##// END OF EJS Templates
Raspi2-3_GenImage
RSS

Cloner depuis https://github.com/drtyhlpr/rpi23-gen-image.git

Merge branch 'master' into drtyhlpr-master
Gérard Vidal -
r627:b39cf2ca3729 Fusion drtyhlpr-master
parent child
Show More
Show file before | Show file after | Hide comments
@@ -0,0 +1,56
1 #
2 # Setup videocore - Raspberry Userland
3 #
4
5 # Load utility functions
6 . ./functions.sh
7
8 if [ "$ENABLE_VIDEOCORE" = true ] ; then
9 # Copy existing videocore sources into chroot directory
10 if [ -n "$VIDEOCORESRC_DIR" ] && [ -d "$VIDEOCORESRC_DIR" ] ; then
11 # Copy local videocore sources
12 cp -r "${VIDEOCORESRC_DIR}" "${R}/tmp/userland"
13 else
14 # Create temporary directory for videocore sources
15 temp_dir=$(as_nobody mktemp -d)
16
17 # Fetch videocore sources
18 as_nobody git -C "${temp_dir}" clone "${VIDEOCORE_URL}"
19
20 # Copy downloaded videocore sources
21 mv "${temp_dir}/userland" "${R}/tmp/"
22
23 # Set permissions of the U-Boot sources
24 chown -R root:root "${R}/tmp/userland"
25
26 # Remove temporary directory for U-Boot sources
27 rm -fr "${temp_dir}"
28 fi
29
30 # Create build dir
31 mkdir "${R}"/tmp/userland/build
32
33 # push us to build directory
34 cd "${R}"/tmp/userland/build
35
36 if [ "$RELEASE_ARCH" = "arm64" ] ; then
37 cmake -DCMAKE_SYSTEM_NAME=Linux -DCMAKE_BUILD_TYPE=release -DARM64=ON -DCMAKE_C_COMPILER=aarch64-linux-gnu-gcc -DCMAKE_CXX_COMPILER=aarch64-linux-gnu-g++ -DCMAKE_ASM_COMPILER=aarch64-linux-gnu-gcc -DCMAKE_C_FLAGS="${CMAKE_C_FLAGS} -U_FORTIFY_SOURCE" -DCMAKE_ASM_FLAGS="${CMAKE_ASM_FLAGS} -c" -DVIDEOCORE_BUILD_DIR="${R}" "${R}/tmp/userland"
38 fi
39
40 if [ "$RELEASE_ARCH" = "armel" ] ; then
41 cmake -DCMAKE_SYSTEM_NAME=Linux -DCMAKE_BUILD_TYPE=release -DCMAKE_C_COMPILER=arm-linux-gnueabi-gcc -DCMAKE_CXX_COMPILER=arm-linux-gnueabi-g++ -DCMAKE_ASM_COMPILER=arm-linux-gnueabi-gcc -DCMAKE_C_FLAGS="${CMAKE_C_FLAGS} -U_FORTIFY_SOURCE" -DCMAKE_ASM_FLAGS="${CMAKE_ASM_FLAGS} -c" -DCMAKE_SYSTEM_PROCESSOR="arm" -DVIDEOCORE_BUILD_DIR="${R}" "${R}/tmp/userland"
42 fi
43
44 if [ "$RELEASE_ARCH" = "armhf" ] ; then
45 cmake -DCMAKE_SYSTEM_NAME=Linux -DCMAKE_BUILD_TYPE=release -DCMAKE_TOOLCHAIN_FILE="${R}"/tmp/userland/makefiles/cmake/toolchains/arm-linux-gnueabihf.cmake -DVIDEOCORE_BUILD_DIR="${R}" "${R}/tmp/userland"
46 fi
47
48 #build userland
49 make -j "$(nproc)"
50
51 #back to root of scriptdir
52 cd "${WORKDIR}"
53
54 # Remove videocore sources
55 rm -fr "${R}"/tmp/userland/
56 fi
Show file before | Show file after | Hide comments
@@ -0,0 +1,97
1 #!/bin/sh
2 #
3 # Build and Setup nexmon with monitor mode patch
4 #
5
6 # Load utility functions
7 . ./functions.sh
8
9 if [ "$ENABLE_NEXMON" = true ] && [ "$ENABLE_WIRELESS" = true ]; then
10 # Copy existing nexmon sources into chroot directory
11 if [ -n "$NEXMONSRC_DIR" ] && [ -d "$NEXMONSRC_DIR" ] ; then
12 # Copy local U-Boot sources
13 cp -r "${NEXMONSRC_DIR}" "${R}/tmp"
14 else
15 # Create temporary directory for nexmon sources
16 temp_dir=$(as_nobody mktemp -d)
17
18 # Fetch nexmon sources
19 as_nobody git -C "${temp_dir}" clone "${NEXMON_URL}"
20
21 # Copy downloaded nexmon sources
22 mv "${temp_dir}/nexmon" "${R}"/tmp/
23
24 # Set permissions of the nexmon sources
25 chown -R root:root "${R}"/tmp/nexmon
26
27 # Remove temporary directory for nexmon sources
28 rm -fr "${temp_dir}"
29 fi
30
31 # Set script Root
32 export NEXMON_ROOT="${R}"/tmp/nexmon
33
34 # Build nexmon firmware outside the build system, if we can.
35 cd "${NEXMON_ROOT}" || exit
36
37 # Make ancient isl build
38 cd buildtools/isl-0.10 || exit
39 ./configure
40 make
41 cd ../.. || exit
42
43 # Disable statistics
44 touch DISABLE_STATISTICS
45
46 # Setup Enviroment: see https://github.com/NoobieDog/nexmon/blob/master/setup_env.sh
47 export KERNEL="${KERNEL_IMAGE}"
48 export ARCH=arm
49 export SUBARCH=arm
50 export CC="${NEXMON_ROOT}"/buildtools/gcc-arm-none-eabi-5_4-2016q2-linux-x86/bin/arm-none-eabi-
51 export CC="${CC}"gcc
52 export CCPLUGIN="${NEXMON_ROOT}"/buildtools/gcc-nexmon-plugin/nexmon.so
53 export ZLIBFLATE="zlib-flate -compress"
54 export Q=@
55 export NEXMON_SETUP_ENV=1
56 export HOSTUNAME=$(uname -s)
57 export PLATFORMUNAME=$(uname -m)
58
59 # Make nexmon
60 make
61
62 # build patches
63 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 3 ] ; then
64 cd "${NEXMON_ROOT}"/patches/bcm43430a1/7_45_41_46/nexmon || exit
65 sed -i -e 's/all:.*/all: $(RAM_FILE)/g' ${NEXMON_ROOT}/patches/bcm43430a1/7_45_41_46/nexmon/Makefile
66 make clean
67
68 # We do this so we don't have to install the ancient isl version into /usr/local/lib on systems.
69 LD_LIBRARY_PATH="${NEXMON_ROOT}"/buildtools/isl-0.10/.libs make ARCH="${KERNEL_ARCH}" CC="${NEXMON_ROOT}"/buildtools/gcc-arm-none-eabi-5_4-2016q2-linux-x86/bin/arm-none-eabi-
70
71 # copy RPi0W & RPi3 firmware
72 mv "${WLAN_FIRMWARE_DIR}"/brcmfmac43430-sdio.bin "${WLAN_FIRMWARE_DIR}"/brcmfmac43430-sdio.org.bin
73 cp "${NEXMON_ROOT}"/patches/bcm43430a1/7_45_41_46/nexmon/brcmfmac43430-sdio.bin "${WLAN_FIRMWARE_DIR}"/brcmfmac43430-sdio.nexmon.bin
74 cp -f "${NEXMON_ROOT}"/patches/bcm43430a1/7_45_41_46/nexmon/brcmfmac43430-sdio.bin "${WLAN_FIRMWARE_DIR}"/brcmfmac43430-sdio.bin
75 fi
76
77 if [ "$RPI_MODEL" = 3P ] ; then
78 cd "${NEXMON_ROOT}"/patches/bcm43455c0/7_45_154/nexmon || exit
79 sed -i -e 's/all:.*/all: $(RAM_FILE)/g' ${NEXMON_ROOT}/patches/bcm43455c0/7_45_154/nexmon/Makefile
80 make clean
81
82 # We do this so we don't have to install the ancient isl version into /usr/local/lib on systems.
83 LD_LIBRARY_PATH=${NEXMON_ROOT}/buildtools/isl-0.10/.libs make ARCH="${KERNEL_ARCH}" CC="${NEXMON_ROOT}"/buildtools/gcc-arm-none-eabi-5_4-2016q2-linux-x86/bin/arm-none-eabi-
84
85 # RPi3B+ firmware
86 mv "${WLAN_FIRMWARE_DIR}"/brcmfmac43455-sdio.bin "${WLAN_FIRMWARE_DIR}"/brcmfmac43455-sdio.org.bin
87 cp "${NEXMON_ROOT}"/patches/bcm43455c0/7_45_154/nexmon/brcmfmac43455-sdio.bin "${WLAN_FIRMWARE_DIR}"/brcmfmac43455-sdio.nexmon.bin
88 cp -f "${NEXMON_ROOT}"/patches/bcm43455c0/7_45_154/nexmon/brcmfmac43455-sdio.bin "${WLAN_FIRMWARE_DIR}"/brcmfmac43455-sdio.bin
89 fi
90
91 #Revert to previous directory
92 cd "${WORKDIR}" || exit
93
94 # Remove nexmon sources
95 rm -fr "${NEXMON_ROOT}"
96
97 fi
Show file before | Show file after | Hide comments
@@ -0,0 +1,33
1 SUBSYSTEM=="input", GROUP="input", MODE="0660"
2 SUBSYSTEM=="i2c-dev", GROUP="i2c", MODE="0660"
3 SUBSYSTEM=="spidev", GROUP="spi", MODE="0660"
4 SUBSYSTEM=="bcm2835-gpiomem", GROUP="gpio", MODE="0660"
5
6 SUBSYSTEM=="gpio", GROUP="gpio", MODE="0660"
7 SUBSYSTEM=="gpio*", PROGRAM="/bin/sh -c '\
8 chown -R root:gpio /sys/class/gpio && chmod -R 770 /sys/class/gpio;\
9 chown -R root:gpio /sys/devices/virtual/gpio && chmod -R 770 /sys/devices/virtual/gpio;\
10 chown -R root:gpio /sys$devpath && chmod -R 770 /sys$devpath\
11 '"
12
13 KERNEL=="ttyAMA[01]", PROGRAM="/bin/sh -c '\
14 ALIASES=/proc/device-tree/aliases; \
15 if cmp -s $ALIASES/uart0 $ALIASES/serial0; then \
16 echo 0;\
17 elif cmp -s $ALIASES/uart0 $ALIASES/serial1; then \
18 echo 1; \
19 else \
20 exit 1; \
21 fi\
22 '", SYMLINK+="serial%c"
23
24 KERNEL=="ttyS0", PROGRAM="/bin/sh -c '\
25 ALIASES=/proc/device-tree/aliases; \
26 if cmp -s $ALIASES/uart1 $ALIASES/serial0; then \
27 echo 0; \
28 elif cmp -s $ALIASES/uart1 $ALIASES/serial1; then \
29 echo 1; \
30 else \
31 exit 1; \
32 fi \
33 '", SYMLINK+="serial%c"
Show file before | Show file after | Hide comments
@@ -0,0 +1,5
1 # Restart dphys-swapfile service if it exists
2 logger -t "rc.firstboot" "Restarting dphys-swapfile"
3
4 systemctl enable dphys-swapfile
5 systemctl restart dphys-swapfile
Show file before | Show file after | Hide comments
@@ -0,0 +1,45
1 #!/bin/sh
2
3 PREREQ="dropbear"
4
5 prereqs() {
6 echo "$PREREQ"
7 }
8
9 case "$1" in
10 prereqs)
11 prereqs
12 exit 0
13 ;;
14 esac
15
16 . "${CONFDIR}/initramfs.conf"
17 . /usr/share/initramfs-tools/hook-functions
18
19 if [ "${DROPBEAR}" != "n" ] && [ -r "/etc/crypttab" ] ; then
20 cat > "${DESTDIR}/bin/unlock" << EOF
21 #!/bin/sh
22 if PATH=/lib/unlock:/bin:/sbin /scripts/local-top/cryptroot; then
23 kill \`ps | grep cryptroot | grep -v "grep" | awk '{print \$1}'\`
24 # following line kill the remote shell right after the passphrase has
25 # been entered.
26 kill -9 \`ps | grep "\-sh" | grep -v "grep" | awk '{print \$1}'\`
27 exit 0
28 fi
29 exit 1
30 EOF
31
32 chmod 755 "${DESTDIR}/bin/unlock"
33
34 mkdir -p "${DESTDIR}/lib/unlock"
35 cat > "${DESTDIR}/lib/unlock/plymouth" << EOF
36 #!/bin/sh
37 [ "\$1" == "--ping" ] && exit 1
38 /bin/plymouth "\$@"
39 EOF
40
41 chmod 755 "${DESTDIR}/lib/unlock/plymouth"
42
43 echo To unlock root-partition run "unlock" >> ${DESTDIR}/etc/motd
44
45 fi No newline at end of file
Show file before | Show file after | Hide comments
@@ -0,0 +1,21
1 add table ip filter
2 add chain ip filter INPUT { type filter hook input priority 0; }
3 add chain ip filter FORWARD { type filter hook forward priority 0; }
4 add chain ip filter OUTPUT { type filter hook output priority 0; }
5 add chain ip filter TCP
6 add chain ip filter UDP
7 add chain ip filter SSH
8 add rule ip filter INPUT icmp type echo-request limit rate 30/minute burst 8 packets counter accept
9 add rule ip filter INPUT icmp type echo-request counter drop
10 add rule ip filter INPUT ct state related,established counter accept
11 add rule ip filter INPUT iifname lo counter accept
12 add rule ip filter INPUT ct state invalid counter drop
13 add rule ip filter INPUT tcp dport 22 ct state new counter jump SSH
14 # -t filter -A SSH -m recent --name sshbf --rttl --rcheck --hitcount 3 --seconds 10 -j DROP
15 # -t filter -A SSH -m recent --name sshbf --rttl --rcheck --hitcount 20 --seconds 1800 -j DROP
16 # -t filter -A SSH -m recent --name sshbf --set -j ACCEPT
17 add rule ip filter INPUT ip protocol udp ct state new counter jump UDP
18 add rule ip filter INPUT tcp flags & fin|syn|rst|ack == syn ct state new counter jump TCP
19 add rule ip filter INPUT ip protocol udp counter reject
20 add rule ip filter INPUT ip protocol tcp counter reject with tcp reset
21 add rule ip filter INPUT counter reject with icmp type prot-unreachable
Show file before | Show file after | Hide comments
@@ -0,0 +1,24
1 add table ip6 filter
2 add chain ip6 filter INPUT { type filter hook input priority 0; }
3 add chain ip6 filter FORWARD { type filter hook forward priority 0; }
4 add chain ip6 filter OUTPUT { type filter hook output priority 0; }
5 add chain ip6 filter TCP
6 add chain ip6 filter UDP
7 add chain ip6 filter SSH
8 add rule ip6 filter INPUT rt type 0 counter drop
9 add rule ip6 filter OUTPUT rt type 0 counter drop
10 add rule ip6 filter FORWARD rt type 0 counter drop
11 add rule ip6 filter INPUT meta l4proto ipv6-icmp icmpv6 type echo-request limit rate 30/minute burst 8 packets counter accept
12 add rule ip6 filter INPUT meta l4proto ipv6-icmp icmpv6 type echo-request counter drop
13 add rule ip6 filter INPUT ct state related,established counter accept
14 add rule ip6 filter INPUT iifname lo counter accept
15 add rule ip6 filter INPUT ct state invalid counter drop
16 add rule ip6 filter INPUT tcp dport 22 ct state new counter jump SSH
17 # -t filter -A SSH -m recent --name sshbf --rttl --rcheck --hitcount 3 --seconds 10 -j DROP
18 # -t filter -A SSH -m recent --name sshbf --rttl --rcheck --hitcount 20 --seconds 1800 -j DROP
19 # -t filter -A SSH -m recent --name sshbf --set -j ACCEPT
20 add rule ip6 filter INPUT meta l4proto udp ct state new counter jump UDP
21 add rule ip6 filter INPUT tcp flags & fin|syn|rst|ack == syn ct state new counter jump TCP
22 add rule ip6 filter INPUT meta l4proto udp counter reject with icmpv6 type admin-prohibited
23 add rule ip6 filter INPUT meta l4proto tcp counter reject with icmpv6 type admin-prohibited
24 add rule ip6 filter INPUT counter reject with icmpv6 type admin-prohibited
Show file before | Show file after | Hide comments
@@ -0,0 +1,12
1 [Match]
2 Name=wlan0
3
4 [Network]
5 DHCP=no
6 Address=
7 Gateway=
8 DNS=
9 DNS=
10 Domains=
11 NTP=
12 NTP=
Show file before | Show file after | Hide comments
@@ -0,0 +1,1
1 kernel.printk = 3 4 1 3 No newline at end of file
Show file before | Show file after | Hide comments
@@ -0,0 +1,2
1 # ASLR
2 kernel.randomize_va_space = 2 No newline at end of file
Show file before | Show file after | Hide comments
@@ -0,0 +1,5
1 # Configuration template file used by rpi23-gen-image.sh
2 RPI_MODEL=0
3 RELEASE=buster
4 BUILD_KERNEL=true
5 # ENABLE_BLUETOOTH=false
Show file before | Show file after | Hide comments
@@ -0,0 +1,5
1 # Configuration template file used by rpi23-gen-image.sh
2 RPI_MODEL=0
3 RELEASE=stretch
4 BUILD_KERNEL=true
5 # ENABLE_BLUETOOTH=false
Show file before | Show file after | Hide comments
@@ -0,0 +1,4
1 # Configuration template file used by rpi23-gen-image.sh
2 RPI_MODEL=1P
3 RELEASE=buster
4 BUILD_KERNEL=true
Show file before | Show file after | Hide comments
@@ -0,0 +1,4
1 # Configuration template file used by rpi23-gen-image.sh
2 RPI_MODEL=1P
3 RELEASE=stretch
4 BUILD_KERNEL=true
Show file before | Show file after | Hide comments
@@ -0,0 +1,4
1 # Configuration template file used by rpi23-gen-image.sh
2 RPI_MODEL=2
3 RELEASE=stretch
4 BUILD_KERNEL=true
Show file before | Show file after | Hide comments
@@ -0,0 +1,6
1 # Configuration template file used by rpi23-gen-image.sh
2 RPI_MODEL=3P
3 RELEASE=buster
4 BUILD_KERNEL=true
5 # ENABLE_WIRELESS=false
6 # ENABLE_BLUETOOTH=false
Show file before | Show file after | Hide comments
@@ -0,0 +1,6
1 # Configuration template file used by rpi23-gen-image.sh
2 RPI_MODEL=3P
3 RELEASE=stretch
4 BUILD_KERNEL=true
5 # ENABLE_WIRELESS=false
6 # ENABLE_BLUETOOTH=false
Show file before | Show file after | Hide comments
@@ -1,5 +1,5
1 1 ## 介绍
2 `rpi23-gen-image.sh` 是一个自动生成树莓派2/3系统镜像的脚本工具, 当前支持自动生成32位 armhf 架构的Debian, 发行版本`jessie`, `stretch``buster`. 树莓派3 64位镜像需要使用特定的配置参数 (```templates/rpi3-stretch-arm64-4.11.y```).
2 `rpi23-gen-image.sh` 是一个自动生成树莓派2/3系统镜像的脚本工具, 当前支持自动生成32位 armhf 架构的Debian, 发行版本`jessie`, `stretch``buster`. 树莓派3 64位镜像需要使用特定的配置参数 (```templates/rpi3-stretch-arm64-4.14.y```).
3 3
4 4 ## 构建环境所依赖的包
5 5 一定要安装好下列deb包, 他们是构建过程需要的核心包. 脚本会自动检查, 如果缺少,经用户确认后会自动安装.
@@ -151,10 +151,10 CONFIG_TEMPLATE=rpi2stretch ./rpi23-gen-image.sh
151 151 允许串行控制台接口. 没有连接显示器键盘的树莓派推荐打开, 此时如果网络无法连接至树莓派, 可以使用串行控制台连至系统.
152 152
153 153 ##### `ENABLE_I2C`=false
154 允许树莓派2/3的 I2C 接口. 请对照 [树莓派2/3 引脚示意图](http://elinux.org/RPi_Low-level_peripherals) 正确连接 GPIO 引脚.
154 允许树莓派2/3的 I2C 接口. 请对照 [树莓派2/3 引脚示意图](https://elinux.org/RPi_Low-level_peripherals) 正确连接 GPIO 引脚.
155 155
156 156 ##### `ENABLE_SPI`=false
157 允许树莓派2/3的 SPI 接口. 请对照 [树莓派2/3 引脚示意图](http://elinux.org/RPi_Low-level_peripherals) 正确连接 GPIO 引脚.
157 允许树莓派2/3的 SPI 接口. 请对照 [树莓派2/3 引脚示意图](https://elinux.org/RPi_Low-level_peripherals) 正确连接 GPIO 引脚.
158 158
159 159 ##### `ENABLE_IPV6`=true
160 160 允许 IPv6 . 通过 systemd-networkd 配置管理网络接口.
@@ -199,10 +199,10 CONFIG_TEMPLATE=rpi2stretch ./rpi23-gen-image.sh
199 199 卸载包、删除文件以减小体积 详情查看 `REDUCE_*` 参数.
200 200
201 201 ##### `ENABLE_UBOOT`=false
202 使用 [U-Boot 引导器](http://git.denx.de/?p=u-boot.git;a=summary) 替代树莓派2/3 默认的第二阶段引导器(bootcode.bin). U-Boot 可以通过网络使用 BOOTP/TFTP 协议引导镜像文件.
202 使用 [U-Boot 引导器](https://git.denx.de/?p=u-boot.git;a=summary) 替代树莓派2/3 默认的第二阶段引导器(bootcode.bin). U-Boot 可以通过网络使用 BOOTP/TFTP 协议引导镜像文件.
203 203
204 204 ##### `UBOOTSRC_DIR`=""
205 存放已下载 [U-Boot 引导器源文件](http://git.denx.de/?p=u-boot.git;a=summary) 的目录(`u-boot`).
205 存放已下载 [U-Boot 引导器源文件](https://git.denx.de/?p=u-boot.git;a=summary) 的目录(`u-boot`).
206 206
207 207 ##### `ENABLE_FBTURBO`=false
208 208 安装并且允许 [硬件加速的 Xorg 显卡驱动](https://github.com/ssvb/xf86-video-fbturbo) `fbturbo`. 当前仅支持窗口的移动和滚动的硬件加速.
@@ -444,7 +444,7 bmaptool copy ./images/jessie/2017-01-23-rpi3-jessie-root.img /dev/sdc
444 444 * [Debian 交叉工具链 Wiki](https://wiki.debian.org/CrossToolchains)
445 445 * [Github上的树莓派官方固件](https://github.com/raspberrypi/firmware)
446 446 * [Github上的树莓派官方内核](https://github.com/raspberrypi/linux)
447 * [U-BOOT git 仓库](http://git.denx.de/?p=u-boot.git;a=summary)
447 * [U-BOOT git 仓库](https://git.denx.de/?p=u-boot.git;a=summary)
448 448 * [Xorg DDX fbturbo驱动](https://github.com/ssvb/xf86-video-fbturbo)
449 449 * [树莓派3无线接口固件](https://github.com/RPi-Distro/firmware-nonfree/tree/master/brcm80211/brcm)
450 450 * [Collabora 树莓派2预编译内核](https://repositories.collabora.co.uk/debian/)
Show file before | Show file after | Hide comments
@@ -1,26 +1,19
1 1 # rpi23-gen-image
2 2 ## Introduction
3 3
4
4 5 `rpi23-gen-image.sh` is an advanced Debian Linux bootstrapping shell script for generating Debian OS images for Raspberry Pi 2 (RPi2) and Raspberry Pi 3 (RPi3) computers. The script at this time supports the bootstrapping of the Debian (armhf) releases `jessie`, `stretch` and `buster`. Raspberry Pi 3 images are generated for 32-bit mode only. Raspberry Pi 3 64-bit images can be generated using custom configuration parameters (```templates/rpi3-stretch-arm64-4.11.y```).
5 6
6 7
8
7 9 ## Build dependencies
8 10 The following list of Debian packages must be installed on the build system because they are essentially required for the bootstrapping process. The script will check if all required packages are installed and missing packages will be installed automatically if confirmed by the user.
9 11
10 12 ```debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git bc psmisc dbus sudo```
11 13
12 It is recommended to configure the `rpi23-gen-image.sh` script to build and install the latest Raspberry Pi Linux kernel. For the RPi3 this is mandatory. Kernel compilation and linking will be performed on the build system using an ARM (armhf) cross-compiler toolchain.
13
14 The script has been tested using the default `crossbuild-essential-armhf` toolchain meta package on Debian Linux `jessie` and `stretch` build systems. Please check the [Debian CrossToolchains Wiki](https://wiki.debian.org/CrossToolchains) for further information.
14 It is recommended to configure the `rpi23-gen-image.sh` script to build and install the latest Raspberry Pi Linux kernel. For the Raspberry 3 this is mandatory. Kernel compilation and linking will be performed on the build system using an ARM (armhf/armel) cross-compiler toolchain.
15 15
16 If a Debian Linux `jessie` build system is used it will be required to add the [Debian Cross-toolchains repository](http://emdebian.org/tools/debian/) first:
17
18 ```
19 echo "deb http://emdebian.org/tools/debian/ jessie main" > /etc/apt/sources.list.d/crosstools.list
20 sudo -u nobody wget -O - http://emdebian.org/tools/debian/emdebian-toolchain-archive.key | apt-key add -
21 dpkg --add-architecture armhf
22 apt-get update
23 ```
16 The script has been tested using the default `crossbuild-essential-armhf` and `crossbuild-essential-armel` toolchain meta packages on Debian Linux `stretch` build systems. Please check the [Debian CrossToolchains Wiki](https://wiki.debian.org/CrossToolchains) for further information.
24 17
25 18 ## Command-line parameters
26 19 The script accepts certain command-line parameters to enable or disable specific OS features, services and configuration settings. These parameters are passed to the `rpi23-gen-image.sh` script via (simple) shell-variables. Unlike environment shell-variables (simple) shell-variables are defined at the beginning of the command-line call of the `rpi23-gen-image.sh` script.
@@ -57,22 +50,34 CONFIG_TEMPLATE=rpi2stretch ./rpi23-gen-image.sh
57 50 Set Debian packages server address. Choose a server from the list of Debian worldwide [mirror sites](https://www.debian.org/mirror/list). Using a nearby server will probably speed-up all required downloads within the bootstrapping process.
58 51
59 52 ##### `APT_PROXY`=""
60 Set Proxy server address. Using a local Proxy-Cache like `apt-cacher-ng` will speed-up the bootstrapping process because all required Debian packages will only be downloaded from the Debian mirror site once.
53 Set Proxy server address. Using a local Proxy-Cache like `apt-cacher-ng` will speed-up the bootstrapping process because all required Debian packages will only be downloaded from the Debian mirror site once. If `apt-cacher-ng` is running on default `http://127.0.0.1:3142` it is autodetected and you don't need to set this.
54
55 ##### `KEEP_APT_PROXY`=false
56 Keep the APT_PROXY settings used in the bootsrapping process in the generated image.
61 57
62 58 ##### `APT_INCLUDES`=""
63 A comma separated list of additional packages to be installed by debootstrap during bootstrapping.
59 A comma-separated list of additional packages to be installed by debootstrap during bootstrapping.
64 60
65 61 ##### `APT_INCLUDES_LATE`=""
66 A comma separated list of additional packages to be installed by apt after bootstrapping and after APT sources are set up. This is useful for packages with pre-depends, which debootstrap do not handle well.
62 A comma-separated list of additional packages to be installed by apt after bootstrapping and after APT sources are set up. This is useful for packages with pre-depends, which debootstrap do not handle well.
67 63
68 64 ---
69 65
70 66 #### General system settings:
67 ##### `SET_ARCH`=32
68 Set Architecture to default 32bit. If you want to compile 64-bit (RPI3 or RPI3+) set it to `64`. This option will set every needed cross-compiler or board specific option for a successful build.
69
71 70 ##### `RPI_MODEL`=2
72 Specifiy the target Raspberry Pi hardware model. The script at this time supports the Raspberry Pi models `2` and `3`. `BUILD_KERNEL`=true will automatically be set if the Raspberry Pi model `3` is used.
71 Specify the target Raspberry Pi hardware model. The script at this time supports the following Raspberry Pi models:
72 - `0` = Raspberry Pi 0 and Raspberry Pi 0 W
73 - `1` = Raspberry Pi 1 model A and B
74 - `1P` = Raspberry Pi 1 model B+ and A+
75 - `2` = Raspberry Pi 2 model B
76 - `3` = Raspberry Pi 3 model B
77 - `3P` = Raspberry Pi 3 model B+
73 78
74 ##### `RELEASE`="jessie"
75 Set the desired Debian release name. The script at this time supports the bootstrapping of the Debian releases "jessie", "stretch" and "buster". `BUILD_KERNEL`=true will automatically be set if the Debian releases `stretch` or `buster` are used.
79 ##### `RELEASE`="buster"
80 Set the desired Debian release name. The script at this time supports the bootstrapping of the Debian releases `stretch` and `buster`.
76 81
77 82 ##### `RELEASE_ARCH`="armhf"
78 83 Set the desired Debian release architecture.
@@ -95,6 +100,12 Set default system timezone. All available timezones can be found in the `/usr/s
95 100 ##### `EXPANDROOT`=true
96 101 Expand the root partition and filesystem automatically on first boot.
97 102
103 ##### `ENABLE_DPHYSSWAP`=true
104 Enable swap. The size of the swapfile is chosen relative to the size of the root partition. It'll use the `dphys-swapfile` package for that.
105
106 ##### `ENABLE_QEMU`=false
107 Generate kernel (`vexpress_defconfig`), file system image (`qcow2`) and DTB files that can be used for QEMU full system emulation (`vexpress-A15`). The output files are stored in the `$(pwd)/images/qemu` directory. You can find more information about running the generated image in the QEMU section of this readme file.
108
98 109 ---
99 110
100 111 #### Keyboard settings:
@@ -115,7 +126,7 Set extra xkb configuration options.
115 126 ---
116 127
117 128 #### Networking settings (DHCP):
118 This parameter is used to set up networking auto configuration in `/etc/systemd/network/eth.network`. The default location of network configuration files in the Debian `stretch` release was changed to `/lib/systemd/network`.`
129 This parameter is used to set up networking auto-configuration in `/etc/systemd/network/eth.network`. The default location of network configuration files in the Debian `stretch` release was changed to `/lib/systemd/network`.`
119 130
120 131 ##### `ENABLE_DHCP`=true
121 132 Set the system to use DHCP. This requires an DHCP server.
@@ -150,13 +161,25 Set the IP address for the second NTP server.
150 161
151 162 #### Basic system features:
152 163 ##### `ENABLE_CONSOLE`=true
153 Enable serial console interface. Recommended if no monitor or keyboard is connected to the RPi2/3. In case of problems fe. if the network (auto) configuration failed - the serial console can be used to access the system.
164 Enable serial console interface. Recommended if no monitor or keyboard is connected to the RPi2/3. In case of problems fe. if the network (auto) configuration failed - the serial console can be used to access the system. On RPI `0` `3` `3P` the CPU speed is locked at lowest speed.
165
166 ##### `ENABLE_PRINTK`=false
167 Enables printing kernel messages to konsole. printk is `3 4 1 3` as in raspbian.
168
169 ##### `ENABLE_BLUETOOTH`=false
170 Enable onboard Bluetooth interface on the RPi0/3/3P. See: [Configuring the GPIO serial port on Raspbian jessie and stretch](https://spellfoundry.com/2016/05/29/configuring-gpio-serial-port-raspbian-jessie-including-pi-3/).
171
172 ##### `ENABLE_MINIUART_OVERLAY`=false
173 Enable Bluetooth to use this. Adds overlay to swap UART0 with UART1. Enabling (slower) Bluetooth and full speed serial console. - RPI `0` `3` `3P` have a fast `hardware UART0` (ttyAMA0) and a `mini UART1` (ttyS0)! RPI `1` `1P` `2` only have a `hardware UART0`. `UART0` is considered better, because is faster and more stable than `mini UART1`. By default the Bluetooth modem is mapped to the `hardware UART0` and `mini UART` is used for console. The `mini UART` is a problem for the serial console, because its baudrate depends on the CPU frequency, which is changing on runtime. Resulting in a volatile baudrate and thus in an unusable serial console.
174
175 ##### `ENABLE_TURBO`=false
176 Enable Turbo mode. This setting locks cpu at the highest frequency. As setting ENABLE_CONSOLE=true locks RPI to lowest CPU speed, this is can be used additionally to lock cpu hat max speed. Need a good power supply and probably cooling for the Raspberry PI.
154 177
155 178 ##### `ENABLE_I2C`=false
156 Enable I2C interface on the RPi2/3. Please check the [RPi2/3 pinout diagrams](http://elinux.org/RPi_Low-level_peripherals) to connect the right GPIO pins.
179 Enable I2C interface on the RPi 0/1/2/3. Please check the [RPi 0/1/2/3 pinout diagrams](https://elinux.org/RPi_Low-level_peripherals) to connect the right GPIO pins.
157 180
158 181 ##### `ENABLE_SPI`=false
159 Enable SPI interface on the RPi2/3. Please check the [RPi2/3 pinout diagrams](http://elinux.org/RPi_Low-level_peripherals) to connect the right GPIO pins.
182 Enable SPI interface on the RPi 0/1/2/3. Please check the [RPi 0/1/2/3 pinout diagrams](https://elinux.org/RPi_Low-level_peripherals) to connect the right GPIO pins.
160 183
161 184 ##### `ENABLE_IPV6`=true
162 185 Enable IPv6 support. The network interface configuration is managed via systemd-networkd.
@@ -168,17 +191,16 Install and enable OpenSSH service. The default configuration of the service doe
168 191 Allow the installation of non-free Debian packages that do not comply with the DFSG. This is required to install closed-source firmware binary blobs.
169 192
170 193 ##### `ENABLE_WIRELESS`=false
171 Download and install the [closed-source firmware binary blob](https://github.com/RPi-Distro/firmware-nonfree/tree/master/brcm80211/brcm) that is required to run the internal wireless interface of the Raspberry Pi model `3`. This parameter is ignored if the specified `RPI_MODEL` is not `3`.
194 Download and install the [closed-source firmware binary blob](https://github.com/RPi-Distro/firmware-nonfree/raw/master/brcm) that is required to run the internal wireless interface of the Raspberry Pi model `3`. This parameter is ignored if the specified `RPI_MODEL` is not `3`.
172 195
173 196 ##### `ENABLE_RSYSLOG`=true
174 If set to false, disable and uninstall rsyslog (so logs will be available only
175 in journal files)
197 If set to false, disable and uninstall rsyslog (so logs will be available only in journal files)
176 198
177 199 ##### `ENABLE_SOUND`=true
178 200 Enable sound hardware and install Advanced Linux Sound Architecture.
179 201
180 202 ##### `ENABLE_HWRANDOM`=true
181 Enable Hardware Random Number Generator. Strong random numbers are important for most network based communications that use encryption. It's recommended to be enabled.
203 Enable Hardware Random Number Generator. Strong random numbers are important for most network-based communications that use encryption. It's recommended to be enabled.
182 204
183 205 ##### `ENABLE_MINGPU`=false
184 206 Minimize the amount of shared memory reserved for the GPU. It doesn't seem to be possible to fully disable the GPU.
@@ -190,11 +212,17 Install and enable D-Bus message bus. Please note that systemd should work witho
190 212 Install Xorg open-source X Window System.
191 213
192 214 ##### `ENABLE_WM`=""
193 Install a user defined window manager for the X Window System. To make sure all X related package dependencies are getting installed `ENABLE_XORG` will automatically get enabled if `ENABLE_WM` is used. The `rpi23-gen-image.sh` script has been tested with the following list of window managers: `blackbox`, `openbox`, `fluxbox`, `jwm`, `dwm`, `xfce4`, `awesome`.
215 Install a user-defined window manager for the X Window System. To make sure all X related package dependencies are getting installed `ENABLE_XORG` will automatically get enabled if `ENABLE_WM` is used. The `rpi23-gen-image.sh` script has been tested with the following list of window managers: `blackbox`, `openbox`, `fluxbox`, `jwm`, `dwm`, `xfce4`, `awesome`.
216
217 ##### `ENABLE_SYSVINIT`=false
218 Support for halt,init,poweroff,reboot,runlevel,shutdown,telinit commands
194 219
195 220 ---
196 221
197 222 #### Advanced system features:
223 ##### `ENABLE_SYSTEMDSWAP`=false
224 Enables [Systemd-swap service](https://github.com/Nefelim4ag/systemd-swap). Usefull if `KERNEL_ZSWAP` is enabled.
225
198 226 ##### `ENABLE_MINBASE`=false
199 227 Use debootstrap script variant `minbase` which only includes essential packages and apt. This will reduce the disk usage by about 65 MB.
200 228
@@ -202,10 +230,10 Use debootstrap script variant `minbase` which only includes essential packages
202 230 Reduce the disk space usage by deleting packages and files. See `REDUCE_*` parameters for detailed information.
203 231
204 232 ##### `ENABLE_UBOOT`=false
205 Replace the default RPi2/3 second stage bootloader (bootcode.bin) with [U-Boot bootloader](http://git.denx.de/?p=u-boot.git;a=summary). U-Boot can boot images via the network using the BOOTP/TFTP protocol.
233 Replace the default RPi 0/1/2/3 second stage bootloader (bootcode.bin) with [U-Boot bootloader](https://git.denx.de/?p=u-boot.git;a=summary). U-Boot can boot images via the network using the BOOTP/TFTP protocol.
206 234
207 235 ##### `UBOOTSRC_DIR`=""
208 Path to a directory (`u-boot`) of [U-Boot bootloader sources](http://git.denx.de/?p=u-boot.git;a=summary) that will be copied, configured, build and installed inside the chroot.
236 Path to a directory (`u-boot`) of [U-Boot bootloader sources](https://git.denx.de/?p=u-boot.git;a=summary) that will be copied, configured, build and installed inside the chroot.
209 237
210 238 ##### `ENABLE_FBTURBO`=false
211 239 Install and enable the [hardware accelerated Xorg video driver](https://github.com/ssvb/xf86-video-fbturbo) `fbturbo`. Please note that this driver is currently limited to hardware accelerated window moving and scrolling.
@@ -213,11 +241,23 Install and enable the [hardware accelerated Xorg video driver](https://github.c
213 241 ##### `FBTURBOSRC_DIR`=""
214 242 Path to a directory (`xf86-video-fbturbo`) of [hardware accelerated Xorg video driver sources](https://github.com/ssvb/xf86-video-fbturbo) that will be copied, configured, build and installed inside the chroot.
215 243
244 ##### `ENABLE_VIDEOCORE`=false
245 Install and enable the [ARM side libraries for interfacing to Raspberry Pi GPU](https://github.com/raspberrypi/userland) `vcgencmd`. Please note that this driver is currently limited to hardware accelerated window moving and scrolling.
246
247 ##### `VIDEOCORESRC_DIR`=""
248 Path to a directory (`userland`) of [ARM side libraries for interfacing to Raspberry Pi GPU](https://github.com/raspberrypi/userland) that will be copied, configured, build and installed inside the chroot.
249
250 ##### `ENABLE_NEXMON`=false
251 Install and enable the [Source code for a C-based firmware patching framework for Broadcom/Cypress WiFi chips that enables you to write your own firmware patches, for example, to enable monitor mode with radiotap headers and frame injection](https://github.com/seemoo-lab/nexmon.git).
252
253 ##### `NEXMONSRC_DIR`=""
254 Path to a directory (`nexmon`) of [Source code for ARM side libraries for interfacing to Raspberry Pi GPU](https://github.com/raspberrypi/userland) that will be copied, configured, build and installed inside the chroot.
255
216 256 ##### `ENABLE_IPTABLES`=false
217 257 Enable iptables IPv4/IPv6 firewall. Simplified ruleset: Allow all outgoing connections. Block all incoming connections except to OpenSSH service.
218 258
219 259 ##### `ENABLE_USER`=true
220 Create non-root user with password `USER_PASSWORD`=raspberry. Unless overridden with `USER_NAME`=user, username will be `pi`.
260 Create non-root user with password `USER_PASSWORD`=raspberry. Unless overridden with `USER_NAME`=user, the username will be `pi`.
221 261
222 262 ##### `USER_NAME`=pi
223 263 Non-root user to create. Ignored if `ENABLE_USER`=false
@@ -238,7 +278,16 Path to a directory with scripts that should be run in the chroot before the ima
238 278 Create an initramfs that that will be loaded during the Linux startup process. `ENABLE_INITRAMFS` will automatically get enabled if `ENABLE_CRYPTFS`=true. This parameter will be ignored if `BUILD_KERNEL`=false.
239 279
240 280 ##### `ENABLE_IFNAMES`=true
241 Enable automatic assignment of predictable, stable network interface names for all local Ethernet, WLAN interfaces. This might create complex and long interface names. This parameter is only supported if the Debian releases `stretch` or `buster` are used.
281 Enable automatic assignment of predictable, stable network interface names for all local Ethernet, WLAN interfaces. This might create complex and long interface names.
282
283 ##### `ENABLE_SPLASH`=true
284 Enable default Raspberry Pi boot up rainbow splash screen.
285
286 ##### `ENABLE_LOGO`=true
287 Enable default Raspberry Pi console logo (image of four raspberries in the top left corner).
288
289 ##### `ENABLE_SILENT_BOOT`=false
290 Set the verbosity of console messages shown during boot up to a strict minimum.
242 291
243 292 ##### `DISABLE_UNDERVOLT_WARNINGS`=
244 293 Disable RPi2/3 under-voltage warnings and overlays. Setting the parameter to `1` will disable the warning overlay. Setting it to `2` will additionally allow RPi2/3 turbo mode when low-voltage is present.
@@ -247,10 +296,10 Disable RPi2/3 under-voltage warnings and overlays. Setting the parameter to `1`
247 296
248 297 #### SSH settings:
249 298 ##### `SSH_ENABLE_ROOT`=false
250 Enable password root login via SSH. This may be a security risk with default password, use only in trusted environments. `ENABLE_ROOT` must be set to `true`.
299 Enable password-based root login via SSH. This may be a security risk with the default password set, use only in trusted environments. `ENABLE_ROOT` must be set to `true`.
251 300
252 301 ##### `SSH_DISABLE_PASSWORD_AUTH`=false
253 Disable password based SSH authentication. Only public key based SSH (v2) authentication will be supported.
302 Disable password-based SSH authentication. Only public key based SSH (v2) authentication will be supported.
254 303
255 304 ##### `SSH_LIMIT_USERS`=false
256 305 Limit the users that are allowed to login via SSH. Only allow user `USER_NAME`=pi and root if `SSH_ENABLE_ROOT`=true to login. This parameter will be ignored if `dropbear` SSH is used (`REDUCE_SSHD`=true).
@@ -264,11 +313,11 Add SSH (v2) public key(s) from specified file to `authorized_keys` file to enab
264 313 ---
265 314
266 315 #### Kernel compilation:
267 ##### `BUILD_KERNEL`=false
268 Build and install the latest RPi2/3 Linux kernel. Currently only the default RPi2/3 kernel configuration is used. `BUILD_KERNEL`=true will automatically be set if the Raspberry Pi model `3` is used.
316 ##### `BUILD_KERNEL`=true
317 Build and install the latest RPi 0/1/2/3 Linux kernel. Currently only the default RPi 0/1/2/3 kernel configuration is used.
269 318
270 319 ##### `CROSS_COMPILE`="arm-linux-gnueabihf-"
271 This sets the cross compile enviornment for the compiler.
320 This sets the cross-compile environment for the compiler.
272 321
273 322 ##### `KERNEL_ARCH`="arm"
274 323 This sets the kernel architecture for the compiler.
@@ -286,17 +335,23 Sets the QEMU enviornment for the Debian archive. If not set, `QEMU_BINARY` will
286 335 Sets the default config for kernel compiling. If not set, `KERNEL_DEFCONFIG` will be set to "bcmrpi3\_defconfig" automatically if building for arm64.
287 336
288 337 ##### `KERNEL_REDUCE`=false
289 Reduce the size of the generated kernel by removing unwanted device, network and filesystem drivers (experimental).
338 Reduce the size of the generated kernel by removing unwanted devices, network and filesystem drivers (experimental).
290 339
291 340 ##### `KERNEL_THREADS`=1
292 341 Number of parallel kernel building threads. If the parameter is left untouched the script will automatically determine the number of CPU cores to set the number of parallel threads to speed the kernel compilation.
293 342
294 343 ##### `KERNEL_HEADERS`=true
295 Install kernel headers with built kernel.
344 Install kernel headers with the built kernel.
296 345
297 346 ##### `KERNEL_MENUCONFIG`=false
298 347 Start `make menuconfig` interactive menu-driven kernel configuration. The script will continue after `make menuconfig` was terminated.
299 348
349 ##### `KERNEL_OLDDEFCONFIG`=false
350 Run `make olddefconfig` to automatically set all new kernel configuration options to their recommended default values.
351
352 ##### `KERNEL_CCACHE`=false
353 Compile the kernel using ccache. This speeds up kernel recompilation by caching previous compilations and detecting when the same compilation is being done again.
354
300 355 ##### `KERNEL_REMOVESRC`=true
301 356 Remove all kernel sources from the generated OS image after it was built and installed.
302 357
@@ -318,6 +373,24 With this parameter set to true the script expects the existing kernel sources d
318 373 ##### `RPI_FIRMWARE_DIR`=""
319 374 The directory (`firmware`) containing a local copy of the firmware from the [RaspberryPi firmware project](https://github.com/raspberrypi/firmware). Default is to download the latest firmware directly from the project.
320 375
376 ##### `KERNEL_DEFAULT_GOV`="ONDEMAND"
377 Set the default cpu governor at kernel compilation. Supported values are: PERFORMANCE POWERSAVE USERSPACE ONDEMAND CONSERVATIVE SCHEDUTIL
378
379 ##### `KERNEL_NF`=false
380 Enable Netfilter modules as kernel modules
381
382 ##### `KERNEL_VIRT`=false
383 Enable Kernel KVM support (/dev/kvm)
384
385 ##### `KERNEL_ZSWAP`=false
386 Enable Kernel Zswap support. Best use on high RAM load and mediocre CPU load usecases
387
388 ##### `KERNEL_BPF`=true
389 Allow attaching eBPF programs to a cgroup using the bpf syscall (CONFIG_BPF_SYSCALL CONFIG_CGROUP_BPF) [systemd compilations about it - File /lib/systemd/system/systemd-journald.server:36 configures an IP firewall (IPAddressDeny=all), but the local system does not support BPF/cgroup based firewalls]
390
391 ##### `KERNEL_SECURITY`=false
392 Enables Apparmor, integrity subsystem, auditing.
393
321 394 ---
322 395
323 396 #### Reduce disk usage:
@@ -365,6 +438,12 Set cipher specification string. `aes-xts*` ciphers are strongly recommended.
365 438 ##### `CRYPTFS_XTSKEYSIZE`=512
366 439 Sets key size in bits. The argument has to be a multiple of 8.
367 440
441 ##### `CRYPTFS_DROPBEAR`=false
442 Enable Dropbear Initramfs support
443
444 ##### `CRYPTFS_DROPBEAR_PUBKEY`=""
445 Provide path to dropbear Public RSA-OpenSSH Key
446
368 447 ---
369 448
370 449 #### Build settings:
@@ -382,9 +461,9 The functions of this script that are required for the different stages of the b
382 461 | `10-bootstrap.sh` | Debootstrap basic system |
383 462 | `11-apt.sh` | Setup APT repositories |
384 463 | `12-locale.sh` | Setup Locales and keyboard settings |
385 | `13-kernel.sh` | Build and install RPi2/3 Kernel |
464 | `13-kernel.sh` | Build and install RPi 0/1/2/3 Kernel |
386 465 | `14-fstab.sh` | Setup fstab and initramfs |
387 | `15-rpi-config.sh` | Setup RPi2/3 config and cmdline |
466 | `15-rpi-config.sh` | Setup RPi 0/1/2/3 config and cmdline |
388 467 | `20-networking.sh` | Setup Networking |
389 468 | `21-firewall.sh` | Setup Firewall |
390 469 | `30-security.sh` | Setup Users and Security settings |
@@ -392,6 +471,7 The functions of this script that are required for the different stages of the b
392 471 | `32-sshd.sh` | Setup SSH and public keys |
393 472 | `41-uboot.sh` | Build and Setup U-Boot |
394 473 | `42-fbturbo.sh` | Build and Setup fbturbo Xorg driver |
474 | `43-videocore.sh` | Build and Setup videocore libraries |
395 475 | `50-firstboot.sh` | First boot actions |
396 476 | `99-reduce.sh` | Reduce the disk space usage |
397 477
@@ -400,7 +480,7 All the required configuration files that will be copied to the generated OS ima
400 480 | Directory | Description |
401 481 | --- | --- |
402 482 | `apt` | APT management configuration files |
403 | `boot` | Boot and RPi2/3 configuration files |
483 | `boot` | Boot and RPi 0/1/2/3 configuration files |
404 484 | `dpkg` | Package Manager configuration |
405 485 | `etc` | Configuration files and rc scripts |
406 486 | `firstboot` | Scripts that get executed on first boot |
@@ -426,21 +506,39 script -c 'APT_SERVER=ftp.de.debian.org ./rpi23-gen-image.sh' ./build.log
426 506 ```
427 507
428 508 ## Flashing the image file
429 After the image file was successfully created by the `rpi23-gen-image.sh` script it can be copied to the microSD card that will be used by the RPi2/3 computer. This can be performed by using the tools `bmaptool` or `dd`. Using `bmaptool` will probably speed-up the copy process because `bmaptool` copies more wisely than `dd`.
509 After the image file was successfully created by the `rpi23-gen-image.sh` script it can be copied to the microSD card that will be used by the RPi 0/1/2/3 computer. This can be performed by using the tools `bmaptool` or `dd`. Using `bmaptool` will probably speed-up the copy process because `bmaptool` copies more wisely than `dd`.
430 510
431 511 ##### Flashing examples:
432 512 ```shell
433 bmaptool copy ./images/jessie/2017-01-23-rpi3-jessie.img /dev/mmcblk0
434 dd bs=4M if=./images/jessie/2017-01-23-rpi3-jessie.img of=/dev/mmcblk0
513 bmaptool copy ./images/buster/2017-01-23-rpi3-buster.img /dev/mmcblk0
514 dd bs=4M if=./images/buster/2017-01-23-rpi3-buster.img of=/dev/mmcblk0
435 515 ```
436 516 If you have set `ENABLE_SPLITFS`, copy the `-frmw` image on the microSD card, then the `-root` one on the USB drive:
437 517 ```shell
438 bmaptool copy ./images/jessie/2017-01-23-rpi3-jessie-frmw.img /dev/mmcblk0
439 bmaptool copy ./images/jessie/2017-01-23-rpi3-jessie-root.img /dev/sdc
518 bmaptool copy ./images/buster/2017-01-23-rpi3-buster-frmw.img /dev/mmcblk0
519 bmaptool copy ./images/buster/2017-01-23-rpi3-buster-root.img /dev/sdc
520 ```
521
522 ## QEMU emulation
523 Start QEMU full system emulation:
524 ```shell
525 qemu-system-arm -m 2048M -M vexpress-a15 -cpu cortex-a15 -kernel kernel7.img -no-reboot -dtb vexpress-v2p-ca15_a7.dtb -sd ${IMAGE_NAME}.qcow2 -append "root=/dev/mmcblk0p2 rw rootfstype=ext4 console=tty1"
526 ```
527
528 Start QEMU full system emulation and output to console:
529 ```shell
530 qemu-system-arm -m 2048M -M vexpress-a15 -cpu cortex-a15 -kernel kernel7.img -no-reboot -dtb vexpress-v2p-ca15_a7.dtb -sd ${IMAGE_NAME}.qcow2 -append "root=/dev/mmcblk0p2 rw rootfstype=ext4 console=ttyAMA0,115200 init=/bin/systemd" -serial stdio
531 ```
532
533 Start QEMU full system emulation with SMP and output to console:
534 ```shell
535 qemu-system-arm -m 2048M -M vexpress-a15 -cpu cortex-a15 -smp cpus=2,maxcpus=2 -kernel kernel7.img -no-reboot -dtb vexpress-v2p-ca15_a7.dtb -sd ${IMAGE_NAME}.qcow2 -append "root=/dev/mmcblk0p2 rw rootfstype=ext4 console=ttyAMA0,115200 init=/bin/systemd" -serial stdio
536 ```
537
538 Start QEMU full system emulation with cryptfs, initramfs and output to console:
539 ```shell
540 qemu-system-arm -m 2048M -M vexpress-a15 -cpu cortex-a15 -kernel kernel7.img -no-reboot -dtb vexpress-v2p-ca15_a7.dtb -sd ${IMAGE_NAME}.qcow2 -initrd "initramfs-${KERNEL_VERSION}" -append "root=/dev/mapper/secure cryptdevice=/dev/mmcblk0p2:secure rw rootfstype=ext4 console=ttyAMA0,115200 init=/bin/systemd" -serial stdio
440 541 ```
441 ## Weekly image builds
442 The image files are provided by JRWR'S I/O PORT and are built once a Sunday at midnight UTC!
443 * [Debian Stretch Raspberry Pi2/3 Weekly Image Builds](https://jrwr.io/doku.php?id=projects:debianpi)
444 542
445 543 ## External links and references
446 544 * [Debian worldwide mirror sites](https://www.debian.org/mirror/list)
@@ -448,7 +546,7 The image files are provided by JRWR'S I/O PORT and are built once a Sunday at m
448 546 * [Debian CrossToolchains Wiki](https://wiki.debian.org/CrossToolchains)
449 547 * [Official Raspberry Pi Firmware on github](https://github.com/raspberrypi/firmware)
450 548 * [Official Raspberry Pi Kernel on github](https://github.com/raspberrypi/linux)
451 * [U-BOOT git repository](http://git.denx.de/?p=u-boot.git;a=summary)
549 * [U-BOOT git repository](https://git.denx.de/?p=u-boot.git;a=summary)
452 550 * [Xorg DDX driver fbturbo](https://github.com/ssvb/xf86-video-fbturbo)
453 * [RPi3 Wireless interface firmware](https://github.com/RPi-Distro/firmware-nonfree/tree/master/brcm80211/brcm)
551 * [RPi3 Wireless interface firmware](https://github.com/RPi-Distro/firmware-nonfree/tree/master/brcm)
454 552 * [Collabora RPi2 Kernel precompiled](https://repositories.collabora.co.uk/debian/)
Show file before | Show file after | Hide comments
@@ -7,7 +7,6
7 7
8 8 VARIANT=""
9 9 COMPONENTS="main"
10 EXCLUDES=""
11 10
12 11 # Use non-free Debian packages if needed
13 12 if [ "$ENABLE_NONFREE" = true ] ; then
@@ -19,13 +18,15 if [ "$ENABLE_MINBASE" = true ] ; then
19 18 VARIANT="--variant=minbase"
20 19 fi
21 20
21
22 22 # Exclude packages if required by Debian release
23 23 if [ "$RELEASE" = "stretch" ] || [ "$RELEASE" = "buster" ] ; then
24 24 EXCLUDES="--exclude=init,systemd-sysv"
25 25 fi
26 26
27
27 28 # Base debootstrap (unpack only)
28 http_proxy=${APT_PROXY} debootstrap ${EXCLUDES} --arch="${RELEASE_ARCH}" --foreign ${VARIANT} --components="${COMPONENTS}" --include="${APT_INCLUDES}" "${RELEASE}" "${R}" "http://${APT_SERVER}/debian"
29 http_proxy=${APT_PROXY} debootstrap ${APT_EXCLUDES} --arch="${RELEASE_ARCH}" --foreign ${VARIANT} --components="${COMPONENTS}" --include="${APT_INCLUDES}" "${RELEASE}" "${R}" "http://${APT_SERVER}/debian"
29 30
30 31 # Copy qemu emulator binary to chroot
31 32 install -m 755 -o root -g root "${QEMU_BINARY}" "${R}${QEMU_BINARY}"
Show file before | Show file after | Hide comments
@@ -32,25 +32,28 else # BUILD_KERNEL=true
32 32 sed -i "s/ jessie/ ${RELEASE}/" "${ETC_DIR}/apt/sources.list"
33 33 fi
34 34
35 # Allow the installation of non-free Debian packages
36 if [ "$ENABLE_NONFREE" = true ] ; then
37 sed -i "s/ contrib/ contrib non-free/" "${ETC_DIR}/apt/sources.list"
38 fi
35
36 # Use specified APT server and release
37 sed -i "s/\/ftp.debian.org\//\/${APT_SERVER}\//" "${ETC_DIR}/apt/sources.list"
38 sed -i "s/ stretch/ ${RELEASE}/" "${ETC_DIR}/apt/sources.list"
39 39
40 40 # Upgrade package index and update all installed packages and changed dependencies
41 41 chroot_exec apt-get -qq -y update
42 42 chroot_exec apt-get -qq -y -u dist-upgrade
43 43
44 # Install additional packages
44 45 if [ "$APT_INCLUDES_LATE" ] ; then
45 chroot_exec apt-get -qq -y install $(echo $APT_INCLUDES_LATE |tr , ' ')
46 chroot_exec apt-get -qq -y install $(echo "$APT_INCLUDES_LATE" |tr , ' ')
46 47 fi
47 48
49 # Install Debian custom packages
48 50 if [ -d packages ] ; then
49 51 for package in packages/*.deb ; do
50 cp $package ${R}/tmp
51 chroot_exec dpkg --unpack /tmp/$(basename $package)
52 cp "$package" "${R}"/tmp
53 chroot_exec dpkg --unpack /tmp/"$(basename "$package")"
52 54 done
53 55 fi
56
54 57 chroot_exec apt-get -qq -y -f install
55 58
56 59 chroot_exec apt-get -qq -y check
Show file before | Show file after | Hide comments
@@ -6,24 +6,32
6 6 . ./functions.sh
7 7
8 8 # Install and setup timezone
9 echo ${TIMEZONE} > "${ETC_DIR}/timezone"
9 echo "${TIMEZONE}" > "${ETC_DIR}/timezone"
10 if [ -f "${ETC_DIR}/localtime" ]; then
11 # 1. If 11-apt.sh upgrades the package 'tzdata', '/etc/localtime' was created
12 # because 'dpkg-reconfigure -f noninteractive tzdata' was executed by apt-get.
13 # 2. If '/etc/localtime' exists, our execution of 'dpkg-reconfigure -f noninteractive tzdata'
14 # will ignore the our timezone set in '/etc/timezone'.
15 # 3. Removing /etc/localtime will solve this.
16 rm -f "${ETC_DIR}/localtime"
17 fi
10 18 chroot_exec dpkg-reconfigure -f noninteractive tzdata
11 19
12 20 # Install and setup default locale and keyboard configuration
13 if [ $(echo "$APT_INCLUDES" | grep ",locales") ] ; then
21 if [ "$(echo "$APT_INCLUDES" | grep ",locales")" ] ; then
14 22 # Set locale choice in debconf db, even though dpkg-reconfigure ignores and overwrites them due to some bug
15 23 # https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=684134 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=685957
16 24 # ... so we have to set locales manually
17 25 if [ "$DEFLOCAL" = "en_US.UTF-8" ] ; then
18 chroot_exec echo "locales locales/locales_to_be_generated multiselect ${DEFLOCAL} UTF-8" | debconf-set-selections
26 chroot_exec echo "locales locales/locales_to_be_generated multiselect ${DEFLOCAL} UTF-8 | debconf-set-selections"
19 27 else
20 28 # en_US.UTF-8 should be available anyway : https://www.debian.org/doc/manuals/debian-reference/ch08.en.html#_the_reconfiguration_of_the_locale
21 chroot_exec echo "locales locales/locales_to_be_generated multiselect en_US.UTF-8 UTF-8, ${DEFLOCAL} UTF-8" | debconf-set-selections
29 chroot_exec echo "locales locales/locales_to_be_generated multiselect en_US.UTF-8 UTF-8, ${DEFLOCAL} UTF-8 | debconf-set-selections"
22 30 sed -i "/en_US.UTF-8/s/^#//" "${ETC_DIR}/locale.gen"
23 31 fi
24 32
25 33 sed -i "/${DEFLOCAL}/s/^#//" "${ETC_DIR}/locale.gen"
26 chroot_exec echo "locales locales/default_environment_locale select ${DEFLOCAL}" | debconf-set-selections
34 chroot_exec echo "locales locales/default_environment_locale select ${DEFLOCAL} | debconf-set-selections"
27 35 chroot_exec locale-gen
28 36 chroot_exec update-locale LANG="${DEFLOCAL}"
29 37
Show file before | Show file after | Hide comments
@@ -5,15 +5,23
5 5 # Load utility functions
6 6 . ./functions.sh
7 7
8 # Need to use kali kernel src if nexmon is enabled
9 if [ "$ENABLE_NEXMON" = true ] ; then
10 KERNEL_URL="${KALI_KERNEL_URL}"
11 # Clear Branch and KernelSRC_DIR if using nexmon. Everyone will forget to clone kali kernel instead of nomrla kernel
12 KERNEL_BRANCH=""
13 KERNELSRC_DIR=""
14 fi
15
8 16 # Fetch and build latest raspberry kernel
9 17 if [ "$BUILD_KERNEL" = true ] ; then
10 18 # Setup source directory
11 mkdir -p "${R}/usr/src/linux"
19 mkdir -p "${KERNEL_DIR}"
12 20
13 21 # Copy existing kernel sources into chroot directory
14 22 if [ -n "$KERNELSRC_DIR" ] && [ -d "$KERNELSRC_DIR" ] ; then
15 23 # Copy kernel sources and include hidden files
16 cp -r "${KERNELSRC_DIR}/". "${R}/usr/src/linux"
24 cp -r "${KERNELSRC_DIR}/". "${KERNEL_DIR}"
17 25
18 26 # Clean the kernel sources
19 27 if [ "$KERNELSRC_CLEAN" = true ] && [ "$KERNELSRC_PREBUILT" = false ] ; then
@@ -25,13 +33,13 if [ "$BUILD_KERNEL" = true ] ; then
25 33
26 34 # Fetch current RPi2/3 kernel sources
27 35 if [ -z "${KERNEL_BRANCH}" ] ; then
28 as_nobody git -C "${temp_dir}" clone --depth=1 "${KERNEL_URL}" linux
36 as_nobody -H git -C "${temp_dir}" clone --depth=1 "${KERNEL_URL}" linux
29 37 else
30 as_nobody git -C "${temp_dir}" clone --depth=1 --branch "${KERNEL_BRANCH}" "${KERNEL_URL}" linux
38 as_nobody -H git -C "${temp_dir}" clone --depth=1 --branch "${KERNEL_BRANCH}" "${KERNEL_URL}" linux
31 39 fi
32 40
33 41 # Copy downloaded kernel sources
34 cp -r "${temp_dir}/linux/"* "${R}/usr/src/linux/"
42 cp -r "${temp_dir}/linux/"* "${KERNEL_DIR}"
35 43
36 44 # Remove temporary directory for kernel sources
37 45 rm -fr "${temp_dir}"
@@ -87,18 +95,353 if [ "$BUILD_KERNEL" = true ] ; then
87 95 # Load default raspberry kernel configuration
88 96 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" "${KERNEL_DEFCONFIG}"
89 97
90 if [ ! -z "$KERNELSRC_USRCONFIG" ] ; then
91 cp $KERNELSRC_USRCONFIG ${KERNEL_DIR}/.config
98 #Switch to KERNELSRC_DIR so we can use set_kernel_config
99 cd "${KERNEL_DIR}" || exit
100
101 if [ "$KERNEL_ARCH" = arm64 ] ; then
102 #Fix SD_DRIVER upstream and downstream mess in 64bit RPIdeb_config
103 # use correct driver MMC_BCM2835_MMC instead of MMC_BCM2835_SDHOST - see https://www.raspberrypi.org/forums/viewtopic.php?t=210225
104 set_kernel_config CONFIG_MMC_BCM2835 n
105 set_kernel_config CONFIG_MMC_SDHCI_IPROC n
106 set_kernel_config CONFIG_USB_DWC2 n
107 sed -i "s|depends on MMC_BCM2835_MMC && MMC_BCM2835_DMA|depends on MMC_BCM2835_MMC|" "${KERNEL_DIR}"/drivers/mmc/host/Kconfig
108
109 #VLAN got disabled without reason in arm64bit
110 set_kernel_config CONFIG_IPVLAN m
111 fi
112
113 # enable ZSWAP see https://askubuntu.com/a/472227 or https://wiki.archlinux.org/index.php/zswap
114 if [ "$KERNEL_ZSWAP" = true ] ; then
115 set_kernel_config CONFIG_ZPOOL y
116 set_kernel_config CONFIG_ZSWAP y
117 set_kernel_config CONFIG_ZBUD y
118 set_kernel_config CONFIG_Z3FOLD y
119 set_kernel_config CONFIG_ZSMALLOC y
120 set_kernel_config CONFIG_PGTABLE_MAPPING y
121 set_kernel_config CONFIG_LZO_COMPRESS y
122
123 fi
124
125 # enable basic KVM support; see https://www.raspberrypi.org/forums/viewtopic.php?f=63&t=210546&start=25#p1300453
126 if [ "$KERNEL_VIRT" = true ] && { [ "$RPI_MODEL" = 2 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; } ; then
127 set_kernel_config CONFIG_HAVE_KVM_IRQCHIP y
128 set_kernel_config CONFIG_HAVE_KVM_ARCH_TLB_FLUSH_ALL y
129 set_kernel_config CONFIG_HAVE_KVM_CPU_RELAX_INTERCEPT y
130 set_kernel_config CONFIG_HAVE_KVM_EVENTFD y
131 set_kernel_config CONFIG_HAVE_KVM_IRQFD y
132 set_kernel_config CONFIG_HAVE_KVM_IRQ_ROUTING y
133 set_kernel_config CONFIG_HAVE_KVM_MSI y
134 set_kernel_config CONFIG_KVM y
135 set_kernel_config CONFIG_KVM_ARM_HOST y
136 set_kernel_config CONFIG_KVM_ARM_PMU y
137 set_kernel_config CONFIG_KVM_COMPAT y
138 set_kernel_config CONFIG_KVM_GENERIC_DIRTYLOG_READ_PROTECT y
139 set_kernel_config CONFIG_KVM_MMIO y
140 set_kernel_config CONFIG_KVM_VFIO y
141 set_kernel_config CONFIG_VHOST m
142 set_kernel_config CONFIG_VHOST_CROSS_ENDIAN_LEGACY y
143 set_kernel_config CONFIG_VHOST_NET m
144 set_kernel_config CONFIG_VIRTUALIZATION y
145
146 set_kernel_config CONFIG_MMU_NOTIFIER y
147
148 # erratum
149 set_kernel_config ARM64_ERRATUM_834220 y
150
151 # https://sourceforge.net/p/kvm/mailman/message/18440797/
152 set_kernel_config CONFIG_PREEMPT_NOTIFIERS y
153 fi
154
155 # enable apparmor,integrity audit,
156 if [ "$KERNEL_SECURITY" = true ] ; then
157
158 # security filesystem, security models and audit
159 set_kernel_config CONFIG_SECURITYFS y
160 set_kernel_config CONFIG_SECURITY y
161 set_kernel_config CONFIG_AUDIT y
162
163 # harden strcpy and memcpy
164 set_kernel_config CONFIG_HARDENED_USERCOPY y
165 set_kernel_config CONFIG_HAVE_HARDENED_USERCOPY_ALLOCATOR y
166 set_kernel_config CONFIG_FORTIFY_SOURCE y
167
168 # integrity sub-system
169 set_kernel_config CONFIG_INTEGRITY y
170 set_kernel_config CONFIG_INTEGRITY_ASYMMETRIC_KEYS y
171 set_kernel_config CONFIG_INTEGRITY_AUDIT y
172 set_kernel_config CONFIG_INTEGRITY_SIGNATURE y
173 set_kernel_config CONFIG_INTEGRITY_TRUSTED_KEYRING y
174
175 # This option provides support for retaining authentication tokens and access keys in the kernel.
176 set_kernel_config CONFIG_KEYS y
177 set_kernel_config CONFIG_KEYS_COMPAT y
178
179 # Apparmor
180 set_kernel_config CONFIG_SECURITY_APPARMOR_BOOTPARAM_VALUE 0
181 set_kernel_config CONFIG_SECURITY_APPARMOR_HASH_DEFAULT y
182 set_kernel_config CONFIG_DEFAULT_SECURITY_APPARMOR y
183 set_kernel_config CONFIG_SECURITY_APPARMOR y
184 set_kernel_config CONFIG_SECURITY_APPARMOR_HASH y
185 set_kernel_config CONFIG_DEFAULT_SECURITY "apparmor"
186
187 # restrictions on unprivileged users reading the kernel
188 set_kernel_config CONFIG_SECURITY_DMESG_RESTRICT y
189
190 # network security hooks
191 set_kernel_config CONFIG_SECURITY_NETWORK y
192 set_kernel_config CONFIG_SECURITY_NETWORK_XFRM y
193 set_kernel_config CONFIG_SECURITY_PATH y
194 set_kernel_config CONFIG_SECURITY_YAMA n
195
196 # New Options
197 if [ "$KERNEL_NF" = true ] ; then
198 set_kernel_config CONFIG_IP_NF_SECURITY m
199 set_kernel_config CONFIG_NETLABEL y
200 set_kernel_config CONFIG_IP6_NF_SECURITY m
201 fi
202 set_kernel_config CONFIG_SECURITY_SELINUX n
203 set_kernel_config CONFIG_SECURITY_SMACK n
204 set_kernel_config CONFIG_SECURITY_TOMOYO n
205 set_kernel_config CONFIG_SECURITY_APPARMOR_DEBUG n
206 set_kernel_config CONFIG_SECURITY_LOADPIN n
207 set_kernel_config CONFIG_HARDENED_USERCOPY_PAGESPAN n
208 set_kernel_config CONFIG_IMA n
209 set_kernel_config CONFIG_EVM n
210 set_kernel_config CONFIG_FANOTIFY_ACCESS_PERMISSIONS y
211 set_kernel_config CONFIG_NFSD_V4_SECURITY_LABEL y
212 set_kernel_config CONFIG_PKCS7_MESSAGE_PARSER y
213 set_kernel_config CONFIG_SYSTEM_TRUSTED_KEYRING y
214 set_kernel_config CONFIG_SYSTEM_TRUSTED_KEYS y
215 set_kernel_config CONFIG_SYSTEM_EXTRA_CERTIFICATE y
216 set_kernel_config CONFIG_SECONDARY_TRUSTED_KEYRING y
217 set_kernel_config CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY n
218 set_kernel_config CONFIG_SYSTEM_TRUSTED_KEYS m
219 set_kernel_config CONFIG_SYSTEM_EXTRA_CERTIFICATE_SIZE 4096
220
221 set_kernel_config CONFIG_ARM64_CRYPTO y
222 set_kernel_config CONFIG_CRYPTO_SHA256_ARM64 m
223 set_kernel_config CONFIG_CRYPTO_SHA512_ARM64 m
224 set_kernel_config CONFIG_CRYPTO_SHA1_ARM64_CE m
225 set_kernel_config CRYPTO_GHASH_ARM64_CE m
226 set_kernel_config CRYPTO_SHA2_ARM64_CE m
227 set_kernel_config CONFIG_CRYPTO_CRCT10DIF_ARM64_CE m
228 set_kernel_config CONFIG_CRYPTO_CRC32_ARM64_CE m
229 set_kernel_config CONFIG_CRYPTO_AES_ARM64 m
230 set_kernel_config CONFIG_CRYPTO_AES_ARM64_CE m
231 set_kernel_config CONFIG_CRYPTO_AES_ARM64_CE_CCM y
232 set_kernel_config CONFIG_CRYPTO_AES_ARM64_CE_BLK y
233 set_kernel_config CONFIG_CRYPTO_AES_ARM64_NEON_BLK m
234 set_kernel_config CONFIG_CRYPTO_CHACHA20_NEON m
235 set_kernel_config CONFIG_CRYPTO_AES_ARM64_BS m
236 set_kernel_config SYSTEM_TRUSTED_KEYS
237 fi
238
239 # Netfilter kernel support See https://github.com/raspberrypi/linux/issues/2177#issuecomment-354647406
240 if [ "$KERNEL_NF" = true ] ; then
241 set_kernel_config CONFIG_IP_NF_TARGET_SYNPROXY m
242 set_kernel_config CONFIG_NETFILTER_XT_TARGET_AUDIT m
243 set_kernel_config CONFIG_NETFILTER_XT_MATCH_CGROUP m
244 set_kernel_config CONFIG_NETFILTER_XT_MATCH_IPCOMP m
245 set_kernel_config CONFIG_NETFILTER_XT_MATCH_SOCKET m
246 set_kernel_config CONFIG_NFT_FIB_INET m
247 set_kernel_config CONFIG_NFT_FIB_IPV4 m
248 set_kernel_config CONFIG_NFT_FIB_IPV6 m
249 set_kernel_config CONFIG_NFT_FIB_NETDEV m
250 set_kernel_config CONFIG_NFT_OBJREF m
251 set_kernel_config CONFIG_NFT_RT m
252 set_kernel_config CONFIG_NFT_SET_BITMAP m
253 set_kernel_config CONFIG_NF_CONNTRACK_TIMEOUT y
254 set_kernel_config CONFIG_NF_LOG_ARP m
255 set_kernel_config CONFIG_NF_SOCKET_IPV4 m
256 set_kernel_config CONFIG_NF_SOCKET_IPV6 m
257 set_kernel_config CONFIG_BRIDGE_EBT_BROUTE m
258 set_kernel_config CONFIG_BRIDGE_EBT_T_FILTER m
259 set_kernel_config CONFIG_BRIDGE_NF_EBTABLES m
260 set_kernel_config CONFIG_IP6_NF_IPTABLES m
261 set_kernel_config CONFIG_IP6_NF_MATCH_AH m
262 set_kernel_config CONFIG_IP6_NF_MATCH_EUI64 m
263 set_kernel_config CONFIG_IP6_NF_NAT m
264 set_kernel_config CONFIG_IP6_NF_TARGET_MASQUERADE m
265 set_kernel_config CONFIG_IP6_NF_TARGET_NPT m
266 set_kernel_config CONFIG_IP_NF_SECURITY m
267 set_kernel_config CONFIG_IP_SET_BITMAP_IPMAC m
268 set_kernel_config CONFIG_IP_SET_BITMAP_PORT m
269 set_kernel_config CONFIG_IP_SET_HASH_IP m
270 set_kernel_config CONFIG_IP_SET_HASH_IPMARK m
271 set_kernel_config CONFIG_IP_SET_HASH_IPPORT m
272 set_kernel_config CONFIG_IP_SET_HASH_IPPORTIP m
273 set_kernel_config CONFIG_IP_SET_HASH_IPPORTNET m
274 set_kernel_config CONFIG_IP_SET_HASH_MAC m
275 set_kernel_config CONFIG_IP_SET_HASH_NET m
276 set_kernel_config CONFIG_IP_SET_HASH_NETIFACE m
277 set_kernel_config CONFIG_IP_SET_HASH_NETNET m
278 set_kernel_config CONFIG_IP_SET_HASH_NETPORT m
279 set_kernel_config CONFIG_IP_SET_HASH_NETPORTNET m
280 set_kernel_config CONFIG_IP_SET_LIST_SET m
281 set_kernel_config CONFIG_NETFILTER_XTABLES m
282 set_kernel_config CONFIG_NETFILTER_XTABLES m
283 set_kernel_config CONFIG_NFT_BRIDGE_META m
284 set_kernel_config CONFIG_NFT_BRIDGE_REJECT m
285 set_kernel_config CONFIG_NFT_CHAIN_NAT_IPV4 m
286 set_kernel_config CONFIG_NFT_CHAIN_NAT_IPV6 m
287 set_kernel_config CONFIG_NFT_CHAIN_ROUTE_IPV4 m
288 set_kernel_config CONFIG_NFT_CHAIN_ROUTE_IPV6 m
289 set_kernel_config CONFIG_NFT_COMPAT m
290 set_kernel_config CONFIG_NFT_COUNTER m
291 set_kernel_config CONFIG_NFT_CT m
292 set_kernel_config CONFIG_NFT_DUP_IPV4 m
293 set_kernel_config CONFIG_NFT_DUP_IPV6 m
294 set_kernel_config CONFIG_NFT_DUP_NETDEV m
295 set_kernel_config CONFIG_NFT_EXTHDR m
296 set_kernel_config CONFIG_NFT_FWD_NETDEV m
297 set_kernel_config CONFIG_NFT_HASH m
298 set_kernel_config CONFIG_NFT_LIMIT m
299 set_kernel_config CONFIG_NFT_LOG m
300 set_kernel_config CONFIG_NFT_MASQ m
301 set_kernel_config CONFIG_NFT_MASQ_IPV4 m
302 set_kernel_config CONFIG_NFT_MASQ_IPV6 m
303 set_kernel_config CONFIG_NFT_META m
304 set_kernel_config CONFIG_NFT_NAT m
305 set_kernel_config CONFIG_NFT_NUMGEN m
306 set_kernel_config CONFIG_NFT_QUEUE m
307 set_kernel_config CONFIG_NFT_QUOTA m
308 set_kernel_config CONFIG_NFT_REDIR m
309 set_kernel_config CONFIG_NFT_REDIR_IPV4 m
310 set_kernel_config CONFIG_NFT_REDIR_IPV6 m
311 set_kernel_config CONFIG_NFT_REJECT m
312 set_kernel_config CONFIG_NFT_REJECT_INET m
313 set_kernel_config CONFIG_NFT_REJECT_IPV4 m
314 set_kernel_config CONFIG_NFT_REJECT_IPV6 m
315 set_kernel_config CONFIG_NFT_SET_HASH m
316 set_kernel_config CONFIG_NFT_SET_RBTREE m
317 set_kernel_config CONFIG_NF_CONNTRACK_IPV4 m
318 set_kernel_config CONFIG_NF_CONNTRACK_IPV6 m
319 set_kernel_config CONFIG_NF_DEFRAG_IPV4 m
320 set_kernel_config CONFIG_NF_DEFRAG_IPV6 m
321 set_kernel_config CONFIG_NF_DUP_IPV4 m
322 set_kernel_config CONFIG_NF_DUP_IPV6 m
323 set_kernel_config CONFIG_NF_DUP_NETDEV m
324 set_kernel_config CONFIG_NF_LOG_BRIDGE m
325 set_kernel_config CONFIG_NF_LOG_IPV4 m
326 set_kernel_config CONFIG_NF_LOG_IPV6 m
327 set_kernel_config CONFIG_NF_NAT_IPV4 m
328 set_kernel_config CONFIG_NF_NAT_IPV6 m
329 set_kernel_config CONFIG_NF_NAT_MASQUERADE_IPV4 m
330 set_kernel_config CONFIG_NF_NAT_MASQUERADE_IPV6 m
331 set_kernel_config CONFIG_NF_NAT_PPTP m
332 set_kernel_config CONFIG_NF_NAT_PROTO_GRE m
333 set_kernel_config CONFIG_NF_NAT_REDIRECT m
334 set_kernel_config CONFIG_NF_NAT_SIP m
335 set_kernel_config CONFIG_NF_NAT_SNMP_BASIC m
336 set_kernel_config CONFIG_NF_NAT_TFTP m
337 set_kernel_config CONFIG_NF_REJECT_IPV4 m
338 set_kernel_config CONFIG_NF_REJECT_IPV6 m
339 set_kernel_config CONFIG_NF_TABLES m
340 set_kernel_config CONFIG_NF_TABLES_ARP m
341 set_kernel_config CONFIG_NF_TABLES_BRIDGE m
342 set_kernel_config CONFIG_NF_TABLES_INET m
343 set_kernel_config CONFIG_NF_TABLES_IPV4 m
344 set_kernel_config CONFIG_NF_TABLES_IPV6 m
345 set_kernel_config CONFIG_NF_TABLES_NETDEV m
346 fi
347
348 # Enables BPF syscall for systemd-journald see https://github.com/torvalds/linux/blob/master/init/Kconfig#L848 or https://groups.google.com/forum/#!topic/linux.gentoo.user/_2aSc_ztGpA
349 if [ "$KERNEL_BPF" = true ] ; then
350 set_kernel_config CONFIG_BPF_SYSCALL y
351 set_kernel_config CONFIG_BPF_EVENTS y
352 set_kernel_config CONFIG_BPF_STREAM_PARSER y
353 set_kernel_config CONFIG_CGROUP_BPF y
354 fi
355
356 # KERNEL_DEFAULT_GOV was set by user
357 if [ "$KERNEL_DEFAULT_GOV" != powersave ] && [ -n "$KERNEL_DEFAULT_GOV" ] ; then
358
359 case "$KERNEL_DEFAULT_GOV" in
360 performance)
361 set_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_PERFORMANCE y
362 ;;
363 userspace)
364 set_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_USERSPACE y
365 ;;
366 ondemand)
367 set_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_ONDEMAND y
368 ;;
369 conservative)
370 set_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_CONSERVATIVE y
371 ;;
372 shedutil)
373 set_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_SCHEDUTIL y
374 ;;
375 *)
376 echo "error: unsupported default cpu governor"
377 exit 1
378 ;;
379 esac
380
381 # unset previous default governor
382 unset_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_POWERSAVE
383 fi
384
385 #Revert to previous directory
386 cd "${WORKDIR}" || exit
387
388 # Set kernel configuration parameters to enable qemu emulation
389 if [ "$ENABLE_QEMU" = true ] ; then
390 echo "CONFIG_FHANDLE=y" >> "${KERNEL_DIR}"/.config
391 echo "CONFIG_LBDAF=y" >> "${KERNEL_DIR}"/.config
392
393 if [ "$ENABLE_CRYPTFS" = true ] ; then
394 {
395 echo "CONFIG_EMBEDDED=y"
396 echo "CONFIG_EXPERT=y"
397 echo "CONFIG_DAX=y"
398 echo "CONFIG_MD=y"
399 echo "CONFIG_BLK_DEV_MD=y"
400 echo "CONFIG_MD_AUTODETECT=y"
401 echo "CONFIG_BLK_DEV_DM=y"
402 echo "CONFIG_BLK_DEV_DM_BUILTIN=y"
403 echo "CONFIG_DM_CRYPT=y"
404 echo "CONFIG_CRYPTO_BLKCIPHER=y"
405 echo "CONFIG_CRYPTO_CBC=y"
406 echo "CONFIG_CRYPTO_XTS=y"
407 echo "CONFIG_CRYPTO_SHA512=y"
408 echo "CONFIG_CRYPTO_MANAGER=y"
409 } >> "${KERNEL_DIR}"/.config
410 fi
411 fi
412
413 # Copy custom kernel configuration file
414 if [ -n "$KERNELSRC_USRCONFIG" ] ; then
415 cp "$KERNELSRC_USRCONFIG" "${KERNEL_DIR}"/.config
416 fi
417
418 # Set kernel configuration parameters to their default values
419 if [ "$KERNEL_OLDDEFCONFIG" = true ] ; then
420 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" olddefconfig
92 421 fi
93 422
94 423 # Start menu-driven kernel configuration (interactive)
95 424 if [ "$KERNEL_MENUCONFIG" = true ] ; then
96 425 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" menuconfig
97 426 fi
427 # end if "$KERNELSRC_CONFIG" = true
98 428 fi
99 429
100 # Cross compile kernel and modules
101 make -C "${KERNEL_DIR}" -j${KERNEL_THREADS} ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" "${KERNEL_BIN_IMAGE}" modules dtbs
430 # Use ccache to cross compile the kernel
431 if [ "$KERNEL_CCACHE" = true ] ; then
432 cc="ccache ${CROSS_COMPILE}gcc"
433 else
434 cc="${CROSS_COMPILE}gcc"
435 fi
436
437 # Cross compile kernel and dtbs
438 make -C "${KERNEL_DIR}" -j"${KERNEL_THREADS}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" CC="${cc}" "${KERNEL_BIN_IMAGE}" dtbs
439
440 # Cross compile kernel modules
441 if grep -q "CONFIG_MODULES=y" "${KERNEL_DIR}/.config" ; then
442 make -C "${KERNEL_DIR}" -j"${KERNEL_THREADS}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" CC="${cc}" modules
443 fi
444 # end if "$KERNELSRC_PREBUILT" = false
102 445 fi
103 446
104 447 # Check if kernel compilation was successful
@@ -110,12 +453,16 if [ "$BUILD_KERNEL" = true ] ; then
110 453
111 454 # Install kernel modules
112 455 if [ "$ENABLE_REDUCE" = true ] ; then
456 if grep -q "CONFIG_MODULES=y" "${KERNEL_DIR}/.config" ; then
113 457 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_MOD_STRIP=1 INSTALL_MOD_PATH=../../.. modules_install
458 fi
114 459 else
460 if grep -q "CONFIG_MODULES=y" "${KERNEL_DIR}/.config" ; then
115 461 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_MOD_PATH=../../.. modules_install
462 fi
116 463
117 464 # Install kernel firmware
118 if [ $(cat ./Makefile | grep "^firmware_install:") ] ; then
465 if grep -q "^firmware_install:" "${KERNEL_DIR}/Makefile" ; then
119 466 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_FW_PATH=../../../lib firmware_install
120 467 fi
121 468 fi
@@ -129,23 +476,41 if [ "$BUILD_KERNEL" = true ] ; then
129 476 mkdir "${BOOT_DIR}"
130 477
131 478 # Get kernel release version
132 KERNEL_VERSION=`cat "${KERNEL_DIR}/include/config/kernel.release"`
479 KERNEL_VERSION=$(cat "${KERNEL_DIR}/include/config/kernel.release")
133 480
134 481 # Copy kernel configuration file to the boot directory
135 482 install_readonly "${KERNEL_DIR}/.config" "${R}/boot/config-${KERNEL_VERSION}"
136 483
137 # Copy dts and dtb device tree sources and binaries
484 # Prepare device tree directory
138 485 mkdir "${BOOT_DIR}/overlays"
139 486
140 487 # Ensure the proper .dtb is located
141 488 if [ "$KERNEL_ARCH" = "arm" ] ; then
142 install_readonly "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/"*.dtb "${BOOT_DIR}/"
489 for dtb in "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/"*.dtb ; do
490 if [ -f "${dtb}" ] ; then
491 install_readonly "${dtb}" "${BOOT_DIR}/"
492 fi
493 done
143 494 else
144 install_readonly "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/broadcom/"*.dtb "${BOOT_DIR}/"
495 for dtb in "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/broadcom/"*.dtb ; do
496 if [ -f "${dtb}" ] ; then
497 install_readonly "${dtb}" "${BOOT_DIR}/"
498 fi
499 done
145 500 fi
146 501
147 install_readonly "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays/"*.dtb* "${BOOT_DIR}/overlays/"
502 # Copy compiled dtb device tree files
503 if [ -d "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays" ] ; then
504 for dtb in "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays/"*.dtbo ; do
505 if [ -f "${dtb}" ] ; then
506 install_readonly "${dtb}" "${BOOT_DIR}/overlays/"
507 fi
508 done
509
510 if [ -f "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays/README" ] ; then
148 511 install_readonly "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays/README" "${BOOT_DIR}/overlays/README"
512 fi
513 fi
149 514
150 515 if [ "$ENABLE_UBOOT" = false ] ; then
151 516 # Convert and copy kernel image to the boot directory
@@ -159,27 +524,92 if [ "$BUILD_KERNEL" = true ] ; then
159 524 if [ "$KERNEL_REMOVESRC" = true ] ; then
160 525 rm -fr "${KERNEL_DIR}"
161 526 else
527 # Prepare compiled kernel modules
528 if grep -q "CONFIG_MODULES=y" "${KERNEL_DIR}/.config" ; then
529 if grep -q "^modules_prepare:" "${KERNEL_DIR}/Makefile" ; then
162 530 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" modules_prepare
531 fi
163 532
164 533 # Create symlinks for kernel modules
165 534 chroot_exec ln -sf /usr/src/linux "/lib/modules/${KERNEL_VERSION}/build"
166 535 chroot_exec ln -sf /usr/src/linux "/lib/modules/${KERNEL_VERSION}/source"
167 536 fi
537 fi
168 538
169 539 else # BUILD_KERNEL=false
170 # Kernel installation
171 chroot_exec apt-get -qq -y --no-install-recommends install linux-image-"${COLLABORA_KERNEL}" raspberrypi-bootloader-nokernel
540 if [ "$SET_ARCH" = 64 ] && { [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; } ; then
541
542 # Use Sakakis modified kernel if ZSWAP is active
543 if [ "$KERNEL_ZSWAP" = true ] || [ "$KERNEL_VIRT" = true ] || [ "$KERNEL_NF" = true ] || [ "$KERNEL_BPF" = true ] ; then
544 RPI3_64_KERNEL_URL="${RPI3_64_BIS_KERNEL_URL}"
545 fi
546
547 # Create temporary directory for dl
548 temp_dir=$(as_nobody mktemp -d)
172 549
173 # Install flash-kernel last so it doesn't try (and fail) to detect the platform in the chroot
174 chroot_exec apt-get -qq -y install flash-kernel
550 # Fetch kernel dl
551 as_nobody wget -O "${temp_dir}"/kernel.tar.xz -c "$RPI3_64_KERNEL_URL"
552
553 #extract download
554 tar -xJf "${temp_dir}"/kernel.tar.xz -C "${temp_dir}"
555
556 #move extracted kernel to /boot/firmware
557 mkdir "${R}/boot/firmware"
558 cp "${temp_dir}"/boot/* "${R}"/boot/firmware/
559 cp -r "${temp_dir}"/lib/* "${R}"/lib/
560
561 # Remove temporary directory for kernel sources
562 rm -fr "${temp_dir}"
563
564 # Set permissions of the kernel sources
565 chown -R root:root "${R}/boot/firmware"
566 chown -R root:root "${R}/lib/modules"
567 fi
568
569 # Install Kernel from hypriot comptabile with all Raspberry PI
570 if [ "$SET_ARCH" = 32 ] ; then
571 # Create temporary directory for dl
572 temp_dir=$(as_nobody mktemp -d)
573
574 # Fetch kernel
575 as_nobody wget -O "${temp_dir}"/kernel.deb -c "$RPI_32_KERNEL_URL"
576
577 # Copy downloaded U-Boot sources
578 mv "${temp_dir}"/kernel.deb "${R}"/tmp/kernel.deb
579
580 # Set permissions
581 chown -R root:root "${R}"/tmp/kernel.deb
582
583 # Install kernel
584 chroot_exec dpkg -i /tmp/kernel.deb
585
586 # move /boot to /boot/firmware to fit script env.
587 #mkdir "${BOOT_DIR}"
588 mkdir "${temp_dir}"/firmware
589 mv "${R}"/boot/* "${temp_dir}"/firmware/
590 mv "${temp_dir}"/firmware "${R}"/boot/
591
592 #same for kernel headers
593 if [ "$KERNEL_HEADERS" = true ] ; then
594 # Fetch kernel header
595 as_nobody wget -O "${temp_dir}"/kernel-header.deb -c "$RPI_32_KERNELHEADER_URL"
596 mv "${temp_dir}"/kernel-header.deb "${R}"/tmp/kernel-header.deb
597 chown -R root:root "${R}"/tmp/kernel-header.deb
598 # Install kernel header
599 chroot_exec dpkg -i /tmp/kernel-header.deb
600 rm -f "${R}"/tmp/kernel-header.deb
601 fi
602
603 # Remove temporary directory and files
604 rm -fr "${temp_dir}"
605 rm -f "${R}"/tmp/kernel.deb
606 fi
175 607
176 608 # Check if kernel installation was successful
177 VMLINUZ="$(ls -1 ${R}/boot/vmlinuz-* | sort | tail -n 1)"
178 if [ -z "$VMLINUZ" ] ; then
179 echo "error: kernel installation failed! (/boot/vmlinuz-* not found)"
609 KERNEL="$(ls -1 "${R}"/boot/firmware/kernel* | sort | tail -n 1)"
610 if [ -z "$KERNEL" ] ; then
611 echo "error: kernel installation failed! (/boot/kernel* not found)"
180 612 cleanup
181 613 exit 1
182 614 fi
183 # Copy vmlinuz kernel to the boot directory
184 install_readonly "${VMLINUZ}" "${BOOT_DIR}/${KERNEL_IMAGE}"
185 615 fi
Show file before | Show file after | Hide comments
@@ -20,16 +20,24 if [ "$ENABLE_CRYPTFS" = true ] ; then
20 20
21 21 # Add encrypted partition to crypttab and fstab
22 22 install_readonly files/mount/crypttab "${ETC_DIR}/crypttab"
23 echo "${CRYPTFS_MAPPING} /dev/mmcblk0p2 none luks" >> "${ETC_DIR}/crypttab"
23 echo "${CRYPTFS_MAPPING} /dev/mmcblk0p2 none luks,initramfs" >> "${ETC_DIR}/crypttab"
24 24
25 25 if [ "$ENABLE_SPLITFS" = true ] ; then
26 # Add usb/sda disk to crypttab
26 # Add usb/sda1 disk to crypttab
27 27 sed -i "s/mmcblk0p2/sda1/" "${ETC_DIR}/crypttab"
28 28 fi
29 29 fi
30 30
31 if [ "$ENABLE_USBBOOT" = true ] ; then
32 sed -i "s/mmcblk0p1/sda1/" "${ETC_DIR}/fstab"
33 sed -i "s/mmcblk0p2/sda2/" "${ETC_DIR}/fstab"
34
35 # Add usb/sda2 disk to crypttab
36 sed -i "s/mmcblk0p2/sda2/" "${ETC_DIR}/crypttab"
37 fi
38
31 39 # Generate initramfs file
32 if [ "$BUILD_KERNEL" = true ] && [ "$ENABLE_INITRAMFS" = true ] ; then
40 if [ "$ENABLE_INITRAMFS" = true ] ; then
33 41 if [ "$ENABLE_CRYPTFS" = true ] ; then
34 42 # Include initramfs scripts to auto expand encrypted root partition
35 43 if [ "$EXPANDROOT" = true ] ; then
@@ -38,11 +46,63 if [ "$BUILD_KERNEL" = true ] && [ "$ENABLE_INITRAMFS" = true ] ; then
38 46 install_exec files/initramfs/expand-tools "${ETC_DIR}/initramfs-tools/hooks/expand-tools"
39 47 fi
40 48
49 if [ "$ENABLE_DHCP" = false ] ; then
50 # Get cdir from NET_ADDRESS e.g. 24
51 cdir=$(${NET_ADDRESS} | cut -d '/' -f2)
52
53 # Convert cdir ro netmask e.g. 24 to 255.255.255.0
54 NET_MASK=$(cdr2mask "$cdir")
55
56 # Write static ip settings to "${ETC_DIR}"/initramfs-tools/initramfs.conf
57 sed -i "\$aIP=${NET_ADDRESS}::${NET_GATEWAY}:${NET_MASK}:${HOSTNAME}:" "${ETC_DIR}"/initramfs-tools/initramfs.conf
58
59 # Regenerate initramfs
60 chroot_exec mkinitramfs -o "/boot/firmware/initramfs-${KERNEL_VERSION}" "${KERNEL_VERSION}"
61 fi
62
63 if [ "$CRYPTFS_DROPBEAR" = true ]; then
64 if [ -n "$CRYPTFS_DROPBEAR_PUBKEY" ] && [ -f "$CRYPTFS_DROPBEAR_PUBKEY" ] ; then
65 install_readonly "${CRYPTFS_DROPBEAR_PUBKEY}" "${ETC_DIR}"/dropbear-initramfs/id_rsa.pub
66 cat "${ETC_DIR}"/dropbear-initramfs/id_rsa.pub >> "${ETC_DIR}"/dropbear-initramfs/authorized_keys
67 else
68 # Create key
69 chroot_exec /usr/bin/dropbearkey -t rsa -f /etc/dropbear-initramfs/id_rsa.dropbear
70
71 # Convert dropbear key to openssh key
72 chroot_exec /usr/lib/dropbear/dropbearconvert dropbear openssh /etc/dropbear-initramfs/id_rsa.dropbear /etc/dropbear-initramfs/id_rsa
73
74 # Get Public Key Part
75 chroot_exec /usr/bin/dropbearkey -y -f /etc/dropbear-initramfs/id_rsa.dropbear | chroot_exec tee /etc/dropbear-initramfs/id_rsa.pub
76
77 # Delete unwanted lines
78 sed -i '/Public/d' "${ETC_DIR}"/dropbear-initramfs/id_rsa.pub
79 sed -i '/Fingerprint/d' "${ETC_DIR}"/dropbear-initramfs/id_rsa.pub
80
81 # Trust the new key
82 cat "${ETC_DIR}"/dropbear-initramfs/id_rsa.pub > "${ETC_DIR}"/dropbear-initramfs/authorized_keys
83
84 # Save Keys - convert with putty from rsa/openssh to puttkey
85 cp -f "${ETC_DIR}"/dropbear-initramfs/id_rsa "${BASEDIR}"/dropbear_initramfs_key.rsa
86
87 # Get unlock script
88 install_exec files/initramfs/crypt_unlock.sh "${ETC_DIR}"/initramfs-tools/hooks/crypt_unlock.sh
89
90 # Enable Dropbear inside initramfs
91 printf "#\n# DROPBEAR: [ y | n ]\n#\n\nDROPBEAR=y\n" >> "${ETC_DIR}/initramfs-tools/initramfs.conf"
92
93 # Enable Dropbear inside initramfs
94 sed -i "54 i sleep 5" "${R}"/usr/share/initramfs-tools/scripts/init-premount/dropbear
95 fi
96 else
41 97 # Disable SSHD inside initramfs
42 98 printf "#\n# DROPBEAR: [ y | n ]\n#\n\nDROPBEAR=n\n" >> "${ETC_DIR}/initramfs-tools/initramfs.conf"
99 fi
100
101 # Add cryptsetup modules to initramfs
102 printf "#\n# CRYPTSETUP: [ y | n ]\n#\n\nCRYPTSETUP=y\n" >> "${ETC_DIR}/initramfs-tools/conf-hook"
43 103
44 104 # Dummy mapping required by mkinitramfs
45 echo "0 1 crypt $(echo ${CRYPTFS_CIPHER} | cut -d ':' -f 1) ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff 0 7:0 4096" | chroot_exec dmsetup create "${CRYPTFS_MAPPING}"
105 echo "0 1 crypt $(echo "${CRYPTFS_CIPHER}" | cut -d ':' -f 1) ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff 0 7:0 4096" | chroot_exec dmsetup create "${CRYPTFS_MAPPING}"
46 106
47 107 # Generate initramfs with encrypted root partition support
48 108 chroot_exec mkinitramfs -o "/boot/firmware/initramfs-${KERNEL_VERSION}" "${KERNEL_VERSION}"
Show file before | Show file after | Hide comments
@@ -5,16 +5,15
5 5 # Load utility functions
6 6 . ./functions.sh
7 7
8 if [ "$BUILD_KERNEL" = true ] ; then
9 8 if [ -n "$RPI_FIRMWARE_DIR" ] && [ -d "$RPI_FIRMWARE_DIR" ] ; then
10 9 # Install boot binaries from local directory
11 cp ${RPI_FIRMWARE_DIR}/boot/bootcode.bin ${BOOT_DIR}/bootcode.bin
12 cp ${RPI_FIRMWARE_DIR}/boot/fixup.dat ${BOOT_DIR}/fixup.dat
13 cp ${RPI_FIRMWARE_DIR}/boot/fixup_cd.dat ${BOOT_DIR}/fixup_cd.dat
14 cp ${RPI_FIRMWARE_DIR}/boot/fixup_x.dat ${BOOT_DIR}/fixup_x.dat
15 cp ${RPI_FIRMWARE_DIR}/boot/start.elf ${BOOT_DIR}/start.elf
16 cp ${RPI_FIRMWARE_DIR}/boot/start_cd.elf ${BOOT_DIR}/start_cd.elf
17 cp ${RPI_FIRMWARE_DIR}/boot/start_x.elf ${BOOT_DIR}/start_x.elf
10 cp "${RPI_FIRMWARE_DIR}"/boot/bootcode.bin "${BOOT_DIR}"/bootcode.bin
11 cp "${RPI_FIRMWARE_DIR}"/boot/fixup.dat "${BOOT_DIR}"/fixup.dat
12 cp "${RPI_FIRMWARE_DIR}"/boot/fixup_cd.dat "${BOOT_DIR}"/fixup_cd.dat
13 cp "${RPI_FIRMWARE_DIR}"/boot/fixup_x.dat "${BOOT_DIR}"/fixup_x.dat
14 cp "${RPI_FIRMWARE_DIR}"/boot/start.elf "${BOOT_DIR}"/start.elf
15 cp "${RPI_FIRMWARE_DIR}"/boot/start_cd.elf "${BOOT_DIR}"/start_cd.elf
16 cp "${RPI_FIRMWARE_DIR}"/boot/start_x.elf "${BOOT_DIR}"/start_x.elf
18 17 else
19 18 # Create temporary directory for boot binaries
20 19 temp_dir=$(as_nobody mktemp -d)
@@ -38,29 +37,44 if [ "$BUILD_KERNEL" = true ] ; then
38 37 chown -R root:root "${BOOT_DIR}"
39 38 chmod -R 600 "${BOOT_DIR}"
40 39 fi
41 fi
42 40
43 41 # Setup firmware boot cmdline
42 if [ "$ENABLE_USBBOOT" = true ] ; then
43 CMDLINE="dwc_otg.lpm_enable=0 root=/dev/sda2 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline console=tty1 rootwait init=/bin/systemd"
44 else
44 45 if [ "$ENABLE_SPLITFS" = true ] ; then
45 CMDLINE="dwc_otg.lpm_enable=0 root=/dev/sda1 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline rootwait console=tty1"
46 CMDLINE="dwc_otg.lpm_enable=0 root=/dev/sda1 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline console=tty1 rootwait init=/bin/systemd"
46 47 else
47 CMDLINE="dwc_otg.lpm_enable=0 root=/dev/mmcblk0p2 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline rootwait console=tty1"
48 CMDLINE="dwc_otg.lpm_enable=0 root=/dev/mmcblk0p2 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline console=tty1 rootwait init=/bin/systemd"
49 fi
48 50 fi
49 51
50 52 # Add encrypted root partition to cmdline.txt
51 53 if [ "$ENABLE_CRYPTFS" = true ] ; then
52 54 if [ "$ENABLE_SPLITFS" = true ] ; then
53 CMDLINE=$(echo ${CMDLINE} | sed "s/sda1/mapper\/${CRYPTFS_MAPPING} cryptdevice=\/dev\/sda1:${CRYPTFS_MAPPING}/")
55 CMDLINE=$(echo "${CMDLINE}" | sed "s/sda1/mapper\/${CRYPTFS_MAPPING} cryptdevice=\/dev\/sda1:${CRYPTFS_MAPPING}/")
54 56 else
55 CMDLINE=$(echo ${CMDLINE} | sed "s/mmcblk0p2/mapper\/${CRYPTFS_MAPPING} cryptdevice=\/dev\/mmcblk0p2:${CRYPTFS_MAPPING}/")
57 if [ "$ENABLE_USBBOOT" = true ] ; then
58 CMDLINE=$(echo "${CMDLINE}" | sed "s/sda2/mapper\/${CRYPTFS_MAPPING} cryptdevice=\/dev\/sda2:${CRYPTFS_MAPPING}/")
59 else
60 CMDLINE=$(echo "${CMDLINE}" | sed "s/mmcblk0p2/mapper\/${CRYPTFS_MAPPING} cryptdevice=\/dev\/mmcblk0p2:${CRYPTFS_MAPPING}/")
61 fi
56 62 fi
57 63 fi
58 64
59 # Add serial console support
60 if [ "$ENABLE_CONSOLE" = true ] ; then
61 CMDLINE="${CMDLINE} console=ttyAMA0,115200 kgdboc=ttyAMA0,115200"
65 # Enable Kernel messages on standard output
66 if [ "$ENABLE_PRINTK" = true ] ; then
67 install_readonly files/sysctl.d/83-rpi-printk.conf "${ETC_DIR}/sysctl.d/83-rpi-printk.conf"
68 fi
69
70 # Enable Kernel messages on standard output
71 if [ "$KERNEL_SECURITY" = true ] ; then
72 install_readonly files/sysctl.d/84-rpi-ASLR.conf "${ETC_DIR}/sysctl.d/84-rpi-ASLR.conf"
62 73 fi
63 74
75 # Install udev rule for serial alias - serial0 = console serial1=bluetooth
76 install_readonly files/etc/99-com.rules "${LIB_DIR}/udev/rules.d/99-com.rules"
77
64 78 # Remove IPv6 networking support
65 79 if [ "$ENABLE_IPV6" = false ] ; then
66 80 CMDLINE="${CMDLINE} ipv6.disable=1"
@@ -73,17 +87,160 else
73 87 CMDLINE="${CMDLINE} net.ifnames=1"
74 88 fi
75 89
76 # Set init to systemd if required by Debian release
77 if [ "$RELEASE" = "stretch" ] || [ "$RELEASE" = "buster" ] ; then
78 CMDLINE="${CMDLINE} init=/bin/systemd"
90 # Disable Raspberry Pi console logo
91 if [ "$ENABLE_LOGO" = false ] ; then
92 CMDLINE="${CMDLINE} logo.nologo"
79 93 fi
80 94
81 # Install firmware boot cmdline
82 echo "${CMDLINE}" > "${BOOT_DIR}/cmdline.txt"
95 # Strictly limit verbosity of boot up console messages
96 if [ "$ENABLE_SILENT_BOOT" = true ] ; then
97 CMDLINE="${CMDLINE} quiet loglevel=0 rd.systemd.show_status=auto rd.udev.log_priority=0"
98 fi
83 99
84 100 # Install firmware config
85 101 install_readonly files/boot/config.txt "${BOOT_DIR}/config.txt"
86 102
103 # Disable Raspberry Pi console logo
104 if [ "$ENABLE_SLASH" = false ] ; then
105 echo "disable_splash=1" >> "${BOOT_DIR}/config.txt"
106 fi
107
108 # Locks CPU frequency at maximum
109 if [ "$ENABLE_TURBO" = true ] ; then
110 echo "force_turbo=1" >> "${BOOT_DIR}/config.txt"
111 # helps to avoid sdcard corruption when force_turbo is enabled.
112 echo "boot_delay=1" >> "${BOOT_DIR}/config.txt"
113 fi
114
115 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then
116
117 # Bluetooth enabled
118 if [ "$ENABLE_BLUETOOTH" = true ] ; then
119 # Create temporary directory for Bluetooth sources
120 temp_dir=$(as_nobody mktemp -d)
121
122 # Fetch Bluetooth sources
123 as_nobody git -C "${temp_dir}" clone "${BLUETOOTH_URL}"
124
125 # Copy downloaded sources
126 mv "${temp_dir}/pi-bluetooth" "${R}/tmp/"
127
128 # Bluetooth firmware from arch aur https://aur.archlinux.org/packages/pi-bluetooth/
129 as_nobody wget -q -O "${R}/tmp/pi-bluetooth/LICENCE.broadcom_bcm43xx" https://aur.archlinux.org/cgit/aur.git/plain/LICENCE.broadcom_bcm43xx?h=pi-bluetooth
130 as_nobody wget -q -O "${R}/tmp/pi-bluetooth/BCM43430A1.hcd" https://raw.githubusercontent.com/RPi-Distro/bluez-firmware/master/broadcom/BCM43430A1.hcd
131
132 # Set permissions
133 chown -R root:root "${R}/tmp/pi-bluetooth"
134
135 # Install tools
136 install_readonly "${R}/tmp/pi-bluetooth/usr/bin/btuart" "${R}/usr/bin/btuart"
137 install_readonly "${R}/tmp/pi-bluetooth/usr/bin/bthelper" "${R}/usr/bin/bthelper"
138
139 # make scripts executable
140 chmod +x "${R}/usr/bin/bthelper"
141 chmod +x "${R}/usr/bin/btuart"
142
143 # Install bluetooth udev rule
144 install_readonly "${R}/tmp/pi-bluetooth/lib/udev/rules.d/90-pi-bluetooth.rules" "${LIB_DIR}/udev/rules.d/90-pi-bluetooth.rules"
145
146 # Install Firmware Flash file and apropiate licence
147 mkdir -p "$BLUETOOTH_FIRMWARE_DIR"
148 install_readonly "${R}/tmp/pi-bluetooth/LICENCE.broadcom_bcm43xx" "${BLUETOOTH_FIRMWARE_DIR}/LICENCE.broadcom_bcm43xx"
149 install_readonly "${R}/tmp/pi-bluetooth/BCM43430A1.hcd" "${BLUETOOTH_FIRMWARE_DIR}/BCM43430A1.hcd"
150 install_readonly "${R}/tmp/pi-bluetooth/debian/pi-bluetooth.bthelper@.service" "${ETC_DIR}/systemd/system/pi-bluetooth.bthelper@.service"
151 install_readonly "${R}/tmp/pi-bluetooth/debian/pi-bluetooth.hciuart.service" "${ETC_DIR}/systemd/system/pi-bluetooth.hciuart.service"
152
153 # Remove temporary directories
154 rm -fr "${temp_dir}"
155 rm -fr "${R}"/tmp/pi-bluetooth
156
157 # Switch Pi3 Bluetooth function to use the mini-UART (ttyS0) and restore UART0/ttyAMA0 over GPIOs 14 & 15. Slow Bluetooth and slow cpu. Use /dev/ttyS0 instead of /dev/ttyAMA0
158 if [ "$ENABLE_MINIUART_OVERLAY" = true ] ; then
159 # set overlay to swap ttyAMA0 and ttyS0
160 echo "dtoverlay=pi3-miniuart-bt" >> "${BOOT_DIR}/config.txt"
161
162 if [ "$ENABLE_TURBO" = false ] ; then
163 echo "core_freq=250" >> "${BOOT_DIR}/config.txt"
164 fi
165
166 fi
167
168 # Activate services
169 chroot_exec systemctl enable pi-bluetooth.hciuart.service
170
171 else # if ENABLE_BLUETOOTH = false
172 # set overlay to disable bluetooth
173 echo "dtoverlay=pi3-disable-bt" >> "${BOOT_DIR}/config.txt"
174 fi # ENABLE_BLUETOOTH end
175 fi
176
177 # may need sudo systemctl disable hciuart
178 if [ "$ENABLE_CONSOLE" = true ] ; then
179 echo "enable_uart=1" >> "${BOOT_DIR}/config.txt"
180 # add string to cmdline
181 CMDLINE="${CMDLINE} console=serial0,115200"
182
183 if [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ]|| [ "$RPI_MODEL" = 0 ]; then
184 # if force_turbo didn't lock cpu at high speed, lock it at low speed (XOR logic) or miniuart will be broken
185 if [ "$ENABLE_TURBO" = false ] ; then
186 echo "core_freq=250" >> "${BOOT_DIR}/config.txt"
187 fi
188 fi
189
190 # Enable serial console systemd style
191 chroot_exec systemctl enable serial-getty@serial0.service
192 else
193 echo "enable_uart=0" >> "${BOOT_DIR}/config.txt"
194 fi
195
196 # Disable dphys-swapfile service. Will get enabled on first boot
197 if [ "$ENABLE_DPHYSSWAP" = true ] ; then
198 chroot_exec systemctl disable dphys-swapfile
199 fi
200
201 if [ "$ENABLE_SYSTEMDSWAP" = true ] ; then
202 # Create temporary directory for systemd-swap sources
203 temp_dir=$(as_nobody mktemp -d)
204
205 # Fetch systemd-swap sources
206 as_nobody git -C "${temp_dir}" clone "${SYSTEMDSWAP_URL}"
207
208 # Copy downloaded systemd-swap sources
209 mv "${temp_dir}/systemd-swap" "${R}/tmp/"
210
211 # Change into downloaded src dir
212 cd "${R}/tmp/systemd-swap" || exit
213
214 # Build package
215 bash ./package.sh debian
216
217 # Change back into script root dir
218 cd "${WORKDIR}" || exit
219
220 # Set permissions of the systemd-swap sources
221 chown -R root:root "${R}/tmp/systemd-swap"
222
223 # Install package - IMPROVE AND MAKE IT POSSIBLE WITHOUT VERSION NR.
224 chroot_exec dpkg -i /tmp/systemd-swap/systemd-swap_4.0.1_any.deb
225
226 # Enable service
227 chroot_exec systemctl enable systemd-swap
228
229 # Remove temporary directory for systemd-swap sources
230 rm -fr "${temp_dir}"
231 else
232 # Enable ZSWAP in cmdline if systemd-swap is not used
233 if [ "$KERNEL_ZSWAP" = true ] ; then
234 CMDLINE="${CMDLINE} zswap.enabled=1 zswap.max_pool_percent=25 zswap.compressor=lz4"
235 fi
236 fi
237 if [ "$KERNEL_SECURITY" = true ] ; then
238 CMDLINE="${CMDLINE} apparmor=1 security=apparmor"
239 fi
240
241 # Install firmware boot cmdline
242 echo "${CMDLINE}" > "${BOOT_DIR}/cmdline.txt"
243
87 244 # Setup minimal GPU memory allocation size: 16MB (no X)
88 245 if [ "$ENABLE_MINGPU" = true ] ; then
89 246 echo "gpu_mem=16" >> "${BOOT_DIR}/config.txt"
@@ -94,30 +251,22 if [ "$ENABLE_INITRAMFS" = true ] ; then
94 251 echo "initramfs initramfs-${KERNEL_VERSION} followkernel" >> "${BOOT_DIR}/config.txt"
95 252 fi
96 253
97 # Disable RPi3 Bluetooth and restore ttyAMA0 serial device
98 if [ "$RPI_MODEL" = 3 ] ; then
99 if [ "$ENABLE_CONSOLE" = true ] && [ "$ENABLE_UBOOT" = false ] ; then
100 echo "dtoverlay=pi3-disable-bt" >> "${BOOT_DIR}/config.txt"
101 echo "enable_uart=1" >> "${BOOT_DIR}/config.txt"
102 fi
103 fi
104
105 254 # Create firmware configuration and cmdline symlinks
106 255 ln -sf firmware/config.txt "${R}/boot/config.txt"
107 256 ln -sf firmware/cmdline.txt "${R}/boot/cmdline.txt"
108 257
109 258 # Install and setup kernel modules to load at boot
110 mkdir -p "${R}/lib/modules-load.d/"
111 install_readonly files/modules/rpi2.conf "${R}/lib/modules-load.d/rpi2.conf"
259 mkdir -p "${LIB_DIR}/modules-load.d/"
260 install_readonly files/modules/rpi2.conf "${LIB_DIR}/modules-load.d/rpi2.conf"
112 261
113 262 # Load hardware random module at boot
114 263 if [ "$ENABLE_HWRANDOM" = true ] && [ "$BUILD_KERNEL" = false ] ; then
115 sed -i "s/^# bcm2708_rng/bcm2708_rng/" "${R}/lib/modules-load.d/rpi2.conf"
264 sed -i "s/^# bcm2708_rng/bcm2708_rng/" "${LIB_DIR}/modules-load.d/rpi2.conf"
116 265 fi
117 266
118 267 # Load sound module at boot
119 268 if [ "$ENABLE_SOUND" = true ] ; then
120 sed -i "s/^# snd_bcm2835/snd_bcm2835/" "${R}/lib/modules-load.d/rpi2.conf"
269 sed -i "s/^# snd_bcm2835/snd_bcm2835/" "${LIB_DIR}/modules-load.d/rpi2.conf"
121 270 else
122 271 echo "dtparam=audio=off" >> "${BOOT_DIR}/config.txt"
123 272 fi
@@ -125,21 +274,21 fi
125 274 # Enable I2C interface
126 275 if [ "$ENABLE_I2C" = true ] ; then
127 276 echo "dtparam=i2c_arm=on" >> "${BOOT_DIR}/config.txt"
128 sed -i "s/^# i2c-bcm2708/i2c-bcm2708/" "${R}/lib/modules-load.d/rpi2.conf"
129 sed -i "s/^# i2c-dev/i2c-dev/" "${R}/lib/modules-load.d/rpi2.conf"
277 sed -i "s/^# i2c-bcm2708/i2c-bcm2708/" "${LIB_DIR}/modules-load.d/rpi2.conf"
278 sed -i "s/^# i2c-dev/i2c-dev/" "${LIB_DIR}/modules-load.d/rpi2.conf"
130 279 fi
131 280
132 281 # Enable SPI interface
133 282 if [ "$ENABLE_SPI" = true ] ; then
134 283 echo "dtparam=spi=on" >> "${BOOT_DIR}/config.txt"
135 echo "spi-bcm2708" >> "${R}/lib/modules-load.d/rpi2.conf"
136 if [ "$RPI_MODEL" = 3 ] ; then
137 sed -i "s/spi-bcm2708/spi-bcm2835/" "${R}/lib/modules-load.d/rpi2.conf"
284 echo "spi-bcm2708" >> "${LIB_DIR}/modules-load.d/rpi2.conf"
285 if [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ]; then
286 sed -i "s/spi-bcm2708/spi-bcm2835/" "${LIB_DIR}/modules-load.d/rpi2.conf"
138 287 fi
139 288 fi
140 289
141 290 # Disable RPi2/3 under-voltage warnings
142 if [ ! -z "$DISABLE_UNDERVOLT_WARNINGS" ] ; then
291 if [ -n "$DISABLE_UNDERVOLT_WARNINGS" ] ; then
143 292 echo "avoid_warnings=${DISABLE_UNDERVOLT_WARNINGS}" >> "${BOOT_DIR}/config.txt"
144 293 fi
145 294
Show file before | Show file after | Hide comments
@@ -7,11 +7,11
7 7
8 8 # Install and setup hostname
9 9 install_readonly files/network/hostname "${ETC_DIR}/hostname"
10 sed -i "s/^rpi2-jessie/${HOSTNAME}/" "${ETC_DIR}/hostname"
10 sed -i "s/^RaspberryPI/${HOSTNAME}/" "${ETC_DIR}/hostname"
11 11
12 12 # Install and setup hosts
13 13 install_readonly files/network/hosts "${ETC_DIR}/hosts"
14 sed -i "s/rpi2-jessie/${HOSTNAME}/" "${ETC_DIR}/hosts"
14 sed -i "s/RaspberryPI/${HOSTNAME}/" "${ETC_DIR}/hosts"
15 15
16 16 # Setup hostname entry with static IP
17 17 if [ "$NET_ADDRESS" != "" ] ; then
@@ -30,6 +30,16 install_readonly files/network/interfaces "${ETC_DIR}/network/interfaces"
30 30 # Install configuration for interface eth0
31 31 install_readonly files/network/eth.network "${ETC_DIR}/systemd/network/eth.network"
32 32
33 if [ "$RPI_MODEL" = 3P ] ; then
34 printf "\n[Link]\nGenericReceiveOffload=off\nTCPSegmentationOffload=off\nGenericSegmentationOffload=off" >> "${ETC_DIR}/systemd/network/eth.network"
35 fi
36
37 # Install configuration for interface wl*
38 install_readonly files/network/wlan.network "${ETC_DIR}/systemd/network/wlan.network"
39
40 #always with dhcp since wpa_supplicant integration is missing
41 sed -i -e "s/DHCP=.*/DHCP=yes/" -e "/DHCP/q" "${ETC_DIR}/systemd/network/wlan.network"
42
33 43 if [ "$ENABLE_DHCP" = true ] ; then
34 44 # Enable DHCP configuration for interface eth0
35 45 sed -i -e "s/DHCP=.*/DHCP=yes/" -e "/DHCP/q" "${ETC_DIR}/systemd/network/eth.network"
@@ -55,12 +65,16 fi
55 65
56 66 # Remove empty settings from network configuration
57 67 sed -i "/.*=\$/d" "${ETC_DIR}/systemd/network/eth.network"
68 # Remove empty settings from wlan configuration
69 sed -i "/.*=\$/d" "${ETC_DIR}/systemd/network/wlan.network"
58 70
59 71 # Move systemd network configuration if required by Debian release
60 if [ "$RELEASE" = "stretch" ] || [ "$RELEASE" = "buster" ] ; then
61 72 mv -v "${ETC_DIR}/systemd/network/eth.network" "${LIB_DIR}/systemd/network/10-eth.network"
62 rm -fr "${ETC_DIR}/systemd/network"
73 # If WLAN is enabled copy wlan configuration too
74 if [ "$ENABLE_WIRELESS" = true ] ; then
75 mv -v "${ETC_DIR}/systemd/network/wlan.network" "${LIB_DIR}/systemd/network/11-wlan.network"
63 76 fi
77 rm -fr "${ETC_DIR}/systemd/network"
64 78
65 79 # Enable systemd-networkd service
66 80 chroot_exec systemctl enable systemd-networkd
@@ -78,30 +92,45 if [ "$ENABLE_HARDNET" = true ] ; then
78 92 fi
79 93
80 94 # Enable time sync
81 if [ "NET_NTP_1" != "" ] ; then
95 if [ "$NET_NTP_1" != "" ] ; then
82 96 chroot_exec systemctl enable systemd-timesyncd.service
83 97 fi
84 98
85 99 # Download the firmware binary blob required to use the RPi3 wireless interface
86 100 if [ "$ENABLE_WIRELESS" = true ] ; then
87 if [ ! -d ${WLAN_FIRMWARE_DIR} ] ; then
88 mkdir -p ${WLAN_FIRMWARE_DIR}
101 if [ ! -d "${WLAN_FIRMWARE_DIR}" ] ; then
102 mkdir -p "${WLAN_FIRMWARE_DIR}"
89 103 fi
90 104
91 105 # Create temporary directory for firmware binary blob
92 106 temp_dir=$(as_nobody mktemp -d)
93 107
94 # Fetch firmware binary blob
108 # Fetch firmware binary blob for RPI3B+
109 if [ "$RPI_MODEL" = 3P ] ; then
110 # Fetch firmware binary blob for RPi3P
111 as_nobody wget -q -O "${temp_dir}/brcmfmac43455-sdio.bin" "${WLAN_FIRMWARE_URL}/brcmfmac43455-sdio.bin"
112 as_nobody wget -q -O "${temp_dir}/brcmfmac43455-sdio.txt" "${WLAN_FIRMWARE_URL}/brcmfmac43455-sdio.txt"
113 as_nobody wget -q -O "${temp_dir}/brcmfmac43455-sdio.clm_blob" "${WLAN_FIRMWARE_URL}/brcmfmac43455-sdio.clm_blob"
114
115 # Move downloaded firmware binary blob
116 mv "${temp_dir}/brcmfmac43455-sdio."* "${WLAN_FIRMWARE_DIR}/"
117
118 # Set permissions of the firmware binary blob
119 chown root:root "${WLAN_FIRMWARE_DIR}/brcmfmac43455-sdio."*
120 chmod 600 "${WLAN_FIRMWARE_DIR}/brcmfmac43455-sdio."*
121 elif [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 0 ] ; then
122 # Fetch firmware binary blob for RPi3
95 123 as_nobody wget -q -O "${temp_dir}/brcmfmac43430-sdio.bin" "${WLAN_FIRMWARE_URL}/brcmfmac43430-sdio.bin"
96 124 as_nobody wget -q -O "${temp_dir}/brcmfmac43430-sdio.txt" "${WLAN_FIRMWARE_URL}/brcmfmac43430-sdio.txt"
97 125
98 126 # Move downloaded firmware binary blob
99 127 mv "${temp_dir}/brcmfmac43430-sdio."* "${WLAN_FIRMWARE_DIR}/"
100 128
101 # Remove temporary directory for firmware binary blob
102 rm -fr "${temp_dir}"
103
104 129 # Set permissions of the firmware binary blob
105 130 chown root:root "${WLAN_FIRMWARE_DIR}/brcmfmac43430-sdio."*
106 131 chmod 600 "${WLAN_FIRMWARE_DIR}/brcmfmac43430-sdio."*
107 132 fi
133
134 # Remove temporary directory for firmware binary blob
135 rm -fr "${temp_dir}"
136 fi
Show file before | Show file after | Hide comments
@@ -9,6 +9,11 if [ "$ENABLE_IPTABLES" = true ] ; then
9 9 # Create iptables configuration directory
10 10 mkdir -p "${ETC_DIR}/iptables"
11 11
12 if [ "$KERNEL_NF" = false ] ; then
13 # iptables-save and -restore are slaves of iptables and thus are set accordingly
14 chroot_exec update-alternatives --verbose --set iptables /usr/sbin/iptables-legacy
15 fi
16
12 17 # Install iptables systemd service
13 18 install_readonly files/iptables/iptables.service "${ETC_DIR}/systemd/system/iptables.service"
14 19
@@ -23,6 +28,11 if [ "$ENABLE_IPTABLES" = true ] ; then
23 28 chroot_exec systemctl enable iptables.service
24 29
25 30 if [ "$ENABLE_IPV6" = true ] ; then
31 if [ "$KERNEL_NF" = false ] ; then
32 # iptables-save and -restore are slaves of iptables and thus are set accordingly
33 chroot_exec update-alternatives --verbose --set ip6tables /usr/sbin/ip6tables-legacy
34 fi
35
26 36 # Install ip6tables systemd service
27 37 install_readonly files/iptables/ip6tables.service "${ETC_DIR}/systemd/system/ip6tables.service"
28 38
Show file before | Show file after | Hide comments
@@ -6,13 +6,13
6 6 . ./functions.sh
7 7
8 8 # Generate crypt(3) password string
9 ENCRYPTED_PASSWORD=`mkpasswd -m sha-512 "${PASSWORD}"`
10 ENCRYPTED_USER_PASSWORD=`mkpasswd -m sha-512 "${USER_PASSWORD}"`
9 ENCRYPTED_PASSWORD=$(mkpasswd -m sha-512 "${PASSWORD}")
10 ENCRYPTED_USER_PASSWORD=$(mkpasswd -m sha-512 "${USER_PASSWORD}")
11 11
12 12 # Setup default user
13 13 if [ "$ENABLE_USER" = true ] ; then
14 chroot_exec adduser --gecos $USER_NAME --add_extra_groups --disabled-password $USER_NAME
15 chroot_exec usermod -a -G sudo -p "${ENCRYPTED_USER_PASSWORD}" $USER_NAME
14 chroot_exec adduser --gecos "$USER_NAME" --add_extra_groups --disabled-password "$USER_NAME"
15 chroot_exec usermod -a -G sudo -p "${ENCRYPTED_USER_PASSWORD}" "$USER_NAME"
16 16 fi
17 17
18 18 # Setup root password or not
@@ -22,8 +22,3 else
22 22 # Set no root password to disable root login
23 23 chroot_exec usermod -p \'!\' root
24 24 fi
25
26 # Enable serial console systemd style
27 if [ "$ENABLE_CONSOLE" = true ] ; then
28 chroot_exec systemctl enable serial-getty\@ttyAMA0.service
29 fi
Show file before | Show file after | Hide comments
@@ -28,7 +28,7 if [ "$ENABLE_SSHD" = true ] ; then
28 28 fi
29 29
30 30 # Add SSH (v2) public key for user root
31 if [ ! -z "$SSH_ROOT_PUB_KEY" ] ; then
31 if [ -n "$SSH_ROOT_PUB_KEY" ] ; then
32 32 # Create root SSH config directory
33 33 mkdir -p "${R}/root/.ssh"
34 34
@@ -52,20 +52,20 if [ "$ENABLE_SSHD" = true ] ; then
52 52
53 53 if [ "$ENABLE_USER" = true ] ; then
54 54 # Add SSH (v2) public key for user $USER_NAME
55 if [ ! -z "$SSH_USER_PUB_KEY" ] ; then
55 if [ -n "$SSH_USER_PUB_KEY" ] ; then
56 56 # Create $USER_NAME SSH config directory
57 57 mkdir -p "${R}/home/${USER_NAME}/.ssh"
58 58
59 59 # Set permissions of $USER_NAME SSH config directory
60 60 chroot_exec chmod 700 "/home/${USER_NAME}/.ssh"
61 chroot_exec chown ${USER_NAME}:${USER_NAME} "/home/${USER_NAME}/.ssh"
61 chroot_exec chown "${USER_NAME}":"${USER_NAME}" "/home/${USER_NAME}/.ssh"
62 62
63 63 # Add SSH (v2) public key(s) to authorized_keys file
64 64 cat "$SSH_USER_PUB_KEY" >> "${R}/home/${USER_NAME}/.ssh/authorized_keys"
65 65
66 66 # Set permissions of $USER_NAME SSH config directory
67 67 chroot_exec chmod 600 "/home/${USER_NAME}/.ssh/authorized_keys"
68 chroot_exec chown ${USER_NAME}:${USER_NAME} "/home/${USER_NAME}/.ssh/authorized_keys"
68 chroot_exec chown "${USER_NAME}":"${USER_NAME}" "/home/${USER_NAME}/.ssh/authorized_keys"
69 69
70 70 if [ "$ENABLE_REDUCE" = false ] || [ "$REDUCE_SSHD" = false ] ; then
71 71 # Allow SSH public key authentication
@@ -85,7 +85,7 if [ "$ENABLE_SSHD" = true ] ; then
85 85 allowed_users="${allowed_users} ${USER_NAME}"
86 86 fi
87 87
88 if [ ! -z "$allowed_users" ] ; then
88 if [ -n "$allowed_users" ] ; then
89 89 echo "AllowUsers ${allowed_users}" >> "${ETC_DIR}/ssh/sshd_config"
90 90 fi
91 91 fi
Show file before | Show file after | Hide comments
@@ -32,7 +32,7 if [ "$ENABLE_UBOOT" = true ] ; then
32 32 fi
33 33
34 34 # Build and install U-Boot inside chroot
35 chroot_exec make -j${KERNEL_THREADS} -C /tmp/u-boot/ ${UBOOT_CONFIG} all
35 chroot_exec make -j"${KERNEL_THREADS}" -C /tmp/u-boot/ "${UBOOT_CONFIG}" all
36 36
37 37 # Copy compiled bootloader binary and set config.txt to load it
38 38 install_exec "${R}/tmp/u-boot/tools/mkimage" "${R}/usr/sbin/mkimage"
@@ -41,7 +41,7 if [ "$ENABLE_UBOOT" = true ] ; then
41 41
42 42 # Install and setup U-Boot command file
43 43 install_readonly files/boot/uboot.mkimage "${BOOT_DIR}/uboot.mkimage"
44 printf "# Set the kernel boot command line\nsetenv bootargs \"earlyprintk ${CMDLINE}\"\n\n$(cat ${BOOT_DIR}/uboot.mkimage)" > "${BOOT_DIR}/uboot.mkimage"
44 printf "# Set the kernel boot command line\nsetenv bootargs \"earlyprintk ${CMDLINE}\"\n\n$(cat "${BOOT_DIR}"/uboot.mkimage)" > "${BOOT_DIR}/uboot.mkimage"
45 45
46 46 if [ "$ENABLE_INITRAMFS" = true ] ; then
47 47 # Convert generated initramfs for U-Boot using mkimage
@@ -51,7 +51,7 if [ "$ENABLE_UBOOT" = true ] ; then
51 51 rm -f "${BOOT_DIR}/initramfs-${KERNEL_VERSION}"
52 52
53 53 # Configure U-Boot to load generated initramfs
54 printf "# Set initramfs file\nsetenv initramfs initramfs-${KERNEL_VERSION}.uboot\n\n$(cat ${BOOT_DIR}/uboot.mkimage)" > "${BOOT_DIR}/uboot.mkimage"
54 printf "# Set initramfs file\nsetenv initramfs initramfs-${KERNEL_VERSION}.uboot\n\n$(cat "${BOOT_DIR}"/uboot.mkimage)" > "${BOOT_DIR}/uboot.mkimage"
55 55 printf "\nbootz \${kernel_addr_r} \${ramdisk_addr_r} \${fdt_addr_r}" >> "${BOOT_DIR}/uboot.mkimage"
56 56 else # ENABLE_INITRAMFS=false
57 57 # Remove initramfs from U-Boot mkfile
@@ -66,11 +66,33 if [ "$ENABLE_UBOOT" = true ] ; then
66 66 fi
67 67 fi
68 68
69 if [ "$SET_ARCH" = 64 ] ; then
70 echo "Setting up config.txt to boot 64bit uboot"
71 {
72 printf "\n# 64bit-mode"
73 printf "\n# arm_control=0x200 is deprecated https://www.raspberrypi.org/documentation/configuration/config-txt/misc.md"
74 printf "\narm_64bit=1"
75 } >> "${BOOT_DIR}/config.txt"
76
77 #in 64bit uboot booti is used instead of bootz [like in KERNEL_BIN_IMAGE=zImage (armv7)|| Image(armv8)]
78 sed -i "s|bootz|booti|g" "${BOOT_DIR}/uboot.mkimage"
79 fi
80
81 # instead of sd, boot from usb device
82 if [ "$ENABLE_USBBOOT" = true ] ; then
83 sed -i "s|mmc|usb|g" "${BOOT_DIR}/uboot.mkimage"
84 fi
85
69 86 # Set mkfile to use the correct dtb file
70 sed -i "s/^\(setenv dtbfile \).*/\1${DTB_FILE}/" "${BOOT_DIR}/uboot.mkimage"
87 sed -i "s|bcm2709-rpi-2-b.dtb|${DTB_FILE}|" "${BOOT_DIR}/uboot.mkimage"
88
89 # Set mkfile to use the correct mach id
90 if [ "$ENABLE_QEMU" = true ] ; then
91 sed -i "s/^\(setenv machid \).*/\10x000008e0/" "${BOOT_DIR}/uboot.mkimage"
92 fi
71 93
72 94 # Set mkfile to use kernel image
73 sed -i "s/^\(fatload mmc 0:1 \${kernel_addr_r} \).*/\1${KERNEL_IMAGE}/" "${BOOT_DIR}/uboot.mkimage"
95 sed -i "s|kernel7.img|${KERNEL_IMAGE}|" "${BOOT_DIR}/uboot.mkimage"
74 96
75 97 # Remove all leading blank lines
76 98 sed -i "/./,\$!d" "${BOOT_DIR}/uboot.mkimage"
Show file before | Show file after | Hide comments
@@ -28,12 +28,14 if [ "$ENABLE_FBTURBO" = true ] ; then
28 28 fi
29 29
30 30 # Install Xorg build dependencies
31
31 32 if [ "$RELEASE" = "jessie" ] || [ "$RELEASE" = "stretch" ] || [ "$RELEASE" = "buster" ] ; then
32 33 chroot_exec apt-get -q -y --no-install-recommends install xorg-dev xutils-dev x11proto-dri2-dev libltdl-dev libtool automake libdrm-dev
33 34 elif [ "$RELEASE" = "stretch" ] || [ "$RELEASE" = "buster" ] ; then
34 35 chroot_exec apt-get -q -y --no-install-recommends --allow-unauthenticated install xorg-dev xutils-dev x11proto-dri2-dev libltdl-dev libtool automake libdrm-dev
35 36 fi
36 37
38
37 39 # Build and install fbturbo driver inside chroot
38 40 chroot_exec /bin/bash -x <<'EOF'
39 41 cd /tmp/xf86-video-fbturbo
Show file before | Show file after | Hide comments
@@ -8,30 +8,35
8 8 # Prepare rc.firstboot script
9 9 cat files/firstboot/10-begin.sh > "${ETC_DIR}/rc.firstboot"
10 10
11 # Ensure openssh server host keys are regenerated on first boot
12 if [ "$ENABLE_SSHD" = true ] ; then
13 cat files/firstboot/21-generate-ssh-keys.sh >> "${ETC_DIR}/rc.firstboot"
14 fi
15
16 11 # Prepare filesystem auto expand
17 12 if [ "$EXPANDROOT" = true ] ; then
18 13 if [ "$ENABLE_CRYPTFS" = false ] ; then
19 cat files/firstboot/22-expandroot.sh >> "${ETC_DIR}/rc.firstboot"
14 cat files/firstboot/20-expandroot.sh >> "${ETC_DIR}/rc.firstboot"
20 15 else
21 16 # Regenerate initramfs to remove encrypted root partition auto expand
22 cat files/firstboot/23-regenerate-initramfs.sh >> "${ETC_DIR}/rc.firstboot"
17 cat files/firstboot/21-regenerate-initramfs.sh >> "${ETC_DIR}/rc.firstboot"
18 fi
19
20 # Restart dphys-swapfile so the size of the swap file is relative to the resized root partition
21 if [ "$ENABLE_DPHYSSWAP" = true ] ; then
22 cat files/firstboot/23-restart-dphys-swapfile.sh >> "${ETC_DIR}/rc.firstboot"
23 fi
23 24 fi
25
26 # Ensure openssh server host keys are regenerated on first boot
27 if [ "$ENABLE_SSHD" = true ] ; then
28 cat files/firstboot/30-generate-ssh-keys.sh >> "${ETC_DIR}/rc.firstboot"
24 29 fi
25 30
26 31 # Ensure that dbus machine-id exists
27 cat files/firstboot/24-generate-machineid.sh >> "${ETC_DIR}/rc.firstboot"
32 cat files/firstboot/40-generate-machineid.sh >> "${ETC_DIR}/rc.firstboot"
28 33
29 34 # Create /etc/resolv.conf symlink
30 cat files/firstboot/25-create-resolv-symlink.sh >> "${ETC_DIR}/rc.firstboot"
35 cat files/firstboot/41-create-resolv-symlink.sh >> "${ETC_DIR}/rc.firstboot"
31 36
32 37 # Configure automatic network interface names
33 38 if [ "$ENABLE_IFNAMES" = true ] ; then
34 cat files/firstboot/26-config-ifnames.sh >> "${ETC_DIR}/rc.firstboot"
39 cat files/firstboot/42-config-ifnames.sh >> "${ETC_DIR}/rc.firstboot"
35 40 fi
36 41
37 42 # Finalize rc.firstboot script
Show file before | Show file after | Hide comments
@@ -25,8 +25,8 if [ "$ENABLE_REDUCE" = true ] ; then
25 25
26 26 # Remove all doc files
27 27 if [ "$REDUCE_DOC" = true ] ; then
28 find "${R}/usr/share/doc" -depth -type f ! -name copyright | xargs rm || true
29 find "${R}/usr/share/doc" -empty | xargs rmdir || true
28 find "${R}/usr/share/doc" -depth -type f ! -name copyright -print0 | xargs -0 rm || true
29 find "${R}/usr/share/doc" -empty -print0 | xargs -0 rmdir || true
30 30 fi
31 31
32 32 # Remove all man pages and info files
@@ -36,7 +36,7 if [ "$ENABLE_REDUCE" = true ] ; then
36 36
37 37 # Remove all locale translation files
38 38 if [ "$REDUCE_LOCALE" = true ] ; then
39 find "${R}/usr/share/locale" -mindepth 1 -maxdepth 1 ! -name 'en' | xargs rm -r
39 find "${R}/usr/share/locale" -mindepth 1 -maxdepth 1 ! -name 'en' -print0 | xargs -0 rm -r
40 40 fi
41 41
42 42 # Remove hwdb PCI device classes (experimental)
@@ -46,12 +46,8 if [ "$ENABLE_REDUCE" = true ] ; then
46 46
47 47 # Replace bash shell by dash shell (experimental)
48 48 if [ "$REDUCE_BASH" = true ] ; then
49 if [ "$RELEASE" = "stretch" ] || [ "$RELEASE" = "buster" ] ; then
49 # Purge bash and update alternatives
50 50 echo "Yes, do as I say!" | chroot_exec apt-get purge -qq -y --allow-remove-essential bash
51 else
52 echo "Yes, do as I say!" | chroot_exec apt-get purge -qq -y --force-yes bash
53 fi
54
55 51 chroot_exec update-alternatives --install /bin/bash bash /bin/dash 100
56 52 fi
57 53
@@ -60,11 +56,6 if [ "$ENABLE_REDUCE" = true ] ; then
60 56 chroot_exec apt-get -qq -y purge alsa-utils libsamplerate0 libasound2 libasound2-data
61 57 fi
62 58
63 # Re-install tools for managing kernel modules
64 if [ "$RELEASE" = "jessie" ] ; then
65 chroot_exec apt-get -qq -y install module-init-tools
66 fi
67
68 59 # Remove GPU kernels
69 60 if [ "$ENABLE_MINGPU" = true ] ; then
70 61 rm -f "${BOOT_DIR}/start.elf"
Show file before | Show file after | Hide comments
@@ -1,8 +1,8
1 deb http://ftp.debian.org/debian jessie main contrib
2 #deb-src http://ftp.debian.org/debian jessie main contrib
1 deb http://ftp.debian.org/debian stretch main contrib
2 #deb-src http://ftp.debian.org/debian stretch main contrib
3 3
4 deb http://ftp.debian.org/debian/ jessie-updates main contrib
5 #deb-src http://ftp.debian.org/debian/ jessie-updates main contrib
4 deb http://ftp.debian.org/debian/ stretch-updates main contrib
5 #deb-src http://ftp.debian.org/debian/ stretch-updates main contrib
6 6
7 deb http://security.debian.org/ jessie/updates main contrib
8 #deb-src http://security.debian.org/ jessie/updates main contrib
7 deb http://security.debian.org/ stretch/updates main contrib
8 #deb-src http://security.debian.org/ stretch/updates main contrib
Show file before | Show file after | Hide comments
@@ -8,6 +8,7 setenv machid 0x00000c42
8 8 saveenv
9 9
10 10 # Load the existing Linux kernel into RAM
11 mmc dev 0
11 12 fatload mmc 0:1 ${kernel_addr_r} kernel7.img
12 13 fatload mmc 0:1 ${fdt_addr_r} ${dtbfile}
13 14 fatload mmc 0:1 ${ramdisk_addr_r} ${initramfs}
Show file before | Show file after | Hide comments
1 NO CONTENT: file renamed from files/firstboot/22-expandroot.sh to files/firstboot/20-expandroot.sh
Show file before | Show file after | Hide comments
@@ -8,6 +8,7 INITRAMFS_UBOOT="${INITRAMFS}.uboot"
8 8 # Extract kernel arch
9 9 case "${KERNEL_ARCH}" in
10 10 arm*) KERNEL_ARCH=arm ;;
11 aarch64) KERNEL_ARCH=arm64 ;;
11 12 esac
12 13
13 14 # Regenerate initramfs
Show file before | Show file after | Hide comments
1 NO CONTENT: file renamed from files/firstboot/21-generate-ssh-keys.sh to files/firstboot/30-generate-ssh-keys.sh
Show file before | Show file after | Hide comments
1 NO CONTENT: file renamed from files/firstboot/24-generate-machineid.sh to files/firstboot/40-generate-machineid.sh
Show file before | Show file after | Hide comments
1 NO CONTENT: file renamed from files/firstboot/25-create-resolv-symlink.sh to files/firstboot/41-create-resolv-symlink.sh
Show file before | Show file after | Hide comments
1 NO CONTENT: file renamed from files/firstboot/26-config-ifnames.sh to files/firstboot/42-config-ifnames.sh
Show file before | Show file after | Hide comments
@@ -60,14 +60,22 if [ -z "$PART_START" ] ; then
60 60 return 1
61 61 fi
62 62
63 # Get the current last sector of the root partition
64 PART_END=$(parted /dev/${ROOT_DEV} -ms unit s p | grep "^${PART_NUM}" | cut -f 3 -d: | sed 's/[^0-9]//g')
65 if [ -z "$PART_END" ] ; then
66 log_warning_msg "${ROOT_DEV} unable to get last sector of the partition"
67 return 1
68 fi
69
63 70 # Get the possible last sector for the root partition
64 71 PART_LAST=$(fdisk -l /dev/${ROOT_DEV} | grep '^Disk.*sectors' | awk '{ print $7 - 1 }')
65 72 if [ -z "$PART_LAST" ] ; then
66 log_warning_msg "${ROOT_DEV} unable to get last sector of the partition"
73 log_warning_msg "${ROOT_DEV} unable to get last possible sector of the partition"
67 74 return 1
68 75 fi
69 76
70 77 ### Since rc.local is run with "sh -e", let's add "|| true" to prevent premature exit
78 if [ $PART_END != $PART_LAST ] ; then
71 79 fdisk /dev/${ROOT_DEV} 2> /dev/null <<EOF2 || true
72 80 p
73 81 d
@@ -83,3 +91,6 EOF2
83 91
84 92 partprobe
85 93 log_success_msg "Root partition successfully resized."
94 else
95 log_success_msg "Root partition already resized."
96 fi
Show file before | Show file after | Hide comments
@@ -6,7 +6,7 Before=sysinit.target
6 6
7 7 [Service]
8 8 Type=oneshot
9 ExecStart=/sbin/ip6tables-restore /etc/iptables/ip6tables.rules
9 ExecStart=/sbin/ip6tables-restore -w 5 /etc/iptables/ip6tables.rules
10 10 ExecReload=/sbin/ip6tables-restore /etc/iptables/ip6tables.rules
11 11 ExecStop=/etc/iptables/flush-ip6tables.sh
12 12 RemainAfterExit=yes
Show file before | Show file after | Hide comments
@@ -6,7 +6,7 Before=sysinit.target
6 6
7 7 [Service]
8 8 Type=oneshot
9 ExecStart=/sbin/iptables-restore /etc/iptables/iptables.rules
9 ExecStart=/sbin/iptables-restore -w 5 /etc/iptables/iptables.rules
10 10 ExecReload=/sbin/iptables-restore /etc/iptables/iptables.rules
11 11 ExecStop=/etc/iptables/flush-iptables.sh
12 12 RemainAfterExit=yes
Show file before | Show file after | Hide comments
@@ -1,1 +1,1
1 rpi2-jessie
1 RaspberryPI
Show file before | Show file after | Hide comments
@@ -1,5 +1,5
1 1 127.0.0.1 localhost
2 127.0.1.1 rpi2-jessie
2 127.0.1.1 RaspberryPI
3 3
4 4 ::1 localhost ip6-localhost ip6-loopback
5 5 ff02::1 ip6-allnodes
Show file before | Show file after | Hide comments
@@ -4,6 +4,17 cleanup (){
4 4 set +x
5 5 set +e
6 6
7 # Remove exports from nexmon
8 unset KERNEL
9 unset ARCH
10 unset SUBARCH
11 unset CCPLUGIN
12 unset ZLIBFLATE
13 unset Q
14 unset NEXMON_SETUP_ENV
15 unset HOSTUNAME
16 unset PLATFORMUNAME
17
7 18 # Identify and kill all processes still using files
8 19 echo "killing processes using mount point ..."
9 20 fuser -k "${R}"
@@ -30,22 +41,22 cleanup (){
30 41
31 42 chroot_exec() {
32 43 # Exec command in chroot
33 LANG=C LC_ALL=C DEBIAN_FRONTEND=noninteractive chroot ${R} $*
44 LANG=C LC_ALL=C DEBIAN_FRONTEND=noninteractive chroot "${R}" "$@"
34 45 }
35 46
36 47 as_nobody() {
37 48 # Exec command as user nobody
38 sudo -E -u nobody LANG=C LC_ALL=C $*
49 sudo -E -u nobody LANG=C LC_ALL=C "$@"
39 50 }
40 51
41 52 install_readonly() {
42 53 # Install file with user read-only permissions
43 install -o root -g root -m 644 $*
54 install -o root -g root -m 644 "$@"
44 55 }
45 56
46 57 install_exec() {
47 58 # Install file with root exec permissions
48 install -o root -g root -m 744 $*
59 install -o root -g root -m 744 "$@"
49 60 }
50 61
51 62 use_template () {
@@ -64,18 +75,48 chroot_install_cc() {
64 75 if [ -z "${COMPILER_PACKAGES}" ] ; then
65 76 COMPILER_PACKAGES=$(chroot_exec apt-get -s install g++ make bc | grep "^Inst " | awk -v ORS=" " '{ print $2 }')
66 77
78
67 79 if [ "$RELEASE" = "jessie" ] || [ "$RELEASE" = "stretch" ] || [ "$RELEASE" = "buster" ] ; then
68 80 chroot_exec apt-get -q -y --no-install-recommends install ${COMPILER_PACKAGES}
69 81 elif [ "$RELEASE" = "stretch" ] || [ "$RELEASE" = "buster" ] ; then
70 82 chroot_exec apt-get -q -y --allow-unauthenticated --no-install-recommends install ${COMPILER_PACKAGES}
71 83 fi
84
72 85 fi
73 86 }
74 87
75 88 chroot_remove_cc() {
76 89 # Remove c/c++ build environment from the chroot
77 if [ ! -z "${COMPILER_PACKAGES}" ] ; then
90 if [ -n "${COMPILER_PACKAGES}" ] ; then
78 91 chroot_exec apt-get -qq -y --auto-remove purge ${COMPILER_PACKAGES}
79 92 COMPILER_PACKAGES=""
80 93 fi
81 94 }
95
96 # https://serverfault.com/a/682849 - converts e.g. /24 to 255.255.255.0
97 cdr2mask ()
98 {
99 # Number of args to shift, 255..255, first non-255 byte, zeroes
100 set -- $(( 5 - ($1 / 8) )) 255 255 255 255 $(( (255 << (8 - ($1 % 8))) & 255 )) 0 0 0
101 [ $1 -gt 1 ] && shift $1 || shift
102 echo ${1-0}.${2-0}.${3-0}.${4-0}
103 }
104
105 # GPL v2.0 - #https://github.com/sakaki-/bcmrpi3-kernel-bis/blob/master/conform_config.sh
106 set_kernel_config() {
107 # flag as $1, value to set as $2, config must exist at "./.config"
108 TGT="CONFIG_${1#CONFIG_}"
109 REP="${2}"
110 if grep -q "^${TGT}[^_]" .config; then
111 sed -i "s/^\(${TGT}=.*\|# ${TGT} is not set\)/${TGT}=${REP}/" .config
112 else
113 echo "${TGT}"="${2}" >> .config
114 fi
115 }
116
117 # unset kernel config parameter
118 unset_kernel_config() {
119 # unsets flag with the value of $1, config must exist at "./.config"
120 TGT="CONFIG_${1#CONFIG_}"
121 sed -i "s/^${TGT}=.*/# ${TGT} is not set/" .config
122 } No newline at end of file
Show file before | Show file after | Hide comments
@@ -1,9 +1,8
1 1 #!/bin/sh
2
3 2 ########################################################################
4 3 # rpi23-gen-image.sh 2015-2017
5 4 #
6 # Advanced Debian "jessie", "stretch" and "buster" bootstrap script for RPi2/3
5 # Advanced Debian "stretch" and "buster" bootstrap script for Raspberry Pi
7 6 #
8 7 # This program is free software; you can redistribute it and/or
9 8 # modify it under the terms of the GNU General Public License
@@ -31,40 +30,22 fi
31 30 . ./functions.sh
32 31
33 32 # Load parameters from configuration template file
34 if [ ! -z "$CONFIG_TEMPLATE" ] ; then
33 if [ -n "$CONFIG_TEMPLATE" ] ; then
35 34 use_template
36 35 fi
37 36
38 37 # Introduce settings
39 38 set -e
40 echo -n -e "\n#\n# RPi2/3 Bootstrap Settings\n#\n"
39 echo -n -e "\n#\n# RPi 0/1/2/3 Bootstrap Settings\n#\n"
41 40 set -x
42 41
43 42 # Raspberry Pi model configuration
44 43 RPI_MODEL=${RPI_MODEL:=2}
45 RPI2_DTB_FILE=${RPI2_DTB_FILE:=bcm2709-rpi-2-b.dtb}
46 RPI2_UBOOT_CONFIG=${RPI2_UBOOT_CONFIG:=rpi_2_defconfig}
47 RPI3_DTB_FILE=${RPI3_DTB_FILE:=bcm2710-rpi-3-b.dtb}
48 RPI3_UBOOT_CONFIG=${RPI3_UBOOT_CONFIG:=rpi_3_32b_defconfig}
49 44
50 45 # Debian release
51 RELEASE=${RELEASE:=jessie}
52 KERNEL_ARCH=${KERNEL_ARCH:=arm}
53 RELEASE_ARCH=${RELEASE_ARCH:=armhf}
54 CROSS_COMPILE=${CROSS_COMPILE:=arm-linux-gnueabihf-}
55 COLLABORA_KERNEL=${COLLABORA_KERNEL:=3.18.0-trunk-rpi2}
56 if [ "$KERNEL_ARCH" = "arm64" ] ; then
57 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcmrpi3_defconfig}
58 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel8.img}
59 else
60 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcm2709_defconfig}
61 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel7.img}
62 fi
63 if [ "$RELEASE_ARCH" = "arm64" ] ; then
64 QEMU_BINARY=${QEMU_BINARY:=/usr/bin/qemu-aarch64-static}
65 else
66 QEMU_BINARY=${QEMU_BINARY:=/usr/bin/qemu-arm-static}
67 fi
46 RELEASE=${RELEASE:=buster}
47
48 # Kernel Branch
68 49 KERNEL_BRANCH=${KERNEL_BRANCH:=""}
69 50
70 51 # URLs
@@ -73,38 +54,50 FIRMWARE_URL=${FIRMWARE_URL:=https://github.com/raspberrypi/firmware/raw/master/
73 54 WLAN_FIRMWARE_URL=${WLAN_FIRMWARE_URL:=https://github.com/RPi-Distro/firmware-nonfree/raw/master/brcm}
74 55 COLLABORA_URL=${COLLABORA_URL:=https://repositories.collabora.co.uk/debian}
75 56 FBTURBO_URL=${FBTURBO_URL:=https://github.com/ssvb/xf86-video-fbturbo.git}
76 UBOOT_URL=${UBOOT_URL:=git://git.denx.de/u-boot.git}
57 UBOOT_URL=${UBOOT_URL:=https://git.denx.de/u-boot.git}
58 VIDEOCORE_URL=${VIDEOCORE_URL:=https://github.com/raspberrypi/userland}
59 BLUETOOTH_URL=${BLUETOOTH_URL:=https://github.com/RPi-Distro/pi-bluetooth.git}
60 NEXMON_URL=${NEXMON_URL:=https://github.com/seemoo-lab/nexmon.git}
61 SYSTEMDSWAP_URL=${SYSTEMDSWAP_URL:=https://github.com/Nefelim4ag/systemd-swap.git}
62
63 # Kernel deb packages for 32bit kernel
64 RPI_32_KERNEL_URL=${RPI_32_KERNEL_URL:=https://github.com/hypriot/rpi-kernel/releases/download/v4.14.34/raspberrypi-kernel_20180422-141901_armhf.deb}
65 RPI_32_KERNELHEADER_URL=${RPI_32_KERNELHEADER_URL:=https://github.com/hypriot/rpi-kernel/releases/download/v4.14.34/raspberrypi-kernel-headers_20180422-141901_armhf.deb}
66 # Kernel has KVM and zswap enabled - use if KERNEL_* parameters and precompiled kernel are used
67 RPI3_64_BIS_KERNEL_URL=${RPI3_64_BIS_KERNEL_URL:=https://github.com/sakaki-/bcmrpi3-kernel-bis/releases/download/4.14.80.20181113/bcmrpi3-kernel-bis-4.14.80.20181113.tar.xz}
68 # Default precompiled 64bit kernel
69 RPI3_64_DEF_KERNEL_URL=${RPI3_64_DEF_KERNEL_URL:=https://github.com/sakaki-/bcmrpi3-kernel/releases/download/4.14.80.20181113/bcmrpi3-kernel-4.14.80.20181113.tar.xz}
70 # Generic
71 RPI3_64_KERNEL_URL=${RPI3_64_KERNEL_URL:=$RPI3_64_DEF_KERNEL_URL}
72 # Kali kernel src - used if ENABLE_NEXMON=true (they patch the wlan kernel modul)
73 KALI_KERNEL_URL=${KALI_KERNEL_URL:=https://github.com/Re4son/re4son-raspberrypi-linux.git}
77 74
78 75 # Build directories
79 BASEDIR=${BASEDIR:=$(pwd)/images/${RELEASE}}
76 WORKDIR=$(pwd)
77 BASEDIR=${BASEDIR:=${WORKDIR}/images/${RELEASE}}
80 78 BUILDDIR="${BASEDIR}/build"
81 79
82 # Prepare date string for default image file name
83 DATE="$(date +%Y-%m-%d)"
84 if [ -z "$KERNEL_BRANCH" ] ; then
85 IMAGE_NAME=${IMAGE_NAME:=${BASEDIR}/${DATE}-${KERNEL_ARCH}-CURRENT-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}}
86 else
87 IMAGE_NAME=${IMAGE_NAME:=${BASEDIR}/${DATE}-${KERNEL_ARCH}-${KERNEL_BRANCH}-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}}
88 fi
89
90 80 # Chroot directories
91 81 R="${BUILDDIR}/chroot"
92 82 ETC_DIR="${R}/etc"
93 83 LIB_DIR="${R}/lib"
94 84 BOOT_DIR="${R}/boot/firmware"
95 85 KERNEL_DIR="${R}/usr/src/linux"
96 WLAN_FIRMWARE_DIR="${R}/lib/firmware/brcm"
86 WLAN_FIRMWARE_DIR="${LIB_DIR}/firmware/brcm"
87 BLUETOOTH_FIRMWARE_DIR="${ETC_DIR}/firmware/bt"
97 88
98 89 # Firmware directory: Blank if download from github
99 90 RPI_FIRMWARE_DIR=${RPI_FIRMWARE_DIR:=""}
100 91
101 92 # General settings
93 SET_ARCH=${SET_ARCH:=32}
102 94 HOSTNAME=${HOSTNAME:=rpi${RPI_MODEL}-${RELEASE}}
103 95 PASSWORD=${PASSWORD:=raspberry}
104 96 USER_PASSWORD=${USER_PASSWORD:=raspberry}
105 97 DEFLOCAL=${DEFLOCAL:="en_US.UTF-8"}
106 98 TIMEZONE=${TIMEZONE:="Europe/Berlin"}
107 99 EXPANDROOT=${EXPANDROOT:=true}
100 ENABLE_DPHYSSWAP=${ENABLE_DPHYSSWAP:=true}
108 101
109 102 # Keyboard settings
110 103 XKB_MODEL=${XKB_MODEL:=""}
@@ -127,8 +120,12 NET_NTP_2=${NET_NTP_2:=""}
127 120 # APT settings
128 121 APT_PROXY=${APT_PROXY:=""}
129 122 APT_SERVER=${APT_SERVER:="ftp.debian.org"}
123 KEEP_APT_PROXY=${KEEP_APT_PROXY:=false}
130 124
131 125 # Feature settings
126 ENABLE_PRINTK=${ENABLE_PRINTK:=false}
127 ENABLE_BLUETOOTH=${ENABLE_BLUETOOTH:=false}
128 ENABLE_MINIUART_OVERLAY=${ENABLE_MINIUART_OVERLAY:=false}
132 129 ENABLE_CONSOLE=${ENABLE_CONSOLE:=true}
133 130 ENABLE_I2C=${ENABLE_I2C:=false}
134 131 ENABLE_SPI=${ENABLE_SPI:=false}
@@ -146,6 +143,8 ENABLE_RSYSLOG=${ENABLE_RSYSLOG:=true}
146 143 ENABLE_USER=${ENABLE_USER:=true}
147 144 USER_NAME=${USER_NAME:="pi"}
148 145 ENABLE_ROOT=${ENABLE_ROOT:=false}
146 ENABLE_QEMU=${ENABLE_QEMU:=false}
147 ENABLE_SYSVINIT=${ENABLE_SYSVINIT:=false}
149 148
150 149 # SSH settings
151 150 SSH_ENABLE_ROOT=${SSH_ENABLE_ROOT:=false}
@@ -155,31 +154,43 SSH_ROOT_PUB_KEY=${SSH_ROOT_PUB_KEY:=""}
155 154 SSH_USER_PUB_KEY=${SSH_USER_PUB_KEY:=""}
156 155
157 156 # Advanced settings
157 ENABLE_SYSTEMDSWAP=${ENABLE_SYSTEMDSWAP:=false}
158 158 ENABLE_MINBASE=${ENABLE_MINBASE:=false}
159 159 ENABLE_REDUCE=${ENABLE_REDUCE:=false}
160 160 ENABLE_UBOOT=${ENABLE_UBOOT:=false}
161 161 UBOOTSRC_DIR=${UBOOTSRC_DIR:=""}
162 ENABLE_USBBOOT=${ENABLE_USBBOOT=false}
162 163 ENABLE_FBTURBO=${ENABLE_FBTURBO:=false}
164 ENABLE_VIDEOCORE=${ENABLE_VIDEOCORE:=false}
165 ENABLE_NEXMON=${ENABLE_NEXMON:=false}
166 VIDEOCORESRC_DIR=${VIDEOCORESRC_DIR:=""}
163 167 FBTURBOSRC_DIR=${FBTURBOSRC_DIR:=""}
168 NEXMONSRC_DIR=${NEXMONSRC_DIR:=""}
164 169 ENABLE_HARDNET=${ENABLE_HARDNET:=false}
165 170 ENABLE_IPTABLES=${ENABLE_IPTABLES:=false}
166 171 ENABLE_SPLITFS=${ENABLE_SPLITFS:=false}
167 172 ENABLE_INITRAMFS=${ENABLE_INITRAMFS:=false}
168 173 ENABLE_IFNAMES=${ENABLE_IFNAMES:=true}
174 ENABLE_SPLASH=${ENABLE_SPLASH:=true}
175 ENABLE_LOGO=${ENABLE_LOGO:=true}
176 ENABLE_SILENT_BOOT=${ENABLE_SILENT_BOOT=false}
169 177 DISABLE_UNDERVOLT_WARNINGS=${DISABLE_UNDERVOLT_WARNINGS:=}
170 178
171 179 # Kernel compilation settings
172 BUILD_KERNEL=${BUILD_KERNEL:=false}
180 BUILD_KERNEL=${BUILD_KERNEL:=true}
173 181 KERNEL_REDUCE=${KERNEL_REDUCE:=false}
174 182 KERNEL_THREADS=${KERNEL_THREADS:=1}
175 183 KERNEL_HEADERS=${KERNEL_HEADERS:=true}
176 184 KERNEL_MENUCONFIG=${KERNEL_MENUCONFIG:=false}
177 185 KERNEL_REMOVESRC=${KERNEL_REMOVESRC:=true}
178 if [ "$KERNEL_ARCH" = "arm64" ] ; then
179 KERNEL_BIN_IMAGE=${KERNEL_BIN_IMAGE:="Image"}
180 else
181 KERNEL_BIN_IMAGE=${KERNEL_BIN_IMAGE:="zImage"}
182 fi
186 KERNEL_OLDDEFCONFIG=${KERNEL_OLDDEFCONFIG:=false}
187 KERNEL_CCACHE=${KERNEL_CCACHE:=false}
188 KERNEL_ZSWAP=${KERNEL_ZSWAP:=false}
189 KERNEL_VIRT=${KERNEL_VIRT:=false}
190 KERNEL_BPF=${KERNEL_BPF:=false}
191 KERNEL_DEFAULT_GOV=${KERNEL_DEFAULT_GOV:=ondemand}
192 KERNEL_SECURITY=${KERNEL_SECURITY:=false}
193 KERNEL_NF=${KERNEL_NF:=false}
183 194
184 195 # Kernel compilation from source directory settings
185 196 KERNELSRC_DIR=${KERNELSRC_DIR:=""}
@@ -203,16 +214,20 CRYPTFS_PASSWORD=${CRYPTFS_PASSWORD:=""}
203 214 CRYPTFS_MAPPING=${CRYPTFS_MAPPING:="secure"}
204 215 CRYPTFS_CIPHER=${CRYPTFS_CIPHER:="aes-xts-plain64:sha512"}
205 216 CRYPTFS_XTSKEYSIZE=${CRYPTFS_XTSKEYSIZE:=512}
206
207 # Stop the Crypto Wars
208 DISABLE_FBI=${DISABLE_FBI:=false}
217 #Dropbear-initramfs supports unlocking encrypted filesystem via SSH on bootup
218 CRYPTFS_DROPBEAR=${CRYPTFS_DROPBEAR:=false}
219 #Provide your own Dropbear Public RSA-OpenSSH Key otherwise it will be generated
220 CRYPTFS_DROPBEAR_PUBKEY=${CRYPTFS_DROPBEAR_PUBKEY:=""}
209 221
210 222 # Chroot scripts directory
211 223 CHROOT_SCRIPTS=${CHROOT_SCRIPTS:=""}
212 224
213 225 # Packages required in the chroot build environment
214 226 APT_INCLUDES=${APT_INCLUDES:=""}
215 APT_INCLUDES="${APT_INCLUDES},apt-transport-https,apt-utils,ca-certificates,debian-archive-keyring,dialog,sudo,systemd,sysvinit-utils"
227 APT_INCLUDES="${APT_INCLUDES},apt-transport-https,apt-utils,ca-certificates,debian-archive-keyring,dialog,sudo,systemd,sysvinit-utils,locales,keyboard-configuration,console-setup,libnss-systemd"
228
229 # Packages to exclude from chroot build environment
230 APT_EXCLUDES=${APT_EXCLUDES:=""}
216 231
217 232 # Packages required for bootstrapping
218 233 REQUIRED_PACKAGES="debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git bc psmisc dbus sudo"
@@ -221,63 +236,177 MISSING_PACKAGES=""
221 236 # Packages installed for c/c++ build environment in chroot (keep empty)
222 237 COMPILER_PACKAGES=""
223 238
224 set +x
239 # Check if apt-cacher-ng has port 3142 open and set APT_PROXY
240 APT_CACHER_RUNNING=$(lsof -i :3142 | cut -d ' ' -f3 | uniq | sed '/^\s*$/d')
241 if [ "${APT_CACHER_RUNNING}" = "apt-cacher-ng" ] ; then
242 APT_PROXY=http://127.0.0.1:3142/
243 fi
244
245 # Setup architecture specific settings
246 if [ -n "$SET_ARCH" ] ; then
247 # 64-bit configuration
248 if [ "$SET_ARCH" = 64 ] ; then
249 # General 64-bit depended settings
250 QEMU_BINARY=${QEMU_BINARY:=/usr/bin/qemu-aarch64-static}
251 KERNEL_ARCH=${KERNEL_ARCH:=arm64}
252 KERNEL_BIN_IMAGE=${KERNEL_BIN_IMAGE:="Image"}
225 253
226 # Set Raspberry Pi model specific configuration
227 if [ "$RPI_MODEL" = 2 ] ; then
228 DTB_FILE=${RPI2_DTB_FILE}
229 UBOOT_CONFIG=${RPI2_UBOOT_CONFIG}
230 elif [ "$RPI_MODEL" = 3 ] ; then
231 DTB_FILE=${RPI3_DTB_FILE}
232 UBOOT_CONFIG=${RPI3_UBOOT_CONFIG}
233 BUILD_KERNEL=true
254 # Raspberry Pi model specific settings
255 if [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] || [ "$RPI_MODEL" = 4 ] ; then
256 if [ "$RPI_MODEL" != 4 ] ; then
257 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcmrpi3_defconfig}
258 else
259 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcm2711_defconfig}
260 fi
261
262 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-arm64"
263 RELEASE_ARCH=${RELEASE_ARCH:=arm64}
264 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel8.img}
265 CROSS_COMPILE=${CROSS_COMPILE:=aarch64-linux-gnu-}
266 else
267 echo "error: Only Raspberry PI 3, 3B+ and 4 support 64-bit"
268 exit 1
269 fi
270 fi
271
272 # 32-bit configuration
273 if [ "$SET_ARCH" = 32 ] ; then
274 # General 32-bit dependend settings
275 QEMU_BINARY=${QEMU_BINARY:=/usr/bin/qemu-arm-static}
276 KERNEL_ARCH=${KERNEL_ARCH:=arm}
277 KERNEL_BIN_IMAGE=${KERNEL_BIN_IMAGE:="zImage"}
278
279 # Raspberry Pi model specific settings
280 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 1 ] || [ "$RPI_MODEL" = 1P ] ; then
281 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-armel"
282 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcmrpi_defconfig}
283 RELEASE_ARCH=${RELEASE_ARCH:=armel}
284 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel.img}
285 CROSS_COMPILE=${CROSS_COMPILE:=arm-linux-gnueabi-}
286 fi
287
288 # Raspberry Pi model specific settings
289 if [ "$RPI_MODEL" = 2 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] || [ "$RPI_MODEL" = 4 ] ; then
290 if [ "$RPI_MODEL" != 4 ] ; then
291 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcm2709_defconfig}
292 else
293 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcm2711_defconfig}
294 fi
295
296 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-armhf"
297 RELEASE_ARCH=${RELEASE_ARCH:=armhf}
298 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel7.img}
299 CROSS_COMPILE=${CROSS_COMPILE:=arm-linux-gnueabihf-}
300 fi
301 fi
302 # SET_ARCH not set
234 303 else
235 echo "error: Raspberry Pi model ${RPI_MODEL} is not supported!"
304 echo "error: Please set '32' or '64' as value for SET_ARCH"
305 exit 1
306 fi
307 # Device specific configuration and U-Boot configuration
308 case "$RPI_MODEL" in
309 0)
310 DTB_FILE=${DTB_FILE:=bcm2708-rpi-0-w.dtb}
311 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_defconfig}
312 ;;
313 1)
314 DTB_FILE=${DTB_FILE:=bcm2708-rpi-b.dtb}
315 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_defconfig}
316 ;;
317 1P)
318 DTB_FILE=${DTB_FILE:=bcm2708-rpi-b-plus.dtb}
319 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_defconfig}
320 ;;
321 2)
322 DTB_FILE=${DTB_FILE:=bcm2709-rpi-2-b.dtb}
323 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_2_defconfig}
324 ;;
325 3)
326 DTB_FILE=${DTB_FILE:=bcm2710-rpi-3-b.dtb}
327 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_3_defconfig}
328 ;;
329 3P)
330 DTB_FILE=${DTB_FILE:=bcm2710-rpi-3-b.dtb}
331 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_3_defconfig}
332 ;;
333 4)
334 DTB_FILE=${DTB_FILE:=bcm2711-rpi-4-b.dtb}
335 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_4_defconfig}
336 ;;
337 *)
338 echo "error: Raspberry Pi model $RPI_MODEL is not supported!"
339 exit 1
340 ;;
341 esac
342
343 # Raspberry PI 0,3,3P with Bluetooth and Wifi onboard
344 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] || [ "$RPI_MODEL" = 4 ] ; then
345 # Include bluetooth packages on supported boards
346 if [ "$ENABLE_BLUETOOTH" = true ] ; then
347 APT_INCLUDES="${APT_INCLUDES},bluetooth,bluez"
348 fi
349 if [ "$ENABLE_WIRELESS" = true ] ; then
350 APT_INCLUDES="${APT_INCLUDES},wireless-tools,crda,wireless-regdb"
351 fi
352 else # Raspberry PI 1,1P,2 without Wifi and bluetooth onboard
353 # Check if the internal wireless interface is not supported by the RPi model
354 if [ "$ENABLE_WIRELESS" = true ] || [ "$ENABLE_BLUETOOTH" = true ]; then
355 echo "error: The selected Raspberry Pi model has no integrated interface for wireless or bluetooth"
236 356 exit 1
237 357 fi
358 fi
238 359
239 # Check if the internal wireless interface is supported by the RPi model
240 if [ "$ENABLE_WIRELESS" = true ] && [ "$RPI_MODEL" != 3 ] ; then
241 echo "error: The selected Raspberry Pi model has no internal wireless interface"
360 if [ "$BUILD_KERNEL" = false ] && [ "$ENABLE_NEXMON" = true ]; then
361 echo "error: You have to compile kernel sources, if you want to enable nexmon"
242 362 exit 1
243 363 fi
244 364
365 # Prepare date string for default image file name
366 DATE="$(date +%Y-%m-%d)"
367 if [ -z "$KERNEL_BRANCH" ] ; then
368 IMAGE_NAME=${IMAGE_NAME:=${BASEDIR}/${DATE}-${KERNEL_ARCH}-CURRENT-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}}
369 else
370 IMAGE_NAME=${IMAGE_NAME:=${BASEDIR}/${DATE}-${KERNEL_ARCH}-${KERNEL_BRANCH}-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}}
371 fi
372
245 373 # Check if DISABLE_UNDERVOLT_WARNINGS parameter value is supported
246 if [ ! -z "$DISABLE_UNDERVOLT_WARNINGS" ] ; then
374 if [ -n "$DISABLE_UNDERVOLT_WARNINGS" ] ; then
247 375 if [ "$DISABLE_UNDERVOLT_WARNINGS" != 1 ] && [ "$DISABLE_UNDERVOLT_WARNINGS" != 2 ] ; then
248 376 echo "error: DISABLE_UNDERVOLT_WARNINGS=${DISABLE_UNDERVOLT_WARNINGS} is not supported"
249 377 exit 1
250 378 fi
251 379 fi
252 380
253 # Build RPi2/3 Linux kernel if required by Debian release
254 if [ "$RELEASE" = "stretch" ] || [ "$RELEASE" = "buster" ] ; then
255 BUILD_KERNEL=true
381 # Add cmake to compile videocore sources
382 if [ "$ENABLE_VIDEOCORE" = true ] ; then
383 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} cmake"
256 384 fi
257 385
258 # Add packages required for kernel cross compilation
259 if [ "$BUILD_KERNEL" = true ] ; then
260 if [ "$KERNEL_ARCH" = "arm" ] ; then
261 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-armhf"
262 else
263 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-arm64"
264 fi
386 # Add deps for nexmon
387 if [ "$ENABLE_NEXMON" = true ] ; then
388 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} libgmp3-dev gawk qpdf bison flex make autoconf automake build-essential libtool"
265 389 fi
266 390
267 391 # Add libncurses5 to enable kernel menuconfig
268 392 if [ "$KERNEL_MENUCONFIG" = true ] ; then
269 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} libncurses5-dev"
393 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} libncurses-dev"
270 394 fi
271 395
272 # Stop the Crypto Wars
273 if [ "$DISABLE_FBI" = true ] ; then
274 ENABLE_CRYPTFS=true
396 # Add ccache compiler cache for (faster) kernel cross (re)compilation
397 if [ "$KERNEL_CCACHE" = true ] ; then
398 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} ccache"
275 399 fi
276 400
277 401 # Add cryptsetup package to enable filesystem encryption
278 402 if [ "$ENABLE_CRYPTFS" = true ] && [ "$BUILD_KERNEL" = true ] ; then
279 403 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} cryptsetup"
280 APT_INCLUDES="${APT_INCLUDES},cryptsetup"
404 APT_INCLUDES="${APT_INCLUDES},cryptsetup,busybox,console-setup"
405
406 # If cryptfs,dropbear and initramfs are enabled include dropbear-initramfs package
407 if [ "$CRYPTFS_DROPBEAR" = true ] && [ "$ENABLE_INITRAMFS" = true ]; then
408 APT_INCLUDES="${APT_INCLUDES},dropbear-initramfs"
409 fi
281 410
282 411 if [ -z "$CRYPTFS_PASSWORD" ] ; then
283 412 echo "error: no password defined (CRYPTFS_PASSWORD)!"
@@ -293,11 +422,18 fi
293 422
294 423 # Add device-tree-compiler required for building the U-Boot bootloader
295 424 if [ "$ENABLE_UBOOT" = true ] ; then
296 APT_INCLUDES="${APT_INCLUDES},device-tree-compiler"
425 APT_INCLUDES="${APT_INCLUDES},device-tree-compiler,bison,flex,bc"
426 fi
427
428 if [ "$ENABLE_USBBOOT" = true ] ; then
429 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 1P ] || [ "$RPI_MODEL" = 1 ] || [ "$RPI_MODEL" = 2 ]; then
430 echo "error: Booting from USB alone is only supported by Raspberry Pi 3 and 3P"
431 exit 1
432 fi
297 433 fi
298 434
299 435 # Check if root SSH (v2) public key file exists
300 if [ ! -z "$SSH_ROOT_PUB_KEY" ] ; then
436 if [ -n "$SSH_ROOT_PUB_KEY" ] ; then
301 437 if [ ! -f "$SSH_ROOT_PUB_KEY" ] ; then
302 438 echo "error: '$SSH_ROOT_PUB_KEY' specified SSH public key file not found (SSH_ROOT_PUB_KEY)!"
303 439 exit 1
@@ -305,16 +441,21 if [ ! -z "$SSH_ROOT_PUB_KEY" ] ; then
305 441 fi
306 442
307 443 # Check if $USER_NAME SSH (v2) public key file exists
308 if [ ! -z "$SSH_USER_PUB_KEY" ] ; then
444 if [ -n "$SSH_USER_PUB_KEY" ] ; then
309 445 if [ ! -f "$SSH_USER_PUB_KEY" ] ; then
310 446 echo "error: '$SSH_USER_PUB_KEY' specified SSH public key file not found (SSH_USER_PUB_KEY)!"
311 447 exit 1
312 448 fi
313 449 fi
314 450
451 if [ "$ENABLE_NEXMON" = true ] && [ -n "$KERNEL_BRANCH" ] ; then
452 echo "error: Please unset KERNEL_BRANCH if using ENABLE_NEXMON"
453 exit 1
454 fi
455
315 456 # Check if all required packages are installed on the build system
316 457 for package in $REQUIRED_PACKAGES ; do
317 if [ "`dpkg-query -W -f='${Status}' $package`" != "install ok installed" ] ; then
458 if [ "$(dpkg-query -W -f='${Status}' "$package")" != "install ok installed" ] ; then
318 459 MISSING_PACKAGES="${MISSING_PACKAGES} $package"
319 460 fi
320 461 done
@@ -324,12 +465,12 if [ -n "$MISSING_PACKAGES" ] ; then
324 465 echo "the following packages needed by this script are not installed:"
325 466 echo "$MISSING_PACKAGES"
326 467
327 echo -n "\ndo you want to install the missing packages right now? [y/n] "
328 read confirm
468 printf "\ndo you want to install the missing packages right now? [y/n] "
469 read -r confirm
329 470 [ "$confirm" != "y" ] && exit 1
330 471
331 472 # Make sure all missing required packages are installed
332 apt-get -qq -y install ${MISSING_PACKAGES}
473 apt-get -qq -y install `echo "${MISSING_PACKAGES}" | sed "s/ //"`
333 474 fi
334 475
335 476 # Check if ./bootstrap.d directory exists
@@ -356,12 +497,24 if [ -n "$UBOOTSRC_DIR" ] && [ ! -d "$UBOOTSRC_DIR" ] ; then
356 497 exit 1
357 498 fi
358 499
500 # Check if specified VIDEOCORESRC_DIR directory exists
501 if [ -n "$VIDEOCORESRC_DIR" ] && [ ! -d "$VIDEOCORESRC_DIR" ] ; then
502 echo "error: '${VIDEOCORESRC_DIR}' specified directory not found (VIDEOCORESRC_DIR)!"
503 exit 1
504 fi
505
359 506 # Check if specified FBTURBOSRC_DIR directory exists
360 507 if [ -n "$FBTURBOSRC_DIR" ] && [ ! -d "$FBTURBOSRC_DIR" ] ; then
361 508 echo "error: '${FBTURBOSRC_DIR}' specified directory not found (FBTURBOSRC_DIR)!"
362 509 exit 1
363 510 fi
364 511
512 # Check if specified NEXMONSRC_DIR directory exists
513 if [ -n "$NEXMONSRC_DIR" ] && [ ! -d "$NEXMONSRC_DIR" ] ; then
514 echo "error: '${NEXMONSRC_DIR}' specified directory not found (NEXMONSRC_DIR)!"
515 exit 1
516 fi
517
365 518 # Check if specified CHROOT_SCRIPTS directory exists
366 519 if [ -n "$CHROOT_SCRIPTS" ] && [ ! -d "$CHROOT_SCRIPTS" ] ; then
367 520 echo "error: ${CHROOT_SCRIPTS} specified directory not found (CHROOT_SCRIPTS)!"
@@ -384,7 +537,7 fi
384 537 mkdir -p "${R}"
385 538
386 539 # Check if build directory has enough of free disk space >512MB
387 if [ "$(df --output=avail ${BUILDDIR} | sed "1d")" -le "524288" ] ; then
540 if [ "$(df --output=avail "${BUILDDIR}" | sed "1d")" -le "524288" ] ; then
388 541 echo "error: ${BUILDDIR} not enough space left to generate the output image!"
389 542 exit 1
390 543 fi
@@ -399,16 +552,16 if [ "$ENABLE_MINBASE" = true ] ; then
399 552 APT_INCLUDES="${APT_INCLUDES},vim-tiny,netbase,net-tools,ifupdown"
400 553 fi
401 554
402 # Add required locales packages
403 if [ "$DEFLOCAL" != "en_US.UTF-8" ] ; then
404 APT_INCLUDES="${APT_INCLUDES},locales,keyboard-configuration,console-setup"
405 fi
406
407 555 # Add parted package, required to get partprobe utility
408 556 if [ "$EXPANDROOT" = true ] ; then
409 557 APT_INCLUDES="${APT_INCLUDES},parted"
410 558 fi
411 559
560 # Add dphys-swapfile package, required to enable swap
561 if [ "$ENABLE_DPHYSSWAP" = true ] ; then
562 APT_INCLUDES="${APT_INCLUDES},dphys-swapfile"
563 fi
564
412 565 # Add dbus package, recommended if using systemd
413 566 if [ "$ENABLE_DBUS" = true ] ; then
414 567 APT_INCLUDES="${APT_INCLUDES},dbus"
@@ -416,7 +569,11 fi
416 569
417 570 # Add iptables IPv4/IPv6 package
418 571 if [ "$ENABLE_IPTABLES" = true ] ; then
419 APT_INCLUDES="${APT_INCLUDES},iptables"
572 APT_INCLUDES="${APT_INCLUDES},iptables,iptables-persistent"
573 fi
574 # Add apparmor for KERNEL_SECURITY
575 if [ "$KERNEL_SECURITY" = true ] ; then
576 APT_INCLUDES="${APT_INCLUDES},apparmor,apparmor-utils,apparmor-profiles,apparmor-profiles-extra,libapparmor-perl"
420 577 fi
421 578
422 579 # Add openssh server package
@@ -462,12 +619,13 if [ "$ENABLE_REDUCE" = true ] ; then
462 619
463 620 # Add dropbear package instead of openssh-server
464 621 if [ "$REDUCE_SSHD" = true ] ; then
465 APT_INCLUDES="$(echo ${APT_INCLUDES} | sed "s/openssh-server/dropbear/")"
622 APT_INCLUDES="$(echo "${APT_INCLUDES}" | sed "s/openssh-server/dropbear/")"
466 623 fi
467 624 fi
468 625
469 if [ "$RELEASE" != "jessie" ] ; then
470 APT_INCLUDES="${APT_INCLUDES},libnss-systemd"
626 # Configure systemd-sysv exclude to make halt/reboot/shutdown scripts available
627 if [ "$ENABLE_SYSVINIT" = false ] ; then
628 APT_EXCLUDES="--exclude=${APT_EXCLUDES},init,systemd-sysv"
471 629 fi
472 630
473 631 # Configure kernel sources if no KERNELSRC_DIR
@@ -480,6 +638,16 if [ "$KERNEL_REDUCE" = true ] ; then
480 638 KERNELSRC_CONFIG=false
481 639 fi
482 640
641 # Configure qemu compatible kernel
642 if [ "$ENABLE_QEMU" = true ] ; then
643 DTB_FILE=vexpress-v2p-ca15_a7.dtb
644 UBOOT_CONFIG=vexpress_ca15_tc2_defconfig
645 KERNEL_DEFCONFIG="vexpress_defconfig"
646 if [ "$KERNEL_MENUCONFIG" = false ] ; then
647 KERNEL_OLDDEFCONFIG=true
648 fi
649 fi
650
483 651 # Execute bootstrap scripts
484 652 for SCRIPT in bootstrap.d/*.sh; do
485 653 head -n 3 "$SCRIPT"
@@ -509,11 +677,6 fi
509 677 # Remove c/c++ build environment from the chroot
510 678 chroot_remove_cc
511 679
512 # Remove apt-utils
513 if [ "$RELEASE" = "jessie" ] ; then
514 chroot_exec apt-get purge -qq -y --force-yes apt-utils
515 fi
516
517 680 # Generate required machine-id
518 681 MACHINE_ID=$(dbus-uuidgen)
519 682 echo -n "${MACHINE_ID}" > "${R}/var/lib/dbus/machine-id"
@@ -532,13 +695,17 umount -l "${R}/sys"
532 695 rm -rf "${R}/run/*"
533 696 rm -rf "${R}/tmp/*"
534 697
698 # Clean up APT proxy settings
699 if [ "$KEEP_APT_PROXY" = false ] ; then
700 rm -f "${ETC_DIR}/apt/apt.conf.d/10proxy"
701 fi
702
535 703 # Clean up files
536 704 rm -f "${ETC_DIR}/ssh/ssh_host_*"
537 705 rm -f "${ETC_DIR}/dropbear/dropbear_*"
538 706 rm -f "${ETC_DIR}/apt/sources.list.save"
539 707 rm -f "${ETC_DIR}/resolvconf/resolv.conf.d/original"
540 708 rm -f "${ETC_DIR}/*-"
541 rm -f "${ETC_DIR}/apt/apt.conf.d/10proxy"
542 709 rm -f "${ETC_DIR}/resolv.conf"
543 710 rm -f "${R}/root/.bash_history"
544 711 rm -f "${R}/var/lib/urandom/random-seed"
@@ -546,28 +713,76 rm -f "${R}/initrd.img"
546 713 rm -f "${R}/vmlinuz"
547 714 rm -f "${R}${QEMU_BINARY}"
548 715
716 if [ "$ENABLE_QEMU" = true ] ; then
717 # Setup QEMU directory
718 mkdir "${BASEDIR}/qemu"
719
720 # Copy kernel image to QEMU directory
721 install_readonly "${BOOT_DIR}/${KERNEL_IMAGE}" "${BASEDIR}/qemu/${KERNEL_IMAGE}"
722
723 # Copy kernel config to QEMU directory
724 install_readonly "${R}/boot/config-${KERNEL_VERSION}" "${BASEDIR}/qemu/config-${KERNEL_VERSION}"
725
726 # Copy kernel dtbs to QEMU directory
727 for dtb in "${BOOT_DIR}/"*.dtb ; do
728 if [ -f "${dtb}" ] ; then
729 install_readonly "${dtb}" "${BASEDIR}/qemu/"
730 fi
731 done
732
733 # Copy kernel overlays to QEMU directory
734 if [ -d "${BOOT_DIR}/overlays" ] ; then
735 # Setup overlays dtbs directory
736 mkdir "${BASEDIR}/qemu/overlays"
737
738 for dtb in "${BOOT_DIR}/overlays/"*.dtbo ; do
739 if [ -f "${dtb}" ] ; then
740 install_readonly "${dtb}" "${BASEDIR}/qemu/overlays/"
741 fi
742 done
743 fi
744
745 # Copy u-boot files to QEMU directory
746 if [ "$ENABLE_UBOOT" = true ] ; then
747 if [ -f "${BOOT_DIR}/u-boot.bin" ] ; then
748 install_readonly "${BOOT_DIR}/u-boot.bin" "${BASEDIR}/qemu/u-boot.bin"
749 fi
750 if [ -f "${BOOT_DIR}/uboot.mkimage" ] ; then
751 install_readonly "${BOOT_DIR}/uboot.mkimage" "${BASEDIR}/qemu/uboot.mkimage"
752 fi
753 if [ -f "${BOOT_DIR}/boot.scr" ] ; then
754 install_readonly "${BOOT_DIR}/boot.scr" "${BASEDIR}/qemu/boot.scr"
755 fi
756 fi
757
758 # Copy initramfs to QEMU directory
759 if [ -f "${BOOT_DIR}/initramfs-${KERNEL_VERSION}" ] ; then
760 install_readonly "${BOOT_DIR}/initramfs-${KERNEL_VERSION}" "${BASEDIR}/qemu/initramfs-${KERNEL_VERSION}"
761 fi
762 fi
763
549 764 # Calculate size of the chroot directory in KB
550 CHROOT_SIZE=$(expr `du -s "${R}" | awk '{ print $1 }'`)
765 CHROOT_SIZE=$(expr "$(du -s "${R}" | awk '{ print $1 }')")
551 766
552 767 # Calculate the amount of needed 512 Byte sectors
553 768 TABLE_SECTORS=$(expr 1 \* 1024 \* 1024 \/ 512)
554 769 FRMW_SECTORS=$(expr 64 \* 1024 \* 1024 \/ 512)
555 ROOT_OFFSET=$(expr ${TABLE_SECTORS} + ${FRMW_SECTORS})
770 ROOT_OFFSET=$(expr "${TABLE_SECTORS}" + "${FRMW_SECTORS}")
556 771
557 772 # The root partition is EXT4
558 773 # This means more space than the actual used space of the chroot is used.
559 774 # As overhead for journaling and reserved blocks 35% are added.
560 ROOT_SECTORS=$(expr $(expr ${CHROOT_SIZE} + ${CHROOT_SIZE} \/ 100 \* 35) \* 1024 \/ 512)
775 ROOT_SECTORS=$(expr "$(expr "${CHROOT_SIZE}" + "${CHROOT_SIZE}" \/ 100 \* 35)" \* 1024 \/ 512)
561 776
562 777 # Calculate required image size in 512 Byte sectors
563 IMAGE_SECTORS=$(expr ${TABLE_SECTORS} + ${FRMW_SECTORS} + ${ROOT_SECTORS})
778 IMAGE_SECTORS=$(expr "${TABLE_SECTORS}" + "${FRMW_SECTORS}" + "${ROOT_SECTORS}")
564 779
565 780 # Prepare image file
566 781 if [ "$ENABLE_SPLITFS" = true ] ; then
567 dd if=/dev/zero of="$IMAGE_NAME-frmw.img" bs=512 count=${TABLE_SECTORS}
568 dd if=/dev/zero of="$IMAGE_NAME-frmw.img" bs=512 count=0 seek=${FRMW_SECTORS}
569 dd if=/dev/zero of="$IMAGE_NAME-root.img" bs=512 count=${TABLE_SECTORS}
570 dd if=/dev/zero of="$IMAGE_NAME-root.img" bs=512 count=0 seek=${ROOT_SECTORS}
782 dd if=/dev/zero of="$IMAGE_NAME-frmw.img" bs=512 count="${TABLE_SECTORS}"
783 dd if=/dev/zero of="$IMAGE_NAME-frmw.img" bs=512 count=0 seek="${FRMW_SECTORS}"
784 dd if=/dev/zero of="$IMAGE_NAME-root.img" bs=512 count="${TABLE_SECTORS}"
785 dd if=/dev/zero of="$IMAGE_NAME-root.img" bs=512 count=0 seek="${ROOT_SECTORS}"
571 786
572 787 # Write firmware/boot partition tables
573 788 sfdisk -q -L -uS -f "$IMAGE_NAME-frmw.img" 2> /dev/null <<EOM
@@ -580,11 +795,11 ${TABLE_SECTORS},${ROOT_SECTORS},83
580 795 EOM
581 796
582 797 # Setup temporary loop devices
583 FRMW_LOOP="$(losetup -o 1M --sizelimit 64M -f --show $IMAGE_NAME-frmw.img)"
584 ROOT_LOOP="$(losetup -o 1M -f --show $IMAGE_NAME-root.img)"
798 FRMW_LOOP="$(losetup -o 1M --sizelimit 64M -f --show "$IMAGE_NAME"-frmw.img)"
799 ROOT_LOOP="$(losetup -o 1M -f --show "$IMAGE_NAME"-root.img)"
585 800 else # ENABLE_SPLITFS=false
586 dd if=/dev/zero of="$IMAGE_NAME.img" bs=512 count=${TABLE_SECTORS}
587 dd if=/dev/zero of="$IMAGE_NAME.img" bs=512 count=0 seek=${IMAGE_SECTORS}
801 dd if=/dev/zero of="$IMAGE_NAME.img" bs=512 count="${TABLE_SECTORS}"
802 dd if=/dev/zero of="$IMAGE_NAME.img" bs=512 count=0 seek="${IMAGE_SECTORS}"
588 803
589 804 # Write partition table
590 805 sfdisk -q -L -uS -f "$IMAGE_NAME.img" 2> /dev/null <<EOM
@@ -593,8 +808,8 ${ROOT_OFFSET},${ROOT_SECTORS},83
593 808 EOM
594 809
595 810 # Setup temporary loop devices
596 FRMW_LOOP="$(losetup -o 1M --sizelimit 64M -f --show $IMAGE_NAME.img)"
597 ROOT_LOOP="$(losetup -o 65M -f --show $IMAGE_NAME.img)"
811 FRMW_LOOP="$(losetup -o 1M --sizelimit 64M -f --show "$IMAGE_NAME".img)"
812 ROOT_LOOP="$(losetup -o 65M -f --show "$IMAGE_NAME".img)"
598 813 fi
599 814
600 815 if [ "$ENABLE_CRYPTFS" = true ] ; then
@@ -619,7 +834,7 if [ "$ENABLE_CRYPTFS" = true ] ; then
619 834 ROOT_LOOP="/dev/mapper/${CRYPTFS_MAPPING}"
620 835
621 836 # Wipe encrypted partition (encryption cipher is used for randomness)
622 dd if=/dev/zero of="${ROOT_LOOP}" bs=512 count=$(blockdev --getsz "${ROOT_LOOP}")
837 dd if=/dev/zero of="${ROOT_LOOP}" bs=512 count="$(blockdev --getsz "${ROOT_LOOP}")"
623 838 fi
624 839
625 840 # Build filesystems
@@ -646,12 +861,23 if [ "$ENABLE_SPLITFS" = true ] ; then
646 861 bmaptool create -o "$IMAGE_NAME-root.bmap" "$IMAGE_NAME-root.img"
647 862
648 863 # Image was successfully created
649 echo "$IMAGE_NAME-frmw.img ($(expr \( ${TABLE_SECTORS} + ${FRMW_SECTORS} \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
650 echo "$IMAGE_NAME-root.img ($(expr \( ${TABLE_SECTORS} + ${ROOT_SECTORS} \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
864 echo "$IMAGE_NAME-frmw.img ($(expr \( "${TABLE_SECTORS}" + "${FRMW_SECTORS}" \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
865 echo "$IMAGE_NAME-root.img ($(expr \( "${TABLE_SECTORS}" + "${ROOT_SECTORS}" \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
651 866 else
652 867 # Create block map file for "bmaptool"
653 868 bmaptool create -o "$IMAGE_NAME.bmap" "$IMAGE_NAME.img"
654 869
655 870 # Image was successfully created
656 echo "$IMAGE_NAME.img ($(expr \( ${TABLE_SECTORS} + ${FRMW_SECTORS} + ${ROOT_SECTORS} \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
871 echo "$IMAGE_NAME.img ($(expr \( "${TABLE_SECTORS}" + "${FRMW_SECTORS}" + "${ROOT_SECTORS}" \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
872
873 # Create qemu qcow2 image
874 if [ "$ENABLE_QEMU" = true ] ; then
875 QEMU_IMAGE=${QEMU_IMAGE:=${BASEDIR}/qemu/${DATE}-${KERNEL_ARCH}-CURRENT-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}}
876 QEMU_SIZE=16G
877
878 qemu-img convert -f raw -O qcow2 "$IMAGE_NAME".img "$QEMU_IMAGE".qcow2
879 qemu-img resize "$QEMU_IMAGE".qcow2 $QEMU_SIZE
880
881 echo "$QEMU_IMAGE.qcow2 ($QEMU_SIZE)" ": successfully created"
882 fi
657 883 fi
Show file before | Show file after | Hide comments
@@ -1,3 +1,4
1
1 2 Configuration file raspife2 Stretch IFÉ 2017/02/24
2 3 #
3 4 APT_SERVER=ftp.fr.debian.org
@@ -77,4 +78,104
77 78 #-------------------------
78 79 BASEDIR=/media/********/images/${RELEASE}
79 80 DATE=date
80 +%Y-%m-%d IMAGE_NAME=${BASEDIR}/${DATE}-rpi${RPI_MODEL}-${RELEASE}
81 +%Y-%m-%d
82 IMAGE_NAME=${BASEDIR}/${DATE}-rpi${RPI_MODEL}-${RELEASE}
83 =======
84 # Configuration file raspi2 Stretch IFÉ 2017/12/28
85 #
86 APT_SERVER=debian.mirrors.ovh.net
87 APT_INCLUDES=""
88 APT_INCLUDES_LATE="gnupg,firmware-linux-nonfree,firmware-linux,dh-autoreconf,\
89 gettext,build-essential,git,cmake,libjson-c-dev,unzip,usbutils,\
90 bison,libboost-all-dev,automake,autoconf,autogen,libtool,libtool-bin,\
91 pkg-config,checkinstall,menulibre,libnotify-bin,pandoc,\
92 python3,python3-dev,python3-pypandoc,python3-scipy,python3-tk,python3-pandocfilters,\
93 python3-geopy,python3-pip,\
94 python,python-dev,python-pypandoc,python-scipy,python-tk,python-pandocfilters,\
95 python-geopy,python-pip,python-tk,pandoc,\
96 python-configobj,python-cheetah,python-imaging,python-serial,python-usb,\
97 pcre2-utils,libpcre++-dev,libpcre2-dev,libjpeg-dev,i2c-tools,python-smbus,policykit-1,\
98 pmount,ntpdate,ntp,rsync,\
99 texlive,texlive-xetex,nginx-extras,ffmpeg,wicd,wicd-gtk,console-data,keyboard-configuration,\
100 libqtwebkit-dev,libqt5webkit5-dev,\
101 libudev-dev,libzzip-dev,zlib1g-dev,libcanberra-gtk-module,libnss-myhostname,libfreetype6-dev,libpng16-16,\
102 nmap,libltdl-dev,dbus-user-session,debian-archive-keyring,\
103 xutils-dev,lxsession,openbox-lxde-session,lxde,x11proto-randr-dev,lxrandr,\
104 tightvncserver,geany,geany-plugin-py,firefox-esr,firefox-esr-l10n-fr,jed,terminator,automake"
105 #ca-certificates-java,icedtea-plugin,icedtea-netx,\
106 #openjdk-8-jdk,openjdk-8-jre,openjdk-8-jre-headless,\
107 #openjdk-9-jdk,openjdk-9-jre,openjdk-9-jre-headless"
108 #----------------------
109 RPI_MODEL=2
110 RELEASE="stretch"
111 RELEASE_ARCH="armhf"
112 HOSTNAME="raspife2"
113 PASSWORD="*****"
114 USER_PASSWORD="*****"
115 DEFLOCAL="fr_FR.UTF-8"
116 TIMEZONE="Europe/Paris"
117 EXPANDROOT=false
118 #-----------------------
119 XKB_MODEL="pc105"
120 XKB_LAYOUT="fr"
121 XKB_VARIANT="latin9"
122 XKB_OPTIONS=""
123 #------------------------
124 ENABLE_DHCP=true
125 #------------------------
126 ENABLE_CONSOLE=false
127 ENABLE_I2C=true
128 ENABLE_SPI=true
129 ENABLE_IPV6=true
130 ENABLE_SSHD=true
131 ENABLE_NONFREE=true
132 ENABLE_WIRELESS=false
133 ENABLE_RSYSLOG=true
134 ENABLE_SOUND=true
135 ENABLE_HWRANDOM=true
136 ENABLE_MINGPU=true
137 ENABLE_DBUS=true
138 ENABLE_XORG=true
139 ENABLE_WM="lxdm"
140 #------------------------
141 ENABLE_MINBASE=false
142 ENABLE_REDUCE=false
143 ENABLE_UBOOT=false
144 ENABLE_FBTURBO=true
145 ENABLE_IPTABLES=false
146 ENABLE_USER=true
147 USER_NAME=ens-ife
148 ENABLE_ROOT=true
149 ENABLE_HARDNET=true
150 ENABLE_INITRAMFS=true
151 ENABLE_IFNAMES=true
152 #------------------------
153 ENABLE_ROOT_SSH=false
154 SSH_LIMIT_USERS=false
155 SSH_ROOT_PUB_KEY="/home/*****/.ssh/id_rsa.pub"
156 SSH_USER_PUB_KEY="/home/*****/.ssh/id_rsa.pub"
157 #------------------------
158 BUILD_KERNEL=true
159 KERNEL_BRANCH=rpi-4.13.y
160 KERNEL_REDUCE=false
161 KERNEL_HEADERS=true
162 KERNEL_REMOVESRC=true
163 KERNELSRC_CLEAN=true
164 KERNELSRC_CONFIG=true
165 #------------------------
166 REDUCE_APT=false
167 REDUCE_DOC=true
168 REDUCE_MAN=false
169 REDUCE_HWDB=true
170 REDUCE_BASH=false
171 REDUCE_SSHD=false
172 REDUCE_LOCALE=false
173 #-------------------------
174 ENABLE_CRYPTFS=false
175 #-------------------------
176 BASEDIR=/data/RpiGenImage/Images/${RELEASE}
177 #BASEDIR=/media/*******/*********/Nano-Ordinateurs/RaspberryPi/RpiGenImage/Images/${RELEASE}
178 DATE=`date +%Y-%m-%d`
179 IMAGE_NAME=${BASEDIR}/${DATE}-rpi${RPI_MODEL}-${RELEASE}
180
181
Show file before | Show file after | Hide comments
@@ -1,4 +1,6
1
1 2 # Configuration file raspi3 Buster IFÉ 2017/11/01
3
2 4 #
3 5 APT_SERVER=debian.mirrors.ovh.net
4 6 APT_INCLUDES=""
Show file before | Show file after | Hide comments
@@ -1,3 +1,4
1
1 2 # Configuration file raspi3 Stretch IFÉ 2017/07/26
2 3 #
3 4 APT_SERVER=ftp.fr.debian.org
@@ -23,7 +24,7 RPI_MODEL=3
23 24 RELEASE="stretch"
24 25 HOSTNAME="raspife3"
25 26 PASSWORD="**************"
26 USER_PASSWORD="***************"
27 USER_PASSWORD="***************
27 28 DEFLOCAL="fr_FR.UTF-8"
28 29 TIMEZONE="Europe/Paris"
29 30 EXPANDROOT=false
@@ -63,7 +64,7 ENABLE_INITRAMFS=true
63 64 ENABLE_IFNAMES=true
64 65 #------------------------
65 66 ENABLE_ROOT_SSH=false
66 SSH_LIMIT_USERS=false
67 SSH_LIMIT_USERS=fal
67 68 SSH_ROOT_PUB_KEY="/home/*******/.ssh/authorized_keys"
68 69 SSH_USER_PUB_KEY="/home/*******/.ssh/authorized_keys"
69 70 #------------------------
Show file before | Show file after | Hide comments
@@ -1,3 +1,4
1
1 2 # Configuration file raspi3 Stretch Weewx IFÉ 2017/07/26
2 3 #
3 4 APT_SERVER=ftp.fr.debian.org
@@ -18,6 +19,7 RELEASE="stretch"
18 19 HOSTNAME="raspwife3"
19 20 PASSWORD="************"
20 21 USER_PASSWORD="************"
22
21 23 DEFLOCAL="fr_FR.UTF-8"
22 24 TIMEZONE="Europe/Paris"
23 25 EXPANDROOT=false
Show file before | Show file after | Hide comments
@@ -1,4 +1,4
1 1 # Configuration template file used by rpi23-gen-image.sh
2 2 RPI_MODEL=3
3 RELEASE=jessie
3 RELEASE=buster
4 4 BUILD_KERNEL=true
Show file before | Show file after | Hide comments
@@ -1,3 +1,4
1 1 # Configuration template file used by rpi23-gen-image.sh
2 RPI_MODEL=2
2 3 RELEASE=stretch
3 4 BUILD_KERNEL=true
Show file before | Show file after | Hide comments
@@ -11,5 +11,5 QEMU_BINARY=/usr/bin/qemu-aarch64-static
11 11 KERNEL_DEFCONFIG=bcmrpi3_defconfig
12 12 KERNEL_BIN_IMAGE=Image
13 13 KERNEL_IMAGE=kernel8.img
14 KERNEL_BRANCH=rpi-4.11.y
14 KERNEL_BRANCH=rpi-4.14.y
15 15 ENABLE_WIRELESS=true
Show file before | Show file after | Hide comments
@@ -2,3 +2,5
2 2 RPI_MODEL=3
3 3 RELEASE=buster
4 4 BUILD_KERNEL=true
5 # ENABLE_WIRELESS=false
6 # ENABLE_BLUETOOTH=false
Show file before | Show file after | Hide comments
@@ -2,3 +2,5
2 2 RPI_MODEL=3
3 3 RELEASE=stretch
4 4 BUILD_KERNEL=true
5 # ENABLE_WIRELESS=false
6 # ENABLE_BLUETOOTH=false
Show file before | Show file after | Hide comments
1 NO CONTENT: file was removed
Show file before | Show file after | Hide comments
1 NO CONTENT: file was removed
General Comments 0
Vous devez vous connecter pour laisser un commentaire. Se connecter maintenant