##// END OF EJS Templates
Raspi2-3_GenImage
RSS

Cloner depuis https://github.com/drtyhlpr/rpi23-gen-image.git

Merge pull request #31 from g-vidal/contrib_20-11-19...
Gérard Vidal -
r764:ad54cb0d33c5 Fusion
parent child
Show More
Show file before | Show file after | Hide comments
@@ -1,404 +1,405
1 1 # rpi23-gen-image
2 2 ## Introduction
3 3
4 4 `rpi23-gen-image.sh` is an advanced Debian Linux bootstrapping shell script for generating Debian OS images for Raspberry Pi 2 (RPi2), Raspberry Pi 3 (RPi3) and Raspberry Pi 4 (RPi4) computers. The script at this time supports the bootstrapping of the Debian (armhf) releases `jessie`, `stretch`, `buster` and 'bullseye'. Raspberry Pi 3 images are generated for 32-bit mode only. Raspberry Pi 3 and Raspberry Pi 4 64-bit images can be generated using custom configuration parameters (```templates/rpi3-stretch-arm64-4.11.y```).
5 5
6 6 ## Build dependencies
7 7 The following list of Debian packages must be installed on the build system because they are essentially required for the bootstrapping process. The script will check if all required packages are installed and missing packages will be installed automatically if confirmed by the user.
8 8
9 9 ```debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git bc psmisc dbus sudo```
10 10
11 11 It is recommended to configure the `rpi23-gen-image.sh` script to build and install the latest Raspberry Pi Linux kernel. For the Raspberry 3 this is mandatory. Kernel compilation and linking will be performed on the build system using an ARM (armhf/armel/aarch64) cross-compiler toolchain.
12 12
13 13 The script has been tested using the default `crossbuild-essential-armhf` and `crossbuild-essential-armel` toolchain meta packages on Debian Linux `stretch` build systems. Please check the [Debian CrossToolchains Wiki](https://wiki.debian.org/CrossToolchains) for further information.
14 14
15 15 ## Command-line parameters
16 16 The script accepts certain command-line parameters to enable or disable specific OS features, services and configuration settings. These parameters are passed to the `rpi23-gen-image.sh` script via (simple) shell-variables. Unlike environment shell-variables (simple) shell-variables are defined at the beginning of the command-line call of the `rpi23-gen-image.sh` script.
17 17
18 18 ##### Command-line examples:
19 19 ```shell
20 20 ENABLE_UBOOT=true ./rpi23-gen-image.sh
21 21 ENABLE_CONSOLE=false ENABLE_IPV6=false ./rpi23-gen-image.sh
22 22 ENABLE_WM=xfce4 ENABLE_FBTURBO=true ENABLE_MINBASE=true ./rpi23-gen-image.sh
23 23 ENABLE_HARDNET=true ENABLE_IPTABLES=true /rpi23-gen-image.sh
24 24 APT_SERVER=ftp.de.debian.org APT_PROXY="http://127.0.0.1:3142/" ./rpi23-gen-image.sh
25 25 ENABLE_MINBASE=true ./rpi23-gen-image.sh
26 26 BUILD_KERNEL=true ENABLE_MINBASE=true ENABLE_IPV6=false ./rpi23-gen-image.sh
27 27 BUILD_KERNEL=true KERNELSRC_DIR=/tmp/linux ./rpi23-gen-image.sh
28 28 ENABLE_MINBASE=true ENABLE_REDUCE=true ENABLE_MINGPU=true BUILD_KERNEL=true ./rpi23-gen-image.sh
29 29 ENABLE_CRYPTFS=true CRYPTFS_PASSWORD=changeme EXPANDROOT=false ENABLE_MINBASE=true ENABLE_REDUCE=true ENABLE_MINGPU=true BUILD_KERNEL=true ./rpi23-gen-image.sh
30 30 RELEASE=buster BUILD_KERNEL=true ./rpi23-gen-image.sh
31 31 RPI_MODEL=3 ENABLE_WIRELESS=true ENABLE_MINBASE=true BUILD_KERNEL=true ./rpi23-gen-image.sh
32 32 RELEASE=buster RPI_MODEL=3 ENABLE_WIRELESS=true ENABLE_MINBASE=true BUILD_KERNEL=true ./rpi23-gen-image.sh
33 33 ```
34 34
35 35 ## Configuration template files
36 36 To avoid long lists of command-line parameters and to help to store the favourite parameter configurations the `rpi23-gen-image.sh` script supports so called configuration template files (`CONFIG_TEMPLATE`=template). These are simple text files located in the `./templates` directory that contain the list of configuration parameters that will be used. New configuration template files can be added to the `./templates` directory.
37 37
38 38 ##### Command-line examples:
39 39 ```shell
40 40 CONFIG_TEMPLATE=rpi3stretch ./rpi23-gen-image.sh
41 41 CONFIG_TEMPLATE=rpi2stretch ./rpi23-gen-image.sh
42 42 ```
43 43
44 44 ## Working with the your template:
45 45 * **A Pipe ("|") represents a logical OR**
46 46 * **A valuetype of boolean represents the options true or false**
47 47 * **Values without a default are required if you want do use that feature. It is possible that not every feature has a (working) sanity check.**
48 48 * **If it's not working as expected, search your option in all the files in this repository (With e.g.grep or notepad++).**
49 49 * **Check if your missing a required option while looking at the code**
50 50
51 51 ## Supported parameters and settings
52 52
53 53 #### APT settings:
54 54 |Option|Value|default value|value format|desciption|
55 55 |---|---|---|---|---|
56 56 |APT_SERVER|string|ftp.debian.org|`URL`|Set Debian packages server address. Choose a server from the list of Debian worldwide [mirror sites](https://www.debian.org/mirror/list). Using a nearby server will probably speed-up all required downloads within the bootstrapping process.|
57 57 |APT_PROXY|string||`URL`|Set Proxy server address. Using a local Proxy-Cache like `apt-cacher-ng` will speed-up the bootstrapping process because all required Debian packages will only be downloaded from the Debian mirror site once. If `apt-cacher-ng` is running on default `http://127.0.0.1:3142` it is autodetected and you don't need to set this.|
58 58 |KEEP_APT_PROXY|boolean|false|`true`\|`false`|true=Keep the APT_PROXY settings used in the bootsrapping process in the generated image|
59 59 |APT_INCLUDES|string list||`packageA`,`packageB`,...|A comma-separated list of additional packages to be installed by debootstrap during bootstrapping.|
60 60 |APT_INCLUDES_LATE|string list||`packageA`,`packageB`,...|A comma-separated list of additional packages to be installed by apt after bootstrapping and after APT sources are set up. This is useful for packages with pre-depends, which debootstrap do not handle well.|
61 61 |APT_EXCLUDES|string list||`packageA`,`packageB`,...|A comma-separated list of packages to exclude. Use carefully|
62 62 ---
63 63
64 64 #### General system settings:
65 65 |Option|Value|default value|value format|desciption|
66 66 |---|---|---|---|---|
67 67 |SET_ARCH|integer|32|`32`\|`64`|Set Architecture to default 32bit. If you want to compile 64-bit (RPI3/RPI3+/RPI4) set it to `64`. This option will set every needed cross-compiler or board specific option for a successful build.|
68 68 |RPI_MODEL|string|3P|`0`\|`1`\|`1P`\|`2`\|`3`\|`3P`\|`4`|Set Architecture. This option will set most build options accordingly. Specify the target Raspberry Pi hardware model.|
69 69 |RELEASE|string|buster|`jessie`\|`buster`\|`stretch`<br>\|`bullseye`\|`testing`\|`stable`<br>\|`oldstable`|Set the desired Debian release name. The script at this time supports the bootstrapping of the Debian releases `stretch` and `buster`.|
70 70 |HOSTNAME|string|RPI_MODEL-RELEASE(e.g. RPI3-buster)|`SomeImageName.img`|Set system hostname. It's recommended that the hostname is unique in the corresponding subnet.|
71 71 |DEFLOCAL|string|en_US.UTF-8|`Locale.Charset`|Set default system locale. This setting can also be changed inside the running OS using the `dpkg-reconfigure locales` command. Please note that on using this parameter the script will automatically install the required packages `locales`, `keyboard-configuration` and `console-setup`.|
72 72 |TIMEZONE|string|Europe/Berlin|`Timezone`|Set default system timezone. All available timezones can be found in the `/usr/share/zoneinfo/` directory. This setting can also be changed inside the running OS using the `dpkg-reconfigure tzdata` command.|
73 73 |EXPANDROOT|boolean|true|`true`\|`false`|true=Expand the root partition and filesystem automatically on first boot|
74 74
75 75 ---
76 76
77 77 #### User settings:
78 78 |Option|Value|default value|desciption|
79 79 |---|---|---|---|
80 80 |ENABLE_ROOT|boolean|false|true=root login if ROOT_PASSWORD is set|
81 81 |ROOT_PASSWORD|string|raspberry|Set password for `root` user. It's **STRONGLY** recommended that you choose a custom password.|
82 82 |ENABLE_USER|boolean|true|true=Create non-root user with password `USER_PASSWORD` and username `USER_NAME`|
83 83 |USER_NAME|string|pi|Set username for non-root user, if `ENABLE_USER` is true|
84 84 |USER_PASSWORD|string|raspberry|Set password for non-root user, if `ENABLE_USER` is true. It's **STRONGLY** recommended that you choose a custom password.|
85 85
86 86 ---
87 87
88 88 #### Keyboard settings:
89 89
90 90 These options are used to configure keyboard layout in `/etc/default/keyboard` for console and Xorg. These settings can also be changed inside the running OS using the `dpkg-reconfigure keyboard-configuration` command.
91 91
92 92 |Option|Value|default value|value format|desciption|
93 93 |---|---|---|---|---|
94 94 |XKB_MODEL|string||`pc104`|Set the name of the model of your keyboard type|
95 95 |XKB_LAYOUT|string||`us`|Set the supported keyboard layout(s)|
96 96 |XKB_VARIANT|string||`basic`|Set the supported variant(s) of the keyboard layout(s)|
97 97 |XKB_OPTIONS|string||`grp:alt_shift_toggle`|Set extra xkb configuration options|
98 98
99 99 ---
100 100
101 101 #### Networking settings:
102 102 ethernet setting go to `/etc/systemd/network/eth0.network`.
103 103 wifi settings go to `/etc/systemd/network/wlan0.network`.
104 104
105 105 The default location of network configuration files in the Debian `stretch` release was changed to `/lib/systemd/network`.`
106 106
107 107 |Option|Value|default value|desciption|
108 108 |---|---|---|---|
109 109 |ENABLE_IPV6|boolean|true|true=Enable IPv6 support via systemd-networkd|
110 110 |ENABLE_WIRELESS|boolean|false|true=Download and install the [closed-source firmware binary blob](https://github.com/RPi-Distro/firmware-nonfree/raw/master/brcm) that is required to run the internal wireless interface of the Raspberry Pi model `3`. This parameter is ignored if the specified `RPI_MODEL` is not `0`,`3`,`3P`,`4`|
111 111 |ENABLE_IPTABLES|boolean|false|true=Enable iptables IPv4/IPv6 firewall. Simplified ruleset: Allow all outgoing connections. Block all incoming connections except to OpenSSH service.|
112 112 |ENABLE_HARDNET|boolean|false|true=Enable IPv4/IPv6 network stack hardening settings|
113 113 |ENABLE_IFNAMES|boolean|true|true=creates complex and long interface names like e.g. encx8945924. Enable automatic assignment of predictable, stable network interface names for all NICs|
114 114
115 115 ---
116 116
117 117 #### Networking settings (DHCP):
118 118
119 119
120 120 |Option|Value|default value|desciption|
121 121 |---|---|---|---|
122 122 |ENABLE_ETH_DHCP|boolean|true|Set the system to use DHCP on wired interface. This requires an DHCP server|
123 123 |ENABLE_WIFI_DHCP|boolean|true|Set the system to use DHCP on wifi interface. This requires an DHCP server. Requires ENABLE_WIRELESS|
124 124
125 125 ---
126 126
127 127 #### Networking settings (ethernet static):
128 128 The following static networking parameters are only supported if `ENABLE_ETH_DHCP` was set to `false`.
129 129
130 130 |Option|Value|value format|desciption|
131 131 |---|---|---|---|
132 132 |NET_ETH_ADDRESS|string|`CIDR`|static IPv4 or IPv6 address and its prefix, separated by "/", eg. "192.169.0.3/24"|
133 133 |NET_ETH_GATEWAY|string|`IP`|default gateway|
134 134 |NET_ETH_DNS_1|string|`IP`|first DNS server|
135 135 |NET_ETH_DNS_2|string|`IP`|second DNS server|
136 136 |NET_ETH_DNS_DOMAINS|string|`example.local`|default DNS search domains to use for non fully qualified hostnames|
137 137 |NET_ETH_NTP_1|string|`IP`|first NTP server|
138 138 |NET_ETH_NTP_2|string|`IP`|second NTP server|
139 139
140 140 ---
141 141
142 142 #### Networking settings (WIFI):
143 143
144 144 |Option|Value|value format|desciption|
145 145 |---|---|---|---|
146 146 |NET_WIFI_SSID|string|`yourwifiname`|WIFI SSID|
147 147 |NET_WIFI_PSK|string|`yourwifikeytojoinnetwork`|WPA/WPA2 PSK|
148 148
149 149 ---
150 150
151 151 #### Networking settings (WIFI static):
152 152 The following static networking parameters are only supported if `ENABLE_WIFI_DHCP` was set to `false`.
153 153
154 154 |Option|Value|value format|desciption|
155 155 |---|---|---|---|
156 156 |NET_WIFI_ADDRESS|string|`CIDR`|static IPv4 or IPv6 address and its prefix, separated by "/", eg. "192.169.0.3/24"|
157 157 |NET_WIFI_GATEWAY|string|`IP`|default gateway|
158 158 |NET_WIFI_DNS_1|string|`IP`|first DNS server|
159 159 |NET_WIFI_DNS_2|string|`IP`|second DNS server|
160 160 |NET_WIFI_DNS_DOMAINS|string|`example.local`|default DNS search domains to use for non fully qualified hostnames|
161 161 |NET_WIFI_NTP_1|string|`IP`|first NTP server|
162 162 |NET_WIFI_NTP_2|string|`IP`|second NTP server|
163 163
164 164 ---
165 165
166 166 #### Basic system features:
167 167
168 168 |Option|Value|default value|value format|desciption|
169 169 |---|---|---|---|---|
170 170 |ENABLE_CONSOLE|boolean|false|`true`\|`false`|true=Enable serial console interface.Recommended if no monitor or keyboard is connected to the RPi2/3. In case of problems fe. if the network (auto) configuration failed - the serial console can be used to access the system. On RPI `0` `3` `3P` the CPU speed is locked at lowest speed.|
171 171 |ENABLE_PRINTK|boolean|false|`true`\|`false`|true=Enables printing kernel messages to konsole. printk is `3 4 1 3` as in raspbian|
172 172 |ENABLE_BLUETOOTH|boolean|false|`true`\|`false`|true=Enable onboard Bluetooth interface on the RPi0/3/3P. See: [Configuring the GPIO serial port on Raspbian jessie and stretch](https://spellfoundry.com/2016/05/29/configuring-gpio-serial-port-raspbian-jessie-including-pi-3/)|
173 173 |ENABLE_MINIUART_OVERLAY|boolean|false|`true`\|`false`|true=Enable Bluetooth to use this. Adds overlay to swap UART0 with UART1. Enabling (slower) Bluetooth and full speed serial console. - RPI `0` `3` `3P` have a fast `hardware UART0` (ttyAMA0) and a `mini UART1` (ttyS0)! RPI `1` `1P` `2` only have a `hardware UART0`. `UART0` is considered better, because is faster and more stable than `mini UART1`. By default the Bluetooth modem is mapped to the `hardware UART0` and `mini UART` is used for console. The `mini UART` is a problem for the serial console, because its baudrate depends on the CPU frequency, which is changing on runtime. Resulting in a volatile baudrate and thus in an unusable serial console.|
174 174 |ENABLE_TURBO|boolean|false|`true`\|`false`|true=Enable Turbo mode. This setting locks cpu at the highest frequency. As setting ENABLE_CONSOLE=true locks RPI to lowest CPU speed, this is can be used additionally to lock cpu hat max speed. Need a good power supply and probably cooling for the Raspberry PI|
175 175 |ENABLE_I2C|boolean|true|`true`\|`false`|true=Enable I2C interface on the RPi 0/1/2/3. Please check the [RPi 0/1/2/3 pinout diagrams](https://elinux.org/RPi_Low-level_peripherals) to connect the right GPIO pins|
176 176 |ENABLE_SPI|boolean|true|`true`\|`false`|true=Enable SPI interface on the RPi 0/1/2/3. Please check the [RPi 0/1/2/3 pinout diagrams](https://elinux.org/RPi_Low-level_peripherals) to connect the right GPIO pins|
177 177 |SSH_ENABLE|boolean|true|`true`\|`false`|Install and enable OpenSSH service. The default configuration of the service doesn't allow `root` to login. Please use the user `pi` instead and `su -` or `sudo` to execute commands as root|
178 178 |ENABLE_NONFREE|boolean|false|`true`\|`false`|true=enable non-free\|false=disable non free. Edits /etc/apt/sources.list in your resulting image|
179 179 |ENABLE_RSYSLOG|boolean|false|`true`\|`false`|true=keep rsyslog\|false=remove rsyslog. If rsyslog is removed (false), logs will be available only in journal files)|
180 180 |ENABLE_SOUND|boolean|false|`true`\|`false`|true=Enable sound\|false=Disable sound|
181 181 |ENABLE_HWRANDOM|boolean|true|`true`\|`false`|true=Enable Hardware Random Number Generator(RNG)\|false=Disable Hardware RNG\|Strong random numbers are important for most network-based communications that use encryption. It's recommended to be enabled|
182 182 |ENABLE_MINGPU|boolean|false|`true`\|`false`|true=GPU 16MB RAM\|false=64MB RAM\|Minimize the amount of shared memory reserved for the GPU. It doesn't seem to be possible to fully disable the GPU. Also removes start.elf,fixup.dat,start_x.elf,fixup_x.dat form /boot|
183 183 |ENABLE_XORG|boolean|false|`true`\|`false`|true=Install Xorg X Window System|\false=install no Xorg|
184 184 |ENABLE_WM|string||`blackbox`, `openbox`, `fluxbox`,<br> `jwm`, `dwm`, `xfce4`, `awesome`|Install a user-defined window manager for the X Window System. To make sure all X related package dependencies are getting installed `ENABLE_XORG` will automatically set true if `ENABLE_WM` is used|
185 185 |ENABLE_SYSVINIT|boolean|false|`true`\|`false`|true=Support for halt,init,poweroff,reboot,runlevel,shutdown,init commands\|false=use systemd commands|
186 186 |ENABLE_SPLASH|boolean|true|`true`\|`false`|true=Enable default Raspberry Pi boot up rainbow splash screen|
187 187 |ENABLE_LOGO|boolean|true|`true`\|`false`|true=Enable default Raspberry Pi console logo (image of four raspberries in the top left corner)|
188 188 |ENABLE_SILENT_BOOT|boolean|false|`true`\|`false`|true=Set the verbosity of console messages shown during boot up to a strict minimum|
189 189 |DISABLE_UNDERVOLT_WARNINGS|integer||`1`\|`2`|Unset to keep default behaviour. Setting the parameter to `1` will disable the warning overlay. Setting it to `2` will additionally allow RPi2/3 turbo mode when low-voltage is present|
190 190
191 191 ---
192 192
193 193 #### Advanced system features:
194 194
195 195 |Option|Value|default value|value format|desciption|
196 196 |---|---|---|---|---|
197 197 |ENABLE_DPHYSSWAP|boolean|true|`true`\|`false`|Enable swap. The size of the swapfile is chosen relative to the size of the root partition. It'll use the `dphys-swapfile` package for that|
198 198 |ENABLE_SYSTEMDSWAP|boolean|false|`true`\|`false`|Enables [Systemd-swap service](https://github.com/Nefelim4ag/systemd-swap). Usefull if `KERNEL_ZSWAP` is enabled|
199 199 |ENABLE_QEMU|boolean|false|`true`\|`false`|Generate kernel (`vexpress_defconfig`), file system image (`qcow2`) and DTB files that can be used for QEMU full system emulation (`vexpress-A15`). The output files are stored in the `$(pwd)/images/qemu` directory. You can find more information about running the generated image in the QEMU section of this readme file|
200 200 |QEMU_BINARY|string||`FullPathToQemuBinaryFile`|Sets the QEMU enviornment for the Debian archive. **Set by RPI_MODEL**|
201 201 |ENABLE_KEYGEN|boolean|false|`true`\|`false`|Recover your lost codec license|
202 202 |ENABLE_MINBASE|boolean|false|`true`\|`false`|Use debootstrap script variant `minbase` which only includes essential packages and apt. This will reduce the disk usage by about 65 MB|
203 203 |ENABLE_SPLITFS|boolean|false|`true`\|`false`|Enable having root partition on an USB drive by creating two image files: one for the `/boot/firmware` mount point, and another for `/`|
204 204 |ENABLE_INITRAMFS|boolean|false|`true`\|`false`|Create an initramfs that that will be loaded during the Linux startup process. `ENABLE_INITRAMFS` will automatically get enabled if `ENABLE_CRYPTFS`=true. This parameter will be ignored if `BUILD_KERNEL`=false|
205 205 |ENABLE_DBUS|boolean|true|`true`\|`false`|Install and enable D-Bus message bus. Please note that systemd should work without D-bus but it's recommended to be enabled|
206 206 |ENABLE_USBBOOT|boolean|false|`true`\|`false`|true=prepare image for usbboot. use with `ENABLE_SPLTFS`=true|
207 207 |CHROOT_SCRIPTS|string||`FullPathToScriptFolder`|Full path to a directory with scripts that should be run in the chroot before the image is finally built. Every executable file in this directory is run in lexicographical order|
208 208 |ENABLE_UBOOT|boolean|false|`true`\|`false`|Replace the default RPi 0/1/2/3 second stage bootloader (bootcode.bin) with [U-Boot bootloader](https://git.denx.de/?p=u-boot.git;a=summary). U-Boot can boot images via the network using the BOOTP/TFTP protocol. RPI4 needs tbd|
209 209 |UBOOTSRC_DIR|string||`FullPathToUBootFolder`|Full path to a directory named `u-boot` of [U-Boot bootloader sources](https://git.denx.de/?p=u-boot.git;a=summary) that will be copied, configured, build and installed inside the chroot|
210 210 |ENABLE_FBTURBO|boolean|false|`true`\|`false`|Install and enable the [hardware accelerated Xorg video driver](https://github.com/ssvb/xf86-video-fbturbo) `fbturbo`. Please note that this driver is currently limited to hardware accelerated window moving and scrolling|
211 |ENABLE_GR_ACCEL|boolean|false|`true`\|`false`|Install and enable [one of the 3D graphics accelerators for Raspi4](https://www.raspberrypi.org/documentation/configuration/config-txt/video.md) `vc4-fkms-v3d`. Not compatible with `fbturbo` mutually excluded and installed for Raspberry4 only|
211 212 |FBTURBOSRC_DIR|string||`FullPathToFbTurboFolder`|Full path to a directory named `xf86-video-fbturbo` of [hardware accelerated Xorg video driver sources](https://github.com/ssvb/xf86-video-fbturbo) that will be copied, configured, build and installed inside the chroot|
212 213 |ENABLE_VIDEOCORE|boolean|false|`true`\|`false`|Install and enable the [ARM side libraries for interfacing to Raspberry Pi GPU](https://github.com/raspberrypi/userland) `vcgencmd`. Please note that this driver is currently limited to hardware accelerated window moving and scrolling|
213 214 |VIDEOCORESRC_DIR|string||`FullPathToVideoSrcFolder`|Full path to a directory named `userland` of [ARM side libraries for interfacing to Raspberry Pi GPU](https://github.com/raspberrypi/userland) that will be copied, configured, build and installed inside the chroot|
214 215 |ENABLE_NEXMON|boolean|false|`true`\|`false`|Install and enable the source code for a C-based firmware patching framework for Broadcom/Cypress WiFi chips that enables you to write your own firmware patches, for example, to enable monitor mode with radiotap headers and frame injection](https://github.com/seemoo-lab/nexmon.git)|
215 216 |NEXMONSRC_DIR|string||`FullPathToNexmonFolder`|Full path to a directory named `nexmon` of [Source code for ARM side libraries for interfacing to Raspberry Pi GPU](https://github.com/raspberrypi/userland) that will be copied, configured, build and installed inside the chroot|
216 217
217 218 ---
218 219
219 220 #### SSH settings:
220 221
221 222 |Option|Value|default value|value format|desciption|
222 223 |---|---|---|---|---|
223 224 |SSH_ENABLE_ROOT|boolean|false|`true`\|`false`|Enable password-based root login via SSH. This may be a security risk with the default password set, use only in trusted environments. `ENABLE_ROOT` must be set to `true`|
224 225 |SSH_DISABLE_PASSWORD_AUTH|boolean|false|`true`\|`false`|Disable password-based SSH authentication. Only public key based SSH (v2) authentication will be supported|
225 226 |SSH_LIMIT_USERS|boolean|false|`true`\|`false`|Limit the users that are allowed to login via SSH. Only allow user `USER_NAME`=pi and root if `SSH_ENABLE_ROOT`=true to login. This parameter will be ignored if `dropbear` SSH is used (`REDUCE_SSHD`=true)|
226 227 |SSH_ROOT_PUB_KEY|string||`PathToYourROOT`<br>`RSAPublicKeyFile`|Full path to file. Add SSH (v2) public key(s) from specified file to `authorized_keys` file to enable public key based SSH (v2) authentication of user `root`. The specified file can also contain multiple SSH (v2) public keys. SSH protocol version 1 is not supported. `ENABLE_ROOT` **and** `SSH_ENABLE_ROOT` must be set to `true`|
227 228 |SSH_USER_PUB_KEY|string||`PathToYourUSER`<br>`RSAPublicKeyFile`|Full path to file. Add SSH (v2) public key(s) from specified file to `authorized_keys` file to enable public key based SSH (v2) authentication of user `USER_NAME`=pi. The specified file can also contain multiple SSH (v2) public keys. SSH protocol version 1 is not supported|
228 229
229 230 ---
230 231
231 232 #### Kernel settings:
232 233
233 234 |Option|Value|default value|value format|desciption|
234 235 |---|---|---|---|---|
235 236 |BUILD_KERNEL||true|`true`\|`false`|Build and install the latest RPi 0/1/2/3/4 Linux kernel. The default RPi 0/1/2/3/ kernel configuration is used most of the time. ENABLE_NEXMON - Changes Kernel Source to [https://github.com/Re4son/](Kali Linux Kernel) Precompiled 32bit kernel for RPI0/1/2/3 by [https://github.com/hypriot/](hypriot) Precompiled 64bit kernel for RPI3/4 by [https://github.com/sakaki-/](sakaki)|
236 237 |CROSS_COMPILE|string|||This sets the cross-compile environment for the compiler. Set by RPI_MODEL|
237 238 |KERNEL_ARCH|string|||This sets the kernel architecture for the compiler. Set by RPI_MODEL|
238 239 |KERNEL_IMAGE|string|||Name of the image file in the boot partition. Set by RPI_MODEL|
239 240 |KERNEL_BRANCH|string|||Name of the requested branch from the GIT location for the RPi Kernel. Default is using the current default branch from the GIT site|
240 241 |KERNEL_DEFCONFIG|string|||Sets the default config for kernel compiling. Set by RPI_MODEL|
241 242 |KERNEL_THREADS|integer|1|`1`\|`2`\|`3`\|...|Number of threads to build the kernel. If not set, the script will automatically determine the maximum number of CPU cores to speed up kernel compilation|
242 243 |KERNEL_HEADERS|boolean|true|`true`\|`false`|Install kernel headers with the built kernel|
243 244 |KERNEL_MENUCONFIG|boolean|false|`true`\|`false`|Start `make menuconfig` interactive menu-driven kernel configuration. The script will continue after `make menuconfig` was terminated|
244 245 |KERNEL_OLDDEFCONFIG|boolean|false|`true`\|`false`|Run `make olddefconfig` to automatically set all new kernel configuration options to their recommended default values|
245 246 |KERNEL_CCACHE|boolean|false|`true`\|`false`|Compile the kernel using ccache. This speeds up kernel recompilation by caching previous compilations and detecting when the same compilation is being done again|
246 247 |KERNEL_REMOVESRC|boolean|true|`true`\|`false`|Remove all kernel sources from the generated OS image after it was built and installed|
247 248 |KERNELSRC_DIR|string||`FullPathToKernelSrcDir`|Full path to a directory named `linux` of [RaspberryPi Linux kernel sources](https://github.com/raspberrypi/linux) that will be copied, configured, build and installed inside the chroot|
248 249 |KERNELSRC_CLEAN|boolean|false|`true`\|`false`|Clean the existing kernel sources directory `KERNELSRC_DIR` (using `make mrproper`) after it was copied to the chroot and before the compilation of the kernel has started. This parameter will be ignored if no `KERNELSRC_DIR` was specified or if `KERNELSRC_PREBUILT`=true|
249 250 |KERNELSRC_CONFIG|boolean|true|`true`\|`false`|true=enable custom kernel options. This parameter is automatically set to `true` if no existing kernel sources directory was specified using `KERNELSRC_DIR`. This parameter is ignored if `KERNELSRC_PREBUILT`=true|
250 251 |KERNELSRC_USRCONFIG|string||`FullPathToUserKernel.config`|Copy own config file to kernel `.config`. If `KERNEL_MENUCONFIG`=true then running after copy|
251 252 |KERNELSRC_PREBUILT|boolean|false|`true`\|`false`|With this parameter set to true the script expects the existing kernel sources directory to be already successfully cross-compiled. The parameters `KERNELSRC_CLEAN`, `KERNELSRC_CONFIG`, `KERNELSRC_USRCONFIG` and `KERNEL_MENUCONFIG` are ignored and no kernel compilation tasks are performed|
252 253 |RPI_FIRMWARE_DIR|string||`FullPathToFolder`|Full path to a directory named `firmware`, containing a local copy of the firmware from the [RaspberryPi firmware project](https://github.com/raspberrypi/firmware). Default is to download the latest firmware directly from the project|
253 254 |KERNEL_DEFAULT_GOV|string|ondemand|`performance`\|`powersave`<br>\|`userspace`\|`ondemand`<br>\|`conservative`\|`schedutil`|Set the default cpu governor at kernel compilation|
254 255 |KERNEL_NF|boolean|false|`true`\|`false`|Enable Netfilter modules as kernel modules. You want that for iptables|
255 256 |KERNEL_VIRT|boolean|false|`true`\|`false`|Enable Kernel KVM support (/dev/kvm)|
256 257 |KERNEL_ZSWAP|boolean|false|`true`\|`false`|Enable Kernel Zswap support. Best use on high RAM load and mediocre CPU load usecases|
257 258 |KERNEL_BPF|boolean|true|`true`\|`false`|Allow attaching eBPF programs to a cgroup using the bpf syscall (CONFIG_BPF_SYSCALL CONFIG_CGROUP_BPF) [systemd wants it - File /lib/systemd/system/systemd-journald.server:36 configures an IP firewall (IPAddressDeny=all), but the local system does not support BPF/cgroup based firewalls]|
258 259 |KERNEL_SECURITY|boolean|false|`true`\|`false`|Enables Apparmor, integrity subsystem, auditing|
259 260 |KERNEL_BTRFS|boolean|false|`true`\|`false`|enable btrfs kernel support|
260 261 |KERNEL_POEHAT|boolean|false|`true`\|`false`|enable Enable RPI POE HAT fan kernel support|
261 262 |KERNEL_NSPAWN|boolean|false|`true`\|`false`|Enable per-interface network priority control - for systemd-nspawn|
262 263 |KERNEL_DHKEY|boolean|true|`true`\|`false`|Diffie-Hellman operations on retained keys - required for >keyutils-1.6|
263 264
264 265 ---
265 266
266 267 #### Reduce disk usage:
267 268 The following list of parameters is ignored if `ENABLE_REDUCE`=false.
268 269
269 270 |Option|Value|default value|value format|desciption|
270 271 |---|---|---|---|---|
271 272 |ENABLE_REDUCE|boolean|false|`true`\|`false`|Reduce the disk space usage by deleting packages and files. See `REDUCE_*` parameters for detailed information|
272 273 |REDUCE_APT|boolean|true|`true`\|`false`|Configure APT to use compressed package repository lists and no package caching files|
273 274 |REDUCE_DOC|boolean|false|`true`\|`false`|Remove all doc files (harsh). Configure APT to not include doc files on future `apt-get` package installations|
274 275 |REDUCE_MAN|boolean|false|`true`\|`false`|Remove all man pages and info files (harsh). Configure APT to not include man pages on future `apt-get` package installations|
275 276 |REDUCE_VIM|boolean|false|`true`\|`false`|Replace `vim-tiny` package by `levee` a tiny vim clone|
276 277 |REDUCE_BASH|boolean|false|`true`\|`false`|Remove `bash` package and switch to `dash` shell (experimental)|
277 278 |REDUCE_HWDB|boolean|false|`true`\|`false`|Remove PCI related hwdb files (experimental)|
278 279 |REDUCE_SSHD|boolean|false|`true`\|`false`|Replace `openssh-server` with `dropbear`|
279 280 |REDUCE_LOCALE|boolean|false|`true`\|`false`|Remove all `locale` translation files|
280 281 |REDUCE_KERNEL|boolean|false|`true`\|`false`|Reduce the size of the generated kernel by removing unwanted devices, network and filesystem drivers (experimental)|
281 282 ---
282 283
283 284 #### Encrypted root partition:
284 285 #### On first boot, you will be asked to enter you password several time
285 286 #### See cryptsetup options for a more information about opttion values(https://wiki.archlinux.org/index.php/Dm-crypt/Device_encryption)
286 287
287 288 |Option|Value|default value|value format|desciption|
288 289 |---|---|---|---|---|
289 290 |ENABLE_CRYPTFS|boolean|false|`true`\|`false`|Enable full system encryption with dm-crypt. Setup a fully LUKS encrypted root partition (aes-xts-plain64:sha512) and generate required initramfs. The /boot directory will not be encrypted. This parameter will be ignored if `BUILD_KERNEL`=false. `ENABLE_CRYPTFS` is experimental|
290 291 |CRYPTFS_PASSWORD|string||`YourPasswordToUnlockCrypto`|Set password of the encrypted root partition. This parameter is mandatory if `ENABLE_CRYPTFS`=true|
291 292 |CRYPTFS_MAPPING|string|secure|`YourDevMNapperName`|crypsetup device-mapper name|
292 293 |CRYPTFS_CIPHER|string|aes-xts-plain64|`aes-cbc-essiv:sha256`|cryptsetup cipher `aes-xts*` ciphers are strongly recommended|
293 294 |CRYPTFS_HASH|string|sha256|`sha256`\|`sha512`|cryptsetup hash algorithm|
294 295 |CRYPTFS_XTSKEYSIZE|integer|256|`256`\|`512`||Sets key size in bits. The argument has to be a multiple of 8|
295 296 |CRYPTFS_DROPBEAR|boolean|false|`true`\|`false`|true=Enable Dropbear Initramfs support\|false=disable dropbear|
296 297 |CRYPTFS_DROPBEAR_PUBKEY|string||`PathToYourPublicDropbearKeyFile`|Full path to dropbear Public RSA-OpenSSH Key|
297 298
298 299 ---
299 300
300 301 #### Build settings:
301 302 |Option|Value|default value|value format|desciption|
302 303 |---|---|---|---|---|
303 304 |BASEDIR|string||`FullPathToScriptRootDir`|If unset start from scriptroot or set to Full path to rpi123-gen-image directory|
304 305 |IMAGE_NAME|string||`YourImageName`|if unset creates a name after this template: rpi`RPI_MODEL`-`RELEASE`-`RELEASE_ARCH`|
305 306
306 307 ---
307 308
308 309 ## Understanding the script
309 310 The functions of this script that are required for the different stages of the bootstrapping are split up into single files located inside the `bootstrap.d` directory. During the bootstrapping every script in this directory gets executed in lexicographical order:
310 311
311 312 | Script | Description |
312 313 | --- | --- |
313 314 | `10-bootstrap.sh` | Debootstrap basic system |
314 315 | `11-apt.sh` | Setup APT repositories |
315 316 | `12-locale.sh` | Setup Locales and keyboard settings |
316 317 | `13-kernel.sh` | Build and install RPi 0/1/2/3 Kernel |
317 318 | `14-fstab.sh` | Setup fstab and initramfs |
318 319 | `15-rpi-config.sh` | Setup RPi 0/1/2/3 config and cmdline |
319 320 | `20-networking.sh` | Setup Networking |
320 321 | `21-firewall.sh` | Setup Firewall |
321 322 | `30-security.sh` | Setup Users and Security settings |
322 323 | `31-logging.sh` | Setup Logging |
323 324 | `32-sshd.sh` | Setup SSH and public keys |
324 325 | `41-uboot.sh` | Build and Setup U-Boot |
325 326 | `42-fbturbo.sh` | Build and Setup fbturbo Xorg driver |
326 327 | `43-videocore.sh` | Build and Setup videocore libraries |
327 328 | `50-firstboot.sh` | First boot actions |
328 329 | `99-reduce.sh` | Reduce the disk space usage |
329 330
330 331 All the required configuration files that will be copied to the generated OS image are located inside the `files` directory. It is not recommended to modify these configuration files manually.
331 332
332 333 | Directory | Description |
333 334 | --- | --- |
334 335 | `apt` | APT management configuration files |
335 336 | `boot` | Boot and RPi 0/1/2/3 configuration files |
336 337 | `dpkg` | Package Manager configuration |
337 338 | `etc` | Configuration files and rc scripts |
338 339 | `firstboot` | Scripts that get executed on first boot |
339 340 | `initramfs` | Initramfs scripts |
340 341 | `iptables` | Firewall configuration files |
341 342 | `locales` | Locales configuration |
342 343 | `modules` | Kernel Modules configuration |
343 344 | `mount` | Fstab configuration |
344 345 | `network` | Networking configuration files |
345 346 | `sysctl.d` | Swapping and Network Hardening configuration |
346 347 | `xorg` | fbturbo Xorg driver configuration |
347 348
348 349 ## Custom packages and scripts
349 350 Debian custom packages, i.e. those not in the debian repositories, can be installed by placing them in the `packages` directory. They are installed immediately after packages from the repositories are installed. Any dependencies listed in the custom packages will be downloaded automatically from the repositories. Do not list these custom packages in `APT_INCLUDES`.
350 351
351 352 Scripts in the custom.d directory will be executed after all other installation is complete but before the image is created.
352 353
353 354 ## Logging of the bootstrapping process
354 355 All information related to the bootstrapping process and the commands executed by the `rpi23-gen-image.sh` script can easily be saved into a logfile. The common shell command `script` can be used for this purpose:
355 356
356 357 ```shell
357 358 script -c 'APT_SERVER=ftp.de.debian.org ./rpi23-gen-image.sh' ./build.log
358 359 ```
359 360
360 361 ## Flashing the image file
361 362 After the image file was successfully created by the `rpi23-gen-image.sh` script it can be copied to the microSD card that will be used by the RPi 0/1/2/3 computer. This can be performed by using the tools `bmaptool` or `dd`. Using `bmaptool` will probably speed-up the copy process because `bmaptool` copies more wisely than `dd`.
362 363
363 364 ##### Flashing examples:
364 365 ```shell
365 366 bmaptool copy ./images/buster/2017-01-23-rpi3-buster.img /dev/mmcblk0
366 367 dd bs=4M if=./images/buster/2017-01-23-rpi3-buster.img of=/dev/mmcblk0
367 368 ```
368 369 If you have set `ENABLE_SPLITFS`, copy the `-frmw` image on the microSD card, then the `-root` one on the USB drive:
369 370 ```shell
370 371 bmaptool copy ./images/buster/2017-01-23-rpi3-buster-frmw.img /dev/mmcblk0
371 372 bmaptool copy ./images/buster/2017-01-23-rpi3-buster-root.img /dev/sdc
372 373 ```
373 374
374 375 ## QEMU emulation
375 376 Start QEMU full system emulation:
376 377 ```shell
377 378 qemu-system-arm -m 2048M -M vexpress-a15 -cpu cortex-a15 -kernel kernel7.img -no-reboot -dtb vexpress-v2p-ca15_a7.dtb -sd ${IMAGE_NAME}.qcow2 -append "root=/dev/mmcblk0p2 rw rootfstype=ext4 console=tty1"
378 379 ```
379 380
380 381 Start QEMU full system emulation and output to console:
381 382 ```shell
382 383 qemu-system-arm -m 2048M -M vexpress-a15 -cpu cortex-a15 -kernel kernel7.img -no-reboot -dtb vexpress-v2p-ca15_a7.dtb -sd ${IMAGE_NAME}.qcow2 -append "root=/dev/mmcblk0p2 rw rootfstype=ext4 console=ttyAMA0,115200 init=/bin/systemd" -serial stdio
383 384 ```
384 385
385 386 Start QEMU full system emulation with SMP and output to console:
386 387 ```shell
387 388 qemu-system-arm -m 2048M -M vexpress-a15 -cpu cortex-a15 -smp cpus=2,maxcpus=2 -kernel kernel7.img -no-reboot -dtb vexpress-v2p-ca15_a7.dtb -sd ${IMAGE_NAME}.qcow2 -append "root=/dev/mmcblk0p2 rw rootfstype=ext4 console=ttyAMA0,115200 init=/bin/systemd" -serial stdio
388 389 ```
389 390
390 391 Start QEMU full system emulation with cryptfs, initramfs and output to console:
391 392 ```shell
392 393 qemu-system-arm -m 2048M -M vexpress-a15 -cpu cortex-a15 -kernel kernel7.img -no-reboot -dtb vexpress-v2p-ca15_a7.dtb -sd ${IMAGE_NAME}.qcow2 -initrd "initramfs-${KERNEL_VERSION}" -append "root=/dev/mapper/secure cryptdevice=/dev/mmcblk0p2:secure rw rootfstype=ext4 console=ttyAMA0,115200 init=/bin/systemd" -serial stdio
393 394 ```
394 395
395 396 ## External links and references
396 397 * [Debian worldwide mirror sites](https://www.debian.org/mirror/list)
397 398 * [Debian Raspberry Pi 2 Wiki](https://wiki.debian.org/RaspberryPi2)
398 399 * [Debian CrossToolchains Wiki](https://wiki.debian.org/CrossToolchains)
399 400 * [Official Raspberry Pi Firmware on github](https://github.com/raspberrypi/firmware)
400 401 * [Official Raspberry Pi Kernel on github](https://github.com/raspberrypi/linux)
401 402 * [U-BOOT git repository](https://git.denx.de/?p=u-boot.git;a=summary)
402 403 * [Xorg DDX driver fbturbo](https://github.com/ssvb/xf86-video-fbturbo)
403 404 * [RPi3 Wireless interface firmware](https://github.com/RPi-Distro/firmware-nonfree/tree/master/brcm)
404 405 * [Collabora RPi2 Kernel precompiled](https://repositories.collabora.co.uk/debian/)
Show file before | Show file after | Hide comments
@@ -1,886 +1,886
1 1 #
2 2 # Build and Setup RPi2/3/4 Kernel 4.XX 5.XX
3 3 #
4 4
5 5 # Load utility functions
6 6 . ./functions.sh
7 7
8 8 # Need to use kali kernel src if nexmon is enabled
9 9 if [ "$ENABLE_NEXMON" = true ] ; then
10 10 KERNEL_URL="${KALI_KERNEL_URL}"
11 11 # Clear Branch and KernelSRC_DIR if using nexmon. Everyone will forget to clone kali kernel instead of nomrla kernel
12 12 KERNEL_BRANCH=""
13 13 KERNELSRC_DIR=""
14 14 fi
15 15
16 16 # Fetch and build latest raspberry kernel
17 17 if [ "$BUILD_KERNEL" = true ] ; then
18 18 # Setup source directory
19 19 mkdir -p "${KERNEL_DIR}"
20 20
21 21 # Copy existing kernel sources into chroot directory
22 22 if [ -n "$KERNELSRC_DIR" ] && [ -d "$KERNELSRC_DIR" ] ; then
23 23 # Copy kernel sources and include hidden files
24 24 cp -r "${KERNELSRC_DIR}/". "${KERNEL_DIR}"
25 25
26 26 # Clean the kernel sources
27 27 if [ "$KERNELSRC_CLEAN" = true ] && [ "$KERNELSRC_PREBUILT" = false ] ; then
28 28 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" mrproper
29 29 fi
30 30 else # KERNELSRC_DIR=""
31 31 # Create temporary directory for kernel sources
32 32 temp_dir=$(as_nobody mktemp -d)
33 33
34 # Fetch current RPi2/3 kernel sources
34 # Fetch current RPi2/3/4 kernel sources
35 35 if [ -z "${KERNEL_BRANCH}" ] ; then
36 36 as_nobody -H git -C "${temp_dir}" clone --depth=1 "${KERNEL_URL}" linux
37 37 else
38 38 as_nobody -H git -C "${temp_dir}" clone --depth=1 --branch "${KERNEL_BRANCH}" "${KERNEL_URL}" linux
39 39 fi
40 40
41 41 # Copy downloaded kernel sources
42 42 cp -r "${temp_dir}/linux/"* "${KERNEL_DIR}"
43 43
44 44 # Remove temporary directory for kernel sources
45 45 rm -fr "${temp_dir}"
46 46
47 47 # Set permissions of the kernel sources
48 48 chown -R root:root "${R}/usr/src"
49 49 fi
50 50
51 51 # Calculate optimal number of kernel building threads
52 52 if [ -n "$KERNEL_THREADS" ] && [ -r /proc/cpuinfo ] ; then
53 53 KERNEL_THREADS=$(grep -c processor /proc/cpuinfo)
54 54 fi
55 55
56 56 # TODO: Check if defined Threadcount is higher than actual cores
57 57 # if [ "$KERNEL_THREADS" > grep -c processor /proc/cpuinfo] ; then
58 58 # echo "Defined more Threads than core assigned to this system"
59 59 # exit 1
60 60 # fi
61 61
62 62 #Copy 32bit config to 64bit
63 63 if [ "$ENABLE_QEMU" = true ] && [ "$KERNEL_ARCH" = arm64 ]; then
64 64 cp "${KERNEL_DIR}"/arch/arm/configs/vexpress_defconfig "${KERNEL_DIR}"/arch/arm64/configs/
65 65 fi
66 66
67 67 # Configure and build kernel
68 68 if [ "$KERNELSRC_PREBUILT" = false ] ; then
69 69 # Remove device, network and filesystem drivers from kernel configuration
70 70 if [ "$REDUCE_KERNEL" = true ] ; then
71 71 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" "${KERNEL_DEFCONFIG}"
72 72 sed -i\
73 73 -e "s/\(^CONFIG_SND.*\=\).*/\1n/"\
74 74 -e "s/\(^CONFIG_SOUND.*\=\).*/\1n/"\
75 75 -e "s/\(^CONFIG_AC97.*\=\).*/\1n/"\
76 76 -e "s/\(^CONFIG_VIDEO_.*\=\).*/\1n/"\
77 77 -e "s/\(^CONFIG_MEDIA_TUNER.*\=\).*/\1n/"\
78 78 -e "s/\(^CONFIG_DVB.*\=\)[ym]/\1n/"\
79 79 -e "s/\(^CONFIG_REISERFS.*\=\).*/\1n/"\
80 80 -e "s/\(^CONFIG_JFS.*\=\).*/\1n/"\
81 81 -e "s/\(^CONFIG_XFS.*\=\).*/\1n/"\
82 82 -e "s/\(^CONFIG_GFS2.*\=\).*/\1n/"\
83 83 -e "s/\(^CONFIG_OCFS2.*\=\).*/\1n/"\
84 84 -e "s/\(^CONFIG_BTRFS.*\=\).*/\1n/"\
85 85 -e "s/\(^CONFIG_HFS.*\=\).*/\1n/"\
86 86 -e "s/\(^CONFIG_JFFS2.*\=\)[ym]/\1n/"\
87 87 -e "s/\(^CONFIG_UBIFS.*\=\).*/\1n/"\
88 88 -e "s/\(^CONFIG_SQUASHFS.*\=\)[ym]/\1n/"\
89 89 -e "s/\(^CONFIG_W1.*\=\)[ym]/\1n/"\
90 90 -e "s/\(^CONFIG_HAMRADIO.*\=\).*/\1n/"\
91 91 -e "s/\(^CONFIG_CAN.*\=\).*/\1n/"\
92 92 -e "s/\(^CONFIG_IRDA.*\=\).*/\1n/"\
93 93 -e "s/\(^CONFIG_BT_.*\=\).*/\1n/"\
94 94 -e "s/\(^CONFIG_WIMAX.*\=\)[ym]/\1n/"\
95 95 -e "s/\(^CONFIG_6LOWPAN.*\=\).*/\1n/"\
96 96 -e "s/\(^CONFIG_IEEE802154.*\=\).*/\1n/"\
97 97 -e "s/\(^CONFIG_NFC.*\=\).*/\1n/"\
98 98 -e "s/\(^CONFIG_FB_TFT=.*\=\).*/\1n/"\
99 99 -e "s/\(^CONFIG_TOUCHSCREEN.*\=\).*/\1n/"\
100 100 -e "s/\(^CONFIG_USB_GSPCA_.*\=\).*/\1n/"\
101 101 -e "s/\(^CONFIG_DRM.*\=\).*/\1n/"\
102 102 "${KERNEL_DIR}/.config"
103 103 fi
104 104
105 105 if [ "$KERNELSRC_CONFIG" = true ] ; then
106 106 # Load default raspberry kernel configuration
107 107 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" "${KERNEL_DEFCONFIG}"
108 108
109 109 #Switch to KERNELSRC_DIR so we can use set_kernel_config
110 110 cd "${KERNEL_DIR}" || exit
111 111
112 112 # Enable RPI POE HAT fan
113 113 if [ "$KERNEL_POEHAT" = true ]; then
114 114 set_kernel_config CONFIG_SENSORS_RPI_POE_FAN m
115 115 fi
116 116
117 117 # Enable per-interface network priority control
118 118 # (for systemd-nspawn)
119 119 if [ "$KERNEL_NSPAN" = true ]; then
120 120 set_kernel_config CONFIG_CGROUP_NET_PRIO y
121 121 fi
122 122
123 123 # Compile in BTRFS
124 124 if [ "$KERNEL_BTRFS" = true ]; then
125 125 set_kernel_config CONFIG_BTRFS_FS y
126 126 set_kernel_config CONFIG_BTRFS_FS_POSIX_ACL y
127 127 set_kernel_config CONFIG_BTRFS_FS_REF_VERIFY y
128 128 fi
129 129
130 130 # Diffie-Hellman operations on retained keys
131 131 # (required for >keyutils-1.6)
132 132 if [ "$KERNEL_DHKEY" = true ]; then
133 133 set_kernel_config CONFIG_KEY_DH_OPERATIONS y
134 134 fi
135 135
136 136 if [ "$KERNEL_ARCH" = arm64 ] && [ "$ENABLE_QEMU" = false ]; then
137 137 # Mask this temporarily during switch to rpi-4.19.y
138 138 #Fix SD_DRIVER upstream and downstream mess in 64bit RPIdeb_config
139 139 # use correct driver MMC_BCM2835_MMC instead of MMC_BCM2835_SDHOST - see https://www.raspberrypi.org/forums/viewtopic.php?t=210225
140 140 #set_kernel_config CONFIG_MMC_BCM2835 n
141 141 #set_kernel_config CONFIG_MMC_SDHCI_IPROC n
142 142 #set_kernel_config CONFIG_USB_DWC2 n
143 143 #sed -i "s|depends on MMC_BCM2835_MMC && MMC_BCM2835_DMA|depends on MMC_BCM2835_MMC|" "${KERNEL_DIR}"/drivers/mmc/host/Kconfig
144 144
145 145 #VLAN got disabled without reason in arm64bit
146 146 set_kernel_config CONFIG_IPVLAN m
147 147 fi
148 148
149 149 # enable ZSWAP see https://askubuntu.com/a/472227 or https://wiki.archlinux.org/index.php/zswap
150 150 if [ "$KERNEL_ZSWAP" = true ] ; then
151 151 set_kernel_config CONFIG_ZPOOL y
152 152 set_kernel_config CONFIG_ZSWAP y
153 153 set_kernel_config CONFIG_ZBUD y
154 154 set_kernel_config CONFIG_Z3FOLD y
155 155 set_kernel_config CONFIG_ZSMALLOC y
156 156 set_kernel_config CONFIG_PGTABLE_MAPPING y
157 157 set_kernel_config CONFIG_LZO_COMPRESS y
158 158 fi
159 159
160 160 if [ "$RPI_MODEL" = 4 ] ; then
161 161 # Following are set in current 32-bit LPAE kernel
162 162 set_kernel_config CONFIG_CGROUP_PIDS y
163 163 set_kernel_config CONFIG_NET_IPVTI m
164 164 set_kernel_config CONFIG_NF_TABLES_SET m
165 165 set_kernel_config CONFIG_NF_TABLES_INET y
166 166 set_kernel_config CONFIG_NF_TABLES_NETDEV y
167 167 set_kernel_config CONFIG_NF_FLOW_TABLE m
168 168 set_kernel_config CONFIG_NFT_FLOW_OFFLOAD m
169 169 set_kernel_config CONFIG_NFT_CONNLIMIT m
170 170 set_kernel_config CONFIG_NFT_TUNNEL m
171 171 set_kernel_config CONFIG_NFT_OBJREF m
172 172 set_kernel_config CONFIG_NFT_FIB_IPV4 m
173 173 set_kernel_config CONFIG_NFT_FIB_IPV6 m
174 174 set_kernel_config CONFIG_NFT_FIB_INET m
175 175 set_kernel_config CONFIG_NFT_SOCKET m
176 176 set_kernel_config CONFIG_NFT_OSF m
177 177 set_kernel_config CONFIG_NFT_TPROXY m
178 178 set_kernel_config CONFIG_NF_DUP_NETDEV m
179 179 set_kernel_config CONFIG_NFT_DUP_NETDEV m
180 180 set_kernel_config CONFIG_NFT_FWD_NETDEV m
181 181 set_kernel_config CONFIG_NFT_FIB_NETDEV m
182 182 set_kernel_config CONFIG_NF_FLOW_TABLE_INET m
183 183 set_kernel_config CONFIG_NF_FLOW_TABLE m
184 184 set_kernel_config CONFIG_NETFILTER_XT_MATCH_SOCKET m
185 185 set_kernel_config CONFIG_NFT_CHAIN_ROUTE_IPV6 m
186 186 set_kernel_config CONFIG_NFT_CHAIN_NAT_IPV6 m
187 187 set_kernel_config CONFIG_NFT_MASQ_IPV6 m
188 188 set_kernel_config CONFIG_NFT_REDIR_IPV6 m
189 189 set_kernel_config CONFIG_NFT_REJECT_IPV6 m
190 190 set_kernel_config CONFIG_NFT_DUP_IPV6 m
191 191 set_kernel_config CONFIG_NFT_FIB_IPV6 m
192 192 set_kernel_config CONFIG_NF_FLOW_TABLE_IPV6 m
193 193 set_kernel_config CONFIG_NF_TABLES_BRIDGE m
194 194 set_kernel_config CONFIG_NFT_BRIDGE_REJECT m
195 195 set_kernel_config CONFIG_NF_LOG_BRIDGE m
196 196 set_kernel_config CONFIG_MT76_CORE m
197 197 set_kernel_config CONFIG_MT76_LEDS m
198 198 set_kernel_config CONFIG_MT76_USB m
199 199 set_kernel_config CONFIG_MT76x2_COMMON m
200 200 set_kernel_config CONFIG_MT76x0U m
201 201 set_kernel_config CONFIG_MT76x2U m
202 202 set_kernel_config CONFIG_TOUCHSCREEN_ILI210X m
203 203 set_kernel_config CONFIG_BCM_VC_SM m
204 204 set_kernel_config CONFIG_BCM2835_SMI_DEV m
205 205 set_kernel_config CONFIG_RPIVID_MEM m
206 206 set_kernel_config CONFIG_HW_RANDOM_BCM2835 y
207 207 set_kernel_config CONFIG_TCG_TPM m
208 208 set_kernel_config CONFIG_HW_RANDOM_TPM y
209 209 set_kernel_config CONFIG_TCG_TIS m
210 210 set_kernel_config CONFIG_TCG_TIS_SPI m
211 211 set_kernel_config CONFIG_I2C_MUX m
212 212 set_kernel_config CONFIG_I2C_MUX_GPMUX m
213 213 set_kernel_config CONFIG_I2C_MUX_PCA954x m
214 214 set_kernel_config CONFIG_SPI_GPIO m
215 215 set_kernel_config CONFIG_BATTERY_MAX17040 m
216 216 set_kernel_config CONFIG_SENSORS_GPIO_FAN m
217 217 set_kernel_config CONFIG_SENSORS_RASPBERRYPI_HWMON m
218 218 set_kernel_config CONFIG_BCM2835_THERMAL y
219 219 set_kernel_config CONFIG_RC_CORE y
220 220 set_kernel_config CONFIG_RC_MAP y
221 221 set_kernel_config CONFIG_LIRC y
222 222 set_kernel_config CONFIG_RC_DECODERS y
223 223 set_kernel_config CONFIG_IR_NEC_DECODER m
224 224 set_kernel_config CONFIG_IR_RC5_DECODER m
225 225 set_kernel_config CONFIG_IR_RC6_DECODER m
226 226 set_kernel_config CONFIG_IR_JVC_DECODER m
227 227 set_kernel_config CONFIG_IR_SONY_DECODER m
228 228 set_kernel_config CONFIG_IR_SANYO_DECODER m
229 229 set_kernel_config CONFIG_IR_SHARP_DECODER m
230 230 set_kernel_config CONFIG_IR_MCE_KBD_DECODER m
231 231 set_kernel_config CONFIG_IR_XMP_DECODER m
232 232 set_kernel_config CONFIG_IR_IMON_DECODER m
233 233 set_kernel_config CONFIG_RC_DEVICES y
234 234 set_kernel_config CONFIG_RC_ATI_REMOTE m
235 235 set_kernel_config CONFIG_IR_IMON m
236 236 set_kernel_config CONFIG_IR_MCEUSB m
237 237 set_kernel_config CONFIG_IR_REDRAT3 m
238 238 set_kernel_config CONFIG_IR_STREAMZAP m
239 239 set_kernel_config CONFIG_IR_IGUANA m
240 240 set_kernel_config CONFIG_IR_TTUSBIR m
241 241 set_kernel_config CONFIG_RC_LOOPBACK m
242 242 set_kernel_config CONFIG_IR_GPIO_CIR m
243 243 set_kernel_config CONFIG_IR_GPIO_TX m
244 244 set_kernel_config CONFIG_IR_PWM_TX m
245 245 set_kernel_config CONFIG_VIDEO_V4L2_SUBDEV_API y
246 246 set_kernel_config CONFIG_VIDEO_AU0828_RC y
247 247 set_kernel_config CONFIG_VIDEO_CX231XX m
248 248 set_kernel_config CONFIG_VIDEO_CX231XX_RC y
249 249 set_kernel_config CONFIG_VIDEO_CX231XX_ALSA m
250 250 set_kernel_config CONFIG_VIDEO_CX231XX_DVB m
251 251 set_kernel_config CONFIG_VIDEO_TM6000 m
252 252 set_kernel_config CONFIG_VIDEO_TM6000_ALSA m
253 253 set_kernel_config CONFIG_VIDEO_TM6000_DVB m
254 254 set_kernel_config CONFIG_DVB_USB m
255 255 set_kernel_config CONFIG_DVB_USB_DIB3000MC m
256 256 set_kernel_config CONFIG_DVB_USB_A800 m
257 257 set_kernel_config CONFIG_DVB_USB_DIBUSB_MB m
258 258 set_kernel_config CONFIG_DVB_USB_DIBUSB_MB_FAULTY y
259 259 set_kernel_config CONFIG_DVB_USB_DIBUSB_MC m
260 260 set_kernel_config CONFIG_DVB_USB_DIB0700 m
261 261 set_kernel_config CONFIG_DVB_USB_UMT_010 m
262 262 set_kernel_config CONFIG_DVB_USB_CXUSB m
263 263 set_kernel_config CONFIG_DVB_USB_M920X m
264 264 set_kernel_config CONFIG_DVB_USB_DIGITV m
265 265 set_kernel_config CONFIG_DVB_USB_VP7045 m
266 266 set_kernel_config CONFIG_DVB_USB_VP702X m
267 267 set_kernel_config CONFIG_DVB_USB_GP8PSK m
268 268 set_kernel_config CONFIG_DVB_USB_NOVA_T_USB2 m
269 269 set_kernel_config CONFIG_DVB_USB_TTUSB2 m
270 270 set_kernel_config CONFIG_DVB_USB_DTT200U m
271 271 set_kernel_config CONFIG_DVB_USB_OPERA1 m
272 272 set_kernel_config CONFIG_DVB_USB_AF9005 m
273 273 set_kernel_config CONFIG_DVB_USB_AF9005_REMOTE m
274 274 set_kernel_config CONFIG_DVB_USB_PCTV452E m
275 275 set_kernel_config CONFIG_DVB_USB_DW2102 m
276 276 set_kernel_config CONFIG_DVB_USB_CINERGY_T2 m
277 277 set_kernel_config CONFIG_DVB_USB_DTV5100 m
278 278 set_kernel_config CONFIG_DVB_USB_AZ6027 m
279 279 set_kernel_config CONFIG_DVB_USB_TECHNISAT_USB2 m
280 280 set_kernel_config CONFIG_DVB_USB_AF9015 m
281 281 set_kernel_config CONFIG_DVB_USB_LME2510 m
282 282 set_kernel_config CONFIG_DVB_USB_RTL28XXU m
283 283 set_kernel_config CONFIG_VIDEO_EM28XX_RC m
284 284 set_kernel_config CONFIG_SMS_SIANO_RC m
285 285 set_kernel_config CONFIG_VIDEO_IR_I2C m
286 286 set_kernel_config CONFIG_VIDEO_ADV7180 m
287 287 set_kernel_config CONFIG_VIDEO_TC358743 m
288 288 set_kernel_config CONFIG_VIDEO_OV5647 m
289 289 set_kernel_config CONFIG_DVB_M88DS3103 m
290 290 set_kernel_config CONFIG_DVB_AF9013 m
291 291 set_kernel_config CONFIG_DVB_RTL2830 m
292 292 set_kernel_config CONFIG_DVB_RTL2832 m
293 293 set_kernel_config CONFIG_DVB_SI2168 m
294 294 set_kernel_config CONFIG_DVB_GP8PSK_FE m
295 295 set_kernel_config CONFIG_DVB_USB m
296 296 set_kernel_config CONFIG_DVB_LGDT3306A m
297 297 set_kernel_config CONFIG_FB_SIMPLE y
298 298 set_kernel_config CONFIG_SND_BCM2708_SOC_IQAUDIO_CODEC m
299 299 set_kernel_config CONFIG_SND_BCM2708_SOC_I_SABRE_Q2M m
300 300 set_kernel_config CONFIG_SND_AUDIOSENSE_PI m
301 301 set_kernel_config CONFIG_SND_SOC_AD193X m
302 302 set_kernel_config CONFIG_SND_SOC_AD193X_SPI m
303 303 set_kernel_config CONFIG_SND_SOC_AD193X_I2C m
304 304 set_kernel_config CONFIG_SND_SOC_CS4265 m
305 305 set_kernel_config CONFIG_SND_SOC_DA7213 m
306 306 set_kernel_config CONFIG_SND_SOC_ICS43432 m
307 307 set_kernel_config CONFIG_SND_SOC_TLV320AIC32X4 m
308 308 set_kernel_config CONFIG_SND_SOC_TLV320AIC32X4_I2C m
309 309 set_kernel_config CONFIG_SND_SOC_I_SABRE_CODEC m
310 310 set_kernel_config CONFIG_HID_BIGBEN_FF m
311 311 #set_kernel_config CONFIG_USB_XHCI_PLATFORM y
312 312 set_kernel_config CONFIG_USB_TMC m
313 313 set_kernel_config CONFIG_USB_UAS y
314 314 set_kernel_config CONFIG_USBIP_VUDC m
315 315 set_kernel_config CONFIG_USB_CONFIGFS m
316 316 set_kernel_config CONFIG_USB_CONFIGFS_SERIAL y
317 317 set_kernel_config CONFIG_USB_CONFIGFS_ACM y
318 318 set_kernel_config CONFIG_USB_CONFIGFS_OBEX y
319 319 set_kernel_config CONFIG_USB_CONFIGFS_NCM y
320 320 set_kernel_config CONFIG_USB_CONFIGFS_ECM y
321 321 set_kernel_config CONFIG_USB_CONFIGFS_ECM_SUBSET y
322 322 set_kernel_config CONFIG_USB_CONFIGFS_RNDIS y
323 323 set_kernel_config CONFIG_USB_CONFIGFS_EEM y
324 324 set_kernel_config CONFIG_USB_CONFIGFS_MASS_STORAGE y
325 325 set_kernel_config CONFIG_USB_CONFIGFS_F_LB_SS y
326 326 set_kernel_config CONFIG_USB_CONFIGFS_F_FS y
327 327 set_kernel_config CONFIG_USB_CONFIGFS_F_UAC1 y
328 328 set_kernel_config CONFIG_USB_CONFIGFS_F_UAC2 y
329 329 set_kernel_config CONFIG_USB_CONFIGFS_F_MIDI y
330 330 set_kernel_config CONFIG_USB_CONFIGFS_F_HID y
331 331 set_kernel_config CONFIG_USB_CONFIGFS_F_UVC y
332 332 set_kernel_config CONFIG_USB_CONFIGFS_F_PRINTER y
333 333 set_kernel_config CONFIG_LEDS_PCA963X m
334 334 set_kernel_config CONFIG_LEDS_IS31FL32XX m
335 335 set_kernel_config CONFIG_LEDS_TRIGGER_NETDEV m
336 336 set_kernel_config CONFIG_RTC_DRV_RV3028 m
337 337 set_kernel_config CONFIG_AUXDISPLAY y
338 338 set_kernel_config CONFIG_HD44780 m
339 339 set_kernel_config CONFIG_FB_TFT_SH1106 m
340 340 set_kernel_config CONFIG_VIDEO_CODEC_BCM2835 m
341 341 set_kernel_config CONFIG_BCM2835_POWER y
342 342 set_kernel_config CONFIG_INV_MPU6050_IIO m
343 343 set_kernel_config CONFIG_INV_MPU6050_I2C m
344 344 set_kernel_config CONFIG_SECURITYFS y
345 345
346 346 # Safer to build this in
347 347 set_kernel_config CONFIG_BINFMT_MISC y
348 348
349 349 # pulseaudio wants a buffer of at least this size
350 350 set_kernel_config CONFIG_SND_HDA_PREALLOC_SIZE 2048
351 351
352 352 # PR#3063: enable 3D acceleration with 64-bit kernel on RPi4
353 353 # set the appropriate kernel configs unlocked by this PR
354 354 set_kernel_config CONFIG_ARCH_BCM y
355 355 set_kernel_config CONFIG_ARCH_BCM2835 y
356 356 set_kernel_config CONFIG_DRM_V3D m
357 357 set_kernel_config CONFIG_DRM_VC4 m
358 358 set_kernel_config CONFIG_DRM_VC4_HDMI_CEC y
359 359
360 360 # PR#3144: add arm64 pcie bounce buffers; enables 4GiB on RPi4
361 361 # required by PR#3144; should already be applied, but just to be safe
362 362 set_kernel_config CONFIG_PCIE_BRCMSTB y
363 363 set_kernel_config CONFIG_BCM2835_MMC y
364 364
365 365 # Snap needs squashfs. The ubuntu eoan-preinstalled-server image at
366 366 # http://cdimage.ubuntu.com/ubuntu-server/daily-preinstalled/current/ uses snap
367 367 # during cloud-init setup at first boot. Without this the login accounts are not
368 368 # created and the user can not login.
369 369 set_kernel_config CONFIG_SQUASHFS y
370 370
371 371 # Ceph support for Block Device (RBD) and Filesystem (FS)
372 372 # https://docs.ceph.com/docs/master/
373 373 set_kernel_config CONFIG_CEPH_LIB m
374 374 set_kernel_config CONFIG_CEPH_LIB_USE_DNS_RESOLVER y
375 375 set_kernel_config CONFIG_CEPH_FS m
376 376 set_kernel_config CONFIG_CEPH_FSCACHE y
377 377 set_kernel_config CONFIG_CEPH_FS_POSIX_ACL y
378 378 set_kernel_config CONFIG_BLK_DEV_RBD m
379 379 fi
380 380
381 381 # enable basic KVM support; see https://www.raspberrypi.org/forums/viewtopic.php?f=63&t=210546&start=25#p1300453
382 382 if [ "$KERNEL_VIRT" = true ] && { [ "$RPI_MODEL" = 2 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] || [ "$RPI_MODEL" = 4 ]; } ; then
383 383 set_kernel_config CONFIG_HAVE_KVM y
384 384 set_kernel_config CONFIG_HIGH_RES_TIMERS y
385 385 set_kernel_config CONFIG_HAVE_KVM_IRQCHIP y
386 386 set_kernel_config CONFIG_HAVE_KVM_ARCH_TLB_FLUSH_ALL y
387 387 set_kernel_config CONFIG_HAVE_KVM_CPU_RELAX_INTERCEPT y
388 388 set_kernel_config CONFIG_HAVE_KVM_EVENTFD y
389 389 set_kernel_config CONFIG_HAVE_KVM_IRQFD y
390 390 set_kernel_config CONFIG_HAVE_KVM_IRQ_ROUTING y
391 391 set_kernel_config CONFIG_HAVE_KVM_MSI y
392 392 set_kernel_config CONFIG_KVM y
393 393 set_kernel_config CONFIG_KVM_ARM_HOST y
394 394 set_kernel_config CONFIG_KVM_ARM_PMU y
395 395 set_kernel_config CONFIG_KVM_COMPAT y
396 396 set_kernel_config CONFIG_KVM_GENERIC_DIRTYLOG_READ_PROTECT y
397 397 set_kernel_config CONFIG_KVM_MMIO y
398 398 set_kernel_config CONFIG_KVM_VFIO y
399 399 set_kernel_config CONFIG_KVM_MMU_AUDIT y
400 400 set_kernel_config CONFIG_VHOST m
401 401 set_kernel_config CONFIG_VHOST_CROSS_ENDIAN_LEGACY y
402 402 set_kernel_config CONFIG_VHOST_NET m
403 403 set_kernel_config CONFIG_VIRTUALIZATION y
404 404 set_kernel_config CONFIG_SLAB_FREELIST_RANDOM=y
405 405 set_kernel_config CONFIG_SLAB_FREELIST_HARDENED=y
406 406 set_kernel_config CONFIG_MMU_NOTIFIER y
407 407
408 408 # erratum
409 409 set_kernel_config ARM64_ERRATUM_834220 y
410 410
411 411 # https://sourceforge.net/p/kvm/mailman/message/18440797/
412 412 set_kernel_config CONFIG_PREEMPT_NOTIFIERS y
413 413 fi
414 414
415 415 # enable apparmor,integrity audit,
416 416 if [ "$KERNEL_SECURITY" = true ] ; then
417 417
418 418 # security filesystem, security models and audit
419 419 set_kernel_config CONFIG_SECURITYFS y
420 420 set_kernel_config CONFIG_SECURITY y
421 421 set_kernel_config CONFIG_AUDIT y
422 422
423 423 # harden strcpy and memcpy
424 424 set_kernel_config CONFIG_HARDENED_USERCOPY y
425 425 set_kernel_config CONFIG_HAVE_HARDENED_USERCOPY_ALLOCATOR y
426 426 set_kernel_config CONFIG_FORTIFY_SOURCE y
427 427
428 428 # integrity sub-system
429 429 set_kernel_config CONFIG_INTEGRITY y
430 430 set_kernel_config CONFIG_INTEGRITY_ASYMMETRIC_KEYS y
431 431 set_kernel_config CONFIG_INTEGRITY_AUDIT y
432 432 set_kernel_config CONFIG_INTEGRITY_SIGNATURE y
433 433 set_kernel_config CONFIG_INTEGRITY_TRUSTED_KEYRING y
434 434
435 435 # This option provides support for retaining authentication tokens and access keys in the kernel.
436 436 set_kernel_config CONFIG_KEYS y
437 437 set_kernel_config CONFIG_KEYS_COMPAT y
438 438
439 439 # Apparmor
440 440 set_kernel_config CONFIG_SECURITY_APPARMOR_BOOTPARAM_VALUE 0
441 441 set_kernel_config CONFIG_SECURITY_APPARMOR_HASH_DEFAULT y
442 442 set_kernel_config CONFIG_DEFAULT_SECURITY_APPARMOR y
443 443 set_kernel_config CONFIG_SECURITY_APPARMOR y
444 444 set_kernel_config CONFIG_SECURITY_APPARMOR_HASH y
445 445 set_kernel_config CONFIG_DEFAULT_SECURITY "apparmor"
446 446
447 447 # restrictions on unprivileged users reading the kernel
448 448 set_kernel_config CONFIG_SECURITY_DMESG_RESTRICT y
449 449
450 450 # network security hooks
451 451 set_kernel_config CONFIG_SECURITY_NETWORK y
452 452 set_kernel_config CONFIG_SECURITY_NETWORK_XFRM y
453 453 set_kernel_config CONFIG_SECURITY_PATH y
454 454 set_kernel_config CONFIG_SECURITY_YAMA n
455 455
456 456 set_kernel_config CONFIG_SECURITY_SELINUX n
457 457 set_kernel_config CONFIG_SECURITY_SMACK n
458 458 set_kernel_config CONFIG_SECURITY_TOMOYO n
459 459 set_kernel_config CONFIG_SECURITY_APPARMOR_DEBUG n
460 460 set_kernel_config CONFIG_SECURITY_LOADPIN n
461 461 set_kernel_config CONFIG_HARDENED_USERCOPY_PAGESPAN n
462 462 set_kernel_config CONFIG_IMA n
463 463 set_kernel_config CONFIG_EVM n
464 464 set_kernel_config CONFIG_FANOTIFY_ACCESS_PERMISSIONS y
465 465 set_kernel_config CONFIG_NFSD_V4_SECURITY_LABEL y
466 466 set_kernel_config CONFIG_PKCS7_MESSAGE_PARSER y
467 467 set_kernel_config CONFIG_SYSTEM_TRUSTED_KEYRING y
468 468 set_kernel_config CONFIG_SYSTEM_EXTRA_CERTIFICATE y
469 469 set_kernel_config CONFIG_SECONDARY_TRUSTED_KEYRING y
470 470 set_kernel_config CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY n
471 471 set_kernel_config CONFIG_SYSTEM_TRUSTED_KEYS m
472 472 set_kernel_config CONFIG_SYSTEM_EXTRA_CERTIFICATE_SIZE 4096
473 473 fi
474 474
475 475 if [ "$ENABLE_CRYPTFS" = true ] ; then
476 476 set_kernel_config CONFIG_EMBEDDED y
477 477 set_kernel_config CONFIG_EXPERT y
478 478 set_kernel_config CONFIG_DAX y
479 479 set_kernel_config CONFIG_MD y
480 480 set_kernel_config CONFIG_BLK_DEV_MD y
481 481 set_kernel_config CONFIG_MD_AUTODETECT y
482 482 set_kernel_config CONFIG_BLK_DEV_DM y
483 483 set_kernel_config CONFIG_BLK_DEV_DM_BUILTIN y
484 484 set_kernel_config CONFIG_DM_CRYPT y
485 485 set_kernel_config CONFIG_CRYPTO_BLKCIPHER y
486 486 set_kernel_config CONFIG_CRYPTO_CBC y
487 487 set_kernel_config CONFIG_CRYPTO_XTS y
488 488 set_kernel_config CONFIG_CRYPTO_SHA512 y
489 489 set_kernel_config CONFIG_CRYPTO_MANAGER y
490 490 set_kernel_config CONFIG_ARM64_CRYPTO y
491 491 set_kernel_config CONFIG_CRYPTO_SHA256_ARM64 m
492 492 set_kernel_config CONFIG_CRYPTO_SHA512_ARM64 m
493 493 set_kernel_config CONFIG_CRYPTO_SHA1_ARM64_CE m
494 494 set_kernel_config CRYPTO_GHASH_ARM64_CE m
495 495 set_kernel_config CRYPTO_SHA2_ARM64_CE m
496 496 set_kernel_config CONFIG_CRYPTO_CRCT10DIF_ARM64_CE m
497 497 set_kernel_config CONFIG_CRYPTO_CRC32_ARM64_CE m
498 498 set_kernel_config CONFIG_CRYPTO_AES_ARM64 m
499 499 set_kernel_config CONFIG_CRYPTO_AES_ARM64_CE m
500 500 set_kernel_config CONFIG_CRYPTO_AES_ARM64_CE_CCM y
501 501 set_kernel_config CONFIG_CRYPTO_AES_ARM64_CE_BLK y
502 502 set_kernel_config CONFIG_CRYPTO_AES_ARM64_NEON_BLK m
503 503 set_kernel_config CONFIG_CRYPTO_CHACHA20_NEON m
504 504 set_kernel_config CONFIG_CRYPTO_AES_ARM64_BS m
505 505 fi
506 506
507 507 # Netfilter kernel support See https://github.com/raspberrypi/linux/issues/2177#issuecomment-354647406
508 508 if [ "$KERNEL_NF" = true ] ; then
509 509 set_kernel_config CONFIG_IP_NF_SECURITY m
510 510 set_kernel_config CONFIG_NETLABEL y
511 511 set_kernel_config CONFIG_IP6_NF_SECURITY m
512 512 set_kernel_config CONFIG_IP_NF_TARGET_SYNPROXY m
513 513 set_kernel_config CONFIG_NETFILTER_XT_TARGET_AUDIT m
514 514 set_kernel_config CONFIG_NETFILTER_XT_MATCH_CGROUP m
515 515 set_kernel_config CONFIG_NETFILTER_XT_MATCH_IPCOMP m
516 516 set_kernel_config CONFIG_NETFILTER_XT_MATCH_SOCKET m
517 517 set_kernel_config CONFIG_NFT_FIB_INET m
518 518 set_kernel_config CONFIG_NFT_FIB_IPV4 m
519 519 set_kernel_config CONFIG_NFT_FIB_IPV6 m
520 520 set_kernel_config CONFIG_NFT_FIB_NETDEV m
521 521 set_kernel_config CONFIG_NFT_OBJREF m
522 522 set_kernel_config CONFIG_NFT_RT m
523 523 set_kernel_config CONFIG_NFT_SET_BITMAP m
524 524 set_kernel_config CONFIG_NF_CONNTRACK_TIMEOUT y
525 525 set_kernel_config CONFIG_NF_LOG_ARP m
526 526 set_kernel_config CONFIG_NF_SOCKET_IPV4 m
527 527 set_kernel_config CONFIG_NF_SOCKET_IPV6 m
528 528 set_kernel_config CONFIG_BRIDGE_EBT_BROUTE m
529 529 set_kernel_config CONFIG_BRIDGE_EBT_T_FILTER m
530 530 set_kernel_config CONFIG_BRIDGE_NF_EBTABLES m
531 531 set_kernel_config CONFIG_IP6_NF_IPTABLES m
532 532 set_kernel_config CONFIG_IP6_NF_MATCH_AH m
533 533 set_kernel_config CONFIG_IP6_NF_MATCH_EUI64 m
534 534 set_kernel_config CONFIG_IP6_NF_NAT m
535 535 set_kernel_config CONFIG_IP6_NF_TARGET_MASQUERADE m
536 536 set_kernel_config CONFIG_IP6_NF_TARGET_NPT m
537 537 set_kernel_config CONFIG_IP_SET_BITMAP_IPMAC m
538 538 set_kernel_config CONFIG_IP_SET_BITMAP_PORT m
539 539 set_kernel_config CONFIG_IP_SET_HASH_IP m
540 540 set_kernel_config CONFIG_IP_SET_HASH_IPMARK m
541 541 set_kernel_config CONFIG_IP_SET_HASH_IPPORT m
542 542 set_kernel_config CONFIG_IP_SET_HASH_IPPORTIP m
543 543 set_kernel_config CONFIG_IP_SET_HASH_IPPORTNET m
544 544 set_kernel_config CONFIG_IP_SET_HASH_MAC m
545 545 set_kernel_config CONFIG_IP_SET_HASH_NET m
546 546 set_kernel_config CONFIG_IP_SET_HASH_NETIFACE m
547 547 set_kernel_config CONFIG_IP_SET_HASH_NETNET m
548 548 set_kernel_config CONFIG_IP_SET_HASH_NETPORT m
549 549 set_kernel_config CONFIG_IP_SET_HASH_NETPORTNET m
550 550 set_kernel_config CONFIG_IP_SET_LIST_SET m
551 551 set_kernel_config CONFIG_NETFILTER_XTABLES m
552 552 set_kernel_config CONFIG_NETFILTER_XTABLES m
553 553 set_kernel_config CONFIG_NFT_BRIDGE_META m
554 554 set_kernel_config CONFIG_NFT_BRIDGE_REJECT m
555 555 set_kernel_config CONFIG_NFT_CHAIN_NAT_IPV4 m
556 556 set_kernel_config CONFIG_NFT_CHAIN_NAT_IPV6 m
557 557 set_kernel_config CONFIG_NFT_CHAIN_ROUTE_IPV4 m
558 558 set_kernel_config CONFIG_NFT_CHAIN_ROUTE_IPV6 m
559 559 set_kernel_config CONFIG_NFT_COMPAT m
560 560 set_kernel_config CONFIG_NFT_COUNTER m
561 561 set_kernel_config CONFIG_NFT_CT m
562 562 set_kernel_config CONFIG_NFT_DUP_IPV4 m
563 563 set_kernel_config CONFIG_NFT_DUP_IPV6 m
564 564 set_kernel_config CONFIG_NFT_DUP_NETDEV m
565 565 set_kernel_config CONFIG_NFT_EXTHDR m
566 566 set_kernel_config CONFIG_NFT_FWD_NETDEV m
567 567 set_kernel_config CONFIG_NFT_HASH m
568 568 set_kernel_config CONFIG_NFT_LIMIT m
569 569 set_kernel_config CONFIG_NFT_LOG m
570 570 set_kernel_config CONFIG_NFT_MASQ m
571 571 set_kernel_config CONFIG_NFT_MASQ_IPV4 m
572 572 set_kernel_config CONFIG_NFT_MASQ_IPV6 m
573 573 set_kernel_config CONFIG_NFT_META m
574 574 set_kernel_config CONFIG_NFT_NAT m
575 575 set_kernel_config CONFIG_NFT_NUMGEN m
576 576 set_kernel_config CONFIG_NFT_QUEUE m
577 577 set_kernel_config CONFIG_NFT_QUOTA m
578 578 set_kernel_config CONFIG_NFT_REDIR m
579 579 set_kernel_config CONFIG_NFT_REDIR_IPV4 m
580 580 set_kernel_config CONFIG_NFT_REDIR_IPV6 m
581 581 set_kernel_config CONFIG_NFT_REJECT m
582 582 set_kernel_config CONFIG_NFT_REJECT_INET m
583 583 set_kernel_config CONFIG_NFT_REJECT_IPV4 m
584 584 set_kernel_config CONFIG_NFT_REJECT_IPV6 m
585 585 set_kernel_config CONFIG_NFT_SET_HASH m
586 586 set_kernel_config CONFIG_NFT_SET_RBTREE m
587 587 set_kernel_config CONFIG_NF_CONNTRACK_IPV4 m
588 588 set_kernel_config CONFIG_NF_CONNTRACK_IPV6 m
589 589 set_kernel_config CONFIG_NF_DEFRAG_IPV4 m
590 590 set_kernel_config CONFIG_NF_DEFRAG_IPV6 m
591 591 set_kernel_config CONFIG_NF_DUP_IPV4 m
592 592 set_kernel_config CONFIG_NF_DUP_IPV6 m
593 593 set_kernel_config CONFIG_NF_DUP_NETDEV m
594 594 set_kernel_config CONFIG_NF_LOG_BRIDGE m
595 595 set_kernel_config CONFIG_NF_LOG_IPV4 m
596 596 set_kernel_config CONFIG_NF_LOG_IPV6 m
597 597 set_kernel_config CONFIG_NF_NAT_IPV4 m
598 598 set_kernel_config CONFIG_NF_NAT_IPV6 m
599 599 set_kernel_config CONFIG_NF_NAT_MASQUERADE_IPV4 y
600 600 set_kernel_config CONFIG_NF_NAT_MASQUERADE_IPV6 y
601 601 set_kernel_config CONFIG_NF_NAT_PPTP m
602 602 set_kernel_config CONFIG_NF_NAT_PROTO_GRE m
603 603 set_kernel_config CONFIG_NF_NAT_REDIRECT y
604 604 set_kernel_config CONFIG_NF_NAT_SIP m
605 605 set_kernel_config CONFIG_NF_NAT_SNMP_BASIC m
606 606 set_kernel_config CONFIG_NF_NAT_TFTP m
607 607 set_kernel_config CONFIG_NF_REJECT_IPV4 m
608 608 set_kernel_config CONFIG_NF_REJECT_IPV6 m
609 609 set_kernel_config CONFIG_NF_TABLES m
610 610 set_kernel_config CONFIG_NF_TABLES_IPV4 y
611 611 set_kernel_config CONFIG_NF_TABLES_IPV6 y
612 612 set_kernel_config CONFIG_NF_TABLES_SET m
613 613 set_kernel_config CONFIG_NF_TABLES_INET y
614 614 set_kernel_config CONFIG_NF_TABLES_NETDEV y
615 615 set_kernel_config CONFIG_NFT_CONNLIMIT m
616 616 set_kernel_config CONFIG_NFT_TUNNEL m
617 617 set_kernel_config CONFIG_NFT_SOCKET m
618 618 set_kernel_config CONFIG_NFT_TPROXY m
619 619 set_kernel_config CONFIG_NF_FLOW_TABLE m
620 620 set_kernel_config CONFIG_NFT_FLOW_OFFLOAD m
621 621 set_kernel_config CONFIG_NF_FLOW_TABLE_INET m
622 622 set_kernel_config CONFIG_NF_TABLES_ARP y
623 623 set_kernel_config CONFIG_NF_FLOW_TABLE_IPV4 y
624 624 set_kernel_config CONFIG_NF_FLOW_TABLE_IPV6 y
625 625 set_kernel_config CONFIG_NF_TABLES_BRIDGE y
626 626 set_kernel_config CONFIG_NF_CT_NETLINK_TIMEOUT m
627 627 set_kernel_config CONFIG_NFT_OSF m
628 628
629 629 fi
630 630
631 631 # Enables BPF syscall for systemd-journald see https://github.com/torvalds/linux/blob/master/init/Kconfig#L848 or https://groups.google.com/forum/#!topic/linux.gentoo.user/_2aSc_ztGpA
632 632 if [ "$KERNEL_BPF" = true ] ; then
633 633 set_kernel_config CONFIG_BPF_SYSCALL y
634 634 set_kernel_config CONFIG_BPF_EVENTS y
635 635 set_kernel_config CONFIG_BPF_STREAM_PARSER y
636 636 set_kernel_config CONFIG_CGROUP_BPF y
637 637 set_kernel_config CONFIG_XDP_SOCKETS y
638 638 fi
639 639
640 640 # KERNEL_DEFAULT_GOV was set by user
641 641 if [ "$KERNEL_DEFAULT_GOV" != ondemand ] && [ -n "$KERNEL_DEFAULT_GOV" ] ; then
642 642 case "$KERNEL_DEFAULT_GOV" in
643 643 performance)
644 644 set_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_PERFORMANCE y
645 645 ;;
646 646 userspace)
647 647 set_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_USERSPACE y
648 648 ;;
649 649 ondemand)
650 650 set_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_ONDEMAND y
651 651 ;;
652 652 conservative)
653 653 set_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_CONSERVATIVE y
654 654 ;;
655 655 shedutil)
656 656 set_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_SCHEDUTIL y
657 657 ;;
658 658 *)
659 659 echo "error: unsupported default cpu governor"
660 660 exit 1
661 661 ;;
662 662 esac
663 663 # unset previous default governor
664 664 unset_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_ONDEMAND
665 665 fi
666 666
667 667 #Revert to previous directory
668 668 cd "${WORKDIR}" || exit
669 669
670 670 # Set kernel configuration parameters to enable qemu emulation
671 671 if [ "$ENABLE_QEMU" = true ] ; then
672 672 echo "CONFIG_FHANDLE=y" >> "${KERNEL_DIR}"/.config
673 673 echo "CONFIG_LBDAF=y" >> "${KERNEL_DIR}"/.config
674 674 fi
675 675
676 676 # Copy custom kernel configuration file
677 677 if [ -n "$KERNELSRC_USRCONFIG" ] ; then
678 678 cp "$KERNELSRC_USRCONFIG" "${KERNEL_DIR}"/.config
679 679 fi
680 680
681 681 # Set kernel configuration parameters to their default values
682 682 if [ "$KERNEL_OLDDEFCONFIG" = true ] ; then
683 683 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" olddefconfig
684 684 fi
685 685
686 686 # Start menu-driven kernel configuration (interactive)
687 687 if [ "$KERNEL_MENUCONFIG" = true ] ; then
688 688 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" menuconfig
689 689 fi
690 690 # end if "$KERNELSRC_CONFIG" = true
691 691 fi
692 692
693 693 # Use ccache to cross compile the kernel
694 694 if [ "$KERNEL_CCACHE" = true ] ; then
695 695 cc="ccache ${CROSS_COMPILE}gcc"
696 696 else
697 697 cc="${CROSS_COMPILE}gcc"
698 698 fi
699 699
700 700 # Cross compile kernel and dtbs
701 701 make -C "${KERNEL_DIR}" -j"${KERNEL_THREADS}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" CC="${cc}" "${KERNEL_BIN_IMAGE}" dtbs
702 702
703 703 # Cross compile kernel modules
704 704 if grep -q "CONFIG_MODULES=y" "${KERNEL_DIR}/.config" ; then
705 705 make -C "${KERNEL_DIR}" -j"${KERNEL_THREADS}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" CC="${cc}" modules
706 706 fi
707 707 # end if "$KERNELSRC_PREBUILT" = false
708 708 fi
709 709
710 710 # Check if kernel compilation was successful
711 711 if [ ! -r "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/${KERNEL_BIN_IMAGE}" ] ; then
712 712 echo "error: kernel compilation failed! (kernel image not found)"
713 713 cleanup
714 714 exit 1
715 715 fi
716 716
717 717 # Install kernel modules
718 718 if [ "$ENABLE_REDUCE" = true ] ; then
719 719 if grep -q "CONFIG_MODULES=y" "${KERNEL_DIR}/.config" ; then
720 720 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_MOD_STRIP=1 INSTALL_MOD_PATH=../../.. modules_install
721 721 fi
722 722 else
723 723 if grep -q "CONFIG_MODULES=y" "${KERNEL_DIR}/.config" ; then
724 724 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_MOD_PATH=../../.. modules_install
725 725 fi
726 726
727 727 # Install kernel firmware
728 728 if grep -q "^firmware_install:" "${KERNEL_DIR}/Makefile" ; then
729 729 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_FW_PATH=../../../lib firmware_install
730 730 fi
731 731 fi
732 732
733 733 # Install kernel headers
734 734 if [ "$KERNEL_HEADERS" = true ] && [ "$REDUCE_KERNEL" = false ] ; then
735 735 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_HDR_PATH=../.. headers_install
736 736 fi
737 737
738 738 # Prepare boot (firmware) directory
739 739 mkdir "${BOOT_DIR}"
740 740
741 741 # Get kernel release version
742 742 KERNEL_VERSION=$(cat "${KERNEL_DIR}/include/config/kernel.release")
743 743
744 744 # Copy kernel configuration file to the boot directory
745 745 install_readonly "${KERNEL_DIR}/.config" "${R}/boot/config-${KERNEL_VERSION}"
746 746
747 747 # Prepare device tree directory
748 748 mkdir "${BOOT_DIR}/overlays"
749 749
750 750 # Ensure the proper .dtb is located
751 751 if [ "$KERNEL_ARCH" = "arm" ] ; then
752 752 for dtb in "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/"*.dtb ; do
753 753 if [ -f "${dtb}" ] ; then
754 754 install_readonly "${dtb}" "${BOOT_DIR}/"
755 755 fi
756 756 done
757 757 else
758 758 for dtb in "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/broadcom/"*.dtb ; do
759 759 if [ -f "${dtb}" ] ; then
760 760 install_readonly "${dtb}" "${BOOT_DIR}/"
761 761 fi
762 762 done
763 763 fi
764 764
765 765 # Copy compiled dtb device tree files
766 766 if [ -d "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays" ] ; then
767 767 for dtb in "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays/"*.dtbo ; do
768 768 if [ -f "${dtb}" ] ; then
769 769 install_readonly "${dtb}" "${BOOT_DIR}/overlays/"
770 770 fi
771 771 done
772 772
773 773 if [ -f "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays/README" ] ; then
774 774 install_readonly "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays/README" "${BOOT_DIR}/overlays/README"
775 775 fi
776 776 fi
777 777
778 778 if [ "$ENABLE_UBOOT" = false ] ; then
779 779 # Convert and copy kernel image to the boot directory
780 780 cp "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/${KERNEL_BIN_IMAGE}" "${BOOT_DIR}/${KERNEL_IMAGE}"
781 781 else
782 782 # Copy kernel image to the boot directory
783 783 install_readonly "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/${KERNEL_BIN_IMAGE}" "${BOOT_DIR}/${KERNEL_IMAGE}"
784 784 fi
785 785
786 786 # Remove kernel sources
787 787 if [ "$KERNEL_REMOVESRC" = true ] ; then
788 788 rm -fr "${KERNEL_DIR}"
789 789 else
790 790 # Prepare compiled kernel modules
791 791 if grep -q "CONFIG_MODULES=y" "${KERNEL_DIR}/.config" ; then
792 792 if grep -q "^modules_prepare:" "${KERNEL_DIR}/Makefile" ; then
793 793 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" modules_prepare
794 794 fi
795 795
796 796 # Create symlinks for kernel modules
797 797 chroot_exec ln -sf /usr/src/linux "/lib/modules/${KERNEL_VERSION}/build"
798 798 chroot_exec ln -sf /usr/src/linux "/lib/modules/${KERNEL_VERSION}/source"
799 799 fi
800 800 fi
801 801
802 802 else # BUILD_KERNEL=false
803 803 if [ "$SET_ARCH" = 64 ] ; then
804 804 if [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then
805 805 # Use Sakakis modified kernel if ZSWAP is active
806 806 if [ "$KERNEL_ZSWAP" = true ] || [ "$KERNEL_VIRT" = true ] || [ "$KERNEL_NF" = true ] || [ "$KERNEL_BPF" = true ] ; then
807 807 RPI3_64_KERNEL_URL="${RPI3_64_BIS_KERNEL_URL}"
808 808 fi
809 809
810 810 # Create temporary directory for dl
811 811 temp_dir=$(as_nobody mktemp -d)
812 812
813 813 # Fetch kernel dl
814 814 as_nobody wget -O "${temp_dir}"/kernel.tar.xz -c "$RPI3_64_KERNEL_URL"
815 815 fi
816 816 if [ "$SET_ARCH" = 64 ] && [ "$RPI_MODEL" = 4 ] ; then
817 817 # Create temporary directory for dl
818 818 temp_dir=$(as_nobody mktemp -d)
819 819
820 820 # Fetch kernel dl
821 821 as_nobody wget -O "${temp_dir}"/kernel.tar.xz -c "$RPI4_64_KERNEL_URL"
822 822 fi
823 823
824 824 #extract download
825 825 tar -xJf "${temp_dir}"/kernel.tar.xz -C "${temp_dir}"
826 826
827 827 #move extracted kernel to /boot/firmware
828 828 mkdir "${R}/boot/firmware"
829 829 cp "${temp_dir}"/boot/* "${R}"/boot/firmware/
830 830 cp -r "${temp_dir}"/lib/* "${R}"/lib/
831 831
832 832 # Remove temporary directory for kernel sources
833 833 rm -fr "${temp_dir}"
834 834
835 835 # Set permissions of the kernel sources
836 836 chown -R root:root "${R}/boot/firmware"
837 837 chown -R root:root "${R}/lib/modules"
838 838 fi
839 839
840 840 # Install Kernel from hypriot comptabile with all Raspberry PI (dunno if its compatible with RPI4 - better compile your own kernel)
841 841 if [ "$SET_ARCH" = 32 ] && [ "$RPI_MODEL" != 4 ] ; then
842 842 # Create temporary directory for dl
843 843 temp_dir=$(as_nobody mktemp -d)
844 844
845 845 # Fetch kernel
846 846 as_nobody wget -O "${temp_dir}"/kernel.deb -c "$RPI_32_KERNEL_URL"
847 847
848 848 # Copy downloaded kernel package
849 849 mv "${temp_dir}"/kernel.deb "${R}"/tmp/kernel.deb
850 850
851 851 # Set permissions
852 852 chown -R root:root "${R}"/tmp/kernel.deb
853 853
854 854 # Install kernel
855 855 chroot_exec dpkg -i /tmp/kernel.deb
856 856
857 857 # move /boot to /boot/firmware to fit script env.
858 858 #mkdir "${BOOT_DIR}"
859 859 mkdir "${temp_dir}"/firmware
860 860 mv "${R}"/boot/* "${temp_dir}"/firmware/
861 861 mv "${temp_dir}"/firmware "${R}"/boot/
862 862
863 863 #same for kernel headers
864 864 if [ "$KERNEL_HEADERS" = true ] ; then
865 865 # Fetch kernel header
866 866 as_nobody wget -O "${temp_dir}"/kernel-header.deb -c "$RPI_32_KERNELHEADER_URL"
867 867 mv "${temp_dir}"/kernel-header.deb "${R}"/tmp/kernel-header.deb
868 868 chown -R root:root "${R}"/tmp/kernel-header.deb
869 869 # Install kernel header
870 870 chroot_exec dpkg -i /tmp/kernel-header.deb
871 871 rm -f "${R}"/tmp/kernel-header.deb
872 872 fi
873 873
874 874 # Remove temporary directory and files
875 875 rm -fr "${temp_dir}"
876 876 rm -f "${R}"/tmp/kernel.deb
877 877 fi
878 878
879 879 # Check if kernel installation was successful
880 880 KERNEL="$(ls -1 "${R}"/boot/firmware/kernel* | sort | tail -n 1)"
881 881 if [ -z "$KERNEL" ] ; then
882 882 echo "error: kernel installation failed! (/boot/kernel* not found)"
883 883 cleanup
884 884 exit 1
885 885 fi
886 fi No newline at end of file
886 fi
Show file before | Show file after | Hide comments
@@ -1,323 +1,341
1 1 #
2 2 # Setup RPi2/3/4 config and cmdline
3 3 #
4 4
5 5 # Load utility functions
6 6 . ./functions.sh
7 7
8 8 if [ -n "$RPI_FIRMWARE_DIR" ] && [ -d "$RPI_FIRMWARE_DIR" ] ; then
9 9 # Install boot binaries from local directory
10 10 cp "${RPI_FIRMWARE_DIR}"/boot/bootcode.bin "${BOOT_DIR}"/bootcode.bin
11 11 cp "${RPI_FIRMWARE_DIR}"/boot/fixup.dat "${BOOT_DIR}"/fixup.dat
12 12 cp "${RPI_FIRMWARE_DIR}"/boot/fixup_cd.dat "${BOOT_DIR}"/fixup_cd.dat
13 13 cp "${RPI_FIRMWARE_DIR}"/boot/fixup_x.dat "${BOOT_DIR}"/fixup_x.dat
14 14 cp "${RPI_FIRMWARE_DIR}"/boot/start.elf "${BOOT_DIR}"/start.elf
15 15 cp "${RPI_FIRMWARE_DIR}"/boot/start_cd.elf "${BOOT_DIR}"/start_cd.elf
16 16 cp "${RPI_FIRMWARE_DIR}"/boot/start_x.elf "${BOOT_DIR}"/start_x.elf
17 17 cp "${RPI_FIRMWARE_DIR}"/boot/fixup4cd.dat "${BOOT_DIR}"/fixup4cd.dat
18 18 cp "${RPI_FIRMWARE_DIR}"/boot/fixup4.dat "${BOOT_DIR}"/fixup4.dat
19 19 cp "${RPI_FIRMWARE_DIR}"/boot/fixup4db.dat "${BOOT_DIR}"/fixup4db.dat
20 20 cp "${RPI_FIRMWARE_DIR}"/boot/fixup4x.dat "${BOOT_DIR}"/fixup4x.dat
21 21 cp "${RPI_FIRMWARE_DIR}"/boot/start4cd.elf "${BOOT_DIR}"/start4cd.elf
22 22 cp "${RPI_FIRMWARE_DIR}"/boot/start4db.elf "${BOOT_DIR}"/start4db.elf
23 cp "${RPI_FIRMWARE_DIR}"/boot/start4.elf "${BOOT_DIR}"/start4x.elf
23 cp "${RPI_FIRMWARE_DIR}"/boot/start4.elf "${BOOT_DIR}"/start4.elf
24 24 cp "${RPI_FIRMWARE_DIR}"/boot/start4x.elf "${BOOT_DIR}"/start4x.elf
25 25 else
26 26 # Create temporary directory for boot binaries
27 27 temp_dir=$(as_nobody mktemp -d)
28 28
29 29 # Install latest boot binaries from raspberry/firmware github
30 30 as_nobody wget -q -O "${temp_dir}/bootcode.bin" "${FIRMWARE_URL}/bootcode.bin"
31 31 as_nobody wget -q -O "${temp_dir}/fixup.dat" "${FIRMWARE_URL}/fixup.dat"
32 32 as_nobody wget -q -O "${temp_dir}/fixup_cd.dat" "${FIRMWARE_URL}/fixup_cd.dat"
33 33 as_nobody wget -q -O "${temp_dir}/fixup_x.dat" "${FIRMWARE_URL}/fixup_x.dat"
34 34 as_nobody wget -q -O "${temp_dir}/start.elf" "${FIRMWARE_URL}/start.elf"
35 35 as_nobody wget -q -O "${temp_dir}/start_cd.elf" "${FIRMWARE_URL}/start_cd.elf"
36 36 as_nobody wget -q -O "${temp_dir}/start_x.elf" "${FIRMWARE_URL}/start_x.elf"
37 37 as_nobody wget -q -O "${temp_dir}/fixup4cd.dat" "${FIRMWARE_URL}/fixup4cd.dat"
38 38 as_nobody wget -q -O "${temp_dir}/fixup4.dat" "${FIRMWARE_URL}/fixup4.dat"
39 39 as_nobody wget -q -O "${temp_dir}/fixup4db.dat" "${FIRMWARE_URL}/fixup4db.dat"
40 40 as_nobody wget -q -O "${temp_dir}/fixup4x.dat" "${FIRMWARE_URL}/fixup4x.dat"
41 41 as_nobody wget -q -O "${temp_dir}/start4cd.elf" "${FIRMWARE_URL}/start4cd.elf"
42 42 as_nobody wget -q -O "${temp_dir}/start4db.elf" "${FIRMWARE_URL}/start4db.elf"
43 as_nobody wget -q -O "${temp_dir}/start4x.elf" "${FIRMWARE_URL}/start4x.elf"
43 as_nobody wget -q -O "${temp_dir}/start4.elf" "${FIRMWARE_URL}/start4.elf"
44 44 as_nobody wget -q -O "${temp_dir}/start4x.elf" "${FIRMWARE_URL}/start4x.elf"
45 45
46 46 # Move downloaded boot binaries
47 47 mv "${temp_dir}/"* "${BOOT_DIR}/"
48 48
49 49 # Remove temporary directory for boot binaries
50 50 rm -fr "${temp_dir}"
51 51
52 52 # Set permissions of the boot binaries
53 53 chown -R root:root "${BOOT_DIR}"
54 54 chmod -R 600 "${BOOT_DIR}"
55 55 fi
56 56
57 57 # Setup firmware boot cmdline
58 58 if [ "$ENABLE_USBBOOT" = true ] ; then
59 59 CMDLINE="dwc_otg.lpm_enable=0 root=/dev/sda2 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline console=tty1 rootwait init=/bin/systemd"
60 60 else
61 61 if [ "$ENABLE_SPLITFS" = true ] ; then
62 62 CMDLINE="dwc_otg.lpm_enable=0 root=/dev/sda1 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline console=tty1 rootwait init=/bin/systemd"
63 63 else
64 64 CMDLINE="dwc_otg.lpm_enable=0 root=/dev/mmcblk0p2 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline console=tty1 rootwait init=/bin/systemd"
65 65 fi
66 66 fi
67 67
68 68 # Add encrypted root partition to cmdline.txt
69 69 if [ "$ENABLE_CRYPTFS" = true ] ; then
70 70 if [ "$ENABLE_SPLITFS" = true ] ; then
71 71 CMDLINE=$(echo "${CMDLINE}" | sed "s/sda1/mapper\/${CRYPTFS_MAPPING} cryptdevice=\/dev\/sda1:${CRYPTFS_MAPPING}/")
72 72 else
73 73 if [ "$ENABLE_USBBOOT" = true ] ; then
74 74 CMDLINE=$(echo "${CMDLINE}" | sed "s/sda2/mapper\/${CRYPTFS_MAPPING} cryptdevice=\/dev\/sda2:${CRYPTFS_MAPPING}/")
75 75 else
76 76 CMDLINE=$(echo "${CMDLINE}" | sed "s/mmcblk0p2/mapper\/${CRYPTFS_MAPPING} cryptdevice=\/dev\/mmcblk0p2:${CRYPTFS_MAPPING}/")
77 77 fi
78 78 fi
79 79 fi
80 80
81 81 # Enable Kernel messages on standard output
82 82 if [ "$ENABLE_PRINTK" = true ] ; then
83 83 install_readonly files/sysctl.d/83-rpi-printk.conf "${ETC_DIR}/sysctl.d/83-rpi-printk.conf"
84 84 fi
85 85
86 86 # Enable Kernel messages on standard output
87 87 if [ "$KERNEL_SECURITY" = true ] ; then
88 88 install_readonly files/sysctl.d/84-rpi-ASLR.conf "${ETC_DIR}/sysctl.d/84-rpi-ASLR.conf"
89 89 fi
90 90
91 91 # Install udev rule for serial alias - serial0 = console serial1=bluetooth
92 92 install_readonly files/etc/99-com.rules "${LIB_DIR}/udev/rules.d/99-com.rules"
93 93
94 94 # Remove IPv6 networking support
95 95 if [ "$ENABLE_IPV6" = false ] ; then
96 96 CMDLINE="${CMDLINE} ipv6.disable=1"
97 97 fi
98 98
99 99 # Automatically assign predictable network interface names
100 100 if [ "$ENABLE_IFNAMES" = false ] ; then
101 101 CMDLINE="${CMDLINE} net.ifnames=0"
102 102 else
103 103 CMDLINE="${CMDLINE} net.ifnames=1"
104 104 fi
105 105
106 106 # Disable Raspberry Pi console logo
107 107 if [ "$ENABLE_LOGO" = false ] ; then
108 108 CMDLINE="${CMDLINE} logo.nologo"
109 109 fi
110 110
111 111 # Strictly limit verbosity of boot up console messages
112 112 if [ "$ENABLE_SILENT_BOOT" = true ] ; then
113 113 CMDLINE="${CMDLINE} quiet loglevel=0 rd.systemd.show_status=auto rd.udev.log_priority=0"
114 114 fi
115 115
116 116 # Install firmware config
117 117 install_readonly files/boot/config.txt "${BOOT_DIR}/config.txt"
118 118
119 119 # Disable Raspberry Pi console logo
120 120 if [ "$ENABLE_SPLASH" = false ] ; then
121 121 echo "disable_splash=1" >> "${BOOT_DIR}/config.txt"
122 122 fi
123 123
124 124 # Locks CPU frequency at maximum
125 125 if [ "$ENABLE_TURBO" = true ] ; then
126 126 echo "force_turbo=1" >> "${BOOT_DIR}/config.txt"
127 127 # helps to avoid sdcard corruption when force_turbo is enabled.
128 128 echo "boot_delay=1" >> "${BOOT_DIR}/config.txt"
129 129 fi
130 130
131 131 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] || [ "$RPI_MODEL" = 4 ]; then
132 132
133 133 # Bluetooth enabled
134 134 if [ "$ENABLE_BLUETOOTH" = true ] ; then
135 135 # Create temporary directory for Bluetooth sources
136 136 temp_dir=$(as_nobody mktemp -d)
137 137
138 138 # Fetch Bluetooth sources
139 139 as_nobody git -C "${temp_dir}" clone "${BLUETOOTH_URL}"
140 140
141 141 # Copy downloaded sources
142 142 mv "${temp_dir}/pi-bluetooth" "${R}/tmp/"
143 143
144 144 # Set permissions
145 145 chown -R root:root "${R}/tmp/pi-bluetooth"
146 146
147 147 # Bluetooth firmware from arch aur https://aur.archlinux.org/packages/pi-bluetooth/
148 148 wget -q -O "${R}/tmp/pi-bluetooth/LICENCE.broadcom_bcm43xx" https://aur.archlinux.org/cgit/aur.git/plain/LICENCE.broadcom_bcm43xx?h=pi-bluetooth
149 149 wget -q -O "${R}/tmp/pi-bluetooth/BCM43430A1.hcd" https://raw.githubusercontent.com/RPi-Distro/bluez-firmware/master/broadcom/BCM43430A1.hcd
150 150
151 151 # Install tools
152 152 install_readonly "${R}/tmp/pi-bluetooth/usr/bin/btuart" "${R}/usr/bin/btuart"
153 153 install_readonly "${R}/tmp/pi-bluetooth/usr/bin/bthelper" "${R}/usr/bin/bthelper"
154 154
155 155 # make scripts executable
156 156 chmod +x "${R}/usr/bin/bthelper"
157 157 chmod +x "${R}/usr/bin/btuart"
158 158
159 159 # Install bluetooth udev rule
160 160 install_readonly "${R}/tmp/pi-bluetooth/lib/udev/rules.d/90-pi-bluetooth.rules" "${LIB_DIR}/udev/rules.d/90-pi-bluetooth.rules"
161 161
162 162 # Install Firmware Flash file and apropiate licence
163 163 mkdir -p "$BLUETOOTH_FIRMWARE_DIR"
164 164 install_readonly "${R}/tmp/pi-bluetooth/LICENCE.broadcom_bcm43xx" "${BLUETOOTH_FIRMWARE_DIR}/LICENCE.broadcom_bcm43xx"
165 165 install_readonly "${R}/tmp/pi-bluetooth/BCM43430A1.hcd" "${BLUETOOTH_FIRMWARE_DIR}/BCM43430A1.hcd"
166 166 install_readonly "${R}/tmp/pi-bluetooth/debian/pi-bluetooth.bthelper@.service" "${ETC_DIR}/systemd/system/pi-bluetooth.bthelper@.service"
167 167 install_readonly "${R}/tmp/pi-bluetooth/debian/pi-bluetooth.hciuart.service" "${ETC_DIR}/systemd/system/pi-bluetooth.hciuart.service"
168 168
169 169 # Remove temporary directories
170 170 rm -fr "${temp_dir}"
171 171 rm -fr "${R}"/tmp/pi-bluetooth
172 172
173 173 # Switch Pi3 Bluetooth function to use the mini-UART (ttyS0) and restore UART0/ttyAMA0 over GPIOs 14 & 15. Slow Bluetooth and slow cpu. Use /dev/ttyS0 instead of /dev/ttyAMA0
174 174 if [ "$ENABLE_MINIUART_OVERLAY" = true ] ; then
175 175 # set overlay to swap ttyAMA0 and ttyS0
176 176 echo "dtoverlay=pi3-miniuart-bt" >> "${BOOT_DIR}/config.txt"
177 177
178 178 if [ "$ENABLE_TURBO" = false ] ; then
179 179 echo "core_freq=250" >> "${BOOT_DIR}/config.txt"
180 180 fi
181 181
182 182 fi
183 183
184 184 # Activate services
185 185 chroot_exec systemctl enable pi-bluetooth.hciuart.service
186 186
187 187 else # if ENABLE_BLUETOOTH = false
188 188 # set overlay to disable bluetooth
189 189 echo "dtoverlay=pi3-disable-bt" >> "${BOOT_DIR}/config.txt"
190 190 fi # ENABLE_BLUETOOTH end
191 191 fi
192 192
193 193 # may need sudo systemctl disable hciuart
194 194 if [ "$ENABLE_CONSOLE" = true ] ; then
195 195 echo "enable_uart=1" >> "${BOOT_DIR}/config.txt"
196 196 #More debug output on early but with serial console
197 197 echo "uart_2ndstage=1" >> "${BOOT_DIR}/config.txt"
198 198
199 199 # add string to cmdline
200 200 CMDLINE="${CMDLINE} console=serial0,115200"
201 201
202 202 if [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ]|| [ "$RPI_MODEL" = 0 ]; then
203 203 # if force_turbo didn't lock cpu at high speed, lock it at low speed (XOR logic) or miniuart will be broken
204 204 if [ "$ENABLE_TURBO" = false ] ; then
205 205 echo "core_freq=250" >> "${BOOT_DIR}/config.txt"
206 206 fi
207 207 fi
208 208
209 209 # Enable serial console systemd style
210 210 chroot_exec systemctl enable serial-getty@serial0.service
211 211 else
212 212 echo "enable_uart=0" >> "${BOOT_DIR}/config.txt"
213 213 fi
214 214
215 215 # Disable dphys-swapfile service. Will get enabled on first boot
216 216 if [ "$ENABLE_DPHYSSWAP" = true ] ; then
217 217 chroot_exec systemctl disable dphys-swapfile
218 218 fi
219 219
220 220 if [ "$ENABLE_SYSTEMDSWAP" = true ] ; then
221 221 # Create temporary directory for systemd-swap sources
222 222 temp_dir=$(as_nobody mktemp -d)
223 223
224 224 # Fetch systemd-swap sources
225 225 as_nobody git -C "${temp_dir}" clone "${SYSTEMDSWAP_URL}"
226 226
227 227 # Copy downloaded systemd-swap sources
228 228 mv "${temp_dir}/systemd-swap" "${R}/tmp/"
229 229
230 230 # Change into downloaded src dir
231 231 cd "${R}/tmp/systemd-swap" || exit
232 232
233 233 # Get Verion
234 234 VERSION=$(git tag | tail -n 1)
235 235 #sed -i "s/DEB_NAME=.*/DEB_NAME=systemd-swap_all/g" "${R}/tmp/systemd-swap/package.sh"
236 236
237 237 # Build package
238 238 bash ./package.sh debian
239 239
240 240 # Change back into script root dir
241 241 cd "${WORKDIR}" || exit
242 242
243 243 # Set permissions of the systemd-swap sources
244 244 chown -R root:root "${R}/tmp/systemd-swap"
245 245
246 246 # Install package - IMPROVE AND MAKE IT POSSIBLE WITHOUT VERSION NR.
247 247 chroot_exec dpkg -i /tmp/systemd-swap/systemd-swap_"$VERSION"_all.deb
248 248
249 249 # Enable service
250 250 chroot_exec systemctl enable systemd-swap
251 251
252 252 # Remove temporary directory for systemd-swap sources
253 253 rm -fr "${temp_dir}"
254 254 else
255 255 # Enable ZSWAP in cmdline if systemd-swap is not used
256 256 if [ "$KERNEL_ZSWAP" = true ] ; then
257 257 CMDLINE="${CMDLINE} zswap.enabled=1 zswap.max_pool_percent=25 zswap.compressor=lz4"
258 258 fi
259 259 fi
260 260 if [ "$KERNEL_SECURITY" = true ] ; then
261 261 CMDLINE="${CMDLINE} apparmor=1 security=apparmor"
262 262 fi
263 263
264 264 # Install firmware boot cmdline
265 265 echo "${CMDLINE}" > "${BOOT_DIR}/cmdline.txt"
266 266
267 267 # Setup minimal GPU memory allocation size: 16MB (no X)
268 268 if [ "$ENABLE_MINGPU" = true ] ; then
269 echo "gpu_mem=16" >> "${BOOT_DIR}/config.txt"
269 if [ "$ENABLE_GR_ACCEL" = false ] ; then
270 echo "gpu_mem=16" >> "${BOOT_DIR}/config.txt"
271 else
272 ### Cannot reduce memory if graphics acceleration is requested
273 echo "gpu_mem=128" >> "${BOOT_DIR}/config.txt"
274 fi
270 275 fi
271 276
272 277 # Setup boot with initramfs
273 278 if [ "$ENABLE_INITRAMFS" = true ] ; then
274 279 echo "initramfs initramfs-${KERNEL_VERSION} followkernel" >> "${BOOT_DIR}/config.txt"
275 280 fi
276 281
277 282 # Create firmware configuration and cmdline symlinks
278 283 ln -sf firmware/config.txt "${R}/boot/config.txt"
279 284 ln -sf firmware/cmdline.txt "${R}/boot/cmdline.txt"
280 285
281 286 # Install and setup kernel modules to load at boot
282 287 mkdir -p "${LIB_DIR}/modules-load.d/"
283 288 install_readonly files/modules/rpi2.conf "${LIB_DIR}/modules-load.d/rpi2.conf"
284 289
285 290 # Load hardware random module at boot
286 291 if [ "$ENABLE_HWRANDOM" = true ] && [ "$BUILD_KERNEL" = false ] ; then
287 292 sed -i "s/^# bcm2708_rng/bcm2708_rng/" "${LIB_DIR}/modules-load.d/rpi2.conf"
288 293 fi
289 294
290 295 # Load sound module at boot
291 296 if [ "$ENABLE_SOUND" = true ] ; then
292 297 sed -i "s/^# snd_bcm2835/snd_bcm2835/" "${LIB_DIR}/modules-load.d/rpi2.conf"
293 298 else
294 299 echo "dtparam=audio=off" >> "${BOOT_DIR}/config.txt"
295 300 fi
296 301
297 302 # Enable I2C interface
298 303 if [ "$ENABLE_I2C" = true ] ; then
299 304 echo "dtparam=i2c_arm=on" >> "${BOOT_DIR}/config.txt"
300 305 sed -i "s/^# i2c-bcm2708/i2c-bcm2708/" "${LIB_DIR}/modules-load.d/rpi2.conf"
301 306 sed -i "s/^# i2c-dev/i2c-dev/" "${LIB_DIR}/modules-load.d/rpi2.conf"
302 307 fi
303 308
304 309 # Enable SPI interface
305 310 if [ "$ENABLE_SPI" = true ] ; then
306 311 echo "dtparam=spi=on" >> "${BOOT_DIR}/config.txt"
307 312 echo "spi-bcm2708" >> "${LIB_DIR}/modules-load.d/rpi2.conf"
308 313 if [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ]; then
309 314 sed -i "s/spi-bcm2708/spi-bcm2835/" "${LIB_DIR}/modules-load.d/rpi2.conf"
310 315 fi
311 316 fi
312 317
313 318 # Disable RPi2/3 under-voltage warnings
314 319 if [ -n "$DISABLE_UNDERVOLT_WARNINGS" ] ; then
315 320 echo "avoid_warnings=${DISABLE_UNDERVOLT_WARNINGS}" >> "${BOOT_DIR}/config.txt"
316 321 fi
317 322
323 #Enable graphics acceleration for Model 4
324 if [ "$RPI_MODEL" = 4 ] && [ "$ENABLE_GR_ACCEL" = true ] ; then
325 echo "max_framebuffers=2" >> "${BOOT_DIR}/config.txt"
326 echo "arm_64bit=1" >> "${BOOT_DIR}/config.txt"
327 echo "cmdline=cmdline.txt" >> "${BOOT_DIR}/config.txt"
328 echo "dtparam=audio=on" >> "${BOOT_DIR}/config.txt"
329 if [ "$ENABLE_MINGPU" = false ] ; then
330 echo "gpu_mem=128" >> "${BOOT_DIR}/config.txt"
331 fi
332 echo "dtoverlay=vc4-fkms-v3d, cma-128" >> "${BOOT_DIR}/config.txt"
333 fi
334
335
318 336 # Install kernel modules blacklist
319 337 mkdir -p "${ETC_DIR}/modprobe.d/"
320 338 install_readonly files/modules/raspi-blacklist.conf "${ETC_DIR}/modprobe.d/raspi-blacklist.conf"
321 339
322 340 # Install sysctl.d configuration files
323 341 install_readonly files/sysctl.d/81-rpi-vm.conf "${ETC_DIR}/sysctl.d/81-rpi-vm.conf"
Show file before | Show file after | Hide comments
@@ -1,47 +1,47
1 1 #
2 2 # Build and Setup fbturbo Xorg driver
3 3 #
4 4
5 5 # Load utility functions
6 6 . ./functions.sh
7 7
8 if [ "$ENABLE_FBTURBO" = true ] ; then
8 if [ "$ENABLE_FBTURBO" = true ] && [ "$ENABLE_GR_ACCEL" = false ] ; then
9 9 # Install c/c++ build environment inside the chroot
10 10 chroot_install_cc
11 11
12 12 # Copy existing fbturbo sources into chroot directory
13 13 if [ -n "$FBTURBOSRC_DIR" ] && [ -d "$FBTURBOSRC_DIR" ] ; then
14 14 # Copy local fbturbo sources
15 15 cp -r "${FBTURBOSRC_DIR}" "${R}/tmp"
16 16 else
17 17 # Create temporary directory for fbturbo sources
18 18 temp_dir=$(as_nobody mktemp -d)
19 19
20 20 # Fetch fbturbo sources
21 21 as_nobody git -C "${temp_dir}" clone "${FBTURBO_URL}"
22 22
23 23 # Move downloaded fbturbo sources
24 24 mv "${temp_dir}/xf86-video-fbturbo" "${R}/tmp/"
25 25
26 26 # Remove temporary directory for fbturbo sources
27 27 rm -fr "${temp_dir}"
28 28 fi
29 29
30 30 # Install Xorg build dependencies
31 31 chroot_exec apt-get -q -y --no-install-recommends --allow-unauthenticated install xorg-dev xutils-dev x11proto-dri2-dev libltdl-dev libtool automake libdrm-dev
32 32
33 33 # Build and install fbturbo driver inside chroot
34 34 chroot_exec /bin/bash -x <<'EOF'
35 35 cd /tmp/xf86-video-fbturbo
36 36 autoreconf -vi
37 37 ./configure --prefix=/usr
38 38 make
39 39 make install
40 40 EOF
41 41
42 42 # Install fbturbo driver Xorg configuration
43 43 install_readonly files/xorg/99-fbturbo.conf "${R}/usr/share/X11/xorg.conf.d/99-fbturbo.conf"
44 44
45 45 # Remove Xorg build dependencies
46 46 chroot_exec apt-get -qq -y --auto-remove purge xorg-dev xutils-dev x11proto-dri2-dev libltdl-dev libtool automake libdrm-dev
47 47 fi
Show file before | Show file after | Hide comments
@@ -1,920 +1,924
1 1 #!/bin/sh
2 2 ########################################################################
3 3 # rpi23-gen-image.sh 2015-2017
4 4 #
5 5 # Advanced Debian "buster" and "bullseye" bootstrap script for Raspberry Pi
6 6 #
7 7 # This program is free software; you can redistribute it and/or
8 8 # modify it under the terms of the GNU General Public License
9 9 # as published by the Free Software Foundation; either version 2
10 10 # of the License, or (at your option) any later version.
11 11 #
12 12 # Copyright (C) 2015 Jan Wagner <mail@jwagner.eu>
13 13 #
14 14 # Big thanks for patches and enhancements by 20+ github contributors!
15 15 ########################################################################
16 16
17 17 # Are we running as root?
18 18 if [ "$(id -u)" -ne "0" ] ; then
19 19 echo "error: this script must be executed with root privileges!"
20 20 exit 1
21 21 fi
22 22
23 23 # Check if ./functions.sh script exists
24 24 if [ ! -r "./functions.sh" ] ; then
25 25 echo "error: './functions.sh' required script not found!"
26 26 exit 1
27 27 fi
28 28
29 29 # Load utility functions
30 30 . ./functions.sh
31 31
32 32 # Load parameters from configuration template file
33 33 if [ -n "$CONFIG_TEMPLATE" ] ; then
34 34 use_template
35 35 fi
36 36
37 37 # Introduce settings
38 38 set -e
39 39 echo -n -e "\n#\n# RPi 0/1/2/3/4 Bootstrap Settings\n#\n"
40 40 set -x
41 41
42 42 # Raspberry Pi model configuration
43 43 RPI_MODEL=${RPI_MODEL:=3P}
44 44
45 45 # Debian release
46 46 RELEASE=${RELEASE:=buster}
47 47 if [ $RELEASE = "bullseye" ] ; then
48 RELEASE=testing
48 RELEASE=testing
49 49 fi
50 50
51 51 # Kernel Branch
52 52 KERNEL_BRANCH=${KERNEL_BRANCH:=""}
53 53
54 54 # URLs
55 55 KERNEL_URL=${KERNEL_URL:=https://github.com/raspberrypi/linux}
56 56 FIRMWARE_URL=${FIRMWARE_URL:=https://github.com/raspberrypi/firmware/raw/master/boot}
57 57 WLAN_FIRMWARE_URL=${WLAN_FIRMWARE_URL:=https://github.com/RPi-Distro/firmware-nonfree/raw/master/brcm}
58 58 FBTURBO_URL=${FBTURBO_URL:=https://github.com/ssvb/xf86-video-fbturbo.git}
59 59 UBOOT_URL=${UBOOT_URL:=https://git.denx.de/u-boot.git}
60 60 VIDEOCORE_URL=${VIDEOCORE_URL:=https://github.com/raspberrypi/userland}
61 61 BLUETOOTH_URL=${BLUETOOTH_URL:=https://github.com/RPi-Distro/pi-bluetooth.git}
62 62 NEXMON_URL=${NEXMON_URL:=https://github.com/seemoo-lab/nexmon.git}
63 63 SYSTEMDSWAP_URL=${SYSTEMDSWAP_URL:=https://github.com/Nefelim4ag/systemd-swap.git}
64 64
65 65 # Kernel deb packages for 32bit kernel
66 66 RPI_32_KERNEL_URL=${RPI_32_KERNEL_URL:=https://github.com/hypriot/rpi-kernel/releases/download/v4.14.34/raspberrypi-kernel_20180422-141901_armhf.deb}
67 67 RPI_32_KERNELHEADER_URL=${RPI_32_KERNELHEADER_URL:=https://github.com/hypriot/rpi-kernel/releases/download/v4.14.34/raspberrypi-kernel-headers_20180422-141901_armhf.deb}
68 68 # Kernel has KVM and zswap enabled - use if KERNEL_* parameters and precompiled kernel are used
69 69 RPI3_64_BIS_KERNEL_URL=${RPI3_64_BIS_KERNEL_URL:=https://github.com/sakaki-/bcmrpi3-kernel-bis/releases/download/4.19.102.20200211/bcmrpi3-kernel-bis-4.19.102.20200211.tar.xz}
70 70 # Default precompiled 64bit kernel
71 71 RPI3_64_DEF_KERNEL_URL=${RPI3_64_DEF_KERNEL_URL:=https://github.com/sakaki-/bcmrpi3-kernel/releases/download/4.19.102.20200211/bcmrpi3-kernel-4.19.102.20200211.tar.xz}
72 72 # Sakaki BIS Kernel RPI4 - https://github.com/sakaki-/bcm2711-kernel-bis
73 73 RPI4_64_BIS_KERNEL_URL=${RPI4_64_BIS_KERNEL_URL:=https://github.com/sakaki-/bcm2711-kernel-bis/releases/download/4.19.102.20200211/bcm2711-kernel-bis-4.19.102.20200211.tar.xz}
74 74 # Default precompiled 64bit kernel - https://github.com/sakaki-/bcm2711-kernel
75 75 RPI4_64_DEF_KERNEL_URL=${RPI4_64_DEF_KERNEL_URL:=https://github.com/sakaki-/bcm2711-kernel-bis/releases/download/4.19.102.20200211/bcm2711-kernel-bis-4.19.102.20200211.tar.xz}
76 76 # Generic
77 77 RPI3_64_KERNEL_URL=${RPI3_64_KERNEL_URL:=$RPI3_64_DEF_KERNEL_URL}
78 78 RPI4_64_KERNEL_URL=${RPI4_64_KERNEL_URL:=$RPI4_64_DEF_KERNEL_URL}
79 79 # Kali kernel src - used if ENABLE_NEXMON=true (they patch the wlan kernel modul)
80 80 KALI_KERNEL_URL=${KALI_KERNEL_URL:=https://github.com/Re4son/re4son-raspberrypi-linux.git}
81 81
82 82 # Build directories
83 83 WORKDIR=$(pwd)
84 84 BASEDIR=${BASEDIR:=${WORKDIR}/images/${RELEASE}}
85 85 BUILDDIR="${BASEDIR}/build"
86 86
87 87 # Chroot directories
88 88 R="${BUILDDIR}/chroot"
89 89 ETC_DIR="${R}/etc"
90 90 LIB_DIR="${R}/lib"
91 91 BOOT_DIR="${R}/boot/firmware"
92 92 KERNEL_DIR="${R}/usr/src/linux"
93 93 WLAN_FIRMWARE_DIR="${LIB_DIR}/firmware/brcm"
94 94 BLUETOOTH_FIRMWARE_DIR="${ETC_DIR}/firmware/bt"
95 95
96 96 # APT settings
97 97 APT_SERVER=${APT_SERVER:="ftp.debian.org"}
98 98 APT_PROXY=${APT_PROXY:=""}
99 99 KEEP_APT_PROXY=${KEEP_APT_PROXY:=false}
100 100 # Packages required in the chroot build environment
101 101 APT_INCLUDES=${APT_INCLUDES:=""}
102 102 APT_INCLUDES="${APT_INCLUDES},apt-transport-https,apt-utils,ca-certificates,debian-archive-keyring,dialog,sudo,systemd,sysvinit-utils,locales,keyboard-configuration,console-setup,libnss-systemd"
103 103 # Packages to exclude from chroot build environment
104 104 APT_EXCLUDES=${APT_EXCLUDES:=""}
105 105
106 106 # General settings
107 107 SET_ARCH=${SET_ARCH:=32}
108 108 HOSTNAME=${HOSTNAME:=rpi${RPI_MODEL}-${RELEASE}}
109 109 DEFLOCAL=${DEFLOCAL:="en_US.UTF-8"}
110 110 TIMEZONE=${TIMEZONE:="Europe/Berlin"}
111 111 EXPANDROOT=${EXPANDROOT:=true}
112 112
113 113 ENABLE_ROOT=${ENABLE_ROOT:=false}
114 114 ROOT_PASSWORD=${ROOT_PASSWORD:=raspberry}
115 115 ENABLE_USER=${ENABLE_USER:=true}
116 116 USER_NAME=${USER_NAME:="pi"}
117 117 USER_PASSWORD=${USER_PASSWORD:=raspberry}
118 118
119 119 # Keyboard settings
120 120 XKB_MODEL=${XKB_MODEL:=""}
121 121 XKB_LAYOUT=${XKB_LAYOUT:=""}
122 122 XKB_VARIANT=${XKB_VARIANT:=""}
123 123 XKB_OPTIONS=${XKB_OPTIONS:=""}
124 124
125 125 # Networking settings:
126 126 ENABLE_IPV6=${ENABLE_IPV6:=true}
127 127 ENABLE_WIRELESS=${ENABLE_WIRELESS:=false}
128 128 ENABLE_IPTABLES=${ENABLE_IPTABLES:=false}
129 129 ENABLE_HARDNET=${ENABLE_HARDNET:=false}
130 130 ENABLE_IFNAMES=${ENABLE_IFNAMES:=true}
131 131
132 132 # Network settings (DHCP)
133 133 ENABLE_ETH_DHCP=${ENABLE_ETH_DHCP:=true}
134 134 ENABLE_WIFI_DHCP=${ENABLE_ETH_DHCP:=true}
135 135
136 136 # Network settings (static)
137 137 NET_ETH_ADDRESS=${NET_ETH_ADDRESS:=""}
138 138 NET_ETH_GATEWAY=${NET_ETH_GATEWAY:=""}
139 139 NET_ETH_DNS_1=${NET_ETH_DNS_1:=""}
140 140 NET_ETH_DNS_2=${NET_ETH_DNS_2:=""}
141 141 NET_ETH_DNS_DOMAINS=${NET_ETH_DNS_DOMAINS:=""}
142 142 NET_ETH_NTP_1=${NET_ETH_NTP_1:=""}
143 143 NET_ETH_NTP_2=${NET_ETH_NTP_2:=""}
144 144
145 145 # Networking settings (WIFI):
146 146 NET_WIFI_SSID=${NET_WIFI_SSID:=""}
147 147 NET_WIFI_PSK=${NET_WIFI_PSK:=""}
148 148
149 149 # Network settings (static)
150 150 NET_WIFI_ADDRESS=${NET_WIFI_ADDRESS:=""}
151 151 NET_WIFI_GATEWAY=${NET_WIFI_GATEWAY:=""}
152 152 NET_WIFI_DNS_1=${NET_WIFI_DNS_1:=""}
153 153 NET_WIFI_DNS_2=${NET_WIFI_DNS_2:=""}
154 154 NET_WIFI_DNS_DOMAINS=${NET_WIFI_DNS_DOMAINS:=""}
155 155 NET_WIFI_NTP_1=${NET_WIFI_NTP_1:=""}
156 156 NET_WIFI_NTP_2=${NET_WIFI_NTP_2:=""}
157 157
158 158 # Feature settings
159 159 ENABLE_CONSOLE=${ENABLE_CONSOLE:=false}
160 160 ENABLE_PRINTK=${ENABLE_PRINTK:=false}
161 161 ENABLE_BLUETOOTH=${ENABLE_BLUETOOTH:=false}
162 162 ENABLE_MINIUART_OVERLAY=${ENABLE_MINIUART_OVERLAY:=false}
163 163 ENABLE_TURBO=${ENABLE_TURBO:=false}
164 164 ENABLE_I2C=${ENABLE_I2C:=false}
165 165 ENABLE_SPI=${ENABLE_SPI:=false}
166 166
167 167 ENABLE_NONFREE=${ENABLE_NONFREE:=false}
168 168 ENABLE_RSYSLOG=${ENABLE_RSYSLOG:=true}
169 169 ENABLE_SOUND=${ENABLE_SOUND:=false}
170 170 ENABLE_HWRANDOM=${ENABLE_HWRANDOM:=true}
171 171 ENABLE_MINGPU=${ENABLE_MINGPU:=false}
172 172 ENABLE_XORG=${ENABLE_XORG:=false}
173 173 ENABLE_WM=${ENABLE_WM:=""}
174 174 ENABLE_SYSVINIT=${ENABLE_SYSVINIT:=false}
175 175 ENABLE_SPLASH=${ENABLE_SPLASH:=true}
176 176 ENABLE_LOGO=${ENABLE_LOGO:=true}
177 177 ENABLE_SILENT_BOOT=${ENABLE_SILENT_BOOT=false}
178 178 DISABLE_UNDERVOLT_WARNINGS=${DISABLE_UNDERVOLT_WARNINGS:=}
179 179
180 180 # Advanced settings
181 181 ENABLE_DPHYSSWAP=${ENABLE_DPHYSSWAP:=true}
182 182 ENABLE_SYSTEMDSWAP=${ENABLE_SYSTEMDSWAP:=false}
183 183 ENABLE_QEMU=${ENABLE_QEMU:=false}
184 184 ENABLE_KEYGEN=${ENABLE_KEYGEN:=false}
185 185 ENABLE_MINBASE=${ENABLE_MINBASE:=false}
186 186 ENABLE_SPLITFS=${ENABLE_SPLITFS:=false}
187 187 ENABLE_INITRAMFS=${ENABLE_INITRAMFS:=false}
188 188 ENABLE_DBUS=${ENABLE_DBUS:=true}
189 189 ENABLE_USBBOOT=${ENABLE_USBBOOT=false}
190 190 CHROOT_SCRIPTS=${CHROOT_SCRIPTS:=""}
191 191 ENABLE_UBOOT=${ENABLE_UBOOT:=false}
192 192 UBOOTSRC_DIR=${UBOOTSRC_DIR:=""}
193 193 ENABLE_FBTURBO=${ENABLE_FBTURBO:=false}
194 ENABLE_GR_ACCEL=${ENABLE_GR_ACCEL:=true}
194 195 FBTURBOSRC_DIR=${FBTURBOSRC_DIR:=""}
195 196 ENABLE_VIDEOCORE=${ENABLE_VIDEOCORE:=false}
196 197 VIDEOCORESRC_DIR=${VIDEOCORESRC_DIR:=""}
197 198 ENABLE_NEXMON=${ENABLE_NEXMON:=false}
198 199 NEXMONSRC_DIR=${NEXMONSRC_DIR:=""}
199 200
200 201 # SSH settings
201 202 SSH_ENABLE=${SSH_ENABLE:=true}
202 203 SSH_ENABLE_ROOT=${SSH_ENABLE_ROOT:=false}
203 204 SSH_DISABLE_PASSWORD_AUTH=${SSH_DISABLE_PASSWORD_AUTH:=false}
204 205 SSH_LIMIT_USERS=${SSH_LIMIT_USERS:=false}
205 206 SSH_ROOT_PUB_KEY=${SSH_ROOT_PUB_KEY:=""}
206 207 SSH_USER_PUB_KEY=${SSH_USER_PUB_KEY:=""}
207 208
208 209 # Kernel compilation settings
209 210 BUILD_KERNEL=${BUILD_KERNEL:=true}
210 211 KERNEL_THREADS=${KERNEL_THREADS:=1}
211 212 KERNEL_HEADERS=${KERNEL_HEADERS:=true}
212 213 KERNEL_MENUCONFIG=${KERNEL_MENUCONFIG:=false}
213 214 KERNEL_OLDDEFCONFIG=${KERNEL_OLDDEFCONFIG:=false}
214 215 KERNEL_CCACHE=${KERNEL_CCACHE:=false}
215 216 KERNEL_REMOVESRC=${KERNEL_REMOVESRC:=true}
216 217 KERNELSRC_DIR=${KERNELSRC_DIR:=""}
217 218 KERNELSRC_CLEAN=${KERNELSRC_CLEAN:=false}
218 219 KERNELSRC_CONFIG=${KERNELSRC_CONFIG:=true}
219 220 KERNELSRC_USRCONFIG=${KERNELSRC_USRCONFIG:=""}
220 221 KERNELSRC_PREBUILT=${KERNELSRC_PREBUILT:=false}
221 222 # Firmware directory: Blank if download from github
222 223 RPI_FIRMWARE_DIR=${RPI_FIRMWARE_DIR:=""}
223 224 KERNEL_DEFAULT_GOV=${KERNEL_DEFAULT_GOV:=ondemand}
224 225 KERNEL_NF=${KERNEL_NF:=false}
225 226 KERNEL_VIRT=${KERNEL_VIRT:=false}
226 227 KERNEL_ZSWAP=${KERNEL_ZSWAP:=false}
227 228 KERNEL_BPF=${KERNEL_BPF:=false}
228 229 KERNEL_SECURITY=${KERNEL_SECURITY:=false}
229 230 KERNEL_BTRFS=${KERNEL_BTRFS:=false}
230 231 KERNEL_POEHAT=${KERNEL_POEHAT:=false}
231 232 KERNEL_NSPAN=${KERNEL_NSPAN:=false}
232 233 KERNEL_DHKEY=${KERNEL_DHKEY:=true}
233 234
234 235 # Reduce disk usage settings
235 236 ENABLE_REDUCE=${ENABLE_REDUCE:=false}
236 237 REDUCE_APT=${REDUCE_APT:=true}
237 238 REDUCE_DOC=${REDUCE_DOC:=false}
238 239 REDUCE_MAN=${REDUCE_MAN:=false}
239 240 REDUCE_VIM=${REDUCE_VIM:=false}
240 241 REDUCE_BASH=${REDUCE_BASH:=false}
241 242 REDUCE_HWDB=${REDUCE_HWDB:=false}
242 243 REDUCE_SSHD=${REDUCE_SSHD:=false}
243 244 REDUCE_LOCALE=${REDUCE_LOCALE:=false}
244 245 REDUCE_KERNEL=${REDUCE_KERNEL:=false}
245 246
246 247 # Encrypted filesystem settings
247 248 ENABLE_CRYPTFS=${ENABLE_CRYPTFS:=false}
248 249 CRYPTFS_PASSWORD=${CRYPTFS_PASSWORD:=""}
249 250 CRYPTFS_MAPPING=${CRYPTFS_MAPPING:="secure"}
250 251 CRYPTFS_CIPHER=${CRYPTFS_CIPHER:="aes-xts-plain64"}
251 252 CRYPTFS_HASH=${CRYPTFS_HASH:="sha256"}
252 253 CRYPTFS_XTSKEYSIZE=${CRYPTFS_XTSKEYSIZE:=256}
253 254 #Dropbear-initramfs supports unlocking encrypted filesystem via SSH on bootup
254 255 CRYPTFS_DROPBEAR=${CRYPTFS_DROPBEAR:=false}
255 256 #Provide your own Dropbear Public RSA-OpenSSH Key otherwise it will be generated
256 257 CRYPTFS_DROPBEAR_PUBKEY=${CRYPTFS_DROPBEAR_PUBKEY:=""}
257 258
258 259 # Packages required for bootstrapping
259 260 REQUIRED_PACKAGES="debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git bc psmisc dbus bison flex libssl-dev sudo"
260 261 MISSING_PACKAGES=""
261 262
262 263 # Packages installed for c/c++ build environment in chroot (keep empty)
263 264 COMPILER_PACKAGES=""
264 265
265 266 # Check if apt-cacher-ng has port 3142 open and set APT_PROXY
266 267 APT_CACHER_RUNNING=$(lsof -i :3142 | cut -d ' ' -f3 | uniq | sed '/^\s*$/d')
267 268 if [ "${APT_CACHER_RUNNING}" = "apt-cacher-ng" ] ; then
268 269 APT_PROXY=http://127.0.0.1:3142/
269 270 fi
270 271
271 272 # Setup architecture specific settings
272 273 if [ -n "$SET_ARCH" ] ; then
273 # 64-bit configuration
274 ## 64-bit configuration
274 275 if [ "$SET_ARCH" = 64 ] ; then
275 # General 64-bit depended settings
276 ### General 64-bit depended settings
276 277 QEMU_BINARY=${QEMU_BINARY:=/usr/bin/qemu-aarch64-static}
277 278 KERNEL_ARCH=${KERNEL_ARCH:=arm64}
278 279 KERNEL_BIN_IMAGE=${KERNEL_BIN_IMAGE:="Image"}
279 280
280 # Raspberry Pi model specific settings
281 ### Raspberry Pi model specific settings
281 282 if [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] || [ "$RPI_MODEL" = 4 ] ; then
282 283 if [ "$RPI_MODEL" != 4 ] ; then
283 284 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcmrpi3_defconfig}
284 285 else
285 286 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcm2711_defconfig}
286 287 fi
287 288
288 289 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-arm64"
289 290 RELEASE_ARCH=${RELEASE_ARCH:=arm64}
290 291 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel8.img}
291 292 CROSS_COMPILE=${CROSS_COMPILE:=aarch64-linux-gnu-}
293
292 294 else
293 295 echo "error: Only Raspberry PI 3, 3B+ and 4 support 64-bit"
294 296 exit 1
295 297 fi
296 298 fi
297 299
298 # 32-bit configuration
300 ## 32-bit configuration
299 301 if [ "$SET_ARCH" = 32 ] ; then
300 # General 32-bit dependend settings
302 ### General 32-bit dependend settings
301 303 QEMU_BINARY=${QEMU_BINARY:=/usr/bin/qemu-arm-static}
302 304 KERNEL_ARCH=${KERNEL_ARCH:=arm}
303 305 KERNEL_BIN_IMAGE=${KERNEL_BIN_IMAGE:="zImage"}
304 306
305 # Raspberry Pi model specific settings
307 ### Raspberry Pi (0-1P) model specific settings
306 308 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 1 ] || [ "$RPI_MODEL" = 1P ] ; then
307 309 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-armel"
308 310 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcmrpi_defconfig}
309 311 RELEASE_ARCH=${RELEASE_ARCH:=armel}
310 312 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel.img}
311 313 CROSS_COMPILE=${CROSS_COMPILE:=arm-linux-gnueabi-}
312 314
313 315 if [ $ENABLE_XORG = true ] ; then
314 316 if [$RELEASE = "stretch" ] || [$RELEASE = "oldstable" ] ; then
315 317 printf "\nBest support for armel architecture is provided under Debian stretch/oldstable. Choose yes to change release to Debian stretch[y/n] "
316 318 read -r confirm
317 319 if [ "$confirm" = "y" ] ; then
318 320 $RELEASE = "stretch"
319 321 fi
320 322 fi
321 323 fi
322 324 fi
323 # Raspberry Pi model specific settings
325 ### Raspberry Pi (2-4) model specific settings
324 326 if [ "$RPI_MODEL" = 2 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] || [ "$RPI_MODEL" = 4 ] ; then
325 327 if [ "$RPI_MODEL" != 4 ] ; then
326 328 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcm2709_defconfig}
327 329 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel7.img}
328 330 else
329 331 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcm2711_defconfig}
330 332 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel7l.img}
331 333 fi
332 334
333 335 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-armhf"
334 336 RELEASE_ARCH=${RELEASE_ARCH:=armhf}
335 337
336 338 CROSS_COMPILE=${CROSS_COMPILE:=arm-linux-gnueabihf-}
337 339 fi
338 340 fi
339 341 # SET_ARCH not set
340 342 else
341 343 echo "error: Please set '32' or '64' as value for SET_ARCH"
342 344 exit 1
343 345 fi
344 346 # Device specific configuration and U-Boot configuration
345 347 case "$RPI_MODEL" in
346 348 0)
347 349 DTB_FILE=${DTB_FILE:=bcm2708-rpi-0-w.dtb}
348 350 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_defconfig}
349 351 ;;
350 352 1)
351 353 DTB_FILE=${DTB_FILE:=bcm2708-rpi-b.dtb}
352 354 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_defconfig}
353 355 ;;
354 356 1P)
355 357 DTB_FILE=${DTB_FILE:=bcm2708-rpi-b-plus.dtb}
356 358 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_defconfig}
357 359 ;;
358 360 2)
359 361 DTB_FILE=${DTB_FILE:=bcm2709-rpi-2-b.dtb}
360 362 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_2_defconfig}
361 363 ;;
362 364 3)
363 365 DTB_FILE=${DTB_FILE:=bcm2710-rpi-3-b.dtb}
364 366 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_3_defconfig}
365 367 ;;
366 368 3P)
367 369 DTB_FILE=${DTB_FILE:=bcm2710-rpi-3-b.dtb}
368 370 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_3_defconfig}
369 371 ;;
370 372 4)
371 373 DTB_FILE=${DTB_FILE:=bcm2711-rpi-4-b.dtb}
372 374 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_4_defconfig}
373 375 ;;
374 376 *)
375 377 echo "error: Raspberry Pi model $RPI_MODEL is not supported!"
376 378 exit 1
377 379 ;;
378 380 esac
379 381
380 # Raspberry PI 0,3,3P with Bluetooth and Wifi onboard
382 # Raspberry PI 0,3,3P,4 with Bluetooth and Wifi onboard
381 383 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] || [ "$RPI_MODEL" = 4 ] ; then
382 # Include bluetooth packages on supported boards
384 ## Include bluetooth packages on supported boards
383 385 if [ "$ENABLE_BLUETOOTH" = true ] ; then
384 386 APT_INCLUDES="${APT_INCLUDES},bluetooth,bluez"
385 387 fi
386 388 if [ "$ENABLE_WIRELESS" = true ] ; then
387 389 APT_INCLUDES="${APT_INCLUDES},wireless-tools,crda,wireless-regdb,wpasupplicant"
388 390 fi
389 else # Raspberry PI 1,1P,2 without Wifi and bluetooth onboard
390 # Check if the internal wireless interface is not supported by the RPi model
391 # Raspberry PI 1,1P,2 without Wifi and bluetooth onboard
392 else
393 ## Check if the internal wireless interface is not supported by the RPi model
391 394 if [ "$ENABLE_WIRELESS" = true ] || [ "$ENABLE_BLUETOOTH" = true ]; then
392 395 echo "error: The selected Raspberry Pi model has no integrated interface for wireless or bluetooth"
393 396 exit 1
394 397 fi
395 398 fi
396 399
397 400 if [ "$BUILD_KERNEL" = false ] && [ "$ENABLE_NEXMON" = true ]; then
398 401 echo "error: You have to compile kernel sources, if you want to enable nexmon"
399 402 exit 1
400 403 fi
401 404
402 405 # Prepare date string for default image file name
403 406 DATE="$(date +%Y-%m-%d)"
404 407 if [ -z "$KERNEL_BRANCH" ] ; then
405 408 IMAGE_NAME=${IMAGE_NAME:=${BASEDIR}/${DATE}-${KERNEL_ARCH}-CURRENT-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}}
406 409 else
407 410 IMAGE_NAME=${IMAGE_NAME:=${BASEDIR}/${DATE}-${KERNEL_ARCH}-${KERNEL_BRANCH}-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}}
408 411 fi
409 412
410 413 # Check if DISABLE_UNDERVOLT_WARNINGS parameter value is supported
411 414 if [ -n "$DISABLE_UNDERVOLT_WARNINGS" ] ; then
412 415 if [ "$DISABLE_UNDERVOLT_WARNINGS" != 1 ] && [ "$DISABLE_UNDERVOLT_WARNINGS" != 2 ] ; then
413 416 echo "error: DISABLE_UNDERVOLT_WARNINGS=${DISABLE_UNDERVOLT_WARNINGS} is not supported"
414 417 exit 1
415 418 fi
416 419 fi
417 420
418 421 # Add cmake to compile videocore sources
419 422 if [ "$ENABLE_VIDEOCORE" = true ] ; then
420 423 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} cmake"
421 424 fi
422 425
423 426 # Add deps for nexmon
424 427 if [ "$ENABLE_NEXMON" = true ] ; then
425 428 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} libgmp3-dev gawk qpdf make autoconf automake build-essential libtool"
426 429 fi
427 430
428 431 # Add libncurses5 to enable kernel menuconfig
429 432 if [ "$KERNEL_MENUCONFIG" = true ] ; then
430 433 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} libncurses-dev"
431 434 fi
432 435
433 436 # Add ccache compiler cache for (faster) kernel cross (re)compilation
434 437 if [ "$KERNEL_CCACHE" = true ] ; then
435 438 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} ccache"
436 439 fi
437 440
438 441 # Add cryptsetup package to enable filesystem encryption
439 442 if [ "$ENABLE_CRYPTFS" = true ] && [ "$BUILD_KERNEL" = true ] ; then
440 443 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} cryptsetup"
441 444 APT_INCLUDES="${APT_INCLUDES},cryptsetup,busybox,console-setup,cryptsetup-initramfs"
442 445
443 446 # If cryptfs,dropbear and initramfs are enabled include dropbear-initramfs package
444 447 if [ "$CRYPTFS_DROPBEAR" = true ] && [ "$ENABLE_INITRAMFS" = true ]; then
445 448 APT_INCLUDES="${APT_INCLUDES},dropbear-initramfs"
446 449 fi
447 450
448 451 if [ -z "$CRYPTFS_PASSWORD" ] ; then
449 452 echo "error: no password defined (CRYPTFS_PASSWORD)!"
450 453 exit 1
451 454 fi
452 455 ENABLE_INITRAMFS=true
453 456 fi
454 457
455 458 # Add initramfs generation tools
456 459 if [ "$ENABLE_INITRAMFS" = true ] && [ "$BUILD_KERNEL" = true ] ; then
457 460 APT_INCLUDES="${APT_INCLUDES},initramfs-tools"
458 461 fi
459 462
460 463 # Add device-tree-compiler required for building the U-Boot bootloader
461 464 if [ "$ENABLE_UBOOT" = true ] ; then
462 465 APT_INCLUDES="${APT_INCLUDES},device-tree-compiler,bc"
463 466 fi
464 467
465 468 if [ "$ENABLE_USBBOOT" = true ] ; then
466 469 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 1P ] || [ "$RPI_MODEL" = 1 ] || [ "$RPI_MODEL" = 2 ]; then
467 470 echo "error: Booting from USB alone is only supported by Raspberry Pi 3 and 3P"
468 471 exit 1
469 472 fi
470 473 fi
471 474
472 475 # Check if root SSH (v2) public key file exists
473 476 if [ -n "$SSH_ROOT_PUB_KEY" ] ; then
474 477 if [ ! -f "$SSH_ROOT_PUB_KEY" ] ; then
475 478 echo "error: '$SSH_ROOT_PUB_KEY' specified SSH public key file not found (SSH_ROOT_PUB_KEY)!"
476 479 exit 1
477 480 fi
478 481 fi
479 482
480 483 # Check if $USER_NAME SSH (v2) public key file exists
481 484 if [ -n "$SSH_USER_PUB_KEY" ] ; then
482 485 if [ ! -f "$SSH_USER_PUB_KEY" ] ; then
483 486 echo "error: '$SSH_USER_PUB_KEY' specified SSH public key file not found (SSH_USER_PUB_KEY)!"
484 487 exit 1
485 488 fi
486 489 fi
487 490
488 491 if [ "$ENABLE_NEXMON" = true ] && [ -n "$KERNEL_BRANCH" ] ; then
489 492 echo "error: Please unset KERNEL_BRANCH if using ENABLE_NEXMON"
490 493 exit 1
491 494 fi
492 495
493 496 # Check if all required packages are installed on the build system
494 497 for package in $REQUIRED_PACKAGES ; do
495 498 if [ "$(dpkg-query -W -f='${Status}' "$package")" != "install ok installed" ] ; then
496 499 MISSING_PACKAGES="${MISSING_PACKAGES} $package"
497 500 fi
498 501 done
499 502
500 503 # If there are missing packages ask confirmation for install, or exit
501 504 if [ -n "$MISSING_PACKAGES" ] ; then
502 505 echo "the following packages needed by this script are not installed:"
503 506 echo "$MISSING_PACKAGES"
504 507
505 508 printf "\ndo you want to install the missing packages right now? [y/n] "
506 509 read -r confirm
507 510 [ "$confirm" != "y" ] && exit 1
508 511
509 # Make sure all missing required packages are installed
512 ## Make sure all missing required packages are installed
510 513 apt-get update && apt-get -qq -y install `echo "${MISSING_PACKAGES}" | sed "s/ //"`
511 514 fi
512 515
513 516 # Check if ./bootstrap.d directory exists
514 517 if [ ! -d "./bootstrap.d/" ] ; then
515 518 echo "error: './bootstrap.d' required directory not found!"
516 519 exit 1
517 520 fi
518 521
519 522 # Check if ./files directory exists
520 523 if [ ! -d "./files/" ] ; then
521 524 echo "error: './files' required directory not found!"
522 525 exit 1
523 526 fi
524 527
525 528 # Check if specified KERNELSRC_DIR directory exists
526 529 if [ -n "$KERNELSRC_DIR" ] && [ ! -d "$KERNELSRC_DIR" ] ; then
527 530 echo "error: '${KERNELSRC_DIR}' specified directory not found (KERNELSRC_DIR)!"
528 531 exit 1
529 532 fi
530 533
531 534 # Check if specified UBOOTSRC_DIR directory exists
532 535 if [ -n "$UBOOTSRC_DIR" ] && [ ! -d "$UBOOTSRC_DIR" ] ; then
533 536 echo "error: '${UBOOTSRC_DIR}' specified directory not found (UBOOTSRC_DIR)!"
534 537 exit 1
535 538 fi
536 539
537 540 # Check if specified VIDEOCORESRC_DIR directory exists
538 541 if [ -n "$VIDEOCORESRC_DIR" ] && [ ! -d "$VIDEOCORESRC_DIR" ] ; then
539 542 echo "error: '${VIDEOCORESRC_DIR}' specified directory not found (VIDEOCORESRC_DIR)!"
540 543 exit 1
541 544 fi
542 545
543 546 # Check if specified FBTURBOSRC_DIR directory exists
544 547 if [ -n "$FBTURBOSRC_DIR" ] && [ ! -d "$FBTURBOSRC_DIR" ] ; then
545 548 echo "error: '${FBTURBOSRC_DIR}' specified directory not found (FBTURBOSRC_DIR)!"
546 549 exit 1
547 550 fi
548 551
549 552 # Check if specified NEXMONSRC_DIR directory exists
550 553 if [ -n "$NEXMONSRC_DIR" ] && [ ! -d "$NEXMONSRC_DIR" ] ; then
551 554 echo "error: '${NEXMONSRC_DIR}' specified directory not found (NEXMONSRC_DIR)!"
552 555 exit 1
553 556 fi
554 557
555 558 # Check if specified CHROOT_SCRIPTS directory exists
556 559 if [ -n "$CHROOT_SCRIPTS" ] && [ ! -d "$CHROOT_SCRIPTS" ] ; then
557 echo "error: ${CHROOT_SCRIPTS} specified directory not found (CHROOT_SCRIPTS)!"
558 exit 1
560 echo "error: ${CHROOT_SCRIPTS} specified directory not found (CHROOT_SCRIPTS)!"
561 exit 1
559 562 fi
560 563
561 564 # Check if specified device mapping already exists (will be used by cryptsetup)
562 565 if [ -r "/dev/mapping/${CRYPTFS_MAPPING}" ] ; then
563 566 echo "error: mapping /dev/mapping/${CRYPTFS_MAPPING} already exists, not proceeding"
564 567 exit 1
565 568 fi
566 569
567 570 # Don't clobber an old build
568 571 if [ -e "$BUILDDIR" ] ; then
569 572 echo "error: directory ${BUILDDIR} already exists, not proceeding"
570 573 exit 1
571 574 fi
572 575
573 576 # Setup chroot directory
574 577 mkdir -p "${R}"
575 578
576 579 # Check if build directory has enough of free disk space >512MB
577 580 if [ "$(df --output=avail "${BUILDDIR}" | sed "1d")" -le "524288" ] ; then
578 581 echo "error: ${BUILDDIR} not enough space left to generate the output image!"
579 582 exit 1
580 583 fi
581 584
582 585 set -x
583 586
584 587 # Call "cleanup" function on various signals and errors
585 588 trap cleanup 0 1 2 3 6
586 589
587 590 # Add required packages for the minbase installation
588 591 if [ "$ENABLE_MINBASE" = true ] ; then
589 592 APT_INCLUDES="${APT_INCLUDES},vim-tiny,netbase,net-tools,ifupdown"
590 593 fi
591 594
592 595 # Add parted package, required to get partprobe utility
593 596 if [ "$EXPANDROOT" = true ] ; then
594 597 APT_INCLUDES="${APT_INCLUDES},parted"
595 598 fi
596 599
597 600 # Add dphys-swapfile package, required to enable swap
598 601 if [ "$ENABLE_DPHYSSWAP" = true ] ; then
599 602 APT_INCLUDES="${APT_INCLUDES},dphys-swapfile"
600 603 fi
601 604
602 605 # Add dbus package, recommended if using systemd
603 606 if [ "$ENABLE_DBUS" = true ] ; then
604 607 APT_INCLUDES="${APT_INCLUDES},dbus"
605 608 fi
606 609
607 610 # Add iptables IPv4/IPv6 package
608 611 if [ "$ENABLE_IPTABLES" = true ] ; then
609 612 APT_INCLUDES="${APT_INCLUDES},iptables,iptables-persistent"
610 613 fi
611 614 # Add apparmor for KERNEL_SECURITY
612 615 if [ "$KERNEL_SECURITY" = true ] ; then
613 616 APT_INCLUDES="${APT_INCLUDES},apparmor,apparmor-utils,apparmor-profiles,apparmor-profiles-extra,libapparmor-perl"
614 617 fi
615 618
616 619 # Add openssh server package
617 620 if [ "$SSH_ENABLE" = true ] ; then
618 621 APT_INCLUDES="${APT_INCLUDES},openssh-server"
619 622 fi
620 623
621 624 # Add alsa-utils package
622 625 if [ "$ENABLE_SOUND" = true ] ; then
623 626 APT_INCLUDES="${APT_INCLUDES},alsa-utils"
624 627 fi
625 628
626 629 # Add rng-tools package
627 630 if [ "$ENABLE_HWRANDOM" = true ] ; then
628 631 APT_INCLUDES="${APT_INCLUDES},rng-tools"
629 632 fi
630 633
631 634 # Add fbturbo video driver
632 635 if [ "$ENABLE_FBTURBO" = true ] ; then
633 636 # Enable xorg package dependencies
634 637 ENABLE_XORG=true
635 638 fi
636 639
637 640 # Add user defined window manager package
638 641 if [ -n "$ENABLE_WM" ] ; then
639 642 APT_INCLUDES="${APT_INCLUDES},${ENABLE_WM}"
640 643
641 644 # Enable xorg package dependencies
642 645 ENABLE_XORG=true
643 646 fi
644 647
645 648 # Add xorg package
646 649 if [ "$ENABLE_XORG" = true ] ; then
647 650 APT_INCLUDES="${APT_INCLUDES},xorg,dbus-x11"
648 651 fi
649 652
650 653 # Replace selected packages with smaller clones
651 654 if [ "$ENABLE_REDUCE" = true ] ; then
652 # Add levee package instead of vim-tiny
655 ## Add levee package instead of vim-tiny
653 656 if [ "$REDUCE_VIM" = true ] ; then
654 657 APT_INCLUDES="$(echo ${APT_INCLUDES} | sed "s/vim-tiny/levee/")"
655 658 fi
656 659
657 # Add dropbear package instead of openssh-server
660 ## Add dropbear package instead of openssh-server
658 661 if [ "$REDUCE_SSHD" = true ] ; then
659 662 APT_INCLUDES="$(echo "${APT_INCLUDES}" | sed "s/openssh-server/dropbear/")"
660 663 fi
661 664 fi
662 665
663 666 # Configure systemd-sysv exclude to make halt/reboot/shutdown scripts available
664 667 if [ "$ENABLE_SYSVINIT" = false ] ; then
665 668 APT_EXCLUDES="--exclude=${APT_EXCLUDES},init,systemd-sysv"
666 669 fi
667 670
668 671 # Configure kernel sources if no KERNELSRC_DIR
669 672 if [ "$BUILD_KERNEL" = true ] && [ -z "$KERNELSRC_DIR" ] ; then
670 673 KERNELSRC_CONFIG=true
671 674 fi
672 675
673 676 # Configure reduced kernel
674 677 if [ "$KERNEL_REDUCE" = true ] ; then
675 678 KERNELSRC_CONFIG=false
676 679 fi
677 680
678 681 # Configure qemu compatible kernel
679 682 if [ "$ENABLE_QEMU" = true ] ; then
680 683 DTB_FILE=vexpress-v2p-ca15_a7.dtb
681 684 UBOOT_CONFIG=vexpress_ca15_tc2_defconfig
682 685 KERNEL_DEFCONFIG="vexpress_defconfig"
683 686 if [ "$KERNEL_MENUCONFIG" = false ] ; then
684 687 KERNEL_OLDDEFCONFIG=true
685 688 fi
686 689 fi
687 690
688 691 # Execute bootstrap scripts
689 692 for SCRIPT in bootstrap.d/*.sh; do
690 693 head -n 3 "$SCRIPT"
691 694 . "$SCRIPT"
692 695 done
693 696
694 697 ## Execute custom bootstrap scripts
695 698 if [ -d "custom.d" ] ; then
696 699 for SCRIPT in custom.d/*.sh; do
697 700 . "$SCRIPT"
698 701 done
699 702 fi
700 703
701 704 # Execute custom scripts inside the chroot
702 705 if [ -n "$CHROOT_SCRIPTS" ] && [ -d "$CHROOT_SCRIPTS" ] ; then
703 706 cp -r "${CHROOT_SCRIPTS}" "${R}/chroot_scripts"
704 707 chroot_exec /bin/bash -x <<'EOF'
705 708 for SCRIPT in /chroot_scripts/* ; do
706 709 if [ -f $SCRIPT -a -x $SCRIPT ] ; then
707 710 $SCRIPT
708 711 fi
709 712 done
710 713 EOF
711 714 rm -rf "${R}/chroot_scripts"
712 715 fi
713 716
714 717 # Remove c/c++ build environment from the chroot
715 718 chroot_remove_cc
716 719
717 720 # Generate required machine-id
718 721 MACHINE_ID=$(dbus-uuidgen)
719 722 echo -n "${MACHINE_ID}" > "${R}/var/lib/dbus/machine-id"
720 723 echo -n "${MACHINE_ID}" > "${ETC_DIR}/machine-id"
721 724
722 725 # APT Cleanup
723 726 chroot_exec apt-get -y clean
724 727 chroot_exec apt-get -y autoclean
725 728 chroot_exec apt-get -y autoremove
726 729
727 730 # Unmount mounted filesystems
728 731 umount -l "${R}/proc"
729 732 umount -l "${R}/sys"
730 733
731 734 # Clean up directories
732 735 rm -rf "${R}/run/*"
733 736 rm -rf "${R}/tmp/*"
734 737
735 738 # Clean up APT proxy settings
736 739 if [ "$KEEP_APT_PROXY" = false ] ; then
737 740 rm -f "${ETC_DIR}/apt/apt.conf.d/10proxy"
738 741 fi
739 742
740 743 # Clean up files
741 744 rm -f "${ETC_DIR}/ssh/ssh_host_*"
742 745 rm -f "${ETC_DIR}/dropbear/dropbear_*"
743 746 rm -f "${ETC_DIR}/apt/sources.list.save"
744 747 rm -f "${ETC_DIR}/resolvconf/resolv.conf.d/original"
745 748 rm -f "${ETC_DIR}/*-"
746 749 rm -f "${ETC_DIR}/resolv.conf"
747 750 rm -f "${R}/root/.bash_history"
748 751 rm -f "${R}/var/lib/urandom/random-seed"
749 752 rm -f "${R}/initrd.img"
750 753 rm -f "${R}/vmlinuz"
751 754 rm -f "${R}${QEMU_BINARY}"
752 755
753 756 if [ "$ENABLE_QEMU" = true ] ; then
754 757 # Setup QEMU directory
755 758 mkdir "${BASEDIR}/qemu"
756 759
757 760 # Copy kernel image to QEMU directory
758 761 install_readonly "${BOOT_DIR}/${KERNEL_IMAGE}" "${BASEDIR}/qemu/${KERNEL_IMAGE}"
759 762
760 763 # Copy kernel config to QEMU directory
761 764 install_readonly "${R}/boot/config-${KERNEL_VERSION}" "${BASEDIR}/qemu/config-${KERNEL_VERSION}"
762 765
763 766 # Copy kernel dtbs to QEMU directory
764 767 for dtb in "${BOOT_DIR}/"*.dtb ; do
765 768 if [ -f "${dtb}" ] ; then
766 769 install_readonly "${dtb}" "${BASEDIR}/qemu/"
767 770 fi
768 771 done
769 772
770 773 # Copy kernel overlays to QEMU directory
771 774 if [ -d "${BOOT_DIR}/overlays" ] ; then
772 775 # Setup overlays dtbs directory
773 776 mkdir "${BASEDIR}/qemu/overlays"
774 777
775 778 for dtb in "${BOOT_DIR}/overlays/"*.dtbo ; do
776 779 if [ -f "${dtb}" ] ; then
777 780 install_readonly "${dtb}" "${BASEDIR}/qemu/overlays/"
778 781 fi
779 782 done
780 783 fi
781 784
782 785 # Copy u-boot files to QEMU directory
783 786 if [ "$ENABLE_UBOOT" = true ] ; then
784 787 if [ -f "${BOOT_DIR}/u-boot.bin" ] ; then
785 788 install_readonly "${BOOT_DIR}/u-boot.bin" "${BASEDIR}/qemu/u-boot.bin"
786 789 fi
787 790 if [ -f "${BOOT_DIR}/uboot.mkimage" ] ; then
788 791 install_readonly "${BOOT_DIR}/uboot.mkimage" "${BASEDIR}/qemu/uboot.mkimage"
789 792 fi
790 793 if [ -f "${BOOT_DIR}/boot.scr" ] ; then
791 794 install_readonly "${BOOT_DIR}/boot.scr" "${BASEDIR}/qemu/boot.scr"
792 795 fi
793 796 fi
794 797
795 798 # Copy initramfs to QEMU directory
796 799 if [ -f "${BOOT_DIR}/initramfs-${KERNEL_VERSION}" ] ; then
797 800 install_readonly "${BOOT_DIR}/initramfs-${KERNEL_VERSION}" "${BASEDIR}/qemu/initramfs-${KERNEL_VERSION}"
798 801 fi
799 802 fi
800 803
801 804 # Calculate size of the chroot directory in KB
802 805 CHROOT_SIZE=$(expr "$(du -s "${R}" | awk '{ print $1 }')")
803 806
804 807 # Calculate the amount of needed 512 Byte sectors
805 808 TABLE_SECTORS=$(expr 1 \* 1024 \* 1024 \/ 512)
806 809 FRMW_SECTORS=$(expr 64 \* 1024 \* 1024 \/ 512)
807 810 ROOT_OFFSET=$(expr "${TABLE_SECTORS}" + "${FRMW_SECTORS}")
808 811
809 812 # The root partition is EXT4
810 813 # This means more space than the actual used space of the chroot is used.
811 814 # As overhead for journaling and reserved blocks 35% are added.
812 815 ROOT_SECTORS=$(expr "$(expr "${CHROOT_SIZE}" + "${CHROOT_SIZE}" \/ 100 \* 35)" \* 1024 \/ 512)
813 816
814 817 # Calculate required image size in 512 Byte sectors
815 818 IMAGE_SECTORS=$(expr "${TABLE_SECTORS}" + "${FRMW_SECTORS}" + "${ROOT_SECTORS}")
816 819
817 820 # Prepare image file
818 821 if [ "$ENABLE_SPLITFS" = true ] ; then
819 822 dd if=/dev/zero of="$IMAGE_NAME-frmw.img" bs=512 count="${TABLE_SECTORS}"
820 823 dd if=/dev/zero of="$IMAGE_NAME-frmw.img" bs=512 count=0 seek="${FRMW_SECTORS}"
821 824 dd if=/dev/zero of="$IMAGE_NAME-root.img" bs=512 count="${TABLE_SECTORS}"
822 825 dd if=/dev/zero of="$IMAGE_NAME-root.img" bs=512 count=0 seek="${ROOT_SECTORS}"
823 826
824 # Write firmware/boot partition tables
827 ## Write firmware/boot partition tables
825 828 sfdisk -q -L -uS -f "$IMAGE_NAME-frmw.img" 2> /dev/null <<EOM
826 829 ${TABLE_SECTORS},${FRMW_SECTORS},c,*
827 830 EOM
828 831
829 # Write root partition table
832 ## Write root partition table
830 833 sfdisk -q -L -uS -f "$IMAGE_NAME-root.img" 2> /dev/null <<EOM
831 834 ${TABLE_SECTORS},${ROOT_SECTORS},83
832 835 EOM
833 836
834 # Setup temporary loop devices
837 ## Setup temporary loop devices
835 838 FRMW_LOOP="$(losetup -o 1M --sizelimit 64M -f --show "$IMAGE_NAME"-frmw.img)"
836 839 ROOT_LOOP="$(losetup -o 1M -f --show "$IMAGE_NAME"-root.img)"
837 else # ENABLE_SPLITFS=false
840 # ENABLE_SPLITFS=false
841 else
838 842 dd if=/dev/zero of="$IMAGE_NAME.img" bs=512 count="${TABLE_SECTORS}"
839 843 dd if=/dev/zero of="$IMAGE_NAME.img" bs=512 count=0 seek="${IMAGE_SECTORS}"
840 844
841 845 # Write partition table
842 846 sfdisk -q -L -uS -f "$IMAGE_NAME.img" 2> /dev/null <<EOM
843 847 ${TABLE_SECTORS},${FRMW_SECTORS},c,*
844 848 ${ROOT_OFFSET},${ROOT_SECTORS},83
845 849 EOM
846 850
847 851 # Setup temporary loop devices
848 852 FRMW_LOOP="$(losetup -o 1M --sizelimit 64M -f --show "$IMAGE_NAME".img)"
849 853 ROOT_LOOP="$(losetup -o 65M -f --show "$IMAGE_NAME".img)"
850 854 fi
851 855
852 856 if [ "$ENABLE_CRYPTFS" = true ] ; then
853 857 # Create dummy ext4 fs
854 858 mkfs.ext4 "$ROOT_LOOP"
855 859
856 860 # Setup password keyfile
857 861 touch .password
858 862 chmod 600 .password
859 863 echo -n ${CRYPTFS_PASSWORD} > .password
860 864
861 865 # Initialize encrypted partition
862 866 cryptsetup --verbose --debug -q luksFormat "${ROOT_LOOP}" -c "${CRYPTFS_CIPHER}" -h "${CRYPTFS_HASH}" -s "${CRYPTFS_XTSKEYSIZE}" .password
863 867
864 868 # Open encrypted partition and setup mapping
865 869 cryptsetup luksOpen "${ROOT_LOOP}" -d .password "${CRYPTFS_MAPPING}"
866 870
867 871 # Secure delete password keyfile
868 872 shred -zu .password
869 873
870 874 # Update temporary loop device
871 875 ROOT_LOOP="/dev/mapper/${CRYPTFS_MAPPING}"
872 876
873 877 # Wipe encrypted partition (encryption cipher is used for randomness)
874 878 dd if=/dev/zero of="${ROOT_LOOP}" bs=512 count="$(blockdev --getsz "${ROOT_LOOP}")"
875 879 fi
876 880
877 881 # Build filesystems
878 882 mkfs.vfat "$FRMW_LOOP"
879 883 mkfs.ext4 "$ROOT_LOOP"
880 884
881 885 # Mount the temporary loop devices
882 886 mkdir -p "$BUILDDIR/mount"
883 887 mount "$ROOT_LOOP" "$BUILDDIR/mount"
884 888
885 889 mkdir -p "$BUILDDIR/mount/boot/firmware"
886 890 mount "$FRMW_LOOP" "$BUILDDIR/mount/boot/firmware"
887 891
888 892 # Copy all files from the chroot to the loop device mount point directory
889 893 rsync -a "${R}/" "$BUILDDIR/mount/"
890 894
891 895 # Unmount all temporary loop devices and mount points
892 896 cleanup
893 897
894 898 # Create block map file(s) of image(s)
895 899 if [ "$ENABLE_SPLITFS" = true ] ; then
896 900 # Create block map files for "bmaptool"
897 901 bmaptool create -o "$IMAGE_NAME-frmw.bmap" "$IMAGE_NAME-frmw.img"
898 902 bmaptool create -o "$IMAGE_NAME-root.bmap" "$IMAGE_NAME-root.img"
899 903
900 904 # Image was successfully created
901 905 echo "$IMAGE_NAME-frmw.img ($(expr \( "${TABLE_SECTORS}" + "${FRMW_SECTORS}" \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
902 906 echo "$IMAGE_NAME-root.img ($(expr \( "${TABLE_SECTORS}" + "${ROOT_SECTORS}" \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
903 907 else
904 908 # Create block map file for "bmaptool"
905 909 bmaptool create -o "$IMAGE_NAME.bmap" "$IMAGE_NAME.img"
906 910
907 911 # Image was successfully created
908 912 echo "$IMAGE_NAME.img ($(expr \( "${TABLE_SECTORS}" + "${FRMW_SECTORS}" + "${ROOT_SECTORS}" \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
909 913
910 914 # Create qemu qcow2 image
911 915 if [ "$ENABLE_QEMU" = true ] ; then
912 916 QEMU_IMAGE=${QEMU_IMAGE:=${BASEDIR}/qemu/${DATE}-${KERNEL_ARCH}-CURRENT-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}}
913 917 QEMU_SIZE=16G
914 918
915 919 qemu-img convert -f raw -O qcow2 "$IMAGE_NAME".img "$QEMU_IMAGE".qcow2
916 920 qemu-img resize "$QEMU_IMAGE".qcow2 $QEMU_SIZE
917 921
918 922 echo "$QEMU_IMAGE.qcow2 ($QEMU_SIZE)" ": successfully created"
919 923 fi
920 924 fi
General Comments 0
Vous devez vous connecter pour laisser un commentaire. Se connecter maintenant