##// END OF EJS Templates
Raspi2-3_GenImage
RSS

Cloner depuis https://github.com/drtyhlpr/rpi23-gen-image.git

Fix escaping of adduser
Filip Pytloun -
r48:c8a035bfc03f
parent child
Show More
Show file before | Show file after | Hide comments
@@ -1,684 +1,684
1 1 #!/bin/sh
2 2
3 3 ########################################################################
4 4 # rpi2-gen-image.sh ver2a 12/2015
5 5 #
6 6 # Advanced debian "jessie" bootstrap script for RPi2
7 7 #
8 8 # This program is free software; you can redistribute it and/or
9 9 # modify it under the terms of the GNU General Public License
10 10 # as published by the Free Software Foundation; either version 2
11 11 # of the License, or (at your option) any later version.
12 12 #
13 13 # some parts based on rpi2-build-image:
14 14 # Copyright (C) 2015 Ryan Finnie <ryan@finnie.org>
15 15 # Copyright (C) 2015 Luca Falavigna <dktrkranz@debian.org>
16 16 ########################################################################
17 17
18 18 # Clean up all temporary mount points
19 19 cleanup (){
20 20 set +x
21 21 set +e
22 22 echo "removing temporary mount points ..."
23 23 umount -l $R/proc 2> /dev/null
24 24 umount -l $R/sys 2> /dev/null
25 25 umount -l $R/dev/pts 2> /dev/null
26 26 umount "$BUILDDIR/mount/boot/firmware" 2> /dev/null
27 27 umount "$BUILDDIR/mount" 2> /dev/null
28 28 losetup -d "$EXT4_LOOP" 2> /dev/null
29 29 losetup -d "$VFAT_LOOP" 2> /dev/null
30 30 trap - 0 1 2 3 6
31 31 }
32 32
33 33 # Exec command in chroot
34 34 chroot_exec() {
35 35 LANG=C LC_ALL=C chroot $R $*
36 36 }
37 37
38 38 set -e
39 39 set -x
40 40
41 41 # Debian release
42 42 RELEASE=${RELEASE:=jessie}
43 43 KERNEL=${KERNEL:=3.18.0-trunk-rpi2}
44 44
45 45 # Build settings
46 46 BASEDIR=./images/${RELEASE}
47 47 BUILDDIR=${BASEDIR}/build
48 48
49 49 # General settings
50 50 HOSTNAME=${HOSTNAME:=rpi2-${RELEASE}}
51 51 PASSWORD=${PASSWORD:=raspberry}
52 52 DEFLOCAL=${DEFLOCAL:="en_US.UTF-8"}
53 53 TIMEZONE=${TIMEZONE:="Europe/Berlin"}
54 54 XKBMODEL=${XKBMODEL:=""}
55 55 XKBLAYOUT=${XKBLAYOUT:=""}
56 56 XKBVARIANT=${XKBVARIANT:=""}
57 57 XKBOPTIONS=${XKBOPTIONS:=""}
58 58 EXPANDROOT=${EXPANDROOT:=true}
59 59
60 60 # Network settings
61 61 ENABLE_DHCP=${ENABLE_DHCP:=true}
62 62 # NET_* settings are ignored when ENABLE_DHCP=true
63 63 # NET_ADDRESS is an IPv4 or IPv6 address and its prefix, separated by "/"
64 64 NET_ADDRESS=${NET_ADDRESS:=""}
65 65 NET_GATEWAY=${NET_GATEWAY:=""}
66 66 NET_DNS_1=${NET_DNS_1:=""}
67 67 NET_DNS_2=${NET_DNS_2:=""}
68 68 NET_DNS_DOMAINS=${NET_DNS_DOMAINS:=""}
69 69 NET_NTP_1=${NET_NTP_1:=""}
70 70 NET_NTP_2=${NET_NTP_2:=""}
71 71
72 72 # APT settings
73 73 APT_PROXY=${APT_PROXY:=""}
74 74 APT_SERVER=${APT_SERVER:="ftp.debian.org"}
75 75
76 76 # Feature settings
77 77 ENABLE_CONSOLE=${ENABLE_CONSOLE:=true}
78 78 ENABLE_IPV6=${ENABLE_IPV6:=true}
79 79 ENABLE_SSHD=${ENABLE_SSHD:=true}
80 80 ENABLE_SOUND=${ENABLE_SOUND:=true}
81 81 ENABLE_DBUS=${ENABLE_DBUS:=true}
82 82 ENABLE_HWRANDOM=${ENABLE_HWRANDOM:=true}
83 83 ENABLE_MINGPU=${ENABLE_MINGPU:=false}
84 84 ENABLE_XORG=${ENABLE_XORG:=false}
85 85 ENABLE_WM=${ENABLE_WM:=""}
86 86 ENABLE_RSYSLOG=${ENABLE_RSYSLOG:=true}
87 87 ENABLE_USER=${ENABLE_USER:=true}
88 88 ENABLE_ROOT=${ENABLE_ROOT:=false}
89 89 ENABLE_ROOT_SSH=${ENABLE_ROOT_SSH:=false}
90 90
91 91 # Advanced settings
92 92 ENABLE_MINBASE=${ENABLE_MINBASE:=false}
93 93 ENABLE_UBOOT=${ENABLE_UBOOT:=false}
94 94 ENABLE_FBTURBO=${ENABLE_FBTURBO:=false}
95 95 ENABLE_HARDNET=${ENABLE_HARDNET:=false}
96 96 ENABLE_IPTABLES=${ENABLE_IPTABLES:=false}
97 97
98 98 # Image chroot path
99 99 R=${BUILDDIR}/chroot
100 100
101 101 # Packages required for bootstrapping
102 102 REQUIRED_PACKAGES="debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git-core"
103 103
104 104 # Missing packages that need to be installed
105 105 MISSING_PACKAGES=""
106 106
107 107 # Packages required in the chroot build environment
108 108 APT_INCLUDES=${APT_INCLUDES:=""}
109 109 APT_INCLUDES="${APT_INCLUDES},apt-transport-https,ca-certificates,debian-archive-keyring,dialog,sudo"
110 110
111 111 set +x
112 112
113 113 # Are we running as root?
114 114 if [ "$(id -u)" -ne "0" ] ; then
115 115 echo "this script must be executed with root privileges"
116 116 exit 1
117 117 fi
118 118
119 119 # Check if all required packages are installed
120 120 for package in $REQUIRED_PACKAGES ; do
121 121 if [ "`dpkg-query -W -f='${Status}' $package`" != "install ok installed" ] ; then
122 122 MISSING_PACKAGES="$MISSING_PACKAGES $package"
123 123 fi
124 124 done
125 125
126 126 # Ask if missing packages should get installed right now
127 127 if [ -n "$MISSING_PACKAGES" ] ; then
128 128 echo "the following packages needed by this script are not installed:"
129 129 echo "$MISSING_PACKAGES"
130 130
131 131 echo -n "\ndo you want to install the missing packages right now? [y/n] "
132 132 read confirm
133 133 if [ "$confirm" != "y" ] ; then
134 134 exit 1
135 135 fi
136 136 fi
137 137
138 138 # Make sure all required packages are installed
139 139 apt-get -qq -y install ${REQUIRED_PACKAGES}
140 140
141 141 # Don't clobber an old build
142 142 if [ -e "$BUILDDIR" ]; then
143 143 echo "directory $BUILDDIR already exists, not proceeding"
144 144 exit 1
145 145 fi
146 146
147 147 set -x
148 148
149 149 # Call "cleanup" function on various signals and errors
150 150 trap cleanup 0 1 2 3 6
151 151
152 152 # Set up chroot directory
153 153 mkdir -p $R
154 154
155 155 # Add required packages for the minbase installation
156 156 if [ "$ENABLE_MINBASE" = true ] ; then
157 157 APT_INCLUDES="${APT_INCLUDES},vim-tiny,netbase,net-tools"
158 158 else
159 159 APT_INCLUDES="${APT_INCLUDES},locales,keyboard-configuration,console-setup"
160 160 fi
161 161
162 162 # Add parted package, required to get partprobe utility
163 163 if [ "$EXPANDROOT" = true ] ; then
164 164 APT_INCLUDES="${APT_INCLUDES},parted"
165 165 fi
166 166
167 167 # Add dbus package, recommended if using systemd
168 168 if [ "$ENABLE_DBUS" = true ] ; then
169 169 APT_INCLUDES="${APT_INCLUDES},dbus"
170 170 fi
171 171
172 172 # Add iptables IPv4/IPv6 package
173 173 if [ "$ENABLE_IPTABLES" = true ] ; then
174 174 APT_INCLUDES="${APT_INCLUDES},iptables"
175 175 fi
176 176
177 177 # Add openssh server package
178 178 if [ "$ENABLE_SSHD" = true ] ; then
179 179 APT_INCLUDES="${APT_INCLUDES},openssh-server"
180 180 fi
181 181
182 182 # Add alsa-utils package
183 183 if [ "$ENABLE_SOUND" = true ] ; then
184 184 APT_INCLUDES="${APT_INCLUDES},alsa-utils"
185 185 fi
186 186
187 187 # Add rng-tools package
188 188 if [ "$ENABLE_HWRANDOM" = true ] ; then
189 189 APT_INCLUDES="${APT_INCLUDES},rng-tools"
190 190 fi
191 191
192 192 if [ "$ENABLE_USER" = true ]; then
193 193 APT_INCLUDES="${APT_INCLUDES},sudo"
194 194 fi
195 195
196 196 # Add fbturbo video driver
197 197 if [ "$ENABLE_FBTURBO" = true ] ; then
198 198 # Enable xorg package dependencies
199 199 ENABLE_XORG=true
200 200 fi
201 201
202 202 # Add user defined window manager package
203 203 if [ -n "$ENABLE_WM" ] ; then
204 204 APT_INCLUDES="${APT_INCLUDES},${ENABLE_WM}"
205 205
206 206 # Enable xorg package dependencies
207 207 ENABLE_XORG=true
208 208 fi
209 209
210 210 # Add xorg package
211 211 if [ "$ENABLE_XORG" = true ] ; then
212 212 APT_INCLUDES="${APT_INCLUDES},xorg"
213 213 fi
214 214
215 215 # Base debootstrap (unpack only)
216 216 if [ "$ENABLE_MINBASE" = true ] ; then
217 217 http_proxy=${APT_PROXY} debootstrap --arch=armhf --variant=minbase --foreign --include=${APT_INCLUDES} $RELEASE $R http://${APT_SERVER}/debian
218 218 else
219 219 http_proxy=${APT_PROXY} debootstrap --arch=armhf --foreign --include=${APT_INCLUDES} $RELEASE $R http://${APT_SERVER}/debian
220 220 fi
221 221
222 222 # Copy qemu emulator binary to chroot
223 223 cp /usr/bin/qemu-arm-static $R/usr/bin
224 224
225 225 # Copy debian-archive-keyring.pgp
226 226 chroot $R mkdir -p /usr/share/keyrings
227 227 cp /usr/share/keyrings/debian-archive-keyring.gpg $R/usr/share/keyrings/debian-archive-keyring.gpg
228 228
229 229 # Complete the bootstrapping process
230 230 chroot $R /debootstrap/debootstrap --second-stage
231 231
232 232 # Mount required filesystems
233 233 mount -t proc none $R/proc
234 234 mount -t sysfs none $R/sys
235 235 mount --bind /dev/pts $R/dev/pts
236 236
237 237 # Use proxy inside chroot
238 238 if [ -z "$APT_PROXY" ] ; then
239 239 echo "Acquire::http::Proxy \"$APT_PROXY\";" >> $R/etc/apt/apt.conf.d/10proxy
240 240 fi
241 241
242 242 # Pin package flash-kernel to repositories.collabora.co.uk
243 243 cat <<EOM >$R/etc/apt/preferences.d/flash-kernel
244 244 Package: flash-kernel
245 245 Pin: origin repositories.collabora.co.uk
246 246 Pin-Priority: 1000
247 247 EOM
248 248
249 249 # Set up timezone
250 250 echo ${TIMEZONE} >$R/etc/timezone
251 251 chroot_exec dpkg-reconfigure -f noninteractive tzdata
252 252
253 253 # Upgrade collabora package index and install collabora keyring
254 254 echo "deb https://repositories.collabora.co.uk/debian ${RELEASE} rpi2" >$R/etc/apt/sources.list
255 255 chroot_exec apt-get -qq -y update
256 256 chroot_exec apt-get -qq -y --force-yes install collabora-obs-archive-keyring
257 257
258 258 # Set up initial sources.list
259 259 cat <<EOM >$R/etc/apt/sources.list
260 260 deb http://${APT_SERVER}/debian ${RELEASE} main contrib
261 261 #deb-src http://${APT_SERVER}/debian ${RELEASE} main contrib
262 262
263 263 deb http://${APT_SERVER}/debian/ ${RELEASE}-updates main contrib
264 264 #deb-src http://${APT_SERVER}/debian/ ${RELEASE}-updates main contrib
265 265
266 266 deb http://security.debian.org/ ${RELEASE}/updates main contrib
267 267 #deb-src http://security.debian.org/ ${RELEASE}/updates main contrib
268 268
269 269 deb https://repositories.collabora.co.uk/debian ${RELEASE} rpi2
270 270 EOM
271 271
272 272 # Upgrade package index and update all installed packages and changed dependencies
273 273 chroot_exec apt-get -qq -y update
274 274 chroot_exec apt-get -qq -y -u dist-upgrade
275 275
276 276 # Set up default locale and keyboard configuration
277 277 if [ "$ENABLE_MINBASE" = false ] ; then
278 278 # Set locale choice in debconf db, even though dpkg-reconfigure ignores and overwrites them due to some bug
279 279 # https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=684134 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=685957
280 280 # ... so we have to set locales manually
281 281 if [ "$DEFLOCAL" = "en_US.UTF-8" ] ; then
282 282 chroot_exec echo "locales locales/locales_to_be_generated multiselect ${DEFLOCAL} UTF-8" | debconf-set-selections
283 283 else
284 284 # en_US.UTF-8 should be available anyway : https://www.debian.org/doc/manuals/debian-reference/ch08.en.html#_the_reconfiguration_of_the_locale
285 285 chroot_exec echo "locales locales/locales_to_be_generated multiselect en_US.UTF-8 UTF-8, ${DEFLOCAL} UTF-8" | debconf-set-selections
286 286 chroot_exec sed -i "/en_US.UTF-8/s/^#//" /etc/locale.gen
287 287 fi
288 288 chroot_exec sed -i "/${DEFLOCAL}/s/^#//" /etc/locale.gen
289 289 chroot_exec echo "locales locales/default_environment_locale select ${DEFLOCAL}" | debconf-set-selections
290 290 chroot_exec locale-gen
291 291 chroot_exec update-locale LANG=${DEFLOCAL}
292 292
293 293 # Keyboard configuration, if requested
294 294 if [ "$XKBMODEL" != "" ] ; then
295 295 chroot_exec sed -i "s/^XKBMODEL.*/XKBMODEL=\"${XKBMODEL}\"/" /etc/default/keyboard
296 296 fi
297 297 if [ "$XKBLAYOUT" != "" ] ; then
298 298 chroot_exec sed -i "s/^XKBLAYOUT.*/XKBLAYOUT=\"${XKBLAYOUT}\"/" /etc/default/keyboard
299 299 fi
300 300 if [ "$XKBVARIANT" != "" ] ; then
301 301 chroot_exec sed -i "s/^XKBVARIANT.*/XKBVARIANT=\"${XKBVARIANT}\"/" /etc/default/keyboard
302 302 fi
303 303 if [ "$XKBOPTIONS" != "" ] ; then
304 304 chroot_exec sed -i "s/^XKBOPTIONS.*/XKBOPTIONS=\"${XKBOPTIONS}\"/" /etc/default/keyboard
305 305 fi
306 306 chroot_exec dpkg-reconfigure -f noninteractive keyboard-configuration
307 307 # Set up font console
308 308 case "${DEFLOCAL}" in
309 309 *UTF-8)
310 310 chroot_exec sed -i 's/^CHARMAP.*/CHARMAP="UTF-8"/' /etc/default/console-setup
311 311 ;;
312 312 *)
313 313 chroot_exec sed -i 's/^CHARMAP.*/CHARMAP="guess"/' /etc/default/console-setup
314 314 ;;
315 315 esac
316 316 chroot_exec dpkg-reconfigure -f noninteractive console-setup
317 317 fi
318 318
319 319 # Kernel installation
320 320 # Install flash-kernel last so it doesn't try (and fail) to detect the platform in the chroot
321 321 chroot_exec apt-get -qq -y --no-install-recommends install linux-image-${KERNEL} raspberrypi-bootloader-nokernel
322 322 chroot_exec apt-get -qq -y install flash-kernel
323 323
324 324 VMLINUZ="$(ls -1 $R/boot/vmlinuz-* | sort | tail -n 1)"
325 325 [ -z "$VMLINUZ" ] && exit 1
326 326 cp $VMLINUZ $R/boot/firmware/kernel7.img
327 327
328 328 # Set up IPv4 hosts
329 329 echo ${HOSTNAME} >$R/etc/hostname
330 330 cat <<EOM >$R/etc/hosts
331 331 127.0.0.1 localhost
332 332 127.0.1.1 ${HOSTNAME}
333 333 EOM
334 334 if [ "$NET_ADDRESS" != "" ] ; then
335 335 NET_IP=$(echo ${NET_ADDRESS} | cut -f 1 -d'/')
336 336 sed -i "s/^127.0.1.1/${NET_IP}/" $R/etc/hosts
337 337 fi
338 338
339 339 # Set up IPv6 hosts
340 340 if [ "$ENABLE_IPV6" = true ] ; then
341 341 cat <<EOM >>$R/etc/hosts
342 342
343 343 ::1 localhost ip6-localhost ip6-loopback
344 344 ff02::1 ip6-allnodes
345 345 ff02::2 ip6-allrouters
346 346 EOM
347 347 fi
348 348
349 349 # Place hint about network configuration
350 350 cat <<EOM >$R/etc/network/interfaces
351 351 # Debian switched to systemd-networkd configuration files.
352 352 # please configure your networks in '/etc/systemd/network/'
353 353 EOM
354 354
355 355 if [ "$ENABLE_DHCP" = true ] ; then
356 356 # Enable systemd-networkd DHCP configuration for interface eth0
357 357 cat <<EOM >$R/etc/systemd/network/eth.network
358 358 [Match]
359 359 Name=eth0
360 360
361 361 [Network]
362 362 DHCP=yes
363 363 EOM
364 364
365 365 # Set DHCP configuration to IPv4 only
366 366 if [ "$ENABLE_IPV6" = false ] ; then
367 367 sed -i "s/^DHCP=yes/DHCP=v4/" $R/etc/systemd/network/eth.network
368 368 fi
369 369 else # ENABLE_DHCP=false
370 370 cat <<EOM >$R/etc/systemd/network/eth.network
371 371 [Match]
372 372 Name=eth0
373 373
374 374 [Network]
375 375 DHCP=no
376 376 Address=${NET_ADDRESS}
377 377 Gateway=${NET_GATEWAY}
378 378 DNS=${NET_DNS_1}
379 379 DNS=${NET_DNS_2}
380 380 Domains=${NET_DNS_DOMAINS}
381 381 NTP=${NET_NTP_1}
382 382 NTP=${NET_NTP_2}
383 383 EOM
384 384 fi
385 385
386 386 # Enable systemd-networkd service
387 387 chroot_exec systemctl enable systemd-networkd
388 388
389 389 # Generate crypt(3) password string
390 390 ENCRYPTED_PASSWORD=`mkpasswd -m sha-512 ${PASSWORD}`
391 391
392 392 # Set up default user
393 393 if [ "$ENABLE_USER" = true ] ; then
394 chroot_exec adduser --gecos \"Raspberry PI user\" --add_extra_groups --disabled-password pi
394 chroot_exec adduser --gecos \"Raspberry\ PI\ user\" --add_extra_groups --disabled-password pi
395 395 chroot_exec usermod -a -G sudo -p "${ENCRYPTED_PASSWORD}" pi
396 396 fi
397 397
398 398 # Set up root password or not
399 399 if [ "$ENABLE_ROOT" = true ]; then
400 400 chroot_exec usermod -p "${ENCRYPTED_PASSWORD}" root
401 401
402 402 if [ "$ENABLE_ROOT_SSH" = true ]; then
403 403 sed -i 's|[#]*PermitRootLogin.*|PermitRootLogin yes|g' $R/etc/ssh/sshd_config
404 404 fi
405 405 else
406 406 chroot_exec usermod -p \'!\' root
407 407 fi
408 408
409 409 # Set up firmware boot cmdline
410 410 CMDLINE="dwc_otg.lpm_enable=0 root=/dev/mmcblk0p2 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline rootwait net.ifnames=1 console=tty1"
411 411
412 412 # Set up serial console support (if requested)
413 413 if [ "$ENABLE_CONSOLE" = true ] ; then
414 414 CMDLINE="${CMDLINE} console=ttyAMA0,115200 kgdboc=ttyAMA0,115200"
415 415 fi
416 416
417 417 # Set up IPv6 networking support
418 418 if [ "$ENABLE_IPV6" = false ] ; then
419 419 CMDLINE="${CMDLINE} ipv6.disable=1"
420 420 fi
421 421
422 422 echo "${CMDLINE}" >$R/boot/firmware/cmdline.txt
423 423
424 424 # Set up firmware config
425 425 install -o root -g root -m 644 files/config.txt $R/boot/firmware/config.txt
426 426
427 427 # Load snd_bcm2835 kernel module at boot time
428 428 if [ "$ENABLE_SOUND" = true ] ; then
429 429 echo "snd_bcm2835" >>$R/etc/modules
430 430 fi
431 431
432 432 # Set smallest possible GPU memory allocation size: 16MB (no X)
433 433 if [ "$ENABLE_MINGPU" = true ] ; then
434 434 echo "gpu_mem=16" >>$R/boot/firmware/config.txt
435 435 fi
436 436
437 437 # Create symlinks
438 438 ln -sf firmware/config.txt $R/boot/config.txt
439 439 ln -sf firmware/cmdline.txt $R/boot/cmdline.txt
440 440
441 441 # Prepare modules-load.d directory
442 442 mkdir -p $R/lib/modules-load.d/
443 443
444 444 # Load random module on boot
445 445 if [ "$ENABLE_HWRANDOM" = true ] ; then
446 446 cat <<EOM >$R/lib/modules-load.d/rpi2.conf
447 447 bcm2708_rng
448 448 EOM
449 449 fi
450 450
451 451 # Prepare modprobe.d directory
452 452 mkdir -p $R/etc/modprobe.d/
453 453
454 454 # Blacklist sound modules
455 455 install -o root -g root -m 644 files/modprobe.d/raspi-blacklist.conf $R/etc/modprobe.d/raspi-blacklist.conf
456 456
457 457 # Create default fstab
458 458 install -o root -g root -m 644 files/fstab $R/etc/fstab
459 459
460 460 # Avoid swapping and increase cache sizes
461 461 install -o root -g root -m 644 files/sysctl.d/81-rpi-vm.conf $R/etc/sysctl.d/81-rpi-vm.conf
462 462
463 463 # Enable network stack hardening
464 464 if [ "$ENABLE_HARDNET" = true ] ; then
465 465 install -o root -g root -m 644 files/sysctl.d/81-rpi-net-hardening.conf $R/etc/sysctl.d/81-rpi-net-hardening.conf
466 466
467 467 # Enable resolver warnings about spoofed addresses
468 468 cat <<EOM >>$R/etc/host.conf
469 469 spoof warn
470 470 EOM
471 471 fi
472 472
473 473 # First boot actions
474 474 cat files/firstboot/10-begin.sh > $R/etc/rc.firstboot
475 475
476 476 # Ensure openssh server host keys are regenerated on first boot
477 477 if [ "$ENABLE_SSHD" = true ] ; then
478 478 cat files/firstboot/21-generate-ssh-keys.sh >> $R/etc/rc.firstboot
479 479 rm -f $R/etc/ssh/ssh_host_*
480 480 fi
481 481
482 482 if [ "$EXPANDROOT" = true ] ; then
483 483 cat files/firstboot/22-expandroot.sh >> $R/etc/rc.firstboot
484 484 fi
485 485
486 486 cat files/firstboot/99-finish.sh >> $R/etc/rc.firstboot
487 487 chmod +x $R/etc/rc.firstboot
488 488
489 489 sed -i '/exit 0/d' $R/etc/rc.local
490 490 echo /etc/rc.firstboot >> $R/etc/rc.local
491 491 echo exit 0 >> $R/etc/rc.local
492 492
493 493 # Disable rsyslog
494 494 if [ "$ENABLE_RSYSLOG" = false ]; then
495 495 sed -i 's|[#]*ForwardToSyslog=yes|ForwardToSyslog=no|g' $R/etc/systemd/journald.conf
496 496 chroot_exec systemctl disable rsyslog
497 497 chroot_exec apt-get purge -q -y --force-yes rsyslog
498 498 fi
499 499
500 500 # Enable serial console systemd style
501 501 if [ "$ENABLE_CONSOLE" = true ] ; then
502 502 chroot_exec systemctl enable serial-getty\@ttyAMA0.service
503 503 fi
504 504
505 505 # Enable firewall based on iptables started by systemd service
506 506 if [ "$ENABLE_IPTABLES" = true ] ; then
507 507 # Create iptables configuration directory
508 508 mkdir -p "$R/etc/iptables"
509 509
510 510 # Create iptables systemd service
511 511 install -o root -g root -m 644 files/iptables/iptables.service $R/etc/systemd/system/iptables.service
512 512
513 513 # Create flush-table script called by iptables service
514 514 install -o root -g root -m 755 files/iptables/flush-iptables.sh $R/etc/iptables/flush-iptables.sh
515 515
516 516 # Create iptables rule file
517 517 install -o root -g root -m 644 files/iptables/iptables.rules $R/etc/iptables/iptables.rules
518 518
519 519 # Reload systemd configuration and enable iptables service
520 520 chroot_exec systemctl daemon-reload
521 521 chroot_exec systemctl enable iptables.service
522 522
523 523 if [ "$ENABLE_IPV6" = true ] ; then
524 524 # Create ip6tables systemd service
525 525 install -o root -g root -m 644 files/iptables/ip6tables.service $R/etc/systemd/system/ip6tables.service
526 526
527 527 # Create ip6tables file
528 528 install -o root -g root -m 755 files/iptables/flush-ip6tables.sh $R/etc/iptables/flush-ip6tables.sh
529 529
530 530 install -o root -g root -m 644 files/iptables/ip6tables.rules $R/etc/iptables/ip6tables.rules
531 531
532 532 # Reload systemd configuration and enable iptables service
533 533 chroot_exec systemctl daemon-reload
534 534 chroot_exec systemctl enable ip6tables.service
535 535 fi
536 536 fi
537 537
538 538 # Remove SSHD related iptables rules
539 539 if [ "$ENABLE_SSHD" = false ] ; then
540 540 sed -e '/^#/! {/SSH/ s/^/# /}' -i $R/etc/iptables/iptables.rules 2> /dev/null
541 541 sed -e '/^#/! {/SSH/ s/^/# /}' -i $R/etc/iptables/ip6tables.rules 2> /dev/null
542 542 fi
543 543
544 544 # Install gcc/c++ build environment inside the chroot
545 545 if [ "$ENABLE_UBOOT" = true ] || [ "$ENABLE_FBTURBO" = true ]; then
546 546 chroot_exec apt-get install -q -y --force-yes --no-install-recommends linux-compiler-gcc-4.9-arm g++ make bc
547 547 fi
548 548
549 549 # Fetch and build U-Boot bootloader
550 550 if [ "$ENABLE_UBOOT" = true ] ; then
551 551 # Fetch U-Boot bootloader sources
552 552 git -C $R/tmp clone git://git.denx.de/u-boot.git
553 553
554 554 # Build and install U-Boot inside chroot
555 555 chroot_exec make -C /tmp/u-boot/ rpi_2_defconfig all
556 556
557 557 # Copy compiled bootloader binary and set config.txt to load it
558 558 cp $R/tmp/u-boot/u-boot.bin $R/boot/firmware/
559 559 printf "\n# boot u-boot kernel\nkernel=u-boot.bin\n" >> $R/boot/firmware/config.txt
560 560
561 561 # Set U-Boot command file
562 562 cat <<EOM >$R/boot/firmware/uboot.mkimage
563 563 # Tell Linux that it is booting on a Raspberry Pi2
564 564 setenv machid 0x00000c42
565 565
566 566 # Set the kernel boot command line
567 567 setenv bootargs "earlyprintk ${CMDLINE}"
568 568
569 569 # Save these changes to u-boot's environment
570 570 saveenv
571 571
572 572 # Load the existing Linux kernel into RAM
573 573 fatload mmc 0:1 \${kernel_addr_r} kernel7.img
574 574
575 575 # Boot the kernel we have just loaded
576 576 bootz \${kernel_addr_r}
577 577 EOM
578 578
579 579 # Generate U-Boot image from command file
580 580 chroot_exec mkimage -A arm -O linux -T script -C none -a 0x00000000 -e 0x00000000 -n "RPi2 Boot Script" -d /boot/firmware/uboot.mkimage /boot/firmware/boot.scr
581 581 fi
582 582
583 583 # Fetch and build fbturbo Xorg driver
584 584 if [ "$ENABLE_FBTURBO" = true ] ; then
585 585 # Fetch fbturbo driver sources
586 586 git -C $R/tmp clone https://github.com/ssvb/xf86-video-fbturbo.git
587 587
588 588 # Install Xorg build dependencies
589 589 chroot_exec apt-get install -q -y --no-install-recommends xorg-dev xutils-dev x11proto-dri2-dev libltdl-dev libtool automake libdrm-dev
590 590
591 591 # Build and install fbturbo driver inside chroot
592 592 chroot_exec /bin/bash -c "cd /tmp/xf86-video-fbturbo; autoreconf -vi; ./configure --prefix=/usr; make; make install"
593 593
594 594 # Add fbturbo driver to Xorg configuration
595 595 cat <<EOM >$R/usr/share/X11/xorg.conf.d/99-fbturbo.conf
596 596 Section "Device"
597 597 Identifier "Allwinner A10/A13 FBDEV"
598 598 Driver "fbturbo"
599 599 Option "fbdev" "/dev/fb0"
600 600 Option "SwapbuffersWait" "true"
601 601 EndSection
602 602 EOM
603 603
604 604 # Remove Xorg build dependencies
605 605 chroot_exec apt-get -q -y purge --auto-remove xorg-dev xutils-dev x11proto-dri2-dev libltdl-dev libtool automake libdrm-dev
606 606 fi
607 607
608 608 # Remove gcc/c++ build environment from the chroot
609 609 if [ "$ENABLE_UBOOT" = true ] || [ "$ENABLE_FBTURBO" = true ]; then
610 610 chroot_exec apt-get -y -q purge --auto-remove bc binutils cpp cpp-4.9 g++ g++-4.9 gcc gcc-4.9 libasan1 libatomic1 libc-dev-bin libc6-dev libcloog-isl4 libgcc-4.9-dev libgomp1 libisl10 libmpc3 libmpfr4 libstdc++-4.9-dev libubsan0 linux-compiler-gcc-4.9-arm linux-libc-dev make
611 611 fi
612 612
613 613 # Clean cached downloads
614 614 chroot_exec apt-get -y clean
615 615 chroot_exec apt-get -y autoclean
616 616 chroot_exec apt-get -y autoremove
617 617
618 618 # Unmount mounted filesystems
619 619 umount -l $R/proc
620 620 umount -l $R/sys
621 621
622 622 # Clean up files
623 623 rm -f $R/etc/apt/sources.list.save
624 624 rm -f $R/etc/resolvconf/resolv.conf.d/original
625 625 rm -rf $R/run
626 626 mkdir -p $R/run
627 627 rm -f $R/etc/*-
628 628 rm -f $R/root/.bash_history
629 629 rm -rf $R/tmp/*
630 630 rm -f $R/var/lib/urandom/random-seed
631 631 [ -L $R/var/lib/dbus/machine-id ] || rm -f $R/var/lib/dbus/machine-id
632 632 rm -f $R/etc/machine-id
633 633 rm -fr $R/etc/apt/apt.conf.d/10proxy
634 634
635 635 # Calculate size of the chroot directory
636 636 CHROOT_SIZE=$(expr `du -s $R | awk '{ print $1 }'` / 1024)
637 637
638 638 # Calculate required image size
639 639 IMAGE_SIZE=`expr $(expr ${CHROOT_SIZE} / 1024 + 1) \* 1024`
640 640
641 641 # Calculate number of sectors for the partition
642 642 IMAGE_SECTORS=`expr $(expr ${IMAGE_SIZE} \* 1048576) / 512 - 133120`
643 643
644 644 # Prepare date string for image file name
645 645 DATE="$(date +%Y-%m-%d)"
646 646
647 647 # Prepare image file
648 648 dd if=/dev/zero of="$BASEDIR/${DATE}-debian-${RELEASE}.img" bs=1M count=1
649 649 dd if=/dev/zero of="$BASEDIR/${DATE}-debian-${RELEASE}.img" bs=1M count=0 seek=${IMAGE_SIZE}
650 650
651 651 # Write partition table
652 652 sfdisk -q -L -f "$BASEDIR/${DATE}-debian-${RELEASE}.img" <<EOM
653 653 unit: sectors
654 654
655 655 1 : start= 2048, size= 131072, Id= c, bootable
656 656 2 : start= 133120, size= ${IMAGE_SECTORS}, Id=83
657 657 3 : start= 0, size= 0, Id= 0
658 658 4 : start= 0, size= 0, Id= 0
659 659 EOM
660 660
661 661 # Set up temporary loop devices and build filesystems
662 662 VFAT_LOOP="$(losetup -o 1M --sizelimit 64M -f --show $BASEDIR/${DATE}-debian-${RELEASE}.img)"
663 663 EXT4_LOOP="$(losetup -o 65M --sizelimit `expr ${IMAGE_SIZE} - 64`M -f --show $BASEDIR/${DATE}-debian-${RELEASE}.img)"
664 664 mkfs.vfat "$VFAT_LOOP"
665 665 mkfs.ext4 "$EXT4_LOOP"
666 666
667 667 # Mount the temporary loop devices
668 668 mkdir -p "$BUILDDIR/mount"
669 669 mount "$EXT4_LOOP" "$BUILDDIR/mount"
670 670
671 671 mkdir -p "$BUILDDIR/mount/boot/firmware"
672 672 mount "$VFAT_LOOP" "$BUILDDIR/mount/boot/firmware"
673 673
674 674 # Copy all files from the chroot to the loop device mount point directory
675 675 rsync -a "$R/" "$BUILDDIR/mount/"
676 676
677 677 # Unmount all temporary loop devices and mount points
678 678 cleanup
679 679
680 680 # (optinal) create block map file for "bmaptool"
681 681 bmaptool create -o "$BASEDIR/${DATE}-debian-${RELEASE}.bmap" "$BASEDIR/${DATE}-debian-${RELEASE}.img"
682 682
683 683 # Image was successfully created
684 684 echo "$BASEDIR/${DATE}-debian-${RELEASE}.img (${IMAGE_SIZE})" ": successfully created"
General Comments 0
Vous devez vous connecter pour laisser un commentaire. Se connecter maintenant