##// END OF EJS Templates
update from master
Unknown -
r403:c99e540b9c7c
parent child
Show More
@@ -0,0 +1,53
1 #
2 # Setup videocore - Raspberry Userland
3 #
4
5 # Load utility functions
6 . ./functions.sh
7
8 if [ "$ENABLE_VIDEOCORE" = true ] ; then
9 # Copy existing videocore sources into chroot directory
10 if [ -n "$VIDEOCORESRC_DIR" ] && [ -d "$VIDEOCORESRC_DIR" ] ; then
11 # Copy local U-Boot sources
12 cp -r "${VIDEOCORESRC_DIR}" "${R}/tmp/userland"
13 else
14 # Create temporary directory for U-Boot sources
15 temp_dir=$(as_nobody mktemp -d)
16
17 # Fetch U-Boot sources
18 as_nobody git -C "${temp_dir}" clone "${VIDEOCORE_URL}"
19
20 # Copy downloaded U-Boot sources
21 mv "${temp_dir}/userland" "${R}/tmp/"
22
23 # Set permissions of the U-Boot sources
24 chown -R root:root "${R}/tmp/userland"
25
26 # Remove temporary directory for U-Boot sources
27 rm -fr "${temp_dir}"
28 fi
29
30 # Create build dir
31 mkdir "${R}"/tmp/userland/build
32
33 # push us to build directory
34 pushd "${R}"/tmp/userland/build
35
36 if [ "$RELEASE_ARCH" = "arm64" ] ; then
37 cmake -DCMAKE_SYSTEM_NAME=Linux -DCMAKE_BUILD_TYPE=release -DARM64=ON -DCMAKE_C_COMPILER=aarch64-linux-gnu-gcc -DCMAKE_CXX_COMPILER=aarch64-linux-gnu-g++ -DCMAKE_ASM_COMPILER=aarch64-linux-gnu-gcc -DCMAKE_C_FLAGS="${CMAKE_C_FLAGS} -U_FORTIFY_SOURCE" -DCMAKE_ASM_FLAGS="${CMAKE_ASM_FLAGS} -c" -DVIDEOCORE_BUILD_DIR="${R}" "${R}/tmp/userland"
38 fi
39
40 if [ "$RELEASE_ARCH" = "armel" ] ; then
41 cmake -DCMAKE_SYSTEM_NAME=Linux -DCMAKE_BUILD_TYPE=release -DCMAKE_C_COMPILER=arm-linux-gnueabi-gcc -DCMAKE_CXX_COMPILER=arm-linux-gnueabi-g++ -DCMAKE_ASM_COMPILER=arm-linux-gnueabi-gcc -DCMAKE_C_FLAGS="${CMAKE_C_FLAGS} -U_FORTIFY_SOURCE" -DCMAKE_ASM_FLAGS="${CMAKE_ASM_FLAGS} -c" -DCMAKE_SYSTEM_PROCESSOR="arm" -DVIDEOCORE_BUILD_DIR="${R}" "${R}/tmp/userland"
42 fi
43
44 if [ "$RELEASE_ARCH" = "armhf" ] ; then
45 cmake -DCMAKE_SYSTEM_NAME=Linux -DCMAKE_BUILD_TYPE=release -DCMAKE_TOOLCHAIN_FILE="${R}"/tmp/userland/makefiles/cmake/toolchains/arm-linux-gnueabihf.cmake -DVIDEOCORE_BUILD_DIR="${R}" "${R}/tmp/userland"
46 fi
47
48 #build userland
49 make -j "$(nproc)"
50
51 #pop us out of build dir
52 popd
53 fi
@@ -0,0 +1,21
1 add table ip filter
2 add chain ip filter INPUT { type filter hook input priority 0; }
3 add chain ip filter FORWARD { type filter hook forward priority 0; }
4 add chain ip filter OUTPUT { type filter hook output priority 0; }
5 add chain ip filter TCP
6 add chain ip filter UDP
7 add chain ip filter SSH
8 add rule ip filter INPUT icmp type echo-request limit rate 30/minute burst 8 packets counter accept
9 add rule ip filter INPUT icmp type echo-request counter drop
10 add rule ip filter INPUT ct state related,established counter accept
11 add rule ip filter INPUT iifname lo counter accept
12 add rule ip filter INPUT ct state invalid counter drop
13 add rule ip filter INPUT tcp dport 22 ct state new counter jump SSH
14 # -t filter -A SSH -m recent --name sshbf --rttl --rcheck --hitcount 3 --seconds 10 -j DROP
15 # -t filter -A SSH -m recent --name sshbf --rttl --rcheck --hitcount 20 --seconds 1800 -j DROP
16 # -t filter -A SSH -m recent --name sshbf --set -j ACCEPT
17 add rule ip filter INPUT ip protocol udp ct state new counter jump UDP
18 add rule ip filter INPUT tcp flags & fin|syn|rst|ack == syn ct state new counter jump TCP
19 add rule ip filter INPUT ip protocol udp counter reject
20 add rule ip filter INPUT ip protocol tcp counter reject with tcp reset
21 add rule ip filter INPUT counter reject with icmp type prot-unreachable
@@ -0,0 +1,24
1 add table ip6 filter
2 add chain ip6 filter INPUT { type filter hook input priority 0; }
3 add chain ip6 filter FORWARD { type filter hook forward priority 0; }
4 add chain ip6 filter OUTPUT { type filter hook output priority 0; }
5 add chain ip6 filter TCP
6 add chain ip6 filter UDP
7 add chain ip6 filter SSH
8 add rule ip6 filter INPUT rt type 0 counter drop
9 add rule ip6 filter OUTPUT rt type 0 counter drop
10 add rule ip6 filter FORWARD rt type 0 counter drop
11 add rule ip6 filter INPUT meta l4proto ipv6-icmp icmpv6 type echo-request limit rate 30/minute burst 8 packets counter accept
12 add rule ip6 filter INPUT meta l4proto ipv6-icmp icmpv6 type echo-request counter drop
13 add rule ip6 filter INPUT ct state related,established counter accept
14 add rule ip6 filter INPUT iifname lo counter accept
15 add rule ip6 filter INPUT ct state invalid counter drop
16 add rule ip6 filter INPUT tcp dport 22 ct state new counter jump SSH
17 # -t filter -A SSH -m recent --name sshbf --rttl --rcheck --hitcount 3 --seconds 10 -j DROP
18 # -t filter -A SSH -m recent --name sshbf --rttl --rcheck --hitcount 20 --seconds 1800 -j DROP
19 # -t filter -A SSH -m recent --name sshbf --set -j ACCEPT
20 add rule ip6 filter INPUT meta l4proto udp ct state new counter jump UDP
21 add rule ip6 filter INPUT tcp flags & fin|syn|rst|ack == syn ct state new counter jump TCP
22 add rule ip6 filter INPUT meta l4proto udp counter reject with icmpv6 type admin-prohibited
23 add rule ip6 filter INPUT meta l4proto tcp counter reject with icmpv6 type admin-prohibited
24 add rule ip6 filter INPUT counter reject with icmpv6 type admin-prohibited
@@ -0,0 +1,15
1 # Configuration template file used by rpi23-gen-image.sh
2 # Debian Stretch using the Arm64 for kernel compilation and Debian distribution.
3
4 RPI_MODEL=3
5 RELEASE=stretch
6 BUILD_KERNEL=true
7 KERNEL_ARCH=arm64
8 RELEASE_ARCH=arm64
9 CROSS_COMPILE=aarch64-linux-gnu-
10 QEMU_BINARY=/usr/bin/qemu-aarch64-static
11 KERNEL_DEFCONFIG=bcmrpi3_defconfig
12 KERNEL_BIN_IMAGE=Image
13 KERNEL_IMAGE=kernel8.img
14 KERNEL_BRANCH=rpi-4.14.y
15 ENABLE_WIRELESS=true
@@ -11,29 +11,23 if [ -z "$APT_PROXY" ] ; then
11 11 sed -i "s/\"\"/\"${APT_PROXY}\"/" "${ETC_DIR}/apt/apt.conf.d/10proxy"
12 12 fi
13 13
14 #if [ "$BUILD_KERNEL" = false ] ; then
15 # echo "Downloading precompiled kernel"
16 # echo "error: not configured"
17 # exit 1;
18 # BUILD_KERNEL=true
19 #else
20 # echo "No precompiled kernel repositories were added"
21 #fi
22
23 14 # Upgrade package index and update all installed packages and changed dependencies
24 15 chroot_exec apt-get -qq -y update
25 16 chroot_exec apt-get -qq -y -u dist-upgrade
26 17
18 # Install additional packages
27 19 if [ "$APT_INCLUDES_LATE" ] ; then
28 20 chroot_exec apt-get -qq -y install "$(echo "$APT_INCLUDES_LATE" |tr , ' ')"
29 21 fi
30 22
23 # Install Debian custom packages
31 24 if [ -d packages ] ; then
32 25 for package in packages/*.deb ; do
33 26 cp "$package" "${R}"/tmp
34 27 chroot_exec dpkg --unpack /tmp/"$(basename "$package")"
35 28 done
36 29 fi
30
37 31 chroot_exec apt-get -qq -y -f install
38 32
39 33 chroot_exec apt-get -qq -y check
@@ -95,7 +95,7 fi
95 95 # Download the firmware binary blob required to use the RPi3 wireless interface
96 96 if [ "$ENABLE_WIRELESS" = true ] ; then
97 97 if [ ! -d "${WLAN_FIRMWARE_DIR}" ] ; then
98 mkdir -p "${WLAN_FIRMWARE_DIR}"
98 mkdir -p "${WLAN_FIRMWARE_DIR}"
99 99 fi
100 100
101 101 # Create temporary directory for firmware binary blob
@@ -103,20 +103,21 if [ "$ENABLE_WIRELESS" = true ] ; then
103 103
104 104 # Fetch firmware binary blob for RPI3B+
105 105 if [ "$RPI_MODEL" = 3P ] ; then
106 as_nobody wget -q -O "${temp_dir}/brcmfmac43455-sdio.bin" "${WLAN_FIRMWARE_URL}/brcmfmac43455-sdio.bin"
107 as_nobody wget -q -O "${temp_dir}/brcmfmac43455-sdio.txt" "${WLAN_FIRMWARE_URL}/brcmfmac43455-sdio.txt"
108 as_nobody wget -q -O "${temp_dir}/brcmfmac43455-sdio.clm_blob" "${WLAN_FIRMWARE_URL}/brcmfmac43455-sdio.clm_blob"
106 # Fetch firmware binary blob for RPi3P
107 as_nobody wget -q -O "${temp_dir}/brcmfmac43455-sdio.bin" "${WLAN_FIRMWARE_URL}/brcmfmac43455-sdio.bin"
108 as_nobody wget -q -O "${temp_dir}/brcmfmac43455-sdio.txt" "${WLAN_FIRMWARE_URL}/brcmfmac43455-sdio.txt"
109 as_nobody wget -q -O "${temp_dir}/brcmfmac43455-sdio.clm_blob" "${WLAN_FIRMWARE_URL}/brcmfmac43455-sdio.clm_blob"
109 110 elif [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 0 ] ; then
110 # Fetch firmware binary blob for RPI3
111 as_nobody wget -q -O "${temp_dir}/brcmfmac43430-sdio.bin" "${WLAN_FIRMWARE_URL}/brcmfmac43430-sdio.bin"
112 as_nobody wget -q -O "${temp_dir}/brcmfmac43430-sdio.txt" "${WLAN_FIRMWARE_URL}/brcmfmac43430-sdio.txt"
111 # Fetch firmware binary blob for RPi3
112 as_nobody wget -q -O "${temp_dir}/brcmfmac43430-sdio.bin" "${WLAN_FIRMWARE_URL}/brcmfmac43430-sdio.bin"
113 as_nobody wget -q -O "${temp_dir}/brcmfmac43430-sdio.txt" "${WLAN_FIRMWARE_URL}/brcmfmac43430-sdio.txt"
113 114 fi
114 115
115 116 # Move downloaded firmware binary blob
116 117 if [ "$RPI_MODEL" = 3P ] ; then
117 mv "${temp_dir}/brcmfmac43455-sdio."* "${WLAN_FIRMWARE_DIR}/"
118 mv "${temp_dir}/brcmfmac43455-sdio."* "${WLAN_FIRMWARE_DIR}/"
118 119 elif [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 0 ] ; then
119 mv "${temp_dir}/brcmfmac43430-sdio."* "${WLAN_FIRMWARE_DIR}/"
120 mv "${temp_dir}/brcmfmac43430-sdio."* "${WLAN_FIRMWARE_DIR}/"
120 121 fi
121 122
122 123 # Remove temporary directory for firmware binary blob
@@ -124,10 +125,10 if [ "$ENABLE_WIRELESS" = true ] ; then
124 125
125 126 # Set permissions of the firmware binary blob
126 127 if [ "$RPI_MODEL" = 3P ] ; then
127 chown root:root "${WLAN_FIRMWARE_DIR}/brcmfmac43455-sdio."*
128 chmod 600 "${WLAN_FIRMWARE_DIR}/brcmfmac43455-sdio."*
128 chown root:root "${WLAN_FIRMWARE_DIR}/brcmfmac43455-sdio."*
129 chmod 600 "${WLAN_FIRMWARE_DIR}/brcmfmac43455-sdio."*
129 130 elif [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 0 ] ; then
130 chown root:root "${WLAN_FIRMWARE_DIR}/brcmfmac43430-sdio."*
131 chmod 600 "${WLAN_FIRMWARE_DIR}/brcmfmac43430-sdio."*
131 chown root:root "${WLAN_FIRMWARE_DIR}/brcmfmac43430-sdio."*
132 chmod 600 "${WLAN_FIRMWARE_DIR}/brcmfmac43430-sdio."*
132 133 fi
133 134 fi
@@ -253,11 +253,12 if [ -n "$SET_ARCH" ] ; then
253 253 # 64 bit config
254 254 ##################################
255 255 if [ "$SET_ARCH" = 64 ] ; then
256 # 64 bit depended settings
256 # General 64 bit depended settings
257 257 QEMU_BINARY=${QEMU_BINARY:=/usr/bin/qemu-aarch64-static}
258 258 KERNEL_ARCH=${KERNEL_ARCH:=arm64}
259 259 KERNEL_BIN_IMAGE=${KERNEL_BIN_IMAGE:="Image"}
260 260
261 # Board specific settings
261 262 if [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then
262 263 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-arm64"
263 264 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcmrpi3_defconfig}
@@ -265,21 +266,19 if [ -n "$SET_ARCH" ] ; then
265 266 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel8.img}
266 267 CROSS_COMPILE=${CROSS_COMPILE:=aarch64-linux-gnu-}
267 268 else
268 echo "error: Only Raspberry PI 3 and 3B+ support 64bit"
269 echo "error: Only Raspberry PI 3 and 3B+ support 64 bit"
269 270 exit 1
270 271 fi
271 272 fi
272 273
273 ##################################
274 # 32 bit config
275 ##################################
274 # 32 bit configuration
276 275 if [ "$SET_ARCH" = 32 ] ; then
277 #General 32bit configuration
276 # General 32 bit dependend settings
278 277 QEMU_BINARY=${QEMU_BINARY:=/usr/bin/qemu-arm-static}
279 278 KERNEL_ARCH=${KERNEL_ARCH:=arm}
280 279 KERNEL_BIN_IMAGE=${KERNEL_BIN_IMAGE:="zImage"}
281 280
282 #Raspberry setting grouped by board compability
281 # Hardware specific settings
283 282 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 1 ] || [ "$RPI_MODEL" = 1P ] ; then
284 283 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-armel"
285 284 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcmrpi_defconfig}
@@ -287,6 +286,8 if [ -n "$SET_ARCH" ] ; then
287 286 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel.img}
288 287 CROSS_COMPILE=${CROSS_COMPILE:=arm-linux-gnueabi-}
289 288 fi
289
290 # Hardware specific settings
290 291 if [ "$RPI_MODEL" = 2 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then
291 292 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-armhf"
292 293 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcm2709_defconfig}
@@ -300,8 +301,7 else
300 301 echo "error: Please set '32' or '64' as value for SET_ARCH"
301 302 exit 1
302 303 fi
303
304 #Device specific configuration
304 # Device specific configuration and U-Boot configuration
305 305 case "$RPI_MODEL" in
306 306 0)
307 307 DTB_FILE=${DTB_FILE:=bcm2708-rpi-0-w.dtb}
@@ -352,6 +352,7 if [ -n "$DISABLE_UNDERVOLT_WARNINGS" ] ; then
352 352 fi
353 353 fi
354 354
355 # Add cmake to compile videocore sources
355 356 if [ "$ENABLE_VIDEOCORE" = true ] ; then
356 357 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} cmake"
357 358 fi
@@ -564,6 +565,11 if [ "$ENABLE_REDUCE" = true ] ; then
564 565 fi
565 566 fi
566 567
568 # Configure systemd-sysv exclude to make halt/reboot/shutdown scripts available
569 if [ "$ENABLE_SYSVINIT" = false ] ; then
570 APT_EXCLUDES="--exclude=${APT_EXCLUDES},init,systemd-sysv"
571 fi
572
567 573 # Configure kernel sources if no KERNELSRC_DIR
568 574 if [ "$BUILD_KERNEL" = true ] && [ -z "$KERNELSRC_DIR" ] ; then
569 575 KERNELSRC_CONFIG=true
General Comments 0
Vous devez vous connecter pour laisser un commentaire. Se connecter maintenant