##// END OF EJS Templates
.,.
Unknown -
r351:c1f79aebdb86
parent child
Show More
@@ -1,499 +1,499
1 1 # rpi23-gen-image
2 2 ## Introduction
3 3 `rpi23-gen-image.sh` is an advanced Debian Linux bootstrapping shell script for generating Debian OS images for Raspberry Pi 2 (RPi2) and Raspberry Pi 3 (RPi3) computers. The script at this time supports the bootstrapping of the Debian (armhf) releases `stretch` and `buster`. Raspberry Pi 3 images are generated for 32-bit mode only. Raspberry Pi 3 64-bit images can be generated using custom configuration parameters (```templates/rpi3-stretch-arm64-4.11.y```).
4 4
5 5 ## Build dependencies
6 6 The following list of Debian packages must be installed on the build system because they are essentially required for the bootstrapping process. The script will check if all required packages are installed and missing packages will be installed automatically if confirmed by the user.
7 7
8 8 ```debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git bc psmisc dbus sudo```
9 9
10 10 It is recommended to configure the `rpi23-gen-image.sh` script to build and install the latest Raspberry Pi Linux kernel. For the RPi3 this is mandatory. Kernel compilation and linking will be performed on the build system using an ARM (armhf) cross-compiler toolchain.
11 11
12 12 The script has been tested using the default `crossbuild-essential-armhf` toolchain meta package on Debian Linux and `stretch` build systems. Please check the [Debian CrossToolchains Wiki](https://wiki.debian.org/CrossToolchains) for further information.
13 13
14 14 ## Command-line parameters
15 15 The script accepts certain command-line parameters to enable or disable specific OS features, services and configuration settings. These parameters are passed to the `rpi23-gen-image.sh` script via (simple) shell-variables. Unlike environment shell-variables (simple) shell-variables are defined at the beginning of the command-line call of the `rpi23-gen-image.sh` script.
16 16
17 17 ##### Command-line examples:
18 18 ```shell
19 19 ENABLE_UBOOT=true ./rpi23-gen-image.sh
20 20 ENABLE_CONSOLE=false ENABLE_IPV6=false ./rpi23-gen-image.sh
21 21 ENABLE_WM=xfce4 ENABLE_FBTURBO=true ENABLE_MINBASE=true ./rpi23-gen-image.sh
22 22 ENABLE_HARDNET=true ENABLE_IPTABLES=true /rpi23-gen-image.sh
23 23 APT_SERVER=ftp.de.debian.org APT_PROXY="http://127.0.0.1:3142/" ./rpi23-gen-image.sh
24 24 ENABLE_MINBASE=true ./rpi23-gen-image.sh
25 25 BUILD_KERNEL=true ENABLE_MINBASE=true ENABLE_IPV6=false ./rpi23-gen-image.sh
26 26 BUILD_KERNEL=true KERNELSRC_DIR=/tmp/linux ./rpi23-gen-image.sh
27 27 ENABLE_MINBASE=true ENABLE_REDUCE=true ENABLE_MINGPU=true BUILD_KERNEL=true ./rpi23-gen-image.sh
28 28 ENABLE_CRYPTFS=true CRYPTFS_PASSWORD=changeme EXPANDROOT=false ENABLE_MINBASE=true ENABLE_REDUCE=true ENABLE_MINGPU=true BUILD_KERNEL=true ./rpi23-gen-image.sh
29 29 RELEASE=stretch BUILD_KERNEL=true ./rpi23-gen-image.sh
30 30 RPI_MODEL=3 ENABLE_WIRELESS=true ENABLE_MINBASE=true BUILD_KERNEL=true ./rpi23-gen-image.sh
31 31 RELEASE=stretch RPI_MODEL=3 ENABLE_WIRELESS=true ENABLE_MINBASE=true BUILD_KERNEL=true ./rpi23-gen-image.sh
32 32 ```
33 33
34 34 ## Configuration template files
35 35 To avoid long lists of command-line parameters and to help to store the favourite parameter configurations the `rpi23-gen-image.sh` script supports so called configuration template files (`CONFIG_TEMPLATE`=template). These are simple text files located in the `./templates` directory that contain the list of configuration parameters that will be used. New configuration template files can be added to the `./templates` directory.
36 36
37 37 ##### Command-line examples:
38 38 ```shell
39 39 CONFIG_TEMPLATE=rpi3stretch ./rpi23-gen-image.sh
40 40 CONFIG_TEMPLATE=rpi2stretch ./rpi23-gen-image.sh
41 41 ```
42 42
43 43 ## Supported parameters and settings
44 44 #### APT settings:
45 45 ##### `APT_SERVER`="ftp.debian.org/debian"
46 46 Set Debian packages server address. Choose a server from the list of Debian worldwide [mirror sites](https://www.debian.org/mirror/list). Using a nearby server will probably speed-up all required downloads within the bootstrapping process.
47 47
48 48 ##### `APT_PROXY`=""
49 49 Set Proxy server address. Using a local Proxy-Cache like `apt-cacher-ng` will speed-up the bootstrapping process because all required Debian packages will only be downloaded from the Debian mirror site once. If `apt-cacher-ng` is running on default `http://127.0.0.1:3142` it is autodetected and you don't need to set this.
50 50
51 51 ##### `APT_INCLUDES`=""
52 52 A comma separated list of additional packages to be installed by debootstrap during bootstrapping.
53 53
54 54 ##### `APT_INCLUDES_LATE`=""
55 55 A comma separated list of additional packages to be installed by apt after bootstrapping and after APT sources are set up. This is useful for packages with pre-depends, which debootstrap do not handle well.
56 56
57 57 ---
58 58
59 59 #### General system settings:
60 60 ##### `RPI_MODEL`=2
61 61 Specifiy the target Raspberry Pi hardware model. The script at this time supports the following Raspberry Pi models:
62 62 `0` = Used for Raspberry Pi 0 and Raspberry Pi 0 W
63 63 `1` = Used for Pi 1 model A and B
64 64 `1P` = Used for Pi 1 model B+ and A+
65 65 `2` = Used for Pi 2 model B
66 66 `3` = Used for Pi 3 model B
67 67 `3P` = Used for Pi 3 model B+
68 68 `BUILD_KERNEL`=true will automatically be set if the Raspberry Pi model `3` or `3P` is used.
69 69
70 70 ##### `RELEASE`="buster"
71 71 Set the desired Debian release name. The script at this time supports the bootstrapping of the Debian releases "stretch" and "buster". `BUILD_KERNEL`=true will automatically be set if the Debian releases `stretch` or `buster` are used.
72 72
73 73 ##### `RELEASE_ARCH`="armhf"
74 74 Set the desired Debian release architecture.
75 75
76 76 ##### `HOSTNAME`="rpi$RPI_MODEL-$RELEASE"
77 77 Set system host name. It's recommended that the host name is unique in the corresponding subnet.
78 78
79 79 ##### `PASSWORD`="raspberry"
80 80 Set system `root` password. It's **STRONGLY** recommended that you choose a custom password.
81 81
82 82 ##### `USER_PASSWORD`="raspberry"
83 83 Set password for the created non-root user `USER_NAME`=pi. Ignored if `ENABLE_USER`=false. It's **STRONGLY** recommended that you choose a custom password.
84 84
85 85 ##### `DEFLOCAL`="en_US.UTF-8"
86 86 Set default system locale. This setting can also be changed inside the running OS using the `dpkg-reconfigure locales` command. Please note that on using this parameter the script will automatically install the required packages `locales`, `keyboard-configuration` and `console-setup`.
87 87
88 88 ##### `TIMEZONE`="Europe/Berlin"
89 89 Set default system timezone. All available timezones can be found in the `/usr/share/zoneinfo/` directory. This setting can also be changed inside the running OS using the `dpkg-reconfigure tzdata` command.
90 90
91 91 ##### `EXPANDROOT`=true
92 92 Expand the root partition and filesystem automatically on first boot.
93 93
94 94 ##### `ENABLE_QEMU`=false
95 95 Generate kernel (`vexpress_defconfig`), file system image (`qcow2`) and DTB files that can be used for QEMU full system emulation (`vexpress-A15`). The output files are stored in the `$(pwd)/images/qemu` directory. You can find more information about running the generated image in the QEMU section of this readme file.
96 96
97 97 ---
98 98
99 99 #### Keyboard settings:
100 100 These options are used to configure keyboard layout in `/etc/default/keyboard` for console and Xorg. These settings can also be changed inside the running OS using the `dpkg-reconfigure keyboard-configuration` command.
101 101
102 102 ##### `XKB_MODEL`=""
103 103 Set the name of the model of your keyboard type.
104 104
105 105 ##### `XKB_LAYOUT`=""
106 106 Set the supported keyboard layout(s).
107 107
108 108 ##### `XKB_VARIANT`=""
109 109 Set the supported variant(s) of the keyboard layout(s).
110 110
111 111 ##### `XKB_OPTIONS`=""
112 112 Set extra xkb configuration options.
113 113
114 114 ---
115 115
116 116 #### Networking settings (DHCP):
117 117 This parameter is used to set up networking auto configuration in `/etc/systemd/network/eth.network`. The default location of network configuration files in the Debian `stretch` release was changed to `/lib/systemd/network`.`
118 118
119 119 ##### `ENABLE_DHCP`=true
120 120 Set the system to use DHCP. This requires an DHCP server.
121 121
122 122 ---
123 123
124 124 #### Networking settings (static):
125 125 These parameters are used to set up a static networking configuration in `/etc/systemd/network/eth.network`. The following static networking parameters are only supported if `ENABLE_DHCP` was set to `false`. The default location of network configuration files in the Debian `stretch` release was changed to `/lib/systemd/network`.
126 126
127 127 ##### `NET_ADDRESS`=""
128 128 Set a static IPv4 or IPv6 address and its prefix, separated by "/", eg. "192.169.0.3/24".
129 129
130 130 ##### `NET_GATEWAY`=""
131 131 Set the IP address for the default gateway.
132 132
133 133 ##### `NET_DNS_1`=""
134 134 Set the IP address for the first DNS server.
135 135
136 136 ##### `NET_DNS_2`=""
137 137 Set the IP address for the second DNS server.
138 138
139 139 ##### `NET_DNS_DOMAINS`=""
140 140 Set the default DNS search domains to use for non fully qualified host names.
141 141
142 142 ##### `NET_NTP_1`=""
143 143 Set the IP address for the first NTP server.
144 144
145 145 ##### `NET_NTP_2`=""
146 146 Set the IP address for the second NTP server.
147 147
148 148 ---
149 149
150 150 #### Basic system features:
151 151 ##### `ENABLE_CONSOLE`=true
152 152 Enable serial console interface. Recommended if no monitor or keyboard is connected to the RPi2/3. In case of problems fe. if the network (auto) configuration failed - the serial console can be used to access the system.
153 153
154 154 ##### `ENABLE_I2C`=false
155 155 Enable I2C interface on the RPi2/3. Please check the [RPi2/3 pinout diagrams](https://elinux.org/RPi_Low-level_peripherals) to connect the right GPIO pins.
156 156
157 157 ##### `ENABLE_SPI`=false
158 158 Enable SPI interface on the RPi2/3. Please check the [RPi2/3 pinout diagrams](https://elinux.org/RPi_Low-level_peripherals) to connect the right GPIO pins.
159 159
160 160 ##### `ENABLE_IPV6`=true
161 161 Enable IPv6 support. The network interface configuration is managed via systemd-networkd.
162 162
163 163 ##### `ENABLE_SSHD`=true
164 164 Install and enable OpenSSH service. The default configuration of the service doesn't allow `root` to login. Please use the user `pi` instead and `su -` or `sudo` to execute commands as root.
165 165
166 166 ##### `ENABLE_NONFREE`=false
167 167 Allow the installation of non-free Debian packages that do not comply with the DFSG. This is required to install closed-source firmware binary blobs.
168 168
169 169 ##### `ENABLE_WIRELESS`=false
170 170 Download and install the [closed-source firmware binary blob](https://github.com/RPi-Distro/firmware-nonfree/raw/master/brcm) that is required to run the internal wireless interface of the Raspberry Pi model `3`. This parameter is ignored if the specified `RPI_MODEL` is not `3`.
171 171
172 172 ##### `ENABLE_RSYSLOG`=true
173 173 If set to false, disable and uninstall rsyslog (so logs will be available only
174 174 in journal files)
175 175
176 176 ##### `ENABLE_SOUND`=true
177 177 Enable sound hardware and install Advanced Linux Sound Architecture.
178 178
179 179 ##### `ENABLE_HWRANDOM`=true
180 180 Enable Hardware Random Number Generator. Strong random numbers are important for most network based communications that use encryption. It's recommended to be enabled.
181 181
182 182 ##### `ENABLE_MINGPU`=false
183 183 Minimize the amount of shared memory reserved for the GPU. It doesn't seem to be possible to fully disable the GPU.
184 184
185 185 ##### `ENABLE_DBUS`=true
186 186 Install and enable D-Bus message bus. Please note that systemd should work without D-bus but it's recommended to be enabled.
187 187
188 188 ##### `ENABLE_XORG`=false
189 189 Install Xorg open-source X Window System.
190 190
191 191 ##### `ENABLE_WM`=""
192 192 Install a user defined window manager for the X Window System. To make sure all X related package dependencies are getting installed `ENABLE_XORG` will automatically get enabled if `ENABLE_WM` is used. The `rpi23-gen-image.sh` script has been tested with the following list of window managers: `blackbox`, `openbox`, `fluxbox`, `jwm`, `dwm`, `xfce4`, `awesome`.
193 193
194 194 ---
195 195
196 196 #### Advanced system features:
197 197 ##### `ENABLE_MINBASE`=false
198 198 Use debootstrap script variant `minbase` which only includes essential packages and apt. This will reduce the disk usage by about 65 MB.
199 199
200 200 ##### `ENABLE_REDUCE`=false
201 201 Reduce the disk space usage by deleting packages and files. See `REDUCE_*` parameters for detailed information.
202 202
203 203 ##### `ENABLE_UBOOT`=false
204 204 Replace the default RPi2/3 second stage bootloader (bootcode.bin) with [U-Boot bootloader](https://git.denx.de/?p=u-boot.git;a=summary). U-Boot can boot images via the network using the BOOTP/TFTP protocol.
205 205
206 206 ##### `UBOOTSRC_DIR`=""
207 207 Path to a directory (`u-boot`) of [U-Boot bootloader sources](https://git.denx.de/?p=u-boot.git;a=summary) that will be copied, configured, build and installed inside the chroot.
208 208
209 209 ##### `ENABLE_FBTURBO`=false
210 210 Install and enable the [hardware accelerated Xorg video driver](https://github.com/ssvb/xf86-video-fbturbo) `fbturbo`. Please note that this driver is currently limited to hardware accelerated window moving and scrolling.
211 211
212 212 ##### `FBTURBOSRC_DIR`=""
213 213 Path to a directory (`xf86-video-fbturbo`) of [hardware accelerated Xorg video driver sources](https://github.com/ssvb/xf86-video-fbturbo) that will be copied, configured, build and installed inside the chroot.
214 214
215 215 ##### `ENABLE_VIDEOCORE`=false
216 216 Install and enable the [Source code for ARM side libraries for interfacing to Raspberry Pi GPU](https://github.com/raspberrypi/userland) `vcgencmd`. Please note that this driver is currently limited to hardware accelerated window moving and scrolling.
217 217
218 218 ##### `VIDEOCORESRC_DIR`=""
219 219 Path to a directory (`userland`) of [Source code for ARM side libraries for interfacing to Raspberry Pi GPU](https://github.com/raspberrypi/userland) that will be copied, configured, build and installed inside the chroot.
220 220
221 221 ##### `ENABLE_IPTABLES`=false
222 222 Enable iptables IPv4/IPv6 firewall. Simplified ruleset: Allow all outgoing connections. Block all incoming connections except to OpenSSH service.
223 223
224 224 ##### `ENABLE_USER`=true
225 225 Create non-root user with password `USER_PASSWORD`=raspberry. Unless overridden with `USER_NAME`=user, username will be `pi`.
226 226
227 227 ##### `USER_NAME`=pi
228 228 Non-root user to create. Ignored if `ENABLE_USER`=false
229 229
230 230 ##### `ENABLE_ROOT`=false
231 231 Set root user password so root login will be enabled
232 232
233 233 ##### `ENABLE_HARDNET`=false
234 234 Enable IPv4/IPv6 network stack hardening settings.
235 235
236 236 ##### `ENABLE_SPLITFS`=false
237 237 Enable having root partition on an USB drive by creating two image files: one for the `/boot/firmware` mount point, and another for `/`.
238 238
239 239 ##### `CHROOT_SCRIPTS`=""
240 240 Path to a directory with scripts that should be run in the chroot before the image is finally built. Every executable file in this directory is run in lexicographical order.
241 241
242 242 ##### `ENABLE_INITRAMFS`=false
243 243 Create an initramfs that that will be loaded during the Linux startup process. `ENABLE_INITRAMFS` will automatically get enabled if `ENABLE_CRYPTFS`=true. This parameter will be ignored if `BUILD_KERNEL`=false.
244 244
245 245 ##### `ENABLE_IFNAMES`=true
246 246 Enable automatic assignment of predictable, stable network interface names for all local Ethernet, WLAN interfaces. This might create complex and long interface names. This parameter is only supported if the Debian releases `stretch` or `buster` are used.
247 247
248 248 ##### `DISABLE_UNDERVOLT_WARNINGS`=
249 249 Disable RPi2/3 under-voltage warnings and overlays. Setting the parameter to `1` will disable the warning overlay. Setting it to `2` will additionally allow RPi2/3 turbo mode when low-voltage is present.
250 250
251 251 ---
252 252
253 253 #### SSH settings:
254 254 ##### `SSH_ENABLE_ROOT`=false
255 255 Enable password root login via SSH. This may be a security risk with default password, use only in trusted environments. `ENABLE_ROOT` must be set to `true`.
256 256
257 257 ##### `SSH_DISABLE_PASSWORD_AUTH`=false
258 258 Disable password based SSH authentication. Only public key based SSH (v2) authentication will be supported.
259 259
260 260 ##### `SSH_LIMIT_USERS`=false
261 261 Limit the users that are allowed to login via SSH. Only allow user `USER_NAME`=pi and root if `SSH_ENABLE_ROOT`=true to login. This parameter will be ignored if `dropbear` SSH is used (`REDUCE_SSHD`=true).
262 262
263 263 ##### `SSH_ROOT_PUB_KEY`=""
264 264 Add SSH (v2) public key(s) from specified file to `authorized_keys` file to enable public key based SSH (v2) authentication of user `root`. The specified file can also contain multiple SSH (v2) public keys. SSH protocol version 1 is not supported. `ENABLE_ROOT` **and** `SSH_ENABLE_ROOT` must be set to `true`.
265 265
266 266 ##### `SSH_USER_PUB_KEY`=""
267 267 Add SSH (v2) public key(s) from specified file to `authorized_keys` file to enable public key based SSH (v2) authentication of user `USER_NAME`=pi. The specified file can also contain multiple SSH (v2) public keys. SSH protocol version 1 is not supported.
268 268
269 269 ---
270 270
271 271 #### Kernel compilation:
272 272 ##### `BUILD_KERNEL`=false
273 273 Build and install the latest RPi2/3 Linux kernel. Currently only the default RPi2/3 kernel configuration is used. `BUILD_KERNEL`=true will automatically be set if the Raspberry Pi model `3` is used.
274 274
275 275 ##### `CROSS_COMPILE`="arm-linux-gnueabihf-"
276 276 This sets the cross compile enviornment for the compiler.
277 277
278 278 ##### `KERNEL_ARCH`="arm"
279 279 This sets the kernel architecture for the compiler.
280 280
281 281 ##### `KERNEL_IMAGE`="kernel7.img"
282 282 Name of the image file in the boot partition. If not set, `KERNEL_IMAGE` will be set to "kernel8.img" automatically if building for arm64.
283 283
284 284 ##### `KERNEL_BRANCH`=""
285 285 Name of the requested branch from the GIT location for the RPi Kernel. Default is using the current default branch from the GIT site.
286 286
287 287 ##### `QEMU_BINARY`="/usr/bin/qemu-arm-static"
288 288 Sets the QEMU enviornment for the Debian archive. If not set, `QEMU_BINARY` will be set to "/usr/bin/qemu-aarch64-static" automatically if building for arm64.
289 289
290 290 ##### `KERNEL_DEFCONFIG`="bcm2709_defconfig"
291 291 Sets the default config for kernel compiling. If not set, `KERNEL_DEFCONFIG` will be set to "bcmrpi3\_defconfig" automatically if building for arm64.
292 292
293 293 ##### `KERNEL_REDUCE`=false
294 294 Reduce the size of the generated kernel by removing unwanted device, network and filesystem drivers (experimental).
295 295
296 296 ##### `KERNEL_THREADS`=1
297 297 Number of parallel kernel building threads. If the parameter is left untouched the script will automatically determine the number of CPU cores to set the number of parallel threads to speed the kernel compilation.
298 298
299 299 ##### `KERNEL_HEADERS`=true
300 300 Install kernel headers with built kernel.
301 301
302 302 ##### `KERNEL_MENUCONFIG`=false
303 303 Start `make menuconfig` interactive menu-driven kernel configuration. The script will continue after `make menuconfig` was terminated.
304 304
305 305 ##### `KERNEL_OLDDEFCONFIG`=false
306 306 Run `make olddefconfig` to automatically set all new kernel configuration options to their recommended default values.
307 307
308 308 ##### `KERNEL_CCACHE`=false
309 309 Compile the kernel using ccache. This speeds up kernel recompilation by caching previous compilations and detecting when the same compilation is being done again.
310 310
311 311 ##### `KERNEL_REMOVESRC`=true
312 312 Remove all kernel sources from the generated OS image after it was built and installed.
313 313
314 314 ##### `KERNELSRC_DIR`=""
315 315 Path to a directory (`linux`) of [RaspberryPi Linux kernel sources](https://github.com/raspberrypi/linux) that will be copied, configured, build and installed inside the chroot.
316 316
317 317 ##### `KERNELSRC_CLEAN`=false
318 318 Clean the existing kernel sources directory `KERNELSRC_DIR` (using `make mrproper`) after it was copied to the chroot and before the compilation of the kernel has started. This parameter will be ignored if no `KERNELSRC_DIR` was specified or if `KERNELSRC_PREBUILT`=true.
319 319
320 320 ##### `KERNELSRC_CONFIG`=true
321 321 Run `make bcm2709_defconfig` (and optional `make menuconfig`) to configure the kernel sources before building. This parameter is automatically set to `true` if no existing kernel sources directory was specified using `KERNELSRC_DIR`. This parameter is ignored if `KERNELSRC_PREBUILT`=true.
322 322
323 323 ##### `KERNELSRC_USRCONFIG`=""
324 324 Copy own config file to kernel `.config`. If `KERNEL_MENUCONFIG`=true then running after copy.
325 325
326 326 ##### `KERNELSRC_PREBUILT`=false
327 327 With this parameter set to true the script expects the existing kernel sources directory to be already successfully cross-compiled. The parameters `KERNELSRC_CLEAN`, `KERNELSRC_CONFIG`, `KERNELSRC_USRCONFIG` and `KERNEL_MENUCONFIG` are ignored and no kernel compilation tasks are performed.
328 328
329 329 ##### `RPI_FIRMWARE_DIR`=""
330 330 The directory (`firmware`) containing a local copy of the firmware from the [RaspberryPi firmware project](https://github.com/raspberrypi/firmware). Default is to download the latest firmware directly from the project.
331 331
332 332 ##### `KERNEL_NF`=false
333 Enable Netfilter modules as kernel modules (systemd compilations about it (File /lib/systemd/system/systemd-journald.server:36 configures an IP firewall (IPAddressDeny=all), but the local system does not support BPF/cgroup based firewalls)
333 Enable Netfilter modules as kernel modules
334 334
335 335 ##### `KERNEL_VIRT`=false
336 336 Enable Kernel KVM support (/dev/kvm)
337 337
338 338 ##### `KERNEL_ZSWAP`=false
339 339 Enable Kernel Zswap support. Best use on high RAM load and mediocre CPU load usecases
340 340
341
342
341 ##### `KERNEL_BPF`=true
342 Allow attaching eBPF programs to a cgroup using the bpf syscall (CONFIG_BPF_SYSCALL CONFIG_CGROUP_BPF) [systemd compilations about it - File /lib/systemd/system/systemd-journald.server:36 configures an IP firewall (IPAddressDeny=all), but the local system does not support BPF/cgroup based firewalls]
343 343
344 344 ---
345 345
346 346 #### Reduce disk usage:
347 347 The following list of parameters is ignored if `ENABLE_REDUCE`=false.
348 348
349 349 ##### `REDUCE_APT`=true
350 350 Configure APT to use compressed package repository lists and no package caching files.
351 351
352 352 ##### `REDUCE_DOC`=true
353 353 Remove all doc files (harsh). Configure APT to not include doc files on future `apt-get` package installations.
354 354
355 355 ##### `REDUCE_MAN`=true
356 356 Remove all man pages and info files (harsh). Configure APT to not include man pages on future `apt-get` package installations.
357 357
358 358 ##### `REDUCE_VIM`=false
359 359 Replace `vim-tiny` package by `levee` a tiny vim clone.
360 360
361 361 ##### `REDUCE_BASH`=false
362 362 Remove `bash` package and switch to `dash` shell (experimental).
363 363
364 364 ##### `REDUCE_HWDB`=true
365 365 Remove PCI related hwdb files (experimental).
366 366
367 367 ##### `REDUCE_SSHD`=true
368 368 Replace `openssh-server` with `dropbear`.
369 369
370 370 ##### `REDUCE_LOCALE`=true
371 371 Remove all `locale` translation files.
372 372
373 373 ---
374 374
375 375 #### Encrypted root partition:
376 376 ##### `ENABLE_CRYPTFS`=false
377 377 Enable full system encryption with dm-crypt. Setup a fully LUKS encrypted root partition (aes-xts-plain64:sha512) and generate required initramfs. The /boot directory will not be encrypted. This parameter will be ignored if `BUILD_KERNEL`=false. `ENABLE_CRYPTFS` is experimental. SSH-to-initramfs is currently not supported but will be soon - feel free to help.
378 378
379 379 ##### `CRYPTFS_PASSWORD`=""
380 380 Set password of the encrypted root partition. This parameter is mandatory if `ENABLE_CRYPTFS`=true.
381 381
382 382 ##### `CRYPTFS_MAPPING`="secure"
383 383 Set name of dm-crypt managed device-mapper mapping.
384 384
385 385 ##### `CRYPTFS_CIPHER`="aes-xts-plain64:sha512"
386 386 Set cipher specification string. `aes-xts*` ciphers are strongly recommended.
387 387
388 388 ##### `CRYPTFS_XTSKEYSIZE`=512
389 389 Sets key size in bits. The argument has to be a multiple of 8.
390 390
391 391 ---
392 392
393 393 #### Build settings:
394 394 ##### `BASEDIR`=$(pwd)/images/${RELEASE}
395 395 Set a path to a working directory used by the script to generate an image.
396 396
397 397 ##### `IMAGE_NAME`=${BASEDIR}/${DATE}-${KERNEL_ARCH}-${KERNEL_BRANCH}-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}
398 398 Set a filename for the output file(s). Note: the script will create $IMAGE_NAME.img if `ENABLE_SPLITFS`=false or $IMAGE_NAME-frmw.img and $IMAGE_NAME-root.img if `ENABLE_SPLITFS`=true. Note 2: If the KERNEL_BRANCH is not set, the word "CURRENT" is used.
399 399
400 400 ## Understanding the script
401 401 The functions of this script that are required for the different stages of the bootstrapping are split up into single files located inside the `bootstrap.d` directory. During the bootstrapping every script in this directory gets executed in lexicographical order:
402 402
403 403 | Script | Description |
404 404 | --- | --- |
405 405 | `10-bootstrap.sh` | Debootstrap basic system |
406 406 | `11-apt.sh` | Setup APT repositories |
407 407 | `12-locale.sh` | Setup Locales and keyboard settings |
408 408 | `13-kernel.sh` | Build and install RPi2/3 Kernel |
409 409 | `14-fstab.sh` | Setup fstab and initramfs |
410 410 | `15-rpi-config.sh` | Setup RPi2/3 config and cmdline |
411 411 | `20-networking.sh` | Setup Networking |
412 412 | `21-firewall.sh` | Setup Firewall |
413 413 | `30-security.sh` | Setup Users and Security settings |
414 414 | `31-logging.sh` | Setup Logging |
415 415 | `32-sshd.sh` | Setup SSH and public keys |
416 416 | `41-uboot.sh` | Build and Setup U-Boot |
417 417 | `42-fbturbo.sh` | Build and Setup fbturbo Xorg driver |
418 418 | `50-firstboot.sh` | First boot actions |
419 419 | `99-reduce.sh` | Reduce the disk space usage |
420 420
421 421 All the required configuration files that will be copied to the generated OS image are located inside the `files` directory. It is not recommended to modify these configuration files manually.
422 422
423 423 | Directory | Description |
424 424 | --- | --- |
425 425 | `apt` | APT management configuration files |
426 426 | `boot` | Boot and RPi2/3 configuration files |
427 427 | `dpkg` | Package Manager configuration |
428 428 | `etc` | Configuration files and rc scripts |
429 429 | `firstboot` | Scripts that get executed on first boot |
430 430 | `initramfs` | Initramfs scripts |
431 431 | `iptables` | Firewall configuration files |
432 432 | `locales` | Locales configuration |
433 433 | `modules` | Kernel Modules configuration |
434 434 | `mount` | Fstab configuration |
435 435 | `network` | Networking configuration files |
436 436 | `sysctl.d` | Swapping and Network Hardening configuration |
437 437 | `xorg` | fbturbo Xorg driver configuration |
438 438
439 439 ## Custom packages and scripts
440 440 Debian custom packages, i.e. those not in the debian repositories, can be installed by placing them in the `packages` directory. They are installed immediately after packages from the repositories are installed. Any dependencies listed in the custom packages will be downloaded automatically from the repositories. Do not list these custom packages in `APT_INCLUDES`.
441 441
442 442 Scripts in the custom.d directory will be executed after all other installation is complete but before the image is created.
443 443
444 444 ## Logging of the bootstrapping process
445 445 All information related to the bootstrapping process and the commands executed by the `rpi23-gen-image.sh` script can easily be saved into a logfile. The common shell command `script` can be used for this purpose:
446 446
447 447 ```shell
448 448 script -c 'APT_SERVER=ftp.de.debian.org ./rpi23-gen-image.sh' ./build.log
449 449 ```
450 450
451 451 ## Flashing the image file
452 452 After the image file was successfully created by the `rpi23-gen-image.sh` script it can be copied to the microSD card that will be used by the RPi2/3 computer. This can be performed by using the tools `bmaptool` or `dd`. Using `bmaptool` will probably speed-up the copy process because `bmaptool` copies more wisely than `dd`.
453 453
454 454 ##### Flashing examples:
455 455 ```shell
456 456 bmaptool copy ./images/jessie/2017-01-23-rpi3-jessie.img /dev/mmcblk0
457 457 dd bs=4M if=./images/jessie/2017-01-23-rpi3-jessie.img of=/dev/mmcblk0
458 458 ```
459 459 If you have set `ENABLE_SPLITFS`, copy the `-frmw` image on the microSD card, then the `-root` one on the USB drive:
460 460 ```shell
461 461 bmaptool copy ./images/jessie/2017-01-23-rpi3-jessie-frmw.img /dev/mmcblk0
462 462 bmaptool copy ./images/jessie/2017-01-23-rpi3-jessie-root.img /dev/sdc
463 463 ```
464 464
465 465 ## QEMU emulation
466 466 Start QEMU full system emulation:
467 467 ```shell
468 468 qemu-system-arm -m 2048M -M vexpress-a15 -cpu cortex-a15 -kernel kernel7.img -no-reboot -dtb vexpress-v2p-ca15_a7.dtb -sd ${IMAGE_NAME}.qcow2 -append "root=/dev/mmcblk0p2 rw rootfstype=ext4 console=tty1"
469 469 ```
470 470
471 471 Start QEMU full system emulation and output to console:
472 472 ```shell
473 473 qemu-system-arm -m 2048M -M vexpress-a15 -cpu cortex-a15 -kernel kernel7.img -no-reboot -dtb vexpress-v2p-ca15_a7.dtb -sd ${IMAGE_NAME}.qcow2 -append "root=/dev/mmcblk0p2 rw rootfstype=ext4 console=ttyAMA0,115200 init=/bin/systemd" -serial stdio
474 474 ```
475 475
476 476 Start QEMU full system emulation with SMP and output to console:
477 477 ```shell
478 478 qemu-system-arm -m 2048M -M vexpress-a15 -cpu cortex-a15 -smp cpus=2,maxcpus=2 -kernel kernel7.img -no-reboot -dtb vexpress-v2p-ca15_a7.dtb -sd ${IMAGE_NAME}.qcow2 -append "root=/dev/mmcblk0p2 rw rootfstype=ext4 console=ttyAMA0,115200 init=/bin/systemd" -serial stdio
479 479 ```
480 480
481 481 Start QEMU full system emulation with cryptfs, initramfs and output to console:
482 482 ```shell
483 483 qemu-system-arm -m 2048M -M vexpress-a15 -cpu cortex-a15 -kernel kernel7.img -no-reboot -dtb vexpress-v2p-ca15_a7.dtb -sd ${IMAGE_NAME}.qcow2 -initrd "initramfs-${KERNEL_VERSION}" -append "root=/dev/mapper/secure cryptdevice=/dev/mmcblk0p2:secure rw rootfstype=ext4 console=ttyAMA0,115200 init=/bin/systemd" -serial stdio
484 484 ```
485 485
486 486 ## Weekly image builds
487 487 The image files are provided by JRWR'S I/O PORT and are built once a Sunday at midnight UTC!
488 488 * [Debian Stretch Raspberry Pi2/3 Weekly Image Builds](https://jrwr.io/doku.php?id=projects:debianpi)
489 489
490 490 ## External links and references
491 491 * [Debian worldwide mirror sites](https://www.debian.org/mirror/list)
492 492 * [Debian Raspberry Pi 2 Wiki](https://wiki.debian.org/RaspberryPi2)
493 493 * [Debian CrossToolchains Wiki](https://wiki.debian.org/CrossToolchains)
494 494 * [Official Raspberry Pi Firmware on github](https://github.com/raspberrypi/firmware)
495 495 * [Official Raspberry Pi Kernel on github](https://github.com/raspberrypi/linux)
496 496 * [U-BOOT git repository](https://git.denx.de/?p=u-boot.git;a=summary)
497 497 * [Xorg DDX driver fbturbo](https://github.com/ssvb/xf86-video-fbturbo)
498 498 * [RPi3 Wireless interface firmware](https://github.com/RPi-Distro/firmware-nonfree/tree/master/brcm80211/brcm)
499 499 * [Collabora RPi2 Kernel precompiled](https://repositories.collabora.co.uk/debian/)
@@ -1,412 +1,419
1 1 #
2 2 # Build and Setup RPi2/3 Kernel
3 3 #
4 4
5 5 # Load utility functions
6 6 . ./functions.sh
7 7
8 8 # Fetch and build latest raspberry kernel
9 9 if [ "$BUILD_KERNEL" = true ] ; then
10 10 # Setup source directory
11 11 mkdir -p "${R}/usr/src/linux"
12 12
13 13 # Copy existing kernel sources into chroot directory
14 14 if [ -n "$KERNELSRC_DIR" ] && [ -d "$KERNELSRC_DIR" ] ; then
15 15 # Copy kernel sources and include hidden files
16 16 cp -r "${KERNELSRC_DIR}/". "${R}/usr/src/linux"
17 17
18 18 # Clean the kernel sources
19 19 if [ "$KERNELSRC_CLEAN" = true ] && [ "$KERNELSRC_PREBUILT" = false ] ; then
20 20 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" mrproper
21 21 fi
22 22 else # KERNELSRC_DIR=""
23 23 # Create temporary directory for kernel sources
24 24 temp_dir=$(as_nobody mktemp -d)
25 25
26 26 # Fetch current RPi2/3 kernel sources
27 27 if [ -z "${KERNEL_BRANCH}" ] ; then
28 28 as_nobody -H git -C "${temp_dir}" clone --depth=1 "${KERNEL_URL}" linux
29 29 else
30 30 as_nobody -H git -C "${temp_dir}" clone --depth=1 --branch "${KERNEL_BRANCH}" "${KERNEL_URL}" linux
31 31 fi
32 32
33 33 # Copy downloaded kernel sources
34 34 cp -r "${temp_dir}/linux/"* "${R}/usr/src/linux/"
35 35
36 36 # Remove temporary directory for kernel sources
37 37 rm -fr "${temp_dir}"
38 38
39 39 # Set permissions of the kernel sources
40 40 chown -R root:root "${R}/usr/src"
41 41 fi
42 42
43 43 # Calculate optimal number of kernel building threads
44 44 if [ "$KERNEL_THREADS" = "1" ] && [ -r /proc/cpuinfo ] ; then
45 45 KERNEL_THREADS=$(grep -c processor /proc/cpuinfo)
46 46 fi
47 47
48 48 # Configure and build kernel
49 49 if [ "$KERNELSRC_PREBUILT" = false ] ; then
50 50 # Remove device, network and filesystem drivers from kernel configuration
51 51 if [ "$KERNEL_REDUCE" = true ] ; then
52 52 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" "${KERNEL_DEFCONFIG}"
53 53 sed -i\
54 54 -e "s/\(^CONFIG_SND.*\=\).*/\1n/"\
55 55 -e "s/\(^CONFIG_SOUND.*\=\).*/\1n/"\
56 56 -e "s/\(^CONFIG_AC97.*\=\).*/\1n/"\
57 57 -e "s/\(^CONFIG_VIDEO_.*\=\).*/\1n/"\
58 58 -e "s/\(^CONFIG_MEDIA_TUNER.*\=\).*/\1n/"\
59 59 -e "s/\(^CONFIG_DVB.*\=\)[ym]/\1n/"\
60 60 -e "s/\(^CONFIG_REISERFS.*\=\).*/\1n/"\
61 61 -e "s/\(^CONFIG_JFS.*\=\).*/\1n/"\
62 62 -e "s/\(^CONFIG_XFS.*\=\).*/\1n/"\
63 63 -e "s/\(^CONFIG_GFS2.*\=\).*/\1n/"\
64 64 -e "s/\(^CONFIG_OCFS2.*\=\).*/\1n/"\
65 65 -e "s/\(^CONFIG_BTRFS.*\=\).*/\1n/"\
66 66 -e "s/\(^CONFIG_HFS.*\=\).*/\1n/"\
67 67 -e "s/\(^CONFIG_JFFS2.*\=\)[ym]/\1n/"\
68 68 -e "s/\(^CONFIG_UBIFS.*\=\).*/\1n/"\
69 69 -e "s/\(^CONFIG_SQUASHFS.*\=\)[ym]/\1n/"\
70 70 -e "s/\(^CONFIG_W1.*\=\)[ym]/\1n/"\
71 71 -e "s/\(^CONFIG_HAMRADIO.*\=\).*/\1n/"\
72 72 -e "s/\(^CONFIG_CAN.*\=\).*/\1n/"\
73 73 -e "s/\(^CONFIG_IRDA.*\=\).*/\1n/"\
74 74 -e "s/\(^CONFIG_BT_.*\=\).*/\1n/"\
75 75 -e "s/\(^CONFIG_WIMAX.*\=\)[ym]/\1n/"\
76 76 -e "s/\(^CONFIG_6LOWPAN.*\=\).*/\1n/"\
77 77 -e "s/\(^CONFIG_IEEE802154.*\=\).*/\1n/"\
78 78 -e "s/\(^CONFIG_NFC.*\=\).*/\1n/"\
79 79 -e "s/\(^CONFIG_FB_TFT=.*\=\).*/\1n/"\
80 80 -e "s/\(^CONFIG_TOUCHSCREEN.*\=\).*/\1n/"\
81 81 -e "s/\(^CONFIG_USB_GSPCA_.*\=\).*/\1n/"\
82 82 -e "s/\(^CONFIG_DRM.*\=\).*/\1n/"\
83 83 "${KERNEL_DIR}/.config"
84 84 fi
85 85
86 86 #Switch to KERNELSRC_DIR
87 87 pushd "${KERNELSRC_DIR}"
88 88
89 89 # GPL v2.0
90 90 #https://github.com/sakaki-/bcmrpi3-kernel-bis/blob/master/conform_config.sh
91 91 if [ "$KERNEL_ZSWAP" = true ] && ( [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ) ; then
92 92 # enable ZSWAP support for better performance during large builds etc.
93 93 # requires activation via kernel parameter or sysfs
94 94 # see e.g. https://askubuntu.com/a/472227 for a summary of ZSWAP (vs ZRAM etc.)
95 95 # and e.g. https://wiki.archlinux.org/index.php/zswap for parameters etc.
96 96
97 97 set_kernel_config ZPOOL y
98 98 set_kernel_config ZSWAP y
99 99 set_kernel_config ZBUD y
100 100 set_kernel_config Z3FOLD y
101 101 set_kernel_config ZSMALLOC y
102 102 set_kernel_config PGTABLE_MAPPING y
103 103 fi
104 104
105 105 if [ "$KERNEL_VIRT" = true ] && ( [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ) ; then
106 106 # enable basic KVM support; see e.g.
107 107 # https://www.raspberrypi.org/forums/viewtopic.php?f=63&t=210546&start=25#p1300453
108 108
109 109 set_kernel_config VIRTUALIZATION y
110 110 set_kernel_config KVM y
111 111 set_kernel_config VHOST_NET m
112 112 set_kernel_config VHOST_CROSS_ENDIAN_LEGACY y
113 113 fi
114
115 if [ "$KERNEL_NF" = true ] && ( [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ) ; then
116 114 #See https://github.com/raspberrypi/linux/issues/2177#issuecomment-354647406
117 115 # Netfilter kernel support
116 if [ "$KERNEL_NF" = true ] && ( [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ) ; then
118 117 # xtables
119 118 set_kernel_config NETFILTER_XTABLES m
120 119 # Netfilter nf_tables support
121 120 set_kernel_config NF_TABLES m
122 121
123 122 set_kernel_config CONFIG_NETFILTER_XTABLES m
124 123 set_kernel_config CONFIG_NF_TABLES_BRIDGE m
125 124
126 125 set_kernel_config CONFIG_NF_NAT_SIP m
127 126 set_kernel_config CONFIG_NF_NAT_TFTP m
128 127 set_kernel_config CONFIG_NF_NAT_REDIRECT m
129 128 set_kernel_config CONFIG_NF_TABLES_INET m
130 129 set_kernel_config CONFIG_NF_TABLES_NETDEV m
131 130 set_kernel_config CONFIG_NF_TABLES_ARP m
132 131 set_kernel_config CONFIG_NF_DUP_IPV4 m
133 132 set_kernel_config CONFIG_NF_LOG_IPV4 m
134 133 set_kernel_config CONFIG_NF_REJECT_IPV4 m
135 134 set_kernel_config CONFIG_NF_NAT_IPV4 m
136 135 set_kernel_config CONFIG_NF_DUP_NETDEV m
137 136 set_kernel_config CONFIG_NF_DEFRAG_IPV4 m
138 137 set_kernel_config CONFIG_NF_CONNTRACK_IPV4 m
139 138 set_kernel_config CONFIG_NF_TABLES_IPV4 m
140 139 set_kernel_config CONFIG_NF_NAT_MASQUERADE_IPV4 m
141 140 set_kernel_config CONFIG_NF_NAT_SNMP_BASIC m
142 141 set_kernel_config CONFIG_NF_NAT_PROTO_GRE m
143 142 set_kernel_config CONFIG_NF_NAT_PPTP m
144 143 set_kernel_config CONFIG_NF_DEFRAG_IPV6 m
145 144 set_kernel_config CONFIG_NF_CONNTRACK_IPV6 m
146 145 set_kernel_config CONFIG_NF_TABLES_IPV6 m
147 146 set_kernel_config CONFIG_NF_DUP_IPV6 m
148 147 set_kernel_config CONFIG_NF_REJECT_IPV6 m
149 148 set_kernel_config CONFIG_NF_LOG_IPV6 m
150 149 set_kernel_config CONFIG_NF_NAT_IPV6 m
151 150 set_kernel_config CONFIG_NF_NAT_MASQUERADE_IPV6 m
152 151
153 152 set_kernel_config CONFIG_NFT_EXTHDR m
154 153 set_kernel_config CONFIG_NFT_META m
155 154 set_kernel_config CONFIG_NFT_NUMGEN m
156 155 set_kernel_config CONFIG_NFT_CT m
157 156 set_kernel_config CONFIG_NFT_SET_RBTREE m
158 157 set_kernel_config CONFIG_NFT_SET_HASH m
159 158 set_kernel_config CONFIG_NFT_COUNTER m
160 159 set_kernel_config CONFIG_NFT_LOG m
161 160 set_kernel_config CONFIG_NFT_LIMIT m
162 161 set_kernel_config CONFIG_NFT_MASQ m
163 162 set_kernel_config CONFIG_NFT_REDIR m
164 163 set_kernel_config CONFIG_NFT_NAT m
165 164 set_kernel_config CONFIG_NFT_QUEUE m
166 165 set_kernel_config CONFIG_NFT_QUOTA m
167 166 set_kernel_config CONFIG_NFT_REJECT m
168 167 set_kernel_config CONFIG_NFT_REJECT_INET m
169 168 set_kernel_config CONFIG_NFT_COMPAT m
170 169 set_kernel_config CONFIG_NFT_HASH m
171 170 set_kernel_config CONFIG_NFT_DUP_NETDEV m
172 171 set_kernel_config CONFIG_NFT_FWD_NETDEV m
173 172 set_kernel_config CONFIG_NFT_CHAIN_ROUTE_IPV4 m
174 173 set_kernel_config CONFIG_NFT_REJECT_IPV4 m
175 174 set_kernel_config CONFIG_NFT_DUP_IPV4 m
176 175 set_kernel_config CONFIG_NFT_CHAIN_NAT_IPV4 m
177 176 set_kernel_config CONFIG_NFT_MASQ_IPV4 m
178 177 set_kernel_config CONFIG_NFT_REDIR_IPV4 m
179 178 set_kernel_config CONFIG_NFT_CHAIN_ROUTE_IPV6 m
180 179 set_kernel_config CONFIG_NFT_REJECT_IPV6 m
181 180 set_kernel_config CONFIG_NFT_DUP_IPV6 m
182 181 set_kernel_config CONFIG_NFT_CHAIN_NAT_IPV6 m
183 182 set_kernel_config CONFIG_NFT_MASQ_IPV6 m
184 183 set_kernel_config CONFIG_NFT_REDIR_IPV6 m
185 184 set_kernel_config CONFIG_NFT_BRIDGE_META m
186 185 set_kernel_config CONFIG_NFT_BRIDGE_REJECT m
187 186
188 187 set_kernel_config CONFIG_IP_SET_BITMAP_IPMAC m
189 188 set_kernel_config CONFIG_IP_SET_BITMAP_PORT m
190 189 set_kernel_config CONFIG_IP_SET_HASH_IP m
191 190 set_kernel_config CONFIG_IP_SET_HASH_IPMARK m
192 191 set_kernel_config CONFIG_IP_SET_HASH_IPPORT m
193 192 set_kernel_config CONFIG_IP_SET_HASH_IPPORTIP m
194 193 set_kernel_config CONFIG_IP_SET_HASH_IPPORTNET m
195 194 set_kernel_config CONFIG_IP_SET_HASH_MAC m
196 195 set_kernel_config CONFIG_IP_SET_HASH_NETPORTNET m
197 196 set_kernel_config CONFIG_IP_SET_HASH_NET m
198 197 set_kernel_config CONFIG_IP_SET_HASH_NETNET m
199 198 set_kernel_config CONFIG_IP_SET_HASH_NETPORT m
200 199 set_kernel_config CONFIG_IP_SET_HASH_NETIFACE m
201 200 set_kernel_config CONFIG_IP_SET_LIST_SET m
202 201
203 202 set_kernel_config CONFIG_IP6_NF_IPTABLES m
204 203 set_kernel_config CONFIG_IP6_NF_MATCH_AH m
205 204 set_kernel_config CONFIG_IP6_NF_MATCH_EUI64 m
206 205 set_kernel_config CONFIG_IP6_NF_NAT m
207 206 set_kernel_config CONFIG_IP6_NF_TARGET_MASQUERADE m
208 207 set_kernel_config CONFIG_IP6_NF_TARGET_NPT m
209 208
210 209 set_kernel_config CONFIG_NF_LOG_BRIDGE m
211 210 set_kernel_config CONFIG_BRIDGE_NF_EBTABLES m
212 211 set_kernel_config CONFIG_BRIDGE_EBT_BROUTE m
213 212 set_kernel_config CONFIG_BRIDGE_EBT_T_FILTER m
214 213 fi
215 214
215 #https://groups.google.com/forum/#!topic/linux.gentoo.user/_2aSc_ztGpA
216 #https://github.com/torvalds/linux/blob/master/init/Kconfig#L848
217 # Enables BPF syscall for systemd-journald
218 if [ "$KERNEL_BPF" = true ] && ( [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ) ; then
219 set_kernel_config CONFIG_BPF_SYSCALL y
220 set_kernel_config CONFIG_CGROUP_BPF y
221 fi
222
216 223 popd
217 224
218 225 if [ "$KERNELSRC_CONFIG" = true ] ; then
219 226 # Load default raspberry kernel configuration
220 227 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" "${KERNEL_DEFCONFIG}"
221 228
222 229 # Set kernel configuration parameters to enable qemu emulation
223 230 if [ "$ENABLE_QEMU" = true ] ; then
224 231 echo "CONFIG_FHANDLE=y" >> "${KERNEL_DIR}"/.config
225 232 echo "CONFIG_LBDAF=y" >> "${KERNEL_DIR}"/.config
226 233
227 234 if [ "$ENABLE_CRYPTFS" = true ] ; then
228 235 {
229 236 echo "CONFIG_EMBEDDED=y"
230 237 echo "CONFIG_EXPERT=y"
231 238 echo "CONFIG_DAX=y"
232 239 echo "CONFIG_MD=y"
233 240 echo "CONFIG_BLK_DEV_MD=y"
234 241 echo "CONFIG_MD_AUTODETECT=y"
235 242 echo "CONFIG_BLK_DEV_DM=y"
236 243 echo "CONFIG_BLK_DEV_DM_BUILTIN=y"
237 244 echo "CONFIG_DM_CRYPT=y"
238 245 echo "CONFIG_CRYPTO_BLKCIPHER=y"
239 246 echo "CONFIG_CRYPTO_CBC=y"
240 247 echo "CONFIG_CRYPTO_XTS=y"
241 248 echo "CONFIG_CRYPTO_SHA512=y"
242 249 echo "CONFIG_CRYPTO_MANAGER=y"
243 250 } >> ${KERNEL_DIR}/.config
244 251 fi
245 252 fi
246 253
247 254 # Copy custom kernel configuration file
248 255 if [ -n "$KERNELSRC_USRCONFIG" ] ; then
249 256 cp "$KERNELSRC_USRCONFIG" "${KERNEL_DIR}"/.config
250 257 fi
251 258
252 259 # Set kernel configuration parameters to their default values
253 260 if [ "$KERNEL_OLDDEFCONFIG" = true ] ; then
254 261 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" olddefconfig
255 262 fi
256 263
257 264 # Start menu-driven kernel configuration (interactive)
258 265 if [ "$KERNEL_MENUCONFIG" = true ] ; then
259 266 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" menuconfig
260 267 fi
261 268 fi
262 269
263 270 # Use ccache to cross compile the kernel
264 271 if [ "$KERNEL_CCACHE" = true ] ; then
265 272 cc="ccache ${CROSS_COMPILE}gcc"
266 273 else
267 274 cc="${CROSS_COMPILE}gcc"
268 275 fi
269 276
270 277 # Cross compile kernel and dtbs
271 278 make -C "${KERNEL_DIR}" -j"${KERNEL_THREADS}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" CC="${cc}" "${KERNEL_BIN_IMAGE}" dtbs
272 279
273 280 # Cross compile kernel modules
274 281 if [ "$(grep "CONFIG_MODULES=y" "${KERNEL_DIR}/.config")" ] ; then
275 282 make -C "${KERNEL_DIR}" -j"${KERNEL_THREADS}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" CC="${cc}" modules
276 283 fi
277 284 fi
278 285
279 286 # Check if kernel compilation was successful
280 287 if [ ! -r "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/${KERNEL_BIN_IMAGE}" ] ; then
281 288 echo "error: kernel compilation failed! (kernel image not found)"
282 289 cleanup
283 290 exit 1
284 291 fi
285 292
286 293 # Install kernel modules
287 294 if [ "$ENABLE_REDUCE" = true ] ; then
288 295 if [ "$(grep "CONFIG_MODULES=y" "${KERNEL_DIR}/.config")" ] ; then
289 296 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_MOD_STRIP=1 INSTALL_MOD_PATH=../../.. modules_install
290 297 fi
291 298 else
292 299 if [ "$(grep "CONFIG_MODULES=y" "${KERNEL_DIR}/.config")" ] ; then
293 300 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_MOD_PATH=../../.. modules_install
294 301 fi
295 302
296 303 # Install kernel firmware
297 304 if [ "$(grep "^firmware_install:" "${KERNEL_DIR}/Makefile")" ] ; then
298 305 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_FW_PATH=../../../lib firmware_install
299 306 fi
300 307 fi
301 308
302 309 # Install kernel headers
303 310 if [ "$KERNEL_HEADERS" = true ] && [ "$KERNEL_REDUCE" = false ] ; then
304 311 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_HDR_PATH=../.. headers_install
305 312 fi
306 313 # make tar.gz kernel package - missing os bzw. modules
307 314 #** ** ** WARNING ** ** **
308 315 #Your architecture did not define any architecture-dependent files
309 316 #to be placed into the tarball. Please add those to ./scripts/package/buildtar .
310 317 # make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" CC="${cc}" targz-pkg
311 318
312 319 # Prepare boot (firmware) directory
313 320 mkdir "${BOOT_DIR}"
314 321
315 322 # Get kernel release version
316 323 KERNEL_VERSION=$(cat "${KERNEL_DIR}/include/config/kernel.release")
317 324
318 325 # Copy kernel configuration file to the boot directory
319 326 install_readonly "${KERNEL_DIR}/.config" "${R}/boot/config-${KERNEL_VERSION}"
320 327
321 328 # Prepare device tree directory
322 329 mkdir "${BOOT_DIR}/overlays"
323 330
324 331 # Ensure the proper .dtb is located
325 332 if [ "$KERNEL_ARCH" = "arm" ] ; then
326 333 for dtb in "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/"*.dtb ; do
327 334 if [ -f "${dtb}" ] ; then
328 335 install_readonly "${dtb}" "${BOOT_DIR}/"
329 336 fi
330 337 done
331 338 else
332 339 for dtb in "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/broadcom/"*.dtb ; do
333 340 if [ -f "${dtb}" ] ; then
334 341 install_readonly "${dtb}" "${BOOT_DIR}/"
335 342 fi
336 343 done
337 344 fi
338 345
339 346 # Copy compiled dtb device tree files
340 347 if [ -d "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays" ] ; then
341 348 for dtb in "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays/"*.dtb ; do
342 349 if [ -f "${dtb}" ] ; then
343 350 install_readonly "${dtb}" "${BOOT_DIR}/overlays/"
344 351 fi
345 352 done
346 353
347 354 if [ -f "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays/README" ] ; then
348 355 install_readonly "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays/README" "${BOOT_DIR}/overlays/README"
349 356 fi
350 357 fi
351 358
352 359 if [ "$ENABLE_UBOOT" = false ] ; then
353 360 # Convert and copy kernel image to the boot directory
354 361 "${KERNEL_DIR}/scripts/mkknlimg" "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/${KERNEL_BIN_IMAGE}" "${BOOT_DIR}/${KERNEL_IMAGE}"
355 362 else
356 363 # Copy kernel image to the boot directory
357 364 install_readonly "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/${KERNEL_BIN_IMAGE}" "${BOOT_DIR}/${KERNEL_IMAGE}"
358 365 fi
359 366
360 367 # Remove kernel sources
361 368 if [ "$KERNEL_REMOVESRC" = true ] ; then
362 369 rm -fr "${KERNEL_DIR}"
363 370 else
364 371 # Prepare compiled kernel modules
365 372 if [ "$(grep "CONFIG_MODULES=y" "${KERNEL_DIR}/.config")" ] ; then
366 373 if [ "$(grep "^modules_prepare:" "${KERNEL_DIR}/Makefile")" ] ; then
367 374 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" modules_prepare
368 375 fi
369 376
370 377 # Create symlinks for kernel modules
371 378 chroot_exec ln -sf /usr/src/linux "/lib/modules/${KERNEL_VERSION}/build"
372 379 chroot_exec ln -sf /usr/src/linux "/lib/modules/${KERNEL_VERSION}/source"
373 380 fi
374 381 fi
375 382
376 383 else # BUILD_KERNEL=false
377 384 # echo " Install precompiled kernel..."
378 385 # echo "error: not implemented"
379 386 if [ "$KERNEL_ARCH" = arm64 ] && ( [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ) ; then
380 387 # Create temporary directory for dl
381 388 temp_dir=$(as_nobody mktemp -d)
382 389
383 390 # Fetch kernel dl
384 391 as_nobody wget -c "$RPI3_64_KERNEL_URL" "${temp_dir}"/kernel.tar.xz
385 392 #extract download
386 393 tar -xJf kernel.tar.xz -C "${R}"
387 394
388 395 # Remove temporary directory for kernel sources
389 396 rm -fr "${temp_dir}"
390 397
391 398 # Set permissions of the kernel sources
392 399 chown -R root:root "${R}/boot"
393 400 chown -R root:root "${R}/lib"
394 401 fi
395 402
396 403 # Check if kernel installation was successful
397 404 KERNEL="$(ls -1 "${R}"/boot/kernel* | sort | tail -n 1)"
398 405 if [ -z "$KERNEL" ] ; then
399 406 echo "error: kernel installation failed! (/boot/kernel* not found)"
400 407 cleanup
401 408 exit 1
402 409 fi
403 410
404 411 if [ "$SET_ARCH" = 64 ] ; then
405 412 echo "Using precompiled arm64 kernel"
406 413 else
407 414 echo "error: no precompiled arm64 (bcmrpi3) kernel found"
408 415 exit 1
409 416 # inset precompiled 64 bit kernel code here
410 417 fi
411 418 #fi build_kernel=true
412 419 fi
@@ -1,829 +1,830
1 1 #!/bin/bash
2 2 ########################################################################
3 3 # rpi23-gen-image.sh 2015-2017
4 4 #
5 5 # Advanced Debian "stretch" and "buster" bootstrap script for RPi2/3
6 6 #
7 7 # This program is free software; you can redistribute it and/or
8 8 # modify it under the terms of the GNU General Public License
9 9 # as published by the Free Software Foundation; either version 2
10 10 # of the License, or (at your option) any later version.
11 11 #
12 12 # Copyright (C) 2015 Jan Wagner <mail@jwagner.eu>
13 13 #
14 14 # Big thanks for patches and enhancements by 20+ github contributors!
15 15 ########################################################################
16 16
17 17 # Are we running as root?
18 18 if [ "$(id -u)" -ne "0" ] ; then
19 19 echo "error: this script must be executed with root privileges!"
20 20 exit 1
21 21 fi
22 22
23 23 # Check if ./functions.sh script exists
24 24 if [ ! -r "./functions.sh" ] ; then
25 25 echo "error: './functions.sh' required script not found!"
26 26 exit 1
27 27 fi
28 28
29 29 # Load utility functions
30 30 . ./functions.sh
31 31
32 32 # Load parameters from configuration template file
33 33 if [ -n "$CONFIG_TEMPLATE" ] ; then
34 34 use_template
35 35 fi
36 36
37 37 # Introduce settings
38 38 set -e
39 39 echo -n -e "\n#\n# RPi2/3 Bootstrap Settings\n#\n"
40 40 set -x
41 41
42 42 # Raspberry Pi model configuration
43 43 export RPI_MODEL=${RPI_MODEL:=2}
44 44
45 45 # Debian release
46 46 export RELEASE=${RELEASE:=buster}
47 47
48 48 #Kernel Branch
49 49 export KERNEL_BRANCH=${KERNEL_BRANCH:=""}
50 50
51 51 # URLs
52 52 KERNEL_URL=${KERNEL_URL:=https://github.com/raspberrypi/linux}
53 53 FIRMWARE_URL=${FIRMWARE_URL:=https://github.com/raspberrypi/firmware/raw/master/boot}
54 54 WLAN_FIRMWARE_URL=${WLAN_FIRMWARE_URL:=https://github.com/RPi-Distro/firmware-nonfree/raw/master/brcm}
55 55 COLLABORA_URL=${COLLABORA_URL:=https://repositories.collabora.co.uk/debian}
56 56 FBTURBO_URL=${FBTURBO_URL:=https://github.com/ssvb/xf86-video-fbturbo.git}
57 57 UBOOT_URL=${UBOOT_URL:=https://git.denx.de/u-boot.git}
58 58 VIDEOCORE_URL=${VIDEOCORE_URL:=https://github.com/raspberrypi/userland}
59 59 #BIS= Kernel has KVM and zswap enabled
60 60 RPI3_64_BIS_KERNEL_URL=${RPI3_64_BIS_KERNEL_URL:=https://github.com/sakaki-/bcmrpi3-kernel-bis/releases/download/4.14.80.20181113/bcmrpi3-kernel-bis-4.14.80.20181113.tar.xz}
61 61 #default bcmrpi3_defconfig target kernel
62 62 RPI3_64_DEF_KERNEL_URL=${RPI3_64_DEF_KERNEL_URL:=https://github.com/sakaki-/bcmrpi3-kernel/releases/download/4.14.80.20181113/bcmrpi3-kernel-4.14.80.20181113.tar.xz}
63 63 #enhanced kernel
64 64 RPI3_64_KERNEL_URL=${RPI3_64_KERNEL_URL:=$RPI3_64_BIS_KERNEL_URL}
65 65 #https://aur.archlinux.org/packages/pi-bluetooth/
66 66 BLUETOOTH_URL=${BLUETOOTH_URL:=https://aur.archlinux.org/pi-bluetooth.git}
67 67
68 68 # Build directories
69 69 BASEDIR=${BASEDIR:=$(pwd)/images/${RELEASE}}
70 70 BUILDDIR="${BASEDIR}/build"
71 71
72 72 # Prepare date string for default image file name
73 73 DATE="$(date +%Y-%m-%d)"
74 74 if [ -z "$KERNEL_BRANCH" ] ; then
75 75 IMAGE_NAME=${IMAGE_NAME:=${BASEDIR}/${DATE}-${KERNEL_ARCH}-CURRENT-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}}
76 76 else
77 77 IMAGE_NAME=${IMAGE_NAME:=${BASEDIR}/${DATE}-${KERNEL_ARCH}-${KERNEL_BRANCH}-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}}
78 78 fi
79 79
80 80 # Chroot directories
81 81 R="${BUILDDIR}/chroot"
82 82 ETC_DIR="${R}/etc"
83 83 LIB_DIR="${R}/lib"
84 84 BOOT_DIR="${R}/boot/firmware"
85 85 KERNEL_DIR="${R}/usr/src/linux"
86 86 WLAN_FIRMWARE_DIR="${R}/lib/firmware/brcm"
87 87
88 88 # Firmware directory: Blank if download from github
89 89 RPI_FIRMWARE_DIR=${RPI_FIRMWARE_DIR:=""}
90 90 # General settings
91 91 SET_ARCH=${SET_ARCH:=32}
92 92 HOSTNAME=${HOSTNAME:=rpi${RPI_MODEL}-${RELEASE}}
93 93 PASSWORD=${PASSWORD:=raspberry}
94 94 USER_PASSWORD=${USER_PASSWORD:=raspberry}
95 95 DEFLOCAL=${DEFLOCAL:="en_US.UTF-8"}
96 96 TIMEZONE=${TIMEZONE:="Europe/Berlin"}
97 97 EXPANDROOT=${EXPANDROOT:=true}
98 98
99 99 # Keyboard settings
100 100 XKB_MODEL=${XKB_MODEL:=""}
101 101 XKB_LAYOUT=${XKB_LAYOUT:=""}
102 102 XKB_VARIANT=${XKB_VARIANT:=""}
103 103 XKB_OPTIONS=${XKB_OPTIONS:=""}
104 104
105 105 # Network settings (DHCP)
106 106 ENABLE_DHCP=${ENABLE_DHCP:=true}
107 107
108 108 # Network settings (static)
109 109 NET_ADDRESS=${NET_ADDRESS:=""}
110 110 NET_GATEWAY=${NET_GATEWAY:=""}
111 111 NET_DNS_1=${NET_DNS_1:=""}
112 112 NET_DNS_2=${NET_DNS_2:=""}
113 113 NET_DNS_DOMAINS=${NET_DNS_DOMAINS:=""}
114 114 NET_NTP_1=${NET_NTP_1:=""}
115 115 NET_NTP_2=${NET_NTP_2:=""}
116 116
117 117 # APT settings
118 118 APT_PROXY=${APT_PROXY:=""}
119 119 APT_SERVER=${APT_SERVER:="ftp.debian.org"}
120 120
121 121 # Feature settings
122 122 ENABLE_CONSOLE=${ENABLE_CONSOLE:=true}
123 123 ENABLE_I2C=${ENABLE_I2C:=false}
124 124 ENABLE_SPI=${ENABLE_SPI:=false}
125 125 ENABLE_IPV6=${ENABLE_IPV6:=true}
126 126 ENABLE_SSHD=${ENABLE_SSHD:=true}
127 127 ENABLE_NONFREE=${ENABLE_NONFREE:=false}
128 128 ENABLE_WIRELESS=${ENABLE_WIRELESS:=false}
129 129 ENABLE_SOUND=${ENABLE_SOUND:=true}
130 130 ENABLE_DBUS=${ENABLE_DBUS:=true}
131 131 ENABLE_HWRANDOM=${ENABLE_HWRANDOM:=true}
132 132 ENABLE_MINGPU=${ENABLE_MINGPU:=false}
133 133 ENABLE_XORG=${ENABLE_XORG:=false}
134 134 ENABLE_WM=${ENABLE_WM:=""}
135 135 ENABLE_RSYSLOG=${ENABLE_RSYSLOG:=true}
136 136 ENABLE_USER=${ENABLE_USER:=true}
137 137 USER_NAME=${USER_NAME:="pi"}
138 138 ENABLE_ROOT=${ENABLE_ROOT:=false}
139 139 ENABLE_QEMU=${ENABLE_QEMU:=false}
140 140 ENABLE_SYSVINIT=${ENABLE_SYSVINIT:=false}
141 141
142 142 # SSH settings
143 143 SSH_ENABLE_ROOT=${SSH_ENABLE_ROOT:=false}
144 144 SSH_DISABLE_PASSWORD_AUTH=${SSH_DISABLE_PASSWORD_AUTH:=false}
145 145 SSH_LIMIT_USERS=${SSH_LIMIT_USERS:=false}
146 146 SSH_ROOT_PUB_KEY=${SSH_ROOT_PUB_KEY:=""}
147 147 SSH_USER_PUB_KEY=${SSH_USER_PUB_KEY:=""}
148 148
149 149 # Advanced settings
150 150 ENABLE_MINBASE=${ENABLE_MINBASE:=false}
151 151 ENABLE_REDUCE=${ENABLE_REDUCE:=false}
152 152 ENABLE_UBOOT=${ENABLE_UBOOT:=false}
153 153 UBOOTSRC_DIR=${UBOOTSRC_DIR:=""}
154 154 ENABLE_UBOOTUSB=${ENABLE_UBOOTUSB=false}
155 155 ENABLE_FBTURBO=${ENABLE_FBTURBO:=false}
156 156 ENABLE_VIDEOCORE=${ENABLE_VIDEOCORE:=true}
157 157 VIDEOCORESRC_DIR=${VIDEOCORESRC_DIR:=""}
158 158 FBTURBOSRC_DIR=${FBTURBOSRC_DIR:=""}
159 159 ENABLE_HARDNET=${ENABLE_HARDNET:=false}
160 160 ENABLE_IPTABLES=${ENABLE_IPTABLES:=false}
161 161 ENABLE_SPLITFS=${ENABLE_SPLITFS:=false}
162 162 ENABLE_INITRAMFS=${ENABLE_INITRAMFS:=false}
163 163 ENABLE_IFNAMES=${ENABLE_IFNAMES:=true}
164 164 DISABLE_UNDERVOLT_WARNINGS=${DISABLE_UNDERVOLT_WARNINGS:=}
165 165
166 166 # Kernel compilation settings
167 167 BUILD_KERNEL=${BUILD_KERNEL:=true}
168 168 KERNEL_REDUCE=${KERNEL_REDUCE:=false}
169 169 KERNEL_THREADS=${KERNEL_THREADS:=1}
170 170 KERNEL_HEADERS=${KERNEL_HEADERS:=true}
171 171 KERNEL_MENUCONFIG=${KERNEL_MENUCONFIG:=false}
172 172 KERNEL_REMOVESRC=${KERNEL_REMOVESRC:=true}
173 173 KERNEL_OLDDEFCONFIG=${KERNEL_OLDDEFCONFIG:=false}
174 174 KERNEL_CCACHE=${KERNEL_CCACHE:=false}
175 KERNEL_ZSWAP=${KERNEL_ZSWAP:=true}
176 KERNEL_VIRT=${KERNEL_VIRT:=true}
175 KERNEL_ZSWAP=${KERNEL_ZSWAP:=false}
176 KERNEL_VIRT=${KERNEL_VIRT:=false}
177 KERNEL_BPF${KERNEL_BPF:=true}
177 178
178 179 # Kernel compilation from source directory settings
179 180 KERNELSRC_DIR=${KERNELSRC_DIR:=""}
180 181 KERNELSRC_CLEAN=${KERNELSRC_CLEAN:=false}
181 182 KERNELSRC_CONFIG=${KERNELSRC_CONFIG:=true}
182 183 KERNELSRC_PREBUILT=${KERNELSRC_PREBUILT:=false}
183 184
184 185 # Reduce disk usage settings
185 186 REDUCE_APT=${REDUCE_APT:=true}
186 187 REDUCE_DOC=${REDUCE_DOC:=true}
187 188 REDUCE_MAN=${REDUCE_MAN:=true}
188 189 REDUCE_VIM=${REDUCE_VIM:=false}
189 190 REDUCE_BASH=${REDUCE_BASH:=false}
190 191 REDUCE_HWDB=${REDUCE_HWDB:=true}
191 192 REDUCE_SSHD=${REDUCE_SSHD:=true}
192 193 REDUCE_LOCALE=${REDUCE_LOCALE:=true}
193 194
194 195 # Encrypted filesystem settings
195 196 ENABLE_CRYPTFS=${ENABLE_CRYPTFS:=false}
196 197 CRYPTFS_PASSWORD=${CRYPTFS_PASSWORD:=""}
197 198 CRYPTFS_MAPPING=${CRYPTFS_MAPPING:="secure"}
198 199 CRYPTFS_CIPHER=${CRYPTFS_CIPHER:="aes-xts-plain64:sha512"}
199 200 CRYPTFS_XTSKEYSIZE=${CRYPTFS_XTSKEYSIZE:=512}
200 201
201 202 # Chroot scripts directory
202 203 CHROOT_SCRIPTS=${CHROOT_SCRIPTS:=""}
203 204
204 205 # Packages required in the chroot build environment
205 206 APT_INCLUDES=${APT_INCLUDES:=""}
206 207 APT_INCLUDES="${APT_INCLUDES},apt-transport-https,apt-utils,ca-certificates,debian-archive-keyring,dialog,sudo,systemd,sysvinit-utils,locales,keyboard-configuration,console-setup"
207 208
208 209 #Packages to exclude from chroot build environment
209 210 APT_EXCLUDES=${APT_EXCLUDES:=""}
210 211
211 212 # Packages required for bootstrapping
212 213 REQUIRED_PACKAGES="debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git bc psmisc dbus sudo netselect-apt"
213 214 MISSING_PACKAGES=""
214 215
215 216 # Packages installed for c/c++ build environment in chroot (keep empty)
216 217 COMPILER_PACKAGES=""
217 218
218 219 #If init and systemd-sysv are wanted e.g. halt/reboot/shutdown scripts
219 220 if [ "$ENABLE_SYSVINIT" = false ] ; then
220 221 APT_EXCLUDES="--exclude=${APT_EXCLUDES},init,systemd-sysv"
221 222 fi
222 223
223 224 #Check if apt-cacher-ng has its default port open on and set APT_PROXY
224 225 if [ -n "$(lsof -i :3142)" ] ; then
225 226 HTTP_PROXY=http://127.0.0.1:3142/
226 227 fi
227 228
228 229 #ipinfo=$(curl ipinfo.io | grep country )
229 230 #grep -o '\"[^"]*\"' $ipinfo | tr -d '"'
230 231 #grep -Po '"country":.*?[^\\]",' $(curl ipinfo.io | grep country )
231 232 #sed -i "s,http:,https:,g" "${ETC_DIR}/apt/sources.list"
232 233 #autconfigure best apt server to not spam ftp.debian.org
233 234 #rm files/apt/sources.list
234 235 #netselect-apt does not know buster yet
235 236 if [ "$RELEASE" = "buster" ] ; then
236 237 RLS=testing
237 238 else
238 239 RLS="$RELEASE"
239 240 fi
240 241
241 242 if [ -f "$(pwd)/files/apt/sources.list" ] ; then
242 243 rm "$(pwd)/files/apt/sources.list"
243 244 fi
244 245
245 246 if [ "$ENABLE_NONFREE" = true ] ; then
246 247 netselect-apt --arch "$RELEASE_ARCH" --tests 10 --sources --nonfree --outfile "$(pwd)/files/apt/sources.list" -d "$RLS"
247 248 else
248 249 netselect-apt --arch "$RELEASE_ARCH" --tests 10 --sources --outfile "$(pwd)/files/apt/sources.list" -d "$RLS"
249 250 fi
250 251
251 252 #sed and cut the result string so we can use it as APT_SERVER
252 253 APT_SERVER=$(grep -m 1 http files/apt/sources.list | sed "s|http://| |g" | cut -d ' ' -f 3)
253 254 APT_SERVER=${APT_SERVER::-1}
254 255
255 256 #make script easier and more stable to use with convenient setup switch. Just setup SET_ARCH and RPI_MODEL and your good to go!
256 257 if [ -n "$SET_ARCH" ] ; then
257 258 echo "Setting Architecture specific settings"
258 259 ##################################
259 260 # 64 bit config
260 261 ##################################
261 262 if [ "$SET_ARCH" = 64 ] ; then
262 263 echo "64 bit mode selected - Setting up enviroment"
263 264 # 64 bit depended settings
264 265 QEMU_BINARY=${QEMU_BINARY:=/usr/bin/qemu-aarch64-static}
265 266 KERNEL_ARCH=${KERNEL_ARCH:=arm64}
266 267 KERNEL_BIN_IMAGE=${KERNEL_BIN_IMAGE:="Image"}
267 268
268 269 if [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then
269 270 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-arm64"
270 271 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcmrpi3_defconfig}
271 272 RELEASE_ARCH=${RELEASE_ARCH:=arm64}
272 273 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel8.img}
273 274 CROSS_COMPILE=${CROSS_COMPILE:=aarch64-linux-gnu-}
274 275 else
275 276 echo "error: Only Raspberry PI 3 and 3B+ support 64bit"
276 277 exit 1
277 278 fi
278 279 fi
279 280
280 281 ##################################
281 282 # 32 bit config
282 283 ##################################
283 284 if [ "$SET_ARCH" = 32 ] ; then
284 285 echo "32 bit mode selected - Setting up enviroment"
285 286 #General 32bit configuration
286 287 QEMU_BINARY=${QEMU_BINARY:=/usr/bin/qemu-arm-static}
287 288 KERNEL_ARCH=${KERNEL_ARCH:=arm}
288 289 KERNEL_BIN_IMAGE=${KERNEL_BIN_IMAGE:="zImage"}
289 290
290 291 #Raspberry setting grouped by board compability
291 292 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 1 ] || [ "$RPI_MODEL" = 1P ] ; then
292 293 echo "Setting settings for bcm2835 Raspberry PI boards"
293 294 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-armel"
294 295 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcmrpi_defconfig}
295 296 RELEASE_ARCH=${RELEASE_ARCH:=armel}
296 297 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel.img}
297 298 CROSS_COMPILE=${CROSS_COMPILE:=arm-linux-gnueabi-}
298 299 fi
299 300 if [ "$RPI_MODEL" = 2 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then
300 301 echo "Setting settings for bcm2837 Raspberry PI boards"
301 302 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-armhf"
302 303 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcm2709_defconfig}
303 304 RELEASE_ARCH=${RELEASE_ARCH:=armhf}
304 305 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel7.img}
305 306 CROSS_COMPILE=${CROSS_COMPILE:=arm-linux-gnueabihf-}
306 307 fi
307 308 fi
308 309 #SET_ARCH not set
309 310 else
310 311 echo "error: Please set '32' or '64' as value for SET_ARCH"
311 312 exit 1
312 313 fi
313 314
314 315 #Device specific configuration
315 316 echo "Select DTB-File"
316 317 case "$RPI_MODEL" in
317 318 0)
318 319 DTB_FILE=${DTB_FILE:=bcm2708-rpi-0-w.dtb}
319 320 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_defconfig}
320 321 ;;
321 322 1)
322 323 DTB_FILE=${DTB_FILE:=bcm2708-rpi-b.dtb}
323 324 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_defconfig}
324 325 ;;
325 326 1P)
326 327 DTB_FILE=${DTB_FILE:=bcm2708-rpi-b-plus.dtb}
327 328 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_defconfig}
328 329 ;;
329 330 2)
330 331 DTB_FILE=${DTB_FILE:=bcm2709-rpi-2-b.dtb}
331 332 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_2_defconfig}
332 333 ;;
333 334 3)
334 335 DTB_FILE=${DTB_FILE:=bcm2710-rpi-3-b.dtb}
335 336 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_3_defconfig}
336 337 ;;
337 338 3P)
338 339 DTB_FILE=${DTB_FILE:=bcm2710-rpi-3-b.dtb}
339 340 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_3_defconfig}
340 341 ;;
341 342 *)
342 343 echo "error: Raspberry Pi model $RPI_MODEL is not supported!"
343 344 exit 1
344 345 ;;
345 346 esac
346 347 echo "$DTB_FILE selected"
347 348
348 349 #DEBUG off
349 350 set +x
350 351
351 352 # Check if the internal wireless interface is supported by the RPi model
352 353 if [ "$ENABLE_WIRELESS" = true ] ; then
353 354 if [ "$RPI_MODEL" = 1 ] || [ "$RPI_MODEL" = 1P ] || [ "$RPI_MODEL" = 2 ] ; then
354 355 echo "error: The selected Raspberry Pi model has no internal wireless interface"
355 356 exit 1
356 357 else
357 358 echo "Raspberry Pi $RPI_MODEL has WIFI support"
358 359 fi
359 360 fi
360 361
361 362 # Check if DISABLE_UNDERVOLT_WARNINGS parameter value is supported
362 363 if [ -n "$DISABLE_UNDERVOLT_WARNINGS" ] ; then
363 364 if [ "$DISABLE_UNDERVOLT_WARNINGS" != 1 ] && [ "$DISABLE_UNDERVOLT_WARNINGS" != 2 ] ; then
364 365 echo "error: DISABLE_UNDERVOLT_WARNINGS=${DISABLE_UNDERVOLT_WARNINGS} is not supported"
365 366 exit 1
366 367 fi
367 368 fi
368 369
369 370 if [ "$ENABLE_VIDEOCORE" = true ] ; then
370 371 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} cmake"
371 372 fi
372 373
373 374 # Add libncurses5 to enable kernel menuconfig
374 375 if [ "$KERNEL_MENUCONFIG" = true ] ; then
375 376 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} libncurses-dev"
376 377 fi
377 378
378 379 # Add ccache compiler cache for (faster) kernel cross (re)compilation
379 380 if [ "$KERNEL_CCACHE" = true ] ; then
380 381 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} ccache"
381 382 fi
382 383
383 384 # Add cryptsetup package to enable filesystem encryption
384 385 if [ "$ENABLE_CRYPTFS" = true ] && [ "$BUILD_KERNEL" = true ] ; then
385 386 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} cryptsetup"
386 387 APT_INCLUDES="${APT_INCLUDES},cryptsetup,busybox,console-setup"
387 388
388 389 if [ -z "$CRYPTFS_PASSWORD" ] ; then
389 390 echo "error: no password defined (CRYPTFS_PASSWORD)!"
390 391 exit 1
391 392 fi
392 393 ENABLE_INITRAMFS=true
393 394 fi
394 395
395 396 # Add initramfs generation tools
396 397 if [ "$ENABLE_INITRAMFS" = true ] && [ "$BUILD_KERNEL" = true ] ; then
397 398 APT_INCLUDES="${APT_INCLUDES},initramfs-tools"
398 399 fi
399 400
400 401 # Add device-tree-compiler required for building the U-Boot bootloader
401 402 if [ "$ENABLE_UBOOT" = true ] ; then
402 403 APT_INCLUDES="${APT_INCLUDES},device-tree-compiler,bison,flex,bc"
403 404 else
404 405 if [ "$ENABLE_UBOOTUSB" = true ] ; then
405 406 echo "error: Enabling UBOOTUSB requires u-boot to be enabled"
406 407 exit 1
407 408 fi
408 409 fi
409 410
410 411 # Check if root SSH (v2) public key file exists
411 412 if [ -n "$SSH_ROOT_PUB_KEY" ] ; then
412 413 if [ ! -f "$SSH_ROOT_PUB_KEY" ] ; then
413 414 echo "error: '$SSH_ROOT_PUB_KEY' specified SSH public key file not found (SSH_ROOT_PUB_KEY)!"
414 415 exit 1
415 416 fi
416 417 fi
417 418
418 419 # Check if $USER_NAME SSH (v2) public key file exists
419 420 if [ -n "$SSH_USER_PUB_KEY" ] ; then
420 421 if [ ! -f "$SSH_USER_PUB_KEY" ] ; then
421 422 echo "error: '$SSH_USER_PUB_KEY' specified SSH public key file not found (SSH_USER_PUB_KEY)!"
422 423 exit 1
423 424 fi
424 425 fi
425 426
426 427 # Check if all required packages are installed on the build system
427 428 for package in $REQUIRED_PACKAGES ; do
428 429 if [ "$(dpkg-query -W -f='${Status}' $package)" != "install ok installed" ] ; then
429 430 MISSING_PACKAGES="${MISSING_PACKAGES} $package"
430 431 fi
431 432 done
432 433
433 434 # If there are missing packages ask confirmation for install, or exit
434 435 if [ -n "$MISSING_PACKAGES" ] ; then
435 436 echo "the following packages needed by this script are not installed:"
436 437 echo "$MISSING_PACKAGES"
437 438
438 439 printf "\ndo you want to install the missing packages right now? [y/n] "
439 440 read -r confirm
440 441 [ "$confirm" != "y" ] && exit 1
441 442
442 443 # Make sure all missing required packages are installed
443 444 apt-get -qq -y install "${MISSING_PACKAGES}"
444 445 fi
445 446
446 447 # Check if ./bootstrap.d directory exists
447 448 if [ ! -d "./bootstrap.d/" ] ; then
448 449 echo "error: './bootstrap.d' required directory not found!"
449 450 exit 1
450 451 fi
451 452
452 453 # Check if ./files directory exists
453 454 if [ ! -d "./files/" ] ; then
454 455 echo "error: './files' required directory not found!"
455 456 exit 1
456 457 fi
457 458
458 459 # Check if specified KERNELSRC_DIR directory exists
459 460 if [ -n "$KERNELSRC_DIR" ] && [ ! -d "$KERNELSRC_DIR" ] ; then
460 461 echo "error: '${KERNELSRC_DIR}' specified directory not found (KERNELSRC_DIR)!"
461 462 exit 1
462 463 fi
463 464
464 465 # Check if specified UBOOTSRC_DIR directory exists
465 466 if [ -n "$UBOOTSRC_DIR" ] && [ ! -d "$UBOOTSRC_DIR" ] ; then
466 467 echo "error: '${UBOOTSRC_DIR}' specified directory not found (UBOOTSRC_DIR)!"
467 468 exit 1
468 469 fi
469 470
470 471 # Check if specified VIDEOCORESRC_DIR directory exists
471 472 if [ -n "$VIDEOCORESRC_DIR" ] && [ ! -d "$VIDEOCORESRC_DIR" ] ; then
472 473 echo "error: '${VIDEOCORESRC_DIR}' specified directory not found (VIDEOCORESRC_DIR)!"
473 474 exit 1
474 475 fi
475 476
476 477 # Check if specified FBTURBOSRC_DIR directory exists
477 478 if [ -n "$FBTURBOSRC_DIR" ] && [ ! -d "$FBTURBOSRC_DIR" ] ; then
478 479 echo "error: '${FBTURBOSRC_DIR}' specified directory not found (FBTURBOSRC_DIR)!"
479 480 exit 1
480 481 fi
481 482
482 483 # Check if specified CHROOT_SCRIPTS directory exists
483 484 if [ -n "$CHROOT_SCRIPTS" ] && [ ! -d "$CHROOT_SCRIPTS" ] ; then
484 485 echo "error: ${CHROOT_SCRIPTS} specified directory not found (CHROOT_SCRIPTS)!"
485 486 exit 1
486 487 fi
487 488
488 489 # Check if specified device mapping already exists (will be used by cryptsetup)
489 490 if [ -r "/dev/mapping/${CRYPTFS_MAPPING}" ] ; then
490 491 echo "error: mapping /dev/mapping/${CRYPTFS_MAPPING} already exists, not proceeding"
491 492 exit 1
492 493 fi
493 494
494 495 # Don't clobber an old build
495 496 if [ -e "$BUILDDIR" ] ; then
496 497 echo "error: directory ${BUILDDIR} already exists, not proceeding"
497 498 exit 1
498 499 fi
499 500
500 501 # Setup chroot directory
501 502 mkdir -p "${R}"
502 503
503 504 # Check if build directory has enough of free disk space >512MB
504 505 if [ "$(df --output=avail "${BUILDDIR}" | sed "1d")" -le "524288" ] ; then
505 506 echo "error: ${BUILDDIR} not enough space left to generate the output image!"
506 507 exit 1
507 508 fi
508 509
509 510 set -x
510 511
511 512 # Call "cleanup" function on various signals and errors
512 513 trap cleanup 0 1 2 3 6
513 514
514 515 # Add required packages for the minbase installation
515 516 if [ "$ENABLE_MINBASE" = true ] ; then
516 517 APT_INCLUDES="${APT_INCLUDES},vim-tiny,netbase,net-tools,ifupdown"
517 518 fi
518 519
519 520 # Add parted package, required to get partprobe utility
520 521 if [ "$EXPANDROOT" = true ] ; then
521 522 APT_INCLUDES="${APT_INCLUDES},parted"
522 523 fi
523 524
524 525 # Add dbus package, recommended if using systemd
525 526 if [ "$ENABLE_DBUS" = true ] ; then
526 527 APT_INCLUDES="${APT_INCLUDES},dbus"
527 528 fi
528 529
529 530 # Add iptables IPv4/IPv6 package
530 531 if [ "$ENABLE_IPTABLES" = true ] ; then
531 532 APT_INCLUDES="${APT_INCLUDES},iptables,iptables-persistent"
532 533 fi
533 534
534 535 # Add openssh server package
535 536 if [ "$ENABLE_SSHD" = true ] ; then
536 537 APT_INCLUDES="${APT_INCLUDES},openssh-server"
537 538 fi
538 539
539 540 # Add alsa-utils package
540 541 if [ "$ENABLE_SOUND" = true ] ; then
541 542 APT_INCLUDES="${APT_INCLUDES},alsa-utils"
542 543 fi
543 544
544 545 # Add rng-tools package
545 546 if [ "$ENABLE_HWRANDOM" = true ] ; then
546 547 APT_INCLUDES="${APT_INCLUDES},rng-tools"
547 548 fi
548 549
549 550 # Add fbturbo video driver
550 551 if [ "$ENABLE_FBTURBO" = true ] ; then
551 552 # Enable xorg package dependencies
552 553 ENABLE_XORG=true
553 554 fi
554 555
555 556 # Add user defined window manager package
556 557 if [ -n "$ENABLE_WM" ] ; then
557 558 APT_INCLUDES="${APT_INCLUDES},${ENABLE_WM}"
558 559
559 560 # Enable xorg package dependencies
560 561 ENABLE_XORG=true
561 562 fi
562 563
563 564 # Add xorg package
564 565 if [ "$ENABLE_XORG" = true ] ; then
565 566 APT_INCLUDES="${APT_INCLUDES},xorg,dbus-x11"
566 567 fi
567 568
568 569 # Replace selected packages with smaller clones
569 570 if [ "$ENABLE_REDUCE" = true ] ; then
570 571 # Add levee package instead of vim-tiny
571 572 if [ "$REDUCE_VIM" = true ] ; then
572 573 APT_INCLUDES="$(echo ${APT_INCLUDES} | sed "s/vim-tiny/levee/")"
573 574 fi
574 575
575 576 # Add dropbear package instead of openssh-server
576 577 if [ "$REDUCE_SSHD" = true ] ; then
577 578 APT_INCLUDES="$(echo "${APT_INCLUDES}" | sed "s/openssh-server/dropbear/")"
578 579 fi
579 580 fi
580 581
581 582 # Configure kernel sources if no KERNELSRC_DIR
582 583 if [ "$BUILD_KERNEL" = true ] && [ -z "$KERNELSRC_DIR" ] ; then
583 584 KERNELSRC_CONFIG=true
584 585 fi
585 586
586 587 # Configure reduced kernel
587 588 if [ "$KERNEL_REDUCE" = true ] ; then
588 589 KERNELSRC_CONFIG=false
589 590 fi
590 591
591 592 # Configure qemu compatible kernel
592 593 if [ "$ENABLE_QEMU" = true ] ; then
593 594 DTB_FILE=vexpress-v2p-ca15_a7.dtb
594 595 UBOOT_CONFIG=vexpress_ca15_tc2_defconfig
595 596 KERNEL_DEFCONFIG="vexpress_defconfig"
596 597 if [ "$KERNEL_MENUCONFIG" = false ] ; then
597 598 KERNEL_OLDDEFCONFIG=true
598 599 fi
599 600 fi
600 601
601 602 # Execute bootstrap scripts
602 603 for SCRIPT in bootstrap.d/*.sh; do
603 604 head -n 3 "$SCRIPT"
604 605 . "$SCRIPT"
605 606 done
606 607
607 608 ## Execute custom bootstrap scripts
608 609 if [ -d "custom.d" ] ; then
609 610 for SCRIPT in custom.d/*.sh; do
610 611 . "$SCRIPT"
611 612 done
612 613 fi
613 614
614 615 # Execute custom scripts inside the chroot
615 616 if [ -n "$CHROOT_SCRIPTS" ] && [ -d "$CHROOT_SCRIPTS" ] ; then
616 617 cp -r "${CHROOT_SCRIPTS}" "${R}/chroot_scripts"
617 618 chroot_exec /bin/bash -x <<'EOF'
618 619 for SCRIPT in /chroot_scripts/* ; do
619 620 if [ -f $SCRIPT -a -x $SCRIPT ] ; then
620 621 $SCRIPT
621 622 fi
622 623 done
623 624 EOF
624 625 rm -rf "${R}/chroot_scripts"
625 626 fi
626 627
627 628 # Remove c/c++ build environment from the chroot
628 629 chroot_remove_cc
629 630
630 631 # Generate required machine-id
631 632 MACHINE_ID=$(dbus-uuidgen)
632 633 echo -n "${MACHINE_ID}" > "${R}/var/lib/dbus/machine-id"
633 634 echo -n "${MACHINE_ID}" > "${ETC_DIR}/machine-id"
634 635
635 636 # APT Cleanup
636 637 chroot_exec apt-get -y clean
637 638 chroot_exec apt-get -y autoclean
638 639 chroot_exec apt-get -y autoremove
639 640
640 641 # Unmount mounted filesystems
641 642 umount -l "${R}/proc"
642 643 umount -l "${R}/sys"
643 644
644 645 # Clean up directories
645 646 rm -rf "${R}/run/*"
646 647 rm -rf "${R}/tmp/*"
647 648
648 649 # Clean up files
649 650 rm -f "${ETC_DIR}/ssh/ssh_host_*"
650 651 rm -f "${ETC_DIR}/dropbear/dropbear_*"
651 652 rm -f "${ETC_DIR}/apt/sources.list.save"
652 653 rm -f "${ETC_DIR}/resolvconf/resolv.conf.d/original"
653 654 rm -f "${ETC_DIR}/*-"
654 655 rm -f "${ETC_DIR}/apt/apt.conf.d/10proxy"
655 656 rm -f "${ETC_DIR}/resolv.conf"
656 657 rm -f "${R}/root/.bash_history"
657 658 rm -f "${R}/var/lib/urandom/random-seed"
658 659 rm -f "${R}/initrd.img"
659 660 rm -f "${R}/vmlinuz"
660 661 rm -f "${R}${QEMU_BINARY}"
661 662
662 663 if [ "$ENABLE_QEMU" = true ] ; then
663 664 # Setup QEMU directory
664 665 mkdir "${BASEDIR}/qemu"
665 666
666 667 # Copy kernel image to QEMU directory
667 668 install_readonly "${BOOT_DIR}/${KERNEL_IMAGE}" "${BASEDIR}/qemu/${KERNEL_IMAGE}"
668 669
669 670 # Copy kernel config to QEMU directory
670 671 install_readonly "${R}/boot/config-${KERNEL_VERSION}" "${BASEDIR}/qemu/config-${KERNEL_VERSION}"
671 672
672 673 # Copy kernel dtbs to QEMU directory
673 674 for dtb in "${BOOT_DIR}/"*.dtb ; do
674 675 if [ -f "${dtb}" ] ; then
675 676 install_readonly "${dtb}" "${BASEDIR}/qemu/"
676 677 fi
677 678 done
678 679
679 680 # Copy kernel overlays to QEMU directory
680 681 if [ -d "${BOOT_DIR}/overlays" ] ; then
681 682 # Setup overlays dtbs directory
682 683 mkdir "${BASEDIR}/qemu/overlays"
683 684
684 685 for dtb in "${BOOT_DIR}/overlays/"*.dtb ; do
685 686 if [ -f "${dtb}" ] ; then
686 687 install_readonly "${dtb}" "${BASEDIR}/qemu/overlays/"
687 688 fi
688 689 done
689 690 fi
690 691
691 692 # Copy u-boot files to QEMU directory
692 693 if [ "$ENABLE_UBOOT" = true ] ; then
693 694 if [ -f "${BOOT_DIR}/u-boot.bin" ] ; then
694 695 install_readonly "${BOOT_DIR}/u-boot.bin" "${BASEDIR}/qemu/u-boot.bin"
695 696 fi
696 697 if [ -f "${BOOT_DIR}/uboot.mkimage" ] ; then
697 698 install_readonly "${BOOT_DIR}/uboot.mkimage" "${BASEDIR}/qemu/uboot.mkimage"
698 699 fi
699 700 if [ -f "${BOOT_DIR}/boot.scr" ] ; then
700 701 install_readonly "${BOOT_DIR}/boot.scr" "${BASEDIR}/qemu/boot.scr"
701 702 fi
702 703 fi
703 704
704 705 # Copy initramfs to QEMU directory
705 706 if [ -f "${BOOT_DIR}/initramfs-${KERNEL_VERSION}" ] ; then
706 707 install_readonly "${BOOT_DIR}/initramfs-${KERNEL_VERSION}" "${BASEDIR}/qemu/initramfs-${KERNEL_VERSION}"
707 708 fi
708 709 fi
709 710
710 711 # Calculate size of the chroot directory in KB
711 712 CHROOT_SIZE=$(expr "$(du -s "${R}" | awk '{ print $1 }')")
712 713
713 714 # Calculate the amount of needed 512 Byte sectors
714 715 TABLE_SECTORS=$(expr 1 \* 1024 \* 1024 \/ 512)
715 716 FRMW_SECTORS=$(expr 64 \* 1024 \* 1024 \/ 512)
716 717 ROOT_OFFSET=$(expr "${TABLE_SECTORS}" + "${FRMW_SECTORS}")
717 718
718 719 # The root partition is EXT4
719 720 # This means more space than the actual used space of the chroot is used.
720 721 # As overhead for journaling and reserved blocks 35% are added.
721 722 ROOT_SECTORS=$(expr "$(expr "${CHROOT_SIZE}" + "${CHROOT_SIZE}" \/ 100 \* 35)" \* 1024 \/ 512)
722 723
723 724 # Calculate required image size in 512 Byte sectors
724 725 IMAGE_SECTORS=$(expr "${TABLE_SECTORS}" + "${FRMW_SECTORS}" + "${ROOT_SECTORS}")
725 726
726 727 # Prepare image file
727 728 if [ "$ENABLE_SPLITFS" = true ] ; then
728 729 dd if=/dev/zero of="$IMAGE_NAME-frmw.img" bs=512 count="${TABLE_SECTORS}"
729 730 dd if=/dev/zero of="$IMAGE_NAME-frmw.img" bs=512 count=0 seek="${FRMW_SECTORS}"
730 731 dd if=/dev/zero of="$IMAGE_NAME-root.img" bs=512 count="${TABLE_SECTORS}"
731 732 dd if=/dev/zero of="$IMAGE_NAME-root.img" bs=512 count=0 seek="${ROOT_SECTORS}"
732 733
733 734 # Write firmware/boot partition tables
734 735 sfdisk -q -L -uS -f "$IMAGE_NAME-frmw.img" 2> /dev/null <<EOM
735 736 ${TABLE_SECTORS},${FRMW_SECTORS},c,*
736 737 EOM
737 738
738 739 # Write root partition table
739 740 sfdisk -q -L -uS -f "$IMAGE_NAME-root.img" 2> /dev/null <<EOM
740 741 ${TABLE_SECTORS},${ROOT_SECTORS},83
741 742 EOM
742 743
743 744 # Setup temporary loop devices
744 745 FRMW_LOOP="$(losetup -o 1M --sizelimit 64M -f --show "$IMAGE_NAME"-frmw.img)"
745 746 ROOT_LOOP="$(losetup -o 1M -f --show "$IMAGE_NAME"-root.img)"
746 747 else # ENABLE_SPLITFS=false
747 748 dd if=/dev/zero of="$IMAGE_NAME.img" bs=512 count="${TABLE_SECTORS}"
748 749 dd if=/dev/zero of="$IMAGE_NAME.img" bs=512 count=0 seek="${IMAGE_SECTORS}"
749 750
750 751 # Write partition table
751 752 sfdisk -q -L -uS -f "$IMAGE_NAME.img" 2> /dev/null <<EOM
752 753 ${TABLE_SECTORS},${FRMW_SECTORS},c,*
753 754 ${ROOT_OFFSET},${ROOT_SECTORS},83
754 755 EOM
755 756
756 757 # Setup temporary loop devices
757 758 FRMW_LOOP="$(losetup -o 1M --sizelimit 64M -f --show "$IMAGE_NAME".img)"
758 759 ROOT_LOOP="$(losetup -o 65M -f --show "$IMAGE_NAME".img)"
759 760 fi
760 761
761 762 if [ "$ENABLE_CRYPTFS" = true ] ; then
762 763 # Create dummy ext4 fs
763 764 mkfs.ext4 "$ROOT_LOOP"
764 765
765 766 # Setup password keyfile
766 767 touch .password
767 768 chmod 600 .password
768 769 echo -n ${CRYPTFS_PASSWORD} > .password
769 770
770 771 # Initialize encrypted partition
771 772 echo "YES" | cryptsetup luksFormat "${ROOT_LOOP}" -c "${CRYPTFS_CIPHER}" -s "${CRYPTFS_XTSKEYSIZE}" .password
772 773
773 774 # Open encrypted partition and setup mapping
774 775 cryptsetup luksOpen "${ROOT_LOOP}" -d .password "${CRYPTFS_MAPPING}"
775 776
776 777 # Secure delete password keyfile
777 778 shred -zu .password
778 779
779 780 # Update temporary loop device
780 781 ROOT_LOOP="/dev/mapper/${CRYPTFS_MAPPING}"
781 782
782 783 # Wipe encrypted partition (encryption cipher is used for randomness)
783 784 dd if=/dev/zero of="${ROOT_LOOP}" bs=512 count="$(blockdev --getsz "${ROOT_LOOP}")"
784 785 fi
785 786
786 787 # Build filesystems
787 788 mkfs.vfat "$FRMW_LOOP"
788 789 mkfs.ext4 "$ROOT_LOOP"
789 790
790 791 # Mount the temporary loop devices
791 792 mkdir -p "$BUILDDIR/mount"
792 793 mount "$ROOT_LOOP" "$BUILDDIR/mount"
793 794
794 795 mkdir -p "$BUILDDIR/mount/boot/firmware"
795 796 mount "$FRMW_LOOP" "$BUILDDIR/mount/boot/firmware"
796 797
797 798 # Copy all files from the chroot to the loop device mount point directory
798 799 rsync -a "${R}/" "$BUILDDIR/mount/"
799 800
800 801 # Unmount all temporary loop devices and mount points
801 802 cleanup
802 803
803 804 # Create block map file(s) of image(s)
804 805 if [ "$ENABLE_SPLITFS" = true ] ; then
805 806 # Create block map files for "bmaptool"
806 807 bmaptool create -o "$IMAGE_NAME-frmw.bmap" "$IMAGE_NAME-frmw.img"
807 808 bmaptool create -o "$IMAGE_NAME-root.bmap" "$IMAGE_NAME-root.img"
808 809
809 810 # Image was successfully created
810 811 echo "$IMAGE_NAME-frmw.img ($(expr \( "${TABLE_SECTORS}" + "${FRMW_SECTORS}" \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
811 812 echo "$IMAGE_NAME-root.img ($(expr \( "${TABLE_SECTORS}" + "${ROOT_SECTORS}" \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
812 813 else
813 814 # Create block map file for "bmaptool"
814 815 bmaptool create -o "$IMAGE_NAME.bmap" "$IMAGE_NAME.img"
815 816
816 817 # Image was successfully created
817 818 echo "$IMAGE_NAME.img ($(expr \( "${TABLE_SECTORS}" + "${FRMW_SECTORS}" + "${ROOT_SECTORS}" \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
818 819
819 820 # Create qemu qcow2 image
820 821 if [ "$ENABLE_QEMU" = true ] ; then
821 822 QEMU_IMAGE=${QEMU_IMAGE:=${BASEDIR}/qemu/${DATE}-${KERNEL_ARCH}-CURRENT-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}}
822 823 QEMU_SIZE=16G
823 824
824 825 qemu-img convert -f raw -O qcow2 "$IMAGE_NAME".img "$QEMU_IMAGE".qcow2
825 826 qemu-img resize "$QEMU_IMAGE".qcow2 $QEMU_SIZE
826 827
827 828 echo "$QEMU_IMAGE.qcow2 ($QEMU_SIZE)" ": successfully created"
828 829 fi
829 830 fi
General Comments 0
Vous devez vous connecter pour laisser un commentaire. Se connecter maintenant