##// END OF EJS Templates
merge Ok
vidal -
r705:b9989bcfeb78
parent child
Show More
@@ -12,6 +12,7 The following list of Debian packages must be installed on the build system beca
12 12 ```debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git bc psmisc dbus sudo```
13 13
14 14 It is recommended to configure the `rpi23-gen-image.sh` script to build and install the latest Raspberry Pi Linux kernel. For the Raspberry 3 this is mandatory. Kernel compilation and linking will be performed on the build system using an ARM (armhf/armel) cross-compiler toolchain.
15 It is recommended to configure the `rpi23-gen-image.sh` script to build and install the latest Raspberry Pi Linux kernel. For the Raspberry 3 this is mandatory. Kernel compilation and linking will be performed on the build system using an ARM (armhf/armel/aarch64) cross-compiler toolchain.
15 16
16 17 The script has been tested using the default `crossbuild-essential-armhf` and `crossbuild-essential-armel` toolchain meta packages on Debian Linux `stretch` build systems. Please check the [Debian CrossToolchains Wiki](https://wiki.debian.org/CrossToolchains) for further information.
17 18
@@ -66,6 +67,7 A comma-separated list of additional packages to be installed by apt after boots
66 67 #### General system settings:
67 68 ##### `SET_ARCH`=32
68 69 Set Architecture to default 32bit. If you want to compile 64-bit (RPI3 or RPI3+) set it to `64`. This option will set every needed cross-compiler or board specific option for a successful build.
70 Set Architecture to default 32bit. If you want to compile 64-bit (RPI3/RPI3+/RPI4) set it to `64`. This option will set every needed cross-compiler or board specific option for a successful build.
69 71
70 72 ##### `RPI_MODEL`=2
71 73 Specify the target Raspberry Pi hardware model. The script at this time supports the following Raspberry Pi models:
@@ -75,6 +77,7 Specify the target Raspberry Pi hardware model. The script at this time supports
75 77 - `2` = Raspberry Pi 2 model B
76 78 - `3` = Raspberry Pi 3 model B
77 79 - `3P` = Raspberry Pi 3 model B+
80 - `4` = Raspberry Pi 4 model B
78 81
79 82 ##### `RELEASE`="buster"
80 83 Set the desired Debian release name. The script at this time supports the bootstrapping of the Debian releases `stretch` and `buster`.
@@ -220,6 +223,9 Support for halt,init,poweroff,reboot,runlevel,shutdown,telinit commands
220 223 ---
221 224
222 225 #### Advanced system features:
226 ##### `ENABLE_KEYGEN`=false
227 Recover your lost codec license
228
223 229 ##### `ENABLE_SYSTEMDSWAP`=false
224 230 Enables [Systemd-swap service](https://github.com/Nefelim4ag/systemd-swap). Usefull if `KERNEL_ZSWAP` is enabled.
225 231
@@ -231,6 +237,7 Reduce the disk space usage by deleting packages and files. See `REDUCE_*` param
231 237
232 238 ##### `ENABLE_UBOOT`=false
233 239 Replace the default RPi 0/1/2/3 second stage bootloader (bootcode.bin) with [U-Boot bootloader](https://git.denx.de/?p=u-boot.git;a=summary). U-Boot can boot images via the network using the BOOTP/TFTP protocol.
240 RPI4 needs tbd
234 241
235 242 ##### `UBOOTSRC_DIR`=""
236 243 Path to a directory (`u-boot`) of [U-Boot bootloader sources](https://git.denx.de/?p=u-boot.git;a=summary) that will be copied, configured, build and installed inside the chroot.
@@ -315,6 +322,11 Add SSH (v2) public key(s) from specified file to `authorized_keys` file to enab
315 322 #### Kernel compilation:
316 323 ##### `BUILD_KERNEL`=true
317 324 Build and install the latest RPi 0/1/2/3 Linux kernel. Currently only the default RPi 0/1/2/3 kernel configuration is used.
325 Build and install the latest RPi 0/1/2/3/4 Linux kernel. The default RPi 0/1/2/3/ kernel configuration is used most of the time.
326 ENABLE_NEXMON - Changes Kernel Source to [https://github.com/Re4son/](Kali Linux Kernel)
327 Precompiled 32bit kernel for RPI0/1/2/3 by [https://github.com/hypriot/](hypriot)
328 Precompiled 64bit kernel for RPI3/4 by [https://github.com/sakaki-/](sakaki)
329
318 330
319 331 ##### `CROSS_COMPILE`="arm-linux-gnueabihf-"
320 332 This sets the cross-compile environment for the compiler.
@@ -391,6 +403,18 Allow attaching eBPF programs to a cgroup using the bpf syscall (CONFIG_BPF_SYSC
391 403 ##### `KERNEL_SECURITY`=false
392 404 Enables Apparmor, integrity subsystem, auditing.
393 405
406 ##### `KERNEL_BTRFS`="false"
407 enable btrfs kernel support
408
409 ##### `KERNEL_POEHAT`="false"
410 enable Enable RPI POE HAT fan kernel support
411
412 ##### `KERNEL_NSPAWN`="false"
413 Enable per-interface network priority control - for systemd-nspawn
414
415 ##### `KERNEL_DHKEY`="true"
416 Diffie-Hellman operations on retained keys - required for >keyutils-1.6
417
394 418 ---
395 419
396 420 #### Reduce disk usage:
@@ -433,8 +457,12 Set password of the encrypted root partition. This parameter is mandatory if `EN
433 457 Set name of dm-crypt managed device-mapper mapping.
434 458
435 459 ##### `CRYPTFS_CIPHER`="aes-xts-plain64:sha512"
460 ##### `CRYPTFS_CIPHER`="aes-xts-plain64"
436 461 Set cipher specification string. `aes-xts*` ciphers are strongly recommended.
437 462
463 ##### `CRYPTFS_HASH`=sha512
464 Hash function and size to be used
465
438 466 ##### `CRYPTFS_XTSKEYSIZE`=512
439 467 Sets key size in bits. The argument has to be a multiple of 8.
440 468
@@ -35,7 +35,17 fi
35 35
36 36 # Use specified APT server and release
37 37 sed -i "s/\/ftp.debian.org\//\/${APT_SERVER}\//" "${ETC_DIR}/apt/sources.list"
38
39 #Fix for changing path for security updates in testing/bullseye
40 if [ "$RELEASE" = "testing" ] ; then
41 sed -i "s,stretch\\/updates,testing-security," "${ETC_DIR}/apt/sources.list"
38 42 sed -i "s/ stretch/ ${RELEASE}/" "${ETC_DIR}/apt/sources.list"
43 fi
44
45 if [ -z "$RELEASE" ] ; then
46 # Change release in sources list
47 sed -i "s/ stretch/ ${RELEASE}/" "${ETC_DIR}/apt/sources.list"
48 fi
39 49
40 50 # Upgrade package index and update all installed packages and changed dependencies
41 51 chroot_exec apt-get -qq -y update
@@ -8,13 +8,17
8 8 # Install and setup fstab
9 9 install_readonly files/mount/fstab "${ETC_DIR}/fstab"
10 10
11 # Add usb/sda disk root partition to fstab
12 if [ "$ENABLE_SPLITFS" = true ] && [ "$ENABLE_CRYPTFS" = false ] ; then
13 sed -i "s/mmcblk0p2/sda1/" "${ETC_DIR}/fstab"
11 # Generate initramfs file
12 if [ "$ENABLE_INITRAMFS" = true ] ; then
13 if [ "$ENABLE_CRYPTFS" = true ] ; then
14
15 # Include initramfs scripts to auto expand encrypted root partition
16 if [ "$EXPANDROOT" = true ] ; then
17 install_exec files/initramfs/expand_encrypted_rootfs "${ETC_DIR}/initramfs-tools/scripts/init-premount/expand_encrypted_rootfs"
18 install_exec files/initramfs/expand-premount "${ETC_DIR}/initramfs-tools/scripts/local-premount/expand-premount"
19 install_exec files/initramfs/expand-tools "${ETC_DIR}/initramfs-tools/hooks/expand-tools"
14 20 fi
15 21
16 # Add encrypted root partition to fstab and crypttab
17 if [ "$ENABLE_CRYPTFS" = true ] ; then
18 22 # Replace fstab root partition with encrypted partition mapping
19 23 sed -i "s/mmcblk0p2/mapper\/${CRYPTFS_MAPPING}/" "${ETC_DIR}/fstab"
20 24
@@ -22,45 +26,33 if [ "$ENABLE_CRYPTFS" = true ] ; then
22 26 install_readonly files/mount/crypttab "${ETC_DIR}/crypttab"
23 27 echo "${CRYPTFS_MAPPING} /dev/mmcblk0p2 none luks,initramfs" >> "${ETC_DIR}/crypttab"
24 28
25 if [ "$ENABLE_SPLITFS" = true ] ; then
26 # Add usb/sda1 disk to crypttab
27 sed -i "s/mmcblk0p2/sda1/" "${ETC_DIR}/crypttab"
28 fi
29 fi
30
31 if [ "$ENABLE_USBBOOT" = true ] ; then
29 if [ "$ENABLE_USBBOOT" = true ] && [ "$ENABLE_SPLITFS" = false ]; then
32 30 sed -i "s/mmcblk0p1/sda1/" "${ETC_DIR}/fstab"
33 sed -i "s/mmcblk0p2/sda2/" "${ETC_DIR}/fstab"
34
35 31 # Add usb/sda2 disk to crypttab
36 32 sed -i "s/mmcblk0p2/sda2/" "${ETC_DIR}/crypttab"
37 33 fi
38 34
39 # Generate initramfs file
40 if [ "$ENABLE_INITRAMFS" = true ] ; then
41 if [ "$ENABLE_CRYPTFS" = true ] ; then
42 # Include initramfs scripts to auto expand encrypted root partition
43 if [ "$EXPANDROOT" = true ] ; then
44 install_exec files/initramfs/expand_encrypted_rootfs "${ETC_DIR}/initramfs-tools/scripts/init-premount/expand_encrypted_rootfs"
45 install_exec files/initramfs/expand-premount "${ETC_DIR}/initramfs-tools/scripts/local-premount/expand-premount"
46 install_exec files/initramfs/expand-tools "${ETC_DIR}/initramfs-tools/hooks/expand-tools"
35 # Add encrypted root partition to fstab and crypttab
36 if [ "$ENABLE_SPLITFS" = true ] && [ "$ENABLE_USBBOOT" = false ]; then
37 # Add usb/sda1 disk to crypttab
38 sed -i "s/mmcblk0p2/sda1/" "${ETC_DIR}/crypttab"
47 39 fi
48 40
41 if [ "$CRYPTFS_DROPBEAR" = true ]; then
49 42 if [ "$ENABLE_DHCP" = false ] ; then
50 43 # Get cdir from NET_ADDRESS e.g. 24
51 cdir=$(${NET_ADDRESS} | cut -d '/' -f2)
44 cdir=$(printf "%s" "${NET_ADDRESS}" | cut -d '/' -f2)
52 45
53 46 # Convert cdir ro netmask e.g. 24 to 255.255.255.0
54 47 NET_MASK=$(cdr2mask "$cdir")
55 48
56 49 # Write static ip settings to "${ETC_DIR}"/initramfs-tools/initramfs.conf
57 sed -i "\$aIP=${NET_ADDRESS}::${NET_GATEWAY}:${NET_MASK}:${HOSTNAME}:" "${ETC_DIR}"/initramfs-tools/initramfs.conf
58
59 # Regenerate initramfs
60 chroot_exec mkinitramfs -o "/boot/firmware/initramfs-${KERNEL_VERSION}" "${KERNEL_VERSION}"
50 # ip=<client-ip>:<server-ip>:<gw-ip>:<netmask>:<hostname>:<device>:<autoconf>
51 sed -i "\$a\nIP=${NET_ADDRESS}::${NET_GATEWAY}:${NET_MASK}:${HOSTNAME}:" "${ETC_DIR}"/initramfs-tools/initramfs.conf
52 else
53 sed -i "\$a\nIP=::::${HOSTNAME}::dhcp" "${ETC_DIR}"/initramfs-tools/initramfs.conf
61 54 fi
62 55
63 if [ "$CRYPTFS_DROPBEAR" = true ]; then
64 56 if [ -n "$CRYPTFS_DROPBEAR_PUBKEY" ] && [ -f "$CRYPTFS_DROPBEAR_PUBKEY" ] ; then
65 57 install_readonly "${CRYPTFS_DROPBEAR_PUBKEY}" "${ETC_DIR}"/dropbear-initramfs/id_rsa.pub
66 58 cat "${ETC_DIR}"/dropbear-initramfs/id_rsa.pub >> "${ETC_DIR}"/dropbear-initramfs/authorized_keys
@@ -93,6 +85,7 if [ "$ENABLE_INITRAMFS" = true ] ; then
93 85 # Enable Dropbear inside initramfs
94 86 sed -i "54 i sleep 5" "${R}"/usr/share/initramfs-tools/scripts/init-premount/dropbear
95 87 fi
88 # CRYPTFSDROPBEAR=false
96 89 else
97 90 # Disable SSHD inside initramfs
98 91 printf "#\n# DROPBEAR: [ y | n ]\n#\n\nDROPBEAR=n\n" >> "${ETC_DIR}/initramfs-tools/initramfs.conf"
@@ -100,16 +93,29 if [ "$ENABLE_INITRAMFS" = true ] ; then
100 93
101 94 # Add cryptsetup modules to initramfs
102 95 printf "#\n# CRYPTSETUP: [ y | n ]\n#\n\nCRYPTSETUP=y\n" >> "${ETC_DIR}/initramfs-tools/conf-hook"
96 #printf "#\n# CRYPTSETUP: [ y | n ]\n#\n\nCRYPTSETUP=y\n" >> "${ETC_DIR}/initramfs-tools/conf-hook"
103 97
104 98 # Dummy mapping required by mkinitramfs
105 99 echo "0 1 crypt $(echo "${CRYPTFS_CIPHER}" | cut -d ':' -f 1) ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff 0 7:0 4096" | chroot_exec dmsetup create "${CRYPTFS_MAPPING}"
100 echo "0 1 crypt "${CRYPTFS_CIPHER}" ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff 0 7:0 4096" | chroot_exec dmsetup create "${CRYPTFS_MAPPING}"
106 101
107 102 # Generate initramfs with encrypted root partition support
108 103 chroot_exec mkinitramfs -o "/boot/firmware/initramfs-${KERNEL_VERSION}" "${KERNEL_VERSION}"
109 104
110 105 # Remove dummy mapping
111 106 chroot_exec cryptsetup close "${CRYPTFS_MAPPING}"
107 # CRYPTFS=false
112 108 else
109 #USB BOOT /boot on sda1 / on sda2
110 if [ "$ENABLE_USBBOOT" = true ] ; then
111 sed -i "s/mmcblk0p1/sda1/" "${ETC_DIR}/fstab"
112 sed -i "s/mmcblk0p2/sda2/" "${ETC_DIR}/fstab"
113 fi
114
115 # Add usb/sda disk root partition to fstab
116 if [ "$ENABLE_SPLITFS" = true ] ; then
117 sed -i "s/mmcblk0p2/sda1/" "${ETC_DIR}/fstab"
118 fi
113 119 # Generate initramfs without encrypted root partition support
114 120 chroot_exec mkinitramfs -o "/boot/firmware/initramfs-${KERNEL_VERSION}" "${KERNEL_VERSION}"
115 121 fi
@@ -113,6 +113,7 if [ "$ENABLE_TURBO" = true ] ; then
113 113 fi
114 114
115 115 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then
116 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] || [ "$RPI_MODEL" = 4 ]; then
116 117
117 118 # Bluetooth enabled
118 119 if [ "$ENABLE_BLUETOOTH" = true ] ; then
@@ -132,6 +133,10 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then
132 133 # Set permissions
133 134 chown -R root:root "${R}/tmp/pi-bluetooth"
134 135
136 # Bluetooth firmware from arch aur https://aur.archlinux.org/packages/pi-bluetooth/
137 wget -q -O "${R}/tmp/pi-bluetooth/LICENCE.broadcom_bcm43xx" https://aur.archlinux.org/cgit/aur.git/plain/LICENCE.broadcom_bcm43xx?h=pi-bluetooth
138 wget -q -O "${R}/tmp/pi-bluetooth/BCM43430A1.hcd" https://raw.githubusercontent.com/RPi-Distro/bluez-firmware/master/broadcom/BCM43430A1.hcd
139
135 140 # Install tools
136 141 install_readonly "${R}/tmp/pi-bluetooth/usr/bin/btuart" "${R}/usr/bin/btuart"
137 142 install_readonly "${R}/tmp/pi-bluetooth/usr/bin/bthelper" "${R}/usr/bin/bthelper"
@@ -211,6 +216,11 if [ "$ENABLE_SYSTEMDSWAP" = true ] ; then
211 216 # Change into downloaded src dir
212 217 cd "${R}/tmp/systemd-swap" || exit
213 218
219
220 # Get Verion
221 VERSION=$(git tag | tail -n 1)
222 #sed -i "s/DEB_NAME=.*/DEB_NAME=systemd-swap_all/g" "${R}/tmp/systemd-swap/package.sh"
223
214 224 # Build package
215 225 bash ./package.sh debian
216 226
@@ -222,6 +232,7 if [ "$ENABLE_SYSTEMDSWAP" = true ] ; then
222 232
223 233 # Install package - IMPROVE AND MAKE IT POSSIBLE WITHOUT VERSION NR.
224 234 chroot_exec dpkg -i /tmp/systemd-swap/systemd-swap_4.0.1_any.deb
235 chroot_exec dpkg -i /tmp/systemd-swap/systemd-swap_"$VERSION"_all.deb
225 236
226 237 # Enable service
227 238 chroot_exec systemctl enable systemd-swap
@@ -107,6 +107,7 if [ "$ENABLE_WIRELESS" = true ] ; then
107 107
108 108 # Fetch firmware binary blob for RPI3B+
109 109 if [ "$RPI_MODEL" = 3P ] ; then
110 if [ "$RPI_MODEL" = 3P ] || [ "$RPI_MODEL" = 4 ] ; then
110 111 # Fetch firmware binary blob for RPi3P
111 112 as_nobody wget -q -O "${temp_dir}/brcmfmac43455-sdio.bin" "${WLAN_FIRMWARE_URL}/brcmfmac43455-sdio.bin"
112 113 as_nobody wget -q -O "${temp_dir}/brcmfmac43455-sdio.txt" "${WLAN_FIRMWARE_URL}/brcmfmac43455-sdio.txt"
@@ -35,10 +35,12 if [ "$ENABLE_VIDEOCORE" = true ] ; then
35 35
36 36 if [ "$RELEASE_ARCH" = "arm64" ] ; then
37 37 cmake -DCMAKE_SYSTEM_NAME=Linux -DCMAKE_BUILD_TYPE=release -DARM64=ON -DCMAKE_C_COMPILER=aarch64-linux-gnu-gcc -DCMAKE_CXX_COMPILER=aarch64-linux-gnu-g++ -DCMAKE_ASM_COMPILER=aarch64-linux-gnu-gcc -DCMAKE_C_FLAGS="${CMAKE_C_FLAGS} -U_FORTIFY_SOURCE" -DCMAKE_ASM_FLAGS="${CMAKE_ASM_FLAGS} -c" -DVIDEOCORE_BUILD_DIR="${R}" "${R}/tmp/userland"
38 cmake -DCMAKE_SYSTEM_NAME=Linux -DCMAKE_BUILD_TYPE=release -DCMAKE_TOOLCHAIN_FILE="${R}"/tmp/userland/makefiles/cmake/toolchains/aarch64-linux-gnu.cmake -DARM64=ON -DCMAKE_C_COMPILER=aarch64-linux-gnu-gcc -DCMAKE_CXX_COMPILER=aarch64-linux-gnu-g++ -DCMAKE_ASM_COMPILER=aarch64-linux-gnu-gcc -DCMAKE_C_FLAGS="${CMAKE_C_FLAGS} -U_FORTIFY_SOURCE" -DCMAKE_ASM_FLAGS="${CMAKE_ASM_FLAGS} -c" -DVIDEOCORE_BUILD_DIR="${R}" "${R}/tmp/userland"
38 39 fi
39 40
40 41 if [ "$RELEASE_ARCH" = "armel" ] ; then
41 42 cmake -DCMAKE_SYSTEM_NAME=Linux -DCMAKE_BUILD_TYPE=release -DCMAKE_C_COMPILER=arm-linux-gnueabi-gcc -DCMAKE_CXX_COMPILER=arm-linux-gnueabi-g++ -DCMAKE_ASM_COMPILER=arm-linux-gnueabi-gcc -DCMAKE_C_FLAGS="${CMAKE_C_FLAGS} -U_FORTIFY_SOURCE" -DCMAKE_ASM_FLAGS="${CMAKE_ASM_FLAGS} -c" -DCMAKE_SYSTEM_PROCESSOR="arm" -DVIDEOCORE_BUILD_DIR="${R}" "${R}/tmp/userland"
43 cmake -DCMAKE_SYSTEM_NAME=Linux -DCMAKE_BUILD_TYPE=release -DCMAKE_TOOLCHAIN_FILE="${R}"/tmp/userland/makefiles/cmake/toolchains/arm-linux-gnueabihf.cmake -DCMAKE_C_COMPILER=arm-linux-gnueabi-gcc -DCMAKE_CXX_COMPILER=arm-linux-gnueabi-g++ -DCMAKE_ASM_COMPILER=arm-linux-gnueabi-gcc -DCMAKE_C_FLAGS="${CMAKE_C_FLAGS} -U_FORTIFY_SOURCE" -DCMAKE_ASM_FLAGS="${CMAKE_ASM_FLAGS} -c" -DCMAKE_SYSTEM_PROCESSOR="arm" -DVIDEOCORE_BUILD_DIR="${R}" "${R}/tmp/userland"
42 44 fi
43 45
44 46 if [ "$RELEASE_ARCH" = "armhf" ] ; then
@@ -75,6 +75,7 if [ "$ENABLE_NEXMON" = true ] && [ "$ENABLE_WIRELESS" = true ]; then
75 75 fi
76 76
77 77 if [ "$RPI_MODEL" = 3P ] ; then
78 if [ "$RPI_MODEL" = 3P ] || [ "$RPI_MODEL" = 4 ] ; then
78 79 cd "${NEXMON_ROOT}"/patches/bcm43455c0/7_45_154/nexmon || exit
79 80 sed -i -e 's/all:.*/all: $(RAM_FILE)/g' ${NEXMON_ROOT}/patches/bcm43455c0/7_45_154/nexmon/Makefile
80 81 make clean
@@ -44,6 +44,9 RPI_MODEL=${RPI_MODEL:=2}
44 44
45 45 # Debian release
46 46 RELEASE=${RELEASE:=buster}
47 if [ $RELEASE = "bullseye" ] ; then
48 RELEASE=testing
49 fi
47 50
48 51 # Kernel Branch
49 52 KERNEL_BRANCH=${KERNEL_BRANCH:=""}
@@ -65,10 +68,17 RPI_32_KERNEL_URL=${RPI_32_KERNEL_URL:=https://github.com/hypriot/rpi-kernel/rel
65 68 RPI_32_KERNELHEADER_URL=${RPI_32_KERNELHEADER_URL:=https://github.com/hypriot/rpi-kernel/releases/download/v4.14.34/raspberrypi-kernel-headers_20180422-141901_armhf.deb}
66 69 # Kernel has KVM and zswap enabled - use if KERNEL_* parameters and precompiled kernel are used
67 70 RPI3_64_BIS_KERNEL_URL=${RPI3_64_BIS_KERNEL_URL:=https://github.com/sakaki-/bcmrpi3-kernel-bis/releases/download/4.14.80.20181113/bcmrpi3-kernel-bis-4.14.80.20181113.tar.xz}
71 RPI3_64_BIS_KERNEL_URL=${RPI3_64_BIS_KERNEL_URL:=https://github.com/sakaki-/bcmrpi3-kernel-bis/releases/download/4.19.80.20191022/bcmrpi3-kernel-bis-4.19.80.20191022.tar.xz}
68 72 # Default precompiled 64bit kernel
69 73 RPI3_64_DEF_KERNEL_URL=${RPI3_64_DEF_KERNEL_URL:=https://github.com/sakaki-/bcmrpi3-kernel/releases/download/4.14.80.20181113/bcmrpi3-kernel-4.14.80.20181113.tar.xz}
74 RPI3_64_DEF_KERNEL_URL=${RPI3_64_DEF_KERNEL_URL:=https://github.com/sakaki-/bcmrpi3-kernel/releases/download/4.19.80.20191022/bcmrpi3-kernel-4.19.80.20191022.tar.xz}
75 # Sakaki BIS Kernel RPI4 - https://github.com/sakaki-/bcm2711-kernel-bis
76 RPI4_64_BIS_KERNEL_URL=${RPI4_64_BIS_KERNEL_URL:=https://github.com/sakaki-/bcm2711-kernel-bis/releases/download/4.19.59.20190724/bcm2711-kernel-bis-4.19.59.20190724.tar.xz}
77 # Default precompiled 64bit kernel - https://github.com/sakaki-/bcm2711-kernel
78 RPI4_64_DEF_KERNEL_URL=${RPI4_64_DEF_KERNEL_URL:=https://github.com/sakaki-/bcm2711-kernel-bis/releases/download/4.19.59.20190724/bcm2711-kernel-bis-4.19.59.20190724.tar.xz}
70 79 # Generic
71 80 RPI3_64_KERNEL_URL=${RPI3_64_KERNEL_URL:=$RPI3_64_DEF_KERNEL_URL}
81 RPI4_64_KERNEL_URL=${RPI4_64_KERNEL_URL:=$RPI4_64_DEF_KERNEL_URL}
72 82 # Kali kernel src - used if ENABLE_NEXMON=true (they patch the wlan kernel modul)
73 83 KALI_KERNEL_URL=${KALI_KERNEL_URL:=https://github.com/Re4son/re4son-raspberrypi-linux.git}
74 84
@@ -191,6 +201,10 KERNEL_BPF=${KERNEL_BPF:=false}
191 201 KERNEL_DEFAULT_GOV=${KERNEL_DEFAULT_GOV:=ondemand}
192 202 KERNEL_SECURITY=${KERNEL_SECURITY:=false}
193 203 KERNEL_NF=${KERNEL_NF:=false}
204 KERNEL_DHKEY=${KERNEL_DHKEY:=true}
205 KERNEL_BTRFS=${KERNEL_BTRFS:=false}
206 KERNEL_NSPAN=${KERNEL_NSPAN:=false}
207 KERNEL_POEHAT=${KERNEL_POEHAT:=false}
194 208
195 209 # Kernel compilation from source directory settings
196 210 KERNELSRC_DIR=${KERNELSRC_DIR:=""}
@@ -213,6 +227,8 ENABLE_CRYPTFS=${ENABLE_CRYPTFS:=false}
213 227 CRYPTFS_PASSWORD=${CRYPTFS_PASSWORD:=""}
214 228 CRYPTFS_MAPPING=${CRYPTFS_MAPPING:="secure"}
215 229 CRYPTFS_CIPHER=${CRYPTFS_CIPHER:="aes-xts-plain64:sha512"}
230 CRYPTFS_CIPHER=${CRYPTFS_CIPHER:="aes-xts-plain64"}
231 CRYPTFS_HASH=${CRYPTFS_HASH:="sha512"}
216 232 CRYPTFS_XTSKEYSIZE=${CRYPTFS_XTSKEYSIZE:=512}
217 233 #Dropbear-initramfs supports unlocking encrypted filesystem via SSH on bootup
218 234 CRYPTFS_DROPBEAR=${CRYPTFS_DROPBEAR:=false}
@@ -225,12 +241,14 CHROOT_SCRIPTS=${CHROOT_SCRIPTS:=""}
225 241 # Packages required in the chroot build environment
226 242 APT_INCLUDES=${APT_INCLUDES:=""}
227 243 APT_INCLUDES="${APT_INCLUDES},apt-transport-https,apt-utils,ca-certificates,debian-archive-keyring,dialog,sudo,systemd,sysvinit-utils,locales,keyboard-configuration,console-setup,libnss-systemd"
244 APT_INCLUDES="${APT_INCLUDES},flex,bison,libssl-dev,apt-transport-https,apt-utils,ca-certificates,debian-archive-keyring,dialog,sudo,systemd,sysvinit-utils,locales,keyboard-configuration,console-setup,libnss-systemd"
228 245
229 246 # Packages to exclude from chroot build environment
230 247 APT_EXCLUDES=${APT_EXCLUDES:=""}
231 248
232 249 # Packages required for bootstrapping
233 250 REQUIRED_PACKAGES="debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git bc psmisc dbus sudo"
251 REQUIRED_PACKAGES="debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git bc psmisc dbus bison flex libssl-dev sudo"
234 252 MISSING_PACKAGES=""
235 253
236 254 # Packages installed for c/c++ build environment in chroot (keep empty)
@@ -289,13 +307,16 if [ -n "$SET_ARCH" ] ; then
289 307 if [ "$RPI_MODEL" = 2 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] || [ "$RPI_MODEL" = 4 ] ; then
290 308 if [ "$RPI_MODEL" != 4 ] ; then
291 309 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcm2709_defconfig}
310 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel7.img}
292 311 else
293 312 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcm2711_defconfig}
313 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel7l.img}
294 314 fi
295 315
296 316 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-armhf"
297 317 RELEASE_ARCH=${RELEASE_ARCH:=armhf}
298 318 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel7.img}
319
299 320 CROSS_COMPILE=${CROSS_COMPILE:=arm-linux-gnueabihf-}
300 321 fi
301 322 fi
@@ -386,6 +407,7 fi
386 407 # Add deps for nexmon
387 408 if [ "$ENABLE_NEXMON" = true ] ; then
388 409 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} libgmp3-dev gawk qpdf bison flex make autoconf automake build-essential libtool"
410 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} libgmp3-dev gawk qpdf make autoconf automake build-essential libtool"
389 411 fi
390 412
391 413 # Add libncurses5 to enable kernel menuconfig
@@ -402,6 +424,7 fi
402 424 if [ "$ENABLE_CRYPTFS" = true ] && [ "$BUILD_KERNEL" = true ] ; then
403 425 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} cryptsetup"
404 426 APT_INCLUDES="${APT_INCLUDES},cryptsetup,busybox,console-setup"
427 APT_INCLUDES="${APT_INCLUDES},cryptsetup,busybox,console-setup,cryptsetup-initramfs"
405 428
406 429 # If cryptfs,dropbear and initramfs are enabled include dropbear-initramfs package
407 430 if [ "$CRYPTFS_DROPBEAR" = true ] && [ "$ENABLE_INITRAMFS" = true ]; then
@@ -471,6 +494,7 if [ -n "$MISSING_PACKAGES" ] ; then
471 494
472 495 # Make sure all missing required packages are installed
473 496 apt-get -qq -y install `echo "${MISSING_PACKAGES}" | sed "s/ //"`
497 apt-get update && apt-get -qq -y install `echo "${MISSING_PACKAGES}" | sed "s/ //"`
474 498 fi
475 499
476 500 # Check if ./bootstrap.d directory exists
@@ -823,6 +847,7 if [ "$ENABLE_CRYPTFS" = true ] ; then
823 847
824 848 # Initialize encrypted partition
825 849 echo "YES" | cryptsetup luksFormat "${ROOT_LOOP}" -c "${CRYPTFS_CIPHER}" -s "${CRYPTFS_XTSKEYSIZE}" .password
850 cryptsetup --verbose --debug -q luksFormat "${ROOT_LOOP}" -c "${CRYPTFS_CIPHER}" -h "${CRYPTFS_HASH}" -s "${CRYPTFS_XTSKEYSIZE}" .password
826 851
827 852 # Open encrypted partition and setup mapping
828 853 cryptsetup luksOpen "${ROOT_LOOP}" -d .password "${CRYPTFS_MAPPING}"
General Comments 0
Vous devez vous connecter pour laisser un commentaire. Se connecter maintenant