| @@ -1,13 +1,13 | |||||
| 1 | # rpi23-gen-image |
|
1 | # rpi23-gen-image | |
| 2 | ## Introduction |
|
2 | ## Introduction | |
| 3 | `rpi23-gen-image.sh` is an advanced Debian Linux bootstrapping shell script for generating Debian OS images for all Raspberry Pi computers. The script at this time supports the bootstrapping of the Debian (armhf/armel) releases `stretch` and `buster`. Raspberry Pi 0/1/2/3 images are generated for 32-bit mode only. Raspberry Pi 3 supports 64-bit images that can be generated using custom configuration parameters (```templates/rpi3-stretch-arm64-4.14.y```). |
|
3 | `rpi23-gen-image.sh` is an advanced Debian Linux bootstrapping shell script for generating Debian OS images for all Raspberry Pi computers. The script at this time supports the bootstrapping of the Debian (armhf/armel) releases `stretch` and `buster`. Raspberry Pi 0/1/2/3/4 images are generated for 32-bit mode only. Raspberry Pi 3 supports 64-bit images that can be generated using custom configuration parameters (```templates/rpi3-stretch-arm64-4.14.y```). | |
| 4 |
|
4 | |||
| 5 | ## Build dependencies |
|
5 | ## Build dependencies | |
| 6 | The following list of Debian packages must be installed on the build system because they are essentially required for the bootstrapping process. The script will check if all required packages are installed and missing packages will be installed automatically if confirmed by the user. |
|
6 | The following list of Debian packages must be installed on the build system because they are essentially required for the bootstrapping process. The script will check if all required packages are installed and missing packages will be installed automatically if confirmed by the user. | |
| 7 |
|
7 | |||
| 8 | ```debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git bc psmisc dbus sudo``` |
|
8 | ```debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git bc psmisc dbus sudo``` | |
| 9 |
|
9 | |||
| 10 | It is recommended to configure the `rpi23-gen-image.sh` script to build and install the latest Raspberry Pi Linux kernel. For the Raspberry 3 this is mandatory. Kernel compilation and linking will be performed on the build system using an ARM (armhf/armel) cross-compiler toolchain. |
|
10 | It is recommended to configure the `rpi23-gen-image.sh` script to build and install the latest Raspberry Pi Linux kernel. For the Raspberry 3 this is mandatory. Kernel compilation and linking will be performed on the build system using an ARM (armhf/armel/aarch64) cross-compiler toolchain. | |
| 11 |
|
11 | |||
| 12 | The script has been tested using the default `crossbuild-essential-armhf` and `crossbuild-essential-armel` toolchain meta packages on Debian Linux `stretch` build systems. Please check the [Debian CrossToolchains Wiki](https://wiki.debian.org/CrossToolchains) for further information. |
|
12 | The script has been tested using the default `crossbuild-essential-armhf` and `crossbuild-essential-armel` toolchain meta packages on Debian Linux `stretch` build systems. Please check the [Debian CrossToolchains Wiki](https://wiki.debian.org/CrossToolchains) for further information. | |
| 13 |
|
13 | |||
| @@ -61,7 +61,7 A comma-separated list of additional packages to be installed by apt after boots | |||||
| 61 |
|
61 | |||
| 62 | #### General system settings: |
|
62 | #### General system settings: | |
| 63 | ##### `SET_ARCH`=32 |
|
63 | ##### `SET_ARCH`=32 | |
| 64 |
Set Architecture to default 32bit. If you want to compile 64-bit (RPI3 |
|
64 | Set Architecture to default 32bit. If you want to compile 64-bit (RPI3/RPI3+/RPI4) set it to `64`. This option will set every needed cross-compiler or board specific option for a successful build. | |
| 65 |
|
65 | |||
| 66 | ##### `RPI_MODEL`=2 |
|
66 | ##### `RPI_MODEL`=2 | |
| 67 | Specify the target Raspberry Pi hardware model. The script at this time supports the following Raspberry Pi models: |
|
67 | Specify the target Raspberry Pi hardware model. The script at this time supports the following Raspberry Pi models: | |
| @@ -71,6 +71,7 Specify the target Raspberry Pi hardware model. The script at this time supports | |||||
| 71 | - `2` = Raspberry Pi 2 model B |
|
71 | - `2` = Raspberry Pi 2 model B | |
| 72 | - `3` = Raspberry Pi 3 model B |
|
72 | - `3` = Raspberry Pi 3 model B | |
| 73 | - `3P` = Raspberry Pi 3 model B+ |
|
73 | - `3P` = Raspberry Pi 3 model B+ | |
|
|
74 | - `4` = Raspberry Pi 4 model B | |||
| 74 |
|
75 | |||
| 75 | ##### `RELEASE`="buster" |
|
76 | ##### `RELEASE`="buster" | |
| 76 | Set the desired Debian release name. The script at this time supports the bootstrapping of the Debian releases `stretch` and `buster`. |
|
77 | Set the desired Debian release name. The script at this time supports the bootstrapping of the Debian releases `stretch` and `buster`. | |
| @@ -216,6 +217,9 Support for halt,init,poweroff,reboot,runlevel,shutdown,telinit commands | |||||
| 216 | --- |
|
217 | --- | |
| 217 |
|
218 | |||
| 218 | #### Advanced system features: |
|
219 | #### Advanced system features: | |
|
|
220 | ##### `ENABLE_KEYGEN`=false | |||
|
|
221 | Recover your lost codec license | |||
|
|
222 | ||||
| 219 | ##### `ENABLE_SYSTEMDSWAP`=false |
|
223 | ##### `ENABLE_SYSTEMDSWAP`=false | |
| 220 | Enables [Systemd-swap service](https://github.com/Nefelim4ag/systemd-swap). Usefull if `KERNEL_ZSWAP` is enabled. |
|
224 | Enables [Systemd-swap service](https://github.com/Nefelim4ag/systemd-swap). Usefull if `KERNEL_ZSWAP` is enabled. | |
| 221 |
|
225 | |||
| @@ -227,6 +231,7 Reduce the disk space usage by deleting packages and files. See `REDUCE_*` param | |||||
| 227 |
|
231 | |||
| 228 | ##### `ENABLE_UBOOT`=false |
|
232 | ##### `ENABLE_UBOOT`=false | |
| 229 | Replace the default RPi 0/1/2/3 second stage bootloader (bootcode.bin) with [U-Boot bootloader](https://git.denx.de/?p=u-boot.git;a=summary). U-Boot can boot images via the network using the BOOTP/TFTP protocol. |
|
233 | Replace the default RPi 0/1/2/3 second stage bootloader (bootcode.bin) with [U-Boot bootloader](https://git.denx.de/?p=u-boot.git;a=summary). U-Boot can boot images via the network using the BOOTP/TFTP protocol. | |
|
|
234 | RPI4 needs tbd | |||
| 230 |
|
235 | |||
| 231 | ##### `UBOOTSRC_DIR`="" |
|
236 | ##### `UBOOTSRC_DIR`="" | |
| 232 | Path to a directory (`u-boot`) of [U-Boot bootloader sources](https://git.denx.de/?p=u-boot.git;a=summary) that will be copied, configured, build and installed inside the chroot. |
|
237 | Path to a directory (`u-boot`) of [U-Boot bootloader sources](https://git.denx.de/?p=u-boot.git;a=summary) that will be copied, configured, build and installed inside the chroot. | |
| @@ -310,7 +315,11 Add SSH (v2) public key(s) from specified file to `authorized_keys` file to enab | |||||
| 310 |
|
315 | |||
| 311 | #### Kernel compilation: |
|
316 | #### Kernel compilation: | |
| 312 | ##### `BUILD_KERNEL`=true |
|
317 | ##### `BUILD_KERNEL`=true | |
| 313 |
Build and install the latest RPi 0/1/2/3 Linux kernel. |
|
318 | Build and install the latest RPi 0/1/2/3/4 Linux kernel. The default RPi 0/1/2/3/ kernel configuration is used most of the time. | |
|
|
319 | ENABLE_NEXMON - Changes Kernel Source to [https://github.com/Re4son/](Kali Linux Kernel) | |||
|
|
320 | Precompiled 32bit kernel for RPI0/1/2/3 by [https://github.com/hypriot/](hypriot) | |||
|
|
321 | Precompiled 64bit kernel for RPI3/4 by [https://github.com/sakaki-/](sakaki) | |||
|
|
322 | ||||
| 314 |
|
323 | |||
| 315 | ##### `CROSS_COMPILE`="arm-linux-gnueabihf-" |
|
324 | ##### `CROSS_COMPILE`="arm-linux-gnueabihf-" | |
| 316 | This sets the cross-compile environment for the compiler. |
|
325 | This sets the cross-compile environment for the compiler. | |
| @@ -387,6 +396,18 Allow attaching eBPF programs to a cgroup using the bpf syscall (CONFIG_BPF_SYSC | |||||
| 387 | ##### `KERNEL_SECURITY`=false |
|
396 | ##### `KERNEL_SECURITY`=false | |
| 388 | Enables Apparmor, integrity subsystem, auditing. |
|
397 | Enables Apparmor, integrity subsystem, auditing. | |
| 389 |
|
398 | |||
|
|
399 | ##### `KERNEL_BTRFS`="false" | |||
|
|
400 | enable btrfs kernel support | |||
|
|
401 | ||||
|
|
402 | ##### `KERNEL_POEHAT`="false" | |||
|
|
403 | enable Enable RPI POE HAT fan kernel support | |||
|
|
404 | ||||
|
|
405 | ##### `KERNEL_NSPAWN`="false" | |||
|
|
406 | Enable per-interface network priority control - for systemd-nspawn | |||
|
|
407 | ||||
|
|
408 | ##### `KERNEL_DHKEY`="true" | |||
|
|
409 | Diffie-Hellman operations on retained keys - required for >keyutils-1.6 | |||
|
|
410 | ||||
| 390 | --- |
|
411 | --- | |
| 391 |
|
412 | |||
| 392 | #### Reduce disk usage: |
|
413 | #### Reduce disk usage: | |
| @@ -428,9 +449,12 Set password of the encrypted root partition. This parameter is mandatory if `EN | |||||
| 428 | ##### `CRYPTFS_MAPPING`="secure" |
|
449 | ##### `CRYPTFS_MAPPING`="secure" | |
| 429 | Set name of dm-crypt managed device-mapper mapping. |
|
450 | Set name of dm-crypt managed device-mapper mapping. | |
| 430 |
|
451 | |||
| 431 |
##### `CRYPTFS_CIPHER`="aes-xts-plain64 |
|
452 | ##### `CRYPTFS_CIPHER`="aes-xts-plain64" | |
| 432 | Set cipher specification string. `aes-xts*` ciphers are strongly recommended. |
|
453 | Set cipher specification string. `aes-xts*` ciphers are strongly recommended. | |
| 433 |
|
454 | |||
|
|
455 | ##### `CRYPTFS_HASH`=sha512 | |||
|
|
456 | Hash function and size to be used | |||
|
|
457 | ||||
| 434 | ##### `CRYPTFS_XTSKEYSIZE`=512 |
|
458 | ##### `CRYPTFS_XTSKEYSIZE`=512 | |
| 435 | Sets key size in bits. The argument has to be a multiple of 8. |
|
459 | Sets key size in bits. The argument has to be a multiple of 8. | |
| 436 |
|
460 | |||
| @@ -16,7 +16,17 install_readonly files/apt/sources.list "${ETC_DIR}/apt/sources.list" | |||||
| 16 |
|
16 | |||
| 17 | # Use specified APT server and release |
|
17 | # Use specified APT server and release | |
| 18 | sed -i "s/\/ftp.debian.org\//\/${APT_SERVER}\//" "${ETC_DIR}/apt/sources.list" |
|
18 | sed -i "s/\/ftp.debian.org\//\/${APT_SERVER}\//" "${ETC_DIR}/apt/sources.list" | |
|
|
19 | ||||
|
|
20 | #Fix for changing path for security updates in testing/bullseye | |||
|
|
21 | if [ "$RELEASE" = "testing" ] ; then | |||
|
|
22 | sed -i "s,stretch\\/updates,testing-security," "${ETC_DIR}/apt/sources.list" | |||
| 19 | sed -i "s/ stretch/ ${RELEASE}/" "${ETC_DIR}/apt/sources.list" |
|
23 | sed -i "s/ stretch/ ${RELEASE}/" "${ETC_DIR}/apt/sources.list" | |
|
|
24 | fi | |||
|
|
25 | ||||
|
|
26 | if [ -z "$RELEASE" ] ; then | |||
|
|
27 | # Change release in sources list | |||
|
|
28 | sed -i "s/ stretch/ ${RELEASE}/" "${ETC_DIR}/apt/sources.list" | |||
|
|
29 | fi | |||
| 20 |
|
30 | |||
| 21 | # Upgrade package index and update all installed packages and changed dependencies |
|
31 | # Upgrade package index and update all installed packages and changed dependencies | |
| 22 | chroot_exec apt-get -qq -y update |
|
32 | chroot_exec apt-get -qq -y update | |
| @@ -53,6 +53,11 if [ "$BUILD_KERNEL" = true ] ; then | |||||
| 53 | KERNEL_THREADS=$(grep -c processor /proc/cpuinfo) |
|
53 | KERNEL_THREADS=$(grep -c processor /proc/cpuinfo) | |
| 54 | fi |
|
54 | fi | |
| 55 |
|
55 | |||
|
|
56 | #Copy 32bit config to 64bit | |||
|
|
57 | if [ "$ENABLE_QEMU" = true ] && [ "$KERNEL_ARCH" = arm64 ]; then | |||
|
|
58 | cp "${KERNEL_DIR}"/arch/arm/configs/vexpress_defconfig "${KERNEL_DIR}"/arch/arm64/configs/ | |||
|
|
59 | fi | |||
|
|
60 | ||||
| 56 | # Configure and build kernel |
|
61 | # Configure and build kernel | |
| 57 | if [ "$KERNELSRC_PREBUILT" = false ] ; then |
|
62 | if [ "$KERNELSRC_PREBUILT" = false ] ; then | |
| 58 | # Remove device, network and filesystem drivers from kernel configuration |
|
63 | # Remove device, network and filesystem drivers from kernel configuration | |
| @@ -98,13 +103,38 if [ "$BUILD_KERNEL" = true ] ; then | |||||
| 98 | #Switch to KERNELSRC_DIR so we can use set_kernel_config |
|
103 | #Switch to KERNELSRC_DIR so we can use set_kernel_config | |
| 99 | cd "${KERNEL_DIR}" || exit |
|
104 | cd "${KERNEL_DIR}" || exit | |
| 100 |
|
105 | |||
| 101 | if [ "$KERNEL_ARCH" = arm64 ] ; then |
|
106 | # Enable RPI POE HAT fan | |
|
|
107 | if [ "$KERNEL_POEHAT" = true ]; then | |||
|
|
108 | set_kernel_config CONFIG_SENSORS_RPI_POE_FAN m | |||
|
|
109 | fi | |||
|
|
110 | ||||
|
|
111 | # Enable per-interface network priority control | |||
|
|
112 | # (for systemd-nspawn) | |||
|
|
113 | if [ "$KERNEL_NSPAN" = true ]; then | |||
|
|
114 | set_kernel_config CONFIG_CGROUP_NET_PRIO y | |||
|
|
115 | fi | |||
|
|
116 | ||||
|
|
117 | # Compile in BTRFS | |||
|
|
118 | if [ "$KERNEL_BTRFS" = true ]; then | |||
|
|
119 | set_kernel_config CONFIG_BTRFS_FS y | |||
|
|
120 | set_kernel_config CONFIG_BTRFS_FS_POSIX_ACL y | |||
|
|
121 | set_kernel_config CONFIG_BTRFS_FS_REF_VERIFY y | |||
|
|
122 | fi | |||
|
|
123 | ||||
|
|
124 | # Diffie-Hellman operations on retained keys | |||
|
|
125 | # (required for >keyutils-1.6) | |||
|
|
126 | if [ "$KERNEL_DHKEY" = true ]; then | |||
|
|
127 | set_kernel_config CONFIG_KEY_DH_OPERATIONS y | |||
|
|
128 | fi | |||
|
|
129 | ||||
|
|
130 | if [ "$KERNEL_ARCH" = arm64 ] && [ "$ENABLE_QEMU" = false ]; then | |||
|
|
131 | # Mask this temporarily during switch to rpi-4.19.y | |||
| 102 | #Fix SD_DRIVER upstream and downstream mess in 64bit RPIdeb_config |
|
132 | #Fix SD_DRIVER upstream and downstream mess in 64bit RPIdeb_config | |
| 103 | # use correct driver MMC_BCM2835_MMC instead of MMC_BCM2835_SDHOST - see https://www.raspberrypi.org/forums/viewtopic.php?t=210225 |
|
133 | # use correct driver MMC_BCM2835_MMC instead of MMC_BCM2835_SDHOST - see https://www.raspberrypi.org/forums/viewtopic.php?t=210225 | |
| 104 | set_kernel_config CONFIG_MMC_BCM2835 n |
|
134 | #set_kernel_config CONFIG_MMC_BCM2835 n | |
| 105 | set_kernel_config CONFIG_MMC_SDHCI_IPROC n |
|
135 | #set_kernel_config CONFIG_MMC_SDHCI_IPROC n | |
| 106 | set_kernel_config CONFIG_USB_DWC2 n |
|
136 | #set_kernel_config CONFIG_USB_DWC2 n | |
| 107 | sed -i "s|depends on MMC_BCM2835_MMC && MMC_BCM2835_DMA|depends on MMC_BCM2835_MMC|" "${KERNEL_DIR}"/drivers/mmc/host/Kconfig |
|
137 | #sed -i "s|depends on MMC_BCM2835_MMC && MMC_BCM2835_DMA|depends on MMC_BCM2835_MMC|" "${KERNEL_DIR}"/drivers/mmc/host/Kconfig | |
| 108 |
|
138 | |||
| 109 | #VLAN got disabled without reason in arm64bit |
|
139 | #VLAN got disabled without reason in arm64bit | |
| 110 | set_kernel_config CONFIG_IPVLAN m |
|
140 | set_kernel_config CONFIG_IPVLAN m | |
| @@ -119,11 +149,233 if [ "$BUILD_KERNEL" = true ] ; then | |||||
| 119 | set_kernel_config CONFIG_ZSMALLOC y |
|
149 | set_kernel_config CONFIG_ZSMALLOC y | |
| 120 | set_kernel_config CONFIG_PGTABLE_MAPPING y |
|
150 | set_kernel_config CONFIG_PGTABLE_MAPPING y | |
| 121 |
|
|
151 | set_kernel_config CONFIG_LZO_COMPRESS y | |
|
|
152 | fi | |||
|
|
153 | ||||
|
|
154 | if [ "$RPI_MODEL" = 4 ] ; then | |||
|
|
155 | # Following are set in current 32-bit LPAE kernel | |||
|
|
156 | set_kernel_config CONFIG_CGROUP_PIDS y | |||
|
|
157 | set_kernel_config CONFIG_NET_IPVTI m | |||
|
|
158 | set_kernel_config CONFIG_NF_TABLES_SET m | |||
|
|
159 | set_kernel_config CONFIG_NF_TABLES_INET y | |||
|
|
160 | set_kernel_config CONFIG_NF_TABLES_NETDEV y | |||
|
|
161 | set_kernel_config CONFIG_NF_FLOW_TABLE m | |||
|
|
162 | set_kernel_config CONFIG_NFT_FLOW_OFFLOAD m | |||
|
|
163 | set_kernel_config CONFIG_NFT_CONNLIMIT m | |||
|
|
164 | set_kernel_config CONFIG_NFT_TUNNEL m | |||
|
|
165 | set_kernel_config CONFIG_NFT_OBJREF m | |||
|
|
166 | set_kernel_config CONFIG_NFT_FIB_IPV4 m | |||
|
|
167 | set_kernel_config CONFIG_NFT_FIB_IPV6 m | |||
|
|
168 | set_kernel_config CONFIG_NFT_FIB_INET m | |||
|
|
169 | set_kernel_config CONFIG_NFT_SOCKET m | |||
|
|
170 | set_kernel_config CONFIG_NFT_OSF m | |||
|
|
171 | set_kernel_config CONFIG_NFT_TPROXY m | |||
|
|
172 | set_kernel_config CONFIG_NF_DUP_NETDEV m | |||
|
|
173 | set_kernel_config CONFIG_NFT_DUP_NETDEV m | |||
|
|
174 | set_kernel_config CONFIG_NFT_FWD_NETDEV m | |||
|
|
175 | set_kernel_config CONFIG_NFT_FIB_NETDEV m | |||
|
|
176 | set_kernel_config CONFIG_NF_FLOW_TABLE_INET m | |||
|
|
177 | set_kernel_config CONFIG_NF_FLOW_TABLE m | |||
|
|
178 | set_kernel_config CONFIG_NETFILTER_XT_MATCH_SOCKET m | |||
|
|
179 | set_kernel_config CONFIG_NFT_CHAIN_ROUTE_IPV6 m | |||
|
|
180 | set_kernel_config CONFIG_NFT_CHAIN_NAT_IPV6 m | |||
|
|
181 | set_kernel_config CONFIG_NFT_MASQ_IPV6 m | |||
|
|
182 | set_kernel_config CONFIG_NFT_REDIR_IPV6 m | |||
|
|
183 | set_kernel_config CONFIG_NFT_REJECT_IPV6 m | |||
|
|
184 | set_kernel_config CONFIG_NFT_DUP_IPV6 m | |||
|
|
185 | set_kernel_config CONFIG_NFT_FIB_IPV6 m | |||
|
|
186 | set_kernel_config CONFIG_NF_FLOW_TABLE_IPV6 m | |||
|
|
187 | set_kernel_config CONFIG_NF_TABLES_BRIDGE m | |||
|
|
188 | set_kernel_config CONFIG_NFT_BRIDGE_REJECT m | |||
|
|
189 | set_kernel_config CONFIG_NF_LOG_BRIDGE m | |||
|
|
190 | set_kernel_config CONFIG_MT76_CORE m | |||
|
|
191 | set_kernel_config CONFIG_MT76_LEDS m | |||
|
|
192 | set_kernel_config CONFIG_MT76_USB m | |||
|
|
193 | set_kernel_config CONFIG_MT76x2_COMMON m | |||
|
|
194 | set_kernel_config CONFIG_MT76x0U m | |||
|
|
195 | set_kernel_config CONFIG_MT76x2U m | |||
|
|
196 | set_kernel_config CONFIG_TOUCHSCREEN_ILI210X m | |||
|
|
197 | set_kernel_config CONFIG_BCM_VC_SM m | |||
|
|
198 | set_kernel_config CONFIG_BCM2835_SMI_DEV m | |||
|
|
199 | set_kernel_config CONFIG_RPIVID_MEM m | |||
|
|
200 | set_kernel_config CONFIG_HW_RANDOM_BCM2835 y | |||
|
|
201 | set_kernel_config CONFIG_TCG_TPM m | |||
|
|
202 | set_kernel_config CONFIG_HW_RANDOM_TPM y | |||
|
|
203 | set_kernel_config CONFIG_TCG_TIS m | |||
|
|
204 | set_kernel_config CONFIG_TCG_TIS_SPI m | |||
|
|
205 | set_kernel_config CONFIG_I2C_MUX m | |||
|
|
206 | set_kernel_config CONFIG_I2C_MUX_GPMUX m | |||
|
|
207 | set_kernel_config CONFIG_I2C_MUX_PCA954x m | |||
|
|
208 | set_kernel_config CONFIG_SPI_GPIO m | |||
|
|
209 | set_kernel_config CONFIG_BATTERY_MAX17040 m | |||
|
|
210 | set_kernel_config CONFIG_SENSORS_GPIO_FAN m | |||
|
|
211 | set_kernel_config CONFIG_SENSORS_RASPBERRYPI_HWMON m | |||
|
|
212 | set_kernel_config CONFIG_BCM2835_THERMAL y | |||
|
|
213 | set_kernel_config CONFIG_RC_CORE y | |||
|
|
214 | set_kernel_config CONFIG_RC_MAP y | |||
|
|
215 | set_kernel_config CONFIG_LIRC y | |||
|
|
216 | set_kernel_config CONFIG_RC_DECODERS y | |||
|
|
217 | set_kernel_config CONFIG_IR_NEC_DECODER m | |||
|
|
218 | set_kernel_config CONFIG_IR_RC5_DECODER m | |||
|
|
219 | set_kernel_config CONFIG_IR_RC6_DECODER m | |||
|
|
220 | set_kernel_config CONFIG_IR_JVC_DECODER m | |||
|
|
221 | set_kernel_config CONFIG_IR_SONY_DECODER m | |||
|
|
222 | set_kernel_config CONFIG_IR_SANYO_DECODER m | |||
|
|
223 | set_kernel_config CONFIG_IR_SHARP_DECODER m | |||
|
|
224 | set_kernel_config CONFIG_IR_MCE_KBD_DECODER m | |||
|
|
225 | set_kernel_config CONFIG_IR_XMP_DECODER m | |||
|
|
226 | set_kernel_config CONFIG_IR_IMON_DECODER m | |||
|
|
227 | set_kernel_config CONFIG_RC_DEVICES y | |||
|
|
228 | set_kernel_config CONFIG_RC_ATI_REMOTE m | |||
|
|
229 | set_kernel_config CONFIG_IR_IMON m | |||
|
|
230 | set_kernel_config CONFIG_IR_MCEUSB m | |||
|
|
231 | set_kernel_config CONFIG_IR_REDRAT3 m | |||
|
|
232 | set_kernel_config CONFIG_IR_STREAMZAP m | |||
|
|
233 | set_kernel_config CONFIG_IR_IGUANA m | |||
|
|
234 | set_kernel_config CONFIG_IR_TTUSBIR m | |||
|
|
235 | set_kernel_config CONFIG_RC_LOOPBACK m | |||
|
|
236 | set_kernel_config CONFIG_IR_GPIO_CIR m | |||
|
|
237 | set_kernel_config CONFIG_IR_GPIO_TX m | |||
|
|
238 | set_kernel_config CONFIG_IR_PWM_TX m | |||
|
|
239 | set_kernel_config CONFIG_VIDEO_V4L2_SUBDEV_API y | |||
|
|
240 | set_kernel_config CONFIG_VIDEO_AU0828_RC y | |||
|
|
241 | set_kernel_config CONFIG_VIDEO_CX231XX m | |||
|
|
242 | set_kernel_config CONFIG_VIDEO_CX231XX_RC y | |||
|
|
243 | set_kernel_config CONFIG_VIDEO_CX231XX_ALSA m | |||
|
|
244 | set_kernel_config CONFIG_VIDEO_CX231XX_DVB m | |||
|
|
245 | set_kernel_config CONFIG_VIDEO_TM6000 m | |||
|
|
246 | set_kernel_config CONFIG_VIDEO_TM6000_ALSA m | |||
|
|
247 | set_kernel_config CONFIG_VIDEO_TM6000_DVB m | |||
|
|
248 | set_kernel_config CONFIG_DVB_USB m | |||
|
|
249 | set_kernel_config CONFIG_DVB_USB_DIB3000MC m | |||
|
|
250 | set_kernel_config CONFIG_DVB_USB_A800 m | |||
|
|
251 | set_kernel_config CONFIG_DVB_USB_DIBUSB_MB m | |||
|
|
252 | set_kernel_config CONFIG_DVB_USB_DIBUSB_MB_FAULTY y | |||
|
|
253 | set_kernel_config CONFIG_DVB_USB_DIBUSB_MC m | |||
|
|
254 | set_kernel_config CONFIG_DVB_USB_DIB0700 m | |||
|
|
255 | set_kernel_config CONFIG_DVB_USB_UMT_010 m | |||
|
|
256 | set_kernel_config CONFIG_DVB_USB_CXUSB m | |||
|
|
257 | set_kernel_config CONFIG_DVB_USB_M920X m | |||
|
|
258 | set_kernel_config CONFIG_DVB_USB_DIGITV m | |||
|
|
259 | set_kernel_config CONFIG_DVB_USB_VP7045 m | |||
|
|
260 | set_kernel_config CONFIG_DVB_USB_VP702X m | |||
|
|
261 | set_kernel_config CONFIG_DVB_USB_GP8PSK m | |||
|
|
262 | set_kernel_config CONFIG_DVB_USB_NOVA_T_USB2 m | |||
|
|
263 | set_kernel_config CONFIG_DVB_USB_TTUSB2 m | |||
|
|
264 | set_kernel_config CONFIG_DVB_USB_DTT200U m | |||
|
|
265 | set_kernel_config CONFIG_DVB_USB_OPERA1 m | |||
|
|
266 | set_kernel_config CONFIG_DVB_USB_AF9005 m | |||
|
|
267 | set_kernel_config CONFIG_DVB_USB_AF9005_REMOTE m | |||
|
|
268 | set_kernel_config CONFIG_DVB_USB_PCTV452E m | |||
|
|
269 | set_kernel_config CONFIG_DVB_USB_DW2102 m | |||
|
|
270 | set_kernel_config CONFIG_DVB_USB_CINERGY_T2 m | |||
|
|
271 | set_kernel_config CONFIG_DVB_USB_DTV5100 m | |||
|
|
272 | set_kernel_config CONFIG_DVB_USB_AZ6027 m | |||
|
|
273 | set_kernel_config CONFIG_DVB_USB_TECHNISAT_USB2 m | |||
|
|
274 | set_kernel_config CONFIG_DVB_USB_AF9015 m | |||
|
|
275 | set_kernel_config CONFIG_DVB_USB_LME2510 m | |||
|
|
276 | set_kernel_config CONFIG_DVB_USB_RTL28XXU m | |||
|
|
277 | set_kernel_config CONFIG_VIDEO_EM28XX_RC m | |||
|
|
278 | set_kernel_config CONFIG_SMS_SIANO_RC m | |||
|
|
279 | set_kernel_config CONFIG_VIDEO_IR_I2C m | |||
|
|
280 | set_kernel_config CONFIG_VIDEO_ADV7180 m | |||
|
|
281 | set_kernel_config CONFIG_VIDEO_TC358743 m | |||
|
|
282 | set_kernel_config CONFIG_VIDEO_OV5647 m | |||
|
|
283 | set_kernel_config CONFIG_DVB_M88DS3103 m | |||
|
|
284 | set_kernel_config CONFIG_DVB_AF9013 m | |||
|
|
285 | set_kernel_config CONFIG_DVB_RTL2830 m | |||
|
|
286 | set_kernel_config CONFIG_DVB_RTL2832 m | |||
|
|
287 | set_kernel_config CONFIG_DVB_SI2168 m | |||
|
|
288 | set_kernel_config CONFIG_DVB_GP8PSK_FE m | |||
|
|
289 | set_kernel_config CONFIG_DVB_USB m | |||
|
|
290 | set_kernel_config CONFIG_DVB_LGDT3306A m | |||
|
|
291 | set_kernel_config CONFIG_FB_SIMPLE y | |||
|
|
292 | set_kernel_config CONFIG_SND_BCM2708_SOC_IQAUDIO_CODEC m | |||
|
|
293 | set_kernel_config CONFIG_SND_BCM2708_SOC_I_SABRE_Q2M m | |||
|
|
294 | set_kernel_config CONFIG_SND_AUDIOSENSE_PI m | |||
|
|
295 | set_kernel_config CONFIG_SND_SOC_AD193X m | |||
|
|
296 | set_kernel_config CONFIG_SND_SOC_AD193X_SPI m | |||
|
|
297 | set_kernel_config CONFIG_SND_SOC_AD193X_I2C m | |||
|
|
298 | set_kernel_config CONFIG_SND_SOC_CS4265 m | |||
|
|
299 | set_kernel_config CONFIG_SND_SOC_DA7213 m | |||
|
|
300 | set_kernel_config CONFIG_SND_SOC_ICS43432 m | |||
|
|
301 | set_kernel_config CONFIG_SND_SOC_TLV320AIC32X4 m | |||
|
|
302 | set_kernel_config CONFIG_SND_SOC_TLV320AIC32X4_I2C m | |||
|
|
303 | set_kernel_config CONFIG_SND_SOC_I_SABRE_CODEC m | |||
|
|
304 | set_kernel_config CONFIG_HID_BIGBEN_FF m | |||
|
|
305 | #set_kernel_config CONFIG_USB_XHCI_PLATFORM y | |||
|
|
306 | set_kernel_config CONFIG_USB_TMC m | |||
|
|
307 | set_kernel_config CONFIG_USB_UAS y | |||
|
|
308 | set_kernel_config CONFIG_USBIP_VUDC m | |||
|
|
309 | set_kernel_config CONFIG_USB_CONFIGFS m | |||
|
|
310 | set_kernel_config CONFIG_USB_CONFIGFS_SERIAL y | |||
|
|
311 | set_kernel_config CONFIG_USB_CONFIGFS_ACM y | |||
|
|
312 | set_kernel_config CONFIG_USB_CONFIGFS_OBEX y | |||
|
|
313 | set_kernel_config CONFIG_USB_CONFIGFS_NCM y | |||
|
|
314 | set_kernel_config CONFIG_USB_CONFIGFS_ECM y | |||
|
|
315 | set_kernel_config CONFIG_USB_CONFIGFS_ECM_SUBSET y | |||
|
|
316 | set_kernel_config CONFIG_USB_CONFIGFS_RNDIS y | |||
|
|
317 | set_kernel_config CONFIG_USB_CONFIGFS_EEM y | |||
|
|
318 | set_kernel_config CONFIG_USB_CONFIGFS_MASS_STORAGE y | |||
|
|
319 | set_kernel_config CONFIG_USB_CONFIGFS_F_LB_SS y | |||
|
|
320 | set_kernel_config CONFIG_USB_CONFIGFS_F_FS y | |||
|
|
321 | set_kernel_config CONFIG_USB_CONFIGFS_F_UAC1 y | |||
|
|
322 | set_kernel_config CONFIG_USB_CONFIGFS_F_UAC2 y | |||
|
|
323 | set_kernel_config CONFIG_USB_CONFIGFS_F_MIDI y | |||
|
|
324 | set_kernel_config CONFIG_USB_CONFIGFS_F_HID y | |||
|
|
325 | set_kernel_config CONFIG_USB_CONFIGFS_F_UVC y | |||
|
|
326 | set_kernel_config CONFIG_USB_CONFIGFS_F_PRINTER y | |||
|
|
327 | set_kernel_config CONFIG_LEDS_PCA963X m | |||
|
|
328 | set_kernel_config CONFIG_LEDS_IS31FL32XX m | |||
|
|
329 | set_kernel_config CONFIG_LEDS_TRIGGER_NETDEV m | |||
|
|
330 | set_kernel_config CONFIG_RTC_DRV_RV3028 m | |||
|
|
331 | set_kernel_config CONFIG_AUXDISPLAY y | |||
|
|
332 | set_kernel_config CONFIG_HD44780 m | |||
|
|
333 | set_kernel_config CONFIG_FB_TFT_SH1106 m | |||
|
|
334 | set_kernel_config CONFIG_VIDEO_CODEC_BCM2835 m | |||
|
|
335 | set_kernel_config CONFIG_BCM2835_POWER y | |||
|
|
336 | set_kernel_config CONFIG_INV_MPU6050_IIO m | |||
|
|
337 | set_kernel_config CONFIG_INV_MPU6050_I2C m | |||
|
|
338 | set_kernel_config CONFIG_SECURITYFS y | |||
| 122 |
|
339 | |||
|
|
340 | # Safer to build this in | |||
|
|
341 | set_kernel_config CONFIG_BINFMT_MISC y | |||
|
|
342 | ||||
|
|
343 | # pulseaudio wants a buffer of at least this size | |||
|
|
344 | set_kernel_config CONFIG_SND_HDA_PREALLOC_SIZE 2048 | |||
|
|
345 | ||||
|
|
346 | # PR#3063: enable 3D acceleration with 64-bit kernel on RPi4 | |||
|
|
347 | # set the appropriate kernel configs unlocked by this PR | |||
|
|
348 | set_kernel_config CONFIG_ARCH_BCM y | |||
|
|
349 | set_kernel_config CONFIG_ARCH_BCM2835 y | |||
|
|
350 | set_kernel_config CONFIG_DRM_V3D m | |||
|
|
351 | set_kernel_config CONFIG_DRM_VC4 m | |||
|
|
352 | set_kernel_config CONFIG_DRM_VC4_HDMI_CEC y | |||
|
|
353 | ||||
|
|
354 | # PR#3144: add arm64 pcie bounce buffers; enables 4GiB on RPi4 | |||
|
|
355 | # required by PR#3144; should already be applied, but just to be safe | |||
|
|
356 | set_kernel_config CONFIG_PCIE_BRCMSTB y | |||
|
|
357 | set_kernel_config CONFIG_BCM2835_MMC y | |||
|
|
358 | ||||
|
|
359 | # Snap needs squashfs. The ubuntu eoan-preinstalled-server image at | |||
|
|
360 | # http://cdimage.ubuntu.com/ubuntu-server/daily-preinstalled/current/ uses snap | |||
|
|
361 | # during cloud-init setup at first boot. Without this the login accounts are not | |||
|
|
362 | # created and the user can not login. | |||
|
|
363 | set_kernel_config CONFIG_SQUASHFS y | |||
|
|
364 | ||||
|
|
365 | # Ceph support for Block Device (RBD) and Filesystem (FS) | |||
|
|
366 | # https://docs.ceph.com/docs/master/ | |||
|
|
367 | set_kernel_config CONFIG_CEPH_LIB m | |||
|
|
368 | set_kernel_config CONFIG_CEPH_LIB_USE_DNS_RESOLVER y | |||
|
|
369 | set_kernel_config CONFIG_CEPH_FS m | |||
|
|
370 | set_kernel_config CONFIG_CEPH_FSCACHE y | |||
|
|
371 | set_kernel_config CONFIG_CEPH_FS_POSIX_ACL y | |||
|
|
372 | set_kernel_config CONFIG_BLK_DEV_RBD m | |||
| 123 | fi |
|
373 | fi | |
| 124 |
|
374 | |||
| 125 | # enable basic KVM support; see https://www.raspberrypi.org/forums/viewtopic.php?f=63&t=210546&start=25#p1300453 |
|
375 | # enable basic KVM support; see https://www.raspberrypi.org/forums/viewtopic.php?f=63&t=210546&start=25#p1300453 | |
| 126 | if [ "$KERNEL_VIRT" = true ] && { [ "$RPI_MODEL" = 2 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; } ; then |
|
376 | if [ "$KERNEL_VIRT" = true ] && { [ "$RPI_MODEL" = 2 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] || [ "$RPI_MODEL" = 4 ]; } ; then | |
|
|
377 | set_kernel_config CONFIG_HAVE_KVM y | |||
|
|
378 | set_kernel_config CONFIG_HIGH_RES_TIMERS y | |||
| 127 | set_kernel_config CONFIG_HAVE_KVM_IRQCHIP y |
|
379 | set_kernel_config CONFIG_HAVE_KVM_IRQCHIP y | |
| 128 | set_kernel_config CONFIG_HAVE_KVM_ARCH_TLB_FLUSH_ALL y |
|
380 | set_kernel_config CONFIG_HAVE_KVM_ARCH_TLB_FLUSH_ALL y | |
| 129 | set_kernel_config CONFIG_HAVE_KVM_CPU_RELAX_INTERCEPT y |
|
381 | set_kernel_config CONFIG_HAVE_KVM_CPU_RELAX_INTERCEPT y | |
| @@ -138,11 +390,13 if [ "$BUILD_KERNEL" = true ] ; then | |||||
| 138 | set_kernel_config CONFIG_KVM_GENERIC_DIRTYLOG_READ_PROTECT y |
|
390 | set_kernel_config CONFIG_KVM_GENERIC_DIRTYLOG_READ_PROTECT y | |
| 139 | set_kernel_config CONFIG_KVM_MMIO y |
|
391 | set_kernel_config CONFIG_KVM_MMIO y | |
| 140 | set_kernel_config CONFIG_KVM_VFIO y |
|
392 | set_kernel_config CONFIG_KVM_VFIO y | |
|
|
393 | set_kernel_config CONFIG_KVM_MMU_AUDIT y | |||
| 141 | set_kernel_config CONFIG_VHOST m |
|
394 | set_kernel_config CONFIG_VHOST m | |
| 142 | set_kernel_config CONFIG_VHOST_CROSS_ENDIAN_LEGACY y |
|
395 | set_kernel_config CONFIG_VHOST_CROSS_ENDIAN_LEGACY y | |
| 143 | set_kernel_config CONFIG_VHOST_NET m |
|
396 | set_kernel_config CONFIG_VHOST_NET m | |
| 144 | set_kernel_config CONFIG_VIRTUALIZATION y |
|
397 | set_kernel_config CONFIG_VIRTUALIZATION y | |
| 145 |
|
398 | set_kernel_config CONFIG_SLAB_FREELIST_RANDOM=y | ||
|
|
399 | set_kernel_config CONFIG_SLAB_FREELIST_HARDENED=y | |||
| 146 | set_kernel_config CONFIG_MMU_NOTIFIER y |
|
400 | set_kernel_config CONFIG_MMU_NOTIFIER y | |
| 147 |
|
401 | |||
| 148 | # erratum |
|
402 | # erratum | |
| @@ -193,12 +447,6 if [ "$BUILD_KERNEL" = true ] ; then | |||||
| 193 | set_kernel_config CONFIG_SECURITY_PATH y |
|
447 | set_kernel_config CONFIG_SECURITY_PATH y | |
| 194 | set_kernel_config CONFIG_SECURITY_YAMA n |
|
448 | set_kernel_config CONFIG_SECURITY_YAMA n | |
| 195 |
|
449 | |||
| 196 | # New Options |
|
|||
| 197 | if [ "$KERNEL_NF" = true ] ; then |
|
|||
| 198 | set_kernel_config CONFIG_IP_NF_SECURITY m |
|
|||
| 199 | set_kernel_config CONFIG_NETLABEL y |
|
|||
| 200 | set_kernel_config CONFIG_IP6_NF_SECURITY m |
|
|||
| 201 | fi |
|
|||
| 202 | set_kernel_config CONFIG_SECURITY_SELINUX n |
|
450 | set_kernel_config CONFIG_SECURITY_SELINUX n | |
| 203 | set_kernel_config CONFIG_SECURITY_SMACK n |
|
451 | set_kernel_config CONFIG_SECURITY_SMACK n | |
| 204 | set_kernel_config CONFIG_SECURITY_TOMOYO n |
|
452 | set_kernel_config CONFIG_SECURITY_TOMOYO n | |
| @@ -211,7 +459,6 if [ "$BUILD_KERNEL" = true ] ; then | |||||
| 211 | set_kernel_config CONFIG_NFSD_V4_SECURITY_LABEL y |
|
459 | set_kernel_config CONFIG_NFSD_V4_SECURITY_LABEL y | |
| 212 | set_kernel_config CONFIG_PKCS7_MESSAGE_PARSER y |
|
460 | set_kernel_config CONFIG_PKCS7_MESSAGE_PARSER y | |
| 213 | set_kernel_config CONFIG_SYSTEM_TRUSTED_KEYRING y |
|
461 | set_kernel_config CONFIG_SYSTEM_TRUSTED_KEYRING y | |
| 214 | set_kernel_config CONFIG_SYSTEM_TRUSTED_KEYS y |
|
|||
| 215 | set_kernel_config CONFIG_SYSTEM_EXTRA_CERTIFICATE y |
|
462 | set_kernel_config CONFIG_SYSTEM_EXTRA_CERTIFICATE y | |
| 216 | set_kernel_config CONFIG_SECONDARY_TRUSTED_KEYRING y |
|
463 | set_kernel_config CONFIG_SECONDARY_TRUSTED_KEYRING y | |
| 217 | set_kernel_config CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY n |
|
464 | set_kernel_config CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY n | |
| @@ -233,11 +480,13 if [ "$BUILD_KERNEL" = true ] ; then | |||||
| 233 | set_kernel_config CONFIG_CRYPTO_AES_ARM64_NEON_BLK m |
|
480 | set_kernel_config CONFIG_CRYPTO_AES_ARM64_NEON_BLK m | |
| 234 | set_kernel_config CONFIG_CRYPTO_CHACHA20_NEON m |
|
481 | set_kernel_config CONFIG_CRYPTO_CHACHA20_NEON m | |
| 235 | set_kernel_config CONFIG_CRYPTO_AES_ARM64_BS m |
|
482 | set_kernel_config CONFIG_CRYPTO_AES_ARM64_BS m | |
| 236 | set_kernel_config SYSTEM_TRUSTED_KEYS |
|
|||
| 237 | fi |
|
483 | fi | |
| 238 |
|
484 | |||
| 239 | # Netfilter kernel support See https://github.com/raspberrypi/linux/issues/2177#issuecomment-354647406 |
|
485 | # Netfilter kernel support See https://github.com/raspberrypi/linux/issues/2177#issuecomment-354647406 | |
| 240 | if [ "$KERNEL_NF" = true ] ; then |
|
486 | if [ "$KERNEL_NF" = true ] ; then | |
|
|
487 | set_kernel_config CONFIG_IP_NF_SECURITY m | |||
|
|
488 | set_kernel_config CONFIG_NETLABEL y | |||
|
|
489 | set_kernel_config CONFIG_IP6_NF_SECURITY m | |||
| 241 | set_kernel_config CONFIG_IP_NF_TARGET_SYNPROXY m |
|
490 | set_kernel_config CONFIG_IP_NF_TARGET_SYNPROXY m | |
| 242 | set_kernel_config CONFIG_NETFILTER_XT_TARGET_AUDIT m |
|
491 | set_kernel_config CONFIG_NETFILTER_XT_TARGET_AUDIT m | |
| 243 | set_kernel_config CONFIG_NETFILTER_XT_MATCH_CGROUP m |
|
492 | set_kernel_config CONFIG_NETFILTER_XT_MATCH_CGROUP m | |
| @@ -263,7 +512,6 if [ "$BUILD_KERNEL" = true ] ; then | |||||
| 263 | set_kernel_config CONFIG_IP6_NF_NAT m |
|
512 | set_kernel_config CONFIG_IP6_NF_NAT m | |
| 264 | set_kernel_config CONFIG_IP6_NF_TARGET_MASQUERADE m |
|
513 | set_kernel_config CONFIG_IP6_NF_TARGET_MASQUERADE m | |
| 265 | set_kernel_config CONFIG_IP6_NF_TARGET_NPT m |
|
514 | set_kernel_config CONFIG_IP6_NF_TARGET_NPT m | |
| 266 | set_kernel_config CONFIG_IP_NF_SECURITY m |
|
|||
| 267 | set_kernel_config CONFIG_IP_SET_BITMAP_IPMAC m |
|
515 | set_kernel_config CONFIG_IP_SET_BITMAP_IPMAC m | |
| 268 | set_kernel_config CONFIG_IP_SET_BITMAP_PORT m |
|
516 | set_kernel_config CONFIG_IP_SET_BITMAP_PORT m | |
| 269 | set_kernel_config CONFIG_IP_SET_HASH_IP m |
|
517 | set_kernel_config CONFIG_IP_SET_HASH_IP m | |
| @@ -326,11 +574,11 if [ "$BUILD_KERNEL" = true ] ; then | |||||
| 326 | set_kernel_config CONFIG_NF_LOG_IPV6 m |
|
574 | set_kernel_config CONFIG_NF_LOG_IPV6 m | |
| 327 | set_kernel_config CONFIG_NF_NAT_IPV4 m |
|
575 | set_kernel_config CONFIG_NF_NAT_IPV4 m | |
| 328 | set_kernel_config CONFIG_NF_NAT_IPV6 m |
|
576 | set_kernel_config CONFIG_NF_NAT_IPV6 m | |
| 329 |
set_kernel_config CONFIG_NF_NAT_MASQUERADE_IPV4 |
|
577 | set_kernel_config CONFIG_NF_NAT_MASQUERADE_IPV4 y | |
| 330 |
set_kernel_config CONFIG_NF_NAT_MASQUERADE_IPV6 |
|
578 | set_kernel_config CONFIG_NF_NAT_MASQUERADE_IPV6 y | |
| 331 | set_kernel_config CONFIG_NF_NAT_PPTP m |
|
579 | set_kernel_config CONFIG_NF_NAT_PPTP m | |
| 332 | set_kernel_config CONFIG_NF_NAT_PROTO_GRE m |
|
580 | set_kernel_config CONFIG_NF_NAT_PROTO_GRE m | |
| 333 |
set_kernel_config CONFIG_NF_NAT_REDIRECT |
|
581 | set_kernel_config CONFIG_NF_NAT_REDIRECT y | |
| 334 | set_kernel_config CONFIG_NF_NAT_SIP m |
|
582 | set_kernel_config CONFIG_NF_NAT_SIP m | |
| 335 | set_kernel_config CONFIG_NF_NAT_SNMP_BASIC m |
|
583 | set_kernel_config CONFIG_NF_NAT_SNMP_BASIC m | |
| 336 | set_kernel_config CONFIG_NF_NAT_TFTP m |
|
584 | set_kernel_config CONFIG_NF_NAT_TFTP m | |
| @@ -340,9 +588,26 if [ "$BUILD_KERNEL" = true ] ; then | |||||
| 340 | set_kernel_config CONFIG_NF_TABLES_ARP m |
|
588 | set_kernel_config CONFIG_NF_TABLES_ARP m | |
| 341 | set_kernel_config CONFIG_NF_TABLES_BRIDGE m |
|
589 | set_kernel_config CONFIG_NF_TABLES_BRIDGE m | |
| 342 | set_kernel_config CONFIG_NF_TABLES_INET m |
|
590 | set_kernel_config CONFIG_NF_TABLES_INET m | |
| 343 |
set_kernel_config CONFIG_NF_TABLES_IPV4 |
|
591 | set_kernel_config CONFIG_NF_TABLES_IPV4 y | |
| 344 |
set_kernel_config CONFIG_NF_TABLES_IPV6 |
|
592 | set_kernel_config CONFIG_NF_TABLES_IPV6 y | |
| 345 | set_kernel_config CONFIG_NF_TABLES_NETDEV m |
|
593 | set_kernel_config CONFIG_NF_TABLES_NETDEV m | |
|
|
594 | set_kernel_config CONFIG_NF_TABLES_SET m | |||
|
|
595 | set_kernel_config CONFIG_NF_TABLES_INET y | |||
|
|
596 | set_kernel_config CONFIG_NF_TABLES_NETDEV y | |||
|
|
597 | set_kernel_config CONFIG_NFT_CONNLIMIT m | |||
|
|
598 | set_kernel_config CONFIG_NFT_TUNNEL m | |||
|
|
599 | set_kernel_config CONFIG_NFT_SOCKET m | |||
|
|
600 | set_kernel_config CONFIG_NFT_TPROXY m | |||
|
|
601 | set_kernel_config CONFIG_NF_FLOW_TABLE m | |||
|
|
602 | set_kernel_config CONFIG_NFT_FLOW_OFFLOAD m | |||
|
|
603 | set_kernel_config CONFIG_NF_FLOW_TABLE_INET m | |||
|
|
604 | set_kernel_config CONFIG_NF_TABLES_ARP y | |||
|
|
605 | set_kernel_config CONFIG_NF_FLOW_TABLE_IPV4 y | |||
|
|
606 | set_kernel_config CONFIG_NF_FLOW_TABLE_IPV6 y | |||
|
|
607 | set_kernel_config CONFIG_NF_TABLES_BRIDGE y | |||
|
|
608 | set_kernel_config CONFIG_NF_CT_NETLINK_TIMEOUT m | |||
|
|
609 | set_kernel_config CONFIG_NFT_OSF m | |||
|
|
610 | ||||
| 346 | fi |
|
611 | fi | |
| 347 |
|
612 | |||
| 348 | # Enables BPF syscall for systemd-journald see https://github.com/torvalds/linux/blob/master/init/Kconfig#L848 or https://groups.google.com/forum/#!topic/linux.gentoo.user/_2aSc_ztGpA |
|
613 | # Enables BPF syscall for systemd-journald see https://github.com/torvalds/linux/blob/master/init/Kconfig#L848 or https://groups.google.com/forum/#!topic/linux.gentoo.user/_2aSc_ztGpA | |
| @@ -351,6 +616,7 if [ "$BUILD_KERNEL" = true ] ; then | |||||
| 351 |
|
|
616 | set_kernel_config CONFIG_BPF_EVENTS y | |
| 352 |
|
|
617 | set_kernel_config CONFIG_BPF_STREAM_PARSER y | |
| 353 | set_kernel_config CONFIG_CGROUP_BPF y |
|
618 | set_kernel_config CONFIG_CGROUP_BPF y | |
|
|
619 | set_kernel_config CONFIG_XDP_SOCKETS y | |||
| 354 | fi |
|
620 | fi | |
| 355 |
|
621 | |||
| 356 | # KERNEL_DEFAULT_GOV was set by user |
|
622 | # KERNEL_DEFAULT_GOV was set by user | |
| @@ -537,8 +803,8 if [ "$BUILD_KERNEL" = true ] ; then | |||||
| 537 | fi |
|
803 | fi | |
| 538 |
|
804 | |||
| 539 | else # BUILD_KERNEL=false |
|
805 | else # BUILD_KERNEL=false | |
| 540 | if [ "$SET_ARCH" = 64 ] && { [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; } ; then |
|
806 | if [ "$SET_ARCH" = 64 ] ; then | |
| 541 |
|
807 | if [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then | ||
| 542 | # Use Sakakis modified kernel if ZSWAP is active |
|
808 | # Use Sakakis modified kernel if ZSWAP is active | |
| 543 | if [ "$KERNEL_ZSWAP" = true ] || [ "$KERNEL_VIRT" = true ] || [ "$KERNEL_NF" = true ] || [ "$KERNEL_BPF" = true ] ; then |
|
809 | if [ "$KERNEL_ZSWAP" = true ] || [ "$KERNEL_VIRT" = true ] || [ "$KERNEL_NF" = true ] || [ "$KERNEL_BPF" = true ] ; then | |
| 544 | RPI3_64_KERNEL_URL="${RPI3_64_BIS_KERNEL_URL}" |
|
810 | RPI3_64_KERNEL_URL="${RPI3_64_BIS_KERNEL_URL}" | |
| @@ -549,6 +815,14 else # BUILD_KERNEL=false | |||||
| 549 |
|
815 | |||
| 550 | # Fetch kernel dl |
|
816 | # Fetch kernel dl | |
| 551 | as_nobody wget -O "${temp_dir}"/kernel.tar.xz -c "$RPI3_64_KERNEL_URL" |
|
817 | as_nobody wget -O "${temp_dir}"/kernel.tar.xz -c "$RPI3_64_KERNEL_URL" | |
|
|
818 | fi | |||
|
|
819 | if [ "$SET_ARCH" = 64 ] && [ "$RPI_MODEL" = 4 ] ; then | |||
|
|
820 | # Create temporary directory for dl | |||
|
|
821 | temp_dir=$(as_nobody mktemp -d) | |||
|
|
822 | ||||
|
|
823 | # Fetch kernel dl | |||
|
|
824 | as_nobody wget -O "${temp_dir}"/kernel.tar.xz -c "$RPI4_64_KERNEL_URL" | |||
|
|
825 | fi | |||
| 552 |
|
826 | |||
| 553 |
|
|
827 | #extract download | |
| 554 | tar -xJf "${temp_dir}"/kernel.tar.xz -C "${temp_dir}" |
|
828 | tar -xJf "${temp_dir}"/kernel.tar.xz -C "${temp_dir}" | |
| @@ -566,15 +840,15 else # BUILD_KERNEL=false | |||||
| 566 | chown -R root:root "${R}/lib/modules" |
|
840 | chown -R root:root "${R}/lib/modules" | |
| 567 | fi |
|
841 | fi | |
| 568 |
|
842 | |||
| 569 | # Install Kernel from hypriot comptabile with all Raspberry PI |
|
843 | # Install Kernel from hypriot comptabile with all Raspberry PI (dunno if its compatible with RPI4 - better compile your own kernel) | |
| 570 | if [ "$SET_ARCH" = 32 ] ; then |
|
844 | if [ "$SET_ARCH" = 32 ] && [ "$RPI_MODEL" != 4 ] ; then | |
| 571 | # Create temporary directory for dl |
|
845 | # Create temporary directory for dl | |
| 572 | temp_dir=$(as_nobody mktemp -d) |
|
846 | temp_dir=$(as_nobody mktemp -d) | |
| 573 |
|
847 | |||
| 574 | # Fetch kernel |
|
848 | # Fetch kernel | |
| 575 | as_nobody wget -O "${temp_dir}"/kernel.deb -c "$RPI_32_KERNEL_URL" |
|
849 | as_nobody wget -O "${temp_dir}"/kernel.deb -c "$RPI_32_KERNEL_URL" | |
| 576 |
|
850 | |||
| 577 |
# Copy downloaded |
|
851 | # Copy downloaded kernel package | |
| 578 | mv "${temp_dir}"/kernel.deb "${R}"/tmp/kernel.deb |
|
852 | mv "${temp_dir}"/kernel.deb "${R}"/tmp/kernel.deb | |
| 579 |
|
853 | |||
| 580 | # Set permissions |
|
854 | # Set permissions | |
| @@ -8,13 +8,17 | |||||
| 8 | # Install and setup fstab |
|
8 | # Install and setup fstab | |
| 9 | install_readonly files/mount/fstab "${ETC_DIR}/fstab" |
|
9 | install_readonly files/mount/fstab "${ETC_DIR}/fstab" | |
| 10 |
|
10 | |||
| 11 | # Add usb/sda disk root partition to fstab |
|
11 | # Generate initramfs file | |
| 12 |
if [ "$ENABLE_ |
|
12 | if [ "$ENABLE_INITRAMFS" = true ] ; then | |
| 13 | sed -i "s/mmcblk0p2/sda1/" "${ETC_DIR}/fstab" |
|
13 | if [ "$ENABLE_CRYPTFS" = true ] ; then | |
|
|
14 | ||||
|
|
15 | # Include initramfs scripts to auto expand encrypted root partition | |||
|
|
16 | if [ "$EXPANDROOT" = true ] ; then | |||
|
|
17 | install_exec files/initramfs/expand_encrypted_rootfs "${ETC_DIR}/initramfs-tools/scripts/init-premount/expand_encrypted_rootfs" | |||
|
|
18 | install_exec files/initramfs/expand-premount "${ETC_DIR}/initramfs-tools/scripts/local-premount/expand-premount" | |||
|
|
19 | install_exec files/initramfs/expand-tools "${ETC_DIR}/initramfs-tools/hooks/expand-tools" | |||
| 14 | fi |
|
20 | fi | |
| 15 |
|
21 | |||
| 16 | # Add encrypted root partition to fstab and crypttab |
|
|||
| 17 | if [ "$ENABLE_CRYPTFS" = true ] ; then |
|
|||
| 18 | # Replace fstab root partition with encrypted partition mapping |
|
22 | # Replace fstab root partition with encrypted partition mapping | |
| 19 | sed -i "s/mmcblk0p2/mapper\/${CRYPTFS_MAPPING}/" "${ETC_DIR}/fstab" |
|
23 | sed -i "s/mmcblk0p2/mapper\/${CRYPTFS_MAPPING}/" "${ETC_DIR}/fstab" | |
| 20 |
|
24 | |||
| @@ -22,45 +26,33 if [ "$ENABLE_CRYPTFS" = true ] ; then | |||||
| 22 | install_readonly files/mount/crypttab "${ETC_DIR}/crypttab" |
|
26 | install_readonly files/mount/crypttab "${ETC_DIR}/crypttab" | |
| 23 | echo "${CRYPTFS_MAPPING} /dev/mmcblk0p2 none luks,initramfs" >> "${ETC_DIR}/crypttab" |
|
27 | echo "${CRYPTFS_MAPPING} /dev/mmcblk0p2 none luks,initramfs" >> "${ETC_DIR}/crypttab" | |
| 24 |
|
28 | |||
| 25 |
|
|
29 | if [ "$ENABLE_USBBOOT" = true ] && [ "$ENABLE_SPLITFS" = false ]; then | |
| 26 | # Add usb/sda1 disk to crypttab |
|
|||
| 27 | sed -i "s/mmcblk0p2/sda1/" "${ETC_DIR}/crypttab" |
|
|||
| 28 | fi |
|
|||
| 29 | fi |
|
|||
| 30 |
|
||||
| 31 | if [ "$ENABLE_USBBOOT" = true ] ; then |
|
|||
| 32 | sed -i "s/mmcblk0p1/sda1/" "${ETC_DIR}/fstab" |
|
30 | sed -i "s/mmcblk0p1/sda1/" "${ETC_DIR}/fstab" | |
| 33 | sed -i "s/mmcblk0p2/sda2/" "${ETC_DIR}/fstab" |
|
|||
| 34 |
|
||||
| 35 | # Add usb/sda2 disk to crypttab |
|
31 | # Add usb/sda2 disk to crypttab | |
| 36 | sed -i "s/mmcblk0p2/sda2/" "${ETC_DIR}/crypttab" |
|
32 | sed -i "s/mmcblk0p2/sda2/" "${ETC_DIR}/crypttab" | |
| 37 | fi |
|
33 | fi | |
| 38 |
|
34 | |||
| 39 | # Generate initramfs file |
|
35 | # Add encrypted root partition to fstab and crypttab | |
| 40 |
if [ "$ENABLE_ |
|
36 | if [ "$ENABLE_SPLITFS" = true ] && [ "$ENABLE_USBBOOT" = false ]; then | |
| 41 | if [ "$ENABLE_CRYPTFS" = true ] ; then |
|
37 | # Add usb/sda1 disk to crypttab | |
| 42 | # Include initramfs scripts to auto expand encrypted root partition |
|
38 | sed -i "s/mmcblk0p2/sda1/" "${ETC_DIR}/crypttab" | |
| 43 | if [ "$EXPANDROOT" = true ] ; then |
|
|||
| 44 | install_exec files/initramfs/expand_encrypted_rootfs "${ETC_DIR}/initramfs-tools/scripts/init-premount/expand_encrypted_rootfs" |
|
|||
| 45 | install_exec files/initramfs/expand-premount "${ETC_DIR}/initramfs-tools/scripts/local-premount/expand-premount" |
|
|||
| 46 | install_exec files/initramfs/expand-tools "${ETC_DIR}/initramfs-tools/hooks/expand-tools" |
|
|||
| 47 | fi |
|
39 | fi | |
| 48 |
|
40 | |||
|
|
41 | if [ "$CRYPTFS_DROPBEAR" = true ]; then | |||
| 49 |
|
|
42 | if [ "$ENABLE_DHCP" = false ] ; then | |
| 50 | # Get cdir from NET_ADDRESS e.g. 24 |
|
43 | # Get cdir from NET_ADDRESS e.g. 24 | |
| 51 | cdir=$(${NET_ADDRESS} | cut -d '/' -f2) |
|
44 | cdir=$(printf "%s" "${NET_ADDRESS}" | cut -d '/' -f2) | |
| 52 |
|
45 | |||
| 53 | # Convert cdir ro netmask e.g. 24 to 255.255.255.0 |
|
46 | # Convert cdir ro netmask e.g. 24 to 255.255.255.0 | |
| 54 | NET_MASK=$(cdr2mask "$cdir") |
|
47 | NET_MASK=$(cdr2mask "$cdir") | |
| 55 |
|
48 | |||
| 56 |
|
|
49 | # Write static ip settings to "${ETC_DIR}"/initramfs-tools/initramfs.conf | |
| 57 | sed -i "\$aIP=${NET_ADDRESS}::${NET_GATEWAY}:${NET_MASK}:${HOSTNAME}:" "${ETC_DIR}"/initramfs-tools/initramfs.conf |
|
50 | # ip=<client-ip>:<server-ip>:<gw-ip>:<netmask>:<hostname>:<device>:<autoconf> | |
| 58 |
|
51 | sed -i "\$a\nIP=${NET_ADDRESS}::${NET_GATEWAY}:${NET_MASK}:${HOSTNAME}:" "${ETC_DIR}"/initramfs-tools/initramfs.conf | ||
| 59 | # Regenerate initramfs |
|
52 | else | |
| 60 | chroot_exec mkinitramfs -o "/boot/firmware/initramfs-${KERNEL_VERSION}" "${KERNEL_VERSION}" |
|
53 | sed -i "\$a\nIP=::::${HOSTNAME}::dhcp" "${ETC_DIR}"/initramfs-tools/initramfs.conf | |
| 61 | fi |
|
54 | fi | |
| 62 |
|
55 | |||
| 63 | if [ "$CRYPTFS_DROPBEAR" = true ]; then |
|
|||
| 64 |
|
|
56 | if [ -n "$CRYPTFS_DROPBEAR_PUBKEY" ] && [ -f "$CRYPTFS_DROPBEAR_PUBKEY" ] ; then | |
| 65 |
|
|
57 | install_readonly "${CRYPTFS_DROPBEAR_PUBKEY}" "${ETC_DIR}"/dropbear-initramfs/id_rsa.pub | |
| 66 |
|
|
58 | cat "${ETC_DIR}"/dropbear-initramfs/id_rsa.pub >> "${ETC_DIR}"/dropbear-initramfs/authorized_keys | |
| @@ -93,23 +85,35 if [ "$ENABLE_INITRAMFS" = true ] ; then | |||||
| 93 |
|
|
85 | # Enable Dropbear inside initramfs | |
| 94 |
|
|
86 | sed -i "54 i sleep 5" "${R}"/usr/share/initramfs-tools/scripts/init-premount/dropbear | |
| 95 |
|
|
87 | fi | |
|
|
88 | # CRYPTFSDROPBEAR=false | |||
| 96 |
|
|
89 | else | |
| 97 |
|
|
90 | # Disable SSHD inside initramfs | |
| 98 |
|
|
91 | printf "#\n# DROPBEAR: [ y | n ]\n#\n\nDROPBEAR=n\n" >> "${ETC_DIR}/initramfs-tools/initramfs.conf" | |
| 99 | fi |
|
92 | fi | |
| 100 |
|
93 | |||
| 101 | # Add cryptsetup modules to initramfs |
|
94 | # Add cryptsetup modules to initramfs | |
| 102 | printf "#\n# CRYPTSETUP: [ y | n ]\n#\n\nCRYPTSETUP=y\n" >> "${ETC_DIR}/initramfs-tools/conf-hook" |
|
95 | #printf "#\n# CRYPTSETUP: [ y | n ]\n#\n\nCRYPTSETUP=y\n" >> "${ETC_DIR}/initramfs-tools/conf-hook" | |
| 103 |
|
96 | |||
| 104 | # Dummy mapping required by mkinitramfs |
|
97 | # Dummy mapping required by mkinitramfs | |
| 105 |
echo "0 1 crypt |
|
98 | echo "0 1 crypt "${CRYPTFS_CIPHER}" ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff 0 7:0 4096" | chroot_exec dmsetup create "${CRYPTFS_MAPPING}" | |
| 106 |
|
99 | |||
| 107 | # Generate initramfs with encrypted root partition support |
|
100 | # Generate initramfs with encrypted root partition support | |
| 108 | chroot_exec mkinitramfs -o "/boot/firmware/initramfs-${KERNEL_VERSION}" "${KERNEL_VERSION}" |
|
101 | chroot_exec mkinitramfs -o "/boot/firmware/initramfs-${KERNEL_VERSION}" "${KERNEL_VERSION}" | |
| 109 |
|
102 | |||
| 110 | # Remove dummy mapping |
|
103 | # Remove dummy mapping | |
| 111 | chroot_exec cryptsetup close "${CRYPTFS_MAPPING}" |
|
104 | chroot_exec cryptsetup close "${CRYPTFS_MAPPING}" | |
|
|
105 | # CRYPTFS=false | |||
| 112 | else |
|
106 | else | |
|
|
107 | #USB BOOT /boot on sda1 / on sda2 | |||
|
|
108 | if [ "$ENABLE_USBBOOT" = true ] ; then | |||
|
|
109 | sed -i "s/mmcblk0p1/sda1/" "${ETC_DIR}/fstab" | |||
|
|
110 | sed -i "s/mmcblk0p2/sda2/" "${ETC_DIR}/fstab" | |||
|
|
111 | fi | |||
|
|
112 | ||||
|
|
113 | # Add usb/sda disk root partition to fstab | |||
|
|
114 | if [ "$ENABLE_SPLITFS" = true ] ; then | |||
|
|
115 | sed -i "s/mmcblk0p2/sda1/" "${ETC_DIR}/fstab" | |||
|
|
116 | fi | |||
| 113 | # Generate initramfs without encrypted root partition support |
|
117 | # Generate initramfs without encrypted root partition support | |
| 114 | chroot_exec mkinitramfs -o "/boot/firmware/initramfs-${KERNEL_VERSION}" "${KERNEL_VERSION}" |
|
118 | chroot_exec mkinitramfs -o "/boot/firmware/initramfs-${KERNEL_VERSION}" "${KERNEL_VERSION}" | |
| 115 | fi |
|
119 | fi | |
| @@ -112,7 +112,7 if [ "$ENABLE_TURBO" = true ] ; then | |||||
| 112 | echo "boot_delay=1" >> "${BOOT_DIR}/config.txt" |
|
112 | echo "boot_delay=1" >> "${BOOT_DIR}/config.txt" | |
| 113 | fi |
|
113 | fi | |
| 114 |
|
114 | |||
| 115 | if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then |
|
115 | if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] || [ "$RPI_MODEL" = 4 ]; then | |
| 116 |
|
116 | |||
| 117 | # Bluetooth enabled |
|
117 | # Bluetooth enabled | |
| 118 | if [ "$ENABLE_BLUETOOTH" = true ] ; then |
|
118 | if [ "$ENABLE_BLUETOOTH" = true ] ; then | |
| @@ -125,13 +125,13 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then | |||||
| 125 | # Copy downloaded sources |
|
125 | # Copy downloaded sources | |
| 126 | mv "${temp_dir}/pi-bluetooth" "${R}/tmp/" |
|
126 | mv "${temp_dir}/pi-bluetooth" "${R}/tmp/" | |
| 127 |
|
127 | |||
| 128 | # Bluetooth firmware from arch aur https://aur.archlinux.org/packages/pi-bluetooth/ |
|
|||
| 129 | as_nobody wget -q -O "${R}/tmp/pi-bluetooth/LICENCE.broadcom_bcm43xx" https://aur.archlinux.org/cgit/aur.git/plain/LICENCE.broadcom_bcm43xx?h=pi-bluetooth |
|
|||
| 130 | as_nobody wget -q -O "${R}/tmp/pi-bluetooth/BCM43430A1.hcd" https://raw.githubusercontent.com/RPi-Distro/bluez-firmware/master/broadcom/BCM43430A1.hcd |
|
|||
| 131 |
|
||||
| 132 | # Set permissions |
|
128 | # Set permissions | |
| 133 | chown -R root:root "${R}/tmp/pi-bluetooth" |
|
129 | chown -R root:root "${R}/tmp/pi-bluetooth" | |
| 134 |
|
130 | |||
|
|
131 | # Bluetooth firmware from arch aur https://aur.archlinux.org/packages/pi-bluetooth/ | |||
|
|
132 | wget -q -O "${R}/tmp/pi-bluetooth/LICENCE.broadcom_bcm43xx" https://aur.archlinux.org/cgit/aur.git/plain/LICENCE.broadcom_bcm43xx?h=pi-bluetooth | |||
|
|
133 | wget -q -O "${R}/tmp/pi-bluetooth/BCM43430A1.hcd" https://raw.githubusercontent.com/RPi-Distro/bluez-firmware/master/broadcom/BCM43430A1.hcd | |||
|
|
134 | ||||
| 135 | # Install tools |
|
135 | # Install tools | |
| 136 | install_readonly "${R}/tmp/pi-bluetooth/usr/bin/btuart" "${R}/usr/bin/btuart" |
|
136 | install_readonly "${R}/tmp/pi-bluetooth/usr/bin/btuart" "${R}/usr/bin/btuart" | |
| 137 | install_readonly "${R}/tmp/pi-bluetooth/usr/bin/bthelper" "${R}/usr/bin/bthelper" |
|
137 | install_readonly "${R}/tmp/pi-bluetooth/usr/bin/bthelper" "${R}/usr/bin/bthelper" | |
| @@ -211,6 +211,10 if [ "$ENABLE_SYSTEMDSWAP" = true ] ; then | |||||
| 211 | # Change into downloaded src dir |
|
211 | # Change into downloaded src dir | |
| 212 | cd "${R}/tmp/systemd-swap" || exit |
|
212 | cd "${R}/tmp/systemd-swap" || exit | |
| 213 |
|
213 | |||
|
|
214 | # Get Verion | |||
|
|
215 | VERSION=$(git tag | tail -n 1) | |||
|
|
216 | #sed -i "s/DEB_NAME=.*/DEB_NAME=systemd-swap_all/g" "${R}/tmp/systemd-swap/package.sh" | |||
|
|
217 | ||||
| 214 | # Build package |
|
218 | # Build package | |
| 215 | bash ./package.sh debian |
|
219 | bash ./package.sh debian | |
| 216 |
|
220 | |||
| @@ -221,7 +225,7 if [ "$ENABLE_SYSTEMDSWAP" = true ] ; then | |||||
| 221 | chown -R root:root "${R}/tmp/systemd-swap" |
|
225 | chown -R root:root "${R}/tmp/systemd-swap" | |
| 222 |
|
226 | |||
| 223 | # Install package - IMPROVE AND MAKE IT POSSIBLE WITHOUT VERSION NR. |
|
227 | # Install package - IMPROVE AND MAKE IT POSSIBLE WITHOUT VERSION NR. | |
| 224 |
chroot_exec dpkg -i /tmp/systemd-swap/systemd-swap_ |
|
228 | chroot_exec dpkg -i /tmp/systemd-swap/systemd-swap_"$VERSION"_all.deb | |
| 225 |
|
229 | |||
| 226 | # Enable service |
|
230 | # Enable service | |
| 227 | chroot_exec systemctl enable systemd-swap |
|
231 | chroot_exec systemctl enable systemd-swap | |
| @@ -106,7 +106,7 if [ "$ENABLE_WIRELESS" = true ] ; then | |||||
| 106 | temp_dir=$(as_nobody mktemp -d) |
|
106 | temp_dir=$(as_nobody mktemp -d) | |
| 107 |
|
107 | |||
| 108 | # Fetch firmware binary blob for RPI3B+ |
|
108 | # Fetch firmware binary blob for RPI3B+ | |
| 109 | if [ "$RPI_MODEL" = 3P ] ; then |
|
109 | if [ "$RPI_MODEL" = 3P ] || [ "$RPI_MODEL" = 4 ] ; then | |
| 110 | # Fetch firmware binary blob for RPi3P |
|
110 | # Fetch firmware binary blob for RPi3P | |
| 111 | as_nobody wget -q -O "${temp_dir}/brcmfmac43455-sdio.bin" "${WLAN_FIRMWARE_URL}/brcmfmac43455-sdio.bin" |
|
111 | as_nobody wget -q -O "${temp_dir}/brcmfmac43455-sdio.bin" "${WLAN_FIRMWARE_URL}/brcmfmac43455-sdio.bin" | |
| 112 | as_nobody wget -q -O "${temp_dir}/brcmfmac43455-sdio.txt" "${WLAN_FIRMWARE_URL}/brcmfmac43455-sdio.txt" |
|
112 | as_nobody wget -q -O "${temp_dir}/brcmfmac43455-sdio.txt" "${WLAN_FIRMWARE_URL}/brcmfmac43455-sdio.txt" | |
| @@ -34,11 +34,11 if [ "$ENABLE_VIDEOCORE" = true ] ; then | |||||
| 34 | cd "${R}"/tmp/userland/build |
|
34 | cd "${R}"/tmp/userland/build | |
| 35 |
|
35 | |||
| 36 | if [ "$RELEASE_ARCH" = "arm64" ] ; then |
|
36 | if [ "$RELEASE_ARCH" = "arm64" ] ; then | |
| 37 | cmake -DCMAKE_SYSTEM_NAME=Linux -DCMAKE_BUILD_TYPE=release -DARM64=ON -DCMAKE_C_COMPILER=aarch64-linux-gnu-gcc -DCMAKE_CXX_COMPILER=aarch64-linux-gnu-g++ -DCMAKE_ASM_COMPILER=aarch64-linux-gnu-gcc -DCMAKE_C_FLAGS="${CMAKE_C_FLAGS} -U_FORTIFY_SOURCE" -DCMAKE_ASM_FLAGS="${CMAKE_ASM_FLAGS} -c" -DVIDEOCORE_BUILD_DIR="${R}" "${R}/tmp/userland" |
|
37 | cmake -DCMAKE_SYSTEM_NAME=Linux -DCMAKE_BUILD_TYPE=release -DCMAKE_TOOLCHAIN_FILE="${R}"/tmp/userland/makefiles/cmake/toolchains/aarch64-linux-gnu.cmake -DARM64=ON -DCMAKE_C_COMPILER=aarch64-linux-gnu-gcc -DCMAKE_CXX_COMPILER=aarch64-linux-gnu-g++ -DCMAKE_ASM_COMPILER=aarch64-linux-gnu-gcc -DCMAKE_C_FLAGS="${CMAKE_C_FLAGS} -U_FORTIFY_SOURCE" -DCMAKE_ASM_FLAGS="${CMAKE_ASM_FLAGS} -c" -DVIDEOCORE_BUILD_DIR="${R}" "${R}/tmp/userland" | |
| 38 | fi |
|
38 | fi | |
| 39 |
|
39 | |||
| 40 | if [ "$RELEASE_ARCH" = "armel" ] ; then |
|
40 | if [ "$RELEASE_ARCH" = "armel" ] ; then | |
| 41 | cmake -DCMAKE_SYSTEM_NAME=Linux -DCMAKE_BUILD_TYPE=release -DCMAKE_C_COMPILER=arm-linux-gnueabi-gcc -DCMAKE_CXX_COMPILER=arm-linux-gnueabi-g++ -DCMAKE_ASM_COMPILER=arm-linux-gnueabi-gcc -DCMAKE_C_FLAGS="${CMAKE_C_FLAGS} -U_FORTIFY_SOURCE" -DCMAKE_ASM_FLAGS="${CMAKE_ASM_FLAGS} -c" -DCMAKE_SYSTEM_PROCESSOR="arm" -DVIDEOCORE_BUILD_DIR="${R}" "${R}/tmp/userland" |
|
41 | cmake -DCMAKE_SYSTEM_NAME=Linux -DCMAKE_BUILD_TYPE=release -DCMAKE_TOOLCHAIN_FILE="${R}"/tmp/userland/makefiles/cmake/toolchains/arm-linux-gnueabihf.cmake -DCMAKE_C_COMPILER=arm-linux-gnueabi-gcc -DCMAKE_CXX_COMPILER=arm-linux-gnueabi-g++ -DCMAKE_ASM_COMPILER=arm-linux-gnueabi-gcc -DCMAKE_C_FLAGS="${CMAKE_C_FLAGS} -U_FORTIFY_SOURCE" -DCMAKE_ASM_FLAGS="${CMAKE_ASM_FLAGS} -c" -DCMAKE_SYSTEM_PROCESSOR="arm" -DVIDEOCORE_BUILD_DIR="${R}" "${R}/tmp/userland" | |
| 42 | fi |
|
42 | fi | |
| 43 |
|
43 | |||
| 44 | if [ "$RELEASE_ARCH" = "armhf" ] ; then |
|
44 | if [ "$RELEASE_ARCH" = "armhf" ] ; then | |
| @@ -74,7 +74,7 if [ "$ENABLE_NEXMON" = true ] && [ "$ENABLE_WIRELESS" = true ]; then | |||||
| 74 | cp -f "${NEXMON_ROOT}"/patches/bcm43430a1/7_45_41_46/nexmon/brcmfmac43430-sdio.bin "${WLAN_FIRMWARE_DIR}"/brcmfmac43430-sdio.bin |
|
74 | cp -f "${NEXMON_ROOT}"/patches/bcm43430a1/7_45_41_46/nexmon/brcmfmac43430-sdio.bin "${WLAN_FIRMWARE_DIR}"/brcmfmac43430-sdio.bin | |
| 75 | fi |
|
75 | fi | |
| 76 |
|
76 | |||
| 77 | if [ "$RPI_MODEL" = 3P ] ; then |
|
77 | if [ "$RPI_MODEL" = 3P ] || [ "$RPI_MODEL" = 4 ] ; then | |
| 78 | cd "${NEXMON_ROOT}"/patches/bcm43455c0/7_45_154/nexmon || exit |
|
78 | cd "${NEXMON_ROOT}"/patches/bcm43455c0/7_45_154/nexmon || exit | |
| 79 | sed -i -e 's/all:.*/all: $(RAM_FILE)/g' ${NEXMON_ROOT}/patches/bcm43455c0/7_45_154/nexmon/Makefile |
|
79 | sed -i -e 's/all:.*/all: $(RAM_FILE)/g' ${NEXMON_ROOT}/patches/bcm43455c0/7_45_154/nexmon/Makefile | |
| 80 | make clean |
|
80 | make clean | |
| @@ -44,6 +44,9 RPI_MODEL=${RPI_MODEL:=2} | |||||
| 44 |
|
44 | |||
| 45 | # Debian release |
|
45 | # Debian release | |
| 46 | RELEASE=${RELEASE:=buster} |
|
46 | RELEASE=${RELEASE:=buster} | |
|
|
47 | if [ $RELEASE = "bullseye" ] ; then | |||
|
|
48 | RELEASE=testing | |||
|
|
49 | fi | |||
| 47 |
|
50 | |||
| 48 | # Kernel Branch |
|
51 | # Kernel Branch | |
| 49 | KERNEL_BRANCH=${KERNEL_BRANCH:=""} |
|
52 | KERNEL_BRANCH=${KERNEL_BRANCH:=""} | |
| @@ -52,7 +55,6 KERNEL_BRANCH=${KERNEL_BRANCH:=""} | |||||
| 52 | KERNEL_URL=${KERNEL_URL:=https://github.com/raspberrypi/linux} |
|
55 | KERNEL_URL=${KERNEL_URL:=https://github.com/raspberrypi/linux} | |
| 53 | FIRMWARE_URL=${FIRMWARE_URL:=https://github.com/raspberrypi/firmware/raw/master/boot} |
|
56 | FIRMWARE_URL=${FIRMWARE_URL:=https://github.com/raspberrypi/firmware/raw/master/boot} | |
| 54 | WLAN_FIRMWARE_URL=${WLAN_FIRMWARE_URL:=https://github.com/RPi-Distro/firmware-nonfree/raw/master/brcm} |
|
57 | WLAN_FIRMWARE_URL=${WLAN_FIRMWARE_URL:=https://github.com/RPi-Distro/firmware-nonfree/raw/master/brcm} | |
| 55 | COLLABORA_URL=${COLLABORA_URL:=https://repositories.collabora.co.uk/debian} |
|
|||
| 56 | FBTURBO_URL=${FBTURBO_URL:=https://github.com/ssvb/xf86-video-fbturbo.git} |
|
58 | FBTURBO_URL=${FBTURBO_URL:=https://github.com/ssvb/xf86-video-fbturbo.git} | |
| 57 | UBOOT_URL=${UBOOT_URL:=https://git.denx.de/u-boot.git} |
|
59 | UBOOT_URL=${UBOOT_URL:=https://git.denx.de/u-boot.git} | |
| 58 | VIDEOCORE_URL=${VIDEOCORE_URL:=https://github.com/raspberrypi/userland} |
|
60 | VIDEOCORE_URL=${VIDEOCORE_URL:=https://github.com/raspberrypi/userland} | |
| @@ -64,11 +66,16 SYSTEMDSWAP_URL=${SYSTEMDSWAP_URL:=https://github.com/Nefelim4ag/systemd-swap.gi | |||||
| 64 | RPI_32_KERNEL_URL=${RPI_32_KERNEL_URL:=https://github.com/hypriot/rpi-kernel/releases/download/v4.14.34/raspberrypi-kernel_20180422-141901_armhf.deb} |
|
66 | RPI_32_KERNEL_URL=${RPI_32_KERNEL_URL:=https://github.com/hypriot/rpi-kernel/releases/download/v4.14.34/raspberrypi-kernel_20180422-141901_armhf.deb} | |
| 65 | RPI_32_KERNELHEADER_URL=${RPI_32_KERNELHEADER_URL:=https://github.com/hypriot/rpi-kernel/releases/download/v4.14.34/raspberrypi-kernel-headers_20180422-141901_armhf.deb} |
|
67 | RPI_32_KERNELHEADER_URL=${RPI_32_KERNELHEADER_URL:=https://github.com/hypriot/rpi-kernel/releases/download/v4.14.34/raspberrypi-kernel-headers_20180422-141901_armhf.deb} | |
| 66 | # Kernel has KVM and zswap enabled - use if KERNEL_* parameters and precompiled kernel are used |
|
68 | # Kernel has KVM and zswap enabled - use if KERNEL_* parameters and precompiled kernel are used | |
| 67 |
RPI3_64_BIS_KERNEL_URL=${RPI3_64_BIS_KERNEL_URL:=https://github.com/sakaki-/bcmrpi3-kernel-bis/releases/download/4.1 |
|
69 | RPI3_64_BIS_KERNEL_URL=${RPI3_64_BIS_KERNEL_URL:=https://github.com/sakaki-/bcmrpi3-kernel-bis/releases/download/4.19.80.20191022/bcmrpi3-kernel-bis-4.19.80.20191022.tar.xz} | |
| 68 | # Default precompiled 64bit kernel |
|
70 | # Default precompiled 64bit kernel | |
| 69 |
RPI3_64_DEF_KERNEL_URL=${RPI3_64_DEF_KERNEL_URL:=https://github.com/sakaki-/bcmrpi3-kernel/releases/download/4.1 |
|
71 | RPI3_64_DEF_KERNEL_URL=${RPI3_64_DEF_KERNEL_URL:=https://github.com/sakaki-/bcmrpi3-kernel/releases/download/4.19.80.20191022/bcmrpi3-kernel-4.19.80.20191022.tar.xz} | |
|
|
72 | # Sakaki BIS Kernel RPI4 - https://github.com/sakaki-/bcm2711-kernel-bis | |||
|
|
73 | RPI4_64_BIS_KERNEL_URL=${RPI4_64_BIS_KERNEL_URL:=https://github.com/sakaki-/bcm2711-kernel-bis/releases/download/4.19.59.20190724/bcm2711-kernel-bis-4.19.59.20190724.tar.xz} | |||
|
|
74 | # Default precompiled 64bit kernel - https://github.com/sakaki-/bcm2711-kernel | |||
|
|
75 | RPI4_64_DEF_KERNEL_URL=${RPI4_64_DEF_KERNEL_URL:=https://github.com/sakaki-/bcm2711-kernel-bis/releases/download/4.19.59.20190724/bcm2711-kernel-bis-4.19.59.20190724.tar.xz} | |||
| 70 | # Generic |
|
76 | # Generic | |
| 71 | RPI3_64_KERNEL_URL=${RPI3_64_KERNEL_URL:=$RPI3_64_DEF_KERNEL_URL} |
|
77 | RPI3_64_KERNEL_URL=${RPI3_64_KERNEL_URL:=$RPI3_64_DEF_KERNEL_URL} | |
|
|
78 | RPI4_64_KERNEL_URL=${RPI4_64_KERNEL_URL:=$RPI4_64_DEF_KERNEL_URL} | |||
| 72 | # Kali kernel src - used if ENABLE_NEXMON=true (they patch the wlan kernel modul) |
|
79 | # Kali kernel src - used if ENABLE_NEXMON=true (they patch the wlan kernel modul) | |
| 73 | KALI_KERNEL_URL=${KALI_KERNEL_URL:=https://github.com/Re4son/re4son-raspberrypi-linux.git} |
|
80 | KALI_KERNEL_URL=${KALI_KERNEL_URL:=https://github.com/Re4son/re4son-raspberrypi-linux.git} | |
| 74 |
|
81 | |||
| @@ -191,6 +198,10 KERNEL_BPF=${KERNEL_BPF:=false} | |||||
| 191 | KERNEL_DEFAULT_GOV=${KERNEL_DEFAULT_GOV:=ondemand} |
|
198 | KERNEL_DEFAULT_GOV=${KERNEL_DEFAULT_GOV:=ondemand} | |
| 192 | KERNEL_SECURITY=${KERNEL_SECURITY:=false} |
|
199 | KERNEL_SECURITY=${KERNEL_SECURITY:=false} | |
| 193 | KERNEL_NF=${KERNEL_NF:=false} |
|
200 | KERNEL_NF=${KERNEL_NF:=false} | |
|
|
201 | KERNEL_DHKEY=${KERNEL_DHKEY:=true} | |||
|
|
202 | KERNEL_BTRFS=${KERNEL_BTRFS:=false} | |||
|
|
203 | KERNEL_NSPAN=${KERNEL_NSPAN:=false} | |||
|
|
204 | KERNEL_POEHAT=${KERNEL_POEHAT:=false} | |||
| 194 |
|
205 | |||
| 195 | # Kernel compilation from source directory settings |
|
206 | # Kernel compilation from source directory settings | |
| 196 | KERNELSRC_DIR=${KERNELSRC_DIR:=""} |
|
207 | KERNELSRC_DIR=${KERNELSRC_DIR:=""} | |
| @@ -212,7 +223,8 REDUCE_LOCALE=${REDUCE_LOCALE:=true} | |||||
| 212 | ENABLE_CRYPTFS=${ENABLE_CRYPTFS:=false} |
|
223 | ENABLE_CRYPTFS=${ENABLE_CRYPTFS:=false} | |
| 213 | CRYPTFS_PASSWORD=${CRYPTFS_PASSWORD:=""} |
|
224 | CRYPTFS_PASSWORD=${CRYPTFS_PASSWORD:=""} | |
| 214 | CRYPTFS_MAPPING=${CRYPTFS_MAPPING:="secure"} |
|
225 | CRYPTFS_MAPPING=${CRYPTFS_MAPPING:="secure"} | |
| 215 |
CRYPTFS_CIPHER=${CRYPTFS_CIPHER:="aes-xts-plain64 |
|
226 | CRYPTFS_CIPHER=${CRYPTFS_CIPHER:="aes-xts-plain64"} | |
|
|
227 | CRYPTFS_HASH=${CRYPTFS_HASH:="sha512"} | |||
| 216 | CRYPTFS_XTSKEYSIZE=${CRYPTFS_XTSKEYSIZE:=512} |
|
228 | CRYPTFS_XTSKEYSIZE=${CRYPTFS_XTSKEYSIZE:=512} | |
| 217 | #Dropbear-initramfs supports unlocking encrypted filesystem via SSH on bootup |
|
229 | #Dropbear-initramfs supports unlocking encrypted filesystem via SSH on bootup | |
| 218 | CRYPTFS_DROPBEAR=${CRYPTFS_DROPBEAR:=false} |
|
230 | CRYPTFS_DROPBEAR=${CRYPTFS_DROPBEAR:=false} | |
| @@ -224,7 +236,7 CHROOT_SCRIPTS=${CHROOT_SCRIPTS:=""} | |||||
| 224 |
|
236 | |||
| 225 | # Packages required in the chroot build environment |
|
237 | # Packages required in the chroot build environment | |
| 226 | APT_INCLUDES=${APT_INCLUDES:=""} |
|
238 | APT_INCLUDES=${APT_INCLUDES:=""} | |
| 227 | APT_INCLUDES="${APT_INCLUDES},apt-transport-https,apt-utils,ca-certificates,debian-archive-keyring,dialog,sudo,systemd,sysvinit-utils,locales,keyboard-configuration,console-setup,libnss-systemd" |
|
239 | APT_INCLUDES="${APT_INCLUDES},flex,bison,libssl-dev,apt-transport-https,apt-utils,ca-certificates,debian-archive-keyring,dialog,sudo,systemd,sysvinit-utils,locales,keyboard-configuration,console-setup,libnss-systemd" | |
| 228 |
|
240 | |||
| 229 | # Packages to exclude from chroot build environment |
|
241 | # Packages to exclude from chroot build environment | |
| 230 | APT_EXCLUDES=${APT_EXCLUDES:=""} |
|
242 | APT_EXCLUDES=${APT_EXCLUDES:=""} | |
| @@ -289,13 +301,15 if [ -n "$SET_ARCH" ] ; then | |||||
| 289 | if [ "$RPI_MODEL" = 2 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] || [ "$RPI_MODEL" = 4 ] ; then |
|
301 | if [ "$RPI_MODEL" = 2 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] || [ "$RPI_MODEL" = 4 ] ; then | |
| 290 | if [ "$RPI_MODEL" != 4 ] ; then |
|
302 | if [ "$RPI_MODEL" != 4 ] ; then | |
| 291 | KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcm2709_defconfig} |
|
303 | KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcm2709_defconfig} | |
|
|
304 | KERNEL_IMAGE=${KERNEL_IMAGE:=kernel7.img} | |||
| 292 | else |
|
305 | else | |
| 293 | KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcm2711_defconfig} |
|
306 | KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcm2711_defconfig} | |
|
|
307 | KERNEL_IMAGE=${KERNEL_IMAGE:=kernel7l.img} | |||
| 294 | fi |
|
308 | fi | |
| 295 |
|
309 | |||
| 296 | REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-armhf" |
|
310 | REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-armhf" | |
| 297 | RELEASE_ARCH=${RELEASE_ARCH:=armhf} |
|
311 | RELEASE_ARCH=${RELEASE_ARCH:=armhf} | |
| 298 | KERNEL_IMAGE=${KERNEL_IMAGE:=kernel7.img} |
|
312 | ||
| 299 | CROSS_COMPILE=${CROSS_COMPILE:=arm-linux-gnueabihf-} |
|
313 | CROSS_COMPILE=${CROSS_COMPILE:=arm-linux-gnueabihf-} | |
| 300 | fi |
|
314 | fi | |
| 301 | fi |
|
315 | fi | |
| @@ -385,7 +399,7 fi | |||||
| 385 |
|
399 | |||
| 386 | # Add deps for nexmon |
|
400 | # Add deps for nexmon | |
| 387 | if [ "$ENABLE_NEXMON" = true ] ; then |
|
401 | if [ "$ENABLE_NEXMON" = true ] ; then | |
| 388 |
REQUIRED_PACKAGES="${REQUIRED_PACKAGES} libgmp3-dev gawk qpdf |
|
402 | REQUIRED_PACKAGES="${REQUIRED_PACKAGES} libgmp3-dev gawk qpdf make autoconf automake build-essential libtool" | |
| 389 | fi |
|
403 | fi | |
| 390 |
|
404 | |||
| 391 | # Add libncurses5 to enable kernel menuconfig |
|
405 | # Add libncurses5 to enable kernel menuconfig | |
| @@ -401,7 +415,7 fi | |||||
| 401 | # Add cryptsetup package to enable filesystem encryption |
|
415 | # Add cryptsetup package to enable filesystem encryption | |
| 402 | if [ "$ENABLE_CRYPTFS" = true ] && [ "$BUILD_KERNEL" = true ] ; then |
|
416 | if [ "$ENABLE_CRYPTFS" = true ] && [ "$BUILD_KERNEL" = true ] ; then | |
| 403 | REQUIRED_PACKAGES="${REQUIRED_PACKAGES} cryptsetup" |
|
417 | REQUIRED_PACKAGES="${REQUIRED_PACKAGES} cryptsetup" | |
| 404 | APT_INCLUDES="${APT_INCLUDES},cryptsetup,busybox,console-setup" |
|
418 | APT_INCLUDES="${APT_INCLUDES},cryptsetup,busybox,console-setup,cryptsetup-initramfs" | |
| 405 |
|
419 | |||
| 406 | # If cryptfs,dropbear and initramfs are enabled include dropbear-initramfs package |
|
420 | # If cryptfs,dropbear and initramfs are enabled include dropbear-initramfs package | |
| 407 | if [ "$CRYPTFS_DROPBEAR" = true ] && [ "$ENABLE_INITRAMFS" = true ]; then |
|
421 | if [ "$CRYPTFS_DROPBEAR" = true ] && [ "$ENABLE_INITRAMFS" = true ]; then | |
| @@ -470,7 +484,7 if [ -n "$MISSING_PACKAGES" ] ; then | |||||
| 470 | [ "$confirm" != "y" ] && exit 1 |
|
484 | [ "$confirm" != "y" ] && exit 1 | |
| 471 |
|
485 | |||
| 472 | # Make sure all missing required packages are installed |
|
486 | # Make sure all missing required packages are installed | |
| 473 | apt-get -qq -y install `echo "${MISSING_PACKAGES}" | sed "s/ //"` |
|
487 | apt-get update && apt-get -qq -y install `echo "${MISSING_PACKAGES}" | sed "s/ //"` | |
| 474 | fi |
|
488 | fi | |
| 475 |
|
489 | |||
| 476 | # Check if ./bootstrap.d directory exists |
|
490 | # Check if ./bootstrap.d directory exists | |
| @@ -822,7 +836,7 if [ "$ENABLE_CRYPTFS" = true ] ; then | |||||
| 822 | echo -n ${CRYPTFS_PASSWORD} > .password |
|
836 | echo -n ${CRYPTFS_PASSWORD} > .password | |
| 823 |
|
837 | |||
| 824 | # Initialize encrypted partition |
|
838 | # Initialize encrypted partition | |
| 825 |
|
|
839 | cryptsetup --verbose --debug -q luksFormat "${ROOT_LOOP}" -c "${CRYPTFS_CIPHER}" -h "${CRYPTFS_HASH}" -s "${CRYPTFS_XTSKEYSIZE}" .password | |
| 826 |
|
840 | |||
| 827 | # Open encrypted partition and setup mapping |
|
841 | # Open encrypted partition and setup mapping | |
| 828 | cryptsetup luksOpen "${ROOT_LOOP}" -d .password "${CRYPTFS_MAPPING}" |
|
842 | cryptsetup luksOpen "${ROOT_LOOP}" -d .password "${CRYPTFS_MAPPING}" | |
General Comments 0
Vous devez vous connecter pour laisser un commentaire.
Se connecter maintenant
