| @@ -45,40 +45,54 if [ "$ENABLE_INITRAMFS" = true ] ; then | |||
|
|
45 | 45 | install_exec files/initramfs/expand-premount "${ETC_DIR}/initramfs-tools/scripts/local-premount/expand-premount" |
|
|
46 | 46 | install_exec files/initramfs/expand-tools "${ETC_DIR}/initramfs-tools/hooks/expand-tools" |
|
|
47 | 47 | fi |
|
|
48 | ||
|
|
49 | if [ "$ENABLE_DHCP" = false ] ; then | |
|
|
50 | # Get cdir from NET_ADDRESS e.g. 24 | |
|
|
51 | cdir=$(${NET_ADDRESS} | cut -d '/' -f2) | |
|
|
52 | ||
|
|
53 | # Convert cdir ro netmask e.g. 24 to 255.255.255.0 | |
|
|
54 | NET_MASK=$(cdr2mask "$cdir") | |
|
|
55 | ||
|
|
56 | # Write static ip settings to "${ETC_DIR}"/initramfs-tools/initramfs.conf | |
|
|
57 | sed -i "\$aIP=${NET_ADDRESS}::${NET_GATEWAY}:${NET_MASK}:${HOSTNAME}:" "${ETC_DIR}"/initramfs-tools/initramfs.conf | |
|
|
58 | ||
|
|
59 | # Regenerate initramfs | |
|
|
60 | chroot_exec mkinitramfs -o "/boot/firmware/initramfs-${KERNEL_VERSION}" "${KERNEL_VERSION}" | |
|
|
61 | fi | |
|
|
48 | 62 | |
|
|
49 | 63 | if [ "$CRYPTFS_DROPBEAR" = true ]; then |
|
|
50 |
|
|
|
|
51 |
|
|
|
|
52 |
|
|
|
|
53 |
|
|
|
|
54 |
|
|
|
|
55 |
|
|
|
|
64 | if [ -n "$CRYPTFS_DROPBEAR_PUBKEY" ] && [ -f "$CRYPTFS_DROPBEAR_PUBKEY" ] ; then | |
|
|
65 | install_readonly "${CRYPTFS_DROPBEAR_PUBKEY}" "${ETC_DIR}"/dropbear-initramfs/id_rsa.pub | |
|
|
66 | cat "${ETC_DIR}"/dropbear-initramfs/id_rsa.pub >> "${ETC_DIR}"/dropbear-initramfs/authorized_keys | |
|
|
67 | else | |
|
|
68 | # Create key | |
|
|
69 | chroot_exec /usr/bin/dropbearkey -t rsa -f /etc/dropbear-initramfs/id_rsa.dropbear | |
|
|
56 | 70 | |
|
|
57 |
|
|
|
|
58 |
|
|
|
|
71 | # Convert dropbear key to openssh key | |
|
|
72 | chroot_exec /usr/lib/dropbear/dropbearconvert dropbear openssh /etc/dropbear-initramfs/id_rsa.dropbear /etc/dropbear-initramfs/id_rsa | |
|
|
59 | 73 | |
|
|
60 |
|
|
|
|
61 |
|
|
|
|
74 | # Get Public Key Part | |
|
|
75 | chroot_exec /usr/bin/dropbearkey -y -f /etc/dropbear-initramfs/id_rsa.dropbear | chroot_exec tee /etc/dropbear-initramfs/id_rsa.pub | |
|
|
62 | 76 | |
|
|
63 |
|
|
|
|
64 |
|
|
|
|
65 |
|
|
|
|
77 | # Delete unwanted lines | |
|
|
78 | sed -i '/Public/d' "${ETC_DIR}"/dropbear-initramfs/id_rsa.pub | |
|
|
79 | sed -i '/Fingerprint/d' "${ETC_DIR}"/dropbear-initramfs/id_rsa.pub | |
|
|
66 | 80 | |
|
|
67 |
|
|
|
|
68 |
|
|
|
|
81 | # Trust the new key | |
|
|
82 | cat "${ETC_DIR}"/dropbear-initramfs/id_rsa.pub > "${ETC_DIR}"/dropbear-initramfs/authorized_keys | |
|
|
69 | 83 | |
|
|
70 |
|
|
|
|
71 |
|
|
|
|
84 | # Save Keys - convert with putty from rsa/openssh to puttkey | |
|
|
85 | cp -f "${ETC_DIR}"/dropbear-initramfs/id_rsa "${BASEDIR}"/dropbear_initramfs_key.rsa | |
|
|
72 | 86 | |
|
|
73 |
|
|
|
|
74 |
|
|
|
|
87 | # Get unlock script | |
|
|
88 | install_exec files/initramfs/crypt_unlock.sh "${ETC_DIR}"/initramfs-tools/hooks/crypt_unlock.sh | |
|
|
75 | 89 | |
|
|
76 |
|
|
|
|
77 |
|
|
|
|
90 | # Enable Dropbear inside initramfs | |
|
|
91 | printf "#\n# DROPBEAR: [ y | n ]\n#\n\nDROPBEAR=y\n" >> "${ETC_DIR}/initramfs-tools/initramfs.conf" | |
|
|
78 | 92 | |
|
|
79 |
|
|
|
|
80 |
|
|
|
|
81 |
|
|
|
|
93 | # Enable Dropbear inside initramfs | |
|
|
94 | sed -i "54 i sleep 5" "${R}"/usr/share/initramfs-tools/scripts/init-premount/dropbear | |
|
|
95 | fi | |
|
|
82 | 96 | else |
|
|
83 | 97 | # Disable SSHD inside initramfs |
|
|
84 | 98 | printf "#\n# DROPBEAR: [ y | n ]\n#\n\nDROPBEAR=n\n" >> "${ETC_DIR}/initramfs-tools/initramfs.conf" |
| @@ -156,14 +156,13 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then | |||
|
|
156 | 156 | |
|
|
157 | 157 | # Switch Pi3 Bluetooth function to use the mini-UART (ttyS0) and restore UART0/ttyAMA0 over GPIOs 14 & 15. Slow Bluetooth and slow cpu. Use /dev/ttyS0 instead of /dev/ttyAMA0 |
|
|
158 | 158 | if [ "$ENABLE_MINIUART_OVERLAY" = true ] ; then |
|
|
159 | ||
|
|
160 | 159 | # set overlay to swap ttyAMA0 and ttyS0 |
|
|
161 | 160 | echo "dtoverlay=pi3-miniuart-bt" >> "${BOOT_DIR}/config.txt" |
|
|
162 | 161 | |
|
|
163 | # if force_turbo didn't lock cpu at high speed, lock it at low speed (XOR logic) or miniuart will be broken | |
|
|
164 | 162 |
|
|
|
165 |
|
|
|
|
166 | fi | |
|
|
163 | echo "core_freq=250" >> "${BOOT_DIR}/config.txt" | |
|
|
164 | fi | |
|
|
165 | ||
|
|
167 | 166 | fi |
|
|
168 | 167 | |
|
|
169 | 168 | # Activate services |
| @@ -180,14 +179,18 if [ "$ENABLE_CONSOLE" = true ] ; then | |||
|
|
180 | 179 | echo "enable_uart=1" >> "${BOOT_DIR}/config.txt" |
|
|
181 | 180 | # add string to cmdline |
|
|
182 | 181 | CMDLINE="${CMDLINE} console=serial0,115200" |
|
|
182 | ||
|
|
183 | if [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ]|| [ "$RPI_MODEL" = 0 ]; then | |
|
|
184 | # if force_turbo didn't lock cpu at high speed, lock it at low speed (XOR logic) or miniuart will be broken | |
|
|
185 | if [ "$ENABLE_TURBO" = false ] ; then | |
|
|
186 | echo "core_freq=250" >> "${BOOT_DIR}/config.txt" | |
|
|
187 | fi | |
|
|
188 | fi | |
|
|
183 | 189 | |
|
|
184 | 190 | # Enable serial console systemd style |
|
|
185 |
chroot_exec systemctl enable serial-getty |
|
|
|
191 | chroot_exec systemctl enable serial-getty@serial0.service | |
|
|
186 | 192 | else |
|
|
187 | 193 | echo "enable_uart=0" >> "${BOOT_DIR}/config.txt" |
|
|
188 | ||
|
|
189 | # disable serial console systemd style | |
|
|
190 | chroot_exec systemctl disable serial-getty\@"$SET_SERIAL".service | |
|
|
191 | 194 | fi |
|
|
192 | 195 | |
|
|
193 | 196 | if [ "$ENABLE_SYSTEMDSWAP" = true ] ; then |
| @@ -200,36 +203,35 if [ "$ENABLE_SYSTEMDSWAP" = true ] ; then | |||
|
|
200 | 203 | # Copy downloaded systemd-swap sources |
|
|
201 | 204 | mv "${temp_dir}/systemd-swap" "${R}/tmp/" |
|
|
202 | 205 | |
|
|
203 | # Set permissions of the systemd-swap sources | |
|
|
204 | chown -R root:root "${R}/tmp/systemd-swap" | |
|
|
205 | ||
|
|
206 | # Remove temporary directory for systemd-swap sources | |
|
|
207 | rm -fr "${temp_dir}" | |
|
|
208 | ||
|
|
209 | 206 | # Change into downloaded src dir |
|
|
210 | 207 | cd "${R}/tmp/systemd-swap" || exit |
|
|
211 | ||
|
|
208 | ||
|
|
212 | 209 | # Build package |
|
|
213 |
|
|
|
|
210 | bash ./package.sh debian | |
|
|
214 | 211 | |
|
|
215 | # Install package | |
|
|
216 | chroot_exec dpkg -i /tmp/systemd-swap/systemd-swap-*any.deb | |
|
|
212 | # Change back into script root dir | |
|
|
213 | cd "${WORKDIR}" || exit | |
|
|
217 | 214 | |
|
|
215 | # Set permissions of the systemd-swap sources | |
|
|
216 | chown -R root:root "${R}/tmp/systemd-swap" | |
|
|
217 | ||
|
|
218 | # Install package - IMPROVE AND MAKE IT POSSIBLE WITHOUT VERSION NR. | |
|
|
219 | chroot_exec dpkg -i /tmp/systemd-swap/systemd-swap_4.0.1_any.deb | |
|
|
220 | ||
|
|
218 | 221 | # Enable service |
|
|
219 | 222 | chroot_exec systemctl enable systemd-swap |
|
|
220 | 223 | |
|
|
221 | # Change back into script root dir | |
|
|
222 | cd "${WORKDIR}" || exit | |
|
|
224 | # Remove temporary directory for systemd-swap sources | |
|
|
225 | rm -fr "${temp_dir}" | |
|
|
223 | 226 | else |
|
|
224 | 227 | # Enable ZSWAP in cmdline if systemd-swap is not used |
|
|
225 | 228 | if [ "$KERNEL_ZSWAP" = true ] ; then |
|
|
226 |
CMDLINE="${CMDLINE} zswap.enabled=1 zswap.max_pool_percent=25 zswap.compressor=lz4" |
|
|
|
229 | CMDLINE="${CMDLINE} zswap.enabled=1 zswap.max_pool_percent=25 zswap.compressor=lz4" | |
|
|
227 | 230 | fi |
|
|
228 | 231 | fi |
|
|
229 | ||
|
|
230 | if [ "$KERNEL_SECURITY" = true ] ; then | |
|
|
231 | CMDLINE="${CMDLINE} apparmor=1 security=apparmor" | |
|
|
232 | fi | |
|
|
232 | if [ "$KERNEL_SECURITY" = true ] ; then | |
|
|
233 | CMDLINE="${CMDLINE} apparmor=1 security=apparmor" | |
|
|
234 | fi | |
|
|
233 | 235 | |
|
|
234 | 236 | # Install firmware boot cmdline |
|
|
235 | 237 | echo "${CMDLINE}" > "${BOOT_DIR}/cmdline.txt" |
| @@ -57,20 +57,6 else # ENABLE_DHCP=false | |||
|
|
57 | 57 | -e "0,/NTP=\$/ s|NTP=\$|NTP=${NET_NTP_1}|"\ |
|
|
58 | 58 | -e "0,/NTP=\$/ s|NTP=\$|NTP=${NET_NTP_2}|"\ |
|
|
59 | 59 | "${ETC_DIR}/systemd/network/eth.network" |
|
|
60 | ||
|
|
61 | if [ "$CRYPTFS_DROPBEAR" = true ] ; then | |
|
|
62 | # Get cdir from NET_ADDRESS e.g. 24 | |
|
|
63 | cdir=$(${NET_ADDRESS} | cut -d '/' -f2) | |
|
|
64 | ||
|
|
65 | # Convert cdir ro netmask e.g. 24 to 255.255.255.0 | |
|
|
66 | NET_MASK=$(cdr2mask "$cdir") | |
|
|
67 | ||
|
|
68 | # Write static ip settings to "${ETC_DIR}"/initramfs-tools/initramfs.conf | |
|
|
69 | sed -i "\$aIP=${NET_ADDRESS}::${NET_GATEWAY}:${NET_MASK}:${HOSTNAME}:" "${ETC_DIR}"/initramfs-tools/initramfs.conf | |
|
|
70 | ||
|
|
71 | # Regenerate initramfs | |
|
|
72 | chroot_exec mkinitramfs -o "/boot/firmware/initramfs-${KERNEL_VERSION}" "${KERNEL_VERSION}" | |
|
|
73 | fi | |
|
|
74 | 60 | fi |
|
|
75 | 61 | |
|
|
76 | 62 | # Remove empty settings from network configuration |
| @@ -10,7 +10,7 if [ "$ENABLE_IPTABLES" = true ] ; then | |||
|
|
10 | 10 | mkdir -p "${ETC_DIR}/iptables" |
|
|
11 | 11 | |
|
|
12 | 12 | if [ "$KERNEL_NF" = false ] ; then |
|
|
13 | #iptables-save and -restore are slaves of iptables and thus are set accordingly | |
|
|
13 | # iptables-save and -restore are slaves of iptables and thus are set accordingly | |
|
|
14 | 14 | chroot_exec update-alternatives --verbose --set iptables /usr/sbin/iptables-legacy |
|
|
15 | 15 | fi |
|
|
16 | 16 | |
| @@ -29,10 +29,10 if [ "$ENABLE_IPTABLES" = true ] ; then | |||
|
|
29 | 29 | |
|
|
30 | 30 | if [ "$ENABLE_IPV6" = true ] ; then |
|
|
31 | 31 | if [ "$KERNEL_NF" = false ] ; then |
|
|
32 | #iptables-save and -restore are slaves of iptables and thus are set accordingly | |
|
|
32 | # iptables-save and -restore are slaves of iptables and thus are set accordingly | |
|
|
33 | 33 | chroot_exec update-alternatives --verbose --set ip6tables /usr/sbin/ip6tables-legacy |
|
|
34 |
|
|
|
|
35 | ||
|
|
34 | fi | |
|
|
35 | ||
|
|
36 | 36 | # Install ip6tables systemd service |
|
|
37 | 37 | install_readonly files/iptables/ip6tables.service "${ETC_DIR}/systemd/system/ip6tables.service" |
|
|
38 | 38 | |
General Comments 0
Vous devez vous connecter pour laisser un commentaire.
Se connecter maintenant
