##// END OF EJS Templates
Raspi2-3_GenImage
RSS

Cloner depuis https://github.com/drtyhlpr/rpi23-gen-image.git

add fixes pulled to dirty-master...
Unknown -
r341:c71b9798972e
parent child
Show More
Show file before | Show file after | Hide comments
@@ -1,48 +1,41
1 #!/bin/bash
2 #
1 #
3 # Debootstrap basic system
2 # Debootstrap basic system
4 #
3 #
5
4
6 # Load utility functions
5 # Load utility functions
7 . ./functions.sh
6 . ./functions.sh
8
7
9 VARIANT=""
8 VARIANT=""
10 COMPONENTS="main"
9 COMPONENTS="main"
11 EXCLUDES=""
12
10
13 # Use non-free Debian packages if needed
11 # Use non-free Debian packages if needed
14 if [ "$ENABLE_NONFREE" = true ] ; then
12 if [ "$ENABLE_NONFREE" = true ] ; then
15 COMPONENTS="main,non-free,contrib"
13 COMPONENTS="main,non-free,contrib"
16 fi
14 fi
17
15
18 # Use minbase bootstrap variant which only includes essential packages
16 # Use minbase bootstrap variant which only includes essential packages
19 if [ "$ENABLE_MINBASE" = true ] ; then
17 if [ "$ENABLE_MINBASE" = true ] ; then
20 VARIANT="--variant=minbase"
18 VARIANT="--variant=minbase"
21 fi
19 fi
22
20
23 # Exclude packages if required by Debian release
24 if [ "$RELEASE" = "stretch" ] || [ "$RELEASE" = "buster" ] ; then
25 EXCLUDES="--exclude=init,systemd-sysv"
26 fi
27
28 # Base debootstrap (unpack only)
21 # Base debootstrap (unpack only)
29 http_proxy=${APT_PROXY} debootstrap ${EXCLUDES} --arch="${RELEASE_ARCH}" --foreign ${VARIANT} --components="${COMPONENTS}" --include="${APT_INCLUDES}" "${RELEASE}" "${R}" "http://${APT_SERVER}"
22 http_proxy=${APT_PROXY} debootstrap "${APT_EXCLUDES}" --arch="${RELEASE_ARCH}" --foreign ${VARIANT} --components="${COMPONENTS}" --include="${APT_INCLUDES}" "${RELEASE}" "${R}" "http://${APT_SERVER}"
30
23
31 # Copy qemu emulator binary to chroot
24 # Copy qemu emulator binary to chroot
32 install -m 755 -o root -g root "${QEMU_BINARY}" "${R}${QEMU_BINARY}"
25 install -m 755 -o root -g root "${QEMU_BINARY}" "${R}${QEMU_BINARY}"
33
26
34 # Copy debian-archive-keyring.pgp
27 # Copy debian-archive-keyring.pgp
35 mkdir -p "${R}/usr/share/keyrings"
28 mkdir -p "${R}/usr/share/keyrings"
36 install_readonly /usr/share/keyrings/debian-archive-keyring.gpg "${R}/usr/share/keyrings/debian-archive-keyring.gpg"
29 install_readonly /usr/share/keyrings/debian-archive-keyring.gpg "${R}/usr/share/keyrings/debian-archive-keyring.gpg"
37
30
38 # Complete the bootstrapping process
31 # Complete the bootstrapping process
39 chroot_exec /debootstrap/debootstrap --second-stage
32 chroot_exec /debootstrap/debootstrap --second-stage
40
33
41 # Mount required filesystems
34 # Mount required filesystems
42 mount -t proc none "${R}/proc"
35 mount -t proc none "${R}/proc"
43 mount -t sysfs none "${R}/sys"
36 mount -t sysfs none "${R}/sys"
44
37
45 # Mount pseudo terminal slave if supported by Debian release
38 # Mount pseudo terminal slave if supported by Debian release
46 if [ -d "${R}/dev/pts" ] ; then
39 if [ -d "${R}/dev/pts" ] ; then
47 mount --bind /dev/pts "${R}/dev/pts"
40 mount --bind /dev/pts "${R}/dev/pts"
48 fi
41 fi
Show file before | Show file after | Hide comments
@@ -1,45 +1,39
1 #!/bin/bash
2 #
1 #
3 # Setup APT repositories
2 # Setup APT repositories
4 #
3 #
5
4
6 # Load utility functions
5 # Load utility functions
7 . ./functions.sh
6 . ./functions.sh
8
7
9 # Install and setup APT proxy configuration
8 # Install and setup APT proxy configuration
10 if [ -z "$APT_PROXY" ] ; then
9 if [ -z "$APT_PROXY" ] ; then
11 install_readonly files/apt/10proxy "${ETC_DIR}/apt/apt.conf.d/10proxy"
10 install_readonly files/apt/10proxy "${ETC_DIR}/apt/apt.conf.d/10proxy"
12 sed -i "s/\"\"/\"${APT_PROXY}\"/" "${ETC_DIR}/apt/apt.conf.d/10proxy"
11 sed -i "s/\"\"/\"${APT_PROXY}\"/" "${ETC_DIR}/apt/apt.conf.d/10proxy"
13 fi
12 fi
14
13
15 if [ "$BUILD_KERNEL" = false ] ; then
14 if [ "$BUILD_KERNEL" = false ] ; then
16 echo "Downloading precompiled kernel"
15 echo "Downloading precompiled kernel"
17 echo "error: not configured"
16 echo "error: not configured"
18 exit 1;
17 exit 1;
19 # BUILD_KERNEL=true
18 # BUILD_KERNEL=true
20 else
19 else
21 echo "No precompiled kernel repositories were added"
20 echo "No precompiled kernel repositories were added"
22 fi
21 fi
23
22
24 #ipinfo=$(curl ipinfo.io | grep country )
25 #grep -o '\"[^"]*\"' $ipinfo | tr -d '"'
26 #grep -Po '"country":.*?[^\\]",' $(curl ipinfo.io | grep country )
27 #sed -i "s,http:,https:,g" "${ETC_DIR}/apt/sources.list"
28
29 # Upgrade package index and update all installed packages and changed dependencies
23 # Upgrade package index and update all installed packages and changed dependencies
30 chroot_exec apt-get -qq -y update
24 chroot_exec apt-get -qq -y update
31 chroot_exec apt-get -qq -y -u dist-upgrade
25 chroot_exec apt-get -qq -y -u dist-upgrade
32
26
33 if [ "$APT_INCLUDES_LATE" ] ; then
27 if [ "$APT_INCLUDES_LATE" ] ; then
34 chroot_exec apt-get -qq -y install "$(echo "$APT_INCLUDES_LATE" |tr , ' ')"
28 chroot_exec apt-get -qq -y install "$(echo "$APT_INCLUDES_LATE" |tr , ' ')"
35 fi
29 fi
36
30
37 if [ -d packages ] ; then
31 if [ -d packages ] ; then
38 for package in packages/*.deb ; do
32 for package in packages/*.deb ; do
39 cp "$package" "${R}"/tmp
33 cp "$package" "${R}"/tmp
40 chroot_exec dpkg --unpack /tmp/"$(basename "$package")"
34 chroot_exec dpkg --unpack /tmp/"$(basename "$package")"
41 done
35 done
42 fi
36 fi
43 chroot_exec apt-get -qq -y -f install
37 chroot_exec apt-get -qq -y -f install
44
38
45 chroot_exec apt-get -qq -y check
39 chroot_exec apt-get -qq -y check
Show file before | Show file after | Hide comments
@@ -1,60 +1,58
1 #!/bin/bash
2 #
1 #
3 # Setup Locales and keyboard settings
2 # Setup Locales and keyboard settings
4 #
3 #
5
4
6 # Load utility functions
5 # Load utility functions
7 . ./functions.sh
6 . ./functions.sh
8
7
9 # Install and setup timezone
8 # Install and setup timezone
10 echo "${TIMEZONE}" > "${ETC_DIR}/timezone"
9 echo "${TIMEZONE}" > "${ETC_DIR}/timezone"
11 chroot_exec dpkg-reconfigure -f noninteractive tzdata
10 chroot_exec dpkg-reconfigure -f noninteractive tzdata
12
11
13 # Install and setup default locale and keyboard configuration
12 # Install and setup default locale and keyboard configuration
14
15 if [ "$(echo "$APT_INCLUDES" | grep ",locales")" ] ; then
13 if [ "$(echo "$APT_INCLUDES" | grep ",locales")" ] ; then
16 # Set locale choice in debconf db, even though dpkg-reconfigure ignores and overwrites them due to some bug
14 # Set locale choice in debconf db, even though dpkg-reconfigure ignores and overwrites them due to some bug
17 # https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=684134 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=685957
15 # https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=684134 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=685957
18 # ... so we have to set locales manually
16 # ... so we have to set locales manually
19 if [ "$DEFLOCAL" = "en_US.UTF-8" ] ; then
17 if [ "$DEFLOCAL" = "en_US.UTF-8" ] ; then
20 chroot_exec echo "locales locales/locales_to_be_generated multiselect ${DEFLOCAL} UTF-8" | debconf-set-selections
18 chroot_exec echo "locales locales/locales_to_be_generated multiselect ${DEFLOCAL} UTF-8" | debconf-set-selections
21 else
19 else
22 # en_US.UTF-8 should be available anyway : https://www.debian.org/doc/manuals/debian-reference/ch08.en.html#_the_reconfiguration_of_the_locale
20 # en_US.UTF-8 should be available anyway : https://www.debian.org/doc/manuals/debian-reference/ch08.en.html#_the_reconfiguration_of_the_locale
23 chroot_exec echo "locales locales/locales_to_be_generated multiselect en_US.UTF-8 UTF-8, ${DEFLOCAL} UTF-8" | debconf-set-selections
21 chroot_exec echo "locales locales/locales_to_be_generated multiselect en_US.UTF-8 UTF-8, ${DEFLOCAL} UTF-8" | debconf-set-selections
24 sed -i "/en_US.UTF-8/s/^#//" "${ETC_DIR}/locale.gen"
22 sed -i "/en_US.UTF-8/s/^#//" "${ETC_DIR}/locale.gen"
25 fi
23 fi
26
24
27 sed -i "/${DEFLOCAL}/s/^#//" "${ETC_DIR}/locale.gen"
25 sed -i "/${DEFLOCAL}/s/^#//" "${ETC_DIR}/locale.gen"
28 chroot_exec echo "locales locales/default_environment_locale select ${DEFLOCAL}" | debconf-set-selections
26 chroot_exec echo "locales locales/default_environment_locale select ${DEFLOCAL}" | debconf-set-selections
29 chroot_exec locale-gen
27 chroot_exec locale-gen
30 chroot_exec update-locale LANG="${DEFLOCAL}"
28 chroot_exec update-locale LANG="${DEFLOCAL}"
31
29
32 # Install and setup default keyboard configuration
30 # Install and setup default keyboard configuration
33 if [ "$XKB_MODEL" != "pc105" ] ; then
31 if [ "$XKB_MODEL" != "pc105" ] ; then
34 sed -i "s/^XKBMODEL.*/XKBMODEL=\"${XKB_MODEL}\"/" "${ETC_DIR}/default/keyboard"
32 sed -i "s/^XKBMODEL.*/XKBMODEL=\"${XKB_MODEL}\"/" "${ETC_DIR}/default/keyboard"
35 fi
33 fi
36 if [ "$XKB_LAYOUT" != "us" ] ; then
34 if [ "$XKB_LAYOUT" != "us" ] ; then
37 sed -i "s/^XKBLAYOUT.*/XKBLAYOUT=\"${XKB_LAYOUT}\"/" "${ETC_DIR}/default/keyboard"
35 sed -i "s/^XKBLAYOUT.*/XKBLAYOUT=\"${XKB_LAYOUT}\"/" "${ETC_DIR}/default/keyboard"
38 fi
36 fi
39 if [ "$XKB_VARIANT" != "" ] ; then
37 if [ "$XKB_VARIANT" != "" ] ; then
40 sed -i "s/^XKBVARIANT.*/XKBVARIANT=\"${XKB_VARIANT}\"/" "${ETC_DIR}/default/keyboard"
38 sed -i "s/^XKBVARIANT.*/XKBVARIANT=\"${XKB_VARIANT}\"/" "${ETC_DIR}/default/keyboard"
41 fi
39 fi
42 if [ "$XKB_OPTIONS" != "" ] ; then
40 if [ "$XKB_OPTIONS" != "" ] ; then
43 sed -i "s/^XKBOPTIONS.*/XKBOPTIONS=\"${XKB_OPTIONS}\"/" "${ETC_DIR}/default/keyboard"
41 sed -i "s/^XKBOPTIONS.*/XKBOPTIONS=\"${XKB_OPTIONS}\"/" "${ETC_DIR}/default/keyboard"
44 fi
42 fi
45 chroot_exec dpkg-reconfigure -f noninteractive keyboard-configuration
43 chroot_exec dpkg-reconfigure -f noninteractive keyboard-configuration
46
44
47 # Install and setup font console
45 # Install and setup font console
48 case "${DEFLOCAL}" in
46 case "${DEFLOCAL}" in
49 *UTF-8)
47 *UTF-8)
50 sed -i 's/^CHARMAP.*/CHARMAP="UTF-8"/' "${ETC_DIR}/default/console-setup"
48 sed -i 's/^CHARMAP.*/CHARMAP="UTF-8"/' "${ETC_DIR}/default/console-setup"
51 ;;
49 ;;
52 *)
50 *)
53 sed -i 's/^CHARMAP.*/CHARMAP="guess"/' "${ETC_DIR}/default/console-setup"
51 sed -i 's/^CHARMAP.*/CHARMAP="guess"/' "${ETC_DIR}/default/console-setup"
54 ;;
52 ;;
55 esac
53 esac
56 chroot_exec dpkg-reconfigure -f noninteractive console-setup
54 chroot_exec dpkg-reconfigure -f noninteractive console-setup
57 else # (no locales were installed)
55 else # (no locales were installed)
58 # Install POSIX default locale
56 # Install POSIX default locale
59 install_readonly files/locales/locale "${ETC_DIR}/default/locale"
57 install_readonly files/locales/locale "${ETC_DIR}/default/locale"
60 fi
58 fi
Show file before | Show file after | Hide comments
@@ -1,265 +1,265
1 #!/bin/bash
2 #
1 #
3 # Build and Setup RPi2/3 Kernel
2 # Build and Setup RPi2/3 Kernel
4 #
3 #
5
4
6 # Load utility functions
5 # Load utility functions
7 . ./functions.sh
6 . ./functions.sh
8
7
9 # Fetch and build latest raspberry kernel
8 # Fetch and build latest raspberry kernel
10 if [ "$BUILD_KERNEL" = true ] ; then
9 if [ "$BUILD_KERNEL" = true ] ; then
11 # Setup source directory
10 # Setup source directory
12 mkdir -p "${R}/usr/src/linux"
11 mkdir -p "${R}/usr/src/linux"
13
12
14 # Copy existing kernel sources into chroot directory
13 # Copy existing kernel sources into chroot directory
15 if [ -n "$KERNELSRC_DIR" ] && [ -d "$KERNELSRC_DIR" ] ; then
14 if [ -n "$KERNELSRC_DIR" ] && [ -d "$KERNELSRC_DIR" ] ; then
16 # Copy kernel sources and include hidden files
15 # Copy kernel sources and include hidden files
17 cp -r "${KERNELSRC_DIR}/". "${R}/usr/src/linux"
16 cp -r "${KERNELSRC_DIR}/". "${R}/usr/src/linux"
18
17
19 # Clean the kernel sources
18 # Clean the kernel sources
20 if [ "$KERNELSRC_CLEAN" = true ] && [ "$KERNELSRC_PREBUILT" = false ] ; then
19 if [ "$KERNELSRC_CLEAN" = true ] && [ "$KERNELSRC_PREBUILT" = false ] ; then
21 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" mrproper
20 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" mrproper
22 fi
21 fi
23 else # KERNELSRC_DIR=""
22 else # KERNELSRC_DIR=""
24 # Create temporary directory for kernel sources
23 # Create temporary directory for kernel sources
25 temp_dir=$(as_nobody mktemp -d)
24 temp_dir=$(as_nobody mktemp -d)
26
25
27 # Fetch current RPi2/3 kernel sources
26 # Fetch current RPi2/3 kernel sources
28 if [ -z "${KERNEL_BRANCH}" ] ; then
27 if [ -z "${KERNEL_BRANCH}" ] ; then
29 as_nobody -H git -C "${temp_dir}" clone --depth=1 "${KERNEL_URL}" linux
28 as_nobody -H git -C "${temp_dir}" clone --depth=1 "${KERNEL_URL}" linux
30 else
29 else
31 as_nobody -H git -C "${temp_dir}" clone --depth=1 --branch "${KERNEL_BRANCH}" "${KERNEL_URL}" linux
30 as_nobody -H git -C "${temp_dir}" clone --depth=1 --branch "${KERNEL_BRANCH}" "${KERNEL_URL}" linux
32 fi
31 fi
33
32
34 # Copy downloaded kernel sources
33 # Copy downloaded kernel sources
35 cp -r "${temp_dir}/linux/"* "${R}/usr/src/linux/"
34 cp -r "${temp_dir}/linux/"* "${R}/usr/src/linux/"
36
35
37 # Remove temporary directory for kernel sources
36 # Remove temporary directory for kernel sources
38 rm -fr "${temp_dir}"
37 rm -fr "${temp_dir}"
39
38
40 # Set permissions of the kernel sources
39 # Set permissions of the kernel sources
41 chown -R root:root "${R}/usr/src"
40 chown -R root:root "${R}/usr/src"
42 fi
41 fi
43
42
44 # Calculate optimal number of kernel building threads
43 # Calculate optimal number of kernel building threads
45 if [ "$KERNEL_THREADS" = "1" ] && [ -r /proc/cpuinfo ] ; then
44 if [ "$KERNEL_THREADS" = "1" ] && [ -r /proc/cpuinfo ] ; then
46 KERNEL_THREADS=$(grep -c processor /proc/cpuinfo)
45 KERNEL_THREADS=$(grep -c processor /proc/cpuinfo)
47 fi
46 fi
48
47
49 # Configure and build kernel
48 # Configure and build kernel
50 if [ "$KERNELSRC_PREBUILT" = false ] ; then
49 if [ "$KERNELSRC_PREBUILT" = false ] ; then
51 # Remove device, network and filesystem drivers from kernel configuration
50 # Remove device, network and filesystem drivers from kernel configuration
52 if [ "$KERNEL_REDUCE" = true ] ; then
51 if [ "$KERNEL_REDUCE" = true ] ; then
53 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" "${KERNEL_DEFCONFIG}"
52 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" "${KERNEL_DEFCONFIG}"
54 sed -i\
53 sed -i\
55 -e "s/\(^CONFIG_SND.*\=\).*/\1n/"\
54 -e "s/\(^CONFIG_SND.*\=\).*/\1n/"\
56 -e "s/\(^CONFIG_SOUND.*\=\).*/\1n/"\
55 -e "s/\(^CONFIG_SOUND.*\=\).*/\1n/"\
57 -e "s/\(^CONFIG_AC97.*\=\).*/\1n/"\
56 -e "s/\(^CONFIG_AC97.*\=\).*/\1n/"\
58 -e "s/\(^CONFIG_VIDEO_.*\=\).*/\1n/"\
57 -e "s/\(^CONFIG_VIDEO_.*\=\).*/\1n/"\
59 -e "s/\(^CONFIG_MEDIA_TUNER.*\=\).*/\1n/"\
58 -e "s/\(^CONFIG_MEDIA_TUNER.*\=\).*/\1n/"\
60 -e "s/\(^CONFIG_DVB.*\=\)[ym]/\1n/"\
59 -e "s/\(^CONFIG_DVB.*\=\)[ym]/\1n/"\
61 -e "s/\(^CONFIG_REISERFS.*\=\).*/\1n/"\
60 -e "s/\(^CONFIG_REISERFS.*\=\).*/\1n/"\
62 -e "s/\(^CONFIG_JFS.*\=\).*/\1n/"\
61 -e "s/\(^CONFIG_JFS.*\=\).*/\1n/"\
63 -e "s/\(^CONFIG_XFS.*\=\).*/\1n/"\
62 -e "s/\(^CONFIG_XFS.*\=\).*/\1n/"\
64 -e "s/\(^CONFIG_GFS2.*\=\).*/\1n/"\
63 -e "s/\(^CONFIG_GFS2.*\=\).*/\1n/"\
65 -e "s/\(^CONFIG_OCFS2.*\=\).*/\1n/"\
64 -e "s/\(^CONFIG_OCFS2.*\=\).*/\1n/"\
66 -e "s/\(^CONFIG_BTRFS.*\=\).*/\1n/"\
65 -e "s/\(^CONFIG_BTRFS.*\=\).*/\1n/"\
67 -e "s/\(^CONFIG_HFS.*\=\).*/\1n/"\
66 -e "s/\(^CONFIG_HFS.*\=\).*/\1n/"\
68 -e "s/\(^CONFIG_JFFS2.*\=\)[ym]/\1n/"\
67 -e "s/\(^CONFIG_JFFS2.*\=\)[ym]/\1n/"\
69 -e "s/\(^CONFIG_UBIFS.*\=\).*/\1n/"\
68 -e "s/\(^CONFIG_UBIFS.*\=\).*/\1n/"\
70 -e "s/\(^CONFIG_SQUASHFS.*\=\)[ym]/\1n/"\
69 -e "s/\(^CONFIG_SQUASHFS.*\=\)[ym]/\1n/"\
71 -e "s/\(^CONFIG_W1.*\=\)[ym]/\1n/"\
70 -e "s/\(^CONFIG_W1.*\=\)[ym]/\1n/"\
72 -e "s/\(^CONFIG_HAMRADIO.*\=\).*/\1n/"\
71 -e "s/\(^CONFIG_HAMRADIO.*\=\).*/\1n/"\
73 -e "s/\(^CONFIG_CAN.*\=\).*/\1n/"\
72 -e "s/\(^CONFIG_CAN.*\=\).*/\1n/"\
74 -e "s/\(^CONFIG_IRDA.*\=\).*/\1n/"\
73 -e "s/\(^CONFIG_IRDA.*\=\).*/\1n/"\
75 -e "s/\(^CONFIG_BT_.*\=\).*/\1n/"\
74 -e "s/\(^CONFIG_BT_.*\=\).*/\1n/"\
76 -e "s/\(^CONFIG_WIMAX.*\=\)[ym]/\1n/"\
75 -e "s/\(^CONFIG_WIMAX.*\=\)[ym]/\1n/"\
77 -e "s/\(^CONFIG_6LOWPAN.*\=\).*/\1n/"\
76 -e "s/\(^CONFIG_6LOWPAN.*\=\).*/\1n/"\
78 -e "s/\(^CONFIG_IEEE802154.*\=\).*/\1n/"\
77 -e "s/\(^CONFIG_IEEE802154.*\=\).*/\1n/"\
79 -e "s/\(^CONFIG_NFC.*\=\).*/\1n/"\
78 -e "s/\(^CONFIG_NFC.*\=\).*/\1n/"\
80 -e "s/\(^CONFIG_FB_TFT=.*\=\).*/\1n/"\
79 -e "s/\(^CONFIG_FB_TFT=.*\=\).*/\1n/"\
81 -e "s/\(^CONFIG_TOUCHSCREEN.*\=\).*/\1n/"\
80 -e "s/\(^CONFIG_TOUCHSCREEN.*\=\).*/\1n/"\
82 -e "s/\(^CONFIG_USB_GSPCA_.*\=\).*/\1n/"\
81 -e "s/\(^CONFIG_USB_GSPCA_.*\=\).*/\1n/"\
83 -e "s/\(^CONFIG_DRM.*\=\).*/\1n/"\
82 -e "s/\(^CONFIG_DRM.*\=\).*/\1n/"\
84 "${KERNEL_DIR}/.config"
83 "${KERNEL_DIR}/.config"
85 fi
84 fi
86
85
87 if [ "$KERNELSRC_CONFIG" = true ] ; then
86 if [ "$KERNELSRC_CONFIG" = true ] ; then
88 # Load default raspberry kernel configuration
87 # Load default raspberry kernel configuration
89 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" "${KERNEL_DEFCONFIG}"
88 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" "${KERNEL_DEFCONFIG}"
90
89
91 # Set kernel configuration parameters to enable qemu emulation
90 # Set kernel configuration parameters to enable qemu emulation
92 if [ "$ENABLE_QEMU" = true ] ; then
91 if [ "$ENABLE_QEMU" = true ] ; then
93 echo "CONFIG_FHANDLE=y" >> "${KERNEL_DIR}"/.config
92 echo "CONFIG_FHANDLE=y" >> "${KERNEL_DIR}"/.config
94 echo "CONFIG_LBDAF=y" >> "${KERNEL_DIR}"/.config
93 echo "CONFIG_LBDAF=y" >> "${KERNEL_DIR}"/.config
95
94
96 if [ "$ENABLE_CRYPTFS" = true ] ; then
95 if [ "$ENABLE_CRYPTFS" = true ] ; then
97 {
96 {
98 echo "CONFIG_EMBEDDED=y"
97 echo "CONFIG_EMBEDDED=y"
99 echo "CONFIG_EXPERT=y"
98 echo "CONFIG_EXPERT=y"
100 echo "CONFIG_DAX=y"
99 echo "CONFIG_DAX=y"
101 echo "CONFIG_MD=y"
100 echo "CONFIG_MD=y"
102 echo "CONFIG_BLK_DEV_MD=y"
101 echo "CONFIG_BLK_DEV_MD=y"
103 echo "CONFIG_MD_AUTODETECT=y"
102 echo "CONFIG_MD_AUTODETECT=y"
104 echo "CONFIG_BLK_DEV_DM=y"
103 echo "CONFIG_BLK_DEV_DM=y"
105 echo "CONFIG_BLK_DEV_DM_BUILTIN=y"
104 echo "CONFIG_BLK_DEV_DM_BUILTIN=y"
106 echo "CONFIG_DM_CRYPT=y"
105 echo "CONFIG_DM_CRYPT=y"
107 echo "CONFIG_CRYPTO_BLKCIPHER=y"
106 echo "CONFIG_CRYPTO_BLKCIPHER=y"
108 echo "CONFIG_CRYPTO_CBC=y"
107 echo "CONFIG_CRYPTO_CBC=y"
109 echo "CONFIG_CRYPTO_XTS=y"
108 echo "CONFIG_CRYPTO_XTS=y"
110 echo "CONFIG_CRYPTO_SHA512=y"
109 echo "CONFIG_CRYPTO_SHA512=y"
111 echo "CONFIG_CRYPTO_MANAGER=y"
110 echo "CONFIG_CRYPTO_MANAGER=y"
112 } >> "${KERNEL_DIR}"/.config
111 } >> ${KERNEL_DIR}/.config
113 fi
112 fi
114 fi
113 fi
115
114
116 # Copy custom kernel configuration file
115 # Copy custom kernel configuration file
117 if [ -n "$KERNELSRC_USRCONFIG" ] ; then
116 if [ -n "$KERNELSRC_USRCONFIG" ] ; then
118 cp "$KERNELSRC_USRCONFIG" "${KERNEL_DIR}"/.config
117 cp "$KERNELSRC_USRCONFIG" "${KERNEL_DIR}"/.config
119 fi
118 fi
120
119
121 # Set kernel configuration parameters to their default values
120 # Set kernel configuration parameters to their default values
122 if [ "$KERNEL_OLDDEFCONFIG" = true ] ; then
121 if [ "$KERNEL_OLDDEFCONFIG" = true ] ; then
123 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" olddefconfig
122 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" olddefconfig
124 fi
123 fi
125
124
126 # Start menu-driven kernel configuration (interactive)
125 # Start menu-driven kernel configuration (interactive)
127 if [ "$KERNEL_MENUCONFIG" = true ] ; then
126 if [ "$KERNEL_MENUCONFIG" = true ] ; then
128 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" menuconfig
127 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" menuconfig
129 fi
128 fi
130 fi
129 fi
131
130
132 # Use ccache to cross compile the kernel
131 # Use ccache to cross compile the kernel
133 if [ "$KERNEL_CCACHE" = true ] ; then
132 if [ "$KERNEL_CCACHE" = true ] ; then
134 cc="ccache ${CROSS_COMPILE}gcc"
133 cc="ccache ${CROSS_COMPILE}gcc"
135 else
134 else
136 cc="${CROSS_COMPILE}gcc"
135 cc="${CROSS_COMPILE}gcc"
137 fi
136 fi
138
137
139 # Cross compile kernel and dtbs
138 # Cross compile kernel and dtbs
140 make -C "${KERNEL_DIR}" -j"${KERNEL_THREADS}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" CC="${cc}" "${KERNEL_BIN_IMAGE}" dtbs
139 make -C "${KERNEL_DIR}" -j"${KERNEL_THREADS}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" CC="${cc}" "${KERNEL_BIN_IMAGE}" dtbs
141
140
142 # Cross compile kernel modules
141 # Cross compile kernel modules
143 if [ "$(grep "CONFIG_MODULES=y" "${KERNEL_DIR}/.config")" ] ; then
142 if [ "$(grep "CONFIG_MODULES=y" "${KERNEL_DIR}/.config")" ] ; then
144 make -C "${KERNEL_DIR}" -j"${KERNEL_THREADS}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" CC="${cc}" modules
143 make -C "${KERNEL_DIR}" -j"${KERNEL_THREADS}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" CC="${cc}" modules
145 fi
144 fi
146 fi
145 fi
147
146
148 # Check if kernel compilation was successful
147 # Check if kernel compilation was successful
149 if [ ! -r "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/${KERNEL_BIN_IMAGE}" ] ; then
148 if [ ! -r "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/${KERNEL_BIN_IMAGE}" ] ; then
150 echo "error: kernel compilation failed! (kernel image not found)"
149 echo "error: kernel compilation failed! (kernel image not found)"
151 cleanup
150 cleanup
152 exit 1
151 exit 1
153 fi
152 fi
154
153
155 # Install kernel modules
154 # Install kernel modules
156 if [ "$ENABLE_REDUCE" = true ] ; then
155 if [ "$ENABLE_REDUCE" = true ] ; then
157 if [ "$(grep "CONFIG_MODULES=y" "${KERNEL_DIR}/.config")" ] ; then
156 if [ "$(grep "CONFIG_MODULES=y" "${KERNEL_DIR}/.config")" ] ; then
158 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_MOD_STRIP=1 INSTALL_MOD_PATH=../../.. modules_install
157 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_MOD_STRIP=1 INSTALL_MOD_PATH=../../.. modules_install
159 fi
158 fi
160 else
159 else
161 if [ "$(grep "CONFIG_MODULES=y" "${KERNEL_DIR}/.config")" ] ; then
160 if [ "$(grep "CONFIG_MODULES=y" "${KERNEL_DIR}/.config")" ] ; then
162 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_MOD_PATH=../../.. modules_install
161 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_MOD_PATH=../../.. modules_install
163 fi
162 fi
164
163
165 # Install kernel firmware
164 # Install kernel firmware
166 if [ "$(grep "^firmware_install:" "${KERNEL_DIR}/Makefile")" ] ; then
165 if [ "$(grep "^firmware_install:" "${KERNEL_DIR}/Makefile")" ] ; then
167 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_FW_PATH=../../../lib firmware_install
166 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_FW_PATH=../../../lib firmware_install
168 fi
167 fi
169 fi
168 fi
170
169
171 # Install kernel headers
170 # Install kernel headers
172 if [ "$KERNEL_HEADERS" = true ] && [ "$KERNEL_REDUCE" = false ] ; then
171 if [ "$KERNEL_HEADERS" = true ] && [ "$KERNEL_REDUCE" = false ] ; then
173 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_HDR_PATH=../.. headers_install
172 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_HDR_PATH=../.. headers_install
174 fi
173 fi
175 # make tar.gz kernel package - missing os bzw. modules
174 # make tar.gz kernel package - missing os bzw. modules
176 #** ** ** WARNING ** ** **
175 #** ** ** WARNING ** ** **
177 #Your architecture did not define any architecture-dependent files
176 #Your architecture did not define any architecture-dependent files
178 #to be placed into the tarball. Please add those to ./scripts/package/buildtar .
177 #to be placed into the tarball. Please add those to ./scripts/package/buildtar .
179 # make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" CC="${cc}" targz-pkg
178 # make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" CC="${cc}" targz-pkg
180
179
181 # Prepare boot (firmware) directory
180 # Prepare boot (firmware) directory
182 mkdir "${BOOT_DIR}"
181 mkdir "${BOOT_DIR}"
183
182
184 # Get kernel release version
183 # Get kernel release version
185 KERNEL_VERSION=$(cat "${KERNEL_DIR}/include/config/kernel.release")
184 KERNEL_VERSION=$(cat "${KERNEL_DIR}/include/config/kernel.release")
186
185
187 # Copy kernel configuration file to the boot directory
186 # Copy kernel configuration file to the boot directory
188 install_readonly "${KERNEL_DIR}/.config" "${R}/boot/config-${KERNEL_VERSION}"
187 install_readonly "${KERNEL_DIR}/.config" "${R}/boot/config-${KERNEL_VERSION}"
189
188
190 # Prepare device tree directory
189 # Prepare device tree directory
191 mkdir "${BOOT_DIR}/overlays"
190 mkdir "${BOOT_DIR}/overlays"
192
191
193 # Ensure the proper .dtb is located
192 # Ensure the proper .dtb is located
194 if [ "$KERNEL_ARCH" = "arm" ] ; then
193 if [ "$KERNEL_ARCH" = "arm" ] ; then
195 for dtb in "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/"*.dtb ; do
194 for dtb in "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/"*.dtb ; do
196 if [ -f "${dtb}" ] ; then
195 if [ -f "${dtb}" ] ; then
197 install_readonly "${dtb}" "${BOOT_DIR}/"
196 install_readonly "${dtb}" "${BOOT_DIR}/"
198 fi
197 fi
199 done
198 done
200 else
199 else
201 for dtb in "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/broadcom/"*.dtb ; do
200 for dtb in "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/broadcom/"*.dtb ; do
202 if [ -f "${dtb}" ] ; then
201 if [ -f "${dtb}" ] ; then
203 install_readonly "${dtb}" "${BOOT_DIR}/"
202 install_readonly "${dtb}" "${BOOT_DIR}/"
204 fi
203 fi
205 done
204 done
206 fi
205 fi
207
206
208 # Copy compiled dtb device tree files
207 # Copy compiled dtb device tree files
209 if [ -d "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays" ] ; then
208 if [ -d "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays" ] ; then
210 for dtb in "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays/"*.dtb ; do
209 for dtb in "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays/"*.dtb ; do
211 if [ -f "${dtb}" ] ; then
210 if [ -f "${dtb}" ] ; then
212 install_readonly "${dtb}" "${BOOT_DIR}/overlays/"
211 install_readonly "${dtb}" "${BOOT_DIR}/overlays/"
213 fi
212 fi
214 done
213 done
215
214
216 if [ -f "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays/README" ] ; then
215 if [ -f "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays/README" ] ; then
217 install_readonly "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays/README" "${BOOT_DIR}/overlays/README"
216 install_readonly "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays/README" "${BOOT_DIR}/overlays/README"
218 fi
217 fi
219 fi
218 fi
220
219
221 if [ "$ENABLE_UBOOT" = false ] ; then
220 if [ "$ENABLE_UBOOT" = false ] ; then
222 # Convert and copy kernel image to the boot directory
221 # Convert and copy kernel image to the boot directory
223 "${KERNEL_DIR}/scripts/mkknlimg" "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/${KERNEL_BIN_IMAGE}" "${BOOT_DIR}/${KERNEL_IMAGE}"
222 "${KERNEL_DIR}/scripts/mkknlimg" "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/${KERNEL_BIN_IMAGE}" "${BOOT_DIR}/${KERNEL_IMAGE}"
224 else
223 else
225 # Copy kernel image to the boot directory
224 # Copy kernel image to the boot directory
226 install_readonly "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/${KERNEL_BIN_IMAGE}" "${BOOT_DIR}/${KERNEL_IMAGE}"
225 install_readonly "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/${KERNEL_BIN_IMAGE}" "${BOOT_DIR}/${KERNEL_IMAGE}"
227 fi
226 fi
228
227
229 # Remove kernel sources
228 # Remove kernel sources
230 if [ "$KERNEL_REMOVESRC" = true ] ; then
229 if [ "$KERNEL_REMOVESRC" = true ] ; then
231 rm -fr "${KERNEL_DIR}"
230 rm -fr "${KERNEL_DIR}"
232 else
231 else
233 # Prepare compiled kernel modules
232 # Prepare compiled kernel modules
234 if [ "$(grep "CONFIG_MODULES=y" "${KERNEL_DIR}/.config")" ] ; then
233 if [ "$(grep "CONFIG_MODULES=y" "${KERNEL_DIR}/.config")" ] ; then
235 if [ "$(grep "^modules_prepare:" "${KERNEL_DIR}/Makefile")" ] ; then
234 if [ "$(grep "^modules_prepare:" "${KERNEL_DIR}/Makefile")" ] ; then
236 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" modules_prepare
235 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" modules_prepare
237 fi
236 fi
238
237
239 # Create symlinks for kernel modules
238 # Create symlinks for kernel modules
240 chroot_exec ln -sf /usr/src/linux "/lib/modules/${KERNEL_VERSION}/build"
239 chroot_exec ln -sf /usr/src/linux "/lib/modules/${KERNEL_VERSION}/build"
241 chroot_exec ln -sf /usr/src/linux "/lib/modules/${KERNEL_VERSION}/source"
240 chroot_exec ln -sf /usr/src/linux "/lib/modules/${KERNEL_VERSION}/source"
242 fi
241 fi
243 fi
242 fi
244 elif [ "$BUILD_KERNEL" = false ] ; then
243
244 else # BUILD_KERNEL=false
245 echo " Install precompiled kernel..."
245 echo " Install precompiled kernel..."
246 echo "error: not implemented"
246 echo "error: not implemented"
247 # Check if kernel installation was successful
247 # Check if kernel installation was successful
248 VMLINUZ="$(ls -1 "${R}"/boot/vmlinuz-* | sort | tail -n 1)"
248 VMLINUZ="$(ls -1 "${R}"/boot/vmlinuz-* | sort | tail -n 1)"
249 if [ -z "$VMLINUZ" ] ; then
249 if [ -z "$VMLINUZ" ] ; then
250 echo "error: kernel installation failed! (/boot/vmlinuz-* not found)"
250 echo "error: kernel installation failed! (/boot/vmlinuz-* not found)"
251 cleanup
251 cleanup
252 exit 1
252 exit 1
253 fi
253 fi
254 # Copy vmlinuz kernel to the boot directory
254 # Copy vmlinuz kernel to the boot directory
255 install_readonly "${VMLINUZ}" "${BOOT_DIR}/${KERNEL_IMAGE}"
255 install_readonly "${VMLINUZ}" "${BOOT_DIR}/${KERNEL_IMAGE}"
256
256
257 if [ "$SET_ARCH" = 64 ] ; then
257 if [ "$SET_ARCH" = 64 ] ; then
258 echo "Using precompiled arm64 kernel"
258 echo "Using precompiled arm64 kernel"
259 else
259 else
260 echo "error: no precompiled arm64 (bcmrpi3) kernel found"
260 echo "error: no precompiled arm64 (bcmrpi3) kernel found"
261 exit 1
261 exit 1
262 # inset precompiled 64 bit kernel code here
262 # inset precompiled 64 bit kernel code here
263 fi
263 fi
264 #fi build_kernel=true
264 #fi build_kernel=true
265 fi
265 fi
Show file before | Show file after | Hide comments
@@ -1,66 +1,64
1 #!/bin/bash
2 #
1 #
3 # Setup fstab and initramfs
2 # Setup fstab and initramfs
4 #
3 #
5
4
6 # Load utility functions
5 # Load utility functions
7 . ./functions.sh
6 . ./functions.sh
8
7
9 # Install and setup fstab
8 # Install and setup fstab
10 install_readonly files/mount/fstab "${ETC_DIR}/fstab"
9 install_readonly files/mount/fstab "${ETC_DIR}/fstab"
11
10
12 if [ "$ENABLE_UBOOTUSB" = true ] ; then
11 if [ "$ENABLE_UBOOTUSB" = true ] ; then
13 sed -i "s/mmcblk0p1/sda1/" "${ETC_DIR}/fstab"
12 sed -i "s/mmcblk0p1/sda1/" "${ETC_DIR}/fstab"
14 sed -i "s/mmcblk0p2/sda2/" "${ETC_DIR}/fstab"
13 sed -i "s/mmcblk0p2/sda2/" "${ETC_DIR}/fstab"
15 fi
14 fi
16
15
17 # Add usb/sda disk root partition to fstab
16 # Add usb/sda disk root partition to fstab
18 if [ "$ENABLE_SPLITFS" = true ] && [ "$ENABLE_CRYPTFS" = false ] ; then
17 if [ "$ENABLE_SPLITFS" = true ] && [ "$ENABLE_CRYPTFS" = false ] ; then
19 sed -i "s/mmcblk0p2/sda1/" "${ETC_DIR}/fstab"
18 sed -i "s/mmcblk0p2/sda1/" "${ETC_DIR}/fstab"
20 fi
19 fi
21
20
22 # Add encrypted root partition to fstab and crypttab
21 # Add encrypted root partition to fstab and crypttab
23 if [ "$ENABLE_CRYPTFS" = true ] ; then
22 if [ "$ENABLE_CRYPTFS" = true ] ; then
24 # Replace fstab root partition with encrypted partition mapping
23 # Replace fstab root partition with encrypted partition mapping
25 sed -i "s/mmcblk0p2/mapper\/${CRYPTFS_MAPPING}/" "${ETC_DIR}/fstab"
24 sed -i "s/mmcblk0p2/mapper\/${CRYPTFS_MAPPING}/" "${ETC_DIR}/fstab"
26
25
27 # Add encrypted partition to crypttab and fstab
26 # Add encrypted partition to crypttab and fstab
28 install_readonly files/mount/crypttab "${ETC_DIR}/crypttab"
27 install_readonly files/mount/crypttab "${ETC_DIR}/crypttab"
29 echo "${CRYPTFS_MAPPING} /dev/mmcblk0p2 none luks,initramfs" >> "${ETC_DIR}/crypttab"
28 echo "${CRYPTFS_MAPPING} /dev/mmcblk0p2 none luks,initramfs" >> "${ETC_DIR}/crypttab"
30
29
31 if [ "$ENABLE_SPLITFS" = true ] ; then
30 if [ "$ENABLE_SPLITFS" = true ] ; then
32 # Add usb/sda disk to crypttab
31 # Add usb/sda disk to crypttab
33 sed -i "s/mmcblk0p2/sda1/" "${ETC_DIR}/crypttab"
32 sed -i "s/mmcblk0p2/sda1/" "${ETC_DIR}/crypttab"
34 fi
33 fi
35 fi
34 fi
36
35
37 # Generate initramfs file
36 # Generate initramfs file
38 if [ "$BUILD_KERNEL" = true ] && [ "$ENABLE_INITRAMFS" = true ] ; then
37 if [ "$BUILD_KERNEL" = true ] && [ "$ENABLE_INITRAMFS" = true ] ; then
39 if [ "$ENABLE_CRYPTFS" = true ] ; then
38 if [ "$ENABLE_CRYPTFS" = true ] ; then
40 # Include initramfs scripts to auto expand encrypted root partition
39 # Include initramfs scripts to auto expand encrypted root partition
41 if [ "$EXPANDROOT" = true ] ; then
40 if [ "$EXPANDROOT" = true ] ; then
42 install_exec files/initramfs/expand_encrypted_rootfs "${ETC_DIR}/initramfs-tools/scripts/init-premount/expand_encrypted_rootfs"
41 install_exec files/initramfs/expand_encrypted_rootfs "${ETC_DIR}/initramfs-tools/scripts/init-premount/expand_encrypted_rootfs"
43 install_exec files/initramfs/expand-premount "${ETC_DIR}/initramfs-tools/scripts/local-premount/expand-premount"
42 install_exec files/initramfs/expand-premount "${ETC_DIR}/initramfs-tools/scripts/local-premount/expand-premount"
44 install_exec files/initramfs/expand-tools "${ETC_DIR}/initramfs-tools/hooks/expand-tools"
43 install_exec files/initramfs/expand-tools "${ETC_DIR}/initramfs-tools/hooks/expand-tools"
45 fi
44 fi
46
45
47 # Disable SSHD inside initramfs
46 # Disable SSHD inside initramfs
48 printf "#\n# DROPBEAR: [ y | n ]\n#\n\nDROPBEAR=n\n" >> "${ETC_DIR}/initramfs-tools/initramfs.conf"
47 printf "#\n# DROPBEAR: [ y | n ]\n#\n\nDROPBEAR=n\n" >> "${ETC_DIR}/initramfs-tools/initramfs.conf"
49
48
50 # Add cryptsetup modules to initramfs
49 # Add cryptsetup modules to initramfs
51 printf "#\n# CRYPTSETUP: [ y | n ]\n#\n\nCRYPTSETUP=y\n" >> "${ETC_DIR}/initramfs-tools/conf-hook"
50 printf "#\n# CRYPTSETUP: [ y | n ]\n#\n\nCRYPTSETUP=y\n" >> "${ETC_DIR}/initramfs-tools/conf-hook"
52
51
53 # Dummy mapping required by mkinitramfs
52 # Dummy mapping required by mkinitramfs
54 echo "0 1 crypt $(echo "${CRYPTFS_CIPHER}" | cut -d ':' -f 1) ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff 0 7:0 4096" | chroot_exec dmsetup create "${CRYPTFS_MAPPING}"
53 echo "0 1 crypt $(echo "${CRYPTFS_CIPHER}" | cut -d ':' -f 1) ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff 0 7:0 4096" | chroot_exec dmsetup create "${CRYPTFS_MAPPING}"
55
54
56 # Generate initramfs with encrypted root partition support
55 # Generate initramfs with encrypted root partition support
57 chroot_exec mkinitramfs -o "/boot/firmware/initramfs-${KERNEL_VERSION}" "${KERNEL_VERSION}"
56 chroot_exec mkinitramfs -o "/boot/firmware/initramfs-${KERNEL_VERSION}" "${KERNEL_VERSION}"
58
57
59 # Remove dummy mapping
58 # Remove dummy mapping
60 chroot_exec cryptsetup close "${CRYPTFS_MAPPING}"
59 chroot_exec cryptsetup close "${CRYPTFS_MAPPING}"
61 else
60 else
62 # Generate initramfs without encrypted root partition support
61 # Generate initramfs without encrypted root partition support
63 chroot_exec mkinitramfs -o "/boot/firmware/initramfs-${KERNEL_VERSION}" "${KERNEL_VERSION}"
62 chroot_exec mkinitramfs -o "/boot/firmware/initramfs-${KERNEL_VERSION}" "${KERNEL_VERSION}"
64 fi
63 fi
65 fi
64 fi
66
Show file before | Show file after | Hide comments
@@ -1,162 +1,160
1 #!/bin/bash
2 #
1 #
3 # Setup RPi2/3 config and cmdline
2 # Setup RPi2/3 config and cmdline
4 #
3 #
5
4
6 # Load utility functions
5 # Load utility functions
7 . ./functions.sh
6 . ./functions.sh
8
7
9 if [ "$BUILD_KERNEL" = true ] ; then
8 if [ "$BUILD_KERNEL" = true ] ; then
10 if [ -n "$RPI_FIRMWARE_DIR" ] && [ -d "$RPI_FIRMWARE_DIR" ] ; then
9 if [ -n "$RPI_FIRMWARE_DIR" ] && [ -d "$RPI_FIRMWARE_DIR" ] ; then
11 # Install boot binaries from local directory
10 # Install boot binaries from local directory
12 cp "${RPI_FIRMWARE_DIR}"/boot/bootcode.bin "${BOOT_DIR}"/bootcode.bin
11 cp "${RPI_FIRMWARE_DIR}"/boot/bootcode.bin "${BOOT_DIR}"/bootcode.bin
13 cp "${RPI_FIRMWARE_DIR}"/boot/fixup.dat "${BOOT_DIR}"/fixup.dat
12 cp "${RPI_FIRMWARE_DIR}"/boot/fixup.dat "${BOOT_DIR}"/fixup.dat
14 cp "${RPI_FIRMWARE_DIR}"/boot/fixup_cd.dat "${BOOT_DIR}"/fixup_cd.dat
13 cp "${RPI_FIRMWARE_DIR}"/boot/fixup_cd.dat "${BOOT_DIR}"/fixup_cd.dat
15 cp "${RPI_FIRMWARE_DIR}"/boot/fixup_x.dat "${BOOT_DIR}"/fixup_x.dat
14 cp "${RPI_FIRMWARE_DIR}"/boot/fixup_x.dat "${BOOT_DIR}"/fixup_x.dat
16 cp "${RPI_FIRMWARE_DIR}"/boot/start.elf "${BOOT_DIR}"/start.elf
15 cp "${RPI_FIRMWARE_DIR}"/boot/start.elf "${BOOT_DIR}"/start.elf
17 cp "${RPI_FIRMWARE_DIR}"/boot/start_cd.elf "${BOOT_DIR}"/start_cd.elf
16 cp "${RPI_FIRMWARE_DIR}"/boot/start_cd.elf "${BOOT_DIR}"/start_cd.elf
18 cp "${RPI_FIRMWARE_DIR}"/boot/start_x.elf "${BOOT_DIR}"/start_x.elf
17 cp "${RPI_FIRMWARE_DIR}"/boot/start_x.elf "${BOOT_DIR}"/start_x.elf
19 else
18 else
20 # Create temporary directory for boot binaries
19 # Create temporary directory for boot binaries
21 temp_dir=$(as_nobody mktemp -d)
20 temp_dir=$(as_nobody mktemp -d)
22
21
23 # Install latest boot binaries from raspberry/firmware github
22 # Install latest boot binaries from raspberry/firmware github
24 as_nobody wget -q -O "${temp_dir}/bootcode.bin" "${FIRMWARE_URL}/bootcode.bin"
23 as_nobody wget -q -O "${temp_dir}/bootcode.bin" "${FIRMWARE_URL}/bootcode.bin"
25 as_nobody wget -q -O "${temp_dir}/fixup.dat" "${FIRMWARE_URL}/fixup.dat"
24 as_nobody wget -q -O "${temp_dir}/fixup.dat" "${FIRMWARE_URL}/fixup.dat"
26 as_nobody wget -q -O "${temp_dir}/fixup_cd.dat" "${FIRMWARE_URL}/fixup_cd.dat"
25 as_nobody wget -q -O "${temp_dir}/fixup_cd.dat" "${FIRMWARE_URL}/fixup_cd.dat"
27 as_nobody wget -q -O "${temp_dir}/fixup_x.dat" "${FIRMWARE_URL}/fixup_x.dat"
26 as_nobody wget -q -O "${temp_dir}/fixup_x.dat" "${FIRMWARE_URL}/fixup_x.dat"
28 as_nobody wget -q -O "${temp_dir}/start.elf" "${FIRMWARE_URL}/start.elf"
27 as_nobody wget -q -O "${temp_dir}/start.elf" "${FIRMWARE_URL}/start.elf"
29 as_nobody wget -q -O "${temp_dir}/start_cd.elf" "${FIRMWARE_URL}/start_cd.elf"
28 as_nobody wget -q -O "${temp_dir}/start_cd.elf" "${FIRMWARE_URL}/start_cd.elf"
30 as_nobody wget -q -O "${temp_dir}/start_x.elf" "${FIRMWARE_URL}/start_x.elf"
29 as_nobody wget -q -O "${temp_dir}/start_x.elf" "${FIRMWARE_URL}/start_x.elf"
31
30
32 # Move downloaded boot binaries
31 # Move downloaded boot binaries
33 mv "${temp_dir}/"* "${BOOT_DIR}/"
32 mv "${temp_dir}/"* "${BOOT_DIR}/"
34
33
35 # Remove temporary directory for boot binaries
34 # Remove temporary directory for boot binaries
36 rm -fr "${temp_dir}"
35 rm -fr "${temp_dir}"
37
36
38 # Set permissions of the boot binaries
37 # Set permissions of the boot binaries
39 chown -R root:root "${BOOT_DIR}"
38 chown -R root:root "${BOOT_DIR}"
40 chmod -R 600 "${BOOT_DIR}"
39 chmod -R 600 "${BOOT_DIR}"
41 fi
40 fi
42 fi
41 fi
43
42
44 # Setup firmware boot cmdline
43 # Setup firmware boot cmdline
45 if [ "$ENABLE_UBOOTUSB" = true ] ; then
44 if [ "$ENABLE_UBOOTUSB" = true ] ; then
46 CMDLINE="dwc_otg.lpm_enable=0 root=/dev/sda2 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline rootwait console=tty1"
45 CMDLINE="dwc_otg.lpm_enable=0 root=/dev/sda2 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline rootwait console=tty1"
47 else
46 else
48 if [ "$ENABLE_SPLITFS" = true ] ; then
47 if [ "$ENABLE_SPLITFS" = true ] ; then
49 CMDLINE="dwc_otg.lpm_enable=0 root=/dev/sda1 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline rootwait console=tty1"
48 CMDLINE="dwc_otg.lpm_enable=0 root=/dev/sda1 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline rootwait console=tty1"
50 else
49 else
51 CMDLINE="dwc_otg.lpm_enable=0 root=/dev/mmcblk0p2 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline rootwait console=tty1"
50 CMDLINE="dwc_otg.lpm_enable=0 root=/dev/mmcblk0p2 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline rootwait console=tty1"
52 fi
51 fi
53 fi
52 fi
54
53
55
54
56 # Add encrypted root partition to cmdline.txt
55 # Add encrypted root partition to cmdline.txt
57 if [ "$ENABLE_CRYPTFS" = true ] ; then
56 if [ "$ENABLE_CRYPTFS" = true ] ; then
58 if [ "$ENABLE_SPLITFS" = true ] ; then
57 if [ "$ENABLE_SPLITFS" = true ] ; then
59 CMDLINE=$(echo "${CMDLINE}" | sed "s/sda1/mapper\/${CRYPTFS_MAPPING} cryptdevice=\/dev\/sda1:${CRYPTFS_MAPPING}/")
58 CMDLINE=$(echo "${CMDLINE}" | sed "s/sda1/mapper\/${CRYPTFS_MAPPING} cryptdevice=\/dev\/sda1:${CRYPTFS_MAPPING}/")
60 else
59 else
61 if [ "$ENABLE_UBOOTUSB" = true ] ; then
60 if [ "$ENABLE_UBOOTUSB" = true ] ; then
62 CMDLINE=$(echo "${CMDLINE}" | sed "s/sda2/mapper\/${CRYPTFS_MAPPING} cryptdevice=\/dev\/sda2:${CRYPTFS_MAPPING}/")
61 CMDLINE=$(echo "${CMDLINE}" | sed "s/sda2/mapper\/${CRYPTFS_MAPPING} cryptdevice=\/dev\/sda2:${CRYPTFS_MAPPING}/")
63 else
62 else
64 CMDLINE=$(echo "${CMDLINE}" | sed "s/mmcblk0p2/mapper\/${CRYPTFS_MAPPING} cryptdevice=\/dev\/mmcblk0p2:${CRYPTFS_MAPPING}/")
63 CMDLINE=$(echo "${CMDLINE}" | sed "s/mmcblk0p2/mapper\/${CRYPTFS_MAPPING} cryptdevice=\/dev\/mmcblk0p2:${CRYPTFS_MAPPING}/")
65 fi
64 fi
66 fi
65 fi
67 fi
66 fi
68
67
69 # Add serial console support
68 # Add serial console support
70 if [ "$ENABLE_CONSOLE" = true ] ; then
69 if [ "$ENABLE_CONSOLE" = true ] ; then
71 CMDLINE="${CMDLINE} console=ttyAMA0,115200 kgdboc=ttyAMA0,115200"
70 CMDLINE="${CMDLINE} console=ttyAMA0,115200 kgdboc=ttyAMA0,115200"
72 fi
71 fi
73
72
74 # Remove IPv6 networking support
73 # Remove IPv6 networking support
75 if [ "$ENABLE_IPV6" = false ] ; then
74 if [ "$ENABLE_IPV6" = false ] ; then
76 CMDLINE="${CMDLINE} ipv6.disable=1"
75 CMDLINE="${CMDLINE} ipv6.disable=1"
77 fi
76 fi
78
77
79 # Automatically assign predictable network interface names
78 # Automatically assign predictable network interface names
80 if [ "$ENABLE_IFNAMES" = false ] ; then
79 if [ "$ENABLE_IFNAMES" = false ] ; then
81 CMDLINE="${CMDLINE} net.ifnames=0"
80 CMDLINE="${CMDLINE} net.ifnames=0"
82 else
81 else
83 CMDLINE="${CMDLINE} net.ifnames=1"
82 CMDLINE="${CMDLINE} net.ifnames=1"
84 fi
83 fi
85
84
86 # Set init to systemd if required by Debian release
85 # Set init to systemd if required by Debian release
87 if [ "$RELEASE" = "stretch" ] || [ "$RELEASE" = "buster" ] ; then
86 if [ "$RELEASE" = "stretch" ] || [ "$RELEASE" = "buster" ] ; then
88 CMDLINE="${CMDLINE} init=/bin/systemd"
87 CMDLINE="${CMDLINE} init=/bin/systemd"
89 fi
88 fi
90
89
91 # Install firmware boot cmdline
90 # Install firmware boot cmdline
92 echo "${CMDLINE}" > "${BOOT_DIR}/cmdline.txt"
91 echo "${CMDLINE}" > "${BOOT_DIR}/cmdline.txt"
93
92
94 # Install firmware config
93 # Install firmware config
95 install_readonly files/boot/config.txt "${BOOT_DIR}/config.txt"
94 install_readonly files/boot/config.txt "${BOOT_DIR}/config.txt"
96
95
97 # Setup minimal GPU memory allocation size: 16MB (no X)
96 # Setup minimal GPU memory allocation size: 16MB (no X)
98 if [ "$ENABLE_MINGPU" = true ] ; then
97 if [ "$ENABLE_MINGPU" = true ] ; then
99 echo "gpu_mem=16" >> "${BOOT_DIR}/config.txt"
98 echo "gpu_mem=16" >> "${BOOT_DIR}/config.txt"
100 fi
99 fi
101
100
102 # Setup boot with initramfs
101 # Setup boot with initramfs
103 if [ "$ENABLE_INITRAMFS" = true ] ; then
102 if [ "$ENABLE_INITRAMFS" = true ] ; then
104 echo "initramfs initramfs-${KERNEL_VERSION} followkernel" >> "${BOOT_DIR}/config.txt"
103 echo "initramfs initramfs-${KERNEL_VERSION} followkernel" >> "${BOOT_DIR}/config.txt"
105 fi
104 fi
106
105
107 # Disable RPi3 Bluetooth and restore ttyAMA0 serial device
106 # Disable RPi3 Bluetooth and restore ttyAMA0 serial device
108 if [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then
107 if [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then
109 if [ "$ENABLE_CONSOLE" = true ] && [ "$ENABLE_UBOOT" = false ] ; then
108 if [ "$ENABLE_CONSOLE" = true ] && [ "$ENABLE_UBOOT" = false ] ; then
110 echo "dtoverlay=pi3-disable-bt" >> "${BOOT_DIR}/config.txt"
109 echo "dtoverlay=pi3-disable-bt" >> "${BOOT_DIR}/config.txt"
111 echo "enable_uart=1" >> "${BOOT_DIR}/config.txt"
110 echo "enable_uart=1" >> "${BOOT_DIR}/config.txt"
112 fi
111 fi
113 fi
112 fi
114
113
115 # Create firmware configuration and cmdline symlinks
114 # Create firmware configuration and cmdline symlinks
116 ln -sf firmware/config.txt "${R}/boot/config.txt"
115 ln -sf firmware/config.txt "${R}/boot/config.txt"
117 ln -sf firmware/cmdline.txt "${R}/boot/cmdline.txt"
116 ln -sf firmware/cmdline.txt "${R}/boot/cmdline.txt"
118
117
119 # Install and setup kernel modules to load at boot
118 # Install and setup kernel modules to load at boot
120 mkdir -p "${R}/lib/modules-load.d/"
119 mkdir -p "${R}/lib/modules-load.d/"
121 install_readonly files/modules/rpi2.conf "${R}/lib/modules-load.d/rpi2.conf"
120 install_readonly files/modules/rpi2.conf "${R}/lib/modules-load.d/rpi2.conf"
122
121
123 # Load hardware random module at boot
122 # Load hardware random module at boot
124 if [ "$ENABLE_HWRANDOM" = true ] && [ "$BUILD_KERNEL" = false ] ; then
123 if [ "$ENABLE_HWRANDOM" = true ] && [ "$BUILD_KERNEL" = false ] ; then
125 sed -i "s/^# bcm2708_rng/bcm2708_rng/" "${R}/lib/modules-load.d/rpi2.conf"
124 sed -i "s/^# bcm2708_rng/bcm2708_rng/" "${R}/lib/modules-load.d/rpi2.conf"
126 fi
125 fi
127
126
128 # Load sound module at boot
127 # Load sound module at boot
129 if [ "$ENABLE_SOUND" = true ] ; then
128 if [ "$ENABLE_SOUND" = true ] ; then
130 sed -i "s/^# snd_bcm2835/snd_bcm2835/" "${R}/lib/modules-load.d/rpi2.conf"
129 sed -i "s/^# snd_bcm2835/snd_bcm2835/" "${R}/lib/modules-load.d/rpi2.conf"
131 else
130 else
132 echo "dtparam=audio=off" >> "${BOOT_DIR}/config.txt"
131 echo "dtparam=audio=off" >> "${BOOT_DIR}/config.txt"
133 fi
132 fi
134
133
135 # Enable I2C interface
134 # Enable I2C interface
136 if [ "$ENABLE_I2C" = true ] ; then
135 if [ "$ENABLE_I2C" = true ] ; then
137 echo "dtparam=i2c_arm=on" >> "${BOOT_DIR}/config.txt"
136 echo "dtparam=i2c_arm=on" >> "${BOOT_DIR}/config.txt"
138 sed -i "s/^# i2c-bcm2708/i2c-bcm2708/" "${R}/lib/modules-load.d/rpi2.conf"
137 sed -i "s/^# i2c-bcm2708/i2c-bcm2708/" "${R}/lib/modules-load.d/rpi2.conf"
139 sed -i "s/^# i2c-dev/i2c-dev/" "${R}/lib/modules-load.d/rpi2.conf"
138 sed -i "s/^# i2c-dev/i2c-dev/" "${R}/lib/modules-load.d/rpi2.conf"
140 fi
139 fi
141
140
142 # Enable SPI interface
141 # Enable SPI interface
143 if [ "$ENABLE_SPI" = true ] ; then
142 if [ "$ENABLE_SPI" = true ] ; then
144 echo "dtparam=spi=on" >> "${BOOT_DIR}/config.txt"
143 echo "dtparam=spi=on" >> "${BOOT_DIR}/config.txt"
145 echo "spi-bcm2708" >> "${R}/lib/modules-load.d/rpi2.conf"
144 echo "spi-bcm2708" >> "${R}/lib/modules-load.d/rpi2.conf"
146 if [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ]; then
145 if [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ]; then
147 sed -i "s/spi-bcm2708/spi-bcm2835/" "${R}/lib/modules-load.d/rpi2.conf"
146 sed -i "s/spi-bcm2708/spi-bcm2835/" "${R}/lib/modules-load.d/rpi2.conf"
148 fi
147 fi
149 fi
148 fi
150
149
151 # Disable RPi2/3 under-voltage warnings
150 # Disable RPi2/3 under-voltage warnings
152 if [ -n "$DISABLE_UNDERVOLT_WARNINGS" ] ; then
151 if [ -n "$DISABLE_UNDERVOLT_WARNINGS" ] ; then
153 echo "avoid_warnings=${DISABLE_UNDERVOLT_WARNINGS}" >> "${BOOT_DIR}/config.txt"
152 echo "avoid_warnings=${DISABLE_UNDERVOLT_WARNINGS}" >> "${BOOT_DIR}/config.txt"
154 fi
153 fi
155
154
156 # Install kernel modules blacklist
155 # Install kernel modules blacklist
157 mkdir -p "${ETC_DIR}/modprobe.d/"
156 mkdir -p "${ETC_DIR}/modprobe.d/"
158 install_readonly files/modules/raspi-blacklist.conf "${ETC_DIR}/modprobe.d/raspi-blacklist.conf"
157 install_readonly files/modules/raspi-blacklist.conf "${ETC_DIR}/modprobe.d/raspi-blacklist.conf"
159
158
160 # Install sysctl.d configuration files
159 # Install sysctl.d configuration files
161 install_readonly files/sysctl.d/81-rpi-vm.conf "${ETC_DIR}/sysctl.d/81-rpi-vm.conf"
160 install_readonly files/sysctl.d/81-rpi-vm.conf "${ETC_DIR}/sysctl.d/81-rpi-vm.conf"
162
Show file before | Show file after | Hide comments
@@ -1,135 +1,134
1 #!/bin/bash
2 #
1 #
3 # Setup Networking
2 # Setup Networking
4 #
3 #
5
4
6 # Load utility functions
5 # Load utility functions
7 . ./functions.sh
6 . ./functions.sh
8
7
9 # Install and setup hostname
8 # Install and setup hostname
10 install_readonly files/network/hostname "${ETC_DIR}/hostname"
9 install_readonly files/network/hostname "${ETC_DIR}/hostname"
11 sed -i "s/^rpi2-jessie/${HOSTNAME}/" "${ETC_DIR}/hostname"
10 sed -i "s/^rpi2-jessie/${HOSTNAME}/" "${ETC_DIR}/hostname"
12
11
13 # Install and setup hosts
12 # Install and setup hosts
14 install_readonly files/network/hosts "${ETC_DIR}/hosts"
13 install_readonly files/network/hosts "${ETC_DIR}/hosts"
15 sed -i "s/rpi2-jessie/${HOSTNAME}/" "${ETC_DIR}/hosts"
14 sed -i "s/rpi2-jessie/${HOSTNAME}/" "${ETC_DIR}/hosts"
16
15
17 # Setup hostname entry with static IP
16 # Setup hostname entry with static IP
18 if [ "$NET_ADDRESS" != "" ] ; then
17 if [ "$NET_ADDRESS" != "" ] ; then
19 NET_IP=$(echo "${NET_ADDRESS}" | cut -f 1 -d'/')
18 NET_IP=$(echo "${NET_ADDRESS}" | cut -f 1 -d'/')
20 sed -i "s/^127.0.1.1/${NET_IP}/" "${ETC_DIR}/hosts"
19 sed -i "s/^127.0.1.1/${NET_IP}/" "${ETC_DIR}/hosts"
21 fi
20 fi
22
21
23 # Remove IPv6 hosts
22 # Remove IPv6 hosts
24 if [ "$ENABLE_IPV6" = false ] ; then
23 if [ "$ENABLE_IPV6" = false ] ; then
25 sed -i -e "/::[1-9]/d" -e "/^$/d" "${ETC_DIR}/hosts"
24 sed -i -e "/::[1-9]/d" -e "/^$/d" "${ETC_DIR}/hosts"
26 fi
25 fi
27
26
28 # Install hint about network configuration
27 # Install hint about network configuration
29 install_readonly files/network/interfaces "${ETC_DIR}/network/interfaces"
28 install_readonly files/network/interfaces "${ETC_DIR}/network/interfaces"
30
29
31 # Install configuration for interface eth0
30 # Install configuration for interface eth0
32 install_readonly files/network/eth.network "${ETC_DIR}/systemd/network/eth.network"
31 install_readonly files/network/eth.network "${ETC_DIR}/systemd/network/eth.network"
33
32
34 # Install configuration for interface wl*
33 # Install configuration for interface wl*
35 install_readonly files/network/wlan.network "${ETC_DIR}/systemd/network/wlan.network"
34 install_readonly files/network/wlan.network "${ETC_DIR}/systemd/network/wlan.network"
36
35
37 #always with dhcp since wpa_supplicant integration is missing
36 #always with dhcp since wpa_supplicant integration is missing
38 sed -i -e "s/DHCP=.*/DHCP=yes/" -e "/DHCP/q" "${ETC_DIR}/systemd/network/wlan.network"
37 sed -i -e "s/DHCP=.*/DHCP=yes/" -e "/DHCP/q" "${ETC_DIR}/systemd/network/wlan.network"
39
38
40 if [ "$ENABLE_DHCP" = true ] ; then
39 if [ "$ENABLE_DHCP" = true ] ; then
41 # Enable DHCP configuration for interface eth0
40 # Enable DHCP configuration for interface eth0
42 sed -i -e "s/DHCP=.*/DHCP=yes/" -e "/DHCP/q" "${ETC_DIR}/systemd/network/eth.network"
41 sed -i -e "s/DHCP=.*/DHCP=yes/" -e "/DHCP/q" "${ETC_DIR}/systemd/network/eth.network"
43
42
44 # Set DHCP configuration to IPv4 only
43 # Set DHCP configuration to IPv4 only
45 if [ "$ENABLE_IPV6" = false ] ; then
44 if [ "$ENABLE_IPV6" = false ] ; then
46 sed -i "s/DHCP=.*/DHCP=v4/" "${ETC_DIR}/systemd/network/eth.network"
45 sed -i "s/DHCP=.*/DHCP=v4/" "${ETC_DIR}/systemd/network/eth.network"
47 fi
46 fi
48
47
49 else # ENABLE_DHCP=false
48 else # ENABLE_DHCP=false
50 # Set static network configuration for interface eth0
49 # Set static network configuration for interface eth0
51 sed -i\
50 sed -i\
52 -e "s|DHCP=.*|DHCP=no|"\
51 -e "s|DHCP=.*|DHCP=no|"\
53 -e "s|Address=\$|Address=${NET_ADDRESS}|"\
52 -e "s|Address=\$|Address=${NET_ADDRESS}|"\
54 -e "s|Gateway=\$|Gateway=${NET_GATEWAY}|"\
53 -e "s|Gateway=\$|Gateway=${NET_GATEWAY}|"\
55 -e "0,/DNS=\$/ s|DNS=\$|DNS=${NET_DNS_1}|"\
54 -e "0,/DNS=\$/ s|DNS=\$|DNS=${NET_DNS_1}|"\
56 -e "0,/DNS=\$/ s|DNS=\$|DNS=${NET_DNS_2}|"\
55 -e "0,/DNS=\$/ s|DNS=\$|DNS=${NET_DNS_2}|"\
57 -e "s|Domains=\$|Domains=${NET_DNS_DOMAINS}|"\
56 -e "s|Domains=\$|Domains=${NET_DNS_DOMAINS}|"\
58 -e "0,/NTP=\$/ s|NTP=\$|NTP=${NET_NTP_1}|"\
57 -e "0,/NTP=\$/ s|NTP=\$|NTP=${NET_NTP_1}|"\
59 -e "0,/NTP=\$/ s|NTP=\$|NTP=${NET_NTP_2}|"\
58 -e "0,/NTP=\$/ s|NTP=\$|NTP=${NET_NTP_2}|"\
60 "${ETC_DIR}/systemd/network/eth.network"
59 "${ETC_DIR}/systemd/network/eth.network"
61 fi
60 fi
62
61
63 # Remove empty settings from network configuration
62 # Remove empty settings from network configuration
64 sed -i "/.*=\$/d" "${ETC_DIR}/systemd/network/eth.network"
63 sed -i "/.*=\$/d" "${ETC_DIR}/systemd/network/eth.network"
65 # Remove empty settings from wlan configuration
64 # Remove empty settings from wlan configuration
66 sed -i "/.*=\$/d" "${ETC_DIR}/systemd/network/wlan.network"
65 sed -i "/.*=\$/d" "${ETC_DIR}/systemd/network/wlan.network"
67
66
68 # Move systemd network configuration if required by Debian release
67 # Move systemd network configuration if required by Debian release
69 if [ "$RELEASE" = "stretch" ] || [ "$RELEASE" = "buster" ] ; then
68 if [ "$RELEASE" = "stretch" ] || [ "$RELEASE" = "buster" ] ; then
70 mv -v "${ETC_DIR}/systemd/network/eth.network" "${LIB_DIR}/systemd/network/10-eth.network"
69 mv -v "${ETC_DIR}/systemd/network/eth.network" "${LIB_DIR}/systemd/network/10-eth.network"
71 if [ "$ENABLE_WIRELESS" = true ] ; then
70 if [ "$ENABLE_WIRELESS" = true ] ; then
72 mv -v "${ETC_DIR}/systemd/network/wlan.network" "${LIB_DIR}/systemd/network/11-wlan.network"
71 mv -v "${ETC_DIR}/systemd/network/wlan.network" "${LIB_DIR}/systemd/network/11-wlan.network"
73 fi
72 fi
74 rm -fr "${ETC_DIR}/systemd/network"
73 rm -fr "${ETC_DIR}/systemd/network"
75 fi
74 fi
76
75
77 # Enable systemd-networkd service
76 # Enable systemd-networkd service
78 chroot_exec systemctl enable systemd-networkd
77 chroot_exec systemctl enable systemd-networkd
79
78
80 # Install host.conf resolver configuration
79 # Install host.conf resolver configuration
81 install_readonly files/network/host.conf "${ETC_DIR}/host.conf"
80 install_readonly files/network/host.conf "${ETC_DIR}/host.conf"
82
81
83 # Enable network stack hardening
82 # Enable network stack hardening
84 if [ "$ENABLE_HARDNET" = true ] ; then
83 if [ "$ENABLE_HARDNET" = true ] ; then
85 # Install sysctl.d configuration files
84 # Install sysctl.d configuration files
86 install_readonly files/sysctl.d/82-rpi-net-hardening.conf "${ETC_DIR}/sysctl.d/82-rpi-net-hardening.conf"
85 install_readonly files/sysctl.d/82-rpi-net-hardening.conf "${ETC_DIR}/sysctl.d/82-rpi-net-hardening.conf"
87
86
88 # Setup resolver warnings about spoofed addresses
87 # Setup resolver warnings about spoofed addresses
89 sed -i "s/^# spoof warn/spoof warn/" "${ETC_DIR}/host.conf"
88 sed -i "s/^# spoof warn/spoof warn/" "${ETC_DIR}/host.conf"
90 fi
89 fi
91
90
92 # Enable time sync
91 # Enable time sync
93 if [ "$NET_NTP_1" != "" ] ; then
92 if [ "$NET_NTP_1" != "" ] ; then
94 chroot_exec systemctl enable systemd-timesyncd.service
93 chroot_exec systemctl enable systemd-timesyncd.service
95 fi
94 fi
96
95
97 # Download the firmware binary blob required to use the RPi3 wireless interface
96 # Download the firmware binary blob required to use the RPi3 wireless interface
98 if [ "$ENABLE_WIRELESS" = true ] ; then
97 if [ "$ENABLE_WIRELESS" = true ] ; then
99 if [ ! -d "${WLAN_FIRMWARE_DIR}" ] ; then
98 if [ ! -d "${WLAN_FIRMWARE_DIR}" ] ; then
100 mkdir -p "${WLAN_FIRMWARE_DIR}"
99 mkdir -p "${WLAN_FIRMWARE_DIR}"
101 fi
100 fi
102
101
103 # Create temporary directory for firmware binary blob
102 # Create temporary directory for firmware binary blob
104 temp_dir=$(as_nobody mktemp -d)
103 temp_dir=$(as_nobody mktemp -d)
105
104
106 # Fetch firmware binary blob for RPI3B+
105 # Fetch firmware binary blob for RPI3B+
107 if [ "$RPI_MODEL" = 3P ] ; then
106 if [ "$RPI_MODEL" = 3P ] ; then
108 as_nobody wget -q -O "${temp_dir}/brcmfmac43455-sdio.bin" "${WLAN_FIRMWARE_URL}/brcmfmac43455-sdio.bin"
107 as_nobody wget -q -O "${temp_dir}/brcmfmac43455-sdio.bin" "${WLAN_FIRMWARE_URL}/brcmfmac43455-sdio.bin"
109 as_nobody wget -q -O "${temp_dir}/brcmfmac43455-sdio.txt" "${WLAN_FIRMWARE_URL}/brcmfmac43455-sdio.txt"
108 as_nobody wget -q -O "${temp_dir}/brcmfmac43455-sdio.txt" "${WLAN_FIRMWARE_URL}/brcmfmac43455-sdio.txt"
110 as_nobody wget -q -O "${temp_dir}/brcmfmac43455-sdio.clm_blob" "${WLAN_FIRMWARE_URL}/brcmfmac43455-sdio.clm_blob"
109 as_nobody wget -q -O "${temp_dir}/brcmfmac43455-sdio.clm_blob" "${WLAN_FIRMWARE_URL}/brcmfmac43455-sdio.clm_blob"
111 elif [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 0 ] ; then
110 elif [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 0 ] ; then
112 # Fetch firmware binary blob for RPI3
111 # Fetch firmware binary blob for RPI3
113 as_nobody wget -q -O "${temp_dir}/brcmfmac43430-sdio.bin" "${WLAN_FIRMWARE_URL}/brcmfmac43430-sdio.bin"
112 as_nobody wget -q -O "${temp_dir}/brcmfmac43430-sdio.bin" "${WLAN_FIRMWARE_URL}/brcmfmac43430-sdio.bin"
114 as_nobody wget -q -O "${temp_dir}/brcmfmac43430-sdio.txt" "${WLAN_FIRMWARE_URL}/brcmfmac43430-sdio.txt"
113 as_nobody wget -q -O "${temp_dir}/brcmfmac43430-sdio.txt" "${WLAN_FIRMWARE_URL}/brcmfmac43430-sdio.txt"
115 fi
114 fi
116
115
117 # Move downloaded firmware binary blob
116 # Move downloaded firmware binary blob
118 if [ "$RPI_MODEL" = 3P ] ; then
117 if [ "$RPI_MODEL" = 3P ] ; then
119 mv "${temp_dir}/brcmfmac43455-sdio."* "${WLAN_FIRMWARE_DIR}/"
118 mv "${temp_dir}/brcmfmac43455-sdio."* "${WLAN_FIRMWARE_DIR}/"
120 elif [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 0 ] ; then
119 elif [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 0 ] ; then
121 mv "${temp_dir}/brcmfmac43430-sdio."* "${WLAN_FIRMWARE_DIR}/"
120 mv "${temp_dir}/brcmfmac43430-sdio."* "${WLAN_FIRMWARE_DIR}/"
122 fi
121 fi
123
122
124 # Remove temporary directory for firmware binary blob
123 # Remove temporary directory for firmware binary blob
125 rm -fr "${temp_dir}"
124 rm -fr "${temp_dir}"
126
125
127 # Set permissions of the firmware binary blob
126 # Set permissions of the firmware binary blob
128 if [ "$RPI_MODEL" = 3P ] ; then
127 if [ "$RPI_MODEL" = 3P ] ; then
129 chown root:root "${WLAN_FIRMWARE_DIR}/brcmfmac43455-sdio."*
128 chown root:root "${WLAN_FIRMWARE_DIR}/brcmfmac43455-sdio."*
130 chmod 600 "${WLAN_FIRMWARE_DIR}/brcmfmac43455-sdio."*
129 chmod 600 "${WLAN_FIRMWARE_DIR}/brcmfmac43455-sdio."*
131 elif [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 0 ] ; then
130 elif [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 0 ] ; then
132 chown root:root "${WLAN_FIRMWARE_DIR}/brcmfmac43430-sdio."*
131 chown root:root "${WLAN_FIRMWARE_DIR}/brcmfmac43430-sdio."*
133 chmod 600 "${WLAN_FIRMWARE_DIR}/brcmfmac43430-sdio."*
132 chmod 600 "${WLAN_FIRMWARE_DIR}/brcmfmac43430-sdio."*
134 fi
133 fi
135 fi
134 fi
Show file before | Show file after | Hide comments
@@ -1,49 +1,50
1 #!/bin/bash
2 #
1 #
3 # Setup Firewall
2 # Setup Firewall
4 #
3 #
5
4
6 # Load utility functions
5 # Load utility functions
7 . ./functions.sh
6 . ./functions.sh
8
7
9 if [ "$ENABLE_IPTABLES" = true ] ; then
8 if [ "$ENABLE_IPTABLES" = true ] ; then
10 # Create iptables configuration directory
9 # Create iptables configuration directory
11 mkdir -p "${ETC_DIR}/iptables"
10 mkdir -p "${ETC_DIR}/iptables"
12
11
12 # make sure iptables-legacy is the used alternatives
13 #iptables-save and -restore are slaves of iptables and thus are set accordingly
13 if ! [ "$RELEASE" = jessie ] ; then
14 if ! [ "$RELEASE" = jessie ] ; then
14 chroot_exec update-alternatives --verbose --set iptables /usr/sbin/iptables-legacy
15 chroot_exec update-alternatives --verbose --set iptables /usr/sbin/iptables-legacy
15 fi
16 fi
16
17
17 # Install iptables systemd service
18 # Install iptables systemd service
18 install_readonly files/iptables/iptables.service "${ETC_DIR}/systemd/system/iptables.service"
19 install_readonly files/iptables/iptables.service "${ETC_DIR}/systemd/system/iptables.service"
19
20
20 # Install flush-table script called by iptables service
21 # Install flush-table script called by iptables service
21 install_exec files/iptables/flush-iptables.sh "${ETC_DIR}/iptables/flush-iptables.sh"
22 install_exec files/iptables/flush-iptables.sh "${ETC_DIR}/iptables/flush-iptables.sh"
22
23
23 # Install iptables rule file
24 # Install iptables rule file
24 install_readonly files/iptables/iptables.rules "${ETC_DIR}/iptables/iptables.rules"
25 install_readonly files/iptables/iptables.rules "${ETC_DIR}/iptables/iptables.rules"
25
26
26 # Reload systemd configuration and enable iptables service
27 # Reload systemd configuration and enable iptables service
27 chroot_exec systemctl daemon-reload
28 chroot_exec systemctl daemon-reload
28 chroot_exec systemctl enable iptables.service
29 chroot_exec systemctl enable iptables.service
29
30
30 if [ "$ENABLE_IPV6" = true ] ; then
31 if [ "$ENABLE_IPV6" = true ] ; then
31 # Install ip6tables systemd service
32 # Install ip6tables systemd service
32 install_readonly files/iptables/ip6tables.service "${ETC_DIR}/systemd/system/ip6tables.service"
33 install_readonly files/iptables/ip6tables.service "${ETC_DIR}/systemd/system/ip6tables.service"
33
34
34 # Install ip6tables file
35 # Install ip6tables file
35 install_exec files/iptables/flush-ip6tables.sh "${ETC_DIR}/iptables/flush-ip6tables.sh"
36 install_exec files/iptables/flush-ip6tables.sh "${ETC_DIR}/iptables/flush-ip6tables.sh"
36
37
37 install_readonly files/iptables/ip6tables.rules "${ETC_DIR}/iptables/ip6tables.rules"
38 install_readonly files/iptables/ip6tables.rules "${ETC_DIR}/iptables/ip6tables.rules"
38
39
39 # Reload systemd configuration and enable iptables service
40 # Reload systemd configuration and enable iptables service
40 chroot_exec systemctl daemon-reload
41 chroot_exec systemctl daemon-reload
41 chroot_exec systemctl enable ip6tables.service
42 chroot_exec systemctl enable ip6tables.service
42 fi
43 fi
43
44
44 if [ "$ENABLE_SSHD" = false ] ; then
45 if [ "$ENABLE_SSHD" = false ] ; then
45 # Remove SSHD related iptables rules
46 # Remove SSHD related iptables rules
46 sed -i "/^#/! {/SSH/ s/^/# /}" "${ETC_DIR}/iptables/iptables.rules" 2> /dev/null
47 sed -i "/^#/! {/SSH/ s/^/# /}" "${ETC_DIR}/iptables/iptables.rules" 2> /dev/null
47 sed -i "/^#/! {/SSH/ s/^/# /}" "${ETC_DIR}/iptables/ip6tables.rules" 2> /dev/null
48 sed -i "/^#/! {/SSH/ s/^/# /}" "${ETC_DIR}/iptables/ip6tables.rules" 2> /dev/null
48 fi
49 fi
49 fi
50 fi
Show file before | Show file after | Hide comments
@@ -1,30 +1,29
1 #!/bin/bash
2 #
1 #
3 # Setup users and security settings
2 # Setup users and security settings
4 #
3 #
5
4
6 # Load utility functions
5 # Load utility functions
7 . ./functions.sh
6 . ./functions.sh
8
7
9 # Generate crypt(3) password string
8 # Generate crypt(3) password string
10 ENCRYPTED_PASSWORD=$(mkpasswd -m sha-512 "${PASSWORD}")
9 ENCRYPTED_PASSWORD=$(mkpasswd -m sha-512 "${PASSWORD}")
11 ENCRYPTED_USER_PASSWORD=$(mkpasswd -m sha-512 "${USER_PASSWORD}")
10 ENCRYPTED_USER_PASSWORD=$(mkpasswd -m sha-512 "${USER_PASSWORD}")
12
11
13 # Setup default user
12 # Setup default user
14 if [ "$ENABLE_USER" = true ] ; then
13 if [ "$ENABLE_USER" = true ] ; then
15 chroot_exec adduser --gecos "$USER_NAME" --add_extra_groups --disabled-password "$USER_NAME"
14 chroot_exec adduser --gecos $USER_NAME --add_extra_groups --disabled-password $USER_NAME
16 chroot_exec usermod -a -G sudo -p "${ENCRYPTED_USER_PASSWORD}" "$USER_NAME"
15 chroot_exec usermod -a -G sudo -p "${ENCRYPTED_USER_PASSWORD}" $USER_NAME
17 fi
16 fi
18
17
19 # Setup root password or not
18 # Setup root password or not
20 if [ "$ENABLE_ROOT" = true ] ; then
19 if [ "$ENABLE_ROOT" = true ] ; then
21 chroot_exec usermod -p "${ENCRYPTED_PASSWORD}" root
20 chroot_exec usermod -p "${ENCRYPTED_PASSWORD}" root
22 else
21 else
23 # Set no root password to disable root login
22 # Set no root password to disable root login
24 chroot_exec usermod -p \'!\' root
23 chroot_exec usermod -p \'!\' root
25 fi
24 fi
26
25
27 # Enable serial console systemd style
26 # Enable serial console systemd style
28 if [ "$ENABLE_CONSOLE" = true ] ; then
27 if [ "$ENABLE_CONSOLE" = true ] ; then
29 chroot_exec systemctl enable serial-getty\@ttyAMA0.service
28 chroot_exec systemctl enable serial-getty\@ttyAMA0.service
30 fi
29 fi
Show file before | Show file after | Hide comments
@@ -1,14 +1,13
1 #!/bin/bash
2 #
1 #
3 # Setup Logging
2 # Setup Logging
4 #
3 #
5
4
6 # Load utility functions
5 # Load utility functions
7 . ./functions.sh
6 . ./functions.sh
8
7
9 # Disable rsyslog
8 # Disable rsyslog
10 if [ "$ENABLE_RSYSLOG" = false ] ; then
9 if [ "$ENABLE_RSYSLOG" = false ] ; then
11 sed -i "s|[#]*ForwardToSyslog=yes|ForwardToSyslog=no|g" "${ETC_DIR}/systemd/journald.conf"
10 sed -i "s|[#]*ForwardToSyslog=yes|ForwardToSyslog=no|g" "${ETC_DIR}/systemd/journald.conf"
12 chroot_exec systemctl disable rsyslog
11 chroot_exec systemctl disable rsyslog
13 chroot_exec apt-get -qq -y purge rsyslog
12 chroot_exec apt-get -qq -y purge rsyslog
14 fi
13 fi
Show file before | Show file after | Hide comments
@@ -1,117 +1,116
1 #!/bin/bash
2 #
1 #
3 # Setup SSH settings and public keys
2 # Setup SSH settings and public keys
4 #
3 #
5
4
6 # Load utility functions
5 # Load utility functions
7 . ./functions.sh
6 . ./functions.sh
8
7
9 if [ "$ENABLE_SSHD" = true ] ; then
8 if [ "$ENABLE_SSHD" = true ] ; then
10 DROPBEAR_ARGS=""
9 DROPBEAR_ARGS=""
11
10
12 if [ "$SSH_ENABLE_ROOT" = false ] ; then
11 if [ "$SSH_ENABLE_ROOT" = false ] ; then
13 if [ "$ENABLE_REDUCE" = false ] || [ "$REDUCE_SSHD" = false ] ; then
12 if [ "$ENABLE_REDUCE" = false ] || [ "$REDUCE_SSHD" = false ] ; then
14 # User root is not allowed to log in
13 # User root is not allowed to log in
15 sed -i "s|[#]*PermitRootLogin.*|PermitRootLogin no|g" "${ETC_DIR}/ssh/sshd_config"
14 sed -i "s|[#]*PermitRootLogin.*|PermitRootLogin no|g" "${ETC_DIR}/ssh/sshd_config"
16 else
15 else
17 # User root is not allowed to log in
16 # User root is not allowed to log in
18 DROPBEAR_ARGS="-w"
17 DROPBEAR_ARGS="-w"
19 fi
18 fi
20 fi
19 fi
21
20
22 if [ "$ENABLE_ROOT" = true ] && [ "$SSH_ENABLE_ROOT" = true ] ; then
21 if [ "$ENABLE_ROOT" = true ] && [ "$SSH_ENABLE_ROOT" = true ] ; then
23 if [ "$ENABLE_REDUCE" = false ] || [ "$REDUCE_SSHD" = false ] ; then
22 if [ "$ENABLE_REDUCE" = false ] || [ "$REDUCE_SSHD" = false ] ; then
24 # Permit SSH root login
23 # Permit SSH root login
25 sed -i "s|[#]*PermitRootLogin.*|PermitRootLogin yes|g" "${ETC_DIR}/ssh/sshd_config"
24 sed -i "s|[#]*PermitRootLogin.*|PermitRootLogin yes|g" "${ETC_DIR}/ssh/sshd_config"
26 else
25 else
27 # Permit SSH root login
26 # Permit SSH root login
28 DROPBEAR_ARGS=""
27 DROPBEAR_ARGS=""
29 fi
28 fi
30
29
31 # Add SSH (v2) public key for user root
30 # Add SSH (v2) public key for user root
32 if [ -n "$SSH_ROOT_PUB_KEY" ] ; then
31 if [ -n "$SSH_ROOT_PUB_KEY" ] ; then
33 # Create root SSH config directory
32 # Create root SSH config directory
34 mkdir -p "${R}/root/.ssh"
33 mkdir -p "${R}/root/.ssh"
35
34
36 # Set permissions of root SSH config directory
35 # Set permissions of root SSH config directory
37 chroot_exec chmod 700 "/root/.ssh"
36 chroot_exec chmod 700 "/root/.ssh"
38 chroot_exec chown root:root "/root/.ssh"
37 chroot_exec chown root:root "/root/.ssh"
39
38
40 # Add SSH (v2) public key(s) to authorized_keys file
39 # Add SSH (v2) public key(s) to authorized_keys file
41 cat "$SSH_ROOT_PUB_KEY" >> "${R}/root/.ssh/authorized_keys"
40 cat "$SSH_ROOT_PUB_KEY" >> "${R}/root/.ssh/authorized_keys"
42
41
43 # Set permissions of root SSH authorized_keys file
42 # Set permissions of root SSH authorized_keys file
44 chroot_exec chmod 600 "/root/.ssh/authorized_keys"
43 chroot_exec chmod 600 "/root/.ssh/authorized_keys"
45 chroot_exec chown root:root "/root/.ssh/authorized_keys"
44 chroot_exec chown root:root "/root/.ssh/authorized_keys"
46
45
47 if [ "$ENABLE_REDUCE" = false ] || [ "$REDUCE_SSHD" = false ] ; then
46 if [ "$ENABLE_REDUCE" = false ] || [ "$REDUCE_SSHD" = false ] ; then
48 # Allow SSH public key authentication
47 # Allow SSH public key authentication
49 sed -i "s|[#]*PubkeyAuthentication.*|PubkeyAuthentication yes|g" "${ETC_DIR}/ssh/sshd_config"
48 sed -i "s|[#]*PubkeyAuthentication.*|PubkeyAuthentication yes|g" "${ETC_DIR}/ssh/sshd_config"
50 fi
49 fi
51 fi
50 fi
52 fi
51 fi
53
52
54 if [ "$ENABLE_USER" = true ] ; then
53 if [ "$ENABLE_USER" = true ] ; then
55 # Add SSH (v2) public key for user $USER_NAME
54 # Add SSH (v2) public key for user $USER_NAME
56 if [ -n "$SSH_USER_PUB_KEY" ] ; then
55 if [ -n "$SSH_USER_PUB_KEY" ] ; then
57 # Create $USER_NAME SSH config directory
56 # Create $USER_NAME SSH config directory
58 mkdir -p "${R}/home/${USER_NAME}/.ssh"
57 mkdir -p "${R}/home/${USER_NAME}/.ssh"
59
58
60 # Set permissions of $USER_NAME SSH config directory
59 # Set permissions of $USER_NAME SSH config directory
61 chroot_exec chmod 700 "/home/${USER_NAME}/.ssh"
60 chroot_exec chmod 700 "/home/${USER_NAME}/.ssh"
62 chroot_exec chown "${USER_NAME}":"${USER_NAME}" "/home/${USER_NAME}/.ssh"
61 chroot_exec chown "${USER_NAME}":"${USER_NAME}" "/home/${USER_NAME}/.ssh"
63
62
64 # Add SSH (v2) public key(s) to authorized_keys file
63 # Add SSH (v2) public key(s) to authorized_keys file
65 cat "$SSH_USER_PUB_KEY" >> "${R}/home/${USER_NAME}/.ssh/authorized_keys"
64 cat "$SSH_USER_PUB_KEY" >> "${R}/home/${USER_NAME}/.ssh/authorized_keys"
66
65
67 # Set permissions of $USER_NAME SSH config directory
66 # Set permissions of $USER_NAME SSH config directory
68 chroot_exec chmod 600 "/home/${USER_NAME}/.ssh/authorized_keys"
67 chroot_exec chmod 600 "/home/${USER_NAME}/.ssh/authorized_keys"
69 chroot_exec chown "${USER_NAME}":"${USER_NAME}" "/home/${USER_NAME}/.ssh/authorized_keys"
68 chroot_exec chown "${USER_NAME}":"${USER_NAME}" "/home/${USER_NAME}/.ssh/authorized_keys"
70
69
71 if [ "$ENABLE_REDUCE" = false ] || [ "$REDUCE_SSHD" = false ] ; then
70 if [ "$ENABLE_REDUCE" = false ] || [ "$REDUCE_SSHD" = false ] ; then
72 # Allow SSH public key authentication
71 # Allow SSH public key authentication
73 sed -i "s|[#]*PubkeyAuthentication.*|PubkeyAuthentication yes|g" "${ETC_DIR}/ssh/sshd_config"
72 sed -i "s|[#]*PubkeyAuthentication.*|PubkeyAuthentication yes|g" "${ETC_DIR}/ssh/sshd_config"
74 fi
73 fi
75 fi
74 fi
76 fi
75 fi
77
76
78 # Limit the users that are allowed to login via SSH
77 # Limit the users that are allowed to login via SSH
79 if [ "$SSH_LIMIT_USERS" = true ] && [ "$ENABLE_REDUCE" = false ] ; then
78 if [ "$SSH_LIMIT_USERS" = true ] && [ "$ENABLE_REDUCE" = false ] ; then
80 allowed_users=""
79 allowed_users=""
81 if [ "$ENABLE_ROOT" = true ] && [ "$SSH_ENABLE_ROOT" = true ] ; then
80 if [ "$ENABLE_ROOT" = true ] && [ "$SSH_ENABLE_ROOT" = true ] ; then
82 allowed_users="root"
81 allowed_users="root"
83 fi
82 fi
84
83
85 if [ "$ENABLE_USER" = true ] ; then
84 if [ "$ENABLE_USER" = true ] ; then
86 allowed_users="${allowed_users} ${USER_NAME}"
85 allowed_users="${allowed_users} ${USER_NAME}"
87 fi
86 fi
88
87
89 if [ -n "$allowed_users" ] ; then
88 if [ -n "$allowed_users" ] ; then
90 echo "AllowUsers ${allowed_users}" >> "${ETC_DIR}/ssh/sshd_config"
89 echo "AllowUsers ${allowed_users}" >> "${ETC_DIR}/ssh/sshd_config"
91 fi
90 fi
92 fi
91 fi
93
92
94 # Disable password-based authentication
93 # Disable password-based authentication
95 if [ "$SSH_DISABLE_PASSWORD_AUTH" = true ] ; then
94 if [ "$SSH_DISABLE_PASSWORD_AUTH" = true ] ; then
96 if [ "$ENABLE_ROOT" = true ] && [ "$SSH_ENABLE_ROOT" = true ] ; then
95 if [ "$ENABLE_ROOT" = true ] && [ "$SSH_ENABLE_ROOT" = true ] ; then
97 if [ "$ENABLE_REDUCE" = false ] || [ "$REDUCE_SSHD" = false ] ; then
96 if [ "$ENABLE_REDUCE" = false ] || [ "$REDUCE_SSHD" = false ] ; then
98 sed -i "s|[#]*PermitRootLogin.*|PermitRootLogin without-password|g" "${ETC_DIR}/ssh/sshd_config"
97 sed -i "s|[#]*PermitRootLogin.*|PermitRootLogin without-password|g" "${ETC_DIR}/ssh/sshd_config"
99 else
98 else
100 DROPBEAR_ARGS="-g"
99 DROPBEAR_ARGS="-g"
101 fi
100 fi
102 fi
101 fi
103
102
104 if [ "$ENABLE_REDUCE" = false ] || [ "$REDUCE_SSHD" = false ] ; then
103 if [ "$ENABLE_REDUCE" = false ] || [ "$REDUCE_SSHD" = false ] ; then
105 sed -i "s|[#]*PasswordAuthentication.*|PasswordAuthentication no|g" "${ETC_DIR}/ssh/sshd_config"
104 sed -i "s|[#]*PasswordAuthentication.*|PasswordAuthentication no|g" "${ETC_DIR}/ssh/sshd_config"
106 sed -i "s|[#]*ChallengeResponseAuthentication no.*|ChallengeResponseAuthentication no|g" "${ETC_DIR}/ssh/sshd_config"
105 sed -i "s|[#]*ChallengeResponseAuthentication no.*|ChallengeResponseAuthentication no|g" "${ETC_DIR}/ssh/sshd_config"
107 sed -i "s|[#]*UsePAM.*|UsePAM no|g" "${ETC_DIR}/ssh/sshd_config"
106 sed -i "s|[#]*UsePAM.*|UsePAM no|g" "${ETC_DIR}/ssh/sshd_config"
108 else
107 else
109 DROPBEAR_ARGS="${DROPBEAR_ARGS} -s"
108 DROPBEAR_ARGS="${DROPBEAR_ARGS} -s"
110 fi
109 fi
111 fi
110 fi
112
111
113 # Update dropbear SSH configuration
112 # Update dropbear SSH configuration
114 if [ "$ENABLE_REDUCE" = true ] && [ "$REDUCE_SSHD" = true ] ; then
113 if [ "$ENABLE_REDUCE" = true ] && [ "$REDUCE_SSHD" = true ] ; then
115 sed "s|^DROPBEAR_EXTRA_ARGS=.*|DROPBEAR_EXTRA_ARGS=\"${DROPBEAR_ARGS}\"|g" "${ETC_DIR}/default/dropbear"
114 sed "s|^DROPBEAR_EXTRA_ARGS=.*|DROPBEAR_EXTRA_ARGS=\"${DROPBEAR_ARGS}\"|g" "${ETC_DIR}/default/dropbear"
116 fi
115 fi
117 fi
116 fi No newline at end of file
Show file before | Show file after | Hide comments
@@ -1,102 +1,102
1 #!/bin/bash
2 #
1 #
3 # Build and Setup U-Boot
2 # Build and Setup U-Boot
4 #
3 #
5
4
6 # Load utility functions
5 # Load utility functions
7 . ./functions.sh
6 . ./functions.sh
8
7
9 # Fetch and build U-Boot bootloader
8 # Fetch and build U-Boot bootloader
10 if [ "$ENABLE_UBOOT" = true ] ; then
9 if [ "$ENABLE_UBOOT" = true ] ; then
11 # Install c/c++ build environment inside the chroot
10 # Install c/c++ build environment inside the chroot
12 chroot_install_cc
11 chroot_install_cc
13
12
14 # Copy existing U-Boot sources into chroot directory
13 # Copy existing U-Boot sources into chroot directory
15 if [ -n "$UBOOTSRC_DIR" ] && [ -d "$UBOOTSRC_DIR" ] ; then
14 if [ -n "$UBOOTSRC_DIR" ] && [ -d "$UBOOTSRC_DIR" ] ; then
16 # Copy local U-Boot sources
15 # Copy local U-Boot sources
17 cp -r "${UBOOTSRC_DIR}" "${R}/tmp"
16 cp -r "${UBOOTSRC_DIR}" "${R}/tmp"
18 else
17 else
19 # Create temporary directory for U-Boot sources
18 # Create temporary directory for U-Boot sources
20 temp_dir=$(as_nobody mktemp -d)
19 temp_dir=$(as_nobody mktemp -d)
21
20
22 # Fetch U-Boot sources
21 # Fetch U-Boot sources
23 as_nobody git -C "${temp_dir}" clone "${UBOOT_URL}"
22 as_nobody git -C "${temp_dir}" clone "${UBOOT_URL}"
24
23
25 # Copy downloaded U-Boot sources
24 # Copy downloaded U-Boot sources
26 mv "${temp_dir}/u-boot" "${R}/tmp/"
25 mv "${temp_dir}/u-boot" "${R}/tmp/"
27
26
28 # Set permissions of the U-Boot sources
27 # Set permissions of the U-Boot sources
29 chown -R root:root "${R}/tmp/u-boot"
28 chown -R root:root "${R}/tmp/u-boot"
30
29
31 # Remove temporary directory for U-Boot sources
30 # Remove temporary directory for U-Boot sources
32 rm -fr "${temp_dir}"
31 rm -fr "${temp_dir}"
33 fi
32 fi
34
33
35 # Build and install U-Boot inside chroot
34 # Build and install U-Boot inside chroot
36 chroot_exec make -j"${KERNEL_THREADS}" -C /tmp/u-boot/ "${UBOOT_CONFIG}" all
35 chroot_exec make -j"${KERNEL_THREADS}" -C /tmp/u-boot/ "${UBOOT_CONFIG}" all
37
36
38 # Copy compiled bootloader binary and set config.txt to load it
37 # Copy compiled bootloader binary and set config.txt to load it
39 install_exec "${R}/tmp/u-boot/tools/mkimage" "${R}/usr/sbin/mkimage"
38 install_exec "${R}/tmp/u-boot/tools/mkimage" "${R}/usr/sbin/mkimage"
40 install_readonly "${R}/tmp/u-boot/u-boot.bin" "${BOOT_DIR}/u-boot.bin"
39 install_readonly "${R}/tmp/u-boot/u-boot.bin" "${BOOT_DIR}/u-boot.bin"
41 printf "\n# boot u-boot kernel\nkernel=u-boot.bin\n" >> "${BOOT_DIR}/config.txt"
40 printf "\n# boot u-boot kernel\nkernel=u-boot.bin\n" >> "${BOOT_DIR}/config.txt"
42
41
42 # Install and setup U-Boot command file
43 install_readonly files/boot/uboot.mkimage "${BOOT_DIR}/uboot.mkimage"
43 install_readonly files/boot/uboot.mkimage "${BOOT_DIR}/uboot.mkimage"
44 printf "# Set the kernel boot command line\nsetenv bootargs \"earlyprintk ${CMDLINE}\"\n\n$(cat ${BOOT_DIR}/uboot.mkimage)" > "${BOOT_DIR}/uboot.mkimage"
44 printf "# Set the kernel boot command line\nsetenv bootargs \"earlyprintk ${CMDLINE}\"\n\n$(cat ${BOOT_DIR}/uboot.mkimage)" > "${BOOT_DIR}/uboot.mkimage"
45
45
46 if [ "$ENABLE_INITRAMFS" = true ] ; then
46 if [ "$ENABLE_INITRAMFS" = true ] ; then
47 # Convert generated initramfs for U-Boot using mkimage
47 # Convert generated initramfs for U-Boot using mkimage
48 chroot_exec /usr/sbin/mkimage -A "${KERNEL_ARCH}" -T ramdisk -C none -n "initramfs-${KERNEL_VERSION}" -d "/boot/firmware/initramfs-${KERNEL_VERSION}" "/boot/firmware/initramfs-${KERNEL_VERSION}.uboot"
48 chroot_exec /usr/sbin/mkimage -A "${KERNEL_ARCH}" -T ramdisk -C none -n "initramfs-${KERNEL_VERSION}" -d "/boot/firmware/initramfs-${KERNEL_VERSION}" "/boot/firmware/initramfs-${KERNEL_VERSION}.uboot"
49
49
50 # Remove original initramfs file
50 # Remove original initramfs file
51 rm -f "${BOOT_DIR}/initramfs-${KERNEL_VERSION}"
51 rm -f "${BOOT_DIR}/initramfs-${KERNEL_VERSION}"
52
52
53 # Configure U-Boot to load generated initramfs
53 # Configure U-Boot to load generated initramfs
54 printf "# Set initramfs file\nsetenv initramfs initramfs-${KERNEL_VERSION}.uboot\n\n$(cat ${BOOT_DIR}/uboot.mkimage)" > "${BOOT_DIR}/uboot.mkimage"
54 printf "# Set initramfs file\nsetenv initramfs initramfs-${KERNEL_VERSION}.uboot\n\n$(cat ${BOOT_DIR}/uboot.mkimage)" > "${BOOT_DIR}/uboot.mkimage"
55 printf "\nbootz \${kernel_addr_r} \${ramdisk_addr_r} \${fdt_addr_r}" >> "${BOOT_DIR}/uboot.mkimage"
55 printf "\nbootz \${kernel_addr_r} \${ramdisk_addr_r} \${fdt_addr_r}" >> "${BOOT_DIR}/uboot.mkimage"
56 else # ENABLE_INITRAMFS=false
56 else # ENABLE_INITRAMFS=false
57 # Remove initramfs from U-Boot mkfile
57 # Remove initramfs from U-Boot mkfile
58 sed -i '/.*initramfs.*/d' "${BOOT_DIR}/uboot.mkimage"
58 sed -i '/.*initramfs.*/d' "${BOOT_DIR}/uboot.mkimage"
59
59
60 if [ "$BUILD_KERNEL" = false ] ; then
60 if [ "$BUILD_KERNEL" = false ] ; then
61 # Remove dtbfile from U-Boot mkfile
61 # Remove dtbfile from U-Boot mkfile
62 sed -i '/.*dtbfile.*/d' "${BOOT_DIR}/uboot.mkimage"
62 sed -i '/.*dtbfile.*/d' "${BOOT_DIR}/uboot.mkimage"
63 printf "\nbootz \${kernel_addr_r}" >> "${BOOT_DIR}/uboot.mkimage"
63 printf "\nbootz \${kernel_addr_r}" >> "${BOOT_DIR}/uboot.mkimage"
64 else
64 else
65 printf "\nbootz \${kernel_addr_r} - \${fdt_addr_r}" >> "${BOOT_DIR}/uboot.mkimage"
65 printf "\nbootz \${kernel_addr_r} - \${fdt_addr_r}" >> "${BOOT_DIR}/uboot.mkimage"
66 fi
66 fi
67 fi
67 fi
68
68
69 if [ "$SET_ARCH" = 64 ] ; then
69 if [ "$SET_ARCH" = 64 ] ; then
70 echo "Setting up config.txt to boot 64bit uboot"
70 echo "Setting up config.txt to boot 64bit uboot"
71
71
72 printf "\n# 64bit-mode" >> "${BOOT_DIR}/config.txt"
72 printf "\n# 64bit-mode" >> "${BOOT_DIR}/config.txt"
73 printf "\n# arm_control=0x200 is deprecated https://www.raspberrypi.org/documentation/configuration/config-txt/misc.md" >> "${BOOT_DIR}/config.txt"
73 printf "\n# arm_control=0x200 is deprecated https://www.raspberrypi.org/documentation/configuration/config-txt/misc.md" >> "${BOOT_DIR}/config.txt"
74 printf "\narm_64bit=1" >> "${BOOT_DIR}/config.txt"
74 printf "\narm_64bit=1" >> "${BOOT_DIR}/config.txt"
75 sed -i "s|bootz|booti|g" "${BOOT_DIR}/uboot.mkimage"
75 sed -i "s|bootz|booti|g" "${BOOT_DIR}/uboot.mkimage"
76 fi
76 fi
77
77
78 # instead of sd, boot from usb device
78 # instead of sd, boot from usb device
79 if [ "$ENABLE_UBOOTUSB" = true ] ; then
79 if [ "$ENABLE_UBOOTUSB" = true ] ; then
80 sed -i "s|mmc|usb|g" "${BOOT_DIR}/uboot.mkimage"
80 sed -i "s|mmc|usb|g" "${BOOT_DIR}/uboot.mkimage"
81 fi
81 fi
82
82
83 # Set mkfile to use the correct dtb file
84 sed -i "s/^\(setenv dtbfile \).*/\1${DTB_FILE}/" "${BOOT_DIR}/uboot.mkimage"
85
83 # Set mkfile to use the correct mach id
86 # Set mkfile to use the correct mach id
84 if [ "$ENABLE_QEMU" = true ] ; then
87 if [ "$ENABLE_QEMU" = true ] ; then
85 sed -i "s/^\(setenv machid \).*/\10x000008e0/" "${BOOT_DIR}/uboot.mkimage"
88 sed -i "s/^\(setenv machid \).*/\10x000008e0/" "${BOOT_DIR}/uboot.mkimage"
86 fi
89 fi
87
90
88 # Set mkfile to use the correct dtb file
89 sed -i "s/^\(setenv dtbfile \).*/\1${DTB_FILE}/" "${BOOT_DIR}/uboot.mkimage"
90
91 # Set mkfile to use kernel image
91 # Set mkfile to use kernel image
92 sed -i "s/^\(fatload mmc 0:1 \${kernel_addr_r} \).*/\1${KERNEL_IMAGE}/" "${BOOT_DIR}/uboot.mkimage"
92 sed -i "s/^\(fatload mmc 0:1 \${kernel_addr_r} \).*/\1${KERNEL_IMAGE}/" "${BOOT_DIR}/uboot.mkimage"
93
93
94 # Remove all leading blank lines
94 # Remove all leading blank lines
95 sed -i "/./,\$!d" "${BOOT_DIR}/uboot.mkimage"
95 sed -i "/./,\$!d" "${BOOT_DIR}/uboot.mkimage"
96
96
97 # Generate U-Boot bootloader image
97 # Generate U-Boot bootloader image
98 chroot_exec /usr/sbin/mkimage -A "${KERNEL_ARCH}" -O linux -T script -C none -a 0x00000000 -e 0x00000000 -n "RPi${RPI_MODEL}" -d /boot/firmware/uboot.mkimage /boot/firmware/boot.scr
98 chroot_exec /usr/sbin/mkimage -A "${KERNEL_ARCH}" -O linux -T script -C none -a 0x00000000 -e 0x00000000 -n "RPi${RPI_MODEL}" -d /boot/firmware/uboot.mkimage /boot/firmware/boot.scr
99
99
100 # Remove U-Boot sources
100 # Remove U-Boot sources
101 rm -fr "${R}/tmp/u-boot"
101 rm -fr "${R}/tmp/u-boot"
102 fi
102 fi
Show file before | Show file after | Hide comments
@@ -1,52 +1,51
1 #!/bin/bash
2 #
1 #
3 # Build and Setup fbturbo Xorg driver
2 # Build and Setup fbturbo Xorg driver
4 #
3 #
5
4
6 # Load utility functions
5 # Load utility functions
7 . ./functions.sh
6 . ./functions.sh
8
7
9 if [ "$ENABLE_FBTURBO" = true ] ; then
8 if [ "$ENABLE_FBTURBO" = true ] ; then
10 # Install c/c++ build environment inside the chroot
9 # Install c/c++ build environment inside the chroot
11 chroot_install_cc
10 chroot_install_cc
12
11
13 # Copy existing fbturbo sources into chroot directory
12 # Copy existing fbturbo sources into chroot directory
14 if [ -n "$FBTURBOSRC_DIR" ] && [ -d "$FBTURBOSRC_DIR" ] ; then
13 if [ -n "$FBTURBOSRC_DIR" ] && [ -d "$FBTURBOSRC_DIR" ] ; then
15 # Copy local fbturbo sources
14 # Copy local fbturbo sources
16 cp -r "${FBTURBOSRC_DIR}" "${R}/tmp"
15 cp -r "${FBTURBOSRC_DIR}" "${R}/tmp"
17 else
16 else
18 # Create temporary directory for fbturbo sources
17 # Create temporary directory for fbturbo sources
19 temp_dir=$(as_nobody mktemp -d)
18 temp_dir=$(as_nobody mktemp -d)
20
19
21 # Fetch fbturbo sources
20 # Fetch fbturbo sources
22 as_nobody git -C "${temp_dir}" clone "${FBTURBO_URL}"
21 as_nobody git -C "${temp_dir}" clone "${FBTURBO_URL}"
23
22
24 # Move downloaded fbturbo sources
23 # Move downloaded fbturbo sources
25 mv "${temp_dir}/xf86-video-fbturbo" "${R}/tmp/"
24 mv "${temp_dir}/xf86-video-fbturbo" "${R}/tmp/"
26
25
27 # Remove temporary directory for fbturbo sources
26 # Remove temporary directory for fbturbo sources
28 rm -fr "${temp_dir}"
27 rm -fr "${temp_dir}"
29 fi
28 fi
30
29
31 # Install Xorg build dependencies
30 # Install Xorg build dependencies
32 if [ "$RELEASE" = "jessie" ] ; then
31 if [ "$RELEASE" = "jessie" ] ; then
33 chroot_exec apt-get -q -y --no-install-recommends install xorg-dev xutils-dev x11proto-dri2-dev libltdl-dev libtool automake libdrm-dev
32 chroot_exec apt-get -q -y --no-install-recommends install xorg-dev xutils-dev x11proto-dri2-dev libltdl-dev libtool automake libdrm-dev
34 elif [ "$RELEASE" = "stretch" ] || [ "$RELEASE" = "buster" ] ; then
33 elif [ "$RELEASE" = "stretch" ] || [ "$RELEASE" = "buster" ] ; then
35 chroot_exec apt-get -q -y --no-install-recommends --allow-unauthenticated install xorg-dev xutils-dev x11proto-dri2-dev libltdl-dev libtool automake libdrm-dev
34 chroot_exec apt-get -q -y --no-install-recommends --allow-unauthenticated install xorg-dev xutils-dev x11proto-dri2-dev libltdl-dev libtool automake libdrm-dev
36 fi
35 fi
37
36
38 # Build and install fbturbo driver inside chroot
37 # Build and install fbturbo driver inside chroot
39 chroot_exec /bin/bash -x <<'EOF'
38 chroot_exec /bin/bash -x <<'EOF'
40 cd /tmp/xf86-video-fbturbo
39 cd /tmp/xf86-video-fbturbo
41 autoreconf -vi
40 autoreconf -vi
42 ./configure --prefix=/usr
41 ./configure --prefix=/usr
43 make
42 make
44 make install
43 make install
45 EOF
44 EOF
46
45
47 # Install fbturbo driver Xorg configuration
46 # Install fbturbo driver Xorg configuration
48 install_readonly files/xorg/99-fbturbo.conf "${R}/usr/share/X11/xorg.conf.d/99-fbturbo.conf"
47 install_readonly files/xorg/99-fbturbo.conf "${R}/usr/share/X11/xorg.conf.d/99-fbturbo.conf"
49
48
50 # Remove Xorg build dependencies
49 # Remove Xorg build dependencies
51 chroot_exec apt-get -qq -y --auto-remove purge xorg-dev xutils-dev x11proto-dri2-dev libltdl-dev libtool automake libdrm-dev
50 chroot_exec apt-get -qq -y --auto-remove purge xorg-dev xutils-dev x11proto-dri2-dev libltdl-dev libtool automake libdrm-dev
52 fi
51 fi
Show file before | Show file after | Hide comments
@@ -1,50 +1,49
1 #!/bin/bash
2 #
1 #
3 # First boot actions
2 # First boot actions
4 #
3 #
5
4
6 # Load utility functions
5 # Load utility functions
7 . ./functions.sh
6 . ./functions.sh
8
7
9 # Prepare rc.firstboot script
8 # Prepare rc.firstboot script
10 cat files/firstboot/10-begin.sh > "${ETC_DIR}/rc.firstboot"
9 cat files/firstboot/10-begin.sh > "${ETC_DIR}/rc.firstboot"
11
10
12 # Ensure openssh server host keys are regenerated on first boot
11 # Ensure openssh server host keys are regenerated on first boot
13 if [ "$ENABLE_SSHD" = true ] ; then
12 if [ "$ENABLE_SSHD" = true ] ; then
14 cat files/firstboot/21-generate-ssh-keys.sh >> "${ETC_DIR}/rc.firstboot"
13 cat files/firstboot/21-generate-ssh-keys.sh >> "${ETC_DIR}/rc.firstboot"
15 fi
14 fi
16
15
17 # Prepare filesystem auto expand
16 # Prepare filesystem auto expand
18 if [ "$EXPANDROOT" = true ] ; then
17 if [ "$EXPANDROOT" = true ] ; then
19 if [ "$ENABLE_CRYPTFS" = false ] ; then
18 if [ "$ENABLE_CRYPTFS" = false ] ; then
20 cat files/firstboot/22-expandroot.sh >> "${ETC_DIR}/rc.firstboot"
19 cat files/firstboot/22-expandroot.sh >> "${ETC_DIR}/rc.firstboot"
21 else
20 else
22 # Regenerate initramfs to remove encrypted root partition auto expand
21 # Regenerate initramfs to remove encrypted root partition auto expand
23 cat files/firstboot/23-regenerate-initramfs.sh >> "${ETC_DIR}/rc.firstboot"
22 cat files/firstboot/23-regenerate-initramfs.sh >> "${ETC_DIR}/rc.firstboot"
24 fi
23 fi
25 fi
24 fi
26
25
27 # Ensure that dbus machine-id exists
26 # Ensure that dbus machine-id exists
28 cat files/firstboot/24-generate-machineid.sh >> "${ETC_DIR}/rc.firstboot"
27 cat files/firstboot/24-generate-machineid.sh >> "${ETC_DIR}/rc.firstboot"
29
28
30 # Create /etc/resolv.conf symlink
29 # Create /etc/resolv.conf symlink
31 cat files/firstboot/25-create-resolv-symlink.sh >> "${ETC_DIR}/rc.firstboot"
30 cat files/firstboot/25-create-resolv-symlink.sh >> "${ETC_DIR}/rc.firstboot"
32
31
33 # Configure automatic network interface names
32 # Configure automatic network interface names
34 if [ "$ENABLE_IFNAMES" = true ] ; then
33 if [ "$ENABLE_IFNAMES" = true ] ; then
35 cat files/firstboot/26-config-ifnames.sh >> "${ETC_DIR}/rc.firstboot"
34 cat files/firstboot/26-config-ifnames.sh >> "${ETC_DIR}/rc.firstboot"
36 fi
35 fi
37
36
38 # Finalize rc.firstboot script
37 # Finalize rc.firstboot script
39 cat files/firstboot/99-finish.sh >> "${ETC_DIR}/rc.firstboot"
38 cat files/firstboot/99-finish.sh >> "${ETC_DIR}/rc.firstboot"
40 chmod +x "${ETC_DIR}/rc.firstboot"
39 chmod +x "${ETC_DIR}/rc.firstboot"
41
40
42 # Install default rc.local if it does not exist
41 # Install default rc.local if it does not exist
43 if [ ! -f "${ETC_DIR}/rc.local" ] ; then
42 if [ ! -f "${ETC_DIR}/rc.local" ] ; then
44 install_exec files/etc/rc.local "${ETC_DIR}/rc.local"
43 install_exec files/etc/rc.local "${ETC_DIR}/rc.local"
45 fi
44 fi
46
45
47 # Add rc.firstboot script to rc.local
46 # Add rc.firstboot script to rc.local
48 sed -i '/exit 0/d' "${ETC_DIR}/rc.local"
47 sed -i '/exit 0/d' "${ETC_DIR}/rc.local"
49 echo /etc/rc.firstboot >> "${ETC_DIR}/rc.local"
48 echo /etc/rc.firstboot >> "${ETC_DIR}/rc.local"
50 echo exit 0 >> "${ETC_DIR}/rc.local"
49 echo exit 0 >> "${ETC_DIR}/rc.local"
Show file before | Show file after | Hide comments
@@ -1,86 +1,85
1 #!/bin/bash
2 #
1 #
3 # Reduce system disk usage
2 # Reduce system disk usage
4 #
3 #
5
4
6 # Load utility functions
5 # Load utility functions
7 . ./functions.sh
6 . ./functions.sh
8
7
9 # Reduce the image size by various operations
8 # Reduce the image size by various operations
10 if [ "$ENABLE_REDUCE" = true ] ; then
9 if [ "$ENABLE_REDUCE" = true ] ; then
11 if [ "$REDUCE_APT" = true ] ; then
10 if [ "$REDUCE_APT" = true ] ; then
12 # Install dpkg configuration file
11 # Install dpkg configuration file
13 if [ "$REDUCE_DOC" = true ] || [ "$REDUCE_MAN" = true ] ; then
12 if [ "$REDUCE_DOC" = true ] || [ "$REDUCE_MAN" = true ] ; then
14 install_readonly files/dpkg/01nodoc "${ETC_DIR}/dpkg/dpkg.cfg.d/01nodoc"
13 install_readonly files/dpkg/01nodoc "${ETC_DIR}/dpkg/dpkg.cfg.d/01nodoc"
15 fi
14 fi
16
15
17 # Install APT configuration files
16 # Install APT configuration files
18 install_readonly files/apt/02nocache "${ETC_DIR}/apt/apt.conf.d/02nocache"
17 install_readonly files/apt/02nocache "${ETC_DIR}/apt/apt.conf.d/02nocache"
19 install_readonly files/apt/03compress "${ETC_DIR}/apt/apt.conf.d/03compress"
18 install_readonly files/apt/03compress "${ETC_DIR}/apt/apt.conf.d/03compress"
20 install_readonly files/apt/04norecommends "${ETC_DIR}/apt/apt.conf.d/04norecommends"
19 install_readonly files/apt/04norecommends "${ETC_DIR}/apt/apt.conf.d/04norecommends"
21
20
22 # Remove APT cache files
21 # Remove APT cache files
23 rm -fr "${R}/var/cache/apt/pkgcache.bin"
22 rm -fr "${R}/var/cache/apt/pkgcache.bin"
24 rm -fr "${R}/var/cache/apt/srcpkgcache.bin"
23 rm -fr "${R}/var/cache/apt/srcpkgcache.bin"
25 fi
24 fi
26
25
27 # Remove all doc files
26 # Remove all doc files
28 if [ "$REDUCE_DOC" = true ] ; then
27 if [ "$REDUCE_DOC" = true ] ; then
29 find "${R}/usr/share/doc" -depth -type f ! -name copyright -print0 | xargs -0 rm || true
28 find "${R}/usr/share/doc" -depth -type f ! -name copyright -print0 | xargs -0 rm || true
30 find "${R}/usr/share/doc" -empty -print0 | xargs -0 rmdir || true
29 find "${R}/usr/share/doc" -empty -print0 | xargs -0 rmdir || true
31 fi
30 fi
32
31
33 # Remove all man pages and info files
32 # Remove all man pages and info files
34 if [ "$REDUCE_MAN" = true ] ; then
33 if [ "$REDUCE_MAN" = true ] ; then
35 rm -rf "${R}/usr/share/man" "${R}/usr/share/groff" "${R}/usr/share/info" "${R}/usr/share/lintian" "${R}/usr/share/linda" "${R}/var/cache/man"
34 rm -rf "${R}/usr/share/man" "${R}/usr/share/groff" "${R}/usr/share/info" "${R}/usr/share/lintian" "${R}/usr/share/linda" "${R}/var/cache/man"
36 fi
35 fi
37
36
38 # Remove all locale translation files
37 # Remove all locale translation files
39 if [ "$REDUCE_LOCALE" = true ] ; then
38 if [ "$REDUCE_LOCALE" = true ] ; then
40 find "${R}/usr/share/locale" -mindepth 1 -maxdepth 1 ! -name 'en' -print0 | xargs -0 rm -r
39 find "${R}/usr/share/locale" -mindepth 1 -maxdepth 1 ! -name 'en' -print0 | xargs -0 rm -r
41 fi
40 fi
42
41
43 # Remove hwdb PCI device classes (experimental)
42 # Remove hwdb PCI device classes (experimental)
44 if [ "$REDUCE_HWDB" = true ] ; then
43 if [ "$REDUCE_HWDB" = true ] ; then
45 rm -fr "/lib/udev/hwdb.d/20-pci-*"
44 rm -fr "/lib/udev/hwdb.d/20-pci-*"
46 fi
45 fi
47
46
48 # Replace bash shell by dash shell (experimental)
47 # Replace bash shell by dash shell (experimental)
49 if [ "$REDUCE_BASH" = true ] ; then
48 if [ "$REDUCE_BASH" = true ] ; then
50 if [ "$RELEASE" = "stretch" ] || [ "$RELEASE" = "buster" ] ; then
49 if [ "$RELEASE" = "stretch" ] || [ "$RELEASE" = "buster" ] ; then
51 echo "Yes, do as I say!" | chroot_exec apt-get purge -qq -y --allow-remove-essential bash
50 echo "Yes, do as I say!" | chroot_exec apt-get purge -qq -y --allow-remove-essential bash
52 else
51 else
53 echo "Yes, do as I say!" | chroot_exec apt-get purge -qq -y --force-yes bash
52 echo "Yes, do as I say!" | chroot_exec apt-get purge -qq -y --force-yes bash
54 fi
53 fi
55
54
56 chroot_exec update-alternatives --install /bin/bash bash /bin/dash 100
55 chroot_exec update-alternatives --install /bin/bash bash /bin/dash 100
57 fi
56 fi
58
57
59 # Remove sound utils and libraries
58 # Remove sound utils and libraries
60 if [ "$ENABLE_SOUND" = false ] ; then
59 if [ "$ENABLE_SOUND" = false ] ; then
61 chroot_exec apt-get -qq -y purge alsa-utils libsamplerate0 libasound2 libasound2-data
60 chroot_exec apt-get -qq -y purge alsa-utils libsamplerate0 libasound2 libasound2-data
62 fi
61 fi
63
62
64 # Re-install tools for managing kernel modules
63 # Re-install tools for managing kernel modules
65 if [ "$RELEASE" = "jessie" ] ; then
64 if [ "$RELEASE" = "jessie" ] ; then
66 chroot_exec apt-get -qq -y install module-init-tools
65 chroot_exec apt-get -qq -y install module-init-tools
67 fi
66 fi
68
67
69 # Remove GPU kernels
68 # Remove GPU kernels
70 if [ "$ENABLE_MINGPU" = true ] ; then
69 if [ "$ENABLE_MINGPU" = true ] ; then
71 rm -f "${BOOT_DIR}/start.elf"
70 rm -f "${BOOT_DIR}/start.elf"
72 rm -f "${BOOT_DIR}/fixup.dat"
71 rm -f "${BOOT_DIR}/fixup.dat"
73 rm -f "${BOOT_DIR}/start_x.elf"
72 rm -f "${BOOT_DIR}/start_x.elf"
74 rm -f "${BOOT_DIR}/fixup_x.dat"
73 rm -f "${BOOT_DIR}/fixup_x.dat"
75 fi
74 fi
76
75
77 # Remove kernel and initrd from /boot (already in /boot/firmware)
76 # Remove kernel and initrd from /boot (already in /boot/firmware)
78 if [ "$BUILD_KERNEL" = false ] ; then
77 if [ "$BUILD_KERNEL" = false ] ; then
79 rm -f "${R}/boot/vmlinuz-*"
78 rm -f "${R}/boot/vmlinuz-*"
80 rm -f "${R}/boot/initrd.img-*"
79 rm -f "${R}/boot/initrd.img-*"
81 fi
80 fi
82
81
83 # Clean APT list of repositories
82 # Clean APT list of repositories
84 rm -fr "${R}/var/lib/apt/lists/*"
83 rm -fr "${R}/var/lib/apt/lists/*"
85 chroot_exec apt-get -qq -y update
84 chroot_exec apt-get -qq -y update
86 fi
85 fi
Show file before | Show file after | Hide comments
@@ -1,797 +1,806
1 #!/bin/bash
1 #!/bin/bash
2 ########################################################################
2 ########################################################################
3 # rpi23-gen-image.sh 2015-2017
3 # rpi23-gen-image.sh 2015-2017
4 #
4 #
5 # Advanced Debian "stretch" and "buster" bootstrap script for RPi2/3
5 # Advanced Debian "stretch" and "buster" bootstrap script for RPi2/3
6 #
6 #
7 # This program is free software; you can redistribute it and/or
7 # This program is free software; you can redistribute it and/or
8 # modify it under the terms of the GNU General Public License
8 # modify it under the terms of the GNU General Public License
9 # as published by the Free Software Foundation; either version 2
9 # as published by the Free Software Foundation; either version 2
10 # of the License, or (at your option) any later version.
10 # of the License, or (at your option) any later version.
11 #
11 #
12 # Copyright (C) 2015 Jan Wagner <mail@jwagner.eu>
12 # Copyright (C) 2015 Jan Wagner <mail@jwagner.eu>
13 #
13 #
14 # Big thanks for patches and enhancements by 20+ github contributors!
14 # Big thanks for patches and enhancements by 20+ github contributors!
15 ########################################################################
15 ########################################################################
16
16
17 # Are we running as root?
17 # Are we running as root?
18 if [ "$(id -u)" -ne "0" ] ; then
18 if [ "$(id -u)" -ne "0" ] ; then
19 echo "error: this script must be executed with root privileges!"
19 echo "error: this script must be executed with root privileges!"
20 exit 1
20 exit 1
21 fi
21 fi
22
22
23 # Check if ./functions.sh script exists
23 # Check if ./functions.sh script exists
24 if [ ! -r "./functions.sh" ] ; then
24 if [ ! -r "./functions.sh" ] ; then
25 echo "error: './functions.sh' required script not found!"
25 echo "error: './functions.sh' required script not found!"
26 exit 1
26 exit 1
27 fi
27 fi
28
28
29 # Load utility functions
29 # Load utility functions
30 . ./functions.sh
30 . ./functions.sh
31
31
32 # Load parameters from configuration template file
32 # Load parameters from configuration template file
33 if [ -n "$CONFIG_TEMPLATE" ] ; then
33 if [ -n "$CONFIG_TEMPLATE" ] ; then
34 use_template
34 use_template
35 fi
35 fi
36
36
37 # Introduce settings
37 # Introduce settings
38 set -e
38 set -e
39 echo -n -e "\n#\n# RPi2/3 Bootstrap Settings\n#\n"
39 echo -n -e "\n#\n# RPi2/3 Bootstrap Settings\n#\n"
40 set -x
40 set -x
41
41
42 # Raspberry Pi model configuration
42 # Raspberry Pi model configuration
43 export RPI_MODEL=${RPI_MODEL:=2}
43 export RPI_MODEL=${RPI_MODEL:=2}
44
44
45 # Debian release
45 # Debian release
46 export RELEASE=${RELEASE:=buster}
46 export RELEASE=${RELEASE:=buster}
47
47
48 #Kernel Branch
48 #Kernel Branch
49 export KERNEL_BRANCH=${KERNEL_BRANCH:=""}
49 export KERNEL_BRANCH=${KERNEL_BRANCH:=""}
50
50
51 # URLs
51 # URLs
52 export KERNEL_URL=${KERNEL_URL:=https://github.com/raspberrypi/linux}
52 KERNEL_URL=${KERNEL_URL:=https://github.com/raspberrypi/linux}
53 export FIRMWARE_URL=${FIRMWARE_URL:=https://github.com/raspberrypi/firmware/raw/master/boot}
53 FIRMWARE_URL=${FIRMWARE_URL:=https://github.com/raspberrypi/firmware/raw/master/boot}
54 export WLAN_FIRMWARE_URL=${WLAN_FIRMWARE_URL:=https://github.com/RPi-Distro/firmware-nonfree/raw/master/brcm}
54 WLAN_FIRMWARE_URL=${WLAN_FIRMWARE_URL:=https://github.com/RPi-Distro/firmware-nonfree/raw/master/brcm}
55 export FBTURBO_URL=${FBTURBO_URL:=https://github.com/ssvb/xf86-video-fbturbo.git}
55 COLLABORA_URL=${COLLABORA_URL:=https://repositories.collabora.co.uk/debian}
56 export UBOOT_URL=${UBOOT_URL:=https://git.denx.de/u-boot.git}
56 FBTURBO_URL=${FBTURBO_URL:=https://github.com/ssvb/xf86-video-fbturbo.git}
57 export VIDEOCORE_URL=${VIDEOCORE_URL=https://github.com/raspberrypi/userland}
57 UBOOT_URL=${UBOOT_URL:=https://git.denx.de/u-boot.git}
58
58 VIDEOCORE_URL=${VIDEOCORE_URL=https://github.com/raspberrypi/userland}
59 # Firmware directory: Blank if download from github
60 export RPI_FIRMWARE_DIR=${RPI_FIRMWARE_DIR:=""}
61
59
62 # Build directories
60 # Build directories
63 export BASEDIR=${BASEDIR:=$(pwd)/images/${RELEASE}}
61 BASEDIR=${BASEDIR:=$(pwd)/images/${RELEASE}}
64 export BUILDDIR="${BASEDIR}/build"
62 BUILDDIR="${BASEDIR}/build"
65
63
66 # Prepare date string for default image file name
64 # Prepare date string for default image file name
67 DATE="$(date +%Y-%m-%d)"
65 DATE="$(date +%Y-%m-%d)"
68 if [ -z "$KERNEL_BRANCH" ] ; then
66 if [ -z "$KERNEL_BRANCH" ] ; then
69 export IMAGE_NAME=${IMAGE_NAME:=${BASEDIR}/${DATE}-${KERNEL_ARCH}-CURRENT-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}}
67 IMAGE_NAME=${IMAGE_NAME:=${BASEDIR}/${DATE}-${KERNEL_ARCH}-CURRENT-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}}
70 else
68 else
71 export IMAGE_NAME=${IMAGE_NAME:=${BASEDIR}/${DATE}-${KERNEL_ARCH}-${KERNEL_BRANCH}-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}}
69 IMAGE_NAME=${IMAGE_NAME:=${BASEDIR}/${DATE}-${KERNEL_ARCH}-${KERNEL_BRANCH}-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}}
72 fi
70 fi
73
71
74 # Chroot directories
72 # Chroot directories
75 export R="${BUILDDIR}/chroot"
73 R="${BUILDDIR}/chroot"
76 export ETC_DIR="${R}/etc"
74 ETC_DIR="${R}/etc"
77 export LIB_DIR="${R}/lib"
75 LIB_DIR="${R}/lib"
78 export BOOT_DIR="${R}/boot/firmware"
76 BOOT_DIR="${R}/boot/firmware"
79 export KERNEL_DIR="${R}/usr/src/linux"
77 KERNEL_DIR="${R}/usr/src/linux"
80 export WLAN_FIRMWARE_DIR="${R}/lib/firmware/brcm"
78 WLAN_FIRMWARE_DIR="${R}/lib/firmware/brcm"
81
79
80 # Firmware directory: Blank if download from github
81 RPI_FIRMWARE_DIR=${RPI_FIRMWARE_DIR:=""}
82 # General settings
82 # General settings
83 export SET_ARCH=${SET_ARCH:=32}
83 SET_ARCH=${SET_ARCH:=32}
84 export HOSTNAME=${HOSTNAME:=rpi${RPI_MODEL}-${RELEASE}}
84 HOSTNAME=${HOSTNAME:=rpi${RPI_MODEL}-${RELEASE}}
85 export PASSWORD=${PASSWORD:=raspberry}
85 PASSWORD=${PASSWORD:=raspberry}
86 export USER_PASSWORD=${USER_PASSWORD:=raspberry}
86 USER_PASSWORD=${USER_PASSWORD:=raspberry}
87 export DEFLOCAL=${DEFLOCAL:="en_US.UTF-8"}
87 DEFLOCAL=${DEFLOCAL:="en_US.UTF-8"}
88 export TIMEZONE=${TIMEZONE:="Europe/Berlin"}
88 TIMEZONE=${TIMEZONE:="Europe/Berlin"}
89 export EXPANDROOT=${EXPANDROOT:=true}
89 EXPANDROOT=${EXPANDROOT:=true}
90
90
91 # Keyboard settings
91 # Keyboard settings
92 export XKB_MODEL=${XKB_MODEL:=""}
92 XKB_MODEL=${XKB_MODEL:=""}
93 export XKB_LAYOUT=${XKB_LAYOUT:=""}
93 XKB_LAYOUT=${XKB_LAYOUT:=""}
94 export XKB_VARIANT=${XKB_VARIANT:=""}
94 XKB_VARIANT=${XKB_VARIANT:=""}
95 export XKB_OPTIONS=${XKB_OPTIONS:=""}
95 XKB_OPTIONS=${XKB_OPTIONS:=""}
96
96
97 # Network settings (DHCP)
97 # Network settings (DHCP)
98 export ENABLE_DHCP=${ENABLE_DHCP:=true}
98 ENABLE_DHCP=${ENABLE_DHCP:=true}
99
99
100 # Network settings (static)
100 # Network settings (static)
101 export NET_ADDRESS=${NET_ADDRESS:=""}
101 NET_ADDRESS=${NET_ADDRESS:=""}
102 export NET_GATEWAY=${NET_GATEWAY:=""}
102 NET_GATEWAY=${NET_GATEWAY:=""}
103 export NET_DNS_1=${NET_DNS_1:=""}
103 NET_DNS_1=${NET_DNS_1:=""}
104 export NET_DNS_2=${NET_DNS_2:=""}
104 NET_DNS_2=${NET_DNS_2:=""}
105 export NET_DNS_DOMAINS=${NET_DNS_DOMAINS:=""}
105 NET_DNS_DOMAINS=${NET_DNS_DOMAINS:=""}
106 export NET_NTP_1=${NET_NTP_1:=""}
106 NET_NTP_1=${NET_NTP_1:=""}
107 export NET_NTP_2=${NET_NTP_2:=""}
107 NET_NTP_2=${NET_NTP_2:=""}
108
108
109 # APT settings
109 # APT settings
110 export APT_PROXY=${APT_PROXY:=""}
110 APT_PROXY=${APT_PROXY:=""}
111 export APT_SERVER=${APT_SERVER:="ftp.debian.org"}
111 APT_SERVER=${APT_SERVER:="ftp.debian.org"}
112
112
113 # Feature settings
113 # Feature settings
114 export ENABLE_CONSOLE=${ENABLE_CONSOLE:=true}
114 ENABLE_CONSOLE=${ENABLE_CONSOLE:=true}
115 export ENABLE_I2C=${ENABLE_I2C:=false}
115 ENABLE_I2C=${ENABLE_I2C:=false}
116 export ENABLE_SPI=${ENABLE_SPI:=false}
116 ENABLE_SPI=${ENABLE_SPI:=false}
117 export ENABLE_IPV6=${ENABLE_IPV6:=true}
117 ENABLE_IPV6=${ENABLE_IPV6:=true}
118 export ENABLE_SSHD=${ENABLE_SSHD:=true}
118 ENABLE_SSHD=${ENABLE_SSHD:=true}
119 export ENABLE_NONFREE=${ENABLE_NONFREE:=false}
119 ENABLE_NONFREE=${ENABLE_NONFREE:=false}
120 export ENABLE_WIRELESS=${ENABLE_WIRELESS:=false}
120 ENABLE_WIRELESS=${ENABLE_WIRELESS:=false}
121 export ENABLE_SOUND=${ENABLE_SOUND:=true}
121 ENABLE_SOUND=${ENABLE_SOUND:=true}
122 export ENABLE_DBUS=${ENABLE_DBUS:=true}
122 ENABLE_DBUS=${ENABLE_DBUS:=true}
123 export ENABLE_HWRANDOM=${ENABLE_HWRANDOM:=true}
123 ENABLE_HWRANDOM=${ENABLE_HWRANDOM:=true}
124 export ENABLE_MINGPU=${ENABLE_MINGPU:=false}
124 ENABLE_MINGPU=${ENABLE_MINGPU:=false}
125 export ENABLE_XORG=${ENABLE_XORG:=false}
125 ENABLE_XORG=${ENABLE_XORG:=false}
126 export ENABLE_WM=${ENABLE_WM:=""}
126 ENABLE_WM=${ENABLE_WM:=""}
127 export ENABLE_RSYSLOG=${ENABLE_RSYSLOG:=true}
127 ENABLE_RSYSLOG=${ENABLE_RSYSLOG:=true}
128 export ENABLE_USER=${ENABLE_USER:=true}
128 ENABLE_USER=${ENABLE_USER:=true}
129 export USER_NAME=${USER_NAME:="pi"}
129 USER_NAME=${USER_NAME:="pi"}
130 export ENABLE_ROOT=${ENABLE_ROOT:=false}
130 ENABLE_ROOT=${ENABLE_ROOT:=false}
131 export ENABLE_QEMU=${ENABLE_QEMU:=false}
131 ENABLE_QEMU=${ENABLE_QEMU:=false}
132 ENABLE_SYSVINIT=${ENABLE_SYSVINIT:=false}
132
133
133 # SSH settings
134 # SSH settings
134 export SSH_ENABLE_ROOT=${SSH_ENABLE_ROOT:=false}
135 SSH_ENABLE_ROOT=${SSH_ENABLE_ROOT:=false}
135 export SSH_DISABLE_PASSWORD_AUTH=${SSH_DISABLE_PASSWORD_AUTH:=false}
136 SSH_DISABLE_PASSWORD_AUTH=${SSH_DISABLE_PASSWORD_AUTH:=false}
136 export SSH_LIMIT_USERS=${SSH_LIMIT_USERS:=false}
137 SSH_LIMIT_USERS=${SSH_LIMIT_USERS:=false}
137 export SSH_ROOT_PUB_KEY=${SSH_ROOT_PUB_KEY:=""}
138 SSH_ROOT_PUB_KEY=${SSH_ROOT_PUB_KEY:=""}
138 export SSH_USER_PUB_KEY=${SSH_USER_PUB_KEY:=""}
139 SSH_USER_PUB_KEY=${SSH_USER_PUB_KEY:=""}
139
140
140 # Advanced settings
141 # Advanced settings
141 export ENABLE_MINBASE=${ENABLE_MINBASE:=false}
142 ENABLE_MINBASE=${ENABLE_MINBASE:=false}
142 export ENABLE_REDUCE=${ENABLE_REDUCE:=false}
143 ENABLE_REDUCE=${ENABLE_REDUCE:=false}
143 export ENABLE_UBOOT=${ENABLE_UBOOT:=false}
144 ENABLE_UBOOT=${ENABLE_UBOOT:=false}
144 export UBOOTSRC_DIR=${UBOOTSRC_DIR:=""}
145 UBOOTSRC_DIR=${UBOOTSRC_DIR:=""}
145 export ENABLE_UBOOTUSB=${ENABLE_UBOOTUSB=false}
146 ENABLE_UBOOTUSB=${ENABLE_UBOOTUSB=false}
146 export ENABLE_FBTURBO=${ENABLE_FBTURBO:=false}
147 ENABLE_FBTURBO=${ENABLE_FBTURBO:=false}
147 export ENABLE_VIDEOCORE=${ENABLE_VIDEOCORE:=true}
148 ENABLE_VIDEOCORE=${ENABLE_VIDEOCORE:=true}
148 export VIDEOCORESRC_DIR=${VIDEOCORESRC_DIR:=""}
149 VIDEOCORESRC_DIR=${VIDEOCORESRC_DIR:=""}
149 export FBTURBOSRC_DIR=${FBTURBOSRC_DIR:=""}
150 FBTURBOSRC_DIR=${FBTURBOSRC_DIR:=""}
150 export ENABLE_HARDNET=${ENABLE_HARDNET:=false}
151 ENABLE_HARDNET=${ENABLE_HARDNET:=false}
151 export ENABLE_IPTABLES=${ENABLE_IPTABLES:=false}
152 ENABLE_IPTABLES=${ENABLE_IPTABLES:=false}
152 export ENABLE_SPLITFS=${ENABLE_SPLITFS:=false}
153 ENABLE_SPLITFS=${ENABLE_SPLITFS:=false}
153 export ENABLE_INITRAMFS=${ENABLE_INITRAMFS:=false}
154 ENABLE_INITRAMFS=${ENABLE_INITRAMFS:=false}
154 export ENABLE_IFNAMES=${ENABLE_IFNAMES:=true}
155 ENABLE_IFNAMES=${ENABLE_IFNAMES:=true}
155 export DISABLE_UNDERVOLT_WARNINGS=${DISABLE_UNDERVOLT_WARNINGS:=}
156 DISABLE_UNDERVOLT_WARNINGS=${DISABLE_UNDERVOLT_WARNINGS:=}
156
157
157 # Kernel compilation settings
158 # Kernel compilation settings
158 export BUILD_KERNEL=${BUILD_KERNEL:=true}
159 BUILD_KERNEL=${BUILD_KERNEL:=true}
159 export KERNEL_REDUCE=${KERNEL_REDUCE:=false}
160 KERNEL_REDUCE=${KERNEL_REDUCE:=false}
160 export KERNEL_THREADS=${KERNEL_THREADS:=1}
161 KERNEL_THREADS=${KERNEL_THREADS:=1}
161 export KERNEL_HEADERS=${KERNEL_HEADERS:=true}
162 KERNEL_HEADERS=${KERNEL_HEADERS:=true}
162 export KERNEL_MENUCONFIG=${KERNEL_MENUCONFIG:=false}
163 KERNEL_MENUCONFIG=${KERNEL_MENUCONFIG:=false}
163 export KERNEL_REMOVESRC=${KERNEL_REMOVESRC:=true}
164 KERNEL_REMOVESRC=${KERNEL_REMOVESRC:=true}
164 export KERNEL_OLDDEFCONFIG=${KERNEL_OLDDEFCONFIG:=false}
165 KERNEL_OLDDEFCONFIG=${KERNEL_OLDDEFCONFIG:=false}
165 export KERNEL_CCACHE=${KERNEL_CCACHE:=false}
166 KERNEL_CCACHE=${KERNEL_CCACHE:=false}
166
167
167 # Kernel compilation from source directory settings
168 # Kernel compilation from source directory settings
168 export KERNELSRC_DIR=${KERNELSRC_DIR:=""}
169 KERNELSRC_DIR=${KERNELSRC_DIR:=""}
169 export KERNELSRC_CLEAN=${KERNELSRC_CLEAN:=false}
170 KERNELSRC_CLEAN=${KERNELSRC_CLEAN:=false}
170 export KERNELSRC_CONFIG=${KERNELSRC_CONFIG:=true}
171 KERNELSRC_CONFIG=${KERNELSRC_CONFIG:=true}
171 export KERNELSRC_PREBUILT=${KERNELSRC_PREBUILT:=false}
172 KERNELSRC_PREBUILT=${KERNELSRC_PREBUILT:=false}
172
173
173 # Reduce disk usage settings
174 # Reduce disk usage settings
174 export REDUCE_APT=${REDUCE_APT:=true}
175 REDUCE_APT=${REDUCE_APT:=true}
175 export REDUCE_DOC=${REDUCE_DOC:=true}
176 REDUCE_DOC=${REDUCE_DOC:=true}
176 export REDUCE_MAN=${REDUCE_MAN:=true}
177 REDUCE_MAN=${REDUCE_MAN:=true}
177 export REDUCE_VIM=${REDUCE_VIM:=false}
178 REDUCE_VIM=${REDUCE_VIM:=false}
178 export REDUCE_BASH=${REDUCE_BASH:=false}
179 REDUCE_BASH=${REDUCE_BASH:=false}
179 export REDUCE_HWDB=${REDUCE_HWDB:=true}
180 REDUCE_HWDB=${REDUCE_HWDB:=true}
180 export REDUCE_SSHD=${REDUCE_SSHD:=true}
181 REDUCE_SSHD=${REDUCE_SSHD:=true}
181 export REDUCE_LOCALE=${REDUCE_LOCALE:=true}
182 REDUCE_LOCALE=${REDUCE_LOCALE:=true}
182
183
183 # Encrypted filesystem settings
184 # Encrypted filesystem settings
184 ENABLE_CRYPTFS=${ENABLE_CRYPTFS:=false}
185 ENABLE_CRYPTFS=${ENABLE_CRYPTFS:=false}
185 CRYPTFS_PASSWORD=${CRYPTFS_PASSWORD:=""}
186 CRYPTFS_PASSWORD=${CRYPTFS_PASSWORD:=""}
186 CRYPTFS_MAPPING=${CRYPTFS_MAPPING:="secure"}
187 CRYPTFS_MAPPING=${CRYPTFS_MAPPING:="secure"}
187 CRYPTFS_CIPHER=${CRYPTFS_CIPHER:="aes-xts-plain64:sha512"}
188 CRYPTFS_CIPHER=${CRYPTFS_CIPHER:="aes-xts-plain64:sha512"}
188 CRYPTFS_XTSKEYSIZE=${CRYPTFS_XTSKEYSIZE:=512}
189 CRYPTFS_XTSKEYSIZE=${CRYPTFS_XTSKEYSIZE:=512}
189
190
190 # Chroot scripts directory
191 # Chroot scripts directory
191 CHROOT_SCRIPTS=${CHROOT_SCRIPTS:=""}
192 CHROOT_SCRIPTS=${CHROOT_SCRIPTS:=""}
192
193
193 # Packages required in the chroot build environment
194 # Packages required in the chroot build environment
194 export APT_INCLUDES=${APT_INCLUDES:=""}
195 APT_INCLUDES=${APT_INCLUDES:=""}
195 APT_INCLUDES="${APT_INCLUDES},apt-transport-https,apt-utils,ca-certificates,debian-archive-keyring,dialog,sudo,systemd,sysvinit-utils,locales,keyboard-configuration,console-setup"
196 APT_INCLUDES="${APT_INCLUDES},apt-transport-https,apt-utils,ca-certificates,debian-archive-keyring,dialog,sudo,systemd,sysvinit-utils,locales,keyboard-configuration,console-setup"
196
197
197 # Packages required for bootstrapping
198 # Packages required for bootstrapping
198 export REQUIRED_PACKAGES="debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git bc psmisc dbus sudo netselect-apt"
199 REQUIRED_PACKAGES="debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git bc psmisc dbus sudo netselect-apt"
199 export MISSING_PACKAGES=""
200 MISSING_PACKAGES=""
200
201
201 # Packages installed for c/c++ build environment in chroot (keep empty)
202 # Packages installed for c/c++ build environment in chroot (keep empty)
202 export COMPILER_PACKAGES=""
203 COMPILER_PACKAGES=""
203
204
205 #ipinfo=$(curl ipinfo.io | grep country )
206 #grep -o '\"[^"]*\"' $ipinfo | tr -d '"'
207 #grep -Po '"country":.*?[^\\]",' $(curl ipinfo.io | grep country )
208 #sed -i "s,http:,https:,g" "${ETC_DIR}/apt/sources.list"
204 #autconfigure best apt server to not spam ftp.debian.org
209 #autconfigure best apt server to not spam ftp.debian.org
205 #rm files/apt/sources.list
210 #rm files/apt/sources.list
206 #netselect-apt does not know buster yet
211 #netselect-apt does not know buster yet
207 if [ "$RELEASE" = "buster" ] ; then
212 if [ "$RELEASE" = "buster" ] ; then
208 RLS=testing
213 RLS=testing
209 else
214 else
210 RLS="$RELEASE"
215 RLS="$RELEASE"
211 fi
216 fi
212
217
213 if [ -f "$(pwd)/files/apt/sources.list" ] ; then
218 if [ -f "$(pwd)/files/apt/sources.list" ] ; then
214 rm "$(pwd)/files/apt/sources.list"
219 rm "$(pwd)/files/apt/sources.list"
215 fi
220 fi
216
221
217 if [ "$ENABLE_NONFREE" = true ] ; then
222 if [ "$ENABLE_NONFREE" = true ] ; then
218 netselect-apt --arch "$RELEASE_ARCH" --tests 10 --sources --nonfree --outfile "$(pwd)/files/apt/sources.list" -d "$RLS"
223 netselect-apt --arch "$RELEASE_ARCH" --tests 10 --sources --nonfree --outfile "$(pwd)/files/apt/sources.list" -d "$RLS"
219 else
224 else
220 netselect-apt --arch "$RELEASE_ARCH" --tests 10 --sources --outfile "$(pwd)/files/apt/sources.list" -d "$RLS"
225 netselect-apt --arch "$RELEASE_ARCH" --tests 10 --sources --outfile "$(pwd)/files/apt/sources.list" -d "$RLS"
221 fi
226 fi
227
228 #sed and cut the result string so we can use it as APT_SERVER
222 APT_SERVER=$(grep -m 1 http files/apt/sources.list | sed "s|http://| |g" | cut -d ' ' -f 3)
229 APT_SERVER=$(grep -m 1 http files/apt/sources.list | sed "s|http://| |g" | cut -d ' ' -f 3)
223 APT_SERVER=${APT_SERVER::-1}
230 APT_SERVER=${APT_SERVER::-1}
224
231
225 #make script easier and more stable to use with convenient setup switch. Just setup SET_ARCH and RPI_MODEL and your good to go!
232 #make script easier and more stable to use with convenient setup switch. Just setup SET_ARCH and RPI_MODEL and your good to go!
226 if [ -n "$SET_ARCH" ] ; then
233 if [ -n "$SET_ARCH" ] ; then
227 echo "Setting Architecture specific settings"
234 echo "Setting Architecture specific settings"
228 ##################################
235 ##################################
229 # 64 bit config
236 # 64 bit config
230 ##################################
237 ##################################
231 if [ "$SET_ARCH" = 64 ] ; then
238 if [ "$SET_ARCH" = 64 ] ; then
232 echo "64 bit mode selected - Setting up enviroment"
239 echo "64 bit mode selected - Setting up enviroment"
233 # 64 bit depended settings
240 # 64 bit depended settings
234 QEMU_BINARY=${QEMU_BINARY:=/usr/bin/qemu-aarch64-static}
241 QEMU_BINARY=${QEMU_BINARY:=/usr/bin/qemu-aarch64-static}
235 KERNEL_ARCH=${KERNEL_ARCH:=arm64}
242 KERNEL_ARCH=${KERNEL_ARCH:=arm64}
236 KERNEL_BIN_IMAGE=${KERNEL_BIN_IMAGE:="Image"}
243 KERNEL_BIN_IMAGE=${KERNEL_BIN_IMAGE:="Image"}
237
244
238 if [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then
245 if [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then
239 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-arm64"
246 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-arm64"
240 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcmrpi3_defconfig}
247 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcmrpi3_defconfig}
241 RELEASE_ARCH=${RELEASE_ARCH:=arm64}
248 RELEASE_ARCH=${RELEASE_ARCH:=arm64}
242 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel8.img}
249 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel8.img}
243 CROSS_COMPILE=${CROSS_COMPILE:=aarch64-linux-gnu-}
250 CROSS_COMPILE=${CROSS_COMPILE:=aarch64-linux-gnu-}
244 else
251 else
245 echo "error: At the moment Raspberry PI 3 and 3B+ are the only Models which support 64bit"
252 echo "error: At the moment Raspberry PI 3 and 3B+ are the only Models which support 64bit"
246 exit 1
253 exit 1
247 fi
254 fi
248 fi
255 fi
249
256
250 ##################################
257 ##################################
251 # 32 bit config
258 # 32 bit config
252 ##################################
259 ##################################
253 if [ "$SET_ARCH" = 32 ] ; then
260 if [ "$SET_ARCH" = 32 ] ; then
254 echo "32 bit mode selected - Setting up enviroment"
261 echo "32 bit mode selected - Setting up enviroment"
255 #General 32bit configuration
262 #General 32bit configuration
256 QEMU_BINARY=${QEMU_BINARY:=/usr/bin/qemu-arm-static}
263 QEMU_BINARY=${QEMU_BINARY:=/usr/bin/qemu-arm-static}
257 KERNEL_ARCH=${KERNEL_ARCH:=arm}
264 KERNEL_ARCH=${KERNEL_ARCH:=arm}
258 KERNEL_BIN_IMAGE=${KERNEL_BIN_IMAGE:="zImage"}
265 KERNEL_BIN_IMAGE=${KERNEL_BIN_IMAGE:="zImage"}
259
266
260 #Raspberry setting grouped by board compability
267 #Raspberry setting grouped by board compability
261 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 1 ] || [ "$RPI_MODEL" = 1P ] ; then
268 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 1 ] || [ "$RPI_MODEL" = 1P ] ; then
262 echo "Setting settings for bcm2835 Raspberry PI boards"
269 echo "Setting settings for bcm2835 Raspberry PI boards"
263 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-armel"
270 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-armel"
264 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcmrpi_defconfig}
271 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcmrpi_defconfig}
265 RELEASE_ARCH=${RELEASE_ARCH:=armel}
272 RELEASE_ARCH=${RELEASE_ARCH:=armel}
266 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel.img}
273 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel.img}
267 CROSS_COMPILE=${CROSS_COMPILE:=arm-linux-gnueabi-}
274 CROSS_COMPILE=${CROSS_COMPILE:=arm-linux-gnueabi-}
268 fi
275 fi
269 if [ "$RPI_MODEL" = 2 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then
276 if [ "$RPI_MODEL" = 2 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then
270 echo "Setting settings for bcm2837 Raspberry PI boards"
277 echo "Setting settings for bcm2837 Raspberry PI boards"
271 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-armhf"
278 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-armhf"
272 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcm2709_defconfig}
279 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcm2709_defconfig}
273 RELEASE_ARCH=${RELEASE_ARCH:=armhf}
280 RELEASE_ARCH=${RELEASE_ARCH:=armhf}
274 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel7.img}
281 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel7.img}
275 CROSS_COMPILE=${CROSS_COMPILE:=arm-linux-gnueabihf-}
282 CROSS_COMPILE=${CROSS_COMPILE:=arm-linux-gnueabihf-}
276 fi
283 fi
277 fi
284 fi
278 #SET_ARCH not set
285 #SET_ARCH not set
279 else
286 else
280 echo "error: Please set '32' or '64' as value for SET_ARCH"
287 echo "error: Please set '32' or '64' as value for SET_ARCH"
281 exit 1
288 exit 1
282 fi
289 fi
283
290
284 #Device specific configuration
291 #Device specific configuration
285 echo "Select DTB-File"
292 echo "Select DTB-File"
286 case "$RPI_MODEL" in
293 case "$RPI_MODEL" in
287 0)
294 0)
288 DTB_FILE=${DTB_FILE:=bcm2708-rpi-0-w.dtb}
295 DTB_FILE=${DTB_FILE:=bcm2708-rpi-0-w.dtb}
289 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_defconfig}
296 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_defconfig}
290 ;;
297 ;;
291 1)
298 1)
292 DTB_FILE=${DTB_FILE:=bcm2708-rpi-b.dtb}
299 DTB_FILE=${DTB_FILE:=bcm2708-rpi-b.dtb}
293 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_defconfig}
300 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_defconfig}
294 ;;
301 ;;
295 1P)
302 1P)
296 DTB_FILE=${DTB_FILE:=bcm2708-rpi-b-plus.dtb}
303 DTB_FILE=${DTB_FILE:=bcm2708-rpi-b-plus.dtb}
297 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_defconfig}
304 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_defconfig}
298 ;;
305 ;;
299 2)
306 2)
300 DTB_FILE=${DTB_FILE:=bcm2709-rpi-2-b.dtb}
307 DTB_FILE=${DTB_FILE:=bcm2709-rpi-2-b.dtb}
301 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_2_defconfig}
308 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_2_defconfig}
302 ;;
309 ;;
303 3)
310 3)
304 DTB_FILE=${DTB_FILE:=bcm2710-rpi-3-b.dtb}
311 DTB_FILE=${DTB_FILE:=bcm2710-rpi-3-b.dtb}
305 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_3_defconfig}
312 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_3_defconfig}
306 ;;
313 ;;
307 3P)
314 3P)
308 DTB_FILE=${DTB_FILE:=bcm2710-rpi-3-b.dtb}
315 DTB_FILE=${DTB_FILE:=bcm2710-rpi-3-b.dtb}
309 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_3_defconfig}
316 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_3_defconfig}
310 ;;
317 ;;
311 *)
318 *)
312 echo "error: Raspberry Pi model $RPI_MODEL is not supported!"
319 echo "error: Raspberry Pi model $RPI_MODEL is not supported!"
313 exit 1
320 exit 1
314 ;;
321 ;;
315 esac
322 esac
316 echo "$DTB_FILE selected"
323 echo "$DTB_FILE selected"
317
324
318 #DEBUG off
325 #DEBUG off
319 set +x
326 set +x
320
327
321 # Check if the internal wireless interface is supported by the RPi model
328 # Check if the internal wireless interface is supported by the RPi model
322 if [ "$ENABLE_WIRELESS" = true ] ; then
329 if [ "$ENABLE_WIRELESS" = true ] ; then
323 if [ "$RPI_MODEL" = 1 ] || [ "$RPI_MODEL" = 1P ] || [ "$RPI_MODEL" = 2 ] ; then
330 if [ "$RPI_MODEL" = 1 ] || [ "$RPI_MODEL" = 1P ] || [ "$RPI_MODEL" = 2 ] ; then
324 echo "error: The selected Raspberry Pi model has no internal wireless interface"
331 echo "error: The selected Raspberry Pi model has no internal wireless interface"
325 exit 1
332 exit 1
326 else
333 else
327 echo "Raspberry Pi $RPI_MODEL has WIFI support"
334 echo "Raspberry Pi $RPI_MODEL has WIFI support"
328 fi
335 fi
329 fi
336 fi
330
337
331 # Check if DISABLE_UNDERVOLT_WARNINGS parameter value is supported
338 # Check if DISABLE_UNDERVOLT_WARNINGS parameter value is supported
332 if [ -n "$DISABLE_UNDERVOLT_WARNINGS" ] ; then
339 if [ -n "$DISABLE_UNDERVOLT_WARNINGS" ] ; then
333 if [ "$DISABLE_UNDERVOLT_WARNINGS" != 1 ] && [ "$DISABLE_UNDERVOLT_WARNINGS" != 2 ] ; then
340 if [ "$DISABLE_UNDERVOLT_WARNINGS" != 1 ] && [ "$DISABLE_UNDERVOLT_WARNINGS" != 2 ] ; then
334 echo "error: DISABLE_UNDERVOLT_WARNINGS=${DISABLE_UNDERVOLT_WARNINGS} is not supported"
341 echo "error: DISABLE_UNDERVOLT_WARNINGS=${DISABLE_UNDERVOLT_WARNINGS} is not supported"
335 exit 1
342 exit 1
336 fi
343 fi
337 fi
344 fi
338
345
339 if [ "$ENABLE_VIDEOCORE" = true ] ; then
346 if [ "$ENABLE_VIDEOCORE" = true ] ; then
340 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} cmake"
347 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} cmake"
341 fi
348 fi
342
349
343 # Add libncurses5 to enable kernel menuconfig
350 # Add libncurses5 to enable kernel menuconfig
344 if [ "$KERNEL_MENUCONFIG" = true ] ; then
351 if [ "$KERNEL_MENUCONFIG" = true ] ; then
345 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} libncurses-dev"
352 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} libncurses-dev"
346 fi
353 fi
347
354
348 # Add ccache compiler cache for (faster) kernel cross (re)compilation
355 # Add ccache compiler cache for (faster) kernel cross (re)compilation
349 if [ "$KERNEL_CCACHE" = true ] ; then
356 if [ "$KERNEL_CCACHE" = true ] ; then
350 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} ccache"
357 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} ccache"
351 fi
358 fi
352
359
353 # Add cryptsetup package to enable filesystem encryption
360 # Add cryptsetup package to enable filesystem encryption
354 if [ "$ENABLE_CRYPTFS" = true ] && [ "$BUILD_KERNEL" = true ] ; then
361 if [ "$ENABLE_CRYPTFS" = true ] && [ "$BUILD_KERNEL" = true ] ; then
355 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} cryptsetup"
362 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} cryptsetup"
356 APT_INCLUDES="${APT_INCLUDES},cryptsetup,busybox,console-setup"
363 APT_INCLUDES="${APT_INCLUDES},cryptsetup,busybox,console-setup"
357
364
358 if [ -z "$CRYPTFS_PASSWORD" ] ; then
365 if [ -z "$CRYPTFS_PASSWORD" ] ; then
359 echo "error: no password defined (CRYPTFS_PASSWORD)!"
366 echo "error: no password defined (CRYPTFS_PASSWORD)!"
360 exit 1
367 exit 1
361 fi
368 fi
362 ENABLE_INITRAMFS=true
369 ENABLE_INITRAMFS=true
363 fi
370 fi
364
371
365 # Add initramfs generation tools
372 # Add initramfs generation tools
366 if [ "$ENABLE_INITRAMFS" = true ] && [ "$BUILD_KERNEL" = true ] ; then
373 if [ "$ENABLE_INITRAMFS" = true ] && [ "$BUILD_KERNEL" = true ] ; then
367 APT_INCLUDES="${APT_INCLUDES},initramfs-tools"
374 APT_INCLUDES="${APT_INCLUDES},initramfs-tools"
368 fi
375 fi
369
376
370 # Add device-tree-compiler required for building the U-Boot bootloader
377 # Add device-tree-compiler required for building the U-Boot bootloader
371 if [ "$ENABLE_UBOOT" = true ] ; then
378 if [ "$ENABLE_UBOOT" = true ] ; then
372 APT_INCLUDES="${APT_INCLUDES},device-tree-compiler,bison,flex,bc"
379 APT_INCLUDES="${APT_INCLUDES},device-tree-compiler,bison,flex,bc"
373 else
380 else
374 if [ "$ENABLE_UBOOTUSB" = true ] ; then
381 if [ "$ENABLE_UBOOTUSB" = true ] ; then
375 echo "error: Enabling UBOOTUSB requires u-boot to be enabled"
382 echo "error: Enabling UBOOTUSB requires u-boot to be enabled"
376 exit 1
383 exit 1
377 fi
384 fi
378 fi
385 fi
379
386
380 # Check if root SSH (v2) public key file exists
387 # Check if root SSH (v2) public key file exists
381 if [ -n "$SSH_ROOT_PUB_KEY" ] ; then
388 if [ -n "$SSH_ROOT_PUB_KEY" ] ; then
382 if [ ! -f "$SSH_ROOT_PUB_KEY" ] ; then
389 if [ ! -f "$SSH_ROOT_PUB_KEY" ] ; then
383 echo "error: '$SSH_ROOT_PUB_KEY' specified SSH public key file not found (SSH_ROOT_PUB_KEY)!"
390 echo "error: '$SSH_ROOT_PUB_KEY' specified SSH public key file not found (SSH_ROOT_PUB_KEY)!"
384 exit 1
391 exit 1
385 fi
392 fi
386 fi
393 fi
387
394
388 # Check if $USER_NAME SSH (v2) public key file exists
395 # Check if $USER_NAME SSH (v2) public key file exists
389 if [ -n "$SSH_USER_PUB_KEY" ] ; then
396 if [ -n "$SSH_USER_PUB_KEY" ] ; then
390 if [ ! -f "$SSH_USER_PUB_KEY" ] ; then
397 if [ ! -f "$SSH_USER_PUB_KEY" ] ; then
391 echo "error: '$SSH_USER_PUB_KEY' specified SSH public key file not found (SSH_USER_PUB_KEY)!"
398 echo "error: '$SSH_USER_PUB_KEY' specified SSH public key file not found (SSH_USER_PUB_KEY)!"
392 exit 1
399 exit 1
393 fi
400 fi
394 fi
401 fi
395
402
396 # Check if all required packages are installed on the build system
403 # Check if all required packages are installed on the build system
397 for package in $REQUIRED_PACKAGES ; do
404 for package in $REQUIRED_PACKAGES ; do
398 if [ "$(dpkg-query -W -f='${Status}' "$package")" != "install ok installed" ] ; then
405 if [ "$(dpkg-query -W -f='${Status}' $package)" != "install ok installed" ] ; then
399 MISSING_PACKAGES="${MISSING_PACKAGES} $package"
406 MISSING_PACKAGES="${MISSING_PACKAGES} $package"
400 fi
407 fi
401 done
408 done
402
409
403 # If there are missing packages ask confirmation for install, or exit
410 # If there are missing packages ask confirmation for install, or exit
404 if [ -n "$MISSING_PACKAGES" ] ; then
411 if [ -n "$MISSING_PACKAGES" ] ; then
405 echo "the following packages needed by this script are not installed:"
412 echo "the following packages needed by this script are not installed:"
406 echo "$MISSING_PACKAGES"
413 echo "$MISSING_PACKAGES"
407
414
408 printf "\ndo you want to install the missing packages right now? [y/n] "
415 printf "\ndo you want to install the missing packages right now? [y/n] "
409 read -r confirm
416 read -r confirm
410 [ "$confirm" != "y" ] && exit 1
417 [ "$confirm" != "y" ] && exit 1
411
418
412 # Make sure all missing required packages are installed
419 # Make sure all missing required packages are installed
413 apt-get -qq -y install "${MISSING_PACKAGES}"
420 apt-get -qq -y install "${MISSING_PACKAGES}"
414 fi
421 fi
415
422
416 # Check if ./bootstrap.d directory exists
423 # Check if ./bootstrap.d directory exists
417 if [ ! -d "./bootstrap.d/" ] ; then
424 if [ ! -d "./bootstrap.d/" ] ; then
418 echo "error: './bootstrap.d' required directory not found!"
425 echo "error: './bootstrap.d' required directory not found!"
419 exit 1
426 exit 1
420 fi
427 fi
421
428
422 # Check if ./files directory exists
429 # Check if ./files directory exists
423 if [ ! -d "./files/" ] ; then
430 if [ ! -d "./files/" ] ; then
424 echo "error: './files' required directory not found!"
431 echo "error: './files' required directory not found!"
425 exit 1
432 exit 1
426 fi
433 fi
427
434
428 # Check if specified KERNELSRC_DIR directory exists
435 # Check if specified KERNELSRC_DIR directory exists
429 if [ -n "$KERNELSRC_DIR" ] && [ ! -d "$KERNELSRC_DIR" ] ; then
436 if [ -n "$KERNELSRC_DIR" ] && [ ! -d "$KERNELSRC_DIR" ] ; then
430 echo "error: '${KERNELSRC_DIR}' specified directory not found (KERNELSRC_DIR)!"
437 echo "error: '${KERNELSRC_DIR}' specified directory not found (KERNELSRC_DIR)!"
431 exit 1
438 exit 1
432 fi
439 fi
433
440
434 # Check if specified UBOOTSRC_DIR directory exists
441 # Check if specified UBOOTSRC_DIR directory exists
435 if [ -n "$UBOOTSRC_DIR" ] && [ ! -d "$UBOOTSRC_DIR" ] ; then
442 if [ -n "$UBOOTSRC_DIR" ] && [ ! -d "$UBOOTSRC_DIR" ] ; then
436 echo "error: '${UBOOTSRC_DIR}' specified directory not found (UBOOTSRC_DIR)!"
443 echo "error: '${UBOOTSRC_DIR}' specified directory not found (UBOOTSRC_DIR)!"
437 exit 1
444 exit 1
438 fi
445 fi
439
446
440 # Check if specified VIDEOCORESRC_DIR directory exists
447 # Check if specified VIDEOCORESRC_DIR directory exists
441 if [ -n "$VIDEOCORESRC_DIR" ] && [ ! -d "$VIDEOCORESRC_DIR" ] ; then
448 if [ -n "$VIDEOCORESRC_DIR" ] && [ ! -d "$VIDEOCORESRC_DIR" ] ; then
442 echo "error: '${VIDEOCORESRC_DIR}' specified directory not found (VIDEOCORESRC_DIR)!"
449 echo "error: '${VIDEOCORESRC_DIR}' specified directory not found (VIDEOCORESRC_DIR)!"
443 exit 1
450 exit 1
444 fi
451 fi
445
452
446 # Check if specified FBTURBOSRC_DIR directory exists
453 # Check if specified FBTURBOSRC_DIR directory exists
447 if [ -n "$FBTURBOSRC_DIR" ] && [ ! -d "$FBTURBOSRC_DIR" ] ; then
454 if [ -n "$FBTURBOSRC_DIR" ] && [ ! -d "$FBTURBOSRC_DIR" ] ; then
448 echo "error: '${FBTURBOSRC_DIR}' specified directory not found (FBTURBOSRC_DIR)!"
455 echo "error: '${FBTURBOSRC_DIR}' specified directory not found (FBTURBOSRC_DIR)!"
449 exit 1
456 exit 1
450 fi
457 fi
451
458
452 # Check if specified CHROOT_SCRIPTS directory exists
459 # Check if specified CHROOT_SCRIPTS directory exists
453 if [ -n "$CHROOT_SCRIPTS" ] && [ ! -d "$CHROOT_SCRIPTS" ] ; then
460 if [ -n "$CHROOT_SCRIPTS" ] && [ ! -d "$CHROOT_SCRIPTS" ] ; then
454 echo "error: ${CHROOT_SCRIPTS} specified directory not found (CHROOT_SCRIPTS)!"
461 echo "error: ${CHROOT_SCRIPTS} specified directory not found (CHROOT_SCRIPTS)!"
455 exit 1
462 exit 1
456 fi
463 fi
457
464
458 # Check if specified device mapping already exists (will be used by cryptsetup)
465 # Check if specified device mapping already exists (will be used by cryptsetup)
459 if [ -r "/dev/mapping/${CRYPTFS_MAPPING}" ] ; then
466 if [ -r "/dev/mapping/${CRYPTFS_MAPPING}" ] ; then
460 echo "error: mapping /dev/mapping/${CRYPTFS_MAPPING} already exists, not proceeding"
467 echo "error: mapping /dev/mapping/${CRYPTFS_MAPPING} already exists, not proceeding"
461 exit 1
468 exit 1
462 fi
469 fi
463
470
464 # Don't clobber an old build
471 # Don't clobber an old build
465 if [ -e "$BUILDDIR" ] ; then
472 if [ -e "$BUILDDIR" ] ; then
466 echo "error: directory ${BUILDDIR} already exists, not proceeding"
473 echo "error: directory ${BUILDDIR} already exists, not proceeding"
467 exit 1
474 exit 1
468 fi
475 fi
469
476
470 # Setup chroot directory
477 # Setup chroot directory
471 mkdir -p "${R}"
478 mkdir -p "${R}"
472
479
473 # Check if build directory has enough of free disk space >512MB
480 # Check if build directory has enough of free disk space >512MB
474 if [ "$(df --output=avail "${BUILDDIR}" | sed "1d")" -le "524288" ] ; then
481 if [ "$(df --output=avail "${BUILDDIR}" | sed "1d")" -le "524288" ] ; then
475 echo "error: ${BUILDDIR} not enough space left to generate the output image!"
482 echo "error: ${BUILDDIR} not enough space left to generate the output image!"
476 exit 1
483 exit 1
477 fi
484 fi
478
485
486 set -x
487
479 # Call "cleanup" function on various signals and errors
488 # Call "cleanup" function on various signals and errors
480 trap cleanup 0 1 2 3 6
489 trap cleanup 0 1 2 3 6
481
490
482 # Add required packages for the minbase installation
491 # Add required packages for the minbase installation
483 if [ "$ENABLE_MINBASE" = true ] ; then
492 if [ "$ENABLE_MINBASE" = true ] ; then
484 APT_INCLUDES="${APT_INCLUDES},vim-tiny,netbase,net-tools,ifupdown"
493 APT_INCLUDES="${APT_INCLUDES},vim-tiny,netbase,net-tools,ifupdown"
485 fi
494 fi
486
495
487 # Add parted package, required to get partprobe utility
496 # Add parted package, required to get partprobe utility
488 if [ "$EXPANDROOT" = true ] ; then
497 if [ "$EXPANDROOT" = true ] ; then
489 APT_INCLUDES="${APT_INCLUDES},parted"
498 APT_INCLUDES="${APT_INCLUDES},parted"
490 fi
499 fi
491
500
492 # Add dbus package, recommended if using systemd
501 # Add dbus package, recommended if using systemd
493 if [ "$ENABLE_DBUS" = true ] ; then
502 if [ "$ENABLE_DBUS" = true ] ; then
494 APT_INCLUDES="${APT_INCLUDES},dbus"
503 APT_INCLUDES="${APT_INCLUDES},dbus"
495 fi
504 fi
496
505
497 # Add iptables IPv4/IPv6 package
506 # Add iptables IPv4/IPv6 package
498 if [ "$ENABLE_IPTABLES" = true ] ; then
507 if [ "$ENABLE_IPTABLES" = true ] ; then
499 APT_INCLUDES="${APT_INCLUDES},iptables,iptables-persistent"
508 APT_INCLUDES="${APT_INCLUDES},iptables,iptables-persistent"
500 fi
509 fi
501
510
502 # Add openssh server package
511 # Add openssh server package
503 if [ "$ENABLE_SSHD" = true ] ; then
512 if [ "$ENABLE_SSHD" = true ] ; then
504 APT_INCLUDES="${APT_INCLUDES},openssh-server"
513 APT_INCLUDES="${APT_INCLUDES},openssh-server"
505 fi
514 fi
506
515
507 # Add alsa-utils package
516 # Add alsa-utils package
508 if [ "$ENABLE_SOUND" = true ] ; then
517 if [ "$ENABLE_SOUND" = true ] ; then
509 APT_INCLUDES="${APT_INCLUDES},alsa-utils"
518 APT_INCLUDES="${APT_INCLUDES},alsa-utils"
510 fi
519 fi
511
520
512 # Add rng-tools package
521 # Add rng-tools package
513 if [ "$ENABLE_HWRANDOM" = true ] ; then
522 if [ "$ENABLE_HWRANDOM" = true ] ; then
514 APT_INCLUDES="${APT_INCLUDES},rng-tools"
523 APT_INCLUDES="${APT_INCLUDES},rng-tools"
515 fi
524 fi
516
525
517 # Add fbturbo video driver
526 # Add fbturbo video driver
518 if [ "$ENABLE_FBTURBO" = true ] ; then
527 if [ "$ENABLE_FBTURBO" = true ] ; then
519 # Enable xorg package dependencies
528 # Enable xorg package dependencies
520 ENABLE_XORG=true
529 ENABLE_XORG=true
521 fi
530 fi
522
531
523 # Add user defined window manager package
532 # Add user defined window manager package
524 if [ -n "$ENABLE_WM" ] ; then
533 if [ -n "$ENABLE_WM" ] ; then
525 APT_INCLUDES="${APT_INCLUDES},${ENABLE_WM}"
534 APT_INCLUDES="${APT_INCLUDES},${ENABLE_WM}"
526
535
527 # Enable xorg package dependencies
536 # Enable xorg package dependencies
528 ENABLE_XORG=true
537 ENABLE_XORG=true
529 fi
538 fi
530
539
531 # Add xorg package
540 # Add xorg package
532 if [ "$ENABLE_XORG" = true ] ; then
541 if [ "$ENABLE_XORG" = true ] ; then
533 APT_INCLUDES="${APT_INCLUDES},xorg,dbus-x11"
542 APT_INCLUDES="${APT_INCLUDES},xorg,dbus-x11"
534 fi
543 fi
535
544
536 # Replace selected packages with smaller clones
545 # Replace selected packages with smaller clones
537 if [ "$ENABLE_REDUCE" = true ] ; then
546 if [ "$ENABLE_REDUCE" = true ] ; then
538 # Add levee package instead of vim-tiny
547 # Add levee package instead of vim-tiny
539 if [ "$REDUCE_VIM" = true ] ; then
548 if [ "$REDUCE_VIM" = true ] ; then
540 APT_INCLUDES="$(echo ${APT_INCLUDES} | sed "s/vim-tiny/levee/")"
549 APT_INCLUDES="$(echo ${APT_INCLUDES} | sed "s/vim-tiny/levee/")"
541 fi
550 fi
542
551
543 # Add dropbear package instead of openssh-server
552 # Add dropbear package instead of openssh-server
544 if [ "$REDUCE_SSHD" = true ] ; then
553 if [ "$REDUCE_SSHD" = true ] ; then
545 APT_INCLUDES="$(echo "${APT_INCLUDES}" | sed "s/openssh-server/dropbear/")"
554 APT_INCLUDES="$(echo "${APT_INCLUDES}" | sed "s/openssh-server/dropbear/")"
546 fi
555 fi
547 fi
556 fi
548
557
549 # Configure kernel sources if no KERNELSRC_DIR
558 # Configure kernel sources if no KERNELSRC_DIR
550 if [ "$BUILD_KERNEL" = true ] && [ -z "$KERNELSRC_DIR" ] ; then
559 if [ "$BUILD_KERNEL" = true ] && [ -z "$KERNELSRC_DIR" ] ; then
551 KERNELSRC_CONFIG=true
560 KERNELSRC_CONFIG=true
552 fi
561 fi
553
562
554 # Configure reduced kernel
563 # Configure reduced kernel
555 if [ "$KERNEL_REDUCE" = true ] ; then
564 if [ "$KERNEL_REDUCE" = true ] ; then
556 KERNELSRC_CONFIG=false
565 KERNELSRC_CONFIG=false
557 fi
566 fi
558
567
559 set -x
568 # Configure qemu compatible kernel
569 if [ "$ENABLE_QEMU" = true ] ; then
570 DTB_FILE=vexpress-v2p-ca15_a7.dtb
571 UBOOT_CONFIG=vexpress_ca15_tc2_defconfig
572 KERNEL_DEFCONFIG="vexpress_defconfig"
573 if [ "$KERNEL_MENUCONFIG" = false ] ; then
574 KERNEL_OLDDEFCONFIG=true
575 fi
576 fi
560
577
561 # Execute bootstrap scripts
578 # Execute bootstrap scripts
562 for SCRIPT in bootstrap.d/*.sh; do
579 for SCRIPT in bootstrap.d/*.sh; do
563 head -n 4 "$SCRIPT"
580 head -n 3 "$SCRIPT"
564 . "$SCRIPT"
581 . "$SCRIPT"
565 done
582 done
566
583
567 ## Execute custom bootstrap scripts
584 ## Execute custom bootstrap scripts
568 if [ -d "custom.d" ] ; then
585 if [ -d "custom.d" ] ; then
569 for SCRIPT in custom.d/*.sh; do
586 for SCRIPT in custom.d/*.sh; do
570 . "$SCRIPT"
587 . "$SCRIPT"
571 done
588 done
572 fi
589 fi
573
590
574 # Execute custom scripts inside the chroot
591 # Execute custom scripts inside the chroot
575 if [ -n "$CHROOT_SCRIPTS" ] && [ -d "$CHROOT_SCRIPTS" ] ; then
592 if [ -n "$CHROOT_SCRIPTS" ] && [ -d "$CHROOT_SCRIPTS" ] ; then
576 cp -r "${CHROOT_SCRIPTS}" "${R}/chroot_scripts"
593 cp -r "${CHROOT_SCRIPTS}" "${R}/chroot_scripts"
577 chroot_exec /bin/bash -x <<'EOF'
594 chroot_exec /bin/bash -x <<'EOF'
578 for SCRIPT in /chroot_scripts/* ; do
595 for SCRIPT in /chroot_scripts/* ; do
579 if [ -f $SCRIPT -a -x $SCRIPT ] ; then
596 if [ -f $SCRIPT -a -x $SCRIPT ] ; then
580 $SCRIPT
597 $SCRIPT
581 fi
598 fi
582 done
599 done
583 EOF
600 EOF
584 rm -rf "${R}/chroot_scripts"
601 rm -rf "${R}/chroot_scripts"
585 fi
602 fi
586
603
587 # Remove c/c++ build environment from the chroot
604 # Remove c/c++ build environment from the chroot
588 chroot_remove_cc
605 chroot_remove_cc
589
606
590 # Generate required machine-id
607 # Generate required machine-id
591 MACHINE_ID=$(dbus-uuidgen)
608 MACHINE_ID=$(dbus-uuidgen)
592 echo -n "${MACHINE_ID}" > "${R}/var/lib/dbus/machine-id"
609 echo -n "${MACHINE_ID}" > "${R}/var/lib/dbus/machine-id"
593 echo -n "${MACHINE_ID}" > "${ETC_DIR}/machine-id"
610 echo -n "${MACHINE_ID}" > "${ETC_DIR}/machine-id"
594
611
595 # APT Cleanup
612 # APT Cleanup
596 chroot_exec apt-get -y clean
613 chroot_exec apt-get -y clean
597 chroot_exec apt-get -y autoclean
614 chroot_exec apt-get -y autoclean
598 chroot_exec apt-get -y autoremove
615 chroot_exec apt-get -y autoremove
599
616
600 # Unmount mounted filesystems
617 # Unmount mounted filesystems
601 umount -l "${R}/proc"
618 umount -l "${R}/proc"
602 umount -l "${R}/sys"
619 umount -l "${R}/sys"
603
620
604 # Clean up directories
621 # Clean up directories
605 rm -rf "${R}/run/*"
622 rm -rf "${R}/run/*"
606 rm -rf "${R}/tmp/*"
623 rm -rf "${R}/tmp/*"
607
624
608 # Clean up files
625 # Clean up files
609 rm -f "${ETC_DIR}/ssh/ssh_host_*"
626 rm -f "${ETC_DIR}/ssh/ssh_host_*"
610 rm -f "${ETC_DIR}/dropbear/dropbear_*"
627 rm -f "${ETC_DIR}/dropbear/dropbear_*"
611 rm -f "${ETC_DIR}/apt/sources.list.save"
628 rm -f "${ETC_DIR}/apt/sources.list.save"
612 rm -f "${ETC_DIR}/resolvconf/resolv.conf.d/original"
629 rm -f "${ETC_DIR}/resolvconf/resolv.conf.d/original"
613 rm -f "${ETC_DIR}/*-"
630 rm -f "${ETC_DIR}/*-"
614 rm -f "${ETC_DIR}/apt/apt.conf.d/10proxy"
631 rm -f "${ETC_DIR}/apt/apt.conf.d/10proxy"
615 rm -f "${ETC_DIR}/resolv.conf"
632 rm -f "${ETC_DIR}/resolv.conf"
616 rm -f "${R}/root/.bash_history"
633 rm -f "${R}/root/.bash_history"
617 rm -f "${R}/var/lib/urandom/random-seed"
634 rm -f "${R}/var/lib/urandom/random-seed"
618 rm -f "${R}/initrd.img"
635 rm -f "${R}/initrd.img"
619 rm -f "${R}/vmlinuz"
636 rm -f "${R}/vmlinuz"
620 rm -f "${R}${QEMU_BINARY}"
637 rm -f "${R}${QEMU_BINARY}"
621
638
622 if [ "$ENABLE_QEMU" = true ] ; then
639 if [ "$ENABLE_QEMU" = true ] ; then
623 # Configure qemu compatible kernel
624 DTB_FILE=vexpress-v2p-ca15_a7.dtb
625 UBOOT_CONFIG=vexpress_ca15_tc2_defconfig
626 KERNEL_DEFCONFIG="vexpress_defconfig"
627 if [ "$KERNEL_MENUCONFIG" = false ] ; then
628 KERNEL_OLDDEFCONFIG=true
629 fi
630
631 # Setup QEMU directory
640 # Setup QEMU directory
632 mkdir "${BASEDIR}/qemu"
641 mkdir "${BASEDIR}/qemu"
633
642
634 # Copy kernel image to QEMU directory
643 # Copy kernel image to QEMU directory
635 install_readonly "${BOOT_DIR}/${KERNEL_IMAGE}" "${BASEDIR}/qemu/${KERNEL_IMAGE}"
644 install_readonly "${BOOT_DIR}/${KERNEL_IMAGE}" "${BASEDIR}/qemu/${KERNEL_IMAGE}"
636
645
637 # Copy kernel config to QEMU directory
646 # Copy kernel config to QEMU directory
638 install_readonly "${R}/boot/config-${KERNEL_VERSION}" "${BASEDIR}/qemu/config-${KERNEL_VERSION}"
647 install_readonly "${R}/boot/config-${KERNEL_VERSION}" "${BASEDIR}/qemu/config-${KERNEL_VERSION}"
639
648
640 # Copy kernel dtbs to QEMU directory
649 # Copy kernel dtbs to QEMU directory
641 for dtb in "${BOOT_DIR}/"*.dtb ; do
650 for dtb in "${BOOT_DIR}/"*.dtb ; do
642 if [ -f "${dtb}" ] ; then
651 if [ -f "${dtb}" ] ; then
643 install_readonly "${dtb}" "${BASEDIR}/qemu/"
652 install_readonly "${dtb}" "${BASEDIR}/qemu/"
644 fi
653 fi
645 done
654 done
646
655
647 # Copy kernel overlays to QEMU directory
656 # Copy kernel overlays to QEMU directory
648 if [ -d "${BOOT_DIR}/overlays" ] ; then
657 if [ -d "${BOOT_DIR}/overlays" ] ; then
649 # Setup overlays dtbs directory
658 # Setup overlays dtbs directory
650 mkdir "${BASEDIR}/qemu/overlays"
659 mkdir "${BASEDIR}/qemu/overlays"
651
660
652 for dtb in "${BOOT_DIR}/overlays/"*.dtb ; do
661 for dtb in "${BOOT_DIR}/overlays/"*.dtb ; do
653 if [ -f "${dtb}" ] ; then
662 if [ -f "${dtb}" ] ; then
654 install_readonly "${dtb}" "${BASEDIR}/qemu/overlays/"
663 install_readonly "${dtb}" "${BASEDIR}/qemu/overlays/"
655 fi
664 fi
656 done
665 done
657 fi
666 fi
658
667
659 # Copy u-boot files to QEMU directory
668 # Copy u-boot files to QEMU directory
660 if [ "$ENABLE_UBOOT" = true ] ; then
669 if [ "$ENABLE_UBOOT" = true ] ; then
661 if [ -f "${BOOT_DIR}/u-boot.bin" ] ; then
670 if [ -f "${BOOT_DIR}/u-boot.bin" ] ; then
662 install_readonly "${BOOT_DIR}/u-boot.bin" "${BASEDIR}/qemu/u-boot.bin"
671 install_readonly "${BOOT_DIR}/u-boot.bin" "${BASEDIR}/qemu/u-boot.bin"
663 fi
672 fi
664 if [ -f "${BOOT_DIR}/uboot.mkimage" ] ; then
673 if [ -f "${BOOT_DIR}/uboot.mkimage" ] ; then
665 install_readonly "${BOOT_DIR}/uboot.mkimage" "${BASEDIR}/qemu/uboot.mkimage"
674 install_readonly "${BOOT_DIR}/uboot.mkimage" "${BASEDIR}/qemu/uboot.mkimage"
666 fi
675 fi
667 if [ -f "${BOOT_DIR}/boot.scr" ] ; then
676 if [ -f "${BOOT_DIR}/boot.scr" ] ; then
668 install_readonly "${BOOT_DIR}/boot.scr" "${BASEDIR}/qemu/boot.scr"
677 install_readonly "${BOOT_DIR}/boot.scr" "${BASEDIR}/qemu/boot.scr"
669 fi
678 fi
670 fi
679 fi
671
680
672 # Copy initramfs to QEMU directory
681 # Copy initramfs to QEMU directory
673 if [ -f "${BOOT_DIR}/initramfs-${KERNEL_VERSION}" ] ; then
682 if [ -f "${BOOT_DIR}/initramfs-${KERNEL_VERSION}" ] ; then
674 install_readonly "${BOOT_DIR}/initramfs-${KERNEL_VERSION}" "${BASEDIR}/qemu/initramfs-${KERNEL_VERSION}"
683 install_readonly "${BOOT_DIR}/initramfs-${KERNEL_VERSION}" "${BASEDIR}/qemu/initramfs-${KERNEL_VERSION}"
675 fi
684 fi
676 fi
685 fi
677
686
678 # Calculate size of the chroot directory in KB
687 # Calculate size of the chroot directory in KB
679 CHROOT_SIZE=$(expr "$(du -s "${R}" | awk '{ print $1 }')")
688 CHROOT_SIZE=$(expr "$(du -s "${R}" | awk '{ print $1 }')")
680
689
681 # Calculate the amount of needed 512 Byte sectors
690 # Calculate the amount of needed 512 Byte sectors
682 TABLE_SECTORS=$(expr 1 \* 1024 \* 1024 \/ 512)
691 TABLE_SECTORS=$(expr 1 \* 1024 \* 1024 \/ 512)
683 FRMW_SECTORS=$(expr 64 \* 1024 \* 1024 \/ 512)
692 FRMW_SECTORS=$(expr 64 \* 1024 \* 1024 \/ 512)
684 ROOT_OFFSET=$(expr "${TABLE_SECTORS}" + "${FRMW_SECTORS}")
693 ROOT_OFFSET=$(expr "${TABLE_SECTORS}" + "${FRMW_SECTORS}")
685
694
686 # The root partition is EXT4
695 # The root partition is EXT4
687 # This means more space than the actual used space of the chroot is used.
696 # This means more space than the actual used space of the chroot is used.
688 # As overhead for journaling and reserved blocks 35% are added.
697 # As overhead for journaling and reserved blocks 35% are added.
689 ROOT_SECTORS=$(expr "$(expr "${CHROOT_SIZE}" + "${CHROOT_SIZE}" \/ 100 \* 35)" \* 1024 \/ 512)
698 ROOT_SECTORS=$(expr "$(expr "${CHROOT_SIZE}" + "${CHROOT_SIZE}" \/ 100 \* 35)" \* 1024 \/ 512)
690
699
691 # Calculate required image size in 512 Byte sectors
700 # Calculate required image size in 512 Byte sectors
692 IMAGE_SECTORS=$(expr "${TABLE_SECTORS}" + "${FRMW_SECTORS}" + "${ROOT_SECTORS}")
701 IMAGE_SECTORS=$(expr "${TABLE_SECTORS}" + "${FRMW_SECTORS}" + "${ROOT_SECTORS}")
693
702
694 # Prepare image file
703 # Prepare image file
695 if [ "$ENABLE_SPLITFS" = true ] ; then
704 if [ "$ENABLE_SPLITFS" = true ] ; then
696 dd if=/dev/zero of="$IMAGE_NAME-frmw.img" bs=512 count="${TABLE_SECTORS}"
705 dd if=/dev/zero of="$IMAGE_NAME-frmw.img" bs=512 count="${TABLE_SECTORS}"
697 dd if=/dev/zero of="$IMAGE_NAME-frmw.img" bs=512 count=0 seek="${FRMW_SECTORS}"
706 dd if=/dev/zero of="$IMAGE_NAME-frmw.img" bs=512 count=0 seek="${FRMW_SECTORS}"
698 dd if=/dev/zero of="$IMAGE_NAME-root.img" bs=512 count="${TABLE_SECTORS}"
707 dd if=/dev/zero of="$IMAGE_NAME-root.img" bs=512 count="${TABLE_SECTORS}"
699 dd if=/dev/zero of="$IMAGE_NAME-root.img" bs=512 count=0 seek="${ROOT_SECTORS}"
708 dd if=/dev/zero of="$IMAGE_NAME-root.img" bs=512 count=0 seek="${ROOT_SECTORS}"
700
709
701 # Write firmware/boot partition tables
710 # Write firmware/boot partition tables
702 sfdisk -q -L -uS -f "$IMAGE_NAME-frmw.img" 2> /dev/null <<EOM
711 sfdisk -q -L -uS -f "$IMAGE_NAME-frmw.img" 2> /dev/null <<EOM
703 "${TABLE_SECTORS}","${FRMW_SECTORS}",c,*
712 ${TABLE_SECTORS},${FRMW_SECTORS},c,*
704 EOM
713 EOM
705
714
706 # Write root partition table
715 # Write root partition table
707 sfdisk -q -L -uS -f "$IMAGE_NAME-root.img" 2> /dev/null <<EOM
716 sfdisk -q -L -uS -f "$IMAGE_NAME-root.img" 2> /dev/null <<EOM
708 "${TABLE_SECTORS}","${ROOT_SECTORS}",83
717 ${TABLE_SECTORS},${ROOT_SECTORS},83
709 EOM
718 EOM
710
719
711 # Setup temporary loop devices
720 # Setup temporary loop devices
712 FRMW_LOOP="$(losetup -o 1M --sizelimit 64M -f --show "$IMAGE_NAME"-frmw.img)"
721 FRMW_LOOP="$(losetup -o 1M --sizelimit 64M -f --show "$IMAGE_NAME"-frmw.img)"
713 ROOT_LOOP="$(losetup -o 1M -f --show "$IMAGE_NAME"-root.img)"
722 ROOT_LOOP="$(losetup -o 1M -f --show "$IMAGE_NAME"-root.img)"
714 else # ENABLE_SPLITFS=false
723 else # ENABLE_SPLITFS=false
715 dd if=/dev/zero of="$IMAGE_NAME.img" bs=512 count="${TABLE_SECTORS}"
724 dd if=/dev/zero of="$IMAGE_NAME.img" bs=512 count="${TABLE_SECTORS}"
716 dd if=/dev/zero of="$IMAGE_NAME.img" bs=512 count=0 seek="${IMAGE_SECTORS}"
725 dd if=/dev/zero of="$IMAGE_NAME.img" bs=512 count=0 seek="${IMAGE_SECTORS}"
717
726
718 # Write partition table
727 # Write partition table
719 sfdisk -q -L -uS -f "$IMAGE_NAME.img" 2> /dev/null <<EOM
728 sfdisk -q -L -uS -f "$IMAGE_NAME.img" 2> /dev/null <<EOM
720 "${TABLE_SECTORS}","${FRMW_SECTORS}",c,*
729 ${TABLE_SECTORS},${FRMW_SECTORS},c,*
721 "${ROOT_OFFSET}","${ROOT_SECTORS}",83
730 ${ROOT_OFFSET},${ROOT_SECTORS},83
722 EOM
731 EOM
723
732
724 # Setup temporary loop devices
733 # Setup temporary loop devices
725 FRMW_LOOP="$(losetup -o 1M --sizelimit 64M -f --show "$IMAGE_NAME".img)"
734 FRMW_LOOP="$(losetup -o 1M --sizelimit 64M -f --show "$IMAGE_NAME".img)"
726 ROOT_LOOP="$(losetup -o 65M -f --show "$IMAGE_NAME".img)"
735 ROOT_LOOP="$(losetup -o 65M -f --show "$IMAGE_NAME".img)"
727 fi
736 fi
728
737
729 if [ "$ENABLE_CRYPTFS" = true ] ; then
738 if [ "$ENABLE_CRYPTFS" = true ] ; then
730 # Create dummy ext4 fs
739 # Create dummy ext4 fs
731 mkfs.ext4 "$ROOT_LOOP"
740 mkfs.ext4 "$ROOT_LOOP"
732
741
733 # Setup password keyfile
742 # Setup password keyfile
734 touch .password
743 touch .password
735 chmod 600 .password
744 chmod 600 .password
736 echo -n "${CRYPTFS_PASSWORD}" > .password
745 echo -n ${CRYPTFS_PASSWORD} > .password
737
746
738 # Initialize encrypted partition
747 # Initialize encrypted partition
739 echo "YES" | cryptsetup luksFormat "${ROOT_LOOP}" -c "${CRYPTFS_CIPHER}" -s "${CRYPTFS_XTSKEYSIZE}" .password
748 echo "YES" | cryptsetup luksFormat "${ROOT_LOOP}" -c "${CRYPTFS_CIPHER}" -s "${CRYPTFS_XTSKEYSIZE}" .password
740
749
741 # Open encrypted partition and setup mapping
750 # Open encrypted partition and setup mapping
742 cryptsetup luksOpen "${ROOT_LOOP}" -d .password "${CRYPTFS_MAPPING}"
751 cryptsetup luksOpen "${ROOT_LOOP}" -d .password "${CRYPTFS_MAPPING}"
743
752
744 # Secure delete password keyfile
753 # Secure delete password keyfile
745 shred -zu .password
754 shred -zu .password
746
755
747 # Update temporary loop device
756 # Update temporary loop device
748 ROOT_LOOP="/dev/mapper/${CRYPTFS_MAPPING}"
757 ROOT_LOOP="/dev/mapper/${CRYPTFS_MAPPING}"
749
758
750 # Wipe encrypted partition (encryption cipher is used for randomness)
759 # Wipe encrypted partition (encryption cipher is used for randomness)
751 dd if=/dev/zero of="${ROOT_LOOP}" bs=512 count="$(blockdev --getsz "${ROOT_LOOP}")"
760 dd if=/dev/zero of="${ROOT_LOOP}" bs=512 count="$(blockdev --getsz "${ROOT_LOOP}")"
752 fi
761 fi
753
762
754 # Build filesystems
763 # Build filesystems
755 mkfs.vfat "$FRMW_LOOP"
764 mkfs.vfat "$FRMW_LOOP"
756 mkfs.ext4 "$ROOT_LOOP"
765 mkfs.ext4 "$ROOT_LOOP"
757
766
758 # Mount the temporary loop devices
767 # Mount the temporary loop devices
759 mkdir -p "$BUILDDIR/mount"
768 mkdir -p "$BUILDDIR/mount"
760 mount "$ROOT_LOOP" "$BUILDDIR/mount"
769 mount "$ROOT_LOOP" "$BUILDDIR/mount"
761
770
762 mkdir -p "$BUILDDIR/mount/boot/firmware"
771 mkdir -p "$BUILDDIR/mount/boot/firmware"
763 mount "$FRMW_LOOP" "$BUILDDIR/mount/boot/firmware"
772 mount "$FRMW_LOOP" "$BUILDDIR/mount/boot/firmware"
764
773
765 # Copy all files from the chroot to the loop device mount point directory
774 # Copy all files from the chroot to the loop device mount point directory
766 rsync -a "${R}/" "$BUILDDIR/mount/"
775 rsync -a "${R}/" "$BUILDDIR/mount/"
767
776
768 # Unmount all temporary loop devices and mount points
777 # Unmount all temporary loop devices and mount points
769 cleanup
778 cleanup
770
779
771 # Create block map file(s) of image(s)
780 # Create block map file(s) of image(s)
772 if [ "$ENABLE_SPLITFS" = true ] ; then
781 if [ "$ENABLE_SPLITFS" = true ] ; then
773 # Create block map files for "bmaptool"
782 # Create block map files for "bmaptool"
774 bmaptool create -o "$IMAGE_NAME-frmw.bmap" "$IMAGE_NAME-frmw.img"
783 bmaptool create -o "$IMAGE_NAME-frmw.bmap" "$IMAGE_NAME-frmw.img"
775 bmaptool create -o "$IMAGE_NAME-root.bmap" "$IMAGE_NAME-root.img"
784 bmaptool create -o "$IMAGE_NAME-root.bmap" "$IMAGE_NAME-root.img"
776
785
777 # Image was successfully created
786 # Image was successfully created
778 echo "$IMAGE_NAME-frmw.img ($(expr \( "${TABLE_SECTORS}" + "${FRMW_SECTORS}" \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
787 echo "$IMAGE_NAME-frmw.img ($(expr \( "${TABLE_SECTORS}" + "${FRMW_SECTORS}" \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
779 echo "$IMAGE_NAME-root.img ($(expr \( "${TABLE_SECTORS}" + "${ROOT_SECTORS}" \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
788 echo "$IMAGE_NAME-root.img ($(expr \( "${TABLE_SECTORS}" + "${ROOT_SECTORS}" \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
780 else
789 else
781 # Create block map file for "bmaptool"
790 # Create block map file for "bmaptool"
782 bmaptool create -o "$IMAGE_NAME.bmap" "$IMAGE_NAME.img"
791 bmaptool create -o "$IMAGE_NAME.bmap" "$IMAGE_NAME.img"
783
792
784 # Image was successfully created
793 # Image was successfully created
785 echo "$IMAGE_NAME.img ($(expr \( "${TABLE_SECTORS}" + "${FRMW_SECTORS}" + "${ROOT_SECTORS}" \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
794 echo "$IMAGE_NAME.img ($(expr \( "${TABLE_SECTORS}" + "${FRMW_SECTORS}" + "${ROOT_SECTORS}" \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
786
795
787 # Create qemu qcow2 image
796 # Create qemu qcow2 image
788 if [ "$ENABLE_QEMU" = true ] ; then
797 if [ "$ENABLE_QEMU" = true ] ; then
789 QEMU_IMAGE=${QEMU_IMAGE:=${BASEDIR}/qemu/${DATE}-${KERNEL_ARCH}-CURRENT-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}}
798 QEMU_IMAGE=${QEMU_IMAGE:=${BASEDIR}/qemu/${DATE}-${KERNEL_ARCH}-CURRENT-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}}
790 QEMU_SIZE=16G
799 QEMU_SIZE=16G
791
800
792 qemu-img convert -f raw -O qcow2 "$IMAGE_NAME".img "$QEMU_IMAGE".qcow2
801 qemu-img convert -f raw -O qcow2 "$IMAGE_NAME".img "$QEMU_IMAGE".qcow2
793 qemu-img resize "$QEMU_IMAGE".qcow2 $QEMU_SIZE
802 qemu-img resize "$QEMU_IMAGE".qcow2 $QEMU_SIZE
794
803
795 echo "$QEMU_IMAGE.qcow2 ($QEMU_SIZE)" ": successfully created"
804 echo "$QEMU_IMAGE.qcow2 ($QEMU_SIZE)" ": successfully created"
796 fi
805 fi
797 fi
806 fi
General Comments 0
Vous devez vous connecter pour laisser un commentaire. Se connecter maintenant