##// END OF EJS Templates
Merge branch 'rpifegen' of https://github.com/g-vidal/rpi23-gen-image into rpifegen
vidal -
r195:c0c3bab82bdd Fusion
parent child
Show More
@@ -1,452 +1,452
1 # rpi23-gen-image
1 # rpi23-gen-image
2 ## Introduction
2 ## Introduction
3 `rpi23-gen-image.sh` is an advanced Debian Linux bootstrapping shell script for generating Debian OS images for Raspberry Pi 2 (RPi2) and Raspberry Pi 3 (RPi3) computers. The script at this time supports the bootstrapping of the Debian (armhf) releases `jessie` and `stretch`. Raspberry Pi 3 images are generated for 32-bit mode only. Raspberry Pi 3 64-bit images can be generated using custom configuration parameters (```templates/rpi3-stretch-arm64-4.11.y```).
3 `rpi23-gen-image.sh` is an advanced Debian Linux bootstrapping shell script for generating Debian OS images for Raspberry Pi 2 (RPi2) and Raspberry Pi 3 (RPi3) computers. The script at this time supports the bootstrapping of the Debian (armhf) releases `jessie` and `stretch`. Raspberry Pi 3 images are generated for 32-bit mode only. Raspberry Pi 3 64-bit images can be generated using custom configuration parameters (```templates/rpi3-stretch-arm64-4.11.y```).
4
4
5 ## Build dependencies
5 ## Build dependencies
6 The following list of Debian packages must be installed on the build system because they are essentially required for the bootstrapping process. The script will check if all required packages are installed and missing packages will be installed automatically if confirmed by the user.
6 The following list of Debian packages must be installed on the build system because they are essentially required for the bootstrapping process. The script will check if all required packages are installed and missing packages will be installed automatically if confirmed by the user.
7
7
8 ```debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git bc psmisc dbus sudo```
8 ```debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git bc psmisc dbus sudo```
9
9
10 It is recommended to configure the `rpi23-gen-image.sh` script to build and install the latest Raspberry Pi Linux kernel. For the RPi3 this is mandetory. Kernel compilation and linking will be performed on the build system using an ARM (armhf) cross-compiler toolchain.
10 It is recommended to configure the `rpi23-gen-image.sh` script to build and install the latest Raspberry Pi Linux kernel. For the RPi3 this is mandetory. Kernel compilation and linking will be performed on the build system using an ARM (armhf) cross-compiler toolchain.
11
11
12 The script has been tested using the default `crossbuild-essential-armhf` toolchain meta package on Debian Linux `jessie` and `stretch` build systems. Please check the [Debian CrossToolchains Wiki](https://wiki.debian.org/CrossToolchains) for further information.
12 The script has been tested using the default `crossbuild-essential-armhf` toolchain meta package on Debian Linux `jessie` and `stretch` build systems. Please check the [Debian CrossToolchains Wiki](https://wiki.debian.org/CrossToolchains) for further information.
13
13
14 If a Debian Linux `jessie` build system is used it will be required to add the [Debian Cross-toolchains repository](http://emdebian.org/tools/debian/) first:
14 If a Debian Linux `jessie` build system is used it will be required to add the [Debian Cross-toolchains repository](http://emdebian.org/tools/debian/) first:
15
15
16 ```
16 ```
17 echo "deb http://emdebian.org/tools/debian/ jessie main" > /etc/apt/sources.list.d/crosstools.list
17 echo "deb http://emdebian.org/tools/debian/ jessie main" > /etc/apt/sources.list.d/crosstools.list
18 sudo -u nobody wget -O - http://emdebian.org/tools/debian/emdebian-toolchain-archive.key | apt-key add -
18 sudo -u nobody wget -O - http://emdebian.org/tools/debian/emdebian-toolchain-archive.key | apt-key add -
19 dpkg --add-architecture armhf
19 dpkg --add-architecture armhf
20 apt-get update
20 apt-get update
21 ```
21 ```
22
22
23 ## Command-line parameters
23 ## Command-line parameters
24 The script accepts certain command-line parameters to enable or disable specific OS features, services and configuration settings. These parameters are passed to the `rpi23-gen-image.sh` script via (simple) shell-variables. Unlike environment shell-variables (simple) shell-variables are defined at the beginning of the command-line call of the `rpi23-gen-image.sh` script.
24 The script accepts certain command-line parameters to enable or disable specific OS features, services and configuration settings. These parameters are passed to the `rpi23-gen-image.sh` script via (simple) shell-variables. Unlike environment shell-variables (simple) shell-variables are defined at the beginning of the command-line call of the `rpi23-gen-image.sh` script.
25
25
26 ##### Command-line examples:
26 ##### Command-line examples:
27 ```shell
27 ```shell
28 ENABLE_UBOOT=true ./rpi23-gen-image.sh
28 ENABLE_UBOOT=true ./rpi23-gen-image.sh
29 ENABLE_CONSOLE=false ENABLE_IPV6=false ./rpi23-gen-image.sh
29 ENABLE_CONSOLE=false ENABLE_IPV6=false ./rpi23-gen-image.sh
30 ENABLE_WM=xfce4 ENABLE_FBTURBO=true ENABLE_MINBASE=true ./rpi23-gen-image.sh
30 ENABLE_WM=xfce4 ENABLE_FBTURBO=true ENABLE_MINBASE=true ./rpi23-gen-image.sh
31 ENABLE_HARDNET=true ENABLE_IPTABLES=true /rpi23-gen-image.sh
31 ENABLE_HARDNET=true ENABLE_IPTABLES=true /rpi23-gen-image.sh
32 APT_SERVER=ftp.de.debian.org APT_PROXY="http://127.0.0.1:3142/" ./rpi23-gen-image.sh
32 APT_SERVER=ftp.de.debian.org APT_PROXY="http://127.0.0.1:3142/" ./rpi23-gen-image.sh
33 ENABLE_MINBASE=true ./rpi23-gen-image.sh
33 ENABLE_MINBASE=true ./rpi23-gen-image.sh
34 BUILD_KERNEL=true ENABLE_MINBASE=true ENABLE_IPV6=false ./rpi23-gen-image.sh
34 BUILD_KERNEL=true ENABLE_MINBASE=true ENABLE_IPV6=false ./rpi23-gen-image.sh
35 BUILD_KERNEL=true KERNELSRC_DIR=/tmp/linux ./rpi23-gen-image.sh
35 BUILD_KERNEL=true KERNELSRC_DIR=/tmp/linux ./rpi23-gen-image.sh
36 ENABLE_MINBASE=true ENABLE_REDUCE=true ENABLE_MINGPU=true BUILD_KERNEL=true ./rpi23-gen-image.sh
36 ENABLE_MINBASE=true ENABLE_REDUCE=true ENABLE_MINGPU=true BUILD_KERNEL=true ./rpi23-gen-image.sh
37 ENABLE_CRYPTFS=true CRYPTFS_PASSWORD=changeme EXPANDROOT=false ENABLE_MINBASE=true ENABLE_REDUCE=true ENABLE_MINGPU=true BUILD_KERNEL=true ./rpi23-gen-image.sh
37 ENABLE_CRYPTFS=true CRYPTFS_PASSWORD=changeme EXPANDROOT=false ENABLE_MINBASE=true ENABLE_REDUCE=true ENABLE_MINGPU=true BUILD_KERNEL=true ./rpi23-gen-image.sh
38 RELEASE=stretch BUILD_KERNEL=true ./rpi23-gen-image.sh
38 RELEASE=stretch BUILD_KERNEL=true ./rpi23-gen-image.sh
39 RPI_MODEL=3 ENABLE_WIRELESS=true ENABLE_MINBASE=true BUILD_KERNEL=true ./rpi23-gen-image.sh
39 RPI_MODEL=3 ENABLE_WIRELESS=true ENABLE_MINBASE=true BUILD_KERNEL=true ./rpi23-gen-image.sh
40 RELEASE=stretch RPI_MODEL=3 ENABLE_WIRELESS=true ENABLE_MINBASE=true BUILD_KERNEL=true ./rpi23-gen-image.sh
40 RELEASE=stretch RPI_MODEL=3 ENABLE_WIRELESS=true ENABLE_MINBASE=true BUILD_KERNEL=true ./rpi23-gen-image.sh
41 ```
41 ```
42
42
43 ## Configuration template files
43 ## Configuration template files
44 To avoid long lists of command-line parameters and to help to store the favourite parameter configurations the `rpi23-gen-image.sh` script supports so called configuration template files (`CONFIG_TEMPLATE`=template). These are simple text files located in the `./templates` directory that contain the list of configuration parameters that will be used. New configuration template files can be added to the `./templates` directory.
44 To avoid long lists of command-line parameters and to help to store the favourite parameter configurations the `rpi23-gen-image.sh` script supports so called configuration template files (`CONFIG_TEMPLATE`=template). These are simple text files located in the `./templates` directory that contain the list of configuration parameters that will be used. New configuration template files can be added to the `./templates` directory.
45
45
46 ##### Command-line examples:
46 ##### Command-line examples:
47 ```shell
47 ```shell
48 CONFIG_TEMPLATE=rpi3stretch ./rpi23-gen-image.sh
48 CONFIG_TEMPLATE=rpi3stretch ./rpi23-gen-image.sh
49 CONFIG_TEMPLATE=rpi2stretch ./rpi23-gen-image.sh
49 CONFIG_TEMPLATE=rpi2stretch ./rpi23-gen-image.sh
50 ```
50 ```
51
51
52 ## Supported parameters and settings
52 ## Supported parameters and settings
53 #### APT settings:
53 #### APT settings:
54 ##### `APT_SERVER`="ftp.debian.org"
54 ##### `APT_SERVER`="ftp.debian.org"
55 Set Debian packages server address. Choose a server from the list of Debian worldwide [mirror sites](https://www.debian.org/mirror/list). Using a nearby server will probably speed-up all required downloads within the bootstrapping process.
55 Set Debian packages server address. Choose a server from the list of Debian worldwide [mirror sites](https://www.debian.org/mirror/list). Using a nearby server will probably speed-up all required downloads within the bootstrapping process.
56
56
57 ##### `APT_PROXY`=""
57 ##### `APT_PROXY`=""
58 Set Proxy server address. Using a local Proxy-Cache like `apt-cacher-ng` will speed-up the bootstrapping process because all required Debian packages will only be downloaded from the Debian mirror site once.
58 Set Proxy server address. Using a local Proxy-Cache like `apt-cacher-ng` will speed-up the bootstrapping process because all required Debian packages will only be downloaded from the Debian mirror site once.
59
59
60 ##### `APT_INCLUDES`=""
60 ##### `APT_INCLUDES`=""
61 A comma separated list of additional packages to be installed by debootstrap during bootstrapping.
61 A comma separated list of additional packages to be installed by debootstrap during bootstrapping.
62
62
63 ##### `APT_INCLUDES_LATE`=""
63 ##### `APT_INCLUDES_LATE`=""
64 A comma separated list of additional packages to be installed by apt after bootstrapping and after APT sources are set up. This is useful for packages with pre-depends, which debootstrap do not handle well.
64 A comma separated list of additional packages to be installed by apt after bootstrapping and after APT sources are set up. This is useful for packages with pre-depends, which debootstrap do not handle well.
65
65
66 ---
66 ---
67
67
68 #### General system settings:
68 #### General system settings:
69 ##### `RPI_MODEL`=2
69 ##### `RPI_MODEL`=2
70 Specifiy the target Raspberry Pi hardware model. The script at this time supports the Raspberry Pi models `2` and `3`. `BUILD_KERNEL`=true will automatically be set if the Raspberry Pi model `3` is used.
70 Specifiy the target Raspberry Pi hardware model. The script at this time supports the Raspberry Pi models `2` and `3`. `BUILD_KERNEL`=true will automatically be set if the Raspberry Pi model `3` is used.
71
71
72 ##### `RELEASE`="jessie"
72 ##### `RELEASE`="jessie"
73 Set the desired Debian release name. The script at this time supports the bootstrapping of the Debian releases "jessie" and "stretch". `BUILD_KERNEL`=true will automatically be set if the Debian release `stretch` is used.
73 Set the desired Debian release name. The script at this time supports the bootstrapping of the Debian releases "jessie" and "stretch". `BUILD_KERNEL`=true will automatically be set if the Debian release `stretch` is used.
74
74
75 ##### `RELEASE_ARCH`="armhf"
75 ##### `RELEASE_ARCH`="armhf"
76 Set the desired Debian release architecture.
76 Set the desired Debian release architecture.
77
77
78 ##### `HOSTNAME`="rpi$RPI_MODEL-$RELEASE"
78 ##### `HOSTNAME`="rpi$RPI_MODEL-$RELEASE"
79 Set system host name. It's recommended that the host name is unique in the corresponding subnet.
79 Set system host name. It's recommended that the host name is unique in the corresponding subnet.
80
80
81 ##### `PASSWORD`="raspberry"
81 ##### `PASSWORD`="raspberry"
82 Set system `root` password. It's **STRONGLY** recommended that you choose a custom password.
82 Set system `root` password. It's **STRONGLY** recommended that you choose a custom password.
83
83
84 ##### `USER_PASSWORD`="raspberry"
84 ##### `USER_PASSWORD`="raspberry"
85 Set password for the created non-root user `USER_NAME`=pi. Ignored if `ENABLE_USER`=false. It's **STRONGLY** recommended that you choose a custom password.
85 Set password for the created non-root user `USER_NAME`=pi. Ignored if `ENABLE_USER`=false. It's **STRONGLY** recommended that you choose a custom password.
86
86
87 ##### `DEFLOCAL`="en_US.UTF-8"
87 ##### `DEFLOCAL`="en_US.UTF-8"
88 Set default system locale. This setting can also be changed inside the running OS using the `dpkg-reconfigure locales` command. Please note that on using this parameter the script will automatically install the required packages `locales`, `keyboard-configuration` and `console-setup`.
88 Set default system locale. This setting can also be changed inside the running OS using the `dpkg-reconfigure locales` command. Please note that on using this parameter the script will automatically install the required packages `locales`, `keyboard-configuration` and `console-setup`.
89
89
90 ##### `TIMEZONE`="Europe/Berlin"
90 ##### `TIMEZONE`="Europe/Berlin"
91 Set default system timezone. All available timezones can be found in the `/usr/share/zoneinfo/` directory. This setting can also be changed inside the running OS using the `dpkg-reconfigure tzdata` command.
91 Set default system timezone. All available timezones can be found in the `/usr/share/zoneinfo/` directory. This setting can also be changed inside the running OS using the `dpkg-reconfigure tzdata` command.
92
92
93 ##### `EXPANDROOT`=true
93 ##### `EXPANDROOT`=true
94 Expand the root partition and filesystem automatically on first boot.
94 Expand the root partition and filesystem automatically on first boot.
95
95
96 ---
96 ---
97
97
98 #### Keyboard settings:
98 #### Keyboard settings:
99 These options are used to configure keyboard layout in `/etc/default/keyboard` for console and Xorg. These settings can also be changed inside the running OS using the `dpkg-reconfigure keyboard-configuration` command.
99 These options are used to configure keyboard layout in `/etc/default/keyboard` for console and Xorg. These settings can also be changed inside the running OS using the `dpkg-reconfigure keyboard-configuration` command.
100
100
101 ##### `XKB_MODEL`=""
101 ##### `XKB_MODEL`=""
102 Set the name of the model of your keyboard type.
102 Set the name of the model of your keyboard type.
103
103
104 ##### `XKB_LAYOUT`=""
104 ##### `XKB_LAYOUT`=""
105 Set the supported keyboard layout(s).
105 Set the supported keyboard layout(s).
106
106
107 ##### `XKB_VARIANT`=""
107 ##### `XKB_VARIANT`=""
108 Set the supported variant(s) of the keyboard layout(s).
108 Set the supported variant(s) of the keyboard layout(s).
109
109
110 ##### `XKB_OPTIONS`=""
110 ##### `XKB_OPTIONS`=""
111 Set extra xkb configuration options.
111 Set extra xkb configuration options.
112
112
113 ---
113 ---
114
114
115 #### Networking settings (DHCP):
115 #### Networking settings (DHCP):
116 This parameter is used to set up networking auto configuration in `/etc/systemd/network/eth.network`. The default location of network configuration files in the Debian `stretch` release was changed to `/lib/systemd/network`.`
116 This parameter is used to set up networking auto configuration in `/etc/systemd/network/eth.network`. The default location of network configuration files in the Debian `stretch` release was changed to `/lib/systemd/network`.`
117
117
118 ##### `ENABLE_DHCP`=true
118 ##### `ENABLE_DHCP`=true
119 Set the system to use DHCP. This requires an DHCP server.
119 Set the system to use DHCP. This requires an DHCP server.
120
120
121 ---
121 ---
122
122
123 #### Networking settings (static):
123 #### Networking settings (static):
124 These parameters are used to set up a static networking configuration in `/etc/systemd/network/eth.network`. The following static networking parameters are only supported if `ENABLE_DHCP` was set to `false`. The default location of network configuration files in the Debian `stretch` release was changed to `/lib/systemd/network`.
124 These parameters are used to set up a static networking configuration in `/etc/systemd/network/eth.network`. The following static networking parameters are only supported if `ENABLE_DHCP` was set to `false`. The default location of network configuration files in the Debian `stretch` release was changed to `/lib/systemd/network`.
125
125
126 ##### `NET_ADDRESS`=""
126 ##### `NET_ADDRESS`=""
127 Set a static IPv4 or IPv6 address and its prefix, separated by "/", eg. "192.169.0.3/24".
127 Set a static IPv4 or IPv6 address and its prefix, separated by "/", eg. "192.169.0.3/24".
128
128
129 ##### `NET_GATEWAY`=""
129 ##### `NET_GATEWAY`=""
130 Set the IP address for the default gateway.
130 Set the IP address for the default gateway.
131
131
132 ##### `NET_DNS_1`=""
132 ##### `NET_DNS_1`=""
133 Set the IP address for the first DNS server.
133 Set the IP address for the first DNS server.
134
134
135 ##### `NET_DNS_2`=""
135 ##### `NET_DNS_2`=""
136 Set the IP address for the second DNS server.
136 Set the IP address for the second DNS server.
137
137
138 ##### `NET_DNS_DOMAINS`=""
138 ##### `NET_DNS_DOMAINS`=""
139 Set the default DNS search domains to use for non fully qualified host names.
139 Set the default DNS search domains to use for non fully qualified host names.
140
140
141 ##### `NET_NTP_1`=""
141 ##### `NET_NTP_1`=""
142 Set the IP address for the first NTP server.
142 Set the IP address for the first NTP server.
143
143
144 ##### `NET_NTP_2`=""
144 ##### `NET_NTP_2`=""
145 Set the IP address for the second NTP server.
145 Set the IP address for the second NTP server.
146
146
147 ---
147 ---
148
148
149 #### Basic system features:
149 #### Basic system features:
150 ##### `ENABLE_CONSOLE`=true
150 ##### `ENABLE_CONSOLE`=true
151 Enable serial console interface. Recommended if no monitor or keyboard is connected to the RPi2/3. In case of problems fe. if the network (auto) configuration failed - the serial console can be used to access the system.
151 Enable serial console interface. Recommended if no monitor or keyboard is connected to the RPi2/3. In case of problems fe. if the network (auto) configuration failed - the serial console can be used to access the system.
152
152
153 ##### `ENABLE_I2C`=false
153 ##### `ENABLE_I2C`=false
154 Enable I2C interface on the RPi2/3. Please check the [RPi2/3 pinout diagrams](http://elinux.org/RPi_Low-level_peripherals) to connect the right GPIO pins.
154 Enable I2C interface on the RPi2/3. Please check the [RPi2/3 pinout diagrams](http://elinux.org/RPi_Low-level_peripherals) to connect the right GPIO pins.
155
155
156 ##### `ENABLE_SPI`=false
156 ##### `ENABLE_SPI`=false
157 Enable SPI interface on the RPi2/3. Please check the [RPi2/3 pinout diagrams](http://elinux.org/RPi_Low-level_peripherals) to connect the right GPIO pins.
157 Enable SPI interface on the RPi2/3. Please check the [RPi2/3 pinout diagrams](http://elinux.org/RPi_Low-level_peripherals) to connect the right GPIO pins.
158
158
159 ##### `ENABLE_IPV6`=true
159 ##### `ENABLE_IPV6`=true
160 Enable IPv6 support. The network interface configuration is managed via systemd-networkd.
160 Enable IPv6 support. The network interface configuration is managed via systemd-networkd.
161
161
162 ##### `ENABLE_SSHD`=true
162 ##### `ENABLE_SSHD`=true
163 Install and enable OpenSSH service. The default configuration of the service doesn't allow `root` to login. Please use the user `pi` instead and `su -` or `sudo` to execute commands as root.
163 Install and enable OpenSSH service. The default configuration of the service doesn't allow `root` to login. Please use the user `pi` instead and `su -` or `sudo` to execute commands as root.
164
164
165 ##### `ENABLE_NONFREE`=false
165 ##### `ENABLE_NONFREE`=false
166 Allow the installation of non-free Debian packages that do not comply with the DFSG. This is required to install closed-source firmware binary blobs.
166 Allow the installation of non-free Debian packages that do not comply with the DFSG. This is required to install closed-source firmware binary blobs.
167
167
168 ##### `ENABLE_WIRELESS`=false
168 ##### `ENABLE_WIRELESS`=false
169 Download and install the [closed-source firmware binary blob](https://github.com/RPi-Distro/firmware-nonfree/tree/master/brcm80211/brcm) that is required to run the internal wireless interface of the Raspberry Pi model `3`. This parameter is ignored if the specified `RPI_MODEL` is not `3`.
169 Download and install the [closed-source firmware binary blob](https://github.com/RPi-Distro/firmware-nonfree/tree/master/brcm80211/brcm) that is required to run the internal wireless interface of the Raspberry Pi model `3`. This parameter is ignored if the specified `RPI_MODEL` is not `3`.
170
170
171 ##### `ENABLE_RSYSLOG`=true
171 ##### `ENABLE_RSYSLOG`=true
172 If set to false, disable and uninstall rsyslog (so logs will be available only
172 If set to false, disable and uninstall rsyslog (so logs will be available only
173 in journal files)
173 in journal files)
174
174
175 ##### `ENABLE_SOUND`=true
175 ##### `ENABLE_SOUND`=true
176 Enable sound hardware and install Advanced Linux Sound Architecture.
176 Enable sound hardware and install Advanced Linux Sound Architecture.
177
177
178 ##### `ENABLE_HWRANDOM`=true
178 ##### `ENABLE_HWRANDOM`=true
179 Enable Hardware Random Number Generator. Strong random numbers are important for most network based communications that use encryption. It's recommended to be enabled.
179 Enable Hardware Random Number Generator. Strong random numbers are important for most network based communications that use encryption. It's recommended to be enabled.
180
180
181 ##### `ENABLE_MINGPU`=false
181 ##### `ENABLE_MINGPU`=false
182 Minimize the amount of shared memory reserved for the GPU. It doesn't seem to be possible to fully disable the GPU.
182 Minimize the amount of shared memory reserved for the GPU. It doesn't seem to be possible to fully disable the GPU.
183
183
184 ##### `ENABLE_DBUS`=true
184 ##### `ENABLE_DBUS`=true
185 Install and enable D-Bus message bus. Please note that systemd should work without D-bus but it's recommended to be enabled.
185 Install and enable D-Bus message bus. Please note that systemd should work without D-bus but it's recommended to be enabled.
186
186
187 ##### `ENABLE_XORG`=false
187 ##### `ENABLE_XORG`=false
188 Install Xorg open-source X Window System.
188 Install Xorg open-source X Window System.
189
189
190 ##### `ENABLE_WM`=""
190 ##### `ENABLE_WM`=""
191 Install a user defined window manager for the X Window System. To make sure all X related package dependencies are getting installed `ENABLE_XORG` will automatically get enabled if `ENABLE_WM` is used. The `rpi23-gen-image.sh` script has been tested with the following list of window managers: `blackbox`, `openbox`, `fluxbox`, `jwm`, `dwm`, `xfce4`, `awesome`.
191 Install a user defined window manager for the X Window System. To make sure all X related package dependencies are getting installed `ENABLE_XORG` will automatically get enabled if `ENABLE_WM` is used. The `rpi23-gen-image.sh` script has been tested with the following list of window managers: `blackbox`, `openbox`, `fluxbox`, `jwm`, `dwm`, `xfce4`, `awesome`.
192
192
193 ---
193 ---
194
194
195 #### Advanced system features:
195 #### Advanced system features:
196 ##### `ENABLE_MINBASE`=false
196 ##### `ENABLE_MINBASE`=false
197 Use debootstrap script variant `minbase` which only includes essential packages and apt. This will reduce the disk usage by about 65 MB.
197 Use debootstrap script variant `minbase` which only includes essential packages and apt. This will reduce the disk usage by about 65 MB.
198
198
199 ##### `ENABLE_REDUCE`=false
199 ##### `ENABLE_REDUCE`=false
200 Reduce the disk space usage by deleting packages and files. See `REDUCE_*` parameters for detailed information.
200 Reduce the disk space usage by deleting packages and files. See `REDUCE_*` parameters for detailed information.
201
201
202 ##### `ENABLE_UBOOT`=false
202 ##### `ENABLE_UBOOT`=false
203 Replace the default RPi2/3 second stage bootloader (bootcode.bin) with [U-Boot bootloader](http://git.denx.de/?p=u-boot.git;a=summary). U-Boot can boot images via the network using the BOOTP/TFTP protocol.
203 Replace the default RPi2/3 second stage bootloader (bootcode.bin) with [U-Boot bootloader](http://git.denx.de/?p=u-boot.git;a=summary). U-Boot can boot images via the network using the BOOTP/TFTP protocol.
204
204
205 ##### `UBOOTSRC_DIR`=""
205 ##### `UBOOTSRC_DIR`=""
206 Path to a directory (`u-boot`) of [U-Boot bootloader sources](http://git.denx.de/?p=u-boot.git;a=summary) that will be copied, configured, build and installed inside the chroot.
206 Path to a directory (`u-boot`) of [U-Boot bootloader sources](http://git.denx.de/?p=u-boot.git;a=summary) that will be copied, configured, build and installed inside the chroot.
207
207
208 ##### `ENABLE_FBTURBO`=false
208 ##### `ENABLE_FBTURBO`=false
209 Install and enable the [hardware accelerated Xorg video driver](https://github.com/ssvb/xf86-video-fbturbo) `fbturbo`. Please note that this driver is currently limited to hardware accelerated window moving and scrolling.
209 Install and enable the [hardware accelerated Xorg video driver](https://github.com/ssvb/xf86-video-fbturbo) `fbturbo`. Please note that this driver is currently limited to hardware accelerated window moving and scrolling.
210
210
211 ##### `FBTURBOSRC_DIR`=""
211 ##### `FBTURBOSRC_DIR`=""
212 Path to a directory (`xf86-video-fbturbo`) of [hardware accelerated Xorg video driver sources](https://github.com/ssvb/xf86-video-fbturbo) that will be copied, configured, build and installed inside the chroot.
212 Path to a directory (`xf86-video-fbturbo`) of [hardware accelerated Xorg video driver sources](https://github.com/ssvb/xf86-video-fbturbo) that will be copied, configured, build and installed inside the chroot.
213
213
214 ##### `ENABLE_IPTABLES`=false
214 ##### `ENABLE_IPTABLES`=false
215 Enable iptables IPv4/IPv6 firewall. Simplified ruleset: Allow all outgoing connections. Block all incoming connections except to OpenSSH service.
215 Enable iptables IPv4/IPv6 firewall. Simplified ruleset: Allow all outgoing connections. Block all incoming connections except to OpenSSH service.
216
216
217 ##### `ENABLE_USER`=true
217 ##### `ENABLE_USER`=true
218 Create non-root user with password `USER_PASSWORD`=raspberry. Unless overridden with `USER_NAME`=user, username will be `pi`.
218 Create non-root user with password `USER_PASSWORD`=raspberry. Unless overridden with `USER_NAME`=user, username will be `pi`.
219
219
220 ##### `USER_NAME`=pi
220 ##### `USER_NAME`=pi
221 Non-root user to create. Ignored if `ENABLE_USER`=false
221 Non-root user to create. Ignored if `ENABLE_USER`=false
222
222
223 ##### `ENABLE_ROOT`=false
223 ##### `ENABLE_ROOT`=false
224 Set root user password so root login will be enabled
224 Set root user password so root login will be enabled
225
225
226 ##### `ENABLE_HARDNET`=false
226 ##### `ENABLE_HARDNET`=false
227 Enable IPv4/IPv6 network stack hardening settings.
227 Enable IPv4/IPv6 network stack hardening settings.
228
228
229 ##### `ENABLE_SPLITFS`=false
229 ##### `ENABLE_SPLITFS`=false
230 Enable having root partition on an USB drive by creating two image files: one for the `/boot/firmware` mount point, and another for `/`.
230 Enable having root partition on an USB drive by creating two image files: one for the `/boot/firmware` mount point, and another for `/`.
231
231
232 ##### `CHROOT_SCRIPTS`=""
232 ##### `CHROOT_SCRIPTS`=""
233 Path to a directory with scripts that should be run in the chroot before the image is finally built. Every executable file in this directory is run in lexicographical order.
233 Path to a directory with scripts that should be run in the chroot before the image is finally built. Every executable file in this directory is run in lexicographical order.
234
234
235 ##### `ENABLE_INITRAMFS`=false
235 ##### `ENABLE_INITRAMFS`=false
236 Create an initramfs that that will be loaded during the Linux startup process. `ENABLE_INITRAMFS` will automatically get enabled if `ENABLE_CRYPTFS`=true. This parameter will be ignored if `BUILD_KERNEL`=false.
236 Create an initramfs that that will be loaded during the Linux startup process. `ENABLE_INITRAMFS` will automatically get enabled if `ENABLE_CRYPTFS`=true. This parameter will be ignored if `BUILD_KERNEL`=false.
237
237
238 ##### `ENABLE_IFNAMES`=true
238 ##### `ENABLE_IFNAMES`=true
239 Enable automatic assignment of predictable, stable network interface names for all local Ethernet, WLAN interfaces. This might create complex and long interface names. This parameter is only supported if the Debian release `stretch` is used.
239 Enable automatic assignment of predictable, stable network interface names for all local Ethernet, WLAN interfaces. This might create complex and long interface names. This parameter is only supported if the Debian release `stretch` is used.
240
240
241 ##### `DISABLE_UNDERVOLT_WARNINGS`=
241 ##### `DISABLE_UNDERVOLT_WARNINGS`=
242 Disable RPi2/3 under-voltage warnings and overlays. Setting the parameter to `1` will disable the warning overlay. Setting it to `2` will additionally allow RPi2/3 turbo mode when low-voltage is present.
242 Disable RPi2/3 under-voltage warnings and overlays. Setting the parameter to `1` will disable the warning overlay. Setting it to `2` will additionally allow RPi2/3 turbo mode when low-voltage is present.
243
243
244 ---
244 ---
245
245
246 #### SSH settings:
246 #### SSH settings:
247 ##### `SSH_ENABLE_ROOT`=false
247 ##### `SSH_ENABLE_ROOT`=false
248 Enable password root login via SSH. This may be a security risk with default password, use only in trusted environments. `ENABLE_ROOT` must be set to `true`.
248 Enable password root login via SSH. This may be a security risk with default password, use only in trusted environments. `ENABLE_ROOT` must be set to `true`.
249
249
250 ##### `SSH_DISABLE_PASSWORD_AUTH`=false
250 ##### `SSH_DISABLE_PASSWORD_AUTH`=false
251 Disable password based SSH authentication. Only public key based SSH (v2) authentication will be supported.
251 Disable password based SSH authentication. Only public key based SSH (v2) authentication will be supported.
252
252
253 ##### `SSH_LIMIT_USERS`=false
253 ##### `SSH_LIMIT_USERS`=false
254 Limit the users that are allowed to login via SSH. Only allow user `USER_NAME`=pi and root if `SSH_ENABLE_ROOT`=true to login. This parameter will be ignored if `dropbear` SSH is used (`REDUCE_SSHD`=true).
254 Limit the users that are allowed to login via SSH. Only allow user `USER_NAME`=pi and root if `SSH_ENABLE_ROOT`=true to login. This parameter will be ignored if `dropbear` SSH is used (`REDUCE_SSHD`=true).
255
255
256 ##### `SSH_ROOT_PUB_KEY`=""
256 ##### `SSH_ROOT_PUB_KEY`=""
257 Add SSH (v2) public key(s) from specified file to `authorized_keys` file to enable public key based SSH (v2) authentication of user `root`. The specified file can also contain multiple SSH (v2) public keys. SSH protocol version 1 is not supported. `ENABLE_ROOT` **and** `SSH_ENABLE_ROOT` must be set to `true`.
257 Add SSH (v2) public key(s) from specified file to `authorized_keys` file to enable public key based SSH (v2) authentication of user `root`. The specified file can also contain multiple SSH (v2) public keys. SSH protocol version 1 is not supported. `ENABLE_ROOT` **and** `SSH_ENABLE_ROOT` must be set to `true`.
258
258
259 ##### `SSH_USER_PUB_KEY`=""
259 ##### `SSH_USER_PUB_KEY`=""
260 Add SSH (v2) public key(s) from specified file to `authorized_keys` file to enable public key based SSH (v2) authentication of user `USER_NAME`=pi. The specified file can also contain multiple SSH (v2) public keys. SSH protocol version 1 is not supported.
260 Add SSH (v2) public key(s) from specified file to `authorized_keys` file to enable public key based SSH (v2) authentication of user `USER_NAME`=pi. The specified file can also contain multiple SSH (v2) public keys. SSH protocol version 1 is not supported.
261
261
262 ---
262 ---
263
263
264 #### Kernel compilation:
264 #### Kernel compilation:
265 ##### `BUILD_KERNEL`=false
265 ##### `BUILD_KERNEL`=false
266 Build and install the latest RPi2/3 Linux kernel. Currently only the default RPi2/3 kernel configuration is used. `BUILD_KERNEL`=true will automatically be set if the Raspberry Pi model `3` is used.
266 Build and install the latest RPi2/3 Linux kernel. Currently only the default RPi2/3 kernel configuration is used. `BUILD_KERNEL`=true will automatically be set if the Raspberry Pi model `3` is used.
267
267
268 ##### `CROSS_COMPILE`="arm-linux-gnueabihf-"
268 ##### `CROSS_COMPILE`="arm-linux-gnueabihf-"
269 This sets the cross compile enviornment for the compiler.
269 This sets the cross compile enviornment for the compiler.
270
270
271 ##### `KERNEL_ARCH`="arm"
271 ##### `KERNEL_ARCH`="arm"
272 This sets the kernel architecture for the compiler.
272 This sets the kernel architecture for the compiler.
273
273
274 ##### `KERNEL_IMAGE`="kernel7.img"
274 ##### `KERNEL_IMAGE`="kernel7.img"
275 Name of the image file in the boot partition.
275 Name of the image file in the boot partition. If not set, `KERNEL_IMAGE` will be set to "kernel8.img" automatically if building for arm64.
276
276
277 ##### `KERNEL_BRANCH`=""
277 ##### `KERNEL_BRANCH`=""
278 Name of the requested branch from the GIT location for the RPi Kernel. Default is using the current default branch from the GIT site.
278 Name of the requested branch from the GIT location for the RPi Kernel. Default is using the current default branch from the GIT site.
279
279
280 ##### `QEMU_BINARY`="/usr/bin/qemu-arm-static"
280 ##### `QEMU_BINARY`="/usr/bin/qemu-arm-static"
281 Sets the QEMU enviornment for the Debian archive.
281 Sets the QEMU enviornment for the Debian archive. If not set, `QEMU_BINARY` will be set to "/usr/bin/qemu-aarch64-static" automatically if building for arm64.
282
282
283 ##### `KERNEL_DEFCONFIG`="bcm2709_defconfig"
283 ##### `KERNEL_DEFCONFIG`="bcm2709_defconfig"
284 Sets the default config for kernel compiling.
284 Sets the default config for kernel compiling. If not set, `KERNEL_DEFCONFIG` will be set to "bcmrpi3\_defconfig" automatically if building for arm64.
285
285
286 ##### `KERNEL_REDUCE`=false
286 ##### `KERNEL_REDUCE`=false
287 Reduce the size of the generated kernel by removing unwanted device, network and filesystem drivers (experimental).
287 Reduce the size of the generated kernel by removing unwanted device, network and filesystem drivers (experimental).
288
288
289 ##### `KERNEL_THREADS`=1
289 ##### `KERNEL_THREADS`=1
290 Number of parallel kernel building threads. If the parameter is left untouched the script will automatically determine the number of CPU cores to set the number of parallel threads to speed the kernel compilation.
290 Number of parallel kernel building threads. If the parameter is left untouched the script will automatically determine the number of CPU cores to set the number of parallel threads to speed the kernel compilation.
291
291
292 ##### `KERNEL_HEADERS`=true
292 ##### `KERNEL_HEADERS`=true
293 Install kernel headers with built kernel.
293 Install kernel headers with built kernel.
294
294
295 ##### `KERNEL_MENUCONFIG`=false
295 ##### `KERNEL_MENUCONFIG`=false
296 Start `make menuconfig` interactive menu-driven kernel configuration. The script will continue after `make menuconfig` was terminated.
296 Start `make menuconfig` interactive menu-driven kernel configuration. The script will continue after `make menuconfig` was terminated.
297
297
298 ##### `KERNEL_REMOVESRC`=true
298 ##### `KERNEL_REMOVESRC`=true
299 Remove all kernel sources from the generated OS image after it was built and installed.
299 Remove all kernel sources from the generated OS image after it was built and installed.
300
300
301 ##### `KERNELSRC_DIR`=""
301 ##### `KERNELSRC_DIR`=""
302 Path to a directory (`linux`) of [RaspberryPi Linux kernel sources](https://github.com/raspberrypi/linux) that will be copied, configured, build and installed inside the chroot.
302 Path to a directory (`linux`) of [RaspberryPi Linux kernel sources](https://github.com/raspberrypi/linux) that will be copied, configured, build and installed inside the chroot.
303
303
304 ##### `KERNELSRC_CLEAN`=false
304 ##### `KERNELSRC_CLEAN`=false
305 Clean the existing kernel sources directory `KERNELSRC_DIR` (using `make mrproper`) after it was copied to the chroot and before the compilation of the kernel has started. This parameter will be ignored if no `KERNELSRC_DIR` was specified or if `KERNELSRC_PREBUILT`=true.
305 Clean the existing kernel sources directory `KERNELSRC_DIR` (using `make mrproper`) after it was copied to the chroot and before the compilation of the kernel has started. This parameter will be ignored if no `KERNELSRC_DIR` was specified or if `KERNELSRC_PREBUILT`=true.
306
306
307 ##### `KERNELSRC_CONFIG`=true
307 ##### `KERNELSRC_CONFIG`=true
308 Run `make bcm2709_defconfig` (and optional `make menuconfig`) to configure the kernel sources before building. This parameter is automatically set to `true` if no existing kernel sources directory was specified using `KERNELSRC_DIR`. This parameter is ignored if `KERNELSRC_PREBUILT`=true.
308 Run `make bcm2709_defconfig` (and optional `make menuconfig`) to configure the kernel sources before building. This parameter is automatically set to `true` if no existing kernel sources directory was specified using `KERNELSRC_DIR`. This parameter is ignored if `KERNELSRC_PREBUILT`=true.
309
309
310 ##### `KERNELSRC_USRCONFIG`=""
310 ##### `KERNELSRC_USRCONFIG`=""
311 Copy own config file to kernel `.config`. If `KERNEL_MENUCONFIG`=true then running after copy.
311 Copy own config file to kernel `.config`. If `KERNEL_MENUCONFIG`=true then running after copy.
312
312
313 ##### `KERNELSRC_PREBUILT`=false
313 ##### `KERNELSRC_PREBUILT`=false
314 With this parameter set to true the script expects the existing kernel sources directory to be already successfully cross-compiled. The parameters `KERNELSRC_CLEAN`, `KERNELSRC_CONFIG`, `KERNELSRC_USRCONFIG` and `KERNEL_MENUCONFIG` are ignored and no kernel compilation tasks are performed.
314 With this parameter set to true the script expects the existing kernel sources directory to be already successfully cross-compiled. The parameters `KERNELSRC_CLEAN`, `KERNELSRC_CONFIG`, `KERNELSRC_USRCONFIG` and `KERNEL_MENUCONFIG` are ignored and no kernel compilation tasks are performed.
315
315
316 ##### `RPI_FIRMWARE_DIR`=""
316 ##### `RPI_FIRMWARE_DIR`=""
317 The directory (`firmware`) containing a local copy of the firmware from the [RaspberryPi firmware project](https://github.com/raspberrypi/firmware). Default is to download the latest firmware directly from the project.
317 The directory (`firmware`) containing a local copy of the firmware from the [RaspberryPi firmware project](https://github.com/raspberrypi/firmware). Default is to download the latest firmware directly from the project.
318
318
319 ---
319 ---
320
320
321 #### Reduce disk usage:
321 #### Reduce disk usage:
322 The following list of parameters is ignored if `ENABLE_REDUCE`=false.
322 The following list of parameters is ignored if `ENABLE_REDUCE`=false.
323
323
324 ##### `REDUCE_APT`=true
324 ##### `REDUCE_APT`=true
325 Configure APT to use compressed package repository lists and no package caching files.
325 Configure APT to use compressed package repository lists and no package caching files.
326
326
327 ##### `REDUCE_DOC`=true
327 ##### `REDUCE_DOC`=true
328 Remove all doc files (harsh). Configure APT to not include doc files on future `apt-get` package installations.
328 Remove all doc files (harsh). Configure APT to not include doc files on future `apt-get` package installations.
329
329
330 ##### `REDUCE_MAN`=true
330 ##### `REDUCE_MAN`=true
331 Remove all man pages and info files (harsh). Configure APT to not include man pages on future `apt-get` package installations.
331 Remove all man pages and info files (harsh). Configure APT to not include man pages on future `apt-get` package installations.
332
332
333 ##### `REDUCE_VIM`=false
333 ##### `REDUCE_VIM`=false
334 Replace `vim-tiny` package by `levee` a tiny vim clone.
334 Replace `vim-tiny` package by `levee` a tiny vim clone.
335
335
336 ##### `REDUCE_BASH`=false
336 ##### `REDUCE_BASH`=false
337 Remove `bash` package and switch to `dash` shell (experimental).
337 Remove `bash` package and switch to `dash` shell (experimental).
338
338
339 ##### `REDUCE_HWDB`=true
339 ##### `REDUCE_HWDB`=true
340 Remove PCI related hwdb files (experimental).
340 Remove PCI related hwdb files (experimental).
341
341
342 ##### `REDUCE_SSHD`=true
342 ##### `REDUCE_SSHD`=true
343 Replace `openssh-server` with `dropbear`.
343 Replace `openssh-server` with `dropbear`.
344
344
345 ##### `REDUCE_LOCALE`=true
345 ##### `REDUCE_LOCALE`=true
346 Remove all `locale` translation files.
346 Remove all `locale` translation files.
347
347
348 ---
348 ---
349
349
350 #### Encrypted root partition:
350 #### Encrypted root partition:
351 ##### `ENABLE_CRYPTFS`=false
351 ##### `ENABLE_CRYPTFS`=false
352 Enable full system encryption with dm-crypt. Setup a fully LUKS encrypted root partition (aes-xts-plain64:sha512) and generate required initramfs. The /boot directory will not be encrypted. This parameter will be ignored if `BUILD_KERNEL`=false. `ENABLE_CRYPTFS` is experimental. SSH-to-initramfs is currently not supported but will be soon - feel free to help.
352 Enable full system encryption with dm-crypt. Setup a fully LUKS encrypted root partition (aes-xts-plain64:sha512) and generate required initramfs. The /boot directory will not be encrypted. This parameter will be ignored if `BUILD_KERNEL`=false. `ENABLE_CRYPTFS` is experimental. SSH-to-initramfs is currently not supported but will be soon - feel free to help.
353
353
354 ##### `CRYPTFS_PASSWORD`=""
354 ##### `CRYPTFS_PASSWORD`=""
355 Set password of the encrypted root partition. This parameter is mandatory if `ENABLE_CRYPTFS`=true.
355 Set password of the encrypted root partition. This parameter is mandatory if `ENABLE_CRYPTFS`=true.
356
356
357 ##### `CRYPTFS_MAPPING`="secure"
357 ##### `CRYPTFS_MAPPING`="secure"
358 Set name of dm-crypt managed device-mapper mapping.
358 Set name of dm-crypt managed device-mapper mapping.
359
359
360 ##### `CRYPTFS_CIPHER`="aes-xts-plain64:sha512"
360 ##### `CRYPTFS_CIPHER`="aes-xts-plain64:sha512"
361 Set cipher specification string. `aes-xts*` ciphers are strongly recommended.
361 Set cipher specification string. `aes-xts*` ciphers are strongly recommended.
362
362
363 ##### `CRYPTFS_XTSKEYSIZE`=512
363 ##### `CRYPTFS_XTSKEYSIZE`=512
364 Sets key size in bits. The argument has to be a multiple of 8.
364 Sets key size in bits. The argument has to be a multiple of 8.
365
365
366 ---
366 ---
367
367
368 #### Build settings:
368 #### Build settings:
369 ##### `BASEDIR`=$(pwd)/images/${RELEASE}
369 ##### `BASEDIR`=$(pwd)/images/${RELEASE}
370 Set a path to a working directory used by the script to generate an image.
370 Set a path to a working directory used by the script to generate an image.
371
371
372 ##### `IMAGE_NAME`=${BASEDIR}/${DATE}-${KERNEL_ARCH}-${KERNEL_BRANCH}-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}
372 ##### `IMAGE_NAME`=${BASEDIR}/${DATE}-${KERNEL_ARCH}-${KERNEL_BRANCH}-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}
373 Set a filename for the output file(s). Note: the script will create $IMAGE_NAME.img if `ENABLE_SPLITFS`=false or $IMAGE_NAME-frmw.img and $IMAGE_NAME-root.img if `ENABLE_SPLITFS`=true. Note 2: If the KERNEL_BRANCH is not set, the word "CURRENT" is used.
373 Set a filename for the output file(s). Note: the script will create $IMAGE_NAME.img if `ENABLE_SPLITFS`=false or $IMAGE_NAME-frmw.img and $IMAGE_NAME-root.img if `ENABLE_SPLITFS`=true. Note 2: If the KERNEL_BRANCH is not set, the word "CURRENT" is used.
374
374
375 ## Understanding the script
375 ## Understanding the script
376 The functions of this script that are required for the different stages of the bootstrapping are split up into single files located inside the `bootstrap.d` directory. During the bootstrapping every script in this directory gets executed in lexicographical order:
376 The functions of this script that are required for the different stages of the bootstrapping are split up into single files located inside the `bootstrap.d` directory. During the bootstrapping every script in this directory gets executed in lexicographical order:
377
377
378 | Script | Description |
378 | Script | Description |
379 | --- | --- |
379 | --- | --- |
380 | `10-bootstrap.sh` | Debootstrap basic system |
380 | `10-bootstrap.sh` | Debootstrap basic system |
381 | `11-apt.sh` | Setup APT repositories |
381 | `11-apt.sh` | Setup APT repositories |
382 | `12-locale.sh` | Setup Locales and keyboard settings |
382 | `12-locale.sh` | Setup Locales and keyboard settings |
383 | `13-kernel.sh` | Build and install RPi2/3 Kernel |
383 | `13-kernel.sh` | Build and install RPi2/3 Kernel |
384 | `14-fstab.sh` | Setup fstab and initramfs |
384 | `14-fstab.sh` | Setup fstab and initramfs |
385 | `15-rpi-config.sh` | Setup RPi2/3 config and cmdline |
385 | `15-rpi-config.sh` | Setup RPi2/3 config and cmdline |
386 | `20-networking.sh` | Setup Networking |
386 | `20-networking.sh` | Setup Networking |
387 | `21-firewall.sh` | Setup Firewall |
387 | `21-firewall.sh` | Setup Firewall |
388 | `30-security.sh` | Setup Users and Security settings |
388 | `30-security.sh` | Setup Users and Security settings |
389 | `31-logging.sh` | Setup Logging |
389 | `31-logging.sh` | Setup Logging |
390 | `32-sshd.sh` | Setup SSH and public keys |
390 | `32-sshd.sh` | Setup SSH and public keys |
391 | `41-uboot.sh` | Build and Setup U-Boot |
391 | `41-uboot.sh` | Build and Setup U-Boot |
392 | `42-fbturbo.sh` | Build and Setup fbturbo Xorg driver |
392 | `42-fbturbo.sh` | Build and Setup fbturbo Xorg driver |
393 | `50-firstboot.sh` | First boot actions |
393 | `50-firstboot.sh` | First boot actions |
394 | `99-reduce.sh` | Reduce the disk space usage |
394 | `99-reduce.sh` | Reduce the disk space usage |
395
395
396 All the required configuration files that will be copied to the generated OS image are located inside the `files` directory. It is not recommended to modify these configuration files manually.
396 All the required configuration files that will be copied to the generated OS image are located inside the `files` directory. It is not recommended to modify these configuration files manually.
397
397
398 | Directory | Description |
398 | Directory | Description |
399 | --- | --- |
399 | --- | --- |
400 | `apt` | APT management configuration files |
400 | `apt` | APT management configuration files |
401 | `boot` | Boot and RPi2/3 configuration files |
401 | `boot` | Boot and RPi2/3 configuration files |
402 | `dpkg` | Package Manager configuration |
402 | `dpkg` | Package Manager configuration |
403 | `etc` | Configuration files and rc scripts |
403 | `etc` | Configuration files and rc scripts |
404 | `firstboot` | Scripts that get executed on first boot |
404 | `firstboot` | Scripts that get executed on first boot |
405 | `initramfs` | Initramfs scripts |
405 | `initramfs` | Initramfs scripts |
406 | `iptables` | Firewall configuration files |
406 | `iptables` | Firewall configuration files |
407 | `locales` | Locales configuration |
407 | `locales` | Locales configuration |
408 | `modules` | Kernel Modules configuration |
408 | `modules` | Kernel Modules configuration |
409 | `mount` | Fstab configuration |
409 | `mount` | Fstab configuration |
410 | `network` | Networking configuration files |
410 | `network` | Networking configuration files |
411 | `sysctl.d` | Swapping and Network Hardening configuration |
411 | `sysctl.d` | Swapping and Network Hardening configuration |
412 | `xorg` | fbturbo Xorg driver configuration |
412 | `xorg` | fbturbo Xorg driver configuration |
413
413
414 ## Custom packages and scripts
414 ## Custom packages and scripts
415 Debian custom packages, i.e. those not in the debian repositories, can be installed by placing them in the `packages` directory. They are installed immediately after packages from the repositories are installed. Any dependencies listed in the custom packages will be downloaded automatically from the repositories. Do not list these custom packages in `APT_INCLUDES`.
415 Debian custom packages, i.e. those not in the debian repositories, can be installed by placing them in the `packages` directory. They are installed immediately after packages from the repositories are installed. Any dependencies listed in the custom packages will be downloaded automatically from the repositories. Do not list these custom packages in `APT_INCLUDES`.
416
416
417 Scripts in the custom.d directory will be executed after all other installation is complete but before the image is created.
417 Scripts in the custom.d directory will be executed after all other installation is complete but before the image is created.
418
418
419 ## Logging of the bootstrapping process
419 ## Logging of the bootstrapping process
420 All information related to the bootstrapping process and the commands executed by the `rpi23-gen-image.sh` script can easily be saved into a logfile. The common shell command `script` can be used for this purpose:
420 All information related to the bootstrapping process and the commands executed by the `rpi23-gen-image.sh` script can easily be saved into a logfile. The common shell command `script` can be used for this purpose:
421
421
422 ```shell
422 ```shell
423 script -c 'APT_SERVER=ftp.de.debian.org ./rpi23-gen-image.sh' ./build.log
423 script -c 'APT_SERVER=ftp.de.debian.org ./rpi23-gen-image.sh' ./build.log
424 ```
424 ```
425
425
426 ## Flashing the image file
426 ## Flashing the image file
427 After the image file was successfully created by the `rpi23-gen-image.sh` script it can be copied to the microSD card that will be used by the RPi2/3 computer. This can be performed by using the tools `bmaptool` or `dd`. Using `bmaptool` will probably speed-up the copy process because `bmaptool` copies more wisely than `dd`.
427 After the image file was successfully created by the `rpi23-gen-image.sh` script it can be copied to the microSD card that will be used by the RPi2/3 computer. This can be performed by using the tools `bmaptool` or `dd`. Using `bmaptool` will probably speed-up the copy process because `bmaptool` copies more wisely than `dd`.
428
428
429 ##### Flashing examples:
429 ##### Flashing examples:
430 ```shell
430 ```shell
431 bmaptool copy ./images/jessie/2017-01-23-rpi3-jessie.img /dev/mmcblk0
431 bmaptool copy ./images/jessie/2017-01-23-rpi3-jessie.img /dev/mmcblk0
432 dd bs=4M if=./images/jessie/2017-01-23-rpi3-jessie.img of=/dev/mmcblk0
432 dd bs=4M if=./images/jessie/2017-01-23-rpi3-jessie.img of=/dev/mmcblk0
433 ```
433 ```
434 If you have set `ENABLE_SPLITFS`, copy the `-frmw` image on the microSD card, then the `-root` one on the USB drive:
434 If you have set `ENABLE_SPLITFS`, copy the `-frmw` image on the microSD card, then the `-root` one on the USB drive:
435 ```shell
435 ```shell
436 bmaptool copy ./images/jessie/2017-01-23-rpi3-jessie-frmw.img /dev/mmcblk0
436 bmaptool copy ./images/jessie/2017-01-23-rpi3-jessie-frmw.img /dev/mmcblk0
437 bmaptool copy ./images/jessie/2017-01-23-rpi3-jessie-root.img /dev/sdc
437 bmaptool copy ./images/jessie/2017-01-23-rpi3-jessie-root.img /dev/sdc
438 ```
438 ```
439 ## Weekly image builds
439 ## Weekly image builds
440 The image files are provided by JRWR'S I/O PORT and are built once a Sunday at midnight UTC!
440 The image files are provided by JRWR'S I/O PORT and are built once a Sunday at midnight UTC!
441 * [Debian Stretch Raspberry Pi2/3 Weekly Image Builds](https://jrwr.io/doku.php?id=projects:debianpi)
441 * [Debian Stretch Raspberry Pi2/3 Weekly Image Builds](https://jrwr.io/doku.php?id=projects:debianpi)
442
442
443 ## External links and references
443 ## External links and references
444 * [Debian worldwide mirror sites](https://www.debian.org/mirror/list)
444 * [Debian worldwide mirror sites](https://www.debian.org/mirror/list)
445 * [Debian Raspberry Pi 2 Wiki](https://wiki.debian.org/RaspberryPi2)
445 * [Debian Raspberry Pi 2 Wiki](https://wiki.debian.org/RaspberryPi2)
446 * [Debian CrossToolchains Wiki](https://wiki.debian.org/CrossToolchains)
446 * [Debian CrossToolchains Wiki](https://wiki.debian.org/CrossToolchains)
447 * [Official Raspberry Pi Firmware on github](https://github.com/raspberrypi/firmware)
447 * [Official Raspberry Pi Firmware on github](https://github.com/raspberrypi/firmware)
448 * [Official Raspberry Pi Kernel on github](https://github.com/raspberrypi/linux)
448 * [Official Raspberry Pi Kernel on github](https://github.com/raspberrypi/linux)
449 * [U-BOOT git repository](http://git.denx.de/?p=u-boot.git;a=summary)
449 * [U-BOOT git repository](http://git.denx.de/?p=u-boot.git;a=summary)
450 * [Xorg DDX driver fbturbo](https://github.com/ssvb/xf86-video-fbturbo)
450 * [Xorg DDX driver fbturbo](https://github.com/ssvb/xf86-video-fbturbo)
451 * [RPi3 Wireless interface firmware](https://github.com/RPi-Distro/firmware-nonfree/tree/master/brcm80211/brcm)
451 * [RPi3 Wireless interface firmware](https://github.com/RPi-Distro/firmware-nonfree/tree/master/brcm80211/brcm)
452 * [Collabora RPi2 Kernel precompiled](https://repositories.collabora.co.uk/debian/)
452 * [Collabora RPi2 Kernel precompiled](https://repositories.collabora.co.uk/debian/)
@@ -1,640 +1,653
1 #!/bin/sh
1 #!/bin/sh
2
2
3 ########################################################################
3 ########################################################################
4 # rpi23-gen-image.sh 2015-2017
4 # rpi23-gen-image.sh 2015-2017
5 #
5 #
6 # Advanced Debian "jessie" and "stretch" bootstrap script for RPi2/3
6 # Advanced Debian "jessie" and "stretch" bootstrap script for RPi2/3
7 #
7 #
8 # This program is free software; you can redistribute it and/or
8 # This program is free software; you can redistribute it and/or
9 # modify it under the terms of the GNU General Public License
9 # modify it under the terms of the GNU General Public License
10 # as published by the Free Software Foundation; either version 2
10 # as published by the Free Software Foundation; either version 2
11 # of the License, or (at your option) any later version.
11 # of the License, or (at your option) any later version.
12 #
12 #
13 # Copyright (C) 2015 Jan Wagner <mail@jwagner.eu>
13 # Copyright (C) 2015 Jan Wagner <mail@jwagner.eu>
14 #
14 #
15 # Big thanks for patches and enhancements by 10+ github contributors!
15 # Big thanks for patches and enhancements by 10+ github contributors!
16 ########################################################################
16 ########################################################################
17
17
18 # Are we running as root?
18 # Are we running as root?
19 if [ "$(id -u)" -ne "0" ] ; then
19 if [ "$(id -u)" -ne "0" ] ; then
20 echo "error: this script must be executed with root privileges!"
20 echo "error: this script must be executed with root privileges!"
21 exit 1
21 exit 1
22 fi
22 fi
23
23
24 # Check if ./functions.sh script exists
24 # Check if ./functions.sh script exists
25 if [ ! -r "./functions.sh" ] ; then
25 if [ ! -r "./functions.sh" ] ; then
26 echo "error: './functions.sh' required script not found!"
26 echo "error: './functions.sh' required script not found!"
27 exit 1
27 exit 1
28 fi
28 fi
29
29
30 # Load utility functions
30 # Load utility functions
31 . ./functions.sh
31 . ./functions.sh
32
32
33 # Load parameters from configuration template file
33 # Load parameters from configuration template file
34 if [ ! -z "$CONFIG_TEMPLATE" ] ; then
34 if [ ! -z "$CONFIG_TEMPLATE" ] ; then
35 use_template
35 use_template
36 fi
36 fi
37
37
38 # Introduce settings
38 # Introduce settings
39 set -e
39 set -e
40 echo -n -e "\n#\n# RPi2/3 Bootstrap Settings\n#\n"
40 echo -n -e "\n#\n# RPi2/3 Bootstrap Settings\n#\n"
41 set -x
41 set -x
42
42
43 # Raspberry Pi model configuration
43 # Raspberry Pi model configuration
44 RPI_MODEL=${RPI_MODEL:=2}
44 RPI_MODEL=${RPI_MODEL:=2}
45 RPI2_DTB_FILE=${RPI2_DTB_FILE:=bcm2709-rpi-2-b.dtb}
45 RPI2_DTB_FILE=${RPI2_DTB_FILE:=bcm2709-rpi-2-b.dtb}
46 RPI2_UBOOT_CONFIG=${RPI2_UBOOT_CONFIG:=rpi_2_defconfig}
46 RPI2_UBOOT_CONFIG=${RPI2_UBOOT_CONFIG:=rpi_2_defconfig}
47 RPI3_DTB_FILE=${RPI3_DTB_FILE:=bcm2710-rpi-3-b.dtb}
47 RPI3_DTB_FILE=${RPI3_DTB_FILE:=bcm2710-rpi-3-b.dtb}
48 RPI3_UBOOT_CONFIG=${RPI3_UBOOT_CONFIG:=rpi_3_32b_defconfig}
48 RPI3_UBOOT_CONFIG=${RPI3_UBOOT_CONFIG:=rpi_3_32b_defconfig}
49
49
50 # Debian release
50 # Debian release
51 RELEASE=${RELEASE:=jessie}
51 RELEASE=${RELEASE:=jessie}
52 KERNEL_ARCH=${KERNEL_ARCH:=arm}
52 KERNEL_ARCH=${KERNEL_ARCH:=arm}
53 RELEASE_ARCH=${RELEASE_ARCH:=armhf}
53 RELEASE_ARCH=${RELEASE_ARCH:=armhf}
54 CROSS_COMPILE=${CROSS_COMPILE:=arm-linux-gnueabihf-}
54 CROSS_COMPILE=${CROSS_COMPILE:=arm-linux-gnueabihf-}
55 COLLABORA_KERNEL=${COLLABORA_KERNEL:=3.18.0-trunk-rpi2}
55 COLLABORA_KERNEL=${COLLABORA_KERNEL:=3.18.0-trunk-rpi2}
56 if [ "$KERNEL_ARCH" = "arm64" ] ; then
57 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcmrpi3_defconfig}
58 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel8.img}
59 else
56 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcm2709_defconfig}
60 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcm2709_defconfig}
57 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel7.img}
61 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel7.img}
62 fi
63 if [ "$RELEASE_ARCH" = "arm64" ] ; then
64 QEMU_BINARY=${QEMU_BINARY:=/usr/bin/qemu-aarch64-static}
65 else
58 QEMU_BINARY=${QEMU_BINARY:=/usr/bin/qemu-arm-static}
66 QEMU_BINARY=${QEMU_BINARY:=/usr/bin/qemu-arm-static}
67 fi
59 KERNEL_BRANCH=${KERNEL_BRANCH:=""}
68 KERNEL_BRANCH=${KERNEL_BRANCH:=""}
60
69
61 # URLs
70 # URLs
62 KERNEL_URL=${KERNEL_URL:=https://github.com/raspberrypi/linux}
71 KERNEL_URL=${KERNEL_URL:=https://github.com/raspberrypi/linux}
63 FIRMWARE_URL=${FIRMWARE_URL:=https://github.com/raspberrypi/firmware/raw/master/boot}
72 FIRMWARE_URL=${FIRMWARE_URL:=https://github.com/raspberrypi/firmware/raw/master/boot}
64 WLAN_FIRMWARE_URL=${WLAN_FIRMWARE_URL:=https://github.com/RPi-Distro/firmware-nonfree/raw/master/brcm80211/brcm}
73 WLAN_FIRMWARE_URL=${WLAN_FIRMWARE_URL:=https://github.com/RPi-Distro/firmware-nonfree/raw/master/brcm80211/brcm}
65 COLLABORA_URL=${COLLABORA_URL:=https://repositories.collabora.co.uk/debian}
74 COLLABORA_URL=${COLLABORA_URL:=https://repositories.collabora.co.uk/debian}
66 FBTURBO_URL=${FBTURBO_URL:=https://github.com/ssvb/xf86-video-fbturbo.git}
75 FBTURBO_URL=${FBTURBO_URL:=https://github.com/ssvb/xf86-video-fbturbo.git}
67 UBOOT_URL=${UBOOT_URL:=git://git.denx.de/u-boot.git}
76 UBOOT_URL=${UBOOT_URL:=git://git.denx.de/u-boot.git}
68
77
69 # Build directories
78 # Build directories
70 BASEDIR=${BASEDIR:=$(pwd)/images/${RELEASE}}
79 BASEDIR=${BASEDIR:=$(pwd)/images/${RELEASE}}
71 BUILDDIR="${BASEDIR}/build"
80 BUILDDIR="${BASEDIR}/build"
72
81
73 # Prepare date string for default image file name
82 # Prepare date string for default image file name
74 DATE="$(date +%Y-%m-%d)"
83 DATE="$(date +%Y-%m-%d)"
75 if [ -z "$KERNEL_BRANCH" ] ; then
84 if [ -z "$KERNEL_BRANCH" ] ; then
76 IMAGE_NAME=${IMAGE_NAME:=${BASEDIR}/${DATE}-${KERNEL_ARCH}-CURRENT-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}}
85 IMAGE_NAME=${IMAGE_NAME:=${BASEDIR}/${DATE}-${KERNEL_ARCH}-CURRENT-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}}
77 else
86 else
78 IMAGE_NAME=${IMAGE_NAME:=${BASEDIR}/${DATE}-${KERNEL_ARCH}-${KERNEL_BRANCH}-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}}
87 IMAGE_NAME=${IMAGE_NAME:=${BASEDIR}/${DATE}-${KERNEL_ARCH}-${KERNEL_BRANCH}-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}}
79 fi
88 fi
80
89
81 # Chroot directories
90 # Chroot directories
82 R="${BUILDDIR}/chroot"
91 R="${BUILDDIR}/chroot"
83 ETC_DIR="${R}/etc"
92 ETC_DIR="${R}/etc"
84 LIB_DIR="${R}/lib"
93 LIB_DIR="${R}/lib"
85 BOOT_DIR="${R}/boot/firmware"
94 BOOT_DIR="${R}/boot/firmware"
86 KERNEL_DIR="${R}/usr/src/linux"
95 KERNEL_DIR="${R}/usr/src/linux"
87 WLAN_FIRMWARE_DIR="${R}/lib/firmware/brcm"
96 WLAN_FIRMWARE_DIR="${R}/lib/firmware/brcm"
88
97
89 # Firmware directory: Blank if download from github
98 # Firmware directory: Blank if download from github
90 RPI_FIRMWARE_DIR=${RPI_FIRMWARE_DIR:=""}
99 RPI_FIRMWARE_DIR=${RPI_FIRMWARE_DIR:=""}
91
100
92 # General settings
101 # General settings
93 HOSTNAME=${HOSTNAME:=rpi${RPI_MODEL}-${RELEASE}}
102 HOSTNAME=${HOSTNAME:=rpi${RPI_MODEL}-${RELEASE}}
94 PASSWORD=${PASSWORD:=raspberry}
103 PASSWORD=${PASSWORD:=raspberry}
95 USER_PASSWORD=${USER_PASSWORD:=raspberry}
104 USER_PASSWORD=${USER_PASSWORD:=raspberry}
96 DEFLOCAL=${DEFLOCAL:="en_US.UTF-8"}
105 DEFLOCAL=${DEFLOCAL:="en_US.UTF-8"}
97 TIMEZONE=${TIMEZONE:="Europe/Berlin"}
106 TIMEZONE=${TIMEZONE:="Europe/Berlin"}
98 EXPANDROOT=${EXPANDROOT:=true}
107 EXPANDROOT=${EXPANDROOT:=true}
99
108
100 # Keyboard settings
109 # Keyboard settings
101 XKB_MODEL=${XKB_MODEL:=""}
110 XKB_MODEL=${XKB_MODEL:=""}
102 XKB_LAYOUT=${XKB_LAYOUT:=""}
111 XKB_LAYOUT=${XKB_LAYOUT:=""}
103 XKB_VARIANT=${XKB_VARIANT:=""}
112 XKB_VARIANT=${XKB_VARIANT:=""}
104 XKB_OPTIONS=${XKB_OPTIONS:=""}
113 XKB_OPTIONS=${XKB_OPTIONS:=""}
105
114
106 # Network settings (DHCP)
115 # Network settings (DHCP)
107 ENABLE_DHCP=${ENABLE_DHCP:=true}
116 ENABLE_DHCP=${ENABLE_DHCP:=true}
108
117
109 # Network settings (static)
118 # Network settings (static)
110 NET_ADDRESS=${NET_ADDRESS:=""}
119 NET_ADDRESS=${NET_ADDRESS:=""}
111 NET_GATEWAY=${NET_GATEWAY:=""}
120 NET_GATEWAY=${NET_GATEWAY:=""}
112 NET_DNS_1=${NET_DNS_1:=""}
121 NET_DNS_1=${NET_DNS_1:=""}
113 NET_DNS_2=${NET_DNS_2:=""}
122 NET_DNS_2=${NET_DNS_2:=""}
114 NET_DNS_DOMAINS=${NET_DNS_DOMAINS:=""}
123 NET_DNS_DOMAINS=${NET_DNS_DOMAINS:=""}
115 NET_NTP_1=${NET_NTP_1:=""}
124 NET_NTP_1=${NET_NTP_1:=""}
116 NET_NTP_2=${NET_NTP_2:=""}
125 NET_NTP_2=${NET_NTP_2:=""}
117
126
118 # APT settings
127 # APT settings
119 APT_PROXY=${APT_PROXY:=""}
128 APT_PROXY=${APT_PROXY:=""}
120 APT_SERVER=${APT_SERVER:="ftp.debian.org"}
129 APT_SERVER=${APT_SERVER:="ftp.debian.org"}
121
130
122 # Feature settings
131 # Feature settings
123 ENABLE_CONSOLE=${ENABLE_CONSOLE:=true}
132 ENABLE_CONSOLE=${ENABLE_CONSOLE:=true}
124 ENABLE_I2C=${ENABLE_I2C:=false}
133 ENABLE_I2C=${ENABLE_I2C:=false}
125 ENABLE_SPI=${ENABLE_SPI:=false}
134 ENABLE_SPI=${ENABLE_SPI:=false}
126 ENABLE_IPV6=${ENABLE_IPV6:=true}
135 ENABLE_IPV6=${ENABLE_IPV6:=true}
127 ENABLE_SSHD=${ENABLE_SSHD:=true}
136 ENABLE_SSHD=${ENABLE_SSHD:=true}
128 ENABLE_NONFREE=${ENABLE_NONFREE:=false}
137 ENABLE_NONFREE=${ENABLE_NONFREE:=false}
129 ENABLE_WIRELESS=${ENABLE_WIRELESS:=false}
138 ENABLE_WIRELESS=${ENABLE_WIRELESS:=false}
130 ENABLE_SOUND=${ENABLE_SOUND:=true}
139 ENABLE_SOUND=${ENABLE_SOUND:=true}
131 ENABLE_DBUS=${ENABLE_DBUS:=true}
140 ENABLE_DBUS=${ENABLE_DBUS:=true}
132 ENABLE_HWRANDOM=${ENABLE_HWRANDOM:=true}
141 ENABLE_HWRANDOM=${ENABLE_HWRANDOM:=true}
133 ENABLE_MINGPU=${ENABLE_MINGPU:=false}
142 ENABLE_MINGPU=${ENABLE_MINGPU:=false}
134 ENABLE_XORG=${ENABLE_XORG:=false}
143 ENABLE_XORG=${ENABLE_XORG:=false}
135 ENABLE_WM=${ENABLE_WM:=""}
144 ENABLE_WM=${ENABLE_WM:=""}
136 ENABLE_RSYSLOG=${ENABLE_RSYSLOG:=true}
145 ENABLE_RSYSLOG=${ENABLE_RSYSLOG:=true}
137 ENABLE_USER=${ENABLE_USER:=true}
146 ENABLE_USER=${ENABLE_USER:=true}
138 USER_NAME=${USER_NAME:="pi"}
147 USER_NAME=${USER_NAME:="pi"}
139 ENABLE_ROOT=${ENABLE_ROOT:=false}
148 ENABLE_ROOT=${ENABLE_ROOT:=false}
140
149
141 # SSH settings
150 # SSH settings
142 SSH_ENABLE_ROOT=${SSH_ENABLE_ROOT:=false}
151 SSH_ENABLE_ROOT=${SSH_ENABLE_ROOT:=false}
143 SSH_DISABLE_PASSWORD_AUTH=${SSH_DISABLE_PASSWORD_AUTH:=false}
152 SSH_DISABLE_PASSWORD_AUTH=${SSH_DISABLE_PASSWORD_AUTH:=false}
144 SSH_LIMIT_USERS=${SSH_LIMIT_USERS:=false}
153 SSH_LIMIT_USERS=${SSH_LIMIT_USERS:=false}
145 SSH_ROOT_PUB_KEY=${SSH_ROOT_PUB_KEY:=""}
154 SSH_ROOT_PUB_KEY=${SSH_ROOT_PUB_KEY:=""}
146 SSH_USER_PUB_KEY=${SSH_USER_PUB_KEY:=""}
155 SSH_USER_PUB_KEY=${SSH_USER_PUB_KEY:=""}
147
156
148 # Advanced settings
157 # Advanced settings
149 ENABLE_MINBASE=${ENABLE_MINBASE:=false}
158 ENABLE_MINBASE=${ENABLE_MINBASE:=false}
150 ENABLE_REDUCE=${ENABLE_REDUCE:=false}
159 ENABLE_REDUCE=${ENABLE_REDUCE:=false}
151 ENABLE_UBOOT=${ENABLE_UBOOT:=false}
160 ENABLE_UBOOT=${ENABLE_UBOOT:=false}
152 UBOOTSRC_DIR=${UBOOTSRC_DIR:=""}
161 UBOOTSRC_DIR=${UBOOTSRC_DIR:=""}
153 ENABLE_FBTURBO=${ENABLE_FBTURBO:=false}
162 ENABLE_FBTURBO=${ENABLE_FBTURBO:=false}
154 FBTURBOSRC_DIR=${FBTURBOSRC_DIR:=""}
163 FBTURBOSRC_DIR=${FBTURBOSRC_DIR:=""}
155 ENABLE_HARDNET=${ENABLE_HARDNET:=false}
164 ENABLE_HARDNET=${ENABLE_HARDNET:=false}
156 ENABLE_IPTABLES=${ENABLE_IPTABLES:=false}
165 ENABLE_IPTABLES=${ENABLE_IPTABLES:=false}
157 ENABLE_SPLITFS=${ENABLE_SPLITFS:=false}
166 ENABLE_SPLITFS=${ENABLE_SPLITFS:=false}
158 ENABLE_INITRAMFS=${ENABLE_INITRAMFS:=false}
167 ENABLE_INITRAMFS=${ENABLE_INITRAMFS:=false}
159 ENABLE_IFNAMES=${ENABLE_IFNAMES:=true}
168 ENABLE_IFNAMES=${ENABLE_IFNAMES:=true}
160 DISABLE_UNDERVOLT_WARNINGS=${DISABLE_UNDERVOLT_WARNINGS:=}
169 DISABLE_UNDERVOLT_WARNINGS=${DISABLE_UNDERVOLT_WARNINGS:=}
161
170
162 # Kernel compilation settings
171 # Kernel compilation settings
163 BUILD_KERNEL=${BUILD_KERNEL:=false}
172 BUILD_KERNEL=${BUILD_KERNEL:=false}
164 KERNEL_REDUCE=${KERNEL_REDUCE:=false}
173 KERNEL_REDUCE=${KERNEL_REDUCE:=false}
165 KERNEL_THREADS=${KERNEL_THREADS:=1}
174 KERNEL_THREADS=${KERNEL_THREADS:=1}
166 KERNEL_HEADERS=${KERNEL_HEADERS:=true}
175 KERNEL_HEADERS=${KERNEL_HEADERS:=true}
167 KERNEL_MENUCONFIG=${KERNEL_MENUCONFIG:=false}
176 KERNEL_MENUCONFIG=${KERNEL_MENUCONFIG:=false}
168 KERNEL_REMOVESRC=${KERNEL_REMOVESRC:=true}
177 KERNEL_REMOVESRC=${KERNEL_REMOVESRC:=true}
178 if [ "$KERNEL_ARCH" = "arm64" ] ; then
179 KERNEL_BIN_IMAGE=${KERNEL_BIN_IMAGE:="Image"}
180 else
169 KERNEL_BIN_IMAGE=${KERNEL_BIN_IMAGE:="zImage"}
181 KERNEL_BIN_IMAGE=${KERNEL_BIN_IMAGE:="zImage"}
182 fi
170
183
171 # Kernel compilation from source directory settings
184 # Kernel compilation from source directory settings
172 KERNELSRC_DIR=${KERNELSRC_DIR:=""}
185 KERNELSRC_DIR=${KERNELSRC_DIR:=""}
173 KERNELSRC_CLEAN=${KERNELSRC_CLEAN:=false}
186 KERNELSRC_CLEAN=${KERNELSRC_CLEAN:=false}
174 KERNELSRC_CONFIG=${KERNELSRC_CONFIG:=true}
187 KERNELSRC_CONFIG=${KERNELSRC_CONFIG:=true}
175 KERNELSRC_PREBUILT=${KERNELSRC_PREBUILT:=false}
188 KERNELSRC_PREBUILT=${KERNELSRC_PREBUILT:=false}
176
189
177 # Reduce disk usage settings
190 # Reduce disk usage settings
178 REDUCE_APT=${REDUCE_APT:=true}
191 REDUCE_APT=${REDUCE_APT:=true}
179 REDUCE_DOC=${REDUCE_DOC:=true}
192 REDUCE_DOC=${REDUCE_DOC:=true}
180 REDUCE_MAN=${REDUCE_MAN:=true}
193 REDUCE_MAN=${REDUCE_MAN:=true}
181 REDUCE_VIM=${REDUCE_VIM:=false}
194 REDUCE_VIM=${REDUCE_VIM:=false}
182 REDUCE_BASH=${REDUCE_BASH:=false}
195 REDUCE_BASH=${REDUCE_BASH:=false}
183 REDUCE_HWDB=${REDUCE_HWDB:=true}
196 REDUCE_HWDB=${REDUCE_HWDB:=true}
184 REDUCE_SSHD=${REDUCE_SSHD:=true}
197 REDUCE_SSHD=${REDUCE_SSHD:=true}
185 REDUCE_LOCALE=${REDUCE_LOCALE:=true}
198 REDUCE_LOCALE=${REDUCE_LOCALE:=true}
186
199
187 # Encrypted filesystem settings
200 # Encrypted filesystem settings
188 ENABLE_CRYPTFS=${ENABLE_CRYPTFS:=false}
201 ENABLE_CRYPTFS=${ENABLE_CRYPTFS:=false}
189 CRYPTFS_PASSWORD=${CRYPTFS_PASSWORD:=""}
202 CRYPTFS_PASSWORD=${CRYPTFS_PASSWORD:=""}
190 CRYPTFS_MAPPING=${CRYPTFS_MAPPING:="secure"}
203 CRYPTFS_MAPPING=${CRYPTFS_MAPPING:="secure"}
191 CRYPTFS_CIPHER=${CRYPTFS_CIPHER:="aes-xts-plain64:sha512"}
204 CRYPTFS_CIPHER=${CRYPTFS_CIPHER:="aes-xts-plain64:sha512"}
192 CRYPTFS_XTSKEYSIZE=${CRYPTFS_XTSKEYSIZE:=512}
205 CRYPTFS_XTSKEYSIZE=${CRYPTFS_XTSKEYSIZE:=512}
193
206
194 # Stop the Crypto Wars
207 # Stop the Crypto Wars
195 DISABLE_FBI=${DISABLE_FBI:=false}
208 DISABLE_FBI=${DISABLE_FBI:=false}
196
209
197 # Chroot scripts directory
210 # Chroot scripts directory
198 CHROOT_SCRIPTS=${CHROOT_SCRIPTS:=""}
211 CHROOT_SCRIPTS=${CHROOT_SCRIPTS:=""}
199
212
200 # Packages required in the chroot build environment
213 # Packages required in the chroot build environment
201 APT_INCLUDES=${APT_INCLUDES:=""}
214 APT_INCLUDES=${APT_INCLUDES:=""}
202 APT_INCLUDES="${APT_INCLUDES},apt-transport-https,apt-utils,ca-certificates,debian-archive-keyring,dialog,sudo,systemd,sysvinit-utils"
215 APT_INCLUDES="${APT_INCLUDES},apt-transport-https,apt-utils,ca-certificates,debian-archive-keyring,dialog,sudo,systemd,sysvinit-utils"
203
216
204 # Packages required for bootstrapping
217 # Packages required for bootstrapping
205 REQUIRED_PACKAGES="debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git bc psmisc dbus sudo"
218 REQUIRED_PACKAGES="debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git bc psmisc dbus sudo"
206 MISSING_PACKAGES=""
219 MISSING_PACKAGES=""
207
220
208 # Packages installed for c/c++ build environment in chroot (keep empty)
221 # Packages installed for c/c++ build environment in chroot (keep empty)
209 COMPILER_PACKAGES=""
222 COMPILER_PACKAGES=""
210
223
211 set +x
224 set +x
212
225
213 # Set Raspberry Pi model specific configuration
226 # Set Raspberry Pi model specific configuration
214 if [ "$RPI_MODEL" = 2 ] ; then
227 if [ "$RPI_MODEL" = 2 ] ; then
215 DTB_FILE=${RPI2_DTB_FILE}
228 DTB_FILE=${RPI2_DTB_FILE}
216 UBOOT_CONFIG=${RPI2_UBOOT_CONFIG}
229 UBOOT_CONFIG=${RPI2_UBOOT_CONFIG}
217 elif [ "$RPI_MODEL" = 3 ] ; then
230 elif [ "$RPI_MODEL" = 3 ] ; then
218 DTB_FILE=${RPI3_DTB_FILE}
231 DTB_FILE=${RPI3_DTB_FILE}
219 UBOOT_CONFIG=${RPI3_UBOOT_CONFIG}
232 UBOOT_CONFIG=${RPI3_UBOOT_CONFIG}
220 BUILD_KERNEL=true
233 BUILD_KERNEL=true
221 else
234 else
222 echo "error: Raspberry Pi model ${RPI_MODEL} is not supported!"
235 echo "error: Raspberry Pi model ${RPI_MODEL} is not supported!"
223 exit 1
236 exit 1
224 fi
237 fi
225
238
226 # Check if the internal wireless interface is supported by the RPi model
239 # Check if the internal wireless interface is supported by the RPi model
227 if [ "$ENABLE_WIRELESS" = true ] && [ "$RPI_MODEL" != 3 ] ; then
240 if [ "$ENABLE_WIRELESS" = true ] && [ "$RPI_MODEL" != 3 ] ; then
228 echo "error: The selected Raspberry Pi model has no internal wireless interface"
241 echo "error: The selected Raspberry Pi model has no internal wireless interface"
229 exit 1
242 exit 1
230 fi
243 fi
231
244
232 # Check if DISABLE_UNDERVOLT_WARNINGS parameter value is supported
245 # Check if DISABLE_UNDERVOLT_WARNINGS parameter value is supported
233 if [ ! -z "$DISABLE_UNDERVOLT_WARNINGS" ] ; then
246 if [ ! -z "$DISABLE_UNDERVOLT_WARNINGS" ] ; then
234 if [ "$DISABLE_UNDERVOLT_WARNINGS" != 1 ] && [ "$DISABLE_UNDERVOLT_WARNINGS" != 2 ] ; then
247 if [ "$DISABLE_UNDERVOLT_WARNINGS" != 1 ] && [ "$DISABLE_UNDERVOLT_WARNINGS" != 2 ] ; then
235 echo "error: DISABLE_UNDERVOLT_WARNINGS=${DISABLE_UNDERVOLT_WARNINGS} is not supported"
248 echo "error: DISABLE_UNDERVOLT_WARNINGS=${DISABLE_UNDERVOLT_WARNINGS} is not supported"
236 exit 1
249 exit 1
237 fi
250 fi
238 fi
251 fi
239
252
240 # Build RPi2/3 Linux kernel if required by Debian release
253 # Build RPi2/3 Linux kernel if required by Debian release
241 if [ "$RELEASE" = "stretch" ] ; then
254 if [ "$RELEASE" = "stretch" ] ; then
242 BUILD_KERNEL=true
255 BUILD_KERNEL=true
243 fi
256 fi
244
257
245 # Add packages required for kernel cross compilation
258 # Add packages required for kernel cross compilation
246 if [ "$BUILD_KERNEL" = true ] ; then
259 if [ "$BUILD_KERNEL" = true ] ; then
247 if [ "$KERNEL_ARCH" = "arm" ] ; then
260 if [ "$KERNEL_ARCH" = "arm" ] ; then
248 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-armhf"
261 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-armhf"
249 else
262 else
250 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-arm64"
263 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-arm64"
251 fi
264 fi
252 fi
265 fi
253
266
254 # Add libncurses5 to enable kernel menuconfig
267 # Add libncurses5 to enable kernel menuconfig
255 if [ "$KERNEL_MENUCONFIG" = true ] ; then
268 if [ "$KERNEL_MENUCONFIG" = true ] ; then
256 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} libncurses5-dev"
269 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} libncurses5-dev"
257 fi
270 fi
258
271
259 # Stop the Crypto Wars
272 # Stop the Crypto Wars
260 if [ "$DISABLE_FBI" = true ] ; then
273 if [ "$DISABLE_FBI" = true ] ; then
261 ENABLE_CRYPTFS=true
274 ENABLE_CRYPTFS=true
262 fi
275 fi
263
276
264 # Add cryptsetup package to enable filesystem encryption
277 # Add cryptsetup package to enable filesystem encryption
265 if [ "$ENABLE_CRYPTFS" = true ] && [ "$BUILD_KERNEL" = true ] ; then
278 if [ "$ENABLE_CRYPTFS" = true ] && [ "$BUILD_KERNEL" = true ] ; then
266 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} cryptsetup"
279 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} cryptsetup"
267 APT_INCLUDES="${APT_INCLUDES},cryptsetup"
280 APT_INCLUDES="${APT_INCLUDES},cryptsetup"
268
281
269 if [ -z "$CRYPTFS_PASSWORD" ] ; then
282 if [ -z "$CRYPTFS_PASSWORD" ] ; then
270 echo "error: no password defined (CRYPTFS_PASSWORD)!"
283 echo "error: no password defined (CRYPTFS_PASSWORD)!"
271 exit 1
284 exit 1
272 fi
285 fi
273 ENABLE_INITRAMFS=true
286 ENABLE_INITRAMFS=true
274 fi
287 fi
275
288
276 # Add initramfs generation tools
289 # Add initramfs generation tools
277 if [ "$ENABLE_INITRAMFS" = true ] && [ "$BUILD_KERNEL" = true ] ; then
290 if [ "$ENABLE_INITRAMFS" = true ] && [ "$BUILD_KERNEL" = true ] ; then
278 APT_INCLUDES="${APT_INCLUDES},initramfs-tools"
291 APT_INCLUDES="${APT_INCLUDES},initramfs-tools"
279 fi
292 fi
280
293
281 # Add device-tree-compiler required for building the U-Boot bootloader
294 # Add device-tree-compiler required for building the U-Boot bootloader
282 if [ "$ENABLE_UBOOT" = true ] ; then
295 if [ "$ENABLE_UBOOT" = true ] ; then
283 APT_INCLUDES="${APT_INCLUDES},device-tree-compiler"
296 APT_INCLUDES="${APT_INCLUDES},device-tree-compiler"
284 fi
297 fi
285
298
286 # Check if root SSH (v2) public key file exists
299 # Check if root SSH (v2) public key file exists
287 if [ ! -z "$SSH_ROOT_PUB_KEY" ] ; then
300 if [ ! -z "$SSH_ROOT_PUB_KEY" ] ; then
288 if [ ! -f "$SSH_ROOT_PUB_KEY" ] ; then
301 if [ ! -f "$SSH_ROOT_PUB_KEY" ] ; then
289 echo "error: '$SSH_ROOT_PUB_KEY' specified SSH public key file not found (SSH_ROOT_PUB_KEY)!"
302 echo "error: '$SSH_ROOT_PUB_KEY' specified SSH public key file not found (SSH_ROOT_PUB_KEY)!"
290 exit 1
303 exit 1
291 fi
304 fi
292 fi
305 fi
293
306
294 # Check if $USER_NAME SSH (v2) public key file exists
307 # Check if $USER_NAME SSH (v2) public key file exists
295 if [ ! -z "$SSH_USER_PUB_KEY" ] ; then
308 if [ ! -z "$SSH_USER_PUB_KEY" ] ; then
296 if [ ! -f "$SSH_USER_PUB_KEY" ] ; then
309 if [ ! -f "$SSH_USER_PUB_KEY" ] ; then
297 echo "error: '$SSH_USER_PUB_KEY' specified SSH public key file not found (SSH_USER_PUB_KEY)!"
310 echo "error: '$SSH_USER_PUB_KEY' specified SSH public key file not found (SSH_USER_PUB_KEY)!"
298 exit 1
311 exit 1
299 fi
312 fi
300 fi
313 fi
301
314
302 # Check if all required packages are installed on the build system
315 # Check if all required packages are installed on the build system
303 for package in $REQUIRED_PACKAGES ; do
316 for package in $REQUIRED_PACKAGES ; do
304 if [ "`dpkg-query -W -f='${Status}' $package`" != "install ok installed" ] ; then
317 if [ "`dpkg-query -W -f='${Status}' $package`" != "install ok installed" ] ; then
305 MISSING_PACKAGES="${MISSING_PACKAGES} $package"
318 MISSING_PACKAGES="${MISSING_PACKAGES} $package"
306 fi
319 fi
307 done
320 done
308
321
309 # If there are missing packages ask confirmation for install, or exit
322 # If there are missing packages ask confirmation for install, or exit
310 if [ -n "$MISSING_PACKAGES" ] ; then
323 if [ -n "$MISSING_PACKAGES" ] ; then
311 echo "the following packages needed by this script are not installed:"
324 echo "the following packages needed by this script are not installed:"
312 echo "$MISSING_PACKAGES"
325 echo "$MISSING_PACKAGES"
313
326
314 echo -n "\ndo you want to install the missing packages right now? [y/n] "
327 echo -n "\ndo you want to install the missing packages right now? [y/n] "
315 read confirm
328 read confirm
316 [ "$confirm" != "y" ] && exit 1
329 [ "$confirm" != "y" ] && exit 1
317
330
318 # Make sure all missing required packages are installed
331 # Make sure all missing required packages are installed
319 apt-get -qq -y install ${MISSING_PACKAGES}
332 apt-get -qq -y install ${MISSING_PACKAGES}
320 fi
333 fi
321
334
322 # Check if ./bootstrap.d directory exists
335 # Check if ./bootstrap.d directory exists
323 if [ ! -d "./bootstrap.d/" ] ; then
336 if [ ! -d "./bootstrap.d/" ] ; then
324 echo "error: './bootstrap.d' required directory not found!"
337 echo "error: './bootstrap.d' required directory not found!"
325 exit 1
338 exit 1
326 fi
339 fi
327
340
328 # Check if ./files directory exists
341 # Check if ./files directory exists
329 if [ ! -d "./files/" ] ; then
342 if [ ! -d "./files/" ] ; then
330 echo "error: './files' required directory not found!"
343 echo "error: './files' required directory not found!"
331 exit 1
344 exit 1
332 fi
345 fi
333
346
334 # Check if specified KERNELSRC_DIR directory exists
347 # Check if specified KERNELSRC_DIR directory exists
335 if [ -n "$KERNELSRC_DIR" ] && [ ! -d "$KERNELSRC_DIR" ] ; then
348 if [ -n "$KERNELSRC_DIR" ] && [ ! -d "$KERNELSRC_DIR" ] ; then
336 echo "error: '${KERNELSRC_DIR}' specified directory not found (KERNELSRC_DIR)!"
349 echo "error: '${KERNELSRC_DIR}' specified directory not found (KERNELSRC_DIR)!"
337 exit 1
350 exit 1
338 fi
351 fi
339
352
340 # Check if specified UBOOTSRC_DIR directory exists
353 # Check if specified UBOOTSRC_DIR directory exists
341 if [ -n "$UBOOTSRC_DIR" ] && [ ! -d "$UBOOTSRC_DIR" ] ; then
354 if [ -n "$UBOOTSRC_DIR" ] && [ ! -d "$UBOOTSRC_DIR" ] ; then
342 echo "error: '${UBOOTSRC_DIR}' specified directory not found (UBOOTSRC_DIR)!"
355 echo "error: '${UBOOTSRC_DIR}' specified directory not found (UBOOTSRC_DIR)!"
343 exit 1
356 exit 1
344 fi
357 fi
345
358
346 # Check if specified FBTURBOSRC_DIR directory exists
359 # Check if specified FBTURBOSRC_DIR directory exists
347 if [ -n "$FBTURBOSRC_DIR" ] && [ ! -d "$FBTURBOSRC_DIR" ] ; then
360 if [ -n "$FBTURBOSRC_DIR" ] && [ ! -d "$FBTURBOSRC_DIR" ] ; then
348 echo "error: '${FBTURBOSRC_DIR}' specified directory not found (FBTURBOSRC_DIR)!"
361 echo "error: '${FBTURBOSRC_DIR}' specified directory not found (FBTURBOSRC_DIR)!"
349 exit 1
362 exit 1
350 fi
363 fi
351
364
352 # Check if specified CHROOT_SCRIPTS directory exists
365 # Check if specified CHROOT_SCRIPTS directory exists
353 if [ -n "$CHROOT_SCRIPTS" ] && [ ! -d "$CHROOT_SCRIPTS" ] ; then
366 if [ -n "$CHROOT_SCRIPTS" ] && [ ! -d "$CHROOT_SCRIPTS" ] ; then
354 echo "error: ${CHROOT_SCRIPTS} specified directory not found (CHROOT_SCRIPTS)!"
367 echo "error: ${CHROOT_SCRIPTS} specified directory not found (CHROOT_SCRIPTS)!"
355 exit 1
368 exit 1
356 fi
369 fi
357
370
358 # Check if specified device mapping already exists (will be used by cryptsetup)
371 # Check if specified device mapping already exists (will be used by cryptsetup)
359 if [ -r "/dev/mapping/${CRYPTFS_MAPPING}" ] ; then
372 if [ -r "/dev/mapping/${CRYPTFS_MAPPING}" ] ; then
360 echo "error: mapping /dev/mapping/${CRYPTFS_MAPPING} already exists, not proceeding"
373 echo "error: mapping /dev/mapping/${CRYPTFS_MAPPING} already exists, not proceeding"
361 exit 1
374 exit 1
362 fi
375 fi
363
376
364 # Don't clobber an old build
377 # Don't clobber an old build
365 if [ -e "$BUILDDIR" ] ; then
378 if [ -e "$BUILDDIR" ] ; then
366 echo "error: directory ${BUILDDIR} already exists, not proceeding"
379 echo "error: directory ${BUILDDIR} already exists, not proceeding"
367 exit 1
380 exit 1
368 fi
381 fi
369
382
370 # Setup chroot directory
383 # Setup chroot directory
371 mkdir -p "${R}"
384 mkdir -p "${R}"
372
385
373 # Check if build directory has enough of free disk space >512MB
386 # Check if build directory has enough of free disk space >512MB
374 if [ "$(df --output=avail ${BUILDDIR} | sed "1d")" -le "524288" ] ; then
387 if [ "$(df --output=avail ${BUILDDIR} | sed "1d")" -le "524288" ] ; then
375 echo "error: ${BUILDDIR} not enough space left to generate the output image!"
388 echo "error: ${BUILDDIR} not enough space left to generate the output image!"
376 exit 1
389 exit 1
377 fi
390 fi
378
391
379 set -x
392 set -x
380
393
381 # Call "cleanup" function on various signals and errors
394 # Call "cleanup" function on various signals and errors
382 trap cleanup 0 1 2 3 6
395 trap cleanup 0 1 2 3 6
383
396
384 # Add required packages for the minbase installation
397 # Add required packages for the minbase installation
385 if [ "$ENABLE_MINBASE" = true ] ; then
398 if [ "$ENABLE_MINBASE" = true ] ; then
386 APT_INCLUDES="${APT_INCLUDES},vim-tiny,netbase,net-tools,ifupdown"
399 APT_INCLUDES="${APT_INCLUDES},vim-tiny,netbase,net-tools,ifupdown"
387 fi
400 fi
388
401
389 # Add required locales packages
402 # Add required locales packages
390 if [ "$DEFLOCAL" != "en_US.UTF-8" ] ; then
403 if [ "$DEFLOCAL" != "en_US.UTF-8" ] ; then
391 APT_INCLUDES="${APT_INCLUDES},locales,keyboard-configuration,console-setup"
404 APT_INCLUDES="${APT_INCLUDES},locales,keyboard-configuration,console-setup"
392 fi
405 fi
393
406
394 # Add parted package, required to get partprobe utility
407 # Add parted package, required to get partprobe utility
395 if [ "$EXPANDROOT" = true ] ; then
408 if [ "$EXPANDROOT" = true ] ; then
396 APT_INCLUDES="${APT_INCLUDES},parted"
409 APT_INCLUDES="${APT_INCLUDES},parted"
397 fi
410 fi
398
411
399 # Add dbus package, recommended if using systemd
412 # Add dbus package, recommended if using systemd
400 if [ "$ENABLE_DBUS" = true ] ; then
413 if [ "$ENABLE_DBUS" = true ] ; then
401 APT_INCLUDES="${APT_INCLUDES},dbus"
414 APT_INCLUDES="${APT_INCLUDES},dbus"
402 fi
415 fi
403
416
404 # Add iptables IPv4/IPv6 package
417 # Add iptables IPv4/IPv6 package
405 if [ "$ENABLE_IPTABLES" = true ] ; then
418 if [ "$ENABLE_IPTABLES" = true ] ; then
406 APT_INCLUDES="${APT_INCLUDES},iptables"
419 APT_INCLUDES="${APT_INCLUDES},iptables"
407 fi
420 fi
408
421
409 # Add openssh server package
422 # Add openssh server package
410 if [ "$ENABLE_SSHD" = true ] ; then
423 if [ "$ENABLE_SSHD" = true ] ; then
411 APT_INCLUDES="${APT_INCLUDES},openssh-server"
424 APT_INCLUDES="${APT_INCLUDES},openssh-server"
412 fi
425 fi
413
426
414 # Add alsa-utils package
427 # Add alsa-utils package
415 if [ "$ENABLE_SOUND" = true ] ; then
428 if [ "$ENABLE_SOUND" = true ] ; then
416 APT_INCLUDES="${APT_INCLUDES},alsa-utils"
429 APT_INCLUDES="${APT_INCLUDES},alsa-utils"
417 fi
430 fi
418
431
419 # Add rng-tools package
432 # Add rng-tools package
420 if [ "$ENABLE_HWRANDOM" = true ] ; then
433 if [ "$ENABLE_HWRANDOM" = true ] ; then
421 APT_INCLUDES="${APT_INCLUDES},rng-tools"
434 APT_INCLUDES="${APT_INCLUDES},rng-tools"
422 fi
435 fi
423
436
424 # Add fbturbo video driver
437 # Add fbturbo video driver
425 if [ "$ENABLE_FBTURBO" = true ] ; then
438 if [ "$ENABLE_FBTURBO" = true ] ; then
426 # Enable xorg package dependencies
439 # Enable xorg package dependencies
427 ENABLE_XORG=true
440 ENABLE_XORG=true
428 fi
441 fi
429
442
430 # Add user defined window manager package
443 # Add user defined window manager package
431 if [ -n "$ENABLE_WM" ] ; then
444 if [ -n "$ENABLE_WM" ] ; then
432 APT_INCLUDES="${APT_INCLUDES},${ENABLE_WM}"
445 APT_INCLUDES="${APT_INCLUDES},${ENABLE_WM}"
433
446
434 # Enable xorg package dependencies
447 # Enable xorg package dependencies
435 ENABLE_XORG=true
448 ENABLE_XORG=true
436 fi
449 fi
437
450
438 # Add xorg package
451 # Add xorg package
439 if [ "$ENABLE_XORG" = true ] ; then
452 if [ "$ENABLE_XORG" = true ] ; then
440 APT_INCLUDES="${APT_INCLUDES},xorg"
453 APT_INCLUDES="${APT_INCLUDES},xorg"
441 fi
454 fi
442
455
443 # Replace selected packages with smaller clones
456 # Replace selected packages with smaller clones
444 if [ "$ENABLE_REDUCE" = true ] ; then
457 if [ "$ENABLE_REDUCE" = true ] ; then
445 # Add levee package instead of vim-tiny
458 # Add levee package instead of vim-tiny
446 if [ "$REDUCE_VIM" = true ] ; then
459 if [ "$REDUCE_VIM" = true ] ; then
447 APT_INCLUDES="$(echo ${APT_INCLUDES} | sed "s/vim-tiny/levee/")"
460 APT_INCLUDES="$(echo ${APT_INCLUDES} | sed "s/vim-tiny/levee/")"
448 fi
461 fi
449
462
450 # Add dropbear package instead of openssh-server
463 # Add dropbear package instead of openssh-server
451 if [ "$REDUCE_SSHD" = true ] ; then
464 if [ "$REDUCE_SSHD" = true ] ; then
452 APT_INCLUDES="$(echo ${APT_INCLUDES} | sed "s/openssh-server/dropbear/")"
465 APT_INCLUDES="$(echo ${APT_INCLUDES} | sed "s/openssh-server/dropbear/")"
453 fi
466 fi
454 fi
467 fi
455
468
456 # Configure kernel sources if no KERNELSRC_DIR
469 # Configure kernel sources if no KERNELSRC_DIR
457 if [ "$BUILD_KERNEL" = true ] && [ -z "$KERNELSRC_DIR" ] ; then
470 if [ "$BUILD_KERNEL" = true ] && [ -z "$KERNELSRC_DIR" ] ; then
458 KERNELSRC_CONFIG=true
471 KERNELSRC_CONFIG=true
459 fi
472 fi
460
473
461 # Configure reduced kernel
474 # Configure reduced kernel
462 if [ "$KERNEL_REDUCE" = true ] ; then
475 if [ "$KERNEL_REDUCE" = true ] ; then
463 KERNELSRC_CONFIG=false
476 KERNELSRC_CONFIG=false
464 fi
477 fi
465
478
466 # Execute bootstrap scripts
479 # Execute bootstrap scripts
467 for SCRIPT in bootstrap.d/*.sh; do
480 for SCRIPT in bootstrap.d/*.sh; do
468 head -n 3 "$SCRIPT"
481 head -n 3 "$SCRIPT"
469 . "$SCRIPT"
482 . "$SCRIPT"
470 done
483 done
471
484
472 ## Execute custom bootstrap scripts
485 ## Execute custom bootstrap scripts
473 if [ -d "custom.d" ] ; then
486 if [ -d "custom.d" ] ; then
474 for SCRIPT in custom.d/*.sh; do
487 for SCRIPT in custom.d/*.sh; do
475 . "$SCRIPT"
488 . "$SCRIPT"
476 done
489 done
477 fi
490 fi
478
491
479 # Execute custom scripts inside the chroot
492 # Execute custom scripts inside the chroot
480 if [ -n "$CHROOT_SCRIPTS" ] && [ -d "$CHROOT_SCRIPTS" ] ; then
493 if [ -n "$CHROOT_SCRIPTS" ] && [ -d "$CHROOT_SCRIPTS" ] ; then
481 cp -r "${CHROOT_SCRIPTS}" "${R}/chroot_scripts"
494 cp -r "${CHROOT_SCRIPTS}" "${R}/chroot_scripts"
482 chroot_exec /bin/bash -x <<'EOF'
495 chroot_exec /bin/bash -x <<'EOF'
483 for SCRIPT in /chroot_scripts/* ; do
496 for SCRIPT in /chroot_scripts/* ; do
484 if [ -f $SCRIPT -a -x $SCRIPT ] ; then
497 if [ -f $SCRIPT -a -x $SCRIPT ] ; then
485 $SCRIPT
498 $SCRIPT
486 fi
499 fi
487 done
500 done
488 EOF
501 EOF
489 rm -rf "${R}/chroot_scripts"
502 rm -rf "${R}/chroot_scripts"
490 fi
503 fi
491
504
492 # Remove c/c++ build environment from the chroot
505 # Remove c/c++ build environment from the chroot
493 chroot_remove_cc
506 chroot_remove_cc
494
507
495 # Remove apt-utils
508 # Remove apt-utils
496 if [ "$RELEASE" = "jessie" ] ; then
509 if [ "$RELEASE" = "jessie" ] ; then
497 chroot_exec apt-get purge -qq -y --force-yes apt-utils
510 chroot_exec apt-get purge -qq -y --force-yes apt-utils
498 fi
511 fi
499
512
500 # Generate required machine-id
513 # Generate required machine-id
501 MACHINE_ID=$(dbus-uuidgen)
514 MACHINE_ID=$(dbus-uuidgen)
502 echo -n "${MACHINE_ID}" > "${R}/var/lib/dbus/machine-id"
515 echo -n "${MACHINE_ID}" > "${R}/var/lib/dbus/machine-id"
503 echo -n "${MACHINE_ID}" > "${ETC_DIR}/machine-id"
516 echo -n "${MACHINE_ID}" > "${ETC_DIR}/machine-id"
504
517
505 # APT Cleanup
518 # APT Cleanup
506 chroot_exec apt-get -y clean
519 chroot_exec apt-get -y clean
507 chroot_exec apt-get -y autoclean
520 chroot_exec apt-get -y autoclean
508 chroot_exec apt-get -y autoremove
521 chroot_exec apt-get -y autoremove
509
522
510 # Unmount mounted filesystems
523 # Unmount mounted filesystems
511 umount -l "${R}/proc"
524 umount -l "${R}/proc"
512 umount -l "${R}/sys"
525 umount -l "${R}/sys"
513
526
514 # Clean up directories
527 # Clean up directories
515 rm -rf "${R}/run/*"
528 rm -rf "${R}/run/*"
516 rm -rf "${R}/tmp/*"
529 rm -rf "${R}/tmp/*"
517
530
518 # Clean up files
531 # Clean up files
519 rm -f "${ETC_DIR}/ssh/ssh_host_*"
532 rm -f "${ETC_DIR}/ssh/ssh_host_*"
520 rm -f "${ETC_DIR}/dropbear/dropbear_*"
533 rm -f "${ETC_DIR}/dropbear/dropbear_*"
521 rm -f "${ETC_DIR}/apt/sources.list.save"
534 rm -f "${ETC_DIR}/apt/sources.list.save"
522 rm -f "${ETC_DIR}/resolvconf/resolv.conf.d/original"
535 rm -f "${ETC_DIR}/resolvconf/resolv.conf.d/original"
523 rm -f "${ETC_DIR}/*-"
536 rm -f "${ETC_DIR}/*-"
524 rm -f "${ETC_DIR}/apt/apt.conf.d/10proxy"
537 rm -f "${ETC_DIR}/apt/apt.conf.d/10proxy"
525 rm -f "${ETC_DIR}/resolv.conf"
538 rm -f "${ETC_DIR}/resolv.conf"
526 rm -f "${R}/root/.bash_history"
539 rm -f "${R}/root/.bash_history"
527 rm -f "${R}/var/lib/urandom/random-seed"
540 rm -f "${R}/var/lib/urandom/random-seed"
528 rm -f "${R}/initrd.img"
541 rm -f "${R}/initrd.img"
529 rm -f "${R}/vmlinuz"
542 rm -f "${R}/vmlinuz"
530 rm -f "${R}${QEMU_BINARY}"
543 rm -f "${R}${QEMU_BINARY}"
531
544
532 # Calculate size of the chroot directory in KB
545 # Calculate size of the chroot directory in KB
533 CHROOT_SIZE=$(expr `du -s "${R}" | awk '{ print $1 }'`)
546 CHROOT_SIZE=$(expr `du -s "${R}" | awk '{ print $1 }'`)
534
547
535 # Calculate the amount of needed 512 Byte sectors
548 # Calculate the amount of needed 512 Byte sectors
536 TABLE_SECTORS=$(expr 1 \* 1024 \* 1024 \/ 512)
549 TABLE_SECTORS=$(expr 1 \* 1024 \* 1024 \/ 512)
537 FRMW_SECTORS=$(expr 64 \* 1024 \* 1024 \/ 512)
550 FRMW_SECTORS=$(expr 64 \* 1024 \* 1024 \/ 512)
538 ROOT_OFFSET=$(expr ${TABLE_SECTORS} + ${FRMW_SECTORS})
551 ROOT_OFFSET=$(expr ${TABLE_SECTORS} + ${FRMW_SECTORS})
539
552
540 # The root partition is EXT4
553 # The root partition is EXT4
541 # This means more space than the actual used space of the chroot is used.
554 # This means more space than the actual used space of the chroot is used.
542 # As overhead for journaling and reserved blocks 25% are added.
555 # As overhead for journaling and reserved blocks 25% are added.
543 ROOT_SECTORS=$(expr $(expr ${CHROOT_SIZE} + ${CHROOT_SIZE} \/ 100 \* 25) \* 1024 \/ 512)
556 ROOT_SECTORS=$(expr $(expr ${CHROOT_SIZE} + ${CHROOT_SIZE} \/ 100 \* 25) \* 1024 \/ 512)
544
557
545 # Calculate required image size in 512 Byte sectors
558 # Calculate required image size in 512 Byte sectors
546 IMAGE_SECTORS=$(expr ${TABLE_SECTORS} + ${FRMW_SECTORS} + ${ROOT_SECTORS})
559 IMAGE_SECTORS=$(expr ${TABLE_SECTORS} + ${FRMW_SECTORS} + ${ROOT_SECTORS})
547
560
548 # Prepare image file
561 # Prepare image file
549 if [ "$ENABLE_SPLITFS" = true ] ; then
562 if [ "$ENABLE_SPLITFS" = true ] ; then
550 dd if=/dev/zero of="$IMAGE_NAME-frmw.img" bs=512 count=${TABLE_SECTORS}
563 dd if=/dev/zero of="$IMAGE_NAME-frmw.img" bs=512 count=${TABLE_SECTORS}
551 dd if=/dev/zero of="$IMAGE_NAME-frmw.img" bs=512 count=0 seek=${FRMW_SECTORS}
564 dd if=/dev/zero of="$IMAGE_NAME-frmw.img" bs=512 count=0 seek=${FRMW_SECTORS}
552 dd if=/dev/zero of="$IMAGE_NAME-root.img" bs=512 count=${TABLE_SECTORS}
565 dd if=/dev/zero of="$IMAGE_NAME-root.img" bs=512 count=${TABLE_SECTORS}
553 dd if=/dev/zero of="$IMAGE_NAME-root.img" bs=512 count=0 seek=${ROOT_SECTORS}
566 dd if=/dev/zero of="$IMAGE_NAME-root.img" bs=512 count=0 seek=${ROOT_SECTORS}
554
567
555 # Write firmware/boot partition tables
568 # Write firmware/boot partition tables
556 sfdisk -q -L -uS -f "$IMAGE_NAME-frmw.img" 2> /dev/null <<EOM
569 sfdisk -q -L -uS -f "$IMAGE_NAME-frmw.img" 2> /dev/null <<EOM
557 ${TABLE_SECTORS},${FRMW_SECTORS},c,*
570 ${TABLE_SECTORS},${FRMW_SECTORS},c,*
558 EOM
571 EOM
559
572
560 # Write root partition table
573 # Write root partition table
561 sfdisk -q -L -uS -f "$IMAGE_NAME-root.img" 2> /dev/null <<EOM
574 sfdisk -q -L -uS -f "$IMAGE_NAME-root.img" 2> /dev/null <<EOM
562 ${TABLE_SECTORS},${ROOT_SECTORS},83
575 ${TABLE_SECTORS},${ROOT_SECTORS},83
563 EOM
576 EOM
564
577
565 # Setup temporary loop devices
578 # Setup temporary loop devices
566 FRMW_LOOP="$(losetup -o 1M --sizelimit 64M -f --show $IMAGE_NAME-frmw.img)"
579 FRMW_LOOP="$(losetup -o 1M --sizelimit 64M -f --show $IMAGE_NAME-frmw.img)"
567 ROOT_LOOP="$(losetup -o 1M -f --show $IMAGE_NAME-root.img)"
580 ROOT_LOOP="$(losetup -o 1M -f --show $IMAGE_NAME-root.img)"
568 else # ENABLE_SPLITFS=false
581 else # ENABLE_SPLITFS=false
569 dd if=/dev/zero of="$IMAGE_NAME.img" bs=512 count=${TABLE_SECTORS}
582 dd if=/dev/zero of="$IMAGE_NAME.img" bs=512 count=${TABLE_SECTORS}
570 dd if=/dev/zero of="$IMAGE_NAME.img" bs=512 count=0 seek=${IMAGE_SECTORS}
583 dd if=/dev/zero of="$IMAGE_NAME.img" bs=512 count=0 seek=${IMAGE_SECTORS}
571
584
572 # Write partition table
585 # Write partition table
573 sfdisk -q -L -uS -f "$IMAGE_NAME.img" 2> /dev/null <<EOM
586 sfdisk -q -L -uS -f "$IMAGE_NAME.img" 2> /dev/null <<EOM
574 ${TABLE_SECTORS},${FRMW_SECTORS},c,*
587 ${TABLE_SECTORS},${FRMW_SECTORS},c,*
575 ${ROOT_OFFSET},${ROOT_SECTORS},83
588 ${ROOT_OFFSET},${ROOT_SECTORS},83
576 EOM
589 EOM
577
590
578 # Setup temporary loop devices
591 # Setup temporary loop devices
579 FRMW_LOOP="$(losetup -o 1M --sizelimit 64M -f --show $IMAGE_NAME.img)"
592 FRMW_LOOP="$(losetup -o 1M --sizelimit 64M -f --show $IMAGE_NAME.img)"
580 ROOT_LOOP="$(losetup -o 65M -f --show $IMAGE_NAME.img)"
593 ROOT_LOOP="$(losetup -o 65M -f --show $IMAGE_NAME.img)"
581 fi
594 fi
582
595
583 if [ "$ENABLE_CRYPTFS" = true ] ; then
596 if [ "$ENABLE_CRYPTFS" = true ] ; then
584 # Create dummy ext4 fs
597 # Create dummy ext4 fs
585 mkfs.ext4 "$ROOT_LOOP"
598 mkfs.ext4 "$ROOT_LOOP"
586
599
587 # Setup password keyfile
600 # Setup password keyfile
588 touch .password
601 touch .password
589 chmod 600 .password
602 chmod 600 .password
590 echo -n ${CRYPTFS_PASSWORD} > .password
603 echo -n ${CRYPTFS_PASSWORD} > .password
591
604
592 # Initialize encrypted partition
605 # Initialize encrypted partition
593 echo "YES" | cryptsetup luksFormat "${ROOT_LOOP}" -c "${CRYPTFS_CIPHER}" -s "${CRYPTFS_XTSKEYSIZE}" .password
606 echo "YES" | cryptsetup luksFormat "${ROOT_LOOP}" -c "${CRYPTFS_CIPHER}" -s "${CRYPTFS_XTSKEYSIZE}" .password
594
607
595 # Open encrypted partition and setup mapping
608 # Open encrypted partition and setup mapping
596 cryptsetup luksOpen "${ROOT_LOOP}" -d .password "${CRYPTFS_MAPPING}"
609 cryptsetup luksOpen "${ROOT_LOOP}" -d .password "${CRYPTFS_MAPPING}"
597
610
598 # Secure delete password keyfile
611 # Secure delete password keyfile
599 shred -zu .password
612 shred -zu .password
600
613
601 # Update temporary loop device
614 # Update temporary loop device
602 ROOT_LOOP="/dev/mapper/${CRYPTFS_MAPPING}"
615 ROOT_LOOP="/dev/mapper/${CRYPTFS_MAPPING}"
603
616
604 # Wipe encrypted partition (encryption cipher is used for randomness)
617 # Wipe encrypted partition (encryption cipher is used for randomness)
605 dd if=/dev/zero of="${ROOT_LOOP}" bs=512 count=$(blockdev --getsz "${ROOT_LOOP}")
618 dd if=/dev/zero of="${ROOT_LOOP}" bs=512 count=$(blockdev --getsz "${ROOT_LOOP}")
606 fi
619 fi
607
620
608 # Build filesystems
621 # Build filesystems
609 mkfs.vfat "$FRMW_LOOP"
622 mkfs.vfat "$FRMW_LOOP"
610 mkfs.ext4 "$ROOT_LOOP"
623 mkfs.ext4 "$ROOT_LOOP"
611
624
612 # Mount the temporary loop devices
625 # Mount the temporary loop devices
613 mkdir -p "$BUILDDIR/mount"
626 mkdir -p "$BUILDDIR/mount"
614 mount "$ROOT_LOOP" "$BUILDDIR/mount"
627 mount "$ROOT_LOOP" "$BUILDDIR/mount"
615
628
616 mkdir -p "$BUILDDIR/mount/boot/firmware"
629 mkdir -p "$BUILDDIR/mount/boot/firmware"
617 mount "$FRMW_LOOP" "$BUILDDIR/mount/boot/firmware"
630 mount "$FRMW_LOOP" "$BUILDDIR/mount/boot/firmware"
618
631
619 # Copy all files from the chroot to the loop device mount point directory
632 # Copy all files from the chroot to the loop device mount point directory
620 rsync -a "${R}/" "$BUILDDIR/mount/"
633 rsync -a "${R}/" "$BUILDDIR/mount/"
621
634
622 # Unmount all temporary loop devices and mount points
635 # Unmount all temporary loop devices and mount points
623 cleanup
636 cleanup
624
637
625 # Create block map file(s) of image(s)
638 # Create block map file(s) of image(s)
626 if [ "$ENABLE_SPLITFS" = true ] ; then
639 if [ "$ENABLE_SPLITFS" = true ] ; then
627 # Create block map files for "bmaptool"
640 # Create block map files for "bmaptool"
628 bmaptool create -o "$IMAGE_NAME-frmw.bmap" "$IMAGE_NAME-frmw.img"
641 bmaptool create -o "$IMAGE_NAME-frmw.bmap" "$IMAGE_NAME-frmw.img"
629 bmaptool create -o "$IMAGE_NAME-root.bmap" "$IMAGE_NAME-root.img"
642 bmaptool create -o "$IMAGE_NAME-root.bmap" "$IMAGE_NAME-root.img"
630
643
631 # Image was successfully created
644 # Image was successfully created
632 echo "$IMAGE_NAME-frmw.img ($(expr \( ${TABLE_SECTORS} + ${FRMW_SECTORS} \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
645 echo "$IMAGE_NAME-frmw.img ($(expr \( ${TABLE_SECTORS} + ${FRMW_SECTORS} \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
633 echo "$IMAGE_NAME-root.img ($(expr \( ${TABLE_SECTORS} + ${ROOT_SECTORS} \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
646 echo "$IMAGE_NAME-root.img ($(expr \( ${TABLE_SECTORS} + ${ROOT_SECTORS} \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
634 else
647 else
635 # Create block map file for "bmaptool"
648 # Create block map file for "bmaptool"
636 bmaptool create -o "$IMAGE_NAME.bmap" "$IMAGE_NAME.img"
649 bmaptool create -o "$IMAGE_NAME.bmap" "$IMAGE_NAME.img"
637
650
638 # Image was successfully created
651 # Image was successfully created
639 echo "$IMAGE_NAME.img ($(expr \( ${TABLE_SECTORS} + ${FRMW_SECTORS} + ${ROOT_SECTORS} \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
652 echo "$IMAGE_NAME.img ($(expr \( ${TABLE_SECTORS} + ${FRMW_SECTORS} + ${ROOT_SECTORS} \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
640 fi
653 fi
General Comments 0
Vous devez vous connecter pour laisser un commentaire. Se connecter maintenant