##// END OF EJS Templates
Merge pull request #157 from burnbabyburn/test...
drtyhlpr -
r361:bf57bfb56e3d Fusion
parent child
Show More
@@ -0,0 +1,33
1 #
2 # Setup videocore - Raspberry Userland
3 #
4
5 # Load utility functions
6 . ./functions.sh
7
8 if [ "$ENABLE_VIDEOCORE" = true ] ; then
9 # Copy existing videocore sources into chroot directory
10 if [ -n "$VIDEOCORESRC_DIR" ] && [ -d "$VIDEOCORESRC_DIR" ] ; then
11 # Copy local U-Boot sources
12 cp -r "${VIDEOCORESRC_DIR}" "${R}/tmp"
13 else
14 # Create temporary directory for U-Boot sources
15 temp_dir=$(as_nobody mktemp -d)
16
17 # Fetch U-Boot sources
18 as_nobody git -C "${temp_dir}" clone "${VIDEOCORE_URL}"
19
20 # Copy downloaded U-Boot sources
21 mv "${temp_dir}/userland" "${R}/tmp/"
22
23 # Set permissions of the U-Boot sources
24 chown -R root:root "${R}/tmp/userland"
25
26 # Remove temporary directory for U-Boot sources
27 rm -fr "${temp_dir}"
28 fi
29
30 cmake -DCMAKE_SYSTEM_NAME=Linux -DCMAKE_BUILD_TYPE=release -DARM64=ON -DCMAKE_C_COMPILER=aarch64-linux-gnu-gcc -DCMAKE_CXX_COMPILER=aarch64-linux-gnu-g++ -DCMAKE_ASM_COMPILER=aarch64-linux-gnu-gcc -DVIDEOCORE_BUILD_DIR="${R}"/opt/vc
31 make -j "$(nproc)"
32 chroot_exec PATH="${PATH}":/opt/vc/bin
33 fi
@@ -1,493 +1,499
1 1 # rpi23-gen-image
2 2 ## Introduction
3 3 `rpi23-gen-image.sh` is an advanced Debian Linux bootstrapping shell script for generating Debian OS images for Raspberry Pi 2 (RPi2) and Raspberry Pi 3 (RPi3) computers. The script at this time supports the bootstrapping of the Debian (armhf) releases `jessie`, `stretch` and `buster`. Raspberry Pi 3 images are generated for 32-bit mode only. Raspberry Pi 3 64-bit images can be generated using custom configuration parameters (```templates/rpi3-stretch-arm64-4.11.y```).
4 4
5 5 ## Build dependencies
6 6 The following list of Debian packages must be installed on the build system because they are essentially required for the bootstrapping process. The script will check if all required packages are installed and missing packages will be installed automatically if confirmed by the user.
7 7
8 8 ```debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git bc psmisc dbus sudo```
9 9
10 10 It is recommended to configure the `rpi23-gen-image.sh` script to build and install the latest Raspberry Pi Linux kernel. For the RPi3 this is mandatory. Kernel compilation and linking will be performed on the build system using an ARM (armhf) cross-compiler toolchain.
11 11
12 12 The script has been tested using the default `crossbuild-essential-armhf` toolchain meta package on Debian Linux `jessie` and `stretch` build systems. Please check the [Debian CrossToolchains Wiki](https://wiki.debian.org/CrossToolchains) for further information.
13 13
14 14 If a Debian Linux `jessie` build system is used it will be required to add the [Debian Cross-toolchains repository](http://emdebian.org/tools/debian/) first:
15 15
16 16 ```
17 17 echo "deb http://emdebian.org/tools/debian/ jessie main" > /etc/apt/sources.list.d/crosstools.list
18 18 sudo -u nobody wget -O - http://emdebian.org/tools/debian/emdebian-toolchain-archive.key | apt-key add -
19 19 dpkg --add-architecture armhf
20 20 apt-get update
21 21 ```
22 22
23 23 ## Command-line parameters
24 24 The script accepts certain command-line parameters to enable or disable specific OS features, services and configuration settings. These parameters are passed to the `rpi23-gen-image.sh` script via (simple) shell-variables. Unlike environment shell-variables (simple) shell-variables are defined at the beginning of the command-line call of the `rpi23-gen-image.sh` script.
25 25
26 26 ##### Command-line examples:
27 27 ```shell
28 28 ENABLE_UBOOT=true ./rpi23-gen-image.sh
29 29 ENABLE_CONSOLE=false ENABLE_IPV6=false ./rpi23-gen-image.sh
30 30 ENABLE_WM=xfce4 ENABLE_FBTURBO=true ENABLE_MINBASE=true ./rpi23-gen-image.sh
31 31 ENABLE_HARDNET=true ENABLE_IPTABLES=true /rpi23-gen-image.sh
32 32 APT_SERVER=ftp.de.debian.org APT_PROXY="http://127.0.0.1:3142/" ./rpi23-gen-image.sh
33 33 ENABLE_MINBASE=true ./rpi23-gen-image.sh
34 34 BUILD_KERNEL=true ENABLE_MINBASE=true ENABLE_IPV6=false ./rpi23-gen-image.sh
35 35 BUILD_KERNEL=true KERNELSRC_DIR=/tmp/linux ./rpi23-gen-image.sh
36 36 ENABLE_MINBASE=true ENABLE_REDUCE=true ENABLE_MINGPU=true BUILD_KERNEL=true ./rpi23-gen-image.sh
37 37 ENABLE_CRYPTFS=true CRYPTFS_PASSWORD=changeme EXPANDROOT=false ENABLE_MINBASE=true ENABLE_REDUCE=true ENABLE_MINGPU=true BUILD_KERNEL=true ./rpi23-gen-image.sh
38 38 RELEASE=stretch BUILD_KERNEL=true ./rpi23-gen-image.sh
39 39 RPI_MODEL=3 ENABLE_WIRELESS=true ENABLE_MINBASE=true BUILD_KERNEL=true ./rpi23-gen-image.sh
40 40 RELEASE=stretch RPI_MODEL=3 ENABLE_WIRELESS=true ENABLE_MINBASE=true BUILD_KERNEL=true ./rpi23-gen-image.sh
41 41 ```
42 42
43 43 ## Configuration template files
44 44 To avoid long lists of command-line parameters and to help to store the favourite parameter configurations the `rpi23-gen-image.sh` script supports so called configuration template files (`CONFIG_TEMPLATE`=template). These are simple text files located in the `./templates` directory that contain the list of configuration parameters that will be used. New configuration template files can be added to the `./templates` directory.
45 45
46 46 ##### Command-line examples:
47 47 ```shell
48 48 CONFIG_TEMPLATE=rpi3stretch ./rpi23-gen-image.sh
49 49 CONFIG_TEMPLATE=rpi2stretch ./rpi23-gen-image.sh
50 50 ```
51 51
52 52 ## Supported parameters and settings
53 53 #### APT settings:
54 54 ##### `APT_SERVER`="ftp.debian.org"
55 55 Set Debian packages server address. Choose a server from the list of Debian worldwide [mirror sites](https://www.debian.org/mirror/list). Using a nearby server will probably speed-up all required downloads within the bootstrapping process.
56 56
57 57 ##### `APT_PROXY`=""
58 58 Set Proxy server address. Using a local Proxy-Cache like `apt-cacher-ng` will speed-up the bootstrapping process because all required Debian packages will only be downloaded from the Debian mirror site once.
59 59
60 60 ##### `APT_INCLUDES`=""
61 61 A comma separated list of additional packages to be installed by debootstrap during bootstrapping.
62 62
63 63 ##### `APT_INCLUDES_LATE`=""
64 64 A comma separated list of additional packages to be installed by apt after bootstrapping and after APT sources are set up. This is useful for packages with pre-depends, which debootstrap do not handle well.
65 65
66 66 ---
67 67
68 68 #### General system settings:
69 69 ##### `RPI_MODEL`=2
70 70 Specifiy the target Raspberry Pi hardware model. The script at this time supports the following Raspberry Pi models:
71 71 `0` = Used for Raspberry Pi 0 and Raspberry Pi 0 W
72 72 `1` = Used for Pi 1 model A and B
73 73 `1P` = Used for Pi 1 model B+ and A+
74 74 `2` = Used for Pi 2 model B
75 75 `3` = Used for Pi 3 model B
76 76 `3P` = Used for Pi 3 model B+
77 77 `BUILD_KERNEL`=true will automatically be set if the Raspberry Pi model `3` or `3P` is used.
78 78
79 79 ##### `RELEASE`="jessie"
80 80 Set the desired Debian release name. The script at this time supports the bootstrapping of the Debian releases "jessie", "stretch" and "buster". `BUILD_KERNEL`=true will automatically be set if the Debian releases `stretch` or `buster` are used.
81 81
82 82 ##### `RELEASE_ARCH`="armhf"
83 83 Set the desired Debian release architecture.
84 84
85 85 ##### `HOSTNAME`="rpi$RPI_MODEL-$RELEASE"
86 86 Set system host name. It's recommended that the host name is unique in the corresponding subnet.
87 87
88 88 ##### `PASSWORD`="raspberry"
89 89 Set system `root` password. It's **STRONGLY** recommended that you choose a custom password.
90 90
91 91 ##### `USER_PASSWORD`="raspberry"
92 92 Set password for the created non-root user `USER_NAME`=pi. Ignored if `ENABLE_USER`=false. It's **STRONGLY** recommended that you choose a custom password.
93 93
94 94 ##### `DEFLOCAL`="en_US.UTF-8"
95 95 Set default system locale. This setting can also be changed inside the running OS using the `dpkg-reconfigure locales` command. Please note that on using this parameter the script will automatically install the required packages `locales`, `keyboard-configuration` and `console-setup`.
96 96
97 97 ##### `TIMEZONE`="Europe/Berlin"
98 98 Set default system timezone. All available timezones can be found in the `/usr/share/zoneinfo/` directory. This setting can also be changed inside the running OS using the `dpkg-reconfigure tzdata` command.
99 99
100 100 ##### `EXPANDROOT`=true
101 101 Expand the root partition and filesystem automatically on first boot.
102 102
103 103 ##### `ENABLE_QEMU`=false
104 104 Generate kernel (`vexpress_defconfig`), file system image (`qcow2`) and DTB files that can be used for QEMU full system emulation (`vexpress-A15`). The output files are stored in the `$(pwd)/images/qemu` directory. You can find more information about running the generated image in the QEMU section of this readme file.
105 105
106 106 ---
107 107
108 108 #### Keyboard settings:
109 109 These options are used to configure keyboard layout in `/etc/default/keyboard` for console and Xorg. These settings can also be changed inside the running OS using the `dpkg-reconfigure keyboard-configuration` command.
110 110
111 111 ##### `XKB_MODEL`=""
112 112 Set the name of the model of your keyboard type.
113 113
114 114 ##### `XKB_LAYOUT`=""
115 115 Set the supported keyboard layout(s).
116 116
117 117 ##### `XKB_VARIANT`=""
118 118 Set the supported variant(s) of the keyboard layout(s).
119 119
120 120 ##### `XKB_OPTIONS`=""
121 121 Set extra xkb configuration options.
122 122
123 123 ---
124 124
125 125 #### Networking settings (DHCP):
126 126 This parameter is used to set up networking auto configuration in `/etc/systemd/network/eth.network`. The default location of network configuration files in the Debian `stretch` release was changed to `/lib/systemd/network`.`
127 127
128 128 ##### `ENABLE_DHCP`=true
129 129 Set the system to use DHCP. This requires an DHCP server.
130 130
131 131 ---
132 132
133 133 #### Networking settings (static):
134 134 These parameters are used to set up a static networking configuration in `/etc/systemd/network/eth.network`. The following static networking parameters are only supported if `ENABLE_DHCP` was set to `false`. The default location of network configuration files in the Debian `stretch` release was changed to `/lib/systemd/network`.
135 135
136 136 ##### `NET_ADDRESS`=""
137 137 Set a static IPv4 or IPv6 address and its prefix, separated by "/", eg. "192.169.0.3/24".
138 138
139 139 ##### `NET_GATEWAY`=""
140 140 Set the IP address for the default gateway.
141 141
142 142 ##### `NET_DNS_1`=""
143 143 Set the IP address for the first DNS server.
144 144
145 145 ##### `NET_DNS_2`=""
146 146 Set the IP address for the second DNS server.
147 147
148 148 ##### `NET_DNS_DOMAINS`=""
149 149 Set the default DNS search domains to use for non fully qualified host names.
150 150
151 151 ##### `NET_NTP_1`=""
152 152 Set the IP address for the first NTP server.
153 153
154 154 ##### `NET_NTP_2`=""
155 155 Set the IP address for the second NTP server.
156 156
157 157 ---
158 158
159 159 #### Basic system features:
160 160 ##### `ENABLE_CONSOLE`=true
161 161 Enable serial console interface. Recommended if no monitor or keyboard is connected to the RPi2/3. In case of problems fe. if the network (auto) configuration failed - the serial console can be used to access the system.
162 162
163 163 ##### `ENABLE_I2C`=false
164 164 Enable I2C interface on the RPi2/3. Please check the [RPi2/3 pinout diagrams](https://elinux.org/RPi_Low-level_peripherals) to connect the right GPIO pins.
165 165
166 166 ##### `ENABLE_SPI`=false
167 167 Enable SPI interface on the RPi2/3. Please check the [RPi2/3 pinout diagrams](https://elinux.org/RPi_Low-level_peripherals) to connect the right GPIO pins.
168 168
169 169 ##### `ENABLE_IPV6`=true
170 170 Enable IPv6 support. The network interface configuration is managed via systemd-networkd.
171 171
172 172 ##### `ENABLE_SSHD`=true
173 173 Install and enable OpenSSH service. The default configuration of the service doesn't allow `root` to login. Please use the user `pi` instead and `su -` or `sudo` to execute commands as root.
174 174
175 175 ##### `ENABLE_NONFREE`=false
176 176 Allow the installation of non-free Debian packages that do not comply with the DFSG. This is required to install closed-source firmware binary blobs.
177 177
178 178 ##### `ENABLE_WIRELESS`=false
179 179 Download and install the [closed-source firmware binary blob](https://github.com/RPi-Distro/firmware-nonfree/raw/master/brcm) that is required to run the internal wireless interface of the Raspberry Pi model `3`. This parameter is ignored if the specified `RPI_MODEL` is not `3`.
180 180
181 181 ##### `ENABLE_RSYSLOG`=true
182 182 If set to false, disable and uninstall rsyslog (so logs will be available only
183 183 in journal files)
184 184
185 185 ##### `ENABLE_SOUND`=true
186 186 Enable sound hardware and install Advanced Linux Sound Architecture.
187 187
188 188 ##### `ENABLE_HWRANDOM`=true
189 189 Enable Hardware Random Number Generator. Strong random numbers are important for most network based communications that use encryption. It's recommended to be enabled.
190 190
191 191 ##### `ENABLE_MINGPU`=false
192 192 Minimize the amount of shared memory reserved for the GPU. It doesn't seem to be possible to fully disable the GPU.
193 193
194 194 ##### `ENABLE_DBUS`=true
195 195 Install and enable D-Bus message bus. Please note that systemd should work without D-bus but it's recommended to be enabled.
196 196
197 197 ##### `ENABLE_XORG`=false
198 198 Install Xorg open-source X Window System.
199 199
200 200 ##### `ENABLE_WM`=""
201 201 Install a user defined window manager for the X Window System. To make sure all X related package dependencies are getting installed `ENABLE_XORG` will automatically get enabled if `ENABLE_WM` is used. The `rpi23-gen-image.sh` script has been tested with the following list of window managers: `blackbox`, `openbox`, `fluxbox`, `jwm`, `dwm`, `xfce4`, `awesome`.
202 202
203 203 ##### `ENABLE_SYSVINIT`=false
204 204 Support for halt,init,poweroff,reboot,runlevel,shutdown,telinit commands
205 205
206 206 ---
207 207
208 208 #### Advanced system features:
209 209 ##### `ENABLE_MINBASE`=false
210 210 Use debootstrap script variant `minbase` which only includes essential packages and apt. This will reduce the disk usage by about 65 MB.
211 211
212 212 ##### `ENABLE_REDUCE`=false
213 213 Reduce the disk space usage by deleting packages and files. See `REDUCE_*` parameters for detailed information.
214 214
215 215 ##### `ENABLE_UBOOT`=false
216 216 Replace the default RPi2/3 second stage bootloader (bootcode.bin) with [U-Boot bootloader](https://git.denx.de/?p=u-boot.git;a=summary). U-Boot can boot images via the network using the BOOTP/TFTP protocol.
217 217
218 218 ##### `UBOOTSRC_DIR`=""
219 219 Path to a directory (`u-boot`) of [U-Boot bootloader sources](https://git.denx.de/?p=u-boot.git;a=summary) that will be copied, configured, build and installed inside the chroot.
220 220
221 221 ##### `ENABLE_FBTURBO`=false
222 222 Install and enable the [hardware accelerated Xorg video driver](https://github.com/ssvb/xf86-video-fbturbo) `fbturbo`. Please note that this driver is currently limited to hardware accelerated window moving and scrolling.
223 223
224 224 ##### `FBTURBOSRC_DIR`=""
225 225 Path to a directory (`xf86-video-fbturbo`) of [hardware accelerated Xorg video driver sources](https://github.com/ssvb/xf86-video-fbturbo) that will be copied, configured, build and installed inside the chroot.
226 226
227 ##### `ENABLE_VIDEOCORE`=false
228 Install and enable the [Source code for ARM side libraries for interfacing to Raspberry Pi GPU](https://github.com/raspberrypi/userland) `vcgencmd`. Please note that this driver is currently limited to hardware accelerated window moving and scrolling.
229
230 ##### `VIDEOCORESRC_DIR`=""
231 Path to a directory (`userland`) of [Source code for ARM side libraries for interfacing to Raspberry Pi GPU](https://github.com/raspberrypi/userland) that will be copied, configured, build and installed inside the chroot.
232
227 233 ##### `ENABLE_IPTABLES`=false
228 234 Enable iptables IPv4/IPv6 firewall. Simplified ruleset: Allow all outgoing connections. Block all incoming connections except to OpenSSH service.
229 235
230 236 ##### `ENABLE_USER`=true
231 237 Create non-root user with password `USER_PASSWORD`=raspberry. Unless overridden with `USER_NAME`=user, username will be `pi`.
232 238
233 239 ##### `USER_NAME`=pi
234 240 Non-root user to create. Ignored if `ENABLE_USER`=false
235 241
236 242 ##### `ENABLE_ROOT`=false
237 243 Set root user password so root login will be enabled
238 244
239 245 ##### `ENABLE_HARDNET`=false
240 246 Enable IPv4/IPv6 network stack hardening settings.
241 247
242 248 ##### `ENABLE_SPLITFS`=false
243 249 Enable having root partition on an USB drive by creating two image files: one for the `/boot/firmware` mount point, and another for `/`.
244 250
245 251 ##### `CHROOT_SCRIPTS`=""
246 252 Path to a directory with scripts that should be run in the chroot before the image is finally built. Every executable file in this directory is run in lexicographical order.
247 253
248 254 ##### `ENABLE_INITRAMFS`=false
249 255 Create an initramfs that that will be loaded during the Linux startup process. `ENABLE_INITRAMFS` will automatically get enabled if `ENABLE_CRYPTFS`=true. This parameter will be ignored if `BUILD_KERNEL`=false.
250 256
251 257 ##### `ENABLE_IFNAMES`=true
252 258 Enable automatic assignment of predictable, stable network interface names for all local Ethernet, WLAN interfaces. This might create complex and long interface names. This parameter is only supported if the Debian releases `stretch` or `buster` are used.
253 259
254 260 ##### `DISABLE_UNDERVOLT_WARNINGS`=
255 261 Disable RPi2/3 under-voltage warnings and overlays. Setting the parameter to `1` will disable the warning overlay. Setting it to `2` will additionally allow RPi2/3 turbo mode when low-voltage is present.
256 262
257 263 ---
258 264
259 265 #### SSH settings:
260 266 ##### `SSH_ENABLE_ROOT`=false
261 267 Enable password root login via SSH. This may be a security risk with default password, use only in trusted environments. `ENABLE_ROOT` must be set to `true`.
262 268
263 269 ##### `SSH_DISABLE_PASSWORD_AUTH`=false
264 270 Disable password based SSH authentication. Only public key based SSH (v2) authentication will be supported.
265 271
266 272 ##### `SSH_LIMIT_USERS`=false
267 273 Limit the users that are allowed to login via SSH. Only allow user `USER_NAME`=pi and root if `SSH_ENABLE_ROOT`=true to login. This parameter will be ignored if `dropbear` SSH is used (`REDUCE_SSHD`=true).
268 274
269 275 ##### `SSH_ROOT_PUB_KEY`=""
270 276 Add SSH (v2) public key(s) from specified file to `authorized_keys` file to enable public key based SSH (v2) authentication of user `root`. The specified file can also contain multiple SSH (v2) public keys. SSH protocol version 1 is not supported. `ENABLE_ROOT` **and** `SSH_ENABLE_ROOT` must be set to `true`.
271 277
272 278 ##### `SSH_USER_PUB_KEY`=""
273 279 Add SSH (v2) public key(s) from specified file to `authorized_keys` file to enable public key based SSH (v2) authentication of user `USER_NAME`=pi. The specified file can also contain multiple SSH (v2) public keys. SSH protocol version 1 is not supported.
274 280
275 281 ---
276 282
277 283 #### Kernel compilation:
278 284 ##### `BUILD_KERNEL`=false
279 285 Build and install the latest RPi2/3 Linux kernel. Currently only the default RPi2/3 kernel configuration is used. `BUILD_KERNEL`=true will automatically be set if the Raspberry Pi model `3` is used.
280 286
281 287 ##### `CROSS_COMPILE`="arm-linux-gnueabihf-"
282 288 This sets the cross compile enviornment for the compiler.
283 289
284 290 ##### `KERNEL_ARCH`="arm"
285 291 This sets the kernel architecture for the compiler.
286 292
287 293 ##### `KERNEL_IMAGE`="kernel7.img"
288 294 Name of the image file in the boot partition. If not set, `KERNEL_IMAGE` will be set to "kernel8.img" automatically if building for arm64.
289 295
290 296 ##### `KERNEL_BRANCH`=""
291 297 Name of the requested branch from the GIT location for the RPi Kernel. Default is using the current default branch from the GIT site.
292 298
293 299 ##### `QEMU_BINARY`="/usr/bin/qemu-arm-static"
294 300 Sets the QEMU enviornment for the Debian archive. If not set, `QEMU_BINARY` will be set to "/usr/bin/qemu-aarch64-static" automatically if building for arm64.
295 301
296 302 ##### `KERNEL_DEFCONFIG`="bcm2709_defconfig"
297 303 Sets the default config for kernel compiling. If not set, `KERNEL_DEFCONFIG` will be set to "bcmrpi3\_defconfig" automatically if building for arm64.
298 304
299 305 ##### `KERNEL_REDUCE`=false
300 306 Reduce the size of the generated kernel by removing unwanted device, network and filesystem drivers (experimental).
301 307
302 308 ##### `KERNEL_THREADS`=1
303 309 Number of parallel kernel building threads. If the parameter is left untouched the script will automatically determine the number of CPU cores to set the number of parallel threads to speed the kernel compilation.
304 310
305 311 ##### `KERNEL_HEADERS`=true
306 312 Install kernel headers with built kernel.
307 313
308 314 ##### `KERNEL_MENUCONFIG`=false
309 315 Start `make menuconfig` interactive menu-driven kernel configuration. The script will continue after `make menuconfig` was terminated.
310 316
311 317 ##### `KERNEL_OLDDEFCONFIG`=false
312 318 Run `make olddefconfig` to automatically set all new kernel configuration options to their recommended default values.
313 319
314 320 ##### `KERNEL_CCACHE`=false
315 321 Compile the kernel using ccache. This speeds up kernel recompilation by caching previous compilations and detecting when the same compilation is being done again.
316 322
317 323 ##### `KERNEL_REMOVESRC`=true
318 324 Remove all kernel sources from the generated OS image after it was built and installed.
319 325
320 326 ##### `KERNELSRC_DIR`=""
321 327 Path to a directory (`linux`) of [RaspberryPi Linux kernel sources](https://github.com/raspberrypi/linux) that will be copied, configured, build and installed inside the chroot.
322 328
323 329 ##### `KERNELSRC_CLEAN`=false
324 330 Clean the existing kernel sources directory `KERNELSRC_DIR` (using `make mrproper`) after it was copied to the chroot and before the compilation of the kernel has started. This parameter will be ignored if no `KERNELSRC_DIR` was specified or if `KERNELSRC_PREBUILT`=true.
325 331
326 332 ##### `KERNELSRC_CONFIG`=true
327 333 Run `make bcm2709_defconfig` (and optional `make menuconfig`) to configure the kernel sources before building. This parameter is automatically set to `true` if no existing kernel sources directory was specified using `KERNELSRC_DIR`. This parameter is ignored if `KERNELSRC_PREBUILT`=true.
328 334
329 335 ##### `KERNELSRC_USRCONFIG`=""
330 336 Copy own config file to kernel `.config`. If `KERNEL_MENUCONFIG`=true then running after copy.
331 337
332 338 ##### `KERNELSRC_PREBUILT`=false
333 339 With this parameter set to true the script expects the existing kernel sources directory to be already successfully cross-compiled. The parameters `KERNELSRC_CLEAN`, `KERNELSRC_CONFIG`, `KERNELSRC_USRCONFIG` and `KERNEL_MENUCONFIG` are ignored and no kernel compilation tasks are performed.
334 340
335 341 ##### `RPI_FIRMWARE_DIR`=""
336 342 The directory (`firmware`) containing a local copy of the firmware from the [RaspberryPi firmware project](https://github.com/raspberrypi/firmware). Default is to download the latest firmware directly from the project.
337 343
338 344 ---
339 345
340 346 #### Reduce disk usage:
341 347 The following list of parameters is ignored if `ENABLE_REDUCE`=false.
342 348
343 349 ##### `REDUCE_APT`=true
344 350 Configure APT to use compressed package repository lists and no package caching files.
345 351
346 352 ##### `REDUCE_DOC`=true
347 353 Remove all doc files (harsh). Configure APT to not include doc files on future `apt-get` package installations.
348 354
349 355 ##### `REDUCE_MAN`=true
350 356 Remove all man pages and info files (harsh). Configure APT to not include man pages on future `apt-get` package installations.
351 357
352 358 ##### `REDUCE_VIM`=false
353 359 Replace `vim-tiny` package by `levee` a tiny vim clone.
354 360
355 361 ##### `REDUCE_BASH`=false
356 362 Remove `bash` package and switch to `dash` shell (experimental).
357 363
358 364 ##### `REDUCE_HWDB`=true
359 365 Remove PCI related hwdb files (experimental).
360 366
361 367 ##### `REDUCE_SSHD`=true
362 368 Replace `openssh-server` with `dropbear`.
363 369
364 370 ##### `REDUCE_LOCALE`=true
365 371 Remove all `locale` translation files.
366 372
367 373 ---
368 374
369 375 #### Encrypted root partition:
370 376 ##### `ENABLE_CRYPTFS`=false
371 377 Enable full system encryption with dm-crypt. Setup a fully LUKS encrypted root partition (aes-xts-plain64:sha512) and generate required initramfs. The /boot directory will not be encrypted. This parameter will be ignored if `BUILD_KERNEL`=false. `ENABLE_CRYPTFS` is experimental. SSH-to-initramfs is currently not supported but will be soon - feel free to help.
372 378
373 379 ##### `CRYPTFS_PASSWORD`=""
374 380 Set password of the encrypted root partition. This parameter is mandatory if `ENABLE_CRYPTFS`=true.
375 381
376 382 ##### `CRYPTFS_MAPPING`="secure"
377 383 Set name of dm-crypt managed device-mapper mapping.
378 384
379 385 ##### `CRYPTFS_CIPHER`="aes-xts-plain64:sha512"
380 386 Set cipher specification string. `aes-xts*` ciphers are strongly recommended.
381 387
382 388 ##### `CRYPTFS_XTSKEYSIZE`=512
383 389 Sets key size in bits. The argument has to be a multiple of 8.
384 390
385 391 ---
386 392
387 393 #### Build settings:
388 394 ##### `BASEDIR`=$(pwd)/images/${RELEASE}
389 395 Set a path to a working directory used by the script to generate an image.
390 396
391 397 ##### `IMAGE_NAME`=${BASEDIR}/${DATE}-${KERNEL_ARCH}-${KERNEL_BRANCH}-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}
392 398 Set a filename for the output file(s). Note: the script will create $IMAGE_NAME.img if `ENABLE_SPLITFS`=false or $IMAGE_NAME-frmw.img and $IMAGE_NAME-root.img if `ENABLE_SPLITFS`=true. Note 2: If the KERNEL_BRANCH is not set, the word "CURRENT" is used.
393 399
394 400 ## Understanding the script
395 401 The functions of this script that are required for the different stages of the bootstrapping are split up into single files located inside the `bootstrap.d` directory. During the bootstrapping every script in this directory gets executed in lexicographical order:
396 402
397 403 | Script | Description |
398 404 | --- | --- |
399 405 | `10-bootstrap.sh` | Debootstrap basic system |
400 406 | `11-apt.sh` | Setup APT repositories |
401 407 | `12-locale.sh` | Setup Locales and keyboard settings |
402 408 | `13-kernel.sh` | Build and install RPi2/3 Kernel |
403 409 | `14-fstab.sh` | Setup fstab and initramfs |
404 410 | `15-rpi-config.sh` | Setup RPi2/3 config and cmdline |
405 411 | `20-networking.sh` | Setup Networking |
406 412 | `21-firewall.sh` | Setup Firewall |
407 413 | `30-security.sh` | Setup Users and Security settings |
408 414 | `31-logging.sh` | Setup Logging |
409 415 | `32-sshd.sh` | Setup SSH and public keys |
410 416 | `41-uboot.sh` | Build and Setup U-Boot |
411 417 | `42-fbturbo.sh` | Build and Setup fbturbo Xorg driver |
412 418 | `50-firstboot.sh` | First boot actions |
413 419 | `99-reduce.sh` | Reduce the disk space usage |
414 420
415 421 All the required configuration files that will be copied to the generated OS image are located inside the `files` directory. It is not recommended to modify these configuration files manually.
416 422
417 423 | Directory | Description |
418 424 | --- | --- |
419 425 | `apt` | APT management configuration files |
420 426 | `boot` | Boot and RPi2/3 configuration files |
421 427 | `dpkg` | Package Manager configuration |
422 428 | `etc` | Configuration files and rc scripts |
423 429 | `firstboot` | Scripts that get executed on first boot |
424 430 | `initramfs` | Initramfs scripts |
425 431 | `iptables` | Firewall configuration files |
426 432 | `locales` | Locales configuration |
427 433 | `modules` | Kernel Modules configuration |
428 434 | `mount` | Fstab configuration |
429 435 | `network` | Networking configuration files |
430 436 | `sysctl.d` | Swapping and Network Hardening configuration |
431 437 | `xorg` | fbturbo Xorg driver configuration |
432 438
433 439 ## Custom packages and scripts
434 440 Debian custom packages, i.e. those not in the debian repositories, can be installed by placing them in the `packages` directory. They are installed immediately after packages from the repositories are installed. Any dependencies listed in the custom packages will be downloaded automatically from the repositories. Do not list these custom packages in `APT_INCLUDES`.
435 441
436 442 Scripts in the custom.d directory will be executed after all other installation is complete but before the image is created.
437 443
438 444 ## Logging of the bootstrapping process
439 445 All information related to the bootstrapping process and the commands executed by the `rpi23-gen-image.sh` script can easily be saved into a logfile. The common shell command `script` can be used for this purpose:
440 446
441 447 ```shell
442 448 script -c 'APT_SERVER=ftp.de.debian.org ./rpi23-gen-image.sh' ./build.log
443 449 ```
444 450
445 451 ## Flashing the image file
446 452 After the image file was successfully created by the `rpi23-gen-image.sh` script it can be copied to the microSD card that will be used by the RPi2/3 computer. This can be performed by using the tools `bmaptool` or `dd`. Using `bmaptool` will probably speed-up the copy process because `bmaptool` copies more wisely than `dd`.
447 453
448 454 ##### Flashing examples:
449 455 ```shell
450 456 bmaptool copy ./images/jessie/2017-01-23-rpi3-jessie.img /dev/mmcblk0
451 457 dd bs=4M if=./images/jessie/2017-01-23-rpi3-jessie.img of=/dev/mmcblk0
452 458 ```
453 459 If you have set `ENABLE_SPLITFS`, copy the `-frmw` image on the microSD card, then the `-root` one on the USB drive:
454 460 ```shell
455 461 bmaptool copy ./images/jessie/2017-01-23-rpi3-jessie-frmw.img /dev/mmcblk0
456 462 bmaptool copy ./images/jessie/2017-01-23-rpi3-jessie-root.img /dev/sdc
457 463 ```
458 464
459 465 ## QEMU emulation
460 466 Start QEMU full system emulation:
461 467 ```shell
462 468 qemu-system-arm -m 2048M -M vexpress-a15 -cpu cortex-a15 -kernel kernel7.img -no-reboot -dtb vexpress-v2p-ca15_a7.dtb -sd ${IMAGE_NAME}.qcow2 -append "root=/dev/mmcblk0p2 rw rootfstype=ext4 console=tty1"
463 469 ```
464 470
465 471 Start QEMU full system emulation and output to console:
466 472 ```shell
467 473 qemu-system-arm -m 2048M -M vexpress-a15 -cpu cortex-a15 -kernel kernel7.img -no-reboot -dtb vexpress-v2p-ca15_a7.dtb -sd ${IMAGE_NAME}.qcow2 -append "root=/dev/mmcblk0p2 rw rootfstype=ext4 console=ttyAMA0,115200 init=/bin/systemd" -serial stdio
468 474 ```
469 475
470 476 Start QEMU full system emulation with SMP and output to console:
471 477 ```shell
472 478 qemu-system-arm -m 2048M -M vexpress-a15 -cpu cortex-a15 -smp cpus=2,maxcpus=2 -kernel kernel7.img -no-reboot -dtb vexpress-v2p-ca15_a7.dtb -sd ${IMAGE_NAME}.qcow2 -append "root=/dev/mmcblk0p2 rw rootfstype=ext4 console=ttyAMA0,115200 init=/bin/systemd" -serial stdio
473 479 ```
474 480
475 481 Start QEMU full system emulation with cryptfs, initramfs and output to console:
476 482 ```shell
477 483 qemu-system-arm -m 2048M -M vexpress-a15 -cpu cortex-a15 -kernel kernel7.img -no-reboot -dtb vexpress-v2p-ca15_a7.dtb -sd ${IMAGE_NAME}.qcow2 -initrd "initramfs-${KERNEL_VERSION}" -append "root=/dev/mapper/secure cryptdevice=/dev/mmcblk0p2:secure rw rootfstype=ext4 console=ttyAMA0,115200 init=/bin/systemd" -serial stdio
478 484 ```
479 485
480 486 ## Weekly image builds
481 487 The image files are provided by JRWR'S I/O PORT and are built once a Sunday at midnight UTC!
482 488 * [Debian Stretch Raspberry Pi2/3 Weekly Image Builds](https://jrwr.io/doku.php?id=projects:debianpi)
483 489
484 490 ## External links and references
485 491 * [Debian worldwide mirror sites](https://www.debian.org/mirror/list)
486 492 * [Debian Raspberry Pi 2 Wiki](https://wiki.debian.org/RaspberryPi2)
487 493 * [Debian CrossToolchains Wiki](https://wiki.debian.org/CrossToolchains)
488 494 * [Official Raspberry Pi Firmware on github](https://github.com/raspberrypi/firmware)
489 495 * [Official Raspberry Pi Kernel on github](https://github.com/raspberrypi/linux)
490 496 * [U-BOOT git repository](https://git.denx.de/?p=u-boot.git;a=summary)
491 497 * [Xorg DDX driver fbturbo](https://github.com/ssvb/xf86-video-fbturbo)
492 498 * [RPi3 Wireless interface firmware](https://github.com/RPi-Distro/firmware-nonfree/tree/master/brcm80211/brcm)
493 499 * [Collabora RPi2 Kernel precompiled](https://repositories.collabora.co.uk/debian/)
@@ -1,41 +1,41
1 1 #
2 2 # Debootstrap basic system
3 3 #
4 4
5 5 # Load utility functions
6 6 . ./functions.sh
7 7
8 8 VARIANT=""
9 9 COMPONENTS="main"
10 10
11 11 # Use non-free Debian packages if needed
12 12 if [ "$ENABLE_NONFREE" = true ] ; then
13 13 COMPONENTS="main,non-free,contrib"
14 14 fi
15 15
16 16 # Use minbase bootstrap variant which only includes essential packages
17 17 if [ "$ENABLE_MINBASE" = true ] ; then
18 18 VARIANT="--variant=minbase"
19 19 fi
20 20
21 21 # Base debootstrap (unpack only)
22 http_proxy=${APT_PROXY} debootstrap ${APT_EXCLUDES} --arch="${RELEASE_ARCH}" --foreign ${VARIANT} --components="${COMPONENTS}" --include="${APT_INCLUDES}" "${RELEASE}" "${R}" "http://${APT_SERVER}/debian"
22 http_proxy=${APT_PROXY} debootstrap "${APT_EXCLUDES}" --arch="${RELEASE_ARCH}" --foreign ${VARIANT} --components="${COMPONENTS}" --include="${APT_INCLUDES}" "${RELEASE}" "${R}" "http://${APT_SERVER}/debian"
23 23
24 24 # Copy qemu emulator binary to chroot
25 25 install -m 755 -o root -g root "${QEMU_BINARY}" "${R}${QEMU_BINARY}"
26 26
27 27 # Copy debian-archive-keyring.pgp
28 28 mkdir -p "${R}/usr/share/keyrings"
29 29 install_readonly /usr/share/keyrings/debian-archive-keyring.gpg "${R}/usr/share/keyrings/debian-archive-keyring.gpg"
30 30
31 31 # Complete the bootstrapping process
32 32 chroot_exec /debootstrap/debootstrap --second-stage
33 33
34 34 # Mount required filesystems
35 35 mount -t proc none "${R}/proc"
36 36 mount -t sysfs none "${R}/sys"
37 37
38 38 # Mount pseudo terminal slave if supported by Debian release
39 39 if [ -d "${R}/dev/pts" ] ; then
40 40 mount --bind /dev/pts "${R}/dev/pts"
41 41 fi
@@ -1,55 +1,55
1 1 #
2 2 # Setup APT repositories
3 3 #
4 4
5 5 # Load utility functions
6 6 . ./functions.sh
7 7
8 8 # Install and setup APT proxy configuration
9 9 if [ -z "$APT_PROXY" ] ; then
10 10 install_readonly files/apt/10proxy "${ETC_DIR}/apt/apt.conf.d/10proxy"
11 11 sed -i "s/\"\"/\"${APT_PROXY}\"/" "${ETC_DIR}/apt/apt.conf.d/10proxy"
12 12 fi
13 13
14 14 if [ "$BUILD_KERNEL" = false ] ; then
15 15 # Install APT pinning configuration for flash-kernel package
16 16 install_readonly files/apt/flash-kernel "${ETC_DIR}/apt/preferences.d/flash-kernel"
17 17
18 18 # Install APT sources.list
19 19 install_readonly files/apt/sources.list "${ETC_DIR}/apt/sources.list"
20 20 echo "deb ${COLLABORA_URL} ${RELEASE} rpi2" >> "${ETC_DIR}/apt/sources.list"
21 21
22 22 # Upgrade collabora package index and install collabora keyring
23 23 chroot_exec apt-get -qq -y update
24 24 chroot_exec apt-get -qq -y --allow-unauthenticated install collabora-obs-archive-keyring
25 25 else # BUILD_KERNEL=true
26 26 # Install APT sources.list
27 27 install_readonly files/apt/sources.list "${ETC_DIR}/apt/sources.list"
28 28
29 29 # Use specified APT server and release
30 30 sed -i "s/\/ftp.debian.org\//\/${APT_SERVER}\//" "${ETC_DIR}/apt/sources.list"
31 31 sed -i "s/ jessie/ ${RELEASE}/" "${ETC_DIR}/apt/sources.list"
32 32 fi
33 33
34 34 # Allow the installation of non-free Debian packages
35 35 if [ "$ENABLE_NONFREE" = true ] ; then
36 36 sed -i "s/ contrib/ contrib non-free/" "${ETC_DIR}/apt/sources.list"
37 37 fi
38 38
39 39 # Upgrade package index and update all installed packages and changed dependencies
40 40 chroot_exec apt-get -qq -y update
41 41 chroot_exec apt-get -qq -y -u dist-upgrade
42 42
43 43 if [ "$APT_INCLUDES_LATE" ] ; then
44 chroot_exec apt-get -qq -y install $(echo $APT_INCLUDES_LATE |tr , ' ')
44 chroot_exec apt-get -qq -y install "$(echo "$APT_INCLUDES_LATE" |tr , ' ')"
45 45 fi
46 46
47 47 if [ -d packages ] ; then
48 48 for package in packages/*.deb ; do
49 cp $package ${R}/tmp
50 chroot_exec dpkg --unpack /tmp/$(basename $package)
49 cp "$package" "${R}"/tmp
50 chroot_exec dpkg --unpack /tmp/"$(basename "$package")"
51 51 done
52 52 fi
53 53 chroot_exec apt-get -qq -y -f install
54 54
55 55 chroot_exec apt-get -qq -y check
@@ -1,58 +1,58
1 1 #
2 2 # Setup Locales and keyboard settings
3 3 #
4 4
5 5 # Load utility functions
6 6 . ./functions.sh
7 7
8 8 # Install and setup timezone
9 echo ${TIMEZONE} > "${ETC_DIR}/timezone"
9 echo "${TIMEZONE}" > "${ETC_DIR}/timezone"
10 10 chroot_exec dpkg-reconfigure -f noninteractive tzdata
11 11
12 12 # Install and setup default locale and keyboard configuration
13 if [ $(echo "$APT_INCLUDES" | grep ",locales") ] ; then
13 if [ "$(echo "$APT_INCLUDES" | grep ",locales")" ] ; then
14 14 # Set locale choice in debconf db, even though dpkg-reconfigure ignores and overwrites them due to some bug
15 15 # https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=684134 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=685957
16 16 # ... so we have to set locales manually
17 17 if [ "$DEFLOCAL" = "en_US.UTF-8" ] ; then
18 18 chroot_exec echo "locales locales/locales_to_be_generated multiselect ${DEFLOCAL} UTF-8" | debconf-set-selections
19 19 else
20 20 # en_US.UTF-8 should be available anyway : https://www.debian.org/doc/manuals/debian-reference/ch08.en.html#_the_reconfiguration_of_the_locale
21 21 chroot_exec echo "locales locales/locales_to_be_generated multiselect en_US.UTF-8 UTF-8, ${DEFLOCAL} UTF-8" | debconf-set-selections
22 22 sed -i "/en_US.UTF-8/s/^#//" "${ETC_DIR}/locale.gen"
23 23 fi
24 24
25 25 sed -i "/${DEFLOCAL}/s/^#//" "${ETC_DIR}/locale.gen"
26 26 chroot_exec echo "locales locales/default_environment_locale select ${DEFLOCAL}" | debconf-set-selections
27 27 chroot_exec locale-gen
28 28 chroot_exec update-locale LANG="${DEFLOCAL}"
29 29
30 30 # Install and setup default keyboard configuration
31 31 if [ "$XKB_MODEL" != "pc105" ] ; then
32 32 sed -i "s/^XKBMODEL.*/XKBMODEL=\"${XKB_MODEL}\"/" "${ETC_DIR}/default/keyboard"
33 33 fi
34 34 if [ "$XKB_LAYOUT" != "us" ] ; then
35 35 sed -i "s/^XKBLAYOUT.*/XKBLAYOUT=\"${XKB_LAYOUT}\"/" "${ETC_DIR}/default/keyboard"
36 36 fi
37 37 if [ "$XKB_VARIANT" != "" ] ; then
38 38 sed -i "s/^XKBVARIANT.*/XKBVARIANT=\"${XKB_VARIANT}\"/" "${ETC_DIR}/default/keyboard"
39 39 fi
40 40 if [ "$XKB_OPTIONS" != "" ] ; then
41 41 sed -i "s/^XKBOPTIONS.*/XKBOPTIONS=\"${XKB_OPTIONS}\"/" "${ETC_DIR}/default/keyboard"
42 42 fi
43 43 chroot_exec dpkg-reconfigure -f noninteractive keyboard-configuration
44 44
45 45 # Install and setup font console
46 46 case "${DEFLOCAL}" in
47 47 *UTF-8)
48 48 sed -i 's/^CHARMAP.*/CHARMAP="UTF-8"/' "${ETC_DIR}/default/console-setup"
49 49 ;;
50 50 *)
51 51 sed -i 's/^CHARMAP.*/CHARMAP="guess"/' "${ETC_DIR}/default/console-setup"
52 52 ;;
53 53 esac
54 54 chroot_exec dpkg-reconfigure -f noninteractive console-setup
55 55 else # (no locales were installed)
56 56 # Install POSIX default locale
57 57 install_readonly files/locales/locale "${ETC_DIR}/default/locale"
58 58 fi
@@ -1,253 +1,255
1 1 #
2 2 # Build and Setup RPi2/3 Kernel
3 3 #
4 4
5 5 # Load utility functions
6 6 . ./functions.sh
7 7
8 8 # Fetch and build latest raspberry kernel
9 9 if [ "$BUILD_KERNEL" = true ] ; then
10 10 # Setup source directory
11 mkdir -p "${R}/usr/src/linux"
11 mkdir -p "${KERNEL_DIR}"
12 12
13 13 # Copy existing kernel sources into chroot directory
14 14 if [ -n "$KERNELSRC_DIR" ] && [ -d "$KERNELSRC_DIR" ] ; then
15 15 # Copy kernel sources and include hidden files
16 cp -r "${KERNELSRC_DIR}/". "${R}/usr/src/linux"
16 cp -r "${KERNELSRC_DIR}/". "${KERNEL_DIR}"
17 17
18 18 # Clean the kernel sources
19 19 if [ "$KERNELSRC_CLEAN" = true ] && [ "$KERNELSRC_PREBUILT" = false ] ; then
20 20 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" mrproper
21 21 fi
22 22 else # KERNELSRC_DIR=""
23 23 # Create temporary directory for kernel sources
24 24 temp_dir=$(as_nobody mktemp -d)
25 25
26 26 # Fetch current RPi2/3 kernel sources
27 27 if [ -z "${KERNEL_BRANCH}" ] ; then
28 28 as_nobody -H git -C "${temp_dir}" clone --depth=1 "${KERNEL_URL}" linux
29 29 else
30 30 as_nobody -H git -C "${temp_dir}" clone --depth=1 --branch "${KERNEL_BRANCH}" "${KERNEL_URL}" linux
31 fi
32
31 fi
32
33 33 # Copy downloaded kernel sources
34 cp -r "${temp_dir}/linux/"* "${R}/usr/src/linux/"
34 cp -r "${temp_dir}/linux/"* "${KERNEL_DIR}"
35 35
36 36 # Remove temporary directory for kernel sources
37 37 rm -fr "${temp_dir}"
38 38
39 39 # Set permissions of the kernel sources
40 40 chown -R root:root "${R}/usr/src"
41 41 fi
42 42
43 43 # Calculate optimal number of kernel building threads
44 44 if [ "$KERNEL_THREADS" = "1" ] && [ -r /proc/cpuinfo ] ; then
45 45 KERNEL_THREADS=$(grep -c processor /proc/cpuinfo)
46 46 fi
47 47
48 48 # Configure and build kernel
49 49 if [ "$KERNELSRC_PREBUILT" = false ] ; then
50 50 # Remove device, network and filesystem drivers from kernel configuration
51 51 if [ "$KERNEL_REDUCE" = true ] ; then
52 52 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" "${KERNEL_DEFCONFIG}"
53 53 sed -i\
54 54 -e "s/\(^CONFIG_SND.*\=\).*/\1n/"\
55 55 -e "s/\(^CONFIG_SOUND.*\=\).*/\1n/"\
56 56 -e "s/\(^CONFIG_AC97.*\=\).*/\1n/"\
57 57 -e "s/\(^CONFIG_VIDEO_.*\=\).*/\1n/"\
58 58 -e "s/\(^CONFIG_MEDIA_TUNER.*\=\).*/\1n/"\
59 59 -e "s/\(^CONFIG_DVB.*\=\)[ym]/\1n/"\
60 60 -e "s/\(^CONFIG_REISERFS.*\=\).*/\1n/"\
61 61 -e "s/\(^CONFIG_JFS.*\=\).*/\1n/"\
62 62 -e "s/\(^CONFIG_XFS.*\=\).*/\1n/"\
63 63 -e "s/\(^CONFIG_GFS2.*\=\).*/\1n/"\
64 64 -e "s/\(^CONFIG_OCFS2.*\=\).*/\1n/"\
65 65 -e "s/\(^CONFIG_BTRFS.*\=\).*/\1n/"\
66 66 -e "s/\(^CONFIG_HFS.*\=\).*/\1n/"\
67 67 -e "s/\(^CONFIG_JFFS2.*\=\)[ym]/\1n/"\
68 68 -e "s/\(^CONFIG_UBIFS.*\=\).*/\1n/"\
69 69 -e "s/\(^CONFIG_SQUASHFS.*\=\)[ym]/\1n/"\
70 70 -e "s/\(^CONFIG_W1.*\=\)[ym]/\1n/"\
71 71 -e "s/\(^CONFIG_HAMRADIO.*\=\).*/\1n/"\
72 72 -e "s/\(^CONFIG_CAN.*\=\).*/\1n/"\
73 73 -e "s/\(^CONFIG_IRDA.*\=\).*/\1n/"\
74 74 -e "s/\(^CONFIG_BT_.*\=\).*/\1n/"\
75 75 -e "s/\(^CONFIG_WIMAX.*\=\)[ym]/\1n/"\
76 76 -e "s/\(^CONFIG_6LOWPAN.*\=\).*/\1n/"\
77 77 -e "s/\(^CONFIG_IEEE802154.*\=\).*/\1n/"\
78 78 -e "s/\(^CONFIG_NFC.*\=\).*/\1n/"\
79 79 -e "s/\(^CONFIG_FB_TFT=.*\=\).*/\1n/"\
80 80 -e "s/\(^CONFIG_TOUCHSCREEN.*\=\).*/\1n/"\
81 81 -e "s/\(^CONFIG_USB_GSPCA_.*\=\).*/\1n/"\
82 82 -e "s/\(^CONFIG_DRM.*\=\).*/\1n/"\
83 83 "${KERNEL_DIR}/.config"
84 84 fi
85 85
86 86 if [ "$KERNELSRC_CONFIG" = true ] ; then
87 87 # Load default raspberry kernel configuration
88 88 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" "${KERNEL_DEFCONFIG}"
89 89
90 90 # Set kernel configuration parameters to enable qemu emulation
91 91 if [ "$ENABLE_QEMU" = true ] ; then
92 echo "CONFIG_FHANDLE=y" >> ${KERNEL_DIR}/.config
93 echo "CONFIG_LBDAF=y" >> ${KERNEL_DIR}/.config
92 echo "CONFIG_FHANDLE=y" >> "${KERNEL_DIR}"/.config
93 echo "CONFIG_LBDAF=y" >> "${KERNEL_DIR}"/.config
94 94
95 95 if [ "$ENABLE_CRYPTFS" = true ] ; then
96 echo "CONFIG_EMBEDDED=y" >> ${KERNEL_DIR}/.config
97 echo "CONFIG_EXPERT=y" >> ${KERNEL_DIR}/.config
98 echo "CONFIG_DAX=y" >> ${KERNEL_DIR}/.config
99 echo "CONFIG_MD=y" >> ${KERNEL_DIR}/.config
100 echo "CONFIG_BLK_DEV_MD=y" >> ${KERNEL_DIR}/.config
101 echo "CONFIG_MD_AUTODETECT=y" >> ${KERNEL_DIR}/.config
102 echo "CONFIG_BLK_DEV_DM=y" >> ${KERNEL_DIR}/.config
103 echo "CONFIG_BLK_DEV_DM_BUILTIN=y" >> ${KERNEL_DIR}/.config
104 echo "CONFIG_DM_CRYPT=y" >> ${KERNEL_DIR}/.config
105 echo "CONFIG_CRYPTO_BLKCIPHER=y" >> ${KERNEL_DIR}/.config
106 echo "CONFIG_CRYPTO_CBC=y" >> ${KERNEL_DIR}/.config
107 echo "CONFIG_CRYPTO_XTS=y" >> ${KERNEL_DIR}/.config
108 echo "CONFIG_CRYPTO_SHA512=y" >> ${KERNEL_DIR}/.config
109 echo "CONFIG_CRYPTO_MANAGER=y" >> ${KERNEL_DIR}/.config
110 fi
96 {
97 echo "CONFIG_EMBEDDED=y"
98 echo "CONFIG_EXPERT=y"
99 echo "CONFIG_DAX=y"
100 echo "CONFIG_MD=y"
101 echo "CONFIG_BLK_DEV_MD=y"
102 echo "CONFIG_MD_AUTODETECT=y"
103 echo "CONFIG_BLK_DEV_DM=y"
104 echo "CONFIG_BLK_DEV_DM_BUILTIN=y"
105 echo "CONFIG_DM_CRYPT=y"
106 echo "CONFIG_CRYPTO_BLKCIPHER=y"
107 echo "CONFIG_CRYPTO_CBC=y"
108 echo "CONFIG_CRYPTO_XTS=y"
109 echo "CONFIG_CRYPTO_SHA512=y"
110 echo "CONFIG_CRYPTO_MANAGER=y"
111 } >> ${KERNEL_DIR}/.config
112 fi
111 113 fi
112 114
113 115 # Copy custom kernel configuration file
114 if [ ! -z "$KERNELSRC_USRCONFIG" ] ; then
115 cp $KERNELSRC_USRCONFIG ${KERNEL_DIR}/.config
116 if [ -n "$KERNELSRC_USRCONFIG" ] ; then
117 cp "$KERNELSRC_USRCONFIG" "${KERNEL_DIR}"/.config
116 118 fi
117 119
118 120 # Set kernel configuration parameters to their default values
119 121 if [ "$KERNEL_OLDDEFCONFIG" = true ] ; then
120 122 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" olddefconfig
121 123 fi
122 124
123 125 # Start menu-driven kernel configuration (interactive)
124 126 if [ "$KERNEL_MENUCONFIG" = true ] ; then
125 127 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" menuconfig
126 128 fi
127 129 fi
128 130
129 131 # Use ccache to cross compile the kernel
130 132 if [ "$KERNEL_CCACHE" = true ] ; then
131 133 cc="ccache ${CROSS_COMPILE}gcc"
132 134 else
133 135 cc="${CROSS_COMPILE}gcc"
134 136 fi
135 137
136 138 # Cross compile kernel and dtbs
137 make -C "${KERNEL_DIR}" -j${KERNEL_THREADS} ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" CC="${cc}" "${KERNEL_BIN_IMAGE}" dtbs
139 make -C "${KERNEL_DIR}" -j"${KERNEL_THREADS}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" CC="${cc}" "${KERNEL_BIN_IMAGE}" dtbs
138 140
139 141 # Cross compile kernel modules
140 if [ $(grep "CONFIG_MODULES=y" "${KERNEL_DIR}/.config") ] ; then
141 make -C "${KERNEL_DIR}" -j${KERNEL_THREADS} ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" CC="${cc}" modules
142 if [ "$(grep "CONFIG_MODULES=y" "${KERNEL_DIR}/.config")" ] ; then
143 make -C "${KERNEL_DIR}" -j"${KERNEL_THREADS}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" CC="${cc}" modules
142 144 fi
143 145 fi
144 146
145 147 # Check if kernel compilation was successful
146 148 if [ ! -r "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/${KERNEL_BIN_IMAGE}" ] ; then
147 149 echo "error: kernel compilation failed! (kernel image not found)"
148 150 cleanup
149 151 exit 1
150 152 fi
151 153
152 154 # Install kernel modules
153 155 if [ "$ENABLE_REDUCE" = true ] ; then
154 if [ $(grep "CONFIG_MODULES=y" "${KERNEL_DIR}/.config") ] ; then
156 if [ "$(grep "CONFIG_MODULES=y" "${KERNEL_DIR}/.config")" ] ; then
155 157 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_MOD_STRIP=1 INSTALL_MOD_PATH=../../.. modules_install
156 158 fi
157 159 else
158 if [ $(grep "CONFIG_MODULES=y" "${KERNEL_DIR}/.config") ] ; then
160 if [ "$(grep "CONFIG_MODULES=y" "${KERNEL_DIR}/.config")" ] ; then
159 161 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_MOD_PATH=../../.. modules_install
160 162 fi
161 163
162 164 # Install kernel firmware
163 if [ $(grep "^firmware_install:" "${KERNEL_DIR}/Makefile") ] ; then
165 if [ "$(grep "^firmware_install:" "${KERNEL_DIR}/Makefile")" ] ; then
164 166 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_FW_PATH=../../../lib firmware_install
165 167 fi
166 168 fi
167 169
168 170 # Install kernel headers
169 171 if [ "$KERNEL_HEADERS" = true ] && [ "$KERNEL_REDUCE" = false ] ; then
170 172 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_HDR_PATH=../.. headers_install
171 173 fi
172 174
173 175 # Prepare boot (firmware) directory
174 176 mkdir "${BOOT_DIR}"
175 177
176 178 # Get kernel release version
177 KERNEL_VERSION=`cat "${KERNEL_DIR}/include/config/kernel.release"`
179 KERNEL_VERSION=$(cat "${KERNEL_DIR}/include/config/kernel.release")
178 180
179 181 # Copy kernel configuration file to the boot directory
180 182 install_readonly "${KERNEL_DIR}/.config" "${R}/boot/config-${KERNEL_VERSION}"
181 183
182 184 # Prepare device tree directory
183 185 mkdir "${BOOT_DIR}/overlays"
184
186
185 187 # Ensure the proper .dtb is located
186 188 if [ "$KERNEL_ARCH" = "arm" ] ; then
187 189 for dtb in "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/"*.dtb ; do
188 190 if [ -f "${dtb}" ] ; then
189 191 install_readonly "${dtb}" "${BOOT_DIR}/"
190 192 fi
191 193 done
192 194 else
193 195 for dtb in "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/broadcom/"*.dtb ; do
194 196 if [ -f "${dtb}" ] ; then
195 197 install_readonly "${dtb}" "${BOOT_DIR}/"
196 198 fi
197 199 done
198 200 fi
199 201
200 202 # Copy compiled dtb device tree files
201 203 if [ -d "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays" ] ; then
202 204 for dtb in "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays/"*.dtb ; do
203 205 if [ -f "${dtb}" ] ; then
204 206 install_readonly "${dtb}" "${BOOT_DIR}/overlays/"
205 207 fi
206 208 done
207 209
208 210 if [ -f "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays/README" ] ; then
209 211 install_readonly "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays/README" "${BOOT_DIR}/overlays/README"
210 212 fi
211 213 fi
212 214
213 215 if [ "$ENABLE_UBOOT" = false ] ; then
214 216 # Convert and copy kernel image to the boot directory
215 217 "${KERNEL_DIR}/scripts/mkknlimg" "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/${KERNEL_BIN_IMAGE}" "${BOOT_DIR}/${KERNEL_IMAGE}"
216 218 else
217 219 # Copy kernel image to the boot directory
218 220 install_readonly "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/${KERNEL_BIN_IMAGE}" "${BOOT_DIR}/${KERNEL_IMAGE}"
219 221 fi
220 222
221 223 # Remove kernel sources
222 224 if [ "$KERNEL_REMOVESRC" = true ] ; then
223 225 rm -fr "${KERNEL_DIR}"
224 226 else
225 227 # Prepare compiled kernel modules
226 if [ $(grep "CONFIG_MODULES=y" "${KERNEL_DIR}/.config") ] ; then
227 if [ $(grep "^modules_prepare:" "${KERNEL_DIR}/Makefile") ] ; then
228 if [ "$(grep "CONFIG_MODULES=y" "${KERNEL_DIR}/.config")" ] ; then
229 if [ "$(grep "^modules_prepare:" "${KERNEL_DIR}/Makefile")" ] ; then
228 230 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" modules_prepare
229 231 fi
230 232
231 233 # Create symlinks for kernel modules
232 234 chroot_exec ln -sf /usr/src/linux "/lib/modules/${KERNEL_VERSION}/build"
233 235 chroot_exec ln -sf /usr/src/linux "/lib/modules/${KERNEL_VERSION}/source"
234 236 fi
235 237 fi
236 238
237 239 else # BUILD_KERNEL=false
238 240 # Kernel installation
239 241 chroot_exec apt-get -qq -y --no-install-recommends install linux-image-"${COLLABORA_KERNEL}" raspberrypi-bootloader-nokernel
240 242
241 243 # Install flash-kernel last so it doesn't try (and fail) to detect the platform in the chroot
242 244 chroot_exec apt-get -qq -y install flash-kernel
243 245
244 246 # Check if kernel installation was successful
245 VMLINUZ="$(ls -1 ${R}/boot/vmlinuz-* | sort | tail -n 1)"
247 VMLINUZ="$(ls -1 "${R}"/boot/vmlinuz-* | sort | tail -n 1)"
246 248 if [ -z "$VMLINUZ" ] ; then
247 249 echo "error: kernel installation failed! (/boot/vmlinuz-* not found)"
248 250 cleanup
249 251 exit 1
250 252 fi
251 253 # Copy vmlinuz kernel to the boot directory
252 254 install_readonly "${VMLINUZ}" "${BOOT_DIR}/${KERNEL_IMAGE}"
253 255 fi
@@ -1,59 +1,59
1 1 #
2 2 # Setup fstab and initramfs
3 3 #
4 4
5 5 # Load utility functions
6 6 . ./functions.sh
7 7
8 8 # Install and setup fstab
9 9 install_readonly files/mount/fstab "${ETC_DIR}/fstab"
10 10
11 11 # Add usb/sda disk root partition to fstab
12 12 if [ "$ENABLE_SPLITFS" = true ] && [ "$ENABLE_CRYPTFS" = false ] ; then
13 13 sed -i "s/mmcblk0p2/sda1/" "${ETC_DIR}/fstab"
14 14 fi
15 15
16 16 # Add encrypted root partition to fstab and crypttab
17 17 if [ "$ENABLE_CRYPTFS" = true ] ; then
18 18 # Replace fstab root partition with encrypted partition mapping
19 19 sed -i "s/mmcblk0p2/mapper\/${CRYPTFS_MAPPING}/" "${ETC_DIR}/fstab"
20 20
21 21 # Add encrypted partition to crypttab and fstab
22 22 install_readonly files/mount/crypttab "${ETC_DIR}/crypttab"
23 23 echo "${CRYPTFS_MAPPING} /dev/mmcblk0p2 none luks,initramfs" >> "${ETC_DIR}/crypttab"
24 24
25 25 if [ "$ENABLE_SPLITFS" = true ] ; then
26 26 # Add usb/sda disk to crypttab
27 27 sed -i "s/mmcblk0p2/sda1/" "${ETC_DIR}/crypttab"
28 28 fi
29 29 fi
30 30
31 31 # Generate initramfs file
32 32 if [ "$BUILD_KERNEL" = true ] && [ "$ENABLE_INITRAMFS" = true ] ; then
33 33 if [ "$ENABLE_CRYPTFS" = true ] ; then
34 34 # Include initramfs scripts to auto expand encrypted root partition
35 35 if [ "$EXPANDROOT" = true ] ; then
36 36 install_exec files/initramfs/expand_encrypted_rootfs "${ETC_DIR}/initramfs-tools/scripts/init-premount/expand_encrypted_rootfs"
37 37 install_exec files/initramfs/expand-premount "${ETC_DIR}/initramfs-tools/scripts/local-premount/expand-premount"
38 38 install_exec files/initramfs/expand-tools "${ETC_DIR}/initramfs-tools/hooks/expand-tools"
39 39 fi
40 40
41 41 # Disable SSHD inside initramfs
42 42 printf "#\n# DROPBEAR: [ y | n ]\n#\n\nDROPBEAR=n\n" >> "${ETC_DIR}/initramfs-tools/initramfs.conf"
43 43
44 44 # Add cryptsetup modules to initramfs
45 45 printf "#\n# CRYPTSETUP: [ y | n ]\n#\n\nCRYPTSETUP=y\n" >> "${ETC_DIR}/initramfs-tools/conf-hook"
46 46
47 47 # Dummy mapping required by mkinitramfs
48 echo "0 1 crypt $(echo ${CRYPTFS_CIPHER} | cut -d ':' -f 1) ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff 0 7:0 4096" | chroot_exec dmsetup create "${CRYPTFS_MAPPING}"
48 echo "0 1 crypt $(echo "${CRYPTFS_CIPHER}" | cut -d ':' -f 1) ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff 0 7:0 4096" | chroot_exec dmsetup create "${CRYPTFS_MAPPING}"
49 49
50 50 # Generate initramfs with encrypted root partition support
51 51 chroot_exec mkinitramfs -o "/boot/firmware/initramfs-${KERNEL_VERSION}" "${KERNEL_VERSION}"
52 52
53 53 # Remove dummy mapping
54 54 chroot_exec cryptsetup close "${CRYPTFS_MAPPING}"
55 55 else
56 56 # Generate initramfs without encrypted root partition support
57 57 chroot_exec mkinitramfs -o "/boot/firmware/initramfs-${KERNEL_VERSION}" "${KERNEL_VERSION}"
58 58 fi
59 59 fi
@@ -1,151 +1,151
1 1 #
2 2 # Setup RPi2/3 config and cmdline
3 3 #
4 4
5 5 # Load utility functions
6 6 . ./functions.sh
7 7
8 8 if [ "$BUILD_KERNEL" = true ] ; then
9 9 if [ -n "$RPI_FIRMWARE_DIR" ] && [ -d "$RPI_FIRMWARE_DIR" ] ; then
10 10 # Install boot binaries from local directory
11 cp ${RPI_FIRMWARE_DIR}/boot/bootcode.bin ${BOOT_DIR}/bootcode.bin
12 cp ${RPI_FIRMWARE_DIR}/boot/fixup.dat ${BOOT_DIR}/fixup.dat
13 cp ${RPI_FIRMWARE_DIR}/boot/fixup_cd.dat ${BOOT_DIR}/fixup_cd.dat
14 cp ${RPI_FIRMWARE_DIR}/boot/fixup_x.dat ${BOOT_DIR}/fixup_x.dat
15 cp ${RPI_FIRMWARE_DIR}/boot/start.elf ${BOOT_DIR}/start.elf
16 cp ${RPI_FIRMWARE_DIR}/boot/start_cd.elf ${BOOT_DIR}/start_cd.elf
17 cp ${RPI_FIRMWARE_DIR}/boot/start_x.elf ${BOOT_DIR}/start_x.elf
11 cp "${RPI_FIRMWARE_DIR}"/boot/bootcode.bin "${BOOT_DIR}"/bootcode.bin
12 cp "${RPI_FIRMWARE_DIR}"/boot/fixup.dat "${BOOT_DIR}"/fixup.dat
13 cp "${RPI_FIRMWARE_DIR}"/boot/fixup_cd.dat "${BOOT_DIR}"/fixup_cd.dat
14 cp "${RPI_FIRMWARE_DIR}"/boot/fixup_x.dat "${BOOT_DIR}"/fixup_x.dat
15 cp "${RPI_FIRMWARE_DIR}"/boot/start.elf "${BOOT_DIR}"/start.elf
16 cp "${RPI_FIRMWARE_DIR}"/boot/start_cd.elf "${BOOT_DIR}"/start_cd.elf
17 cp "${RPI_FIRMWARE_DIR}"/boot/start_x.elf "${BOOT_DIR}"/start_x.elf
18 18 else
19 19 # Create temporary directory for boot binaries
20 20 temp_dir=$(as_nobody mktemp -d)
21 21
22 22 # Install latest boot binaries from raspberry/firmware github
23 23 as_nobody wget -q -O "${temp_dir}/bootcode.bin" "${FIRMWARE_URL}/bootcode.bin"
24 24 as_nobody wget -q -O "${temp_dir}/fixup.dat" "${FIRMWARE_URL}/fixup.dat"
25 25 as_nobody wget -q -O "${temp_dir}/fixup_cd.dat" "${FIRMWARE_URL}/fixup_cd.dat"
26 26 as_nobody wget -q -O "${temp_dir}/fixup_x.dat" "${FIRMWARE_URL}/fixup_x.dat"
27 27 as_nobody wget -q -O "${temp_dir}/start.elf" "${FIRMWARE_URL}/start.elf"
28 28 as_nobody wget -q -O "${temp_dir}/start_cd.elf" "${FIRMWARE_URL}/start_cd.elf"
29 29 as_nobody wget -q -O "${temp_dir}/start_x.elf" "${FIRMWARE_URL}/start_x.elf"
30 30
31 31 # Move downloaded boot binaries
32 32 mv "${temp_dir}/"* "${BOOT_DIR}/"
33 33
34 34 # Remove temporary directory for boot binaries
35 35 rm -fr "${temp_dir}"
36 36
37 37 # Set permissions of the boot binaries
38 38 chown -R root:root "${BOOT_DIR}"
39 39 chmod -R 600 "${BOOT_DIR}"
40 40 fi
41 41 fi
42 42
43 43 # Setup firmware boot cmdline
44 44 if [ "$ENABLE_SPLITFS" = true ] ; then
45 45 CMDLINE="dwc_otg.lpm_enable=0 root=/dev/sda1 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline rootwait console=tty1"
46 46 else
47 47 CMDLINE="dwc_otg.lpm_enable=0 root=/dev/mmcblk0p2 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline rootwait console=tty1"
48 48 fi
49 49
50 50 # Add encrypted root partition to cmdline.txt
51 51 if [ "$ENABLE_CRYPTFS" = true ] ; then
52 52 if [ "$ENABLE_SPLITFS" = true ] ; then
53 CMDLINE=$(echo ${CMDLINE} | sed "s/sda1/mapper\/${CRYPTFS_MAPPING} cryptdevice=\/dev\/sda1:${CRYPTFS_MAPPING}/")
53 CMDLINE=$(echo "${CMDLINE}" | sed "s/sda1/mapper\/${CRYPTFS_MAPPING} cryptdevice=\/dev\/sda1:${CRYPTFS_MAPPING}/")
54 54 else
55 CMDLINE=$(echo ${CMDLINE} | sed "s/mmcblk0p2/mapper\/${CRYPTFS_MAPPING} cryptdevice=\/dev\/mmcblk0p2:${CRYPTFS_MAPPING}/")
55 CMDLINE=$(echo "${CMDLINE}" | sed "s/mmcblk0p2/mapper\/${CRYPTFS_MAPPING} cryptdevice=\/dev\/mmcblk0p2:${CRYPTFS_MAPPING}/")
56 56 fi
57 57 fi
58 58
59 59 # Add serial console support
60 60 if [ "$ENABLE_CONSOLE" = true ] ; then
61 61 CMDLINE="${CMDLINE} console=ttyAMA0,115200 kgdboc=ttyAMA0,115200"
62 62 fi
63 63
64 64 # Remove IPv6 networking support
65 65 if [ "$ENABLE_IPV6" = false ] ; then
66 66 CMDLINE="${CMDLINE} ipv6.disable=1"
67 67 fi
68 68
69 69 # Automatically assign predictable network interface names
70 70 if [ "$ENABLE_IFNAMES" = false ] ; then
71 71 CMDLINE="${CMDLINE} net.ifnames=0"
72 72 else
73 73 CMDLINE="${CMDLINE} net.ifnames=1"
74 74 fi
75 75
76 76 # Set init to systemd if required by Debian release
77 77 if [ "$RELEASE" = "stretch" ] || [ "$RELEASE" = "buster" ] ; then
78 78 CMDLINE="${CMDLINE} init=/bin/systemd"
79 79 fi
80 80
81 81 # Install firmware boot cmdline
82 82 echo "${CMDLINE}" > "${BOOT_DIR}/cmdline.txt"
83 83
84 84 # Install firmware config
85 85 install_readonly files/boot/config.txt "${BOOT_DIR}/config.txt"
86 86
87 87 # Setup minimal GPU memory allocation size: 16MB (no X)
88 88 if [ "$ENABLE_MINGPU" = true ] ; then
89 89 echo "gpu_mem=16" >> "${BOOT_DIR}/config.txt"
90 90 fi
91 91
92 92 # Setup boot with initramfs
93 93 if [ "$ENABLE_INITRAMFS" = true ] ; then
94 94 echo "initramfs initramfs-${KERNEL_VERSION} followkernel" >> "${BOOT_DIR}/config.txt"
95 95 fi
96 96
97 97 # Disable RPi3 Bluetooth and restore ttyAMA0 serial device
98 98 if [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then
99 99 if [ "$ENABLE_CONSOLE" = true ] && [ "$ENABLE_UBOOT" = false ] ; then
100 100 echo "dtoverlay=pi3-disable-bt" >> "${BOOT_DIR}/config.txt"
101 101 echo "enable_uart=1" >> "${BOOT_DIR}/config.txt"
102 102 fi
103 103 fi
104 104
105 105 # Create firmware configuration and cmdline symlinks
106 106 ln -sf firmware/config.txt "${R}/boot/config.txt"
107 107 ln -sf firmware/cmdline.txt "${R}/boot/cmdline.txt"
108 108
109 109 # Install and setup kernel modules to load at boot
110 110 mkdir -p "${R}/lib/modules-load.d/"
111 111 install_readonly files/modules/rpi2.conf "${R}/lib/modules-load.d/rpi2.conf"
112 112
113 113 # Load hardware random module at boot
114 114 if [ "$ENABLE_HWRANDOM" = true ] && [ "$BUILD_KERNEL" = false ] ; then
115 115 sed -i "s/^# bcm2708_rng/bcm2708_rng/" "${R}/lib/modules-load.d/rpi2.conf"
116 116 fi
117 117
118 118 # Load sound module at boot
119 119 if [ "$ENABLE_SOUND" = true ] ; then
120 120 sed -i "s/^# snd_bcm2835/snd_bcm2835/" "${R}/lib/modules-load.d/rpi2.conf"
121 121 else
122 122 echo "dtparam=audio=off" >> "${BOOT_DIR}/config.txt"
123 123 fi
124 124
125 125 # Enable I2C interface
126 126 if [ "$ENABLE_I2C" = true ] ; then
127 127 echo "dtparam=i2c_arm=on" >> "${BOOT_DIR}/config.txt"
128 128 sed -i "s/^# i2c-bcm2708/i2c-bcm2708/" "${R}/lib/modules-load.d/rpi2.conf"
129 129 sed -i "s/^# i2c-dev/i2c-dev/" "${R}/lib/modules-load.d/rpi2.conf"
130 130 fi
131 131
132 132 # Enable SPI interface
133 133 if [ "$ENABLE_SPI" = true ] ; then
134 134 echo "dtparam=spi=on" >> "${BOOT_DIR}/config.txt"
135 135 echo "spi-bcm2708" >> "${R}/lib/modules-load.d/rpi2.conf"
136 136 if [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ]; then
137 137 sed -i "s/spi-bcm2708/spi-bcm2835/" "${R}/lib/modules-load.d/rpi2.conf"
138 138 fi
139 139 fi
140 140
141 141 # Disable RPi2/3 under-voltage warnings
142 if [ ! -z "$DISABLE_UNDERVOLT_WARNINGS" ] ; then
142 if [ -n "$DISABLE_UNDERVOLT_WARNINGS" ] ; then
143 143 echo "avoid_warnings=${DISABLE_UNDERVOLT_WARNINGS}" >> "${BOOT_DIR}/config.txt"
144 144 fi
145 145
146 146 # Install kernel modules blacklist
147 147 mkdir -p "${ETC_DIR}/modprobe.d/"
148 148 install_readonly files/modules/raspi-blacklist.conf "${ETC_DIR}/modprobe.d/raspi-blacklist.conf"
149 149
150 150 # Install sysctl.d configuration files
151 151 install_readonly files/sysctl.d/81-rpi-vm.conf "${ETC_DIR}/sysctl.d/81-rpi-vm.conf"
@@ -1,134 +1,134
1 1 #
2 2 # Setup Networking
3 3 #
4 4
5 5 # Load utility functions
6 6 . ./functions.sh
7 7
8 8 # Install and setup hostname
9 9 install_readonly files/network/hostname "${ETC_DIR}/hostname"
10 10 sed -i "s/^rpi2-jessie/${HOSTNAME}/" "${ETC_DIR}/hostname"
11 11
12 12 # Install and setup hosts
13 13 install_readonly files/network/hosts "${ETC_DIR}/hosts"
14 14 sed -i "s/rpi2-jessie/${HOSTNAME}/" "${ETC_DIR}/hosts"
15 15
16 16 # Setup hostname entry with static IP
17 17 if [ "$NET_ADDRESS" != "" ] ; then
18 18 NET_IP=$(echo "${NET_ADDRESS}" | cut -f 1 -d'/')
19 19 sed -i "s/^127.0.1.1/${NET_IP}/" "${ETC_DIR}/hosts"
20 20 fi
21 21
22 22 # Remove IPv6 hosts
23 23 if [ "$ENABLE_IPV6" = false ] ; then
24 24 sed -i -e "/::[1-9]/d" -e "/^$/d" "${ETC_DIR}/hosts"
25 25 fi
26 26
27 27 # Install hint about network configuration
28 28 install_readonly files/network/interfaces "${ETC_DIR}/network/interfaces"
29 29
30 30 # Install configuration for interface eth0
31 31 install_readonly files/network/eth.network "${ETC_DIR}/systemd/network/eth.network"
32 32
33 33 # Install configuration for interface wl*
34 34 install_readonly files/network/wlan.network "${ETC_DIR}/systemd/network/wlan.network"
35 35
36 36 #always with dhcp since wpa_supplicant integration is missing
37 37 sed -i -e "s/DHCP=.*/DHCP=yes/" -e "/DHCP/q" "${ETC_DIR}/systemd/network/wlan.network"
38 38
39 39 if [ "$ENABLE_DHCP" = true ] ; then
40 40 # Enable DHCP configuration for interface eth0
41 41 sed -i -e "s/DHCP=.*/DHCP=yes/" -e "/DHCP/q" "${ETC_DIR}/systemd/network/eth.network"
42 42
43 43 # Set DHCP configuration to IPv4 only
44 44 if [ "$ENABLE_IPV6" = false ] ; then
45 45 sed -i "s/DHCP=.*/DHCP=v4/" "${ETC_DIR}/systemd/network/eth.network"
46 46 fi
47 47
48 48 else # ENABLE_DHCP=false
49 49 # Set static network configuration for interface eth0
50 50 sed -i\
51 51 -e "s|DHCP=.*|DHCP=no|"\
52 52 -e "s|Address=\$|Address=${NET_ADDRESS}|"\
53 53 -e "s|Gateway=\$|Gateway=${NET_GATEWAY}|"\
54 54 -e "0,/DNS=\$/ s|DNS=\$|DNS=${NET_DNS_1}|"\
55 55 -e "0,/DNS=\$/ s|DNS=\$|DNS=${NET_DNS_2}|"\
56 56 -e "s|Domains=\$|Domains=${NET_DNS_DOMAINS}|"\
57 57 -e "0,/NTP=\$/ s|NTP=\$|NTP=${NET_NTP_1}|"\
58 58 -e "0,/NTP=\$/ s|NTP=\$|NTP=${NET_NTP_2}|"\
59 59 "${ETC_DIR}/systemd/network/eth.network"
60 60 fi
61 61
62 62 # Remove empty settings from network configuration
63 63 sed -i "/.*=\$/d" "${ETC_DIR}/systemd/network/eth.network"
64 64 # Remove empty settings from wlan configuration
65 65 sed -i "/.*=\$/d" "${ETC_DIR}/systemd/network/wlan.network"
66 66
67 67 # Move systemd network configuration if required by Debian release
68 68 if [ "$RELEASE" = "stretch" ] || [ "$RELEASE" = "buster" ] ; then
69 69 mv -v "${ETC_DIR}/systemd/network/eth.network" "${LIB_DIR}/systemd/network/10-eth.network"
70 70 if [ "$ENABLE_WIRELESS" = true ] ; then
71 71 mv -v "${ETC_DIR}/systemd/network/wlan.network" "${LIB_DIR}/systemd/network/11-wlan.network"
72 72 fi
73 73 rm -fr "${ETC_DIR}/systemd/network"
74 74 fi
75 75
76 76 # Enable systemd-networkd service
77 77 chroot_exec systemctl enable systemd-networkd
78 78
79 79 # Install host.conf resolver configuration
80 80 install_readonly files/network/host.conf "${ETC_DIR}/host.conf"
81 81
82 82 # Enable network stack hardening
83 83 if [ "$ENABLE_HARDNET" = true ] ; then
84 84 # Install sysctl.d configuration files
85 85 install_readonly files/sysctl.d/82-rpi-net-hardening.conf "${ETC_DIR}/sysctl.d/82-rpi-net-hardening.conf"
86 86
87 87 # Setup resolver warnings about spoofed addresses
88 88 sed -i "s/^# spoof warn/spoof warn/" "${ETC_DIR}/host.conf"
89 89 fi
90 90
91 91 # Enable time sync
92 if [ "NET_NTP_1" != "" ] ; then
92 if [ "$NET_NTP_1" != "" ] ; then
93 93 chroot_exec systemctl enable systemd-timesyncd.service
94 94 fi
95 95
96 96 # Download the firmware binary blob required to use the RPi3 wireless interface
97 97 if [ "$ENABLE_WIRELESS" = true ] ; then
98 if [ ! -d ${WLAN_FIRMWARE_DIR} ] ; then
99 mkdir -p ${WLAN_FIRMWARE_DIR}
98 if [ ! -d "${WLAN_FIRMWARE_DIR}" ] ; then
99 mkdir -p "${WLAN_FIRMWARE_DIR}"
100 100 fi
101 101
102 102 # Create temporary directory for firmware binary blob
103 103 temp_dir=$(as_nobody mktemp -d)
104 104
105 105 # Fetch firmware binary blob for RPI3B+
106 106 if [ "$RPI_MODEL" = 3P ] ; then
107 107 as_nobody wget -q -O "${temp_dir}/brcmfmac43455-sdio.bin" "${WLAN_FIRMWARE_URL}/brcmfmac43455-sdio.bin"
108 108 as_nobody wget -q -O "${temp_dir}/brcmfmac43455-sdio.txt" "${WLAN_FIRMWARE_URL}/brcmfmac43455-sdio.txt"
109 109 as_nobody wget -q -O "${temp_dir}/brcmfmac43455-sdio.clm_blob" "${WLAN_FIRMWARE_URL}/brcmfmac43455-sdio.clm_blob"
110 110 elif [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 0 ] ; then
111 111 # Fetch firmware binary blob for RPI3
112 112 as_nobody wget -q -O "${temp_dir}/brcmfmac43430-sdio.bin" "${WLAN_FIRMWARE_URL}/brcmfmac43430-sdio.bin"
113 113 as_nobody wget -q -O "${temp_dir}/brcmfmac43430-sdio.txt" "${WLAN_FIRMWARE_URL}/brcmfmac43430-sdio.txt"
114 114 fi
115 115
116 116 # Move downloaded firmware binary blob
117 117 if [ "$RPI_MODEL" = 3P ] ; then
118 118 mv "${temp_dir}/brcmfmac43455-sdio."* "${WLAN_FIRMWARE_DIR}/"
119 119 elif [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 0 ] ; then
120 120 mv "${temp_dir}/brcmfmac43430-sdio."* "${WLAN_FIRMWARE_DIR}/"
121 121 fi
122 122
123 123 # Remove temporary directory for firmware binary blob
124 124 rm -fr "${temp_dir}"
125 125
126 126 # Set permissions of the firmware binary blob
127 127 if [ "$RPI_MODEL" = 3P ] ; then
128 128 chown root:root "${WLAN_FIRMWARE_DIR}/brcmfmac43455-sdio."*
129 129 chmod 600 "${WLAN_FIRMWARE_DIR}/brcmfmac43455-sdio."*
130 130 elif [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 0 ] ; then
131 131 chown root:root "${WLAN_FIRMWARE_DIR}/brcmfmac43430-sdio."*
132 132 chmod 600 "${WLAN_FIRMWARE_DIR}/brcmfmac43430-sdio."*
133 133 fi
134 134 fi
@@ -1,49 +1,50
1 1 #
2 2 # Setup Firewall
3 3 #
4 4
5 5 # Load utility functions
6 6 . ./functions.sh
7 7
8 8 if [ "$ENABLE_IPTABLES" = true ] ; then
9 9 # Create iptables configuration directory
10 10 mkdir -p "${ETC_DIR}/iptables"
11 11
12 # make sure iptables-legacy,iptables-legacy-restore and iptables-legacy-save are the used alternatives
13 chroot_exec update-alternatives --verbose --set iptables /usr/sbin/iptables-legacy
14 chroot_exec update-alternatives --verbose --set iptables-save /usr/sbin/iptables-legacy-save
15 chroot_exec update-alternatives --verbose --set iptables-restore /usr/sbin/iptables-legacy-restore
12 # make sure iptables-legacy is the used alternatives
13 #iptables-save and -restore are slaves of iptables and thus are set accordingly
14 if ! [ "$RELEASE" = jessie ] ; then
15 chroot_exec update-alternatives --verbose --set iptables /usr/sbin/iptables-legacy
16 fi
16 17
17 18 # Install iptables systemd service
18 19 install_readonly files/iptables/iptables.service "${ETC_DIR}/systemd/system/iptables.service"
19 20
20 21 # Install flush-table script called by iptables service
21 22 install_exec files/iptables/flush-iptables.sh "${ETC_DIR}/iptables/flush-iptables.sh"
22 23
23 24 # Install iptables rule file
24 25 install_readonly files/iptables/iptables.rules "${ETC_DIR}/iptables/iptables.rules"
25 26
26 27 # Reload systemd configuration and enable iptables service
27 28 chroot_exec systemctl daemon-reload
28 29 chroot_exec systemctl enable iptables.service
29 30
30 31 if [ "$ENABLE_IPV6" = true ] ; then
31 32 # Install ip6tables systemd service
32 33 install_readonly files/iptables/ip6tables.service "${ETC_DIR}/systemd/system/ip6tables.service"
33 34
34 35 # Install ip6tables file
35 36 install_exec files/iptables/flush-ip6tables.sh "${ETC_DIR}/iptables/flush-ip6tables.sh"
36 37
37 38 install_readonly files/iptables/ip6tables.rules "${ETC_DIR}/iptables/ip6tables.rules"
38 39
39 40 # Reload systemd configuration and enable iptables service
40 41 chroot_exec systemctl daemon-reload
41 42 chroot_exec systemctl enable ip6tables.service
42 43 fi
43 44
44 45 if [ "$ENABLE_SSHD" = false ] ; then
45 46 # Remove SSHD related iptables rules
46 47 sed -i "/^#/! {/SSH/ s/^/# /}" "${ETC_DIR}/iptables/iptables.rules" 2> /dev/null
47 48 sed -i "/^#/! {/SSH/ s/^/# /}" "${ETC_DIR}/iptables/ip6tables.rules" 2> /dev/null
48 49 fi
49 50 fi
@@ -1,29 +1,29
1 1 #
2 2 # Setup users and security settings
3 3 #
4 4
5 5 # Load utility functions
6 6 . ./functions.sh
7 7
8 8 # Generate crypt(3) password string
9 ENCRYPTED_PASSWORD=`mkpasswd -m sha-512 "${PASSWORD}"`
10 ENCRYPTED_USER_PASSWORD=`mkpasswd -m sha-512 "${USER_PASSWORD}"`
9 ENCRYPTED_PASSWORD=$(mkpasswd -m sha-512 "${PASSWORD}")
10 ENCRYPTED_USER_PASSWORD=$(mkpasswd -m sha-512 "${USER_PASSWORD}")
11 11
12 12 # Setup default user
13 13 if [ "$ENABLE_USER" = true ] ; then
14 14 chroot_exec adduser --gecos $USER_NAME --add_extra_groups --disabled-password $USER_NAME
15 15 chroot_exec usermod -a -G sudo -p "${ENCRYPTED_USER_PASSWORD}" $USER_NAME
16 16 fi
17 17
18 18 # Setup root password or not
19 19 if [ "$ENABLE_ROOT" = true ] ; then
20 20 chroot_exec usermod -p "${ENCRYPTED_PASSWORD}" root
21 21 else
22 22 # Set no root password to disable root login
23 23 chroot_exec usermod -p \'!\' root
24 24 fi
25 25
26 26 # Enable serial console systemd style
27 27 if [ "$ENABLE_CONSOLE" = true ] ; then
28 28 chroot_exec systemctl enable serial-getty\@ttyAMA0.service
29 29 fi
@@ -1,116 +1,116
1 1 #
2 2 # Setup SSH settings and public keys
3 3 #
4 4
5 5 # Load utility functions
6 6 . ./functions.sh
7 7
8 8 if [ "$ENABLE_SSHD" = true ] ; then
9 9 DROPBEAR_ARGS=""
10 10
11 11 if [ "$SSH_ENABLE_ROOT" = false ] ; then
12 12 if [ "$ENABLE_REDUCE" = false ] || [ "$REDUCE_SSHD" = false ] ; then
13 13 # User root is not allowed to log in
14 14 sed -i "s|[#]*PermitRootLogin.*|PermitRootLogin no|g" "${ETC_DIR}/ssh/sshd_config"
15 15 else
16 16 # User root is not allowed to log in
17 17 DROPBEAR_ARGS="-w"
18 18 fi
19 19 fi
20 20
21 21 if [ "$ENABLE_ROOT" = true ] && [ "$SSH_ENABLE_ROOT" = true ] ; then
22 22 if [ "$ENABLE_REDUCE" = false ] || [ "$REDUCE_SSHD" = false ] ; then
23 23 # Permit SSH root login
24 24 sed -i "s|[#]*PermitRootLogin.*|PermitRootLogin yes|g" "${ETC_DIR}/ssh/sshd_config"
25 25 else
26 26 # Permit SSH root login
27 27 DROPBEAR_ARGS=""
28 28 fi
29 29
30 30 # Add SSH (v2) public key for user root
31 if [ ! -z "$SSH_ROOT_PUB_KEY" ] ; then
31 if [ -n "$SSH_ROOT_PUB_KEY" ] ; then
32 32 # Create root SSH config directory
33 33 mkdir -p "${R}/root/.ssh"
34 34
35 35 # Set permissions of root SSH config directory
36 36 chroot_exec chmod 700 "/root/.ssh"
37 37 chroot_exec chown root:root "/root/.ssh"
38 38
39 39 # Add SSH (v2) public key(s) to authorized_keys file
40 40 cat "$SSH_ROOT_PUB_KEY" >> "${R}/root/.ssh/authorized_keys"
41 41
42 42 # Set permissions of root SSH authorized_keys file
43 43 chroot_exec chmod 600 "/root/.ssh/authorized_keys"
44 44 chroot_exec chown root:root "/root/.ssh/authorized_keys"
45 45
46 46 if [ "$ENABLE_REDUCE" = false ] || [ "$REDUCE_SSHD" = false ] ; then
47 47 # Allow SSH public key authentication
48 48 sed -i "s|[#]*PubkeyAuthentication.*|PubkeyAuthentication yes|g" "${ETC_DIR}/ssh/sshd_config"
49 49 fi
50 50 fi
51 51 fi
52 52
53 53 if [ "$ENABLE_USER" = true ] ; then
54 54 # Add SSH (v2) public key for user $USER_NAME
55 if [ ! -z "$SSH_USER_PUB_KEY" ] ; then
55 if [ -n "$SSH_USER_PUB_KEY" ] ; then
56 56 # Create $USER_NAME SSH config directory
57 57 mkdir -p "${R}/home/${USER_NAME}/.ssh"
58 58
59 59 # Set permissions of $USER_NAME SSH config directory
60 60 chroot_exec chmod 700 "/home/${USER_NAME}/.ssh"
61 chroot_exec chown ${USER_NAME}:${USER_NAME} "/home/${USER_NAME}/.ssh"
61 chroot_exec chown "${USER_NAME}":"${USER_NAME}" "/home/${USER_NAME}/.ssh"
62 62
63 63 # Add SSH (v2) public key(s) to authorized_keys file
64 64 cat "$SSH_USER_PUB_KEY" >> "${R}/home/${USER_NAME}/.ssh/authorized_keys"
65 65
66 66 # Set permissions of $USER_NAME SSH config directory
67 67 chroot_exec chmod 600 "/home/${USER_NAME}/.ssh/authorized_keys"
68 chroot_exec chown ${USER_NAME}:${USER_NAME} "/home/${USER_NAME}/.ssh/authorized_keys"
68 chroot_exec chown "${USER_NAME}":"${USER_NAME}" "/home/${USER_NAME}/.ssh/authorized_keys"
69 69
70 70 if [ "$ENABLE_REDUCE" = false ] || [ "$REDUCE_SSHD" = false ] ; then
71 71 # Allow SSH public key authentication
72 72 sed -i "s|[#]*PubkeyAuthentication.*|PubkeyAuthentication yes|g" "${ETC_DIR}/ssh/sshd_config"
73 73 fi
74 74 fi
75 75 fi
76 76
77 77 # Limit the users that are allowed to login via SSH
78 78 if [ "$SSH_LIMIT_USERS" = true ] && [ "$ENABLE_REDUCE" = false ] ; then
79 79 allowed_users=""
80 80 if [ "$ENABLE_ROOT" = true ] && [ "$SSH_ENABLE_ROOT" = true ] ; then
81 81 allowed_users="root"
82 82 fi
83 83
84 84 if [ "$ENABLE_USER" = true ] ; then
85 85 allowed_users="${allowed_users} ${USER_NAME}"
86 86 fi
87 87
88 if [ ! -z "$allowed_users" ] ; then
88 if [ -n "$allowed_users" ] ; then
89 89 echo "AllowUsers ${allowed_users}" >> "${ETC_DIR}/ssh/sshd_config"
90 90 fi
91 91 fi
92 92
93 93 # Disable password-based authentication
94 94 if [ "$SSH_DISABLE_PASSWORD_AUTH" = true ] ; then
95 95 if [ "$ENABLE_ROOT" = true ] && [ "$SSH_ENABLE_ROOT" = true ] ; then
96 96 if [ "$ENABLE_REDUCE" = false ] || [ "$REDUCE_SSHD" = false ] ; then
97 97 sed -i "s|[#]*PermitRootLogin.*|PermitRootLogin without-password|g" "${ETC_DIR}/ssh/sshd_config"
98 98 else
99 99 DROPBEAR_ARGS="-g"
100 100 fi
101 101 fi
102 102
103 103 if [ "$ENABLE_REDUCE" = false ] || [ "$REDUCE_SSHD" = false ] ; then
104 104 sed -i "s|[#]*PasswordAuthentication.*|PasswordAuthentication no|g" "${ETC_DIR}/ssh/sshd_config"
105 105 sed -i "s|[#]*ChallengeResponseAuthentication no.*|ChallengeResponseAuthentication no|g" "${ETC_DIR}/ssh/sshd_config"
106 106 sed -i "s|[#]*UsePAM.*|UsePAM no|g" "${ETC_DIR}/ssh/sshd_config"
107 107 else
108 108 DROPBEAR_ARGS="${DROPBEAR_ARGS} -s"
109 109 fi
110 110 fi
111 111
112 112 # Update dropbear SSH configuration
113 113 if [ "$ENABLE_REDUCE" = true ] && [ "$REDUCE_SSHD" = true ] ; then
114 114 sed "s|^DROPBEAR_EXTRA_ARGS=.*|DROPBEAR_EXTRA_ARGS=\"${DROPBEAR_ARGS}\"|g" "${ETC_DIR}/default/dropbear"
115 115 fi
116 fi
116 fi No newline at end of file
@@ -1,88 +1,98
1 1 #
2 2 # Build and Setup U-Boot
3 3 #
4 4
5 5 # Load utility functions
6 6 . ./functions.sh
7 7
8 8 # Fetch and build U-Boot bootloader
9 9 if [ "$ENABLE_UBOOT" = true ] ; then
10 10 # Install c/c++ build environment inside the chroot
11 11 chroot_install_cc
12 12
13 13 # Copy existing U-Boot sources into chroot directory
14 14 if [ -n "$UBOOTSRC_DIR" ] && [ -d "$UBOOTSRC_DIR" ] ; then
15 15 # Copy local U-Boot sources
16 16 cp -r "${UBOOTSRC_DIR}" "${R}/tmp"
17 17 else
18 18 # Create temporary directory for U-Boot sources
19 19 temp_dir=$(as_nobody mktemp -d)
20 20
21 21 # Fetch U-Boot sources
22 22 as_nobody git -C "${temp_dir}" clone "${UBOOT_URL}"
23 23
24 24 # Copy downloaded U-Boot sources
25 25 mv "${temp_dir}/u-boot" "${R}/tmp/"
26 26
27 27 # Set permissions of the U-Boot sources
28 28 chown -R root:root "${R}/tmp/u-boot"
29 29
30 30 # Remove temporary directory for U-Boot sources
31 31 rm -fr "${temp_dir}"
32 32 fi
33 33
34 34 # Build and install U-Boot inside chroot
35 chroot_exec make -j${KERNEL_THREADS} -C /tmp/u-boot/ ${UBOOT_CONFIG} all
35 chroot_exec make -j"${KERNEL_THREADS}" -C /tmp/u-boot/ "${UBOOT_CONFIG}" all
36 36
37 37 # Copy compiled bootloader binary and set config.txt to load it
38 38 install_exec "${R}/tmp/u-boot/tools/mkimage" "${R}/usr/sbin/mkimage"
39 39 install_readonly "${R}/tmp/u-boot/u-boot.bin" "${BOOT_DIR}/u-boot.bin"
40 40 printf "\n# boot u-boot kernel\nkernel=u-boot.bin\n" >> "${BOOT_DIR}/config.txt"
41 41
42 42 # Install and setup U-Boot command file
43 43 install_readonly files/boot/uboot.mkimage "${BOOT_DIR}/uboot.mkimage"
44 44 printf "# Set the kernel boot command line\nsetenv bootargs \"earlyprintk ${CMDLINE}\"\n\n$(cat ${BOOT_DIR}/uboot.mkimage)" > "${BOOT_DIR}/uboot.mkimage"
45 45
46 46 if [ "$ENABLE_INITRAMFS" = true ] ; then
47 47 # Convert generated initramfs for U-Boot using mkimage
48 48 chroot_exec /usr/sbin/mkimage -A "${KERNEL_ARCH}" -T ramdisk -C none -n "initramfs-${KERNEL_VERSION}" -d "/boot/firmware/initramfs-${KERNEL_VERSION}" "/boot/firmware/initramfs-${KERNEL_VERSION}.uboot"
49 49
50 50 # Remove original initramfs file
51 51 rm -f "${BOOT_DIR}/initramfs-${KERNEL_VERSION}"
52 52
53 53 # Configure U-Boot to load generated initramfs
54 54 printf "# Set initramfs file\nsetenv initramfs initramfs-${KERNEL_VERSION}.uboot\n\n$(cat ${BOOT_DIR}/uboot.mkimage)" > "${BOOT_DIR}/uboot.mkimage"
55 55 printf "\nbootz \${kernel_addr_r} \${ramdisk_addr_r} \${fdt_addr_r}" >> "${BOOT_DIR}/uboot.mkimage"
56 56 else # ENABLE_INITRAMFS=false
57 57 # Remove initramfs from U-Boot mkfile
58 58 sed -i '/.*initramfs.*/d' "${BOOT_DIR}/uboot.mkimage"
59 59
60 60 if [ "$BUILD_KERNEL" = false ] ; then
61 61 # Remove dtbfile from U-Boot mkfile
62 62 sed -i '/.*dtbfile.*/d' "${BOOT_DIR}/uboot.mkimage"
63 63 printf "\nbootz \${kernel_addr_r}" >> "${BOOT_DIR}/uboot.mkimage"
64 64 else
65 65 printf "\nbootz \${kernel_addr_r} - \${fdt_addr_r}" >> "${BOOT_DIR}/uboot.mkimage"
66 66 fi
67 67 fi
68
69 if [ "$KERNEL_ARCH" = "arm64" ] ; then
70 echo "Setting up config.txt to boot 64bit uboot"
71
72 printf "\n# 64bit-mode" >> "${BOOT_DIR}/config.txt"
73 printf "\n# arm_control=0x200 is deprecated https://www.raspberrypi.org/documentation/configuration/config-txt/misc.md" >> "${BOOT_DIR}/config.txt"
74 printf "\narm_64bit=1" >> "${BOOT_DIR}/config.txt"
75 #in 64bit uboot booti is used instead of bootz [like in KERNEL_BIN_IMAGE=zImage (armv7)|| Image(armv8)]
76 sed -i "s|bootz|booti|g" "${BOOT_DIR}/uboot.mkimage"
77 fi
68 78
69 79 # Set mkfile to use the correct dtb file
70 80 sed -i "s/^\(setenv dtbfile \).*/\1${DTB_FILE}/" "${BOOT_DIR}/uboot.mkimage"
71 81
72 82 # Set mkfile to use the correct mach id
73 83 if [ "$ENABLE_QEMU" = true ] ; then
74 84 sed -i "s/^\(setenv machid \).*/\10x000008e0/" "${BOOT_DIR}/uboot.mkimage"
75 85 fi
76 86
77 87 # Set mkfile to use kernel image
78 88 sed -i "s/^\(fatload mmc 0:1 \${kernel_addr_r} \).*/\1${KERNEL_IMAGE}/" "${BOOT_DIR}/uboot.mkimage"
79 89
80 90 # Remove all leading blank lines
81 91 sed -i "/./,\$!d" "${BOOT_DIR}/uboot.mkimage"
82 92
83 93 # Generate U-Boot bootloader image
84 94 chroot_exec /usr/sbin/mkimage -A "${KERNEL_ARCH}" -O linux -T script -C none -a 0x00000000 -e 0x00000000 -n "RPi${RPI_MODEL}" -d /boot/firmware/uboot.mkimage /boot/firmware/boot.scr
85 95
86 96 # Remove U-Boot sources
87 97 rm -fr "${R}/tmp/u-boot"
88 98 fi
@@ -1,85 +1,85
1 1 #
2 2 # Reduce system disk usage
3 3 #
4 4
5 5 # Load utility functions
6 6 . ./functions.sh
7 7
8 8 # Reduce the image size by various operations
9 9 if [ "$ENABLE_REDUCE" = true ] ; then
10 10 if [ "$REDUCE_APT" = true ] ; then
11 11 # Install dpkg configuration file
12 12 if [ "$REDUCE_DOC" = true ] || [ "$REDUCE_MAN" = true ] ; then
13 13 install_readonly files/dpkg/01nodoc "${ETC_DIR}/dpkg/dpkg.cfg.d/01nodoc"
14 14 fi
15 15
16 16 # Install APT configuration files
17 17 install_readonly files/apt/02nocache "${ETC_DIR}/apt/apt.conf.d/02nocache"
18 18 install_readonly files/apt/03compress "${ETC_DIR}/apt/apt.conf.d/03compress"
19 19 install_readonly files/apt/04norecommends "${ETC_DIR}/apt/apt.conf.d/04norecommends"
20 20
21 21 # Remove APT cache files
22 22 rm -fr "${R}/var/cache/apt/pkgcache.bin"
23 23 rm -fr "${R}/var/cache/apt/srcpkgcache.bin"
24 24 fi
25 25
26 26 # Remove all doc files
27 27 if [ "$REDUCE_DOC" = true ] ; then
28 find "${R}/usr/share/doc" -depth -type f ! -name copyright | xargs rm || true
29 find "${R}/usr/share/doc" -empty | xargs rmdir || true
28 find "${R}/usr/share/doc" -depth -type f ! -name copyright -print0 | xargs -0 rm || true
29 find "${R}/usr/share/doc" -empty -print0 | xargs -0 rmdir || true
30 30 fi
31 31
32 32 # Remove all man pages and info files
33 33 if [ "$REDUCE_MAN" = true ] ; then
34 34 rm -rf "${R}/usr/share/man" "${R}/usr/share/groff" "${R}/usr/share/info" "${R}/usr/share/lintian" "${R}/usr/share/linda" "${R}/var/cache/man"
35 35 fi
36 36
37 37 # Remove all locale translation files
38 38 if [ "$REDUCE_LOCALE" = true ] ; then
39 find "${R}/usr/share/locale" -mindepth 1 -maxdepth 1 ! -name 'en' | xargs rm -r
39 find "${R}/usr/share/locale" -mindepth 1 -maxdepth 1 ! -name 'en' -print0 | xargs -0 rm -r
40 40 fi
41 41
42 42 # Remove hwdb PCI device classes (experimental)
43 43 if [ "$REDUCE_HWDB" = true ] ; then
44 44 rm -fr "/lib/udev/hwdb.d/20-pci-*"
45 45 fi
46 46
47 47 # Replace bash shell by dash shell (experimental)
48 48 if [ "$REDUCE_BASH" = true ] ; then
49 49 if [ "$RELEASE" = "stretch" ] || [ "$RELEASE" = "buster" ] ; then
50 50 echo "Yes, do as I say!" | chroot_exec apt-get purge -qq -y --allow-remove-essential bash
51 51 else
52 52 echo "Yes, do as I say!" | chroot_exec apt-get purge -qq -y --force-yes bash
53 53 fi
54 54
55 55 chroot_exec update-alternatives --install /bin/bash bash /bin/dash 100
56 56 fi
57 57
58 58 # Remove sound utils and libraries
59 59 if [ "$ENABLE_SOUND" = false ] ; then
60 60 chroot_exec apt-get -qq -y purge alsa-utils libsamplerate0 libasound2 libasound2-data
61 61 fi
62 62
63 63 # Re-install tools for managing kernel modules
64 64 if [ "$RELEASE" = "jessie" ] ; then
65 65 chroot_exec apt-get -qq -y install module-init-tools
66 66 fi
67 67
68 68 # Remove GPU kernels
69 69 if [ "$ENABLE_MINGPU" = true ] ; then
70 70 rm -f "${BOOT_DIR}/start.elf"
71 71 rm -f "${BOOT_DIR}/fixup.dat"
72 72 rm -f "${BOOT_DIR}/start_x.elf"
73 73 rm -f "${BOOT_DIR}/fixup_x.dat"
74 74 fi
75 75
76 76 # Remove kernel and initrd from /boot (already in /boot/firmware)
77 77 if [ "$BUILD_KERNEL" = false ] ; then
78 78 rm -f "${R}/boot/vmlinuz-*"
79 79 rm -f "${R}/boot/initrd.img-*"
80 80 fi
81 81
82 82 # Clean APT list of repositories
83 83 rm -fr "${R}/var/lib/apt/lists/*"
84 84 chroot_exec apt-get -qq -y update
85 85 fi
@@ -1,15 +1,16
1 1 # Set device tree fdtfile
2 2 setenv dtbfile bcm2709-rpi-2-b.dtb
3 3
4 4 # Tell Linux that it is booting on a Raspberry Pi2/3
5 5 setenv machid 0x00000c42
6 6
7 7 # Save these changes to u-boot's environment
8 8 saveenv
9 9
10 10 # Load the existing Linux kernel into RAM
11 mmc dev 0
11 12 fatload mmc 0:1 ${kernel_addr_r} kernel7.img
12 13 fatload mmc 0:1 ${fdt_addr_r} ${dtbfile}
13 14 fatload mmc 0:1 ${ramdisk_addr_r} ${initramfs}
14 15
15 16 # Boot the kernel we have just loaded
@@ -1,783 +1,796
1 1 #!/bin/sh
2 2
3 3 ########################################################################
4 4 # rpi23-gen-image.sh 2015-2017
5 5 #
6 6 # Advanced Debian "jessie", "stretch" and "buster" bootstrap script for RPi2/3
7 7 #
8 8 # This program is free software; you can redistribute it and/or
9 9 # modify it under the terms of the GNU General Public License
10 10 # as published by the Free Software Foundation; either version 2
11 11 # of the License, or (at your option) any later version.
12 12 #
13 13 # Copyright (C) 2015 Jan Wagner <mail@jwagner.eu>
14 14 #
15 15 # Big thanks for patches and enhancements by 20+ github contributors!
16 16 ########################################################################
17 17
18 18 # Are we running as root?
19 19 if [ "$(id -u)" -ne "0" ] ; then
20 20 echo "error: this script must be executed with root privileges!"
21 21 exit 1
22 22 fi
23 23
24 24 # Check if ./functions.sh script exists
25 25 if [ ! -r "./functions.sh" ] ; then
26 26 echo "error: './functions.sh' required script not found!"
27 27 exit 1
28 28 fi
29 29
30 30 # Load utility functions
31 31 . ./functions.sh
32 32
33 33 # Load parameters from configuration template file
34 if [ ! -z "$CONFIG_TEMPLATE" ] ; then
34 if [ -n "$CONFIG_TEMPLATE" ] ; then
35 35 use_template
36 36 fi
37 37
38 38 # Introduce settings
39 39 set -e
40 40 echo -n -e "\n#\n# RPi2/3 Bootstrap Settings\n#\n"
41 41 set -x
42 42
43 43 # Raspberry Pi model configuration
44 44 RPI_MODEL=${RPI_MODEL:=2}
45 45
46 46 #bcm2708-rpi-0-w.dtb (Used for Pi 0 and PI 0W)
47 47 RPI0_DTB_FILE=${RPI0_DTB_FILE:=bcm2708-rpi-0-w.dtb}
48 48 RPI0_UBOOT_CONFIG=${RPI0_UBOOT_CONFIG:=rpi_defconfig}
49 49
50 50 #bcm2708-rpi-b.dtb (Used for Pi 1 model A and B)
51 51 RPI1_DTB_FILE=${RPI1_DTB_FILE:=bcm2708-rpi-b.dtb}
52 52 RPI1_UBOOT_CONFIG=${RPI1_UBOOT_CONFIG:=rpi_defconfig}
53 53
54 54 #bcm2708-rpi-b-plus.dtb (Used for Pi 1 model B+ and A+)
55 55 RPI1P_DTB_FILE=${RPI1P_DTB_FILE:=bcm2708-rpi-b-plus.dtb}
56 56 RPI1P_UBOOT_CONFIG=${RPI1P_UBOOT_CONFIG:=rpi_defconfig}
57 57
58 58 #bcm2709-rpi-2-b.dtb (Used for Pi 2 model B)
59 59 RPI2_DTB_FILE=${RPI2_DTB_FILE:=bcm2709-rpi-2-b.dtb}
60 60 RPI2_UBOOT_CONFIG=${RPI2_UBOOT_CONFIG:=rpi_2_defconfig}
61 61
62 62 #bcm2710-rpi-3-b.dtb (Used for Pi 3 model B)
63 63 RPI3_DTB_FILE=${RPI3_DTB_FILE:=bcm2710-rpi-3-b.dtb}
64 64 RPI3_UBOOT_CONFIG=${RPI3_UBOOT_CONFIG:=rpi_3_32b_defconfig}
65 65
66 66 #bcm2710-rpi-3-b-plus.dtb (Used for Pi 3 model B+)
67 67 RPI3P_DTB_FILE=${RPI3P_DTB_FILE:=bcm2710-rpi-3-b-plus.dtb}
68 68 RPI3P_UBOOT_CONFIG=${RPI3P_UBOOT_CONFIG:=rpi_3_32b_defconfig}
69 69
70 70 # Debian release
71 71 RELEASE=${RELEASE:=jessie}
72 72 KERNEL_ARCH=${KERNEL_ARCH:=arm}
73 73 RELEASE_ARCH=${RELEASE_ARCH:=armhf}
74 74 CROSS_COMPILE=${CROSS_COMPILE:=arm-linux-gnueabihf-}
75 75 COLLABORA_KERNEL=${COLLABORA_KERNEL:=3.18.0-trunk-rpi2}
76 76 if [ "$KERNEL_ARCH" = "arm64" ] ; then
77 77 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcmrpi3_defconfig}
78 78 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel8.img}
79 79 fi
80 80
81 81 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 1 ] || [ "$RPI_MODEL" = 1P ] ; then
82 82 #RASPBERRY PI 1, PI ZERO, PI ZERO W, AND COMPUTE MODULE DEFAULT Kernel BUILD CONFIGURATION
83 83 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcmrpi_defconfig}
84 84 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel7.img}
85 85 else
86 86 #RASPBERRY PI 2, PI 3, PI 3+, AND COMPUTE MODULE 3 DEFAULT Kernel BUILD CONFIGURATION
87 87 #https://www.raspberrypi.org/documentation/linux/kernel/building.md
88 88 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcm2709_defconfig}
89 89 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel7.img}
90 90 fi
91 91
92 92 if [ "$RELEASE_ARCH" = "arm64" ] ; then
93 93 QEMU_BINARY=${QEMU_BINARY:=/usr/bin/qemu-aarch64-static}
94 94 else
95 95 QEMU_BINARY=${QEMU_BINARY:=/usr/bin/qemu-arm-static}
96 96 fi
97 97 KERNEL_BRANCH=${KERNEL_BRANCH:=""}
98 98
99 99 # URLs
100 100 KERNEL_URL=${KERNEL_URL:=https://github.com/raspberrypi/linux}
101 101 FIRMWARE_URL=${FIRMWARE_URL:=https://github.com/raspberrypi/firmware/raw/master/boot}
102 102 WLAN_FIRMWARE_URL=${WLAN_FIRMWARE_URL:=https://github.com/RPi-Distro/firmware-nonfree/raw/master/brcm}
103 103 COLLABORA_URL=${COLLABORA_URL:=https://repositories.collabora.co.uk/debian}
104 104 FBTURBO_URL=${FBTURBO_URL:=https://github.com/ssvb/xf86-video-fbturbo.git}
105 105 UBOOT_URL=${UBOOT_URL:=https://git.denx.de/u-boot.git}
106 VIDEOCORE_URL=${VIDEOCORE_URL=https://github.com/raspberrypi/userland}
106 107
107 108 # Build directories
108 109 BASEDIR=${BASEDIR:=$(pwd)/images/${RELEASE}}
109 110 BUILDDIR="${BASEDIR}/build"
110 111
111 112 # Prepare date string for default image file name
112 113 DATE="$(date +%Y-%m-%d)"
113 114 if [ -z "$KERNEL_BRANCH" ] ; then
114 115 IMAGE_NAME=${IMAGE_NAME:=${BASEDIR}/${DATE}-${KERNEL_ARCH}-CURRENT-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}}
115 116 else
116 117 IMAGE_NAME=${IMAGE_NAME:=${BASEDIR}/${DATE}-${KERNEL_ARCH}-${KERNEL_BRANCH}-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}}
117 118 fi
118 119
119 120 # Chroot directories
120 121 R="${BUILDDIR}/chroot"
121 122 ETC_DIR="${R}/etc"
122 123 LIB_DIR="${R}/lib"
123 124 BOOT_DIR="${R}/boot/firmware"
124 125 KERNEL_DIR="${R}/usr/src/linux"
125 WLAN_FIRMWARE_DIR="${R}/lib/firmware/brcm"
126 WLAN_FIRMWARE_DIR="${LIB_DIR}/firmware/brcm"
126 127
127 128 # Firmware directory: Blank if download from github
128 129 RPI_FIRMWARE_DIR=${RPI_FIRMWARE_DIR:=""}
129 130
130 131 # General settings
131 132 HOSTNAME=${HOSTNAME:=rpi${RPI_MODEL}-${RELEASE}}
132 133 PASSWORD=${PASSWORD:=raspberry}
133 134 USER_PASSWORD=${USER_PASSWORD:=raspberry}
134 135 DEFLOCAL=${DEFLOCAL:="en_US.UTF-8"}
135 136 TIMEZONE=${TIMEZONE:="Europe/Berlin"}
136 137 EXPANDROOT=${EXPANDROOT:=true}
137 138
138 139 # Keyboard settings
139 140 XKB_MODEL=${XKB_MODEL:=""}
140 141 XKB_LAYOUT=${XKB_LAYOUT:=""}
141 142 XKB_VARIANT=${XKB_VARIANT:=""}
142 143 XKB_OPTIONS=${XKB_OPTIONS:=""}
143 144
144 145 # Network settings (DHCP)
145 146 ENABLE_DHCP=${ENABLE_DHCP:=true}
146 147
147 148 # Network settings (static)
148 149 NET_ADDRESS=${NET_ADDRESS:=""}
149 150 NET_GATEWAY=${NET_GATEWAY:=""}
150 151 NET_DNS_1=${NET_DNS_1:=""}
151 152 NET_DNS_2=${NET_DNS_2:=""}
152 153 NET_DNS_DOMAINS=${NET_DNS_DOMAINS:=""}
153 154 NET_NTP_1=${NET_NTP_1:=""}
154 155 NET_NTP_2=${NET_NTP_2:=""}
155 156
156 157 # APT settings
157 158 APT_PROXY=${APT_PROXY:=""}
158 159 APT_SERVER=${APT_SERVER:="ftp.debian.org"}
159 160
160 161 # Feature settings
161 162 ENABLE_CONSOLE=${ENABLE_CONSOLE:=true}
162 163 ENABLE_I2C=${ENABLE_I2C:=false}
163 164 ENABLE_SPI=${ENABLE_SPI:=false}
164 165 ENABLE_IPV6=${ENABLE_IPV6:=true}
165 166 ENABLE_SSHD=${ENABLE_SSHD:=true}
166 167 ENABLE_NONFREE=${ENABLE_NONFREE:=false}
167 168 ENABLE_WIRELESS=${ENABLE_WIRELESS:=false}
168 169 ENABLE_SOUND=${ENABLE_SOUND:=true}
169 170 ENABLE_DBUS=${ENABLE_DBUS:=true}
170 171 ENABLE_HWRANDOM=${ENABLE_HWRANDOM:=true}
171 172 ENABLE_MINGPU=${ENABLE_MINGPU:=false}
172 173 ENABLE_XORG=${ENABLE_XORG:=false}
173 174 ENABLE_WM=${ENABLE_WM:=""}
174 175 ENABLE_RSYSLOG=${ENABLE_RSYSLOG:=true}
175 176 ENABLE_USER=${ENABLE_USER:=true}
176 177 USER_NAME=${USER_NAME:="pi"}
177 178 ENABLE_ROOT=${ENABLE_ROOT:=false}
178 179 ENABLE_QEMU=${ENABLE_QEMU:=false}
179 180 ENABLE_SYSVINIT=${ENABLE_SYSVINIT:=false}
180 181
181 182 # SSH settings
182 183 SSH_ENABLE_ROOT=${SSH_ENABLE_ROOT:=false}
183 184 SSH_DISABLE_PASSWORD_AUTH=${SSH_DISABLE_PASSWORD_AUTH:=false}
184 185 SSH_LIMIT_USERS=${SSH_LIMIT_USERS:=false}
185 186 SSH_ROOT_PUB_KEY=${SSH_ROOT_PUB_KEY:=""}
186 187 SSH_USER_PUB_KEY=${SSH_USER_PUB_KEY:=""}
187 188
188 189 # Advanced settings
189 190 ENABLE_MINBASE=${ENABLE_MINBASE:=false}
190 191 ENABLE_REDUCE=${ENABLE_REDUCE:=false}
191 192 ENABLE_UBOOT=${ENABLE_UBOOT:=false}
192 193 UBOOTSRC_DIR=${UBOOTSRC_DIR:=""}
193 194 ENABLE_FBTURBO=${ENABLE_FBTURBO:=false}
195 ENABLE_VIDEOCORE=${ENABLE_VIDEOCORE:=true}
196 VIDEOCORESRC_DIR=${VIDEOCORESRC_DIR:=""}
194 197 FBTURBOSRC_DIR=${FBTURBOSRC_DIR:=""}
195 198 ENABLE_HARDNET=${ENABLE_HARDNET:=false}
196 199 ENABLE_IPTABLES=${ENABLE_IPTABLES:=false}
197 200 ENABLE_SPLITFS=${ENABLE_SPLITFS:=false}
198 201 ENABLE_INITRAMFS=${ENABLE_INITRAMFS:=false}
199 202 ENABLE_IFNAMES=${ENABLE_IFNAMES:=true}
200 203 DISABLE_UNDERVOLT_WARNINGS=${DISABLE_UNDERVOLT_WARNINGS:=}
201 204
202 205 # Kernel compilation settings
203 206 BUILD_KERNEL=${BUILD_KERNEL:=false}
204 207 KERNEL_REDUCE=${KERNEL_REDUCE:=false}
205 208 KERNEL_THREADS=${KERNEL_THREADS:=1}
206 209 KERNEL_HEADERS=${KERNEL_HEADERS:=true}
207 210 KERNEL_MENUCONFIG=${KERNEL_MENUCONFIG:=false}
208 211 KERNEL_REMOVESRC=${KERNEL_REMOVESRC:=true}
209 212 KERNEL_OLDDEFCONFIG=${KERNEL_OLDDEFCONFIG:=false}
210 213 KERNEL_CCACHE=${KERNEL_CCACHE:=false}
211 214
212 215 if [ "$KERNEL_ARCH" = "arm64" ] ; then
213 216 KERNEL_BIN_IMAGE=${KERNEL_BIN_IMAGE:="Image"}
214 217 else
215 218 KERNEL_BIN_IMAGE=${KERNEL_BIN_IMAGE:="zImage"}
216 219 fi
217 220
218 221 # Kernel compilation from source directory settings
219 222 KERNELSRC_DIR=${KERNELSRC_DIR:=""}
220 223 KERNELSRC_CLEAN=${KERNELSRC_CLEAN:=false}
221 224 KERNELSRC_CONFIG=${KERNELSRC_CONFIG:=true}
222 225 KERNELSRC_PREBUILT=${KERNELSRC_PREBUILT:=false}
223 226
224 227 # Reduce disk usage settings
225 228 REDUCE_APT=${REDUCE_APT:=true}
226 229 REDUCE_DOC=${REDUCE_DOC:=true}
227 230 REDUCE_MAN=${REDUCE_MAN:=true}
228 231 REDUCE_VIM=${REDUCE_VIM:=false}
229 232 REDUCE_BASH=${REDUCE_BASH:=false}
230 233 REDUCE_HWDB=${REDUCE_HWDB:=true}
231 234 REDUCE_SSHD=${REDUCE_SSHD:=true}
232 235 REDUCE_LOCALE=${REDUCE_LOCALE:=true}
233 236
234 237 # Encrypted filesystem settings
235 238 ENABLE_CRYPTFS=${ENABLE_CRYPTFS:=false}
236 239 CRYPTFS_PASSWORD=${CRYPTFS_PASSWORD:=""}
237 240 CRYPTFS_MAPPING=${CRYPTFS_MAPPING:="secure"}
238 241 CRYPTFS_CIPHER=${CRYPTFS_CIPHER:="aes-xts-plain64:sha512"}
239 242 CRYPTFS_XTSKEYSIZE=${CRYPTFS_XTSKEYSIZE:=512}
240 243
241 244 # Chroot scripts directory
242 245 CHROOT_SCRIPTS=${CHROOT_SCRIPTS:=""}
243 246
244 247 # Packages required in the chroot build environment
245 248 APT_INCLUDES=${APT_INCLUDES:=""}
246 249 APT_INCLUDES="${APT_INCLUDES},apt-transport-https,apt-utils,ca-certificates,debian-archive-keyring,dialog,sudo,systemd,sysvinit-utils"
247 250
248 251 #Packages to exclude from chroot build environment
249 252 APT_EXCLUDES=${APT_EXCLUDES:=""}
250 253
251 254 # Packages required for bootstrapping
252 255 REQUIRED_PACKAGES="debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git bc psmisc dbus sudo"
253 256 MISSING_PACKAGES=""
254 257
255 258 # Packages installed for c/c++ build environment in chroot (keep empty)
256 259 COMPILER_PACKAGES=""
257 260
258 261 set +x
259 262
260 263 #If init and systemd-sysv are wanted e.g. halt/reboot/shutdown scripts
261 264 if [ "$ENABLE_SYSVINIT" = false ] ; then
262 265 APT_EXCLUDES="--exclude=${APT_EXCLUDES},init,systemd-sysv"
263 266 fi
264 267
265 268 # Set Raspberry Pi model specific configuration
266 269 if [ "$RPI_MODEL" = 0 ] ; then
267 270 DTB_FILE=${RPI0_DTB_FILE}
268 271 UBOOT_CONFIG=${RPI0_UBOOT_CONFIG}
269 272 elif [ "$RPI_MODEL" = 1 ] ; then
270 273 DTB_FILE=${RPI1_DTB_FILE}
271 274 UBOOT_CONFIG=${RPI1_UBOOT_CONFIG}
272 275 elif [ "$RPI_MODEL" = 1P ] ; then
273 276 DTB_FILE=${RPI1P_DTB_FILE}
274 277 UBOOT_CONFIG=${RPI1P_UBOOT_CONFIG}
275 278 elif [ "$RPI_MODEL" = 2 ] ; then
276 279 DTB_FILE=${RPI2_DTB_FILE}
277 280 UBOOT_CONFIG=${RPI2_UBOOT_CONFIG}
278 281 elif [ "$RPI_MODEL" = 3 ] ; then
279 282 DTB_FILE=${RPI3_DTB_FILE}
280 283 UBOOT_CONFIG=${RPI3_UBOOT_CONFIG}
281 284 elif [ "$RPI_MODEL" = 3P ] ; then
282 285 DTB_FILE=${RPI3P_DTB_FILE}
283 286 UBOOT_CONFIG=${RPI3P_UBOOT_CONFIG}
284 287 else
285 288 echo "error: Raspberry Pi model ${RPI_MODEL} is not supported!"
286 289 exit 1
287 290 fi
288 291
289 292 # Check if the internal wireless interface is supported by the RPi model
290 293 if [ "$ENABLE_WIRELESS" = true ] && ([ "$RPI_MODEL" = 1 ] || [ "$RPI_MODEL" = 1P ] || [ "$RPI_MODEL" = 2 ]); then
291 294
292 295 echo "error: The selected Raspberry Pi model has no internal wireless interface"
293 296 exit 1
294 297 fi
295 298
296 299 # Check if DISABLE_UNDERVOLT_WARNINGS parameter value is supported
297 if [ ! -z "$DISABLE_UNDERVOLT_WARNINGS" ] ; then
300 if [ -n "$DISABLE_UNDERVOLT_WARNINGS" ] ; then
298 301 if [ "$DISABLE_UNDERVOLT_WARNINGS" != 1 ] && [ "$DISABLE_UNDERVOLT_WARNINGS" != 2 ] ; then
299 302 echo "error: DISABLE_UNDERVOLT_WARNINGS=${DISABLE_UNDERVOLT_WARNINGS} is not supported"
300 303 exit 1
301 304 fi
302 305 fi
303 306
304 307 # Build RPi2/3 Linux kernel if required by Debian release
305 308 if [ "$RELEASE" = "stretch" ] || [ "$RELEASE" = "buster" ] ; then
306 309 BUILD_KERNEL=true
307 310 fi
308 311
309 312 # Add packages required for kernel cross compilation
310 313 if [ "$BUILD_KERNEL" = true ] ; then
311 314 if [ "$KERNEL_ARCH" = "arm" ] ; then
312 315 if [ "$RELEASE_ARCH" = "armel" ]; then
313 316 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-armel"
314 317 fi
315 318 if [ "$RELEASE_ARCH" = "armhf" ]; then
316 319 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-armhf"
317 320 fi
318 321 fi
319 322 if [ "$RELEASE_ARCH" = "arm64" ]; then
320 323 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-arm64"
321 324 fi
322 325 fi
323 326
327 if [ "$ENABLE_VIDEOCORE" = true ] ; then
328 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} cmake"
329 fi
330
324 331 # Add libncurses5 to enable kernel menuconfig
325 332 if [ "$KERNEL_MENUCONFIG" = true ] ; then
326 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} libncurses5-dev"
333 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} libncurses-dev"
327 334 fi
328 335
329 336 # Add ccache compiler cache for (faster) kernel cross (re)compilation
330 337 if [ "$KERNEL_CCACHE" = true ] ; then
331 338 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} ccache"
332 339 fi
333 340
334 341 # Add cryptsetup package to enable filesystem encryption
335 342 if [ "$ENABLE_CRYPTFS" = true ] && [ "$BUILD_KERNEL" = true ] ; then
336 343 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} cryptsetup"
337 344 APT_INCLUDES="${APT_INCLUDES},cryptsetup,busybox,console-setup"
338 345
339 346 if [ -z "$CRYPTFS_PASSWORD" ] ; then
340 347 echo "error: no password defined (CRYPTFS_PASSWORD)!"
341 348 exit 1
342 349 fi
343 350 ENABLE_INITRAMFS=true
344 351 fi
345 352
346 353 # Add initramfs generation tools
347 354 if [ "$ENABLE_INITRAMFS" = true ] && [ "$BUILD_KERNEL" = true ] ; then
348 355 APT_INCLUDES="${APT_INCLUDES},initramfs-tools"
349 356 fi
350 357
351 358 # Add device-tree-compiler required for building the U-Boot bootloader
352 359 if [ "$ENABLE_UBOOT" = true ] ; then
353 360 APT_INCLUDES="${APT_INCLUDES},device-tree-compiler,bison,flex"
354 361 fi
355 362
356 363 # Check if root SSH (v2) public key file exists
357 if [ ! -z "$SSH_ROOT_PUB_KEY" ] ; then
364 if [ -n "$SSH_ROOT_PUB_KEY" ] ; then
358 365 if [ ! -f "$SSH_ROOT_PUB_KEY" ] ; then
359 366 echo "error: '$SSH_ROOT_PUB_KEY' specified SSH public key file not found (SSH_ROOT_PUB_KEY)!"
360 367 exit 1
361 368 fi
362 369 fi
363 370
364 371 # Check if $USER_NAME SSH (v2) public key file exists
365 if [ ! -z "$SSH_USER_PUB_KEY" ] ; then
372 if [ -n "$SSH_USER_PUB_KEY" ] ; then
366 373 if [ ! -f "$SSH_USER_PUB_KEY" ] ; then
367 374 echo "error: '$SSH_USER_PUB_KEY' specified SSH public key file not found (SSH_USER_PUB_KEY)!"
368 375 exit 1
369 376 fi
370 377 fi
371 378
372 379 # Check if all required packages are installed on the build system
373 380 for package in $REQUIRED_PACKAGES ; do
374 if [ "`dpkg-query -W -f='${Status}' $package`" != "install ok installed" ] ; then
381 if [ "$(dpkg-query -W -f='${Status}' $package)" != "install ok installed" ] ; then
375 382 MISSING_PACKAGES="${MISSING_PACKAGES} $package"
376 383 fi
377 384 done
378 385
379 386 # If there are missing packages ask confirmation for install, or exit
380 387 if [ -n "$MISSING_PACKAGES" ] ; then
381 388 echo "the following packages needed by this script are not installed:"
382 389 echo "$MISSING_PACKAGES"
383 390
384 echo -n "\ndo you want to install the missing packages right now? [y/n] "
385 read confirm
391 printf "\ndo you want to install the missing packages right now? [y/n] "
392 read -r confirm
386 393 [ "$confirm" != "y" ] && exit 1
387 394
388 395 # Make sure all missing required packages are installed
389 apt-get -qq -y install ${MISSING_PACKAGES}
396 apt-get -qq -y install "${MISSING_PACKAGES}"
390 397 fi
391 398
392 399 # Check if ./bootstrap.d directory exists
393 400 if [ ! -d "./bootstrap.d/" ] ; then
394 401 echo "error: './bootstrap.d' required directory not found!"
395 402 exit 1
396 403 fi
397 404
398 405 # Check if ./files directory exists
399 406 if [ ! -d "./files/" ] ; then
400 407 echo "error: './files' required directory not found!"
401 408 exit 1
402 409 fi
403 410
404 411 # Check if specified KERNELSRC_DIR directory exists
405 412 if [ -n "$KERNELSRC_DIR" ] && [ ! -d "$KERNELSRC_DIR" ] ; then
406 413 echo "error: '${KERNELSRC_DIR}' specified directory not found (KERNELSRC_DIR)!"
407 414 exit 1
408 415 fi
409 416
410 417 # Check if specified UBOOTSRC_DIR directory exists
411 418 if [ -n "$UBOOTSRC_DIR" ] && [ ! -d "$UBOOTSRC_DIR" ] ; then
412 419 echo "error: '${UBOOTSRC_DIR}' specified directory not found (UBOOTSRC_DIR)!"
413 420 exit 1
414 421 fi
415 422
423 # Check if specified VIDEOCORESRC_DIR directory exists
424 if [ -n "$VIDEOCORESRC_DIR" ] && [ ! -d "$VIDEOCORESRC_DIR" ] ; then
425 echo "error: '${VIDEOCORESRC_DIR}' specified directory not found (VIDEOCORESRC_DIR)!"
426 exit 1
427 fi
428
416 429 # Check if specified FBTURBOSRC_DIR directory exists
417 430 if [ -n "$FBTURBOSRC_DIR" ] && [ ! -d "$FBTURBOSRC_DIR" ] ; then
418 431 echo "error: '${FBTURBOSRC_DIR}' specified directory not found (FBTURBOSRC_DIR)!"
419 432 exit 1
420 433 fi
421 434
422 435 # Check if specified CHROOT_SCRIPTS directory exists
423 436 if [ -n "$CHROOT_SCRIPTS" ] && [ ! -d "$CHROOT_SCRIPTS" ] ; then
424 437 echo "error: ${CHROOT_SCRIPTS} specified directory not found (CHROOT_SCRIPTS)!"
425 438 exit 1
426 439 fi
427 440
428 441 # Check if specified device mapping already exists (will be used by cryptsetup)
429 442 if [ -r "/dev/mapping/${CRYPTFS_MAPPING}" ] ; then
430 443 echo "error: mapping /dev/mapping/${CRYPTFS_MAPPING} already exists, not proceeding"
431 444 exit 1
432 445 fi
433 446
434 447 # Don't clobber an old build
435 448 if [ -e "$BUILDDIR" ] ; then
436 449 echo "error: directory ${BUILDDIR} already exists, not proceeding"
437 450 exit 1
438 451 fi
439 452
440 453 # Setup chroot directory
441 454 mkdir -p "${R}"
442 455
443 456 # Check if build directory has enough of free disk space >512MB
444 if [ "$(df --output=avail ${BUILDDIR} | sed "1d")" -le "524288" ] ; then
457 if [ "$(df --output=avail "${BUILDDIR}" | sed "1d")" -le "524288" ] ; then
445 458 echo "error: ${BUILDDIR} not enough space left to generate the output image!"
446 459 exit 1
447 460 fi
448 461
449 462 set -x
450 463
451 464 # Call "cleanup" function on various signals and errors
452 465 trap cleanup 0 1 2 3 6
453 466
454 467 # Add required packages for the minbase installation
455 468 if [ "$ENABLE_MINBASE" = true ] ; then
456 469 APT_INCLUDES="${APT_INCLUDES},vim-tiny,netbase,net-tools,ifupdown"
457 470 fi
458 471
459 472 # Add required locales packages
460 473 if [ "$DEFLOCAL" != "en_US.UTF-8" ] || ([ -n XKB_MODEL ] || [ -n XKB_LAYOUT ] || [ -n XKB_VARIANT ] || [ -n XKB_OPTIONS ]); then
461 474 APT_INCLUDES="${APT_INCLUDES},locales,keyboard-configuration,console-setup"
462 475 fi
463 476
464 477 # Add parted package, required to get partprobe utility
465 478 if [ "$EXPANDROOT" = true ] ; then
466 479 APT_INCLUDES="${APT_INCLUDES},parted"
467 480 fi
468 481
469 482 # Add dbus package, recommended if using systemd
470 483 if [ "$ENABLE_DBUS" = true ] ; then
471 484 APT_INCLUDES="${APT_INCLUDES},dbus"
472 485 fi
473 486
474 487 # Add iptables IPv4/IPv6 package
475 488 if [ "$ENABLE_IPTABLES" = true ] ; then
476 489 APT_INCLUDES="${APT_INCLUDES},iptables,iptables-persistent"
477 490 fi
478 491
479 492 # Add openssh server package
480 493 if [ "$ENABLE_SSHD" = true ] ; then
481 494 APT_INCLUDES="${APT_INCLUDES},openssh-server"
482 495 fi
483 496
484 497 # Add alsa-utils package
485 498 if [ "$ENABLE_SOUND" = true ] ; then
486 499 APT_INCLUDES="${APT_INCLUDES},alsa-utils"
487 500 fi
488 501
489 502 # Add rng-tools package
490 503 if [ "$ENABLE_HWRANDOM" = true ] ; then
491 504 APT_INCLUDES="${APT_INCLUDES},rng-tools"
492 505 fi
493 506
494 507 # Add fbturbo video driver
495 508 if [ "$ENABLE_FBTURBO" = true ] ; then
496 509 # Enable xorg package dependencies
497 510 ENABLE_XORG=true
498 511 fi
499 512
500 513 # Add user defined window manager package
501 514 if [ -n "$ENABLE_WM" ] ; then
502 515 APT_INCLUDES="${APT_INCLUDES},${ENABLE_WM}"
503 516
504 517 # Enable xorg package dependencies
505 518 ENABLE_XORG=true
506 519 fi
507 520
508 521 # Add xorg package
509 522 if [ "$ENABLE_XORG" = true ] ; then
510 523 APT_INCLUDES="${APT_INCLUDES},xorg,dbus-x11"
511 524 fi
512 525
513 526 # Replace selected packages with smaller clones
514 527 if [ "$ENABLE_REDUCE" = true ] ; then
515 528 # Add levee package instead of vim-tiny
516 529 if [ "$REDUCE_VIM" = true ] ; then
517 530 APT_INCLUDES="$(echo ${APT_INCLUDES} | sed "s/vim-tiny/levee/")"
518 531 fi
519 532
520 533 # Add dropbear package instead of openssh-server
521 534 if [ "$REDUCE_SSHD" = true ] ; then
522 APT_INCLUDES="$(echo ${APT_INCLUDES} | sed "s/openssh-server/dropbear/")"
535 APT_INCLUDES="$(echo "${APT_INCLUDES}" | sed "s/openssh-server/dropbear/")"
523 536 fi
524 537 fi
525 538
526 539 if [ "$RELEASE" != "jessie" ] ; then
527 540 APT_INCLUDES="${APT_INCLUDES},libnss-systemd"
528 541 fi
529 542
530 543 # Configure kernel sources if no KERNELSRC_DIR
531 544 if [ "$BUILD_KERNEL" = true ] && [ -z "$KERNELSRC_DIR" ] ; then
532 545 KERNELSRC_CONFIG=true
533 546 fi
534 547
535 548 # Configure reduced kernel
536 549 if [ "$KERNEL_REDUCE" = true ] ; then
537 550 KERNELSRC_CONFIG=false
538 551 fi
539 552
540 553 # Configure qemu compatible kernel
541 554 if [ "$ENABLE_QEMU" = true ] ; then
542 555 DTB_FILE=vexpress-v2p-ca15_a7.dtb
543 556 UBOOT_CONFIG=vexpress_ca15_tc2_defconfig
544 557 KERNEL_DEFCONFIG="vexpress_defconfig"
545 558 if [ "$KERNEL_MENUCONFIG" = false ] ; then
546 559 KERNEL_OLDDEFCONFIG=true
547 560 fi
548 561 fi
549 562
550 563 # Execute bootstrap scripts
551 564 for SCRIPT in bootstrap.d/*.sh; do
552 565 head -n 3 "$SCRIPT"
553 566 . "$SCRIPT"
554 567 done
555 568
556 569 ## Execute custom bootstrap scripts
557 570 if [ -d "custom.d" ] ; then
558 571 for SCRIPT in custom.d/*.sh; do
559 572 . "$SCRIPT"
560 573 done
561 574 fi
562 575
563 576 # Execute custom scripts inside the chroot
564 577 if [ -n "$CHROOT_SCRIPTS" ] && [ -d "$CHROOT_SCRIPTS" ] ; then
565 578 cp -r "${CHROOT_SCRIPTS}" "${R}/chroot_scripts"
566 579 chroot_exec /bin/bash -x <<'EOF'
567 580 for SCRIPT in /chroot_scripts/* ; do
568 581 if [ -f $SCRIPT -a -x $SCRIPT ] ; then
569 582 $SCRIPT
570 583 fi
571 584 done
572 585 EOF
573 586 rm -rf "${R}/chroot_scripts"
574 587 fi
575 588
576 589 # Remove c/c++ build environment from the chroot
577 590 chroot_remove_cc
578 591
579 592 # Remove apt-utils
580 593 if [ "$RELEASE" = "jessie" ] ; then
581 594 chroot_exec apt-get purge -qq -y --force-yes apt-utils
582 595 fi
583 596
584 597 # Generate required machine-id
585 598 MACHINE_ID=$(dbus-uuidgen)
586 599 echo -n "${MACHINE_ID}" > "${R}/var/lib/dbus/machine-id"
587 600 echo -n "${MACHINE_ID}" > "${ETC_DIR}/machine-id"
588 601
589 602 # APT Cleanup
590 603 chroot_exec apt-get -y clean
591 604 chroot_exec apt-get -y autoclean
592 605 chroot_exec apt-get -y autoremove
593 606
594 607 # Unmount mounted filesystems
595 608 umount -l "${R}/proc"
596 609 umount -l "${R}/sys"
597 610
598 611 # Clean up directories
599 612 rm -rf "${R}/run/*"
600 613 rm -rf "${R}/tmp/*"
601 614
602 615 # Clean up files
603 616 rm -f "${ETC_DIR}/ssh/ssh_host_*"
604 617 rm -f "${ETC_DIR}/dropbear/dropbear_*"
605 618 rm -f "${ETC_DIR}/apt/sources.list.save"
606 619 rm -f "${ETC_DIR}/resolvconf/resolv.conf.d/original"
607 620 rm -f "${ETC_DIR}/*-"
608 621 rm -f "${ETC_DIR}/apt/apt.conf.d/10proxy"
609 622 rm -f "${ETC_DIR}/resolv.conf"
610 623 rm -f "${R}/root/.bash_history"
611 624 rm -f "${R}/var/lib/urandom/random-seed"
612 625 rm -f "${R}/initrd.img"
613 626 rm -f "${R}/vmlinuz"
614 627 rm -f "${R}${QEMU_BINARY}"
615 628
616 629 if [ "$ENABLE_QEMU" = true ] ; then
617 630 # Setup QEMU directory
618 631 mkdir "${BASEDIR}/qemu"
619 632
620 633 # Copy kernel image to QEMU directory
621 634 install_readonly "${BOOT_DIR}/${KERNEL_IMAGE}" "${BASEDIR}/qemu/${KERNEL_IMAGE}"
622 635
623 636 # Copy kernel config to QEMU directory
624 637 install_readonly "${R}/boot/config-${KERNEL_VERSION}" "${BASEDIR}/qemu/config-${KERNEL_VERSION}"
625 638
626 639 # Copy kernel dtbs to QEMU directory
627 640 for dtb in "${BOOT_DIR}/"*.dtb ; do
628 641 if [ -f "${dtb}" ] ; then
629 642 install_readonly "${dtb}" "${BASEDIR}/qemu/"
630 643 fi
631 644 done
632 645
633 646 # Copy kernel overlays to QEMU directory
634 647 if [ -d "${BOOT_DIR}/overlays" ] ; then
635 648 # Setup overlays dtbs directory
636 649 mkdir "${BASEDIR}/qemu/overlays"
637 650
638 651 for dtb in "${BOOT_DIR}/overlays/"*.dtb ; do
639 652 if [ -f "${dtb}" ] ; then
640 653 install_readonly "${dtb}" "${BASEDIR}/qemu/overlays/"
641 654 fi
642 655 done
643 656 fi
644 657
645 658 # Copy u-boot files to QEMU directory
646 659 if [ "$ENABLE_UBOOT" = true ] ; then
647 660 if [ -f "${BOOT_DIR}/u-boot.bin" ] ; then
648 661 install_readonly "${BOOT_DIR}/u-boot.bin" "${BASEDIR}/qemu/u-boot.bin"
649 662 fi
650 663 if [ -f "${BOOT_DIR}/uboot.mkimage" ] ; then
651 664 install_readonly "${BOOT_DIR}/uboot.mkimage" "${BASEDIR}/qemu/uboot.mkimage"
652 665 fi
653 666 if [ -f "${BOOT_DIR}/boot.scr" ] ; then
654 667 install_readonly "${BOOT_DIR}/boot.scr" "${BASEDIR}/qemu/boot.scr"
655 668 fi
656 669 fi
657 670
658 671 # Copy initramfs to QEMU directory
659 672 if [ -f "${BOOT_DIR}/initramfs-${KERNEL_VERSION}" ] ; then
660 673 install_readonly "${BOOT_DIR}/initramfs-${KERNEL_VERSION}" "${BASEDIR}/qemu/initramfs-${KERNEL_VERSION}"
661 674 fi
662 675 fi
663 676
664 677 # Calculate size of the chroot directory in KB
665 CHROOT_SIZE=$(expr `du -s "${R}" | awk '{ print $1 }'`)
678 CHROOT_SIZE=$(expr "$(du -s "${R}" | awk '{ print $1 }')")
666 679
667 680 # Calculate the amount of needed 512 Byte sectors
668 681 TABLE_SECTORS=$(expr 1 \* 1024 \* 1024 \/ 512)
669 682 FRMW_SECTORS=$(expr 64 \* 1024 \* 1024 \/ 512)
670 ROOT_OFFSET=$(expr ${TABLE_SECTORS} + ${FRMW_SECTORS})
683 ROOT_OFFSET=$(expr "${TABLE_SECTORS}" + "${FRMW_SECTORS}")
671 684
672 685 # The root partition is EXT4
673 686 # This means more space than the actual used space of the chroot is used.
674 687 # As overhead for journaling and reserved blocks 35% are added.
675 ROOT_SECTORS=$(expr $(expr ${CHROOT_SIZE} + ${CHROOT_SIZE} \/ 100 \* 35) \* 1024 \/ 512)
688 ROOT_SECTORS=$(expr "$(expr "${CHROOT_SIZE}" + "${CHROOT_SIZE}" \/ 100 \* 35)" \* 1024 \/ 512)
676 689
677 690 # Calculate required image size in 512 Byte sectors
678 IMAGE_SECTORS=$(expr ${TABLE_SECTORS} + ${FRMW_SECTORS} + ${ROOT_SECTORS})
691 IMAGE_SECTORS=$(expr "${TABLE_SECTORS}" + "${FRMW_SECTORS}" + "${ROOT_SECTORS}")
679 692
680 693 # Prepare image file
681 694 if [ "$ENABLE_SPLITFS" = true ] ; then
682 dd if=/dev/zero of="$IMAGE_NAME-frmw.img" bs=512 count=${TABLE_SECTORS}
683 dd if=/dev/zero of="$IMAGE_NAME-frmw.img" bs=512 count=0 seek=${FRMW_SECTORS}
684 dd if=/dev/zero of="$IMAGE_NAME-root.img" bs=512 count=${TABLE_SECTORS}
685 dd if=/dev/zero of="$IMAGE_NAME-root.img" bs=512 count=0 seek=${ROOT_SECTORS}
695 dd if=/dev/zero of="$IMAGE_NAME-frmw.img" bs=512 count="${TABLE_SECTORS}"
696 dd if=/dev/zero of="$IMAGE_NAME-frmw.img" bs=512 count=0 seek="${FRMW_SECTORS}"
697 dd if=/dev/zero of="$IMAGE_NAME-root.img" bs=512 count="${TABLE_SECTORS}"
698 dd if=/dev/zero of="$IMAGE_NAME-root.img" bs=512 count=0 seek="${ROOT_SECTORS}"
686 699
687 700 # Write firmware/boot partition tables
688 701 sfdisk -q -L -uS -f "$IMAGE_NAME-frmw.img" 2> /dev/null <<EOM
689 702 ${TABLE_SECTORS},${FRMW_SECTORS},c,*
690 703 EOM
691 704
692 705 # Write root partition table
693 706 sfdisk -q -L -uS -f "$IMAGE_NAME-root.img" 2> /dev/null <<EOM
694 707 ${TABLE_SECTORS},${ROOT_SECTORS},83
695 708 EOM
696 709
697 710 # Setup temporary loop devices
698 FRMW_LOOP="$(losetup -o 1M --sizelimit 64M -f --show $IMAGE_NAME-frmw.img)"
699 ROOT_LOOP="$(losetup -o 1M -f --show $IMAGE_NAME-root.img)"
711 FRMW_LOOP="$(losetup -o 1M --sizelimit 64M -f --show "$IMAGE_NAME"-frmw.img)"
712 ROOT_LOOP="$(losetup -o 1M -f --show "$IMAGE_NAME"-root.img)"
700 713 else # ENABLE_SPLITFS=false
701 dd if=/dev/zero of="$IMAGE_NAME.img" bs=512 count=${TABLE_SECTORS}
702 dd if=/dev/zero of="$IMAGE_NAME.img" bs=512 count=0 seek=${IMAGE_SECTORS}
714 dd if=/dev/zero of="$IMAGE_NAME.img" bs=512 count="${TABLE_SECTORS}"
715 dd if=/dev/zero of="$IMAGE_NAME.img" bs=512 count=0 seek="${IMAGE_SECTORS}"
703 716
704 717 # Write partition table
705 718 sfdisk -q -L -uS -f "$IMAGE_NAME.img" 2> /dev/null <<EOM
706 719 ${TABLE_SECTORS},${FRMW_SECTORS},c,*
707 720 ${ROOT_OFFSET},${ROOT_SECTORS},83
708 721 EOM
709 722
710 723 # Setup temporary loop devices
711 FRMW_LOOP="$(losetup -o 1M --sizelimit 64M -f --show $IMAGE_NAME.img)"
712 ROOT_LOOP="$(losetup -o 65M -f --show $IMAGE_NAME.img)"
724 FRMW_LOOP="$(losetup -o 1M --sizelimit 64M -f --show "$IMAGE_NAME".img)"
725 ROOT_LOOP="$(losetup -o 65M -f --show "$IMAGE_NAME".img)"
713 726 fi
714 727
715 728 if [ "$ENABLE_CRYPTFS" = true ] ; then
716 729 # Create dummy ext4 fs
717 730 mkfs.ext4 "$ROOT_LOOP"
718 731
719 732 # Setup password keyfile
720 733 touch .password
721 734 chmod 600 .password
722 735 echo -n ${CRYPTFS_PASSWORD} > .password
723 736
724 737 # Initialize encrypted partition
725 738 echo "YES" | cryptsetup luksFormat "${ROOT_LOOP}" -c "${CRYPTFS_CIPHER}" -s "${CRYPTFS_XTSKEYSIZE}" .password
726 739
727 740 # Open encrypted partition and setup mapping
728 741 cryptsetup luksOpen "${ROOT_LOOP}" -d .password "${CRYPTFS_MAPPING}"
729 742
730 743 # Secure delete password keyfile
731 744 shred -zu .password
732 745
733 746 # Update temporary loop device
734 747 ROOT_LOOP="/dev/mapper/${CRYPTFS_MAPPING}"
735 748
736 749 # Wipe encrypted partition (encryption cipher is used for randomness)
737 dd if=/dev/zero of="${ROOT_LOOP}" bs=512 count=$(blockdev --getsz "${ROOT_LOOP}")
750 dd if=/dev/zero of="${ROOT_LOOP}" bs=512 count="$(blockdev --getsz "${ROOT_LOOP}")"
738 751 fi
739 752
740 753 # Build filesystems
741 754 mkfs.vfat "$FRMW_LOOP"
742 755 mkfs.ext4 "$ROOT_LOOP"
743 756
744 757 # Mount the temporary loop devices
745 758 mkdir -p "$BUILDDIR/mount"
746 759 mount "$ROOT_LOOP" "$BUILDDIR/mount"
747 760
748 761 mkdir -p "$BUILDDIR/mount/boot/firmware"
749 762 mount "$FRMW_LOOP" "$BUILDDIR/mount/boot/firmware"
750 763
751 764 # Copy all files from the chroot to the loop device mount point directory
752 765 rsync -a "${R}/" "$BUILDDIR/mount/"
753 766
754 767 # Unmount all temporary loop devices and mount points
755 768 cleanup
756 769
757 770 # Create block map file(s) of image(s)
758 771 if [ "$ENABLE_SPLITFS" = true ] ; then
759 772 # Create block map files for "bmaptool"
760 773 bmaptool create -o "$IMAGE_NAME-frmw.bmap" "$IMAGE_NAME-frmw.img"
761 774 bmaptool create -o "$IMAGE_NAME-root.bmap" "$IMAGE_NAME-root.img"
762 775
763 776 # Image was successfully created
764 echo "$IMAGE_NAME-frmw.img ($(expr \( ${TABLE_SECTORS} + ${FRMW_SECTORS} \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
765 echo "$IMAGE_NAME-root.img ($(expr \( ${TABLE_SECTORS} + ${ROOT_SECTORS} \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
777 echo "$IMAGE_NAME-frmw.img ($(expr \( "${TABLE_SECTORS}" + "${FRMW_SECTORS}" \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
778 echo "$IMAGE_NAME-root.img ($(expr \( "${TABLE_SECTORS}" + "${ROOT_SECTORS}" \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
766 779 else
767 780 # Create block map file for "bmaptool"
768 781 bmaptool create -o "$IMAGE_NAME.bmap" "$IMAGE_NAME.img"
769 782
770 783 # Image was successfully created
771 echo "$IMAGE_NAME.img ($(expr \( ${TABLE_SECTORS} + ${FRMW_SECTORS} + ${ROOT_SECTORS} \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
784 echo "$IMAGE_NAME.img ($(expr \( "${TABLE_SECTORS}" + "${FRMW_SECTORS}" + "${ROOT_SECTORS}" \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
772 785
773 786 # Create qemu qcow2 image
774 787 if [ "$ENABLE_QEMU" = true ] ; then
775 788 QEMU_IMAGE=${QEMU_IMAGE:=${BASEDIR}/qemu/${DATE}-${KERNEL_ARCH}-CURRENT-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}}
776 789 QEMU_SIZE=16G
777 790
778 qemu-img convert -f raw -O qcow2 $IMAGE_NAME.img $QEMU_IMAGE.qcow2
779 qemu-img resize $QEMU_IMAGE.qcow2 $QEMU_SIZE
791 qemu-img convert -f raw -O qcow2 "$IMAGE_NAME".img "$QEMU_IMAGE".qcow2
792 qemu-img resize "$QEMU_IMAGE".qcow2 $QEMU_SIZE
780 793
781 794 echo "$QEMU_IMAGE.qcow2 ($QEMU_SIZE)" ": successfully created"
782 795 fi
783 796 fi
General Comments 0
Vous devez vous connecter pour laisser un commentaire. Se connecter maintenant