@@ -0,0 +1,56 | |||
|
1 | # | |
|
2 | # Setup videocore - Raspberry Userland | |
|
3 | # | |
|
4 | ||
|
5 | # Load utility functions | |
|
6 | . ./functions.sh | |
|
7 | ||
|
8 | if [ "$ENABLE_VIDEOCORE" = true ] ; then | |
|
9 | # Copy existing videocore sources into chroot directory | |
|
10 | if [ -n "$VIDEOCORESRC_DIR" ] && [ -d "$VIDEOCORESRC_DIR" ] ; then | |
|
11 | # Copy local videocore sources | |
|
12 | cp -r "${VIDEOCORESRC_DIR}" "${R}/tmp/userland" | |
|
13 | else | |
|
14 | # Create temporary directory for videocore sources | |
|
15 | temp_dir=$(as_nobody mktemp -d) | |
|
16 | ||
|
17 | # Fetch videocore sources | |
|
18 | as_nobody git -C "${temp_dir}" clone "${VIDEOCORE_URL}" | |
|
19 | ||
|
20 | # Copy downloaded videocore sources | |
|
21 | mv "${temp_dir}/userland" "${R}/tmp/" | |
|
22 | ||
|
23 | # Set permissions of the U-Boot sources | |
|
24 | chown -R root:root "${R}/tmp/userland" | |
|
25 | ||
|
26 | # Remove temporary directory for U-Boot sources | |
|
27 | rm -fr "${temp_dir}" | |
|
28 | fi | |
|
29 | ||
|
30 | # Create build dir | |
|
31 | mkdir "${R}"/tmp/userland/build | |
|
32 | ||
|
33 | # push us to build directory | |
|
34 | cd "${R}"/tmp/userland/build | |
|
35 | ||
|
36 | if [ "$RELEASE_ARCH" = "arm64" ] ; then | |
|
37 | cmake -DCMAKE_SYSTEM_NAME=Linux -DCMAKE_BUILD_TYPE=release -DARM64=ON -DCMAKE_C_COMPILER=aarch64-linux-gnu-gcc -DCMAKE_CXX_COMPILER=aarch64-linux-gnu-g++ -DCMAKE_ASM_COMPILER=aarch64-linux-gnu-gcc -DCMAKE_C_FLAGS="${CMAKE_C_FLAGS} -U_FORTIFY_SOURCE" -DCMAKE_ASM_FLAGS="${CMAKE_ASM_FLAGS} -c" -DVIDEOCORE_BUILD_DIR="${R}" "${R}/tmp/userland" | |
|
38 | fi | |
|
39 | ||
|
40 | if [ "$RELEASE_ARCH" = "armel" ] ; then | |
|
41 | cmake -DCMAKE_SYSTEM_NAME=Linux -DCMAKE_BUILD_TYPE=release -DCMAKE_C_COMPILER=arm-linux-gnueabi-gcc -DCMAKE_CXX_COMPILER=arm-linux-gnueabi-g++ -DCMAKE_ASM_COMPILER=arm-linux-gnueabi-gcc -DCMAKE_C_FLAGS="${CMAKE_C_FLAGS} -U_FORTIFY_SOURCE" -DCMAKE_ASM_FLAGS="${CMAKE_ASM_FLAGS} -c" -DCMAKE_SYSTEM_PROCESSOR="arm" -DVIDEOCORE_BUILD_DIR="${R}" "${R}/tmp/userland" | |
|
42 | fi | |
|
43 | ||
|
44 | if [ "$RELEASE_ARCH" = "armhf" ] ; then | |
|
45 | cmake -DCMAKE_SYSTEM_NAME=Linux -DCMAKE_BUILD_TYPE=release -DCMAKE_TOOLCHAIN_FILE="${R}"/tmp/userland/makefiles/cmake/toolchains/arm-linux-gnueabihf.cmake -DVIDEOCORE_BUILD_DIR="${R}" "${R}/tmp/userland" | |
|
46 | fi | |
|
47 | ||
|
48 | #build userland | |
|
49 | make -j "$(nproc)" | |
|
50 | ||
|
51 | #back to root of scriptdir | |
|
52 | cd "${WORKDIR}" | |
|
53 | ||
|
54 | # Remove videocore sources | |
|
55 | rm -fr "${R}"/tmp/userland/ | |
|
56 | fi |
@@ -0,0 +1,97 | |||
|
1 | #!/bin/sh | |
|
2 | # | |
|
3 | # Build and Setup nexmon with monitor mode patch | |
|
4 | # | |
|
5 | ||
|
6 | # Load utility functions | |
|
7 | . ./functions.sh | |
|
8 | ||
|
9 | if [ "$ENABLE_NEXMON" = true ] && [ "$ENABLE_WIRELESS" = true ]; then | |
|
10 | # Copy existing nexmon sources into chroot directory | |
|
11 | if [ -n "$NEXMONSRC_DIR" ] && [ -d "$NEXMONSRC_DIR" ] ; then | |
|
12 | # Copy local U-Boot sources | |
|
13 | cp -r "${NEXMONSRC_DIR}" "${R}/tmp" | |
|
14 | else | |
|
15 | # Create temporary directory for nexmon sources | |
|
16 | temp_dir=$(as_nobody mktemp -d) | |
|
17 | ||
|
18 | # Fetch nexmon sources | |
|
19 | as_nobody git -C "${temp_dir}" clone "${NEXMON_URL}" | |
|
20 | ||
|
21 | # Copy downloaded nexmon sources | |
|
22 | mv "${temp_dir}/nexmon" "${R}"/tmp/ | |
|
23 | ||
|
24 | # Set permissions of the nexmon sources | |
|
25 | chown -R root:root "${R}"/tmp/nexmon | |
|
26 | ||
|
27 | # Remove temporary directory for nexmon sources | |
|
28 | rm -fr "${temp_dir}" | |
|
29 | fi | |
|
30 | ||
|
31 | # Set script Root | |
|
32 | export NEXMON_ROOT="${R}"/tmp/nexmon | |
|
33 | ||
|
34 | # Build nexmon firmware outside the build system, if we can. | |
|
35 | cd "${NEXMON_ROOT}" || exit | |
|
36 | ||
|
37 | # Make ancient isl build | |
|
38 | cd buildtools/isl-0.10 || exit | |
|
39 | ./configure | |
|
40 | make | |
|
41 | cd ../.. || exit | |
|
42 | ||
|
43 | # Disable statistics | |
|
44 | touch DISABLE_STATISTICS | |
|
45 | ||
|
46 | # Setup Enviroment: see https://github.com/NoobieDog/nexmon/blob/master/setup_env.sh | |
|
47 | export KERNEL="${KERNEL_IMAGE}" | |
|
48 | export ARCH=arm | |
|
49 | export SUBARCH=arm | |
|
50 | export CC="${NEXMON_ROOT}"/buildtools/gcc-arm-none-eabi-5_4-2016q2-linux-x86/bin/arm-none-eabi- | |
|
51 | export CC="${CC}"gcc | |
|
52 | export CCPLUGIN="${NEXMON_ROOT}"/buildtools/gcc-nexmon-plugin/nexmon.so | |
|
53 | export ZLIBFLATE="zlib-flate -compress" | |
|
54 | export Q=@ | |
|
55 | export NEXMON_SETUP_ENV=1 | |
|
56 | export HOSTUNAME=$(uname -s) | |
|
57 | export PLATFORMUNAME=$(uname -m) | |
|
58 | ||
|
59 | # Make nexmon | |
|
60 | make | |
|
61 | ||
|
62 | # build patches | |
|
63 | if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 3 ] ; then | |
|
64 | cd "${NEXMON_ROOT}"/patches/bcm43430a1/7_45_41_46/nexmon || exit | |
|
65 | sed -i -e 's/all:.*/all: $(RAM_FILE)/g' ${NEXMON_ROOT}/patches/bcm43430a1/7_45_41_46/nexmon/Makefile | |
|
66 | make clean | |
|
67 | ||
|
68 | # We do this so we don't have to install the ancient isl version into /usr/local/lib on systems. | |
|
69 | LD_LIBRARY_PATH="${NEXMON_ROOT}"/buildtools/isl-0.10/.libs make ARCH="${KERNEL_ARCH}" CC="${NEXMON_ROOT}"/buildtools/gcc-arm-none-eabi-5_4-2016q2-linux-x86/bin/arm-none-eabi- | |
|
70 | ||
|
71 | # copy RPi0W & RPi3 firmware | |
|
72 | mv "${WLAN_FIRMWARE_DIR}"/brcmfmac43430-sdio.bin "${WLAN_FIRMWARE_DIR}"/brcmfmac43430-sdio.org.bin | |
|
73 | cp "${NEXMON_ROOT}"/patches/bcm43430a1/7_45_41_46/nexmon/brcmfmac43430-sdio.bin "${WLAN_FIRMWARE_DIR}"/brcmfmac43430-sdio.nexmon.bin | |
|
74 | cp -f "${NEXMON_ROOT}"/patches/bcm43430a1/7_45_41_46/nexmon/brcmfmac43430-sdio.bin "${WLAN_FIRMWARE_DIR}"/brcmfmac43430-sdio.bin | |
|
75 | fi | |
|
76 | ||
|
77 | if [ "$RPI_MODEL" = 3P ] ; then | |
|
78 | cd "${NEXMON_ROOT}"/patches/bcm43455c0/7_45_154/nexmon || exit | |
|
79 | sed -i -e 's/all:.*/all: $(RAM_FILE)/g' ${NEXMON_ROOT}/patches/bcm43455c0/7_45_154/nexmon/Makefile | |
|
80 | make clean | |
|
81 | ||
|
82 | # We do this so we don't have to install the ancient isl version into /usr/local/lib on systems. | |
|
83 | LD_LIBRARY_PATH=${NEXMON_ROOT}/buildtools/isl-0.10/.libs make ARCH="${KERNEL_ARCH}" CC="${NEXMON_ROOT}"/buildtools/gcc-arm-none-eabi-5_4-2016q2-linux-x86/bin/arm-none-eabi- | |
|
84 | ||
|
85 | # RPi3B+ firmware | |
|
86 | mv "${WLAN_FIRMWARE_DIR}"/brcmfmac43455-sdio.bin "${WLAN_FIRMWARE_DIR}"/brcmfmac43455-sdio.org.bin | |
|
87 | cp "${NEXMON_ROOT}"/patches/bcm43455c0/7_45_154/nexmon/brcmfmac43455-sdio.bin "${WLAN_FIRMWARE_DIR}"/brcmfmac43455-sdio.nexmon.bin | |
|
88 | cp -f "${NEXMON_ROOT}"/patches/bcm43455c0/7_45_154/nexmon/brcmfmac43455-sdio.bin "${WLAN_FIRMWARE_DIR}"/brcmfmac43455-sdio.bin | |
|
89 | fi | |
|
90 | ||
|
91 | #Revert to previous directory | |
|
92 | cd "${WORKDIR}" || exit | |
|
93 | ||
|
94 | # Remove nexmon sources | |
|
95 | rm -fr "${NEXMON_ROOT}" | |
|
96 | ||
|
97 | fi |
@@ -0,0 +1,33 | |||
|
1 | SUBSYSTEM=="input", GROUP="input", MODE="0660" | |
|
2 | SUBSYSTEM=="i2c-dev", GROUP="i2c", MODE="0660" | |
|
3 | SUBSYSTEM=="spidev", GROUP="spi", MODE="0660" | |
|
4 | SUBSYSTEM=="bcm2835-gpiomem", GROUP="gpio", MODE="0660" | |
|
5 | ||
|
6 | SUBSYSTEM=="gpio", GROUP="gpio", MODE="0660" | |
|
7 | SUBSYSTEM=="gpio*", PROGRAM="/bin/sh -c '\ | |
|
8 | chown -R root:gpio /sys/class/gpio && chmod -R 770 /sys/class/gpio;\ | |
|
9 | chown -R root:gpio /sys/devices/virtual/gpio && chmod -R 770 /sys/devices/virtual/gpio;\ | |
|
10 | chown -R root:gpio /sys$devpath && chmod -R 770 /sys$devpath\ | |
|
11 | '" | |
|
12 | ||
|
13 | KERNEL=="ttyAMA[01]", PROGRAM="/bin/sh -c '\ | |
|
14 | ALIASES=/proc/device-tree/aliases; \ | |
|
15 | if cmp -s $ALIASES/uart0 $ALIASES/serial0; then \ | |
|
16 | echo 0;\ | |
|
17 | elif cmp -s $ALIASES/uart0 $ALIASES/serial1; then \ | |
|
18 | echo 1; \ | |
|
19 | else \ | |
|
20 | exit 1; \ | |
|
21 | fi\ | |
|
22 | '", SYMLINK+="serial%c" | |
|
23 | ||
|
24 | KERNEL=="ttyS0", PROGRAM="/bin/sh -c '\ | |
|
25 | ALIASES=/proc/device-tree/aliases; \ | |
|
26 | if cmp -s $ALIASES/uart1 $ALIASES/serial0; then \ | |
|
27 | echo 0; \ | |
|
28 | elif cmp -s $ALIASES/uart1 $ALIASES/serial1; then \ | |
|
29 | echo 1; \ | |
|
30 | else \ | |
|
31 | exit 1; \ | |
|
32 | fi \ | |
|
33 | '", SYMLINK+="serial%c" |
@@ -0,0 +1,5 | |||
|
1 | # Restart dphys-swapfile service if it exists | |
|
2 | logger -t "rc.firstboot" "Restarting dphys-swapfile" | |
|
3 | ||
|
4 | systemctl enable dphys-swapfile | |
|
5 | systemctl restart dphys-swapfile |
@@ -0,0 +1,45 | |||
|
1 | #!/bin/sh | |
|
2 | ||
|
3 | PREREQ="dropbear" | |
|
4 | ||
|
5 | prereqs() { | |
|
6 | echo "$PREREQ" | |
|
7 | } | |
|
8 | ||
|
9 | case "$1" in | |
|
10 | prereqs) | |
|
11 | prereqs | |
|
12 | exit 0 | |
|
13 | ;; | |
|
14 | esac | |
|
15 | ||
|
16 | . "${CONFDIR}/initramfs.conf" | |
|
17 | . /usr/share/initramfs-tools/hook-functions | |
|
18 | ||
|
19 | if [ "${DROPBEAR}" != "n" ] && [ -r "/etc/crypttab" ] ; then | |
|
20 | cat > "${DESTDIR}/bin/unlock" << EOF | |
|
21 | #!/bin/sh | |
|
22 | if PATH=/lib/unlock:/bin:/sbin /scripts/local-top/cryptroot; then | |
|
23 | kill \`ps | grep cryptroot | grep -v "grep" | awk '{print \$1}'\` | |
|
24 | # following line kill the remote shell right after the passphrase has | |
|
25 | # been entered. | |
|
26 | kill -9 \`ps | grep "\-sh" | grep -v "grep" | awk '{print \$1}'\` | |
|
27 | exit 0 | |
|
28 | fi | |
|
29 | exit 1 | |
|
30 | EOF | |
|
31 | ||
|
32 | chmod 755 "${DESTDIR}/bin/unlock" | |
|
33 | ||
|
34 | mkdir -p "${DESTDIR}/lib/unlock" | |
|
35 | cat > "${DESTDIR}/lib/unlock/plymouth" << EOF | |
|
36 | #!/bin/sh | |
|
37 | [ "\$1" == "--ping" ] && exit 1 | |
|
38 | /bin/plymouth "\$@" | |
|
39 | EOF | |
|
40 | ||
|
41 | chmod 755 "${DESTDIR}/lib/unlock/plymouth" | |
|
42 | ||
|
43 | echo To unlock root-partition run "unlock" >> ${DESTDIR}/etc/motd | |
|
44 | ||
|
45 | fi No newline at end of file |
@@ -0,0 +1,21 | |||
|
1 | add table ip filter | |
|
2 | add chain ip filter INPUT { type filter hook input priority 0; } | |
|
3 | add chain ip filter FORWARD { type filter hook forward priority 0; } | |
|
4 | add chain ip filter OUTPUT { type filter hook output priority 0; } | |
|
5 | add chain ip filter TCP | |
|
6 | add chain ip filter UDP | |
|
7 | add chain ip filter SSH | |
|
8 | add rule ip filter INPUT icmp type echo-request limit rate 30/minute burst 8 packets counter accept | |
|
9 | add rule ip filter INPUT icmp type echo-request counter drop | |
|
10 | add rule ip filter INPUT ct state related,established counter accept | |
|
11 | add rule ip filter INPUT iifname lo counter accept | |
|
12 | add rule ip filter INPUT ct state invalid counter drop | |
|
13 | add rule ip filter INPUT tcp dport 22 ct state new counter jump SSH | |
|
14 | # -t filter -A SSH -m recent --name sshbf --rttl --rcheck --hitcount 3 --seconds 10 -j DROP | |
|
15 | # -t filter -A SSH -m recent --name sshbf --rttl --rcheck --hitcount 20 --seconds 1800 -j DROP | |
|
16 | # -t filter -A SSH -m recent --name sshbf --set -j ACCEPT | |
|
17 | add rule ip filter INPUT ip protocol udp ct state new counter jump UDP | |
|
18 | add rule ip filter INPUT tcp flags & fin|syn|rst|ack == syn ct state new counter jump TCP | |
|
19 | add rule ip filter INPUT ip protocol udp counter reject | |
|
20 | add rule ip filter INPUT ip protocol tcp counter reject with tcp reset | |
|
21 | add rule ip filter INPUT counter reject with icmp type prot-unreachable |
@@ -0,0 +1,24 | |||
|
1 | add table ip6 filter | |
|
2 | add chain ip6 filter INPUT { type filter hook input priority 0; } | |
|
3 | add chain ip6 filter FORWARD { type filter hook forward priority 0; } | |
|
4 | add chain ip6 filter OUTPUT { type filter hook output priority 0; } | |
|
5 | add chain ip6 filter TCP | |
|
6 | add chain ip6 filter UDP | |
|
7 | add chain ip6 filter SSH | |
|
8 | add rule ip6 filter INPUT rt type 0 counter drop | |
|
9 | add rule ip6 filter OUTPUT rt type 0 counter drop | |
|
10 | add rule ip6 filter FORWARD rt type 0 counter drop | |
|
11 | add rule ip6 filter INPUT meta l4proto ipv6-icmp icmpv6 type echo-request limit rate 30/minute burst 8 packets counter accept | |
|
12 | add rule ip6 filter INPUT meta l4proto ipv6-icmp icmpv6 type echo-request counter drop | |
|
13 | add rule ip6 filter INPUT ct state related,established counter accept | |
|
14 | add rule ip6 filter INPUT iifname lo counter accept | |
|
15 | add rule ip6 filter INPUT ct state invalid counter drop | |
|
16 | add rule ip6 filter INPUT tcp dport 22 ct state new counter jump SSH | |
|
17 | # -t filter -A SSH -m recent --name sshbf --rttl --rcheck --hitcount 3 --seconds 10 -j DROP | |
|
18 | # -t filter -A SSH -m recent --name sshbf --rttl --rcheck --hitcount 20 --seconds 1800 -j DROP | |
|
19 | # -t filter -A SSH -m recent --name sshbf --set -j ACCEPT | |
|
20 | add rule ip6 filter INPUT meta l4proto udp ct state new counter jump UDP | |
|
21 | add rule ip6 filter INPUT tcp flags & fin|syn|rst|ack == syn ct state new counter jump TCP | |
|
22 | add rule ip6 filter INPUT meta l4proto udp counter reject with icmpv6 type admin-prohibited | |
|
23 | add rule ip6 filter INPUT meta l4proto tcp counter reject with icmpv6 type admin-prohibited | |
|
24 | add rule ip6 filter INPUT counter reject with icmpv6 type admin-prohibited |
@@ -0,0 +1,12 | |||
|
1 | [Match] | |
|
2 | Name=wlan0 | |
|
3 | ||
|
4 | [Network] | |
|
5 | DHCP=no | |
|
6 | Address= | |
|
7 | Gateway= | |
|
8 | DNS= | |
|
9 | DNS= | |
|
10 | Domains= | |
|
11 | NTP= | |
|
12 | NTP= |
@@ -0,0 +1,1 | |||
|
1 | kernel.printk = 3 4 1 3 No newline at end of file |
@@ -0,0 +1,5 | |||
|
1 | # Configuration template file used by rpi23-gen-image.sh | |
|
2 | RPI_MODEL=0 | |
|
3 | RELEASE=buster | |
|
4 | BUILD_KERNEL=true | |
|
5 | # ENABLE_BLUETOOTH=false |
@@ -0,0 +1,5 | |||
|
1 | # Configuration template file used by rpi23-gen-image.sh | |
|
2 | RPI_MODEL=0 | |
|
3 | RELEASE=stretch | |
|
4 | BUILD_KERNEL=true | |
|
5 | # ENABLE_BLUETOOTH=false |
@@ -0,0 +1,4 | |||
|
1 | # Configuration template file used by rpi23-gen-image.sh | |
|
2 | RPI_MODEL=1P | |
|
3 | RELEASE=buster | |
|
4 | BUILD_KERNEL=true |
@@ -0,0 +1,4 | |||
|
1 | # Configuration template file used by rpi23-gen-image.sh | |
|
2 | RPI_MODEL=1P | |
|
3 | RELEASE=stretch | |
|
4 | BUILD_KERNEL=true |
@@ -0,0 +1,4 | |||
|
1 | # Configuration template file used by rpi23-gen-image.sh | |
|
2 | RPI_MODEL=2 | |
|
3 | RELEASE=stretch | |
|
4 | BUILD_KERNEL=true |
@@ -0,0 +1,6 | |||
|
1 | # Configuration template file used by rpi23-gen-image.sh | |
|
2 | RPI_MODEL=3P | |
|
3 | RELEASE=buster | |
|
4 | BUILD_KERNEL=true | |
|
5 | # ENABLE_WIRELESS=false | |
|
6 | # ENABLE_BLUETOOTH=false |
@@ -0,0 +1,6 | |||
|
1 | # Configuration template file used by rpi23-gen-image.sh | |
|
2 | RPI_MODEL=3P | |
|
3 | RELEASE=stretch | |
|
4 | BUILD_KERNEL=true | |
|
5 | # ENABLE_WIRELESS=false | |
|
6 | # ENABLE_BLUETOOTH=false |
@@ -1,5 +1,5 | |||
|
1 | 1 | ## 介绍 |
|
2 |
`rpi23-gen-image.sh` 是一个自动生成树莓派2/3系统镜像的脚本工具, 当前支持自动生成32位 armhf 架构的Debian, 发行版本`jessie`, `stretch` 和 `buster`. 树莓派3 64位镜像需要使用特定的配置参数 (```templates/rpi3-stretch-arm64-4.1 |
|
|
2 | `rpi23-gen-image.sh` 是一个自动生成树莓派2/3系统镜像的脚本工具, 当前支持自动生成32位 armhf 架构的Debian, 发行版本`jessie`, `stretch` 和 `buster`. 树莓派3 64位镜像需要使用特定的配置参数 (```templates/rpi3-stretch-arm64-4.14.y```). | |
|
3 | 3 | |
|
4 | 4 | ## 构建环境所依赖的包 |
|
5 | 5 | 一定要安装好下列deb包, 他们是构建过程需要的核心包. 脚本会自动检查, 如果缺少,经用户确认后会自动安装. |
@@ -151,10 +151,10 CONFIG_TEMPLATE=rpi2stretch ./rpi23-gen-image.sh | |||
|
151 | 151 | 允许串行控制台接口. 没有连接显示器键盘的树莓派推荐打开, 此时如果网络无法连接至树莓派, 可以使用串行控制台连至系统. |
|
152 | 152 | |
|
153 | 153 | ##### `ENABLE_I2C`=false |
|
154 | 允许树莓派2/3的 I2C 接口. 请对照 [树莓派2/3 引脚示意图](http://elinux.org/RPi_Low-level_peripherals) 正确连接 GPIO 引脚. | |
|
154 | 允许树莓派2/3的 I2C 接口. 请对照 [树莓派2/3 引脚示意图](https://elinux.org/RPi_Low-level_peripherals) 正确连接 GPIO 引脚. | |
|
155 | 155 | |
|
156 | 156 | ##### `ENABLE_SPI`=false |
|
157 | 允许树莓派2/3的 SPI 接口. 请对照 [树莓派2/3 引脚示意图](http://elinux.org/RPi_Low-level_peripherals) 正确连接 GPIO 引脚. | |
|
157 | 允许树莓派2/3的 SPI 接口. 请对照 [树莓派2/3 引脚示意图](https://elinux.org/RPi_Low-level_peripherals) 正确连接 GPIO 引脚. | |
|
158 | 158 | |
|
159 | 159 | ##### `ENABLE_IPV6`=true |
|
160 | 160 | 允许 IPv6 . 通过 systemd-networkd 配置管理网络接口. |
@@ -199,10 +199,10 CONFIG_TEMPLATE=rpi2stretch ./rpi23-gen-image.sh | |||
|
199 | 199 | 卸载包、删除文件以减小体积 详情查看 `REDUCE_*` 参数. |
|
200 | 200 | |
|
201 | 201 | ##### `ENABLE_UBOOT`=false |
|
202 | 使用 [U-Boot 引导器](http://git.denx.de/?p=u-boot.git;a=summary) 替代树莓派2/3 默认的第二阶段引导器(bootcode.bin). U-Boot 可以通过网络使用 BOOTP/TFTP 协议引导镜像文件. | |
|
202 | 使用 [U-Boot 引导器](https://git.denx.de/?p=u-boot.git;a=summary) 替代树莓派2/3 默认的第二阶段引导器(bootcode.bin). U-Boot 可以通过网络使用 BOOTP/TFTP 协议引导镜像文件. | |
|
203 | 203 | |
|
204 | 204 | ##### `UBOOTSRC_DIR`="" |
|
205 | 存放已下载 [U-Boot 引导器源文件](http://git.denx.de/?p=u-boot.git;a=summary) 的目录(`u-boot`). | |
|
205 | 存放已下载 [U-Boot 引导器源文件](https://git.denx.de/?p=u-boot.git;a=summary) 的目录(`u-boot`). | |
|
206 | 206 | |
|
207 | 207 | ##### `ENABLE_FBTURBO`=false |
|
208 | 208 | 安装并且允许 [硬件加速的 Xorg 显卡驱动](https://github.com/ssvb/xf86-video-fbturbo) `fbturbo`. 当前仅支持窗口的移动和滚动的硬件加速. |
@@ -444,7 +444,7 bmaptool copy ./images/jessie/2017-01-23-rpi3-jessie-root.img /dev/sdc | |||
|
444 | 444 | * [Debian 交叉工具链 Wiki](https://wiki.debian.org/CrossToolchains) |
|
445 | 445 | * [Github上的树莓派官方固件](https://github.com/raspberrypi/firmware) |
|
446 | 446 | * [Github上的树莓派官方内核](https://github.com/raspberrypi/linux) |
|
447 | * [U-BOOT git 仓库](http://git.denx.de/?p=u-boot.git;a=summary) | |
|
447 | * [U-BOOT git 仓库](https://git.denx.de/?p=u-boot.git;a=summary) | |
|
448 | 448 | * [Xorg DDX fbturbo驱动](https://github.com/ssvb/xf86-video-fbturbo) |
|
449 | 449 | * [树莓派3无线接口固件](https://github.com/RPi-Distro/firmware-nonfree/tree/master/brcm80211/brcm) |
|
450 | 450 | * [Collabora 树莓派2预编译内核](https://repositories.collabora.co.uk/debian/) |
@@ -1,26 +1,19 | |||
|
1 | 1 | # rpi23-gen-image |
|
2 | 2 | ## Introduction |
|
3 | 3 | |
|
4 | ||
|
4 | 5 | `rpi23-gen-image.sh` is an advanced Debian Linux bootstrapping shell script for generating Debian OS images for Raspberry Pi 2 (RPi2) and Raspberry Pi 3 (RPi3) computers. The script at this time supports the bootstrapping of the Debian (armhf) releases `jessie`, `stretch` and `buster`. Raspberry Pi 3 images are generated for 32-bit mode only. Raspberry Pi 3 64-bit images can be generated using custom configuration parameters (```templates/rpi3-stretch-arm64-4.11.y```). |
|
5 | 6 | |
|
6 | 7 | |
|
8 | ||
|
7 | 9 | ## Build dependencies |
|
8 | 10 | The following list of Debian packages must be installed on the build system because they are essentially required for the bootstrapping process. The script will check if all required packages are installed and missing packages will be installed automatically if confirmed by the user. |
|
9 | 11 | |
|
10 | 12 | ```debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git bc psmisc dbus sudo``` |
|
11 | 13 | |
|
12 |
It is recommended to configure the `rpi23-gen-image.sh` script to build and install the latest Raspberry Pi Linux kernel. For the R |
|
|
13 | ||
|
14 | The script has been tested using the default `crossbuild-essential-armhf` toolchain meta package on Debian Linux `jessie` and `stretch` build systems. Please check the [Debian CrossToolchains Wiki](https://wiki.debian.org/CrossToolchains) for further information. | |
|
14 | It is recommended to configure the `rpi23-gen-image.sh` script to build and install the latest Raspberry Pi Linux kernel. For the Raspberry 3 this is mandatory. Kernel compilation and linking will be performed on the build system using an ARM (armhf/armel) cross-compiler toolchain. | |
|
15 | 15 | |
|
16 | If a Debian Linux `jessie` build system is used it will be required to add the [Debian Cross-toolchains repository](http://emdebian.org/tools/debian/) first: | |
|
17 | ||
|
18 | ``` | |
|
19 | echo "deb http://emdebian.org/tools/debian/ jessie main" > /etc/apt/sources.list.d/crosstools.list | |
|
20 | sudo -u nobody wget -O - http://emdebian.org/tools/debian/emdebian-toolchain-archive.key | apt-key add - | |
|
21 | dpkg --add-architecture armhf | |
|
22 | apt-get update | |
|
23 | ``` | |
|
16 | The script has been tested using the default `crossbuild-essential-armhf` and `crossbuild-essential-armel` toolchain meta packages on Debian Linux `stretch` build systems. Please check the [Debian CrossToolchains Wiki](https://wiki.debian.org/CrossToolchains) for further information. | |
|
24 | 17 | |
|
25 | 18 | ## Command-line parameters |
|
26 | 19 | The script accepts certain command-line parameters to enable or disable specific OS features, services and configuration settings. These parameters are passed to the `rpi23-gen-image.sh` script via (simple) shell-variables. Unlike environment shell-variables (simple) shell-variables are defined at the beginning of the command-line call of the `rpi23-gen-image.sh` script. |
@@ -57,22 +50,34 CONFIG_TEMPLATE=rpi2stretch ./rpi23-gen-image.sh | |||
|
57 | 50 | Set Debian packages server address. Choose a server from the list of Debian worldwide [mirror sites](https://www.debian.org/mirror/list). Using a nearby server will probably speed-up all required downloads within the bootstrapping process. |
|
58 | 51 | |
|
59 | 52 | ##### `APT_PROXY`="" |
|
60 | Set Proxy server address. Using a local Proxy-Cache like `apt-cacher-ng` will speed-up the bootstrapping process because all required Debian packages will only be downloaded from the Debian mirror site once. | |
|
53 | Set Proxy server address. Using a local Proxy-Cache like `apt-cacher-ng` will speed-up the bootstrapping process because all required Debian packages will only be downloaded from the Debian mirror site once. If `apt-cacher-ng` is running on default `http://127.0.0.1:3142` it is autodetected and you don't need to set this. | |
|
54 | ||
|
55 | ##### `KEEP_APT_PROXY`=false | |
|
56 | Keep the APT_PROXY settings used in the bootsrapping process in the generated image. | |
|
61 | 57 | |
|
62 | 58 | ##### `APT_INCLUDES`="" |
|
63 |
A comma |
|
|
59 | A comma-separated list of additional packages to be installed by debootstrap during bootstrapping. | |
|
64 | 60 | |
|
65 | 61 | ##### `APT_INCLUDES_LATE`="" |
|
66 |
A comma |
|
|
62 | A comma-separated list of additional packages to be installed by apt after bootstrapping and after APT sources are set up. This is useful for packages with pre-depends, which debootstrap do not handle well. | |
|
67 | 63 | |
|
68 | 64 | --- |
|
69 | 65 | |
|
70 | 66 | #### General system settings: |
|
67 | ##### `SET_ARCH`=32 | |
|
68 | Set Architecture to default 32bit. If you want to compile 64-bit (RPI3 or RPI3+) set it to `64`. This option will set every needed cross-compiler or board specific option for a successful build. | |
|
69 | ||
|
71 | 70 | ##### `RPI_MODEL`=2 |
|
72 |
Specif |
|
|
71 | Specify the target Raspberry Pi hardware model. The script at this time supports the following Raspberry Pi models: | |
|
72 | - `0` = Raspberry Pi 0 and Raspberry Pi 0 W | |
|
73 | - `1` = Raspberry Pi 1 model A and B | |
|
74 | - `1P` = Raspberry Pi 1 model B+ and A+ | |
|
75 | - `2` = Raspberry Pi 2 model B | |
|
76 | - `3` = Raspberry Pi 3 model B | |
|
77 | - `3P` = Raspberry Pi 3 model B+ | |
|
73 | 78 | |
|
74 |
##### `RELEASE`=" |
|
|
75 |
Set the desired Debian release name. The script at this time supports the bootstrapping of the Debian releases |
|
|
79 | ##### `RELEASE`="buster" | |
|
80 | Set the desired Debian release name. The script at this time supports the bootstrapping of the Debian releases `stretch` and `buster`. | |
|
76 | 81 | |
|
77 | 82 | ##### `RELEASE_ARCH`="armhf" |
|
78 | 83 | Set the desired Debian release architecture. |
@@ -95,6 +100,12 Set default system timezone. All available timezones can be found in the `/usr/s | |||
|
95 | 100 | ##### `EXPANDROOT`=true |
|
96 | 101 | Expand the root partition and filesystem automatically on first boot. |
|
97 | 102 | |
|
103 | ##### `ENABLE_DPHYSSWAP`=true | |
|
104 | Enable swap. The size of the swapfile is chosen relative to the size of the root partition. It'll use the `dphys-swapfile` package for that. | |
|
105 | ||
|
106 | ##### `ENABLE_QEMU`=false | |
|
107 | Generate kernel (`vexpress_defconfig`), file system image (`qcow2`) and DTB files that can be used for QEMU full system emulation (`vexpress-A15`). The output files are stored in the `$(pwd)/images/qemu` directory. You can find more information about running the generated image in the QEMU section of this readme file. | |
|
108 | ||
|
98 | 109 | --- |
|
99 | 110 | |
|
100 | 111 | #### Keyboard settings: |
@@ -115,7 +126,7 Set extra xkb configuration options. | |||
|
115 | 126 | --- |
|
116 | 127 | |
|
117 | 128 | #### Networking settings (DHCP): |
|
118 |
This parameter is used to set up networking auto |
|
|
129 | This parameter is used to set up networking auto-configuration in `/etc/systemd/network/eth.network`. The default location of network configuration files in the Debian `stretch` release was changed to `/lib/systemd/network`.` | |
|
119 | 130 | |
|
120 | 131 | ##### `ENABLE_DHCP`=true |
|
121 | 132 | Set the system to use DHCP. This requires an DHCP server. |
@@ -150,13 +161,25 Set the IP address for the second NTP server. | |||
|
150 | 161 | |
|
151 | 162 | #### Basic system features: |
|
152 | 163 | ##### `ENABLE_CONSOLE`=true |
|
153 | Enable serial console interface. Recommended if no monitor or keyboard is connected to the RPi2/3. In case of problems fe. if the network (auto) configuration failed - the serial console can be used to access the system. | |
|
164 | Enable serial console interface. Recommended if no monitor or keyboard is connected to the RPi2/3. In case of problems fe. if the network (auto) configuration failed - the serial console can be used to access the system. On RPI `0` `3` `3P` the CPU speed is locked at lowest speed. | |
|
165 | ||
|
166 | ##### `ENABLE_PRINTK`=false | |
|
167 | Enables printing kernel messages to konsole. printk is `3 4 1 3` as in raspbian. | |
|
168 | ||
|
169 | ##### `ENABLE_BLUETOOTH`=false | |
|
170 | Enable onboard Bluetooth interface on the RPi0/3/3P. See: [Configuring the GPIO serial port on Raspbian jessie and stretch](https://spellfoundry.com/2016/05/29/configuring-gpio-serial-port-raspbian-jessie-including-pi-3/). | |
|
171 | ||
|
172 | ##### `ENABLE_MINIUART_OVERLAY`=false | |
|
173 | Enable Bluetooth to use this. Adds overlay to swap UART0 with UART1. Enabling (slower) Bluetooth and full speed serial console. - RPI `0` `3` `3P` have a fast `hardware UART0` (ttyAMA0) and a `mini UART1` (ttyS0)! RPI `1` `1P` `2` only have a `hardware UART0`. `UART0` is considered better, because is faster and more stable than `mini UART1`. By default the Bluetooth modem is mapped to the `hardware UART0` and `mini UART` is used for console. The `mini UART` is a problem for the serial console, because its baudrate depends on the CPU frequency, which is changing on runtime. Resulting in a volatile baudrate and thus in an unusable serial console. | |
|
174 | ||
|
175 | ##### `ENABLE_TURBO`=false | |
|
176 | Enable Turbo mode. This setting locks cpu at the highest frequency. As setting ENABLE_CONSOLE=true locks RPI to lowest CPU speed, this is can be used additionally to lock cpu hat max speed. Need a good power supply and probably cooling for the Raspberry PI. | |
|
154 | 177 | |
|
155 | 178 | ##### `ENABLE_I2C`=false |
|
156 | Enable I2C interface on the RPi2/3. Please check the [RPi2/3 pinout diagrams](http://elinux.org/RPi_Low-level_peripherals) to connect the right GPIO pins. | |
|
179 | Enable I2C interface on the RPi 0/1/2/3. Please check the [RPi 0/1/2/3 pinout diagrams](https://elinux.org/RPi_Low-level_peripherals) to connect the right GPIO pins. | |
|
157 | 180 | |
|
158 | 181 | ##### `ENABLE_SPI`=false |
|
159 | Enable SPI interface on the RPi2/3. Please check the [RPi2/3 pinout diagrams](http://elinux.org/RPi_Low-level_peripherals) to connect the right GPIO pins. | |
|
182 | Enable SPI interface on the RPi 0/1/2/3. Please check the [RPi 0/1/2/3 pinout diagrams](https://elinux.org/RPi_Low-level_peripherals) to connect the right GPIO pins. | |
|
160 | 183 | |
|
161 | 184 | ##### `ENABLE_IPV6`=true |
|
162 | 185 | Enable IPv6 support. The network interface configuration is managed via systemd-networkd. |
@@ -168,17 +191,16 Install and enable OpenSSH service. The default configuration of the service doe | |||
|
168 | 191 | Allow the installation of non-free Debian packages that do not comply with the DFSG. This is required to install closed-source firmware binary blobs. |
|
169 | 192 | |
|
170 | 193 | ##### `ENABLE_WIRELESS`=false |
|
171 |
Download and install the [closed-source firmware binary blob](https://github.com/RPi-Distro/firmware-nonfree/ |
|
|
194 | Download and install the [closed-source firmware binary blob](https://github.com/RPi-Distro/firmware-nonfree/raw/master/brcm) that is required to run the internal wireless interface of the Raspberry Pi model `3`. This parameter is ignored if the specified `RPI_MODEL` is not `3`. | |
|
172 | 195 | |
|
173 | 196 | ##### `ENABLE_RSYSLOG`=true |
|
174 | If set to false, disable and uninstall rsyslog (so logs will be available only | |
|
175 | in journal files) | |
|
197 | If set to false, disable and uninstall rsyslog (so logs will be available only in journal files) | |
|
176 | 198 | |
|
177 | 199 | ##### `ENABLE_SOUND`=true |
|
178 | 200 | Enable sound hardware and install Advanced Linux Sound Architecture. |
|
179 | 201 | |
|
180 | 202 | ##### `ENABLE_HWRANDOM`=true |
|
181 |
Enable Hardware Random Number Generator. Strong random numbers are important for most network |
|
|
203 | Enable Hardware Random Number Generator. Strong random numbers are important for most network-based communications that use encryption. It's recommended to be enabled. | |
|
182 | 204 | |
|
183 | 205 | ##### `ENABLE_MINGPU`=false |
|
184 | 206 | Minimize the amount of shared memory reserved for the GPU. It doesn't seem to be possible to fully disable the GPU. |
@@ -190,11 +212,17 Install and enable D-Bus message bus. Please note that systemd should work witho | |||
|
190 | 212 | Install Xorg open-source X Window System. |
|
191 | 213 | |
|
192 | 214 | ##### `ENABLE_WM`="" |
|
193 |
Install a user |
|
|
215 | Install a user-defined window manager for the X Window System. To make sure all X related package dependencies are getting installed `ENABLE_XORG` will automatically get enabled if `ENABLE_WM` is used. The `rpi23-gen-image.sh` script has been tested with the following list of window managers: `blackbox`, `openbox`, `fluxbox`, `jwm`, `dwm`, `xfce4`, `awesome`. | |
|
216 | ||
|
217 | ##### `ENABLE_SYSVINIT`=false | |
|
218 | Support for halt,init,poweroff,reboot,runlevel,shutdown,telinit commands | |
|
194 | 219 | |
|
195 | 220 | --- |
|
196 | 221 | |
|
197 | 222 | #### Advanced system features: |
|
223 | ##### `ENABLE_SYSTEMDSWAP`=false | |
|
224 | Enables [Systemd-swap service](https://github.com/Nefelim4ag/systemd-swap). Usefull if `KERNEL_ZSWAP` is enabled. | |
|
225 | ||
|
198 | 226 | ##### `ENABLE_MINBASE`=false |
|
199 | 227 | Use debootstrap script variant `minbase` which only includes essential packages and apt. This will reduce the disk usage by about 65 MB. |
|
200 | 228 | |
@@ -202,10 +230,10 Use debootstrap script variant `minbase` which only includes essential packages | |||
|
202 | 230 | Reduce the disk space usage by deleting packages and files. See `REDUCE_*` parameters for detailed information. |
|
203 | 231 | |
|
204 | 232 | ##### `ENABLE_UBOOT`=false |
|
205 | Replace the default RPi2/3 second stage bootloader (bootcode.bin) with [U-Boot bootloader](http://git.denx.de/?p=u-boot.git;a=summary). U-Boot can boot images via the network using the BOOTP/TFTP protocol. | |
|
233 | Replace the default RPi 0/1/2/3 second stage bootloader (bootcode.bin) with [U-Boot bootloader](https://git.denx.de/?p=u-boot.git;a=summary). U-Boot can boot images via the network using the BOOTP/TFTP protocol. | |
|
206 | 234 | |
|
207 | 235 | ##### `UBOOTSRC_DIR`="" |
|
208 | Path to a directory (`u-boot`) of [U-Boot bootloader sources](http://git.denx.de/?p=u-boot.git;a=summary) that will be copied, configured, build and installed inside the chroot. | |
|
236 | Path to a directory (`u-boot`) of [U-Boot bootloader sources](https://git.denx.de/?p=u-boot.git;a=summary) that will be copied, configured, build and installed inside the chroot. | |
|
209 | 237 | |
|
210 | 238 | ##### `ENABLE_FBTURBO`=false |
|
211 | 239 | Install and enable the [hardware accelerated Xorg video driver](https://github.com/ssvb/xf86-video-fbturbo) `fbturbo`. Please note that this driver is currently limited to hardware accelerated window moving and scrolling. |
@@ -213,11 +241,23 Install and enable the [hardware accelerated Xorg video driver](https://github.c | |||
|
213 | 241 | ##### `FBTURBOSRC_DIR`="" |
|
214 | 242 | Path to a directory (`xf86-video-fbturbo`) of [hardware accelerated Xorg video driver sources](https://github.com/ssvb/xf86-video-fbturbo) that will be copied, configured, build and installed inside the chroot. |
|
215 | 243 | |
|
244 | ##### `ENABLE_VIDEOCORE`=false | |
|
245 | Install and enable the [ARM side libraries for interfacing to Raspberry Pi GPU](https://github.com/raspberrypi/userland) `vcgencmd`. Please note that this driver is currently limited to hardware accelerated window moving and scrolling. | |
|
246 | ||
|
247 | ##### `VIDEOCORESRC_DIR`="" | |
|
248 | Path to a directory (`userland`) of [ARM side libraries for interfacing to Raspberry Pi GPU](https://github.com/raspberrypi/userland) that will be copied, configured, build and installed inside the chroot. | |
|
249 | ||
|
250 | ##### `ENABLE_NEXMON`=false | |
|
251 | Install and enable the [Source code for a C-based firmware patching framework for Broadcom/Cypress WiFi chips that enables you to write your own firmware patches, for example, to enable monitor mode with radiotap headers and frame injection](https://github.com/seemoo-lab/nexmon.git). | |
|
252 | ||
|
253 | ##### `NEXMONSRC_DIR`="" | |
|
254 | Path to a directory (`nexmon`) of [Source code for ARM side libraries for interfacing to Raspberry Pi GPU](https://github.com/raspberrypi/userland) that will be copied, configured, build and installed inside the chroot. | |
|
255 | ||
|
216 | 256 | ##### `ENABLE_IPTABLES`=false |
|
217 | 257 | Enable iptables IPv4/IPv6 firewall. Simplified ruleset: Allow all outgoing connections. Block all incoming connections except to OpenSSH service. |
|
218 | 258 | |
|
219 | 259 | ##### `ENABLE_USER`=true |
|
220 | Create non-root user with password `USER_PASSWORD`=raspberry. Unless overridden with `USER_NAME`=user, username will be `pi`. | |
|
260 | Create non-root user with password `USER_PASSWORD`=raspberry. Unless overridden with `USER_NAME`=user, the username will be `pi`. | |
|
221 | 261 | |
|
222 | 262 | ##### `USER_NAME`=pi |
|
223 | 263 | Non-root user to create. Ignored if `ENABLE_USER`=false |
@@ -238,7 +278,16 Path to a directory with scripts that should be run in the chroot before the ima | |||
|
238 | 278 | Create an initramfs that that will be loaded during the Linux startup process. `ENABLE_INITRAMFS` will automatically get enabled if `ENABLE_CRYPTFS`=true. This parameter will be ignored if `BUILD_KERNEL`=false. |
|
239 | 279 | |
|
240 | 280 | ##### `ENABLE_IFNAMES`=true |
|
241 |
Enable automatic assignment of predictable, stable network interface names for all local Ethernet, WLAN interfaces. This might create complex and long interface names. |
|
|
281 | Enable automatic assignment of predictable, stable network interface names for all local Ethernet, WLAN interfaces. This might create complex and long interface names. | |
|
282 | ||
|
283 | ##### `ENABLE_SPLASH`=true | |
|
284 | Enable default Raspberry Pi boot up rainbow splash screen. | |
|
285 | ||
|
286 | ##### `ENABLE_LOGO`=true | |
|
287 | Enable default Raspberry Pi console logo (image of four raspberries in the top left corner). | |
|
288 | ||
|
289 | ##### `ENABLE_SILENT_BOOT`=false | |
|
290 | Set the verbosity of console messages shown during boot up to a strict minimum. | |
|
242 | 291 | |
|
243 | 292 | ##### `DISABLE_UNDERVOLT_WARNINGS`= |
|
244 | 293 | Disable RPi2/3 under-voltage warnings and overlays. Setting the parameter to `1` will disable the warning overlay. Setting it to `2` will additionally allow RPi2/3 turbo mode when low-voltage is present. |
@@ -247,10 +296,10 Disable RPi2/3 under-voltage warnings and overlays. Setting the parameter to `1` | |||
|
247 | 296 | |
|
248 | 297 | #### SSH settings: |
|
249 | 298 | ##### `SSH_ENABLE_ROOT`=false |
|
250 | Enable password root login via SSH. This may be a security risk with default password, use only in trusted environments. `ENABLE_ROOT` must be set to `true`. | |
|
299 | Enable password-based root login via SSH. This may be a security risk with the default password set, use only in trusted environments. `ENABLE_ROOT` must be set to `true`. | |
|
251 | 300 | |
|
252 | 301 | ##### `SSH_DISABLE_PASSWORD_AUTH`=false |
|
253 |
Disable password |
|
|
302 | Disable password-based SSH authentication. Only public key based SSH (v2) authentication will be supported. | |
|
254 | 303 | |
|
255 | 304 | ##### `SSH_LIMIT_USERS`=false |
|
256 | 305 | Limit the users that are allowed to login via SSH. Only allow user `USER_NAME`=pi and root if `SSH_ENABLE_ROOT`=true to login. This parameter will be ignored if `dropbear` SSH is used (`REDUCE_SSHD`=true). |
@@ -264,11 +313,11 Add SSH (v2) public key(s) from specified file to `authorized_keys` file to enab | |||
|
264 | 313 | --- |
|
265 | 314 | |
|
266 | 315 | #### Kernel compilation: |
|
267 |
##### `BUILD_KERNEL`= |
|
|
268 |
Build and install the latest RPi2/3 Linux kernel. Currently only the default RPi2/3 kernel configuration is used. |
|
|
316 | ##### `BUILD_KERNEL`=true | |
|
317 | Build and install the latest RPi 0/1/2/3 Linux kernel. Currently only the default RPi 0/1/2/3 kernel configuration is used. | |
|
269 | 318 | |
|
270 | 319 | ##### `CROSS_COMPILE`="arm-linux-gnueabihf-" |
|
271 |
This sets the cross |
|
|
320 | This sets the cross-compile environment for the compiler. | |
|
272 | 321 | |
|
273 | 322 | ##### `KERNEL_ARCH`="arm" |
|
274 | 323 | This sets the kernel architecture for the compiler. |
@@ -286,17 +335,23 Sets the QEMU enviornment for the Debian archive. If not set, `QEMU_BINARY` will | |||
|
286 | 335 | Sets the default config for kernel compiling. If not set, `KERNEL_DEFCONFIG` will be set to "bcmrpi3\_defconfig" automatically if building for arm64. |
|
287 | 336 | |
|
288 | 337 | ##### `KERNEL_REDUCE`=false |
|
289 | Reduce the size of the generated kernel by removing unwanted device, network and filesystem drivers (experimental). | |
|
338 | Reduce the size of the generated kernel by removing unwanted devices, network and filesystem drivers (experimental). | |
|
290 | 339 | |
|
291 | 340 | ##### `KERNEL_THREADS`=1 |
|
292 | 341 | Number of parallel kernel building threads. If the parameter is left untouched the script will automatically determine the number of CPU cores to set the number of parallel threads to speed the kernel compilation. |
|
293 | 342 | |
|
294 | 343 | ##### `KERNEL_HEADERS`=true |
|
295 | Install kernel headers with built kernel. | |
|
344 | Install kernel headers with the built kernel. | |
|
296 | 345 | |
|
297 | 346 | ##### `KERNEL_MENUCONFIG`=false |
|
298 | 347 | Start `make menuconfig` interactive menu-driven kernel configuration. The script will continue after `make menuconfig` was terminated. |
|
299 | 348 | |
|
349 | ##### `KERNEL_OLDDEFCONFIG`=false | |
|
350 | Run `make olddefconfig` to automatically set all new kernel configuration options to their recommended default values. | |
|
351 | ||
|
352 | ##### `KERNEL_CCACHE`=false | |
|
353 | Compile the kernel using ccache. This speeds up kernel recompilation by caching previous compilations and detecting when the same compilation is being done again. | |
|
354 | ||
|
300 | 355 | ##### `KERNEL_REMOVESRC`=true |
|
301 | 356 | Remove all kernel sources from the generated OS image after it was built and installed. |
|
302 | 357 | |
@@ -318,6 +373,24 With this parameter set to true the script expects the existing kernel sources d | |||
|
318 | 373 | ##### `RPI_FIRMWARE_DIR`="" |
|
319 | 374 | The directory (`firmware`) containing a local copy of the firmware from the [RaspberryPi firmware project](https://github.com/raspberrypi/firmware). Default is to download the latest firmware directly from the project. |
|
320 | 375 | |
|
376 | ##### `KERNEL_DEFAULT_GOV`="ONDEMAND" | |
|
377 | Set the default cpu governor at kernel compilation. Supported values are: PERFORMANCE POWERSAVE USERSPACE ONDEMAND CONSERVATIVE SCHEDUTIL | |
|
378 | ||
|
379 | ##### `KERNEL_NF`=false | |
|
380 | Enable Netfilter modules as kernel modules | |
|
381 | ||
|
382 | ##### `KERNEL_VIRT`=false | |
|
383 | Enable Kernel KVM support (/dev/kvm) | |
|
384 | ||
|
385 | ##### `KERNEL_ZSWAP`=false | |
|
386 | Enable Kernel Zswap support. Best use on high RAM load and mediocre CPU load usecases | |
|
387 | ||
|
388 | ##### `KERNEL_BPF`=true | |
|
389 | Allow attaching eBPF programs to a cgroup using the bpf syscall (CONFIG_BPF_SYSCALL CONFIG_CGROUP_BPF) [systemd compilations about it - File /lib/systemd/system/systemd-journald.server:36 configures an IP firewall (IPAddressDeny=all), but the local system does not support BPF/cgroup based firewalls] | |
|
390 | ||
|
391 | ##### `KERNEL_SECURITY`=false | |
|
392 | Enables Apparmor, integrity subsystem, auditing. | |
|
393 | ||
|
321 | 394 | --- |
|
322 | 395 | |
|
323 | 396 | #### Reduce disk usage: |
@@ -365,6 +438,12 Set cipher specification string. `aes-xts*` ciphers are strongly recommended. | |||
|
365 | 438 | ##### `CRYPTFS_XTSKEYSIZE`=512 |
|
366 | 439 | Sets key size in bits. The argument has to be a multiple of 8. |
|
367 | 440 | |
|
441 | ##### `CRYPTFS_DROPBEAR`=false | |
|
442 | Enable Dropbear Initramfs support | |
|
443 | ||
|
444 | ##### `CRYPTFS_DROPBEAR_PUBKEY`="" | |
|
445 | Provide path to dropbear Public RSA-OpenSSH Key | |
|
446 | ||
|
368 | 447 | --- |
|
369 | 448 | |
|
370 | 449 | #### Build settings: |
@@ -382,9 +461,9 The functions of this script that are required for the different stages of the b | |||
|
382 | 461 | | `10-bootstrap.sh` | Debootstrap basic system | |
|
383 | 462 | | `11-apt.sh` | Setup APT repositories | |
|
384 | 463 | | `12-locale.sh` | Setup Locales and keyboard settings | |
|
385 | | `13-kernel.sh` | Build and install RPi2/3 Kernel | | |
|
464 | | `13-kernel.sh` | Build and install RPi 0/1/2/3 Kernel | | |
|
386 | 465 | | `14-fstab.sh` | Setup fstab and initramfs | |
|
387 | | `15-rpi-config.sh` | Setup RPi2/3 config and cmdline | | |
|
466 | | `15-rpi-config.sh` | Setup RPi 0/1/2/3 config and cmdline | | |
|
388 | 467 | | `20-networking.sh` | Setup Networking | |
|
389 | 468 | | `21-firewall.sh` | Setup Firewall | |
|
390 | 469 | | `30-security.sh` | Setup Users and Security settings | |
@@ -392,6 +471,7 The functions of this script that are required for the different stages of the b | |||
|
392 | 471 | | `32-sshd.sh` | Setup SSH and public keys | |
|
393 | 472 | | `41-uboot.sh` | Build and Setup U-Boot | |
|
394 | 473 | | `42-fbturbo.sh` | Build and Setup fbturbo Xorg driver | |
|
474 | | `43-videocore.sh` | Build and Setup videocore libraries | | |
|
395 | 475 | | `50-firstboot.sh` | First boot actions | |
|
396 | 476 | | `99-reduce.sh` | Reduce the disk space usage | |
|
397 | 477 | |
@@ -400,7 +480,7 All the required configuration files that will be copied to the generated OS ima | |||
|
400 | 480 | | Directory | Description | |
|
401 | 481 | | --- | --- | |
|
402 | 482 | | `apt` | APT management configuration files | |
|
403 | | `boot` | Boot and RPi2/3 configuration files | | |
|
483 | | `boot` | Boot and RPi 0/1/2/3 configuration files | | |
|
404 | 484 | | `dpkg` | Package Manager configuration | |
|
405 | 485 | | `etc` | Configuration files and rc scripts | |
|
406 | 486 | | `firstboot` | Scripts that get executed on first boot | |
@@ -426,21 +506,39 script -c 'APT_SERVER=ftp.de.debian.org ./rpi23-gen-image.sh' ./build.log | |||
|
426 | 506 | ``` |
|
427 | 507 | |
|
428 | 508 | ## Flashing the image file |
|
429 | After the image file was successfully created by the `rpi23-gen-image.sh` script it can be copied to the microSD card that will be used by the RPi2/3 computer. This can be performed by using the tools `bmaptool` or `dd`. Using `bmaptool` will probably speed-up the copy process because `bmaptool` copies more wisely than `dd`. | |
|
509 | After the image file was successfully created by the `rpi23-gen-image.sh` script it can be copied to the microSD card that will be used by the RPi 0/1/2/3 computer. This can be performed by using the tools `bmaptool` or `dd`. Using `bmaptool` will probably speed-up the copy process because `bmaptool` copies more wisely than `dd`. | |
|
430 | 510 | |
|
431 | 511 | ##### Flashing examples: |
|
432 | 512 | ```shell |
|
433 |
bmaptool copy ./images/ |
|
|
434 |
dd bs=4M if=./images/ |
|
|
513 | bmaptool copy ./images/buster/2017-01-23-rpi3-buster.img /dev/mmcblk0 | |
|
514 | dd bs=4M if=./images/buster/2017-01-23-rpi3-buster.img of=/dev/mmcblk0 | |
|
435 | 515 | ``` |
|
436 | 516 | If you have set `ENABLE_SPLITFS`, copy the `-frmw` image on the microSD card, then the `-root` one on the USB drive: |
|
437 | 517 | ```shell |
|
438 |
bmaptool copy ./images/ |
|
|
439 |
bmaptool copy ./images/ |
|
|
518 | bmaptool copy ./images/buster/2017-01-23-rpi3-buster-frmw.img /dev/mmcblk0 | |
|
519 | bmaptool copy ./images/buster/2017-01-23-rpi3-buster-root.img /dev/sdc | |
|
520 | ``` | |
|
521 | ||
|
522 | ## QEMU emulation | |
|
523 | Start QEMU full system emulation: | |
|
524 | ```shell | |
|
525 | qemu-system-arm -m 2048M -M vexpress-a15 -cpu cortex-a15 -kernel kernel7.img -no-reboot -dtb vexpress-v2p-ca15_a7.dtb -sd ${IMAGE_NAME}.qcow2 -append "root=/dev/mmcblk0p2 rw rootfstype=ext4 console=tty1" | |
|
526 | ``` | |
|
527 | ||
|
528 | Start QEMU full system emulation and output to console: | |
|
529 | ```shell | |
|
530 | qemu-system-arm -m 2048M -M vexpress-a15 -cpu cortex-a15 -kernel kernel7.img -no-reboot -dtb vexpress-v2p-ca15_a7.dtb -sd ${IMAGE_NAME}.qcow2 -append "root=/dev/mmcblk0p2 rw rootfstype=ext4 console=ttyAMA0,115200 init=/bin/systemd" -serial stdio | |
|
531 | ``` | |
|
532 | ||
|
533 | Start QEMU full system emulation with SMP and output to console: | |
|
534 | ```shell | |
|
535 | qemu-system-arm -m 2048M -M vexpress-a15 -cpu cortex-a15 -smp cpus=2,maxcpus=2 -kernel kernel7.img -no-reboot -dtb vexpress-v2p-ca15_a7.dtb -sd ${IMAGE_NAME}.qcow2 -append "root=/dev/mmcblk0p2 rw rootfstype=ext4 console=ttyAMA0,115200 init=/bin/systemd" -serial stdio | |
|
536 | ``` | |
|
537 | ||
|
538 | Start QEMU full system emulation with cryptfs, initramfs and output to console: | |
|
539 | ```shell | |
|
540 | qemu-system-arm -m 2048M -M vexpress-a15 -cpu cortex-a15 -kernel kernel7.img -no-reboot -dtb vexpress-v2p-ca15_a7.dtb -sd ${IMAGE_NAME}.qcow2 -initrd "initramfs-${KERNEL_VERSION}" -append "root=/dev/mapper/secure cryptdevice=/dev/mmcblk0p2:secure rw rootfstype=ext4 console=ttyAMA0,115200 init=/bin/systemd" -serial stdio | |
|
440 | 541 | ``` |
|
441 | ## Weekly image builds | |
|
442 | The image files are provided by JRWR'S I/O PORT and are built once a Sunday at midnight UTC! | |
|
443 | * [Debian Stretch Raspberry Pi2/3 Weekly Image Builds](https://jrwr.io/doku.php?id=projects:debianpi) | |
|
444 | 542 | |
|
445 | 543 | ## External links and references |
|
446 | 544 | * [Debian worldwide mirror sites](https://www.debian.org/mirror/list) |
@@ -448,7 +546,7 The image files are provided by JRWR'S I/O PORT and are built once a Sunday at m | |||
|
448 | 546 | * [Debian CrossToolchains Wiki](https://wiki.debian.org/CrossToolchains) |
|
449 | 547 | * [Official Raspberry Pi Firmware on github](https://github.com/raspberrypi/firmware) |
|
450 | 548 | * [Official Raspberry Pi Kernel on github](https://github.com/raspberrypi/linux) |
|
451 | * [U-BOOT git repository](http://git.denx.de/?p=u-boot.git;a=summary) | |
|
549 | * [U-BOOT git repository](https://git.denx.de/?p=u-boot.git;a=summary) | |
|
452 | 550 | * [Xorg DDX driver fbturbo](https://github.com/ssvb/xf86-video-fbturbo) |
|
453 |
* [RPi3 Wireless interface firmware](https://github.com/RPi-Distro/firmware-nonfree/tree/master/brcm |
|
|
551 | * [RPi3 Wireless interface firmware](https://github.com/RPi-Distro/firmware-nonfree/tree/master/brcm) | |
|
454 | 552 | * [Collabora RPi2 Kernel precompiled](https://repositories.collabora.co.uk/debian/) |
@@ -7,7 +7,6 | |||
|
7 | 7 | |
|
8 | 8 | VARIANT="" |
|
9 | 9 | COMPONENTS="main" |
|
10 | EXCLUDES="" | |
|
11 | 10 | |
|
12 | 11 | # Use non-free Debian packages if needed |
|
13 | 12 | if [ "$ENABLE_NONFREE" = true ] ; then |
@@ -19,13 +18,15 if [ "$ENABLE_MINBASE" = true ] ; then | |||
|
19 | 18 | VARIANT="--variant=minbase" |
|
20 | 19 | fi |
|
21 | 20 | |
|
21 | ||
|
22 | 22 | # Exclude packages if required by Debian release |
|
23 | 23 | if [ "$RELEASE" = "stretch" ] || [ "$RELEASE" = "buster" ] ; then |
|
24 | 24 | EXCLUDES="--exclude=init,systemd-sysv" |
|
25 | 25 | fi |
|
26 | 26 | |
|
27 | ||
|
27 | 28 | # Base debootstrap (unpack only) |
|
28 | http_proxy=${APT_PROXY} debootstrap ${EXCLUDES} --arch="${RELEASE_ARCH}" --foreign ${VARIANT} --components="${COMPONENTS}" --include="${APT_INCLUDES}" "${RELEASE}" "${R}" "http://${APT_SERVER}/debian" | |
|
29 | http_proxy=${APT_PROXY} debootstrap ${APT_EXCLUDES} --arch="${RELEASE_ARCH}" --foreign ${VARIANT} --components="${COMPONENTS}" --include="${APT_INCLUDES}" "${RELEASE}" "${R}" "http://${APT_SERVER}/debian" | |
|
29 | 30 | |
|
30 | 31 | # Copy qemu emulator binary to chroot |
|
31 | 32 | install -m 755 -o root -g root "${QEMU_BINARY}" "${R}${QEMU_BINARY}" |
@@ -32,25 +32,28 else # BUILD_KERNEL=true | |||
|
32 | 32 | sed -i "s/ jessie/ ${RELEASE}/" "${ETC_DIR}/apt/sources.list" |
|
33 | 33 | fi |
|
34 | 34 | |
|
35 | # Allow the installation of non-free Debian packages | |
|
36 | if [ "$ENABLE_NONFREE" = true ] ; then | |
|
37 |
|
|
|
38 | fi | |
|
35 | ||
|
36 | # Use specified APT server and release | |
|
37 | sed -i "s/\/ftp.debian.org\//\/${APT_SERVER}\//" "${ETC_DIR}/apt/sources.list" | |
|
38 | sed -i "s/ stretch/ ${RELEASE}/" "${ETC_DIR}/apt/sources.list" | |
|
39 | 39 | |
|
40 | 40 | # Upgrade package index and update all installed packages and changed dependencies |
|
41 | 41 | chroot_exec apt-get -qq -y update |
|
42 | 42 | chroot_exec apt-get -qq -y -u dist-upgrade |
|
43 | 43 | |
|
44 | # Install additional packages | |
|
44 | 45 | if [ "$APT_INCLUDES_LATE" ] ; then |
|
45 | chroot_exec apt-get -qq -y install $(echo $APT_INCLUDES_LATE |tr , ' ') | |
|
46 | chroot_exec apt-get -qq -y install $(echo "$APT_INCLUDES_LATE" |tr , ' ') | |
|
46 | 47 | fi |
|
47 | 48 | |
|
49 | # Install Debian custom packages | |
|
48 | 50 | if [ -d packages ] ; then |
|
49 | 51 | for package in packages/*.deb ; do |
|
50 | cp $package ${R}/tmp | |
|
51 | chroot_exec dpkg --unpack /tmp/$(basename $package) | |
|
52 | cp "$package" "${R}"/tmp | |
|
53 | chroot_exec dpkg --unpack /tmp/"$(basename "$package")" | |
|
52 | 54 | done |
|
53 | 55 | fi |
|
56 | ||
|
54 | 57 | chroot_exec apt-get -qq -y -f install |
|
55 | 58 | |
|
56 | 59 | chroot_exec apt-get -qq -y check |
@@ -6,24 +6,32 | |||
|
6 | 6 | . ./functions.sh |
|
7 | 7 | |
|
8 | 8 | # Install and setup timezone |
|
9 | echo ${TIMEZONE} > "${ETC_DIR}/timezone" | |
|
9 | echo "${TIMEZONE}" > "${ETC_DIR}/timezone" | |
|
10 | if [ -f "${ETC_DIR}/localtime" ]; then | |
|
11 | # 1. If 11-apt.sh upgrades the package 'tzdata', '/etc/localtime' was created | |
|
12 | # because 'dpkg-reconfigure -f noninteractive tzdata' was executed by apt-get. | |
|
13 | # 2. If '/etc/localtime' exists, our execution of 'dpkg-reconfigure -f noninteractive tzdata' | |
|
14 | # will ignore the our timezone set in '/etc/timezone'. | |
|
15 | # 3. Removing /etc/localtime will solve this. | |
|
16 | rm -f "${ETC_DIR}/localtime" | |
|
17 | fi | |
|
10 | 18 | chroot_exec dpkg-reconfigure -f noninteractive tzdata |
|
11 | 19 | |
|
12 | 20 | # Install and setup default locale and keyboard configuration |
|
13 | if [ $(echo "$APT_INCLUDES" | grep ",locales") ] ; then | |
|
21 | if [ "$(echo "$APT_INCLUDES" | grep ",locales")" ] ; then | |
|
14 | 22 | # Set locale choice in debconf db, even though dpkg-reconfigure ignores and overwrites them due to some bug |
|
15 | 23 | # https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=684134 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=685957 |
|
16 | 24 | # ... so we have to set locales manually |
|
17 | 25 | if [ "$DEFLOCAL" = "en_US.UTF-8" ] ; then |
|
18 |
chroot_exec echo "locales locales/locales_to_be_generated multiselect ${DEFLOCAL} UTF-8" |
|
|
26 | chroot_exec echo "locales locales/locales_to_be_generated multiselect ${DEFLOCAL} UTF-8 | debconf-set-selections" | |
|
19 | 27 | else |
|
20 | 28 | # en_US.UTF-8 should be available anyway : https://www.debian.org/doc/manuals/debian-reference/ch08.en.html#_the_reconfiguration_of_the_locale |
|
21 |
chroot_exec echo "locales locales/locales_to_be_generated multiselect en_US.UTF-8 UTF-8, ${DEFLOCAL} UTF-8" |
|
|
29 | chroot_exec echo "locales locales/locales_to_be_generated multiselect en_US.UTF-8 UTF-8, ${DEFLOCAL} UTF-8 | debconf-set-selections" | |
|
22 | 30 | sed -i "/en_US.UTF-8/s/^#//" "${ETC_DIR}/locale.gen" |
|
23 | 31 | fi |
|
24 | 32 | |
|
25 | 33 | sed -i "/${DEFLOCAL}/s/^#//" "${ETC_DIR}/locale.gen" |
|
26 |
chroot_exec echo "locales locales/default_environment_locale select ${DEFLOCAL}" |
|
|
34 | chroot_exec echo "locales locales/default_environment_locale select ${DEFLOCAL} | debconf-set-selections" | |
|
27 | 35 | chroot_exec locale-gen |
|
28 | 36 | chroot_exec update-locale LANG="${DEFLOCAL}" |
|
29 | 37 |
@@ -5,15 +5,23 | |||
|
5 | 5 | # Load utility functions |
|
6 | 6 | . ./functions.sh |
|
7 | 7 | |
|
8 | # Need to use kali kernel src if nexmon is enabled | |
|
9 | if [ "$ENABLE_NEXMON" = true ] ; then | |
|
10 | KERNEL_URL="${KALI_KERNEL_URL}" | |
|
11 | # Clear Branch and KernelSRC_DIR if using nexmon. Everyone will forget to clone kali kernel instead of nomrla kernel | |
|
12 | KERNEL_BRANCH="" | |
|
13 | KERNELSRC_DIR="" | |
|
14 | fi | |
|
15 | ||
|
8 | 16 | # Fetch and build latest raspberry kernel |
|
9 | 17 | if [ "$BUILD_KERNEL" = true ] ; then |
|
10 | 18 | # Setup source directory |
|
11 | mkdir -p "${R}/usr/src/linux" | |
|
19 | mkdir -p "${KERNEL_DIR}" | |
|
12 | 20 | |
|
13 | 21 | # Copy existing kernel sources into chroot directory |
|
14 | 22 | if [ -n "$KERNELSRC_DIR" ] && [ -d "$KERNELSRC_DIR" ] ; then |
|
15 | 23 | # Copy kernel sources and include hidden files |
|
16 |
cp -r "${KERNELSRC_DIR}/". "${R} |
|
|
24 | cp -r "${KERNELSRC_DIR}/". "${KERNEL_DIR}" | |
|
17 | 25 | |
|
18 | 26 | # Clean the kernel sources |
|
19 | 27 | if [ "$KERNELSRC_CLEAN" = true ] && [ "$KERNELSRC_PREBUILT" = false ] ; then |
@@ -25,13 +33,13 if [ "$BUILD_KERNEL" = true ] ; then | |||
|
25 | 33 | |
|
26 | 34 | # Fetch current RPi2/3 kernel sources |
|
27 | 35 | if [ -z "${KERNEL_BRANCH}" ] ; then |
|
28 | as_nobody git -C "${temp_dir}" clone --depth=1 "${KERNEL_URL}" linux | |
|
36 | as_nobody -H git -C "${temp_dir}" clone --depth=1 "${KERNEL_URL}" linux | |
|
29 | 37 | else |
|
30 | as_nobody git -C "${temp_dir}" clone --depth=1 --branch "${KERNEL_BRANCH}" "${KERNEL_URL}" linux | |
|
38 | as_nobody -H git -C "${temp_dir}" clone --depth=1 --branch "${KERNEL_BRANCH}" "${KERNEL_URL}" linux | |
|
31 | 39 | fi |
|
32 | 40 | |
|
33 | 41 | # Copy downloaded kernel sources |
|
34 |
cp -r "${temp_dir}/linux/"* "${R} |
|
|
42 | cp -r "${temp_dir}/linux/"* "${KERNEL_DIR}" | |
|
35 | 43 | |
|
36 | 44 | # Remove temporary directory for kernel sources |
|
37 | 45 | rm -fr "${temp_dir}" |
@@ -87,18 +95,353 if [ "$BUILD_KERNEL" = true ] ; then | |||
|
87 | 95 | # Load default raspberry kernel configuration |
|
88 | 96 | make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" "${KERNEL_DEFCONFIG}" |
|
89 | 97 | |
|
90 | if [ ! -z "$KERNELSRC_USRCONFIG" ] ; then | |
|
91 | cp $KERNELSRC_USRCONFIG ${KERNEL_DIR}/.config | |
|
98 | #Switch to KERNELSRC_DIR so we can use set_kernel_config | |
|
99 | cd "${KERNEL_DIR}" || exit | |
|
100 | ||
|
101 | if [ "$KERNEL_ARCH" = arm64 ] ; then | |
|
102 | #Fix SD_DRIVER upstream and downstream mess in 64bit RPIdeb_config | |
|
103 | # use correct driver MMC_BCM2835_MMC instead of MMC_BCM2835_SDHOST - see https://www.raspberrypi.org/forums/viewtopic.php?t=210225 | |
|
104 | set_kernel_config CONFIG_MMC_BCM2835 n | |
|
105 | set_kernel_config CONFIG_MMC_SDHCI_IPROC n | |
|
106 | set_kernel_config CONFIG_USB_DWC2 n | |
|
107 | sed -i "s|depends on MMC_BCM2835_MMC && MMC_BCM2835_DMA|depends on MMC_BCM2835_MMC|" "${KERNEL_DIR}"/drivers/mmc/host/Kconfig | |
|
108 | ||
|
109 | #VLAN got disabled without reason in arm64bit | |
|
110 | set_kernel_config CONFIG_IPVLAN m | |
|
111 | fi | |
|
112 | ||
|
113 | # enable ZSWAP see https://askubuntu.com/a/472227 or https://wiki.archlinux.org/index.php/zswap | |
|
114 | if [ "$KERNEL_ZSWAP" = true ] ; then | |
|
115 | set_kernel_config CONFIG_ZPOOL y | |
|
116 | set_kernel_config CONFIG_ZSWAP y | |
|
117 | set_kernel_config CONFIG_ZBUD y | |
|
118 | set_kernel_config CONFIG_Z3FOLD y | |
|
119 | set_kernel_config CONFIG_ZSMALLOC y | |
|
120 | set_kernel_config CONFIG_PGTABLE_MAPPING y | |
|
121 | set_kernel_config CONFIG_LZO_COMPRESS y | |
|
122 | ||
|
123 | fi | |
|
124 | ||
|
125 | # enable basic KVM support; see https://www.raspberrypi.org/forums/viewtopic.php?f=63&t=210546&start=25#p1300453 | |
|
126 | if [ "$KERNEL_VIRT" = true ] && { [ "$RPI_MODEL" = 2 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; } ; then | |
|
127 | set_kernel_config CONFIG_HAVE_KVM_IRQCHIP y | |
|
128 | set_kernel_config CONFIG_HAVE_KVM_ARCH_TLB_FLUSH_ALL y | |
|
129 | set_kernel_config CONFIG_HAVE_KVM_CPU_RELAX_INTERCEPT y | |
|
130 | set_kernel_config CONFIG_HAVE_KVM_EVENTFD y | |
|
131 | set_kernel_config CONFIG_HAVE_KVM_IRQFD y | |
|
132 | set_kernel_config CONFIG_HAVE_KVM_IRQ_ROUTING y | |
|
133 | set_kernel_config CONFIG_HAVE_KVM_MSI y | |
|
134 | set_kernel_config CONFIG_KVM y | |
|
135 | set_kernel_config CONFIG_KVM_ARM_HOST y | |
|
136 | set_kernel_config CONFIG_KVM_ARM_PMU y | |
|
137 | set_kernel_config CONFIG_KVM_COMPAT y | |
|
138 | set_kernel_config CONFIG_KVM_GENERIC_DIRTYLOG_READ_PROTECT y | |
|
139 | set_kernel_config CONFIG_KVM_MMIO y | |
|
140 | set_kernel_config CONFIG_KVM_VFIO y | |
|
141 | set_kernel_config CONFIG_VHOST m | |
|
142 | set_kernel_config CONFIG_VHOST_CROSS_ENDIAN_LEGACY y | |
|
143 | set_kernel_config CONFIG_VHOST_NET m | |
|
144 | set_kernel_config CONFIG_VIRTUALIZATION y | |
|
145 | ||
|
146 | set_kernel_config CONFIG_MMU_NOTIFIER y | |
|
147 | ||
|
148 | # erratum | |
|
149 | set_kernel_config ARM64_ERRATUM_834220 y | |
|
150 | ||
|
151 | # https://sourceforge.net/p/kvm/mailman/message/18440797/ | |
|
152 | set_kernel_config CONFIG_PREEMPT_NOTIFIERS y | |
|
153 | fi | |
|
154 | ||
|
155 | # enable apparmor,integrity audit, | |
|
156 | if [ "$KERNEL_SECURITY" = true ] ; then | |
|
157 | ||
|
158 | # security filesystem, security models and audit | |
|
159 | set_kernel_config CONFIG_SECURITYFS y | |
|
160 | set_kernel_config CONFIG_SECURITY y | |
|
161 | set_kernel_config CONFIG_AUDIT y | |
|
162 | ||
|
163 | # harden strcpy and memcpy | |
|
164 | set_kernel_config CONFIG_HARDENED_USERCOPY y | |
|
165 | set_kernel_config CONFIG_HAVE_HARDENED_USERCOPY_ALLOCATOR y | |
|
166 | set_kernel_config CONFIG_FORTIFY_SOURCE y | |
|
167 | ||
|
168 | # integrity sub-system | |
|
169 | set_kernel_config CONFIG_INTEGRITY y | |
|
170 | set_kernel_config CONFIG_INTEGRITY_ASYMMETRIC_KEYS y | |
|
171 | set_kernel_config CONFIG_INTEGRITY_AUDIT y | |
|
172 | set_kernel_config CONFIG_INTEGRITY_SIGNATURE y | |
|
173 | set_kernel_config CONFIG_INTEGRITY_TRUSTED_KEYRING y | |
|
174 | ||
|
175 | # This option provides support for retaining authentication tokens and access keys in the kernel. | |
|
176 | set_kernel_config CONFIG_KEYS y | |
|
177 | set_kernel_config CONFIG_KEYS_COMPAT y | |
|
178 | ||
|
179 | # Apparmor | |
|
180 | set_kernel_config CONFIG_SECURITY_APPARMOR_BOOTPARAM_VALUE 0 | |
|
181 | set_kernel_config CONFIG_SECURITY_APPARMOR_HASH_DEFAULT y | |
|
182 | set_kernel_config CONFIG_DEFAULT_SECURITY_APPARMOR y | |
|
183 | set_kernel_config CONFIG_SECURITY_APPARMOR y | |
|
184 | set_kernel_config CONFIG_SECURITY_APPARMOR_HASH y | |
|
185 | set_kernel_config CONFIG_DEFAULT_SECURITY "apparmor" | |
|
186 | ||
|
187 | # restrictions on unprivileged users reading the kernel | |
|
188 | set_kernel_config CONFIG_SECURITY_DMESG_RESTRICT y | |
|
189 | ||
|
190 | # network security hooks | |
|
191 | set_kernel_config CONFIG_SECURITY_NETWORK y | |
|
192 | set_kernel_config CONFIG_SECURITY_NETWORK_XFRM y | |
|
193 | set_kernel_config CONFIG_SECURITY_PATH y | |
|
194 | set_kernel_config CONFIG_SECURITY_YAMA n | |
|
195 | ||
|
196 | # New Options | |
|
197 | if [ "$KERNEL_NF" = true ] ; then | |
|
198 | set_kernel_config CONFIG_IP_NF_SECURITY m | |
|
199 | set_kernel_config CONFIG_NETLABEL y | |
|
200 | set_kernel_config CONFIG_IP6_NF_SECURITY m | |
|
201 | fi | |
|
202 | set_kernel_config CONFIG_SECURITY_SELINUX n | |
|
203 | set_kernel_config CONFIG_SECURITY_SMACK n | |
|
204 | set_kernel_config CONFIG_SECURITY_TOMOYO n | |
|
205 | set_kernel_config CONFIG_SECURITY_APPARMOR_DEBUG n | |
|
206 | set_kernel_config CONFIG_SECURITY_LOADPIN n | |
|
207 | set_kernel_config CONFIG_HARDENED_USERCOPY_PAGESPAN n | |
|
208 | set_kernel_config CONFIG_IMA n | |
|
209 | set_kernel_config CONFIG_EVM n | |
|
210 | set_kernel_config CONFIG_FANOTIFY_ACCESS_PERMISSIONS y | |
|
211 | set_kernel_config CONFIG_NFSD_V4_SECURITY_LABEL y | |
|
212 | set_kernel_config CONFIG_PKCS7_MESSAGE_PARSER y | |
|
213 | set_kernel_config CONFIG_SYSTEM_TRUSTED_KEYRING y | |
|
214 | set_kernel_config CONFIG_SYSTEM_TRUSTED_KEYS y | |
|
215 | set_kernel_config CONFIG_SYSTEM_EXTRA_CERTIFICATE y | |
|
216 | set_kernel_config CONFIG_SECONDARY_TRUSTED_KEYRING y | |
|
217 | set_kernel_config CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY n | |
|
218 | set_kernel_config CONFIG_SYSTEM_TRUSTED_KEYS m | |
|
219 | set_kernel_config CONFIG_SYSTEM_EXTRA_CERTIFICATE_SIZE 4096 | |
|
220 | ||
|
221 | set_kernel_config CONFIG_ARM64_CRYPTO y | |
|
222 | set_kernel_config CONFIG_CRYPTO_SHA256_ARM64 m | |
|
223 | set_kernel_config CONFIG_CRYPTO_SHA512_ARM64 m | |
|
224 | set_kernel_config CONFIG_CRYPTO_SHA1_ARM64_CE m | |
|
225 | set_kernel_config CRYPTO_GHASH_ARM64_CE m | |
|
226 | set_kernel_config CRYPTO_SHA2_ARM64_CE m | |
|
227 | set_kernel_config CONFIG_CRYPTO_CRCT10DIF_ARM64_CE m | |
|
228 | set_kernel_config CONFIG_CRYPTO_CRC32_ARM64_CE m | |
|
229 | set_kernel_config CONFIG_CRYPTO_AES_ARM64 m | |
|
230 | set_kernel_config CONFIG_CRYPTO_AES_ARM64_CE m | |
|
231 | set_kernel_config CONFIG_CRYPTO_AES_ARM64_CE_CCM y | |
|
232 | set_kernel_config CONFIG_CRYPTO_AES_ARM64_CE_BLK y | |
|
233 | set_kernel_config CONFIG_CRYPTO_AES_ARM64_NEON_BLK m | |
|
234 | set_kernel_config CONFIG_CRYPTO_CHACHA20_NEON m | |
|
235 | set_kernel_config CONFIG_CRYPTO_AES_ARM64_BS m | |
|
236 | set_kernel_config SYSTEM_TRUSTED_KEYS | |
|
237 | fi | |
|
238 | ||
|
239 | # Netfilter kernel support See https://github.com/raspberrypi/linux/issues/2177#issuecomment-354647406 | |
|
240 | if [ "$KERNEL_NF" = true ] ; then | |
|
241 | set_kernel_config CONFIG_IP_NF_TARGET_SYNPROXY m | |
|
242 | set_kernel_config CONFIG_NETFILTER_XT_TARGET_AUDIT m | |
|
243 | set_kernel_config CONFIG_NETFILTER_XT_MATCH_CGROUP m | |
|
244 | set_kernel_config CONFIG_NETFILTER_XT_MATCH_IPCOMP m | |
|
245 | set_kernel_config CONFIG_NETFILTER_XT_MATCH_SOCKET m | |
|
246 | set_kernel_config CONFIG_NFT_FIB_INET m | |
|
247 | set_kernel_config CONFIG_NFT_FIB_IPV4 m | |
|
248 | set_kernel_config CONFIG_NFT_FIB_IPV6 m | |
|
249 | set_kernel_config CONFIG_NFT_FIB_NETDEV m | |
|
250 | set_kernel_config CONFIG_NFT_OBJREF m | |
|
251 | set_kernel_config CONFIG_NFT_RT m | |
|
252 | set_kernel_config CONFIG_NFT_SET_BITMAP m | |
|
253 | set_kernel_config CONFIG_NF_CONNTRACK_TIMEOUT y | |
|
254 | set_kernel_config CONFIG_NF_LOG_ARP m | |
|
255 | set_kernel_config CONFIG_NF_SOCKET_IPV4 m | |
|
256 | set_kernel_config CONFIG_NF_SOCKET_IPV6 m | |
|
257 | set_kernel_config CONFIG_BRIDGE_EBT_BROUTE m | |
|
258 | set_kernel_config CONFIG_BRIDGE_EBT_T_FILTER m | |
|
259 | set_kernel_config CONFIG_BRIDGE_NF_EBTABLES m | |
|
260 | set_kernel_config CONFIG_IP6_NF_IPTABLES m | |
|
261 | set_kernel_config CONFIG_IP6_NF_MATCH_AH m | |
|
262 | set_kernel_config CONFIG_IP6_NF_MATCH_EUI64 m | |
|
263 | set_kernel_config CONFIG_IP6_NF_NAT m | |
|
264 | set_kernel_config CONFIG_IP6_NF_TARGET_MASQUERADE m | |
|
265 | set_kernel_config CONFIG_IP6_NF_TARGET_NPT m | |
|
266 | set_kernel_config CONFIG_IP_NF_SECURITY m | |
|
267 | set_kernel_config CONFIG_IP_SET_BITMAP_IPMAC m | |
|
268 | set_kernel_config CONFIG_IP_SET_BITMAP_PORT m | |
|
269 | set_kernel_config CONFIG_IP_SET_HASH_IP m | |
|
270 | set_kernel_config CONFIG_IP_SET_HASH_IPMARK m | |
|
271 | set_kernel_config CONFIG_IP_SET_HASH_IPPORT m | |
|
272 | set_kernel_config CONFIG_IP_SET_HASH_IPPORTIP m | |
|
273 | set_kernel_config CONFIG_IP_SET_HASH_IPPORTNET m | |
|
274 | set_kernel_config CONFIG_IP_SET_HASH_MAC m | |
|
275 | set_kernel_config CONFIG_IP_SET_HASH_NET m | |
|
276 | set_kernel_config CONFIG_IP_SET_HASH_NETIFACE m | |
|
277 | set_kernel_config CONFIG_IP_SET_HASH_NETNET m | |
|
278 | set_kernel_config CONFIG_IP_SET_HASH_NETPORT m | |
|
279 | set_kernel_config CONFIG_IP_SET_HASH_NETPORTNET m | |
|
280 | set_kernel_config CONFIG_IP_SET_LIST_SET m | |
|
281 | set_kernel_config CONFIG_NETFILTER_XTABLES m | |
|
282 | set_kernel_config CONFIG_NETFILTER_XTABLES m | |
|
283 | set_kernel_config CONFIG_NFT_BRIDGE_META m | |
|
284 | set_kernel_config CONFIG_NFT_BRIDGE_REJECT m | |
|
285 | set_kernel_config CONFIG_NFT_CHAIN_NAT_IPV4 m | |
|
286 | set_kernel_config CONFIG_NFT_CHAIN_NAT_IPV6 m | |
|
287 | set_kernel_config CONFIG_NFT_CHAIN_ROUTE_IPV4 m | |
|
288 | set_kernel_config CONFIG_NFT_CHAIN_ROUTE_IPV6 m | |
|
289 | set_kernel_config CONFIG_NFT_COMPAT m | |
|
290 | set_kernel_config CONFIG_NFT_COUNTER m | |
|
291 | set_kernel_config CONFIG_NFT_CT m | |
|
292 | set_kernel_config CONFIG_NFT_DUP_IPV4 m | |
|
293 | set_kernel_config CONFIG_NFT_DUP_IPV6 m | |
|
294 | set_kernel_config CONFIG_NFT_DUP_NETDEV m | |
|
295 | set_kernel_config CONFIG_NFT_EXTHDR m | |
|
296 | set_kernel_config CONFIG_NFT_FWD_NETDEV m | |
|
297 | set_kernel_config CONFIG_NFT_HASH m | |
|
298 | set_kernel_config CONFIG_NFT_LIMIT m | |
|
299 | set_kernel_config CONFIG_NFT_LOG m | |
|
300 | set_kernel_config CONFIG_NFT_MASQ m | |
|
301 | set_kernel_config CONFIG_NFT_MASQ_IPV4 m | |
|
302 | set_kernel_config CONFIG_NFT_MASQ_IPV6 m | |
|
303 | set_kernel_config CONFIG_NFT_META m | |
|
304 | set_kernel_config CONFIG_NFT_NAT m | |
|
305 | set_kernel_config CONFIG_NFT_NUMGEN m | |
|
306 | set_kernel_config CONFIG_NFT_QUEUE m | |
|
307 | set_kernel_config CONFIG_NFT_QUOTA m | |
|
308 | set_kernel_config CONFIG_NFT_REDIR m | |
|
309 | set_kernel_config CONFIG_NFT_REDIR_IPV4 m | |
|
310 | set_kernel_config CONFIG_NFT_REDIR_IPV6 m | |
|
311 | set_kernel_config CONFIG_NFT_REJECT m | |
|
312 | set_kernel_config CONFIG_NFT_REJECT_INET m | |
|
313 | set_kernel_config CONFIG_NFT_REJECT_IPV4 m | |
|
314 | set_kernel_config CONFIG_NFT_REJECT_IPV6 m | |
|
315 | set_kernel_config CONFIG_NFT_SET_HASH m | |
|
316 | set_kernel_config CONFIG_NFT_SET_RBTREE m | |
|
317 | set_kernel_config CONFIG_NF_CONNTRACK_IPV4 m | |
|
318 | set_kernel_config CONFIG_NF_CONNTRACK_IPV6 m | |
|
319 | set_kernel_config CONFIG_NF_DEFRAG_IPV4 m | |
|
320 | set_kernel_config CONFIG_NF_DEFRAG_IPV6 m | |
|
321 | set_kernel_config CONFIG_NF_DUP_IPV4 m | |
|
322 | set_kernel_config CONFIG_NF_DUP_IPV6 m | |
|
323 | set_kernel_config CONFIG_NF_DUP_NETDEV m | |
|
324 | set_kernel_config CONFIG_NF_LOG_BRIDGE m | |
|
325 | set_kernel_config CONFIG_NF_LOG_IPV4 m | |
|
326 | set_kernel_config CONFIG_NF_LOG_IPV6 m | |
|
327 | set_kernel_config CONFIG_NF_NAT_IPV4 m | |
|
328 | set_kernel_config CONFIG_NF_NAT_IPV6 m | |
|
329 | set_kernel_config CONFIG_NF_NAT_MASQUERADE_IPV4 m | |
|
330 | set_kernel_config CONFIG_NF_NAT_MASQUERADE_IPV6 m | |
|
331 | set_kernel_config CONFIG_NF_NAT_PPTP m | |
|
332 | set_kernel_config CONFIG_NF_NAT_PROTO_GRE m | |
|
333 | set_kernel_config CONFIG_NF_NAT_REDIRECT m | |
|
334 | set_kernel_config CONFIG_NF_NAT_SIP m | |
|
335 | set_kernel_config CONFIG_NF_NAT_SNMP_BASIC m | |
|
336 | set_kernel_config CONFIG_NF_NAT_TFTP m | |
|
337 | set_kernel_config CONFIG_NF_REJECT_IPV4 m | |
|
338 | set_kernel_config CONFIG_NF_REJECT_IPV6 m | |
|
339 | set_kernel_config CONFIG_NF_TABLES m | |
|
340 | set_kernel_config CONFIG_NF_TABLES_ARP m | |
|
341 | set_kernel_config CONFIG_NF_TABLES_BRIDGE m | |
|
342 | set_kernel_config CONFIG_NF_TABLES_INET m | |
|
343 | set_kernel_config CONFIG_NF_TABLES_IPV4 m | |
|
344 | set_kernel_config CONFIG_NF_TABLES_IPV6 m | |
|
345 | set_kernel_config CONFIG_NF_TABLES_NETDEV m | |
|
346 | fi | |
|
347 | ||
|
348 | # Enables BPF syscall for systemd-journald see https://github.com/torvalds/linux/blob/master/init/Kconfig#L848 or https://groups.google.com/forum/#!topic/linux.gentoo.user/_2aSc_ztGpA | |
|
349 | if [ "$KERNEL_BPF" = true ] ; then | |
|
350 | set_kernel_config CONFIG_BPF_SYSCALL y | |
|
351 | set_kernel_config CONFIG_BPF_EVENTS y | |
|
352 | set_kernel_config CONFIG_BPF_STREAM_PARSER y | |
|
353 | set_kernel_config CONFIG_CGROUP_BPF y | |
|
354 | fi | |
|
355 | ||
|
356 | # KERNEL_DEFAULT_GOV was set by user | |
|
357 | if [ "$KERNEL_DEFAULT_GOV" != powersave ] && [ -n "$KERNEL_DEFAULT_GOV" ] ; then | |
|
358 | ||
|
359 | case "$KERNEL_DEFAULT_GOV" in | |
|
360 | performance) | |
|
361 | set_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_PERFORMANCE y | |
|
362 | ;; | |
|
363 | userspace) | |
|
364 | set_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_USERSPACE y | |
|
365 | ;; | |
|
366 | ondemand) | |
|
367 | set_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_ONDEMAND y | |
|
368 | ;; | |
|
369 | conservative) | |
|
370 | set_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_CONSERVATIVE y | |
|
371 | ;; | |
|
372 | shedutil) | |
|
373 | set_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_SCHEDUTIL y | |
|
374 | ;; | |
|
375 | *) | |
|
376 | echo "error: unsupported default cpu governor" | |
|
377 | exit 1 | |
|
378 | ;; | |
|
379 | esac | |
|
380 | ||
|
381 | # unset previous default governor | |
|
382 | unset_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_POWERSAVE | |
|
383 | fi | |
|
384 | ||
|
385 | #Revert to previous directory | |
|
386 | cd "${WORKDIR}" || exit | |
|
387 | ||
|
388 | # Set kernel configuration parameters to enable qemu emulation | |
|
389 | if [ "$ENABLE_QEMU" = true ] ; then | |
|
390 | echo "CONFIG_FHANDLE=y" >> "${KERNEL_DIR}"/.config | |
|
391 | echo "CONFIG_LBDAF=y" >> "${KERNEL_DIR}"/.config | |
|
392 | ||
|
393 | if [ "$ENABLE_CRYPTFS" = true ] ; then | |
|
394 | { | |
|
395 | echo "CONFIG_EMBEDDED=y" | |
|
396 | echo "CONFIG_EXPERT=y" | |
|
397 | echo "CONFIG_DAX=y" | |
|
398 | echo "CONFIG_MD=y" | |
|
399 | echo "CONFIG_BLK_DEV_MD=y" | |
|
400 | echo "CONFIG_MD_AUTODETECT=y" | |
|
401 | echo "CONFIG_BLK_DEV_DM=y" | |
|
402 | echo "CONFIG_BLK_DEV_DM_BUILTIN=y" | |
|
403 | echo "CONFIG_DM_CRYPT=y" | |
|
404 | echo "CONFIG_CRYPTO_BLKCIPHER=y" | |
|
405 | echo "CONFIG_CRYPTO_CBC=y" | |
|
406 | echo "CONFIG_CRYPTO_XTS=y" | |
|
407 | echo "CONFIG_CRYPTO_SHA512=y" | |
|
408 | echo "CONFIG_CRYPTO_MANAGER=y" | |
|
409 | } >> "${KERNEL_DIR}"/.config | |
|
410 | fi | |
|
411 | fi | |
|
412 | ||
|
413 | # Copy custom kernel configuration file | |
|
414 | if [ -n "$KERNELSRC_USRCONFIG" ] ; then | |
|
415 | cp "$KERNELSRC_USRCONFIG" "${KERNEL_DIR}"/.config | |
|
416 | fi | |
|
417 | ||
|
418 | # Set kernel configuration parameters to their default values | |
|
419 | if [ "$KERNEL_OLDDEFCONFIG" = true ] ; then | |
|
420 | make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" olddefconfig | |
|
92 | 421 | fi |
|
93 | 422 | |
|
94 | 423 | # Start menu-driven kernel configuration (interactive) |
|
95 | 424 | if [ "$KERNEL_MENUCONFIG" = true ] ; then |
|
96 | 425 | make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" menuconfig |
|
97 | 426 | fi |
|
427 | # end if "$KERNELSRC_CONFIG" = true | |
|
98 | 428 | fi |
|
99 | 429 | |
|
100 |
# |
|
|
101 | make -C "${KERNEL_DIR}" -j${KERNEL_THREADS} ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" "${KERNEL_BIN_IMAGE}" modules dtbs | |
|
430 | # Use ccache to cross compile the kernel | |
|
431 | if [ "$KERNEL_CCACHE" = true ] ; then | |
|
432 | cc="ccache ${CROSS_COMPILE}gcc" | |
|
433 | else | |
|
434 | cc="${CROSS_COMPILE}gcc" | |
|
435 | fi | |
|
436 | ||
|
437 | # Cross compile kernel and dtbs | |
|
438 | make -C "${KERNEL_DIR}" -j"${KERNEL_THREADS}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" CC="${cc}" "${KERNEL_BIN_IMAGE}" dtbs | |
|
439 | ||
|
440 | # Cross compile kernel modules | |
|
441 | if grep -q "CONFIG_MODULES=y" "${KERNEL_DIR}/.config" ; then | |
|
442 | make -C "${KERNEL_DIR}" -j"${KERNEL_THREADS}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" CC="${cc}" modules | |
|
443 | fi | |
|
444 | # end if "$KERNELSRC_PREBUILT" = false | |
|
102 | 445 | fi |
|
103 | 446 | |
|
104 | 447 | # Check if kernel compilation was successful |
@@ -110,12 +453,16 if [ "$BUILD_KERNEL" = true ] ; then | |||
|
110 | 453 | |
|
111 | 454 | # Install kernel modules |
|
112 | 455 | if [ "$ENABLE_REDUCE" = true ] ; then |
|
456 | if grep -q "CONFIG_MODULES=y" "${KERNEL_DIR}/.config" ; then | |
|
113 | 457 | make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_MOD_STRIP=1 INSTALL_MOD_PATH=../../.. modules_install |
|
458 | fi | |
|
114 | 459 | else |
|
460 | if grep -q "CONFIG_MODULES=y" "${KERNEL_DIR}/.config" ; then | |
|
115 | 461 | make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_MOD_PATH=../../.. modules_install |
|
462 | fi | |
|
116 | 463 | |
|
117 | 464 | # Install kernel firmware |
|
118 |
if |
|
|
465 | if grep -q "^firmware_install:" "${KERNEL_DIR}/Makefile" ; then | |
|
119 | 466 | make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_FW_PATH=../../../lib firmware_install |
|
120 | 467 | fi |
|
121 | 468 | fi |
@@ -129,23 +476,41 if [ "$BUILD_KERNEL" = true ] ; then | |||
|
129 | 476 | mkdir "${BOOT_DIR}" |
|
130 | 477 | |
|
131 | 478 | # Get kernel release version |
|
132 |
KERNEL_VERSION= |
|
|
479 | KERNEL_VERSION=$(cat "${KERNEL_DIR}/include/config/kernel.release") | |
|
133 | 480 | |
|
134 | 481 | # Copy kernel configuration file to the boot directory |
|
135 | 482 | install_readonly "${KERNEL_DIR}/.config" "${R}/boot/config-${KERNEL_VERSION}" |
|
136 | 483 | |
|
137 | # Copy dts and dtb device tree sources and binaries | |
|
484 | # Prepare device tree directory | |
|
138 | 485 | mkdir "${BOOT_DIR}/overlays" |
|
139 | 486 | |
|
140 | 487 | # Ensure the proper .dtb is located |
|
141 | 488 | if [ "$KERNEL_ARCH" = "arm" ] ; then |
|
142 |
|
|
|
489 | for dtb in "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/"*.dtb ; do | |
|
490 | if [ -f "${dtb}" ] ; then | |
|
491 | install_readonly "${dtb}" "${BOOT_DIR}/" | |
|
492 | fi | |
|
493 | done | |
|
143 | 494 | else |
|
144 |
|
|
|
495 | for dtb in "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/broadcom/"*.dtb ; do | |
|
496 | if [ -f "${dtb}" ] ; then | |
|
497 | install_readonly "${dtb}" "${BOOT_DIR}/" | |
|
498 | fi | |
|
499 | done | |
|
145 | 500 | fi |
|
146 | 501 | |
|
147 | install_readonly "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays/"*.dtb* "${BOOT_DIR}/overlays/" | |
|
502 | # Copy compiled dtb device tree files | |
|
503 | if [ -d "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays" ] ; then | |
|
504 | for dtb in "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays/"*.dtbo ; do | |
|
505 | if [ -f "${dtb}" ] ; then | |
|
506 | install_readonly "${dtb}" "${BOOT_DIR}/overlays/" | |
|
507 | fi | |
|
508 | done | |
|
509 | ||
|
510 | if [ -f "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays/README" ] ; then | |
|
148 | 511 | install_readonly "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays/README" "${BOOT_DIR}/overlays/README" |
|
512 | fi | |
|
513 | fi | |
|
149 | 514 | |
|
150 | 515 | if [ "$ENABLE_UBOOT" = false ] ; then |
|
151 | 516 | # Convert and copy kernel image to the boot directory |
@@ -159,27 +524,92 if [ "$BUILD_KERNEL" = true ] ; then | |||
|
159 | 524 | if [ "$KERNEL_REMOVESRC" = true ] ; then |
|
160 | 525 | rm -fr "${KERNEL_DIR}" |
|
161 | 526 | else |
|
527 | # Prepare compiled kernel modules | |
|
528 | if grep -q "CONFIG_MODULES=y" "${KERNEL_DIR}/.config" ; then | |
|
529 | if grep -q "^modules_prepare:" "${KERNEL_DIR}/Makefile" ; then | |
|
162 | 530 | make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" modules_prepare |
|
531 | fi | |
|
163 | 532 | |
|
164 | 533 | # Create symlinks for kernel modules |
|
165 | 534 | chroot_exec ln -sf /usr/src/linux "/lib/modules/${KERNEL_VERSION}/build" |
|
166 | 535 | chroot_exec ln -sf /usr/src/linux "/lib/modules/${KERNEL_VERSION}/source" |
|
167 | 536 | fi |
|
537 | fi | |
|
168 | 538 | |
|
169 | 539 | else # BUILD_KERNEL=false |
|
170 | # Kernel installation | |
|
171 | chroot_exec apt-get -qq -y --no-install-recommends install linux-image-"${COLLABORA_KERNEL}" raspberrypi-bootloader-nokernel | |
|
540 | if [ "$SET_ARCH" = 64 ] && { [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; } ; then | |
|
541 | ||
|
542 | # Use Sakakis modified kernel if ZSWAP is active | |
|
543 | if [ "$KERNEL_ZSWAP" = true ] || [ "$KERNEL_VIRT" = true ] || [ "$KERNEL_NF" = true ] || [ "$KERNEL_BPF" = true ] ; then | |
|
544 | RPI3_64_KERNEL_URL="${RPI3_64_BIS_KERNEL_URL}" | |
|
545 | fi | |
|
546 | ||
|
547 | # Create temporary directory for dl | |
|
548 | temp_dir=$(as_nobody mktemp -d) | |
|
172 | 549 | |
|
173 | # Install flash-kernel last so it doesn't try (and fail) to detect the platform in the chroot | |
|
174 | chroot_exec apt-get -qq -y install flash-kernel | |
|
550 | # Fetch kernel dl | |
|
551 | as_nobody wget -O "${temp_dir}"/kernel.tar.xz -c "$RPI3_64_KERNEL_URL" | |
|
552 | ||
|
553 | #extract download | |
|
554 | tar -xJf "${temp_dir}"/kernel.tar.xz -C "${temp_dir}" | |
|
555 | ||
|
556 | #move extracted kernel to /boot/firmware | |
|
557 | mkdir "${R}/boot/firmware" | |
|
558 | cp "${temp_dir}"/boot/* "${R}"/boot/firmware/ | |
|
559 | cp -r "${temp_dir}"/lib/* "${R}"/lib/ | |
|
560 | ||
|
561 | # Remove temporary directory for kernel sources | |
|
562 | rm -fr "${temp_dir}" | |
|
563 | ||
|
564 | # Set permissions of the kernel sources | |
|
565 | chown -R root:root "${R}/boot/firmware" | |
|
566 | chown -R root:root "${R}/lib/modules" | |
|
567 | fi | |
|
568 | ||
|
569 | # Install Kernel from hypriot comptabile with all Raspberry PI | |
|
570 | if [ "$SET_ARCH" = 32 ] ; then | |
|
571 | # Create temporary directory for dl | |
|
572 | temp_dir=$(as_nobody mktemp -d) | |
|
573 | ||
|
574 | # Fetch kernel | |
|
575 | as_nobody wget -O "${temp_dir}"/kernel.deb -c "$RPI_32_KERNEL_URL" | |
|
576 | ||
|
577 | # Copy downloaded U-Boot sources | |
|
578 | mv "${temp_dir}"/kernel.deb "${R}"/tmp/kernel.deb | |
|
579 | ||
|
580 | # Set permissions | |
|
581 | chown -R root:root "${R}"/tmp/kernel.deb | |
|
582 | ||
|
583 | # Install kernel | |
|
584 | chroot_exec dpkg -i /tmp/kernel.deb | |
|
585 | ||
|
586 | # move /boot to /boot/firmware to fit script env. | |
|
587 | #mkdir "${BOOT_DIR}" | |
|
588 | mkdir "${temp_dir}"/firmware | |
|
589 | mv "${R}"/boot/* "${temp_dir}"/firmware/ | |
|
590 | mv "${temp_dir}"/firmware "${R}"/boot/ | |
|
591 | ||
|
592 | #same for kernel headers | |
|
593 | if [ "$KERNEL_HEADERS" = true ] ; then | |
|
594 | # Fetch kernel header | |
|
595 | as_nobody wget -O "${temp_dir}"/kernel-header.deb -c "$RPI_32_KERNELHEADER_URL" | |
|
596 | mv "${temp_dir}"/kernel-header.deb "${R}"/tmp/kernel-header.deb | |
|
597 | chown -R root:root "${R}"/tmp/kernel-header.deb | |
|
598 | # Install kernel header | |
|
599 | chroot_exec dpkg -i /tmp/kernel-header.deb | |
|
600 | rm -f "${R}"/tmp/kernel-header.deb | |
|
601 | fi | |
|
602 | ||
|
603 | # Remove temporary directory and files | |
|
604 | rm -fr "${temp_dir}" | |
|
605 | rm -f "${R}"/tmp/kernel.deb | |
|
606 | fi | |
|
175 | 607 | |
|
176 | 608 | # Check if kernel installation was successful |
|
177 |
|
|
|
178 |
if [ -z "$ |
|
|
179 |
echo "error: kernel installation failed! (/boot/ |
|
|
609 | KERNEL="$(ls -1 "${R}"/boot/firmware/kernel* | sort | tail -n 1)" | |
|
610 | if [ -z "$KERNEL" ] ; then | |
|
611 | echo "error: kernel installation failed! (/boot/kernel* not found)" | |
|
180 | 612 | cleanup |
|
181 | 613 | exit 1 |
|
182 | 614 | fi |
|
183 | # Copy vmlinuz kernel to the boot directory | |
|
184 | install_readonly "${VMLINUZ}" "${BOOT_DIR}/${KERNEL_IMAGE}" | |
|
185 | 615 | fi |
@@ -20,16 +20,24 if [ "$ENABLE_CRYPTFS" = true ] ; then | |||
|
20 | 20 | |
|
21 | 21 | # Add encrypted partition to crypttab and fstab |
|
22 | 22 | install_readonly files/mount/crypttab "${ETC_DIR}/crypttab" |
|
23 | echo "${CRYPTFS_MAPPING} /dev/mmcblk0p2 none luks" >> "${ETC_DIR}/crypttab" | |
|
23 | echo "${CRYPTFS_MAPPING} /dev/mmcblk0p2 none luks,initramfs" >> "${ETC_DIR}/crypttab" | |
|
24 | 24 | |
|
25 | 25 | if [ "$ENABLE_SPLITFS" = true ] ; then |
|
26 | # Add usb/sda disk to crypttab | |
|
26 | # Add usb/sda1 disk to crypttab | |
|
27 | 27 | sed -i "s/mmcblk0p2/sda1/" "${ETC_DIR}/crypttab" |
|
28 | 28 | fi |
|
29 | 29 | fi |
|
30 | 30 | |
|
31 | if [ "$ENABLE_USBBOOT" = true ] ; then | |
|
32 | sed -i "s/mmcblk0p1/sda1/" "${ETC_DIR}/fstab" | |
|
33 | sed -i "s/mmcblk0p2/sda2/" "${ETC_DIR}/fstab" | |
|
34 | ||
|
35 | # Add usb/sda2 disk to crypttab | |
|
36 | sed -i "s/mmcblk0p2/sda2/" "${ETC_DIR}/crypttab" | |
|
37 | fi | |
|
38 | ||
|
31 | 39 | # Generate initramfs file |
|
32 |
if |
|
|
40 | if [ "$ENABLE_INITRAMFS" = true ] ; then | |
|
33 | 41 | if [ "$ENABLE_CRYPTFS" = true ] ; then |
|
34 | 42 | # Include initramfs scripts to auto expand encrypted root partition |
|
35 | 43 | if [ "$EXPANDROOT" = true ] ; then |
@@ -38,11 +46,63 if [ "$BUILD_KERNEL" = true ] && [ "$ENABLE_INITRAMFS" = true ] ; then | |||
|
38 | 46 | install_exec files/initramfs/expand-tools "${ETC_DIR}/initramfs-tools/hooks/expand-tools" |
|
39 | 47 | fi |
|
40 | 48 | |
|
49 | if [ "$ENABLE_DHCP" = false ] ; then | |
|
50 | # Get cdir from NET_ADDRESS e.g. 24 | |
|
51 | cdir=$(${NET_ADDRESS} | cut -d '/' -f2) | |
|
52 | ||
|
53 | # Convert cdir ro netmask e.g. 24 to 255.255.255.0 | |
|
54 | NET_MASK=$(cdr2mask "$cdir") | |
|
55 | ||
|
56 | # Write static ip settings to "${ETC_DIR}"/initramfs-tools/initramfs.conf | |
|
57 | sed -i "\$aIP=${NET_ADDRESS}::${NET_GATEWAY}:${NET_MASK}:${HOSTNAME}:" "${ETC_DIR}"/initramfs-tools/initramfs.conf | |
|
58 | ||
|
59 | # Regenerate initramfs | |
|
60 | chroot_exec mkinitramfs -o "/boot/firmware/initramfs-${KERNEL_VERSION}" "${KERNEL_VERSION}" | |
|
61 | fi | |
|
62 | ||
|
63 | if [ "$CRYPTFS_DROPBEAR" = true ]; then | |
|
64 | if [ -n "$CRYPTFS_DROPBEAR_PUBKEY" ] && [ -f "$CRYPTFS_DROPBEAR_PUBKEY" ] ; then | |
|
65 | install_readonly "${CRYPTFS_DROPBEAR_PUBKEY}" "${ETC_DIR}"/dropbear-initramfs/id_rsa.pub | |
|
66 | cat "${ETC_DIR}"/dropbear-initramfs/id_rsa.pub >> "${ETC_DIR}"/dropbear-initramfs/authorized_keys | |
|
67 | else | |
|
68 | # Create key | |
|
69 | chroot_exec /usr/bin/dropbearkey -t rsa -f /etc/dropbear-initramfs/id_rsa.dropbear | |
|
70 | ||
|
71 | # Convert dropbear key to openssh key | |
|
72 | chroot_exec /usr/lib/dropbear/dropbearconvert dropbear openssh /etc/dropbear-initramfs/id_rsa.dropbear /etc/dropbear-initramfs/id_rsa | |
|
73 | ||
|
74 | # Get Public Key Part | |
|
75 | chroot_exec /usr/bin/dropbearkey -y -f /etc/dropbear-initramfs/id_rsa.dropbear | chroot_exec tee /etc/dropbear-initramfs/id_rsa.pub | |
|
76 | ||
|
77 | # Delete unwanted lines | |
|
78 | sed -i '/Public/d' "${ETC_DIR}"/dropbear-initramfs/id_rsa.pub | |
|
79 | sed -i '/Fingerprint/d' "${ETC_DIR}"/dropbear-initramfs/id_rsa.pub | |
|
80 | ||
|
81 | # Trust the new key | |
|
82 | cat "${ETC_DIR}"/dropbear-initramfs/id_rsa.pub > "${ETC_DIR}"/dropbear-initramfs/authorized_keys | |
|
83 | ||
|
84 | # Save Keys - convert with putty from rsa/openssh to puttkey | |
|
85 | cp -f "${ETC_DIR}"/dropbear-initramfs/id_rsa "${BASEDIR}"/dropbear_initramfs_key.rsa | |
|
86 | ||
|
87 | # Get unlock script | |
|
88 | install_exec files/initramfs/crypt_unlock.sh "${ETC_DIR}"/initramfs-tools/hooks/crypt_unlock.sh | |
|
89 | ||
|
90 | # Enable Dropbear inside initramfs | |
|
91 | printf "#\n# DROPBEAR: [ y | n ]\n#\n\nDROPBEAR=y\n" >> "${ETC_DIR}/initramfs-tools/initramfs.conf" | |
|
92 | ||
|
93 | # Enable Dropbear inside initramfs | |
|
94 | sed -i "54 i sleep 5" "${R}"/usr/share/initramfs-tools/scripts/init-premount/dropbear | |
|
95 | fi | |
|
96 | else | |
|
41 | 97 |
|
|
42 | 98 |
|
|
99 | fi | |
|
100 | ||
|
101 | # Add cryptsetup modules to initramfs | |
|
102 | printf "#\n# CRYPTSETUP: [ y | n ]\n#\n\nCRYPTSETUP=y\n" >> "${ETC_DIR}/initramfs-tools/conf-hook" | |
|
43 | 103 | |
|
44 | 104 | # Dummy mapping required by mkinitramfs |
|
45 | echo "0 1 crypt $(echo ${CRYPTFS_CIPHER} | cut -d ':' -f 1) ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff 0 7:0 4096" | chroot_exec dmsetup create "${CRYPTFS_MAPPING}" | |
|
105 | echo "0 1 crypt $(echo "${CRYPTFS_CIPHER}" | cut -d ':' -f 1) ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff 0 7:0 4096" | chroot_exec dmsetup create "${CRYPTFS_MAPPING}" | |
|
46 | 106 | |
|
47 | 107 | # Generate initramfs with encrypted root partition support |
|
48 | 108 | chroot_exec mkinitramfs -o "/boot/firmware/initramfs-${KERNEL_VERSION}" "${KERNEL_VERSION}" |
@@ -5,16 +5,15 | |||
|
5 | 5 | # Load utility functions |
|
6 | 6 | . ./functions.sh |
|
7 | 7 | |
|
8 | if [ "$BUILD_KERNEL" = true ] ; then | |
|
9 | 8 |
|
|
10 | 9 |
|
|
11 |
|
|
|
12 |
|
|
|
13 |
|
|
|
14 |
|
|
|
15 |
|
|
|
16 |
|
|
|
17 |
|
|
|
10 | cp "${RPI_FIRMWARE_DIR}"/boot/bootcode.bin "${BOOT_DIR}"/bootcode.bin | |
|
11 | cp "${RPI_FIRMWARE_DIR}"/boot/fixup.dat "${BOOT_DIR}"/fixup.dat | |
|
12 | cp "${RPI_FIRMWARE_DIR}"/boot/fixup_cd.dat "${BOOT_DIR}"/fixup_cd.dat | |
|
13 | cp "${RPI_FIRMWARE_DIR}"/boot/fixup_x.dat "${BOOT_DIR}"/fixup_x.dat | |
|
14 | cp "${RPI_FIRMWARE_DIR}"/boot/start.elf "${BOOT_DIR}"/start.elf | |
|
15 | cp "${RPI_FIRMWARE_DIR}"/boot/start_cd.elf "${BOOT_DIR}"/start_cd.elf | |
|
16 | cp "${RPI_FIRMWARE_DIR}"/boot/start_x.elf "${BOOT_DIR}"/start_x.elf | |
|
18 | 17 |
|
|
19 | 18 |
|
|
20 | 19 |
|
@@ -38,29 +37,44 if [ "$BUILD_KERNEL" = true ] ; then | |||
|
38 | 37 |
|
|
39 | 38 |
|
|
40 | 39 |
|
|
41 | fi | |
|
42 | 40 | |
|
43 | 41 | # Setup firmware boot cmdline |
|
42 | if [ "$ENABLE_USBBOOT" = true ] ; then | |
|
43 | CMDLINE="dwc_otg.lpm_enable=0 root=/dev/sda2 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline console=tty1 rootwait init=/bin/systemd" | |
|
44 | else | |
|
44 | 45 | if [ "$ENABLE_SPLITFS" = true ] ; then |
|
45 |
CMDLINE="dwc_otg.lpm_enable=0 root=/dev/sda1 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline |
|
|
46 | CMDLINE="dwc_otg.lpm_enable=0 root=/dev/sda1 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline console=tty1 rootwait init=/bin/systemd" | |
|
46 | 47 | else |
|
47 |
CMDLINE="dwc_otg.lpm_enable=0 root=/dev/mmcblk0p2 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline |
|
|
48 | CMDLINE="dwc_otg.lpm_enable=0 root=/dev/mmcblk0p2 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline console=tty1 rootwait init=/bin/systemd" | |
|
49 | fi | |
|
48 | 50 | fi |
|
49 | 51 | |
|
50 | 52 | # Add encrypted root partition to cmdline.txt |
|
51 | 53 | if [ "$ENABLE_CRYPTFS" = true ] ; then |
|
52 | 54 | if [ "$ENABLE_SPLITFS" = true ] ; then |
|
53 | CMDLINE=$(echo ${CMDLINE} | sed "s/sda1/mapper\/${CRYPTFS_MAPPING} cryptdevice=\/dev\/sda1:${CRYPTFS_MAPPING}/") | |
|
55 | CMDLINE=$(echo "${CMDLINE}" | sed "s/sda1/mapper\/${CRYPTFS_MAPPING} cryptdevice=\/dev\/sda1:${CRYPTFS_MAPPING}/") | |
|
54 | 56 | else |
|
55 | CMDLINE=$(echo ${CMDLINE} | sed "s/mmcblk0p2/mapper\/${CRYPTFS_MAPPING} cryptdevice=\/dev\/mmcblk0p2:${CRYPTFS_MAPPING}/") | |
|
57 | if [ "$ENABLE_USBBOOT" = true ] ; then | |
|
58 | CMDLINE=$(echo "${CMDLINE}" | sed "s/sda2/mapper\/${CRYPTFS_MAPPING} cryptdevice=\/dev\/sda2:${CRYPTFS_MAPPING}/") | |
|
59 | else | |
|
60 | CMDLINE=$(echo "${CMDLINE}" | sed "s/mmcblk0p2/mapper\/${CRYPTFS_MAPPING} cryptdevice=\/dev\/mmcblk0p2:${CRYPTFS_MAPPING}/") | |
|
61 | fi | |
|
56 | 62 | fi |
|
57 | 63 | fi |
|
58 | 64 | |
|
59 | # Add serial console support | |
|
60 |
if [ "$ENABLE_ |
|
|
61 | CMDLINE="${CMDLINE} console=ttyAMA0,115200 kgdboc=ttyAMA0,115200" | |
|
65 | # Enable Kernel messages on standard output | |
|
66 | if [ "$ENABLE_PRINTK" = true ] ; then | |
|
67 | install_readonly files/sysctl.d/83-rpi-printk.conf "${ETC_DIR}/sysctl.d/83-rpi-printk.conf" | |
|
68 | fi | |
|
69 | ||
|
70 | # Enable Kernel messages on standard output | |
|
71 | if [ "$KERNEL_SECURITY" = true ] ; then | |
|
72 | install_readonly files/sysctl.d/84-rpi-ASLR.conf "${ETC_DIR}/sysctl.d/84-rpi-ASLR.conf" | |
|
62 | 73 | fi |
|
63 | 74 | |
|
75 | # Install udev rule for serial alias - serial0 = console serial1=bluetooth | |
|
76 | install_readonly files/etc/99-com.rules "${LIB_DIR}/udev/rules.d/99-com.rules" | |
|
77 | ||
|
64 | 78 | # Remove IPv6 networking support |
|
65 | 79 | if [ "$ENABLE_IPV6" = false ] ; then |
|
66 | 80 | CMDLINE="${CMDLINE} ipv6.disable=1" |
@@ -73,17 +87,160 else | |||
|
73 | 87 | CMDLINE="${CMDLINE} net.ifnames=1" |
|
74 | 88 | fi |
|
75 | 89 | |
|
76 | # Set init to systemd if required by Debian release | |
|
77 | if [ "$RELEASE" = "stretch" ] || [ "$RELEASE" = "buster" ] ; then | |
|
78 |
CMDLINE="${CMDLINE} |
|
|
90 | # Disable Raspberry Pi console logo | |
|
91 | if [ "$ENABLE_LOGO" = false ] ; then | |
|
92 | CMDLINE="${CMDLINE} logo.nologo" | |
|
79 | 93 | fi |
|
80 | 94 | |
|
81 | # Install firmware boot cmdline | |
|
82 | echo "${CMDLINE}" > "${BOOT_DIR}/cmdline.txt" | |
|
95 | # Strictly limit verbosity of boot up console messages | |
|
96 | if [ "$ENABLE_SILENT_BOOT" = true ] ; then | |
|
97 | CMDLINE="${CMDLINE} quiet loglevel=0 rd.systemd.show_status=auto rd.udev.log_priority=0" | |
|
98 | fi | |
|
83 | 99 | |
|
84 | 100 | # Install firmware config |
|
85 | 101 | install_readonly files/boot/config.txt "${BOOT_DIR}/config.txt" |
|
86 | 102 | |
|
103 | # Disable Raspberry Pi console logo | |
|
104 | if [ "$ENABLE_SLASH" = false ] ; then | |
|
105 | echo "disable_splash=1" >> "${BOOT_DIR}/config.txt" | |
|
106 | fi | |
|
107 | ||
|
108 | # Locks CPU frequency at maximum | |
|
109 | if [ "$ENABLE_TURBO" = true ] ; then | |
|
110 | echo "force_turbo=1" >> "${BOOT_DIR}/config.txt" | |
|
111 | # helps to avoid sdcard corruption when force_turbo is enabled. | |
|
112 | echo "boot_delay=1" >> "${BOOT_DIR}/config.txt" | |
|
113 | fi | |
|
114 | ||
|
115 | if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then | |
|
116 | ||
|
117 | # Bluetooth enabled | |
|
118 | if [ "$ENABLE_BLUETOOTH" = true ] ; then | |
|
119 | # Create temporary directory for Bluetooth sources | |
|
120 | temp_dir=$(as_nobody mktemp -d) | |
|
121 | ||
|
122 | # Fetch Bluetooth sources | |
|
123 | as_nobody git -C "${temp_dir}" clone "${BLUETOOTH_URL}" | |
|
124 | ||
|
125 | # Copy downloaded sources | |
|
126 | mv "${temp_dir}/pi-bluetooth" "${R}/tmp/" | |
|
127 | ||
|
128 | # Bluetooth firmware from arch aur https://aur.archlinux.org/packages/pi-bluetooth/ | |
|
129 | as_nobody wget -q -O "${R}/tmp/pi-bluetooth/LICENCE.broadcom_bcm43xx" https://aur.archlinux.org/cgit/aur.git/plain/LICENCE.broadcom_bcm43xx?h=pi-bluetooth | |
|
130 | as_nobody wget -q -O "${R}/tmp/pi-bluetooth/BCM43430A1.hcd" https://raw.githubusercontent.com/RPi-Distro/bluez-firmware/master/broadcom/BCM43430A1.hcd | |
|
131 | ||
|
132 | # Set permissions | |
|
133 | chown -R root:root "${R}/tmp/pi-bluetooth" | |
|
134 | ||
|
135 | # Install tools | |
|
136 | install_readonly "${R}/tmp/pi-bluetooth/usr/bin/btuart" "${R}/usr/bin/btuart" | |
|
137 | install_readonly "${R}/tmp/pi-bluetooth/usr/bin/bthelper" "${R}/usr/bin/bthelper" | |
|
138 | ||
|
139 | # make scripts executable | |
|
140 | chmod +x "${R}/usr/bin/bthelper" | |
|
141 | chmod +x "${R}/usr/bin/btuart" | |
|
142 | ||
|
143 | # Install bluetooth udev rule | |
|
144 | install_readonly "${R}/tmp/pi-bluetooth/lib/udev/rules.d/90-pi-bluetooth.rules" "${LIB_DIR}/udev/rules.d/90-pi-bluetooth.rules" | |
|
145 | ||
|
146 | # Install Firmware Flash file and apropiate licence | |
|
147 | mkdir -p "$BLUETOOTH_FIRMWARE_DIR" | |
|
148 | install_readonly "${R}/tmp/pi-bluetooth/LICENCE.broadcom_bcm43xx" "${BLUETOOTH_FIRMWARE_DIR}/LICENCE.broadcom_bcm43xx" | |
|
149 | install_readonly "${R}/tmp/pi-bluetooth/BCM43430A1.hcd" "${BLUETOOTH_FIRMWARE_DIR}/BCM43430A1.hcd" | |
|
150 | install_readonly "${R}/tmp/pi-bluetooth/debian/pi-bluetooth.bthelper@.service" "${ETC_DIR}/systemd/system/pi-bluetooth.bthelper@.service" | |
|
151 | install_readonly "${R}/tmp/pi-bluetooth/debian/pi-bluetooth.hciuart.service" "${ETC_DIR}/systemd/system/pi-bluetooth.hciuart.service" | |
|
152 | ||
|
153 | # Remove temporary directories | |
|
154 | rm -fr "${temp_dir}" | |
|
155 | rm -fr "${R}"/tmp/pi-bluetooth | |
|
156 | ||
|
157 | # Switch Pi3 Bluetooth function to use the mini-UART (ttyS0) and restore UART0/ttyAMA0 over GPIOs 14 & 15. Slow Bluetooth and slow cpu. Use /dev/ttyS0 instead of /dev/ttyAMA0 | |
|
158 | if [ "$ENABLE_MINIUART_OVERLAY" = true ] ; then | |
|
159 | # set overlay to swap ttyAMA0 and ttyS0 | |
|
160 | echo "dtoverlay=pi3-miniuart-bt" >> "${BOOT_DIR}/config.txt" | |
|
161 | ||
|
162 | if [ "$ENABLE_TURBO" = false ] ; then | |
|
163 | echo "core_freq=250" >> "${BOOT_DIR}/config.txt" | |
|
164 | fi | |
|
165 | ||
|
166 | fi | |
|
167 | ||
|
168 | # Activate services | |
|
169 | chroot_exec systemctl enable pi-bluetooth.hciuart.service | |
|
170 | ||
|
171 | else # if ENABLE_BLUETOOTH = false | |
|
172 | # set overlay to disable bluetooth | |
|
173 | echo "dtoverlay=pi3-disable-bt" >> "${BOOT_DIR}/config.txt" | |
|
174 | fi # ENABLE_BLUETOOTH end | |
|
175 | fi | |
|
176 | ||
|
177 | # may need sudo systemctl disable hciuart | |
|
178 | if [ "$ENABLE_CONSOLE" = true ] ; then | |
|
179 | echo "enable_uart=1" >> "${BOOT_DIR}/config.txt" | |
|
180 | # add string to cmdline | |
|
181 | CMDLINE="${CMDLINE} console=serial0,115200" | |
|
182 | ||
|
183 | if [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ]|| [ "$RPI_MODEL" = 0 ]; then | |
|
184 | # if force_turbo didn't lock cpu at high speed, lock it at low speed (XOR logic) or miniuart will be broken | |
|
185 | if [ "$ENABLE_TURBO" = false ] ; then | |
|
186 | echo "core_freq=250" >> "${BOOT_DIR}/config.txt" | |
|
187 | fi | |
|
188 | fi | |
|
189 | ||
|
190 | # Enable serial console systemd style | |
|
191 | chroot_exec systemctl enable serial-getty@serial0.service | |
|
192 | else | |
|
193 | echo "enable_uart=0" >> "${BOOT_DIR}/config.txt" | |
|
194 | fi | |
|
195 | ||
|
196 | # Disable dphys-swapfile service. Will get enabled on first boot | |
|
197 | if [ "$ENABLE_DPHYSSWAP" = true ] ; then | |
|
198 | chroot_exec systemctl disable dphys-swapfile | |
|
199 | fi | |
|
200 | ||
|
201 | if [ "$ENABLE_SYSTEMDSWAP" = true ] ; then | |
|
202 | # Create temporary directory for systemd-swap sources | |
|
203 | temp_dir=$(as_nobody mktemp -d) | |
|
204 | ||
|
205 | # Fetch systemd-swap sources | |
|
206 | as_nobody git -C "${temp_dir}" clone "${SYSTEMDSWAP_URL}" | |
|
207 | ||
|
208 | # Copy downloaded systemd-swap sources | |
|
209 | mv "${temp_dir}/systemd-swap" "${R}/tmp/" | |
|
210 | ||
|
211 | # Change into downloaded src dir | |
|
212 | cd "${R}/tmp/systemd-swap" || exit | |
|
213 | ||
|
214 | # Build package | |
|
215 | bash ./package.sh debian | |
|
216 | ||
|
217 | # Change back into script root dir | |
|
218 | cd "${WORKDIR}" || exit | |
|
219 | ||
|
220 | # Set permissions of the systemd-swap sources | |
|
221 | chown -R root:root "${R}/tmp/systemd-swap" | |
|
222 | ||
|
223 | # Install package - IMPROVE AND MAKE IT POSSIBLE WITHOUT VERSION NR. | |
|
224 | chroot_exec dpkg -i /tmp/systemd-swap/systemd-swap_4.0.1_any.deb | |
|
225 | ||
|
226 | # Enable service | |
|
227 | chroot_exec systemctl enable systemd-swap | |
|
228 | ||
|
229 | # Remove temporary directory for systemd-swap sources | |
|
230 | rm -fr "${temp_dir}" | |
|
231 | else | |
|
232 | # Enable ZSWAP in cmdline if systemd-swap is not used | |
|
233 | if [ "$KERNEL_ZSWAP" = true ] ; then | |
|
234 | CMDLINE="${CMDLINE} zswap.enabled=1 zswap.max_pool_percent=25 zswap.compressor=lz4" | |
|
235 | fi | |
|
236 | fi | |
|
237 | if [ "$KERNEL_SECURITY" = true ] ; then | |
|
238 | CMDLINE="${CMDLINE} apparmor=1 security=apparmor" | |
|
239 | fi | |
|
240 | ||
|
241 | # Install firmware boot cmdline | |
|
242 | echo "${CMDLINE}" > "${BOOT_DIR}/cmdline.txt" | |
|
243 | ||
|
87 | 244 | # Setup minimal GPU memory allocation size: 16MB (no X) |
|
88 | 245 | if [ "$ENABLE_MINGPU" = true ] ; then |
|
89 | 246 | echo "gpu_mem=16" >> "${BOOT_DIR}/config.txt" |
@@ -94,30 +251,22 if [ "$ENABLE_INITRAMFS" = true ] ; then | |||
|
94 | 251 | echo "initramfs initramfs-${KERNEL_VERSION} followkernel" >> "${BOOT_DIR}/config.txt" |
|
95 | 252 | fi |
|
96 | 253 | |
|
97 | # Disable RPi3 Bluetooth and restore ttyAMA0 serial device | |
|
98 | if [ "$RPI_MODEL" = 3 ] ; then | |
|
99 | if [ "$ENABLE_CONSOLE" = true ] && [ "$ENABLE_UBOOT" = false ] ; then | |
|
100 | echo "dtoverlay=pi3-disable-bt" >> "${BOOT_DIR}/config.txt" | |
|
101 | echo "enable_uart=1" >> "${BOOT_DIR}/config.txt" | |
|
102 | fi | |
|
103 | fi | |
|
104 | ||
|
105 | 254 | # Create firmware configuration and cmdline symlinks |
|
106 | 255 | ln -sf firmware/config.txt "${R}/boot/config.txt" |
|
107 | 256 | ln -sf firmware/cmdline.txt "${R}/boot/cmdline.txt" |
|
108 | 257 | |
|
109 | 258 | # Install and setup kernel modules to load at boot |
|
110 |
mkdir -p "${R} |
|
|
111 |
install_readonly files/modules/rpi2.conf "${R} |
|
|
259 | mkdir -p "${LIB_DIR}/modules-load.d/" | |
|
260 | install_readonly files/modules/rpi2.conf "${LIB_DIR}/modules-load.d/rpi2.conf" | |
|
112 | 261 | |
|
113 | 262 | # Load hardware random module at boot |
|
114 | 263 | if [ "$ENABLE_HWRANDOM" = true ] && [ "$BUILD_KERNEL" = false ] ; then |
|
115 |
sed -i "s/^# bcm2708_rng/bcm2708_rng/" "${R} |
|
|
264 | sed -i "s/^# bcm2708_rng/bcm2708_rng/" "${LIB_DIR}/modules-load.d/rpi2.conf" | |
|
116 | 265 | fi |
|
117 | 266 | |
|
118 | 267 | # Load sound module at boot |
|
119 | 268 | if [ "$ENABLE_SOUND" = true ] ; then |
|
120 |
sed -i "s/^# snd_bcm2835/snd_bcm2835/" "${R} |
|
|
269 | sed -i "s/^# snd_bcm2835/snd_bcm2835/" "${LIB_DIR}/modules-load.d/rpi2.conf" | |
|
121 | 270 | else |
|
122 | 271 | echo "dtparam=audio=off" >> "${BOOT_DIR}/config.txt" |
|
123 | 272 | fi |
@@ -125,21 +274,21 fi | |||
|
125 | 274 | # Enable I2C interface |
|
126 | 275 | if [ "$ENABLE_I2C" = true ] ; then |
|
127 | 276 | echo "dtparam=i2c_arm=on" >> "${BOOT_DIR}/config.txt" |
|
128 |
sed -i "s/^# i2c-bcm2708/i2c-bcm2708/" "${R} |
|
|
129 |
sed -i "s/^# i2c-dev/i2c-dev/" "${R} |
|
|
277 | sed -i "s/^# i2c-bcm2708/i2c-bcm2708/" "${LIB_DIR}/modules-load.d/rpi2.conf" | |
|
278 | sed -i "s/^# i2c-dev/i2c-dev/" "${LIB_DIR}/modules-load.d/rpi2.conf" | |
|
130 | 279 | fi |
|
131 | 280 | |
|
132 | 281 | # Enable SPI interface |
|
133 | 282 | if [ "$ENABLE_SPI" = true ] ; then |
|
134 | 283 | echo "dtparam=spi=on" >> "${BOOT_DIR}/config.txt" |
|
135 |
echo "spi-bcm2708" >> "${R} |
|
|
136 | if [ "$RPI_MODEL" = 3 ] ; then | |
|
137 |
sed -i "s/spi-bcm2708/spi-bcm2835/" "${R} |
|
|
284 | echo "spi-bcm2708" >> "${LIB_DIR}/modules-load.d/rpi2.conf" | |
|
285 | if [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ]; then | |
|
286 | sed -i "s/spi-bcm2708/spi-bcm2835/" "${LIB_DIR}/modules-load.d/rpi2.conf" | |
|
138 | 287 | fi |
|
139 | 288 | fi |
|
140 | 289 | |
|
141 | 290 | # Disable RPi2/3 under-voltage warnings |
|
142 |
if [ |
|
|
291 | if [ -n "$DISABLE_UNDERVOLT_WARNINGS" ] ; then | |
|
143 | 292 | echo "avoid_warnings=${DISABLE_UNDERVOLT_WARNINGS}" >> "${BOOT_DIR}/config.txt" |
|
144 | 293 | fi |
|
145 | 294 |
@@ -7,11 +7,11 | |||
|
7 | 7 | |
|
8 | 8 | # Install and setup hostname |
|
9 | 9 | install_readonly files/network/hostname "${ETC_DIR}/hostname" |
|
10 |
sed -i "s/^ |
|
|
10 | sed -i "s/^RaspberryPI/${HOSTNAME}/" "${ETC_DIR}/hostname" | |
|
11 | 11 | |
|
12 | 12 | # Install and setup hosts |
|
13 | 13 | install_readonly files/network/hosts "${ETC_DIR}/hosts" |
|
14 |
sed -i "s/ |
|
|
14 | sed -i "s/RaspberryPI/${HOSTNAME}/" "${ETC_DIR}/hosts" | |
|
15 | 15 | |
|
16 | 16 | # Setup hostname entry with static IP |
|
17 | 17 | if [ "$NET_ADDRESS" != "" ] ; then |
@@ -30,6 +30,16 install_readonly files/network/interfaces "${ETC_DIR}/network/interfaces" | |||
|
30 | 30 | # Install configuration for interface eth0 |
|
31 | 31 | install_readonly files/network/eth.network "${ETC_DIR}/systemd/network/eth.network" |
|
32 | 32 | |
|
33 | if [ "$RPI_MODEL" = 3P ] ; then | |
|
34 | printf "\n[Link]\nGenericReceiveOffload=off\nTCPSegmentationOffload=off\nGenericSegmentationOffload=off" >> "${ETC_DIR}/systemd/network/eth.network" | |
|
35 | fi | |
|
36 | ||
|
37 | # Install configuration for interface wl* | |
|
38 | install_readonly files/network/wlan.network "${ETC_DIR}/systemd/network/wlan.network" | |
|
39 | ||
|
40 | #always with dhcp since wpa_supplicant integration is missing | |
|
41 | sed -i -e "s/DHCP=.*/DHCP=yes/" -e "/DHCP/q" "${ETC_DIR}/systemd/network/wlan.network" | |
|
42 | ||
|
33 | 43 | if [ "$ENABLE_DHCP" = true ] ; then |
|
34 | 44 | # Enable DHCP configuration for interface eth0 |
|
35 | 45 | sed -i -e "s/DHCP=.*/DHCP=yes/" -e "/DHCP/q" "${ETC_DIR}/systemd/network/eth.network" |
@@ -55,12 +65,16 fi | |||
|
55 | 65 | |
|
56 | 66 | # Remove empty settings from network configuration |
|
57 | 67 | sed -i "/.*=\$/d" "${ETC_DIR}/systemd/network/eth.network" |
|
68 | # Remove empty settings from wlan configuration | |
|
69 | sed -i "/.*=\$/d" "${ETC_DIR}/systemd/network/wlan.network" | |
|
58 | 70 | |
|
59 | 71 | # Move systemd network configuration if required by Debian release |
|
60 | if [ "$RELEASE" = "stretch" ] || [ "$RELEASE" = "buster" ] ; then | |
|
61 | 72 |
|
|
62 | rm -fr "${ETC_DIR}/systemd/network" | |
|
73 | # If WLAN is enabled copy wlan configuration too | |
|
74 | if [ "$ENABLE_WIRELESS" = true ] ; then | |
|
75 | mv -v "${ETC_DIR}/systemd/network/wlan.network" "${LIB_DIR}/systemd/network/11-wlan.network" | |
|
63 | 76 | fi |
|
77 | rm -fr "${ETC_DIR}/systemd/network" | |
|
64 | 78 | |
|
65 | 79 | # Enable systemd-networkd service |
|
66 | 80 | chroot_exec systemctl enable systemd-networkd |
@@ -78,30 +92,45 if [ "$ENABLE_HARDNET" = true ] ; then | |||
|
78 | 92 | fi |
|
79 | 93 | |
|
80 | 94 | # Enable time sync |
|
81 | if [ "NET_NTP_1" != "" ] ; then | |
|
95 | if [ "$NET_NTP_1" != "" ] ; then | |
|
82 | 96 | chroot_exec systemctl enable systemd-timesyncd.service |
|
83 | 97 | fi |
|
84 | 98 | |
|
85 | 99 | # Download the firmware binary blob required to use the RPi3 wireless interface |
|
86 | 100 | if [ "$ENABLE_WIRELESS" = true ] ; then |
|
87 | if [ ! -d ${WLAN_FIRMWARE_DIR} ] ; then | |
|
88 | mkdir -p ${WLAN_FIRMWARE_DIR} | |
|
101 | if [ ! -d "${WLAN_FIRMWARE_DIR}" ] ; then | |
|
102 | mkdir -p "${WLAN_FIRMWARE_DIR}" | |
|
89 | 103 | fi |
|
90 | 104 | |
|
91 | 105 | # Create temporary directory for firmware binary blob |
|
92 | 106 | temp_dir=$(as_nobody mktemp -d) |
|
93 | 107 | |
|
94 | # Fetch firmware binary blob | |
|
108 | # Fetch firmware binary blob for RPI3B+ | |
|
109 | if [ "$RPI_MODEL" = 3P ] ; then | |
|
110 | # Fetch firmware binary blob for RPi3P | |
|
111 | as_nobody wget -q -O "${temp_dir}/brcmfmac43455-sdio.bin" "${WLAN_FIRMWARE_URL}/brcmfmac43455-sdio.bin" | |
|
112 | as_nobody wget -q -O "${temp_dir}/brcmfmac43455-sdio.txt" "${WLAN_FIRMWARE_URL}/brcmfmac43455-sdio.txt" | |
|
113 | as_nobody wget -q -O "${temp_dir}/brcmfmac43455-sdio.clm_blob" "${WLAN_FIRMWARE_URL}/brcmfmac43455-sdio.clm_blob" | |
|
114 | ||
|
115 | # Move downloaded firmware binary blob | |
|
116 | mv "${temp_dir}/brcmfmac43455-sdio."* "${WLAN_FIRMWARE_DIR}/" | |
|
117 | ||
|
118 | # Set permissions of the firmware binary blob | |
|
119 | chown root:root "${WLAN_FIRMWARE_DIR}/brcmfmac43455-sdio."* | |
|
120 | chmod 600 "${WLAN_FIRMWARE_DIR}/brcmfmac43455-sdio."* | |
|
121 | elif [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 0 ] ; then | |
|
122 | # Fetch firmware binary blob for RPi3 | |
|
95 | 123 | as_nobody wget -q -O "${temp_dir}/brcmfmac43430-sdio.bin" "${WLAN_FIRMWARE_URL}/brcmfmac43430-sdio.bin" |
|
96 | 124 | as_nobody wget -q -O "${temp_dir}/brcmfmac43430-sdio.txt" "${WLAN_FIRMWARE_URL}/brcmfmac43430-sdio.txt" |
|
97 | 125 | |
|
98 | 126 |
|
|
99 | 127 |
|
|
100 | 128 | |
|
101 | # Remove temporary directory for firmware binary blob | |
|
102 | rm -fr "${temp_dir}" | |
|
103 | ||
|
104 | 129 |
|
|
105 | 130 |
|
|
106 | 131 | chmod 600 "${WLAN_FIRMWARE_DIR}/brcmfmac43430-sdio."* |
|
107 | 132 | fi |
|
133 | ||
|
134 | # Remove temporary directory for firmware binary blob | |
|
135 | rm -fr "${temp_dir}" | |
|
136 | fi |
@@ -9,6 +9,11 if [ "$ENABLE_IPTABLES" = true ] ; then | |||
|
9 | 9 | # Create iptables configuration directory |
|
10 | 10 | mkdir -p "${ETC_DIR}/iptables" |
|
11 | 11 | |
|
12 | if [ "$KERNEL_NF" = false ] ; then | |
|
13 | # iptables-save and -restore are slaves of iptables and thus are set accordingly | |
|
14 | chroot_exec update-alternatives --verbose --set iptables /usr/sbin/iptables-legacy | |
|
15 | fi | |
|
16 | ||
|
12 | 17 | # Install iptables systemd service |
|
13 | 18 | install_readonly files/iptables/iptables.service "${ETC_DIR}/systemd/system/iptables.service" |
|
14 | 19 | |
@@ -23,6 +28,11 if [ "$ENABLE_IPTABLES" = true ] ; then | |||
|
23 | 28 | chroot_exec systemctl enable iptables.service |
|
24 | 29 | |
|
25 | 30 | if [ "$ENABLE_IPV6" = true ] ; then |
|
31 | if [ "$KERNEL_NF" = false ] ; then | |
|
32 | # iptables-save and -restore are slaves of iptables and thus are set accordingly | |
|
33 | chroot_exec update-alternatives --verbose --set ip6tables /usr/sbin/ip6tables-legacy | |
|
34 | fi | |
|
35 | ||
|
26 | 36 | # Install ip6tables systemd service |
|
27 | 37 | install_readonly files/iptables/ip6tables.service "${ETC_DIR}/systemd/system/ip6tables.service" |
|
28 | 38 |
@@ -6,13 +6,13 | |||
|
6 | 6 | . ./functions.sh |
|
7 | 7 | |
|
8 | 8 | # Generate crypt(3) password string |
|
9 |
ENCRYPTED_PASSWORD= |
|
|
10 |
ENCRYPTED_USER_PASSWORD= |
|
|
9 | ENCRYPTED_PASSWORD=$(mkpasswd -m sha-512 "${PASSWORD}") | |
|
10 | ENCRYPTED_USER_PASSWORD=$(mkpasswd -m sha-512 "${USER_PASSWORD}") | |
|
11 | 11 | |
|
12 | 12 | # Setup default user |
|
13 | 13 | if [ "$ENABLE_USER" = true ] ; then |
|
14 | chroot_exec adduser --gecos $USER_NAME --add_extra_groups --disabled-password $USER_NAME | |
|
15 | chroot_exec usermod -a -G sudo -p "${ENCRYPTED_USER_PASSWORD}" $USER_NAME | |
|
14 | chroot_exec adduser --gecos "$USER_NAME" --add_extra_groups --disabled-password "$USER_NAME" | |
|
15 | chroot_exec usermod -a -G sudo -p "${ENCRYPTED_USER_PASSWORD}" "$USER_NAME" | |
|
16 | 16 | fi |
|
17 | 17 | |
|
18 | 18 | # Setup root password or not |
@@ -22,8 +22,3 else | |||
|
22 | 22 | # Set no root password to disable root login |
|
23 | 23 | chroot_exec usermod -p \'!\' root |
|
24 | 24 | fi |
|
25 | ||
|
26 | # Enable serial console systemd style | |
|
27 | if [ "$ENABLE_CONSOLE" = true ] ; then | |
|
28 | chroot_exec systemctl enable serial-getty\@ttyAMA0.service | |
|
29 | fi |
@@ -28,7 +28,7 if [ "$ENABLE_SSHD" = true ] ; then | |||
|
28 | 28 | fi |
|
29 | 29 | |
|
30 | 30 | # Add SSH (v2) public key for user root |
|
31 |
if [ |
|
|
31 | if [ -n "$SSH_ROOT_PUB_KEY" ] ; then | |
|
32 | 32 | # Create root SSH config directory |
|
33 | 33 | mkdir -p "${R}/root/.ssh" |
|
34 | 34 | |
@@ -52,20 +52,20 if [ "$ENABLE_SSHD" = true ] ; then | |||
|
52 | 52 | |
|
53 | 53 | if [ "$ENABLE_USER" = true ] ; then |
|
54 | 54 | # Add SSH (v2) public key for user $USER_NAME |
|
55 |
if [ |
|
|
55 | if [ -n "$SSH_USER_PUB_KEY" ] ; then | |
|
56 | 56 | # Create $USER_NAME SSH config directory |
|
57 | 57 | mkdir -p "${R}/home/${USER_NAME}/.ssh" |
|
58 | 58 | |
|
59 | 59 | # Set permissions of $USER_NAME SSH config directory |
|
60 | 60 | chroot_exec chmod 700 "/home/${USER_NAME}/.ssh" |
|
61 | chroot_exec chown ${USER_NAME}:${USER_NAME} "/home/${USER_NAME}/.ssh" | |
|
61 | chroot_exec chown "${USER_NAME}":"${USER_NAME}" "/home/${USER_NAME}/.ssh" | |
|
62 | 62 | |
|
63 | 63 | # Add SSH (v2) public key(s) to authorized_keys file |
|
64 | 64 | cat "$SSH_USER_PUB_KEY" >> "${R}/home/${USER_NAME}/.ssh/authorized_keys" |
|
65 | 65 | |
|
66 | 66 | # Set permissions of $USER_NAME SSH config directory |
|
67 | 67 | chroot_exec chmod 600 "/home/${USER_NAME}/.ssh/authorized_keys" |
|
68 | chroot_exec chown ${USER_NAME}:${USER_NAME} "/home/${USER_NAME}/.ssh/authorized_keys" | |
|
68 | chroot_exec chown "${USER_NAME}":"${USER_NAME}" "/home/${USER_NAME}/.ssh/authorized_keys" | |
|
69 | 69 | |
|
70 | 70 | if [ "$ENABLE_REDUCE" = false ] || [ "$REDUCE_SSHD" = false ] ; then |
|
71 | 71 | # Allow SSH public key authentication |
@@ -85,7 +85,7 if [ "$ENABLE_SSHD" = true ] ; then | |||
|
85 | 85 | allowed_users="${allowed_users} ${USER_NAME}" |
|
86 | 86 | fi |
|
87 | 87 | |
|
88 |
if [ |
|
|
88 | if [ -n "$allowed_users" ] ; then | |
|
89 | 89 | echo "AllowUsers ${allowed_users}" >> "${ETC_DIR}/ssh/sshd_config" |
|
90 | 90 | fi |
|
91 | 91 | fi |
@@ -32,7 +32,7 if [ "$ENABLE_UBOOT" = true ] ; then | |||
|
32 | 32 | fi |
|
33 | 33 | |
|
34 | 34 | # Build and install U-Boot inside chroot |
|
35 | chroot_exec make -j${KERNEL_THREADS} -C /tmp/u-boot/ ${UBOOT_CONFIG} all | |
|
35 | chroot_exec make -j"${KERNEL_THREADS}" -C /tmp/u-boot/ "${UBOOT_CONFIG}" all | |
|
36 | 36 | |
|
37 | 37 | # Copy compiled bootloader binary and set config.txt to load it |
|
38 | 38 | install_exec "${R}/tmp/u-boot/tools/mkimage" "${R}/usr/sbin/mkimage" |
@@ -41,7 +41,7 if [ "$ENABLE_UBOOT" = true ] ; then | |||
|
41 | 41 | |
|
42 | 42 | # Install and setup U-Boot command file |
|
43 | 43 | install_readonly files/boot/uboot.mkimage "${BOOT_DIR}/uboot.mkimage" |
|
44 | printf "# Set the kernel boot command line\nsetenv bootargs \"earlyprintk ${CMDLINE}\"\n\n$(cat ${BOOT_DIR}/uboot.mkimage)" > "${BOOT_DIR}/uboot.mkimage" | |
|
44 | printf "# Set the kernel boot command line\nsetenv bootargs \"earlyprintk ${CMDLINE}\"\n\n$(cat "${BOOT_DIR}"/uboot.mkimage)" > "${BOOT_DIR}/uboot.mkimage" | |
|
45 | 45 | |
|
46 | 46 | if [ "$ENABLE_INITRAMFS" = true ] ; then |
|
47 | 47 | # Convert generated initramfs for U-Boot using mkimage |
@@ -51,7 +51,7 if [ "$ENABLE_UBOOT" = true ] ; then | |||
|
51 | 51 | rm -f "${BOOT_DIR}/initramfs-${KERNEL_VERSION}" |
|
52 | 52 | |
|
53 | 53 | # Configure U-Boot to load generated initramfs |
|
54 | printf "# Set initramfs file\nsetenv initramfs initramfs-${KERNEL_VERSION}.uboot\n\n$(cat ${BOOT_DIR}/uboot.mkimage)" > "${BOOT_DIR}/uboot.mkimage" | |
|
54 | printf "# Set initramfs file\nsetenv initramfs initramfs-${KERNEL_VERSION}.uboot\n\n$(cat "${BOOT_DIR}"/uboot.mkimage)" > "${BOOT_DIR}/uboot.mkimage" | |
|
55 | 55 | printf "\nbootz \${kernel_addr_r} \${ramdisk_addr_r} \${fdt_addr_r}" >> "${BOOT_DIR}/uboot.mkimage" |
|
56 | 56 | else # ENABLE_INITRAMFS=false |
|
57 | 57 | # Remove initramfs from U-Boot mkfile |
@@ -66,11 +66,33 if [ "$ENABLE_UBOOT" = true ] ; then | |||
|
66 | 66 | fi |
|
67 | 67 | fi |
|
68 | 68 | |
|
69 | if [ "$SET_ARCH" = 64 ] ; then | |
|
70 | echo "Setting up config.txt to boot 64bit uboot" | |
|
71 | { | |
|
72 | printf "\n# 64bit-mode" | |
|
73 | printf "\n# arm_control=0x200 is deprecated https://www.raspberrypi.org/documentation/configuration/config-txt/misc.md" | |
|
74 | printf "\narm_64bit=1" | |
|
75 | } >> "${BOOT_DIR}/config.txt" | |
|
76 | ||
|
77 | #in 64bit uboot booti is used instead of bootz [like in KERNEL_BIN_IMAGE=zImage (armv7)|| Image(armv8)] | |
|
78 | sed -i "s|bootz|booti|g" "${BOOT_DIR}/uboot.mkimage" | |
|
79 | fi | |
|
80 | ||
|
81 | # instead of sd, boot from usb device | |
|
82 | if [ "$ENABLE_USBBOOT" = true ] ; then | |
|
83 | sed -i "s|mmc|usb|g" "${BOOT_DIR}/uboot.mkimage" | |
|
84 | fi | |
|
85 | ||
|
69 | 86 | # Set mkfile to use the correct dtb file |
|
70 |
sed -i "s |
|
|
87 | sed -i "s|bcm2709-rpi-2-b.dtb|${DTB_FILE}|" "${BOOT_DIR}/uboot.mkimage" | |
|
88 | ||
|
89 | # Set mkfile to use the correct mach id | |
|
90 | if [ "$ENABLE_QEMU" = true ] ; then | |
|
91 | sed -i "s/^\(setenv machid \).*/\10x000008e0/" "${BOOT_DIR}/uboot.mkimage" | |
|
92 | fi | |
|
71 | 93 | |
|
72 | 94 | # Set mkfile to use kernel image |
|
73 |
sed -i "s |
|
|
95 | sed -i "s|kernel7.img|${KERNEL_IMAGE}|" "${BOOT_DIR}/uboot.mkimage" | |
|
74 | 96 | |
|
75 | 97 | # Remove all leading blank lines |
|
76 | 98 | sed -i "/./,\$!d" "${BOOT_DIR}/uboot.mkimage" |
@@ -28,12 +28,14 if [ "$ENABLE_FBTURBO" = true ] ; then | |||
|
28 | 28 | fi |
|
29 | 29 | |
|
30 | 30 | # Install Xorg build dependencies |
|
31 | ||
|
31 | 32 |
|
|
32 | 33 | chroot_exec apt-get -q -y --no-install-recommends install xorg-dev xutils-dev x11proto-dri2-dev libltdl-dev libtool automake libdrm-dev |
|
33 | 34 | elif [ "$RELEASE" = "stretch" ] || [ "$RELEASE" = "buster" ] ; then |
|
34 | 35 | chroot_exec apt-get -q -y --no-install-recommends --allow-unauthenticated install xorg-dev xutils-dev x11proto-dri2-dev libltdl-dev libtool automake libdrm-dev |
|
35 | 36 | fi |
|
36 | 37 | |
|
38 | ||
|
37 | 39 | # Build and install fbturbo driver inside chroot |
|
38 | 40 | chroot_exec /bin/bash -x <<'EOF' |
|
39 | 41 | cd /tmp/xf86-video-fbturbo |
@@ -8,30 +8,35 | |||
|
8 | 8 | # Prepare rc.firstboot script |
|
9 | 9 | cat files/firstboot/10-begin.sh > "${ETC_DIR}/rc.firstboot" |
|
10 | 10 | |
|
11 | # Ensure openssh server host keys are regenerated on first boot | |
|
12 | if [ "$ENABLE_SSHD" = true ] ; then | |
|
13 | cat files/firstboot/21-generate-ssh-keys.sh >> "${ETC_DIR}/rc.firstboot" | |
|
14 | fi | |
|
15 | ||
|
16 | 11 | # Prepare filesystem auto expand |
|
17 | 12 | if [ "$EXPANDROOT" = true ] ; then |
|
18 | 13 | if [ "$ENABLE_CRYPTFS" = false ] ; then |
|
19 |
cat files/firstboot/2 |
|
|
14 | cat files/firstboot/20-expandroot.sh >> "${ETC_DIR}/rc.firstboot" | |
|
20 | 15 | else |
|
21 | 16 | # Regenerate initramfs to remove encrypted root partition auto expand |
|
22 |
cat files/firstboot/2 |
|
|
17 | cat files/firstboot/21-regenerate-initramfs.sh >> "${ETC_DIR}/rc.firstboot" | |
|
18 | fi | |
|
19 | ||
|
20 | # Restart dphys-swapfile so the size of the swap file is relative to the resized root partition | |
|
21 | if [ "$ENABLE_DPHYSSWAP" = true ] ; then | |
|
22 | cat files/firstboot/23-restart-dphys-swapfile.sh >> "${ETC_DIR}/rc.firstboot" | |
|
23 | fi | |
|
23 | 24 |
|
|
25 | ||
|
26 | # Ensure openssh server host keys are regenerated on first boot | |
|
27 | if [ "$ENABLE_SSHD" = true ] ; then | |
|
28 | cat files/firstboot/30-generate-ssh-keys.sh >> "${ETC_DIR}/rc.firstboot" | |
|
24 | 29 | fi |
|
25 | 30 | |
|
26 | 31 | # Ensure that dbus machine-id exists |
|
27 |
cat files/firstboot/ |
|
|
32 | cat files/firstboot/40-generate-machineid.sh >> "${ETC_DIR}/rc.firstboot" | |
|
28 | 33 | |
|
29 | 34 | # Create /etc/resolv.conf symlink |
|
30 |
cat files/firstboot/ |
|
|
35 | cat files/firstboot/41-create-resolv-symlink.sh >> "${ETC_DIR}/rc.firstboot" | |
|
31 | 36 | |
|
32 | 37 | # Configure automatic network interface names |
|
33 | 38 | if [ "$ENABLE_IFNAMES" = true ] ; then |
|
34 |
cat files/firstboot/2 |
|
|
39 | cat files/firstboot/42-config-ifnames.sh >> "${ETC_DIR}/rc.firstboot" | |
|
35 | 40 | fi |
|
36 | 41 | |
|
37 | 42 | # Finalize rc.firstboot script |
@@ -25,8 +25,8 if [ "$ENABLE_REDUCE" = true ] ; then | |||
|
25 | 25 | |
|
26 | 26 | # Remove all doc files |
|
27 | 27 | if [ "$REDUCE_DOC" = true ] ; then |
|
28 | find "${R}/usr/share/doc" -depth -type f ! -name copyright | xargs rm || true | |
|
29 | find "${R}/usr/share/doc" -empty | xargs rmdir || true | |
|
28 | find "${R}/usr/share/doc" -depth -type f ! -name copyright -print0 | xargs -0 rm || true | |
|
29 | find "${R}/usr/share/doc" -empty -print0 | xargs -0 rmdir || true | |
|
30 | 30 | fi |
|
31 | 31 | |
|
32 | 32 | # Remove all man pages and info files |
@@ -36,7 +36,7 if [ "$ENABLE_REDUCE" = true ] ; then | |||
|
36 | 36 | |
|
37 | 37 | # Remove all locale translation files |
|
38 | 38 | if [ "$REDUCE_LOCALE" = true ] ; then |
|
39 | find "${R}/usr/share/locale" -mindepth 1 -maxdepth 1 ! -name 'en' | xargs rm -r | |
|
39 | find "${R}/usr/share/locale" -mindepth 1 -maxdepth 1 ! -name 'en' -print0 | xargs -0 rm -r | |
|
40 | 40 | fi |
|
41 | 41 | |
|
42 | 42 | # Remove hwdb PCI device classes (experimental) |
@@ -46,12 +46,8 if [ "$ENABLE_REDUCE" = true ] ; then | |||
|
46 | 46 | |
|
47 | 47 | # Replace bash shell by dash shell (experimental) |
|
48 | 48 | if [ "$REDUCE_BASH" = true ] ; then |
|
49 | if [ "$RELEASE" = "stretch" ] || [ "$RELEASE" = "buster" ] ; then | |
|
49 | # Purge bash and update alternatives | |
|
50 | 50 |
|
|
51 | else | |
|
52 | echo "Yes, do as I say!" | chroot_exec apt-get purge -qq -y --force-yes bash | |
|
53 | fi | |
|
54 | ||
|
55 | 51 | chroot_exec update-alternatives --install /bin/bash bash /bin/dash 100 |
|
56 | 52 | fi |
|
57 | 53 | |
@@ -60,11 +56,6 if [ "$ENABLE_REDUCE" = true ] ; then | |||
|
60 | 56 | chroot_exec apt-get -qq -y purge alsa-utils libsamplerate0 libasound2 libasound2-data |
|
61 | 57 | fi |
|
62 | 58 | |
|
63 | # Re-install tools for managing kernel modules | |
|
64 | if [ "$RELEASE" = "jessie" ] ; then | |
|
65 | chroot_exec apt-get -qq -y install module-init-tools | |
|
66 | fi | |
|
67 | ||
|
68 | 59 | # Remove GPU kernels |
|
69 | 60 | if [ "$ENABLE_MINGPU" = true ] ; then |
|
70 | 61 | rm -f "${BOOT_DIR}/start.elf" |
@@ -1,8 +1,8 | |||
|
1 |
deb http://ftp.debian.org/debian |
|
|
2 |
#deb-src http://ftp.debian.org/debian |
|
|
1 | deb http://ftp.debian.org/debian stretch main contrib | |
|
2 | #deb-src http://ftp.debian.org/debian stretch main contrib | |
|
3 | 3 | |
|
4 |
deb http://ftp.debian.org/debian/ |
|
|
5 |
#deb-src http://ftp.debian.org/debian/ |
|
|
4 | deb http://ftp.debian.org/debian/ stretch-updates main contrib | |
|
5 | #deb-src http://ftp.debian.org/debian/ stretch-updates main contrib | |
|
6 | 6 | |
|
7 |
deb http://security.debian.org/ |
|
|
8 |
#deb-src http://security.debian.org/ |
|
|
7 | deb http://security.debian.org/ stretch/updates main contrib | |
|
8 | #deb-src http://security.debian.org/ stretch/updates main contrib |
@@ -8,6 +8,7 setenv machid 0x00000c42 | |||
|
8 | 8 | saveenv |
|
9 | 9 | |
|
10 | 10 | # Load the existing Linux kernel into RAM |
|
11 | mmc dev 0 | |
|
11 | 12 | fatload mmc 0:1 ${kernel_addr_r} kernel7.img |
|
12 | 13 | fatload mmc 0:1 ${fdt_addr_r} ${dtbfile} |
|
13 | 14 | fatload mmc 0:1 ${ramdisk_addr_r} ${initramfs} |
|
1 | NO CONTENT: file renamed from files/firstboot/22-expandroot.sh to files/firstboot/20-expandroot.sh |
@@ -8,6 +8,7 INITRAMFS_UBOOT="${INITRAMFS}.uboot" | |||
|
8 | 8 | # Extract kernel arch |
|
9 | 9 | case "${KERNEL_ARCH}" in |
|
10 | 10 | arm*) KERNEL_ARCH=arm ;; |
|
11 | aarch64) KERNEL_ARCH=arm64 ;; | |
|
11 | 12 | esac |
|
12 | 13 | |
|
13 | 14 | # Regenerate initramfs |
|
1 | NO CONTENT: file renamed from files/firstboot/21-generate-ssh-keys.sh to files/firstboot/30-generate-ssh-keys.sh |
|
1 | NO CONTENT: file renamed from files/firstboot/24-generate-machineid.sh to files/firstboot/40-generate-machineid.sh |
|
1 | NO CONTENT: file renamed from files/firstboot/25-create-resolv-symlink.sh to files/firstboot/41-create-resolv-symlink.sh |
|
1 | NO CONTENT: file renamed from files/firstboot/26-config-ifnames.sh to files/firstboot/42-config-ifnames.sh |
@@ -60,14 +60,22 if [ -z "$PART_START" ] ; then | |||
|
60 | 60 | return 1 |
|
61 | 61 | fi |
|
62 | 62 | |
|
63 | # Get the current last sector of the root partition | |
|
64 | PART_END=$(parted /dev/${ROOT_DEV} -ms unit s p | grep "^${PART_NUM}" | cut -f 3 -d: | sed 's/[^0-9]//g') | |
|
65 | if [ -z "$PART_END" ] ; then | |
|
66 | log_warning_msg "${ROOT_DEV} unable to get last sector of the partition" | |
|
67 | return 1 | |
|
68 | fi | |
|
69 | ||
|
63 | 70 | # Get the possible last sector for the root partition |
|
64 | 71 | PART_LAST=$(fdisk -l /dev/${ROOT_DEV} | grep '^Disk.*sectors' | awk '{ print $7 - 1 }') |
|
65 | 72 | if [ -z "$PART_LAST" ] ; then |
|
66 | log_warning_msg "${ROOT_DEV} unable to get last sector of the partition" | |
|
73 | log_warning_msg "${ROOT_DEV} unable to get last possible sector of the partition" | |
|
67 | 74 | return 1 |
|
68 | 75 | fi |
|
69 | 76 | |
|
70 | 77 | ### Since rc.local is run with "sh -e", let's add "|| true" to prevent premature exit |
|
78 | if [ $PART_END != $PART_LAST ] ; then | |
|
71 | 79 | fdisk /dev/${ROOT_DEV} 2> /dev/null <<EOF2 || true |
|
72 | 80 | p |
|
73 | 81 | d |
@@ -83,3 +91,6 EOF2 | |||
|
83 | 91 | |
|
84 | 92 | partprobe |
|
85 | 93 | log_success_msg "Root partition successfully resized." |
|
94 | else | |
|
95 | log_success_msg "Root partition already resized." | |
|
96 | fi |
@@ -6,7 +6,7 Before=sysinit.target | |||
|
6 | 6 | |
|
7 | 7 | [Service] |
|
8 | 8 | Type=oneshot |
|
9 | ExecStart=/sbin/ip6tables-restore /etc/iptables/ip6tables.rules | |
|
9 | ExecStart=/sbin/ip6tables-restore -w 5 /etc/iptables/ip6tables.rules | |
|
10 | 10 | ExecReload=/sbin/ip6tables-restore /etc/iptables/ip6tables.rules |
|
11 | 11 | ExecStop=/etc/iptables/flush-ip6tables.sh |
|
12 | 12 | RemainAfterExit=yes |
@@ -6,7 +6,7 Before=sysinit.target | |||
|
6 | 6 | |
|
7 | 7 | [Service] |
|
8 | 8 | Type=oneshot |
|
9 | ExecStart=/sbin/iptables-restore /etc/iptables/iptables.rules | |
|
9 | ExecStart=/sbin/iptables-restore -w 5 /etc/iptables/iptables.rules | |
|
10 | 10 | ExecReload=/sbin/iptables-restore /etc/iptables/iptables.rules |
|
11 | 11 | ExecStop=/etc/iptables/flush-iptables.sh |
|
12 | 12 | RemainAfterExit=yes |
@@ -1,5 +1,5 | |||
|
1 | 1 | 127.0.0.1 localhost |
|
2 |
127.0.1.1 |
|
|
2 | 127.0.1.1 RaspberryPI | |
|
3 | 3 | |
|
4 | 4 | ::1 localhost ip6-localhost ip6-loopback |
|
5 | 5 | ff02::1 ip6-allnodes |
@@ -4,6 +4,17 cleanup (){ | |||
|
4 | 4 | set +x |
|
5 | 5 | set +e |
|
6 | 6 | |
|
7 | # Remove exports from nexmon | |
|
8 | unset KERNEL | |
|
9 | unset ARCH | |
|
10 | unset SUBARCH | |
|
11 | unset CCPLUGIN | |
|
12 | unset ZLIBFLATE | |
|
13 | unset Q | |
|
14 | unset NEXMON_SETUP_ENV | |
|
15 | unset HOSTUNAME | |
|
16 | unset PLATFORMUNAME | |
|
17 | ||
|
7 | 18 | # Identify and kill all processes still using files |
|
8 | 19 | echo "killing processes using mount point ..." |
|
9 | 20 | fuser -k "${R}" |
@@ -30,22 +41,22 cleanup (){ | |||
|
30 | 41 | |
|
31 | 42 | chroot_exec() { |
|
32 | 43 | # Exec command in chroot |
|
33 |
LANG=C LC_ALL=C DEBIAN_FRONTEND=noninteractive chroot ${R} |
|
|
44 | LANG=C LC_ALL=C DEBIAN_FRONTEND=noninteractive chroot "${R}" "$@" | |
|
34 | 45 | } |
|
35 | 46 | |
|
36 | 47 | as_nobody() { |
|
37 | 48 | # Exec command as user nobody |
|
38 |
sudo -E -u nobody LANG=C LC_ALL=C |
|
|
49 | sudo -E -u nobody LANG=C LC_ALL=C "$@" | |
|
39 | 50 | } |
|
40 | 51 | |
|
41 | 52 | install_readonly() { |
|
42 | 53 | # Install file with user read-only permissions |
|
43 |
install -o root -g root -m 644 |
|
|
54 | install -o root -g root -m 644 "$@" | |
|
44 | 55 | } |
|
45 | 56 | |
|
46 | 57 | install_exec() { |
|
47 | 58 | # Install file with root exec permissions |
|
48 |
install -o root -g root -m 744 |
|
|
59 | install -o root -g root -m 744 "$@" | |
|
49 | 60 | } |
|
50 | 61 | |
|
51 | 62 | use_template () { |
@@ -64,18 +75,48 chroot_install_cc() { | |||
|
64 | 75 | if [ -z "${COMPILER_PACKAGES}" ] ; then |
|
65 | 76 | COMPILER_PACKAGES=$(chroot_exec apt-get -s install g++ make bc | grep "^Inst " | awk -v ORS=" " '{ print $2 }') |
|
66 | 77 | |
|
78 | ||
|
67 | 79 | if [ "$RELEASE" = "jessie" ] || [ "$RELEASE" = "stretch" ] || [ "$RELEASE" = "buster" ] ; then |
|
68 | 80 | chroot_exec apt-get -q -y --no-install-recommends install ${COMPILER_PACKAGES} |
|
69 | 81 | elif [ "$RELEASE" = "stretch" ] || [ "$RELEASE" = "buster" ] ; then |
|
70 | 82 | chroot_exec apt-get -q -y --allow-unauthenticated --no-install-recommends install ${COMPILER_PACKAGES} |
|
71 | 83 | fi |
|
84 | ||
|
72 | 85 | fi |
|
73 | 86 | } |
|
74 | 87 | |
|
75 | 88 | chroot_remove_cc() { |
|
76 | 89 | # Remove c/c++ build environment from the chroot |
|
77 |
if [ |
|
|
90 | if [ -n "${COMPILER_PACKAGES}" ] ; then | |
|
78 | 91 | chroot_exec apt-get -qq -y --auto-remove purge ${COMPILER_PACKAGES} |
|
79 | 92 | COMPILER_PACKAGES="" |
|
80 | 93 | fi |
|
81 | 94 | } |
|
95 | ||
|
96 | # https://serverfault.com/a/682849 - converts e.g. /24 to 255.255.255.0 | |
|
97 | cdr2mask () | |
|
98 | { | |
|
99 | # Number of args to shift, 255..255, first non-255 byte, zeroes | |
|
100 | set -- $(( 5 - ($1 / 8) )) 255 255 255 255 $(( (255 << (8 - ($1 % 8))) & 255 )) 0 0 0 | |
|
101 | [ $1 -gt 1 ] && shift $1 || shift | |
|
102 | echo ${1-0}.${2-0}.${3-0}.${4-0} | |
|
103 | } | |
|
104 | ||
|
105 | # GPL v2.0 - #https://github.com/sakaki-/bcmrpi3-kernel-bis/blob/master/conform_config.sh | |
|
106 | set_kernel_config() { | |
|
107 | # flag as $1, value to set as $2, config must exist at "./.config" | |
|
108 | TGT="CONFIG_${1#CONFIG_}" | |
|
109 | REP="${2}" | |
|
110 | if grep -q "^${TGT}[^_]" .config; then | |
|
111 | sed -i "s/^\(${TGT}=.*\|# ${TGT} is not set\)/${TGT}=${REP}/" .config | |
|
112 | else | |
|
113 | echo "${TGT}"="${2}" >> .config | |
|
114 | fi | |
|
115 | } | |
|
116 | ||
|
117 | # unset kernel config parameter | |
|
118 | unset_kernel_config() { | |
|
119 | # unsets flag with the value of $1, config must exist at "./.config" | |
|
120 | TGT="CONFIG_${1#CONFIG_}" | |
|
121 | sed -i "s/^${TGT}=.*/# ${TGT} is not set/" .config | |
|
122 | } No newline at end of file |
@@ -1,9 +1,8 | |||
|
1 | 1 | #!/bin/sh |
|
2 | ||
|
3 | 2 | ######################################################################## |
|
4 | 3 | # rpi23-gen-image.sh 2015-2017 |
|
5 | 4 | # |
|
6 |
# Advanced Debian " |
|
|
5 | # Advanced Debian "stretch" and "buster" bootstrap script for Raspberry Pi | |
|
7 | 6 | # |
|
8 | 7 | # This program is free software; you can redistribute it and/or |
|
9 | 8 | # modify it under the terms of the GNU General Public License |
@@ -31,40 +30,22 fi | |||
|
31 | 30 | . ./functions.sh |
|
32 | 31 | |
|
33 | 32 | # Load parameters from configuration template file |
|
34 |
if [ |
|
|
33 | if [ -n "$CONFIG_TEMPLATE" ] ; then | |
|
35 | 34 | use_template |
|
36 | 35 | fi |
|
37 | 36 | |
|
38 | 37 | # Introduce settings |
|
39 | 38 | set -e |
|
40 | echo -n -e "\n#\n# RPi2/3 Bootstrap Settings\n#\n" | |
|
39 | echo -n -e "\n#\n# RPi 0/1/2/3 Bootstrap Settings\n#\n" | |
|
41 | 40 | set -x |
|
42 | 41 | |
|
43 | 42 | # Raspberry Pi model configuration |
|
44 | 43 | RPI_MODEL=${RPI_MODEL:=2} |
|
45 | RPI2_DTB_FILE=${RPI2_DTB_FILE:=bcm2709-rpi-2-b.dtb} | |
|
46 | RPI2_UBOOT_CONFIG=${RPI2_UBOOT_CONFIG:=rpi_2_defconfig} | |
|
47 | RPI3_DTB_FILE=${RPI3_DTB_FILE:=bcm2710-rpi-3-b.dtb} | |
|
48 | RPI3_UBOOT_CONFIG=${RPI3_UBOOT_CONFIG:=rpi_3_32b_defconfig} | |
|
49 | 44 | |
|
50 | 45 | # Debian release |
|
51 |
RELEASE=${RELEASE:= |
|
|
52 | KERNEL_ARCH=${KERNEL_ARCH:=arm} | |
|
53 | RELEASE_ARCH=${RELEASE_ARCH:=armhf} | |
|
54 | CROSS_COMPILE=${CROSS_COMPILE:=arm-linux-gnueabihf-} | |
|
55 | COLLABORA_KERNEL=${COLLABORA_KERNEL:=3.18.0-trunk-rpi2} | |
|
56 | if [ "$KERNEL_ARCH" = "arm64" ] ; then | |
|
57 | KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcmrpi3_defconfig} | |
|
58 | KERNEL_IMAGE=${KERNEL_IMAGE:=kernel8.img} | |
|
59 | else | |
|
60 | KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcm2709_defconfig} | |
|
61 | KERNEL_IMAGE=${KERNEL_IMAGE:=kernel7.img} | |
|
62 | fi | |
|
63 | if [ "$RELEASE_ARCH" = "arm64" ] ; then | |
|
64 | QEMU_BINARY=${QEMU_BINARY:=/usr/bin/qemu-aarch64-static} | |
|
65 | else | |
|
66 | QEMU_BINARY=${QEMU_BINARY:=/usr/bin/qemu-arm-static} | |
|
67 | fi | |
|
46 | RELEASE=${RELEASE:=buster} | |
|
47 | ||
|
48 | # Kernel Branch | |
|
68 | 49 | KERNEL_BRANCH=${KERNEL_BRANCH:=""} |
|
69 | 50 | |
|
70 | 51 | # URLs |
@@ -73,38 +54,50 FIRMWARE_URL=${FIRMWARE_URL:=https://github.com/raspberrypi/firmware/raw/master/ | |||
|
73 | 54 | WLAN_FIRMWARE_URL=${WLAN_FIRMWARE_URL:=https://github.com/RPi-Distro/firmware-nonfree/raw/master/brcm} |
|
74 | 55 | COLLABORA_URL=${COLLABORA_URL:=https://repositories.collabora.co.uk/debian} |
|
75 | 56 | FBTURBO_URL=${FBTURBO_URL:=https://github.com/ssvb/xf86-video-fbturbo.git} |
|
76 |
UBOOT_URL=${UBOOT_URL:= |
|
|
57 | UBOOT_URL=${UBOOT_URL:=https://git.denx.de/u-boot.git} | |
|
58 | VIDEOCORE_URL=${VIDEOCORE_URL:=https://github.com/raspberrypi/userland} | |
|
59 | BLUETOOTH_URL=${BLUETOOTH_URL:=https://github.com/RPi-Distro/pi-bluetooth.git} | |
|
60 | NEXMON_URL=${NEXMON_URL:=https://github.com/seemoo-lab/nexmon.git} | |
|
61 | SYSTEMDSWAP_URL=${SYSTEMDSWAP_URL:=https://github.com/Nefelim4ag/systemd-swap.git} | |
|
62 | ||
|
63 | # Kernel deb packages for 32bit kernel | |
|
64 | RPI_32_KERNEL_URL=${RPI_32_KERNEL_URL:=https://github.com/hypriot/rpi-kernel/releases/download/v4.14.34/raspberrypi-kernel_20180422-141901_armhf.deb} | |
|
65 | RPI_32_KERNELHEADER_URL=${RPI_32_KERNELHEADER_URL:=https://github.com/hypriot/rpi-kernel/releases/download/v4.14.34/raspberrypi-kernel-headers_20180422-141901_armhf.deb} | |
|
66 | # Kernel has KVM and zswap enabled - use if KERNEL_* parameters and precompiled kernel are used | |
|
67 | RPI3_64_BIS_KERNEL_URL=${RPI3_64_BIS_KERNEL_URL:=https://github.com/sakaki-/bcmrpi3-kernel-bis/releases/download/4.14.80.20181113/bcmrpi3-kernel-bis-4.14.80.20181113.tar.xz} | |
|
68 | # Default precompiled 64bit kernel | |
|
69 | RPI3_64_DEF_KERNEL_URL=${RPI3_64_DEF_KERNEL_URL:=https://github.com/sakaki-/bcmrpi3-kernel/releases/download/4.14.80.20181113/bcmrpi3-kernel-4.14.80.20181113.tar.xz} | |
|
70 | # Generic | |
|
71 | RPI3_64_KERNEL_URL=${RPI3_64_KERNEL_URL:=$RPI3_64_DEF_KERNEL_URL} | |
|
72 | # Kali kernel src - used if ENABLE_NEXMON=true (they patch the wlan kernel modul) | |
|
73 | KALI_KERNEL_URL=${KALI_KERNEL_URL:=https://github.com/Re4son/re4son-raspberrypi-linux.git} | |
|
77 | 74 | |
|
78 | 75 | # Build directories |
|
79 | BASEDIR=${BASEDIR:=$(pwd)/images/${RELEASE}} | |
|
76 | WORKDIR=$(pwd) | |
|
77 | BASEDIR=${BASEDIR:=${WORKDIR}/images/${RELEASE}} | |
|
80 | 78 | BUILDDIR="${BASEDIR}/build" |
|
81 | 79 | |
|
82 | # Prepare date string for default image file name | |
|
83 | DATE="$(date +%Y-%m-%d)" | |
|
84 | if [ -z "$KERNEL_BRANCH" ] ; then | |
|
85 | IMAGE_NAME=${IMAGE_NAME:=${BASEDIR}/${DATE}-${KERNEL_ARCH}-CURRENT-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}} | |
|
86 | else | |
|
87 | IMAGE_NAME=${IMAGE_NAME:=${BASEDIR}/${DATE}-${KERNEL_ARCH}-${KERNEL_BRANCH}-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}} | |
|
88 | fi | |
|
89 | ||
|
90 | 80 | # Chroot directories |
|
91 | 81 | R="${BUILDDIR}/chroot" |
|
92 | 82 | ETC_DIR="${R}/etc" |
|
93 | 83 | LIB_DIR="${R}/lib" |
|
94 | 84 | BOOT_DIR="${R}/boot/firmware" |
|
95 | 85 | KERNEL_DIR="${R}/usr/src/linux" |
|
96 |
WLAN_FIRMWARE_DIR="${R} |
|
|
86 | WLAN_FIRMWARE_DIR="${LIB_DIR}/firmware/brcm" | |
|
87 | BLUETOOTH_FIRMWARE_DIR="${ETC_DIR}/firmware/bt" | |
|
97 | 88 | |
|
98 | 89 | # Firmware directory: Blank if download from github |
|
99 | 90 | RPI_FIRMWARE_DIR=${RPI_FIRMWARE_DIR:=""} |
|
100 | 91 | |
|
101 | 92 | # General settings |
|
93 | SET_ARCH=${SET_ARCH:=32} | |
|
102 | 94 | HOSTNAME=${HOSTNAME:=rpi${RPI_MODEL}-${RELEASE}} |
|
103 | 95 | PASSWORD=${PASSWORD:=raspberry} |
|
104 | 96 | USER_PASSWORD=${USER_PASSWORD:=raspberry} |
|
105 | 97 | DEFLOCAL=${DEFLOCAL:="en_US.UTF-8"} |
|
106 | 98 | TIMEZONE=${TIMEZONE:="Europe/Berlin"} |
|
107 | 99 | EXPANDROOT=${EXPANDROOT:=true} |
|
100 | ENABLE_DPHYSSWAP=${ENABLE_DPHYSSWAP:=true} | |
|
108 | 101 | |
|
109 | 102 | # Keyboard settings |
|
110 | 103 | XKB_MODEL=${XKB_MODEL:=""} |
@@ -127,8 +120,12 NET_NTP_2=${NET_NTP_2:=""} | |||
|
127 | 120 | # APT settings |
|
128 | 121 | APT_PROXY=${APT_PROXY:=""} |
|
129 | 122 | APT_SERVER=${APT_SERVER:="ftp.debian.org"} |
|
123 | KEEP_APT_PROXY=${KEEP_APT_PROXY:=false} | |
|
130 | 124 | |
|
131 | 125 | # Feature settings |
|
126 | ENABLE_PRINTK=${ENABLE_PRINTK:=false} | |
|
127 | ENABLE_BLUETOOTH=${ENABLE_BLUETOOTH:=false} | |
|
128 | ENABLE_MINIUART_OVERLAY=${ENABLE_MINIUART_OVERLAY:=false} | |
|
132 | 129 | ENABLE_CONSOLE=${ENABLE_CONSOLE:=true} |
|
133 | 130 | ENABLE_I2C=${ENABLE_I2C:=false} |
|
134 | 131 | ENABLE_SPI=${ENABLE_SPI:=false} |
@@ -146,6 +143,8 ENABLE_RSYSLOG=${ENABLE_RSYSLOG:=true} | |||
|
146 | 143 | ENABLE_USER=${ENABLE_USER:=true} |
|
147 | 144 | USER_NAME=${USER_NAME:="pi"} |
|
148 | 145 | ENABLE_ROOT=${ENABLE_ROOT:=false} |
|
146 | ENABLE_QEMU=${ENABLE_QEMU:=false} | |
|
147 | ENABLE_SYSVINIT=${ENABLE_SYSVINIT:=false} | |
|
149 | 148 | |
|
150 | 149 | # SSH settings |
|
151 | 150 | SSH_ENABLE_ROOT=${SSH_ENABLE_ROOT:=false} |
@@ -155,31 +154,43 SSH_ROOT_PUB_KEY=${SSH_ROOT_PUB_KEY:=""} | |||
|
155 | 154 | SSH_USER_PUB_KEY=${SSH_USER_PUB_KEY:=""} |
|
156 | 155 | |
|
157 | 156 | # Advanced settings |
|
157 | ENABLE_SYSTEMDSWAP=${ENABLE_SYSTEMDSWAP:=false} | |
|
158 | 158 | ENABLE_MINBASE=${ENABLE_MINBASE:=false} |
|
159 | 159 | ENABLE_REDUCE=${ENABLE_REDUCE:=false} |
|
160 | 160 | ENABLE_UBOOT=${ENABLE_UBOOT:=false} |
|
161 | 161 | UBOOTSRC_DIR=${UBOOTSRC_DIR:=""} |
|
162 | ENABLE_USBBOOT=${ENABLE_USBBOOT=false} | |
|
162 | 163 | ENABLE_FBTURBO=${ENABLE_FBTURBO:=false} |
|
164 | ENABLE_VIDEOCORE=${ENABLE_VIDEOCORE:=false} | |
|
165 | ENABLE_NEXMON=${ENABLE_NEXMON:=false} | |
|
166 | VIDEOCORESRC_DIR=${VIDEOCORESRC_DIR:=""} | |
|
163 | 167 | FBTURBOSRC_DIR=${FBTURBOSRC_DIR:=""} |
|
168 | NEXMONSRC_DIR=${NEXMONSRC_DIR:=""} | |
|
164 | 169 | ENABLE_HARDNET=${ENABLE_HARDNET:=false} |
|
165 | 170 | ENABLE_IPTABLES=${ENABLE_IPTABLES:=false} |
|
166 | 171 | ENABLE_SPLITFS=${ENABLE_SPLITFS:=false} |
|
167 | 172 | ENABLE_INITRAMFS=${ENABLE_INITRAMFS:=false} |
|
168 | 173 | ENABLE_IFNAMES=${ENABLE_IFNAMES:=true} |
|
174 | ENABLE_SPLASH=${ENABLE_SPLASH:=true} | |
|
175 | ENABLE_LOGO=${ENABLE_LOGO:=true} | |
|
176 | ENABLE_SILENT_BOOT=${ENABLE_SILENT_BOOT=false} | |
|
169 | 177 | DISABLE_UNDERVOLT_WARNINGS=${DISABLE_UNDERVOLT_WARNINGS:=} |
|
170 | 178 | |
|
171 | 179 | # Kernel compilation settings |
|
172 |
BUILD_KERNEL=${BUILD_KERNEL:= |
|
|
180 | BUILD_KERNEL=${BUILD_KERNEL:=true} | |
|
173 | 181 | KERNEL_REDUCE=${KERNEL_REDUCE:=false} |
|
174 | 182 | KERNEL_THREADS=${KERNEL_THREADS:=1} |
|
175 | 183 | KERNEL_HEADERS=${KERNEL_HEADERS:=true} |
|
176 | 184 | KERNEL_MENUCONFIG=${KERNEL_MENUCONFIG:=false} |
|
177 | 185 | KERNEL_REMOVESRC=${KERNEL_REMOVESRC:=true} |
|
178 | if [ "$KERNEL_ARCH" = "arm64" ] ; then | |
|
179 |
|
|
|
180 | else | |
|
181 | KERNEL_BIN_IMAGE=${KERNEL_BIN_IMAGE:="zImage"} | |
|
182 | fi | |
|
186 | KERNEL_OLDDEFCONFIG=${KERNEL_OLDDEFCONFIG:=false} | |
|
187 | KERNEL_CCACHE=${KERNEL_CCACHE:=false} | |
|
188 | KERNEL_ZSWAP=${KERNEL_ZSWAP:=false} | |
|
189 | KERNEL_VIRT=${KERNEL_VIRT:=false} | |
|
190 | KERNEL_BPF=${KERNEL_BPF:=false} | |
|
191 | KERNEL_DEFAULT_GOV=${KERNEL_DEFAULT_GOV:=ondemand} | |
|
192 | KERNEL_SECURITY=${KERNEL_SECURITY:=false} | |
|
193 | KERNEL_NF=${KERNEL_NF:=false} | |
|
183 | 194 | |
|
184 | 195 | # Kernel compilation from source directory settings |
|
185 | 196 | KERNELSRC_DIR=${KERNELSRC_DIR:=""} |
@@ -203,16 +214,20 CRYPTFS_PASSWORD=${CRYPTFS_PASSWORD:=""} | |||
|
203 | 214 | CRYPTFS_MAPPING=${CRYPTFS_MAPPING:="secure"} |
|
204 | 215 | CRYPTFS_CIPHER=${CRYPTFS_CIPHER:="aes-xts-plain64:sha512"} |
|
205 | 216 | CRYPTFS_XTSKEYSIZE=${CRYPTFS_XTSKEYSIZE:=512} |
|
206 | ||
|
207 | # Stop the Crypto Wars | |
|
208 | DISABLE_FBI=${DISABLE_FBI:=false} | |
|
217 | #Dropbear-initramfs supports unlocking encrypted filesystem via SSH on bootup | |
|
218 | CRYPTFS_DROPBEAR=${CRYPTFS_DROPBEAR:=false} | |
|
219 | #Provide your own Dropbear Public RSA-OpenSSH Key otherwise it will be generated | |
|
220 | CRYPTFS_DROPBEAR_PUBKEY=${CRYPTFS_DROPBEAR_PUBKEY:=""} | |
|
209 | 221 | |
|
210 | 222 | # Chroot scripts directory |
|
211 | 223 | CHROOT_SCRIPTS=${CHROOT_SCRIPTS:=""} |
|
212 | 224 | |
|
213 | 225 | # Packages required in the chroot build environment |
|
214 | 226 | APT_INCLUDES=${APT_INCLUDES:=""} |
|
215 | APT_INCLUDES="${APT_INCLUDES},apt-transport-https,apt-utils,ca-certificates,debian-archive-keyring,dialog,sudo,systemd,sysvinit-utils" | |
|
227 | APT_INCLUDES="${APT_INCLUDES},apt-transport-https,apt-utils,ca-certificates,debian-archive-keyring,dialog,sudo,systemd,sysvinit-utils,locales,keyboard-configuration,console-setup,libnss-systemd" | |
|
228 | ||
|
229 | # Packages to exclude from chroot build environment | |
|
230 | APT_EXCLUDES=${APT_EXCLUDES:=""} | |
|
216 | 231 | |
|
217 | 232 | # Packages required for bootstrapping |
|
218 | 233 | REQUIRED_PACKAGES="debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git bc psmisc dbus sudo" |
@@ -221,63 +236,177 MISSING_PACKAGES="" | |||
|
221 | 236 | # Packages installed for c/c++ build environment in chroot (keep empty) |
|
222 | 237 | COMPILER_PACKAGES="" |
|
223 | 238 | |
|
224 | set +x | |
|
239 | # Check if apt-cacher-ng has port 3142 open and set APT_PROXY | |
|
240 | APT_CACHER_RUNNING=$(lsof -i :3142 | cut -d ' ' -f3 | uniq | sed '/^\s*$/d') | |
|
241 | if [ "${APT_CACHER_RUNNING}" = "apt-cacher-ng" ] ; then | |
|
242 | APT_PROXY=http://127.0.0.1:3142/ | |
|
243 | fi | |
|
244 | ||
|
245 | # Setup architecture specific settings | |
|
246 | if [ -n "$SET_ARCH" ] ; then | |
|
247 | # 64-bit configuration | |
|
248 | if [ "$SET_ARCH" = 64 ] ; then | |
|
249 | # General 64-bit depended settings | |
|
250 | QEMU_BINARY=${QEMU_BINARY:=/usr/bin/qemu-aarch64-static} | |
|
251 | KERNEL_ARCH=${KERNEL_ARCH:=arm64} | |
|
252 | KERNEL_BIN_IMAGE=${KERNEL_BIN_IMAGE:="Image"} | |
|
225 | 253 | |
|
226 |
|
|
|
227 | if [ "$RPI_MODEL" = 2 ] ; then | |
|
228 | DTB_FILE=${RPI2_DTB_FILE} | |
|
229 | UBOOT_CONFIG=${RPI2_UBOOT_CONFIG} | |
|
230 | elif [ "$RPI_MODEL" = 3 ] ; then | |
|
231 | DTB_FILE=${RPI3_DTB_FILE} | |
|
232 | UBOOT_CONFIG=${RPI3_UBOOT_CONFIG} | |
|
233 | BUILD_KERNEL=true | |
|
254 | # Raspberry Pi model specific settings | |
|
255 | if [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] || [ "$RPI_MODEL" = 4 ] ; then | |
|
256 | if [ "$RPI_MODEL" != 4 ] ; then | |
|
257 | KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcmrpi3_defconfig} | |
|
258 | else | |
|
259 | KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcm2711_defconfig} | |
|
260 | fi | |
|
261 | ||
|
262 | REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-arm64" | |
|
263 | RELEASE_ARCH=${RELEASE_ARCH:=arm64} | |
|
264 | KERNEL_IMAGE=${KERNEL_IMAGE:=kernel8.img} | |
|
265 | CROSS_COMPILE=${CROSS_COMPILE:=aarch64-linux-gnu-} | |
|
266 | else | |
|
267 | echo "error: Only Raspberry PI 3, 3B+ and 4 support 64-bit" | |
|
268 | exit 1 | |
|
269 | fi | |
|
270 | fi | |
|
271 | ||
|
272 | # 32-bit configuration | |
|
273 | if [ "$SET_ARCH" = 32 ] ; then | |
|
274 | # General 32-bit dependend settings | |
|
275 | QEMU_BINARY=${QEMU_BINARY:=/usr/bin/qemu-arm-static} | |
|
276 | KERNEL_ARCH=${KERNEL_ARCH:=arm} | |
|
277 | KERNEL_BIN_IMAGE=${KERNEL_BIN_IMAGE:="zImage"} | |
|
278 | ||
|
279 | # Raspberry Pi model specific settings | |
|
280 | if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 1 ] || [ "$RPI_MODEL" = 1P ] ; then | |
|
281 | REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-armel" | |
|
282 | KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcmrpi_defconfig} | |
|
283 | RELEASE_ARCH=${RELEASE_ARCH:=armel} | |
|
284 | KERNEL_IMAGE=${KERNEL_IMAGE:=kernel.img} | |
|
285 | CROSS_COMPILE=${CROSS_COMPILE:=arm-linux-gnueabi-} | |
|
286 | fi | |
|
287 | ||
|
288 | # Raspberry Pi model specific settings | |
|
289 | if [ "$RPI_MODEL" = 2 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] || [ "$RPI_MODEL" = 4 ] ; then | |
|
290 | if [ "$RPI_MODEL" != 4 ] ; then | |
|
291 | KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcm2709_defconfig} | |
|
292 | else | |
|
293 | KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcm2711_defconfig} | |
|
294 | fi | |
|
295 | ||
|
296 | REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-armhf" | |
|
297 | RELEASE_ARCH=${RELEASE_ARCH:=armhf} | |
|
298 | KERNEL_IMAGE=${KERNEL_IMAGE:=kernel7.img} | |
|
299 | CROSS_COMPILE=${CROSS_COMPILE:=arm-linux-gnueabihf-} | |
|
300 | fi | |
|
301 | fi | |
|
302 | # SET_ARCH not set | |
|
234 | 303 | else |
|
235 | echo "error: Raspberry Pi model ${RPI_MODEL} is not supported!" | |
|
304 | echo "error: Please set '32' or '64' as value for SET_ARCH" | |
|
305 | exit 1 | |
|
306 | fi | |
|
307 | # Device specific configuration and U-Boot configuration | |
|
308 | case "$RPI_MODEL" in | |
|
309 | 0) | |
|
310 | DTB_FILE=${DTB_FILE:=bcm2708-rpi-0-w.dtb} | |
|
311 | UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_defconfig} | |
|
312 | ;; | |
|
313 | 1) | |
|
314 | DTB_FILE=${DTB_FILE:=bcm2708-rpi-b.dtb} | |
|
315 | UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_defconfig} | |
|
316 | ;; | |
|
317 | 1P) | |
|
318 | DTB_FILE=${DTB_FILE:=bcm2708-rpi-b-plus.dtb} | |
|
319 | UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_defconfig} | |
|
320 | ;; | |
|
321 | 2) | |
|
322 | DTB_FILE=${DTB_FILE:=bcm2709-rpi-2-b.dtb} | |
|
323 | UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_2_defconfig} | |
|
324 | ;; | |
|
325 | 3) | |
|
326 | DTB_FILE=${DTB_FILE:=bcm2710-rpi-3-b.dtb} | |
|
327 | UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_3_defconfig} | |
|
328 | ;; | |
|
329 | 3P) | |
|
330 | DTB_FILE=${DTB_FILE:=bcm2710-rpi-3-b.dtb} | |
|
331 | UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_3_defconfig} | |
|
332 | ;; | |
|
333 | 4) | |
|
334 | DTB_FILE=${DTB_FILE:=bcm2711-rpi-4-b.dtb} | |
|
335 | UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_4_defconfig} | |
|
336 | ;; | |
|
337 | *) | |
|
338 | echo "error: Raspberry Pi model $RPI_MODEL is not supported!" | |
|
339 | exit 1 | |
|
340 | ;; | |
|
341 | esac | |
|
342 | ||
|
343 | # Raspberry PI 0,3,3P with Bluetooth and Wifi onboard | |
|
344 | if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] || [ "$RPI_MODEL" = 4 ] ; then | |
|
345 | # Include bluetooth packages on supported boards | |
|
346 | if [ "$ENABLE_BLUETOOTH" = true ] ; then | |
|
347 | APT_INCLUDES="${APT_INCLUDES},bluetooth,bluez" | |
|
348 | fi | |
|
349 | if [ "$ENABLE_WIRELESS" = true ] ; then | |
|
350 | APT_INCLUDES="${APT_INCLUDES},wireless-tools,crda,wireless-regdb" | |
|
351 | fi | |
|
352 | else # Raspberry PI 1,1P,2 without Wifi and bluetooth onboard | |
|
353 | # Check if the internal wireless interface is not supported by the RPi model | |
|
354 | if [ "$ENABLE_WIRELESS" = true ] || [ "$ENABLE_BLUETOOTH" = true ]; then | |
|
355 | echo "error: The selected Raspberry Pi model has no integrated interface for wireless or bluetooth" | |
|
236 | 356 | exit 1 |
|
237 | 357 | fi |
|
358 | fi | |
|
238 | 359 | |
|
239 | # Check if the internal wireless interface is supported by the RPi model | |
|
240 | if [ "$ENABLE_WIRELESS" = true ] && [ "$RPI_MODEL" != 3 ] ; then | |
|
241 | echo "error: The selected Raspberry Pi model has no internal wireless interface" | |
|
360 | if [ "$BUILD_KERNEL" = false ] && [ "$ENABLE_NEXMON" = true ]; then | |
|
361 | echo "error: You have to compile kernel sources, if you want to enable nexmon" | |
|
242 | 362 | exit 1 |
|
243 | 363 | fi |
|
244 | 364 | |
|
365 | # Prepare date string for default image file name | |
|
366 | DATE="$(date +%Y-%m-%d)" | |
|
367 | if [ -z "$KERNEL_BRANCH" ] ; then | |
|
368 | IMAGE_NAME=${IMAGE_NAME:=${BASEDIR}/${DATE}-${KERNEL_ARCH}-CURRENT-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}} | |
|
369 | else | |
|
370 | IMAGE_NAME=${IMAGE_NAME:=${BASEDIR}/${DATE}-${KERNEL_ARCH}-${KERNEL_BRANCH}-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}} | |
|
371 | fi | |
|
372 | ||
|
245 | 373 | # Check if DISABLE_UNDERVOLT_WARNINGS parameter value is supported |
|
246 |
if [ |
|
|
374 | if [ -n "$DISABLE_UNDERVOLT_WARNINGS" ] ; then | |
|
247 | 375 | if [ "$DISABLE_UNDERVOLT_WARNINGS" != 1 ] && [ "$DISABLE_UNDERVOLT_WARNINGS" != 2 ] ; then |
|
248 | 376 | echo "error: DISABLE_UNDERVOLT_WARNINGS=${DISABLE_UNDERVOLT_WARNINGS} is not supported" |
|
249 | 377 | exit 1 |
|
250 | 378 | fi |
|
251 | 379 | fi |
|
252 | 380 | |
|
253 | # Build RPi2/3 Linux kernel if required by Debian release | |
|
254 | if [ "$RELEASE" = "stretch" ] || [ "$RELEASE" = "buster" ] ; then | |
|
255 | BUILD_KERNEL=true | |
|
381 | # Add cmake to compile videocore sources | |
|
382 | if [ "$ENABLE_VIDEOCORE" = true ] ; then | |
|
383 | REQUIRED_PACKAGES="${REQUIRED_PACKAGES} cmake" | |
|
256 | 384 | fi |
|
257 | 385 | |
|
258 | # Add packages required for kernel cross compilation | |
|
259 |
if [ "$ |
|
|
260 | if [ "$KERNEL_ARCH" = "arm" ] ; then | |
|
261 | REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-armhf" | |
|
262 | else | |
|
263 | REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-arm64" | |
|
264 | fi | |
|
386 | # Add deps for nexmon | |
|
387 | if [ "$ENABLE_NEXMON" = true ] ; then | |
|
388 | REQUIRED_PACKAGES="${REQUIRED_PACKAGES} libgmp3-dev gawk qpdf bison flex make autoconf automake build-essential libtool" | |
|
265 | 389 | fi |
|
266 | 390 | |
|
267 | 391 | # Add libncurses5 to enable kernel menuconfig |
|
268 | 392 | if [ "$KERNEL_MENUCONFIG" = true ] ; then |
|
269 |
REQUIRED_PACKAGES="${REQUIRED_PACKAGES} libncurses |
|
|
393 | REQUIRED_PACKAGES="${REQUIRED_PACKAGES} libncurses-dev" | |
|
270 | 394 | fi |
|
271 | 395 | |
|
272 | # Stop the Crypto Wars | |
|
273 |
if [ "$ |
|
|
274 | ENABLE_CRYPTFS=true | |
|
396 | # Add ccache compiler cache for (faster) kernel cross (re)compilation | |
|
397 | if [ "$KERNEL_CCACHE" = true ] ; then | |
|
398 | REQUIRED_PACKAGES="${REQUIRED_PACKAGES} ccache" | |
|
275 | 399 | fi |
|
276 | 400 | |
|
277 | 401 | # Add cryptsetup package to enable filesystem encryption |
|
278 | 402 | if [ "$ENABLE_CRYPTFS" = true ] && [ "$BUILD_KERNEL" = true ] ; then |
|
279 | 403 | REQUIRED_PACKAGES="${REQUIRED_PACKAGES} cryptsetup" |
|
280 | APT_INCLUDES="${APT_INCLUDES},cryptsetup" | |
|
404 | APT_INCLUDES="${APT_INCLUDES},cryptsetup,busybox,console-setup" | |
|
405 | ||
|
406 | # If cryptfs,dropbear and initramfs are enabled include dropbear-initramfs package | |
|
407 | if [ "$CRYPTFS_DROPBEAR" = true ] && [ "$ENABLE_INITRAMFS" = true ]; then | |
|
408 | APT_INCLUDES="${APT_INCLUDES},dropbear-initramfs" | |
|
409 | fi | |
|
281 | 410 | |
|
282 | 411 | if [ -z "$CRYPTFS_PASSWORD" ] ; then |
|
283 | 412 | echo "error: no password defined (CRYPTFS_PASSWORD)!" |
@@ -293,11 +422,18 fi | |||
|
293 | 422 | |
|
294 | 423 | # Add device-tree-compiler required for building the U-Boot bootloader |
|
295 | 424 | if [ "$ENABLE_UBOOT" = true ] ; then |
|
296 | APT_INCLUDES="${APT_INCLUDES},device-tree-compiler" | |
|
425 | APT_INCLUDES="${APT_INCLUDES},device-tree-compiler,bison,flex,bc" | |
|
426 | fi | |
|
427 | ||
|
428 | if [ "$ENABLE_USBBOOT" = true ] ; then | |
|
429 | if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 1P ] || [ "$RPI_MODEL" = 1 ] || [ "$RPI_MODEL" = 2 ]; then | |
|
430 | echo "error: Booting from USB alone is only supported by Raspberry Pi 3 and 3P" | |
|
431 | exit 1 | |
|
432 | fi | |
|
297 | 433 | fi |
|
298 | 434 | |
|
299 | 435 | # Check if root SSH (v2) public key file exists |
|
300 |
if [ |
|
|
436 | if [ -n "$SSH_ROOT_PUB_KEY" ] ; then | |
|
301 | 437 | if [ ! -f "$SSH_ROOT_PUB_KEY" ] ; then |
|
302 | 438 | echo "error: '$SSH_ROOT_PUB_KEY' specified SSH public key file not found (SSH_ROOT_PUB_KEY)!" |
|
303 | 439 | exit 1 |
@@ -305,16 +441,21 if [ ! -z "$SSH_ROOT_PUB_KEY" ] ; then | |||
|
305 | 441 | fi |
|
306 | 442 | |
|
307 | 443 | # Check if $USER_NAME SSH (v2) public key file exists |
|
308 |
if [ |
|
|
444 | if [ -n "$SSH_USER_PUB_KEY" ] ; then | |
|
309 | 445 | if [ ! -f "$SSH_USER_PUB_KEY" ] ; then |
|
310 | 446 | echo "error: '$SSH_USER_PUB_KEY' specified SSH public key file not found (SSH_USER_PUB_KEY)!" |
|
311 | 447 | exit 1 |
|
312 | 448 | fi |
|
313 | 449 | fi |
|
314 | 450 | |
|
451 | if [ "$ENABLE_NEXMON" = true ] && [ -n "$KERNEL_BRANCH" ] ; then | |
|
452 | echo "error: Please unset KERNEL_BRANCH if using ENABLE_NEXMON" | |
|
453 | exit 1 | |
|
454 | fi | |
|
455 | ||
|
315 | 456 | # Check if all required packages are installed on the build system |
|
316 | 457 | for package in $REQUIRED_PACKAGES ; do |
|
317 |
if [ " |
|
|
458 | if [ "$(dpkg-query -W -f='${Status}' "$package")" != "install ok installed" ] ; then | |
|
318 | 459 | MISSING_PACKAGES="${MISSING_PACKAGES} $package" |
|
319 | 460 | fi |
|
320 | 461 | done |
@@ -324,12 +465,12 if [ -n "$MISSING_PACKAGES" ] ; then | |||
|
324 | 465 | echo "the following packages needed by this script are not installed:" |
|
325 | 466 | echo "$MISSING_PACKAGES" |
|
326 | 467 | |
|
327 |
|
|
|
328 | read confirm | |
|
468 | printf "\ndo you want to install the missing packages right now? [y/n] " | |
|
469 | read -r confirm | |
|
329 | 470 | [ "$confirm" != "y" ] && exit 1 |
|
330 | 471 | |
|
331 | 472 | # Make sure all missing required packages are installed |
|
332 | apt-get -qq -y install ${MISSING_PACKAGES} | |
|
473 | apt-get -qq -y install `echo "${MISSING_PACKAGES}" | sed "s/ //"` | |
|
333 | 474 | fi |
|
334 | 475 | |
|
335 | 476 | # Check if ./bootstrap.d directory exists |
@@ -356,12 +497,24 if [ -n "$UBOOTSRC_DIR" ] && [ ! -d "$UBOOTSRC_DIR" ] ; then | |||
|
356 | 497 | exit 1 |
|
357 | 498 | fi |
|
358 | 499 | |
|
500 | # Check if specified VIDEOCORESRC_DIR directory exists | |
|
501 | if [ -n "$VIDEOCORESRC_DIR" ] && [ ! -d "$VIDEOCORESRC_DIR" ] ; then | |
|
502 | echo "error: '${VIDEOCORESRC_DIR}' specified directory not found (VIDEOCORESRC_DIR)!" | |
|
503 | exit 1 | |
|
504 | fi | |
|
505 | ||
|
359 | 506 | # Check if specified FBTURBOSRC_DIR directory exists |
|
360 | 507 | if [ -n "$FBTURBOSRC_DIR" ] && [ ! -d "$FBTURBOSRC_DIR" ] ; then |
|
361 | 508 | echo "error: '${FBTURBOSRC_DIR}' specified directory not found (FBTURBOSRC_DIR)!" |
|
362 | 509 | exit 1 |
|
363 | 510 | fi |
|
364 | 511 | |
|
512 | # Check if specified NEXMONSRC_DIR directory exists | |
|
513 | if [ -n "$NEXMONSRC_DIR" ] && [ ! -d "$NEXMONSRC_DIR" ] ; then | |
|
514 | echo "error: '${NEXMONSRC_DIR}' specified directory not found (NEXMONSRC_DIR)!" | |
|
515 | exit 1 | |
|
516 | fi | |
|
517 | ||
|
365 | 518 | # Check if specified CHROOT_SCRIPTS directory exists |
|
366 | 519 | if [ -n "$CHROOT_SCRIPTS" ] && [ ! -d "$CHROOT_SCRIPTS" ] ; then |
|
367 | 520 | echo "error: ${CHROOT_SCRIPTS} specified directory not found (CHROOT_SCRIPTS)!" |
@@ -384,7 +537,7 fi | |||
|
384 | 537 | mkdir -p "${R}" |
|
385 | 538 | |
|
386 | 539 | # Check if build directory has enough of free disk space >512MB |
|
387 | if [ "$(df --output=avail ${BUILDDIR} | sed "1d")" -le "524288" ] ; then | |
|
540 | if [ "$(df --output=avail "${BUILDDIR}" | sed "1d")" -le "524288" ] ; then | |
|
388 | 541 | echo "error: ${BUILDDIR} not enough space left to generate the output image!" |
|
389 | 542 | exit 1 |
|
390 | 543 | fi |
@@ -399,16 +552,16 if [ "$ENABLE_MINBASE" = true ] ; then | |||
|
399 | 552 | APT_INCLUDES="${APT_INCLUDES},vim-tiny,netbase,net-tools,ifupdown" |
|
400 | 553 | fi |
|
401 | 554 | |
|
402 | # Add required locales packages | |
|
403 | if [ "$DEFLOCAL" != "en_US.UTF-8" ] ; then | |
|
404 | APT_INCLUDES="${APT_INCLUDES},locales,keyboard-configuration,console-setup" | |
|
405 | fi | |
|
406 | ||
|
407 | 555 | # Add parted package, required to get partprobe utility |
|
408 | 556 | if [ "$EXPANDROOT" = true ] ; then |
|
409 | 557 | APT_INCLUDES="${APT_INCLUDES},parted" |
|
410 | 558 | fi |
|
411 | 559 | |
|
560 | # Add dphys-swapfile package, required to enable swap | |
|
561 | if [ "$ENABLE_DPHYSSWAP" = true ] ; then | |
|
562 | APT_INCLUDES="${APT_INCLUDES},dphys-swapfile" | |
|
563 | fi | |
|
564 | ||
|
412 | 565 | # Add dbus package, recommended if using systemd |
|
413 | 566 | if [ "$ENABLE_DBUS" = true ] ; then |
|
414 | 567 | APT_INCLUDES="${APT_INCLUDES},dbus" |
@@ -416,7 +569,11 fi | |||
|
416 | 569 | |
|
417 | 570 | # Add iptables IPv4/IPv6 package |
|
418 | 571 | if [ "$ENABLE_IPTABLES" = true ] ; then |
|
419 | APT_INCLUDES="${APT_INCLUDES},iptables" | |
|
572 | APT_INCLUDES="${APT_INCLUDES},iptables,iptables-persistent" | |
|
573 | fi | |
|
574 | # Add apparmor for KERNEL_SECURITY | |
|
575 | if [ "$KERNEL_SECURITY" = true ] ; then | |
|
576 | APT_INCLUDES="${APT_INCLUDES},apparmor,apparmor-utils,apparmor-profiles,apparmor-profiles-extra,libapparmor-perl" | |
|
420 | 577 | fi |
|
421 | 578 | |
|
422 | 579 | # Add openssh server package |
@@ -462,12 +619,13 if [ "$ENABLE_REDUCE" = true ] ; then | |||
|
462 | 619 | |
|
463 | 620 | # Add dropbear package instead of openssh-server |
|
464 | 621 | if [ "$REDUCE_SSHD" = true ] ; then |
|
465 | APT_INCLUDES="$(echo ${APT_INCLUDES} | sed "s/openssh-server/dropbear/")" | |
|
622 | APT_INCLUDES="$(echo "${APT_INCLUDES}" | sed "s/openssh-server/dropbear/")" | |
|
466 | 623 | fi |
|
467 | 624 | fi |
|
468 | 625 | |
|
469 | if [ "$RELEASE" != "jessie" ] ; then | |
|
470 | APT_INCLUDES="${APT_INCLUDES},libnss-systemd" | |
|
626 | # Configure systemd-sysv exclude to make halt/reboot/shutdown scripts available | |
|
627 | if [ "$ENABLE_SYSVINIT" = false ] ; then | |
|
628 | APT_EXCLUDES="--exclude=${APT_EXCLUDES},init,systemd-sysv" | |
|
471 | 629 | fi |
|
472 | 630 | |
|
473 | 631 | # Configure kernel sources if no KERNELSRC_DIR |
@@ -480,6 +638,16 if [ "$KERNEL_REDUCE" = true ] ; then | |||
|
480 | 638 | KERNELSRC_CONFIG=false |
|
481 | 639 | fi |
|
482 | 640 | |
|
641 | # Configure qemu compatible kernel | |
|
642 | if [ "$ENABLE_QEMU" = true ] ; then | |
|
643 | DTB_FILE=vexpress-v2p-ca15_a7.dtb | |
|
644 | UBOOT_CONFIG=vexpress_ca15_tc2_defconfig | |
|
645 | KERNEL_DEFCONFIG="vexpress_defconfig" | |
|
646 | if [ "$KERNEL_MENUCONFIG" = false ] ; then | |
|
647 | KERNEL_OLDDEFCONFIG=true | |
|
648 | fi | |
|
649 | fi | |
|
650 | ||
|
483 | 651 | # Execute bootstrap scripts |
|
484 | 652 | for SCRIPT in bootstrap.d/*.sh; do |
|
485 | 653 | head -n 3 "$SCRIPT" |
@@ -509,11 +677,6 fi | |||
|
509 | 677 | # Remove c/c++ build environment from the chroot |
|
510 | 678 | chroot_remove_cc |
|
511 | 679 | |
|
512 | # Remove apt-utils | |
|
513 | if [ "$RELEASE" = "jessie" ] ; then | |
|
514 | chroot_exec apt-get purge -qq -y --force-yes apt-utils | |
|
515 | fi | |
|
516 | ||
|
517 | 680 | # Generate required machine-id |
|
518 | 681 | MACHINE_ID=$(dbus-uuidgen) |
|
519 | 682 | echo -n "${MACHINE_ID}" > "${R}/var/lib/dbus/machine-id" |
@@ -532,13 +695,17 umount -l "${R}/sys" | |||
|
532 | 695 | rm -rf "${R}/run/*" |
|
533 | 696 | rm -rf "${R}/tmp/*" |
|
534 | 697 | |
|
698 | # Clean up APT proxy settings | |
|
699 | if [ "$KEEP_APT_PROXY" = false ] ; then | |
|
700 | rm -f "${ETC_DIR}/apt/apt.conf.d/10proxy" | |
|
701 | fi | |
|
702 | ||
|
535 | 703 | # Clean up files |
|
536 | 704 | rm -f "${ETC_DIR}/ssh/ssh_host_*" |
|
537 | 705 | rm -f "${ETC_DIR}/dropbear/dropbear_*" |
|
538 | 706 | rm -f "${ETC_DIR}/apt/sources.list.save" |
|
539 | 707 | rm -f "${ETC_DIR}/resolvconf/resolv.conf.d/original" |
|
540 | 708 | rm -f "${ETC_DIR}/*-" |
|
541 | rm -f "${ETC_DIR}/apt/apt.conf.d/10proxy" | |
|
542 | 709 | rm -f "${ETC_DIR}/resolv.conf" |
|
543 | 710 | rm -f "${R}/root/.bash_history" |
|
544 | 711 | rm -f "${R}/var/lib/urandom/random-seed" |
@@ -546,28 +713,76 rm -f "${R}/initrd.img" | |||
|
546 | 713 | rm -f "${R}/vmlinuz" |
|
547 | 714 | rm -f "${R}${QEMU_BINARY}" |
|
548 | 715 | |
|
716 | if [ "$ENABLE_QEMU" = true ] ; then | |
|
717 | # Setup QEMU directory | |
|
718 | mkdir "${BASEDIR}/qemu" | |
|
719 | ||
|
720 | # Copy kernel image to QEMU directory | |
|
721 | install_readonly "${BOOT_DIR}/${KERNEL_IMAGE}" "${BASEDIR}/qemu/${KERNEL_IMAGE}" | |
|
722 | ||
|
723 | # Copy kernel config to QEMU directory | |
|
724 | install_readonly "${R}/boot/config-${KERNEL_VERSION}" "${BASEDIR}/qemu/config-${KERNEL_VERSION}" | |
|
725 | ||
|
726 | # Copy kernel dtbs to QEMU directory | |
|
727 | for dtb in "${BOOT_DIR}/"*.dtb ; do | |
|
728 | if [ -f "${dtb}" ] ; then | |
|
729 | install_readonly "${dtb}" "${BASEDIR}/qemu/" | |
|
730 | fi | |
|
731 | done | |
|
732 | ||
|
733 | # Copy kernel overlays to QEMU directory | |
|
734 | if [ -d "${BOOT_DIR}/overlays" ] ; then | |
|
735 | # Setup overlays dtbs directory | |
|
736 | mkdir "${BASEDIR}/qemu/overlays" | |
|
737 | ||
|
738 | for dtb in "${BOOT_DIR}/overlays/"*.dtbo ; do | |
|
739 | if [ -f "${dtb}" ] ; then | |
|
740 | install_readonly "${dtb}" "${BASEDIR}/qemu/overlays/" | |
|
741 | fi | |
|
742 | done | |
|
743 | fi | |
|
744 | ||
|
745 | # Copy u-boot files to QEMU directory | |
|
746 | if [ "$ENABLE_UBOOT" = true ] ; then | |
|
747 | if [ -f "${BOOT_DIR}/u-boot.bin" ] ; then | |
|
748 | install_readonly "${BOOT_DIR}/u-boot.bin" "${BASEDIR}/qemu/u-boot.bin" | |
|
749 | fi | |
|
750 | if [ -f "${BOOT_DIR}/uboot.mkimage" ] ; then | |
|
751 | install_readonly "${BOOT_DIR}/uboot.mkimage" "${BASEDIR}/qemu/uboot.mkimage" | |
|
752 | fi | |
|
753 | if [ -f "${BOOT_DIR}/boot.scr" ] ; then | |
|
754 | install_readonly "${BOOT_DIR}/boot.scr" "${BASEDIR}/qemu/boot.scr" | |
|
755 | fi | |
|
756 | fi | |
|
757 | ||
|
758 | # Copy initramfs to QEMU directory | |
|
759 | if [ -f "${BOOT_DIR}/initramfs-${KERNEL_VERSION}" ] ; then | |
|
760 | install_readonly "${BOOT_DIR}/initramfs-${KERNEL_VERSION}" "${BASEDIR}/qemu/initramfs-${KERNEL_VERSION}" | |
|
761 | fi | |
|
762 | fi | |
|
763 | ||
|
549 | 764 | # Calculate size of the chroot directory in KB |
|
550 |
CHROOT_SIZE=$(expr |
|
|
765 | CHROOT_SIZE=$(expr "$(du -s "${R}" | awk '{ print $1 }')") | |
|
551 | 766 | |
|
552 | 767 | # Calculate the amount of needed 512 Byte sectors |
|
553 | 768 | TABLE_SECTORS=$(expr 1 \* 1024 \* 1024 \/ 512) |
|
554 | 769 | FRMW_SECTORS=$(expr 64 \* 1024 \* 1024 \/ 512) |
|
555 | ROOT_OFFSET=$(expr ${TABLE_SECTORS} + ${FRMW_SECTORS}) | |
|
770 | ROOT_OFFSET=$(expr "${TABLE_SECTORS}" + "${FRMW_SECTORS}") | |
|
556 | 771 | |
|
557 | 772 | # The root partition is EXT4 |
|
558 | 773 | # This means more space than the actual used space of the chroot is used. |
|
559 | 774 | # As overhead for journaling and reserved blocks 35% are added. |
|
560 | ROOT_SECTORS=$(expr $(expr ${CHROOT_SIZE} + ${CHROOT_SIZE} \/ 100 \* 35) \* 1024 \/ 512) | |
|
775 | ROOT_SECTORS=$(expr "$(expr "${CHROOT_SIZE}" + "${CHROOT_SIZE}" \/ 100 \* 35)" \* 1024 \/ 512) | |
|
561 | 776 | |
|
562 | 777 | # Calculate required image size in 512 Byte sectors |
|
563 | IMAGE_SECTORS=$(expr ${TABLE_SECTORS} + ${FRMW_SECTORS} + ${ROOT_SECTORS}) | |
|
778 | IMAGE_SECTORS=$(expr "${TABLE_SECTORS}" + "${FRMW_SECTORS}" + "${ROOT_SECTORS}") | |
|
564 | 779 | |
|
565 | 780 | # Prepare image file |
|
566 | 781 | if [ "$ENABLE_SPLITFS" = true ] ; then |
|
567 | dd if=/dev/zero of="$IMAGE_NAME-frmw.img" bs=512 count=${TABLE_SECTORS} | |
|
568 | dd if=/dev/zero of="$IMAGE_NAME-frmw.img" bs=512 count=0 seek=${FRMW_SECTORS} | |
|
569 | dd if=/dev/zero of="$IMAGE_NAME-root.img" bs=512 count=${TABLE_SECTORS} | |
|
570 | dd if=/dev/zero of="$IMAGE_NAME-root.img" bs=512 count=0 seek=${ROOT_SECTORS} | |
|
782 | dd if=/dev/zero of="$IMAGE_NAME-frmw.img" bs=512 count="${TABLE_SECTORS}" | |
|
783 | dd if=/dev/zero of="$IMAGE_NAME-frmw.img" bs=512 count=0 seek="${FRMW_SECTORS}" | |
|
784 | dd if=/dev/zero of="$IMAGE_NAME-root.img" bs=512 count="${TABLE_SECTORS}" | |
|
785 | dd if=/dev/zero of="$IMAGE_NAME-root.img" bs=512 count=0 seek="${ROOT_SECTORS}" | |
|
571 | 786 | |
|
572 | 787 | # Write firmware/boot partition tables |
|
573 | 788 | sfdisk -q -L -uS -f "$IMAGE_NAME-frmw.img" 2> /dev/null <<EOM |
@@ -580,11 +795,11 ${TABLE_SECTORS},${ROOT_SECTORS},83 | |||
|
580 | 795 | EOM |
|
581 | 796 | |
|
582 | 797 | # Setup temporary loop devices |
|
583 | FRMW_LOOP="$(losetup -o 1M --sizelimit 64M -f --show $IMAGE_NAME-frmw.img)" | |
|
584 | ROOT_LOOP="$(losetup -o 1M -f --show $IMAGE_NAME-root.img)" | |
|
798 | FRMW_LOOP="$(losetup -o 1M --sizelimit 64M -f --show "$IMAGE_NAME"-frmw.img)" | |
|
799 | ROOT_LOOP="$(losetup -o 1M -f --show "$IMAGE_NAME"-root.img)" | |
|
585 | 800 | else # ENABLE_SPLITFS=false |
|
586 | dd if=/dev/zero of="$IMAGE_NAME.img" bs=512 count=${TABLE_SECTORS} | |
|
587 | dd if=/dev/zero of="$IMAGE_NAME.img" bs=512 count=0 seek=${IMAGE_SECTORS} | |
|
801 | dd if=/dev/zero of="$IMAGE_NAME.img" bs=512 count="${TABLE_SECTORS}" | |
|
802 | dd if=/dev/zero of="$IMAGE_NAME.img" bs=512 count=0 seek="${IMAGE_SECTORS}" | |
|
588 | 803 | |
|
589 | 804 | # Write partition table |
|
590 | 805 | sfdisk -q -L -uS -f "$IMAGE_NAME.img" 2> /dev/null <<EOM |
@@ -593,8 +808,8 ${ROOT_OFFSET},${ROOT_SECTORS},83 | |||
|
593 | 808 | EOM |
|
594 | 809 | |
|
595 | 810 | # Setup temporary loop devices |
|
596 | FRMW_LOOP="$(losetup -o 1M --sizelimit 64M -f --show $IMAGE_NAME.img)" | |
|
597 | ROOT_LOOP="$(losetup -o 65M -f --show $IMAGE_NAME.img)" | |
|
811 | FRMW_LOOP="$(losetup -o 1M --sizelimit 64M -f --show "$IMAGE_NAME".img)" | |
|
812 | ROOT_LOOP="$(losetup -o 65M -f --show "$IMAGE_NAME".img)" | |
|
598 | 813 | fi |
|
599 | 814 | |
|
600 | 815 | if [ "$ENABLE_CRYPTFS" = true ] ; then |
@@ -619,7 +834,7 if [ "$ENABLE_CRYPTFS" = true ] ; then | |||
|
619 | 834 | ROOT_LOOP="/dev/mapper/${CRYPTFS_MAPPING}" |
|
620 | 835 | |
|
621 | 836 | # Wipe encrypted partition (encryption cipher is used for randomness) |
|
622 | dd if=/dev/zero of="${ROOT_LOOP}" bs=512 count=$(blockdev --getsz "${ROOT_LOOP}") | |
|
837 | dd if=/dev/zero of="${ROOT_LOOP}" bs=512 count="$(blockdev --getsz "${ROOT_LOOP}")" | |
|
623 | 838 | fi |
|
624 | 839 | |
|
625 | 840 | # Build filesystems |
@@ -646,12 +861,23 if [ "$ENABLE_SPLITFS" = true ] ; then | |||
|
646 | 861 | bmaptool create -o "$IMAGE_NAME-root.bmap" "$IMAGE_NAME-root.img" |
|
647 | 862 | |
|
648 | 863 | # Image was successfully created |
|
649 | echo "$IMAGE_NAME-frmw.img ($(expr \( ${TABLE_SECTORS} + ${FRMW_SECTORS} \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created" | |
|
650 | echo "$IMAGE_NAME-root.img ($(expr \( ${TABLE_SECTORS} + ${ROOT_SECTORS} \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created" | |
|
864 | echo "$IMAGE_NAME-frmw.img ($(expr \( "${TABLE_SECTORS}" + "${FRMW_SECTORS}" \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created" | |
|
865 | echo "$IMAGE_NAME-root.img ($(expr \( "${TABLE_SECTORS}" + "${ROOT_SECTORS}" \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created" | |
|
651 | 866 | else |
|
652 | 867 | # Create block map file for "bmaptool" |
|
653 | 868 | bmaptool create -o "$IMAGE_NAME.bmap" "$IMAGE_NAME.img" |
|
654 | 869 | |
|
655 | 870 | # Image was successfully created |
|
656 | echo "$IMAGE_NAME.img ($(expr \( ${TABLE_SECTORS} + ${FRMW_SECTORS} + ${ROOT_SECTORS} \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created" | |
|
871 | echo "$IMAGE_NAME.img ($(expr \( "${TABLE_SECTORS}" + "${FRMW_SECTORS}" + "${ROOT_SECTORS}" \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created" | |
|
872 | ||
|
873 | # Create qemu qcow2 image | |
|
874 | if [ "$ENABLE_QEMU" = true ] ; then | |
|
875 | QEMU_IMAGE=${QEMU_IMAGE:=${BASEDIR}/qemu/${DATE}-${KERNEL_ARCH}-CURRENT-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}} | |
|
876 | QEMU_SIZE=16G | |
|
877 | ||
|
878 | qemu-img convert -f raw -O qcow2 "$IMAGE_NAME".img "$QEMU_IMAGE".qcow2 | |
|
879 | qemu-img resize "$QEMU_IMAGE".qcow2 $QEMU_SIZE | |
|
880 | ||
|
881 | echo "$QEMU_IMAGE.qcow2 ($QEMU_SIZE)" ": successfully created" | |
|
882 | fi | |
|
657 | 883 | fi |
@@ -1,3 +1,4 | |||
|
1 | ||
|
1 | 2 | Configuration file raspife2 Stretch IFÉ 2017/02/24 |
|
2 | 3 | # |
|
3 | 4 | APT_SERVER=ftp.fr.debian.org |
@@ -77,4 +78,104 | |||
|
77 | 78 | #------------------------- |
|
78 | 79 | BASEDIR=/media/********/images/${RELEASE} |
|
79 | 80 | DATE=date |
|
80 | +%Y-%m-%d IMAGE_NAME=${BASEDIR}/${DATE}-rpi${RPI_MODEL}-${RELEASE} | |
|
81 | +%Y-%m-%d | |
|
82 | IMAGE_NAME=${BASEDIR}/${DATE}-rpi${RPI_MODEL}-${RELEASE} | |
|
83 | ======= | |
|
84 | # Configuration file raspi2 Stretch IFÉ 2017/12/28 | |
|
85 | # | |
|
86 | APT_SERVER=debian.mirrors.ovh.net | |
|
87 | APT_INCLUDES="" | |
|
88 | APT_INCLUDES_LATE="gnupg,firmware-linux-nonfree,firmware-linux,dh-autoreconf,\ | |
|
89 | gettext,build-essential,git,cmake,libjson-c-dev,unzip,usbutils,\ | |
|
90 | bison,libboost-all-dev,automake,autoconf,autogen,libtool,libtool-bin,\ | |
|
91 | pkg-config,checkinstall,menulibre,libnotify-bin,pandoc,\ | |
|
92 | python3,python3-dev,python3-pypandoc,python3-scipy,python3-tk,python3-pandocfilters,\ | |
|
93 | python3-geopy,python3-pip,\ | |
|
94 | python,python-dev,python-pypandoc,python-scipy,python-tk,python-pandocfilters,\ | |
|
95 | python-geopy,python-pip,python-tk,pandoc,\ | |
|
96 | python-configobj,python-cheetah,python-imaging,python-serial,python-usb,\ | |
|
97 | pcre2-utils,libpcre++-dev,libpcre2-dev,libjpeg-dev,i2c-tools,python-smbus,policykit-1,\ | |
|
98 | pmount,ntpdate,ntp,rsync,\ | |
|
99 | texlive,texlive-xetex,nginx-extras,ffmpeg,wicd,wicd-gtk,console-data,keyboard-configuration,\ | |
|
100 | libqtwebkit-dev,libqt5webkit5-dev,\ | |
|
101 | libudev-dev,libzzip-dev,zlib1g-dev,libcanberra-gtk-module,libnss-myhostname,libfreetype6-dev,libpng16-16,\ | |
|
102 | nmap,libltdl-dev,dbus-user-session,debian-archive-keyring,\ | |
|
103 | xutils-dev,lxsession,openbox-lxde-session,lxde,x11proto-randr-dev,lxrandr,\ | |
|
104 | tightvncserver,geany,geany-plugin-py,firefox-esr,firefox-esr-l10n-fr,jed,terminator,automake" | |
|
105 | #ca-certificates-java,icedtea-plugin,icedtea-netx,\ | |
|
106 | #openjdk-8-jdk,openjdk-8-jre,openjdk-8-jre-headless,\ | |
|
107 | #openjdk-9-jdk,openjdk-9-jre,openjdk-9-jre-headless" | |
|
108 | #---------------------- | |
|
109 | RPI_MODEL=2 | |
|
110 | RELEASE="stretch" | |
|
111 | RELEASE_ARCH="armhf" | |
|
112 | HOSTNAME="raspife2" | |
|
113 | PASSWORD="*****" | |
|
114 | USER_PASSWORD="*****" | |
|
115 | DEFLOCAL="fr_FR.UTF-8" | |
|
116 | TIMEZONE="Europe/Paris" | |
|
117 | EXPANDROOT=false | |
|
118 | #----------------------- | |
|
119 | XKB_MODEL="pc105" | |
|
120 | XKB_LAYOUT="fr" | |
|
121 | XKB_VARIANT="latin9" | |
|
122 | XKB_OPTIONS="" | |
|
123 | #------------------------ | |
|
124 | ENABLE_DHCP=true | |
|
125 | #------------------------ | |
|
126 | ENABLE_CONSOLE=false | |
|
127 | ENABLE_I2C=true | |
|
128 | ENABLE_SPI=true | |
|
129 | ENABLE_IPV6=true | |
|
130 | ENABLE_SSHD=true | |
|
131 | ENABLE_NONFREE=true | |
|
132 | ENABLE_WIRELESS=false | |
|
133 | ENABLE_RSYSLOG=true | |
|
134 | ENABLE_SOUND=true | |
|
135 | ENABLE_HWRANDOM=true | |
|
136 | ENABLE_MINGPU=true | |
|
137 | ENABLE_DBUS=true | |
|
138 | ENABLE_XORG=true | |
|
139 | ENABLE_WM="lxdm" | |
|
140 | #------------------------ | |
|
141 | ENABLE_MINBASE=false | |
|
142 | ENABLE_REDUCE=false | |
|
143 | ENABLE_UBOOT=false | |
|
144 | ENABLE_FBTURBO=true | |
|
145 | ENABLE_IPTABLES=false | |
|
146 | ENABLE_USER=true | |
|
147 | USER_NAME=ens-ife | |
|
148 | ENABLE_ROOT=true | |
|
149 | ENABLE_HARDNET=true | |
|
150 | ENABLE_INITRAMFS=true | |
|
151 | ENABLE_IFNAMES=true | |
|
152 | #------------------------ | |
|
153 | ENABLE_ROOT_SSH=false | |
|
154 | SSH_LIMIT_USERS=false | |
|
155 | SSH_ROOT_PUB_KEY="/home/*****/.ssh/id_rsa.pub" | |
|
156 | SSH_USER_PUB_KEY="/home/*****/.ssh/id_rsa.pub" | |
|
157 | #------------------------ | |
|
158 | BUILD_KERNEL=true | |
|
159 | KERNEL_BRANCH=rpi-4.13.y | |
|
160 | KERNEL_REDUCE=false | |
|
161 | KERNEL_HEADERS=true | |
|
162 | KERNEL_REMOVESRC=true | |
|
163 | KERNELSRC_CLEAN=true | |
|
164 | KERNELSRC_CONFIG=true | |
|
165 | #------------------------ | |
|
166 | REDUCE_APT=false | |
|
167 | REDUCE_DOC=true | |
|
168 | REDUCE_MAN=false | |
|
169 | REDUCE_HWDB=true | |
|
170 | REDUCE_BASH=false | |
|
171 | REDUCE_SSHD=false | |
|
172 | REDUCE_LOCALE=false | |
|
173 | #------------------------- | |
|
174 | ENABLE_CRYPTFS=false | |
|
175 | #------------------------- | |
|
176 | BASEDIR=/data/RpiGenImage/Images/${RELEASE} | |
|
177 | #BASEDIR=/media/*******/*********/Nano-Ordinateurs/RaspberryPi/RpiGenImage/Images/${RELEASE} | |
|
178 | DATE=`date +%Y-%m-%d` | |
|
179 | IMAGE_NAME=${BASEDIR}/${DATE}-rpi${RPI_MODEL}-${RELEASE} | |
|
180 | ||
|
181 |
@@ -1,4 +1,6 | |||
|
1 | ||
|
1 | 2 | # Configuration file raspi3 Buster IFÉ 2017/11/01 |
|
3 | ||
|
2 | 4 | # |
|
3 | 5 | APT_SERVER=debian.mirrors.ovh.net |
|
4 | 6 | APT_INCLUDES="" |
@@ -1,3 +1,4 | |||
|
1 | ||
|
1 | 2 | # Configuration file raspi3 Stretch IFÉ 2017/07/26 |
|
2 | 3 | # |
|
3 | 4 | APT_SERVER=ftp.fr.debian.org |
@@ -23,7 +24,7 RPI_MODEL=3 | |||
|
23 | 24 | RELEASE="stretch" |
|
24 | 25 | HOSTNAME="raspife3" |
|
25 | 26 | PASSWORD="**************" |
|
26 |
USER_PASSWORD="*************** |
|
|
27 | USER_PASSWORD="*************** | |
|
27 | 28 | DEFLOCAL="fr_FR.UTF-8" |
|
28 | 29 | TIMEZONE="Europe/Paris" |
|
29 | 30 | EXPANDROOT=false |
@@ -63,7 +64,7 ENABLE_INITRAMFS=true | |||
|
63 | 64 | ENABLE_IFNAMES=true |
|
64 | 65 | #------------------------ |
|
65 | 66 | ENABLE_ROOT_SSH=false |
|
66 |
SSH_LIMIT_USERS=fal |
|
|
67 | SSH_LIMIT_USERS=fal | |
|
67 | 68 | SSH_ROOT_PUB_KEY="/home/*******/.ssh/authorized_keys" |
|
68 | 69 | SSH_USER_PUB_KEY="/home/*******/.ssh/authorized_keys" |
|
69 | 70 | #------------------------ |
@@ -1,3 +1,4 | |||
|
1 | ||
|
1 | 2 | # Configuration file raspi3 Stretch Weewx IFÉ 2017/07/26 |
|
2 | 3 | # |
|
3 | 4 | APT_SERVER=ftp.fr.debian.org |
@@ -18,6 +19,7 RELEASE="stretch" | |||
|
18 | 19 | HOSTNAME="raspwife3" |
|
19 | 20 | PASSWORD="************" |
|
20 | 21 | USER_PASSWORD="************" |
|
22 | ||
|
21 | 23 | DEFLOCAL="fr_FR.UTF-8" |
|
22 | 24 | TIMEZONE="Europe/Paris" |
|
23 | 25 | EXPANDROOT=false |
@@ -1,4 +1,4 | |||
|
1 | 1 | # Configuration template file used by rpi23-gen-image.sh |
|
2 | 2 | RPI_MODEL=3 |
|
3 |
RELEASE= |
|
|
3 | RELEASE=buster | |
|
4 | 4 | BUILD_KERNEL=true |
@@ -1,3 +1,4 | |||
|
1 | 1 | # Configuration template file used by rpi23-gen-image.sh |
|
2 | RPI_MODEL=2 | |
|
2 | 3 | RELEASE=stretch |
|
3 | 4 | BUILD_KERNEL=true |
@@ -11,5 +11,5 QEMU_BINARY=/usr/bin/qemu-aarch64-static | |||
|
11 | 11 | KERNEL_DEFCONFIG=bcmrpi3_defconfig |
|
12 | 12 | KERNEL_BIN_IMAGE=Image |
|
13 | 13 | KERNEL_IMAGE=kernel8.img |
|
14 |
KERNEL_BRANCH=rpi-4.1 |
|
|
14 | KERNEL_BRANCH=rpi-4.14.y | |
|
15 | 15 | ENABLE_WIRELESS=true |
@@ -2,3 +2,5 | |||
|
2 | 2 | RPI_MODEL=3 |
|
3 | 3 | RELEASE=buster |
|
4 | 4 | BUILD_KERNEL=true |
|
5 | # ENABLE_WIRELESS=false | |
|
6 | # ENABLE_BLUETOOTH=false |
@@ -2,3 +2,5 | |||
|
2 | 2 | RPI_MODEL=3 |
|
3 | 3 | RELEASE=stretch |
|
4 | 4 | BUILD_KERNEL=true |
|
5 | # ENABLE_WIRELESS=false | |
|
6 | # ENABLE_BLUETOOTH=false |
|
1 | NO CONTENT: file was removed |
|
1 | NO CONTENT: file was removed |
General Comments 0
Vous devez vous connecter pour laisser un commentaire.
Se connecter maintenant