##// END OF EJS Templates
comment-cleanup, net-cleanup, size-calc-fix, split-more, menuconfig
Jan Wagner -
r71:b855bcffebe1
parent child
Show More
@@ -0,0 +1,5
1 # bcm2708_rng
2 # snd_bcm2835
3 # i2c-bcm2708
4 # i2c-dev
5 # rtc-ds1307
@@ -166,6 +166,9 Number of parallel kernel building threads. If the parameter is left untouched t
166 ##### `KERNEL_HEADERS`=true
166 ##### `KERNEL_HEADERS`=true
167 Install kernel headers with built kernel.
167 Install kernel headers with built kernel.
168
168
169 ##### `KERNEL_MENUCONFIG`=false
170 Start `make menuconfig` interactive menu-driven kernel configuration. The script will continue after `make menuconfig` was terminated.
171
169 ##### `KERNEL_RMSRC`=true
172 ##### `KERNEL_RMSRC`=true
170 Remove all kernel sources from the generated OS image after building.
173 Remove all kernel sources from the generated OS image after building.
171
174
@@ -182,7 +185,7 The functions of this script that are required for the different stages of the b
182 | `21-firewall.sh` | Setup Firewall |
185 | `21-firewall.sh` | Setup Firewall |
183 | `30-security.sh` | Setup Users and Security settings |
186 | `30-security.sh` | Setup Users and Security settings |
184 | `31-logging.sh` | Setup Logging |
187 | `31-logging.sh` | Setup Logging |
185 | `41-uboot.sh` | Build and Setup Uboot |
188 | `41-uboot.sh` | Build and Setup U-Boot |
186 | `42-fbturbo.sh` | Build and Setup fbturbo Xorg driver |
189 | `42-fbturbo.sh` | Build and Setup fbturbo Xorg driver |
187 | `50-firstboot.sh` | First boot actions |
190 | `50-firstboot.sh` | First boot actions |
188
191
@@ -194,7 +197,7 All the required configuration files that will be copied to the generated OS ima
194 | `firstboot` | Scripts that get executed on first boot |
197 | `firstboot` | Scripts that get executed on first boot |
195 | `iptables` | Firewall configuration files |
198 | `iptables` | Firewall configuration files |
196 | `locales` | Locales configuration |
199 | `locales` | Locales configuration |
197 | `modprobe.d` | Kernel Module Blacklist configuration |
200 | `modules` | Kernel Modules configuration |
198 | `mount` | Fstab configuration |
201 | `mount` | Fstab configuration |
199 | `network` | Networking configuration files |
202 | `network` | Networking configuration files |
200 | `sysctl.d` | Swapping and Network Hardening configuration |
203 | `sysctl.d` | Swapping and Network Hardening configuration |
@@ -7,13 +7,13
7
7
8 # Base debootstrap (unpack only)
8 # Base debootstrap (unpack only)
9 if [ "$ENABLE_MINBASE" = true ] ; then
9 if [ "$ENABLE_MINBASE" = true ] ; then
10 http_proxy=${APT_PROXY} debootstrap --arch=armhf --variant=minbase --foreign --include=${APT_INCLUDES} $RELEASE $R http://${APT_SERVER}/debian
10 http_proxy=${APT_PROXY} debootstrap --arch=${RELEASE_ARCH} --variant=minbase --foreign --include=${APT_INCLUDES} ${RELEASE} $R http://${APT_SERVER}/debian
11 else
11 else
12 http_proxy=${APT_PROXY} debootstrap --arch=armhf --foreign --include=${APT_INCLUDES} $RELEASE $R http://${APT_SERVER}/debian
12 http_proxy=${APT_PROXY} debootstrap --arch=${RELEASE_ARCH} --foreign --include=${APT_INCLUDES} ${RELEASE} $R http://${APT_SERVER}/debian
13 fi
13 fi
14
14
15 # Copy qemu emulator binary to chroot
15 # Copy qemu emulator binary to chroot
16 cp /usr/bin/qemu-arm-static $R/usr/bin
16 cp ${QEMU_BINARY} $R/usr/bin
17
17
18 # Copy debian-archive-keyring.pgp
18 # Copy debian-archive-keyring.pgp
19 mkdir -p $R/usr/share/keyrings
19 mkdir -p $R/usr/share/keyrings
@@ -5,13 +5,13
5 # Load utility functions
5 # Load utility functions
6 . ./functions.sh
6 . ./functions.sh
7
7
8 # Use proxy inside chroot
8 # Install and setup APT proxy configuration
9 if [ -z "$APT_PROXY" ] ; then
9 if [ -z "$APT_PROXY" ] ; then
10 install_readonly files/apt/10proxy $R/etc/apt/apt.conf.d/10proxy
10 install_readonly files/apt/10proxy $R/etc/apt/apt.conf.d/10proxy
11 sed -i "s/\"\"/\"${APT_PROXY}\"/" $R/etc/apt/apt.conf.d/10proxy
11 sed -i "s/\"\"/\"${APT_PROXY}\"/" $R/etc/apt/apt.conf.d/10proxy
12 fi
12 fi
13
13
14 # Pin package flash-kernel to repositories.collabora.co.uk
14 # Install APT pinning configuration for flash-kernel package
15 install_readonly files/apt/flash-kernel $R/etc/apt/preferences.d/flash-kernel
15 install_readonly files/apt/flash-kernel $R/etc/apt/preferences.d/flash-kernel
16
16
17 # Upgrade collabora package index and install collabora keyring
17 # Upgrade collabora package index and install collabora keyring
@@ -19,7 +19,7 echo "deb https://repositories.collabora.co.uk/debian ${RELEASE} rpi2" >$R/etc/a
19 chroot_exec apt-get -qq -y update
19 chroot_exec apt-get -qq -y update
20 chroot_exec apt-get -qq -y --force-yes install collabora-obs-archive-keyring
20 chroot_exec apt-get -qq -y --force-yes install collabora-obs-archive-keyring
21
21
22 # Set up initial sources.list
22 # Install APT sources.list
23 install_readonly files/apt/sources.list $R/etc/apt/sources.list
23 install_readonly files/apt/sources.list $R/etc/apt/sources.list
24 sed -i "s/\/ftp.debian.org\//\/${APT_SERVER}\//" $R/etc/apt/sources.list
24 sed -i "s/\/ftp.debian.org\//\/${APT_SERVER}\//" $R/etc/apt/sources.list
25 sed -i "s/ jessie/ ${RELEASE}/" $R/etc/apt/sources.list
25 sed -i "s/ jessie/ ${RELEASE}/" $R/etc/apt/sources.list
@@ -5,11 +5,11
5 # Load utility functions
5 # Load utility functions
6 . ./functions.sh
6 . ./functions.sh
7
7
8 # Set up timezone
8 # Install and setup timezone
9 echo ${TIMEZONE} >$R/etc/timezone
9 echo ${TIMEZONE} >$R/etc/timezone
10 chroot_exec dpkg-reconfigure -f noninteractive tzdata
10 chroot_exec dpkg-reconfigure -f noninteractive tzdata
11
11
12 # Set up default locale and keyboard configuration
12 # Install and setup default locale and keyboard configuration
13 if [ "$ENABLE_MINBASE" = false ] ; then
13 if [ "$ENABLE_MINBASE" = false ] ; then
14 # Set locale choice in debconf db, even though dpkg-reconfigure ignores and overwrites them due to some bug
14 # Set locale choice in debconf db, even though dpkg-reconfigure ignores and overwrites them due to some bug
15 # https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=684134 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=685957
15 # https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=684134 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=685957
@@ -27,7 +27,7 if [ "$ENABLE_MINBASE" = false ] ; then
27 chroot_exec locale-gen
27 chroot_exec locale-gen
28 chroot_exec update-locale LANG=${DEFLOCAL}
28 chroot_exec update-locale LANG=${DEFLOCAL}
29
29
30 # Keyboard configuration, if requested
30 # Install and setup default keyboard configuration
31 if [ "$XKB_MODEL" != "" ] ; then
31 if [ "$XKB_MODEL" != "" ] ; then
32 sed -i "s/^XKBMODEL.*/XKBMODEL=\"${XKB_MODEL}\"/" $R/etc/default/keyboard
32 sed -i "s/^XKBMODEL.*/XKBMODEL=\"${XKB_MODEL}\"/" $R/etc/default/keyboard
33 fi
33 fi
@@ -42,7 +42,7 if [ "$ENABLE_MINBASE" = false ] ; then
42 fi
42 fi
43 chroot_exec dpkg-reconfigure -f noninteractive keyboard-configuration
43 chroot_exec dpkg-reconfigure -f noninteractive keyboard-configuration
44
44
45 # Set up font console
45 # Install and setup font console
46 case "${DEFLOCAL}" in
46 case "${DEFLOCAL}" in
47 *UTF-8)
47 *UTF-8)
48 sed -i 's/^CHARMAP.*/CHARMAP="UTF-8"/' $R/etc/default/console-setup
48 sed -i 's/^CHARMAP.*/CHARMAP="UTF-8"/' $R/etc/default/console-setup
@@ -53,6 +53,6 if [ "$ENABLE_MINBASE" = false ] ; then
53 esac
53 esac
54 chroot_exec dpkg-reconfigure -f noninteractive console-setup
54 chroot_exec dpkg-reconfigure -f noninteractive console-setup
55 else # ENABLE_MINBASE=true
55 else # ENABLE_MINBASE=true
56 # Set POSIX default locales
56 # Install POSIX default locale
57 install_readonly files/locales/locale $R/etc/default/locale
57 install_readonly files/locales/locale $R/etc/default/locale
58 fi
58 fi
@@ -11,42 +11,47 if [ "$BUILD_KERNEL" = true ] ; then
11 git -C $R/usr/src clone --depth=1 https://github.com/raspberrypi/linux
11 git -C $R/usr/src clone --depth=1 https://github.com/raspberrypi/linux
12
12
13 # Load default raspberry kernel configuration
13 # Load default raspberry kernel configuration
14 make -C $R/usr/src/linux ARCH=arm CROSS_COMPILE=arm-linux-gnueabihf- bcm2709_defconfig
14 make -C $R/usr/src/linux ARCH=${KERNEL_ARCH} CROSS_COMPILE=${CROSS_COMPILE} bcm2709_defconfig
15
15
16 # Calculate optimal number of kernel building threads
16 # Calculate optimal number of kernel building threads
17 if [ "KERNEL_THREADS" = 1 ] ; then
17 if [ "$KERNEL_THREADS" = 1 ] ; then
18 if [ -f /proc/cpuinfo ] ; then
18 if [ -f /proc/cpuinfo ] ; then
19 KERNEL_THREADS=$(grep -c processor /proc/cpuinfo)
19 KERNEL_THREADS=$(grep -c processor /proc/cpuinfo)
20 fi
20 fi
21 fi
21 fi
22
22
23 # Start menu-driven kernel configuration (interactive)
24 if [ "$KERNEL_MENUCONFIG" = true ] ; then
25 make -C $R/usr/src/linux ARCH=${KERNEL_ARCH} CROSS_COMPILE=${CROSS_COMPILE} menuconfig
26 fi
27
23 # Cross compile kernel and modules
28 # Cross compile kernel and modules
24 make -C $R/usr/src/linux -j${KERNEL_THREADS} ARCH=arm CROSS_COMPILE=arm-linux-gnueabihf- zImage modules dtbs
29 make -C $R/usr/src/linux -j${KERNEL_THREADS} ARCH=${KERNEL_ARCH} CROSS_COMPILE=${CROSS_COMPILE} zImage modules dtbs
25
30
26 # Install kernel modules
31 # Install kernel modules
27 make -C $R/usr/src/linux ARCH=arm CROSS_COMPILE=arm-linux-gnueabihf- INSTALL_MOD_PATH=../../.. modules_install
32 make -C $R/usr/src/linux ARCH=${KERNEL_ARCH} CROSS_COMPILE=${CROSS_COMPILE} INSTALL_MOD_PATH=../../.. modules_install
28
33
29 # Install kernel headers
34 # Install kernel headers
30 if [ "$KERNEL_HEADERS" = true ]; then
35 if [ "$KERNEL_HEADERS" = true ]; then
31 make -C $R/usr/src/linux ARCH=arm CROSS_COMPILE=arm-linux-gnueabihf- INSTALL_HDR_PATH=../.. headers_install
36 make -C $R/usr/src/linux ARCH=${KERNEL_ARCH} CROSS_COMPILE=${CROSS_COMPILE} INSTALL_HDR_PATH=../.. headers_install
32 fi
37 fi
33
38
34 # Copy and rename compiled kernel to boot directory
39 # Copy and rename compiled kernel to boot directory
35 mkdir $R/boot/firmware/
40 mkdir $R/boot/firmware/
36 $R/usr/src/linux/scripts/mkknlimg $R/usr/src/linux/arch/arm/boot/zImage $R/boot/firmware/kernel7.img
41 $R/usr/src/linux/scripts/mkknlimg $R/usr/src/linux/arch/${KERNEL_ARCH}/boot/zImage $R/boot/firmware/kernel7.img
37
42
38 # Copy dts and dtb device definitions
43 # Copy dts and dtb device definitions
39 mkdir $R/boot/firmware/overlays/
44 mkdir $R/boot/firmware/overlays/
40 cp $R/usr/src/linux/arch/arm/boot/dts/*.dtb $R/boot/firmware/
45 cp $R/usr/src/linux/arch/${KERNEL_ARCH}/boot/dts/*.dtb $R/boot/firmware/
41 cp $R/usr/src/linux/arch/arm/boot/dts/overlays/*.dtb* $R/boot/firmware/overlays/
46 cp $R/usr/src/linux/arch/${KERNEL_ARCH}/boot/dts/overlays/*.dtb* $R/boot/firmware/overlays/
42 cp $R/usr/src/linux/arch/arm/boot/dts/overlays/README $R/boot/firmware/overlays/
47 cp $R/usr/src/linux/arch/${KERNEL_ARCH}/boot/dts/overlays/README $R/boot/firmware/overlays/
43
48
44 # Remove kernel sources
49 # Remove kernel sources
45 if [ "$KERNEL_RMSRC" = true ]; then
50 if [ "$KERNEL_RMSRC" = true ]; then
46 rm -fr $R/usr/src/linux
51 rm -fr $R/usr/src/linux
47 fi
52 fi
48
53
49 # Install raspberry bootloader and flash-kernel
54 # Install raspberry bootloader and flash-kernel packages
50 chroot_exec apt-get -qq -y --no-install-recommends install raspberrypi-bootloader-nokernel
55 chroot_exec apt-get -qq -y --no-install-recommends install raspberrypi-bootloader-nokernel
51 else # BUILD_KERNEL=false
56 else # BUILD_KERNEL=false
52 # Kernel installation
57 # Kernel installation
@@ -60,63 +65,61 else # BUILD_KERNEL=false
60 cp $VMLINUZ $R/boot/firmware/kernel7.img
65 cp $VMLINUZ $R/boot/firmware/kernel7.img
61 fi
66 fi
62
67
63 # Set up firmware boot cmdline
68 # Setup firmware boot cmdline
64 if [ "$ENABLE_SPLITFS" = true ] ; then
69 if [ "$ENABLE_SPLITFS" = true ] ; then
65 CMDLINE="dwc_otg.lpm_enable=0 root=/dev/sda1 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline rootwait net.ifnames=1 console=tty1 ${CMDLINE}"
70 CMDLINE="dwc_otg.lpm_enable=0 root=/dev/sda1 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline rootwait net.ifnames=1 console=tty1 ${CMDLINE}"
66 else
71 else
67 CMDLINE="dwc_otg.lpm_enable=0 root=/dev/mmcblk0p2 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline rootwait net.ifnames=1 console=tty1 ${CMDLINE}"
72 CMDLINE="dwc_otg.lpm_enable=0 root=/dev/mmcblk0p2 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline rootwait net.ifnames=1 console=tty1 ${CMDLINE}"
68 fi
73 fi
69
74
70 # Set up serial console support (if requested)
75 # Add serial console support
71 if [ "$ENABLE_CONSOLE" = true ] ; then
76 if [ "$ENABLE_CONSOLE" = true ] ; then
72 CMDLINE="${CMDLINE} console=ttyAMA0,115200 kgdboc=ttyAMA0,115200"
77 CMDLINE="${CMDLINE} console=ttyAMA0,115200 kgdboc=ttyAMA0,115200"
73 fi
78 fi
74
79
75 # Set up IPv6 networking support
80 # Remove IPv6 networking support
76 if [ "$ENABLE_IPV6" = false ] ; then
81 if [ "$ENABLE_IPV6" = false ] ; then
77 CMDLINE="${CMDLINE} ipv6.disable=1"
82 CMDLINE="${CMDLINE} ipv6.disable=1"
78 fi
83 fi
79
84
85 # Install firmware boot cmdline
80 echo "${CMDLINE}" >$R/boot/firmware/cmdline.txt
86 echo "${CMDLINE}" >$R/boot/firmware/cmdline.txt
81
87
82 # Set up firmware config
88 # Install firmware config
83 install_readonly files/boot/config.txt $R/boot/firmware/config.txt
89 install_readonly files/boot/config.txt $R/boot/firmware/config.txt
84
90
85 # Load snd_bcm2835 kernel module at boot time
91 # Setup minimal GPU memory allocation size: 16MB (no X)
86 if [ "$ENABLE_SOUND" = true ] ; then
87 echo "snd_bcm2835" >>$R/etc/modules
88 fi
89
90 # Set smallest possible GPU memory allocation size: 16MB (no X)
91 if [ "$ENABLE_MINGPU" = true ] ; then
92 if [ "$ENABLE_MINGPU" = true ] ; then
92 echo "gpu_mem=16" >>$R/boot/firmware/config.txt
93 echo "gpu_mem=16" >>$R/boot/firmware/config.txt
93 fi
94 fi
94
95
95 # Create symlinks
96 # Create firmware configuration and cmdline symlinks
96 ln -sf firmware/config.txt $R/boot/config.txt
97 ln -sf firmware/config.txt $R/boot/config.txt
97 ln -sf firmware/cmdline.txt $R/boot/cmdline.txt
98 ln -sf firmware/cmdline.txt $R/boot/cmdline.txt
98
99
99 # Prepare modules-load.d directory
100 # Install and setup kernel modules to load at boot
100 mkdir -p $R/lib/modules-load.d/
101 mkdir -p $R/lib/modules-load.d/
102 install_readonly files/modules/rpi2.conf $R/lib/modules-load.d/rpi2.conf
101
103
102 # Load random module on boot
104 # Load hardware random module at boot
103 if [ "$ENABLE_HWRANDOM" = true ] ; then
105 if [ "$ENABLE_HWRANDOM" = true ] ; then
104 cat <<EOM >$R/lib/modules-load.d/rpi2.conf
106 sed -i "s/^# bcm2708_rng/bcm2708_rng/" $R/lib/modules-load.d/rpi2.conf
105 bcm2708_rng
106 EOM
107 fi
107 fi
108
108
109 # Prepare modprobe.d directory
109 # Load sound module at boot
110 mkdir -p $R/etc/modprobe.d/
110 if [ "$ENABLE_SOUND" = true ] ; then
111 sed -i "s/^# snd_bcm2835/snd_bcm2835/" $R/lib/modules-load.d/rpi2.conf
112 fi
111
113
112 # Blacklist sound modules
114 # Install kernel modules blacklist
113 install_readonly files/modprobe.d/raspi-blacklist.conf $R/etc/modprobe.d/raspi-blacklist.conf
115 mkdir -p $R/etc/modprobe.d/
116 install_readonly files/modules/raspi-blacklist.conf $R/etc/modprobe.d/raspi-blacklist.conf
114
117
115 # Create default fstab
118 # Install and setup fstab
116 install_readonly files/mount/fstab $R/etc/fstab
119 install_readonly files/mount/fstab $R/etc/fstab
117 if [ "$ENABLE_SPLITFS" = true ] ; then
120 if [ "$ENABLE_SPLITFS" = true ] ; then
118 sed -i 's/mmcblk0p2/sda1/' $R/etc/fstab
121 sed -i 's/mmcblk0p2/sda1/' $R/etc/fstab
119 fi
122 fi
120
123
121 # Avoid swapping and increase cache sizes
124 # Install sysctl.d configuration files
122 install_readonly files/sysctl.d/81-rpi-vm.conf $R/etc/sysctl.d/81-rpi-vm.conf
125 install_readonly files/sysctl.d/81-rpi-vm.conf $R/etc/sysctl.d/81-rpi-vm.conf
@@ -5,64 +5,68
5 # Load utility functions
5 # Load utility functions
6 . ./functions.sh
6 . ./functions.sh
7
7
8 # Set up IPv4 hosts
8 # Install and setup hostname
9 install_readonly files/network/hostname $R/etc/hostname
9 install_readonly files/network/hostname $R/etc/hostname
10 sed -i "s/^rpi2-jessie/${HOSTNAME}/" $R/etc/hostname
10 sed -i "s/^rpi2-jessie/${HOSTNAME}/" $R/etc/hostname
11
11
12 # Install and setup hosts
12 install_readonly files/network/hosts $R/etc/hosts
13 install_readonly files/network/hosts $R/etc/hosts
13 sed -i "s/rpi2-jessie/${HOSTNAME}/" $R/etc/hosts
14 sed -i "s/rpi2-jessie/${HOSTNAME}/" $R/etc/hosts
14
15
16 # Setup hostname entry with static IP
15 if [ "$NET_ADDRESS" != "" ] ; then
17 if [ "$NET_ADDRESS" != "" ] ; then
16 NET_IP=$(echo ${NET_ADDRESS} | cut -f 1 -d'/')
18 NET_IP=$(echo ${NET_ADDRESS} | cut -f 1 -d'/')
17 sed -i "s/^127.0.1.1/${NET_IP}/" $R/etc/hosts
19 sed -i "s/^127.0.1.1/${NET_IP}/" $R/etc/hosts
18 fi
20 fi
19
21
20 # Set up IPv6 hosts
22 # Remove IPv6 hosts
21 if [ "$ENABLE_IPV6" = true ] ; then
23 if [ "$ENABLE_IPV6" = false ] ; then
22 cat <<EOM >>$R/etc/hosts
24 sed -i -e "/::[1-9]/d" -e "/^$/d" $R/etc/hosts
23
24 ::1 localhost ip6-localhost ip6-loopback
25 ff02::1 ip6-allnodes
26 ff02::2 ip6-allrouters
27 EOM
28 fi
25 fi
29
26
30 # Place hint about network configuration
27 # Install hint about network configuration
31 install_readonly files/network/interfaces $R/etc/network/interfaces
28 install_readonly files/network/interfaces $R/etc/network/interfaces
32
29
30 # Install configuration for interface eth0
31 install_readonly files/network/eth.network $R/etc/systemd/network/eth.network
32
33 if [ "$ENABLE_DHCP" = true ] ; then
33 if [ "$ENABLE_DHCP" = true ] ; then
34 # Enable systemd-networkd DHCP configuration for interface eth0
34 # Enable DHCP configuration for interface eth0
35 install_readonly files/network/eth.network $R/etc/systemd/network/eth.network
35 sed -i -e "s/DHCP=.*/DHCP=yes/" -e "/DHCP/q" $R/etc/systemd/network/eth.network
36
36
37 # Set DHCP configuration to IPv4 only
37 # Set DHCP configuration to IPv4 only
38 if [ "$ENABLE_IPV6" = false ] ; then
38 if [ "$ENABLE_IPV6" = false ] ; then
39 sed -i "s/^DHCP=yes/DHCP=v4/" $R/etc/systemd/network/eth.network
39 sed -i "s/DHCP=.*/DHCP=v4/" $R/etc/systemd/network/eth.network
40 fi
40 fi
41
41
42 else # ENABLE_DHCP=false
42 else # ENABLE_DHCP=false
43 cat <<EOM >$R/etc/systemd/network/eth.network
43 # Set static network configuration for interface eth0
44 [Match]
44 sed -i\
45 Name=eth0
45 -e "s|DHCP=.*|DHCP=no|"\
46
46 -e "s|Address=\$|Address=${NET_ADDRESS}|"\
47 [Network]
47 -e "s|Gateway=\$|Gateway=${NET_GATEWAY}|"\
48 DHCP=no
48 -e "0,/DNS=\$/ s|DNS=\$|DNS=${NET_DNS_1}|"\
49 Address=${NET_ADDRESS}
49 -e "0,/DNS=\$/ s|DNS=\$|DNS=${NET_DNS_2}|"\
50 Gateway=${NET_GATEWAY}
50 -e "s|Domains=\$|Domains=${NET_DNS_DOMAINS}|"\
51 DNS=${NET_DNS_1}
51 -e "0,/NTP=\$/ s|NTP=\$|NTP=${NET_NTP_1}|"\
52 DNS=${NET_DNS_2}
52 -e "0,/NTP=\$/ s|NTP=\$|NTP=${NET_NTP_2}|"\
53 Domains=${NET_DNS_DOMAINS}
53 $R/etc/systemd/network/eth.network
54 NTP=${NET_NTP_1}
55 NTP=${NET_NTP_2}
56 EOM
57 fi
54 fi
58
55
56 # Remove empty settings from network configuration
57 sed -i "/.*=\$/d" $R/etc/systemd/network/eth.network
58
59 # Enable systemd-networkd service
59 # Enable systemd-networkd service
60 chroot_exec systemctl enable systemd-networkd
60 chroot_exec systemctl enable systemd-networkd
61
61
62 # Install host.conf resolver configuration
63 install_readonly files/network/host.conf $R/etc/host.conf
64
62 # Enable network stack hardening
65 # Enable network stack hardening
63 if [ "$ENABLE_HARDNET" = true ] ; then
66 if [ "$ENABLE_HARDNET" = true ] ; then
67 # Install sysctl.d configuration files
64 install_readonly files/sysctl.d/82-rpi-net-hardening.conf $R/etc/sysctl.d/82-rpi-net-hardening.conf
68 install_readonly files/sysctl.d/82-rpi-net-hardening.conf $R/etc/sysctl.d/82-rpi-net-hardening.conf
65
69
66 # Enable resolver warnings about spoofed addresses
70 # Setup resolver warnings about spoofed addresses
67 install_readonly files/network/host.conf $R/etc/host.conf
71 sed -i "s/^# spoof warn/spoof warn/" $R/etc/host.conf
68 fi
72 fi
@@ -9,13 +9,13 if [ "$ENABLE_IPTABLES" = true ] ; then
9 # Create iptables configuration directory
9 # Create iptables configuration directory
10 mkdir -p "$R/etc/iptables"
10 mkdir -p "$R/etc/iptables"
11
11
12 # Create iptables systemd service
12 # Install iptables systemd service
13 install_readonly files/iptables/iptables.service $R/etc/systemd/system/iptables.service
13 install_readonly files/iptables/iptables.service $R/etc/systemd/system/iptables.service
14
14
15 # Create flush-table script called by iptables service
15 # Install flush-table script called by iptables service
16 install_exec files/iptables/flush-iptables.sh $R/etc/iptables/flush-iptables.sh
16 install_exec files/iptables/flush-iptables.sh $R/etc/iptables/flush-iptables.sh
17
17
18 # Create iptables rule file
18 # Install iptables rule file
19 install_readonly files/iptables/iptables.rules $R/etc/iptables/iptables.rules
19 install_readonly files/iptables/iptables.rules $R/etc/iptables/iptables.rules
20
20
21 # Reload systemd configuration and enable iptables service
21 # Reload systemd configuration and enable iptables service
@@ -23,10 +23,10 if [ "$ENABLE_IPTABLES" = true ] ; then
23 chroot_exec systemctl enable iptables.service
23 chroot_exec systemctl enable iptables.service
24
24
25 if [ "$ENABLE_IPV6" = true ] ; then
25 if [ "$ENABLE_IPV6" = true ] ; then
26 # Create ip6tables systemd service
26 # Install ip6tables systemd service
27 install_readonly files/iptables/ip6tables.service $R/etc/systemd/system/ip6tables.service
27 install_readonly files/iptables/ip6tables.service $R/etc/systemd/system/ip6tables.service
28
28
29 # Create ip6tables file
29 # Install ip6tables file
30 install_exec files/iptables/flush-ip6tables.sh $R/etc/iptables/flush-ip6tables.sh
30 install_exec files/iptables/flush-ip6tables.sh $R/etc/iptables/flush-ip6tables.sh
31
31
32 install_readonly files/iptables/ip6tables.rules $R/etc/iptables/ip6tables.rules
32 install_readonly files/iptables/ip6tables.rules $R/etc/iptables/ip6tables.rules
@@ -8,13 +8,13
8 # Generate crypt(3) password string
8 # Generate crypt(3) password string
9 ENCRYPTED_PASSWORD=`mkpasswd -m sha-512 ${PASSWORD}`
9 ENCRYPTED_PASSWORD=`mkpasswd -m sha-512 ${PASSWORD}`
10
10
11 # Set up default user
11 # Setup default user
12 if [ "$ENABLE_USER" = true ] ; then
12 if [ "$ENABLE_USER" = true ] ; then
13 chroot_exec adduser --gecos pi --add_extra_groups --disabled-password pi
13 chroot_exec adduser --gecos pi --add_extra_groups --disabled-password pi
14 chroot_exec usermod -a -G sudo -p "${ENCRYPTED_PASSWORD}" pi
14 chroot_exec usermod -a -G sudo -p "${ENCRYPTED_PASSWORD}" pi
15 fi
15 fi
16
16
17 # Set up root password or not
17 # Setup root password or not
18 if [ "$ENABLE_ROOT" = true ]; then
18 if [ "$ENABLE_ROOT" = true ]; then
19 chroot_exec usermod -p "${ENCRYPTED_PASSWORD}" root
19 chroot_exec usermod -p "${ENCRYPTED_PASSWORD}" root
20
20
@@ -1,5 +1,5
1 #
1 #
2 # Build and Setup Uboot
2 # Build and Setup U-Boot
3 #
3 #
4
4
5 # Load utility functions
5 # Load utility functions
@@ -22,10 +22,10 if [ "$ENABLE_UBOOT" = true ] ; then
22 cp $R/tmp/u-boot/u-boot.bin $R/boot/firmware/
22 cp $R/tmp/u-boot/u-boot.bin $R/boot/firmware/
23 printf "\n# boot u-boot kernel\nkernel=u-boot.bin\n" >> $R/boot/firmware/config.txt
23 printf "\n# boot u-boot kernel\nkernel=u-boot.bin\n" >> $R/boot/firmware/config.txt
24
24
25 # Set U-Boot command file
25 # Install and setup U-Boot command file
26 install_readonly files/boot/uboot.mkimage $R/boot/firmware/uboot.mkimage
26 install_readonly files/boot/uboot.mkimage $R/boot/firmware/uboot.mkimage
27 printf "# Set the kernel boot command line\nsetenv bootargs \"earlyprintk ${CMDLINE}\"\n\n$(cat $R/boot/firmware/uboot.mkimage)" > $R/boot/firmware/uboot.mkimage
27 printf "# Set the kernel boot command line\nsetenv bootargs \"earlyprintk ${CMDLINE}\"\n\n$(cat $R/boot/firmware/uboot.mkimage)" > $R/boot/firmware/uboot.mkimage
28
28
29 # Generate U-Boot image from command file
29 # Generate U-Boot bootloader image
30 chroot_exec /tmp/u-boot/tools/mkimage -A arm -O linux -T script -C none -a 0x00000000 -e 0x00000000 -n RPi2 -d /boot/firmware/uboot.mkimage /boot/firmware/boot.scr
30 chroot_exec /tmp/u-boot/tools/mkimage -A ${KERNEL_ARCH} -O linux -T script -C none -a 0x00000000 -e 0x00000000 -n RPi2 -d /boot/firmware/uboot.mkimage /boot/firmware/boot.scr
31 fi
31 fi
@@ -21,7 +21,7 make
21 make install
21 make install
22 EOF
22 EOF
23
23
24 # Add fbturbo driver to Xorg configuration
24 # Install fbturbo driver Xorg configuration
25 install_readonly files/xorg/99-fbturbo.conf $R/usr/share/X11/xorg.conf.d/99-fbturbo.conf
25 install_readonly files/xorg/99-fbturbo.conf $R/usr/share/X11/xorg.conf.d/99-fbturbo.conf
26
26
27 # Remove Xorg build dependencies
27 # Remove Xorg build dependencies
1 NO CONTENT: file renamed from files/modprobe.d/raspi-blacklist.conf to files/modules/raspi-blacklist.conf
NO CONTENT: file renamed from files/modprobe.d/raspi-blacklist.conf to files/modules/raspi-blacklist.conf
@@ -2,4 +2,11
2 Name=eth0
2 Name=eth0
3
3
4 [Network]
4 [Network]
5 DHCP=yes
5 DHCP=no
6 Address=
7 Gateway=
8 DNS=
9 DNS=
10 Domains=
11 NTP=
12 NTP=
@@ -1,1 +1,2
1 spoof warn
1 # spoof warn
2 multi on
@@ -1,2 +1,6
1 127.0.0.1 localhost
1 127.0.0.1 localhost
2 127.0.1.1 rpi2-jessie
2 127.0.1.1 rpi2-jessie
3
4 ::1 localhost ip6-localhost ip6-loopback
5 ff02::1 ip6-allnodes
6 ff02::2 ip6-allrouters
@@ -25,7 +25,11 set -x
25
25
26 # Debian release
26 # Debian release
27 RELEASE=${RELEASE:=jessie}
27 RELEASE=${RELEASE:=jessie}
28 KERNEL_ARCH=${KERNEL_ARCH:=arm}
29 RELEASE_ARCH=${RELEASE_ARCH:=armhf}
30 CROSS_COMPILE=${CROSS_COMPILE:=arm-linux-gnueabihf-}
28 COLLABORA_KERNEL=${COLLABORA_KERNEL:=3.18.0-trunk-rpi2}
31 COLLABORA_KERNEL=${COLLABORA_KERNEL:=3.18.0-trunk-rpi2}
32 QEMU_BINARY=${QEMU_BINARY:=/usr/bin/qemu-arm-static}
29
33
30 # Build settings
34 # Build settings
31 BASEDIR=$(pwd)/images/${RELEASE}
35 BASEDIR=$(pwd)/images/${RELEASE}
@@ -88,6 +92,7 ENABLE_SPLITFS=${ENABLE_SPLITFS:=false}
88 BUILD_KERNEL=${BUILD_KERNEL:=false}
92 BUILD_KERNEL=${BUILD_KERNEL:=false}
89 KERNEL_THREADS=${KERNEL_THREADS:=1}
93 KERNEL_THREADS=${KERNEL_THREADS:=1}
90 KERNEL_HEADERS=${KERNEL_HEADERS:=true}
94 KERNEL_HEADERS=${KERNEL_HEADERS:=true}
95 KERNEL_MENUCONFIG=${KERNEL_MENUCONFIG:=false}
91 KERNEL_RMSRC=${KERNEL_RMSRC:=true}
96 KERNEL_RMSRC=${KERNEL_RMSRC:=true}
92
97
93 # Image chroot path
98 # Image chroot path
@@ -115,6 +120,9 fi
115 # Add packages required for kernel cross compilation
120 # Add packages required for kernel cross compilation
116 if [ "$BUILD_KERNEL" = true ] ; then
121 if [ "$BUILD_KERNEL" = true ] ; then
117 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-armhf"
122 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-armhf"
123 if [ "$KERNEL_MENUCONFIG" = true ] ; then
124 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} ncurses-dev"
125 fi
118 fi
126 fi
119
127
120 # Check if all required packages are installed
128 # Check if all required packages are installed
@@ -150,7 +158,7 set -x
150 # Call "cleanup" function on various signals and errors
158 # Call "cleanup" function on various signals and errors
151 trap cleanup 0 1 2 3 6
159 trap cleanup 0 1 2 3 6
152
160
153 # Set up chroot directory
161 # Setup chroot directory
154 mkdir -p $R
162 mkdir -p $R
155
163
156 # Add required packages for the minbase installation
164 # Add required packages for the minbase installation
@@ -298,7 +306,7 unit: sectors
298 3 : start= 0, size= 0, Id= 0
306 3 : start= 0, size= 0, Id= 0
299 4 : start= 0, size= 0, Id= 0
307 4 : start= 0, size= 0, Id= 0
300 EOM
308 EOM
301 # Set up temporary loop devices
309 # Setup temporary loop devices
302 FRMW_LOOP="$(losetup -o 1M --sizelimit 64M -f --show $BASEDIR/${DATE}-debian-${RELEASE}-frmw.img)"
310 FRMW_LOOP="$(losetup -o 1M --sizelimit 64M -f --show $BASEDIR/${DATE}-debian-${RELEASE}-frmw.img)"
303 ROOT_LOOP="$(losetup -o 1M -f --show $BASEDIR/${DATE}-debian-${RELEASE}-root.img)"
311 ROOT_LOOP="$(losetup -o 1M -f --show $BASEDIR/${DATE}-debian-${RELEASE}-root.img)"
304 else
312 else
@@ -313,7 +321,7 unit: sectors
313 3 : start= 0, size= 0, Id= 0
321 3 : start= 0, size= 0, Id= 0
314 4 : start= 0, size= 0, Id= 0
322 4 : start= 0, size= 0, Id= 0
315 EOM
323 EOM
316 # Set up temporary loop devices
324 # Setup temporary loop devices
317 FRMW_LOOP="$(losetup -o 1M --sizelimit 64M -f --show $BASEDIR/${DATE}-debian-${RELEASE}.img)"
325 FRMW_LOOP="$(losetup -o 1M --sizelimit 64M -f --show $BASEDIR/${DATE}-debian-${RELEASE}.img)"
318 ROOT_LOOP="$(losetup -o 65M -f --show $BASEDIR/${DATE}-debian-${RELEASE}.img)"
326 ROOT_LOOP="$(losetup -o 65M -f --show $BASEDIR/${DATE}-debian-${RELEASE}.img)"
319 fi
327 fi
@@ -342,12 +350,12 if [ "$ENABLE_SPLITFS" = true ] ; then
342 bmaptool create -o "$BASEDIR/${DATE}-debian-${RELEASE}-root.bmap" "$BASEDIR/${DATE}-debian-${RELEASE}-root.img"
350 bmaptool create -o "$BASEDIR/${DATE}-debian-${RELEASE}-root.bmap" "$BASEDIR/${DATE}-debian-${RELEASE}-root.img"
343
351
344 # Image was successfully created
352 # Image was successfully created
345 echo "$BASEDIR/${DATE}-debian-${RELEASE}-frmw.img ($(expr ${TABLE_SECTORS} + ${FRMW_SECTORS} \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
353 echo "$BASEDIR/${DATE}-debian-${RELEASE}-frmw.img ($(expr \( ${TABLE_SECTORS} + ${FRMW_SECTORS} \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
346 echo "$BASEDIR/${DATE}-debian-${RELEASE}-root.img ($(expr ${TABLE_SECTORS} + ${ROOT_SECTORS} \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
354 echo "$BASEDIR/${DATE}-debian-${RELEASE}-root.img ($(expr \( ${TABLE_SECTORS} + ${ROOT_SECTORS} \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
347 else
355 else
348 # Create block map file for "bmaptool"
356 # Create block map file for "bmaptool"
349 bmaptool create -o "$BASEDIR/${DATE}-debian-${RELEASE}.bmap" "$BASEDIR/${DATE}-debian-${RELEASE}.img"
357 bmaptool create -o "$BASEDIR/${DATE}-debian-${RELEASE}.bmap" "$BASEDIR/${DATE}-debian-${RELEASE}.img"
350
358
351 # Image was successfully created
359 # Image was successfully created
352 echo "$BASEDIR/${DATE}-debian-${RELEASE}.img ($(expr ${TABLE_SECTORS} + ${FRMW_SECTORS} + ${ROOT_SECTORS} \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
360 echo "$BASEDIR/${DATE}-debian-${RELEASE}.img ($(expr \( ${TABLE_SECTORS} + ${FRMW_SECTORS} + ${ROOT_SECTORS} \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
353 fi
361 fi
General Comments 0
Vous devez vous connecter pour laisser un commentaire. Se connecter maintenant