##// END OF EJS Templates
Raspi2-3_GenImage
RSS

Cloner depuis https://github.com/drtyhlpr/rpi23-gen-image.git

Better Bluetooth and serial...
Unknown -
r443:c6c99c428cd2
parent child
Show More
Show file before | Show file after | Hide comments
@@ -0,0 +1,1
1 kernel.printk = 3 4 1 3 No newline at end of file
Show file before | Show file after | Hide comments
@@ -0,0 +1,33
1 SUBSYSTEM=="input", GROUP="input", MODE="0660"
2 SUBSYSTEM=="i2c-dev", GROUP="i2c", MODE="0660"
3 SUBSYSTEM=="spidev", GROUP="spi", MODE="0660"
4 SUBSYSTEM=="bcm2835-gpiomem", GROUP="gpio", MODE="0660"
5
6 SUBSYSTEM=="gpio", GROUP="gpio", MODE="0660"
7 SUBSYSTEM=="gpio*", PROGRAM="/bin/sh -c '\
8 chown -R root:gpio /sys/class/gpio && chmod -R 770 /sys/class/gpio;\
9 chown -R root:gpio /sys/devices/virtual/gpio && chmod -R 770 /sys/devices/virtual/gpio;\
10 chown -R root:gpio /sys$devpath && chmod -R 770 /sys$devpath\
11 '"
12
13 KERNEL=="ttyAMA[01]", PROGRAM="/bin/sh -c '\
14 ALIASES=/proc/device-tree/aliases; \
15 if cmp -s $ALIASES/uart0 $ALIASES/serial0; then \
16 echo 0;\
17 elif cmp -s $ALIASES/uart0 $ALIASES/serial1; then \
18 echo 1; \
19 else \
20 exit 1; \
21 fi\
22 '", SYMLINK+="serial%c"
23
24 KERNEL=="ttyS0", PROGRAM="/bin/sh -c '\
25 ALIASES=/proc/device-tree/aliases; \
26 if cmp -s $ALIASES/uart1 $ALIASES/serial0; then \
27 echo 0; \
28 elif cmp -s $ALIASES/uart1 $ALIASES/serial1; then \
29 echo 1; \
30 else \
31 exit 1; \
32 fi \
33 '", SYMLINK+="serial%c"
Show file before | Show file after | Hide comments
@@ -1,504 +1,513
1 1 # rpi23-gen-image
2 2 ## Introduction
3 3 `rpi23-gen-image.sh` is an advanced Debian Linux bootstrapping shell script for generating Debian OS images for Raspberry Pi 2 (RPi2) and Raspberry Pi 3 (RPi3) computers. The script at this time supports the bootstrapping of the Debian (armhf) releases `stretch` and `buster`. Raspberry Pi 3 images are generated for 32-bit mode only. Raspberry Pi 3 64-bit images can be generated using custom configuration parameters (```templates/rpi3-stretch-arm64-4.14.y```).
4 4
5 5 ## Build dependencies
6 6 The following list of Debian packages must be installed on the build system because they are essentially required for the bootstrapping process. The script will check if all required packages are installed and missing packages will be installed automatically if confirmed by the user.
7 7
8 8 ```debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git bc psmisc dbus sudo```
9 9
10 10 It is recommended to configure the `rpi23-gen-image.sh` script to build and install the latest Raspberry Pi Linux kernel. For the RPi3 this is mandatory. Kernel compilation and linking will be performed on the build system using an ARM (armhf) cross-compiler toolchain.
11 11
12 12 The script has been tested using the default `crossbuild-essential-armhf` toolchain meta package on Debian Linux `stretch` build systems. Please check the [Debian CrossToolchains Wiki](https://wiki.debian.org/CrossToolchains) for further information.
13 13
14 14 ## Command-line parameters
15 15 The script accepts certain command-line parameters to enable or disable specific OS features, services and configuration settings. These parameters are passed to the `rpi23-gen-image.sh` script via (simple) shell-variables. Unlike environment shell-variables (simple) shell-variables are defined at the beginning of the command-line call of the `rpi23-gen-image.sh` script.
16 16
17 17 ##### Command-line examples:
18 18 ```shell
19 19 ENABLE_UBOOT=true ./rpi23-gen-image.sh
20 20 ENABLE_CONSOLE=false ENABLE_IPV6=false ./rpi23-gen-image.sh
21 21 ENABLE_WM=xfce4 ENABLE_FBTURBO=true ENABLE_MINBASE=true ./rpi23-gen-image.sh
22 22 ENABLE_HARDNET=true ENABLE_IPTABLES=true /rpi23-gen-image.sh
23 23 APT_SERVER=ftp.de.debian.org APT_PROXY="http://127.0.0.1:3142/" ./rpi23-gen-image.sh
24 24 ENABLE_MINBASE=true ./rpi23-gen-image.sh
25 25 BUILD_KERNEL=true ENABLE_MINBASE=true ENABLE_IPV6=false ./rpi23-gen-image.sh
26 26 BUILD_KERNEL=true KERNELSRC_DIR=/tmp/linux ./rpi23-gen-image.sh
27 27 ENABLE_MINBASE=true ENABLE_REDUCE=true ENABLE_MINGPU=true BUILD_KERNEL=true ./rpi23-gen-image.sh
28 28 ENABLE_CRYPTFS=true CRYPTFS_PASSWORD=changeme EXPANDROOT=false ENABLE_MINBASE=true ENABLE_REDUCE=true ENABLE_MINGPU=true BUILD_KERNEL=true ./rpi23-gen-image.sh
29 29 RELEASE=stretch BUILD_KERNEL=true ./rpi23-gen-image.sh
30 30 RPI_MODEL=3 ENABLE_WIRELESS=true ENABLE_MINBASE=true BUILD_KERNEL=true ./rpi23-gen-image.sh
31 31 RELEASE=stretch RPI_MODEL=3 ENABLE_WIRELESS=true ENABLE_MINBASE=true BUILD_KERNEL=true ./rpi23-gen-image.sh
32 32 ```
33 33
34 34 ## Configuration template files
35 35 To avoid long lists of command-line parameters and to help to store the favourite parameter configurations the `rpi23-gen-image.sh` script supports so called configuration template files (`CONFIG_TEMPLATE`=template). These are simple text files located in the `./templates` directory that contain the list of configuration parameters that will be used. New configuration template files can be added to the `./templates` directory.
36 36
37 37 ##### Command-line examples:
38 38 ```shell
39 39 CONFIG_TEMPLATE=rpi3stretch ./rpi23-gen-image.sh
40 40 CONFIG_TEMPLATE=rpi2stretch ./rpi23-gen-image.sh
41 41 ```
42 42
43 43 ## Supported parameters and settings
44 44 #### APT settings:
45 45 ##### `APT_SERVER`="ftp.debian.org/debian"
46 46 Set Debian packages server address. Choose a server from the list of Debian worldwide [mirror sites](https://www.debian.org/mirror/list). Using a nearby server will probably speed-up all required downloads within the bootstrapping process.
47 47
48 48 ##### `APT_PROXY`=""
49 49 Set Proxy server address. Using a local Proxy-Cache like `apt-cacher-ng` will speed-up the bootstrapping process because all required Debian packages will only be downloaded from the Debian mirror site once. If `apt-cacher-ng` is running on default `http://127.0.0.1:3142` it is autodetected and you don't need to set this.
50 50
51 51 ##### `APT_INCLUDES`=""
52 52 A comma separated list of additional packages to be installed by debootstrap during bootstrapping.
53 53
54 54 ##### `APT_INCLUDES_LATE`=""
55 55 A comma separated list of additional packages to be installed by apt after bootstrapping and after APT sources are set up. This is useful for packages with pre-depends, which debootstrap do not handle well.
56 56
57 57 ---
58 58
59 59 #### General system settings:
60 60 ##### `SET_ARCH`=32
61 61 Set Architecture to default 32bit. If you want to to compile 64bit (RPI3 or RPI3+) set it to `64`. This option will set every needed crosscompiler or boeard specific option for a successful build.
62 62 If you want to change e.g. cross-compiler -> Templates always override defaults
63 63
64 64 ##### `RPI_MODEL`=2
65 65 Specifiy the target Raspberry Pi hardware model. The script at this time supports the following Raspberry Pi models:
66 66 `0` = Used for Raspberry Pi 0 and Raspberry Pi 0 W
67 67 `1` = Used for Pi 1 model A and B
68 68 `1P` = Used for Pi 1 model B+ and A+
69 69 `2` = Used for Pi 2 model B
70 70 `3` = Used for Pi 3 model B
71 71 `3P` = Used for Pi 3 model B+
72 72 `BUILD_KERNEL`=true will automatically be set if the Raspberry Pi model `3` or `3P` is used.
73 73
74 74 ##### `RELEASE`="buster"
75 75 Set the desired Debian release name. The script at this time supports the bootstrapping of the Debian releases `stretch` and `buster`.
76 76
77 77 ##### `RELEASE_ARCH`="armhf"
78 78 Set the desired Debian release architecture.
79 79
80 80 ##### `HOSTNAME`="rpi$RPI_MODEL-$RELEASE"
81 81 Set system host name. It's recommended that the host name is unique in the corresponding subnet.
82 82
83 83 ##### `PASSWORD`="raspberry"
84 84 Set system `root` password. It's **STRONGLY** recommended that you choose a custom password.
85 85
86 86 ##### `USER_PASSWORD`="raspberry"
87 87 Set password for the created non-root user `USER_NAME`=pi. Ignored if `ENABLE_USER`=false. It's **STRONGLY** recommended that you choose a custom password.
88 88
89 89 ##### `DEFLOCAL`="en_US.UTF-8"
90 90 Set default system locale. This setting can also be changed inside the running OS using the `dpkg-reconfigure locales` command. Please note that on using this parameter the script will automatically install the required packages `locales`, `keyboard-configuration` and `console-setup`.
91 91
92 92 ##### `TIMEZONE`="Europe/Berlin"
93 93 Set default system timezone. All available timezones can be found in the `/usr/share/zoneinfo/` directory. This setting can also be changed inside the running OS using the `dpkg-reconfigure tzdata` command.
94 94
95 95 ##### `EXPANDROOT`=true
96 96 Expand the root partition and filesystem automatically on first boot.
97 97
98 98 ##### `ENABLE_QEMU`=false
99 99 Generate kernel (`vexpress_defconfig`), file system image (`qcow2`) and DTB files that can be used for QEMU full system emulation (`vexpress-A15`). The output files are stored in the `$(pwd)/images/qemu` directory. You can find more information about running the generated image in the QEMU section of this readme file.
100 100
101 101 ---
102 102
103 103 #### Keyboard settings:
104 104 These options are used to configure keyboard layout in `/etc/default/keyboard` for console and Xorg. These settings can also be changed inside the running OS using the `dpkg-reconfigure keyboard-configuration` command.
105 105
106 106 ##### `XKB_MODEL`=""
107 107 Set the name of the model of your keyboard type.
108 108
109 109 ##### `XKB_LAYOUT`=""
110 110 Set the supported keyboard layout(s).
111 111
112 112 ##### `XKB_VARIANT`=""
113 113 Set the supported variant(s) of the keyboard layout(s).
114 114
115 115 ##### `XKB_OPTIONS`=""
116 116 Set extra xkb configuration options.
117 117
118 118 ---
119 119
120 120 #### Networking settings (DHCP):
121 121 This parameter is used to set up networking auto configuration in `/etc/systemd/network/eth.network`. The default location of network configuration files in the Debian `stretch` release was changed to `/lib/systemd/network`.`
122 122
123 123 ##### `ENABLE_DHCP`=true
124 124 Set the system to use DHCP. This requires an DHCP server.
125 125
126 126 ---
127 127
128 128 #### Networking settings (static):
129 129 These parameters are used to set up a static networking configuration in `/etc/systemd/network/eth.network`. The following static networking parameters are only supported if `ENABLE_DHCP` was set to `false`. The default location of network configuration files in the Debian `stretch` release was changed to `/lib/systemd/network`.
130 130
131 131 ##### `NET_ADDRESS`=""
132 132 Set a static IPv4 or IPv6 address and its prefix, separated by "/", eg. "192.169.0.3/24".
133 133
134 134 ##### `NET_GATEWAY`=""
135 135 Set the IP address for the default gateway.
136 136
137 137 ##### `NET_DNS_1`=""
138 138 Set the IP address for the first DNS server.
139 139
140 140 ##### `NET_DNS_2`=""
141 141 Set the IP address for the second DNS server.
142 142
143 143 ##### `NET_DNS_DOMAINS`=""
144 144 Set the default DNS search domains to use for non fully qualified host names.
145 145
146 146 ##### `NET_NTP_1`=""
147 147 Set the IP address for the first NTP server.
148 148
149 149 ##### `NET_NTP_2`=""
150 150 Set the IP address for the second NTP server.
151 151
152 152 ---
153 153
154 154 #### Basic system features:
155 155 ##### `ENABLE_CONSOLE`=true
156 Enable serial console interface. Recommended if no monitor or keyboard is connected to the RPi2/3. In case of problems fe. if the network (auto) configuration failed - the serial console can be used to access the system.
156 Enable serial console interface. Recommended if no monitor or keyboard is connected to the RPi2/3. In case of problems fe. if the network (auto) configuration failed - the serial console can be used to access the system. On RPI `0` `3` `3P` the CPU speed is locked at lowest speed.
157
158 ##### `ENABLE_PRINTK`=false
159 Enables printing kernel messages to konsole. printk is `3 4 1 3` as in raspbian.
160
161 ##### `ENABLE_BLUETOOTH`=false
162 Enable onboard Bluetooth interface on the RPi0/3/3P. See: https://spellfoundry.com/2016/05/29/configuring-gpio-serial-port-raspbian-jessie-including-pi-3/
163
164 ##### `ENABLE_MINIUART_OVERLAY`=false
165 Enable Bluetooth to use this. Adds overlay to swap UART0 with UART1. Enabling (slower) Bluetooth and full speed serial console. - RPI `0` `3` `3P` have a fast `hardware UART0` (ttyAMA0) and a `mini UART1` (ttyS0)! RPI `1` `1P` `2` only have a `hardware UART0`. `UART0` is considered better, because is faster and more stable than `mini UART1`. By default the Bluetooth modem is mapped to the `hardware UART0` and `mini UART` is used for console. The `mini UART` is a problem for the serial console, because its baudrate depends on the cpu frequency, which is changing on runtime. Resulting in a volatile baudrate and thus in an unusable serial console.
166
167 ##### `ENABLE_TURBO`=false
168 Enable Turbo mode. This setting locks cpu at highest frequency. As setting ENABLE_CONSOLE=true locks RPI to lowest CPU speed, this is can be used additionally to lock cpu hat max speed. Need a good power supply and probably cooling for the Raspberry PI.
157 169
158 170 ##### `ENABLE_I2C`=false
159 171 Enable I2C interface on the RPi2/3. Please check the [RPi2/3 pinout diagrams](https://elinux.org/RPi_Low-level_peripherals) to connect the right GPIO pins.
160 172
161 173 ##### `ENABLE_SPI`=false
162 174 Enable SPI interface on the RPi2/3. Please check the [RPi2/3 pinout diagrams](https://elinux.org/RPi_Low-level_peripherals) to connect the right GPIO pins.
163 175
164 176 ##### `ENABLE_IPV6`=true
165 177 Enable IPv6 support. The network interface configuration is managed via systemd-networkd.
166 178
167 179 ##### `ENABLE_SSHD`=true
168 180 Install and enable OpenSSH service. The default configuration of the service doesn't allow `root` to login. Please use the user `pi` instead and `su -` or `sudo` to execute commands as root.
169 181
170 182 ##### `ENABLE_NONFREE`=false
171 183 Allow the installation of non-free Debian packages that do not comply with the DFSG. This is required to install closed-source firmware binary blobs.
172 184
173 185 ##### `ENABLE_WIRELESS`=false
174 186 Download and install the [closed-source firmware binary blob](https://github.com/RPi-Distro/firmware-nonfree/raw/master/brcm) that is required to run the internal wireless interface of the Raspberry Pi model `3`. This parameter is ignored if the specified `RPI_MODEL` is not `3`.
175 187
176 ##### `ENABLE_BLUETOOTH`=false
177 Enable Bluetooth interface on the RPi0/3/3P.
178
179 188 ##### `ENABLE_RSYSLOG`=true
180 189 If set to false, disable and uninstall rsyslog (so logs will be available only in journal files)
181 190
182 191 ##### `ENABLE_SOUND`=true
183 192 Enable sound hardware and install Advanced Linux Sound Architecture.
184 193
185 194 ##### `ENABLE_HWRANDOM`=true
186 195 Enable Hardware Random Number Generator. Strong random numbers are important for most network based communications that use encryption. It's recommended to be enabled.
187 196
188 197 ##### `ENABLE_MINGPU`=false
189 198 Minimize the amount of shared memory reserved for the GPU. It doesn't seem to be possible to fully disable the GPU.
190 199
191 200 ##### `ENABLE_DBUS`=true
192 201 Install and enable D-Bus message bus. Please note that systemd should work without D-bus but it's recommended to be enabled.
193 202
194 203 ##### `ENABLE_XORG`=false
195 204 Install Xorg open-source X Window System.
196 205
197 206 ##### `ENABLE_WM`=""
198 207 Install a user defined window manager for the X Window System. To make sure all X related package dependencies are getting installed `ENABLE_XORG` will automatically get enabled if `ENABLE_WM` is used. The `rpi23-gen-image.sh` script has been tested with the following list of window managers: `blackbox`, `openbox`, `fluxbox`, `jwm`, `dwm`, `xfce4`, `awesome`.
199 208
200 209 ##### `ENABLE_SYSVINIT`=false
201 210 Support for halt,init,poweroff,reboot,runlevel,shutdown,telinit commands
202 211
203 212 ---
204 213
205 214 #### Advanced system features:
206 215 ##### `ENABLE_MINBASE`=false
207 216 Use debootstrap script variant `minbase` which only includes essential packages and apt. This will reduce the disk usage by about 65 MB.
208 217
209 218 ##### `ENABLE_REDUCE`=false
210 219 Reduce the disk space usage by deleting packages and files. See `REDUCE_*` parameters for detailed information.
211 220
212 221 ##### `ENABLE_UBOOT`=false
213 222 Replace the default RPi2/3 second stage bootloader (bootcode.bin) with [U-Boot bootloader](https://git.denx.de/?p=u-boot.git;a=summary). U-Boot can boot images via the network using the BOOTP/TFTP protocol.
214 223
215 224 ##### `UBOOTSRC_DIR`=""
216 225 Path to a directory (`u-boot`) of [U-Boot bootloader sources](https://git.denx.de/?p=u-boot.git;a=summary) that will be copied, configured, build and installed inside the chroot.
217 226
218 227 ##### `ENABLE_FBTURBO`=false
219 228 Install and enable the [hardware accelerated Xorg video driver](https://github.com/ssvb/xf86-video-fbturbo) `fbturbo`. Please note that this driver is currently limited to hardware accelerated window moving and scrolling.
220 229
221 230 ##### `FBTURBOSRC_DIR`=""
222 231 Path to a directory (`xf86-video-fbturbo`) of [hardware accelerated Xorg video driver sources](https://github.com/ssvb/xf86-video-fbturbo) that will be copied, configured, build and installed inside the chroot.
223 232
224 233 ##### `ENABLE_VIDEOCORE`=false
225 234 Install and enable the [Source code for ARM side libraries for interfacing to Raspberry Pi GPU](https://github.com/raspberrypi/userland) `vcgencmd`. Please note that this driver is currently limited to hardware accelerated window moving and scrolling.
226 235
227 236 ##### `VIDEOCORESRC_DIR`=""
228 237 Path to a directory (`userland`) of [Source code for ARM side libraries for interfacing to Raspberry Pi GPU](https://github.com/raspberrypi/userland) that will be copied, configured, build and installed inside the chroot.
229 238
230 239 ##### `ENABLE_IPTABLES`=false
231 240 Enable iptables IPv4/IPv6 firewall. Simplified ruleset: Allow all outgoing connections. Block all incoming connections except to OpenSSH service.
232 241
233 242 ##### `ENABLE_USER`=true
234 243 Create non-root user with password `USER_PASSWORD`=raspberry. Unless overridden with `USER_NAME`=user, username will be `pi`.
235 244
236 245 ##### `USER_NAME`=pi
237 246 Non-root user to create. Ignored if `ENABLE_USER`=false
238 247
239 248 ##### `ENABLE_ROOT`=false
240 249 Set root user password so root login will be enabled
241 250
242 251 ##### `ENABLE_HARDNET`=false
243 252 Enable IPv4/IPv6 network stack hardening settings.
244 253
245 254 ##### `ENABLE_SPLITFS`=false
246 255 Enable having root partition on an USB drive by creating two image files: one for the `/boot/firmware` mount point, and another for `/`.
247 256
248 257 ##### `CHROOT_SCRIPTS`=""
249 258 Path to a directory with scripts that should be run in the chroot before the image is finally built. Every executable file in this directory is run in lexicographical order.
250 259
251 260 ##### `ENABLE_INITRAMFS`=false
252 261 Create an initramfs that that will be loaded during the Linux startup process. `ENABLE_INITRAMFS` will automatically get enabled if `ENABLE_CRYPTFS`=true. This parameter will be ignored if `BUILD_KERNEL`=false.
253 262
254 263 ##### `ENABLE_IFNAMES`=true
255 264 Enable automatic assignment of predictable, stable network interface names for all local Ethernet, WLAN interfaces. This might create complex and long interface names.
256 265
257 266 ##### `DISABLE_UNDERVOLT_WARNINGS`=
258 267 Disable RPi2/3 under-voltage warnings and overlays. Setting the parameter to `1` will disable the warning overlay. Setting it to `2` will additionally allow RPi2/3 turbo mode when low-voltage is present.
259 268
260 269 ---
261 270
262 271 #### SSH settings:
263 272 ##### `SSH_ENABLE_ROOT`=false
264 273 Enable password root login via SSH. This may be a security risk with default password, use only in trusted environments. `ENABLE_ROOT` must be set to `true`.
265 274
266 275 ##### `SSH_DISABLE_PASSWORD_AUTH`=false
267 276 Disable password based SSH authentication. Only public key based SSH (v2) authentication will be supported.
268 277
269 278 ##### `SSH_LIMIT_USERS`=false
270 279 Limit the users that are allowed to login via SSH. Only allow user `USER_NAME`=pi and root if `SSH_ENABLE_ROOT`=true to login. This parameter will be ignored if `dropbear` SSH is used (`REDUCE_SSHD`=true).
271 280
272 281 ##### `SSH_ROOT_PUB_KEY`=""
273 282 Add SSH (v2) public key(s) from specified file to `authorized_keys` file to enable public key based SSH (v2) authentication of user `root`. The specified file can also contain multiple SSH (v2) public keys. SSH protocol version 1 is not supported. `ENABLE_ROOT` **and** `SSH_ENABLE_ROOT` must be set to `true`.
274 283
275 284 ##### `SSH_USER_PUB_KEY`=""
276 285 Add SSH (v2) public key(s) from specified file to `authorized_keys` file to enable public key based SSH (v2) authentication of user `USER_NAME`=pi. The specified file can also contain multiple SSH (v2) public keys. SSH protocol version 1 is not supported.
277 286
278 287 ---
279 288
280 289 #### Kernel compilation:
281 290 ##### `BUILD_KERNEL`=true
282 291 Build and install the latest RPi2/3 Linux kernel. Currently only the default RPi2/3 kernel configuration is used.
283 292
284 293 ##### `CROSS_COMPILE`="arm-linux-gnueabihf-"
285 294 This sets the cross compile enviornment for the compiler.
286 295
287 296 ##### `KERNEL_ARCH`="arm"
288 297 This sets the kernel architecture for the compiler.
289 298
290 299 ##### `KERNEL_IMAGE`="kernel7.img"
291 300 Name of the image file in the boot partition. If not set, `KERNEL_IMAGE` will be set to "kernel8.img" automatically if building for arm64.
292 301
293 302 ##### `KERNEL_BRANCH`=""
294 303 Name of the requested branch from the GIT location for the RPi Kernel. Default is using the current default branch from the GIT site.
295 304
296 305 ##### `QEMU_BINARY`="/usr/bin/qemu-arm-static"
297 306 Sets the QEMU enviornment for the Debian archive. If not set, `QEMU_BINARY` will be set to "/usr/bin/qemu-aarch64-static" automatically if building for arm64.
298 307
299 308 ##### `KERNEL_DEFCONFIG`="bcm2709_defconfig"
300 309 Sets the default config for kernel compiling. If not set, `KERNEL_DEFCONFIG` will be set to "bcmrpi3\_defconfig" automatically if building for arm64.
301 310
302 311 ##### `KERNEL_REDUCE`=false
303 312 Reduce the size of the generated kernel by removing unwanted device, network and filesystem drivers (experimental).
304 313
305 314 ##### `KERNEL_THREADS`=1
306 315 Number of parallel kernel building threads. If the parameter is left untouched the script will automatically determine the number of CPU cores to set the number of parallel threads to speed the kernel compilation.
307 316
308 317 ##### `KERNEL_HEADERS`=true
309 318 Install kernel headers with built kernel.
310 319
311 320 ##### `KERNEL_MENUCONFIG`=false
312 321 Start `make menuconfig` interactive menu-driven kernel configuration. The script will continue after `make menuconfig` was terminated.
313 322
314 323 ##### `KERNEL_OLDDEFCONFIG`=false
315 324 Run `make olddefconfig` to automatically set all new kernel configuration options to their recommended default values.
316 325
317 326 ##### `KERNEL_CCACHE`=false
318 327 Compile the kernel using ccache. This speeds up kernel recompilation by caching previous compilations and detecting when the same compilation is being done again.
319 328
320 329 ##### `KERNEL_REMOVESRC`=true
321 330 Remove all kernel sources from the generated OS image after it was built and installed.
322 331
323 332 ##### `KERNELSRC_DIR`=""
324 333 Path to a directory (`linux`) of [RaspberryPi Linux kernel sources](https://github.com/raspberrypi/linux) that will be copied, configured, build and installed inside the chroot.
325 334
326 335 ##### `KERNELSRC_CLEAN`=false
327 336 Clean the existing kernel sources directory `KERNELSRC_DIR` (using `make mrproper`) after it was copied to the chroot and before the compilation of the kernel has started. This parameter will be ignored if no `KERNELSRC_DIR` was specified or if `KERNELSRC_PREBUILT`=true.
328 337
329 338 ##### `KERNELSRC_CONFIG`=true
330 339 Run `make bcm2709_defconfig` (and optional `make menuconfig`) to configure the kernel sources before building. This parameter is automatically set to `true` if no existing kernel sources directory was specified using `KERNELSRC_DIR`. This parameter is ignored if `KERNELSRC_PREBUILT`=true.
331 340
332 341 ##### `KERNELSRC_USRCONFIG`=""
333 342 Copy own config file to kernel `.config`. If `KERNEL_MENUCONFIG`=true then running after copy.
334 343
335 344 ##### `KERNELSRC_PREBUILT`=false
336 345 With this parameter set to true the script expects the existing kernel sources directory to be already successfully cross-compiled. The parameters `KERNELSRC_CLEAN`, `KERNELSRC_CONFIG`, `KERNELSRC_USRCONFIG` and `KERNEL_MENUCONFIG` are ignored and no kernel compilation tasks are performed.
337 346
338 347 ##### `RPI_FIRMWARE_DIR`=""
339 348 The directory (`firmware`) containing a local copy of the firmware from the [RaspberryPi firmware project](https://github.com/raspberrypi/firmware). Default is to download the latest firmware directly from the project.
340 349
341 350 ##### `KERNEL_NF`=false
342 351 Enable Netfilter modules as kernel modules
343 352
344 353 ##### `KERNEL_VIRT`=false
345 354 Enable Kernel KVM support (/dev/kvm)
346 355
347 356 ##### `KERNEL_ZSWAP`=false
348 357 Enable Kernel Zswap support. Best use on high RAM load and mediocre CPU load usecases
349 358
350 359 ##### `KERNEL_BPF`=true
351 360 Allow attaching eBPF programs to a cgroup using the bpf syscall (CONFIG_BPF_SYSCALL CONFIG_CGROUP_BPF) [systemd compilations about it - File /lib/systemd/system/systemd-journald.server:36 configures an IP firewall (IPAddressDeny=all), but the local system does not support BPF/cgroup based firewalls]
352 361
353 362 ---
354 363
355 364 #### Reduce disk usage:
356 365 The following list of parameters is ignored if `ENABLE_REDUCE`=false.
357 366
358 367 ##### `REDUCE_APT`=true
359 368 Configure APT to use compressed package repository lists and no package caching files.
360 369
361 370 ##### `REDUCE_DOC`=true
362 371 Remove all doc files (harsh). Configure APT to not include doc files on future `apt-get` package installations.
363 372
364 373 ##### `REDUCE_MAN`=true
365 374 Remove all man pages and info files (harsh). Configure APT to not include man pages on future `apt-get` package installations.
366 375
367 376 ##### `REDUCE_VIM`=false
368 377 Replace `vim-tiny` package by `levee` a tiny vim clone.
369 378
370 379 ##### `REDUCE_BASH`=false
371 380 Remove `bash` package and switch to `dash` shell (experimental).
372 381
373 382 ##### `REDUCE_HWDB`=true
374 383 Remove PCI related hwdb files (experimental).
375 384
376 385 ##### `REDUCE_SSHD`=true
377 386 Replace `openssh-server` with `dropbear`.
378 387
379 388 ##### `REDUCE_LOCALE`=true
380 389 Remove all `locale` translation files.
381 390
382 391 ---
383 392
384 393 #### Encrypted root partition:
385 394 ##### `ENABLE_CRYPTFS`=false
386 395 Enable full system encryption with dm-crypt. Setup a fully LUKS encrypted root partition (aes-xts-plain64:sha512) and generate required initramfs. The /boot directory will not be encrypted. This parameter will be ignored if `BUILD_KERNEL`=false. `ENABLE_CRYPTFS` is experimental. SSH-to-initramfs is currently not supported but will be soon - feel free to help.
387 396
388 397 ##### `CRYPTFS_PASSWORD`=""
389 398 Set password of the encrypted root partition. This parameter is mandatory if `ENABLE_CRYPTFS`=true.
390 399
391 400 ##### `CRYPTFS_MAPPING`="secure"
392 401 Set name of dm-crypt managed device-mapper mapping.
393 402
394 403 ##### `CRYPTFS_CIPHER`="aes-xts-plain64:sha512"
395 404 Set cipher specification string. `aes-xts*` ciphers are strongly recommended.
396 405
397 406 ##### `CRYPTFS_XTSKEYSIZE`=512
398 407 Sets key size in bits. The argument has to be a multiple of 8.
399 408
400 409 ---
401 410
402 411 #### Build settings:
403 412 ##### `BASEDIR`=$(pwd)/images/${RELEASE}
404 413 Set a path to a working directory used by the script to generate an image.
405 414
406 415 ##### `IMAGE_NAME`=${BASEDIR}/${DATE}-${KERNEL_ARCH}-${KERNEL_BRANCH}-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}
407 416 Set a filename for the output file(s). Note: the script will create $IMAGE_NAME.img if `ENABLE_SPLITFS`=false or $IMAGE_NAME-frmw.img and $IMAGE_NAME-root.img if `ENABLE_SPLITFS`=true. Note 2: If the KERNEL_BRANCH is not set, the word "CURRENT" is used.
408 417
409 418 ## Understanding the script
410 419 The functions of this script that are required for the different stages of the bootstrapping are split up into single files located inside the `bootstrap.d` directory. During the bootstrapping every script in this directory gets executed in lexicographical order:
411 420
412 421 | Script | Description |
413 422 | --- | --- |
414 423 | `10-bootstrap.sh` | Debootstrap basic system |
415 424 | `11-apt.sh` | Setup APT repositories |
416 425 | `12-locale.sh` | Setup Locales and keyboard settings |
417 426 | `13-kernel.sh` | Build and install RPi2/3 Kernel |
418 427 | `14-fstab.sh` | Setup fstab and initramfs |
419 428 | `15-rpi-config.sh` | Setup RPi2/3 config and cmdline |
420 429 | `20-networking.sh` | Setup Networking |
421 430 | `21-firewall.sh` | Setup Firewall |
422 431 | `30-security.sh` | Setup Users and Security settings |
423 432 | `31-logging.sh` | Setup Logging |
424 433 | `32-sshd.sh` | Setup SSH and public keys |
425 434 | `41-uboot.sh` | Build and Setup U-Boot |
426 435 | `42-fbturbo.sh` | Build and Setup fbturbo Xorg driver |
427 436 | `50-firstboot.sh` | First boot actions |
428 437 | `99-reduce.sh` | Reduce the disk space usage |
429 438
430 439 All the required configuration files that will be copied to the generated OS image are located inside the `files` directory. It is not recommended to modify these configuration files manually.
431 440
432 441 | Directory | Description |
433 442 | --- | --- |
434 443 | `apt` | APT management configuration files |
435 444 | `boot` | Boot and RPi2/3 configuration files |
436 445 | `dpkg` | Package Manager configuration |
437 446 | `etc` | Configuration files and rc scripts |
438 447 | `firstboot` | Scripts that get executed on first boot |
439 448 | `initramfs` | Initramfs scripts |
440 449 | `iptables` | Firewall configuration files |
441 450 | `locales` | Locales configuration |
442 451 | `modules` | Kernel Modules configuration |
443 452 | `mount` | Fstab configuration |
444 453 | `network` | Networking configuration files |
445 454 | `sysctl.d` | Swapping and Network Hardening configuration |
446 455 | `xorg` | fbturbo Xorg driver configuration |
447 456
448 457 ## Custom packages and scripts
449 458 Debian custom packages, i.e. those not in the debian repositories, can be installed by placing them in the `packages` directory. They are installed immediately after packages from the repositories are installed. Any dependencies listed in the custom packages will be downloaded automatically from the repositories. Do not list these custom packages in `APT_INCLUDES`.
450 459
451 460 Scripts in the custom.d directory will be executed after all other installation is complete but before the image is created.
452 461
453 462 ## Logging of the bootstrapping process
454 463 All information related to the bootstrapping process and the commands executed by the `rpi23-gen-image.sh` script can easily be saved into a logfile. The common shell command `script` can be used for this purpose:
455 464
456 465 ```shell
457 466 script -c 'APT_SERVER=ftp.de.debian.org ./rpi23-gen-image.sh' ./build.log
458 467 ```
459 468
460 469 ## Flashing the image file
461 470 After the image file was successfully created by the `rpi23-gen-image.sh` script it can be copied to the microSD card that will be used by the RPi2/3 computer. This can be performed by using the tools `bmaptool` or `dd`. Using `bmaptool` will probably speed-up the copy process because `bmaptool` copies more wisely than `dd`.
462 471
463 472 ##### Flashing examples:
464 473 ```shell
465 474 bmaptool copy ./images/buster/2017-01-23-rpi3-buster.img /dev/mmcblk0
466 475 dd bs=4M if=./images/buster/2017-01-23-rpi3-buster.img of=/dev/mmcblk0
467 476 ```
468 477 If you have set `ENABLE_SPLITFS`, copy the `-frmw` image on the microSD card, then the `-root` one on the USB drive:
469 478 ```shell
470 479 bmaptool copy ./images/buster/2017-01-23-rpi3-buster-frmw.img /dev/mmcblk0
471 480 bmaptool copy ./images/buster/2017-01-23-rpi3-buster-root.img /dev/sdc
472 481 ```
473 482
474 483 ## QEMU emulation
475 484 Start QEMU full system emulation:
476 485 ```shell
477 486 qemu-system-arm -m 2048M -M vexpress-a15 -cpu cortex-a15 -kernel kernel7.img -no-reboot -dtb vexpress-v2p-ca15_a7.dtb -sd ${IMAGE_NAME}.qcow2 -append "root=/dev/mmcblk0p2 rw rootfstype=ext4 console=tty1"
478 487 ```
479 488
480 489 Start QEMU full system emulation and output to console:
481 490 ```shell
482 491 qemu-system-arm -m 2048M -M vexpress-a15 -cpu cortex-a15 -kernel kernel7.img -no-reboot -dtb vexpress-v2p-ca15_a7.dtb -sd ${IMAGE_NAME}.qcow2 -append "root=/dev/mmcblk0p2 rw rootfstype=ext4 console=ttyAMA0,115200 init=/bin/systemd" -serial stdio
483 492 ```
484 493
485 494 Start QEMU full system emulation with SMP and output to console:
486 495 ```shell
487 496 qemu-system-arm -m 2048M -M vexpress-a15 -cpu cortex-a15 -smp cpus=2,maxcpus=2 -kernel kernel7.img -no-reboot -dtb vexpress-v2p-ca15_a7.dtb -sd ${IMAGE_NAME}.qcow2 -append "root=/dev/mmcblk0p2 rw rootfstype=ext4 console=ttyAMA0,115200 init=/bin/systemd" -serial stdio
488 497 ```
489 498
490 499 Start QEMU full system emulation with cryptfs, initramfs and output to console:
491 500 ```shell
492 501 qemu-system-arm -m 2048M -M vexpress-a15 -cpu cortex-a15 -kernel kernel7.img -no-reboot -dtb vexpress-v2p-ca15_a7.dtb -sd ${IMAGE_NAME}.qcow2 -initrd "initramfs-${KERNEL_VERSION}" -append "root=/dev/mapper/secure cryptdevice=/dev/mmcblk0p2:secure rw rootfstype=ext4 console=ttyAMA0,115200 init=/bin/systemd" -serial stdio
493 502 ```
494 503
495 504 ## External links and references
496 505 * [Debian worldwide mirror sites](https://www.debian.org/mirror/list)
497 506 * [Debian Raspberry Pi 2 Wiki](https://wiki.debian.org/RaspberryPi2)
498 507 * [Debian CrossToolchains Wiki](https://wiki.debian.org/CrossToolchains)
499 508 * [Official Raspberry Pi Firmware on github](https://github.com/raspberrypi/firmware)
500 509 * [Official Raspberry Pi Kernel on github](https://github.com/raspberrypi/linux)
501 510 * [U-BOOT git repository](https://git.denx.de/?p=u-boot.git;a=summary)
502 511 * [Xorg DDX driver fbturbo](https://github.com/ssvb/xf86-video-fbturbo)
503 512 * [RPi3 Wireless interface firmware](https://github.com/RPi-Distro/firmware-nonfree/tree/master/brcm80211/brcm)
504 513 * [Collabora RPi2 Kernel precompiled](https://repositories.collabora.co.uk/debian/)
Show file before | Show file after | Hide comments
@@ -1,406 +1,398
1 1 #
2 2 # Build and Setup RPi2/3 Kernel
3 3 #
4 4
5 5 # Load utility functions
6 6 . ./functions.sh
7 7
8 8 # Fetch and build latest raspberry kernel
9 9 if [ "$BUILD_KERNEL" = true ] ; then
10 10 # Setup source directory
11 11 mkdir -p "${KERNEL_DIR}"
12 12
13 13 # Copy existing kernel sources into chroot directory
14 14 if [ -n "$KERNELSRC_DIR" ] && [ -d "$KERNELSRC_DIR" ] ; then
15 15 # Copy kernel sources and include hidden files
16 16 cp -r "${KERNELSRC_DIR}/". "${KERNEL_DIR}"
17 17
18 18 # Clean the kernel sources
19 19 if [ "$KERNELSRC_CLEAN" = true ] && [ "$KERNELSRC_PREBUILT" = false ] ; then
20 20 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" mrproper
21 21 fi
22 22 else # KERNELSRC_DIR=""
23 23 # Create temporary directory for kernel sources
24 24 temp_dir=$(as_nobody mktemp -d)
25 25
26 26 # Fetch current RPi2/3 kernel sources
27 27 if [ -z "${KERNEL_BRANCH}" ] ; then
28 28 as_nobody -H git -C "${temp_dir}" clone --depth=1 "${KERNEL_URL}" linux
29 29 else
30 30 as_nobody -H git -C "${temp_dir}" clone --depth=1 --branch "${KERNEL_BRANCH}" "${KERNEL_URL}" linux
31 31 fi
32 32
33 33 # Copy downloaded kernel sources
34 34 cp -r "${temp_dir}/linux/"* "${KERNEL_DIR}"
35 35
36 36 # Remove temporary directory for kernel sources
37 37 rm -fr "${temp_dir}"
38 38
39 39 # Set permissions of the kernel sources
40 40 chown -R root:root "${R}/usr/src"
41 41 fi
42 42
43 43 # Calculate optimal number of kernel building threads
44 44 if [ "$KERNEL_THREADS" = "1" ] && [ -r /proc/cpuinfo ] ; then
45 45 KERNEL_THREADS=$(grep -c processor /proc/cpuinfo)
46 46 fi
47 47
48 48 # Configure and build kernel
49 49 if [ "$KERNELSRC_PREBUILT" = false ] ; then
50 50 # Remove device, network and filesystem drivers from kernel configuration
51 51 if [ "$KERNEL_REDUCE" = true ] ; then
52 52 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" "${KERNEL_DEFCONFIG}"
53 53 sed -i\
54 54 -e "s/\(^CONFIG_SND.*\=\).*/\1n/"\
55 55 -e "s/\(^CONFIG_SOUND.*\=\).*/\1n/"\
56 56 -e "s/\(^CONFIG_AC97.*\=\).*/\1n/"\
57 57 -e "s/\(^CONFIG_VIDEO_.*\=\).*/\1n/"\
58 58 -e "s/\(^CONFIG_MEDIA_TUNER.*\=\).*/\1n/"\
59 59 -e "s/\(^CONFIG_DVB.*\=\)[ym]/\1n/"\
60 60 -e "s/\(^CONFIG_REISERFS.*\=\).*/\1n/"\
61 61 -e "s/\(^CONFIG_JFS.*\=\).*/\1n/"\
62 62 -e "s/\(^CONFIG_XFS.*\=\).*/\1n/"\
63 63 -e "s/\(^CONFIG_GFS2.*\=\).*/\1n/"\
64 64 -e "s/\(^CONFIG_OCFS2.*\=\).*/\1n/"\
65 65 -e "s/\(^CONFIG_BTRFS.*\=\).*/\1n/"\
66 66 -e "s/\(^CONFIG_HFS.*\=\).*/\1n/"\
67 67 -e "s/\(^CONFIG_JFFS2.*\=\)[ym]/\1n/"\
68 68 -e "s/\(^CONFIG_UBIFS.*\=\).*/\1n/"\
69 69 -e "s/\(^CONFIG_SQUASHFS.*\=\)[ym]/\1n/"\
70 70 -e "s/\(^CONFIG_W1.*\=\)[ym]/\1n/"\
71 71 -e "s/\(^CONFIG_HAMRADIO.*\=\).*/\1n/"\
72 72 -e "s/\(^CONFIG_CAN.*\=\).*/\1n/"\
73 73 -e "s/\(^CONFIG_IRDA.*\=\).*/\1n/"\
74 74 -e "s/\(^CONFIG_BT_.*\=\).*/\1n/"\
75 75 -e "s/\(^CONFIG_WIMAX.*\=\)[ym]/\1n/"\
76 76 -e "s/\(^CONFIG_6LOWPAN.*\=\).*/\1n/"\
77 77 -e "s/\(^CONFIG_IEEE802154.*\=\).*/\1n/"\
78 78 -e "s/\(^CONFIG_NFC.*\=\).*/\1n/"\
79 79 -e "s/\(^CONFIG_FB_TFT=.*\=\).*/\1n/"\
80 80 -e "s/\(^CONFIG_TOUCHSCREEN.*\=\).*/\1n/"\
81 81 -e "s/\(^CONFIG_USB_GSPCA_.*\=\).*/\1n/"\
82 82 -e "s/\(^CONFIG_DRM.*\=\).*/\1n/"\
83 83 "${KERNEL_DIR}/.config"
84 84 fi
85 85
86 86 if [ "$KERNELSRC_CONFIG" = true ] ; then
87 87 # Load default raspberry kernel configuration
88 88 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" "${KERNEL_DEFCONFIG}"
89 89 #Switch to KERNELSRC_DIR
90 90 cd "${KERNEL_DIR}"
91 91
92 # GPL v2.0
93 #https://github.com/sakaki-/bcmrpi3-kernel-bis/blob/master/conform_config.sh
92 # enable ZSWAP see https://askubuntu.com/a/472227 or https://wiki.archlinux.org/index.php/zswap
94 93 if [ "$KERNEL_ZSWAP" = true ] && { [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; } ; then
95 # enable ZSWAP support for better performance during large builds etc.
96 # requires activation via kernel parameter or sysfs
97 # see e.g. https://askubuntu.com/a/472227 for a summary of ZSWAP (vs ZRAM etc.)
98 # and e.g. https://wiki.archlinux.org/index.php/zswap for parameters etc.
99 94 set_kernel_config ZPOOL y
100 95 set_kernel_config ZSWAP y
101 96 set_kernel_config ZBUD y
102 97 set_kernel_config Z3FOLD y
103 98 set_kernel_config ZSMALLOC y
104 99 set_kernel_config PGTABLE_MAPPING y
105 100 fi
106
101
102 # enable basic KVM support; see https://www.raspberrypi.org/forums/viewtopic.php?f=63&t=210546&start=25#p1300453
107 103 if [ "$KERNEL_VIRT" = true ] && { [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; } ; then
108 # enable basic KVM support; see e.g.
109 # https://www.raspberrypi.org/forums/viewtopic.php?f=63&t=210546&start=25#p1300453
110 104 set_kernel_config VIRTUALIZATION y
111 105 set_kernel_config KVM y
112 106 set_kernel_config VHOST_NET m
113 107 set_kernel_config VHOST_CROSS_ENDIAN_LEGACY y
114 108 fi
115 #See https://github.com/raspberrypi/linux/issues/2177#issuecomment-354647406
116 # Netfilter kernel support
109
110 # Netfilter kernel support See https://github.com/raspberrypi/linux/issues/2177#issuecomment-354647406
117 111 if [ "$KERNEL_NF" = true ] && { [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; } ; then
118 112 set_kernel_config CONFIG_NETFILTER_XTABLES m
119 113 set_kernel_config CONFIG_NF_DUP_NETDEV m
120 114 set_kernel_config CONFIG_NF_NAT_SIP m
121 115 set_kernel_config CONFIG_NF_TABLES_ARP m
122 116 set_kernel_config CONFIG_NF_TABLES_BRIDGE m
123 117 set_kernel_config NF_TABLES m
124 118 set_kernel_config CONFIG_BRIDGE_EBT_BROUTE m
125 119 set_kernel_config CONFIG_BRIDGE_EBT_T_FILTER m
126 120 set_kernel_config CONFIG_BRIDGE_NF_EBTABLES m
127 121 set_kernel_config CONFIG_IP6_NF_IPTABLES m
128 122 set_kernel_config CONFIG_IP6_NF_MATCH_AH m
129 123 set_kernel_config CONFIG_IP6_NF_MATCH_EUI64 m
130 124 set_kernel_config CONFIG_IP6_NF_NAT m
131 125 set_kernel_config CONFIG_IP6_NF_TARGET_MASQUERADE m
132 126 set_kernel_config CONFIG_IP6_NF_TARGET_NPT m
133 127 set_kernel_config CONFIG_IP_SET_BITMAP_IPMAC m
134 128 set_kernel_config CONFIG_IP_SET_BITMAP_PORT m
135 129 set_kernel_config CONFIG_IP_SET_HASH_IP m
136 130 set_kernel_config CONFIG_IP_SET_HASH_IPMARK m
137 131 set_kernel_config CONFIG_IP_SET_HASH_IPPORT m
138 132 set_kernel_config CONFIG_IP_SET_HASH_IPPORTIP m
139 133 set_kernel_config CONFIG_IP_SET_HASH_IPPORTNET m
140 134 set_kernel_config CONFIG_IP_SET_HASH_MAC m
141 135 set_kernel_config CONFIG_IP_SET_HASH_NET m
142 136 set_kernel_config CONFIG_IP_SET_HASH_NETIFACE m
143 137 set_kernel_config CONFIG_IP_SET_HASH_NETNET m
144 138 set_kernel_config CONFIG_IP_SET_HASH_NETPORT m
145 139 set_kernel_config CONFIG_IP_SET_HASH_NETPORTNET m
146 140 set_kernel_config CONFIG_IP_SET_LIST_SET m
147 141 set_kernel_config CONFIG_NFT_BRIDGE_META m
148 142 set_kernel_config CONFIG_NFT_BRIDGE_REJECT m
149 143 set_kernel_config CONFIG_NFT_CHAIN_NAT_IPV4 m
150 144 set_kernel_config CONFIG_NFT_CHAIN_NAT_IPV6 m
151 145 set_kernel_config CONFIG_NFT_CHAIN_ROUTE_IPV4 m
152 146 set_kernel_config CONFIG_NFT_CHAIN_ROUTE_IPV6 m
153 147 set_kernel_config CONFIG_NFT_COMPAT m
154 148 set_kernel_config CONFIG_NFT_COUNTER m
155 149 set_kernel_config CONFIG_NFT_CT m
156 150 set_kernel_config CONFIG_NFT_DUP_IPV4 m
157 151 set_kernel_config CONFIG_NFT_DUP_IPV6 m
158 152 set_kernel_config CONFIG_NFT_DUP_NETDEV m
159 153 set_kernel_config CONFIG_NFT_EXTHDR m
160 154 set_kernel_config CONFIG_NFT_FWD_NETDEV m
161 155 set_kernel_config CONFIG_NFT_HASH m
162 156 set_kernel_config CONFIG_NFT_LIMIT m
163 157 set_kernel_config CONFIG_NFT_LOG m
164 158 set_kernel_config CONFIG_NFT_MASQ m
165 159 set_kernel_config CONFIG_NFT_MASQ_IPV4 m
166 160 set_kernel_config CONFIG_NFT_MASQ_IPV6 m
167 161 set_kernel_config CONFIG_NFT_META m
168 162 set_kernel_config CONFIG_NFT_NAT m
169 163 set_kernel_config CONFIG_NFT_NUMGEN m
170 164 set_kernel_config CONFIG_NFT_QUEUE m
171 165 set_kernel_config CONFIG_NFT_QUOTA m
172 166 set_kernel_config CONFIG_NFT_REDIR m
173 167 set_kernel_config CONFIG_NFT_REDIR_IPV4 m
174 168 set_kernel_config CONFIG_NFT_REDIR_IPV6 m
175 169 set_kernel_config CONFIG_NFT_REJECT m
176 170 set_kernel_config CONFIG_NFT_REJECT_INET m
177 171 set_kernel_config CONFIG_NFT_REJECT_IPV4 m
178 172 set_kernel_config CONFIG_NFT_REJECT_IPV6 m
179 173 set_kernel_config CONFIG_NFT_SET_HASH m
180 174 set_kernel_config CONFIG_NFT_SET_RBTREE m
181 175 set_kernel_config CONFIG_NF_CONNTRACK_IPV4 m
182 176 set_kernel_config CONFIG_NF_CONNTRACK_IPV6 m
183 177 set_kernel_config CONFIG_NF_DEFRAG_IPV4 m
184 178 set_kernel_config CONFIG_NF_DEFRAG_IPV6 m
185 179 set_kernel_config CONFIG_NF_DUP_IPV4 m
186 180 set_kernel_config CONFIG_NF_DUP_IPV6 m
187 181 set_kernel_config CONFIG_NF_LOG_BRIDGE m
188 182 set_kernel_config CONFIG_NF_LOG_IPV4 m
189 183 set_kernel_config CONFIG_NF_LOG_IPV6 m
190 184 set_kernel_config CONFIG_NF_NAT_IPV4 m
191 185 set_kernel_config CONFIG_NF_NAT_IPV6 m
192 186 set_kernel_config CONFIG_NF_NAT_MASQUERADE_IPV4 m
193 187 set_kernel_config CONFIG_NF_NAT_MASQUERADE_IPV6 m
194 188 set_kernel_config CONFIG_NF_NAT_PPTP m
195 189 set_kernel_config CONFIG_NF_NAT_PROTO_GRE m
196 190 set_kernel_config CONFIG_NF_NAT_REDIRECT m
197 191 set_kernel_config CONFIG_NF_NAT_SNMP_BASIC m
198 192 set_kernel_config CONFIG_NF_NAT_TFTP m
199 193 set_kernel_config CONFIG_NF_REJECT_IPV4 m
200 194 set_kernel_config CONFIG_NF_REJECT_IPV6 m
201 195 set_kernel_config CONFIG_NF_TABLES_INET m
202 196 set_kernel_config CONFIG_NF_TABLES_IPV4 m
203 197 set_kernel_config CONFIG_NF_TABLES_IPV6 m
204 198 set_kernel_config CONFIG_NF_TABLES_NETDEV m
205 199 set_kernel_config NETFILTER_XTABLES m
206 200 fi
207 201
208 #https://groups.google.com/forum/#!topic/linux.gentoo.user/_2aSc_ztGpA
209 #https://github.com/torvalds/linux/blob/master/init/Kconfig#L848
210 # Enables BPF syscall for systemd-journald
202 # Enables BPF syscall for systemd-journald see https://github.com/torvalds/linux/blob/master/init/Kconfig#L848 or https://groups.google.com/forum/#!topic/linux.gentoo.user/_2aSc_ztGpA
211 203 if [ "$KERNEL_BPF" = true ] && { [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; } ; then
212 204 set_kernel_config CONFIG_BPF_SYSCALL y
213 205 set_kernel_config CONFIG_CGROUP_BPF y
214 206 fi
215 207
216 208 #Revert to previous directory
217 209 cd "${WORKDIR}"
218 210
219 211 # Set kernel configuration parameters to enable qemu emulation
220 212 if [ "$ENABLE_QEMU" = true ] ; then
221 213 echo "CONFIG_FHANDLE=y" >> "${KERNEL_DIR}"/.config
222 214 echo "CONFIG_LBDAF=y" >> "${KERNEL_DIR}"/.config
223 215
224 216 if [ "$ENABLE_CRYPTFS" = true ] ; then
225 217 {
226 218 echo "CONFIG_EMBEDDED=y"
227 219 echo "CONFIG_EXPERT=y"
228 220 echo "CONFIG_DAX=y"
229 221 echo "CONFIG_MD=y"
230 222 echo "CONFIG_BLK_DEV_MD=y"
231 223 echo "CONFIG_MD_AUTODETECT=y"
232 224 echo "CONFIG_BLK_DEV_DM=y"
233 225 echo "CONFIG_BLK_DEV_DM_BUILTIN=y"
234 226 echo "CONFIG_DM_CRYPT=y"
235 227 echo "CONFIG_CRYPTO_BLKCIPHER=y"
236 228 echo "CONFIG_CRYPTO_CBC=y"
237 229 echo "CONFIG_CRYPTO_XTS=y"
238 230 echo "CONFIG_CRYPTO_SHA512=y"
239 231 echo "CONFIG_CRYPTO_MANAGER=y"
240 232 } >> "${KERNEL_DIR}"/.config
241 233 fi
242 234 fi
243 235
244 236 # Copy custom kernel configuration file
245 237 if [ -n "$KERNELSRC_USRCONFIG" ] ; then
246 238 cp "$KERNELSRC_USRCONFIG" "${KERNEL_DIR}"/.config
247 239 fi
248 240
249 241 # Set kernel configuration parameters to their default values
250 242 if [ "$KERNEL_OLDDEFCONFIG" = true ] ; then
251 243 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" olddefconfig
252 244 fi
253 245
254 246 # Start menu-driven kernel configuration (interactive)
255 247 if [ "$KERNEL_MENUCONFIG" = true ] ; then
256 248 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" menuconfig
257 249 fi
258 250 fi
259 251
260 252 # Use ccache to cross compile the kernel
261 253 if [ "$KERNEL_CCACHE" = true ] ; then
262 254 cc="ccache ${CROSS_COMPILE}gcc"
263 255 else
264 256 cc="${CROSS_COMPILE}gcc"
265 257 fi
266 258
267 259 # Cross compile kernel and dtbs
268 260 make -C "${KERNEL_DIR}" -j"${KERNEL_THREADS}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" CC="${cc}" "${KERNEL_BIN_IMAGE}" dtbs
269 261
270 262 # Cross compile kernel modules
271 263 if grep -q "CONFIG_MODULES=y" "${KERNEL_DIR}/.config" ; then
272 264 make -C "${KERNEL_DIR}" -j"${KERNEL_THREADS}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" CC="${cc}" modules
273 265 fi
274 266 fi
275 267
276 268 # Check if kernel compilation was successful
277 269 if [ ! -r "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/${KERNEL_BIN_IMAGE}" ] ; then
278 270 echo "error: kernel compilation failed! (kernel image not found)"
279 271 cleanup
280 272 exit 1
281 273 fi
282 274
283 275 # Install kernel modules
284 276 if [ "$ENABLE_REDUCE" = true ] ; then
285 277 if grep -q "CONFIG_MODULES=y" "${KERNEL_DIR}/.config" ; then
286 278 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_MOD_STRIP=1 INSTALL_MOD_PATH=../../.. modules_install
287 279 fi
288 280 else
289 281 if grep -q "CONFIG_MODULES=y" "${KERNEL_DIR}/.config" ; then
290 282 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_MOD_PATH=../../.. modules_install
291 283 fi
292 284
293 285 # Install kernel firmware
294 286 if grep -q "^firmware_install:" "${KERNEL_DIR}/Makefile" ; then
295 287 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_FW_PATH=../../../lib firmware_install
296 288 fi
297 289 fi
298 290
299 291 # Install kernel headers
300 292 if [ "$KERNEL_HEADERS" = true ] && [ "$KERNEL_REDUCE" = false ] ; then
301 293 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_HDR_PATH=../.. headers_install
302 294 fi
303 295 # make tar.gz kernel package - missing os bzw. modules
304 296 #** ** ** WARNING ** ** **
305 297 #Your architecture did not define any architecture-dependent files
306 298 #to be placed into the tarball. Please add those to ./scripts/package/buildtar .
307 299 # make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" CC="${cc}" targz-pkg
308 300
309 301 # Prepare boot (firmware) directory
310 302 mkdir "${BOOT_DIR}"
311 303
312 304 # Get kernel release version
313 305 KERNEL_VERSION=$(cat "${KERNEL_DIR}/include/config/kernel.release")
314 306
315 307 # Copy kernel configuration file to the boot directory
316 308 install_readonly "${KERNEL_DIR}/.config" "${R}/boot/config-${KERNEL_VERSION}"
317 309
318 310 # Prepare device tree directory
319 311 mkdir "${BOOT_DIR}/overlays"
320 312
321 313 # Ensure the proper .dtb is located
322 314 if [ "$KERNEL_ARCH" = "arm" ] ; then
323 315 for dtb in "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/"*.dtb ; do
324 316 if [ -f "${dtb}" ] ; then
325 317 install_readonly "${dtb}" "${BOOT_DIR}/"
326 318 fi
327 319 done
328 320 else
329 321 for dtb in "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/broadcom/"*.dtb ; do
330 322 if [ -f "${dtb}" ] ; then
331 323 install_readonly "${dtb}" "${BOOT_DIR}/"
332 324 fi
333 325 done
334 326 fi
335 327
336 328 # Copy compiled dtb device tree files
337 329 if [ -d "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays" ] ; then
338 330 for dtb in "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays/"*.dtb ; do
339 331 if [ -f "${dtb}" ] ; then
340 332 install_readonly "${dtb}" "${BOOT_DIR}/overlays/"
341 333 fi
342 334 done
343 335
344 336 if [ -f "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays/README" ] ; then
345 337 install_readonly "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays/README" "${BOOT_DIR}/overlays/README"
346 338 fi
347 339 fi
348 340
349 341 if [ "$ENABLE_UBOOT" = false ] ; then
350 342 # Convert and copy kernel image to the boot directory
351 343 "${KERNEL_DIR}/scripts/mkknlimg" "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/${KERNEL_BIN_IMAGE}" "${BOOT_DIR}/${KERNEL_IMAGE}"
352 344 else
353 345 # Copy kernel image to the boot directory
354 346 install_readonly "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/${KERNEL_BIN_IMAGE}" "${BOOT_DIR}/${KERNEL_IMAGE}"
355 347 fi
356 348
357 349 # Remove kernel sources
358 350 if [ "$KERNEL_REMOVESRC" = true ] ; then
359 351 rm -fr "${KERNEL_DIR}"
360 352 else
361 353 # Prepare compiled kernel modules
362 354 if grep -q "CONFIG_MODULES=y" "${KERNEL_DIR}/.config" ; then
363 355 if grep -q "^modules_prepare:" "${KERNEL_DIR}/Makefile" ; then
364 356 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" modules_prepare
365 357 fi
366 358
367 359 # Create symlinks for kernel modules
368 360 chroot_exec ln -sf /usr/src/linux "/lib/modules/${KERNEL_VERSION}/build"
369 361 chroot_exec ln -sf /usr/src/linux "/lib/modules/${KERNEL_VERSION}/source"
370 362 fi
371 363 fi
372 364
373 365 else # BUILD_KERNEL=false
374 366 # echo Install precompiled kernel...
375 367 # echo error: not implemented
376 368 if [ "$KERNEL_ARCH" = arm64 ] && { [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; } ; then
377 369 # Create temporary directory for dl
378 370 temp_dir=$(as_nobody mktemp -d)
379 371
380 372 # Fetch kernel dl
381 373 as_nobody wget -O "${temp_dir}"/kernel.tar.xz -c "$RPI3_64_KERNEL_URL"
382 374 #extract download
383 375 tar -xJf "${temp_dir}"/kernel.tar.xz -C "${temp_dir}"
384 376
385 377 #move extracted kernel to /boot/firmware
386 378 mkdir "${R}/boot/firmware"
387 379 cp "${temp_dir}"/boot/* "${R}"/boot/firmware/
388 380 cp -r "${temp_dir}"/lib/* "${R}"/lib/
389 381
390 382 # Remove temporary directory for kernel sources
391 383 rm -fr "${temp_dir}"
392 384 # Set permissions of the kernel sources
393 385 chown -R root:root "${R}/boot/firmware"
394 386 chown -R root:root "${R}/lib/modules"
395 387 #Create cmdline.txt for 15-rpi-config.sh
396 388 touch "${BOOT_DIR}/cmdline.txt"
397 389 fi
398 390
399 391 # Check if kernel installation was successful
400 392 KERNEL="$(ls -1 "${R}"/boot/firmware/kernel* | sort | tail -n 1)"
401 393 if [ -z "$KERNEL" ] ; then
402 394 echo "error: kernel installation failed! (/boot/kernel* not found)"
403 395 cleanup
404 396 exit 1
405 397 fi
406 398 fi
Show file before | Show file after | Hide comments
@@ -1,195 +1,233
1 1 #
2 2 # Setup RPi2/3 config and cmdline
3 3 #
4 4
5 5 # Load utility functions
6 6 . ./functions.sh
7 7
8 8 if [ "$BUILD_KERNEL" = true ] ; then
9 9 if [ -n "$RPI_FIRMWARE_DIR" ] && [ -d "$RPI_FIRMWARE_DIR" ] ; then
10 10 # Install boot binaries from local directory
11 11 cp "${RPI_FIRMWARE_DIR}"/boot/bootcode.bin "${BOOT_DIR}"/bootcode.bin
12 12 cp "${RPI_FIRMWARE_DIR}"/boot/fixup.dat "${BOOT_DIR}"/fixup.dat
13 13 cp "${RPI_FIRMWARE_DIR}"/boot/fixup_cd.dat "${BOOT_DIR}"/fixup_cd.dat
14 14 cp "${RPI_FIRMWARE_DIR}"/boot/fixup_x.dat "${BOOT_DIR}"/fixup_x.dat
15 15 cp "${RPI_FIRMWARE_DIR}"/boot/start.elf "${BOOT_DIR}"/start.elf
16 16 cp "${RPI_FIRMWARE_DIR}"/boot/start_cd.elf "${BOOT_DIR}"/start_cd.elf
17 17 cp "${RPI_FIRMWARE_DIR}"/boot/start_x.elf "${BOOT_DIR}"/start_x.elf
18 18 else
19 19 # Create temporary directory for boot binaries
20 20 temp_dir=$(as_nobody mktemp -d)
21 21
22 22 # Install latest boot binaries from raspberry/firmware github
23 23 as_nobody wget -q -O "${temp_dir}/bootcode.bin" "${FIRMWARE_URL}/bootcode.bin"
24 24 as_nobody wget -q -O "${temp_dir}/fixup.dat" "${FIRMWARE_URL}/fixup.dat"
25 25 as_nobody wget -q -O "${temp_dir}/fixup_cd.dat" "${FIRMWARE_URL}/fixup_cd.dat"
26 26 as_nobody wget -q -O "${temp_dir}/fixup_x.dat" "${FIRMWARE_URL}/fixup_x.dat"
27 27 as_nobody wget -q -O "${temp_dir}/start.elf" "${FIRMWARE_URL}/start.elf"
28 28 as_nobody wget -q -O "${temp_dir}/start_cd.elf" "${FIRMWARE_URL}/start_cd.elf"
29 29 as_nobody wget -q -O "${temp_dir}/start_x.elf" "${FIRMWARE_URL}/start_x.elf"
30 30
31 31 # Move downloaded boot binaries
32 32 mv "${temp_dir}/"* "${BOOT_DIR}/"
33 33
34 34 # Remove temporary directory for boot binaries
35 35 rm -fr "${temp_dir}"
36 36
37 37 # Set permissions of the boot binaries
38 38 chown -R root:root "${BOOT_DIR}"
39 39 chmod -R 600 "${BOOT_DIR}"
40 40 fi
41 41 fi
42 42
43 43 # Setup firmware boot cmdline
44 44 if [ "$ENABLE_UBOOTUSB" = true ] ; then
45 45 CMDLINE="dwc_otg.lpm_enable=0 root=/dev/sda2 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline rootwait console=tty1 init=/bin/systemd"
46 46 else
47 47 if [ "$ENABLE_SPLITFS" = true ] ; then
48 48 CMDLINE="dwc_otg.lpm_enable=0 root=/dev/sda1 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline rootwait console=tty1 init=/bin/systemd"
49 49 else
50 50 CMDLINE="dwc_otg.lpm_enable=0 root=/dev/mmcblk0p2 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline rootwait console=tty1 init=/bin/systemd"
51 51 fi
52 52 fi
53 53
54
55
56 54 # Add encrypted root partition to cmdline.txt
57 55 if [ "$ENABLE_CRYPTFS" = true ] ; then
58 56 if [ "$ENABLE_SPLITFS" = true ] ; then
59 57 CMDLINE=$(echo "${CMDLINE}" | sed "s/sda1/mapper\/${CRYPTFS_MAPPING} cryptdevice=\/dev\/sda1:${CRYPTFS_MAPPING}/")
60 58 else
61 59 if [ "$ENABLE_UBOOTUSB" = true ] ; then
62 60 CMDLINE=$(echo "${CMDLINE}" | sed "s/sda2/mapper\/${CRYPTFS_MAPPING} cryptdevice=\/dev\/sda2:${CRYPTFS_MAPPING}/")
63 61 else
64 62 CMDLINE=$(echo "${CMDLINE}" | sed "s/mmcblk0p2/mapper\/${CRYPTFS_MAPPING} cryptdevice=\/dev\/mmcblk0p2:${CRYPTFS_MAPPING}/")
65 63 fi
66 64 fi
67 65 fi
68 66
69 # Add serial console support
70 #if [ "$ENABLE_CONSOLE" = true ] ; then
71 # CMDLINE="${CMDLINE} console=ttyAMA0,115200 kgdboc=ttyAMA0,115200"
72 #fi
67 #locks cpu at max frequency
68 if [ "$ENABLE_TURBO" = true ] ; then
69 echo "force_turbo=1" >> "${BOOT_DIR}/config.txt"
70 fi
71
72 if [ "$ENABLE_PRINTK" = true ] ; then
73 install_readonly files/sysctl.d/83-rpi-printk.conf "${ETC_DIR}/sysctl.d/83-rpi-printk.conf"
74 fi
75
76 # Install udev rule for serial alias
77 install_readonly files/etc/99-com.rules "${ETC_DIR}/udev/rules.d/99-com.rules"
78
79 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then
80
81 # RPI0,3,3P Use default ttyS0 (mini-UART)as serial interface
82 SET_SERIAL="ttyS0"
83
84 # Bluetooth enabled
85 if [ "$ENABLE_BLUETOOTH" = true ] ; then
86 # Create temporary directory for Bluetooth sources
87 temp_dir=$(as_nobody mktemp -d)
88
89 # Fetch Bluetooth sources
90 as_nobody git -C "${temp_dir}" clone "${BLUETOOTH_URL}"
91
92 # Copy downloaded sources
93 mv "${temp_dir}/pi-bluetooth" "${R}/tmp/"
94
95 # Bluetooth firmware from arch aur https://aur.archlinux.org/packages/pi-bluetooth/
96 as_nobody wget -q -O "${R}/tmp/pi-bluetooth/LICENCE.broadcom_bcm43xx" https://aur.archlinux.org/cgit/aur.git/plain/LICENCE.broadcom_bcm43xx?h=pi-bluetooth
97 as_nobody wget -q -O "${R}/tmp/pi-bluetooth/BCM43430A1.hcd" https://aur.archlinux.org/cgit/aur.git/plain/BCM43430A1.hcd?h=pi-bluetooth
98
99 # Set permissions
100 chown -R root:root "${R}/tmp/pi-bluetooth"
101
102 # Install tools
103 install_readonly "${R}/tmp/pi-bluetooth/usr/bin/btuart" "${R}/usr/bin/btuart"
104 install_readonly "${R}/tmp/pi-bluetooth/usr/bin/bthelper" "${R}/usr/bin/bthelper"
105
106 # Install bluetooth udev rule
107 install_readonly "${R}/tmp/pi-bluetooth/lib/udev/rules.d/90-pi-bluetooth.rules" "${LIB_DIR}/udev/rules.d/90-pi-bluetooth.rules"
108
109 # Install Firmware Flash file and apropiate licence
110 mkdir "${ETC_DIR}/firmware/"
111 install_readonly "${R}/tmp/pi-bluetooth/LICENCE.broadcom_bcm43xx" "${ETC_DIR}/firmware/LICENCE.broadcom_bcm43xx"
112 install_readonly "${R}/tmp/pi-bluetooth/BCM43430A1.hcd" "${ETC_DIR}/firmware/LICENCE.broadcom_bcm43xx"
113 install_readonly "${R}/tmp/pi-bluetooth/debian/pi-bluetooth.bthelper@.service" "${ETC_DIR}/systemd/system/pi-bluetooth.bthelper@.service"
114 install_readonly "${R}/tmp/pi-bluetooth/debian/pi-bluetooth.hciuart.service" "${ETC_DIR}/systemd/system/pi-bluetooth.hciuart.service"
115
116 # Remove temporary directory
117 rm -fr "${temp_dir}"
118
119 # Switch Pi3 Bluetooth function to use the mini-UART (ttyS0) and restore UART0/ttyAMA0 over GPIOs 14 & 15. Slow Bluetooth and slow cpu. Use /dev/ttyS0 instead of /dev/ttyAMA0
120 if [ "$ENABLE_MINIUART_OVERLAY" = true ] ; then
121
122 # set overlay to swap ttyAMA0 and ttyS0
123 echo "dtoverlay=pi3-miniuart-bt" >> "${BOOT_DIR}/config.txt"
124
125 # if force_turbo didn't lock cpu at high speed, lock it at low speed (XOR logic) or miniuart will be broken
126 if [ "$ENABLE_TURBO" = false ] ; then
127 echo "core_freq=250" >> "${BOOT_DIR}/config.txt"
128 fi
129 fi
130
131 else # if ENABLE_BLUETOOTH = false
132 # set overlay to disable bluetooth
133 echo "dtoverlay=pi3-disable-bt" >> "${BOOT_DIR}/config.txt"
134 fi # ENABLE_BLUETOOTH end
135
136 else
137 # RPI1,1P,2 Use default ttyAMA0 (full UART) as serial interface
138 SET_SERIAL="ttyAMA0"
139 fi
140
141 # may need sudo systemctl disable hciuart
142 if [ "$ENABLE_CONSOLE" = true ] ; then
143 echo "enable_uart=1" >> "${BOOT_DIR}/config.txt"
144
145 # add string to cmdline
146 CMDLINE="${CMDLINE} console=serial0,115200"
147
148 # Enable serial console systemd style
149 chroot_exec systemctl start serial-getty@"$SET_SERIAL".service
150 chroot_exec systemctl enable serial-getty@"$SET_SERIAL".service
151 else
152 echo "enable_uart=0" >> "${BOOT_DIR}/config.txt"
153
154 # Enable serial console systemd style
155 chroot_exec systemctl stop serial-getty@"$SET_SERIAL".service
156 chroot_exec systemctl disable serial-getty@"$SET_SERIAL".service
157 fi
73 158
74 159 # Remove IPv6 networking support
75 160 if [ "$ENABLE_IPV6" = false ] ; then
76 161 CMDLINE="${CMDLINE} ipv6.disable=1"
77 162 fi
78 163
79 164 # Automatically assign predictable network interface names
80 165 if [ "$ENABLE_IFNAMES" = false ] ; then
81 166 CMDLINE="${CMDLINE} net.ifnames=0"
82 167 else
83 168 CMDLINE="${CMDLINE} net.ifnames=1"
84 169 fi
85 170
86 171 # Install firmware boot cmdline
87 172 echo "${CMDLINE}" > "${BOOT_DIR}/cmdline.txt"
88 173
89 174 # Install firmware config
90 175 install_readonly files/boot/config.txt "${BOOT_DIR}/config.txt"
91 176
92 177 # Setup minimal GPU memory allocation size: 16MB (no X)
93 178 if [ "$ENABLE_MINGPU" = true ] ; then
94 179 echo "gpu_mem=16" >> "${BOOT_DIR}/config.txt"
95 180 fi
96 181
97 182 # Setup boot with initramfs
98 183 if [ "$ENABLE_INITRAMFS" = true ] ; then
99 184 echo "initramfs initramfs-${KERNEL_VERSION} followkernel" >> "${BOOT_DIR}/config.txt"
100 185 fi
101 186
102 # Disable RPi3 Bluetooth and restore ttyAMA0 serial device
103 if [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then
104 if [ "$ENABLE_CONSOLE" = true ] && [ "$ENABLE_UBOOT" = false ] ; then
105 echo "dtoverlay=pi3-disable-bt" >> "${BOOT_DIR}/config.txt"
106 echo "enable_uart=1" >> "${BOOT_DIR}/config.txt"
107 fi
108 fi
109
110 if [ "$ENABLE_BLUETOOTH" = true ] ; then
111 # Create temporary directory for Bluetooth sources
112 temp_dir=$(as_nobody mktemp -d)
113
114 # Fetch Bluetooth sources
115 as_nobody git -C "${temp_dir}" clone "${BLUETOOTH_URL}"
116
117 # Copy downloaded sources
118 mv "${temp_dir}/pi-bluetooth" "${R}/tmp/"
119
120 # Raspberry-sys-mod package for /dev/serial device needed by bluetooth service
121 as_nobody wget -q -O "${R}/tmp/pi-bluetooth/99-com.rules" https://raw.githubusercontent.com/RPi-Distro/raspberrypi-sys-mods/master/etc.armhf/udev/rules.d/99-com.rules
122 # Bluetooth firmware from arch aur https://aur.archlinux.org/packages/pi-bluetooth/
123 as_nobody wget -q -O "${R}/tmp/pi-bluetooth/LICENCE.broadcom_bcm43xx" https://aur.archlinux.org/cgit/aur.git/plain/LICENCE.broadcom_bcm43xx?h=pi-bluetooth
124 as_nobody wget -q -O "${R}/tmp/pi-bluetooth/BCM43430A1.hcd" https://aur.archlinux.org/cgit/aur.git/plain/BCM43430A1.hcd?h=pi-bluetooth
125
126 # Set permissions
127 chown -R root:root "${R}/tmp/pi-bluetooth"
128
129 # Install tools
130 install_readonly "${R}/tmp/pi-bluetooth/usr/bin/btuart" "${R}/usr/bin/btuart"
131 install_readonly "${R}/tmp/pi-bluetooth/usr/bin/bthelper" "${R}/usr/bin/bthelper"
132
133 # Install bluetooth udev rule
134 install_readonly "${R}/tmp/pi-bluetooth/lib/udev/rules.d/90-pi-bluetooth.rules" "${LIB_DIR}/udev/rules.d/90-pi-bluetooth.rules"
135
136 # Install Firmware Flash file and apropiate licence
137 mkdir "${ETC_DIR}/firmware/"
138 install_readonly "${R}/tmp/pi-bluetooth/LICENCE.broadcom_bcm43xx" "${ETC_DIR}/firmware/LICENCE.broadcom_bcm43xx"
139 install_readonly "${R}/tmp/pi-bluetooth/BCM43430A1.hcd" "${ETC_DIR}/firmware/LICENCE.broadcom_bcm43xx"
140 install_readonly "${R}/tmp/pi-bluetooth/debian/pi-bluetooth.bthelper@.service" "${ETC_DIR}/systemd/system/pi-bluetooth.bthelper@.service"
141 install_readonly "${R}/tmp/pi-bluetooth/debian/pi-bluetooth.hciuart.service" "${ETC_DIR}/systemd/system/pi-bluetooth.hciuart.service"
142 # Install udev rule for bluetooth device
143 install_readonly "${R}/tmp/pi-bluetooth/99-com.rules" "${ETC_DIR}/udev/rules.d/99-com.rules"
144
145 # Remove temporary directory
146 rm -fr "${temp_dir}"
147 fi
148
149 187 # Create firmware configuration and cmdline symlinks
150 188 ln -sf firmware/config.txt "${R}/boot/config.txt"
151 189 ln -sf firmware/cmdline.txt "${R}/boot/cmdline.txt"
152 190
153 191 # Install and setup kernel modules to load at boot
154 192 mkdir -p "${LIB_DIR}/modules-load.d/"
155 193 install_readonly files/modules/rpi2.conf "${LIB_DIR}/modules-load.d/rpi2.conf"
156 194
157 195 # Load hardware random module at boot
158 196 if [ "$ENABLE_HWRANDOM" = true ] && [ "$BUILD_KERNEL" = false ] ; then
159 197 sed -i "s/^# bcm2708_rng/bcm2708_rng/" "${LIB_DIR}/modules-load.d/rpi2.conf"
160 198 fi
161 199
162 200 # Load sound module at boot
163 201 if [ "$ENABLE_SOUND" = true ] ; then
164 202 sed -i "s/^# snd_bcm2835/snd_bcm2835/" "${LIB_DIR}/modules-load.d/rpi2.conf"
165 203 else
166 204 echo "dtparam=audio=off" >> "${BOOT_DIR}/config.txt"
167 205 fi
168 206
169 207 # Enable I2C interface
170 208 if [ "$ENABLE_I2C" = true ] ; then
171 209 echo "dtparam=i2c_arm=on" >> "${BOOT_DIR}/config.txt"
172 210 sed -i "s/^# i2c-bcm2708/i2c-bcm2708/" "${LIB_DIR}/modules-load.d/rpi2.conf"
173 211 sed -i "s/^# i2c-dev/i2c-dev/" "${LIB_DIR}/modules-load.d/rpi2.conf"
174 212 fi
175 213
176 214 # Enable SPI interface
177 215 if [ "$ENABLE_SPI" = true ] ; then
178 216 echo "dtparam=spi=on" >> "${BOOT_DIR}/config.txt"
179 217 echo "spi-bcm2708" >> "${LIB_DIR}/modules-load.d/rpi2.conf"
180 218 if [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ]; then
181 219 sed -i "s/spi-bcm2708/spi-bcm2835/" "${LIB_DIR}/modules-load.d/rpi2.conf"
182 220 fi
183 221 fi
184 222
185 223 # Disable RPi2/3 under-voltage warnings
186 224 if [ -n "$DISABLE_UNDERVOLT_WARNINGS" ] ; then
187 225 echo "avoid_warnings=${DISABLE_UNDERVOLT_WARNINGS}" >> "${BOOT_DIR}/config.txt"
188 226 fi
189 227
190 228 # Install kernel modules blacklist
191 229 mkdir -p "${ETC_DIR}/modprobe.d/"
192 230 install_readonly files/modules/raspi-blacklist.conf "${ETC_DIR}/modprobe.d/raspi-blacklist.conf"
193 231
194 232 # Install sysctl.d configuration files
195 233 install_readonly files/sysctl.d/81-rpi-vm.conf "${ETC_DIR}/sysctl.d/81-rpi-vm.conf"
Show file before | Show file after | Hide comments
@@ -1,29 +1,24
1 1 #
2 2 # Setup users and security settings
3 3 #
4 4
5 5 # Load utility functions
6 6 . ./functions.sh
7 7
8 8 # Generate crypt(3) password string
9 9 ENCRYPTED_PASSWORD=$(mkpasswd -m sha-512 "${PASSWORD}")
10 10 ENCRYPTED_USER_PASSWORD=$(mkpasswd -m sha-512 "${USER_PASSWORD}")
11 11
12 12 # Setup default user
13 13 if [ "$ENABLE_USER" = true ] ; then
14 14 chroot_exec adduser --gecos "$USER_NAME" --add_extra_groups --disabled-password "$USER_NAME"
15 15 chroot_exec usermod -a -G sudo -p "${ENCRYPTED_USER_PASSWORD}" "$USER_NAME"
16 16 fi
17 17
18 18 # Setup root password or not
19 19 if [ "$ENABLE_ROOT" = true ] ; then
20 20 chroot_exec usermod -p "${ENCRYPTED_PASSWORD}" root
21 21 else
22 22 # Set no root password to disable root login
23 23 chroot_exec usermod -p \'!\' root
24 24 fi
25
26 # Enable serial console systemd style
27 if [ "$ENABLE_CONSOLE" = true ] ; then
28 chroot_exec systemctl enable serial-getty\@ttyAMA0.service
29 fi
Show file before | Show file after | Hide comments
@@ -1,825 +1,823
1 1 #!/bin/sh
2 2 ########################################################################
3 3 # rpi23-gen-image.sh 2015-2017
4 4 #
5 5 # Advanced Debian "stretch" and "buster" bootstrap script for RPi2/3
6 6 #
7 7 # This program is free software; you can redistribute it and/or
8 8 # modify it under the terms of the GNU General Public License
9 9 # as published by the Free Software Foundation; either version 2
10 10 # of the License, or (at your option) any later version.
11 11 #
12 12 # Copyright (C) 2015 Jan Wagner <mail@jwagner.eu>
13 13 #
14 14 # Big thanks for patches and enhancements by 20+ github contributors!
15 15 ########################################################################
16 16
17 17 # Are we running as root?
18 18 if [ "$(id -u)" -ne "0" ] ; then
19 19 echo "error: this script must be executed with root privileges!"
20 20 exit 1
21 21 fi
22 22
23 23 # Check if ./functions.sh script exists
24 24 if [ ! -r "./functions.sh" ] ; then
25 25 echo "error: './functions.sh' required script not found!"
26 26 exit 1
27 27 fi
28 28
29 29 # Load utility functions
30 30 . ./functions.sh
31 31
32 32 # Load parameters from configuration template file
33 33 if [ -n "$CONFIG_TEMPLATE" ] ; then
34 34 use_template
35 35 fi
36 36
37 37 # Introduce settings
38 38 set -e
39 39 echo -n -e "\n#\n# RPi2/3 Bootstrap Settings\n#\n"
40 40 set -x
41 41
42 42 # Raspberry Pi model configuration
43 43 RPI_MODEL=${RPI_MODEL:=2}
44 44
45 45 # Debian release
46 46 RELEASE=${RELEASE:=buster}
47 47
48 48 # Kernel Branch
49 49 KERNEL_BRANCH=${KERNEL_BRANCH:=""}
50 50
51 51 # URLs
52 52 KERNEL_URL=${KERNEL_URL:=https://github.com/raspberrypi/linux}
53 53 FIRMWARE_URL=${FIRMWARE_URL:=https://github.com/raspberrypi/firmware/raw/master/boot}
54 54 WLAN_FIRMWARE_URL=${WLAN_FIRMWARE_URL:=https://github.com/RPi-Distro/firmware-nonfree/raw/master/brcm}
55 55 COLLABORA_URL=${COLLABORA_URL:=https://repositories.collabora.co.uk/debian}
56 56 FBTURBO_URL=${FBTURBO_URL:=https://github.com/ssvb/xf86-video-fbturbo.git}
57 57 UBOOT_URL=${UBOOT_URL:=https://git.denx.de/u-boot.git}
58 58 VIDEOCORE_URL=${VIDEOCORE_URL:=https://github.com/raspberrypi/userland}
59 59 #BIS= Kernel has KVM and zswap enabled
60 60 RPI3_64_BIS_KERNEL_URL=${RPI3_64_BIS_KERNEL_URL:=https://github.com/sakaki-/bcmrpi3-kernel-bis/releases/download/4.14.80.20181113/bcmrpi3-kernel-bis-4.14.80.20181113.tar.xz}
61 61 #default bcmrpi3_defconfig target kernel
62 62 RPI3_64_DEF_KERNEL_URL=${RPI3_64_DEF_KERNEL_URL:=https://github.com/sakaki-/bcmrpi3-kernel/releases/download/4.14.80.20181113/bcmrpi3-kernel-4.14.80.20181113.tar.xz}
63 63 #enhanced kernel
64 64 RPI3_64_KERNEL_URL=${RPI3_64_KERNEL_URL:=$RPI3_64_BIS_KERNEL_URL}
65 65 BLUETOOTH_URL=${BLUETOOTH_URL:=https://github.com/RPi-Distro/pi-bluetooth.git}
66 66
67 67 # Build directories
68 68 WORKDIR=$(pwd)
69 69 BASEDIR=${BASEDIR:=${WORKDIR}/images/${RELEASE}}
70 70 BUILDDIR="${BASEDIR}/build"
71 71
72 72 # Chroot directories
73 73 R="${BUILDDIR}/chroot"
74 74 ETC_DIR="${R}/etc"
75 75 LIB_DIR="${R}/lib"
76 76 BOOT_DIR="${R}/boot/firmware"
77 77 KERNEL_DIR="${R}/usr/src/linux"
78 78 WLAN_FIRMWARE_DIR="${LIB_DIR}/firmware/brcm"
79 79
80 80 # Firmware directory: Blank if download from github
81 81 RPI_FIRMWARE_DIR=${RPI_FIRMWARE_DIR:=""}
82 82
83 83 # General settings
84 84 SET_ARCH=${SET_ARCH:=32}
85 85 HOSTNAME=${HOSTNAME:=rpi${RPI_MODEL}-${RELEASE}}
86 86 PASSWORD=${PASSWORD:=raspberry}
87 87 USER_PASSWORD=${USER_PASSWORD:=raspberry}
88 88 DEFLOCAL=${DEFLOCAL:="en_US.UTF-8"}
89 89 TIMEZONE=${TIMEZONE:="Europe/Berlin"}
90 90 EXPANDROOT=${EXPANDROOT:=true}
91 91
92 92 # Keyboard settings
93 93 XKB_MODEL=${XKB_MODEL:=""}
94 94 XKB_LAYOUT=${XKB_LAYOUT:=""}
95 95 XKB_VARIANT=${XKB_VARIANT:=""}
96 96 XKB_OPTIONS=${XKB_OPTIONS:=""}
97 97
98 98 # Network settings (DHCP)
99 99 ENABLE_DHCP=${ENABLE_DHCP:=true}
100 100
101 101 # Network settings (static)
102 102 NET_ADDRESS=${NET_ADDRESS:=""}
103 103 NET_GATEWAY=${NET_GATEWAY:=""}
104 104 NET_DNS_1=${NET_DNS_1:=""}
105 105 NET_DNS_2=${NET_DNS_2:=""}
106 106 NET_DNS_DOMAINS=${NET_DNS_DOMAINS:=""}
107 107 NET_NTP_1=${NET_NTP_1:=""}
108 108 NET_NTP_2=${NET_NTP_2:=""}
109 109
110 110 # APT settings
111 111 APT_PROXY=${APT_PROXY:=""}
112 112 APT_SERVER=${APT_SERVER:="ftp.debian.org"}
113 113
114 114 # Feature settings
115 ENABLE_PRINTK=${ENABLE_PRINTK:=false}
115 116 ENABLE_BLUETOOTH=${ENABLE_BLUETOOTH:=false}
117 ENABLE_MINIUART_OVERLAY=${ENABLE_MINIUART_OVERLAY:=false}
116 118 ENABLE_CONSOLE=${ENABLE_CONSOLE:=true}
117 119 ENABLE_I2C=${ENABLE_I2C:=false}
118 120 ENABLE_SPI=${ENABLE_SPI:=false}
119 121 ENABLE_IPV6=${ENABLE_IPV6:=true}
120 122 ENABLE_SSHD=${ENABLE_SSHD:=true}
121 123 ENABLE_NONFREE=${ENABLE_NONFREE:=false}
122 124 ENABLE_WIRELESS=${ENABLE_WIRELESS:=false}
123 125 ENABLE_SOUND=${ENABLE_SOUND:=true}
124 126 ENABLE_DBUS=${ENABLE_DBUS:=true}
125 127 ENABLE_HWRANDOM=${ENABLE_HWRANDOM:=true}
126 128 ENABLE_MINGPU=${ENABLE_MINGPU:=false}
127 129 ENABLE_XORG=${ENABLE_XORG:=false}
128 130 ENABLE_WM=${ENABLE_WM:=""}
129 131 ENABLE_RSYSLOG=${ENABLE_RSYSLOG:=true}
130 132 ENABLE_USER=${ENABLE_USER:=true}
131 133 USER_NAME=${USER_NAME:="pi"}
132 134 ENABLE_ROOT=${ENABLE_ROOT:=false}
133 135 ENABLE_QEMU=${ENABLE_QEMU:=false}
134 136 ENABLE_SYSVINIT=${ENABLE_SYSVINIT:=false}
135 137
136 138 # SSH settings
137 139 SSH_ENABLE_ROOT=${SSH_ENABLE_ROOT:=false}
138 140 SSH_DISABLE_PASSWORD_AUTH=${SSH_DISABLE_PASSWORD_AUTH:=false}
139 141 SSH_LIMIT_USERS=${SSH_LIMIT_USERS:=false}
140 142 SSH_ROOT_PUB_KEY=${SSH_ROOT_PUB_KEY:=""}
141 143 SSH_USER_PUB_KEY=${SSH_USER_PUB_KEY:=""}
142 144
143 145 # Advanced settings
144 146 ENABLE_MINBASE=${ENABLE_MINBASE:=false}
145 147 ENABLE_REDUCE=${ENABLE_REDUCE:=false}
146 148 ENABLE_UBOOT=${ENABLE_UBOOT:=false}
147 149 UBOOTSRC_DIR=${UBOOTSRC_DIR:=""}
148 150 ENABLE_UBOOTUSB=${ENABLE_UBOOTUSB=false}
149 151 ENABLE_FBTURBO=${ENABLE_FBTURBO:=false}
150 152 ENABLE_VIDEOCORE=${ENABLE_VIDEOCORE:=false}
151 153 VIDEOCORESRC_DIR=${VIDEOCORESRC_DIR:=""}
152 154 FBTURBOSRC_DIR=${FBTURBOSRC_DIR:=""}
153 155 ENABLE_HARDNET=${ENABLE_HARDNET:=false}
154 156 ENABLE_IPTABLES=${ENABLE_IPTABLES:=false}
155 157 ENABLE_SPLITFS=${ENABLE_SPLITFS:=false}
156 158 ENABLE_INITRAMFS=${ENABLE_INITRAMFS:=false}
157 159 ENABLE_IFNAMES=${ENABLE_IFNAMES:=true}
158 160 DISABLE_UNDERVOLT_WARNINGS=${DISABLE_UNDERVOLT_WARNINGS:=}
159 161
160 162 # Kernel compilation settings
161 163 BUILD_KERNEL=${BUILD_KERNEL:=true}
162 164 KERNEL_REDUCE=${KERNEL_REDUCE:=false}
163 165 KERNEL_THREADS=${KERNEL_THREADS:=1}
164 166 KERNEL_HEADERS=${KERNEL_HEADERS:=true}
165 167 KERNEL_MENUCONFIG=${KERNEL_MENUCONFIG:=false}
166 168 KERNEL_REMOVESRC=${KERNEL_REMOVESRC:=true}
167 169 KERNEL_OLDDEFCONFIG=${KERNEL_OLDDEFCONFIG:=false}
168 170 KERNEL_CCACHE=${KERNEL_CCACHE:=false}
169 171 KERNEL_ZSWAP=${KERNEL_ZSWAP:=false}
170 172 KERNEL_VIRT=${KERNEL_VIRT:=false}
171 173 KERNEL_BPF=${KERNEL_BPF:=false}
172 174
173 175 # Kernel compilation from source directory settings
174 176 KERNELSRC_DIR=${KERNELSRC_DIR:=""}
175 177 KERNELSRC_CLEAN=${KERNELSRC_CLEAN:=false}
176 178 KERNELSRC_CONFIG=${KERNELSRC_CONFIG:=true}
177 179 KERNELSRC_PREBUILT=${KERNELSRC_PREBUILT:=false}
178 180
179 181 # Reduce disk usage settings
180 182 REDUCE_APT=${REDUCE_APT:=true}
181 183 REDUCE_DOC=${REDUCE_DOC:=true}
182 184 REDUCE_MAN=${REDUCE_MAN:=true}
183 185 REDUCE_VIM=${REDUCE_VIM:=false}
184 186 REDUCE_BASH=${REDUCE_BASH:=false}
185 187 REDUCE_HWDB=${REDUCE_HWDB:=true}
186 188 REDUCE_SSHD=${REDUCE_SSHD:=true}
187 189 REDUCE_LOCALE=${REDUCE_LOCALE:=true}
188 190
189 191 # Encrypted filesystem settings
190 192 ENABLE_CRYPTFS=${ENABLE_CRYPTFS:=false}
191 193 CRYPTFS_PASSWORD=${CRYPTFS_PASSWORD:=""}
192 194 CRYPTFS_MAPPING=${CRYPTFS_MAPPING:="secure"}
193 195 CRYPTFS_CIPHER=${CRYPTFS_CIPHER:="aes-xts-plain64:sha512"}
194 196 CRYPTFS_XTSKEYSIZE=${CRYPTFS_XTSKEYSIZE:=512}
195 197
196 198 # Chroot scripts directory
197 199 CHROOT_SCRIPTS=${CHROOT_SCRIPTS:=""}
198 200
199 201 # Packages required in the chroot build environment
200 202 APT_INCLUDES=${APT_INCLUDES:=""}
201 203 APT_INCLUDES="${APT_INCLUDES},apt-transport-https,apt-utils,ca-certificates,debian-archive-keyring,dialog,sudo,systemd,sysvinit-utils,locales,keyboard-configuration,console-setup,libnss-systemd"
202 204
203 205 #Packages to exclude from chroot build environment
204 206 APT_EXCLUDES=${APT_EXCLUDES:=""}
205 207
206 208 # Packages required for bootstrapping
207 209 REQUIRED_PACKAGES="debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git bc psmisc dbus sudo netselect-apt"
208 210 MISSING_PACKAGES=""
209 211
210 212 # Packages installed for c/c++ build environment in chroot (keep empty)
211 213 COMPILER_PACKAGES=""
212 214
213 215 set +x
214 216
215 217 #Check if apt-cacher-ng has port 3142 open and set APT_PROXY
216 218 APT_CACHER_RUNNING=$(lsof -i :3142 | grep apt-cacher-ng | cut -d ' ' -f3 | uniq)
217 if [ -n ${APT_CACHER_RUNNING} ] ; then
219 if [ -n "${APT_CACHER_RUNNING}" ] ; then
218 220 APT_PROXY=http://127.0.0.1:3142/
219 221 fi
220 222
221 223 #netselect-apt does not know buster yet
222 224 if [ "$RELEASE" = "buster" ] ; then
223 225 RLS=testing
224 226 else
225 227 RLS="$RELEASE"
226 228 fi
227 229
228 230 if [ -f "$(pwd)/files/apt/sources.list" ] ; then
229 231 rm "$(pwd)/files/apt/sources.list"
230 232 fi
231 233
232 234 if [ "$ENABLE_NONFREE" = true ] ; then
233 235 netselect-apt --arch "$RELEASE_ARCH" --tests 10 --sources --nonfree --outfile "$(pwd)/files/apt/sources.list" -d "$RLS"
234 236 else
235 237 netselect-apt --arch "$RELEASE_ARCH" --tests 10 --sources --outfile "$(pwd)/files/apt/sources.list" -d "$RLS"
236 238 fi
237 239
238 240 #sed and cut the result string so we can use it as APT_SERVER
239 241 APT_SERVER=$(grep -m 1 http files/apt/sources.list | sed "s|http://| |g" | cut -d ' ' -f 3 | sed 's|/$|''|')
240 242
241 243 #make script easier and more stable to use with convenient setup switch. Just setup SET_ARCH and RPI_MODEL and your good to go!
242 244 if [ -n "$SET_ARCH" ] ; then
243 245 # 64 bit configuration
244 246 if [ "$SET_ARCH" = 64 ] ; then
245 247 # General 64 bit depended settings
246 248 QEMU_BINARY=${QEMU_BINARY:=/usr/bin/qemu-aarch64-static}
247 249 KERNEL_ARCH=${KERNEL_ARCH:=arm64}
248 250 KERNEL_BIN_IMAGE=${KERNEL_BIN_IMAGE:="Image"}
249 251
250 252 # Board specific settings
251 253 if [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then
252 254 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-arm64"
253 255 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcmrpi3_defconfig}
254 256 RELEASE_ARCH=${RELEASE_ARCH:=arm64}
255 257 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel8.img}
256 258 CROSS_COMPILE=${CROSS_COMPILE:=aarch64-linux-gnu-}
257 259 else
258 260 echo "error: Only Raspberry PI 3 and 3B+ support 64 bit"
259 261 exit 1
260 262 fi
261 263 fi
262 264
263 265 # 32 bit configuration
264 266 if [ "$SET_ARCH" = 32 ] ; then
265 267 # General 32 bit dependend settings
266 268 QEMU_BINARY=${QEMU_BINARY:=/usr/bin/qemu-arm-static}
267 269 KERNEL_ARCH=${KERNEL_ARCH:=arm}
268 270 KERNEL_BIN_IMAGE=${KERNEL_BIN_IMAGE:="zImage"}
269 271
270 272 # Hardware specific settings
271 273 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 1 ] || [ "$RPI_MODEL" = 1P ] ; then
272 274 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-armel"
273 275 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcmrpi_defconfig}
274 276 RELEASE_ARCH=${RELEASE_ARCH:=armel}
275 277 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel.img}
276 278 CROSS_COMPILE=${CROSS_COMPILE:=arm-linux-gnueabi-}
277 279 fi
278 280
279 281 # Hardware specific settings
280 282 if [ "$RPI_MODEL" = 2 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then
281 283 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-armhf"
282 284 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcm2709_defconfig}
283 285 RELEASE_ARCH=${RELEASE_ARCH:=armhf}
284 286 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel7.img}
285 287 CROSS_COMPILE=${CROSS_COMPILE:=arm-linux-gnueabihf-}
286 288 fi
287 289 fi
288 290 #SET_ARCH not set
289 291 else
290 292 echo "error: Please set '32' or '64' as value for SET_ARCH"
291 293 exit 1
292 294 fi
293 295 # Device specific configuration and U-Boot configuration
294 296 case "$RPI_MODEL" in
295 297 0)
296 298 DTB_FILE=${DTB_FILE:=bcm2708-rpi-0-w.dtb}
297 299 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_defconfig}
298 300 ;;
299 301 1)
300 302 DTB_FILE=${DTB_FILE:=bcm2708-rpi-b.dtb}
301 303 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_defconfig}
302 304 ;;
303 305 1P)
304 306 DTB_FILE=${DTB_FILE:=bcm2708-rpi-b-plus.dtb}
305 307 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_defconfig}
306 308 ;;
307 309 2)
308 310 DTB_FILE=${DTB_FILE:=bcm2709-rpi-2-b.dtb}
309 311 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_2_defconfig}
310 312 ;;
311 313 3)
312 314 DTB_FILE=${DTB_FILE:=bcm2710-rpi-3-b.dtb}
313 315 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_3_defconfig}
314 316 ;;
315 317 3P)
316 318 DTB_FILE=${DTB_FILE:=bcm2710-rpi-3-b.dtb}
317 319 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_3_defconfig}
318 320 ;;
319 321 *)
320 322 echo "error: Raspberry Pi model $RPI_MODEL is not supported!"
321 323 exit 1
322 324 ;;
323 325 esac
324 326
325 # Prepare date string for default image file name
326 DATE="$(date +%Y-%m-%d)"
327 if [ -z "$KERNEL_BRANCH" ] ; then
328 IMAGE_NAME=${IMAGE_NAME:=${BASEDIR}/${DATE}-${KERNEL_ARCH}-CURRENT-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}}
329 else
330 IMAGE_NAME=${IMAGE_NAME:=${BASEDIR}/${DATE}-${KERNEL_ARCH}-${KERNEL_BRANCH}-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}}
331 fi
332
327 # Raspberry PI 0,3,3P with Bluetooth and Wifi onboard
333 328 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then
334 329 # Include bluetooth packages on supported boards
335 330 if [ "$ENABLE_BLUETOOTH" = true ] && [ "$ENABLE_CONSOLE" = false ]; then
336 331 APT_INCLUDES="${APT_INCLUDES},bluetooth,bluez"
337 332 fi
338 # Check if console or bluetooth configuration is invalid on RPI 0,3,3P
339 if [ "$ENABLE_BLUETOOTH" = true ] && [ "$ENABLE_CONSOLE" = true ]; then
340 echo "error: ENABLE_BLUETOOTH and ENABLE_CONSOLE can't be active on the same time."
333 else # Raspberry PI 1,1P,2 without Wifi and bluetooth onboard
334 # Check if the internal wireless interface is not supported by the RPi model
335 if [ "$ENABLE_WIRELESS" = true ] || [ "$ENABLE_BLUETOOTH" = true ]; then
336 echo "error: The selected Raspberry Pi model has no integrated interface for wireless or bluetooth"
341 337 exit 1
342 fi
343 else # if [ "$RPI_MODEL" = 1 ] || [ "$RPI_MODEL" = 1P ] || [ "$RPI_MODEL" = 2 ] ; then
344 # Check if the internal wireless interface is not supported by the RPi model
345 if [ "$ENABLE_WIRELESS" = true ] ; then
346 echo "error: The selected Raspberry Pi model has no internal wireless interface"
347 exit 1
348 fi
338 fi
339 fi
340
341 # Prepare date string for default image file name
342 DATE="$(date +%Y-%m-%d)"
343 if [ -z "$KERNEL_BRANCH" ] ; then
344 IMAGE_NAME=${IMAGE_NAME:=${BASEDIR}/${DATE}-${KERNEL_ARCH}-CURRENT-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}}
345 else
346 IMAGE_NAME=${IMAGE_NAME:=${BASEDIR}/${DATE}-${KERNEL_ARCH}-${KERNEL_BRANCH}-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}}
349 347 fi
350 348
351 349 # Check if DISABLE_UNDERVOLT_WARNINGS parameter value is supported
352 350 if [ -n "$DISABLE_UNDERVOLT_WARNINGS" ] ; then
353 351 if [ "$DISABLE_UNDERVOLT_WARNINGS" != 1 ] && [ "$DISABLE_UNDERVOLT_WARNINGS" != 2 ] ; then
354 352 echo "error: DISABLE_UNDERVOLT_WARNINGS=${DISABLE_UNDERVOLT_WARNINGS} is not supported"
355 353 exit 1
356 354 fi
357 355 fi
358 356
359 357 # Add cmake to compile videocore sources
360 358 if [ "$ENABLE_VIDEOCORE" = true ] ; then
361 359 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} cmake"
362 360 fi
363 361
364 362 # Add libncurses5 to enable kernel menuconfig
365 363 if [ "$KERNEL_MENUCONFIG" = true ] ; then
366 364 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} libncurses-dev"
367 365 fi
368 366
369 367 # Add ccache compiler cache for (faster) kernel cross (re)compilation
370 368 if [ "$KERNEL_CCACHE" = true ] ; then
371 369 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} ccache"
372 370 fi
373 371
374 372 # Add cryptsetup package to enable filesystem encryption
375 373 if [ "$ENABLE_CRYPTFS" = true ] && [ "$BUILD_KERNEL" = true ] ; then
376 374 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} cryptsetup"
377 375 APT_INCLUDES="${APT_INCLUDES},cryptsetup,busybox,console-setup"
378 376
379 377 if [ -z "$CRYPTFS_PASSWORD" ] ; then
380 378 echo "error: no password defined (CRYPTFS_PASSWORD)!"
381 379 exit 1
382 380 fi
383 381 ENABLE_INITRAMFS=true
384 382 fi
385 383
386 384 # Add initramfs generation tools
387 385 if [ "$ENABLE_INITRAMFS" = true ] && [ "$BUILD_KERNEL" = true ] ; then
388 386 APT_INCLUDES="${APT_INCLUDES},initramfs-tools"
389 387 fi
390 388
391 389 # Add device-tree-compiler required for building the U-Boot bootloader
392 390 if [ "$ENABLE_UBOOT" = true ] ; then
393 391 APT_INCLUDES="${APT_INCLUDES},device-tree-compiler,bison,flex,bc"
394 392 else
395 393 if [ "$ENABLE_UBOOTUSB" = true ] ; then
396 394 echo "error: Enabling UBOOTUSB requires u-boot to be enabled"
397 395 exit 1
398 396 fi
399 397 fi
400 398
401 399 # Check if root SSH (v2) public key file exists
402 400 if [ -n "$SSH_ROOT_PUB_KEY" ] ; then
403 401 if [ ! -f "$SSH_ROOT_PUB_KEY" ] ; then
404 402 echo "error: '$SSH_ROOT_PUB_KEY' specified SSH public key file not found (SSH_ROOT_PUB_KEY)!"
405 403 exit 1
406 404 fi
407 405 fi
408 406
409 407 # Check if $USER_NAME SSH (v2) public key file exists
410 408 if [ -n "$SSH_USER_PUB_KEY" ] ; then
411 409 if [ ! -f "$SSH_USER_PUB_KEY" ] ; then
412 410 echo "error: '$SSH_USER_PUB_KEY' specified SSH public key file not found (SSH_USER_PUB_KEY)!"
413 411 exit 1
414 412 fi
415 413 fi
416 414
417 415 # Check if all required packages are installed on the build system
418 416 for package in $REQUIRED_PACKAGES ; do
419 417 if [ "$(dpkg-query -W -f='${Status}' "$package")" != "install ok installed" ] ; then
420 418 MISSING_PACKAGES="${MISSING_PACKAGES} $package"
421 419 fi
422 420 done
423 421
424 422 # If there are missing packages ask confirmation for install, or exit
425 423 if [ -n "$MISSING_PACKAGES" ] ; then
426 424 echo "the following packages needed by this script are not installed:"
427 425 echo "$MISSING_PACKAGES"
428 426
429 427 printf "\ndo you want to install the missing packages right now? [y/n] "
430 428 read -r confirm
431 429 [ "$confirm" != "y" ] && exit 1
432 430
433 431 # Make sure all missing required packages are installed
434 432 apt-get -qq -y install "${MISSING_PACKAGES}"
435 433 fi
436 434
437 435 # Check if ./bootstrap.d directory exists
438 436 if [ ! -d "./bootstrap.d/" ] ; then
439 437 echo "error: './bootstrap.d' required directory not found!"
440 438 exit 1
441 439 fi
442 440
443 441 # Check if ./files directory exists
444 442 if [ ! -d "./files/" ] ; then
445 443 echo "error: './files' required directory not found!"
446 444 exit 1
447 445 fi
448 446
449 447 # Check if specified KERNELSRC_DIR directory exists
450 448 if [ -n "$KERNELSRC_DIR" ] && [ ! -d "$KERNELSRC_DIR" ] ; then
451 449 echo "error: '${KERNELSRC_DIR}' specified directory not found (KERNELSRC_DIR)!"
452 450 exit 1
453 451 fi
454 452
455 453 # Check if specified UBOOTSRC_DIR directory exists
456 454 if [ -n "$UBOOTSRC_DIR" ] && [ ! -d "$UBOOTSRC_DIR" ] ; then
457 455 echo "error: '${UBOOTSRC_DIR}' specified directory not found (UBOOTSRC_DIR)!"
458 456 exit 1
459 457 fi
460 458
461 459 # Check if specified VIDEOCORESRC_DIR directory exists
462 460 if [ -n "$VIDEOCORESRC_DIR" ] && [ ! -d "$VIDEOCORESRC_DIR" ] ; then
463 461 echo "error: '${VIDEOCORESRC_DIR}' specified directory not found (VIDEOCORESRC_DIR)!"
464 462 exit 1
465 463 fi
466 464
467 465 # Check if specified FBTURBOSRC_DIR directory exists
468 466 if [ -n "$FBTURBOSRC_DIR" ] && [ ! -d "$FBTURBOSRC_DIR" ] ; then
469 467 echo "error: '${FBTURBOSRC_DIR}' specified directory not found (FBTURBOSRC_DIR)!"
470 468 exit 1
471 469 fi
472 470
473 471 # Check if specified CHROOT_SCRIPTS directory exists
474 472 if [ -n "$CHROOT_SCRIPTS" ] && [ ! -d "$CHROOT_SCRIPTS" ] ; then
475 473 echo "error: ${CHROOT_SCRIPTS} specified directory not found (CHROOT_SCRIPTS)!"
476 474 exit 1
477 475 fi
478 476
479 477 # Check if specified device mapping already exists (will be used by cryptsetup)
480 478 if [ -r "/dev/mapping/${CRYPTFS_MAPPING}" ] ; then
481 479 echo "error: mapping /dev/mapping/${CRYPTFS_MAPPING} already exists, not proceeding"
482 480 exit 1
483 481 fi
484 482
485 483 # Don't clobber an old build
486 484 if [ -e "$BUILDDIR" ] ; then
487 485 echo "error: directory ${BUILDDIR} already exists, not proceeding"
488 486 exit 1
489 487 fi
490 488
491 489 # Setup chroot directory
492 490 mkdir -p "${R}"
493 491
494 492 # Check if build directory has enough of free disk space >512MB
495 493 if [ "$(df --output=avail "${BUILDDIR}" | sed "1d")" -le "524288" ] ; then
496 494 echo "error: ${BUILDDIR} not enough space left to generate the output image!"
497 495 exit 1
498 496 fi
499 497
500 498 set -x
501 499
502 500 # Call "cleanup" function on various signals and errors
503 501 trap cleanup 0 1 2 3 6
504 502
505 503 # Add required packages for the minbase installation
506 504 if [ "$ENABLE_MINBASE" = true ] ; then
507 505 APT_INCLUDES="${APT_INCLUDES},vim-tiny,netbase,net-tools,ifupdown"
508 506 fi
509 507
510 508 # Add parted package, required to get partprobe utility
511 509 if [ "$EXPANDROOT" = true ] ; then
512 510 APT_INCLUDES="${APT_INCLUDES},parted"
513 511 fi
514 512
515 513 # Add dbus package, recommended if using systemd
516 514 if [ "$ENABLE_DBUS" = true ] ; then
517 515 APT_INCLUDES="${APT_INCLUDES},dbus"
518 516 fi
519 517
520 518 # Add iptables IPv4/IPv6 package
521 519 if [ "$ENABLE_IPTABLES" = true ] ; then
522 520 APT_INCLUDES="${APT_INCLUDES},iptables,iptables-persistent"
523 521 fi
524 522
525 523 # Add openssh server package
526 524 if [ "$ENABLE_SSHD" = true ] ; then
527 525 APT_INCLUDES="${APT_INCLUDES},openssh-server"
528 526 fi
529 527
530 528 # Add alsa-utils package
531 529 if [ "$ENABLE_SOUND" = true ] ; then
532 530 APT_INCLUDES="${APT_INCLUDES},alsa-utils"
533 531 fi
534 532
535 533 # Add rng-tools package
536 534 if [ "$ENABLE_HWRANDOM" = true ] ; then
537 535 APT_INCLUDES="${APT_INCLUDES},rng-tools"
538 536 fi
539 537
540 538 # Add fbturbo video driver
541 539 if [ "$ENABLE_FBTURBO" = true ] ; then
542 540 # Enable xorg package dependencies
543 541 ENABLE_XORG=true
544 542 fi
545 543
546 544 # Add user defined window manager package
547 545 if [ -n "$ENABLE_WM" ] ; then
548 546 APT_INCLUDES="${APT_INCLUDES},${ENABLE_WM}"
549 547
550 548 # Enable xorg package dependencies
551 549 ENABLE_XORG=true
552 550 fi
553 551
554 552 # Add xorg package
555 553 if [ "$ENABLE_XORG" = true ] ; then
556 554 APT_INCLUDES="${APT_INCLUDES},xorg,dbus-x11"
557 555 fi
558 556
559 557 # Replace selected packages with smaller clones
560 558 if [ "$ENABLE_REDUCE" = true ] ; then
561 559 # Add levee package instead of vim-tiny
562 560 if [ "$REDUCE_VIM" = true ] ; then
563 561 APT_INCLUDES="$(echo ${APT_INCLUDES} | sed "s/vim-tiny/levee/")"
564 562 fi
565 563
566 564 # Add dropbear package instead of openssh-server
567 565 if [ "$REDUCE_SSHD" = true ] ; then
568 566 APT_INCLUDES="$(echo "${APT_INCLUDES}" | sed "s/openssh-server/dropbear/")"
569 567 fi
570 568 fi
571 569
572 570 # Configure systemd-sysv exclude to make halt/reboot/shutdown scripts available
573 571 if [ "$ENABLE_SYSVINIT" = false ] ; then
574 572 APT_EXCLUDES="--exclude=${APT_EXCLUDES},init,systemd-sysv"
575 573 fi
576 574
577 575 # Configure kernel sources if no KERNELSRC_DIR
578 576 if [ "$BUILD_KERNEL" = true ] && [ -z "$KERNELSRC_DIR" ] ; then
579 577 KERNELSRC_CONFIG=true
580 578 fi
581 579
582 580 # Configure reduced kernel
583 581 if [ "$KERNEL_REDUCE" = true ] ; then
584 582 KERNELSRC_CONFIG=false
585 583 fi
586 584
587 585 # Configure qemu compatible kernel
588 586 if [ "$ENABLE_QEMU" = true ] ; then
589 587 DTB_FILE=vexpress-v2p-ca15_a7.dtb
590 588 UBOOT_CONFIG=vexpress_ca15_tc2_defconfig
591 589 KERNEL_DEFCONFIG="vexpress_defconfig"
592 590 if [ "$KERNEL_MENUCONFIG" = false ] ; then
593 591 KERNEL_OLDDEFCONFIG=true
594 592 fi
595 593 fi
596 594
597 595 # Execute bootstrap scripts
598 596 for SCRIPT in bootstrap.d/*.sh; do
599 597 head -n 3 "$SCRIPT"
600 598 . "$SCRIPT"
601 599 done
602 600
603 601 ## Execute custom bootstrap scripts
604 602 if [ -d "custom.d" ] ; then
605 603 for SCRIPT in custom.d/*.sh; do
606 604 . "$SCRIPT"
607 605 done
608 606 fi
609 607
610 608 # Execute custom scripts inside the chroot
611 609 if [ -n "$CHROOT_SCRIPTS" ] && [ -d "$CHROOT_SCRIPTS" ] ; then
612 610 cp -r "${CHROOT_SCRIPTS}" "${R}/chroot_scripts"
613 611 chroot_exec /bin/bash -x <<'EOF'
614 612 for SCRIPT in /chroot_scripts/* ; do
615 613 if [ -f $SCRIPT -a -x $SCRIPT ] ; then
616 614 $SCRIPT
617 615 fi
618 616 done
619 617 EOF
620 618 rm -rf "${R}/chroot_scripts"
621 619 fi
622 620
623 621 # Remove c/c++ build environment from the chroot
624 622 chroot_remove_cc
625 623
626 624 # Generate required machine-id
627 625 MACHINE_ID=$(dbus-uuidgen)
628 626 echo -n "${MACHINE_ID}" > "${R}/var/lib/dbus/machine-id"
629 627 echo -n "${MACHINE_ID}" > "${ETC_DIR}/machine-id"
630 628
631 629 # APT Cleanup
632 630 chroot_exec apt-get -y clean
633 631 chroot_exec apt-get -y autoclean
634 632 chroot_exec apt-get -y autoremove
635 633
636 634 # Unmount mounted filesystems
637 635 umount -l "${R}/proc"
638 636 umount -l "${R}/sys"
639 637
640 638 # Clean up directories
641 639 rm -rf "${R}/run/*"
642 640 rm -rf "${R}/tmp/*"
643 641
644 642 # Clean up files
645 643 rm -f "${ETC_DIR}/ssh/ssh_host_*"
646 644 rm -f "${ETC_DIR}/dropbear/dropbear_*"
647 645 rm -f "${ETC_DIR}/apt/sources.list.save"
648 646 rm -f "${ETC_DIR}/resolvconf/resolv.conf.d/original"
649 647 rm -f "${ETC_DIR}/*-"
650 648 rm -f "${ETC_DIR}/apt/apt.conf.d/10proxy"
651 649 rm -f "${ETC_DIR}/resolv.conf"
652 650 rm -f "${R}/root/.bash_history"
653 651 rm -f "${R}/var/lib/urandom/random-seed"
654 652 rm -f "${R}/initrd.img"
655 653 rm -f "${R}/vmlinuz"
656 654 rm -f "${R}${QEMU_BINARY}"
657 655
658 656 if [ "$ENABLE_QEMU" = true ] ; then
659 657 # Setup QEMU directory
660 658 mkdir "${BASEDIR}/qemu"
661 659
662 660 # Copy kernel image to QEMU directory
663 661 install_readonly "${BOOT_DIR}/${KERNEL_IMAGE}" "${BASEDIR}/qemu/${KERNEL_IMAGE}"
664 662
665 663 # Copy kernel config to QEMU directory
666 664 install_readonly "${R}/boot/config-${KERNEL_VERSION}" "${BASEDIR}/qemu/config-${KERNEL_VERSION}"
667 665
668 666 # Copy kernel dtbs to QEMU directory
669 667 for dtb in "${BOOT_DIR}/"*.dtb ; do
670 668 if [ -f "${dtb}" ] ; then
671 669 install_readonly "${dtb}" "${BASEDIR}/qemu/"
672 670 fi
673 671 done
674 672
675 673 # Copy kernel overlays to QEMU directory
676 674 if [ -d "${BOOT_DIR}/overlays" ] ; then
677 675 # Setup overlays dtbs directory
678 676 mkdir "${BASEDIR}/qemu/overlays"
679 677
680 678 for dtb in "${BOOT_DIR}/overlays/"*.dtb ; do
681 679 if [ -f "${dtb}" ] ; then
682 680 install_readonly "${dtb}" "${BASEDIR}/qemu/overlays/"
683 681 fi
684 682 done
685 683 fi
686 684
687 685 # Copy u-boot files to QEMU directory
688 686 if [ "$ENABLE_UBOOT" = true ] ; then
689 687 if [ -f "${BOOT_DIR}/u-boot.bin" ] ; then
690 688 install_readonly "${BOOT_DIR}/u-boot.bin" "${BASEDIR}/qemu/u-boot.bin"
691 689 fi
692 690 if [ -f "${BOOT_DIR}/uboot.mkimage" ] ; then
693 691 install_readonly "${BOOT_DIR}/uboot.mkimage" "${BASEDIR}/qemu/uboot.mkimage"
694 692 fi
695 693 if [ -f "${BOOT_DIR}/boot.scr" ] ; then
696 694 install_readonly "${BOOT_DIR}/boot.scr" "${BASEDIR}/qemu/boot.scr"
697 695 fi
698 696 fi
699 697
700 698 # Copy initramfs to QEMU directory
701 699 if [ -f "${BOOT_DIR}/initramfs-${KERNEL_VERSION}" ] ; then
702 700 install_readonly "${BOOT_DIR}/initramfs-${KERNEL_VERSION}" "${BASEDIR}/qemu/initramfs-${KERNEL_VERSION}"
703 701 fi
704 702 fi
705 703
706 704 # Calculate size of the chroot directory in KB
707 705 CHROOT_SIZE=$(expr "$(du -s "${R}" | awk '{ print $1 }')")
708 706
709 707 # Calculate the amount of needed 512 Byte sectors
710 708 TABLE_SECTORS=$(expr 1 \* 1024 \* 1024 \/ 512)
711 709 FRMW_SECTORS=$(expr 64 \* 1024 \* 1024 \/ 512)
712 710 ROOT_OFFSET=$(expr "${TABLE_SECTORS}" + "${FRMW_SECTORS}")
713 711
714 712 # The root partition is EXT4
715 713 # This means more space than the actual used space of the chroot is used.
716 714 # As overhead for journaling and reserved blocks 35% are added.
717 715 ROOT_SECTORS=$(expr "$(expr "${CHROOT_SIZE}" + "${CHROOT_SIZE}" \/ 100 \* 35)" \* 1024 \/ 512)
718 716
719 717 # Calculate required image size in 512 Byte sectors
720 718 IMAGE_SECTORS=$(expr "${TABLE_SECTORS}" + "${FRMW_SECTORS}" + "${ROOT_SECTORS}")
721 719
722 720 # Prepare image file
723 721 if [ "$ENABLE_SPLITFS" = true ] ; then
724 722 dd if=/dev/zero of="$IMAGE_NAME-frmw.img" bs=512 count="${TABLE_SECTORS}"
725 723 dd if=/dev/zero of="$IMAGE_NAME-frmw.img" bs=512 count=0 seek="${FRMW_SECTORS}"
726 724 dd if=/dev/zero of="$IMAGE_NAME-root.img" bs=512 count="${TABLE_SECTORS}"
727 725 dd if=/dev/zero of="$IMAGE_NAME-root.img" bs=512 count=0 seek="${ROOT_SECTORS}"
728 726
729 727 # Write firmware/boot partition tables
730 728 sfdisk -q -L -uS -f "$IMAGE_NAME-frmw.img" 2> /dev/null <<EOM
731 729 ${TABLE_SECTORS},${FRMW_SECTORS},c,*
732 730 EOM
733 731
734 732 # Write root partition table
735 733 sfdisk -q -L -uS -f "$IMAGE_NAME-root.img" 2> /dev/null <<EOM
736 734 ${TABLE_SECTORS},${ROOT_SECTORS},83
737 735 EOM
738 736
739 737 # Setup temporary loop devices
740 738 FRMW_LOOP="$(losetup -o 1M --sizelimit 64M -f --show "$IMAGE_NAME"-frmw.img)"
741 739 ROOT_LOOP="$(losetup -o 1M -f --show "$IMAGE_NAME"-root.img)"
742 740 else # ENABLE_SPLITFS=false
743 741 dd if=/dev/zero of="$IMAGE_NAME.img" bs=512 count="${TABLE_SECTORS}"
744 742 dd if=/dev/zero of="$IMAGE_NAME.img" bs=512 count=0 seek="${IMAGE_SECTORS}"
745 743
746 744 # Write partition table
747 745 sfdisk -q -L -uS -f "$IMAGE_NAME.img" 2> /dev/null <<EOM
748 746 ${TABLE_SECTORS},${FRMW_SECTORS},c,*
749 747 ${ROOT_OFFSET},${ROOT_SECTORS},83
750 748 EOM
751 749
752 750 # Setup temporary loop devices
753 751 FRMW_LOOP="$(losetup -o 1M --sizelimit 64M -f --show "$IMAGE_NAME".img)"
754 752 ROOT_LOOP="$(losetup -o 65M -f --show "$IMAGE_NAME".img)"
755 753 fi
756 754
757 755 if [ "$ENABLE_CRYPTFS" = true ] ; then
758 756 # Create dummy ext4 fs
759 757 mkfs.ext4 "$ROOT_LOOP"
760 758
761 759 # Setup password keyfile
762 760 touch .password
763 761 chmod 600 .password
764 762 echo -n ${CRYPTFS_PASSWORD} > .password
765 763
766 764 # Initialize encrypted partition
767 765 echo "YES" | cryptsetup luksFormat "${ROOT_LOOP}" -c "${CRYPTFS_CIPHER}" -s "${CRYPTFS_XTSKEYSIZE}" .password
768 766
769 767 # Open encrypted partition and setup mapping
770 768 cryptsetup luksOpen "${ROOT_LOOP}" -d .password "${CRYPTFS_MAPPING}"
771 769
772 770 # Secure delete password keyfile
773 771 shred -zu .password
774 772
775 773 # Update temporary loop device
776 774 ROOT_LOOP="/dev/mapper/${CRYPTFS_MAPPING}"
777 775
778 776 # Wipe encrypted partition (encryption cipher is used for randomness)
779 777 dd if=/dev/zero of="${ROOT_LOOP}" bs=512 count="$(blockdev --getsz "${ROOT_LOOP}")"
780 778 fi
781 779
782 780 # Build filesystems
783 781 mkfs.vfat "$FRMW_LOOP"
784 782 mkfs.ext4 "$ROOT_LOOP"
785 783
786 784 # Mount the temporary loop devices
787 785 mkdir -p "$BUILDDIR/mount"
788 786 mount "$ROOT_LOOP" "$BUILDDIR/mount"
789 787
790 788 mkdir -p "$BUILDDIR/mount/boot/firmware"
791 789 mount "$FRMW_LOOP" "$BUILDDIR/mount/boot/firmware"
792 790
793 791 # Copy all files from the chroot to the loop device mount point directory
794 792 rsync -a "${R}/" "$BUILDDIR/mount/"
795 793
796 794 # Unmount all temporary loop devices and mount points
797 795 cleanup
798 796
799 797 # Create block map file(s) of image(s)
800 798 if [ "$ENABLE_SPLITFS" = true ] ; then
801 799 # Create block map files for "bmaptool"
802 800 bmaptool create -o "$IMAGE_NAME-frmw.bmap" "$IMAGE_NAME-frmw.img"
803 801 bmaptool create -o "$IMAGE_NAME-root.bmap" "$IMAGE_NAME-root.img"
804 802
805 803 # Image was successfully created
806 804 echo "$IMAGE_NAME-frmw.img ($(expr \( "${TABLE_SECTORS}" + "${FRMW_SECTORS}" \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
807 805 echo "$IMAGE_NAME-root.img ($(expr \( "${TABLE_SECTORS}" + "${ROOT_SECTORS}" \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
808 806 else
809 807 # Create block map file for "bmaptool"
810 808 bmaptool create -o "$IMAGE_NAME.bmap" "$IMAGE_NAME.img"
811 809
812 810 # Image was successfully created
813 811 echo "$IMAGE_NAME.img ($(expr \( "${TABLE_SECTORS}" + "${FRMW_SECTORS}" + "${ROOT_SECTORS}" \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
814 812
815 813 # Create qemu qcow2 image
816 814 if [ "$ENABLE_QEMU" = true ] ; then
817 815 QEMU_IMAGE=${QEMU_IMAGE:=${BASEDIR}/qemu/${DATE}-${KERNEL_ARCH}-CURRENT-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}}
818 816 QEMU_SIZE=16G
819 817
820 818 qemu-img convert -f raw -O qcow2 "$IMAGE_NAME".img "$QEMU_IMAGE".qcow2
821 819 qemu-img resize "$QEMU_IMAGE".qcow2 $QEMU_SIZE
822 820
823 821 echo "$QEMU_IMAGE.qcow2 ($QEMU_SIZE)" ": successfully created"
824 822 fi
825 823 fi
General Comments 0
Vous devez vous connecter pour laisser un commentaire. Se connecter maintenant