| @@ -16,6 +16,7 ENABLE_UBOOT=true ./rpi2-gen-image.sh | |||
|
|
16 | 16 | ENABLE_CONSOLE=false ENABLE_IPV6=false ./rpi2-gen-image.sh |
|
|
17 | 17 | ENABLE_HARDNET=true ENABLE_IPTABLES=true /rpi2-gen-image.sh |
|
|
18 | 18 | APT_SERVER=ftp.de.debian.org APT_PROXY="http://127.0.0.1:3142/" ./rpi2-gen-image.sh |
|
|
19 | ENABLE_MINBASE=true ./rpi2-gen-image.sh | |
|
|
19 | 20 | ``` |
|
|
20 | 21 | |
|
|
21 | 22 | #### APT settings: |
| @@ -27,54 +28,57 Set Proxy server address. Using a local Proxy-Cache like `apt-cacher-ng` will sp | |||
|
|
27 | 28 | |
|
|
28 | 29 | #### General system settings: |
|
|
29 | 30 | ##### `HOSTNAME`="rpi2-jessie" |
|
|
30 |
Set system host name. It |
|
|
|
31 | Set system host name. It's recommended that the host name is unique in the corresponding subnet. | |
|
|
31 | 32 | |
|
|
32 | 33 |
|
|
|
33 |
Set system root password. |
|
|
|
34 | Set system `root` password. The same password is used for the created user `pi`. It's **STRONGLY** recommended that you choose a custom password. | |
|
|
34 | 35 | |
|
|
35 | 36 | ##### `DEFLOCAL`="en_US.UTF-8" |
|
|
36 | Set default system locale and keyboard layout. This setting can also be changed inside the running OS using the `dpkg-reconfigure locales` command. | |
|
|
37 | Set default system locale and keyboard layout. This setting can also be changed inside the running OS using the `dpkg-reconfigure locales` command. The script variant `minbase` (ENABLE_MINBASE=true) doesn't install `locales`. | |
|
|
37 | 38 | |
|
|
38 | 39 |
|
|
|
39 | 40 | Set default system timezone. All available timezones can be found in the `/usr/share/zoneinfo/` directory. This setting can also be changed inside the running OS using the `dpkg-reconfigure tzdata` command. |
|
|
40 | 41 | |
|
|
41 | 42 |
|
|
|
42 | 43 |
|
|
|
43 | Enable console output | |
|
|
44 | Enable serial console interface. Recommended if no monitor or keyboard is connected to the RPi2. In case of problems fe. if the network (auto) configuration failed - the serial console can be used to access the system. | |
|
|
44 | 45 | |
|
|
45 | 46 |
|
|
|
46 | Enable IPv6 support | |
|
|
47 | Enable IPv6 support. The network interface configuration is managed via systemd-networkd. | |
|
|
47 | 48 | |
|
|
48 | 49 |
|
|
|
49 | Install and enable OpenSSH service | |
|
|
50 | Install and enable OpenSSH service. The default configuration of the service doesn't allow `root` to login. Please use the user `pi` instead and `su -` or `sudo` to execute commands as root. | |
|
|
50 | 51 | |
|
|
51 | 52 | ##### `ENABLE_SOUND`=true |
|
|
52 | Enable sound hardware and install Advanced Linux Sound Architecture | |
|
|
53 | Enable sound hardware and install Advanced Linux Sound Architecture. | |
|
|
53 | 54 | |
|
|
54 | 55 | ##### `ENABLE_HWRANDOM`=true |
|
|
55 | Enable Hardware Random Number Generator | |
|
|
56 | Enable Hardware Random Number Generator. Strong random numbers are important for most network based communications that use encryption. It's recommended to be enabled. | |
|
|
56 | 57 | |
|
|
57 | 58 |
|
|
|
58 |
Minimize the |
|
|
|
59 | Minimize the amount of shared memory reserverd for the GPU. It doesn't seem to be possible to fully disable the GPU. | |
|
|
59 | 60 | |
|
|
60 | 61 | ##### `ENABLE_DBUS`=true |
|
|
61 | Install and enable D-Bus message bus | |
|
|
62 | Install and enable D-Bus message bus. Please note that systemd should work without D-bus but it's recommended to be enabled. | |
|
|
62 | 63 | |
|
|
63 | 64 |
|
|
|
64 | Install Xorg open-source X Window System | |
|
|
65 | Install Xorg open-source X Window System. | |
|
|
65 | 66 | |
|
|
66 | 67 |
|
|
|
67 | Install Fluxbox window manager for the X Window System | |
|
|
68 | Install Fluxbox window manager for the X Window System. | |
|
|
68 | 69 | |
|
|
69 | 70 |
|
|
|
71 | ##### `ENABLE_MINBASE`=false | |
|
|
72 | Use debootstrap script variant `minbase` which only includes essential packages and apt. This will reduce the disk usage by about 65 MB. | |
|
|
73 | ||
|
|
70 | 74 |
|
|
|
71 | Replace default RPi bootloader with U-Boot bootloader | |
|
|
75 | Replace default RPi bootloader with U-Boot bootloader. U-Boot can boot images via the network using the BOOTP/TFTP protocol. | |
|
|
72 | 76 | |
|
|
73 | 77 |
|
|
|
74 | Enable iptables IPv4/IPv6 firewall | |
|
|
78 | Enable iptables IPv4/IPv6 firewall. Simplified ruleset: Allow all outgoing connections. Block all incoming connections except to OpenSSH service. | |
|
|
75 | 79 | |
|
|
76 | 80 |
|
|
|
77 | Enable IPv4/IPv6 network stack hardening settings | |
|
|
81 | Enable IPv4/IPv6 network stack hardening settings. | |
|
|
78 | 82 | |
|
|
79 | 83 |
|
|
|
80 | 84 | All information related to the bootstrapping process and the commands executed by the `rpi2-gen-image.sh` script can easily be saved into a logfile. The common shell command `script` can be used for this purpose: |
| @@ -60,6 +60,7 ENABLE_XORG=${ENABLE_XORG:=false} | |||
|
|
60 | 60 | ENABLE_FLUXBOX=${ENABLE_FLUXBOX:=false} |
|
|
61 | 61 | |
|
|
62 | 62 | # Advanced settings |
|
|
63 | ENABLE_MINBASE=${ENABLE_MINBASE:=false} | |
|
|
63 | 64 | ENABLE_UBOOT=${ENABLE_UBOOT:=false} |
|
|
64 | 65 | ENABLE_HARDNET=${ENABLE_HARDNET:=false} |
|
|
65 | 66 | ENABLE_IPTABLES=${ENABLE_IPTABLES:=false} |
| @@ -74,7 +75,7 REQUIRED_PACKAGES="debootstrap debian-archive-keyring qemu-user-static dosfstool | |||
|
|
74 | 75 | MISSING_PACKAGES="" |
|
|
75 | 76 | |
|
|
76 | 77 | # Packages required in the chroot build enviroment |
|
|
77 |
APT_INCLUDES="apt-transport-https,ca-certificates,debian-archive-keyring,dialog, |
|
|
|
78 | APT_INCLUDES="apt-transport-https,ca-certificates,debian-archive-keyring,dialog,sudo" | |
|
|
78 | 79 | |
|
|
79 | 80 | set +x |
|
|
80 | 81 | |
| @@ -120,6 +121,13 trap cleanup 0 1 2 3 6 | |||
|
|
120 | 121 | # Set up chroot directory |
|
|
121 | 122 | mkdir -p $R |
|
|
122 | 123 | |
|
|
124 | # Add required packages for the minbase installation | |
|
|
125 | if [ "$ENABLE_MINBASE" = true ] ; then | |
|
|
126 | APT_INCLUDES="${APT_INCLUDES},vim-tiny,net-tools" | |
|
|
127 | else | |
|
|
128 | APT_INCLUDES="${APT_INCLUDES},locales" | |
|
|
129 | fi | |
|
|
130 | ||
|
|
123 | 131 | # Add dbus package, recommended if using systemd |
|
|
124 | 132 | if [ "$ENABLE_DBUS" = true ] ; then |
|
|
125 | 133 | APT_INCLUDES="${APT_INCLUDES},dbus" |
| @@ -145,12 +153,19 if [ "$ENABLE_FLUXBOX" = true ] ; then | |||
|
|
145 | 153 | APT_INCLUDES="${APT_INCLUDES},fluxbox,eterm" |
|
|
146 | 154 | fi |
|
|
147 | 155 | |
|
|
156 | # Set empty proxy string | |
|
|
148 | 157 | if [ -z "$APT_PROXY" ] ; then |
|
|
149 | 158 | APT_PROXY="http://" |
|
|
150 | 159 | fi |
|
|
151 | 160 | |
|
|
152 | 161 | # Base debootstrap (unpack only) |
|
|
153 | debootstrap --arch=armhf --foreign --include=${APT_INCLUDES} $RELEASE $R ${APT_PROXY}${APT_SERVER}/debian | |
|
|
162 | if [ "$ENABLE_MINBASE" = true ] ; then | |
|
|
163 | debootstrap --arch=armhf --variant=minbase --foreign --include=${APT_INCLUDES} $RELEASE $R ${APT_PROXY}${APT_SERVER}/debian | |
|
|
164 | else | |
|
|
165 | debootstrap --arch=armhf --foreign --include=${APT_INCLUDES} $RELEASE $R ${APT_PROXY}${APT_SERVER}/debian | |
|
|
166 | fi | |
|
|
167 | ||
|
|
168 | # Copy qemu emulator binary to chroot | |
|
|
154 | 169 | cp /usr/bin/qemu-arm-static $R/usr/bin |
|
|
155 | 170 | |
|
|
156 | 171 | # Copy debian-archive-keyring.pgp |
| @@ -182,8 +197,10 echo ${TIMEZONE} >$R/etc/timezone | |||
|
|
182 | 197 | LANG=C chroot $R dpkg-reconfigure -f noninteractive tzdata |
|
|
183 | 198 | |
|
|
184 | 199 | # Set up default locales to "en_US.UTF-8" default |
|
|
185 | LANG=C chroot $R sed -i '/${DEFLOCAL}/s/^#//' /etc/locale.gen | |
|
|
186 |
LANG=C chroot $R |
|
|
|
200 | if [ "$ENABLE_MINBASE" = false ] ; then | |
|
|
201 | LANG=C chroot $R sed -i '/${DEFLOCAL}/s/^#//' /etc/locale.gen | |
|
|
202 | LANG=C chroot $R locale-gen ${DEFLOCAL} | |
|
|
203 | fi | |
|
|
187 | 204 | |
|
|
188 | 205 | # Upgrade collabora package index and install collabora keyring |
|
|
189 | 206 | echo "deb https://repositories.collabora.co.uk/debian ${RELEASE} rpi2" >$R/etc/apt/sources.list |
| @@ -679,9 +696,26 EOM | |||
|
|
679 | 696 | LANG=C chroot $R mkimage -A arm -O linux -T script -C none -a 0x00000000 -e 0x00000000 -n "RPi2 Boot Script" -d /boot/firmware/uboot.mkimage /boot/firmware/boot.scr |
|
|
680 | 697 | |
|
|
681 | 698 | # Remove gcc/c++ build enviroment |
|
|
682 |
LANG=C chroot $R apt-get purge - |
|
|
|
699 | LANG=C chroot $R apt-get -y -q purge --auto-remove bc binutils cpp cpp-4.9 g++ g++-4.9 gcc gcc-4.9 libasan1 libatomic1 libc-dev-bin libc6-dev libcloog-isl4 libgcc-4.9-dev libgomp1 libisl10 libmpc3 libmpfr4 libstdc++-4.9-dev libubsan0 linux-compiler-gcc-4.9-arm linux-libc-dev make | |
|
|
683 | 700 | fi |
|
|
684 | 701 | |
|
|
702 | # Enable systemd-networkd DHCP configuration for the eth0 interface | |
|
|
703 | printf "[Match]\nName=eth0\n\n[Network]\nDHCP=yes\n" > $R/etc/systemd/network/eth.network | |
|
|
704 | ||
|
|
705 | # Set DHCP configuration to IPv4 only | |
|
|
706 | if [ "$ENABLE_IPV6" = false ] ; then | |
|
|
707 | sed -i "s/=yes/=v4/" $R/etc/systemd/network/eth.network | |
|
|
708 | fi | |
|
|
709 | ||
|
|
710 | # Enable systemd-networkd service | |
|
|
711 | LANG=C chroot $R systemctl enable systemd-networkd | |
|
|
712 | ||
|
|
713 | # Place hint about netowrk configuration | |
|
|
714 | cat <<EOM >$R/etc/network/interfaces | |
|
|
715 | # Debian switched to systemd-networkd configuration files. | |
|
|
716 | # please configure your networks in '/etc/systemd/network/' | |
|
|
717 | EOM | |
|
|
718 | ||
|
|
685 | 719 | # Clean cached downloads |
|
|
686 | 720 | LANG=C chroot $R apt-get -y clean |
|
|
687 | 721 | LANG=C chroot $R apt-get -y autoclean |
General Comments 0
Vous devez vous connecter pour laisser un commentaire.
Se connecter maintenant
