##// END OF EJS Templates
merge Ok
vidal -
r705:b9989bcfeb78
parent child
Show More
@@ -1,552 +1,580
1 1 # rpi23-gen-image
2 2 ## Introduction
3 3
4 4
5 5 `rpi23-gen-image.sh` is an advanced Debian Linux bootstrapping shell script for generating Debian OS images for Raspberry Pi 2 (RPi2) and Raspberry Pi 3 (RPi3) computers. The script at this time supports the bootstrapping of the Debian (armhf) releases `jessie`, `stretch` and `buster`. Raspberry Pi 3 images are generated for 32-bit mode only. Raspberry Pi 3 64-bit images can be generated using custom configuration parameters (```templates/rpi3-stretch-arm64-4.11.y```).
6 6
7 7
8 8
9 9 ## Build dependencies
10 10 The following list of Debian packages must be installed on the build system because they are essentially required for the bootstrapping process. The script will check if all required packages are installed and missing packages will be installed automatically if confirmed by the user.
11 11
12 12 ```debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git bc psmisc dbus sudo```
13 13
14 14 It is recommended to configure the `rpi23-gen-image.sh` script to build and install the latest Raspberry Pi Linux kernel. For the Raspberry 3 this is mandatory. Kernel compilation and linking will be performed on the build system using an ARM (armhf/armel) cross-compiler toolchain.
15 It is recommended to configure the `rpi23-gen-image.sh` script to build and install the latest Raspberry Pi Linux kernel. For the Raspberry 3 this is mandatory. Kernel compilation and linking will be performed on the build system using an ARM (armhf/armel/aarch64) cross-compiler toolchain.
15 16
16 17 The script has been tested using the default `crossbuild-essential-armhf` and `crossbuild-essential-armel` toolchain meta packages on Debian Linux `stretch` build systems. Please check the [Debian CrossToolchains Wiki](https://wiki.debian.org/CrossToolchains) for further information.
17 18
18 19 ## Command-line parameters
19 20 The script accepts certain command-line parameters to enable or disable specific OS features, services and configuration settings. These parameters are passed to the `rpi23-gen-image.sh` script via (simple) shell-variables. Unlike environment shell-variables (simple) shell-variables are defined at the beginning of the command-line call of the `rpi23-gen-image.sh` script.
20 21
21 22 ##### Command-line examples:
22 23 ```shell
23 24 ENABLE_UBOOT=true ./rpi23-gen-image.sh
24 25 ENABLE_CONSOLE=false ENABLE_IPV6=false ./rpi23-gen-image.sh
25 26 ENABLE_WM=xfce4 ENABLE_FBTURBO=true ENABLE_MINBASE=true ./rpi23-gen-image.sh
26 27 ENABLE_HARDNET=true ENABLE_IPTABLES=true /rpi23-gen-image.sh
27 28 APT_SERVER=ftp.de.debian.org APT_PROXY="http://127.0.0.1:3142/" ./rpi23-gen-image.sh
28 29 ENABLE_MINBASE=true ./rpi23-gen-image.sh
29 30 BUILD_KERNEL=true ENABLE_MINBASE=true ENABLE_IPV6=false ./rpi23-gen-image.sh
30 31 BUILD_KERNEL=true KERNELSRC_DIR=/tmp/linux ./rpi23-gen-image.sh
31 32 ENABLE_MINBASE=true ENABLE_REDUCE=true ENABLE_MINGPU=true BUILD_KERNEL=true ./rpi23-gen-image.sh
32 33 ENABLE_CRYPTFS=true CRYPTFS_PASSWORD=changeme EXPANDROOT=false ENABLE_MINBASE=true ENABLE_REDUCE=true ENABLE_MINGPU=true BUILD_KERNEL=true ./rpi23-gen-image.sh
33 34 RELEASE=stretch BUILD_KERNEL=true ./rpi23-gen-image.sh
34 35 RPI_MODEL=3 ENABLE_WIRELESS=true ENABLE_MINBASE=true BUILD_KERNEL=true ./rpi23-gen-image.sh
35 36 RELEASE=stretch RPI_MODEL=3 ENABLE_WIRELESS=true ENABLE_MINBASE=true BUILD_KERNEL=true ./rpi23-gen-image.sh
36 37 ```
37 38
38 39 ## Configuration template files
39 40 To avoid long lists of command-line parameters and to help to store the favourite parameter configurations the `rpi23-gen-image.sh` script supports so called configuration template files (`CONFIG_TEMPLATE`=template). These are simple text files located in the `./templates` directory that contain the list of configuration parameters that will be used. New configuration template files can be added to the `./templates` directory.
40 41
41 42 ##### Command-line examples:
42 43 ```shell
43 44 CONFIG_TEMPLATE=rpi3stretch ./rpi23-gen-image.sh
44 45 CONFIG_TEMPLATE=rpi2stretch ./rpi23-gen-image.sh
45 46 ```
46 47
47 48 ## Supported parameters and settings
48 49 #### APT settings:
49 50 ##### `APT_SERVER`="ftp.debian.org"
50 51 Set Debian packages server address. Choose a server from the list of Debian worldwide [mirror sites](https://www.debian.org/mirror/list). Using a nearby server will probably speed-up all required downloads within the bootstrapping process.
51 52
52 53 ##### `APT_PROXY`=""
53 54 Set Proxy server address. Using a local Proxy-Cache like `apt-cacher-ng` will speed-up the bootstrapping process because all required Debian packages will only be downloaded from the Debian mirror site once. If `apt-cacher-ng` is running on default `http://127.0.0.1:3142` it is autodetected and you don't need to set this.
54 55
55 56 ##### `KEEP_APT_PROXY`=false
56 57 Keep the APT_PROXY settings used in the bootsrapping process in the generated image.
57 58
58 59 ##### `APT_INCLUDES`=""
59 60 A comma-separated list of additional packages to be installed by debootstrap during bootstrapping.
60 61
61 62 ##### `APT_INCLUDES_LATE`=""
62 63 A comma-separated list of additional packages to be installed by apt after bootstrapping and after APT sources are set up. This is useful for packages with pre-depends, which debootstrap do not handle well.
63 64
64 65 ---
65 66
66 67 #### General system settings:
67 68 ##### `SET_ARCH`=32
68 69 Set Architecture to default 32bit. If you want to compile 64-bit (RPI3 or RPI3+) set it to `64`. This option will set every needed cross-compiler or board specific option for a successful build.
70 Set Architecture to default 32bit. If you want to compile 64-bit (RPI3/RPI3+/RPI4) set it to `64`. This option will set every needed cross-compiler or board specific option for a successful build.
69 71
70 72 ##### `RPI_MODEL`=2
71 73 Specify the target Raspberry Pi hardware model. The script at this time supports the following Raspberry Pi models:
72 74 - `0` = Raspberry Pi 0 and Raspberry Pi 0 W
73 75 - `1` = Raspberry Pi 1 model A and B
74 76 - `1P` = Raspberry Pi 1 model B+ and A+
75 77 - `2` = Raspberry Pi 2 model B
76 78 - `3` = Raspberry Pi 3 model B
77 79 - `3P` = Raspberry Pi 3 model B+
80 - `4` = Raspberry Pi 4 model B
78 81
79 82 ##### `RELEASE`="buster"
80 83 Set the desired Debian release name. The script at this time supports the bootstrapping of the Debian releases `stretch` and `buster`.
81 84
82 85 ##### `RELEASE_ARCH`="armhf"
83 86 Set the desired Debian release architecture.
84 87
85 88 ##### `HOSTNAME`="rpi$RPI_MODEL-$RELEASE"
86 89 Set system hostname. It's recommended that the hostname is unique in the corresponding subnet.
87 90
88 91 ##### `PASSWORD`="raspberry"
89 92 Set system `root` password. It's **STRONGLY** recommended that you choose a custom password.
90 93
91 94 ##### `USER_PASSWORD`="raspberry"
92 95 Set password for the created non-root user `USER_NAME`=pi. Ignored if `ENABLE_USER`=false. It's **STRONGLY** recommended that you choose a custom password.
93 96
94 97 ##### `DEFLOCAL`="en_US.UTF-8"
95 98 Set default system locale. This setting can also be changed inside the running OS using the `dpkg-reconfigure locales` command. Please note that on using this parameter the script will automatically install the required packages `locales`, `keyboard-configuration` and `console-setup`.
96 99
97 100 ##### `TIMEZONE`="Europe/Berlin"
98 101 Set default system timezone. All available timezones can be found in the `/usr/share/zoneinfo/` directory. This setting can also be changed inside the running OS using the `dpkg-reconfigure tzdata` command.
99 102
100 103 ##### `EXPANDROOT`=true
101 104 Expand the root partition and filesystem automatically on first boot.
102 105
103 106 ##### `ENABLE_DPHYSSWAP`=true
104 107 Enable swap. The size of the swapfile is chosen relative to the size of the root partition. It'll use the `dphys-swapfile` package for that.
105 108
106 109 ##### `ENABLE_QEMU`=false
107 110 Generate kernel (`vexpress_defconfig`), file system image (`qcow2`) and DTB files that can be used for QEMU full system emulation (`vexpress-A15`). The output files are stored in the `$(pwd)/images/qemu` directory. You can find more information about running the generated image in the QEMU section of this readme file.
108 111
109 112 ---
110 113
111 114 #### Keyboard settings:
112 115 These options are used to configure keyboard layout in `/etc/default/keyboard` for console and Xorg. These settings can also be changed inside the running OS using the `dpkg-reconfigure keyboard-configuration` command.
113 116
114 117 ##### `XKB_MODEL`=""
115 118 Set the name of the model of your keyboard type.
116 119
117 120 ##### `XKB_LAYOUT`=""
118 121 Set the supported keyboard layout(s).
119 122
120 123 ##### `XKB_VARIANT`=""
121 124 Set the supported variant(s) of the keyboard layout(s).
122 125
123 126 ##### `XKB_OPTIONS`=""
124 127 Set extra xkb configuration options.
125 128
126 129 ---
127 130
128 131 #### Networking settings (DHCP):
129 132 This parameter is used to set up networking auto-configuration in `/etc/systemd/network/eth.network`. The default location of network configuration files in the Debian `stretch` release was changed to `/lib/systemd/network`.`
130 133
131 134 ##### `ENABLE_DHCP`=true
132 135 Set the system to use DHCP. This requires an DHCP server.
133 136
134 137 ---
135 138
136 139 #### Networking settings (static):
137 140 These parameters are used to set up a static networking configuration in `/etc/systemd/network/eth.network`. The following static networking parameters are only supported if `ENABLE_DHCP` was set to `false`. The default location of network configuration files in the Debian `stretch` release was changed to `/lib/systemd/network`.
138 141
139 142 ##### `NET_ADDRESS`=""
140 143 Set a static IPv4 or IPv6 address and its prefix, separated by "/", eg. "192.169.0.3/24".
141 144
142 145 ##### `NET_GATEWAY`=""
143 146 Set the IP address for the default gateway.
144 147
145 148 ##### `NET_DNS_1`=""
146 149 Set the IP address for the first DNS server.
147 150
148 151 ##### `NET_DNS_2`=""
149 152 Set the IP address for the second DNS server.
150 153
151 154 ##### `NET_DNS_DOMAINS`=""
152 155 Set the default DNS search domains to use for non fully qualified hostnames.
153 156
154 157 ##### `NET_NTP_1`=""
155 158 Set the IP address for the first NTP server.
156 159
157 160 ##### `NET_NTP_2`=""
158 161 Set the IP address for the second NTP server.
159 162
160 163 ---
161 164
162 165 #### Basic system features:
163 166 ##### `ENABLE_CONSOLE`=true
164 167 Enable serial console interface. Recommended if no monitor or keyboard is connected to the RPi2/3. In case of problems fe. if the network (auto) configuration failed - the serial console can be used to access the system. On RPI `0` `3` `3P` the CPU speed is locked at lowest speed.
165 168
166 169 ##### `ENABLE_PRINTK`=false
167 170 Enables printing kernel messages to konsole. printk is `3 4 1 3` as in raspbian.
168 171
169 172 ##### `ENABLE_BLUETOOTH`=false
170 173 Enable onboard Bluetooth interface on the RPi0/3/3P. See: [Configuring the GPIO serial port on Raspbian jessie and stretch](https://spellfoundry.com/2016/05/29/configuring-gpio-serial-port-raspbian-jessie-including-pi-3/).
171 174
172 175 ##### `ENABLE_MINIUART_OVERLAY`=false
173 176 Enable Bluetooth to use this. Adds overlay to swap UART0 with UART1. Enabling (slower) Bluetooth and full speed serial console. - RPI `0` `3` `3P` have a fast `hardware UART0` (ttyAMA0) and a `mini UART1` (ttyS0)! RPI `1` `1P` `2` only have a `hardware UART0`. `UART0` is considered better, because is faster and more stable than `mini UART1`. By default the Bluetooth modem is mapped to the `hardware UART0` and `mini UART` is used for console. The `mini UART` is a problem for the serial console, because its baudrate depends on the CPU frequency, which is changing on runtime. Resulting in a volatile baudrate and thus in an unusable serial console.
174 177
175 178 ##### `ENABLE_TURBO`=false
176 179 Enable Turbo mode. This setting locks cpu at the highest frequency. As setting ENABLE_CONSOLE=true locks RPI to lowest CPU speed, this is can be used additionally to lock cpu hat max speed. Need a good power supply and probably cooling for the Raspberry PI.
177 180
178 181 ##### `ENABLE_I2C`=false
179 182 Enable I2C interface on the RPi 0/1/2/3. Please check the [RPi 0/1/2/3 pinout diagrams](https://elinux.org/RPi_Low-level_peripherals) to connect the right GPIO pins.
180 183
181 184 ##### `ENABLE_SPI`=false
182 185 Enable SPI interface on the RPi 0/1/2/3. Please check the [RPi 0/1/2/3 pinout diagrams](https://elinux.org/RPi_Low-level_peripherals) to connect the right GPIO pins.
183 186
184 187 ##### `ENABLE_IPV6`=true
185 188 Enable IPv6 support. The network interface configuration is managed via systemd-networkd.
186 189
187 190 ##### `ENABLE_SSHD`=true
188 191 Install and enable OpenSSH service. The default configuration of the service doesn't allow `root` to login. Please use the user `pi` instead and `su -` or `sudo` to execute commands as root.
189 192
190 193 ##### `ENABLE_NONFREE`=false
191 194 Allow the installation of non-free Debian packages that do not comply with the DFSG. This is required to install closed-source firmware binary blobs.
192 195
193 196 ##### `ENABLE_WIRELESS`=false
194 197 Download and install the [closed-source firmware binary blob](https://github.com/RPi-Distro/firmware-nonfree/raw/master/brcm) that is required to run the internal wireless interface of the Raspberry Pi model `3`. This parameter is ignored if the specified `RPI_MODEL` is not `3`.
195 198
196 199 ##### `ENABLE_RSYSLOG`=true
197 200 If set to false, disable and uninstall rsyslog (so logs will be available only in journal files)
198 201
199 202 ##### `ENABLE_SOUND`=true
200 203 Enable sound hardware and install Advanced Linux Sound Architecture.
201 204
202 205 ##### `ENABLE_HWRANDOM`=true
203 206 Enable Hardware Random Number Generator. Strong random numbers are important for most network-based communications that use encryption. It's recommended to be enabled.
204 207
205 208 ##### `ENABLE_MINGPU`=false
206 209 Minimize the amount of shared memory reserved for the GPU. It doesn't seem to be possible to fully disable the GPU.
207 210
208 211 ##### `ENABLE_DBUS`=true
209 212 Install and enable D-Bus message bus. Please note that systemd should work without D-bus but it's recommended to be enabled.
210 213
211 214 ##### `ENABLE_XORG`=false
212 215 Install Xorg open-source X Window System.
213 216
214 217 ##### `ENABLE_WM`=""
215 218 Install a user-defined window manager for the X Window System. To make sure all X related package dependencies are getting installed `ENABLE_XORG` will automatically get enabled if `ENABLE_WM` is used. The `rpi23-gen-image.sh` script has been tested with the following list of window managers: `blackbox`, `openbox`, `fluxbox`, `jwm`, `dwm`, `xfce4`, `awesome`.
216 219
217 220 ##### `ENABLE_SYSVINIT`=false
218 221 Support for halt,init,poweroff,reboot,runlevel,shutdown,telinit commands
219 222
220 223 ---
221 224
222 225 #### Advanced system features:
226 ##### `ENABLE_KEYGEN`=false
227 Recover your lost codec license
228
223 229 ##### `ENABLE_SYSTEMDSWAP`=false
224 230 Enables [Systemd-swap service](https://github.com/Nefelim4ag/systemd-swap). Usefull if `KERNEL_ZSWAP` is enabled.
225 231
226 232 ##### `ENABLE_MINBASE`=false
227 233 Use debootstrap script variant `minbase` which only includes essential packages and apt. This will reduce the disk usage by about 65 MB.
228 234
229 235 ##### `ENABLE_REDUCE`=false
230 236 Reduce the disk space usage by deleting packages and files. See `REDUCE_*` parameters for detailed information.
231 237
232 238 ##### `ENABLE_UBOOT`=false
233 239 Replace the default RPi 0/1/2/3 second stage bootloader (bootcode.bin) with [U-Boot bootloader](https://git.denx.de/?p=u-boot.git;a=summary). U-Boot can boot images via the network using the BOOTP/TFTP protocol.
240 RPI4 needs tbd
234 241
235 242 ##### `UBOOTSRC_DIR`=""
236 243 Path to a directory (`u-boot`) of [U-Boot bootloader sources](https://git.denx.de/?p=u-boot.git;a=summary) that will be copied, configured, build and installed inside the chroot.
237 244
238 245 ##### `ENABLE_FBTURBO`=false
239 246 Install and enable the [hardware accelerated Xorg video driver](https://github.com/ssvb/xf86-video-fbturbo) `fbturbo`. Please note that this driver is currently limited to hardware accelerated window moving and scrolling.
240 247
241 248 ##### `FBTURBOSRC_DIR`=""
242 249 Path to a directory (`xf86-video-fbturbo`) of [hardware accelerated Xorg video driver sources](https://github.com/ssvb/xf86-video-fbturbo) that will be copied, configured, build and installed inside the chroot.
243 250
244 251 ##### `ENABLE_VIDEOCORE`=false
245 252 Install and enable the [ARM side libraries for interfacing to Raspberry Pi GPU](https://github.com/raspberrypi/userland) `vcgencmd`. Please note that this driver is currently limited to hardware accelerated window moving and scrolling.
246 253
247 254 ##### `VIDEOCORESRC_DIR`=""
248 255 Path to a directory (`userland`) of [ARM side libraries for interfacing to Raspberry Pi GPU](https://github.com/raspberrypi/userland) that will be copied, configured, build and installed inside the chroot.
249 256
250 257 ##### `ENABLE_NEXMON`=false
251 258 Install and enable the [Source code for a C-based firmware patching framework for Broadcom/Cypress WiFi chips that enables you to write your own firmware patches, for example, to enable monitor mode with radiotap headers and frame injection](https://github.com/seemoo-lab/nexmon.git).
252 259
253 260 ##### `NEXMONSRC_DIR`=""
254 261 Path to a directory (`nexmon`) of [Source code for ARM side libraries for interfacing to Raspberry Pi GPU](https://github.com/raspberrypi/userland) that will be copied, configured, build and installed inside the chroot.
255 262
256 263 ##### `ENABLE_IPTABLES`=false
257 264 Enable iptables IPv4/IPv6 firewall. Simplified ruleset: Allow all outgoing connections. Block all incoming connections except to OpenSSH service.
258 265
259 266 ##### `ENABLE_USER`=true
260 267 Create non-root user with password `USER_PASSWORD`=raspberry. Unless overridden with `USER_NAME`=user, the username will be `pi`.
261 268
262 269 ##### `USER_NAME`=pi
263 270 Non-root user to create. Ignored if `ENABLE_USER`=false
264 271
265 272 ##### `ENABLE_ROOT`=false
266 273 Set root user password so root login will be enabled
267 274
268 275 ##### `ENABLE_HARDNET`=false
269 276 Enable IPv4/IPv6 network stack hardening settings.
270 277
271 278 ##### `ENABLE_SPLITFS`=false
272 279 Enable having root partition on an USB drive by creating two image files: one for the `/boot/firmware` mount point, and another for `/`.
273 280
274 281 ##### `CHROOT_SCRIPTS`=""
275 282 Path to a directory with scripts that should be run in the chroot before the image is finally built. Every executable file in this directory is run in lexicographical order.
276 283
277 284 ##### `ENABLE_INITRAMFS`=false
278 285 Create an initramfs that that will be loaded during the Linux startup process. `ENABLE_INITRAMFS` will automatically get enabled if `ENABLE_CRYPTFS`=true. This parameter will be ignored if `BUILD_KERNEL`=false.
279 286
280 287 ##### `ENABLE_IFNAMES`=true
281 288 Enable automatic assignment of predictable, stable network interface names for all local Ethernet, WLAN interfaces. This might create complex and long interface names.
282 289
283 290 ##### `ENABLE_SPLASH`=true
284 291 Enable default Raspberry Pi boot up rainbow splash screen.
285 292
286 293 ##### `ENABLE_LOGO`=true
287 294 Enable default Raspberry Pi console logo (image of four raspberries in the top left corner).
288 295
289 296 ##### `ENABLE_SILENT_BOOT`=false
290 297 Set the verbosity of console messages shown during boot up to a strict minimum.
291 298
292 299 ##### `DISABLE_UNDERVOLT_WARNINGS`=
293 300 Disable RPi2/3 under-voltage warnings and overlays. Setting the parameter to `1` will disable the warning overlay. Setting it to `2` will additionally allow RPi2/3 turbo mode when low-voltage is present.
294 301
295 302 ---
296 303
297 304 #### SSH settings:
298 305 ##### `SSH_ENABLE_ROOT`=false
299 306 Enable password-based root login via SSH. This may be a security risk with the default password set, use only in trusted environments. `ENABLE_ROOT` must be set to `true`.
300 307
301 308 ##### `SSH_DISABLE_PASSWORD_AUTH`=false
302 309 Disable password-based SSH authentication. Only public key based SSH (v2) authentication will be supported.
303 310
304 311 ##### `SSH_LIMIT_USERS`=false
305 312 Limit the users that are allowed to login via SSH. Only allow user `USER_NAME`=pi and root if `SSH_ENABLE_ROOT`=true to login. This parameter will be ignored if `dropbear` SSH is used (`REDUCE_SSHD`=true).
306 313
307 314 ##### `SSH_ROOT_PUB_KEY`=""
308 315 Add SSH (v2) public key(s) from specified file to `authorized_keys` file to enable public key based SSH (v2) authentication of user `root`. The specified file can also contain multiple SSH (v2) public keys. SSH protocol version 1 is not supported. `ENABLE_ROOT` **and** `SSH_ENABLE_ROOT` must be set to `true`.
309 316
310 317 ##### `SSH_USER_PUB_KEY`=""
311 318 Add SSH (v2) public key(s) from specified file to `authorized_keys` file to enable public key based SSH (v2) authentication of user `USER_NAME`=pi. The specified file can also contain multiple SSH (v2) public keys. SSH protocol version 1 is not supported.
312 319
313 320 ---
314 321
315 322 #### Kernel compilation:
316 323 ##### `BUILD_KERNEL`=true
317 324 Build and install the latest RPi 0/1/2/3 Linux kernel. Currently only the default RPi 0/1/2/3 kernel configuration is used.
325 Build and install the latest RPi 0/1/2/3/4 Linux kernel. The default RPi 0/1/2/3/ kernel configuration is used most of the time.
326 ENABLE_NEXMON - Changes Kernel Source to [https://github.com/Re4son/](Kali Linux Kernel)
327 Precompiled 32bit kernel for RPI0/1/2/3 by [https://github.com/hypriot/](hypriot)
328 Precompiled 64bit kernel for RPI3/4 by [https://github.com/sakaki-/](sakaki)
329
318 330
319 331 ##### `CROSS_COMPILE`="arm-linux-gnueabihf-"
320 332 This sets the cross-compile environment for the compiler.
321 333
322 334 ##### `KERNEL_ARCH`="arm"
323 335 This sets the kernel architecture for the compiler.
324 336
325 337 ##### `KERNEL_IMAGE`="kernel7.img"
326 338 Name of the image file in the boot partition. If not set, `KERNEL_IMAGE` will be set to "kernel8.img" automatically if building for arm64.
327 339
328 340 ##### `KERNEL_BRANCH`=""
329 341 Name of the requested branch from the GIT location for the RPi Kernel. Default is using the current default branch from the GIT site.
330 342
331 343 ##### `QEMU_BINARY`="/usr/bin/qemu-arm-static"
332 344 Sets the QEMU enviornment for the Debian archive. If not set, `QEMU_BINARY` will be set to "/usr/bin/qemu-aarch64-static" automatically if building for arm64.
333 345
334 346 ##### `KERNEL_DEFCONFIG`="bcm2709_defconfig"
335 347 Sets the default config for kernel compiling. If not set, `KERNEL_DEFCONFIG` will be set to "bcmrpi3\_defconfig" automatically if building for arm64.
336 348
337 349 ##### `KERNEL_REDUCE`=false
338 350 Reduce the size of the generated kernel by removing unwanted devices, network and filesystem drivers (experimental).
339 351
340 352 ##### `KERNEL_THREADS`=1
341 353 Number of parallel kernel building threads. If the parameter is left untouched the script will automatically determine the number of CPU cores to set the number of parallel threads to speed the kernel compilation.
342 354
343 355 ##### `KERNEL_HEADERS`=true
344 356 Install kernel headers with the built kernel.
345 357
346 358 ##### `KERNEL_MENUCONFIG`=false
347 359 Start `make menuconfig` interactive menu-driven kernel configuration. The script will continue after `make menuconfig` was terminated.
348 360
349 361 ##### `KERNEL_OLDDEFCONFIG`=false
350 362 Run `make olddefconfig` to automatically set all new kernel configuration options to their recommended default values.
351 363
352 364 ##### `KERNEL_CCACHE`=false
353 365 Compile the kernel using ccache. This speeds up kernel recompilation by caching previous compilations and detecting when the same compilation is being done again.
354 366
355 367 ##### `KERNEL_REMOVESRC`=true
356 368 Remove all kernel sources from the generated OS image after it was built and installed.
357 369
358 370 ##### `KERNELSRC_DIR`=""
359 371 Path to a directory (`linux`) of [RaspberryPi Linux kernel sources](https://github.com/raspberrypi/linux) that will be copied, configured, build and installed inside the chroot.
360 372
361 373 ##### `KERNELSRC_CLEAN`=false
362 374 Clean the existing kernel sources directory `KERNELSRC_DIR` (using `make mrproper`) after it was copied to the chroot and before the compilation of the kernel has started. This parameter will be ignored if no `KERNELSRC_DIR` was specified or if `KERNELSRC_PREBUILT`=true.
363 375
364 376 ##### `KERNELSRC_CONFIG`=true
365 377 Run `make bcm2709_defconfig` (and optional `make menuconfig`) to configure the kernel sources before building. This parameter is automatically set to `true` if no existing kernel sources directory was specified using `KERNELSRC_DIR`. This parameter is ignored if `KERNELSRC_PREBUILT`=true.
366 378
367 379 ##### `KERNELSRC_USRCONFIG`=""
368 380 Copy own config file to kernel `.config`. If `KERNEL_MENUCONFIG`=true then running after copy.
369 381
370 382 ##### `KERNELSRC_PREBUILT`=false
371 383 With this parameter set to true the script expects the existing kernel sources directory to be already successfully cross-compiled. The parameters `KERNELSRC_CLEAN`, `KERNELSRC_CONFIG`, `KERNELSRC_USRCONFIG` and `KERNEL_MENUCONFIG` are ignored and no kernel compilation tasks are performed.
372 384
373 385 ##### `RPI_FIRMWARE_DIR`=""
374 386 The directory (`firmware`) containing a local copy of the firmware from the [RaspberryPi firmware project](https://github.com/raspberrypi/firmware). Default is to download the latest firmware directly from the project.
375 387
376 388 ##### `KERNEL_DEFAULT_GOV`="ONDEMAND"
377 389 Set the default cpu governor at kernel compilation. Supported values are: PERFORMANCE POWERSAVE USERSPACE ONDEMAND CONSERVATIVE SCHEDUTIL
378 390
379 391 ##### `KERNEL_NF`=false
380 392 Enable Netfilter modules as kernel modules
381 393
382 394 ##### `KERNEL_VIRT`=false
383 395 Enable Kernel KVM support (/dev/kvm)
384 396
385 397 ##### `KERNEL_ZSWAP`=false
386 398 Enable Kernel Zswap support. Best use on high RAM load and mediocre CPU load usecases
387 399
388 400 ##### `KERNEL_BPF`=true
389 401 Allow attaching eBPF programs to a cgroup using the bpf syscall (CONFIG_BPF_SYSCALL CONFIG_CGROUP_BPF) [systemd compilations about it - File /lib/systemd/system/systemd-journald.server:36 configures an IP firewall (IPAddressDeny=all), but the local system does not support BPF/cgroup based firewalls]
390 402
391 403 ##### `KERNEL_SECURITY`=false
392 404 Enables Apparmor, integrity subsystem, auditing.
393 405
406 ##### `KERNEL_BTRFS`="false"
407 enable btrfs kernel support
408
409 ##### `KERNEL_POEHAT`="false"
410 enable Enable RPI POE HAT fan kernel support
411
412 ##### `KERNEL_NSPAWN`="false"
413 Enable per-interface network priority control - for systemd-nspawn
414
415 ##### `KERNEL_DHKEY`="true"
416 Diffie-Hellman operations on retained keys - required for >keyutils-1.6
417
394 418 ---
395 419
396 420 #### Reduce disk usage:
397 421 The following list of parameters is ignored if `ENABLE_REDUCE`=false.
398 422
399 423 ##### `REDUCE_APT`=true
400 424 Configure APT to use compressed package repository lists and no package caching files.
401 425
402 426 ##### `REDUCE_DOC`=true
403 427 Remove all doc files (harsh). Configure APT to not include doc files on future `apt-get` package installations.
404 428
405 429 ##### `REDUCE_MAN`=true
406 430 Remove all man pages and info files (harsh). Configure APT to not include man pages on future `apt-get` package installations.
407 431
408 432 ##### `REDUCE_VIM`=false
409 433 Replace `vim-tiny` package by `levee` a tiny vim clone.
410 434
411 435 ##### `REDUCE_BASH`=false
412 436 Remove `bash` package and switch to `dash` shell (experimental).
413 437
414 438 ##### `REDUCE_HWDB`=true
415 439 Remove PCI related hwdb files (experimental).
416 440
417 441 ##### `REDUCE_SSHD`=true
418 442 Replace `openssh-server` with `dropbear`.
419 443
420 444 ##### `REDUCE_LOCALE`=true
421 445 Remove all `locale` translation files.
422 446
423 447 ---
424 448
425 449 #### Encrypted root partition:
426 450 ##### `ENABLE_CRYPTFS`=false
427 451 Enable full system encryption with dm-crypt. Setup a fully LUKS encrypted root partition (aes-xts-plain64:sha512) and generate required initramfs. The /boot directory will not be encrypted. This parameter will be ignored if `BUILD_KERNEL`=false. `ENABLE_CRYPTFS` is experimental. SSH-to-initramfs is currently not supported but will be soon - feel free to help.
428 452
429 453 ##### `CRYPTFS_PASSWORD`=""
430 454 Set password of the encrypted root partition. This parameter is mandatory if `ENABLE_CRYPTFS`=true.
431 455
432 456 ##### `CRYPTFS_MAPPING`="secure"
433 457 Set name of dm-crypt managed device-mapper mapping.
434 458
435 459 ##### `CRYPTFS_CIPHER`="aes-xts-plain64:sha512"
460 ##### `CRYPTFS_CIPHER`="aes-xts-plain64"
436 461 Set cipher specification string. `aes-xts*` ciphers are strongly recommended.
437 462
463 ##### `CRYPTFS_HASH`=sha512
464 Hash function and size to be used
465
438 466 ##### `CRYPTFS_XTSKEYSIZE`=512
439 467 Sets key size in bits. The argument has to be a multiple of 8.
440 468
441 469 ##### `CRYPTFS_DROPBEAR`=false
442 470 Enable Dropbear Initramfs support
443 471
444 472 ##### `CRYPTFS_DROPBEAR_PUBKEY`=""
445 473 Provide path to dropbear Public RSA-OpenSSH Key
446 474
447 475 ---
448 476
449 477 #### Build settings:
450 478 ##### `BASEDIR`=$(pwd)/images/${RELEASE}
451 479 Set a path to a working directory used by the script to generate an image.
452 480
453 481 ##### `IMAGE_NAME`=${BASEDIR}/${DATE}-${KERNEL_ARCH}-${KERNEL_BRANCH}-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}
454 482 Set a filename for the output file(s). Note: the script will create $IMAGE_NAME.img if `ENABLE_SPLITFS`=false or $IMAGE_NAME-frmw.img and $IMAGE_NAME-root.img if `ENABLE_SPLITFS`=true. Note 2: If the KERNEL_BRANCH is not set, the word "CURRENT" is used.
455 483
456 484 ## Understanding the script
457 485 The functions of this script that are required for the different stages of the bootstrapping are split up into single files located inside the `bootstrap.d` directory. During the bootstrapping every script in this directory gets executed in lexicographical order:
458 486
459 487 | Script | Description |
460 488 | --- | --- |
461 489 | `10-bootstrap.sh` | Debootstrap basic system |
462 490 | `11-apt.sh` | Setup APT repositories |
463 491 | `12-locale.sh` | Setup Locales and keyboard settings |
464 492 | `13-kernel.sh` | Build and install RPi 0/1/2/3 Kernel |
465 493 | `14-fstab.sh` | Setup fstab and initramfs |
466 494 | `15-rpi-config.sh` | Setup RPi 0/1/2/3 config and cmdline |
467 495 | `20-networking.sh` | Setup Networking |
468 496 | `21-firewall.sh` | Setup Firewall |
469 497 | `30-security.sh` | Setup Users and Security settings |
470 498 | `31-logging.sh` | Setup Logging |
471 499 | `32-sshd.sh` | Setup SSH and public keys |
472 500 | `41-uboot.sh` | Build and Setup U-Boot |
473 501 | `42-fbturbo.sh` | Build and Setup fbturbo Xorg driver |
474 502 | `43-videocore.sh` | Build and Setup videocore libraries |
475 503 | `50-firstboot.sh` | First boot actions |
476 504 | `99-reduce.sh` | Reduce the disk space usage |
477 505
478 506 All the required configuration files that will be copied to the generated OS image are located inside the `files` directory. It is not recommended to modify these configuration files manually.
479 507
480 508 | Directory | Description |
481 509 | --- | --- |
482 510 | `apt` | APT management configuration files |
483 511 | `boot` | Boot and RPi 0/1/2/3 configuration files |
484 512 | `dpkg` | Package Manager configuration |
485 513 | `etc` | Configuration files and rc scripts |
486 514 | `firstboot` | Scripts that get executed on first boot |
487 515 | `initramfs` | Initramfs scripts |
488 516 | `iptables` | Firewall configuration files |
489 517 | `locales` | Locales configuration |
490 518 | `modules` | Kernel Modules configuration |
491 519 | `mount` | Fstab configuration |
492 520 | `network` | Networking configuration files |
493 521 | `sysctl.d` | Swapping and Network Hardening configuration |
494 522 | `xorg` | fbturbo Xorg driver configuration |
495 523
496 524 ## Custom packages and scripts
497 525 Debian custom packages, i.e. those not in the debian repositories, can be installed by placing them in the `packages` directory. They are installed immediately after packages from the repositories are installed. Any dependencies listed in the custom packages will be downloaded automatically from the repositories. Do not list these custom packages in `APT_INCLUDES`.
498 526
499 527 Scripts in the custom.d directory will be executed after all other installation is complete but before the image is created.
500 528
501 529 ## Logging of the bootstrapping process
502 530 All information related to the bootstrapping process and the commands executed by the `rpi23-gen-image.sh` script can easily be saved into a logfile. The common shell command `script` can be used for this purpose:
503 531
504 532 ```shell
505 533 script -c 'APT_SERVER=ftp.de.debian.org ./rpi23-gen-image.sh' ./build.log
506 534 ```
507 535
508 536 ## Flashing the image file
509 537 After the image file was successfully created by the `rpi23-gen-image.sh` script it can be copied to the microSD card that will be used by the RPi 0/1/2/3 computer. This can be performed by using the tools `bmaptool` or `dd`. Using `bmaptool` will probably speed-up the copy process because `bmaptool` copies more wisely than `dd`.
510 538
511 539 ##### Flashing examples:
512 540 ```shell
513 541 bmaptool copy ./images/buster/2017-01-23-rpi3-buster.img /dev/mmcblk0
514 542 dd bs=4M if=./images/buster/2017-01-23-rpi3-buster.img of=/dev/mmcblk0
515 543 ```
516 544 If you have set `ENABLE_SPLITFS`, copy the `-frmw` image on the microSD card, then the `-root` one on the USB drive:
517 545 ```shell
518 546 bmaptool copy ./images/buster/2017-01-23-rpi3-buster-frmw.img /dev/mmcblk0
519 547 bmaptool copy ./images/buster/2017-01-23-rpi3-buster-root.img /dev/sdc
520 548 ```
521 549
522 550 ## QEMU emulation
523 551 Start QEMU full system emulation:
524 552 ```shell
525 553 qemu-system-arm -m 2048M -M vexpress-a15 -cpu cortex-a15 -kernel kernel7.img -no-reboot -dtb vexpress-v2p-ca15_a7.dtb -sd ${IMAGE_NAME}.qcow2 -append "root=/dev/mmcblk0p2 rw rootfstype=ext4 console=tty1"
526 554 ```
527 555
528 556 Start QEMU full system emulation and output to console:
529 557 ```shell
530 558 qemu-system-arm -m 2048M -M vexpress-a15 -cpu cortex-a15 -kernel kernel7.img -no-reboot -dtb vexpress-v2p-ca15_a7.dtb -sd ${IMAGE_NAME}.qcow2 -append "root=/dev/mmcblk0p2 rw rootfstype=ext4 console=ttyAMA0,115200 init=/bin/systemd" -serial stdio
531 559 ```
532 560
533 561 Start QEMU full system emulation with SMP and output to console:
534 562 ```shell
535 563 qemu-system-arm -m 2048M -M vexpress-a15 -cpu cortex-a15 -smp cpus=2,maxcpus=2 -kernel kernel7.img -no-reboot -dtb vexpress-v2p-ca15_a7.dtb -sd ${IMAGE_NAME}.qcow2 -append "root=/dev/mmcblk0p2 rw rootfstype=ext4 console=ttyAMA0,115200 init=/bin/systemd" -serial stdio
536 564 ```
537 565
538 566 Start QEMU full system emulation with cryptfs, initramfs and output to console:
539 567 ```shell
540 568 qemu-system-arm -m 2048M -M vexpress-a15 -cpu cortex-a15 -kernel kernel7.img -no-reboot -dtb vexpress-v2p-ca15_a7.dtb -sd ${IMAGE_NAME}.qcow2 -initrd "initramfs-${KERNEL_VERSION}" -append "root=/dev/mapper/secure cryptdevice=/dev/mmcblk0p2:secure rw rootfstype=ext4 console=ttyAMA0,115200 init=/bin/systemd" -serial stdio
541 569 ```
542 570
543 571 ## External links and references
544 572 * [Debian worldwide mirror sites](https://www.debian.org/mirror/list)
545 573 * [Debian Raspberry Pi 2 Wiki](https://wiki.debian.org/RaspberryPi2)
546 574 * [Debian CrossToolchains Wiki](https://wiki.debian.org/CrossToolchains)
547 575 * [Official Raspberry Pi Firmware on github](https://github.com/raspberrypi/firmware)
548 576 * [Official Raspberry Pi Kernel on github](https://github.com/raspberrypi/linux)
549 577 * [U-BOOT git repository](https://git.denx.de/?p=u-boot.git;a=summary)
550 578 * [Xorg DDX driver fbturbo](https://github.com/ssvb/xf86-video-fbturbo)
551 579 * [RPi3 Wireless interface firmware](https://github.com/RPi-Distro/firmware-nonfree/tree/master/brcm)
552 580 * [Collabora RPi2 Kernel precompiled](https://repositories.collabora.co.uk/debian/)
@@ -1,59 +1,69
1 1 #
2 2 # Setup APT repositories
3 3 #
4 4
5 5 # Load utility functions
6 6 . ./functions.sh
7 7
8 8 # Install and setup APT proxy configuration
9 9 if [ -z "$APT_PROXY" ] ; then
10 10 install_readonly files/apt/10proxy "${ETC_DIR}/apt/apt.conf.d/10proxy"
11 11 sed -i "s/\"\"/\"${APT_PROXY}\"/" "${ETC_DIR}/apt/apt.conf.d/10proxy"
12 12 fi
13 13
14 14 if [ "$BUILD_KERNEL" = false ] ; then
15 15 # Install APT pinning configuration for flash-kernel package
16 16 install_readonly files/apt/flash-kernel "${ETC_DIR}/apt/preferences.d/flash-kernel"
17 17
18 18 # Install APT sources.list
19 19 install_readonly files/apt/sources.list "${ETC_DIR}/apt/sources.list"
20 20 echo "deb ${COLLABORA_URL} ${RELEASE} rpi2" >> "${ETC_DIR}/apt/sources.list"
21 21
22 22 # Upgrade collabora package index and install collabora keyring
23 23 chroot_exec apt-get -qq -y update
24 24 # Removed --allow-unauthenticated as suggested after modification on _apt privileges
25 25 chroot_exec apt-get -qq -y install collabora-obs-archive-keyring
26 26 else # BUILD_KERNEL=true
27 27 # Install APT sources.list
28 28 install_readonly files/apt/sources.list "${ETC_DIR}/apt/sources.list"
29 29
30 30 # Use specified APT server and release
31 31 sed -i "s/\/ftp.debian.org\//\/${APT_SERVER}\//" "${ETC_DIR}/apt/sources.list"
32 32 sed -i "s/ jessie/ ${RELEASE}/" "${ETC_DIR}/apt/sources.list"
33 33 fi
34 34
35 35
36 36 # Use specified APT server and release
37 37 sed -i "s/\/ftp.debian.org\//\/${APT_SERVER}\//" "${ETC_DIR}/apt/sources.list"
38
39 #Fix for changing path for security updates in testing/bullseye
40 if [ "$RELEASE" = "testing" ] ; then
41 sed -i "s,stretch\\/updates,testing-security," "${ETC_DIR}/apt/sources.list"
38 42 sed -i "s/ stretch/ ${RELEASE}/" "${ETC_DIR}/apt/sources.list"
43 fi
44
45 if [ -z "$RELEASE" ] ; then
46 # Change release in sources list
47 sed -i "s/ stretch/ ${RELEASE}/" "${ETC_DIR}/apt/sources.list"
48 fi
39 49
40 50 # Upgrade package index and update all installed packages and changed dependencies
41 51 chroot_exec apt-get -qq -y update
42 52 chroot_exec apt-get -qq -y -u dist-upgrade
43 53
44 54 # Install additional packages
45 55 if [ "$APT_INCLUDES_LATE" ] ; then
46 56 chroot_exec apt-get -qq -y install $(echo "$APT_INCLUDES_LATE" |tr , ' ')
47 57 fi
48 58
49 59 # Install Debian custom packages
50 60 if [ -d packages ] ; then
51 61 for package in packages/*.deb ; do
52 62 cp "$package" "${R}"/tmp
53 63 chroot_exec dpkg --unpack /tmp/"$(basename "$package")"
54 64 done
55 65 fi
56 66
57 67 chroot_exec apt-get -qq -y -f install
58 68
59 69 chroot_exec apt-get -qq -y check
@@ -1,116 +1,122
1 1 #
2 2 # Setup fstab and initramfs
3 3 #
4 4
5 5 # Load utility functions
6 6 . ./functions.sh
7 7
8 8 # Install and setup fstab
9 9 install_readonly files/mount/fstab "${ETC_DIR}/fstab"
10 10
11 # Add usb/sda disk root partition to fstab
12 if [ "$ENABLE_SPLITFS" = true ] && [ "$ENABLE_CRYPTFS" = false ] ; then
13 sed -i "s/mmcblk0p2/sda1/" "${ETC_DIR}/fstab"
14 fi
15
16 # Add encrypted root partition to fstab and crypttab
17 if [ "$ENABLE_CRYPTFS" = true ] ; then
18 # Replace fstab root partition with encrypted partition mapping
19 sed -i "s/mmcblk0p2/mapper\/${CRYPTFS_MAPPING}/" "${ETC_DIR}/fstab"
20
21 # Add encrypted partition to crypttab and fstab
22 install_readonly files/mount/crypttab "${ETC_DIR}/crypttab"
23 echo "${CRYPTFS_MAPPING} /dev/mmcblk0p2 none luks,initramfs" >> "${ETC_DIR}/crypttab"
24
25 if [ "$ENABLE_SPLITFS" = true ] ; then
26 # Add usb/sda1 disk to crypttab
27 sed -i "s/mmcblk0p2/sda1/" "${ETC_DIR}/crypttab"
28 fi
29 fi
30
31 if [ "$ENABLE_USBBOOT" = true ] ; then
32 sed -i "s/mmcblk0p1/sda1/" "${ETC_DIR}/fstab"
33 sed -i "s/mmcblk0p2/sda2/" "${ETC_DIR}/fstab"
34
35 # Add usb/sda2 disk to crypttab
36 sed -i "s/mmcblk0p2/sda2/" "${ETC_DIR}/crypttab"
37 fi
38
39 11 # Generate initramfs file
40 12 if [ "$ENABLE_INITRAMFS" = true ] ; then
41 13 if [ "$ENABLE_CRYPTFS" = true ] ; then
14
42 15 # Include initramfs scripts to auto expand encrypted root partition
43 16 if [ "$EXPANDROOT" = true ] ; then
44 17 install_exec files/initramfs/expand_encrypted_rootfs "${ETC_DIR}/initramfs-tools/scripts/init-premount/expand_encrypted_rootfs"
45 18 install_exec files/initramfs/expand-premount "${ETC_DIR}/initramfs-tools/scripts/local-premount/expand-premount"
46 19 install_exec files/initramfs/expand-tools "${ETC_DIR}/initramfs-tools/hooks/expand-tools"
47 20 fi
48
49 if [ "$ENABLE_DHCP" = false ] ; then
50 # Get cdir from NET_ADDRESS e.g. 24
51 cdir=$(${NET_ADDRESS} | cut -d '/' -f2)
21
22 # Replace fstab root partition with encrypted partition mapping
23 sed -i "s/mmcblk0p2/mapper\/${CRYPTFS_MAPPING}/" "${ETC_DIR}/fstab"
52 24
53 # Convert cdir ro netmask e.g. 24 to 255.255.255.0
54 NET_MASK=$(cdr2mask "$cdir")
25 # Add encrypted partition to crypttab and fstab
26 install_readonly files/mount/crypttab "${ETC_DIR}/crypttab"
27 echo "${CRYPTFS_MAPPING} /dev/mmcblk0p2 none luks,initramfs" >> "${ETC_DIR}/crypttab"
55 28
56 # Write static ip settings to "${ETC_DIR}"/initramfs-tools/initramfs.conf
57 sed -i "\$aIP=${NET_ADDRESS}::${NET_GATEWAY}:${NET_MASK}:${HOSTNAME}:" "${ETC_DIR}"/initramfs-tools/initramfs.conf
58
59 # Regenerate initramfs
60 chroot_exec mkinitramfs -o "/boot/firmware/initramfs-${KERNEL_VERSION}" "${KERNEL_VERSION}"
29 if [ "$ENABLE_USBBOOT" = true ] && [ "$ENABLE_SPLITFS" = false ]; then
30 sed -i "s/mmcblk0p1/sda1/" "${ETC_DIR}/fstab"
31 # Add usb/sda2 disk to crypttab
32 sed -i "s/mmcblk0p2/sda2/" "${ETC_DIR}/crypttab"
33 fi
34
35 # Add encrypted root partition to fstab and crypttab
36 if [ "$ENABLE_SPLITFS" = true ] && [ "$ENABLE_USBBOOT" = false ]; then
37 # Add usb/sda1 disk to crypttab
38 sed -i "s/mmcblk0p2/sda1/" "${ETC_DIR}/crypttab"
61 39 fi
62 40
63 if [ "$CRYPTFS_DROPBEAR" = true ]; then
64 if [ -n "$CRYPTFS_DROPBEAR_PUBKEY" ] && [ -f "$CRYPTFS_DROPBEAR_PUBKEY" ] ; then
65 install_readonly "${CRYPTFS_DROPBEAR_PUBKEY}" "${ETC_DIR}"/dropbear-initramfs/id_rsa.pub
66 cat "${ETC_DIR}"/dropbear-initramfs/id_rsa.pub >> "${ETC_DIR}"/dropbear-initramfs/authorized_keys
67 else
68 # Create key
69 chroot_exec /usr/bin/dropbearkey -t rsa -f /etc/dropbear-initramfs/id_rsa.dropbear
70
71 # Convert dropbear key to openssh key
72 chroot_exec /usr/lib/dropbear/dropbearconvert dropbear openssh /etc/dropbear-initramfs/id_rsa.dropbear /etc/dropbear-initramfs/id_rsa
73
74 # Get Public Key Part
75 chroot_exec /usr/bin/dropbearkey -y -f /etc/dropbear-initramfs/id_rsa.dropbear | chroot_exec tee /etc/dropbear-initramfs/id_rsa.pub
76
77 # Delete unwanted lines
78 sed -i '/Public/d' "${ETC_DIR}"/dropbear-initramfs/id_rsa.pub
79 sed -i '/Fingerprint/d' "${ETC_DIR}"/dropbear-initramfs/id_rsa.pub
80
81 # Trust the new key
82 cat "${ETC_DIR}"/dropbear-initramfs/id_rsa.pub > "${ETC_DIR}"/dropbear-initramfs/authorized_keys
83
84 # Save Keys - convert with putty from rsa/openssh to puttkey
85 cp -f "${ETC_DIR}"/dropbear-initramfs/id_rsa "${BASEDIR}"/dropbear_initramfs_key.rsa
86
87 # Get unlock script
88 install_exec files/initramfs/crypt_unlock.sh "${ETC_DIR}"/initramfs-tools/hooks/crypt_unlock.sh
89
90 # Enable Dropbear inside initramfs
91 printf "#\n# DROPBEAR: [ y | n ]\n#\n\nDROPBEAR=y\n" >> "${ETC_DIR}/initramfs-tools/initramfs.conf"
41 if [ "$CRYPTFS_DROPBEAR" = true ]; then
42 if [ "$ENABLE_DHCP" = false ] ; then
43 # Get cdir from NET_ADDRESS e.g. 24
44 cdir=$(printf "%s" "${NET_ADDRESS}" | cut -d '/' -f2)
92 45
93 # Enable Dropbear inside initramfs
94 sed -i "54 i sleep 5" "${R}"/usr/share/initramfs-tools/scripts/init-premount/dropbear
95 fi
96 else
97 # Disable SSHD inside initramfs
98 printf "#\n# DROPBEAR: [ y | n ]\n#\n\nDROPBEAR=n\n" >> "${ETC_DIR}/initramfs-tools/initramfs.conf"
99 fi
46 # Convert cdir ro netmask e.g. 24 to 255.255.255.0
47 NET_MASK=$(cdr2mask "$cdir")
48
49 # Write static ip settings to "${ETC_DIR}"/initramfs-tools/initramfs.conf
50 # ip=<client-ip>:<server-ip>:<gw-ip>:<netmask>:<hostname>:<device>:<autoconf>
51 sed -i "\$a\nIP=${NET_ADDRESS}::${NET_GATEWAY}:${NET_MASK}:${HOSTNAME}:" "${ETC_DIR}"/initramfs-tools/initramfs.conf
52 else
53 sed -i "\$a\nIP=::::${HOSTNAME}::dhcp" "${ETC_DIR}"/initramfs-tools/initramfs.conf
54 fi
55
56 if [ -n "$CRYPTFS_DROPBEAR_PUBKEY" ] && [ -f "$CRYPTFS_DROPBEAR_PUBKEY" ] ; then
57 install_readonly "${CRYPTFS_DROPBEAR_PUBKEY}" "${ETC_DIR}"/dropbear-initramfs/id_rsa.pub
58 cat "${ETC_DIR}"/dropbear-initramfs/id_rsa.pub >> "${ETC_DIR}"/dropbear-initramfs/authorized_keys
59 else
60 # Create key
61 chroot_exec /usr/bin/dropbearkey -t rsa -f /etc/dropbear-initramfs/id_rsa.dropbear
62
63 # Convert dropbear key to openssh key
64 chroot_exec /usr/lib/dropbear/dropbearconvert dropbear openssh /etc/dropbear-initramfs/id_rsa.dropbear /etc/dropbear-initramfs/id_rsa
65
66 # Get Public Key Part
67 chroot_exec /usr/bin/dropbearkey -y -f /etc/dropbear-initramfs/id_rsa.dropbear | chroot_exec tee /etc/dropbear-initramfs/id_rsa.pub
68
69 # Delete unwanted lines
70 sed -i '/Public/d' "${ETC_DIR}"/dropbear-initramfs/id_rsa.pub
71 sed -i '/Fingerprint/d' "${ETC_DIR}"/dropbear-initramfs/id_rsa.pub
72
73 # Trust the new key
74 cat "${ETC_DIR}"/dropbear-initramfs/id_rsa.pub > "${ETC_DIR}"/dropbear-initramfs/authorized_keys
75
76 # Save Keys - convert with putty from rsa/openssh to puttkey
77 cp -f "${ETC_DIR}"/dropbear-initramfs/id_rsa "${BASEDIR}"/dropbear_initramfs_key.rsa
78
79 # Get unlock script
80 install_exec files/initramfs/crypt_unlock.sh "${ETC_DIR}"/initramfs-tools/hooks/crypt_unlock.sh
81
82 # Enable Dropbear inside initramfs
83 printf "#\n# DROPBEAR: [ y | n ]\n#\n\nDROPBEAR=y\n" >> "${ETC_DIR}/initramfs-tools/initramfs.conf"
84
85 # Enable Dropbear inside initramfs
86 sed -i "54 i sleep 5" "${R}"/usr/share/initramfs-tools/scripts/init-premount/dropbear
87 fi
88 # CRYPTFSDROPBEAR=false
89 else
90 # Disable SSHD inside initramfs
91 printf "#\n# DROPBEAR: [ y | n ]\n#\n\nDROPBEAR=n\n" >> "${ETC_DIR}/initramfs-tools/initramfs.conf"
92 fi
100 93
101 94 # Add cryptsetup modules to initramfs
102 95 printf "#\n# CRYPTSETUP: [ y | n ]\n#\n\nCRYPTSETUP=y\n" >> "${ETC_DIR}/initramfs-tools/conf-hook"
96 #printf "#\n# CRYPTSETUP: [ y | n ]\n#\n\nCRYPTSETUP=y\n" >> "${ETC_DIR}/initramfs-tools/conf-hook"
103 97
104 98 # Dummy mapping required by mkinitramfs
105 99 echo "0 1 crypt $(echo "${CRYPTFS_CIPHER}" | cut -d ':' -f 1) ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff 0 7:0 4096" | chroot_exec dmsetup create "${CRYPTFS_MAPPING}"
100 echo "0 1 crypt "${CRYPTFS_CIPHER}" ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff 0 7:0 4096" | chroot_exec dmsetup create "${CRYPTFS_MAPPING}"
106 101
107 102 # Generate initramfs with encrypted root partition support
108 103 chroot_exec mkinitramfs -o "/boot/firmware/initramfs-${KERNEL_VERSION}" "${KERNEL_VERSION}"
109 104
110 105 # Remove dummy mapping
111 106 chroot_exec cryptsetup close "${CRYPTFS_MAPPING}"
107 # CRYPTFS=false
112 108 else
109 #USB BOOT /boot on sda1 / on sda2
110 if [ "$ENABLE_USBBOOT" = true ] ; then
111 sed -i "s/mmcblk0p1/sda1/" "${ETC_DIR}/fstab"
112 sed -i "s/mmcblk0p2/sda2/" "${ETC_DIR}/fstab"
113 fi
114
115 # Add usb/sda disk root partition to fstab
116 if [ "$ENABLE_SPLITFS" = true ] ; then
117 sed -i "s/mmcblk0p2/sda1/" "${ETC_DIR}/fstab"
118 fi
113 119 # Generate initramfs without encrypted root partition support
114 120 chroot_exec mkinitramfs -o "/boot/firmware/initramfs-${KERNEL_VERSION}" "${KERNEL_VERSION}"
115 121 fi
116 122 fi
@@ -1,300 +1,311
1 1 #
2 2 # Setup RPi2/3 config and cmdline
3 3 #
4 4
5 5 # Load utility functions
6 6 . ./functions.sh
7 7
8 8 if [ -n "$RPI_FIRMWARE_DIR" ] && [ -d "$RPI_FIRMWARE_DIR" ] ; then
9 9 # Install boot binaries from local directory
10 10 cp "${RPI_FIRMWARE_DIR}"/boot/bootcode.bin "${BOOT_DIR}"/bootcode.bin
11 11 cp "${RPI_FIRMWARE_DIR}"/boot/fixup.dat "${BOOT_DIR}"/fixup.dat
12 12 cp "${RPI_FIRMWARE_DIR}"/boot/fixup_cd.dat "${BOOT_DIR}"/fixup_cd.dat
13 13 cp "${RPI_FIRMWARE_DIR}"/boot/fixup_x.dat "${BOOT_DIR}"/fixup_x.dat
14 14 cp "${RPI_FIRMWARE_DIR}"/boot/start.elf "${BOOT_DIR}"/start.elf
15 15 cp "${RPI_FIRMWARE_DIR}"/boot/start_cd.elf "${BOOT_DIR}"/start_cd.elf
16 16 cp "${RPI_FIRMWARE_DIR}"/boot/start_x.elf "${BOOT_DIR}"/start_x.elf
17 17 else
18 18 # Create temporary directory for boot binaries
19 19 temp_dir=$(as_nobody mktemp -d)
20 20
21 21 # Install latest boot binaries from raspberry/firmware github
22 22 as_nobody wget -q -O "${temp_dir}/bootcode.bin" "${FIRMWARE_URL}/bootcode.bin"
23 23 as_nobody wget -q -O "${temp_dir}/fixup.dat" "${FIRMWARE_URL}/fixup.dat"
24 24 as_nobody wget -q -O "${temp_dir}/fixup_cd.dat" "${FIRMWARE_URL}/fixup_cd.dat"
25 25 as_nobody wget -q -O "${temp_dir}/fixup_x.dat" "${FIRMWARE_URL}/fixup_x.dat"
26 26 as_nobody wget -q -O "${temp_dir}/start.elf" "${FIRMWARE_URL}/start.elf"
27 27 as_nobody wget -q -O "${temp_dir}/start_cd.elf" "${FIRMWARE_URL}/start_cd.elf"
28 28 as_nobody wget -q -O "${temp_dir}/start_x.elf" "${FIRMWARE_URL}/start_x.elf"
29 29
30 30 # Move downloaded boot binaries
31 31 mv "${temp_dir}/"* "${BOOT_DIR}/"
32 32
33 33 # Remove temporary directory for boot binaries
34 34 rm -fr "${temp_dir}"
35 35
36 36 # Set permissions of the boot binaries
37 37 chown -R root:root "${BOOT_DIR}"
38 38 chmod -R 600 "${BOOT_DIR}"
39 39 fi
40 40
41 41 # Setup firmware boot cmdline
42 42 if [ "$ENABLE_USBBOOT" = true ] ; then
43 43 CMDLINE="dwc_otg.lpm_enable=0 root=/dev/sda2 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline console=tty1 rootwait init=/bin/systemd"
44 44 else
45 45 if [ "$ENABLE_SPLITFS" = true ] ; then
46 46 CMDLINE="dwc_otg.lpm_enable=0 root=/dev/sda1 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline console=tty1 rootwait init=/bin/systemd"
47 47 else
48 48 CMDLINE="dwc_otg.lpm_enable=0 root=/dev/mmcblk0p2 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline console=tty1 rootwait init=/bin/systemd"
49 49 fi
50 50 fi
51 51
52 52 # Add encrypted root partition to cmdline.txt
53 53 if [ "$ENABLE_CRYPTFS" = true ] ; then
54 54 if [ "$ENABLE_SPLITFS" = true ] ; then
55 55 CMDLINE=$(echo "${CMDLINE}" | sed "s/sda1/mapper\/${CRYPTFS_MAPPING} cryptdevice=\/dev\/sda1:${CRYPTFS_MAPPING}/")
56 56 else
57 57 if [ "$ENABLE_USBBOOT" = true ] ; then
58 58 CMDLINE=$(echo "${CMDLINE}" | sed "s/sda2/mapper\/${CRYPTFS_MAPPING} cryptdevice=\/dev\/sda2:${CRYPTFS_MAPPING}/")
59 59 else
60 60 CMDLINE=$(echo "${CMDLINE}" | sed "s/mmcblk0p2/mapper\/${CRYPTFS_MAPPING} cryptdevice=\/dev\/mmcblk0p2:${CRYPTFS_MAPPING}/")
61 61 fi
62 62 fi
63 63 fi
64 64
65 65 # Enable Kernel messages on standard output
66 66 if [ "$ENABLE_PRINTK" = true ] ; then
67 67 install_readonly files/sysctl.d/83-rpi-printk.conf "${ETC_DIR}/sysctl.d/83-rpi-printk.conf"
68 68 fi
69 69
70 70 # Enable Kernel messages on standard output
71 71 if [ "$KERNEL_SECURITY" = true ] ; then
72 72 install_readonly files/sysctl.d/84-rpi-ASLR.conf "${ETC_DIR}/sysctl.d/84-rpi-ASLR.conf"
73 73 fi
74 74
75 75 # Install udev rule for serial alias - serial0 = console serial1=bluetooth
76 76 install_readonly files/etc/99-com.rules "${LIB_DIR}/udev/rules.d/99-com.rules"
77 77
78 78 # Remove IPv6 networking support
79 79 if [ "$ENABLE_IPV6" = false ] ; then
80 80 CMDLINE="${CMDLINE} ipv6.disable=1"
81 81 fi
82 82
83 83 # Automatically assign predictable network interface names
84 84 if [ "$ENABLE_IFNAMES" = false ] ; then
85 85 CMDLINE="${CMDLINE} net.ifnames=0"
86 86 else
87 87 CMDLINE="${CMDLINE} net.ifnames=1"
88 88 fi
89 89
90 90 # Disable Raspberry Pi console logo
91 91 if [ "$ENABLE_LOGO" = false ] ; then
92 92 CMDLINE="${CMDLINE} logo.nologo"
93 93 fi
94 94
95 95 # Strictly limit verbosity of boot up console messages
96 96 if [ "$ENABLE_SILENT_BOOT" = true ] ; then
97 97 CMDLINE="${CMDLINE} quiet loglevel=0 rd.systemd.show_status=auto rd.udev.log_priority=0"
98 98 fi
99 99
100 100 # Install firmware config
101 101 install_readonly files/boot/config.txt "${BOOT_DIR}/config.txt"
102 102
103 103 # Disable Raspberry Pi console logo
104 104 if [ "$ENABLE_SLASH" = false ] ; then
105 105 echo "disable_splash=1" >> "${BOOT_DIR}/config.txt"
106 106 fi
107 107
108 108 # Locks CPU frequency at maximum
109 109 if [ "$ENABLE_TURBO" = true ] ; then
110 110 echo "force_turbo=1" >> "${BOOT_DIR}/config.txt"
111 111 # helps to avoid sdcard corruption when force_turbo is enabled.
112 112 echo "boot_delay=1" >> "${BOOT_DIR}/config.txt"
113 113 fi
114 114
115 115 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then
116 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] || [ "$RPI_MODEL" = 4 ]; then
116 117
117 118 # Bluetooth enabled
118 119 if [ "$ENABLE_BLUETOOTH" = true ] ; then
119 120 # Create temporary directory for Bluetooth sources
120 121 temp_dir=$(as_nobody mktemp -d)
121 122
122 123 # Fetch Bluetooth sources
123 124 as_nobody git -C "${temp_dir}" clone "${BLUETOOTH_URL}"
124 125
125 126 # Copy downloaded sources
126 127 mv "${temp_dir}/pi-bluetooth" "${R}/tmp/"
127 128
128 129 # Bluetooth firmware from arch aur https://aur.archlinux.org/packages/pi-bluetooth/
129 130 as_nobody wget -q -O "${R}/tmp/pi-bluetooth/LICENCE.broadcom_bcm43xx" https://aur.archlinux.org/cgit/aur.git/plain/LICENCE.broadcom_bcm43xx?h=pi-bluetooth
130 131 as_nobody wget -q -O "${R}/tmp/pi-bluetooth/BCM43430A1.hcd" https://raw.githubusercontent.com/RPi-Distro/bluez-firmware/master/broadcom/BCM43430A1.hcd
131 132
132 133 # Set permissions
133 134 chown -R root:root "${R}/tmp/pi-bluetooth"
135
136 # Bluetooth firmware from arch aur https://aur.archlinux.org/packages/pi-bluetooth/
137 wget -q -O "${R}/tmp/pi-bluetooth/LICENCE.broadcom_bcm43xx" https://aur.archlinux.org/cgit/aur.git/plain/LICENCE.broadcom_bcm43xx?h=pi-bluetooth
138 wget -q -O "${R}/tmp/pi-bluetooth/BCM43430A1.hcd" https://raw.githubusercontent.com/RPi-Distro/bluez-firmware/master/broadcom/BCM43430A1.hcd
134 139
135 140 # Install tools
136 141 install_readonly "${R}/tmp/pi-bluetooth/usr/bin/btuart" "${R}/usr/bin/btuart"
137 142 install_readonly "${R}/tmp/pi-bluetooth/usr/bin/bthelper" "${R}/usr/bin/bthelper"
138 143
139 144 # make scripts executable
140 145 chmod +x "${R}/usr/bin/bthelper"
141 146 chmod +x "${R}/usr/bin/btuart"
142 147
143 148 # Install bluetooth udev rule
144 149 install_readonly "${R}/tmp/pi-bluetooth/lib/udev/rules.d/90-pi-bluetooth.rules" "${LIB_DIR}/udev/rules.d/90-pi-bluetooth.rules"
145 150
146 151 # Install Firmware Flash file and apropiate licence
147 152 mkdir -p "$BLUETOOTH_FIRMWARE_DIR"
148 153 install_readonly "${R}/tmp/pi-bluetooth/LICENCE.broadcom_bcm43xx" "${BLUETOOTH_FIRMWARE_DIR}/LICENCE.broadcom_bcm43xx"
149 154 install_readonly "${R}/tmp/pi-bluetooth/BCM43430A1.hcd" "${BLUETOOTH_FIRMWARE_DIR}/BCM43430A1.hcd"
150 155 install_readonly "${R}/tmp/pi-bluetooth/debian/pi-bluetooth.bthelper@.service" "${ETC_DIR}/systemd/system/pi-bluetooth.bthelper@.service"
151 156 install_readonly "${R}/tmp/pi-bluetooth/debian/pi-bluetooth.hciuart.service" "${ETC_DIR}/systemd/system/pi-bluetooth.hciuart.service"
152 157
153 158 # Remove temporary directories
154 159 rm -fr "${temp_dir}"
155 160 rm -fr "${R}"/tmp/pi-bluetooth
156 161
157 162 # Switch Pi3 Bluetooth function to use the mini-UART (ttyS0) and restore UART0/ttyAMA0 over GPIOs 14 & 15. Slow Bluetooth and slow cpu. Use /dev/ttyS0 instead of /dev/ttyAMA0
158 163 if [ "$ENABLE_MINIUART_OVERLAY" = true ] ; then
159 164 # set overlay to swap ttyAMA0 and ttyS0
160 165 echo "dtoverlay=pi3-miniuart-bt" >> "${BOOT_DIR}/config.txt"
161 166
162 167 if [ "$ENABLE_TURBO" = false ] ; then
163 168 echo "core_freq=250" >> "${BOOT_DIR}/config.txt"
164 169 fi
165 170
166 171 fi
167 172
168 173 # Activate services
169 174 chroot_exec systemctl enable pi-bluetooth.hciuart.service
170 175
171 176 else # if ENABLE_BLUETOOTH = false
172 177 # set overlay to disable bluetooth
173 178 echo "dtoverlay=pi3-disable-bt" >> "${BOOT_DIR}/config.txt"
174 179 fi # ENABLE_BLUETOOTH end
175 180 fi
176 181
177 182 # may need sudo systemctl disable hciuart
178 183 if [ "$ENABLE_CONSOLE" = true ] ; then
179 184 echo "enable_uart=1" >> "${BOOT_DIR}/config.txt"
180 185 # add string to cmdline
181 186 CMDLINE="${CMDLINE} console=serial0,115200"
182 187
183 188 if [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ]|| [ "$RPI_MODEL" = 0 ]; then
184 189 # if force_turbo didn't lock cpu at high speed, lock it at low speed (XOR logic) or miniuart will be broken
185 190 if [ "$ENABLE_TURBO" = false ] ; then
186 191 echo "core_freq=250" >> "${BOOT_DIR}/config.txt"
187 192 fi
188 193 fi
189 194
190 195 # Enable serial console systemd style
191 196 chroot_exec systemctl enable serial-getty@serial0.service
192 197 else
193 198 echo "enable_uart=0" >> "${BOOT_DIR}/config.txt"
194 199 fi
195 200
196 201 # Disable dphys-swapfile service. Will get enabled on first boot
197 202 if [ "$ENABLE_DPHYSSWAP" = true ] ; then
198 203 chroot_exec systemctl disable dphys-swapfile
199 204 fi
200 205
201 206 if [ "$ENABLE_SYSTEMDSWAP" = true ] ; then
202 207 # Create temporary directory for systemd-swap sources
203 208 temp_dir=$(as_nobody mktemp -d)
204 209
205 210 # Fetch systemd-swap sources
206 211 as_nobody git -C "${temp_dir}" clone "${SYSTEMDSWAP_URL}"
207 212
208 213 # Copy downloaded systemd-swap sources
209 214 mv "${temp_dir}/systemd-swap" "${R}/tmp/"
210 215
211 216 # Change into downloaded src dir
212 217 cd "${R}/tmp/systemd-swap" || exit
213 218
219
220 # Get Verion
221 VERSION=$(git tag | tail -n 1)
222 #sed -i "s/DEB_NAME=.*/DEB_NAME=systemd-swap_all/g" "${R}/tmp/systemd-swap/package.sh"
223
214 224 # Build package
215 225 bash ./package.sh debian
216 226
217 227 # Change back into script root dir
218 228 cd "${WORKDIR}" || exit
219 229
220 230 # Set permissions of the systemd-swap sources
221 231 chown -R root:root "${R}/tmp/systemd-swap"
222 232
223 233 # Install package - IMPROVE AND MAKE IT POSSIBLE WITHOUT VERSION NR.
224 234 chroot_exec dpkg -i /tmp/systemd-swap/systemd-swap_4.0.1_any.deb
235 chroot_exec dpkg -i /tmp/systemd-swap/systemd-swap_"$VERSION"_all.deb
225 236
226 237 # Enable service
227 238 chroot_exec systemctl enable systemd-swap
228 239
229 240 # Remove temporary directory for systemd-swap sources
230 241 rm -fr "${temp_dir}"
231 242 else
232 243 # Enable ZSWAP in cmdline if systemd-swap is not used
233 244 if [ "$KERNEL_ZSWAP" = true ] ; then
234 245 CMDLINE="${CMDLINE} zswap.enabled=1 zswap.max_pool_percent=25 zswap.compressor=lz4"
235 246 fi
236 247 fi
237 248 if [ "$KERNEL_SECURITY" = true ] ; then
238 249 CMDLINE="${CMDLINE} apparmor=1 security=apparmor"
239 250 fi
240 251
241 252 # Install firmware boot cmdline
242 253 echo "${CMDLINE}" > "${BOOT_DIR}/cmdline.txt"
243 254
244 255 # Setup minimal GPU memory allocation size: 16MB (no X)
245 256 if [ "$ENABLE_MINGPU" = true ] ; then
246 257 echo "gpu_mem=16" >> "${BOOT_DIR}/config.txt"
247 258 fi
248 259
249 260 # Setup boot with initramfs
250 261 if [ "$ENABLE_INITRAMFS" = true ] ; then
251 262 echo "initramfs initramfs-${KERNEL_VERSION} followkernel" >> "${BOOT_DIR}/config.txt"
252 263 fi
253 264
254 265 # Create firmware configuration and cmdline symlinks
255 266 ln -sf firmware/config.txt "${R}/boot/config.txt"
256 267 ln -sf firmware/cmdline.txt "${R}/boot/cmdline.txt"
257 268
258 269 # Install and setup kernel modules to load at boot
259 270 mkdir -p "${LIB_DIR}/modules-load.d/"
260 271 install_readonly files/modules/rpi2.conf "${LIB_DIR}/modules-load.d/rpi2.conf"
261 272
262 273 # Load hardware random module at boot
263 274 if [ "$ENABLE_HWRANDOM" = true ] && [ "$BUILD_KERNEL" = false ] ; then
264 275 sed -i "s/^# bcm2708_rng/bcm2708_rng/" "${LIB_DIR}/modules-load.d/rpi2.conf"
265 276 fi
266 277
267 278 # Load sound module at boot
268 279 if [ "$ENABLE_SOUND" = true ] ; then
269 280 sed -i "s/^# snd_bcm2835/snd_bcm2835/" "${LIB_DIR}/modules-load.d/rpi2.conf"
270 281 else
271 282 echo "dtparam=audio=off" >> "${BOOT_DIR}/config.txt"
272 283 fi
273 284
274 285 # Enable I2C interface
275 286 if [ "$ENABLE_I2C" = true ] ; then
276 287 echo "dtparam=i2c_arm=on" >> "${BOOT_DIR}/config.txt"
277 288 sed -i "s/^# i2c-bcm2708/i2c-bcm2708/" "${LIB_DIR}/modules-load.d/rpi2.conf"
278 289 sed -i "s/^# i2c-dev/i2c-dev/" "${LIB_DIR}/modules-load.d/rpi2.conf"
279 290 fi
280 291
281 292 # Enable SPI interface
282 293 if [ "$ENABLE_SPI" = true ] ; then
283 294 echo "dtparam=spi=on" >> "${BOOT_DIR}/config.txt"
284 295 echo "spi-bcm2708" >> "${LIB_DIR}/modules-load.d/rpi2.conf"
285 296 if [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ]; then
286 297 sed -i "s/spi-bcm2708/spi-bcm2835/" "${LIB_DIR}/modules-load.d/rpi2.conf"
287 298 fi
288 299 fi
289 300
290 301 # Disable RPi2/3 under-voltage warnings
291 302 if [ -n "$DISABLE_UNDERVOLT_WARNINGS" ] ; then
292 303 echo "avoid_warnings=${DISABLE_UNDERVOLT_WARNINGS}" >> "${BOOT_DIR}/config.txt"
293 304 fi
294 305
295 306 # Install kernel modules blacklist
296 307 mkdir -p "${ETC_DIR}/modprobe.d/"
297 308 install_readonly files/modules/raspi-blacklist.conf "${ETC_DIR}/modprobe.d/raspi-blacklist.conf"
298 309
299 310 # Install sysctl.d configuration files
300 311 install_readonly files/sysctl.d/81-rpi-vm.conf "${ETC_DIR}/sysctl.d/81-rpi-vm.conf"
@@ -1,136 +1,137
1 1 #
2 2 # Setup Networking
3 3 #
4 4
5 5 # Load utility functions
6 6 . ./functions.sh
7 7
8 8 # Install and setup hostname
9 9 install_readonly files/network/hostname "${ETC_DIR}/hostname"
10 10 sed -i "s/^RaspberryPI/${HOSTNAME}/" "${ETC_DIR}/hostname"
11 11
12 12 # Install and setup hosts
13 13 install_readonly files/network/hosts "${ETC_DIR}/hosts"
14 14 sed -i "s/RaspberryPI/${HOSTNAME}/" "${ETC_DIR}/hosts"
15 15
16 16 # Setup hostname entry with static IP
17 17 if [ "$NET_ADDRESS" != "" ] ; then
18 18 NET_IP=$(echo "${NET_ADDRESS}" | cut -f 1 -d'/')
19 19 sed -i "s/^127.0.1.1/${NET_IP}/" "${ETC_DIR}/hosts"
20 20 fi
21 21
22 22 # Remove IPv6 hosts
23 23 if [ "$ENABLE_IPV6" = false ] ; then
24 24 sed -i -e "/::[1-9]/d" -e "/^$/d" "${ETC_DIR}/hosts"
25 25 fi
26 26
27 27 # Install hint about network configuration
28 28 install_readonly files/network/interfaces "${ETC_DIR}/network/interfaces"
29 29
30 30 # Install configuration for interface eth0
31 31 install_readonly files/network/eth.network "${ETC_DIR}/systemd/network/eth.network"
32 32
33 33 if [ "$RPI_MODEL" = 3P ] ; then
34 34 printf "\n[Link]\nGenericReceiveOffload=off\nTCPSegmentationOffload=off\nGenericSegmentationOffload=off" >> "${ETC_DIR}/systemd/network/eth.network"
35 35 fi
36 36
37 37 # Install configuration for interface wl*
38 38 install_readonly files/network/wlan.network "${ETC_DIR}/systemd/network/wlan.network"
39 39
40 40 #always with dhcp since wpa_supplicant integration is missing
41 41 sed -i -e "s/DHCP=.*/DHCP=yes/" -e "/DHCP/q" "${ETC_DIR}/systemd/network/wlan.network"
42 42
43 43 if [ "$ENABLE_DHCP" = true ] ; then
44 44 # Enable DHCP configuration for interface eth0
45 45 sed -i -e "s/DHCP=.*/DHCP=yes/" -e "/DHCP/q" "${ETC_DIR}/systemd/network/eth.network"
46 46
47 47 # Set DHCP configuration to IPv4 only
48 48 if [ "$ENABLE_IPV6" = false ] ; then
49 49 sed -i "s/DHCP=.*/DHCP=v4/" "${ETC_DIR}/systemd/network/eth.network"
50 50 fi
51 51
52 52 else # ENABLE_DHCP=false
53 53 # Set static network configuration for interface eth0
54 54 sed -i\
55 55 -e "s|DHCP=.*|DHCP=no|"\
56 56 -e "s|Address=\$|Address=${NET_ADDRESS}|"\
57 57 -e "s|Gateway=\$|Gateway=${NET_GATEWAY}|"\
58 58 -e "0,/DNS=\$/ s|DNS=\$|DNS=${NET_DNS_1}|"\
59 59 -e "0,/DNS=\$/ s|DNS=\$|DNS=${NET_DNS_2}|"\
60 60 -e "s|Domains=\$|Domains=${NET_DNS_DOMAINS}|"\
61 61 -e "0,/NTP=\$/ s|NTP=\$|NTP=${NET_NTP_1}|"\
62 62 -e "0,/NTP=\$/ s|NTP=\$|NTP=${NET_NTP_2}|"\
63 63 "${ETC_DIR}/systemd/network/eth.network"
64 64 fi
65 65
66 66 # Remove empty settings from network configuration
67 67 sed -i "/.*=\$/d" "${ETC_DIR}/systemd/network/eth.network"
68 68 # Remove empty settings from wlan configuration
69 69 sed -i "/.*=\$/d" "${ETC_DIR}/systemd/network/wlan.network"
70 70
71 71 # Move systemd network configuration if required by Debian release
72 72 mv -v "${ETC_DIR}/systemd/network/eth.network" "${LIB_DIR}/systemd/network/10-eth.network"
73 73 # If WLAN is enabled copy wlan configuration too
74 74 if [ "$ENABLE_WIRELESS" = true ] ; then
75 75 mv -v "${ETC_DIR}/systemd/network/wlan.network" "${LIB_DIR}/systemd/network/11-wlan.network"
76 76 fi
77 77 rm -fr "${ETC_DIR}/systemd/network"
78 78
79 79 # Enable systemd-networkd service
80 80 chroot_exec systemctl enable systemd-networkd
81 81
82 82 # Install host.conf resolver configuration
83 83 install_readonly files/network/host.conf "${ETC_DIR}/host.conf"
84 84
85 85 # Enable network stack hardening
86 86 if [ "$ENABLE_HARDNET" = true ] ; then
87 87 # Install sysctl.d configuration files
88 88 install_readonly files/sysctl.d/82-rpi-net-hardening.conf "${ETC_DIR}/sysctl.d/82-rpi-net-hardening.conf"
89 89
90 90 # Setup resolver warnings about spoofed addresses
91 91 sed -i "s/^# spoof warn/spoof warn/" "${ETC_DIR}/host.conf"
92 92 fi
93 93
94 94 # Enable time sync
95 95 if [ "$NET_NTP_1" != "" ] ; then
96 96 chroot_exec systemctl enable systemd-timesyncd.service
97 97 fi
98 98
99 99 # Download the firmware binary blob required to use the RPi3 wireless interface
100 100 if [ "$ENABLE_WIRELESS" = true ] ; then
101 101 if [ ! -d "${WLAN_FIRMWARE_DIR}" ] ; then
102 102 mkdir -p "${WLAN_FIRMWARE_DIR}"
103 103 fi
104 104
105 105 # Create temporary directory for firmware binary blob
106 106 temp_dir=$(as_nobody mktemp -d)
107 107
108 108 # Fetch firmware binary blob for RPI3B+
109 109 if [ "$RPI_MODEL" = 3P ] ; then
110 if [ "$RPI_MODEL" = 3P ] || [ "$RPI_MODEL" = 4 ] ; then
110 111 # Fetch firmware binary blob for RPi3P
111 112 as_nobody wget -q -O "${temp_dir}/brcmfmac43455-sdio.bin" "${WLAN_FIRMWARE_URL}/brcmfmac43455-sdio.bin"
112 113 as_nobody wget -q -O "${temp_dir}/brcmfmac43455-sdio.txt" "${WLAN_FIRMWARE_URL}/brcmfmac43455-sdio.txt"
113 114 as_nobody wget -q -O "${temp_dir}/brcmfmac43455-sdio.clm_blob" "${WLAN_FIRMWARE_URL}/brcmfmac43455-sdio.clm_blob"
114 115
115 116 # Move downloaded firmware binary blob
116 117 mv "${temp_dir}/brcmfmac43455-sdio."* "${WLAN_FIRMWARE_DIR}/"
117 118
118 119 # Set permissions of the firmware binary blob
119 120 chown root:root "${WLAN_FIRMWARE_DIR}/brcmfmac43455-sdio."*
120 121 chmod 600 "${WLAN_FIRMWARE_DIR}/brcmfmac43455-sdio."*
121 122 elif [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 0 ] ; then
122 123 # Fetch firmware binary blob for RPi3
123 124 as_nobody wget -q -O "${temp_dir}/brcmfmac43430-sdio.bin" "${WLAN_FIRMWARE_URL}/brcmfmac43430-sdio.bin"
124 125 as_nobody wget -q -O "${temp_dir}/brcmfmac43430-sdio.txt" "${WLAN_FIRMWARE_URL}/brcmfmac43430-sdio.txt"
125 126
126 127 # Move downloaded firmware binary blob
127 128 mv "${temp_dir}/brcmfmac43430-sdio."* "${WLAN_FIRMWARE_DIR}/"
128 129
129 130 # Set permissions of the firmware binary blob
130 131 chown root:root "${WLAN_FIRMWARE_DIR}/brcmfmac43430-sdio."*
131 132 chmod 600 "${WLAN_FIRMWARE_DIR}/brcmfmac43430-sdio."*
132 133 fi
133 134
134 135 # Remove temporary directory for firmware binary blob
135 136 rm -fr "${temp_dir}"
136 137 fi
@@ -1,56 +1,58
1 1 #
2 2 # Setup videocore - Raspberry Userland
3 3 #
4 4
5 5 # Load utility functions
6 6 . ./functions.sh
7 7
8 8 if [ "$ENABLE_VIDEOCORE" = true ] ; then
9 9 # Copy existing videocore sources into chroot directory
10 10 if [ -n "$VIDEOCORESRC_DIR" ] && [ -d "$VIDEOCORESRC_DIR" ] ; then
11 11 # Copy local videocore sources
12 12 cp -r "${VIDEOCORESRC_DIR}" "${R}/tmp/userland"
13 13 else
14 14 # Create temporary directory for videocore sources
15 15 temp_dir=$(as_nobody mktemp -d)
16 16
17 17 # Fetch videocore sources
18 18 as_nobody git -C "${temp_dir}" clone "${VIDEOCORE_URL}"
19 19
20 20 # Copy downloaded videocore sources
21 21 mv "${temp_dir}/userland" "${R}/tmp/"
22 22
23 23 # Set permissions of the U-Boot sources
24 24 chown -R root:root "${R}/tmp/userland"
25 25
26 26 # Remove temporary directory for U-Boot sources
27 27 rm -fr "${temp_dir}"
28 28 fi
29 29
30 30 # Create build dir
31 31 mkdir "${R}"/tmp/userland/build
32 32
33 33 # push us to build directory
34 34 cd "${R}"/tmp/userland/build
35 35
36 36 if [ "$RELEASE_ARCH" = "arm64" ] ; then
37 37 cmake -DCMAKE_SYSTEM_NAME=Linux -DCMAKE_BUILD_TYPE=release -DARM64=ON -DCMAKE_C_COMPILER=aarch64-linux-gnu-gcc -DCMAKE_CXX_COMPILER=aarch64-linux-gnu-g++ -DCMAKE_ASM_COMPILER=aarch64-linux-gnu-gcc -DCMAKE_C_FLAGS="${CMAKE_C_FLAGS} -U_FORTIFY_SOURCE" -DCMAKE_ASM_FLAGS="${CMAKE_ASM_FLAGS} -c" -DVIDEOCORE_BUILD_DIR="${R}" "${R}/tmp/userland"
38 cmake -DCMAKE_SYSTEM_NAME=Linux -DCMAKE_BUILD_TYPE=release -DCMAKE_TOOLCHAIN_FILE="${R}"/tmp/userland/makefiles/cmake/toolchains/aarch64-linux-gnu.cmake -DARM64=ON -DCMAKE_C_COMPILER=aarch64-linux-gnu-gcc -DCMAKE_CXX_COMPILER=aarch64-linux-gnu-g++ -DCMAKE_ASM_COMPILER=aarch64-linux-gnu-gcc -DCMAKE_C_FLAGS="${CMAKE_C_FLAGS} -U_FORTIFY_SOURCE" -DCMAKE_ASM_FLAGS="${CMAKE_ASM_FLAGS} -c" -DVIDEOCORE_BUILD_DIR="${R}" "${R}/tmp/userland"
38 39 fi
39 40
40 41 if [ "$RELEASE_ARCH" = "armel" ] ; then
41 42 cmake -DCMAKE_SYSTEM_NAME=Linux -DCMAKE_BUILD_TYPE=release -DCMAKE_C_COMPILER=arm-linux-gnueabi-gcc -DCMAKE_CXX_COMPILER=arm-linux-gnueabi-g++ -DCMAKE_ASM_COMPILER=arm-linux-gnueabi-gcc -DCMAKE_C_FLAGS="${CMAKE_C_FLAGS} -U_FORTIFY_SOURCE" -DCMAKE_ASM_FLAGS="${CMAKE_ASM_FLAGS} -c" -DCMAKE_SYSTEM_PROCESSOR="arm" -DVIDEOCORE_BUILD_DIR="${R}" "${R}/tmp/userland"
43 cmake -DCMAKE_SYSTEM_NAME=Linux -DCMAKE_BUILD_TYPE=release -DCMAKE_TOOLCHAIN_FILE="${R}"/tmp/userland/makefiles/cmake/toolchains/arm-linux-gnueabihf.cmake -DCMAKE_C_COMPILER=arm-linux-gnueabi-gcc -DCMAKE_CXX_COMPILER=arm-linux-gnueabi-g++ -DCMAKE_ASM_COMPILER=arm-linux-gnueabi-gcc -DCMAKE_C_FLAGS="${CMAKE_C_FLAGS} -U_FORTIFY_SOURCE" -DCMAKE_ASM_FLAGS="${CMAKE_ASM_FLAGS} -c" -DCMAKE_SYSTEM_PROCESSOR="arm" -DVIDEOCORE_BUILD_DIR="${R}" "${R}/tmp/userland"
42 44 fi
43 45
44 46 if [ "$RELEASE_ARCH" = "armhf" ] ; then
45 47 cmake -DCMAKE_SYSTEM_NAME=Linux -DCMAKE_BUILD_TYPE=release -DCMAKE_TOOLCHAIN_FILE="${R}"/tmp/userland/makefiles/cmake/toolchains/arm-linux-gnueabihf.cmake -DVIDEOCORE_BUILD_DIR="${R}" "${R}/tmp/userland"
46 48 fi
47 49
48 50 #build userland
49 51 make -j "$(nproc)"
50 52
51 53 #back to root of scriptdir
52 54 cd "${WORKDIR}"
53 55
54 56 # Remove videocore sources
55 57 rm -fr "${R}"/tmp/userland/
56 58 fi
@@ -1,97 +1,98
1 1 #!/bin/sh
2 2 #
3 3 # Build and Setup nexmon with monitor mode patch
4 4 #
5 5
6 6 # Load utility functions
7 7 . ./functions.sh
8 8
9 9 if [ "$ENABLE_NEXMON" = true ] && [ "$ENABLE_WIRELESS" = true ]; then
10 10 # Copy existing nexmon sources into chroot directory
11 11 if [ -n "$NEXMONSRC_DIR" ] && [ -d "$NEXMONSRC_DIR" ] ; then
12 12 # Copy local U-Boot sources
13 13 cp -r "${NEXMONSRC_DIR}" "${R}/tmp"
14 14 else
15 15 # Create temporary directory for nexmon sources
16 16 temp_dir=$(as_nobody mktemp -d)
17 17
18 18 # Fetch nexmon sources
19 19 as_nobody git -C "${temp_dir}" clone "${NEXMON_URL}"
20 20
21 21 # Copy downloaded nexmon sources
22 22 mv "${temp_dir}/nexmon" "${R}"/tmp/
23 23
24 24 # Set permissions of the nexmon sources
25 25 chown -R root:root "${R}"/tmp/nexmon
26 26
27 27 # Remove temporary directory for nexmon sources
28 28 rm -fr "${temp_dir}"
29 29 fi
30 30
31 31 # Set script Root
32 32 export NEXMON_ROOT="${R}"/tmp/nexmon
33 33
34 34 # Build nexmon firmware outside the build system, if we can.
35 35 cd "${NEXMON_ROOT}" || exit
36 36
37 37 # Make ancient isl build
38 38 cd buildtools/isl-0.10 || exit
39 39 ./configure
40 40 make
41 41 cd ../.. || exit
42 42
43 43 # Disable statistics
44 44 touch DISABLE_STATISTICS
45 45
46 46 # Setup Enviroment: see https://github.com/NoobieDog/nexmon/blob/master/setup_env.sh
47 47 export KERNEL="${KERNEL_IMAGE}"
48 48 export ARCH=arm
49 49 export SUBARCH=arm
50 50 export CC="${NEXMON_ROOT}"/buildtools/gcc-arm-none-eabi-5_4-2016q2-linux-x86/bin/arm-none-eabi-
51 51 export CC="${CC}"gcc
52 52 export CCPLUGIN="${NEXMON_ROOT}"/buildtools/gcc-nexmon-plugin/nexmon.so
53 53 export ZLIBFLATE="zlib-flate -compress"
54 54 export Q=@
55 55 export NEXMON_SETUP_ENV=1
56 56 export HOSTUNAME=$(uname -s)
57 57 export PLATFORMUNAME=$(uname -m)
58 58
59 59 # Make nexmon
60 60 make
61 61
62 62 # build patches
63 63 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 3 ] ; then
64 64 cd "${NEXMON_ROOT}"/patches/bcm43430a1/7_45_41_46/nexmon || exit
65 65 sed -i -e 's/all:.*/all: $(RAM_FILE)/g' ${NEXMON_ROOT}/patches/bcm43430a1/7_45_41_46/nexmon/Makefile
66 66 make clean
67 67
68 68 # We do this so we don't have to install the ancient isl version into /usr/local/lib on systems.
69 69 LD_LIBRARY_PATH="${NEXMON_ROOT}"/buildtools/isl-0.10/.libs make ARCH="${KERNEL_ARCH}" CC="${NEXMON_ROOT}"/buildtools/gcc-arm-none-eabi-5_4-2016q2-linux-x86/bin/arm-none-eabi-
70 70
71 71 # copy RPi0W & RPi3 firmware
72 72 mv "${WLAN_FIRMWARE_DIR}"/brcmfmac43430-sdio.bin "${WLAN_FIRMWARE_DIR}"/brcmfmac43430-sdio.org.bin
73 73 cp "${NEXMON_ROOT}"/patches/bcm43430a1/7_45_41_46/nexmon/brcmfmac43430-sdio.bin "${WLAN_FIRMWARE_DIR}"/brcmfmac43430-sdio.nexmon.bin
74 74 cp -f "${NEXMON_ROOT}"/patches/bcm43430a1/7_45_41_46/nexmon/brcmfmac43430-sdio.bin "${WLAN_FIRMWARE_DIR}"/brcmfmac43430-sdio.bin
75 75 fi
76 76
77 77 if [ "$RPI_MODEL" = 3P ] ; then
78 if [ "$RPI_MODEL" = 3P ] || [ "$RPI_MODEL" = 4 ] ; then
78 79 cd "${NEXMON_ROOT}"/patches/bcm43455c0/7_45_154/nexmon || exit
79 80 sed -i -e 's/all:.*/all: $(RAM_FILE)/g' ${NEXMON_ROOT}/patches/bcm43455c0/7_45_154/nexmon/Makefile
80 81 make clean
81 82
82 83 # We do this so we don't have to install the ancient isl version into /usr/local/lib on systems.
83 84 LD_LIBRARY_PATH=${NEXMON_ROOT}/buildtools/isl-0.10/.libs make ARCH="${KERNEL_ARCH}" CC="${NEXMON_ROOT}"/buildtools/gcc-arm-none-eabi-5_4-2016q2-linux-x86/bin/arm-none-eabi-
84 85
85 86 # RPi3B+ firmware
86 87 mv "${WLAN_FIRMWARE_DIR}"/brcmfmac43455-sdio.bin "${WLAN_FIRMWARE_DIR}"/brcmfmac43455-sdio.org.bin
87 88 cp "${NEXMON_ROOT}"/patches/bcm43455c0/7_45_154/nexmon/brcmfmac43455-sdio.bin "${WLAN_FIRMWARE_DIR}"/brcmfmac43455-sdio.nexmon.bin
88 89 cp -f "${NEXMON_ROOT}"/patches/bcm43455c0/7_45_154/nexmon/brcmfmac43455-sdio.bin "${WLAN_FIRMWARE_DIR}"/brcmfmac43455-sdio.bin
89 90 fi
90 91
91 92 #Revert to previous directory
92 93 cd "${WORKDIR}" || exit
93 94
94 95 # Remove nexmon sources
95 96 rm -fr "${NEXMON_ROOT}"
96 97
97 98 fi
@@ -1,883 +1,908
1 1 #!/bin/sh
2 2 ########################################################################
3 3 # rpi23-gen-image.sh 2015-2017
4 4 #
5 5 # Advanced Debian "stretch" and "buster" bootstrap script for Raspberry Pi
6 6 #
7 7 # This program is free software; you can redistribute it and/or
8 8 # modify it under the terms of the GNU General Public License
9 9 # as published by the Free Software Foundation; either version 2
10 10 # of the License, or (at your option) any later version.
11 11 #
12 12 # Copyright (C) 2015 Jan Wagner <mail@jwagner.eu>
13 13 #
14 14 # Big thanks for patches and enhancements by 20+ github contributors!
15 15 ########################################################################
16 16
17 17 # Are we running as root?
18 18 if [ "$(id -u)" -ne "0" ] ; then
19 19 echo "error: this script must be executed with root privileges!"
20 20 exit 1
21 21 fi
22 22
23 23 # Check if ./functions.sh script exists
24 24 if [ ! -r "./functions.sh" ] ; then
25 25 echo "error: './functions.sh' required script not found!"
26 26 exit 1
27 27 fi
28 28
29 29 # Load utility functions
30 30 . ./functions.sh
31 31
32 32 # Load parameters from configuration template file
33 33 if [ -n "$CONFIG_TEMPLATE" ] ; then
34 34 use_template
35 35 fi
36 36
37 37 # Introduce settings
38 38 set -e
39 39 echo -n -e "\n#\n# RPi 0/1/2/3 Bootstrap Settings\n#\n"
40 40 set -x
41 41
42 42 # Raspberry Pi model configuration
43 43 RPI_MODEL=${RPI_MODEL:=2}
44 44
45 45 # Debian release
46 46 RELEASE=${RELEASE:=buster}
47 if [ $RELEASE = "bullseye" ] ; then
48 RELEASE=testing
49 fi
47 50
48 51 # Kernel Branch
49 52 KERNEL_BRANCH=${KERNEL_BRANCH:=""}
50 53
51 54 # URLs
52 55 KERNEL_URL=${KERNEL_URL:=https://github.com/raspberrypi/linux}
53 56 FIRMWARE_URL=${FIRMWARE_URL:=https://github.com/raspberrypi/firmware/raw/master/boot}
54 57 WLAN_FIRMWARE_URL=${WLAN_FIRMWARE_URL:=https://github.com/RPi-Distro/firmware-nonfree/raw/master/brcm}
55 58 COLLABORA_URL=${COLLABORA_URL:=https://repositories.collabora.co.uk/debian}
56 59 FBTURBO_URL=${FBTURBO_URL:=https://github.com/ssvb/xf86-video-fbturbo.git}
57 60 UBOOT_URL=${UBOOT_URL:=https://git.denx.de/u-boot.git}
58 61 VIDEOCORE_URL=${VIDEOCORE_URL:=https://github.com/raspberrypi/userland}
59 62 BLUETOOTH_URL=${BLUETOOTH_URL:=https://github.com/RPi-Distro/pi-bluetooth.git}
60 63 NEXMON_URL=${NEXMON_URL:=https://github.com/seemoo-lab/nexmon.git}
61 64 SYSTEMDSWAP_URL=${SYSTEMDSWAP_URL:=https://github.com/Nefelim4ag/systemd-swap.git}
62 65
63 66 # Kernel deb packages for 32bit kernel
64 67 RPI_32_KERNEL_URL=${RPI_32_KERNEL_URL:=https://github.com/hypriot/rpi-kernel/releases/download/v4.14.34/raspberrypi-kernel_20180422-141901_armhf.deb}
65 68 RPI_32_KERNELHEADER_URL=${RPI_32_KERNELHEADER_URL:=https://github.com/hypriot/rpi-kernel/releases/download/v4.14.34/raspberrypi-kernel-headers_20180422-141901_armhf.deb}
66 69 # Kernel has KVM and zswap enabled - use if KERNEL_* parameters and precompiled kernel are used
67 70 RPI3_64_BIS_KERNEL_URL=${RPI3_64_BIS_KERNEL_URL:=https://github.com/sakaki-/bcmrpi3-kernel-bis/releases/download/4.14.80.20181113/bcmrpi3-kernel-bis-4.14.80.20181113.tar.xz}
71 RPI3_64_BIS_KERNEL_URL=${RPI3_64_BIS_KERNEL_URL:=https://github.com/sakaki-/bcmrpi3-kernel-bis/releases/download/4.19.80.20191022/bcmrpi3-kernel-bis-4.19.80.20191022.tar.xz}
68 72 # Default precompiled 64bit kernel
69 73 RPI3_64_DEF_KERNEL_URL=${RPI3_64_DEF_KERNEL_URL:=https://github.com/sakaki-/bcmrpi3-kernel/releases/download/4.14.80.20181113/bcmrpi3-kernel-4.14.80.20181113.tar.xz}
74 RPI3_64_DEF_KERNEL_URL=${RPI3_64_DEF_KERNEL_URL:=https://github.com/sakaki-/bcmrpi3-kernel/releases/download/4.19.80.20191022/bcmrpi3-kernel-4.19.80.20191022.tar.xz}
75 # Sakaki BIS Kernel RPI4 - https://github.com/sakaki-/bcm2711-kernel-bis
76 RPI4_64_BIS_KERNEL_URL=${RPI4_64_BIS_KERNEL_URL:=https://github.com/sakaki-/bcm2711-kernel-bis/releases/download/4.19.59.20190724/bcm2711-kernel-bis-4.19.59.20190724.tar.xz}
77 # Default precompiled 64bit kernel - https://github.com/sakaki-/bcm2711-kernel
78 RPI4_64_DEF_KERNEL_URL=${RPI4_64_DEF_KERNEL_URL:=https://github.com/sakaki-/bcm2711-kernel-bis/releases/download/4.19.59.20190724/bcm2711-kernel-bis-4.19.59.20190724.tar.xz}
70 79 # Generic
71 80 RPI3_64_KERNEL_URL=${RPI3_64_KERNEL_URL:=$RPI3_64_DEF_KERNEL_URL}
81 RPI4_64_KERNEL_URL=${RPI4_64_KERNEL_URL:=$RPI4_64_DEF_KERNEL_URL}
72 82 # Kali kernel src - used if ENABLE_NEXMON=true (they patch the wlan kernel modul)
73 83 KALI_KERNEL_URL=${KALI_KERNEL_URL:=https://github.com/Re4son/re4son-raspberrypi-linux.git}
74 84
75 85 # Build directories
76 86 WORKDIR=$(pwd)
77 87 BASEDIR=${BASEDIR:=${WORKDIR}/images/${RELEASE}}
78 88 BUILDDIR="${BASEDIR}/build"
79 89
80 90 # Chroot directories
81 91 R="${BUILDDIR}/chroot"
82 92 ETC_DIR="${R}/etc"
83 93 LIB_DIR="${R}/lib"
84 94 BOOT_DIR="${R}/boot/firmware"
85 95 KERNEL_DIR="${R}/usr/src/linux"
86 96 WLAN_FIRMWARE_DIR="${LIB_DIR}/firmware/brcm"
87 97 BLUETOOTH_FIRMWARE_DIR="${ETC_DIR}/firmware/bt"
88 98
89 99 # Firmware directory: Blank if download from github
90 100 RPI_FIRMWARE_DIR=${RPI_FIRMWARE_DIR:=""}
91 101
92 102 # General settings
93 103 SET_ARCH=${SET_ARCH:=32}
94 104 HOSTNAME=${HOSTNAME:=rpi${RPI_MODEL}-${RELEASE}}
95 105 PASSWORD=${PASSWORD:=raspberry}
96 106 USER_PASSWORD=${USER_PASSWORD:=raspberry}
97 107 DEFLOCAL=${DEFLOCAL:="en_US.UTF-8"}
98 108 TIMEZONE=${TIMEZONE:="Europe/Berlin"}
99 109 EXPANDROOT=${EXPANDROOT:=true}
100 110 ENABLE_DPHYSSWAP=${ENABLE_DPHYSSWAP:=true}
101 111
102 112 # Keyboard settings
103 113 XKB_MODEL=${XKB_MODEL:=""}
104 114 XKB_LAYOUT=${XKB_LAYOUT:=""}
105 115 XKB_VARIANT=${XKB_VARIANT:=""}
106 116 XKB_OPTIONS=${XKB_OPTIONS:=""}
107 117
108 118 # Network settings (DHCP)
109 119 ENABLE_DHCP=${ENABLE_DHCP:=true}
110 120
111 121 # Network settings (static)
112 122 NET_ADDRESS=${NET_ADDRESS:=""}
113 123 NET_GATEWAY=${NET_GATEWAY:=""}
114 124 NET_DNS_1=${NET_DNS_1:=""}
115 125 NET_DNS_2=${NET_DNS_2:=""}
116 126 NET_DNS_DOMAINS=${NET_DNS_DOMAINS:=""}
117 127 NET_NTP_1=${NET_NTP_1:=""}
118 128 NET_NTP_2=${NET_NTP_2:=""}
119 129
120 130 # APT settings
121 131 APT_PROXY=${APT_PROXY:=""}
122 132 APT_SERVER=${APT_SERVER:="ftp.debian.org"}
123 133 KEEP_APT_PROXY=${KEEP_APT_PROXY:=false}
124 134
125 135 # Feature settings
126 136 ENABLE_PRINTK=${ENABLE_PRINTK:=false}
127 137 ENABLE_BLUETOOTH=${ENABLE_BLUETOOTH:=false}
128 138 ENABLE_MINIUART_OVERLAY=${ENABLE_MINIUART_OVERLAY:=false}
129 139 ENABLE_CONSOLE=${ENABLE_CONSOLE:=true}
130 140 ENABLE_I2C=${ENABLE_I2C:=false}
131 141 ENABLE_SPI=${ENABLE_SPI:=false}
132 142 ENABLE_IPV6=${ENABLE_IPV6:=true}
133 143 ENABLE_SSHD=${ENABLE_SSHD:=true}
134 144 ENABLE_NONFREE=${ENABLE_NONFREE:=false}
135 145 ENABLE_WIRELESS=${ENABLE_WIRELESS:=false}
136 146 ENABLE_SOUND=${ENABLE_SOUND:=true}
137 147 ENABLE_DBUS=${ENABLE_DBUS:=true}
138 148 ENABLE_HWRANDOM=${ENABLE_HWRANDOM:=true}
139 149 ENABLE_MINGPU=${ENABLE_MINGPU:=false}
140 150 ENABLE_XORG=${ENABLE_XORG:=false}
141 151 ENABLE_WM=${ENABLE_WM:=""}
142 152 ENABLE_RSYSLOG=${ENABLE_RSYSLOG:=true}
143 153 ENABLE_USER=${ENABLE_USER:=true}
144 154 USER_NAME=${USER_NAME:="pi"}
145 155 ENABLE_ROOT=${ENABLE_ROOT:=false}
146 156 ENABLE_QEMU=${ENABLE_QEMU:=false}
147 157 ENABLE_SYSVINIT=${ENABLE_SYSVINIT:=false}
148 158
149 159 # SSH settings
150 160 SSH_ENABLE_ROOT=${SSH_ENABLE_ROOT:=false}
151 161 SSH_DISABLE_PASSWORD_AUTH=${SSH_DISABLE_PASSWORD_AUTH:=false}
152 162 SSH_LIMIT_USERS=${SSH_LIMIT_USERS:=false}
153 163 SSH_ROOT_PUB_KEY=${SSH_ROOT_PUB_KEY:=""}
154 164 SSH_USER_PUB_KEY=${SSH_USER_PUB_KEY:=""}
155 165
156 166 # Advanced settings
157 167 ENABLE_SYSTEMDSWAP=${ENABLE_SYSTEMDSWAP:=false}
158 168 ENABLE_MINBASE=${ENABLE_MINBASE:=false}
159 169 ENABLE_REDUCE=${ENABLE_REDUCE:=false}
160 170 ENABLE_UBOOT=${ENABLE_UBOOT:=false}
161 171 UBOOTSRC_DIR=${UBOOTSRC_DIR:=""}
162 172 ENABLE_USBBOOT=${ENABLE_USBBOOT=false}
163 173 ENABLE_FBTURBO=${ENABLE_FBTURBO:=false}
164 174 ENABLE_VIDEOCORE=${ENABLE_VIDEOCORE:=false}
165 175 ENABLE_NEXMON=${ENABLE_NEXMON:=false}
166 176 VIDEOCORESRC_DIR=${VIDEOCORESRC_DIR:=""}
167 177 FBTURBOSRC_DIR=${FBTURBOSRC_DIR:=""}
168 178 NEXMONSRC_DIR=${NEXMONSRC_DIR:=""}
169 179 ENABLE_HARDNET=${ENABLE_HARDNET:=false}
170 180 ENABLE_IPTABLES=${ENABLE_IPTABLES:=false}
171 181 ENABLE_SPLITFS=${ENABLE_SPLITFS:=false}
172 182 ENABLE_INITRAMFS=${ENABLE_INITRAMFS:=false}
173 183 ENABLE_IFNAMES=${ENABLE_IFNAMES:=true}
174 184 ENABLE_SPLASH=${ENABLE_SPLASH:=true}
175 185 ENABLE_LOGO=${ENABLE_LOGO:=true}
176 186 ENABLE_SILENT_BOOT=${ENABLE_SILENT_BOOT=false}
177 187 DISABLE_UNDERVOLT_WARNINGS=${DISABLE_UNDERVOLT_WARNINGS:=}
178 188
179 189 # Kernel compilation settings
180 190 BUILD_KERNEL=${BUILD_KERNEL:=true}
181 191 KERNEL_REDUCE=${KERNEL_REDUCE:=false}
182 192 KERNEL_THREADS=${KERNEL_THREADS:=1}
183 193 KERNEL_HEADERS=${KERNEL_HEADERS:=true}
184 194 KERNEL_MENUCONFIG=${KERNEL_MENUCONFIG:=false}
185 195 KERNEL_REMOVESRC=${KERNEL_REMOVESRC:=true}
186 196 KERNEL_OLDDEFCONFIG=${KERNEL_OLDDEFCONFIG:=false}
187 197 KERNEL_CCACHE=${KERNEL_CCACHE:=false}
188 198 KERNEL_ZSWAP=${KERNEL_ZSWAP:=false}
189 199 KERNEL_VIRT=${KERNEL_VIRT:=false}
190 200 KERNEL_BPF=${KERNEL_BPF:=false}
191 201 KERNEL_DEFAULT_GOV=${KERNEL_DEFAULT_GOV:=ondemand}
192 202 KERNEL_SECURITY=${KERNEL_SECURITY:=false}
193 203 KERNEL_NF=${KERNEL_NF:=false}
204 KERNEL_DHKEY=${KERNEL_DHKEY:=true}
205 KERNEL_BTRFS=${KERNEL_BTRFS:=false}
206 KERNEL_NSPAN=${KERNEL_NSPAN:=false}
207 KERNEL_POEHAT=${KERNEL_POEHAT:=false}
194 208
195 209 # Kernel compilation from source directory settings
196 210 KERNELSRC_DIR=${KERNELSRC_DIR:=""}
197 211 KERNELSRC_CLEAN=${KERNELSRC_CLEAN:=false}
198 212 KERNELSRC_CONFIG=${KERNELSRC_CONFIG:=true}
199 213 KERNELSRC_PREBUILT=${KERNELSRC_PREBUILT:=false}
200 214
201 215 # Reduce disk usage settings
202 216 REDUCE_APT=${REDUCE_APT:=true}
203 217 REDUCE_DOC=${REDUCE_DOC:=true}
204 218 REDUCE_MAN=${REDUCE_MAN:=true}
205 219 REDUCE_VIM=${REDUCE_VIM:=false}
206 220 REDUCE_BASH=${REDUCE_BASH:=false}
207 221 REDUCE_HWDB=${REDUCE_HWDB:=true}
208 222 REDUCE_SSHD=${REDUCE_SSHD:=true}
209 223 REDUCE_LOCALE=${REDUCE_LOCALE:=true}
210 224
211 225 # Encrypted filesystem settings
212 226 ENABLE_CRYPTFS=${ENABLE_CRYPTFS:=false}
213 227 CRYPTFS_PASSWORD=${CRYPTFS_PASSWORD:=""}
214 228 CRYPTFS_MAPPING=${CRYPTFS_MAPPING:="secure"}
215 229 CRYPTFS_CIPHER=${CRYPTFS_CIPHER:="aes-xts-plain64:sha512"}
230 CRYPTFS_CIPHER=${CRYPTFS_CIPHER:="aes-xts-plain64"}
231 CRYPTFS_HASH=${CRYPTFS_HASH:="sha512"}
216 232 CRYPTFS_XTSKEYSIZE=${CRYPTFS_XTSKEYSIZE:=512}
217 233 #Dropbear-initramfs supports unlocking encrypted filesystem via SSH on bootup
218 234 CRYPTFS_DROPBEAR=${CRYPTFS_DROPBEAR:=false}
219 235 #Provide your own Dropbear Public RSA-OpenSSH Key otherwise it will be generated
220 236 CRYPTFS_DROPBEAR_PUBKEY=${CRYPTFS_DROPBEAR_PUBKEY:=""}
221 237
222 238 # Chroot scripts directory
223 239 CHROOT_SCRIPTS=${CHROOT_SCRIPTS:=""}
224 240
225 241 # Packages required in the chroot build environment
226 242 APT_INCLUDES=${APT_INCLUDES:=""}
227 243 APT_INCLUDES="${APT_INCLUDES},apt-transport-https,apt-utils,ca-certificates,debian-archive-keyring,dialog,sudo,systemd,sysvinit-utils,locales,keyboard-configuration,console-setup,libnss-systemd"
244 APT_INCLUDES="${APT_INCLUDES},flex,bison,libssl-dev,apt-transport-https,apt-utils,ca-certificates,debian-archive-keyring,dialog,sudo,systemd,sysvinit-utils,locales,keyboard-configuration,console-setup,libnss-systemd"
228 245
229 246 # Packages to exclude from chroot build environment
230 247 APT_EXCLUDES=${APT_EXCLUDES:=""}
231 248
232 249 # Packages required for bootstrapping
233 250 REQUIRED_PACKAGES="debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git bc psmisc dbus sudo"
251 REQUIRED_PACKAGES="debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git bc psmisc dbus bison flex libssl-dev sudo"
234 252 MISSING_PACKAGES=""
235 253
236 254 # Packages installed for c/c++ build environment in chroot (keep empty)
237 255 COMPILER_PACKAGES=""
238 256
239 257 # Check if apt-cacher-ng has port 3142 open and set APT_PROXY
240 258 APT_CACHER_RUNNING=$(lsof -i :3142 | cut -d ' ' -f3 | uniq | sed '/^\s*$/d')
241 259 if [ "${APT_CACHER_RUNNING}" = "apt-cacher-ng" ] ; then
242 260 APT_PROXY=http://127.0.0.1:3142/
243 261 fi
244 262
245 263 # Setup architecture specific settings
246 264 if [ -n "$SET_ARCH" ] ; then
247 265 # 64-bit configuration
248 266 if [ "$SET_ARCH" = 64 ] ; then
249 267 # General 64-bit depended settings
250 268 QEMU_BINARY=${QEMU_BINARY:=/usr/bin/qemu-aarch64-static}
251 269 KERNEL_ARCH=${KERNEL_ARCH:=arm64}
252 270 KERNEL_BIN_IMAGE=${KERNEL_BIN_IMAGE:="Image"}
253 271
254 272 # Raspberry Pi model specific settings
255 273 if [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] || [ "$RPI_MODEL" = 4 ] ; then
256 274 if [ "$RPI_MODEL" != 4 ] ; then
257 275 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcmrpi3_defconfig}
258 276 else
259 277 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcm2711_defconfig}
260 278 fi
261 279
262 280 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-arm64"
263 281 RELEASE_ARCH=${RELEASE_ARCH:=arm64}
264 282 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel8.img}
265 283 CROSS_COMPILE=${CROSS_COMPILE:=aarch64-linux-gnu-}
266 284 else
267 285 echo "error: Only Raspberry PI 3, 3B+ and 4 support 64-bit"
268 286 exit 1
269 287 fi
270 288 fi
271 289
272 290 # 32-bit configuration
273 291 if [ "$SET_ARCH" = 32 ] ; then
274 292 # General 32-bit dependend settings
275 293 QEMU_BINARY=${QEMU_BINARY:=/usr/bin/qemu-arm-static}
276 294 KERNEL_ARCH=${KERNEL_ARCH:=arm}
277 295 KERNEL_BIN_IMAGE=${KERNEL_BIN_IMAGE:="zImage"}
278 296
279 297 # Raspberry Pi model specific settings
280 298 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 1 ] || [ "$RPI_MODEL" = 1P ] ; then
281 299 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-armel"
282 300 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcmrpi_defconfig}
283 301 RELEASE_ARCH=${RELEASE_ARCH:=armel}
284 302 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel.img}
285 303 CROSS_COMPILE=${CROSS_COMPILE:=arm-linux-gnueabi-}
286 304 fi
287 305
288 306 # Raspberry Pi model specific settings
289 307 if [ "$RPI_MODEL" = 2 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] || [ "$RPI_MODEL" = 4 ] ; then
290 308 if [ "$RPI_MODEL" != 4 ] ; then
291 309 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcm2709_defconfig}
310 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel7.img}
292 311 else
293 312 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcm2711_defconfig}
313 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel7l.img}
294 314 fi
295 315
296 316 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-armhf"
297 317 RELEASE_ARCH=${RELEASE_ARCH:=armhf}
298 318 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel7.img}
319
299 320 CROSS_COMPILE=${CROSS_COMPILE:=arm-linux-gnueabihf-}
300 321 fi
301 322 fi
302 323 # SET_ARCH not set
303 324 else
304 325 echo "error: Please set '32' or '64' as value for SET_ARCH"
305 326 exit 1
306 327 fi
307 328 # Device specific configuration and U-Boot configuration
308 329 case "$RPI_MODEL" in
309 330 0)
310 331 DTB_FILE=${DTB_FILE:=bcm2708-rpi-0-w.dtb}
311 332 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_defconfig}
312 333 ;;
313 334 1)
314 335 DTB_FILE=${DTB_FILE:=bcm2708-rpi-b.dtb}
315 336 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_defconfig}
316 337 ;;
317 338 1P)
318 339 DTB_FILE=${DTB_FILE:=bcm2708-rpi-b-plus.dtb}
319 340 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_defconfig}
320 341 ;;
321 342 2)
322 343 DTB_FILE=${DTB_FILE:=bcm2709-rpi-2-b.dtb}
323 344 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_2_defconfig}
324 345 ;;
325 346 3)
326 347 DTB_FILE=${DTB_FILE:=bcm2710-rpi-3-b.dtb}
327 348 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_3_defconfig}
328 349 ;;
329 350 3P)
330 351 DTB_FILE=${DTB_FILE:=bcm2710-rpi-3-b.dtb}
331 352 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_3_defconfig}
332 353 ;;
333 354 4)
334 355 DTB_FILE=${DTB_FILE:=bcm2711-rpi-4-b.dtb}
335 356 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_4_defconfig}
336 357 ;;
337 358 *)
338 359 echo "error: Raspberry Pi model $RPI_MODEL is not supported!"
339 360 exit 1
340 361 ;;
341 362 esac
342 363
343 364 # Raspberry PI 0,3,3P with Bluetooth and Wifi onboard
344 365 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] || [ "$RPI_MODEL" = 4 ] ; then
345 366 # Include bluetooth packages on supported boards
346 367 if [ "$ENABLE_BLUETOOTH" = true ] ; then
347 368 APT_INCLUDES="${APT_INCLUDES},bluetooth,bluez"
348 369 fi
349 370 if [ "$ENABLE_WIRELESS" = true ] ; then
350 371 APT_INCLUDES="${APT_INCLUDES},wireless-tools,crda,wireless-regdb"
351 372 fi
352 373 else # Raspberry PI 1,1P,2 without Wifi and bluetooth onboard
353 374 # Check if the internal wireless interface is not supported by the RPi model
354 375 if [ "$ENABLE_WIRELESS" = true ] || [ "$ENABLE_BLUETOOTH" = true ]; then
355 376 echo "error: The selected Raspberry Pi model has no integrated interface for wireless or bluetooth"
356 377 exit 1
357 378 fi
358 379 fi
359 380
360 381 if [ "$BUILD_KERNEL" = false ] && [ "$ENABLE_NEXMON" = true ]; then
361 382 echo "error: You have to compile kernel sources, if you want to enable nexmon"
362 383 exit 1
363 384 fi
364 385
365 386 # Prepare date string for default image file name
366 387 DATE="$(date +%Y-%m-%d)"
367 388 if [ -z "$KERNEL_BRANCH" ] ; then
368 389 IMAGE_NAME=${IMAGE_NAME:=${BASEDIR}/${DATE}-${KERNEL_ARCH}-CURRENT-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}}
369 390 else
370 391 IMAGE_NAME=${IMAGE_NAME:=${BASEDIR}/${DATE}-${KERNEL_ARCH}-${KERNEL_BRANCH}-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}}
371 392 fi
372 393
373 394 # Check if DISABLE_UNDERVOLT_WARNINGS parameter value is supported
374 395 if [ -n "$DISABLE_UNDERVOLT_WARNINGS" ] ; then
375 396 if [ "$DISABLE_UNDERVOLT_WARNINGS" != 1 ] && [ "$DISABLE_UNDERVOLT_WARNINGS" != 2 ] ; then
376 397 echo "error: DISABLE_UNDERVOLT_WARNINGS=${DISABLE_UNDERVOLT_WARNINGS} is not supported"
377 398 exit 1
378 399 fi
379 400 fi
380 401
381 402 # Add cmake to compile videocore sources
382 403 if [ "$ENABLE_VIDEOCORE" = true ] ; then
383 404 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} cmake"
384 405 fi
385 406
386 407 # Add deps for nexmon
387 408 if [ "$ENABLE_NEXMON" = true ] ; then
388 409 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} libgmp3-dev gawk qpdf bison flex make autoconf automake build-essential libtool"
410 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} libgmp3-dev gawk qpdf make autoconf automake build-essential libtool"
389 411 fi
390 412
391 413 # Add libncurses5 to enable kernel menuconfig
392 414 if [ "$KERNEL_MENUCONFIG" = true ] ; then
393 415 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} libncurses-dev"
394 416 fi
395 417
396 418 # Add ccache compiler cache for (faster) kernel cross (re)compilation
397 419 if [ "$KERNEL_CCACHE" = true ] ; then
398 420 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} ccache"
399 421 fi
400 422
401 423 # Add cryptsetup package to enable filesystem encryption
402 424 if [ "$ENABLE_CRYPTFS" = true ] && [ "$BUILD_KERNEL" = true ] ; then
403 425 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} cryptsetup"
404 426 APT_INCLUDES="${APT_INCLUDES},cryptsetup,busybox,console-setup"
427 APT_INCLUDES="${APT_INCLUDES},cryptsetup,busybox,console-setup,cryptsetup-initramfs"
405 428
406 429 # If cryptfs,dropbear and initramfs are enabled include dropbear-initramfs package
407 430 if [ "$CRYPTFS_DROPBEAR" = true ] && [ "$ENABLE_INITRAMFS" = true ]; then
408 431 APT_INCLUDES="${APT_INCLUDES},dropbear-initramfs"
409 432 fi
410 433
411 434 if [ -z "$CRYPTFS_PASSWORD" ] ; then
412 435 echo "error: no password defined (CRYPTFS_PASSWORD)!"
413 436 exit 1
414 437 fi
415 438 ENABLE_INITRAMFS=true
416 439 fi
417 440
418 441 # Add initramfs generation tools
419 442 if [ "$ENABLE_INITRAMFS" = true ] && [ "$BUILD_KERNEL" = true ] ; then
420 443 APT_INCLUDES="${APT_INCLUDES},initramfs-tools"
421 444 fi
422 445
423 446 # Add device-tree-compiler required for building the U-Boot bootloader
424 447 if [ "$ENABLE_UBOOT" = true ] ; then
425 448 APT_INCLUDES="${APT_INCLUDES},device-tree-compiler,bison,flex,bc"
426 449 fi
427 450
428 451 if [ "$ENABLE_USBBOOT" = true ] ; then
429 452 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 1P ] || [ "$RPI_MODEL" = 1 ] || [ "$RPI_MODEL" = 2 ]; then
430 453 echo "error: Booting from USB alone is only supported by Raspberry Pi 3 and 3P"
431 454 exit 1
432 455 fi
433 456 fi
434 457
435 458 # Check if root SSH (v2) public key file exists
436 459 if [ -n "$SSH_ROOT_PUB_KEY" ] ; then
437 460 if [ ! -f "$SSH_ROOT_PUB_KEY" ] ; then
438 461 echo "error: '$SSH_ROOT_PUB_KEY' specified SSH public key file not found (SSH_ROOT_PUB_KEY)!"
439 462 exit 1
440 463 fi
441 464 fi
442 465
443 466 # Check if $USER_NAME SSH (v2) public key file exists
444 467 if [ -n "$SSH_USER_PUB_KEY" ] ; then
445 468 if [ ! -f "$SSH_USER_PUB_KEY" ] ; then
446 469 echo "error: '$SSH_USER_PUB_KEY' specified SSH public key file not found (SSH_USER_PUB_KEY)!"
447 470 exit 1
448 471 fi
449 472 fi
450 473
451 474 if [ "$ENABLE_NEXMON" = true ] && [ -n "$KERNEL_BRANCH" ] ; then
452 475 echo "error: Please unset KERNEL_BRANCH if using ENABLE_NEXMON"
453 476 exit 1
454 477 fi
455 478
456 479 # Check if all required packages are installed on the build system
457 480 for package in $REQUIRED_PACKAGES ; do
458 481 if [ "$(dpkg-query -W -f='${Status}' "$package")" != "install ok installed" ] ; then
459 482 MISSING_PACKAGES="${MISSING_PACKAGES} $package"
460 483 fi
461 484 done
462 485
463 486 # If there are missing packages ask confirmation for install, or exit
464 487 if [ -n "$MISSING_PACKAGES" ] ; then
465 488 echo "the following packages needed by this script are not installed:"
466 489 echo "$MISSING_PACKAGES"
467 490
468 491 printf "\ndo you want to install the missing packages right now? [y/n] "
469 492 read -r confirm
470 493 [ "$confirm" != "y" ] && exit 1
471 494
472 495 # Make sure all missing required packages are installed
473 496 apt-get -qq -y install `echo "${MISSING_PACKAGES}" | sed "s/ //"`
497 apt-get update && apt-get -qq -y install `echo "${MISSING_PACKAGES}" | sed "s/ //"`
474 498 fi
475 499
476 500 # Check if ./bootstrap.d directory exists
477 501 if [ ! -d "./bootstrap.d/" ] ; then
478 502 echo "error: './bootstrap.d' required directory not found!"
479 503 exit 1
480 504 fi
481 505
482 506 # Check if ./files directory exists
483 507 if [ ! -d "./files/" ] ; then
484 508 echo "error: './files' required directory not found!"
485 509 exit 1
486 510 fi
487 511
488 512 # Check if specified KERNELSRC_DIR directory exists
489 513 if [ -n "$KERNELSRC_DIR" ] && [ ! -d "$KERNELSRC_DIR" ] ; then
490 514 echo "error: '${KERNELSRC_DIR}' specified directory not found (KERNELSRC_DIR)!"
491 515 exit 1
492 516 fi
493 517
494 518 # Check if specified UBOOTSRC_DIR directory exists
495 519 if [ -n "$UBOOTSRC_DIR" ] && [ ! -d "$UBOOTSRC_DIR" ] ; then
496 520 echo "error: '${UBOOTSRC_DIR}' specified directory not found (UBOOTSRC_DIR)!"
497 521 exit 1
498 522 fi
499 523
500 524 # Check if specified VIDEOCORESRC_DIR directory exists
501 525 if [ -n "$VIDEOCORESRC_DIR" ] && [ ! -d "$VIDEOCORESRC_DIR" ] ; then
502 526 echo "error: '${VIDEOCORESRC_DIR}' specified directory not found (VIDEOCORESRC_DIR)!"
503 527 exit 1
504 528 fi
505 529
506 530 # Check if specified FBTURBOSRC_DIR directory exists
507 531 if [ -n "$FBTURBOSRC_DIR" ] && [ ! -d "$FBTURBOSRC_DIR" ] ; then
508 532 echo "error: '${FBTURBOSRC_DIR}' specified directory not found (FBTURBOSRC_DIR)!"
509 533 exit 1
510 534 fi
511 535
512 536 # Check if specified NEXMONSRC_DIR directory exists
513 537 if [ -n "$NEXMONSRC_DIR" ] && [ ! -d "$NEXMONSRC_DIR" ] ; then
514 538 echo "error: '${NEXMONSRC_DIR}' specified directory not found (NEXMONSRC_DIR)!"
515 539 exit 1
516 540 fi
517 541
518 542 # Check if specified CHROOT_SCRIPTS directory exists
519 543 if [ -n "$CHROOT_SCRIPTS" ] && [ ! -d "$CHROOT_SCRIPTS" ] ; then
520 544 echo "error: ${CHROOT_SCRIPTS} specified directory not found (CHROOT_SCRIPTS)!"
521 545 exit 1
522 546 fi
523 547
524 548 # Check if specified device mapping already exists (will be used by cryptsetup)
525 549 if [ -r "/dev/mapping/${CRYPTFS_MAPPING}" ] ; then
526 550 echo "error: mapping /dev/mapping/${CRYPTFS_MAPPING} already exists, not proceeding"
527 551 exit 1
528 552 fi
529 553
530 554 # Don't clobber an old build
531 555 if [ -e "$BUILDDIR" ] ; then
532 556 echo "error: directory ${BUILDDIR} already exists, not proceeding"
533 557 exit 1
534 558 fi
535 559
536 560 # Setup chroot directory
537 561 mkdir -p "${R}"
538 562
539 563 # Check if build directory has enough of free disk space >512MB
540 564 if [ "$(df --output=avail "${BUILDDIR}" | sed "1d")" -le "524288" ] ; then
541 565 echo "error: ${BUILDDIR} not enough space left to generate the output image!"
542 566 exit 1
543 567 fi
544 568
545 569 set -x
546 570
547 571 # Call "cleanup" function on various signals and errors
548 572 trap cleanup 0 1 2 3 6
549 573
550 574 # Add required packages for the minbase installation
551 575 if [ "$ENABLE_MINBASE" = true ] ; then
552 576 APT_INCLUDES="${APT_INCLUDES},vim-tiny,netbase,net-tools,ifupdown"
553 577 fi
554 578
555 579 # Add parted package, required to get partprobe utility
556 580 if [ "$EXPANDROOT" = true ] ; then
557 581 APT_INCLUDES="${APT_INCLUDES},parted"
558 582 fi
559 583
560 584 # Add dphys-swapfile package, required to enable swap
561 585 if [ "$ENABLE_DPHYSSWAP" = true ] ; then
562 586 APT_INCLUDES="${APT_INCLUDES},dphys-swapfile"
563 587 fi
564 588
565 589 # Add dbus package, recommended if using systemd
566 590 if [ "$ENABLE_DBUS" = true ] ; then
567 591 APT_INCLUDES="${APT_INCLUDES},dbus"
568 592 fi
569 593
570 594 # Add iptables IPv4/IPv6 package
571 595 if [ "$ENABLE_IPTABLES" = true ] ; then
572 596 APT_INCLUDES="${APT_INCLUDES},iptables,iptables-persistent"
573 597 fi
574 598 # Add apparmor for KERNEL_SECURITY
575 599 if [ "$KERNEL_SECURITY" = true ] ; then
576 600 APT_INCLUDES="${APT_INCLUDES},apparmor,apparmor-utils,apparmor-profiles,apparmor-profiles-extra,libapparmor-perl"
577 601 fi
578 602
579 603 # Add openssh server package
580 604 if [ "$ENABLE_SSHD" = true ] ; then
581 605 APT_INCLUDES="${APT_INCLUDES},openssh-server"
582 606 fi
583 607
584 608 # Add alsa-utils package
585 609 if [ "$ENABLE_SOUND" = true ] ; then
586 610 APT_INCLUDES="${APT_INCLUDES},alsa-utils"
587 611 fi
588 612
589 613 # Add rng-tools package
590 614 if [ "$ENABLE_HWRANDOM" = true ] ; then
591 615 APT_INCLUDES="${APT_INCLUDES},rng-tools"
592 616 fi
593 617
594 618 # Add fbturbo video driver
595 619 if [ "$ENABLE_FBTURBO" = true ] ; then
596 620 # Enable xorg package dependencies
597 621 ENABLE_XORG=true
598 622 fi
599 623
600 624 # Add user defined window manager package
601 625 if [ -n "$ENABLE_WM" ] ; then
602 626 APT_INCLUDES="${APT_INCLUDES},${ENABLE_WM}"
603 627
604 628 # Enable xorg package dependencies
605 629 ENABLE_XORG=true
606 630 fi
607 631
608 632 # Add xorg package
609 633 if [ "$ENABLE_XORG" = true ] ; then
610 634 APT_INCLUDES="${APT_INCLUDES},xorg,dbus-x11"
611 635 fi
612 636
613 637 # Replace selected packages with smaller clones
614 638 if [ "$ENABLE_REDUCE" = true ] ; then
615 639 # Add levee package instead of vim-tiny
616 640 if [ "$REDUCE_VIM" = true ] ; then
617 641 APT_INCLUDES="$(echo ${APT_INCLUDES} | sed "s/vim-tiny/levee/")"
618 642 fi
619 643
620 644 # Add dropbear package instead of openssh-server
621 645 if [ "$REDUCE_SSHD" = true ] ; then
622 646 APT_INCLUDES="$(echo "${APT_INCLUDES}" | sed "s/openssh-server/dropbear/")"
623 647 fi
624 648 fi
625 649
626 650 # Configure systemd-sysv exclude to make halt/reboot/shutdown scripts available
627 651 if [ "$ENABLE_SYSVINIT" = false ] ; then
628 652 APT_EXCLUDES="--exclude=${APT_EXCLUDES},init,systemd-sysv"
629 653 fi
630 654
631 655 # Configure kernel sources if no KERNELSRC_DIR
632 656 if [ "$BUILD_KERNEL" = true ] && [ -z "$KERNELSRC_DIR" ] ; then
633 657 KERNELSRC_CONFIG=true
634 658 fi
635 659
636 660 # Configure reduced kernel
637 661 if [ "$KERNEL_REDUCE" = true ] ; then
638 662 KERNELSRC_CONFIG=false
639 663 fi
640 664
641 665 # Configure qemu compatible kernel
642 666 if [ "$ENABLE_QEMU" = true ] ; then
643 667 DTB_FILE=vexpress-v2p-ca15_a7.dtb
644 668 UBOOT_CONFIG=vexpress_ca15_tc2_defconfig
645 669 KERNEL_DEFCONFIG="vexpress_defconfig"
646 670 if [ "$KERNEL_MENUCONFIG" = false ] ; then
647 671 KERNEL_OLDDEFCONFIG=true
648 672 fi
649 673 fi
650 674
651 675 # Execute bootstrap scripts
652 676 for SCRIPT in bootstrap.d/*.sh; do
653 677 head -n 3 "$SCRIPT"
654 678 . "$SCRIPT"
655 679 done
656 680
657 681 ## Execute custom bootstrap scripts
658 682 if [ -d "custom.d" ] ; then
659 683 for SCRIPT in custom.d/*.sh; do
660 684 . "$SCRIPT"
661 685 done
662 686 fi
663 687
664 688 # Execute custom scripts inside the chroot
665 689 if [ -n "$CHROOT_SCRIPTS" ] && [ -d "$CHROOT_SCRIPTS" ] ; then
666 690 cp -r "${CHROOT_SCRIPTS}" "${R}/chroot_scripts"
667 691 chroot_exec /bin/bash -x <<'EOF'
668 692 for SCRIPT in /chroot_scripts/* ; do
669 693 if [ -f $SCRIPT -a -x $SCRIPT ] ; then
670 694 $SCRIPT
671 695 fi
672 696 done
673 697 EOF
674 698 rm -rf "${R}/chroot_scripts"
675 699 fi
676 700
677 701 # Remove c/c++ build environment from the chroot
678 702 chroot_remove_cc
679 703
680 704 # Generate required machine-id
681 705 MACHINE_ID=$(dbus-uuidgen)
682 706 echo -n "${MACHINE_ID}" > "${R}/var/lib/dbus/machine-id"
683 707 echo -n "${MACHINE_ID}" > "${ETC_DIR}/machine-id"
684 708
685 709 # APT Cleanup
686 710 chroot_exec apt-get -y clean
687 711 chroot_exec apt-get -y autoclean
688 712 chroot_exec apt-get -y autoremove
689 713
690 714 # Unmount mounted filesystems
691 715 umount -l "${R}/proc"
692 716 umount -l "${R}/sys"
693 717
694 718 # Clean up directories
695 719 rm -rf "${R}/run/*"
696 720 rm -rf "${R}/tmp/*"
697 721
698 722 # Clean up APT proxy settings
699 723 if [ "$KEEP_APT_PROXY" = false ] ; then
700 724 rm -f "${ETC_DIR}/apt/apt.conf.d/10proxy"
701 725 fi
702 726
703 727 # Clean up files
704 728 rm -f "${ETC_DIR}/ssh/ssh_host_*"
705 729 rm -f "${ETC_DIR}/dropbear/dropbear_*"
706 730 rm -f "${ETC_DIR}/apt/sources.list.save"
707 731 rm -f "${ETC_DIR}/resolvconf/resolv.conf.d/original"
708 732 rm -f "${ETC_DIR}/*-"
709 733 rm -f "${ETC_DIR}/resolv.conf"
710 734 rm -f "${R}/root/.bash_history"
711 735 rm -f "${R}/var/lib/urandom/random-seed"
712 736 rm -f "${R}/initrd.img"
713 737 rm -f "${R}/vmlinuz"
714 738 rm -f "${R}${QEMU_BINARY}"
715 739
716 740 if [ "$ENABLE_QEMU" = true ] ; then
717 741 # Setup QEMU directory
718 742 mkdir "${BASEDIR}/qemu"
719 743
720 744 # Copy kernel image to QEMU directory
721 745 install_readonly "${BOOT_DIR}/${KERNEL_IMAGE}" "${BASEDIR}/qemu/${KERNEL_IMAGE}"
722 746
723 747 # Copy kernel config to QEMU directory
724 748 install_readonly "${R}/boot/config-${KERNEL_VERSION}" "${BASEDIR}/qemu/config-${KERNEL_VERSION}"
725 749
726 750 # Copy kernel dtbs to QEMU directory
727 751 for dtb in "${BOOT_DIR}/"*.dtb ; do
728 752 if [ -f "${dtb}" ] ; then
729 753 install_readonly "${dtb}" "${BASEDIR}/qemu/"
730 754 fi
731 755 done
732 756
733 757 # Copy kernel overlays to QEMU directory
734 758 if [ -d "${BOOT_DIR}/overlays" ] ; then
735 759 # Setup overlays dtbs directory
736 760 mkdir "${BASEDIR}/qemu/overlays"
737 761
738 762 for dtb in "${BOOT_DIR}/overlays/"*.dtbo ; do
739 763 if [ -f "${dtb}" ] ; then
740 764 install_readonly "${dtb}" "${BASEDIR}/qemu/overlays/"
741 765 fi
742 766 done
743 767 fi
744 768
745 769 # Copy u-boot files to QEMU directory
746 770 if [ "$ENABLE_UBOOT" = true ] ; then
747 771 if [ -f "${BOOT_DIR}/u-boot.bin" ] ; then
748 772 install_readonly "${BOOT_DIR}/u-boot.bin" "${BASEDIR}/qemu/u-boot.bin"
749 773 fi
750 774 if [ -f "${BOOT_DIR}/uboot.mkimage" ] ; then
751 775 install_readonly "${BOOT_DIR}/uboot.mkimage" "${BASEDIR}/qemu/uboot.mkimage"
752 776 fi
753 777 if [ -f "${BOOT_DIR}/boot.scr" ] ; then
754 778 install_readonly "${BOOT_DIR}/boot.scr" "${BASEDIR}/qemu/boot.scr"
755 779 fi
756 780 fi
757 781
758 782 # Copy initramfs to QEMU directory
759 783 if [ -f "${BOOT_DIR}/initramfs-${KERNEL_VERSION}" ] ; then
760 784 install_readonly "${BOOT_DIR}/initramfs-${KERNEL_VERSION}" "${BASEDIR}/qemu/initramfs-${KERNEL_VERSION}"
761 785 fi
762 786 fi
763 787
764 788 # Calculate size of the chroot directory in KB
765 789 CHROOT_SIZE=$(expr "$(du -s "${R}" | awk '{ print $1 }')")
766 790
767 791 # Calculate the amount of needed 512 Byte sectors
768 792 TABLE_SECTORS=$(expr 1 \* 1024 \* 1024 \/ 512)
769 793 FRMW_SECTORS=$(expr 64 \* 1024 \* 1024 \/ 512)
770 794 ROOT_OFFSET=$(expr "${TABLE_SECTORS}" + "${FRMW_SECTORS}")
771 795
772 796 # The root partition is EXT4
773 797 # This means more space than the actual used space of the chroot is used.
774 798 # As overhead for journaling and reserved blocks 35% are added.
775 799 ROOT_SECTORS=$(expr "$(expr "${CHROOT_SIZE}" + "${CHROOT_SIZE}" \/ 100 \* 35)" \* 1024 \/ 512)
776 800
777 801 # Calculate required image size in 512 Byte sectors
778 802 IMAGE_SECTORS=$(expr "${TABLE_SECTORS}" + "${FRMW_SECTORS}" + "${ROOT_SECTORS}")
779 803
780 804 # Prepare image file
781 805 if [ "$ENABLE_SPLITFS" = true ] ; then
782 806 dd if=/dev/zero of="$IMAGE_NAME-frmw.img" bs=512 count="${TABLE_SECTORS}"
783 807 dd if=/dev/zero of="$IMAGE_NAME-frmw.img" bs=512 count=0 seek="${FRMW_SECTORS}"
784 808 dd if=/dev/zero of="$IMAGE_NAME-root.img" bs=512 count="${TABLE_SECTORS}"
785 809 dd if=/dev/zero of="$IMAGE_NAME-root.img" bs=512 count=0 seek="${ROOT_SECTORS}"
786 810
787 811 # Write firmware/boot partition tables
788 812 sfdisk -q -L -uS -f "$IMAGE_NAME-frmw.img" 2> /dev/null <<EOM
789 813 ${TABLE_SECTORS},${FRMW_SECTORS},c,*
790 814 EOM
791 815
792 816 # Write root partition table
793 817 sfdisk -q -L -uS -f "$IMAGE_NAME-root.img" 2> /dev/null <<EOM
794 818 ${TABLE_SECTORS},${ROOT_SECTORS},83
795 819 EOM
796 820
797 821 # Setup temporary loop devices
798 822 FRMW_LOOP="$(losetup -o 1M --sizelimit 64M -f --show "$IMAGE_NAME"-frmw.img)"
799 823 ROOT_LOOP="$(losetup -o 1M -f --show "$IMAGE_NAME"-root.img)"
800 824 else # ENABLE_SPLITFS=false
801 825 dd if=/dev/zero of="$IMAGE_NAME.img" bs=512 count="${TABLE_SECTORS}"
802 826 dd if=/dev/zero of="$IMAGE_NAME.img" bs=512 count=0 seek="${IMAGE_SECTORS}"
803 827
804 828 # Write partition table
805 829 sfdisk -q -L -uS -f "$IMAGE_NAME.img" 2> /dev/null <<EOM
806 830 ${TABLE_SECTORS},${FRMW_SECTORS},c,*
807 831 ${ROOT_OFFSET},${ROOT_SECTORS},83
808 832 EOM
809 833
810 834 # Setup temporary loop devices
811 835 FRMW_LOOP="$(losetup -o 1M --sizelimit 64M -f --show "$IMAGE_NAME".img)"
812 836 ROOT_LOOP="$(losetup -o 65M -f --show "$IMAGE_NAME".img)"
813 837 fi
814 838
815 839 if [ "$ENABLE_CRYPTFS" = true ] ; then
816 840 # Create dummy ext4 fs
817 841 mkfs.ext4 "$ROOT_LOOP"
818 842
819 843 # Setup password keyfile
820 844 touch .password
821 845 chmod 600 .password
822 846 echo -n ${CRYPTFS_PASSWORD} > .password
823 847
824 848 # Initialize encrypted partition
825 849 echo "YES" | cryptsetup luksFormat "${ROOT_LOOP}" -c "${CRYPTFS_CIPHER}" -s "${CRYPTFS_XTSKEYSIZE}" .password
850 cryptsetup --verbose --debug -q luksFormat "${ROOT_LOOP}" -c "${CRYPTFS_CIPHER}" -h "${CRYPTFS_HASH}" -s "${CRYPTFS_XTSKEYSIZE}" .password
826 851
827 852 # Open encrypted partition and setup mapping
828 853 cryptsetup luksOpen "${ROOT_LOOP}" -d .password "${CRYPTFS_MAPPING}"
829 854
830 855 # Secure delete password keyfile
831 856 shred -zu .password
832 857
833 858 # Update temporary loop device
834 859 ROOT_LOOP="/dev/mapper/${CRYPTFS_MAPPING}"
835 860
836 861 # Wipe encrypted partition (encryption cipher is used for randomness)
837 862 dd if=/dev/zero of="${ROOT_LOOP}" bs=512 count="$(blockdev --getsz "${ROOT_LOOP}")"
838 863 fi
839 864
840 865 # Build filesystems
841 866 mkfs.vfat "$FRMW_LOOP"
842 867 mkfs.ext4 "$ROOT_LOOP"
843 868
844 869 # Mount the temporary loop devices
845 870 mkdir -p "$BUILDDIR/mount"
846 871 mount "$ROOT_LOOP" "$BUILDDIR/mount"
847 872
848 873 mkdir -p "$BUILDDIR/mount/boot/firmware"
849 874 mount "$FRMW_LOOP" "$BUILDDIR/mount/boot/firmware"
850 875
851 876 # Copy all files from the chroot to the loop device mount point directory
852 877 rsync -a "${R}/" "$BUILDDIR/mount/"
853 878
854 879 # Unmount all temporary loop devices and mount points
855 880 cleanup
856 881
857 882 # Create block map file(s) of image(s)
858 883 if [ "$ENABLE_SPLITFS" = true ] ; then
859 884 # Create block map files for "bmaptool"
860 885 bmaptool create -o "$IMAGE_NAME-frmw.bmap" "$IMAGE_NAME-frmw.img"
861 886 bmaptool create -o "$IMAGE_NAME-root.bmap" "$IMAGE_NAME-root.img"
862 887
863 888 # Image was successfully created
864 889 echo "$IMAGE_NAME-frmw.img ($(expr \( "${TABLE_SECTORS}" + "${FRMW_SECTORS}" \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
865 890 echo "$IMAGE_NAME-root.img ($(expr \( "${TABLE_SECTORS}" + "${ROOT_SECTORS}" \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
866 891 else
867 892 # Create block map file for "bmaptool"
868 893 bmaptool create -o "$IMAGE_NAME.bmap" "$IMAGE_NAME.img"
869 894
870 895 # Image was successfully created
871 896 echo "$IMAGE_NAME.img ($(expr \( "${TABLE_SECTORS}" + "${FRMW_SECTORS}" + "${ROOT_SECTORS}" \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
872 897
873 898 # Create qemu qcow2 image
874 899 if [ "$ENABLE_QEMU" = true ] ; then
875 900 QEMU_IMAGE=${QEMU_IMAGE:=${BASEDIR}/qemu/${DATE}-${KERNEL_ARCH}-CURRENT-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}}
876 901 QEMU_SIZE=16G
877 902
878 903 qemu-img convert -f raw -O qcow2 "$IMAGE_NAME".img "$QEMU_IMAGE".qcow2
879 904 qemu-img resize "$QEMU_IMAGE".qcow2 $QEMU_SIZE
880 905
881 906 echo "$QEMU_IMAGE.qcow2 ($QEMU_SIZE)" ": successfully created"
882 907 fi
883 908 fi
General Comments 0
Vous devez vous connecter pour laisser un commentaire. Se connecter maintenant