##// END OF EJS Templates
Raspi2-3_GenImage
RSS

Cloner depuis https://github.com/drtyhlpr/rpi23-gen-image.git

PATCHES for:...
Unknown -
r665:c4237fcbc4c6
parent child
Show More
Show file before | Show file after | Hide comments
@@ -1,548 +1,551
1 # rpi23-gen-image
1 # rpi23-gen-image
2 ## Introduction
2 ## Introduction
3 `rpi23-gen-image.sh` is an advanced Debian Linux bootstrapping shell script for generating Debian OS images for all Raspberry Pi computers. The script at this time supports the bootstrapping of the Debian (armhf/armel) releases `stretch` and `buster`. Raspberry Pi 0/1/2/3 images are generated for 32-bit mode only. Raspberry Pi 3 supports 64-bit images that can be generated using custom configuration parameters (```templates/rpi3-stretch-arm64-4.14.y```).
3 `rpi23-gen-image.sh` is an advanced Debian Linux bootstrapping shell script for generating Debian OS images for all Raspberry Pi computers. The script at this time supports the bootstrapping of the Debian (armhf/armel) releases `stretch` and `buster`. Raspberry Pi 0/1/2/3 images are generated for 32-bit mode only. Raspberry Pi 3 supports 64-bit images that can be generated using custom configuration parameters (```templates/rpi3-stretch-arm64-4.14.y```).
4
4
5 ## Build dependencies
5 ## Build dependencies
6 The following list of Debian packages must be installed on the build system because they are essentially required for the bootstrapping process. The script will check if all required packages are installed and missing packages will be installed automatically if confirmed by the user.
6 The following list of Debian packages must be installed on the build system because they are essentially required for the bootstrapping process. The script will check if all required packages are installed and missing packages will be installed automatically if confirmed by the user.
7
7
8 ```debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git bc psmisc dbus sudo```
8 ```debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git bc psmisc dbus sudo```
9
9
10 It is recommended to configure the `rpi23-gen-image.sh` script to build and install the latest Raspberry Pi Linux kernel. For the Raspberry 3 this is mandatory. Kernel compilation and linking will be performed on the build system using an ARM (armhf/armel) cross-compiler toolchain.
10 It is recommended to configure the `rpi23-gen-image.sh` script to build and install the latest Raspberry Pi Linux kernel. For the Raspberry 3 this is mandatory. Kernel compilation and linking will be performed on the build system using an ARM (armhf/armel) cross-compiler toolchain.
11
11
12 The script has been tested using the default `crossbuild-essential-armhf` and `crossbuild-essential-armel` toolchain meta packages on Debian Linux `stretch` build systems. Please check the [Debian CrossToolchains Wiki](https://wiki.debian.org/CrossToolchains) for further information.
12 The script has been tested using the default `crossbuild-essential-armhf` and `crossbuild-essential-armel` toolchain meta packages on Debian Linux `stretch` build systems. Please check the [Debian CrossToolchains Wiki](https://wiki.debian.org/CrossToolchains) for further information.
13
13
14 ## Command-line parameters
14 ## Command-line parameters
15 The script accepts certain command-line parameters to enable or disable specific OS features, services and configuration settings. These parameters are passed to the `rpi23-gen-image.sh` script via (simple) shell-variables. Unlike environment shell-variables (simple) shell-variables are defined at the beginning of the command-line call of the `rpi23-gen-image.sh` script.
15 The script accepts certain command-line parameters to enable or disable specific OS features, services and configuration settings. These parameters are passed to the `rpi23-gen-image.sh` script via (simple) shell-variables. Unlike environment shell-variables (simple) shell-variables are defined at the beginning of the command-line call of the `rpi23-gen-image.sh` script.
16
16
17 ##### Command-line examples:
17 ##### Command-line examples:
18 ```shell
18 ```shell
19 ENABLE_UBOOT=true ./rpi23-gen-image.sh
19 ENABLE_UBOOT=true ./rpi23-gen-image.sh
20 ENABLE_CONSOLE=false ENABLE_IPV6=false ./rpi23-gen-image.sh
20 ENABLE_CONSOLE=false ENABLE_IPV6=false ./rpi23-gen-image.sh
21 ENABLE_WM=xfce4 ENABLE_FBTURBO=true ENABLE_MINBASE=true ./rpi23-gen-image.sh
21 ENABLE_WM=xfce4 ENABLE_FBTURBO=true ENABLE_MINBASE=true ./rpi23-gen-image.sh
22 ENABLE_HARDNET=true ENABLE_IPTABLES=true /rpi23-gen-image.sh
22 ENABLE_HARDNET=true ENABLE_IPTABLES=true /rpi23-gen-image.sh
23 APT_SERVER=ftp.de.debian.org APT_PROXY="http://127.0.0.1:3142/" ./rpi23-gen-image.sh
23 APT_SERVER=ftp.de.debian.org APT_PROXY="http://127.0.0.1:3142/" ./rpi23-gen-image.sh
24 ENABLE_MINBASE=true ./rpi23-gen-image.sh
24 ENABLE_MINBASE=true ./rpi23-gen-image.sh
25 BUILD_KERNEL=true ENABLE_MINBASE=true ENABLE_IPV6=false ./rpi23-gen-image.sh
25 BUILD_KERNEL=true ENABLE_MINBASE=true ENABLE_IPV6=false ./rpi23-gen-image.sh
26 BUILD_KERNEL=true KERNELSRC_DIR=/tmp/linux ./rpi23-gen-image.sh
26 BUILD_KERNEL=true KERNELSRC_DIR=/tmp/linux ./rpi23-gen-image.sh
27 ENABLE_MINBASE=true ENABLE_REDUCE=true ENABLE_MINGPU=true BUILD_KERNEL=true ./rpi23-gen-image.sh
27 ENABLE_MINBASE=true ENABLE_REDUCE=true ENABLE_MINGPU=true BUILD_KERNEL=true ./rpi23-gen-image.sh
28 ENABLE_CRYPTFS=true CRYPTFS_PASSWORD=changeme EXPANDROOT=false ENABLE_MINBASE=true ENABLE_REDUCE=true ENABLE_MINGPU=true BUILD_KERNEL=true ./rpi23-gen-image.sh
28 ENABLE_CRYPTFS=true CRYPTFS_PASSWORD=changeme EXPANDROOT=false ENABLE_MINBASE=true ENABLE_REDUCE=true ENABLE_MINGPU=true BUILD_KERNEL=true ./rpi23-gen-image.sh
29 RELEASE=stretch BUILD_KERNEL=true ./rpi23-gen-image.sh
29 RELEASE=stretch BUILD_KERNEL=true ./rpi23-gen-image.sh
30 RPI_MODEL=3 ENABLE_WIRELESS=true ENABLE_MINBASE=true BUILD_KERNEL=true ./rpi23-gen-image.sh
30 RPI_MODEL=3 ENABLE_WIRELESS=true ENABLE_MINBASE=true BUILD_KERNEL=true ./rpi23-gen-image.sh
31 RELEASE=stretch RPI_MODEL=3 ENABLE_WIRELESS=true ENABLE_MINBASE=true BUILD_KERNEL=true ./rpi23-gen-image.sh
31 RELEASE=stretch RPI_MODEL=3 ENABLE_WIRELESS=true ENABLE_MINBASE=true BUILD_KERNEL=true ./rpi23-gen-image.sh
32 ```
32 ```
33
33
34 ## Configuration template files
34 ## Configuration template files
35 To avoid long lists of command-line parameters and to help to store the favourite parameter configurations the `rpi23-gen-image.sh` script supports so called configuration template files (`CONFIG_TEMPLATE`=template). These are simple text files located in the `./templates` directory that contain the list of configuration parameters that will be used. New configuration template files can be added to the `./templates` directory.
35 To avoid long lists of command-line parameters and to help to store the favourite parameter configurations the `rpi23-gen-image.sh` script supports so called configuration template files (`CONFIG_TEMPLATE`=template). These are simple text files located in the `./templates` directory that contain the list of configuration parameters that will be used. New configuration template files can be added to the `./templates` directory.
36
36
37 ##### Command-line examples:
37 ##### Command-line examples:
38 ```shell
38 ```shell
39 CONFIG_TEMPLATE=rpi3stretch ./rpi23-gen-image.sh
39 CONFIG_TEMPLATE=rpi3stretch ./rpi23-gen-image.sh
40 CONFIG_TEMPLATE=rpi2stretch ./rpi23-gen-image.sh
40 CONFIG_TEMPLATE=rpi2stretch ./rpi23-gen-image.sh
41 ```
41 ```
42
42
43 ## Supported parameters and settings
43 ## Supported parameters and settings
44 #### APT settings:
44 #### APT settings:
45 ##### `APT_SERVER`="ftp.debian.org"
45 ##### `APT_SERVER`="ftp.debian.org"
46 Set Debian packages server address. Choose a server from the list of Debian worldwide [mirror sites](https://www.debian.org/mirror/list). Using a nearby server will probably speed-up all required downloads within the bootstrapping process.
46 Set Debian packages server address. Choose a server from the list of Debian worldwide [mirror sites](https://www.debian.org/mirror/list). Using a nearby server will probably speed-up all required downloads within the bootstrapping process.
47
47
48 ##### `APT_PROXY`=""
48 ##### `APT_PROXY`=""
49 Set Proxy server address. Using a local Proxy-Cache like `apt-cacher-ng` will speed-up the bootstrapping process because all required Debian packages will only be downloaded from the Debian mirror site once. If `apt-cacher-ng` is running on default `http://127.0.0.1:3142` it is autodetected and you don't need to set this.
49 Set Proxy server address. Using a local Proxy-Cache like `apt-cacher-ng` will speed-up the bootstrapping process because all required Debian packages will only be downloaded from the Debian mirror site once. If `apt-cacher-ng` is running on default `http://127.0.0.1:3142` it is autodetected and you don't need to set this.
50
50
51 ##### `KEEP_APT_PROXY`=false
51 ##### `KEEP_APT_PROXY`=false
52 Keep the APT_PROXY settings used in the bootsrapping process in the generated image.
52 Keep the APT_PROXY settings used in the bootsrapping process in the generated image.
53
53
54 ##### `APT_INCLUDES`=""
54 ##### `APT_INCLUDES`=""
55 A comma-separated list of additional packages to be installed by debootstrap during bootstrapping.
55 A comma-separated list of additional packages to be installed by debootstrap during bootstrapping.
56
56
57 ##### `APT_INCLUDES_LATE`=""
57 ##### `APT_INCLUDES_LATE`=""
58 A comma-separated list of additional packages to be installed by apt after bootstrapping and after APT sources are set up. This is useful for packages with pre-depends, which debootstrap do not handle well.
58 A comma-separated list of additional packages to be installed by apt after bootstrapping and after APT sources are set up. This is useful for packages with pre-depends, which debootstrap do not handle well.
59
59
60 ---
60 ---
61
61
62 #### General system settings:
62 #### General system settings:
63 ##### `SET_ARCH`=32
63 ##### `SET_ARCH`=32
64 Set Architecture to default 32bit. If you want to compile 64-bit (RPI3 or RPI3+) set it to `64`. This option will set every needed cross-compiler or board specific option for a successful build.
64 Set Architecture to default 32bit. If you want to compile 64-bit (RPI3 or RPI3+) set it to `64`. This option will set every needed cross-compiler or board specific option for a successful build.
65
65
66 ##### `RPI_MODEL`=2
66 ##### `RPI_MODEL`=2
67 Specify the target Raspberry Pi hardware model. The script at this time supports the following Raspberry Pi models:
67 Specify the target Raspberry Pi hardware model. The script at this time supports the following Raspberry Pi models:
68 - `0` = Raspberry Pi 0 and Raspberry Pi 0 W
68 - `0` = Raspberry Pi 0 and Raspberry Pi 0 W
69 - `1` = Raspberry Pi 1 model A and B
69 - `1` = Raspberry Pi 1 model A and B
70 - `1P` = Raspberry Pi 1 model B+ and A+
70 - `1P` = Raspberry Pi 1 model B+ and A+
71 - `2` = Raspberry Pi 2 model B
71 - `2` = Raspberry Pi 2 model B
72 - `3` = Raspberry Pi 3 model B
72 - `3` = Raspberry Pi 3 model B
73 - `3P` = Raspberry Pi 3 model B+
73 - `3P` = Raspberry Pi 3 model B+
74
74
75 ##### `RELEASE`="buster"
75 ##### `RELEASE`="buster"
76 Set the desired Debian release name. The script at this time supports the bootstrapping of the Debian releases `stretch` and `buster`.
76 Set the desired Debian release name. The script at this time supports the bootstrapping of the Debian releases `stretch` and `buster`.
77
77
78 ##### `RELEASE_ARCH`="armhf"
78 ##### `RELEASE_ARCH`="armhf"
79 Set the desired Debian release architecture.
79 Set the desired Debian release architecture.
80
80
81 ##### `HOSTNAME`="rpi$RPI_MODEL-$RELEASE"
81 ##### `HOSTNAME`="rpi$RPI_MODEL-$RELEASE"
82 Set system hostname. It's recommended that the hostname is unique in the corresponding subnet.
82 Set system hostname. It's recommended that the hostname is unique in the corresponding subnet.
83
83
84 ##### `PASSWORD`="raspberry"
84 ##### `PASSWORD`="raspberry"
85 Set system `root` password. It's **STRONGLY** recommended that you choose a custom password.
85 Set system `root` password. It's **STRONGLY** recommended that you choose a custom password.
86
86
87 ##### `USER_PASSWORD`="raspberry"
87 ##### `USER_PASSWORD`="raspberry"
88 Set password for the created non-root user `USER_NAME`=pi. Ignored if `ENABLE_USER`=false. It's **STRONGLY** recommended that you choose a custom password.
88 Set password for the created non-root user `USER_NAME`=pi. Ignored if `ENABLE_USER`=false. It's **STRONGLY** recommended that you choose a custom password.
89
89
90 ##### `DEFLOCAL`="en_US.UTF-8"
90 ##### `DEFLOCAL`="en_US.UTF-8"
91 Set default system locale. This setting can also be changed inside the running OS using the `dpkg-reconfigure locales` command. Please note that on using this parameter the script will automatically install the required packages `locales`, `keyboard-configuration` and `console-setup`.
91 Set default system locale. This setting can also be changed inside the running OS using the `dpkg-reconfigure locales` command. Please note that on using this parameter the script will automatically install the required packages `locales`, `keyboard-configuration` and `console-setup`.
92
92
93 ##### `TIMEZONE`="Europe/Berlin"
93 ##### `TIMEZONE`="Europe/Berlin"
94 Set default system timezone. All available timezones can be found in the `/usr/share/zoneinfo/` directory. This setting can also be changed inside the running OS using the `dpkg-reconfigure tzdata` command.
94 Set default system timezone. All available timezones can be found in the `/usr/share/zoneinfo/` directory. This setting can also be changed inside the running OS using the `dpkg-reconfigure tzdata` command.
95
95
96 ##### `EXPANDROOT`=true
96 ##### `EXPANDROOT`=true
97 Expand the root partition and filesystem automatically on first boot.
97 Expand the root partition and filesystem automatically on first boot.
98
98
99 ##### `ENABLE_DPHYSSWAP`=true
99 ##### `ENABLE_DPHYSSWAP`=true
100 Enable swap. The size of the swapfile is chosen relative to the size of the root partition. It'll use the `dphys-swapfile` package for that.
100 Enable swap. The size of the swapfile is chosen relative to the size of the root partition. It'll use the `dphys-swapfile` package for that.
101
101
102 ##### `ENABLE_QEMU`=false
102 ##### `ENABLE_QEMU`=false
103 Generate kernel (`vexpress_defconfig`), file system image (`qcow2`) and DTB files that can be used for QEMU full system emulation (`vexpress-A15`). The output files are stored in the `$(pwd)/images/qemu` directory. You can find more information about running the generated image in the QEMU section of this readme file.
103 Generate kernel (`vexpress_defconfig`), file system image (`qcow2`) and DTB files that can be used for QEMU full system emulation (`vexpress-A15`). The output files are stored in the `$(pwd)/images/qemu` directory. You can find more information about running the generated image in the QEMU section of this readme file.
104
104
105 ---
105 ---
106
106
107 #### Keyboard settings:
107 #### Keyboard settings:
108 These options are used to configure keyboard layout in `/etc/default/keyboard` for console and Xorg. These settings can also be changed inside the running OS using the `dpkg-reconfigure keyboard-configuration` command.
108 These options are used to configure keyboard layout in `/etc/default/keyboard` for console and Xorg. These settings can also be changed inside the running OS using the `dpkg-reconfigure keyboard-configuration` command.
109
109
110 ##### `XKB_MODEL`=""
110 ##### `XKB_MODEL`=""
111 Set the name of the model of your keyboard type.
111 Set the name of the model of your keyboard type.
112
112
113 ##### `XKB_LAYOUT`=""
113 ##### `XKB_LAYOUT`=""
114 Set the supported keyboard layout(s).
114 Set the supported keyboard layout(s).
115
115
116 ##### `XKB_VARIANT`=""
116 ##### `XKB_VARIANT`=""
117 Set the supported variant(s) of the keyboard layout(s).
117 Set the supported variant(s) of the keyboard layout(s).
118
118
119 ##### `XKB_OPTIONS`=""
119 ##### `XKB_OPTIONS`=""
120 Set extra xkb configuration options.
120 Set extra xkb configuration options.
121
121
122 ---
122 ---
123
123
124 #### Networking settings (DHCP):
124 #### Networking settings (DHCP):
125 This parameter is used to set up networking auto-configuration in `/etc/systemd/network/eth.network`. The default location of network configuration files in the Debian `stretch` release was changed to `/lib/systemd/network`.`
125 This parameter is used to set up networking auto-configuration in `/etc/systemd/network/eth.network`. The default location of network configuration files in the Debian `stretch` release was changed to `/lib/systemd/network`.`
126
126
127 ##### `ENABLE_DHCP`=true
127 ##### `ENABLE_DHCP`=true
128 Set the system to use DHCP. This requires an DHCP server.
128 Set the system to use DHCP. This requires an DHCP server.
129
129
130 ---
130 ---
131
131
132 #### Networking settings (static):
132 #### Networking settings (static):
133 These parameters are used to set up a static networking configuration in `/etc/systemd/network/eth.network`. The following static networking parameters are only supported if `ENABLE_DHCP` was set to `false`. The default location of network configuration files in the Debian `stretch` release was changed to `/lib/systemd/network`.
133 These parameters are used to set up a static networking configuration in `/etc/systemd/network/eth.network`. The following static networking parameters are only supported if `ENABLE_DHCP` was set to `false`. The default location of network configuration files in the Debian `stretch` release was changed to `/lib/systemd/network`.
134
134
135 ##### `NET_ADDRESS`=""
135 ##### `NET_ADDRESS`=""
136 Set a static IPv4 or IPv6 address and its prefix, separated by "/", eg. "192.169.0.3/24".
136 Set a static IPv4 or IPv6 address and its prefix, separated by "/", eg. "192.169.0.3/24".
137
137
138 ##### `NET_GATEWAY`=""
138 ##### `NET_GATEWAY`=""
139 Set the IP address for the default gateway.
139 Set the IP address for the default gateway.
140
140
141 ##### `NET_DNS_1`=""
141 ##### `NET_DNS_1`=""
142 Set the IP address for the first DNS server.
142 Set the IP address for the first DNS server.
143
143
144 ##### `NET_DNS_2`=""
144 ##### `NET_DNS_2`=""
145 Set the IP address for the second DNS server.
145 Set the IP address for the second DNS server.
146
146
147 ##### `NET_DNS_DOMAINS`=""
147 ##### `NET_DNS_DOMAINS`=""
148 Set the default DNS search domains to use for non fully qualified hostnames.
148 Set the default DNS search domains to use for non fully qualified hostnames.
149
149
150 ##### `NET_NTP_1`=""
150 ##### `NET_NTP_1`=""
151 Set the IP address for the first NTP server.
151 Set the IP address for the first NTP server.
152
152
153 ##### `NET_NTP_2`=""
153 ##### `NET_NTP_2`=""
154 Set the IP address for the second NTP server.
154 Set the IP address for the second NTP server.
155
155
156 ---
156 ---
157
157
158 #### Basic system features:
158 #### Basic system features:
159 ##### `ENABLE_CONSOLE`=true
159 ##### `ENABLE_CONSOLE`=true
160 Enable serial console interface. Recommended if no monitor or keyboard is connected to the RPi2/3. In case of problems fe. if the network (auto) configuration failed - the serial console can be used to access the system. On RPI `0` `3` `3P` the CPU speed is locked at lowest speed.
160 Enable serial console interface. Recommended if no monitor or keyboard is connected to the RPi2/3. In case of problems fe. if the network (auto) configuration failed - the serial console can be used to access the system. On RPI `0` `3` `3P` the CPU speed is locked at lowest speed.
161
161
162 ##### `ENABLE_PRINTK`=false
162 ##### `ENABLE_PRINTK`=false
163 Enables printing kernel messages to konsole. printk is `3 4 1 3` as in raspbian.
163 Enables printing kernel messages to konsole. printk is `3 4 1 3` as in raspbian.
164
164
165 ##### `ENABLE_BLUETOOTH`=false
165 ##### `ENABLE_BLUETOOTH`=false
166 Enable onboard Bluetooth interface on the RPi0/3/3P. See: [Configuring the GPIO serial port on Raspbian jessie and stretch](https://spellfoundry.com/2016/05/29/configuring-gpio-serial-port-raspbian-jessie-including-pi-3/).
166 Enable onboard Bluetooth interface on the RPi0/3/3P. See: [Configuring the GPIO serial port on Raspbian jessie and stretch](https://spellfoundry.com/2016/05/29/configuring-gpio-serial-port-raspbian-jessie-including-pi-3/).
167
167
168 ##### `ENABLE_MINIUART_OVERLAY`=false
168 ##### `ENABLE_MINIUART_OVERLAY`=false
169 Enable Bluetooth to use this. Adds overlay to swap UART0 with UART1. Enabling (slower) Bluetooth and full speed serial console. - RPI `0` `3` `3P` have a fast `hardware UART0` (ttyAMA0) and a `mini UART1` (ttyS0)! RPI `1` `1P` `2` only have a `hardware UART0`. `UART0` is considered better, because is faster and more stable than `mini UART1`. By default the Bluetooth modem is mapped to the `hardware UART0` and `mini UART` is used for console. The `mini UART` is a problem for the serial console, because its baudrate depends on the CPU frequency, which is changing on runtime. Resulting in a volatile baudrate and thus in an unusable serial console.
169 Enable Bluetooth to use this. Adds overlay to swap UART0 with UART1. Enabling (slower) Bluetooth and full speed serial console. - RPI `0` `3` `3P` have a fast `hardware UART0` (ttyAMA0) and a `mini UART1` (ttyS0)! RPI `1` `1P` `2` only have a `hardware UART0`. `UART0` is considered better, because is faster and more stable than `mini UART1`. By default the Bluetooth modem is mapped to the `hardware UART0` and `mini UART` is used for console. The `mini UART` is a problem for the serial console, because its baudrate depends on the CPU frequency, which is changing on runtime. Resulting in a volatile baudrate and thus in an unusable serial console.
170
170
171 ##### `ENABLE_TURBO`=false
171 ##### `ENABLE_TURBO`=false
172 Enable Turbo mode. This setting locks cpu at the highest frequency. As setting ENABLE_CONSOLE=true locks RPI to lowest CPU speed, this is can be used additionally to lock cpu hat max speed. Need a good power supply and probably cooling for the Raspberry PI.
172 Enable Turbo mode. This setting locks cpu at the highest frequency. As setting ENABLE_CONSOLE=true locks RPI to lowest CPU speed, this is can be used additionally to lock cpu hat max speed. Need a good power supply and probably cooling for the Raspberry PI.
173
173
174 ##### `ENABLE_I2C`=false
174 ##### `ENABLE_I2C`=false
175 Enable I2C interface on the RPi 0/1/2/3. Please check the [RPi 0/1/2/3 pinout diagrams](https://elinux.org/RPi_Low-level_peripherals) to connect the right GPIO pins.
175 Enable I2C interface on the RPi 0/1/2/3. Please check the [RPi 0/1/2/3 pinout diagrams](https://elinux.org/RPi_Low-level_peripherals) to connect the right GPIO pins.
176
176
177 ##### `ENABLE_SPI`=false
177 ##### `ENABLE_SPI`=false
178 Enable SPI interface on the RPi 0/1/2/3. Please check the [RPi 0/1/2/3 pinout diagrams](https://elinux.org/RPi_Low-level_peripherals) to connect the right GPIO pins.
178 Enable SPI interface on the RPi 0/1/2/3. Please check the [RPi 0/1/2/3 pinout diagrams](https://elinux.org/RPi_Low-level_peripherals) to connect the right GPIO pins.
179
179
180 ##### `ENABLE_IPV6`=true
180 ##### `ENABLE_IPV6`=true
181 Enable IPv6 support. The network interface configuration is managed via systemd-networkd.
181 Enable IPv6 support. The network interface configuration is managed via systemd-networkd.
182
182
183 ##### `ENABLE_SSHD`=true
183 ##### `ENABLE_SSHD`=true
184 Install and enable OpenSSH service. The default configuration of the service doesn't allow `root` to login. Please use the user `pi` instead and `su -` or `sudo` to execute commands as root.
184 Install and enable OpenSSH service. The default configuration of the service doesn't allow `root` to login. Please use the user `pi` instead and `su -` or `sudo` to execute commands as root.
185
185
186 ##### `ENABLE_NONFREE`=false
186 ##### `ENABLE_NONFREE`=false
187 Allow the installation of non-free Debian packages that do not comply with the DFSG. This is required to install closed-source firmware binary blobs.
187 Allow the installation of non-free Debian packages that do not comply with the DFSG. This is required to install closed-source firmware binary blobs.
188
188
189 ##### `ENABLE_WIRELESS`=false
189 ##### `ENABLE_WIRELESS`=false
190 Download and install the [closed-source firmware binary blob](https://github.com/RPi-Distro/firmware-nonfree/raw/master/brcm) that is required to run the internal wireless interface of the Raspberry Pi model `3`. This parameter is ignored if the specified `RPI_MODEL` is not `3`.
190 Download and install the [closed-source firmware binary blob](https://github.com/RPi-Distro/firmware-nonfree/raw/master/brcm) that is required to run the internal wireless interface of the Raspberry Pi model `3`. This parameter is ignored if the specified `RPI_MODEL` is not `3`.
191
191
192 ##### `ENABLE_RSYSLOG`=true
192 ##### `ENABLE_RSYSLOG`=true
193 If set to false, disable and uninstall rsyslog (so logs will be available only in journal files)
193 If set to false, disable and uninstall rsyslog (so logs will be available only in journal files)
194
194
195 ##### `ENABLE_SOUND`=true
195 ##### `ENABLE_SOUND`=true
196 Enable sound hardware and install Advanced Linux Sound Architecture.
196 Enable sound hardware and install Advanced Linux Sound Architecture.
197
197
198 ##### `ENABLE_HWRANDOM`=true
198 ##### `ENABLE_HWRANDOM`=true
199 Enable Hardware Random Number Generator. Strong random numbers are important for most network-based communications that use encryption. It's recommended to be enabled.
199 Enable Hardware Random Number Generator. Strong random numbers are important for most network-based communications that use encryption. It's recommended to be enabled.
200
200
201 ##### `ENABLE_MINGPU`=false
201 ##### `ENABLE_MINGPU`=false
202 Minimize the amount of shared memory reserved for the GPU. It doesn't seem to be possible to fully disable the GPU.
202 Minimize the amount of shared memory reserved for the GPU. It doesn't seem to be possible to fully disable the GPU.
203
203
204 ##### `ENABLE_DBUS`=true
204 ##### `ENABLE_DBUS`=true
205 Install and enable D-Bus message bus. Please note that systemd should work without D-bus but it's recommended to be enabled.
205 Install and enable D-Bus message bus. Please note that systemd should work without D-bus but it's recommended to be enabled.
206
206
207 ##### `ENABLE_XORG`=false
207 ##### `ENABLE_XORG`=false
208 Install Xorg open-source X Window System.
208 Install Xorg open-source X Window System.
209
209
210 ##### `ENABLE_WM`=""
210 ##### `ENABLE_WM`=""
211 Install a user-defined window manager for the X Window System. To make sure all X related package dependencies are getting installed `ENABLE_XORG` will automatically get enabled if `ENABLE_WM` is used. The `rpi23-gen-image.sh` script has been tested with the following list of window managers: `blackbox`, `openbox`, `fluxbox`, `jwm`, `dwm`, `xfce4`, `awesome`.
211 Install a user-defined window manager for the X Window System. To make sure all X related package dependencies are getting installed `ENABLE_XORG` will automatically get enabled if `ENABLE_WM` is used. The `rpi23-gen-image.sh` script has been tested with the following list of window managers: `blackbox`, `openbox`, `fluxbox`, `jwm`, `dwm`, `xfce4`, `awesome`.
212
212
213 ##### `ENABLE_SYSVINIT`=false
213 ##### `ENABLE_SYSVINIT`=false
214 Support for halt,init,poweroff,reboot,runlevel,shutdown,telinit commands
214 Support for halt,init,poweroff,reboot,runlevel,shutdown,telinit commands
215
215
216 ---
216 ---
217
217
218 #### Advanced system features:
218 #### Advanced system features:
219 ##### `ENABLE_KEYGEN`=false
220 Recover your lost codec license
221
219 ##### `ENABLE_SYSTEMDSWAP`=false
222 ##### `ENABLE_SYSTEMDSWAP`=false
220 Enables [Systemd-swap service](https://github.com/Nefelim4ag/systemd-swap). Usefull if `KERNEL_ZSWAP` is enabled.
223 Enables [Systemd-swap service](https://github.com/Nefelim4ag/systemd-swap). Usefull if `KERNEL_ZSWAP` is enabled.
221
224
222 ##### `ENABLE_MINBASE`=false
225 ##### `ENABLE_MINBASE`=false
223 Use debootstrap script variant `minbase` which only includes essential packages and apt. This will reduce the disk usage by about 65 MB.
226 Use debootstrap script variant `minbase` which only includes essential packages and apt. This will reduce the disk usage by about 65 MB.
224
227
225 ##### `ENABLE_REDUCE`=false
228 ##### `ENABLE_REDUCE`=false
226 Reduce the disk space usage by deleting packages and files. See `REDUCE_*` parameters for detailed information.
229 Reduce the disk space usage by deleting packages and files. See `REDUCE_*` parameters for detailed information.
227
230
228 ##### `ENABLE_UBOOT`=false
231 ##### `ENABLE_UBOOT`=false
229 Replace the default RPi 0/1/2/3 second stage bootloader (bootcode.bin) with [U-Boot bootloader](https://git.denx.de/?p=u-boot.git;a=summary). U-Boot can boot images via the network using the BOOTP/TFTP protocol.
232 Replace the default RPi 0/1/2/3 second stage bootloader (bootcode.bin) with [U-Boot bootloader](https://git.denx.de/?p=u-boot.git;a=summary). U-Boot can boot images via the network using the BOOTP/TFTP protocol.
230
233
231 ##### `UBOOTSRC_DIR`=""
234 ##### `UBOOTSRC_DIR`=""
232 Path to a directory (`u-boot`) of [U-Boot bootloader sources](https://git.denx.de/?p=u-boot.git;a=summary) that will be copied, configured, build and installed inside the chroot.
235 Path to a directory (`u-boot`) of [U-Boot bootloader sources](https://git.denx.de/?p=u-boot.git;a=summary) that will be copied, configured, build and installed inside the chroot.
233
236
234 ##### `ENABLE_FBTURBO`=false
237 ##### `ENABLE_FBTURBO`=false
235 Install and enable the [hardware accelerated Xorg video driver](https://github.com/ssvb/xf86-video-fbturbo) `fbturbo`. Please note that this driver is currently limited to hardware accelerated window moving and scrolling.
238 Install and enable the [hardware accelerated Xorg video driver](https://github.com/ssvb/xf86-video-fbturbo) `fbturbo`. Please note that this driver is currently limited to hardware accelerated window moving and scrolling.
236
239
237 ##### `FBTURBOSRC_DIR`=""
240 ##### `FBTURBOSRC_DIR`=""
238 Path to a directory (`xf86-video-fbturbo`) of [hardware accelerated Xorg video driver sources](https://github.com/ssvb/xf86-video-fbturbo) that will be copied, configured, build and installed inside the chroot.
241 Path to a directory (`xf86-video-fbturbo`) of [hardware accelerated Xorg video driver sources](https://github.com/ssvb/xf86-video-fbturbo) that will be copied, configured, build and installed inside the chroot.
239
242
240 ##### `ENABLE_VIDEOCORE`=false
243 ##### `ENABLE_VIDEOCORE`=false
241 Install and enable the [ARM side libraries for interfacing to Raspberry Pi GPU](https://github.com/raspberrypi/userland) `vcgencmd`. Please note that this driver is currently limited to hardware accelerated window moving and scrolling.
244 Install and enable the [ARM side libraries for interfacing to Raspberry Pi GPU](https://github.com/raspberrypi/userland) `vcgencmd`. Please note that this driver is currently limited to hardware accelerated window moving and scrolling.
242
245
243 ##### `VIDEOCORESRC_DIR`=""
246 ##### `VIDEOCORESRC_DIR`=""
244 Path to a directory (`userland`) of [ARM side libraries for interfacing to Raspberry Pi GPU](https://github.com/raspberrypi/userland) that will be copied, configured, build and installed inside the chroot.
247 Path to a directory (`userland`) of [ARM side libraries for interfacing to Raspberry Pi GPU](https://github.com/raspberrypi/userland) that will be copied, configured, build and installed inside the chroot.
245
248
246 ##### `ENABLE_NEXMON`=false
249 ##### `ENABLE_NEXMON`=false
247 Install and enable the [Source code for a C-based firmware patching framework for Broadcom/Cypress WiFi chips that enables you to write your own firmware patches, for example, to enable monitor mode with radiotap headers and frame injection](https://github.com/seemoo-lab/nexmon.git).
250 Install and enable the [Source code for a C-based firmware patching framework for Broadcom/Cypress WiFi chips that enables you to write your own firmware patches, for example, to enable monitor mode with radiotap headers and frame injection](https://github.com/seemoo-lab/nexmon.git).
248
251
249 ##### `NEXMONSRC_DIR`=""
252 ##### `NEXMONSRC_DIR`=""
250 Path to a directory (`nexmon`) of [Source code for ARM side libraries for interfacing to Raspberry Pi GPU](https://github.com/raspberrypi/userland) that will be copied, configured, build and installed inside the chroot.
253 Path to a directory (`nexmon`) of [Source code for ARM side libraries for interfacing to Raspberry Pi GPU](https://github.com/raspberrypi/userland) that will be copied, configured, build and installed inside the chroot.
251
254
252 ##### `ENABLE_IPTABLES`=false
255 ##### `ENABLE_IPTABLES`=false
253 Enable iptables IPv4/IPv6 firewall. Simplified ruleset: Allow all outgoing connections. Block all incoming connections except to OpenSSH service.
256 Enable iptables IPv4/IPv6 firewall. Simplified ruleset: Allow all outgoing connections. Block all incoming connections except to OpenSSH service.
254
257
255 ##### `ENABLE_USER`=true
258 ##### `ENABLE_USER`=true
256 Create non-root user with password `USER_PASSWORD`=raspberry. Unless overridden with `USER_NAME`=user, the username will be `pi`.
259 Create non-root user with password `USER_PASSWORD`=raspberry. Unless overridden with `USER_NAME`=user, the username will be `pi`.
257
260
258 ##### `USER_NAME`=pi
261 ##### `USER_NAME`=pi
259 Non-root user to create. Ignored if `ENABLE_USER`=false
262 Non-root user to create. Ignored if `ENABLE_USER`=false
260
263
261 ##### `ENABLE_ROOT`=false
264 ##### `ENABLE_ROOT`=false
262 Set root user password so root login will be enabled
265 Set root user password so root login will be enabled
263
266
264 ##### `ENABLE_HARDNET`=false
267 ##### `ENABLE_HARDNET`=false
265 Enable IPv4/IPv6 network stack hardening settings.
268 Enable IPv4/IPv6 network stack hardening settings.
266
269
267 ##### `ENABLE_SPLITFS`=false
270 ##### `ENABLE_SPLITFS`=false
268 Enable having root partition on an USB drive by creating two image files: one for the `/boot/firmware` mount point, and another for `/`.
271 Enable having root partition on an USB drive by creating two image files: one for the `/boot/firmware` mount point, and another for `/`.
269
272
270 ##### `CHROOT_SCRIPTS`=""
273 ##### `CHROOT_SCRIPTS`=""
271 Path to a directory with scripts that should be run in the chroot before the image is finally built. Every executable file in this directory is run in lexicographical order.
274 Path to a directory with scripts that should be run in the chroot before the image is finally built. Every executable file in this directory is run in lexicographical order.
272
275
273 ##### `ENABLE_INITRAMFS`=false
276 ##### `ENABLE_INITRAMFS`=false
274 Create an initramfs that that will be loaded during the Linux startup process. `ENABLE_INITRAMFS` will automatically get enabled if `ENABLE_CRYPTFS`=true. This parameter will be ignored if `BUILD_KERNEL`=false.
277 Create an initramfs that that will be loaded during the Linux startup process. `ENABLE_INITRAMFS` will automatically get enabled if `ENABLE_CRYPTFS`=true. This parameter will be ignored if `BUILD_KERNEL`=false.
275
278
276 ##### `ENABLE_IFNAMES`=true
279 ##### `ENABLE_IFNAMES`=true
277 Enable automatic assignment of predictable, stable network interface names for all local Ethernet, WLAN interfaces. This might create complex and long interface names.
280 Enable automatic assignment of predictable, stable network interface names for all local Ethernet, WLAN interfaces. This might create complex and long interface names.
278
281
279 ##### `ENABLE_SPLASH`=true
282 ##### `ENABLE_SPLASH`=true
280 Enable default Raspberry Pi boot up rainbow splash screen.
283 Enable default Raspberry Pi boot up rainbow splash screen.
281
284
282 ##### `ENABLE_LOGO`=true
285 ##### `ENABLE_LOGO`=true
283 Enable default Raspberry Pi console logo (image of four raspberries in the top left corner).
286 Enable default Raspberry Pi console logo (image of four raspberries in the top left corner).
284
287
285 ##### `ENABLE_SILENT_BOOT`=false
288 ##### `ENABLE_SILENT_BOOT`=false
286 Set the verbosity of console messages shown during boot up to a strict minimum.
289 Set the verbosity of console messages shown during boot up to a strict minimum.
287
290
288 ##### `DISABLE_UNDERVOLT_WARNINGS`=
291 ##### `DISABLE_UNDERVOLT_WARNINGS`=
289 Disable RPi2/3 under-voltage warnings and overlays. Setting the parameter to `1` will disable the warning overlay. Setting it to `2` will additionally allow RPi2/3 turbo mode when low-voltage is present.
292 Disable RPi2/3 under-voltage warnings and overlays. Setting the parameter to `1` will disable the warning overlay. Setting it to `2` will additionally allow RPi2/3 turbo mode when low-voltage is present.
290
293
291 ---
294 ---
292
295
293 #### SSH settings:
296 #### SSH settings:
294 ##### `SSH_ENABLE_ROOT`=false
297 ##### `SSH_ENABLE_ROOT`=false
295 Enable password-based root login via SSH. This may be a security risk with the default password set, use only in trusted environments. `ENABLE_ROOT` must be set to `true`.
298 Enable password-based root login via SSH. This may be a security risk with the default password set, use only in trusted environments. `ENABLE_ROOT` must be set to `true`.
296
299
297 ##### `SSH_DISABLE_PASSWORD_AUTH`=false
300 ##### `SSH_DISABLE_PASSWORD_AUTH`=false
298 Disable password-based SSH authentication. Only public key based SSH (v2) authentication will be supported.
301 Disable password-based SSH authentication. Only public key based SSH (v2) authentication will be supported.
299
302
300 ##### `SSH_LIMIT_USERS`=false
303 ##### `SSH_LIMIT_USERS`=false
301 Limit the users that are allowed to login via SSH. Only allow user `USER_NAME`=pi and root if `SSH_ENABLE_ROOT`=true to login. This parameter will be ignored if `dropbear` SSH is used (`REDUCE_SSHD`=true).
304 Limit the users that are allowed to login via SSH. Only allow user `USER_NAME`=pi and root if `SSH_ENABLE_ROOT`=true to login. This parameter will be ignored if `dropbear` SSH is used (`REDUCE_SSHD`=true).
302
305
303 ##### `SSH_ROOT_PUB_KEY`=""
306 ##### `SSH_ROOT_PUB_KEY`=""
304 Add SSH (v2) public key(s) from specified file to `authorized_keys` file to enable public key based SSH (v2) authentication of user `root`. The specified file can also contain multiple SSH (v2) public keys. SSH protocol version 1 is not supported. `ENABLE_ROOT` **and** `SSH_ENABLE_ROOT` must be set to `true`.
307 Add SSH (v2) public key(s) from specified file to `authorized_keys` file to enable public key based SSH (v2) authentication of user `root`. The specified file can also contain multiple SSH (v2) public keys. SSH protocol version 1 is not supported. `ENABLE_ROOT` **and** `SSH_ENABLE_ROOT` must be set to `true`.
305
308
306 ##### `SSH_USER_PUB_KEY`=""
309 ##### `SSH_USER_PUB_KEY`=""
307 Add SSH (v2) public key(s) from specified file to `authorized_keys` file to enable public key based SSH (v2) authentication of user `USER_NAME`=pi. The specified file can also contain multiple SSH (v2) public keys. SSH protocol version 1 is not supported.
310 Add SSH (v2) public key(s) from specified file to `authorized_keys` file to enable public key based SSH (v2) authentication of user `USER_NAME`=pi. The specified file can also contain multiple SSH (v2) public keys. SSH protocol version 1 is not supported.
308
311
309 ---
312 ---
310
313
311 #### Kernel compilation:
314 #### Kernel compilation:
312 ##### `BUILD_KERNEL`=true
315 ##### `BUILD_KERNEL`=true
313 Build and install the latest RPi 0/1/2/3 Linux kernel. Currently only the default RPi 0/1/2/3 kernel configuration is used.
316 Build and install the latest RPi 0/1/2/3 Linux kernel. Currently only the default RPi 0/1/2/3 kernel configuration is used.
314
317
315 ##### `CROSS_COMPILE`="arm-linux-gnueabihf-"
318 ##### `CROSS_COMPILE`="arm-linux-gnueabihf-"
316 This sets the cross-compile environment for the compiler.
319 This sets the cross-compile environment for the compiler.
317
320
318 ##### `KERNEL_ARCH`="arm"
321 ##### `KERNEL_ARCH`="arm"
319 This sets the kernel architecture for the compiler.
322 This sets the kernel architecture for the compiler.
320
323
321 ##### `KERNEL_IMAGE`="kernel7.img"
324 ##### `KERNEL_IMAGE`="kernel7.img"
322 Name of the image file in the boot partition. If not set, `KERNEL_IMAGE` will be set to "kernel8.img" automatically if building for arm64.
325 Name of the image file in the boot partition. If not set, `KERNEL_IMAGE` will be set to "kernel8.img" automatically if building for arm64.
323
326
324 ##### `KERNEL_BRANCH`=""
327 ##### `KERNEL_BRANCH`=""
325 Name of the requested branch from the GIT location for the RPi Kernel. Default is using the current default branch from the GIT site.
328 Name of the requested branch from the GIT location for the RPi Kernel. Default is using the current default branch from the GIT site.
326
329
327 ##### `QEMU_BINARY`="/usr/bin/qemu-arm-static"
330 ##### `QEMU_BINARY`="/usr/bin/qemu-arm-static"
328 Sets the QEMU enviornment for the Debian archive. If not set, `QEMU_BINARY` will be set to "/usr/bin/qemu-aarch64-static" automatically if building for arm64.
331 Sets the QEMU enviornment for the Debian archive. If not set, `QEMU_BINARY` will be set to "/usr/bin/qemu-aarch64-static" automatically if building for arm64.
329
332
330 ##### `KERNEL_DEFCONFIG`="bcm2709_defconfig"
333 ##### `KERNEL_DEFCONFIG`="bcm2709_defconfig"
331 Sets the default config for kernel compiling. If not set, `KERNEL_DEFCONFIG` will be set to "bcmrpi3\_defconfig" automatically if building for arm64.
334 Sets the default config for kernel compiling. If not set, `KERNEL_DEFCONFIG` will be set to "bcmrpi3\_defconfig" automatically if building for arm64.
332
335
333 ##### `KERNEL_REDUCE`=false
336 ##### `KERNEL_REDUCE`=false
334 Reduce the size of the generated kernel by removing unwanted devices, network and filesystem drivers (experimental).
337 Reduce the size of the generated kernel by removing unwanted devices, network and filesystem drivers (experimental).
335
338
336 ##### `KERNEL_THREADS`=1
339 ##### `KERNEL_THREADS`=1
337 Number of parallel kernel building threads. If the parameter is left untouched the script will automatically determine the number of CPU cores to set the number of parallel threads to speed the kernel compilation.
340 Number of parallel kernel building threads. If the parameter is left untouched the script will automatically determine the number of CPU cores to set the number of parallel threads to speed the kernel compilation.
338
341
339 ##### `KERNEL_HEADERS`=true
342 ##### `KERNEL_HEADERS`=true
340 Install kernel headers with the built kernel.
343 Install kernel headers with the built kernel.
341
344
342 ##### `KERNEL_MENUCONFIG`=false
345 ##### `KERNEL_MENUCONFIG`=false
343 Start `make menuconfig` interactive menu-driven kernel configuration. The script will continue after `make menuconfig` was terminated.
346 Start `make menuconfig` interactive menu-driven kernel configuration. The script will continue after `make menuconfig` was terminated.
344
347
345 ##### `KERNEL_OLDDEFCONFIG`=false
348 ##### `KERNEL_OLDDEFCONFIG`=false
346 Run `make olddefconfig` to automatically set all new kernel configuration options to their recommended default values.
349 Run `make olddefconfig` to automatically set all new kernel configuration options to their recommended default values.
347
350
348 ##### `KERNEL_CCACHE`=false
351 ##### `KERNEL_CCACHE`=false
349 Compile the kernel using ccache. This speeds up kernel recompilation by caching previous compilations and detecting when the same compilation is being done again.
352 Compile the kernel using ccache. This speeds up kernel recompilation by caching previous compilations and detecting when the same compilation is being done again.
350
353
351 ##### `KERNEL_REMOVESRC`=true
354 ##### `KERNEL_REMOVESRC`=true
352 Remove all kernel sources from the generated OS image after it was built and installed.
355 Remove all kernel sources from the generated OS image after it was built and installed.
353
356
354 ##### `KERNELSRC_DIR`=""
357 ##### `KERNELSRC_DIR`=""
355 Path to a directory (`linux`) of [RaspberryPi Linux kernel sources](https://github.com/raspberrypi/linux) that will be copied, configured, build and installed inside the chroot.
358 Path to a directory (`linux`) of [RaspberryPi Linux kernel sources](https://github.com/raspberrypi/linux) that will be copied, configured, build and installed inside the chroot.
356
359
357 ##### `KERNELSRC_CLEAN`=false
360 ##### `KERNELSRC_CLEAN`=false
358 Clean the existing kernel sources directory `KERNELSRC_DIR` (using `make mrproper`) after it was copied to the chroot and before the compilation of the kernel has started. This parameter will be ignored if no `KERNELSRC_DIR` was specified or if `KERNELSRC_PREBUILT`=true.
361 Clean the existing kernel sources directory `KERNELSRC_DIR` (using `make mrproper`) after it was copied to the chroot and before the compilation of the kernel has started. This parameter will be ignored if no `KERNELSRC_DIR` was specified or if `KERNELSRC_PREBUILT`=true.
359
362
360 ##### `KERNELSRC_CONFIG`=true
363 ##### `KERNELSRC_CONFIG`=true
361 Run `make bcm2709_defconfig` (and optional `make menuconfig`) to configure the kernel sources before building. This parameter is automatically set to `true` if no existing kernel sources directory was specified using `KERNELSRC_DIR`. This parameter is ignored if `KERNELSRC_PREBUILT`=true.
364 Run `make bcm2709_defconfig` (and optional `make menuconfig`) to configure the kernel sources before building. This parameter is automatically set to `true` if no existing kernel sources directory was specified using `KERNELSRC_DIR`. This parameter is ignored if `KERNELSRC_PREBUILT`=true.
362
365
363 ##### `KERNELSRC_USRCONFIG`=""
366 ##### `KERNELSRC_USRCONFIG`=""
364 Copy own config file to kernel `.config`. If `KERNEL_MENUCONFIG`=true then running after copy.
367 Copy own config file to kernel `.config`. If `KERNEL_MENUCONFIG`=true then running after copy.
365
368
366 ##### `KERNELSRC_PREBUILT`=false
369 ##### `KERNELSRC_PREBUILT`=false
367 With this parameter set to true the script expects the existing kernel sources directory to be already successfully cross-compiled. The parameters `KERNELSRC_CLEAN`, `KERNELSRC_CONFIG`, `KERNELSRC_USRCONFIG` and `KERNEL_MENUCONFIG` are ignored and no kernel compilation tasks are performed.
370 With this parameter set to true the script expects the existing kernel sources directory to be already successfully cross-compiled. The parameters `KERNELSRC_CLEAN`, `KERNELSRC_CONFIG`, `KERNELSRC_USRCONFIG` and `KERNEL_MENUCONFIG` are ignored and no kernel compilation tasks are performed.
368
371
369 ##### `RPI_FIRMWARE_DIR`=""
372 ##### `RPI_FIRMWARE_DIR`=""
370 The directory (`firmware`) containing a local copy of the firmware from the [RaspberryPi firmware project](https://github.com/raspberrypi/firmware). Default is to download the latest firmware directly from the project.
373 The directory (`firmware`) containing a local copy of the firmware from the [RaspberryPi firmware project](https://github.com/raspberrypi/firmware). Default is to download the latest firmware directly from the project.
371
374
372 ##### `KERNEL_DEFAULT_GOV`="ONDEMAND"
375 ##### `KERNEL_DEFAULT_GOV`="ONDEMAND"
373 Set the default cpu governor at kernel compilation. Supported values are: PERFORMANCE POWERSAVE USERSPACE ONDEMAND CONSERVATIVE SCHEDUTIL
376 Set the default cpu governor at kernel compilation. Supported values are: PERFORMANCE POWERSAVE USERSPACE ONDEMAND CONSERVATIVE SCHEDUTIL
374
377
375 ##### `KERNEL_NF`=false
378 ##### `KERNEL_NF`=false
376 Enable Netfilter modules as kernel modules
379 Enable Netfilter modules as kernel modules
377
380
378 ##### `KERNEL_VIRT`=false
381 ##### `KERNEL_VIRT`=false
379 Enable Kernel KVM support (/dev/kvm)
382 Enable Kernel KVM support (/dev/kvm)
380
383
381 ##### `KERNEL_ZSWAP`=false
384 ##### `KERNEL_ZSWAP`=false
382 Enable Kernel Zswap support. Best use on high RAM load and mediocre CPU load usecases
385 Enable Kernel Zswap support. Best use on high RAM load and mediocre CPU load usecases
383
386
384 ##### `KERNEL_BPF`=true
387 ##### `KERNEL_BPF`=true
385 Allow attaching eBPF programs to a cgroup using the bpf syscall (CONFIG_BPF_SYSCALL CONFIG_CGROUP_BPF) [systemd compilations about it - File /lib/systemd/system/systemd-journald.server:36 configures an IP firewall (IPAddressDeny=all), but the local system does not support BPF/cgroup based firewalls]
388 Allow attaching eBPF programs to a cgroup using the bpf syscall (CONFIG_BPF_SYSCALL CONFIG_CGROUP_BPF) [systemd compilations about it - File /lib/systemd/system/systemd-journald.server:36 configures an IP firewall (IPAddressDeny=all), but the local system does not support BPF/cgroup based firewalls]
386
389
387 ##### `KERNEL_SECURITY`=false
390 ##### `KERNEL_SECURITY`=false
388 Enables Apparmor, integrity subsystem, auditing.
391 Enables Apparmor, integrity subsystem, auditing.
389
392
390 ---
393 ---
391
394
392 #### Reduce disk usage:
395 #### Reduce disk usage:
393 The following list of parameters is ignored if `ENABLE_REDUCE`=false.
396 The following list of parameters is ignored if `ENABLE_REDUCE`=false.
394
397
395 ##### `REDUCE_APT`=true
398 ##### `REDUCE_APT`=true
396 Configure APT to use compressed package repository lists and no package caching files.
399 Configure APT to use compressed package repository lists and no package caching files.
397
400
398 ##### `REDUCE_DOC`=true
401 ##### `REDUCE_DOC`=true
399 Remove all doc files (harsh). Configure APT to not include doc files on future `apt-get` package installations.
402 Remove all doc files (harsh). Configure APT to not include doc files on future `apt-get` package installations.
400
403
401 ##### `REDUCE_MAN`=true
404 ##### `REDUCE_MAN`=true
402 Remove all man pages and info files (harsh). Configure APT to not include man pages on future `apt-get` package installations.
405 Remove all man pages and info files (harsh). Configure APT to not include man pages on future `apt-get` package installations.
403
406
404 ##### `REDUCE_VIM`=false
407 ##### `REDUCE_VIM`=false
405 Replace `vim-tiny` package by `levee` a tiny vim clone.
408 Replace `vim-tiny` package by `levee` a tiny vim clone.
406
409
407 ##### `REDUCE_BASH`=false
410 ##### `REDUCE_BASH`=false
408 Remove `bash` package and switch to `dash` shell (experimental).
411 Remove `bash` package and switch to `dash` shell (experimental).
409
412
410 ##### `REDUCE_HWDB`=true
413 ##### `REDUCE_HWDB`=true
411 Remove PCI related hwdb files (experimental).
414 Remove PCI related hwdb files (experimental).
412
415
413 ##### `REDUCE_SSHD`=true
416 ##### `REDUCE_SSHD`=true
414 Replace `openssh-server` with `dropbear`.
417 Replace `openssh-server` with `dropbear`.
415
418
416 ##### `REDUCE_LOCALE`=true
419 ##### `REDUCE_LOCALE`=true
417 Remove all `locale` translation files.
420 Remove all `locale` translation files.
418
421
419 ---
422 ---
420
423
421 #### Encrypted root partition:
424 #### Encrypted root partition:
422 ##### `ENABLE_CRYPTFS`=false
425 ##### `ENABLE_CRYPTFS`=false
423 Enable full system encryption with dm-crypt. Setup a fully LUKS encrypted root partition (aes-xts-plain64:sha512) and generate required initramfs. The /boot directory will not be encrypted. This parameter will be ignored if `BUILD_KERNEL`=false. `ENABLE_CRYPTFS` is experimental. SSH-to-initramfs is currently not supported but will be soon - feel free to help.
426 Enable full system encryption with dm-crypt. Setup a fully LUKS encrypted root partition (aes-xts-plain64:sha512) and generate required initramfs. The /boot directory will not be encrypted. This parameter will be ignored if `BUILD_KERNEL`=false. `ENABLE_CRYPTFS` is experimental. SSH-to-initramfs is currently not supported but will be soon - feel free to help.
424
427
425 ##### `CRYPTFS_PASSWORD`=""
428 ##### `CRYPTFS_PASSWORD`=""
426 Set password of the encrypted root partition. This parameter is mandatory if `ENABLE_CRYPTFS`=true.
429 Set password of the encrypted root partition. This parameter is mandatory if `ENABLE_CRYPTFS`=true.
427
430
428 ##### `CRYPTFS_MAPPING`="secure"
431 ##### `CRYPTFS_MAPPING`="secure"
429 Set name of dm-crypt managed device-mapper mapping.
432 Set name of dm-crypt managed device-mapper mapping.
430
433
431 ##### `CRYPTFS_CIPHER`="aes-xts-plain64:sha512"
434 ##### `CRYPTFS_CIPHER`="aes-xts-plain64:sha512"
432 Set cipher specification string. `aes-xts*` ciphers are strongly recommended.
435 Set cipher specification string. `aes-xts*` ciphers are strongly recommended.
433
436
434 ##### `CRYPTFS_XTSKEYSIZE`=512
437 ##### `CRYPTFS_XTSKEYSIZE`=512
435 Sets key size in bits. The argument has to be a multiple of 8.
438 Sets key size in bits. The argument has to be a multiple of 8.
436
439
437 ##### `CRYPTFS_DROPBEAR`=false
440 ##### `CRYPTFS_DROPBEAR`=false
438 Enable Dropbear Initramfs support
441 Enable Dropbear Initramfs support
439
442
440 ##### `CRYPTFS_DROPBEAR_PUBKEY`=""
443 ##### `CRYPTFS_DROPBEAR_PUBKEY`=""
441 Provide path to dropbear Public RSA-OpenSSH Key
444 Provide path to dropbear Public RSA-OpenSSH Key
442
445
443 ---
446 ---
444
447
445 #### Build settings:
448 #### Build settings:
446 ##### `BASEDIR`=$(pwd)/images/${RELEASE}
449 ##### `BASEDIR`=$(pwd)/images/${RELEASE}
447 Set a path to a working directory used by the script to generate an image.
450 Set a path to a working directory used by the script to generate an image.
448
451
449 ##### `IMAGE_NAME`=${BASEDIR}/${DATE}-${KERNEL_ARCH}-${KERNEL_BRANCH}-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}
452 ##### `IMAGE_NAME`=${BASEDIR}/${DATE}-${KERNEL_ARCH}-${KERNEL_BRANCH}-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}
450 Set a filename for the output file(s). Note: the script will create $IMAGE_NAME.img if `ENABLE_SPLITFS`=false or $IMAGE_NAME-frmw.img and $IMAGE_NAME-root.img if `ENABLE_SPLITFS`=true. Note 2: If the KERNEL_BRANCH is not set, the word "CURRENT" is used.
453 Set a filename for the output file(s). Note: the script will create $IMAGE_NAME.img if `ENABLE_SPLITFS`=false or $IMAGE_NAME-frmw.img and $IMAGE_NAME-root.img if `ENABLE_SPLITFS`=true. Note 2: If the KERNEL_BRANCH is not set, the word "CURRENT" is used.
451
454
452 ## Understanding the script
455 ## Understanding the script
453 The functions of this script that are required for the different stages of the bootstrapping are split up into single files located inside the `bootstrap.d` directory. During the bootstrapping every script in this directory gets executed in lexicographical order:
456 The functions of this script that are required for the different stages of the bootstrapping are split up into single files located inside the `bootstrap.d` directory. During the bootstrapping every script in this directory gets executed in lexicographical order:
454
457
455 | Script | Description |
458 | Script | Description |
456 | --- | --- |
459 | --- | --- |
457 | `10-bootstrap.sh` | Debootstrap basic system |
460 | `10-bootstrap.sh` | Debootstrap basic system |
458 | `11-apt.sh` | Setup APT repositories |
461 | `11-apt.sh` | Setup APT repositories |
459 | `12-locale.sh` | Setup Locales and keyboard settings |
462 | `12-locale.sh` | Setup Locales and keyboard settings |
460 | `13-kernel.sh` | Build and install RPi 0/1/2/3 Kernel |
463 | `13-kernel.sh` | Build and install RPi 0/1/2/3 Kernel |
461 | `14-fstab.sh` | Setup fstab and initramfs |
464 | `14-fstab.sh` | Setup fstab and initramfs |
462 | `15-rpi-config.sh` | Setup RPi 0/1/2/3 config and cmdline |
465 | `15-rpi-config.sh` | Setup RPi 0/1/2/3 config and cmdline |
463 | `20-networking.sh` | Setup Networking |
466 | `20-networking.sh` | Setup Networking |
464 | `21-firewall.sh` | Setup Firewall |
467 | `21-firewall.sh` | Setup Firewall |
465 | `30-security.sh` | Setup Users and Security settings |
468 | `30-security.sh` | Setup Users and Security settings |
466 | `31-logging.sh` | Setup Logging |
469 | `31-logging.sh` | Setup Logging |
467 | `32-sshd.sh` | Setup SSH and public keys |
470 | `32-sshd.sh` | Setup SSH and public keys |
468 | `41-uboot.sh` | Build and Setup U-Boot |
471 | `41-uboot.sh` | Build and Setup U-Boot |
469 | `42-fbturbo.sh` | Build and Setup fbturbo Xorg driver |
472 | `42-fbturbo.sh` | Build and Setup fbturbo Xorg driver |
470 | `43-videocore.sh` | Build and Setup videocore libraries |
473 | `43-videocore.sh` | Build and Setup videocore libraries |
471 | `50-firstboot.sh` | First boot actions |
474 | `50-firstboot.sh` | First boot actions |
472 | `99-reduce.sh` | Reduce the disk space usage |
475 | `99-reduce.sh` | Reduce the disk space usage |
473
476
474 All the required configuration files that will be copied to the generated OS image are located inside the `files` directory. It is not recommended to modify these configuration files manually.
477 All the required configuration files that will be copied to the generated OS image are located inside the `files` directory. It is not recommended to modify these configuration files manually.
475
478
476 | Directory | Description |
479 | Directory | Description |
477 | --- | --- |
480 | --- | --- |
478 | `apt` | APT management configuration files |
481 | `apt` | APT management configuration files |
479 | `boot` | Boot and RPi 0/1/2/3 configuration files |
482 | `boot` | Boot and RPi 0/1/2/3 configuration files |
480 | `dpkg` | Package Manager configuration |
483 | `dpkg` | Package Manager configuration |
481 | `etc` | Configuration files and rc scripts |
484 | `etc` | Configuration files and rc scripts |
482 | `firstboot` | Scripts that get executed on first boot |
485 | `firstboot` | Scripts that get executed on first boot |
483 | `initramfs` | Initramfs scripts |
486 | `initramfs` | Initramfs scripts |
484 | `iptables` | Firewall configuration files |
487 | `iptables` | Firewall configuration files |
485 | `locales` | Locales configuration |
488 | `locales` | Locales configuration |
486 | `modules` | Kernel Modules configuration |
489 | `modules` | Kernel Modules configuration |
487 | `mount` | Fstab configuration |
490 | `mount` | Fstab configuration |
488 | `network` | Networking configuration files |
491 | `network` | Networking configuration files |
489 | `sysctl.d` | Swapping and Network Hardening configuration |
492 | `sysctl.d` | Swapping and Network Hardening configuration |
490 | `xorg` | fbturbo Xorg driver configuration |
493 | `xorg` | fbturbo Xorg driver configuration |
491
494
492 ## Custom packages and scripts
495 ## Custom packages and scripts
493 Debian custom packages, i.e. those not in the debian repositories, can be installed by placing them in the `packages` directory. They are installed immediately after packages from the repositories are installed. Any dependencies listed in the custom packages will be downloaded automatically from the repositories. Do not list these custom packages in `APT_INCLUDES`.
496 Debian custom packages, i.e. those not in the debian repositories, can be installed by placing them in the `packages` directory. They are installed immediately after packages from the repositories are installed. Any dependencies listed in the custom packages will be downloaded automatically from the repositories. Do not list these custom packages in `APT_INCLUDES`.
494
497
495 Scripts in the custom.d directory will be executed after all other installation is complete but before the image is created.
498 Scripts in the custom.d directory will be executed after all other installation is complete but before the image is created.
496
499
497 ## Logging of the bootstrapping process
500 ## Logging of the bootstrapping process
498 All information related to the bootstrapping process and the commands executed by the `rpi23-gen-image.sh` script can easily be saved into a logfile. The common shell command `script` can be used for this purpose:
501 All information related to the bootstrapping process and the commands executed by the `rpi23-gen-image.sh` script can easily be saved into a logfile. The common shell command `script` can be used for this purpose:
499
502
500 ```shell
503 ```shell
501 script -c 'APT_SERVER=ftp.de.debian.org ./rpi23-gen-image.sh' ./build.log
504 script -c 'APT_SERVER=ftp.de.debian.org ./rpi23-gen-image.sh' ./build.log
502 ```
505 ```
503
506
504 ## Flashing the image file
507 ## Flashing the image file
505 After the image file was successfully created by the `rpi23-gen-image.sh` script it can be copied to the microSD card that will be used by the RPi 0/1/2/3 computer. This can be performed by using the tools `bmaptool` or `dd`. Using `bmaptool` will probably speed-up the copy process because `bmaptool` copies more wisely than `dd`.
508 After the image file was successfully created by the `rpi23-gen-image.sh` script it can be copied to the microSD card that will be used by the RPi 0/1/2/3 computer. This can be performed by using the tools `bmaptool` or `dd`. Using `bmaptool` will probably speed-up the copy process because `bmaptool` copies more wisely than `dd`.
506
509
507 ##### Flashing examples:
510 ##### Flashing examples:
508 ```shell
511 ```shell
509 bmaptool copy ./images/buster/2017-01-23-rpi3-buster.img /dev/mmcblk0
512 bmaptool copy ./images/buster/2017-01-23-rpi3-buster.img /dev/mmcblk0
510 dd bs=4M if=./images/buster/2017-01-23-rpi3-buster.img of=/dev/mmcblk0
513 dd bs=4M if=./images/buster/2017-01-23-rpi3-buster.img of=/dev/mmcblk0
511 ```
514 ```
512 If you have set `ENABLE_SPLITFS`, copy the `-frmw` image on the microSD card, then the `-root` one on the USB drive:
515 If you have set `ENABLE_SPLITFS`, copy the `-frmw` image on the microSD card, then the `-root` one on the USB drive:
513 ```shell
516 ```shell
514 bmaptool copy ./images/buster/2017-01-23-rpi3-buster-frmw.img /dev/mmcblk0
517 bmaptool copy ./images/buster/2017-01-23-rpi3-buster-frmw.img /dev/mmcblk0
515 bmaptool copy ./images/buster/2017-01-23-rpi3-buster-root.img /dev/sdc
518 bmaptool copy ./images/buster/2017-01-23-rpi3-buster-root.img /dev/sdc
516 ```
519 ```
517
520
518 ## QEMU emulation
521 ## QEMU emulation
519 Start QEMU full system emulation:
522 Start QEMU full system emulation:
520 ```shell
523 ```shell
521 qemu-system-arm -m 2048M -M vexpress-a15 -cpu cortex-a15 -kernel kernel7.img -no-reboot -dtb vexpress-v2p-ca15_a7.dtb -sd ${IMAGE_NAME}.qcow2 -append "root=/dev/mmcblk0p2 rw rootfstype=ext4 console=tty1"
524 qemu-system-arm -m 2048M -M vexpress-a15 -cpu cortex-a15 -kernel kernel7.img -no-reboot -dtb vexpress-v2p-ca15_a7.dtb -sd ${IMAGE_NAME}.qcow2 -append "root=/dev/mmcblk0p2 rw rootfstype=ext4 console=tty1"
522 ```
525 ```
523
526
524 Start QEMU full system emulation and output to console:
527 Start QEMU full system emulation and output to console:
525 ```shell
528 ```shell
526 qemu-system-arm -m 2048M -M vexpress-a15 -cpu cortex-a15 -kernel kernel7.img -no-reboot -dtb vexpress-v2p-ca15_a7.dtb -sd ${IMAGE_NAME}.qcow2 -append "root=/dev/mmcblk0p2 rw rootfstype=ext4 console=ttyAMA0,115200 init=/bin/systemd" -serial stdio
529 qemu-system-arm -m 2048M -M vexpress-a15 -cpu cortex-a15 -kernel kernel7.img -no-reboot -dtb vexpress-v2p-ca15_a7.dtb -sd ${IMAGE_NAME}.qcow2 -append "root=/dev/mmcblk0p2 rw rootfstype=ext4 console=ttyAMA0,115200 init=/bin/systemd" -serial stdio
527 ```
530 ```
528
531
529 Start QEMU full system emulation with SMP and output to console:
532 Start QEMU full system emulation with SMP and output to console:
530 ```shell
533 ```shell
531 qemu-system-arm -m 2048M -M vexpress-a15 -cpu cortex-a15 -smp cpus=2,maxcpus=2 -kernel kernel7.img -no-reboot -dtb vexpress-v2p-ca15_a7.dtb -sd ${IMAGE_NAME}.qcow2 -append "root=/dev/mmcblk0p2 rw rootfstype=ext4 console=ttyAMA0,115200 init=/bin/systemd" -serial stdio
534 qemu-system-arm -m 2048M -M vexpress-a15 -cpu cortex-a15 -smp cpus=2,maxcpus=2 -kernel kernel7.img -no-reboot -dtb vexpress-v2p-ca15_a7.dtb -sd ${IMAGE_NAME}.qcow2 -append "root=/dev/mmcblk0p2 rw rootfstype=ext4 console=ttyAMA0,115200 init=/bin/systemd" -serial stdio
532 ```
535 ```
533
536
534 Start QEMU full system emulation with cryptfs, initramfs and output to console:
537 Start QEMU full system emulation with cryptfs, initramfs and output to console:
535 ```shell
538 ```shell
536 qemu-system-arm -m 2048M -M vexpress-a15 -cpu cortex-a15 -kernel kernel7.img -no-reboot -dtb vexpress-v2p-ca15_a7.dtb -sd ${IMAGE_NAME}.qcow2 -initrd "initramfs-${KERNEL_VERSION}" -append "root=/dev/mapper/secure cryptdevice=/dev/mmcblk0p2:secure rw rootfstype=ext4 console=ttyAMA0,115200 init=/bin/systemd" -serial stdio
539 qemu-system-arm -m 2048M -M vexpress-a15 -cpu cortex-a15 -kernel kernel7.img -no-reboot -dtb vexpress-v2p-ca15_a7.dtb -sd ${IMAGE_NAME}.qcow2 -initrd "initramfs-${KERNEL_VERSION}" -append "root=/dev/mapper/secure cryptdevice=/dev/mmcblk0p2:secure rw rootfstype=ext4 console=ttyAMA0,115200 init=/bin/systemd" -serial stdio
537 ```
540 ```
538
541
539 ## External links and references
542 ## External links and references
540 * [Debian worldwide mirror sites](https://www.debian.org/mirror/list)
543 * [Debian worldwide mirror sites](https://www.debian.org/mirror/list)
541 * [Debian Raspberry Pi 2 Wiki](https://wiki.debian.org/RaspberryPi2)
544 * [Debian Raspberry Pi 2 Wiki](https://wiki.debian.org/RaspberryPi2)
542 * [Debian CrossToolchains Wiki](https://wiki.debian.org/CrossToolchains)
545 * [Debian CrossToolchains Wiki](https://wiki.debian.org/CrossToolchains)
543 * [Official Raspberry Pi Firmware on github](https://github.com/raspberrypi/firmware)
546 * [Official Raspberry Pi Firmware on github](https://github.com/raspberrypi/firmware)
544 * [Official Raspberry Pi Kernel on github](https://github.com/raspberrypi/linux)
547 * [Official Raspberry Pi Kernel on github](https://github.com/raspberrypi/linux)
545 * [U-BOOT git repository](https://git.denx.de/?p=u-boot.git;a=summary)
548 * [U-BOOT git repository](https://git.denx.de/?p=u-boot.git;a=summary)
546 * [Xorg DDX driver fbturbo](https://github.com/ssvb/xf86-video-fbturbo)
549 * [Xorg DDX driver fbturbo](https://github.com/ssvb/xf86-video-fbturbo)
547 * [RPi3 Wireless interface firmware](https://github.com/RPi-Distro/firmware-nonfree/tree/master/brcm)
550 * [RPi3 Wireless interface firmware](https://github.com/RPi-Distro/firmware-nonfree/tree/master/brcm)
548 * [Collabora RPi2 Kernel precompiled](https://repositories.collabora.co.uk/debian/)
551 * [Collabora RPi2 Kernel precompiled](https://repositories.collabora.co.uk/debian/)
Show file before | Show file after | Hide comments
@@ -1,40 +1,44
1 #
1 #
2 # Setup APT repositories
2 # Setup APT repositories
3 #
3 #
4
4
5 # Load utility functions
5 # Load utility functions
6 . ./functions.sh
6 . ./functions.sh
7
7
8 # Install and setup APT proxy configuration
8 # Install and setup APT proxy configuration
9 if [ -z "$APT_PROXY" ] ; then
9 if [ -z "$APT_PROXY" ] ; then
10 install_readonly files/apt/10proxy "${ETC_DIR}/apt/apt.conf.d/10proxy"
10 install_readonly files/apt/10proxy "${ETC_DIR}/apt/apt.conf.d/10proxy"
11 sed -i "s/\"\"/\"${APT_PROXY}\"/" "${ETC_DIR}/apt/apt.conf.d/10proxy"
11 sed -i "s/\"\"/\"${APT_PROXY}\"/" "${ETC_DIR}/apt/apt.conf.d/10proxy"
12 fi
12 fi
13
13
14 # Install APT sources.list
14 # Install APT sources.list
15 install_readonly files/apt/sources.list "${ETC_DIR}/apt/sources.list"
15 install_readonly files/apt/sources.list "${ETC_DIR}/apt/sources.list"
16
16
17 # Use specified APT server and release
17 # Use specified APT server and release
18 sed -i "s/\/ftp.debian.org\//\/${APT_SERVER}\//" "${ETC_DIR}/apt/sources.list"
18 sed -i "s/\/ftp.debian.org\//\/${APT_SERVER}\//" "${ETC_DIR}/apt/sources.list"
19 if [ "$RELEASE" = "bullseye" ] || [ "$RELEASE" = "testing" ] ; then
20 sed -i "s,stretch\\/updates,testing-security," "${ETC_DIR}/apt/sources.list"
21 else
19 sed -i "s/ stretch/ ${RELEASE}/" "${ETC_DIR}/apt/sources.list"
22 sed -i "s/ stretch/ ${RELEASE}/" "${ETC_DIR}/apt/sources.list"
23 fi
20
24
21 # Upgrade package index and update all installed packages and changed dependencies
25 # Upgrade package index and update all installed packages and changed dependencies
22 chroot_exec apt-get -qq -y update
26 chroot_exec apt-get -qq -y update
23 chroot_exec apt-get -qq -y -u dist-upgrade
27 chroot_exec apt-get -qq -y -u dist-upgrade
24
28
25 # Install additional packages
29 # Install additional packages
26 if [ "$APT_INCLUDES_LATE" ] ; then
30 if [ "$APT_INCLUDES_LATE" ] ; then
27 chroot_exec apt-get -qq -y install $(echo "$APT_INCLUDES_LATE" |tr , ' ')
31 chroot_exec apt-get -qq -y install $(echo "$APT_INCLUDES_LATE" |tr , ' ')
28 fi
32 fi
29
33
30 # Install Debian custom packages
34 # Install Debian custom packages
31 if [ -d packages ] ; then
35 if [ -d packages ] ; then
32 for package in packages/*.deb ; do
36 for package in packages/*.deb ; do
33 cp "$package" "${R}"/tmp
37 cp "$package" "${R}"/tmp
34 chroot_exec dpkg --unpack /tmp/"$(basename "$package")"
38 chroot_exec dpkg --unpack /tmp/"$(basename "$package")"
35 done
39 done
36 fi
40 fi
37
41
38 chroot_exec apt-get -qq -y -f install
42 chroot_exec apt-get -qq -y -f install
39
43
40 chroot_exec apt-get -qq -y check
44 chroot_exec apt-get -qq -y check
Show file before | Show file after | Hide comments
@@ -1,615 +1,865
1 #
1 #
2 # Build and Setup RPi2/3 Kernel
2 # Build and Setup RPi2/3 Kernel
3 #
3 #
4
4
5 # Load utility functions
5 # Load utility functions
6 . ./functions.sh
6 . ./functions.sh
7
7
8 # Need to use kali kernel src if nexmon is enabled
8 # Need to use kali kernel src if nexmon is enabled
9 if [ "$ENABLE_NEXMON" = true ] ; then
9 if [ "$ENABLE_NEXMON" = true ] ; then
10 KERNEL_URL="${KALI_KERNEL_URL}"
10 KERNEL_URL="${KALI_KERNEL_URL}"
11 # Clear Branch and KernelSRC_DIR if using nexmon. Everyone will forget to clone kali kernel instead of nomrla kernel
11 # Clear Branch and KernelSRC_DIR if using nexmon. Everyone will forget to clone kali kernel instead of nomrla kernel
12 KERNEL_BRANCH=""
12 KERNEL_BRANCH=""
13 KERNELSRC_DIR=""
13 KERNELSRC_DIR=""
14 fi
14 fi
15
15
16 # Fetch and build latest raspberry kernel
16 # Fetch and build latest raspberry kernel
17 if [ "$BUILD_KERNEL" = true ] ; then
17 if [ "$BUILD_KERNEL" = true ] ; then
18 # Setup source directory
18 # Setup source directory
19 mkdir -p "${KERNEL_DIR}"
19 mkdir -p "${KERNEL_DIR}"
20
20
21 # Copy existing kernel sources into chroot directory
21 # Copy existing kernel sources into chroot directory
22 if [ -n "$KERNELSRC_DIR" ] && [ -d "$KERNELSRC_DIR" ] ; then
22 if [ -n "$KERNELSRC_DIR" ] && [ -d "$KERNELSRC_DIR" ] ; then
23 # Copy kernel sources and include hidden files
23 # Copy kernel sources and include hidden files
24 cp -r "${KERNELSRC_DIR}/". "${KERNEL_DIR}"
24 cp -r "${KERNELSRC_DIR}/". "${KERNEL_DIR}"
25
25
26 # Clean the kernel sources
26 # Clean the kernel sources
27 if [ "$KERNELSRC_CLEAN" = true ] && [ "$KERNELSRC_PREBUILT" = false ] ; then
27 if [ "$KERNELSRC_CLEAN" = true ] && [ "$KERNELSRC_PREBUILT" = false ] ; then
28 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" mrproper
28 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" mrproper
29 fi
29 fi
30 else # KERNELSRC_DIR=""
30 else # KERNELSRC_DIR=""
31 # Create temporary directory for kernel sources
31 # Create temporary directory for kernel sources
32 temp_dir=$(as_nobody mktemp -d)
32 temp_dir=$(as_nobody mktemp -d)
33
33
34 # Fetch current RPi2/3 kernel sources
34 # Fetch current RPi2/3 kernel sources
35 if [ -z "${KERNEL_BRANCH}" ] ; then
35 if [ -z "${KERNEL_BRANCH}" ] ; then
36 as_nobody -H git -C "${temp_dir}" clone --depth=1 "${KERNEL_URL}" linux
36 as_nobody -H git -C "${temp_dir}" clone --depth=1 "${KERNEL_URL}" linux
37 else
37 else
38 as_nobody -H git -C "${temp_dir}" clone --depth=1 --branch "${KERNEL_BRANCH}" "${KERNEL_URL}" linux
38 as_nobody -H git -C "${temp_dir}" clone --depth=1 --branch "${KERNEL_BRANCH}" "${KERNEL_URL}" linux
39 fi
39 fi
40
40
41 # Copy downloaded kernel sources
41 # Copy downloaded kernel sources
42 cp -r "${temp_dir}/linux/"* "${KERNEL_DIR}"
42 cp -r "${temp_dir}/linux/"* "${KERNEL_DIR}"
43
43
44 # Remove temporary directory for kernel sources
44 # Remove temporary directory for kernel sources
45 rm -fr "${temp_dir}"
45 rm -fr "${temp_dir}"
46
46
47 # Set permissions of the kernel sources
47 # Set permissions of the kernel sources
48 chown -R root:root "${R}/usr/src"
48 chown -R root:root "${R}/usr/src"
49 fi
49 fi
50
50
51 # Calculate optimal number of kernel building threads
51 # Calculate optimal number of kernel building threads
52 if [ "$KERNEL_THREADS" = "1" ] && [ -r /proc/cpuinfo ] ; then
52 if [ "$KERNEL_THREADS" = "1" ] && [ -r /proc/cpuinfo ] ; then
53 KERNEL_THREADS=$(grep -c processor /proc/cpuinfo)
53 KERNEL_THREADS=$(grep -c processor /proc/cpuinfo)
54 fi
54 fi
55
55
56 #Copy 32bit config to 64bit
57 if [ "$ENABLE_QEMU" = true ] && [ "$KERNEL_ARCH" = arm64 ]; then
58 cp "${KERNEL_DIR}"/arch/arm/configs/vexpress_defconfig "${KERNEL_DIR}"/arch/arm64/configs/
59 fi
60
56 # Configure and build kernel
61 # Configure and build kernel
57 if [ "$KERNELSRC_PREBUILT" = false ] ; then
62 if [ "$KERNELSRC_PREBUILT" = false ] ; then
58 # Remove device, network and filesystem drivers from kernel configuration
63 # Remove device, network and filesystem drivers from kernel configuration
59 if [ "$KERNEL_REDUCE" = true ] ; then
64 if [ "$KERNEL_REDUCE" = true ] ; then
60 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" "${KERNEL_DEFCONFIG}"
65 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" "${KERNEL_DEFCONFIG}"
61 sed -i\
66 sed -i\
62 -e "s/\(^CONFIG_SND.*\=\).*/\1n/"\
67 -e "s/\(^CONFIG_SND.*\=\).*/\1n/"\
63 -e "s/\(^CONFIG_SOUND.*\=\).*/\1n/"\
68 -e "s/\(^CONFIG_SOUND.*\=\).*/\1n/"\
64 -e "s/\(^CONFIG_AC97.*\=\).*/\1n/"\
69 -e "s/\(^CONFIG_AC97.*\=\).*/\1n/"\
65 -e "s/\(^CONFIG_VIDEO_.*\=\).*/\1n/"\
70 -e "s/\(^CONFIG_VIDEO_.*\=\).*/\1n/"\
66 -e "s/\(^CONFIG_MEDIA_TUNER.*\=\).*/\1n/"\
71 -e "s/\(^CONFIG_MEDIA_TUNER.*\=\).*/\1n/"\
67 -e "s/\(^CONFIG_DVB.*\=\)[ym]/\1n/"\
72 -e "s/\(^CONFIG_DVB.*\=\)[ym]/\1n/"\
68 -e "s/\(^CONFIG_REISERFS.*\=\).*/\1n/"\
73 -e "s/\(^CONFIG_REISERFS.*\=\).*/\1n/"\
69 -e "s/\(^CONFIG_JFS.*\=\).*/\1n/"\
74 -e "s/\(^CONFIG_JFS.*\=\).*/\1n/"\
70 -e "s/\(^CONFIG_XFS.*\=\).*/\1n/"\
75 -e "s/\(^CONFIG_XFS.*\=\).*/\1n/"\
71 -e "s/\(^CONFIG_GFS2.*\=\).*/\1n/"\
76 -e "s/\(^CONFIG_GFS2.*\=\).*/\1n/"\
72 -e "s/\(^CONFIG_OCFS2.*\=\).*/\1n/"\
77 -e "s/\(^CONFIG_OCFS2.*\=\).*/\1n/"\
73 -e "s/\(^CONFIG_BTRFS.*\=\).*/\1n/"\
78 -e "s/\(^CONFIG_BTRFS.*\=\).*/\1n/"\
74 -e "s/\(^CONFIG_HFS.*\=\).*/\1n/"\
79 -e "s/\(^CONFIG_HFS.*\=\).*/\1n/"\
75 -e "s/\(^CONFIG_JFFS2.*\=\)[ym]/\1n/"\
80 -e "s/\(^CONFIG_JFFS2.*\=\)[ym]/\1n/"\
76 -e "s/\(^CONFIG_UBIFS.*\=\).*/\1n/"\
81 -e "s/\(^CONFIG_UBIFS.*\=\).*/\1n/"\
77 -e "s/\(^CONFIG_SQUASHFS.*\=\)[ym]/\1n/"\
82 -e "s/\(^CONFIG_SQUASHFS.*\=\)[ym]/\1n/"\
78 -e "s/\(^CONFIG_W1.*\=\)[ym]/\1n/"\
83 -e "s/\(^CONFIG_W1.*\=\)[ym]/\1n/"\
79 -e "s/\(^CONFIG_HAMRADIO.*\=\).*/\1n/"\
84 -e "s/\(^CONFIG_HAMRADIO.*\=\).*/\1n/"\
80 -e "s/\(^CONFIG_CAN.*\=\).*/\1n/"\
85 -e "s/\(^CONFIG_CAN.*\=\).*/\1n/"\
81 -e "s/\(^CONFIG_IRDA.*\=\).*/\1n/"\
86 -e "s/\(^CONFIG_IRDA.*\=\).*/\1n/"\
82 -e "s/\(^CONFIG_BT_.*\=\).*/\1n/"\
87 -e "s/\(^CONFIG_BT_.*\=\).*/\1n/"\
83 -e "s/\(^CONFIG_WIMAX.*\=\)[ym]/\1n/"\
88 -e "s/\(^CONFIG_WIMAX.*\=\)[ym]/\1n/"\
84 -e "s/\(^CONFIG_6LOWPAN.*\=\).*/\1n/"\
89 -e "s/\(^CONFIG_6LOWPAN.*\=\).*/\1n/"\
85 -e "s/\(^CONFIG_IEEE802154.*\=\).*/\1n/"\
90 -e "s/\(^CONFIG_IEEE802154.*\=\).*/\1n/"\
86 -e "s/\(^CONFIG_NFC.*\=\).*/\1n/"\
91 -e "s/\(^CONFIG_NFC.*\=\).*/\1n/"\
87 -e "s/\(^CONFIG_FB_TFT=.*\=\).*/\1n/"\
92 -e "s/\(^CONFIG_FB_TFT=.*\=\).*/\1n/"\
88 -e "s/\(^CONFIG_TOUCHSCREEN.*\=\).*/\1n/"\
93 -e "s/\(^CONFIG_TOUCHSCREEN.*\=\).*/\1n/"\
89 -e "s/\(^CONFIG_USB_GSPCA_.*\=\).*/\1n/"\
94 -e "s/\(^CONFIG_USB_GSPCA_.*\=\).*/\1n/"\
90 -e "s/\(^CONFIG_DRM.*\=\).*/\1n/"\
95 -e "s/\(^CONFIG_DRM.*\=\).*/\1n/"\
91 "${KERNEL_DIR}/.config"
96 "${KERNEL_DIR}/.config"
92 fi
97 fi
93
98
94 if [ "$KERNELSRC_CONFIG" = true ] ; then
99 if [ "$KERNELSRC_CONFIG" = true ] ; then
95 # Load default raspberry kernel configuration
100 # Load default raspberry kernel configuration
96 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" "${KERNEL_DEFCONFIG}"
101 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" "${KERNEL_DEFCONFIG}"
97
102
98 #Switch to KERNELSRC_DIR so we can use set_kernel_config
103 #Switch to KERNELSRC_DIR so we can use set_kernel_config
99 cd "${KERNEL_DIR}" || exit
104 cd "${KERNEL_DIR}" || exit
100
105
101 if [ "$KERNEL_ARCH" = arm64 ] ; then
106 if [ "$KERNEL_ARCH" = arm64 ] ; then
107 if [ "$KERNEL_ARCH" = arm64 ] && [ "$ENABLE_QEMU" = false ]; then
108 # Mask this temporarily during switch to rpi-4.19.y
102 #Fix SD_DRIVER upstream and downstream mess in 64bit RPIdeb_config
109 #Fix SD_DRIVER upstream and downstream mess in 64bit RPIdeb_config
103 # use correct driver MMC_BCM2835_MMC instead of MMC_BCM2835_SDHOST - see https://www.raspberrypi.org/forums/viewtopic.php?t=210225
110 # use correct driver MMC_BCM2835_MMC instead of MMC_BCM2835_SDHOST - see https://www.raspberrypi.org/forums/viewtopic.php?t=210225
104 set_kernel_config CONFIG_MMC_BCM2835 n
111 set_kernel_config CONFIG_MMC_BCM2835 n
105 set_kernel_config CONFIG_MMC_SDHCI_IPROC n
112 set_kernel_config CONFIG_MMC_SDHCI_IPROC n
106 set_kernel_config CONFIG_USB_DWC2 n
113 set_kernel_config CONFIG_USB_DWC2 n
107 sed -i "s|depends on MMC_BCM2835_MMC && MMC_BCM2835_DMA|depends on MMC_BCM2835_MMC|" "${KERNEL_DIR}"/drivers/mmc/host/Kconfig
114 sed -i "s|depends on MMC_BCM2835_MMC && MMC_BCM2835_DMA|depends on MMC_BCM2835_MMC|" "${KERNEL_DIR}"/drivers/mmc/host/Kconfig
108
115
109 #VLAN got disabled without reason in arm64bit
116 #VLAN got disabled without reason in arm64bit
110 set_kernel_config CONFIG_IPVLAN m
117 set_kernel_config CONFIG_IPVLAN m
111 fi
118 fi
112
119
113 # enable ZSWAP see https://askubuntu.com/a/472227 or https://wiki.archlinux.org/index.php/zswap
120 # enable ZSWAP see https://askubuntu.com/a/472227 or https://wiki.archlinux.org/index.php/zswap
114 if [ "$KERNEL_ZSWAP" = true ] ; then
121 if [ "$KERNEL_ZSWAP" = true ] ; then
115 set_kernel_config CONFIG_ZPOOL y
122 set_kernel_config CONFIG_ZPOOL y
116 set_kernel_config CONFIG_ZSWAP y
123 set_kernel_config CONFIG_ZSWAP y
117 set_kernel_config CONFIG_ZBUD y
124 set_kernel_config CONFIG_ZBUD y
118 set_kernel_config CONFIG_Z3FOLD y
125 set_kernel_config CONFIG_Z3FOLD y
119 set_kernel_config CONFIG_ZSMALLOC y
126 set_kernel_config CONFIG_ZSMALLOC y
120 set_kernel_config CONFIG_PGTABLE_MAPPING y
127 set_kernel_config CONFIG_PGTABLE_MAPPING y
121 set_kernel_config CONFIG_LZO_COMPRESS y
128 set_kernel_config CONFIG_LZO_COMPRESS y
122
123 fi
129 fi
124
130
131 if [ RPI_MODEL = 4 ] ; then
132 # Following are set in current 32-bit LPAE kernel
133 set_kernel_config CONFIG_CGROUP_PIDS y
134 set_kernel_config CONFIG_NET_IPVTI m
135 set_kernel_config CONFIG_NF_TABLES_SET m
136 set_kernel_config CONFIG_NF_TABLES_INET y
137 set_kernel_config CONFIG_NF_TABLES_NETDEV y
138 set_kernel_config CONFIG_NF_FLOW_TABLE m
139 set_kernel_config CONFIG_NFT_FLOW_OFFLOAD m
140 set_kernel_config CONFIG_NFT_CONNLIMIT m
141 set_kernel_config CONFIG_NFT_TUNNEL m
142 set_kernel_config CONFIG_NFT_OBJREF m
143 set_kernel_config CONFIG_NFT_FIB_IPV4 m
144 set_kernel_config CONFIG_NFT_FIB_IPV6 m
145 set_kernel_config CONFIG_NFT_FIB_INET m
146 set_kernel_config CONFIG_NFT_SOCKET m
147 set_kernel_config CONFIG_NFT_OSF m
148 set_kernel_config CONFIG_NFT_TPROXY m
149 set_kernel_config CONFIG_NF_DUP_NETDEV m
150 set_kernel_config CONFIG_NFT_DUP_NETDEV m
151 set_kernel_config CONFIG_NFT_FWD_NETDEV m
152 set_kernel_config CONFIG_NFT_FIB_NETDEV m
153 set_kernel_config CONFIG_NF_FLOW_TABLE_INET m
154 set_kernel_config CONFIG_NF_FLOW_TABLE m
155 set_kernel_config CONFIG_NETFILTER_XT_MATCH_SOCKET m
156 set_kernel_config CONFIG_NFT_CHAIN_ROUTE_IPV6 m
157 set_kernel_config CONFIG_NFT_CHAIN_NAT_IPV6 m
158 set_kernel_config CONFIG_NFT_MASQ_IPV6 m
159 set_kernel_config CONFIG_NFT_REDIR_IPV6 m
160 set_kernel_config CONFIG_NFT_REJECT_IPV6 m
161 set_kernel_config CONFIG_NFT_DUP_IPV6 m
162 set_kernel_config CONFIG_NFT_FIB_IPV6 m
163 set_kernel_config CONFIG_NF_FLOW_TABLE_IPV6 m
164 set_kernel_config CONFIG_NF_TABLES_BRIDGE m
165 set_kernel_config CONFIG_NFT_BRIDGE_REJECT m
166 set_kernel_config CONFIG_NF_LOG_BRIDGE m
167 set_kernel_config CONFIG_MT76_CORE m
168 set_kernel_config CONFIG_MT76_LEDS m
169 set_kernel_config CONFIG_MT76_USB m
170 set_kernel_config CONFIG_MT76x2_COMMON m
171 set_kernel_config CONFIG_MT76x0U m
172 set_kernel_config CONFIG_MT76x2U m
173 set_kernel_config CONFIG_TOUCHSCREEN_ILI210X m
174 set_kernel_config CONFIG_BCM_VC_SM m
175 set_kernel_config CONFIG_BCM2835_SMI_DEV m
176 set_kernel_config CONFIG_RPIVID_MEM m
177 set_kernel_config CONFIG_HW_RANDOM_BCM2835 y
178 set_kernel_config CONFIG_TCG_TPM m
179 set_kernel_config CONFIG_HW_RANDOM_TPM y
180 set_kernel_config CONFIG_TCG_TIS m
181 set_kernel_config CONFIG_TCG_TIS_SPI m
182 set_kernel_config CONFIG_I2C_MUX m
183 set_kernel_config CONFIG_I2C_MUX_GPMUX m
184 set_kernel_config CONFIG_I2C_MUX_PCA954x m
185 set_kernel_config CONFIG_SPI_GPIO m
186 set_kernel_config CONFIG_BATTERY_MAX17040 m
187 set_kernel_config CONFIG_SENSORS_GPIO_FAN m
188 set_kernel_config CONFIG_SENSORS_RASPBERRYPI_HWMON m
189 set_kernel_config CONFIG_BCM2835_THERMAL y
190 set_kernel_config CONFIG_RC_CORE y
191 set_kernel_config CONFIG_RC_MAP y
192 set_kernel_config CONFIG_LIRC y
193 set_kernel_config CONFIG_RC_DECODERS y
194 set_kernel_config CONFIG_IR_NEC_DECODER m
195 set_kernel_config CONFIG_IR_RC5_DECODER m
196 set_kernel_config CONFIG_IR_RC6_DECODER m
197 set_kernel_config CONFIG_IR_JVC_DECODER m
198 set_kernel_config CONFIG_IR_SONY_DECODER m
199 set_kernel_config CONFIG_IR_SANYO_DECODER m
200 set_kernel_config CONFIG_IR_SHARP_DECODER m
201 set_kernel_config CONFIG_IR_MCE_KBD_DECODER m
202 set_kernel_config CONFIG_IR_XMP_DECODER m
203 set_kernel_config CONFIG_IR_IMON_DECODER m
204 set_kernel_config CONFIG_RC_DEVICES y
205 set_kernel_config CONFIG_RC_ATI_REMOTE m
206 set_kernel_config CONFIG_IR_IMON m
207 set_kernel_config CONFIG_IR_MCEUSB m
208 set_kernel_config CONFIG_IR_REDRAT3 m
209 set_kernel_config CONFIG_IR_STREAMZAP m
210 set_kernel_config CONFIG_IR_IGUANA m
211 set_kernel_config CONFIG_IR_TTUSBIR m
212 set_kernel_config CONFIG_RC_LOOPBACK m
213 set_kernel_config CONFIG_IR_GPIO_CIR m
214 set_kernel_config CONFIG_IR_GPIO_TX m
215 set_kernel_config CONFIG_IR_PWM_TX m
216 set_kernel_config CONFIG_VIDEO_V4L2_SUBDEV_API y
217 set_kernel_config CONFIG_VIDEO_AU0828_RC y
218 set_kernel_config CONFIG_VIDEO_CX231XX m
219 set_kernel_config CONFIG_VIDEO_CX231XX_RC y
220 set_kernel_config CONFIG_VIDEO_CX231XX_ALSA m
221 set_kernel_config CONFIG_VIDEO_CX231XX_DVB m
222 set_kernel_config CONFIG_VIDEO_TM6000 m
223 set_kernel_config CONFIG_VIDEO_TM6000_ALSA m
224 set_kernel_config CONFIG_VIDEO_TM6000_DVB m
225 set_kernel_config CONFIG_DVB_USB m
226 set_kernel_config CONFIG_DVB_USB_DIB3000MC m
227 set_kernel_config CONFIG_DVB_USB_A800 m
228 set_kernel_config CONFIG_DVB_USB_DIBUSB_MB m
229 set_kernel_config CONFIG_DVB_USB_DIBUSB_MB_FAULTY y
230 set_kernel_config CONFIG_DVB_USB_DIBUSB_MC m
231 set_kernel_config CONFIG_DVB_USB_DIB0700 m
232 set_kernel_config CONFIG_DVB_USB_UMT_010 m
233 set_kernel_config CONFIG_DVB_USB_CXUSB m
234 set_kernel_config CONFIG_DVB_USB_M920X m
235 set_kernel_config CONFIG_DVB_USB_DIGITV m
236 set_kernel_config CONFIG_DVB_USB_VP7045 m
237 set_kernel_config CONFIG_DVB_USB_VP702X m
238 set_kernel_config CONFIG_DVB_USB_GP8PSK m
239 set_kernel_config CONFIG_DVB_USB_NOVA_T_USB2 m
240 set_kernel_config CONFIG_DVB_USB_TTUSB2 m
241 set_kernel_config CONFIG_DVB_USB_DTT200U m
242 set_kernel_config CONFIG_DVB_USB_OPERA1 m
243 set_kernel_config CONFIG_DVB_USB_AF9005 m
244 set_kernel_config CONFIG_DVB_USB_AF9005_REMOTE m
245 set_kernel_config CONFIG_DVB_USB_PCTV452E m
246 set_kernel_config CONFIG_DVB_USB_DW2102 m
247 set_kernel_config CONFIG_DVB_USB_CINERGY_T2 m
248 set_kernel_config CONFIG_DVB_USB_DTV5100 m
249 set_kernel_config CONFIG_DVB_USB_AZ6027 m
250 set_kernel_config CONFIG_DVB_USB_TECHNISAT_USB2 m
251 set_kernel_config CONFIG_DVB_USB_AF9015 m
252 set_kernel_config CONFIG_DVB_USB_LME2510 m
253 set_kernel_config CONFIG_DVB_USB_RTL28XXU m
254 set_kernel_config CONFIG_VIDEO_EM28XX_RC m
255 set_kernel_config CONFIG_SMS_SIANO_RC m
256 set_kernel_config CONFIG_VIDEO_IR_I2C m
257 set_kernel_config CONFIG_VIDEO_ADV7180 m
258 set_kernel_config CONFIG_VIDEO_TC358743 m
259 set_kernel_config CONFIG_VIDEO_OV5647 m
260 set_kernel_config CONFIG_DVB_M88DS3103 m
261 set_kernel_config CONFIG_DVB_AF9013 m
262 set_kernel_config CONFIG_DVB_RTL2830 m
263 set_kernel_config CONFIG_DVB_RTL2832 m
264 set_kernel_config CONFIG_DVB_SI2168 m
265 set_kernel_config CONFIG_DVB_GP8PSK_FE m
266 set_kernel_config CONFIG_DVB_USB m
267 set_kernel_config CONFIG_DVB_LGDT3306A m
268 set_kernel_config CONFIG_FB_SIMPLE y
269 set_kernel_config CONFIG_SND_BCM2708_SOC_IQAUDIO_CODEC m
270 set_kernel_config CONFIG_SND_BCM2708_SOC_I_SABRE_Q2M m
271 set_kernel_config CONFIG_SND_AUDIOSENSE_PI m
272 set_kernel_config CONFIG_SND_SOC_AD193X m
273 set_kernel_config CONFIG_SND_SOC_AD193X_SPI m
274 set_kernel_config CONFIG_SND_SOC_AD193X_I2C m
275 set_kernel_config CONFIG_SND_SOC_CS4265 m
276 set_kernel_config CONFIG_SND_SOC_DA7213 m
277 set_kernel_config CONFIG_SND_SOC_ICS43432 m
278 set_kernel_config CONFIG_SND_SOC_TLV320AIC32X4 m
279 set_kernel_config CONFIG_SND_SOC_TLV320AIC32X4_I2C m
280 set_kernel_config CONFIG_SND_SOC_I_SABRE_CODEC m
281 set_kernel_config CONFIG_HID_BIGBEN_FF m
282 #set_kernel_config CONFIG_USB_XHCI_PLATFORM y
283 set_kernel_config CONFIG_USB_TMC m
284 set_kernel_config CONFIG_USB_UAS y
285 set_kernel_config CONFIG_USBIP_VUDC m
286 set_kernel_config CONFIG_USB_CONFIGFS m
287 set_kernel_config CONFIG_USB_CONFIGFS_SERIAL y
288 set_kernel_config CONFIG_USB_CONFIGFS_ACM y
289 set_kernel_config CONFIG_USB_CONFIGFS_OBEX y
290 set_kernel_config CONFIG_USB_CONFIGFS_NCM y
291 set_kernel_config CONFIG_USB_CONFIGFS_ECM y
292 set_kernel_config CONFIG_USB_CONFIGFS_ECM_SUBSET y
293 set_kernel_config CONFIG_USB_CONFIGFS_RNDIS y
294 set_kernel_config CONFIG_USB_CONFIGFS_EEM y
295 set_kernel_config CONFIG_USB_CONFIGFS_MASS_STORAGE y
296 set_kernel_config CONFIG_USB_CONFIGFS_F_LB_SS y
297 set_kernel_config CONFIG_USB_CONFIGFS_F_FS y
298 set_kernel_config CONFIG_USB_CONFIGFS_F_UAC1 y
299 set_kernel_config CONFIG_USB_CONFIGFS_F_UAC2 y
300 set_kernel_config CONFIG_USB_CONFIGFS_F_MIDI y
301 set_kernel_config CONFIG_USB_CONFIGFS_F_HID y
302 set_kernel_config CONFIG_USB_CONFIGFS_F_UVC y
303 set_kernel_config CONFIG_USB_CONFIGFS_F_PRINTER y
304 set_kernel_config CONFIG_LEDS_PCA963X m
305 set_kernel_config CONFIG_LEDS_IS31FL32XX m
306 set_kernel_config CONFIG_LEDS_TRIGGER_NETDEV m
307 set_kernel_config CONFIG_RTC_DRV_RV3028 m
308 set_kernel_config CONFIG_AUXDISPLAY y
309 set_kernel_config CONFIG_HD44780 m
310 set_kernel_config CONFIG_FB_TFT_SH1106 m
311 set_kernel_config CONFIG_VIDEO_CODEC_BCM2835 m
312 set_kernel_config CONFIG_BCM2835_POWER y
313 set_kernel_config CONFIG_INV_MPU6050_IIO m
314 set_kernel_config CONFIG_INV_MPU6050_I2C m
315 set_kernel_config CONFIG_SECURITYFS y
316
317 # Safer to build this in
318 set_kernel_config CONFIG_BINFMT_MISC y
319
320 # pulseaudio wants a buffer of at least this size
321 set_kernel_config CONFIG_SND_HDA_PREALLOC_SIZE 2048
322
323 # PR#3063: enable 3D acceleration with 64-bit kernel on RPi4
324 # set the appropriate kernel configs unlocked by this PR
325 set_kernel_config CONFIG_ARCH_BCM y
326 set_kernel_config CONFIG_ARCH_BCM2835 y
327 set_kernel_config CONFIG_DRM_V3D m
328 set_kernel_config CONFIG_DRM_VC4 m
329 set_kernel_config CONFIG_DRM_VC4_HDMI_CEC y
330
331 # PR#3144: add arm64 pcie bounce buffers; enables 4GiB on RPi4
332 # required by PR#3144; should already be applied, but just to be safe
333 set_kernel_config CONFIG_PCIE_BRCMSTB y
334 set_kernel_config CONFIG_BCM2835_MMC y
335
336 # Snap needs squashfs. The ubuntu eoan-preinstalled-server image at
337 # http://cdimage.ubuntu.com/ubuntu-server/daily-preinstalled/current/ uses snap
338 # during cloud-init setup at first boot. Without this the login accounts are not
339 # created and the user can not login.
340 set_kernel_config CONFIG_SQUASHFS y
341
342 # Ceph support for Block Device (RBD) and Filesystem (FS)
343 # https://docs.ceph.com/docs/master/
344 set_kernel_config CONFIG_CEPH_LIB m
345 set_kernel_config CONFIG_CEPH_LIB_USE_DNS_RESOLVER y
346 set_kernel_config CONFIG_CEPH_FS m
347 set_kernel_config CONFIG_CEPH_FSCACHE y
348 set_kernel_config CONFIG_CEPH_FS_POSIX_ACL y
349 set_kernel_config CONFIG_BLK_DEV_RBD m
350
125 # enable basic KVM support; see https://www.raspberrypi.org/forums/viewtopic.php?f=63&t=210546&start=25#p1300453
351 # enable basic KVM support; see https://www.raspberrypi.org/forums/viewtopic.php?f=63&t=210546&start=25#p1300453
126 if [ "$KERNEL_VIRT" = true ] && { [ "$RPI_MODEL" = 2 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; } ; then
352 if [ "$KERNEL_VIRT" = true ] && { [ "$RPI_MODEL" = 2 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] || [ "$RPI_MODEL" = 4 ]; } ; then
353 set_kernel_config CONFIG_HAVE_KVM y
354 set_kernel_config CONFIG_HIGH_RES_TIMERS y
127 set_kernel_config CONFIG_HAVE_KVM_IRQCHIP y
355 set_kernel_config CONFIG_HAVE_KVM_IRQCHIP y
128 set_kernel_config CONFIG_HAVE_KVM_ARCH_TLB_FLUSH_ALL y
356 set_kernel_config CONFIG_HAVE_KVM_ARCH_TLB_FLUSH_ALL y
129 set_kernel_config CONFIG_HAVE_KVM_CPU_RELAX_INTERCEPT y
357 set_kernel_config CONFIG_HAVE_KVM_CPU_RELAX_INTERCEPT y
130 set_kernel_config CONFIG_HAVE_KVM_EVENTFD y
358 set_kernel_config CONFIG_HAVE_KVM_EVENTFD y
131 set_kernel_config CONFIG_HAVE_KVM_IRQFD y
359 set_kernel_config CONFIG_HAVE_KVM_IRQFD y
132 set_kernel_config CONFIG_HAVE_KVM_IRQ_ROUTING y
360 set_kernel_config CONFIG_HAVE_KVM_IRQ_ROUTING y
133 set_kernel_config CONFIG_HAVE_KVM_MSI y
361 set_kernel_config CONFIG_HAVE_KVM_MSI y
134 set_kernel_config CONFIG_KVM y
362 set_kernel_config CONFIG_KVM y
135 set_kernel_config CONFIG_KVM_ARM_HOST y
363 set_kernel_config CONFIG_KVM_ARM_HOST y
136 set_kernel_config CONFIG_KVM_ARM_PMU y
364 set_kernel_config CONFIG_KVM_ARM_PMU y
137 set_kernel_config CONFIG_KVM_COMPAT y
365 set_kernel_config CONFIG_KVM_COMPAT y
138 set_kernel_config CONFIG_KVM_GENERIC_DIRTYLOG_READ_PROTECT y
366 set_kernel_config CONFIG_KVM_GENERIC_DIRTYLOG_READ_PROTECT y
139 set_kernel_config CONFIG_KVM_MMIO y
367 set_kernel_config CONFIG_KVM_MMIO y
140 set_kernel_config CONFIG_KVM_VFIO y
368 set_kernel_config CONFIG_KVM_VFIO y
369 set_kernel_config CONFIG_KVM_MMU_AUDIT y
141 set_kernel_config CONFIG_VHOST m
370 set_kernel_config CONFIG_VHOST m
142 set_kernel_config CONFIG_VHOST_CROSS_ENDIAN_LEGACY y
371 set_kernel_config CONFIG_VHOST_CROSS_ENDIAN_LEGACY y
143 set_kernel_config CONFIG_VHOST_NET m
372 set_kernel_config CONFIG_VHOST_NET m
144 set_kernel_config CONFIG_VIRTUALIZATION y
373 set_kernel_config CONFIG_VIRTUALIZATION y
145
374 set_kernel_config CONFIG_SLAB_FREELIST_RANDOM=y
375 set_kernel_config CONFIG_SLAB_FREELIST_HARDENED=y
146 set_kernel_config CONFIG_MMU_NOTIFIER y
376 set_kernel_config CONFIG_MMU_NOTIFIER y
147
377
148 # erratum
378 # erratum
149 set_kernel_config ARM64_ERRATUM_834220 y
379 set_kernel_config ARM64_ERRATUM_834220 y
150
380
151 # https://sourceforge.net/p/kvm/mailman/message/18440797/
381 # https://sourceforge.net/p/kvm/mailman/message/18440797/
152 set_kernel_config CONFIG_PREEMPT_NOTIFIERS y
382 set_kernel_config CONFIG_PREEMPT_NOTIFIERS y
153 fi
383 fi
154
384
155 # enable apparmor,integrity audit,
385 # enable apparmor,integrity audit,
156 if [ "$KERNEL_SECURITY" = true ] ; then
386 if [ "$KERNEL_SECURITY" = true ] ; then
157
387
158 # security filesystem, security models and audit
388 # security filesystem, security models and audit
159 set_kernel_config CONFIG_SECURITYFS y
389 set_kernel_config CONFIG_SECURITYFS y
160 set_kernel_config CONFIG_SECURITY y
390 set_kernel_config CONFIG_SECURITY y
161 set_kernel_config CONFIG_AUDIT y
391 set_kernel_config CONFIG_AUDIT y
162
392
163 # harden strcpy and memcpy
393 # harden strcpy and memcpy
164 set_kernel_config CONFIG_HARDENED_USERCOPY y
394 set_kernel_config CONFIG_HARDENED_USERCOPY y
165 set_kernel_config CONFIG_HAVE_HARDENED_USERCOPY_ALLOCATOR y
395 set_kernel_config CONFIG_HAVE_HARDENED_USERCOPY_ALLOCATOR y
166 set_kernel_config CONFIG_FORTIFY_SOURCE y
396 set_kernel_config CONFIG_FORTIFY_SOURCE y
167
397
168 # integrity sub-system
398 # integrity sub-system
169 set_kernel_config CONFIG_INTEGRITY y
399 set_kernel_config CONFIG_INTEGRITY y
170 set_kernel_config CONFIG_INTEGRITY_ASYMMETRIC_KEYS y
400 set_kernel_config CONFIG_INTEGRITY_ASYMMETRIC_KEYS y
171 set_kernel_config CONFIG_INTEGRITY_AUDIT y
401 set_kernel_config CONFIG_INTEGRITY_AUDIT y
172 set_kernel_config CONFIG_INTEGRITY_SIGNATURE y
402 set_kernel_config CONFIG_INTEGRITY_SIGNATURE y
173 set_kernel_config CONFIG_INTEGRITY_TRUSTED_KEYRING y
403 set_kernel_config CONFIG_INTEGRITY_TRUSTED_KEYRING y
174
404
175 # This option provides support for retaining authentication tokens and access keys in the kernel.
405 # This option provides support for retaining authentication tokens and access keys in the kernel.
176 set_kernel_config CONFIG_KEYS y
406 set_kernel_config CONFIG_KEYS y
177 set_kernel_config CONFIG_KEYS_COMPAT y
407 set_kernel_config CONFIG_KEYS_COMPAT y
178
408
179 # Apparmor
409 # Apparmor
180 set_kernel_config CONFIG_SECURITY_APPARMOR_BOOTPARAM_VALUE 0
410 set_kernel_config CONFIG_SECURITY_APPARMOR_BOOTPARAM_VALUE 0
181 set_kernel_config CONFIG_SECURITY_APPARMOR_HASH_DEFAULT y
411 set_kernel_config CONFIG_SECURITY_APPARMOR_HASH_DEFAULT y
182 set_kernel_config CONFIG_DEFAULT_SECURITY_APPARMOR y
412 set_kernel_config CONFIG_DEFAULT_SECURITY_APPARMOR y
183 set_kernel_config CONFIG_SECURITY_APPARMOR y
413 set_kernel_config CONFIG_SECURITY_APPARMOR y
184 set_kernel_config CONFIG_SECURITY_APPARMOR_HASH y
414 set_kernel_config CONFIG_SECURITY_APPARMOR_HASH y
185 set_kernel_config CONFIG_DEFAULT_SECURITY "apparmor"
415 set_kernel_config CONFIG_DEFAULT_SECURITY "apparmor"
186
416
187 # restrictions on unprivileged users reading the kernel
417 # restrictions on unprivileged users reading the kernel
188 set_kernel_config CONFIG_SECURITY_DMESG_RESTRICT y
418 set_kernel_config CONFIG_SECURITY_DMESG_RESTRICT y
189
419
190 # network security hooks
420 # network security hooks
191 set_kernel_config CONFIG_SECURITY_NETWORK y
421 set_kernel_config CONFIG_SECURITY_NETWORK y
192 set_kernel_config CONFIG_SECURITY_NETWORK_XFRM y
422 set_kernel_config CONFIG_SECURITY_NETWORK_XFRM y
193 set_kernel_config CONFIG_SECURITY_PATH y
423 set_kernel_config CONFIG_SECURITY_PATH y
194 set_kernel_config CONFIG_SECURITY_YAMA n
424 set_kernel_config CONFIG_SECURITY_YAMA n
195
425
196 # New Options
197 if [ "$KERNEL_NF" = true ] ; then
198 set_kernel_config CONFIG_IP_NF_SECURITY m
199 set_kernel_config CONFIG_NETLABEL y
200 set_kernel_config CONFIG_IP6_NF_SECURITY m
201 fi
202 set_kernel_config CONFIG_SECURITY_SELINUX n
426 set_kernel_config CONFIG_SECURITY_SELINUX n
203 set_kernel_config CONFIG_SECURITY_SMACK n
427 set_kernel_config CONFIG_SECURITY_SMACK n
204 set_kernel_config CONFIG_SECURITY_TOMOYO n
428 set_kernel_config CONFIG_SECURITY_TOMOYO n
205 set_kernel_config CONFIG_SECURITY_APPARMOR_DEBUG n
429 set_kernel_config CONFIG_SECURITY_APPARMOR_DEBUG n
206 set_kernel_config CONFIG_SECURITY_LOADPIN n
430 set_kernel_config CONFIG_SECURITY_LOADPIN n
207 set_kernel_config CONFIG_HARDENED_USERCOPY_PAGESPAN n
431 set_kernel_config CONFIG_HARDENED_USERCOPY_PAGESPAN n
208 set_kernel_config CONFIG_IMA n
432 set_kernel_config CONFIG_IMA n
209 set_kernel_config CONFIG_EVM n
433 set_kernel_config CONFIG_EVM n
210 set_kernel_config CONFIG_FANOTIFY_ACCESS_PERMISSIONS y
434 set_kernel_config CONFIG_FANOTIFY_ACCESS_PERMISSIONS y
211 set_kernel_config CONFIG_NFSD_V4_SECURITY_LABEL y
435 set_kernel_config CONFIG_NFSD_V4_SECURITY_LABEL y
212 set_kernel_config CONFIG_PKCS7_MESSAGE_PARSER y
436 set_kernel_config CONFIG_PKCS7_MESSAGE_PARSER y
213 set_kernel_config CONFIG_SYSTEM_TRUSTED_KEYRING y
437 set_kernel_config CONFIG_SYSTEM_TRUSTED_KEYRING y
214 set_kernel_config CONFIG_SYSTEM_TRUSTED_KEYS y
215 set_kernel_config CONFIG_SYSTEM_EXTRA_CERTIFICATE y
438 set_kernel_config CONFIG_SYSTEM_EXTRA_CERTIFICATE y
216 set_kernel_config CONFIG_SECONDARY_TRUSTED_KEYRING y
439 set_kernel_config CONFIG_SECONDARY_TRUSTED_KEYRING y
217 set_kernel_config CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY n
440 set_kernel_config CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY n
218 set_kernel_config CONFIG_SYSTEM_TRUSTED_KEYS m
441 set_kernel_config CONFIG_SYSTEM_TRUSTED_KEYS m
219 set_kernel_config CONFIG_SYSTEM_EXTRA_CERTIFICATE_SIZE 4096
442 set_kernel_config CONFIG_SYSTEM_EXTRA_CERTIFICATE_SIZE 4096
220
443
221 set_kernel_config CONFIG_ARM64_CRYPTO y
444 set_kernel_config CONFIG_ARM64_CRYPTO y
222 set_kernel_config CONFIG_CRYPTO_SHA256_ARM64 m
445 set_kernel_config CONFIG_CRYPTO_SHA256_ARM64 m
223 set_kernel_config CONFIG_CRYPTO_SHA512_ARM64 m
446 set_kernel_config CONFIG_CRYPTO_SHA512_ARM64 m
224 set_kernel_config CONFIG_CRYPTO_SHA1_ARM64_CE m
447 set_kernel_config CONFIG_CRYPTO_SHA1_ARM64_CE m
225 set_kernel_config CRYPTO_GHASH_ARM64_CE m
448 set_kernel_config CRYPTO_GHASH_ARM64_CE m
226 set_kernel_config CRYPTO_SHA2_ARM64_CE m
449 set_kernel_config CRYPTO_SHA2_ARM64_CE m
227 set_kernel_config CONFIG_CRYPTO_CRCT10DIF_ARM64_CE m
450 set_kernel_config CONFIG_CRYPTO_CRCT10DIF_ARM64_CE m
228 set_kernel_config CONFIG_CRYPTO_CRC32_ARM64_CE m
451 set_kernel_config CONFIG_CRYPTO_CRC32_ARM64_CE m
229 set_kernel_config CONFIG_CRYPTO_AES_ARM64 m
452 set_kernel_config CONFIG_CRYPTO_AES_ARM64 m
230 set_kernel_config CONFIG_CRYPTO_AES_ARM64_CE m
453 set_kernel_config CONFIG_CRYPTO_AES_ARM64_CE m
231 set_kernel_config CONFIG_CRYPTO_AES_ARM64_CE_CCM y
454 set_kernel_config CONFIG_CRYPTO_AES_ARM64_CE_CCM y
232 set_kernel_config CONFIG_CRYPTO_AES_ARM64_CE_BLK y
455 set_kernel_config CONFIG_CRYPTO_AES_ARM64_CE_BLK y
233 set_kernel_config CONFIG_CRYPTO_AES_ARM64_NEON_BLK m
456 set_kernel_config CONFIG_CRYPTO_AES_ARM64_NEON_BLK m
234 set_kernel_config CONFIG_CRYPTO_CHACHA20_NEON m
457 set_kernel_config CONFIG_CRYPTO_CHACHA20_NEON m
235 set_kernel_config CONFIG_CRYPTO_AES_ARM64_BS m
458 set_kernel_config CONFIG_CRYPTO_AES_ARM64_BS m
236 set_kernel_config SYSTEM_TRUSTED_KEYS
237 fi
459 fi
238
460
239 # Netfilter kernel support See https://github.com/raspberrypi/linux/issues/2177#issuecomment-354647406
461 # Netfilter kernel support See https://github.com/raspberrypi/linux/issues/2177#issuecomment-354647406
240 if [ "$KERNEL_NF" = true ] ; then
462 if [ "$KERNEL_NF" = true ] ; then
463 set_kernel_config CONFIG_IP_NF_SECURITY m
464 set_kernel_config CONFIG_NETLABEL y
465 set_kernel_config CONFIG_IP6_NF_SECURITY m
241 set_kernel_config CONFIG_IP_NF_TARGET_SYNPROXY m
466 set_kernel_config CONFIG_IP_NF_TARGET_SYNPROXY m
242 set_kernel_config CONFIG_NETFILTER_XT_TARGET_AUDIT m
467 set_kernel_config CONFIG_NETFILTER_XT_TARGET_AUDIT m
243 set_kernel_config CONFIG_NETFILTER_XT_MATCH_CGROUP m
468 set_kernel_config CONFIG_NETFILTER_XT_MATCH_CGROUP m
244 set_kernel_config CONFIG_NETFILTER_XT_MATCH_IPCOMP m
469 set_kernel_config CONFIG_NETFILTER_XT_MATCH_IPCOMP m
245 set_kernel_config CONFIG_NETFILTER_XT_MATCH_SOCKET m
470 set_kernel_config CONFIG_NETFILTER_XT_MATCH_SOCKET m
246 set_kernel_config CONFIG_NFT_FIB_INET m
471 set_kernel_config CONFIG_NFT_FIB_INET m
247 set_kernel_config CONFIG_NFT_FIB_IPV4 m
472 set_kernel_config CONFIG_NFT_FIB_IPV4 m
248 set_kernel_config CONFIG_NFT_FIB_IPV6 m
473 set_kernel_config CONFIG_NFT_FIB_IPV6 m
249 set_kernel_config CONFIG_NFT_FIB_NETDEV m
474 set_kernel_config CONFIG_NFT_FIB_NETDEV m
250 set_kernel_config CONFIG_NFT_OBJREF m
475 set_kernel_config CONFIG_NFT_OBJREF m
251 set_kernel_config CONFIG_NFT_RT m
476 set_kernel_config CONFIG_NFT_RT m
252 set_kernel_config CONFIG_NFT_SET_BITMAP m
477 set_kernel_config CONFIG_NFT_SET_BITMAP m
253 set_kernel_config CONFIG_NF_CONNTRACK_TIMEOUT y
478 set_kernel_config CONFIG_NF_CONNTRACK_TIMEOUT y
254 set_kernel_config CONFIG_NF_LOG_ARP m
479 set_kernel_config CONFIG_NF_LOG_ARP m
255 set_kernel_config CONFIG_NF_SOCKET_IPV4 m
480 set_kernel_config CONFIG_NF_SOCKET_IPV4 m
256 set_kernel_config CONFIG_NF_SOCKET_IPV6 m
481 set_kernel_config CONFIG_NF_SOCKET_IPV6 m
257 set_kernel_config CONFIG_BRIDGE_EBT_BROUTE m
482 set_kernel_config CONFIG_BRIDGE_EBT_BROUTE m
258 set_kernel_config CONFIG_BRIDGE_EBT_T_FILTER m
483 set_kernel_config CONFIG_BRIDGE_EBT_T_FILTER m
259 set_kernel_config CONFIG_BRIDGE_NF_EBTABLES m
484 set_kernel_config CONFIG_BRIDGE_NF_EBTABLES m
260 set_kernel_config CONFIG_IP6_NF_IPTABLES m
485 set_kernel_config CONFIG_IP6_NF_IPTABLES m
261 set_kernel_config CONFIG_IP6_NF_MATCH_AH m
486 set_kernel_config CONFIG_IP6_NF_MATCH_AH m
262 set_kernel_config CONFIG_IP6_NF_MATCH_EUI64 m
487 set_kernel_config CONFIG_IP6_NF_MATCH_EUI64 m
263 set_kernel_config CONFIG_IP6_NF_NAT m
488 set_kernel_config CONFIG_IP6_NF_NAT m
264 set_kernel_config CONFIG_IP6_NF_TARGET_MASQUERADE m
489 set_kernel_config CONFIG_IP6_NF_TARGET_MASQUERADE m
265 set_kernel_config CONFIG_IP6_NF_TARGET_NPT m
490 set_kernel_config CONFIG_IP6_NF_TARGET_NPT m
266 set_kernel_config CONFIG_IP_NF_SECURITY m
267 set_kernel_config CONFIG_IP_SET_BITMAP_IPMAC m
491 set_kernel_config CONFIG_IP_SET_BITMAP_IPMAC m
268 set_kernel_config CONFIG_IP_SET_BITMAP_PORT m
492 set_kernel_config CONFIG_IP_SET_BITMAP_PORT m
269 set_kernel_config CONFIG_IP_SET_HASH_IP m
493 set_kernel_config CONFIG_IP_SET_HASH_IP m
270 set_kernel_config CONFIG_IP_SET_HASH_IPMARK m
494 set_kernel_config CONFIG_IP_SET_HASH_IPMARK m
271 set_kernel_config CONFIG_IP_SET_HASH_IPPORT m
495 set_kernel_config CONFIG_IP_SET_HASH_IPPORT m
272 set_kernel_config CONFIG_IP_SET_HASH_IPPORTIP m
496 set_kernel_config CONFIG_IP_SET_HASH_IPPORTIP m
273 set_kernel_config CONFIG_IP_SET_HASH_IPPORTNET m
497 set_kernel_config CONFIG_IP_SET_HASH_IPPORTNET m
274 set_kernel_config CONFIG_IP_SET_HASH_MAC m
498 set_kernel_config CONFIG_IP_SET_HASH_MAC m
275 set_kernel_config CONFIG_IP_SET_HASH_NET m
499 set_kernel_config CONFIG_IP_SET_HASH_NET m
276 set_kernel_config CONFIG_IP_SET_HASH_NETIFACE m
500 set_kernel_config CONFIG_IP_SET_HASH_NETIFACE m
277 set_kernel_config CONFIG_IP_SET_HASH_NETNET m
501 set_kernel_config CONFIG_IP_SET_HASH_NETNET m
278 set_kernel_config CONFIG_IP_SET_HASH_NETPORT m
502 set_kernel_config CONFIG_IP_SET_HASH_NETPORT m
279 set_kernel_config CONFIG_IP_SET_HASH_NETPORTNET m
503 set_kernel_config CONFIG_IP_SET_HASH_NETPORTNET m
280 set_kernel_config CONFIG_IP_SET_LIST_SET m
504 set_kernel_config CONFIG_IP_SET_LIST_SET m
281 set_kernel_config CONFIG_NETFILTER_XTABLES m
505 set_kernel_config CONFIG_NETFILTER_XTABLES m
282 set_kernel_config CONFIG_NETFILTER_XTABLES m
506 set_kernel_config CONFIG_NETFILTER_XTABLES m
283 set_kernel_config CONFIG_NFT_BRIDGE_META m
507 set_kernel_config CONFIG_NFT_BRIDGE_META m
284 set_kernel_config CONFIG_NFT_BRIDGE_REJECT m
508 set_kernel_config CONFIG_NFT_BRIDGE_REJECT m
285 set_kernel_config CONFIG_NFT_CHAIN_NAT_IPV4 m
509 set_kernel_config CONFIG_NFT_CHAIN_NAT_IPV4 m
286 set_kernel_config CONFIG_NFT_CHAIN_NAT_IPV6 m
510 set_kernel_config CONFIG_NFT_CHAIN_NAT_IPV6 m
287 set_kernel_config CONFIG_NFT_CHAIN_ROUTE_IPV4 m
511 set_kernel_config CONFIG_NFT_CHAIN_ROUTE_IPV4 m
288 set_kernel_config CONFIG_NFT_CHAIN_ROUTE_IPV6 m
512 set_kernel_config CONFIG_NFT_CHAIN_ROUTE_IPV6 m
289 set_kernel_config CONFIG_NFT_COMPAT m
513 set_kernel_config CONFIG_NFT_COMPAT m
290 set_kernel_config CONFIG_NFT_COUNTER m
514 set_kernel_config CONFIG_NFT_COUNTER m
291 set_kernel_config CONFIG_NFT_CT m
515 set_kernel_config CONFIG_NFT_CT m
292 set_kernel_config CONFIG_NFT_DUP_IPV4 m
516 set_kernel_config CONFIG_NFT_DUP_IPV4 m
293 set_kernel_config CONFIG_NFT_DUP_IPV6 m
517 set_kernel_config CONFIG_NFT_DUP_IPV6 m
294 set_kernel_config CONFIG_NFT_DUP_NETDEV m
518 set_kernel_config CONFIG_NFT_DUP_NETDEV m
295 set_kernel_config CONFIG_NFT_EXTHDR m
519 set_kernel_config CONFIG_NFT_EXTHDR m
296 set_kernel_config CONFIG_NFT_FWD_NETDEV m
520 set_kernel_config CONFIG_NFT_FWD_NETDEV m
297 set_kernel_config CONFIG_NFT_HASH m
521 set_kernel_config CONFIG_NFT_HASH m
298 set_kernel_config CONFIG_NFT_LIMIT m
522 set_kernel_config CONFIG_NFT_LIMIT m
299 set_kernel_config CONFIG_NFT_LOG m
523 set_kernel_config CONFIG_NFT_LOG m
300 set_kernel_config CONFIG_NFT_MASQ m
524 set_kernel_config CONFIG_NFT_MASQ m
301 set_kernel_config CONFIG_NFT_MASQ_IPV4 m
525 set_kernel_config CONFIG_NFT_MASQ_IPV4 m
302 set_kernel_config CONFIG_NFT_MASQ_IPV6 m
526 set_kernel_config CONFIG_NFT_MASQ_IPV6 m
303 set_kernel_config CONFIG_NFT_META m
527 set_kernel_config CONFIG_NFT_META m
304 set_kernel_config CONFIG_NFT_NAT m
528 set_kernel_config CONFIG_NFT_NAT m
305 set_kernel_config CONFIG_NFT_NUMGEN m
529 set_kernel_config CONFIG_NFT_NUMGEN m
306 set_kernel_config CONFIG_NFT_QUEUE m
530 set_kernel_config CONFIG_NFT_QUEUE m
307 set_kernel_config CONFIG_NFT_QUOTA m
531 set_kernel_config CONFIG_NFT_QUOTA m
308 set_kernel_config CONFIG_NFT_REDIR m
532 set_kernel_config CONFIG_NFT_REDIR m
309 set_kernel_config CONFIG_NFT_REDIR_IPV4 m
533 set_kernel_config CONFIG_NFT_REDIR_IPV4 m
310 set_kernel_config CONFIG_NFT_REDIR_IPV6 m
534 set_kernel_config CONFIG_NFT_REDIR_IPV6 m
311 set_kernel_config CONFIG_NFT_REJECT m
535 set_kernel_config CONFIG_NFT_REJECT m
312 set_kernel_config CONFIG_NFT_REJECT_INET m
536 set_kernel_config CONFIG_NFT_REJECT_INET m
313 set_kernel_config CONFIG_NFT_REJECT_IPV4 m
537 set_kernel_config CONFIG_NFT_REJECT_IPV4 m
314 set_kernel_config CONFIG_NFT_REJECT_IPV6 m
538 set_kernel_config CONFIG_NFT_REJECT_IPV6 m
315 set_kernel_config CONFIG_NFT_SET_HASH m
539 set_kernel_config CONFIG_NFT_SET_HASH m
316 set_kernel_config CONFIG_NFT_SET_RBTREE m
540 set_kernel_config CONFIG_NFT_SET_RBTREE m
317 set_kernel_config CONFIG_NF_CONNTRACK_IPV4 m
541 set_kernel_config CONFIG_NF_CONNTRACK_IPV4 m
318 set_kernel_config CONFIG_NF_CONNTRACK_IPV6 m
542 set_kernel_config CONFIG_NF_CONNTRACK_IPV6 m
319 set_kernel_config CONFIG_NF_DEFRAG_IPV4 m
543 set_kernel_config CONFIG_NF_DEFRAG_IPV4 m
320 set_kernel_config CONFIG_NF_DEFRAG_IPV6 m
544 set_kernel_config CONFIG_NF_DEFRAG_IPV6 m
321 set_kernel_config CONFIG_NF_DUP_IPV4 m
545 set_kernel_config CONFIG_NF_DUP_IPV4 m
322 set_kernel_config CONFIG_NF_DUP_IPV6 m
546 set_kernel_config CONFIG_NF_DUP_IPV6 m
323 set_kernel_config CONFIG_NF_DUP_NETDEV m
547 set_kernel_config CONFIG_NF_DUP_NETDEV m
324 set_kernel_config CONFIG_NF_LOG_BRIDGE m
548 set_kernel_config CONFIG_NF_LOG_BRIDGE m
325 set_kernel_config CONFIG_NF_LOG_IPV4 m
549 set_kernel_config CONFIG_NF_LOG_IPV4 m
326 set_kernel_config CONFIG_NF_LOG_IPV6 m
550 set_kernel_config CONFIG_NF_LOG_IPV6 m
327 set_kernel_config CONFIG_NF_NAT_IPV4 m
551 set_kernel_config CONFIG_NF_NAT_IPV4 m
328 set_kernel_config CONFIG_NF_NAT_IPV6 m
552 set_kernel_config CONFIG_NF_NAT_IPV6 m
329 set_kernel_config CONFIG_NF_NAT_MASQUERADE_IPV4 m
553 set_kernel_config CONFIG_NF_NAT_MASQUERADE_IPV4 y
330 set_kernel_config CONFIG_NF_NAT_MASQUERADE_IPV6 m
554 set_kernel_config CONFIG_NF_NAT_MASQUERADE_IPV6 y
331 set_kernel_config CONFIG_NF_NAT_PPTP m
555 set_kernel_config CONFIG_NF_NAT_PPTP m
332 set_kernel_config CONFIG_NF_NAT_PROTO_GRE m
556 set_kernel_config CONFIG_NF_NAT_PROTO_GRE m
333 set_kernel_config CONFIG_NF_NAT_REDIRECT m
557 set_kernel_config CONFIG_NF_NAT_REDIRECT y
334 set_kernel_config CONFIG_NF_NAT_SIP m
558 set_kernel_config CONFIG_NF_NAT_SIP m
335 set_kernel_config CONFIG_NF_NAT_SNMP_BASIC m
559 set_kernel_config CONFIG_NF_NAT_SNMP_BASIC m
336 set_kernel_config CONFIG_NF_NAT_TFTP m
560 set_kernel_config CONFIG_NF_NAT_TFTP m
337 set_kernel_config CONFIG_NF_REJECT_IPV4 m
561 set_kernel_config CONFIG_NF_REJECT_IPV4 m
338 set_kernel_config CONFIG_NF_REJECT_IPV6 m
562 set_kernel_config CONFIG_NF_REJECT_IPV6 m
339 set_kernel_config CONFIG_NF_TABLES m
563 set_kernel_config CONFIG_NF_TABLES m
340 set_kernel_config CONFIG_NF_TABLES_ARP m
564 set_kernel_config CONFIG_NF_TABLES_ARP m
341 set_kernel_config CONFIG_NF_TABLES_BRIDGE m
565 set_kernel_config CONFIG_NF_TABLES_BRIDGE m
342 set_kernel_config CONFIG_NF_TABLES_INET m
566 set_kernel_config CONFIG_NF_TABLES_INET m
343 set_kernel_config CONFIG_NF_TABLES_IPV4 m
567 set_kernel_config CONFIG_NF_TABLES_IPV4 y
344 set_kernel_config CONFIG_NF_TABLES_IPV6 m
568 set_kernel_config CONFIG_NF_TABLES_IPV6 y
345 set_kernel_config CONFIG_NF_TABLES_NETDEV m
569 set_kernel_config CONFIG_NF_TABLES_NETDEV m
570 set_kernel_config CONFIG_NF_TABLES_SET m
571 set_kernel_config CONFIG_NF_TABLES_INET y
572 set_kernel_config CONFIG_NF_TABLES_NETDEV y
573 set_kernel_config CONFIG_NFT_CONNLIMIT m
574 set_kernel_config CONFIG_NFT_TUNNEL m
575 set_kernel_config CONFIG_NFT_SOCKET m
576 set_kernel_config CONFIG_NFT_TPROXY m
577 set_kernel_config CONFIG_NF_FLOW_TABLE m
578 set_kernel_config CONFIG_NFT_FLOW_OFFLOAD m
579 set_kernel_config CONFIG_NF_FLOW_TABLE_INET m
580 set_kernel_config CONFIG_NF_TABLES_ARP y
581 set_kernel_config CONFIG_NF_FLOW_TABLE_IPV4 y
582 set_kernel_config CONFIG_NF_FLOW_TABLE_IPV6 y
583 set_kernel_config CONFIG_NF_TABLES_BRIDGE y
584 set_kernel_config CONFIG_NF_CT_NETLINK_TIMEOUT m
585 set_kernel_config CONFIG_NFT_OSF m
586
346 fi
587 fi
347
588
348 # Enables BPF syscall for systemd-journald see https://github.com/torvalds/linux/blob/master/init/Kconfig#L848 or https://groups.google.com/forum/#!topic/linux.gentoo.user/_2aSc_ztGpA
589 # Enables BPF syscall for systemd-journald see https://github.com/torvalds/linux/blob/master/init/Kconfig#L848 or https://groups.google.com/forum/#!topic/linux.gentoo.user/_2aSc_ztGpA
349 if [ "$KERNEL_BPF" = true ] ; then
590 if [ "$KERNEL_BPF" = true ] ; then
350 set_kernel_config CONFIG_BPF_SYSCALL y
591 set_kernel_config CONFIG_BPF_SYSCALL y
351 set_kernel_config CONFIG_BPF_EVENTS y
592 set_kernel_config CONFIG_BPF_EVENTS y
352 set_kernel_config CONFIG_BPF_STREAM_PARSER y
593 set_kernel_config CONFIG_BPF_STREAM_PARSER y
353 set_kernel_config CONFIG_CGROUP_BPF y
594 set_kernel_config CONFIG_CGROUP_BPF y
595 set_kernel_config CONFIG_XDP_SOCKETS y
354 fi
596 fi
355
597
356 # KERNEL_DEFAULT_GOV was set by user
598 # KERNEL_DEFAULT_GOV was set by user
357 if [ "$KERNEL_DEFAULT_GOV" != powersave ] && [ -n "$KERNEL_DEFAULT_GOV" ] ; then
599 if [ "$KERNEL_DEFAULT_GOV" != powersave ] && [ -n "$KERNEL_DEFAULT_GOV" ] ; then
358
600
359 case "$KERNEL_DEFAULT_GOV" in
601 case "$KERNEL_DEFAULT_GOV" in
360 performance)
602 performance)
361 set_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_PERFORMANCE y
603 set_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_PERFORMANCE y
362 ;;
604 ;;
363 userspace)
605 userspace)
364 set_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_USERSPACE y
606 set_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_USERSPACE y
365 ;;
607 ;;
366 ondemand)
608 ondemand)
367 set_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_ONDEMAND y
609 set_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_ONDEMAND y
368 ;;
610 ;;
369 conservative)
611 conservative)
370 set_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_CONSERVATIVE y
612 set_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_CONSERVATIVE y
371 ;;
613 ;;
372 shedutil)
614 shedutil)
373 set_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_SCHEDUTIL y
615 set_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_SCHEDUTIL y
374 ;;
616 ;;
375 *)
617 *)
376 echo "error: unsupported default cpu governor"
618 echo "error: unsupported default cpu governor"
377 exit 1
619 exit 1
378 ;;
620 ;;
379 esac
621 esac
380
622
381 # unset previous default governor
623 # unset previous default governor
382 unset_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_POWERSAVE
624 unset_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_POWERSAVE
383 fi
625 fi
384
626
385 #Revert to previous directory
627 #Revert to previous directory
386 cd "${WORKDIR}" || exit
628 cd "${WORKDIR}" || exit
387
629
388 # Set kernel configuration parameters to enable qemu emulation
630 # Set kernel configuration parameters to enable qemu emulation
389 if [ "$ENABLE_QEMU" = true ] ; then
631 if [ "$ENABLE_QEMU" = true ] ; then
390 echo "CONFIG_FHANDLE=y" >> "${KERNEL_DIR}"/.config
632 echo "CONFIG_FHANDLE=y" >> "${KERNEL_DIR}"/.config
391 echo "CONFIG_LBDAF=y" >> "${KERNEL_DIR}"/.config
633 echo "CONFIG_LBDAF=y" >> "${KERNEL_DIR}"/.config
392
634
393 if [ "$ENABLE_CRYPTFS" = true ] ; then
635 if [ "$ENABLE_CRYPTFS" = true ] ; then
394 {
636 {
395 echo "CONFIG_EMBEDDED=y"
637 echo "CONFIG_EMBEDDED=y"
396 echo "CONFIG_EXPERT=y"
638 echo "CONFIG_EXPERT=y"
397 echo "CONFIG_DAX=y"
639 echo "CONFIG_DAX=y"
398 echo "CONFIG_MD=y"
640 echo "CONFIG_MD=y"
399 echo "CONFIG_BLK_DEV_MD=y"
641 echo "CONFIG_BLK_DEV_MD=y"
400 echo "CONFIG_MD_AUTODETECT=y"
642 echo "CONFIG_MD_AUTODETECT=y"
401 echo "CONFIG_BLK_DEV_DM=y"
643 echo "CONFIG_BLK_DEV_DM=y"
402 echo "CONFIG_BLK_DEV_DM_BUILTIN=y"
644 echo "CONFIG_BLK_DEV_DM_BUILTIN=y"
403 echo "CONFIG_DM_CRYPT=y"
645 echo "CONFIG_DM_CRYPT=y"
404 echo "CONFIG_CRYPTO_BLKCIPHER=y"
646 echo "CONFIG_CRYPTO_BLKCIPHER=y"
405 echo "CONFIG_CRYPTO_CBC=y"
647 echo "CONFIG_CRYPTO_CBC=y"
406 echo "CONFIG_CRYPTO_XTS=y"
648 echo "CONFIG_CRYPTO_XTS=y"
407 echo "CONFIG_CRYPTO_SHA512=y"
649 echo "CONFIG_CRYPTO_SHA512=y"
408 echo "CONFIG_CRYPTO_MANAGER=y"
650 echo "CONFIG_CRYPTO_MANAGER=y"
409 } >> "${KERNEL_DIR}"/.config
651 } >> "${KERNEL_DIR}"/.config
410 fi
652 fi
411 fi
653 fi
412
654
413 # Copy custom kernel configuration file
655 # Copy custom kernel configuration file
414 if [ -n "$KERNELSRC_USRCONFIG" ] ; then
656 if [ -n "$KERNELSRC_USRCONFIG" ] ; then
415 cp "$KERNELSRC_USRCONFIG" "${KERNEL_DIR}"/.config
657 cp "$KERNELSRC_USRCONFIG" "${KERNEL_DIR}"/.config
416 fi
658 fi
417
659
418 # Set kernel configuration parameters to their default values
660 # Set kernel configuration parameters to their default values
419 if [ "$KERNEL_OLDDEFCONFIG" = true ] ; then
661 if [ "$KERNEL_OLDDEFCONFIG" = true ] ; then
420 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" olddefconfig
662 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" olddefconfig
421 fi
663 fi
422
664
423 # Start menu-driven kernel configuration (interactive)
665 # Start menu-driven kernel configuration (interactive)
424 if [ "$KERNEL_MENUCONFIG" = true ] ; then
666 if [ "$KERNEL_MENUCONFIG" = true ] ; then
425 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" menuconfig
667 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" menuconfig
426 fi
668 fi
427 # end if "$KERNELSRC_CONFIG" = true
669 # end if "$KERNELSRC_CONFIG" = true
428 fi
670 fi
429
671
430 # Use ccache to cross compile the kernel
672 # Use ccache to cross compile the kernel
431 if [ "$KERNEL_CCACHE" = true ] ; then
673 if [ "$KERNEL_CCACHE" = true ] ; then
432 cc="ccache ${CROSS_COMPILE}gcc"
674 cc="ccache ${CROSS_COMPILE}gcc"
433 else
675 else
434 cc="${CROSS_COMPILE}gcc"
676 cc="${CROSS_COMPILE}gcc"
435 fi
677 fi
436
678
437 # Cross compile kernel and dtbs
679 # Cross compile kernel and dtbs
438 make -C "${KERNEL_DIR}" -j"${KERNEL_THREADS}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" CC="${cc}" "${KERNEL_BIN_IMAGE}" dtbs
680 make -C "${KERNEL_DIR}" -j"${KERNEL_THREADS}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" CC="${cc}" "${KERNEL_BIN_IMAGE}" dtbs
439
681
440 # Cross compile kernel modules
682 # Cross compile kernel modules
441 if grep -q "CONFIG_MODULES=y" "${KERNEL_DIR}/.config" ; then
683 if grep -q "CONFIG_MODULES=y" "${KERNEL_DIR}/.config" ; then
442 make -C "${KERNEL_DIR}" -j"${KERNEL_THREADS}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" CC="${cc}" modules
684 make -C "${KERNEL_DIR}" -j"${KERNEL_THREADS}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" CC="${cc}" modules
443 fi
685 fi
444 # end if "$KERNELSRC_PREBUILT" = false
686 # end if "$KERNELSRC_PREBUILT" = false
445 fi
687 fi
446
688
447 # Check if kernel compilation was successful
689 # Check if kernel compilation was successful
448 if [ ! -r "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/${KERNEL_BIN_IMAGE}" ] ; then
690 if [ ! -r "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/${KERNEL_BIN_IMAGE}" ] ; then
449 echo "error: kernel compilation failed! (kernel image not found)"
691 echo "error: kernel compilation failed! (kernel image not found)"
450 cleanup
692 cleanup
451 exit 1
693 exit 1
452 fi
694 fi
453
695
454 # Install kernel modules
696 # Install kernel modules
455 if [ "$ENABLE_REDUCE" = true ] ; then
697 if [ "$ENABLE_REDUCE" = true ] ; then
456 if grep -q "CONFIG_MODULES=y" "${KERNEL_DIR}/.config" ; then
698 if grep -q "CONFIG_MODULES=y" "${KERNEL_DIR}/.config" ; then
457 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_MOD_STRIP=1 INSTALL_MOD_PATH=../../.. modules_install
699 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_MOD_STRIP=1 INSTALL_MOD_PATH=../../.. modules_install
458 fi
700 fi
459 else
701 else
460 if grep -q "CONFIG_MODULES=y" "${KERNEL_DIR}/.config" ; then
702 if grep -q "CONFIG_MODULES=y" "${KERNEL_DIR}/.config" ; then
461 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_MOD_PATH=../../.. modules_install
703 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_MOD_PATH=../../.. modules_install
462 fi
704 fi
463
705
464 # Install kernel firmware
706 # Install kernel firmware
465 if grep -q "^firmware_install:" "${KERNEL_DIR}/Makefile" ; then
707 if grep -q "^firmware_install:" "${KERNEL_DIR}/Makefile" ; then
466 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_FW_PATH=../../../lib firmware_install
708 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_FW_PATH=../../../lib firmware_install
467 fi
709 fi
468 fi
710 fi
469
711
470 # Install kernel headers
712 # Install kernel headers
471 if [ "$KERNEL_HEADERS" = true ] && [ "$KERNEL_REDUCE" = false ] ; then
713 if [ "$KERNEL_HEADERS" = true ] && [ "$KERNEL_REDUCE" = false ] ; then
472 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_HDR_PATH=../.. headers_install
714 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_HDR_PATH=../.. headers_install
473 fi
715 fi
474
716
475 # Prepare boot (firmware) directory
717 # Prepare boot (firmware) directory
476 mkdir "${BOOT_DIR}"
718 mkdir "${BOOT_DIR}"
477
719
478 # Get kernel release version
720 # Get kernel release version
479 KERNEL_VERSION=$(cat "${KERNEL_DIR}/include/config/kernel.release")
721 KERNEL_VERSION=$(cat "${KERNEL_DIR}/include/config/kernel.release")
480
722
481 # Copy kernel configuration file to the boot directory
723 # Copy kernel configuration file to the boot directory
482 install_readonly "${KERNEL_DIR}/.config" "${R}/boot/config-${KERNEL_VERSION}"
724 install_readonly "${KERNEL_DIR}/.config" "${R}/boot/config-${KERNEL_VERSION}"
483
725
484 # Prepare device tree directory
726 # Prepare device tree directory
485 mkdir "${BOOT_DIR}/overlays"
727 mkdir "${BOOT_DIR}/overlays"
486
728
487 # Ensure the proper .dtb is located
729 # Ensure the proper .dtb is located
488 if [ "$KERNEL_ARCH" = "arm" ] ; then
730 if [ "$KERNEL_ARCH" = "arm" ] ; then
489 for dtb in "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/"*.dtb ; do
731 for dtb in "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/"*.dtb ; do
490 if [ -f "${dtb}" ] ; then
732 if [ -f "${dtb}" ] ; then
491 install_readonly "${dtb}" "${BOOT_DIR}/"
733 install_readonly "${dtb}" "${BOOT_DIR}/"
492 fi
734 fi
493 done
735 done
494 else
736 else
495 for dtb in "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/broadcom/"*.dtb ; do
737 for dtb in "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/broadcom/"*.dtb ; do
496 if [ -f "${dtb}" ] ; then
738 if [ -f "${dtb}" ] ; then
497 install_readonly "${dtb}" "${BOOT_DIR}/"
739 install_readonly "${dtb}" "${BOOT_DIR}/"
498 fi
740 fi
499 done
741 done
500 fi
742 fi
501
743
502 # Copy compiled dtb device tree files
744 # Copy compiled dtb device tree files
503 if [ -d "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays" ] ; then
745 if [ -d "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays" ] ; then
504 for dtb in "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays/"*.dtbo ; do
746 for dtb in "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays/"*.dtbo ; do
505 if [ -f "${dtb}" ] ; then
747 if [ -f "${dtb}" ] ; then
506 install_readonly "${dtb}" "${BOOT_DIR}/overlays/"
748 install_readonly "${dtb}" "${BOOT_DIR}/overlays/"
507 fi
749 fi
508 done
750 done
509
751
510 if [ -f "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays/README" ] ; then
752 if [ -f "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays/README" ] ; then
511 install_readonly "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays/README" "${BOOT_DIR}/overlays/README"
753 install_readonly "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays/README" "${BOOT_DIR}/overlays/README"
512 fi
754 fi
513 fi
755 fi
514
756
515 if [ "$ENABLE_UBOOT" = false ] ; then
757 if [ "$ENABLE_UBOOT" = false ] ; then
516 # Convert and copy kernel image to the boot directory
758 # Convert and copy kernel image to the boot directory
517 "${KERNEL_DIR}/scripts/mkknlimg" "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/${KERNEL_BIN_IMAGE}" "${BOOT_DIR}/${KERNEL_IMAGE}"
759 "${KERNEL_DIR}/scripts/mkknlimg" "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/${KERNEL_BIN_IMAGE}" "${BOOT_DIR}/${KERNEL_IMAGE}"
518 else
760 else
519 # Copy kernel image to the boot directory
761 # Copy kernel image to the boot directory
520 install_readonly "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/${KERNEL_BIN_IMAGE}" "${BOOT_DIR}/${KERNEL_IMAGE}"
762 install_readonly "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/${KERNEL_BIN_IMAGE}" "${BOOT_DIR}/${KERNEL_IMAGE}"
521 fi
763 fi
522
764
523 # Remove kernel sources
765 # Remove kernel sources
524 if [ "$KERNEL_REMOVESRC" = true ] ; then
766 if [ "$KERNEL_REMOVESRC" = true ] ; then
525 rm -fr "${KERNEL_DIR}"
767 rm -fr "${KERNEL_DIR}"
526 else
768 else
527 # Prepare compiled kernel modules
769 # Prepare compiled kernel modules
528 if grep -q "CONFIG_MODULES=y" "${KERNEL_DIR}/.config" ; then
770 if grep -q "CONFIG_MODULES=y" "${KERNEL_DIR}/.config" ; then
529 if grep -q "^modules_prepare:" "${KERNEL_DIR}/Makefile" ; then
771 if grep -q "^modules_prepare:" "${KERNEL_DIR}/Makefile" ; then
530 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" modules_prepare
772 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" modules_prepare
531 fi
773 fi
532
774
533 # Create symlinks for kernel modules
775 # Create symlinks for kernel modules
534 chroot_exec ln -sf /usr/src/linux "/lib/modules/${KERNEL_VERSION}/build"
776 chroot_exec ln -sf /usr/src/linux "/lib/modules/${KERNEL_VERSION}/build"
535 chroot_exec ln -sf /usr/src/linux "/lib/modules/${KERNEL_VERSION}/source"
777 chroot_exec ln -sf /usr/src/linux "/lib/modules/${KERNEL_VERSION}/source"
536 fi
778 fi
537 fi
779 fi
538
780
539 else # BUILD_KERNEL=false
781 else # BUILD_KERNEL=false
540 if [ "$SET_ARCH" = 64 ] && { [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; } ; then
782 if [ "$SET_ARCH" = 64 ] ; then
541
783 if [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then
542 # Use Sakakis modified kernel if ZSWAP is active
784 # Use Sakakis modified kernel if ZSWAP is active
543 if [ "$KERNEL_ZSWAP" = true ] || [ "$KERNEL_VIRT" = true ] || [ "$KERNEL_NF" = true ] || [ "$KERNEL_BPF" = true ] ; then
785 if [ "$KERNEL_ZSWAP" = true ] || [ "$KERNEL_VIRT" = true ] || [ "$KERNEL_NF" = true ] || [ "$KERNEL_BPF" = true ] ; then
544 RPI3_64_KERNEL_URL="${RPI3_64_BIS_KERNEL_URL}"
786 RPI3_64_KERNEL_URL="${RPI3_64_BIS_KERNEL_URL}"
545 fi
787 fi
546
788
547 # Create temporary directory for dl
789 # Create temporary directory for dl
548 temp_dir=$(as_nobody mktemp -d)
790 temp_dir=$(as_nobody mktemp -d)
549
791
550 # Fetch kernel dl
792 # Fetch kernel dl
551 as_nobody wget -O "${temp_dir}"/kernel.tar.xz -c "$RPI3_64_KERNEL_URL"
793 as_nobody wget -O "${temp_dir}"/kernel.tar.xz -c "$RPI3_64_KERNEL_URL"
794 fi
795 if [ "$SET_ARCH" = 64 ] && [ "$RPI_MODEL" = 4 ] ; then
796 # Create temporary directory for dl
797 temp_dir=$(as_nobody mktemp -d)
798
799 # Fetch kernel dl
800 as_nobody wget -O "${temp_dir}"/kernel.tar.xz -c "$RPI4_64_KERNEL_URL"
801 fi
552
802
553 #extract download
803 #extract download
554 tar -xJf "${temp_dir}"/kernel.tar.xz -C "${temp_dir}"
804 tar -xJf "${temp_dir}"/kernel.tar.xz -C "${temp_dir}"
555
805
556 #move extracted kernel to /boot/firmware
806 #move extracted kernel to /boot/firmware
557 mkdir "${R}/boot/firmware"
807 mkdir "${R}/boot/firmware"
558 cp "${temp_dir}"/boot/* "${R}"/boot/firmware/
808 cp "${temp_dir}"/boot/* "${R}"/boot/firmware/
559 cp -r "${temp_dir}"/lib/* "${R}"/lib/
809 cp -r "${temp_dir}"/lib/* "${R}"/lib/
560
810
561 # Remove temporary directory for kernel sources
811 # Remove temporary directory for kernel sources
562 rm -fr "${temp_dir}"
812 rm -fr "${temp_dir}"
563
813
564 # Set permissions of the kernel sources
814 # Set permissions of the kernel sources
565 chown -R root:root "${R}/boot/firmware"
815 chown -R root:root "${R}/boot/firmware"
566 chown -R root:root "${R}/lib/modules"
816 chown -R root:root "${R}/lib/modules"
567 fi
817 fi
568
818
569 # Install Kernel from hypriot comptabile with all Raspberry PI
819 # Install Kernel from hypriot comptabile with all Raspberry PI (dunno if its compatible with RPI4 - better compile your own kernel)
570 if [ "$SET_ARCH" = 32 ] ; then
820 if [ "$SET_ARCH" = 32 ] && [ "$RPI_MODEL" != 4 ] ; then
571 # Create temporary directory for dl
821 # Create temporary directory for dl
572 temp_dir=$(as_nobody mktemp -d)
822 temp_dir=$(as_nobody mktemp -d)
573
823
574 # Fetch kernel
824 # Fetch kernel
575 as_nobody wget -O "${temp_dir}"/kernel.deb -c "$RPI_32_KERNEL_URL"
825 as_nobody wget -O "${temp_dir}"/kernel.deb -c "$RPI_32_KERNEL_URL"
576
826
577 # Copy downloaded U-Boot sources
827 # Copy downloaded kernel package
578 mv "${temp_dir}"/kernel.deb "${R}"/tmp/kernel.deb
828 mv "${temp_dir}"/kernel.deb "${R}"/tmp/kernel.deb
579
829
580 # Set permissions
830 # Set permissions
581 chown -R root:root "${R}"/tmp/kernel.deb
831 chown -R root:root "${R}"/tmp/kernel.deb
582
832
583 # Install kernel
833 # Install kernel
584 chroot_exec dpkg -i /tmp/kernel.deb
834 chroot_exec dpkg -i /tmp/kernel.deb
585
835
586 # move /boot to /boot/firmware to fit script env.
836 # move /boot to /boot/firmware to fit script env.
587 #mkdir "${BOOT_DIR}"
837 #mkdir "${BOOT_DIR}"
588 mkdir "${temp_dir}"/firmware
838 mkdir "${temp_dir}"/firmware
589 mv "${R}"/boot/* "${temp_dir}"/firmware/
839 mv "${R}"/boot/* "${temp_dir}"/firmware/
590 mv "${temp_dir}"/firmware "${R}"/boot/
840 mv "${temp_dir}"/firmware "${R}"/boot/
591
841
592 #same for kernel headers
842 #same for kernel headers
593 if [ "$KERNEL_HEADERS" = true ] ; then
843 if [ "$KERNEL_HEADERS" = true ] ; then
594 # Fetch kernel header
844 # Fetch kernel header
595 as_nobody wget -O "${temp_dir}"/kernel-header.deb -c "$RPI_32_KERNELHEADER_URL"
845 as_nobody wget -O "${temp_dir}"/kernel-header.deb -c "$RPI_32_KERNELHEADER_URL"
596 mv "${temp_dir}"/kernel-header.deb "${R}"/tmp/kernel-header.deb
846 mv "${temp_dir}"/kernel-header.deb "${R}"/tmp/kernel-header.deb
597 chown -R root:root "${R}"/tmp/kernel-header.deb
847 chown -R root:root "${R}"/tmp/kernel-header.deb
598 # Install kernel header
848 # Install kernel header
599 chroot_exec dpkg -i /tmp/kernel-header.deb
849 chroot_exec dpkg -i /tmp/kernel-header.deb
600 rm -f "${R}"/tmp/kernel-header.deb
850 rm -f "${R}"/tmp/kernel-header.deb
601 fi
851 fi
602
852
603 # Remove temporary directory and files
853 # Remove temporary directory and files
604 rm -fr "${temp_dir}"
854 rm -fr "${temp_dir}"
605 rm -f "${R}"/tmp/kernel.deb
855 rm -f "${R}"/tmp/kernel.deb
606 fi
856 fi
607
857
608 # Check if kernel installation was successful
858 # Check if kernel installation was successful
609 KERNEL="$(ls -1 "${R}"/boot/firmware/kernel* | sort | tail -n 1)"
859 KERNEL="$(ls -1 "${R}"/boot/firmware/kernel* | sort | tail -n 1)"
610 if [ -z "$KERNEL" ] ; then
860 if [ -z "$KERNEL" ] ; then
611 echo "error: kernel installation failed! (/boot/kernel* not found)"
861 echo "error: kernel installation failed! (/boot/kernel* not found)"
612 cleanup
862 cleanup
613 exit 1
863 exit 1
614 fi
864 fi
615 fi
865 fi
Show file before | Show file after | Hide comments
@@ -1,300 +1,304
1 #
1 #
2 # Setup RPi2/3 config and cmdline
2 # Setup RPi2/3 config and cmdline
3 #
3 #
4
4
5 # Load utility functions
5 # Load utility functions
6 . ./functions.sh
6 . ./functions.sh
7
7
8 if [ -n "$RPI_FIRMWARE_DIR" ] && [ -d "$RPI_FIRMWARE_DIR" ] ; then
8 if [ -n "$RPI_FIRMWARE_DIR" ] && [ -d "$RPI_FIRMWARE_DIR" ] ; then
9 # Install boot binaries from local directory
9 # Install boot binaries from local directory
10 cp "${RPI_FIRMWARE_DIR}"/boot/bootcode.bin "${BOOT_DIR}"/bootcode.bin
10 cp "${RPI_FIRMWARE_DIR}"/boot/bootcode.bin "${BOOT_DIR}"/bootcode.bin
11 cp "${RPI_FIRMWARE_DIR}"/boot/fixup.dat "${BOOT_DIR}"/fixup.dat
11 cp "${RPI_FIRMWARE_DIR}"/boot/fixup.dat "${BOOT_DIR}"/fixup.dat
12 cp "${RPI_FIRMWARE_DIR}"/boot/fixup_cd.dat "${BOOT_DIR}"/fixup_cd.dat
12 cp "${RPI_FIRMWARE_DIR}"/boot/fixup_cd.dat "${BOOT_DIR}"/fixup_cd.dat
13 cp "${RPI_FIRMWARE_DIR}"/boot/fixup_x.dat "${BOOT_DIR}"/fixup_x.dat
13 cp "${RPI_FIRMWARE_DIR}"/boot/fixup_x.dat "${BOOT_DIR}"/fixup_x.dat
14 cp "${RPI_FIRMWARE_DIR}"/boot/start.elf "${BOOT_DIR}"/start.elf
14 cp "${RPI_FIRMWARE_DIR}"/boot/start.elf "${BOOT_DIR}"/start.elf
15 cp "${RPI_FIRMWARE_DIR}"/boot/start_cd.elf "${BOOT_DIR}"/start_cd.elf
15 cp "${RPI_FIRMWARE_DIR}"/boot/start_cd.elf "${BOOT_DIR}"/start_cd.elf
16 cp "${RPI_FIRMWARE_DIR}"/boot/start_x.elf "${BOOT_DIR}"/start_x.elf
16 cp "${RPI_FIRMWARE_DIR}"/boot/start_x.elf "${BOOT_DIR}"/start_x.elf
17 else
17 else
18 # Create temporary directory for boot binaries
18 # Create temporary directory for boot binaries
19 temp_dir=$(as_nobody mktemp -d)
19 temp_dir=$(as_nobody mktemp -d)
20
20
21 # Install latest boot binaries from raspberry/firmware github
21 # Install latest boot binaries from raspberry/firmware github
22 as_nobody wget -q -O "${temp_dir}/bootcode.bin" "${FIRMWARE_URL}/bootcode.bin"
22 as_nobody wget -q -O "${temp_dir}/bootcode.bin" "${FIRMWARE_URL}/bootcode.bin"
23 as_nobody wget -q -O "${temp_dir}/fixup.dat" "${FIRMWARE_URL}/fixup.dat"
23 as_nobody wget -q -O "${temp_dir}/fixup.dat" "${FIRMWARE_URL}/fixup.dat"
24 as_nobody wget -q -O "${temp_dir}/fixup_cd.dat" "${FIRMWARE_URL}/fixup_cd.dat"
24 as_nobody wget -q -O "${temp_dir}/fixup_cd.dat" "${FIRMWARE_URL}/fixup_cd.dat"
25 as_nobody wget -q -O "${temp_dir}/fixup_x.dat" "${FIRMWARE_URL}/fixup_x.dat"
25 as_nobody wget -q -O "${temp_dir}/fixup_x.dat" "${FIRMWARE_URL}/fixup_x.dat"
26 as_nobody wget -q -O "${temp_dir}/start.elf" "${FIRMWARE_URL}/start.elf"
26 as_nobody wget -q -O "${temp_dir}/start.elf" "${FIRMWARE_URL}/start.elf"
27 as_nobody wget -q -O "${temp_dir}/start_cd.elf" "${FIRMWARE_URL}/start_cd.elf"
27 as_nobody wget -q -O "${temp_dir}/start_cd.elf" "${FIRMWARE_URL}/start_cd.elf"
28 as_nobody wget -q -O "${temp_dir}/start_x.elf" "${FIRMWARE_URL}/start_x.elf"
28 as_nobody wget -q -O "${temp_dir}/start_x.elf" "${FIRMWARE_URL}/start_x.elf"
29
29
30 # Move downloaded boot binaries
30 # Move downloaded boot binaries
31 mv "${temp_dir}/"* "${BOOT_DIR}/"
31 mv "${temp_dir}/"* "${BOOT_DIR}/"
32
32
33 # Remove temporary directory for boot binaries
33 # Remove temporary directory for boot binaries
34 rm -fr "${temp_dir}"
34 rm -fr "${temp_dir}"
35
35
36 # Set permissions of the boot binaries
36 # Set permissions of the boot binaries
37 chown -R root:root "${BOOT_DIR}"
37 chown -R root:root "${BOOT_DIR}"
38 chmod -R 600 "${BOOT_DIR}"
38 chmod -R 600 "${BOOT_DIR}"
39 fi
39 fi
40
40
41 # Setup firmware boot cmdline
41 # Setup firmware boot cmdline
42 if [ "$ENABLE_USBBOOT" = true ] ; then
42 if [ "$ENABLE_USBBOOT" = true ] ; then
43 CMDLINE="dwc_otg.lpm_enable=0 root=/dev/sda2 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline console=tty1 rootwait init=/bin/systemd"
43 CMDLINE="dwc_otg.lpm_enable=0 root=/dev/sda2 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline console=tty1 rootwait init=/bin/systemd"
44 else
44 else
45 if [ "$ENABLE_SPLITFS" = true ] ; then
45 if [ "$ENABLE_SPLITFS" = true ] ; then
46 CMDLINE="dwc_otg.lpm_enable=0 root=/dev/sda1 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline console=tty1 rootwait init=/bin/systemd"
46 CMDLINE="dwc_otg.lpm_enable=0 root=/dev/sda1 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline console=tty1 rootwait init=/bin/systemd"
47 else
47 else
48 CMDLINE="dwc_otg.lpm_enable=0 root=/dev/mmcblk0p2 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline console=tty1 rootwait init=/bin/systemd"
48 CMDLINE="dwc_otg.lpm_enable=0 root=/dev/mmcblk0p2 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline console=tty1 rootwait init=/bin/systemd"
49 fi
49 fi
50 fi
50 fi
51
51
52 # Add encrypted root partition to cmdline.txt
52 # Add encrypted root partition to cmdline.txt
53 if [ "$ENABLE_CRYPTFS" = true ] ; then
53 if [ "$ENABLE_CRYPTFS" = true ] ; then
54 if [ "$ENABLE_SPLITFS" = true ] ; then
54 if [ "$ENABLE_SPLITFS" = true ] ; then
55 CMDLINE=$(echo "${CMDLINE}" | sed "s/sda1/mapper\/${CRYPTFS_MAPPING} cryptdevice=\/dev\/sda1:${CRYPTFS_MAPPING}/")
55 CMDLINE=$(echo "${CMDLINE}" | sed "s/sda1/mapper\/${CRYPTFS_MAPPING} cryptdevice=\/dev\/sda1:${CRYPTFS_MAPPING}/")
56 else
56 else
57 if [ "$ENABLE_USBBOOT" = true ] ; then
57 if [ "$ENABLE_USBBOOT" = true ] ; then
58 CMDLINE=$(echo "${CMDLINE}" | sed "s/sda2/mapper\/${CRYPTFS_MAPPING} cryptdevice=\/dev\/sda2:${CRYPTFS_MAPPING}/")
58 CMDLINE=$(echo "${CMDLINE}" | sed "s/sda2/mapper\/${CRYPTFS_MAPPING} cryptdevice=\/dev\/sda2:${CRYPTFS_MAPPING}/")
59 else
59 else
60 CMDLINE=$(echo "${CMDLINE}" | sed "s/mmcblk0p2/mapper\/${CRYPTFS_MAPPING} cryptdevice=\/dev\/mmcblk0p2:${CRYPTFS_MAPPING}/")
60 CMDLINE=$(echo "${CMDLINE}" | sed "s/mmcblk0p2/mapper\/${CRYPTFS_MAPPING} cryptdevice=\/dev\/mmcblk0p2:${CRYPTFS_MAPPING}/")
61 fi
61 fi
62 fi
62 fi
63 fi
63 fi
64
64
65 # Enable Kernel messages on standard output
65 # Enable Kernel messages on standard output
66 if [ "$ENABLE_PRINTK" = true ] ; then
66 if [ "$ENABLE_PRINTK" = true ] ; then
67 install_readonly files/sysctl.d/83-rpi-printk.conf "${ETC_DIR}/sysctl.d/83-rpi-printk.conf"
67 install_readonly files/sysctl.d/83-rpi-printk.conf "${ETC_DIR}/sysctl.d/83-rpi-printk.conf"
68 fi
68 fi
69
69
70 # Enable Kernel messages on standard output
70 # Enable Kernel messages on standard output
71 if [ "$KERNEL_SECURITY" = true ] ; then
71 if [ "$KERNEL_SECURITY" = true ] ; then
72 install_readonly files/sysctl.d/84-rpi-ASLR.conf "${ETC_DIR}/sysctl.d/84-rpi-ASLR.conf"
72 install_readonly files/sysctl.d/84-rpi-ASLR.conf "${ETC_DIR}/sysctl.d/84-rpi-ASLR.conf"
73 fi
73 fi
74
74
75 # Install udev rule for serial alias - serial0 = console serial1=bluetooth
75 # Install udev rule for serial alias - serial0 = console serial1=bluetooth
76 install_readonly files/etc/99-com.rules "${LIB_DIR}/udev/rules.d/99-com.rules"
76 install_readonly files/etc/99-com.rules "${LIB_DIR}/udev/rules.d/99-com.rules"
77
77
78 # Remove IPv6 networking support
78 # Remove IPv6 networking support
79 if [ "$ENABLE_IPV6" = false ] ; then
79 if [ "$ENABLE_IPV6" = false ] ; then
80 CMDLINE="${CMDLINE} ipv6.disable=1"
80 CMDLINE="${CMDLINE} ipv6.disable=1"
81 fi
81 fi
82
82
83 # Automatically assign predictable network interface names
83 # Automatically assign predictable network interface names
84 if [ "$ENABLE_IFNAMES" = false ] ; then
84 if [ "$ENABLE_IFNAMES" = false ] ; then
85 CMDLINE="${CMDLINE} net.ifnames=0"
85 CMDLINE="${CMDLINE} net.ifnames=0"
86 else
86 else
87 CMDLINE="${CMDLINE} net.ifnames=1"
87 CMDLINE="${CMDLINE} net.ifnames=1"
88 fi
88 fi
89
89
90 # Disable Raspberry Pi console logo
90 # Disable Raspberry Pi console logo
91 if [ "$ENABLE_LOGO" = false ] ; then
91 if [ "$ENABLE_LOGO" = false ] ; then
92 CMDLINE="${CMDLINE} logo.nologo"
92 CMDLINE="${CMDLINE} logo.nologo"
93 fi
93 fi
94
94
95 # Strictly limit verbosity of boot up console messages
95 # Strictly limit verbosity of boot up console messages
96 if [ "$ENABLE_SILENT_BOOT" = true ] ; then
96 if [ "$ENABLE_SILENT_BOOT" = true ] ; then
97 CMDLINE="${CMDLINE} quiet loglevel=0 rd.systemd.show_status=auto rd.udev.log_priority=0"
97 CMDLINE="${CMDLINE} quiet loglevel=0 rd.systemd.show_status=auto rd.udev.log_priority=0"
98 fi
98 fi
99
99
100 # Install firmware config
100 # Install firmware config
101 install_readonly files/boot/config.txt "${BOOT_DIR}/config.txt"
101 install_readonly files/boot/config.txt "${BOOT_DIR}/config.txt"
102
102
103 # Disable Raspberry Pi console logo
103 # Disable Raspberry Pi console logo
104 if [ "$ENABLE_SLASH" = false ] ; then
104 if [ "$ENABLE_SLASH" = false ] ; then
105 echo "disable_splash=1" >> "${BOOT_DIR}/config.txt"
105 echo "disable_splash=1" >> "${BOOT_DIR}/config.txt"
106 fi
106 fi
107
107
108 # Locks CPU frequency at maximum
108 # Locks CPU frequency at maximum
109 if [ "$ENABLE_TURBO" = true ] ; then
109 if [ "$ENABLE_TURBO" = true ] ; then
110 echo "force_turbo=1" >> "${BOOT_DIR}/config.txt"
110 echo "force_turbo=1" >> "${BOOT_DIR}/config.txt"
111 # helps to avoid sdcard corruption when force_turbo is enabled.
111 # helps to avoid sdcard corruption when force_turbo is enabled.
112 echo "boot_delay=1" >> "${BOOT_DIR}/config.txt"
112 echo "boot_delay=1" >> "${BOOT_DIR}/config.txt"
113 fi
113 fi
114
114
115 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then
115 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] || [ "$RPI_MODEL" = 4 ]; then
116
116
117 # Bluetooth enabled
117 # Bluetooth enabled
118 if [ "$ENABLE_BLUETOOTH" = true ] ; then
118 if [ "$ENABLE_BLUETOOTH" = true ] ; then
119 # Create temporary directory for Bluetooth sources
119 # Create temporary directory for Bluetooth sources
120 temp_dir=$(as_nobody mktemp -d)
120 temp_dir=$(as_nobody mktemp -d)
121
121
122 # Fetch Bluetooth sources
122 # Fetch Bluetooth sources
123 as_nobody git -C "${temp_dir}" clone "${BLUETOOTH_URL}"
123 as_nobody git -C "${temp_dir}" clone "${BLUETOOTH_URL}"
124
124
125 # Copy downloaded sources
125 # Copy downloaded sources
126 mv "${temp_dir}/pi-bluetooth" "${R}/tmp/"
126 mv "${temp_dir}/pi-bluetooth" "${R}/tmp/"
127
127
128 # Bluetooth firmware from arch aur https://aur.archlinux.org/packages/pi-bluetooth/
129 as_nobody wget -q -O "${R}/tmp/pi-bluetooth/LICENCE.broadcom_bcm43xx" https://aur.archlinux.org/cgit/aur.git/plain/LICENCE.broadcom_bcm43xx?h=pi-bluetooth
130 as_nobody wget -q -O "${R}/tmp/pi-bluetooth/BCM43430A1.hcd" https://raw.githubusercontent.com/RPi-Distro/bluez-firmware/master/broadcom/BCM43430A1.hcd
131
132 # Set permissions
128 # Set permissions
133 chown -R root:root "${R}/tmp/pi-bluetooth"
129 chown -R root:root "${R}/tmp/pi-bluetooth"
134
130
131 # Bluetooth firmware from arch aur https://aur.archlinux.org/packages/pi-bluetooth/
132 wget -q -O "${R}/tmp/pi-bluetooth/LICENCE.broadcom_bcm43xx" https://aur.archlinux.org/cgit/aur.git/plain/LICENCE.broadcom_bcm43xx?h=pi-bluetooth
133 wget -q -O "${R}/tmp/pi-bluetooth/BCM43430A1.hcd" https://raw.githubusercontent.com/RPi-Distro/bluez-firmware/master/broadcom/BCM43430A1.hcd
134
135 # Install tools
135 # Install tools
136 install_readonly "${R}/tmp/pi-bluetooth/usr/bin/btuart" "${R}/usr/bin/btuart"
136 install_readonly "${R}/tmp/pi-bluetooth/usr/bin/btuart" "${R}/usr/bin/btuart"
137 install_readonly "${R}/tmp/pi-bluetooth/usr/bin/bthelper" "${R}/usr/bin/bthelper"
137 install_readonly "${R}/tmp/pi-bluetooth/usr/bin/bthelper" "${R}/usr/bin/bthelper"
138
138
139 # make scripts executable
139 # make scripts executable
140 chmod +x "${R}/usr/bin/bthelper"
140 chmod +x "${R}/usr/bin/bthelper"
141 chmod +x "${R}/usr/bin/btuart"
141 chmod +x "${R}/usr/bin/btuart"
142
142
143 # Install bluetooth udev rule
143 # Install bluetooth udev rule
144 install_readonly "${R}/tmp/pi-bluetooth/lib/udev/rules.d/90-pi-bluetooth.rules" "${LIB_DIR}/udev/rules.d/90-pi-bluetooth.rules"
144 install_readonly "${R}/tmp/pi-bluetooth/lib/udev/rules.d/90-pi-bluetooth.rules" "${LIB_DIR}/udev/rules.d/90-pi-bluetooth.rules"
145
145
146 # Install Firmware Flash file and apropiate licence
146 # Install Firmware Flash file and apropiate licence
147 mkdir -p "$BLUETOOTH_FIRMWARE_DIR"
147 mkdir -p "$BLUETOOTH_FIRMWARE_DIR"
148 install_readonly "${R}/tmp/pi-bluetooth/LICENCE.broadcom_bcm43xx" "${BLUETOOTH_FIRMWARE_DIR}/LICENCE.broadcom_bcm43xx"
148 install_readonly "${R}/tmp/pi-bluetooth/LICENCE.broadcom_bcm43xx" "${BLUETOOTH_FIRMWARE_DIR}/LICENCE.broadcom_bcm43xx"
149 install_readonly "${R}/tmp/pi-bluetooth/BCM43430A1.hcd" "${BLUETOOTH_FIRMWARE_DIR}/BCM43430A1.hcd"
149 install_readonly "${R}/tmp/pi-bluetooth/BCM43430A1.hcd" "${BLUETOOTH_FIRMWARE_DIR}/BCM43430A1.hcd"
150 install_readonly "${R}/tmp/pi-bluetooth/debian/pi-bluetooth.bthelper@.service" "${ETC_DIR}/systemd/system/pi-bluetooth.bthelper@.service"
150 install_readonly "${R}/tmp/pi-bluetooth/debian/pi-bluetooth.bthelper@.service" "${ETC_DIR}/systemd/system/pi-bluetooth.bthelper@.service"
151 install_readonly "${R}/tmp/pi-bluetooth/debian/pi-bluetooth.hciuart.service" "${ETC_DIR}/systemd/system/pi-bluetooth.hciuart.service"
151 install_readonly "${R}/tmp/pi-bluetooth/debian/pi-bluetooth.hciuart.service" "${ETC_DIR}/systemd/system/pi-bluetooth.hciuart.service"
152
152
153 # Remove temporary directories
153 # Remove temporary directories
154 rm -fr "${temp_dir}"
154 rm -fr "${temp_dir}"
155 rm -fr "${R}"/tmp/pi-bluetooth
155 rm -fr "${R}"/tmp/pi-bluetooth
156
156
157 # Switch Pi3 Bluetooth function to use the mini-UART (ttyS0) and restore UART0/ttyAMA0 over GPIOs 14 & 15. Slow Bluetooth and slow cpu. Use /dev/ttyS0 instead of /dev/ttyAMA0
157 # Switch Pi3 Bluetooth function to use the mini-UART (ttyS0) and restore UART0/ttyAMA0 over GPIOs 14 & 15. Slow Bluetooth and slow cpu. Use /dev/ttyS0 instead of /dev/ttyAMA0
158 if [ "$ENABLE_MINIUART_OVERLAY" = true ] ; then
158 if [ "$ENABLE_MINIUART_OVERLAY" = true ] ; then
159 # set overlay to swap ttyAMA0 and ttyS0
159 # set overlay to swap ttyAMA0 and ttyS0
160 echo "dtoverlay=pi3-miniuart-bt" >> "${BOOT_DIR}/config.txt"
160 echo "dtoverlay=pi3-miniuart-bt" >> "${BOOT_DIR}/config.txt"
161
161
162 if [ "$ENABLE_TURBO" = false ] ; then
162 if [ "$ENABLE_TURBO" = false ] ; then
163 echo "core_freq=250" >> "${BOOT_DIR}/config.txt"
163 echo "core_freq=250" >> "${BOOT_DIR}/config.txt"
164 fi
164 fi
165
165
166 fi
166 fi
167
167
168 # Activate services
168 # Activate services
169 chroot_exec systemctl enable pi-bluetooth.hciuart.service
169 chroot_exec systemctl enable pi-bluetooth.hciuart.service
170
170
171 else # if ENABLE_BLUETOOTH = false
171 else # if ENABLE_BLUETOOTH = false
172 # set overlay to disable bluetooth
172 # set overlay to disable bluetooth
173 echo "dtoverlay=pi3-disable-bt" >> "${BOOT_DIR}/config.txt"
173 echo "dtoverlay=pi3-disable-bt" >> "${BOOT_DIR}/config.txt"
174 fi # ENABLE_BLUETOOTH end
174 fi # ENABLE_BLUETOOTH end
175 fi
175 fi
176
176
177 # may need sudo systemctl disable hciuart
177 # may need sudo systemctl disable hciuart
178 if [ "$ENABLE_CONSOLE" = true ] ; then
178 if [ "$ENABLE_CONSOLE" = true ] ; then
179 echo "enable_uart=1" >> "${BOOT_DIR}/config.txt"
179 echo "enable_uart=1" >> "${BOOT_DIR}/config.txt"
180 # add string to cmdline
180 # add string to cmdline
181 CMDLINE="${CMDLINE} console=serial0,115200"
181 CMDLINE="${CMDLINE} console=serial0,115200"
182
182
183 if [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ]|| [ "$RPI_MODEL" = 0 ]; then
183 if [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ]|| [ "$RPI_MODEL" = 0 ]; then
184 # if force_turbo didn't lock cpu at high speed, lock it at low speed (XOR logic) or miniuart will be broken
184 # if force_turbo didn't lock cpu at high speed, lock it at low speed (XOR logic) or miniuart will be broken
185 if [ "$ENABLE_TURBO" = false ] ; then
185 if [ "$ENABLE_TURBO" = false ] ; then
186 echo "core_freq=250" >> "${BOOT_DIR}/config.txt"
186 echo "core_freq=250" >> "${BOOT_DIR}/config.txt"
187 fi
187 fi
188 fi
188 fi
189
189
190 # Enable serial console systemd style
190 # Enable serial console systemd style
191 chroot_exec systemctl enable serial-getty@serial0.service
191 chroot_exec systemctl enable serial-getty@serial0.service
192 else
192 else
193 echo "enable_uart=0" >> "${BOOT_DIR}/config.txt"
193 echo "enable_uart=0" >> "${BOOT_DIR}/config.txt"
194 fi
194 fi
195
195
196 # Disable dphys-swapfile service. Will get enabled on first boot
196 # Disable dphys-swapfile service. Will get enabled on first boot
197 if [ "$ENABLE_DPHYSSWAP" = true ] ; then
197 if [ "$ENABLE_DPHYSSWAP" = true ] ; then
198 chroot_exec systemctl disable dphys-swapfile
198 chroot_exec systemctl disable dphys-swapfile
199 fi
199 fi
200
200
201 if [ "$ENABLE_SYSTEMDSWAP" = true ] ; then
201 if [ "$ENABLE_SYSTEMDSWAP" = true ] ; then
202 # Create temporary directory for systemd-swap sources
202 # Create temporary directory for systemd-swap sources
203 temp_dir=$(as_nobody mktemp -d)
203 temp_dir=$(as_nobody mktemp -d)
204
204
205 # Fetch systemd-swap sources
205 # Fetch systemd-swap sources
206 as_nobody git -C "${temp_dir}" clone "${SYSTEMDSWAP_URL}"
206 as_nobody git -C "${temp_dir}" clone "${SYSTEMDSWAP_URL}"
207
207
208 # Copy downloaded systemd-swap sources
208 # Copy downloaded systemd-swap sources
209 mv "${temp_dir}/systemd-swap" "${R}/tmp/"
209 mv "${temp_dir}/systemd-swap" "${R}/tmp/"
210
210
211 # Change into downloaded src dir
211 # Change into downloaded src dir
212 cd "${R}/tmp/systemd-swap" || exit
212 cd "${R}/tmp/systemd-swap" || exit
213
213
214 # Get Verion
215 VERSION=$(git tag | tail -n 1)
216 #sed -i "s/DEB_NAME=.*/DEB_NAME=systemd-swap_all/g" "${R}/tmp/systemd-swap/package.sh"
217
214 # Build package
218 # Build package
215 bash ./package.sh debian
219 bash ./package.sh debian
216
220
217 # Change back into script root dir
221 # Change back into script root dir
218 cd "${WORKDIR}" || exit
222 cd "${WORKDIR}" || exit
219
223
220 # Set permissions of the systemd-swap sources
224 # Set permissions of the systemd-swap sources
221 chown -R root:root "${R}/tmp/systemd-swap"
225 chown -R root:root "${R}/tmp/systemd-swap"
222
226
223 # Install package - IMPROVE AND MAKE IT POSSIBLE WITHOUT VERSION NR.
227 # Install package - IMPROVE AND MAKE IT POSSIBLE WITHOUT VERSION NR.
224 chroot_exec dpkg -i /tmp/systemd-swap/systemd-swap_4.0.1_any.deb
228 chroot_exec dpkg -i /tmp/systemd-swap/systemd-swap_"$VERSION"_all.deb
225
229
226 # Enable service
230 # Enable service
227 chroot_exec systemctl enable systemd-swap
231 chroot_exec systemctl enable systemd-swap
228
232
229 # Remove temporary directory for systemd-swap sources
233 # Remove temporary directory for systemd-swap sources
230 rm -fr "${temp_dir}"
234 rm -fr "${temp_dir}"
231 else
235 else
232 # Enable ZSWAP in cmdline if systemd-swap is not used
236 # Enable ZSWAP in cmdline if systemd-swap is not used
233 if [ "$KERNEL_ZSWAP" = true ] ; then
237 if [ "$KERNEL_ZSWAP" = true ] ; then
234 CMDLINE="${CMDLINE} zswap.enabled=1 zswap.max_pool_percent=25 zswap.compressor=lz4"
238 CMDLINE="${CMDLINE} zswap.enabled=1 zswap.max_pool_percent=25 zswap.compressor=lz4"
235 fi
239 fi
236 fi
240 fi
237 if [ "$KERNEL_SECURITY" = true ] ; then
241 if [ "$KERNEL_SECURITY" = true ] ; then
238 CMDLINE="${CMDLINE} apparmor=1 security=apparmor"
242 CMDLINE="${CMDLINE} apparmor=1 security=apparmor"
239 fi
243 fi
240
244
241 # Install firmware boot cmdline
245 # Install firmware boot cmdline
242 echo "${CMDLINE}" > "${BOOT_DIR}/cmdline.txt"
246 echo "${CMDLINE}" > "${BOOT_DIR}/cmdline.txt"
243
247
244 # Setup minimal GPU memory allocation size: 16MB (no X)
248 # Setup minimal GPU memory allocation size: 16MB (no X)
245 if [ "$ENABLE_MINGPU" = true ] ; then
249 if [ "$ENABLE_MINGPU" = true ] ; then
246 echo "gpu_mem=16" >> "${BOOT_DIR}/config.txt"
250 echo "gpu_mem=16" >> "${BOOT_DIR}/config.txt"
247 fi
251 fi
248
252
249 # Setup boot with initramfs
253 # Setup boot with initramfs
250 if [ "$ENABLE_INITRAMFS" = true ] ; then
254 if [ "$ENABLE_INITRAMFS" = true ] ; then
251 echo "initramfs initramfs-${KERNEL_VERSION} followkernel" >> "${BOOT_DIR}/config.txt"
255 echo "initramfs initramfs-${KERNEL_VERSION} followkernel" >> "${BOOT_DIR}/config.txt"
252 fi
256 fi
253
257
254 # Create firmware configuration and cmdline symlinks
258 # Create firmware configuration and cmdline symlinks
255 ln -sf firmware/config.txt "${R}/boot/config.txt"
259 ln -sf firmware/config.txt "${R}/boot/config.txt"
256 ln -sf firmware/cmdline.txt "${R}/boot/cmdline.txt"
260 ln -sf firmware/cmdline.txt "${R}/boot/cmdline.txt"
257
261
258 # Install and setup kernel modules to load at boot
262 # Install and setup kernel modules to load at boot
259 mkdir -p "${LIB_DIR}/modules-load.d/"
263 mkdir -p "${LIB_DIR}/modules-load.d/"
260 install_readonly files/modules/rpi2.conf "${LIB_DIR}/modules-load.d/rpi2.conf"
264 install_readonly files/modules/rpi2.conf "${LIB_DIR}/modules-load.d/rpi2.conf"
261
265
262 # Load hardware random module at boot
266 # Load hardware random module at boot
263 if [ "$ENABLE_HWRANDOM" = true ] && [ "$BUILD_KERNEL" = false ] ; then
267 if [ "$ENABLE_HWRANDOM" = true ] && [ "$BUILD_KERNEL" = false ] ; then
264 sed -i "s/^# bcm2708_rng/bcm2708_rng/" "${LIB_DIR}/modules-load.d/rpi2.conf"
268 sed -i "s/^# bcm2708_rng/bcm2708_rng/" "${LIB_DIR}/modules-load.d/rpi2.conf"
265 fi
269 fi
266
270
267 # Load sound module at boot
271 # Load sound module at boot
268 if [ "$ENABLE_SOUND" = true ] ; then
272 if [ "$ENABLE_SOUND" = true ] ; then
269 sed -i "s/^# snd_bcm2835/snd_bcm2835/" "${LIB_DIR}/modules-load.d/rpi2.conf"
273 sed -i "s/^# snd_bcm2835/snd_bcm2835/" "${LIB_DIR}/modules-load.d/rpi2.conf"
270 else
274 else
271 echo "dtparam=audio=off" >> "${BOOT_DIR}/config.txt"
275 echo "dtparam=audio=off" >> "${BOOT_DIR}/config.txt"
272 fi
276 fi
273
277
274 # Enable I2C interface
278 # Enable I2C interface
275 if [ "$ENABLE_I2C" = true ] ; then
279 if [ "$ENABLE_I2C" = true ] ; then
276 echo "dtparam=i2c_arm=on" >> "${BOOT_DIR}/config.txt"
280 echo "dtparam=i2c_arm=on" >> "${BOOT_DIR}/config.txt"
277 sed -i "s/^# i2c-bcm2708/i2c-bcm2708/" "${LIB_DIR}/modules-load.d/rpi2.conf"
281 sed -i "s/^# i2c-bcm2708/i2c-bcm2708/" "${LIB_DIR}/modules-load.d/rpi2.conf"
278 sed -i "s/^# i2c-dev/i2c-dev/" "${LIB_DIR}/modules-load.d/rpi2.conf"
282 sed -i "s/^# i2c-dev/i2c-dev/" "${LIB_DIR}/modules-load.d/rpi2.conf"
279 fi
283 fi
280
284
281 # Enable SPI interface
285 # Enable SPI interface
282 if [ "$ENABLE_SPI" = true ] ; then
286 if [ "$ENABLE_SPI" = true ] ; then
283 echo "dtparam=spi=on" >> "${BOOT_DIR}/config.txt"
287 echo "dtparam=spi=on" >> "${BOOT_DIR}/config.txt"
284 echo "spi-bcm2708" >> "${LIB_DIR}/modules-load.d/rpi2.conf"
288 echo "spi-bcm2708" >> "${LIB_DIR}/modules-load.d/rpi2.conf"
285 if [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ]; then
289 if [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ]; then
286 sed -i "s/spi-bcm2708/spi-bcm2835/" "${LIB_DIR}/modules-load.d/rpi2.conf"
290 sed -i "s/spi-bcm2708/spi-bcm2835/" "${LIB_DIR}/modules-load.d/rpi2.conf"
287 fi
291 fi
288 fi
292 fi
289
293
290 # Disable RPi2/3 under-voltage warnings
294 # Disable RPi2/3 under-voltage warnings
291 if [ -n "$DISABLE_UNDERVOLT_WARNINGS" ] ; then
295 if [ -n "$DISABLE_UNDERVOLT_WARNINGS" ] ; then
292 echo "avoid_warnings=${DISABLE_UNDERVOLT_WARNINGS}" >> "${BOOT_DIR}/config.txt"
296 echo "avoid_warnings=${DISABLE_UNDERVOLT_WARNINGS}" >> "${BOOT_DIR}/config.txt"
293 fi
297 fi
294
298
295 # Install kernel modules blacklist
299 # Install kernel modules blacklist
296 mkdir -p "${ETC_DIR}/modprobe.d/"
300 mkdir -p "${ETC_DIR}/modprobe.d/"
297 install_readonly files/modules/raspi-blacklist.conf "${ETC_DIR}/modprobe.d/raspi-blacklist.conf"
301 install_readonly files/modules/raspi-blacklist.conf "${ETC_DIR}/modprobe.d/raspi-blacklist.conf"
298
302
299 # Install sysctl.d configuration files
303 # Install sysctl.d configuration files
300 install_readonly files/sysctl.d/81-rpi-vm.conf "${ETC_DIR}/sysctl.d/81-rpi-vm.conf"
304 install_readonly files/sysctl.d/81-rpi-vm.conf "${ETC_DIR}/sysctl.d/81-rpi-vm.conf"
Show file before | Show file after | Hide comments
@@ -1,136 +1,136
1 #
1 #
2 # Setup Networking
2 # Setup Networking
3 #
3 #
4
4
5 # Load utility functions
5 # Load utility functions
6 . ./functions.sh
6 . ./functions.sh
7
7
8 # Install and setup hostname
8 # Install and setup hostname
9 install_readonly files/network/hostname "${ETC_DIR}/hostname"
9 install_readonly files/network/hostname "${ETC_DIR}/hostname"
10 sed -i "s/^RaspberryPI/${HOSTNAME}/" "${ETC_DIR}/hostname"
10 sed -i "s/^RaspberryPI/${HOSTNAME}/" "${ETC_DIR}/hostname"
11
11
12 # Install and setup hosts
12 # Install and setup hosts
13 install_readonly files/network/hosts "${ETC_DIR}/hosts"
13 install_readonly files/network/hosts "${ETC_DIR}/hosts"
14 sed -i "s/RaspberryPI/${HOSTNAME}/" "${ETC_DIR}/hosts"
14 sed -i "s/RaspberryPI/${HOSTNAME}/" "${ETC_DIR}/hosts"
15
15
16 # Setup hostname entry with static IP
16 # Setup hostname entry with static IP
17 if [ "$NET_ADDRESS" != "" ] ; then
17 if [ "$NET_ADDRESS" != "" ] ; then
18 NET_IP=$(echo "${NET_ADDRESS}" | cut -f 1 -d'/')
18 NET_IP=$(echo "${NET_ADDRESS}" | cut -f 1 -d'/')
19 sed -i "s/^127.0.1.1/${NET_IP}/" "${ETC_DIR}/hosts"
19 sed -i "s/^127.0.1.1/${NET_IP}/" "${ETC_DIR}/hosts"
20 fi
20 fi
21
21
22 # Remove IPv6 hosts
22 # Remove IPv6 hosts
23 if [ "$ENABLE_IPV6" = false ] ; then
23 if [ "$ENABLE_IPV6" = false ] ; then
24 sed -i -e "/::[1-9]/d" -e "/^$/d" "${ETC_DIR}/hosts"
24 sed -i -e "/::[1-9]/d" -e "/^$/d" "${ETC_DIR}/hosts"
25 fi
25 fi
26
26
27 # Install hint about network configuration
27 # Install hint about network configuration
28 install_readonly files/network/interfaces "${ETC_DIR}/network/interfaces"
28 install_readonly files/network/interfaces "${ETC_DIR}/network/interfaces"
29
29
30 # Install configuration for interface eth0
30 # Install configuration for interface eth0
31 install_readonly files/network/eth.network "${ETC_DIR}/systemd/network/eth.network"
31 install_readonly files/network/eth.network "${ETC_DIR}/systemd/network/eth.network"
32
32
33 if [ "$RPI_MODEL" = 3P ] ; then
33 if [ "$RPI_MODEL" = 3P ] ; then
34 printf "\n[Link]\nGenericReceiveOffload=off\nTCPSegmentationOffload=off\nGenericSegmentationOffload=off" >> "${ETC_DIR}/systemd/network/eth.network"
34 printf "\n[Link]\nGenericReceiveOffload=off\nTCPSegmentationOffload=off\nGenericSegmentationOffload=off" >> "${ETC_DIR}/systemd/network/eth.network"
35 fi
35 fi
36
36
37 # Install configuration for interface wl*
37 # Install configuration for interface wl*
38 install_readonly files/network/wlan.network "${ETC_DIR}/systemd/network/wlan.network"
38 install_readonly files/network/wlan.network "${ETC_DIR}/systemd/network/wlan.network"
39
39
40 #always with dhcp since wpa_supplicant integration is missing
40 #always with dhcp since wpa_supplicant integration is missing
41 sed -i -e "s/DHCP=.*/DHCP=yes/" -e "/DHCP/q" "${ETC_DIR}/systemd/network/wlan.network"
41 sed -i -e "s/DHCP=.*/DHCP=yes/" -e "/DHCP/q" "${ETC_DIR}/systemd/network/wlan.network"
42
42
43 if [ "$ENABLE_DHCP" = true ] ; then
43 if [ "$ENABLE_DHCP" = true ] ; then
44 # Enable DHCP configuration for interface eth0
44 # Enable DHCP configuration for interface eth0
45 sed -i -e "s/DHCP=.*/DHCP=yes/" -e "/DHCP/q" "${ETC_DIR}/systemd/network/eth.network"
45 sed -i -e "s/DHCP=.*/DHCP=yes/" -e "/DHCP/q" "${ETC_DIR}/systemd/network/eth.network"
46
46
47 # Set DHCP configuration to IPv4 only
47 # Set DHCP configuration to IPv4 only
48 if [ "$ENABLE_IPV6" = false ] ; then
48 if [ "$ENABLE_IPV6" = false ] ; then
49 sed -i "s/DHCP=.*/DHCP=v4/" "${ETC_DIR}/systemd/network/eth.network"
49 sed -i "s/DHCP=.*/DHCP=v4/" "${ETC_DIR}/systemd/network/eth.network"
50 fi
50 fi
51
51
52 else # ENABLE_DHCP=false
52 else # ENABLE_DHCP=false
53 # Set static network configuration for interface eth0
53 # Set static network configuration for interface eth0
54 sed -i\
54 sed -i\
55 -e "s|DHCP=.*|DHCP=no|"\
55 -e "s|DHCP=.*|DHCP=no|"\
56 -e "s|Address=\$|Address=${NET_ADDRESS}|"\
56 -e "s|Address=\$|Address=${NET_ADDRESS}|"\
57 -e "s|Gateway=\$|Gateway=${NET_GATEWAY}|"\
57 -e "s|Gateway=\$|Gateway=${NET_GATEWAY}|"\
58 -e "0,/DNS=\$/ s|DNS=\$|DNS=${NET_DNS_1}|"\
58 -e "0,/DNS=\$/ s|DNS=\$|DNS=${NET_DNS_1}|"\
59 -e "0,/DNS=\$/ s|DNS=\$|DNS=${NET_DNS_2}|"\
59 -e "0,/DNS=\$/ s|DNS=\$|DNS=${NET_DNS_2}|"\
60 -e "s|Domains=\$|Domains=${NET_DNS_DOMAINS}|"\
60 -e "s|Domains=\$|Domains=${NET_DNS_DOMAINS}|"\
61 -e "0,/NTP=\$/ s|NTP=\$|NTP=${NET_NTP_1}|"\
61 -e "0,/NTP=\$/ s|NTP=\$|NTP=${NET_NTP_1}|"\
62 -e "0,/NTP=\$/ s|NTP=\$|NTP=${NET_NTP_2}|"\
62 -e "0,/NTP=\$/ s|NTP=\$|NTP=${NET_NTP_2}|"\
63 "${ETC_DIR}/systemd/network/eth.network"
63 "${ETC_DIR}/systemd/network/eth.network"
64 fi
64 fi
65
65
66 # Remove empty settings from network configuration
66 # Remove empty settings from network configuration
67 sed -i "/.*=\$/d" "${ETC_DIR}/systemd/network/eth.network"
67 sed -i "/.*=\$/d" "${ETC_DIR}/systemd/network/eth.network"
68 # Remove empty settings from wlan configuration
68 # Remove empty settings from wlan configuration
69 sed -i "/.*=\$/d" "${ETC_DIR}/systemd/network/wlan.network"
69 sed -i "/.*=\$/d" "${ETC_DIR}/systemd/network/wlan.network"
70
70
71 # Move systemd network configuration if required by Debian release
71 # Move systemd network configuration if required by Debian release
72 mv -v "${ETC_DIR}/systemd/network/eth.network" "${LIB_DIR}/systemd/network/10-eth.network"
72 mv -v "${ETC_DIR}/systemd/network/eth.network" "${LIB_DIR}/systemd/network/10-eth.network"
73 # If WLAN is enabled copy wlan configuration too
73 # If WLAN is enabled copy wlan configuration too
74 if [ "$ENABLE_WIRELESS" = true ] ; then
74 if [ "$ENABLE_WIRELESS" = true ] ; then
75 mv -v "${ETC_DIR}/systemd/network/wlan.network" "${LIB_DIR}/systemd/network/11-wlan.network"
75 mv -v "${ETC_DIR}/systemd/network/wlan.network" "${LIB_DIR}/systemd/network/11-wlan.network"
76 fi
76 fi
77 rm -fr "${ETC_DIR}/systemd/network"
77 rm -fr "${ETC_DIR}/systemd/network"
78
78
79 # Enable systemd-networkd service
79 # Enable systemd-networkd service
80 chroot_exec systemctl enable systemd-networkd
80 chroot_exec systemctl enable systemd-networkd
81
81
82 # Install host.conf resolver configuration
82 # Install host.conf resolver configuration
83 install_readonly files/network/host.conf "${ETC_DIR}/host.conf"
83 install_readonly files/network/host.conf "${ETC_DIR}/host.conf"
84
84
85 # Enable network stack hardening
85 # Enable network stack hardening
86 if [ "$ENABLE_HARDNET" = true ] ; then
86 if [ "$ENABLE_HARDNET" = true ] ; then
87 # Install sysctl.d configuration files
87 # Install sysctl.d configuration files
88 install_readonly files/sysctl.d/82-rpi-net-hardening.conf "${ETC_DIR}/sysctl.d/82-rpi-net-hardening.conf"
88 install_readonly files/sysctl.d/82-rpi-net-hardening.conf "${ETC_DIR}/sysctl.d/82-rpi-net-hardening.conf"
89
89
90 # Setup resolver warnings about spoofed addresses
90 # Setup resolver warnings about spoofed addresses
91 sed -i "s/^# spoof warn/spoof warn/" "${ETC_DIR}/host.conf"
91 sed -i "s/^# spoof warn/spoof warn/" "${ETC_DIR}/host.conf"
92 fi
92 fi
93
93
94 # Enable time sync
94 # Enable time sync
95 if [ "$NET_NTP_1" != "" ] ; then
95 if [ "$NET_NTP_1" != "" ] ; then
96 chroot_exec systemctl enable systemd-timesyncd.service
96 chroot_exec systemctl enable systemd-timesyncd.service
97 fi
97 fi
98
98
99 # Download the firmware binary blob required to use the RPi3 wireless interface
99 # Download the firmware binary blob required to use the RPi3 wireless interface
100 if [ "$ENABLE_WIRELESS" = true ] ; then
100 if [ "$ENABLE_WIRELESS" = true ] ; then
101 if [ ! -d "${WLAN_FIRMWARE_DIR}" ] ; then
101 if [ ! -d "${WLAN_FIRMWARE_DIR}" ] ; then
102 mkdir -p "${WLAN_FIRMWARE_DIR}"
102 mkdir -p "${WLAN_FIRMWARE_DIR}"
103 fi
103 fi
104
104
105 # Create temporary directory for firmware binary blob
105 # Create temporary directory for firmware binary blob
106 temp_dir=$(as_nobody mktemp -d)
106 temp_dir=$(as_nobody mktemp -d)
107
107
108 # Fetch firmware binary blob for RPI3B+
108 # Fetch firmware binary blob for RPI3B+
109 if [ "$RPI_MODEL" = 3P ] ; then
109 if [ "$RPI_MODEL" = 3P ] || [ "$RPI_MODEL" = 4 ] ; then
110 # Fetch firmware binary blob for RPi3P
110 # Fetch firmware binary blob for RPi3P
111 as_nobody wget -q -O "${temp_dir}/brcmfmac43455-sdio.bin" "${WLAN_FIRMWARE_URL}/brcmfmac43455-sdio.bin"
111 as_nobody wget -q -O "${temp_dir}/brcmfmac43455-sdio.bin" "${WLAN_FIRMWARE_URL}/brcmfmac43455-sdio.bin"
112 as_nobody wget -q -O "${temp_dir}/brcmfmac43455-sdio.txt" "${WLAN_FIRMWARE_URL}/brcmfmac43455-sdio.txt"
112 as_nobody wget -q -O "${temp_dir}/brcmfmac43455-sdio.txt" "${WLAN_FIRMWARE_URL}/brcmfmac43455-sdio.txt"
113 as_nobody wget -q -O "${temp_dir}/brcmfmac43455-sdio.clm_blob" "${WLAN_FIRMWARE_URL}/brcmfmac43455-sdio.clm_blob"
113 as_nobody wget -q -O "${temp_dir}/brcmfmac43455-sdio.clm_blob" "${WLAN_FIRMWARE_URL}/brcmfmac43455-sdio.clm_blob"
114
114
115 # Move downloaded firmware binary blob
115 # Move downloaded firmware binary blob
116 mv "${temp_dir}/brcmfmac43455-sdio."* "${WLAN_FIRMWARE_DIR}/"
116 mv "${temp_dir}/brcmfmac43455-sdio."* "${WLAN_FIRMWARE_DIR}/"
117
117
118 # Set permissions of the firmware binary blob
118 # Set permissions of the firmware binary blob
119 chown root:root "${WLAN_FIRMWARE_DIR}/brcmfmac43455-sdio."*
119 chown root:root "${WLAN_FIRMWARE_DIR}/brcmfmac43455-sdio."*
120 chmod 600 "${WLAN_FIRMWARE_DIR}/brcmfmac43455-sdio."*
120 chmod 600 "${WLAN_FIRMWARE_DIR}/brcmfmac43455-sdio."*
121 elif [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 0 ] ; then
121 elif [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 0 ] ; then
122 # Fetch firmware binary blob for RPi3
122 # Fetch firmware binary blob for RPi3
123 as_nobody wget -q -O "${temp_dir}/brcmfmac43430-sdio.bin" "${WLAN_FIRMWARE_URL}/brcmfmac43430-sdio.bin"
123 as_nobody wget -q -O "${temp_dir}/brcmfmac43430-sdio.bin" "${WLAN_FIRMWARE_URL}/brcmfmac43430-sdio.bin"
124 as_nobody wget -q -O "${temp_dir}/brcmfmac43430-sdio.txt" "${WLAN_FIRMWARE_URL}/brcmfmac43430-sdio.txt"
124 as_nobody wget -q -O "${temp_dir}/brcmfmac43430-sdio.txt" "${WLAN_FIRMWARE_URL}/brcmfmac43430-sdio.txt"
125
125
126 # Move downloaded firmware binary blob
126 # Move downloaded firmware binary blob
127 mv "${temp_dir}/brcmfmac43430-sdio."* "${WLAN_FIRMWARE_DIR}/"
127 mv "${temp_dir}/brcmfmac43430-sdio."* "${WLAN_FIRMWARE_DIR}/"
128
128
129 # Set permissions of the firmware binary blob
129 # Set permissions of the firmware binary blob
130 chown root:root "${WLAN_FIRMWARE_DIR}/brcmfmac43430-sdio."*
130 chown root:root "${WLAN_FIRMWARE_DIR}/brcmfmac43430-sdio."*
131 chmod 600 "${WLAN_FIRMWARE_DIR}/brcmfmac43430-sdio."*
131 chmod 600 "${WLAN_FIRMWARE_DIR}/brcmfmac43430-sdio."*
132 fi
132 fi
133
133
134 # Remove temporary directory for firmware binary blob
134 # Remove temporary directory for firmware binary blob
135 rm -fr "${temp_dir}"
135 rm -fr "${temp_dir}"
136 fi
136 fi
Show file before | Show file after | Hide comments
@@ -1,56 +1,56
1 #
1 #
2 # Setup videocore - Raspberry Userland
2 # Setup videocore - Raspberry Userland
3 #
3 #
4
4
5 # Load utility functions
5 # Load utility functions
6 . ./functions.sh
6 . ./functions.sh
7
7
8 if [ "$ENABLE_VIDEOCORE" = true ] ; then
8 if [ "$ENABLE_VIDEOCORE" = true ] ; then
9 # Copy existing videocore sources into chroot directory
9 # Copy existing videocore sources into chroot directory
10 if [ -n "$VIDEOCORESRC_DIR" ] && [ -d "$VIDEOCORESRC_DIR" ] ; then
10 if [ -n "$VIDEOCORESRC_DIR" ] && [ -d "$VIDEOCORESRC_DIR" ] ; then
11 # Copy local videocore sources
11 # Copy local videocore sources
12 cp -r "${VIDEOCORESRC_DIR}" "${R}/tmp/userland"
12 cp -r "${VIDEOCORESRC_DIR}" "${R}/tmp/userland"
13 else
13 else
14 # Create temporary directory for videocore sources
14 # Create temporary directory for videocore sources
15 temp_dir=$(as_nobody mktemp -d)
15 temp_dir=$(as_nobody mktemp -d)
16
16
17 # Fetch videocore sources
17 # Fetch videocore sources
18 as_nobody git -C "${temp_dir}" clone "${VIDEOCORE_URL}"
18 as_nobody git -C "${temp_dir}" clone "${VIDEOCORE_URL}"
19
19
20 # Copy downloaded videocore sources
20 # Copy downloaded videocore sources
21 mv "${temp_dir}/userland" "${R}/tmp/"
21 mv "${temp_dir}/userland" "${R}/tmp/"
22
22
23 # Set permissions of the U-Boot sources
23 # Set permissions of the U-Boot sources
24 chown -R root:root "${R}/tmp/userland"
24 chown -R root:root "${R}/tmp/userland"
25
25
26 # Remove temporary directory for U-Boot sources
26 # Remove temporary directory for U-Boot sources
27 rm -fr "${temp_dir}"
27 rm -fr "${temp_dir}"
28 fi
28 fi
29
29
30 # Create build dir
30 # Create build dir
31 mkdir "${R}"/tmp/userland/build
31 mkdir "${R}"/tmp/userland/build
32
32
33 # push us to build directory
33 # push us to build directory
34 cd "${R}"/tmp/userland/build
34 cd "${R}"/tmp/userland/build
35
35
36 if [ "$RELEASE_ARCH" = "arm64" ] ; then
36 if [ "$RELEASE_ARCH" = "arm64" ] ; then
37 cmake -DCMAKE_SYSTEM_NAME=Linux -DCMAKE_BUILD_TYPE=release -DARM64=ON -DCMAKE_C_COMPILER=aarch64-linux-gnu-gcc -DCMAKE_CXX_COMPILER=aarch64-linux-gnu-g++ -DCMAKE_ASM_COMPILER=aarch64-linux-gnu-gcc -DCMAKE_C_FLAGS="${CMAKE_C_FLAGS} -U_FORTIFY_SOURCE" -DCMAKE_ASM_FLAGS="${CMAKE_ASM_FLAGS} -c" -DVIDEOCORE_BUILD_DIR="${R}" "${R}/tmp/userland"
37 cmake -DCMAKE_SYSTEM_NAME=Linux -DCMAKE_BUILD_TYPE=release -DCMAKE_TOOLCHAIN_FILE="${R}"/tmp/userland/makefiles/cmake/toolchains/aarch64-linux-gnu.cmake -DARM64=ON -DCMAKE_C_COMPILER=aarch64-linux-gnu-gcc -DCMAKE_CXX_COMPILER=aarch64-linux-gnu-g++ -DCMAKE_ASM_COMPILER=aarch64-linux-gnu-gcc -DCMAKE_C_FLAGS="${CMAKE_C_FLAGS} -U_FORTIFY_SOURCE" -DCMAKE_ASM_FLAGS="${CMAKE_ASM_FLAGS} -c" -DVIDEOCORE_BUILD_DIR="${R}" "${R}/tmp/userland"
38 fi
38 fi
39
39
40 if [ "$RELEASE_ARCH" = "armel" ] ; then
40 if [ "$RELEASE_ARCH" = "armel" ] ; then
41 cmake -DCMAKE_SYSTEM_NAME=Linux -DCMAKE_BUILD_TYPE=release -DCMAKE_C_COMPILER=arm-linux-gnueabi-gcc -DCMAKE_CXX_COMPILER=arm-linux-gnueabi-g++ -DCMAKE_ASM_COMPILER=arm-linux-gnueabi-gcc -DCMAKE_C_FLAGS="${CMAKE_C_FLAGS} -U_FORTIFY_SOURCE" -DCMAKE_ASM_FLAGS="${CMAKE_ASM_FLAGS} -c" -DCMAKE_SYSTEM_PROCESSOR="arm" -DVIDEOCORE_BUILD_DIR="${R}" "${R}/tmp/userland"
41 cmake -DCMAKE_SYSTEM_NAME=Linux -DCMAKE_BUILD_TYPE=release -DCMAKE_TOOLCHAIN_FILE="${R}"/tmp/userland/makefiles/cmake/toolchains/arm-linux-gnueabihf.cmake -DCMAKE_C_COMPILER=arm-linux-gnueabi-gcc -DCMAKE_CXX_COMPILER=arm-linux-gnueabi-g++ -DCMAKE_ASM_COMPILER=arm-linux-gnueabi-gcc -DCMAKE_C_FLAGS="${CMAKE_C_FLAGS} -U_FORTIFY_SOURCE" -DCMAKE_ASM_FLAGS="${CMAKE_ASM_FLAGS} -c" -DCMAKE_SYSTEM_PROCESSOR="arm" -DVIDEOCORE_BUILD_DIR="${R}" "${R}/tmp/userland"
42 fi
42 fi
43
43
44 if [ "$RELEASE_ARCH" = "armhf" ] ; then
44 if [ "$RELEASE_ARCH" = "armhf" ] ; then
45 cmake -DCMAKE_SYSTEM_NAME=Linux -DCMAKE_BUILD_TYPE=release -DCMAKE_TOOLCHAIN_FILE="${R}"/tmp/userland/makefiles/cmake/toolchains/arm-linux-gnueabihf.cmake -DVIDEOCORE_BUILD_DIR="${R}" "${R}/tmp/userland"
45 cmake -DCMAKE_SYSTEM_NAME=Linux -DCMAKE_BUILD_TYPE=release -DCMAKE_TOOLCHAIN_FILE="${R}"/tmp/userland/makefiles/cmake/toolchains/arm-linux-gnueabihf.cmake -DVIDEOCORE_BUILD_DIR="${R}" "${R}/tmp/userland"
46 fi
46 fi
47
47
48 #build userland
48 #build userland
49 make -j "$(nproc)"
49 make -j "$(nproc)"
50
50
51 #back to root of scriptdir
51 #back to root of scriptdir
52 cd "${WORKDIR}"
52 cd "${WORKDIR}"
53
53
54 # Remove videocore sources
54 # Remove videocore sources
55 rm -fr "${R}"/tmp/userland/
55 rm -fr "${R}"/tmp/userland/
56 fi
56 fi
Show file before | Show file after | Hide comments
@@ -1,97 +1,97
1 #!/bin/sh
1 #!/bin/sh
2 #
2 #
3 # Build and Setup nexmon with monitor mode patch
3 # Build and Setup nexmon with monitor mode patch
4 #
4 #
5
5
6 # Load utility functions
6 # Load utility functions
7 . ./functions.sh
7 . ./functions.sh
8
8
9 if [ "$ENABLE_NEXMON" = true ] && [ "$ENABLE_WIRELESS" = true ]; then
9 if [ "$ENABLE_NEXMON" = true ] && [ "$ENABLE_WIRELESS" = true ]; then
10 # Copy existing nexmon sources into chroot directory
10 # Copy existing nexmon sources into chroot directory
11 if [ -n "$NEXMONSRC_DIR" ] && [ -d "$NEXMONSRC_DIR" ] ; then
11 if [ -n "$NEXMONSRC_DIR" ] && [ -d "$NEXMONSRC_DIR" ] ; then
12 # Copy local U-Boot sources
12 # Copy local U-Boot sources
13 cp -r "${NEXMONSRC_DIR}" "${R}/tmp"
13 cp -r "${NEXMONSRC_DIR}" "${R}/tmp"
14 else
14 else
15 # Create temporary directory for nexmon sources
15 # Create temporary directory for nexmon sources
16 temp_dir=$(as_nobody mktemp -d)
16 temp_dir=$(as_nobody mktemp -d)
17
17
18 # Fetch nexmon sources
18 # Fetch nexmon sources
19 as_nobody git -C "${temp_dir}" clone "${NEXMON_URL}"
19 as_nobody git -C "${temp_dir}" clone "${NEXMON_URL}"
20
20
21 # Copy downloaded nexmon sources
21 # Copy downloaded nexmon sources
22 mv "${temp_dir}/nexmon" "${R}"/tmp/
22 mv "${temp_dir}/nexmon" "${R}"/tmp/
23
23
24 # Set permissions of the nexmon sources
24 # Set permissions of the nexmon sources
25 chown -R root:root "${R}"/tmp/nexmon
25 chown -R root:root "${R}"/tmp/nexmon
26
26
27 # Remove temporary directory for nexmon sources
27 # Remove temporary directory for nexmon sources
28 rm -fr "${temp_dir}"
28 rm -fr "${temp_dir}"
29 fi
29 fi
30
30
31 # Set script Root
31 # Set script Root
32 export NEXMON_ROOT="${R}"/tmp/nexmon
32 export NEXMON_ROOT="${R}"/tmp/nexmon
33
33
34 # Build nexmon firmware outside the build system, if we can.
34 # Build nexmon firmware outside the build system, if we can.
35 cd "${NEXMON_ROOT}" || exit
35 cd "${NEXMON_ROOT}" || exit
36
36
37 # Make ancient isl build
37 # Make ancient isl build
38 cd buildtools/isl-0.10 || exit
38 cd buildtools/isl-0.10 || exit
39 ./configure
39 ./configure
40 make
40 make
41 cd ../.. || exit
41 cd ../.. || exit
42
42
43 # Disable statistics
43 # Disable statistics
44 touch DISABLE_STATISTICS
44 touch DISABLE_STATISTICS
45
45
46 # Setup Enviroment: see https://github.com/NoobieDog/nexmon/blob/master/setup_env.sh
46 # Setup Enviroment: see https://github.com/NoobieDog/nexmon/blob/master/setup_env.sh
47 export KERNEL="${KERNEL_IMAGE}"
47 export KERNEL="${KERNEL_IMAGE}"
48 export ARCH=arm
48 export ARCH=arm
49 export SUBARCH=arm
49 export SUBARCH=arm
50 export CC="${NEXMON_ROOT}"/buildtools/gcc-arm-none-eabi-5_4-2016q2-linux-x86/bin/arm-none-eabi-
50 export CC="${NEXMON_ROOT}"/buildtools/gcc-arm-none-eabi-5_4-2016q2-linux-x86/bin/arm-none-eabi-
51 export CC="${CC}"gcc
51 export CC="${CC}"gcc
52 export CCPLUGIN="${NEXMON_ROOT}"/buildtools/gcc-nexmon-plugin/nexmon.so
52 export CCPLUGIN="${NEXMON_ROOT}"/buildtools/gcc-nexmon-plugin/nexmon.so
53 export ZLIBFLATE="zlib-flate -compress"
53 export ZLIBFLATE="zlib-flate -compress"
54 export Q=@
54 export Q=@
55 export NEXMON_SETUP_ENV=1
55 export NEXMON_SETUP_ENV=1
56 export HOSTUNAME=$(uname -s)
56 export HOSTUNAME=$(uname -s)
57 export PLATFORMUNAME=$(uname -m)
57 export PLATFORMUNAME=$(uname -m)
58
58
59 # Make nexmon
59 # Make nexmon
60 make
60 make
61
61
62 # build patches
62 # build patches
63 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 3 ] ; then
63 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 3 ] ; then
64 cd "${NEXMON_ROOT}"/patches/bcm43430a1/7_45_41_46/nexmon || exit
64 cd "${NEXMON_ROOT}"/patches/bcm43430a1/7_45_41_46/nexmon || exit
65 sed -i -e 's/all:.*/all: $(RAM_FILE)/g' ${NEXMON_ROOT}/patches/bcm43430a1/7_45_41_46/nexmon/Makefile
65 sed -i -e 's/all:.*/all: $(RAM_FILE)/g' ${NEXMON_ROOT}/patches/bcm43430a1/7_45_41_46/nexmon/Makefile
66 make clean
66 make clean
67
67
68 # We do this so we don't have to install the ancient isl version into /usr/local/lib on systems.
68 # We do this so we don't have to install the ancient isl version into /usr/local/lib on systems.
69 LD_LIBRARY_PATH="${NEXMON_ROOT}"/buildtools/isl-0.10/.libs make ARCH="${KERNEL_ARCH}" CC="${NEXMON_ROOT}"/buildtools/gcc-arm-none-eabi-5_4-2016q2-linux-x86/bin/arm-none-eabi-
69 LD_LIBRARY_PATH="${NEXMON_ROOT}"/buildtools/isl-0.10/.libs make ARCH="${KERNEL_ARCH}" CC="${NEXMON_ROOT}"/buildtools/gcc-arm-none-eabi-5_4-2016q2-linux-x86/bin/arm-none-eabi-
70
70
71 # copy RPi0W & RPi3 firmware
71 # copy RPi0W & RPi3 firmware
72 mv "${WLAN_FIRMWARE_DIR}"/brcmfmac43430-sdio.bin "${WLAN_FIRMWARE_DIR}"/brcmfmac43430-sdio.org.bin
72 mv "${WLAN_FIRMWARE_DIR}"/brcmfmac43430-sdio.bin "${WLAN_FIRMWARE_DIR}"/brcmfmac43430-sdio.org.bin
73 cp "${NEXMON_ROOT}"/patches/bcm43430a1/7_45_41_46/nexmon/brcmfmac43430-sdio.bin "${WLAN_FIRMWARE_DIR}"/brcmfmac43430-sdio.nexmon.bin
73 cp "${NEXMON_ROOT}"/patches/bcm43430a1/7_45_41_46/nexmon/brcmfmac43430-sdio.bin "${WLAN_FIRMWARE_DIR}"/brcmfmac43430-sdio.nexmon.bin
74 cp -f "${NEXMON_ROOT}"/patches/bcm43430a1/7_45_41_46/nexmon/brcmfmac43430-sdio.bin "${WLAN_FIRMWARE_DIR}"/brcmfmac43430-sdio.bin
74 cp -f "${NEXMON_ROOT}"/patches/bcm43430a1/7_45_41_46/nexmon/brcmfmac43430-sdio.bin "${WLAN_FIRMWARE_DIR}"/brcmfmac43430-sdio.bin
75 fi
75 fi
76
76
77 if [ "$RPI_MODEL" = 3P ] ; then
77 if [ "$RPI_MODEL" = 3P ] || [ "$RPI_MODEL" = 4 ] ; then
78 cd "${NEXMON_ROOT}"/patches/bcm43455c0/7_45_154/nexmon || exit
78 cd "${NEXMON_ROOT}"/patches/bcm43455c0/7_45_154/nexmon || exit
79 sed -i -e 's/all:.*/all: $(RAM_FILE)/g' ${NEXMON_ROOT}/patches/bcm43455c0/7_45_154/nexmon/Makefile
79 sed -i -e 's/all:.*/all: $(RAM_FILE)/g' ${NEXMON_ROOT}/patches/bcm43455c0/7_45_154/nexmon/Makefile
80 make clean
80 make clean
81
81
82 # We do this so we don't have to install the ancient isl version into /usr/local/lib on systems.
82 # We do this so we don't have to install the ancient isl version into /usr/local/lib on systems.
83 LD_LIBRARY_PATH=${NEXMON_ROOT}/buildtools/isl-0.10/.libs make ARCH="${KERNEL_ARCH}" CC="${NEXMON_ROOT}"/buildtools/gcc-arm-none-eabi-5_4-2016q2-linux-x86/bin/arm-none-eabi-
83 LD_LIBRARY_PATH=${NEXMON_ROOT}/buildtools/isl-0.10/.libs make ARCH="${KERNEL_ARCH}" CC="${NEXMON_ROOT}"/buildtools/gcc-arm-none-eabi-5_4-2016q2-linux-x86/bin/arm-none-eabi-
84
84
85 # RPi3B+ firmware
85 # RPi3B+ firmware
86 mv "${WLAN_FIRMWARE_DIR}"/brcmfmac43455-sdio.bin "${WLAN_FIRMWARE_DIR}"/brcmfmac43455-sdio.org.bin
86 mv "${WLAN_FIRMWARE_DIR}"/brcmfmac43455-sdio.bin "${WLAN_FIRMWARE_DIR}"/brcmfmac43455-sdio.org.bin
87 cp "${NEXMON_ROOT}"/patches/bcm43455c0/7_45_154/nexmon/brcmfmac43455-sdio.bin "${WLAN_FIRMWARE_DIR}"/brcmfmac43455-sdio.nexmon.bin
87 cp "${NEXMON_ROOT}"/patches/bcm43455c0/7_45_154/nexmon/brcmfmac43455-sdio.bin "${WLAN_FIRMWARE_DIR}"/brcmfmac43455-sdio.nexmon.bin
88 cp -f "${NEXMON_ROOT}"/patches/bcm43455c0/7_45_154/nexmon/brcmfmac43455-sdio.bin "${WLAN_FIRMWARE_DIR}"/brcmfmac43455-sdio.bin
88 cp -f "${NEXMON_ROOT}"/patches/bcm43455c0/7_45_154/nexmon/brcmfmac43455-sdio.bin "${WLAN_FIRMWARE_DIR}"/brcmfmac43455-sdio.bin
89 fi
89 fi
90
90
91 #Revert to previous directory
91 #Revert to previous directory
92 cd "${WORKDIR}" || exit
92 cd "${WORKDIR}" || exit
93
93
94 # Remove nexmon sources
94 # Remove nexmon sources
95 rm -fr "${NEXMON_ROOT}"
95 rm -fr "${NEXMON_ROOT}"
96
96
97 fi
97 fi
Show file before | Show file after | Hide comments
@@ -1,883 +1,890
1 #!/bin/sh
1 #!/bin/sh
2 ########################################################################
2 ########################################################################
3 # rpi23-gen-image.sh 2015-2017
3 # rpi23-gen-image.sh 2015-2017
4 #
4 #
5 # Advanced Debian "stretch" and "buster" bootstrap script for Raspberry Pi
5 # Advanced Debian "stretch" and "buster" bootstrap script for Raspberry Pi
6 #
6 #
7 # This program is free software; you can redistribute it and/or
7 # This program is free software; you can redistribute it and/or
8 # modify it under the terms of the GNU General Public License
8 # modify it under the terms of the GNU General Public License
9 # as published by the Free Software Foundation; either version 2
9 # as published by the Free Software Foundation; either version 2
10 # of the License, or (at your option) any later version.
10 # of the License, or (at your option) any later version.
11 #
11 #
12 # Copyright (C) 2015 Jan Wagner <mail@jwagner.eu>
12 # Copyright (C) 2015 Jan Wagner <mail@jwagner.eu>
13 #
13 #
14 # Big thanks for patches and enhancements by 20+ github contributors!
14 # Big thanks for patches and enhancements by 20+ github contributors!
15 ########################################################################
15 ########################################################################
16
16
17 # Are we running as root?
17 # Are we running as root?
18 if [ "$(id -u)" -ne "0" ] ; then
18 if [ "$(id -u)" -ne "0" ] ; then
19 echo "error: this script must be executed with root privileges!"
19 echo "error: this script must be executed with root privileges!"
20 exit 1
20 exit 1
21 fi
21 fi
22
22
23 # Check if ./functions.sh script exists
23 # Check if ./functions.sh script exists
24 if [ ! -r "./functions.sh" ] ; then
24 if [ ! -r "./functions.sh" ] ; then
25 echo "error: './functions.sh' required script not found!"
25 echo "error: './functions.sh' required script not found!"
26 exit 1
26 exit 1
27 fi
27 fi
28
28
29 # Load utility functions
29 # Load utility functions
30 . ./functions.sh
30 . ./functions.sh
31
31
32 # Load parameters from configuration template file
32 # Load parameters from configuration template file
33 if [ -n "$CONFIG_TEMPLATE" ] ; then
33 if [ -n "$CONFIG_TEMPLATE" ] ; then
34 use_template
34 use_template
35 fi
35 fi
36
36
37 # Introduce settings
37 # Introduce settings
38 set -e
38 set -e
39 echo -n -e "\n#\n# RPi 0/1/2/3 Bootstrap Settings\n#\n"
39 echo -n -e "\n#\n# RPi 0/1/2/3 Bootstrap Settings\n#\n"
40 set -x
40 set -x
41
41
42 # Raspberry Pi model configuration
42 # Raspberry Pi model configuration
43 RPI_MODEL=${RPI_MODEL:=2}
43 RPI_MODEL=${RPI_MODEL:=2}
44
44
45 # Debian release
45 # Debian release
46 RELEASE=${RELEASE:=buster}
46 RELEASE=${RELEASE:=buster}
47
47
48 # Kernel Branch
48 # Kernel Branch
49 KERNEL_BRANCH=${KERNEL_BRANCH:=""}
49 KERNEL_BRANCH=${KERNEL_BRANCH:=""}
50
50
51 # URLs
51 # URLs
52 KERNEL_URL=${KERNEL_URL:=https://github.com/raspberrypi/linux}
52 KERNEL_URL=${KERNEL_URL:=https://github.com/raspberrypi/linux}
53 FIRMWARE_URL=${FIRMWARE_URL:=https://github.com/raspberrypi/firmware/raw/master/boot}
53 FIRMWARE_URL=${FIRMWARE_URL:=https://github.com/raspberrypi/firmware/raw/master/boot}
54 WLAN_FIRMWARE_URL=${WLAN_FIRMWARE_URL:=https://github.com/RPi-Distro/firmware-nonfree/raw/master/brcm}
54 WLAN_FIRMWARE_URL=${WLAN_FIRMWARE_URL:=https://github.com/RPi-Distro/firmware-nonfree/raw/master/brcm}
55 COLLABORA_URL=${COLLABORA_URL:=https://repositories.collabora.co.uk/debian}
55 COLLABORA_URL=${COLLABORA_URL:=https://repositories.collabora.co.uk/debian}
56 FBTURBO_URL=${FBTURBO_URL:=https://github.com/ssvb/xf86-video-fbturbo.git}
56 FBTURBO_URL=${FBTURBO_URL:=https://github.com/ssvb/xf86-video-fbturbo.git}
57 UBOOT_URL=${UBOOT_URL:=https://git.denx.de/u-boot.git}
57 UBOOT_URL=${UBOOT_URL:=https://git.denx.de/u-boot.git}
58 VIDEOCORE_URL=${VIDEOCORE_URL:=https://github.com/raspberrypi/userland}
58 VIDEOCORE_URL=${VIDEOCORE_URL:=https://github.com/raspberrypi/userland}
59 BLUETOOTH_URL=${BLUETOOTH_URL:=https://github.com/RPi-Distro/pi-bluetooth.git}
59 BLUETOOTH_URL=${BLUETOOTH_URL:=https://github.com/RPi-Distro/pi-bluetooth.git}
60 NEXMON_URL=${NEXMON_URL:=https://github.com/seemoo-lab/nexmon.git}
60 NEXMON_URL=${NEXMON_URL:=https://github.com/seemoo-lab/nexmon.git}
61 SYSTEMDSWAP_URL=${SYSTEMDSWAP_URL:=https://github.com/Nefelim4ag/systemd-swap.git}
61 SYSTEMDSWAP_URL=${SYSTEMDSWAP_URL:=https://github.com/Nefelim4ag/systemd-swap.git}
62
62
63 # Kernel deb packages for 32bit kernel
63 # Kernel deb packages for 32bit kernel
64 RPI_32_KERNEL_URL=${RPI_32_KERNEL_URL:=https://github.com/hypriot/rpi-kernel/releases/download/v4.14.34/raspberrypi-kernel_20180422-141901_armhf.deb}
64 RPI_32_KERNEL_URL=${RPI_32_KERNEL_URL:=https://github.com/hypriot/rpi-kernel/releases/download/v4.14.34/raspberrypi-kernel_20180422-141901_armhf.deb}
65 RPI_32_KERNELHEADER_URL=${RPI_32_KERNELHEADER_URL:=https://github.com/hypriot/rpi-kernel/releases/download/v4.14.34/raspberrypi-kernel-headers_20180422-141901_armhf.deb}
65 RPI_32_KERNELHEADER_URL=${RPI_32_KERNELHEADER_URL:=https://github.com/hypriot/rpi-kernel/releases/download/v4.14.34/raspberrypi-kernel-headers_20180422-141901_armhf.deb}
66 # Kernel has KVM and zswap enabled - use if KERNEL_* parameters and precompiled kernel are used
66 # Kernel has KVM and zswap enabled - use if KERNEL_* parameters and precompiled kernel are used
67 RPI3_64_BIS_KERNEL_URL=${RPI3_64_BIS_KERNEL_URL:=https://github.com/sakaki-/bcmrpi3-kernel-bis/releases/download/4.14.80.20181113/bcmrpi3-kernel-bis-4.14.80.20181113.tar.xz}
67 RPI3_64_BIS_KERNEL_URL=${RPI3_64_BIS_KERNEL_URL:=https://github.com/sakaki-/bcmrpi3-kernel-bis/releases/download/4.19.80.20191022/bcmrpi3-kernel-bis-4.19.80.20191022.tar.xz}
68 # Default precompiled 64bit kernel
68 # Default precompiled 64bit kernel
69 RPI3_64_DEF_KERNEL_URL=${RPI3_64_DEF_KERNEL_URL:=https://github.com/sakaki-/bcmrpi3-kernel/releases/download/4.14.80.20181113/bcmrpi3-kernel-4.14.80.20181113.tar.xz}
69 RPI3_64_DEF_KERNEL_URL=${RPI3_64_DEF_KERNEL_URL:=https://github.com/sakaki-/bcmrpi3-kernel/releases/download/4.19.80.20191022/bcmrpi3-kernel-4.19.80.20191022.tar.xz}
70 # Sakaki BIS Kernel RPI4 - https://github.com/sakaki-/bcm2711-kernel-bis
71 RPI4_64_BIS_KERNEL_URL=${RPI4_64_BIS_KERNEL_URL:=https://github.com/sakaki-/bcm2711-kernel-bis/releases/download/4.19.59.20190724/bcm2711-kernel-bis-4.19.59.20190724.tar.xz}
72 # Default precompiled 64bit kernel - https://github.com/sakaki-/bcm2711-kernel
73 RPI4_64_DEF_KERNEL_URL=${RPI4_64_DEF_KERNEL_URL:=https://github.com/sakaki-/bcm2711-kernel-bis/releases/download/4.19.59.20190724/bcm2711-kernel-bis-4.19.59.20190724.tar.xz}
70 # Generic
74 # Generic
71 RPI3_64_KERNEL_URL=${RPI3_64_KERNEL_URL:=$RPI3_64_DEF_KERNEL_URL}
75 RPI3_64_KERNEL_URL=${RPI3_64_KERNEL_URL:=$RPI3_64_DEF_KERNEL_URL}
76 RPI4_64_KERNEL_URL=${RPI4_64_KERNEL_URL:=$RPI4_64_DEF_KERNEL_URL}
72 # Kali kernel src - used if ENABLE_NEXMON=true (they patch the wlan kernel modul)
77 # Kali kernel src - used if ENABLE_NEXMON=true (they patch the wlan kernel modul)
73 KALI_KERNEL_URL=${KALI_KERNEL_URL:=https://github.com/Re4son/re4son-raspberrypi-linux.git}
78 KALI_KERNEL_URL=${KALI_KERNEL_URL:=https://github.com/Re4son/re4son-raspberrypi-linux.git}
74
79
75 # Build directories
80 # Build directories
76 WORKDIR=$(pwd)
81 WORKDIR=$(pwd)
77 BASEDIR=${BASEDIR:=${WORKDIR}/images/${RELEASE}}
82 BASEDIR=${BASEDIR:=${WORKDIR}/images/${RELEASE}}
78 BUILDDIR="${BASEDIR}/build"
83 BUILDDIR="${BASEDIR}/build"
79
84
80 # Chroot directories
85 # Chroot directories
81 R="${BUILDDIR}/chroot"
86 R="${BUILDDIR}/chroot"
82 ETC_DIR="${R}/etc"
87 ETC_DIR="${R}/etc"
83 LIB_DIR="${R}/lib"
88 LIB_DIR="${R}/lib"
84 BOOT_DIR="${R}/boot/firmware"
89 BOOT_DIR="${R}/boot/firmware"
85 KERNEL_DIR="${R}/usr/src/linux"
90 KERNEL_DIR="${R}/usr/src/linux"
86 WLAN_FIRMWARE_DIR="${LIB_DIR}/firmware/brcm"
91 WLAN_FIRMWARE_DIR="${LIB_DIR}/firmware/brcm"
87 BLUETOOTH_FIRMWARE_DIR="${ETC_DIR}/firmware/bt"
92 BLUETOOTH_FIRMWARE_DIR="${ETC_DIR}/firmware/bt"
88
93
89 # Firmware directory: Blank if download from github
94 # Firmware directory: Blank if download from github
90 RPI_FIRMWARE_DIR=${RPI_FIRMWARE_DIR:=""}
95 RPI_FIRMWARE_DIR=${RPI_FIRMWARE_DIR:=""}
91
96
92 # General settings
97 # General settings
93 SET_ARCH=${SET_ARCH:=32}
98 SET_ARCH=${SET_ARCH:=32}
94 HOSTNAME=${HOSTNAME:=rpi${RPI_MODEL}-${RELEASE}}
99 HOSTNAME=${HOSTNAME:=rpi${RPI_MODEL}-${RELEASE}}
95 PASSWORD=${PASSWORD:=raspberry}
100 PASSWORD=${PASSWORD:=raspberry}
96 USER_PASSWORD=${USER_PASSWORD:=raspberry}
101 USER_PASSWORD=${USER_PASSWORD:=raspberry}
97 DEFLOCAL=${DEFLOCAL:="en_US.UTF-8"}
102 DEFLOCAL=${DEFLOCAL:="en_US.UTF-8"}
98 TIMEZONE=${TIMEZONE:="Europe/Berlin"}
103 TIMEZONE=${TIMEZONE:="Europe/Berlin"}
99 EXPANDROOT=${EXPANDROOT:=true}
104 EXPANDROOT=${EXPANDROOT:=true}
100 ENABLE_DPHYSSWAP=${ENABLE_DPHYSSWAP:=true}
105 ENABLE_DPHYSSWAP=${ENABLE_DPHYSSWAP:=true}
101
106
102 # Keyboard settings
107 # Keyboard settings
103 XKB_MODEL=${XKB_MODEL:=""}
108 XKB_MODEL=${XKB_MODEL:=""}
104 XKB_LAYOUT=${XKB_LAYOUT:=""}
109 XKB_LAYOUT=${XKB_LAYOUT:=""}
105 XKB_VARIANT=${XKB_VARIANT:=""}
110 XKB_VARIANT=${XKB_VARIANT:=""}
106 XKB_OPTIONS=${XKB_OPTIONS:=""}
111 XKB_OPTIONS=${XKB_OPTIONS:=""}
107
112
108 # Network settings (DHCP)
113 # Network settings (DHCP)
109 ENABLE_DHCP=${ENABLE_DHCP:=true}
114 ENABLE_DHCP=${ENABLE_DHCP:=true}
110
115
111 # Network settings (static)
116 # Network settings (static)
112 NET_ADDRESS=${NET_ADDRESS:=""}
117 NET_ADDRESS=${NET_ADDRESS:=""}
113 NET_GATEWAY=${NET_GATEWAY:=""}
118 NET_GATEWAY=${NET_GATEWAY:=""}
114 NET_DNS_1=${NET_DNS_1:=""}
119 NET_DNS_1=${NET_DNS_1:=""}
115 NET_DNS_2=${NET_DNS_2:=""}
120 NET_DNS_2=${NET_DNS_2:=""}
116 NET_DNS_DOMAINS=${NET_DNS_DOMAINS:=""}
121 NET_DNS_DOMAINS=${NET_DNS_DOMAINS:=""}
117 NET_NTP_1=${NET_NTP_1:=""}
122 NET_NTP_1=${NET_NTP_1:=""}
118 NET_NTP_2=${NET_NTP_2:=""}
123 NET_NTP_2=${NET_NTP_2:=""}
119
124
120 # APT settings
125 # APT settings
121 APT_PROXY=${APT_PROXY:=""}
126 APT_PROXY=${APT_PROXY:=""}
122 APT_SERVER=${APT_SERVER:="ftp.debian.org"}
127 APT_SERVER=${APT_SERVER:="ftp.debian.org"}
123 KEEP_APT_PROXY=${KEEP_APT_PROXY:=false}
128 KEEP_APT_PROXY=${KEEP_APT_PROXY:=false}
124
129
125 # Feature settings
130 # Feature settings
126 ENABLE_PRINTK=${ENABLE_PRINTK:=false}
131 ENABLE_PRINTK=${ENABLE_PRINTK:=false}
127 ENABLE_BLUETOOTH=${ENABLE_BLUETOOTH:=false}
132 ENABLE_BLUETOOTH=${ENABLE_BLUETOOTH:=false}
128 ENABLE_MINIUART_OVERLAY=${ENABLE_MINIUART_OVERLAY:=false}
133 ENABLE_MINIUART_OVERLAY=${ENABLE_MINIUART_OVERLAY:=false}
129 ENABLE_CONSOLE=${ENABLE_CONSOLE:=true}
134 ENABLE_CONSOLE=${ENABLE_CONSOLE:=true}
130 ENABLE_I2C=${ENABLE_I2C:=false}
135 ENABLE_I2C=${ENABLE_I2C:=false}
131 ENABLE_SPI=${ENABLE_SPI:=false}
136 ENABLE_SPI=${ENABLE_SPI:=false}
132 ENABLE_IPV6=${ENABLE_IPV6:=true}
137 ENABLE_IPV6=${ENABLE_IPV6:=true}
133 ENABLE_SSHD=${ENABLE_SSHD:=true}
138 ENABLE_SSHD=${ENABLE_SSHD:=true}
134 ENABLE_NONFREE=${ENABLE_NONFREE:=false}
139 ENABLE_NONFREE=${ENABLE_NONFREE:=false}
135 ENABLE_WIRELESS=${ENABLE_WIRELESS:=false}
140 ENABLE_WIRELESS=${ENABLE_WIRELESS:=false}
136 ENABLE_SOUND=${ENABLE_SOUND:=true}
141 ENABLE_SOUND=${ENABLE_SOUND:=true}
137 ENABLE_DBUS=${ENABLE_DBUS:=true}
142 ENABLE_DBUS=${ENABLE_DBUS:=true}
138 ENABLE_HWRANDOM=${ENABLE_HWRANDOM:=true}
143 ENABLE_HWRANDOM=${ENABLE_HWRANDOM:=true}
139 ENABLE_MINGPU=${ENABLE_MINGPU:=false}
144 ENABLE_MINGPU=${ENABLE_MINGPU:=false}
140 ENABLE_XORG=${ENABLE_XORG:=false}
145 ENABLE_XORG=${ENABLE_XORG:=false}
141 ENABLE_WM=${ENABLE_WM:=""}
146 ENABLE_WM=${ENABLE_WM:=""}
142 ENABLE_RSYSLOG=${ENABLE_RSYSLOG:=true}
147 ENABLE_RSYSLOG=${ENABLE_RSYSLOG:=true}
143 ENABLE_USER=${ENABLE_USER:=true}
148 ENABLE_USER=${ENABLE_USER:=true}
144 USER_NAME=${USER_NAME:="pi"}
149 USER_NAME=${USER_NAME:="pi"}
145 ENABLE_ROOT=${ENABLE_ROOT:=false}
150 ENABLE_ROOT=${ENABLE_ROOT:=false}
146 ENABLE_QEMU=${ENABLE_QEMU:=false}
151 ENABLE_QEMU=${ENABLE_QEMU:=false}
147 ENABLE_SYSVINIT=${ENABLE_SYSVINIT:=false}
152 ENABLE_SYSVINIT=${ENABLE_SYSVINIT:=false}
148
153
149 # SSH settings
154 # SSH settings
150 SSH_ENABLE_ROOT=${SSH_ENABLE_ROOT:=false}
155 SSH_ENABLE_ROOT=${SSH_ENABLE_ROOT:=false}
151 SSH_DISABLE_PASSWORD_AUTH=${SSH_DISABLE_PASSWORD_AUTH:=false}
156 SSH_DISABLE_PASSWORD_AUTH=${SSH_DISABLE_PASSWORD_AUTH:=false}
152 SSH_LIMIT_USERS=${SSH_LIMIT_USERS:=false}
157 SSH_LIMIT_USERS=${SSH_LIMIT_USERS:=false}
153 SSH_ROOT_PUB_KEY=${SSH_ROOT_PUB_KEY:=""}
158 SSH_ROOT_PUB_KEY=${SSH_ROOT_PUB_KEY:=""}
154 SSH_USER_PUB_KEY=${SSH_USER_PUB_KEY:=""}
159 SSH_USER_PUB_KEY=${SSH_USER_PUB_KEY:=""}
155
160
156 # Advanced settings
161 # Advanced settings
157 ENABLE_SYSTEMDSWAP=${ENABLE_SYSTEMDSWAP:=false}
162 ENABLE_SYSTEMDSWAP=${ENABLE_SYSTEMDSWAP:=false}
158 ENABLE_MINBASE=${ENABLE_MINBASE:=false}
163 ENABLE_MINBASE=${ENABLE_MINBASE:=false}
159 ENABLE_REDUCE=${ENABLE_REDUCE:=false}
164 ENABLE_REDUCE=${ENABLE_REDUCE:=false}
160 ENABLE_UBOOT=${ENABLE_UBOOT:=false}
165 ENABLE_UBOOT=${ENABLE_UBOOT:=false}
161 UBOOTSRC_DIR=${UBOOTSRC_DIR:=""}
166 UBOOTSRC_DIR=${UBOOTSRC_DIR:=""}
162 ENABLE_USBBOOT=${ENABLE_USBBOOT=false}
167 ENABLE_USBBOOT=${ENABLE_USBBOOT=false}
163 ENABLE_FBTURBO=${ENABLE_FBTURBO:=false}
168 ENABLE_FBTURBO=${ENABLE_FBTURBO:=false}
164 ENABLE_VIDEOCORE=${ENABLE_VIDEOCORE:=false}
169 ENABLE_VIDEOCORE=${ENABLE_VIDEOCORE:=false}
165 ENABLE_NEXMON=${ENABLE_NEXMON:=false}
170 ENABLE_NEXMON=${ENABLE_NEXMON:=false}
166 VIDEOCORESRC_DIR=${VIDEOCORESRC_DIR:=""}
171 VIDEOCORESRC_DIR=${VIDEOCORESRC_DIR:=""}
167 FBTURBOSRC_DIR=${FBTURBOSRC_DIR:=""}
172 FBTURBOSRC_DIR=${FBTURBOSRC_DIR:=""}
168 NEXMONSRC_DIR=${NEXMONSRC_DIR:=""}
173 NEXMONSRC_DIR=${NEXMONSRC_DIR:=""}
169 ENABLE_HARDNET=${ENABLE_HARDNET:=false}
174 ENABLE_HARDNET=${ENABLE_HARDNET:=false}
170 ENABLE_IPTABLES=${ENABLE_IPTABLES:=false}
175 ENABLE_IPTABLES=${ENABLE_IPTABLES:=false}
171 ENABLE_SPLITFS=${ENABLE_SPLITFS:=false}
176 ENABLE_SPLITFS=${ENABLE_SPLITFS:=false}
172 ENABLE_INITRAMFS=${ENABLE_INITRAMFS:=false}
177 ENABLE_INITRAMFS=${ENABLE_INITRAMFS:=false}
173 ENABLE_IFNAMES=${ENABLE_IFNAMES:=true}
178 ENABLE_IFNAMES=${ENABLE_IFNAMES:=true}
174 ENABLE_SPLASH=${ENABLE_SPLASH:=true}
179 ENABLE_SPLASH=${ENABLE_SPLASH:=true}
175 ENABLE_LOGO=${ENABLE_LOGO:=true}
180 ENABLE_LOGO=${ENABLE_LOGO:=true}
176 ENABLE_SILENT_BOOT=${ENABLE_SILENT_BOOT=false}
181 ENABLE_SILENT_BOOT=${ENABLE_SILENT_BOOT=false}
177 DISABLE_UNDERVOLT_WARNINGS=${DISABLE_UNDERVOLT_WARNINGS:=}
182 DISABLE_UNDERVOLT_WARNINGS=${DISABLE_UNDERVOLT_WARNINGS:=}
178
183
179 # Kernel compilation settings
184 # Kernel compilation settings
180 BUILD_KERNEL=${BUILD_KERNEL:=true}
185 BUILD_KERNEL=${BUILD_KERNEL:=true}
181 KERNEL_REDUCE=${KERNEL_REDUCE:=false}
186 KERNEL_REDUCE=${KERNEL_REDUCE:=false}
182 KERNEL_THREADS=${KERNEL_THREADS:=1}
187 KERNEL_THREADS=${KERNEL_THREADS:=1}
183 KERNEL_HEADERS=${KERNEL_HEADERS:=true}
188 KERNEL_HEADERS=${KERNEL_HEADERS:=true}
184 KERNEL_MENUCONFIG=${KERNEL_MENUCONFIG:=false}
189 KERNEL_MENUCONFIG=${KERNEL_MENUCONFIG:=false}
185 KERNEL_REMOVESRC=${KERNEL_REMOVESRC:=true}
190 KERNEL_REMOVESRC=${KERNEL_REMOVESRC:=true}
186 KERNEL_OLDDEFCONFIG=${KERNEL_OLDDEFCONFIG:=false}
191 KERNEL_OLDDEFCONFIG=${KERNEL_OLDDEFCONFIG:=false}
187 KERNEL_CCACHE=${KERNEL_CCACHE:=false}
192 KERNEL_CCACHE=${KERNEL_CCACHE:=false}
188 KERNEL_ZSWAP=${KERNEL_ZSWAP:=false}
193 KERNEL_ZSWAP=${KERNEL_ZSWAP:=false}
189 KERNEL_VIRT=${KERNEL_VIRT:=false}
194 KERNEL_VIRT=${KERNEL_VIRT:=false}
190 KERNEL_BPF=${KERNEL_BPF:=false}
195 KERNEL_BPF=${KERNEL_BPF:=false}
191 KERNEL_DEFAULT_GOV=${KERNEL_DEFAULT_GOV:=ondemand}
196 KERNEL_DEFAULT_GOV=${KERNEL_DEFAULT_GOV:=ondemand}
192 KERNEL_SECURITY=${KERNEL_SECURITY:=false}
197 KERNEL_SECURITY=${KERNEL_SECURITY:=false}
193 KERNEL_NF=${KERNEL_NF:=false}
198 KERNEL_NF=${KERNEL_NF:=false}
194
199
195 # Kernel compilation from source directory settings
200 # Kernel compilation from source directory settings
196 KERNELSRC_DIR=${KERNELSRC_DIR:=""}
201 KERNELSRC_DIR=${KERNELSRC_DIR:=""}
197 KERNELSRC_CLEAN=${KERNELSRC_CLEAN:=false}
202 KERNELSRC_CLEAN=${KERNELSRC_CLEAN:=false}
198 KERNELSRC_CONFIG=${KERNELSRC_CONFIG:=true}
203 KERNELSRC_CONFIG=${KERNELSRC_CONFIG:=true}
199 KERNELSRC_PREBUILT=${KERNELSRC_PREBUILT:=false}
204 KERNELSRC_PREBUILT=${KERNELSRC_PREBUILT:=false}
200
205
201 # Reduce disk usage settings
206 # Reduce disk usage settings
202 REDUCE_APT=${REDUCE_APT:=true}
207 REDUCE_APT=${REDUCE_APT:=true}
203 REDUCE_DOC=${REDUCE_DOC:=true}
208 REDUCE_DOC=${REDUCE_DOC:=true}
204 REDUCE_MAN=${REDUCE_MAN:=true}
209 REDUCE_MAN=${REDUCE_MAN:=true}
205 REDUCE_VIM=${REDUCE_VIM:=false}
210 REDUCE_VIM=${REDUCE_VIM:=false}
206 REDUCE_BASH=${REDUCE_BASH:=false}
211 REDUCE_BASH=${REDUCE_BASH:=false}
207 REDUCE_HWDB=${REDUCE_HWDB:=true}
212 REDUCE_HWDB=${REDUCE_HWDB:=true}
208 REDUCE_SSHD=${REDUCE_SSHD:=true}
213 REDUCE_SSHD=${REDUCE_SSHD:=true}
209 REDUCE_LOCALE=${REDUCE_LOCALE:=true}
214 REDUCE_LOCALE=${REDUCE_LOCALE:=true}
210
215
211 # Encrypted filesystem settings
216 # Encrypted filesystem settings
212 ENABLE_CRYPTFS=${ENABLE_CRYPTFS:=false}
217 ENABLE_CRYPTFS=${ENABLE_CRYPTFS:=false}
213 CRYPTFS_PASSWORD=${CRYPTFS_PASSWORD:=""}
218 CRYPTFS_PASSWORD=${CRYPTFS_PASSWORD:=""}
214 CRYPTFS_MAPPING=${CRYPTFS_MAPPING:="secure"}
219 CRYPTFS_MAPPING=${CRYPTFS_MAPPING:="secure"}
215 CRYPTFS_CIPHER=${CRYPTFS_CIPHER:="aes-xts-plain64:sha512"}
220 CRYPTFS_CIPHER=${CRYPTFS_CIPHER:="aes-xts-plain64:sha512"}
216 CRYPTFS_XTSKEYSIZE=${CRYPTFS_XTSKEYSIZE:=512}
221 CRYPTFS_XTSKEYSIZE=${CRYPTFS_XTSKEYSIZE:=512}
217 #Dropbear-initramfs supports unlocking encrypted filesystem via SSH on bootup
222 #Dropbear-initramfs supports unlocking encrypted filesystem via SSH on bootup
218 CRYPTFS_DROPBEAR=${CRYPTFS_DROPBEAR:=false}
223 CRYPTFS_DROPBEAR=${CRYPTFS_DROPBEAR:=false}
219 #Provide your own Dropbear Public RSA-OpenSSH Key otherwise it will be generated
224 #Provide your own Dropbear Public RSA-OpenSSH Key otherwise it will be generated
220 CRYPTFS_DROPBEAR_PUBKEY=${CRYPTFS_DROPBEAR_PUBKEY:=""}
225 CRYPTFS_DROPBEAR_PUBKEY=${CRYPTFS_DROPBEAR_PUBKEY:=""}
221
226
222 # Chroot scripts directory
227 # Chroot scripts directory
223 CHROOT_SCRIPTS=${CHROOT_SCRIPTS:=""}
228 CHROOT_SCRIPTS=${CHROOT_SCRIPTS:=""}
224
229
225 # Packages required in the chroot build environment
230 # Packages required in the chroot build environment
226 APT_INCLUDES=${APT_INCLUDES:=""}
231 APT_INCLUDES=${APT_INCLUDES:=""}
227 APT_INCLUDES="${APT_INCLUDES},apt-transport-https,apt-utils,ca-certificates,debian-archive-keyring,dialog,sudo,systemd,sysvinit-utils,locales,keyboard-configuration,console-setup,libnss-systemd"
232 APT_INCLUDES="${APT_INCLUDES},flex,bison,libssl-dev,apt-transport-https,apt-utils,ca-certificates,debian-archive-keyring,dialog,sudo,systemd,sysvinit-utils,locales,keyboard-configuration,console-setup,libnss-systemd"
228
233
229 # Packages to exclude from chroot build environment
234 # Packages to exclude from chroot build environment
230 APT_EXCLUDES=${APT_EXCLUDES:=""}
235 APT_EXCLUDES=${APT_EXCLUDES:=""}
231
236
232 # Packages required for bootstrapping
237 # Packages required for bootstrapping
233 REQUIRED_PACKAGES="debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git bc psmisc dbus sudo"
238 REQUIRED_PACKAGES="debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git bc psmisc dbus sudo"
234 MISSING_PACKAGES=""
239 MISSING_PACKAGES=""
235
240
236 # Packages installed for c/c++ build environment in chroot (keep empty)
241 # Packages installed for c/c++ build environment in chroot (keep empty)
237 COMPILER_PACKAGES=""
242 COMPILER_PACKAGES=""
238
243
239 # Check if apt-cacher-ng has port 3142 open and set APT_PROXY
244 # Check if apt-cacher-ng has port 3142 open and set APT_PROXY
240 APT_CACHER_RUNNING=$(lsof -i :3142 | cut -d ' ' -f3 | uniq | sed '/^\s*$/d')
245 APT_CACHER_RUNNING=$(lsof -i :3142 | cut -d ' ' -f3 | uniq | sed '/^\s*$/d')
241 if [ "${APT_CACHER_RUNNING}" = "apt-cacher-ng" ] ; then
246 if [ "${APT_CACHER_RUNNING}" = "apt-cacher-ng" ] ; then
242 APT_PROXY=http://127.0.0.1:3142/
247 APT_PROXY=http://127.0.0.1:3142/
243 fi
248 fi
244
249
245 # Setup architecture specific settings
250 # Setup architecture specific settings
246 if [ -n "$SET_ARCH" ] ; then
251 if [ -n "$SET_ARCH" ] ; then
247 # 64-bit configuration
252 # 64-bit configuration
248 if [ "$SET_ARCH" = 64 ] ; then
253 if [ "$SET_ARCH" = 64 ] ; then
249 # General 64-bit depended settings
254 # General 64-bit depended settings
250 QEMU_BINARY=${QEMU_BINARY:=/usr/bin/qemu-aarch64-static}
255 QEMU_BINARY=${QEMU_BINARY:=/usr/bin/qemu-aarch64-static}
251 KERNEL_ARCH=${KERNEL_ARCH:=arm64}
256 KERNEL_ARCH=${KERNEL_ARCH:=arm64}
252 KERNEL_BIN_IMAGE=${KERNEL_BIN_IMAGE:="Image"}
257 KERNEL_BIN_IMAGE=${KERNEL_BIN_IMAGE:="Image"}
253
258
254 # Raspberry Pi model specific settings
259 # Raspberry Pi model specific settings
255 if [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] || [ "$RPI_MODEL" = 4 ] ; then
260 if [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] || [ "$RPI_MODEL" = 4 ] ; then
256 if [ "$RPI_MODEL" != 4 ] ; then
261 if [ "$RPI_MODEL" != 4 ] ; then
257 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcmrpi3_defconfig}
262 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcmrpi3_defconfig}
258 else
263 else
259 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcm2711_defconfig}
264 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcm2711_defconfig}
260 fi
265 fi
261
266
262 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-arm64"
267 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-arm64"
263 RELEASE_ARCH=${RELEASE_ARCH:=arm64}
268 RELEASE_ARCH=${RELEASE_ARCH:=arm64}
264 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel8.img}
269 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel8.img}
265 CROSS_COMPILE=${CROSS_COMPILE:=aarch64-linux-gnu-}
270 CROSS_COMPILE=${CROSS_COMPILE:=aarch64-linux-gnu-}
266 else
271 else
267 echo "error: Only Raspberry PI 3, 3B+ and 4 support 64-bit"
272 echo "error: Only Raspberry PI 3, 3B+ and 4 support 64-bit"
268 exit 1
273 exit 1
269 fi
274 fi
270 fi
275 fi
271
276
272 # 32-bit configuration
277 # 32-bit configuration
273 if [ "$SET_ARCH" = 32 ] ; then
278 if [ "$SET_ARCH" = 32 ] ; then
274 # General 32-bit dependend settings
279 # General 32-bit dependend settings
275 QEMU_BINARY=${QEMU_BINARY:=/usr/bin/qemu-arm-static}
280 QEMU_BINARY=${QEMU_BINARY:=/usr/bin/qemu-arm-static}
276 KERNEL_ARCH=${KERNEL_ARCH:=arm}
281 KERNEL_ARCH=${KERNEL_ARCH:=arm}
277 KERNEL_BIN_IMAGE=${KERNEL_BIN_IMAGE:="zImage"}
282 KERNEL_BIN_IMAGE=${KERNEL_BIN_IMAGE:="zImage"}
278
283
279 # Raspberry Pi model specific settings
284 # Raspberry Pi model specific settings
280 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 1 ] || [ "$RPI_MODEL" = 1P ] ; then
285 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 1 ] || [ "$RPI_MODEL" = 1P ] ; then
281 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-armel"
286 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-armel"
282 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcmrpi_defconfig}
287 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcmrpi_defconfig}
283 RELEASE_ARCH=${RELEASE_ARCH:=armel}
288 RELEASE_ARCH=${RELEASE_ARCH:=armel}
284 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel.img}
289 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel.img}
285 CROSS_COMPILE=${CROSS_COMPILE:=arm-linux-gnueabi-}
290 CROSS_COMPILE=${CROSS_COMPILE:=arm-linux-gnueabi-}
286 fi
291 fi
287
292
288 # Raspberry Pi model specific settings
293 # Raspberry Pi model specific settings
289 if [ "$RPI_MODEL" = 2 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] || [ "$RPI_MODEL" = 4 ] ; then
294 if [ "$RPI_MODEL" = 2 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] || [ "$RPI_MODEL" = 4 ] ; then
290 if [ "$RPI_MODEL" != 4 ] ; then
295 if [ "$RPI_MODEL" != 4 ] ; then
291 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcm2709_defconfig}
296 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcm2709_defconfig}
297 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel7.img}
292 else
298 else
293 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcm2711_defconfig}
299 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcm2711_defconfig}
300 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel7l.img}
294 fi
301 fi
295
302
296 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-armhf"
303 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-armhf"
297 RELEASE_ARCH=${RELEASE_ARCH:=armhf}
304 RELEASE_ARCH=${RELEASE_ARCH:=armhf}
298 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel7.img}
305
299 CROSS_COMPILE=${CROSS_COMPILE:=arm-linux-gnueabihf-}
306 CROSS_COMPILE=${CROSS_COMPILE:=arm-linux-gnueabihf-}
300 fi
307 fi
301 fi
308 fi
302 # SET_ARCH not set
309 # SET_ARCH not set
303 else
310 else
304 echo "error: Please set '32' or '64' as value for SET_ARCH"
311 echo "error: Please set '32' or '64' as value for SET_ARCH"
305 exit 1
312 exit 1
306 fi
313 fi
307 # Device specific configuration and U-Boot configuration
314 # Device specific configuration and U-Boot configuration
308 case "$RPI_MODEL" in
315 case "$RPI_MODEL" in
309 0)
316 0)
310 DTB_FILE=${DTB_FILE:=bcm2708-rpi-0-w.dtb}
317 DTB_FILE=${DTB_FILE:=bcm2708-rpi-0-w.dtb}
311 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_defconfig}
318 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_defconfig}
312 ;;
319 ;;
313 1)
320 1)
314 DTB_FILE=${DTB_FILE:=bcm2708-rpi-b.dtb}
321 DTB_FILE=${DTB_FILE:=bcm2708-rpi-b.dtb}
315 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_defconfig}
322 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_defconfig}
316 ;;
323 ;;
317 1P)
324 1P)
318 DTB_FILE=${DTB_FILE:=bcm2708-rpi-b-plus.dtb}
325 DTB_FILE=${DTB_FILE:=bcm2708-rpi-b-plus.dtb}
319 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_defconfig}
326 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_defconfig}
320 ;;
327 ;;
321 2)
328 2)
322 DTB_FILE=${DTB_FILE:=bcm2709-rpi-2-b.dtb}
329 DTB_FILE=${DTB_FILE:=bcm2709-rpi-2-b.dtb}
323 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_2_defconfig}
330 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_2_defconfig}
324 ;;
331 ;;
325 3)
332 3)
326 DTB_FILE=${DTB_FILE:=bcm2710-rpi-3-b.dtb}
333 DTB_FILE=${DTB_FILE:=bcm2710-rpi-3-b.dtb}
327 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_3_defconfig}
334 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_3_defconfig}
328 ;;
335 ;;
329 3P)
336 3P)
330 DTB_FILE=${DTB_FILE:=bcm2710-rpi-3-b.dtb}
337 DTB_FILE=${DTB_FILE:=bcm2710-rpi-3-b.dtb}
331 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_3_defconfig}
338 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_3_defconfig}
332 ;;
339 ;;
333 4)
340 4)
334 DTB_FILE=${DTB_FILE:=bcm2711-rpi-4-b.dtb}
341 DTB_FILE=${DTB_FILE:=bcm2711-rpi-4-b.dtb}
335 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_4_defconfig}
342 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_4_defconfig}
336 ;;
343 ;;
337 *)
344 *)
338 echo "error: Raspberry Pi model $RPI_MODEL is not supported!"
345 echo "error: Raspberry Pi model $RPI_MODEL is not supported!"
339 exit 1
346 exit 1
340 ;;
347 ;;
341 esac
348 esac
342
349
343 # Raspberry PI 0,3,3P with Bluetooth and Wifi onboard
350 # Raspberry PI 0,3,3P with Bluetooth and Wifi onboard
344 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] || [ "$RPI_MODEL" = 4 ] ; then
351 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] || [ "$RPI_MODEL" = 4 ] ; then
345 # Include bluetooth packages on supported boards
352 # Include bluetooth packages on supported boards
346 if [ "$ENABLE_BLUETOOTH" = true ] ; then
353 if [ "$ENABLE_BLUETOOTH" = true ] ; then
347 APT_INCLUDES="${APT_INCLUDES},bluetooth,bluez"
354 APT_INCLUDES="${APT_INCLUDES},bluetooth,bluez"
348 fi
355 fi
349 if [ "$ENABLE_WIRELESS" = true ] ; then
356 if [ "$ENABLE_WIRELESS" = true ] ; then
350 APT_INCLUDES="${APT_INCLUDES},wireless-tools,crda,wireless-regdb"
357 APT_INCLUDES="${APT_INCLUDES},wireless-tools,crda,wireless-regdb"
351 fi
358 fi
352 else # Raspberry PI 1,1P,2 without Wifi and bluetooth onboard
359 else # Raspberry PI 1,1P,2 without Wifi and bluetooth onboard
353 # Check if the internal wireless interface is not supported by the RPi model
360 # Check if the internal wireless interface is not supported by the RPi model
354 if [ "$ENABLE_WIRELESS" = true ] || [ "$ENABLE_BLUETOOTH" = true ]; then
361 if [ "$ENABLE_WIRELESS" = true ] || [ "$ENABLE_BLUETOOTH" = true ]; then
355 echo "error: The selected Raspberry Pi model has no integrated interface for wireless or bluetooth"
362 echo "error: The selected Raspberry Pi model has no integrated interface for wireless or bluetooth"
356 exit 1
363 exit 1
357 fi
364 fi
358 fi
365 fi
359
366
360 if [ "$BUILD_KERNEL" = false ] && [ "$ENABLE_NEXMON" = true ]; then
367 if [ "$BUILD_KERNEL" = false ] && [ "$ENABLE_NEXMON" = true ]; then
361 echo "error: You have to compile kernel sources, if you want to enable nexmon"
368 echo "error: You have to compile kernel sources, if you want to enable nexmon"
362 exit 1
369 exit 1
363 fi
370 fi
364
371
365 # Prepare date string for default image file name
372 # Prepare date string for default image file name
366 DATE="$(date +%Y-%m-%d)"
373 DATE="$(date +%Y-%m-%d)"
367 if [ -z "$KERNEL_BRANCH" ] ; then
374 if [ -z "$KERNEL_BRANCH" ] ; then
368 IMAGE_NAME=${IMAGE_NAME:=${BASEDIR}/${DATE}-${KERNEL_ARCH}-CURRENT-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}}
375 IMAGE_NAME=${IMAGE_NAME:=${BASEDIR}/${DATE}-${KERNEL_ARCH}-CURRENT-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}}
369 else
376 else
370 IMAGE_NAME=${IMAGE_NAME:=${BASEDIR}/${DATE}-${KERNEL_ARCH}-${KERNEL_BRANCH}-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}}
377 IMAGE_NAME=${IMAGE_NAME:=${BASEDIR}/${DATE}-${KERNEL_ARCH}-${KERNEL_BRANCH}-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}}
371 fi
378 fi
372
379
373 # Check if DISABLE_UNDERVOLT_WARNINGS parameter value is supported
380 # Check if DISABLE_UNDERVOLT_WARNINGS parameter value is supported
374 if [ -n "$DISABLE_UNDERVOLT_WARNINGS" ] ; then
381 if [ -n "$DISABLE_UNDERVOLT_WARNINGS" ] ; then
375 if [ "$DISABLE_UNDERVOLT_WARNINGS" != 1 ] && [ "$DISABLE_UNDERVOLT_WARNINGS" != 2 ] ; then
382 if [ "$DISABLE_UNDERVOLT_WARNINGS" != 1 ] && [ "$DISABLE_UNDERVOLT_WARNINGS" != 2 ] ; then
376 echo "error: DISABLE_UNDERVOLT_WARNINGS=${DISABLE_UNDERVOLT_WARNINGS} is not supported"
383 echo "error: DISABLE_UNDERVOLT_WARNINGS=${DISABLE_UNDERVOLT_WARNINGS} is not supported"
377 exit 1
384 exit 1
378 fi
385 fi
379 fi
386 fi
380
387
381 # Add cmake to compile videocore sources
388 # Add cmake to compile videocore sources
382 if [ "$ENABLE_VIDEOCORE" = true ] ; then
389 if [ "$ENABLE_VIDEOCORE" = true ] ; then
383 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} cmake"
390 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} cmake"
384 fi
391 fi
385
392
386 # Add deps for nexmon
393 # Add deps for nexmon
387 if [ "$ENABLE_NEXMON" = true ] ; then
394 if [ "$ENABLE_NEXMON" = true ] ; then
388 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} libgmp3-dev gawk qpdf bison flex make autoconf automake build-essential libtool"
395 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} libgmp3-dev gawk qpdf make autoconf automake build-essential libtool"
389 fi
396 fi
390
397
391 # Add libncurses5 to enable kernel menuconfig
398 # Add libncurses5 to enable kernel menuconfig
392 if [ "$KERNEL_MENUCONFIG" = true ] ; then
399 if [ "$KERNEL_MENUCONFIG" = true ] ; then
393 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} libncurses-dev"
400 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} libncurses-dev"
394 fi
401 fi
395
402
396 # Add ccache compiler cache for (faster) kernel cross (re)compilation
403 # Add ccache compiler cache for (faster) kernel cross (re)compilation
397 if [ "$KERNEL_CCACHE" = true ] ; then
404 if [ "$KERNEL_CCACHE" = true ] ; then
398 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} ccache"
405 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} ccache"
399 fi
406 fi
400
407
401 # Add cryptsetup package to enable filesystem encryption
408 # Add cryptsetup package to enable filesystem encryption
402 if [ "$ENABLE_CRYPTFS" = true ] && [ "$BUILD_KERNEL" = true ] ; then
409 if [ "$ENABLE_CRYPTFS" = true ] && [ "$BUILD_KERNEL" = true ] ; then
403 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} cryptsetup"
410 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} cryptsetup"
404 APT_INCLUDES="${APT_INCLUDES},cryptsetup,busybox,console-setup"
411 APT_INCLUDES="${APT_INCLUDES},cryptsetup,busybox,console-setup"
405
412
406 # If cryptfs,dropbear and initramfs are enabled include dropbear-initramfs package
413 # If cryptfs,dropbear and initramfs are enabled include dropbear-initramfs package
407 if [ "$CRYPTFS_DROPBEAR" = true ] && [ "$ENABLE_INITRAMFS" = true ]; then
414 if [ "$CRYPTFS_DROPBEAR" = true ] && [ "$ENABLE_INITRAMFS" = true ]; then
408 APT_INCLUDES="${APT_INCLUDES},dropbear-initramfs"
415 APT_INCLUDES="${APT_INCLUDES},dropbear-initramfs"
409 fi
416 fi
410
417
411 if [ -z "$CRYPTFS_PASSWORD" ] ; then
418 if [ -z "$CRYPTFS_PASSWORD" ] ; then
412 echo "error: no password defined (CRYPTFS_PASSWORD)!"
419 echo "error: no password defined (CRYPTFS_PASSWORD)!"
413 exit 1
420 exit 1
414 fi
421 fi
415 ENABLE_INITRAMFS=true
422 ENABLE_INITRAMFS=true
416 fi
423 fi
417
424
418 # Add initramfs generation tools
425 # Add initramfs generation tools
419 if [ "$ENABLE_INITRAMFS" = true ] && [ "$BUILD_KERNEL" = true ] ; then
426 if [ "$ENABLE_INITRAMFS" = true ] && [ "$BUILD_KERNEL" = true ] ; then
420 APT_INCLUDES="${APT_INCLUDES},initramfs-tools"
427 APT_INCLUDES="${APT_INCLUDES},initramfs-tools"
421 fi
428 fi
422
429
423 # Add device-tree-compiler required for building the U-Boot bootloader
430 # Add device-tree-compiler required for building the U-Boot bootloader
424 if [ "$ENABLE_UBOOT" = true ] ; then
431 if [ "$ENABLE_UBOOT" = true ] ; then
425 APT_INCLUDES="${APT_INCLUDES},device-tree-compiler,bison,flex,bc"
432 APT_INCLUDES="${APT_INCLUDES},device-tree-compiler,bison,flex,bc"
426 fi
433 fi
427
434
428 if [ "$ENABLE_USBBOOT" = true ] ; then
435 if [ "$ENABLE_USBBOOT" = true ] ; then
429 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 1P ] || [ "$RPI_MODEL" = 1 ] || [ "$RPI_MODEL" = 2 ]; then
436 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 1P ] || [ "$RPI_MODEL" = 1 ] || [ "$RPI_MODEL" = 2 ]; then
430 echo "error: Booting from USB alone is only supported by Raspberry Pi 3 and 3P"
437 echo "error: Booting from USB alone is only supported by Raspberry Pi 3 and 3P"
431 exit 1
438 exit 1
432 fi
439 fi
433 fi
440 fi
434
441
435 # Check if root SSH (v2) public key file exists
442 # Check if root SSH (v2) public key file exists
436 if [ -n "$SSH_ROOT_PUB_KEY" ] ; then
443 if [ -n "$SSH_ROOT_PUB_KEY" ] ; then
437 if [ ! -f "$SSH_ROOT_PUB_KEY" ] ; then
444 if [ ! -f "$SSH_ROOT_PUB_KEY" ] ; then
438 echo "error: '$SSH_ROOT_PUB_KEY' specified SSH public key file not found (SSH_ROOT_PUB_KEY)!"
445 echo "error: '$SSH_ROOT_PUB_KEY' specified SSH public key file not found (SSH_ROOT_PUB_KEY)!"
439 exit 1
446 exit 1
440 fi
447 fi
441 fi
448 fi
442
449
443 # Check if $USER_NAME SSH (v2) public key file exists
450 # Check if $USER_NAME SSH (v2) public key file exists
444 if [ -n "$SSH_USER_PUB_KEY" ] ; then
451 if [ -n "$SSH_USER_PUB_KEY" ] ; then
445 if [ ! -f "$SSH_USER_PUB_KEY" ] ; then
452 if [ ! -f "$SSH_USER_PUB_KEY" ] ; then
446 echo "error: '$SSH_USER_PUB_KEY' specified SSH public key file not found (SSH_USER_PUB_KEY)!"
453 echo "error: '$SSH_USER_PUB_KEY' specified SSH public key file not found (SSH_USER_PUB_KEY)!"
447 exit 1
454 exit 1
448 fi
455 fi
449 fi
456 fi
450
457
451 if [ "$ENABLE_NEXMON" = true ] && [ -n "$KERNEL_BRANCH" ] ; then
458 if [ "$ENABLE_NEXMON" = true ] && [ -n "$KERNEL_BRANCH" ] ; then
452 echo "error: Please unset KERNEL_BRANCH if using ENABLE_NEXMON"
459 echo "error: Please unset KERNEL_BRANCH if using ENABLE_NEXMON"
453 exit 1
460 exit 1
454 fi
461 fi
455
462
456 # Check if all required packages are installed on the build system
463 # Check if all required packages are installed on the build system
457 for package in $REQUIRED_PACKAGES ; do
464 for package in $REQUIRED_PACKAGES ; do
458 if [ "$(dpkg-query -W -f='${Status}' "$package")" != "install ok installed" ] ; then
465 if [ "$(dpkg-query -W -f='${Status}' "$package")" != "install ok installed" ] ; then
459 MISSING_PACKAGES="${MISSING_PACKAGES} $package"
466 MISSING_PACKAGES="${MISSING_PACKAGES} $package"
460 fi
467 fi
461 done
468 done
462
469
463 # If there are missing packages ask confirmation for install, or exit
470 # If there are missing packages ask confirmation for install, or exit
464 if [ -n "$MISSING_PACKAGES" ] ; then
471 if [ -n "$MISSING_PACKAGES" ] ; then
465 echo "the following packages needed by this script are not installed:"
472 echo "the following packages needed by this script are not installed:"
466 echo "$MISSING_PACKAGES"
473 echo "$MISSING_PACKAGES"
467
474
468 printf "\ndo you want to install the missing packages right now? [y/n] "
475 printf "\ndo you want to install the missing packages right now? [y/n] "
469 read -r confirm
476 read -r confirm
470 [ "$confirm" != "y" ] && exit 1
477 [ "$confirm" != "y" ] && exit 1
471
478
472 # Make sure all missing required packages are installed
479 # Make sure all missing required packages are installed
473 apt-get -qq -y install `echo "${MISSING_PACKAGES}" | sed "s/ //"`
480 apt-get update && apt-get -qq -y install `echo "${MISSING_PACKAGES}" | sed "s/ //"`
474 fi
481 fi
475
482
476 # Check if ./bootstrap.d directory exists
483 # Check if ./bootstrap.d directory exists
477 if [ ! -d "./bootstrap.d/" ] ; then
484 if [ ! -d "./bootstrap.d/" ] ; then
478 echo "error: './bootstrap.d' required directory not found!"
485 echo "error: './bootstrap.d' required directory not found!"
479 exit 1
486 exit 1
480 fi
487 fi
481
488
482 # Check if ./files directory exists
489 # Check if ./files directory exists
483 if [ ! -d "./files/" ] ; then
490 if [ ! -d "./files/" ] ; then
484 echo "error: './files' required directory not found!"
491 echo "error: './files' required directory not found!"
485 exit 1
492 exit 1
486 fi
493 fi
487
494
488 # Check if specified KERNELSRC_DIR directory exists
495 # Check if specified KERNELSRC_DIR directory exists
489 if [ -n "$KERNELSRC_DIR" ] && [ ! -d "$KERNELSRC_DIR" ] ; then
496 if [ -n "$KERNELSRC_DIR" ] && [ ! -d "$KERNELSRC_DIR" ] ; then
490 echo "error: '${KERNELSRC_DIR}' specified directory not found (KERNELSRC_DIR)!"
497 echo "error: '${KERNELSRC_DIR}' specified directory not found (KERNELSRC_DIR)!"
491 exit 1
498 exit 1
492 fi
499 fi
493
500
494 # Check if specified UBOOTSRC_DIR directory exists
501 # Check if specified UBOOTSRC_DIR directory exists
495 if [ -n "$UBOOTSRC_DIR" ] && [ ! -d "$UBOOTSRC_DIR" ] ; then
502 if [ -n "$UBOOTSRC_DIR" ] && [ ! -d "$UBOOTSRC_DIR" ] ; then
496 echo "error: '${UBOOTSRC_DIR}' specified directory not found (UBOOTSRC_DIR)!"
503 echo "error: '${UBOOTSRC_DIR}' specified directory not found (UBOOTSRC_DIR)!"
497 exit 1
504 exit 1
498 fi
505 fi
499
506
500 # Check if specified VIDEOCORESRC_DIR directory exists
507 # Check if specified VIDEOCORESRC_DIR directory exists
501 if [ -n "$VIDEOCORESRC_DIR" ] && [ ! -d "$VIDEOCORESRC_DIR" ] ; then
508 if [ -n "$VIDEOCORESRC_DIR" ] && [ ! -d "$VIDEOCORESRC_DIR" ] ; then
502 echo "error: '${VIDEOCORESRC_DIR}' specified directory not found (VIDEOCORESRC_DIR)!"
509 echo "error: '${VIDEOCORESRC_DIR}' specified directory not found (VIDEOCORESRC_DIR)!"
503 exit 1
510 exit 1
504 fi
511 fi
505
512
506 # Check if specified FBTURBOSRC_DIR directory exists
513 # Check if specified FBTURBOSRC_DIR directory exists
507 if [ -n "$FBTURBOSRC_DIR" ] && [ ! -d "$FBTURBOSRC_DIR" ] ; then
514 if [ -n "$FBTURBOSRC_DIR" ] && [ ! -d "$FBTURBOSRC_DIR" ] ; then
508 echo "error: '${FBTURBOSRC_DIR}' specified directory not found (FBTURBOSRC_DIR)!"
515 echo "error: '${FBTURBOSRC_DIR}' specified directory not found (FBTURBOSRC_DIR)!"
509 exit 1
516 exit 1
510 fi
517 fi
511
518
512 # Check if specified NEXMONSRC_DIR directory exists
519 # Check if specified NEXMONSRC_DIR directory exists
513 if [ -n "$NEXMONSRC_DIR" ] && [ ! -d "$NEXMONSRC_DIR" ] ; then
520 if [ -n "$NEXMONSRC_DIR" ] && [ ! -d "$NEXMONSRC_DIR" ] ; then
514 echo "error: '${NEXMONSRC_DIR}' specified directory not found (NEXMONSRC_DIR)!"
521 echo "error: '${NEXMONSRC_DIR}' specified directory not found (NEXMONSRC_DIR)!"
515 exit 1
522 exit 1
516 fi
523 fi
517
524
518 # Check if specified CHROOT_SCRIPTS directory exists
525 # Check if specified CHROOT_SCRIPTS directory exists
519 if [ -n "$CHROOT_SCRIPTS" ] && [ ! -d "$CHROOT_SCRIPTS" ] ; then
526 if [ -n "$CHROOT_SCRIPTS" ] && [ ! -d "$CHROOT_SCRIPTS" ] ; then
520 echo "error: ${CHROOT_SCRIPTS} specified directory not found (CHROOT_SCRIPTS)!"
527 echo "error: ${CHROOT_SCRIPTS} specified directory not found (CHROOT_SCRIPTS)!"
521 exit 1
528 exit 1
522 fi
529 fi
523
530
524 # Check if specified device mapping already exists (will be used by cryptsetup)
531 # Check if specified device mapping already exists (will be used by cryptsetup)
525 if [ -r "/dev/mapping/${CRYPTFS_MAPPING}" ] ; then
532 if [ -r "/dev/mapping/${CRYPTFS_MAPPING}" ] ; then
526 echo "error: mapping /dev/mapping/${CRYPTFS_MAPPING} already exists, not proceeding"
533 echo "error: mapping /dev/mapping/${CRYPTFS_MAPPING} already exists, not proceeding"
527 exit 1
534 exit 1
528 fi
535 fi
529
536
530 # Don't clobber an old build
537 # Don't clobber an old build
531 if [ -e "$BUILDDIR" ] ; then
538 if [ -e "$BUILDDIR" ] ; then
532 echo "error: directory ${BUILDDIR} already exists, not proceeding"
539 echo "error: directory ${BUILDDIR} already exists, not proceeding"
533 exit 1
540 exit 1
534 fi
541 fi
535
542
536 # Setup chroot directory
543 # Setup chroot directory
537 mkdir -p "${R}"
544 mkdir -p "${R}"
538
545
539 # Check if build directory has enough of free disk space >512MB
546 # Check if build directory has enough of free disk space >512MB
540 if [ "$(df --output=avail "${BUILDDIR}" | sed "1d")" -le "524288" ] ; then
547 if [ "$(df --output=avail "${BUILDDIR}" | sed "1d")" -le "524288" ] ; then
541 echo "error: ${BUILDDIR} not enough space left to generate the output image!"
548 echo "error: ${BUILDDIR} not enough space left to generate the output image!"
542 exit 1
549 exit 1
543 fi
550 fi
544
551
545 set -x
552 set -x
546
553
547 # Call "cleanup" function on various signals and errors
554 # Call "cleanup" function on various signals and errors
548 trap cleanup 0 1 2 3 6
555 trap cleanup 0 1 2 3 6
549
556
550 # Add required packages for the minbase installation
557 # Add required packages for the minbase installation
551 if [ "$ENABLE_MINBASE" = true ] ; then
558 if [ "$ENABLE_MINBASE" = true ] ; then
552 APT_INCLUDES="${APT_INCLUDES},vim-tiny,netbase,net-tools,ifupdown"
559 APT_INCLUDES="${APT_INCLUDES},vim-tiny,netbase,net-tools,ifupdown"
553 fi
560 fi
554
561
555 # Add parted package, required to get partprobe utility
562 # Add parted package, required to get partprobe utility
556 if [ "$EXPANDROOT" = true ] ; then
563 if [ "$EXPANDROOT" = true ] ; then
557 APT_INCLUDES="${APT_INCLUDES},parted"
564 APT_INCLUDES="${APT_INCLUDES},parted"
558 fi
565 fi
559
566
560 # Add dphys-swapfile package, required to enable swap
567 # Add dphys-swapfile package, required to enable swap
561 if [ "$ENABLE_DPHYSSWAP" = true ] ; then
568 if [ "$ENABLE_DPHYSSWAP" = true ] ; then
562 APT_INCLUDES="${APT_INCLUDES},dphys-swapfile"
569 APT_INCLUDES="${APT_INCLUDES},dphys-swapfile"
563 fi
570 fi
564
571
565 # Add dbus package, recommended if using systemd
572 # Add dbus package, recommended if using systemd
566 if [ "$ENABLE_DBUS" = true ] ; then
573 if [ "$ENABLE_DBUS" = true ] ; then
567 APT_INCLUDES="${APT_INCLUDES},dbus"
574 APT_INCLUDES="${APT_INCLUDES},dbus"
568 fi
575 fi
569
576
570 # Add iptables IPv4/IPv6 package
577 # Add iptables IPv4/IPv6 package
571 if [ "$ENABLE_IPTABLES" = true ] ; then
578 if [ "$ENABLE_IPTABLES" = true ] ; then
572 APT_INCLUDES="${APT_INCLUDES},iptables,iptables-persistent"
579 APT_INCLUDES="${APT_INCLUDES},iptables,iptables-persistent"
573 fi
580 fi
574 # Add apparmor for KERNEL_SECURITY
581 # Add apparmor for KERNEL_SECURITY
575 if [ "$KERNEL_SECURITY" = true ] ; then
582 if [ "$KERNEL_SECURITY" = true ] ; then
576 APT_INCLUDES="${APT_INCLUDES},apparmor,apparmor-utils,apparmor-profiles,apparmor-profiles-extra,libapparmor-perl"
583 APT_INCLUDES="${APT_INCLUDES},apparmor,apparmor-utils,apparmor-profiles,apparmor-profiles-extra,libapparmor-perl"
577 fi
584 fi
578
585
579 # Add openssh server package
586 # Add openssh server package
580 if [ "$ENABLE_SSHD" = true ] ; then
587 if [ "$ENABLE_SSHD" = true ] ; then
581 APT_INCLUDES="${APT_INCLUDES},openssh-server"
588 APT_INCLUDES="${APT_INCLUDES},openssh-server"
582 fi
589 fi
583
590
584 # Add alsa-utils package
591 # Add alsa-utils package
585 if [ "$ENABLE_SOUND" = true ] ; then
592 if [ "$ENABLE_SOUND" = true ] ; then
586 APT_INCLUDES="${APT_INCLUDES},alsa-utils"
593 APT_INCLUDES="${APT_INCLUDES},alsa-utils"
587 fi
594 fi
588
595
589 # Add rng-tools package
596 # Add rng-tools package
590 if [ "$ENABLE_HWRANDOM" = true ] ; then
597 if [ "$ENABLE_HWRANDOM" = true ] ; then
591 APT_INCLUDES="${APT_INCLUDES},rng-tools"
598 APT_INCLUDES="${APT_INCLUDES},rng-tools"
592 fi
599 fi
593
600
594 # Add fbturbo video driver
601 # Add fbturbo video driver
595 if [ "$ENABLE_FBTURBO" = true ] ; then
602 if [ "$ENABLE_FBTURBO" = true ] ; then
596 # Enable xorg package dependencies
603 # Enable xorg package dependencies
597 ENABLE_XORG=true
604 ENABLE_XORG=true
598 fi
605 fi
599
606
600 # Add user defined window manager package
607 # Add user defined window manager package
601 if [ -n "$ENABLE_WM" ] ; then
608 if [ -n "$ENABLE_WM" ] ; then
602 APT_INCLUDES="${APT_INCLUDES},${ENABLE_WM}"
609 APT_INCLUDES="${APT_INCLUDES},${ENABLE_WM}"
603
610
604 # Enable xorg package dependencies
611 # Enable xorg package dependencies
605 ENABLE_XORG=true
612 ENABLE_XORG=true
606 fi
613 fi
607
614
608 # Add xorg package
615 # Add xorg package
609 if [ "$ENABLE_XORG" = true ] ; then
616 if [ "$ENABLE_XORG" = true ] ; then
610 APT_INCLUDES="${APT_INCLUDES},xorg,dbus-x11"
617 APT_INCLUDES="${APT_INCLUDES},xorg,dbus-x11"
611 fi
618 fi
612
619
613 # Replace selected packages with smaller clones
620 # Replace selected packages with smaller clones
614 if [ "$ENABLE_REDUCE" = true ] ; then
621 if [ "$ENABLE_REDUCE" = true ] ; then
615 # Add levee package instead of vim-tiny
622 # Add levee package instead of vim-tiny
616 if [ "$REDUCE_VIM" = true ] ; then
623 if [ "$REDUCE_VIM" = true ] ; then
617 APT_INCLUDES="$(echo ${APT_INCLUDES} | sed "s/vim-tiny/levee/")"
624 APT_INCLUDES="$(echo ${APT_INCLUDES} | sed "s/vim-tiny/levee/")"
618 fi
625 fi
619
626
620 # Add dropbear package instead of openssh-server
627 # Add dropbear package instead of openssh-server
621 if [ "$REDUCE_SSHD" = true ] ; then
628 if [ "$REDUCE_SSHD" = true ] ; then
622 APT_INCLUDES="$(echo "${APT_INCLUDES}" | sed "s/openssh-server/dropbear/")"
629 APT_INCLUDES="$(echo "${APT_INCLUDES}" | sed "s/openssh-server/dropbear/")"
623 fi
630 fi
624 fi
631 fi
625
632
626 # Configure systemd-sysv exclude to make halt/reboot/shutdown scripts available
633 # Configure systemd-sysv exclude to make halt/reboot/shutdown scripts available
627 if [ "$ENABLE_SYSVINIT" = false ] ; then
634 if [ "$ENABLE_SYSVINIT" = false ] ; then
628 APT_EXCLUDES="--exclude=${APT_EXCLUDES},init,systemd-sysv"
635 APT_EXCLUDES="--exclude=${APT_EXCLUDES},init,systemd-sysv"
629 fi
636 fi
630
637
631 # Configure kernel sources if no KERNELSRC_DIR
638 # Configure kernel sources if no KERNELSRC_DIR
632 if [ "$BUILD_KERNEL" = true ] && [ -z "$KERNELSRC_DIR" ] ; then
639 if [ "$BUILD_KERNEL" = true ] && [ -z "$KERNELSRC_DIR" ] ; then
633 KERNELSRC_CONFIG=true
640 KERNELSRC_CONFIG=true
634 fi
641 fi
635
642
636 # Configure reduced kernel
643 # Configure reduced kernel
637 if [ "$KERNEL_REDUCE" = true ] ; then
644 if [ "$KERNEL_REDUCE" = true ] ; then
638 KERNELSRC_CONFIG=false
645 KERNELSRC_CONFIG=false
639 fi
646 fi
640
647
641 # Configure qemu compatible kernel
648 # Configure qemu compatible kernel
642 if [ "$ENABLE_QEMU" = true ] ; then
649 if [ "$ENABLE_QEMU" = true ] ; then
643 DTB_FILE=vexpress-v2p-ca15_a7.dtb
650 DTB_FILE=vexpress-v2p-ca15_a7.dtb
644 UBOOT_CONFIG=vexpress_ca15_tc2_defconfig
651 UBOOT_CONFIG=vexpress_ca15_tc2_defconfig
645 KERNEL_DEFCONFIG="vexpress_defconfig"
652 KERNEL_DEFCONFIG="vexpress_defconfig"
646 if [ "$KERNEL_MENUCONFIG" = false ] ; then
653 if [ "$KERNEL_MENUCONFIG" = false ] ; then
647 KERNEL_OLDDEFCONFIG=true
654 KERNEL_OLDDEFCONFIG=true
648 fi
655 fi
649 fi
656 fi
650
657
651 # Execute bootstrap scripts
658 # Execute bootstrap scripts
652 for SCRIPT in bootstrap.d/*.sh; do
659 for SCRIPT in bootstrap.d/*.sh; do
653 head -n 3 "$SCRIPT"
660 head -n 3 "$SCRIPT"
654 . "$SCRIPT"
661 . "$SCRIPT"
655 done
662 done
656
663
657 ## Execute custom bootstrap scripts
664 ## Execute custom bootstrap scripts
658 if [ -d "custom.d" ] ; then
665 if [ -d "custom.d" ] ; then
659 for SCRIPT in custom.d/*.sh; do
666 for SCRIPT in custom.d/*.sh; do
660 . "$SCRIPT"
667 . "$SCRIPT"
661 done
668 done
662 fi
669 fi
663
670
664 # Execute custom scripts inside the chroot
671 # Execute custom scripts inside the chroot
665 if [ -n "$CHROOT_SCRIPTS" ] && [ -d "$CHROOT_SCRIPTS" ] ; then
672 if [ -n "$CHROOT_SCRIPTS" ] && [ -d "$CHROOT_SCRIPTS" ] ; then
666 cp -r "${CHROOT_SCRIPTS}" "${R}/chroot_scripts"
673 cp -r "${CHROOT_SCRIPTS}" "${R}/chroot_scripts"
667 chroot_exec /bin/bash -x <<'EOF'
674 chroot_exec /bin/bash -x <<'EOF'
668 for SCRIPT in /chroot_scripts/* ; do
675 for SCRIPT in /chroot_scripts/* ; do
669 if [ -f $SCRIPT -a -x $SCRIPT ] ; then
676 if [ -f $SCRIPT -a -x $SCRIPT ] ; then
670 $SCRIPT
677 $SCRIPT
671 fi
678 fi
672 done
679 done
673 EOF
680 EOF
674 rm -rf "${R}/chroot_scripts"
681 rm -rf "${R}/chroot_scripts"
675 fi
682 fi
676
683
677 # Remove c/c++ build environment from the chroot
684 # Remove c/c++ build environment from the chroot
678 chroot_remove_cc
685 chroot_remove_cc
679
686
680 # Generate required machine-id
687 # Generate required machine-id
681 MACHINE_ID=$(dbus-uuidgen)
688 MACHINE_ID=$(dbus-uuidgen)
682 echo -n "${MACHINE_ID}" > "${R}/var/lib/dbus/machine-id"
689 echo -n "${MACHINE_ID}" > "${R}/var/lib/dbus/machine-id"
683 echo -n "${MACHINE_ID}" > "${ETC_DIR}/machine-id"
690 echo -n "${MACHINE_ID}" > "${ETC_DIR}/machine-id"
684
691
685 # APT Cleanup
692 # APT Cleanup
686 chroot_exec apt-get -y clean
693 chroot_exec apt-get -y clean
687 chroot_exec apt-get -y autoclean
694 chroot_exec apt-get -y autoclean
688 chroot_exec apt-get -y autoremove
695 chroot_exec apt-get -y autoremove
689
696
690 # Unmount mounted filesystems
697 # Unmount mounted filesystems
691 umount -l "${R}/proc"
698 umount -l "${R}/proc"
692 umount -l "${R}/sys"
699 umount -l "${R}/sys"
693
700
694 # Clean up directories
701 # Clean up directories
695 rm -rf "${R}/run/*"
702 rm -rf "${R}/run/*"
696 rm -rf "${R}/tmp/*"
703 rm -rf "${R}/tmp/*"
697
704
698 # Clean up APT proxy settings
705 # Clean up APT proxy settings
699 if [ "$KEEP_APT_PROXY" = false ] ; then
706 if [ "$KEEP_APT_PROXY" = false ] ; then
700 rm -f "${ETC_DIR}/apt/apt.conf.d/10proxy"
707 rm -f "${ETC_DIR}/apt/apt.conf.d/10proxy"
701 fi
708 fi
702
709
703 # Clean up files
710 # Clean up files
704 rm -f "${ETC_DIR}/ssh/ssh_host_*"
711 rm -f "${ETC_DIR}/ssh/ssh_host_*"
705 rm -f "${ETC_DIR}/dropbear/dropbear_*"
712 rm -f "${ETC_DIR}/dropbear/dropbear_*"
706 rm -f "${ETC_DIR}/apt/sources.list.save"
713 rm -f "${ETC_DIR}/apt/sources.list.save"
707 rm -f "${ETC_DIR}/resolvconf/resolv.conf.d/original"
714 rm -f "${ETC_DIR}/resolvconf/resolv.conf.d/original"
708 rm -f "${ETC_DIR}/*-"
715 rm -f "${ETC_DIR}/*-"
709 rm -f "${ETC_DIR}/resolv.conf"
716 rm -f "${ETC_DIR}/resolv.conf"
710 rm -f "${R}/root/.bash_history"
717 rm -f "${R}/root/.bash_history"
711 rm -f "${R}/var/lib/urandom/random-seed"
718 rm -f "${R}/var/lib/urandom/random-seed"
712 rm -f "${R}/initrd.img"
719 rm -f "${R}/initrd.img"
713 rm -f "${R}/vmlinuz"
720 rm -f "${R}/vmlinuz"
714 rm -f "${R}${QEMU_BINARY}"
721 rm -f "${R}${QEMU_BINARY}"
715
722
716 if [ "$ENABLE_QEMU" = true ] ; then
723 if [ "$ENABLE_QEMU" = true ] ; then
717 # Setup QEMU directory
724 # Setup QEMU directory
718 mkdir "${BASEDIR}/qemu"
725 mkdir "${BASEDIR}/qemu"
719
726
720 # Copy kernel image to QEMU directory
727 # Copy kernel image to QEMU directory
721 install_readonly "${BOOT_DIR}/${KERNEL_IMAGE}" "${BASEDIR}/qemu/${KERNEL_IMAGE}"
728 install_readonly "${BOOT_DIR}/${KERNEL_IMAGE}" "${BASEDIR}/qemu/${KERNEL_IMAGE}"
722
729
723 # Copy kernel config to QEMU directory
730 # Copy kernel config to QEMU directory
724 install_readonly "${R}/boot/config-${KERNEL_VERSION}" "${BASEDIR}/qemu/config-${KERNEL_VERSION}"
731 install_readonly "${R}/boot/config-${KERNEL_VERSION}" "${BASEDIR}/qemu/config-${KERNEL_VERSION}"
725
732
726 # Copy kernel dtbs to QEMU directory
733 # Copy kernel dtbs to QEMU directory
727 for dtb in "${BOOT_DIR}/"*.dtb ; do
734 for dtb in "${BOOT_DIR}/"*.dtb ; do
728 if [ -f "${dtb}" ] ; then
735 if [ -f "${dtb}" ] ; then
729 install_readonly "${dtb}" "${BASEDIR}/qemu/"
736 install_readonly "${dtb}" "${BASEDIR}/qemu/"
730 fi
737 fi
731 done
738 done
732
739
733 # Copy kernel overlays to QEMU directory
740 # Copy kernel overlays to QEMU directory
734 if [ -d "${BOOT_DIR}/overlays" ] ; then
741 if [ -d "${BOOT_DIR}/overlays" ] ; then
735 # Setup overlays dtbs directory
742 # Setup overlays dtbs directory
736 mkdir "${BASEDIR}/qemu/overlays"
743 mkdir "${BASEDIR}/qemu/overlays"
737
744
738 for dtb in "${BOOT_DIR}/overlays/"*.dtbo ; do
745 for dtb in "${BOOT_DIR}/overlays/"*.dtbo ; do
739 if [ -f "${dtb}" ] ; then
746 if [ -f "${dtb}" ] ; then
740 install_readonly "${dtb}" "${BASEDIR}/qemu/overlays/"
747 install_readonly "${dtb}" "${BASEDIR}/qemu/overlays/"
741 fi
748 fi
742 done
749 done
743 fi
750 fi
744
751
745 # Copy u-boot files to QEMU directory
752 # Copy u-boot files to QEMU directory
746 if [ "$ENABLE_UBOOT" = true ] ; then
753 if [ "$ENABLE_UBOOT" = true ] ; then
747 if [ -f "${BOOT_DIR}/u-boot.bin" ] ; then
754 if [ -f "${BOOT_DIR}/u-boot.bin" ] ; then
748 install_readonly "${BOOT_DIR}/u-boot.bin" "${BASEDIR}/qemu/u-boot.bin"
755 install_readonly "${BOOT_DIR}/u-boot.bin" "${BASEDIR}/qemu/u-boot.bin"
749 fi
756 fi
750 if [ -f "${BOOT_DIR}/uboot.mkimage" ] ; then
757 if [ -f "${BOOT_DIR}/uboot.mkimage" ] ; then
751 install_readonly "${BOOT_DIR}/uboot.mkimage" "${BASEDIR}/qemu/uboot.mkimage"
758 install_readonly "${BOOT_DIR}/uboot.mkimage" "${BASEDIR}/qemu/uboot.mkimage"
752 fi
759 fi
753 if [ -f "${BOOT_DIR}/boot.scr" ] ; then
760 if [ -f "${BOOT_DIR}/boot.scr" ] ; then
754 install_readonly "${BOOT_DIR}/boot.scr" "${BASEDIR}/qemu/boot.scr"
761 install_readonly "${BOOT_DIR}/boot.scr" "${BASEDIR}/qemu/boot.scr"
755 fi
762 fi
756 fi
763 fi
757
764
758 # Copy initramfs to QEMU directory
765 # Copy initramfs to QEMU directory
759 if [ -f "${BOOT_DIR}/initramfs-${KERNEL_VERSION}" ] ; then
766 if [ -f "${BOOT_DIR}/initramfs-${KERNEL_VERSION}" ] ; then
760 install_readonly "${BOOT_DIR}/initramfs-${KERNEL_VERSION}" "${BASEDIR}/qemu/initramfs-${KERNEL_VERSION}"
767 install_readonly "${BOOT_DIR}/initramfs-${KERNEL_VERSION}" "${BASEDIR}/qemu/initramfs-${KERNEL_VERSION}"
761 fi
768 fi
762 fi
769 fi
763
770
764 # Calculate size of the chroot directory in KB
771 # Calculate size of the chroot directory in KB
765 CHROOT_SIZE=$(expr "$(du -s "${R}" | awk '{ print $1 }')")
772 CHROOT_SIZE=$(expr "$(du -s "${R}" | awk '{ print $1 }')")
766
773
767 # Calculate the amount of needed 512 Byte sectors
774 # Calculate the amount of needed 512 Byte sectors
768 TABLE_SECTORS=$(expr 1 \* 1024 \* 1024 \/ 512)
775 TABLE_SECTORS=$(expr 1 \* 1024 \* 1024 \/ 512)
769 FRMW_SECTORS=$(expr 64 \* 1024 \* 1024 \/ 512)
776 FRMW_SECTORS=$(expr 64 \* 1024 \* 1024 \/ 512)
770 ROOT_OFFSET=$(expr "${TABLE_SECTORS}" + "${FRMW_SECTORS}")
777 ROOT_OFFSET=$(expr "${TABLE_SECTORS}" + "${FRMW_SECTORS}")
771
778
772 # The root partition is EXT4
779 # The root partition is EXT4
773 # This means more space than the actual used space of the chroot is used.
780 # This means more space than the actual used space of the chroot is used.
774 # As overhead for journaling and reserved blocks 35% are added.
781 # As overhead for journaling and reserved blocks 35% are added.
775 ROOT_SECTORS=$(expr "$(expr "${CHROOT_SIZE}" + "${CHROOT_SIZE}" \/ 100 \* 35)" \* 1024 \/ 512)
782 ROOT_SECTORS=$(expr "$(expr "${CHROOT_SIZE}" + "${CHROOT_SIZE}" \/ 100 \* 35)" \* 1024 \/ 512)
776
783
777 # Calculate required image size in 512 Byte sectors
784 # Calculate required image size in 512 Byte sectors
778 IMAGE_SECTORS=$(expr "${TABLE_SECTORS}" + "${FRMW_SECTORS}" + "${ROOT_SECTORS}")
785 IMAGE_SECTORS=$(expr "${TABLE_SECTORS}" + "${FRMW_SECTORS}" + "${ROOT_SECTORS}")
779
786
780 # Prepare image file
787 # Prepare image file
781 if [ "$ENABLE_SPLITFS" = true ] ; then
788 if [ "$ENABLE_SPLITFS" = true ] ; then
782 dd if=/dev/zero of="$IMAGE_NAME-frmw.img" bs=512 count="${TABLE_SECTORS}"
789 dd if=/dev/zero of="$IMAGE_NAME-frmw.img" bs=512 count="${TABLE_SECTORS}"
783 dd if=/dev/zero of="$IMAGE_NAME-frmw.img" bs=512 count=0 seek="${FRMW_SECTORS}"
790 dd if=/dev/zero of="$IMAGE_NAME-frmw.img" bs=512 count=0 seek="${FRMW_SECTORS}"
784 dd if=/dev/zero of="$IMAGE_NAME-root.img" bs=512 count="${TABLE_SECTORS}"
791 dd if=/dev/zero of="$IMAGE_NAME-root.img" bs=512 count="${TABLE_SECTORS}"
785 dd if=/dev/zero of="$IMAGE_NAME-root.img" bs=512 count=0 seek="${ROOT_SECTORS}"
792 dd if=/dev/zero of="$IMAGE_NAME-root.img" bs=512 count=0 seek="${ROOT_SECTORS}"
786
793
787 # Write firmware/boot partition tables
794 # Write firmware/boot partition tables
788 sfdisk -q -L -uS -f "$IMAGE_NAME-frmw.img" 2> /dev/null <<EOM
795 sfdisk -q -L -uS -f "$IMAGE_NAME-frmw.img" 2> /dev/null <<EOM
789 ${TABLE_SECTORS},${FRMW_SECTORS},c,*
796 ${TABLE_SECTORS},${FRMW_SECTORS},c,*
790 EOM
797 EOM
791
798
792 # Write root partition table
799 # Write root partition table
793 sfdisk -q -L -uS -f "$IMAGE_NAME-root.img" 2> /dev/null <<EOM
800 sfdisk -q -L -uS -f "$IMAGE_NAME-root.img" 2> /dev/null <<EOM
794 ${TABLE_SECTORS},${ROOT_SECTORS},83
801 ${TABLE_SECTORS},${ROOT_SECTORS},83
795 EOM
802 EOM
796
803
797 # Setup temporary loop devices
804 # Setup temporary loop devices
798 FRMW_LOOP="$(losetup -o 1M --sizelimit 64M -f --show "$IMAGE_NAME"-frmw.img)"
805 FRMW_LOOP="$(losetup -o 1M --sizelimit 64M -f --show "$IMAGE_NAME"-frmw.img)"
799 ROOT_LOOP="$(losetup -o 1M -f --show "$IMAGE_NAME"-root.img)"
806 ROOT_LOOP="$(losetup -o 1M -f --show "$IMAGE_NAME"-root.img)"
800 else # ENABLE_SPLITFS=false
807 else # ENABLE_SPLITFS=false
801 dd if=/dev/zero of="$IMAGE_NAME.img" bs=512 count="${TABLE_SECTORS}"
808 dd if=/dev/zero of="$IMAGE_NAME.img" bs=512 count="${TABLE_SECTORS}"
802 dd if=/dev/zero of="$IMAGE_NAME.img" bs=512 count=0 seek="${IMAGE_SECTORS}"
809 dd if=/dev/zero of="$IMAGE_NAME.img" bs=512 count=0 seek="${IMAGE_SECTORS}"
803
810
804 # Write partition table
811 # Write partition table
805 sfdisk -q -L -uS -f "$IMAGE_NAME.img" 2> /dev/null <<EOM
812 sfdisk -q -L -uS -f "$IMAGE_NAME.img" 2> /dev/null <<EOM
806 ${TABLE_SECTORS},${FRMW_SECTORS},c,*
813 ${TABLE_SECTORS},${FRMW_SECTORS},c,*
807 ${ROOT_OFFSET},${ROOT_SECTORS},83
814 ${ROOT_OFFSET},${ROOT_SECTORS},83
808 EOM
815 EOM
809
816
810 # Setup temporary loop devices
817 # Setup temporary loop devices
811 FRMW_LOOP="$(losetup -o 1M --sizelimit 64M -f --show "$IMAGE_NAME".img)"
818 FRMW_LOOP="$(losetup -o 1M --sizelimit 64M -f --show "$IMAGE_NAME".img)"
812 ROOT_LOOP="$(losetup -o 65M -f --show "$IMAGE_NAME".img)"
819 ROOT_LOOP="$(losetup -o 65M -f --show "$IMAGE_NAME".img)"
813 fi
820 fi
814
821
815 if [ "$ENABLE_CRYPTFS" = true ] ; then
822 if [ "$ENABLE_CRYPTFS" = true ] ; then
816 # Create dummy ext4 fs
823 # Create dummy ext4 fs
817 mkfs.ext4 "$ROOT_LOOP"
824 mkfs.ext4 "$ROOT_LOOP"
818
825
819 # Setup password keyfile
826 # Setup password keyfile
820 touch .password
827 touch .password
821 chmod 600 .password
828 chmod 600 .password
822 echo -n ${CRYPTFS_PASSWORD} > .password
829 echo -n ${CRYPTFS_PASSWORD} > .password
823
830
824 # Initialize encrypted partition
831 # Initialize encrypted partition
825 echo "YES" | cryptsetup luksFormat "${ROOT_LOOP}" -c "${CRYPTFS_CIPHER}" -s "${CRYPTFS_XTSKEYSIZE}" .password
832 echo "YES" | cryptsetup luksFormat "${ROOT_LOOP}" -c "${CRYPTFS_CIPHER}" -s "${CRYPTFS_XTSKEYSIZE}" .password
826
833
827 # Open encrypted partition and setup mapping
834 # Open encrypted partition and setup mapping
828 cryptsetup luksOpen "${ROOT_LOOP}" -d .password "${CRYPTFS_MAPPING}"
835 cryptsetup luksOpen "${ROOT_LOOP}" -d .password "${CRYPTFS_MAPPING}"
829
836
830 # Secure delete password keyfile
837 # Secure delete password keyfile
831 shred -zu .password
838 shred -zu .password
832
839
833 # Update temporary loop device
840 # Update temporary loop device
834 ROOT_LOOP="/dev/mapper/${CRYPTFS_MAPPING}"
841 ROOT_LOOP="/dev/mapper/${CRYPTFS_MAPPING}"
835
842
836 # Wipe encrypted partition (encryption cipher is used for randomness)
843 # Wipe encrypted partition (encryption cipher is used for randomness)
837 dd if=/dev/zero of="${ROOT_LOOP}" bs=512 count="$(blockdev --getsz "${ROOT_LOOP}")"
844 dd if=/dev/zero of="${ROOT_LOOP}" bs=512 count="$(blockdev --getsz "${ROOT_LOOP}")"
838 fi
845 fi
839
846
840 # Build filesystems
847 # Build filesystems
841 mkfs.vfat "$FRMW_LOOP"
848 mkfs.vfat "$FRMW_LOOP"
842 mkfs.ext4 "$ROOT_LOOP"
849 mkfs.ext4 "$ROOT_LOOP"
843
850
844 # Mount the temporary loop devices
851 # Mount the temporary loop devices
845 mkdir -p "$BUILDDIR/mount"
852 mkdir -p "$BUILDDIR/mount"
846 mount "$ROOT_LOOP" "$BUILDDIR/mount"
853 mount "$ROOT_LOOP" "$BUILDDIR/mount"
847
854
848 mkdir -p "$BUILDDIR/mount/boot/firmware"
855 mkdir -p "$BUILDDIR/mount/boot/firmware"
849 mount "$FRMW_LOOP" "$BUILDDIR/mount/boot/firmware"
856 mount "$FRMW_LOOP" "$BUILDDIR/mount/boot/firmware"
850
857
851 # Copy all files from the chroot to the loop device mount point directory
858 # Copy all files from the chroot to the loop device mount point directory
852 rsync -a "${R}/" "$BUILDDIR/mount/"
859 rsync -a "${R}/" "$BUILDDIR/mount/"
853
860
854 # Unmount all temporary loop devices and mount points
861 # Unmount all temporary loop devices and mount points
855 cleanup
862 cleanup
856
863
857 # Create block map file(s) of image(s)
864 # Create block map file(s) of image(s)
858 if [ "$ENABLE_SPLITFS" = true ] ; then
865 if [ "$ENABLE_SPLITFS" = true ] ; then
859 # Create block map files for "bmaptool"
866 # Create block map files for "bmaptool"
860 bmaptool create -o "$IMAGE_NAME-frmw.bmap" "$IMAGE_NAME-frmw.img"
867 bmaptool create -o "$IMAGE_NAME-frmw.bmap" "$IMAGE_NAME-frmw.img"
861 bmaptool create -o "$IMAGE_NAME-root.bmap" "$IMAGE_NAME-root.img"
868 bmaptool create -o "$IMAGE_NAME-root.bmap" "$IMAGE_NAME-root.img"
862
869
863 # Image was successfully created
870 # Image was successfully created
864 echo "$IMAGE_NAME-frmw.img ($(expr \( "${TABLE_SECTORS}" + "${FRMW_SECTORS}" \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
871 echo "$IMAGE_NAME-frmw.img ($(expr \( "${TABLE_SECTORS}" + "${FRMW_SECTORS}" \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
865 echo "$IMAGE_NAME-root.img ($(expr \( "${TABLE_SECTORS}" + "${ROOT_SECTORS}" \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
872 echo "$IMAGE_NAME-root.img ($(expr \( "${TABLE_SECTORS}" + "${ROOT_SECTORS}" \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
866 else
873 else
867 # Create block map file for "bmaptool"
874 # Create block map file for "bmaptool"
868 bmaptool create -o "$IMAGE_NAME.bmap" "$IMAGE_NAME.img"
875 bmaptool create -o "$IMAGE_NAME.bmap" "$IMAGE_NAME.img"
869
876
870 # Image was successfully created
877 # Image was successfully created
871 echo "$IMAGE_NAME.img ($(expr \( "${TABLE_SECTORS}" + "${FRMW_SECTORS}" + "${ROOT_SECTORS}" \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
878 echo "$IMAGE_NAME.img ($(expr \( "${TABLE_SECTORS}" + "${FRMW_SECTORS}" + "${ROOT_SECTORS}" \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
872
879
873 # Create qemu qcow2 image
880 # Create qemu qcow2 image
874 if [ "$ENABLE_QEMU" = true ] ; then
881 if [ "$ENABLE_QEMU" = true ] ; then
875 QEMU_IMAGE=${QEMU_IMAGE:=${BASEDIR}/qemu/${DATE}-${KERNEL_ARCH}-CURRENT-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}}
882 QEMU_IMAGE=${QEMU_IMAGE:=${BASEDIR}/qemu/${DATE}-${KERNEL_ARCH}-CURRENT-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}}
876 QEMU_SIZE=16G
883 QEMU_SIZE=16G
877
884
878 qemu-img convert -f raw -O qcow2 "$IMAGE_NAME".img "$QEMU_IMAGE".qcow2
885 qemu-img convert -f raw -O qcow2 "$IMAGE_NAME".img "$QEMU_IMAGE".qcow2
879 qemu-img resize "$QEMU_IMAGE".qcow2 $QEMU_SIZE
886 qemu-img resize "$QEMU_IMAGE".qcow2 $QEMU_SIZE
880
887
881 echo "$QEMU_IMAGE.qcow2 ($QEMU_SIZE)" ": successfully created"
888 echo "$QEMU_IMAGE.qcow2 ($QEMU_SIZE)" ": successfully created"
882 fi
889 fi
883 fi
890 fi
General Comments 0
Vous devez vous connecter pour laisser un commentaire. Se connecter maintenant