##// END OF EJS Templates
Raspi2-3_GenImage
RSS

Cloner depuis https://github.com/drtyhlpr/rpi23-gen-image.git

merge Ok
vidal -
r705:b9989bcfeb78
parent child
Show More
Show file before | Show file after | Hide comments
@@ -12,6 +12,7 The following list of Debian packages must be installed on the build system beca
12 ```debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git bc psmisc dbus sudo```
12 ```debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git bc psmisc dbus sudo```
13
13
14 It is recommended to configure the `rpi23-gen-image.sh` script to build and install the latest Raspberry Pi Linux kernel. For the Raspberry 3 this is mandatory. Kernel compilation and linking will be performed on the build system using an ARM (armhf/armel) cross-compiler toolchain.
14 It is recommended to configure the `rpi23-gen-image.sh` script to build and install the latest Raspberry Pi Linux kernel. For the Raspberry 3 this is mandatory. Kernel compilation and linking will be performed on the build system using an ARM (armhf/armel) cross-compiler toolchain.
15 It is recommended to configure the `rpi23-gen-image.sh` script to build and install the latest Raspberry Pi Linux kernel. For the Raspberry 3 this is mandatory. Kernel compilation and linking will be performed on the build system using an ARM (armhf/armel/aarch64) cross-compiler toolchain.
15
16
16 The script has been tested using the default `crossbuild-essential-armhf` and `crossbuild-essential-armel` toolchain meta packages on Debian Linux `stretch` build systems. Please check the [Debian CrossToolchains Wiki](https://wiki.debian.org/CrossToolchains) for further information.
17 The script has been tested using the default `crossbuild-essential-armhf` and `crossbuild-essential-armel` toolchain meta packages on Debian Linux `stretch` build systems. Please check the [Debian CrossToolchains Wiki](https://wiki.debian.org/CrossToolchains) for further information.
17
18
@@ -66,6 +67,7 A comma-separated list of additional packages to be installed by apt after boots
66 #### General system settings:
67 #### General system settings:
67 ##### `SET_ARCH`=32
68 ##### `SET_ARCH`=32
68 Set Architecture to default 32bit. If you want to compile 64-bit (RPI3 or RPI3+) set it to `64`. This option will set every needed cross-compiler or board specific option for a successful build.
69 Set Architecture to default 32bit. If you want to compile 64-bit (RPI3 or RPI3+) set it to `64`. This option will set every needed cross-compiler or board specific option for a successful build.
70 Set Architecture to default 32bit. If you want to compile 64-bit (RPI3/RPI3+/RPI4) set it to `64`. This option will set every needed cross-compiler or board specific option for a successful build.
69
71
70 ##### `RPI_MODEL`=2
72 ##### `RPI_MODEL`=2
71 Specify the target Raspberry Pi hardware model. The script at this time supports the following Raspberry Pi models:
73 Specify the target Raspberry Pi hardware model. The script at this time supports the following Raspberry Pi models:
@@ -75,6 +77,7 Specify the target Raspberry Pi hardware model. The script at this time supports
75 - `2` = Raspberry Pi 2 model B
77 - `2` = Raspberry Pi 2 model B
76 - `3` = Raspberry Pi 3 model B
78 - `3` = Raspberry Pi 3 model B
77 - `3P` = Raspberry Pi 3 model B+
79 - `3P` = Raspberry Pi 3 model B+
80 - `4` = Raspberry Pi 4 model B
78
81
79 ##### `RELEASE`="buster"
82 ##### `RELEASE`="buster"
80 Set the desired Debian release name. The script at this time supports the bootstrapping of the Debian releases `stretch` and `buster`.
83 Set the desired Debian release name. The script at this time supports the bootstrapping of the Debian releases `stretch` and `buster`.
@@ -220,6 +223,9 Support for halt,init,poweroff,reboot,runlevel,shutdown,telinit commands
220 ---
223 ---
221
224
222 #### Advanced system features:
225 #### Advanced system features:
226 ##### `ENABLE_KEYGEN`=false
227 Recover your lost codec license
228
223 ##### `ENABLE_SYSTEMDSWAP`=false
229 ##### `ENABLE_SYSTEMDSWAP`=false
224 Enables [Systemd-swap service](https://github.com/Nefelim4ag/systemd-swap). Usefull if `KERNEL_ZSWAP` is enabled.
230 Enables [Systemd-swap service](https://github.com/Nefelim4ag/systemd-swap). Usefull if `KERNEL_ZSWAP` is enabled.
225
231
@@ -231,6 +237,7 Reduce the disk space usage by deleting packages and files. See `REDUCE_*` param
231
237
232 ##### `ENABLE_UBOOT`=false
238 ##### `ENABLE_UBOOT`=false
233 Replace the default RPi 0/1/2/3 second stage bootloader (bootcode.bin) with [U-Boot bootloader](https://git.denx.de/?p=u-boot.git;a=summary). U-Boot can boot images via the network using the BOOTP/TFTP protocol.
239 Replace the default RPi 0/1/2/3 second stage bootloader (bootcode.bin) with [U-Boot bootloader](https://git.denx.de/?p=u-boot.git;a=summary). U-Boot can boot images via the network using the BOOTP/TFTP protocol.
240 RPI4 needs tbd
234
241
235 ##### `UBOOTSRC_DIR`=""
242 ##### `UBOOTSRC_DIR`=""
236 Path to a directory (`u-boot`) of [U-Boot bootloader sources](https://git.denx.de/?p=u-boot.git;a=summary) that will be copied, configured, build and installed inside the chroot.
243 Path to a directory (`u-boot`) of [U-Boot bootloader sources](https://git.denx.de/?p=u-boot.git;a=summary) that will be copied, configured, build and installed inside the chroot.
@@ -315,6 +322,11 Add SSH (v2) public key(s) from specified file to `authorized_keys` file to enab
315 #### Kernel compilation:
322 #### Kernel compilation:
316 ##### `BUILD_KERNEL`=true
323 ##### `BUILD_KERNEL`=true
317 Build and install the latest RPi 0/1/2/3 Linux kernel. Currently only the default RPi 0/1/2/3 kernel configuration is used.
324 Build and install the latest RPi 0/1/2/3 Linux kernel. Currently only the default RPi 0/1/2/3 kernel configuration is used.
325 Build and install the latest RPi 0/1/2/3/4 Linux kernel. The default RPi 0/1/2/3/ kernel configuration is used most of the time.
326 ENABLE_NEXMON - Changes Kernel Source to [https://github.com/Re4son/](Kali Linux Kernel)
327 Precompiled 32bit kernel for RPI0/1/2/3 by [https://github.com/hypriot/](hypriot)
328 Precompiled 64bit kernel for RPI3/4 by [https://github.com/sakaki-/](sakaki)
329
318
330
319 ##### `CROSS_COMPILE`="arm-linux-gnueabihf-"
331 ##### `CROSS_COMPILE`="arm-linux-gnueabihf-"
320 This sets the cross-compile environment for the compiler.
332 This sets the cross-compile environment for the compiler.
@@ -391,6 +403,18 Allow attaching eBPF programs to a cgroup using the bpf syscall (CONFIG_BPF_SYSC
391 ##### `KERNEL_SECURITY`=false
403 ##### `KERNEL_SECURITY`=false
392 Enables Apparmor, integrity subsystem, auditing.
404 Enables Apparmor, integrity subsystem, auditing.
393
405
406 ##### `KERNEL_BTRFS`="false"
407 enable btrfs kernel support
408
409 ##### `KERNEL_POEHAT`="false"
410 enable Enable RPI POE HAT fan kernel support
411
412 ##### `KERNEL_NSPAWN`="false"
413 Enable per-interface network priority control - for systemd-nspawn
414
415 ##### `KERNEL_DHKEY`="true"
416 Diffie-Hellman operations on retained keys - required for >keyutils-1.6
417
394 ---
418 ---
395
419
396 #### Reduce disk usage:
420 #### Reduce disk usage:
@@ -433,8 +457,12 Set password of the encrypted root partition. This parameter is mandatory if `EN
433 Set name of dm-crypt managed device-mapper mapping.
457 Set name of dm-crypt managed device-mapper mapping.
434
458
435 ##### `CRYPTFS_CIPHER`="aes-xts-plain64:sha512"
459 ##### `CRYPTFS_CIPHER`="aes-xts-plain64:sha512"
460 ##### `CRYPTFS_CIPHER`="aes-xts-plain64"
436 Set cipher specification string. `aes-xts*` ciphers are strongly recommended.
461 Set cipher specification string. `aes-xts*` ciphers are strongly recommended.
437
462
463 ##### `CRYPTFS_HASH`=sha512
464 Hash function and size to be used
465
438 ##### `CRYPTFS_XTSKEYSIZE`=512
466 ##### `CRYPTFS_XTSKEYSIZE`=512
439 Sets key size in bits. The argument has to be a multiple of 8.
467 Sets key size in bits. The argument has to be a multiple of 8.
440
468
Show file before | Show file after | Hide comments
@@ -35,7 +35,17 fi
35
35
36 # Use specified APT server and release
36 # Use specified APT server and release
37 sed -i "s/\/ftp.debian.org\//\/${APT_SERVER}\//" "${ETC_DIR}/apt/sources.list"
37 sed -i "s/\/ftp.debian.org\//\/${APT_SERVER}\//" "${ETC_DIR}/apt/sources.list"
38
39 #Fix for changing path for security updates in testing/bullseye
40 if [ "$RELEASE" = "testing" ] ; then
41 sed -i "s,stretch\\/updates,testing-security," "${ETC_DIR}/apt/sources.list"
38 sed -i "s/ stretch/ ${RELEASE}/" "${ETC_DIR}/apt/sources.list"
42 sed -i "s/ stretch/ ${RELEASE}/" "${ETC_DIR}/apt/sources.list"
43 fi
44
45 if [ -z "$RELEASE" ] ; then
46 # Change release in sources list
47 sed -i "s/ stretch/ ${RELEASE}/" "${ETC_DIR}/apt/sources.list"
48 fi
39
49
40 # Upgrade package index and update all installed packages and changed dependencies
50 # Upgrade package index and update all installed packages and changed dependencies
41 chroot_exec apt-get -qq -y update
51 chroot_exec apt-get -qq -y update
Show file before | Show file after | Hide comments
@@ -8,13 +8,17
8 # Install and setup fstab
8 # Install and setup fstab
9 install_readonly files/mount/fstab "${ETC_DIR}/fstab"
9 install_readonly files/mount/fstab "${ETC_DIR}/fstab"
10
10
11 # Add usb/sda disk root partition to fstab
11 # Generate initramfs file
12 if [ "$ENABLE_SPLITFS" = true ] && [ "$ENABLE_CRYPTFS" = false ] ; then
12 if [ "$ENABLE_INITRAMFS" = true ] ; then
13 sed -i "s/mmcblk0p2/sda1/" "${ETC_DIR}/fstab"
13 if [ "$ENABLE_CRYPTFS" = true ] ; then
14
15 # Include initramfs scripts to auto expand encrypted root partition
16 if [ "$EXPANDROOT" = true ] ; then
17 install_exec files/initramfs/expand_encrypted_rootfs "${ETC_DIR}/initramfs-tools/scripts/init-premount/expand_encrypted_rootfs"
18 install_exec files/initramfs/expand-premount "${ETC_DIR}/initramfs-tools/scripts/local-premount/expand-premount"
19 install_exec files/initramfs/expand-tools "${ETC_DIR}/initramfs-tools/hooks/expand-tools"
14 fi
20 fi
15
21
16 # Add encrypted root partition to fstab and crypttab
17 if [ "$ENABLE_CRYPTFS" = true ] ; then
18 # Replace fstab root partition with encrypted partition mapping
22 # Replace fstab root partition with encrypted partition mapping
19 sed -i "s/mmcblk0p2/mapper\/${CRYPTFS_MAPPING}/" "${ETC_DIR}/fstab"
23 sed -i "s/mmcblk0p2/mapper\/${CRYPTFS_MAPPING}/" "${ETC_DIR}/fstab"
20
24
@@ -22,45 +26,33 if [ "$ENABLE_CRYPTFS" = true ] ; then
22 install_readonly files/mount/crypttab "${ETC_DIR}/crypttab"
26 install_readonly files/mount/crypttab "${ETC_DIR}/crypttab"
23 echo "${CRYPTFS_MAPPING} /dev/mmcblk0p2 none luks,initramfs" >> "${ETC_DIR}/crypttab"
27 echo "${CRYPTFS_MAPPING} /dev/mmcblk0p2 none luks,initramfs" >> "${ETC_DIR}/crypttab"
24
28
25 if [ "$ENABLE_SPLITFS" = true ] ; then
29 if [ "$ENABLE_USBBOOT" = true ] && [ "$ENABLE_SPLITFS" = false ]; then
26 # Add usb/sda1 disk to crypttab
27 sed -i "s/mmcblk0p2/sda1/" "${ETC_DIR}/crypttab"
28 fi
29 fi
30
31 if [ "$ENABLE_USBBOOT" = true ] ; then
32 sed -i "s/mmcblk0p1/sda1/" "${ETC_DIR}/fstab"
30 sed -i "s/mmcblk0p1/sda1/" "${ETC_DIR}/fstab"
33 sed -i "s/mmcblk0p2/sda2/" "${ETC_DIR}/fstab"
34
35 # Add usb/sda2 disk to crypttab
31 # Add usb/sda2 disk to crypttab
36 sed -i "s/mmcblk0p2/sda2/" "${ETC_DIR}/crypttab"
32 sed -i "s/mmcblk0p2/sda2/" "${ETC_DIR}/crypttab"
37 fi
33 fi
38
34
39 # Generate initramfs file
35 # Add encrypted root partition to fstab and crypttab
40 if [ "$ENABLE_INITRAMFS" = true ] ; then
36 if [ "$ENABLE_SPLITFS" = true ] && [ "$ENABLE_USBBOOT" = false ]; then
41 if [ "$ENABLE_CRYPTFS" = true ] ; then
37 # Add usb/sda1 disk to crypttab
42 # Include initramfs scripts to auto expand encrypted root partition
38 sed -i "s/mmcblk0p2/sda1/" "${ETC_DIR}/crypttab"
43 if [ "$EXPANDROOT" = true ] ; then
44 install_exec files/initramfs/expand_encrypted_rootfs "${ETC_DIR}/initramfs-tools/scripts/init-premount/expand_encrypted_rootfs"
45 install_exec files/initramfs/expand-premount "${ETC_DIR}/initramfs-tools/scripts/local-premount/expand-premount"
46 install_exec files/initramfs/expand-tools "${ETC_DIR}/initramfs-tools/hooks/expand-tools"
47 fi
39 fi
48
40
41 if [ "$CRYPTFS_DROPBEAR" = true ]; then
49 if [ "$ENABLE_DHCP" = false ] ; then
42 if [ "$ENABLE_DHCP" = false ] ; then
50 # Get cdir from NET_ADDRESS e.g. 24
43 # Get cdir from NET_ADDRESS e.g. 24
51 cdir=$(${NET_ADDRESS} | cut -d '/' -f2)
44 cdir=$(printf "%s" "${NET_ADDRESS}" | cut -d '/' -f2)
52
45
53 # Convert cdir ro netmask e.g. 24 to 255.255.255.0
46 # Convert cdir ro netmask e.g. 24 to 255.255.255.0
54 NET_MASK=$(cdr2mask "$cdir")
47 NET_MASK=$(cdr2mask "$cdir")
55
48
56 # Write static ip settings to "${ETC_DIR}"/initramfs-tools/initramfs.conf
49 # Write static ip settings to "${ETC_DIR}"/initramfs-tools/initramfs.conf
57 sed -i "\$aIP=${NET_ADDRESS}::${NET_GATEWAY}:${NET_MASK}:${HOSTNAME}:" "${ETC_DIR}"/initramfs-tools/initramfs.conf
50 # ip=<client-ip>:<server-ip>:<gw-ip>:<netmask>:<hostname>:<device>:<autoconf>
58
51 sed -i "\$a\nIP=${NET_ADDRESS}::${NET_GATEWAY}:${NET_MASK}:${HOSTNAME}:" "${ETC_DIR}"/initramfs-tools/initramfs.conf
59 # Regenerate initramfs
52 else
60 chroot_exec mkinitramfs -o "/boot/firmware/initramfs-${KERNEL_VERSION}" "${KERNEL_VERSION}"
53 sed -i "\$a\nIP=::::${HOSTNAME}::dhcp" "${ETC_DIR}"/initramfs-tools/initramfs.conf
61 fi
54 fi
62
55
63 if [ "$CRYPTFS_DROPBEAR" = true ]; then
64 if [ -n "$CRYPTFS_DROPBEAR_PUBKEY" ] && [ -f "$CRYPTFS_DROPBEAR_PUBKEY" ] ; then
56 if [ -n "$CRYPTFS_DROPBEAR_PUBKEY" ] && [ -f "$CRYPTFS_DROPBEAR_PUBKEY" ] ; then
65 install_readonly "${CRYPTFS_DROPBEAR_PUBKEY}" "${ETC_DIR}"/dropbear-initramfs/id_rsa.pub
57 install_readonly "${CRYPTFS_DROPBEAR_PUBKEY}" "${ETC_DIR}"/dropbear-initramfs/id_rsa.pub
66 cat "${ETC_DIR}"/dropbear-initramfs/id_rsa.pub >> "${ETC_DIR}"/dropbear-initramfs/authorized_keys
58 cat "${ETC_DIR}"/dropbear-initramfs/id_rsa.pub >> "${ETC_DIR}"/dropbear-initramfs/authorized_keys
@@ -93,6 +85,7 if [ "$ENABLE_INITRAMFS" = true ] ; then
93 # Enable Dropbear inside initramfs
85 # Enable Dropbear inside initramfs
94 sed -i "54 i sleep 5" "${R}"/usr/share/initramfs-tools/scripts/init-premount/dropbear
86 sed -i "54 i sleep 5" "${R}"/usr/share/initramfs-tools/scripts/init-premount/dropbear
95 fi
87 fi
88 # CRYPTFSDROPBEAR=false
96 else
89 else
97 # Disable SSHD inside initramfs
90 # Disable SSHD inside initramfs
98 printf "#\n# DROPBEAR: [ y | n ]\n#\n\nDROPBEAR=n\n" >> "${ETC_DIR}/initramfs-tools/initramfs.conf"
91 printf "#\n# DROPBEAR: [ y | n ]\n#\n\nDROPBEAR=n\n" >> "${ETC_DIR}/initramfs-tools/initramfs.conf"
@@ -100,16 +93,29 if [ "$ENABLE_INITRAMFS" = true ] ; then
100
93
101 # Add cryptsetup modules to initramfs
94 # Add cryptsetup modules to initramfs
102 printf "#\n# CRYPTSETUP: [ y | n ]\n#\n\nCRYPTSETUP=y\n" >> "${ETC_DIR}/initramfs-tools/conf-hook"
95 printf "#\n# CRYPTSETUP: [ y | n ]\n#\n\nCRYPTSETUP=y\n" >> "${ETC_DIR}/initramfs-tools/conf-hook"
96 #printf "#\n# CRYPTSETUP: [ y | n ]\n#\n\nCRYPTSETUP=y\n" >> "${ETC_DIR}/initramfs-tools/conf-hook"
103
97
104 # Dummy mapping required by mkinitramfs
98 # Dummy mapping required by mkinitramfs
105 echo "0 1 crypt $(echo "${CRYPTFS_CIPHER}" | cut -d ':' -f 1) ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff 0 7:0 4096" | chroot_exec dmsetup create "${CRYPTFS_MAPPING}"
99 echo "0 1 crypt $(echo "${CRYPTFS_CIPHER}" | cut -d ':' -f 1) ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff 0 7:0 4096" | chroot_exec dmsetup create "${CRYPTFS_MAPPING}"
100 echo "0 1 crypt "${CRYPTFS_CIPHER}" ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff 0 7:0 4096" | chroot_exec dmsetup create "${CRYPTFS_MAPPING}"
106
101
107 # Generate initramfs with encrypted root partition support
102 # Generate initramfs with encrypted root partition support
108 chroot_exec mkinitramfs -o "/boot/firmware/initramfs-${KERNEL_VERSION}" "${KERNEL_VERSION}"
103 chroot_exec mkinitramfs -o "/boot/firmware/initramfs-${KERNEL_VERSION}" "${KERNEL_VERSION}"
109
104
110 # Remove dummy mapping
105 # Remove dummy mapping
111 chroot_exec cryptsetup close "${CRYPTFS_MAPPING}"
106 chroot_exec cryptsetup close "${CRYPTFS_MAPPING}"
107 # CRYPTFS=false
112 else
108 else
109 #USB BOOT /boot on sda1 / on sda2
110 if [ "$ENABLE_USBBOOT" = true ] ; then
111 sed -i "s/mmcblk0p1/sda1/" "${ETC_DIR}/fstab"
112 sed -i "s/mmcblk0p2/sda2/" "${ETC_DIR}/fstab"
113 fi
114
115 # Add usb/sda disk root partition to fstab
116 if [ "$ENABLE_SPLITFS" = true ] ; then
117 sed -i "s/mmcblk0p2/sda1/" "${ETC_DIR}/fstab"
118 fi
113 # Generate initramfs without encrypted root partition support
119 # Generate initramfs without encrypted root partition support
114 chroot_exec mkinitramfs -o "/boot/firmware/initramfs-${KERNEL_VERSION}" "${KERNEL_VERSION}"
120 chroot_exec mkinitramfs -o "/boot/firmware/initramfs-${KERNEL_VERSION}" "${KERNEL_VERSION}"
115 fi
121 fi
Show file before | Show file after | Hide comments
@@ -113,6 +113,7 if [ "$ENABLE_TURBO" = true ] ; then
113 fi
113 fi
114
114
115 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then
115 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then
116 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] || [ "$RPI_MODEL" = 4 ]; then
116
117
117 # Bluetooth enabled
118 # Bluetooth enabled
118 if [ "$ENABLE_BLUETOOTH" = true ] ; then
119 if [ "$ENABLE_BLUETOOTH" = true ] ; then
@@ -132,6 +133,10 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then
132 # Set permissions
133 # Set permissions
133 chown -R root:root "${R}/tmp/pi-bluetooth"
134 chown -R root:root "${R}/tmp/pi-bluetooth"
134
135
136 # Bluetooth firmware from arch aur https://aur.archlinux.org/packages/pi-bluetooth/
137 wget -q -O "${R}/tmp/pi-bluetooth/LICENCE.broadcom_bcm43xx" https://aur.archlinux.org/cgit/aur.git/plain/LICENCE.broadcom_bcm43xx?h=pi-bluetooth
138 wget -q -O "${R}/tmp/pi-bluetooth/BCM43430A1.hcd" https://raw.githubusercontent.com/RPi-Distro/bluez-firmware/master/broadcom/BCM43430A1.hcd
139
135 # Install tools
140 # Install tools
136 install_readonly "${R}/tmp/pi-bluetooth/usr/bin/btuart" "${R}/usr/bin/btuart"
141 install_readonly "${R}/tmp/pi-bluetooth/usr/bin/btuart" "${R}/usr/bin/btuart"
137 install_readonly "${R}/tmp/pi-bluetooth/usr/bin/bthelper" "${R}/usr/bin/bthelper"
142 install_readonly "${R}/tmp/pi-bluetooth/usr/bin/bthelper" "${R}/usr/bin/bthelper"
@@ -211,6 +216,11 if [ "$ENABLE_SYSTEMDSWAP" = true ] ; then
211 # Change into downloaded src dir
216 # Change into downloaded src dir
212 cd "${R}/tmp/systemd-swap" || exit
217 cd "${R}/tmp/systemd-swap" || exit
213
218
219
220 # Get Verion
221 VERSION=$(git tag | tail -n 1)
222 #sed -i "s/DEB_NAME=.*/DEB_NAME=systemd-swap_all/g" "${R}/tmp/systemd-swap/package.sh"
223
214 # Build package
224 # Build package
215 bash ./package.sh debian
225 bash ./package.sh debian
216
226
@@ -222,6 +232,7 if [ "$ENABLE_SYSTEMDSWAP" = true ] ; then
222
232
223 # Install package - IMPROVE AND MAKE IT POSSIBLE WITHOUT VERSION NR.
233 # Install package - IMPROVE AND MAKE IT POSSIBLE WITHOUT VERSION NR.
224 chroot_exec dpkg -i /tmp/systemd-swap/systemd-swap_4.0.1_any.deb
234 chroot_exec dpkg -i /tmp/systemd-swap/systemd-swap_4.0.1_any.deb
235 chroot_exec dpkg -i /tmp/systemd-swap/systemd-swap_"$VERSION"_all.deb
225
236
226 # Enable service
237 # Enable service
227 chroot_exec systemctl enable systemd-swap
238 chroot_exec systemctl enable systemd-swap
Show file before | Show file after | Hide comments
@@ -107,6 +107,7 if [ "$ENABLE_WIRELESS" = true ] ; then
107
107
108 # Fetch firmware binary blob for RPI3B+
108 # Fetch firmware binary blob for RPI3B+
109 if [ "$RPI_MODEL" = 3P ] ; then
109 if [ "$RPI_MODEL" = 3P ] ; then
110 if [ "$RPI_MODEL" = 3P ] || [ "$RPI_MODEL" = 4 ] ; then
110 # Fetch firmware binary blob for RPi3P
111 # Fetch firmware binary blob for RPi3P
111 as_nobody wget -q -O "${temp_dir}/brcmfmac43455-sdio.bin" "${WLAN_FIRMWARE_URL}/brcmfmac43455-sdio.bin"
112 as_nobody wget -q -O "${temp_dir}/brcmfmac43455-sdio.bin" "${WLAN_FIRMWARE_URL}/brcmfmac43455-sdio.bin"
112 as_nobody wget -q -O "${temp_dir}/brcmfmac43455-sdio.txt" "${WLAN_FIRMWARE_URL}/brcmfmac43455-sdio.txt"
113 as_nobody wget -q -O "${temp_dir}/brcmfmac43455-sdio.txt" "${WLAN_FIRMWARE_URL}/brcmfmac43455-sdio.txt"
Show file before | Show file after | Hide comments
@@ -35,10 +35,12 if [ "$ENABLE_VIDEOCORE" = true ] ; then
35
35
36 if [ "$RELEASE_ARCH" = "arm64" ] ; then
36 if [ "$RELEASE_ARCH" = "arm64" ] ; then
37 cmake -DCMAKE_SYSTEM_NAME=Linux -DCMAKE_BUILD_TYPE=release -DARM64=ON -DCMAKE_C_COMPILER=aarch64-linux-gnu-gcc -DCMAKE_CXX_COMPILER=aarch64-linux-gnu-g++ -DCMAKE_ASM_COMPILER=aarch64-linux-gnu-gcc -DCMAKE_C_FLAGS="${CMAKE_C_FLAGS} -U_FORTIFY_SOURCE" -DCMAKE_ASM_FLAGS="${CMAKE_ASM_FLAGS} -c" -DVIDEOCORE_BUILD_DIR="${R}" "${R}/tmp/userland"
37 cmake -DCMAKE_SYSTEM_NAME=Linux -DCMAKE_BUILD_TYPE=release -DARM64=ON -DCMAKE_C_COMPILER=aarch64-linux-gnu-gcc -DCMAKE_CXX_COMPILER=aarch64-linux-gnu-g++ -DCMAKE_ASM_COMPILER=aarch64-linux-gnu-gcc -DCMAKE_C_FLAGS="${CMAKE_C_FLAGS} -U_FORTIFY_SOURCE" -DCMAKE_ASM_FLAGS="${CMAKE_ASM_FLAGS} -c" -DVIDEOCORE_BUILD_DIR="${R}" "${R}/tmp/userland"
38 cmake -DCMAKE_SYSTEM_NAME=Linux -DCMAKE_BUILD_TYPE=release -DCMAKE_TOOLCHAIN_FILE="${R}"/tmp/userland/makefiles/cmake/toolchains/aarch64-linux-gnu.cmake -DARM64=ON -DCMAKE_C_COMPILER=aarch64-linux-gnu-gcc -DCMAKE_CXX_COMPILER=aarch64-linux-gnu-g++ -DCMAKE_ASM_COMPILER=aarch64-linux-gnu-gcc -DCMAKE_C_FLAGS="${CMAKE_C_FLAGS} -U_FORTIFY_SOURCE" -DCMAKE_ASM_FLAGS="${CMAKE_ASM_FLAGS} -c" -DVIDEOCORE_BUILD_DIR="${R}" "${R}/tmp/userland"
38 fi
39 fi
39
40
40 if [ "$RELEASE_ARCH" = "armel" ] ; then
41 if [ "$RELEASE_ARCH" = "armel" ] ; then
41 cmake -DCMAKE_SYSTEM_NAME=Linux -DCMAKE_BUILD_TYPE=release -DCMAKE_C_COMPILER=arm-linux-gnueabi-gcc -DCMAKE_CXX_COMPILER=arm-linux-gnueabi-g++ -DCMAKE_ASM_COMPILER=arm-linux-gnueabi-gcc -DCMAKE_C_FLAGS="${CMAKE_C_FLAGS} -U_FORTIFY_SOURCE" -DCMAKE_ASM_FLAGS="${CMAKE_ASM_FLAGS} -c" -DCMAKE_SYSTEM_PROCESSOR="arm" -DVIDEOCORE_BUILD_DIR="${R}" "${R}/tmp/userland"
42 cmake -DCMAKE_SYSTEM_NAME=Linux -DCMAKE_BUILD_TYPE=release -DCMAKE_C_COMPILER=arm-linux-gnueabi-gcc -DCMAKE_CXX_COMPILER=arm-linux-gnueabi-g++ -DCMAKE_ASM_COMPILER=arm-linux-gnueabi-gcc -DCMAKE_C_FLAGS="${CMAKE_C_FLAGS} -U_FORTIFY_SOURCE" -DCMAKE_ASM_FLAGS="${CMAKE_ASM_FLAGS} -c" -DCMAKE_SYSTEM_PROCESSOR="arm" -DVIDEOCORE_BUILD_DIR="${R}" "${R}/tmp/userland"
43 cmake -DCMAKE_SYSTEM_NAME=Linux -DCMAKE_BUILD_TYPE=release -DCMAKE_TOOLCHAIN_FILE="${R}"/tmp/userland/makefiles/cmake/toolchains/arm-linux-gnueabihf.cmake -DCMAKE_C_COMPILER=arm-linux-gnueabi-gcc -DCMAKE_CXX_COMPILER=arm-linux-gnueabi-g++ -DCMAKE_ASM_COMPILER=arm-linux-gnueabi-gcc -DCMAKE_C_FLAGS="${CMAKE_C_FLAGS} -U_FORTIFY_SOURCE" -DCMAKE_ASM_FLAGS="${CMAKE_ASM_FLAGS} -c" -DCMAKE_SYSTEM_PROCESSOR="arm" -DVIDEOCORE_BUILD_DIR="${R}" "${R}/tmp/userland"
42 fi
44 fi
43
45
44 if [ "$RELEASE_ARCH" = "armhf" ] ; then
46 if [ "$RELEASE_ARCH" = "armhf" ] ; then
Show file before | Show file after | Hide comments
@@ -75,6 +75,7 if [ "$ENABLE_NEXMON" = true ] && [ "$ENABLE_WIRELESS" = true ]; then
75 fi
75 fi
76
76
77 if [ "$RPI_MODEL" = 3P ] ; then
77 if [ "$RPI_MODEL" = 3P ] ; then
78 if [ "$RPI_MODEL" = 3P ] || [ "$RPI_MODEL" = 4 ] ; then
78 cd "${NEXMON_ROOT}"/patches/bcm43455c0/7_45_154/nexmon || exit
79 cd "${NEXMON_ROOT}"/patches/bcm43455c0/7_45_154/nexmon || exit
79 sed -i -e 's/all:.*/all: $(RAM_FILE)/g' ${NEXMON_ROOT}/patches/bcm43455c0/7_45_154/nexmon/Makefile
80 sed -i -e 's/all:.*/all: $(RAM_FILE)/g' ${NEXMON_ROOT}/patches/bcm43455c0/7_45_154/nexmon/Makefile
80 make clean
81 make clean
Show file before | Show file after | Hide comments
@@ -44,6 +44,9 RPI_MODEL=${RPI_MODEL:=2}
44
44
45 # Debian release
45 # Debian release
46 RELEASE=${RELEASE:=buster}
46 RELEASE=${RELEASE:=buster}
47 if [ $RELEASE = "bullseye" ] ; then
48 RELEASE=testing
49 fi
47
50
48 # Kernel Branch
51 # Kernel Branch
49 KERNEL_BRANCH=${KERNEL_BRANCH:=""}
52 KERNEL_BRANCH=${KERNEL_BRANCH:=""}
@@ -65,10 +68,17 RPI_32_KERNEL_URL=${RPI_32_KERNEL_URL:=https://github.com/hypriot/rpi-kernel/rel
65 RPI_32_KERNELHEADER_URL=${RPI_32_KERNELHEADER_URL:=https://github.com/hypriot/rpi-kernel/releases/download/v4.14.34/raspberrypi-kernel-headers_20180422-141901_armhf.deb}
68 RPI_32_KERNELHEADER_URL=${RPI_32_KERNELHEADER_URL:=https://github.com/hypriot/rpi-kernel/releases/download/v4.14.34/raspberrypi-kernel-headers_20180422-141901_armhf.deb}
66 # Kernel has KVM and zswap enabled - use if KERNEL_* parameters and precompiled kernel are used
69 # Kernel has KVM and zswap enabled - use if KERNEL_* parameters and precompiled kernel are used
67 RPI3_64_BIS_KERNEL_URL=${RPI3_64_BIS_KERNEL_URL:=https://github.com/sakaki-/bcmrpi3-kernel-bis/releases/download/4.14.80.20181113/bcmrpi3-kernel-bis-4.14.80.20181113.tar.xz}
70 RPI3_64_BIS_KERNEL_URL=${RPI3_64_BIS_KERNEL_URL:=https://github.com/sakaki-/bcmrpi3-kernel-bis/releases/download/4.14.80.20181113/bcmrpi3-kernel-bis-4.14.80.20181113.tar.xz}
71 RPI3_64_BIS_KERNEL_URL=${RPI3_64_BIS_KERNEL_URL:=https://github.com/sakaki-/bcmrpi3-kernel-bis/releases/download/4.19.80.20191022/bcmrpi3-kernel-bis-4.19.80.20191022.tar.xz}
68 # Default precompiled 64bit kernel
72 # Default precompiled 64bit kernel
69 RPI3_64_DEF_KERNEL_URL=${RPI3_64_DEF_KERNEL_URL:=https://github.com/sakaki-/bcmrpi3-kernel/releases/download/4.14.80.20181113/bcmrpi3-kernel-4.14.80.20181113.tar.xz}
73 RPI3_64_DEF_KERNEL_URL=${RPI3_64_DEF_KERNEL_URL:=https://github.com/sakaki-/bcmrpi3-kernel/releases/download/4.14.80.20181113/bcmrpi3-kernel-4.14.80.20181113.tar.xz}
74 RPI3_64_DEF_KERNEL_URL=${RPI3_64_DEF_KERNEL_URL:=https://github.com/sakaki-/bcmrpi3-kernel/releases/download/4.19.80.20191022/bcmrpi3-kernel-4.19.80.20191022.tar.xz}
75 # Sakaki BIS Kernel RPI4 - https://github.com/sakaki-/bcm2711-kernel-bis
76 RPI4_64_BIS_KERNEL_URL=${RPI4_64_BIS_KERNEL_URL:=https://github.com/sakaki-/bcm2711-kernel-bis/releases/download/4.19.59.20190724/bcm2711-kernel-bis-4.19.59.20190724.tar.xz}
77 # Default precompiled 64bit kernel - https://github.com/sakaki-/bcm2711-kernel
78 RPI4_64_DEF_KERNEL_URL=${RPI4_64_DEF_KERNEL_URL:=https://github.com/sakaki-/bcm2711-kernel-bis/releases/download/4.19.59.20190724/bcm2711-kernel-bis-4.19.59.20190724.tar.xz}
70 # Generic
79 # Generic
71 RPI3_64_KERNEL_URL=${RPI3_64_KERNEL_URL:=$RPI3_64_DEF_KERNEL_URL}
80 RPI3_64_KERNEL_URL=${RPI3_64_KERNEL_URL:=$RPI3_64_DEF_KERNEL_URL}
81 RPI4_64_KERNEL_URL=${RPI4_64_KERNEL_URL:=$RPI4_64_DEF_KERNEL_URL}
72 # Kali kernel src - used if ENABLE_NEXMON=true (they patch the wlan kernel modul)
82 # Kali kernel src - used if ENABLE_NEXMON=true (they patch the wlan kernel modul)
73 KALI_KERNEL_URL=${KALI_KERNEL_URL:=https://github.com/Re4son/re4son-raspberrypi-linux.git}
83 KALI_KERNEL_URL=${KALI_KERNEL_URL:=https://github.com/Re4son/re4son-raspberrypi-linux.git}
74
84
@@ -191,6 +201,10 KERNEL_BPF=${KERNEL_BPF:=false}
191 KERNEL_DEFAULT_GOV=${KERNEL_DEFAULT_GOV:=ondemand}
201 KERNEL_DEFAULT_GOV=${KERNEL_DEFAULT_GOV:=ondemand}
192 KERNEL_SECURITY=${KERNEL_SECURITY:=false}
202 KERNEL_SECURITY=${KERNEL_SECURITY:=false}
193 KERNEL_NF=${KERNEL_NF:=false}
203 KERNEL_NF=${KERNEL_NF:=false}
204 KERNEL_DHKEY=${KERNEL_DHKEY:=true}
205 KERNEL_BTRFS=${KERNEL_BTRFS:=false}
206 KERNEL_NSPAN=${KERNEL_NSPAN:=false}
207 KERNEL_POEHAT=${KERNEL_POEHAT:=false}
194
208
195 # Kernel compilation from source directory settings
209 # Kernel compilation from source directory settings
196 KERNELSRC_DIR=${KERNELSRC_DIR:=""}
210 KERNELSRC_DIR=${KERNELSRC_DIR:=""}
@@ -213,6 +227,8 ENABLE_CRYPTFS=${ENABLE_CRYPTFS:=false}
213 CRYPTFS_PASSWORD=${CRYPTFS_PASSWORD:=""}
227 CRYPTFS_PASSWORD=${CRYPTFS_PASSWORD:=""}
214 CRYPTFS_MAPPING=${CRYPTFS_MAPPING:="secure"}
228 CRYPTFS_MAPPING=${CRYPTFS_MAPPING:="secure"}
215 CRYPTFS_CIPHER=${CRYPTFS_CIPHER:="aes-xts-plain64:sha512"}
229 CRYPTFS_CIPHER=${CRYPTFS_CIPHER:="aes-xts-plain64:sha512"}
230 CRYPTFS_CIPHER=${CRYPTFS_CIPHER:="aes-xts-plain64"}
231 CRYPTFS_HASH=${CRYPTFS_HASH:="sha512"}
216 CRYPTFS_XTSKEYSIZE=${CRYPTFS_XTSKEYSIZE:=512}
232 CRYPTFS_XTSKEYSIZE=${CRYPTFS_XTSKEYSIZE:=512}
217 #Dropbear-initramfs supports unlocking encrypted filesystem via SSH on bootup
233 #Dropbear-initramfs supports unlocking encrypted filesystem via SSH on bootup
218 CRYPTFS_DROPBEAR=${CRYPTFS_DROPBEAR:=false}
234 CRYPTFS_DROPBEAR=${CRYPTFS_DROPBEAR:=false}
@@ -225,12 +241,14 CHROOT_SCRIPTS=${CHROOT_SCRIPTS:=""}
225 # Packages required in the chroot build environment
241 # Packages required in the chroot build environment
226 APT_INCLUDES=${APT_INCLUDES:=""}
242 APT_INCLUDES=${APT_INCLUDES:=""}
227 APT_INCLUDES="${APT_INCLUDES},apt-transport-https,apt-utils,ca-certificates,debian-archive-keyring,dialog,sudo,systemd,sysvinit-utils,locales,keyboard-configuration,console-setup,libnss-systemd"
243 APT_INCLUDES="${APT_INCLUDES},apt-transport-https,apt-utils,ca-certificates,debian-archive-keyring,dialog,sudo,systemd,sysvinit-utils,locales,keyboard-configuration,console-setup,libnss-systemd"
244 APT_INCLUDES="${APT_INCLUDES},flex,bison,libssl-dev,apt-transport-https,apt-utils,ca-certificates,debian-archive-keyring,dialog,sudo,systemd,sysvinit-utils,locales,keyboard-configuration,console-setup,libnss-systemd"
228
245
229 # Packages to exclude from chroot build environment
246 # Packages to exclude from chroot build environment
230 APT_EXCLUDES=${APT_EXCLUDES:=""}
247 APT_EXCLUDES=${APT_EXCLUDES:=""}
231
248
232 # Packages required for bootstrapping
249 # Packages required for bootstrapping
233 REQUIRED_PACKAGES="debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git bc psmisc dbus sudo"
250 REQUIRED_PACKAGES="debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git bc psmisc dbus sudo"
251 REQUIRED_PACKAGES="debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git bc psmisc dbus bison flex libssl-dev sudo"
234 MISSING_PACKAGES=""
252 MISSING_PACKAGES=""
235
253
236 # Packages installed for c/c++ build environment in chroot (keep empty)
254 # Packages installed for c/c++ build environment in chroot (keep empty)
@@ -289,13 +307,16 if [ -n "$SET_ARCH" ] ; then
289 if [ "$RPI_MODEL" = 2 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] || [ "$RPI_MODEL" = 4 ] ; then
307 if [ "$RPI_MODEL" = 2 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] || [ "$RPI_MODEL" = 4 ] ; then
290 if [ "$RPI_MODEL" != 4 ] ; then
308 if [ "$RPI_MODEL" != 4 ] ; then
291 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcm2709_defconfig}
309 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcm2709_defconfig}
310 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel7.img}
292 else
311 else
293 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcm2711_defconfig}
312 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcm2711_defconfig}
313 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel7l.img}
294 fi
314 fi
295
315
296 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-armhf"
316 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-armhf"
297 RELEASE_ARCH=${RELEASE_ARCH:=armhf}
317 RELEASE_ARCH=${RELEASE_ARCH:=armhf}
298 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel7.img}
318 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel7.img}
319
299 CROSS_COMPILE=${CROSS_COMPILE:=arm-linux-gnueabihf-}
320 CROSS_COMPILE=${CROSS_COMPILE:=arm-linux-gnueabihf-}
300 fi
321 fi
301 fi
322 fi
@@ -386,6 +407,7 fi
386 # Add deps for nexmon
407 # Add deps for nexmon
387 if [ "$ENABLE_NEXMON" = true ] ; then
408 if [ "$ENABLE_NEXMON" = true ] ; then
388 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} libgmp3-dev gawk qpdf bison flex make autoconf automake build-essential libtool"
409 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} libgmp3-dev gawk qpdf bison flex make autoconf automake build-essential libtool"
410 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} libgmp3-dev gawk qpdf make autoconf automake build-essential libtool"
389 fi
411 fi
390
412
391 # Add libncurses5 to enable kernel menuconfig
413 # Add libncurses5 to enable kernel menuconfig
@@ -402,6 +424,7 fi
402 if [ "$ENABLE_CRYPTFS" = true ] && [ "$BUILD_KERNEL" = true ] ; then
424 if [ "$ENABLE_CRYPTFS" = true ] && [ "$BUILD_KERNEL" = true ] ; then
403 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} cryptsetup"
425 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} cryptsetup"
404 APT_INCLUDES="${APT_INCLUDES},cryptsetup,busybox,console-setup"
426 APT_INCLUDES="${APT_INCLUDES},cryptsetup,busybox,console-setup"
427 APT_INCLUDES="${APT_INCLUDES},cryptsetup,busybox,console-setup,cryptsetup-initramfs"
405
428
406 # If cryptfs,dropbear and initramfs are enabled include dropbear-initramfs package
429 # If cryptfs,dropbear and initramfs are enabled include dropbear-initramfs package
407 if [ "$CRYPTFS_DROPBEAR" = true ] && [ "$ENABLE_INITRAMFS" = true ]; then
430 if [ "$CRYPTFS_DROPBEAR" = true ] && [ "$ENABLE_INITRAMFS" = true ]; then
@@ -471,6 +494,7 if [ -n "$MISSING_PACKAGES" ] ; then
471
494
472 # Make sure all missing required packages are installed
495 # Make sure all missing required packages are installed
473 apt-get -qq -y install `echo "${MISSING_PACKAGES}" | sed "s/ //"`
496 apt-get -qq -y install `echo "${MISSING_PACKAGES}" | sed "s/ //"`
497 apt-get update && apt-get -qq -y install `echo "${MISSING_PACKAGES}" | sed "s/ //"`
474 fi
498 fi
475
499
476 # Check if ./bootstrap.d directory exists
500 # Check if ./bootstrap.d directory exists
@@ -823,6 +847,7 if [ "$ENABLE_CRYPTFS" = true ] ; then
823
847
824 # Initialize encrypted partition
848 # Initialize encrypted partition
825 echo "YES" | cryptsetup luksFormat "${ROOT_LOOP}" -c "${CRYPTFS_CIPHER}" -s "${CRYPTFS_XTSKEYSIZE}" .password
849 echo "YES" | cryptsetup luksFormat "${ROOT_LOOP}" -c "${CRYPTFS_CIPHER}" -s "${CRYPTFS_XTSKEYSIZE}" .password
850 cryptsetup --verbose --debug -q luksFormat "${ROOT_LOOP}" -c "${CRYPTFS_CIPHER}" -h "${CRYPTFS_HASH}" -s "${CRYPTFS_XTSKEYSIZE}" .password
826
851
827 # Open encrypted partition and setup mapping
852 # Open encrypted partition and setup mapping
828 cryptsetup luksOpen "${ROOT_LOOP}" -d .password "${CRYPTFS_MAPPING}"
853 cryptsetup luksOpen "${ROOT_LOOP}" -d .password "${CRYPTFS_MAPPING}"
General Comments 0
Vous devez vous connecter pour laisser un commentaire. Se connecter maintenant