@@ -1,102 +1,116 | |||
|
1 | 1 | # |
|
2 | 2 | # Setup fstab and initramfs |
|
3 | 3 | # |
|
4 | 4 | |
|
5 | 5 | # Load utility functions |
|
6 | 6 | . ./functions.sh |
|
7 | 7 | |
|
8 | 8 | # Install and setup fstab |
|
9 | 9 | install_readonly files/mount/fstab "${ETC_DIR}/fstab" |
|
10 | 10 | |
|
11 | 11 | # Add usb/sda disk root partition to fstab |
|
12 | 12 | if [ "$ENABLE_SPLITFS" = true ] && [ "$ENABLE_CRYPTFS" = false ] ; then |
|
13 | 13 | sed -i "s/mmcblk0p2/sda1/" "${ETC_DIR}/fstab" |
|
14 | 14 | fi |
|
15 | 15 | |
|
16 | 16 | # Add encrypted root partition to fstab and crypttab |
|
17 | 17 | if [ "$ENABLE_CRYPTFS" = true ] ; then |
|
18 | 18 | # Replace fstab root partition with encrypted partition mapping |
|
19 | 19 | sed -i "s/mmcblk0p2/mapper\/${CRYPTFS_MAPPING}/" "${ETC_DIR}/fstab" |
|
20 | 20 | |
|
21 | 21 | # Add encrypted partition to crypttab and fstab |
|
22 | 22 | install_readonly files/mount/crypttab "${ETC_DIR}/crypttab" |
|
23 | 23 | echo "${CRYPTFS_MAPPING} /dev/mmcblk0p2 none luks,initramfs" >> "${ETC_DIR}/crypttab" |
|
24 | 24 | |
|
25 | 25 | if [ "$ENABLE_SPLITFS" = true ] ; then |
|
26 | 26 | # Add usb/sda1 disk to crypttab |
|
27 | 27 | sed -i "s/mmcblk0p2/sda1/" "${ETC_DIR}/crypttab" |
|
28 | 28 | fi |
|
29 | 29 | fi |
|
30 | 30 | |
|
31 | 31 | if [ "$ENABLE_USBBOOT" = true ] ; then |
|
32 | 32 | sed -i "s/mmcblk0p1/sda1/" "${ETC_DIR}/fstab" |
|
33 | 33 | sed -i "s/mmcblk0p2/sda2/" "${ETC_DIR}/fstab" |
|
34 | 34 | |
|
35 | 35 | # Add usb/sda2 disk to crypttab |
|
36 | 36 | sed -i "s/mmcblk0p2/sda2/" "${ETC_DIR}/crypttab" |
|
37 | 37 | fi |
|
38 | 38 | |
|
39 | 39 | # Generate initramfs file |
|
40 | 40 | if [ "$ENABLE_INITRAMFS" = true ] ; then |
|
41 | 41 | if [ "$ENABLE_CRYPTFS" = true ] ; then |
|
42 | 42 | # Include initramfs scripts to auto expand encrypted root partition |
|
43 | 43 | if [ "$EXPANDROOT" = true ] ; then |
|
44 | 44 | install_exec files/initramfs/expand_encrypted_rootfs "${ETC_DIR}/initramfs-tools/scripts/init-premount/expand_encrypted_rootfs" |
|
45 | 45 | install_exec files/initramfs/expand-premount "${ETC_DIR}/initramfs-tools/scripts/local-premount/expand-premount" |
|
46 | 46 | install_exec files/initramfs/expand-tools "${ETC_DIR}/initramfs-tools/hooks/expand-tools" |
|
47 | 47 | fi |
|
48 | 48 | |
|
49 | if [ "$ENABLE_DHCP" = false ] ; then | |
|
50 | # Get cdir from NET_ADDRESS e.g. 24 | |
|
51 | cdir=$(${NET_ADDRESS} | cut -d '/' -f2) | |
|
52 | ||
|
53 | # Convert cdir ro netmask e.g. 24 to 255.255.255.0 | |
|
54 | NET_MASK=$(cdr2mask "$cdir") | |
|
55 | ||
|
56 | # Write static ip settings to "${ETC_DIR}"/initramfs-tools/initramfs.conf | |
|
57 | sed -i "\$aIP=${NET_ADDRESS}::${NET_GATEWAY}:${NET_MASK}:${HOSTNAME}:" "${ETC_DIR}"/initramfs-tools/initramfs.conf | |
|
58 | ||
|
59 | # Regenerate initramfs | |
|
60 | chroot_exec mkinitramfs -o "/boot/firmware/initramfs-${KERNEL_VERSION}" "${KERNEL_VERSION}" | |
|
61 | fi | |
|
62 | ||
|
49 | 63 | if [ "$CRYPTFS_DROPBEAR" = true ]; then |
|
50 | 64 |
|
|
51 | 65 |
|
|
52 | 66 |
|
|
53 | 67 |
|
|
54 | 68 |
|
|
55 | 69 |
|
|
56 | 70 | |
|
57 | 71 |
|
|
58 | 72 |
|
|
59 | 73 | |
|
60 | 74 |
|
|
61 | 75 |
|
|
62 | 76 | |
|
63 | 77 |
|
|
64 | 78 |
|
|
65 | 79 |
|
|
66 | 80 | |
|
67 | 81 |
|
|
68 | 82 |
|
|
69 | 83 | |
|
70 | 84 |
|
|
71 | 85 |
|
|
72 | 86 | |
|
73 | 87 |
|
|
74 | 88 |
|
|
75 | 89 | |
|
76 | 90 |
|
|
77 | 91 |
|
|
78 | 92 | |
|
79 | 93 |
|
|
80 | 94 |
|
|
81 | 95 |
|
|
82 | 96 | else |
|
83 | 97 | # Disable SSHD inside initramfs |
|
84 | 98 | printf "#\n# DROPBEAR: [ y | n ]\n#\n\nDROPBEAR=n\n" >> "${ETC_DIR}/initramfs-tools/initramfs.conf" |
|
85 | 99 | fi |
|
86 | 100 | |
|
87 | 101 | # Add cryptsetup modules to initramfs |
|
88 | 102 | printf "#\n# CRYPTSETUP: [ y | n ]\n#\n\nCRYPTSETUP=y\n" >> "${ETC_DIR}/initramfs-tools/conf-hook" |
|
89 | 103 | |
|
90 | 104 | # Dummy mapping required by mkinitramfs |
|
91 | 105 | echo "0 1 crypt $(echo "${CRYPTFS_CIPHER}" | cut -d ':' -f 1) ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff 0 7:0 4096" | chroot_exec dmsetup create "${CRYPTFS_MAPPING}" |
|
92 | 106 | |
|
93 | 107 | # Generate initramfs with encrypted root partition support |
|
94 | 108 | chroot_exec mkinitramfs -o "/boot/firmware/initramfs-${KERNEL_VERSION}" "${KERNEL_VERSION}" |
|
95 | 109 | |
|
96 | 110 | # Remove dummy mapping |
|
97 | 111 | chroot_exec cryptsetup close "${CRYPTFS_MAPPING}" |
|
98 | 112 | else |
|
99 | 113 | # Generate initramfs without encrypted root partition support |
|
100 | 114 | chroot_exec mkinitramfs -o "/boot/firmware/initramfs-${KERNEL_VERSION}" "${KERNEL_VERSION}" |
|
101 | 115 | fi |
|
102 | 116 | fi |
@@ -1,293 +1,295 | |||
|
1 | 1 | # |
|
2 | 2 | # Setup RPi2/3 config and cmdline |
|
3 | 3 | # |
|
4 | 4 | |
|
5 | 5 | # Load utility functions |
|
6 | 6 | . ./functions.sh |
|
7 | 7 | |
|
8 | 8 | if [ -n "$RPI_FIRMWARE_DIR" ] && [ -d "$RPI_FIRMWARE_DIR" ] ; then |
|
9 | 9 | # Install boot binaries from local directory |
|
10 | 10 | cp "${RPI_FIRMWARE_DIR}"/boot/bootcode.bin "${BOOT_DIR}"/bootcode.bin |
|
11 | 11 | cp "${RPI_FIRMWARE_DIR}"/boot/fixup.dat "${BOOT_DIR}"/fixup.dat |
|
12 | 12 | cp "${RPI_FIRMWARE_DIR}"/boot/fixup_cd.dat "${BOOT_DIR}"/fixup_cd.dat |
|
13 | 13 | cp "${RPI_FIRMWARE_DIR}"/boot/fixup_x.dat "${BOOT_DIR}"/fixup_x.dat |
|
14 | 14 | cp "${RPI_FIRMWARE_DIR}"/boot/start.elf "${BOOT_DIR}"/start.elf |
|
15 | 15 | cp "${RPI_FIRMWARE_DIR}"/boot/start_cd.elf "${BOOT_DIR}"/start_cd.elf |
|
16 | 16 | cp "${RPI_FIRMWARE_DIR}"/boot/start_x.elf "${BOOT_DIR}"/start_x.elf |
|
17 | 17 | else |
|
18 | 18 | # Create temporary directory for boot binaries |
|
19 | 19 | temp_dir=$(as_nobody mktemp -d) |
|
20 | 20 | |
|
21 | 21 | # Install latest boot binaries from raspberry/firmware github |
|
22 | 22 | as_nobody wget -q -O "${temp_dir}/bootcode.bin" "${FIRMWARE_URL}/bootcode.bin" |
|
23 | 23 | as_nobody wget -q -O "${temp_dir}/fixup.dat" "${FIRMWARE_URL}/fixup.dat" |
|
24 | 24 | as_nobody wget -q -O "${temp_dir}/fixup_cd.dat" "${FIRMWARE_URL}/fixup_cd.dat" |
|
25 | 25 | as_nobody wget -q -O "${temp_dir}/fixup_x.dat" "${FIRMWARE_URL}/fixup_x.dat" |
|
26 | 26 | as_nobody wget -q -O "${temp_dir}/start.elf" "${FIRMWARE_URL}/start.elf" |
|
27 | 27 | as_nobody wget -q -O "${temp_dir}/start_cd.elf" "${FIRMWARE_URL}/start_cd.elf" |
|
28 | 28 | as_nobody wget -q -O "${temp_dir}/start_x.elf" "${FIRMWARE_URL}/start_x.elf" |
|
29 | 29 | |
|
30 | 30 | # Move downloaded boot binaries |
|
31 | 31 | mv "${temp_dir}/"* "${BOOT_DIR}/" |
|
32 | 32 | |
|
33 | 33 | # Remove temporary directory for boot binaries |
|
34 | 34 | rm -fr "${temp_dir}" |
|
35 | 35 | |
|
36 | 36 | # Set permissions of the boot binaries |
|
37 | 37 | chown -R root:root "${BOOT_DIR}" |
|
38 | 38 | chmod -R 600 "${BOOT_DIR}" |
|
39 | 39 | fi |
|
40 | 40 | |
|
41 | 41 | # Setup firmware boot cmdline |
|
42 | 42 | if [ "$ENABLE_USBBOOT" = true ] ; then |
|
43 | 43 | CMDLINE="dwc_otg.lpm_enable=0 root=/dev/sda2 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline console=tty1 rootwait init=/bin/systemd" |
|
44 | 44 | else |
|
45 | 45 | if [ "$ENABLE_SPLITFS" = true ] ; then |
|
46 | 46 | CMDLINE="dwc_otg.lpm_enable=0 root=/dev/sda1 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline console=tty1 rootwait init=/bin/systemd" |
|
47 | 47 | else |
|
48 | 48 | CMDLINE="dwc_otg.lpm_enable=0 root=/dev/mmcblk0p2 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline console=tty1 rootwait init=/bin/systemd" |
|
49 | 49 | fi |
|
50 | 50 | fi |
|
51 | 51 | |
|
52 | 52 | # Add encrypted root partition to cmdline.txt |
|
53 | 53 | if [ "$ENABLE_CRYPTFS" = true ] ; then |
|
54 | 54 | if [ "$ENABLE_SPLITFS" = true ] ; then |
|
55 | 55 | CMDLINE=$(echo "${CMDLINE}" | sed "s/sda1/mapper\/${CRYPTFS_MAPPING} cryptdevice=\/dev\/sda1:${CRYPTFS_MAPPING}/") |
|
56 | 56 | else |
|
57 | 57 | if [ "$ENABLE_USBBOOT" = true ] ; then |
|
58 | 58 | CMDLINE=$(echo "${CMDLINE}" | sed "s/sda2/mapper\/${CRYPTFS_MAPPING} cryptdevice=\/dev\/sda2:${CRYPTFS_MAPPING}/") |
|
59 | 59 | else |
|
60 | 60 | CMDLINE=$(echo "${CMDLINE}" | sed "s/mmcblk0p2/mapper\/${CRYPTFS_MAPPING} cryptdevice=\/dev\/mmcblk0p2:${CRYPTFS_MAPPING}/") |
|
61 | 61 | fi |
|
62 | 62 | fi |
|
63 | 63 | fi |
|
64 | 64 | |
|
65 | 65 | # Enable Kernel messages on standard output |
|
66 | 66 | if [ "$ENABLE_PRINTK" = true ] ; then |
|
67 | 67 | install_readonly files/sysctl.d/83-rpi-printk.conf "${ETC_DIR}/sysctl.d/83-rpi-printk.conf" |
|
68 | 68 | fi |
|
69 | 69 | |
|
70 | 70 | # Enable Kernel messages on standard output |
|
71 | 71 | if [ "$KERNEL_SECURITY" = true ] ; then |
|
72 | 72 | install_readonly files/sysctl.d/84-rpi-ASLR.conf "${ETC_DIR}/sysctl.d/84-rpi-ASLR.conf" |
|
73 | 73 | fi |
|
74 | 74 | |
|
75 | 75 | # Install udev rule for serial alias - serial0 = console serial1=bluetooth |
|
76 | 76 | install_readonly files/etc/99-com.rules "${LIB_DIR}/udev/rules.d/99-com.rules" |
|
77 | 77 | |
|
78 | 78 | # Remove IPv6 networking support |
|
79 | 79 | if [ "$ENABLE_IPV6" = false ] ; then |
|
80 | 80 | CMDLINE="${CMDLINE} ipv6.disable=1" |
|
81 | 81 | fi |
|
82 | 82 | |
|
83 | 83 | # Automatically assign predictable network interface names |
|
84 | 84 | if [ "$ENABLE_IFNAMES" = false ] ; then |
|
85 | 85 | CMDLINE="${CMDLINE} net.ifnames=0" |
|
86 | 86 | else |
|
87 | 87 | CMDLINE="${CMDLINE} net.ifnames=1" |
|
88 | 88 | fi |
|
89 | 89 | |
|
90 | 90 | # Disable Raspberry Pi console logo |
|
91 | 91 | if [ "$ENABLE_LOGO" = false ] ; then |
|
92 | 92 | CMDLINE="${CMDLINE} logo.nologo" |
|
93 | 93 | fi |
|
94 | 94 | |
|
95 | 95 | # Strictly limit verbosity of boot up console messages |
|
96 | 96 | if [ "$ENABLE_SILENT_BOOT" = true ] ; then |
|
97 | 97 | CMDLINE="${CMDLINE} quiet loglevel=0 rd.systemd.show_status=auto rd.udev.log_priority=0" |
|
98 | 98 | fi |
|
99 | 99 | |
|
100 | 100 | # Install firmware config |
|
101 | 101 | install_readonly files/boot/config.txt "${BOOT_DIR}/config.txt" |
|
102 | 102 | |
|
103 | 103 | # Disable Raspberry Pi console logo |
|
104 | 104 | if [ "$ENABLE_SLASH" = false ] ; then |
|
105 | 105 | echo "disable_splash=1" >> "${BOOT_DIR}/config.txt" |
|
106 | 106 | fi |
|
107 | 107 | |
|
108 | 108 | # Locks CPU frequency at maximum |
|
109 | 109 | if [ "$ENABLE_TURBO" = true ] ; then |
|
110 | 110 | echo "force_turbo=1" >> "${BOOT_DIR}/config.txt" |
|
111 | 111 | # helps to avoid sdcard corruption when force_turbo is enabled. |
|
112 | 112 | echo "boot_delay=1" >> "${BOOT_DIR}/config.txt" |
|
113 | 113 | fi |
|
114 | 114 | |
|
115 | 115 | if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then |
|
116 | 116 | |
|
117 | 117 | # Bluetooth enabled |
|
118 | 118 | if [ "$ENABLE_BLUETOOTH" = true ] ; then |
|
119 | 119 | # Create temporary directory for Bluetooth sources |
|
120 | 120 | temp_dir=$(as_nobody mktemp -d) |
|
121 | 121 | |
|
122 | 122 | # Fetch Bluetooth sources |
|
123 | 123 | as_nobody git -C "${temp_dir}" clone "${BLUETOOTH_URL}" |
|
124 | 124 | |
|
125 | 125 | # Copy downloaded sources |
|
126 | 126 | mv "${temp_dir}/pi-bluetooth" "${R}/tmp/" |
|
127 | 127 | |
|
128 | 128 | # Bluetooth firmware from arch aur https://aur.archlinux.org/packages/pi-bluetooth/ |
|
129 | 129 | as_nobody wget -q -O "${R}/tmp/pi-bluetooth/LICENCE.broadcom_bcm43xx" https://aur.archlinux.org/cgit/aur.git/plain/LICENCE.broadcom_bcm43xx?h=pi-bluetooth |
|
130 | 130 | as_nobody wget -q -O "${R}/tmp/pi-bluetooth/BCM43430A1.hcd" https://aur.archlinux.org/cgit/aur.git/plain/BCM43430A1.hcd?h=pi-bluetooth |
|
131 | 131 | |
|
132 | 132 | # Set permissions |
|
133 | 133 | chown -R root:root "${R}/tmp/pi-bluetooth" |
|
134 | 134 | |
|
135 | 135 | # Install tools |
|
136 | 136 | install_readonly "${R}/tmp/pi-bluetooth/usr/bin/btuart" "${R}/usr/bin/btuart" |
|
137 | 137 | install_readonly "${R}/tmp/pi-bluetooth/usr/bin/bthelper" "${R}/usr/bin/bthelper" |
|
138 | 138 | |
|
139 | 139 | # make scripts executable |
|
140 | 140 | chmod +x "${R}/usr/bin/bthelper" |
|
141 | 141 | chmod +x "${R}/usr/bin/btuart" |
|
142 | 142 | |
|
143 | 143 | # Install bluetooth udev rule |
|
144 | 144 | install_readonly "${R}/tmp/pi-bluetooth/lib/udev/rules.d/90-pi-bluetooth.rules" "${LIB_DIR}/udev/rules.d/90-pi-bluetooth.rules" |
|
145 | 145 | |
|
146 | 146 | # Install Firmware Flash file and apropiate licence |
|
147 | 147 | mkdir -p "$BLUETOOTH_FIRMWARE_DIR" |
|
148 | 148 | install_readonly "${R}/tmp/pi-bluetooth/LICENCE.broadcom_bcm43xx" "${BLUETOOTH_FIRMWARE_DIR}/LICENCE.broadcom_bcm43xx" |
|
149 | 149 | install_readonly "${R}/tmp/pi-bluetooth/BCM43430A1.hcd" "${BLUETOOTH_FIRMWARE_DIR}/LICENCE.broadcom_bcm43xx" |
|
150 | 150 | install_readonly "${R}/tmp/pi-bluetooth/debian/pi-bluetooth.bthelper@.service" "${ETC_DIR}/systemd/system/pi-bluetooth.bthelper@.service" |
|
151 | 151 | install_readonly "${R}/tmp/pi-bluetooth/debian/pi-bluetooth.hciuart.service" "${ETC_DIR}/systemd/system/pi-bluetooth.hciuart.service" |
|
152 | 152 | |
|
153 | 153 | # Remove temporary directories |
|
154 | 154 | rm -fr "${temp_dir}" |
|
155 | 155 | rm -fr "${R}"/tmp/pi-bluetooth |
|
156 | 156 | |
|
157 | 157 | # Switch Pi3 Bluetooth function to use the mini-UART (ttyS0) and restore UART0/ttyAMA0 over GPIOs 14 & 15. Slow Bluetooth and slow cpu. Use /dev/ttyS0 instead of /dev/ttyAMA0 |
|
158 | 158 | if [ "$ENABLE_MINIUART_OVERLAY" = true ] ; then |
|
159 | ||
|
160 | 159 | # set overlay to swap ttyAMA0 and ttyS0 |
|
161 | 160 | echo "dtoverlay=pi3-miniuart-bt" >> "${BOOT_DIR}/config.txt" |
|
162 | 161 | |
|
163 | # if force_turbo didn't lock cpu at high speed, lock it at low speed (XOR logic) or miniuart will be broken | |
|
164 | 162 |
|
|
165 | 163 |
|
|
166 | 164 | fi |
|
165 | ||
|
167 | 166 | fi |
|
168 | 167 | |
|
169 | 168 | # Activate services |
|
170 | 169 | chroot_exec systemctl enable pi-bluetooth.hciuart.service |
|
171 | 170 | |
|
172 | 171 | else # if ENABLE_BLUETOOTH = false |
|
173 | 172 | # set overlay to disable bluetooth |
|
174 | 173 | echo "dtoverlay=pi3-disable-bt" >> "${BOOT_DIR}/config.txt" |
|
175 | 174 | fi # ENABLE_BLUETOOTH end |
|
176 | 175 | fi |
|
177 | 176 | |
|
178 | 177 | # may need sudo systemctl disable hciuart |
|
179 | 178 | if [ "$ENABLE_CONSOLE" = true ] ; then |
|
180 | 179 | echo "enable_uart=1" >> "${BOOT_DIR}/config.txt" |
|
181 | 180 | # add string to cmdline |
|
182 | 181 | CMDLINE="${CMDLINE} console=serial0,115200" |
|
183 | 182 | |
|
183 | if [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ]|| [ "$RPI_MODEL" = 0 ]; then | |
|
184 | # if force_turbo didn't lock cpu at high speed, lock it at low speed (XOR logic) or miniuart will be broken | |
|
185 | if [ "$ENABLE_TURBO" = false ] ; then | |
|
186 | echo "core_freq=250" >> "${BOOT_DIR}/config.txt" | |
|
187 | fi | |
|
188 | fi | |
|
189 | ||
|
184 | 190 | # Enable serial console systemd style |
|
185 |
chroot_exec systemctl enable serial-getty |
|
|
191 | chroot_exec systemctl enable serial-getty@serial0.service | |
|
186 | 192 | else |
|
187 | 193 | echo "enable_uart=0" >> "${BOOT_DIR}/config.txt" |
|
188 | ||
|
189 | # disable serial console systemd style | |
|
190 | chroot_exec systemctl disable serial-getty\@"$SET_SERIAL".service | |
|
191 | 194 | fi |
|
192 | 195 | |
|
193 | 196 | if [ "$ENABLE_SYSTEMDSWAP" = true ] ; then |
|
194 | 197 | # Create temporary directory for systemd-swap sources |
|
195 | 198 | temp_dir=$(as_nobody mktemp -d) |
|
196 | 199 | |
|
197 | 200 | # Fetch systemd-swap sources |
|
198 | 201 | as_nobody git -C "${temp_dir}" clone "${SYSTEMDSWAP_URL}" |
|
199 | 202 | |
|
200 | 203 | # Copy downloaded systemd-swap sources |
|
201 | 204 | mv "${temp_dir}/systemd-swap" "${R}/tmp/" |
|
202 | 205 | |
|
203 | # Set permissions of the systemd-swap sources | |
|
204 | chown -R root:root "${R}/tmp/systemd-swap" | |
|
205 | ||
|
206 | # Remove temporary directory for systemd-swap sources | |
|
207 | rm -fr "${temp_dir}" | |
|
208 | ||
|
209 | 206 | # Change into downloaded src dir |
|
210 | 207 | cd "${R}/tmp/systemd-swap" || exit |
|
211 | 208 | |
|
212 | 209 | # Build package |
|
213 |
|
|
|
210 | bash ./package.sh debian | |
|
214 | 211 | |
|
215 | # Install package | |
|
216 | chroot_exec dpkg -i /tmp/systemd-swap/systemd-swap-*any.deb | |
|
212 | # Change back into script root dir | |
|
213 | cd "${WORKDIR}" || exit | |
|
214 | ||
|
215 | # Set permissions of the systemd-swap sources | |
|
216 | chown -R root:root "${R}/tmp/systemd-swap" | |
|
217 | ||
|
218 | # Install package - IMPROVE AND MAKE IT POSSIBLE WITHOUT VERSION NR. | |
|
219 | chroot_exec dpkg -i /tmp/systemd-swap/systemd-swap_4.0.1_any.deb | |
|
217 | 220 | |
|
218 | 221 | # Enable service |
|
219 | 222 | chroot_exec systemctl enable systemd-swap |
|
220 | 223 | |
|
221 | # Change back into script root dir | |
|
222 | cd "${WORKDIR}" || exit | |
|
224 | # Remove temporary directory for systemd-swap sources | |
|
225 | rm -fr "${temp_dir}" | |
|
223 | 226 | else |
|
224 | 227 | # Enable ZSWAP in cmdline if systemd-swap is not used |
|
225 | 228 | if [ "$KERNEL_ZSWAP" = true ] ; then |
|
226 | 229 |
CMDLINE="${CMDLINE} zswap.enabled=1 zswap.max_pool_percent=25 zswap.compressor=lz4" |
|
227 | 230 | fi |
|
228 | 231 | fi |
|
229 | ||
|
230 | 232 | if [ "$KERNEL_SECURITY" = true ] ; then |
|
231 | 233 | CMDLINE="${CMDLINE} apparmor=1 security=apparmor" |
|
232 | 234 | fi |
|
233 | 235 | |
|
234 | 236 | # Install firmware boot cmdline |
|
235 | 237 | echo "${CMDLINE}" > "${BOOT_DIR}/cmdline.txt" |
|
236 | 238 | |
|
237 | 239 | # Setup minimal GPU memory allocation size: 16MB (no X) |
|
238 | 240 | if [ "$ENABLE_MINGPU" = true ] ; then |
|
239 | 241 | echo "gpu_mem=16" >> "${BOOT_DIR}/config.txt" |
|
240 | 242 | fi |
|
241 | 243 | |
|
242 | 244 | # Setup boot with initramfs |
|
243 | 245 | if [ "$ENABLE_INITRAMFS" = true ] ; then |
|
244 | 246 | echo "initramfs initramfs-${KERNEL_VERSION} followkernel" >> "${BOOT_DIR}/config.txt" |
|
245 | 247 | fi |
|
246 | 248 | |
|
247 | 249 | # Create firmware configuration and cmdline symlinks |
|
248 | 250 | ln -sf firmware/config.txt "${R}/boot/config.txt" |
|
249 | 251 | ln -sf firmware/cmdline.txt "${R}/boot/cmdline.txt" |
|
250 | 252 | |
|
251 | 253 | # Install and setup kernel modules to load at boot |
|
252 | 254 | mkdir -p "${LIB_DIR}/modules-load.d/" |
|
253 | 255 | install_readonly files/modules/rpi2.conf "${LIB_DIR}/modules-load.d/rpi2.conf" |
|
254 | 256 | |
|
255 | 257 | # Load hardware random module at boot |
|
256 | 258 | if [ "$ENABLE_HWRANDOM" = true ] && [ "$BUILD_KERNEL" = false ] ; then |
|
257 | 259 | sed -i "s/^# bcm2708_rng/bcm2708_rng/" "${LIB_DIR}/modules-load.d/rpi2.conf" |
|
258 | 260 | fi |
|
259 | 261 | |
|
260 | 262 | # Load sound module at boot |
|
261 | 263 | if [ "$ENABLE_SOUND" = true ] ; then |
|
262 | 264 | sed -i "s/^# snd_bcm2835/snd_bcm2835/" "${LIB_DIR}/modules-load.d/rpi2.conf" |
|
263 | 265 | else |
|
264 | 266 | echo "dtparam=audio=off" >> "${BOOT_DIR}/config.txt" |
|
265 | 267 | fi |
|
266 | 268 | |
|
267 | 269 | # Enable I2C interface |
|
268 | 270 | if [ "$ENABLE_I2C" = true ] ; then |
|
269 | 271 | echo "dtparam=i2c_arm=on" >> "${BOOT_DIR}/config.txt" |
|
270 | 272 | sed -i "s/^# i2c-bcm2708/i2c-bcm2708/" "${LIB_DIR}/modules-load.d/rpi2.conf" |
|
271 | 273 | sed -i "s/^# i2c-dev/i2c-dev/" "${LIB_DIR}/modules-load.d/rpi2.conf" |
|
272 | 274 | fi |
|
273 | 275 | |
|
274 | 276 | # Enable SPI interface |
|
275 | 277 | if [ "$ENABLE_SPI" = true ] ; then |
|
276 | 278 | echo "dtparam=spi=on" >> "${BOOT_DIR}/config.txt" |
|
277 | 279 | echo "spi-bcm2708" >> "${LIB_DIR}/modules-load.d/rpi2.conf" |
|
278 | 280 | if [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ]; then |
|
279 | 281 | sed -i "s/spi-bcm2708/spi-bcm2835/" "${LIB_DIR}/modules-load.d/rpi2.conf" |
|
280 | 282 | fi |
|
281 | 283 | fi |
|
282 | 284 | |
|
283 | 285 | # Disable RPi2/3 under-voltage warnings |
|
284 | 286 | if [ -n "$DISABLE_UNDERVOLT_WARNINGS" ] ; then |
|
285 | 287 | echo "avoid_warnings=${DISABLE_UNDERVOLT_WARNINGS}" >> "${BOOT_DIR}/config.txt" |
|
286 | 288 | fi |
|
287 | 289 | |
|
288 | 290 | # Install kernel modules blacklist |
|
289 | 291 | mkdir -p "${ETC_DIR}/modprobe.d/" |
|
290 | 292 | install_readonly files/modules/raspi-blacklist.conf "${ETC_DIR}/modprobe.d/raspi-blacklist.conf" |
|
291 | 293 | |
|
292 | 294 | # Install sysctl.d configuration files |
|
293 | 295 | install_readonly files/sysctl.d/81-rpi-vm.conf "${ETC_DIR}/sysctl.d/81-rpi-vm.conf" |
@@ -1,146 +1,132 | |||
|
1 | 1 | # |
|
2 | 2 | # Setup Networking |
|
3 | 3 | # |
|
4 | 4 | |
|
5 | 5 | # Load utility functions |
|
6 | 6 | . ./functions.sh |
|
7 | 7 | |
|
8 | 8 | # Install and setup hostname |
|
9 | 9 | install_readonly files/network/hostname "${ETC_DIR}/hostname" |
|
10 | 10 | sed -i "s/^RaspberryPI/${HOSTNAME}/" "${ETC_DIR}/hostname" |
|
11 | 11 | |
|
12 | 12 | # Install and setup hosts |
|
13 | 13 | install_readonly files/network/hosts "${ETC_DIR}/hosts" |
|
14 | 14 | sed -i "s/RaspberryPI/${HOSTNAME}/" "${ETC_DIR}/hosts" |
|
15 | 15 | |
|
16 | 16 | # Setup hostname entry with static IP |
|
17 | 17 | if [ "$NET_ADDRESS" != "" ] ; then |
|
18 | 18 | NET_IP=$(echo "${NET_ADDRESS}" | cut -f 1 -d'/') |
|
19 | 19 | sed -i "s/^127.0.1.1/${NET_IP}/" "${ETC_DIR}/hosts" |
|
20 | 20 | fi |
|
21 | 21 | |
|
22 | 22 | # Remove IPv6 hosts |
|
23 | 23 | if [ "$ENABLE_IPV6" = false ] ; then |
|
24 | 24 | sed -i -e "/::[1-9]/d" -e "/^$/d" "${ETC_DIR}/hosts" |
|
25 | 25 | fi |
|
26 | 26 | |
|
27 | 27 | # Install hint about network configuration |
|
28 | 28 | install_readonly files/network/interfaces "${ETC_DIR}/network/interfaces" |
|
29 | 29 | |
|
30 | 30 | # Install configuration for interface eth0 |
|
31 | 31 | install_readonly files/network/eth.network "${ETC_DIR}/systemd/network/eth.network" |
|
32 | 32 | |
|
33 | 33 | # Install configuration for interface wl* |
|
34 | 34 | install_readonly files/network/wlan.network "${ETC_DIR}/systemd/network/wlan.network" |
|
35 | 35 | |
|
36 | 36 | #always with dhcp since wpa_supplicant integration is missing |
|
37 | 37 | sed -i -e "s/DHCP=.*/DHCP=yes/" -e "/DHCP/q" "${ETC_DIR}/systemd/network/wlan.network" |
|
38 | 38 | |
|
39 | 39 | if [ "$ENABLE_DHCP" = true ] ; then |
|
40 | 40 | # Enable DHCP configuration for interface eth0 |
|
41 | 41 | sed -i -e "s/DHCP=.*/DHCP=yes/" -e "/DHCP/q" "${ETC_DIR}/systemd/network/eth.network" |
|
42 | 42 | |
|
43 | 43 | # Set DHCP configuration to IPv4 only |
|
44 | 44 | if [ "$ENABLE_IPV6" = false ] ; then |
|
45 | 45 | sed -i "s/DHCP=.*/DHCP=v4/" "${ETC_DIR}/systemd/network/eth.network" |
|
46 | 46 | fi |
|
47 | 47 | |
|
48 | 48 | else # ENABLE_DHCP=false |
|
49 | 49 | # Set static network configuration for interface eth0 |
|
50 | 50 | sed -i\ |
|
51 | 51 | -e "s|DHCP=.*|DHCP=no|"\ |
|
52 | 52 | -e "s|Address=\$|Address=${NET_ADDRESS}|"\ |
|
53 | 53 | -e "s|Gateway=\$|Gateway=${NET_GATEWAY}|"\ |
|
54 | 54 | -e "0,/DNS=\$/ s|DNS=\$|DNS=${NET_DNS_1}|"\ |
|
55 | 55 | -e "0,/DNS=\$/ s|DNS=\$|DNS=${NET_DNS_2}|"\ |
|
56 | 56 | -e "s|Domains=\$|Domains=${NET_DNS_DOMAINS}|"\ |
|
57 | 57 | -e "0,/NTP=\$/ s|NTP=\$|NTP=${NET_NTP_1}|"\ |
|
58 | 58 | -e "0,/NTP=\$/ s|NTP=\$|NTP=${NET_NTP_2}|"\ |
|
59 | 59 | "${ETC_DIR}/systemd/network/eth.network" |
|
60 | ||
|
61 | if [ "$CRYPTFS_DROPBEAR" = true ] ; then | |
|
62 | # Get cdir from NET_ADDRESS e.g. 24 | |
|
63 | cdir=$(${NET_ADDRESS} | cut -d '/' -f2) | |
|
64 | ||
|
65 | # Convert cdir ro netmask e.g. 24 to 255.255.255.0 | |
|
66 | NET_MASK=$(cdr2mask "$cdir") | |
|
67 | ||
|
68 | # Write static ip settings to "${ETC_DIR}"/initramfs-tools/initramfs.conf | |
|
69 | sed -i "\$aIP=${NET_ADDRESS}::${NET_GATEWAY}:${NET_MASK}:${HOSTNAME}:" "${ETC_DIR}"/initramfs-tools/initramfs.conf | |
|
70 | ||
|
71 | # Regenerate initramfs | |
|
72 | chroot_exec mkinitramfs -o "/boot/firmware/initramfs-${KERNEL_VERSION}" "${KERNEL_VERSION}" | |
|
73 | fi | |
|
74 | 60 | fi |
|
75 | 61 | |
|
76 | 62 | # Remove empty settings from network configuration |
|
77 | 63 | sed -i "/.*=\$/d" "${ETC_DIR}/systemd/network/eth.network" |
|
78 | 64 | # Remove empty settings from wlan configuration |
|
79 | 65 | sed -i "/.*=\$/d" "${ETC_DIR}/systemd/network/wlan.network" |
|
80 | 66 | |
|
81 | 67 | # Move systemd network configuration if required by Debian release |
|
82 | 68 | mv -v "${ETC_DIR}/systemd/network/eth.network" "${LIB_DIR}/systemd/network/10-eth.network" |
|
83 | 69 | # If WLAN is enabled copy wlan configuration too |
|
84 | 70 | if [ "$ENABLE_WIRELESS" = true ] ; then |
|
85 | 71 | mv -v "${ETC_DIR}/systemd/network/wlan.network" "${LIB_DIR}/systemd/network/11-wlan.network" |
|
86 | 72 | fi |
|
87 | 73 | rm -fr "${ETC_DIR}/systemd/network" |
|
88 | 74 | |
|
89 | 75 | # Enable systemd-networkd service |
|
90 | 76 | chroot_exec systemctl enable systemd-networkd |
|
91 | 77 | |
|
92 | 78 | # Install host.conf resolver configuration |
|
93 | 79 | install_readonly files/network/host.conf "${ETC_DIR}/host.conf" |
|
94 | 80 | |
|
95 | 81 | # Enable network stack hardening |
|
96 | 82 | if [ "$ENABLE_HARDNET" = true ] ; then |
|
97 | 83 | # Install sysctl.d configuration files |
|
98 | 84 | install_readonly files/sysctl.d/82-rpi-net-hardening.conf "${ETC_DIR}/sysctl.d/82-rpi-net-hardening.conf" |
|
99 | 85 | |
|
100 | 86 | # Setup resolver warnings about spoofed addresses |
|
101 | 87 | sed -i "s/^# spoof warn/spoof warn/" "${ETC_DIR}/host.conf" |
|
102 | 88 | fi |
|
103 | 89 | |
|
104 | 90 | # Enable time sync |
|
105 | 91 | if [ "$NET_NTP_1" != "" ] ; then |
|
106 | 92 | chroot_exec systemctl enable systemd-timesyncd.service |
|
107 | 93 | fi |
|
108 | 94 | |
|
109 | 95 | # Download the firmware binary blob required to use the RPi3 wireless interface |
|
110 | 96 | if [ "$ENABLE_WIRELESS" = true ] ; then |
|
111 | 97 | if [ ! -d "${WLAN_FIRMWARE_DIR}" ] ; then |
|
112 | 98 | mkdir -p "${WLAN_FIRMWARE_DIR}" |
|
113 | 99 | fi |
|
114 | 100 | |
|
115 | 101 | # Create temporary directory for firmware binary blob |
|
116 | 102 | temp_dir=$(as_nobody mktemp -d) |
|
117 | 103 | |
|
118 | 104 | # Fetch firmware binary blob for RPI3B+ |
|
119 | 105 | if [ "$RPI_MODEL" = 3P ] ; then |
|
120 | 106 | # Fetch firmware binary blob for RPi3P |
|
121 | 107 | as_nobody wget -q -O "${temp_dir}/brcmfmac43455-sdio.bin" "${WLAN_FIRMWARE_URL}/brcmfmac43455-sdio.bin" |
|
122 | 108 | as_nobody wget -q -O "${temp_dir}/brcmfmac43455-sdio.txt" "${WLAN_FIRMWARE_URL}/brcmfmac43455-sdio.txt" |
|
123 | 109 | as_nobody wget -q -O "${temp_dir}/brcmfmac43455-sdio.clm_blob" "${WLAN_FIRMWARE_URL}/brcmfmac43455-sdio.clm_blob" |
|
124 | 110 | |
|
125 | 111 | # Move downloaded firmware binary blob |
|
126 | 112 | mv "${temp_dir}/brcmfmac43455-sdio."* "${WLAN_FIRMWARE_DIR}/" |
|
127 | 113 | |
|
128 | 114 | # Set permissions of the firmware binary blob |
|
129 | 115 | chown root:root "${WLAN_FIRMWARE_DIR}/brcmfmac43455-sdio."* |
|
130 | 116 | chmod 600 "${WLAN_FIRMWARE_DIR}/brcmfmac43455-sdio."* |
|
131 | 117 | elif [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 0 ] ; then |
|
132 | 118 | # Fetch firmware binary blob for RPi3 |
|
133 | 119 | as_nobody wget -q -O "${temp_dir}/brcmfmac43430-sdio.bin" "${WLAN_FIRMWARE_URL}/brcmfmac43430-sdio.bin" |
|
134 | 120 | as_nobody wget -q -O "${temp_dir}/brcmfmac43430-sdio.txt" "${WLAN_FIRMWARE_URL}/brcmfmac43430-sdio.txt" |
|
135 | 121 | |
|
136 | 122 | # Move downloaded firmware binary blob |
|
137 | 123 | mv "${temp_dir}/brcmfmac43430-sdio."* "${WLAN_FIRMWARE_DIR}/" |
|
138 | 124 | |
|
139 | 125 | # Set permissions of the firmware binary blob |
|
140 | 126 | chown root:root "${WLAN_FIRMWARE_DIR}/brcmfmac43430-sdio."* |
|
141 | 127 | chmod 600 "${WLAN_FIRMWARE_DIR}/brcmfmac43430-sdio."* |
|
142 | 128 | fi |
|
143 | 129 | |
|
144 | 130 | # Remove temporary directory for firmware binary blob |
|
145 | 131 | rm -fr "${temp_dir}" |
|
146 | 132 | fi |
|
1 | NO CONTENT: modified file |
General Comments 0
Vous devez vous connecter pour laisser un commentaire.
Se connecter maintenant