmp/kernel.deb
877 rm -f "${R}"/tmp/kernel.deb
640 fi
878 fi
641
879
642 # Check if kernel installation was successful
880 # Check if kernel installation was successful
643 KERNEL="$(ls -1 "${R}"/boot/firmware/kernel* | sort | tail -n 1)"
881 KERNEL="$(ls -1 "${R}"/boot/firmware/kernel* | sort | tail -n 1)"
644 if [ -z "$KERNEL" ] ; then
882 if [ -z "$KERNEL" ] ; then
645 echo "error: kernel installation failed! (/boot/kernel* not found)"
883 echo "error: kernel installation failed! (/boot/kernel* not found)"
646 cleanup
884 cleanup
647 exit 1
885 exit 1
648 fi
886 fi
649 fi
887 fi
@@ -1,887 +1,893
1 #!/bin/sh
1 #!/bin/sh
2 ########################################################################
2 ########################################################################
3 # rpi23-gen-image.sh 2015-2017
3 # rpi23-gen-image.sh 2015-2017
4 #
4 #
5 # Advanced Debian "stretch" and "buster" bootstrap script for Raspberry Pi
5 # Advanced Debian "stretch" and "buster" bootstrap script for Raspberry Pi
6 #
6 #
7 # This program is free software; you can redistribute it and/or
7 # This program is free software; you can redistribute it and/or
8 # modify it under the terms of the GNU General Public License
8 # modify it under the terms of the GNU General Public License
9 # as published by the Free Software Foundation; either version 2
9 # as published by the Free Software Foundation; either version 2
10 # of the License, or (at your option) any later version.
10 # of the License, or (at your option) any later version.
11 #
11 #
12 # Copyright (C) 2015 Jan Wagner <mail@jwagner.eu>
12 # Copyright (C) 2015 Jan Wagner <mail@jwagner.eu>
13 #
13 #
14 # Big thanks for patches and enhancements by 20+ github contributors!
14 # Big thanks for patches and enhancements by 20+ github contributors!
15 ########################################################################
15 ########################################################################
16
16
17 # Are we running as root?
17 # Are we running as root?
18 if [ "$(id -u)" -ne "0" ] ; then
18 if [ "$(id -u)" -ne "0" ] ; then
19 echo "error: this script must be executed with root privileges!"
19 echo "error: this script must be executed with root privileges!"
20 exit 1
20 exit 1
21 fi
21 fi
22
22
23 # Check if ./functions.sh script exists
23 # Check if ./functions.sh script exists
24 if [ ! -r "./functions.sh" ] ; then
24 if [ ! -r "./functions.sh" ] ; then
25 echo "error: './functions.sh' required script not found!"
25 echo "error: './functions.sh' required script not found!"
26 exit 1
26 exit 1
27 fi
27 fi
28
28
29 # Load utility functions
29 # Load utility functions
30 . ./functions.sh
30 . ./functions.sh
31
31
32 # Load parameters from configuration template file
32 # Load parameters from configuration template file
33 if [ -n "$CONFIG_TEMPLATE" ] ; then
33 if [ -n "$CONFIG_TEMPLATE" ] ; then
34 use_template
34 use_template
35 fi
35 fi
36
36
37 # Introduce settings
37 # Introduce settings
38 set -e
38 set -e
39 echo -n -e "\n#\n# RPi 0/1/2/3 Bootstrap Settings\n#\n"
39 echo -n -e "\n#\n# RPi 0/1/2/3 Bootstrap Settings\n#\n"
40 set -x
40 set -x
41
41
42 # Raspberry Pi model configuration
42 # Raspberry Pi model configuration
43 RPI_MODEL=${RPI_MODEL:=2}
43 RPI_MODEL=${RPI_MODEL:=2}
44
44
45 # Debian release
45 # Debian release
46 RELEASE=${RELEASE:=buster}
46 RELEASE=${RELEASE:=buster}
47
47
48 # Kernel Branch
48 # Kernel Branch
49 KERNEL_BRANCH=${KERNEL_BRANCH:=""}
49 KERNEL_BRANCH=${KERNEL_BRANCH:=""}
50
50
51 # URLs
51 # URLs
52 KERNEL_URL=${KERNEL_URL:=https://github.com/raspberrypi/linux}
52 KERNEL_URL=${KERNEL_URL:=https://github.com/raspberrypi/linux}
53 FIRMWARE_URL=${FIRMWARE_URL:=https://github.com/raspberrypi/firmware/raw/master/boot}
53 FIRMWARE_URL=${FIRMWARE_URL:=https://github.com/raspberrypi/firmware/raw/master/boot}
54 WLAN_FIRMWARE_URL=${WLAN_FIRMWARE_URL:=https://github.com/RPi-Distro/firmware-nonfree/raw/master/brcm}
54 WLAN_FIRMWARE_URL=${WLAN_FIRMWARE_URL:=https://github.com/RPi-Distro/firmware-nonfree/raw/master/brcm}
55 COLLABORA_URL=${COLLABORA_URL:=https://repositories.collabora.co.uk/debian}
55 COLLABORA_URL=${COLLABORA_URL:=https://repositories.collabora.co.uk/debian}
56 FBTURBO_URL=${FBTURBO_URL:=https://github.com/ssvb/xf86-video-fbturbo.git}
56 FBTURBO_URL=${FBTURBO_URL:=https://github.com/ssvb/xf86-video-fbturbo.git}
57 UBOOT_URL=${UBOOT_URL:=https://git.denx.de/u-boot.git}
57 UBOOT_URL=${UBOOT_URL:=https://git.denx.de/u-boot.git}
58 VIDEOCORE_URL=${VIDEOCORE_URL:=https://github.com/raspberrypi/userland}
58 VIDEOCORE_URL=${VIDEOCORE_URL:=https://github.com/raspberrypi/userland}
59 BLUETOOTH_URL=${BLUETOOTH_URL:=https://github.com/RPi-Distro/pi-bluetooth.git}
59 BLUETOOTH_URL=${BLUETOOTH_URL:=https://github.com/RPi-Distro/pi-bluetooth.git}
60 NEXMON_URL=${NEXMON_URL:=https://github.com/seemoo-lab/nexmon.git}
60 NEXMON_URL=${NEXMON_URL:=https://github.com/seemoo-lab/nexmon.git}
61 SYSTEMDSWAP_URL=${SYSTEMDSWAP_URL:=https://github.com/Nefelim4ag/systemd-swap.git}
61 SYSTEMDSWAP_URL=${SYSTEMDSWAP_URL:=https://github.com/Nefelim4ag/systemd-swap.git}
62
62
63 # Kernel deb packages for 32bit kernel
63 # Kernel deb packages for 32bit kernel
64 RPI_32_KERNEL_URL=${RPI_32_KERNEL_URL:=https://github.com/hypriot/rpi-kernel/releases/download/v4.14.34/raspberrypi-kernel_20180422-141901_armhf.deb}
64 RPI_32_KERNEL_URL=${RPI_32_KERNEL_URL:=https://github.com/hypriot/rpi-kernel/releases/download/v4.14.34/raspberrypi-kernel_20180422-141901_armhf.deb}
65 RPI_32_KERNELHEADER_URL=${RPI_32_KERNELHEADER_URL:=https://github.com/hypriot/rpi-kernel/releases/download/v4.14.34/raspberrypi-kernel-headers_20180422-141901_armhf.deb}
65 RPI_32_KERNELHEADER_URL=${RPI_32_KERNELHEADER_URL:=https://github.com/hypriot/rpi-kernel/releases/download/v4.14.34/raspberrypi-kernel-headers_20180422-141901_armhf.deb}
66 # Kernel has KVM and zswap enabled - use if KERNEL_* parameters and precompiled kernel are used
66 # Kernel has KVM and zswap enabled - use if KERNEL_* parameters and precompiled kernel are used
67 RPI3_64_BIS_KERNEL_URL=${RPI3_64_BIS_KERNEL_URL:=https://github.com/sakaki-/bcmrpi3-kernel-bis/releases/download/4.14.80.20181113/bcmrpi3-kernel-bis-4.14.80.20181113.tar.xz}
67 RPI3_64_BIS_KERNEL_URL=${RPI3_64_BIS_KERNEL_URL:=https://github.com/sakaki-/bcmrpi3-kernel-bis/releases/download/4.14.80.20181113/bcmrpi3-kernel-bis-4.14.80.20181113.tar.xz}
68 # Default precompiled 64bit kernel
68 # Default precompiled 64bit kernel
69 RPI3_64_DEF_KERNEL_URL=${RPI3_64_DEF_KERNEL_URL:=https://github.com/sakaki-/bcmrpi3-kernel/releases/download/4.14.80.20181113/bcmrpi3-kernel-4.14.80.20181113.tar.xz}
69 RPI3_64_DEF_KERNEL_URL=${RPI3_64_DEF_KERNEL_URL:=https://github.com/sakaki-/bcmrpi3-kernel/releases/download/4.14.80.20181113/bcmrpi3-kernel-4.14.80.20181113.tar.xz}
70 # Sakaki BIS Kernel RPI4
70 # Sakaki BIS Kernel RPI4
71 RPI4_64_DEF_KERNEL_URL=https://github.com/sakaki-/bcm2711-kernel-bis/releases/download/4.19.59.20190724/bcm2711-kernel-bis-4.19.59.20190724.tar.xz
71 RPI4_64_DEF_KERNEL_URL=https://github.com/sakaki-/bcm2711-kernel-bis/releases/download/4.19.59.20190724/bcm2711-kernel-bis-4.19.59.20190724.tar.xz
72 # Generic
72 # Generic
73 RPI3_64_KERNEL_URL=${RPI3_64_KERNEL_URL:=$RPI3_64_DEF_KERNEL_URL}
73 RPI3_64_KERNEL_URL=${RPI3_64_KERNEL_URL:=$RPI3_64_DEF_KERNEL_URL}
74 RPI4_64_KERNEL_URL=${RPI3_64_KERNEL_URL:=$RPI4_64_DEF_KERNEL_URL}
74 RPI4_64_KERNEL_URL=${RPI3_64_KERNEL_URL:=$RPI4_64_DEF_KERNEL_URL}
75 # Kali kernel src - used if ENABLE_NEXMON=true (they patch the wlan kernel modul)
75 # Kali kernel src - used if ENABLE_NEXMON=true (they patch the wlan kernel modul)
76 KALI_KERNEL_URL=${KALI_KERNEL_URL:=https://github.com/Re4son/re4son-raspberrypi-linux.git}
76 KALI_KERNEL_URL=${KALI_KERNEL_URL:=https://github.com/Re4son/re4son-raspberrypi-linux.git}
77
77
78 # Build directories
78 # Build directories
79 WORKDIR=$(pwd)
79 WORKDIR=$(pwd)
80 BASEDIR=${BASEDIR:=${WORKDIR}/images/${RELEASE}}
80 BASEDIR=${BASEDIR:=${WORKDIR}/images/${RELEASE}}
81 BUILDDIR="${BASEDIR}/build"
81 BUILDDIR="${BASEDIR}/build"
82
82
83 # Chroot directories
83 # Chroot directories
84 R="${BUILDDIR}/chroot"
84 R="${BUILDDIR}/chroot"
85 ETC_DIR="${R}/etc"
85 ETC_DIR="${R}/etc"
86 LIB_DIR="${R}/lib"
86 LIB_DIR="${R}/lib"
87 BOOT_DIR="${R}/boot/firmware"
87 BOOT_DIR="${R}/boot/firmware"
88 KERNEL_DIR="${R}/usr/src/linux"
88 KERNEL_DIR="${R}/usr/src/linux"
89 WLAN_FIRMWARE_DIR="${LIB_DIR}/firmware/brcm"
89 WLAN_FIRMWARE_DIR="${LIB_DIR}/firmware/brcm"
90 BLUETOOTH_FIRMWARE_DIR="${ETC_DIR}/firmware/bt"
90 BLUETOOTH_FIRMWARE_DIR="${ETC_DIR}/firmware/bt"
91
91
92 # Firmware directory: Blank if download from github
92 # Firmware directory: Blank if download from github
93 RPI_FIRMWARE_DIR=${RPI_FIRMWARE_DIR:=""}
93 RPI_FIRMWARE_DIR=${RPI_FIRMWARE_DIR:=""}
94
94
95 # General settings
95 # General settings
96 SET_ARCH=${SET_ARCH:=32}
96 SET_ARCH=${SET_ARCH:=32}
97 HOSTNAME=${HOSTNAME:=rpi${RPI_MODEL}-${RELEASE}}
97 HOSTNAME=${HOSTNAME:=rpi${RPI_MODEL}-${RELEASE}}
98 PASSWORD=${PASSWORD:=raspberry}
98 PASSWORD=${PASSWORD:=raspberry}
99 USER_PASSWORD=${USER_PASSWORD:=raspberry}
99 USER_PASSWORD=${USER_PASSWORD:=raspberry}
100 DEFLOCAL=${DEFLOCAL:="en_US.UTF-8"}
100 DEFLOCAL=${DEFLOCAL:="en_US.UTF-8"}
101 TIMEZONE=${TIMEZONE:="Europe/Berlin"}
101 TIMEZONE=${TIMEZONE:="Europe/Berlin"}
102 EXPANDROOT=${EXPANDROOT:=true}
102 EXPANDROOT=${EXPANDROOT:=true}
103 ENABLE_DPHYSSWAP=${ENABLE_DPHYSSWAP:=true}
103 ENABLE_DPHYSSWAP=${ENABLE_DPHYSSWAP:=true}
104
104
105 # Keyboard settings
105 # Keyboard settings
106 XKB_MODEL=${XKB_MODEL:=""}
106 XKB_MODEL=${XKB_MODEL:=""}
107 XKB_LAYOUT=${XKB_LAYOUT:=""}
107 XKB_LAYOUT=${XKB_LAYOUT:=""}
108 XKB_VARIANT=${XKB_VARIANT:=""}
108 XKB_VARIANT=${XKB_VARIANT:=""}
109 XKB_OPTIONS=${XKB_OPTIONS:=""}
109 XKB_OPTIONS=${XKB_OPTIONS:=""}
110
110
111 # Network settings (DHCP)
111 # Network settings (DHCP)
112 ENABLE_DHCP=${ENABLE_DHCP:=true}
112 ENABLE_DHCP=${ENABLE_DHCP:=true}
113
113
114 # Network settings (static)
114 # Network settings (static)
115 NET_ADDRESS=${NET_ADDRESS:=""}
115 NET_ADDRESS=${NET_ADDRESS:=""}
116 NET_GATEWAY=${NET_GATEWAY:=""}
116 NET_GATEWAY=${NET_GATEWAY:=""}
117 NET_DNS_1=${NET_DNS_1:=""}
117 NET_DNS_1=${NET_DNS_1:=""}
118 NET_DNS_2=${NET_DNS_2:=""}
118 NET_DNS_2=${NET_DNS_2:=""}
119 NET_DNS_DOMAINS=${NET_DNS_DOMAINS:=""}
119 NET_DNS_DOMAINS=${NET_DNS_DOMAINS:=""}
120 NET_NTP_1=${NET_NTP_1:=""}
120 NET_NTP_1=${NET_NTP_1:=""}
121 NET_NTP_2=${NET_NTP_2:=""}
121 NET_NTP_2=${NET_NTP_2:=""}
122
122
123 # APT settings
123 # APT settings
124 APT_PROXY=${APT_PROXY:=""}
124 APT_PROXY=${APT_PROXY:=""}
125 APT_SERVER=${APT_SERVER:="ftp.debian.org"}
125 APT_SERVER=${APT_SERVER:="ftp.debian.org"}
126 KEEP_APT_PROXY=${KEEP_APT_PROXY:=false}
126 KEEP_APT_PROXY=${KEEP_APT_PROXY:=false}
127
127
128 # Feature settings
128 # Feature settings
129 ENABLE_PRINTK=${ENABLE_PRINTK:=false}
129 ENABLE_PRINTK=${ENABLE_PRINTK:=false}
130 ENABLE_BLUETOOTH=${ENABLE_BLUETOOTH:=false}
130 ENABLE_BLUETOOTH=${ENABLE_BLUETOOTH:=false}
131 ENABLE_MINIUART_OVERLAY=${ENABLE_MINIUART_OVERLAY:=false}
131 ENABLE_MINIUART_OVERLAY=${ENABLE_MINIUART_OVERLAY:=false}
132 ENABLE_CONSOLE=${ENABLE_CONSOLE:=true}
132 ENABLE_CONSOLE=${ENABLE_CONSOLE:=true}
133 ENABLE_I2C=${ENABLE_I2C:=false}
133 ENABLE_I2C=${ENABLE_I2C:=false}
134 ENABLE_SPI=${ENABLE_SPI:=false}
134 ENABLE_SPI=${ENABLE_SPI:=false}
135 ENABLE_IPV6=${ENABLE_IPV6:=true}
135 ENABLE_IPV6=${ENABLE_IPV6:=true}
136 ENABLE_SSHD=${ENABLE_SSHD:=true}
136 ENABLE_SSHD=${ENABLE_SSHD:=true}
137 ENABLE_NONFREE=${ENABLE_NONFREE:=false}
137 ENABLE_NONFREE=${ENABLE_NONFREE:=false}
138 ENABLE_WIRELESS=${ENABLE_WIRELESS:=false}
138 ENABLE_WIRELESS=${ENABLE_WIRELESS:=false}
139 ENABLE_SOUND=${ENABLE_SOUND:=true}
139 ENABLE_SOUND=${ENABLE_SOUND:=true}
140 ENABLE_DBUS=${ENABLE_DBUS:=true}
140 ENABLE_DBUS=${ENABLE_DBUS:=true}
141 ENABLE_HWRANDOM=${ENABLE_HWRANDOM:=true}
141 ENABLE_HWRANDOM=${ENABLE_HWRANDOM:=true}
142 ENABLE_MINGPU=${ENABLE_MINGPU:=false}
142 ENABLE_MINGPU=${ENABLE_MINGPU:=false}
143 ENABLE_XORG=${ENABLE_XORG:=false}
143 ENABLE_XORG=${ENABLE_XORG:=false}
144 ENABLE_WM=${ENABLE_WM:=""}
144 ENABLE_WM=${ENABLE_WM:=""}
145 ENABLE_RSYSLOG=${ENABLE_RSYSLOG:=true}
145 ENABLE_RSYSLOG=${ENABLE_RSYSLOG:=true}
146 ENABLE_USER=${ENABLE_USER:=true}
146 ENABLE_USER=${ENABLE_USER:=true}
147 USER_NAME=${USER_NAME:="pi"}
147 USER_NAME=${USER_NAME:="pi"}
148 ENABLE_ROOT=${ENABLE_ROOT:=false}
148 ENABLE_ROOT=${ENABLE_ROOT:=false}
149 ENABLE_QEMU=${ENABLE_QEMU:=false}
149 ENABLE_QEMU=${ENABLE_QEMU:=false}
150 ENABLE_SYSVINIT=${ENABLE_SYSVINIT:=false}
150 ENABLE_SYSVINIT=${ENABLE_SYSVINIT:=false}
151
151
152 # SSH settings
152 # SSH settings
153 SSH_ENABLE_ROOT=${SSH_ENABLE_ROOT:=false}
153 SSH_ENABLE_ROOT=${SSH_ENABLE_ROOT:=false}
154 SSH_DISABLE_PASSWORD_AUTH=${SSH_DISABLE_PASSWORD_AUTH:=false}
154 SSH_DISABLE_PASSWORD_AUTH=${SSH_DISABLE_PASSWORD_AUTH:=false}
155 SSH_LIMIT_USERS=${SSH_LIMIT_USERS:=false}
155 SSH_LIMIT_USERS=${SSH_LIMIT_USERS:=false}
156 SSH_ROOT_PUB_KEY=${SSH_ROOT_PUB_KEY:=""}
156 SSH_ROOT_PUB_KEY=${SSH_ROOT_PUB_KEY:=""}
157 SSH_USER_PUB_KEY=${SSH_USER_PUB_KEY:=""}
157 SSH_USER_PUB_KEY=${SSH_USER_PUB_KEY:=""}
158
158
159 # Advanced settings
159 # Advanced settings
160 ENABLE_SYSTEMDSWAP=${ENABLE_SYSTEMDSWAP:=false}
160 ENABLE_SYSTEMDSWAP=${ENABLE_SYSTEMDSWAP:=false}
161 ENABLE_MINBASE=${ENABLE_MINBASE:=false}
161 ENABLE_MINBASE=${ENABLE_MINBASE:=false}
162 ENABLE_REDUCE=${ENABLE_REDUCE:=false}
162 ENABLE_REDUCE=${ENABLE_REDUCE:=false}
163 ENABLE_UBOOT=${ENABLE_UBOOT:=false}
163 ENABLE_UBOOT=${ENABLE_UBOOT:=false}
164 UBOOTSRC_DIR=${UBOOTSRC_DIR:=""}
164 UBOOTSRC_DIR=${UBOOTSRC_DIR:=""}
165 ENABLE_USBBOOT=${ENABLE_USBBOOT=false}
165 ENABLE_USBBOOT=${ENABLE_USBBOOT=false}
166 ENABLE_FBTURBO=${ENABLE_FBTURBO:=false}
166 ENABLE_FBTURBO=${ENABLE_FBTURBO:=false}
167 ENABLE_VIDEOCORE=${ENABLE_VIDEOCORE:=false}
167 ENABLE_VIDEOCORE=${ENABLE_VIDEOCORE:=false}
168 ENABLE_NEXMON=${ENABLE_NEXMON:=false}
168 ENABLE_NEXMON=${ENABLE_NEXMON:=false}
169 VIDEOCORESRC_DIR=${VIDEOCORESRC_DIR:=""}
169 VIDEOCORESRC_DIR=${VIDEOCORESRC_DIR:=""}
170 FBTURBOSRC_DIR=${FBTURBOSRC_DIR:=""}
170 FBTURBOSRC_DIR=${FBTURBOSRC_DIR:=""}
171 NEXMONSRC_DIR=${NEXMONSRC_DIR:=""}
171 NEXMONSRC_DIR=${NEXMONSRC_DIR:=""}
172 ENABLE_HARDNET=${ENABLE_HARDNET:=false}
172 ENABLE_HARDNET=${ENABLE_HARDNET:=false}
173 ENABLE_IPTABLES=${ENABLE_IPTABLES:=false}
173 ENABLE_IPTABLES=${ENABLE_IPTABLES:=false}
174 ENABLE_SPLITFS=${ENABLE_SPLITFS:=false}
174 ENABLE_SPLITFS=${ENABLE_SPLITFS:=false}
175 ENABLE_INITRAMFS=${ENABLE_INITRAMFS:=false}
175 ENABLE_INITRAMFS=${ENABLE_INITRAMFS:=false}
176 ENABLE_IFNAMES=${ENABLE_IFNAMES:=true}
176 ENABLE_IFNAMES=${ENABLE_IFNAMES:=true}
177 ENABLE_SPLASH=${ENABLE_SPLASH:=true}
177 ENABLE_SPLASH=${ENABLE_SPLASH:=true}
178 ENABLE_LOGO=${ENABLE_LOGO:=true}
178 ENABLE_LOGO=${ENABLE_LOGO:=true}
179 ENABLE_SILENT_BOOT=${ENABLE_SILENT_BOOT=false}
179 ENABLE_SILENT_BOOT=${ENABLE_SILENT_BOOT=false}
180 DISABLE_UNDERVOLT_WARNINGS=${DISABLE_UNDERVOLT_WARNINGS:=}
180 DISABLE_UNDERVOLT_WARNINGS=${DISABLE_UNDERVOLT_WARNINGS:=}
181
181
182 # Kernel compilation settings
182 # Kernel compilation settings
183 BUILD_KERNEL=${BUILD_KERNEL:=true}
183 BUILD_KERNEL=${BUILD_KERNEL:=true}
184 KERNEL_REDUCE=${KERNEL_REDUCE:=false}
184 KERNEL_REDUCE=${KERNEL_REDUCE:=false}
185 KERNEL_THREADS=${KERNEL_THREADS:=1}
185 KERNEL_THREADS=${KERNEL_THREADS:=1}
186 KERNEL_HEADERS=${KERNEL_HEADERS:=true}
186 KERNEL_HEADERS=${KERNEL_HEADERS:=true}
187 KERNEL_MENUCONFIG=${KERNEL_MENUCONFIG:=false}
187 KERNEL_MENUCONFIG=${KERNEL_MENUCONFIG:=false}
188 KERNEL_REMOVESRC=${KERNEL_REMOVESRC:=true}
188 KERNEL_REMOVESRC=${KERNEL_REMOVESRC:=true}
189 KERNEL_OLDDEFCONFIG=${KERNEL_OLDDEFCONFIG:=false}
189 KERNEL_OLDDEFCONFIG=${KERNEL_OLDDEFCONFIG:=false}
190 KERNEL_CCACHE=${KERNEL_CCACHE:=false}
190 KERNEL_CCACHE=${KERNEL_CCACHE:=false}
191 KERNEL_ZSWAP=${KERNEL_ZSWAP:=false}
191 KERNEL_ZSWAP=${KERNEL_ZSWAP:=false}
192 KERNEL_VIRT=${KERNEL_VIRT:=false}
192 KERNEL_VIRT=${KERNEL_VIRT:=false}
193 KERNEL_BPF=${KERNEL_BPF:=false}
193 KERNEL_BPF=${KERNEL_BPF:=false}
194 KERNEL_DEFAULT_GOV=${KERNEL_DEFAULT_GOV:=ondemand}
194 KERNEL_DEFAULT_GOV=${KERNEL_DEFAULT_GOV:=ondemand}
195 KERNEL_SECURITY=${KERNEL_SECURITY:=false}
195 KERNEL_SECURITY=${KERNEL_SECURITY:=false}
196 KERNEL_NF=${KERNEL_NF:=false}
196 KERNEL_NF=${KERNEL_NF:=false}
197 KERNEL_DHKEY=${KERNEL_DHKEY:=true}
198 KERNEL_BTRFS=${KERNEL_BTRFS:=false}
199 KERNEL_NSPAN=${KERNEL_NSPAN:=false}
200 KERNEL_POEHAT=${KERNEL_POEHAT:=false}
197
201
198 # Kernel compilation from source directory settings
202 # Kernel compilation from source directory settings
199 KERNELSRC_DIR=${KERNELSRC_DIR:=""}
203 KERNELSRC_DIR=${KERNELSRC_DIR:=""}
200 KERNELSRC_CLEAN=${KERNELSRC_CLEAN:=false}
204 KERNELSRC_CLEAN=${KERNELSRC_CLEAN:=false}
201 KERNELSRC_CONFIG=${KERNELSRC_CONFIG:=true}
205 KERNELSRC_CONFIG=${KERNELSRC_CONFIG:=true}
202 KERNELSRC_PREBUILT=${KERNELSRC_PREBUILT:=false}
206 KERNELSRC_PREBUILT=${KERNELSRC_PREBUILT:=false}
203
207
204 # Reduce disk usage settings
208 # Reduce disk usage settings
205 REDUCE_APT=${REDUCE_APT:=true}
209 REDUCE_APT=${REDUCE_APT:=true}
206 REDUCE_DOC=${REDUCE_DOC:=true}
210 REDUCE_DOC=${REDUCE_DOC:=true}
207 REDUCE_MAN=${REDUCE_MAN:=true}
211 REDUCE_MAN=${REDUCE_MAN:=true}
208 REDUCE_VIM=${REDUCE_VIM:=false}
212 REDUCE_VIM=${REDUCE_VIM:=false}
209 REDUCE_BASH=${REDUCE_BASH:=false}
213 REDUCE_BASH=${REDUCE_BASH:=false}
210 REDUCE_HWDB=${REDUCE_HWDB:=true}
214 REDUCE_HWDB=${REDUCE_HWDB:=true}
211 REDUCE_SSHD=${REDUCE_SSHD:=true}
215 REDUCE_SSHD=${REDUCE_SSHD:=true}
212 REDUCE_LOCALE=${REDUCE_LOCALE:=true}
216 REDUCE_LOCALE=${REDUCE_LOCALE:=true}
213
217
214 # Encrypted filesystem settings
218 # Encrypted filesystem settings
215 ENABLE_CRYPTFS=${ENABLE_CRYPTFS:=false}
219 ENABLE_CRYPTFS=${ENABLE_CRYPTFS:=false}
216 CRYPTFS_PASSWORD=${CRYPTFS_PASSWORD:=""}
220 CRYPTFS_PASSWORD=${CRYPTFS_PASSWORD:=""}
217 CRYPTFS_MAPPING=${CRYPTFS_MAPPING:="secure"}
221 CRYPTFS_MAPPING=${CRYPTFS_MAPPING:="secure"}
218 CRYPTFS_CIPHER=${CRYPTFS_CIPHER:="aes-xts-plain64:sha512"}
222 CRYPTFS_CIPHER=${CRYPTFS_CIPHER:="aes-xts-plain64:sha512"}
219 CRYPTFS_XTSKEYSIZE=${CRYPTFS_XTSKEYSIZE:=512}
223 CRYPTFS_XTSKEYSIZE=${CRYPTFS_XTSKEYSIZE:=512}
220 #Dropbear-initramfs supports unlocking encrypted filesystem via SSH on bootup
224 #Dropbear-initramfs supports unlocking encrypted filesystem via SSH on bootup
221 CRYPTFS_DROPBEAR=${CRYPTFS_DROPBEAR:=false}
225 CRYPTFS_DROPBEAR=${CRYPTFS_DROPBEAR:=false}
222 #Provide your own Dropbear Public RSA-OpenSSH Key otherwise it will be generated
226 #Provide your own Dropbear Public RSA-OpenSSH Key otherwise it will be generated
223 CRYPTFS_DROPBEAR_PUBKEY=${CRYPTFS_DROPBEAR_PUBKEY:=""}
227 CRYPTFS_DROPBEAR_PUBKEY=${CRYPTFS_DROPBEAR_PUBKEY:=""}
224
228
225 # Chroot scripts directory
229 # Chroot scripts directory
226 CHROOT_SCRIPTS=${CHROOT_SCRIPTS:=""}
230 CHROOT_SCRIPTS=${CHROOT_SCRIPTS:=""}
227
231
228 # Packages required in the chroot build environment
232 # Packages required in the chroot build environment
229 APT_INCLUDES=${APT_INCLUDES:=""}
233 APT_INCLUDES=${APT_INCLUDES:=""}
230 APT_INCLUDES="${APT_INCLUDES},libssl-dev,apt-transport-https,apt-utils,ca-certificates,debian-archive-keyring,dialog,sudo,systemd,sysvinit-utils,locales,keyboard-configuration,console-setup,libnss-systemd"
234 APT_INCLUDES="${APT_INCLUDES},flex,bison,libssl-dev,apt-transport-https,apt-utils,ca-certificates,debian-archive-keyring,dialog,sudo,systemd,sysvinit-utils,locales,keyboard-configuration,console-setup,libnss-systemd"
231
235
232 # Packages to exclude from chroot build environment
236 # Packages to exclude from chroot build environment
233 APT_EXCLUDES=${APT_EXCLUDES:=""}
237 APT_EXCLUDES=${APT_EXCLUDES:=""}
234
238
235 # Packages required for bootstrapping
239 # Packages required for bootstrapping
236 REQUIRED_PACKAGES="debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git bc psmisc dbus sudo"
240 REQUIRED_PACKAGES="debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git bc psmisc dbus sudo"
237 MISSING_PACKAGES=""
241 MISSING_PACKAGES=""
238
242
239 # Packages installed for c/c++ build environment in chroot (keep empty)
243 # Packages installed for c/c++ build environment in chroot (keep empty)
240 COMPILER_PACKAGES=""
244 COMPILER_PACKAGES=""
241
245
242 # Check if apt-cacher-ng has port 3142 open and set APT_PROXY
246 # Check if apt-cacher-ng has port 3142 open and set APT_PROXY
243 APT_CACHER_RUNNING=$(lsof -i :3142 | cut -d ' ' -f3 | uniq | sed '/^\s*$/d')
247 APT_CACHER_RUNNING=$(lsof -i :3142 | cut -d ' ' -f3 | uniq | sed '/^\s*$/d')
244 if [ "${APT_CACHER_RUNNING}" = "apt-cacher-ng" ] ; then
248 if [ "${APT_CACHER_RUNNING}" = "apt-cacher-ng" ] ; then
245 APT_PROXY=http://127.0.0.1:3142/
249 APT_PROXY=http://127.0.0.1:3142/
246 fi
250 fi
247
251
248 # Setup architecture specific settings
252 # Setup architecture specific settings
249 if [ -n "$SET_ARCH" ] ; then
253 if [ -n "$SET_ARCH" ] ; then
250 # 64-bit configuration
254 # 64-bit configuration
251 if [ "$SET_ARCH" = 64 ] ; then
255 if [ "$SET_ARCH" = 64 ] ; then
252 # General 64-bit depended settings
256 # General 64-bit depended settings
253 QEMU_BINARY=${QEMU_BINARY:=/usr/bin/qemu-aarch64-static}
257 QEMU_BINARY=${QEMU_BINARY:=/usr/bin/qemu-aarch64-static}
254 KERNEL_ARCH=${KERNEL_ARCH:=arm64}
258 KERNEL_ARCH=${KERNEL_ARCH:=arm64}
255 KERNEL_BIN_IMAGE=${KERNEL_BIN_IMAGE:="Image"}
259 KERNEL_BIN_IMAGE=${KERNEL_BIN_IMAGE:="Image"}
256
260
257 # Raspberry Pi model specific settings
261 # Raspberry Pi model specific settings
258 if [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] || [ "$RPI_MODEL" = 4 ] ; then
262 if [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] || [ "$RPI_MODEL" = 4 ] ; then
259 if [ "$RPI_MODEL" != 4 ] ; then
263 if [ "$RPI_MODEL" != 4 ] ; then
260 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcmrpi3_defconfig}
264 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcmrpi3_defconfig}
261 else
265 else
262 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcm2711_defconfig}
266 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcm2711_defconfig}
263 fi
267 fi
264
268
265 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-arm64"
269 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-arm64"
266 RELEASE_ARCH=${RELEASE_ARCH:=arm64}
270 RELEASE_ARCH=${RELEASE_ARCH:=arm64}
267 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel8.img}
271 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel8.img}
268 CROSS_COMPILE=${CROSS_COMPILE:=aarch64-linux-gnu-}
272 CROSS_COMPILE=${CROSS_COMPILE:=aarch64-linux-gnu-}
269 else
273 else
270 echo "error: Only Raspberry PI 3, 3B+ and 4 support 64-bit"
274 echo "error: Only Raspberry PI 3, 3B+ and 4 support 64-bit"
271 exit 1
275 exit 1
272 fi
276 fi
273 fi
277 fi
274
278
275 # 32-bit configuration
279 # 32-bit configuration
276 if [ "$SET_ARCH" = 32 ] ; then
280 if [ "$SET_ARCH" = 32 ] ; then
277 # General 32-bit dependend settings
281 # General 32-bit dependend settings
278 QEMU_BINARY=${QEMU_BINARY:=/usr/bin/qemu-arm-static}
282 QEMU_BINARY=${QEMU_BINARY:=/usr/bin/qemu-arm-static}
279 KERNEL_ARCH=${KERNEL_ARCH:=arm}
283 KERNEL_ARCH=${KERNEL_ARCH:=arm}
280 KERNEL_BIN_IMAGE=${KERNEL_BIN_IMAGE:="zImage"}
284 KERNEL_BIN_IMAGE=${KERNEL_BIN_IMAGE:="zImage"}
281
285
282 # Raspberry Pi model specific settings
286 # Raspberry Pi model specific settings
283 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 1 ] || [ "$RPI_MODEL" = 1P ] ; then
287 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 1 ] || [ "$RPI_MODEL" = 1P ] ; then
284 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-armel"
288 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-armel"
285 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcmrpi_defconfig}
289 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcmrpi_defconfig}
286 RELEASE_ARCH=${RELEASE_ARCH:=armel}
290 RELEASE_ARCH=${RELEASE_ARCH:=armel}
287 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel.img}
291 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel.img}
288 CROSS_COMPILE=${CROSS_COMPILE:=arm-linux-gnueabi-}
292 CROSS_COMPILE=${CROSS_COMPILE:=arm-linux-gnueabi-}
289 fi
293 fi
290
294
291 # Raspberry Pi model specific settings
295 # Raspberry Pi model specific settings
292 if [ "$RPI_MODEL" = 2 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] || [ "$RPI_MODEL" = 4 ] ; then
296 if [ "$RPI_MODEL" = 2 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] || [ "$RPI_MODEL" = 4 ] ; then
293 if [ "$RPI_MODEL" != 4 ] ; then
297 if [ "$RPI_MODEL" != 4 ] ; then
294 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcm2709_defconfig}
298 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcm2709_defconfig}
299 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel7.img}
295 else
300 else
296 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcm2711_defconfig}
301 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcm2711_defconfig}
302 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel7l.img}
297 fi
303 fi
298
304
299 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-armhf"
305 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-armhf"
300 RELEASE_ARCH=${RELEASE_ARCH:=armhf}
306 RELEASE_ARCH=${RELEASE_ARCH:=armhf}
301 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel7.img}
307
302 CROSS_COMPILE=${CROSS_COMPILE:=arm-linux-gnueabihf-}
308 CROSS_COMPILE=${CROSS_COMPILE:=arm-linux-gnueabihf-}
303 fi
309 fi
304 fi
310 fi
305 # SET_ARCH not set
311 # SET_ARCH not set
306 else
312 else
307 echo "error: Please set '32' or '64' as value for SET_ARCH"
313 echo "error: Please set '32' or '64' as value for SET_ARCH"
308 exit 1
314 exit 1
309 fi
315 fi
310 # Device specific configuration and U-Boot configuration
316 # Device specific configuration and U-Boot configuration
311 case "$RPI_MODEL" in
317 case "$RPI_MODEL" in
312 0)
318 0)
313 DTB_FILE=${DTB_FILE:=bcm2708-rpi-0-w.dtb}
319 DTB_FILE=${DTB_FILE:=bcm2708-rpi-0-w.dtb}
314 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_defconfig}
320 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_defconfig}
315 ;;
321 ;;
316 1)
322 1)
317 DTB_FILE=${DTB_FILE:=bcm2708-rpi-b.dtb}
323 DTB_FILE=${DTB_FILE:=bcm2708-rpi-b.dtb}
318 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_defconfig}
324 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_defconfig}
319 ;;
325 ;;
320 1P)
326 1P)
321 DTB_FILE=${DTB_FILE:=bcm2708-rpi-b-plus.dtb}
327 DTB_FILE=${DTB_FILE:=bcm2708-rpi-b-plus.dtb}
322 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_defconfig}
328 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_defconfig}
323 ;;
329 ;;
324 2)
330 2)
325 DTB_FILE=${DTB_FILE:=bcm2709-rpi-2-b.dtb}
331 DTB_FILE=${DTB_FILE:=bcm2709-rpi-2-b.dtb}
326 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_2_defconfig}
332 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_2_defconfig}
327 ;;
333 ;;
328 3)
334 3)
329 DTB_FILE=${DTB_FILE:=bcm2710-rpi-3-b.dtb}
335 DTB_FILE=${DTB_FILE:=bcm2710-rpi-3-b.dtb}
330 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_3_defconfig}
336 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_3_defconfig}
331 ;;
337 ;;
332 3P)
338 3P)
333 DTB_FILE=${DTB_FILE:=bcm2710-rpi-3-b.dtb}
339 DTB_FILE=${DTB_FILE:=bcm2710-rpi-3-b.dtb}
334 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_3_defconfig}
340 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_3_defconfig}
335 ;;
341 ;;
336 4)
342 4)
337 DTB_FILE=${DTB_FILE:=bcm2711-rpi-4-b.dtb}
343 DTB_FILE=${DTB_FILE:=bcm2711-rpi-4-b.dtb}
338 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_4_defconfig}
344 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_4_defconfig}
339 ;;
345 ;;
340 *)
346 *)
341 echo "error: Raspberry Pi model $RPI_MODEL is not supported!"
347 echo "error: Raspberry Pi model $RPI_MODEL is not supported!"
342 exit 1
348 exit 1
343 ;;
349 ;;
344 esac
350 esac
345
351
346 # Raspberry PI 0,3,3P with Bluetooth and Wifi onboard
352 # Raspberry PI 0,3,3P with Bluetooth and Wifi onboard
347 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] || [ "$RPI_MODEL" = 4 ] ; then
353 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] || [ "$RPI_MODEL" = 4 ] ; then
348 # Include bluetooth packages on supported boards
354 # Include bluetooth packages on supported boards
349 if [ "$ENABLE_BLUETOOTH" = true ] ; then
355 if [ "$ENABLE_BLUETOOTH" = true ] ; then
350 APT_INCLUDES="${APT_INCLUDES},bluetooth,bluez"
356 APT_INCLUDES="${APT_INCLUDES},bluetooth,bluez"
351 fi
357 fi
352 if [ "$ENABLE_WIRELESS" = true ] ; then
358 if [ "$ENABLE_WIRELESS" = true ] ; then
353 APT_INCLUDES="${APT_INCLUDES},wireless-tools,crda,wireless-regdb"
359 APT_INCLUDES="${APT_INCLUDES},wireless-tools,crda,wireless-regdb"
354 fi
360 fi
355 else # Raspberry PI 1,1P,2 without Wifi and bluetooth onboard
361 else # Raspberry PI 1,1P,2 without Wifi and bluetooth onboard
356 # Check if the internal wireless interface is not supported by the RPi model
362 # Check if the internal wireless interface is not supported by the RPi model
357 if [ "$ENABLE_WIRELESS" = true ] || [ "$ENABLE_BLUETOOTH" = true ]; then
363 if [ "$ENABLE_WIRELESS" = true ] || [ "$ENABLE_BLUETOOTH" = true ]; then
358 echo "error: The selected Raspberry Pi model has no integrated interface for wireless or bluetooth"
364 echo "error: The selected Raspberry Pi model has no integrated interface for wireless or bluetooth"
359 exit 1
365 exit 1
360 fi
366 fi
361 fi
367 fi
362
368
363 if [ "$BUILD_KERNEL" = false ] && [ "$ENABLE_NEXMON" = true ]; then
369 if [ "$BUILD_KERNEL" = false ] && [ "$ENABLE_NEXMON" = true ]; then
364 echo "error: You have to compile kernel sources, if you want to enable nexmon"
370 echo "error: You have to compile kernel sources, if you want to enable nexmon"
365 exit 1
371 exit 1
366 fi
372 fi
367
373
368 # Prepare date string for default image file name
374 # Prepare date string for default image file name
369 DATE="$(date +%Y-%m-%d)"
375 DATE="$(date +%Y-%m-%d)"
370 if [ -z "$KERNEL_BRANCH" ] ; then
376 if [ -z "$KERNEL_BRANCH" ] ; then
371 IMAGE_NAME=${IMAGE_NAME:=${BASEDIR}/${DATE}-${KERNEL_ARCH}-CURRENT-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}}
377 IMAGE_NAME=${IMAGE_NAME:=${BASEDIR}/${DATE}-${KERNEL_ARCH}-CURRENT-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}}
372 else
378 else
373 IMAGE_NAME=${IMAGE_NAME:=${BASEDIR}/${DATE}-${KERNEL_ARCH}-${KERNEL_BRANCH}-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}}
379 IMAGE_NAME=${IMAGE_NAME:=${BASEDIR}/${DATE}-${KERNEL_ARCH}-${KERNEL_BRANCH}-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}}
374 fi
380 fi
375
381
376 # Check if DISABLE_UNDERVOLT_WARNINGS parameter value is supported
382 # Check if DISABLE_UNDERVOLT_WARNINGS parameter value is supported
377 if [ -n "$DISABLE_UNDERVOLT_WARNINGS" ] ; then
383 if [ -n "$DISABLE_UNDERVOLT_WARNINGS" ] ; then
378 if [ "$DISABLE_UNDERVOLT_WARNINGS" != 1 ] && [ "$DISABLE_UNDERVOLT_WARNINGS" != 2 ] ; then
384 if [ "$DISABLE_UNDERVOLT_WARNINGS" != 1 ] && [ "$DISABLE_UNDERVOLT_WARNINGS" != 2 ] ; then
379 echo "error: DISABLE_UNDERVOLT_WARNINGS=${DISABLE_UNDERVOLT_WARNINGS} is not supported"
385 echo "error: DISABLE_UNDERVOLT_WARNINGS=${DISABLE_UNDERVOLT_WARNINGS} is not supported"
380 exit 1
386 exit 1
381 fi
387 fi
382 fi
388 fi
383
389
384 # Add cmake to compile videocore sources
390 # Add cmake to compile videocore sources
385 if [ "$ENABLE_VIDEOCORE" = true ] ; then
391 if [ "$ENABLE_VIDEOCORE" = true ] ; then
386 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} cmake"
392 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} cmake"
387 fi
393 fi
388
394
389 # Add deps for nexmon
395 # Add deps for nexmon
390 if [ "$ENABLE_NEXMON" = true ] ; then
396 if [ "$ENABLE_NEXMON" = true ] ; then
391 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} libgmp3-dev gawk qpdf bison flex make autoconf automake build-essential libtool"
397 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} libgmp3-dev gawk qpdf bison flex make autoconf automake build-essential libtool"
392 fi
398 fi
393
399
394 # Add libncurses5 to enable kernel menuconfig
400 # Add libncurses5 to enable kernel menuconfig
395 if [ "$KERNEL_MENUCONFIG" = true ] ; then
401 if [ "$KERNEL_MENUCONFIG" = true ] ; then
396 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} libncurses-dev"
402 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} libncurses-dev"
397 fi
403 fi
398
404
399 # Add ccache compiler cache for (faster) kernel cross (re)compilation
405 # Add ccache compiler cache for (faster) kernel cross (re)compilation
400 if [ "$KERNEL_CCACHE" = true ] ; then
406 if [ "$KERNEL_CCACHE" = true ] ; then
401 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} ccache"
407 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} ccache"
402 fi
408 fi
403
409
404 # Add cryptsetup package to enable filesystem encryption
410 # Add cryptsetup package to enable filesystem encryption
405 if [ "$ENABLE_CRYPTFS" = true ] && [ "$BUILD_KERNEL" = true ] ; then
411 if [ "$ENABLE_CRYPTFS" = true ] && [ "$BUILD_KERNEL" = true ] ; then
406 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} cryptsetup"
412 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} cryptsetup"
407 APT_INCLUDES="${APT_INCLUDES},cryptsetup,busybox,console-setup"
413 APT_INCLUDES="${APT_INCLUDES},cryptsetup,busybox,console-setup"
408
414
409 # If cryptfs,dropbear and initramfs are enabled include dropbear-initramfs package
415 # If cryptfs,dropbear and initramfs are enabled include dropbear-initramfs package
410 if [ "$CRYPTFS_DROPBEAR" = true ] && [ "$ENABLE_INITRAMFS" = true ]; then
416 if [ "$CRYPTFS_DROPBEAR" = true ] && [ "$ENABLE_INITRAMFS" = true ]; then
411 APT_INCLUDES="${APT_INCLUDES},dropbear-initramfs"
417 APT_INCLUDES="${APT_INCLUDES},dropbear-initramfs"
412 fi
418 fi
413
419
414 if [ -z "$CRYPTFS_PASSWORD" ] ; then
420 if [ -z "$CRYPTFS_PASSWORD" ] ; then
415 echo "error: no password defined (CRYPTFS_PASSWORD)!"
421 echo "error: no password defined (CRYPTFS_PASSWORD)!"
416 exit 1
422 exit 1
417 fi
423 fi
418 ENABLE_INITRAMFS=true
424 ENABLE_INITRAMFS=true
419 fi
425 fi
420
426
421 # Add initramfs generation tools
427 # Add initramfs generation tools
422 if [ "$ENABLE_INITRAMFS" = true ] && [ "$BUILD_KERNEL" = true ] ; then
428 if [ "$ENABLE_INITRAMFS" = true ] && [ "$BUILD_KERNEL" = true ] ; then
423 APT_INCLUDES="${APT_INCLUDES},initramfs-tools"
429 APT_INCLUDES="${APT_INCLUDES},initramfs-tools"
424 fi
430 fi
425
431
426 # Add device-tree-compiler required for building the U-Boot bootloader
432 # Add device-tree-compiler required for building the U-Boot bootloader
427 if [ "$ENABLE_UBOOT" = true ] ; then
433 if [ "$ENABLE_UBOOT" = true ] ; then
428 APT_INCLUDES="${APT_INCLUDES},device-tree-compiler,bison,flex,bc"
434 APT_INCLUDES="${APT_INCLUDES},device-tree-compiler,bison,flex,bc"
429 fi
435 fi
430
436
431 if [ "$ENABLE_USBBOOT" = true ] ; then
437 if [ "$ENABLE_USBBOOT" = true ] ; then
432 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 1P ] || [ "$RPI_MODEL" = 1 ] || [ "$RPI_MODEL" = 2 ]; then
438 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 1P ] || [ "$RPI_MODEL" = 1 ] || [ "$RPI_MODEL" = 2 ]; then
433 echo "error: Booting from USB alone is only supported by Raspberry Pi 3 and 3P"
439 echo "error: Booting from USB alone is only supported by Raspberry Pi 3 and 3P"
434 exit 1
440 exit 1
435 fi
441 fi
436 fi
442 fi
437
443
438 # Check if root SSH (v2) public key file exists
444 # Check if root SSH (v2) public key file exists
439 if [ -n "$SSH_ROOT_PUB_KEY" ] ; then
445 if [ -n "$SSH_ROOT_PUB_KEY" ] ; then
440 if [ ! -f "$SSH_ROOT_PUB_KEY" ] ; then
446 if [ ! -f "$SSH_ROOT_PUB_KEY" ] ; then
441 echo "error: '$SSH_ROOT_PUB_KEY' specified SSH public key file not found (SSH_ROOT_PUB_KEY)!"
447 echo "error: '$SSH_ROOT_PUB_KEY' specified SSH public key file not found (SSH_ROOT_PUB_KEY)!"
442 exit 1
448 exit 1
443 fi
449 fi
444 fi
450 fi
445
451
446 # Check if $USER_NAME SSH (v2) public key file exists
452 # Check if $USER_NAME SSH (v2) public key file exists
447 if [ -n "$SSH_USER_PUB_KEY" ] ; then
453 if [ -n "$SSH_USER_PUB_KEY" ] ; then
448 if [ ! -f "$SSH_USER_PUB_KEY" ] ; then
454 if [ ! -f "$SSH_USER_PUB_KEY" ] ; then
449 echo "error: '$SSH_USER_PUB_KEY' specified SSH public key file not found (SSH_USER_PUB_KEY)!"
455 echo "error: '$SSH_USER_PUB_KEY' specified SSH public key file not found (SSH_USER_PUB_KEY)!"
450 exit 1
456 exit 1
451 fi
457 fi
452 fi
458 fi
453
459
454 if [ "$ENABLE_NEXMON" = true ] && [ -n "$KERNEL_BRANCH" ] ; then
460 if [ "$ENABLE_NEXMON" = true ] && [ -n "$KERNEL_BRANCH" ] ; then
455 echo "error: Please unset KERNEL_BRANCH if using ENABLE_NEXMON"
461 echo "error: Please unset KERNEL_BRANCH if using ENABLE_NEXMON"
456 exit 1
462 exit 1
457 fi
463 fi
458
464
459 # Check if all required packages are installed on the build system
465 # Check if all required packages are installed on the build system
460 for package in $REQUIRED_PACKAGES ; do
466 for package in $REQUIRED_PACKAGES ; do
461 if [ "$(dpkg-query -W -f='${Status}' "$package")" != "install ok installed" ] ; then
467 if [ "$(dpkg-query -W -f='${Status}' "$package")" != "install ok installed" ] ; then
462 MISSING_PACKAGES="${MISSING_PACKAGES} $package"
468 MISSING_PACKAGES="${MISSING_PACKAGES} $package"
463 fi
469 fi
464 done
470 done
465
471
466 # If there are missing packages ask confirmation for install, or exit
472 # If there are missing packages ask confirmation for install, or exit
467 if [ -n "$MISSING_PACKAGES" ] ; then
473 if [ -n "$MISSING_PACKAGES" ] ; then
468 echo "the following packages needed by this script are not installed:"
474 echo "the following packages needed by this script are not installed:"
469 echo "$MISSING_PACKAGES"
475 echo "$MISSING_PACKAGES"
470
476
471 printf "\ndo you want to install the missing packages right now? [y/n] "
477 printf "\ndo you want to install the missing packages right now? [y/n] "
472 read -r confirm
478 read -r confirm
473 [ "$confirm" != "y" ] && exit 1
479 [ "$confirm" != "y" ] && exit 1
474
480
475 # Make sure all missing required packages are installed
481 # Make sure all missing required packages are installed
476 apt-get update
482 apt-get update
477 apt-get -qq -y install `echo "${MISSING_PACKAGES}" | sed "s/ //"`
483 apt-get -qq -y install `echo "${MISSING_PACKAGES}" | sed "s/ //"`
478 fi
484 fi
479
485
480 # Check if ./bootstrap.d directory exists
486 # Check if ./bootstrap.d directory exists
481 if [ ! -d "./bootstrap.d/" ] ; then
487 if [ ! -d "./bootstrap.d/" ] ; then
482 echo "error: './bootstrap.d' required directory not found!"
488 echo "error: './bootstrap.d' required directory not found!"
483 exit 1
489 exit 1
484 fi
490 fi
485
491
486 # Check if ./files directory exists
492 # Check if ./files directory exists
487 if [ ! -d "./files/" ] ; then
493 if [ ! -d "./files/" ] ; then
488 echo "error: './files' required directory not found!"
494 echo "error: './files' required directory not found!"
489 exit 1
495 exit 1
490 fi
496 fi
491
497
492 # Check if specified KERNELSRC_DIR directory exists
498 # Check if specified KERNELSRC_DIR directory exists
493 if [ -n "$KERNELSRC_DIR" ] && [ ! -d "$KERNELSRC_DIR" ] ; then
499 if [ -n "$KERNELSRC_DIR" ] && [ ! -d "$KERNELSRC_DIR" ] ; then
494 echo "error: '${KERNELSRC_DIR}' specified directory not found (KERNELSRC_DIR)!"
500 echo "error: '${KERNELSRC_DIR}' specified directory not found (KERNELSRC_DIR)!"
495 exit 1
501 exit 1
496 fi
502 fi
497
503
498 # Check if specified UBOOTSRC_DIR directory exists
504 # Check if specified UBOOTSRC_DIR directory exists
499 if [ -n "$UBOOTSRC_DIR" ] && [ ! -d "$UBOOTSRC_DIR" ] ; then
505 if [ -n "$UBOOTSRC_DIR" ] && [ ! -d "$UBOOTSRC_DIR" ] ; then
500 echo "error: '${UBOOTSRC_DIR}' specified directory not found (UBOOTSRC_DIR)!"
506 echo "error: '${UBOOTSRC_DIR}' specified directory not found (UBOOTSRC_DIR)!"
501 exit 1
507 exit 1
502 fi
508 fi
503
509
504 # Check if specified VIDEOCORESRC_DIR directory exists
510 # Check if specified VIDEOCORESRC_DIR directory exists
505 if [ -n "$VIDEOCORESRC_DIR" ] && [ ! -d "$VIDEOCORESRC_DIR" ] ; then
511 if [ -n "$VIDEOCORESRC_DIR" ] && [ ! -d "$VIDEOCORESRC_DIR" ] ; then
506 echo "error: '${VIDEOCORESRC_DIR}' specified directory not found (VIDEOCORESRC_DIR)!"
512 echo "error: '${VIDEOCORESRC_DIR}' specified directory not found (VIDEOCORESRC_DIR)!"
507 exit 1
513 exit 1
508 fi
514 fi
509
515
510 # Check if specified FBTURBOSRC_DIR directory exists
516 # Check if specified FBTURBOSRC_DIR directory exists
511 if [ -n "$FBTURBOSRC_DIR" ] && [ ! -d "$FBTURBOSRC_DIR" ] ; then
517 if [ -n "$FBTURBOSRC_DIR" ] && [ ! -d "$FBTURBOSRC_DIR" ] ; then
512 echo "error: '${FBTURBOSRC_DIR}' specified directory not found (FBTURBOSRC_DIR)!"
518 echo "error: '${FBTURBOSRC_DIR}' specified directory not found (FBTURBOSRC_DIR)!"
513 exit 1
519 exit 1
514 fi
520 fi
515
521
516 # Check if specified NEXMONSRC_DIR directory exists
522 # Check if specified NEXMONSRC_DIR directory exists
517 if [ -n "$NEXMONSRC_DIR" ] && [ ! -d "$NEXMONSRC_DIR" ] ; then
523 if [ -n "$NEXMONSRC_DIR" ] && [ ! -d "$NEXMONSRC_DIR" ] ; then
518 echo "error: '${NEXMONSRC_DIR}' specified directory not found (NEXMONSRC_DIR)!"
524 echo "error: '${NEXMONSRC_DIR}' specified directory not found (NEXMONSRC_DIR)!"
519 exit 1
525 exit 1
520 fi
526 fi
521
527
522 # Check if specified CHROOT_SCRIPTS directory exists
528 # Check if specified CHROOT_SCRIPTS directory exists
523 if [ -n "$CHROOT_SCRIPTS" ] && [ ! -d "$CHROOT_SCRIPTS" ] ; then
529 if [ -n "$CHROOT_SCRIPTS" ] && [ ! -d "$CHROOT_SCRIPTS" ] ; then
524 echo "error: ${CHROOT_SCRIPTS} specified directory not found (CHROOT_SCRIPTS)!"
530 echo "error: ${CHROOT_SCRIPTS} specified directory not found (CHROOT_SCRIPTS)!"
525 exit 1
531 exit 1
526 fi
532 fi
527
533
528 # Check if specified device mapping already exists (will be used by cryptsetup)
534 # Check if specified device mapping already exists (will be used by cryptsetup)
529 if [ -r "/dev/mapping/${CRYPTFS_MAPPING}" ] ; then
535 if [ -r "/dev/mapping/${CRYPTFS_MAPPING}" ] ; then
530 echo "error: mapping /dev/mapping/${CRYPTFS_MAPPING} already exists, not proceeding"
536 echo "error: mapping /dev/mapping/${CRYPTFS_MAPPING} already exists, not proceeding"
531 exit 1
537 exit 1
532 fi
538 fi
533
539
534 # Don't clobber an old build
540 # Don't clobber an old build
535 if [ -e "$BUILDDIR" ] ; then
541 if [ -e "$BUILDDIR" ] ; then
536 echo "error: directory ${BUILDDIR} already exists, not proceeding"
542 echo "error: directory ${BUILDDIR} already exists, not proceeding"
537 exit 1
543 exit 1
538 fi
544 fi
539
545
540 # Setup chroot directory
546 # Setup chroot directory
541 mkdir -p "${R}"
547 mkdir -p "${R}"
542
548
543 # Check if build directory has enough of free disk space >512MB
549 # Check if build directory has enough of free disk space >512MB
544 if [ "$(df --output=avail "${BUILDDIR}" | sed "1d")" -le "524288" ] ; then
550 if [ "$(df --output=avail "${BUILDDIR}" | sed "1d")" -le "524288" ] ; then
545 echo "error: ${BUILDDIR} not enough space left to generate the output image!"
551 echo "error: ${BUILDDIR} not enough space left to generate the output image!"
546 exit 1
552 exit 1
547 fi
553 fi
548
554
549 set -x
555 set -x
550
556
551 # Call "cleanup" function on various signals and errors
557 # Call "cleanup" function on various signals and errors
552 trap cleanup 0 1 2 3 6
558 trap cleanup 0 1 2 3 6
553
559
554 # Add required packages for the minbase installation
560 # Add required packages for the minbase installation
555 if [ "$ENABLE_MINBASE" = true ] ; then
561 if [ "$ENABLE_MINBASE" = true ] ; then
556 APT_INCLUDES="${APT_INCLUDES},vim-tiny,netbase,net-tools,ifupdown"
562 APT_INCLUDES="${APT_INCLUDES},vim-tiny,netbase,net-tools,ifupdown"
557 fi
563 fi
558
564
559 # Add parted package, required to get partprobe utility
565 # Add parted package, required to get partprobe utility
560 if [ "$EXPANDROOT" = true ] ; then
566 if [ "$EXPANDROOT" = true ] ; then
561 APT_INCLUDES="${APT_INCLUDES},parted"
567 APT_INCLUDES="${APT_INCLUDES},parted"
562 fi
568 fi
563
569
564 # Add dphys-swapfile package, required to enable swap
570 # Add dphys-swapfile package, required to enable swap
565 if [ "$ENABLE_DPHYSSWAP" = true ] ; then
571 if [ "$ENABLE_DPHYSSWAP" = true ] ; then
566 APT_INCLUDES="${APT_INCLUDES},dphys-swapfile"
572 APT_INCLUDES="${APT_INCLUDES},dphys-swapfile"
567 fi
573 fi
568
574
569 # Add dbus package, recommended if using systemd
575 # Add dbus package, recommended if using systemd
570 if [ "$ENABLE_DBUS" = true ] ; then
576 if [ "$ENABLE_DBUS" = true ] ; then
571 APT_INCLUDES="${APT_INCLUDES},dbus"
577 APT_INCLUDES="${APT_INCLUDES},dbus"
572 fi
578 fi
573
579
574 # Add iptables IPv4/IPv6 package
580 # Add iptables IPv4/IPv6 package
575 if [ "$ENABLE_IPTABLES" = true ] ; then
581 if [ "$ENABLE_IPTABLES" = true ] ; then
576 APT_INCLUDES="${APT_INCLUDES},iptables,iptables-persistent"
582 APT_INCLUDES="${APT_INCLUDES},iptables,iptables-persistent"
577 fi
583 fi
578 # Add apparmor for KERNEL_SECURITY
584 # Add apparmor for KERNEL_SECURITY
579 if [ "$KERNEL_SECURITY" = true ] ; then
585 if [ "$KERNEL_SECURITY" = true ] ; then
580 APT_INCLUDES="${APT_INCLUDES},apparmor,apparmor-utils,apparmor-profiles,apparmor-profiles-extra,libapparmor-perl"
586 APT_INCLUDES="${APT_INCLUDES},apparmor,apparmor-utils,apparmor-profiles,apparmor-profiles-extra,libapparmor-perl"
581 fi
587 fi
582
588
583 # Add openssh server package
589 # Add openssh server package
584 if [ "$ENABLE_SSHD" = true ] ; then
590 if [ "$ENABLE_SSHD" = true ] ; then
585 APT_INCLUDES="${APT_INCLUDES},openssh-server"
591 APT_INCLUDES="${APT_INCLUDES},openssh-server"
586 fi
592 fi
587
593
588 # Add alsa-utils package
594 # Add alsa-utils package
589 if [ "$ENABLE_SOUND" = true ] ; then
595 if [ "$ENABLE_SOUND" = true ] ; then
590 APT_INCLUDES="${APT_INCLUDES},alsa-utils"
596 APT_INCLUDES="${APT_INCLUDES},alsa-utils"
591 fi
597 fi
592
598
593 # Add rng-tools package
599 # Add rng-tools package
594 if [ "$ENABLE_HWRANDOM" = true ] ; then
600 if [ "$ENABLE_HWRANDOM" = true ] ; then
595 APT_INCLUDES="${APT_INCLUDES},rng-tools"
601 APT_INCLUDES="${APT_INCLUDES},rng-tools"
596 fi
602 fi
597
603
598 # Add fbturbo video driver
604 # Add fbturbo video driver
599 if [ "$ENABLE_FBTURBO" = true ] ; then
605 if [ "$ENABLE_FBTURBO" = true ] ; then
600 # Enable xorg package dependencies
606 # Enable xorg package dependencies
601 ENABLE_XORG=true
607 ENABLE_XORG=true
602 fi
608 fi
603
609
604 # Add user defined window manager package
610 # Add user defined window manager package
605 if [ -n "$ENABLE_WM" ] ; then
611 if [ -n "$ENABLE_WM" ] ; then
606 APT_INCLUDES="${APT_INCLUDES},${ENABLE_WM}"
612 APT_INCLUDES="${APT_INCLUDES},${ENABLE_WM}"
607
613
608 # Enable xorg package dependencies
614 # Enable xorg package dependencies
609 ENABLE_XORG=true
615 ENABLE_XORG=true
610 fi
616 fi
611
617
612 # Add xorg package
618 # Add xorg package
613 if [ "$ENABLE_XORG" = true ] ; then
619 if [ "$ENABLE_XORG" = true ] ; then
614 APT_INCLUDES="${APT_INCLUDES},xorg,dbus-x11"
620 APT_INCLUDES="${APT_INCLUDES},xorg,dbus-x11"
615 fi
621 fi
616
622
617 # Replace selected packages with smaller clones
623 # Replace selected packages with smaller clones
618 if [ "$ENABLE_REDUCE" = true ] ; then
624 if [ "$ENABLE_REDUCE" = true ] ; then
619 # Add levee package instead of vim-tiny
625 # Add levee package instead of vim-tiny
620 if [ "$REDUCE_VIM" = true ] ; then
626 if [ "$REDUCE_VIM" = true ] ; then
621 APT_INCLUDES="$(echo ${APT_INCLUDES} | sed "s/vim-tiny/levee/")"
627 APT_INCLUDES="$(echo ${APT_INCLUDES} | sed "s/vim-tiny/levee/")"
622 fi
628 fi
623
629
624 # Add dropbear package instead of openssh-server
630 # Add dropbear package instead of openssh-server
625 if [ "$REDUCE_SSHD" = true ] ; then
631 if [ "$REDUCE_SSHD" = true ] ; then
626 APT_INCLUDES="$(echo "${APT_INCLUDES}" | sed "s/openssh-server/dropbear/")"
632 APT_INCLUDES="$(echo "${APT_INCLUDES}" | sed "s/openssh-server/dropbear/")"
627 fi
633 fi
628 fi
634 fi
629
635
630 # Configure systemd-sysv exclude to make halt/reboot/shutdown scripts available
636 # Configure systemd-sysv exclude to make halt/reboot/shutdown scripts available
631 if [ "$ENABLE_SYSVINIT" = false ] ; then
637 if [ "$ENABLE_SYSVINIT" = false ] ; then
632 APT_EXCLUDES="--exclude=${APT_EXCLUDES},init,systemd-sysv"
638 APT_EXCLUDES="--exclude=${APT_EXCLUDES},init,systemd-sysv"
633 fi
639 fi
634
640
635 # Configure kernel sources if no KERNELSRC_DIR
641 # Configure kernel sources if no KERNELSRC_DIR
636 if [ "$BUILD_KERNEL" = true ] && [ -z "$KERNELSRC_DIR" ] ; then
642 if [ "$BUILD_KERNEL" = true ] && [ -z "$KERNELSRC_DIR" ] ; then
637 KERNELSRC_CONFIG=true
643 KERNELSRC_CONFIG=true
638 fi
644 fi
639
645
640 # Configure reduced kernel
646 # Configure reduced kernel
641 if [ "$KERNEL_REDUCE" = true ] ; then
647 if [ "$KERNEL_REDUCE" = true ] ; then
642 KERNELSRC_CONFIG=false
648 KERNELSRC_CONFIG=false
643 fi
649 fi
644
650
645 # Configure qemu compatible kernel
651 # Configure qemu compatible kernel
646 if [ "$ENABLE_QEMU" = true ] ; then
652 if [ "$ENABLE_QEMU" = true ] ; then
647 DTB_FILE=vexpress-v2p-ca15_a7.dtb
653 DTB_FILE=vexpress-v2p-ca15_a7.dtb
648 UBOOT_CONFIG=vexpress_ca15_tc2_defconfig
654 UBOOT_CONFIG=vexpress_ca15_tc2_defconfig
649 KERNEL_DEFCONFIG="vexpress_defconfig"
655 KERNEL_DEFCONFIG="vexpress_defconfig"
650 if [ "$KERNEL_MENUCONFIG" = false ] ; then
656 if [ "$KERNEL_MENUCONFIG" = false ] ; then
651 KERNEL_OLDDEFCONFIG=true
657 KERNEL_OLDDEFCONFIG=true
652 fi
658 fi
653 fi
659 fi
654
660
655 # Execute bootstrap scripts
661 # Execute bootstrap scripts
656 for SCRIPT in bootstrap.d/*.sh; do
662 for SCRIPT in bootstrap.d/*.sh; do
657 head -n 3 "$SCRIPT"
663 head -n 3 "$SCRIPT"
658 . "$SCRIPT"
664 . "$SCRIPT"
659 done
665 done
660
666
661 ## Execute custom bootstrap scripts
667 ## Execute custom bootstrap scripts
662 if [ -d "custom.d" ] ; then
668 if [ -d "custom.d" ] ; then
663 for SCRIPT in custom.d/*.sh; do
669 for SCRIPT in custom.d/*.sh; do
664 . "$SCRIPT"
670 . "$SCRIPT"
665 done
671 done
666 fi
672 fi
667
673
668 # Execute custom scripts inside the chroot
674 # Execute custom scripts inside the chroot
669 if [ -n "$CHROOT_SCRIPTS" ] && [ -d "$CHROOT_SCRIPTS" ] ; then
675 if [ -n "$CHROOT_SCRIPTS" ] && [ -d "$CHROOT_SCRIPTS" ] ; then
670 cp -r "${CHROOT_SCRIPTS}" "${R}/chroot_scripts"
676 cp -r "${CHROOT_SCRIPTS}" "${R}/chroot_scripts"
671 chroot_exec /bin/bash -x <<'EOF'
677 chroot_exec /bin/bash -x <<'EOF'
672 for SCRIPT in /chroot_scripts/* ; do
678 for SCRIPT in /chroot_scripts/* ; do
673 if [ -f $SCRIPT -a -x $SCRIPT ] ; then
679 if [ -f $SCRIPT -a -x $SCRIPT ] ; then
674 $SCRIPT
680 $SCRIPT
675 fi
681 fi
676 done
682 done
677 EOF
683 EOF
678 rm -rf "${R}/chroot_scripts"
684 rm -rf "${R}/chroot_scripts"
679 fi
685 fi
680
686
681 # Remove c/c++ build environment from the chroot
687 # Remove c/c++ build environment from the chroot
682 chroot_remove_cc
688 chroot_remove_cc
683
689
684 # Generate required machine-id
690 # Generate required machine-id
685 MACHINE_ID=$(dbus-uuidgen)
691 MACHINE_ID=$(dbus-uuidgen)
686 echo -n "${MACHINE_ID}" > "${R}/var/lib/dbus/machine-id"
692 echo -n "${MACHINE_ID}" > "${R}/var/lib/dbus/machine-id"
687 echo -n "${MACHINE_ID}" > "${ETC_DIR}/machine-id"
693 echo -n "${MACHINE_ID}" > "${ETC_DIR}/machine-id"
688
694
689 # APT Cleanup
695 # APT Cleanup
690 chroot_exec apt-get -y clean
696 chroot_exec apt-get -y clean
691 chroot_exec apt-get -y autoclean
697 chroot_exec apt-get -y autoclean
692 chroot_exec apt-get -y autoremove
698 chroot_exec apt-get -y autoremove
693
699
694 # Unmount mounted filesystems
700 # Unmount mounted filesystems
695 umount -l "${R}/proc"
701 umount -l "${R}/proc"
696 umount -l "${R}/sys"
702 umount -l "${R}/sys"
697
703
698 # Clean up directories
704 # Clean up directories
699 rm -rf "${R}/run/*"
705 rm -rf "${R}/run/*"
700 rm -rf "${R}/tmp/*"
706 rm -rf "${R}/tmp/*"
701
707
702 # Clean up APT proxy settings
708 # Clean up APT proxy settings
703 if [ "$KEEP_APT_PROXY" = false ] ; then
709 if [ "$KEEP_APT_PROXY" = false ] ; then
704 rm -f "${ETC_DIR}/apt/apt.conf.d/10proxy"
710 rm -f "${ETC_DIR}/apt/apt.conf.d/10proxy"
705 fi
711 fi
706
712
707 # Clean up files
713 # Clean up files
708 rm -f "${ETC_DIR}/ssh/ssh_host_*"
714 rm -f "${ETC_DIR}/ssh/ssh_host_*"
709 rm -f "${ETC_DIR}/dropbear/dropbear_*"
715 rm -f "${ETC_DIR}/dropbear/dropbear_*"
710 rm -f "${ETC_DIR}/apt/sources.list.save"
716 rm -f "${ETC_DIR}/apt/sources.list.save"
711 rm -f "${ETC_DIR}/resolvconf/resolv.conf.d/original"
717 rm -f "${ETC_DIR}/resolvconf/resolv.conf.d/original"
712 rm -f "${ETC_DIR}/*-"
718 rm -f "${ETC_DIR}/*-"
713 rm -f "${ETC_DIR}/resolv.conf"
719 rm -f "${ETC_DIR}/resolv.conf"
714 rm -f "${R}/root/.bash_history"
720 rm -f "${R}/root/.bash_history"
715 rm -f "${R}/var/lib/urandom/random-seed"
721 rm -f "${R}/var/lib/urandom/random-seed"
716 rm -f "${R}/initrd.img"
722 rm -f "${R}/initrd.img"
717 rm -f "${R}/vmlinuz"
723 rm -f "${R}/vmlinuz"
718 rm -f "${R}${QEMU_BINARY}"
724 rm -f "${R}${QEMU_BINARY}"
719
725
720 if [ "$ENABLE_QEMU" = true ] ; then
726 if [ "$ENABLE_QEMU" = true ] ; then
721 # Setup QEMU directory
727 # Setup QEMU directory
722 mkdir "${BASEDIR}/qemu"
728 mkdir "${BASEDIR}/qemu"
723
729
724 # Copy kernel image to QEMU directory
730 # Copy kernel image to QEMU directory
725 install_readonly "${BOOT_DIR}/${KERNEL_IMAGE}" "${BASEDIR}/qemu/${KERNEL_IMAGE}"
731 install_readonly "${BOOT_DIR}/${KERNEL_IMAGE}" "${BASEDIR}/qemu/${KERNEL_IMAGE}"
726
732
727 # Copy kernel config to QEMU directory
733 # Copy kernel config to QEMU directory
728 install_readonly "${R}/boot/config-${KERNEL_VERSION}" "${BASEDIR}/qemu/config-${KERNEL_VERSION}"
734 install_readonly "${R}/boot/config-${KERNEL_VERSION}" "${BASEDIR}/qemu/config-${KERNEL_VERSION}"
729
735
730 # Copy kernel dtbs to QEMU directory
736 # Copy kernel dtbs to QEMU directory
731 for dtb in "${BOOT_DIR}/"*.dtb ; do
737 for dtb in "${BOOT_DIR}/"*.dtb ; do
732 if [ -f "${dtb}" ] ; then
738 if [ -f "${dtb}" ] ; then
733 install_readonly "${dtb}" "${BASEDIR}/qemu/"
739 install_readonly "${dtb}" "${BASEDIR}/qemu/"
734 fi
740 fi
735 done
741 done
736
742
737 # Copy kernel overlays to QEMU directory
743 # Copy kernel overlays to QEMU directory
738 if [ -d "${BOOT_DIR}/overlays" ] ; then
744 if [ -d "${BOOT_DIR}/overlays" ] ; then
739 # Setup overlays dtbs directory
745 # Setup overlays dtbs directory
740 mkdir "${BASEDIR}/qemu/overlays"
746 mkdir "${BASEDIR}/qemu/overlays"
741
747
742 for dtb in "${BOOT_DIR}/overlays/"*.dtbo ; do
748 for dtb in "${BOOT_DIR}/overlays/"*.dtbo ; do
743 if [ -f "${dtb}" ] ; then
749 if [ -f "${dtb}" ] ; then
744 install_readonly "${dtb}" "${BASEDIR}/qemu/overlays/"
750 install_readonly "${dtb}" "${BASEDIR}/qemu/overlays/"
745 fi
751 fi
746 done
752 done
747 fi
753 fi
748
754
749 # Copy u-boot files to QEMU directory
755 # Copy u-boot files to QEMU directory
750 if [ "$ENABLE_UBOOT" = true ] ; then
756 if [ "$ENABLE_UBOOT" = true ] ; then
751 if [ -f "${BOOT_DIR}/u-boot.bin" ] ; then
757 if [ -f "${BOOT_DIR}/u-boot.bin" ] ; then
752 install_readonly "${BOOT_DIR}/u-boot.bin" "${BASEDIR}/qemu/u-boot.bin"
758 install_readonly "${BOOT_DIR}/u-boot.bin" "${BASEDIR}/qemu/u-boot.bin"
753 fi
759 fi
754 if [ -f "${BOOT_DIR}/uboot.mkimage" ] ; then
760 if [ -f "${BOOT_DIR}/uboot.mkimage" ] ; then
755 install_readonly "${BOOT_DIR}/uboot.mkimage" "${BASEDIR}/qemu/uboot.mkimage"
761 install_readonly "${BOOT_DIR}/uboot.mkimage" "${BASEDIR}/qemu/uboot.mkimage"
756 fi
762 fi
757 if [ -f "${BOOT_DIR}/boot.scr" ] ; then
763 if [ -f "${BOOT_DIR}/boot.scr" ] ; then
758 install_readonly "${BOOT_DIR}/boot.scr" "${BASEDIR}/qemu/boot.scr"
764 install_readonly "${BOOT_DIR}/boot.scr" "${BASEDIR}/qemu/boot.scr"
759 fi
765 fi
760 fi
766 fi
761
767
762 # Copy initramfs to QEMU directory
768 # Copy initramfs to QEMU directory
763 if [ -f "${BOOT_DIR}/initramfs-${KERNEL_VERSION}" ] ; then
769 if [ -f "${BOOT_DIR}/initramfs-${KERNEL_VERSION}" ] ; then
764 install_readonly "${BOOT_DIR}/initramfs-${KERNEL_VERSION}" "${BASEDIR}/qemu/initramfs-${KERNEL_VERSION}"
770 install_readonly "${BOOT_DIR}/initramfs-${KERNEL_VERSION}" "${BASEDIR}/qemu/initramfs-${KERNEL_VERSION}"
765 fi
771 fi
766 fi
772 fi
767
773
768 # Calculate size of the chroot directory in KB
774 # Calculate size of the chroot directory in KB
769 CHROOT_SIZE=$(expr "$(du -s "${R}" | awk '{ print $1 }')")
775 CHROOT_SIZE=$(expr "$(du -s "${R}" | awk '{ print $1 }')")
770
776
771 # Calculate the amount of needed 512 Byte sectors
777 # Calculate the amount of needed 512 Byte sectors
772 TABLE_SECTORS=$(expr 1 \* 1024 \* 1024 \/ 512)
778 TABLE_SECTORS=$(expr 1 \* 1024 \* 1024 \/ 512)
773 FRMW_SECTORS=$(expr 64 \* 1024 \* 1024 \/ 512)
779 FRMW_SECTORS=$(expr 64 \* 1024 \* 1024 \/ 512)
774 ROOT_OFFSET=$(expr "${TABLE_SECTORS}" + "${FRMW_SECTORS}")
780 ROOT_OFFSET=$(expr "${TABLE_SECTORS}" + "${FRMW_SECTORS}")
775
781
776 # The root partition is EXT4
782 # The root partition is EXT4
777 # This means more space than the actual used space of the chroot is used.
783 # This means more space than the actual used space of the chroot is used.
778 # As overhead for journaling and reserved blocks 35% are added.
784 # As overhead for journaling and reserved blocks 35% are added.
779 ROOT_SECTORS=$(expr "$(expr "${CHROOT_SIZE}" + "${CHROOT_SIZE}" \/ 100 \* 35)" \* 1024 \/ 512)
785 ROOT_SECTORS=$(expr "$(expr "${CHROOT_SIZE}" + "${CHROOT_SIZE}" \/ 100 \* 35)" \* 1024 \/ 512)
780
786
781 # Calculate required image size in 512 Byte sectors
787 # Calculate required image size in 512 Byte sectors
782 IMAGE_SECTORS=$(expr "${TABLE_SECTORS}" + "${FRMW_SECTORS}" + "${ROOT_SECTORS}")
788 IMAGE_SECTORS=$(expr "${TABLE_SECTORS}" + "${FRMW_SECTORS}" + "${ROOT_SECTORS}")
783
789
784 # Prepare image file
790 # Prepare image file
785 if [ "$ENABLE_SPLITFS" = true ] ; then
791 if [ "$ENABLE_SPLITFS" = true ] ; then
786 dd if=/dev/zero of="$IMAGE_NAME-frmw.img" bs=512 count="${TABLE_SECTORS}"
792 dd if=/dev/zero of="$IMAGE_NAME-frmw.img" bs=512 count="${TABLE_SECTORS}"
787 dd if=/dev/zero of="$IMAGE_NAME-frmw.img" bs=512 count=0 seek="${FRMW_SECTORS}"
793 dd if=/dev/zero of="$IMAGE_NAME-frmw.img" bs=512 count=0 seek="${FRMW_SECTORS}"
788 dd if=/dev/zero of="$IMAGE_NAME-root.img" bs=512 count="${TABLE_SECTORS}"
794 dd if=/dev/zero of="$IMAGE_NAME-root.img" bs=512 count="${TABLE_SECTORS}"
789 dd if=/dev/zero of="$IMAGE_NAME-root.img" bs=512 count=0 seek="${ROOT_SECTORS}"
795 dd if=/dev/zero of="$IMAGE_NAME-root.img" bs=512 count=0 seek="${ROOT_SECTORS}"
790
796
791 # Write firmware/boot partition tables
797 # Write firmware/boot partition tables
792 sfdisk -q -L -uS -f "$IMAGE_NAME-frmw.img" 2> /dev/null <<EOM
798 sfdisk -q -L -uS -f "$IMAGE_NAME-frmw.img" 2> /dev/null <<EOM
793 ${TABLE_SECTORS},${FRMW_SECTORS},c,*
799 ${TABLE_SECTORS},${FRMW_SECTORS},c,*
794 EOM
800 EOM
795
801
796 # Write root partition table
802 # Write root partition table
797 sfdisk -q -L -uS -f "$IMAGE_NAME-root.img" 2> /dev/null <<EOM
803 sfdisk -q -L -uS -f "$IMAGE_NAME-root.img" 2> /dev/null <<EOM
798 ${TABLE_SECTORS},${ROOT_SECTORS},83
804 ${TABLE_SECTORS},${ROOT_SECTORS},83
799 EOM
805 EOM
800
806
801 # Setup temporary loop devices
807 # Setup temporary loop devices
802 FRMW_LOOP="$(losetup -o 1M --sizelimit 64M -f --show "$IMAGE_NAME"-frmw.img)"
808 FRMW_LOOP="$(losetup -o 1M --sizelimit 64M -f --show "$IMAGE_NAME"-frmw.img)"
803 ROOT_LOOP="$(losetup -o 1M -f --show "$IMAGE_NAME"-root.img)"
809 ROOT_LOOP="$(losetup -o 1M -f --show "$IMAGE_NAME"-root.img)"
804 else # ENABLE_SPLITFS=false
810 else # ENABLE_SPLITFS=false
805 dd if=/dev/zero of="$IMAGE_NAME.img" bs=512 count="${TABLE_SECTORS}"
811 dd if=/dev/zero of="$IMAGE_NAME.img" bs=512 count="${TABLE_SECTORS}"
806 dd if=/dev/zero of="$IMAGE_NAME.img" bs=512 count=0 seek="${IMAGE_SECTORS}"
812 dd if=/dev/zero of="$IMAGE_NAME.img" bs=512 count=0 seek="${IMAGE_SECTORS}"
807
813
808 # Write partition table
814 # Write partition table
809 sfdisk -q -L -uS -f "$IMAGE_NAME.img" 2> /dev/null <<EOM
815 sfdisk -q -L -uS -f "$IMAGE_NAME.img" 2> /dev/null <<EOM
810 ${TABLE_SECTORS},${FRMW_SECTORS},c,*
816 ${TABLE_SECTORS},${FRMW_SECTORS},c,*
811 ${ROOT_OFFSET},${ROOT_SECTORS},83
817 ${ROOT_OFFSET},${ROOT_SECTORS},83
812 EOM
818 EOM
813
819
814 # Setup temporary loop devices
820 # Setup temporary loop devices
815 FRMW_LOOP="$(losetup -o 1M --sizelimit 64M -f --show "$IMAGE_NAME".img)"
821 FRMW_LOOP="$(losetup -o 1M --sizelimit 64M -f --show "$IMAGE_NAME".img)"
816 ROOT_LOOP="$(losetup -o 65M -f --show "$IMAGE_NAME".img)"
822 ROOT_LOOP="$(losetup -o 65M -f --show "$IMAGE_NAME".img)"
817 fi
823 fi
818
824
819 if [ "$ENABLE_CRYPTFS" = true ] ; then
825 if [ "$ENABLE_CRYPTFS" = true ] ; then
820 # Create dummy ext4 fs
826 # Create dummy ext4 fs
821 mkfs.ext4 "$ROOT_LOOP"
827 mkfs.ext4 "$ROOT_LOOP"
822
828
823 # Setup password keyfile
829 # Setup password keyfile
824 touch .password
830 touch .password
825 chmod 600 .password
831 chmod 600 .password
826 echo -n ${CRYPTFS_PASSWORD} > .password
832 echo -n ${CRYPTFS_PASSWORD} > .password
827
833
828 # Initialize encrypted partition
834 # Initialize encrypted partition
829 echo "YES" | cryptsetup luksFormat "${ROOT_LOOP}" -c "${CRYPTFS_CIPHER}" -s "${CRYPTFS_XTSKEYSIZE}" .password
835 echo "YES" | cryptsetup luksFormat "${ROOT_LOOP}" -c "${CRYPTFS_CIPHER}" -s "${CRYPTFS_XTSKEYSIZE}" .password
830
836
831 # Open encrypted partition and setup mapping
837 # Open encrypted partition and setup mapping
832 cryptsetup luksOpen "${ROOT_LOOP}" -d .password "${CRYPTFS_MAPPING}"
838 cryptsetup luksOpen "${ROOT_LOOP}" -d .password "${CRYPTFS_MAPPING}"
833
839
834 # Secure delete password keyfile
840 # Secure delete password keyfile
835 shred -zu .password
841 shred -zu .password
836
842
837 # Update temporary loop device
843 # Update temporary loop device
838 ROOT_LOOP="/dev/mapper/${CRYPTFS_MAPPING}"
844 ROOT_LOOP="/dev/mapper/${CRYPTFS_MAPPING}"
839
845
840 # Wipe encrypted partition (encryption cipher is used for randomness)
846 # Wipe encrypted partition (encryption cipher is used for randomness)
841 dd if=/dev/zero of="${ROOT_LOOP}" bs=512 count="$(blockdev --getsz "${ROOT_LOOP}")"
847 dd if=/dev/zero of="${ROOT_LOOP}" bs=512 count="$(blockdev --getsz "${ROOT_LOOP}")"
842 fi
848 fi
843
849
844 # Build filesystems
850 # Build filesystems
845 mkfs.vfat "$FRMW_LOOP"
851 mkfs.vfat "$FRMW_LOOP"
846 mkfs.ext4 "$ROOT_LOOP"
852 mkfs.ext4 "$ROOT_LOOP"
847
853
848 # Mount the temporary loop devices
854 # Mount the temporary loop devices
849 mkdir -p "$BUILDDIR/mount"
855 mkdir -p "$BUILDDIR/mount"
850 mount "$ROOT_LOOP" "$BUILDDIR/mount"
856 mount "$ROOT_LOOP" "$BUILDDIR/mount"
851
857
852 mkdir -p "$BUILDDIR/mount/boot/firmware"
858 mkdir -p "$BUILDDIR/mount/boot/firmware"
853 mount "$FRMW_LOOP" "$BUILDDIR/mount/boot/firmware"
859 mount "$FRMW_LOOP" "$BUILDDIR/mount/boot/firmware"
854
860
855 # Copy all files from the chroot to the loop device mount point directory
861 # Copy all files from the chroot to the loop device mount point directory
856 rsync -a "${R}/" "$BUILDDIR/mount/"
862 rsync -a "${R}/" "$BUILDDIR/mount/"
857
863
858 # Unmount all temporary loop devices and mount points
864 # Unmount all temporary loop devices and mount points
859 cleanup
865 cleanup
860
866
861 # Create block map file(s) of image(s)
867 # Create block map file(s) of image(s)
862 if [ "$ENABLE_SPLITFS" = true ] ; then
868 if [ "$ENABLE_SPLITFS" = true ] ; then
863 # Create block map files for "bmaptool"
869 # Create block map files for "bmaptool"
864 bmaptool create -o "$IMAGE_NAME-frmw.bmap" "$IMAGE_NAME-frmw.img"
870 bmaptool create -o "$IMAGE_NAME-frmw.bmap" "$IMAGE_NAME-frmw.img"
865 bmaptool create -o "$IMAGE_NAME-root.bmap" "$IMAGE_NAME-root.img"
871 bmaptool create -o "$IMAGE_NAME-root.bmap" "$IMAGE_NAME-root.img"
866
872
867 # Image was successfully created
873 # Image was successfully created
868 echo "$IMAGE_NAME-frmw.img ($(expr \( "${TABLE_SECTORS}" + "${FRMW_SECTORS}" \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
874 echo "$IMAGE_NAME-frmw.img ($(expr \( "${TABLE_SECTORS}" + "${FRMW_SECTORS}" \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
869 echo "$IMAGE_NAME-root.img ($(expr \( "${TABLE_SECTORS}" + "${ROOT_SECTORS}" \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
875 echo "$IMAGE_NAME-root.img ($(expr \( "${TABLE_SECTORS}" + "${ROOT_SECTORS}" \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
870 else
876 else
871 # Create block map file for "bmaptool"
877 # Create block map file for "bmaptool"
872 bmaptool create -o "$IMAGE_NAME.bmap" "$IMAGE_NAME.img"
878 bmaptool create -o "$IMAGE_NAME.bmap" "$IMAGE_NAME.img"
873
879
874 # Image was successfully created
880 # Image was successfully created
875 echo "$IMAGE_NAME.img ($(expr \( "${TABLE_SECTORS}" + "${FRMW_SECTORS}" + "${ROOT_SECTORS}" \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
881 echo "$IMAGE_NAME.img ($(expr \( "${TABLE_SECTORS}" + "${FRMW_SECTORS}" + "${ROOT_SECTORS}" \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
876
882
877 # Create qemu qcow2 image
883 # Create qemu qcow2 image
878 if [ "$ENABLE_QEMU" = true ] ; then
884 if [ "$ENABLE_QEMU" = true ] ; then
879 QEMU_IMAGE=${QEMU_IMAGE:=${BASEDIR}/qemu/${DATE}-${KERNEL_ARCH}-CURRENT-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}}
885 QEMU_IMAGE=${QEMU_IMAGE:=${BASEDIR}/qemu/${DATE}-${KERNEL_ARCH}-CURRENT-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}}
880 QEMU_SIZE=16G
886 QEMU_SIZE=16G
881
887
882 qemu-img convert -f raw -O qcow2 "$IMAGE_NAME".img "$QEMU_IMAGE".qcow2
888 qemu-img convert -f raw -O qcow2 "$IMAGE_NAME".img "$QEMU_IMAGE".qcow2
883 qemu-img resize "$QEMU_IMAGE".qcow2 $QEMU_SIZE
889 qemu-img resize "$QEMU_IMAGE".qcow2 $QEMU_SIZE
884
890
885 echo "$QEMU_IMAGE.qcow2 ($QEMU_SIZE)" ": successfully created"
891 echo "$QEMU_IMAGE.qcow2 ($QEMU_SIZE)" ": successfully created"
886 fi
892 fi
887 fi
893 fi
General Comments 0
Vous devez vous connecter pour laisser un commentaire. Se connecter maintenant