##// END OF EJS Templates
update from master
Unknown -
r403:c99e540b9c7c
parent child
Show More
@@ -0,0 +1,53
1 #
2 # Setup videocore - Raspberry Userland
3 #
4
5 # Load utility functions
6 . ./functions.sh
7
8 if [ "$ENABLE_VIDEOCORE" = true ] ; then
9 # Copy existing videocore sources into chroot directory
10 if [ -n "$VIDEOCORESRC_DIR" ] && [ -d "$VIDEOCORESRC_DIR" ] ; then
11 # Copy local U-Boot sources
12 cp -r "${VIDEOCORESRC_DIR}" "${R}/tmp/userland"
13 else
14 # Create temporary directory for U-Boot sources
15 temp_dir=$(as_nobody mktemp -d)
16
17 # Fetch U-Boot sources
18 as_nobody git -C "${temp_dir}" clone "${VIDEOCORE_URL}"
19
20 # Copy downloaded U-Boot sources
21 mv "${temp_dir}/userland" "${R}/tmp/"
22
23 # Set permissions of the U-Boot sources
24 chown -R root:root "${R}/tmp/userland"
25
26 # Remove temporary directory for U-Boot sources
27 rm -fr "${temp_dir}"
28 fi
29
30 # Create build dir
31 mkdir "${R}"/tmp/userland/build
32
33 # push us to build directory
34 pushd "${R}"/tmp/userland/build
35
36 if [ "$RELEASE_ARCH" = "arm64" ] ; then
37 cmake -DCMAKE_SYSTEM_NAME=Linux -DCMAKE_BUILD_TYPE=release -DARM64=ON -DCMAKE_C_COMPILER=aarch64-linux-gnu-gcc -DCMAKE_CXX_COMPILER=aarch64-linux-gnu-g++ -DCMAKE_ASM_COMPILER=aarch64-linux-gnu-gcc -DCMAKE_C_FLAGS="${CMAKE_C_FLAGS} -U_FORTIFY_SOURCE" -DCMAKE_ASM_FLAGS="${CMAKE_ASM_FLAGS} -c" -DVIDEOCORE_BUILD_DIR="${R}" "${R}/tmp/userland"
38 fi
39
40 if [ "$RELEASE_ARCH" = "armel" ] ; then
41 cmake -DCMAKE_SYSTEM_NAME=Linux -DCMAKE_BUILD_TYPE=release -DCMAKE_C_COMPILER=arm-linux-gnueabi-gcc -DCMAKE_CXX_COMPILER=arm-linux-gnueabi-g++ -DCMAKE_ASM_COMPILER=arm-linux-gnueabi-gcc -DCMAKE_C_FLAGS="${CMAKE_C_FLAGS} -U_FORTIFY_SOURCE" -DCMAKE_ASM_FLAGS="${CMAKE_ASM_FLAGS} -c" -DCMAKE_SYSTEM_PROCESSOR="arm" -DVIDEOCORE_BUILD_DIR="${R}" "${R}/tmp/userland"
42 fi
43
44 if [ "$RELEASE_ARCH" = "armhf" ] ; then
45 cmake -DCMAKE_SYSTEM_NAME=Linux -DCMAKE_BUILD_TYPE=release -DCMAKE_TOOLCHAIN_FILE="${R}"/tmp/userland/makefiles/cmake/toolchains/arm-linux-gnueabihf.cmake -DVIDEOCORE_BUILD_DIR="${R}" "${R}/tmp/userland"
46 fi
47
48 #build userland
49 make -j "$(nproc)"
50
51 #pop us out of build dir
52 popd
53 fi
@@ -0,0 +1,21
1 add table ip filter
2 add chain ip filter INPUT { type filter hook input priority 0; }
3 add chain ip filter FORWARD { type filter hook forward priority 0; }
4 add chain ip filter OUTPUT { type filter hook output priority 0; }
5 add chain ip filter TCP
6 add chain ip filter UDP
7 add chain ip filter SSH
8 add rule ip filter INPUT icmp type echo-request limit rate 30/minute burst 8 packets counter accept
9 add rule ip filter INPUT icmp type echo-request counter drop
10 add rule ip filter INPUT ct state related,established counter accept
11 add rule ip filter INPUT iifname lo counter accept
12 add rule ip filter INPUT ct state invalid counter drop
13 add rule ip filter INPUT tcp dport 22 ct state new counter jump SSH
14 # -t filter -A SSH -m recent --name sshbf --rttl --rcheck --hitcount 3 --seconds 10 -j DROP
15 # -t filter -A SSH -m recent --name sshbf --rttl --rcheck --hitcount 20 --seconds 1800 -j DROP
16 # -t filter -A SSH -m recent --name sshbf --set -j ACCEPT
17 add rule ip filter INPUT ip protocol udp ct state new counter jump UDP
18 add rule ip filter INPUT tcp flags & fin|syn|rst|ack == syn ct state new counter jump TCP
19 add rule ip filter INPUT ip protocol udp counter reject
20 add rule ip filter INPUT ip protocol tcp counter reject with tcp reset
21 add rule ip filter INPUT counter reject with icmp type prot-unreachable
@@ -0,0 +1,24
1 add table ip6 filter
2 add chain ip6 filter INPUT { type filter hook input priority 0; }
3 add chain ip6 filter FORWARD { type filter hook forward priority 0; }
4 add chain ip6 filter OUTPUT { type filter hook output priority 0; }
5 add chain ip6 filter TCP
6 add chain ip6 filter UDP
7 add chain ip6 filter SSH
8 add rule ip6 filter INPUT rt type 0 counter drop
9 add rule ip6 filter OUTPUT rt type 0 counter drop
10 add rule ip6 filter FORWARD rt type 0 counter drop
11 add rule ip6 filter INPUT meta l4proto ipv6-icmp icmpv6 type echo-request limit rate 30/minute burst 8 packets counter accept
12 add rule ip6 filter INPUT meta l4proto ipv6-icmp icmpv6 type echo-request counter drop
13 add rule ip6 filter INPUT ct state related,established counter accept
14 add rule ip6 filter INPUT iifname lo counter accept
15 add rule ip6 filter INPUT ct state invalid counter drop
16 add rule ip6 filter INPUT tcp dport 22 ct state new counter jump SSH
17 # -t filter -A SSH -m recent --name sshbf --rttl --rcheck --hitcount 3 --seconds 10 -j DROP
18 # -t filter -A SSH -m recent --name sshbf --rttl --rcheck --hitcount 20 --seconds 1800 -j DROP
19 # -t filter -A SSH -m recent --name sshbf --set -j ACCEPT
20 add rule ip6 filter INPUT meta l4proto udp ct state new counter jump UDP
21 add rule ip6 filter INPUT tcp flags & fin|syn|rst|ack == syn ct state new counter jump TCP
22 add rule ip6 filter INPUT meta l4proto udp counter reject with icmpv6 type admin-prohibited
23 add rule ip6 filter INPUT meta l4proto tcp counter reject with icmpv6 type admin-prohibited
24 add rule ip6 filter INPUT counter reject with icmpv6 type admin-prohibited
@@ -0,0 +1,15
1 # Configuration template file used by rpi23-gen-image.sh
2 # Debian Stretch using the Arm64 for kernel compilation and Debian distribution.
3
4 RPI_MODEL=3
5 RELEASE=stretch
6 BUILD_KERNEL=true
7 KERNEL_ARCH=arm64
8 RELEASE_ARCH=arm64
9 CROSS_COMPILE=aarch64-linux-gnu-
10 QEMU_BINARY=/usr/bin/qemu-aarch64-static
11 KERNEL_DEFCONFIG=bcmrpi3_defconfig
12 KERNEL_BIN_IMAGE=Image
13 KERNEL_IMAGE=kernel8.img
14 KERNEL_BRANCH=rpi-4.14.y
15 ENABLE_WIRELESS=true
@@ -1,39 +1,33
1 1 #
2 2 # Setup APT repositories
3 3 #
4 4
5 5 # Load utility functions
6 6 . ./functions.sh
7 7
8 8 # Install and setup APT proxy configuration
9 9 if [ -z "$APT_PROXY" ] ; then
10 10 install_readonly files/apt/10proxy "${ETC_DIR}/apt/apt.conf.d/10proxy"
11 11 sed -i "s/\"\"/\"${APT_PROXY}\"/" "${ETC_DIR}/apt/apt.conf.d/10proxy"
12 12 fi
13 13
14 #if [ "$BUILD_KERNEL" = false ] ; then
15 # echo "Downloading precompiled kernel"
16 # echo "error: not configured"
17 # exit 1;
18 # BUILD_KERNEL=true
19 #else
20 # echo "No precompiled kernel repositories were added"
21 #fi
22
23 14 # Upgrade package index and update all installed packages and changed dependencies
24 15 chroot_exec apt-get -qq -y update
25 16 chroot_exec apt-get -qq -y -u dist-upgrade
26 17
18 # Install additional packages
27 19 if [ "$APT_INCLUDES_LATE" ] ; then
28 20 chroot_exec apt-get -qq -y install "$(echo "$APT_INCLUDES_LATE" |tr , ' ')"
29 21 fi
30 22
23 # Install Debian custom packages
31 24 if [ -d packages ] ; then
32 25 for package in packages/*.deb ; do
33 26 cp "$package" "${R}"/tmp
34 27 chroot_exec dpkg --unpack /tmp/"$(basename "$package")"
35 28 done
36 29 fi
30
37 31 chroot_exec apt-get -qq -y -f install
38 32
39 33 chroot_exec apt-get -qq -y check
@@ -1,133 +1,134
1 1 #
2 2 # Setup Networking
3 3 #
4 4
5 5 # Load utility functions
6 6 . ./functions.sh
7 7
8 8 # Install and setup hostname
9 9 install_readonly files/network/hostname "${ETC_DIR}/hostname"
10 10 sed -i "s/^RaspberryPI/${HOSTNAME}/" "${ETC_DIR}/hostname"
11 11
12 12 # Install and setup hosts
13 13 install_readonly files/network/hosts "${ETC_DIR}/hosts"
14 14 sed -i "s/RaspberryPI/${HOSTNAME}/" "${ETC_DIR}/hosts"
15 15
16 16 # Setup hostname entry with static IP
17 17 if [ "$NET_ADDRESS" != "" ] ; then
18 18 NET_IP=$(echo "${NET_ADDRESS}" | cut -f 1 -d'/')
19 19 sed -i "s/^127.0.1.1/${NET_IP}/" "${ETC_DIR}/hosts"
20 20 fi
21 21
22 22 # Remove IPv6 hosts
23 23 if [ "$ENABLE_IPV6" = false ] ; then
24 24 sed -i -e "/::[1-9]/d" -e "/^$/d" "${ETC_DIR}/hosts"
25 25 fi
26 26
27 27 # Install hint about network configuration
28 28 install_readonly files/network/interfaces "${ETC_DIR}/network/interfaces"
29 29
30 30 # Install configuration for interface eth0
31 31 install_readonly files/network/eth.network "${ETC_DIR}/systemd/network/eth.network"
32 32
33 33 # Install configuration for interface wl*
34 34 install_readonly files/network/wlan.network "${ETC_DIR}/systemd/network/wlan.network"
35 35
36 36 #always with dhcp since wpa_supplicant integration is missing
37 37 sed -i -e "s/DHCP=.*/DHCP=yes/" -e "/DHCP/q" "${ETC_DIR}/systemd/network/wlan.network"
38 38
39 39 if [ "$ENABLE_DHCP" = true ] ; then
40 40 # Enable DHCP configuration for interface eth0
41 41 sed -i -e "s/DHCP=.*/DHCP=yes/" -e "/DHCP/q" "${ETC_DIR}/systemd/network/eth.network"
42 42
43 43 # Set DHCP configuration to IPv4 only
44 44 if [ "$ENABLE_IPV6" = false ] ; then
45 45 sed -i "s/DHCP=.*/DHCP=v4/" "${ETC_DIR}/systemd/network/eth.network"
46 46 fi
47 47
48 48 else # ENABLE_DHCP=false
49 49 # Set static network configuration for interface eth0
50 50 sed -i\
51 51 -e "s|DHCP=.*|DHCP=no|"\
52 52 -e "s|Address=\$|Address=${NET_ADDRESS}|"\
53 53 -e "s|Gateway=\$|Gateway=${NET_GATEWAY}|"\
54 54 -e "0,/DNS=\$/ s|DNS=\$|DNS=${NET_DNS_1}|"\
55 55 -e "0,/DNS=\$/ s|DNS=\$|DNS=${NET_DNS_2}|"\
56 56 -e "s|Domains=\$|Domains=${NET_DNS_DOMAINS}|"\
57 57 -e "0,/NTP=\$/ s|NTP=\$|NTP=${NET_NTP_1}|"\
58 58 -e "0,/NTP=\$/ s|NTP=\$|NTP=${NET_NTP_2}|"\
59 59 "${ETC_DIR}/systemd/network/eth.network"
60 60 fi
61 61
62 62 # Remove empty settings from network configuration
63 63 sed -i "/.*=\$/d" "${ETC_DIR}/systemd/network/eth.network"
64 64 # Remove empty settings from wlan configuration
65 65 sed -i "/.*=\$/d" "${ETC_DIR}/systemd/network/wlan.network"
66 66
67 67 # Move systemd network configuration if required by Debian release
68 68 mv -v "${ETC_DIR}/systemd/network/eth.network" "${LIB_DIR}/systemd/network/10-eth.network"
69 69 # If WLAN is enabled copy wlan configuration too
70 70 if [ "$ENABLE_WIRELESS" = true ] ; then
71 71 mv -v "${ETC_DIR}/systemd/network/wlan.network" "${LIB_DIR}/systemd/network/11-wlan.network"
72 72 fi
73 73 rm -fr "${ETC_DIR}/systemd/network"
74 74
75 75 # Enable systemd-networkd service
76 76 chroot_exec systemctl enable systemd-networkd
77 77
78 78 # Install host.conf resolver configuration
79 79 install_readonly files/network/host.conf "${ETC_DIR}/host.conf"
80 80
81 81 # Enable network stack hardening
82 82 if [ "$ENABLE_HARDNET" = true ] ; then
83 83 # Install sysctl.d configuration files
84 84 install_readonly files/sysctl.d/82-rpi-net-hardening.conf "${ETC_DIR}/sysctl.d/82-rpi-net-hardening.conf"
85 85
86 86 # Setup resolver warnings about spoofed addresses
87 87 sed -i "s/^# spoof warn/spoof warn/" "${ETC_DIR}/host.conf"
88 88 fi
89 89
90 90 # Enable time sync
91 91 if [ "$NET_NTP_1" != "" ] ; then
92 92 chroot_exec systemctl enable systemd-timesyncd.service
93 93 fi
94 94
95 95 # Download the firmware binary blob required to use the RPi3 wireless interface
96 96 if [ "$ENABLE_WIRELESS" = true ] ; then
97 97 if [ ! -d "${WLAN_FIRMWARE_DIR}" ] ; then
98 mkdir -p "${WLAN_FIRMWARE_DIR}"
98 mkdir -p "${WLAN_FIRMWARE_DIR}"
99 99 fi
100 100
101 101 # Create temporary directory for firmware binary blob
102 102 temp_dir=$(as_nobody mktemp -d)
103 103
104 104 # Fetch firmware binary blob for RPI3B+
105 105 if [ "$RPI_MODEL" = 3P ] ; then
106 as_nobody wget -q -O "${temp_dir}/brcmfmac43455-sdio.bin" "${WLAN_FIRMWARE_URL}/brcmfmac43455-sdio.bin"
107 as_nobody wget -q -O "${temp_dir}/brcmfmac43455-sdio.txt" "${WLAN_FIRMWARE_URL}/brcmfmac43455-sdio.txt"
108 as_nobody wget -q -O "${temp_dir}/brcmfmac43455-sdio.clm_blob" "${WLAN_FIRMWARE_URL}/brcmfmac43455-sdio.clm_blob"
106 # Fetch firmware binary blob for RPi3P
107 as_nobody wget -q -O "${temp_dir}/brcmfmac43455-sdio.bin" "${WLAN_FIRMWARE_URL}/brcmfmac43455-sdio.bin"
108 as_nobody wget -q -O "${temp_dir}/brcmfmac43455-sdio.txt" "${WLAN_FIRMWARE_URL}/brcmfmac43455-sdio.txt"
109 as_nobody wget -q -O "${temp_dir}/brcmfmac43455-sdio.clm_blob" "${WLAN_FIRMWARE_URL}/brcmfmac43455-sdio.clm_blob"
109 110 elif [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 0 ] ; then
110 # Fetch firmware binary blob for RPI3
111 as_nobody wget -q -O "${temp_dir}/brcmfmac43430-sdio.bin" "${WLAN_FIRMWARE_URL}/brcmfmac43430-sdio.bin"
112 as_nobody wget -q -O "${temp_dir}/brcmfmac43430-sdio.txt" "${WLAN_FIRMWARE_URL}/brcmfmac43430-sdio.txt"
111 # Fetch firmware binary blob for RPi3
112 as_nobody wget -q -O "${temp_dir}/brcmfmac43430-sdio.bin" "${WLAN_FIRMWARE_URL}/brcmfmac43430-sdio.bin"
113 as_nobody wget -q -O "${temp_dir}/brcmfmac43430-sdio.txt" "${WLAN_FIRMWARE_URL}/brcmfmac43430-sdio.txt"
113 114 fi
114 115
115 116 # Move downloaded firmware binary blob
116 117 if [ "$RPI_MODEL" = 3P ] ; then
117 mv "${temp_dir}/brcmfmac43455-sdio."* "${WLAN_FIRMWARE_DIR}/"
118 mv "${temp_dir}/brcmfmac43455-sdio."* "${WLAN_FIRMWARE_DIR}/"
118 119 elif [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 0 ] ; then
119 mv "${temp_dir}/brcmfmac43430-sdio."* "${WLAN_FIRMWARE_DIR}/"
120 mv "${temp_dir}/brcmfmac43430-sdio."* "${WLAN_FIRMWARE_DIR}/"
120 121 fi
121 122
122 123 # Remove temporary directory for firmware binary blob
123 124 rm -fr "${temp_dir}"
124 125
125 126 # Set permissions of the firmware binary blob
126 127 if [ "$RPI_MODEL" = 3P ] ; then
127 chown root:root "${WLAN_FIRMWARE_DIR}/brcmfmac43455-sdio."*
128 chmod 600 "${WLAN_FIRMWARE_DIR}/brcmfmac43455-sdio."*
128 chown root:root "${WLAN_FIRMWARE_DIR}/brcmfmac43455-sdio."*
129 chmod 600 "${WLAN_FIRMWARE_DIR}/brcmfmac43455-sdio."*
129 130 elif [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 0 ] ; then
130 chown root:root "${WLAN_FIRMWARE_DIR}/brcmfmac43430-sdio."*
131 chmod 600 "${WLAN_FIRMWARE_DIR}/brcmfmac43430-sdio."*
131 chown root:root "${WLAN_FIRMWARE_DIR}/brcmfmac43430-sdio."*
132 chmod 600 "${WLAN_FIRMWARE_DIR}/brcmfmac43430-sdio."*
132 133 fi
133 134 fi
@@ -1,815 +1,821
1 1 #!/bin/sh
2 2 ########################################################################
3 3 # rpi23-gen-image.sh 2015-2017
4 4 #
5 5 # Advanced Debian "stretch" and "buster" bootstrap script for RPi2/3
6 6 #
7 7 # This program is free software; you can redistribute it and/or
8 8 # modify it under the terms of the GNU General Public License
9 9 # as published by the Free Software Foundation; either version 2
10 10 # of the License, or (at your option) any later version.
11 11 #
12 12 # Copyright (C) 2015 Jan Wagner <mail@jwagner.eu>
13 13 #
14 14 # Big thanks for patches and enhancements by 20+ github contributors!
15 15 ########################################################################
16 16
17 17 # Are we running as root?
18 18 if [ "$(id -u)" -ne "0" ] ; then
19 19 echo "error: this script must be executed with root privileges!"
20 20 exit 1
21 21 fi
22 22
23 23 # Check if ./functions.sh script exists
24 24 if [ ! -r "./functions.sh" ] ; then
25 25 echo "error: './functions.sh' required script not found!"
26 26 exit 1
27 27 fi
28 28
29 29 # Load utility functions
30 30 . ./functions.sh
31 31
32 32 # Load parameters from configuration template file
33 33 if [ -n "$CONFIG_TEMPLATE" ] ; then
34 34 use_template
35 35 fi
36 36
37 37 # Introduce settings
38 38 set -e
39 39 echo -n -e "\n#\n# RPi2/3 Bootstrap Settings\n#\n"
40 40 set -x
41 41
42 42 # Raspberry Pi model configuration
43 43 RPI_MODEL=${RPI_MODEL:=2}
44 44
45 45 # Debian release
46 46 RELEASE=${RELEASE:=buster}
47 47
48 48 #Kernel Branch
49 49 KERNEL_BRANCH=${KERNEL_BRANCH:=""}
50 50
51 51 # URLs
52 52 KERNEL_URL=${KERNEL_URL:=https://github.com/raspberrypi/linux}
53 53 FIRMWARE_URL=${FIRMWARE_URL:=https://github.com/raspberrypi/firmware/raw/master/boot}
54 54 WLAN_FIRMWARE_URL=${WLAN_FIRMWARE_URL:=https://github.com/RPi-Distro/firmware-nonfree/raw/master/brcm}
55 55 COLLABORA_URL=${COLLABORA_URL:=https://repositories.collabora.co.uk/debian}
56 56 FBTURBO_URL=${FBTURBO_URL:=https://github.com/ssvb/xf86-video-fbturbo.git}
57 57 UBOOT_URL=${UBOOT_URL:=https://git.denx.de/u-boot.git}
58 58 VIDEOCORE_URL=${VIDEOCORE_URL:=https://github.com/raspberrypi/userland}
59 59 #BIS= Kernel has KVM and zswap enabled
60 60 RPI3_64_BIS_KERNEL_URL=${RPI3_64_BIS_KERNEL_URL:=https://github.com/sakaki-/bcmrpi3-kernel-bis/releases/download/4.14.80.20181113/bcmrpi3-kernel-bis-4.14.80.20181113.tar.xz}
61 61 #default bcmrpi3_defconfig target kernel
62 62 RPI3_64_DEF_KERNEL_URL=${RPI3_64_DEF_KERNEL_URL:=https://github.com/sakaki-/bcmrpi3-kernel/releases/download/4.14.80.20181113/bcmrpi3-kernel-4.14.80.20181113.tar.xz}
63 63 #enhanced kernel
64 64 RPI3_64_KERNEL_URL=${RPI3_64_KERNEL_URL:=$RPI3_64_BIS_KERNEL_URL}
65 65 BLUETOOTH_URL=${BLUETOOTH_URL:=https://github.com/RPi-Distro/pi-bluetooth.git}
66 66
67 67 # Build directories
68 68 BASEDIR=${BASEDIR:=$(pwd)/images/${RELEASE}}
69 69 BUILDDIR="${BASEDIR}/build"
70 70
71 71 # Prepare date string for default image file name
72 72 DATE="$(date +%Y-%m-%d)"
73 73 if [ -z "$KERNEL_BRANCH" ] ; then
74 74 IMAGE_NAME=${IMAGE_NAME:=${BASEDIR}/${DATE}-${KERNEL_ARCH}-CURRENT-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}}
75 75 else
76 76 IMAGE_NAME=${IMAGE_NAME:=${BASEDIR}/${DATE}-${KERNEL_ARCH}-${KERNEL_BRANCH}-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}}
77 77 fi
78 78
79 79 # Chroot directories
80 80 R="${BUILDDIR}/chroot"
81 81 ETC_DIR="${R}/etc"
82 82 LIB_DIR="${R}/lib"
83 83 BOOT_DIR="${R}/boot/firmware"
84 84 KERNEL_DIR="${R}/usr/src/linux"
85 85 WLAN_FIRMWARE_DIR="${LIB_DIR}/firmware/brcm"
86 86
87 87 # Firmware directory: Blank if download from github
88 88 RPI_FIRMWARE_DIR=${RPI_FIRMWARE_DIR:=""}
89 89
90 90 # General settings
91 91 SET_ARCH=${SET_ARCH:=32}
92 92 HOSTNAME=${HOSTNAME:=rpi${RPI_MODEL}-${RELEASE}}
93 93 PASSWORD=${PASSWORD:=raspberry}
94 94 USER_PASSWORD=${USER_PASSWORD:=raspberry}
95 95 DEFLOCAL=${DEFLOCAL:="en_US.UTF-8"}
96 96 TIMEZONE=${TIMEZONE:="Europe/Berlin"}
97 97 EXPANDROOT=${EXPANDROOT:=true}
98 98
99 99 # Keyboard settings
100 100 XKB_MODEL=${XKB_MODEL:=""}
101 101 XKB_LAYOUT=${XKB_LAYOUT:=""}
102 102 XKB_VARIANT=${XKB_VARIANT:=""}
103 103 XKB_OPTIONS=${XKB_OPTIONS:=""}
104 104
105 105 # Network settings (DHCP)
106 106 ENABLE_DHCP=${ENABLE_DHCP:=true}
107 107
108 108 # Network settings (static)
109 109 NET_ADDRESS=${NET_ADDRESS:=""}
110 110 NET_GATEWAY=${NET_GATEWAY:=""}
111 111 NET_DNS_1=${NET_DNS_1:=""}
112 112 NET_DNS_2=${NET_DNS_2:=""}
113 113 NET_DNS_DOMAINS=${NET_DNS_DOMAINS:=""}
114 114 NET_NTP_1=${NET_NTP_1:=""}
115 115 NET_NTP_2=${NET_NTP_2:=""}
116 116
117 117 # APT settings
118 118 APT_PROXY=${APT_PROXY:=""}
119 119 APT_SERVER=${APT_SERVER:="ftp.debian.org"}
120 120
121 121 # Feature settings
122 122 ENABLE_CONSOLE=${ENABLE_CONSOLE:=true}
123 123 ENABLE_I2C=${ENABLE_I2C:=false}
124 124 ENABLE_SPI=${ENABLE_SPI:=false}
125 125 ENABLE_IPV6=${ENABLE_IPV6:=true}
126 126 ENABLE_SSHD=${ENABLE_SSHD:=true}
127 127 ENABLE_NONFREE=${ENABLE_NONFREE:=false}
128 128 ENABLE_WIRELESS=${ENABLE_WIRELESS:=false}
129 129 ENABLE_SOUND=${ENABLE_SOUND:=true}
130 130 ENABLE_DBUS=${ENABLE_DBUS:=true}
131 131 ENABLE_HWRANDOM=${ENABLE_HWRANDOM:=true}
132 132 ENABLE_MINGPU=${ENABLE_MINGPU:=false}
133 133 ENABLE_XORG=${ENABLE_XORG:=false}
134 134 ENABLE_WM=${ENABLE_WM:=""}
135 135 ENABLE_RSYSLOG=${ENABLE_RSYSLOG:=true}
136 136 ENABLE_USER=${ENABLE_USER:=true}
137 137 USER_NAME=${USER_NAME:="pi"}
138 138 ENABLE_ROOT=${ENABLE_ROOT:=false}
139 139 ENABLE_QEMU=${ENABLE_QEMU:=false}
140 140 ENABLE_SYSVINIT=${ENABLE_SYSVINIT:=false}
141 141
142 142 # SSH settings
143 143 SSH_ENABLE_ROOT=${SSH_ENABLE_ROOT:=false}
144 144 SSH_DISABLE_PASSWORD_AUTH=${SSH_DISABLE_PASSWORD_AUTH:=false}
145 145 SSH_LIMIT_USERS=${SSH_LIMIT_USERS:=false}
146 146 SSH_ROOT_PUB_KEY=${SSH_ROOT_PUB_KEY:=""}
147 147 SSH_USER_PUB_KEY=${SSH_USER_PUB_KEY:=""}
148 148
149 149 # Advanced settings
150 150 ENABLE_MINBASE=${ENABLE_MINBASE:=false}
151 151 ENABLE_REDUCE=${ENABLE_REDUCE:=false}
152 152 ENABLE_UBOOT=${ENABLE_UBOOT:=false}
153 153 UBOOTSRC_DIR=${UBOOTSRC_DIR:=""}
154 154 ENABLE_UBOOTUSB=${ENABLE_UBOOTUSB=false}
155 155 ENABLE_FBTURBO=${ENABLE_FBTURBO:=false}
156 156 ENABLE_VIDEOCORE=${ENABLE_VIDEOCORE:=true}
157 157 VIDEOCORESRC_DIR=${VIDEOCORESRC_DIR:=""}
158 158 FBTURBOSRC_DIR=${FBTURBOSRC_DIR:=""}
159 159 ENABLE_HARDNET=${ENABLE_HARDNET:=false}
160 160 ENABLE_IPTABLES=${ENABLE_IPTABLES:=false}
161 161 ENABLE_SPLITFS=${ENABLE_SPLITFS:=false}
162 162 ENABLE_INITRAMFS=${ENABLE_INITRAMFS:=false}
163 163 ENABLE_IFNAMES=${ENABLE_IFNAMES:=true}
164 164 DISABLE_UNDERVOLT_WARNINGS=${DISABLE_UNDERVOLT_WARNINGS:=}
165 165
166 166 # Kernel compilation settings
167 167 BUILD_KERNEL=${BUILD_KERNEL:=true}
168 168 KERNEL_REDUCE=${KERNEL_REDUCE:=false}
169 169 KERNEL_THREADS=${KERNEL_THREADS:=1}
170 170 KERNEL_HEADERS=${KERNEL_HEADERS:=true}
171 171 KERNEL_MENUCONFIG=${KERNEL_MENUCONFIG:=false}
172 172 KERNEL_REMOVESRC=${KERNEL_REMOVESRC:=true}
173 173 KERNEL_OLDDEFCONFIG=${KERNEL_OLDDEFCONFIG:=false}
174 174 KERNEL_CCACHE=${KERNEL_CCACHE:=false}
175 175 KERNEL_ZSWAP=${KERNEL_ZSWAP:=false}
176 176 KERNEL_VIRT=${KERNEL_VIRT:=false}
177 177 KERNEL_BPF=${KERNEL_BPF:=true}
178 178
179 179 # Kernel compilation from source directory settings
180 180 KERNELSRC_DIR=${KERNELSRC_DIR:=""}
181 181 KERNELSRC_CLEAN=${KERNELSRC_CLEAN:=false}
182 182 KERNELSRC_CONFIG=${KERNELSRC_CONFIG:=true}
183 183 KERNELSRC_PREBUILT=${KERNELSRC_PREBUILT:=false}
184 184
185 185 # Reduce disk usage settings
186 186 REDUCE_APT=${REDUCE_APT:=true}
187 187 REDUCE_DOC=${REDUCE_DOC:=true}
188 188 REDUCE_MAN=${REDUCE_MAN:=true}
189 189 REDUCE_VIM=${REDUCE_VIM:=false}
190 190 REDUCE_BASH=${REDUCE_BASH:=false}
191 191 REDUCE_HWDB=${REDUCE_HWDB:=true}
192 192 REDUCE_SSHD=${REDUCE_SSHD:=true}
193 193 REDUCE_LOCALE=${REDUCE_LOCALE:=true}
194 194
195 195 # Encrypted filesystem settings
196 196 ENABLE_CRYPTFS=${ENABLE_CRYPTFS:=false}
197 197 CRYPTFS_PASSWORD=${CRYPTFS_PASSWORD:=""}
198 198 CRYPTFS_MAPPING=${CRYPTFS_MAPPING:="secure"}
199 199 CRYPTFS_CIPHER=${CRYPTFS_CIPHER:="aes-xts-plain64:sha512"}
200 200 CRYPTFS_XTSKEYSIZE=${CRYPTFS_XTSKEYSIZE:=512}
201 201
202 202 # Chroot scripts directory
203 203 CHROOT_SCRIPTS=${CHROOT_SCRIPTS:=""}
204 204
205 205 # Packages required in the chroot build environment
206 206 APT_INCLUDES=${APT_INCLUDES:=""}
207 207 APT_INCLUDES="${APT_INCLUDES},apt-transport-https,apt-utils,ca-certificates,debian-archive-keyring,dialog,sudo,systemd,sysvinit-utils,locales,keyboard-configuration,console-setup"
208 208
209 209 #Packages to exclude from chroot build environment
210 210 APT_EXCLUDES=${APT_EXCLUDES:=""}
211 211
212 212 # Packages required for bootstrapping
213 213 REQUIRED_PACKAGES="debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git bc psmisc dbus sudo netselect-apt"
214 214 MISSING_PACKAGES=""
215 215
216 216 # Packages installed for c/c++ build environment in chroot (keep empty)
217 217 COMPILER_PACKAGES=""
218 218
219 219 #If init and systemd-sysv are wanted e.g. halt/reboot/shutdown scripts
220 220 if [ "$ENABLE_SYSVINIT" = false ] ; then
221 221 APT_EXCLUDES="--exclude=${APT_EXCLUDES},init,systemd-sysv"
222 222 fi
223 223
224 224 #Check if apt-cacher-ng has its default port open on and set APT_PROXY
225 225 if [ -n "$(lsof -i :3142)" ] ; then
226 226 HTTP_PROXY=http://127.0.0.1:3142/
227 227 fi
228 228
229 229 #netselect-apt does not know buster yet
230 230 if [ "$RELEASE" = "buster" ] ; then
231 231 RLS=testing
232 232 else
233 233 RLS="$RELEASE"
234 234 fi
235 235
236 236 if [ -f "$(pwd)/files/apt/sources.list" ] ; then
237 237 rm "$(pwd)/files/apt/sources.list"
238 238 fi
239 239
240 240 if [ "$ENABLE_NONFREE" = true ] ; then
241 241 netselect-apt --arch "$RELEASE_ARCH" --tests 10 --sources --nonfree --outfile "$(pwd)/files/apt/sources.list" -d "$RLS"
242 242 else
243 243 netselect-apt --arch "$RELEASE_ARCH" --tests 10 --sources --outfile "$(pwd)/files/apt/sources.list" -d "$RLS"
244 244 fi
245 245
246 246 #sed and cut the result string so we can use it as APT_SERVER
247 247 APT_SERVER=$(grep -m 1 http files/apt/sources.list | sed "s|http://| |g" | cut -d ' ' -f 3 | sed 's|/$|''|')
248 248
249 249 #make script easier and more stable to use with convenient setup switch. Just setup SET_ARCH and RPI_MODEL and your good to go!
250 250 if [ -n "$SET_ARCH" ] ; then
251 251 echo "Setting Architecture specific settings"
252 252 ##################################
253 253 # 64 bit config
254 254 ##################################
255 255 if [ "$SET_ARCH" = 64 ] ; then
256 # 64 bit depended settings
256 # General 64 bit depended settings
257 257 QEMU_BINARY=${QEMU_BINARY:=/usr/bin/qemu-aarch64-static}
258 258 KERNEL_ARCH=${KERNEL_ARCH:=arm64}
259 259 KERNEL_BIN_IMAGE=${KERNEL_BIN_IMAGE:="Image"}
260 260
261 # Board specific settings
261 262 if [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then
262 263 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-arm64"
263 264 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcmrpi3_defconfig}
264 265 RELEASE_ARCH=${RELEASE_ARCH:=arm64}
265 266 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel8.img}
266 267 CROSS_COMPILE=${CROSS_COMPILE:=aarch64-linux-gnu-}
267 268 else
268 echo "error: Only Raspberry PI 3 and 3B+ support 64bit"
269 echo "error: Only Raspberry PI 3 and 3B+ support 64 bit"
269 270 exit 1
270 271 fi
271 272 fi
272 273
273 ##################################
274 # 32 bit config
275 ##################################
274 # 32 bit configuration
276 275 if [ "$SET_ARCH" = 32 ] ; then
277 #General 32bit configuration
276 # General 32 bit dependend settings
278 277 QEMU_BINARY=${QEMU_BINARY:=/usr/bin/qemu-arm-static}
279 278 KERNEL_ARCH=${KERNEL_ARCH:=arm}
280 279 KERNEL_BIN_IMAGE=${KERNEL_BIN_IMAGE:="zImage"}
281 280
282 #Raspberry setting grouped by board compability
281 # Hardware specific settings
283 282 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 1 ] || [ "$RPI_MODEL" = 1P ] ; then
284 283 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-armel"
285 284 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcmrpi_defconfig}
286 285 RELEASE_ARCH=${RELEASE_ARCH:=armel}
287 286 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel.img}
288 287 CROSS_COMPILE=${CROSS_COMPILE:=arm-linux-gnueabi-}
289 288 fi
289
290 # Hardware specific settings
290 291 if [ "$RPI_MODEL" = 2 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then
291 292 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-armhf"
292 293 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcm2709_defconfig}
293 294 RELEASE_ARCH=${RELEASE_ARCH:=armhf}
294 295 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel7.img}
295 296 CROSS_COMPILE=${CROSS_COMPILE:=arm-linux-gnueabihf-}
296 297 fi
297 298 fi
298 299 #SET_ARCH not set
299 300 else
300 301 echo "error: Please set '32' or '64' as value for SET_ARCH"
301 302 exit 1
302 303 fi
303
304 #Device specific configuration
304 # Device specific configuration and U-Boot configuration
305 305 case "$RPI_MODEL" in
306 306 0)
307 307 DTB_FILE=${DTB_FILE:=bcm2708-rpi-0-w.dtb}
308 308 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_defconfig}
309 309 ;;
310 310 1)
311 311 DTB_FILE=${DTB_FILE:=bcm2708-rpi-b.dtb}
312 312 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_defconfig}
313 313 ;;
314 314 1P)
315 315 DTB_FILE=${DTB_FILE:=bcm2708-rpi-b-plus.dtb}
316 316 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_defconfig}
317 317 ;;
318 318 2)
319 319 DTB_FILE=${DTB_FILE:=bcm2709-rpi-2-b.dtb}
320 320 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_2_defconfig}
321 321 ;;
322 322 3)
323 323 DTB_FILE=${DTB_FILE:=bcm2710-rpi-3-b.dtb}
324 324 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_3_defconfig}
325 325 ;;
326 326 3P)
327 327 DTB_FILE=${DTB_FILE:=bcm2710-rpi-3-b.dtb}
328 328 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_3_defconfig}
329 329 ;;
330 330 *)
331 331 echo "error: Raspberry Pi model $RPI_MODEL is not supported!"
332 332 exit 1
333 333 ;;
334 334 esac
335 335
336 336 #DEBUG off
337 337 set +x
338 338
339 339 # Check if the internal wireless interface is supported by the RPi model
340 340 if [ "$ENABLE_WIRELESS" = true ] ; then
341 341 if [ "$RPI_MODEL" = 1 ] || [ "$RPI_MODEL" = 1P ] || [ "$RPI_MODEL" = 2 ] ; then
342 342 echo "error: The selected Raspberry Pi model has no internal wireless interface"
343 343 exit 1
344 344 fi
345 345 fi
346 346
347 347 # Check if DISABLE_UNDERVOLT_WARNINGS parameter value is supported
348 348 if [ -n "$DISABLE_UNDERVOLT_WARNINGS" ] ; then
349 349 if [ "$DISABLE_UNDERVOLT_WARNINGS" != 1 ] && [ "$DISABLE_UNDERVOLT_WARNINGS" != 2 ] ; then
350 350 echo "error: DISABLE_UNDERVOLT_WARNINGS=${DISABLE_UNDERVOLT_WARNINGS} is not supported"
351 351 exit 1
352 352 fi
353 353 fi
354 354
355 # Add cmake to compile videocore sources
355 356 if [ "$ENABLE_VIDEOCORE" = true ] ; then
356 357 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} cmake"
357 358 fi
358 359
359 360 # Add libncurses5 to enable kernel menuconfig
360 361 if [ "$KERNEL_MENUCONFIG" = true ] ; then
361 362 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} libncurses-dev"
362 363 fi
363 364
364 365 # Add ccache compiler cache for (faster) kernel cross (re)compilation
365 366 if [ "$KERNEL_CCACHE" = true ] ; then
366 367 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} ccache"
367 368 fi
368 369
369 370 # Add cryptsetup package to enable filesystem encryption
370 371 if [ "$ENABLE_CRYPTFS" = true ] && [ "$BUILD_KERNEL" = true ] ; then
371 372 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} cryptsetup"
372 373 APT_INCLUDES="${APT_INCLUDES},cryptsetup,busybox,console-setup"
373 374
374 375 if [ -z "$CRYPTFS_PASSWORD" ] ; then
375 376 echo "error: no password defined (CRYPTFS_PASSWORD)!"
376 377 exit 1
377 378 fi
378 379 ENABLE_INITRAMFS=true
379 380 fi
380 381
381 382 # Add initramfs generation tools
382 383 if [ "$ENABLE_INITRAMFS" = true ] && [ "$BUILD_KERNEL" = true ] ; then
383 384 APT_INCLUDES="${APT_INCLUDES},initramfs-tools"
384 385 fi
385 386
386 387 # Add device-tree-compiler required for building the U-Boot bootloader
387 388 if [ "$ENABLE_UBOOT" = true ] ; then
388 389 APT_INCLUDES="${APT_INCLUDES},device-tree-compiler,bison,flex,bc"
389 390 else
390 391 if [ "$ENABLE_UBOOTUSB" = true ] ; then
391 392 echo "error: Enabling UBOOTUSB requires u-boot to be enabled"
392 393 exit 1
393 394 fi
394 395 fi
395 396
396 397 # Check if root SSH (v2) public key file exists
397 398 if [ -n "$SSH_ROOT_PUB_KEY" ] ; then
398 399 if [ ! -f "$SSH_ROOT_PUB_KEY" ] ; then
399 400 echo "error: '$SSH_ROOT_PUB_KEY' specified SSH public key file not found (SSH_ROOT_PUB_KEY)!"
400 401 exit 1
401 402 fi
402 403 fi
403 404
404 405 # Check if $USER_NAME SSH (v2) public key file exists
405 406 if [ -n "$SSH_USER_PUB_KEY" ] ; then
406 407 if [ ! -f "$SSH_USER_PUB_KEY" ] ; then
407 408 echo "error: '$SSH_USER_PUB_KEY' specified SSH public key file not found (SSH_USER_PUB_KEY)!"
408 409 exit 1
409 410 fi
410 411 fi
411 412
412 413 # Check if all required packages are installed on the build system
413 414 for package in $REQUIRED_PACKAGES ; do
414 415 if [ "$(dpkg-query -W -f='${Status}' "$package")" != "install ok installed" ] ; then
415 416 MISSING_PACKAGES="${MISSING_PACKAGES} $package"
416 417 fi
417 418 done
418 419
419 420 # If there are missing packages ask confirmation for install, or exit
420 421 if [ -n "$MISSING_PACKAGES" ] ; then
421 422 echo "the following packages needed by this script are not installed:"
422 423 echo "$MISSING_PACKAGES"
423 424
424 425 printf "\ndo you want to install the missing packages right now? [y/n] "
425 426 read -r confirm
426 427 [ "$confirm" != "y" ] && exit 1
427 428
428 429 # Make sure all missing required packages are installed
429 430 apt-get -qq -y install "${MISSING_PACKAGES}"
430 431 fi
431 432
432 433 # Check if ./bootstrap.d directory exists
433 434 if [ ! -d "./bootstrap.d/" ] ; then
434 435 echo "error: './bootstrap.d' required directory not found!"
435 436 exit 1
436 437 fi
437 438
438 439 # Check if ./files directory exists
439 440 if [ ! -d "./files/" ] ; then
440 441 echo "error: './files' required directory not found!"
441 442 exit 1
442 443 fi
443 444
444 445 # Check if specified KERNELSRC_DIR directory exists
445 446 if [ -n "$KERNELSRC_DIR" ] && [ ! -d "$KERNELSRC_DIR" ] ; then
446 447 echo "error: '${KERNELSRC_DIR}' specified directory not found (KERNELSRC_DIR)!"
447 448 exit 1
448 449 fi
449 450
450 451 # Check if specified UBOOTSRC_DIR directory exists
451 452 if [ -n "$UBOOTSRC_DIR" ] && [ ! -d "$UBOOTSRC_DIR" ] ; then
452 453 echo "error: '${UBOOTSRC_DIR}' specified directory not found (UBOOTSRC_DIR)!"
453 454 exit 1
454 455 fi
455 456
456 457 # Check if specified VIDEOCORESRC_DIR directory exists
457 458 if [ -n "$VIDEOCORESRC_DIR" ] && [ ! -d "$VIDEOCORESRC_DIR" ] ; then
458 459 echo "error: '${VIDEOCORESRC_DIR}' specified directory not found (VIDEOCORESRC_DIR)!"
459 460 exit 1
460 461 fi
461 462
462 463 # Check if specified FBTURBOSRC_DIR directory exists
463 464 if [ -n "$FBTURBOSRC_DIR" ] && [ ! -d "$FBTURBOSRC_DIR" ] ; then
464 465 echo "error: '${FBTURBOSRC_DIR}' specified directory not found (FBTURBOSRC_DIR)!"
465 466 exit 1
466 467 fi
467 468
468 469 # Check if specified CHROOT_SCRIPTS directory exists
469 470 if [ -n "$CHROOT_SCRIPTS" ] && [ ! -d "$CHROOT_SCRIPTS" ] ; then
470 471 echo "error: ${CHROOT_SCRIPTS} specified directory not found (CHROOT_SCRIPTS)!"
471 472 exit 1
472 473 fi
473 474
474 475 # Check if specified device mapping already exists (will be used by cryptsetup)
475 476 if [ -r "/dev/mapping/${CRYPTFS_MAPPING}" ] ; then
476 477 echo "error: mapping /dev/mapping/${CRYPTFS_MAPPING} already exists, not proceeding"
477 478 exit 1
478 479 fi
479 480
480 481 # Don't clobber an old build
481 482 if [ -e "$BUILDDIR" ] ; then
482 483 echo "error: directory ${BUILDDIR} already exists, not proceeding"
483 484 exit 1
484 485 fi
485 486
486 487 # Setup chroot directory
487 488 mkdir -p "${R}"
488 489
489 490 # Check if build directory has enough of free disk space >512MB
490 491 if [ "$(df --output=avail "${BUILDDIR}" | sed "1d")" -le "524288" ] ; then
491 492 echo "error: ${BUILDDIR} not enough space left to generate the output image!"
492 493 exit 1
493 494 fi
494 495
495 496 set -x
496 497
497 498 # Call "cleanup" function on various signals and errors
498 499 trap cleanup 0 1 2 3 6
499 500
500 501 # Add required packages for the minbase installation
501 502 if [ "$ENABLE_MINBASE" = true ] ; then
502 503 APT_INCLUDES="${APT_INCLUDES},vim-tiny,netbase,net-tools,ifupdown"
503 504 fi
504 505
505 506 # Add parted package, required to get partprobe utility
506 507 if [ "$EXPANDROOT" = true ] ; then
507 508 APT_INCLUDES="${APT_INCLUDES},parted"
508 509 fi
509 510
510 511 # Add dbus package, recommended if using systemd
511 512 if [ "$ENABLE_DBUS" = true ] ; then
512 513 APT_INCLUDES="${APT_INCLUDES},dbus"
513 514 fi
514 515
515 516 # Add iptables IPv4/IPv6 package
516 517 if [ "$ENABLE_IPTABLES" = true ] ; then
517 518 APT_INCLUDES="${APT_INCLUDES},iptables,iptables-persistent"
518 519 fi
519 520
520 521 # Add openssh server package
521 522 if [ "$ENABLE_SSHD" = true ] ; then
522 523 APT_INCLUDES="${APT_INCLUDES},openssh-server"
523 524 fi
524 525
525 526 # Add alsa-utils package
526 527 if [ "$ENABLE_SOUND" = true ] ; then
527 528 APT_INCLUDES="${APT_INCLUDES},alsa-utils"
528 529 fi
529 530
530 531 # Add rng-tools package
531 532 if [ "$ENABLE_HWRANDOM" = true ] ; then
532 533 APT_INCLUDES="${APT_INCLUDES},rng-tools"
533 534 fi
534 535
535 536 # Add fbturbo video driver
536 537 if [ "$ENABLE_FBTURBO" = true ] ; then
537 538 # Enable xorg package dependencies
538 539 ENABLE_XORG=true
539 540 fi
540 541
541 542 # Add user defined window manager package
542 543 if [ -n "$ENABLE_WM" ] ; then
543 544 APT_INCLUDES="${APT_INCLUDES},${ENABLE_WM}"
544 545
545 546 # Enable xorg package dependencies
546 547 ENABLE_XORG=true
547 548 fi
548 549
549 550 # Add xorg package
550 551 if [ "$ENABLE_XORG" = true ] ; then
551 552 APT_INCLUDES="${APT_INCLUDES},xorg,dbus-x11"
552 553 fi
553 554
554 555 # Replace selected packages with smaller clones
555 556 if [ "$ENABLE_REDUCE" = true ] ; then
556 557 # Add levee package instead of vim-tiny
557 558 if [ "$REDUCE_VIM" = true ] ; then
558 559 APT_INCLUDES="$(echo ${APT_INCLUDES} | sed "s/vim-tiny/levee/")"
559 560 fi
560 561
561 562 # Add dropbear package instead of openssh-server
562 563 if [ "$REDUCE_SSHD" = true ] ; then
563 564 APT_INCLUDES="$(echo "${APT_INCLUDES}" | sed "s/openssh-server/dropbear/")"
564 565 fi
565 566 fi
566 567
568 # Configure systemd-sysv exclude to make halt/reboot/shutdown scripts available
569 if [ "$ENABLE_SYSVINIT" = false ] ; then
570 APT_EXCLUDES="--exclude=${APT_EXCLUDES},init,systemd-sysv"
571 fi
572
567 573 # Configure kernel sources if no KERNELSRC_DIR
568 574 if [ "$BUILD_KERNEL" = true ] && [ -z "$KERNELSRC_DIR" ] ; then
569 575 KERNELSRC_CONFIG=true
570 576 fi
571 577
572 578 # Configure reduced kernel
573 579 if [ "$KERNEL_REDUCE" = true ] ; then
574 580 KERNELSRC_CONFIG=false
575 581 fi
576 582
577 583 # Configure qemu compatible kernel
578 584 if [ "$ENABLE_QEMU" = true ] ; then
579 585 DTB_FILE=vexpress-v2p-ca15_a7.dtb
580 586 UBOOT_CONFIG=vexpress_ca15_tc2_defconfig
581 587 KERNEL_DEFCONFIG="vexpress_defconfig"
582 588 if [ "$KERNEL_MENUCONFIG" = false ] ; then
583 589 KERNEL_OLDDEFCONFIG=true
584 590 fi
585 591 fi
586 592
587 593 # Execute bootstrap scripts
588 594 for SCRIPT in bootstrap.d/*.sh; do
589 595 head -n 3 "$SCRIPT"
590 596 . "$SCRIPT"
591 597 done
592 598
593 599 ## Execute custom bootstrap scripts
594 600 if [ -d "custom.d" ] ; then
595 601 for SCRIPT in custom.d/*.sh; do
596 602 . "$SCRIPT"
597 603 done
598 604 fi
599 605
600 606 # Execute custom scripts inside the chroot
601 607 if [ -n "$CHROOT_SCRIPTS" ] && [ -d "$CHROOT_SCRIPTS" ] ; then
602 608 cp -r "${CHROOT_SCRIPTS}" "${R}/chroot_scripts"
603 609 chroot_exec /bin/bash -x <<'EOF'
604 610 for SCRIPT in /chroot_scripts/* ; do
605 611 if [ -f $SCRIPT -a -x $SCRIPT ] ; then
606 612 $SCRIPT
607 613 fi
608 614 done
609 615 EOF
610 616 rm -rf "${R}/chroot_scripts"
611 617 fi
612 618
613 619 # Remove c/c++ build environment from the chroot
614 620 chroot_remove_cc
615 621
616 622 # Generate required machine-id
617 623 MACHINE_ID=$(dbus-uuidgen)
618 624 echo -n "${MACHINE_ID}" > "${R}/var/lib/dbus/machine-id"
619 625 echo -n "${MACHINE_ID}" > "${ETC_DIR}/machine-id"
620 626
621 627 # APT Cleanup
622 628 chroot_exec apt-get -y clean
623 629 chroot_exec apt-get -y autoclean
624 630 chroot_exec apt-get -y autoremove
625 631
626 632 # Unmount mounted filesystems
627 633 umount -l "${R}/proc"
628 634 umount -l "${R}/sys"
629 635
630 636 # Clean up directories
631 637 rm -rf "${R}/run/*"
632 638 rm -rf "${R}/tmp/*"
633 639
634 640 # Clean up files
635 641 rm -f "${ETC_DIR}/ssh/ssh_host_*"
636 642 rm -f "${ETC_DIR}/dropbear/dropbear_*"
637 643 rm -f "${ETC_DIR}/apt/sources.list.save"
638 644 rm -f "${ETC_DIR}/resolvconf/resolv.conf.d/original"
639 645 rm -f "${ETC_DIR}/*-"
640 646 rm -f "${ETC_DIR}/apt/apt.conf.d/10proxy"
641 647 rm -f "${ETC_DIR}/resolv.conf"
642 648 rm -f "${R}/root/.bash_history"
643 649 rm -f "${R}/var/lib/urandom/random-seed"
644 650 rm -f "${R}/initrd.img"
645 651 rm -f "${R}/vmlinuz"
646 652 rm -f "${R}${QEMU_BINARY}"
647 653
648 654 if [ "$ENABLE_QEMU" = true ] ; then
649 655 # Setup QEMU directory
650 656 mkdir "${BASEDIR}/qemu"
651 657
652 658 # Copy kernel image to QEMU directory
653 659 install_readonly "${BOOT_DIR}/${KERNEL_IMAGE}" "${BASEDIR}/qemu/${KERNEL_IMAGE}"
654 660
655 661 # Copy kernel config to QEMU directory
656 662 install_readonly "${R}/boot/config-${KERNEL_VERSION}" "${BASEDIR}/qemu/config-${KERNEL_VERSION}"
657 663
658 664 # Copy kernel dtbs to QEMU directory
659 665 for dtb in "${BOOT_DIR}/"*.dtb ; do
660 666 if [ -f "${dtb}" ] ; then
661 667 install_readonly "${dtb}" "${BASEDIR}/qemu/"
662 668 fi
663 669 done
664 670
665 671 # Copy kernel overlays to QEMU directory
666 672 if [ -d "${BOOT_DIR}/overlays" ] ; then
667 673 # Setup overlays dtbs directory
668 674 mkdir "${BASEDIR}/qemu/overlays"
669 675
670 676 for dtb in "${BOOT_DIR}/overlays/"*.dtb ; do
671 677 if [ -f "${dtb}" ] ; then
672 678 install_readonly "${dtb}" "${BASEDIR}/qemu/overlays/"
673 679 fi
674 680 done
675 681 fi
676 682
677 683 # Copy u-boot files to QEMU directory
678 684 if [ "$ENABLE_UBOOT" = true ] ; then
679 685 if [ -f "${BOOT_DIR}/u-boot.bin" ] ; then
680 686 install_readonly "${BOOT_DIR}/u-boot.bin" "${BASEDIR}/qemu/u-boot.bin"
681 687 fi
682 688 if [ -f "${BOOT_DIR}/uboot.mkimage" ] ; then
683 689 install_readonly "${BOOT_DIR}/uboot.mkimage" "${BASEDIR}/qemu/uboot.mkimage"
684 690 fi
685 691 if [ -f "${BOOT_DIR}/boot.scr" ] ; then
686 692 install_readonly "${BOOT_DIR}/boot.scr" "${BASEDIR}/qemu/boot.scr"
687 693 fi
688 694 fi
689 695
690 696 # Copy initramfs to QEMU directory
691 697 if [ -f "${BOOT_DIR}/initramfs-${KERNEL_VERSION}" ] ; then
692 698 install_readonly "${BOOT_DIR}/initramfs-${KERNEL_VERSION}" "${BASEDIR}/qemu/initramfs-${KERNEL_VERSION}"
693 699 fi
694 700 fi
695 701
696 702 # Calculate size of the chroot directory in KB
697 703 CHROOT_SIZE=$(expr "$(du -s "${R}" | awk '{ print $1 }')")
698 704
699 705 # Calculate the amount of needed 512 Byte sectors
700 706 TABLE_SECTORS=$(expr 1 \* 1024 \* 1024 \/ 512)
701 707 FRMW_SECTORS=$(expr 64 \* 1024 \* 1024 \/ 512)
702 708 ROOT_OFFSET=$(expr "${TABLE_SECTORS}" + "${FRMW_SECTORS}")
703 709
704 710 # The root partition is EXT4
705 711 # This means more space than the actual used space of the chroot is used.
706 712 # As overhead for journaling and reserved blocks 35% are added.
707 713 ROOT_SECTORS=$(expr "$(expr "${CHROOT_SIZE}" + "${CHROOT_SIZE}" \/ 100 \* 35)" \* 1024 \/ 512)
708 714
709 715 # Calculate required image size in 512 Byte sectors
710 716 IMAGE_SECTORS=$(expr "${TABLE_SECTORS}" + "${FRMW_SECTORS}" + "${ROOT_SECTORS}")
711 717
712 718 # Prepare image file
713 719 if [ "$ENABLE_SPLITFS" = true ] ; then
714 720 dd if=/dev/zero of="$IMAGE_NAME-frmw.img" bs=512 count="${TABLE_SECTORS}"
715 721 dd if=/dev/zero of="$IMAGE_NAME-frmw.img" bs=512 count=0 seek="${FRMW_SECTORS}"
716 722 dd if=/dev/zero of="$IMAGE_NAME-root.img" bs=512 count="${TABLE_SECTORS}"
717 723 dd if=/dev/zero of="$IMAGE_NAME-root.img" bs=512 count=0 seek="${ROOT_SECTORS}"
718 724
719 725 # Write firmware/boot partition tables
720 726 sfdisk -q -L -uS -f "$IMAGE_NAME-frmw.img" 2> /dev/null <<EOM
721 727 ${TABLE_SECTORS},${FRMW_SECTORS},c,*
722 728 EOM
723 729
724 730 # Write root partition table
725 731 sfdisk -q -L -uS -f "$IMAGE_NAME-root.img" 2> /dev/null <<EOM
726 732 ${TABLE_SECTORS},${ROOT_SECTORS},83
727 733 EOM
728 734
729 735 # Setup temporary loop devices
730 736 FRMW_LOOP="$(losetup -o 1M --sizelimit 64M -f --show "$IMAGE_NAME"-frmw.img)"
731 737 ROOT_LOOP="$(losetup -o 1M -f --show "$IMAGE_NAME"-root.img)"
732 738 else # ENABLE_SPLITFS=false
733 739 dd if=/dev/zero of="$IMAGE_NAME.img" bs=512 count="${TABLE_SECTORS}"
734 740 dd if=/dev/zero of="$IMAGE_NAME.img" bs=512 count=0 seek="${IMAGE_SECTORS}"
735 741
736 742 # Write partition table
737 743 sfdisk -q -L -uS -f "$IMAGE_NAME.img" 2> /dev/null <<EOM
738 744 ${TABLE_SECTORS},${FRMW_SECTORS},c,*
739 745 ${ROOT_OFFSET},${ROOT_SECTORS},83
740 746 EOM
741 747
742 748 # Setup temporary loop devices
743 749 FRMW_LOOP="$(losetup -o 1M --sizelimit 64M -f --show "$IMAGE_NAME".img)"
744 750 ROOT_LOOP="$(losetup -o 65M -f --show "$IMAGE_NAME".img)"
745 751 fi
746 752
747 753 if [ "$ENABLE_CRYPTFS" = true ] ; then
748 754 # Create dummy ext4 fs
749 755 mkfs.ext4 "$ROOT_LOOP"
750 756
751 757 # Setup password keyfile
752 758 touch .password
753 759 chmod 600 .password
754 760 echo -n ${CRYPTFS_PASSWORD} > .password
755 761
756 762 # Initialize encrypted partition
757 763 echo "YES" | cryptsetup luksFormat "${ROOT_LOOP}" -c "${CRYPTFS_CIPHER}" -s "${CRYPTFS_XTSKEYSIZE}" .password
758 764
759 765 # Open encrypted partition and setup mapping
760 766 cryptsetup luksOpen "${ROOT_LOOP}" -d .password "${CRYPTFS_MAPPING}"
761 767
762 768 # Secure delete password keyfile
763 769 shred -zu .password
764 770
765 771 # Update temporary loop device
766 772 ROOT_LOOP="/dev/mapper/${CRYPTFS_MAPPING}"
767 773
768 774 # Wipe encrypted partition (encryption cipher is used for randomness)
769 775 dd if=/dev/zero of="${ROOT_LOOP}" bs=512 count="$(blockdev --getsz "${ROOT_LOOP}")"
770 776 fi
771 777
772 778 # Build filesystems
773 779 mkfs.vfat "$FRMW_LOOP"
774 780 mkfs.ext4 "$ROOT_LOOP"
775 781
776 782 # Mount the temporary loop devices
777 783 mkdir -p "$BUILDDIR/mount"
778 784 mount "$ROOT_LOOP" "$BUILDDIR/mount"
779 785
780 786 mkdir -p "$BUILDDIR/mount/boot/firmware"
781 787 mount "$FRMW_LOOP" "$BUILDDIR/mount/boot/firmware"
782 788
783 789 # Copy all files from the chroot to the loop device mount point directory
784 790 rsync -a "${R}/" "$BUILDDIR/mount/"
785 791
786 792 # Unmount all temporary loop devices and mount points
787 793 cleanup
788 794
789 795 # Create block map file(s) of image(s)
790 796 if [ "$ENABLE_SPLITFS" = true ] ; then
791 797 # Create block map files for "bmaptool"
792 798 bmaptool create -o "$IMAGE_NAME-frmw.bmap" "$IMAGE_NAME-frmw.img"
793 799 bmaptool create -o "$IMAGE_NAME-root.bmap" "$IMAGE_NAME-root.img"
794 800
795 801 # Image was successfully created
796 802 echo "$IMAGE_NAME-frmw.img ($(expr \( "${TABLE_SECTORS}" + "${FRMW_SECTORS}" \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
797 803 echo "$IMAGE_NAME-root.img ($(expr \( "${TABLE_SECTORS}" + "${ROOT_SECTORS}" \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
798 804 else
799 805 # Create block map file for "bmaptool"
800 806 bmaptool create -o "$IMAGE_NAME.bmap" "$IMAGE_NAME.img"
801 807
802 808 # Image was successfully created
803 809 echo "$IMAGE_NAME.img ($(expr \( "${TABLE_SECTORS}" + "${FRMW_SECTORS}" + "${ROOT_SECTORS}" \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
804 810
805 811 # Create qemu qcow2 image
806 812 if [ "$ENABLE_QEMU" = true ] ; then
807 813 QEMU_IMAGE=${QEMU_IMAGE:=${BASEDIR}/qemu/${DATE}-${KERNEL_ARCH}-CURRENT-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}}
808 814 QEMU_SIZE=16G
809 815
810 816 qemu-img convert -f raw -O qcow2 "$IMAGE_NAME".img "$QEMU_IMAGE".qcow2
811 817 qemu-img resize "$QEMU_IMAGE".qcow2 $QEMU_SIZE
812 818
813 819 echo "$QEMU_IMAGE.qcow2 ($QEMU_SIZE)" ": successfully created"
814 820 fi
815 821 fi
General Comments 0
Vous devez vous connecter pour laisser un commentaire. Se connecter maintenant