##// END OF EJS Templates
Raspi2-3_GenImage
RSS

Cloner depuis https://github.com/drtyhlpr/rpi23-gen-image.git

PATCHES for:...
Unknown -
r665:c4237fcbc4c6
parent child
Show More
Show file before | Show file after | Hide comments
@@ -1,548 +1,551
1 1 # rpi23-gen-image
2 2 ## Introduction
3 3 `rpi23-gen-image.sh` is an advanced Debian Linux bootstrapping shell script for generating Debian OS images for all Raspberry Pi computers. The script at this time supports the bootstrapping of the Debian (armhf/armel) releases `stretch` and `buster`. Raspberry Pi 0/1/2/3 images are generated for 32-bit mode only. Raspberry Pi 3 supports 64-bit images that can be generated using custom configuration parameters (```templates/rpi3-stretch-arm64-4.14.y```).
4 4
5 5 ## Build dependencies
6 6 The following list of Debian packages must be installed on the build system because they are essentially required for the bootstrapping process. The script will check if all required packages are installed and missing packages will be installed automatically if confirmed by the user.
7 7
8 8 ```debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git bc psmisc dbus sudo```
9 9
10 10 It is recommended to configure the `rpi23-gen-image.sh` script to build and install the latest Raspberry Pi Linux kernel. For the Raspberry 3 this is mandatory. Kernel compilation and linking will be performed on the build system using an ARM (armhf/armel) cross-compiler toolchain.
11 11
12 12 The script has been tested using the default `crossbuild-essential-armhf` and `crossbuild-essential-armel` toolchain meta packages on Debian Linux `stretch` build systems. Please check the [Debian CrossToolchains Wiki](https://wiki.debian.org/CrossToolchains) for further information.
13 13
14 14 ## Command-line parameters
15 15 The script accepts certain command-line parameters to enable or disable specific OS features, services and configuration settings. These parameters are passed to the `rpi23-gen-image.sh` script via (simple) shell-variables. Unlike environment shell-variables (simple) shell-variables are defined at the beginning of the command-line call of the `rpi23-gen-image.sh` script.
16 16
17 17 ##### Command-line examples:
18 18 ```shell
19 19 ENABLE_UBOOT=true ./rpi23-gen-image.sh
20 20 ENABLE_CONSOLE=false ENABLE_IPV6=false ./rpi23-gen-image.sh
21 21 ENABLE_WM=xfce4 ENABLE_FBTURBO=true ENABLE_MINBASE=true ./rpi23-gen-image.sh
22 22 ENABLE_HARDNET=true ENABLE_IPTABLES=true /rpi23-gen-image.sh
23 23 APT_SERVER=ftp.de.debian.org APT_PROXY="http://127.0.0.1:3142/" ./rpi23-gen-image.sh
24 24 ENABLE_MINBASE=true ./rpi23-gen-image.sh
25 25 BUILD_KERNEL=true ENABLE_MINBASE=true ENABLE_IPV6=false ./rpi23-gen-image.sh
26 26 BUILD_KERNEL=true KERNELSRC_DIR=/tmp/linux ./rpi23-gen-image.sh
27 27 ENABLE_MINBASE=true ENABLE_REDUCE=true ENABLE_MINGPU=true BUILD_KERNEL=true ./rpi23-gen-image.sh
28 28 ENABLE_CRYPTFS=true CRYPTFS_PASSWORD=changeme EXPANDROOT=false ENABLE_MINBASE=true ENABLE_REDUCE=true ENABLE_MINGPU=true BUILD_KERNEL=true ./rpi23-gen-image.sh
29 29 RELEASE=stretch BUILD_KERNEL=true ./rpi23-gen-image.sh
30 30 RPI_MODEL=3 ENABLE_WIRELESS=true ENABLE_MINBASE=true BUILD_KERNEL=true ./rpi23-gen-image.sh
31 31 RELEASE=stretch RPI_MODEL=3 ENABLE_WIRELESS=true ENABLE_MINBASE=true BUILD_KERNEL=true ./rpi23-gen-image.sh
32 32 ```
33 33
34 34 ## Configuration template files
35 35 To avoid long lists of command-line parameters and to help to store the favourite parameter configurations the `rpi23-gen-image.sh` script supports so called configuration template files (`CONFIG_TEMPLATE`=template). These are simple text files located in the `./templates` directory that contain the list of configuration parameters that will be used. New configuration template files can be added to the `./templates` directory.
36 36
37 37 ##### Command-line examples:
38 38 ```shell
39 39 CONFIG_TEMPLATE=rpi3stretch ./rpi23-gen-image.sh
40 40 CONFIG_TEMPLATE=rpi2stretch ./rpi23-gen-image.sh
41 41 ```
42 42
43 43 ## Supported parameters and settings
44 44 #### APT settings:
45 45 ##### `APT_SERVER`="ftp.debian.org"
46 46 Set Debian packages server address. Choose a server from the list of Debian worldwide [mirror sites](https://www.debian.org/mirror/list). Using a nearby server will probably speed-up all required downloads within the bootstrapping process.
47 47
48 48 ##### `APT_PROXY`=""
49 49 Set Proxy server address. Using a local Proxy-Cache like `apt-cacher-ng` will speed-up the bootstrapping process because all required Debian packages will only be downloaded from the Debian mirror site once. If `apt-cacher-ng` is running on default `http://127.0.0.1:3142` it is autodetected and you don't need to set this.
50 50
51 51 ##### `KEEP_APT_PROXY`=false
52 52 Keep the APT_PROXY settings used in the bootsrapping process in the generated image.
53 53
54 54 ##### `APT_INCLUDES`=""
55 55 A comma-separated list of additional packages to be installed by debootstrap during bootstrapping.
56 56
57 57 ##### `APT_INCLUDES_LATE`=""
58 58 A comma-separated list of additional packages to be installed by apt after bootstrapping and after APT sources are set up. This is useful for packages with pre-depends, which debootstrap do not handle well.
59 59
60 60 ---
61 61
62 62 #### General system settings:
63 63 ##### `SET_ARCH`=32
64 64 Set Architecture to default 32bit. If you want to compile 64-bit (RPI3 or RPI3+) set it to `64`. This option will set every needed cross-compiler or board specific option for a successful build.
65 65
66 66 ##### `RPI_MODEL`=2
67 67 Specify the target Raspberry Pi hardware model. The script at this time supports the following Raspberry Pi models:
68 68 - `0` = Raspberry Pi 0 and Raspberry Pi 0 W
69 69 - `1` = Raspberry Pi 1 model A and B
70 70 - `1P` = Raspberry Pi 1 model B+ and A+
71 71 - `2` = Raspberry Pi 2 model B
72 72 - `3` = Raspberry Pi 3 model B
73 73 - `3P` = Raspberry Pi 3 model B+
74 74
75 75 ##### `RELEASE`="buster"
76 76 Set the desired Debian release name. The script at this time supports the bootstrapping of the Debian releases `stretch` and `buster`.
77 77
78 78 ##### `RELEASE_ARCH`="armhf"
79 79 Set the desired Debian release architecture.
80 80
81 81 ##### `HOSTNAME`="rpi$RPI_MODEL-$RELEASE"
82 82 Set system hostname. It's recommended that the hostname is unique in the corresponding subnet.
83 83
84 84 ##### `PASSWORD`="raspberry"
85 85 Set system `root` password. It's **STRONGLY** recommended that you choose a custom password.
86 86
87 87 ##### `USER_PASSWORD`="raspberry"
88 88 Set password for the created non-root user `USER_NAME`=pi. Ignored if `ENABLE_USER`=false. It's **STRONGLY** recommended that you choose a custom password.
89 89
90 90 ##### `DEFLOCAL`="en_US.UTF-8"
91 91 Set default system locale. This setting can also be changed inside the running OS using the `dpkg-reconfigure locales` command. Please note that on using this parameter the script will automatically install the required packages `locales`, `keyboard-configuration` and `console-setup`.
92 92
93 93 ##### `TIMEZONE`="Europe/Berlin"
94 94 Set default system timezone. All available timezones can be found in the `/usr/share/zoneinfo/` directory. This setting can also be changed inside the running OS using the `dpkg-reconfigure tzdata` command.
95 95
96 96 ##### `EXPANDROOT`=true
97 97 Expand the root partition and filesystem automatically on first boot.
98 98
99 99 ##### `ENABLE_DPHYSSWAP`=true
100 100 Enable swap. The size of the swapfile is chosen relative to the size of the root partition. It'll use the `dphys-swapfile` package for that.
101 101
102 102 ##### `ENABLE_QEMU`=false
103 103 Generate kernel (`vexpress_defconfig`), file system image (`qcow2`) and DTB files that can be used for QEMU full system emulation (`vexpress-A15`). The output files are stored in the `$(pwd)/images/qemu` directory. You can find more information about running the generated image in the QEMU section of this readme file.
104 104
105 105 ---
106 106
107 107 #### Keyboard settings:
108 108 These options are used to configure keyboard layout in `/etc/default/keyboard` for console and Xorg. These settings can also be changed inside the running OS using the `dpkg-reconfigure keyboard-configuration` command.
109 109
110 110 ##### `XKB_MODEL`=""
111 111 Set the name of the model of your keyboard type.
112 112
113 113 ##### `XKB_LAYOUT`=""
114 114 Set the supported keyboard layout(s).
115 115
116 116 ##### `XKB_VARIANT`=""
117 117 Set the supported variant(s) of the keyboard layout(s).
118 118
119 119 ##### `XKB_OPTIONS`=""
120 120 Set extra xkb configuration options.
121 121
122 122 ---
123 123
124 124 #### Networking settings (DHCP):
125 125 This parameter is used to set up networking auto-configuration in `/etc/systemd/network/eth.network`. The default location of network configuration files in the Debian `stretch` release was changed to `/lib/systemd/network`.`
126 126
127 127 ##### `ENABLE_DHCP`=true
128 128 Set the system to use DHCP. This requires an DHCP server.
129 129
130 130 ---
131 131
132 132 #### Networking settings (static):
133 133 These parameters are used to set up a static networking configuration in `/etc/systemd/network/eth.network`. The following static networking parameters are only supported if `ENABLE_DHCP` was set to `false`. The default location of network configuration files in the Debian `stretch` release was changed to `/lib/systemd/network`.
134 134
135 135 ##### `NET_ADDRESS`=""
136 136 Set a static IPv4 or IPv6 address and its prefix, separated by "/", eg. "192.169.0.3/24".
137 137
138 138 ##### `NET_GATEWAY`=""
139 139 Set the IP address for the default gateway.
140 140
141 141 ##### `NET_DNS_1`=""
142 142 Set the IP address for the first DNS server.
143 143
144 144 ##### `NET_DNS_2`=""
145 145 Set the IP address for the second DNS server.
146 146
147 147 ##### `NET_DNS_DOMAINS`=""
148 148 Set the default DNS search domains to use for non fully qualified hostnames.
149 149
150 150 ##### `NET_NTP_1`=""
151 151 Set the IP address for the first NTP server.
152 152
153 153 ##### `NET_NTP_2`=""
154 154 Set the IP address for the second NTP server.
155 155
156 156 ---
157 157
158 158 #### Basic system features:
159 159 ##### `ENABLE_CONSOLE`=true
160 160 Enable serial console interface. Recommended if no monitor or keyboard is connected to the RPi2/3. In case of problems fe. if the network (auto) configuration failed - the serial console can be used to access the system. On RPI `0` `3` `3P` the CPU speed is locked at lowest speed.
161 161
162 162 ##### `ENABLE_PRINTK`=false
163 163 Enables printing kernel messages to konsole. printk is `3 4 1 3` as in raspbian.
164 164
165 165 ##### `ENABLE_BLUETOOTH`=false
166 166 Enable onboard Bluetooth interface on the RPi0/3/3P. See: [Configuring the GPIO serial port on Raspbian jessie and stretch](https://spellfoundry.com/2016/05/29/configuring-gpio-serial-port-raspbian-jessie-including-pi-3/).
167 167
168 168 ##### `ENABLE_MINIUART_OVERLAY`=false
169 169 Enable Bluetooth to use this. Adds overlay to swap UART0 with UART1. Enabling (slower) Bluetooth and full speed serial console. - RPI `0` `3` `3P` have a fast `hardware UART0` (ttyAMA0) and a `mini UART1` (ttyS0)! RPI `1` `1P` `2` only have a `hardware UART0`. `UART0` is considered better, because is faster and more stable than `mini UART1`. By default the Bluetooth modem is mapped to the `hardware UART0` and `mini UART` is used for console. The `mini UART` is a problem for the serial console, because its baudrate depends on the CPU frequency, which is changing on runtime. Resulting in a volatile baudrate and thus in an unusable serial console.
170 170
171 171 ##### `ENABLE_TURBO`=false
172 172 Enable Turbo mode. This setting locks cpu at the highest frequency. As setting ENABLE_CONSOLE=true locks RPI to lowest CPU speed, this is can be used additionally to lock cpu hat max speed. Need a good power supply and probably cooling for the Raspberry PI.
173 173
174 174 ##### `ENABLE_I2C`=false
175 175 Enable I2C interface on the RPi 0/1/2/3. Please check the [RPi 0/1/2/3 pinout diagrams](https://elinux.org/RPi_Low-level_peripherals) to connect the right GPIO pins.
176 176
177 177 ##### `ENABLE_SPI`=false
178 178 Enable SPI interface on the RPi 0/1/2/3. Please check the [RPi 0/1/2/3 pinout diagrams](https://elinux.org/RPi_Low-level_peripherals) to connect the right GPIO pins.
179 179
180 180 ##### `ENABLE_IPV6`=true
181 181 Enable IPv6 support. The network interface configuration is managed via systemd-networkd.
182 182
183 183 ##### `ENABLE_SSHD`=true
184 184 Install and enable OpenSSH service. The default configuration of the service doesn't allow `root` to login. Please use the user `pi` instead and `su -` or `sudo` to execute commands as root.
185 185
186 186 ##### `ENABLE_NONFREE`=false
187 187 Allow the installation of non-free Debian packages that do not comply with the DFSG. This is required to install closed-source firmware binary blobs.
188 188
189 189 ##### `ENABLE_WIRELESS`=false
190 190 Download and install the [closed-source firmware binary blob](https://github.com/RPi-Distro/firmware-nonfree/raw/master/brcm) that is required to run the internal wireless interface of the Raspberry Pi model `3`. This parameter is ignored if the specified `RPI_MODEL` is not `3`.
191 191
192 192 ##### `ENABLE_RSYSLOG`=true
193 193 If set to false, disable and uninstall rsyslog (so logs will be available only in journal files)
194 194
195 195 ##### `ENABLE_SOUND`=true
196 196 Enable sound hardware and install Advanced Linux Sound Architecture.
197 197
198 198 ##### `ENABLE_HWRANDOM`=true
199 199 Enable Hardware Random Number Generator. Strong random numbers are important for most network-based communications that use encryption. It's recommended to be enabled.
200 200
201 201 ##### `ENABLE_MINGPU`=false
202 202 Minimize the amount of shared memory reserved for the GPU. It doesn't seem to be possible to fully disable the GPU.
203 203
204 204 ##### `ENABLE_DBUS`=true
205 205 Install and enable D-Bus message bus. Please note that systemd should work without D-bus but it's recommended to be enabled.
206 206
207 207 ##### `ENABLE_XORG`=false
208 208 Install Xorg open-source X Window System.
209 209
210 210 ##### `ENABLE_WM`=""
211 211 Install a user-defined window manager for the X Window System. To make sure all X related package dependencies are getting installed `ENABLE_XORG` will automatically get enabled if `ENABLE_WM` is used. The `rpi23-gen-image.sh` script has been tested with the following list of window managers: `blackbox`, `openbox`, `fluxbox`, `jwm`, `dwm`, `xfce4`, `awesome`.
212 212
213 213 ##### `ENABLE_SYSVINIT`=false
214 214 Support for halt,init,poweroff,reboot,runlevel,shutdown,telinit commands
215 215
216 216 ---
217 217
218 218 #### Advanced system features:
219 ##### `ENABLE_KEYGEN`=false
220 Recover your lost codec license
221
219 222 ##### `ENABLE_SYSTEMDSWAP`=false
220 223 Enables [Systemd-swap service](https://github.com/Nefelim4ag/systemd-swap). Usefull if `KERNEL_ZSWAP` is enabled.
221 224
222 225 ##### `ENABLE_MINBASE`=false
223 226 Use debootstrap script variant `minbase` which only includes essential packages and apt. This will reduce the disk usage by about 65 MB.
224 227
225 228 ##### `ENABLE_REDUCE`=false
226 229 Reduce the disk space usage by deleting packages and files. See `REDUCE_*` parameters for detailed information.
227 230
228 231 ##### `ENABLE_UBOOT`=false
229 232 Replace the default RPi 0/1/2/3 second stage bootloader (bootcode.bin) with [U-Boot bootloader](https://git.denx.de/?p=u-boot.git;a=summary). U-Boot can boot images via the network using the BOOTP/TFTP protocol.
230 233
231 234 ##### `UBOOTSRC_DIR`=""
232 235 Path to a directory (`u-boot`) of [U-Boot bootloader sources](https://git.denx.de/?p=u-boot.git;a=summary) that will be copied, configured, build and installed inside the chroot.
233 236
234 237 ##### `ENABLE_FBTURBO`=false
235 238 Install and enable the [hardware accelerated Xorg video driver](https://github.com/ssvb/xf86-video-fbturbo) `fbturbo`. Please note that this driver is currently limited to hardware accelerated window moving and scrolling.
236 239
237 240 ##### `FBTURBOSRC_DIR`=""
238 241 Path to a directory (`xf86-video-fbturbo`) of [hardware accelerated Xorg video driver sources](https://github.com/ssvb/xf86-video-fbturbo) that will be copied, configured, build and installed inside the chroot.
239 242
240 243 ##### `ENABLE_VIDEOCORE`=false
241 244 Install and enable the [ARM side libraries for interfacing to Raspberry Pi GPU](https://github.com/raspberrypi/userland) `vcgencmd`. Please note that this driver is currently limited to hardware accelerated window moving and scrolling.
242 245
243 246 ##### `VIDEOCORESRC_DIR`=""
244 247 Path to a directory (`userland`) of [ARM side libraries for interfacing to Raspberry Pi GPU](https://github.com/raspberrypi/userland) that will be copied, configured, build and installed inside the chroot.
245 248
246 249 ##### `ENABLE_NEXMON`=false
247 250 Install and enable the [Source code for a C-based firmware patching framework for Broadcom/Cypress WiFi chips that enables you to write your own firmware patches, for example, to enable monitor mode with radiotap headers and frame injection](https://github.com/seemoo-lab/nexmon.git).
248 251
249 252 ##### `NEXMONSRC_DIR`=""
250 253 Path to a directory (`nexmon`) of [Source code for ARM side libraries for interfacing to Raspberry Pi GPU](https://github.com/raspberrypi/userland) that will be copied, configured, build and installed inside the chroot.
251 254
252 255 ##### `ENABLE_IPTABLES`=false
253 256 Enable iptables IPv4/IPv6 firewall. Simplified ruleset: Allow all outgoing connections. Block all incoming connections except to OpenSSH service.
254 257
255 258 ##### `ENABLE_USER`=true
256 259 Create non-root user with password `USER_PASSWORD`=raspberry. Unless overridden with `USER_NAME`=user, the username will be `pi`.
257 260
258 261 ##### `USER_NAME`=pi
259 262 Non-root user to create. Ignored if `ENABLE_USER`=false
260 263
261 264 ##### `ENABLE_ROOT`=false
262 265 Set root user password so root login will be enabled
263 266
264 267 ##### `ENABLE_HARDNET`=false
265 268 Enable IPv4/IPv6 network stack hardening settings.
266 269
267 270 ##### `ENABLE_SPLITFS`=false
268 271 Enable having root partition on an USB drive by creating two image files: one for the `/boot/firmware` mount point, and another for `/`.
269 272
270 273 ##### `CHROOT_SCRIPTS`=""
271 274 Path to a directory with scripts that should be run in the chroot before the image is finally built. Every executable file in this directory is run in lexicographical order.
272 275
273 276 ##### `ENABLE_INITRAMFS`=false
274 277 Create an initramfs that that will be loaded during the Linux startup process. `ENABLE_INITRAMFS` will automatically get enabled if `ENABLE_CRYPTFS`=true. This parameter will be ignored if `BUILD_KERNEL`=false.
275 278
276 279 ##### `ENABLE_IFNAMES`=true
277 280 Enable automatic assignment of predictable, stable network interface names for all local Ethernet, WLAN interfaces. This might create complex and long interface names.
278 281
279 282 ##### `ENABLE_SPLASH`=true
280 283 Enable default Raspberry Pi boot up rainbow splash screen.
281 284
282 285 ##### `ENABLE_LOGO`=true
283 286 Enable default Raspberry Pi console logo (image of four raspberries in the top left corner).
284 287
285 288 ##### `ENABLE_SILENT_BOOT`=false
286 289 Set the verbosity of console messages shown during boot up to a strict minimum.
287 290
288 291 ##### `DISABLE_UNDERVOLT_WARNINGS`=
289 292 Disable RPi2/3 under-voltage warnings and overlays. Setting the parameter to `1` will disable the warning overlay. Setting it to `2` will additionally allow RPi2/3 turbo mode when low-voltage is present.
290 293
291 294 ---
292 295
293 296 #### SSH settings:
294 297 ##### `SSH_ENABLE_ROOT`=false
295 298 Enable password-based root login via SSH. This may be a security risk with the default password set, use only in trusted environments. `ENABLE_ROOT` must be set to `true`.
296 299
297 300 ##### `SSH_DISABLE_PASSWORD_AUTH`=false
298 301 Disable password-based SSH authentication. Only public key based SSH (v2) authentication will be supported.
299 302
300 303 ##### `SSH_LIMIT_USERS`=false
301 304 Limit the users that are allowed to login via SSH. Only allow user `USER_NAME`=pi and root if `SSH_ENABLE_ROOT`=true to login. This parameter will be ignored if `dropbear` SSH is used (`REDUCE_SSHD`=true).
302 305
303 306 ##### `SSH_ROOT_PUB_KEY`=""
304 307 Add SSH (v2) public key(s) from specified file to `authorized_keys` file to enable public key based SSH (v2) authentication of user `root`. The specified file can also contain multiple SSH (v2) public keys. SSH protocol version 1 is not supported. `ENABLE_ROOT` **and** `SSH_ENABLE_ROOT` must be set to `true`.
305 308
306 309 ##### `SSH_USER_PUB_KEY`=""
307 310 Add SSH (v2) public key(s) from specified file to `authorized_keys` file to enable public key based SSH (v2) authentication of user `USER_NAME`=pi. The specified file can also contain multiple SSH (v2) public keys. SSH protocol version 1 is not supported.
308 311
309 312 ---
310 313
311 314 #### Kernel compilation:
312 315 ##### `BUILD_KERNEL`=true
313 316 Build and install the latest RPi 0/1/2/3 Linux kernel. Currently only the default RPi 0/1/2/3 kernel configuration is used.
314 317
315 318 ##### `CROSS_COMPILE`="arm-linux-gnueabihf-"
316 319 This sets the cross-compile environment for the compiler.
317 320
318 321 ##### `KERNEL_ARCH`="arm"
319 322 This sets the kernel architecture for the compiler.
320 323
321 324 ##### `KERNEL_IMAGE`="kernel7.img"
322 325 Name of the image file in the boot partition. If not set, `KERNEL_IMAGE` will be set to "kernel8.img" automatically if building for arm64.
323 326
324 327 ##### `KERNEL_BRANCH`=""
325 328 Name of the requested branch from the GIT location for the RPi Kernel. Default is using the current default branch from the GIT site.
326 329
327 330 ##### `QEMU_BINARY`="/usr/bin/qemu-arm-static"
328 331 Sets the QEMU enviornment for the Debian archive. If not set, `QEMU_BINARY` will be set to "/usr/bin/qemu-aarch64-static" automatically if building for arm64.
329 332
330 333 ##### `KERNEL_DEFCONFIG`="bcm2709_defconfig"
331 334 Sets the default config for kernel compiling. If not set, `KERNEL_DEFCONFIG` will be set to "bcmrpi3\_defconfig" automatically if building for arm64.
332 335
333 336 ##### `KERNEL_REDUCE`=false
334 337 Reduce the size of the generated kernel by removing unwanted devices, network and filesystem drivers (experimental).
335 338
336 339 ##### `KERNEL_THREADS`=1
337 340 Number of parallel kernel building threads. If the parameter is left untouched the script will automatically determine the number of CPU cores to set the number of parallel threads to speed the kernel compilation.
338 341
339 342 ##### `KERNEL_HEADERS`=true
340 343 Install kernel headers with the built kernel.
341 344
342 345 ##### `KERNEL_MENUCONFIG`=false
343 346 Start `make menuconfig` interactive menu-driven kernel configuration. The script will continue after `make menuconfig` was terminated.
344 347
345 348 ##### `KERNEL_OLDDEFCONFIG`=false
346 349 Run `make olddefconfig` to automatically set all new kernel configuration options to their recommended default values.
347 350
348 351 ##### `KERNEL_CCACHE`=false
349 352 Compile the kernel using ccache. This speeds up kernel recompilation by caching previous compilations and detecting when the same compilation is being done again.
350 353
351 354 ##### `KERNEL_REMOVESRC`=true
352 355 Remove all kernel sources from the generated OS image after it was built and installed.
353 356
354 357 ##### `KERNELSRC_DIR`=""
355 358 Path to a directory (`linux`) of [RaspberryPi Linux kernel sources](https://github.com/raspberrypi/linux) that will be copied, configured, build and installed inside the chroot.
356 359
357 360 ##### `KERNELSRC_CLEAN`=false
358 361 Clean the existing kernel sources directory `KERNELSRC_DIR` (using `make mrproper`) after it was copied to the chroot and before the compilation of the kernel has started. This parameter will be ignored if no `KERNELSRC_DIR` was specified or if `KERNELSRC_PREBUILT`=true.
359 362
360 363 ##### `KERNELSRC_CONFIG`=true
361 364 Run `make bcm2709_defconfig` (and optional `make menuconfig`) to configure the kernel sources before building. This parameter is automatically set to `true` if no existing kernel sources directory was specified using `KERNELSRC_DIR`. This parameter is ignored if `KERNELSRC_PREBUILT`=true.
362 365
363 366 ##### `KERNELSRC_USRCONFIG`=""
364 367 Copy own config file to kernel `.config`. If `KERNEL_MENUCONFIG`=true then running after copy.
365 368
366 369 ##### `KERNELSRC_PREBUILT`=false
367 370 With this parameter set to true the script expects the existing kernel sources directory to be already successfully cross-compiled. The parameters `KERNELSRC_CLEAN`, `KERNELSRC_CONFIG`, `KERNELSRC_USRCONFIG` and `KERNEL_MENUCONFIG` are ignored and no kernel compilation tasks are performed.
368 371
369 372 ##### `RPI_FIRMWARE_DIR`=""
370 373 The directory (`firmware`) containing a local copy of the firmware from the [RaspberryPi firmware project](https://github.com/raspberrypi/firmware). Default is to download the latest firmware directly from the project.
371 374
372 375 ##### `KERNEL_DEFAULT_GOV`="ONDEMAND"
373 376 Set the default cpu governor at kernel compilation. Supported values are: PERFORMANCE POWERSAVE USERSPACE ONDEMAND CONSERVATIVE SCHEDUTIL
374 377
375 378 ##### `KERNEL_NF`=false
376 379 Enable Netfilter modules as kernel modules
377 380
378 381 ##### `KERNEL_VIRT`=false
379 382 Enable Kernel KVM support (/dev/kvm)
380 383
381 384 ##### `KERNEL_ZSWAP`=false
382 385 Enable Kernel Zswap support. Best use on high RAM load and mediocre CPU load usecases
383 386
384 387 ##### `KERNEL_BPF`=true
385 388 Allow attaching eBPF programs to a cgroup using the bpf syscall (CONFIG_BPF_SYSCALL CONFIG_CGROUP_BPF) [systemd compilations about it - File /lib/systemd/system/systemd-journald.server:36 configures an IP firewall (IPAddressDeny=all), but the local system does not support BPF/cgroup based firewalls]
386 389
387 390 ##### `KERNEL_SECURITY`=false
388 391 Enables Apparmor, integrity subsystem, auditing.
389 392
390 393 ---
391 394
392 395 #### Reduce disk usage:
393 396 The following list of parameters is ignored if `ENABLE_REDUCE`=false.
394 397
395 398 ##### `REDUCE_APT`=true
396 399 Configure APT to use compressed package repository lists and no package caching files.
397 400
398 401 ##### `REDUCE_DOC`=true
399 402 Remove all doc files (harsh). Configure APT to not include doc files on future `apt-get` package installations.
400 403
401 404 ##### `REDUCE_MAN`=true
402 405 Remove all man pages and info files (harsh). Configure APT to not include man pages on future `apt-get` package installations.
403 406
404 407 ##### `REDUCE_VIM`=false
405 408 Replace `vim-tiny` package by `levee` a tiny vim clone.
406 409
407 410 ##### `REDUCE_BASH`=false
408 411 Remove `bash` package and switch to `dash` shell (experimental).
409 412
410 413 ##### `REDUCE_HWDB`=true
411 414 Remove PCI related hwdb files (experimental).
412 415
413 416 ##### `REDUCE_SSHD`=true
414 417 Replace `openssh-server` with `dropbear`.
415 418
416 419 ##### `REDUCE_LOCALE`=true
417 420 Remove all `locale` translation files.
418 421
419 422 ---
420 423
421 424 #### Encrypted root partition:
422 425 ##### `ENABLE_CRYPTFS`=false
423 426 Enable full system encryption with dm-crypt. Setup a fully LUKS encrypted root partition (aes-xts-plain64:sha512) and generate required initramfs. The /boot directory will not be encrypted. This parameter will be ignored if `BUILD_KERNEL`=false. `ENABLE_CRYPTFS` is experimental. SSH-to-initramfs is currently not supported but will be soon - feel free to help.
424 427
425 428 ##### `CRYPTFS_PASSWORD`=""
426 429 Set password of the encrypted root partition. This parameter is mandatory if `ENABLE_CRYPTFS`=true.
427 430
428 431 ##### `CRYPTFS_MAPPING`="secure"
429 432 Set name of dm-crypt managed device-mapper mapping.
430 433
431 434 ##### `CRYPTFS_CIPHER`="aes-xts-plain64:sha512"
432 435 Set cipher specification string. `aes-xts*` ciphers are strongly recommended.
433 436
434 437 ##### `CRYPTFS_XTSKEYSIZE`=512
435 438 Sets key size in bits. The argument has to be a multiple of 8.
436 439
437 440 ##### `CRYPTFS_DROPBEAR`=false
438 441 Enable Dropbear Initramfs support
439 442
440 443 ##### `CRYPTFS_DROPBEAR_PUBKEY`=""
441 444 Provide path to dropbear Public RSA-OpenSSH Key
442 445
443 446 ---
444 447
445 448 #### Build settings:
446 449 ##### `BASEDIR`=$(pwd)/images/${RELEASE}
447 450 Set a path to a working directory used by the script to generate an image.
448 451
449 452 ##### `IMAGE_NAME`=${BASEDIR}/${DATE}-${KERNEL_ARCH}-${KERNEL_BRANCH}-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}
450 453 Set a filename for the output file(s). Note: the script will create $IMAGE_NAME.img if `ENABLE_SPLITFS`=false or $IMAGE_NAME-frmw.img and $IMAGE_NAME-root.img if `ENABLE_SPLITFS`=true. Note 2: If the KERNEL_BRANCH is not set, the word "CURRENT" is used.
451 454
452 455 ## Understanding the script
453 456 The functions of this script that are required for the different stages of the bootstrapping are split up into single files located inside the `bootstrap.d` directory. During the bootstrapping every script in this directory gets executed in lexicographical order:
454 457
455 458 | Script | Description |
456 459 | --- | --- |
457 460 | `10-bootstrap.sh` | Debootstrap basic system |
458 461 | `11-apt.sh` | Setup APT repositories |
459 462 | `12-locale.sh` | Setup Locales and keyboard settings |
460 463 | `13-kernel.sh` | Build and install RPi 0/1/2/3 Kernel |
461 464 | `14-fstab.sh` | Setup fstab and initramfs |
462 465 | `15-rpi-config.sh` | Setup RPi 0/1/2/3 config and cmdline |
463 466 | `20-networking.sh` | Setup Networking |
464 467 | `21-firewall.sh` | Setup Firewall |
465 468 | `30-security.sh` | Setup Users and Security settings |
466 469 | `31-logging.sh` | Setup Logging |
467 470 | `32-sshd.sh` | Setup SSH and public keys |
468 471 | `41-uboot.sh` | Build and Setup U-Boot |
469 472 | `42-fbturbo.sh` | Build and Setup fbturbo Xorg driver |
470 473 | `43-videocore.sh` | Build and Setup videocore libraries |
471 474 | `50-firstboot.sh` | First boot actions |
472 475 | `99-reduce.sh` | Reduce the disk space usage |
473 476
474 477 All the required configuration files that will be copied to the generated OS image are located inside the `files` directory. It is not recommended to modify these configuration files manually.
475 478
476 479 | Directory | Description |
477 480 | --- | --- |
478 481 | `apt` | APT management configuration files |
479 482 | `boot` | Boot and RPi 0/1/2/3 configuration files |
480 483 | `dpkg` | Package Manager configuration |
481 484 | `etc` | Configuration files and rc scripts |
482 485 | `firstboot` | Scripts that get executed on first boot |
483 486 | `initramfs` | Initramfs scripts |
484 487 | `iptables` | Firewall configuration files |
485 488 | `locales` | Locales configuration |
486 489 | `modules` | Kernel Modules configuration |
487 490 | `mount` | Fstab configuration |
488 491 | `network` | Networking configuration files |
489 492 | `sysctl.d` | Swapping and Network Hardening configuration |
490 493 | `xorg` | fbturbo Xorg driver configuration |
491 494
492 495 ## Custom packages and scripts
493 496 Debian custom packages, i.e. those not in the debian repositories, can be installed by placing them in the `packages` directory. They are installed immediately after packages from the repositories are installed. Any dependencies listed in the custom packages will be downloaded automatically from the repositories. Do not list these custom packages in `APT_INCLUDES`.
494 497
495 498 Scripts in the custom.d directory will be executed after all other installation is complete but before the image is created.
496 499
497 500 ## Logging of the bootstrapping process
498 501 All information related to the bootstrapping process and the commands executed by the `rpi23-gen-image.sh` script can easily be saved into a logfile. The common shell command `script` can be used for this purpose:
499 502
500 503 ```shell
501 504 script -c 'APT_SERVER=ftp.de.debian.org ./rpi23-gen-image.sh' ./build.log
502 505 ```
503 506
504 507 ## Flashing the image file
505 508 After the image file was successfully created by the `rpi23-gen-image.sh` script it can be copied to the microSD card that will be used by the RPi 0/1/2/3 computer. This can be performed by using the tools `bmaptool` or `dd`. Using `bmaptool` will probably speed-up the copy process because `bmaptool` copies more wisely than `dd`.
506 509
507 510 ##### Flashing examples:
508 511 ```shell
509 512 bmaptool copy ./images/buster/2017-01-23-rpi3-buster.img /dev/mmcblk0
510 513 dd bs=4M if=./images/buster/2017-01-23-rpi3-buster.img of=/dev/mmcblk0
511 514 ```
512 515 If you have set `ENABLE_SPLITFS`, copy the `-frmw` image on the microSD card, then the `-root` one on the USB drive:
513 516 ```shell
514 517 bmaptool copy ./images/buster/2017-01-23-rpi3-buster-frmw.img /dev/mmcblk0
515 518 bmaptool copy ./images/buster/2017-01-23-rpi3-buster-root.img /dev/sdc
516 519 ```
517 520
518 521 ## QEMU emulation
519 522 Start QEMU full system emulation:
520 523 ```shell
521 524 qemu-system-arm -m 2048M -M vexpress-a15 -cpu cortex-a15 -kernel kernel7.img -no-reboot -dtb vexpress-v2p-ca15_a7.dtb -sd ${IMAGE_NAME}.qcow2 -append "root=/dev/mmcblk0p2 rw rootfstype=ext4 console=tty1"
522 525 ```
523 526
524 527 Start QEMU full system emulation and output to console:
525 528 ```shell
526 529 qemu-system-arm -m 2048M -M vexpress-a15 -cpu cortex-a15 -kernel kernel7.img -no-reboot -dtb vexpress-v2p-ca15_a7.dtb -sd ${IMAGE_NAME}.qcow2 -append "root=/dev/mmcblk0p2 rw rootfstype=ext4 console=ttyAMA0,115200 init=/bin/systemd" -serial stdio
527 530 ```
528 531
529 532 Start QEMU full system emulation with SMP and output to console:
530 533 ```shell
531 534 qemu-system-arm -m 2048M -M vexpress-a15 -cpu cortex-a15 -smp cpus=2,maxcpus=2 -kernel kernel7.img -no-reboot -dtb vexpress-v2p-ca15_a7.dtb -sd ${IMAGE_NAME}.qcow2 -append "root=/dev/mmcblk0p2 rw rootfstype=ext4 console=ttyAMA0,115200 init=/bin/systemd" -serial stdio
532 535 ```
533 536
534 537 Start QEMU full system emulation with cryptfs, initramfs and output to console:
535 538 ```shell
536 539 qemu-system-arm -m 2048M -M vexpress-a15 -cpu cortex-a15 -kernel kernel7.img -no-reboot -dtb vexpress-v2p-ca15_a7.dtb -sd ${IMAGE_NAME}.qcow2 -initrd "initramfs-${KERNEL_VERSION}" -append "root=/dev/mapper/secure cryptdevice=/dev/mmcblk0p2:secure rw rootfstype=ext4 console=ttyAMA0,115200 init=/bin/systemd" -serial stdio
537 540 ```
538 541
539 542 ## External links and references
540 543 * [Debian worldwide mirror sites](https://www.debian.org/mirror/list)
541 544 * [Debian Raspberry Pi 2 Wiki](https://wiki.debian.org/RaspberryPi2)
542 545 * [Debian CrossToolchains Wiki](https://wiki.debian.org/CrossToolchains)
543 546 * [Official Raspberry Pi Firmware on github](https://github.com/raspberrypi/firmware)
544 547 * [Official Raspberry Pi Kernel on github](https://github.com/raspberrypi/linux)
545 548 * [U-BOOT git repository](https://git.denx.de/?p=u-boot.git;a=summary)
546 549 * [Xorg DDX driver fbturbo](https://github.com/ssvb/xf86-video-fbturbo)
547 550 * [RPi3 Wireless interface firmware](https://github.com/RPi-Distro/firmware-nonfree/tree/master/brcm)
548 551 * [Collabora RPi2 Kernel precompiled](https://repositories.collabora.co.uk/debian/)
Show file before | Show file after | Hide comments
@@ -1,40 +1,44
1 1 #
2 2 # Setup APT repositories
3 3 #
4 4
5 5 # Load utility functions
6 6 . ./functions.sh
7 7
8 8 # Install and setup APT proxy configuration
9 9 if [ -z "$APT_PROXY" ] ; then
10 10 install_readonly files/apt/10proxy "${ETC_DIR}/apt/apt.conf.d/10proxy"
11 11 sed -i "s/\"\"/\"${APT_PROXY}\"/" "${ETC_DIR}/apt/apt.conf.d/10proxy"
12 12 fi
13 13
14 14 # Install APT sources.list
15 15 install_readonly files/apt/sources.list "${ETC_DIR}/apt/sources.list"
16 16
17 17 # Use specified APT server and release
18 18 sed -i "s/\/ftp.debian.org\//\/${APT_SERVER}\//" "${ETC_DIR}/apt/sources.list"
19 if [ "$RELEASE" = "bullseye" ] || [ "$RELEASE" = "testing" ] ; then
20 sed -i "s,stretch\\/updates,testing-security," "${ETC_DIR}/apt/sources.list"
21 else
19 22 sed -i "s/ stretch/ ${RELEASE}/" "${ETC_DIR}/apt/sources.list"
23 fi
20 24
21 25 # Upgrade package index and update all installed packages and changed dependencies
22 26 chroot_exec apt-get -qq -y update
23 27 chroot_exec apt-get -qq -y -u dist-upgrade
24 28
25 29 # Install additional packages
26 30 if [ "$APT_INCLUDES_LATE" ] ; then
27 31 chroot_exec apt-get -qq -y install $(echo "$APT_INCLUDES_LATE" |tr , ' ')
28 32 fi
29 33
30 34 # Install Debian custom packages
31 35 if [ -d packages ] ; then
32 36 for package in packages/*.deb ; do
33 37 cp "$package" "${R}"/tmp
34 38 chroot_exec dpkg --unpack /tmp/"$(basename "$package")"
35 39 done
36 40 fi
37 41
38 42 chroot_exec apt-get -qq -y -f install
39 43
40 44 chroot_exec apt-get -qq -y check
Show file before | Show file after | Hide comments
@@ -1,615 +1,865
1 1 #
2 2 # Build and Setup RPi2/3 Kernel
3 3 #
4 4
5 5 # Load utility functions
6 6 . ./functions.sh
7 7
8 8 # Need to use kali kernel src if nexmon is enabled
9 9 if [ "$ENABLE_NEXMON" = true ] ; then
10 10 KERNEL_URL="${KALI_KERNEL_URL}"
11 11 # Clear Branch and KernelSRC_DIR if using nexmon. Everyone will forget to clone kali kernel instead of nomrla kernel
12 12 KERNEL_BRANCH=""
13 13 KERNELSRC_DIR=""
14 14 fi
15 15
16 16 # Fetch and build latest raspberry kernel
17 17 if [ "$BUILD_KERNEL" = true ] ; then
18 18 # Setup source directory
19 19 mkdir -p "${KERNEL_DIR}"
20 20
21 21 # Copy existing kernel sources into chroot directory
22 22 if [ -n "$KERNELSRC_DIR" ] && [ -d "$KERNELSRC_DIR" ] ; then
23 23 # Copy kernel sources and include hidden files
24 24 cp -r "${KERNELSRC_DIR}/". "${KERNEL_DIR}"
25 25
26 26 # Clean the kernel sources
27 27 if [ "$KERNELSRC_CLEAN" = true ] && [ "$KERNELSRC_PREBUILT" = false ] ; then
28 28 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" mrproper
29 29 fi
30 30 else # KERNELSRC_DIR=""
31 31 # Create temporary directory for kernel sources
32 32 temp_dir=$(as_nobody mktemp -d)
33 33
34 34 # Fetch current RPi2/3 kernel sources
35 35 if [ -z "${KERNEL_BRANCH}" ] ; then
36 36 as_nobody -H git -C "${temp_dir}" clone --depth=1 "${KERNEL_URL}" linux
37 37 else
38 38 as_nobody -H git -C "${temp_dir}" clone --depth=1 --branch "${KERNEL_BRANCH}" "${KERNEL_URL}" linux
39 39 fi
40 40
41 41 # Copy downloaded kernel sources
42 42 cp -r "${temp_dir}/linux/"* "${KERNEL_DIR}"
43 43
44 44 # Remove temporary directory for kernel sources
45 45 rm -fr "${temp_dir}"
46 46
47 47 # Set permissions of the kernel sources
48 48 chown -R root:root "${R}/usr/src"
49 49 fi
50 50
51 51 # Calculate optimal number of kernel building threads
52 52 if [ "$KERNEL_THREADS" = "1" ] && [ -r /proc/cpuinfo ] ; then
53 53 KERNEL_THREADS=$(grep -c processor /proc/cpuinfo)
54 54 fi
55
56 #Copy 32bit config to 64bit
57 if [ "$ENABLE_QEMU" = true ] && [ "$KERNEL_ARCH" = arm64 ]; then
58 cp "${KERNEL_DIR}"/arch/arm/configs/vexpress_defconfig "${KERNEL_DIR}"/arch/arm64/configs/
59 fi
55 60
56 61 # Configure and build kernel
57 62 if [ "$KERNELSRC_PREBUILT" = false ] ; then
58 63 # Remove device, network and filesystem drivers from kernel configuration
59 64 if [ "$KERNEL_REDUCE" = true ] ; then
60 65 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" "${KERNEL_DEFCONFIG}"
61 66 sed -i\
62 67 -e "s/\(^CONFIG_SND.*\=\).*/\1n/"\
63 68 -e "s/\(^CONFIG_SOUND.*\=\).*/\1n/"\
64 69 -e "s/\(^CONFIG_AC97.*\=\).*/\1n/"\
65 70 -e "s/\(^CONFIG_VIDEO_.*\=\).*/\1n/"\
66 71 -e "s/\(^CONFIG_MEDIA_TUNER.*\=\).*/\1n/"\
67 72 -e "s/\(^CONFIG_DVB.*\=\)[ym]/\1n/"\
68 73 -e "s/\(^CONFIG_REISERFS.*\=\).*/\1n/"\
69 74 -e "s/\(^CONFIG_JFS.*\=\).*/\1n/"\
70 75 -e "s/\(^CONFIG_XFS.*\=\).*/\1n/"\
71 76 -e "s/\(^CONFIG_GFS2.*\=\).*/\1n/"\
72 77 -e "s/\(^CONFIG_OCFS2.*\=\).*/\1n/"\
73 78 -e "s/\(^CONFIG_BTRFS.*\=\).*/\1n/"\
74 79 -e "s/\(^CONFIG_HFS.*\=\).*/\1n/"\
75 80 -e "s/\(^CONFIG_JFFS2.*\=\)[ym]/\1n/"\
76 81 -e "s/\(^CONFIG_UBIFS.*\=\).*/\1n/"\
77 82 -e "s/\(^CONFIG_SQUASHFS.*\=\)[ym]/\1n/"\
78 83 -e "s/\(^CONFIG_W1.*\=\)[ym]/\1n/"\
79 84 -e "s/\(^CONFIG_HAMRADIO.*\=\).*/\1n/"\
80 85 -e "s/\(^CONFIG_CAN.*\=\).*/\1n/"\
81 86 -e "s/\(^CONFIG_IRDA.*\=\).*/\1n/"\
82 87 -e "s/\(^CONFIG_BT_.*\=\).*/\1n/"\
83 88 -e "s/\(^CONFIG_WIMAX.*\=\)[ym]/\1n/"\
84 89 -e "s/\(^CONFIG_6LOWPAN.*\=\).*/\1n/"\
85 90 -e "s/\(^CONFIG_IEEE802154.*\=\).*/\1n/"\
86 91 -e "s/\(^CONFIG_NFC.*\=\).*/\1n/"\
87 92 -e "s/\(^CONFIG_FB_TFT=.*\=\).*/\1n/"\
88 93 -e "s/\(^CONFIG_TOUCHSCREEN.*\=\).*/\1n/"\
89 94 -e "s/\(^CONFIG_USB_GSPCA_.*\=\).*/\1n/"\
90 95 -e "s/\(^CONFIG_DRM.*\=\).*/\1n/"\
91 96 "${KERNEL_DIR}/.config"
92 97 fi
93 98
94 99 if [ "$KERNELSRC_CONFIG" = true ] ; then
95 100 # Load default raspberry kernel configuration
96 101 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" "${KERNEL_DEFCONFIG}"
97 102
98 103 #Switch to KERNELSRC_DIR so we can use set_kernel_config
99 104 cd "${KERNEL_DIR}" || exit
100 105
101 106 if [ "$KERNEL_ARCH" = arm64 ] ; then
107 if [ "$KERNEL_ARCH" = arm64 ] && [ "$ENABLE_QEMU" = false ]; then
108 # Mask this temporarily during switch to rpi-4.19.y
102 109 #Fix SD_DRIVER upstream and downstream mess in 64bit RPIdeb_config
103 110 # use correct driver MMC_BCM2835_MMC instead of MMC_BCM2835_SDHOST - see https://www.raspberrypi.org/forums/viewtopic.php?t=210225
104 111 set_kernel_config CONFIG_MMC_BCM2835 n
105 112 set_kernel_config CONFIG_MMC_SDHCI_IPROC n
106 113 set_kernel_config CONFIG_USB_DWC2 n
107 114 sed -i "s|depends on MMC_BCM2835_MMC && MMC_BCM2835_DMA|depends on MMC_BCM2835_MMC|" "${KERNEL_DIR}"/drivers/mmc/host/Kconfig
108 115
109 116 #VLAN got disabled without reason in arm64bit
110 117 set_kernel_config CONFIG_IPVLAN m
111 118 fi
112 119
113 120 # enable ZSWAP see https://askubuntu.com/a/472227 or https://wiki.archlinux.org/index.php/zswap
114 121 if [ "$KERNEL_ZSWAP" = true ] ; then
115 122 set_kernel_config CONFIG_ZPOOL y
116 123 set_kernel_config CONFIG_ZSWAP y
117 124 set_kernel_config CONFIG_ZBUD y
118 125 set_kernel_config CONFIG_Z3FOLD y
119 126 set_kernel_config CONFIG_ZSMALLOC y
120 127 set_kernel_config CONFIG_PGTABLE_MAPPING y
121 set_kernel_config CONFIG_LZO_COMPRESS y
122
128 set_kernel_config CONFIG_LZO_COMPRESS y
123 129 fi
130
131 if [ RPI_MODEL = 4 ] ; then
132 # Following are set in current 32-bit LPAE kernel
133 set_kernel_config CONFIG_CGROUP_PIDS y
134 set_kernel_config CONFIG_NET_IPVTI m
135 set_kernel_config CONFIG_NF_TABLES_SET m
136 set_kernel_config CONFIG_NF_TABLES_INET y
137 set_kernel_config CONFIG_NF_TABLES_NETDEV y
138 set_kernel_config CONFIG_NF_FLOW_TABLE m
139 set_kernel_config CONFIG_NFT_FLOW_OFFLOAD m
140 set_kernel_config CONFIG_NFT_CONNLIMIT m
141 set_kernel_config CONFIG_NFT_TUNNEL m
142 set_kernel_config CONFIG_NFT_OBJREF m
143 set_kernel_config CONFIG_NFT_FIB_IPV4 m
144 set_kernel_config CONFIG_NFT_FIB_IPV6 m
145 set_kernel_config CONFIG_NFT_FIB_INET m
146 set_kernel_config CONFIG_NFT_SOCKET m
147 set_kernel_config CONFIG_NFT_OSF m
148 set_kernel_config CONFIG_NFT_TPROXY m
149 set_kernel_config CONFIG_NF_DUP_NETDEV m
150 set_kernel_config CONFIG_NFT_DUP_NETDEV m
151 set_kernel_config CONFIG_NFT_FWD_NETDEV m
152 set_kernel_config CONFIG_NFT_FIB_NETDEV m
153 set_kernel_config CONFIG_NF_FLOW_TABLE_INET m
154 set_kernel_config CONFIG_NF_FLOW_TABLE m
155 set_kernel_config CONFIG_NETFILTER_XT_MATCH_SOCKET m
156 set_kernel_config CONFIG_NFT_CHAIN_ROUTE_IPV6 m
157 set_kernel_config CONFIG_NFT_CHAIN_NAT_IPV6 m
158 set_kernel_config CONFIG_NFT_MASQ_IPV6 m
159 set_kernel_config CONFIG_NFT_REDIR_IPV6 m
160 set_kernel_config CONFIG_NFT_REJECT_IPV6 m
161 set_kernel_config CONFIG_NFT_DUP_IPV6 m
162 set_kernel_config CONFIG_NFT_FIB_IPV6 m
163 set_kernel_config CONFIG_NF_FLOW_TABLE_IPV6 m
164 set_kernel_config CONFIG_NF_TABLES_BRIDGE m
165 set_kernel_config CONFIG_NFT_BRIDGE_REJECT m
166 set_kernel_config CONFIG_NF_LOG_BRIDGE m
167 set_kernel_config CONFIG_MT76_CORE m
168 set_kernel_config CONFIG_MT76_LEDS m
169 set_kernel_config CONFIG_MT76_USB m
170 set_kernel_config CONFIG_MT76x2_COMMON m
171 set_kernel_config CONFIG_MT76x0U m
172 set_kernel_config CONFIG_MT76x2U m
173 set_kernel_config CONFIG_TOUCHSCREEN_ILI210X m
174 set_kernel_config CONFIG_BCM_VC_SM m
175 set_kernel_config CONFIG_BCM2835_SMI_DEV m
176 set_kernel_config CONFIG_RPIVID_MEM m
177 set_kernel_config CONFIG_HW_RANDOM_BCM2835 y
178 set_kernel_config CONFIG_TCG_TPM m
179 set_kernel_config CONFIG_HW_RANDOM_TPM y
180 set_kernel_config CONFIG_TCG_TIS m
181 set_kernel_config CONFIG_TCG_TIS_SPI m
182 set_kernel_config CONFIG_I2C_MUX m
183 set_kernel_config CONFIG_I2C_MUX_GPMUX m
184 set_kernel_config CONFIG_I2C_MUX_PCA954x m
185 set_kernel_config CONFIG_SPI_GPIO m
186 set_kernel_config CONFIG_BATTERY_MAX17040 m
187 set_kernel_config CONFIG_SENSORS_GPIO_FAN m
188 set_kernel_config CONFIG_SENSORS_RASPBERRYPI_HWMON m
189 set_kernel_config CONFIG_BCM2835_THERMAL y
190 set_kernel_config CONFIG_RC_CORE y
191 set_kernel_config CONFIG_RC_MAP y
192 set_kernel_config CONFIG_LIRC y
193 set_kernel_config CONFIG_RC_DECODERS y
194 set_kernel_config CONFIG_IR_NEC_DECODER m
195 set_kernel_config CONFIG_IR_RC5_DECODER m
196 set_kernel_config CONFIG_IR_RC6_DECODER m
197 set_kernel_config CONFIG_IR_JVC_DECODER m
198 set_kernel_config CONFIG_IR_SONY_DECODER m
199 set_kernel_config CONFIG_IR_SANYO_DECODER m
200 set_kernel_config CONFIG_IR_SHARP_DECODER m
201 set_kernel_config CONFIG_IR_MCE_KBD_DECODER m
202 set_kernel_config CONFIG_IR_XMP_DECODER m
203 set_kernel_config CONFIG_IR_IMON_DECODER m
204 set_kernel_config CONFIG_RC_DEVICES y
205 set_kernel_config CONFIG_RC_ATI_REMOTE m
206 set_kernel_config CONFIG_IR_IMON m
207 set_kernel_config CONFIG_IR_MCEUSB m
208 set_kernel_config CONFIG_IR_REDRAT3 m
209 set_kernel_config CONFIG_IR_STREAMZAP m
210 set_kernel_config CONFIG_IR_IGUANA m
211 set_kernel_config CONFIG_IR_TTUSBIR m
212 set_kernel_config CONFIG_RC_LOOPBACK m
213 set_kernel_config CONFIG_IR_GPIO_CIR m
214 set_kernel_config CONFIG_IR_GPIO_TX m
215 set_kernel_config CONFIG_IR_PWM_TX m
216 set_kernel_config CONFIG_VIDEO_V4L2_SUBDEV_API y
217 set_kernel_config CONFIG_VIDEO_AU0828_RC y
218 set_kernel_config CONFIG_VIDEO_CX231XX m
219 set_kernel_config CONFIG_VIDEO_CX231XX_RC y
220 set_kernel_config CONFIG_VIDEO_CX231XX_ALSA m
221 set_kernel_config CONFIG_VIDEO_CX231XX_DVB m
222 set_kernel_config CONFIG_VIDEO_TM6000 m
223 set_kernel_config CONFIG_VIDEO_TM6000_ALSA m
224 set_kernel_config CONFIG_VIDEO_TM6000_DVB m
225 set_kernel_config CONFIG_DVB_USB m
226 set_kernel_config CONFIG_DVB_USB_DIB3000MC m
227 set_kernel_config CONFIG_DVB_USB_A800 m
228 set_kernel_config CONFIG_DVB_USB_DIBUSB_MB m
229 set_kernel_config CONFIG_DVB_USB_DIBUSB_MB_FAULTY y
230 set_kernel_config CONFIG_DVB_USB_DIBUSB_MC m
231 set_kernel_config CONFIG_DVB_USB_DIB0700 m
232 set_kernel_config CONFIG_DVB_USB_UMT_010 m
233 set_kernel_config CONFIG_DVB_USB_CXUSB m
234 set_kernel_config CONFIG_DVB_USB_M920X m
235 set_kernel_config CONFIG_DVB_USB_DIGITV m
236 set_kernel_config CONFIG_DVB_USB_VP7045 m
237 set_kernel_config CONFIG_DVB_USB_VP702X m
238 set_kernel_config CONFIG_DVB_USB_GP8PSK m
239 set_kernel_config CONFIG_DVB_USB_NOVA_T_USB2 m
240 set_kernel_config CONFIG_DVB_USB_TTUSB2 m
241 set_kernel_config CONFIG_DVB_USB_DTT200U m
242 set_kernel_config CONFIG_DVB_USB_OPERA1 m
243 set_kernel_config CONFIG_DVB_USB_AF9005 m
244 set_kernel_config CONFIG_DVB_USB_AF9005_REMOTE m
245 set_kernel_config CONFIG_DVB_USB_PCTV452E m
246 set_kernel_config CONFIG_DVB_USB_DW2102 m
247 set_kernel_config CONFIG_DVB_USB_CINERGY_T2 m
248 set_kernel_config CONFIG_DVB_USB_DTV5100 m
249 set_kernel_config CONFIG_DVB_USB_AZ6027 m
250 set_kernel_config CONFIG_DVB_USB_TECHNISAT_USB2 m
251 set_kernel_config CONFIG_DVB_USB_AF9015 m
252 set_kernel_config CONFIG_DVB_USB_LME2510 m
253 set_kernel_config CONFIG_DVB_USB_RTL28XXU m
254 set_kernel_config CONFIG_VIDEO_EM28XX_RC m
255 set_kernel_config CONFIG_SMS_SIANO_RC m
256 set_kernel_config CONFIG_VIDEO_IR_I2C m
257 set_kernel_config CONFIG_VIDEO_ADV7180 m
258 set_kernel_config CONFIG_VIDEO_TC358743 m
259 set_kernel_config CONFIG_VIDEO_OV5647 m
260 set_kernel_config CONFIG_DVB_M88DS3103 m
261 set_kernel_config CONFIG_DVB_AF9013 m
262 set_kernel_config CONFIG_DVB_RTL2830 m
263 set_kernel_config CONFIG_DVB_RTL2832 m
264 set_kernel_config CONFIG_DVB_SI2168 m
265 set_kernel_config CONFIG_DVB_GP8PSK_FE m
266 set_kernel_config CONFIG_DVB_USB m
267 set_kernel_config CONFIG_DVB_LGDT3306A m
268 set_kernel_config CONFIG_FB_SIMPLE y
269 set_kernel_config CONFIG_SND_BCM2708_SOC_IQAUDIO_CODEC m
270 set_kernel_config CONFIG_SND_BCM2708_SOC_I_SABRE_Q2M m
271 set_kernel_config CONFIG_SND_AUDIOSENSE_PI m
272 set_kernel_config CONFIG_SND_SOC_AD193X m
273 set_kernel_config CONFIG_SND_SOC_AD193X_SPI m
274 set_kernel_config CONFIG_SND_SOC_AD193X_I2C m
275 set_kernel_config CONFIG_SND_SOC_CS4265 m
276 set_kernel_config CONFIG_SND_SOC_DA7213 m
277 set_kernel_config CONFIG_SND_SOC_ICS43432 m
278 set_kernel_config CONFIG_SND_SOC_TLV320AIC32X4 m
279 set_kernel_config CONFIG_SND_SOC_TLV320AIC32X4_I2C m
280 set_kernel_config CONFIG_SND_SOC_I_SABRE_CODEC m
281 set_kernel_config CONFIG_HID_BIGBEN_FF m
282 #set_kernel_config CONFIG_USB_XHCI_PLATFORM y
283 set_kernel_config CONFIG_USB_TMC m
284 set_kernel_config CONFIG_USB_UAS y
285 set_kernel_config CONFIG_USBIP_VUDC m
286 set_kernel_config CONFIG_USB_CONFIGFS m
287 set_kernel_config CONFIG_USB_CONFIGFS_SERIAL y
288 set_kernel_config CONFIG_USB_CONFIGFS_ACM y
289 set_kernel_config CONFIG_USB_CONFIGFS_OBEX y
290 set_kernel_config CONFIG_USB_CONFIGFS_NCM y
291 set_kernel_config CONFIG_USB_CONFIGFS_ECM y
292 set_kernel_config CONFIG_USB_CONFIGFS_ECM_SUBSET y
293 set_kernel_config CONFIG_USB_CONFIGFS_RNDIS y
294 set_kernel_config CONFIG_USB_CONFIGFS_EEM y
295 set_kernel_config CONFIG_USB_CONFIGFS_MASS_STORAGE y
296 set_kernel_config CONFIG_USB_CONFIGFS_F_LB_SS y
297 set_kernel_config CONFIG_USB_CONFIGFS_F_FS y
298 set_kernel_config CONFIG_USB_CONFIGFS_F_UAC1 y
299 set_kernel_config CONFIG_USB_CONFIGFS_F_UAC2 y
300 set_kernel_config CONFIG_USB_CONFIGFS_F_MIDI y
301 set_kernel_config CONFIG_USB_CONFIGFS_F_HID y
302 set_kernel_config CONFIG_USB_CONFIGFS_F_UVC y
303 set_kernel_config CONFIG_USB_CONFIGFS_F_PRINTER y
304 set_kernel_config CONFIG_LEDS_PCA963X m
305 set_kernel_config CONFIG_LEDS_IS31FL32XX m
306 set_kernel_config CONFIG_LEDS_TRIGGER_NETDEV m
307 set_kernel_config CONFIG_RTC_DRV_RV3028 m
308 set_kernel_config CONFIG_AUXDISPLAY y
309 set_kernel_config CONFIG_HD44780 m
310 set_kernel_config CONFIG_FB_TFT_SH1106 m
311 set_kernel_config CONFIG_VIDEO_CODEC_BCM2835 m
312 set_kernel_config CONFIG_BCM2835_POWER y
313 set_kernel_config CONFIG_INV_MPU6050_IIO m
314 set_kernel_config CONFIG_INV_MPU6050_I2C m
315 set_kernel_config CONFIG_SECURITYFS y
316
317 # Safer to build this in
318 set_kernel_config CONFIG_BINFMT_MISC y
319
320 # pulseaudio wants a buffer of at least this size
321 set_kernel_config CONFIG_SND_HDA_PREALLOC_SIZE 2048
322
323 # PR#3063: enable 3D acceleration with 64-bit kernel on RPi4
324 # set the appropriate kernel configs unlocked by this PR
325 set_kernel_config CONFIG_ARCH_BCM y
326 set_kernel_config CONFIG_ARCH_BCM2835 y
327 set_kernel_config CONFIG_DRM_V3D m
328 set_kernel_config CONFIG_DRM_VC4 m
329 set_kernel_config CONFIG_DRM_VC4_HDMI_CEC y
330
331 # PR#3144: add arm64 pcie bounce buffers; enables 4GiB on RPi4
332 # required by PR#3144; should already be applied, but just to be safe
333 set_kernel_config CONFIG_PCIE_BRCMSTB y
334 set_kernel_config CONFIG_BCM2835_MMC y
335
336 # Snap needs squashfs. The ubuntu eoan-preinstalled-server image at
337 # http://cdimage.ubuntu.com/ubuntu-server/daily-preinstalled/current/ uses snap
338 # during cloud-init setup at first boot. Without this the login accounts are not
339 # created and the user can not login.
340 set_kernel_config CONFIG_SQUASHFS y
341
342 # Ceph support for Block Device (RBD) and Filesystem (FS)
343 # https://docs.ceph.com/docs/master/
344 set_kernel_config CONFIG_CEPH_LIB m
345 set_kernel_config CONFIG_CEPH_LIB_USE_DNS_RESOLVER y
346 set_kernel_config CONFIG_CEPH_FS m
347 set_kernel_config CONFIG_CEPH_FSCACHE y
348 set_kernel_config CONFIG_CEPH_FS_POSIX_ACL y
349 set_kernel_config CONFIG_BLK_DEV_RBD m
124 350
125 351 # enable basic KVM support; see https://www.raspberrypi.org/forums/viewtopic.php?f=63&t=210546&start=25#p1300453
126 if [ "$KERNEL_VIRT" = true ] && { [ "$RPI_MODEL" = 2 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; } ; then
352 if [ "$KERNEL_VIRT" = true ] && { [ "$RPI_MODEL" = 2 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] || [ "$RPI_MODEL" = 4 ]; } ; then
353 set_kernel_config CONFIG_HAVE_KVM y
354 set_kernel_config CONFIG_HIGH_RES_TIMERS y
127 355 set_kernel_config CONFIG_HAVE_KVM_IRQCHIP y
128 356 set_kernel_config CONFIG_HAVE_KVM_ARCH_TLB_FLUSH_ALL y
129 357 set_kernel_config CONFIG_HAVE_KVM_CPU_RELAX_INTERCEPT y
130 358 set_kernel_config CONFIG_HAVE_KVM_EVENTFD y
131 359 set_kernel_config CONFIG_HAVE_KVM_IRQFD y
132 360 set_kernel_config CONFIG_HAVE_KVM_IRQ_ROUTING y
133 361 set_kernel_config CONFIG_HAVE_KVM_MSI y
134 362 set_kernel_config CONFIG_KVM y
135 363 set_kernel_config CONFIG_KVM_ARM_HOST y
136 364 set_kernel_config CONFIG_KVM_ARM_PMU y
137 365 set_kernel_config CONFIG_KVM_COMPAT y
138 366 set_kernel_config CONFIG_KVM_GENERIC_DIRTYLOG_READ_PROTECT y
139 367 set_kernel_config CONFIG_KVM_MMIO y
140 368 set_kernel_config CONFIG_KVM_VFIO y
369 set_kernel_config CONFIG_KVM_MMU_AUDIT y
141 370 set_kernel_config CONFIG_VHOST m
142 371 set_kernel_config CONFIG_VHOST_CROSS_ENDIAN_LEGACY y
143 372 set_kernel_config CONFIG_VHOST_NET m
144 373 set_kernel_config CONFIG_VIRTUALIZATION y
145
374 set_kernel_config CONFIG_SLAB_FREELIST_RANDOM=y
375 set_kernel_config CONFIG_SLAB_FREELIST_HARDENED=y
146 376 set_kernel_config CONFIG_MMU_NOTIFIER y
147 377
148 378 # erratum
149 379 set_kernel_config ARM64_ERRATUM_834220 y
150 380
151 381 # https://sourceforge.net/p/kvm/mailman/message/18440797/
152 382 set_kernel_config CONFIG_PREEMPT_NOTIFIERS y
153 383 fi
154 384
155 385 # enable apparmor,integrity audit,
156 386 if [ "$KERNEL_SECURITY" = true ] ; then
157 387
158 388 # security filesystem, security models and audit
159 389 set_kernel_config CONFIG_SECURITYFS y
160 390 set_kernel_config CONFIG_SECURITY y
161 391 set_kernel_config CONFIG_AUDIT y
162 392
163 393 # harden strcpy and memcpy
164 394 set_kernel_config CONFIG_HARDENED_USERCOPY y
165 395 set_kernel_config CONFIG_HAVE_HARDENED_USERCOPY_ALLOCATOR y
166 396 set_kernel_config CONFIG_FORTIFY_SOURCE y
167 397
168 398 # integrity sub-system
169 399 set_kernel_config CONFIG_INTEGRITY y
170 400 set_kernel_config CONFIG_INTEGRITY_ASYMMETRIC_KEYS y
171 401 set_kernel_config CONFIG_INTEGRITY_AUDIT y
172 402 set_kernel_config CONFIG_INTEGRITY_SIGNATURE y
173 403 set_kernel_config CONFIG_INTEGRITY_TRUSTED_KEYRING y
174 404
175 405 # This option provides support for retaining authentication tokens and access keys in the kernel.
176 406 set_kernel_config CONFIG_KEYS y
177 407 set_kernel_config CONFIG_KEYS_COMPAT y
178 408
179 409 # Apparmor
180 410 set_kernel_config CONFIG_SECURITY_APPARMOR_BOOTPARAM_VALUE 0
181 411 set_kernel_config CONFIG_SECURITY_APPARMOR_HASH_DEFAULT y
182 412 set_kernel_config CONFIG_DEFAULT_SECURITY_APPARMOR y
183 413 set_kernel_config CONFIG_SECURITY_APPARMOR y
184 414 set_kernel_config CONFIG_SECURITY_APPARMOR_HASH y
185 415 set_kernel_config CONFIG_DEFAULT_SECURITY "apparmor"
186 416
187 417 # restrictions on unprivileged users reading the kernel
188 418 set_kernel_config CONFIG_SECURITY_DMESG_RESTRICT y
189 419
190 420 # network security hooks
191 421 set_kernel_config CONFIG_SECURITY_NETWORK y
192 422 set_kernel_config CONFIG_SECURITY_NETWORK_XFRM y
193 423 set_kernel_config CONFIG_SECURITY_PATH y
194 424 set_kernel_config CONFIG_SECURITY_YAMA n
195 425
196 # New Options
197 if [ "$KERNEL_NF" = true ] ; then
198 set_kernel_config CONFIG_IP_NF_SECURITY m
199 set_kernel_config CONFIG_NETLABEL y
200 set_kernel_config CONFIG_IP6_NF_SECURITY m
201 fi
202 426 set_kernel_config CONFIG_SECURITY_SELINUX n
203 427 set_kernel_config CONFIG_SECURITY_SMACK n
204 428 set_kernel_config CONFIG_SECURITY_TOMOYO n
205 429 set_kernel_config CONFIG_SECURITY_APPARMOR_DEBUG n
206 430 set_kernel_config CONFIG_SECURITY_LOADPIN n
207 431 set_kernel_config CONFIG_HARDENED_USERCOPY_PAGESPAN n
208 432 set_kernel_config CONFIG_IMA n
209 433 set_kernel_config CONFIG_EVM n
210 434 set_kernel_config CONFIG_FANOTIFY_ACCESS_PERMISSIONS y
211 435 set_kernel_config CONFIG_NFSD_V4_SECURITY_LABEL y
212 436 set_kernel_config CONFIG_PKCS7_MESSAGE_PARSER y
213 437 set_kernel_config CONFIG_SYSTEM_TRUSTED_KEYRING y
214 set_kernel_config CONFIG_SYSTEM_TRUSTED_KEYS y
215 438 set_kernel_config CONFIG_SYSTEM_EXTRA_CERTIFICATE y
216 439 set_kernel_config CONFIG_SECONDARY_TRUSTED_KEYRING y
217 440 set_kernel_config CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY n
218 441 set_kernel_config CONFIG_SYSTEM_TRUSTED_KEYS m
219 442 set_kernel_config CONFIG_SYSTEM_EXTRA_CERTIFICATE_SIZE 4096
220 443
221 444 set_kernel_config CONFIG_ARM64_CRYPTO y
222 445 set_kernel_config CONFIG_CRYPTO_SHA256_ARM64 m
223 446 set_kernel_config CONFIG_CRYPTO_SHA512_ARM64 m
224 447 set_kernel_config CONFIG_CRYPTO_SHA1_ARM64_CE m
225 448 set_kernel_config CRYPTO_GHASH_ARM64_CE m
226 449 set_kernel_config CRYPTO_SHA2_ARM64_CE m
227 450 set_kernel_config CONFIG_CRYPTO_CRCT10DIF_ARM64_CE m
228 451 set_kernel_config CONFIG_CRYPTO_CRC32_ARM64_CE m
229 452 set_kernel_config CONFIG_CRYPTO_AES_ARM64 m
230 453 set_kernel_config CONFIG_CRYPTO_AES_ARM64_CE m
231 454 set_kernel_config CONFIG_CRYPTO_AES_ARM64_CE_CCM y
232 455 set_kernel_config CONFIG_CRYPTO_AES_ARM64_CE_BLK y
233 456 set_kernel_config CONFIG_CRYPTO_AES_ARM64_NEON_BLK m
234 457 set_kernel_config CONFIG_CRYPTO_CHACHA20_NEON m
235 458 set_kernel_config CONFIG_CRYPTO_AES_ARM64_BS m
236 set_kernel_config SYSTEM_TRUSTED_KEYS
237 459 fi
238 460
239 461 # Netfilter kernel support See https://github.com/raspberrypi/linux/issues/2177#issuecomment-354647406
240 462 if [ "$KERNEL_NF" = true ] ; then
463 set_kernel_config CONFIG_IP_NF_SECURITY m
464 set_kernel_config CONFIG_NETLABEL y
465 set_kernel_config CONFIG_IP6_NF_SECURITY m
241 466 set_kernel_config CONFIG_IP_NF_TARGET_SYNPROXY m
242 467 set_kernel_config CONFIG_NETFILTER_XT_TARGET_AUDIT m
243 468 set_kernel_config CONFIG_NETFILTER_XT_MATCH_CGROUP m
244 469 set_kernel_config CONFIG_NETFILTER_XT_MATCH_IPCOMP m
245 470 set_kernel_config CONFIG_NETFILTER_XT_MATCH_SOCKET m
246 471 set_kernel_config CONFIG_NFT_FIB_INET m
247 472 set_kernel_config CONFIG_NFT_FIB_IPV4 m
248 473 set_kernel_config CONFIG_NFT_FIB_IPV6 m
249 474 set_kernel_config CONFIG_NFT_FIB_NETDEV m
250 475 set_kernel_config CONFIG_NFT_OBJREF m
251 476 set_kernel_config CONFIG_NFT_RT m
252 477 set_kernel_config CONFIG_NFT_SET_BITMAP m
253 478 set_kernel_config CONFIG_NF_CONNTRACK_TIMEOUT y
254 479 set_kernel_config CONFIG_NF_LOG_ARP m
255 480 set_kernel_config CONFIG_NF_SOCKET_IPV4 m
256 481 set_kernel_config CONFIG_NF_SOCKET_IPV6 m
257 482 set_kernel_config CONFIG_BRIDGE_EBT_BROUTE m
258 483 set_kernel_config CONFIG_BRIDGE_EBT_T_FILTER m
259 484 set_kernel_config CONFIG_BRIDGE_NF_EBTABLES m
260 485 set_kernel_config CONFIG_IP6_NF_IPTABLES m
261 486 set_kernel_config CONFIG_IP6_NF_MATCH_AH m
262 487 set_kernel_config CONFIG_IP6_NF_MATCH_EUI64 m
263 488 set_kernel_config CONFIG_IP6_NF_NAT m
264 489 set_kernel_config CONFIG_IP6_NF_TARGET_MASQUERADE m
265 490 set_kernel_config CONFIG_IP6_NF_TARGET_NPT m
266 set_kernel_config CONFIG_IP_NF_SECURITY m
267 491 set_kernel_config CONFIG_IP_SET_BITMAP_IPMAC m
268 492 set_kernel_config CONFIG_IP_SET_BITMAP_PORT m
269 493 set_kernel_config CONFIG_IP_SET_HASH_IP m
270 494 set_kernel_config CONFIG_IP_SET_HASH_IPMARK m
271 495 set_kernel_config CONFIG_IP_SET_HASH_IPPORT m
272 496 set_kernel_config CONFIG_IP_SET_HASH_IPPORTIP m
273 497 set_kernel_config CONFIG_IP_SET_HASH_IPPORTNET m
274 498 set_kernel_config CONFIG_IP_SET_HASH_MAC m
275 499 set_kernel_config CONFIG_IP_SET_HASH_NET m
276 500 set_kernel_config CONFIG_IP_SET_HASH_NETIFACE m
277 501 set_kernel_config CONFIG_IP_SET_HASH_NETNET m
278 502 set_kernel_config CONFIG_IP_SET_HASH_NETPORT m
279 503 set_kernel_config CONFIG_IP_SET_HASH_NETPORTNET m
280 504 set_kernel_config CONFIG_IP_SET_LIST_SET m
281 505 set_kernel_config CONFIG_NETFILTER_XTABLES m
282 506 set_kernel_config CONFIG_NETFILTER_XTABLES m
283 507 set_kernel_config CONFIG_NFT_BRIDGE_META m
284 508 set_kernel_config CONFIG_NFT_BRIDGE_REJECT m
285 509 set_kernel_config CONFIG_NFT_CHAIN_NAT_IPV4 m
286 510 set_kernel_config CONFIG_NFT_CHAIN_NAT_IPV6 m
287 511 set_kernel_config CONFIG_NFT_CHAIN_ROUTE_IPV4 m
288 512 set_kernel_config CONFIG_NFT_CHAIN_ROUTE_IPV6 m
289 513 set_kernel_config CONFIG_NFT_COMPAT m
290 514 set_kernel_config CONFIG_NFT_COUNTER m
291 515 set_kernel_config CONFIG_NFT_CT m
292 516 set_kernel_config CONFIG_NFT_DUP_IPV4 m
293 517 set_kernel_config CONFIG_NFT_DUP_IPV6 m
294 518 set_kernel_config CONFIG_NFT_DUP_NETDEV m
295 519 set_kernel_config CONFIG_NFT_EXTHDR m
296 520 set_kernel_config CONFIG_NFT_FWD_NETDEV m
297 521 set_kernel_config CONFIG_NFT_HASH m
298 522 set_kernel_config CONFIG_NFT_LIMIT m
299 523 set_kernel_config CONFIG_NFT_LOG m
300 524 set_kernel_config CONFIG_NFT_MASQ m
301 525 set_kernel_config CONFIG_NFT_MASQ_IPV4 m
302 526 set_kernel_config CONFIG_NFT_MASQ_IPV6 m
303 527 set_kernel_config CONFIG_NFT_META m
304 528 set_kernel_config CONFIG_NFT_NAT m
305 529 set_kernel_config CONFIG_NFT_NUMGEN m
306 530 set_kernel_config CONFIG_NFT_QUEUE m
307 531 set_kernel_config CONFIG_NFT_QUOTA m
308 532 set_kernel_config CONFIG_NFT_REDIR m
309 533 set_kernel_config CONFIG_NFT_REDIR_IPV4 m
310 534 set_kernel_config CONFIG_NFT_REDIR_IPV6 m
311 535 set_kernel_config CONFIG_NFT_REJECT m
312 536 set_kernel_config CONFIG_NFT_REJECT_INET m
313 537 set_kernel_config CONFIG_NFT_REJECT_IPV4 m
314 538 set_kernel_config CONFIG_NFT_REJECT_IPV6 m
315 539 set_kernel_config CONFIG_NFT_SET_HASH m
316 540 set_kernel_config CONFIG_NFT_SET_RBTREE m
317 541 set_kernel_config CONFIG_NF_CONNTRACK_IPV4 m
318 542 set_kernel_config CONFIG_NF_CONNTRACK_IPV6 m
319 543 set_kernel_config CONFIG_NF_DEFRAG_IPV4 m
320 544 set_kernel_config CONFIG_NF_DEFRAG_IPV6 m
321 545 set_kernel_config CONFIG_NF_DUP_IPV4 m
322 546 set_kernel_config CONFIG_NF_DUP_IPV6 m
323 547 set_kernel_config CONFIG_NF_DUP_NETDEV m
324 548 set_kernel_config CONFIG_NF_LOG_BRIDGE m
325 549 set_kernel_config CONFIG_NF_LOG_IPV4 m
326 550 set_kernel_config CONFIG_NF_LOG_IPV6 m
327 551 set_kernel_config CONFIG_NF_NAT_IPV4 m
328 552 set_kernel_config CONFIG_NF_NAT_IPV6 m
329 set_kernel_config CONFIG_NF_NAT_MASQUERADE_IPV4 m
330 set_kernel_config CONFIG_NF_NAT_MASQUERADE_IPV6 m
553 set_kernel_config CONFIG_NF_NAT_MASQUERADE_IPV4 y
554 set_kernel_config CONFIG_NF_NAT_MASQUERADE_IPV6 y
331 555 set_kernel_config CONFIG_NF_NAT_PPTP m
332 556 set_kernel_config CONFIG_NF_NAT_PROTO_GRE m
333 set_kernel_config CONFIG_NF_NAT_REDIRECT m
557 set_kernel_config CONFIG_NF_NAT_REDIRECT y
334 558 set_kernel_config CONFIG_NF_NAT_SIP m
335 559 set_kernel_config CONFIG_NF_NAT_SNMP_BASIC m
336 560 set_kernel_config CONFIG_NF_NAT_TFTP m
337 561 set_kernel_config CONFIG_NF_REJECT_IPV4 m
338 562 set_kernel_config CONFIG_NF_REJECT_IPV6 m
339 563 set_kernel_config CONFIG_NF_TABLES m
340 564 set_kernel_config CONFIG_NF_TABLES_ARP m
341 565 set_kernel_config CONFIG_NF_TABLES_BRIDGE m
342 566 set_kernel_config CONFIG_NF_TABLES_INET m
343 set_kernel_config CONFIG_NF_TABLES_IPV4 m
344 set_kernel_config CONFIG_NF_TABLES_IPV6 m
567 set_kernel_config CONFIG_NF_TABLES_IPV4 y
568 set_kernel_config CONFIG_NF_TABLES_IPV6 y
345 569 set_kernel_config CONFIG_NF_TABLES_NETDEV m
570 set_kernel_config CONFIG_NF_TABLES_SET m
571 set_kernel_config CONFIG_NF_TABLES_INET y
572 set_kernel_config CONFIG_NF_TABLES_NETDEV y
573 set_kernel_config CONFIG_NFT_CONNLIMIT m
574 set_kernel_config CONFIG_NFT_TUNNEL m
575 set_kernel_config CONFIG_NFT_SOCKET m
576 set_kernel_config CONFIG_NFT_TPROXY m
577 set_kernel_config CONFIG_NF_FLOW_TABLE m
578 set_kernel_config CONFIG_NFT_FLOW_OFFLOAD m
579 set_kernel_config CONFIG_NF_FLOW_TABLE_INET m
580 set_kernel_config CONFIG_NF_TABLES_ARP y
581 set_kernel_config CONFIG_NF_FLOW_TABLE_IPV4 y
582 set_kernel_config CONFIG_NF_FLOW_TABLE_IPV6 y
583 set_kernel_config CONFIG_NF_TABLES_BRIDGE y
584 set_kernel_config CONFIG_NF_CT_NETLINK_TIMEOUT m
585 set_kernel_config CONFIG_NFT_OSF m
586
346 587 fi
347 588
348 589 # Enables BPF syscall for systemd-journald see https://github.com/torvalds/linux/blob/master/init/Kconfig#L848 or https://groups.google.com/forum/#!topic/linux.gentoo.user/_2aSc_ztGpA
349 590 if [ "$KERNEL_BPF" = true ] ; then
350 591 set_kernel_config CONFIG_BPF_SYSCALL y
351 set_kernel_config CONFIG_BPF_EVENTS y
352 set_kernel_config CONFIG_BPF_STREAM_PARSER y
592 set_kernel_config CONFIG_BPF_EVENTS y
593 set_kernel_config CONFIG_BPF_STREAM_PARSER y
353 594 set_kernel_config CONFIG_CGROUP_BPF y
595 set_kernel_config CONFIG_XDP_SOCKETS y
354 596 fi
355 597
356 598 # KERNEL_DEFAULT_GOV was set by user
357 599 if [ "$KERNEL_DEFAULT_GOV" != powersave ] && [ -n "$KERNEL_DEFAULT_GOV" ] ; then
358 600
359 601 case "$KERNEL_DEFAULT_GOV" in
360 602 performance)
361 603 set_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_PERFORMANCE y
362 604 ;;
363 605 userspace)
364 606 set_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_USERSPACE y
365 607 ;;
366 608 ondemand)
367 609 set_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_ONDEMAND y
368 610 ;;
369 611 conservative)
370 612 set_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_CONSERVATIVE y
371 613 ;;
372 614 shedutil)
373 615 set_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_SCHEDUTIL y
374 616 ;;
375 617 *)
376 618 echo "error: unsupported default cpu governor"
377 619 exit 1
378 620 ;;
379 621 esac
380 622
381 623 # unset previous default governor
382 624 unset_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_POWERSAVE
383 625 fi
384 626
385 627 #Revert to previous directory
386 628 cd "${WORKDIR}" || exit
387 629
388 630 # Set kernel configuration parameters to enable qemu emulation
389 631 if [ "$ENABLE_QEMU" = true ] ; then
390 632 echo "CONFIG_FHANDLE=y" >> "${KERNEL_DIR}"/.config
391 633 echo "CONFIG_LBDAF=y" >> "${KERNEL_DIR}"/.config
392 634
393 635 if [ "$ENABLE_CRYPTFS" = true ] ; then
394 636 {
395 637 echo "CONFIG_EMBEDDED=y"
396 638 echo "CONFIG_EXPERT=y"
397 639 echo "CONFIG_DAX=y"
398 640 echo "CONFIG_MD=y"
399 641 echo "CONFIG_BLK_DEV_MD=y"
400 642 echo "CONFIG_MD_AUTODETECT=y"
401 643 echo "CONFIG_BLK_DEV_DM=y"
402 644 echo "CONFIG_BLK_DEV_DM_BUILTIN=y"
403 645 echo "CONFIG_DM_CRYPT=y"
404 646 echo "CONFIG_CRYPTO_BLKCIPHER=y"
405 647 echo "CONFIG_CRYPTO_CBC=y"
406 648 echo "CONFIG_CRYPTO_XTS=y"
407 649 echo "CONFIG_CRYPTO_SHA512=y"
408 650 echo "CONFIG_CRYPTO_MANAGER=y"
409 651 } >> "${KERNEL_DIR}"/.config
410 652 fi
411 653 fi
412 654
413 655 # Copy custom kernel configuration file
414 656 if [ -n "$KERNELSRC_USRCONFIG" ] ; then
415 657 cp "$KERNELSRC_USRCONFIG" "${KERNEL_DIR}"/.config
416 658 fi
417 659
418 660 # Set kernel configuration parameters to their default values
419 661 if [ "$KERNEL_OLDDEFCONFIG" = true ] ; then
420 662 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" olddefconfig
421 663 fi
422 664
423 665 # Start menu-driven kernel configuration (interactive)
424 666 if [ "$KERNEL_MENUCONFIG" = true ] ; then
425 667 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" menuconfig
426 668 fi
427 669 # end if "$KERNELSRC_CONFIG" = true
428 670 fi
429 671
430 672 # Use ccache to cross compile the kernel
431 673 if [ "$KERNEL_CCACHE" = true ] ; then
432 674 cc="ccache ${CROSS_COMPILE}gcc"
433 675 else
434 676 cc="${CROSS_COMPILE}gcc"
435 677 fi
436 678
437 679 # Cross compile kernel and dtbs
438 680 make -C "${KERNEL_DIR}" -j"${KERNEL_THREADS}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" CC="${cc}" "${KERNEL_BIN_IMAGE}" dtbs
439 681
440 682 # Cross compile kernel modules
441 683 if grep -q "CONFIG_MODULES=y" "${KERNEL_DIR}/.config" ; then
442 684 make -C "${KERNEL_DIR}" -j"${KERNEL_THREADS}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" CC="${cc}" modules
443 685 fi
444 686 # end if "$KERNELSRC_PREBUILT" = false
445 687 fi
446 688
447 689 # Check if kernel compilation was successful
448 690 if [ ! -r "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/${KERNEL_BIN_IMAGE}" ] ; then
449 691 echo "error: kernel compilation failed! (kernel image not found)"
450 692 cleanup
451 693 exit 1
452 694 fi
453 695
454 696 # Install kernel modules
455 697 if [ "$ENABLE_REDUCE" = true ] ; then
456 698 if grep -q "CONFIG_MODULES=y" "${KERNEL_DIR}/.config" ; then
457 699 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_MOD_STRIP=1 INSTALL_MOD_PATH=../../.. modules_install
458 700 fi
459 701 else
460 702 if grep -q "CONFIG_MODULES=y" "${KERNEL_DIR}/.config" ; then
461 703 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_MOD_PATH=../../.. modules_install
462 704 fi
463 705
464 706 # Install kernel firmware
465 707 if grep -q "^firmware_install:" "${KERNEL_DIR}/Makefile" ; then
466 708 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_FW_PATH=../../../lib firmware_install
467 709 fi
468 710 fi
469 711
470 712 # Install kernel headers
471 713 if [ "$KERNEL_HEADERS" = true ] && [ "$KERNEL_REDUCE" = false ] ; then
472 714 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_HDR_PATH=../.. headers_install
473 715 fi
474 716
475 717 # Prepare boot (firmware) directory
476 718 mkdir "${BOOT_DIR}"
477 719
478 720 # Get kernel release version
479 721 KERNEL_VERSION=$(cat "${KERNEL_DIR}/include/config/kernel.release")
480 722
481 723 # Copy kernel configuration file to the boot directory
482 724 install_readonly "${KERNEL_DIR}/.config" "${R}/boot/config-${KERNEL_VERSION}"
483 725
484 726 # Prepare device tree directory
485 727 mkdir "${BOOT_DIR}/overlays"
486 728
487 729 # Ensure the proper .dtb is located
488 730 if [ "$KERNEL_ARCH" = "arm" ] ; then
489 731 for dtb in "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/"*.dtb ; do
490 732 if [ -f "${dtb}" ] ; then
491 733 install_readonly "${dtb}" "${BOOT_DIR}/"
492 734 fi
493 735 done
494 736 else
495 737 for dtb in "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/broadcom/"*.dtb ; do
496 738 if [ -f "${dtb}" ] ; then
497 739 install_readonly "${dtb}" "${BOOT_DIR}/"
498 740 fi
499 741 done
500 742 fi
501 743
502 744 # Copy compiled dtb device tree files
503 745 if [ -d "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays" ] ; then
504 746 for dtb in "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays/"*.dtbo ; do
505 747 if [ -f "${dtb}" ] ; then
506 748 install_readonly "${dtb}" "${BOOT_DIR}/overlays/"
507 749 fi
508 750 done
509 751
510 752 if [ -f "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays/README" ] ; then
511 753 install_readonly "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays/README" "${BOOT_DIR}/overlays/README"
512 754 fi
513 755 fi
514 756
515 757 if [ "$ENABLE_UBOOT" = false ] ; then
516 758 # Convert and copy kernel image to the boot directory
517 759 "${KERNEL_DIR}/scripts/mkknlimg" "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/${KERNEL_BIN_IMAGE}" "${BOOT_DIR}/${KERNEL_IMAGE}"
518 760 else
519 761 # Copy kernel image to the boot directory
520 762 install_readonly "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/${KERNEL_BIN_IMAGE}" "${BOOT_DIR}/${KERNEL_IMAGE}"
521 763 fi
522 764
523 765 # Remove kernel sources
524 766 if [ "$KERNEL_REMOVESRC" = true ] ; then
525 767 rm -fr "${KERNEL_DIR}"
526 768 else
527 769 # Prepare compiled kernel modules
528 770 if grep -q "CONFIG_MODULES=y" "${KERNEL_DIR}/.config" ; then
529 771 if grep -q "^modules_prepare:" "${KERNEL_DIR}/Makefile" ; then
530 772 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" modules_prepare
531 773 fi
532 774
533 775 # Create symlinks for kernel modules
534 776 chroot_exec ln -sf /usr/src/linux "/lib/modules/${KERNEL_VERSION}/build"
535 777 chroot_exec ln -sf /usr/src/linux "/lib/modules/${KERNEL_VERSION}/source"
536 778 fi
537 779 fi
538 780
539 781 else # BUILD_KERNEL=false
540 if [ "$SET_ARCH" = 64 ] && { [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; } ; then
541
542 # Use Sakakis modified kernel if ZSWAP is active
543 if [ "$KERNEL_ZSWAP" = true ] || [ "$KERNEL_VIRT" = true ] || [ "$KERNEL_NF" = true ] || [ "$KERNEL_BPF" = true ] ; then
544 RPI3_64_KERNEL_URL="${RPI3_64_BIS_KERNEL_URL}"
545 fi
782 if [ "$SET_ARCH" = 64 ] ; then
783 if [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then
784 # Use Sakakis modified kernel if ZSWAP is active
785 if [ "$KERNEL_ZSWAP" = true ] || [ "$KERNEL_VIRT" = true ] || [ "$KERNEL_NF" = true ] || [ "$KERNEL_BPF" = true ] ; then
786 RPI3_64_KERNEL_URL="${RPI3_64_BIS_KERNEL_URL}"
787 fi
546 788
547 # Create temporary directory for dl
548 temp_dir=$(as_nobody mktemp -d)
789 # Create temporary directory for dl
790 temp_dir=$(as_nobody mktemp -d)
549 791
550 # Fetch kernel dl
551 as_nobody wget -O "${temp_dir}"/kernel.tar.xz -c "$RPI3_64_KERNEL_URL"
792 # Fetch kernel dl
793 as_nobody wget -O "${temp_dir}"/kernel.tar.xz -c "$RPI3_64_KERNEL_URL"
794 fi
795 if [ "$SET_ARCH" = 64 ] && [ "$RPI_MODEL" = 4 ] ; then
796 # Create temporary directory for dl
797 temp_dir=$(as_nobody mktemp -d)
552 798
553 #extract download
799 # Fetch kernel dl
800 as_nobody wget -O "${temp_dir}"/kernel.tar.xz -c "$RPI4_64_KERNEL_URL"
801 fi
802
803 #extract download
554 804 tar -xJf "${temp_dir}"/kernel.tar.xz -C "${temp_dir}"
555 805
556 806 #move extracted kernel to /boot/firmware
557 807 mkdir "${R}/boot/firmware"
558 808 cp "${temp_dir}"/boot/* "${R}"/boot/firmware/
559 809 cp -r "${temp_dir}"/lib/* "${R}"/lib/
560 810
561 811 # Remove temporary directory for kernel sources
562 812 rm -fr "${temp_dir}"
563 813
564 814 # Set permissions of the kernel sources
565 815 chown -R root:root "${R}/boot/firmware"
566 816 chown -R root:root "${R}/lib/modules"
567 817 fi
568 818
569 # Install Kernel from hypriot comptabile with all Raspberry PI
570 if [ "$SET_ARCH" = 32 ] ; then
819 # Install Kernel from hypriot comptabile with all Raspberry PI (dunno if its compatible with RPI4 - better compile your own kernel)
820 if [ "$SET_ARCH" = 32 ] && [ "$RPI_MODEL" != 4 ] ; then
571 821 # Create temporary directory for dl
572 822 temp_dir=$(as_nobody mktemp -d)
573 823
574 824 # Fetch kernel
575 825 as_nobody wget -O "${temp_dir}"/kernel.deb -c "$RPI_32_KERNEL_URL"
576 826
577 # Copy downloaded U-Boot sources
827 # Copy downloaded kernel package
578 828 mv "${temp_dir}"/kernel.deb "${R}"/tmp/kernel.deb
579 829
580 830 # Set permissions
581 831 chown -R root:root "${R}"/tmp/kernel.deb
582 832
583 833 # Install kernel
584 834 chroot_exec dpkg -i /tmp/kernel.deb
585 835
586 836 # move /boot to /boot/firmware to fit script env.
587 837 #mkdir "${BOOT_DIR}"
588 838 mkdir "${temp_dir}"/firmware
589 839 mv "${R}"/boot/* "${temp_dir}"/firmware/
590 840 mv "${temp_dir}"/firmware "${R}"/boot/
591 841
592 842 #same for kernel headers
593 843 if [ "$KERNEL_HEADERS" = true ] ; then
594 844 # Fetch kernel header
595 845 as_nobody wget -O "${temp_dir}"/kernel-header.deb -c "$RPI_32_KERNELHEADER_URL"
596 846 mv "${temp_dir}"/kernel-header.deb "${R}"/tmp/kernel-header.deb
597 847 chown -R root:root "${R}"/tmp/kernel-header.deb
598 848 # Install kernel header
599 849 chroot_exec dpkg -i /tmp/kernel-header.deb
600 850 rm -f "${R}"/tmp/kernel-header.deb
601 851 fi
602 852
603 853 # Remove temporary directory and files
604 854 rm -fr "${temp_dir}"
605 855 rm -f "${R}"/tmp/kernel.deb
606 856 fi
607 857
608 858 # Check if kernel installation was successful
609 859 KERNEL="$(ls -1 "${R}"/boot/firmware/kernel* | sort | tail -n 1)"
610 860 if [ -z "$KERNEL" ] ; then
611 861 echo "error: kernel installation failed! (/boot/kernel* not found)"
612 862 cleanup
613 863 exit 1
614 864 fi
615 865 fi
Show file before | Show file after | Hide comments
@@ -1,300 +1,304
1 1 #
2 2 # Setup RPi2/3 config and cmdline
3 3 #
4 4
5 5 # Load utility functions
6 6 . ./functions.sh
7 7
8 8 if [ -n "$RPI_FIRMWARE_DIR" ] && [ -d "$RPI_FIRMWARE_DIR" ] ; then
9 9 # Install boot binaries from local directory
10 10 cp "${RPI_FIRMWARE_DIR}"/boot/bootcode.bin "${BOOT_DIR}"/bootcode.bin
11 11 cp "${RPI_FIRMWARE_DIR}"/boot/fixup.dat "${BOOT_DIR}"/fixup.dat
12 12 cp "${RPI_FIRMWARE_DIR}"/boot/fixup_cd.dat "${BOOT_DIR}"/fixup_cd.dat
13 13 cp "${RPI_FIRMWARE_DIR}"/boot/fixup_x.dat "${BOOT_DIR}"/fixup_x.dat
14 14 cp "${RPI_FIRMWARE_DIR}"/boot/start.elf "${BOOT_DIR}"/start.elf
15 15 cp "${RPI_FIRMWARE_DIR}"/boot/start_cd.elf "${BOOT_DIR}"/start_cd.elf
16 16 cp "${RPI_FIRMWARE_DIR}"/boot/start_x.elf "${BOOT_DIR}"/start_x.elf
17 17 else
18 18 # Create temporary directory for boot binaries
19 19 temp_dir=$(as_nobody mktemp -d)
20 20
21 21 # Install latest boot binaries from raspberry/firmware github
22 22 as_nobody wget -q -O "${temp_dir}/bootcode.bin" "${FIRMWARE_URL}/bootcode.bin"
23 23 as_nobody wget -q -O "${temp_dir}/fixup.dat" "${FIRMWARE_URL}/fixup.dat"
24 24 as_nobody wget -q -O "${temp_dir}/fixup_cd.dat" "${FIRMWARE_URL}/fixup_cd.dat"
25 25 as_nobody wget -q -O "${temp_dir}/fixup_x.dat" "${FIRMWARE_URL}/fixup_x.dat"
26 26 as_nobody wget -q -O "${temp_dir}/start.elf" "${FIRMWARE_URL}/start.elf"
27 27 as_nobody wget -q -O "${temp_dir}/start_cd.elf" "${FIRMWARE_URL}/start_cd.elf"
28 28 as_nobody wget -q -O "${temp_dir}/start_x.elf" "${FIRMWARE_URL}/start_x.elf"
29 29
30 30 # Move downloaded boot binaries
31 31 mv "${temp_dir}/"* "${BOOT_DIR}/"
32 32
33 33 # Remove temporary directory for boot binaries
34 34 rm -fr "${temp_dir}"
35 35
36 36 # Set permissions of the boot binaries
37 37 chown -R root:root "${BOOT_DIR}"
38 38 chmod -R 600 "${BOOT_DIR}"
39 39 fi
40 40
41 41 # Setup firmware boot cmdline
42 42 if [ "$ENABLE_USBBOOT" = true ] ; then
43 43 CMDLINE="dwc_otg.lpm_enable=0 root=/dev/sda2 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline console=tty1 rootwait init=/bin/systemd"
44 44 else
45 45 if [ "$ENABLE_SPLITFS" = true ] ; then
46 46 CMDLINE="dwc_otg.lpm_enable=0 root=/dev/sda1 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline console=tty1 rootwait init=/bin/systemd"
47 47 else
48 48 CMDLINE="dwc_otg.lpm_enable=0 root=/dev/mmcblk0p2 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline console=tty1 rootwait init=/bin/systemd"
49 49 fi
50 50 fi
51 51
52 52 # Add encrypted root partition to cmdline.txt
53 53 if [ "$ENABLE_CRYPTFS" = true ] ; then
54 54 if [ "$ENABLE_SPLITFS" = true ] ; then
55 55 CMDLINE=$(echo "${CMDLINE}" | sed "s/sda1/mapper\/${CRYPTFS_MAPPING} cryptdevice=\/dev\/sda1:${CRYPTFS_MAPPING}/")
56 56 else
57 57 if [ "$ENABLE_USBBOOT" = true ] ; then
58 58 CMDLINE=$(echo "${CMDLINE}" | sed "s/sda2/mapper\/${CRYPTFS_MAPPING} cryptdevice=\/dev\/sda2:${CRYPTFS_MAPPING}/")
59 59 else
60 60 CMDLINE=$(echo "${CMDLINE}" | sed "s/mmcblk0p2/mapper\/${CRYPTFS_MAPPING} cryptdevice=\/dev\/mmcblk0p2:${CRYPTFS_MAPPING}/")
61 61 fi
62 62 fi
63 63 fi
64 64
65 65 # Enable Kernel messages on standard output
66 66 if [ "$ENABLE_PRINTK" = true ] ; then
67 67 install_readonly files/sysctl.d/83-rpi-printk.conf "${ETC_DIR}/sysctl.d/83-rpi-printk.conf"
68 68 fi
69 69
70 70 # Enable Kernel messages on standard output
71 71 if [ "$KERNEL_SECURITY" = true ] ; then
72 72 install_readonly files/sysctl.d/84-rpi-ASLR.conf "${ETC_DIR}/sysctl.d/84-rpi-ASLR.conf"
73 73 fi
74 74
75 75 # Install udev rule for serial alias - serial0 = console serial1=bluetooth
76 76 install_readonly files/etc/99-com.rules "${LIB_DIR}/udev/rules.d/99-com.rules"
77 77
78 78 # Remove IPv6 networking support
79 79 if [ "$ENABLE_IPV6" = false ] ; then
80 80 CMDLINE="${CMDLINE} ipv6.disable=1"
81 81 fi
82 82
83 83 # Automatically assign predictable network interface names
84 84 if [ "$ENABLE_IFNAMES" = false ] ; then
85 85 CMDLINE="${CMDLINE} net.ifnames=0"
86 86 else
87 87 CMDLINE="${CMDLINE} net.ifnames=1"
88 88 fi
89 89
90 90 # Disable Raspberry Pi console logo
91 91 if [ "$ENABLE_LOGO" = false ] ; then
92 92 CMDLINE="${CMDLINE} logo.nologo"
93 93 fi
94 94
95 95 # Strictly limit verbosity of boot up console messages
96 96 if [ "$ENABLE_SILENT_BOOT" = true ] ; then
97 97 CMDLINE="${CMDLINE} quiet loglevel=0 rd.systemd.show_status=auto rd.udev.log_priority=0"
98 98 fi
99 99
100 100 # Install firmware config
101 101 install_readonly files/boot/config.txt "${BOOT_DIR}/config.txt"
102 102
103 103 # Disable Raspberry Pi console logo
104 104 if [ "$ENABLE_SLASH" = false ] ; then
105 105 echo "disable_splash=1" >> "${BOOT_DIR}/config.txt"
106 106 fi
107 107
108 108 # Locks CPU frequency at maximum
109 109 if [ "$ENABLE_TURBO" = true ] ; then
110 110 echo "force_turbo=1" >> "${BOOT_DIR}/config.txt"
111 111 # helps to avoid sdcard corruption when force_turbo is enabled.
112 112 echo "boot_delay=1" >> "${BOOT_DIR}/config.txt"
113 113 fi
114 114
115 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then
115 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] || [ "$RPI_MODEL" = 4 ]; then
116 116
117 117 # Bluetooth enabled
118 118 if [ "$ENABLE_BLUETOOTH" = true ] ; then
119 119 # Create temporary directory for Bluetooth sources
120 120 temp_dir=$(as_nobody mktemp -d)
121 121
122 122 # Fetch Bluetooth sources
123 123 as_nobody git -C "${temp_dir}" clone "${BLUETOOTH_URL}"
124 124
125 125 # Copy downloaded sources
126 126 mv "${temp_dir}/pi-bluetooth" "${R}/tmp/"
127 127
128 # Bluetooth firmware from arch aur https://aur.archlinux.org/packages/pi-bluetooth/
129 as_nobody wget -q -O "${R}/tmp/pi-bluetooth/LICENCE.broadcom_bcm43xx" https://aur.archlinux.org/cgit/aur.git/plain/LICENCE.broadcom_bcm43xx?h=pi-bluetooth
130 as_nobody wget -q -O "${R}/tmp/pi-bluetooth/BCM43430A1.hcd" https://raw.githubusercontent.com/RPi-Distro/bluez-firmware/master/broadcom/BCM43430A1.hcd
131
132 128 # Set permissions
133 129 chown -R root:root "${R}/tmp/pi-bluetooth"
130
131 # Bluetooth firmware from arch aur https://aur.archlinux.org/packages/pi-bluetooth/
132 wget -q -O "${R}/tmp/pi-bluetooth/LICENCE.broadcom_bcm43xx" https://aur.archlinux.org/cgit/aur.git/plain/LICENCE.broadcom_bcm43xx?h=pi-bluetooth
133 wget -q -O "${R}/tmp/pi-bluetooth/BCM43430A1.hcd" https://raw.githubusercontent.com/RPi-Distro/bluez-firmware/master/broadcom/BCM43430A1.hcd
134 134
135 135 # Install tools
136 136 install_readonly "${R}/tmp/pi-bluetooth/usr/bin/btuart" "${R}/usr/bin/btuart"
137 137 install_readonly "${R}/tmp/pi-bluetooth/usr/bin/bthelper" "${R}/usr/bin/bthelper"
138 138
139 139 # make scripts executable
140 140 chmod +x "${R}/usr/bin/bthelper"
141 141 chmod +x "${R}/usr/bin/btuart"
142 142
143 143 # Install bluetooth udev rule
144 144 install_readonly "${R}/tmp/pi-bluetooth/lib/udev/rules.d/90-pi-bluetooth.rules" "${LIB_DIR}/udev/rules.d/90-pi-bluetooth.rules"
145 145
146 146 # Install Firmware Flash file and apropiate licence
147 147 mkdir -p "$BLUETOOTH_FIRMWARE_DIR"
148 148 install_readonly "${R}/tmp/pi-bluetooth/LICENCE.broadcom_bcm43xx" "${BLUETOOTH_FIRMWARE_DIR}/LICENCE.broadcom_bcm43xx"
149 149 install_readonly "${R}/tmp/pi-bluetooth/BCM43430A1.hcd" "${BLUETOOTH_FIRMWARE_DIR}/BCM43430A1.hcd"
150 150 install_readonly "${R}/tmp/pi-bluetooth/debian/pi-bluetooth.bthelper@.service" "${ETC_DIR}/systemd/system/pi-bluetooth.bthelper@.service"
151 151 install_readonly "${R}/tmp/pi-bluetooth/debian/pi-bluetooth.hciuart.service" "${ETC_DIR}/systemd/system/pi-bluetooth.hciuart.service"
152 152
153 153 # Remove temporary directories
154 154 rm -fr "${temp_dir}"
155 155 rm -fr "${R}"/tmp/pi-bluetooth
156 156
157 157 # Switch Pi3 Bluetooth function to use the mini-UART (ttyS0) and restore UART0/ttyAMA0 over GPIOs 14 & 15. Slow Bluetooth and slow cpu. Use /dev/ttyS0 instead of /dev/ttyAMA0
158 158 if [ "$ENABLE_MINIUART_OVERLAY" = true ] ; then
159 159 # set overlay to swap ttyAMA0 and ttyS0
160 160 echo "dtoverlay=pi3-miniuart-bt" >> "${BOOT_DIR}/config.txt"
161 161
162 162 if [ "$ENABLE_TURBO" = false ] ; then
163 163 echo "core_freq=250" >> "${BOOT_DIR}/config.txt"
164 164 fi
165 165
166 166 fi
167 167
168 168 # Activate services
169 169 chroot_exec systemctl enable pi-bluetooth.hciuart.service
170 170
171 171 else # if ENABLE_BLUETOOTH = false
172 172 # set overlay to disable bluetooth
173 173 echo "dtoverlay=pi3-disable-bt" >> "${BOOT_DIR}/config.txt"
174 174 fi # ENABLE_BLUETOOTH end
175 175 fi
176 176
177 177 # may need sudo systemctl disable hciuart
178 178 if [ "$ENABLE_CONSOLE" = true ] ; then
179 179 echo "enable_uart=1" >> "${BOOT_DIR}/config.txt"
180 180 # add string to cmdline
181 181 CMDLINE="${CMDLINE} console=serial0,115200"
182 182
183 183 if [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ]|| [ "$RPI_MODEL" = 0 ]; then
184 184 # if force_turbo didn't lock cpu at high speed, lock it at low speed (XOR logic) or miniuart will be broken
185 185 if [ "$ENABLE_TURBO" = false ] ; then
186 186 echo "core_freq=250" >> "${BOOT_DIR}/config.txt"
187 187 fi
188 188 fi
189 189
190 190 # Enable serial console systemd style
191 191 chroot_exec systemctl enable serial-getty@serial0.service
192 192 else
193 193 echo "enable_uart=0" >> "${BOOT_DIR}/config.txt"
194 194 fi
195 195
196 196 # Disable dphys-swapfile service. Will get enabled on first boot
197 197 if [ "$ENABLE_DPHYSSWAP" = true ] ; then
198 198 chroot_exec systemctl disable dphys-swapfile
199 199 fi
200 200
201 201 if [ "$ENABLE_SYSTEMDSWAP" = true ] ; then
202 202 # Create temporary directory for systemd-swap sources
203 203 temp_dir=$(as_nobody mktemp -d)
204 204
205 205 # Fetch systemd-swap sources
206 206 as_nobody git -C "${temp_dir}" clone "${SYSTEMDSWAP_URL}"
207 207
208 208 # Copy downloaded systemd-swap sources
209 209 mv "${temp_dir}/systemd-swap" "${R}/tmp/"
210 210
211 211 # Change into downloaded src dir
212 212 cd "${R}/tmp/systemd-swap" || exit
213
213
214 # Get Verion
215 VERSION=$(git tag | tail -n 1)
216 #sed -i "s/DEB_NAME=.*/DEB_NAME=systemd-swap_all/g" "${R}/tmp/systemd-swap/package.sh"
217
214 218 # Build package
215 219 bash ./package.sh debian
216 220
217 221 # Change back into script root dir
218 222 cd "${WORKDIR}" || exit
219 223
220 224 # Set permissions of the systemd-swap sources
221 225 chown -R root:root "${R}/tmp/systemd-swap"
222 226
223 227 # Install package - IMPROVE AND MAKE IT POSSIBLE WITHOUT VERSION NR.
224 chroot_exec dpkg -i /tmp/systemd-swap/systemd-swap_4.0.1_any.deb
228 chroot_exec dpkg -i /tmp/systemd-swap/systemd-swap_"$VERSION"_all.deb
225 229
226 230 # Enable service
227 231 chroot_exec systemctl enable systemd-swap
228 232
229 233 # Remove temporary directory for systemd-swap sources
230 234 rm -fr "${temp_dir}"
231 235 else
232 236 # Enable ZSWAP in cmdline if systemd-swap is not used
233 237 if [ "$KERNEL_ZSWAP" = true ] ; then
234 238 CMDLINE="${CMDLINE} zswap.enabled=1 zswap.max_pool_percent=25 zswap.compressor=lz4"
235 239 fi
236 240 fi
237 241 if [ "$KERNEL_SECURITY" = true ] ; then
238 242 CMDLINE="${CMDLINE} apparmor=1 security=apparmor"
239 243 fi
240 244
241 245 # Install firmware boot cmdline
242 246 echo "${CMDLINE}" > "${BOOT_DIR}/cmdline.txt"
243 247
244 248 # Setup minimal GPU memory allocation size: 16MB (no X)
245 249 if [ "$ENABLE_MINGPU" = true ] ; then
246 250 echo "gpu_mem=16" >> "${BOOT_DIR}/config.txt"
247 251 fi
248 252
249 253 # Setup boot with initramfs
250 254 if [ "$ENABLE_INITRAMFS" = true ] ; then
251 255 echo "initramfs initramfs-${KERNEL_VERSION} followkernel" >> "${BOOT_DIR}/config.txt"
252 256 fi
253 257
254 258 # Create firmware configuration and cmdline symlinks
255 259 ln -sf firmware/config.txt "${R}/boot/config.txt"
256 260 ln -sf firmware/cmdline.txt "${R}/boot/cmdline.txt"
257 261
258 262 # Install and setup kernel modules to load at boot
259 263 mkdir -p "${LIB_DIR}/modules-load.d/"
260 264 install_readonly files/modules/rpi2.conf "${LIB_DIR}/modules-load.d/rpi2.conf"
261 265
262 266 # Load hardware random module at boot
263 267 if [ "$ENABLE_HWRANDOM" = true ] && [ "$BUILD_KERNEL" = false ] ; then
264 268 sed -i "s/^# bcm2708_rng/bcm2708_rng/" "${LIB_DIR}/modules-load.d/rpi2.conf"
265 269 fi
266 270
267 271 # Load sound module at boot
268 272 if [ "$ENABLE_SOUND" = true ] ; then
269 273 sed -i "s/^# snd_bcm2835/snd_bcm2835/" "${LIB_DIR}/modules-load.d/rpi2.conf"
270 274 else
271 275 echo "dtparam=audio=off" >> "${BOOT_DIR}/config.txt"
272 276 fi
273 277
274 278 # Enable I2C interface
275 279 if [ "$ENABLE_I2C" = true ] ; then
276 280 echo "dtparam=i2c_arm=on" >> "${BOOT_DIR}/config.txt"
277 281 sed -i "s/^# i2c-bcm2708/i2c-bcm2708/" "${LIB_DIR}/modules-load.d/rpi2.conf"
278 282 sed -i "s/^# i2c-dev/i2c-dev/" "${LIB_DIR}/modules-load.d/rpi2.conf"
279 283 fi
280 284
281 285 # Enable SPI interface
282 286 if [ "$ENABLE_SPI" = true ] ; then
283 287 echo "dtparam=spi=on" >> "${BOOT_DIR}/config.txt"
284 288 echo "spi-bcm2708" >> "${LIB_DIR}/modules-load.d/rpi2.conf"
285 289 if [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ]; then
286 290 sed -i "s/spi-bcm2708/spi-bcm2835/" "${LIB_DIR}/modules-load.d/rpi2.conf"
287 291 fi
288 292 fi
289 293
290 294 # Disable RPi2/3 under-voltage warnings
291 295 if [ -n "$DISABLE_UNDERVOLT_WARNINGS" ] ; then
292 296 echo "avoid_warnings=${DISABLE_UNDERVOLT_WARNINGS}" >> "${BOOT_DIR}/config.txt"
293 297 fi
294 298
295 299 # Install kernel modules blacklist
296 300 mkdir -p "${ETC_DIR}/modprobe.d/"
297 301 install_readonly files/modules/raspi-blacklist.conf "${ETC_DIR}/modprobe.d/raspi-blacklist.conf"
298 302
299 303 # Install sysctl.d configuration files
300 304 install_readonly files/sysctl.d/81-rpi-vm.conf "${ETC_DIR}/sysctl.d/81-rpi-vm.conf"
Show file before | Show file after | Hide comments
@@ -1,136 +1,136
1 1 #
2 2 # Setup Networking
3 3 #
4 4
5 5 # Load utility functions
6 6 . ./functions.sh
7 7
8 8 # Install and setup hostname
9 9 install_readonly files/network/hostname "${ETC_DIR}/hostname"
10 10 sed -i "s/^RaspberryPI/${HOSTNAME}/" "${ETC_DIR}/hostname"
11 11
12 12 # Install and setup hosts
13 13 install_readonly files/network/hosts "${ETC_DIR}/hosts"
14 14 sed -i "s/RaspberryPI/${HOSTNAME}/" "${ETC_DIR}/hosts"
15 15
16 16 # Setup hostname entry with static IP
17 17 if [ "$NET_ADDRESS" != "" ] ; then
18 18 NET_IP=$(echo "${NET_ADDRESS}" | cut -f 1 -d'/')
19 19 sed -i "s/^127.0.1.1/${NET_IP}/" "${ETC_DIR}/hosts"
20 20 fi
21 21
22 22 # Remove IPv6 hosts
23 23 if [ "$ENABLE_IPV6" = false ] ; then
24 24 sed -i -e "/::[1-9]/d" -e "/^$/d" "${ETC_DIR}/hosts"
25 25 fi
26 26
27 27 # Install hint about network configuration
28 28 install_readonly files/network/interfaces "${ETC_DIR}/network/interfaces"
29 29
30 30 # Install configuration for interface eth0
31 31 install_readonly files/network/eth.network "${ETC_DIR}/systemd/network/eth.network"
32 32
33 33 if [ "$RPI_MODEL" = 3P ] ; then
34 34 printf "\n[Link]\nGenericReceiveOffload=off\nTCPSegmentationOffload=off\nGenericSegmentationOffload=off" >> "${ETC_DIR}/systemd/network/eth.network"
35 35 fi
36 36
37 37 # Install configuration for interface wl*
38 38 install_readonly files/network/wlan.network "${ETC_DIR}/systemd/network/wlan.network"
39 39
40 40 #always with dhcp since wpa_supplicant integration is missing
41 41 sed -i -e "s/DHCP=.*/DHCP=yes/" -e "/DHCP/q" "${ETC_DIR}/systemd/network/wlan.network"
42 42
43 43 if [ "$ENABLE_DHCP" = true ] ; then
44 44 # Enable DHCP configuration for interface eth0
45 45 sed -i -e "s/DHCP=.*/DHCP=yes/" -e "/DHCP/q" "${ETC_DIR}/systemd/network/eth.network"
46 46
47 47 # Set DHCP configuration to IPv4 only
48 48 if [ "$ENABLE_IPV6" = false ] ; then
49 49 sed -i "s/DHCP=.*/DHCP=v4/" "${ETC_DIR}/systemd/network/eth.network"
50 50 fi
51 51
52 52 else # ENABLE_DHCP=false
53 53 # Set static network configuration for interface eth0
54 54 sed -i\
55 55 -e "s|DHCP=.*|DHCP=no|"\
56 56 -e "s|Address=\$|Address=${NET_ADDRESS}|"\
57 57 -e "s|Gateway=\$|Gateway=${NET_GATEWAY}|"\
58 58 -e "0,/DNS=\$/ s|DNS=\$|DNS=${NET_DNS_1}|"\
59 59 -e "0,/DNS=\$/ s|DNS=\$|DNS=${NET_DNS_2}|"\
60 60 -e "s|Domains=\$|Domains=${NET_DNS_DOMAINS}|"\
61 61 -e "0,/NTP=\$/ s|NTP=\$|NTP=${NET_NTP_1}|"\
62 62 -e "0,/NTP=\$/ s|NTP=\$|NTP=${NET_NTP_2}|"\
63 63 "${ETC_DIR}/systemd/network/eth.network"
64 64 fi
65 65
66 66 # Remove empty settings from network configuration
67 67 sed -i "/.*=\$/d" "${ETC_DIR}/systemd/network/eth.network"
68 68 # Remove empty settings from wlan configuration
69 69 sed -i "/.*=\$/d" "${ETC_DIR}/systemd/network/wlan.network"
70 70
71 71 # Move systemd network configuration if required by Debian release
72 72 mv -v "${ETC_DIR}/systemd/network/eth.network" "${LIB_DIR}/systemd/network/10-eth.network"
73 73 # If WLAN is enabled copy wlan configuration too
74 74 if [ "$ENABLE_WIRELESS" = true ] ; then
75 75 mv -v "${ETC_DIR}/systemd/network/wlan.network" "${LIB_DIR}/systemd/network/11-wlan.network"
76 76 fi
77 77 rm -fr "${ETC_DIR}/systemd/network"
78 78
79 79 # Enable systemd-networkd service
80 80 chroot_exec systemctl enable systemd-networkd
81 81
82 82 # Install host.conf resolver configuration
83 83 install_readonly files/network/host.conf "${ETC_DIR}/host.conf"
84 84
85 85 # Enable network stack hardening
86 86 if [ "$ENABLE_HARDNET" = true ] ; then
87 87 # Install sysctl.d configuration files
88 88 install_readonly files/sysctl.d/82-rpi-net-hardening.conf "${ETC_DIR}/sysctl.d/82-rpi-net-hardening.conf"
89 89
90 90 # Setup resolver warnings about spoofed addresses
91 91 sed -i "s/^# spoof warn/spoof warn/" "${ETC_DIR}/host.conf"
92 92 fi
93 93
94 94 # Enable time sync
95 95 if [ "$NET_NTP_1" != "" ] ; then
96 96 chroot_exec systemctl enable systemd-timesyncd.service
97 97 fi
98 98
99 99 # Download the firmware binary blob required to use the RPi3 wireless interface
100 100 if [ "$ENABLE_WIRELESS" = true ] ; then
101 101 if [ ! -d "${WLAN_FIRMWARE_DIR}" ] ; then
102 102 mkdir -p "${WLAN_FIRMWARE_DIR}"
103 103 fi
104 104
105 105 # Create temporary directory for firmware binary blob
106 106 temp_dir=$(as_nobody mktemp -d)
107 107
108 108 # Fetch firmware binary blob for RPI3B+
109 if [ "$RPI_MODEL" = 3P ] ; then
109 if [ "$RPI_MODEL" = 3P ] || [ "$RPI_MODEL" = 4 ] ; then
110 110 # Fetch firmware binary blob for RPi3P
111 111 as_nobody wget -q -O "${temp_dir}/brcmfmac43455-sdio.bin" "${WLAN_FIRMWARE_URL}/brcmfmac43455-sdio.bin"
112 112 as_nobody wget -q -O "${temp_dir}/brcmfmac43455-sdio.txt" "${WLAN_FIRMWARE_URL}/brcmfmac43455-sdio.txt"
113 113 as_nobody wget -q -O "${temp_dir}/brcmfmac43455-sdio.clm_blob" "${WLAN_FIRMWARE_URL}/brcmfmac43455-sdio.clm_blob"
114 114
115 115 # Move downloaded firmware binary blob
116 116 mv "${temp_dir}/brcmfmac43455-sdio."* "${WLAN_FIRMWARE_DIR}/"
117 117
118 118 # Set permissions of the firmware binary blob
119 119 chown root:root "${WLAN_FIRMWARE_DIR}/brcmfmac43455-sdio."*
120 120 chmod 600 "${WLAN_FIRMWARE_DIR}/brcmfmac43455-sdio."*
121 121 elif [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 0 ] ; then
122 122 # Fetch firmware binary blob for RPi3
123 123 as_nobody wget -q -O "${temp_dir}/brcmfmac43430-sdio.bin" "${WLAN_FIRMWARE_URL}/brcmfmac43430-sdio.bin"
124 124 as_nobody wget -q -O "${temp_dir}/brcmfmac43430-sdio.txt" "${WLAN_FIRMWARE_URL}/brcmfmac43430-sdio.txt"
125 125
126 126 # Move downloaded firmware binary blob
127 127 mv "${temp_dir}/brcmfmac43430-sdio."* "${WLAN_FIRMWARE_DIR}/"
128 128
129 129 # Set permissions of the firmware binary blob
130 130 chown root:root "${WLAN_FIRMWARE_DIR}/brcmfmac43430-sdio."*
131 131 chmod 600 "${WLAN_FIRMWARE_DIR}/brcmfmac43430-sdio."*
132 132 fi
133 133
134 134 # Remove temporary directory for firmware binary blob
135 135 rm -fr "${temp_dir}"
136 136 fi
Show file before | Show file after | Hide comments
@@ -1,56 +1,56
1 1 #
2 2 # Setup videocore - Raspberry Userland
3 3 #
4 4
5 5 # Load utility functions
6 6 . ./functions.sh
7 7
8 8 if [ "$ENABLE_VIDEOCORE" = true ] ; then
9 9 # Copy existing videocore sources into chroot directory
10 10 if [ -n "$VIDEOCORESRC_DIR" ] && [ -d "$VIDEOCORESRC_DIR" ] ; then
11 11 # Copy local videocore sources
12 12 cp -r "${VIDEOCORESRC_DIR}" "${R}/tmp/userland"
13 13 else
14 14 # Create temporary directory for videocore sources
15 15 temp_dir=$(as_nobody mktemp -d)
16 16
17 17 # Fetch videocore sources
18 18 as_nobody git -C "${temp_dir}" clone "${VIDEOCORE_URL}"
19 19
20 20 # Copy downloaded videocore sources
21 21 mv "${temp_dir}/userland" "${R}/tmp/"
22 22
23 23 # Set permissions of the U-Boot sources
24 24 chown -R root:root "${R}/tmp/userland"
25 25
26 26 # Remove temporary directory for U-Boot sources
27 27 rm -fr "${temp_dir}"
28 28 fi
29 29
30 30 # Create build dir
31 31 mkdir "${R}"/tmp/userland/build
32 32
33 33 # push us to build directory
34 34 cd "${R}"/tmp/userland/build
35 35
36 36 if [ "$RELEASE_ARCH" = "arm64" ] ; then
37 cmake -DCMAKE_SYSTEM_NAME=Linux -DCMAKE_BUILD_TYPE=release -DARM64=ON -DCMAKE_C_COMPILER=aarch64-linux-gnu-gcc -DCMAKE_CXX_COMPILER=aarch64-linux-gnu-g++ -DCMAKE_ASM_COMPILER=aarch64-linux-gnu-gcc -DCMAKE_C_FLAGS="${CMAKE_C_FLAGS} -U_FORTIFY_SOURCE" -DCMAKE_ASM_FLAGS="${CMAKE_ASM_FLAGS} -c" -DVIDEOCORE_BUILD_DIR="${R}" "${R}/tmp/userland"
37 cmake -DCMAKE_SYSTEM_NAME=Linux -DCMAKE_BUILD_TYPE=release -DCMAKE_TOOLCHAIN_FILE="${R}"/tmp/userland/makefiles/cmake/toolchains/aarch64-linux-gnu.cmake -DARM64=ON -DCMAKE_C_COMPILER=aarch64-linux-gnu-gcc -DCMAKE_CXX_COMPILER=aarch64-linux-gnu-g++ -DCMAKE_ASM_COMPILER=aarch64-linux-gnu-gcc -DCMAKE_C_FLAGS="${CMAKE_C_FLAGS} -U_FORTIFY_SOURCE" -DCMAKE_ASM_FLAGS="${CMAKE_ASM_FLAGS} -c" -DVIDEOCORE_BUILD_DIR="${R}" "${R}/tmp/userland"
38 38 fi
39 39
40 40 if [ "$RELEASE_ARCH" = "armel" ] ; then
41 cmake -DCMAKE_SYSTEM_NAME=Linux -DCMAKE_BUILD_TYPE=release -DCMAKE_C_COMPILER=arm-linux-gnueabi-gcc -DCMAKE_CXX_COMPILER=arm-linux-gnueabi-g++ -DCMAKE_ASM_COMPILER=arm-linux-gnueabi-gcc -DCMAKE_C_FLAGS="${CMAKE_C_FLAGS} -U_FORTIFY_SOURCE" -DCMAKE_ASM_FLAGS="${CMAKE_ASM_FLAGS} -c" -DCMAKE_SYSTEM_PROCESSOR="arm" -DVIDEOCORE_BUILD_DIR="${R}" "${R}/tmp/userland"
41 cmake -DCMAKE_SYSTEM_NAME=Linux -DCMAKE_BUILD_TYPE=release -DCMAKE_TOOLCHAIN_FILE="${R}"/tmp/userland/makefiles/cmake/toolchains/arm-linux-gnueabihf.cmake -DCMAKE_C_COMPILER=arm-linux-gnueabi-gcc -DCMAKE_CXX_COMPILER=arm-linux-gnueabi-g++ -DCMAKE_ASM_COMPILER=arm-linux-gnueabi-gcc -DCMAKE_C_FLAGS="${CMAKE_C_FLAGS} -U_FORTIFY_SOURCE" -DCMAKE_ASM_FLAGS="${CMAKE_ASM_FLAGS} -c" -DCMAKE_SYSTEM_PROCESSOR="arm" -DVIDEOCORE_BUILD_DIR="${R}" "${R}/tmp/userland"
42 42 fi
43 43
44 44 if [ "$RELEASE_ARCH" = "armhf" ] ; then
45 45 cmake -DCMAKE_SYSTEM_NAME=Linux -DCMAKE_BUILD_TYPE=release -DCMAKE_TOOLCHAIN_FILE="${R}"/tmp/userland/makefiles/cmake/toolchains/arm-linux-gnueabihf.cmake -DVIDEOCORE_BUILD_DIR="${R}" "${R}/tmp/userland"
46 46 fi
47 47
48 48 #build userland
49 49 make -j "$(nproc)"
50 50
51 51 #back to root of scriptdir
52 52 cd "${WORKDIR}"
53 53
54 54 # Remove videocore sources
55 55 rm -fr "${R}"/tmp/userland/
56 56 fi
Show file before | Show file after | Hide comments
@@ -1,97 +1,97
1 1 #!/bin/sh
2 2 #
3 3 # Build and Setup nexmon with monitor mode patch
4 4 #
5 5
6 6 # Load utility functions
7 7 . ./functions.sh
8 8
9 9 if [ "$ENABLE_NEXMON" = true ] && [ "$ENABLE_WIRELESS" = true ]; then
10 10 # Copy existing nexmon sources into chroot directory
11 11 if [ -n "$NEXMONSRC_DIR" ] && [ -d "$NEXMONSRC_DIR" ] ; then
12 12 # Copy local U-Boot sources
13 13 cp -r "${NEXMONSRC_DIR}" "${R}/tmp"
14 14 else
15 15 # Create temporary directory for nexmon sources
16 16 temp_dir=$(as_nobody mktemp -d)
17 17
18 18 # Fetch nexmon sources
19 19 as_nobody git -C "${temp_dir}" clone "${NEXMON_URL}"
20 20
21 21 # Copy downloaded nexmon sources
22 22 mv "${temp_dir}/nexmon" "${R}"/tmp/
23 23
24 24 # Set permissions of the nexmon sources
25 25 chown -R root:root "${R}"/tmp/nexmon
26 26
27 27 # Remove temporary directory for nexmon sources
28 28 rm -fr "${temp_dir}"
29 29 fi
30 30
31 31 # Set script Root
32 32 export NEXMON_ROOT="${R}"/tmp/nexmon
33 33
34 34 # Build nexmon firmware outside the build system, if we can.
35 35 cd "${NEXMON_ROOT}" || exit
36 36
37 37 # Make ancient isl build
38 38 cd buildtools/isl-0.10 || exit
39 39 ./configure
40 40 make
41 41 cd ../.. || exit
42 42
43 43 # Disable statistics
44 44 touch DISABLE_STATISTICS
45 45
46 46 # Setup Enviroment: see https://github.com/NoobieDog/nexmon/blob/master/setup_env.sh
47 47 export KERNEL="${KERNEL_IMAGE}"
48 48 export ARCH=arm
49 49 export SUBARCH=arm
50 50 export CC="${NEXMON_ROOT}"/buildtools/gcc-arm-none-eabi-5_4-2016q2-linux-x86/bin/arm-none-eabi-
51 51 export CC="${CC}"gcc
52 52 export CCPLUGIN="${NEXMON_ROOT}"/buildtools/gcc-nexmon-plugin/nexmon.so
53 53 export ZLIBFLATE="zlib-flate -compress"
54 54 export Q=@
55 55 export NEXMON_SETUP_ENV=1
56 56 export HOSTUNAME=$(uname -s)
57 57 export PLATFORMUNAME=$(uname -m)
58 58
59 59 # Make nexmon
60 60 make
61 61
62 62 # build patches
63 63 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 3 ] ; then
64 64 cd "${NEXMON_ROOT}"/patches/bcm43430a1/7_45_41_46/nexmon || exit
65 65 sed -i -e 's/all:.*/all: $(RAM_FILE)/g' ${NEXMON_ROOT}/patches/bcm43430a1/7_45_41_46/nexmon/Makefile
66 66 make clean
67 67
68 68 # We do this so we don't have to install the ancient isl version into /usr/local/lib on systems.
69 69 LD_LIBRARY_PATH="${NEXMON_ROOT}"/buildtools/isl-0.10/.libs make ARCH="${KERNEL_ARCH}" CC="${NEXMON_ROOT}"/buildtools/gcc-arm-none-eabi-5_4-2016q2-linux-x86/bin/arm-none-eabi-
70 70
71 71 # copy RPi0W & RPi3 firmware
72 72 mv "${WLAN_FIRMWARE_DIR}"/brcmfmac43430-sdio.bin "${WLAN_FIRMWARE_DIR}"/brcmfmac43430-sdio.org.bin
73 73 cp "${NEXMON_ROOT}"/patches/bcm43430a1/7_45_41_46/nexmon/brcmfmac43430-sdio.bin "${WLAN_FIRMWARE_DIR}"/brcmfmac43430-sdio.nexmon.bin
74 74 cp -f "${NEXMON_ROOT}"/patches/bcm43430a1/7_45_41_46/nexmon/brcmfmac43430-sdio.bin "${WLAN_FIRMWARE_DIR}"/brcmfmac43430-sdio.bin
75 75 fi
76 76
77 if [ "$RPI_MODEL" = 3P ] ; then
77 if [ "$RPI_MODEL" = 3P ] || [ "$RPI_MODEL" = 4 ] ; then
78 78 cd "${NEXMON_ROOT}"/patches/bcm43455c0/7_45_154/nexmon || exit
79 79 sed -i -e 's/all:.*/all: $(RAM_FILE)/g' ${NEXMON_ROOT}/patches/bcm43455c0/7_45_154/nexmon/Makefile
80 80 make clean
81 81
82 82 # We do this so we don't have to install the ancient isl version into /usr/local/lib on systems.
83 83 LD_LIBRARY_PATH=${NEXMON_ROOT}/buildtools/isl-0.10/.libs make ARCH="${KERNEL_ARCH}" CC="${NEXMON_ROOT}"/buildtools/gcc-arm-none-eabi-5_4-2016q2-linux-x86/bin/arm-none-eabi-
84 84
85 85 # RPi3B+ firmware
86 86 mv "${WLAN_FIRMWARE_DIR}"/brcmfmac43455-sdio.bin "${WLAN_FIRMWARE_DIR}"/brcmfmac43455-sdio.org.bin
87 87 cp "${NEXMON_ROOT}"/patches/bcm43455c0/7_45_154/nexmon/brcmfmac43455-sdio.bin "${WLAN_FIRMWARE_DIR}"/brcmfmac43455-sdio.nexmon.bin
88 88 cp -f "${NEXMON_ROOT}"/patches/bcm43455c0/7_45_154/nexmon/brcmfmac43455-sdio.bin "${WLAN_FIRMWARE_DIR}"/brcmfmac43455-sdio.bin
89 89 fi
90 90
91 91 #Revert to previous directory
92 92 cd "${WORKDIR}" || exit
93 93
94 94 # Remove nexmon sources
95 95 rm -fr "${NEXMON_ROOT}"
96 96
97 97 fi
Show file before | Show file after | Hide comments
@@ -1,883 +1,890
1 1 #!/bin/sh
2 2 ########################################################################
3 3 # rpi23-gen-image.sh 2015-2017
4 4 #
5 5 # Advanced Debian "stretch" and "buster" bootstrap script for Raspberry Pi
6 6 #
7 7 # This program is free software; you can redistribute it and/or
8 8 # modify it under the terms of the GNU General Public License
9 9 # as published by the Free Software Foundation; either version 2
10 10 # of the License, or (at your option) any later version.
11 11 #
12 12 # Copyright (C) 2015 Jan Wagner <mail@jwagner.eu>
13 13 #
14 14 # Big thanks for patches and enhancements by 20+ github contributors!
15 15 ########################################################################
16 16
17 17 # Are we running as root?
18 18 if [ "$(id -u)" -ne "0" ] ; then
19 19 echo "error: this script must be executed with root privileges!"
20 20 exit 1
21 21 fi
22 22
23 23 # Check if ./functions.sh script exists
24 24 if [ ! -r "./functions.sh" ] ; then
25 25 echo "error: './functions.sh' required script not found!"
26 26 exit 1
27 27 fi
28 28
29 29 # Load utility functions
30 30 . ./functions.sh
31 31
32 32 # Load parameters from configuration template file
33 33 if [ -n "$CONFIG_TEMPLATE" ] ; then
34 34 use_template
35 35 fi
36 36
37 37 # Introduce settings
38 38 set -e
39 39 echo -n -e "\n#\n# RPi 0/1/2/3 Bootstrap Settings\n#\n"
40 40 set -x
41 41
42 42 # Raspberry Pi model configuration
43 43 RPI_MODEL=${RPI_MODEL:=2}
44 44
45 45 # Debian release
46 46 RELEASE=${RELEASE:=buster}
47 47
48 48 # Kernel Branch
49 49 KERNEL_BRANCH=${KERNEL_BRANCH:=""}
50 50
51 51 # URLs
52 52 KERNEL_URL=${KERNEL_URL:=https://github.com/raspberrypi/linux}
53 53 FIRMWARE_URL=${FIRMWARE_URL:=https://github.com/raspberrypi/firmware/raw/master/boot}
54 54 WLAN_FIRMWARE_URL=${WLAN_FIRMWARE_URL:=https://github.com/RPi-Distro/firmware-nonfree/raw/master/brcm}
55 55 COLLABORA_URL=${COLLABORA_URL:=https://repositories.collabora.co.uk/debian}
56 56 FBTURBO_URL=${FBTURBO_URL:=https://github.com/ssvb/xf86-video-fbturbo.git}
57 57 UBOOT_URL=${UBOOT_URL:=https://git.denx.de/u-boot.git}
58 58 VIDEOCORE_URL=${VIDEOCORE_URL:=https://github.com/raspberrypi/userland}
59 59 BLUETOOTH_URL=${BLUETOOTH_URL:=https://github.com/RPi-Distro/pi-bluetooth.git}
60 60 NEXMON_URL=${NEXMON_URL:=https://github.com/seemoo-lab/nexmon.git}
61 61 SYSTEMDSWAP_URL=${SYSTEMDSWAP_URL:=https://github.com/Nefelim4ag/systemd-swap.git}
62 62
63 63 # Kernel deb packages for 32bit kernel
64 64 RPI_32_KERNEL_URL=${RPI_32_KERNEL_URL:=https://github.com/hypriot/rpi-kernel/releases/download/v4.14.34/raspberrypi-kernel_20180422-141901_armhf.deb}
65 65 RPI_32_KERNELHEADER_URL=${RPI_32_KERNELHEADER_URL:=https://github.com/hypriot/rpi-kernel/releases/download/v4.14.34/raspberrypi-kernel-headers_20180422-141901_armhf.deb}
66 66 # Kernel has KVM and zswap enabled - use if KERNEL_* parameters and precompiled kernel are used
67 RPI3_64_BIS_KERNEL_URL=${RPI3_64_BIS_KERNEL_URL:=https://github.com/sakaki-/bcmrpi3-kernel-bis/releases/download/4.14.80.20181113/bcmrpi3-kernel-bis-4.14.80.20181113.tar.xz}
67 RPI3_64_BIS_KERNEL_URL=${RPI3_64_BIS_KERNEL_URL:=https://github.com/sakaki-/bcmrpi3-kernel-bis/releases/download/4.19.80.20191022/bcmrpi3-kernel-bis-4.19.80.20191022.tar.xz}
68 68 # Default precompiled 64bit kernel
69 RPI3_64_DEF_KERNEL_URL=${RPI3_64_DEF_KERNEL_URL:=https://github.com/sakaki-/bcmrpi3-kernel/releases/download/4.14.80.20181113/bcmrpi3-kernel-4.14.80.20181113.tar.xz}
69 RPI3_64_DEF_KERNEL_URL=${RPI3_64_DEF_KERNEL_URL:=https://github.com/sakaki-/bcmrpi3-kernel/releases/download/4.19.80.20191022/bcmrpi3-kernel-4.19.80.20191022.tar.xz}
70 # Sakaki BIS Kernel RPI4 - https://github.com/sakaki-/bcm2711-kernel-bis
71 RPI4_64_BIS_KERNEL_URL=${RPI4_64_BIS_KERNEL_URL:=https://github.com/sakaki-/bcm2711-kernel-bis/releases/download/4.19.59.20190724/bcm2711-kernel-bis-4.19.59.20190724.tar.xz}
72 # Default precompiled 64bit kernel - https://github.com/sakaki-/bcm2711-kernel
73 RPI4_64_DEF_KERNEL_URL=${RPI4_64_DEF_KERNEL_URL:=https://github.com/sakaki-/bcm2711-kernel-bis/releases/download/4.19.59.20190724/bcm2711-kernel-bis-4.19.59.20190724.tar.xz}
70 74 # Generic
71 75 RPI3_64_KERNEL_URL=${RPI3_64_KERNEL_URL:=$RPI3_64_DEF_KERNEL_URL}
76 RPI4_64_KERNEL_URL=${RPI4_64_KERNEL_URL:=$RPI4_64_DEF_KERNEL_URL}
72 77 # Kali kernel src - used if ENABLE_NEXMON=true (they patch the wlan kernel modul)
73 78 KALI_KERNEL_URL=${KALI_KERNEL_URL:=https://github.com/Re4son/re4son-raspberrypi-linux.git}
74 79
75 80 # Build directories
76 81 WORKDIR=$(pwd)
77 82 BASEDIR=${BASEDIR:=${WORKDIR}/images/${RELEASE}}
78 83 BUILDDIR="${BASEDIR}/build"
79 84
80 85 # Chroot directories
81 86 R="${BUILDDIR}/chroot"
82 87 ETC_DIR="${R}/etc"
83 88 LIB_DIR="${R}/lib"
84 89 BOOT_DIR="${R}/boot/firmware"
85 90 KERNEL_DIR="${R}/usr/src/linux"
86 91 WLAN_FIRMWARE_DIR="${LIB_DIR}/firmware/brcm"
87 92 BLUETOOTH_FIRMWARE_DIR="${ETC_DIR}/firmware/bt"
88 93
89 94 # Firmware directory: Blank if download from github
90 95 RPI_FIRMWARE_DIR=${RPI_FIRMWARE_DIR:=""}
91 96
92 97 # General settings
93 98 SET_ARCH=${SET_ARCH:=32}
94 99 HOSTNAME=${HOSTNAME:=rpi${RPI_MODEL}-${RELEASE}}
95 100 PASSWORD=${PASSWORD:=raspberry}
96 101 USER_PASSWORD=${USER_PASSWORD:=raspberry}
97 102 DEFLOCAL=${DEFLOCAL:="en_US.UTF-8"}
98 103 TIMEZONE=${TIMEZONE:="Europe/Berlin"}
99 104 EXPANDROOT=${EXPANDROOT:=true}
100 105 ENABLE_DPHYSSWAP=${ENABLE_DPHYSSWAP:=true}
101 106
102 107 # Keyboard settings
103 108 XKB_MODEL=${XKB_MODEL:=""}
104 109 XKB_LAYOUT=${XKB_LAYOUT:=""}
105 110 XKB_VARIANT=${XKB_VARIANT:=""}
106 111 XKB_OPTIONS=${XKB_OPTIONS:=""}
107 112
108 113 # Network settings (DHCP)
109 114 ENABLE_DHCP=${ENABLE_DHCP:=true}
110 115
111 116 # Network settings (static)
112 117 NET_ADDRESS=${NET_ADDRESS:=""}
113 118 NET_GATEWAY=${NET_GATEWAY:=""}
114 119 NET_DNS_1=${NET_DNS_1:=""}
115 120 NET_DNS_2=${NET_DNS_2:=""}
116 121 NET_DNS_DOMAINS=${NET_DNS_DOMAINS:=""}
117 122 NET_NTP_1=${NET_NTP_1:=""}
118 123 NET_NTP_2=${NET_NTP_2:=""}
119 124
120 125 # APT settings
121 126 APT_PROXY=${APT_PROXY:=""}
122 127 APT_SERVER=${APT_SERVER:="ftp.debian.org"}
123 128 KEEP_APT_PROXY=${KEEP_APT_PROXY:=false}
124 129
125 130 # Feature settings
126 131 ENABLE_PRINTK=${ENABLE_PRINTK:=false}
127 132 ENABLE_BLUETOOTH=${ENABLE_BLUETOOTH:=false}
128 133 ENABLE_MINIUART_OVERLAY=${ENABLE_MINIUART_OVERLAY:=false}
129 134 ENABLE_CONSOLE=${ENABLE_CONSOLE:=true}
130 135 ENABLE_I2C=${ENABLE_I2C:=false}
131 136 ENABLE_SPI=${ENABLE_SPI:=false}
132 137 ENABLE_IPV6=${ENABLE_IPV6:=true}
133 138 ENABLE_SSHD=${ENABLE_SSHD:=true}
134 139 ENABLE_NONFREE=${ENABLE_NONFREE:=false}
135 140 ENABLE_WIRELESS=${ENABLE_WIRELESS:=false}
136 141 ENABLE_SOUND=${ENABLE_SOUND:=true}
137 142 ENABLE_DBUS=${ENABLE_DBUS:=true}
138 143 ENABLE_HWRANDOM=${ENABLE_HWRANDOM:=true}
139 144 ENABLE_MINGPU=${ENABLE_MINGPU:=false}
140 145 ENABLE_XORG=${ENABLE_XORG:=false}
141 146 ENABLE_WM=${ENABLE_WM:=""}
142 147 ENABLE_RSYSLOG=${ENABLE_RSYSLOG:=true}
143 148 ENABLE_USER=${ENABLE_USER:=true}
144 149 USER_NAME=${USER_NAME:="pi"}
145 150 ENABLE_ROOT=${ENABLE_ROOT:=false}
146 151 ENABLE_QEMU=${ENABLE_QEMU:=false}
147 152 ENABLE_SYSVINIT=${ENABLE_SYSVINIT:=false}
148 153
149 154 # SSH settings
150 155 SSH_ENABLE_ROOT=${SSH_ENABLE_ROOT:=false}
151 156 SSH_DISABLE_PASSWORD_AUTH=${SSH_DISABLE_PASSWORD_AUTH:=false}
152 157 SSH_LIMIT_USERS=${SSH_LIMIT_USERS:=false}
153 158 SSH_ROOT_PUB_KEY=${SSH_ROOT_PUB_KEY:=""}
154 159 SSH_USER_PUB_KEY=${SSH_USER_PUB_KEY:=""}
155 160
156 161 # Advanced settings
157 162 ENABLE_SYSTEMDSWAP=${ENABLE_SYSTEMDSWAP:=false}
158 163 ENABLE_MINBASE=${ENABLE_MINBASE:=false}
159 164 ENABLE_REDUCE=${ENABLE_REDUCE:=false}
160 165 ENABLE_UBOOT=${ENABLE_UBOOT:=false}
161 166 UBOOTSRC_DIR=${UBOOTSRC_DIR:=""}
162 167 ENABLE_USBBOOT=${ENABLE_USBBOOT=false}
163 168 ENABLE_FBTURBO=${ENABLE_FBTURBO:=false}
164 169 ENABLE_VIDEOCORE=${ENABLE_VIDEOCORE:=false}
165 170 ENABLE_NEXMON=${ENABLE_NEXMON:=false}
166 171 VIDEOCORESRC_DIR=${VIDEOCORESRC_DIR:=""}
167 172 FBTURBOSRC_DIR=${FBTURBOSRC_DIR:=""}
168 173 NEXMONSRC_DIR=${NEXMONSRC_DIR:=""}
169 174 ENABLE_HARDNET=${ENABLE_HARDNET:=false}
170 175 ENABLE_IPTABLES=${ENABLE_IPTABLES:=false}
171 176 ENABLE_SPLITFS=${ENABLE_SPLITFS:=false}
172 177 ENABLE_INITRAMFS=${ENABLE_INITRAMFS:=false}
173 178 ENABLE_IFNAMES=${ENABLE_IFNAMES:=true}
174 179 ENABLE_SPLASH=${ENABLE_SPLASH:=true}
175 180 ENABLE_LOGO=${ENABLE_LOGO:=true}
176 181 ENABLE_SILENT_BOOT=${ENABLE_SILENT_BOOT=false}
177 182 DISABLE_UNDERVOLT_WARNINGS=${DISABLE_UNDERVOLT_WARNINGS:=}
178 183
179 184 # Kernel compilation settings
180 185 BUILD_KERNEL=${BUILD_KERNEL:=true}
181 186 KERNEL_REDUCE=${KERNEL_REDUCE:=false}
182 187 KERNEL_THREADS=${KERNEL_THREADS:=1}
183 188 KERNEL_HEADERS=${KERNEL_HEADERS:=true}
184 189 KERNEL_MENUCONFIG=${KERNEL_MENUCONFIG:=false}
185 190 KERNEL_REMOVESRC=${KERNEL_REMOVESRC:=true}
186 191 KERNEL_OLDDEFCONFIG=${KERNEL_OLDDEFCONFIG:=false}
187 192 KERNEL_CCACHE=${KERNEL_CCACHE:=false}
188 193 KERNEL_ZSWAP=${KERNEL_ZSWAP:=false}
189 194 KERNEL_VIRT=${KERNEL_VIRT:=false}
190 195 KERNEL_BPF=${KERNEL_BPF:=false}
191 196 KERNEL_DEFAULT_GOV=${KERNEL_DEFAULT_GOV:=ondemand}
192 197 KERNEL_SECURITY=${KERNEL_SECURITY:=false}
193 198 KERNEL_NF=${KERNEL_NF:=false}
194 199
195 200 # Kernel compilation from source directory settings
196 201 KERNELSRC_DIR=${KERNELSRC_DIR:=""}
197 202 KERNELSRC_CLEAN=${KERNELSRC_CLEAN:=false}
198 203 KERNELSRC_CONFIG=${KERNELSRC_CONFIG:=true}
199 204 KERNELSRC_PREBUILT=${KERNELSRC_PREBUILT:=false}
200 205
201 206 # Reduce disk usage settings
202 207 REDUCE_APT=${REDUCE_APT:=true}
203 208 REDUCE_DOC=${REDUCE_DOC:=true}
204 209 REDUCE_MAN=${REDUCE_MAN:=true}
205 210 REDUCE_VIM=${REDUCE_VIM:=false}
206 211 REDUCE_BASH=${REDUCE_BASH:=false}
207 212 REDUCE_HWDB=${REDUCE_HWDB:=true}
208 213 REDUCE_SSHD=${REDUCE_SSHD:=true}
209 214 REDUCE_LOCALE=${REDUCE_LOCALE:=true}
210 215
211 216 # Encrypted filesystem settings
212 217 ENABLE_CRYPTFS=${ENABLE_CRYPTFS:=false}
213 218 CRYPTFS_PASSWORD=${CRYPTFS_PASSWORD:=""}
214 219 CRYPTFS_MAPPING=${CRYPTFS_MAPPING:="secure"}
215 220 CRYPTFS_CIPHER=${CRYPTFS_CIPHER:="aes-xts-plain64:sha512"}
216 221 CRYPTFS_XTSKEYSIZE=${CRYPTFS_XTSKEYSIZE:=512}
217 222 #Dropbear-initramfs supports unlocking encrypted filesystem via SSH on bootup
218 223 CRYPTFS_DROPBEAR=${CRYPTFS_DROPBEAR:=false}
219 224 #Provide your own Dropbear Public RSA-OpenSSH Key otherwise it will be generated
220 225 CRYPTFS_DROPBEAR_PUBKEY=${CRYPTFS_DROPBEAR_PUBKEY:=""}
221 226
222 227 # Chroot scripts directory
223 228 CHROOT_SCRIPTS=${CHROOT_SCRIPTS:=""}
224 229
225 230 # Packages required in the chroot build environment
226 231 APT_INCLUDES=${APT_INCLUDES:=""}
227 APT_INCLUDES="${APT_INCLUDES},apt-transport-https,apt-utils,ca-certificates,debian-archive-keyring,dialog,sudo,systemd,sysvinit-utils,locales,keyboard-configuration,console-setup,libnss-systemd"
232 APT_INCLUDES="${APT_INCLUDES},flex,bison,libssl-dev,apt-transport-https,apt-utils,ca-certificates,debian-archive-keyring,dialog,sudo,systemd,sysvinit-utils,locales,keyboard-configuration,console-setup,libnss-systemd"
228 233
229 234 # Packages to exclude from chroot build environment
230 235 APT_EXCLUDES=${APT_EXCLUDES:=""}
231 236
232 237 # Packages required for bootstrapping
233 238 REQUIRED_PACKAGES="debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git bc psmisc dbus sudo"
234 239 MISSING_PACKAGES=""
235 240
236 241 # Packages installed for c/c++ build environment in chroot (keep empty)
237 242 COMPILER_PACKAGES=""
238 243
239 244 # Check if apt-cacher-ng has port 3142 open and set APT_PROXY
240 245 APT_CACHER_RUNNING=$(lsof -i :3142 | cut -d ' ' -f3 | uniq | sed '/^\s*$/d')
241 246 if [ "${APT_CACHER_RUNNING}" = "apt-cacher-ng" ] ; then
242 247 APT_PROXY=http://127.0.0.1:3142/
243 248 fi
244 249
245 250 # Setup architecture specific settings
246 251 if [ -n "$SET_ARCH" ] ; then
247 252 # 64-bit configuration
248 253 if [ "$SET_ARCH" = 64 ] ; then
249 254 # General 64-bit depended settings
250 255 QEMU_BINARY=${QEMU_BINARY:=/usr/bin/qemu-aarch64-static}
251 256 KERNEL_ARCH=${KERNEL_ARCH:=arm64}
252 257 KERNEL_BIN_IMAGE=${KERNEL_BIN_IMAGE:="Image"}
253 258
254 259 # Raspberry Pi model specific settings
255 260 if [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] || [ "$RPI_MODEL" = 4 ] ; then
256 261 if [ "$RPI_MODEL" != 4 ] ; then
257 262 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcmrpi3_defconfig}
258 263 else
259 264 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcm2711_defconfig}
260 265 fi
261 266
262 267 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-arm64"
263 268 RELEASE_ARCH=${RELEASE_ARCH:=arm64}
264 269 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel8.img}
265 270 CROSS_COMPILE=${CROSS_COMPILE:=aarch64-linux-gnu-}
266 271 else
267 272 echo "error: Only Raspberry PI 3, 3B+ and 4 support 64-bit"
268 273 exit 1
269 274 fi
270 275 fi
271 276
272 277 # 32-bit configuration
273 278 if [ "$SET_ARCH" = 32 ] ; then
274 279 # General 32-bit dependend settings
275 280 QEMU_BINARY=${QEMU_BINARY:=/usr/bin/qemu-arm-static}
276 281 KERNEL_ARCH=${KERNEL_ARCH:=arm}
277 282 KERNEL_BIN_IMAGE=${KERNEL_BIN_IMAGE:="zImage"}
278 283
279 284 # Raspberry Pi model specific settings
280 285 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 1 ] || [ "$RPI_MODEL" = 1P ] ; then
281 286 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-armel"
282 287 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcmrpi_defconfig}
283 288 RELEASE_ARCH=${RELEASE_ARCH:=armel}
284 289 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel.img}
285 290 CROSS_COMPILE=${CROSS_COMPILE:=arm-linux-gnueabi-}
286 291 fi
287 292
288 293 # Raspberry Pi model specific settings
289 294 if [ "$RPI_MODEL" = 2 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] || [ "$RPI_MODEL" = 4 ] ; then
290 295 if [ "$RPI_MODEL" != 4 ] ; then
291 296 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcm2709_defconfig}
297 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel7.img}
292 298 else
293 299 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcm2711_defconfig}
300 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel7l.img}
294 301 fi
295 302
296 303 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-armhf"
297 304 RELEASE_ARCH=${RELEASE_ARCH:=armhf}
298 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel7.img}
305
299 306 CROSS_COMPILE=${CROSS_COMPILE:=arm-linux-gnueabihf-}
300 307 fi
301 308 fi
302 309 # SET_ARCH not set
303 310 else
304 311 echo "error: Please set '32' or '64' as value for SET_ARCH"
305 312 exit 1
306 313 fi
307 314 # Device specific configuration and U-Boot configuration
308 315 case "$RPI_MODEL" in
309 316 0)
310 317 DTB_FILE=${DTB_FILE:=bcm2708-rpi-0-w.dtb}
311 318 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_defconfig}
312 319 ;;
313 320 1)
314 321 DTB_FILE=${DTB_FILE:=bcm2708-rpi-b.dtb}
315 322 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_defconfig}
316 323 ;;
317 324 1P)
318 325 DTB_FILE=${DTB_FILE:=bcm2708-rpi-b-plus.dtb}
319 326 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_defconfig}
320 327 ;;
321 328 2)
322 329 DTB_FILE=${DTB_FILE:=bcm2709-rpi-2-b.dtb}
323 330 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_2_defconfig}
324 331 ;;
325 332 3)
326 333 DTB_FILE=${DTB_FILE:=bcm2710-rpi-3-b.dtb}
327 334 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_3_defconfig}
328 335 ;;
329 336 3P)
330 337 DTB_FILE=${DTB_FILE:=bcm2710-rpi-3-b.dtb}
331 338 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_3_defconfig}
332 339 ;;
333 340 4)
334 341 DTB_FILE=${DTB_FILE:=bcm2711-rpi-4-b.dtb}
335 342 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_4_defconfig}
336 343 ;;
337 344 *)
338 345 echo "error: Raspberry Pi model $RPI_MODEL is not supported!"
339 346 exit 1
340 347 ;;
341 348 esac
342 349
343 350 # Raspberry PI 0,3,3P with Bluetooth and Wifi onboard
344 351 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] || [ "$RPI_MODEL" = 4 ] ; then
345 352 # Include bluetooth packages on supported boards
346 353 if [ "$ENABLE_BLUETOOTH" = true ] ; then
347 354 APT_INCLUDES="${APT_INCLUDES},bluetooth,bluez"
348 355 fi
349 356 if [ "$ENABLE_WIRELESS" = true ] ; then
350 357 APT_INCLUDES="${APT_INCLUDES},wireless-tools,crda,wireless-regdb"
351 358 fi
352 359 else # Raspberry PI 1,1P,2 without Wifi and bluetooth onboard
353 360 # Check if the internal wireless interface is not supported by the RPi model
354 361 if [ "$ENABLE_WIRELESS" = true ] || [ "$ENABLE_BLUETOOTH" = true ]; then
355 362 echo "error: The selected Raspberry Pi model has no integrated interface for wireless or bluetooth"
356 363 exit 1
357 364 fi
358 365 fi
359 366
360 367 if [ "$BUILD_KERNEL" = false ] && [ "$ENABLE_NEXMON" = true ]; then
361 368 echo "error: You have to compile kernel sources, if you want to enable nexmon"
362 369 exit 1
363 370 fi
364 371
365 372 # Prepare date string for default image file name
366 373 DATE="$(date +%Y-%m-%d)"
367 374 if [ -z "$KERNEL_BRANCH" ] ; then
368 375 IMAGE_NAME=${IMAGE_NAME:=${BASEDIR}/${DATE}-${KERNEL_ARCH}-CURRENT-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}}
369 376 else
370 377 IMAGE_NAME=${IMAGE_NAME:=${BASEDIR}/${DATE}-${KERNEL_ARCH}-${KERNEL_BRANCH}-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}}
371 378 fi
372 379
373 380 # Check if DISABLE_UNDERVOLT_WARNINGS parameter value is supported
374 381 if [ -n "$DISABLE_UNDERVOLT_WARNINGS" ] ; then
375 382 if [ "$DISABLE_UNDERVOLT_WARNINGS" != 1 ] && [ "$DISABLE_UNDERVOLT_WARNINGS" != 2 ] ; then
376 383 echo "error: DISABLE_UNDERVOLT_WARNINGS=${DISABLE_UNDERVOLT_WARNINGS} is not supported"
377 384 exit 1
378 385 fi
379 386 fi
380 387
381 388 # Add cmake to compile videocore sources
382 389 if [ "$ENABLE_VIDEOCORE" = true ] ; then
383 390 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} cmake"
384 391 fi
385 392
386 393 # Add deps for nexmon
387 394 if [ "$ENABLE_NEXMON" = true ] ; then
388 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} libgmp3-dev gawk qpdf bison flex make autoconf automake build-essential libtool"
395 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} libgmp3-dev gawk qpdf make autoconf automake build-essential libtool"
389 396 fi
390 397
391 398 # Add libncurses5 to enable kernel menuconfig
392 399 if [ "$KERNEL_MENUCONFIG" = true ] ; then
393 400 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} libncurses-dev"
394 401 fi
395 402
396 403 # Add ccache compiler cache for (faster) kernel cross (re)compilation
397 404 if [ "$KERNEL_CCACHE" = true ] ; then
398 405 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} ccache"
399 406 fi
400 407
401 408 # Add cryptsetup package to enable filesystem encryption
402 409 if [ "$ENABLE_CRYPTFS" = true ] && [ "$BUILD_KERNEL" = true ] ; then
403 410 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} cryptsetup"
404 411 APT_INCLUDES="${APT_INCLUDES},cryptsetup,busybox,console-setup"
405 412
406 413 # If cryptfs,dropbear and initramfs are enabled include dropbear-initramfs package
407 414 if [ "$CRYPTFS_DROPBEAR" = true ] && [ "$ENABLE_INITRAMFS" = true ]; then
408 415 APT_INCLUDES="${APT_INCLUDES},dropbear-initramfs"
409 416 fi
410 417
411 418 if [ -z "$CRYPTFS_PASSWORD" ] ; then
412 419 echo "error: no password defined (CRYPTFS_PASSWORD)!"
413 420 exit 1
414 421 fi
415 422 ENABLE_INITRAMFS=true
416 423 fi
417 424
418 425 # Add initramfs generation tools
419 426 if [ "$ENABLE_INITRAMFS" = true ] && [ "$BUILD_KERNEL" = true ] ; then
420 427 APT_INCLUDES="${APT_INCLUDES},initramfs-tools"
421 428 fi
422 429
423 430 # Add device-tree-compiler required for building the U-Boot bootloader
424 431 if [ "$ENABLE_UBOOT" = true ] ; then
425 432 APT_INCLUDES="${APT_INCLUDES},device-tree-compiler,bison,flex,bc"
426 433 fi
427 434
428 435 if [ "$ENABLE_USBBOOT" = true ] ; then
429 436 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 1P ] || [ "$RPI_MODEL" = 1 ] || [ "$RPI_MODEL" = 2 ]; then
430 437 echo "error: Booting from USB alone is only supported by Raspberry Pi 3 and 3P"
431 438 exit 1
432 439 fi
433 440 fi
434 441
435 442 # Check if root SSH (v2) public key file exists
436 443 if [ -n "$SSH_ROOT_PUB_KEY" ] ; then
437 444 if [ ! -f "$SSH_ROOT_PUB_KEY" ] ; then
438 445 echo "error: '$SSH_ROOT_PUB_KEY' specified SSH public key file not found (SSH_ROOT_PUB_KEY)!"
439 446 exit 1
440 447 fi
441 448 fi
442 449
443 450 # Check if $USER_NAME SSH (v2) public key file exists
444 451 if [ -n "$SSH_USER_PUB_KEY" ] ; then
445 452 if [ ! -f "$SSH_USER_PUB_KEY" ] ; then
446 453 echo "error: '$SSH_USER_PUB_KEY' specified SSH public key file not found (SSH_USER_PUB_KEY)!"
447 454 exit 1
448 455 fi
449 456 fi
450 457
451 458 if [ "$ENABLE_NEXMON" = true ] && [ -n "$KERNEL_BRANCH" ] ; then
452 459 echo "error: Please unset KERNEL_BRANCH if using ENABLE_NEXMON"
453 460 exit 1
454 461 fi
455 462
456 463 # Check if all required packages are installed on the build system
457 464 for package in $REQUIRED_PACKAGES ; do
458 465 if [ "$(dpkg-query -W -f='${Status}' "$package")" != "install ok installed" ] ; then
459 466 MISSING_PACKAGES="${MISSING_PACKAGES} $package"
460 467 fi
461 468 done
462 469
463 470 # If there are missing packages ask confirmation for install, or exit
464 471 if [ -n "$MISSING_PACKAGES" ] ; then
465 472 echo "the following packages needed by this script are not installed:"
466 473 echo "$MISSING_PACKAGES"
467 474
468 475 printf "\ndo you want to install the missing packages right now? [y/n] "
469 476 read -r confirm
470 477 [ "$confirm" != "y" ] && exit 1
471 478
472 479 # Make sure all missing required packages are installed
473 apt-get -qq -y install `echo "${MISSING_PACKAGES}" | sed "s/ //"`
480 apt-get update && apt-get -qq -y install `echo "${MISSING_PACKAGES}" | sed "s/ //"`
474 481 fi
475 482
476 483 # Check if ./bootstrap.d directory exists
477 484 if [ ! -d "./bootstrap.d/" ] ; then
478 485 echo "error: './bootstrap.d' required directory not found!"
479 486 exit 1
480 487 fi
481 488
482 489 # Check if ./files directory exists
483 490 if [ ! -d "./files/" ] ; then
484 491 echo "error: './files' required directory not found!"
485 492 exit 1
486 493 fi
487 494
488 495 # Check if specified KERNELSRC_DIR directory exists
489 496 if [ -n "$KERNELSRC_DIR" ] && [ ! -d "$KERNELSRC_DIR" ] ; then
490 497 echo "error: '${KERNELSRC_DIR}' specified directory not found (KERNELSRC_DIR)!"
491 498 exit 1
492 499 fi
493 500
494 501 # Check if specified UBOOTSRC_DIR directory exists
495 502 if [ -n "$UBOOTSRC_DIR" ] && [ ! -d "$UBOOTSRC_DIR" ] ; then
496 503 echo "error: '${UBOOTSRC_DIR}' specified directory not found (UBOOTSRC_DIR)!"
497 504 exit 1
498 505 fi
499 506
500 507 # Check if specified VIDEOCORESRC_DIR directory exists
501 508 if [ -n "$VIDEOCORESRC_DIR" ] && [ ! -d "$VIDEOCORESRC_DIR" ] ; then
502 509 echo "error: '${VIDEOCORESRC_DIR}' specified directory not found (VIDEOCORESRC_DIR)!"
503 510 exit 1
504 511 fi
505 512
506 513 # Check if specified FBTURBOSRC_DIR directory exists
507 514 if [ -n "$FBTURBOSRC_DIR" ] && [ ! -d "$FBTURBOSRC_DIR" ] ; then
508 515 echo "error: '${FBTURBOSRC_DIR}' specified directory not found (FBTURBOSRC_DIR)!"
509 516 exit 1
510 517 fi
511 518
512 519 # Check if specified NEXMONSRC_DIR directory exists
513 520 if [ -n "$NEXMONSRC_DIR" ] && [ ! -d "$NEXMONSRC_DIR" ] ; then
514 521 echo "error: '${NEXMONSRC_DIR}' specified directory not found (NEXMONSRC_DIR)!"
515 522 exit 1
516 523 fi
517 524
518 525 # Check if specified CHROOT_SCRIPTS directory exists
519 526 if [ -n "$CHROOT_SCRIPTS" ] && [ ! -d "$CHROOT_SCRIPTS" ] ; then
520 527 echo "error: ${CHROOT_SCRIPTS} specified directory not found (CHROOT_SCRIPTS)!"
521 528 exit 1
522 529 fi
523 530
524 531 # Check if specified device mapping already exists (will be used by cryptsetup)
525 532 if [ -r "/dev/mapping/${CRYPTFS_MAPPING}" ] ; then
526 533 echo "error: mapping /dev/mapping/${CRYPTFS_MAPPING} already exists, not proceeding"
527 534 exit 1
528 535 fi
529 536
530 537 # Don't clobber an old build
531 538 if [ -e "$BUILDDIR" ] ; then
532 539 echo "error: directory ${BUILDDIR} already exists, not proceeding"
533 540 exit 1
534 541 fi
535 542
536 543 # Setup chroot directory
537 544 mkdir -p "${R}"
538 545
539 546 # Check if build directory has enough of free disk space >512MB
540 547 if [ "$(df --output=avail "${BUILDDIR}" | sed "1d")" -le "524288" ] ; then
541 548 echo "error: ${BUILDDIR} not enough space left to generate the output image!"
542 549 exit 1
543 550 fi
544 551
545 552 set -x
546 553
547 554 # Call "cleanup" function on various signals and errors
548 555 trap cleanup 0 1 2 3 6
549 556
550 557 # Add required packages for the minbase installation
551 558 if [ "$ENABLE_MINBASE" = true ] ; then
552 559 APT_INCLUDES="${APT_INCLUDES},vim-tiny,netbase,net-tools,ifupdown"
553 560 fi
554 561
555 562 # Add parted package, required to get partprobe utility
556 563 if [ "$EXPANDROOT" = true ] ; then
557 564 APT_INCLUDES="${APT_INCLUDES},parted"
558 565 fi
559 566
560 567 # Add dphys-swapfile package, required to enable swap
561 568 if [ "$ENABLE_DPHYSSWAP" = true ] ; then
562 569 APT_INCLUDES="${APT_INCLUDES},dphys-swapfile"
563 570 fi
564 571
565 572 # Add dbus package, recommended if using systemd
566 573 if [ "$ENABLE_DBUS" = true ] ; then
567 574 APT_INCLUDES="${APT_INCLUDES},dbus"
568 575 fi
569 576
570 577 # Add iptables IPv4/IPv6 package
571 578 if [ "$ENABLE_IPTABLES" = true ] ; then
572 579 APT_INCLUDES="${APT_INCLUDES},iptables,iptables-persistent"
573 580 fi
574 581 # Add apparmor for KERNEL_SECURITY
575 582 if [ "$KERNEL_SECURITY" = true ] ; then
576 583 APT_INCLUDES="${APT_INCLUDES},apparmor,apparmor-utils,apparmor-profiles,apparmor-profiles-extra,libapparmor-perl"
577 584 fi
578 585
579 586 # Add openssh server package
580 587 if [ "$ENABLE_SSHD" = true ] ; then
581 588 APT_INCLUDES="${APT_INCLUDES},openssh-server"
582 589 fi
583 590
584 591 # Add alsa-utils package
585 592 if [ "$ENABLE_SOUND" = true ] ; then
586 593 APT_INCLUDES="${APT_INCLUDES},alsa-utils"
587 594 fi
588 595
589 596 # Add rng-tools package
590 597 if [ "$ENABLE_HWRANDOM" = true ] ; then
591 598 APT_INCLUDES="${APT_INCLUDES},rng-tools"
592 599 fi
593 600
594 601 # Add fbturbo video driver
595 602 if [ "$ENABLE_FBTURBO" = true ] ; then
596 603 # Enable xorg package dependencies
597 604 ENABLE_XORG=true
598 605 fi
599 606
600 607 # Add user defined window manager package
601 608 if [ -n "$ENABLE_WM" ] ; then
602 609 APT_INCLUDES="${APT_INCLUDES},${ENABLE_WM}"
603 610
604 611 # Enable xorg package dependencies
605 612 ENABLE_XORG=true
606 613 fi
607 614
608 615 # Add xorg package
609 616 if [ "$ENABLE_XORG" = true ] ; then
610 617 APT_INCLUDES="${APT_INCLUDES},xorg,dbus-x11"
611 618 fi
612 619
613 620 # Replace selected packages with smaller clones
614 621 if [ "$ENABLE_REDUCE" = true ] ; then
615 622 # Add levee package instead of vim-tiny
616 623 if [ "$REDUCE_VIM" = true ] ; then
617 624 APT_INCLUDES="$(echo ${APT_INCLUDES} | sed "s/vim-tiny/levee/")"
618 625 fi
619 626
620 627 # Add dropbear package instead of openssh-server
621 628 if [ "$REDUCE_SSHD" = true ] ; then
622 629 APT_INCLUDES="$(echo "${APT_INCLUDES}" | sed "s/openssh-server/dropbear/")"
623 630 fi
624 631 fi
625 632
626 633 # Configure systemd-sysv exclude to make halt/reboot/shutdown scripts available
627 634 if [ "$ENABLE_SYSVINIT" = false ] ; then
628 635 APT_EXCLUDES="--exclude=${APT_EXCLUDES},init,systemd-sysv"
629 636 fi
630 637
631 638 # Configure kernel sources if no KERNELSRC_DIR
632 639 if [ "$BUILD_KERNEL" = true ] && [ -z "$KERNELSRC_DIR" ] ; then
633 640 KERNELSRC_CONFIG=true
634 641 fi
635 642
636 643 # Configure reduced kernel
637 644 if [ "$KERNEL_REDUCE" = true ] ; then
638 645 KERNELSRC_CONFIG=false
639 646 fi
640 647
641 648 # Configure qemu compatible kernel
642 649 if [ "$ENABLE_QEMU" = true ] ; then
643 650 DTB_FILE=vexpress-v2p-ca15_a7.dtb
644 651 UBOOT_CONFIG=vexpress_ca15_tc2_defconfig
645 652 KERNEL_DEFCONFIG="vexpress_defconfig"
646 653 if [ "$KERNEL_MENUCONFIG" = false ] ; then
647 654 KERNEL_OLDDEFCONFIG=true
648 655 fi
649 656 fi
650 657
651 658 # Execute bootstrap scripts
652 659 for SCRIPT in bootstrap.d/*.sh; do
653 660 head -n 3 "$SCRIPT"
654 661 . "$SCRIPT"
655 662 done
656 663
657 664 ## Execute custom bootstrap scripts
658 665 if [ -d "custom.d" ] ; then
659 666 for SCRIPT in custom.d/*.sh; do
660 667 . "$SCRIPT"
661 668 done
662 669 fi
663 670
664 671 # Execute custom scripts inside the chroot
665 672 if [ -n "$CHROOT_SCRIPTS" ] && [ -d "$CHROOT_SCRIPTS" ] ; then
666 673 cp -r "${CHROOT_SCRIPTS}" "${R}/chroot_scripts"
667 674 chroot_exec /bin/bash -x <<'EOF'
668 675 for SCRIPT in /chroot_scripts/* ; do
669 676 if [ -f $SCRIPT -a -x $SCRIPT ] ; then
670 677 $SCRIPT
671 678 fi
672 679 done
673 680 EOF
674 681 rm -rf "${R}/chroot_scripts"
675 682 fi
676 683
677 684 # Remove c/c++ build environment from the chroot
678 685 chroot_remove_cc
679 686
680 687 # Generate required machine-id
681 688 MACHINE_ID=$(dbus-uuidgen)
682 689 echo -n "${MACHINE_ID}" > "${R}/var/lib/dbus/machine-id"
683 690 echo -n "${MACHINE_ID}" > "${ETC_DIR}/machine-id"
684 691
685 692 # APT Cleanup
686 693 chroot_exec apt-get -y clean
687 694 chroot_exec apt-get -y autoclean
688 695 chroot_exec apt-get -y autoremove
689 696
690 697 # Unmount mounted filesystems
691 698 umount -l "${R}/proc"
692 699 umount -l "${R}/sys"
693 700
694 701 # Clean up directories
695 702 rm -rf "${R}/run/*"
696 703 rm -rf "${R}/tmp/*"
697 704
698 705 # Clean up APT proxy settings
699 706 if [ "$KEEP_APT_PROXY" = false ] ; then
700 707 rm -f "${ETC_DIR}/apt/apt.conf.d/10proxy"
701 708 fi
702 709
703 710 # Clean up files
704 711 rm -f "${ETC_DIR}/ssh/ssh_host_*"
705 712 rm -f "${ETC_DIR}/dropbear/dropbear_*"
706 713 rm -f "${ETC_DIR}/apt/sources.list.save"
707 714 rm -f "${ETC_DIR}/resolvconf/resolv.conf.d/original"
708 715 rm -f "${ETC_DIR}/*-"
709 716 rm -f "${ETC_DIR}/resolv.conf"
710 717 rm -f "${R}/root/.bash_history"
711 718 rm -f "${R}/var/lib/urandom/random-seed"
712 719 rm -f "${R}/initrd.img"
713 720 rm -f "${R}/vmlinuz"
714 721 rm -f "${R}${QEMU_BINARY}"
715 722
716 723 if [ "$ENABLE_QEMU" = true ] ; then
717 724 # Setup QEMU directory
718 725 mkdir "${BASEDIR}/qemu"
719 726
720 727 # Copy kernel image to QEMU directory
721 728 install_readonly "${BOOT_DIR}/${KERNEL_IMAGE}" "${BASEDIR}/qemu/${KERNEL_IMAGE}"
722 729
723 730 # Copy kernel config to QEMU directory
724 731 install_readonly "${R}/boot/config-${KERNEL_VERSION}" "${BASEDIR}/qemu/config-${KERNEL_VERSION}"
725 732
726 733 # Copy kernel dtbs to QEMU directory
727 734 for dtb in "${BOOT_DIR}/"*.dtb ; do
728 735 if [ -f "${dtb}" ] ; then
729 736 install_readonly "${dtb}" "${BASEDIR}/qemu/"
730 737 fi
731 738 done
732 739
733 740 # Copy kernel overlays to QEMU directory
734 741 if [ -d "${BOOT_DIR}/overlays" ] ; then
735 742 # Setup overlays dtbs directory
736 743 mkdir "${BASEDIR}/qemu/overlays"
737 744
738 745 for dtb in "${BOOT_DIR}/overlays/"*.dtbo ; do
739 746 if [ -f "${dtb}" ] ; then
740 747 install_readonly "${dtb}" "${BASEDIR}/qemu/overlays/"
741 748 fi
742 749 done
743 750 fi
744 751
745 752 # Copy u-boot files to QEMU directory
746 753 if [ "$ENABLE_UBOOT" = true ] ; then
747 754 if [ -f "${BOOT_DIR}/u-boot.bin" ] ; then
748 755 install_readonly "${BOOT_DIR}/u-boot.bin" "${BASEDIR}/qemu/u-boot.bin"
749 756 fi
750 757 if [ -f "${BOOT_DIR}/uboot.mkimage" ] ; then
751 758 install_readonly "${BOOT_DIR}/uboot.mkimage" "${BASEDIR}/qemu/uboot.mkimage"
752 759 fi
753 760 if [ -f "${BOOT_DIR}/boot.scr" ] ; then
754 761 install_readonly "${BOOT_DIR}/boot.scr" "${BASEDIR}/qemu/boot.scr"
755 762 fi
756 763 fi
757 764
758 765 # Copy initramfs to QEMU directory
759 766 if [ -f "${BOOT_DIR}/initramfs-${KERNEL_VERSION}" ] ; then
760 767 install_readonly "${BOOT_DIR}/initramfs-${KERNEL_VERSION}" "${BASEDIR}/qemu/initramfs-${KERNEL_VERSION}"
761 768 fi
762 769 fi
763 770
764 771 # Calculate size of the chroot directory in KB
765 772 CHROOT_SIZE=$(expr "$(du -s "${R}" | awk '{ print $1 }')")
766 773
767 774 # Calculate the amount of needed 512 Byte sectors
768 775 TABLE_SECTORS=$(expr 1 \* 1024 \* 1024 \/ 512)
769 776 FRMW_SECTORS=$(expr 64 \* 1024 \* 1024 \/ 512)
770 777 ROOT_OFFSET=$(expr "${TABLE_SECTORS}" + "${FRMW_SECTORS}")
771 778
772 779 # The root partition is EXT4
773 780 # This means more space than the actual used space of the chroot is used.
774 781 # As overhead for journaling and reserved blocks 35% are added.
775 782 ROOT_SECTORS=$(expr "$(expr "${CHROOT_SIZE}" + "${CHROOT_SIZE}" \/ 100 \* 35)" \* 1024 \/ 512)
776 783
777 784 # Calculate required image size in 512 Byte sectors
778 785 IMAGE_SECTORS=$(expr "${TABLE_SECTORS}" + "${FRMW_SECTORS}" + "${ROOT_SECTORS}")
779 786
780 787 # Prepare image file
781 788 if [ "$ENABLE_SPLITFS" = true ] ; then
782 789 dd if=/dev/zero of="$IMAGE_NAME-frmw.img" bs=512 count="${TABLE_SECTORS}"
783 790 dd if=/dev/zero of="$IMAGE_NAME-frmw.img" bs=512 count=0 seek="${FRMW_SECTORS}"
784 791 dd if=/dev/zero of="$IMAGE_NAME-root.img" bs=512 count="${TABLE_SECTORS}"
785 792 dd if=/dev/zero of="$IMAGE_NAME-root.img" bs=512 count=0 seek="${ROOT_SECTORS}"
786 793
787 794 # Write firmware/boot partition tables
788 795 sfdisk -q -L -uS -f "$IMAGE_NAME-frmw.img" 2> /dev/null <<EOM
789 796 ${TABLE_SECTORS},${FRMW_SECTORS},c,*
790 797 EOM
791 798
792 799 # Write root partition table
793 800 sfdisk -q -L -uS -f "$IMAGE_NAME-root.img" 2> /dev/null <<EOM
794 801 ${TABLE_SECTORS},${ROOT_SECTORS},83
795 802 EOM
796 803
797 804 # Setup temporary loop devices
798 805 FRMW_LOOP="$(losetup -o 1M --sizelimit 64M -f --show "$IMAGE_NAME"-frmw.img)"
799 806 ROOT_LOOP="$(losetup -o 1M -f --show "$IMAGE_NAME"-root.img)"
800 807 else # ENABLE_SPLITFS=false
801 808 dd if=/dev/zero of="$IMAGE_NAME.img" bs=512 count="${TABLE_SECTORS}"
802 809 dd if=/dev/zero of="$IMAGE_NAME.img" bs=512 count=0 seek="${IMAGE_SECTORS}"
803 810
804 811 # Write partition table
805 812 sfdisk -q -L -uS -f "$IMAGE_NAME.img" 2> /dev/null <<EOM
806 813 ${TABLE_SECTORS},${FRMW_SECTORS},c,*
807 814 ${ROOT_OFFSET},${ROOT_SECTORS},83
808 815 EOM
809 816
810 817 # Setup temporary loop devices
811 818 FRMW_LOOP="$(losetup -o 1M --sizelimit 64M -f --show "$IMAGE_NAME".img)"
812 819 ROOT_LOOP="$(losetup -o 65M -f --show "$IMAGE_NAME".img)"
813 820 fi
814 821
815 822 if [ "$ENABLE_CRYPTFS" = true ] ; then
816 823 # Create dummy ext4 fs
817 824 mkfs.ext4 "$ROOT_LOOP"
818 825
819 826 # Setup password keyfile
820 827 touch .password
821 828 chmod 600 .password
822 829 echo -n ${CRYPTFS_PASSWORD} > .password
823 830
824 831 # Initialize encrypted partition
825 832 echo "YES" | cryptsetup luksFormat "${ROOT_LOOP}" -c "${CRYPTFS_CIPHER}" -s "${CRYPTFS_XTSKEYSIZE}" .password
826 833
827 834 # Open encrypted partition and setup mapping
828 835 cryptsetup luksOpen "${ROOT_LOOP}" -d .password "${CRYPTFS_MAPPING}"
829 836
830 837 # Secure delete password keyfile
831 838 shred -zu .password
832 839
833 840 # Update temporary loop device
834 841 ROOT_LOOP="/dev/mapper/${CRYPTFS_MAPPING}"
835 842
836 843 # Wipe encrypted partition (encryption cipher is used for randomness)
837 844 dd if=/dev/zero of="${ROOT_LOOP}" bs=512 count="$(blockdev --getsz "${ROOT_LOOP}")"
838 845 fi
839 846
840 847 # Build filesystems
841 848 mkfs.vfat "$FRMW_LOOP"
842 849 mkfs.ext4 "$ROOT_LOOP"
843 850
844 851 # Mount the temporary loop devices
845 852 mkdir -p "$BUILDDIR/mount"
846 853 mount "$ROOT_LOOP" "$BUILDDIR/mount"
847 854
848 855 mkdir -p "$BUILDDIR/mount/boot/firmware"
849 856 mount "$FRMW_LOOP" "$BUILDDIR/mount/boot/firmware"
850 857
851 858 # Copy all files from the chroot to the loop device mount point directory
852 859 rsync -a "${R}/" "$BUILDDIR/mount/"
853 860
854 861 # Unmount all temporary loop devices and mount points
855 862 cleanup
856 863
857 864 # Create block map file(s) of image(s)
858 865 if [ "$ENABLE_SPLITFS" = true ] ; then
859 866 # Create block map files for "bmaptool"
860 867 bmaptool create -o "$IMAGE_NAME-frmw.bmap" "$IMAGE_NAME-frmw.img"
861 868 bmaptool create -o "$IMAGE_NAME-root.bmap" "$IMAGE_NAME-root.img"
862 869
863 870 # Image was successfully created
864 871 echo "$IMAGE_NAME-frmw.img ($(expr \( "${TABLE_SECTORS}" + "${FRMW_SECTORS}" \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
865 872 echo "$IMAGE_NAME-root.img ($(expr \( "${TABLE_SECTORS}" + "${ROOT_SECTORS}" \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
866 873 else
867 874 # Create block map file for "bmaptool"
868 875 bmaptool create -o "$IMAGE_NAME.bmap" "$IMAGE_NAME.img"
869 876
870 877 # Image was successfully created
871 878 echo "$IMAGE_NAME.img ($(expr \( "${TABLE_SECTORS}" + "${FRMW_SECTORS}" + "${ROOT_SECTORS}" \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
872 879
873 880 # Create qemu qcow2 image
874 881 if [ "$ENABLE_QEMU" = true ] ; then
875 882 QEMU_IMAGE=${QEMU_IMAGE:=${BASEDIR}/qemu/${DATE}-${KERNEL_ARCH}-CURRENT-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}}
876 883 QEMU_SIZE=16G
877 884
878 885 qemu-img convert -f raw -O qcow2 "$IMAGE_NAME".img "$QEMU_IMAGE".qcow2
879 886 qemu-img resize "$QEMU_IMAGE".qcow2 $QEMU_SIZE
880 887
881 888 echo "$QEMU_IMAGE.qcow2 ($QEMU_SIZE)" ": successfully created"
882 889 fi
883 890 fi
General Comments 0
Vous devez vous connecter pour laisser un commentaire. Se connecter maintenant