| @@ -0,0 +1,53 | |||
|
|
1 | # | |
|
|
2 | # Setup videocore - Raspberry Userland | |
|
|
3 | # | |
|
|
4 | ||
|
|
5 | # Load utility functions | |
|
|
6 | . ./functions.sh | |
|
|
7 | ||
|
|
8 | if [ "$ENABLE_VIDEOCORE" = true ] ; then | |
|
|
9 | # Copy existing videocore sources into chroot directory | |
|
|
10 | if [ -n "$VIDEOCORESRC_DIR" ] && [ -d "$VIDEOCORESRC_DIR" ] ; then | |
|
|
11 | # Copy local U-Boot sources | |
|
|
12 | cp -r "${VIDEOCORESRC_DIR}" "${R}/tmp/userland" | |
|
|
13 | else | |
|
|
14 | # Create temporary directory for U-Boot sources | |
|
|
15 | temp_dir=$(as_nobody mktemp -d) | |
|
|
16 | ||
|
|
17 | # Fetch U-Boot sources | |
|
|
18 | as_nobody git -C "${temp_dir}" clone "${VIDEOCORE_URL}" | |
|
|
19 | ||
|
|
20 | # Copy downloaded U-Boot sources | |
|
|
21 | mv "${temp_dir}/userland" "${R}/tmp/" | |
|
|
22 | ||
|
|
23 | # Set permissions of the U-Boot sources | |
|
|
24 | chown -R root:root "${R}/tmp/userland" | |
|
|
25 | ||
|
|
26 | # Remove temporary directory for U-Boot sources | |
|
|
27 | rm -fr "${temp_dir}" | |
|
|
28 | fi | |
|
|
29 | ||
|
|
30 | # Create build dir | |
|
|
31 | mkdir "${R}"/tmp/userland/build | |
|
|
32 | ||
|
|
33 | # push us to build directory | |
|
|
34 | pushd "${R}"/tmp/userland/build | |
|
|
35 | ||
|
|
36 | if [ "$RELEASE_ARCH" = "arm64" ] ; then | |
|
|
37 | cmake -DCMAKE_SYSTEM_NAME=Linux -DCMAKE_BUILD_TYPE=release -DARM64=ON -DCMAKE_C_COMPILER=aarch64-linux-gnu-gcc -DCMAKE_CXX_COMPILER=aarch64-linux-gnu-g++ -DCMAKE_ASM_COMPILER=aarch64-linux-gnu-gcc -DCMAKE_C_FLAGS="${CMAKE_C_FLAGS} -U_FORTIFY_SOURCE" -DCMAKE_ASM_FLAGS="${CMAKE_ASM_FLAGS} -c" -DVIDEOCORE_BUILD_DIR="${R}" "${R}/tmp/userland" | |
|
|
38 | fi | |
|
|
39 | ||
|
|
40 | if [ "$RELEASE_ARCH" = "armel" ] ; then | |
|
|
41 | cmake -DCMAKE_SYSTEM_NAME=Linux -DCMAKE_BUILD_TYPE=release -DCMAKE_C_COMPILER=arm-linux-gnueabi-gcc -DCMAKE_CXX_COMPILER=arm-linux-gnueabi-g++ -DCMAKE_ASM_COMPILER=arm-linux-gnueabi-gcc -DCMAKE_C_FLAGS="${CMAKE_C_FLAGS} -U_FORTIFY_SOURCE" -DCMAKE_ASM_FLAGS="${CMAKE_ASM_FLAGS} -c" -DCMAKE_SYSTEM_PROCESSOR="arm" -DVIDEOCORE_BUILD_DIR="${R}" "${R}/tmp/userland" | |
|
|
42 | fi | |
|
|
43 | ||
|
|
44 | if [ "$RELEASE_ARCH" = "armhf" ] ; then | |
|
|
45 | cmake -DCMAKE_SYSTEM_NAME=Linux -DCMAKE_BUILD_TYPE=release -DCMAKE_TOOLCHAIN_FILE="${R}"/tmp/userland/makefiles/cmake/toolchains/arm-linux-gnueabihf.cmake -DVIDEOCORE_BUILD_DIR="${R}" "${R}/tmp/userland" | |
|
|
46 | fi | |
|
|
47 | ||
|
|
48 | #build userland | |
|
|
49 | make -j "$(nproc)" | |
|
|
50 | ||
|
|
51 | #pop us out of build dir | |
|
|
52 | popd | |
|
|
53 | fi | |
| @@ -0,0 +1,21 | |||
|
|
1 | add table ip filter | |
|
|
2 | add chain ip filter INPUT { type filter hook input priority 0; } | |
|
|
3 | add chain ip filter FORWARD { type filter hook forward priority 0; } | |
|
|
4 | add chain ip filter OUTPUT { type filter hook output priority 0; } | |
|
|
5 | add chain ip filter TCP | |
|
|
6 | add chain ip filter UDP | |
|
|
7 | add chain ip filter SSH | |
|
|
8 | add rule ip filter INPUT icmp type echo-request limit rate 30/minute burst 8 packets counter accept | |
|
|
9 | add rule ip filter INPUT icmp type echo-request counter drop | |
|
|
10 | add rule ip filter INPUT ct state related,established counter accept | |
|
|
11 | add rule ip filter INPUT iifname lo counter accept | |
|
|
12 | add rule ip filter INPUT ct state invalid counter drop | |
|
|
13 | add rule ip filter INPUT tcp dport 22 ct state new counter jump SSH | |
|
|
14 | # -t filter -A SSH -m recent --name sshbf --rttl --rcheck --hitcount 3 --seconds 10 -j DROP | |
|
|
15 | # -t filter -A SSH -m recent --name sshbf --rttl --rcheck --hitcount 20 --seconds 1800 -j DROP | |
|
|
16 | # -t filter -A SSH -m recent --name sshbf --set -j ACCEPT | |
|
|
17 | add rule ip filter INPUT ip protocol udp ct state new counter jump UDP | |
|
|
18 | add rule ip filter INPUT tcp flags & fin|syn|rst|ack == syn ct state new counter jump TCP | |
|
|
19 | add rule ip filter INPUT ip protocol udp counter reject | |
|
|
20 | add rule ip filter INPUT ip protocol tcp counter reject with tcp reset | |
|
|
21 | add rule ip filter INPUT counter reject with icmp type prot-unreachable | |
| @@ -0,0 +1,24 | |||
|
|
1 | add table ip6 filter | |
|
|
2 | add chain ip6 filter INPUT { type filter hook input priority 0; } | |
|
|
3 | add chain ip6 filter FORWARD { type filter hook forward priority 0; } | |
|
|
4 | add chain ip6 filter OUTPUT { type filter hook output priority 0; } | |
|
|
5 | add chain ip6 filter TCP | |
|
|
6 | add chain ip6 filter UDP | |
|
|
7 | add chain ip6 filter SSH | |
|
|
8 | add rule ip6 filter INPUT rt type 0 counter drop | |
|
|
9 | add rule ip6 filter OUTPUT rt type 0 counter drop | |
|
|
10 | add rule ip6 filter FORWARD rt type 0 counter drop | |
|
|
11 | add rule ip6 filter INPUT meta l4proto ipv6-icmp icmpv6 type echo-request limit rate 30/minute burst 8 packets counter accept | |
|
|
12 | add rule ip6 filter INPUT meta l4proto ipv6-icmp icmpv6 type echo-request counter drop | |
|
|
13 | add rule ip6 filter INPUT ct state related,established counter accept | |
|
|
14 | add rule ip6 filter INPUT iifname lo counter accept | |
|
|
15 | add rule ip6 filter INPUT ct state invalid counter drop | |
|
|
16 | add rule ip6 filter INPUT tcp dport 22 ct state new counter jump SSH | |
|
|
17 | # -t filter -A SSH -m recent --name sshbf --rttl --rcheck --hitcount 3 --seconds 10 -j DROP | |
|
|
18 | # -t filter -A SSH -m recent --name sshbf --rttl --rcheck --hitcount 20 --seconds 1800 -j DROP | |
|
|
19 | # -t filter -A SSH -m recent --name sshbf --set -j ACCEPT | |
|
|
20 | add rule ip6 filter INPUT meta l4proto udp ct state new counter jump UDP | |
|
|
21 | add rule ip6 filter INPUT tcp flags & fin|syn|rst|ack == syn ct state new counter jump TCP | |
|
|
22 | add rule ip6 filter INPUT meta l4proto udp counter reject with icmpv6 type admin-prohibited | |
|
|
23 | add rule ip6 filter INPUT meta l4proto tcp counter reject with icmpv6 type admin-prohibited | |
|
|
24 | add rule ip6 filter INPUT counter reject with icmpv6 type admin-prohibited | |
| @@ -0,0 +1,15 | |||
|
|
1 | # Configuration template file used by rpi23-gen-image.sh | |
|
|
2 | # Debian Stretch using the Arm64 for kernel compilation and Debian distribution. | |
|
|
3 | ||
|
|
4 | RPI_MODEL=3 | |
|
|
5 | RELEASE=stretch | |
|
|
6 | BUILD_KERNEL=true | |
|
|
7 | KERNEL_ARCH=arm64 | |
|
|
8 | RELEASE_ARCH=arm64 | |
|
|
9 | CROSS_COMPILE=aarch64-linux-gnu- | |
|
|
10 | QEMU_BINARY=/usr/bin/qemu-aarch64-static | |
|
|
11 | KERNEL_DEFCONFIG=bcmrpi3_defconfig | |
|
|
12 | KERNEL_BIN_IMAGE=Image | |
|
|
13 | KERNEL_IMAGE=kernel8.img | |
|
|
14 | KERNEL_BRANCH=rpi-4.14.y | |
|
|
15 | ENABLE_WIRELESS=true | |
| @@ -11,29 +11,23 if [ -z "$APT_PROXY" ] ; then | |||
|
|
11 | 11 | sed -i "s/\"\"/\"${APT_PROXY}\"/" "${ETC_DIR}/apt/apt.conf.d/10proxy" |
|
|
12 | 12 | fi |
|
|
13 | 13 | |
|
|
14 | #if [ "$BUILD_KERNEL" = false ] ; then | |
|
|
15 | # echo "Downloading precompiled kernel" | |
|
|
16 | # echo "error: not configured" | |
|
|
17 | # exit 1; | |
|
|
18 | # BUILD_KERNEL=true | |
|
|
19 | #else | |
|
|
20 | # echo "No precompiled kernel repositories were added" | |
|
|
21 | #fi | |
|
|
22 | ||
|
|
23 | 14 | # Upgrade package index and update all installed packages and changed dependencies |
|
|
24 | 15 | chroot_exec apt-get -qq -y update |
|
|
25 | 16 | chroot_exec apt-get -qq -y -u dist-upgrade |
|
|
26 | 17 | |
|
|
18 | # Install additional packages | |
|
|
27 | 19 | if [ "$APT_INCLUDES_LATE" ] ; then |
|
|
28 | 20 | chroot_exec apt-get -qq -y install "$(echo "$APT_INCLUDES_LATE" |tr , ' ')" |
|
|
29 | 21 | fi |
|
|
30 | 22 | |
|
|
23 | # Install Debian custom packages | |
|
|
31 | 24 | if [ -d packages ] ; then |
|
|
32 | 25 | for package in packages/*.deb ; do |
|
|
33 | 26 | cp "$package" "${R}"/tmp |
|
|
34 | 27 | chroot_exec dpkg --unpack /tmp/"$(basename "$package")" |
|
|
35 | 28 | done |
|
|
36 | 29 | fi |
|
|
30 | ||
|
|
37 | 31 | chroot_exec apt-get -qq -y -f install |
|
|
38 | 32 | |
|
|
39 | 33 | chroot_exec apt-get -qq -y check |
| @@ -103,11 +103,12 if [ "$ENABLE_WIRELESS" = true ] ; then | |||
|
|
103 | 103 | |
|
|
104 | 104 | # Fetch firmware binary blob for RPI3B+ |
|
|
105 | 105 | if [ "$RPI_MODEL" = 3P ] ; then |
|
|
106 | # Fetch firmware binary blob for RPi3P | |
|
|
106 | 107 | as_nobody wget -q -O "${temp_dir}/brcmfmac43455-sdio.bin" "${WLAN_FIRMWARE_URL}/brcmfmac43455-sdio.bin" |
|
|
107 | 108 | as_nobody wget -q -O "${temp_dir}/brcmfmac43455-sdio.txt" "${WLAN_FIRMWARE_URL}/brcmfmac43455-sdio.txt" |
|
|
108 | 109 | as_nobody wget -q -O "${temp_dir}/brcmfmac43455-sdio.clm_blob" "${WLAN_FIRMWARE_URL}/brcmfmac43455-sdio.clm_blob" |
|
|
109 | 110 | elif [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 0 ] ; then |
|
|
110 |
# Fetch firmware binary blob for RP |
|
|
|
111 | # Fetch firmware binary blob for RPi3 | |
|
|
111 | 112 | as_nobody wget -q -O "${temp_dir}/brcmfmac43430-sdio.bin" "${WLAN_FIRMWARE_URL}/brcmfmac43430-sdio.bin" |
|
|
112 | 113 | as_nobody wget -q -O "${temp_dir}/brcmfmac43430-sdio.txt" "${WLAN_FIRMWARE_URL}/brcmfmac43430-sdio.txt" |
|
|
113 | 114 | fi |
| @@ -253,11 +253,12 if [ -n "$SET_ARCH" ] ; then | |||
|
|
253 | 253 | # 64 bit config |
|
|
254 | 254 | ################################## |
|
|
255 | 255 | if [ "$SET_ARCH" = 64 ] ; then |
|
|
256 | # 64 bit depended settings | |
|
|
256 | # General 64 bit depended settings | |
|
|
257 | 257 | QEMU_BINARY=${QEMU_BINARY:=/usr/bin/qemu-aarch64-static} |
|
|
258 | 258 | KERNEL_ARCH=${KERNEL_ARCH:=arm64} |
|
|
259 | 259 | KERNEL_BIN_IMAGE=${KERNEL_BIN_IMAGE:="Image"} |
|
|
260 | 260 | |
|
|
261 | # Board specific settings | |
|
|
261 | 262 | if [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then |
|
|
262 | 263 | REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-arm64" |
|
|
263 | 264 | KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcmrpi3_defconfig} |
| @@ -270,16 +271,14 if [ -n "$SET_ARCH" ] ; then | |||
|
|
270 | 271 | fi |
|
|
271 | 272 | fi |
|
|
272 | 273 | |
|
|
273 | ################################## | |
|
|
274 | # 32 bit config | |
|
|
275 | ################################## | |
|
|
274 | # 32 bit configuration | |
|
|
276 | 275 | if [ "$SET_ARCH" = 32 ] ; then |
|
|
277 |
#General 32 |
|
|
|
276 | # General 32 bit dependend settings | |
|
|
278 | 277 | QEMU_BINARY=${QEMU_BINARY:=/usr/bin/qemu-arm-static} |
|
|
279 | 278 | KERNEL_ARCH=${KERNEL_ARCH:=arm} |
|
|
280 | 279 | KERNEL_BIN_IMAGE=${KERNEL_BIN_IMAGE:="zImage"} |
|
|
281 | 280 | |
|
|
282 | #Raspberry setting grouped by board compability | |
|
|
281 | # Hardware specific settings | |
|
|
283 | 282 | if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 1 ] || [ "$RPI_MODEL" = 1P ] ; then |
|
|
284 | 283 | REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-armel" |
|
|
285 | 284 | KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcmrpi_defconfig} |
| @@ -287,6 +286,8 if [ -n "$SET_ARCH" ] ; then | |||
|
|
287 | 286 | KERNEL_IMAGE=${KERNEL_IMAGE:=kernel.img} |
|
|
288 | 287 | CROSS_COMPILE=${CROSS_COMPILE:=arm-linux-gnueabi-} |
|
|
289 | 288 | fi |
|
|
289 | ||
|
|
290 | # Hardware specific settings | |
|
|
290 | 291 | if [ "$RPI_MODEL" = 2 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then |
|
|
291 | 292 | REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-armhf" |
|
|
292 | 293 | KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcm2709_defconfig} |
| @@ -300,8 +301,7 else | |||
|
|
300 | 301 | echo "error: Please set '32' or '64' as value for SET_ARCH" |
|
|
301 | 302 | exit 1 |
|
|
302 | 303 | fi |
|
|
303 | ||
|
|
304 | #Device specific configuration | |
|
|
304 | # Device specific configuration and U-Boot configuration | |
|
|
305 | 305 | case "$RPI_MODEL" in |
|
|
306 | 306 | 0) |
|
|
307 | 307 | DTB_FILE=${DTB_FILE:=bcm2708-rpi-0-w.dtb} |
| @@ -352,6 +352,7 if [ -n "$DISABLE_UNDERVOLT_WARNINGS" ] ; then | |||
|
|
352 | 352 | fi |
|
|
353 | 353 | fi |
|
|
354 | 354 | |
|
|
355 | # Add cmake to compile videocore sources | |
|
|
355 | 356 | if [ "$ENABLE_VIDEOCORE" = true ] ; then |
|
|
356 | 357 | REQUIRED_PACKAGES="${REQUIRED_PACKAGES} cmake" |
|
|
357 | 358 | fi |
| @@ -564,6 +565,11 if [ "$ENABLE_REDUCE" = true ] ; then | |||
|
|
564 | 565 | fi |
|
|
565 | 566 | fi |
|
|
566 | 567 | |
|
|
568 | # Configure systemd-sysv exclude to make halt/reboot/shutdown scripts available | |
|
|
569 | if [ "$ENABLE_SYSVINIT" = false ] ; then | |
|
|
570 | APT_EXCLUDES="--exclude=${APT_EXCLUDES},init,systemd-sysv" | |
|
|
571 | fi | |
|
|
572 | ||
|
|
567 | 573 | # Configure kernel sources if no KERNELSRC_DIR |
|
|
568 | 574 | if [ "$BUILD_KERNEL" = true ] && [ -z "$KERNELSRC_DIR" ] ; then |
|
|
569 | 575 | KERNELSRC_CONFIG=true |
General Comments 0
Vous devez vous connecter pour laisser un commentaire.
Se connecter maintenant
