##// END OF EJS Templates
Raspi2-3_GenImage
RSS

Cloner depuis https://github.com/drtyhlpr/rpi23-gen-image.git

add fixes pulled to dirty-master...
Unknown -
r341:c71b9798972e
parent child
Show More
Show file before | Show file after | Hide comments
@@ -1,48 +1,41
1 #!/bin/bash
2 1 #
3 2 # Debootstrap basic system
4 3 #
5 4
6 5 # Load utility functions
7 6 . ./functions.sh
8 7
9 8 VARIANT=""
10 9 COMPONENTS="main"
11 EXCLUDES=""
12 10
13 11 # Use non-free Debian packages if needed
14 12 if [ "$ENABLE_NONFREE" = true ] ; then
15 13 COMPONENTS="main,non-free,contrib"
16 14 fi
17 15
18 16 # Use minbase bootstrap variant which only includes essential packages
19 17 if [ "$ENABLE_MINBASE" = true ] ; then
20 18 VARIANT="--variant=minbase"
21 19 fi
22 20
23 # Exclude packages if required by Debian release
24 if [ "$RELEASE" = "stretch" ] || [ "$RELEASE" = "buster" ] ; then
25 EXCLUDES="--exclude=init,systemd-sysv"
26 fi
27
28 21 # Base debootstrap (unpack only)
29 http_proxy=${APT_PROXY} debootstrap ${EXCLUDES} --arch="${RELEASE_ARCH}" --foreign ${VARIANT} --components="${COMPONENTS}" --include="${APT_INCLUDES}" "${RELEASE}" "${R}" "http://${APT_SERVER}"
22 http_proxy=${APT_PROXY} debootstrap "${APT_EXCLUDES}" --arch="${RELEASE_ARCH}" --foreign ${VARIANT} --components="${COMPONENTS}" --include="${APT_INCLUDES}" "${RELEASE}" "${R}" "http://${APT_SERVER}"
30 23
31 24 # Copy qemu emulator binary to chroot
32 25 install -m 755 -o root -g root "${QEMU_BINARY}" "${R}${QEMU_BINARY}"
33 26
34 27 # Copy debian-archive-keyring.pgp
35 28 mkdir -p "${R}/usr/share/keyrings"
36 29 install_readonly /usr/share/keyrings/debian-archive-keyring.gpg "${R}/usr/share/keyrings/debian-archive-keyring.gpg"
37 30
38 31 # Complete the bootstrapping process
39 32 chroot_exec /debootstrap/debootstrap --second-stage
40 33
41 34 # Mount required filesystems
42 35 mount -t proc none "${R}/proc"
43 36 mount -t sysfs none "${R}/sys"
44 37
45 38 # Mount pseudo terminal slave if supported by Debian release
46 39 if [ -d "${R}/dev/pts" ] ; then
47 40 mount --bind /dev/pts "${R}/dev/pts"
48 41 fi
Show file before | Show file after | Hide comments
@@ -1,45 +1,39
1 #!/bin/bash
2 1 #
3 2 # Setup APT repositories
4 3 #
5 4
6 5 # Load utility functions
7 6 . ./functions.sh
8 7
9 8 # Install and setup APT proxy configuration
10 9 if [ -z "$APT_PROXY" ] ; then
11 10 install_readonly files/apt/10proxy "${ETC_DIR}/apt/apt.conf.d/10proxy"
12 11 sed -i "s/\"\"/\"${APT_PROXY}\"/" "${ETC_DIR}/apt/apt.conf.d/10proxy"
13 12 fi
14 13
15 14 if [ "$BUILD_KERNEL" = false ] ; then
16 15 echo "Downloading precompiled kernel"
17 16 echo "error: not configured"
18 17 exit 1;
19 18 # BUILD_KERNEL=true
20 19 else
21 20 echo "No precompiled kernel repositories were added"
22 21 fi
23 22
24 #ipinfo=$(curl ipinfo.io | grep country )
25 #grep -o '\"[^"]*\"' $ipinfo | tr -d '"'
26 #grep -Po '"country":.*?[^\\]",' $(curl ipinfo.io | grep country )
27 #sed -i "s,http:,https:,g" "${ETC_DIR}/apt/sources.list"
28
29 23 # Upgrade package index and update all installed packages and changed dependencies
30 24 chroot_exec apt-get -qq -y update
31 25 chroot_exec apt-get -qq -y -u dist-upgrade
32 26
33 27 if [ "$APT_INCLUDES_LATE" ] ; then
34 28 chroot_exec apt-get -qq -y install "$(echo "$APT_INCLUDES_LATE" |tr , ' ')"
35 29 fi
36 30
37 31 if [ -d packages ] ; then
38 32 for package in packages/*.deb ; do
39 33 cp "$package" "${R}"/tmp
40 34 chroot_exec dpkg --unpack /tmp/"$(basename "$package")"
41 35 done
42 36 fi
43 37 chroot_exec apt-get -qq -y -f install
44 38
45 39 chroot_exec apt-get -qq -y check
Show file before | Show file after | Hide comments
@@ -1,60 +1,58
1 #!/bin/bash
2 1 #
3 2 # Setup Locales and keyboard settings
4 3 #
5 4
6 5 # Load utility functions
7 6 . ./functions.sh
8 7
9 8 # Install and setup timezone
10 9 echo "${TIMEZONE}" > "${ETC_DIR}/timezone"
11 10 chroot_exec dpkg-reconfigure -f noninteractive tzdata
12 11
13 12 # Install and setup default locale and keyboard configuration
14
15 13 if [ "$(echo "$APT_INCLUDES" | grep ",locales")" ] ; then
16 14 # Set locale choice in debconf db, even though dpkg-reconfigure ignores and overwrites them due to some bug
17 15 # https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=684134 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=685957
18 16 # ... so we have to set locales manually
19 17 if [ "$DEFLOCAL" = "en_US.UTF-8" ] ; then
20 18 chroot_exec echo "locales locales/locales_to_be_generated multiselect ${DEFLOCAL} UTF-8" | debconf-set-selections
21 19 else
22 20 # en_US.UTF-8 should be available anyway : https://www.debian.org/doc/manuals/debian-reference/ch08.en.html#_the_reconfiguration_of_the_locale
23 21 chroot_exec echo "locales locales/locales_to_be_generated multiselect en_US.UTF-8 UTF-8, ${DEFLOCAL} UTF-8" | debconf-set-selections
24 22 sed -i "/en_US.UTF-8/s/^#//" "${ETC_DIR}/locale.gen"
25 23 fi
26 24
27 25 sed -i "/${DEFLOCAL}/s/^#//" "${ETC_DIR}/locale.gen"
28 26 chroot_exec echo "locales locales/default_environment_locale select ${DEFLOCAL}" | debconf-set-selections
29 27 chroot_exec locale-gen
30 28 chroot_exec update-locale LANG="${DEFLOCAL}"
31 29
32 30 # Install and setup default keyboard configuration
33 31 if [ "$XKB_MODEL" != "pc105" ] ; then
34 32 sed -i "s/^XKBMODEL.*/XKBMODEL=\"${XKB_MODEL}\"/" "${ETC_DIR}/default/keyboard"
35 33 fi
36 34 if [ "$XKB_LAYOUT" != "us" ] ; then
37 35 sed -i "s/^XKBLAYOUT.*/XKBLAYOUT=\"${XKB_LAYOUT}\"/" "${ETC_DIR}/default/keyboard"
38 36 fi
39 37 if [ "$XKB_VARIANT" != "" ] ; then
40 38 sed -i "s/^XKBVARIANT.*/XKBVARIANT=\"${XKB_VARIANT}\"/" "${ETC_DIR}/default/keyboard"
41 39 fi
42 40 if [ "$XKB_OPTIONS" != "" ] ; then
43 41 sed -i "s/^XKBOPTIONS.*/XKBOPTIONS=\"${XKB_OPTIONS}\"/" "${ETC_DIR}/default/keyboard"
44 42 fi
45 43 chroot_exec dpkg-reconfigure -f noninteractive keyboard-configuration
46 44
47 45 # Install and setup font console
48 46 case "${DEFLOCAL}" in
49 47 *UTF-8)
50 48 sed -i 's/^CHARMAP.*/CHARMAP="UTF-8"/' "${ETC_DIR}/default/console-setup"
51 49 ;;
52 50 *)
53 51 sed -i 's/^CHARMAP.*/CHARMAP="guess"/' "${ETC_DIR}/default/console-setup"
54 52 ;;
55 53 esac
56 54 chroot_exec dpkg-reconfigure -f noninteractive console-setup
57 55 else # (no locales were installed)
58 56 # Install POSIX default locale
59 57 install_readonly files/locales/locale "${ETC_DIR}/default/locale"
60 58 fi
Show file before | Show file after | Hide comments
@@ -1,265 +1,265
1 #!/bin/bash
2 1 #
3 2 # Build and Setup RPi2/3 Kernel
4 3 #
5 4
6 5 # Load utility functions
7 6 . ./functions.sh
8 7
9 8 # Fetch and build latest raspberry kernel
10 9 if [ "$BUILD_KERNEL" = true ] ; then
11 10 # Setup source directory
12 11 mkdir -p "${R}/usr/src/linux"
13 12
14 13 # Copy existing kernel sources into chroot directory
15 14 if [ -n "$KERNELSRC_DIR" ] && [ -d "$KERNELSRC_DIR" ] ; then
16 15 # Copy kernel sources and include hidden files
17 16 cp -r "${KERNELSRC_DIR}/". "${R}/usr/src/linux"
18 17
19 18 # Clean the kernel sources
20 19 if [ "$KERNELSRC_CLEAN" = true ] && [ "$KERNELSRC_PREBUILT" = false ] ; then
21 20 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" mrproper
22 21 fi
23 22 else # KERNELSRC_DIR=""
24 23 # Create temporary directory for kernel sources
25 24 temp_dir=$(as_nobody mktemp -d)
26 25
27 26 # Fetch current RPi2/3 kernel sources
28 27 if [ -z "${KERNEL_BRANCH}" ] ; then
29 28 as_nobody -H git -C "${temp_dir}" clone --depth=1 "${KERNEL_URL}" linux
30 29 else
31 30 as_nobody -H git -C "${temp_dir}" clone --depth=1 --branch "${KERNEL_BRANCH}" "${KERNEL_URL}" linux
32 31 fi
33 32
34 33 # Copy downloaded kernel sources
35 34 cp -r "${temp_dir}/linux/"* "${R}/usr/src/linux/"
36 35
37 36 # Remove temporary directory for kernel sources
38 37 rm -fr "${temp_dir}"
39 38
40 39 # Set permissions of the kernel sources
41 40 chown -R root:root "${R}/usr/src"
42 41 fi
43 42
44 43 # Calculate optimal number of kernel building threads
45 44 if [ "$KERNEL_THREADS" = "1" ] && [ -r /proc/cpuinfo ] ; then
46 45 KERNEL_THREADS=$(grep -c processor /proc/cpuinfo)
47 46 fi
48 47
49 48 # Configure and build kernel
50 49 if [ "$KERNELSRC_PREBUILT" = false ] ; then
51 50 # Remove device, network and filesystem drivers from kernel configuration
52 51 if [ "$KERNEL_REDUCE" = true ] ; then
53 52 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" "${KERNEL_DEFCONFIG}"
54 53 sed -i\
55 54 -e "s/\(^CONFIG_SND.*\=\).*/\1n/"\
56 55 -e "s/\(^CONFIG_SOUND.*\=\).*/\1n/"\
57 56 -e "s/\(^CONFIG_AC97.*\=\).*/\1n/"\
58 57 -e "s/\(^CONFIG_VIDEO_.*\=\).*/\1n/"\
59 58 -e "s/\(^CONFIG_MEDIA_TUNER.*\=\).*/\1n/"\
60 59 -e "s/\(^CONFIG_DVB.*\=\)[ym]/\1n/"\
61 60 -e "s/\(^CONFIG_REISERFS.*\=\).*/\1n/"\
62 61 -e "s/\(^CONFIG_JFS.*\=\).*/\1n/"\
63 62 -e "s/\(^CONFIG_XFS.*\=\).*/\1n/"\
64 63 -e "s/\(^CONFIG_GFS2.*\=\).*/\1n/"\
65 64 -e "s/\(^CONFIG_OCFS2.*\=\).*/\1n/"\
66 65 -e "s/\(^CONFIG_BTRFS.*\=\).*/\1n/"\
67 66 -e "s/\(^CONFIG_HFS.*\=\).*/\1n/"\
68 67 -e "s/\(^CONFIG_JFFS2.*\=\)[ym]/\1n/"\
69 68 -e "s/\(^CONFIG_UBIFS.*\=\).*/\1n/"\
70 69 -e "s/\(^CONFIG_SQUASHFS.*\=\)[ym]/\1n/"\
71 70 -e "s/\(^CONFIG_W1.*\=\)[ym]/\1n/"\
72 71 -e "s/\(^CONFIG_HAMRADIO.*\=\).*/\1n/"\
73 72 -e "s/\(^CONFIG_CAN.*\=\).*/\1n/"\
74 73 -e "s/\(^CONFIG_IRDA.*\=\).*/\1n/"\
75 74 -e "s/\(^CONFIG_BT_.*\=\).*/\1n/"\
76 75 -e "s/\(^CONFIG_WIMAX.*\=\)[ym]/\1n/"\
77 76 -e "s/\(^CONFIG_6LOWPAN.*\=\).*/\1n/"\
78 77 -e "s/\(^CONFIG_IEEE802154.*\=\).*/\1n/"\
79 78 -e "s/\(^CONFIG_NFC.*\=\).*/\1n/"\
80 79 -e "s/\(^CONFIG_FB_TFT=.*\=\).*/\1n/"\
81 80 -e "s/\(^CONFIG_TOUCHSCREEN.*\=\).*/\1n/"\
82 81 -e "s/\(^CONFIG_USB_GSPCA_.*\=\).*/\1n/"\
83 82 -e "s/\(^CONFIG_DRM.*\=\).*/\1n/"\
84 83 "${KERNEL_DIR}/.config"
85 84 fi
86 85
87 86 if [ "$KERNELSRC_CONFIG" = true ] ; then
88 87 # Load default raspberry kernel configuration
89 88 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" "${KERNEL_DEFCONFIG}"
90 89
91 90 # Set kernel configuration parameters to enable qemu emulation
92 91 if [ "$ENABLE_QEMU" = true ] ; then
93 92 echo "CONFIG_FHANDLE=y" >> "${KERNEL_DIR}"/.config
94 93 echo "CONFIG_LBDAF=y" >> "${KERNEL_DIR}"/.config
95 94
96 95 if [ "$ENABLE_CRYPTFS" = true ] ; then
97 96 {
98 97 echo "CONFIG_EMBEDDED=y"
99 98 echo "CONFIG_EXPERT=y"
100 99 echo "CONFIG_DAX=y"
101 100 echo "CONFIG_MD=y"
102 101 echo "CONFIG_BLK_DEV_MD=y"
103 102 echo "CONFIG_MD_AUTODETECT=y"
104 103 echo "CONFIG_BLK_DEV_DM=y"
105 104 echo "CONFIG_BLK_DEV_DM_BUILTIN=y"
106 105 echo "CONFIG_DM_CRYPT=y"
107 106 echo "CONFIG_CRYPTO_BLKCIPHER=y"
108 107 echo "CONFIG_CRYPTO_CBC=y"
109 108 echo "CONFIG_CRYPTO_XTS=y"
110 109 echo "CONFIG_CRYPTO_SHA512=y"
111 110 echo "CONFIG_CRYPTO_MANAGER=y"
112 } >> "${KERNEL_DIR}"/.config
111 } >> ${KERNEL_DIR}/.config
113 112 fi
114 113 fi
115 114
116 115 # Copy custom kernel configuration file
117 116 if [ -n "$KERNELSRC_USRCONFIG" ] ; then
118 117 cp "$KERNELSRC_USRCONFIG" "${KERNEL_DIR}"/.config
119 118 fi
120 119
121 120 # Set kernel configuration parameters to their default values
122 121 if [ "$KERNEL_OLDDEFCONFIG" = true ] ; then
123 122 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" olddefconfig
124 123 fi
125 124
126 125 # Start menu-driven kernel configuration (interactive)
127 126 if [ "$KERNEL_MENUCONFIG" = true ] ; then
128 127 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" menuconfig
129 128 fi
130 129 fi
131 130
132 131 # Use ccache to cross compile the kernel
133 132 if [ "$KERNEL_CCACHE" = true ] ; then
134 133 cc="ccache ${CROSS_COMPILE}gcc"
135 134 else
136 135 cc="${CROSS_COMPILE}gcc"
137 136 fi
138 137
139 138 # Cross compile kernel and dtbs
140 139 make -C "${KERNEL_DIR}" -j"${KERNEL_THREADS}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" CC="${cc}" "${KERNEL_BIN_IMAGE}" dtbs
141 140
142 141 # Cross compile kernel modules
143 142 if [ "$(grep "CONFIG_MODULES=y" "${KERNEL_DIR}/.config")" ] ; then
144 143 make -C "${KERNEL_DIR}" -j"${KERNEL_THREADS}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" CC="${cc}" modules
145 144 fi
146 145 fi
147 146
148 147 # Check if kernel compilation was successful
149 148 if [ ! -r "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/${KERNEL_BIN_IMAGE}" ] ; then
150 149 echo "error: kernel compilation failed! (kernel image not found)"
151 150 cleanup
152 151 exit 1
153 152 fi
154 153
155 154 # Install kernel modules
156 155 if [ "$ENABLE_REDUCE" = true ] ; then
157 156 if [ "$(grep "CONFIG_MODULES=y" "${KERNEL_DIR}/.config")" ] ; then
158 157 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_MOD_STRIP=1 INSTALL_MOD_PATH=../../.. modules_install
159 158 fi
160 159 else
161 160 if [ "$(grep "CONFIG_MODULES=y" "${KERNEL_DIR}/.config")" ] ; then
162 161 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_MOD_PATH=../../.. modules_install
163 162 fi
164 163
165 164 # Install kernel firmware
166 165 if [ "$(grep "^firmware_install:" "${KERNEL_DIR}/Makefile")" ] ; then
167 166 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_FW_PATH=../../../lib firmware_install
168 167 fi
169 168 fi
170 169
171 170 # Install kernel headers
172 171 if [ "$KERNEL_HEADERS" = true ] && [ "$KERNEL_REDUCE" = false ] ; then
173 172 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_HDR_PATH=../.. headers_install
174 173 fi
175 174 # make tar.gz kernel package - missing os bzw. modules
176 175 #** ** ** WARNING ** ** **
177 176 #Your architecture did not define any architecture-dependent files
178 177 #to be placed into the tarball. Please add those to ./scripts/package/buildtar .
179 178 # make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" CC="${cc}" targz-pkg
180 179
181 180 # Prepare boot (firmware) directory
182 181 mkdir "${BOOT_DIR}"
183 182
184 183 # Get kernel release version
185 184 KERNEL_VERSION=$(cat "${KERNEL_DIR}/include/config/kernel.release")
186 185
187 186 # Copy kernel configuration file to the boot directory
188 187 install_readonly "${KERNEL_DIR}/.config" "${R}/boot/config-${KERNEL_VERSION}"
189 188
190 189 # Prepare device tree directory
191 190 mkdir "${BOOT_DIR}/overlays"
192 191
193 192 # Ensure the proper .dtb is located
194 193 if [ "$KERNEL_ARCH" = "arm" ] ; then
195 194 for dtb in "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/"*.dtb ; do
196 195 if [ -f "${dtb}" ] ; then
197 196 install_readonly "${dtb}" "${BOOT_DIR}/"
198 197 fi
199 198 done
200 199 else
201 200 for dtb in "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/broadcom/"*.dtb ; do
202 201 if [ -f "${dtb}" ] ; then
203 202 install_readonly "${dtb}" "${BOOT_DIR}/"
204 203 fi
205 204 done
206 205 fi
207 206
208 207 # Copy compiled dtb device tree files
209 208 if [ -d "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays" ] ; then
210 209 for dtb in "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays/"*.dtb ; do
211 210 if [ -f "${dtb}" ] ; then
212 211 install_readonly "${dtb}" "${BOOT_DIR}/overlays/"
213 212 fi
214 213 done
215 214
216 215 if [ -f "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays/README" ] ; then
217 216 install_readonly "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays/README" "${BOOT_DIR}/overlays/README"
218 217 fi
219 218 fi
220 219
221 220 if [ "$ENABLE_UBOOT" = false ] ; then
222 221 # Convert and copy kernel image to the boot directory
223 222 "${KERNEL_DIR}/scripts/mkknlimg" "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/${KERNEL_BIN_IMAGE}" "${BOOT_DIR}/${KERNEL_IMAGE}"
224 223 else
225 224 # Copy kernel image to the boot directory
226 225 install_readonly "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/${KERNEL_BIN_IMAGE}" "${BOOT_DIR}/${KERNEL_IMAGE}"
227 226 fi
228 227
229 228 # Remove kernel sources
230 229 if [ "$KERNEL_REMOVESRC" = true ] ; then
231 230 rm -fr "${KERNEL_DIR}"
232 231 else
233 232 # Prepare compiled kernel modules
234 233 if [ "$(grep "CONFIG_MODULES=y" "${KERNEL_DIR}/.config")" ] ; then
235 234 if [ "$(grep "^modules_prepare:" "${KERNEL_DIR}/Makefile")" ] ; then
236 235 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" modules_prepare
237 236 fi
238 237
239 238 # Create symlinks for kernel modules
240 239 chroot_exec ln -sf /usr/src/linux "/lib/modules/${KERNEL_VERSION}/build"
241 240 chroot_exec ln -sf /usr/src/linux "/lib/modules/${KERNEL_VERSION}/source"
242 241 fi
243 242 fi
244 elif [ "$BUILD_KERNEL" = false ] ; then
243
244 else # BUILD_KERNEL=false
245 245 echo " Install precompiled kernel..."
246 246 echo "error: not implemented"
247 247 # Check if kernel installation was successful
248 248 VMLINUZ="$(ls -1 "${R}"/boot/vmlinuz-* | sort | tail -n 1)"
249 249 if [ -z "$VMLINUZ" ] ; then
250 250 echo "error: kernel installation failed! (/boot/vmlinuz-* not found)"
251 251 cleanup
252 252 exit 1
253 253 fi
254 254 # Copy vmlinuz kernel to the boot directory
255 255 install_readonly "${VMLINUZ}" "${BOOT_DIR}/${KERNEL_IMAGE}"
256 256
257 257 if [ "$SET_ARCH" = 64 ] ; then
258 258 echo "Using precompiled arm64 kernel"
259 259 else
260 260 echo "error: no precompiled arm64 (bcmrpi3) kernel found"
261 261 exit 1
262 262 # inset precompiled 64 bit kernel code here
263 263 fi
264 264 #fi build_kernel=true
265 265 fi
Show file before | Show file after | Hide comments
@@ -1,66 +1,64
1 #!/bin/bash
2 1 #
3 2 # Setup fstab and initramfs
4 3 #
5 4
6 5 # Load utility functions
7 6 . ./functions.sh
8 7
9 8 # Install and setup fstab
10 9 install_readonly files/mount/fstab "${ETC_DIR}/fstab"
11 10
12 11 if [ "$ENABLE_UBOOTUSB" = true ] ; then
13 12 sed -i "s/mmcblk0p1/sda1/" "${ETC_DIR}/fstab"
14 13 sed -i "s/mmcblk0p2/sda2/" "${ETC_DIR}/fstab"
15 14 fi
16 15
17 16 # Add usb/sda disk root partition to fstab
18 17 if [ "$ENABLE_SPLITFS" = true ] && [ "$ENABLE_CRYPTFS" = false ] ; then
19 18 sed -i "s/mmcblk0p2/sda1/" "${ETC_DIR}/fstab"
20 19 fi
21 20
22 21 # Add encrypted root partition to fstab and crypttab
23 22 if [ "$ENABLE_CRYPTFS" = true ] ; then
24 23 # Replace fstab root partition with encrypted partition mapping
25 24 sed -i "s/mmcblk0p2/mapper\/${CRYPTFS_MAPPING}/" "${ETC_DIR}/fstab"
26 25
27 26 # Add encrypted partition to crypttab and fstab
28 27 install_readonly files/mount/crypttab "${ETC_DIR}/crypttab"
29 28 echo "${CRYPTFS_MAPPING} /dev/mmcblk0p2 none luks,initramfs" >> "${ETC_DIR}/crypttab"
30 29
31 30 if [ "$ENABLE_SPLITFS" = true ] ; then
32 31 # Add usb/sda disk to crypttab
33 32 sed -i "s/mmcblk0p2/sda1/" "${ETC_DIR}/crypttab"
34 33 fi
35 34 fi
36 35
37 36 # Generate initramfs file
38 37 if [ "$BUILD_KERNEL" = true ] && [ "$ENABLE_INITRAMFS" = true ] ; then
39 38 if [ "$ENABLE_CRYPTFS" = true ] ; then
40 39 # Include initramfs scripts to auto expand encrypted root partition
41 40 if [ "$EXPANDROOT" = true ] ; then
42 41 install_exec files/initramfs/expand_encrypted_rootfs "${ETC_DIR}/initramfs-tools/scripts/init-premount/expand_encrypted_rootfs"
43 42 install_exec files/initramfs/expand-premount "${ETC_DIR}/initramfs-tools/scripts/local-premount/expand-premount"
44 43 install_exec files/initramfs/expand-tools "${ETC_DIR}/initramfs-tools/hooks/expand-tools"
45 44 fi
46 45
47 46 # Disable SSHD inside initramfs
48 47 printf "#\n# DROPBEAR: [ y | n ]\n#\n\nDROPBEAR=n\n" >> "${ETC_DIR}/initramfs-tools/initramfs.conf"
49 48
50 49 # Add cryptsetup modules to initramfs
51 50 printf "#\n# CRYPTSETUP: [ y | n ]\n#\n\nCRYPTSETUP=y\n" >> "${ETC_DIR}/initramfs-tools/conf-hook"
52 51
53 52 # Dummy mapping required by mkinitramfs
54 53 echo "0 1 crypt $(echo "${CRYPTFS_CIPHER}" | cut -d ':' -f 1) ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff 0 7:0 4096" | chroot_exec dmsetup create "${CRYPTFS_MAPPING}"
55 54
56 55 # Generate initramfs with encrypted root partition support
57 56 chroot_exec mkinitramfs -o "/boot/firmware/initramfs-${KERNEL_VERSION}" "${KERNEL_VERSION}"
58 57
59 58 # Remove dummy mapping
60 59 chroot_exec cryptsetup close "${CRYPTFS_MAPPING}"
61 60 else
62 61 # Generate initramfs without encrypted root partition support
63 62 chroot_exec mkinitramfs -o "/boot/firmware/initramfs-${KERNEL_VERSION}" "${KERNEL_VERSION}"
64 63 fi
65 64 fi
66
Show file before | Show file after | Hide comments
@@ -1,162 +1,160
1 #!/bin/bash
2 1 #
3 2 # Setup RPi2/3 config and cmdline
4 3 #
5 4
6 5 # Load utility functions
7 6 . ./functions.sh
8 7
9 8 if [ "$BUILD_KERNEL" = true ] ; then
10 9 if [ -n "$RPI_FIRMWARE_DIR" ] && [ -d "$RPI_FIRMWARE_DIR" ] ; then
11 10 # Install boot binaries from local directory
12 11 cp "${RPI_FIRMWARE_DIR}"/boot/bootcode.bin "${BOOT_DIR}"/bootcode.bin
13 12 cp "${RPI_FIRMWARE_DIR}"/boot/fixup.dat "${BOOT_DIR}"/fixup.dat
14 13 cp "${RPI_FIRMWARE_DIR}"/boot/fixup_cd.dat "${BOOT_DIR}"/fixup_cd.dat
15 14 cp "${RPI_FIRMWARE_DIR}"/boot/fixup_x.dat "${BOOT_DIR}"/fixup_x.dat
16 15 cp "${RPI_FIRMWARE_DIR}"/boot/start.elf "${BOOT_DIR}"/start.elf
17 16 cp "${RPI_FIRMWARE_DIR}"/boot/start_cd.elf "${BOOT_DIR}"/start_cd.elf
18 17 cp "${RPI_FIRMWARE_DIR}"/boot/start_x.elf "${BOOT_DIR}"/start_x.elf
19 18 else
20 19 # Create temporary directory for boot binaries
21 20 temp_dir=$(as_nobody mktemp -d)
22 21
23 22 # Install latest boot binaries from raspberry/firmware github
24 23 as_nobody wget -q -O "${temp_dir}/bootcode.bin" "${FIRMWARE_URL}/bootcode.bin"
25 24 as_nobody wget -q -O "${temp_dir}/fixup.dat" "${FIRMWARE_URL}/fixup.dat"
26 25 as_nobody wget -q -O "${temp_dir}/fixup_cd.dat" "${FIRMWARE_URL}/fixup_cd.dat"
27 26 as_nobody wget -q -O "${temp_dir}/fixup_x.dat" "${FIRMWARE_URL}/fixup_x.dat"
28 27 as_nobody wget -q -O "${temp_dir}/start.elf" "${FIRMWARE_URL}/start.elf"
29 28 as_nobody wget -q -O "${temp_dir}/start_cd.elf" "${FIRMWARE_URL}/start_cd.elf"
30 29 as_nobody wget -q -O "${temp_dir}/start_x.elf" "${FIRMWARE_URL}/start_x.elf"
31 30
32 31 # Move downloaded boot binaries
33 32 mv "${temp_dir}/"* "${BOOT_DIR}/"
34 33
35 34 # Remove temporary directory for boot binaries
36 35 rm -fr "${temp_dir}"
37 36
38 37 # Set permissions of the boot binaries
39 38 chown -R root:root "${BOOT_DIR}"
40 39 chmod -R 600 "${BOOT_DIR}"
41 40 fi
42 41 fi
43 42
44 43 # Setup firmware boot cmdline
45 44 if [ "$ENABLE_UBOOTUSB" = true ] ; then
46 45 CMDLINE="dwc_otg.lpm_enable=0 root=/dev/sda2 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline rootwait console=tty1"
47 46 else
48 47 if [ "$ENABLE_SPLITFS" = true ] ; then
49 48 CMDLINE="dwc_otg.lpm_enable=0 root=/dev/sda1 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline rootwait console=tty1"
50 49 else
51 50 CMDLINE="dwc_otg.lpm_enable=0 root=/dev/mmcblk0p2 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline rootwait console=tty1"
52 51 fi
53 52 fi
54 53
55 54
56 55 # Add encrypted root partition to cmdline.txt
57 56 if [ "$ENABLE_CRYPTFS" = true ] ; then
58 57 if [ "$ENABLE_SPLITFS" = true ] ; then
59 58 CMDLINE=$(echo "${CMDLINE}" | sed "s/sda1/mapper\/${CRYPTFS_MAPPING} cryptdevice=\/dev\/sda1:${CRYPTFS_MAPPING}/")
60 59 else
61 60 if [ "$ENABLE_UBOOTUSB" = true ] ; then
62 61 CMDLINE=$(echo "${CMDLINE}" | sed "s/sda2/mapper\/${CRYPTFS_MAPPING} cryptdevice=\/dev\/sda2:${CRYPTFS_MAPPING}/")
63 62 else
64 63 CMDLINE=$(echo "${CMDLINE}" | sed "s/mmcblk0p2/mapper\/${CRYPTFS_MAPPING} cryptdevice=\/dev\/mmcblk0p2:${CRYPTFS_MAPPING}/")
65 64 fi
66 65 fi
67 66 fi
68 67
69 68 # Add serial console support
70 69 if [ "$ENABLE_CONSOLE" = true ] ; then
71 70 CMDLINE="${CMDLINE} console=ttyAMA0,115200 kgdboc=ttyAMA0,115200"
72 71 fi
73 72
74 73 # Remove IPv6 networking support
75 74 if [ "$ENABLE_IPV6" = false ] ; then
76 75 CMDLINE="${CMDLINE} ipv6.disable=1"
77 76 fi
78 77
79 78 # Automatically assign predictable network interface names
80 79 if [ "$ENABLE_IFNAMES" = false ] ; then
81 80 CMDLINE="${CMDLINE} net.ifnames=0"
82 81 else
83 82 CMDLINE="${CMDLINE} net.ifnames=1"
84 83 fi
85 84
86 85 # Set init to systemd if required by Debian release
87 86 if [ "$RELEASE" = "stretch" ] || [ "$RELEASE" = "buster" ] ; then
88 87 CMDLINE="${CMDLINE} init=/bin/systemd"
89 88 fi
90 89
91 90 # Install firmware boot cmdline
92 91 echo "${CMDLINE}" > "${BOOT_DIR}/cmdline.txt"
93 92
94 93 # Install firmware config
95 94 install_readonly files/boot/config.txt "${BOOT_DIR}/config.txt"
96 95
97 96 # Setup minimal GPU memory allocation size: 16MB (no X)
98 97 if [ "$ENABLE_MINGPU" = true ] ; then
99 98 echo "gpu_mem=16" >> "${BOOT_DIR}/config.txt"
100 99 fi
101 100
102 101 # Setup boot with initramfs
103 102 if [ "$ENABLE_INITRAMFS" = true ] ; then
104 103 echo "initramfs initramfs-${KERNEL_VERSION} followkernel" >> "${BOOT_DIR}/config.txt"
105 104 fi
106 105
107 106 # Disable RPi3 Bluetooth and restore ttyAMA0 serial device
108 107 if [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then
109 108 if [ "$ENABLE_CONSOLE" = true ] && [ "$ENABLE_UBOOT" = false ] ; then
110 109 echo "dtoverlay=pi3-disable-bt" >> "${BOOT_DIR}/config.txt"
111 110 echo "enable_uart=1" >> "${BOOT_DIR}/config.txt"
112 111 fi
113 112 fi
114 113
115 114 # Create firmware configuration and cmdline symlinks
116 115 ln -sf firmware/config.txt "${R}/boot/config.txt"
117 116 ln -sf firmware/cmdline.txt "${R}/boot/cmdline.txt"
118 117
119 118 # Install and setup kernel modules to load at boot
120 119 mkdir -p "${R}/lib/modules-load.d/"
121 120 install_readonly files/modules/rpi2.conf "${R}/lib/modules-load.d/rpi2.conf"
122 121
123 122 # Load hardware random module at boot
124 123 if [ "$ENABLE_HWRANDOM" = true ] && [ "$BUILD_KERNEL" = false ] ; then
125 124 sed -i "s/^# bcm2708_rng/bcm2708_rng/" "${R}/lib/modules-load.d/rpi2.conf"
126 125 fi
127 126
128 127 # Load sound module at boot
129 128 if [ "$ENABLE_SOUND" = true ] ; then
130 129 sed -i "s/^# snd_bcm2835/snd_bcm2835/" "${R}/lib/modules-load.d/rpi2.conf"
131 130 else
132 131 echo "dtparam=audio=off" >> "${BOOT_DIR}/config.txt"
133 132 fi
134 133
135 134 # Enable I2C interface
136 135 if [ "$ENABLE_I2C" = true ] ; then
137 136 echo "dtparam=i2c_arm=on" >> "${BOOT_DIR}/config.txt"
138 137 sed -i "s/^# i2c-bcm2708/i2c-bcm2708/" "${R}/lib/modules-load.d/rpi2.conf"
139 138 sed -i "s/^# i2c-dev/i2c-dev/" "${R}/lib/modules-load.d/rpi2.conf"
140 139 fi
141 140
142 141 # Enable SPI interface
143 142 if [ "$ENABLE_SPI" = true ] ; then
144 143 echo "dtparam=spi=on" >> "${BOOT_DIR}/config.txt"
145 144 echo "spi-bcm2708" >> "${R}/lib/modules-load.d/rpi2.conf"
146 145 if [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ]; then
147 146 sed -i "s/spi-bcm2708/spi-bcm2835/" "${R}/lib/modules-load.d/rpi2.conf"
148 147 fi
149 148 fi
150 149
151 150 # Disable RPi2/3 under-voltage warnings
152 151 if [ -n "$DISABLE_UNDERVOLT_WARNINGS" ] ; then
153 152 echo "avoid_warnings=${DISABLE_UNDERVOLT_WARNINGS}" >> "${BOOT_DIR}/config.txt"
154 153 fi
155 154
156 155 # Install kernel modules blacklist
157 156 mkdir -p "${ETC_DIR}/modprobe.d/"
158 157 install_readonly files/modules/raspi-blacklist.conf "${ETC_DIR}/modprobe.d/raspi-blacklist.conf"
159 158
160 159 # Install sysctl.d configuration files
161 160 install_readonly files/sysctl.d/81-rpi-vm.conf "${ETC_DIR}/sysctl.d/81-rpi-vm.conf"
162
Show file before | Show file after | Hide comments
@@ -1,135 +1,134
1 #!/bin/bash
2 1 #
3 2 # Setup Networking
4 3 #
5 4
6 5 # Load utility functions
7 6 . ./functions.sh
8 7
9 8 # Install and setup hostname
10 9 install_readonly files/network/hostname "${ETC_DIR}/hostname"
11 10 sed -i "s/^rpi2-jessie/${HOSTNAME}/" "${ETC_DIR}/hostname"
12 11
13 12 # Install and setup hosts
14 13 install_readonly files/network/hosts "${ETC_DIR}/hosts"
15 14 sed -i "s/rpi2-jessie/${HOSTNAME}/" "${ETC_DIR}/hosts"
16 15
17 16 # Setup hostname entry with static IP
18 17 if [ "$NET_ADDRESS" != "" ] ; then
19 18 NET_IP=$(echo "${NET_ADDRESS}" | cut -f 1 -d'/')
20 19 sed -i "s/^127.0.1.1/${NET_IP}/" "${ETC_DIR}/hosts"
21 20 fi
22 21
23 22 # Remove IPv6 hosts
24 23 if [ "$ENABLE_IPV6" = false ] ; then
25 24 sed -i -e "/::[1-9]/d" -e "/^$/d" "${ETC_DIR}/hosts"
26 25 fi
27 26
28 27 # Install hint about network configuration
29 28 install_readonly files/network/interfaces "${ETC_DIR}/network/interfaces"
30 29
31 30 # Install configuration for interface eth0
32 31 install_readonly files/network/eth.network "${ETC_DIR}/systemd/network/eth.network"
33 32
34 33 # Install configuration for interface wl*
35 34 install_readonly files/network/wlan.network "${ETC_DIR}/systemd/network/wlan.network"
36 35
37 36 #always with dhcp since wpa_supplicant integration is missing
38 37 sed -i -e "s/DHCP=.*/DHCP=yes/" -e "/DHCP/q" "${ETC_DIR}/systemd/network/wlan.network"
39 38
40 39 if [ "$ENABLE_DHCP" = true ] ; then
41 40 # Enable DHCP configuration for interface eth0
42 41 sed -i -e "s/DHCP=.*/DHCP=yes/" -e "/DHCP/q" "${ETC_DIR}/systemd/network/eth.network"
43 42
44 43 # Set DHCP configuration to IPv4 only
45 44 if [ "$ENABLE_IPV6" = false ] ; then
46 45 sed -i "s/DHCP=.*/DHCP=v4/" "${ETC_DIR}/systemd/network/eth.network"
47 46 fi
48 47
49 48 else # ENABLE_DHCP=false
50 49 # Set static network configuration for interface eth0
51 50 sed -i\
52 51 -e "s|DHCP=.*|DHCP=no|"\
53 52 -e "s|Address=\$|Address=${NET_ADDRESS}|"\
54 53 -e "s|Gateway=\$|Gateway=${NET_GATEWAY}|"\
55 54 -e "0,/DNS=\$/ s|DNS=\$|DNS=${NET_DNS_1}|"\
56 55 -e "0,/DNS=\$/ s|DNS=\$|DNS=${NET_DNS_2}|"\
57 56 -e "s|Domains=\$|Domains=${NET_DNS_DOMAINS}|"\
58 57 -e "0,/NTP=\$/ s|NTP=\$|NTP=${NET_NTP_1}|"\
59 58 -e "0,/NTP=\$/ s|NTP=\$|NTP=${NET_NTP_2}|"\
60 59 "${ETC_DIR}/systemd/network/eth.network"
61 60 fi
62 61
63 62 # Remove empty settings from network configuration
64 63 sed -i "/.*=\$/d" "${ETC_DIR}/systemd/network/eth.network"
65 64 # Remove empty settings from wlan configuration
66 65 sed -i "/.*=\$/d" "${ETC_DIR}/systemd/network/wlan.network"
67 66
68 67 # Move systemd network configuration if required by Debian release
69 68 if [ "$RELEASE" = "stretch" ] || [ "$RELEASE" = "buster" ] ; then
70 69 mv -v "${ETC_DIR}/systemd/network/eth.network" "${LIB_DIR}/systemd/network/10-eth.network"
71 70 if [ "$ENABLE_WIRELESS" = true ] ; then
72 71 mv -v "${ETC_DIR}/systemd/network/wlan.network" "${LIB_DIR}/systemd/network/11-wlan.network"
73 72 fi
74 73 rm -fr "${ETC_DIR}/systemd/network"
75 74 fi
76 75
77 76 # Enable systemd-networkd service
78 77 chroot_exec systemctl enable systemd-networkd
79 78
80 79 # Install host.conf resolver configuration
81 80 install_readonly files/network/host.conf "${ETC_DIR}/host.conf"
82 81
83 82 # Enable network stack hardening
84 83 if [ "$ENABLE_HARDNET" = true ] ; then
85 84 # Install sysctl.d configuration files
86 85 install_readonly files/sysctl.d/82-rpi-net-hardening.conf "${ETC_DIR}/sysctl.d/82-rpi-net-hardening.conf"
87 86
88 87 # Setup resolver warnings about spoofed addresses
89 88 sed -i "s/^# spoof warn/spoof warn/" "${ETC_DIR}/host.conf"
90 89 fi
91 90
92 91 # Enable time sync
93 92 if [ "$NET_NTP_1" != "" ] ; then
94 93 chroot_exec systemctl enable systemd-timesyncd.service
95 94 fi
96 95
97 96 # Download the firmware binary blob required to use the RPi3 wireless interface
98 97 if [ "$ENABLE_WIRELESS" = true ] ; then
99 98 if [ ! -d "${WLAN_FIRMWARE_DIR}" ] ; then
100 99 mkdir -p "${WLAN_FIRMWARE_DIR}"
101 100 fi
102 101
103 102 # Create temporary directory for firmware binary blob
104 103 temp_dir=$(as_nobody mktemp -d)
105 104
106 105 # Fetch firmware binary blob for RPI3B+
107 106 if [ "$RPI_MODEL" = 3P ] ; then
108 107 as_nobody wget -q -O "${temp_dir}/brcmfmac43455-sdio.bin" "${WLAN_FIRMWARE_URL}/brcmfmac43455-sdio.bin"
109 108 as_nobody wget -q -O "${temp_dir}/brcmfmac43455-sdio.txt" "${WLAN_FIRMWARE_URL}/brcmfmac43455-sdio.txt"
110 109 as_nobody wget -q -O "${temp_dir}/brcmfmac43455-sdio.clm_blob" "${WLAN_FIRMWARE_URL}/brcmfmac43455-sdio.clm_blob"
111 110 elif [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 0 ] ; then
112 111 # Fetch firmware binary blob for RPI3
113 112 as_nobody wget -q -O "${temp_dir}/brcmfmac43430-sdio.bin" "${WLAN_FIRMWARE_URL}/brcmfmac43430-sdio.bin"
114 113 as_nobody wget -q -O "${temp_dir}/brcmfmac43430-sdio.txt" "${WLAN_FIRMWARE_URL}/brcmfmac43430-sdio.txt"
115 114 fi
116 115
117 116 # Move downloaded firmware binary blob
118 117 if [ "$RPI_MODEL" = 3P ] ; then
119 118 mv "${temp_dir}/brcmfmac43455-sdio."* "${WLAN_FIRMWARE_DIR}/"
120 119 elif [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 0 ] ; then
121 120 mv "${temp_dir}/brcmfmac43430-sdio."* "${WLAN_FIRMWARE_DIR}/"
122 121 fi
123 122
124 123 # Remove temporary directory for firmware binary blob
125 124 rm -fr "${temp_dir}"
126 125
127 126 # Set permissions of the firmware binary blob
128 127 if [ "$RPI_MODEL" = 3P ] ; then
129 128 chown root:root "${WLAN_FIRMWARE_DIR}/brcmfmac43455-sdio."*
130 129 chmod 600 "${WLAN_FIRMWARE_DIR}/brcmfmac43455-sdio."*
131 130 elif [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 0 ] ; then
132 131 chown root:root "${WLAN_FIRMWARE_DIR}/brcmfmac43430-sdio."*
133 132 chmod 600 "${WLAN_FIRMWARE_DIR}/brcmfmac43430-sdio."*
134 133 fi
135 134 fi
Show file before | Show file after | Hide comments
@@ -1,49 +1,50
1 #!/bin/bash
2 1 #
3 2 # Setup Firewall
4 3 #
5 4
6 5 # Load utility functions
7 6 . ./functions.sh
8 7
9 8 if [ "$ENABLE_IPTABLES" = true ] ; then
10 9 # Create iptables configuration directory
11 10 mkdir -p "${ETC_DIR}/iptables"
12 11
12 # make sure iptables-legacy is the used alternatives
13 #iptables-save and -restore are slaves of iptables and thus are set accordingly
13 14 if ! [ "$RELEASE" = jessie ] ; then
14 15 chroot_exec update-alternatives --verbose --set iptables /usr/sbin/iptables-legacy
15 16 fi
16 17
17 18 # Install iptables systemd service
18 19 install_readonly files/iptables/iptables.service "${ETC_DIR}/systemd/system/iptables.service"
19 20
20 21 # Install flush-table script called by iptables service
21 22 install_exec files/iptables/flush-iptables.sh "${ETC_DIR}/iptables/flush-iptables.sh"
22 23
23 24 # Install iptables rule file
24 25 install_readonly files/iptables/iptables.rules "${ETC_DIR}/iptables/iptables.rules"
25 26
26 27 # Reload systemd configuration and enable iptables service
27 28 chroot_exec systemctl daemon-reload
28 29 chroot_exec systemctl enable iptables.service
29 30
30 31 if [ "$ENABLE_IPV6" = true ] ; then
31 32 # Install ip6tables systemd service
32 33 install_readonly files/iptables/ip6tables.service "${ETC_DIR}/systemd/system/ip6tables.service"
33 34
34 35 # Install ip6tables file
35 36 install_exec files/iptables/flush-ip6tables.sh "${ETC_DIR}/iptables/flush-ip6tables.sh"
36 37
37 38 install_readonly files/iptables/ip6tables.rules "${ETC_DIR}/iptables/ip6tables.rules"
38 39
39 40 # Reload systemd configuration and enable iptables service
40 41 chroot_exec systemctl daemon-reload
41 42 chroot_exec systemctl enable ip6tables.service
42 43 fi
43 44
44 45 if [ "$ENABLE_SSHD" = false ] ; then
45 46 # Remove SSHD related iptables rules
46 47 sed -i "/^#/! {/SSH/ s/^/# /}" "${ETC_DIR}/iptables/iptables.rules" 2> /dev/null
47 48 sed -i "/^#/! {/SSH/ s/^/# /}" "${ETC_DIR}/iptables/ip6tables.rules" 2> /dev/null
48 49 fi
49 50 fi
Show file before | Show file after | Hide comments
@@ -1,30 +1,29
1 #!/bin/bash
2 1 #
3 2 # Setup users and security settings
4 3 #
5 4
6 5 # Load utility functions
7 6 . ./functions.sh
8 7
9 8 # Generate crypt(3) password string
10 9 ENCRYPTED_PASSWORD=$(mkpasswd -m sha-512 "${PASSWORD}")
11 10 ENCRYPTED_USER_PASSWORD=$(mkpasswd -m sha-512 "${USER_PASSWORD}")
12 11
13 12 # Setup default user
14 13 if [ "$ENABLE_USER" = true ] ; then
15 chroot_exec adduser --gecos "$USER_NAME" --add_extra_groups --disabled-password "$USER_NAME"
16 chroot_exec usermod -a -G sudo -p "${ENCRYPTED_USER_PASSWORD}" "$USER_NAME"
14 chroot_exec adduser --gecos $USER_NAME --add_extra_groups --disabled-password $USER_NAME
15 chroot_exec usermod -a -G sudo -p "${ENCRYPTED_USER_PASSWORD}" $USER_NAME
17 16 fi
18 17
19 18 # Setup root password or not
20 19 if [ "$ENABLE_ROOT" = true ] ; then
21 20 chroot_exec usermod -p "${ENCRYPTED_PASSWORD}" root
22 21 else
23 22 # Set no root password to disable root login
24 23 chroot_exec usermod -p \'!\' root
25 24 fi
26 25
27 26 # Enable serial console systemd style
28 27 if [ "$ENABLE_CONSOLE" = true ] ; then
29 28 chroot_exec systemctl enable serial-getty\@ttyAMA0.service
30 29 fi
Show file before | Show file after | Hide comments
@@ -1,14 +1,13
1 #!/bin/bash
2 1 #
3 2 # Setup Logging
4 3 #
5 4
6 5 # Load utility functions
7 6 . ./functions.sh
8 7
9 8 # Disable rsyslog
10 9 if [ "$ENABLE_RSYSLOG" = false ] ; then
11 10 sed -i "s|[#]*ForwardToSyslog=yes|ForwardToSyslog=no|g" "${ETC_DIR}/systemd/journald.conf"
12 11 chroot_exec systemctl disable rsyslog
13 12 chroot_exec apt-get -qq -y purge rsyslog
14 13 fi
Show file before | Show file after | Hide comments
@@ -1,117 +1,116
1 #!/bin/bash
2 1 #
3 2 # Setup SSH settings and public keys
4 3 #
5 4
6 5 # Load utility functions
7 6 . ./functions.sh
8 7
9 8 if [ "$ENABLE_SSHD" = true ] ; then
10 9 DROPBEAR_ARGS=""
11 10
12 11 if [ "$SSH_ENABLE_ROOT" = false ] ; then
13 12 if [ "$ENABLE_REDUCE" = false ] || [ "$REDUCE_SSHD" = false ] ; then
14 13 # User root is not allowed to log in
15 14 sed -i "s|[#]*PermitRootLogin.*|PermitRootLogin no|g" "${ETC_DIR}/ssh/sshd_config"
16 15 else
17 16 # User root is not allowed to log in
18 17 DROPBEAR_ARGS="-w"
19 18 fi
20 19 fi
21 20
22 21 if [ "$ENABLE_ROOT" = true ] && [ "$SSH_ENABLE_ROOT" = true ] ; then
23 22 if [ "$ENABLE_REDUCE" = false ] || [ "$REDUCE_SSHD" = false ] ; then
24 23 # Permit SSH root login
25 24 sed -i "s|[#]*PermitRootLogin.*|PermitRootLogin yes|g" "${ETC_DIR}/ssh/sshd_config"
26 25 else
27 26 # Permit SSH root login
28 27 DROPBEAR_ARGS=""
29 28 fi
30 29
31 30 # Add SSH (v2) public key for user root
32 31 if [ -n "$SSH_ROOT_PUB_KEY" ] ; then
33 32 # Create root SSH config directory
34 33 mkdir -p "${R}/root/.ssh"
35 34
36 35 # Set permissions of root SSH config directory
37 36 chroot_exec chmod 700 "/root/.ssh"
38 37 chroot_exec chown root:root "/root/.ssh"
39 38
40 39 # Add SSH (v2) public key(s) to authorized_keys file
41 40 cat "$SSH_ROOT_PUB_KEY" >> "${R}/root/.ssh/authorized_keys"
42 41
43 42 # Set permissions of root SSH authorized_keys file
44 43 chroot_exec chmod 600 "/root/.ssh/authorized_keys"
45 44 chroot_exec chown root:root "/root/.ssh/authorized_keys"
46 45
47 46 if [ "$ENABLE_REDUCE" = false ] || [ "$REDUCE_SSHD" = false ] ; then
48 47 # Allow SSH public key authentication
49 48 sed -i "s|[#]*PubkeyAuthentication.*|PubkeyAuthentication yes|g" "${ETC_DIR}/ssh/sshd_config"
50 49 fi
51 50 fi
52 51 fi
53 52
54 53 if [ "$ENABLE_USER" = true ] ; then
55 54 # Add SSH (v2) public key for user $USER_NAME
56 55 if [ -n "$SSH_USER_PUB_KEY" ] ; then
57 56 # Create $USER_NAME SSH config directory
58 57 mkdir -p "${R}/home/${USER_NAME}/.ssh"
59 58
60 59 # Set permissions of $USER_NAME SSH config directory
61 60 chroot_exec chmod 700 "/home/${USER_NAME}/.ssh"
62 61 chroot_exec chown "${USER_NAME}":"${USER_NAME}" "/home/${USER_NAME}/.ssh"
63 62
64 63 # Add SSH (v2) public key(s) to authorized_keys file
65 64 cat "$SSH_USER_PUB_KEY" >> "${R}/home/${USER_NAME}/.ssh/authorized_keys"
66 65
67 66 # Set permissions of $USER_NAME SSH config directory
68 67 chroot_exec chmod 600 "/home/${USER_NAME}/.ssh/authorized_keys"
69 68 chroot_exec chown "${USER_NAME}":"${USER_NAME}" "/home/${USER_NAME}/.ssh/authorized_keys"
70 69
71 70 if [ "$ENABLE_REDUCE" = false ] || [ "$REDUCE_SSHD" = false ] ; then
72 71 # Allow SSH public key authentication
73 72 sed -i "s|[#]*PubkeyAuthentication.*|PubkeyAuthentication yes|g" "${ETC_DIR}/ssh/sshd_config"
74 73 fi
75 74 fi
76 75 fi
77 76
78 77 # Limit the users that are allowed to login via SSH
79 78 if [ "$SSH_LIMIT_USERS" = true ] && [ "$ENABLE_REDUCE" = false ] ; then
80 79 allowed_users=""
81 80 if [ "$ENABLE_ROOT" = true ] && [ "$SSH_ENABLE_ROOT" = true ] ; then
82 81 allowed_users="root"
83 82 fi
84 83
85 84 if [ "$ENABLE_USER" = true ] ; then
86 85 allowed_users="${allowed_users} ${USER_NAME}"
87 86 fi
88 87
89 88 if [ -n "$allowed_users" ] ; then
90 89 echo "AllowUsers ${allowed_users}" >> "${ETC_DIR}/ssh/sshd_config"
91 90 fi
92 91 fi
93 92
94 93 # Disable password-based authentication
95 94 if [ "$SSH_DISABLE_PASSWORD_AUTH" = true ] ; then
96 95 if [ "$ENABLE_ROOT" = true ] && [ "$SSH_ENABLE_ROOT" = true ] ; then
97 96 if [ "$ENABLE_REDUCE" = false ] || [ "$REDUCE_SSHD" = false ] ; then
98 97 sed -i "s|[#]*PermitRootLogin.*|PermitRootLogin without-password|g" "${ETC_DIR}/ssh/sshd_config"
99 98 else
100 99 DROPBEAR_ARGS="-g"
101 100 fi
102 101 fi
103 102
104 103 if [ "$ENABLE_REDUCE" = false ] || [ "$REDUCE_SSHD" = false ] ; then
105 104 sed -i "s|[#]*PasswordAuthentication.*|PasswordAuthentication no|g" "${ETC_DIR}/ssh/sshd_config"
106 105 sed -i "s|[#]*ChallengeResponseAuthentication no.*|ChallengeResponseAuthentication no|g" "${ETC_DIR}/ssh/sshd_config"
107 106 sed -i "s|[#]*UsePAM.*|UsePAM no|g" "${ETC_DIR}/ssh/sshd_config"
108 107 else
109 108 DROPBEAR_ARGS="${DROPBEAR_ARGS} -s"
110 109 fi
111 110 fi
112 111
113 112 # Update dropbear SSH configuration
114 113 if [ "$ENABLE_REDUCE" = true ] && [ "$REDUCE_SSHD" = true ] ; then
115 114 sed "s|^DROPBEAR_EXTRA_ARGS=.*|DROPBEAR_EXTRA_ARGS=\"${DROPBEAR_ARGS}\"|g" "${ETC_DIR}/default/dropbear"
116 115 fi
117 116 fi No newline at end of file
Show file before | Show file after | Hide comments
@@ -1,102 +1,102
1 #!/bin/bash
2 1 #
3 2 # Build and Setup U-Boot
4 3 #
5 4
6 5 # Load utility functions
7 6 . ./functions.sh
8 7
9 8 # Fetch and build U-Boot bootloader
10 9 if [ "$ENABLE_UBOOT" = true ] ; then
11 10 # Install c/c++ build environment inside the chroot
12 11 chroot_install_cc
13 12
14 13 # Copy existing U-Boot sources into chroot directory
15 14 if [ -n "$UBOOTSRC_DIR" ] && [ -d "$UBOOTSRC_DIR" ] ; then
16 15 # Copy local U-Boot sources
17 16 cp -r "${UBOOTSRC_DIR}" "${R}/tmp"
18 17 else
19 18 # Create temporary directory for U-Boot sources
20 19 temp_dir=$(as_nobody mktemp -d)
21 20
22 21 # Fetch U-Boot sources
23 22 as_nobody git -C "${temp_dir}" clone "${UBOOT_URL}"
24 23
25 24 # Copy downloaded U-Boot sources
26 25 mv "${temp_dir}/u-boot" "${R}/tmp/"
27 26
28 27 # Set permissions of the U-Boot sources
29 28 chown -R root:root "${R}/tmp/u-boot"
30 29
31 30 # Remove temporary directory for U-Boot sources
32 31 rm -fr "${temp_dir}"
33 32 fi
34 33
35 34 # Build and install U-Boot inside chroot
36 35 chroot_exec make -j"${KERNEL_THREADS}" -C /tmp/u-boot/ "${UBOOT_CONFIG}" all
37 36
38 37 # Copy compiled bootloader binary and set config.txt to load it
39 38 install_exec "${R}/tmp/u-boot/tools/mkimage" "${R}/usr/sbin/mkimage"
40 39 install_readonly "${R}/tmp/u-boot/u-boot.bin" "${BOOT_DIR}/u-boot.bin"
41 40 printf "\n# boot u-boot kernel\nkernel=u-boot.bin\n" >> "${BOOT_DIR}/config.txt"
42 41
42 # Install and setup U-Boot command file
43 43 install_readonly files/boot/uboot.mkimage "${BOOT_DIR}/uboot.mkimage"
44 44 printf "# Set the kernel boot command line\nsetenv bootargs \"earlyprintk ${CMDLINE}\"\n\n$(cat ${BOOT_DIR}/uboot.mkimage)" > "${BOOT_DIR}/uboot.mkimage"
45 45
46 46 if [ "$ENABLE_INITRAMFS" = true ] ; then
47 47 # Convert generated initramfs for U-Boot using mkimage
48 48 chroot_exec /usr/sbin/mkimage -A "${KERNEL_ARCH}" -T ramdisk -C none -n "initramfs-${KERNEL_VERSION}" -d "/boot/firmware/initramfs-${KERNEL_VERSION}" "/boot/firmware/initramfs-${KERNEL_VERSION}.uboot"
49 49
50 50 # Remove original initramfs file
51 51 rm -f "${BOOT_DIR}/initramfs-${KERNEL_VERSION}"
52 52
53 53 # Configure U-Boot to load generated initramfs
54 54 printf "# Set initramfs file\nsetenv initramfs initramfs-${KERNEL_VERSION}.uboot\n\n$(cat ${BOOT_DIR}/uboot.mkimage)" > "${BOOT_DIR}/uboot.mkimage"
55 55 printf "\nbootz \${kernel_addr_r} \${ramdisk_addr_r} \${fdt_addr_r}" >> "${BOOT_DIR}/uboot.mkimage"
56 56 else # ENABLE_INITRAMFS=false
57 57 # Remove initramfs from U-Boot mkfile
58 58 sed -i '/.*initramfs.*/d' "${BOOT_DIR}/uboot.mkimage"
59 59
60 60 if [ "$BUILD_KERNEL" = false ] ; then
61 61 # Remove dtbfile from U-Boot mkfile
62 62 sed -i '/.*dtbfile.*/d' "${BOOT_DIR}/uboot.mkimage"
63 63 printf "\nbootz \${kernel_addr_r}" >> "${BOOT_DIR}/uboot.mkimage"
64 64 else
65 65 printf "\nbootz \${kernel_addr_r} - \${fdt_addr_r}" >> "${BOOT_DIR}/uboot.mkimage"
66 66 fi
67 67 fi
68 68
69 69 if [ "$SET_ARCH" = 64 ] ; then
70 70 echo "Setting up config.txt to boot 64bit uboot"
71 71
72 72 printf "\n# 64bit-mode" >> "${BOOT_DIR}/config.txt"
73 73 printf "\n# arm_control=0x200 is deprecated https://www.raspberrypi.org/documentation/configuration/config-txt/misc.md" >> "${BOOT_DIR}/config.txt"
74 74 printf "\narm_64bit=1" >> "${BOOT_DIR}/config.txt"
75 75 sed -i "s|bootz|booti|g" "${BOOT_DIR}/uboot.mkimage"
76 76 fi
77 77
78 78 # instead of sd, boot from usb device
79 79 if [ "$ENABLE_UBOOTUSB" = true ] ; then
80 80 sed -i "s|mmc|usb|g" "${BOOT_DIR}/uboot.mkimage"
81 81 fi
82 82
83 # Set mkfile to use the correct dtb file
84 sed -i "s/^\(setenv dtbfile \).*/\1${DTB_FILE}/" "${BOOT_DIR}/uboot.mkimage"
85
83 86 # Set mkfile to use the correct mach id
84 87 if [ "$ENABLE_QEMU" = true ] ; then
85 88 sed -i "s/^\(setenv machid \).*/\10x000008e0/" "${BOOT_DIR}/uboot.mkimage"
86 89 fi
87 90
88 # Set mkfile to use the correct dtb file
89 sed -i "s/^\(setenv dtbfile \).*/\1${DTB_FILE}/" "${BOOT_DIR}/uboot.mkimage"
90
91 91 # Set mkfile to use kernel image
92 92 sed -i "s/^\(fatload mmc 0:1 \${kernel_addr_r} \).*/\1${KERNEL_IMAGE}/" "${BOOT_DIR}/uboot.mkimage"
93 93
94 94 # Remove all leading blank lines
95 95 sed -i "/./,\$!d" "${BOOT_DIR}/uboot.mkimage"
96 96
97 97 # Generate U-Boot bootloader image
98 98 chroot_exec /usr/sbin/mkimage -A "${KERNEL_ARCH}" -O linux -T script -C none -a 0x00000000 -e 0x00000000 -n "RPi${RPI_MODEL}" -d /boot/firmware/uboot.mkimage /boot/firmware/boot.scr
99 99
100 100 # Remove U-Boot sources
101 101 rm -fr "${R}/tmp/u-boot"
102 102 fi
Show file before | Show file after | Hide comments
@@ -1,52 +1,51
1 #!/bin/bash
2 1 #
3 2 # Build and Setup fbturbo Xorg driver
4 3 #
5 4
6 5 # Load utility functions
7 6 . ./functions.sh
8 7
9 8 if [ "$ENABLE_FBTURBO" = true ] ; then
10 9 # Install c/c++ build environment inside the chroot
11 10 chroot_install_cc
12 11
13 12 # Copy existing fbturbo sources into chroot directory
14 13 if [ -n "$FBTURBOSRC_DIR" ] && [ -d "$FBTURBOSRC_DIR" ] ; then
15 14 # Copy local fbturbo sources
16 15 cp -r "${FBTURBOSRC_DIR}" "${R}/tmp"
17 16 else
18 17 # Create temporary directory for fbturbo sources
19 18 temp_dir=$(as_nobody mktemp -d)
20 19
21 20 # Fetch fbturbo sources
22 21 as_nobody git -C "${temp_dir}" clone "${FBTURBO_URL}"
23 22
24 23 # Move downloaded fbturbo sources
25 24 mv "${temp_dir}/xf86-video-fbturbo" "${R}/tmp/"
26 25
27 26 # Remove temporary directory for fbturbo sources
28 27 rm -fr "${temp_dir}"
29 28 fi
30 29
31 30 # Install Xorg build dependencies
32 31 if [ "$RELEASE" = "jessie" ] ; then
33 32 chroot_exec apt-get -q -y --no-install-recommends install xorg-dev xutils-dev x11proto-dri2-dev libltdl-dev libtool automake libdrm-dev
34 33 elif [ "$RELEASE" = "stretch" ] || [ "$RELEASE" = "buster" ] ; then
35 34 chroot_exec apt-get -q -y --no-install-recommends --allow-unauthenticated install xorg-dev xutils-dev x11proto-dri2-dev libltdl-dev libtool automake libdrm-dev
36 35 fi
37 36
38 37 # Build and install fbturbo driver inside chroot
39 38 chroot_exec /bin/bash -x <<'EOF'
40 39 cd /tmp/xf86-video-fbturbo
41 40 autoreconf -vi
42 41 ./configure --prefix=/usr
43 42 make
44 43 make install
45 44 EOF
46 45
47 46 # Install fbturbo driver Xorg configuration
48 47 install_readonly files/xorg/99-fbturbo.conf "${R}/usr/share/X11/xorg.conf.d/99-fbturbo.conf"
49 48
50 49 # Remove Xorg build dependencies
51 50 chroot_exec apt-get -qq -y --auto-remove purge xorg-dev xutils-dev x11proto-dri2-dev libltdl-dev libtool automake libdrm-dev
52 51 fi
Show file before | Show file after | Hide comments
@@ -1,50 +1,49
1 #!/bin/bash
2 1 #
3 2 # First boot actions
4 3 #
5 4
6 5 # Load utility functions
7 6 . ./functions.sh
8 7
9 8 # Prepare rc.firstboot script
10 9 cat files/firstboot/10-begin.sh > "${ETC_DIR}/rc.firstboot"
11 10
12 11 # Ensure openssh server host keys are regenerated on first boot
13 12 if [ "$ENABLE_SSHD" = true ] ; then
14 13 cat files/firstboot/21-generate-ssh-keys.sh >> "${ETC_DIR}/rc.firstboot"
15 14 fi
16 15
17 16 # Prepare filesystem auto expand
18 17 if [ "$EXPANDROOT" = true ] ; then
19 18 if [ "$ENABLE_CRYPTFS" = false ] ; then
20 19 cat files/firstboot/22-expandroot.sh >> "${ETC_DIR}/rc.firstboot"
21 20 else
22 21 # Regenerate initramfs to remove encrypted root partition auto expand
23 22 cat files/firstboot/23-regenerate-initramfs.sh >> "${ETC_DIR}/rc.firstboot"
24 23 fi
25 24 fi
26 25
27 26 # Ensure that dbus machine-id exists
28 27 cat files/firstboot/24-generate-machineid.sh >> "${ETC_DIR}/rc.firstboot"
29 28
30 29 # Create /etc/resolv.conf symlink
31 30 cat files/firstboot/25-create-resolv-symlink.sh >> "${ETC_DIR}/rc.firstboot"
32 31
33 32 # Configure automatic network interface names
34 33 if [ "$ENABLE_IFNAMES" = true ] ; then
35 34 cat files/firstboot/26-config-ifnames.sh >> "${ETC_DIR}/rc.firstboot"
36 35 fi
37 36
38 37 # Finalize rc.firstboot script
39 38 cat files/firstboot/99-finish.sh >> "${ETC_DIR}/rc.firstboot"
40 39 chmod +x "${ETC_DIR}/rc.firstboot"
41 40
42 41 # Install default rc.local if it does not exist
43 42 if [ ! -f "${ETC_DIR}/rc.local" ] ; then
44 43 install_exec files/etc/rc.local "${ETC_DIR}/rc.local"
45 44 fi
46 45
47 46 # Add rc.firstboot script to rc.local
48 47 sed -i '/exit 0/d' "${ETC_DIR}/rc.local"
49 48 echo /etc/rc.firstboot >> "${ETC_DIR}/rc.local"
50 49 echo exit 0 >> "${ETC_DIR}/rc.local"
Show file before | Show file after | Hide comments
@@ -1,86 +1,85
1 #!/bin/bash
2 1 #
3 2 # Reduce system disk usage
4 3 #
5 4
6 5 # Load utility functions
7 6 . ./functions.sh
8 7
9 8 # Reduce the image size by various operations
10 9 if [ "$ENABLE_REDUCE" = true ] ; then
11 10 if [ "$REDUCE_APT" = true ] ; then
12 11 # Install dpkg configuration file
13 12 if [ "$REDUCE_DOC" = true ] || [ "$REDUCE_MAN" = true ] ; then
14 13 install_readonly files/dpkg/01nodoc "${ETC_DIR}/dpkg/dpkg.cfg.d/01nodoc"
15 14 fi
16 15
17 16 # Install APT configuration files
18 17 install_readonly files/apt/02nocache "${ETC_DIR}/apt/apt.conf.d/02nocache"
19 18 install_readonly files/apt/03compress "${ETC_DIR}/apt/apt.conf.d/03compress"
20 19 install_readonly files/apt/04norecommends "${ETC_DIR}/apt/apt.conf.d/04norecommends"
21 20
22 21 # Remove APT cache files
23 22 rm -fr "${R}/var/cache/apt/pkgcache.bin"
24 23 rm -fr "${R}/var/cache/apt/srcpkgcache.bin"
25 24 fi
26 25
27 26 # Remove all doc files
28 27 if [ "$REDUCE_DOC" = true ] ; then
29 28 find "${R}/usr/share/doc" -depth -type f ! -name copyright -print0 | xargs -0 rm || true
30 29 find "${R}/usr/share/doc" -empty -print0 | xargs -0 rmdir || true
31 30 fi
32 31
33 32 # Remove all man pages and info files
34 33 if [ "$REDUCE_MAN" = true ] ; then
35 34 rm -rf "${R}/usr/share/man" "${R}/usr/share/groff" "${R}/usr/share/info" "${R}/usr/share/lintian" "${R}/usr/share/linda" "${R}/var/cache/man"
36 35 fi
37 36
38 37 # Remove all locale translation files
39 38 if [ "$REDUCE_LOCALE" = true ] ; then
40 39 find "${R}/usr/share/locale" -mindepth 1 -maxdepth 1 ! -name 'en' -print0 | xargs -0 rm -r
41 40 fi
42 41
43 42 # Remove hwdb PCI device classes (experimental)
44 43 if [ "$REDUCE_HWDB" = true ] ; then
45 44 rm -fr "/lib/udev/hwdb.d/20-pci-*"
46 45 fi
47 46
48 47 # Replace bash shell by dash shell (experimental)
49 48 if [ "$REDUCE_BASH" = true ] ; then
50 49 if [ "$RELEASE" = "stretch" ] || [ "$RELEASE" = "buster" ] ; then
51 50 echo "Yes, do as I say!" | chroot_exec apt-get purge -qq -y --allow-remove-essential bash
52 51 else
53 52 echo "Yes, do as I say!" | chroot_exec apt-get purge -qq -y --force-yes bash
54 53 fi
55 54
56 55 chroot_exec update-alternatives --install /bin/bash bash /bin/dash 100
57 56 fi
58 57
59 58 # Remove sound utils and libraries
60 59 if [ "$ENABLE_SOUND" = false ] ; then
61 60 chroot_exec apt-get -qq -y purge alsa-utils libsamplerate0 libasound2 libasound2-data
62 61 fi
63 62
64 63 # Re-install tools for managing kernel modules
65 64 if [ "$RELEASE" = "jessie" ] ; then
66 65 chroot_exec apt-get -qq -y install module-init-tools
67 66 fi
68 67
69 68 # Remove GPU kernels
70 69 if [ "$ENABLE_MINGPU" = true ] ; then
71 70 rm -f "${BOOT_DIR}/start.elf"
72 71 rm -f "${BOOT_DIR}/fixup.dat"
73 72 rm -f "${BOOT_DIR}/start_x.elf"
74 73 rm -f "${BOOT_DIR}/fixup_x.dat"
75 74 fi
76 75
77 76 # Remove kernel and initrd from /boot (already in /boot/firmware)
78 77 if [ "$BUILD_KERNEL" = false ] ; then
79 78 rm -f "${R}/boot/vmlinuz-*"
80 79 rm -f "${R}/boot/initrd.img-*"
81 80 fi
82 81
83 82 # Clean APT list of repositories
84 83 rm -fr "${R}/var/lib/apt/lists/*"
85 84 chroot_exec apt-get -qq -y update
86 85 fi
Show file before | Show file after | Hide comments
@@ -1,797 +1,806
1 1 #!/bin/bash
2 2 ########################################################################
3 3 # rpi23-gen-image.sh 2015-2017
4 4 #
5 5 # Advanced Debian "stretch" and "buster" bootstrap script for RPi2/3
6 6 #
7 7 # This program is free software; you can redistribute it and/or
8 8 # modify it under the terms of the GNU General Public License
9 9 # as published by the Free Software Foundation; either version 2
10 10 # of the License, or (at your option) any later version.
11 11 #
12 12 # Copyright (C) 2015 Jan Wagner <mail@jwagner.eu>
13 13 #
14 14 # Big thanks for patches and enhancements by 20+ github contributors!
15 15 ########################################################################
16 16
17 17 # Are we running as root?
18 18 if [ "$(id -u)" -ne "0" ] ; then
19 19 echo "error: this script must be executed with root privileges!"
20 20 exit 1
21 21 fi
22 22
23 23 # Check if ./functions.sh script exists
24 24 if [ ! -r "./functions.sh" ] ; then
25 25 echo "error: './functions.sh' required script not found!"
26 26 exit 1
27 27 fi
28 28
29 29 # Load utility functions
30 30 . ./functions.sh
31 31
32 32 # Load parameters from configuration template file
33 33 if [ -n "$CONFIG_TEMPLATE" ] ; then
34 34 use_template
35 35 fi
36 36
37 37 # Introduce settings
38 38 set -e
39 39 echo -n -e "\n#\n# RPi2/3 Bootstrap Settings\n#\n"
40 40 set -x
41 41
42 42 # Raspberry Pi model configuration
43 43 export RPI_MODEL=${RPI_MODEL:=2}
44 44
45 45 # Debian release
46 46 export RELEASE=${RELEASE:=buster}
47 47
48 48 #Kernel Branch
49 49 export KERNEL_BRANCH=${KERNEL_BRANCH:=""}
50 50
51 51 # URLs
52 export KERNEL_URL=${KERNEL_URL:=https://github.com/raspberrypi/linux}
53 export FIRMWARE_URL=${FIRMWARE_URL:=https://github.com/raspberrypi/firmware/raw/master/boot}
54 export WLAN_FIRMWARE_URL=${WLAN_FIRMWARE_URL:=https://github.com/RPi-Distro/firmware-nonfree/raw/master/brcm}
55 export FBTURBO_URL=${FBTURBO_URL:=https://github.com/ssvb/xf86-video-fbturbo.git}
56 export UBOOT_URL=${UBOOT_URL:=https://git.denx.de/u-boot.git}
57 export VIDEOCORE_URL=${VIDEOCORE_URL=https://github.com/raspberrypi/userland}
58
59 # Firmware directory: Blank if download from github
60 export RPI_FIRMWARE_DIR=${RPI_FIRMWARE_DIR:=""}
52 KERNEL_URL=${KERNEL_URL:=https://github.com/raspberrypi/linux}
53 FIRMWARE_URL=${FIRMWARE_URL:=https://github.com/raspberrypi/firmware/raw/master/boot}
54 WLAN_FIRMWARE_URL=${WLAN_FIRMWARE_URL:=https://github.com/RPi-Distro/firmware-nonfree/raw/master/brcm}
55 COLLABORA_URL=${COLLABORA_URL:=https://repositories.collabora.co.uk/debian}
56 FBTURBO_URL=${FBTURBO_URL:=https://github.com/ssvb/xf86-video-fbturbo.git}
57 UBOOT_URL=${UBOOT_URL:=https://git.denx.de/u-boot.git}
58 VIDEOCORE_URL=${VIDEOCORE_URL=https://github.com/raspberrypi/userland}
61 59
62 60 # Build directories
63 export BASEDIR=${BASEDIR:=$(pwd)/images/${RELEASE}}
64 export BUILDDIR="${BASEDIR}/build"
61 BASEDIR=${BASEDIR:=$(pwd)/images/${RELEASE}}
62 BUILDDIR="${BASEDIR}/build"
65 63
66 64 # Prepare date string for default image file name
67 65 DATE="$(date +%Y-%m-%d)"
68 66 if [ -z "$KERNEL_BRANCH" ] ; then
69 export IMAGE_NAME=${IMAGE_NAME:=${BASEDIR}/${DATE}-${KERNEL_ARCH}-CURRENT-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}}
67 IMAGE_NAME=${IMAGE_NAME:=${BASEDIR}/${DATE}-${KERNEL_ARCH}-CURRENT-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}}
70 68 else
71 export IMAGE_NAME=${IMAGE_NAME:=${BASEDIR}/${DATE}-${KERNEL_ARCH}-${KERNEL_BRANCH}-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}}
69 IMAGE_NAME=${IMAGE_NAME:=${BASEDIR}/${DATE}-${KERNEL_ARCH}-${KERNEL_BRANCH}-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}}
72 70 fi
73 71
74 72 # Chroot directories
75 export R="${BUILDDIR}/chroot"
76 export ETC_DIR="${R}/etc"
77 export LIB_DIR="${R}/lib"
78 export BOOT_DIR="${R}/boot/firmware"
79 export KERNEL_DIR="${R}/usr/src/linux"
80 export WLAN_FIRMWARE_DIR="${R}/lib/firmware/brcm"
73 R="${BUILDDIR}/chroot"
74 ETC_DIR="${R}/etc"
75 LIB_DIR="${R}/lib"
76 BOOT_DIR="${R}/boot/firmware"
77 KERNEL_DIR="${R}/usr/src/linux"
78 WLAN_FIRMWARE_DIR="${R}/lib/firmware/brcm"
81 79
80 # Firmware directory: Blank if download from github
81 RPI_FIRMWARE_DIR=${RPI_FIRMWARE_DIR:=""}
82 82 # General settings
83 export SET_ARCH=${SET_ARCH:=32}
84 export HOSTNAME=${HOSTNAME:=rpi${RPI_MODEL}-${RELEASE}}
85 export PASSWORD=${PASSWORD:=raspberry}
86 export USER_PASSWORD=${USER_PASSWORD:=raspberry}
87 export DEFLOCAL=${DEFLOCAL:="en_US.UTF-8"}
88 export TIMEZONE=${TIMEZONE:="Europe/Berlin"}
89 export EXPANDROOT=${EXPANDROOT:=true}
83 SET_ARCH=${SET_ARCH:=32}
84 HOSTNAME=${HOSTNAME:=rpi${RPI_MODEL}-${RELEASE}}
85 PASSWORD=${PASSWORD:=raspberry}
86 USER_PASSWORD=${USER_PASSWORD:=raspberry}
87 DEFLOCAL=${DEFLOCAL:="en_US.UTF-8"}
88 TIMEZONE=${TIMEZONE:="Europe/Berlin"}
89 EXPANDROOT=${EXPANDROOT:=true}
90 90
91 91 # Keyboard settings
92 export XKB_MODEL=${XKB_MODEL:=""}
93 export XKB_LAYOUT=${XKB_LAYOUT:=""}
94 export XKB_VARIANT=${XKB_VARIANT:=""}
95 export XKB_OPTIONS=${XKB_OPTIONS:=""}
92 XKB_MODEL=${XKB_MODEL:=""}
93 XKB_LAYOUT=${XKB_LAYOUT:=""}
94 XKB_VARIANT=${XKB_VARIANT:=""}
95 XKB_OPTIONS=${XKB_OPTIONS:=""}
96 96
97 97 # Network settings (DHCP)
98 export ENABLE_DHCP=${ENABLE_DHCP:=true}
98 ENABLE_DHCP=${ENABLE_DHCP:=true}
99 99
100 100 # Network settings (static)
101 export NET_ADDRESS=${NET_ADDRESS:=""}
102 export NET_GATEWAY=${NET_GATEWAY:=""}
103 export NET_DNS_1=${NET_DNS_1:=""}
104 export NET_DNS_2=${NET_DNS_2:=""}
105 export NET_DNS_DOMAINS=${NET_DNS_DOMAINS:=""}
106 export NET_NTP_1=${NET_NTP_1:=""}
107 export NET_NTP_2=${NET_NTP_2:=""}
101 NET_ADDRESS=${NET_ADDRESS:=""}
102 NET_GATEWAY=${NET_GATEWAY:=""}
103 NET_DNS_1=${NET_DNS_1:=""}
104 NET_DNS_2=${NET_DNS_2:=""}
105 NET_DNS_DOMAINS=${NET_DNS_DOMAINS:=""}
106 NET_NTP_1=${NET_NTP_1:=""}
107 NET_NTP_2=${NET_NTP_2:=""}
108 108
109 109 # APT settings
110 export APT_PROXY=${APT_PROXY:=""}
111 export APT_SERVER=${APT_SERVER:="ftp.debian.org"}
110 APT_PROXY=${APT_PROXY:=""}
111 APT_SERVER=${APT_SERVER:="ftp.debian.org"}
112 112
113 113 # Feature settings
114 export ENABLE_CONSOLE=${ENABLE_CONSOLE:=true}
115 export ENABLE_I2C=${ENABLE_I2C:=false}
116 export ENABLE_SPI=${ENABLE_SPI:=false}
117 export ENABLE_IPV6=${ENABLE_IPV6:=true}
118 export ENABLE_SSHD=${ENABLE_SSHD:=true}
119 export ENABLE_NONFREE=${ENABLE_NONFREE:=false}
120 export ENABLE_WIRELESS=${ENABLE_WIRELESS:=false}
121 export ENABLE_SOUND=${ENABLE_SOUND:=true}
122 export ENABLE_DBUS=${ENABLE_DBUS:=true}
123 export ENABLE_HWRANDOM=${ENABLE_HWRANDOM:=true}
124 export ENABLE_MINGPU=${ENABLE_MINGPU:=false}
125 export ENABLE_XORG=${ENABLE_XORG:=false}
126 export ENABLE_WM=${ENABLE_WM:=""}
127 export ENABLE_RSYSLOG=${ENABLE_RSYSLOG:=true}
128 export ENABLE_USER=${ENABLE_USER:=true}
129 export USER_NAME=${USER_NAME:="pi"}
130 export ENABLE_ROOT=${ENABLE_ROOT:=false}
131 export ENABLE_QEMU=${ENABLE_QEMU:=false}
114 ENABLE_CONSOLE=${ENABLE_CONSOLE:=true}
115 ENABLE_I2C=${ENABLE_I2C:=false}
116 ENABLE_SPI=${ENABLE_SPI:=false}
117 ENABLE_IPV6=${ENABLE_IPV6:=true}
118 ENABLE_SSHD=${ENABLE_SSHD:=true}
119 ENABLE_NONFREE=${ENABLE_NONFREE:=false}
120 ENABLE_WIRELESS=${ENABLE_WIRELESS:=false}
121 ENABLE_SOUND=${ENABLE_SOUND:=true}
122 ENABLE_DBUS=${ENABLE_DBUS:=true}
123 ENABLE_HWRANDOM=${ENABLE_HWRANDOM:=true}
124 ENABLE_MINGPU=${ENABLE_MINGPU:=false}
125 ENABLE_XORG=${ENABLE_XORG:=false}
126 ENABLE_WM=${ENABLE_WM:=""}
127 ENABLE_RSYSLOG=${ENABLE_RSYSLOG:=true}
128 ENABLE_USER=${ENABLE_USER:=true}
129 USER_NAME=${USER_NAME:="pi"}
130 ENABLE_ROOT=${ENABLE_ROOT:=false}
131 ENABLE_QEMU=${ENABLE_QEMU:=false}
132 ENABLE_SYSVINIT=${ENABLE_SYSVINIT:=false}
132 133
133 134 # SSH settings
134 export SSH_ENABLE_ROOT=${SSH_ENABLE_ROOT:=false}
135 export SSH_DISABLE_PASSWORD_AUTH=${SSH_DISABLE_PASSWORD_AUTH:=false}
136 export SSH_LIMIT_USERS=${SSH_LIMIT_USERS:=false}
137 export SSH_ROOT_PUB_KEY=${SSH_ROOT_PUB_KEY:=""}
138 export SSH_USER_PUB_KEY=${SSH_USER_PUB_KEY:=""}
135 SSH_ENABLE_ROOT=${SSH_ENABLE_ROOT:=false}
136 SSH_DISABLE_PASSWORD_AUTH=${SSH_DISABLE_PASSWORD_AUTH:=false}
137 SSH_LIMIT_USERS=${SSH_LIMIT_USERS:=false}
138 SSH_ROOT_PUB_KEY=${SSH_ROOT_PUB_KEY:=""}
139 SSH_USER_PUB_KEY=${SSH_USER_PUB_KEY:=""}
139 140
140 141 # Advanced settings
141 export ENABLE_MINBASE=${ENABLE_MINBASE:=false}
142 export ENABLE_REDUCE=${ENABLE_REDUCE:=false}
143 export ENABLE_UBOOT=${ENABLE_UBOOT:=false}
144 export UBOOTSRC_DIR=${UBOOTSRC_DIR:=""}
145 export ENABLE_UBOOTUSB=${ENABLE_UBOOTUSB=false}
146 export ENABLE_FBTURBO=${ENABLE_FBTURBO:=false}
147 export ENABLE_VIDEOCORE=${ENABLE_VIDEOCORE:=true}
148 export VIDEOCORESRC_DIR=${VIDEOCORESRC_DIR:=""}
149 export FBTURBOSRC_DIR=${FBTURBOSRC_DIR:=""}
150 export ENABLE_HARDNET=${ENABLE_HARDNET:=false}
151 export ENABLE_IPTABLES=${ENABLE_IPTABLES:=false}
152 export ENABLE_SPLITFS=${ENABLE_SPLITFS:=false}
153 export ENABLE_INITRAMFS=${ENABLE_INITRAMFS:=false}
154 export ENABLE_IFNAMES=${ENABLE_IFNAMES:=true}
155 export DISABLE_UNDERVOLT_WARNINGS=${DISABLE_UNDERVOLT_WARNINGS:=}
142 ENABLE_MINBASE=${ENABLE_MINBASE:=false}
143 ENABLE_REDUCE=${ENABLE_REDUCE:=false}
144 ENABLE_UBOOT=${ENABLE_UBOOT:=false}
145 UBOOTSRC_DIR=${UBOOTSRC_DIR:=""}
146 ENABLE_UBOOTUSB=${ENABLE_UBOOTUSB=false}
147 ENABLE_FBTURBO=${ENABLE_FBTURBO:=false}
148 ENABLE_VIDEOCORE=${ENABLE_VIDEOCORE:=true}
149 VIDEOCORESRC_DIR=${VIDEOCORESRC_DIR:=""}
150 FBTURBOSRC_DIR=${FBTURBOSRC_DIR:=""}
151 ENABLE_HARDNET=${ENABLE_HARDNET:=false}
152 ENABLE_IPTABLES=${ENABLE_IPTABLES:=false}
153 ENABLE_SPLITFS=${ENABLE_SPLITFS:=false}
154 ENABLE_INITRAMFS=${ENABLE_INITRAMFS:=false}
155 ENABLE_IFNAMES=${ENABLE_IFNAMES:=true}
156 DISABLE_UNDERVOLT_WARNINGS=${DISABLE_UNDERVOLT_WARNINGS:=}
156 157
157 158 # Kernel compilation settings
158 export BUILD_KERNEL=${BUILD_KERNEL:=true}
159 export KERNEL_REDUCE=${KERNEL_REDUCE:=false}
160 export KERNEL_THREADS=${KERNEL_THREADS:=1}
161 export KERNEL_HEADERS=${KERNEL_HEADERS:=true}
162 export KERNEL_MENUCONFIG=${KERNEL_MENUCONFIG:=false}
163 export KERNEL_REMOVESRC=${KERNEL_REMOVESRC:=true}
164 export KERNEL_OLDDEFCONFIG=${KERNEL_OLDDEFCONFIG:=false}
165 export KERNEL_CCACHE=${KERNEL_CCACHE:=false}
159 BUILD_KERNEL=${BUILD_KERNEL:=true}
160 KERNEL_REDUCE=${KERNEL_REDUCE:=false}
161 KERNEL_THREADS=${KERNEL_THREADS:=1}
162 KERNEL_HEADERS=${KERNEL_HEADERS:=true}
163 KERNEL_MENUCONFIG=${KERNEL_MENUCONFIG:=false}
164 KERNEL_REMOVESRC=${KERNEL_REMOVESRC:=true}
165 KERNEL_OLDDEFCONFIG=${KERNEL_OLDDEFCONFIG:=false}
166 KERNEL_CCACHE=${KERNEL_CCACHE:=false}
166 167
167 168 # Kernel compilation from source directory settings
168 export KERNELSRC_DIR=${KERNELSRC_DIR:=""}
169 export KERNELSRC_CLEAN=${KERNELSRC_CLEAN:=false}
170 export KERNELSRC_CONFIG=${KERNELSRC_CONFIG:=true}
171 export KERNELSRC_PREBUILT=${KERNELSRC_PREBUILT:=false}
169 KERNELSRC_DIR=${KERNELSRC_DIR:=""}
170 KERNELSRC_CLEAN=${KERNELSRC_CLEAN:=false}
171 KERNELSRC_CONFIG=${KERNELSRC_CONFIG:=true}
172 KERNELSRC_PREBUILT=${KERNELSRC_PREBUILT:=false}
172 173
173 174 # Reduce disk usage settings
174 export REDUCE_APT=${REDUCE_APT:=true}
175 export REDUCE_DOC=${REDUCE_DOC:=true}
176 export REDUCE_MAN=${REDUCE_MAN:=true}
177 export REDUCE_VIM=${REDUCE_VIM:=false}
178 export REDUCE_BASH=${REDUCE_BASH:=false}
179 export REDUCE_HWDB=${REDUCE_HWDB:=true}
180 export REDUCE_SSHD=${REDUCE_SSHD:=true}
181 export REDUCE_LOCALE=${REDUCE_LOCALE:=true}
175 REDUCE_APT=${REDUCE_APT:=true}
176 REDUCE_DOC=${REDUCE_DOC:=true}
177 REDUCE_MAN=${REDUCE_MAN:=true}
178 REDUCE_VIM=${REDUCE_VIM:=false}
179 REDUCE_BASH=${REDUCE_BASH:=false}
180 REDUCE_HWDB=${REDUCE_HWDB:=true}
181 REDUCE_SSHD=${REDUCE_SSHD:=true}
182 REDUCE_LOCALE=${REDUCE_LOCALE:=true}
182 183
183 184 # Encrypted filesystem settings
184 185 ENABLE_CRYPTFS=${ENABLE_CRYPTFS:=false}
185 186 CRYPTFS_PASSWORD=${CRYPTFS_PASSWORD:=""}
186 187 CRYPTFS_MAPPING=${CRYPTFS_MAPPING:="secure"}
187 188 CRYPTFS_CIPHER=${CRYPTFS_CIPHER:="aes-xts-plain64:sha512"}
188 189 CRYPTFS_XTSKEYSIZE=${CRYPTFS_XTSKEYSIZE:=512}
189 190
190 191 # Chroot scripts directory
191 192 CHROOT_SCRIPTS=${CHROOT_SCRIPTS:=""}
192 193
193 194 # Packages required in the chroot build environment
194 export APT_INCLUDES=${APT_INCLUDES:=""}
195 APT_INCLUDES=${APT_INCLUDES:=""}
195 196 APT_INCLUDES="${APT_INCLUDES},apt-transport-https,apt-utils,ca-certificates,debian-archive-keyring,dialog,sudo,systemd,sysvinit-utils,locales,keyboard-configuration,console-setup"
196 197
197 198 # Packages required for bootstrapping
198 export REQUIRED_PACKAGES="debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git bc psmisc dbus sudo netselect-apt"
199 export MISSING_PACKAGES=""
199 REQUIRED_PACKAGES="debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git bc psmisc dbus sudo netselect-apt"
200 MISSING_PACKAGES=""
200 201
201 202 # Packages installed for c/c++ build environment in chroot (keep empty)
202 export COMPILER_PACKAGES=""
203 COMPILER_PACKAGES=""
203 204
205 #ipinfo=$(curl ipinfo.io | grep country )
206 #grep -o '\"[^"]*\"' $ipinfo | tr -d '"'
207 #grep -Po '"country":.*?[^\\]",' $(curl ipinfo.io | grep country )
208 #sed -i "s,http:,https:,g" "${ETC_DIR}/apt/sources.list"
204 209 #autconfigure best apt server to not spam ftp.debian.org
205 210 #rm files/apt/sources.list
206 211 #netselect-apt does not know buster yet
207 212 if [ "$RELEASE" = "buster" ] ; then
208 213 RLS=testing
209 214 else
210 215 RLS="$RELEASE"
211 216 fi
212 217
213 218 if [ -f "$(pwd)/files/apt/sources.list" ] ; then
214 219 rm "$(pwd)/files/apt/sources.list"
215 220 fi
216 221
217 222 if [ "$ENABLE_NONFREE" = true ] ; then
218 223 netselect-apt --arch "$RELEASE_ARCH" --tests 10 --sources --nonfree --outfile "$(pwd)/files/apt/sources.list" -d "$RLS"
219 224 else
220 225 netselect-apt --arch "$RELEASE_ARCH" --tests 10 --sources --outfile "$(pwd)/files/apt/sources.list" -d "$RLS"
221 226 fi
227
228 #sed and cut the result string so we can use it as APT_SERVER
222 229 APT_SERVER=$(grep -m 1 http files/apt/sources.list | sed "s|http://| |g" | cut -d ' ' -f 3)
223 230 APT_SERVER=${APT_SERVER::-1}
224 231
225 232 #make script easier and more stable to use with convenient setup switch. Just setup SET_ARCH and RPI_MODEL and your good to go!
226 233 if [ -n "$SET_ARCH" ] ; then
227 234 echo "Setting Architecture specific settings"
228 235 ##################################
229 236 # 64 bit config
230 237 ##################################
231 238 if [ "$SET_ARCH" = 64 ] ; then
232 239 echo "64 bit mode selected - Setting up enviroment"
233 240 # 64 bit depended settings
234 241 QEMU_BINARY=${QEMU_BINARY:=/usr/bin/qemu-aarch64-static}
235 242 KERNEL_ARCH=${KERNEL_ARCH:=arm64}
236 243 KERNEL_BIN_IMAGE=${KERNEL_BIN_IMAGE:="Image"}
237 244
238 245 if [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then
239 246 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-arm64"
240 247 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcmrpi3_defconfig}
241 248 RELEASE_ARCH=${RELEASE_ARCH:=arm64}
242 249 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel8.img}
243 250 CROSS_COMPILE=${CROSS_COMPILE:=aarch64-linux-gnu-}
244 251 else
245 252 echo "error: At the moment Raspberry PI 3 and 3B+ are the only Models which support 64bit"
246 253 exit 1
247 254 fi
248 255 fi
249 256
250 257 ##################################
251 258 # 32 bit config
252 259 ##################################
253 260 if [ "$SET_ARCH" = 32 ] ; then
254 261 echo "32 bit mode selected - Setting up enviroment"
255 262 #General 32bit configuration
256 263 QEMU_BINARY=${QEMU_BINARY:=/usr/bin/qemu-arm-static}
257 264 KERNEL_ARCH=${KERNEL_ARCH:=arm}
258 265 KERNEL_BIN_IMAGE=${KERNEL_BIN_IMAGE:="zImage"}
259 266
260 267 #Raspberry setting grouped by board compability
261 268 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 1 ] || [ "$RPI_MODEL" = 1P ] ; then
262 269 echo "Setting settings for bcm2835 Raspberry PI boards"
263 270 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-armel"
264 271 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcmrpi_defconfig}
265 272 RELEASE_ARCH=${RELEASE_ARCH:=armel}
266 273 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel.img}
267 274 CROSS_COMPILE=${CROSS_COMPILE:=arm-linux-gnueabi-}
268 275 fi
269 276 if [ "$RPI_MODEL" = 2 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then
270 277 echo "Setting settings for bcm2837 Raspberry PI boards"
271 278 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-armhf"
272 279 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcm2709_defconfig}
273 280 RELEASE_ARCH=${RELEASE_ARCH:=armhf}
274 281 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel7.img}
275 282 CROSS_COMPILE=${CROSS_COMPILE:=arm-linux-gnueabihf-}
276 283 fi
277 284 fi
278 285 #SET_ARCH not set
279 286 else
280 287 echo "error: Please set '32' or '64' as value for SET_ARCH"
281 288 exit 1
282 289 fi
283 290
284 291 #Device specific configuration
285 292 echo "Select DTB-File"
286 293 case "$RPI_MODEL" in
287 294 0)
288 295 DTB_FILE=${DTB_FILE:=bcm2708-rpi-0-w.dtb}
289 296 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_defconfig}
290 297 ;;
291 298 1)
292 299 DTB_FILE=${DTB_FILE:=bcm2708-rpi-b.dtb}
293 300 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_defconfig}
294 301 ;;
295 302 1P)
296 303 DTB_FILE=${DTB_FILE:=bcm2708-rpi-b-plus.dtb}
297 304 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_defconfig}
298 305 ;;
299 306 2)
300 307 DTB_FILE=${DTB_FILE:=bcm2709-rpi-2-b.dtb}
301 308 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_2_defconfig}
302 309 ;;
303 310 3)
304 311 DTB_FILE=${DTB_FILE:=bcm2710-rpi-3-b.dtb}
305 312 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_3_defconfig}
306 313 ;;
307 314 3P)
308 315 DTB_FILE=${DTB_FILE:=bcm2710-rpi-3-b.dtb}
309 316 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_3_defconfig}
310 317 ;;
311 318 *)
312 319 echo "error: Raspberry Pi model $RPI_MODEL is not supported!"
313 320 exit 1
314 321 ;;
315 322 esac
316 323 echo "$DTB_FILE selected"
317 324
318 325 #DEBUG off
319 326 set +x
320 327
321 328 # Check if the internal wireless interface is supported by the RPi model
322 329 if [ "$ENABLE_WIRELESS" = true ] ; then
323 330 if [ "$RPI_MODEL" = 1 ] || [ "$RPI_MODEL" = 1P ] || [ "$RPI_MODEL" = 2 ] ; then
324 331 echo "error: The selected Raspberry Pi model has no internal wireless interface"
325 332 exit 1
326 333 else
327 334 echo "Raspberry Pi $RPI_MODEL has WIFI support"
328 335 fi
329 336 fi
330 337
331 338 # Check if DISABLE_UNDERVOLT_WARNINGS parameter value is supported
332 339 if [ -n "$DISABLE_UNDERVOLT_WARNINGS" ] ; then
333 340 if [ "$DISABLE_UNDERVOLT_WARNINGS" != 1 ] && [ "$DISABLE_UNDERVOLT_WARNINGS" != 2 ] ; then
334 341 echo "error: DISABLE_UNDERVOLT_WARNINGS=${DISABLE_UNDERVOLT_WARNINGS} is not supported"
335 342 exit 1
336 343 fi
337 344 fi
338 345
339 346 if [ "$ENABLE_VIDEOCORE" = true ] ; then
340 347 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} cmake"
341 348 fi
342 349
343 350 # Add libncurses5 to enable kernel menuconfig
344 351 if [ "$KERNEL_MENUCONFIG" = true ] ; then
345 352 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} libncurses-dev"
346 353 fi
347 354
348 355 # Add ccache compiler cache for (faster) kernel cross (re)compilation
349 356 if [ "$KERNEL_CCACHE" = true ] ; then
350 357 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} ccache"
351 358 fi
352 359
353 360 # Add cryptsetup package to enable filesystem encryption
354 361 if [ "$ENABLE_CRYPTFS" = true ] && [ "$BUILD_KERNEL" = true ] ; then
355 362 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} cryptsetup"
356 363 APT_INCLUDES="${APT_INCLUDES},cryptsetup,busybox,console-setup"
357 364
358 365 if [ -z "$CRYPTFS_PASSWORD" ] ; then
359 366 echo "error: no password defined (CRYPTFS_PASSWORD)!"
360 367 exit 1
361 368 fi
362 369 ENABLE_INITRAMFS=true
363 370 fi
364 371
365 372 # Add initramfs generation tools
366 373 if [ "$ENABLE_INITRAMFS" = true ] && [ "$BUILD_KERNEL" = true ] ; then
367 374 APT_INCLUDES="${APT_INCLUDES},initramfs-tools"
368 375 fi
369 376
370 377 # Add device-tree-compiler required for building the U-Boot bootloader
371 378 if [ "$ENABLE_UBOOT" = true ] ; then
372 379 APT_INCLUDES="${APT_INCLUDES},device-tree-compiler,bison,flex,bc"
373 380 else
374 381 if [ "$ENABLE_UBOOTUSB" = true ] ; then
375 382 echo "error: Enabling UBOOTUSB requires u-boot to be enabled"
376 383 exit 1
377 384 fi
378 385 fi
379 386
380 387 # Check if root SSH (v2) public key file exists
381 388 if [ -n "$SSH_ROOT_PUB_KEY" ] ; then
382 389 if [ ! -f "$SSH_ROOT_PUB_KEY" ] ; then
383 390 echo "error: '$SSH_ROOT_PUB_KEY' specified SSH public key file not found (SSH_ROOT_PUB_KEY)!"
384 391 exit 1
385 392 fi
386 393 fi
387 394
388 395 # Check if $USER_NAME SSH (v2) public key file exists
389 396 if [ -n "$SSH_USER_PUB_KEY" ] ; then
390 397 if [ ! -f "$SSH_USER_PUB_KEY" ] ; then
391 398 echo "error: '$SSH_USER_PUB_KEY' specified SSH public key file not found (SSH_USER_PUB_KEY)!"
392 399 exit 1
393 400 fi
394 401 fi
395 402
396 403 # Check if all required packages are installed on the build system
397 404 for package in $REQUIRED_PACKAGES ; do
398 if [ "$(dpkg-query -W -f='${Status}' "$package")" != "install ok installed" ] ; then
405 if [ "$(dpkg-query -W -f='${Status}' $package)" != "install ok installed" ] ; then
399 406 MISSING_PACKAGES="${MISSING_PACKAGES} $package"
400 407 fi
401 408 done
402 409
403 410 # If there are missing packages ask confirmation for install, or exit
404 411 if [ -n "$MISSING_PACKAGES" ] ; then
405 412 echo "the following packages needed by this script are not installed:"
406 413 echo "$MISSING_PACKAGES"
407 414
408 415 printf "\ndo you want to install the missing packages right now? [y/n] "
409 416 read -r confirm
410 417 [ "$confirm" != "y" ] && exit 1
411 418
412 419 # Make sure all missing required packages are installed
413 420 apt-get -qq -y install "${MISSING_PACKAGES}"
414 421 fi
415 422
416 423 # Check if ./bootstrap.d directory exists
417 424 if [ ! -d "./bootstrap.d/" ] ; then
418 425 echo "error: './bootstrap.d' required directory not found!"
419 426 exit 1
420 427 fi
421 428
422 429 # Check if ./files directory exists
423 430 if [ ! -d "./files/" ] ; then
424 431 echo "error: './files' required directory not found!"
425 432 exit 1
426 433 fi
427 434
428 435 # Check if specified KERNELSRC_DIR directory exists
429 436 if [ -n "$KERNELSRC_DIR" ] && [ ! -d "$KERNELSRC_DIR" ] ; then
430 437 echo "error: '${KERNELSRC_DIR}' specified directory not found (KERNELSRC_DIR)!"
431 438 exit 1
432 439 fi
433 440
434 441 # Check if specified UBOOTSRC_DIR directory exists
435 442 if [ -n "$UBOOTSRC_DIR" ] && [ ! -d "$UBOOTSRC_DIR" ] ; then
436 443 echo "error: '${UBOOTSRC_DIR}' specified directory not found (UBOOTSRC_DIR)!"
437 444 exit 1
438 445 fi
439 446
440 447 # Check if specified VIDEOCORESRC_DIR directory exists
441 448 if [ -n "$VIDEOCORESRC_DIR" ] && [ ! -d "$VIDEOCORESRC_DIR" ] ; then
442 449 echo "error: '${VIDEOCORESRC_DIR}' specified directory not found (VIDEOCORESRC_DIR)!"
443 450 exit 1
444 451 fi
445 452
446 453 # Check if specified FBTURBOSRC_DIR directory exists
447 454 if [ -n "$FBTURBOSRC_DIR" ] && [ ! -d "$FBTURBOSRC_DIR" ] ; then
448 455 echo "error: '${FBTURBOSRC_DIR}' specified directory not found (FBTURBOSRC_DIR)!"
449 456 exit 1
450 457 fi
451 458
452 459 # Check if specified CHROOT_SCRIPTS directory exists
453 460 if [ -n "$CHROOT_SCRIPTS" ] && [ ! -d "$CHROOT_SCRIPTS" ] ; then
454 461 echo "error: ${CHROOT_SCRIPTS} specified directory not found (CHROOT_SCRIPTS)!"
455 462 exit 1
456 463 fi
457 464
458 465 # Check if specified device mapping already exists (will be used by cryptsetup)
459 466 if [ -r "/dev/mapping/${CRYPTFS_MAPPING}" ] ; then
460 467 echo "error: mapping /dev/mapping/${CRYPTFS_MAPPING} already exists, not proceeding"
461 468 exit 1
462 469 fi
463 470
464 471 # Don't clobber an old build
465 472 if [ -e "$BUILDDIR" ] ; then
466 473 echo "error: directory ${BUILDDIR} already exists, not proceeding"
467 474 exit 1
468 475 fi
469 476
470 477 # Setup chroot directory
471 478 mkdir -p "${R}"
472 479
473 480 # Check if build directory has enough of free disk space >512MB
474 481 if [ "$(df --output=avail "${BUILDDIR}" | sed "1d")" -le "524288" ] ; then
475 482 echo "error: ${BUILDDIR} not enough space left to generate the output image!"
476 483 exit 1
477 484 fi
478 485
486 set -x
487
479 488 # Call "cleanup" function on various signals and errors
480 489 trap cleanup 0 1 2 3 6
481 490
482 491 # Add required packages for the minbase installation
483 492 if [ "$ENABLE_MINBASE" = true ] ; then
484 493 APT_INCLUDES="${APT_INCLUDES},vim-tiny,netbase,net-tools,ifupdown"
485 494 fi
486 495
487 496 # Add parted package, required to get partprobe utility
488 497 if [ "$EXPANDROOT" = true ] ; then
489 498 APT_INCLUDES="${APT_INCLUDES},parted"
490 499 fi
491 500
492 501 # Add dbus package, recommended if using systemd
493 502 if [ "$ENABLE_DBUS" = true ] ; then
494 503 APT_INCLUDES="${APT_INCLUDES},dbus"
495 504 fi
496 505
497 506 # Add iptables IPv4/IPv6 package
498 507 if [ "$ENABLE_IPTABLES" = true ] ; then
499 508 APT_INCLUDES="${APT_INCLUDES},iptables,iptables-persistent"
500 509 fi
501 510
502 511 # Add openssh server package
503 512 if [ "$ENABLE_SSHD" = true ] ; then
504 513 APT_INCLUDES="${APT_INCLUDES},openssh-server"
505 514 fi
506 515
507 516 # Add alsa-utils package
508 517 if [ "$ENABLE_SOUND" = true ] ; then
509 518 APT_INCLUDES="${APT_INCLUDES},alsa-utils"
510 519 fi
511 520
512 521 # Add rng-tools package
513 522 if [ "$ENABLE_HWRANDOM" = true ] ; then
514 523 APT_INCLUDES="${APT_INCLUDES},rng-tools"
515 524 fi
516 525
517 526 # Add fbturbo video driver
518 527 if [ "$ENABLE_FBTURBO" = true ] ; then
519 528 # Enable xorg package dependencies
520 529 ENABLE_XORG=true
521 530 fi
522 531
523 532 # Add user defined window manager package
524 533 if [ -n "$ENABLE_WM" ] ; then
525 534 APT_INCLUDES="${APT_INCLUDES},${ENABLE_WM}"
526 535
527 536 # Enable xorg package dependencies
528 537 ENABLE_XORG=true
529 538 fi
530 539
531 540 # Add xorg package
532 541 if [ "$ENABLE_XORG" = true ] ; then
533 542 APT_INCLUDES="${APT_INCLUDES},xorg,dbus-x11"
534 543 fi
535 544
536 545 # Replace selected packages with smaller clones
537 546 if [ "$ENABLE_REDUCE" = true ] ; then
538 547 # Add levee package instead of vim-tiny
539 548 if [ "$REDUCE_VIM" = true ] ; then
540 549 APT_INCLUDES="$(echo ${APT_INCLUDES} | sed "s/vim-tiny/levee/")"
541 550 fi
542 551
543 552 # Add dropbear package instead of openssh-server
544 553 if [ "$REDUCE_SSHD" = true ] ; then
545 554 APT_INCLUDES="$(echo "${APT_INCLUDES}" | sed "s/openssh-server/dropbear/")"
546 555 fi
547 556 fi
548 557
549 558 # Configure kernel sources if no KERNELSRC_DIR
550 559 if [ "$BUILD_KERNEL" = true ] && [ -z "$KERNELSRC_DIR" ] ; then
551 560 KERNELSRC_CONFIG=true
552 561 fi
553 562
554 563 # Configure reduced kernel
555 564 if [ "$KERNEL_REDUCE" = true ] ; then
556 565 KERNELSRC_CONFIG=false
557 566 fi
558 567
559 set -x
568 # Configure qemu compatible kernel
569 if [ "$ENABLE_QEMU" = true ] ; then
570 DTB_FILE=vexpress-v2p-ca15_a7.dtb
571 UBOOT_CONFIG=vexpress_ca15_tc2_defconfig
572 KERNEL_DEFCONFIG="vexpress_defconfig"
573 if [ "$KERNEL_MENUCONFIG" = false ] ; then
574 KERNEL_OLDDEFCONFIG=true
575 fi
576 fi
560 577
561 578 # Execute bootstrap scripts
562 579 for SCRIPT in bootstrap.d/*.sh; do
563 head -n 4 "$SCRIPT"
580 head -n 3 "$SCRIPT"
564 581 . "$SCRIPT"
565 582 done
566 583
567 584 ## Execute custom bootstrap scripts
568 585 if [ -d "custom.d" ] ; then
569 586 for SCRIPT in custom.d/*.sh; do
570 587 . "$SCRIPT"
571 588 done
572 589 fi
573 590
574 591 # Execute custom scripts inside the chroot
575 592 if [ -n "$CHROOT_SCRIPTS" ] && [ -d "$CHROOT_SCRIPTS" ] ; then
576 593 cp -r "${CHROOT_SCRIPTS}" "${R}/chroot_scripts"
577 594 chroot_exec /bin/bash -x <<'EOF'
578 595 for SCRIPT in /chroot_scripts/* ; do
579 596 if [ -f $SCRIPT -a -x $SCRIPT ] ; then
580 597 $SCRIPT
581 598 fi
582 599 done
583 600 EOF
584 601 rm -rf "${R}/chroot_scripts"
585 602 fi
586 603
587 604 # Remove c/c++ build environment from the chroot
588 605 chroot_remove_cc
589 606
590 607 # Generate required machine-id
591 608 MACHINE_ID=$(dbus-uuidgen)
592 609 echo -n "${MACHINE_ID}" > "${R}/var/lib/dbus/machine-id"
593 610 echo -n "${MACHINE_ID}" > "${ETC_DIR}/machine-id"
594 611
595 612 # APT Cleanup
596 613 chroot_exec apt-get -y clean
597 614 chroot_exec apt-get -y autoclean
598 615 chroot_exec apt-get -y autoremove
599 616
600 617 # Unmount mounted filesystems
601 618 umount -l "${R}/proc"
602 619 umount -l "${R}/sys"
603 620
604 621 # Clean up directories
605 622 rm -rf "${R}/run/*"
606 623 rm -rf "${R}/tmp/*"
607 624
608 625 # Clean up files
609 626 rm -f "${ETC_DIR}/ssh/ssh_host_*"
610 627 rm -f "${ETC_DIR}/dropbear/dropbear_*"
611 628 rm -f "${ETC_DIR}/apt/sources.list.save"
612 629 rm -f "${ETC_DIR}/resolvconf/resolv.conf.d/original"
613 630 rm -f "${ETC_DIR}/*-"
614 631 rm -f "${ETC_DIR}/apt/apt.conf.d/10proxy"
615 632 rm -f "${ETC_DIR}/resolv.conf"
616 633 rm -f "${R}/root/.bash_history"
617 634 rm -f "${R}/var/lib/urandom/random-seed"
618 635 rm -f "${R}/initrd.img"
619 636 rm -f "${R}/vmlinuz"
620 637 rm -f "${R}${QEMU_BINARY}"
621 638
622 639 if [ "$ENABLE_QEMU" = true ] ; then
623 # Configure qemu compatible kernel
624 DTB_FILE=vexpress-v2p-ca15_a7.dtb
625 UBOOT_CONFIG=vexpress_ca15_tc2_defconfig
626 KERNEL_DEFCONFIG="vexpress_defconfig"
627 if [ "$KERNEL_MENUCONFIG" = false ] ; then
628 KERNEL_OLDDEFCONFIG=true
629 fi
630
631 640 # Setup QEMU directory
632 641 mkdir "${BASEDIR}/qemu"
633 642
634 643 # Copy kernel image to QEMU directory
635 644 install_readonly "${BOOT_DIR}/${KERNEL_IMAGE}" "${BASEDIR}/qemu/${KERNEL_IMAGE}"
636 645
637 646 # Copy kernel config to QEMU directory
638 647 install_readonly "${R}/boot/config-${KERNEL_VERSION}" "${BASEDIR}/qemu/config-${KERNEL_VERSION}"
639 648
640 649 # Copy kernel dtbs to QEMU directory
641 650 for dtb in "${BOOT_DIR}/"*.dtb ; do
642 651 if [ -f "${dtb}" ] ; then
643 652 install_readonly "${dtb}" "${BASEDIR}/qemu/"
644 653 fi
645 654 done
646 655
647 656 # Copy kernel overlays to QEMU directory
648 657 if [ -d "${BOOT_DIR}/overlays" ] ; then
649 658 # Setup overlays dtbs directory
650 659 mkdir "${BASEDIR}/qemu/overlays"
651 660
652 661 for dtb in "${BOOT_DIR}/overlays/"*.dtb ; do
653 662 if [ -f "${dtb}" ] ; then
654 663 install_readonly "${dtb}" "${BASEDIR}/qemu/overlays/"
655 664 fi
656 665 done
657 666 fi
658 667
659 668 # Copy u-boot files to QEMU directory
660 669 if [ "$ENABLE_UBOOT" = true ] ; then
661 670 if [ -f "${BOOT_DIR}/u-boot.bin" ] ; then
662 671 install_readonly "${BOOT_DIR}/u-boot.bin" "${BASEDIR}/qemu/u-boot.bin"
663 672 fi
664 673 if [ -f "${BOOT_DIR}/uboot.mkimage" ] ; then
665 674 install_readonly "${BOOT_DIR}/uboot.mkimage" "${BASEDIR}/qemu/uboot.mkimage"
666 675 fi
667 676 if [ -f "${BOOT_DIR}/boot.scr" ] ; then
668 677 install_readonly "${BOOT_DIR}/boot.scr" "${BASEDIR}/qemu/boot.scr"
669 678 fi
670 679 fi
671 680
672 681 # Copy initramfs to QEMU directory
673 682 if [ -f "${BOOT_DIR}/initramfs-${KERNEL_VERSION}" ] ; then
674 683 install_readonly "${BOOT_DIR}/initramfs-${KERNEL_VERSION}" "${BASEDIR}/qemu/initramfs-${KERNEL_VERSION}"
675 684 fi
676 685 fi
677 686
678 687 # Calculate size of the chroot directory in KB
679 688 CHROOT_SIZE=$(expr "$(du -s "${R}" | awk '{ print $1 }')")
680 689
681 690 # Calculate the amount of needed 512 Byte sectors
682 691 TABLE_SECTORS=$(expr 1 \* 1024 \* 1024 \/ 512)
683 692 FRMW_SECTORS=$(expr 64 \* 1024 \* 1024 \/ 512)
684 693 ROOT_OFFSET=$(expr "${TABLE_SECTORS}" + "${FRMW_SECTORS}")
685 694
686 695 # The root partition is EXT4
687 696 # This means more space than the actual used space of the chroot is used.
688 697 # As overhead for journaling and reserved blocks 35% are added.
689 698 ROOT_SECTORS=$(expr "$(expr "${CHROOT_SIZE}" + "${CHROOT_SIZE}" \/ 100 \* 35)" \* 1024 \/ 512)
690 699
691 700 # Calculate required image size in 512 Byte sectors
692 701 IMAGE_SECTORS=$(expr "${TABLE_SECTORS}" + "${FRMW_SECTORS}" + "${ROOT_SECTORS}")
693 702
694 703 # Prepare image file
695 704 if [ "$ENABLE_SPLITFS" = true ] ; then
696 705 dd if=/dev/zero of="$IMAGE_NAME-frmw.img" bs=512 count="${TABLE_SECTORS}"
697 706 dd if=/dev/zero of="$IMAGE_NAME-frmw.img" bs=512 count=0 seek="${FRMW_SECTORS}"
698 707 dd if=/dev/zero of="$IMAGE_NAME-root.img" bs=512 count="${TABLE_SECTORS}"
699 708 dd if=/dev/zero of="$IMAGE_NAME-root.img" bs=512 count=0 seek="${ROOT_SECTORS}"
700 709
701 710 # Write firmware/boot partition tables
702 711 sfdisk -q -L -uS -f "$IMAGE_NAME-frmw.img" 2> /dev/null <<EOM
703 "${TABLE_SECTORS}","${FRMW_SECTORS}",c,*
712 ${TABLE_SECTORS},${FRMW_SECTORS},c,*
704 713 EOM
705 714
706 715 # Write root partition table
707 716 sfdisk -q -L -uS -f "$IMAGE_NAME-root.img" 2> /dev/null <<EOM
708 "${TABLE_SECTORS}","${ROOT_SECTORS}",83
717 ${TABLE_SECTORS},${ROOT_SECTORS},83
709 718 EOM
710 719
711 720 # Setup temporary loop devices
712 721 FRMW_LOOP="$(losetup -o 1M --sizelimit 64M -f --show "$IMAGE_NAME"-frmw.img)"
713 722 ROOT_LOOP="$(losetup -o 1M -f --show "$IMAGE_NAME"-root.img)"
714 723 else # ENABLE_SPLITFS=false
715 724 dd if=/dev/zero of="$IMAGE_NAME.img" bs=512 count="${TABLE_SECTORS}"
716 725 dd if=/dev/zero of="$IMAGE_NAME.img" bs=512 count=0 seek="${IMAGE_SECTORS}"
717 726
718 727 # Write partition table
719 728 sfdisk -q -L -uS -f "$IMAGE_NAME.img" 2> /dev/null <<EOM
720 "${TABLE_SECTORS}","${FRMW_SECTORS}",c,*
721 "${ROOT_OFFSET}","${ROOT_SECTORS}",83
729 ${TABLE_SECTORS},${FRMW_SECTORS},c,*
730 ${ROOT_OFFSET},${ROOT_SECTORS},83
722 731 EOM
723 732
724 733 # Setup temporary loop devices
725 734 FRMW_LOOP="$(losetup -o 1M --sizelimit 64M -f --show "$IMAGE_NAME".img)"
726 735 ROOT_LOOP="$(losetup -o 65M -f --show "$IMAGE_NAME".img)"
727 736 fi
728 737
729 738 if [ "$ENABLE_CRYPTFS" = true ] ; then
730 739 # Create dummy ext4 fs
731 740 mkfs.ext4 "$ROOT_LOOP"
732 741
733 742 # Setup password keyfile
734 743 touch .password
735 744 chmod 600 .password
736 echo -n "${CRYPTFS_PASSWORD}" > .password
745 echo -n ${CRYPTFS_PASSWORD} > .password
737 746
738 747 # Initialize encrypted partition
739 748 echo "YES" | cryptsetup luksFormat "${ROOT_LOOP}" -c "${CRYPTFS_CIPHER}" -s "${CRYPTFS_XTSKEYSIZE}" .password
740 749
741 750 # Open encrypted partition and setup mapping
742 751 cryptsetup luksOpen "${ROOT_LOOP}" -d .password "${CRYPTFS_MAPPING}"
743 752
744 753 # Secure delete password keyfile
745 754 shred -zu .password
746 755
747 756 # Update temporary loop device
748 757 ROOT_LOOP="/dev/mapper/${CRYPTFS_MAPPING}"
749 758
750 759 # Wipe encrypted partition (encryption cipher is used for randomness)
751 760 dd if=/dev/zero of="${ROOT_LOOP}" bs=512 count="$(blockdev --getsz "${ROOT_LOOP}")"
752 761 fi
753 762
754 763 # Build filesystems
755 764 mkfs.vfat "$FRMW_LOOP"
756 765 mkfs.ext4 "$ROOT_LOOP"
757 766
758 767 # Mount the temporary loop devices
759 768 mkdir -p "$BUILDDIR/mount"
760 769 mount "$ROOT_LOOP" "$BUILDDIR/mount"
761 770
762 771 mkdir -p "$BUILDDIR/mount/boot/firmware"
763 772 mount "$FRMW_LOOP" "$BUILDDIR/mount/boot/firmware"
764 773
765 774 # Copy all files from the chroot to the loop device mount point directory
766 775 rsync -a "${R}/" "$BUILDDIR/mount/"
767 776
768 777 # Unmount all temporary loop devices and mount points
769 778 cleanup
770 779
771 780 # Create block map file(s) of image(s)
772 781 if [ "$ENABLE_SPLITFS" = true ] ; then
773 782 # Create block map files for "bmaptool"
774 783 bmaptool create -o "$IMAGE_NAME-frmw.bmap" "$IMAGE_NAME-frmw.img"
775 784 bmaptool create -o "$IMAGE_NAME-root.bmap" "$IMAGE_NAME-root.img"
776 785
777 786 # Image was successfully created
778 787 echo "$IMAGE_NAME-frmw.img ($(expr \( "${TABLE_SECTORS}" + "${FRMW_SECTORS}" \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
779 788 echo "$IMAGE_NAME-root.img ($(expr \( "${TABLE_SECTORS}" + "${ROOT_SECTORS}" \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
780 789 else
781 790 # Create block map file for "bmaptool"
782 791 bmaptool create -o "$IMAGE_NAME.bmap" "$IMAGE_NAME.img"
783 792
784 793 # Image was successfully created
785 794 echo "$IMAGE_NAME.img ($(expr \( "${TABLE_SECTORS}" + "${FRMW_SECTORS}" + "${ROOT_SECTORS}" \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
786 795
787 796 # Create qemu qcow2 image
788 797 if [ "$ENABLE_QEMU" = true ] ; then
789 798 QEMU_IMAGE=${QEMU_IMAGE:=${BASEDIR}/qemu/${DATE}-${KERNEL_ARCH}-CURRENT-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}}
790 799 QEMU_SIZE=16G
791 800
792 801 qemu-img convert -f raw -O qcow2 "$IMAGE_NAME".img "$QEMU_IMAGE".qcow2
793 802 qemu-img resize "$QEMU_IMAGE".qcow2 $QEMU_SIZE
794 803
795 804 echo "$QEMU_IMAGE.qcow2 ($QEMU_SIZE)" ": successfully created"
796 805 fi
797 806 fi
General Comments 0
Vous devez vous connecter pour laisser un commentaire. Se connecter maintenant