@@ -166,6 +166,9 Number of parallel kernel building threads. If the parameter is left untouched t | |||||
166 | ##### `KERNEL_HEADERS`=true |
|
166 | ##### `KERNEL_HEADERS`=true | |
167 | Install kernel headers with built kernel. |
|
167 | Install kernel headers with built kernel. | |
168 |
|
168 | |||
|
169 | ##### `KERNEL_MENUCONFIG`=false | |||
|
170 | Start `make menuconfig` interactive menu-driven kernel configuration. The script will continue after `make menuconfig` was terminated. | |||
|
171 | ||||
169 | ##### `KERNEL_RMSRC`=true |
|
172 | ##### `KERNEL_RMSRC`=true | |
170 | Remove all kernel sources from the generated OS image after building. |
|
173 | Remove all kernel sources from the generated OS image after building. | |
171 |
|
174 | |||
@@ -182,7 +185,7 The functions of this script that are required for the different stages of the b | |||||
182 | | `21-firewall.sh` | Setup Firewall | |
|
185 | | `21-firewall.sh` | Setup Firewall | | |
183 | | `30-security.sh` | Setup Users and Security settings | |
|
186 | | `30-security.sh` | Setup Users and Security settings | | |
184 | | `31-logging.sh` | Setup Logging | |
|
187 | | `31-logging.sh` | Setup Logging | | |
185 |
| `41-uboot.sh` | Build and Setup U |
|
188 | | `41-uboot.sh` | Build and Setup U-Boot | | |
186 | | `42-fbturbo.sh` | Build and Setup fbturbo Xorg driver | |
|
189 | | `42-fbturbo.sh` | Build and Setup fbturbo Xorg driver | | |
187 | | `50-firstboot.sh` | First boot actions | |
|
190 | | `50-firstboot.sh` | First boot actions | | |
188 |
|
191 | |||
@@ -194,7 +197,7 All the required configuration files that will be copied to the generated OS ima | |||||
194 | | `firstboot` | Scripts that get executed on first boot | |
|
197 | | `firstboot` | Scripts that get executed on first boot | | |
195 | | `iptables` | Firewall configuration files | |
|
198 | | `iptables` | Firewall configuration files | | |
196 | | `locales` | Locales configuration | |
|
199 | | `locales` | Locales configuration | | |
197 |
| `mod |
|
200 | | `modules` | Kernel Modules configuration | | |
198 | | `mount` | Fstab configuration | |
|
201 | | `mount` | Fstab configuration | | |
199 | | `network` | Networking configuration files | |
|
202 | | `network` | Networking configuration files | | |
200 | | `sysctl.d` | Swapping and Network Hardening configuration | |
|
203 | | `sysctl.d` | Swapping and Network Hardening configuration | |
@@ -7,13 +7,13 | |||||
7 |
|
7 | |||
8 | # Base debootstrap (unpack only) |
|
8 | # Base debootstrap (unpack only) | |
9 | if [ "$ENABLE_MINBASE" = true ] ; then |
|
9 | if [ "$ENABLE_MINBASE" = true ] ; then | |
10 |
http_proxy=${APT_PROXY} debootstrap --arch= |
|
10 | http_proxy=${APT_PROXY} debootstrap --arch=${RELEASE_ARCH} --variant=minbase --foreign --include=${APT_INCLUDES} ${RELEASE} $R http://${APT_SERVER}/debian | |
11 | else |
|
11 | else | |
12 |
http_proxy=${APT_PROXY} debootstrap --arch= |
|
12 | http_proxy=${APT_PROXY} debootstrap --arch=${RELEASE_ARCH} --foreign --include=${APT_INCLUDES} ${RELEASE} $R http://${APT_SERVER}/debian | |
13 | fi |
|
13 | fi | |
14 |
|
14 | |||
15 | # Copy qemu emulator binary to chroot |
|
15 | # Copy qemu emulator binary to chroot | |
16 | cp /usr/bin/qemu-arm-static $R/usr/bin |
|
16 | cp ${QEMU_BINARY} $R/usr/bin | |
17 |
|
17 | |||
18 | # Copy debian-archive-keyring.pgp |
|
18 | # Copy debian-archive-keyring.pgp | |
19 | mkdir -p $R/usr/share/keyrings |
|
19 | mkdir -p $R/usr/share/keyrings |
@@ -5,13 +5,13 | |||||
5 | # Load utility functions |
|
5 | # Load utility functions | |
6 | . ./functions.sh |
|
6 | . ./functions.sh | |
7 |
|
7 | |||
8 | # Use proxy inside chroot |
|
8 | # Install and setup APT proxy configuration | |
9 | if [ -z "$APT_PROXY" ] ; then |
|
9 | if [ -z "$APT_PROXY" ] ; then | |
10 | install_readonly files/apt/10proxy $R/etc/apt/apt.conf.d/10proxy |
|
10 | install_readonly files/apt/10proxy $R/etc/apt/apt.conf.d/10proxy | |
11 | sed -i "s/\"\"/\"${APT_PROXY}\"/" $R/etc/apt/apt.conf.d/10proxy |
|
11 | sed -i "s/\"\"/\"${APT_PROXY}\"/" $R/etc/apt/apt.conf.d/10proxy | |
12 | fi |
|
12 | fi | |
13 |
|
13 | |||
14 | # Pin package flash-kernel to repositories.collabora.co.uk |
|
14 | # Install APT pinning configuration for flash-kernel package | |
15 | install_readonly files/apt/flash-kernel $R/etc/apt/preferences.d/flash-kernel |
|
15 | install_readonly files/apt/flash-kernel $R/etc/apt/preferences.d/flash-kernel | |
16 |
|
16 | |||
17 | # Upgrade collabora package index and install collabora keyring |
|
17 | # Upgrade collabora package index and install collabora keyring | |
@@ -19,7 +19,7 echo "deb https://repositories.collabora.co.uk/debian ${RELEASE} rpi2" >$R/etc/a | |||||
19 | chroot_exec apt-get -qq -y update |
|
19 | chroot_exec apt-get -qq -y update | |
20 | chroot_exec apt-get -qq -y --force-yes install collabora-obs-archive-keyring |
|
20 | chroot_exec apt-get -qq -y --force-yes install collabora-obs-archive-keyring | |
21 |
|
21 | |||
22 |
# |
|
22 | # Install APT sources.list | |
23 | install_readonly files/apt/sources.list $R/etc/apt/sources.list |
|
23 | install_readonly files/apt/sources.list $R/etc/apt/sources.list | |
24 | sed -i "s/\/ftp.debian.org\//\/${APT_SERVER}\//" $R/etc/apt/sources.list |
|
24 | sed -i "s/\/ftp.debian.org\//\/${APT_SERVER}\//" $R/etc/apt/sources.list | |
25 | sed -i "s/ jessie/ ${RELEASE}/" $R/etc/apt/sources.list |
|
25 | sed -i "s/ jessie/ ${RELEASE}/" $R/etc/apt/sources.list |
@@ -5,11 +5,11 | |||||
5 | # Load utility functions |
|
5 | # Load utility functions | |
6 | . ./functions.sh |
|
6 | . ./functions.sh | |
7 |
|
7 | |||
8 |
# |
|
8 | # Install and setup timezone | |
9 | echo ${TIMEZONE} >$R/etc/timezone |
|
9 | echo ${TIMEZONE} >$R/etc/timezone | |
10 | chroot_exec dpkg-reconfigure -f noninteractive tzdata |
|
10 | chroot_exec dpkg-reconfigure -f noninteractive tzdata | |
11 |
|
11 | |||
12 |
# |
|
12 | # Install and setup default locale and keyboard configuration | |
13 | if [ "$ENABLE_MINBASE" = false ] ; then |
|
13 | if [ "$ENABLE_MINBASE" = false ] ; then | |
14 | # Set locale choice in debconf db, even though dpkg-reconfigure ignores and overwrites them due to some bug |
|
14 | # Set locale choice in debconf db, even though dpkg-reconfigure ignores and overwrites them due to some bug | |
15 | # https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=684134 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=685957 |
|
15 | # https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=684134 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=685957 | |
@@ -27,7 +27,7 if [ "$ENABLE_MINBASE" = false ] ; then | |||||
27 | chroot_exec locale-gen |
|
27 | chroot_exec locale-gen | |
28 | chroot_exec update-locale LANG=${DEFLOCAL} |
|
28 | chroot_exec update-locale LANG=${DEFLOCAL} | |
29 |
|
29 | |||
30 | # Keyboard configuration, if requested |
|
30 | # Install and setup default keyboard configuration | |
31 | if [ "$XKB_MODEL" != "" ] ; then |
|
31 | if [ "$XKB_MODEL" != "" ] ; then | |
32 | sed -i "s/^XKBMODEL.*/XKBMODEL=\"${XKB_MODEL}\"/" $R/etc/default/keyboard |
|
32 | sed -i "s/^XKBMODEL.*/XKBMODEL=\"${XKB_MODEL}\"/" $R/etc/default/keyboard | |
33 | fi |
|
33 | fi | |
@@ -42,7 +42,7 if [ "$ENABLE_MINBASE" = false ] ; then | |||||
42 | fi |
|
42 | fi | |
43 | chroot_exec dpkg-reconfigure -f noninteractive keyboard-configuration |
|
43 | chroot_exec dpkg-reconfigure -f noninteractive keyboard-configuration | |
44 |
|
44 | |||
45 |
# |
|
45 | # Install and setup font console | |
46 | case "${DEFLOCAL}" in |
|
46 | case "${DEFLOCAL}" in | |
47 | *UTF-8) |
|
47 | *UTF-8) | |
48 | sed -i 's/^CHARMAP.*/CHARMAP="UTF-8"/' $R/etc/default/console-setup |
|
48 | sed -i 's/^CHARMAP.*/CHARMAP="UTF-8"/' $R/etc/default/console-setup | |
@@ -53,6 +53,6 if [ "$ENABLE_MINBASE" = false ] ; then | |||||
53 | esac |
|
53 | esac | |
54 | chroot_exec dpkg-reconfigure -f noninteractive console-setup |
|
54 | chroot_exec dpkg-reconfigure -f noninteractive console-setup | |
55 | else # ENABLE_MINBASE=true |
|
55 | else # ENABLE_MINBASE=true | |
56 |
# |
|
56 | # Install POSIX default locale | |
57 | install_readonly files/locales/locale $R/etc/default/locale |
|
57 | install_readonly files/locales/locale $R/etc/default/locale | |
58 | fi |
|
58 | fi |
@@ -11,42 +11,47 if [ "$BUILD_KERNEL" = true ] ; then | |||||
11 | git -C $R/usr/src clone --depth=1 https://github.com/raspberrypi/linux |
|
11 | git -C $R/usr/src clone --depth=1 https://github.com/raspberrypi/linux | |
12 |
|
12 | |||
13 | # Load default raspberry kernel configuration |
|
13 | # Load default raspberry kernel configuration | |
14 |
make -C $R/usr/src/linux ARCH= |
|
14 | make -C $R/usr/src/linux ARCH=${KERNEL_ARCH} CROSS_COMPILE=${CROSS_COMPILE} bcm2709_defconfig | |
15 |
|
15 | |||
16 | # Calculate optimal number of kernel building threads |
|
16 | # Calculate optimal number of kernel building threads | |
17 | if [ "KERNEL_THREADS" = 1 ] ; then |
|
17 | if [ "$KERNEL_THREADS" = 1 ] ; then | |
18 | if [ -f /proc/cpuinfo ] ; then |
|
18 | if [ -f /proc/cpuinfo ] ; then | |
19 | KERNEL_THREADS=$(grep -c processor /proc/cpuinfo) |
|
19 | KERNEL_THREADS=$(grep -c processor /proc/cpuinfo) | |
20 | fi |
|
20 | fi | |
21 | fi |
|
21 | fi | |
22 |
|
22 | |||
|
23 | # Start menu-driven kernel configuration (interactive) | |||
|
24 | if [ "$KERNEL_MENUCONFIG" = true ] ; then | |||
|
25 | make -C $R/usr/src/linux ARCH=${KERNEL_ARCH} CROSS_COMPILE=${CROSS_COMPILE} menuconfig | |||
|
26 | fi | |||
|
27 | ||||
23 | # Cross compile kernel and modules |
|
28 | # Cross compile kernel and modules | |
24 |
make -C $R/usr/src/linux -j${KERNEL_THREADS} ARCH= |
|
29 | make -C $R/usr/src/linux -j${KERNEL_THREADS} ARCH=${KERNEL_ARCH} CROSS_COMPILE=${CROSS_COMPILE} zImage modules dtbs | |
25 |
|
30 | |||
26 | # Install kernel modules |
|
31 | # Install kernel modules | |
27 |
make -C $R/usr/src/linux ARCH= |
|
32 | make -C $R/usr/src/linux ARCH=${KERNEL_ARCH} CROSS_COMPILE=${CROSS_COMPILE} INSTALL_MOD_PATH=../../.. modules_install | |
28 |
|
33 | |||
29 | # Install kernel headers |
|
34 | # Install kernel headers | |
30 | if [ "$KERNEL_HEADERS" = true ]; then |
|
35 | if [ "$KERNEL_HEADERS" = true ]; then | |
31 |
make -C $R/usr/src/linux ARCH= |
|
36 | make -C $R/usr/src/linux ARCH=${KERNEL_ARCH} CROSS_COMPILE=${CROSS_COMPILE} INSTALL_HDR_PATH=../.. headers_install | |
32 | fi |
|
37 | fi | |
33 |
|
38 | |||
34 | # Copy and rename compiled kernel to boot directory |
|
39 | # Copy and rename compiled kernel to boot directory | |
35 | mkdir $R/boot/firmware/ |
|
40 | mkdir $R/boot/firmware/ | |
36 |
$R/usr/src/linux/scripts/mkknlimg $R/usr/src/linux/arch/ |
|
41 | $R/usr/src/linux/scripts/mkknlimg $R/usr/src/linux/arch/${KERNEL_ARCH}/boot/zImage $R/boot/firmware/kernel7.img | |
37 |
|
42 | |||
38 | # Copy dts and dtb device definitions |
|
43 | # Copy dts and dtb device definitions | |
39 | mkdir $R/boot/firmware/overlays/ |
|
44 | mkdir $R/boot/firmware/overlays/ | |
40 |
cp $R/usr/src/linux/arch/ |
|
45 | cp $R/usr/src/linux/arch/${KERNEL_ARCH}/boot/dts/*.dtb $R/boot/firmware/ | |
41 |
cp $R/usr/src/linux/arch/ |
|
46 | cp $R/usr/src/linux/arch/${KERNEL_ARCH}/boot/dts/overlays/*.dtb* $R/boot/firmware/overlays/ | |
42 |
cp $R/usr/src/linux/arch/ |
|
47 | cp $R/usr/src/linux/arch/${KERNEL_ARCH}/boot/dts/overlays/README $R/boot/firmware/overlays/ | |
43 |
|
48 | |||
44 | # Remove kernel sources |
|
49 | # Remove kernel sources | |
45 | if [ "$KERNEL_RMSRC" = true ]; then |
|
50 | if [ "$KERNEL_RMSRC" = true ]; then | |
46 | rm -fr $R/usr/src/linux |
|
51 | rm -fr $R/usr/src/linux | |
47 | fi |
|
52 | fi | |
48 |
|
53 | |||
49 | # Install raspberry bootloader and flash-kernel |
|
54 | # Install raspberry bootloader and flash-kernel packages | |
50 | chroot_exec apt-get -qq -y --no-install-recommends install raspberrypi-bootloader-nokernel |
|
55 | chroot_exec apt-get -qq -y --no-install-recommends install raspberrypi-bootloader-nokernel | |
51 | else # BUILD_KERNEL=false |
|
56 | else # BUILD_KERNEL=false | |
52 | # Kernel installation |
|
57 | # Kernel installation | |
@@ -60,63 +65,61 else # BUILD_KERNEL=false | |||||
60 | cp $VMLINUZ $R/boot/firmware/kernel7.img |
|
65 | cp $VMLINUZ $R/boot/firmware/kernel7.img | |
61 | fi |
|
66 | fi | |
62 |
|
67 | |||
63 |
# Set |
|
68 | # Setup firmware boot cmdline | |
64 | if [ "$ENABLE_SPLITFS" = true ] ; then |
|
69 | if [ "$ENABLE_SPLITFS" = true ] ; then | |
65 | CMDLINE="dwc_otg.lpm_enable=0 root=/dev/sda1 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline rootwait net.ifnames=1 console=tty1 ${CMDLINE}" |
|
70 | CMDLINE="dwc_otg.lpm_enable=0 root=/dev/sda1 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline rootwait net.ifnames=1 console=tty1 ${CMDLINE}" | |
66 | else |
|
71 | else | |
67 | CMDLINE="dwc_otg.lpm_enable=0 root=/dev/mmcblk0p2 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline rootwait net.ifnames=1 console=tty1 ${CMDLINE}" |
|
72 | CMDLINE="dwc_otg.lpm_enable=0 root=/dev/mmcblk0p2 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline rootwait net.ifnames=1 console=tty1 ${CMDLINE}" | |
68 | fi |
|
73 | fi | |
69 |
|
74 | |||
70 |
# |
|
75 | # Add serial console support | |
71 | if [ "$ENABLE_CONSOLE" = true ] ; then |
|
76 | if [ "$ENABLE_CONSOLE" = true ] ; then | |
72 | CMDLINE="${CMDLINE} console=ttyAMA0,115200 kgdboc=ttyAMA0,115200" |
|
77 | CMDLINE="${CMDLINE} console=ttyAMA0,115200 kgdboc=ttyAMA0,115200" | |
73 | fi |
|
78 | fi | |
74 |
|
79 | |||
75 |
# |
|
80 | # Remove IPv6 networking support | |
76 | if [ "$ENABLE_IPV6" = false ] ; then |
|
81 | if [ "$ENABLE_IPV6" = false ] ; then | |
77 | CMDLINE="${CMDLINE} ipv6.disable=1" |
|
82 | CMDLINE="${CMDLINE} ipv6.disable=1" | |
78 | fi |
|
83 | fi | |
79 |
|
84 | |||
|
85 | # Install firmware boot cmdline | |||
80 | echo "${CMDLINE}" >$R/boot/firmware/cmdline.txt |
|
86 | echo "${CMDLINE}" >$R/boot/firmware/cmdline.txt | |
81 |
|
87 | |||
82 |
# |
|
88 | # Install firmware config | |
83 | install_readonly files/boot/config.txt $R/boot/firmware/config.txt |
|
89 | install_readonly files/boot/config.txt $R/boot/firmware/config.txt | |
84 |
|
90 | |||
85 | # Load snd_bcm2835 kernel module at boot time |
|
91 | # Setup minimal GPU memory allocation size: 16MB (no X) | |
86 | if [ "$ENABLE_SOUND" = true ] ; then |
|
|||
87 | echo "snd_bcm2835" >>$R/etc/modules |
|
|||
88 | fi |
|
|||
89 |
|
||||
90 | # Set smallest possible GPU memory allocation size: 16MB (no X) |
|
|||
91 | if [ "$ENABLE_MINGPU" = true ] ; then |
|
92 | if [ "$ENABLE_MINGPU" = true ] ; then | |
92 | echo "gpu_mem=16" >>$R/boot/firmware/config.txt |
|
93 | echo "gpu_mem=16" >>$R/boot/firmware/config.txt | |
93 | fi |
|
94 | fi | |
94 |
|
95 | |||
95 | # Create symlinks |
|
96 | # Create firmware configuration and cmdline symlinks | |
96 | ln -sf firmware/config.txt $R/boot/config.txt |
|
97 | ln -sf firmware/config.txt $R/boot/config.txt | |
97 | ln -sf firmware/cmdline.txt $R/boot/cmdline.txt |
|
98 | ln -sf firmware/cmdline.txt $R/boot/cmdline.txt | |
98 |
|
99 | |||
99 | # Prepare modules-load.d directory |
|
100 | # Install and setup kernel modules to load at boot | |
100 | mkdir -p $R/lib/modules-load.d/ |
|
101 | mkdir -p $R/lib/modules-load.d/ | |
|
102 | install_readonly files/modules/rpi2.conf $R/lib/modules-load.d/rpi2.conf | |||
101 |
|
103 | |||
102 |
# Load random module |
|
104 | # Load hardware random module at boot | |
103 | if [ "$ENABLE_HWRANDOM" = true ] ; then |
|
105 | if [ "$ENABLE_HWRANDOM" = true ] ; then | |
104 |
|
|
106 | sed -i "s/^# bcm2708_rng/bcm2708_rng/" $R/lib/modules-load.d/rpi2.conf | |
105 | bcm2708_rng |
|
|||
106 | EOM |
|
|||
107 | fi |
|
107 | fi | |
108 |
|
108 | |||
109 | # Prepare modprobe.d directory |
|
109 | # Load sound module at boot | |
110 | mkdir -p $R/etc/modprobe.d/ |
|
110 | if [ "$ENABLE_SOUND" = true ] ; then | |
|
111 | sed -i "s/^# snd_bcm2835/snd_bcm2835/" $R/lib/modules-load.d/rpi2.conf | |||
|
112 | fi | |||
111 |
|
113 | |||
112 | # Blacklist sound modules |
|
114 | # Install kernel modules blacklist | |
113 | install_readonly files/modprobe.d/raspi-blacklist.conf $R/etc/modprobe.d/raspi-blacklist.conf |
|
115 | mkdir -p $R/etc/modprobe.d/ | |
|
116 | install_readonly files/modules/raspi-blacklist.conf $R/etc/modprobe.d/raspi-blacklist.conf | |||
114 |
|
117 | |||
115 | # Create default fstab |
|
118 | # Install and setup fstab | |
116 | install_readonly files/mount/fstab $R/etc/fstab |
|
119 | install_readonly files/mount/fstab $R/etc/fstab | |
117 | if [ "$ENABLE_SPLITFS" = true ] ; then |
|
120 | if [ "$ENABLE_SPLITFS" = true ] ; then | |
118 | sed -i 's/mmcblk0p2/sda1/' $R/etc/fstab |
|
121 | sed -i 's/mmcblk0p2/sda1/' $R/etc/fstab | |
119 | fi |
|
122 | fi | |
120 |
|
123 | |||
121 | # Avoid swapping and increase cache sizes |
|
124 | # Install sysctl.d configuration files | |
122 | install_readonly files/sysctl.d/81-rpi-vm.conf $R/etc/sysctl.d/81-rpi-vm.conf |
|
125 | install_readonly files/sysctl.d/81-rpi-vm.conf $R/etc/sysctl.d/81-rpi-vm.conf |
@@ -5,64 +5,68 | |||||
5 | # Load utility functions |
|
5 | # Load utility functions | |
6 | . ./functions.sh |
|
6 | . ./functions.sh | |
7 |
|
7 | |||
8 | # Set up IPv4 hosts |
|
8 | # Install and setup hostname | |
9 | install_readonly files/network/hostname $R/etc/hostname |
|
9 | install_readonly files/network/hostname $R/etc/hostname | |
10 | sed -i "s/^rpi2-jessie/${HOSTNAME}/" $R/etc/hostname |
|
10 | sed -i "s/^rpi2-jessie/${HOSTNAME}/" $R/etc/hostname | |
11 |
|
11 | |||
|
12 | # Install and setup hosts | |||
12 | install_readonly files/network/hosts $R/etc/hosts |
|
13 | install_readonly files/network/hosts $R/etc/hosts | |
13 | sed -i "s/rpi2-jessie/${HOSTNAME}/" $R/etc/hosts |
|
14 | sed -i "s/rpi2-jessie/${HOSTNAME}/" $R/etc/hosts | |
14 |
|
15 | |||
|
16 | # Setup hostname entry with static IP | |||
15 | if [ "$NET_ADDRESS" != "" ] ; then |
|
17 | if [ "$NET_ADDRESS" != "" ] ; then | |
16 | NET_IP=$(echo ${NET_ADDRESS} | cut -f 1 -d'/') |
|
18 | NET_IP=$(echo ${NET_ADDRESS} | cut -f 1 -d'/') | |
17 | sed -i "s/^127.0.1.1/${NET_IP}/" $R/etc/hosts |
|
19 | sed -i "s/^127.0.1.1/${NET_IP}/" $R/etc/hosts | |
18 | fi |
|
20 | fi | |
19 |
|
21 | |||
20 |
# |
|
22 | # Remove IPv6 hosts | |
21 |
if [ "$ENABLE_IPV6" = |
|
23 | if [ "$ENABLE_IPV6" = false ] ; then | |
22 | cat <<EOM >>$R/etc/hosts |
|
24 | sed -i -e "/::[1-9]/d" -e "/^$/d" $R/etc/hosts | |
23 |
|
||||
24 | ::1 localhost ip6-localhost ip6-loopback |
|
|||
25 | ff02::1 ip6-allnodes |
|
|||
26 | ff02::2 ip6-allrouters |
|
|||
27 | EOM |
|
|||
28 | fi |
|
25 | fi | |
29 |
|
26 | |||
30 |
# |
|
27 | # Install hint about network configuration | |
31 | install_readonly files/network/interfaces $R/etc/network/interfaces |
|
28 | install_readonly files/network/interfaces $R/etc/network/interfaces | |
32 |
|
29 | |||
|
30 | # Install configuration for interface eth0 | |||
|
31 | install_readonly files/network/eth.network $R/etc/systemd/network/eth.network | |||
|
32 | ||||
33 | if [ "$ENABLE_DHCP" = true ] ; then |
|
33 | if [ "$ENABLE_DHCP" = true ] ; then | |
34 |
# Enable |
|
34 | # Enable DHCP configuration for interface eth0 | |
35 | install_readonly files/network/eth.network $R/etc/systemd/network/eth.network |
|
35 | sed -i -e "s/DHCP=.*/DHCP=yes/" -e "/DHCP/q" $R/etc/systemd/network/eth.network | |
36 |
|
36 | |||
37 | # Set DHCP configuration to IPv4 only |
|
37 | # Set DHCP configuration to IPv4 only | |
38 | if [ "$ENABLE_IPV6" = false ] ; then |
|
38 | if [ "$ENABLE_IPV6" = false ] ; then | |
39 |
sed -i "s/ |
|
39 | sed -i "s/DHCP=.*/DHCP=v4/" $R/etc/systemd/network/eth.network | |
40 | fi |
|
40 | fi | |
41 |
|
41 | |||
42 | else # ENABLE_DHCP=false |
|
42 | else # ENABLE_DHCP=false | |
43 | cat <<EOM >$R/etc/systemd/network/eth.network |
|
43 | # Set static network configuration for interface eth0 | |
44 | [Match] |
|
44 | sed -i\ | |
45 | Name=eth0 |
|
45 | -e "s|DHCP=.*|DHCP=no|"\ | |
46 |
|
46 | -e "s|Address=\$|Address=${NET_ADDRESS}|"\ | ||
47 | [Network] |
|
47 | -e "s|Gateway=\$|Gateway=${NET_GATEWAY}|"\ | |
48 | DHCP=no |
|
48 | -e "0,/DNS=\$/ s|DNS=\$|DNS=${NET_DNS_1}|"\ | |
49 | Address=${NET_ADDRESS} |
|
49 | -e "0,/DNS=\$/ s|DNS=\$|DNS=${NET_DNS_2}|"\ | |
50 | Gateway=${NET_GATEWAY} |
|
50 | -e "s|Domains=\$|Domains=${NET_DNS_DOMAINS}|"\ | |
51 | DNS=${NET_DNS_1} |
|
51 | -e "0,/NTP=\$/ s|NTP=\$|NTP=${NET_NTP_1}|"\ | |
52 | DNS=${NET_DNS_2} |
|
52 | -e "0,/NTP=\$/ s|NTP=\$|NTP=${NET_NTP_2}|"\ | |
53 | Domains=${NET_DNS_DOMAINS} |
|
53 | $R/etc/systemd/network/eth.network | |
54 | NTP=${NET_NTP_1} |
|
|||
55 | NTP=${NET_NTP_2} |
|
|||
56 | EOM |
|
|||
57 | fi |
|
54 | fi | |
58 |
|
55 | |||
|
56 | # Remove empty settings from network configuration | |||
|
57 | sed -i "/.*=\$/d" $R/etc/systemd/network/eth.network | |||
|
58 | ||||
59 | # Enable systemd-networkd service |
|
59 | # Enable systemd-networkd service | |
60 | chroot_exec systemctl enable systemd-networkd |
|
60 | chroot_exec systemctl enable systemd-networkd | |
61 |
|
61 | |||
|
62 | # Install host.conf resolver configuration | |||
|
63 | install_readonly files/network/host.conf $R/etc/host.conf | |||
|
64 | ||||
62 | # Enable network stack hardening |
|
65 | # Enable network stack hardening | |
63 | if [ "$ENABLE_HARDNET" = true ] ; then |
|
66 | if [ "$ENABLE_HARDNET" = true ] ; then | |
|
67 | # Install sysctl.d configuration files | |||
64 | install_readonly files/sysctl.d/82-rpi-net-hardening.conf $R/etc/sysctl.d/82-rpi-net-hardening.conf |
|
68 | install_readonly files/sysctl.d/82-rpi-net-hardening.conf $R/etc/sysctl.d/82-rpi-net-hardening.conf | |
65 |
|
69 | |||
66 |
# |
|
70 | # Setup resolver warnings about spoofed addresses | |
67 | install_readonly files/network/host.conf $R/etc/host.conf |
|
71 | sed -i "s/^# spoof warn/spoof warn/" $R/etc/host.conf | |
68 | fi |
|
72 | fi |
@@ -9,13 +9,13 if [ "$ENABLE_IPTABLES" = true ] ; then | |||||
9 | # Create iptables configuration directory |
|
9 | # Create iptables configuration directory | |
10 | mkdir -p "$R/etc/iptables" |
|
10 | mkdir -p "$R/etc/iptables" | |
11 |
|
11 | |||
12 |
# |
|
12 | # Install iptables systemd service | |
13 | install_readonly files/iptables/iptables.service $R/etc/systemd/system/iptables.service |
|
13 | install_readonly files/iptables/iptables.service $R/etc/systemd/system/iptables.service | |
14 |
|
14 | |||
15 |
# |
|
15 | # Install flush-table script called by iptables service | |
16 | install_exec files/iptables/flush-iptables.sh $R/etc/iptables/flush-iptables.sh |
|
16 | install_exec files/iptables/flush-iptables.sh $R/etc/iptables/flush-iptables.sh | |
17 |
|
17 | |||
18 |
# |
|
18 | # Install iptables rule file | |
19 | install_readonly files/iptables/iptables.rules $R/etc/iptables/iptables.rules |
|
19 | install_readonly files/iptables/iptables.rules $R/etc/iptables/iptables.rules | |
20 |
|
20 | |||
21 | # Reload systemd configuration and enable iptables service |
|
21 | # Reload systemd configuration and enable iptables service | |
@@ -23,10 +23,10 if [ "$ENABLE_IPTABLES" = true ] ; then | |||||
23 | chroot_exec systemctl enable iptables.service |
|
23 | chroot_exec systemctl enable iptables.service | |
24 |
|
24 | |||
25 | if [ "$ENABLE_IPV6" = true ] ; then |
|
25 | if [ "$ENABLE_IPV6" = true ] ; then | |
26 |
# |
|
26 | # Install ip6tables systemd service | |
27 | install_readonly files/iptables/ip6tables.service $R/etc/systemd/system/ip6tables.service |
|
27 | install_readonly files/iptables/ip6tables.service $R/etc/systemd/system/ip6tables.service | |
28 |
|
28 | |||
29 |
# |
|
29 | # Install ip6tables file | |
30 | install_exec files/iptables/flush-ip6tables.sh $R/etc/iptables/flush-ip6tables.sh |
|
30 | install_exec files/iptables/flush-ip6tables.sh $R/etc/iptables/flush-ip6tables.sh | |
31 |
|
31 | |||
32 | install_readonly files/iptables/ip6tables.rules $R/etc/iptables/ip6tables.rules |
|
32 | install_readonly files/iptables/ip6tables.rules $R/etc/iptables/ip6tables.rules |
@@ -8,13 +8,13 | |||||
8 | # Generate crypt(3) password string |
|
8 | # Generate crypt(3) password string | |
9 | ENCRYPTED_PASSWORD=`mkpasswd -m sha-512 ${PASSWORD}` |
|
9 | ENCRYPTED_PASSWORD=`mkpasswd -m sha-512 ${PASSWORD}` | |
10 |
|
10 | |||
11 |
# Set |
|
11 | # Setup default user | |
12 | if [ "$ENABLE_USER" = true ] ; then |
|
12 | if [ "$ENABLE_USER" = true ] ; then | |
13 | chroot_exec adduser --gecos pi --add_extra_groups --disabled-password pi |
|
13 | chroot_exec adduser --gecos pi --add_extra_groups --disabled-password pi | |
14 | chroot_exec usermod -a -G sudo -p "${ENCRYPTED_PASSWORD}" pi |
|
14 | chroot_exec usermod -a -G sudo -p "${ENCRYPTED_PASSWORD}" pi | |
15 | fi |
|
15 | fi | |
16 |
|
16 | |||
17 |
# Set |
|
17 | # Setup root password or not | |
18 | if [ "$ENABLE_ROOT" = true ]; then |
|
18 | if [ "$ENABLE_ROOT" = true ]; then | |
19 | chroot_exec usermod -p "${ENCRYPTED_PASSWORD}" root |
|
19 | chroot_exec usermod -p "${ENCRYPTED_PASSWORD}" root | |
20 |
|
20 |
@@ -1,5 +1,5 | |||||
1 | # |
|
1 | # | |
2 |
# Build and Setup U |
|
2 | # Build and Setup U-Boot | |
3 | # |
|
3 | # | |
4 |
|
4 | |||
5 | # Load utility functions |
|
5 | # Load utility functions | |
@@ -22,10 +22,10 if [ "$ENABLE_UBOOT" = true ] ; then | |||||
22 | cp $R/tmp/u-boot/u-boot.bin $R/boot/firmware/ |
|
22 | cp $R/tmp/u-boot/u-boot.bin $R/boot/firmware/ | |
23 | printf "\n# boot u-boot kernel\nkernel=u-boot.bin\n" >> $R/boot/firmware/config.txt |
|
23 | printf "\n# boot u-boot kernel\nkernel=u-boot.bin\n" >> $R/boot/firmware/config.txt | |
24 |
|
24 | |||
25 |
# |
|
25 | # Install and setup U-Boot command file | |
26 | install_readonly files/boot/uboot.mkimage $R/boot/firmware/uboot.mkimage |
|
26 | install_readonly files/boot/uboot.mkimage $R/boot/firmware/uboot.mkimage | |
27 | printf "# Set the kernel boot command line\nsetenv bootargs \"earlyprintk ${CMDLINE}\"\n\n$(cat $R/boot/firmware/uboot.mkimage)" > $R/boot/firmware/uboot.mkimage |
|
27 | printf "# Set the kernel boot command line\nsetenv bootargs \"earlyprintk ${CMDLINE}\"\n\n$(cat $R/boot/firmware/uboot.mkimage)" > $R/boot/firmware/uboot.mkimage | |
28 |
|
28 | |||
29 |
# Generate U-Boot |
|
29 | # Generate U-Boot bootloader image | |
30 |
chroot_exec /tmp/u-boot/tools/mkimage -A |
|
30 | chroot_exec /tmp/u-boot/tools/mkimage -A ${KERNEL_ARCH} -O linux -T script -C none -a 0x00000000 -e 0x00000000 -n RPi2 -d /boot/firmware/uboot.mkimage /boot/firmware/boot.scr | |
31 | fi |
|
31 | fi |
@@ -21,7 +21,7 make | |||||
21 | make install |
|
21 | make install | |
22 | EOF |
|
22 | EOF | |
23 |
|
23 | |||
24 |
# |
|
24 | # Install fbturbo driver Xorg configuration | |
25 | install_readonly files/xorg/99-fbturbo.conf $R/usr/share/X11/xorg.conf.d/99-fbturbo.conf |
|
25 | install_readonly files/xorg/99-fbturbo.conf $R/usr/share/X11/xorg.conf.d/99-fbturbo.conf | |
26 |
|
26 | |||
27 | # Remove Xorg build dependencies |
|
27 | # Remove Xorg build dependencies |
1 | NO CONTENT: file renamed from files/modprobe.d/raspi-blacklist.conf to files/modules/raspi-blacklist.conf |
|
NO CONTENT: file renamed from files/modprobe.d/raspi-blacklist.conf to files/modules/raspi-blacklist.conf |
@@ -2,4 +2,11 | |||||
2 | Name=eth0 |
|
2 | Name=eth0 | |
3 |
|
3 | |||
4 | [Network] |
|
4 | [Network] | |
5 |
DHCP= |
|
5 | DHCP=no | |
|
6 | Address= | |||
|
7 | Gateway= | |||
|
8 | DNS= | |||
|
9 | DNS= | |||
|
10 | Domains= | |||
|
11 | NTP= | |||
|
12 | NTP= |
@@ -1,2 +1,6 | |||||
1 | 127.0.0.1 localhost |
|
1 | 127.0.0.1 localhost | |
2 | 127.0.1.1 rpi2-jessie |
|
2 | 127.0.1.1 rpi2-jessie | |
|
3 | ||||
|
4 | ::1 localhost ip6-localhost ip6-loopback | |||
|
5 | ff02::1 ip6-allnodes | |||
|
6 | ff02::2 ip6-allrouters |
@@ -25,7 +25,11 set -x | |||||
25 |
|
25 | |||
26 | # Debian release |
|
26 | # Debian release | |
27 | RELEASE=${RELEASE:=jessie} |
|
27 | RELEASE=${RELEASE:=jessie} | |
|
28 | KERNEL_ARCH=${KERNEL_ARCH:=arm} | |||
|
29 | RELEASE_ARCH=${RELEASE_ARCH:=armhf} | |||
|
30 | CROSS_COMPILE=${CROSS_COMPILE:=arm-linux-gnueabihf-} | |||
28 | COLLABORA_KERNEL=${COLLABORA_KERNEL:=3.18.0-trunk-rpi2} |
|
31 | COLLABORA_KERNEL=${COLLABORA_KERNEL:=3.18.0-trunk-rpi2} | |
|
32 | QEMU_BINARY=${QEMU_BINARY:=/usr/bin/qemu-arm-static} | |||
29 |
|
33 | |||
30 | # Build settings |
|
34 | # Build settings | |
31 | BASEDIR=$(pwd)/images/${RELEASE} |
|
35 | BASEDIR=$(pwd)/images/${RELEASE} | |
@@ -88,6 +92,7 ENABLE_SPLITFS=${ENABLE_SPLITFS:=false} | |||||
88 | BUILD_KERNEL=${BUILD_KERNEL:=false} |
|
92 | BUILD_KERNEL=${BUILD_KERNEL:=false} | |
89 | KERNEL_THREADS=${KERNEL_THREADS:=1} |
|
93 | KERNEL_THREADS=${KERNEL_THREADS:=1} | |
90 | KERNEL_HEADERS=${KERNEL_HEADERS:=true} |
|
94 | KERNEL_HEADERS=${KERNEL_HEADERS:=true} | |
|
95 | KERNEL_MENUCONFIG=${KERNEL_MENUCONFIG:=false} | |||
91 | KERNEL_RMSRC=${KERNEL_RMSRC:=true} |
|
96 | KERNEL_RMSRC=${KERNEL_RMSRC:=true} | |
92 |
|
97 | |||
93 | # Image chroot path |
|
98 | # Image chroot path | |
@@ -115,6 +120,9 fi | |||||
115 | # Add packages required for kernel cross compilation |
|
120 | # Add packages required for kernel cross compilation | |
116 | if [ "$BUILD_KERNEL" = true ] ; then |
|
121 | if [ "$BUILD_KERNEL" = true ] ; then | |
117 | REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-armhf" |
|
122 | REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-armhf" | |
|
123 | if [ "$KERNEL_MENUCONFIG" = true ] ; then | |||
|
124 | REQUIRED_PACKAGES="${REQUIRED_PACKAGES} ncurses-dev" | |||
|
125 | fi | |||
118 | fi |
|
126 | fi | |
119 |
|
127 | |||
120 | # Check if all required packages are installed |
|
128 | # Check if all required packages are installed | |
@@ -150,7 +158,7 set -x | |||||
150 | # Call "cleanup" function on various signals and errors |
|
158 | # Call "cleanup" function on various signals and errors | |
151 | trap cleanup 0 1 2 3 6 |
|
159 | trap cleanup 0 1 2 3 6 | |
152 |
|
160 | |||
153 |
# Set |
|
161 | # Setup chroot directory | |
154 | mkdir -p $R |
|
162 | mkdir -p $R | |
155 |
|
163 | |||
156 | # Add required packages for the minbase installation |
|
164 | # Add required packages for the minbase installation | |
@@ -298,7 +306,7 unit: sectors | |||||
298 | 3 : start= 0, size= 0, Id= 0 |
|
306 | 3 : start= 0, size= 0, Id= 0 | |
299 | 4 : start= 0, size= 0, Id= 0 |
|
307 | 4 : start= 0, size= 0, Id= 0 | |
300 | EOM |
|
308 | EOM | |
301 |
# Set |
|
309 | # Setup temporary loop devices | |
302 | FRMW_LOOP="$(losetup -o 1M --sizelimit 64M -f --show $BASEDIR/${DATE}-debian-${RELEASE}-frmw.img)" |
|
310 | FRMW_LOOP="$(losetup -o 1M --sizelimit 64M -f --show $BASEDIR/${DATE}-debian-${RELEASE}-frmw.img)" | |
303 | ROOT_LOOP="$(losetup -o 1M -f --show $BASEDIR/${DATE}-debian-${RELEASE}-root.img)" |
|
311 | ROOT_LOOP="$(losetup -o 1M -f --show $BASEDIR/${DATE}-debian-${RELEASE}-root.img)" | |
304 | else |
|
312 | else | |
@@ -313,7 +321,7 unit: sectors | |||||
313 | 3 : start= 0, size= 0, Id= 0 |
|
321 | 3 : start= 0, size= 0, Id= 0 | |
314 | 4 : start= 0, size= 0, Id= 0 |
|
322 | 4 : start= 0, size= 0, Id= 0 | |
315 | EOM |
|
323 | EOM | |
316 |
# Set |
|
324 | # Setup temporary loop devices | |
317 | FRMW_LOOP="$(losetup -o 1M --sizelimit 64M -f --show $BASEDIR/${DATE}-debian-${RELEASE}.img)" |
|
325 | FRMW_LOOP="$(losetup -o 1M --sizelimit 64M -f --show $BASEDIR/${DATE}-debian-${RELEASE}.img)" | |
318 | ROOT_LOOP="$(losetup -o 65M -f --show $BASEDIR/${DATE}-debian-${RELEASE}.img)" |
|
326 | ROOT_LOOP="$(losetup -o 65M -f --show $BASEDIR/${DATE}-debian-${RELEASE}.img)" | |
319 | fi |
|
327 | fi | |
@@ -342,12 +350,12 if [ "$ENABLE_SPLITFS" = true ] ; then | |||||
342 | bmaptool create -o "$BASEDIR/${DATE}-debian-${RELEASE}-root.bmap" "$BASEDIR/${DATE}-debian-${RELEASE}-root.img" |
|
350 | bmaptool create -o "$BASEDIR/${DATE}-debian-${RELEASE}-root.bmap" "$BASEDIR/${DATE}-debian-${RELEASE}-root.img" | |
343 |
|
351 | |||
344 | # Image was successfully created |
|
352 | # Image was successfully created | |
345 | echo "$BASEDIR/${DATE}-debian-${RELEASE}-frmw.img ($(expr ${TABLE_SECTORS} + ${FRMW_SECTORS} \* 512 \/ 1024 \/ 1024)M)" ": successfully created" |
|
353 | echo "$BASEDIR/${DATE}-debian-${RELEASE}-frmw.img ($(expr \( ${TABLE_SECTORS} + ${FRMW_SECTORS} \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created" | |
346 | echo "$BASEDIR/${DATE}-debian-${RELEASE}-root.img ($(expr ${TABLE_SECTORS} + ${ROOT_SECTORS} \* 512 \/ 1024 \/ 1024)M)" ": successfully created" |
|
354 | echo "$BASEDIR/${DATE}-debian-${RELEASE}-root.img ($(expr \( ${TABLE_SECTORS} + ${ROOT_SECTORS} \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created" | |
347 | else |
|
355 | else | |
348 | # Create block map file for "bmaptool" |
|
356 | # Create block map file for "bmaptool" | |
349 | bmaptool create -o "$BASEDIR/${DATE}-debian-${RELEASE}.bmap" "$BASEDIR/${DATE}-debian-${RELEASE}.img" |
|
357 | bmaptool create -o "$BASEDIR/${DATE}-debian-${RELEASE}.bmap" "$BASEDIR/${DATE}-debian-${RELEASE}.img" | |
350 |
|
358 | |||
351 | # Image was successfully created |
|
359 | # Image was successfully created | |
352 | echo "$BASEDIR/${DATE}-debian-${RELEASE}.img ($(expr ${TABLE_SECTORS} + ${FRMW_SECTORS} + ${ROOT_SECTORS} \* 512 \/ 1024 \/ 1024)M)" ": successfully created" |
|
360 | echo "$BASEDIR/${DATE}-debian-${RELEASE}.img ($(expr \( ${TABLE_SECTORS} + ${FRMW_SECTORS} + ${ROOT_SECTORS} \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created" | |
353 | fi |
|
361 | fi |
General Comments 0
Vous devez vous connecter pour laisser un commentaire.
Se connecter maintenant