##// END OF EJS Templates
formating and dropbear fix for static ip
Unknown -
r569:c84998d2e8c2
parent child
Show More
@@ -1,102 +1,116
1 1 #
2 2 # Setup fstab and initramfs
3 3 #
4 4
5 5 # Load utility functions
6 6 . ./functions.sh
7 7
8 8 # Install and setup fstab
9 9 install_readonly files/mount/fstab "${ETC_DIR}/fstab"
10 10
11 11 # Add usb/sda disk root partition to fstab
12 12 if [ "$ENABLE_SPLITFS" = true ] && [ "$ENABLE_CRYPTFS" = false ] ; then
13 13 sed -i "s/mmcblk0p2/sda1/" "${ETC_DIR}/fstab"
14 14 fi
15 15
16 16 # Add encrypted root partition to fstab and crypttab
17 17 if [ "$ENABLE_CRYPTFS" = true ] ; then
18 18 # Replace fstab root partition with encrypted partition mapping
19 19 sed -i "s/mmcblk0p2/mapper\/${CRYPTFS_MAPPING}/" "${ETC_DIR}/fstab"
20 20
21 21 # Add encrypted partition to crypttab and fstab
22 22 install_readonly files/mount/crypttab "${ETC_DIR}/crypttab"
23 23 echo "${CRYPTFS_MAPPING} /dev/mmcblk0p2 none luks,initramfs" >> "${ETC_DIR}/crypttab"
24 24
25 25 if [ "$ENABLE_SPLITFS" = true ] ; then
26 26 # Add usb/sda1 disk to crypttab
27 27 sed -i "s/mmcblk0p2/sda1/" "${ETC_DIR}/crypttab"
28 28 fi
29 29 fi
30 30
31 31 if [ "$ENABLE_USBBOOT" = true ] ; then
32 32 sed -i "s/mmcblk0p1/sda1/" "${ETC_DIR}/fstab"
33 33 sed -i "s/mmcblk0p2/sda2/" "${ETC_DIR}/fstab"
34 34
35 35 # Add usb/sda2 disk to crypttab
36 36 sed -i "s/mmcblk0p2/sda2/" "${ETC_DIR}/crypttab"
37 37 fi
38 38
39 39 # Generate initramfs file
40 40 if [ "$ENABLE_INITRAMFS" = true ] ; then
41 41 if [ "$ENABLE_CRYPTFS" = true ] ; then
42 42 # Include initramfs scripts to auto expand encrypted root partition
43 43 if [ "$EXPANDROOT" = true ] ; then
44 44 install_exec files/initramfs/expand_encrypted_rootfs "${ETC_DIR}/initramfs-tools/scripts/init-premount/expand_encrypted_rootfs"
45 45 install_exec files/initramfs/expand-premount "${ETC_DIR}/initramfs-tools/scripts/local-premount/expand-premount"
46 46 install_exec files/initramfs/expand-tools "${ETC_DIR}/initramfs-tools/hooks/expand-tools"
47 47 fi
48 48
49 if [ "$ENABLE_DHCP" = false ] ; then
50 # Get cdir from NET_ADDRESS e.g. 24
51 cdir=$(${NET_ADDRESS} | cut -d '/' -f2)
52
53 # Convert cdir ro netmask e.g. 24 to 255.255.255.0
54 NET_MASK=$(cdr2mask "$cdir")
55
56 # Write static ip settings to "${ETC_DIR}"/initramfs-tools/initramfs.conf
57 sed -i "\$aIP=${NET_ADDRESS}::${NET_GATEWAY}:${NET_MASK}:${HOSTNAME}:" "${ETC_DIR}"/initramfs-tools/initramfs.conf
58
59 # Regenerate initramfs
60 chroot_exec mkinitramfs -o "/boot/firmware/initramfs-${KERNEL_VERSION}" "${KERNEL_VERSION}"
61 fi
62
49 63 if [ "$CRYPTFS_DROPBEAR" = true ]; then
50 64 if [ -n "$CRYPTFS_DROPBEAR_PUBKEY" ] && [ -f "$CRYPTFS_DROPBEAR_PUBKEY" ] ; then
51 65 install_readonly "${CRYPTFS_DROPBEAR_PUBKEY}" "${ETC_DIR}"/dropbear-initramfs/id_rsa.pub
52 66 cat "${ETC_DIR}"/dropbear-initramfs/id_rsa.pub >> "${ETC_DIR}"/dropbear-initramfs/authorized_keys
53 67 else
54 68 # Create key
55 69 chroot_exec /usr/bin/dropbearkey -t rsa -f /etc/dropbear-initramfs/id_rsa.dropbear
56 70
57 71 # Convert dropbear key to openssh key
58 72 chroot_exec /usr/lib/dropbear/dropbearconvert dropbear openssh /etc/dropbear-initramfs/id_rsa.dropbear /etc/dropbear-initramfs/id_rsa
59 73
60 74 # Get Public Key Part
61 75 chroot_exec /usr/bin/dropbearkey -y -f /etc/dropbear-initramfs/id_rsa.dropbear | chroot_exec tee /etc/dropbear-initramfs/id_rsa.pub
62 76
63 77 # Delete unwanted lines
64 78 sed -i '/Public/d' "${ETC_DIR}"/dropbear-initramfs/id_rsa.pub
65 79 sed -i '/Fingerprint/d' "${ETC_DIR}"/dropbear-initramfs/id_rsa.pub
66 80
67 81 # Trust the new key
68 82 cat "${ETC_DIR}"/dropbear-initramfs/id_rsa.pub > "${ETC_DIR}"/dropbear-initramfs/authorized_keys
69 83
70 84 # Save Keys - convert with putty from rsa/openssh to puttkey
71 85 cp -f "${ETC_DIR}"/dropbear-initramfs/id_rsa "${BASEDIR}"/dropbear_initramfs_key.rsa
72 86
73 87 # Get unlock script
74 88 install_exec files/initramfs/crypt_unlock.sh "${ETC_DIR}"/initramfs-tools/hooks/crypt_unlock.sh
75 89
76 90 # Enable Dropbear inside initramfs
77 91 printf "#\n# DROPBEAR: [ y | n ]\n#\n\nDROPBEAR=y\n" >> "${ETC_DIR}/initramfs-tools/initramfs.conf"
78 92
79 93 # Enable Dropbear inside initramfs
80 94 sed -i "54 i sleep 5" "${R}"/usr/share/initramfs-tools/scripts/init-premount/dropbear
81 95 fi
82 96 else
83 97 # Disable SSHD inside initramfs
84 98 printf "#\n# DROPBEAR: [ y | n ]\n#\n\nDROPBEAR=n\n" >> "${ETC_DIR}/initramfs-tools/initramfs.conf"
85 99 fi
86 100
87 101 # Add cryptsetup modules to initramfs
88 102 printf "#\n# CRYPTSETUP: [ y | n ]\n#\n\nCRYPTSETUP=y\n" >> "${ETC_DIR}/initramfs-tools/conf-hook"
89 103
90 104 # Dummy mapping required by mkinitramfs
91 105 echo "0 1 crypt $(echo "${CRYPTFS_CIPHER}" | cut -d ':' -f 1) ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff 0 7:0 4096" | chroot_exec dmsetup create "${CRYPTFS_MAPPING}"
92 106
93 107 # Generate initramfs with encrypted root partition support
94 108 chroot_exec mkinitramfs -o "/boot/firmware/initramfs-${KERNEL_VERSION}" "${KERNEL_VERSION}"
95 109
96 110 # Remove dummy mapping
97 111 chroot_exec cryptsetup close "${CRYPTFS_MAPPING}"
98 112 else
99 113 # Generate initramfs without encrypted root partition support
100 114 chroot_exec mkinitramfs -o "/boot/firmware/initramfs-${KERNEL_VERSION}" "${KERNEL_VERSION}"
101 115 fi
102 116 fi
@@ -1,293 +1,295
1 1 #
2 2 # Setup RPi2/3 config and cmdline
3 3 #
4 4
5 5 # Load utility functions
6 6 . ./functions.sh
7 7
8 8 if [ -n "$RPI_FIRMWARE_DIR" ] && [ -d "$RPI_FIRMWARE_DIR" ] ; then
9 9 # Install boot binaries from local directory
10 10 cp "${RPI_FIRMWARE_DIR}"/boot/bootcode.bin "${BOOT_DIR}"/bootcode.bin
11 11 cp "${RPI_FIRMWARE_DIR}"/boot/fixup.dat "${BOOT_DIR}"/fixup.dat
12 12 cp "${RPI_FIRMWARE_DIR}"/boot/fixup_cd.dat "${BOOT_DIR}"/fixup_cd.dat
13 13 cp "${RPI_FIRMWARE_DIR}"/boot/fixup_x.dat "${BOOT_DIR}"/fixup_x.dat
14 14 cp "${RPI_FIRMWARE_DIR}"/boot/start.elf "${BOOT_DIR}"/start.elf
15 15 cp "${RPI_FIRMWARE_DIR}"/boot/start_cd.elf "${BOOT_DIR}"/start_cd.elf
16 16 cp "${RPI_FIRMWARE_DIR}"/boot/start_x.elf "${BOOT_DIR}"/start_x.elf
17 17 else
18 18 # Create temporary directory for boot binaries
19 19 temp_dir=$(as_nobody mktemp -d)
20 20
21 21 # Install latest boot binaries from raspberry/firmware github
22 22 as_nobody wget -q -O "${temp_dir}/bootcode.bin" "${FIRMWARE_URL}/bootcode.bin"
23 23 as_nobody wget -q -O "${temp_dir}/fixup.dat" "${FIRMWARE_URL}/fixup.dat"
24 24 as_nobody wget -q -O "${temp_dir}/fixup_cd.dat" "${FIRMWARE_URL}/fixup_cd.dat"
25 25 as_nobody wget -q -O "${temp_dir}/fixup_x.dat" "${FIRMWARE_URL}/fixup_x.dat"
26 26 as_nobody wget -q -O "${temp_dir}/start.elf" "${FIRMWARE_URL}/start.elf"
27 27 as_nobody wget -q -O "${temp_dir}/start_cd.elf" "${FIRMWARE_URL}/start_cd.elf"
28 28 as_nobody wget -q -O "${temp_dir}/start_x.elf" "${FIRMWARE_URL}/start_x.elf"
29 29
30 30 # Move downloaded boot binaries
31 31 mv "${temp_dir}/"* "${BOOT_DIR}/"
32 32
33 33 # Remove temporary directory for boot binaries
34 34 rm -fr "${temp_dir}"
35 35
36 36 # Set permissions of the boot binaries
37 37 chown -R root:root "${BOOT_DIR}"
38 38 chmod -R 600 "${BOOT_DIR}"
39 39 fi
40 40
41 41 # Setup firmware boot cmdline
42 42 if [ "$ENABLE_USBBOOT" = true ] ; then
43 43 CMDLINE="dwc_otg.lpm_enable=0 root=/dev/sda2 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline console=tty1 rootwait init=/bin/systemd"
44 44 else
45 45 if [ "$ENABLE_SPLITFS" = true ] ; then
46 46 CMDLINE="dwc_otg.lpm_enable=0 root=/dev/sda1 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline console=tty1 rootwait init=/bin/systemd"
47 47 else
48 48 CMDLINE="dwc_otg.lpm_enable=0 root=/dev/mmcblk0p2 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline console=tty1 rootwait init=/bin/systemd"
49 49 fi
50 50 fi
51 51
52 52 # Add encrypted root partition to cmdline.txt
53 53 if [ "$ENABLE_CRYPTFS" = true ] ; then
54 54 if [ "$ENABLE_SPLITFS" = true ] ; then
55 55 CMDLINE=$(echo "${CMDLINE}" | sed "s/sda1/mapper\/${CRYPTFS_MAPPING} cryptdevice=\/dev\/sda1:${CRYPTFS_MAPPING}/")
56 56 else
57 57 if [ "$ENABLE_USBBOOT" = true ] ; then
58 58 CMDLINE=$(echo "${CMDLINE}" | sed "s/sda2/mapper\/${CRYPTFS_MAPPING} cryptdevice=\/dev\/sda2:${CRYPTFS_MAPPING}/")
59 59 else
60 60 CMDLINE=$(echo "${CMDLINE}" | sed "s/mmcblk0p2/mapper\/${CRYPTFS_MAPPING} cryptdevice=\/dev\/mmcblk0p2:${CRYPTFS_MAPPING}/")
61 61 fi
62 62 fi
63 63 fi
64 64
65 65 # Enable Kernel messages on standard output
66 66 if [ "$ENABLE_PRINTK" = true ] ; then
67 67 install_readonly files/sysctl.d/83-rpi-printk.conf "${ETC_DIR}/sysctl.d/83-rpi-printk.conf"
68 68 fi
69 69
70 70 # Enable Kernel messages on standard output
71 71 if [ "$KERNEL_SECURITY" = true ] ; then
72 72 install_readonly files/sysctl.d/84-rpi-ASLR.conf "${ETC_DIR}/sysctl.d/84-rpi-ASLR.conf"
73 73 fi
74 74
75 75 # Install udev rule for serial alias - serial0 = console serial1=bluetooth
76 76 install_readonly files/etc/99-com.rules "${LIB_DIR}/udev/rules.d/99-com.rules"
77 77
78 78 # Remove IPv6 networking support
79 79 if [ "$ENABLE_IPV6" = false ] ; then
80 80 CMDLINE="${CMDLINE} ipv6.disable=1"
81 81 fi
82 82
83 83 # Automatically assign predictable network interface names
84 84 if [ "$ENABLE_IFNAMES" = false ] ; then
85 85 CMDLINE="${CMDLINE} net.ifnames=0"
86 86 else
87 87 CMDLINE="${CMDLINE} net.ifnames=1"
88 88 fi
89 89
90 90 # Disable Raspberry Pi console logo
91 91 if [ "$ENABLE_LOGO" = false ] ; then
92 92 CMDLINE="${CMDLINE} logo.nologo"
93 93 fi
94 94
95 95 # Strictly limit verbosity of boot up console messages
96 96 if [ "$ENABLE_SILENT_BOOT" = true ] ; then
97 97 CMDLINE="${CMDLINE} quiet loglevel=0 rd.systemd.show_status=auto rd.udev.log_priority=0"
98 98 fi
99 99
100 100 # Install firmware config
101 101 install_readonly files/boot/config.txt "${BOOT_DIR}/config.txt"
102 102
103 103 # Disable Raspberry Pi console logo
104 104 if [ "$ENABLE_SLASH" = false ] ; then
105 105 echo "disable_splash=1" >> "${BOOT_DIR}/config.txt"
106 106 fi
107 107
108 108 # Locks CPU frequency at maximum
109 109 if [ "$ENABLE_TURBO" = true ] ; then
110 110 echo "force_turbo=1" >> "${BOOT_DIR}/config.txt"
111 111 # helps to avoid sdcard corruption when force_turbo is enabled.
112 112 echo "boot_delay=1" >> "${BOOT_DIR}/config.txt"
113 113 fi
114 114
115 115 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then
116 116
117 117 # Bluetooth enabled
118 118 if [ "$ENABLE_BLUETOOTH" = true ] ; then
119 119 # Create temporary directory for Bluetooth sources
120 120 temp_dir=$(as_nobody mktemp -d)
121 121
122 122 # Fetch Bluetooth sources
123 123 as_nobody git -C "${temp_dir}" clone "${BLUETOOTH_URL}"
124 124
125 125 # Copy downloaded sources
126 126 mv "${temp_dir}/pi-bluetooth" "${R}/tmp/"
127 127
128 128 # Bluetooth firmware from arch aur https://aur.archlinux.org/packages/pi-bluetooth/
129 129 as_nobody wget -q -O "${R}/tmp/pi-bluetooth/LICENCE.broadcom_bcm43xx" https://aur.archlinux.org/cgit/aur.git/plain/LICENCE.broadcom_bcm43xx?h=pi-bluetooth
130 130 as_nobody wget -q -O "${R}/tmp/pi-bluetooth/BCM43430A1.hcd" https://aur.archlinux.org/cgit/aur.git/plain/BCM43430A1.hcd?h=pi-bluetooth
131 131
132 132 # Set permissions
133 133 chown -R root:root "${R}/tmp/pi-bluetooth"
134 134
135 135 # Install tools
136 136 install_readonly "${R}/tmp/pi-bluetooth/usr/bin/btuart" "${R}/usr/bin/btuart"
137 137 install_readonly "${R}/tmp/pi-bluetooth/usr/bin/bthelper" "${R}/usr/bin/bthelper"
138 138
139 139 # make scripts executable
140 140 chmod +x "${R}/usr/bin/bthelper"
141 141 chmod +x "${R}/usr/bin/btuart"
142 142
143 143 # Install bluetooth udev rule
144 144 install_readonly "${R}/tmp/pi-bluetooth/lib/udev/rules.d/90-pi-bluetooth.rules" "${LIB_DIR}/udev/rules.d/90-pi-bluetooth.rules"
145 145
146 146 # Install Firmware Flash file and apropiate licence
147 147 mkdir -p "$BLUETOOTH_FIRMWARE_DIR"
148 148 install_readonly "${R}/tmp/pi-bluetooth/LICENCE.broadcom_bcm43xx" "${BLUETOOTH_FIRMWARE_DIR}/LICENCE.broadcom_bcm43xx"
149 149 install_readonly "${R}/tmp/pi-bluetooth/BCM43430A1.hcd" "${BLUETOOTH_FIRMWARE_DIR}/LICENCE.broadcom_bcm43xx"
150 150 install_readonly "${R}/tmp/pi-bluetooth/debian/pi-bluetooth.bthelper@.service" "${ETC_DIR}/systemd/system/pi-bluetooth.bthelper@.service"
151 151 install_readonly "${R}/tmp/pi-bluetooth/debian/pi-bluetooth.hciuart.service" "${ETC_DIR}/systemd/system/pi-bluetooth.hciuart.service"
152 152
153 153 # Remove temporary directories
154 154 rm -fr "${temp_dir}"
155 155 rm -fr "${R}"/tmp/pi-bluetooth
156 156
157 157 # Switch Pi3 Bluetooth function to use the mini-UART (ttyS0) and restore UART0/ttyAMA0 over GPIOs 14 & 15. Slow Bluetooth and slow cpu. Use /dev/ttyS0 instead of /dev/ttyAMA0
158 158 if [ "$ENABLE_MINIUART_OVERLAY" = true ] ; then
159
160 159 # set overlay to swap ttyAMA0 and ttyS0
161 160 echo "dtoverlay=pi3-miniuart-bt" >> "${BOOT_DIR}/config.txt"
162 161
163 # if force_turbo didn't lock cpu at high speed, lock it at low speed (XOR logic) or miniuart will be broken
164 162 if [ "$ENABLE_TURBO" = false ] ; then
165 163 echo "core_freq=250" >> "${BOOT_DIR}/config.txt"
166 164 fi
165
167 166 fi
168 167
169 168 # Activate services
170 169 chroot_exec systemctl enable pi-bluetooth.hciuart.service
171 170
172 171 else # if ENABLE_BLUETOOTH = false
173 172 # set overlay to disable bluetooth
174 173 echo "dtoverlay=pi3-disable-bt" >> "${BOOT_DIR}/config.txt"
175 174 fi # ENABLE_BLUETOOTH end
176 175 fi
177 176
178 177 # may need sudo systemctl disable hciuart
179 178 if [ "$ENABLE_CONSOLE" = true ] ; then
180 179 echo "enable_uart=1" >> "${BOOT_DIR}/config.txt"
181 180 # add string to cmdline
182 181 CMDLINE="${CMDLINE} console=serial0,115200"
183 182
183 if [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ]|| [ "$RPI_MODEL" = 0 ]; then
184 # if force_turbo didn't lock cpu at high speed, lock it at low speed (XOR logic) or miniuart will be broken
185 if [ "$ENABLE_TURBO" = false ] ; then
186 echo "core_freq=250" >> "${BOOT_DIR}/config.txt"
187 fi
188 fi
189
184 190 # Enable serial console systemd style
185 chroot_exec systemctl enable serial-getty\@serial0.service
191 chroot_exec systemctl enable serial-getty@serial0.service
186 192 else
187 193 echo "enable_uart=0" >> "${BOOT_DIR}/config.txt"
188
189 # disable serial console systemd style
190 chroot_exec systemctl disable serial-getty\@"$SET_SERIAL".service
191 194 fi
192 195
193 196 if [ "$ENABLE_SYSTEMDSWAP" = true ] ; then
194 197 # Create temporary directory for systemd-swap sources
195 198 temp_dir=$(as_nobody mktemp -d)
196 199
197 200 # Fetch systemd-swap sources
198 201 as_nobody git -C "${temp_dir}" clone "${SYSTEMDSWAP_URL}"
199 202
200 203 # Copy downloaded systemd-swap sources
201 204 mv "${temp_dir}/systemd-swap" "${R}/tmp/"
202 205
203 # Set permissions of the systemd-swap sources
204 chown -R root:root "${R}/tmp/systemd-swap"
205
206 # Remove temporary directory for systemd-swap sources
207 rm -fr "${temp_dir}"
208
209 206 # Change into downloaded src dir
210 207 cd "${R}/tmp/systemd-swap" || exit
211 208
212 209 # Build package
213 . ./package.sh debian
210 bash ./package.sh debian
214 211
215 # Install package
216 chroot_exec dpkg -i /tmp/systemd-swap/systemd-swap-*any.deb
212 # Change back into script root dir
213 cd "${WORKDIR}" || exit
214
215 # Set permissions of the systemd-swap sources
216 chown -R root:root "${R}/tmp/systemd-swap"
217
218 # Install package - IMPROVE AND MAKE IT POSSIBLE WITHOUT VERSION NR.
219 chroot_exec dpkg -i /tmp/systemd-swap/systemd-swap_4.0.1_any.deb
217 220
218 221 # Enable service
219 222 chroot_exec systemctl enable systemd-swap
220 223
221 # Change back into script root dir
222 cd "${WORKDIR}" || exit
224 # Remove temporary directory for systemd-swap sources
225 rm -fr "${temp_dir}"
223 226 else
224 227 # Enable ZSWAP in cmdline if systemd-swap is not used
225 228 if [ "$KERNEL_ZSWAP" = true ] ; then
226 229 CMDLINE="${CMDLINE} zswap.enabled=1 zswap.max_pool_percent=25 zswap.compressor=lz4"
227 230 fi
228 231 fi
229
230 232 if [ "$KERNEL_SECURITY" = true ] ; then
231 233 CMDLINE="${CMDLINE} apparmor=1 security=apparmor"
232 234 fi
233 235
234 236 # Install firmware boot cmdline
235 237 echo "${CMDLINE}" > "${BOOT_DIR}/cmdline.txt"
236 238
237 239 # Setup minimal GPU memory allocation size: 16MB (no X)
238 240 if [ "$ENABLE_MINGPU" = true ] ; then
239 241 echo "gpu_mem=16" >> "${BOOT_DIR}/config.txt"
240 242 fi
241 243
242 244 # Setup boot with initramfs
243 245 if [ "$ENABLE_INITRAMFS" = true ] ; then
244 246 echo "initramfs initramfs-${KERNEL_VERSION} followkernel" >> "${BOOT_DIR}/config.txt"
245 247 fi
246 248
247 249 # Create firmware configuration and cmdline symlinks
248 250 ln -sf firmware/config.txt "${R}/boot/config.txt"
249 251 ln -sf firmware/cmdline.txt "${R}/boot/cmdline.txt"
250 252
251 253 # Install and setup kernel modules to load at boot
252 254 mkdir -p "${LIB_DIR}/modules-load.d/"
253 255 install_readonly files/modules/rpi2.conf "${LIB_DIR}/modules-load.d/rpi2.conf"
254 256
255 257 # Load hardware random module at boot
256 258 if [ "$ENABLE_HWRANDOM" = true ] && [ "$BUILD_KERNEL" = false ] ; then
257 259 sed -i "s/^# bcm2708_rng/bcm2708_rng/" "${LIB_DIR}/modules-load.d/rpi2.conf"
258 260 fi
259 261
260 262 # Load sound module at boot
261 263 if [ "$ENABLE_SOUND" = true ] ; then
262 264 sed -i "s/^# snd_bcm2835/snd_bcm2835/" "${LIB_DIR}/modules-load.d/rpi2.conf"
263 265 else
264 266 echo "dtparam=audio=off" >> "${BOOT_DIR}/config.txt"
265 267 fi
266 268
267 269 # Enable I2C interface
268 270 if [ "$ENABLE_I2C" = true ] ; then
269 271 echo "dtparam=i2c_arm=on" >> "${BOOT_DIR}/config.txt"
270 272 sed -i "s/^# i2c-bcm2708/i2c-bcm2708/" "${LIB_DIR}/modules-load.d/rpi2.conf"
271 273 sed -i "s/^# i2c-dev/i2c-dev/" "${LIB_DIR}/modules-load.d/rpi2.conf"
272 274 fi
273 275
274 276 # Enable SPI interface
275 277 if [ "$ENABLE_SPI" = true ] ; then
276 278 echo "dtparam=spi=on" >> "${BOOT_DIR}/config.txt"
277 279 echo "spi-bcm2708" >> "${LIB_DIR}/modules-load.d/rpi2.conf"
278 280 if [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ]; then
279 281 sed -i "s/spi-bcm2708/spi-bcm2835/" "${LIB_DIR}/modules-load.d/rpi2.conf"
280 282 fi
281 283 fi
282 284
283 285 # Disable RPi2/3 under-voltage warnings
284 286 if [ -n "$DISABLE_UNDERVOLT_WARNINGS" ] ; then
285 287 echo "avoid_warnings=${DISABLE_UNDERVOLT_WARNINGS}" >> "${BOOT_DIR}/config.txt"
286 288 fi
287 289
288 290 # Install kernel modules blacklist
289 291 mkdir -p "${ETC_DIR}/modprobe.d/"
290 292 install_readonly files/modules/raspi-blacklist.conf "${ETC_DIR}/modprobe.d/raspi-blacklist.conf"
291 293
292 294 # Install sysctl.d configuration files
293 295 install_readonly files/sysctl.d/81-rpi-vm.conf "${ETC_DIR}/sysctl.d/81-rpi-vm.conf"
@@ -1,146 +1,132
1 1 #
2 2 # Setup Networking
3 3 #
4 4
5 5 # Load utility functions
6 6 . ./functions.sh
7 7
8 8 # Install and setup hostname
9 9 install_readonly files/network/hostname "${ETC_DIR}/hostname"
10 10 sed -i "s/^RaspberryPI/${HOSTNAME}/" "${ETC_DIR}/hostname"
11 11
12 12 # Install and setup hosts
13 13 install_readonly files/network/hosts "${ETC_DIR}/hosts"
14 14 sed -i "s/RaspberryPI/${HOSTNAME}/" "${ETC_DIR}/hosts"
15 15
16 16 # Setup hostname entry with static IP
17 17 if [ "$NET_ADDRESS" != "" ] ; then
18 18 NET_IP=$(echo "${NET_ADDRESS}" | cut -f 1 -d'/')
19 19 sed -i "s/^127.0.1.1/${NET_IP}/" "${ETC_DIR}/hosts"
20 20 fi
21 21
22 22 # Remove IPv6 hosts
23 23 if [ "$ENABLE_IPV6" = false ] ; then
24 24 sed -i -e "/::[1-9]/d" -e "/^$/d" "${ETC_DIR}/hosts"
25 25 fi
26 26
27 27 # Install hint about network configuration
28 28 install_readonly files/network/interfaces "${ETC_DIR}/network/interfaces"
29 29
30 30 # Install configuration for interface eth0
31 31 install_readonly files/network/eth.network "${ETC_DIR}/systemd/network/eth.network"
32 32
33 33 # Install configuration for interface wl*
34 34 install_readonly files/network/wlan.network "${ETC_DIR}/systemd/network/wlan.network"
35 35
36 36 #always with dhcp since wpa_supplicant integration is missing
37 37 sed -i -e "s/DHCP=.*/DHCP=yes/" -e "/DHCP/q" "${ETC_DIR}/systemd/network/wlan.network"
38 38
39 39 if [ "$ENABLE_DHCP" = true ] ; then
40 40 # Enable DHCP configuration for interface eth0
41 41 sed -i -e "s/DHCP=.*/DHCP=yes/" -e "/DHCP/q" "${ETC_DIR}/systemd/network/eth.network"
42 42
43 43 # Set DHCP configuration to IPv4 only
44 44 if [ "$ENABLE_IPV6" = false ] ; then
45 45 sed -i "s/DHCP=.*/DHCP=v4/" "${ETC_DIR}/systemd/network/eth.network"
46 46 fi
47 47
48 48 else # ENABLE_DHCP=false
49 49 # Set static network configuration for interface eth0
50 50 sed -i\
51 51 -e "s|DHCP=.*|DHCP=no|"\
52 52 -e "s|Address=\$|Address=${NET_ADDRESS}|"\
53 53 -e "s|Gateway=\$|Gateway=${NET_GATEWAY}|"\
54 54 -e "0,/DNS=\$/ s|DNS=\$|DNS=${NET_DNS_1}|"\
55 55 -e "0,/DNS=\$/ s|DNS=\$|DNS=${NET_DNS_2}|"\
56 56 -e "s|Domains=\$|Domains=${NET_DNS_DOMAINS}|"\
57 57 -e "0,/NTP=\$/ s|NTP=\$|NTP=${NET_NTP_1}|"\
58 58 -e "0,/NTP=\$/ s|NTP=\$|NTP=${NET_NTP_2}|"\
59 59 "${ETC_DIR}/systemd/network/eth.network"
60
61 if [ "$CRYPTFS_DROPBEAR" = true ] ; then
62 # Get cdir from NET_ADDRESS e.g. 24
63 cdir=$(${NET_ADDRESS} | cut -d '/' -f2)
64
65 # Convert cdir ro netmask e.g. 24 to 255.255.255.0
66 NET_MASK=$(cdr2mask "$cdir")
67
68 # Write static ip settings to "${ETC_DIR}"/initramfs-tools/initramfs.conf
69 sed -i "\$aIP=${NET_ADDRESS}::${NET_GATEWAY}:${NET_MASK}:${HOSTNAME}:" "${ETC_DIR}"/initramfs-tools/initramfs.conf
70
71 # Regenerate initramfs
72 chroot_exec mkinitramfs -o "/boot/firmware/initramfs-${KERNEL_VERSION}" "${KERNEL_VERSION}"
73 fi
74 60 fi
75 61
76 62 # Remove empty settings from network configuration
77 63 sed -i "/.*=\$/d" "${ETC_DIR}/systemd/network/eth.network"
78 64 # Remove empty settings from wlan configuration
79 65 sed -i "/.*=\$/d" "${ETC_DIR}/systemd/network/wlan.network"
80 66
81 67 # Move systemd network configuration if required by Debian release
82 68 mv -v "${ETC_DIR}/systemd/network/eth.network" "${LIB_DIR}/systemd/network/10-eth.network"
83 69 # If WLAN is enabled copy wlan configuration too
84 70 if [ "$ENABLE_WIRELESS" = true ] ; then
85 71 mv -v "${ETC_DIR}/systemd/network/wlan.network" "${LIB_DIR}/systemd/network/11-wlan.network"
86 72 fi
87 73 rm -fr "${ETC_DIR}/systemd/network"
88 74
89 75 # Enable systemd-networkd service
90 76 chroot_exec systemctl enable systemd-networkd
91 77
92 78 # Install host.conf resolver configuration
93 79 install_readonly files/network/host.conf "${ETC_DIR}/host.conf"
94 80
95 81 # Enable network stack hardening
96 82 if [ "$ENABLE_HARDNET" = true ] ; then
97 83 # Install sysctl.d configuration files
98 84 install_readonly files/sysctl.d/82-rpi-net-hardening.conf "${ETC_DIR}/sysctl.d/82-rpi-net-hardening.conf"
99 85
100 86 # Setup resolver warnings about spoofed addresses
101 87 sed -i "s/^# spoof warn/spoof warn/" "${ETC_DIR}/host.conf"
102 88 fi
103 89
104 90 # Enable time sync
105 91 if [ "$NET_NTP_1" != "" ] ; then
106 92 chroot_exec systemctl enable systemd-timesyncd.service
107 93 fi
108 94
109 95 # Download the firmware binary blob required to use the RPi3 wireless interface
110 96 if [ "$ENABLE_WIRELESS" = true ] ; then
111 97 if [ ! -d "${WLAN_FIRMWARE_DIR}" ] ; then
112 98 mkdir -p "${WLAN_FIRMWARE_DIR}"
113 99 fi
114 100
115 101 # Create temporary directory for firmware binary blob
116 102 temp_dir=$(as_nobody mktemp -d)
117 103
118 104 # Fetch firmware binary blob for RPI3B+
119 105 if [ "$RPI_MODEL" = 3P ] ; then
120 106 # Fetch firmware binary blob for RPi3P
121 107 as_nobody wget -q -O "${temp_dir}/brcmfmac43455-sdio.bin" "${WLAN_FIRMWARE_URL}/brcmfmac43455-sdio.bin"
122 108 as_nobody wget -q -O "${temp_dir}/brcmfmac43455-sdio.txt" "${WLAN_FIRMWARE_URL}/brcmfmac43455-sdio.txt"
123 109 as_nobody wget -q -O "${temp_dir}/brcmfmac43455-sdio.clm_blob" "${WLAN_FIRMWARE_URL}/brcmfmac43455-sdio.clm_blob"
124 110
125 111 # Move downloaded firmware binary blob
126 112 mv "${temp_dir}/brcmfmac43455-sdio."* "${WLAN_FIRMWARE_DIR}/"
127 113
128 114 # Set permissions of the firmware binary blob
129 115 chown root:root "${WLAN_FIRMWARE_DIR}/brcmfmac43455-sdio."*
130 116 chmod 600 "${WLAN_FIRMWARE_DIR}/brcmfmac43455-sdio."*
131 117 elif [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 0 ] ; then
132 118 # Fetch firmware binary blob for RPi3
133 119 as_nobody wget -q -O "${temp_dir}/brcmfmac43430-sdio.bin" "${WLAN_FIRMWARE_URL}/brcmfmac43430-sdio.bin"
134 120 as_nobody wget -q -O "${temp_dir}/brcmfmac43430-sdio.txt" "${WLAN_FIRMWARE_URL}/brcmfmac43430-sdio.txt"
135 121
136 122 # Move downloaded firmware binary blob
137 123 mv "${temp_dir}/brcmfmac43430-sdio."* "${WLAN_FIRMWARE_DIR}/"
138 124
139 125 # Set permissions of the firmware binary blob
140 126 chown root:root "${WLAN_FIRMWARE_DIR}/brcmfmac43430-sdio."*
141 127 chmod 600 "${WLAN_FIRMWARE_DIR}/brcmfmac43430-sdio."*
142 128 fi
143 129
144 130 # Remove temporary directory for firmware binary blob
145 131 rm -fr "${temp_dir}"
146 132 fi
1 NO CONTENT: modified file
General Comments 0
Vous devez vous connecter pour laisser un commentaire. Se connecter maintenant