##// END OF EJS Templates
Merge branch 'master' into drtyhlpr-master
Gérard Vidal -
r627:b39cf2ca3729 Fusion drtyhlpr-master
parent child
Show More
@@ -0,0 +1,56
1 #
2 # Setup videocore - Raspberry Userland
3 #
4
5 # Load utility functions
6 . ./functions.sh
7
8 if [ "$ENABLE_VIDEOCORE" = true ] ; then
9 # Copy existing videocore sources into chroot directory
10 if [ -n "$VIDEOCORESRC_DIR" ] && [ -d "$VIDEOCORESRC_DIR" ] ; then
11 # Copy local videocore sources
12 cp -r "${VIDEOCORESRC_DIR}" "${R}/tmp/userland"
13 else
14 # Create temporary directory for videocore sources
15 temp_dir=$(as_nobody mktemp -d)
16
17 # Fetch videocore sources
18 as_nobody git -C "${temp_dir}" clone "${VIDEOCORE_URL}"
19
20 # Copy downloaded videocore sources
21 mv "${temp_dir}/userland" "${R}/tmp/"
22
23 # Set permissions of the U-Boot sources
24 chown -R root:root "${R}/tmp/userland"
25
26 # Remove temporary directory for U-Boot sources
27 rm -fr "${temp_dir}"
28 fi
29
30 # Create build dir
31 mkdir "${R}"/tmp/userland/build
32
33 # push us to build directory
34 cd "${R}"/tmp/userland/build
35
36 if [ "$RELEASE_ARCH" = "arm64" ] ; then
37 cmake -DCMAKE_SYSTEM_NAME=Linux -DCMAKE_BUILD_TYPE=release -DARM64=ON -DCMAKE_C_COMPILER=aarch64-linux-gnu-gcc -DCMAKE_CXX_COMPILER=aarch64-linux-gnu-g++ -DCMAKE_ASM_COMPILER=aarch64-linux-gnu-gcc -DCMAKE_C_FLAGS="${CMAKE_C_FLAGS} -U_FORTIFY_SOURCE" -DCMAKE_ASM_FLAGS="${CMAKE_ASM_FLAGS} -c" -DVIDEOCORE_BUILD_DIR="${R}" "${R}/tmp/userland"
38 fi
39
40 if [ "$RELEASE_ARCH" = "armel" ] ; then
41 cmake -DCMAKE_SYSTEM_NAME=Linux -DCMAKE_BUILD_TYPE=release -DCMAKE_C_COMPILER=arm-linux-gnueabi-gcc -DCMAKE_CXX_COMPILER=arm-linux-gnueabi-g++ -DCMAKE_ASM_COMPILER=arm-linux-gnueabi-gcc -DCMAKE_C_FLAGS="${CMAKE_C_FLAGS} -U_FORTIFY_SOURCE" -DCMAKE_ASM_FLAGS="${CMAKE_ASM_FLAGS} -c" -DCMAKE_SYSTEM_PROCESSOR="arm" -DVIDEOCORE_BUILD_DIR="${R}" "${R}/tmp/userland"
42 fi
43
44 if [ "$RELEASE_ARCH" = "armhf" ] ; then
45 cmake -DCMAKE_SYSTEM_NAME=Linux -DCMAKE_BUILD_TYPE=release -DCMAKE_TOOLCHAIN_FILE="${R}"/tmp/userland/makefiles/cmake/toolchains/arm-linux-gnueabihf.cmake -DVIDEOCORE_BUILD_DIR="${R}" "${R}/tmp/userland"
46 fi
47
48 #build userland
49 make -j "$(nproc)"
50
51 #back to root of scriptdir
52 cd "${WORKDIR}"
53
54 # Remove videocore sources
55 rm -fr "${R}"/tmp/userland/
56 fi
@@ -0,0 +1,97
1 #!/bin/sh
2 #
3 # Build and Setup nexmon with monitor mode patch
4 #
5
6 # Load utility functions
7 . ./functions.sh
8
9 if [ "$ENABLE_NEXMON" = true ] && [ "$ENABLE_WIRELESS" = true ]; then
10 # Copy existing nexmon sources into chroot directory
11 if [ -n "$NEXMONSRC_DIR" ] && [ -d "$NEXMONSRC_DIR" ] ; then
12 # Copy local U-Boot sources
13 cp -r "${NEXMONSRC_DIR}" "${R}/tmp"
14 else
15 # Create temporary directory for nexmon sources
16 temp_dir=$(as_nobody mktemp -d)
17
18 # Fetch nexmon sources
19 as_nobody git -C "${temp_dir}" clone "${NEXMON_URL}"
20
21 # Copy downloaded nexmon sources
22 mv "${temp_dir}/nexmon" "${R}"/tmp/
23
24 # Set permissions of the nexmon sources
25 chown -R root:root "${R}"/tmp/nexmon
26
27 # Remove temporary directory for nexmon sources
28 rm -fr "${temp_dir}"
29 fi
30
31 # Set script Root
32 export NEXMON_ROOT="${R}"/tmp/nexmon
33
34 # Build nexmon firmware outside the build system, if we can.
35 cd "${NEXMON_ROOT}" || exit
36
37 # Make ancient isl build
38 cd buildtools/isl-0.10 || exit
39 ./configure
40 make
41 cd ../.. || exit
42
43 # Disable statistics
44 touch DISABLE_STATISTICS
45
46 # Setup Enviroment: see https://github.com/NoobieDog/nexmon/blob/master/setup_env.sh
47 export KERNEL="${KERNEL_IMAGE}"
48 export ARCH=arm
49 export SUBARCH=arm
50 export CC="${NEXMON_ROOT}"/buildtools/gcc-arm-none-eabi-5_4-2016q2-linux-x86/bin/arm-none-eabi-
51 export CC="${CC}"gcc
52 export CCPLUGIN="${NEXMON_ROOT}"/buildtools/gcc-nexmon-plugin/nexmon.so
53 export ZLIBFLATE="zlib-flate -compress"
54 export Q=@
55 export NEXMON_SETUP_ENV=1
56 export HOSTUNAME=$(uname -s)
57 export PLATFORMUNAME=$(uname -m)
58
59 # Make nexmon
60 make
61
62 # build patches
63 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 3 ] ; then
64 cd "${NEXMON_ROOT}"/patches/bcm43430a1/7_45_41_46/nexmon || exit
65 sed -i -e 's/all:.*/all: $(RAM_FILE)/g' ${NEXMON_ROOT}/patches/bcm43430a1/7_45_41_46/nexmon/Makefile
66 make clean
67
68 # We do this so we don't have to install the ancient isl version into /usr/local/lib on systems.
69 LD_LIBRARY_PATH="${NEXMON_ROOT}"/buildtools/isl-0.10/.libs make ARCH="${KERNEL_ARCH}" CC="${NEXMON_ROOT}"/buildtools/gcc-arm-none-eabi-5_4-2016q2-linux-x86/bin/arm-none-eabi-
70
71 # copy RPi0W & RPi3 firmware
72 mv "${WLAN_FIRMWARE_DIR}"/brcmfmac43430-sdio.bin "${WLAN_FIRMWARE_DIR}"/brcmfmac43430-sdio.org.bin
73 cp "${NEXMON_ROOT}"/patches/bcm43430a1/7_45_41_46/nexmon/brcmfmac43430-sdio.bin "${WLAN_FIRMWARE_DIR}"/brcmfmac43430-sdio.nexmon.bin
74 cp -f "${NEXMON_ROOT}"/patches/bcm43430a1/7_45_41_46/nexmon/brcmfmac43430-sdio.bin "${WLAN_FIRMWARE_DIR}"/brcmfmac43430-sdio.bin
75 fi
76
77 if [ "$RPI_MODEL" = 3P ] ; then
78 cd "${NEXMON_ROOT}"/patches/bcm43455c0/7_45_154/nexmon || exit
79 sed -i -e 's/all:.*/all: $(RAM_FILE)/g' ${NEXMON_ROOT}/patches/bcm43455c0/7_45_154/nexmon/Makefile
80 make clean
81
82 # We do this so we don't have to install the ancient isl version into /usr/local/lib on systems.
83 LD_LIBRARY_PATH=${NEXMON_ROOT}/buildtools/isl-0.10/.libs make ARCH="${KERNEL_ARCH}" CC="${NEXMON_ROOT}"/buildtools/gcc-arm-none-eabi-5_4-2016q2-linux-x86/bin/arm-none-eabi-
84
85 # RPi3B+ firmware
86 mv "${WLAN_FIRMWARE_DIR}"/brcmfmac43455-sdio.bin "${WLAN_FIRMWARE_DIR}"/brcmfmac43455-sdio.org.bin
87 cp "${NEXMON_ROOT}"/patches/bcm43455c0/7_45_154/nexmon/brcmfmac43455-sdio.bin "${WLAN_FIRMWARE_DIR}"/brcmfmac43455-sdio.nexmon.bin
88 cp -f "${NEXMON_ROOT}"/patches/bcm43455c0/7_45_154/nexmon/brcmfmac43455-sdio.bin "${WLAN_FIRMWARE_DIR}"/brcmfmac43455-sdio.bin
89 fi
90
91 #Revert to previous directory
92 cd "${WORKDIR}" || exit
93
94 # Remove nexmon sources
95 rm -fr "${NEXMON_ROOT}"
96
97 fi
@@ -0,0 +1,33
1 SUBSYSTEM=="input", GROUP="input", MODE="0660"
2 SUBSYSTEM=="i2c-dev", GROUP="i2c", MODE="0660"
3 SUBSYSTEM=="spidev", GROUP="spi", MODE="0660"
4 SUBSYSTEM=="bcm2835-gpiomem", GROUP="gpio", MODE="0660"
5
6 SUBSYSTEM=="gpio", GROUP="gpio", MODE="0660"
7 SUBSYSTEM=="gpio*", PROGRAM="/bin/sh -c '\
8 chown -R root:gpio /sys/class/gpio && chmod -R 770 /sys/class/gpio;\
9 chown -R root:gpio /sys/devices/virtual/gpio && chmod -R 770 /sys/devices/virtual/gpio;\
10 chown -R root:gpio /sys$devpath && chmod -R 770 /sys$devpath\
11 '"
12
13 KERNEL=="ttyAMA[01]", PROGRAM="/bin/sh -c '\
14 ALIASES=/proc/device-tree/aliases; \
15 if cmp -s $ALIASES/uart0 $ALIASES/serial0; then \
16 echo 0;\
17 elif cmp -s $ALIASES/uart0 $ALIASES/serial1; then \
18 echo 1; \
19 else \
20 exit 1; \
21 fi\
22 '", SYMLINK+="serial%c"
23
24 KERNEL=="ttyS0", PROGRAM="/bin/sh -c '\
25 ALIASES=/proc/device-tree/aliases; \
26 if cmp -s $ALIASES/uart1 $ALIASES/serial0; then \
27 echo 0; \
28 elif cmp -s $ALIASES/uart1 $ALIASES/serial1; then \
29 echo 1; \
30 else \
31 exit 1; \
32 fi \
33 '", SYMLINK+="serial%c"
@@ -0,0 +1,5
1 # Restart dphys-swapfile service if it exists
2 logger -t "rc.firstboot" "Restarting dphys-swapfile"
3
4 systemctl enable dphys-swapfile
5 systemctl restart dphys-swapfile
@@ -0,0 +1,45
1 #!/bin/sh
2
3 PREREQ="dropbear"
4
5 prereqs() {
6 echo "$PREREQ"
7 }
8
9 case "$1" in
10 prereqs)
11 prereqs
12 exit 0
13 ;;
14 esac
15
16 . "${CONFDIR}/initramfs.conf"
17 . /usr/share/initramfs-tools/hook-functions
18
19 if [ "${DROPBEAR}" != "n" ] && [ -r "/etc/crypttab" ] ; then
20 cat > "${DESTDIR}/bin/unlock" << EOF
21 #!/bin/sh
22 if PATH=/lib/unlock:/bin:/sbin /scripts/local-top/cryptroot; then
23 kill \`ps | grep cryptroot | grep -v "grep" | awk '{print \$1}'\`
24 # following line kill the remote shell right after the passphrase has
25 # been entered.
26 kill -9 \`ps | grep "\-sh" | grep -v "grep" | awk '{print \$1}'\`
27 exit 0
28 fi
29 exit 1
30 EOF
31
32 chmod 755 "${DESTDIR}/bin/unlock"
33
34 mkdir -p "${DESTDIR}/lib/unlock"
35 cat > "${DESTDIR}/lib/unlock/plymouth" << EOF
36 #!/bin/sh
37 [ "\$1" == "--ping" ] && exit 1
38 /bin/plymouth "\$@"
39 EOF
40
41 chmod 755 "${DESTDIR}/lib/unlock/plymouth"
42
43 echo To unlock root-partition run "unlock" >> ${DESTDIR}/etc/motd
44
45 fi No newline at end of file
@@ -0,0 +1,21
1 add table ip filter
2 add chain ip filter INPUT { type filter hook input priority 0; }
3 add chain ip filter FORWARD { type filter hook forward priority 0; }
4 add chain ip filter OUTPUT { type filter hook output priority 0; }
5 add chain ip filter TCP
6 add chain ip filter UDP
7 add chain ip filter SSH
8 add rule ip filter INPUT icmp type echo-request limit rate 30/minute burst 8 packets counter accept
9 add rule ip filter INPUT icmp type echo-request counter drop
10 add rule ip filter INPUT ct state related,established counter accept
11 add rule ip filter INPUT iifname lo counter accept
12 add rule ip filter INPUT ct state invalid counter drop
13 add rule ip filter INPUT tcp dport 22 ct state new counter jump SSH
14 # -t filter -A SSH -m recent --name sshbf --rttl --rcheck --hitcount 3 --seconds 10 -j DROP
15 # -t filter -A SSH -m recent --name sshbf --rttl --rcheck --hitcount 20 --seconds 1800 -j DROP
16 # -t filter -A SSH -m recent --name sshbf --set -j ACCEPT
17 add rule ip filter INPUT ip protocol udp ct state new counter jump UDP
18 add rule ip filter INPUT tcp flags & fin|syn|rst|ack == syn ct state new counter jump TCP
19 add rule ip filter INPUT ip protocol udp counter reject
20 add rule ip filter INPUT ip protocol tcp counter reject with tcp reset
21 add rule ip filter INPUT counter reject with icmp type prot-unreachable
@@ -0,0 +1,24
1 add table ip6 filter
2 add chain ip6 filter INPUT { type filter hook input priority 0; }
3 add chain ip6 filter FORWARD { type filter hook forward priority 0; }
4 add chain ip6 filter OUTPUT { type filter hook output priority 0; }
5 add chain ip6 filter TCP
6 add chain ip6 filter UDP
7 add chain ip6 filter SSH
8 add rule ip6 filter INPUT rt type 0 counter drop
9 add rule ip6 filter OUTPUT rt type 0 counter drop
10 add rule ip6 filter FORWARD rt type 0 counter drop
11 add rule ip6 filter INPUT meta l4proto ipv6-icmp icmpv6 type echo-request limit rate 30/minute burst 8 packets counter accept
12 add rule ip6 filter INPUT meta l4proto ipv6-icmp icmpv6 type echo-request counter drop
13 add rule ip6 filter INPUT ct state related,established counter accept
14 add rule ip6 filter INPUT iifname lo counter accept
15 add rule ip6 filter INPUT ct state invalid counter drop
16 add rule ip6 filter INPUT tcp dport 22 ct state new counter jump SSH
17 # -t filter -A SSH -m recent --name sshbf --rttl --rcheck --hitcount 3 --seconds 10 -j DROP
18 # -t filter -A SSH -m recent --name sshbf --rttl --rcheck --hitcount 20 --seconds 1800 -j DROP
19 # -t filter -A SSH -m recent --name sshbf --set -j ACCEPT
20 add rule ip6 filter INPUT meta l4proto udp ct state new counter jump UDP
21 add rule ip6 filter INPUT tcp flags & fin|syn|rst|ack == syn ct state new counter jump TCP
22 add rule ip6 filter INPUT meta l4proto udp counter reject with icmpv6 type admin-prohibited
23 add rule ip6 filter INPUT meta l4proto tcp counter reject with icmpv6 type admin-prohibited
24 add rule ip6 filter INPUT counter reject with icmpv6 type admin-prohibited
@@ -0,0 +1,12
1 [Match]
2 Name=wlan0
3
4 [Network]
5 DHCP=no
6 Address=
7 Gateway=
8 DNS=
9 DNS=
10 Domains=
11 NTP=
12 NTP=
@@ -0,0 +1,1
1 kernel.printk = 3 4 1 3 No newline at end of file
@@ -0,0 +1,2
1 # ASLR
2 kernel.randomize_va_space = 2 No newline at end of file
@@ -0,0 +1,5
1 # Configuration template file used by rpi23-gen-image.sh
2 RPI_MODEL=0
3 RELEASE=buster
4 BUILD_KERNEL=true
5 # ENABLE_BLUETOOTH=false
@@ -0,0 +1,5
1 # Configuration template file used by rpi23-gen-image.sh
2 RPI_MODEL=0
3 RELEASE=stretch
4 BUILD_KERNEL=true
5 # ENABLE_BLUETOOTH=false
@@ -0,0 +1,4
1 # Configuration template file used by rpi23-gen-image.sh
2 RPI_MODEL=1P
3 RELEASE=buster
4 BUILD_KERNEL=true
@@ -0,0 +1,4
1 # Configuration template file used by rpi23-gen-image.sh
2 RPI_MODEL=1P
3 RELEASE=stretch
4 BUILD_KERNEL=true
@@ -0,0 +1,4
1 # Configuration template file used by rpi23-gen-image.sh
2 RPI_MODEL=2
3 RELEASE=stretch
4 BUILD_KERNEL=true
@@ -0,0 +1,6
1 # Configuration template file used by rpi23-gen-image.sh
2 RPI_MODEL=3P
3 RELEASE=buster
4 BUILD_KERNEL=true
5 # ENABLE_WIRELESS=false
6 # ENABLE_BLUETOOTH=false
@@ -0,0 +1,6
1 # Configuration template file used by rpi23-gen-image.sh
2 RPI_MODEL=3P
3 RELEASE=stretch
4 BUILD_KERNEL=true
5 # ENABLE_WIRELESS=false
6 # ENABLE_BLUETOOTH=false
@@ -1,450 +1,450
1 ## 介绍
1 ## 介绍
2 `rpi23-gen-image.sh` 是一个自动生成树莓派2/3系统镜像的脚本工具, 当前支持自动生成32位 armhf 架构的Debian, 发行版本`jessie`, `stretch``buster`. 树莓派3 64位镜像需要使用特定的配置参数 (```templates/rpi3-stretch-arm64-4.11.y```).
2 `rpi23-gen-image.sh` 是一个自动生成树莓派2/3系统镜像的脚本工具, 当前支持自动生成32位 armhf 架构的Debian, 发行版本`jessie`, `stretch``buster`. 树莓派3 64位镜像需要使用特定的配置参数 (```templates/rpi3-stretch-arm64-4.14.y```).
3
3
4 ## 构建环境所依赖的包
4 ## 构建环境所依赖的包
5 一定要安装好下列deb包, 他们是构建过程需要的核心包. 脚本会自动检查, 如果缺少,经用户确认后会自动安装.
5 一定要安装好下列deb包, 他们是构建过程需要的核心包. 脚本会自动检查, 如果缺少,经用户确认后会自动安装.
6
6
7 ```debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git bc psmisc dbus sudo```
7 ```debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git bc psmisc dbus sudo```
8
8
9 推荐通过配置 `rpi23-gen-image.sh` 脚本编译安装最新的树莓派 Linux 内核, 对于树莓派3, 只能如此. 在构建系统上使用 ARM (armhf) 交叉编译工具链编译内核.
9 推荐通过配置 `rpi23-gen-image.sh` 脚本编译安装最新的树莓派 Linux 内核, 对于树莓派3, 只能如此. 在构建系统上使用 ARM (armhf) 交叉编译工具链编译内核.
10
10
11 脚本已经在Debian Liux `jessie` 和`stretch` 构建系统下使用默认的 `crossbuild-essential-armhf` 工具链进行过测试. 获取更多信息请查看 [Debian 交叉工具链 Wiki](https://wiki.debian.org/CrossToolchains) .
11 脚本已经在Debian Liux `jessie` 和`stretch` 构建系统下使用默认的 `crossbuild-essential-armhf` 工具链进行过测试. 获取更多信息请查看 [Debian 交叉工具链 Wiki](https://wiki.debian.org/CrossToolchains) .
12
12
13 如果使用Debian Linux `jessie` 构建系统, 先要添加交叉编译工具链的源 [Debian 交叉工具链仓库](http://emdebian.org/tools/debian/):
13 如果使用Debian Linux `jessie` 构建系统, 先要添加交叉编译工具链的源 [Debian 交叉工具链仓库](http://emdebian.org/tools/debian/):
14
14
15 ```
15 ```
16 echo "deb http://emdebian.org/tools/debian/ jessie main" > /etc/apt/sources.list.d/crosstools.list
16 echo "deb http://emdebian.org/tools/debian/ jessie main" > /etc/apt/sources.list.d/crosstools.list
17 sudo -u nobody wget -O - http://emdebian.org/tools/debian/emdebian-toolchain-archive.key | apt-key add -
17 sudo -u nobody wget -O - http://emdebian.org/tools/debian/emdebian-toolchain-archive.key | apt-key add -
18 dpkg --add-architecture armhf
18 dpkg --add-architecture armhf
19 apt-get update
19 apt-get update
20 ```
20 ```
21
21
22 ## 命令行参数
22 ## 命令行参数
23 脚本可以使用特定的命令行参数来允许或禁止操作系统的某些特性、服务和配置信息. 这些参数通过(简单)脚本变量传递给 `rpi23-gen-image.sh`. 不同于环境变量, (简单)脚本变量在调用`rpi23-gen-image.sh`的命令行前面定义.
23 脚本可以使用特定的命令行参数来允许或禁止操作系统的某些特性、服务和配置信息. 这些参数通过(简单)脚本变量传递给 `rpi23-gen-image.sh`. 不同于环境变量, (简单)脚本变量在调用`rpi23-gen-image.sh`的命令行前面定义.
24
24
25 ##### 命令行示例:
25 ##### 命令行示例:
26 ```shell
26 ```shell
27 ENABLE_UBOOT=true ./rpi23-gen-image.sh
27 ENABLE_UBOOT=true ./rpi23-gen-image.sh
28 ENABLE_CONSOLE=false ENABLE_IPV6=false ./rpi23-gen-image.sh
28 ENABLE_CONSOLE=false ENABLE_IPV6=false ./rpi23-gen-image.sh
29 ENABLE_WM=xfce4 ENABLE_FBTURBO=true ENABLE_MINBASE=true ./rpi23-gen-image.sh
29 ENABLE_WM=xfce4 ENABLE_FBTURBO=true ENABLE_MINBASE=true ./rpi23-gen-image.sh
30 ENABLE_HARDNET=true ENABLE_IPTABLES=true /rpi23-gen-image.sh
30 ENABLE_HARDNET=true ENABLE_IPTABLES=true /rpi23-gen-image.sh
31 APT_SERVER=ftp.de.debian.org APT_PROXY="http://127.0.0.1:3142/" ./rpi23-gen-image.sh
31 APT_SERVER=ftp.de.debian.org APT_PROXY="http://127.0.0.1:3142/" ./rpi23-gen-image.sh
32 ENABLE_MINBASE=true ./rpi23-gen-image.sh
32 ENABLE_MINBASE=true ./rpi23-gen-image.sh
33 BUILD_KERNEL=true ENABLE_MINBASE=true ENABLE_IPV6=false ./rpi23-gen-image.sh
33 BUILD_KERNEL=true ENABLE_MINBASE=true ENABLE_IPV6=false ./rpi23-gen-image.sh
34 BUILD_KERNEL=true KERNELSRC_DIR=/tmp/linux ./rpi23-gen-image.sh
34 BUILD_KERNEL=true KERNELSRC_DIR=/tmp/linux ./rpi23-gen-image.sh
35 ENABLE_MINBASE=true ENABLE_REDUCE=true ENABLE_MINGPU=true BUILD_KERNEL=true ./rpi23-gen-image.sh
35 ENABLE_MINBASE=true ENABLE_REDUCE=true ENABLE_MINGPU=true BUILD_KERNEL=true ./rpi23-gen-image.sh
36 ENABLE_CRYPTFS=true CRYPTFS_PASSWORD=changeme EXPANDROOT=false ENABLE_MINBASE=true ENABLE_REDUCE=true ENABLE_MINGPU=true BUILD_KERNEL=true ./rpi23-gen-image.sh
36 ENABLE_CRYPTFS=true CRYPTFS_PASSWORD=changeme EXPANDROOT=false ENABLE_MINBASE=true ENABLE_REDUCE=true ENABLE_MINGPU=true BUILD_KERNEL=true ./rpi23-gen-image.sh
37 RELEASE=stretch BUILD_KERNEL=true ./rpi23-gen-image.sh
37 RELEASE=stretch BUILD_KERNEL=true ./rpi23-gen-image.sh
38 RPI_MODEL=3 ENABLE_WIRELESS=true ENABLE_MINBASE=true BUILD_KERNEL=true ./rpi23-gen-image.sh
38 RPI_MODEL=3 ENABLE_WIRELESS=true ENABLE_MINBASE=true BUILD_KERNEL=true ./rpi23-gen-image.sh
39 RELEASE=stretch RPI_MODEL=3 ENABLE_WIRELESS=true ENABLE_MINBASE=true BUILD_KERNEL=true ./rpi23-gen-image.sh
39 RELEASE=stretch RPI_MODEL=3 ENABLE_WIRELESS=true ENABLE_MINBASE=true BUILD_KERNEL=true ./rpi23-gen-image.sh
40 ```
40 ```
41
41
42 ## 参数模板文件
42 ## 参数模板文件
43 为了避免冗长的命令行参数以及存储感兴趣的参数配置, `rpi23-gen-image.sh` 支持所谓的参数模板文件 (`CONFIG_TEMPLATE`=template). 这些文本文件位于 `./templates` 目录, 文件中含有将会使用的配置参数. 新的配置模板文件会被添加到 `./templates` 目录.
43 为了避免冗长的命令行参数以及存储感兴趣的参数配置, `rpi23-gen-image.sh` 支持所谓的参数模板文件 (`CONFIG_TEMPLATE`=template). 这些文本文件位于 `./templates` 目录, 文件中含有将会使用的配置参数. 新的配置模板文件会被添加到 `./templates` 目录.
44
44
45 ##### 命令行示例:
45 ##### 命令行示例:
46 ```shell
46 ```shell
47 CONFIG_TEMPLATE=rpi3stretch ./rpi23-gen-image.sh
47 CONFIG_TEMPLATE=rpi3stretch ./rpi23-gen-image.sh
48 CONFIG_TEMPLATE=rpi2stretch ./rpi23-gen-image.sh
48 CONFIG_TEMPLATE=rpi2stretch ./rpi23-gen-image.sh
49 ```
49 ```
50
50
51 ## 支持的参数和设置
51 ## 支持的参数和设置
52 #### APT 设置:
52 #### APT 设置:
53 ##### `APT_SERVER`="ftp.debian.org"
53 ##### `APT_SERVER`="ftp.debian.org"
54 设置 Debian 仓库地址. 选择一个 [镜像站点](https://www.debian.org/mirror/list). 选一个近的镜像站点会加快镜像生成过程中所需文件的下载速度.
54 设置 Debian 仓库地址. 选择一个 [镜像站点](https://www.debian.org/mirror/list). 选一个近的镜像站点会加快镜像生成过程中所需文件的下载速度.
55
55
56 ##### `APT_PROXY`=""
56 ##### `APT_PROXY`=""
57 设置代理服务器地址. 使用本地缓存代理, 比如 `apt-cacher-ng` 可以缩短镜像生成时间, 因为所需要的 Debian 包文件只需下载一次.
57 设置代理服务器地址. 使用本地缓存代理, 比如 `apt-cacher-ng` 可以缩短镜像生成时间, 因为所需要的 Debian 包文件只需下载一次.
58
58
59 ##### `APT_INCLUDES`=""
59 ##### `APT_INCLUDES`=""
60 生成镜像过程中最先由debootstrap程序自动安装的附加包, 逗号分隔.
60 生成镜像过程中最先由debootstrap程序自动安装的附加包, 逗号分隔.
61
61
62 ##### `APT_INCLUDES_LATE`=""
62 ##### `APT_INCLUDES_LATE`=""
63 生成镜像过程中最初的debootstrap完成后, 需要的使用apt命令安装的附加包, 逗号分隔. 特别用在含有 pre-depend 依赖关系的包的, 其依赖关系在打包过程中debootstrap程序中无法正确处理.
63 生成镜像过程中最初的debootstrap完成后, 需要的使用apt命令安装的附加包, 逗号分隔. 特别用在含有 pre-depend 依赖关系的包的, 其依赖关系在打包过程中debootstrap程序中无法正确处理.
64
64
65 ---
65 ---
66
66
67 #### 通用系统设置:
67 #### 通用系统设置:
68 ##### `RPI_MODEL`=2
68 ##### `RPI_MODEL`=2
69 指定树莓派型号. 当前支持树莓派 `2``3`. 设为 `3``BUILD_KERNEL` 自动设为true .
69 指定树莓派型号. 当前支持树莓派 `2``3`. 设为 `3``BUILD_KERNEL` 自动设为true .
70
70
71 ##### `RELEASE`="jessie"
71 ##### `RELEASE`="jessie"
72 设置 Debian 发行版. 脚本当前支持 Debian 发行版 "jessie", "stretch" 和 "buster" 的自动生成. 设为`stretch` 或 `buster``BUILD_KERNEL` 自动设为true.
72 设置 Debian 发行版. 脚本当前支持 Debian 发行版 "jessie", "stretch" 和 "buster" 的自动生成. 设为`stretch` 或 `buster``BUILD_KERNEL` 自动设为true.
73
73
74 ##### `RELEASE_ARCH`="armhf"
74 ##### `RELEASE_ARCH`="armhf"
75 设置期望的 Debian 发行架构.
75 设置期望的 Debian 发行架构.
76
76
77 ##### `HOSTNAME`="rpi$RPI_MODEL-$RELEASE"
77 ##### `HOSTNAME`="rpi$RPI_MODEL-$RELEASE"
78 设置主机名称. 建议所在的子网中主机名称是唯一的.
78 设置主机名称. 建议所在的子网中主机名称是唯一的.
79
79
80 ##### `PASSWORD`="raspberry"
80 ##### `PASSWORD`="raspberry"
81 设置系统的 `root` 用户密码. **强烈**建议选择一个自定义密码 .
81 设置系统的 `root` 用户密码. **强烈**建议选择一个自定义密码 .
82
82
83 ##### `USER_PASSWORD`="raspberry"
83 ##### `USER_PASSWORD`="raspberry"
84 设置由 `USER_NAME`=pi 参数创建的普通用户的密码. 如果 `ENABLE_USER`=false 则忽略. **强烈**建议选择一个自定义密码.
84 设置由 `USER_NAME`=pi 参数创建的普通用户的密码. 如果 `ENABLE_USER`=false 则忽略. **强烈**建议选择一个自定义密码.
85
85
86 ##### `DEFLOCAL`="en_US.UTF-8"
86 ##### `DEFLOCAL`="en_US.UTF-8"
87 设置系统默认 locale. 将来可以在运行的系统中执行 `dpkg-reconfigure locales` 命令更改此项设置. 设置这项脚本会自动安装 `locales`, `keyboard-configuration``console-setup` 三个包.
87 设置系统默认 locale. 将来可以在运行的系统中执行 `dpkg-reconfigure locales` 命令更改此项设置. 设置这项脚本会自动安装 `locales`, `keyboard-configuration``console-setup` 三个包.
88
88
89 ##### `TIMEZONE`="Europe/Berlin"
89 ##### `TIMEZONE`="Europe/Berlin"
90 设置系统默认时区. 可以在`/usr/share/zoneinfo/` 目录中找到全部可用时区. 将来可以在运行的系统中执行 `dpkg-reconfigure tzdata` 命令更改此项设置.
90 设置系统默认时区. 可以在`/usr/share/zoneinfo/` 目录中找到全部可用时区. 将来可以在运行的系统中执行 `dpkg-reconfigure tzdata` 命令更改此项设置.
91
91
92 ##### `EXPANDROOT`=true
92 ##### `EXPANDROOT`=true
93 第一次运行时自动扩展根分区和文件系统.
93 第一次运行时自动扩展根分区和文件系统.
94
94
95 ---
95 ---
96
96
97 #### 键盘设置:
97 #### 键盘设置:
98 这些选项用来配置键盘布局文件 `/etc/default/keyboard` 影响控制台和X窗口. 将来可以在运行的系统中执行 `dpkg-reconfigure keyboard-configuration` 命令更改此项设置.
98 这些选项用来配置键盘布局文件 `/etc/default/keyboard` 影响控制台和X窗口. 将来可以在运行的系统中执行 `dpkg-reconfigure keyboard-configuration` 命令更改此项设置.
99
99
100 ##### `XKB_MODEL`=""
100 ##### `XKB_MODEL`=""
101 设置键盘类型, 大陆常见pc104.
101 设置键盘类型, 大陆常见pc104.
102
102
103 ##### `XKB_LAYOUT`=""
103 ##### `XKB_LAYOUT`=""
104 设置键盘布局, 大陆常见us.
104 设置键盘布局, 大陆常见us.
105
105
106 ##### `XKB_VARIANT`=""
106 ##### `XKB_VARIANT`=""
107 设置键盘布局变种.
107 设置键盘布局变种.
108
108
109 ##### `XKB_OPTIONS`=""
109 ##### `XKB_OPTIONS`=""
110 设置其它 XKB 配置选项.
110 设置其它 XKB 配置选项.
111
111
112 ---
112 ---
113
113
114 #### 网络设置 (动态):
114 #### 网络设置 (动态):
115 设置网络为自动获取IP地址. 配置文件位于 `/etc/systemd/network/eth.network`. 在Debian `stretch`中, 默认位置更改为 `/lib/systemd/network`.
115 设置网络为自动获取IP地址. 配置文件位于 `/etc/systemd/network/eth.network`. 在Debian `stretch`中, 默认位置更改为 `/lib/systemd/network`.
116
116
117 ##### `ENABLE_DHCP`=true
117 ##### `ENABLE_DHCP`=true
118 设置系统使用 DHCP 获取动态IP. 需要有一个 DHCP 服务器.
118 设置系统使用 DHCP 获取动态IP. 需要有一个 DHCP 服务器.
119
119
120 ---
120 ---
121
121
122 #### 网络设置 (静态):
122 #### 网络设置 (静态):
123 设置系统为手动配置IP地址. 配置文件位于 `/etc/systemd/network/eth.network`. 在Debian `stretch` 中, 默认位置更改为 `/lib/systemd/network`.
123 设置系统为手动配置IP地址. 配置文件位于 `/etc/systemd/network/eth.network`. 在Debian `stretch` 中, 默认位置更改为 `/lib/systemd/network`.
124 `ENABLE_DHCP`=false 时下面这些静态IP设置才起作用.
124 `ENABLE_DHCP`=false 时下面这些静态IP设置才起作用.
125
125
126 ##### `NET_ADDRESS`=""
126 ##### `NET_ADDRESS`=""
127 设置静态 IPv4 或 IPv6, 使用CIDR "/"形式, 如 "192.169.0.3/24".
127 设置静态 IPv4 或 IPv6, 使用CIDR "/"形式, 如 "192.169.0.3/24".
128
128
129 ##### `NET_GATEWAY`=""
129 ##### `NET_GATEWAY`=""
130 设置默认网关的地址.
130 设置默认网关的地址.
131
131
132 ##### `NET_DNS_1`=""
132 ##### `NET_DNS_1`=""
133 设置主域名服务器地址.
133 设置主域名服务器地址.
134
134
135 ##### `NET_DNS_2`=""
135 ##### `NET_DNS_2`=""
136 设置辅域名服务器地址.
136 设置辅域名服务器地址.
137
137
138 ##### `NET_DNS_DOMAINS`=""
138 ##### `NET_DNS_DOMAINS`=""
139 设置默认的域名搜索后缀, 当主机名称不是一个完整域名(FQDN)时使用.
139 设置默认的域名搜索后缀, 当主机名称不是一个完整域名(FQDN)时使用.
140
140
141 ##### `NET_NTP_1`=""
141 ##### `NET_NTP_1`=""
142 设置主时间服务器地址.
142 设置主时间服务器地址.
143
143
144 ##### `NET_NTP_2`=""
144 ##### `NET_NTP_2`=""
145 设置辅时间服务器地址.
145 设置辅时间服务器地址.
146
146
147 ---
147 ---
148
148
149 #### 基本系统特性:
149 #### 基本系统特性:
150 ##### `ENABLE_CONSOLE`=true
150 ##### `ENABLE_CONSOLE`=true
151 允许串行控制台接口. 没有连接显示器键盘的树莓派推荐打开, 此时如果网络无法连接至树莓派, 可以使用串行控制台连至系统.
151 允许串行控制台接口. 没有连接显示器键盘的树莓派推荐打开, 此时如果网络无法连接至树莓派, 可以使用串行控制台连至系统.
152
152
153 ##### `ENABLE_I2C`=false
153 ##### `ENABLE_I2C`=false
154 允许树莓派2/3的 I2C 接口. 请对照 [树莓派2/3 引脚示意图](http://elinux.org/RPi_Low-level_peripherals) 正确连接 GPIO 引脚.
154 允许树莓派2/3的 I2C 接口. 请对照 [树莓派2/3 引脚示意图](https://elinux.org/RPi_Low-level_peripherals) 正确连接 GPIO 引脚.
155
155
156 ##### `ENABLE_SPI`=false
156 ##### `ENABLE_SPI`=false
157 允许树莓派2/3的 SPI 接口. 请对照 [树莓派2/3 引脚示意图](http://elinux.org/RPi_Low-level_peripherals) 正确连接 GPIO 引脚.
157 允许树莓派2/3的 SPI 接口. 请对照 [树莓派2/3 引脚示意图](https://elinux.org/RPi_Low-level_peripherals) 正确连接 GPIO 引脚.
158
158
159 ##### `ENABLE_IPV6`=true
159 ##### `ENABLE_IPV6`=true
160 允许 IPv6 . 通过 systemd-networkd 配置管理网络接口.
160 允许 IPv6 . 通过 systemd-networkd 配置管理网络接口.
161
161
162 ##### `ENABLE_SSHD`=true
162 ##### `ENABLE_SSHD`=true
163 安装并且允许 OpenSSH 服务. 此服务默认禁止 `root` 用户远程登录. 使用普通用户 `pi` 远程登录然后使用 `su -``sudo` 来取得root权限.
163 安装并且允许 OpenSSH 服务. 此服务默认禁止 `root` 用户远程登录. 使用普通用户 `pi` 远程登录然后使用 `su -``sudo` 来取得root权限.
164
164
165 ##### `ENABLE_NONFREE`=false
165 ##### `ENABLE_NONFREE`=false
166 允许安装仓库中的 non-free 类的软件包. 需要安装闭源的固件, 二进制大对象 blob.
166 允许安装仓库中的 non-free 类的软件包. 需要安装闭源的固件, 二进制大对象 blob.
167
167
168 ##### `ENABLE_WIRELESS`=false
168 ##### `ENABLE_WIRELESS`=false
169 下载安装树莓派3无线接口所需要的闭源固件 二进制blob [树莓派3无线接口固件](https://github.com/RPi-Distro/firmware-nonfree/tree/master/brcm80211/brcm). 如果 `RPI_MODEL` 不是 `3` 则忽略.
169 下载安装树莓派3无线接口所需要的闭源固件 二进制blob [树莓派3无线接口固件](https://github.com/RPi-Distro/firmware-nonfree/tree/master/brcm80211/brcm). 如果 `RPI_MODEL` 不是 `3` 则忽略.
170
170
171 ##### `ENABLE_RSYSLOG`=true
171 ##### `ENABLE_RSYSLOG`=true
172 如果设置为 false, 禁用并卸载 rsyslog, 则只能通过日志文件查看logs.
172 如果设置为 false, 禁用并卸载 rsyslog, 则只能通过日志文件查看logs.
173
173
174 ##### `ENABLE_SOUND`=true
174 ##### `ENABLE_SOUND`=true
175 允许声卡并且安装 ALSA.
175 允许声卡并且安装 ALSA.
176
176
177 ##### `ENABLE_HWRANDOM`=true
177 ##### `ENABLE_HWRANDOM`=true
178 允许硬件随机数发生器. 强随机数对大多数使用加密的网络通信是非常重要的. 推荐允许此设置.
178 允许硬件随机数发生器. 强随机数对大多数使用加密的网络通信是非常重要的. 推荐允许此设置.
179
179
180 ##### `ENABLE_MINGPU`=false
180 ##### `ENABLE_MINGPU`=false
181 最小化显存 (16MB, no X), 目前无法完全禁用GPU.
181 最小化显存 (16MB, no X), 目前无法完全禁用GPU.
182
182
183 ##### `ENABLE_DBUS`=true
183 ##### `ENABLE_DBUS`=true
184 安装并允许 D-Bus 消息总线. 虽然 systemd 可以在没有 D-bus的情况下工作, 但是推荐允许D-Bus.
184 安装并允许 D-Bus 消息总线. 虽然 systemd 可以在没有 D-bus的情况下工作, 但是推荐允许D-Bus.
185
185
186 ##### `ENABLE_XORG`=false
186 ##### `ENABLE_XORG`=false
187 是否安装 Xorg, 开源 X11 系统.
187 是否安装 Xorg, 开源 X11 系统.
188
188
189 ##### `ENABLE_WM`=""
189 ##### `ENABLE_WM`=""
190 安装用户指定的X Window 窗口管理器. 如果设置了`ENABLE_WM`, 系统确定所有被依赖的X11相关软件包都安装好了以后`ENABLE_XORG`会自动设置为true, `rpi23-gen-image.sh` 脚本已经通过下列窗口管理器的测试: `blackbox`, `openbox`, `fluxbox`, `jwm`, `dwm`, `xfce4`, `awesome`.
190 安装用户指定的X Window 窗口管理器. 如果设置了`ENABLE_WM`, 系统确定所有被依赖的X11相关软件包都安装好了以后`ENABLE_XORG`会自动设置为true, `rpi23-gen-image.sh` 脚本已经通过下列窗口管理器的测试: `blackbox`, `openbox`, `fluxbox`, `jwm`, `dwm`, `xfce4`, `awesome`.
191
191
192 ---
192 ---
193
193
194 #### 高级系统特性:
194 #### 高级系统特性:
195 ##### `ENABLE_MINBASE`=false
195 ##### `ENABLE_MINBASE`=false
196 使用 debootstrap 脚本变量 `minbase`, 只含有必不可少的核心包和apt. 体积大约 65 MB.
196 使用 debootstrap 脚本变量 `minbase`, 只含有必不可少的核心包和apt. 体积大约 65 MB.
197
197
198 ##### `ENABLE_REDUCE`=false
198 ##### `ENABLE_REDUCE`=false
199 卸载包、删除文件以减小体积 详情查看 `REDUCE_*` 参数.
199 卸载包、删除文件以减小体积 详情查看 `REDUCE_*` 参数.
200
200
201 ##### `ENABLE_UBOOT`=false
201 ##### `ENABLE_UBOOT`=false
202 使用 [U-Boot 引导器](http://git.denx.de/?p=u-boot.git;a=summary) 替代树莓派2/3 默认的第二阶段引导器(bootcode.bin). U-Boot 可以通过网络使用 BOOTP/TFTP 协议引导镜像文件.
202 使用 [U-Boot 引导器](https://git.denx.de/?p=u-boot.git;a=summary) 替代树莓派2/3 默认的第二阶段引导器(bootcode.bin). U-Boot 可以通过网络使用 BOOTP/TFTP 协议引导镜像文件.
203
203
204 ##### `UBOOTSRC_DIR`=""
204 ##### `UBOOTSRC_DIR`=""
205 存放已下载 [U-Boot 引导器源文件](http://git.denx.de/?p=u-boot.git;a=summary) 的目录(`u-boot`).
205 存放已下载 [U-Boot 引导器源文件](https://git.denx.de/?p=u-boot.git;a=summary) 的目录(`u-boot`).
206
206
207 ##### `ENABLE_FBTURBO`=false
207 ##### `ENABLE_FBTURBO`=false
208 安装并且允许 [硬件加速的 Xorg 显卡驱动](https://github.com/ssvb/xf86-video-fbturbo) `fbturbo`. 当前仅支持窗口的移动和滚动的硬件加速.
208 安装并且允许 [硬件加速的 Xorg 显卡驱动](https://github.com/ssvb/xf86-video-fbturbo) `fbturbo`. 当前仅支持窗口的移动和滚动的硬件加速.
209
209
210 ##### `FBTURBOSRC_DIR`=""
210 ##### `FBTURBOSRC_DIR`=""
211 设置存放已下载的 [硬件加速的 Xorg 显卡驱动](https://github.com/ssvb/xf86-video-fbturbo) 的目录 (`xf86-video-fbturbo`) , 可以复制到chroot内配置、构建和安装.
211 设置存放已下载的 [硬件加速的 Xorg 显卡驱动](https://github.com/ssvb/xf86-video-fbturbo) 的目录 (`xf86-video-fbturbo`) , 可以复制到chroot内配置、构建和安装.
212
212
213 ##### `ENABLE_IPTABLES`=false
213 ##### `ENABLE_IPTABLES`=false
214 允许 iptables 防火墙. 使用最简单的规则集: 允许所有出站连接;禁止除OpenSSH外的所有入站连接.
214 允许 iptables 防火墙. 使用最简单的规则集: 允许所有出站连接;禁止除OpenSSH外的所有入站连接.
215
215
216 ##### `ENABLE_USER`=true
216 ##### `ENABLE_USER`=true
217 创建普通用户, 默认用户名`pi`, 默认密码raspberry. 可以使用 `USER_NAME`=user 更改默认用户名;使用 `USER_PASSWORD`=raspberry 更改默认密码.
217 创建普通用户, 默认用户名`pi`, 默认密码raspberry. 可以使用 `USER_NAME`=user 更改默认用户名;使用 `USER_PASSWORD`=raspberry 更改默认密码.
218
218
219 ##### `USER_NAME`=pi
219 ##### `USER_NAME`=pi
220 创建普通用户pi. 如果`ENABLE_USER`=false 此参数被忽略.
220 创建普通用户pi. 如果`ENABLE_USER`=false 此参数被忽略.
221
221
222 ##### `ENABLE_ROOT`=false
222 ##### `ENABLE_ROOT`=false
223 允许root用户登录, 需要设置 root 用户密码.
223 允许root用户登录, 需要设置 root 用户密码.
224
224
225 ##### `ENABLE_HARDNET`=false
225 ##### `ENABLE_HARDNET`=false
226 允许加固 IPv4/IPv6 协议栈, 防止DoS攻击.
226 允许加固 IPv4/IPv6 协议栈, 防止DoS攻击.
227
227
228 ##### `ENABLE_SPLITFS`=false
228 ##### `ENABLE_SPLITFS`=false
229 允许将根分区放在USB驱动器中. 将会生成两个镜像文件, 一个挂载为 `/boot/firmware` , 另一个挂载为 `/`.
229 允许将根分区放在USB驱动器中. 将会生成两个镜像文件, 一个挂载为 `/boot/firmware` , 另一个挂载为 `/`.
230
230
231 ##### `CHROOT_SCRIPTS`=""
231 ##### `CHROOT_SCRIPTS`=""
232 设置自定义脚本目录的路径, 该目录中的脚本在镜像文件构建完成之前在chroot中运行. 这个目录里的可执行文件按着字典序运行.
232 设置自定义脚本目录的路径, 该目录中的脚本在镜像文件构建完成之前在chroot中运行. 这个目录里的可执行文件按着字典序运行.
233
233
234 ##### `ENABLE_INITRAMFS`=false
234 ##### `ENABLE_INITRAMFS`=false
235 创建 Linux 启动时加载的 initramfs .如果 `ENABLE_CRYPTFS`=true 那么 `ENABLE_INITRAMFS` 自动设为true . 如果 `BUILD_KERNEL`=false 此参数被忽略.
235 创建 Linux 启动时加载的 initramfs .如果 `ENABLE_CRYPTFS`=true 那么 `ENABLE_INITRAMFS` 自动设为true . 如果 `BUILD_KERNEL`=false 此参数被忽略.
236
236
237 ##### `ENABLE_IFNAMES`=true
237 ##### `ENABLE_IFNAMES`=true
238 允许一致/可预测网络接口命名, 支持 Debian 发行版 `stretch``buster` .
238 允许一致/可预测网络接口命名, 支持 Debian 发行版 `stretch``buster` .
239
239
240 ##### `DISABLE_UNDERVOLT_WARNINGS`=
240 ##### `DISABLE_UNDERVOLT_WARNINGS`=
241 禁止树莓派2/3 的低电压警告. 设为 `1` 禁止警告. 设为 `2` 额外允许低电压下的turbo增强模式.
241 禁止树莓派2/3 的低电压警告. 设为 `1` 禁止警告. 设为 `2` 额外允许低电压下的turbo增强模式.
242
242
243 ---
243 ---
244
244
245 #### SSH 设置:
245 #### SSH 设置:
246 ##### `SSH_ENABLE_ROOT`=false
246 ##### `SSH_ENABLE_ROOT`=false
247 允许root通过密码验证方式远程登录系统. 如果没有修改默认密码, 这将是个巨大的安全隐患. `ENABLE_ROOT` 必须设为 `true`.
247 允许root通过密码验证方式远程登录系统. 如果没有修改默认密码, 这将是个巨大的安全隐患. `ENABLE_ROOT` 必须设为 `true`.
248
248
249 ##### `SSH_DISABLE_PASSWORD_AUTH`=false
249 ##### `SSH_DISABLE_PASSWORD_AUTH`=false
250 禁用SSH的密码验证方式, 只支持SSH (v2)的公钥认证.
250 禁用SSH的密码验证方式, 只支持SSH (v2)的公钥认证.
251
251
252 ##### `SSH_LIMIT_USERS`=false
252 ##### `SSH_LIMIT_USERS`=false
253 限制通过SSH远程登录的用户. 只允许由 `USER_NAME`=pi 参数创建的普通用户, 以及当 `SSH_ENABLE_ROOT`=true 时 root 用户远程登录. 如果使用的守护程序是 `dropbear` (通过 `REDUCE_SSHD`=true 设置) 则忽略此参数.
253 限制通过SSH远程登录的用户. 只允许由 `USER_NAME`=pi 参数创建的普通用户, 以及当 `SSH_ENABLE_ROOT`=true 时 root 用户远程登录. 如果使用的守护程序是 `dropbear` (通过 `REDUCE_SSHD`=true 设置) 则忽略此参数.
254
254
255 ##### `SSH_ROOT_PUB_KEY`=""
255 ##### `SSH_ROOT_PUB_KEY`=""
256 从指定文件(可包含多个公钥)添加 SSH (v2) 公钥到 `authorized_keys` 文件, 使得 `root` 用户可以使用SSH (v2)的公钥验证方式远程登录, 不支持SSH (v1). `ENABLE_ROOT` **和** `SSH_ENABLE_ROOT` 必须同时设为 `true`.
256 从指定文件(可包含多个公钥)添加 SSH (v2) 公钥到 `authorized_keys` 文件, 使得 `root` 用户可以使用SSH (v2)的公钥验证方式远程登录, 不支持SSH (v1). `ENABLE_ROOT` **和** `SSH_ENABLE_ROOT` 必须同时设为 `true`.
257
257
258 ##### `SSH_USER_PUB_KEY`=""
258 ##### `SSH_USER_PUB_KEY`=""
259 从指定文件(可包含多个公钥)添加 SSH (v2) 公钥到 `authorized_keys` 文件, 使得由 `USER_NAME`=pi 参数创建的普通用户可以使用SSH (v2)的公钥验证方式远程登录, 不支持SSH (v1).
259 从指定文件(可包含多个公钥)添加 SSH (v2) 公钥到 `authorized_keys` 文件, 使得由 `USER_NAME`=pi 参数创建的普通用户可以使用SSH (v2)的公钥验证方式远程登录, 不支持SSH (v1).
260
260
261 ---
261 ---
262
262
263 #### 内核编译:
263 #### 内核编译:
264 ##### `BUILD_KERNEL`=false
264 ##### `BUILD_KERNEL`=false
265 构建安装最新的树莓派 2/3 Linux 内核, 当前只支持默认内核配置. 如果设置为树莓派`3`那么自动设置`BUILD_KERNEL`=true .
265 构建安装最新的树莓派 2/3 Linux 内核, 当前只支持默认内核配置. 如果设置为树莓派`3`那么自动设置`BUILD_KERNEL`=true .
266
266
267 ##### `CROSS_COMPILE`="arm-linux-gnueabihf-"
267 ##### `CROSS_COMPILE`="arm-linux-gnueabihf-"
268 设置交叉编译器.
268 设置交叉编译器.
269
269
270 ##### `KERNEL_ARCH`="arm"
270 ##### `KERNEL_ARCH`="arm"
271 设置内核架构.
271 设置内核架构.
272
272
273 ##### `KERNEL_IMAGE`="kernel7.img"
273 ##### `KERNEL_IMAGE`="kernel7.img"
274 内核镜像名称, 如果没有设置, 编译32位内核默认“kernel7.img” 64位内核默认 "kernel8.img".
274 内核镜像名称, 如果没有设置, 编译32位内核默认“kernel7.img” 64位内核默认 "kernel8.img".
275
275
276 ##### `KERNEL_BRANCH`=""
276 ##### `KERNEL_BRANCH`=""
277 GIT里的树莓派内核源代码分支名称, 默认使用当前默认分支.
277 GIT里的树莓派内核源代码分支名称, 默认使用当前默认分支.
278
278
279 ##### `QEMU_BINARY`="/usr/bin/qemu-arm-static"
279 ##### `QEMU_BINARY`="/usr/bin/qemu-arm-static"
280 设置构建系统中的QEMU程序位置. 如果没有设置, 32位内核默认 “/usr/bin/qemu-arm-static” 64位内核默认 "/usr/bin/qemu-aarch64-static".
280 设置构建系统中的QEMU程序位置. 如果没有设置, 32位内核默认 “/usr/bin/qemu-arm-static” 64位内核默认 "/usr/bin/qemu-aarch64-static".
281
281
282 ##### `KERNEL_DEFCONFIG`="bcm2709_defconfig"
282 ##### `KERNEL_DEFCONFIG`="bcm2709_defconfig"
283 设置编译内核的默认配置. 如果没有设置, 32位内核默认"bcm2709_defconfig" 64位内核默认"bcmrpi3\_defconfig".
283 设置编译内核的默认配置. 如果没有设置, 32位内核默认"bcm2709_defconfig" 64位内核默认"bcmrpi3\_defconfig".
284
284
285 ##### `KERNEL_REDUCE`=false
285 ##### `KERNEL_REDUCE`=false
286 缩小内核体积, 移除不想要的设备驱动、网络驱动和文件系统驱动 (实验性质).
286 缩小内核体积, 移除不想要的设备驱动、网络驱动和文件系统驱动 (实验性质).
287
287
288 ##### `KERNEL_THREADS`=1
288 ##### `KERNEL_THREADS`=1
289 编译内核时的并发线程数量. 如果使用默认设置, 系统会自动检测CPU的内核数量, 设置线程数量, 加速内核编译.
289 编译内核时的并发线程数量. 如果使用默认设置, 系统会自动检测CPU的内核数量, 设置线程数量, 加速内核编译.
290
290
291 ##### `KERNEL_HEADERS`=true
291 ##### `KERNEL_HEADERS`=true
292 安装内核相应的头文件.
292 安装内核相应的头文件.
293
293
294 ##### `KERNEL_MENUCONFIG`=false
294 ##### `KERNEL_MENUCONFIG`=false
295 运行`make menuconfig`使用菜单界面配置内核. 退出配置菜单后脚本继续运行.
295 运行`make menuconfig`使用菜单界面配置内核. 退出配置菜单后脚本继续运行.
296
296
297 ##### `KERNEL_REMOVESRC`=true
297 ##### `KERNEL_REMOVESRC`=true
298 编译安装完成后, 删掉内核源代码, 产生的镜像不含内核源代码.
298 编译安装完成后, 删掉内核源代码, 产生的镜像不含内核源代码.
299
299
300 ##### `KERNELSRC_DIR`=""
300 ##### `KERNELSRC_DIR`=""
301 已下载好的 [Github上的树莓派官方内核](https://github.com/raspberrypi/linux) 源码所在目录 (`linux`) 的路径, 可以复制到chroot内配置、构建和安装.
301 已下载好的 [Github上的树莓派官方内核](https://github.com/raspberrypi/linux) 源码所在目录 (`linux`) 的路径, 可以复制到chroot内配置、构建和安装.
302
302
303 ##### `KERNELSRC_CLEAN`=false
303 ##### `KERNELSRC_CLEAN`=false
304 当`KERNELSRC_DIR`被复制到 chroot 之后开始编译之前(使用 `make mrproper`)清理内核源代码. 如果 `KERNELSRC_DIR` 没有设置或者 `KERNELSRC_PREBUILT`=true时忽略此设置.
304 当`KERNELSRC_DIR`被复制到 chroot 之后开始编译之前(使用 `make mrproper`)清理内核源代码. 如果 `KERNELSRC_DIR` 没有设置或者 `KERNELSRC_PREBUILT`=true时忽略此设置.
305
305
306 ##### `KERNELSRC_CONFIG`=true
306 ##### `KERNELSRC_CONFIG`=true
307 在编译前使用 `make bcm2709_defconfig` (也可以选择 `make menuconfig`) 配置内核源代码. 如果`KERNELSRC_DIR`指定的源码存放目录不存在,这个参数自动设为 `true`. 如果 `KERNELSRC_PREBUILT`=true 忽略此参数.
307 在编译前使用 `make bcm2709_defconfig` (也可以选择 `make menuconfig`) 配置内核源代码. 如果`KERNELSRC_DIR`指定的源码存放目录不存在,这个参数自动设为 `true`. 如果 `KERNELSRC_PREBUILT`=true 忽略此参数.
308
308
309 ##### `KERNELSRC_USRCONFIG`=""
309 ##### `KERNELSRC_USRCONFIG`=""
310 复制自己的配置文件到内核的 `.config`. 如果 `KERNEL_MENUCONFIG`=true 拷贝完成后自动运行 make menuconfig.
310 复制自己的配置文件到内核的 `.config`. 如果 `KERNEL_MENUCONFIG`=true 拷贝完成后自动运行 make menuconfig.
311
311
312 ##### `KERNELSRC_PREBUILT`=false
312 ##### `KERNELSRC_PREBUILT`=false
313 如果这个参数设为true 表示内核源代码目录中包含成功交叉编译好的内核. 忽略 `KERNELSRC_CLEAN`, `KERNELSRC_CONFIG`, `KERNELSRC_USRCONFIG` and `KERNEL_MENUCONFIG` 这四个参数,不再执行交叉编译操作.
313 如果这个参数设为true 表示内核源代码目录中包含成功交叉编译好的内核. 忽略 `KERNELSRC_CLEAN`, `KERNELSRC_CONFIG`, `KERNELSRC_USRCONFIG` and `KERNEL_MENUCONFIG` 这四个参数,不再执行交叉编译操作.
314
314
315 ##### `RPI_FIRMWARE_DIR`=""
315 ##### `RPI_FIRMWARE_DIR`=""
316 指定目录 (`firmware`) 含有已经从 [Github上的树莓派官方固件](https://github.com/raspberrypi/firmware)下载到本地的固件. 默认直接从网上下载最新的固件.
316 指定目录 (`firmware`) 含有已经从 [Github上的树莓派官方固件](https://github.com/raspberrypi/firmware)下载到本地的固件. 默认直接从网上下载最新的固件.
317
317
318 ---
318 ---
319
319
320 #### 缩小体积:
320 #### 缩小体积:
321 如果 `ENABLE_REDUCE`=false 则忽略下列参数.
321 如果 `ENABLE_REDUCE`=false 则忽略下列参数.
322
322
323 ##### `REDUCE_APT`=true
323 ##### `REDUCE_APT`=true
324 配置 APT,压缩仓库文件列表,不缓存下载的包文件.
324 配置 APT,压缩仓库文件列表,不缓存下载的包文件.
325
325
326 ##### `REDUCE_DOC`=true
326 ##### `REDUCE_DOC`=true
327 移除所有的doc文档文件(harsh). 配置 APT, 将来使用`apt-get`安装deb包时不包括doc文件.
327 移除所有的doc文档文件(harsh). 配置 APT, 将来使用`apt-get`安装deb包时不包括doc文件.
328
328
329 ##### `REDUCE_MAN`=true
329 ##### `REDUCE_MAN`=true
330 移除所有的man手册页和info文件 (harsh). 配置 APT, 将来使用`apt-get`安装deb包时不包括man手册页.
330 移除所有的man手册页和info文件 (harsh). 配置 APT, 将来使用`apt-get`安装deb包时不包括man手册页.
331
331
332 ##### `REDUCE_VIM`=false
332 ##### `REDUCE_VIM`=false
333 使用vim的小型克隆 `levee` 替代 `vim-tiny`.
333 使用vim的小型克隆 `levee` 替代 `vim-tiny`.
334
334
335 ##### `REDUCE_BASH`=false
335 ##### `REDUCE_BASH`=false
336 使用 `dash` 代替 `bash` (实验性质).
336 使用 `dash` 代替 `bash` (实验性质).
337
337
338 ##### `REDUCE_HWDB`=true
338 ##### `REDUCE_HWDB`=true
339 移除与 PCI 相关的 hwdb 文件 (实验性质).
339 移除与 PCI 相关的 hwdb 文件 (实验性质).
340
340
341 ##### `REDUCE_SSHD`=true
341 ##### `REDUCE_SSHD`=true
342 使用`dropbear`代替 `openssh-server`.
342 使用`dropbear`代替 `openssh-server`.
343
343
344 ##### `REDUCE_LOCALE`=true
344 ##### `REDUCE_LOCALE`=true
345 移除所有的 `locale` 本地化文件.
345 移除所有的 `locale` 本地化文件.
346
346
347 ---
347 ---
348
348
349 #### 加密根分区:
349 #### 加密根分区:
350 ##### `ENABLE_CRYPTFS`=false
350 ##### `ENABLE_CRYPTFS`=false
351 使用dm-crypt进行全盘加密. 创建一个 LUKS 加密根分区 (加密方法 aes-xts-plain64:sha512) 并生成所需要的 initramfs. /boot 目录不会被加密. 当`BUILD_KERNEL`=false时忽略此参数. `ENABLE_CRYPTFS` 这个参数当前是实验性质的. SSH-to-initramfs 当前不支持,正在进行中.
351 使用dm-crypt进行全盘加密. 创建一个 LUKS 加密根分区 (加密方法 aes-xts-plain64:sha512) 并生成所需要的 initramfs. /boot 目录不会被加密. 当`BUILD_KERNEL`=false时忽略此参数. `ENABLE_CRYPTFS` 这个参数当前是实验性质的. SSH-to-initramfs 当前不支持,正在进行中.
352
352
353 ##### `CRYPTFS_PASSWORD`=""
353 ##### `CRYPTFS_PASSWORD`=""
354 设置根分区的加密密码. 如果 `ENABLE_CRYPTFS`=true,请务必设置此参数.
354 设置根分区的加密密码. 如果 `ENABLE_CRYPTFS`=true,请务必设置此参数.
355
355
356 ##### `CRYPTFS_MAPPING`="secure"
356 ##### `CRYPTFS_MAPPING`="secure"
357 设置device-mapper映射名称.
357 设置device-mapper映射名称.
358
358
359 ##### `CRYPTFS_CIPHER`="aes-xts-plain64:sha512"
359 ##### `CRYPTFS_CIPHER`="aes-xts-plain64:sha512"
360 加密算法. 推荐 `aes-xts*`加密法.
360 加密算法. 推荐 `aes-xts*`加密法.
361
361
362 ##### `CRYPTFS_XTSKEYSIZE`=512
362 ##### `CRYPTFS_XTSKEYSIZE`=512
363 设置密钥长度,8的倍数,以bit为单位.
363 设置密钥长度,8的倍数,以bit为单位.
364
364
365 ---
365 ---
366
366
367 #### Build settings构建设置:
367 #### Build settings构建设置:
368 ##### `BASEDIR`=$(pwd)/images/${RELEASE}
368 ##### `BASEDIR`=$(pwd)/images/${RELEASE}
369 设置产生镜像的目录.
369 设置产生镜像的目录.
370
370
371 ##### `IMAGE_NAME`=${BASEDIR}/${DATE}-${KERNEL_ARCH}-${KERNEL_BRANCH}-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}
371 ##### `IMAGE_NAME`=${BASEDIR}/${DATE}-${KERNEL_ARCH}-${KERNEL_BRANCH}-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}
372 设置镜像文件名. 如果`ENABLE_SPLITFS`=false则文件名$IMAGE_NAME.img 如果`ENABLE_SPLITFS`=true则文件名$IMAGE_NAME-frmw.img 和 $IMAGE_NAME-root.img. 如果没有设置 `KERNEL_BRANCH` 则使用 "CURRENT" .
372 设置镜像文件名. 如果`ENABLE_SPLITFS`=false则文件名$IMAGE_NAME.img 如果`ENABLE_SPLITFS`=true则文件名$IMAGE_NAME-frmw.img 和 $IMAGE_NAME-root.img. 如果没有设置 `KERNEL_BRANCH` 则使用 "CURRENT" .
373
373
374 ## 理解脚本
374 ## 理解脚本
375 制作镜像的每个阶段所实现的功能都由各自的脚本完成, 位于 `bootstrap.d` 目录. 按着字典序执行:
375 制作镜像的每个阶段所实现的功能都由各自的脚本完成, 位于 `bootstrap.d` 目录. 按着字典序执行:
376
376
377 | 脚本 | 说明 |
377 | 脚本 | 说明 |
378 | --- | --- |
378 | --- | --- |
379 | `10-bootstrap.sh` | 生成基本系统 |
379 | `10-bootstrap.sh` | 生成基本系统 |
380 | `11-apt.sh` | 设置 APT 仓库源 |
380 | `11-apt.sh` | 设置 APT 仓库源 |
381 | `12-locale.sh` | 设置 Locales 和 keyboard |
381 | `12-locale.sh` | 设置 Locales 和 keyboard |
382 | `13-kernel.sh` | 编译安装树莓派 2/3 内核 |
382 | `13-kernel.sh` | 编译安装树莓派 2/3 内核 |
383 | `14-fstab.sh` | 设置 fstab 和 initramfs |
383 | `14-fstab.sh` | 设置 fstab 和 initramfs |
384 | `15-rpi-config.sh` | 设置 RPi2/3 config and cmdline |
384 | `15-rpi-config.sh` | 设置 RPi2/3 config and cmdline |
385 | `20-networking.sh` | 设置网络 |
385 | `20-networking.sh` | 设置网络 |
386 | `21-firewall.sh` | 设置防火墙 |
386 | `21-firewall.sh` | 设置防火墙 |
387 | `30-security.sh` | 设置用户以及安全相关 |
387 | `30-security.sh` | 设置用户以及安全相关 |
388 | `31-logging.sh` | 设置日志 |
388 | `31-logging.sh` | 设置日志 |
389 | `32-sshd.sh` | 设置 SSH 和公钥 |
389 | `32-sshd.sh` | 设置 SSH 和公钥 |
390 | `41-uboot.sh` | 编译设置 U-Boot |
390 | `41-uboot.sh` | 编译设置 U-Boot |
391 | `42-fbturbo.sh` | 编译设置 fbturbo Xorg 驱动 |
391 | `42-fbturbo.sh` | 编译设置 fbturbo Xorg 驱动 |
392 | `50-firstboot.sh` | 首次启动执行的任务 |
392 | `50-firstboot.sh` | 首次启动执行的任务 |
393 | `99-reduce.sh` | 缩小体积 |
393 | `99-reduce.sh` | 缩小体积 |
394
394
395 所有需要拷贝到镜像文件的配置文件都位于 `files` 目录. 最好不要手动更改这些配置文件.
395 所有需要拷贝到镜像文件的配置文件都位于 `files` 目录. 最好不要手动更改这些配置文件.
396
396
397 | 目录 | 说明 |
397 | 目录 | 说明 |
398 | --- | --- |
398 | --- | --- |
399 | `apt` | APT 管理配置文件 |
399 | `apt` | APT 管理配置文件 |
400 | `boot` | 引导文件 树莓派2/3配置文件 |
400 | `boot` | 引导文件 树莓派2/3配置文件 |
401 | `dpkg` | 包管理配置文件 |
401 | `dpkg` | 包管理配置文件 |
402 | `etc` | 配置文件以及 rc 启动脚本 |
402 | `etc` | 配置文件以及 rc 启动脚本 |
403 | `firstboot` | 首次引导执行的脚本 |
403 | `firstboot` | 首次引导执行的脚本 |
404 | `initramfs` | Initramfs 脚本 |
404 | `initramfs` | Initramfs 脚本 |
405 | `iptables` | 防火墙配置文件 |
405 | `iptables` | 防火墙配置文件 |
406 | `locales` | Locales 配置 |
406 | `locales` | Locales 配置 |
407 | `modules` | 内核模块配置 |
407 | `modules` | 内核模块配置 |
408 | `mount` | Fstab 配置 |
408 | `mount` | Fstab 配置 |
409 | `network` | 网络配置文件 |
409 | `network` | 网络配置文件 |
410 | `sysctl.d` | 交换文件以及IP协议加固配置文件 |
410 | `sysctl.d` | 交换文件以及IP协议加固配置文件 |
411 | `xorg` | fbturbo Xorg 驱动配置 |
411 | `xorg` | fbturbo Xorg 驱动配置 |
412
412
413 ## 自定义包和脚本
413 ## 自定义包和脚本
414 `packages` 目录里放置自定义deb包, 比如系统仓库里没有的软件.在安装完系统仓库中的包之后安装. 自定义包所依赖的deb包会自动从系统仓库下载. 不要把自定义包添加到 `APT_INCLUDES` 参数中.
414 `packages` 目录里放置自定义deb包, 比如系统仓库里没有的软件.在安装完系统仓库中的包之后安装. 自定义包所依赖的deb包会自动从系统仓库下载. 不要把自定义包添加到 `APT_INCLUDES` 参数中.
415 `custom.d` 目录中的脚本会在其它安装都完成后, 创建镜像文件之前执行.
415 `custom.d` 目录中的脚本会在其它安装都完成后, 创建镜像文件之前执行.
416
416
417 ## 记录镜像产生过程的信息
417 ## 记录镜像产生过程的信息
418 所有镜像产生过程的信息、`rpi23-gen-image.sh` 脚本执行的命令都可以通过shell的 `script` 命令保存到日志文件中:
418 所有镜像产生过程的信息、`rpi23-gen-image.sh` 脚本执行的命令都可以通过shell的 `script` 命令保存到日志文件中:
419
419
420 ```shell
420 ```shell
421 script -c 'APT_SERVER=ftp.de.debian.org ./rpi23-gen-image.sh' ./build.log
421 script -c 'APT_SERVER=ftp.de.debian.org ./rpi23-gen-image.sh' ./build.log
422 ```
422 ```
423
423
424 ## 烧录镜像文件
424 ## 烧录镜像文件
425 `rpi23-gen-image.sh` 所生成的镜像文件需要使用 `bmaptool``dd` 烧录到 microSD 卡. `bmaptool` 速度快比 `dd` 聪明.
425 `rpi23-gen-image.sh` 所生成的镜像文件需要使用 `bmaptool``dd` 烧录到 microSD 卡. `bmaptool` 速度快比 `dd` 聪明.
426
426
427 ##### 烧录示例:
427 ##### 烧录示例:
428 ```shell
428 ```shell
429 bmaptool copy ./images/jessie/2017-01-23-rpi3-jessie.img /dev/mmcblk0
429 bmaptool copy ./images/jessie/2017-01-23-rpi3-jessie.img /dev/mmcblk0
430 dd bs=4M if=./images/jessie/2017-01-23-rpi3-jessie.img of=/dev/mmcblk0
430 dd bs=4M if=./images/jessie/2017-01-23-rpi3-jessie.img of=/dev/mmcblk0
431 ```
431 ```
432 如果设置过 `ENABLE_SPLITFS`, 烧录 `-frmw` 文件到 microSD 卡, 烧录 `-root` 文件到 USB 驱动器:
432 如果设置过 `ENABLE_SPLITFS`, 烧录 `-frmw` 文件到 microSD 卡, 烧录 `-root` 文件到 USB 驱动器:
433 ```shell
433 ```shell
434 bmaptool copy ./images/jessie/2017-01-23-rpi3-jessie-frmw.img /dev/mmcblk0
434 bmaptool copy ./images/jessie/2017-01-23-rpi3-jessie-frmw.img /dev/mmcblk0
435 bmaptool copy ./images/jessie/2017-01-23-rpi3-jessie-root.img /dev/sdc
435 bmaptool copy ./images/jessie/2017-01-23-rpi3-jessie-root.img /dev/sdc
436 ```
436 ```
437 ## 每周镜像
437 ## 每周镜像
438 这些镜像由JRWR'S I/O PORT提供, 每周日午夜UTC 0点编译!
438 这些镜像由JRWR'S I/O PORT提供, 每周日午夜UTC 0点编译!
439 * [Debian Stretch Raspberry Pi2/3 周构建镜像](https://jrwr.io/doku.php?id=projects:debianpi)
439 * [Debian Stretch Raspberry Pi2/3 周构建镜像](https://jrwr.io/doku.php?id=projects:debianpi)
440
440
441 ## External links and references外部链接, 各种资源
441 ## External links and references外部链接, 各种资源
442 * [Debian 全世界镜像列表](https://www.debian.org/mirror/list)
442 * [Debian 全世界镜像列表](https://www.debian.org/mirror/list)
443 * [Debian 树莓派 2 Wiki](https://wiki.debian.org/RaspberryPi2)
443 * [Debian 树莓派 2 Wiki](https://wiki.debian.org/RaspberryPi2)
444 * [Debian 交叉工具链 Wiki](https://wiki.debian.org/CrossToolchains)
444 * [Debian 交叉工具链 Wiki](https://wiki.debian.org/CrossToolchains)
445 * [Github上的树莓派官方固件](https://github.com/raspberrypi/firmware)
445 * [Github上的树莓派官方固件](https://github.com/raspberrypi/firmware)
446 * [Github上的树莓派官方内核](https://github.com/raspberrypi/linux)
446 * [Github上的树莓派官方内核](https://github.com/raspberrypi/linux)
447 * [U-BOOT git 仓库](http://git.denx.de/?p=u-boot.git;a=summary)
447 * [U-BOOT git 仓库](https://git.denx.de/?p=u-boot.git;a=summary)
448 * [Xorg DDX fbturbo驱动](https://github.com/ssvb/xf86-video-fbturbo)
448 * [Xorg DDX fbturbo驱动](https://github.com/ssvb/xf86-video-fbturbo)
449 * [树莓派3无线接口固件](https://github.com/RPi-Distro/firmware-nonfree/tree/master/brcm80211/brcm)
449 * [树莓派3无线接口固件](https://github.com/RPi-Distro/firmware-nonfree/tree/master/brcm80211/brcm)
450 * [Collabora 树莓派2预编译内核](https://repositories.collabora.co.uk/debian/)
450 * [Collabora 树莓派2预编译内核](https://repositories.collabora.co.uk/debian/)
@@ -1,454 +1,552
1 # rpi23-gen-image
1 # rpi23-gen-image
2 ## Introduction
2 ## Introduction
3
3
4
4 `rpi23-gen-image.sh` is an advanced Debian Linux bootstrapping shell script for generating Debian OS images for Raspberry Pi 2 (RPi2) and Raspberry Pi 3 (RPi3) computers. The script at this time supports the bootstrapping of the Debian (armhf) releases `jessie`, `stretch` and `buster`. Raspberry Pi 3 images are generated for 32-bit mode only. Raspberry Pi 3 64-bit images can be generated using custom configuration parameters (```templates/rpi3-stretch-arm64-4.11.y```).
5 `rpi23-gen-image.sh` is an advanced Debian Linux bootstrapping shell script for generating Debian OS images for Raspberry Pi 2 (RPi2) and Raspberry Pi 3 (RPi3) computers. The script at this time supports the bootstrapping of the Debian (armhf) releases `jessie`, `stretch` and `buster`. Raspberry Pi 3 images are generated for 32-bit mode only. Raspberry Pi 3 64-bit images can be generated using custom configuration parameters (```templates/rpi3-stretch-arm64-4.11.y```).
5
6
6
7
8
7 ## Build dependencies
9 ## Build dependencies
8 The following list of Debian packages must be installed on the build system because they are essentially required for the bootstrapping process. The script will check if all required packages are installed and missing packages will be installed automatically if confirmed by the user.
10 The following list of Debian packages must be installed on the build system because they are essentially required for the bootstrapping process. The script will check if all required packages are installed and missing packages will be installed automatically if confirmed by the user.
9
11
10 ```debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git bc psmisc dbus sudo```
12 ```debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git bc psmisc dbus sudo```
11
13
12 It is recommended to configure the `rpi23-gen-image.sh` script to build and install the latest Raspberry Pi Linux kernel. For the RPi3 this is mandatory. Kernel compilation and linking will be performed on the build system using an ARM (armhf) cross-compiler toolchain.
14 It is recommended to configure the `rpi23-gen-image.sh` script to build and install the latest Raspberry Pi Linux kernel. For the Raspberry 3 this is mandatory. Kernel compilation and linking will be performed on the build system using an ARM (armhf/armel) cross-compiler toolchain.
13
14 The script has been tested using the default `crossbuild-essential-armhf` toolchain meta package on Debian Linux `jessie` and `stretch` build systems. Please check the [Debian CrossToolchains Wiki](https://wiki.debian.org/CrossToolchains) for further information.
15
15
16 If a Debian Linux `jessie` build system is used it will be required to add the [Debian Cross-toolchains repository](http://emdebian.org/tools/debian/) first:
16 The script has been tested using the default `crossbuild-essential-armhf` and `crossbuild-essential-armel` toolchain meta packages on Debian Linux `stretch` build systems. Please check the [Debian CrossToolchains Wiki](https://wiki.debian.org/CrossToolchains) for further information.
17
18 ```
19 echo "deb http://emdebian.org/tools/debian/ jessie main" > /etc/apt/sources.list.d/crosstools.list
20 sudo -u nobody wget -O - http://emdebian.org/tools/debian/emdebian-toolchain-archive.key | apt-key add -
21 dpkg --add-architecture armhf
22 apt-get update
23 ```
24
17
25 ## Command-line parameters
18 ## Command-line parameters
26 The script accepts certain command-line parameters to enable or disable specific OS features, services and configuration settings. These parameters are passed to the `rpi23-gen-image.sh` script via (simple) shell-variables. Unlike environment shell-variables (simple) shell-variables are defined at the beginning of the command-line call of the `rpi23-gen-image.sh` script.
19 The script accepts certain command-line parameters to enable or disable specific OS features, services and configuration settings. These parameters are passed to the `rpi23-gen-image.sh` script via (simple) shell-variables. Unlike environment shell-variables (simple) shell-variables are defined at the beginning of the command-line call of the `rpi23-gen-image.sh` script.
27
20
28 ##### Command-line examples:
21 ##### Command-line examples:
29 ```shell
22 ```shell
30 ENABLE_UBOOT=true ./rpi23-gen-image.sh
23 ENABLE_UBOOT=true ./rpi23-gen-image.sh
31 ENABLE_CONSOLE=false ENABLE_IPV6=false ./rpi23-gen-image.sh
24 ENABLE_CONSOLE=false ENABLE_IPV6=false ./rpi23-gen-image.sh
32 ENABLE_WM=xfce4 ENABLE_FBTURBO=true ENABLE_MINBASE=true ./rpi23-gen-image.sh
25 ENABLE_WM=xfce4 ENABLE_FBTURBO=true ENABLE_MINBASE=true ./rpi23-gen-image.sh
33 ENABLE_HARDNET=true ENABLE_IPTABLES=true /rpi23-gen-image.sh
26 ENABLE_HARDNET=true ENABLE_IPTABLES=true /rpi23-gen-image.sh
34 APT_SERVER=ftp.de.debian.org APT_PROXY="http://127.0.0.1:3142/" ./rpi23-gen-image.sh
27 APT_SERVER=ftp.de.debian.org APT_PROXY="http://127.0.0.1:3142/" ./rpi23-gen-image.sh
35 ENABLE_MINBASE=true ./rpi23-gen-image.sh
28 ENABLE_MINBASE=true ./rpi23-gen-image.sh
36 BUILD_KERNEL=true ENABLE_MINBASE=true ENABLE_IPV6=false ./rpi23-gen-image.sh
29 BUILD_KERNEL=true ENABLE_MINBASE=true ENABLE_IPV6=false ./rpi23-gen-image.sh
37 BUILD_KERNEL=true KERNELSRC_DIR=/tmp/linux ./rpi23-gen-image.sh
30 BUILD_KERNEL=true KERNELSRC_DIR=/tmp/linux ./rpi23-gen-image.sh
38 ENABLE_MINBASE=true ENABLE_REDUCE=true ENABLE_MINGPU=true BUILD_KERNEL=true ./rpi23-gen-image.sh
31 ENABLE_MINBASE=true ENABLE_REDUCE=true ENABLE_MINGPU=true BUILD_KERNEL=true ./rpi23-gen-image.sh
39 ENABLE_CRYPTFS=true CRYPTFS_PASSWORD=changeme EXPANDROOT=false ENABLE_MINBASE=true ENABLE_REDUCE=true ENABLE_MINGPU=true BUILD_KERNEL=true ./rpi23-gen-image.sh
32 ENABLE_CRYPTFS=true CRYPTFS_PASSWORD=changeme EXPANDROOT=false ENABLE_MINBASE=true ENABLE_REDUCE=true ENABLE_MINGPU=true BUILD_KERNEL=true ./rpi23-gen-image.sh
40 RELEASE=stretch BUILD_KERNEL=true ./rpi23-gen-image.sh
33 RELEASE=stretch BUILD_KERNEL=true ./rpi23-gen-image.sh
41 RPI_MODEL=3 ENABLE_WIRELESS=true ENABLE_MINBASE=true BUILD_KERNEL=true ./rpi23-gen-image.sh
34 RPI_MODEL=3 ENABLE_WIRELESS=true ENABLE_MINBASE=true BUILD_KERNEL=true ./rpi23-gen-image.sh
42 RELEASE=stretch RPI_MODEL=3 ENABLE_WIRELESS=true ENABLE_MINBASE=true BUILD_KERNEL=true ./rpi23-gen-image.sh
35 RELEASE=stretch RPI_MODEL=3 ENABLE_WIRELESS=true ENABLE_MINBASE=true BUILD_KERNEL=true ./rpi23-gen-image.sh
43 ```
36 ```
44
37
45 ## Configuration template files
38 ## Configuration template files
46 To avoid long lists of command-line parameters and to help to store the favourite parameter configurations the `rpi23-gen-image.sh` script supports so called configuration template files (`CONFIG_TEMPLATE`=template). These are simple text files located in the `./templates` directory that contain the list of configuration parameters that will be used. New configuration template files can be added to the `./templates` directory.
39 To avoid long lists of command-line parameters and to help to store the favourite parameter configurations the `rpi23-gen-image.sh` script supports so called configuration template files (`CONFIG_TEMPLATE`=template). These are simple text files located in the `./templates` directory that contain the list of configuration parameters that will be used. New configuration template files can be added to the `./templates` directory.
47
40
48 ##### Command-line examples:
41 ##### Command-line examples:
49 ```shell
42 ```shell
50 CONFIG_TEMPLATE=rpi3stretch ./rpi23-gen-image.sh
43 CONFIG_TEMPLATE=rpi3stretch ./rpi23-gen-image.sh
51 CONFIG_TEMPLATE=rpi2stretch ./rpi23-gen-image.sh
44 CONFIG_TEMPLATE=rpi2stretch ./rpi23-gen-image.sh
52 ```
45 ```
53
46
54 ## Supported parameters and settings
47 ## Supported parameters and settings
55 #### APT settings:
48 #### APT settings:
56 ##### `APT_SERVER`="ftp.debian.org"
49 ##### `APT_SERVER`="ftp.debian.org"
57 Set Debian packages server address. Choose a server from the list of Debian worldwide [mirror sites](https://www.debian.org/mirror/list). Using a nearby server will probably speed-up all required downloads within the bootstrapping process.
50 Set Debian packages server address. Choose a server from the list of Debian worldwide [mirror sites](https://www.debian.org/mirror/list). Using a nearby server will probably speed-up all required downloads within the bootstrapping process.
58
51
59 ##### `APT_PROXY`=""
52 ##### `APT_PROXY`=""
60 Set Proxy server address. Using a local Proxy-Cache like `apt-cacher-ng` will speed-up the bootstrapping process because all required Debian packages will only be downloaded from the Debian mirror site once.
53 Set Proxy server address. Using a local Proxy-Cache like `apt-cacher-ng` will speed-up the bootstrapping process because all required Debian packages will only be downloaded from the Debian mirror site once. If `apt-cacher-ng` is running on default `http://127.0.0.1:3142` it is autodetected and you don't need to set this.
54
55 ##### `KEEP_APT_PROXY`=false
56 Keep the APT_PROXY settings used in the bootsrapping process in the generated image.
61
57
62 ##### `APT_INCLUDES`=""
58 ##### `APT_INCLUDES`=""
63 A comma separated list of additional packages to be installed by debootstrap during bootstrapping.
59 A comma-separated list of additional packages to be installed by debootstrap during bootstrapping.
64
60
65 ##### `APT_INCLUDES_LATE`=""
61 ##### `APT_INCLUDES_LATE`=""
66 A comma separated list of additional packages to be installed by apt after bootstrapping and after APT sources are set up. This is useful for packages with pre-depends, which debootstrap do not handle well.
62 A comma-separated list of additional packages to be installed by apt after bootstrapping and after APT sources are set up. This is useful for packages with pre-depends, which debootstrap do not handle well.
67
63
68 ---
64 ---
69
65
70 #### General system settings:
66 #### General system settings:
67 ##### `SET_ARCH`=32
68 Set Architecture to default 32bit. If you want to compile 64-bit (RPI3 or RPI3+) set it to `64`. This option will set every needed cross-compiler or board specific option for a successful build.
69
71 ##### `RPI_MODEL`=2
70 ##### `RPI_MODEL`=2
72 Specifiy the target Raspberry Pi hardware model. The script at this time supports the Raspberry Pi models `2` and `3`. `BUILD_KERNEL`=true will automatically be set if the Raspberry Pi model `3` is used.
71 Specify the target Raspberry Pi hardware model. The script at this time supports the following Raspberry Pi models:
72 - `0` = Raspberry Pi 0 and Raspberry Pi 0 W
73 - `1` = Raspberry Pi 1 model A and B
74 - `1P` = Raspberry Pi 1 model B+ and A+
75 - `2` = Raspberry Pi 2 model B
76 - `3` = Raspberry Pi 3 model B
77 - `3P` = Raspberry Pi 3 model B+
73
78
74 ##### `RELEASE`="jessie"
79 ##### `RELEASE`="buster"
75 Set the desired Debian release name. The script at this time supports the bootstrapping of the Debian releases "jessie", "stretch" and "buster". `BUILD_KERNEL`=true will automatically be set if the Debian releases `stretch` or `buster` are used.
80 Set the desired Debian release name. The script at this time supports the bootstrapping of the Debian releases `stretch` and `buster`.
76
81
77 ##### `RELEASE_ARCH`="armhf"
82 ##### `RELEASE_ARCH`="armhf"
78 Set the desired Debian release architecture.
83 Set the desired Debian release architecture.
79
84
80 ##### `HOSTNAME`="rpi$RPI_MODEL-$RELEASE"
85 ##### `HOSTNAME`="rpi$RPI_MODEL-$RELEASE"
81 Set system host name. It's recommended that the host name is unique in the corresponding subnet.
86 Set system hostname. It's recommended that the hostname is unique in the corresponding subnet.
82
87
83 ##### `PASSWORD`="raspberry"
88 ##### `PASSWORD`="raspberry"
84 Set system `root` password. It's **STRONGLY** recommended that you choose a custom password.
89 Set system `root` password. It's **STRONGLY** recommended that you choose a custom password.
85
90
86 ##### `USER_PASSWORD`="raspberry"
91 ##### `USER_PASSWORD`="raspberry"
87 Set password for the created non-root user `USER_NAME`=pi. Ignored if `ENABLE_USER`=false. It's **STRONGLY** recommended that you choose a custom password.
92 Set password for the created non-root user `USER_NAME`=pi. Ignored if `ENABLE_USER`=false. It's **STRONGLY** recommended that you choose a custom password.
88
93
89 ##### `DEFLOCAL`="en_US.UTF-8"
94 ##### `DEFLOCAL`="en_US.UTF-8"
90 Set default system locale. This setting can also be changed inside the running OS using the `dpkg-reconfigure locales` command. Please note that on using this parameter the script will automatically install the required packages `locales`, `keyboard-configuration` and `console-setup`.
95 Set default system locale. This setting can also be changed inside the running OS using the `dpkg-reconfigure locales` command. Please note that on using this parameter the script will automatically install the required packages `locales`, `keyboard-configuration` and `console-setup`.
91
96
92 ##### `TIMEZONE`="Europe/Berlin"
97 ##### `TIMEZONE`="Europe/Berlin"
93 Set default system timezone. All available timezones can be found in the `/usr/share/zoneinfo/` directory. This setting can also be changed inside the running OS using the `dpkg-reconfigure tzdata` command.
98 Set default system timezone. All available timezones can be found in the `/usr/share/zoneinfo/` directory. This setting can also be changed inside the running OS using the `dpkg-reconfigure tzdata` command.
94
99
95 ##### `EXPANDROOT`=true
100 ##### `EXPANDROOT`=true
96 Expand the root partition and filesystem automatically on first boot.
101 Expand the root partition and filesystem automatically on first boot.
97
102
103 ##### `ENABLE_DPHYSSWAP`=true
104 Enable swap. The size of the swapfile is chosen relative to the size of the root partition. It'll use the `dphys-swapfile` package for that.
105
106 ##### `ENABLE_QEMU`=false
107 Generate kernel (`vexpress_defconfig`), file system image (`qcow2`) and DTB files that can be used for QEMU full system emulation (`vexpress-A15`). The output files are stored in the `$(pwd)/images/qemu` directory. You can find more information about running the generated image in the QEMU section of this readme file.
108
98 ---
109 ---
99
110
100 #### Keyboard settings:
111 #### Keyboard settings:
101 These options are used to configure keyboard layout in `/etc/default/keyboard` for console and Xorg. These settings can also be changed inside the running OS using the `dpkg-reconfigure keyboard-configuration` command.
112 These options are used to configure keyboard layout in `/etc/default/keyboard` for console and Xorg. These settings can also be changed inside the running OS using the `dpkg-reconfigure keyboard-configuration` command.
102
113
103 ##### `XKB_MODEL`=""
114 ##### `XKB_MODEL`=""
104 Set the name of the model of your keyboard type.
115 Set the name of the model of your keyboard type.
105
116
106 ##### `XKB_LAYOUT`=""
117 ##### `XKB_LAYOUT`=""
107 Set the supported keyboard layout(s).
118 Set the supported keyboard layout(s).
108
119
109 ##### `XKB_VARIANT`=""
120 ##### `XKB_VARIANT`=""
110 Set the supported variant(s) of the keyboard layout(s).
121 Set the supported variant(s) of the keyboard layout(s).
111
122
112 ##### `XKB_OPTIONS`=""
123 ##### `XKB_OPTIONS`=""
113 Set extra xkb configuration options.
124 Set extra xkb configuration options.
114
125
115 ---
126 ---
116
127
117 #### Networking settings (DHCP):
128 #### Networking settings (DHCP):
118 This parameter is used to set up networking auto configuration in `/etc/systemd/network/eth.network`. The default location of network configuration files in the Debian `stretch` release was changed to `/lib/systemd/network`.`
129 This parameter is used to set up networking auto-configuration in `/etc/systemd/network/eth.network`. The default location of network configuration files in the Debian `stretch` release was changed to `/lib/systemd/network`.`
119
130
120 ##### `ENABLE_DHCP`=true
131 ##### `ENABLE_DHCP`=true
121 Set the system to use DHCP. This requires an DHCP server.
132 Set the system to use DHCP. This requires an DHCP server.
122
133
123 ---
134 ---
124
135
125 #### Networking settings (static):
136 #### Networking settings (static):
126 These parameters are used to set up a static networking configuration in `/etc/systemd/network/eth.network`. The following static networking parameters are only supported if `ENABLE_DHCP` was set to `false`. The default location of network configuration files in the Debian `stretch` release was changed to `/lib/systemd/network`.
137 These parameters are used to set up a static networking configuration in `/etc/systemd/network/eth.network`. The following static networking parameters are only supported if `ENABLE_DHCP` was set to `false`. The default location of network configuration files in the Debian `stretch` release was changed to `/lib/systemd/network`.
127
138
128 ##### `NET_ADDRESS`=""
139 ##### `NET_ADDRESS`=""
129 Set a static IPv4 or IPv6 address and its prefix, separated by "/", eg. "192.169.0.3/24".
140 Set a static IPv4 or IPv6 address and its prefix, separated by "/", eg. "192.169.0.3/24".
130
141
131 ##### `NET_GATEWAY`=""
142 ##### `NET_GATEWAY`=""
132 Set the IP address for the default gateway.
143 Set the IP address for the default gateway.
133
144
134 ##### `NET_DNS_1`=""
145 ##### `NET_DNS_1`=""
135 Set the IP address for the first DNS server.
146 Set the IP address for the first DNS server.
136
147
137 ##### `NET_DNS_2`=""
148 ##### `NET_DNS_2`=""
138 Set the IP address for the second DNS server.
149 Set the IP address for the second DNS server.
139
150
140 ##### `NET_DNS_DOMAINS`=""
151 ##### `NET_DNS_DOMAINS`=""
141 Set the default DNS search domains to use for non fully qualified host names.
152 Set the default DNS search domains to use for non fully qualified hostnames.
142
153
143 ##### `NET_NTP_1`=""
154 ##### `NET_NTP_1`=""
144 Set the IP address for the first NTP server.
155 Set the IP address for the first NTP server.
145
156
146 ##### `NET_NTP_2`=""
157 ##### `NET_NTP_2`=""
147 Set the IP address for the second NTP server.
158 Set the IP address for the second NTP server.
148
159
149 ---
160 ---
150
161
151 #### Basic system features:
162 #### Basic system features:
152 ##### `ENABLE_CONSOLE`=true
163 ##### `ENABLE_CONSOLE`=true
153 Enable serial console interface. Recommended if no monitor or keyboard is connected to the RPi2/3. In case of problems fe. if the network (auto) configuration failed - the serial console can be used to access the system.
164 Enable serial console interface. Recommended if no monitor or keyboard is connected to the RPi2/3. In case of problems fe. if the network (auto) configuration failed - the serial console can be used to access the system. On RPI `0` `3` `3P` the CPU speed is locked at lowest speed.
165
166 ##### `ENABLE_PRINTK`=false
167 Enables printing kernel messages to konsole. printk is `3 4 1 3` as in raspbian.
168
169 ##### `ENABLE_BLUETOOTH`=false
170 Enable onboard Bluetooth interface on the RPi0/3/3P. See: [Configuring the GPIO serial port on Raspbian jessie and stretch](https://spellfoundry.com/2016/05/29/configuring-gpio-serial-port-raspbian-jessie-including-pi-3/).
171
172 ##### `ENABLE_MINIUART_OVERLAY`=false
173 Enable Bluetooth to use this. Adds overlay to swap UART0 with UART1. Enabling (slower) Bluetooth and full speed serial console. - RPI `0` `3` `3P` have a fast `hardware UART0` (ttyAMA0) and a `mini UART1` (ttyS0)! RPI `1` `1P` `2` only have a `hardware UART0`. `UART0` is considered better, because is faster and more stable than `mini UART1`. By default the Bluetooth modem is mapped to the `hardware UART0` and `mini UART` is used for console. The `mini UART` is a problem for the serial console, because its baudrate depends on the CPU frequency, which is changing on runtime. Resulting in a volatile baudrate and thus in an unusable serial console.
174
175 ##### `ENABLE_TURBO`=false
176 Enable Turbo mode. This setting locks cpu at the highest frequency. As setting ENABLE_CONSOLE=true locks RPI to lowest CPU speed, this is can be used additionally to lock cpu hat max speed. Need a good power supply and probably cooling for the Raspberry PI.
154
177
155 ##### `ENABLE_I2C`=false
178 ##### `ENABLE_I2C`=false
156 Enable I2C interface on the RPi2/3. Please check the [RPi2/3 pinout diagrams](http://elinux.org/RPi_Low-level_peripherals) to connect the right GPIO pins.
179 Enable I2C interface on the RPi 0/1/2/3. Please check the [RPi 0/1/2/3 pinout diagrams](https://elinux.org/RPi_Low-level_peripherals) to connect the right GPIO pins.
157
180
158 ##### `ENABLE_SPI`=false
181 ##### `ENABLE_SPI`=false
159 Enable SPI interface on the RPi2/3. Please check the [RPi2/3 pinout diagrams](http://elinux.org/RPi_Low-level_peripherals) to connect the right GPIO pins.
182 Enable SPI interface on the RPi 0/1/2/3. Please check the [RPi 0/1/2/3 pinout diagrams](https://elinux.org/RPi_Low-level_peripherals) to connect the right GPIO pins.
160
183
161 ##### `ENABLE_IPV6`=true
184 ##### `ENABLE_IPV6`=true
162 Enable IPv6 support. The network interface configuration is managed via systemd-networkd.
185 Enable IPv6 support. The network interface configuration is managed via systemd-networkd.
163
186
164 ##### `ENABLE_SSHD`=true
187 ##### `ENABLE_SSHD`=true
165 Install and enable OpenSSH service. The default configuration of the service doesn't allow `root` to login. Please use the user `pi` instead and `su -` or `sudo` to execute commands as root.
188 Install and enable OpenSSH service. The default configuration of the service doesn't allow `root` to login. Please use the user `pi` instead and `su -` or `sudo` to execute commands as root.
166
189
167 ##### `ENABLE_NONFREE`=false
190 ##### `ENABLE_NONFREE`=false
168 Allow the installation of non-free Debian packages that do not comply with the DFSG. This is required to install closed-source firmware binary blobs.
191 Allow the installation of non-free Debian packages that do not comply with the DFSG. This is required to install closed-source firmware binary blobs.
169
192
170 ##### `ENABLE_WIRELESS`=false
193 ##### `ENABLE_WIRELESS`=false
171 Download and install the [closed-source firmware binary blob](https://github.com/RPi-Distro/firmware-nonfree/tree/master/brcm80211/brcm) that is required to run the internal wireless interface of the Raspberry Pi model `3`. This parameter is ignored if the specified `RPI_MODEL` is not `3`.
194 Download and install the [closed-source firmware binary blob](https://github.com/RPi-Distro/firmware-nonfree/raw/master/brcm) that is required to run the internal wireless interface of the Raspberry Pi model `3`. This parameter is ignored if the specified `RPI_MODEL` is not `3`.
172
195
173 ##### `ENABLE_RSYSLOG`=true
196 ##### `ENABLE_RSYSLOG`=true
174 If set to false, disable and uninstall rsyslog (so logs will be available only
197 If set to false, disable and uninstall rsyslog (so logs will be available only in journal files)
175 in journal files)
176
198
177 ##### `ENABLE_SOUND`=true
199 ##### `ENABLE_SOUND`=true
178 Enable sound hardware and install Advanced Linux Sound Architecture.
200 Enable sound hardware and install Advanced Linux Sound Architecture.
179
201
180 ##### `ENABLE_HWRANDOM`=true
202 ##### `ENABLE_HWRANDOM`=true
181 Enable Hardware Random Number Generator. Strong random numbers are important for most network based communications that use encryption. It's recommended to be enabled.
203 Enable Hardware Random Number Generator. Strong random numbers are important for most network-based communications that use encryption. It's recommended to be enabled.
182
204
183 ##### `ENABLE_MINGPU`=false
205 ##### `ENABLE_MINGPU`=false
184 Minimize the amount of shared memory reserved for the GPU. It doesn't seem to be possible to fully disable the GPU.
206 Minimize the amount of shared memory reserved for the GPU. It doesn't seem to be possible to fully disable the GPU.
185
207
186 ##### `ENABLE_DBUS`=true
208 ##### `ENABLE_DBUS`=true
187 Install and enable D-Bus message bus. Please note that systemd should work without D-bus but it's recommended to be enabled.
209 Install and enable D-Bus message bus. Please note that systemd should work without D-bus but it's recommended to be enabled.
188
210
189 ##### `ENABLE_XORG`=false
211 ##### `ENABLE_XORG`=false
190 Install Xorg open-source X Window System.
212 Install Xorg open-source X Window System.
191
213
192 ##### `ENABLE_WM`=""
214 ##### `ENABLE_WM`=""
193 Install a user defined window manager for the X Window System. To make sure all X related package dependencies are getting installed `ENABLE_XORG` will automatically get enabled if `ENABLE_WM` is used. The `rpi23-gen-image.sh` script has been tested with the following list of window managers: `blackbox`, `openbox`, `fluxbox`, `jwm`, `dwm`, `xfce4`, `awesome`.
215 Install a user-defined window manager for the X Window System. To make sure all X related package dependencies are getting installed `ENABLE_XORG` will automatically get enabled if `ENABLE_WM` is used. The `rpi23-gen-image.sh` script has been tested with the following list of window managers: `blackbox`, `openbox`, `fluxbox`, `jwm`, `dwm`, `xfce4`, `awesome`.
216
217 ##### `ENABLE_SYSVINIT`=false
218 Support for halt,init,poweroff,reboot,runlevel,shutdown,telinit commands
194
219
195 ---
220 ---
196
221
197 #### Advanced system features:
222 #### Advanced system features:
223 ##### `ENABLE_SYSTEMDSWAP`=false
224 Enables [Systemd-swap service](https://github.com/Nefelim4ag/systemd-swap). Usefull if `KERNEL_ZSWAP` is enabled.
225
198 ##### `ENABLE_MINBASE`=false
226 ##### `ENABLE_MINBASE`=false
199 Use debootstrap script variant `minbase` which only includes essential packages and apt. This will reduce the disk usage by about 65 MB.
227 Use debootstrap script variant `minbase` which only includes essential packages and apt. This will reduce the disk usage by about 65 MB.
200
228
201 ##### `ENABLE_REDUCE`=false
229 ##### `ENABLE_REDUCE`=false
202 Reduce the disk space usage by deleting packages and files. See `REDUCE_*` parameters for detailed information.
230 Reduce the disk space usage by deleting packages and files. See `REDUCE_*` parameters for detailed information.
203
231
204 ##### `ENABLE_UBOOT`=false
232 ##### `ENABLE_UBOOT`=false
205 Replace the default RPi2/3 second stage bootloader (bootcode.bin) with [U-Boot bootloader](http://git.denx.de/?p=u-boot.git;a=summary). U-Boot can boot images via the network using the BOOTP/TFTP protocol.
233 Replace the default RPi 0/1/2/3 second stage bootloader (bootcode.bin) with [U-Boot bootloader](https://git.denx.de/?p=u-boot.git;a=summary). U-Boot can boot images via the network using the BOOTP/TFTP protocol.
206
234
207 ##### `UBOOTSRC_DIR`=""
235 ##### `UBOOTSRC_DIR`=""
208 Path to a directory (`u-boot`) of [U-Boot bootloader sources](http://git.denx.de/?p=u-boot.git;a=summary) that will be copied, configured, build and installed inside the chroot.
236 Path to a directory (`u-boot`) of [U-Boot bootloader sources](https://git.denx.de/?p=u-boot.git;a=summary) that will be copied, configured, build and installed inside the chroot.
209
237
210 ##### `ENABLE_FBTURBO`=false
238 ##### `ENABLE_FBTURBO`=false
211 Install and enable the [hardware accelerated Xorg video driver](https://github.com/ssvb/xf86-video-fbturbo) `fbturbo`. Please note that this driver is currently limited to hardware accelerated window moving and scrolling.
239 Install and enable the [hardware accelerated Xorg video driver](https://github.com/ssvb/xf86-video-fbturbo) `fbturbo`. Please note that this driver is currently limited to hardware accelerated window moving and scrolling.
212
240
213 ##### `FBTURBOSRC_DIR`=""
241 ##### `FBTURBOSRC_DIR`=""
214 Path to a directory (`xf86-video-fbturbo`) of [hardware accelerated Xorg video driver sources](https://github.com/ssvb/xf86-video-fbturbo) that will be copied, configured, build and installed inside the chroot.
242 Path to a directory (`xf86-video-fbturbo`) of [hardware accelerated Xorg video driver sources](https://github.com/ssvb/xf86-video-fbturbo) that will be copied, configured, build and installed inside the chroot.
215
243
244 ##### `ENABLE_VIDEOCORE`=false
245 Install and enable the [ARM side libraries for interfacing to Raspberry Pi GPU](https://github.com/raspberrypi/userland) `vcgencmd`. Please note that this driver is currently limited to hardware accelerated window moving and scrolling.
246
247 ##### `VIDEOCORESRC_DIR`=""
248 Path to a directory (`userland`) of [ARM side libraries for interfacing to Raspberry Pi GPU](https://github.com/raspberrypi/userland) that will be copied, configured, build and installed inside the chroot.
249
250 ##### `ENABLE_NEXMON`=false
251 Install and enable the [Source code for a C-based firmware patching framework for Broadcom/Cypress WiFi chips that enables you to write your own firmware patches, for example, to enable monitor mode with radiotap headers and frame injection](https://github.com/seemoo-lab/nexmon.git).
252
253 ##### `NEXMONSRC_DIR`=""
254 Path to a directory (`nexmon`) of [Source code for ARM side libraries for interfacing to Raspberry Pi GPU](https://github.com/raspberrypi/userland) that will be copied, configured, build and installed inside the chroot.
255
216 ##### `ENABLE_IPTABLES`=false
256 ##### `ENABLE_IPTABLES`=false
217 Enable iptables IPv4/IPv6 firewall. Simplified ruleset: Allow all outgoing connections. Block all incoming connections except to OpenSSH service.
257 Enable iptables IPv4/IPv6 firewall. Simplified ruleset: Allow all outgoing connections. Block all incoming connections except to OpenSSH service.
218
258
219 ##### `ENABLE_USER`=true
259 ##### `ENABLE_USER`=true
220 Create non-root user with password `USER_PASSWORD`=raspberry. Unless overridden with `USER_NAME`=user, username will be `pi`.
260 Create non-root user with password `USER_PASSWORD`=raspberry. Unless overridden with `USER_NAME`=user, the username will be `pi`.
221
261
222 ##### `USER_NAME`=pi
262 ##### `USER_NAME`=pi
223 Non-root user to create. Ignored if `ENABLE_USER`=false
263 Non-root user to create. Ignored if `ENABLE_USER`=false
224
264
225 ##### `ENABLE_ROOT`=false
265 ##### `ENABLE_ROOT`=false
226 Set root user password so root login will be enabled
266 Set root user password so root login will be enabled
227
267
228 ##### `ENABLE_HARDNET`=false
268 ##### `ENABLE_HARDNET`=false
229 Enable IPv4/IPv6 network stack hardening settings.
269 Enable IPv4/IPv6 network stack hardening settings.
230
270
231 ##### `ENABLE_SPLITFS`=false
271 ##### `ENABLE_SPLITFS`=false
232 Enable having root partition on an USB drive by creating two image files: one for the `/boot/firmware` mount point, and another for `/`.
272 Enable having root partition on an USB drive by creating two image files: one for the `/boot/firmware` mount point, and another for `/`.
233
273
234 ##### `CHROOT_SCRIPTS`=""
274 ##### `CHROOT_SCRIPTS`=""
235 Path to a directory with scripts that should be run in the chroot before the image is finally built. Every executable file in this directory is run in lexicographical order.
275 Path to a directory with scripts that should be run in the chroot before the image is finally built. Every executable file in this directory is run in lexicographical order.
236
276
237 ##### `ENABLE_INITRAMFS`=false
277 ##### `ENABLE_INITRAMFS`=false
238 Create an initramfs that that will be loaded during the Linux startup process. `ENABLE_INITRAMFS` will automatically get enabled if `ENABLE_CRYPTFS`=true. This parameter will be ignored if `BUILD_KERNEL`=false.
278 Create an initramfs that that will be loaded during the Linux startup process. `ENABLE_INITRAMFS` will automatically get enabled if `ENABLE_CRYPTFS`=true. This parameter will be ignored if `BUILD_KERNEL`=false.
239
279
240 ##### `ENABLE_IFNAMES`=true
280 ##### `ENABLE_IFNAMES`=true
241 Enable automatic assignment of predictable, stable network interface names for all local Ethernet, WLAN interfaces. This might create complex and long interface names. This parameter is only supported if the Debian releases `stretch` or `buster` are used.
281 Enable automatic assignment of predictable, stable network interface names for all local Ethernet, WLAN interfaces. This might create complex and long interface names.
282
283 ##### `ENABLE_SPLASH`=true
284 Enable default Raspberry Pi boot up rainbow splash screen.
285
286 ##### `ENABLE_LOGO`=true
287 Enable default Raspberry Pi console logo (image of four raspberries in the top left corner).
288
289 ##### `ENABLE_SILENT_BOOT`=false
290 Set the verbosity of console messages shown during boot up to a strict minimum.
242
291
243 ##### `DISABLE_UNDERVOLT_WARNINGS`=
292 ##### `DISABLE_UNDERVOLT_WARNINGS`=
244 Disable RPi2/3 under-voltage warnings and overlays. Setting the parameter to `1` will disable the warning overlay. Setting it to `2` will additionally allow RPi2/3 turbo mode when low-voltage is present.
293 Disable RPi2/3 under-voltage warnings and overlays. Setting the parameter to `1` will disable the warning overlay. Setting it to `2` will additionally allow RPi2/3 turbo mode when low-voltage is present.
245
294
246 ---
295 ---
247
296
248 #### SSH settings:
297 #### SSH settings:
249 ##### `SSH_ENABLE_ROOT`=false
298 ##### `SSH_ENABLE_ROOT`=false
250 Enable password root login via SSH. This may be a security risk with default password, use only in trusted environments. `ENABLE_ROOT` must be set to `true`.
299 Enable password-based root login via SSH. This may be a security risk with the default password set, use only in trusted environments. `ENABLE_ROOT` must be set to `true`.
251
300
252 ##### `SSH_DISABLE_PASSWORD_AUTH`=false
301 ##### `SSH_DISABLE_PASSWORD_AUTH`=false
253 Disable password based SSH authentication. Only public key based SSH (v2) authentication will be supported.
302 Disable password-based SSH authentication. Only public key based SSH (v2) authentication will be supported.
254
303
255 ##### `SSH_LIMIT_USERS`=false
304 ##### `SSH_LIMIT_USERS`=false
256 Limit the users that are allowed to login via SSH. Only allow user `USER_NAME`=pi and root if `SSH_ENABLE_ROOT`=true to login. This parameter will be ignored if `dropbear` SSH is used (`REDUCE_SSHD`=true).
305 Limit the users that are allowed to login via SSH. Only allow user `USER_NAME`=pi and root if `SSH_ENABLE_ROOT`=true to login. This parameter will be ignored if `dropbear` SSH is used (`REDUCE_SSHD`=true).
257
306
258 ##### `SSH_ROOT_PUB_KEY`=""
307 ##### `SSH_ROOT_PUB_KEY`=""
259 Add SSH (v2) public key(s) from specified file to `authorized_keys` file to enable public key based SSH (v2) authentication of user `root`. The specified file can also contain multiple SSH (v2) public keys. SSH protocol version 1 is not supported. `ENABLE_ROOT` **and** `SSH_ENABLE_ROOT` must be set to `true`.
308 Add SSH (v2) public key(s) from specified file to `authorized_keys` file to enable public key based SSH (v2) authentication of user `root`. The specified file can also contain multiple SSH (v2) public keys. SSH protocol version 1 is not supported. `ENABLE_ROOT` **and** `SSH_ENABLE_ROOT` must be set to `true`.
260
309
261 ##### `SSH_USER_PUB_KEY`=""
310 ##### `SSH_USER_PUB_KEY`=""
262 Add SSH (v2) public key(s) from specified file to `authorized_keys` file to enable public key based SSH (v2) authentication of user `USER_NAME`=pi. The specified file can also contain multiple SSH (v2) public keys. SSH protocol version 1 is not supported.
311 Add SSH (v2) public key(s) from specified file to `authorized_keys` file to enable public key based SSH (v2) authentication of user `USER_NAME`=pi. The specified file can also contain multiple SSH (v2) public keys. SSH protocol version 1 is not supported.
263
312
264 ---
313 ---
265
314
266 #### Kernel compilation:
315 #### Kernel compilation:
267 ##### `BUILD_KERNEL`=false
316 ##### `BUILD_KERNEL`=true
268 Build and install the latest RPi2/3 Linux kernel. Currently only the default RPi2/3 kernel configuration is used. `BUILD_KERNEL`=true will automatically be set if the Raspberry Pi model `3` is used.
317 Build and install the latest RPi 0/1/2/3 Linux kernel. Currently only the default RPi 0/1/2/3 kernel configuration is used.
269
318
270 ##### `CROSS_COMPILE`="arm-linux-gnueabihf-"
319 ##### `CROSS_COMPILE`="arm-linux-gnueabihf-"
271 This sets the cross compile enviornment for the compiler.
320 This sets the cross-compile environment for the compiler.
272
321
273 ##### `KERNEL_ARCH`="arm"
322 ##### `KERNEL_ARCH`="arm"
274 This sets the kernel architecture for the compiler.
323 This sets the kernel architecture for the compiler.
275
324
276 ##### `KERNEL_IMAGE`="kernel7.img"
325 ##### `KERNEL_IMAGE`="kernel7.img"
277 Name of the image file in the boot partition. If not set, `KERNEL_IMAGE` will be set to "kernel8.img" automatically if building for arm64.
326 Name of the image file in the boot partition. If not set, `KERNEL_IMAGE` will be set to "kernel8.img" automatically if building for arm64.
278
327
279 ##### `KERNEL_BRANCH`=""
328 ##### `KERNEL_BRANCH`=""
280 Name of the requested branch from the GIT location for the RPi Kernel. Default is using the current default branch from the GIT site.
329 Name of the requested branch from the GIT location for the RPi Kernel. Default is using the current default branch from the GIT site.
281
330
282 ##### `QEMU_BINARY`="/usr/bin/qemu-arm-static"
331 ##### `QEMU_BINARY`="/usr/bin/qemu-arm-static"
283 Sets the QEMU enviornment for the Debian archive. If not set, `QEMU_BINARY` will be set to "/usr/bin/qemu-aarch64-static" automatically if building for arm64.
332 Sets the QEMU enviornment for the Debian archive. If not set, `QEMU_BINARY` will be set to "/usr/bin/qemu-aarch64-static" automatically if building for arm64.
284
333
285 ##### `KERNEL_DEFCONFIG`="bcm2709_defconfig"
334 ##### `KERNEL_DEFCONFIG`="bcm2709_defconfig"
286 Sets the default config for kernel compiling. If not set, `KERNEL_DEFCONFIG` will be set to "bcmrpi3\_defconfig" automatically if building for arm64.
335 Sets the default config for kernel compiling. If not set, `KERNEL_DEFCONFIG` will be set to "bcmrpi3\_defconfig" automatically if building for arm64.
287
336
288 ##### `KERNEL_REDUCE`=false
337 ##### `KERNEL_REDUCE`=false
289 Reduce the size of the generated kernel by removing unwanted device, network and filesystem drivers (experimental).
338 Reduce the size of the generated kernel by removing unwanted devices, network and filesystem drivers (experimental).
290
339
291 ##### `KERNEL_THREADS`=1
340 ##### `KERNEL_THREADS`=1
292 Number of parallel kernel building threads. If the parameter is left untouched the script will automatically determine the number of CPU cores to set the number of parallel threads to speed the kernel compilation.
341 Number of parallel kernel building threads. If the parameter is left untouched the script will automatically determine the number of CPU cores to set the number of parallel threads to speed the kernel compilation.
293
342
294 ##### `KERNEL_HEADERS`=true
343 ##### `KERNEL_HEADERS`=true
295 Install kernel headers with built kernel.
344 Install kernel headers with the built kernel.
296
345
297 ##### `KERNEL_MENUCONFIG`=false
346 ##### `KERNEL_MENUCONFIG`=false
298 Start `make menuconfig` interactive menu-driven kernel configuration. The script will continue after `make menuconfig` was terminated.
347 Start `make menuconfig` interactive menu-driven kernel configuration. The script will continue after `make menuconfig` was terminated.
299
348
349 ##### `KERNEL_OLDDEFCONFIG`=false
350 Run `make olddefconfig` to automatically set all new kernel configuration options to their recommended default values.
351
352 ##### `KERNEL_CCACHE`=false
353 Compile the kernel using ccache. This speeds up kernel recompilation by caching previous compilations and detecting when the same compilation is being done again.
354
300 ##### `KERNEL_REMOVESRC`=true
355 ##### `KERNEL_REMOVESRC`=true
301 Remove all kernel sources from the generated OS image after it was built and installed.
356 Remove all kernel sources from the generated OS image after it was built and installed.
302
357
303 ##### `KERNELSRC_DIR`=""
358 ##### `KERNELSRC_DIR`=""
304 Path to a directory (`linux`) of [RaspberryPi Linux kernel sources](https://github.com/raspberrypi/linux) that will be copied, configured, build and installed inside the chroot.
359 Path to a directory (`linux`) of [RaspberryPi Linux kernel sources](https://github.com/raspberrypi/linux) that will be copied, configured, build and installed inside the chroot.
305
360
306 ##### `KERNELSRC_CLEAN`=false
361 ##### `KERNELSRC_CLEAN`=false
307 Clean the existing kernel sources directory `KERNELSRC_DIR` (using `make mrproper`) after it was copied to the chroot and before the compilation of the kernel has started. This parameter will be ignored if no `KERNELSRC_DIR` was specified or if `KERNELSRC_PREBUILT`=true.
362 Clean the existing kernel sources directory `KERNELSRC_DIR` (using `make mrproper`) after it was copied to the chroot and before the compilation of the kernel has started. This parameter will be ignored if no `KERNELSRC_DIR` was specified or if `KERNELSRC_PREBUILT`=true.
308
363
309 ##### `KERNELSRC_CONFIG`=true
364 ##### `KERNELSRC_CONFIG`=true
310 Run `make bcm2709_defconfig` (and optional `make menuconfig`) to configure the kernel sources before building. This parameter is automatically set to `true` if no existing kernel sources directory was specified using `KERNELSRC_DIR`. This parameter is ignored if `KERNELSRC_PREBUILT`=true.
365 Run `make bcm2709_defconfig` (and optional `make menuconfig`) to configure the kernel sources before building. This parameter is automatically set to `true` if no existing kernel sources directory was specified using `KERNELSRC_DIR`. This parameter is ignored if `KERNELSRC_PREBUILT`=true.
311
366
312 ##### `KERNELSRC_USRCONFIG`=""
367 ##### `KERNELSRC_USRCONFIG`=""
313 Copy own config file to kernel `.config`. If `KERNEL_MENUCONFIG`=true then running after copy.
368 Copy own config file to kernel `.config`. If `KERNEL_MENUCONFIG`=true then running after copy.
314
369
315 ##### `KERNELSRC_PREBUILT`=false
370 ##### `KERNELSRC_PREBUILT`=false
316 With this parameter set to true the script expects the existing kernel sources directory to be already successfully cross-compiled. The parameters `KERNELSRC_CLEAN`, `KERNELSRC_CONFIG`, `KERNELSRC_USRCONFIG` and `KERNEL_MENUCONFIG` are ignored and no kernel compilation tasks are performed.
371 With this parameter set to true the script expects the existing kernel sources directory to be already successfully cross-compiled. The parameters `KERNELSRC_CLEAN`, `KERNELSRC_CONFIG`, `KERNELSRC_USRCONFIG` and `KERNEL_MENUCONFIG` are ignored and no kernel compilation tasks are performed.
317
372
318 ##### `RPI_FIRMWARE_DIR`=""
373 ##### `RPI_FIRMWARE_DIR`=""
319 The directory (`firmware`) containing a local copy of the firmware from the [RaspberryPi firmware project](https://github.com/raspberrypi/firmware). Default is to download the latest firmware directly from the project.
374 The directory (`firmware`) containing a local copy of the firmware from the [RaspberryPi firmware project](https://github.com/raspberrypi/firmware). Default is to download the latest firmware directly from the project.
320
375
376 ##### `KERNEL_DEFAULT_GOV`="ONDEMAND"
377 Set the default cpu governor at kernel compilation. Supported values are: PERFORMANCE POWERSAVE USERSPACE ONDEMAND CONSERVATIVE SCHEDUTIL
378
379 ##### `KERNEL_NF`=false
380 Enable Netfilter modules as kernel modules
381
382 ##### `KERNEL_VIRT`=false
383 Enable Kernel KVM support (/dev/kvm)
384
385 ##### `KERNEL_ZSWAP`=false
386 Enable Kernel Zswap support. Best use on high RAM load and mediocre CPU load usecases
387
388 ##### `KERNEL_BPF`=true
389 Allow attaching eBPF programs to a cgroup using the bpf syscall (CONFIG_BPF_SYSCALL CONFIG_CGROUP_BPF) [systemd compilations about it - File /lib/systemd/system/systemd-journald.server:36 configures an IP firewall (IPAddressDeny=all), but the local system does not support BPF/cgroup based firewalls]
390
391 ##### `KERNEL_SECURITY`=false
392 Enables Apparmor, integrity subsystem, auditing.
393
321 ---
394 ---
322
395
323 #### Reduce disk usage:
396 #### Reduce disk usage:
324 The following list of parameters is ignored if `ENABLE_REDUCE`=false.
397 The following list of parameters is ignored if `ENABLE_REDUCE`=false.
325
398
326 ##### `REDUCE_APT`=true
399 ##### `REDUCE_APT`=true
327 Configure APT to use compressed package repository lists and no package caching files.
400 Configure APT to use compressed package repository lists and no package caching files.
328
401
329 ##### `REDUCE_DOC`=true
402 ##### `REDUCE_DOC`=true
330 Remove all doc files (harsh). Configure APT to not include doc files on future `apt-get` package installations.
403 Remove all doc files (harsh). Configure APT to not include doc files on future `apt-get` package installations.
331
404
332 ##### `REDUCE_MAN`=true
405 ##### `REDUCE_MAN`=true
333 Remove all man pages and info files (harsh). Configure APT to not include man pages on future `apt-get` package installations.
406 Remove all man pages and info files (harsh). Configure APT to not include man pages on future `apt-get` package installations.
334
407
335 ##### `REDUCE_VIM`=false
408 ##### `REDUCE_VIM`=false
336 Replace `vim-tiny` package by `levee` a tiny vim clone.
409 Replace `vim-tiny` package by `levee` a tiny vim clone.
337
410
338 ##### `REDUCE_BASH`=false
411 ##### `REDUCE_BASH`=false
339 Remove `bash` package and switch to `dash` shell (experimental).
412 Remove `bash` package and switch to `dash` shell (experimental).
340
413
341 ##### `REDUCE_HWDB`=true
414 ##### `REDUCE_HWDB`=true
342 Remove PCI related hwdb files (experimental).
415 Remove PCI related hwdb files (experimental).
343
416
344 ##### `REDUCE_SSHD`=true
417 ##### `REDUCE_SSHD`=true
345 Replace `openssh-server` with `dropbear`.
418 Replace `openssh-server` with `dropbear`.
346
419
347 ##### `REDUCE_LOCALE`=true
420 ##### `REDUCE_LOCALE`=true
348 Remove all `locale` translation files.
421 Remove all `locale` translation files.
349
422
350 ---
423 ---
351
424
352 #### Encrypted root partition:
425 #### Encrypted root partition:
353 ##### `ENABLE_CRYPTFS`=false
426 ##### `ENABLE_CRYPTFS`=false
354 Enable full system encryption with dm-crypt. Setup a fully LUKS encrypted root partition (aes-xts-plain64:sha512) and generate required initramfs. The /boot directory will not be encrypted. This parameter will be ignored if `BUILD_KERNEL`=false. `ENABLE_CRYPTFS` is experimental. SSH-to-initramfs is currently not supported but will be soon - feel free to help.
427 Enable full system encryption with dm-crypt. Setup a fully LUKS encrypted root partition (aes-xts-plain64:sha512) and generate required initramfs. The /boot directory will not be encrypted. This parameter will be ignored if `BUILD_KERNEL`=false. `ENABLE_CRYPTFS` is experimental. SSH-to-initramfs is currently not supported but will be soon - feel free to help.
355
428
356 ##### `CRYPTFS_PASSWORD`=""
429 ##### `CRYPTFS_PASSWORD`=""
357 Set password of the encrypted root partition. This parameter is mandatory if `ENABLE_CRYPTFS`=true.
430 Set password of the encrypted root partition. This parameter is mandatory if `ENABLE_CRYPTFS`=true.
358
431
359 ##### `CRYPTFS_MAPPING`="secure"
432 ##### `CRYPTFS_MAPPING`="secure"
360 Set name of dm-crypt managed device-mapper mapping.
433 Set name of dm-crypt managed device-mapper mapping.
361
434
362 ##### `CRYPTFS_CIPHER`="aes-xts-plain64:sha512"
435 ##### `CRYPTFS_CIPHER`="aes-xts-plain64:sha512"
363 Set cipher specification string. `aes-xts*` ciphers are strongly recommended.
436 Set cipher specification string. `aes-xts*` ciphers are strongly recommended.
364
437
365 ##### `CRYPTFS_XTSKEYSIZE`=512
438 ##### `CRYPTFS_XTSKEYSIZE`=512
366 Sets key size in bits. The argument has to be a multiple of 8.
439 Sets key size in bits. The argument has to be a multiple of 8.
367
440
441 ##### `CRYPTFS_DROPBEAR`=false
442 Enable Dropbear Initramfs support
443
444 ##### `CRYPTFS_DROPBEAR_PUBKEY`=""
445 Provide path to dropbear Public RSA-OpenSSH Key
446
368 ---
447 ---
369
448
370 #### Build settings:
449 #### Build settings:
371 ##### `BASEDIR`=$(pwd)/images/${RELEASE}
450 ##### `BASEDIR`=$(pwd)/images/${RELEASE}
372 Set a path to a working directory used by the script to generate an image.
451 Set a path to a working directory used by the script to generate an image.
373
452
374 ##### `IMAGE_NAME`=${BASEDIR}/${DATE}-${KERNEL_ARCH}-${KERNEL_BRANCH}-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}
453 ##### `IMAGE_NAME`=${BASEDIR}/${DATE}-${KERNEL_ARCH}-${KERNEL_BRANCH}-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}
375 Set a filename for the output file(s). Note: the script will create $IMAGE_NAME.img if `ENABLE_SPLITFS`=false or $IMAGE_NAME-frmw.img and $IMAGE_NAME-root.img if `ENABLE_SPLITFS`=true. Note 2: If the KERNEL_BRANCH is not set, the word "CURRENT" is used.
454 Set a filename for the output file(s). Note: the script will create $IMAGE_NAME.img if `ENABLE_SPLITFS`=false or $IMAGE_NAME-frmw.img and $IMAGE_NAME-root.img if `ENABLE_SPLITFS`=true. Note 2: If the KERNEL_BRANCH is not set, the word "CURRENT" is used.
376
455
377 ## Understanding the script
456 ## Understanding the script
378 The functions of this script that are required for the different stages of the bootstrapping are split up into single files located inside the `bootstrap.d` directory. During the bootstrapping every script in this directory gets executed in lexicographical order:
457 The functions of this script that are required for the different stages of the bootstrapping are split up into single files located inside the `bootstrap.d` directory. During the bootstrapping every script in this directory gets executed in lexicographical order:
379
458
380 | Script | Description |
459 | Script | Description |
381 | --- | --- |
460 | --- | --- |
382 | `10-bootstrap.sh` | Debootstrap basic system |
461 | `10-bootstrap.sh` | Debootstrap basic system |
383 | `11-apt.sh` | Setup APT repositories |
462 | `11-apt.sh` | Setup APT repositories |
384 | `12-locale.sh` | Setup Locales and keyboard settings |
463 | `12-locale.sh` | Setup Locales and keyboard settings |
385 | `13-kernel.sh` | Build and install RPi2/3 Kernel |
464 | `13-kernel.sh` | Build and install RPi 0/1/2/3 Kernel |
386 | `14-fstab.sh` | Setup fstab and initramfs |
465 | `14-fstab.sh` | Setup fstab and initramfs |
387 | `15-rpi-config.sh` | Setup RPi2/3 config and cmdline |
466 | `15-rpi-config.sh` | Setup RPi 0/1/2/3 config and cmdline |
388 | `20-networking.sh` | Setup Networking |
467 | `20-networking.sh` | Setup Networking |
389 | `21-firewall.sh` | Setup Firewall |
468 | `21-firewall.sh` | Setup Firewall |
390 | `30-security.sh` | Setup Users and Security settings |
469 | `30-security.sh` | Setup Users and Security settings |
391 | `31-logging.sh` | Setup Logging |
470 | `31-logging.sh` | Setup Logging |
392 | `32-sshd.sh` | Setup SSH and public keys |
471 | `32-sshd.sh` | Setup SSH and public keys |
393 | `41-uboot.sh` | Build and Setup U-Boot |
472 | `41-uboot.sh` | Build and Setup U-Boot |
394 | `42-fbturbo.sh` | Build and Setup fbturbo Xorg driver |
473 | `42-fbturbo.sh` | Build and Setup fbturbo Xorg driver |
474 | `43-videocore.sh` | Build and Setup videocore libraries |
395 | `50-firstboot.sh` | First boot actions |
475 | `50-firstboot.sh` | First boot actions |
396 | `99-reduce.sh` | Reduce the disk space usage |
476 | `99-reduce.sh` | Reduce the disk space usage |
397
477
398 All the required configuration files that will be copied to the generated OS image are located inside the `files` directory. It is not recommended to modify these configuration files manually.
478 All the required configuration files that will be copied to the generated OS image are located inside the `files` directory. It is not recommended to modify these configuration files manually.
399
479
400 | Directory | Description |
480 | Directory | Description |
401 | --- | --- |
481 | --- | --- |
402 | `apt` | APT management configuration files |
482 | `apt` | APT management configuration files |
403 | `boot` | Boot and RPi2/3 configuration files |
483 | `boot` | Boot and RPi 0/1/2/3 configuration files |
404 | `dpkg` | Package Manager configuration |
484 | `dpkg` | Package Manager configuration |
405 | `etc` | Configuration files and rc scripts |
485 | `etc` | Configuration files and rc scripts |
406 | `firstboot` | Scripts that get executed on first boot |
486 | `firstboot` | Scripts that get executed on first boot |
407 | `initramfs` | Initramfs scripts |
487 | `initramfs` | Initramfs scripts |
408 | `iptables` | Firewall configuration files |
488 | `iptables` | Firewall configuration files |
409 | `locales` | Locales configuration |
489 | `locales` | Locales configuration |
410 | `modules` | Kernel Modules configuration |
490 | `modules` | Kernel Modules configuration |
411 | `mount` | Fstab configuration |
491 | `mount` | Fstab configuration |
412 | `network` | Networking configuration files |
492 | `network` | Networking configuration files |
413 | `sysctl.d` | Swapping and Network Hardening configuration |
493 | `sysctl.d` | Swapping and Network Hardening configuration |
414 | `xorg` | fbturbo Xorg driver configuration |
494 | `xorg` | fbturbo Xorg driver configuration |
415
495
416 ## Custom packages and scripts
496 ## Custom packages and scripts
417 Debian custom packages, i.e. those not in the debian repositories, can be installed by placing them in the `packages` directory. They are installed immediately after packages from the repositories are installed. Any dependencies listed in the custom packages will be downloaded automatically from the repositories. Do not list these custom packages in `APT_INCLUDES`.
497 Debian custom packages, i.e. those not in the debian repositories, can be installed by placing them in the `packages` directory. They are installed immediately after packages from the repositories are installed. Any dependencies listed in the custom packages will be downloaded automatically from the repositories. Do not list these custom packages in `APT_INCLUDES`.
418
498
419 Scripts in the custom.d directory will be executed after all other installation is complete but before the image is created.
499 Scripts in the custom.d directory will be executed after all other installation is complete but before the image is created.
420
500
421 ## Logging of the bootstrapping process
501 ## Logging of the bootstrapping process
422 All information related to the bootstrapping process and the commands executed by the `rpi23-gen-image.sh` script can easily be saved into a logfile. The common shell command `script` can be used for this purpose:
502 All information related to the bootstrapping process and the commands executed by the `rpi23-gen-image.sh` script can easily be saved into a logfile. The common shell command `script` can be used for this purpose:
423
503
424 ```shell
504 ```shell
425 script -c 'APT_SERVER=ftp.de.debian.org ./rpi23-gen-image.sh' ./build.log
505 script -c 'APT_SERVER=ftp.de.debian.org ./rpi23-gen-image.sh' ./build.log
426 ```
506 ```
427
507
428 ## Flashing the image file
508 ## Flashing the image file
429 After the image file was successfully created by the `rpi23-gen-image.sh` script it can be copied to the microSD card that will be used by the RPi2/3 computer. This can be performed by using the tools `bmaptool` or `dd`. Using `bmaptool` will probably speed-up the copy process because `bmaptool` copies more wisely than `dd`.
509 After the image file was successfully created by the `rpi23-gen-image.sh` script it can be copied to the microSD card that will be used by the RPi 0/1/2/3 computer. This can be performed by using the tools `bmaptool` or `dd`. Using `bmaptool` will probably speed-up the copy process because `bmaptool` copies more wisely than `dd`.
430
510
431 ##### Flashing examples:
511 ##### Flashing examples:
432 ```shell
512 ```shell
433 bmaptool copy ./images/jessie/2017-01-23-rpi3-jessie.img /dev/mmcblk0
513 bmaptool copy ./images/buster/2017-01-23-rpi3-buster.img /dev/mmcblk0
434 dd bs=4M if=./images/jessie/2017-01-23-rpi3-jessie.img of=/dev/mmcblk0
514 dd bs=4M if=./images/buster/2017-01-23-rpi3-buster.img of=/dev/mmcblk0
435 ```
515 ```
436 If you have set `ENABLE_SPLITFS`, copy the `-frmw` image on the microSD card, then the `-root` one on the USB drive:
516 If you have set `ENABLE_SPLITFS`, copy the `-frmw` image on the microSD card, then the `-root` one on the USB drive:
437 ```shell
517 ```shell
438 bmaptool copy ./images/jessie/2017-01-23-rpi3-jessie-frmw.img /dev/mmcblk0
518 bmaptool copy ./images/buster/2017-01-23-rpi3-buster-frmw.img /dev/mmcblk0
439 bmaptool copy ./images/jessie/2017-01-23-rpi3-jessie-root.img /dev/sdc
519 bmaptool copy ./images/buster/2017-01-23-rpi3-buster-root.img /dev/sdc
520 ```
521
522 ## QEMU emulation
523 Start QEMU full system emulation:
524 ```shell
525 qemu-system-arm -m 2048M -M vexpress-a15 -cpu cortex-a15 -kernel kernel7.img -no-reboot -dtb vexpress-v2p-ca15_a7.dtb -sd ${IMAGE_NAME}.qcow2 -append "root=/dev/mmcblk0p2 rw rootfstype=ext4 console=tty1"
526 ```
527
528 Start QEMU full system emulation and output to console:
529 ```shell
530 qemu-system-arm -m 2048M -M vexpress-a15 -cpu cortex-a15 -kernel kernel7.img -no-reboot -dtb vexpress-v2p-ca15_a7.dtb -sd ${IMAGE_NAME}.qcow2 -append "root=/dev/mmcblk0p2 rw rootfstype=ext4 console=ttyAMA0,115200 init=/bin/systemd" -serial stdio
531 ```
532
533 Start QEMU full system emulation with SMP and output to console:
534 ```shell
535 qemu-system-arm -m 2048M -M vexpress-a15 -cpu cortex-a15 -smp cpus=2,maxcpus=2 -kernel kernel7.img -no-reboot -dtb vexpress-v2p-ca15_a7.dtb -sd ${IMAGE_NAME}.qcow2 -append "root=/dev/mmcblk0p2 rw rootfstype=ext4 console=ttyAMA0,115200 init=/bin/systemd" -serial stdio
536 ```
537
538 Start QEMU full system emulation with cryptfs, initramfs and output to console:
539 ```shell
540 qemu-system-arm -m 2048M -M vexpress-a15 -cpu cortex-a15 -kernel kernel7.img -no-reboot -dtb vexpress-v2p-ca15_a7.dtb -sd ${IMAGE_NAME}.qcow2 -initrd "initramfs-${KERNEL_VERSION}" -append "root=/dev/mapper/secure cryptdevice=/dev/mmcblk0p2:secure rw rootfstype=ext4 console=ttyAMA0,115200 init=/bin/systemd" -serial stdio
440 ```
541 ```
441 ## Weekly image builds
442 The image files are provided by JRWR'S I/O PORT and are built once a Sunday at midnight UTC!
443 * [Debian Stretch Raspberry Pi2/3 Weekly Image Builds](https://jrwr.io/doku.php?id=projects:debianpi)
444
542
445 ## External links and references
543 ## External links and references
446 * [Debian worldwide mirror sites](https://www.debian.org/mirror/list)
544 * [Debian worldwide mirror sites](https://www.debian.org/mirror/list)
447 * [Debian Raspberry Pi 2 Wiki](https://wiki.debian.org/RaspberryPi2)
545 * [Debian Raspberry Pi 2 Wiki](https://wiki.debian.org/RaspberryPi2)
448 * [Debian CrossToolchains Wiki](https://wiki.debian.org/CrossToolchains)
546 * [Debian CrossToolchains Wiki](https://wiki.debian.org/CrossToolchains)
449 * [Official Raspberry Pi Firmware on github](https://github.com/raspberrypi/firmware)
547 * [Official Raspberry Pi Firmware on github](https://github.com/raspberrypi/firmware)
450 * [Official Raspberry Pi Kernel on github](https://github.com/raspberrypi/linux)
548 * [Official Raspberry Pi Kernel on github](https://github.com/raspberrypi/linux)
451 * [U-BOOT git repository](http://git.denx.de/?p=u-boot.git;a=summary)
549 * [U-BOOT git repository](https://git.denx.de/?p=u-boot.git;a=summary)
452 * [Xorg DDX driver fbturbo](https://github.com/ssvb/xf86-video-fbturbo)
550 * [Xorg DDX driver fbturbo](https://github.com/ssvb/xf86-video-fbturbo)
453 * [RPi3 Wireless interface firmware](https://github.com/RPi-Distro/firmware-nonfree/tree/master/brcm80211/brcm)
551 * [RPi3 Wireless interface firmware](https://github.com/RPi-Distro/firmware-nonfree/tree/master/brcm)
454 * [Collabora RPi2 Kernel precompiled](https://repositories.collabora.co.uk/debian/)
552 * [Collabora RPi2 Kernel precompiled](https://repositories.collabora.co.uk/debian/)
@@ -1,47 +1,48
1 #
1 #
2 # Debootstrap basic system
2 # Debootstrap basic system
3 #
3 #
4
4
5 # Load utility functions
5 # Load utility functions
6 . ./functions.sh
6 . ./functions.sh
7
7
8 VARIANT=""
8 VARIANT=""
9 COMPONENTS="main"
9 COMPONENTS="main"
10 EXCLUDES=""
11
10
12 # Use non-free Debian packages if needed
11 # Use non-free Debian packages if needed
13 if [ "$ENABLE_NONFREE" = true ] ; then
12 if [ "$ENABLE_NONFREE" = true ] ; then
14 COMPONENTS="main,non-free,contrib"
13 COMPONENTS="main,non-free,contrib"
15 fi
14 fi
16
15
17 # Use minbase bootstrap variant which only includes essential packages
16 # Use minbase bootstrap variant which only includes essential packages
18 if [ "$ENABLE_MINBASE" = true ] ; then
17 if [ "$ENABLE_MINBASE" = true ] ; then
19 VARIANT="--variant=minbase"
18 VARIANT="--variant=minbase"
20 fi
19 fi
21
20
21
22 # Exclude packages if required by Debian release
22 # Exclude packages if required by Debian release
23 if [ "$RELEASE" = "stretch" ] || [ "$RELEASE" = "buster" ] ; then
23 if [ "$RELEASE" = "stretch" ] || [ "$RELEASE" = "buster" ] ; then
24 EXCLUDES="--exclude=init,systemd-sysv"
24 EXCLUDES="--exclude=init,systemd-sysv"
25 fi
25 fi
26
26
27
27 # Base debootstrap (unpack only)
28 # Base debootstrap (unpack only)
28 http_proxy=${APT_PROXY} debootstrap ${EXCLUDES} --arch="${RELEASE_ARCH}" --foreign ${VARIANT} --components="${COMPONENTS}" --include="${APT_INCLUDES}" "${RELEASE}" "${R}" "http://${APT_SERVER}/debian"
29 http_proxy=${APT_PROXY} debootstrap ${APT_EXCLUDES} --arch="${RELEASE_ARCH}" --foreign ${VARIANT} --components="${COMPONENTS}" --include="${APT_INCLUDES}" "${RELEASE}" "${R}" "http://${APT_SERVER}/debian"
29
30
30 # Copy qemu emulator binary to chroot
31 # Copy qemu emulator binary to chroot
31 install -m 755 -o root -g root "${QEMU_BINARY}" "${R}${QEMU_BINARY}"
32 install -m 755 -o root -g root "${QEMU_BINARY}" "${R}${QEMU_BINARY}"
32
33
33 # Copy debian-archive-keyring.pgp
34 # Copy debian-archive-keyring.pgp
34 mkdir -p "${R}/usr/share/keyrings"
35 mkdir -p "${R}/usr/share/keyrings"
35 install_readonly /usr/share/keyrings/debian-archive-keyring.gpg "${R}/usr/share/keyrings/debian-archive-keyring.gpg"
36 install_readonly /usr/share/keyrings/debian-archive-keyring.gpg "${R}/usr/share/keyrings/debian-archive-keyring.gpg"
36
37
37 # Complete the bootstrapping process
38 # Complete the bootstrapping process
38 chroot_exec /debootstrap/debootstrap --second-stage
39 chroot_exec /debootstrap/debootstrap --second-stage
39
40
40 # Mount required filesystems
41 # Mount required filesystems
41 mount -t proc none "${R}/proc"
42 mount -t proc none "${R}/proc"
42 mount -t sysfs none "${R}/sys"
43 mount -t sysfs none "${R}/sys"
43
44
44 # Mount pseudo terminal slave if supported by Debian release
45 # Mount pseudo terminal slave if supported by Debian release
45 if [ -d "${R}/dev/pts" ] ; then
46 if [ -d "${R}/dev/pts" ] ; then
46 mount --bind /dev/pts "${R}/dev/pts"
47 mount --bind /dev/pts "${R}/dev/pts"
47 fi
48 fi
@@ -1,56 +1,59
1 #
1 #
2 # Setup APT repositories
2 # Setup APT repositories
3 #
3 #
4
4
5 # Load utility functions
5 # Load utility functions
6 . ./functions.sh
6 . ./functions.sh
7
7
8 # Install and setup APT proxy configuration
8 # Install and setup APT proxy configuration
9 if [ -z "$APT_PROXY" ] ; then
9 if [ -z "$APT_PROXY" ] ; then
10 install_readonly files/apt/10proxy "${ETC_DIR}/apt/apt.conf.d/10proxy"
10 install_readonly files/apt/10proxy "${ETC_DIR}/apt/apt.conf.d/10proxy"
11 sed -i "s/\"\"/\"${APT_PROXY}\"/" "${ETC_DIR}/apt/apt.conf.d/10proxy"
11 sed -i "s/\"\"/\"${APT_PROXY}\"/" "${ETC_DIR}/apt/apt.conf.d/10proxy"
12 fi
12 fi
13
13
14 if [ "$BUILD_KERNEL" = false ] ; then
14 if [ "$BUILD_KERNEL" = false ] ; then
15 # Install APT pinning configuration for flash-kernel package
15 # Install APT pinning configuration for flash-kernel package
16 install_readonly files/apt/flash-kernel "${ETC_DIR}/apt/preferences.d/flash-kernel"
16 install_readonly files/apt/flash-kernel "${ETC_DIR}/apt/preferences.d/flash-kernel"
17
17
18 # Install APT sources.list
18 # Install APT sources.list
19 install_readonly files/apt/sources.list "${ETC_DIR}/apt/sources.list"
19 install_readonly files/apt/sources.list "${ETC_DIR}/apt/sources.list"
20 echo "deb ${COLLABORA_URL} ${RELEASE} rpi2" >> "${ETC_DIR}/apt/sources.list"
20 echo "deb ${COLLABORA_URL} ${RELEASE} rpi2" >> "${ETC_DIR}/apt/sources.list"
21
21
22 # Upgrade collabora package index and install collabora keyring
22 # Upgrade collabora package index and install collabora keyring
23 chroot_exec apt-get -qq -y update
23 chroot_exec apt-get -qq -y update
24 # Removed --allow-unauthenticated as suggested after modification on _apt privileges
24 # Removed --allow-unauthenticated as suggested after modification on _apt privileges
25 chroot_exec apt-get -qq -y install collabora-obs-archive-keyring
25 chroot_exec apt-get -qq -y install collabora-obs-archive-keyring
26 else # BUILD_KERNEL=true
26 else # BUILD_KERNEL=true
27 # Install APT sources.list
27 # Install APT sources.list
28 install_readonly files/apt/sources.list "${ETC_DIR}/apt/sources.list"
28 install_readonly files/apt/sources.list "${ETC_DIR}/apt/sources.list"
29
29
30 # Use specified APT server and release
30 # Use specified APT server and release
31 sed -i "s/\/ftp.debian.org\//\/${APT_SERVER}\//" "${ETC_DIR}/apt/sources.list"
31 sed -i "s/\/ftp.debian.org\//\/${APT_SERVER}\//" "${ETC_DIR}/apt/sources.list"
32 sed -i "s/ jessie/ ${RELEASE}/" "${ETC_DIR}/apt/sources.list"
32 sed -i "s/ jessie/ ${RELEASE}/" "${ETC_DIR}/apt/sources.list"
33 fi
33 fi
34
34
35 # Allow the installation of non-free Debian packages
35
36 if [ "$ENABLE_NONFREE" = true ] ; then
36 # Use specified APT server and release
37 sed -i "s/ contrib/ contrib non-free/" "${ETC_DIR}/apt/sources.list"
37 sed -i "s/\/ftp.debian.org\//\/${APT_SERVER}\//" "${ETC_DIR}/apt/sources.list"
38 fi
38 sed -i "s/ stretch/ ${RELEASE}/" "${ETC_DIR}/apt/sources.list"
39
39
40 # Upgrade package index and update all installed packages and changed dependencies
40 # Upgrade package index and update all installed packages and changed dependencies
41 chroot_exec apt-get -qq -y update
41 chroot_exec apt-get -qq -y update
42 chroot_exec apt-get -qq -y -u dist-upgrade
42 chroot_exec apt-get -qq -y -u dist-upgrade
43
43
44 # Install additional packages
44 if [ "$APT_INCLUDES_LATE" ] ; then
45 if [ "$APT_INCLUDES_LATE" ] ; then
45 chroot_exec apt-get -qq -y install $(echo $APT_INCLUDES_LATE |tr , ' ')
46 chroot_exec apt-get -qq -y install $(echo "$APT_INCLUDES_LATE" |tr , ' ')
46 fi
47 fi
47
48
49 # Install Debian custom packages
48 if [ -d packages ] ; then
50 if [ -d packages ] ; then
49 for package in packages/*.deb ; do
51 for package in packages/*.deb ; do
50 cp $package ${R}/tmp
52 cp "$package" "${R}"/tmp
51 chroot_exec dpkg --unpack /tmp/$(basename $package)
53 chroot_exec dpkg --unpack /tmp/"$(basename "$package")"
52 done
54 done
53 fi
55 fi
56
54 chroot_exec apt-get -qq -y -f install
57 chroot_exec apt-get -qq -y -f install
55
58
56 chroot_exec apt-get -qq -y check
59 chroot_exec apt-get -qq -y check
@@ -1,58 +1,66
1 #
1 #
2 # Setup Locales and keyboard settings
2 # Setup Locales and keyboard settings
3 #
3 #
4
4
5 # Load utility functions
5 # Load utility functions
6 . ./functions.sh
6 . ./functions.sh
7
7
8 # Install and setup timezone
8 # Install and setup timezone
9 echo ${TIMEZONE} > "${ETC_DIR}/timezone"
9 echo "${TIMEZONE}" > "${ETC_DIR}/timezone"
10 if [ -f "${ETC_DIR}/localtime" ]; then
11 # 1. If 11-apt.sh upgrades the package 'tzdata', '/etc/localtime' was created
12 # because 'dpkg-reconfigure -f noninteractive tzdata' was executed by apt-get.
13 # 2. If '/etc/localtime' exists, our execution of 'dpkg-reconfigure -f noninteractive tzdata'
14 # will ignore the our timezone set in '/etc/timezone'.
15 # 3. Removing /etc/localtime will solve this.
16 rm -f "${ETC_DIR}/localtime"
17 fi
10 chroot_exec dpkg-reconfigure -f noninteractive tzdata
18 chroot_exec dpkg-reconfigure -f noninteractive tzdata
11
19
12 # Install and setup default locale and keyboard configuration
20 # Install and setup default locale and keyboard configuration
13 if [ $(echo "$APT_INCLUDES" | grep ",locales") ] ; then
21 if [ "$(echo "$APT_INCLUDES" | grep ",locales")" ] ; then
14 # Set locale choice in debconf db, even though dpkg-reconfigure ignores and overwrites them due to some bug
22 # Set locale choice in debconf db, even though dpkg-reconfigure ignores and overwrites them due to some bug
15 # https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=684134 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=685957
23 # https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=684134 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=685957
16 # ... so we have to set locales manually
24 # ... so we have to set locales manually
17 if [ "$DEFLOCAL" = "en_US.UTF-8" ] ; then
25 if [ "$DEFLOCAL" = "en_US.UTF-8" ] ; then
18 chroot_exec echo "locales locales/locales_to_be_generated multiselect ${DEFLOCAL} UTF-8" | debconf-set-selections
26 chroot_exec echo "locales locales/locales_to_be_generated multiselect ${DEFLOCAL} UTF-8 | debconf-set-selections"
19 else
27 else
20 # en_US.UTF-8 should be available anyway : https://www.debian.org/doc/manuals/debian-reference/ch08.en.html#_the_reconfiguration_of_the_locale
28 # en_US.UTF-8 should be available anyway : https://www.debian.org/doc/manuals/debian-reference/ch08.en.html#_the_reconfiguration_of_the_locale
21 chroot_exec echo "locales locales/locales_to_be_generated multiselect en_US.UTF-8 UTF-8, ${DEFLOCAL} UTF-8" | debconf-set-selections
29 chroot_exec echo "locales locales/locales_to_be_generated multiselect en_US.UTF-8 UTF-8, ${DEFLOCAL} UTF-8 | debconf-set-selections"
22 sed -i "/en_US.UTF-8/s/^#//" "${ETC_DIR}/locale.gen"
30 sed -i "/en_US.UTF-8/s/^#//" "${ETC_DIR}/locale.gen"
23 fi
31 fi
24
32
25 sed -i "/${DEFLOCAL}/s/^#//" "${ETC_DIR}/locale.gen"
33 sed -i "/${DEFLOCAL}/s/^#//" "${ETC_DIR}/locale.gen"
26 chroot_exec echo "locales locales/default_environment_locale select ${DEFLOCAL}" | debconf-set-selections
34 chroot_exec echo "locales locales/default_environment_locale select ${DEFLOCAL} | debconf-set-selections"
27 chroot_exec locale-gen
35 chroot_exec locale-gen
28 chroot_exec update-locale LANG="${DEFLOCAL}"
36 chroot_exec update-locale LANG="${DEFLOCAL}"
29
37
30 # Install and setup default keyboard configuration
38 # Install and setup default keyboard configuration
31 if [ "$XKB_MODEL" != "" ] ; then
39 if [ "$XKB_MODEL" != "" ] ; then
32 sed -i "s/^XKBMODEL.*/XKBMODEL=\"${XKB_MODEL}\"/" "${ETC_DIR}/default/keyboard"
40 sed -i "s/^XKBMODEL.*/XKBMODEL=\"${XKB_MODEL}\"/" "${ETC_DIR}/default/keyboard"
33 fi
41 fi
34 if [ "$XKB_LAYOUT" != "" ] ; then
42 if [ "$XKB_LAYOUT" != "" ] ; then
35 sed -i "s/^XKBLAYOUT.*/XKBLAYOUT=\"${XKB_LAYOUT}\"/" "${ETC_DIR}/default/keyboard"
43 sed -i "s/^XKBLAYOUT.*/XKBLAYOUT=\"${XKB_LAYOUT}\"/" "${ETC_DIR}/default/keyboard"
36 fi
44 fi
37 if [ "$XKB_VARIANT" != "" ] ; then
45 if [ "$XKB_VARIANT" != "" ] ; then
38 sed -i "s/^XKBVARIANT.*/XKBVARIANT=\"${XKB_VARIANT}\"/" "${ETC_DIR}/default/keyboard"
46 sed -i "s/^XKBVARIANT.*/XKBVARIANT=\"${XKB_VARIANT}\"/" "${ETC_DIR}/default/keyboard"
39 fi
47 fi
40 if [ "$XKB_OPTIONS" != "" ] ; then
48 if [ "$XKB_OPTIONS" != "" ] ; then
41 sed -i "s/^XKBOPTIONS.*/XKBOPTIONS=\"${XKB_OPTIONS}\"/" "${ETC_DIR}/default/keyboard"
49 sed -i "s/^XKBOPTIONS.*/XKBOPTIONS=\"${XKB_OPTIONS}\"/" "${ETC_DIR}/default/keyboard"
42 fi
50 fi
43 chroot_exec dpkg-reconfigure -f noninteractive keyboard-configuration
51 chroot_exec dpkg-reconfigure -f noninteractive keyboard-configuration
44
52
45 # Install and setup font console
53 # Install and setup font console
46 case "${DEFLOCAL}" in
54 case "${DEFLOCAL}" in
47 *UTF-8)
55 *UTF-8)
48 sed -i 's/^CHARMAP.*/CHARMAP="UTF-8"/' "${ETC_DIR}/default/console-setup"
56 sed -i 's/^CHARMAP.*/CHARMAP="UTF-8"/' "${ETC_DIR}/default/console-setup"
49 ;;
57 ;;
50 *)
58 *)
51 sed -i 's/^CHARMAP.*/CHARMAP="guess"/' "${ETC_DIR}/default/console-setup"
59 sed -i 's/^CHARMAP.*/CHARMAP="guess"/' "${ETC_DIR}/default/console-setup"
52 ;;
60 ;;
53 esac
61 esac
54 chroot_exec dpkg-reconfigure -f noninteractive console-setup
62 chroot_exec dpkg-reconfigure -f noninteractive console-setup
55 else # (no locales were installed)
63 else # (no locales were installed)
56 # Install POSIX default locale
64 # Install POSIX default locale
57 install_readonly files/locales/locale "${ETC_DIR}/default/locale"
65 install_readonly files/locales/locale "${ETC_DIR}/default/locale"
58 fi
66 fi
@@ -1,185 +1,615
1 #
1 #
2 # Build and Setup RPi2/3 Kernel
2 # Build and Setup RPi2/3 Kernel
3 #
3 #
4
4
5 # Load utility functions
5 # Load utility functions
6 . ./functions.sh
6 . ./functions.sh
7
7
8 # Need to use kali kernel src if nexmon is enabled
9 if [ "$ENABLE_NEXMON" = true ] ; then
10 KERNEL_URL="${KALI_KERNEL_URL}"
11 # Clear Branch and KernelSRC_DIR if using nexmon. Everyone will forget to clone kali kernel instead of nomrla kernel
12 KERNEL_BRANCH=""
13 KERNELSRC_DIR=""
14 fi
15
8 # Fetch and build latest raspberry kernel
16 # Fetch and build latest raspberry kernel
9 if [ "$BUILD_KERNEL" = true ] ; then
17 if [ "$BUILD_KERNEL" = true ] ; then
10 # Setup source directory
18 # Setup source directory
11 mkdir -p "${R}/usr/src/linux"
19 mkdir -p "${KERNEL_DIR}"
12
20
13 # Copy existing kernel sources into chroot directory
21 # Copy existing kernel sources into chroot directory
14 if [ -n "$KERNELSRC_DIR" ] && [ -d "$KERNELSRC_DIR" ] ; then
22 if [ -n "$KERNELSRC_DIR" ] && [ -d "$KERNELSRC_DIR" ] ; then
15 # Copy kernel sources and include hidden files
23 # Copy kernel sources and include hidden files
16 cp -r "${KERNELSRC_DIR}/". "${R}/usr/src/linux"
24 cp -r "${KERNELSRC_DIR}/". "${KERNEL_DIR}"
17
25
18 # Clean the kernel sources
26 # Clean the kernel sources
19 if [ "$KERNELSRC_CLEAN" = true ] && [ "$KERNELSRC_PREBUILT" = false ] ; then
27 if [ "$KERNELSRC_CLEAN" = true ] && [ "$KERNELSRC_PREBUILT" = false ] ; then
20 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" mrproper
28 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" mrproper
21 fi
29 fi
22 else # KERNELSRC_DIR=""
30 else # KERNELSRC_DIR=""
23 # Create temporary directory for kernel sources
31 # Create temporary directory for kernel sources
24 temp_dir=$(as_nobody mktemp -d)
32 temp_dir=$(as_nobody mktemp -d)
25
33
26 # Fetch current RPi2/3 kernel sources
34 # Fetch current RPi2/3 kernel sources
27 if [ -z "${KERNEL_BRANCH}" ] ; then
35 if [ -z "${KERNEL_BRANCH}" ] ; then
28 as_nobody git -C "${temp_dir}" clone --depth=1 "${KERNEL_URL}" linux
36 as_nobody -H git -C "${temp_dir}" clone --depth=1 "${KERNEL_URL}" linux
29 else
37 else
30 as_nobody git -C "${temp_dir}" clone --depth=1 --branch "${KERNEL_BRANCH}" "${KERNEL_URL}" linux
38 as_nobody -H git -C "${temp_dir}" clone --depth=1 --branch "${KERNEL_BRANCH}" "${KERNEL_URL}" linux
31 fi
39 fi
32
40
33 # Copy downloaded kernel sources
41 # Copy downloaded kernel sources
34 cp -r "${temp_dir}/linux/"* "${R}/usr/src/linux/"
42 cp -r "${temp_dir}/linux/"* "${KERNEL_DIR}"
35
43
36 # Remove temporary directory for kernel sources
44 # Remove temporary directory for kernel sources
37 rm -fr "${temp_dir}"
45 rm -fr "${temp_dir}"
38
46
39 # Set permissions of the kernel sources
47 # Set permissions of the kernel sources
40 chown -R root:root "${R}/usr/src"
48 chown -R root:root "${R}/usr/src"
41 fi
49 fi
42
50
43 # Calculate optimal number of kernel building threads
51 # Calculate optimal number of kernel building threads
44 if [ "$KERNEL_THREADS" = "1" ] && [ -r /proc/cpuinfo ] ; then
52 if [ "$KERNEL_THREADS" = "1" ] && [ -r /proc/cpuinfo ] ; then
45 KERNEL_THREADS=$(grep -c processor /proc/cpuinfo)
53 KERNEL_THREADS=$(grep -c processor /proc/cpuinfo)
46 fi
54 fi
47
55
48 # Configure and build kernel
56 # Configure and build kernel
49 if [ "$KERNELSRC_PREBUILT" = false ] ; then
57 if [ "$KERNELSRC_PREBUILT" = false ] ; then
50 # Remove device, network and filesystem drivers from kernel configuration
58 # Remove device, network and filesystem drivers from kernel configuration
51 if [ "$KERNEL_REDUCE" = true ] ; then
59 if [ "$KERNEL_REDUCE" = true ] ; then
52 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" "${KERNEL_DEFCONFIG}"
60 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" "${KERNEL_DEFCONFIG}"
53 sed -i\
61 sed -i\
54 -e "s/\(^CONFIG_SND.*\=\).*/\1n/"\
62 -e "s/\(^CONFIG_SND.*\=\).*/\1n/"\
55 -e "s/\(^CONFIG_SOUND.*\=\).*/\1n/"\
63 -e "s/\(^CONFIG_SOUND.*\=\).*/\1n/"\
56 -e "s/\(^CONFIG_AC97.*\=\).*/\1n/"\
64 -e "s/\(^CONFIG_AC97.*\=\).*/\1n/"\
57 -e "s/\(^CONFIG_VIDEO_.*\=\).*/\1n/"\
65 -e "s/\(^CONFIG_VIDEO_.*\=\).*/\1n/"\
58 -e "s/\(^CONFIG_MEDIA_TUNER.*\=\).*/\1n/"\
66 -e "s/\(^CONFIG_MEDIA_TUNER.*\=\).*/\1n/"\
59 -e "s/\(^CONFIG_DVB.*\=\)[ym]/\1n/"\
67 -e "s/\(^CONFIG_DVB.*\=\)[ym]/\1n/"\
60 -e "s/\(^CONFIG_REISERFS.*\=\).*/\1n/"\
68 -e "s/\(^CONFIG_REISERFS.*\=\).*/\1n/"\
61 -e "s/\(^CONFIG_JFS.*\=\).*/\1n/"\
69 -e "s/\(^CONFIG_JFS.*\=\).*/\1n/"\
62 -e "s/\(^CONFIG_XFS.*\=\).*/\1n/"\
70 -e "s/\(^CONFIG_XFS.*\=\).*/\1n/"\
63 -e "s/\(^CONFIG_GFS2.*\=\).*/\1n/"\
71 -e "s/\(^CONFIG_GFS2.*\=\).*/\1n/"\
64 -e "s/\(^CONFIG_OCFS2.*\=\).*/\1n/"\
72 -e "s/\(^CONFIG_OCFS2.*\=\).*/\1n/"\
65 -e "s/\(^CONFIG_BTRFS.*\=\).*/\1n/"\
73 -e "s/\(^CONFIG_BTRFS.*\=\).*/\1n/"\
66 -e "s/\(^CONFIG_HFS.*\=\).*/\1n/"\
74 -e "s/\(^CONFIG_HFS.*\=\).*/\1n/"\
67 -e "s/\(^CONFIG_JFFS2.*\=\)[ym]/\1n/"\
75 -e "s/\(^CONFIG_JFFS2.*\=\)[ym]/\1n/"\
68 -e "s/\(^CONFIG_UBIFS.*\=\).*/\1n/"\
76 -e "s/\(^CONFIG_UBIFS.*\=\).*/\1n/"\
69 -e "s/\(^CONFIG_SQUASHFS.*\=\)[ym]/\1n/"\
77 -e "s/\(^CONFIG_SQUASHFS.*\=\)[ym]/\1n/"\
70 -e "s/\(^CONFIG_W1.*\=\)[ym]/\1n/"\
78 -e "s/\(^CONFIG_W1.*\=\)[ym]/\1n/"\
71 -e "s/\(^CONFIG_HAMRADIO.*\=\).*/\1n/"\
79 -e "s/\(^CONFIG_HAMRADIO.*\=\).*/\1n/"\
72 -e "s/\(^CONFIG_CAN.*\=\).*/\1n/"\
80 -e "s/\(^CONFIG_CAN.*\=\).*/\1n/"\
73 -e "s/\(^CONFIG_IRDA.*\=\).*/\1n/"\
81 -e "s/\(^CONFIG_IRDA.*\=\).*/\1n/"\
74 -e "s/\(^CONFIG_BT_.*\=\).*/\1n/"\
82 -e "s/\(^CONFIG_BT_.*\=\).*/\1n/"\
75 -e "s/\(^CONFIG_WIMAX.*\=\)[ym]/\1n/"\
83 -e "s/\(^CONFIG_WIMAX.*\=\)[ym]/\1n/"\
76 -e "s/\(^CONFIG_6LOWPAN.*\=\).*/\1n/"\
84 -e "s/\(^CONFIG_6LOWPAN.*\=\).*/\1n/"\
77 -e "s/\(^CONFIG_IEEE802154.*\=\).*/\1n/"\
85 -e "s/\(^CONFIG_IEEE802154.*\=\).*/\1n/"\
78 -e "s/\(^CONFIG_NFC.*\=\).*/\1n/"\
86 -e "s/\(^CONFIG_NFC.*\=\).*/\1n/"\
79 -e "s/\(^CONFIG_FB_TFT=.*\=\).*/\1n/"\
87 -e "s/\(^CONFIG_FB_TFT=.*\=\).*/\1n/"\
80 -e "s/\(^CONFIG_TOUCHSCREEN.*\=\).*/\1n/"\
88 -e "s/\(^CONFIG_TOUCHSCREEN.*\=\).*/\1n/"\
81 -e "s/\(^CONFIG_USB_GSPCA_.*\=\).*/\1n/"\
89 -e "s/\(^CONFIG_USB_GSPCA_.*\=\).*/\1n/"\
82 -e "s/\(^CONFIG_DRM.*\=\).*/\1n/"\
90 -e "s/\(^CONFIG_DRM.*\=\).*/\1n/"\
83 "${KERNEL_DIR}/.config"
91 "${KERNEL_DIR}/.config"
84 fi
92 fi
85
93
86 if [ "$KERNELSRC_CONFIG" = true ] ; then
94 if [ "$KERNELSRC_CONFIG" = true ] ; then
87 # Load default raspberry kernel configuration
95 # Load default raspberry kernel configuration
88 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" "${KERNEL_DEFCONFIG}"
96 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" "${KERNEL_DEFCONFIG}"
89
97
90 if [ ! -z "$KERNELSRC_USRCONFIG" ] ; then
98 #Switch to KERNELSRC_DIR so we can use set_kernel_config
91 cp $KERNELSRC_USRCONFIG ${KERNEL_DIR}/.config
99 cd "${KERNEL_DIR}" || exit
100
101 if [ "$KERNEL_ARCH" = arm64 ] ; then
102 #Fix SD_DRIVER upstream and downstream mess in 64bit RPIdeb_config
103 # use correct driver MMC_BCM2835_MMC instead of MMC_BCM2835_SDHOST - see https://www.raspberrypi.org/forums/viewtopic.php?t=210225
104 set_kernel_config CONFIG_MMC_BCM2835 n
105 set_kernel_config CONFIG_MMC_SDHCI_IPROC n
106 set_kernel_config CONFIG_USB_DWC2 n
107 sed -i "s|depends on MMC_BCM2835_MMC && MMC_BCM2835_DMA|depends on MMC_BCM2835_MMC|" "${KERNEL_DIR}"/drivers/mmc/host/Kconfig
108
109 #VLAN got disabled without reason in arm64bit
110 set_kernel_config CONFIG_IPVLAN m
111 fi
112
113 # enable ZSWAP see https://askubuntu.com/a/472227 or https://wiki.archlinux.org/index.php/zswap
114 if [ "$KERNEL_ZSWAP" = true ] ; then
115 set_kernel_config CONFIG_ZPOOL y
116 set_kernel_config CONFIG_ZSWAP y
117 set_kernel_config CONFIG_ZBUD y
118 set_kernel_config CONFIG_Z3FOLD y
119 set_kernel_config CONFIG_ZSMALLOC y
120 set_kernel_config CONFIG_PGTABLE_MAPPING y
121 set_kernel_config CONFIG_LZO_COMPRESS y
122
123 fi
124
125 # enable basic KVM support; see https://www.raspberrypi.org/forums/viewtopic.php?f=63&t=210546&start=25#p1300453
126 if [ "$KERNEL_VIRT" = true ] && { [ "$RPI_MODEL" = 2 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; } ; then
127 set_kernel_config CONFIG_HAVE_KVM_IRQCHIP y
128 set_kernel_config CONFIG_HAVE_KVM_ARCH_TLB_FLUSH_ALL y
129 set_kernel_config CONFIG_HAVE_KVM_CPU_RELAX_INTERCEPT y
130 set_kernel_config CONFIG_HAVE_KVM_EVENTFD y
131 set_kernel_config CONFIG_HAVE_KVM_IRQFD y
132 set_kernel_config CONFIG_HAVE_KVM_IRQ_ROUTING y
133 set_kernel_config CONFIG_HAVE_KVM_MSI y
134 set_kernel_config CONFIG_KVM y
135 set_kernel_config CONFIG_KVM_ARM_HOST y
136 set_kernel_config CONFIG_KVM_ARM_PMU y
137 set_kernel_config CONFIG_KVM_COMPAT y
138 set_kernel_config CONFIG_KVM_GENERIC_DIRTYLOG_READ_PROTECT y
139 set_kernel_config CONFIG_KVM_MMIO y
140 set_kernel_config CONFIG_KVM_VFIO y
141 set_kernel_config CONFIG_VHOST m
142 set_kernel_config CONFIG_VHOST_CROSS_ENDIAN_LEGACY y
143 set_kernel_config CONFIG_VHOST_NET m
144 set_kernel_config CONFIG_VIRTUALIZATION y
145
146 set_kernel_config CONFIG_MMU_NOTIFIER y
147
148 # erratum
149 set_kernel_config ARM64_ERRATUM_834220 y
150
151 # https://sourceforge.net/p/kvm/mailman/message/18440797/
152 set_kernel_config CONFIG_PREEMPT_NOTIFIERS y
153 fi
154
155 # enable apparmor,integrity audit,
156 if [ "$KERNEL_SECURITY" = true ] ; then
157
158 # security filesystem, security models and audit
159 set_kernel_config CONFIG_SECURITYFS y
160 set_kernel_config CONFIG_SECURITY y
161 set_kernel_config CONFIG_AUDIT y
162
163 # harden strcpy and memcpy
164 set_kernel_config CONFIG_HARDENED_USERCOPY y
165 set_kernel_config CONFIG_HAVE_HARDENED_USERCOPY_ALLOCATOR y
166 set_kernel_config CONFIG_FORTIFY_SOURCE y
167
168 # integrity sub-system
169 set_kernel_config CONFIG_INTEGRITY y
170 set_kernel_config CONFIG_INTEGRITY_ASYMMETRIC_KEYS y
171 set_kernel_config CONFIG_INTEGRITY_AUDIT y
172 set_kernel_config CONFIG_INTEGRITY_SIGNATURE y
173 set_kernel_config CONFIG_INTEGRITY_TRUSTED_KEYRING y
174
175 # This option provides support for retaining authentication tokens and access keys in the kernel.
176 set_kernel_config CONFIG_KEYS y
177 set_kernel_config CONFIG_KEYS_COMPAT y
178
179 # Apparmor
180 set_kernel_config CONFIG_SECURITY_APPARMOR_BOOTPARAM_VALUE 0
181 set_kernel_config CONFIG_SECURITY_APPARMOR_HASH_DEFAULT y
182 set_kernel_config CONFIG_DEFAULT_SECURITY_APPARMOR y
183 set_kernel_config CONFIG_SECURITY_APPARMOR y
184 set_kernel_config CONFIG_SECURITY_APPARMOR_HASH y
185 set_kernel_config CONFIG_DEFAULT_SECURITY "apparmor"
186
187 # restrictions on unprivileged users reading the kernel
188 set_kernel_config CONFIG_SECURITY_DMESG_RESTRICT y
189
190 # network security hooks
191 set_kernel_config CONFIG_SECURITY_NETWORK y
192 set_kernel_config CONFIG_SECURITY_NETWORK_XFRM y
193 set_kernel_config CONFIG_SECURITY_PATH y
194 set_kernel_config CONFIG_SECURITY_YAMA n
195
196 # New Options
197 if [ "$KERNEL_NF" = true ] ; then
198 set_kernel_config CONFIG_IP_NF_SECURITY m
199 set_kernel_config CONFIG_NETLABEL y
200 set_kernel_config CONFIG_IP6_NF_SECURITY m
201 fi
202 set_kernel_config CONFIG_SECURITY_SELINUX n
203 set_kernel_config CONFIG_SECURITY_SMACK n
204 set_kernel_config CONFIG_SECURITY_TOMOYO n
205 set_kernel_config CONFIG_SECURITY_APPARMOR_DEBUG n
206 set_kernel_config CONFIG_SECURITY_LOADPIN n
207 set_kernel_config CONFIG_HARDENED_USERCOPY_PAGESPAN n
208 set_kernel_config CONFIG_IMA n
209 set_kernel_config CONFIG_EVM n
210 set_kernel_config CONFIG_FANOTIFY_ACCESS_PERMISSIONS y
211 set_kernel_config CONFIG_NFSD_V4_SECURITY_LABEL y
212 set_kernel_config CONFIG_PKCS7_MESSAGE_PARSER y
213 set_kernel_config CONFIG_SYSTEM_TRUSTED_KEYRING y
214 set_kernel_config CONFIG_SYSTEM_TRUSTED_KEYS y
215 set_kernel_config CONFIG_SYSTEM_EXTRA_CERTIFICATE y
216 set_kernel_config CONFIG_SECONDARY_TRUSTED_KEYRING y
217 set_kernel_config CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY n
218 set_kernel_config CONFIG_SYSTEM_TRUSTED_KEYS m
219 set_kernel_config CONFIG_SYSTEM_EXTRA_CERTIFICATE_SIZE 4096
220
221 set_kernel_config CONFIG_ARM64_CRYPTO y
222 set_kernel_config CONFIG_CRYPTO_SHA256_ARM64 m
223 set_kernel_config CONFIG_CRYPTO_SHA512_ARM64 m
224 set_kernel_config CONFIG_CRYPTO_SHA1_ARM64_CE m
225 set_kernel_config CRYPTO_GHASH_ARM64_CE m
226 set_kernel_config CRYPTO_SHA2_ARM64_CE m
227 set_kernel_config CONFIG_CRYPTO_CRCT10DIF_ARM64_CE m
228 set_kernel_config CONFIG_CRYPTO_CRC32_ARM64_CE m
229 set_kernel_config CONFIG_CRYPTO_AES_ARM64 m
230 set_kernel_config CONFIG_CRYPTO_AES_ARM64_CE m
231 set_kernel_config CONFIG_CRYPTO_AES_ARM64_CE_CCM y
232 set_kernel_config CONFIG_CRYPTO_AES_ARM64_CE_BLK y
233 set_kernel_config CONFIG_CRYPTO_AES_ARM64_NEON_BLK m
234 set_kernel_config CONFIG_CRYPTO_CHACHA20_NEON m
235 set_kernel_config CONFIG_CRYPTO_AES_ARM64_BS m
236 set_kernel_config SYSTEM_TRUSTED_KEYS
237 fi
238
239 # Netfilter kernel support See https://github.com/raspberrypi/linux/issues/2177#issuecomment-354647406
240 if [ "$KERNEL_NF" = true ] ; then
241 set_kernel_config CONFIG_IP_NF_TARGET_SYNPROXY m
242 set_kernel_config CONFIG_NETFILTER_XT_TARGET_AUDIT m
243 set_kernel_config CONFIG_NETFILTER_XT_MATCH_CGROUP m
244 set_kernel_config CONFIG_NETFILTER_XT_MATCH_IPCOMP m
245 set_kernel_config CONFIG_NETFILTER_XT_MATCH_SOCKET m
246 set_kernel_config CONFIG_NFT_FIB_INET m
247 set_kernel_config CONFIG_NFT_FIB_IPV4 m
248 set_kernel_config CONFIG_NFT_FIB_IPV6 m
249 set_kernel_config CONFIG_NFT_FIB_NETDEV m
250 set_kernel_config CONFIG_NFT_OBJREF m
251 set_kernel_config CONFIG_NFT_RT m
252 set_kernel_config CONFIG_NFT_SET_BITMAP m
253 set_kernel_config CONFIG_NF_CONNTRACK_TIMEOUT y
254 set_kernel_config CONFIG_NF_LOG_ARP m
255 set_kernel_config CONFIG_NF_SOCKET_IPV4 m
256 set_kernel_config CONFIG_NF_SOCKET_IPV6 m
257 set_kernel_config CONFIG_BRIDGE_EBT_BROUTE m
258 set_kernel_config CONFIG_BRIDGE_EBT_T_FILTER m
259 set_kernel_config CONFIG_BRIDGE_NF_EBTABLES m
260 set_kernel_config CONFIG_IP6_NF_IPTABLES m
261 set_kernel_config CONFIG_IP6_NF_MATCH_AH m
262 set_kernel_config CONFIG_IP6_NF_MATCH_EUI64 m
263 set_kernel_config CONFIG_IP6_NF_NAT m
264 set_kernel_config CONFIG_IP6_NF_TARGET_MASQUERADE m
265 set_kernel_config CONFIG_IP6_NF_TARGET_NPT m
266 set_kernel_config CONFIG_IP_NF_SECURITY m
267 set_kernel_config CONFIG_IP_SET_BITMAP_IPMAC m
268 set_kernel_config CONFIG_IP_SET_BITMAP_PORT m
269 set_kernel_config CONFIG_IP_SET_HASH_IP m
270 set_kernel_config CONFIG_IP_SET_HASH_IPMARK m
271 set_kernel_config CONFIG_IP_SET_HASH_IPPORT m
272 set_kernel_config CONFIG_IP_SET_HASH_IPPORTIP m
273 set_kernel_config CONFIG_IP_SET_HASH_IPPORTNET m
274 set_kernel_config CONFIG_IP_SET_HASH_MAC m
275 set_kernel_config CONFIG_IP_SET_HASH_NET m
276 set_kernel_config CONFIG_IP_SET_HASH_NETIFACE m
277 set_kernel_config CONFIG_IP_SET_HASH_NETNET m
278 set_kernel_config CONFIG_IP_SET_HASH_NETPORT m
279 set_kernel_config CONFIG_IP_SET_HASH_NETPORTNET m
280 set_kernel_config CONFIG_IP_SET_LIST_SET m
281 set_kernel_config CONFIG_NETFILTER_XTABLES m
282 set_kernel_config CONFIG_NETFILTER_XTABLES m
283 set_kernel_config CONFIG_NFT_BRIDGE_META m
284 set_kernel_config CONFIG_NFT_BRIDGE_REJECT m
285 set_kernel_config CONFIG_NFT_CHAIN_NAT_IPV4 m
286 set_kernel_config CONFIG_NFT_CHAIN_NAT_IPV6 m
287 set_kernel_config CONFIG_NFT_CHAIN_ROUTE_IPV4 m
288 set_kernel_config CONFIG_NFT_CHAIN_ROUTE_IPV6 m
289 set_kernel_config CONFIG_NFT_COMPAT m
290 set_kernel_config CONFIG_NFT_COUNTER m
291 set_kernel_config CONFIG_NFT_CT m
292 set_kernel_config CONFIG_NFT_DUP_IPV4 m
293 set_kernel_config CONFIG_NFT_DUP_IPV6 m
294 set_kernel_config CONFIG_NFT_DUP_NETDEV m
295 set_kernel_config CONFIG_NFT_EXTHDR m
296 set_kernel_config CONFIG_NFT_FWD_NETDEV m
297 set_kernel_config CONFIG_NFT_HASH m
298 set_kernel_config CONFIG_NFT_LIMIT m
299 set_kernel_config CONFIG_NFT_LOG m
300 set_kernel_config CONFIG_NFT_MASQ m
301 set_kernel_config CONFIG_NFT_MASQ_IPV4 m
302 set_kernel_config CONFIG_NFT_MASQ_IPV6 m
303 set_kernel_config CONFIG_NFT_META m
304 set_kernel_config CONFIG_NFT_NAT m
305 set_kernel_config CONFIG_NFT_NUMGEN m
306 set_kernel_config CONFIG_NFT_QUEUE m
307 set_kernel_config CONFIG_NFT_QUOTA m
308 set_kernel_config CONFIG_NFT_REDIR m
309 set_kernel_config CONFIG_NFT_REDIR_IPV4 m
310 set_kernel_config CONFIG_NFT_REDIR_IPV6 m
311 set_kernel_config CONFIG_NFT_REJECT m
312 set_kernel_config CONFIG_NFT_REJECT_INET m
313 set_kernel_config CONFIG_NFT_REJECT_IPV4 m
314 set_kernel_config CONFIG_NFT_REJECT_IPV6 m
315 set_kernel_config CONFIG_NFT_SET_HASH m
316 set_kernel_config CONFIG_NFT_SET_RBTREE m
317 set_kernel_config CONFIG_NF_CONNTRACK_IPV4 m
318 set_kernel_config CONFIG_NF_CONNTRACK_IPV6 m
319 set_kernel_config CONFIG_NF_DEFRAG_IPV4 m
320 set_kernel_config CONFIG_NF_DEFRAG_IPV6 m
321 set_kernel_config CONFIG_NF_DUP_IPV4 m
322 set_kernel_config CONFIG_NF_DUP_IPV6 m
323 set_kernel_config CONFIG_NF_DUP_NETDEV m
324 set_kernel_config CONFIG_NF_LOG_BRIDGE m
325 set_kernel_config CONFIG_NF_LOG_IPV4 m
326 set_kernel_config CONFIG_NF_LOG_IPV6 m
327 set_kernel_config CONFIG_NF_NAT_IPV4 m
328 set_kernel_config CONFIG_NF_NAT_IPV6 m
329 set_kernel_config CONFIG_NF_NAT_MASQUERADE_IPV4 m
330 set_kernel_config CONFIG_NF_NAT_MASQUERADE_IPV6 m
331 set_kernel_config CONFIG_NF_NAT_PPTP m
332 set_kernel_config CONFIG_NF_NAT_PROTO_GRE m
333 set_kernel_config CONFIG_NF_NAT_REDIRECT m
334 set_kernel_config CONFIG_NF_NAT_SIP m
335 set_kernel_config CONFIG_NF_NAT_SNMP_BASIC m
336 set_kernel_config CONFIG_NF_NAT_TFTP m
337 set_kernel_config CONFIG_NF_REJECT_IPV4 m
338 set_kernel_config CONFIG_NF_REJECT_IPV6 m
339 set_kernel_config CONFIG_NF_TABLES m
340 set_kernel_config CONFIG_NF_TABLES_ARP m
341 set_kernel_config CONFIG_NF_TABLES_BRIDGE m
342 set_kernel_config CONFIG_NF_TABLES_INET m
343 set_kernel_config CONFIG_NF_TABLES_IPV4 m
344 set_kernel_config CONFIG_NF_TABLES_IPV6 m
345 set_kernel_config CONFIG_NF_TABLES_NETDEV m
346 fi
347
348 # Enables BPF syscall for systemd-journald see https://github.com/torvalds/linux/blob/master/init/Kconfig#L848 or https://groups.google.com/forum/#!topic/linux.gentoo.user/_2aSc_ztGpA
349 if [ "$KERNEL_BPF" = true ] ; then
350 set_kernel_config CONFIG_BPF_SYSCALL y
351 set_kernel_config CONFIG_BPF_EVENTS y
352 set_kernel_config CONFIG_BPF_STREAM_PARSER y
353 set_kernel_config CONFIG_CGROUP_BPF y
354 fi
355
356 # KERNEL_DEFAULT_GOV was set by user
357 if [ "$KERNEL_DEFAULT_GOV" != powersave ] && [ -n "$KERNEL_DEFAULT_GOV" ] ; then
358
359 case "$KERNEL_DEFAULT_GOV" in
360 performance)
361 set_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_PERFORMANCE y
362 ;;
363 userspace)
364 set_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_USERSPACE y
365 ;;
366 ondemand)
367 set_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_ONDEMAND y
368 ;;
369 conservative)
370 set_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_CONSERVATIVE y
371 ;;
372 shedutil)
373 set_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_SCHEDUTIL y
374 ;;
375 *)
376 echo "error: unsupported default cpu governor"
377 exit 1
378 ;;
379 esac
380
381 # unset previous default governor
382 unset_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_POWERSAVE
383 fi
384
385 #Revert to previous directory
386 cd "${WORKDIR}" || exit
387
388 # Set kernel configuration parameters to enable qemu emulation
389 if [ "$ENABLE_QEMU" = true ] ; then
390 echo "CONFIG_FHANDLE=y" >> "${KERNEL_DIR}"/.config
391 echo "CONFIG_LBDAF=y" >> "${KERNEL_DIR}"/.config
392
393 if [ "$ENABLE_CRYPTFS" = true ] ; then
394 {
395 echo "CONFIG_EMBEDDED=y"
396 echo "CONFIG_EXPERT=y"
397 echo "CONFIG_DAX=y"
398 echo "CONFIG_MD=y"
399 echo "CONFIG_BLK_DEV_MD=y"
400 echo "CONFIG_MD_AUTODETECT=y"
401 echo "CONFIG_BLK_DEV_DM=y"
402 echo "CONFIG_BLK_DEV_DM_BUILTIN=y"
403 echo "CONFIG_DM_CRYPT=y"
404 echo "CONFIG_CRYPTO_BLKCIPHER=y"
405 echo "CONFIG_CRYPTO_CBC=y"
406 echo "CONFIG_CRYPTO_XTS=y"
407 echo "CONFIG_CRYPTO_SHA512=y"
408 echo "CONFIG_CRYPTO_MANAGER=y"
409 } >> "${KERNEL_DIR}"/.config
410 fi
411 fi
412
413 # Copy custom kernel configuration file
414 if [ -n "$KERNELSRC_USRCONFIG" ] ; then
415 cp "$KERNELSRC_USRCONFIG" "${KERNEL_DIR}"/.config
416 fi
417
418 # Set kernel configuration parameters to their default values
419 if [ "$KERNEL_OLDDEFCONFIG" = true ] ; then
420 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" olddefconfig
92 fi
421 fi
93
422
94 # Start menu-driven kernel configuration (interactive)
423 # Start menu-driven kernel configuration (interactive)
95 if [ "$KERNEL_MENUCONFIG" = true ] ; then
424 if [ "$KERNEL_MENUCONFIG" = true ] ; then
96 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" menuconfig
425 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" menuconfig
97 fi
426 fi
427 # end if "$KERNELSRC_CONFIG" = true
98 fi
428 fi
99
429
100 # Cross compile kernel and modules
430 # Use ccache to cross compile the kernel
101 make -C "${KERNEL_DIR}" -j${KERNEL_THREADS} ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" "${KERNEL_BIN_IMAGE}" modules dtbs
431 if [ "$KERNEL_CCACHE" = true ] ; then
432 cc="ccache ${CROSS_COMPILE}gcc"
433 else
434 cc="${CROSS_COMPILE}gcc"
435 fi
436
437 # Cross compile kernel and dtbs
438 make -C "${KERNEL_DIR}" -j"${KERNEL_THREADS}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" CC="${cc}" "${KERNEL_BIN_IMAGE}" dtbs
439
440 # Cross compile kernel modules
441 if grep -q "CONFIG_MODULES=y" "${KERNEL_DIR}/.config" ; then
442 make -C "${KERNEL_DIR}" -j"${KERNEL_THREADS}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" CC="${cc}" modules
443 fi
444 # end if "$KERNELSRC_PREBUILT" = false
102 fi
445 fi
103
446
104 # Check if kernel compilation was successful
447 # Check if kernel compilation was successful
105 if [ ! -r "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/${KERNEL_BIN_IMAGE}" ] ; then
448 if [ ! -r "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/${KERNEL_BIN_IMAGE}" ] ; then
106 echo "error: kernel compilation failed! (kernel image not found)"
449 echo "error: kernel compilation failed! (kernel image not found)"
107 cleanup
450 cleanup
108 exit 1
451 exit 1
109 fi
452 fi
110
453
111 # Install kernel modules
454 # Install kernel modules
112 if [ "$ENABLE_REDUCE" = true ] ; then
455 if [ "$ENABLE_REDUCE" = true ] ; then
113 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_MOD_STRIP=1 INSTALL_MOD_PATH=../../.. modules_install
456 if grep -q "CONFIG_MODULES=y" "${KERNEL_DIR}/.config" ; then
457 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_MOD_STRIP=1 INSTALL_MOD_PATH=../../.. modules_install
458 fi
114 else
459 else
115 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_MOD_PATH=../../.. modules_install
460 if grep -q "CONFIG_MODULES=y" "${KERNEL_DIR}/.config" ; then
461 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_MOD_PATH=../../.. modules_install
462 fi
116
463
117 # Install kernel firmware
464 # Install kernel firmware
118 if [ $(cat ./Makefile | grep "^firmware_install:") ] ; then
465 if grep -q "^firmware_install:" "${KERNEL_DIR}/Makefile" ; then
119 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_FW_PATH=../../../lib firmware_install
466 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_FW_PATH=../../../lib firmware_install
120 fi
467 fi
121 fi
468 fi
122
469
123 # Install kernel headers
470 # Install kernel headers
124 if [ "$KERNEL_HEADERS" = true ] && [ "$KERNEL_REDUCE" = false ] ; then
471 if [ "$KERNEL_HEADERS" = true ] && [ "$KERNEL_REDUCE" = false ] ; then
125 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_HDR_PATH=../.. headers_install
472 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_HDR_PATH=../.. headers_install
126 fi
473 fi
127
474
128 # Prepare boot (firmware) directory
475 # Prepare boot (firmware) directory
129 mkdir "${BOOT_DIR}"
476 mkdir "${BOOT_DIR}"
130
477
131 # Get kernel release version
478 # Get kernel release version
132 KERNEL_VERSION=`cat "${KERNEL_DIR}/include/config/kernel.release"`
479 KERNEL_VERSION=$(cat "${KERNEL_DIR}/include/config/kernel.release")
133
480
134 # Copy kernel configuration file to the boot directory
481 # Copy kernel configuration file to the boot directory
135 install_readonly "${KERNEL_DIR}/.config" "${R}/boot/config-${KERNEL_VERSION}"
482 install_readonly "${KERNEL_DIR}/.config" "${R}/boot/config-${KERNEL_VERSION}"
136
483
137 # Copy dts and dtb device tree sources and binaries
484 # Prepare device tree directory
138 mkdir "${BOOT_DIR}/overlays"
485 mkdir "${BOOT_DIR}/overlays"
139
486
140 # Ensure the proper .dtb is located
487 # Ensure the proper .dtb is located
141 if [ "$KERNEL_ARCH" = "arm" ] ; then
488 if [ "$KERNEL_ARCH" = "arm" ] ; then
142 install_readonly "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/"*.dtb "${BOOT_DIR}/"
489 for dtb in "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/"*.dtb ; do
490 if [ -f "${dtb}" ] ; then
491 install_readonly "${dtb}" "${BOOT_DIR}/"
492 fi
493 done
143 else
494 else
144 install_readonly "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/broadcom/"*.dtb "${BOOT_DIR}/"
495 for dtb in "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/broadcom/"*.dtb ; do
496 if [ -f "${dtb}" ] ; then
497 install_readonly "${dtb}" "${BOOT_DIR}/"
498 fi
499 done
145 fi
500 fi
146
501
147 install_readonly "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays/"*.dtb* "${BOOT_DIR}/overlays/"
502 # Copy compiled dtb device tree files
148 install_readonly "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays/README" "${BOOT_DIR}/overlays/README"
503 if [ -d "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays" ] ; then
504 for dtb in "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays/"*.dtbo ; do
505 if [ -f "${dtb}" ] ; then
506 install_readonly "${dtb}" "${BOOT_DIR}/overlays/"
507 fi
508 done
509
510 if [ -f "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays/README" ] ; then
511 install_readonly "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays/README" "${BOOT_DIR}/overlays/README"
512 fi
513 fi
149
514
150 if [ "$ENABLE_UBOOT" = false ] ; then
515 if [ "$ENABLE_UBOOT" = false ] ; then
151 # Convert and copy kernel image to the boot directory
516 # Convert and copy kernel image to the boot directory
152 "${KERNEL_DIR}/scripts/mkknlimg" "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/${KERNEL_BIN_IMAGE}" "${BOOT_DIR}/${KERNEL_IMAGE}"
517 "${KERNEL_DIR}/scripts/mkknlimg" "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/${KERNEL_BIN_IMAGE}" "${BOOT_DIR}/${KERNEL_IMAGE}"
153 else
518 else
154 # Copy kernel image to the boot directory
519 # Copy kernel image to the boot directory
155 install_readonly "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/${KERNEL_BIN_IMAGE}" "${BOOT_DIR}/${KERNEL_IMAGE}"
520 install_readonly "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/${KERNEL_BIN_IMAGE}" "${BOOT_DIR}/${KERNEL_IMAGE}"
156 fi
521 fi
157
522
158 # Remove kernel sources
523 # Remove kernel sources
159 if [ "$KERNEL_REMOVESRC" = true ] ; then
524 if [ "$KERNEL_REMOVESRC" = true ] ; then
160 rm -fr "${KERNEL_DIR}"
525 rm -fr "${KERNEL_DIR}"
161 else
526 else
162 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" modules_prepare
527 # Prepare compiled kernel modules
528 if grep -q "CONFIG_MODULES=y" "${KERNEL_DIR}/.config" ; then
529 if grep -q "^modules_prepare:" "${KERNEL_DIR}/Makefile" ; then
530 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" modules_prepare
531 fi
163
532
164 # Create symlinks for kernel modules
533 # Create symlinks for kernel modules
165 chroot_exec ln -sf /usr/src/linux "/lib/modules/${KERNEL_VERSION}/build"
534 chroot_exec ln -sf /usr/src/linux "/lib/modules/${KERNEL_VERSION}/build"
166 chroot_exec ln -sf /usr/src/linux "/lib/modules/${KERNEL_VERSION}/source"
535 chroot_exec ln -sf /usr/src/linux "/lib/modules/${KERNEL_VERSION}/source"
536 fi
167 fi
537 fi
168
538
169 else # BUILD_KERNEL=false
539 else # BUILD_KERNEL=false
170 # Kernel installation
540 if [ "$SET_ARCH" = 64 ] && { [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; } ; then
171 chroot_exec apt-get -qq -y --no-install-recommends install linux-image-"${COLLABORA_KERNEL}" raspberrypi-bootloader-nokernel
541
542 # Use Sakakis modified kernel if ZSWAP is active
543 if [ "$KERNEL_ZSWAP" = true ] || [ "$KERNEL_VIRT" = true ] || [ "$KERNEL_NF" = true ] || [ "$KERNEL_BPF" = true ] ; then
544 RPI3_64_KERNEL_URL="${RPI3_64_BIS_KERNEL_URL}"
545 fi
546
547 # Create temporary directory for dl
548 temp_dir=$(as_nobody mktemp -d)
549
550 # Fetch kernel dl
551 as_nobody wget -O "${temp_dir}"/kernel.tar.xz -c "$RPI3_64_KERNEL_URL"
552
553 #extract download
554 tar -xJf "${temp_dir}"/kernel.tar.xz -C "${temp_dir}"
172
555
173 # Install flash-kernel last so it doesn't try (and fail) to detect the platform in the chroot
556 #move extracted kernel to /boot/firmware
174 chroot_exec apt-get -qq -y install flash-kernel
557 mkdir "${R}/boot/firmware"
558 cp "${temp_dir}"/boot/* "${R}"/boot/firmware/
559 cp -r "${temp_dir}"/lib/* "${R}"/lib/
560
561 # Remove temporary directory for kernel sources
562 rm -fr "${temp_dir}"
563
564 # Set permissions of the kernel sources
565 chown -R root:root "${R}/boot/firmware"
566 chown -R root:root "${R}/lib/modules"
567 fi
568
569 # Install Kernel from hypriot comptabile with all Raspberry PI
570 if [ "$SET_ARCH" = 32 ] ; then
571 # Create temporary directory for dl
572 temp_dir=$(as_nobody mktemp -d)
573
574 # Fetch kernel
575 as_nobody wget -O "${temp_dir}"/kernel.deb -c "$RPI_32_KERNEL_URL"
576
577 # Copy downloaded U-Boot sources
578 mv "${temp_dir}"/kernel.deb "${R}"/tmp/kernel.deb
579
580 # Set permissions
581 chown -R root:root "${R}"/tmp/kernel.deb
582
583 # Install kernel
584 chroot_exec dpkg -i /tmp/kernel.deb
585
586 # move /boot to /boot/firmware to fit script env.
587 #mkdir "${BOOT_DIR}"
588 mkdir "${temp_dir}"/firmware
589 mv "${R}"/boot/* "${temp_dir}"/firmware/
590 mv "${temp_dir}"/firmware "${R}"/boot/
591
592 #same for kernel headers
593 if [ "$KERNEL_HEADERS" = true ] ; then
594 # Fetch kernel header
595 as_nobody wget -O "${temp_dir}"/kernel-header.deb -c "$RPI_32_KERNELHEADER_URL"
596 mv "${temp_dir}"/kernel-header.deb "${R}"/tmp/kernel-header.deb
597 chown -R root:root "${R}"/tmp/kernel-header.deb
598 # Install kernel header
599 chroot_exec dpkg -i /tmp/kernel-header.deb
600 rm -f "${R}"/tmp/kernel-header.deb
601 fi
602
603 # Remove temporary directory and files
604 rm -fr "${temp_dir}"
605 rm -f "${R}"/tmp/kernel.deb
606 fi
175
607
176 # Check if kernel installation was successful
608 # Check if kernel installation was successful
177 VMLINUZ="$(ls -1 ${R}/boot/vmlinuz-* | sort | tail -n 1)"
609 KERNEL="$(ls -1 "${R}"/boot/firmware/kernel* | sort | tail -n 1)"
178 if [ -z "$VMLINUZ" ] ; then
610 if [ -z "$KERNEL" ] ; then
179 echo "error: kernel installation failed! (/boot/vmlinuz-* not found)"
611 echo "error: kernel installation failed! (/boot/kernel* not found)"
180 cleanup
612 cleanup
181 exit 1
613 exit 1
182 fi
614 fi
183 # Copy vmlinuz kernel to the boot directory
184 install_readonly "${VMLINUZ}" "${BOOT_DIR}/${KERNEL_IMAGE}"
185 fi
615 fi
@@ -1,56 +1,116
1 #
1 #
2 # Setup fstab and initramfs
2 # Setup fstab and initramfs
3 #
3 #
4
4
5 # Load utility functions
5 # Load utility functions
6 . ./functions.sh
6 . ./functions.sh
7
7
8 # Install and setup fstab
8 # Install and setup fstab
9 install_readonly files/mount/fstab "${ETC_DIR}/fstab"
9 install_readonly files/mount/fstab "${ETC_DIR}/fstab"
10
10
11 # Add usb/sda disk root partition to fstab
11 # Add usb/sda disk root partition to fstab
12 if [ "$ENABLE_SPLITFS" = true ] && [ "$ENABLE_CRYPTFS" = false ] ; then
12 if [ "$ENABLE_SPLITFS" = true ] && [ "$ENABLE_CRYPTFS" = false ] ; then
13 sed -i "s/mmcblk0p2/sda1/" "${ETC_DIR}/fstab"
13 sed -i "s/mmcblk0p2/sda1/" "${ETC_DIR}/fstab"
14 fi
14 fi
15
15
16 # Add encrypted root partition to fstab and crypttab
16 # Add encrypted root partition to fstab and crypttab
17 if [ "$ENABLE_CRYPTFS" = true ] ; then
17 if [ "$ENABLE_CRYPTFS" = true ] ; then
18 # Replace fstab root partition with encrypted partition mapping
18 # Replace fstab root partition with encrypted partition mapping
19 sed -i "s/mmcblk0p2/mapper\/${CRYPTFS_MAPPING}/" "${ETC_DIR}/fstab"
19 sed -i "s/mmcblk0p2/mapper\/${CRYPTFS_MAPPING}/" "${ETC_DIR}/fstab"
20
20
21 # Add encrypted partition to crypttab and fstab
21 # Add encrypted partition to crypttab and fstab
22 install_readonly files/mount/crypttab "${ETC_DIR}/crypttab"
22 install_readonly files/mount/crypttab "${ETC_DIR}/crypttab"
23 echo "${CRYPTFS_MAPPING} /dev/mmcblk0p2 none luks" >> "${ETC_DIR}/crypttab"
23 echo "${CRYPTFS_MAPPING} /dev/mmcblk0p2 none luks,initramfs" >> "${ETC_DIR}/crypttab"
24
24
25 if [ "$ENABLE_SPLITFS" = true ] ; then
25 if [ "$ENABLE_SPLITFS" = true ] ; then
26 # Add usb/sda disk to crypttab
26 # Add usb/sda1 disk to crypttab
27 sed -i "s/mmcblk0p2/sda1/" "${ETC_DIR}/crypttab"
27 sed -i "s/mmcblk0p2/sda1/" "${ETC_DIR}/crypttab"
28 fi
28 fi
29 fi
29 fi
30
30
31 if [ "$ENABLE_USBBOOT" = true ] ; then
32 sed -i "s/mmcblk0p1/sda1/" "${ETC_DIR}/fstab"
33 sed -i "s/mmcblk0p2/sda2/" "${ETC_DIR}/fstab"
34
35 # Add usb/sda2 disk to crypttab
36 sed -i "s/mmcblk0p2/sda2/" "${ETC_DIR}/crypttab"
37 fi
38
31 # Generate initramfs file
39 # Generate initramfs file
32 if [ "$BUILD_KERNEL" = true ] && [ "$ENABLE_INITRAMFS" = true ] ; then
40 if [ "$ENABLE_INITRAMFS" = true ] ; then
33 if [ "$ENABLE_CRYPTFS" = true ] ; then
41 if [ "$ENABLE_CRYPTFS" = true ] ; then
34 # Include initramfs scripts to auto expand encrypted root partition
42 # Include initramfs scripts to auto expand encrypted root partition
35 if [ "$EXPANDROOT" = true ] ; then
43 if [ "$EXPANDROOT" = true ] ; then
36 install_exec files/initramfs/expand_encrypted_rootfs "${ETC_DIR}/initramfs-tools/scripts/init-premount/expand_encrypted_rootfs"
44 install_exec files/initramfs/expand_encrypted_rootfs "${ETC_DIR}/initramfs-tools/scripts/init-premount/expand_encrypted_rootfs"
37 install_exec files/initramfs/expand-premount "${ETC_DIR}/initramfs-tools/scripts/local-premount/expand-premount"
45 install_exec files/initramfs/expand-premount "${ETC_DIR}/initramfs-tools/scripts/local-premount/expand-premount"
38 install_exec files/initramfs/expand-tools "${ETC_DIR}/initramfs-tools/hooks/expand-tools"
46 install_exec files/initramfs/expand-tools "${ETC_DIR}/initramfs-tools/hooks/expand-tools"
39 fi
47 fi
48
49 if [ "$ENABLE_DHCP" = false ] ; then
50 # Get cdir from NET_ADDRESS e.g. 24
51 cdir=$(${NET_ADDRESS} | cut -d '/' -f2)
52
53 # Convert cdir ro netmask e.g. 24 to 255.255.255.0
54 NET_MASK=$(cdr2mask "$cdir")
55
56 # Write static ip settings to "${ETC_DIR}"/initramfs-tools/initramfs.conf
57 sed -i "\$aIP=${NET_ADDRESS}::${NET_GATEWAY}:${NET_MASK}:${HOSTNAME}:" "${ETC_DIR}"/initramfs-tools/initramfs.conf
58
59 # Regenerate initramfs
60 chroot_exec mkinitramfs -o "/boot/firmware/initramfs-${KERNEL_VERSION}" "${KERNEL_VERSION}"
61 fi
62
63 if [ "$CRYPTFS_DROPBEAR" = true ]; then
64 if [ -n "$CRYPTFS_DROPBEAR_PUBKEY" ] && [ -f "$CRYPTFS_DROPBEAR_PUBKEY" ] ; then
65 install_readonly "${CRYPTFS_DROPBEAR_PUBKEY}" "${ETC_DIR}"/dropbear-initramfs/id_rsa.pub
66 cat "${ETC_DIR}"/dropbear-initramfs/id_rsa.pub >> "${ETC_DIR}"/dropbear-initramfs/authorized_keys
67 else
68 # Create key
69 chroot_exec /usr/bin/dropbearkey -t rsa -f /etc/dropbear-initramfs/id_rsa.dropbear
70
71 # Convert dropbear key to openssh key
72 chroot_exec /usr/lib/dropbear/dropbearconvert dropbear openssh /etc/dropbear-initramfs/id_rsa.dropbear /etc/dropbear-initramfs/id_rsa
73
74 # Get Public Key Part
75 chroot_exec /usr/bin/dropbearkey -y -f /etc/dropbear-initramfs/id_rsa.dropbear | chroot_exec tee /etc/dropbear-initramfs/id_rsa.pub
76
77 # Delete unwanted lines
78 sed -i '/Public/d' "${ETC_DIR}"/dropbear-initramfs/id_rsa.pub
79 sed -i '/Fingerprint/d' "${ETC_DIR}"/dropbear-initramfs/id_rsa.pub
80
81 # Trust the new key
82 cat "${ETC_DIR}"/dropbear-initramfs/id_rsa.pub > "${ETC_DIR}"/dropbear-initramfs/authorized_keys
83
84 # Save Keys - convert with putty from rsa/openssh to puttkey
85 cp -f "${ETC_DIR}"/dropbear-initramfs/id_rsa "${BASEDIR}"/dropbear_initramfs_key.rsa
86
87 # Get unlock script
88 install_exec files/initramfs/crypt_unlock.sh "${ETC_DIR}"/initramfs-tools/hooks/crypt_unlock.sh
89
90 # Enable Dropbear inside initramfs
91 printf "#\n# DROPBEAR: [ y | n ]\n#\n\nDROPBEAR=y\n" >> "${ETC_DIR}/initramfs-tools/initramfs.conf"
92
93 # Enable Dropbear inside initramfs
94 sed -i "54 i sleep 5" "${R}"/usr/share/initramfs-tools/scripts/init-premount/dropbear
95 fi
96 else
97 # Disable SSHD inside initramfs
98 printf "#\n# DROPBEAR: [ y | n ]\n#\n\nDROPBEAR=n\n" >> "${ETC_DIR}/initramfs-tools/initramfs.conf"
99 fi
40
100
41 # Disable SSHD inside initramfs
101 # Add cryptsetup modules to initramfs
42 printf "#\n# DROPBEAR: [ y | n ]\n#\n\nDROPBEAR=n\n" >> "${ETC_DIR}/initramfs-tools/initramfs.conf"
102 printf "#\n# CRYPTSETUP: [ y | n ]\n#\n\nCRYPTSETUP=y\n" >> "${ETC_DIR}/initramfs-tools/conf-hook"
43
103
44 # Dummy mapping required by mkinitramfs
104 # Dummy mapping required by mkinitramfs
45 echo "0 1 crypt $(echo ${CRYPTFS_CIPHER} | cut -d ':' -f 1) ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff 0 7:0 4096" | chroot_exec dmsetup create "${CRYPTFS_MAPPING}"
105 echo "0 1 crypt $(echo "${CRYPTFS_CIPHER}" | cut -d ':' -f 1) ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff 0 7:0 4096" | chroot_exec dmsetup create "${CRYPTFS_MAPPING}"
46
106
47 # Generate initramfs with encrypted root partition support
107 # Generate initramfs with encrypted root partition support
48 chroot_exec mkinitramfs -o "/boot/firmware/initramfs-${KERNEL_VERSION}" "${KERNEL_VERSION}"
108 chroot_exec mkinitramfs -o "/boot/firmware/initramfs-${KERNEL_VERSION}" "${KERNEL_VERSION}"
49
109
50 # Remove dummy mapping
110 # Remove dummy mapping
51 chroot_exec cryptsetup close "${CRYPTFS_MAPPING}"
111 chroot_exec cryptsetup close "${CRYPTFS_MAPPING}"
52 else
112 else
53 # Generate initramfs without encrypted root partition support
113 # Generate initramfs without encrypted root partition support
54 chroot_exec mkinitramfs -o "/boot/firmware/initramfs-${KERNEL_VERSION}" "${KERNEL_VERSION}"
114 chroot_exec mkinitramfs -o "/boot/firmware/initramfs-${KERNEL_VERSION}" "${KERNEL_VERSION}"
55 fi
115 fi
56 fi
116 fi
@@ -1,151 +1,300
1 #
1 #
2 # Setup RPi2/3 config and cmdline
2 # Setup RPi2/3 config and cmdline
3 #
3 #
4
4
5 # Load utility functions
5 # Load utility functions
6 . ./functions.sh
6 . ./functions.sh
7
7
8 if [ "$BUILD_KERNEL" = true ] ; then
8 if [ -n "$RPI_FIRMWARE_DIR" ] && [ -d "$RPI_FIRMWARE_DIR" ] ; then
9 if [ -n "$RPI_FIRMWARE_DIR" ] && [ -d "$RPI_FIRMWARE_DIR" ] ; then
9 # Install boot binaries from local directory
10 # Install boot binaries from local directory
10 cp "${RPI_FIRMWARE_DIR}"/boot/bootcode.bin "${BOOT_DIR}"/bootcode.bin
11 cp ${RPI_FIRMWARE_DIR}/boot/bootcode.bin ${BOOT_DIR}/bootcode.bin
11 cp "${RPI_FIRMWARE_DIR}"/boot/fixup.dat "${BOOT_DIR}"/fixup.dat
12 cp ${RPI_FIRMWARE_DIR}/boot/fixup.dat ${BOOT_DIR}/fixup.dat
12 cp "${RPI_FIRMWARE_DIR}"/boot/fixup_cd.dat "${BOOT_DIR}"/fixup_cd.dat
13 cp ${RPI_FIRMWARE_DIR}/boot/fixup_cd.dat ${BOOT_DIR}/fixup_cd.dat
13 cp "${RPI_FIRMWARE_DIR}"/boot/fixup_x.dat "${BOOT_DIR}"/fixup_x.dat
14 cp ${RPI_FIRMWARE_DIR}/boot/fixup_x.dat ${BOOT_DIR}/fixup_x.dat
14 cp "${RPI_FIRMWARE_DIR}"/boot/start.elf "${BOOT_DIR}"/start.elf
15 cp ${RPI_FIRMWARE_DIR}/boot/start.elf ${BOOT_DIR}/start.elf
15 cp "${RPI_FIRMWARE_DIR}"/boot/start_cd.elf "${BOOT_DIR}"/start_cd.elf
16 cp ${RPI_FIRMWARE_DIR}/boot/start_cd.elf ${BOOT_DIR}/start_cd.elf
16 cp "${RPI_FIRMWARE_DIR}"/boot/start_x.elf "${BOOT_DIR}"/start_x.elf
17 cp ${RPI_FIRMWARE_DIR}/boot/start_x.elf ${BOOT_DIR}/start_x.elf
17 else
18 else
18 # Create temporary directory for boot binaries
19 # Create temporary directory for boot binaries
19 temp_dir=$(as_nobody mktemp -d)
20 temp_dir=$(as_nobody mktemp -d)
21
20
22 # Install latest boot binaries from raspberry/firmware github
21 # Install latest boot binaries from raspberry/firmware github
23 as_nobody wget -q -O "${temp_dir}/bootcode.bin" "${FIRMWARE_URL}/bootcode.bin"
22 as_nobody wget -q -O "${temp_dir}/bootcode.bin" "${FIRMWARE_URL}/bootcode.bin"
24 as_nobody wget -q -O "${temp_dir}/fixup.dat" "${FIRMWARE_URL}/fixup.dat"
23 as_nobody wget -q -O "${temp_dir}/fixup.dat" "${FIRMWARE_URL}/fixup.dat"
25 as_nobody wget -q -O "${temp_dir}/fixup_cd.dat" "${FIRMWARE_URL}/fixup_cd.dat"
24 as_nobody wget -q -O "${temp_dir}/fixup_cd.dat" "${FIRMWARE_URL}/fixup_cd.dat"
26 as_nobody wget -q -O "${temp_dir}/fixup_x.dat" "${FIRMWARE_URL}/fixup_x.dat"
25 as_nobody wget -q -O "${temp_dir}/fixup_x.dat" "${FIRMWARE_URL}/fixup_x.dat"
27 as_nobody wget -q -O "${temp_dir}/start.elf" "${FIRMWARE_URL}/start.elf"
26 as_nobody wget -q -O "${temp_dir}/start.elf" "${FIRMWARE_URL}/start.elf"
28 as_nobody wget -q -O "${temp_dir}/start_cd.elf" "${FIRMWARE_URL}/start_cd.elf"
27 as_nobody wget -q -O "${temp_dir}/start_cd.elf" "${FIRMWARE_URL}/start_cd.elf"
29 as_nobody wget -q -O "${temp_dir}/start_x.elf" "${FIRMWARE_URL}/start_x.elf"
28 as_nobody wget -q -O "${temp_dir}/start_x.elf" "${FIRMWARE_URL}/start_x.elf"
30
29
31 # Move downloaded boot binaries
30 # Move downloaded boot binaries
32 mv "${temp_dir}/"* "${BOOT_DIR}/"
31 mv "${temp_dir}/"* "${BOOT_DIR}/"
33
32
34 # Remove temporary directory for boot binaries
33 # Remove temporary directory for boot binaries
35 rm -fr "${temp_dir}"
34 rm -fr "${temp_dir}"
36
35
37 # Set permissions of the boot binaries
36 # Set permissions of the boot binaries
38 chown -R root:root "${BOOT_DIR}"
37 chown -R root:root "${BOOT_DIR}"
39 chmod -R 600 "${BOOT_DIR}"
38 chmod -R 600 "${BOOT_DIR}"
40 fi
41 fi
39 fi
42
40
43 # Setup firmware boot cmdline
41 # Setup firmware boot cmdline
44 if [ "$ENABLE_SPLITFS" = true ] ; then
42 if [ "$ENABLE_USBBOOT" = true ] ; then
45 CMDLINE="dwc_otg.lpm_enable=0 root=/dev/sda1 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline rootwait console=tty1"
43 CMDLINE="dwc_otg.lpm_enable=0 root=/dev/sda2 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline console=tty1 rootwait init=/bin/systemd"
46 else
44 else
47 CMDLINE="dwc_otg.lpm_enable=0 root=/dev/mmcblk0p2 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline rootwait console=tty1"
45 if [ "$ENABLE_SPLITFS" = true ] ; then
46 CMDLINE="dwc_otg.lpm_enable=0 root=/dev/sda1 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline console=tty1 rootwait init=/bin/systemd"
47 else
48 CMDLINE="dwc_otg.lpm_enable=0 root=/dev/mmcblk0p2 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline console=tty1 rootwait init=/bin/systemd"
49 fi
48 fi
50 fi
49
51
50 # Add encrypted root partition to cmdline.txt
52 # Add encrypted root partition to cmdline.txt
51 if [ "$ENABLE_CRYPTFS" = true ] ; then
53 if [ "$ENABLE_CRYPTFS" = true ] ; then
52 if [ "$ENABLE_SPLITFS" = true ] ; then
54 if [ "$ENABLE_SPLITFS" = true ] ; then
53 CMDLINE=$(echo ${CMDLINE} | sed "s/sda1/mapper\/${CRYPTFS_MAPPING} cryptdevice=\/dev\/sda1:${CRYPTFS_MAPPING}/")
55 CMDLINE=$(echo "${CMDLINE}" | sed "s/sda1/mapper\/${CRYPTFS_MAPPING} cryptdevice=\/dev\/sda1:${CRYPTFS_MAPPING}/")
54 else
56 else
55 CMDLINE=$(echo ${CMDLINE} | sed "s/mmcblk0p2/mapper\/${CRYPTFS_MAPPING} cryptdevice=\/dev\/mmcblk0p2:${CRYPTFS_MAPPING}/")
57 if [ "$ENABLE_USBBOOT" = true ] ; then
58 CMDLINE=$(echo "${CMDLINE}" | sed "s/sda2/mapper\/${CRYPTFS_MAPPING} cryptdevice=\/dev\/sda2:${CRYPTFS_MAPPING}/")
59 else
60 CMDLINE=$(echo "${CMDLINE}" | sed "s/mmcblk0p2/mapper\/${CRYPTFS_MAPPING} cryptdevice=\/dev\/mmcblk0p2:${CRYPTFS_MAPPING}/")
61 fi
56 fi
62 fi
57 fi
63 fi
58
64
59 # Add serial console support
65 # Enable Kernel messages on standard output
60 if [ "$ENABLE_CONSOLE" = true ] ; then
66 if [ "$ENABLE_PRINTK" = true ] ; then
61 CMDLINE="${CMDLINE} console=ttyAMA0,115200 kgdboc=ttyAMA0,115200"
67 install_readonly files/sysctl.d/83-rpi-printk.conf "${ETC_DIR}/sysctl.d/83-rpi-printk.conf"
68 fi
69
70 # Enable Kernel messages on standard output
71 if [ "$KERNEL_SECURITY" = true ] ; then
72 install_readonly files/sysctl.d/84-rpi-ASLR.conf "${ETC_DIR}/sysctl.d/84-rpi-ASLR.conf"
62 fi
73 fi
63
74
75 # Install udev rule for serial alias - serial0 = console serial1=bluetooth
76 install_readonly files/etc/99-com.rules "${LIB_DIR}/udev/rules.d/99-com.rules"
77
64 # Remove IPv6 networking support
78 # Remove IPv6 networking support
65 if [ "$ENABLE_IPV6" = false ] ; then
79 if [ "$ENABLE_IPV6" = false ] ; then
66 CMDLINE="${CMDLINE} ipv6.disable=1"
80 CMDLINE="${CMDLINE} ipv6.disable=1"
67 fi
81 fi
68
82
69 # Automatically assign predictable network interface names
83 # Automatically assign predictable network interface names
70 if [ "$ENABLE_IFNAMES" = false ] ; then
84 if [ "$ENABLE_IFNAMES" = false ] ; then
71 CMDLINE="${CMDLINE} net.ifnames=0"
85 CMDLINE="${CMDLINE} net.ifnames=0"
72 else
86 else
73 CMDLINE="${CMDLINE} net.ifnames=1"
87 CMDLINE="${CMDLINE} net.ifnames=1"
74 fi
88 fi
75
89
76 # Set init to systemd if required by Debian release
90 # Disable Raspberry Pi console logo
77 if [ "$RELEASE" = "stretch" ] || [ "$RELEASE" = "buster" ] ; then
91 if [ "$ENABLE_LOGO" = false ] ; then
78 CMDLINE="${CMDLINE} init=/bin/systemd"
92 CMDLINE="${CMDLINE} logo.nologo"
79 fi
93 fi
80
94
81 # Install firmware boot cmdline
95 # Strictly limit verbosity of boot up console messages
82 echo "${CMDLINE}" > "${BOOT_DIR}/cmdline.txt"
96 if [ "$ENABLE_SILENT_BOOT" = true ] ; then
97 CMDLINE="${CMDLINE} quiet loglevel=0 rd.systemd.show_status=auto rd.udev.log_priority=0"
98 fi
83
99
84 # Install firmware config
100 # Install firmware config
85 install_readonly files/boot/config.txt "${BOOT_DIR}/config.txt"
101 install_readonly files/boot/config.txt "${BOOT_DIR}/config.txt"
86
102
103 # Disable Raspberry Pi console logo
104 if [ "$ENABLE_SLASH" = false ] ; then
105 echo "disable_splash=1" >> "${BOOT_DIR}/config.txt"
106 fi
107
108 # Locks CPU frequency at maximum
109 if [ "$ENABLE_TURBO" = true ] ; then
110 echo "force_turbo=1" >> "${BOOT_DIR}/config.txt"
111 # helps to avoid sdcard corruption when force_turbo is enabled.
112 echo "boot_delay=1" >> "${BOOT_DIR}/config.txt"
113 fi
114
115 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then
116
117 # Bluetooth enabled
118 if [ "$ENABLE_BLUETOOTH" = true ] ; then
119 # Create temporary directory for Bluetooth sources
120 temp_dir=$(as_nobody mktemp -d)
121
122 # Fetch Bluetooth sources
123 as_nobody git -C "${temp_dir}" clone "${BLUETOOTH_URL}"
124
125 # Copy downloaded sources
126 mv "${temp_dir}/pi-bluetooth" "${R}/tmp/"
127
128 # Bluetooth firmware from arch aur https://aur.archlinux.org/packages/pi-bluetooth/
129 as_nobody wget -q -O "${R}/tmp/pi-bluetooth/LICENCE.broadcom_bcm43xx" https://aur.archlinux.org/cgit/aur.git/plain/LICENCE.broadcom_bcm43xx?h=pi-bluetooth
130 as_nobody wget -q -O "${R}/tmp/pi-bluetooth/BCM43430A1.hcd" https://raw.githubusercontent.com/RPi-Distro/bluez-firmware/master/broadcom/BCM43430A1.hcd
131
132 # Set permissions
133 chown -R root:root "${R}/tmp/pi-bluetooth"
134
135 # Install tools
136 install_readonly "${R}/tmp/pi-bluetooth/usr/bin/btuart" "${R}/usr/bin/btuart"
137 install_readonly "${R}/tmp/pi-bluetooth/usr/bin/bthelper" "${R}/usr/bin/bthelper"
138
139 # make scripts executable
140 chmod +x "${R}/usr/bin/bthelper"
141 chmod +x "${R}/usr/bin/btuart"
142
143 # Install bluetooth udev rule
144 install_readonly "${R}/tmp/pi-bluetooth/lib/udev/rules.d/90-pi-bluetooth.rules" "${LIB_DIR}/udev/rules.d/90-pi-bluetooth.rules"
145
146 # Install Firmware Flash file and apropiate licence
147 mkdir -p "$BLUETOOTH_FIRMWARE_DIR"
148 install_readonly "${R}/tmp/pi-bluetooth/LICENCE.broadcom_bcm43xx" "${BLUETOOTH_FIRMWARE_DIR}/LICENCE.broadcom_bcm43xx"
149 install_readonly "${R}/tmp/pi-bluetooth/BCM43430A1.hcd" "${BLUETOOTH_FIRMWARE_DIR}/BCM43430A1.hcd"
150 install_readonly "${R}/tmp/pi-bluetooth/debian/pi-bluetooth.bthelper@.service" "${ETC_DIR}/systemd/system/pi-bluetooth.bthelper@.service"
151 install_readonly "${R}/tmp/pi-bluetooth/debian/pi-bluetooth.hciuart.service" "${ETC_DIR}/systemd/system/pi-bluetooth.hciuart.service"
152
153 # Remove temporary directories
154 rm -fr "${temp_dir}"
155 rm -fr "${R}"/tmp/pi-bluetooth
156
157 # Switch Pi3 Bluetooth function to use the mini-UART (ttyS0) and restore UART0/ttyAMA0 over GPIOs 14 & 15. Slow Bluetooth and slow cpu. Use /dev/ttyS0 instead of /dev/ttyAMA0
158 if [ "$ENABLE_MINIUART_OVERLAY" = true ] ; then
159 # set overlay to swap ttyAMA0 and ttyS0
160 echo "dtoverlay=pi3-miniuart-bt" >> "${BOOT_DIR}/config.txt"
161
162 if [ "$ENABLE_TURBO" = false ] ; then
163 echo "core_freq=250" >> "${BOOT_DIR}/config.txt"
164 fi
165
166 fi
167
168 # Activate services
169 chroot_exec systemctl enable pi-bluetooth.hciuart.service
170
171 else # if ENABLE_BLUETOOTH = false
172 # set overlay to disable bluetooth
173 echo "dtoverlay=pi3-disable-bt" >> "${BOOT_DIR}/config.txt"
174 fi # ENABLE_BLUETOOTH end
175 fi
176
177 # may need sudo systemctl disable hciuart
178 if [ "$ENABLE_CONSOLE" = true ] ; then
179 echo "enable_uart=1" >> "${BOOT_DIR}/config.txt"
180 # add string to cmdline
181 CMDLINE="${CMDLINE} console=serial0,115200"
182
183 if [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ]|| [ "$RPI_MODEL" = 0 ]; then
184 # if force_turbo didn't lock cpu at high speed, lock it at low speed (XOR logic) or miniuart will be broken
185 if [ "$ENABLE_TURBO" = false ] ; then
186 echo "core_freq=250" >> "${BOOT_DIR}/config.txt"
187 fi
188 fi
189
190 # Enable serial console systemd style
191 chroot_exec systemctl enable serial-getty@serial0.service
192 else
193 echo "enable_uart=0" >> "${BOOT_DIR}/config.txt"
194 fi
195
196 # Disable dphys-swapfile service. Will get enabled on first boot
197 if [ "$ENABLE_DPHYSSWAP" = true ] ; then
198 chroot_exec systemctl disable dphys-swapfile
199 fi
200
201 if [ "$ENABLE_SYSTEMDSWAP" = true ] ; then
202 # Create temporary directory for systemd-swap sources
203 temp_dir=$(as_nobody mktemp -d)
204
205 # Fetch systemd-swap sources
206 as_nobody git -C "${temp_dir}" clone "${SYSTEMDSWAP_URL}"
207
208 # Copy downloaded systemd-swap sources
209 mv "${temp_dir}/systemd-swap" "${R}/tmp/"
210
211 # Change into downloaded src dir
212 cd "${R}/tmp/systemd-swap" || exit
213
214 # Build package
215 bash ./package.sh debian
216
217 # Change back into script root dir
218 cd "${WORKDIR}" || exit
219
220 # Set permissions of the systemd-swap sources
221 chown -R root:root "${R}/tmp/systemd-swap"
222
223 # Install package - IMPROVE AND MAKE IT POSSIBLE WITHOUT VERSION NR.
224 chroot_exec dpkg -i /tmp/systemd-swap/systemd-swap_4.0.1_any.deb
225
226 # Enable service
227 chroot_exec systemctl enable systemd-swap
228
229 # Remove temporary directory for systemd-swap sources
230 rm -fr "${temp_dir}"
231 else
232 # Enable ZSWAP in cmdline if systemd-swap is not used
233 if [ "$KERNEL_ZSWAP" = true ] ; then
234 CMDLINE="${CMDLINE} zswap.enabled=1 zswap.max_pool_percent=25 zswap.compressor=lz4"
235 fi
236 fi
237 if [ "$KERNEL_SECURITY" = true ] ; then
238 CMDLINE="${CMDLINE} apparmor=1 security=apparmor"
239 fi
240
241 # Install firmware boot cmdline
242 echo "${CMDLINE}" > "${BOOT_DIR}/cmdline.txt"
243
87 # Setup minimal GPU memory allocation size: 16MB (no X)
244 # Setup minimal GPU memory allocation size: 16MB (no X)
88 if [ "$ENABLE_MINGPU" = true ] ; then
245 if [ "$ENABLE_MINGPU" = true ] ; then
89 echo "gpu_mem=16" >> "${BOOT_DIR}/config.txt"
246 echo "gpu_mem=16" >> "${BOOT_DIR}/config.txt"
90 fi
247 fi
91
248
92 # Setup boot with initramfs
249 # Setup boot with initramfs
93 if [ "$ENABLE_INITRAMFS" = true ] ; then
250 if [ "$ENABLE_INITRAMFS" = true ] ; then
94 echo "initramfs initramfs-${KERNEL_VERSION} followkernel" >> "${BOOT_DIR}/config.txt"
251 echo "initramfs initramfs-${KERNEL_VERSION} followkernel" >> "${BOOT_DIR}/config.txt"
95 fi
252 fi
96
253
97 # Disable RPi3 Bluetooth and restore ttyAMA0 serial device
98 if [ "$RPI_MODEL" = 3 ] ; then
99 if [ "$ENABLE_CONSOLE" = true ] && [ "$ENABLE_UBOOT" = false ] ; then
100 echo "dtoverlay=pi3-disable-bt" >> "${BOOT_DIR}/config.txt"
101 echo "enable_uart=1" >> "${BOOT_DIR}/config.txt"
102 fi
103 fi
104
105 # Create firmware configuration and cmdline symlinks
254 # Create firmware configuration and cmdline symlinks
106 ln -sf firmware/config.txt "${R}/boot/config.txt"
255 ln -sf firmware/config.txt "${R}/boot/config.txt"
107 ln -sf firmware/cmdline.txt "${R}/boot/cmdline.txt"
256 ln -sf firmware/cmdline.txt "${R}/boot/cmdline.txt"
108
257
109 # Install and setup kernel modules to load at boot
258 # Install and setup kernel modules to load at boot
110 mkdir -p "${R}/lib/modules-load.d/"
259 mkdir -p "${LIB_DIR}/modules-load.d/"
111 install_readonly files/modules/rpi2.conf "${R}/lib/modules-load.d/rpi2.conf"
260 install_readonly files/modules/rpi2.conf "${LIB_DIR}/modules-load.d/rpi2.conf"
112
261
113 # Load hardware random module at boot
262 # Load hardware random module at boot
114 if [ "$ENABLE_HWRANDOM" = true ] && [ "$BUILD_KERNEL" = false ] ; then
263 if [ "$ENABLE_HWRANDOM" = true ] && [ "$BUILD_KERNEL" = false ] ; then
115 sed -i "s/^# bcm2708_rng/bcm2708_rng/" "${R}/lib/modules-load.d/rpi2.conf"
264 sed -i "s/^# bcm2708_rng/bcm2708_rng/" "${LIB_DIR}/modules-load.d/rpi2.conf"
116 fi
265 fi
117
266
118 # Load sound module at boot
267 # Load sound module at boot
119 if [ "$ENABLE_SOUND" = true ] ; then
268 if [ "$ENABLE_SOUND" = true ] ; then
120 sed -i "s/^# snd_bcm2835/snd_bcm2835/" "${R}/lib/modules-load.d/rpi2.conf"
269 sed -i "s/^# snd_bcm2835/snd_bcm2835/" "${LIB_DIR}/modules-load.d/rpi2.conf"
121 else
270 else
122 echo "dtparam=audio=off" >> "${BOOT_DIR}/config.txt"
271 echo "dtparam=audio=off" >> "${BOOT_DIR}/config.txt"
123 fi
272 fi
124
273
125 # Enable I2C interface
274 # Enable I2C interface
126 if [ "$ENABLE_I2C" = true ] ; then
275 if [ "$ENABLE_I2C" = true ] ; then
127 echo "dtparam=i2c_arm=on" >> "${BOOT_DIR}/config.txt"
276 echo "dtparam=i2c_arm=on" >> "${BOOT_DIR}/config.txt"
128 sed -i "s/^# i2c-bcm2708/i2c-bcm2708/" "${R}/lib/modules-load.d/rpi2.conf"
277 sed -i "s/^# i2c-bcm2708/i2c-bcm2708/" "${LIB_DIR}/modules-load.d/rpi2.conf"
129 sed -i "s/^# i2c-dev/i2c-dev/" "${R}/lib/modules-load.d/rpi2.conf"
278 sed -i "s/^# i2c-dev/i2c-dev/" "${LIB_DIR}/modules-load.d/rpi2.conf"
130 fi
279 fi
131
280
132 # Enable SPI interface
281 # Enable SPI interface
133 if [ "$ENABLE_SPI" = true ] ; then
282 if [ "$ENABLE_SPI" = true ] ; then
134 echo "dtparam=spi=on" >> "${BOOT_DIR}/config.txt"
283 echo "dtparam=spi=on" >> "${BOOT_DIR}/config.txt"
135 echo "spi-bcm2708" >> "${R}/lib/modules-load.d/rpi2.conf"
284 echo "spi-bcm2708" >> "${LIB_DIR}/modules-load.d/rpi2.conf"
136 if [ "$RPI_MODEL" = 3 ] ; then
285 if [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ]; then
137 sed -i "s/spi-bcm2708/spi-bcm2835/" "${R}/lib/modules-load.d/rpi2.conf"
286 sed -i "s/spi-bcm2708/spi-bcm2835/" "${LIB_DIR}/modules-load.d/rpi2.conf"
138 fi
287 fi
139 fi
288 fi
140
289
141 # Disable RPi2/3 under-voltage warnings
290 # Disable RPi2/3 under-voltage warnings
142 if [ ! -z "$DISABLE_UNDERVOLT_WARNINGS" ] ; then
291 if [ -n "$DISABLE_UNDERVOLT_WARNINGS" ] ; then
143 echo "avoid_warnings=${DISABLE_UNDERVOLT_WARNINGS}" >> "${BOOT_DIR}/config.txt"
292 echo "avoid_warnings=${DISABLE_UNDERVOLT_WARNINGS}" >> "${BOOT_DIR}/config.txt"
144 fi
293 fi
145
294
146 # Install kernel modules blacklist
295 # Install kernel modules blacklist
147 mkdir -p "${ETC_DIR}/modprobe.d/"
296 mkdir -p "${ETC_DIR}/modprobe.d/"
148 install_readonly files/modules/raspi-blacklist.conf "${ETC_DIR}/modprobe.d/raspi-blacklist.conf"
297 install_readonly files/modules/raspi-blacklist.conf "${ETC_DIR}/modprobe.d/raspi-blacklist.conf"
149
298
150 # Install sysctl.d configuration files
299 # Install sysctl.d configuration files
151 install_readonly files/sysctl.d/81-rpi-vm.conf "${ETC_DIR}/sysctl.d/81-rpi-vm.conf"
300 install_readonly files/sysctl.d/81-rpi-vm.conf "${ETC_DIR}/sysctl.d/81-rpi-vm.conf"
@@ -1,107 +1,136
1 #
1 #
2 # Setup Networking
2 # Setup Networking
3 #
3 #
4
4
5 # Load utility functions
5 # Load utility functions
6 . ./functions.sh
6 . ./functions.sh
7
7
8 # Install and setup hostname
8 # Install and setup hostname
9 install_readonly files/network/hostname "${ETC_DIR}/hostname"
9 install_readonly files/network/hostname "${ETC_DIR}/hostname"
10 sed -i "s/^rpi2-jessie/${HOSTNAME}/" "${ETC_DIR}/hostname"
10 sed -i "s/^RaspberryPI/${HOSTNAME}/" "${ETC_DIR}/hostname"
11
11
12 # Install and setup hosts
12 # Install and setup hosts
13 install_readonly files/network/hosts "${ETC_DIR}/hosts"
13 install_readonly files/network/hosts "${ETC_DIR}/hosts"
14 sed -i "s/rpi2-jessie/${HOSTNAME}/" "${ETC_DIR}/hosts"
14 sed -i "s/RaspberryPI/${HOSTNAME}/" "${ETC_DIR}/hosts"
15
15
16 # Setup hostname entry with static IP
16 # Setup hostname entry with static IP
17 if [ "$NET_ADDRESS" != "" ] ; then
17 if [ "$NET_ADDRESS" != "" ] ; then
18 NET_IP=$(echo "${NET_ADDRESS}" | cut -f 1 -d'/')
18 NET_IP=$(echo "${NET_ADDRESS}" | cut -f 1 -d'/')
19 sed -i "s/^127.0.1.1/${NET_IP}/" "${ETC_DIR}/hosts"
19 sed -i "s/^127.0.1.1/${NET_IP}/" "${ETC_DIR}/hosts"
20 fi
20 fi
21
21
22 # Remove IPv6 hosts
22 # Remove IPv6 hosts
23 if [ "$ENABLE_IPV6" = false ] ; then
23 if [ "$ENABLE_IPV6" = false ] ; then
24 sed -i -e "/::[1-9]/d" -e "/^$/d" "${ETC_DIR}/hosts"
24 sed -i -e "/::[1-9]/d" -e "/^$/d" "${ETC_DIR}/hosts"
25 fi
25 fi
26
26
27 # Install hint about network configuration
27 # Install hint about network configuration
28 install_readonly files/network/interfaces "${ETC_DIR}/network/interfaces"
28 install_readonly files/network/interfaces "${ETC_DIR}/network/interfaces"
29
29
30 # Install configuration for interface eth0
30 # Install configuration for interface eth0
31 install_readonly files/network/eth.network "${ETC_DIR}/systemd/network/eth.network"
31 install_readonly files/network/eth.network "${ETC_DIR}/systemd/network/eth.network"
32
32
33 if [ "$RPI_MODEL" = 3P ] ; then
34 printf "\n[Link]\nGenericReceiveOffload=off\nTCPSegmentationOffload=off\nGenericSegmentationOffload=off" >> "${ETC_DIR}/systemd/network/eth.network"
35 fi
36
37 # Install configuration for interface wl*
38 install_readonly files/network/wlan.network "${ETC_DIR}/systemd/network/wlan.network"
39
40 #always with dhcp since wpa_supplicant integration is missing
41 sed -i -e "s/DHCP=.*/DHCP=yes/" -e "/DHCP/q" "${ETC_DIR}/systemd/network/wlan.network"
42
33 if [ "$ENABLE_DHCP" = true ] ; then
43 if [ "$ENABLE_DHCP" = true ] ; then
34 # Enable DHCP configuration for interface eth0
44 # Enable DHCP configuration for interface eth0
35 sed -i -e "s/DHCP=.*/DHCP=yes/" -e "/DHCP/q" "${ETC_DIR}/systemd/network/eth.network"
45 sed -i -e "s/DHCP=.*/DHCP=yes/" -e "/DHCP/q" "${ETC_DIR}/systemd/network/eth.network"
36
46
37 # Set DHCP configuration to IPv4 only
47 # Set DHCP configuration to IPv4 only
38 if [ "$ENABLE_IPV6" = false ] ; then
48 if [ "$ENABLE_IPV6" = false ] ; then
39 sed -i "s/DHCP=.*/DHCP=v4/" "${ETC_DIR}/systemd/network/eth.network"
49 sed -i "s/DHCP=.*/DHCP=v4/" "${ETC_DIR}/systemd/network/eth.network"
40 fi
50 fi
41
51
42 else # ENABLE_DHCP=false
52 else # ENABLE_DHCP=false
43 # Set static network configuration for interface eth0
53 # Set static network configuration for interface eth0
44 sed -i\
54 sed -i\
45 -e "s|DHCP=.*|DHCP=no|"\
55 -e "s|DHCP=.*|DHCP=no|"\
46 -e "s|Address=\$|Address=${NET_ADDRESS}|"\
56 -e "s|Address=\$|Address=${NET_ADDRESS}|"\
47 -e "s|Gateway=\$|Gateway=${NET_GATEWAY}|"\
57 -e "s|Gateway=\$|Gateway=${NET_GATEWAY}|"\
48 -e "0,/DNS=\$/ s|DNS=\$|DNS=${NET_DNS_1}|"\
58 -e "0,/DNS=\$/ s|DNS=\$|DNS=${NET_DNS_1}|"\
49 -e "0,/DNS=\$/ s|DNS=\$|DNS=${NET_DNS_2}|"\
59 -e "0,/DNS=\$/ s|DNS=\$|DNS=${NET_DNS_2}|"\
50 -e "s|Domains=\$|Domains=${NET_DNS_DOMAINS}|"\
60 -e "s|Domains=\$|Domains=${NET_DNS_DOMAINS}|"\
51 -e "0,/NTP=\$/ s|NTP=\$|NTP=${NET_NTP_1}|"\
61 -e "0,/NTP=\$/ s|NTP=\$|NTP=${NET_NTP_1}|"\
52 -e "0,/NTP=\$/ s|NTP=\$|NTP=${NET_NTP_2}|"\
62 -e "0,/NTP=\$/ s|NTP=\$|NTP=${NET_NTP_2}|"\
53 "${ETC_DIR}/systemd/network/eth.network"
63 "${ETC_DIR}/systemd/network/eth.network"
54 fi
64 fi
55
65
56 # Remove empty settings from network configuration
66 # Remove empty settings from network configuration
57 sed -i "/.*=\$/d" "${ETC_DIR}/systemd/network/eth.network"
67 sed -i "/.*=\$/d" "${ETC_DIR}/systemd/network/eth.network"
68 # Remove empty settings from wlan configuration
69 sed -i "/.*=\$/d" "${ETC_DIR}/systemd/network/wlan.network"
58
70
59 # Move systemd network configuration if required by Debian release
71 # Move systemd network configuration if required by Debian release
60 if [ "$RELEASE" = "stretch" ] || [ "$RELEASE" = "buster" ] ; then
72 mv -v "${ETC_DIR}/systemd/network/eth.network" "${LIB_DIR}/systemd/network/10-eth.network"
61 mv -v "${ETC_DIR}/systemd/network/eth.network" "${LIB_DIR}/systemd/network/10-eth.network"
73 # If WLAN is enabled copy wlan configuration too
62 rm -fr "${ETC_DIR}/systemd/network"
74 if [ "$ENABLE_WIRELESS" = true ] ; then
75 mv -v "${ETC_DIR}/systemd/network/wlan.network" "${LIB_DIR}/systemd/network/11-wlan.network"
63 fi
76 fi
77 rm -fr "${ETC_DIR}/systemd/network"
64
78
65 # Enable systemd-networkd service
79 # Enable systemd-networkd service
66 chroot_exec systemctl enable systemd-networkd
80 chroot_exec systemctl enable systemd-networkd
67
81
68 # Install host.conf resolver configuration
82 # Install host.conf resolver configuration
69 install_readonly files/network/host.conf "${ETC_DIR}/host.conf"
83 install_readonly files/network/host.conf "${ETC_DIR}/host.conf"
70
84
71 # Enable network stack hardening
85 # Enable network stack hardening
72 if [ "$ENABLE_HARDNET" = true ] ; then
86 if [ "$ENABLE_HARDNET" = true ] ; then
73 # Install sysctl.d configuration files
87 # Install sysctl.d configuration files
74 install_readonly files/sysctl.d/82-rpi-net-hardening.conf "${ETC_DIR}/sysctl.d/82-rpi-net-hardening.conf"
88 install_readonly files/sysctl.d/82-rpi-net-hardening.conf "${ETC_DIR}/sysctl.d/82-rpi-net-hardening.conf"
75
89
76 # Setup resolver warnings about spoofed addresses
90 # Setup resolver warnings about spoofed addresses
77 sed -i "s/^# spoof warn/spoof warn/" "${ETC_DIR}/host.conf"
91 sed -i "s/^# spoof warn/spoof warn/" "${ETC_DIR}/host.conf"
78 fi
92 fi
79
93
80 # Enable time sync
94 # Enable time sync
81 if [ "NET_NTP_1" != "" ] ; then
95 if [ "$NET_NTP_1" != "" ] ; then
82 chroot_exec systemctl enable systemd-timesyncd.service
96 chroot_exec systemctl enable systemd-timesyncd.service
83 fi
97 fi
84
98
85 # Download the firmware binary blob required to use the RPi3 wireless interface
99 # Download the firmware binary blob required to use the RPi3 wireless interface
86 if [ "$ENABLE_WIRELESS" = true ] ; then
100 if [ "$ENABLE_WIRELESS" = true ] ; then
87 if [ ! -d ${WLAN_FIRMWARE_DIR} ] ; then
101 if [ ! -d "${WLAN_FIRMWARE_DIR}" ] ; then
88 mkdir -p ${WLAN_FIRMWARE_DIR}
102 mkdir -p "${WLAN_FIRMWARE_DIR}"
89 fi
103 fi
90
104
91 # Create temporary directory for firmware binary blob
105 # Create temporary directory for firmware binary blob
92 temp_dir=$(as_nobody mktemp -d)
106 temp_dir=$(as_nobody mktemp -d)
93
107
94 # Fetch firmware binary blob
108 # Fetch firmware binary blob for RPI3B+
95 as_nobody wget -q -O "${temp_dir}/brcmfmac43430-sdio.bin" "${WLAN_FIRMWARE_URL}/brcmfmac43430-sdio.bin"
109 if [ "$RPI_MODEL" = 3P ] ; then
96 as_nobody wget -q -O "${temp_dir}/brcmfmac43430-sdio.txt" "${WLAN_FIRMWARE_URL}/brcmfmac43430-sdio.txt"
110 # Fetch firmware binary blob for RPi3P
97
111 as_nobody wget -q -O "${temp_dir}/brcmfmac43455-sdio.bin" "${WLAN_FIRMWARE_URL}/brcmfmac43455-sdio.bin"
98 # Move downloaded firmware binary blob
112 as_nobody wget -q -O "${temp_dir}/brcmfmac43455-sdio.txt" "${WLAN_FIRMWARE_URL}/brcmfmac43455-sdio.txt"
99 mv "${temp_dir}/brcmfmac43430-sdio."* "${WLAN_FIRMWARE_DIR}/"
113 as_nobody wget -q -O "${temp_dir}/brcmfmac43455-sdio.clm_blob" "${WLAN_FIRMWARE_URL}/brcmfmac43455-sdio.clm_blob"
100
114
115 # Move downloaded firmware binary blob
116 mv "${temp_dir}/brcmfmac43455-sdio."* "${WLAN_FIRMWARE_DIR}/"
117
118 # Set permissions of the firmware binary blob
119 chown root:root "${WLAN_FIRMWARE_DIR}/brcmfmac43455-sdio."*
120 chmod 600 "${WLAN_FIRMWARE_DIR}/brcmfmac43455-sdio."*
121 elif [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 0 ] ; then
122 # Fetch firmware binary blob for RPi3
123 as_nobody wget -q -O "${temp_dir}/brcmfmac43430-sdio.bin" "${WLAN_FIRMWARE_URL}/brcmfmac43430-sdio.bin"
124 as_nobody wget -q -O "${temp_dir}/brcmfmac43430-sdio.txt" "${WLAN_FIRMWARE_URL}/brcmfmac43430-sdio.txt"
125
126 # Move downloaded firmware binary blob
127 mv "${temp_dir}/brcmfmac43430-sdio."* "${WLAN_FIRMWARE_DIR}/"
128
129 # Set permissions of the firmware binary blob
130 chown root:root "${WLAN_FIRMWARE_DIR}/brcmfmac43430-sdio."*
131 chmod 600 "${WLAN_FIRMWARE_DIR}/brcmfmac43430-sdio."*
132 fi
133
101 # Remove temporary directory for firmware binary blob
134 # Remove temporary directory for firmware binary blob
102 rm -fr "${temp_dir}"
135 rm -fr "${temp_dir}"
103
104 # Set permissions of the firmware binary blob
105 chown root:root "${WLAN_FIRMWARE_DIR}/brcmfmac43430-sdio."*
106 chmod 600 "${WLAN_FIRMWARE_DIR}/brcmfmac43430-sdio."*
107 fi
136 fi
@@ -1,44 +1,54
1 #
1 #
2 # Setup Firewall
2 # Setup Firewall
3 #
3 #
4
4
5 # Load utility functions
5 # Load utility functions
6 . ./functions.sh
6 . ./functions.sh
7
7
8 if [ "$ENABLE_IPTABLES" = true ] ; then
8 if [ "$ENABLE_IPTABLES" = true ] ; then
9 # Create iptables configuration directory
9 # Create iptables configuration directory
10 mkdir -p "${ETC_DIR}/iptables"
10 mkdir -p "${ETC_DIR}/iptables"
11
11
12 if [ "$KERNEL_NF" = false ] ; then
13 # iptables-save and -restore are slaves of iptables and thus are set accordingly
14 chroot_exec update-alternatives --verbose --set iptables /usr/sbin/iptables-legacy
15 fi
16
12 # Install iptables systemd service
17 # Install iptables systemd service
13 install_readonly files/iptables/iptables.service "${ETC_DIR}/systemd/system/iptables.service"
18 install_readonly files/iptables/iptables.service "${ETC_DIR}/systemd/system/iptables.service"
14
19
15 # Install flush-table script called by iptables service
20 # Install flush-table script called by iptables service
16 install_exec files/iptables/flush-iptables.sh "${ETC_DIR}/iptables/flush-iptables.sh"
21 install_exec files/iptables/flush-iptables.sh "${ETC_DIR}/iptables/flush-iptables.sh"
17
22
18 # Install iptables rule file
23 # Install iptables rule file
19 install_readonly files/iptables/iptables.rules "${ETC_DIR}/iptables/iptables.rules"
24 install_readonly files/iptables/iptables.rules "${ETC_DIR}/iptables/iptables.rules"
20
25
21 # Reload systemd configuration and enable iptables service
26 # Reload systemd configuration and enable iptables service
22 chroot_exec systemctl daemon-reload
27 chroot_exec systemctl daemon-reload
23 chroot_exec systemctl enable iptables.service
28 chroot_exec systemctl enable iptables.service
24
29
25 if [ "$ENABLE_IPV6" = true ] ; then
30 if [ "$ENABLE_IPV6" = true ] ; then
31 if [ "$KERNEL_NF" = false ] ; then
32 # iptables-save and -restore are slaves of iptables and thus are set accordingly
33 chroot_exec update-alternatives --verbose --set ip6tables /usr/sbin/ip6tables-legacy
34 fi
35
26 # Install ip6tables systemd service
36 # Install ip6tables systemd service
27 install_readonly files/iptables/ip6tables.service "${ETC_DIR}/systemd/system/ip6tables.service"
37 install_readonly files/iptables/ip6tables.service "${ETC_DIR}/systemd/system/ip6tables.service"
28
38
29 # Install ip6tables file
39 # Install ip6tables file
30 install_exec files/iptables/flush-ip6tables.sh "${ETC_DIR}/iptables/flush-ip6tables.sh"
40 install_exec files/iptables/flush-ip6tables.sh "${ETC_DIR}/iptables/flush-ip6tables.sh"
31
41
32 install_readonly files/iptables/ip6tables.rules "${ETC_DIR}/iptables/ip6tables.rules"
42 install_readonly files/iptables/ip6tables.rules "${ETC_DIR}/iptables/ip6tables.rules"
33
43
34 # Reload systemd configuration and enable iptables service
44 # Reload systemd configuration and enable iptables service
35 chroot_exec systemctl daemon-reload
45 chroot_exec systemctl daemon-reload
36 chroot_exec systemctl enable ip6tables.service
46 chroot_exec systemctl enable ip6tables.service
37 fi
47 fi
38
48
39 if [ "$ENABLE_SSHD" = false ] ; then
49 if [ "$ENABLE_SSHD" = false ] ; then
40 # Remove SSHD related iptables rules
50 # Remove SSHD related iptables rules
41 sed -i "/^#/! {/SSH/ s/^/# /}" "${ETC_DIR}/iptables/iptables.rules" 2> /dev/null
51 sed -i "/^#/! {/SSH/ s/^/# /}" "${ETC_DIR}/iptables/iptables.rules" 2> /dev/null
42 sed -i "/^#/! {/SSH/ s/^/# /}" "${ETC_DIR}/iptables/ip6tables.rules" 2> /dev/null
52 sed -i "/^#/! {/SSH/ s/^/# /}" "${ETC_DIR}/iptables/ip6tables.rules" 2> /dev/null
43 fi
53 fi
44 fi
54 fi
@@ -1,29 +1,24
1 #
1 #
2 # Setup users and security settings
2 # Setup users and security settings
3 #
3 #
4
4
5 # Load utility functions
5 # Load utility functions
6 . ./functions.sh
6 . ./functions.sh
7
7
8 # Generate crypt(3) password string
8 # Generate crypt(3) password string
9 ENCRYPTED_PASSWORD=`mkpasswd -m sha-512 "${PASSWORD}"`
9 ENCRYPTED_PASSWORD=$(mkpasswd -m sha-512 "${PASSWORD}")
10 ENCRYPTED_USER_PASSWORD=`mkpasswd -m sha-512 "${USER_PASSWORD}"`
10 ENCRYPTED_USER_PASSWORD=$(mkpasswd -m sha-512 "${USER_PASSWORD}")
11
11
12 # Setup default user
12 # Setup default user
13 if [ "$ENABLE_USER" = true ] ; then
13 if [ "$ENABLE_USER" = true ] ; then
14 chroot_exec adduser --gecos $USER_NAME --add_extra_groups --disabled-password $USER_NAME
14 chroot_exec adduser --gecos "$USER_NAME" --add_extra_groups --disabled-password "$USER_NAME"
15 chroot_exec usermod -a -G sudo -p "${ENCRYPTED_USER_PASSWORD}" $USER_NAME
15 chroot_exec usermod -a -G sudo -p "${ENCRYPTED_USER_PASSWORD}" "$USER_NAME"
16 fi
16 fi
17
17
18 # Setup root password or not
18 # Setup root password or not
19 if [ "$ENABLE_ROOT" = true ] ; then
19 if [ "$ENABLE_ROOT" = true ] ; then
20 chroot_exec usermod -p "${ENCRYPTED_PASSWORD}" root
20 chroot_exec usermod -p "${ENCRYPTED_PASSWORD}" root
21 else
21 else
22 # Set no root password to disable root login
22 # Set no root password to disable root login
23 chroot_exec usermod -p \'!\' root
23 chroot_exec usermod -p \'!\' root
24 fi
24 fi
25
26 # Enable serial console systemd style
27 if [ "$ENABLE_CONSOLE" = true ] ; then
28 chroot_exec systemctl enable serial-getty\@ttyAMA0.service
29 fi
@@ -1,116 +1,116
1 #
1 #
2 # Setup SSH settings and public keys
2 # Setup SSH settings and public keys
3 #
3 #
4
4
5 # Load utility functions
5 # Load utility functions
6 . ./functions.sh
6 . ./functions.sh
7
7
8 if [ "$ENABLE_SSHD" = true ] ; then
8 if [ "$ENABLE_SSHD" = true ] ; then
9 DROPBEAR_ARGS=""
9 DROPBEAR_ARGS=""
10
10
11 if [ "$SSH_ENABLE_ROOT" = false ] ; then
11 if [ "$SSH_ENABLE_ROOT" = false ] ; then
12 if [ "$ENABLE_REDUCE" = false ] || [ "$REDUCE_SSHD" = false ] ; then
12 if [ "$ENABLE_REDUCE" = false ] || [ "$REDUCE_SSHD" = false ] ; then
13 # User root is not allowed to log in
13 # User root is not allowed to log in
14 sed -i "s|[#]*PermitRootLogin.*|PermitRootLogin no|g" "${ETC_DIR}/ssh/sshd_config"
14 sed -i "s|[#]*PermitRootLogin.*|PermitRootLogin no|g" "${ETC_DIR}/ssh/sshd_config"
15 else
15 else
16 # User root is not allowed to log in
16 # User root is not allowed to log in
17 DROPBEAR_ARGS="-w"
17 DROPBEAR_ARGS="-w"
18 fi
18 fi
19 fi
19 fi
20
20
21 if [ "$ENABLE_ROOT" = true ] && [ "$SSH_ENABLE_ROOT" = true ] ; then
21 if [ "$ENABLE_ROOT" = true ] && [ "$SSH_ENABLE_ROOT" = true ] ; then
22 if [ "$ENABLE_REDUCE" = false ] || [ "$REDUCE_SSHD" = false ] ; then
22 if [ "$ENABLE_REDUCE" = false ] || [ "$REDUCE_SSHD" = false ] ; then
23 # Permit SSH root login
23 # Permit SSH root login
24 sed -i "s|[#]*PermitRootLogin.*|PermitRootLogin yes|g" "${ETC_DIR}/ssh/sshd_config"
24 sed -i "s|[#]*PermitRootLogin.*|PermitRootLogin yes|g" "${ETC_DIR}/ssh/sshd_config"
25 else
25 else
26 # Permit SSH root login
26 # Permit SSH root login
27 DROPBEAR_ARGS=""
27 DROPBEAR_ARGS=""
28 fi
28 fi
29
29
30 # Add SSH (v2) public key for user root
30 # Add SSH (v2) public key for user root
31 if [ ! -z "$SSH_ROOT_PUB_KEY" ] ; then
31 if [ -n "$SSH_ROOT_PUB_KEY" ] ; then
32 # Create root SSH config directory
32 # Create root SSH config directory
33 mkdir -p "${R}/root/.ssh"
33 mkdir -p "${R}/root/.ssh"
34
34
35 # Set permissions of root SSH config directory
35 # Set permissions of root SSH config directory
36 chroot_exec chmod 700 "/root/.ssh"
36 chroot_exec chmod 700 "/root/.ssh"
37 chroot_exec chown root:root "/root/.ssh"
37 chroot_exec chown root:root "/root/.ssh"
38
38
39 # Add SSH (v2) public key(s) to authorized_keys file
39 # Add SSH (v2) public key(s) to authorized_keys file
40 cat "$SSH_ROOT_PUB_KEY" >> "${R}/root/.ssh/authorized_keys"
40 cat "$SSH_ROOT_PUB_KEY" >> "${R}/root/.ssh/authorized_keys"
41
41
42 # Set permissions of root SSH authorized_keys file
42 # Set permissions of root SSH authorized_keys file
43 chroot_exec chmod 600 "/root/.ssh/authorized_keys"
43 chroot_exec chmod 600 "/root/.ssh/authorized_keys"
44 chroot_exec chown root:root "/root/.ssh/authorized_keys"
44 chroot_exec chown root:root "/root/.ssh/authorized_keys"
45
45
46 if [ "$ENABLE_REDUCE" = false ] || [ "$REDUCE_SSHD" = false ] ; then
46 if [ "$ENABLE_REDUCE" = false ] || [ "$REDUCE_SSHD" = false ] ; then
47 # Allow SSH public key authentication
47 # Allow SSH public key authentication
48 sed -i "s|[#]*PubkeyAuthentication.*|PubkeyAuthentication yes|g" "${ETC_DIR}/ssh/sshd_config"
48 sed -i "s|[#]*PubkeyAuthentication.*|PubkeyAuthentication yes|g" "${ETC_DIR}/ssh/sshd_config"
49 fi
49 fi
50 fi
50 fi
51 fi
51 fi
52
52
53 if [ "$ENABLE_USER" = true ] ; then
53 if [ "$ENABLE_USER" = true ] ; then
54 # Add SSH (v2) public key for user $USER_NAME
54 # Add SSH (v2) public key for user $USER_NAME
55 if [ ! -z "$SSH_USER_PUB_KEY" ] ; then
55 if [ -n "$SSH_USER_PUB_KEY" ] ; then
56 # Create $USER_NAME SSH config directory
56 # Create $USER_NAME SSH config directory
57 mkdir -p "${R}/home/${USER_NAME}/.ssh"
57 mkdir -p "${R}/home/${USER_NAME}/.ssh"
58
58
59 # Set permissions of $USER_NAME SSH config directory
59 # Set permissions of $USER_NAME SSH config directory
60 chroot_exec chmod 700 "/home/${USER_NAME}/.ssh"
60 chroot_exec chmod 700 "/home/${USER_NAME}/.ssh"
61 chroot_exec chown ${USER_NAME}:${USER_NAME} "/home/${USER_NAME}/.ssh"
61 chroot_exec chown "${USER_NAME}":"${USER_NAME}" "/home/${USER_NAME}/.ssh"
62
62
63 # Add SSH (v2) public key(s) to authorized_keys file
63 # Add SSH (v2) public key(s) to authorized_keys file
64 cat "$SSH_USER_PUB_KEY" >> "${R}/home/${USER_NAME}/.ssh/authorized_keys"
64 cat "$SSH_USER_PUB_KEY" >> "${R}/home/${USER_NAME}/.ssh/authorized_keys"
65
65
66 # Set permissions of $USER_NAME SSH config directory
66 # Set permissions of $USER_NAME SSH config directory
67 chroot_exec chmod 600 "/home/${USER_NAME}/.ssh/authorized_keys"
67 chroot_exec chmod 600 "/home/${USER_NAME}/.ssh/authorized_keys"
68 chroot_exec chown ${USER_NAME}:${USER_NAME} "/home/${USER_NAME}/.ssh/authorized_keys"
68 chroot_exec chown "${USER_NAME}":"${USER_NAME}" "/home/${USER_NAME}/.ssh/authorized_keys"
69
69
70 if [ "$ENABLE_REDUCE" = false ] || [ "$REDUCE_SSHD" = false ] ; then
70 if [ "$ENABLE_REDUCE" = false ] || [ "$REDUCE_SSHD" = false ] ; then
71 # Allow SSH public key authentication
71 # Allow SSH public key authentication
72 sed -i "s|[#]*PubkeyAuthentication.*|PubkeyAuthentication yes|g" "${ETC_DIR}/ssh/sshd_config"
72 sed -i "s|[#]*PubkeyAuthentication.*|PubkeyAuthentication yes|g" "${ETC_DIR}/ssh/sshd_config"
73 fi
73 fi
74 fi
74 fi
75 fi
75 fi
76
76
77 # Limit the users that are allowed to login via SSH
77 # Limit the users that are allowed to login via SSH
78 if [ "$SSH_LIMIT_USERS" = true ] && [ "$ENABLE_REDUCE" = false ] ; then
78 if [ "$SSH_LIMIT_USERS" = true ] && [ "$ENABLE_REDUCE" = false ] ; then
79 allowed_users=""
79 allowed_users=""
80 if [ "$ENABLE_ROOT" = true ] && [ "$SSH_ENABLE_ROOT" = true ] ; then
80 if [ "$ENABLE_ROOT" = true ] && [ "$SSH_ENABLE_ROOT" = true ] ; then
81 allowed_users="root"
81 allowed_users="root"
82 fi
82 fi
83
83
84 if [ "$ENABLE_USER" = true ] ; then
84 if [ "$ENABLE_USER" = true ] ; then
85 allowed_users="${allowed_users} ${USER_NAME}"
85 allowed_users="${allowed_users} ${USER_NAME}"
86 fi
86 fi
87
87
88 if [ ! -z "$allowed_users" ] ; then
88 if [ -n "$allowed_users" ] ; then
89 echo "AllowUsers ${allowed_users}" >> "${ETC_DIR}/ssh/sshd_config"
89 echo "AllowUsers ${allowed_users}" >> "${ETC_DIR}/ssh/sshd_config"
90 fi
90 fi
91 fi
91 fi
92
92
93 # Disable password-based authentication
93 # Disable password-based authentication
94 if [ "$SSH_DISABLE_PASSWORD_AUTH" = true ] ; then
94 if [ "$SSH_DISABLE_PASSWORD_AUTH" = true ] ; then
95 if [ "$ENABLE_ROOT" = true ] && [ "$SSH_ENABLE_ROOT" = true ] ; then
95 if [ "$ENABLE_ROOT" = true ] && [ "$SSH_ENABLE_ROOT" = true ] ; then
96 if [ "$ENABLE_REDUCE" = false ] || [ "$REDUCE_SSHD" = false ] ; then
96 if [ "$ENABLE_REDUCE" = false ] || [ "$REDUCE_SSHD" = false ] ; then
97 sed -i "s|[#]*PermitRootLogin.*|PermitRootLogin without-password|g" "${ETC_DIR}/ssh/sshd_config"
97 sed -i "s|[#]*PermitRootLogin.*|PermitRootLogin without-password|g" "${ETC_DIR}/ssh/sshd_config"
98 else
98 else
99 DROPBEAR_ARGS="-g"
99 DROPBEAR_ARGS="-g"
100 fi
100 fi
101 fi
101 fi
102
102
103 if [ "$ENABLE_REDUCE" = false ] || [ "$REDUCE_SSHD" = false ] ; then
103 if [ "$ENABLE_REDUCE" = false ] || [ "$REDUCE_SSHD" = false ] ; then
104 sed -i "s|[#]*PasswordAuthentication.*|PasswordAuthentication no|g" "${ETC_DIR}/ssh/sshd_config"
104 sed -i "s|[#]*PasswordAuthentication.*|PasswordAuthentication no|g" "${ETC_DIR}/ssh/sshd_config"
105 sed -i "s|[#]*ChallengeResponseAuthentication no.*|ChallengeResponseAuthentication no|g" "${ETC_DIR}/ssh/sshd_config"
105 sed -i "s|[#]*ChallengeResponseAuthentication no.*|ChallengeResponseAuthentication no|g" "${ETC_DIR}/ssh/sshd_config"
106 sed -i "s|[#]*UsePAM.*|UsePAM no|g" "${ETC_DIR}/ssh/sshd_config"
106 sed -i "s|[#]*UsePAM.*|UsePAM no|g" "${ETC_DIR}/ssh/sshd_config"
107 else
107 else
108 DROPBEAR_ARGS="${DROPBEAR_ARGS} -s"
108 DROPBEAR_ARGS="${DROPBEAR_ARGS} -s"
109 fi
109 fi
110 fi
110 fi
111
111
112 # Update dropbear SSH configuration
112 # Update dropbear SSH configuration
113 if [ "$ENABLE_REDUCE" = true ] && [ "$REDUCE_SSHD" = true ] ; then
113 if [ "$ENABLE_REDUCE" = true ] && [ "$REDUCE_SSHD" = true ] ; then
114 sed "s|^DROPBEAR_EXTRA_ARGS=.*|DROPBEAR_EXTRA_ARGS=\"${DROPBEAR_ARGS}\"|g" "${ETC_DIR}/default/dropbear"
114 sed "s|^DROPBEAR_EXTRA_ARGS=.*|DROPBEAR_EXTRA_ARGS=\"${DROPBEAR_ARGS}\"|g" "${ETC_DIR}/default/dropbear"
115 fi
115 fi
116 fi
116 fi No newline at end of file
@@ -1,83 +1,105
1 #
1 #
2 # Build and Setup U-Boot
2 # Build and Setup U-Boot
3 #
3 #
4
4
5 # Load utility functions
5 # Load utility functions
6 . ./functions.sh
6 . ./functions.sh
7
7
8 # Fetch and build U-Boot bootloader
8 # Fetch and build U-Boot bootloader
9 if [ "$ENABLE_UBOOT" = true ] ; then
9 if [ "$ENABLE_UBOOT" = true ] ; then
10 # Install c/c++ build environment inside the chroot
10 # Install c/c++ build environment inside the chroot
11 chroot_install_cc
11 chroot_install_cc
12
12
13 # Copy existing U-Boot sources into chroot directory
13 # Copy existing U-Boot sources into chroot directory
14 if [ -n "$UBOOTSRC_DIR" ] && [ -d "$UBOOTSRC_DIR" ] ; then
14 if [ -n "$UBOOTSRC_DIR" ] && [ -d "$UBOOTSRC_DIR" ] ; then
15 # Copy local U-Boot sources
15 # Copy local U-Boot sources
16 cp -r "${UBOOTSRC_DIR}" "${R}/tmp"
16 cp -r "${UBOOTSRC_DIR}" "${R}/tmp"
17 else
17 else
18 # Create temporary directory for U-Boot sources
18 # Create temporary directory for U-Boot sources
19 temp_dir=$(as_nobody mktemp -d)
19 temp_dir=$(as_nobody mktemp -d)
20
20
21 # Fetch U-Boot sources
21 # Fetch U-Boot sources
22 as_nobody git -C "${temp_dir}" clone "${UBOOT_URL}"
22 as_nobody git -C "${temp_dir}" clone "${UBOOT_URL}"
23
23
24 # Copy downloaded U-Boot sources
24 # Copy downloaded U-Boot sources
25 mv "${temp_dir}/u-boot" "${R}/tmp/"
25 mv "${temp_dir}/u-boot" "${R}/tmp/"
26
26
27 # Set permissions of the U-Boot sources
27 # Set permissions of the U-Boot sources
28 chown -R root:root "${R}/tmp/u-boot"
28 chown -R root:root "${R}/tmp/u-boot"
29
29
30 # Remove temporary directory for U-Boot sources
30 # Remove temporary directory for U-Boot sources
31 rm -fr "${temp_dir}"
31 rm -fr "${temp_dir}"
32 fi
32 fi
33
33
34 # Build and install U-Boot inside chroot
34 # Build and install U-Boot inside chroot
35 chroot_exec make -j${KERNEL_THREADS} -C /tmp/u-boot/ ${UBOOT_CONFIG} all
35 chroot_exec make -j"${KERNEL_THREADS}" -C /tmp/u-boot/ "${UBOOT_CONFIG}" all
36
36
37 # Copy compiled bootloader binary and set config.txt to load it
37 # Copy compiled bootloader binary and set config.txt to load it
38 install_exec "${R}/tmp/u-boot/tools/mkimage" "${R}/usr/sbin/mkimage"
38 install_exec "${R}/tmp/u-boot/tools/mkimage" "${R}/usr/sbin/mkimage"
39 install_readonly "${R}/tmp/u-boot/u-boot.bin" "${BOOT_DIR}/u-boot.bin"
39 install_readonly "${R}/tmp/u-boot/u-boot.bin" "${BOOT_DIR}/u-boot.bin"
40 printf "\n# boot u-boot kernel\nkernel=u-boot.bin\n" >> "${BOOT_DIR}/config.txt"
40 printf "\n# boot u-boot kernel\nkernel=u-boot.bin\n" >> "${BOOT_DIR}/config.txt"
41
41
42 # Install and setup U-Boot command file
42 # Install and setup U-Boot command file
43 install_readonly files/boot/uboot.mkimage "${BOOT_DIR}/uboot.mkimage"
43 install_readonly files/boot/uboot.mkimage "${BOOT_DIR}/uboot.mkimage"
44 printf "# Set the kernel boot command line\nsetenv bootargs \"earlyprintk ${CMDLINE}\"\n\n$(cat ${BOOT_DIR}/uboot.mkimage)" > "${BOOT_DIR}/uboot.mkimage"
44 printf "# Set the kernel boot command line\nsetenv bootargs \"earlyprintk ${CMDLINE}\"\n\n$(cat "${BOOT_DIR}"/uboot.mkimage)" > "${BOOT_DIR}/uboot.mkimage"
45
45
46 if [ "$ENABLE_INITRAMFS" = true ] ; then
46 if [ "$ENABLE_INITRAMFS" = true ] ; then
47 # Convert generated initramfs for U-Boot using mkimage
47 # Convert generated initramfs for U-Boot using mkimage
48 chroot_exec /usr/sbin/mkimage -A "${KERNEL_ARCH}" -T ramdisk -C none -n "initramfs-${KERNEL_VERSION}" -d "/boot/firmware/initramfs-${KERNEL_VERSION}" "/boot/firmware/initramfs-${KERNEL_VERSION}.uboot"
48 chroot_exec /usr/sbin/mkimage -A "${KERNEL_ARCH}" -T ramdisk -C none -n "initramfs-${KERNEL_VERSION}" -d "/boot/firmware/initramfs-${KERNEL_VERSION}" "/boot/firmware/initramfs-${KERNEL_VERSION}.uboot"
49
49
50 # Remove original initramfs file
50 # Remove original initramfs file
51 rm -f "${BOOT_DIR}/initramfs-${KERNEL_VERSION}"
51 rm -f "${BOOT_DIR}/initramfs-${KERNEL_VERSION}"
52
52
53 # Configure U-Boot to load generated initramfs
53 # Configure U-Boot to load generated initramfs
54 printf "# Set initramfs file\nsetenv initramfs initramfs-${KERNEL_VERSION}.uboot\n\n$(cat ${BOOT_DIR}/uboot.mkimage)" > "${BOOT_DIR}/uboot.mkimage"
54 printf "# Set initramfs file\nsetenv initramfs initramfs-${KERNEL_VERSION}.uboot\n\n$(cat "${BOOT_DIR}"/uboot.mkimage)" > "${BOOT_DIR}/uboot.mkimage"
55 printf "\nbootz \${kernel_addr_r} \${ramdisk_addr_r} \${fdt_addr_r}" >> "${BOOT_DIR}/uboot.mkimage"
55 printf "\nbootz \${kernel_addr_r} \${ramdisk_addr_r} \${fdt_addr_r}" >> "${BOOT_DIR}/uboot.mkimage"
56 else # ENABLE_INITRAMFS=false
56 else # ENABLE_INITRAMFS=false
57 # Remove initramfs from U-Boot mkfile
57 # Remove initramfs from U-Boot mkfile
58 sed -i '/.*initramfs.*/d' "${BOOT_DIR}/uboot.mkimage"
58 sed -i '/.*initramfs.*/d' "${BOOT_DIR}/uboot.mkimage"
59
59
60 if [ "$BUILD_KERNEL" = false ] ; then
60 if [ "$BUILD_KERNEL" = false ] ; then
61 # Remove dtbfile from U-Boot mkfile
61 # Remove dtbfile from U-Boot mkfile
62 sed -i '/.*dtbfile.*/d' "${BOOT_DIR}/uboot.mkimage"
62 sed -i '/.*dtbfile.*/d' "${BOOT_DIR}/uboot.mkimage"
63 printf "\nbootz \${kernel_addr_r}" >> "${BOOT_DIR}/uboot.mkimage"
63 printf "\nbootz \${kernel_addr_r}" >> "${BOOT_DIR}/uboot.mkimage"
64 else
64 else
65 printf "\nbootz \${kernel_addr_r} - \${fdt_addr_r}" >> "${BOOT_DIR}/uboot.mkimage"
65 printf "\nbootz \${kernel_addr_r} - \${fdt_addr_r}" >> "${BOOT_DIR}/uboot.mkimage"
66 fi
66 fi
67 fi
67 fi
68
68
69 if [ "$SET_ARCH" = 64 ] ; then
70 echo "Setting up config.txt to boot 64bit uboot"
71 {
72 printf "\n# 64bit-mode"
73 printf "\n# arm_control=0x200 is deprecated https://www.raspberrypi.org/documentation/configuration/config-txt/misc.md"
74 printf "\narm_64bit=1"
75 } >> "${BOOT_DIR}/config.txt"
76
77 #in 64bit uboot booti is used instead of bootz [like in KERNEL_BIN_IMAGE=zImage (armv7)|| Image(armv8)]
78 sed -i "s|bootz|booti|g" "${BOOT_DIR}/uboot.mkimage"
79 fi
80
81 # instead of sd, boot from usb device
82 if [ "$ENABLE_USBBOOT" = true ] ; then
83 sed -i "s|mmc|usb|g" "${BOOT_DIR}/uboot.mkimage"
84 fi
85
69 # Set mkfile to use the correct dtb file
86 # Set mkfile to use the correct dtb file
70 sed -i "s/^\(setenv dtbfile \).*/\1${DTB_FILE}/" "${BOOT_DIR}/uboot.mkimage"
87 sed -i "s|bcm2709-rpi-2-b.dtb|${DTB_FILE}|" "${BOOT_DIR}/uboot.mkimage"
88
89 # Set mkfile to use the correct mach id
90 if [ "$ENABLE_QEMU" = true ] ; then
91 sed -i "s/^\(setenv machid \).*/\10x000008e0/" "${BOOT_DIR}/uboot.mkimage"
92 fi
71
93
72 # Set mkfile to use kernel image
94 # Set mkfile to use kernel image
73 sed -i "s/^\(fatload mmc 0:1 \${kernel_addr_r} \).*/\1${KERNEL_IMAGE}/" "${BOOT_DIR}/uboot.mkimage"
95 sed -i "s|kernel7.img|${KERNEL_IMAGE}|" "${BOOT_DIR}/uboot.mkimage"
74
96
75 # Remove all leading blank lines
97 # Remove all leading blank lines
76 sed -i "/./,\$!d" "${BOOT_DIR}/uboot.mkimage"
98 sed -i "/./,\$!d" "${BOOT_DIR}/uboot.mkimage"
77
99
78 # Generate U-Boot bootloader image
100 # Generate U-Boot bootloader image
79 chroot_exec /usr/sbin/mkimage -A "${KERNEL_ARCH}" -O linux -T script -C none -a 0x00000000 -e 0x00000000 -n "RPi${RPI_MODEL}" -d /boot/firmware/uboot.mkimage /boot/firmware/boot.scr
101 chroot_exec /usr/sbin/mkimage -A "${KERNEL_ARCH}" -O linux -T script -C none -a 0x00000000 -e 0x00000000 -n "RPi${RPI_MODEL}" -d /boot/firmware/uboot.mkimage /boot/firmware/boot.scr
80
102
81 # Remove U-Boot sources
103 # Remove U-Boot sources
82 rm -fr "${R}/tmp/u-boot"
104 rm -fr "${R}/tmp/u-boot"
83 fi
105 fi
@@ -1,51 +1,53
1 #
1 #
2 # Build and Setup fbturbo Xorg driver
2 # Build and Setup fbturbo Xorg driver
3 #
3 #
4
4
5 # Load utility functions
5 # Load utility functions
6 . ./functions.sh
6 . ./functions.sh
7
7
8 if [ "$ENABLE_FBTURBO" = true ] ; then
8 if [ "$ENABLE_FBTURBO" = true ] ; then
9 # Install c/c++ build environment inside the chroot
9 # Install c/c++ build environment inside the chroot
10 chroot_install_cc
10 chroot_install_cc
11
11
12 # Copy existing fbturbo sources into chroot directory
12 # Copy existing fbturbo sources into chroot directory
13 if [ -n "$FBTURBOSRC_DIR" ] && [ -d "$FBTURBOSRC_DIR" ] ; then
13 if [ -n "$FBTURBOSRC_DIR" ] && [ -d "$FBTURBOSRC_DIR" ] ; then
14 # Copy local fbturbo sources
14 # Copy local fbturbo sources
15 cp -r "${FBTURBOSRC_DIR}" "${R}/tmp"
15 cp -r "${FBTURBOSRC_DIR}" "${R}/tmp"
16 else
16 else
17 # Create temporary directory for fbturbo sources
17 # Create temporary directory for fbturbo sources
18 temp_dir=$(as_nobody mktemp -d)
18 temp_dir=$(as_nobody mktemp -d)
19
19
20 # Fetch fbturbo sources
20 # Fetch fbturbo sources
21 as_nobody git -C "${temp_dir}" clone "${FBTURBO_URL}"
21 as_nobody git -C "${temp_dir}" clone "${FBTURBO_URL}"
22
22
23 # Move downloaded fbturbo sources
23 # Move downloaded fbturbo sources
24 mv "${temp_dir}/xf86-video-fbturbo" "${R}/tmp/"
24 mv "${temp_dir}/xf86-video-fbturbo" "${R}/tmp/"
25
25
26 # Remove temporary directory for fbturbo sources
26 # Remove temporary directory for fbturbo sources
27 rm -fr "${temp_dir}"
27 rm -fr "${temp_dir}"
28 fi
28 fi
29
29
30 # Install Xorg build dependencies
30 # Install Xorg build dependencies
31
31 if [ "$RELEASE" = "jessie" ] || [ "$RELEASE" = "stretch" ] || [ "$RELEASE" = "buster" ] ; then
32 if [ "$RELEASE" = "jessie" ] || [ "$RELEASE" = "stretch" ] || [ "$RELEASE" = "buster" ] ; then
32 chroot_exec apt-get -q -y --no-install-recommends install xorg-dev xutils-dev x11proto-dri2-dev libltdl-dev libtool automake libdrm-dev
33 chroot_exec apt-get -q -y --no-install-recommends install xorg-dev xutils-dev x11proto-dri2-dev libltdl-dev libtool automake libdrm-dev
33 elif [ "$RELEASE" = "stretch" ] || [ "$RELEASE" = "buster" ] ; then
34 elif [ "$RELEASE" = "stretch" ] || [ "$RELEASE" = "buster" ] ; then
34 chroot_exec apt-get -q -y --no-install-recommends --allow-unauthenticated install xorg-dev xutils-dev x11proto-dri2-dev libltdl-dev libtool automake libdrm-dev
35 chroot_exec apt-get -q -y --no-install-recommends --allow-unauthenticated install xorg-dev xutils-dev x11proto-dri2-dev libltdl-dev libtool automake libdrm-dev
35 fi
36 fi
36
37
38
37 # Build and install fbturbo driver inside chroot
39 # Build and install fbturbo driver inside chroot
38 chroot_exec /bin/bash -x <<'EOF'
40 chroot_exec /bin/bash -x <<'EOF'
39 cd /tmp/xf86-video-fbturbo
41 cd /tmp/xf86-video-fbturbo
40 autoreconf -vi
42 autoreconf -vi
41 ./configure --prefix=/usr
43 ./configure --prefix=/usr
42 make
44 make
43 make install
45 make install
44 EOF
46 EOF
45
47
46 # Install fbturbo driver Xorg configuration
48 # Install fbturbo driver Xorg configuration
47 install_readonly files/xorg/99-fbturbo.conf "${R}/usr/share/X11/xorg.conf.d/99-fbturbo.conf"
49 install_readonly files/xorg/99-fbturbo.conf "${R}/usr/share/X11/xorg.conf.d/99-fbturbo.conf"
48
50
49 # Remove Xorg build dependencies
51 # Remove Xorg build dependencies
50 chroot_exec apt-get -qq -y --auto-remove purge xorg-dev xutils-dev x11proto-dri2-dev libltdl-dev libtool automake libdrm-dev
52 chroot_exec apt-get -qq -y --auto-remove purge xorg-dev xutils-dev x11proto-dri2-dev libltdl-dev libtool automake libdrm-dev
51 fi
53 fi
@@ -1,49 +1,54
1 #
1 #
2 # First boot actions
2 # First boot actions
3 #
3 #
4
4
5 # Load utility functions
5 # Load utility functions
6 . ./functions.sh
6 . ./functions.sh
7
7
8 # Prepare rc.firstboot script
8 # Prepare rc.firstboot script
9 cat files/firstboot/10-begin.sh > "${ETC_DIR}/rc.firstboot"
9 cat files/firstboot/10-begin.sh > "${ETC_DIR}/rc.firstboot"
10
10
11 # Ensure openssh server host keys are regenerated on first boot
12 if [ "$ENABLE_SSHD" = true ] ; then
13 cat files/firstboot/21-generate-ssh-keys.sh >> "${ETC_DIR}/rc.firstboot"
14 fi
15
16 # Prepare filesystem auto expand
11 # Prepare filesystem auto expand
17 if [ "$EXPANDROOT" = true ] ; then
12 if [ "$EXPANDROOT" = true ] ; then
18 if [ "$ENABLE_CRYPTFS" = false ] ; then
13 if [ "$ENABLE_CRYPTFS" = false ] ; then
19 cat files/firstboot/22-expandroot.sh >> "${ETC_DIR}/rc.firstboot"
14 cat files/firstboot/20-expandroot.sh >> "${ETC_DIR}/rc.firstboot"
20 else
15 else
21 # Regenerate initramfs to remove encrypted root partition auto expand
16 # Regenerate initramfs to remove encrypted root partition auto expand
22 cat files/firstboot/23-regenerate-initramfs.sh >> "${ETC_DIR}/rc.firstboot"
17 cat files/firstboot/21-regenerate-initramfs.sh >> "${ETC_DIR}/rc.firstboot"
18 fi
19
20 # Restart dphys-swapfile so the size of the swap file is relative to the resized root partition
21 if [ "$ENABLE_DPHYSSWAP" = true ] ; then
22 cat files/firstboot/23-restart-dphys-swapfile.sh >> "${ETC_DIR}/rc.firstboot"
23 fi
23 fi
24 fi
24 fi
25
25
26 # Ensure openssh server host keys are regenerated on first boot
27 if [ "$ENABLE_SSHD" = true ] ; then
28 cat files/firstboot/30-generate-ssh-keys.sh >> "${ETC_DIR}/rc.firstboot"
29 fi
30
26 # Ensure that dbus machine-id exists
31 # Ensure that dbus machine-id exists
27 cat files/firstboot/24-generate-machineid.sh >> "${ETC_DIR}/rc.firstboot"
32 cat files/firstboot/40-generate-machineid.sh >> "${ETC_DIR}/rc.firstboot"
28
33
29 # Create /etc/resolv.conf symlink
34 # Create /etc/resolv.conf symlink
30 cat files/firstboot/25-create-resolv-symlink.sh >> "${ETC_DIR}/rc.firstboot"
35 cat files/firstboot/41-create-resolv-symlink.sh >> "${ETC_DIR}/rc.firstboot"
31
36
32 # Configure automatic network interface names
37 # Configure automatic network interface names
33 if [ "$ENABLE_IFNAMES" = true ] ; then
38 if [ "$ENABLE_IFNAMES" = true ] ; then
34 cat files/firstboot/26-config-ifnames.sh >> "${ETC_DIR}/rc.firstboot"
39 cat files/firstboot/42-config-ifnames.sh >> "${ETC_DIR}/rc.firstboot"
35 fi
40 fi
36
41
37 # Finalize rc.firstboot script
42 # Finalize rc.firstboot script
38 cat files/firstboot/99-finish.sh >> "${ETC_DIR}/rc.firstboot"
43 cat files/firstboot/99-finish.sh >> "${ETC_DIR}/rc.firstboot"
39 chmod +x "${ETC_DIR}/rc.firstboot"
44 chmod +x "${ETC_DIR}/rc.firstboot"
40
45
41 # Install default rc.local if it does not exist
46 # Install default rc.local if it does not exist
42 if [ ! -f "${ETC_DIR}/rc.local" ] ; then
47 if [ ! -f "${ETC_DIR}/rc.local" ] ; then
43 install_exec files/etc/rc.local "${ETC_DIR}/rc.local"
48 install_exec files/etc/rc.local "${ETC_DIR}/rc.local"
44 fi
49 fi
45
50
46 # Add rc.firstboot script to rc.local
51 # Add rc.firstboot script to rc.local
47 sed -i '/exit 0/d' "${ETC_DIR}/rc.local"
52 sed -i '/exit 0/d' "${ETC_DIR}/rc.local"
48 echo /etc/rc.firstboot >> "${ETC_DIR}/rc.local"
53 echo /etc/rc.firstboot >> "${ETC_DIR}/rc.local"
49 echo exit 0 >> "${ETC_DIR}/rc.local"
54 echo exit 0 >> "${ETC_DIR}/rc.local"
@@ -1,85 +1,76
1 #
1 #
2 # Reduce system disk usage
2 # Reduce system disk usage
3 #
3 #
4
4
5 # Load utility functions
5 # Load utility functions
6 . ./functions.sh
6 . ./functions.sh
7
7
8 # Reduce the image size by various operations
8 # Reduce the image size by various operations
9 if [ "$ENABLE_REDUCE" = true ] ; then
9 if [ "$ENABLE_REDUCE" = true ] ; then
10 if [ "$REDUCE_APT" = true ] ; then
10 if [ "$REDUCE_APT" = true ] ; then
11 # Install dpkg configuration file
11 # Install dpkg configuration file
12 if [ "$REDUCE_DOC" = true ] || [ "$REDUCE_MAN" = true ] ; then
12 if [ "$REDUCE_DOC" = true ] || [ "$REDUCE_MAN" = true ] ; then
13 install_readonly files/dpkg/01nodoc "${ETC_DIR}/dpkg/dpkg.cfg.d/01nodoc"
13 install_readonly files/dpkg/01nodoc "${ETC_DIR}/dpkg/dpkg.cfg.d/01nodoc"
14 fi
14 fi
15
15
16 # Install APT configuration files
16 # Install APT configuration files
17 install_readonly files/apt/02nocache "${ETC_DIR}/apt/apt.conf.d/02nocache"
17 install_readonly files/apt/02nocache "${ETC_DIR}/apt/apt.conf.d/02nocache"
18 install_readonly files/apt/03compress "${ETC_DIR}/apt/apt.conf.d/03compress"
18 install_readonly files/apt/03compress "${ETC_DIR}/apt/apt.conf.d/03compress"
19 install_readonly files/apt/04norecommends "${ETC_DIR}/apt/apt.conf.d/04norecommends"
19 install_readonly files/apt/04norecommends "${ETC_DIR}/apt/apt.conf.d/04norecommends"
20
20
21 # Remove APT cache files
21 # Remove APT cache files
22 rm -fr "${R}/var/cache/apt/pkgcache.bin"
22 rm -fr "${R}/var/cache/apt/pkgcache.bin"
23 rm -fr "${R}/var/cache/apt/srcpkgcache.bin"
23 rm -fr "${R}/var/cache/apt/srcpkgcache.bin"
24 fi
24 fi
25
25
26 # Remove all doc files
26 # Remove all doc files
27 if [ "$REDUCE_DOC" = true ] ; then
27 if [ "$REDUCE_DOC" = true ] ; then
28 find "${R}/usr/share/doc" -depth -type f ! -name copyright | xargs rm || true
28 find "${R}/usr/share/doc" -depth -type f ! -name copyright -print0 | xargs -0 rm || true
29 find "${R}/usr/share/doc" -empty | xargs rmdir || true
29 find "${R}/usr/share/doc" -empty -print0 | xargs -0 rmdir || true
30 fi
30 fi
31
31
32 # Remove all man pages and info files
32 # Remove all man pages and info files
33 if [ "$REDUCE_MAN" = true ] ; then
33 if [ "$REDUCE_MAN" = true ] ; then
34 rm -rf "${R}/usr/share/man" "${R}/usr/share/groff" "${R}/usr/share/info" "${R}/usr/share/lintian" "${R}/usr/share/linda" "${R}/var/cache/man"
34 rm -rf "${R}/usr/share/man" "${R}/usr/share/groff" "${R}/usr/share/info" "${R}/usr/share/lintian" "${R}/usr/share/linda" "${R}/var/cache/man"
35 fi
35 fi
36
36
37 # Remove all locale translation files
37 # Remove all locale translation files
38 if [ "$REDUCE_LOCALE" = true ] ; then
38 if [ "$REDUCE_LOCALE" = true ] ; then
39 find "${R}/usr/share/locale" -mindepth 1 -maxdepth 1 ! -name 'en' | xargs rm -r
39 find "${R}/usr/share/locale" -mindepth 1 -maxdepth 1 ! -name 'en' -print0 | xargs -0 rm -r
40 fi
40 fi
41
41
42 # Remove hwdb PCI device classes (experimental)
42 # Remove hwdb PCI device classes (experimental)
43 if [ "$REDUCE_HWDB" = true ] ; then
43 if [ "$REDUCE_HWDB" = true ] ; then
44 rm -fr "/lib/udev/hwdb.d/20-pci-*"
44 rm -fr "/lib/udev/hwdb.d/20-pci-*"
45 fi
45 fi
46
46
47 # Replace bash shell by dash shell (experimental)
47 # Replace bash shell by dash shell (experimental)
48 if [ "$REDUCE_BASH" = true ] ; then
48 if [ "$REDUCE_BASH" = true ] ; then
49 if [ "$RELEASE" = "stretch" ] || [ "$RELEASE" = "buster" ] ; then
49 # Purge bash and update alternatives
50 echo "Yes, do as I say!" | chroot_exec apt-get purge -qq -y --allow-remove-essential bash
50 echo "Yes, do as I say!" | chroot_exec apt-get purge -qq -y --allow-remove-essential bash
51 else
52 echo "Yes, do as I say!" | chroot_exec apt-get purge -qq -y --force-yes bash
53 fi
54
55 chroot_exec update-alternatives --install /bin/bash bash /bin/dash 100
51 chroot_exec update-alternatives --install /bin/bash bash /bin/dash 100
56 fi
52 fi
57
53
58 # Remove sound utils and libraries
54 # Remove sound utils and libraries
59 if [ "$ENABLE_SOUND" = false ] ; then
55 if [ "$ENABLE_SOUND" = false ] ; then
60 chroot_exec apt-get -qq -y purge alsa-utils libsamplerate0 libasound2 libasound2-data
56 chroot_exec apt-get -qq -y purge alsa-utils libsamplerate0 libasound2 libasound2-data
61 fi
57 fi
62
58
63 # Re-install tools for managing kernel modules
64 if [ "$RELEASE" = "jessie" ] ; then
65 chroot_exec apt-get -qq -y install module-init-tools
66 fi
67
68 # Remove GPU kernels
59 # Remove GPU kernels
69 if [ "$ENABLE_MINGPU" = true ] ; then
60 if [ "$ENABLE_MINGPU" = true ] ; then
70 rm -f "${BOOT_DIR}/start.elf"
61 rm -f "${BOOT_DIR}/start.elf"
71 rm -f "${BOOT_DIR}/fixup.dat"
62 rm -f "${BOOT_DIR}/fixup.dat"
72 rm -f "${BOOT_DIR}/start_x.elf"
63 rm -f "${BOOT_DIR}/start_x.elf"
73 rm -f "${BOOT_DIR}/fixup_x.dat"
64 rm -f "${BOOT_DIR}/fixup_x.dat"
74 fi
65 fi
75
66
76 # Remove kernel and initrd from /boot (already in /boot/firmware)
67 # Remove kernel and initrd from /boot (already in /boot/firmware)
77 if [ "$BUILD_KERNEL" = false ] ; then
68 if [ "$BUILD_KERNEL" = false ] ; then
78 rm -f "${R}/boot/vmlinuz-*"
69 rm -f "${R}/boot/vmlinuz-*"
79 rm -f "${R}/boot/initrd.img-*"
70 rm -f "${R}/boot/initrd.img-*"
80 fi
71 fi
81
72
82 # Clean APT list of repositories
73 # Clean APT list of repositories
83 rm -fr "${R}/var/lib/apt/lists/*"
74 rm -fr "${R}/var/lib/apt/lists/*"
84 chroot_exec apt-get -qq -y update
75 chroot_exec apt-get -qq -y update
85 fi
76 fi
@@ -1,8 +1,8
1 deb http://ftp.debian.org/debian jessie main contrib
1 deb http://ftp.debian.org/debian stretch main contrib
2 #deb-src http://ftp.debian.org/debian jessie main contrib
2 #deb-src http://ftp.debian.org/debian stretch main contrib
3
3
4 deb http://ftp.debian.org/debian/ jessie-updates main contrib
4 deb http://ftp.debian.org/debian/ stretch-updates main contrib
5 #deb-src http://ftp.debian.org/debian/ jessie-updates main contrib
5 #deb-src http://ftp.debian.org/debian/ stretch-updates main contrib
6
6
7 deb http://security.debian.org/ jessie/updates main contrib
7 deb http://security.debian.org/ stretch/updates main contrib
8 #deb-src http://security.debian.org/ jessie/updates main contrib
8 #deb-src http://security.debian.org/ stretch/updates main contrib
@@ -1,15 +1,16
1 # Set device tree fdtfile
1 # Set device tree fdtfile
2 setenv dtbfile bcm2709-rpi-2-b.dtb
2 setenv dtbfile bcm2709-rpi-2-b.dtb
3
3
4 # Tell Linux that it is booting on a Raspberry Pi2/3
4 # Tell Linux that it is booting on a Raspberry Pi2/3
5 setenv machid 0x00000c42
5 setenv machid 0x00000c42
6
6
7 # Save these changes to u-boot's environment
7 # Save these changes to u-boot's environment
8 saveenv
8 saveenv
9
9
10 # Load the existing Linux kernel into RAM
10 # Load the existing Linux kernel into RAM
11 mmc dev 0
11 fatload mmc 0:1 ${kernel_addr_r} kernel7.img
12 fatload mmc 0:1 ${kernel_addr_r} kernel7.img
12 fatload mmc 0:1 ${fdt_addr_r} ${dtbfile}
13 fatload mmc 0:1 ${fdt_addr_r} ${dtbfile}
13 fatload mmc 0:1 ${ramdisk_addr_r} ${initramfs}
14 fatload mmc 0:1 ${ramdisk_addr_r} ${initramfs}
14
15
15 # Boot the kernel we have just loaded
16 # Boot the kernel we have just loaded
1 NO CONTENT: file renamed from files/firstboot/22-expandroot.sh to files/firstboot/20-expandroot.sh
NO CONTENT: file renamed from files/firstboot/22-expandroot.sh to files/firstboot/20-expandroot.sh
@@ -1,31 +1,32
1 logger -t "rc.firstboot" "Regenerating initramfs to remove encrypted root partition auto-expand"
1 logger -t "rc.firstboot" "Regenerating initramfs to remove encrypted root partition auto-expand"
2
2
3 KERNEL_VERSION=$(uname -r)
3 KERNEL_VERSION=$(uname -r)
4 KERNEL_ARCH=$(uname -m)
4 KERNEL_ARCH=$(uname -m)
5 INITRAMFS="/boot/firmware/initramfs-${KERNEL_VERSION}"
5 INITRAMFS="/boot/firmware/initramfs-${KERNEL_VERSION}"
6 INITRAMFS_UBOOT="${INITRAMFS}.uboot"
6 INITRAMFS_UBOOT="${INITRAMFS}.uboot"
7
7
8 # Extract kernel arch
8 # Extract kernel arch
9 case "${KERNEL_ARCH}" in
9 case "${KERNEL_ARCH}" in
10 arm*) KERNEL_ARCH=arm ;;
10 arm*) KERNEL_ARCH=arm ;;
11 aarch64) KERNEL_ARCH=arm64 ;;
11 esac
12 esac
12
13
13 # Regenerate initramfs
14 # Regenerate initramfs
14 if [ -r "${INITRAMFS}" ] ; then
15 if [ -r "${INITRAMFS}" ] ; then
15 rm -f /etc/initramfs-tools/scripts/init-premount/expand_encrypted_rootfs
16 rm -f /etc/initramfs-tools/scripts/init-premount/expand_encrypted_rootfs
16 rm -f /etc/initramfs-tools/scripts/local-premount/expand-premount
17 rm -f /etc/initramfs-tools/scripts/local-premount/expand-premount
17 rm -f /etc/initramfs-tools/hooks/expand-tools
18 rm -f /etc/initramfs-tools/hooks/expand-tools
18 rm -f "${INITRAMFS}"
19 rm -f "${INITRAMFS}"
19 mkinitramfs -o "${INITRAMFS}" "${KERNEL_VERSION}"
20 mkinitramfs -o "${INITRAMFS}" "${KERNEL_VERSION}"
20 fi
21 fi
21
22
22 # Convert generated initramfs for U-Boot using mkimage
23 # Convert generated initramfs for U-Boot using mkimage
23 if [ -r "${INITRAMFS_UBOOT}" ] ; then
24 if [ -r "${INITRAMFS_UBOOT}" ] ; then
24 rm -f /etc/initramfs-tools/scripts/init-premount/expand_encrypted_rootfs
25 rm -f /etc/initramfs-tools/scripts/init-premount/expand_encrypted_rootfs
25 rm -f /etc/initramfs-tools/scripts/local-premount/expand-premount
26 rm -f /etc/initramfs-tools/scripts/local-premount/expand-premount
26 rm -f /etc/initramfs-tools/hooks/expand-tools
27 rm -f /etc/initramfs-tools/hooks/expand-tools
27 rm -f "${INITRAMFS_UBOOT}"
28 rm -f "${INITRAMFS_UBOOT}"
28 mkinitramfs -o "${INITRAMFS}" "${KERNEL_VERSION}"
29 mkinitramfs -o "${INITRAMFS}" "${KERNEL_VERSION}"
29 mkimage -A "${KERNEL_ARCH}" -T ramdisk -C none -n "initramfs-${KERNEL_VERSION}" -d "${INITRAMFS}" "${INITRAMFS_UBOOT}"
30 mkimage -A "${KERNEL_ARCH}" -T ramdisk -C none -n "initramfs-${KERNEL_VERSION}" -d "${INITRAMFS}" "${INITRAMFS_UBOOT}"
30 rm -f "${INITRAMFS}"
31 rm -f "${INITRAMFS}"
31 fi
32 fi
1 NO CONTENT: file renamed from files/firstboot/21-generate-ssh-keys.sh to files/firstboot/30-generate-ssh-keys.sh
NO CONTENT: file renamed from files/firstboot/21-generate-ssh-keys.sh to files/firstboot/30-generate-ssh-keys.sh
1 NO CONTENT: file renamed from files/firstboot/24-generate-machineid.sh to files/firstboot/40-generate-machineid.sh
NO CONTENT: file renamed from files/firstboot/24-generate-machineid.sh to files/firstboot/40-generate-machineid.sh
1 NO CONTENT: file renamed from files/firstboot/25-create-resolv-symlink.sh to files/firstboot/41-create-resolv-symlink.sh
NO CONTENT: file renamed from files/firstboot/25-create-resolv-symlink.sh to files/firstboot/41-create-resolv-symlink.sh
1 NO CONTENT: file renamed from files/firstboot/26-config-ifnames.sh to files/firstboot/42-config-ifnames.sh
NO CONTENT: file renamed from files/firstboot/26-config-ifnames.sh to files/firstboot/42-config-ifnames.sh
@@ -1,85 +1,96
1 #!/bin/sh
1 #!/bin/sh
2 # expand_encrypted_rootfs initramfs-tools boot script
2 # expand_encrypted_rootfs initramfs-tools boot script
3
3
4 # dependencies: grep awk cut tail fdisk parted e2fsck resize2fs
4 # dependencies: grep awk cut tail fdisk parted e2fsck resize2fs
5
5
6 set -e
6 set -e
7
7
8 # Wait for USB devices to be ready
8 # Wait for USB devices to be ready
9 sleep 5
9 sleep 5
10
10
11 # Use initramfs utility functions
11 # Use initramfs utility functions
12 if [ -r "/scripts/functions" ] ; then
12 if [ -r "/scripts/functions" ] ; then
13 . /scripts/functions
13 . /scripts/functions
14 fi
14 fi
15
15
16 # Check for cryptdevice variable
16 # Check for cryptdevice variable
17 if [ -z "$cryptdevice" ] ; then
17 if [ -z "$cryptdevice" ] ; then
18 echo "unable to get cryptdevice variable (init-premount)"
18 echo "unable to get cryptdevice variable (init-premount)"
19 return 1
19 return 1
20 fi
20 fi
21
21
22 # Detect root partition device
22 # Detect root partition device
23 ROOT_PART=$(echo $cryptdevice | awk -F"/|:" '{ print $3 }')
23 ROOT_PART=$(echo $cryptdevice | awk -F"/|:" '{ print $3 }')
24 if [ -z "$ROOT_PART" ] ; then
24 if [ -z "$ROOT_PART" ] ; then
25 log_warning_msg "unable to detect encrypted root partition device (cryptdevice)"
25 log_warning_msg "unable to detect encrypted root partition device (cryptdevice)"
26 return 1
26 return 1
27 fi
27 fi
28
28
29 # Extract root device name
29 # Extract root device name
30 case "${ROOT_PART}" in
30 case "${ROOT_PART}" in
31 mmcblk0*) ROOT_DEV=mmcblk0 ;;
31 mmcblk0*) ROOT_DEV=mmcblk0 ;;
32 sda*) ROOT_DEV=sda ;;
32 sda*) ROOT_DEV=sda ;;
33 esac
33 esac
34
34
35 # Check detected root partition name
35 # Check detected root partition name
36 PART_NUM=$(echo ${ROOT_PART} | grep -o '[1-9][0-9]*$')
36 PART_NUM=$(echo ${ROOT_PART} | grep -o '[1-9][0-9]*$')
37 if [ "$PART_NUM" = "$ROOT_PART" ] ; then
37 if [ "$PART_NUM" = "$ROOT_PART" ] ; then
38 log_warning_msg "$ROOT_PART is not an SD card. Don't know how to expand"
38 log_warning_msg "$ROOT_PART is not an SD card. Don't know how to expand"
39 return 1
39 return 1
40 fi
40 fi
41
41
42 # NOTE: the NOOBS partition layout confuses parted. For now, let's only
42 # NOTE: the NOOBS partition layout confuses parted. For now, let's only
43 # agree to work with a sufficiently simple partition layout
43 # agree to work with a sufficiently simple partition layout
44 if [ "$PART_NUM" -gt 2 ] ; then
44 if [ "$PART_NUM" -gt 2 ] ; then
45 log_warning_msg "Your partition layout is not currently supported by this tool."
45 log_warning_msg "Your partition layout is not currently supported by this tool."
46 return 1
46 return 1
47 fi
47 fi
48
48
49 # Check if last partition number
49 # Check if last partition number
50 LAST_PART_NUM=$(parted /dev/${ROOT_DEV} -ms unit s p | tail -n 1 | cut -f 1 -d:)
50 LAST_PART_NUM=$(parted /dev/${ROOT_DEV} -ms unit s p | tail -n 1 | cut -f 1 -d:)
51 if [ $LAST_PART_NUM -ne $PART_NUM ]; then
51 if [ $LAST_PART_NUM -ne $PART_NUM ]; then
52 log_warning_msg "$ROOT_PART is not the last partition. Don't know how to expand"
52 log_warning_msg "$ROOT_PART is not the last partition. Don't know how to expand"
53 return 1
53 return 1
54 fi
54 fi
55
55
56 # Get the starting offset of the root partition
56 # Get the starting offset of the root partition
57 PART_START=$(parted /dev/${ROOT_DEV} -ms unit s p | grep "^${PART_NUM}" | cut -f 2 -d: | sed 's/[^0-9]//g')
57 PART_START=$(parted /dev/${ROOT_DEV} -ms unit s p | grep "^${PART_NUM}" | cut -f 2 -d: | sed 's/[^0-9]//g')
58 if [ -z "$PART_START" ] ; then
58 if [ -z "$PART_START" ] ; then
59 log_warning_msg "${ROOT_DEV} unable to get starting sector of the partition"
59 log_warning_msg "${ROOT_DEV} unable to get starting sector of the partition"
60 return 1
60 return 1
61 fi
61 fi
62
62
63 # Get the current last sector of the root partition
64 PART_END=$(parted /dev/${ROOT_DEV} -ms unit s p | grep "^${PART_NUM}" | cut -f 3 -d: | sed 's/[^0-9]//g')
65 if [ -z "$PART_END" ] ; then
66 log_warning_msg "${ROOT_DEV} unable to get last sector of the partition"
67 return 1
68 fi
69
63 # Get the possible last sector for the root partition
70 # Get the possible last sector for the root partition
64 PART_LAST=$(fdisk -l /dev/${ROOT_DEV} | grep '^Disk.*sectors' | awk '{ print $7 - 1 }')
71 PART_LAST=$(fdisk -l /dev/${ROOT_DEV} | grep '^Disk.*sectors' | awk '{ print $7 - 1 }')
65 if [ -z "$PART_LAST" ] ; then
72 if [ -z "$PART_LAST" ] ; then
66 log_warning_msg "${ROOT_DEV} unable to get last sector of the partition"
73 log_warning_msg "${ROOT_DEV} unable to get last possible sector of the partition"
67 return 1
74 return 1
68 fi
75 fi
69
76
70 ### Since rc.local is run with "sh -e", let's add "|| true" to prevent premature exit
77 ### Since rc.local is run with "sh -e", let's add "|| true" to prevent premature exit
71 fdisk /dev/${ROOT_DEV} 2> /dev/null <<EOF2 || true
78 if [ $PART_END != $PART_LAST ] ; then
79 fdisk /dev/${ROOT_DEV} 2> /dev/null <<EOF2 || true
72 p
80 p
73 d
81 d
74 $PART_NUM
82 $PART_NUM
75 n
83 n
76 p
84 p
77 $PART_NUM
85 $PART_NUM
78 $PART_START
86 $PART_START
79 $PART_LAST
87 $PART_LAST
80 p
88 p
81 w
89 w
82 EOF2
90 EOF2
83
91
84 partprobe
92 partprobe
85 log_success_msg "Root partition successfully resized."
93 log_success_msg "Root partition successfully resized."
94 else
95 log_success_msg "Root partition already resized."
96 fi
@@ -1,15 +1,15
1 [Unit]
1 [Unit]
2 Description=Packet Filtering Framework
2 Description=Packet Filtering Framework
3 DefaultDependencies=no
3 DefaultDependencies=no
4 After=systemd-sysctl.service
4 After=systemd-sysctl.service
5 Before=sysinit.target
5 Before=sysinit.target
6
6
7 [Service]
7 [Service]
8 Type=oneshot
8 Type=oneshot
9 ExecStart=/sbin/ip6tables-restore /etc/iptables/ip6tables.rules
9 ExecStart=/sbin/ip6tables-restore -w 5 /etc/iptables/ip6tables.rules
10 ExecReload=/sbin/ip6tables-restore /etc/iptables/ip6tables.rules
10 ExecReload=/sbin/ip6tables-restore /etc/iptables/ip6tables.rules
11 ExecStop=/etc/iptables/flush-ip6tables.sh
11 ExecStop=/etc/iptables/flush-ip6tables.sh
12 RemainAfterExit=yes
12 RemainAfterExit=yes
13
13
14 [Install]
14 [Install]
15 WantedBy=multi-user.target
15 WantedBy=multi-user.target
@@ -1,15 +1,15
1 [Unit]
1 [Unit]
2 Description=Packet Filtering Framework
2 Description=Packet Filtering Framework
3 DefaultDependencies=no
3 DefaultDependencies=no
4 After=systemd-sysctl.service
4 After=systemd-sysctl.service
5 Before=sysinit.target
5 Before=sysinit.target
6
6
7 [Service]
7 [Service]
8 Type=oneshot
8 Type=oneshot
9 ExecStart=/sbin/iptables-restore /etc/iptables/iptables.rules
9 ExecStart=/sbin/iptables-restore -w 5 /etc/iptables/iptables.rules
10 ExecReload=/sbin/iptables-restore /etc/iptables/iptables.rules
10 ExecReload=/sbin/iptables-restore /etc/iptables/iptables.rules
11 ExecStop=/etc/iptables/flush-iptables.sh
11 ExecStop=/etc/iptables/flush-iptables.sh
12 RemainAfterExit=yes
12 RemainAfterExit=yes
13
13
14 [Install]
14 [Install]
15 WantedBy=multi-user.target
15 WantedBy=multi-user.target
@@ -1,1 +1,1
1 rpi2-jessie
1 RaspberryPI
@@ -1,6 +1,6
1 127.0.0.1 localhost
1 127.0.0.1 localhost
2 127.0.1.1 rpi2-jessie
2 127.0.1.1 RaspberryPI
3
3
4 ::1 localhost ip6-localhost ip6-loopback
4 ::1 localhost ip6-localhost ip6-loopback
5 ff02::1 ip6-allnodes
5 ff02::1 ip6-allnodes
6 ff02::2 ip6-allrouters
6 ff02::2 ip6-allrouters
@@ -1,81 +1,122
1 # This file contains utility functions used by rpi23-gen-image.sh
1 # This file contains utility functions used by rpi23-gen-image.sh
2
2
3 cleanup (){
3 cleanup (){
4 set +x
4 set +x
5 set +e
5 set +e
6
7 # Remove exports from nexmon
8 unset KERNEL
9 unset ARCH
10 unset SUBARCH
11 unset CCPLUGIN
12 unset ZLIBFLATE
13 unset Q
14 unset NEXMON_SETUP_ENV
15 unset HOSTUNAME
16 unset PLATFORMUNAME
6
17
7 # Identify and kill all processes still using files
18 # Identify and kill all processes still using files
8 echo "killing processes using mount point ..."
19 echo "killing processes using mount point ..."
9 fuser -k "${R}"
20 fuser -k "${R}"
10 sleep 3
21 sleep 3
11 fuser -9 -k -v "${R}"
22 fuser -9 -k -v "${R}"
12
23
13 # Clean up temporary .password file
24 # Clean up temporary .password file
14 if [ -r ".password" ] ; then
25 if [ -r ".password" ] ; then
15 shred -zu .password
26 shred -zu .password
16 fi
27 fi
17
28
18 # Clean up all temporary mount points
29 # Clean up all temporary mount points
19 echo "removing temporary mount points ..."
30 echo "removing temporary mount points ..."
20 umount -l "${R}/proc" 2> /dev/null
31 umount -l "${R}/proc" 2> /dev/null
21 umount -l "${R}/sys" 2> /dev/null
32 umount -l "${R}/sys" 2> /dev/null
22 umount -l "${R}/dev/pts" 2> /dev/null
33 umount -l "${R}/dev/pts" 2> /dev/null
23 umount "$BUILDDIR/mount/boot/firmware" 2> /dev/null
34 umount "$BUILDDIR/mount/boot/firmware" 2> /dev/null
24 umount "$BUILDDIR/mount" 2> /dev/null
35 umount "$BUILDDIR/mount" 2> /dev/null
25 cryptsetup close "${CRYPTFS_MAPPING}" 2> /dev/null
36 cryptsetup close "${CRYPTFS_MAPPING}" 2> /dev/null
26 losetup -d "$ROOT_LOOP" 2> /dev/null
37 losetup -d "$ROOT_LOOP" 2> /dev/null
27 losetup -d "$FRMW_LOOP" 2> /dev/null
38 losetup -d "$FRMW_LOOP" 2> /dev/null
28 trap - 0 1 2 3 6
39 trap - 0 1 2 3 6
29 }
40 }
30
41
31 chroot_exec() {
42 chroot_exec() {
32 # Exec command in chroot
43 # Exec command in chroot
33 LANG=C LC_ALL=C DEBIAN_FRONTEND=noninteractive chroot ${R} $*
44 LANG=C LC_ALL=C DEBIAN_FRONTEND=noninteractive chroot "${R}" "$@"
34 }
45 }
35
46
36 as_nobody() {
47 as_nobody() {
37 # Exec command as user nobody
48 # Exec command as user nobody
38 sudo -E -u nobody LANG=C LC_ALL=C $*
49 sudo -E -u nobody LANG=C LC_ALL=C "$@"
39 }
50 }
40
51
41 install_readonly() {
52 install_readonly() {
42 # Install file with user read-only permissions
53 # Install file with user read-only permissions
43 install -o root -g root -m 644 $*
54 install -o root -g root -m 644 "$@"
44 }
55 }
45
56
46 install_exec() {
57 install_exec() {
47 # Install file with root exec permissions
58 # Install file with root exec permissions
48 install -o root -g root -m 744 $*
59 install -o root -g root -m 744 "$@"
49 }
60 }
50
61
51 use_template () {
62 use_template () {
52 # Test if configuration template file exists
63 # Test if configuration template file exists
53 if [ ! -r "./templates/${CONFIG_TEMPLATE}" ] ; then
64 if [ ! -r "./templates/${CONFIG_TEMPLATE}" ] ; then
54 echo "error: configuration template ${CONFIG_TEMPLATE} not found"
65 echo "error: configuration template ${CONFIG_TEMPLATE} not found"
55 exit 1
66 exit 1
56 fi
67 fi
57
68
58 # Load template configuration parameters
69 # Load template configuration parameters
59 . "./templates/${CONFIG_TEMPLATE}"
70 . "./templates/${CONFIG_TEMPLATE}"
60 }
71 }
61
72
62 chroot_install_cc() {
73 chroot_install_cc() {
63 # Install c/c++ build environment inside the chroot
74 # Install c/c++ build environment inside the chroot
64 if [ -z "${COMPILER_PACKAGES}" ] ; then
75 if [ -z "${COMPILER_PACKAGES}" ] ; then
65 COMPILER_PACKAGES=$(chroot_exec apt-get -s install g++ make bc | grep "^Inst " | awk -v ORS=" " '{ print $2 }')
76 COMPILER_PACKAGES=$(chroot_exec apt-get -s install g++ make bc | grep "^Inst " | awk -v ORS=" " '{ print $2 }')
66
77
78
67 if [ "$RELEASE" = "jessie" ] || [ "$RELEASE" = "stretch" ] || [ "$RELEASE" = "buster" ] ; then
79 if [ "$RELEASE" = "jessie" ] || [ "$RELEASE" = "stretch" ] || [ "$RELEASE" = "buster" ] ; then
68 chroot_exec apt-get -q -y --no-install-recommends install ${COMPILER_PACKAGES}
80 chroot_exec apt-get -q -y --no-install-recommends install ${COMPILER_PACKAGES}
69 elif [ "$RELEASE" = "stretch" ] || [ "$RELEASE" = "buster" ] ; then
81 elif [ "$RELEASE" = "stretch" ] || [ "$RELEASE" = "buster" ] ; then
70 chroot_exec apt-get -q -y --allow-unauthenticated --no-install-recommends install ${COMPILER_PACKAGES}
82 chroot_exec apt-get -q -y --allow-unauthenticated --no-install-recommends install ${COMPILER_PACKAGES}
71 fi
83 fi
84
72 fi
85 fi
73 }
86 }
74
87
75 chroot_remove_cc() {
88 chroot_remove_cc() {
76 # Remove c/c++ build environment from the chroot
89 # Remove c/c++ build environment from the chroot
77 if [ ! -z "${COMPILER_PACKAGES}" ] ; then
90 if [ -n "${COMPILER_PACKAGES}" ] ; then
78 chroot_exec apt-get -qq -y --auto-remove purge ${COMPILER_PACKAGES}
91 chroot_exec apt-get -qq -y --auto-remove purge ${COMPILER_PACKAGES}
79 COMPILER_PACKAGES=""
92 COMPILER_PACKAGES=""
80 fi
93 fi
81 }
94 }
95
96 # https://serverfault.com/a/682849 - converts e.g. /24 to 255.255.255.0
97 cdr2mask ()
98 {
99 # Number of args to shift, 255..255, first non-255 byte, zeroes
100 set -- $(( 5 - ($1 / 8) )) 255 255 255 255 $(( (255 << (8 - ($1 % 8))) & 255 )) 0 0 0
101 [ $1 -gt 1 ] && shift $1 || shift
102 echo ${1-0}.${2-0}.${3-0}.${4-0}
103 }
104
105 # GPL v2.0 - #https://github.com/sakaki-/bcmrpi3-kernel-bis/blob/master/conform_config.sh
106 set_kernel_config() {
107 # flag as $1, value to set as $2, config must exist at "./.config"
108 TGT="CONFIG_${1#CONFIG_}"
109 REP="${2}"
110 if grep -q "^${TGT}[^_]" .config; then
111 sed -i "s/^\(${TGT}=.*\|# ${TGT} is not set\)/${TGT}=${REP}/" .config
112 else
113 echo "${TGT}"="${2}" >> .config
114 fi
115 }
116
117 # unset kernel config parameter
118 unset_kernel_config() {
119 # unsets flag with the value of $1, config must exist at "./.config"
120 TGT="CONFIG_${1#CONFIG_}"
121 sed -i "s/^${TGT}=.*/# ${TGT} is not set/" .config
122 } No newline at end of file
@@ -1,657 +1,883
1 #!/bin/sh
1 #!/bin/sh
2
3 ########################################################################
2 ########################################################################
4 # rpi23-gen-image.sh 2015-2017
3 # rpi23-gen-image.sh 2015-2017
5 #
4 #
6 # Advanced Debian "jessie", "stretch" and "buster" bootstrap script for RPi2/3
5 # Advanced Debian "stretch" and "buster" bootstrap script for Raspberry Pi
7 #
6 #
8 # This program is free software; you can redistribute it and/or
7 # This program is free software; you can redistribute it and/or
9 # modify it under the terms of the GNU General Public License
8 # modify it under the terms of the GNU General Public License
10 # as published by the Free Software Foundation; either version 2
9 # as published by the Free Software Foundation; either version 2
11 # of the License, or (at your option) any later version.
10 # of the License, or (at your option) any later version.
12 #
11 #
13 # Copyright (C) 2015 Jan Wagner <mail@jwagner.eu>
12 # Copyright (C) 2015 Jan Wagner <mail@jwagner.eu>
14 #
13 #
15 # Big thanks for patches and enhancements by 20+ github contributors!
14 # Big thanks for patches and enhancements by 20+ github contributors!
16 ########################################################################
15 ########################################################################
17
16
18 # Are we running as root?
17 # Are we running as root?
19 if [ "$(id -u)" -ne "0" ] ; then
18 if [ "$(id -u)" -ne "0" ] ; then
20 echo "error: this script must be executed with root privileges!"
19 echo "error: this script must be executed with root privileges!"
21 exit 1
20 exit 1
22 fi
21 fi
23
22
24 # Check if ./functions.sh script exists
23 # Check if ./functions.sh script exists
25 if [ ! -r "./functions.sh" ] ; then
24 if [ ! -r "./functions.sh" ] ; then
26 echo "error: './functions.sh' required script not found!"
25 echo "error: './functions.sh' required script not found!"
27 exit 1
26 exit 1
28 fi
27 fi
29
28
30 # Load utility functions
29 # Load utility functions
31 . ./functions.sh
30 . ./functions.sh
32
31
33 # Load parameters from configuration template file
32 # Load parameters from configuration template file
34 if [ ! -z "$CONFIG_TEMPLATE" ] ; then
33 if [ -n "$CONFIG_TEMPLATE" ] ; then
35 use_template
34 use_template
36 fi
35 fi
37
36
38 # Introduce settings
37 # Introduce settings
39 set -e
38 set -e
40 echo -n -e "\n#\n# RPi2/3 Bootstrap Settings\n#\n"
39 echo -n -e "\n#\n# RPi 0/1/2/3 Bootstrap Settings\n#\n"
41 set -x
40 set -x
42
41
43 # Raspberry Pi model configuration
42 # Raspberry Pi model configuration
44 RPI_MODEL=${RPI_MODEL:=2}
43 RPI_MODEL=${RPI_MODEL:=2}
45 RPI2_DTB_FILE=${RPI2_DTB_FILE:=bcm2709-rpi-2-b.dtb}
46 RPI2_UBOOT_CONFIG=${RPI2_UBOOT_CONFIG:=rpi_2_defconfig}
47 RPI3_DTB_FILE=${RPI3_DTB_FILE:=bcm2710-rpi-3-b.dtb}
48 RPI3_UBOOT_CONFIG=${RPI3_UBOOT_CONFIG:=rpi_3_32b_defconfig}
49
44
50 # Debian release
45 # Debian release
51 RELEASE=${RELEASE:=jessie}
46 RELEASE=${RELEASE:=buster}
52 KERNEL_ARCH=${KERNEL_ARCH:=arm}
47
53 RELEASE_ARCH=${RELEASE_ARCH:=armhf}
48 # Kernel Branch
54 CROSS_COMPILE=${CROSS_COMPILE:=arm-linux-gnueabihf-}
55 COLLABORA_KERNEL=${COLLABORA_KERNEL:=3.18.0-trunk-rpi2}
56 if [ "$KERNEL_ARCH" = "arm64" ] ; then
57 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcmrpi3_defconfig}
58 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel8.img}
59 else
60 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcm2709_defconfig}
61 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel7.img}
62 fi
63 if [ "$RELEASE_ARCH" = "arm64" ] ; then
64 QEMU_BINARY=${QEMU_BINARY:=/usr/bin/qemu-aarch64-static}
65 else
66 QEMU_BINARY=${QEMU_BINARY:=/usr/bin/qemu-arm-static}
67 fi
68 KERNEL_BRANCH=${KERNEL_BRANCH:=""}
49 KERNEL_BRANCH=${KERNEL_BRANCH:=""}
69
50
70 # URLs
51 # URLs
71 KERNEL_URL=${KERNEL_URL:=https://github.com/raspberrypi/linux}
52 KERNEL_URL=${KERNEL_URL:=https://github.com/raspberrypi/linux}
72 FIRMWARE_URL=${FIRMWARE_URL:=https://github.com/raspberrypi/firmware/raw/master/boot}
53 FIRMWARE_URL=${FIRMWARE_URL:=https://github.com/raspberrypi/firmware/raw/master/boot}
73 WLAN_FIRMWARE_URL=${WLAN_FIRMWARE_URL:=https://github.com/RPi-Distro/firmware-nonfree/raw/master/brcm}
54 WLAN_FIRMWARE_URL=${WLAN_FIRMWARE_URL:=https://github.com/RPi-Distro/firmware-nonfree/raw/master/brcm}
74 COLLABORA_URL=${COLLABORA_URL:=https://repositories.collabora.co.uk/debian}
55 COLLABORA_URL=${COLLABORA_URL:=https://repositories.collabora.co.uk/debian}
75 FBTURBO_URL=${FBTURBO_URL:=https://github.com/ssvb/xf86-video-fbturbo.git}
56 FBTURBO_URL=${FBTURBO_URL:=https://github.com/ssvb/xf86-video-fbturbo.git}
76 UBOOT_URL=${UBOOT_URL:=git://git.denx.de/u-boot.git}
57 UBOOT_URL=${UBOOT_URL:=https://git.denx.de/u-boot.git}
58 VIDEOCORE_URL=${VIDEOCORE_URL:=https://github.com/raspberrypi/userland}
59 BLUETOOTH_URL=${BLUETOOTH_URL:=https://github.com/RPi-Distro/pi-bluetooth.git}
60 NEXMON_URL=${NEXMON_URL:=https://github.com/seemoo-lab/nexmon.git}
61 SYSTEMDSWAP_URL=${SYSTEMDSWAP_URL:=https://github.com/Nefelim4ag/systemd-swap.git}
62
63 # Kernel deb packages for 32bit kernel
64 RPI_32_KERNEL_URL=${RPI_32_KERNEL_URL:=https://github.com/hypriot/rpi-kernel/releases/download/v4.14.34/raspberrypi-kernel_20180422-141901_armhf.deb}
65 RPI_32_KERNELHEADER_URL=${RPI_32_KERNELHEADER_URL:=https://github.com/hypriot/rpi-kernel/releases/download/v4.14.34/raspberrypi-kernel-headers_20180422-141901_armhf.deb}
66 # Kernel has KVM and zswap enabled - use if KERNEL_* parameters and precompiled kernel are used
67 RPI3_64_BIS_KERNEL_URL=${RPI3_64_BIS_KERNEL_URL:=https://github.com/sakaki-/bcmrpi3-kernel-bis/releases/download/4.14.80.20181113/bcmrpi3-kernel-bis-4.14.80.20181113.tar.xz}
68 # Default precompiled 64bit kernel
69 RPI3_64_DEF_KERNEL_URL=${RPI3_64_DEF_KERNEL_URL:=https://github.com/sakaki-/bcmrpi3-kernel/releases/download/4.14.80.20181113/bcmrpi3-kernel-4.14.80.20181113.tar.xz}
70 # Generic
71 RPI3_64_KERNEL_URL=${RPI3_64_KERNEL_URL:=$RPI3_64_DEF_KERNEL_URL}
72 # Kali kernel src - used if ENABLE_NEXMON=true (they patch the wlan kernel modul)
73 KALI_KERNEL_URL=${KALI_KERNEL_URL:=https://github.com/Re4son/re4son-raspberrypi-linux.git}
77
74
78 # Build directories
75 # Build directories
79 BASEDIR=${BASEDIR:=$(pwd)/images/${RELEASE}}
76 WORKDIR=$(pwd)
77 BASEDIR=${BASEDIR:=${WORKDIR}/images/${RELEASE}}
80 BUILDDIR="${BASEDIR}/build"
78 BUILDDIR="${BASEDIR}/build"
81
79
82 # Prepare date string for default image file name
83 DATE="$(date +%Y-%m-%d)"
84 if [ -z "$KERNEL_BRANCH" ] ; then
85 IMAGE_NAME=${IMAGE_NAME:=${BASEDIR}/${DATE}-${KERNEL_ARCH}-CURRENT-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}}
86 else
87 IMAGE_NAME=${IMAGE_NAME:=${BASEDIR}/${DATE}-${KERNEL_ARCH}-${KERNEL_BRANCH}-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}}
88 fi
89
90 # Chroot directories
80 # Chroot directories
91 R="${BUILDDIR}/chroot"
81 R="${BUILDDIR}/chroot"
92 ETC_DIR="${R}/etc"
82 ETC_DIR="${R}/etc"
93 LIB_DIR="${R}/lib"
83 LIB_DIR="${R}/lib"
94 BOOT_DIR="${R}/boot/firmware"
84 BOOT_DIR="${R}/boot/firmware"
95 KERNEL_DIR="${R}/usr/src/linux"
85 KERNEL_DIR="${R}/usr/src/linux"
96 WLAN_FIRMWARE_DIR="${R}/lib/firmware/brcm"
86 WLAN_FIRMWARE_DIR="${LIB_DIR}/firmware/brcm"
87 BLUETOOTH_FIRMWARE_DIR="${ETC_DIR}/firmware/bt"
97
88
98 # Firmware directory: Blank if download from github
89 # Firmware directory: Blank if download from github
99 RPI_FIRMWARE_DIR=${RPI_FIRMWARE_DIR:=""}
90 RPI_FIRMWARE_DIR=${RPI_FIRMWARE_DIR:=""}
100
91
101 # General settings
92 # General settings
93 SET_ARCH=${SET_ARCH:=32}
102 HOSTNAME=${HOSTNAME:=rpi${RPI_MODEL}-${RELEASE}}
94 HOSTNAME=${HOSTNAME:=rpi${RPI_MODEL}-${RELEASE}}
103 PASSWORD=${PASSWORD:=raspberry}
95 PASSWORD=${PASSWORD:=raspberry}
104 USER_PASSWORD=${USER_PASSWORD:=raspberry}
96 USER_PASSWORD=${USER_PASSWORD:=raspberry}
105 DEFLOCAL=${DEFLOCAL:="en_US.UTF-8"}
97 DEFLOCAL=${DEFLOCAL:="en_US.UTF-8"}
106 TIMEZONE=${TIMEZONE:="Europe/Berlin"}
98 TIMEZONE=${TIMEZONE:="Europe/Berlin"}
107 EXPANDROOT=${EXPANDROOT:=true}
99 EXPANDROOT=${EXPANDROOT:=true}
100 ENABLE_DPHYSSWAP=${ENABLE_DPHYSSWAP:=true}
108
101
109 # Keyboard settings
102 # Keyboard settings
110 XKB_MODEL=${XKB_MODEL:=""}
103 XKB_MODEL=${XKB_MODEL:=""}
111 XKB_LAYOUT=${XKB_LAYOUT:=""}
104 XKB_LAYOUT=${XKB_LAYOUT:=""}
112 XKB_VARIANT=${XKB_VARIANT:=""}
105 XKB_VARIANT=${XKB_VARIANT:=""}
113 XKB_OPTIONS=${XKB_OPTIONS:=""}
106 XKB_OPTIONS=${XKB_OPTIONS:=""}
114
107
115 # Network settings (DHCP)
108 # Network settings (DHCP)
116 ENABLE_DHCP=${ENABLE_DHCP:=true}
109 ENABLE_DHCP=${ENABLE_DHCP:=true}
117
110
118 # Network settings (static)
111 # Network settings (static)
119 NET_ADDRESS=${NET_ADDRESS:=""}
112 NET_ADDRESS=${NET_ADDRESS:=""}
120 NET_GATEWAY=${NET_GATEWAY:=""}
113 NET_GATEWAY=${NET_GATEWAY:=""}
121 NET_DNS_1=${NET_DNS_1:=""}
114 NET_DNS_1=${NET_DNS_1:=""}
122 NET_DNS_2=${NET_DNS_2:=""}
115 NET_DNS_2=${NET_DNS_2:=""}
123 NET_DNS_DOMAINS=${NET_DNS_DOMAINS:=""}
116 NET_DNS_DOMAINS=${NET_DNS_DOMAINS:=""}
124 NET_NTP_1=${NET_NTP_1:=""}
117 NET_NTP_1=${NET_NTP_1:=""}
125 NET_NTP_2=${NET_NTP_2:=""}
118 NET_NTP_2=${NET_NTP_2:=""}
126
119
127 # APT settings
120 # APT settings
128 APT_PROXY=${APT_PROXY:=""}
121 APT_PROXY=${APT_PROXY:=""}
129 APT_SERVER=${APT_SERVER:="ftp.debian.org"}
122 APT_SERVER=${APT_SERVER:="ftp.debian.org"}
123 KEEP_APT_PROXY=${KEEP_APT_PROXY:=false}
130
124
131 # Feature settings
125 # Feature settings
126 ENABLE_PRINTK=${ENABLE_PRINTK:=false}
127 ENABLE_BLUETOOTH=${ENABLE_BLUETOOTH:=false}
128 ENABLE_MINIUART_OVERLAY=${ENABLE_MINIUART_OVERLAY:=false}
132 ENABLE_CONSOLE=${ENABLE_CONSOLE:=true}
129 ENABLE_CONSOLE=${ENABLE_CONSOLE:=true}
133 ENABLE_I2C=${ENABLE_I2C:=false}
130 ENABLE_I2C=${ENABLE_I2C:=false}
134 ENABLE_SPI=${ENABLE_SPI:=false}
131 ENABLE_SPI=${ENABLE_SPI:=false}
135 ENABLE_IPV6=${ENABLE_IPV6:=true}
132 ENABLE_IPV6=${ENABLE_IPV6:=true}
136 ENABLE_SSHD=${ENABLE_SSHD:=true}
133 ENABLE_SSHD=${ENABLE_SSHD:=true}
137 ENABLE_NONFREE=${ENABLE_NONFREE:=false}
134 ENABLE_NONFREE=${ENABLE_NONFREE:=false}
138 ENABLE_WIRELESS=${ENABLE_WIRELESS:=false}
135 ENABLE_WIRELESS=${ENABLE_WIRELESS:=false}
139 ENABLE_SOUND=${ENABLE_SOUND:=true}
136 ENABLE_SOUND=${ENABLE_SOUND:=true}
140 ENABLE_DBUS=${ENABLE_DBUS:=true}
137 ENABLE_DBUS=${ENABLE_DBUS:=true}
141 ENABLE_HWRANDOM=${ENABLE_HWRANDOM:=true}
138 ENABLE_HWRANDOM=${ENABLE_HWRANDOM:=true}
142 ENABLE_MINGPU=${ENABLE_MINGPU:=false}
139 ENABLE_MINGPU=${ENABLE_MINGPU:=false}
143 ENABLE_XORG=${ENABLE_XORG:=false}
140 ENABLE_XORG=${ENABLE_XORG:=false}
144 ENABLE_WM=${ENABLE_WM:=""}
141 ENABLE_WM=${ENABLE_WM:=""}
145 ENABLE_RSYSLOG=${ENABLE_RSYSLOG:=true}
142 ENABLE_RSYSLOG=${ENABLE_RSYSLOG:=true}
146 ENABLE_USER=${ENABLE_USER:=true}
143 ENABLE_USER=${ENABLE_USER:=true}
147 USER_NAME=${USER_NAME:="pi"}
144 USER_NAME=${USER_NAME:="pi"}
148 ENABLE_ROOT=${ENABLE_ROOT:=false}
145 ENABLE_ROOT=${ENABLE_ROOT:=false}
146 ENABLE_QEMU=${ENABLE_QEMU:=false}
147 ENABLE_SYSVINIT=${ENABLE_SYSVINIT:=false}
149
148
150 # SSH settings
149 # SSH settings
151 SSH_ENABLE_ROOT=${SSH_ENABLE_ROOT:=false}
150 SSH_ENABLE_ROOT=${SSH_ENABLE_ROOT:=false}
152 SSH_DISABLE_PASSWORD_AUTH=${SSH_DISABLE_PASSWORD_AUTH:=false}
151 SSH_DISABLE_PASSWORD_AUTH=${SSH_DISABLE_PASSWORD_AUTH:=false}
153 SSH_LIMIT_USERS=${SSH_LIMIT_USERS:=false}
152 SSH_LIMIT_USERS=${SSH_LIMIT_USERS:=false}
154 SSH_ROOT_PUB_KEY=${SSH_ROOT_PUB_KEY:=""}
153 SSH_ROOT_PUB_KEY=${SSH_ROOT_PUB_KEY:=""}
155 SSH_USER_PUB_KEY=${SSH_USER_PUB_KEY:=""}
154 SSH_USER_PUB_KEY=${SSH_USER_PUB_KEY:=""}
156
155
157 # Advanced settings
156 # Advanced settings
157 ENABLE_SYSTEMDSWAP=${ENABLE_SYSTEMDSWAP:=false}
158 ENABLE_MINBASE=${ENABLE_MINBASE:=false}
158 ENABLE_MINBASE=${ENABLE_MINBASE:=false}
159 ENABLE_REDUCE=${ENABLE_REDUCE:=false}
159 ENABLE_REDUCE=${ENABLE_REDUCE:=false}
160 ENABLE_UBOOT=${ENABLE_UBOOT:=false}
160 ENABLE_UBOOT=${ENABLE_UBOOT:=false}
161 UBOOTSRC_DIR=${UBOOTSRC_DIR:=""}
161 UBOOTSRC_DIR=${UBOOTSRC_DIR:=""}
162 ENABLE_USBBOOT=${ENABLE_USBBOOT=false}
162 ENABLE_FBTURBO=${ENABLE_FBTURBO:=false}
163 ENABLE_FBTURBO=${ENABLE_FBTURBO:=false}
164 ENABLE_VIDEOCORE=${ENABLE_VIDEOCORE:=false}
165 ENABLE_NEXMON=${ENABLE_NEXMON:=false}
166 VIDEOCORESRC_DIR=${VIDEOCORESRC_DIR:=""}
163 FBTURBOSRC_DIR=${FBTURBOSRC_DIR:=""}
167 FBTURBOSRC_DIR=${FBTURBOSRC_DIR:=""}
168 NEXMONSRC_DIR=${NEXMONSRC_DIR:=""}
164 ENABLE_HARDNET=${ENABLE_HARDNET:=false}
169 ENABLE_HARDNET=${ENABLE_HARDNET:=false}
165 ENABLE_IPTABLES=${ENABLE_IPTABLES:=false}
170 ENABLE_IPTABLES=${ENABLE_IPTABLES:=false}
166 ENABLE_SPLITFS=${ENABLE_SPLITFS:=false}
171 ENABLE_SPLITFS=${ENABLE_SPLITFS:=false}
167 ENABLE_INITRAMFS=${ENABLE_INITRAMFS:=false}
172 ENABLE_INITRAMFS=${ENABLE_INITRAMFS:=false}
168 ENABLE_IFNAMES=${ENABLE_IFNAMES:=true}
173 ENABLE_IFNAMES=${ENABLE_IFNAMES:=true}
174 ENABLE_SPLASH=${ENABLE_SPLASH:=true}
175 ENABLE_LOGO=${ENABLE_LOGO:=true}
176 ENABLE_SILENT_BOOT=${ENABLE_SILENT_BOOT=false}
169 DISABLE_UNDERVOLT_WARNINGS=${DISABLE_UNDERVOLT_WARNINGS:=}
177 DISABLE_UNDERVOLT_WARNINGS=${DISABLE_UNDERVOLT_WARNINGS:=}
170
178
171 # Kernel compilation settings
179 # Kernel compilation settings
172 BUILD_KERNEL=${BUILD_KERNEL:=false}
180 BUILD_KERNEL=${BUILD_KERNEL:=true}
173 KERNEL_REDUCE=${KERNEL_REDUCE:=false}
181 KERNEL_REDUCE=${KERNEL_REDUCE:=false}
174 KERNEL_THREADS=${KERNEL_THREADS:=1}
182 KERNEL_THREADS=${KERNEL_THREADS:=1}
175 KERNEL_HEADERS=${KERNEL_HEADERS:=true}
183 KERNEL_HEADERS=${KERNEL_HEADERS:=true}
176 KERNEL_MENUCONFIG=${KERNEL_MENUCONFIG:=false}
184 KERNEL_MENUCONFIG=${KERNEL_MENUCONFIG:=false}
177 KERNEL_REMOVESRC=${KERNEL_REMOVESRC:=true}
185 KERNEL_REMOVESRC=${KERNEL_REMOVESRC:=true}
178 if [ "$KERNEL_ARCH" = "arm64" ] ; then
186 KERNEL_OLDDEFCONFIG=${KERNEL_OLDDEFCONFIG:=false}
179 KERNEL_BIN_IMAGE=${KERNEL_BIN_IMAGE:="Image"}
187 KERNEL_CCACHE=${KERNEL_CCACHE:=false}
180 else
188 KERNEL_ZSWAP=${KERNEL_ZSWAP:=false}
181 KERNEL_BIN_IMAGE=${KERNEL_BIN_IMAGE:="zImage"}
189 KERNEL_VIRT=${KERNEL_VIRT:=false}
182 fi
190 KERNEL_BPF=${KERNEL_BPF:=false}
191 KERNEL_DEFAULT_GOV=${KERNEL_DEFAULT_GOV:=ondemand}
192 KERNEL_SECURITY=${KERNEL_SECURITY:=false}
193 KERNEL_NF=${KERNEL_NF:=false}
183
194
184 # Kernel compilation from source directory settings
195 # Kernel compilation from source directory settings
185 KERNELSRC_DIR=${KERNELSRC_DIR:=""}
196 KERNELSRC_DIR=${KERNELSRC_DIR:=""}
186 KERNELSRC_CLEAN=${KERNELSRC_CLEAN:=false}
197 KERNELSRC_CLEAN=${KERNELSRC_CLEAN:=false}
187 KERNELSRC_CONFIG=${KERNELSRC_CONFIG:=true}
198 KERNELSRC_CONFIG=${KERNELSRC_CONFIG:=true}
188 KERNELSRC_PREBUILT=${KERNELSRC_PREBUILT:=false}
199 KERNELSRC_PREBUILT=${KERNELSRC_PREBUILT:=false}
189
200
190 # Reduce disk usage settings
201 # Reduce disk usage settings
191 REDUCE_APT=${REDUCE_APT:=true}
202 REDUCE_APT=${REDUCE_APT:=true}
192 REDUCE_DOC=${REDUCE_DOC:=true}
203 REDUCE_DOC=${REDUCE_DOC:=true}
193 REDUCE_MAN=${REDUCE_MAN:=true}
204 REDUCE_MAN=${REDUCE_MAN:=true}
194 REDUCE_VIM=${REDUCE_VIM:=false}
205 REDUCE_VIM=${REDUCE_VIM:=false}
195 REDUCE_BASH=${REDUCE_BASH:=false}
206 REDUCE_BASH=${REDUCE_BASH:=false}
196 REDUCE_HWDB=${REDUCE_HWDB:=true}
207 REDUCE_HWDB=${REDUCE_HWDB:=true}
197 REDUCE_SSHD=${REDUCE_SSHD:=true}
208 REDUCE_SSHD=${REDUCE_SSHD:=true}
198 REDUCE_LOCALE=${REDUCE_LOCALE:=true}
209 REDUCE_LOCALE=${REDUCE_LOCALE:=true}
199
210
200 # Encrypted filesystem settings
211 # Encrypted filesystem settings
201 ENABLE_CRYPTFS=${ENABLE_CRYPTFS:=false}
212 ENABLE_CRYPTFS=${ENABLE_CRYPTFS:=false}
202 CRYPTFS_PASSWORD=${CRYPTFS_PASSWORD:=""}
213 CRYPTFS_PASSWORD=${CRYPTFS_PASSWORD:=""}
203 CRYPTFS_MAPPING=${CRYPTFS_MAPPING:="secure"}
214 CRYPTFS_MAPPING=${CRYPTFS_MAPPING:="secure"}
204 CRYPTFS_CIPHER=${CRYPTFS_CIPHER:="aes-xts-plain64:sha512"}
215 CRYPTFS_CIPHER=${CRYPTFS_CIPHER:="aes-xts-plain64:sha512"}
205 CRYPTFS_XTSKEYSIZE=${CRYPTFS_XTSKEYSIZE:=512}
216 CRYPTFS_XTSKEYSIZE=${CRYPTFS_XTSKEYSIZE:=512}
206
217 #Dropbear-initramfs supports unlocking encrypted filesystem via SSH on bootup
207 # Stop the Crypto Wars
218 CRYPTFS_DROPBEAR=${CRYPTFS_DROPBEAR:=false}
208 DISABLE_FBI=${DISABLE_FBI:=false}
219 #Provide your own Dropbear Public RSA-OpenSSH Key otherwise it will be generated
220 CRYPTFS_DROPBEAR_PUBKEY=${CRYPTFS_DROPBEAR_PUBKEY:=""}
209
221
210 # Chroot scripts directory
222 # Chroot scripts directory
211 CHROOT_SCRIPTS=${CHROOT_SCRIPTS:=""}
223 CHROOT_SCRIPTS=${CHROOT_SCRIPTS:=""}
212
224
213 # Packages required in the chroot build environment
225 # Packages required in the chroot build environment
214 APT_INCLUDES=${APT_INCLUDES:=""}
226 APT_INCLUDES=${APT_INCLUDES:=""}
215 APT_INCLUDES="${APT_INCLUDES},apt-transport-https,apt-utils,ca-certificates,debian-archive-keyring,dialog,sudo,systemd,sysvinit-utils"
227 APT_INCLUDES="${APT_INCLUDES},apt-transport-https,apt-utils,ca-certificates,debian-archive-keyring,dialog,sudo,systemd,sysvinit-utils,locales,keyboard-configuration,console-setup,libnss-systemd"
228
229 # Packages to exclude from chroot build environment
230 APT_EXCLUDES=${APT_EXCLUDES:=""}
216
231
217 # Packages required for bootstrapping
232 # Packages required for bootstrapping
218 REQUIRED_PACKAGES="debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git bc psmisc dbus sudo"
233 REQUIRED_PACKAGES="debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git bc psmisc dbus sudo"
219 MISSING_PACKAGES=""
234 MISSING_PACKAGES=""
220
235
221 # Packages installed for c/c++ build environment in chroot (keep empty)
236 # Packages installed for c/c++ build environment in chroot (keep empty)
222 COMPILER_PACKAGES=""
237 COMPILER_PACKAGES=""
223
238
224 set +x
239 # Check if apt-cacher-ng has port 3142 open and set APT_PROXY
240 APT_CACHER_RUNNING=$(lsof -i :3142 | cut -d ' ' -f3 | uniq | sed '/^\s*$/d')
241 if [ "${APT_CACHER_RUNNING}" = "apt-cacher-ng" ] ; then
242 APT_PROXY=http://127.0.0.1:3142/
243 fi
244
245 # Setup architecture specific settings
246 if [ -n "$SET_ARCH" ] ; then
247 # 64-bit configuration
248 if [ "$SET_ARCH" = 64 ] ; then
249 # General 64-bit depended settings
250 QEMU_BINARY=${QEMU_BINARY:=/usr/bin/qemu-aarch64-static}
251 KERNEL_ARCH=${KERNEL_ARCH:=arm64}
252 KERNEL_BIN_IMAGE=${KERNEL_BIN_IMAGE:="Image"}
253
254 # Raspberry Pi model specific settings
255 if [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] || [ "$RPI_MODEL" = 4 ] ; then
256 if [ "$RPI_MODEL" != 4 ] ; then
257 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcmrpi3_defconfig}
258 else
259 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcm2711_defconfig}
260 fi
261
262 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-arm64"
263 RELEASE_ARCH=${RELEASE_ARCH:=arm64}
264 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel8.img}
265 CROSS_COMPILE=${CROSS_COMPILE:=aarch64-linux-gnu-}
266 else
267 echo "error: Only Raspberry PI 3, 3B+ and 4 support 64-bit"
268 exit 1
269 fi
270 fi
225
271
226 # Set Raspberry Pi model specific configuration
272 # 32-bit configuration
227 if [ "$RPI_MODEL" = 2 ] ; then
273 if [ "$SET_ARCH" = 32 ] ; then
228 DTB_FILE=${RPI2_DTB_FILE}
274 # General 32-bit dependend settings
229 UBOOT_CONFIG=${RPI2_UBOOT_CONFIG}
275 QEMU_BINARY=${QEMU_BINARY:=/usr/bin/qemu-arm-static}
230 elif [ "$RPI_MODEL" = 3 ] ; then
276 KERNEL_ARCH=${KERNEL_ARCH:=arm}
231 DTB_FILE=${RPI3_DTB_FILE}
277 KERNEL_BIN_IMAGE=${KERNEL_BIN_IMAGE:="zImage"}
232 UBOOT_CONFIG=${RPI3_UBOOT_CONFIG}
278
233 BUILD_KERNEL=true
279 # Raspberry Pi model specific settings
280 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 1 ] || [ "$RPI_MODEL" = 1P ] ; then
281 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-armel"
282 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcmrpi_defconfig}
283 RELEASE_ARCH=${RELEASE_ARCH:=armel}
284 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel.img}
285 CROSS_COMPILE=${CROSS_COMPILE:=arm-linux-gnueabi-}
286 fi
287
288 # Raspberry Pi model specific settings
289 if [ "$RPI_MODEL" = 2 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] || [ "$RPI_MODEL" = 4 ] ; then
290 if [ "$RPI_MODEL" != 4 ] ; then
291 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcm2709_defconfig}
292 else
293 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcm2711_defconfig}
294 fi
295
296 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-armhf"
297 RELEASE_ARCH=${RELEASE_ARCH:=armhf}
298 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel7.img}
299 CROSS_COMPILE=${CROSS_COMPILE:=arm-linux-gnueabihf-}
300 fi
301 fi
302 # SET_ARCH not set
234 else
303 else
235 echo "error: Raspberry Pi model ${RPI_MODEL} is not supported!"
304 echo "error: Please set '32' or '64' as value for SET_ARCH"
236 exit 1
305 exit 1
237 fi
306 fi
307 # Device specific configuration and U-Boot configuration
308 case "$RPI_MODEL" in
309 0)
310 DTB_FILE=${DTB_FILE:=bcm2708-rpi-0-w.dtb}
311 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_defconfig}
312 ;;
313 1)
314 DTB_FILE=${DTB_FILE:=bcm2708-rpi-b.dtb}
315 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_defconfig}
316 ;;
317 1P)
318 DTB_FILE=${DTB_FILE:=bcm2708-rpi-b-plus.dtb}
319 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_defconfig}
320 ;;
321 2)
322 DTB_FILE=${DTB_FILE:=bcm2709-rpi-2-b.dtb}
323 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_2_defconfig}
324 ;;
325 3)
326 DTB_FILE=${DTB_FILE:=bcm2710-rpi-3-b.dtb}
327 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_3_defconfig}
328 ;;
329 3P)
330 DTB_FILE=${DTB_FILE:=bcm2710-rpi-3-b.dtb}
331 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_3_defconfig}
332 ;;
333 4)
334 DTB_FILE=${DTB_FILE:=bcm2711-rpi-4-b.dtb}
335 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_4_defconfig}
336 ;;
337 *)
338 echo "error: Raspberry Pi model $RPI_MODEL is not supported!"
339 exit 1
340 ;;
341 esac
342
343 # Raspberry PI 0,3,3P with Bluetooth and Wifi onboard
344 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] || [ "$RPI_MODEL" = 4 ] ; then
345 # Include bluetooth packages on supported boards
346 if [ "$ENABLE_BLUETOOTH" = true ] ; then
347 APT_INCLUDES="${APT_INCLUDES},bluetooth,bluez"
348 fi
349 if [ "$ENABLE_WIRELESS" = true ] ; then
350 APT_INCLUDES="${APT_INCLUDES},wireless-tools,crda,wireless-regdb"
351 fi
352 else # Raspberry PI 1,1P,2 without Wifi and bluetooth onboard
353 # Check if the internal wireless interface is not supported by the RPi model
354 if [ "$ENABLE_WIRELESS" = true ] || [ "$ENABLE_BLUETOOTH" = true ]; then
355 echo "error: The selected Raspberry Pi model has no integrated interface for wireless or bluetooth"
356 exit 1
357 fi
358 fi
238
359
239 # Check if the internal wireless interface is supported by the RPi model
360 if [ "$BUILD_KERNEL" = false ] && [ "$ENABLE_NEXMON" = true ]; then
240 if [ "$ENABLE_WIRELESS" = true ] && [ "$RPI_MODEL" != 3 ] ; then
361 echo "error: You have to compile kernel sources, if you want to enable nexmon"
241 echo "error: The selected Raspberry Pi model has no internal wireless interface"
242 exit 1
362 exit 1
243 fi
363 fi
244
364
365 # Prepare date string for default image file name
366 DATE="$(date +%Y-%m-%d)"
367 if [ -z "$KERNEL_BRANCH" ] ; then
368 IMAGE_NAME=${IMAGE_NAME:=${BASEDIR}/${DATE}-${KERNEL_ARCH}-CURRENT-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}}
369 else
370 IMAGE_NAME=${IMAGE_NAME:=${BASEDIR}/${DATE}-${KERNEL_ARCH}-${KERNEL_BRANCH}-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}}
371 fi
372
245 # Check if DISABLE_UNDERVOLT_WARNINGS parameter value is supported
373 # Check if DISABLE_UNDERVOLT_WARNINGS parameter value is supported
246 if [ ! -z "$DISABLE_UNDERVOLT_WARNINGS" ] ; then
374 if [ -n "$DISABLE_UNDERVOLT_WARNINGS" ] ; then
247 if [ "$DISABLE_UNDERVOLT_WARNINGS" != 1 ] && [ "$DISABLE_UNDERVOLT_WARNINGS" != 2 ] ; then
375 if [ "$DISABLE_UNDERVOLT_WARNINGS" != 1 ] && [ "$DISABLE_UNDERVOLT_WARNINGS" != 2 ] ; then
248 echo "error: DISABLE_UNDERVOLT_WARNINGS=${DISABLE_UNDERVOLT_WARNINGS} is not supported"
376 echo "error: DISABLE_UNDERVOLT_WARNINGS=${DISABLE_UNDERVOLT_WARNINGS} is not supported"
249 exit 1
377 exit 1
250 fi
378 fi
251 fi
379 fi
252
380
253 # Build RPi2/3 Linux kernel if required by Debian release
381 # Add cmake to compile videocore sources
254 if [ "$RELEASE" = "stretch" ] || [ "$RELEASE" = "buster" ] ; then
382 if [ "$ENABLE_VIDEOCORE" = true ] ; then
255 BUILD_KERNEL=true
383 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} cmake"
256 fi
384 fi
257
385
258 # Add packages required for kernel cross compilation
386 # Add deps for nexmon
259 if [ "$BUILD_KERNEL" = true ] ; then
387 if [ "$ENABLE_NEXMON" = true ] ; then
260 if [ "$KERNEL_ARCH" = "arm" ] ; then
388 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} libgmp3-dev gawk qpdf bison flex make autoconf automake build-essential libtool"
261 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-armhf"
262 else
263 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-arm64"
264 fi
265 fi
389 fi
266
390
267 # Add libncurses5 to enable kernel menuconfig
391 # Add libncurses5 to enable kernel menuconfig
268 if [ "$KERNEL_MENUCONFIG" = true ] ; then
392 if [ "$KERNEL_MENUCONFIG" = true ] ; then
269 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} libncurses5-dev"
393 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} libncurses-dev"
270 fi
394 fi
271
395
272 # Stop the Crypto Wars
396 # Add ccache compiler cache for (faster) kernel cross (re)compilation
273 if [ "$DISABLE_FBI" = true ] ; then
397 if [ "$KERNEL_CCACHE" = true ] ; then
274 ENABLE_CRYPTFS=true
398 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} ccache"
275 fi
399 fi
276
400
277 # Add cryptsetup package to enable filesystem encryption
401 # Add cryptsetup package to enable filesystem encryption
278 if [ "$ENABLE_CRYPTFS" = true ] && [ "$BUILD_KERNEL" = true ] ; then
402 if [ "$ENABLE_CRYPTFS" = true ] && [ "$BUILD_KERNEL" = true ] ; then
279 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} cryptsetup"
403 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} cryptsetup"
280 APT_INCLUDES="${APT_INCLUDES},cryptsetup"
404 APT_INCLUDES="${APT_INCLUDES},cryptsetup,busybox,console-setup"
281
405
406 # If cryptfs,dropbear and initramfs are enabled include dropbear-initramfs package
407 if [ "$CRYPTFS_DROPBEAR" = true ] && [ "$ENABLE_INITRAMFS" = true ]; then
408 APT_INCLUDES="${APT_INCLUDES},dropbear-initramfs"
409 fi
410
282 if [ -z "$CRYPTFS_PASSWORD" ] ; then
411 if [ -z "$CRYPTFS_PASSWORD" ] ; then
283 echo "error: no password defined (CRYPTFS_PASSWORD)!"
412 echo "error: no password defined (CRYPTFS_PASSWORD)!"
284 exit 1
413 exit 1
285 fi
414 fi
286 ENABLE_INITRAMFS=true
415 ENABLE_INITRAMFS=true
287 fi
416 fi
288
417
289 # Add initramfs generation tools
418 # Add initramfs generation tools
290 if [ "$ENABLE_INITRAMFS" = true ] && [ "$BUILD_KERNEL" = true ] ; then
419 if [ "$ENABLE_INITRAMFS" = true ] && [ "$BUILD_KERNEL" = true ] ; then
291 APT_INCLUDES="${APT_INCLUDES},initramfs-tools"
420 APT_INCLUDES="${APT_INCLUDES},initramfs-tools"
292 fi
421 fi
293
422
294 # Add device-tree-compiler required for building the U-Boot bootloader
423 # Add device-tree-compiler required for building the U-Boot bootloader
295 if [ "$ENABLE_UBOOT" = true ] ; then
424 if [ "$ENABLE_UBOOT" = true ] ; then
296 APT_INCLUDES="${APT_INCLUDES},device-tree-compiler"
425 APT_INCLUDES="${APT_INCLUDES},device-tree-compiler,bison,flex,bc"
426 fi
427
428 if [ "$ENABLE_USBBOOT" = true ] ; then
429 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 1P ] || [ "$RPI_MODEL" = 1 ] || [ "$RPI_MODEL" = 2 ]; then
430 echo "error: Booting from USB alone is only supported by Raspberry Pi 3 and 3P"
431 exit 1
432 fi
297 fi
433 fi
298
434
299 # Check if root SSH (v2) public key file exists
435 # Check if root SSH (v2) public key file exists
300 if [ ! -z "$SSH_ROOT_PUB_KEY" ] ; then
436 if [ -n "$SSH_ROOT_PUB_KEY" ] ; then
301 if [ ! -f "$SSH_ROOT_PUB_KEY" ] ; then
437 if [ ! -f "$SSH_ROOT_PUB_KEY" ] ; then
302 echo "error: '$SSH_ROOT_PUB_KEY' specified SSH public key file not found (SSH_ROOT_PUB_KEY)!"
438 echo "error: '$SSH_ROOT_PUB_KEY' specified SSH public key file not found (SSH_ROOT_PUB_KEY)!"
303 exit 1
439 exit 1
304 fi
440 fi
305 fi
441 fi
306
442
307 # Check if $USER_NAME SSH (v2) public key file exists
443 # Check if $USER_NAME SSH (v2) public key file exists
308 if [ ! -z "$SSH_USER_PUB_KEY" ] ; then
444 if [ -n "$SSH_USER_PUB_KEY" ] ; then
309 if [ ! -f "$SSH_USER_PUB_KEY" ] ; then
445 if [ ! -f "$SSH_USER_PUB_KEY" ] ; then
310 echo "error: '$SSH_USER_PUB_KEY' specified SSH public key file not found (SSH_USER_PUB_KEY)!"
446 echo "error: '$SSH_USER_PUB_KEY' specified SSH public key file not found (SSH_USER_PUB_KEY)!"
311 exit 1
447 exit 1
312 fi
448 fi
313 fi
449 fi
314
450
451 if [ "$ENABLE_NEXMON" = true ] && [ -n "$KERNEL_BRANCH" ] ; then
452 echo "error: Please unset KERNEL_BRANCH if using ENABLE_NEXMON"
453 exit 1
454 fi
455
315 # Check if all required packages are installed on the build system
456 # Check if all required packages are installed on the build system
316 for package in $REQUIRED_PACKAGES ; do
457 for package in $REQUIRED_PACKAGES ; do
317 if [ "`dpkg-query -W -f='${Status}' $package`" != "install ok installed" ] ; then
458 if [ "$(dpkg-query -W -f='${Status}' "$package")" != "install ok installed" ] ; then
318 MISSING_PACKAGES="${MISSING_PACKAGES} $package"
459 MISSING_PACKAGES="${MISSING_PACKAGES} $package"
319 fi
460 fi
320 done
461 done
321
462
322 # If there are missing packages ask confirmation for install, or exit
463 # If there are missing packages ask confirmation for install, or exit
323 if [ -n "$MISSING_PACKAGES" ] ; then
464 if [ -n "$MISSING_PACKAGES" ] ; then
324 echo "the following packages needed by this script are not installed:"
465 echo "the following packages needed by this script are not installed:"
325 echo "$MISSING_PACKAGES"
466 echo "$MISSING_PACKAGES"
326
467
327 echo -n "\ndo you want to install the missing packages right now? [y/n] "
468 printf "\ndo you want to install the missing packages right now? [y/n] "
328 read confirm
469 read -r confirm
329 [ "$confirm" != "y" ] && exit 1
470 [ "$confirm" != "y" ] && exit 1
330
471
331 # Make sure all missing required packages are installed
472 # Make sure all missing required packages are installed
332 apt-get -qq -y install ${MISSING_PACKAGES}
473 apt-get -qq -y install `echo "${MISSING_PACKAGES}" | sed "s/ //"`
333 fi
474 fi
334
475
335 # Check if ./bootstrap.d directory exists
476 # Check if ./bootstrap.d directory exists
336 if [ ! -d "./bootstrap.d/" ] ; then
477 if [ ! -d "./bootstrap.d/" ] ; then
337 echo "error: './bootstrap.d' required directory not found!"
478 echo "error: './bootstrap.d' required directory not found!"
338 exit 1
479 exit 1
339 fi
480 fi
340
481
341 # Check if ./files directory exists
482 # Check if ./files directory exists
342 if [ ! -d "./files/" ] ; then
483 if [ ! -d "./files/" ] ; then
343 echo "error: './files' required directory not found!"
484 echo "error: './files' required directory not found!"
344 exit 1
485 exit 1
345 fi
486 fi
346
487
347 # Check if specified KERNELSRC_DIR directory exists
488 # Check if specified KERNELSRC_DIR directory exists
348 if [ -n "$KERNELSRC_DIR" ] && [ ! -d "$KERNELSRC_DIR" ] ; then
489 if [ -n "$KERNELSRC_DIR" ] && [ ! -d "$KERNELSRC_DIR" ] ; then
349 echo "error: '${KERNELSRC_DIR}' specified directory not found (KERNELSRC_DIR)!"
490 echo "error: '${KERNELSRC_DIR}' specified directory not found (KERNELSRC_DIR)!"
350 exit 1
491 exit 1
351 fi
492 fi
352
493
353 # Check if specified UBOOTSRC_DIR directory exists
494 # Check if specified UBOOTSRC_DIR directory exists
354 if [ -n "$UBOOTSRC_DIR" ] && [ ! -d "$UBOOTSRC_DIR" ] ; then
495 if [ -n "$UBOOTSRC_DIR" ] && [ ! -d "$UBOOTSRC_DIR" ] ; then
355 echo "error: '${UBOOTSRC_DIR}' specified directory not found (UBOOTSRC_DIR)!"
496 echo "error: '${UBOOTSRC_DIR}' specified directory not found (UBOOTSRC_DIR)!"
356 exit 1
497 exit 1
357 fi
498 fi
358
499
500 # Check if specified VIDEOCORESRC_DIR directory exists
501 if [ -n "$VIDEOCORESRC_DIR" ] && [ ! -d "$VIDEOCORESRC_DIR" ] ; then
502 echo "error: '${VIDEOCORESRC_DIR}' specified directory not found (VIDEOCORESRC_DIR)!"
503 exit 1
504 fi
505
359 # Check if specified FBTURBOSRC_DIR directory exists
506 # Check if specified FBTURBOSRC_DIR directory exists
360 if [ -n "$FBTURBOSRC_DIR" ] && [ ! -d "$FBTURBOSRC_DIR" ] ; then
507 if [ -n "$FBTURBOSRC_DIR" ] && [ ! -d "$FBTURBOSRC_DIR" ] ; then
361 echo "error: '${FBTURBOSRC_DIR}' specified directory not found (FBTURBOSRC_DIR)!"
508 echo "error: '${FBTURBOSRC_DIR}' specified directory not found (FBTURBOSRC_DIR)!"
362 exit 1
509 exit 1
363 fi
510 fi
364
511
512 # Check if specified NEXMONSRC_DIR directory exists
513 if [ -n "$NEXMONSRC_DIR" ] && [ ! -d "$NEXMONSRC_DIR" ] ; then
514 echo "error: '${NEXMONSRC_DIR}' specified directory not found (NEXMONSRC_DIR)!"
515 exit 1
516 fi
517
365 # Check if specified CHROOT_SCRIPTS directory exists
518 # Check if specified CHROOT_SCRIPTS directory exists
366 if [ -n "$CHROOT_SCRIPTS" ] && [ ! -d "$CHROOT_SCRIPTS" ] ; then
519 if [ -n "$CHROOT_SCRIPTS" ] && [ ! -d "$CHROOT_SCRIPTS" ] ; then
367 echo "error: ${CHROOT_SCRIPTS} specified directory not found (CHROOT_SCRIPTS)!"
520 echo "error: ${CHROOT_SCRIPTS} specified directory not found (CHROOT_SCRIPTS)!"
368 exit 1
521 exit 1
369 fi
522 fi
370
523
371 # Check if specified device mapping already exists (will be used by cryptsetup)
524 # Check if specified device mapping already exists (will be used by cryptsetup)
372 if [ -r "/dev/mapping/${CRYPTFS_MAPPING}" ] ; then
525 if [ -r "/dev/mapping/${CRYPTFS_MAPPING}" ] ; then
373 echo "error: mapping /dev/mapping/${CRYPTFS_MAPPING} already exists, not proceeding"
526 echo "error: mapping /dev/mapping/${CRYPTFS_MAPPING} already exists, not proceeding"
374 exit 1
527 exit 1
375 fi
528 fi
376
529
377 # Don't clobber an old build
530 # Don't clobber an old build
378 if [ -e "$BUILDDIR" ] ; then
531 if [ -e "$BUILDDIR" ] ; then
379 echo "error: directory ${BUILDDIR} already exists, not proceeding"
532 echo "error: directory ${BUILDDIR} already exists, not proceeding"
380 exit 1
533 exit 1
381 fi
534 fi
382
535
383 # Setup chroot directory
536 # Setup chroot directory
384 mkdir -p "${R}"
537 mkdir -p "${R}"
385
538
386 # Check if build directory has enough of free disk space >512MB
539 # Check if build directory has enough of free disk space >512MB
387 if [ "$(df --output=avail ${BUILDDIR} | sed "1d")" -le "524288" ] ; then
540 if [ "$(df --output=avail "${BUILDDIR}" | sed "1d")" -le "524288" ] ; then
388 echo "error: ${BUILDDIR} not enough space left to generate the output image!"
541 echo "error: ${BUILDDIR} not enough space left to generate the output image!"
389 exit 1
542 exit 1
390 fi
543 fi
391
544
392 set -x
545 set -x
393
546
394 # Call "cleanup" function on various signals and errors
547 # Call "cleanup" function on various signals and errors
395 trap cleanup 0 1 2 3 6
548 trap cleanup 0 1 2 3 6
396
549
397 # Add required packages for the minbase installation
550 # Add required packages for the minbase installation
398 if [ "$ENABLE_MINBASE" = true ] ; then
551 if [ "$ENABLE_MINBASE" = true ] ; then
399 APT_INCLUDES="${APT_INCLUDES},vim-tiny,netbase,net-tools,ifupdown"
552 APT_INCLUDES="${APT_INCLUDES},vim-tiny,netbase,net-tools,ifupdown"
400 fi
553 fi
401
554
402 # Add required locales packages
403 if [ "$DEFLOCAL" != "en_US.UTF-8" ] ; then
404 APT_INCLUDES="${APT_INCLUDES},locales,keyboard-configuration,console-setup"
405 fi
406
407 # Add parted package, required to get partprobe utility
555 # Add parted package, required to get partprobe utility
408 if [ "$EXPANDROOT" = true ] ; then
556 if [ "$EXPANDROOT" = true ] ; then
409 APT_INCLUDES="${APT_INCLUDES},parted"
557 APT_INCLUDES="${APT_INCLUDES},parted"
410 fi
558 fi
411
559
560 # Add dphys-swapfile package, required to enable swap
561 if [ "$ENABLE_DPHYSSWAP" = true ] ; then
562 APT_INCLUDES="${APT_INCLUDES},dphys-swapfile"
563 fi
564
412 # Add dbus package, recommended if using systemd
565 # Add dbus package, recommended if using systemd
413 if [ "$ENABLE_DBUS" = true ] ; then
566 if [ "$ENABLE_DBUS" = true ] ; then
414 APT_INCLUDES="${APT_INCLUDES},dbus"
567 APT_INCLUDES="${APT_INCLUDES},dbus"
415 fi
568 fi
416
569
417 # Add iptables IPv4/IPv6 package
570 # Add iptables IPv4/IPv6 package
418 if [ "$ENABLE_IPTABLES" = true ] ; then
571 if [ "$ENABLE_IPTABLES" = true ] ; then
419 APT_INCLUDES="${APT_INCLUDES},iptables"
572 APT_INCLUDES="${APT_INCLUDES},iptables,iptables-persistent"
573 fi
574 # Add apparmor for KERNEL_SECURITY
575 if [ "$KERNEL_SECURITY" = true ] ; then
576 APT_INCLUDES="${APT_INCLUDES},apparmor,apparmor-utils,apparmor-profiles,apparmor-profiles-extra,libapparmor-perl"
420 fi
577 fi
421
578
422 # Add openssh server package
579 # Add openssh server package
423 if [ "$ENABLE_SSHD" = true ] ; then
580 if [ "$ENABLE_SSHD" = true ] ; then
424 APT_INCLUDES="${APT_INCLUDES},openssh-server"
581 APT_INCLUDES="${APT_INCLUDES},openssh-server"
425 fi
582 fi
426
583
427 # Add alsa-utils package
584 # Add alsa-utils package
428 if [ "$ENABLE_SOUND" = true ] ; then
585 if [ "$ENABLE_SOUND" = true ] ; then
429 APT_INCLUDES="${APT_INCLUDES},alsa-utils"
586 APT_INCLUDES="${APT_INCLUDES},alsa-utils"
430 fi
587 fi
431
588
432 # Add rng-tools package
589 # Add rng-tools package
433 if [ "$ENABLE_HWRANDOM" = true ] ; then
590 if [ "$ENABLE_HWRANDOM" = true ] ; then
434 APT_INCLUDES="${APT_INCLUDES},rng-tools"
591 APT_INCLUDES="${APT_INCLUDES},rng-tools"
435 fi
592 fi
436
593
437 # Add fbturbo video driver
594 # Add fbturbo video driver
438 if [ "$ENABLE_FBTURBO" = true ] ; then
595 if [ "$ENABLE_FBTURBO" = true ] ; then
439 # Enable xorg package dependencies
596 # Enable xorg package dependencies
440 ENABLE_XORG=true
597 ENABLE_XORG=true
441 fi
598 fi
442
599
443 # Add user defined window manager package
600 # Add user defined window manager package
444 if [ -n "$ENABLE_WM" ] ; then
601 if [ -n "$ENABLE_WM" ] ; then
445 APT_INCLUDES="${APT_INCLUDES},${ENABLE_WM}"
602 APT_INCLUDES="${APT_INCLUDES},${ENABLE_WM}"
446
603
447 # Enable xorg package dependencies
604 # Enable xorg package dependencies
448 ENABLE_XORG=true
605 ENABLE_XORG=true
449 fi
606 fi
450
607
451 # Add xorg package
608 # Add xorg package
452 if [ "$ENABLE_XORG" = true ] ; then
609 if [ "$ENABLE_XORG" = true ] ; then
453 APT_INCLUDES="${APT_INCLUDES},xorg,dbus-x11"
610 APT_INCLUDES="${APT_INCLUDES},xorg,dbus-x11"
454 fi
611 fi
455
612
456 # Replace selected packages with smaller clones
613 # Replace selected packages with smaller clones
457 if [ "$ENABLE_REDUCE" = true ] ; then
614 if [ "$ENABLE_REDUCE" = true ] ; then
458 # Add levee package instead of vim-tiny
615 # Add levee package instead of vim-tiny
459 if [ "$REDUCE_VIM" = true ] ; then
616 if [ "$REDUCE_VIM" = true ] ; then
460 APT_INCLUDES="$(echo ${APT_INCLUDES} | sed "s/vim-tiny/levee/")"
617 APT_INCLUDES="$(echo ${APT_INCLUDES} | sed "s/vim-tiny/levee/")"
461 fi
618 fi
462
619
463 # Add dropbear package instead of openssh-server
620 # Add dropbear package instead of openssh-server
464 if [ "$REDUCE_SSHD" = true ] ; then
621 if [ "$REDUCE_SSHD" = true ] ; then
465 APT_INCLUDES="$(echo ${APT_INCLUDES} | sed "s/openssh-server/dropbear/")"
622 APT_INCLUDES="$(echo "${APT_INCLUDES}" | sed "s/openssh-server/dropbear/")"
466 fi
623 fi
467 fi
624 fi
468
625
469 if [ "$RELEASE" != "jessie" ] ; then
626 # Configure systemd-sysv exclude to make halt/reboot/shutdown scripts available
470 APT_INCLUDES="${APT_INCLUDES},libnss-systemd"
627 if [ "$ENABLE_SYSVINIT" = false ] ; then
628 APT_EXCLUDES="--exclude=${APT_EXCLUDES},init,systemd-sysv"
471 fi
629 fi
472
630
473 # Configure kernel sources if no KERNELSRC_DIR
631 # Configure kernel sources if no KERNELSRC_DIR
474 if [ "$BUILD_KERNEL" = true ] && [ -z "$KERNELSRC_DIR" ] ; then
632 if [ "$BUILD_KERNEL" = true ] && [ -z "$KERNELSRC_DIR" ] ; then
475 KERNELSRC_CONFIG=true
633 KERNELSRC_CONFIG=true
476 fi
634 fi
477
635
478 # Configure reduced kernel
636 # Configure reduced kernel
479 if [ "$KERNEL_REDUCE" = true ] ; then
637 if [ "$KERNEL_REDUCE" = true ] ; then
480 KERNELSRC_CONFIG=false
638 KERNELSRC_CONFIG=false
481 fi
639 fi
482
640
641 # Configure qemu compatible kernel
642 if [ "$ENABLE_QEMU" = true ] ; then
643 DTB_FILE=vexpress-v2p-ca15_a7.dtb
644 UBOOT_CONFIG=vexpress_ca15_tc2_defconfig
645 KERNEL_DEFCONFIG="vexpress_defconfig"
646 if [ "$KERNEL_MENUCONFIG" = false ] ; then
647 KERNEL_OLDDEFCONFIG=true
648 fi
649 fi
650
483 # Execute bootstrap scripts
651 # Execute bootstrap scripts
484 for SCRIPT in bootstrap.d/*.sh; do
652 for SCRIPT in bootstrap.d/*.sh; do
485 head -n 3 "$SCRIPT"
653 head -n 3 "$SCRIPT"
486 . "$SCRIPT"
654 . "$SCRIPT"
487 done
655 done
488
656
489 ## Execute custom bootstrap scripts
657 ## Execute custom bootstrap scripts
490 if [ -d "custom.d" ] ; then
658 if [ -d "custom.d" ] ; then
491 for SCRIPT in custom.d/*.sh; do
659 for SCRIPT in custom.d/*.sh; do
492 . "$SCRIPT"
660 . "$SCRIPT"
493 done
661 done
494 fi
662 fi
495
663
496 # Execute custom scripts inside the chroot
664 # Execute custom scripts inside the chroot
497 if [ -n "$CHROOT_SCRIPTS" ] && [ -d "$CHROOT_SCRIPTS" ] ; then
665 if [ -n "$CHROOT_SCRIPTS" ] && [ -d "$CHROOT_SCRIPTS" ] ; then
498 cp -r "${CHROOT_SCRIPTS}" "${R}/chroot_scripts"
666 cp -r "${CHROOT_SCRIPTS}" "${R}/chroot_scripts"
499 chroot_exec /bin/bash -x <<'EOF'
667 chroot_exec /bin/bash -x <<'EOF'
500 for SCRIPT in /chroot_scripts/* ; do
668 for SCRIPT in /chroot_scripts/* ; do
501 if [ -f $SCRIPT -a -x $SCRIPT ] ; then
669 if [ -f $SCRIPT -a -x $SCRIPT ] ; then
502 $SCRIPT
670 $SCRIPT
503 fi
671 fi
504 done
672 done
505 EOF
673 EOF
506 rm -rf "${R}/chroot_scripts"
674 rm -rf "${R}/chroot_scripts"
507 fi
675 fi
508
676
509 # Remove c/c++ build environment from the chroot
677 # Remove c/c++ build environment from the chroot
510 chroot_remove_cc
678 chroot_remove_cc
511
679
512 # Remove apt-utils
513 if [ "$RELEASE" = "jessie" ] ; then
514 chroot_exec apt-get purge -qq -y --force-yes apt-utils
515 fi
516
517 # Generate required machine-id
680 # Generate required machine-id
518 MACHINE_ID=$(dbus-uuidgen)
681 MACHINE_ID=$(dbus-uuidgen)
519 echo -n "${MACHINE_ID}" > "${R}/var/lib/dbus/machine-id"
682 echo -n "${MACHINE_ID}" > "${R}/var/lib/dbus/machine-id"
520 echo -n "${MACHINE_ID}" > "${ETC_DIR}/machine-id"
683 echo -n "${MACHINE_ID}" > "${ETC_DIR}/machine-id"
521
684
522 # APT Cleanup
685 # APT Cleanup
523 chroot_exec apt-get -y clean
686 chroot_exec apt-get -y clean
524 chroot_exec apt-get -y autoclean
687 chroot_exec apt-get -y autoclean
525 chroot_exec apt-get -y autoremove
688 chroot_exec apt-get -y autoremove
526
689
527 # Unmount mounted filesystems
690 # Unmount mounted filesystems
528 umount -l "${R}/proc"
691 umount -l "${R}/proc"
529 umount -l "${R}/sys"
692 umount -l "${R}/sys"
530
693
531 # Clean up directories
694 # Clean up directories
532 rm -rf "${R}/run/*"
695 rm -rf "${R}/run/*"
533 rm -rf "${R}/tmp/*"
696 rm -rf "${R}/tmp/*"
534
697
698 # Clean up APT proxy settings
699 if [ "$KEEP_APT_PROXY" = false ] ; then
700 rm -f "${ETC_DIR}/apt/apt.conf.d/10proxy"
701 fi
702
535 # Clean up files
703 # Clean up files
536 rm -f "${ETC_DIR}/ssh/ssh_host_*"
704 rm -f "${ETC_DIR}/ssh/ssh_host_*"
537 rm -f "${ETC_DIR}/dropbear/dropbear_*"
705 rm -f "${ETC_DIR}/dropbear/dropbear_*"
538 rm -f "${ETC_DIR}/apt/sources.list.save"
706 rm -f "${ETC_DIR}/apt/sources.list.save"
539 rm -f "${ETC_DIR}/resolvconf/resolv.conf.d/original"
707 rm -f "${ETC_DIR}/resolvconf/resolv.conf.d/original"
540 rm -f "${ETC_DIR}/*-"
708 rm -f "${ETC_DIR}/*-"
541 rm -f "${ETC_DIR}/apt/apt.conf.d/10proxy"
542 rm -f "${ETC_DIR}/resolv.conf"
709 rm -f "${ETC_DIR}/resolv.conf"
543 rm -f "${R}/root/.bash_history"
710 rm -f "${R}/root/.bash_history"
544 rm -f "${R}/var/lib/urandom/random-seed"
711 rm -f "${R}/var/lib/urandom/random-seed"
545 rm -f "${R}/initrd.img"
712 rm -f "${R}/initrd.img"
546 rm -f "${R}/vmlinuz"
713 rm -f "${R}/vmlinuz"
547 rm -f "${R}${QEMU_BINARY}"
714 rm -f "${R}${QEMU_BINARY}"
548
715
716 if [ "$ENABLE_QEMU" = true ] ; then
717 # Setup QEMU directory
718 mkdir "${BASEDIR}/qemu"
719
720 # Copy kernel image to QEMU directory
721 install_readonly "${BOOT_DIR}/${KERNEL_IMAGE}" "${BASEDIR}/qemu/${KERNEL_IMAGE}"
722
723 # Copy kernel config to QEMU directory
724 install_readonly "${R}/boot/config-${KERNEL_VERSION}" "${BASEDIR}/qemu/config-${KERNEL_VERSION}"
725
726 # Copy kernel dtbs to QEMU directory
727 for dtb in "${BOOT_DIR}/"*.dtb ; do
728 if [ -f "${dtb}" ] ; then
729 install_readonly "${dtb}" "${BASEDIR}/qemu/"
730 fi
731 done
732
733 # Copy kernel overlays to QEMU directory
734 if [ -d "${BOOT_DIR}/overlays" ] ; then
735 # Setup overlays dtbs directory
736 mkdir "${BASEDIR}/qemu/overlays"
737
738 for dtb in "${BOOT_DIR}/overlays/"*.dtbo ; do
739 if [ -f "${dtb}" ] ; then
740 install_readonly "${dtb}" "${BASEDIR}/qemu/overlays/"
741 fi
742 done
743 fi
744
745 # Copy u-boot files to QEMU directory
746 if [ "$ENABLE_UBOOT" = true ] ; then
747 if [ -f "${BOOT_DIR}/u-boot.bin" ] ; then
748 install_readonly "${BOOT_DIR}/u-boot.bin" "${BASEDIR}/qemu/u-boot.bin"
749 fi
750 if [ -f "${BOOT_DIR}/uboot.mkimage" ] ; then
751 install_readonly "${BOOT_DIR}/uboot.mkimage" "${BASEDIR}/qemu/uboot.mkimage"
752 fi
753 if [ -f "${BOOT_DIR}/boot.scr" ] ; then
754 install_readonly "${BOOT_DIR}/boot.scr" "${BASEDIR}/qemu/boot.scr"
755 fi
756 fi
757
758 # Copy initramfs to QEMU directory
759 if [ -f "${BOOT_DIR}/initramfs-${KERNEL_VERSION}" ] ; then
760 install_readonly "${BOOT_DIR}/initramfs-${KERNEL_VERSION}" "${BASEDIR}/qemu/initramfs-${KERNEL_VERSION}"
761 fi
762 fi
763
549 # Calculate size of the chroot directory in KB
764 # Calculate size of the chroot directory in KB
550 CHROOT_SIZE=$(expr `du -s "${R}" | awk '{ print $1 }'`)
765 CHROOT_SIZE=$(expr "$(du -s "${R}" | awk '{ print $1 }')")
551
766
552 # Calculate the amount of needed 512 Byte sectors
767 # Calculate the amount of needed 512 Byte sectors
553 TABLE_SECTORS=$(expr 1 \* 1024 \* 1024 \/ 512)
768 TABLE_SECTORS=$(expr 1 \* 1024 \* 1024 \/ 512)
554 FRMW_SECTORS=$(expr 64 \* 1024 \* 1024 \/ 512)
769 FRMW_SECTORS=$(expr 64 \* 1024 \* 1024 \/ 512)
555 ROOT_OFFSET=$(expr ${TABLE_SECTORS} + ${FRMW_SECTORS})
770 ROOT_OFFSET=$(expr "${TABLE_SECTORS}" + "${FRMW_SECTORS}")
556
771
557 # The root partition is EXT4
772 # The root partition is EXT4
558 # This means more space than the actual used space of the chroot is used.
773 # This means more space than the actual used space of the chroot is used.
559 # As overhead for journaling and reserved blocks 35% are added.
774 # As overhead for journaling and reserved blocks 35% are added.
560 ROOT_SECTORS=$(expr $(expr ${CHROOT_SIZE} + ${CHROOT_SIZE} \/ 100 \* 35) \* 1024 \/ 512)
775 ROOT_SECTORS=$(expr "$(expr "${CHROOT_SIZE}" + "${CHROOT_SIZE}" \/ 100 \* 35)" \* 1024 \/ 512)
561
776
562 # Calculate required image size in 512 Byte sectors
777 # Calculate required image size in 512 Byte sectors
563 IMAGE_SECTORS=$(expr ${TABLE_SECTORS} + ${FRMW_SECTORS} + ${ROOT_SECTORS})
778 IMAGE_SECTORS=$(expr "${TABLE_SECTORS}" + "${FRMW_SECTORS}" + "${ROOT_SECTORS}")
564
779
565 # Prepare image file
780 # Prepare image file
566 if [ "$ENABLE_SPLITFS" = true ] ; then
781 if [ "$ENABLE_SPLITFS" = true ] ; then
567 dd if=/dev/zero of="$IMAGE_NAME-frmw.img" bs=512 count=${TABLE_SECTORS}
782 dd if=/dev/zero of="$IMAGE_NAME-frmw.img" bs=512 count="${TABLE_SECTORS}"
568 dd if=/dev/zero of="$IMAGE_NAME-frmw.img" bs=512 count=0 seek=${FRMW_SECTORS}
783 dd if=/dev/zero of="$IMAGE_NAME-frmw.img" bs=512 count=0 seek="${FRMW_SECTORS}"
569 dd if=/dev/zero of="$IMAGE_NAME-root.img" bs=512 count=${TABLE_SECTORS}
784 dd if=/dev/zero of="$IMAGE_NAME-root.img" bs=512 count="${TABLE_SECTORS}"
570 dd if=/dev/zero of="$IMAGE_NAME-root.img" bs=512 count=0 seek=${ROOT_SECTORS}
785 dd if=/dev/zero of="$IMAGE_NAME-root.img" bs=512 count=0 seek="${ROOT_SECTORS}"
571
786
572 # Write firmware/boot partition tables
787 # Write firmware/boot partition tables
573 sfdisk -q -L -uS -f "$IMAGE_NAME-frmw.img" 2> /dev/null <<EOM
788 sfdisk -q -L -uS -f "$IMAGE_NAME-frmw.img" 2> /dev/null <<EOM
574 ${TABLE_SECTORS},${FRMW_SECTORS},c,*
789 ${TABLE_SECTORS},${FRMW_SECTORS},c,*
575 EOM
790 EOM
576
791
577 # Write root partition table
792 # Write root partition table
578 sfdisk -q -L -uS -f "$IMAGE_NAME-root.img" 2> /dev/null <<EOM
793 sfdisk -q -L -uS -f "$IMAGE_NAME-root.img" 2> /dev/null <<EOM
579 ${TABLE_SECTORS},${ROOT_SECTORS},83
794 ${TABLE_SECTORS},${ROOT_SECTORS},83
580 EOM
795 EOM
581
796
582 # Setup temporary loop devices
797 # Setup temporary loop devices
583 FRMW_LOOP="$(losetup -o 1M --sizelimit 64M -f --show $IMAGE_NAME-frmw.img)"
798 FRMW_LOOP="$(losetup -o 1M --sizelimit 64M -f --show "$IMAGE_NAME"-frmw.img)"
584 ROOT_LOOP="$(losetup -o 1M -f --show $IMAGE_NAME-root.img)"
799 ROOT_LOOP="$(losetup -o 1M -f --show "$IMAGE_NAME"-root.img)"
585 else # ENABLE_SPLITFS=false
800 else # ENABLE_SPLITFS=false
586 dd if=/dev/zero of="$IMAGE_NAME.img" bs=512 count=${TABLE_SECTORS}
801 dd if=/dev/zero of="$IMAGE_NAME.img" bs=512 count="${TABLE_SECTORS}"
587 dd if=/dev/zero of="$IMAGE_NAME.img" bs=512 count=0 seek=${IMAGE_SECTORS}
802 dd if=/dev/zero of="$IMAGE_NAME.img" bs=512 count=0 seek="${IMAGE_SECTORS}"
588
803
589 # Write partition table
804 # Write partition table
590 sfdisk -q -L -uS -f "$IMAGE_NAME.img" 2> /dev/null <<EOM
805 sfdisk -q -L -uS -f "$IMAGE_NAME.img" 2> /dev/null <<EOM
591 ${TABLE_SECTORS},${FRMW_SECTORS},c,*
806 ${TABLE_SECTORS},${FRMW_SECTORS},c,*
592 ${ROOT_OFFSET},${ROOT_SECTORS},83
807 ${ROOT_OFFSET},${ROOT_SECTORS},83
593 EOM
808 EOM
594
809
595 # Setup temporary loop devices
810 # Setup temporary loop devices
596 FRMW_LOOP="$(losetup -o 1M --sizelimit 64M -f --show $IMAGE_NAME.img)"
811 FRMW_LOOP="$(losetup -o 1M --sizelimit 64M -f --show "$IMAGE_NAME".img)"
597 ROOT_LOOP="$(losetup -o 65M -f --show $IMAGE_NAME.img)"
812 ROOT_LOOP="$(losetup -o 65M -f --show "$IMAGE_NAME".img)"
598 fi
813 fi
599
814
600 if [ "$ENABLE_CRYPTFS" = true ] ; then
815 if [ "$ENABLE_CRYPTFS" = true ] ; then
601 # Create dummy ext4 fs
816 # Create dummy ext4 fs
602 mkfs.ext4 "$ROOT_LOOP"
817 mkfs.ext4 "$ROOT_LOOP"
603
818
604 # Setup password keyfile
819 # Setup password keyfile
605 touch .password
820 touch .password
606 chmod 600 .password
821 chmod 600 .password
607 echo -n ${CRYPTFS_PASSWORD} > .password
822 echo -n ${CRYPTFS_PASSWORD} > .password
608
823
609 # Initialize encrypted partition
824 # Initialize encrypted partition
610 echo "YES" | cryptsetup luksFormat "${ROOT_LOOP}" -c "${CRYPTFS_CIPHER}" -s "${CRYPTFS_XTSKEYSIZE}" .password
825 echo "YES" | cryptsetup luksFormat "${ROOT_LOOP}" -c "${CRYPTFS_CIPHER}" -s "${CRYPTFS_XTSKEYSIZE}" .password
611
826
612 # Open encrypted partition and setup mapping
827 # Open encrypted partition and setup mapping
613 cryptsetup luksOpen "${ROOT_LOOP}" -d .password "${CRYPTFS_MAPPING}"
828 cryptsetup luksOpen "${ROOT_LOOP}" -d .password "${CRYPTFS_MAPPING}"
614
829
615 # Secure delete password keyfile
830 # Secure delete password keyfile
616 shred -zu .password
831 shred -zu .password
617
832
618 # Update temporary loop device
833 # Update temporary loop device
619 ROOT_LOOP="/dev/mapper/${CRYPTFS_MAPPING}"
834 ROOT_LOOP="/dev/mapper/${CRYPTFS_MAPPING}"
620
835
621 # Wipe encrypted partition (encryption cipher is used for randomness)
836 # Wipe encrypted partition (encryption cipher is used for randomness)
622 dd if=/dev/zero of="${ROOT_LOOP}" bs=512 count=$(blockdev --getsz "${ROOT_LOOP}")
837 dd if=/dev/zero of="${ROOT_LOOP}" bs=512 count="$(blockdev --getsz "${ROOT_LOOP}")"
623 fi
838 fi
624
839
625 # Build filesystems
840 # Build filesystems
626 mkfs.vfat "$FRMW_LOOP"
841 mkfs.vfat "$FRMW_LOOP"
627 mkfs.ext4 "$ROOT_LOOP"
842 mkfs.ext4 "$ROOT_LOOP"
628
843
629 # Mount the temporary loop devices
844 # Mount the temporary loop devices
630 mkdir -p "$BUILDDIR/mount"
845 mkdir -p "$BUILDDIR/mount"
631 mount "$ROOT_LOOP" "$BUILDDIR/mount"
846 mount "$ROOT_LOOP" "$BUILDDIR/mount"
632
847
633 mkdir -p "$BUILDDIR/mount/boot/firmware"
848 mkdir -p "$BUILDDIR/mount/boot/firmware"
634 mount "$FRMW_LOOP" "$BUILDDIR/mount/boot/firmware"
849 mount "$FRMW_LOOP" "$BUILDDIR/mount/boot/firmware"
635
850
636 # Copy all files from the chroot to the loop device mount point directory
851 # Copy all files from the chroot to the loop device mount point directory
637 rsync -a "${R}/" "$BUILDDIR/mount/"
852 rsync -a "${R}/" "$BUILDDIR/mount/"
638
853
639 # Unmount all temporary loop devices and mount points
854 # Unmount all temporary loop devices and mount points
640 cleanup
855 cleanup
641
856
642 # Create block map file(s) of image(s)
857 # Create block map file(s) of image(s)
643 if [ "$ENABLE_SPLITFS" = true ] ; then
858 if [ "$ENABLE_SPLITFS" = true ] ; then
644 # Create block map files for "bmaptool"
859 # Create block map files for "bmaptool"
645 bmaptool create -o "$IMAGE_NAME-frmw.bmap" "$IMAGE_NAME-frmw.img"
860 bmaptool create -o "$IMAGE_NAME-frmw.bmap" "$IMAGE_NAME-frmw.img"
646 bmaptool create -o "$IMAGE_NAME-root.bmap" "$IMAGE_NAME-root.img"
861 bmaptool create -o "$IMAGE_NAME-root.bmap" "$IMAGE_NAME-root.img"
647
862
648 # Image was successfully created
863 # Image was successfully created
649 echo "$IMAGE_NAME-frmw.img ($(expr \( ${TABLE_SECTORS} + ${FRMW_SECTORS} \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
864 echo "$IMAGE_NAME-frmw.img ($(expr \( "${TABLE_SECTORS}" + "${FRMW_SECTORS}" \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
650 echo "$IMAGE_NAME-root.img ($(expr \( ${TABLE_SECTORS} + ${ROOT_SECTORS} \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
865 echo "$IMAGE_NAME-root.img ($(expr \( "${TABLE_SECTORS}" + "${ROOT_SECTORS}" \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
651 else
866 else
652 # Create block map file for "bmaptool"
867 # Create block map file for "bmaptool"
653 bmaptool create -o "$IMAGE_NAME.bmap" "$IMAGE_NAME.img"
868 bmaptool create -o "$IMAGE_NAME.bmap" "$IMAGE_NAME.img"
654
869
655 # Image was successfully created
870 # Image was successfully created
656 echo "$IMAGE_NAME.img ($(expr \( ${TABLE_SECTORS} + ${FRMW_SECTORS} + ${ROOT_SECTORS} \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
871 echo "$IMAGE_NAME.img ($(expr \( "${TABLE_SECTORS}" + "${FRMW_SECTORS}" + "${ROOT_SECTORS}" \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
872
873 # Create qemu qcow2 image
874 if [ "$ENABLE_QEMU" = true ] ; then
875 QEMU_IMAGE=${QEMU_IMAGE:=${BASEDIR}/qemu/${DATE}-${KERNEL_ARCH}-CURRENT-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}}
876 QEMU_SIZE=16G
877
878 qemu-img convert -f raw -O qcow2 "$IMAGE_NAME".img "$QEMU_IMAGE".qcow2
879 qemu-img resize "$QEMU_IMAGE".qcow2 $QEMU_SIZE
880
881 echo "$QEMU_IMAGE.qcow2 ($QEMU_SIZE)" ": successfully created"
882 fi
657 fi
883 fi
@@ -1,80 +1,181
1
1 Configuration file raspife2 Stretch IFÉ 2017/02/24
2 Configuration file raspife2 Stretch IFÉ 2017/02/24
2 #
3 #
3 APT_SERVER=ftp.fr.debian.org
4 APT_SERVER=ftp.fr.debian.org
4 APT_INCLUDES="gnupg,gnupg2,firmware-realtek,firmware-linux-nonfree,firmware-linux,tightvncserver,build-essentia$
5 APT_INCLUDES="gnupg,gnupg2,firmware-realtek,firmware-linux-nonfree,firmware-linux,tightvncserver,build-essentia$
5 bison,libboost-all-dev,automake,autoconf,autogen,libtool,pkg-config,checkinstall,python3,python3-dev,menulibre,$
6 bison,libboost-all-dev,automake,autoconf,autogen,libtool,pkg-config,checkinstall,python3,python3-dev,menulibre,$
6 libnotify-bin,python,python-configobj,python-cheetah,python-imaging,python-serial,python-usb,python-dev,\
7 libnotify-bin,python,python-configobj,python-cheetah,python-imaging,python-serial,python-usb,python-dev,\
7 pcre2-utils,libpcre++-dev,libpcre2-dev,libjpeg-dev,jed,i2c-tools,python-smbus,policykit-1,usbutils,\
8 pcre2-utils,libpcre++-dev,libpcre2-dev,libjpeg-dev,jed,i2c-tools,python-smbus,policykit-1,usbutils,\
8 pmount,python-pip,python3-pip,geany,geany-plugin-py,geany-plugin-markdown,firefox-esr,firefox-esr-l10n-fr,\
9 pmount,python-pip,python3-pip,geany,geany-plugin-py,geany-plugin-markdown,firefox-esr,firefox-esr-l10n-fr,\
9 icedtea-8-plugin,openjdk-8-jdk,openjdk-8-jre,openjdk-8-jre-headless,libqtwebkit-dev,libqt5webkit5-dev,\
10 icedtea-8-plugin,openjdk-8-jdk,openjdk-8-jre,openjdk-8-jre-headless,libqtwebkit-dev,libqt5webkit5-dev,\
10 libudev-dev,libzzip-dev,zlib1g-dev,libcanberra-gtk-module,libnss-myhostname,libfreetype6-dev,libpng16-16,\
11 libudev-dev,libzzip-dev,zlib1g-dev,libcanberra-gtk-module,libnss-myhostname,libfreetype6-dev,libpng16-16,\
11 lxsession,openbox-lxde-session,lxde"
12 lxsession,openbox-lxde-session,lxde"
12 #----------------------
13 #----------------------
13 RPI_MODEL=2
14 RPI_MODEL=2
14 RELEASE="stretch"
15 RELEASE="stretch"
15 HOSTNAME="raspife2"
16 HOSTNAME="raspife2"
16 PASSWORD="***********"
17 PASSWORD="***********"
17 USER_PASSWORD="**************"
18 USER_PASSWORD="**************"
18 DEFLOCAL="fr_FR.UTF-8"
19 DEFLOCAL="fr_FR.UTF-8"
19 TIMEZONE="Europe/Paris"
20 TIMEZONE="Europe/Paris"
20 EXPANDROOT=false
21 EXPANDROOT=false
21 #-----------------------
22 #-----------------------
22 XKB_MODEL="pc105"
23 XKB_MODEL="pc105"
23 XKB_LAYOUT="fr"
24 XKB_LAYOUT="fr"
24 XKB_VARIANT="latin9"
25 XKB_VARIANT="latin9"
25 XKB_OPTIONS=""
26 XKB_OPTIONS=""
26 #------------------------
27 #------------------------
27 ENABLE_DHCP=true
28 ENABLE_DHCP=true
28 #------------------------
29 #------------------------
29 ENABLE_CONSOLE=true
30 ENABLE_CONSOLE=true
30 ENABLE_I2C=true
31 ENABLE_I2C=true
31 ENABLE_SPI=true
32 ENABLE_SPI=true
32 ENABLE_IPV6=true
33 ENABLE_IPV6=true
33 ENABLE_SSHD=true
34 ENABLE_SSHD=true
34 ENABLE_NONFREE=true
35 ENABLE_NONFREE=true
35 ENABLE_WIRELESS=false
36 ENABLE_WIRELESS=false
36 ENABLE_RSYSLOG=true
37 ENABLE_RSYSLOG=true
37 ENABLE_SOUND=true
38 ENABLE_SOUND=true
38 ENABLE_HWRANDOM=true
39 ENABLE_HWRANDOM=true
39 ENABLE_MINGPU=true
40 ENABLE_MINGPU=true
40 ENABLE_DBUS=true
41 ENABLE_DBUS=true
41 ENABLE_XORG=true
42 ENABLE_XORG=true
42 ENABLE_WM="lxdm"
43 ENABLE_WM="lxdm"
43 #------------------------
44 #------------------------
44 ENABLE_MINBASE=false
45 ENABLE_MINBASE=false
45 ENABLE_REDUCE=false
46 ENABLE_REDUCE=false
46 ENABLE_UBOOT=false
47 ENABLE_UBOOT=false
47 ENABLE_FBTURBO=true
48 ENABLE_FBTURBO=true
48 ENABLE_IPTABLES=false
49 ENABLE_IPTABLES=false
49 ENABLE_USER=true
50 ENABLE_USER=true
50 USER_NAME=ens-ife
51 USER_NAME=ens-ife
51 ENABLE_ROOT=true
52 ENABLE_ROOT=true
52 ENABLE_HARDNET=true
53 ENABLE_HARDNET=true
53 ENABLE_INITRAMFS=true
54 ENABLE_INITRAMFS=true
54 ENABLE_IFNAMES=true
55 ENABLE_IFNAMES=true
55 #------------------------
56 #------------------------
56 ENABLE_ROOT_SSH=false
57 ENABLE_ROOT_SSH=false
57 SSH_LIMIT_USERS=false
58 SSH_LIMIT_USERS=false
58 SSH_ROOT_PUB_KEY="/home/********/.ssh/authorized_keys"
59 SSH_ROOT_PUB_KEY="/home/********/.ssh/authorized_keys"
59 SSH_USER_PUB_KEY="/home/********/.ssh/authorized_keys"
60 SSH_USER_PUB_KEY="/home/********/.ssh/authorized_keys"
60 #------------------------
61 #------------------------
61 BUILD_KERNEL=true
62 BUILD_KERNEL=true
62 KERNEL_REDUCE=false
63 KERNEL_REDUCE=false
63 KERNEL_HEADERS=true
64 KERNEL_HEADERS=true
64 KERNEL_REMOVESRC=true
65 KERNEL_REMOVESRC=true
65 KERNELSRC_CLEAN=true
66 KERNELSRC_CLEAN=true
66 KERNELSRC_CONFIG=true
67 KERNELSRC_CONFIG=true
67 #------------------------
68 #------------------------
68 REDUCE_APT=false
69 REDUCE_APT=false
69 REDUCE_DOC=true
70 REDUCE_DOC=true
70 REDUCE_MAN=false
71 REDUCE_MAN=false
71 REDUCE_HWDB=true
72 REDUCE_HWDB=true
72 REDUCE_BASH=false
73 REDUCE_BASH=false
73 REDUCE_SSHD=false
74 REDUCE_SSHD=false
74 REDUCE_LOCALE=false
75 REDUCE_LOCALE=false
75 #-------------------------
76 #-------------------------
76 ENABLE_CRYPTFS=false
77 ENABLE_CRYPTFS=false
77 #-------------------------
78 #-------------------------
78 BASEDIR=/media/********/images/${RELEASE}
79 BASEDIR=/media/********/images/${RELEASE}
79 DATE=date
80 DATE=date
80 +%Y-%m-%d IMAGE_NAME=${BASEDIR}/${DATE}-rpi${RPI_MODEL}-${RELEASE}
81 +%Y-%m-%d
82 IMAGE_NAME=${BASEDIR}/${DATE}-rpi${RPI_MODEL}-${RELEASE}
83 =======
84 # Configuration file raspi2 Stretch IFÉ 2017/12/28
85 #
86 APT_SERVER=debian.mirrors.ovh.net
87 APT_INCLUDES=""
88 APT_INCLUDES_LATE="gnupg,firmware-linux-nonfree,firmware-linux,dh-autoreconf,\
89 gettext,build-essential,git,cmake,libjson-c-dev,unzip,usbutils,\
90 bison,libboost-all-dev,automake,autoconf,autogen,libtool,libtool-bin,\
91 pkg-config,checkinstall,menulibre,libnotify-bin,pandoc,\
92 python3,python3-dev,python3-pypandoc,python3-scipy,python3-tk,python3-pandocfilters,\
93 python3-geopy,python3-pip,\
94 python,python-dev,python-pypandoc,python-scipy,python-tk,python-pandocfilters,\
95 python-geopy,python-pip,python-tk,pandoc,\
96 python-configobj,python-cheetah,python-imaging,python-serial,python-usb,\
97 pcre2-utils,libpcre++-dev,libpcre2-dev,libjpeg-dev,i2c-tools,python-smbus,policykit-1,\
98 pmount,ntpdate,ntp,rsync,\
99 texlive,texlive-xetex,nginx-extras,ffmpeg,wicd,wicd-gtk,console-data,keyboard-configuration,\
100 libqtwebkit-dev,libqt5webkit5-dev,\
101 libudev-dev,libzzip-dev,zlib1g-dev,libcanberra-gtk-module,libnss-myhostname,libfreetype6-dev,libpng16-16,\
102 nmap,libltdl-dev,dbus-user-session,debian-archive-keyring,\
103 xutils-dev,lxsession,openbox-lxde-session,lxde,x11proto-randr-dev,lxrandr,\
104 tightvncserver,geany,geany-plugin-py,firefox-esr,firefox-esr-l10n-fr,jed,terminator,automake"
105 #ca-certificates-java,icedtea-plugin,icedtea-netx,\
106 #openjdk-8-jdk,openjdk-8-jre,openjdk-8-jre-headless,\
107 #openjdk-9-jdk,openjdk-9-jre,openjdk-9-jre-headless"
108 #----------------------
109 RPI_MODEL=2
110 RELEASE="stretch"
111 RELEASE_ARCH="armhf"
112 HOSTNAME="raspife2"
113 PASSWORD="*****"
114 USER_PASSWORD="*****"
115 DEFLOCAL="fr_FR.UTF-8"
116 TIMEZONE="Europe/Paris"
117 EXPANDROOT=false
118 #-----------------------
119 XKB_MODEL="pc105"
120 XKB_LAYOUT="fr"
121 XKB_VARIANT="latin9"
122 XKB_OPTIONS=""
123 #------------------------
124 ENABLE_DHCP=true
125 #------------------------
126 ENABLE_CONSOLE=false
127 ENABLE_I2C=true
128 ENABLE_SPI=true
129 ENABLE_IPV6=true
130 ENABLE_SSHD=true
131 ENABLE_NONFREE=true
132 ENABLE_WIRELESS=false
133 ENABLE_RSYSLOG=true
134 ENABLE_SOUND=true
135 ENABLE_HWRANDOM=true
136 ENABLE_MINGPU=true
137 ENABLE_DBUS=true
138 ENABLE_XORG=true
139 ENABLE_WM="lxdm"
140 #------------------------
141 ENABLE_MINBASE=false
142 ENABLE_REDUCE=false
143 ENABLE_UBOOT=false
144 ENABLE_FBTURBO=true
145 ENABLE_IPTABLES=false
146 ENABLE_USER=true
147 USER_NAME=ens-ife
148 ENABLE_ROOT=true
149 ENABLE_HARDNET=true
150 ENABLE_INITRAMFS=true
151 ENABLE_IFNAMES=true
152 #------------------------
153 ENABLE_ROOT_SSH=false
154 SSH_LIMIT_USERS=false
155 SSH_ROOT_PUB_KEY="/home/*****/.ssh/id_rsa.pub"
156 SSH_USER_PUB_KEY="/home/*****/.ssh/id_rsa.pub"
157 #------------------------
158 BUILD_KERNEL=true
159 KERNEL_BRANCH=rpi-4.13.y
160 KERNEL_REDUCE=false
161 KERNEL_HEADERS=true
162 KERNEL_REMOVESRC=true
163 KERNELSRC_CLEAN=true
164 KERNELSRC_CONFIG=true
165 #------------------------
166 REDUCE_APT=false
167 REDUCE_DOC=true
168 REDUCE_MAN=false
169 REDUCE_HWDB=true
170 REDUCE_BASH=false
171 REDUCE_SSHD=false
172 REDUCE_LOCALE=false
173 #-------------------------
174 ENABLE_CRYPTFS=false
175 #-------------------------
176 BASEDIR=/data/RpiGenImage/Images/${RELEASE}
177 #BASEDIR=/media/*******/*********/Nano-Ordinateurs/RaspberryPi/RpiGenImage/Images/${RELEASE}
178 DATE=`date +%Y-%m-%d`
179 IMAGE_NAME=${BASEDIR}/${DATE}-rpi${RPI_MODEL}-${RELEASE}
180
181
@@ -1,98 +1,100
1
1 # Configuration file raspi3 Buster IFÉ 2017/11/01
2 # Configuration file raspi3 Buster IFÉ 2017/11/01
3
2 #
4 #
3 APT_SERVER=debian.mirrors.ovh.net
5 APT_SERVER=debian.mirrors.ovh.net
4 APT_INCLUDES=""
6 APT_INCLUDES=""
5 APT_INCLUDES_LATE="gnupg,firmware-linux-nonfree,firmware-linux,dh-autoreconf,\
7 APT_INCLUDES_LATE="gnupg,firmware-linux-nonfree,firmware-linux,dh-autoreconf,\
6 gettext,build-essential,git,cmake,libjson-c-dev,unzip,usbutils,\
8 gettext,build-essential,git,cmake,libjson-c-dev,unzip,usbutils,\
7 bison,libboost-all-dev,automake,autoconf,autogen,libtool,libtool-bin,\
9 bison,libboost-all-dev,automake,autoconf,autogen,libtool,libtool-bin,\
8 pkg-config,checkinstall,menulibre,libnotify-bin,pandoc,\
10 pkg-config,checkinstall,menulibre,libnotify-bin,pandoc,\
9 python3,python3-dev,python3-pypandoc,python3-scipy,python3-tk,python3-pandocfilters,\
11 python3,python3-dev,python3-pypandoc,python3-scipy,python3-tk,python3-pandocfilters,\
10 python3-geopy,python3-pip,\
12 python3-geopy,python3-pip,\
11 python,python-dev,python-pypandoc,python-scipy,python-tk,python-pandocfilters,\
13 python,python-dev,python-pypandoc,python-scipy,python-tk,python-pandocfilters,\
12 python-geopy,python-pip,python-tk,pandoc,\
14 python-geopy,python-pip,python-tk,pandoc,\
13 python-configobj,python-cheetah,python-imaging,python-serial,python-usb,\
15 python-configobj,python-cheetah,python-imaging,python-serial,python-usb,\
14 pcre2-utils,libpcre++-dev,libpcre2-dev,libjpeg-dev,i2c-tools,python-smbus,policykit-1,\
16 pcre2-utils,libpcre++-dev,libpcre2-dev,libjpeg-dev,i2c-tools,python-smbus,policykit-1,\
15 pmount,ntpdate,ntp,rsync,\
17 pmount,ntpdate,ntp,rsync,\
16 texlive,texlive-xetex,nginx-extras,ffmpeg,wicd,wicd-gtk,console-data,keyboard-configuration,\
18 texlive,texlive-xetex,nginx-extras,ffmpeg,wicd,wicd-gtk,console-data,keyboard-configuration,\
17 libqtwebkit-dev,libqt5webkit5-dev,\
19 libqtwebkit-dev,libqt5webkit5-dev,\
18 libudev-dev,libzzip-dev,zlib1g-dev,libcanberra-gtk-module,libnss-myhostname,libfreetype6-dev,libpng16-16,\
20 libudev-dev,libzzip-dev,zlib1g-dev,libcanberra-gtk-module,libnss-myhostname,libfreetype6-dev,libpng16-16,\
19 nmap,libltdl-dev,dbus-user-session,debian-archive-keyring,\
21 nmap,libltdl-dev,dbus-user-session,debian-archive-keyring,\
20 xutils-dev,lxsession,openbox-lxde-session,lxde,x11proto-randr-dev,lxrandr,\
22 xutils-dev,lxsession,openbox-lxde-session,lxde,x11proto-randr-dev,lxrandr,\
21 tightvncserver,geany,geany-plugin-py,firefox-esr,firefox-esr-l10n-fr,jed,terminator,automake"
23 tightvncserver,geany,geany-plugin-py,firefox-esr,firefox-esr-l10n-fr,jed,terminator,automake"
22 #ca-certificates-java,icedtea-plugin,icedtea-netx,\
24 #ca-certificates-java,icedtea-plugin,icedtea-netx,\
23 #openjdk-8-jdk,openjdk-8-jre,openjdk-8-jre-headless,\
25 #openjdk-8-jdk,openjdk-8-jre,openjdk-8-jre-headless,\
24 #openjdk-9-jdk,openjdk-9-jre,openjdk-9-jre-headless"
26 #openjdk-9-jdk,openjdk-9-jre,openjdk-9-jre-headless"
25 #----------------------
27 #----------------------
26 RPI_MODEL=3
28 RPI_MODEL=3
27 RELEASE="buster"
29 RELEASE="buster"
28 RELEASE_ARCH="armhf"
30 RELEASE_ARCH="armhf"
29 HOSTNAME="raspife3"
31 HOSTNAME="raspife3"
30 PASSWORD="***********"
32 PASSWORD="***********"
31 USER_PASSWORD="*************"
33 USER_PASSWORD="*************"
32 DEFLOCAL="fr_FR.UTF-8"
34 DEFLOCAL="fr_FR.UTF-8"
33 TIMEZONE="Europe/Paris"
35 TIMEZONE="Europe/Paris"
34 EXPANDROOT=false
36 EXPANDROOT=false
35 #-----------------------
37 #-----------------------
36 XKB_MODEL="pc105"
38 XKB_MODEL="pc105"
37 XKB_LAYOUT="fr"
39 XKB_LAYOUT="fr"
38 XKB_VARIANT="latin9"
40 XKB_VARIANT="latin9"
39 XKB_OPTIONS=""
41 XKB_OPTIONS=""
40 #------------------------
42 #------------------------
41 ENABLE_DHCP=true
43 ENABLE_DHCP=true
42 #------------------------
44 #------------------------
43 ENABLE_CONSOLE=false
45 ENABLE_CONSOLE=false
44 ENABLE_I2C=true
46 ENABLE_I2C=true
45 ENABLE_SPI=true
47 ENABLE_SPI=true
46 ENABLE_IPV6=true
48 ENABLE_IPV6=true
47 ENABLE_SSHD=true
49 ENABLE_SSHD=true
48 ENABLE_NONFREE=true
50 ENABLE_NONFREE=true
49 ENABLE_WIRELESS=true
51 ENABLE_WIRELESS=true
50 ENABLE_RSYSLOG=true
52 ENABLE_RSYSLOG=true
51 ENABLE_SOUND=true
53 ENABLE_SOUND=true
52 ENABLE_HWRANDOM=true
54 ENABLE_HWRANDOM=true
53 ENABLE_MINGPU=true
55 ENABLE_MINGPU=true
54 ENABLE_DBUS=true
56 ENABLE_DBUS=true
55 ENABLE_XORG=true
57 ENABLE_XORG=true
56 ENABLE_WM="lxdm"
58 ENABLE_WM="lxdm"
57 #------------------------
59 #------------------------
58 ENABLE_MINBASE=false
60 ENABLE_MINBASE=false
59 ENABLE_REDUCE=false
61 ENABLE_REDUCE=false
60 ENABLE_UBOOT=false
62 ENABLE_UBOOT=false
61 ENABLE_FBTURBO=true
63 ENABLE_FBTURBO=true
62 ENABLE_IPTABLES=false
64 ENABLE_IPTABLES=false
63 ENABLE_USER=true
65 ENABLE_USER=true
64 USER_NAME=ens-ife
66 USER_NAME=ens-ife
65 ENABLE_ROOT=true
67 ENABLE_ROOT=true
66 ENABLE_HARDNET=true
68 ENABLE_HARDNET=true
67 ENABLE_INITRAMFS=true
69 ENABLE_INITRAMFS=true
68 ENABLE_IFNAMES=true
70 ENABLE_IFNAMES=true
69 #------------------------
71 #------------------------
70 ENABLE_ROOT_SSH=false
72 ENABLE_ROOT_SSH=false
71 SSH_LIMIT_USERS=false
73 SSH_LIMIT_USERS=false
72 SSH_ROOT_PUB_KEY="/home/*****/.ssh/authorized_keys"
74 SSH_ROOT_PUB_KEY="/home/*****/.ssh/authorized_keys"
73 SSH_USER_PUB_KEY="/home/*****/.ssh/authorized_keys"
75 SSH_USER_PUB_KEY="/home/*****/.ssh/authorized_keys"
74 #------------------------
76 #------------------------
75 BUILD_KERNEL=true
77 BUILD_KERNEL=true
76 KERNEL_BRANCH=rpi-4.13.y
78 KERNEL_BRANCH=rpi-4.13.y
77 KERNEL_REDUCE=false
79 KERNEL_REDUCE=false
78 KERNEL_HEADERS=true
80 KERNEL_HEADERS=true
79 KERNEL_REMOVESRC=true
81 KERNEL_REMOVESRC=true
80 KERNELSRC_CLEAN=true
82 KERNELSRC_CLEAN=true
81 KERNELSRC_CONFIG=true
83 KERNELSRC_CONFIG=true
82 #------------------------
84 #------------------------
83 REDUCE_APT=false
85 REDUCE_APT=false
84 REDUCE_DOC=true
86 REDUCE_DOC=true
85 REDUCE_MAN=false
87 REDUCE_MAN=false
86 REDUCE_HWDB=true
88 REDUCE_HWDB=true
87 REDUCE_BASH=false
89 REDUCE_BASH=false
88 REDUCE_SSHD=false
90 REDUCE_SSHD=false
89 REDUCE_LOCALE=false
91 REDUCE_LOCALE=false
90 #-------------------------
92 #-------------------------
91 ENABLE_CRYPTFS=false
93 ENABLE_CRYPTFS=false
92 #-------------------------
94 #-------------------------
93 BASEDIR=/data/RpiGenImage/Images/${RELEASE}
95 BASEDIR=/data/RpiGenImage/Images/${RELEASE}
94 #BASEDIR=/media/*******/*********/Nano-Ordinateurs/RaspberryPi/RpiGenImage/Images/${RELEASE}
96 #BASEDIR=/media/*******/*********/Nano-Ordinateurs/RaspberryPi/RpiGenImage/Images/${RELEASE}
95 DATE=`date +%Y-%m-%d`
97 DATE=`date +%Y-%m-%d`
96 IMAGE_NAME=${BASEDIR}/${DATE}-rpi${RPI_MODEL}-${RELEASE}
98 IMAGE_NAME=${BASEDIR}/${DATE}-rpi${RPI_MODEL}-${RELEASE}
97
99
98
100
@@ -1,91 +1,92
1
1 # Configuration file raspi3 Stretch IFÉ 2017/07/26
2 # Configuration file raspi3 Stretch IFÉ 2017/07/26
2 #
3 #
3 APT_SERVER=ftp.fr.debian.org
4 APT_SERVER=ftp.fr.debian.org
4 APT_INCLUDES="gnupg,gnupg2,firmware-linux-nonfree,firmware-linux,dh-autoreconf,\
5 APT_INCLUDES="gnupg,gnupg2,firmware-linux-nonfree,firmware-linux,dh-autoreconf,\
5 gettext,build-essential,git,cmake,libjson-c-dev,unzip,usbutils,\
6 gettext,build-essential,git,cmake,libjson-c-dev,unzip,usbutils,\
6 bison,libboost-all-dev,automake,autoconf,autogen,libtool,libtool-bin,\
7 bison,libboost-all-dev,automake,autoconf,autogen,libtool,libtool-bin,\
7 pkg-config,checkinstall,menulibre,libnotify-bin,pandoc,\
8 pkg-config,checkinstall,menulibre,libnotify-bin,pandoc,\
8 python3,python3-dev,python3-pypandoc,python3-scipy,python3-tk,python3-pandocfilters,\
9 python3,python3-dev,python3-pypandoc,python3-scipy,python3-tk,python3-pandocfilters,\
9 python,python-dev,python-pypandoc,python-scipy,python-tk,python-pandocfilters,\
10 python,python-dev,python-pypandoc,python-scipy,python-tk,python-pandocfilters,\
10 python3-geopy,python3-pip,\
11 python3-geopy,python3-pip,\
11 python-geopy,python-pip,\
12 python-geopy,python-pip,\
12 python-configobj,python-cheetah,python-imaging,python-serial,python-usb,\
13 python-configobj,python-cheetah,python-imaging,python-serial,python-usb,\
13 pcre2-utils,libpcre++-dev,libpcre2-dev,libjpeg-dev,jed,i2c-tools,python-smbus,policykit-1,\
14 pcre2-utils,libpcre++-dev,libpcre2-dev,libjpeg-dev,jed,i2c-tools,python-smbus,policykit-1,\
14 pmount,ntpdate,\
15 pmount,ntpdate,\
15 texlive,texlive-xetex,nginx-extras,ffmpeg,wicd,wicd-gtk,console-data,keyboard-configuration,\
16 texlive,texlive-xetex,nginx-extras,ffmpeg,wicd,wicd-gtk,console-data,keyboard-configuration,\
16 icedtea-8-plugin,openjdk-8-jdk,openjdk-8-jre,openjdk-8-jre-headless,libqtwebkit-dev,libqt5webkit5-dev,\
17 icedtea-8-plugin,openjdk-8-jdk,openjdk-8-jre,openjdk-8-jre-headless,libqtwebkit-dev,libqt5webkit5-dev,\
17 libudev-dev,libzzip-dev,zlib1g-dev,libcanberra-gtk-module,libnss-myhostname,libfreetype6-dev,libpng16-16,\
18 libudev-dev,libzzip-dev,zlib1g-dev,libcanberra-gtk-module,libnss-myhostname,libfreetype6-dev,libpng16-16,\
18 nmap,libltdl-dev,dbus-user-session,debian-archive-keyring,\
19 nmap,libltdl-dev,dbus-user-session,debian-archive-keyring,\
19 xutils-dev,lxsession,openbox-lxde-session,lxde,x11proto-randr-dev,lxrandr,\
20 xutils-dev,lxsession,openbox-lxde-session,lxde,x11proto-randr-dev,lxrandr,\
20 tightvncserver,geany,geany-plugin-py,geany-plugin-markdown,firefox-esr,firefox-esr-l10n-fr"
21 tightvncserver,geany,geany-plugin-py,geany-plugin-markdown,firefox-esr,firefox-esr-l10n-fr"
21 #----------------------
22 #----------------------
22 RPI_MODEL=3
23 RPI_MODEL=3
23 RELEASE="stretch"
24 RELEASE="stretch"
24 HOSTNAME="raspife3"
25 HOSTNAME="raspife3"
25 PASSWORD="**************"
26 PASSWORD="**************"
26 USER_PASSWORD="***************"
27 USER_PASSWORD="***************
27 DEFLOCAL="fr_FR.UTF-8"
28 DEFLOCAL="fr_FR.UTF-8"
28 TIMEZONE="Europe/Paris"
29 TIMEZONE="Europe/Paris"
29 EXPANDROOT=false
30 EXPANDROOT=false
30 #-----------------------
31 #-----------------------
31 XKB_MODEL="pc105"
32 XKB_MODEL="pc105"
32 XKB_LAYOUT="fr"
33 XKB_LAYOUT="fr"
33 XKB_VARIANT="latin9"
34 XKB_VARIANT="latin9"
34 XKB_OPTIONS=""
35 XKB_OPTIONS=""
35 #------------------------
36 #------------------------
36 ENABLE_DHCP=true
37 ENABLE_DHCP=true
37 #------------------------
38 #------------------------
38 ENABLE_CONSOLE=false
39 ENABLE_CONSOLE=false
39 ENABLE_I2C=true
40 ENABLE_I2C=true
40 ENABLE_SPI=true
41 ENABLE_SPI=true
41 ENABLE_IPV6=true
42 ENABLE_IPV6=true
42 ENABLE_SSHD=true
43 ENABLE_SSHD=true
43 ENABLE_NONFREE=true
44 ENABLE_NONFREE=true
44 ENABLE_WIRELESS=true
45 ENABLE_WIRELESS=true
45 ENABLE_RSYSLOG=true
46 ENABLE_RSYSLOG=true
46 ENABLE_SOUND=true
47 ENABLE_SOUND=true
47 ENABLE_HWRANDOM=true
48 ENABLE_HWRANDOM=true
48 ENABLE_MINGPU=true
49 ENABLE_MINGPU=true
49 ENABLE_DBUS=true
50 ENABLE_DBUS=true
50 ENABLE_XORG=true
51 ENABLE_XORG=true
51 ENABLE_WM="lxdm"
52 ENABLE_WM="lxdm"
52 #------------------------
53 #------------------------
53 ENABLE_MINBASE=false
54 ENABLE_MINBASE=false
54 ENABLE_REDUCE=false
55 ENABLE_REDUCE=false
55 ENABLE_UBOOT=false
56 ENABLE_UBOOT=false
56 ENABLE_FBTURBO=true
57 ENABLE_FBTURBO=true
57 ENABLE_IPTABLES=false
58 ENABLE_IPTABLES=false
58 ENABLE_USER=true
59 ENABLE_USER=true
59 USER_NAME=ens-ife
60 USER_NAME=ens-ife
60 ENABLE_ROOT=true
61 ENABLE_ROOT=true
61 ENABLE_HARDNET=true
62 ENABLE_HARDNET=true
62 ENABLE_INITRAMFS=true
63 ENABLE_INITRAMFS=true
63 ENABLE_IFNAMES=true
64 ENABLE_IFNAMES=true
64 #------------------------
65 #------------------------
65 ENABLE_ROOT_SSH=false
66 ENABLE_ROOT_SSH=false
66 SSH_LIMIT_USERS=false
67 SSH_LIMIT_USERS=fal
67 SSH_ROOT_PUB_KEY="/home/*******/.ssh/authorized_keys"
68 SSH_ROOT_PUB_KEY="/home/*******/.ssh/authorized_keys"
68 SSH_USER_PUB_KEY="/home/*******/.ssh/authorized_keys"
69 SSH_USER_PUB_KEY="/home/*******/.ssh/authorized_keys"
69 #------------------------
70 #------------------------
70 BUILD_KERNEL=true
71 BUILD_KERNEL=true
71 KERNEL_REDUCE=false
72 KERNEL_REDUCE=false
72 KERNEL_HEADERS=true
73 KERNEL_HEADERS=true
73 KERNEL_REMOVESRC=true
74 KERNEL_REMOVESRC=true
74 KERNELSRC_CLEAN=true
75 KERNELSRC_CLEAN=true
75 KERNELSRC_CONFIG=true
76 KERNELSRC_CONFIG=true
76 #------------------------
77 #------------------------
77 REDUCE_APT=false
78 REDUCE_APT=false
78 REDUCE_DOC=true
79 REDUCE_DOC=true
79 REDUCE_MAN=false
80 REDUCE_MAN=false
80 REDUCE_HWDB=true
81 REDUCE_HWDB=true
81 REDUCE_BASH=false
82 REDUCE_BASH=false
82 REDUCE_SSHD=false
83 REDUCE_SSHD=false
83 REDUCE_LOCALE=false
84 REDUCE_LOCALE=false
84 #-------------------------
85 #-------------------------
85 ENABLE_CRYPTFS=false
86 ENABLE_CRYPTFS=false
86 #-------------------------
87 #-------------------------
87 BASEDIR=/data/RpiGenImage/Images/${RELEASE}
88 BASEDIR=/data/RpiGenImage/Images/${RELEASE}
88 DATE=`date +%Y-%m-%d`
89 DATE=`date +%Y-%m-%d`
89 IMAGE_NAME=${BASEDIR}/${DATE}-rpi${RPI_MODEL}-${RELEASE}
90 IMAGE_NAME=${BASEDIR}/${DATE}-rpi${RPI_MODEL}-${RELEASE}
90
91
91
92
@@ -1,89 +1,91
1
1 # Configuration file raspi3 Stretch Weewx IFÉ 2017/07/26
2 # Configuration file raspi3 Stretch Weewx IFÉ 2017/07/26
2 #
3 #
3 APT_SERVER=ftp.fr.debian.org
4 APT_SERVER=ftp.fr.debian.org
4 APT_INCLUDES="debian-archive-keyring,debian-keyring,automake,autoconf,autogen,gawk,gnupg,gnupg2,\
5 APT_INCLUDES="debian-archive-keyring,debian-keyring,automake,autoconf,autogen,gawk,gnupg,gnupg2,\
5 build-essential,git,cmake,libjson-c-dev,unzip,\
6 build-essential,git,cmake,libjson-c-dev,unzip,\
6 bison,libboost-all-dev,libtool,libtool-bin,pkg-config,checkinstall,libnotify-bin,pandoc,\
7 bison,libboost-all-dev,libtool,libtool-bin,pkg-config,checkinstall,libnotify-bin,pandoc,\
7 python3,python3-dev,python,python-dev,python-configobj,python-cheetah,python-mysqldb\
8 python3,python3-dev,python,python-dev,python-configobj,python-cheetah,python-mysqldb\
8 python-imaging,python-serial,python-usb,python-tk,python3-tk,python3-scipy,\
9 python-imaging,python-serial,python-usb,python-tk,python3-tk,python3-scipy,\
9 python-pypandoc,python3-pypandoc,python-pandocfilters,python3-pandocfilters,\
10 python-pypandoc,python3-pypandoc,python-pandocfilters,python3-pandocfilters,\
10 python-geopy,python3-geopy,python-pip,python3-pip,python-smbus,\
11 python-geopy,python3-geopy,python-pip,python3-pip,python-smbus,\
11 libudev-dev,libzzip-dev,zlib1g-dev,libnss-myhostname,libpng16-16,nmap,\
12 libudev-dev,libzzip-dev,zlib1g-dev,libnss-myhostname,libpng16-16,nmap,\
12 libltdl-dev,usbutils,pmount,ntpdate,texlive,texlive-xetex,nginx-extras,policykit-1,\
13 libltdl-dev,usbutils,pmount,ntpdate,texlive,texlive-xetex,nginx-extras,policykit-1,\
13 openjdk-8-jdk-headless,openjdk-8-jre-headless,\
14 openjdk-8-jdk-headless,openjdk-8-jre-headless,\
14 pcre2-utils,libpcre++-dev,libpcre2-dev,libjpeg-dev,i2c-tools"
15 pcre2-utils,libpcre++-dev,libpcre2-dev,libjpeg-dev,i2c-tools"
15 #----------------------
16 #----------------------
16 RPI_MODEL=3
17 RPI_MODEL=3
17 RELEASE="stretch"
18 RELEASE="stretch"
18 HOSTNAME="raspwife3"
19 HOSTNAME="raspwife3"
19 PASSWORD="************"
20 PASSWORD="************"
20 USER_PASSWORD="************"
21 USER_PASSWORD="************"
22
21 DEFLOCAL="fr_FR.UTF-8"
23 DEFLOCAL="fr_FR.UTF-8"
22 TIMEZONE="Europe/Paris"
24 TIMEZONE="Europe/Paris"
23 EXPANDROOT=false
25 EXPANDROOT=false
24 #-----------------------
26 #-----------------------
25 XKB_MODEL="pc105"
27 XKB_MODEL="pc105"
26 XKB_LAYOUT="fr"
28 XKB_LAYOUT="fr"
27 XKB_VARIANT="latin9"
29 XKB_VARIANT="latin9"
28 XKB_OPTIONS=""
30 XKB_OPTIONS=""
29 #------------------------
31 #------------------------
30 ENABLE_DHCP=false
32 ENABLE_DHCP=false
31 NET_ADDRESS="192.168.***.***/24"
33 NET_ADDRESS="192.168.***.***/24"
32 NET_GATEWAY="192.168.***.1"
34 NET_GATEWAY="192.168.***.1"
33 NET_DNS_1="192.168.***.1"
35 NET_DNS_1="192.168.***.1"
34 NET_DNS_2="8.8.8.8"
36 NET_DNS_2="8.8.8.8"
35 #------------------------
37 #------------------------
36 ENABLE_CONSOLE=false
38 ENABLE_CONSOLE=false
37 ENABLE_I2C=true
39 ENABLE_I2C=true
38 ENABLE_SPI=true
40 ENABLE_SPI=true
39 ENABLE_IPV6=true
41 ENABLE_IPV6=true
40 ENABLE_SSHD=true
42 ENABLE_SSHD=true
41 ENABLE_NONFREE=true
43 ENABLE_NONFREE=true
42 ENABLE_WIRELESS=true
44 ENABLE_WIRELESS=true
43 ENABLE_RSYSLOG=true
45 ENABLE_RSYSLOG=true
44 ENABLE_SOUND=true
46 ENABLE_SOUND=true
45 ENABLE_HWRANDOM=true
47 ENABLE_HWRANDOM=true
46 ENABLE_MINGPU=true
48 ENABLE_MINGPU=true
47 ENABLE_DBUS=true
49 ENABLE_DBUS=true
48 ENABLE_XORG=false
50 ENABLE_XORG=false
49 ENABLE_WM=""
51 ENABLE_WM=""
50 #------------------------
52 #------------------------
51 ENABLE_MINBASE=false
53 ENABLE_MINBASE=false
52 ENABLE_REDUCE=false
54 ENABLE_REDUCE=false
53 ENABLE_UBOOT=false
55 ENABLE_UBOOT=false
54 ENABLE_FBTURBO=false
56 ENABLE_FBTURBO=false
55 ENABLE_IPTABLES=false
57 ENABLE_IPTABLES=false
56 ENABLE_USER=true
58 ENABLE_USER=true
57 USER_NAME=ens-ife
59 USER_NAME=ens-ife
58 ENABLE_ROOT=true
60 ENABLE_ROOT=true
59 ENABLE_HARDNET=true
61 ENABLE_HARDNET=true
60 ENABLE_INITRAMFS=true
62 ENABLE_INITRAMFS=true
61 ENABLE_IFNAMES=true
63 ENABLE_IFNAMES=true
62 #------------------------
64 #------------------------
63 ENABLE_ROOT_SSH=false
65 ENABLE_ROOT_SSH=false
64 SSH_LIMIT_USERS=false
66 SSH_LIMIT_USERS=false
65 SSH_ROOT_PUB_KEY="/home/*******/.ssh/authorized_keys"
67 SSH_ROOT_PUB_KEY="/home/*******/.ssh/authorized_keys"
66 SSH_USER_PUB_KEY="/home/*******/.ssh/authorized_keys"
68 SSH_USER_PUB_KEY="/home/*******/.ssh/authorized_keys"
67 #------------------------
69 #------------------------
68 BUILD_KERNEL=true
70 BUILD_KERNEL=true
69 KERNEL_REDUCE=false
71 KERNEL_REDUCE=false
70 KERNEL_HEADERS=true
72 KERNEL_HEADERS=true
71 KERNEL_REMOVESRC=true
73 KERNEL_REMOVESRC=true
72 KERNELSRC_CLEAN=true
74 KERNELSRC_CLEAN=true
73 KERNELSRC_CONFIG=true
75 KERNELSRC_CONFIG=true
74 #------------------------
76 #------------------------
75 REDUCE_APT=false
77 REDUCE_APT=false
76 REDUCE_DOC=true
78 REDUCE_DOC=true
77 REDUCE_MAN=false
79 REDUCE_MAN=false
78 REDUCE_HWDB=true
80 REDUCE_HWDB=true
79 REDUCE_BASH=false
81 REDUCE_BASH=false
80 REDUCE_SSHD=false
82 REDUCE_SSHD=false
81 REDUCE_LOCALE=false
83 REDUCE_LOCALE=false
82 #-------------------------
84 #-------------------------
83 ENABLE_CRYPTFS=false
85 ENABLE_CRYPTFS=false
84 #-------------------------
86 #-------------------------
85 BASEDIR=/data/RpiGenImage/Images/${RELEASE}
87 BASEDIR=/data/RpiGenImage/Images/${RELEASE}
86 DATE=`date +%Y-%m-%d`
88 DATE=`date +%Y-%m-%d`
87 IMAGE_NAME=${BASEDIR}/${DATE}-rpiw${RPI_MODEL}-${RELEASE}
89 IMAGE_NAME=${BASEDIR}/${DATE}-rpiw${RPI_MODEL}-${RELEASE}
88
90
89
91
@@ -1,4 +1,4
1 # Configuration template file used by rpi23-gen-image.sh
1 # Configuration template file used by rpi23-gen-image.sh
2 RPI_MODEL=3
2 RPI_MODEL=3
3 RELEASE=jessie
3 RELEASE=buster
4 BUILD_KERNEL=true
4 BUILD_KERNEL=true
@@ -1,3 +1,4
1 # Configuration template file used by rpi23-gen-image.sh
1 # Configuration template file used by rpi23-gen-image.sh
2 RPI_MODEL=2
2 RELEASE=stretch
3 RELEASE=stretch
3 BUILD_KERNEL=true
4 BUILD_KERNEL=true
@@ -1,15 +1,15
1 # Configuration template file used by rpi23-gen-image.sh
1 # Configuration template file used by rpi23-gen-image.sh
2 # Debian Stretch using the Arm64 for kernel compilation and Debian distribution.
2 # Debian Stretch using the Arm64 for kernel compilation and Debian distribution.
3
3
4 RPI_MODEL=3
4 RPI_MODEL=3
5 RELEASE=stretch
5 RELEASE=stretch
6 BUILD_KERNEL=true
6 BUILD_KERNEL=true
7 KERNEL_ARCH=arm64
7 KERNEL_ARCH=arm64
8 RELEASE_ARCH=arm64
8 RELEASE_ARCH=arm64
9 CROSS_COMPILE=aarch64-linux-gnu-
9 CROSS_COMPILE=aarch64-linux-gnu-
10 QEMU_BINARY=/usr/bin/qemu-aarch64-static
10 QEMU_BINARY=/usr/bin/qemu-aarch64-static
11 KERNEL_DEFCONFIG=bcmrpi3_defconfig
11 KERNEL_DEFCONFIG=bcmrpi3_defconfig
12 KERNEL_BIN_IMAGE=Image
12 KERNEL_BIN_IMAGE=Image
13 KERNEL_IMAGE=kernel8.img
13 KERNEL_IMAGE=kernel8.img
14 KERNEL_BRANCH=rpi-4.11.y
14 KERNEL_BRANCH=rpi-4.14.y
15 ENABLE_WIRELESS=true
15 ENABLE_WIRELESS=true
@@ -1,4 +1,6
1 # Configuration template file used by rpi23-gen-image.sh
1 # Configuration template file used by rpi23-gen-image.sh
2 RPI_MODEL=3
2 RPI_MODEL=3
3 RELEASE=buster
3 RELEASE=buster
4 BUILD_KERNEL=true
4 BUILD_KERNEL=true
5 # ENABLE_WIRELESS=false
6 # ENABLE_BLUETOOTH=false
@@ -1,4 +1,6
1 # Configuration template file used by rpi23-gen-image.sh
1 # Configuration template file used by rpi23-gen-image.sh
2 RPI_MODEL=3
2 RPI_MODEL=3
3 RELEASE=stretch
3 RELEASE=stretch
4 BUILD_KERNEL=true
4 BUILD_KERNEL=true
5 # ENABLE_WIRELESS=false
6 # ENABLE_BLUETOOTH=false
1 NO CONTENT: file was removed
NO CONTENT: file was removed
1 NO CONTENT: file was removed
NO CONTENT: file was removed
General Comments 0
Vous devez vous connecter pour laisser un commentaire. Se connecter maintenant