##// END OF EJS Templates
update from master
Unknown -
r403:c99e540b9c7c
parent child
Show More
@@ -0,0 +1,53
1 #
2 # Setup videocore - Raspberry Userland
3 #
4
5 # Load utility functions
6 . ./functions.sh
7
8 if [ "$ENABLE_VIDEOCORE" = true ] ; then
9 # Copy existing videocore sources into chroot directory
10 if [ -n "$VIDEOCORESRC_DIR" ] && [ -d "$VIDEOCORESRC_DIR" ] ; then
11 # Copy local U-Boot sources
12 cp -r "${VIDEOCORESRC_DIR}" "${R}/tmp/userland"
13 else
14 # Create temporary directory for U-Boot sources
15 temp_dir=$(as_nobody mktemp -d)
16
17 # Fetch U-Boot sources
18 as_nobody git -C "${temp_dir}" clone "${VIDEOCORE_URL}"
19
20 # Copy downloaded U-Boot sources
21 mv "${temp_dir}/userland" "${R}/tmp/"
22
23 # Set permissions of the U-Boot sources
24 chown -R root:root "${R}/tmp/userland"
25
26 # Remove temporary directory for U-Boot sources
27 rm -fr "${temp_dir}"
28 fi
29
30 # Create build dir
31 mkdir "${R}"/tmp/userland/build
32
33 # push us to build directory
34 pushd "${R}"/tmp/userland/build
35
36 if [ "$RELEASE_ARCH" = "arm64" ] ; then
37 cmake -DCMAKE_SYSTEM_NAME=Linux -DCMAKE_BUILD_TYPE=release -DARM64=ON -DCMAKE_C_COMPILER=aarch64-linux-gnu-gcc -DCMAKE_CXX_COMPILER=aarch64-linux-gnu-g++ -DCMAKE_ASM_COMPILER=aarch64-linux-gnu-gcc -DCMAKE_C_FLAGS="${CMAKE_C_FLAGS} -U_FORTIFY_SOURCE" -DCMAKE_ASM_FLAGS="${CMAKE_ASM_FLAGS} -c" -DVIDEOCORE_BUILD_DIR="${R}" "${R}/tmp/userland"
38 fi
39
40 if [ "$RELEASE_ARCH" = "armel" ] ; then
41 cmake -DCMAKE_SYSTEM_NAME=Linux -DCMAKE_BUILD_TYPE=release -DCMAKE_C_COMPILER=arm-linux-gnueabi-gcc -DCMAKE_CXX_COMPILER=arm-linux-gnueabi-g++ -DCMAKE_ASM_COMPILER=arm-linux-gnueabi-gcc -DCMAKE_C_FLAGS="${CMAKE_C_FLAGS} -U_FORTIFY_SOURCE" -DCMAKE_ASM_FLAGS="${CMAKE_ASM_FLAGS} -c" -DCMAKE_SYSTEM_PROCESSOR="arm" -DVIDEOCORE_BUILD_DIR="${R}" "${R}/tmp/userland"
42 fi
43
44 if [ "$RELEASE_ARCH" = "armhf" ] ; then
45 cmake -DCMAKE_SYSTEM_NAME=Linux -DCMAKE_BUILD_TYPE=release -DCMAKE_TOOLCHAIN_FILE="${R}"/tmp/userland/makefiles/cmake/toolchains/arm-linux-gnueabihf.cmake -DVIDEOCORE_BUILD_DIR="${R}" "${R}/tmp/userland"
46 fi
47
48 #build userland
49 make -j "$(nproc)"
50
51 #pop us out of build dir
52 popd
53 fi
@@ -0,0 +1,21
1 add table ip filter
2 add chain ip filter INPUT { type filter hook input priority 0; }
3 add chain ip filter FORWARD { type filter hook forward priority 0; }
4 add chain ip filter OUTPUT { type filter hook output priority 0; }
5 add chain ip filter TCP
6 add chain ip filter UDP
7 add chain ip filter SSH
8 add rule ip filter INPUT icmp type echo-request limit rate 30/minute burst 8 packets counter accept
9 add rule ip filter INPUT icmp type echo-request counter drop
10 add rule ip filter INPUT ct state related,established counter accept
11 add rule ip filter INPUT iifname lo counter accept
12 add rule ip filter INPUT ct state invalid counter drop
13 add rule ip filter INPUT tcp dport 22 ct state new counter jump SSH
14 # -t filter -A SSH -m recent --name sshbf --rttl --rcheck --hitcount 3 --seconds 10 -j DROP
15 # -t filter -A SSH -m recent --name sshbf --rttl --rcheck --hitcount 20 --seconds 1800 -j DROP
16 # -t filter -A SSH -m recent --name sshbf --set -j ACCEPT
17 add rule ip filter INPUT ip protocol udp ct state new counter jump UDP
18 add rule ip filter INPUT tcp flags & fin|syn|rst|ack == syn ct state new counter jump TCP
19 add rule ip filter INPUT ip protocol udp counter reject
20 add rule ip filter INPUT ip protocol tcp counter reject with tcp reset
21 add rule ip filter INPUT counter reject with icmp type prot-unreachable
@@ -0,0 +1,24
1 add table ip6 filter
2 add chain ip6 filter INPUT { type filter hook input priority 0; }
3 add chain ip6 filter FORWARD { type filter hook forward priority 0; }
4 add chain ip6 filter OUTPUT { type filter hook output priority 0; }
5 add chain ip6 filter TCP
6 add chain ip6 filter UDP
7 add chain ip6 filter SSH
8 add rule ip6 filter INPUT rt type 0 counter drop
9 add rule ip6 filter OUTPUT rt type 0 counter drop
10 add rule ip6 filter FORWARD rt type 0 counter drop
11 add rule ip6 filter INPUT meta l4proto ipv6-icmp icmpv6 type echo-request limit rate 30/minute burst 8 packets counter accept
12 add rule ip6 filter INPUT meta l4proto ipv6-icmp icmpv6 type echo-request counter drop
13 add rule ip6 filter INPUT ct state related,established counter accept
14 add rule ip6 filter INPUT iifname lo counter accept
15 add rule ip6 filter INPUT ct state invalid counter drop
16 add rule ip6 filter INPUT tcp dport 22 ct state new counter jump SSH
17 # -t filter -A SSH -m recent --name sshbf --rttl --rcheck --hitcount 3 --seconds 10 -j DROP
18 # -t filter -A SSH -m recent --name sshbf --rttl --rcheck --hitcount 20 --seconds 1800 -j DROP
19 # -t filter -A SSH -m recent --name sshbf --set -j ACCEPT
20 add rule ip6 filter INPUT meta l4proto udp ct state new counter jump UDP
21 add rule ip6 filter INPUT tcp flags & fin|syn|rst|ack == syn ct state new counter jump TCP
22 add rule ip6 filter INPUT meta l4proto udp counter reject with icmpv6 type admin-prohibited
23 add rule ip6 filter INPUT meta l4proto tcp counter reject with icmpv6 type admin-prohibited
24 add rule ip6 filter INPUT counter reject with icmpv6 type admin-prohibited
@@ -0,0 +1,15
1 # Configuration template file used by rpi23-gen-image.sh
2 # Debian Stretch using the Arm64 for kernel compilation and Debian distribution.
3
4 RPI_MODEL=3
5 RELEASE=stretch
6 BUILD_KERNEL=true
7 KERNEL_ARCH=arm64
8 RELEASE_ARCH=arm64
9 CROSS_COMPILE=aarch64-linux-gnu-
10 QEMU_BINARY=/usr/bin/qemu-aarch64-static
11 KERNEL_DEFCONFIG=bcmrpi3_defconfig
12 KERNEL_BIN_IMAGE=Image
13 KERNEL_IMAGE=kernel8.img
14 KERNEL_BRANCH=rpi-4.14.y
15 ENABLE_WIRELESS=true
@@ -1,39 +1,33
1 #
1 #
2 # Setup APT repositories
2 # Setup APT repositories
3 #
3 #
4
4
5 # Load utility functions
5 # Load utility functions
6 . ./functions.sh
6 . ./functions.sh
7
7
8 # Install and setup APT proxy configuration
8 # Install and setup APT proxy configuration
9 if [ -z "$APT_PROXY" ] ; then
9 if [ -z "$APT_PROXY" ] ; then
10 install_readonly files/apt/10proxy "${ETC_DIR}/apt/apt.conf.d/10proxy"
10 install_readonly files/apt/10proxy "${ETC_DIR}/apt/apt.conf.d/10proxy"
11 sed -i "s/\"\"/\"${APT_PROXY}\"/" "${ETC_DIR}/apt/apt.conf.d/10proxy"
11 sed -i "s/\"\"/\"${APT_PROXY}\"/" "${ETC_DIR}/apt/apt.conf.d/10proxy"
12 fi
12 fi
13
13
14 #if [ "$BUILD_KERNEL" = false ] ; then
15 # echo "Downloading precompiled kernel"
16 # echo "error: not configured"
17 # exit 1;
18 # BUILD_KERNEL=true
19 #else
20 # echo "No precompiled kernel repositories were added"
21 #fi
22
23 # Upgrade package index and update all installed packages and changed dependencies
14 # Upgrade package index and update all installed packages and changed dependencies
24 chroot_exec apt-get -qq -y update
15 chroot_exec apt-get -qq -y update
25 chroot_exec apt-get -qq -y -u dist-upgrade
16 chroot_exec apt-get -qq -y -u dist-upgrade
26
17
18 # Install additional packages
27 if [ "$APT_INCLUDES_LATE" ] ; then
19 if [ "$APT_INCLUDES_LATE" ] ; then
28 chroot_exec apt-get -qq -y install "$(echo "$APT_INCLUDES_LATE" |tr , ' ')"
20 chroot_exec apt-get -qq -y install "$(echo "$APT_INCLUDES_LATE" |tr , ' ')"
29 fi
21 fi
30
22
23 # Install Debian custom packages
31 if [ -d packages ] ; then
24 if [ -d packages ] ; then
32 for package in packages/*.deb ; do
25 for package in packages/*.deb ; do
33 cp "$package" "${R}"/tmp
26 cp "$package" "${R}"/tmp
34 chroot_exec dpkg --unpack /tmp/"$(basename "$package")"
27 chroot_exec dpkg --unpack /tmp/"$(basename "$package")"
35 done
28 done
36 fi
29 fi
30
37 chroot_exec apt-get -qq -y -f install
31 chroot_exec apt-get -qq -y -f install
38
32
39 chroot_exec apt-get -qq -y check
33 chroot_exec apt-get -qq -y check
@@ -1,133 +1,134
1 #
1 #
2 # Setup Networking
2 # Setup Networking
3 #
3 #
4
4
5 # Load utility functions
5 # Load utility functions
6 . ./functions.sh
6 . ./functions.sh
7
7
8 # Install and setup hostname
8 # Install and setup hostname
9 install_readonly files/network/hostname "${ETC_DIR}/hostname"
9 install_readonly files/network/hostname "${ETC_DIR}/hostname"
10 sed -i "s/^RaspberryPI/${HOSTNAME}/" "${ETC_DIR}/hostname"
10 sed -i "s/^RaspberryPI/${HOSTNAME}/" "${ETC_DIR}/hostname"
11
11
12 # Install and setup hosts
12 # Install and setup hosts
13 install_readonly files/network/hosts "${ETC_DIR}/hosts"
13 install_readonly files/network/hosts "${ETC_DIR}/hosts"
14 sed -i "s/RaspberryPI/${HOSTNAME}/" "${ETC_DIR}/hosts"
14 sed -i "s/RaspberryPI/${HOSTNAME}/" "${ETC_DIR}/hosts"
15
15
16 # Setup hostname entry with static IP
16 # Setup hostname entry with static IP
17 if [ "$NET_ADDRESS" != "" ] ; then
17 if [ "$NET_ADDRESS" != "" ] ; then
18 NET_IP=$(echo "${NET_ADDRESS}" | cut -f 1 -d'/')
18 NET_IP=$(echo "${NET_ADDRESS}" | cut -f 1 -d'/')
19 sed -i "s/^127.0.1.1/${NET_IP}/" "${ETC_DIR}/hosts"
19 sed -i "s/^127.0.1.1/${NET_IP}/" "${ETC_DIR}/hosts"
20 fi
20 fi
21
21
22 # Remove IPv6 hosts
22 # Remove IPv6 hosts
23 if [ "$ENABLE_IPV6" = false ] ; then
23 if [ "$ENABLE_IPV6" = false ] ; then
24 sed -i -e "/::[1-9]/d" -e "/^$/d" "${ETC_DIR}/hosts"
24 sed -i -e "/::[1-9]/d" -e "/^$/d" "${ETC_DIR}/hosts"
25 fi
25 fi
26
26
27 # Install hint about network configuration
27 # Install hint about network configuration
28 install_readonly files/network/interfaces "${ETC_DIR}/network/interfaces"
28 install_readonly files/network/interfaces "${ETC_DIR}/network/interfaces"
29
29
30 # Install configuration for interface eth0
30 # Install configuration for interface eth0
31 install_readonly files/network/eth.network "${ETC_DIR}/systemd/network/eth.network"
31 install_readonly files/network/eth.network "${ETC_DIR}/systemd/network/eth.network"
32
32
33 # Install configuration for interface wl*
33 # Install configuration for interface wl*
34 install_readonly files/network/wlan.network "${ETC_DIR}/systemd/network/wlan.network"
34 install_readonly files/network/wlan.network "${ETC_DIR}/systemd/network/wlan.network"
35
35
36 #always with dhcp since wpa_supplicant integration is missing
36 #always with dhcp since wpa_supplicant integration is missing
37 sed -i -e "s/DHCP=.*/DHCP=yes/" -e "/DHCP/q" "${ETC_DIR}/systemd/network/wlan.network"
37 sed -i -e "s/DHCP=.*/DHCP=yes/" -e "/DHCP/q" "${ETC_DIR}/systemd/network/wlan.network"
38
38
39 if [ "$ENABLE_DHCP" = true ] ; then
39 if [ "$ENABLE_DHCP" = true ] ; then
40 # Enable DHCP configuration for interface eth0
40 # Enable DHCP configuration for interface eth0
41 sed -i -e "s/DHCP=.*/DHCP=yes/" -e "/DHCP/q" "${ETC_DIR}/systemd/network/eth.network"
41 sed -i -e "s/DHCP=.*/DHCP=yes/" -e "/DHCP/q" "${ETC_DIR}/systemd/network/eth.network"
42
42
43 # Set DHCP configuration to IPv4 only
43 # Set DHCP configuration to IPv4 only
44 if [ "$ENABLE_IPV6" = false ] ; then
44 if [ "$ENABLE_IPV6" = false ] ; then
45 sed -i "s/DHCP=.*/DHCP=v4/" "${ETC_DIR}/systemd/network/eth.network"
45 sed -i "s/DHCP=.*/DHCP=v4/" "${ETC_DIR}/systemd/network/eth.network"
46 fi
46 fi
47
47
48 else # ENABLE_DHCP=false
48 else # ENABLE_DHCP=false
49 # Set static network configuration for interface eth0
49 # Set static network configuration for interface eth0
50 sed -i\
50 sed -i\
51 -e "s|DHCP=.*|DHCP=no|"\
51 -e "s|DHCP=.*|DHCP=no|"\
52 -e "s|Address=\$|Address=${NET_ADDRESS}|"\
52 -e "s|Address=\$|Address=${NET_ADDRESS}|"\
53 -e "s|Gateway=\$|Gateway=${NET_GATEWAY}|"\
53 -e "s|Gateway=\$|Gateway=${NET_GATEWAY}|"\
54 -e "0,/DNS=\$/ s|DNS=\$|DNS=${NET_DNS_1}|"\
54 -e "0,/DNS=\$/ s|DNS=\$|DNS=${NET_DNS_1}|"\
55 -e "0,/DNS=\$/ s|DNS=\$|DNS=${NET_DNS_2}|"\
55 -e "0,/DNS=\$/ s|DNS=\$|DNS=${NET_DNS_2}|"\
56 -e "s|Domains=\$|Domains=${NET_DNS_DOMAINS}|"\
56 -e "s|Domains=\$|Domains=${NET_DNS_DOMAINS}|"\
57 -e "0,/NTP=\$/ s|NTP=\$|NTP=${NET_NTP_1}|"\
57 -e "0,/NTP=\$/ s|NTP=\$|NTP=${NET_NTP_1}|"\
58 -e "0,/NTP=\$/ s|NTP=\$|NTP=${NET_NTP_2}|"\
58 -e "0,/NTP=\$/ s|NTP=\$|NTP=${NET_NTP_2}|"\
59 "${ETC_DIR}/systemd/network/eth.network"
59 "${ETC_DIR}/systemd/network/eth.network"
60 fi
60 fi
61
61
62 # Remove empty settings from network configuration
62 # Remove empty settings from network configuration
63 sed -i "/.*=\$/d" "${ETC_DIR}/systemd/network/eth.network"
63 sed -i "/.*=\$/d" "${ETC_DIR}/systemd/network/eth.network"
64 # Remove empty settings from wlan configuration
64 # Remove empty settings from wlan configuration
65 sed -i "/.*=\$/d" "${ETC_DIR}/systemd/network/wlan.network"
65 sed -i "/.*=\$/d" "${ETC_DIR}/systemd/network/wlan.network"
66
66
67 # Move systemd network configuration if required by Debian release
67 # Move systemd network configuration if required by Debian release
68 mv -v "${ETC_DIR}/systemd/network/eth.network" "${LIB_DIR}/systemd/network/10-eth.network"
68 mv -v "${ETC_DIR}/systemd/network/eth.network" "${LIB_DIR}/systemd/network/10-eth.network"
69 # If WLAN is enabled copy wlan configuration too
69 # If WLAN is enabled copy wlan configuration too
70 if [ "$ENABLE_WIRELESS" = true ] ; then
70 if [ "$ENABLE_WIRELESS" = true ] ; then
71 mv -v "${ETC_DIR}/systemd/network/wlan.network" "${LIB_DIR}/systemd/network/11-wlan.network"
71 mv -v "${ETC_DIR}/systemd/network/wlan.network" "${LIB_DIR}/systemd/network/11-wlan.network"
72 fi
72 fi
73 rm -fr "${ETC_DIR}/systemd/network"
73 rm -fr "${ETC_DIR}/systemd/network"
74
74
75 # Enable systemd-networkd service
75 # Enable systemd-networkd service
76 chroot_exec systemctl enable systemd-networkd
76 chroot_exec systemctl enable systemd-networkd
77
77
78 # Install host.conf resolver configuration
78 # Install host.conf resolver configuration
79 install_readonly files/network/host.conf "${ETC_DIR}/host.conf"
79 install_readonly files/network/host.conf "${ETC_DIR}/host.conf"
80
80
81 # Enable network stack hardening
81 # Enable network stack hardening
82 if [ "$ENABLE_HARDNET" = true ] ; then
82 if [ "$ENABLE_HARDNET" = true ] ; then
83 # Install sysctl.d configuration files
83 # Install sysctl.d configuration files
84 install_readonly files/sysctl.d/82-rpi-net-hardening.conf "${ETC_DIR}/sysctl.d/82-rpi-net-hardening.conf"
84 install_readonly files/sysctl.d/82-rpi-net-hardening.conf "${ETC_DIR}/sysctl.d/82-rpi-net-hardening.conf"
85
85
86 # Setup resolver warnings about spoofed addresses
86 # Setup resolver warnings about spoofed addresses
87 sed -i "s/^# spoof warn/spoof warn/" "${ETC_DIR}/host.conf"
87 sed -i "s/^# spoof warn/spoof warn/" "${ETC_DIR}/host.conf"
88 fi
88 fi
89
89
90 # Enable time sync
90 # Enable time sync
91 if [ "$NET_NTP_1" != "" ] ; then
91 if [ "$NET_NTP_1" != "" ] ; then
92 chroot_exec systemctl enable systemd-timesyncd.service
92 chroot_exec systemctl enable systemd-timesyncd.service
93 fi
93 fi
94
94
95 # Download the firmware binary blob required to use the RPi3 wireless interface
95 # Download the firmware binary blob required to use the RPi3 wireless interface
96 if [ "$ENABLE_WIRELESS" = true ] ; then
96 if [ "$ENABLE_WIRELESS" = true ] ; then
97 if [ ! -d "${WLAN_FIRMWARE_DIR}" ] ; then
97 if [ ! -d "${WLAN_FIRMWARE_DIR}" ] ; then
98 mkdir -p "${WLAN_FIRMWARE_DIR}"
98 mkdir -p "${WLAN_FIRMWARE_DIR}"
99 fi
99 fi
100
100
101 # Create temporary directory for firmware binary blob
101 # Create temporary directory for firmware binary blob
102 temp_dir=$(as_nobody mktemp -d)
102 temp_dir=$(as_nobody mktemp -d)
103
103
104 # Fetch firmware binary blob for RPI3B+
104 # Fetch firmware binary blob for RPI3B+
105 if [ "$RPI_MODEL" = 3P ] ; then
105 if [ "$RPI_MODEL" = 3P ] ; then
106 # Fetch firmware binary blob for RPi3P
106 as_nobody wget -q -O "${temp_dir}/brcmfmac43455-sdio.bin" "${WLAN_FIRMWARE_URL}/brcmfmac43455-sdio.bin"
107 as_nobody wget -q -O "${temp_dir}/brcmfmac43455-sdio.bin" "${WLAN_FIRMWARE_URL}/brcmfmac43455-sdio.bin"
107 as_nobody wget -q -O "${temp_dir}/brcmfmac43455-sdio.txt" "${WLAN_FIRMWARE_URL}/brcmfmac43455-sdio.txt"
108 as_nobody wget -q -O "${temp_dir}/brcmfmac43455-sdio.txt" "${WLAN_FIRMWARE_URL}/brcmfmac43455-sdio.txt"
108 as_nobody wget -q -O "${temp_dir}/brcmfmac43455-sdio.clm_blob" "${WLAN_FIRMWARE_URL}/brcmfmac43455-sdio.clm_blob"
109 as_nobody wget -q -O "${temp_dir}/brcmfmac43455-sdio.clm_blob" "${WLAN_FIRMWARE_URL}/brcmfmac43455-sdio.clm_blob"
109 elif [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 0 ] ; then
110 elif [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 0 ] ; then
110 # Fetch firmware binary blob for RPI3
111 # Fetch firmware binary blob for RPi3
111 as_nobody wget -q -O "${temp_dir}/brcmfmac43430-sdio.bin" "${WLAN_FIRMWARE_URL}/brcmfmac43430-sdio.bin"
112 as_nobody wget -q -O "${temp_dir}/brcmfmac43430-sdio.bin" "${WLAN_FIRMWARE_URL}/brcmfmac43430-sdio.bin"
112 as_nobody wget -q -O "${temp_dir}/brcmfmac43430-sdio.txt" "${WLAN_FIRMWARE_URL}/brcmfmac43430-sdio.txt"
113 as_nobody wget -q -O "${temp_dir}/brcmfmac43430-sdio.txt" "${WLAN_FIRMWARE_URL}/brcmfmac43430-sdio.txt"
113 fi
114 fi
114
115
115 # Move downloaded firmware binary blob
116 # Move downloaded firmware binary blob
116 if [ "$RPI_MODEL" = 3P ] ; then
117 if [ "$RPI_MODEL" = 3P ] ; then
117 mv "${temp_dir}/brcmfmac43455-sdio."* "${WLAN_FIRMWARE_DIR}/"
118 mv "${temp_dir}/brcmfmac43455-sdio."* "${WLAN_FIRMWARE_DIR}/"
118 elif [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 0 ] ; then
119 elif [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 0 ] ; then
119 mv "${temp_dir}/brcmfmac43430-sdio."* "${WLAN_FIRMWARE_DIR}/"
120 mv "${temp_dir}/brcmfmac43430-sdio."* "${WLAN_FIRMWARE_DIR}/"
120 fi
121 fi
121
122
122 # Remove temporary directory for firmware binary blob
123 # Remove temporary directory for firmware binary blob
123 rm -fr "${temp_dir}"
124 rm -fr "${temp_dir}"
124
125
125 # Set permissions of the firmware binary blob
126 # Set permissions of the firmware binary blob
126 if [ "$RPI_MODEL" = 3P ] ; then
127 if [ "$RPI_MODEL" = 3P ] ; then
127 chown root:root "${WLAN_FIRMWARE_DIR}/brcmfmac43455-sdio."*
128 chown root:root "${WLAN_FIRMWARE_DIR}/brcmfmac43455-sdio."*
128 chmod 600 "${WLAN_FIRMWARE_DIR}/brcmfmac43455-sdio."*
129 chmod 600 "${WLAN_FIRMWARE_DIR}/brcmfmac43455-sdio."*
129 elif [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 0 ] ; then
130 elif [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 0 ] ; then
130 chown root:root "${WLAN_FIRMWARE_DIR}/brcmfmac43430-sdio."*
131 chown root:root "${WLAN_FIRMWARE_DIR}/brcmfmac43430-sdio."*
131 chmod 600 "${WLAN_FIRMWARE_DIR}/brcmfmac43430-sdio."*
132 chmod 600 "${WLAN_FIRMWARE_DIR}/brcmfmac43430-sdio."*
132 fi
133 fi
133 fi
134 fi
@@ -1,815 +1,821
1 #!/bin/sh
1 #!/bin/sh
2 ########################################################################
2 ########################################################################
3 # rpi23-gen-image.sh 2015-2017
3 # rpi23-gen-image.sh 2015-2017
4 #
4 #
5 # Advanced Debian "stretch" and "buster" bootstrap script for RPi2/3
5 # Advanced Debian "stretch" and "buster" bootstrap script for RPi2/3
6 #
6 #
7 # This program is free software; you can redistribute it and/or
7 # This program is free software; you can redistribute it and/or
8 # modify it under the terms of the GNU General Public License
8 # modify it under the terms of the GNU General Public License
9 # as published by the Free Software Foundation; either version 2
9 # as published by the Free Software Foundation; either version 2
10 # of the License, or (at your option) any later version.
10 # of the License, or (at your option) any later version.
11 #
11 #
12 # Copyright (C) 2015 Jan Wagner <mail@jwagner.eu>
12 # Copyright (C) 2015 Jan Wagner <mail@jwagner.eu>
13 #
13 #
14 # Big thanks for patches and enhancements by 20+ github contributors!
14 # Big thanks for patches and enhancements by 20+ github contributors!
15 ########################################################################
15 ########################################################################
16
16
17 # Are we running as root?
17 # Are we running as root?
18 if [ "$(id -u)" -ne "0" ] ; then
18 if [ "$(id -u)" -ne "0" ] ; then
19 echo "error: this script must be executed with root privileges!"
19 echo "error: this script must be executed with root privileges!"
20 exit 1
20 exit 1
21 fi
21 fi
22
22
23 # Check if ./functions.sh script exists
23 # Check if ./functions.sh script exists
24 if [ ! -r "./functions.sh" ] ; then
24 if [ ! -r "./functions.sh" ] ; then
25 echo "error: './functions.sh' required script not found!"
25 echo "error: './functions.sh' required script not found!"
26 exit 1
26 exit 1
27 fi
27 fi
28
28
29 # Load utility functions
29 # Load utility functions
30 . ./functions.sh
30 . ./functions.sh
31
31
32 # Load parameters from configuration template file
32 # Load parameters from configuration template file
33 if [ -n "$CONFIG_TEMPLATE" ] ; then
33 if [ -n "$CONFIG_TEMPLATE" ] ; then
34 use_template
34 use_template
35 fi
35 fi
36
36
37 # Introduce settings
37 # Introduce settings
38 set -e
38 set -e
39 echo -n -e "\n#\n# RPi2/3 Bootstrap Settings\n#\n"
39 echo -n -e "\n#\n# RPi2/3 Bootstrap Settings\n#\n"
40 set -x
40 set -x
41
41
42 # Raspberry Pi model configuration
42 # Raspberry Pi model configuration
43 RPI_MODEL=${RPI_MODEL:=2}
43 RPI_MODEL=${RPI_MODEL:=2}
44
44
45 # Debian release
45 # Debian release
46 RELEASE=${RELEASE:=buster}
46 RELEASE=${RELEASE:=buster}
47
47
48 #Kernel Branch
48 #Kernel Branch
49 KERNEL_BRANCH=${KERNEL_BRANCH:=""}
49 KERNEL_BRANCH=${KERNEL_BRANCH:=""}
50
50
51 # URLs
51 # URLs
52 KERNEL_URL=${KERNEL_URL:=https://github.com/raspberrypi/linux}
52 KERNEL_URL=${KERNEL_URL:=https://github.com/raspberrypi/linux}
53 FIRMWARE_URL=${FIRMWARE_URL:=https://github.com/raspberrypi/firmware/raw/master/boot}
53 FIRMWARE_URL=${FIRMWARE_URL:=https://github.com/raspberrypi/firmware/raw/master/boot}
54 WLAN_FIRMWARE_URL=${WLAN_FIRMWARE_URL:=https://github.com/RPi-Distro/firmware-nonfree/raw/master/brcm}
54 WLAN_FIRMWARE_URL=${WLAN_FIRMWARE_URL:=https://github.com/RPi-Distro/firmware-nonfree/raw/master/brcm}
55 COLLABORA_URL=${COLLABORA_URL:=https://repositories.collabora.co.uk/debian}
55 COLLABORA_URL=${COLLABORA_URL:=https://repositories.collabora.co.uk/debian}
56 FBTURBO_URL=${FBTURBO_URL:=https://github.com/ssvb/xf86-video-fbturbo.git}
56 FBTURBO_URL=${FBTURBO_URL:=https://github.com/ssvb/xf86-video-fbturbo.git}
57 UBOOT_URL=${UBOOT_URL:=https://git.denx.de/u-boot.git}
57 UBOOT_URL=${UBOOT_URL:=https://git.denx.de/u-boot.git}
58 VIDEOCORE_URL=${VIDEOCORE_URL:=https://github.com/raspberrypi/userland}
58 VIDEOCORE_URL=${VIDEOCORE_URL:=https://github.com/raspberrypi/userland}
59 #BIS= Kernel has KVM and zswap enabled
59 #BIS= Kernel has KVM and zswap enabled
60 RPI3_64_BIS_KERNEL_URL=${RPI3_64_BIS_KERNEL_URL:=https://github.com/sakaki-/bcmrpi3-kernel-bis/releases/download/4.14.80.20181113/bcmrpi3-kernel-bis-4.14.80.20181113.tar.xz}
60 RPI3_64_BIS_KERNEL_URL=${RPI3_64_BIS_KERNEL_URL:=https://github.com/sakaki-/bcmrpi3-kernel-bis/releases/download/4.14.80.20181113/bcmrpi3-kernel-bis-4.14.80.20181113.tar.xz}
61 #default bcmrpi3_defconfig target kernel
61 #default bcmrpi3_defconfig target kernel
62 RPI3_64_DEF_KERNEL_URL=${RPI3_64_DEF_KERNEL_URL:=https://github.com/sakaki-/bcmrpi3-kernel/releases/download/4.14.80.20181113/bcmrpi3-kernel-4.14.80.20181113.tar.xz}
62 RPI3_64_DEF_KERNEL_URL=${RPI3_64_DEF_KERNEL_URL:=https://github.com/sakaki-/bcmrpi3-kernel/releases/download/4.14.80.20181113/bcmrpi3-kernel-4.14.80.20181113.tar.xz}
63 #enhanced kernel
63 #enhanced kernel
64 RPI3_64_KERNEL_URL=${RPI3_64_KERNEL_URL:=$RPI3_64_BIS_KERNEL_URL}
64 RPI3_64_KERNEL_URL=${RPI3_64_KERNEL_URL:=$RPI3_64_BIS_KERNEL_URL}
65 BLUETOOTH_URL=${BLUETOOTH_URL:=https://github.com/RPi-Distro/pi-bluetooth.git}
65 BLUETOOTH_URL=${BLUETOOTH_URL:=https://github.com/RPi-Distro/pi-bluetooth.git}
66
66
67 # Build directories
67 # Build directories
68 BASEDIR=${BASEDIR:=$(pwd)/images/${RELEASE}}
68 BASEDIR=${BASEDIR:=$(pwd)/images/${RELEASE}}
69 BUILDDIR="${BASEDIR}/build"
69 BUILDDIR="${BASEDIR}/build"
70
70
71 # Prepare date string for default image file name
71 # Prepare date string for default image file name
72 DATE="$(date +%Y-%m-%d)"
72 DATE="$(date +%Y-%m-%d)"
73 if [ -z "$KERNEL_BRANCH" ] ; then
73 if [ -z "$KERNEL_BRANCH" ] ; then
74 IMAGE_NAME=${IMAGE_NAME:=${BASEDIR}/${DATE}-${KERNEL_ARCH}-CURRENT-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}}
74 IMAGE_NAME=${IMAGE_NAME:=${BASEDIR}/${DATE}-${KERNEL_ARCH}-CURRENT-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}}
75 else
75 else
76 IMAGE_NAME=${IMAGE_NAME:=${BASEDIR}/${DATE}-${KERNEL_ARCH}-${KERNEL_BRANCH}-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}}
76 IMAGE_NAME=${IMAGE_NAME:=${BASEDIR}/${DATE}-${KERNEL_ARCH}-${KERNEL_BRANCH}-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}}
77 fi
77 fi
78
78
79 # Chroot directories
79 # Chroot directories
80 R="${BUILDDIR}/chroot"
80 R="${BUILDDIR}/chroot"
81 ETC_DIR="${R}/etc"
81 ETC_DIR="${R}/etc"
82 LIB_DIR="${R}/lib"
82 LIB_DIR="${R}/lib"
83 BOOT_DIR="${R}/boot/firmware"
83 BOOT_DIR="${R}/boot/firmware"
84 KERNEL_DIR="${R}/usr/src/linux"
84 KERNEL_DIR="${R}/usr/src/linux"
85 WLAN_FIRMWARE_DIR="${LIB_DIR}/firmware/brcm"
85 WLAN_FIRMWARE_DIR="${LIB_DIR}/firmware/brcm"
86
86
87 # Firmware directory: Blank if download from github
87 # Firmware directory: Blank if download from github
88 RPI_FIRMWARE_DIR=${RPI_FIRMWARE_DIR:=""}
88 RPI_FIRMWARE_DIR=${RPI_FIRMWARE_DIR:=""}
89
89
90 # General settings
90 # General settings
91 SET_ARCH=${SET_ARCH:=32}
91 SET_ARCH=${SET_ARCH:=32}
92 HOSTNAME=${HOSTNAME:=rpi${RPI_MODEL}-${RELEASE}}
92 HOSTNAME=${HOSTNAME:=rpi${RPI_MODEL}-${RELEASE}}
93 PASSWORD=${PASSWORD:=raspberry}
93 PASSWORD=${PASSWORD:=raspberry}
94 USER_PASSWORD=${USER_PASSWORD:=raspberry}
94 USER_PASSWORD=${USER_PASSWORD:=raspberry}
95 DEFLOCAL=${DEFLOCAL:="en_US.UTF-8"}
95 DEFLOCAL=${DEFLOCAL:="en_US.UTF-8"}
96 TIMEZONE=${TIMEZONE:="Europe/Berlin"}
96 TIMEZONE=${TIMEZONE:="Europe/Berlin"}
97 EXPANDROOT=${EXPANDROOT:=true}
97 EXPANDROOT=${EXPANDROOT:=true}
98
98
99 # Keyboard settings
99 # Keyboard settings
100 XKB_MODEL=${XKB_MODEL:=""}
100 XKB_MODEL=${XKB_MODEL:=""}
101 XKB_LAYOUT=${XKB_LAYOUT:=""}
101 XKB_LAYOUT=${XKB_LAYOUT:=""}
102 XKB_VARIANT=${XKB_VARIANT:=""}
102 XKB_VARIANT=${XKB_VARIANT:=""}
103 XKB_OPTIONS=${XKB_OPTIONS:=""}
103 XKB_OPTIONS=${XKB_OPTIONS:=""}
104
104
105 # Network settings (DHCP)
105 # Network settings (DHCP)
106 ENABLE_DHCP=${ENABLE_DHCP:=true}
106 ENABLE_DHCP=${ENABLE_DHCP:=true}
107
107
108 # Network settings (static)
108 # Network settings (static)
109 NET_ADDRESS=${NET_ADDRESS:=""}
109 NET_ADDRESS=${NET_ADDRESS:=""}
110 NET_GATEWAY=${NET_GATEWAY:=""}
110 NET_GATEWAY=${NET_GATEWAY:=""}
111 NET_DNS_1=${NET_DNS_1:=""}
111 NET_DNS_1=${NET_DNS_1:=""}
112 NET_DNS_2=${NET_DNS_2:=""}
112 NET_DNS_2=${NET_DNS_2:=""}
113 NET_DNS_DOMAINS=${NET_DNS_DOMAINS:=""}
113 NET_DNS_DOMAINS=${NET_DNS_DOMAINS:=""}
114 NET_NTP_1=${NET_NTP_1:=""}
114 NET_NTP_1=${NET_NTP_1:=""}
115 NET_NTP_2=${NET_NTP_2:=""}
115 NET_NTP_2=${NET_NTP_2:=""}
116
116
117 # APT settings
117 # APT settings
118 APT_PROXY=${APT_PROXY:=""}
118 APT_PROXY=${APT_PROXY:=""}
119 APT_SERVER=${APT_SERVER:="ftp.debian.org"}
119 APT_SERVER=${APT_SERVER:="ftp.debian.org"}
120
120
121 # Feature settings
121 # Feature settings
122 ENABLE_CONSOLE=${ENABLE_CONSOLE:=true}
122 ENABLE_CONSOLE=${ENABLE_CONSOLE:=true}
123 ENABLE_I2C=${ENABLE_I2C:=false}
123 ENABLE_I2C=${ENABLE_I2C:=false}
124 ENABLE_SPI=${ENABLE_SPI:=false}
124 ENABLE_SPI=${ENABLE_SPI:=false}
125 ENABLE_IPV6=${ENABLE_IPV6:=true}
125 ENABLE_IPV6=${ENABLE_IPV6:=true}
126 ENABLE_SSHD=${ENABLE_SSHD:=true}
126 ENABLE_SSHD=${ENABLE_SSHD:=true}
127 ENABLE_NONFREE=${ENABLE_NONFREE:=false}
127 ENABLE_NONFREE=${ENABLE_NONFREE:=false}
128 ENABLE_WIRELESS=${ENABLE_WIRELESS:=false}
128 ENABLE_WIRELESS=${ENABLE_WIRELESS:=false}
129 ENABLE_SOUND=${ENABLE_SOUND:=true}
129 ENABLE_SOUND=${ENABLE_SOUND:=true}
130 ENABLE_DBUS=${ENABLE_DBUS:=true}
130 ENABLE_DBUS=${ENABLE_DBUS:=true}
131 ENABLE_HWRANDOM=${ENABLE_HWRANDOM:=true}
131 ENABLE_HWRANDOM=${ENABLE_HWRANDOM:=true}
132 ENABLE_MINGPU=${ENABLE_MINGPU:=false}
132 ENABLE_MINGPU=${ENABLE_MINGPU:=false}
133 ENABLE_XORG=${ENABLE_XORG:=false}
133 ENABLE_XORG=${ENABLE_XORG:=false}
134 ENABLE_WM=${ENABLE_WM:=""}
134 ENABLE_WM=${ENABLE_WM:=""}
135 ENABLE_RSYSLOG=${ENABLE_RSYSLOG:=true}
135 ENABLE_RSYSLOG=${ENABLE_RSYSLOG:=true}
136 ENABLE_USER=${ENABLE_USER:=true}
136 ENABLE_USER=${ENABLE_USER:=true}
137 USER_NAME=${USER_NAME:="pi"}
137 USER_NAME=${USER_NAME:="pi"}
138 ENABLE_ROOT=${ENABLE_ROOT:=false}
138 ENABLE_ROOT=${ENABLE_ROOT:=false}
139 ENABLE_QEMU=${ENABLE_QEMU:=false}
139 ENABLE_QEMU=${ENABLE_QEMU:=false}
140 ENABLE_SYSVINIT=${ENABLE_SYSVINIT:=false}
140 ENABLE_SYSVINIT=${ENABLE_SYSVINIT:=false}
141
141
142 # SSH settings
142 # SSH settings
143 SSH_ENABLE_ROOT=${SSH_ENABLE_ROOT:=false}
143 SSH_ENABLE_ROOT=${SSH_ENABLE_ROOT:=false}
144 SSH_DISABLE_PASSWORD_AUTH=${SSH_DISABLE_PASSWORD_AUTH:=false}
144 SSH_DISABLE_PASSWORD_AUTH=${SSH_DISABLE_PASSWORD_AUTH:=false}
145 SSH_LIMIT_USERS=${SSH_LIMIT_USERS:=false}
145 SSH_LIMIT_USERS=${SSH_LIMIT_USERS:=false}
146 SSH_ROOT_PUB_KEY=${SSH_ROOT_PUB_KEY:=""}
146 SSH_ROOT_PUB_KEY=${SSH_ROOT_PUB_KEY:=""}
147 SSH_USER_PUB_KEY=${SSH_USER_PUB_KEY:=""}
147 SSH_USER_PUB_KEY=${SSH_USER_PUB_KEY:=""}
148
148
149 # Advanced settings
149 # Advanced settings
150 ENABLE_MINBASE=${ENABLE_MINBASE:=false}
150 ENABLE_MINBASE=${ENABLE_MINBASE:=false}
151 ENABLE_REDUCE=${ENABLE_REDUCE:=false}
151 ENABLE_REDUCE=${ENABLE_REDUCE:=false}
152 ENABLE_UBOOT=${ENABLE_UBOOT:=false}
152 ENABLE_UBOOT=${ENABLE_UBOOT:=false}
153 UBOOTSRC_DIR=${UBOOTSRC_DIR:=""}
153 UBOOTSRC_DIR=${UBOOTSRC_DIR:=""}
154 ENABLE_UBOOTUSB=${ENABLE_UBOOTUSB=false}
154 ENABLE_UBOOTUSB=${ENABLE_UBOOTUSB=false}
155 ENABLE_FBTURBO=${ENABLE_FBTURBO:=false}
155 ENABLE_FBTURBO=${ENABLE_FBTURBO:=false}
156 ENABLE_VIDEOCORE=${ENABLE_VIDEOCORE:=true}
156 ENABLE_VIDEOCORE=${ENABLE_VIDEOCORE:=true}
157 VIDEOCORESRC_DIR=${VIDEOCORESRC_DIR:=""}
157 VIDEOCORESRC_DIR=${VIDEOCORESRC_DIR:=""}
158 FBTURBOSRC_DIR=${FBTURBOSRC_DIR:=""}
158 FBTURBOSRC_DIR=${FBTURBOSRC_DIR:=""}
159 ENABLE_HARDNET=${ENABLE_HARDNET:=false}
159 ENABLE_HARDNET=${ENABLE_HARDNET:=false}
160 ENABLE_IPTABLES=${ENABLE_IPTABLES:=false}
160 ENABLE_IPTABLES=${ENABLE_IPTABLES:=false}
161 ENABLE_SPLITFS=${ENABLE_SPLITFS:=false}
161 ENABLE_SPLITFS=${ENABLE_SPLITFS:=false}
162 ENABLE_INITRAMFS=${ENABLE_INITRAMFS:=false}
162 ENABLE_INITRAMFS=${ENABLE_INITRAMFS:=false}
163 ENABLE_IFNAMES=${ENABLE_IFNAMES:=true}
163 ENABLE_IFNAMES=${ENABLE_IFNAMES:=true}
164 DISABLE_UNDERVOLT_WARNINGS=${DISABLE_UNDERVOLT_WARNINGS:=}
164 DISABLE_UNDERVOLT_WARNINGS=${DISABLE_UNDERVOLT_WARNINGS:=}
165
165
166 # Kernel compilation settings
166 # Kernel compilation settings
167 BUILD_KERNEL=${BUILD_KERNEL:=true}
167 BUILD_KERNEL=${BUILD_KERNEL:=true}
168 KERNEL_REDUCE=${KERNEL_REDUCE:=false}
168 KERNEL_REDUCE=${KERNEL_REDUCE:=false}
169 KERNEL_THREADS=${KERNEL_THREADS:=1}
169 KERNEL_THREADS=${KERNEL_THREADS:=1}
170 KERNEL_HEADERS=${KERNEL_HEADERS:=true}
170 KERNEL_HEADERS=${KERNEL_HEADERS:=true}
171 KERNEL_MENUCONFIG=${KERNEL_MENUCONFIG:=false}
171 KERNEL_MENUCONFIG=${KERNEL_MENUCONFIG:=false}
172 KERNEL_REMOVESRC=${KERNEL_REMOVESRC:=true}
172 KERNEL_REMOVESRC=${KERNEL_REMOVESRC:=true}
173 KERNEL_OLDDEFCONFIG=${KERNEL_OLDDEFCONFIG:=false}
173 KERNEL_OLDDEFCONFIG=${KERNEL_OLDDEFCONFIG:=false}
174 KERNEL_CCACHE=${KERNEL_CCACHE:=false}
174 KERNEL_CCACHE=${KERNEL_CCACHE:=false}
175 KERNEL_ZSWAP=${KERNEL_ZSWAP:=false}
175 KERNEL_ZSWAP=${KERNEL_ZSWAP:=false}
176 KERNEL_VIRT=${KERNEL_VIRT:=false}
176 KERNEL_VIRT=${KERNEL_VIRT:=false}
177 KERNEL_BPF=${KERNEL_BPF:=true}
177 KERNEL_BPF=${KERNEL_BPF:=true}
178
178
179 # Kernel compilation from source directory settings
179 # Kernel compilation from source directory settings
180 KERNELSRC_DIR=${KERNELSRC_DIR:=""}
180 KERNELSRC_DIR=${KERNELSRC_DIR:=""}
181 KERNELSRC_CLEAN=${KERNELSRC_CLEAN:=false}
181 KERNELSRC_CLEAN=${KERNELSRC_CLEAN:=false}
182 KERNELSRC_CONFIG=${KERNELSRC_CONFIG:=true}
182 KERNELSRC_CONFIG=${KERNELSRC_CONFIG:=true}
183 KERNELSRC_PREBUILT=${KERNELSRC_PREBUILT:=false}
183 KERNELSRC_PREBUILT=${KERNELSRC_PREBUILT:=false}
184
184
185 # Reduce disk usage settings
185 # Reduce disk usage settings
186 REDUCE_APT=${REDUCE_APT:=true}
186 REDUCE_APT=${REDUCE_APT:=true}
187 REDUCE_DOC=${REDUCE_DOC:=true}
187 REDUCE_DOC=${REDUCE_DOC:=true}
188 REDUCE_MAN=${REDUCE_MAN:=true}
188 REDUCE_MAN=${REDUCE_MAN:=true}
189 REDUCE_VIM=${REDUCE_VIM:=false}
189 REDUCE_VIM=${REDUCE_VIM:=false}
190 REDUCE_BASH=${REDUCE_BASH:=false}
190 REDUCE_BASH=${REDUCE_BASH:=false}
191 REDUCE_HWDB=${REDUCE_HWDB:=true}
191 REDUCE_HWDB=${REDUCE_HWDB:=true}
192 REDUCE_SSHD=${REDUCE_SSHD:=true}
192 REDUCE_SSHD=${REDUCE_SSHD:=true}
193 REDUCE_LOCALE=${REDUCE_LOCALE:=true}
193 REDUCE_LOCALE=${REDUCE_LOCALE:=true}
194
194
195 # Encrypted filesystem settings
195 # Encrypted filesystem settings
196 ENABLE_CRYPTFS=${ENABLE_CRYPTFS:=false}
196 ENABLE_CRYPTFS=${ENABLE_CRYPTFS:=false}
197 CRYPTFS_PASSWORD=${CRYPTFS_PASSWORD:=""}
197 CRYPTFS_PASSWORD=${CRYPTFS_PASSWORD:=""}
198 CRYPTFS_MAPPING=${CRYPTFS_MAPPING:="secure"}
198 CRYPTFS_MAPPING=${CRYPTFS_MAPPING:="secure"}
199 CRYPTFS_CIPHER=${CRYPTFS_CIPHER:="aes-xts-plain64:sha512"}
199 CRYPTFS_CIPHER=${CRYPTFS_CIPHER:="aes-xts-plain64:sha512"}
200 CRYPTFS_XTSKEYSIZE=${CRYPTFS_XTSKEYSIZE:=512}
200 CRYPTFS_XTSKEYSIZE=${CRYPTFS_XTSKEYSIZE:=512}
201
201
202 # Chroot scripts directory
202 # Chroot scripts directory
203 CHROOT_SCRIPTS=${CHROOT_SCRIPTS:=""}
203 CHROOT_SCRIPTS=${CHROOT_SCRIPTS:=""}
204
204
205 # Packages required in the chroot build environment
205 # Packages required in the chroot build environment
206 APT_INCLUDES=${APT_INCLUDES:=""}
206 APT_INCLUDES=${APT_INCLUDES:=""}
207 APT_INCLUDES="${APT_INCLUDES},apt-transport-https,apt-utils,ca-certificates,debian-archive-keyring,dialog,sudo,systemd,sysvinit-utils,locales,keyboard-configuration,console-setup"
207 APT_INCLUDES="${APT_INCLUDES},apt-transport-https,apt-utils,ca-certificates,debian-archive-keyring,dialog,sudo,systemd,sysvinit-utils,locales,keyboard-configuration,console-setup"
208
208
209 #Packages to exclude from chroot build environment
209 #Packages to exclude from chroot build environment
210 APT_EXCLUDES=${APT_EXCLUDES:=""}
210 APT_EXCLUDES=${APT_EXCLUDES:=""}
211
211
212 # Packages required for bootstrapping
212 # Packages required for bootstrapping
213 REQUIRED_PACKAGES="debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git bc psmisc dbus sudo netselect-apt"
213 REQUIRED_PACKAGES="debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git bc psmisc dbus sudo netselect-apt"
214 MISSING_PACKAGES=""
214 MISSING_PACKAGES=""
215
215
216 # Packages installed for c/c++ build environment in chroot (keep empty)
216 # Packages installed for c/c++ build environment in chroot (keep empty)
217 COMPILER_PACKAGES=""
217 COMPILER_PACKAGES=""
218
218
219 #If init and systemd-sysv are wanted e.g. halt/reboot/shutdown scripts
219 #If init and systemd-sysv are wanted e.g. halt/reboot/shutdown scripts
220 if [ "$ENABLE_SYSVINIT" = false ] ; then
220 if [ "$ENABLE_SYSVINIT" = false ] ; then
221 APT_EXCLUDES="--exclude=${APT_EXCLUDES},init,systemd-sysv"
221 APT_EXCLUDES="--exclude=${APT_EXCLUDES},init,systemd-sysv"
222 fi
222 fi
223
223
224 #Check if apt-cacher-ng has its default port open on and set APT_PROXY
224 #Check if apt-cacher-ng has its default port open on and set APT_PROXY
225 if [ -n "$(lsof -i :3142)" ] ; then
225 if [ -n "$(lsof -i :3142)" ] ; then
226 HTTP_PROXY=http://127.0.0.1:3142/
226 HTTP_PROXY=http://127.0.0.1:3142/
227 fi
227 fi
228
228
229 #netselect-apt does not know buster yet
229 #netselect-apt does not know buster yet
230 if [ "$RELEASE" = "buster" ] ; then
230 if [ "$RELEASE" = "buster" ] ; then
231 RLS=testing
231 RLS=testing
232 else
232 else
233 RLS="$RELEASE"
233 RLS="$RELEASE"
234 fi
234 fi
235
235
236 if [ -f "$(pwd)/files/apt/sources.list" ] ; then
236 if [ -f "$(pwd)/files/apt/sources.list" ] ; then
237 rm "$(pwd)/files/apt/sources.list"
237 rm "$(pwd)/files/apt/sources.list"
238 fi
238 fi
239
239
240 if [ "$ENABLE_NONFREE" = true ] ; then
240 if [ "$ENABLE_NONFREE" = true ] ; then
241 netselect-apt --arch "$RELEASE_ARCH" --tests 10 --sources --nonfree --outfile "$(pwd)/files/apt/sources.list" -d "$RLS"
241 netselect-apt --arch "$RELEASE_ARCH" --tests 10 --sources --nonfree --outfile "$(pwd)/files/apt/sources.list" -d "$RLS"
242 else
242 else
243 netselect-apt --arch "$RELEASE_ARCH" --tests 10 --sources --outfile "$(pwd)/files/apt/sources.list" -d "$RLS"
243 netselect-apt --arch "$RELEASE_ARCH" --tests 10 --sources --outfile "$(pwd)/files/apt/sources.list" -d "$RLS"
244 fi
244 fi
245
245
246 #sed and cut the result string so we can use it as APT_SERVER
246 #sed and cut the result string so we can use it as APT_SERVER
247 APT_SERVER=$(grep -m 1 http files/apt/sources.list | sed "s|http://| |g" | cut -d ' ' -f 3 | sed 's|/$|''|')
247 APT_SERVER=$(grep -m 1 http files/apt/sources.list | sed "s|http://| |g" | cut -d ' ' -f 3 | sed 's|/$|''|')
248
248
249 #make script easier and more stable to use with convenient setup switch. Just setup SET_ARCH and RPI_MODEL and your good to go!
249 #make script easier and more stable to use with convenient setup switch. Just setup SET_ARCH and RPI_MODEL and your good to go!
250 if [ -n "$SET_ARCH" ] ; then
250 if [ -n "$SET_ARCH" ] ; then
251 echo "Setting Architecture specific settings"
251 echo "Setting Architecture specific settings"
252 ##################################
252 ##################################
253 # 64 bit config
253 # 64 bit config
254 ##################################
254 ##################################
255 if [ "$SET_ARCH" = 64 ] ; then
255 if [ "$SET_ARCH" = 64 ] ; then
256 # 64 bit depended settings
256 # General 64 bit depended settings
257 QEMU_BINARY=${QEMU_BINARY:=/usr/bin/qemu-aarch64-static}
257 QEMU_BINARY=${QEMU_BINARY:=/usr/bin/qemu-aarch64-static}
258 KERNEL_ARCH=${KERNEL_ARCH:=arm64}
258 KERNEL_ARCH=${KERNEL_ARCH:=arm64}
259 KERNEL_BIN_IMAGE=${KERNEL_BIN_IMAGE:="Image"}
259 KERNEL_BIN_IMAGE=${KERNEL_BIN_IMAGE:="Image"}
260
260
261 # Board specific settings
261 if [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then
262 if [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then
262 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-arm64"
263 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-arm64"
263 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcmrpi3_defconfig}
264 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcmrpi3_defconfig}
264 RELEASE_ARCH=${RELEASE_ARCH:=arm64}
265 RELEASE_ARCH=${RELEASE_ARCH:=arm64}
265 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel8.img}
266 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel8.img}
266 CROSS_COMPILE=${CROSS_COMPILE:=aarch64-linux-gnu-}
267 CROSS_COMPILE=${CROSS_COMPILE:=aarch64-linux-gnu-}
267 else
268 else
268 echo "error: Only Raspberry PI 3 and 3B+ support 64bit"
269 echo "error: Only Raspberry PI 3 and 3B+ support 64 bit"
269 exit 1
270 exit 1
270 fi
271 fi
271 fi
272 fi
272
273
273 ##################################
274 # 32 bit configuration
274 # 32 bit config
275 ##################################
276 if [ "$SET_ARCH" = 32 ] ; then
275 if [ "$SET_ARCH" = 32 ] ; then
277 #General 32bit configuration
276 # General 32 bit dependend settings
278 QEMU_BINARY=${QEMU_BINARY:=/usr/bin/qemu-arm-static}
277 QEMU_BINARY=${QEMU_BINARY:=/usr/bin/qemu-arm-static}
279 KERNEL_ARCH=${KERNEL_ARCH:=arm}
278 KERNEL_ARCH=${KERNEL_ARCH:=arm}
280 KERNEL_BIN_IMAGE=${KERNEL_BIN_IMAGE:="zImage"}
279 KERNEL_BIN_IMAGE=${KERNEL_BIN_IMAGE:="zImage"}
281
280
282 #Raspberry setting grouped by board compability
281 # Hardware specific settings
283 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 1 ] || [ "$RPI_MODEL" = 1P ] ; then
282 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 1 ] || [ "$RPI_MODEL" = 1P ] ; then
284 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-armel"
283 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-armel"
285 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcmrpi_defconfig}
284 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcmrpi_defconfig}
286 RELEASE_ARCH=${RELEASE_ARCH:=armel}
285 RELEASE_ARCH=${RELEASE_ARCH:=armel}
287 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel.img}
286 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel.img}
288 CROSS_COMPILE=${CROSS_COMPILE:=arm-linux-gnueabi-}
287 CROSS_COMPILE=${CROSS_COMPILE:=arm-linux-gnueabi-}
289 fi
288 fi
289
290 # Hardware specific settings
290 if [ "$RPI_MODEL" = 2 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then
291 if [ "$RPI_MODEL" = 2 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then
291 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-armhf"
292 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-armhf"
292 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcm2709_defconfig}
293 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcm2709_defconfig}
293 RELEASE_ARCH=${RELEASE_ARCH:=armhf}
294 RELEASE_ARCH=${RELEASE_ARCH:=armhf}
294 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel7.img}
295 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel7.img}
295 CROSS_COMPILE=${CROSS_COMPILE:=arm-linux-gnueabihf-}
296 CROSS_COMPILE=${CROSS_COMPILE:=arm-linux-gnueabihf-}
296 fi
297 fi
297 fi
298 fi
298 #SET_ARCH not set
299 #SET_ARCH not set
299 else
300 else
300 echo "error: Please set '32' or '64' as value for SET_ARCH"
301 echo "error: Please set '32' or '64' as value for SET_ARCH"
301 exit 1
302 exit 1
302 fi
303 fi
303
304 # Device specific configuration and U-Boot configuration
304 #Device specific configuration
305 case "$RPI_MODEL" in
305 case "$RPI_MODEL" in
306 0)
306 0)
307 DTB_FILE=${DTB_FILE:=bcm2708-rpi-0-w.dtb}
307 DTB_FILE=${DTB_FILE:=bcm2708-rpi-0-w.dtb}
308 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_defconfig}
308 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_defconfig}
309 ;;
309 ;;
310 1)
310 1)
311 DTB_FILE=${DTB_FILE:=bcm2708-rpi-b.dtb}
311 DTB_FILE=${DTB_FILE:=bcm2708-rpi-b.dtb}
312 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_defconfig}
312 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_defconfig}
313 ;;
313 ;;
314 1P)
314 1P)
315 DTB_FILE=${DTB_FILE:=bcm2708-rpi-b-plus.dtb}
315 DTB_FILE=${DTB_FILE:=bcm2708-rpi-b-plus.dtb}
316 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_defconfig}
316 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_defconfig}
317 ;;
317 ;;
318 2)
318 2)
319 DTB_FILE=${DTB_FILE:=bcm2709-rpi-2-b.dtb}
319 DTB_FILE=${DTB_FILE:=bcm2709-rpi-2-b.dtb}
320 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_2_defconfig}
320 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_2_defconfig}
321 ;;
321 ;;
322 3)
322 3)
323 DTB_FILE=${DTB_FILE:=bcm2710-rpi-3-b.dtb}
323 DTB_FILE=${DTB_FILE:=bcm2710-rpi-3-b.dtb}
324 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_3_defconfig}
324 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_3_defconfig}
325 ;;
325 ;;
326 3P)
326 3P)
327 DTB_FILE=${DTB_FILE:=bcm2710-rpi-3-b.dtb}
327 DTB_FILE=${DTB_FILE:=bcm2710-rpi-3-b.dtb}
328 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_3_defconfig}
328 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_3_defconfig}
329 ;;
329 ;;
330 *)
330 *)
331 echo "error: Raspberry Pi model $RPI_MODEL is not supported!"
331 echo "error: Raspberry Pi model $RPI_MODEL is not supported!"
332 exit 1
332 exit 1
333 ;;
333 ;;
334 esac
334 esac
335
335
336 #DEBUG off
336 #DEBUG off
337 set +x
337 set +x
338
338
339 # Check if the internal wireless interface is supported by the RPi model
339 # Check if the internal wireless interface is supported by the RPi model
340 if [ "$ENABLE_WIRELESS" = true ] ; then
340 if [ "$ENABLE_WIRELESS" = true ] ; then
341 if [ "$RPI_MODEL" = 1 ] || [ "$RPI_MODEL" = 1P ] || [ "$RPI_MODEL" = 2 ] ; then
341 if [ "$RPI_MODEL" = 1 ] || [ "$RPI_MODEL" = 1P ] || [ "$RPI_MODEL" = 2 ] ; then
342 echo "error: The selected Raspberry Pi model has no internal wireless interface"
342 echo "error: The selected Raspberry Pi model has no internal wireless interface"
343 exit 1
343 exit 1
344 fi
344 fi
345 fi
345 fi
346
346
347 # Check if DISABLE_UNDERVOLT_WARNINGS parameter value is supported
347 # Check if DISABLE_UNDERVOLT_WARNINGS parameter value is supported
348 if [ -n "$DISABLE_UNDERVOLT_WARNINGS" ] ; then
348 if [ -n "$DISABLE_UNDERVOLT_WARNINGS" ] ; then
349 if [ "$DISABLE_UNDERVOLT_WARNINGS" != 1 ] && [ "$DISABLE_UNDERVOLT_WARNINGS" != 2 ] ; then
349 if [ "$DISABLE_UNDERVOLT_WARNINGS" != 1 ] && [ "$DISABLE_UNDERVOLT_WARNINGS" != 2 ] ; then
350 echo "error: DISABLE_UNDERVOLT_WARNINGS=${DISABLE_UNDERVOLT_WARNINGS} is not supported"
350 echo "error: DISABLE_UNDERVOLT_WARNINGS=${DISABLE_UNDERVOLT_WARNINGS} is not supported"
351 exit 1
351 exit 1
352 fi
352 fi
353 fi
353 fi
354
354
355 # Add cmake to compile videocore sources
355 if [ "$ENABLE_VIDEOCORE" = true ] ; then
356 if [ "$ENABLE_VIDEOCORE" = true ] ; then
356 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} cmake"
357 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} cmake"
357 fi
358 fi
358
359
359 # Add libncurses5 to enable kernel menuconfig
360 # Add libncurses5 to enable kernel menuconfig
360 if [ "$KERNEL_MENUCONFIG" = true ] ; then
361 if [ "$KERNEL_MENUCONFIG" = true ] ; then
361 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} libncurses-dev"
362 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} libncurses-dev"
362 fi
363 fi
363
364
364 # Add ccache compiler cache for (faster) kernel cross (re)compilation
365 # Add ccache compiler cache for (faster) kernel cross (re)compilation
365 if [ "$KERNEL_CCACHE" = true ] ; then
366 if [ "$KERNEL_CCACHE" = true ] ; then
366 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} ccache"
367 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} ccache"
367 fi
368 fi
368
369
369 # Add cryptsetup package to enable filesystem encryption
370 # Add cryptsetup package to enable filesystem encryption
370 if [ "$ENABLE_CRYPTFS" = true ] && [ "$BUILD_KERNEL" = true ] ; then
371 if [ "$ENABLE_CRYPTFS" = true ] && [ "$BUILD_KERNEL" = true ] ; then
371 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} cryptsetup"
372 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} cryptsetup"
372 APT_INCLUDES="${APT_INCLUDES},cryptsetup,busybox,console-setup"
373 APT_INCLUDES="${APT_INCLUDES},cryptsetup,busybox,console-setup"
373
374
374 if [ -z "$CRYPTFS_PASSWORD" ] ; then
375 if [ -z "$CRYPTFS_PASSWORD" ] ; then
375 echo "error: no password defined (CRYPTFS_PASSWORD)!"
376 echo "error: no password defined (CRYPTFS_PASSWORD)!"
376 exit 1
377 exit 1
377 fi
378 fi
378 ENABLE_INITRAMFS=true
379 ENABLE_INITRAMFS=true
379 fi
380 fi
380
381
381 # Add initramfs generation tools
382 # Add initramfs generation tools
382 if [ "$ENABLE_INITRAMFS" = true ] && [ "$BUILD_KERNEL" = true ] ; then
383 if [ "$ENABLE_INITRAMFS" = true ] && [ "$BUILD_KERNEL" = true ] ; then
383 APT_INCLUDES="${APT_INCLUDES},initramfs-tools"
384 APT_INCLUDES="${APT_INCLUDES},initramfs-tools"
384 fi
385 fi
385
386
386 # Add device-tree-compiler required for building the U-Boot bootloader
387 # Add device-tree-compiler required for building the U-Boot bootloader
387 if [ "$ENABLE_UBOOT" = true ] ; then
388 if [ "$ENABLE_UBOOT" = true ] ; then
388 APT_INCLUDES="${APT_INCLUDES},device-tree-compiler,bison,flex,bc"
389 APT_INCLUDES="${APT_INCLUDES},device-tree-compiler,bison,flex,bc"
389 else
390 else
390 if [ "$ENABLE_UBOOTUSB" = true ] ; then
391 if [ "$ENABLE_UBOOTUSB" = true ] ; then
391 echo "error: Enabling UBOOTUSB requires u-boot to be enabled"
392 echo "error: Enabling UBOOTUSB requires u-boot to be enabled"
392 exit 1
393 exit 1
393 fi
394 fi
394 fi
395 fi
395
396
396 # Check if root SSH (v2) public key file exists
397 # Check if root SSH (v2) public key file exists
397 if [ -n "$SSH_ROOT_PUB_KEY" ] ; then
398 if [ -n "$SSH_ROOT_PUB_KEY" ] ; then
398 if [ ! -f "$SSH_ROOT_PUB_KEY" ] ; then
399 if [ ! -f "$SSH_ROOT_PUB_KEY" ] ; then
399 echo "error: '$SSH_ROOT_PUB_KEY' specified SSH public key file not found (SSH_ROOT_PUB_KEY)!"
400 echo "error: '$SSH_ROOT_PUB_KEY' specified SSH public key file not found (SSH_ROOT_PUB_KEY)!"
400 exit 1
401 exit 1
401 fi
402 fi
402 fi
403 fi
403
404
404 # Check if $USER_NAME SSH (v2) public key file exists
405 # Check if $USER_NAME SSH (v2) public key file exists
405 if [ -n "$SSH_USER_PUB_KEY" ] ; then
406 if [ -n "$SSH_USER_PUB_KEY" ] ; then
406 if [ ! -f "$SSH_USER_PUB_KEY" ] ; then
407 if [ ! -f "$SSH_USER_PUB_KEY" ] ; then
407 echo "error: '$SSH_USER_PUB_KEY' specified SSH public key file not found (SSH_USER_PUB_KEY)!"
408 echo "error: '$SSH_USER_PUB_KEY' specified SSH public key file not found (SSH_USER_PUB_KEY)!"
408 exit 1
409 exit 1
409 fi
410 fi
410 fi
411 fi
411
412
412 # Check if all required packages are installed on the build system
413 # Check if all required packages are installed on the build system
413 for package in $REQUIRED_PACKAGES ; do
414 for package in $REQUIRED_PACKAGES ; do
414 if [ "$(dpkg-query -W -f='${Status}' "$package")" != "install ok installed" ] ; then
415 if [ "$(dpkg-query -W -f='${Status}' "$package")" != "install ok installed" ] ; then
415 MISSING_PACKAGES="${MISSING_PACKAGES} $package"
416 MISSING_PACKAGES="${MISSING_PACKAGES} $package"
416 fi
417 fi
417 done
418 done
418
419
419 # If there are missing packages ask confirmation for install, or exit
420 # If there are missing packages ask confirmation for install, or exit
420 if [ -n "$MISSING_PACKAGES" ] ; then
421 if [ -n "$MISSING_PACKAGES" ] ; then
421 echo "the following packages needed by this script are not installed:"
422 echo "the following packages needed by this script are not installed:"
422 echo "$MISSING_PACKAGES"
423 echo "$MISSING_PACKAGES"
423
424
424 printf "\ndo you want to install the missing packages right now? [y/n] "
425 printf "\ndo you want to install the missing packages right now? [y/n] "
425 read -r confirm
426 read -r confirm
426 [ "$confirm" != "y" ] && exit 1
427 [ "$confirm" != "y" ] && exit 1
427
428
428 # Make sure all missing required packages are installed
429 # Make sure all missing required packages are installed
429 apt-get -qq -y install "${MISSING_PACKAGES}"
430 apt-get -qq -y install "${MISSING_PACKAGES}"
430 fi
431 fi
431
432
432 # Check if ./bootstrap.d directory exists
433 # Check if ./bootstrap.d directory exists
433 if [ ! -d "./bootstrap.d/" ] ; then
434 if [ ! -d "./bootstrap.d/" ] ; then
434 echo "error: './bootstrap.d' required directory not found!"
435 echo "error: './bootstrap.d' required directory not found!"
435 exit 1
436 exit 1
436 fi
437 fi
437
438
438 # Check if ./files directory exists
439 # Check if ./files directory exists
439 if [ ! -d "./files/" ] ; then
440 if [ ! -d "./files/" ] ; then
440 echo "error: './files' required directory not found!"
441 echo "error: './files' required directory not found!"
441 exit 1
442 exit 1
442 fi
443 fi
443
444
444 # Check if specified KERNELSRC_DIR directory exists
445 # Check if specified KERNELSRC_DIR directory exists
445 if [ -n "$KERNELSRC_DIR" ] && [ ! -d "$KERNELSRC_DIR" ] ; then
446 if [ -n "$KERNELSRC_DIR" ] && [ ! -d "$KERNELSRC_DIR" ] ; then
446 echo "error: '${KERNELSRC_DIR}' specified directory not found (KERNELSRC_DIR)!"
447 echo "error: '${KERNELSRC_DIR}' specified directory not found (KERNELSRC_DIR)!"
447 exit 1
448 exit 1
448 fi
449 fi
449
450
450 # Check if specified UBOOTSRC_DIR directory exists
451 # Check if specified UBOOTSRC_DIR directory exists
451 if [ -n "$UBOOTSRC_DIR" ] && [ ! -d "$UBOOTSRC_DIR" ] ; then
452 if [ -n "$UBOOTSRC_DIR" ] && [ ! -d "$UBOOTSRC_DIR" ] ; then
452 echo "error: '${UBOOTSRC_DIR}' specified directory not found (UBOOTSRC_DIR)!"
453 echo "error: '${UBOOTSRC_DIR}' specified directory not found (UBOOTSRC_DIR)!"
453 exit 1
454 exit 1
454 fi
455 fi
455
456
456 # Check if specified VIDEOCORESRC_DIR directory exists
457 # Check if specified VIDEOCORESRC_DIR directory exists
457 if [ -n "$VIDEOCORESRC_DIR" ] && [ ! -d "$VIDEOCORESRC_DIR" ] ; then
458 if [ -n "$VIDEOCORESRC_DIR" ] && [ ! -d "$VIDEOCORESRC_DIR" ] ; then
458 echo "error: '${VIDEOCORESRC_DIR}' specified directory not found (VIDEOCORESRC_DIR)!"
459 echo "error: '${VIDEOCORESRC_DIR}' specified directory not found (VIDEOCORESRC_DIR)!"
459 exit 1
460 exit 1
460 fi
461 fi
461
462
462 # Check if specified FBTURBOSRC_DIR directory exists
463 # Check if specified FBTURBOSRC_DIR directory exists
463 if [ -n "$FBTURBOSRC_DIR" ] && [ ! -d "$FBTURBOSRC_DIR" ] ; then
464 if [ -n "$FBTURBOSRC_DIR" ] && [ ! -d "$FBTURBOSRC_DIR" ] ; then
464 echo "error: '${FBTURBOSRC_DIR}' specified directory not found (FBTURBOSRC_DIR)!"
465 echo "error: '${FBTURBOSRC_DIR}' specified directory not found (FBTURBOSRC_DIR)!"
465 exit 1
466 exit 1
466 fi
467 fi
467
468
468 # Check if specified CHROOT_SCRIPTS directory exists
469 # Check if specified CHROOT_SCRIPTS directory exists
469 if [ -n "$CHROOT_SCRIPTS" ] && [ ! -d "$CHROOT_SCRIPTS" ] ; then
470 if [ -n "$CHROOT_SCRIPTS" ] && [ ! -d "$CHROOT_SCRIPTS" ] ; then
470 echo "error: ${CHROOT_SCRIPTS} specified directory not found (CHROOT_SCRIPTS)!"
471 echo "error: ${CHROOT_SCRIPTS} specified directory not found (CHROOT_SCRIPTS)!"
471 exit 1
472 exit 1
472 fi
473 fi
473
474
474 # Check if specified device mapping already exists (will be used by cryptsetup)
475 # Check if specified device mapping already exists (will be used by cryptsetup)
475 if [ -r "/dev/mapping/${CRYPTFS_MAPPING}" ] ; then
476 if [ -r "/dev/mapping/${CRYPTFS_MAPPING}" ] ; then
476 echo "error: mapping /dev/mapping/${CRYPTFS_MAPPING} already exists, not proceeding"
477 echo "error: mapping /dev/mapping/${CRYPTFS_MAPPING} already exists, not proceeding"
477 exit 1
478 exit 1
478 fi
479 fi
479
480
480 # Don't clobber an old build
481 # Don't clobber an old build
481 if [ -e "$BUILDDIR" ] ; then
482 if [ -e "$BUILDDIR" ] ; then
482 echo "error: directory ${BUILDDIR} already exists, not proceeding"
483 echo "error: directory ${BUILDDIR} already exists, not proceeding"
483 exit 1
484 exit 1
484 fi
485 fi
485
486
486 # Setup chroot directory
487 # Setup chroot directory
487 mkdir -p "${R}"
488 mkdir -p "${R}"
488
489
489 # Check if build directory has enough of free disk space >512MB
490 # Check if build directory has enough of free disk space >512MB
490 if [ "$(df --output=avail "${BUILDDIR}" | sed "1d")" -le "524288" ] ; then
491 if [ "$(df --output=avail "${BUILDDIR}" | sed "1d")" -le "524288" ] ; then
491 echo "error: ${BUILDDIR} not enough space left to generate the output image!"
492 echo "error: ${BUILDDIR} not enough space left to generate the output image!"
492 exit 1
493 exit 1
493 fi
494 fi
494
495
495 set -x
496 set -x
496
497
497 # Call "cleanup" function on various signals and errors
498 # Call "cleanup" function on various signals and errors
498 trap cleanup 0 1 2 3 6
499 trap cleanup 0 1 2 3 6
499
500
500 # Add required packages for the minbase installation
501 # Add required packages for the minbase installation
501 if [ "$ENABLE_MINBASE" = true ] ; then
502 if [ "$ENABLE_MINBASE" = true ] ; then
502 APT_INCLUDES="${APT_INCLUDES},vim-tiny,netbase,net-tools,ifupdown"
503 APT_INCLUDES="${APT_INCLUDES},vim-tiny,netbase,net-tools,ifupdown"
503 fi
504 fi
504
505
505 # Add parted package, required to get partprobe utility
506 # Add parted package, required to get partprobe utility
506 if [ "$EXPANDROOT" = true ] ; then
507 if [ "$EXPANDROOT" = true ] ; then
507 APT_INCLUDES="${APT_INCLUDES},parted"
508 APT_INCLUDES="${APT_INCLUDES},parted"
508 fi
509 fi
509
510
510 # Add dbus package, recommended if using systemd
511 # Add dbus package, recommended if using systemd
511 if [ "$ENABLE_DBUS" = true ] ; then
512 if [ "$ENABLE_DBUS" = true ] ; then
512 APT_INCLUDES="${APT_INCLUDES},dbus"
513 APT_INCLUDES="${APT_INCLUDES},dbus"
513 fi
514 fi
514
515
515 # Add iptables IPv4/IPv6 package
516 # Add iptables IPv4/IPv6 package
516 if [ "$ENABLE_IPTABLES" = true ] ; then
517 if [ "$ENABLE_IPTABLES" = true ] ; then
517 APT_INCLUDES="${APT_INCLUDES},iptables,iptables-persistent"
518 APT_INCLUDES="${APT_INCLUDES},iptables,iptables-persistent"
518 fi
519 fi
519
520
520 # Add openssh server package
521 # Add openssh server package
521 if [ "$ENABLE_SSHD" = true ] ; then
522 if [ "$ENABLE_SSHD" = true ] ; then
522 APT_INCLUDES="${APT_INCLUDES},openssh-server"
523 APT_INCLUDES="${APT_INCLUDES},openssh-server"
523 fi
524 fi
524
525
525 # Add alsa-utils package
526 # Add alsa-utils package
526 if [ "$ENABLE_SOUND" = true ] ; then
527 if [ "$ENABLE_SOUND" = true ] ; then
527 APT_INCLUDES="${APT_INCLUDES},alsa-utils"
528 APT_INCLUDES="${APT_INCLUDES},alsa-utils"
528 fi
529 fi
529
530
530 # Add rng-tools package
531 # Add rng-tools package
531 if [ "$ENABLE_HWRANDOM" = true ] ; then
532 if [ "$ENABLE_HWRANDOM" = true ] ; then
532 APT_INCLUDES="${APT_INCLUDES},rng-tools"
533 APT_INCLUDES="${APT_INCLUDES},rng-tools"
533 fi
534 fi
534
535
535 # Add fbturbo video driver
536 # Add fbturbo video driver
536 if [ "$ENABLE_FBTURBO" = true ] ; then
537 if [ "$ENABLE_FBTURBO" = true ] ; then
537 # Enable xorg package dependencies
538 # Enable xorg package dependencies
538 ENABLE_XORG=true
539 ENABLE_XORG=true
539 fi
540 fi
540
541
541 # Add user defined window manager package
542 # Add user defined window manager package
542 if [ -n "$ENABLE_WM" ] ; then
543 if [ -n "$ENABLE_WM" ] ; then
543 APT_INCLUDES="${APT_INCLUDES},${ENABLE_WM}"
544 APT_INCLUDES="${APT_INCLUDES},${ENABLE_WM}"
544
545
545 # Enable xorg package dependencies
546 # Enable xorg package dependencies
546 ENABLE_XORG=true
547 ENABLE_XORG=true
547 fi
548 fi
548
549
549 # Add xorg package
550 # Add xorg package
550 if [ "$ENABLE_XORG" = true ] ; then
551 if [ "$ENABLE_XORG" = true ] ; then
551 APT_INCLUDES="${APT_INCLUDES},xorg,dbus-x11"
552 APT_INCLUDES="${APT_INCLUDES},xorg,dbus-x11"
552 fi
553 fi
553
554
554 # Replace selected packages with smaller clones
555 # Replace selected packages with smaller clones
555 if [ "$ENABLE_REDUCE" = true ] ; then
556 if [ "$ENABLE_REDUCE" = true ] ; then
556 # Add levee package instead of vim-tiny
557 # Add levee package instead of vim-tiny
557 if [ "$REDUCE_VIM" = true ] ; then
558 if [ "$REDUCE_VIM" = true ] ; then
558 APT_INCLUDES="$(echo ${APT_INCLUDES} | sed "s/vim-tiny/levee/")"
559 APT_INCLUDES="$(echo ${APT_INCLUDES} | sed "s/vim-tiny/levee/")"
559 fi
560 fi
560
561
561 # Add dropbear package instead of openssh-server
562 # Add dropbear package instead of openssh-server
562 if [ "$REDUCE_SSHD" = true ] ; then
563 if [ "$REDUCE_SSHD" = true ] ; then
563 APT_INCLUDES="$(echo "${APT_INCLUDES}" | sed "s/openssh-server/dropbear/")"
564 APT_INCLUDES="$(echo "${APT_INCLUDES}" | sed "s/openssh-server/dropbear/")"
564 fi
565 fi
565 fi
566 fi
566
567
568 # Configure systemd-sysv exclude to make halt/reboot/shutdown scripts available
569 if [ "$ENABLE_SYSVINIT" = false ] ; then
570 APT_EXCLUDES="--exclude=${APT_EXCLUDES},init,systemd-sysv"
571 fi
572
567 # Configure kernel sources if no KERNELSRC_DIR
573 # Configure kernel sources if no KERNELSRC_DIR
568 if [ "$BUILD_KERNEL" = true ] && [ -z "$KERNELSRC_DIR" ] ; then
574 if [ "$BUILD_KERNEL" = true ] && [ -z "$KERNELSRC_DIR" ] ; then
569 KERNELSRC_CONFIG=true
575 KERNELSRC_CONFIG=true
570 fi
576 fi
571
577
572 # Configure reduced kernel
578 # Configure reduced kernel
573 if [ "$KERNEL_REDUCE" = true ] ; then
579 if [ "$KERNEL_REDUCE" = true ] ; then
574 KERNELSRC_CONFIG=false
580 KERNELSRC_CONFIG=false
575 fi
581 fi
576
582
577 # Configure qemu compatible kernel
583 # Configure qemu compatible kernel
578 if [ "$ENABLE_QEMU" = true ] ; then
584 if [ "$ENABLE_QEMU" = true ] ; then
579 DTB_FILE=vexpress-v2p-ca15_a7.dtb
585 DTB_FILE=vexpress-v2p-ca15_a7.dtb
580 UBOOT_CONFIG=vexpress_ca15_tc2_defconfig
586 UBOOT_CONFIG=vexpress_ca15_tc2_defconfig
581 KERNEL_DEFCONFIG="vexpress_defconfig"
587 KERNEL_DEFCONFIG="vexpress_defconfig"
582 if [ "$KERNEL_MENUCONFIG" = false ] ; then
588 if [ "$KERNEL_MENUCONFIG" = false ] ; then
583 KERNEL_OLDDEFCONFIG=true
589 KERNEL_OLDDEFCONFIG=true
584 fi
590 fi
585 fi
591 fi
586
592
587 # Execute bootstrap scripts
593 # Execute bootstrap scripts
588 for SCRIPT in bootstrap.d/*.sh; do
594 for SCRIPT in bootstrap.d/*.sh; do
589 head -n 3 "$SCRIPT"
595 head -n 3 "$SCRIPT"
590 . "$SCRIPT"
596 . "$SCRIPT"
591 done
597 done
592
598
593 ## Execute custom bootstrap scripts
599 ## Execute custom bootstrap scripts
594 if [ -d "custom.d" ] ; then
600 if [ -d "custom.d" ] ; then
595 for SCRIPT in custom.d/*.sh; do
601 for SCRIPT in custom.d/*.sh; do
596 . "$SCRIPT"
602 . "$SCRIPT"
597 done
603 done
598 fi
604 fi
599
605
600 # Execute custom scripts inside the chroot
606 # Execute custom scripts inside the chroot
601 if [ -n "$CHROOT_SCRIPTS" ] && [ -d "$CHROOT_SCRIPTS" ] ; then
607 if [ -n "$CHROOT_SCRIPTS" ] && [ -d "$CHROOT_SCRIPTS" ] ; then
602 cp -r "${CHROOT_SCRIPTS}" "${R}/chroot_scripts"
608 cp -r "${CHROOT_SCRIPTS}" "${R}/chroot_scripts"
603 chroot_exec /bin/bash -x <<'EOF'
609 chroot_exec /bin/bash -x <<'EOF'
604 for SCRIPT in /chroot_scripts/* ; do
610 for SCRIPT in /chroot_scripts/* ; do
605 if [ -f $SCRIPT -a -x $SCRIPT ] ; then
611 if [ -f $SCRIPT -a -x $SCRIPT ] ; then
606 $SCRIPT
612 $SCRIPT
607 fi
613 fi
608 done
614 done
609 EOF
615 EOF
610 rm -rf "${R}/chroot_scripts"
616 rm -rf "${R}/chroot_scripts"
611 fi
617 fi
612
618
613 # Remove c/c++ build environment from the chroot
619 # Remove c/c++ build environment from the chroot
614 chroot_remove_cc
620 chroot_remove_cc
615
621
616 # Generate required machine-id
622 # Generate required machine-id
617 MACHINE_ID=$(dbus-uuidgen)
623 MACHINE_ID=$(dbus-uuidgen)
618 echo -n "${MACHINE_ID}" > "${R}/var/lib/dbus/machine-id"
624 echo -n "${MACHINE_ID}" > "${R}/var/lib/dbus/machine-id"
619 echo -n "${MACHINE_ID}" > "${ETC_DIR}/machine-id"
625 echo -n "${MACHINE_ID}" > "${ETC_DIR}/machine-id"
620
626
621 # APT Cleanup
627 # APT Cleanup
622 chroot_exec apt-get -y clean
628 chroot_exec apt-get -y clean
623 chroot_exec apt-get -y autoclean
629 chroot_exec apt-get -y autoclean
624 chroot_exec apt-get -y autoremove
630 chroot_exec apt-get -y autoremove
625
631
626 # Unmount mounted filesystems
632 # Unmount mounted filesystems
627 umount -l "${R}/proc"
633 umount -l "${R}/proc"
628 umount -l "${R}/sys"
634 umount -l "${R}/sys"
629
635
630 # Clean up directories
636 # Clean up directories
631 rm -rf "${R}/run/*"
637 rm -rf "${R}/run/*"
632 rm -rf "${R}/tmp/*"
638 rm -rf "${R}/tmp/*"
633
639
634 # Clean up files
640 # Clean up files
635 rm -f "${ETC_DIR}/ssh/ssh_host_*"
641 rm -f "${ETC_DIR}/ssh/ssh_host_*"
636 rm -f "${ETC_DIR}/dropbear/dropbear_*"
642 rm -f "${ETC_DIR}/dropbear/dropbear_*"
637 rm -f "${ETC_DIR}/apt/sources.list.save"
643 rm -f "${ETC_DIR}/apt/sources.list.save"
638 rm -f "${ETC_DIR}/resolvconf/resolv.conf.d/original"
644 rm -f "${ETC_DIR}/resolvconf/resolv.conf.d/original"
639 rm -f "${ETC_DIR}/*-"
645 rm -f "${ETC_DIR}/*-"
640 rm -f "${ETC_DIR}/apt/apt.conf.d/10proxy"
646 rm -f "${ETC_DIR}/apt/apt.conf.d/10proxy"
641 rm -f "${ETC_DIR}/resolv.conf"
647 rm -f "${ETC_DIR}/resolv.conf"
642 rm -f "${R}/root/.bash_history"
648 rm -f "${R}/root/.bash_history"
643 rm -f "${R}/var/lib/urandom/random-seed"
649 rm -f "${R}/var/lib/urandom/random-seed"
644 rm -f "${R}/initrd.img"
650 rm -f "${R}/initrd.img"
645 rm -f "${R}/vmlinuz"
651 rm -f "${R}/vmlinuz"
646 rm -f "${R}${QEMU_BINARY}"
652 rm -f "${R}${QEMU_BINARY}"
647
653
648 if [ "$ENABLE_QEMU" = true ] ; then
654 if [ "$ENABLE_QEMU" = true ] ; then
649 # Setup QEMU directory
655 # Setup QEMU directory
650 mkdir "${BASEDIR}/qemu"
656 mkdir "${BASEDIR}/qemu"
651
657
652 # Copy kernel image to QEMU directory
658 # Copy kernel image to QEMU directory
653 install_readonly "${BOOT_DIR}/${KERNEL_IMAGE}" "${BASEDIR}/qemu/${KERNEL_IMAGE}"
659 install_readonly "${BOOT_DIR}/${KERNEL_IMAGE}" "${BASEDIR}/qemu/${KERNEL_IMAGE}"
654
660
655 # Copy kernel config to QEMU directory
661 # Copy kernel config to QEMU directory
656 install_readonly "${R}/boot/config-${KERNEL_VERSION}" "${BASEDIR}/qemu/config-${KERNEL_VERSION}"
662 install_readonly "${R}/boot/config-${KERNEL_VERSION}" "${BASEDIR}/qemu/config-${KERNEL_VERSION}"
657
663
658 # Copy kernel dtbs to QEMU directory
664 # Copy kernel dtbs to QEMU directory
659 for dtb in "${BOOT_DIR}/"*.dtb ; do
665 for dtb in "${BOOT_DIR}/"*.dtb ; do
660 if [ -f "${dtb}" ] ; then
666 if [ -f "${dtb}" ] ; then
661 install_readonly "${dtb}" "${BASEDIR}/qemu/"
667 install_readonly "${dtb}" "${BASEDIR}/qemu/"
662 fi
668 fi
663 done
669 done
664
670
665 # Copy kernel overlays to QEMU directory
671 # Copy kernel overlays to QEMU directory
666 if [ -d "${BOOT_DIR}/overlays" ] ; then
672 if [ -d "${BOOT_DIR}/overlays" ] ; then
667 # Setup overlays dtbs directory
673 # Setup overlays dtbs directory
668 mkdir "${BASEDIR}/qemu/overlays"
674 mkdir "${BASEDIR}/qemu/overlays"
669
675
670 for dtb in "${BOOT_DIR}/overlays/"*.dtb ; do
676 for dtb in "${BOOT_DIR}/overlays/"*.dtb ; do
671 if [ -f "${dtb}" ] ; then
677 if [ -f "${dtb}" ] ; then
672 install_readonly "${dtb}" "${BASEDIR}/qemu/overlays/"
678 install_readonly "${dtb}" "${BASEDIR}/qemu/overlays/"
673 fi
679 fi
674 done
680 done
675 fi
681 fi
676
682
677 # Copy u-boot files to QEMU directory
683 # Copy u-boot files to QEMU directory
678 if [ "$ENABLE_UBOOT" = true ] ; then
684 if [ "$ENABLE_UBOOT" = true ] ; then
679 if [ -f "${BOOT_DIR}/u-boot.bin" ] ; then
685 if [ -f "${BOOT_DIR}/u-boot.bin" ] ; then
680 install_readonly "${BOOT_DIR}/u-boot.bin" "${BASEDIR}/qemu/u-boot.bin"
686 install_readonly "${BOOT_DIR}/u-boot.bin" "${BASEDIR}/qemu/u-boot.bin"
681 fi
687 fi
682 if [ -f "${BOOT_DIR}/uboot.mkimage" ] ; then
688 if [ -f "${BOOT_DIR}/uboot.mkimage" ] ; then
683 install_readonly "${BOOT_DIR}/uboot.mkimage" "${BASEDIR}/qemu/uboot.mkimage"
689 install_readonly "${BOOT_DIR}/uboot.mkimage" "${BASEDIR}/qemu/uboot.mkimage"
684 fi
690 fi
685 if [ -f "${BOOT_DIR}/boot.scr" ] ; then
691 if [ -f "${BOOT_DIR}/boot.scr" ] ; then
686 install_readonly "${BOOT_DIR}/boot.scr" "${BASEDIR}/qemu/boot.scr"
692 install_readonly "${BOOT_DIR}/boot.scr" "${BASEDIR}/qemu/boot.scr"
687 fi
693 fi
688 fi
694 fi
689
695
690 # Copy initramfs to QEMU directory
696 # Copy initramfs to QEMU directory
691 if [ -f "${BOOT_DIR}/initramfs-${KERNEL_VERSION}" ] ; then
697 if [ -f "${BOOT_DIR}/initramfs-${KERNEL_VERSION}" ] ; then
692 install_readonly "${BOOT_DIR}/initramfs-${KERNEL_VERSION}" "${BASEDIR}/qemu/initramfs-${KERNEL_VERSION}"
698 install_readonly "${BOOT_DIR}/initramfs-${KERNEL_VERSION}" "${BASEDIR}/qemu/initramfs-${KERNEL_VERSION}"
693 fi
699 fi
694 fi
700 fi
695
701
696 # Calculate size of the chroot directory in KB
702 # Calculate size of the chroot directory in KB
697 CHROOT_SIZE=$(expr "$(du -s "${R}" | awk '{ print $1 }')")
703 CHROOT_SIZE=$(expr "$(du -s "${R}" | awk '{ print $1 }')")
698
704
699 # Calculate the amount of needed 512 Byte sectors
705 # Calculate the amount of needed 512 Byte sectors
700 TABLE_SECTORS=$(expr 1 \* 1024 \* 1024 \/ 512)
706 TABLE_SECTORS=$(expr 1 \* 1024 \* 1024 \/ 512)
701 FRMW_SECTORS=$(expr 64 \* 1024 \* 1024 \/ 512)
707 FRMW_SECTORS=$(expr 64 \* 1024 \* 1024 \/ 512)
702 ROOT_OFFSET=$(expr "${TABLE_SECTORS}" + "${FRMW_SECTORS}")
708 ROOT_OFFSET=$(expr "${TABLE_SECTORS}" + "${FRMW_SECTORS}")
703
709
704 # The root partition is EXT4
710 # The root partition is EXT4
705 # This means more space than the actual used space of the chroot is used.
711 # This means more space than the actual used space of the chroot is used.
706 # As overhead for journaling and reserved blocks 35% are added.
712 # As overhead for journaling and reserved blocks 35% are added.
707 ROOT_SECTORS=$(expr "$(expr "${CHROOT_SIZE}" + "${CHROOT_SIZE}" \/ 100 \* 35)" \* 1024 \/ 512)
713 ROOT_SECTORS=$(expr "$(expr "${CHROOT_SIZE}" + "${CHROOT_SIZE}" \/ 100 \* 35)" \* 1024 \/ 512)
708
714
709 # Calculate required image size in 512 Byte sectors
715 # Calculate required image size in 512 Byte sectors
710 IMAGE_SECTORS=$(expr "${TABLE_SECTORS}" + "${FRMW_SECTORS}" + "${ROOT_SECTORS}")
716 IMAGE_SECTORS=$(expr "${TABLE_SECTORS}" + "${FRMW_SECTORS}" + "${ROOT_SECTORS}")
711
717
712 # Prepare image file
718 # Prepare image file
713 if [ "$ENABLE_SPLITFS" = true ] ; then
719 if [ "$ENABLE_SPLITFS" = true ] ; then
714 dd if=/dev/zero of="$IMAGE_NAME-frmw.img" bs=512 count="${TABLE_SECTORS}"
720 dd if=/dev/zero of="$IMAGE_NAME-frmw.img" bs=512 count="${TABLE_SECTORS}"
715 dd if=/dev/zero of="$IMAGE_NAME-frmw.img" bs=512 count=0 seek="${FRMW_SECTORS}"
721 dd if=/dev/zero of="$IMAGE_NAME-frmw.img" bs=512 count=0 seek="${FRMW_SECTORS}"
716 dd if=/dev/zero of="$IMAGE_NAME-root.img" bs=512 count="${TABLE_SECTORS}"
722 dd if=/dev/zero of="$IMAGE_NAME-root.img" bs=512 count="${TABLE_SECTORS}"
717 dd if=/dev/zero of="$IMAGE_NAME-root.img" bs=512 count=0 seek="${ROOT_SECTORS}"
723 dd if=/dev/zero of="$IMAGE_NAME-root.img" bs=512 count=0 seek="${ROOT_SECTORS}"
718
724
719 # Write firmware/boot partition tables
725 # Write firmware/boot partition tables
720 sfdisk -q -L -uS -f "$IMAGE_NAME-frmw.img" 2> /dev/null <<EOM
726 sfdisk -q -L -uS -f "$IMAGE_NAME-frmw.img" 2> /dev/null <<EOM
721 ${TABLE_SECTORS},${FRMW_SECTORS},c,*
727 ${TABLE_SECTORS},${FRMW_SECTORS},c,*
722 EOM
728 EOM
723
729
724 # Write root partition table
730 # Write root partition table
725 sfdisk -q -L -uS -f "$IMAGE_NAME-root.img" 2> /dev/null <<EOM
731 sfdisk -q -L -uS -f "$IMAGE_NAME-root.img" 2> /dev/null <<EOM
726 ${TABLE_SECTORS},${ROOT_SECTORS},83
732 ${TABLE_SECTORS},${ROOT_SECTORS},83
727 EOM
733 EOM
728
734
729 # Setup temporary loop devices
735 # Setup temporary loop devices
730 FRMW_LOOP="$(losetup -o 1M --sizelimit 64M -f --show "$IMAGE_NAME"-frmw.img)"
736 FRMW_LOOP="$(losetup -o 1M --sizelimit 64M -f --show "$IMAGE_NAME"-frmw.img)"
731 ROOT_LOOP="$(losetup -o 1M -f --show "$IMAGE_NAME"-root.img)"
737 ROOT_LOOP="$(losetup -o 1M -f --show "$IMAGE_NAME"-root.img)"
732 else # ENABLE_SPLITFS=false
738 else # ENABLE_SPLITFS=false
733 dd if=/dev/zero of="$IMAGE_NAME.img" bs=512 count="${TABLE_SECTORS}"
739 dd if=/dev/zero of="$IMAGE_NAME.img" bs=512 count="${TABLE_SECTORS}"
734 dd if=/dev/zero of="$IMAGE_NAME.img" bs=512 count=0 seek="${IMAGE_SECTORS}"
740 dd if=/dev/zero of="$IMAGE_NAME.img" bs=512 count=0 seek="${IMAGE_SECTORS}"
735
741
736 # Write partition table
742 # Write partition table
737 sfdisk -q -L -uS -f "$IMAGE_NAME.img" 2> /dev/null <<EOM
743 sfdisk -q -L -uS -f "$IMAGE_NAME.img" 2> /dev/null <<EOM
738 ${TABLE_SECTORS},${FRMW_SECTORS},c,*
744 ${TABLE_SECTORS},${FRMW_SECTORS},c,*
739 ${ROOT_OFFSET},${ROOT_SECTORS},83
745 ${ROOT_OFFSET},${ROOT_SECTORS},83
740 EOM
746 EOM
741
747
742 # Setup temporary loop devices
748 # Setup temporary loop devices
743 FRMW_LOOP="$(losetup -o 1M --sizelimit 64M -f --show "$IMAGE_NAME".img)"
749 FRMW_LOOP="$(losetup -o 1M --sizelimit 64M -f --show "$IMAGE_NAME".img)"
744 ROOT_LOOP="$(losetup -o 65M -f --show "$IMAGE_NAME".img)"
750 ROOT_LOOP="$(losetup -o 65M -f --show "$IMAGE_NAME".img)"
745 fi
751 fi
746
752
747 if [ "$ENABLE_CRYPTFS" = true ] ; then
753 if [ "$ENABLE_CRYPTFS" = true ] ; then
748 # Create dummy ext4 fs
754 # Create dummy ext4 fs
749 mkfs.ext4 "$ROOT_LOOP"
755 mkfs.ext4 "$ROOT_LOOP"
750
756
751 # Setup password keyfile
757 # Setup password keyfile
752 touch .password
758 touch .password
753 chmod 600 .password
759 chmod 600 .password
754 echo -n ${CRYPTFS_PASSWORD} > .password
760 echo -n ${CRYPTFS_PASSWORD} > .password
755
761
756 # Initialize encrypted partition
762 # Initialize encrypted partition
757 echo "YES" | cryptsetup luksFormat "${ROOT_LOOP}" -c "${CRYPTFS_CIPHER}" -s "${CRYPTFS_XTSKEYSIZE}" .password
763 echo "YES" | cryptsetup luksFormat "${ROOT_LOOP}" -c "${CRYPTFS_CIPHER}" -s "${CRYPTFS_XTSKEYSIZE}" .password
758
764
759 # Open encrypted partition and setup mapping
765 # Open encrypted partition and setup mapping
760 cryptsetup luksOpen "${ROOT_LOOP}" -d .password "${CRYPTFS_MAPPING}"
766 cryptsetup luksOpen "${ROOT_LOOP}" -d .password "${CRYPTFS_MAPPING}"
761
767
762 # Secure delete password keyfile
768 # Secure delete password keyfile
763 shred -zu .password
769 shred -zu .password
764
770
765 # Update temporary loop device
771 # Update temporary loop device
766 ROOT_LOOP="/dev/mapper/${CRYPTFS_MAPPING}"
772 ROOT_LOOP="/dev/mapper/${CRYPTFS_MAPPING}"
767
773
768 # Wipe encrypted partition (encryption cipher is used for randomness)
774 # Wipe encrypted partition (encryption cipher is used for randomness)
769 dd if=/dev/zero of="${ROOT_LOOP}" bs=512 count="$(blockdev --getsz "${ROOT_LOOP}")"
775 dd if=/dev/zero of="${ROOT_LOOP}" bs=512 count="$(blockdev --getsz "${ROOT_LOOP}")"
770 fi
776 fi
771
777
772 # Build filesystems
778 # Build filesystems
773 mkfs.vfat "$FRMW_LOOP"
779 mkfs.vfat "$FRMW_LOOP"
774 mkfs.ext4 "$ROOT_LOOP"
780 mkfs.ext4 "$ROOT_LOOP"
775
781
776 # Mount the temporary loop devices
782 # Mount the temporary loop devices
777 mkdir -p "$BUILDDIR/mount"
783 mkdir -p "$BUILDDIR/mount"
778 mount "$ROOT_LOOP" "$BUILDDIR/mount"
784 mount "$ROOT_LOOP" "$BUILDDIR/mount"
779
785
780 mkdir -p "$BUILDDIR/mount/boot/firmware"
786 mkdir -p "$BUILDDIR/mount/boot/firmware"
781 mount "$FRMW_LOOP" "$BUILDDIR/mount/boot/firmware"
787 mount "$FRMW_LOOP" "$BUILDDIR/mount/boot/firmware"
782
788
783 # Copy all files from the chroot to the loop device mount point directory
789 # Copy all files from the chroot to the loop device mount point directory
784 rsync -a "${R}/" "$BUILDDIR/mount/"
790 rsync -a "${R}/" "$BUILDDIR/mount/"
785
791
786 # Unmount all temporary loop devices and mount points
792 # Unmount all temporary loop devices and mount points
787 cleanup
793 cleanup
788
794
789 # Create block map file(s) of image(s)
795 # Create block map file(s) of image(s)
790 if [ "$ENABLE_SPLITFS" = true ] ; then
796 if [ "$ENABLE_SPLITFS" = true ] ; then
791 # Create block map files for "bmaptool"
797 # Create block map files for "bmaptool"
792 bmaptool create -o "$IMAGE_NAME-frmw.bmap" "$IMAGE_NAME-frmw.img"
798 bmaptool create -o "$IMAGE_NAME-frmw.bmap" "$IMAGE_NAME-frmw.img"
793 bmaptool create -o "$IMAGE_NAME-root.bmap" "$IMAGE_NAME-root.img"
799 bmaptool create -o "$IMAGE_NAME-root.bmap" "$IMAGE_NAME-root.img"
794
800
795 # Image was successfully created
801 # Image was successfully created
796 echo "$IMAGE_NAME-frmw.img ($(expr \( "${TABLE_SECTORS}" + "${FRMW_SECTORS}" \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
802 echo "$IMAGE_NAME-frmw.img ($(expr \( "${TABLE_SECTORS}" + "${FRMW_SECTORS}" \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
797 echo "$IMAGE_NAME-root.img ($(expr \( "${TABLE_SECTORS}" + "${ROOT_SECTORS}" \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
803 echo "$IMAGE_NAME-root.img ($(expr \( "${TABLE_SECTORS}" + "${ROOT_SECTORS}" \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
798 else
804 else
799 # Create block map file for "bmaptool"
805 # Create block map file for "bmaptool"
800 bmaptool create -o "$IMAGE_NAME.bmap" "$IMAGE_NAME.img"
806 bmaptool create -o "$IMAGE_NAME.bmap" "$IMAGE_NAME.img"
801
807
802 # Image was successfully created
808 # Image was successfully created
803 echo "$IMAGE_NAME.img ($(expr \( "${TABLE_SECTORS}" + "${FRMW_SECTORS}" + "${ROOT_SECTORS}" \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
809 echo "$IMAGE_NAME.img ($(expr \( "${TABLE_SECTORS}" + "${FRMW_SECTORS}" + "${ROOT_SECTORS}" \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
804
810
805 # Create qemu qcow2 image
811 # Create qemu qcow2 image
806 if [ "$ENABLE_QEMU" = true ] ; then
812 if [ "$ENABLE_QEMU" = true ] ; then
807 QEMU_IMAGE=${QEMU_IMAGE:=${BASEDIR}/qemu/${DATE}-${KERNEL_ARCH}-CURRENT-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}}
813 QEMU_IMAGE=${QEMU_IMAGE:=${BASEDIR}/qemu/${DATE}-${KERNEL_ARCH}-CURRENT-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}}
808 QEMU_SIZE=16G
814 QEMU_SIZE=16G
809
815
810 qemu-img convert -f raw -O qcow2 "$IMAGE_NAME".img "$QEMU_IMAGE".qcow2
816 qemu-img convert -f raw -O qcow2 "$IMAGE_NAME".img "$QEMU_IMAGE".qcow2
811 qemu-img resize "$QEMU_IMAGE".qcow2 $QEMU_SIZE
817 qemu-img resize "$QEMU_IMAGE".qcow2 $QEMU_SIZE
812
818
813 echo "$QEMU_IMAGE.qcow2 ($QEMU_SIZE)" ": successfully created"
819 echo "$QEMU_IMAGE.qcow2 ($QEMU_SIZE)" ": successfully created"
814 fi
820 fi
815 fi
821 fi
General Comments 0
Vous devez vous connecter pour laisser un commentaire. Se connecter maintenant