##// END OF EJS Templates
Raspi2-3_GenImage
RSS

Cloner depuis https://github.com/drtyhlpr/rpi23-gen-image.git

Add support for static network configuration.
Vincent Knecht -
r25:cb91ab1abbae
parent child
Show More
Show file before | Show file after | Hide comments
@@ -1,101 +1,128
1 1 # rpi2-gen-image
2 2 ## Introduction
3 3 `rpi2-gen-image.sh` is an advanced Debian Linux bootstrapping shell script for generating Debian OS images for the Raspberry 2 (RPi2) computer. The script at this time only supports the bootstrapping of the current stable Debian 8 "jessie" release.
4 4
5 5 ## Build dependencies
6 6 The following list of Debian packages must be installed on the build system because they are essentially required for the bootstrapping process. The script will check if all required packages are installed and missing packages will be installed automatically if confirmed by the user.
7 7
8 8 ```debootstrap debian-archive-keyring qemu-user-static dosfstools rsync bmap-tools whois git-core```
9 9
10 10 ## Command-line parameters
11 11 The script accepts certain command-line parameters to enable or disable specific OS features, services and configuration settings. These parameters are passed to the `rpi2-gen-image.sh` script via (simple) shell-variables. Unlike environment shell-variables (simple) shell-variables are defined at the beginning of the command-line call of the `rpi2-gen-image.sh` script.
12 12
13 13 #####Command-line examples:
14 14 ```shell
15 15 ENABLE_UBOOT=true ./rpi2-gen-image.sh
16 16 ENABLE_CONSOLE=false ENABLE_IPV6=false ./rpi2-gen-image.sh
17 17 ENABLE_WM=xfce4 ENABLE_FBTURBO=true ENABLE_MINBASE=true ./rpi2-gen-image.sh
18 18 ENABLE_HARDNET=true ENABLE_IPTABLES=true /rpi2-gen-image.sh
19 19 APT_SERVER=ftp.de.debian.org APT_PROXY="http://127.0.0.1:3142/" ./rpi2-gen-image.sh
20 20 ENABLE_MINBASE=true ./rpi2-gen-image.sh
21 21 ```
22 22
23 23 #### APT settings:
24 24 ##### `APT_SERVER`="ftp.debian.org"
25 25 Set Debian packages server address. Choose a server from the list of Debian worldwide [mirror sites](https://www.debian.org/mirror/list). Using a nearby server will probably speed-up all required downloads within the bootstrapping process.
26 26
27 27 ##### `APT_PROXY`=""
28 28 Set Proxy server address. Using a local Proxy-Cache like `apt-cacher-ng` will speed-up the bootstrapping process because all required Debian packages will only be downloaded from the Debian mirror site once.
29 29
30 30 #### General system settings:
31 31 ##### `HOSTNAME`="rpi2-jessie"
32 32 Set system host name. It's recommended that the host name is unique in the corresponding subnet.
33 33
34 34 ##### `PASSWORD`="raspberry"
35 35 Set system `root` password. The same password is used for the created user `pi`. It's **STRONGLY** recommended that you choose a custom password.
36 36
37 37 ##### `DEFLOCAL`="en_US.UTF-8"
38 38 Set default system locale and keyboard layout. This setting can also be changed inside the running OS using the `dpkg-reconfigure locales` command. The script variant `minbase` (ENABLE_MINBASE=true) doesn't install `locales`.
39 39
40 40 ##### `TIMEZONE`="Europe/Berlin"
41 41 Set default system timezone. All available timezones can be found in the `/usr/share/zoneinfo/` directory. This setting can also be changed inside the running OS using the `dpkg-reconfigure tzdata` command.
42 42
43 #### Networking settings
44 These settings are used to set up networking configuration in `/etc/systemd/network/eth.network`.
45
46 #####`ENABLE_DHCP`=true
47 Set the system to use DHCP. When set to "true", the following `NET_*` settings (used for static configuration) are ignored.
48
49 #####`NET_ADDRESS`=""
50 Set a static IPv4 or IPv6 address and its prefix, separated by "/", eg. "192.169.0.3/24".
51
52 #####`NET_GATEWAY`=""
53 Set the IP address for the default gateway.
54
55 #####`NET_DNS_1`=""
56 Set the IP address for the first DNS server.
57
58 #####`NET_DNS_2`=""
59 Set the IP address for the second DNS server.
60
61 #####`NET_DNS_DOMAINS`=""
62 Set the default DNS search domains to use for non fully qualified host names.
63
64 #####`NET_NTP_1`=""
65 Set the IP address for the first NTP server.
66
67 #####`NET_NTP_2`=""
68 Set the IP address for the second NTP server.
69
43 70 #### Basic system features:
44 71 ##### `ENABLE_CONSOLE`=true
45 72 Enable serial console interface. Recommended if no monitor or keyboard is connected to the RPi2. In case of problems fe. if the network (auto) configuration failed - the serial console can be used to access the system.
46 73
47 74 ##### `ENABLE_IPV6`=true
48 75 Enable IPv6 support. The network interface configuration is managed via systemd-networkd.
49 76
50 77 ##### `ENABLE_SSHD`=true
51 78 Install and enable OpenSSH service. The default configuration of the service doesn't allow `root` to login. Please use the user `pi` instead and `su -` or `sudo` to execute commands as root.
52 79
53 80 ##### `ENABLE_SOUND`=true
54 81 Enable sound hardware and install Advanced Linux Sound Architecture.
55 82
56 83 ##### `ENABLE_HWRANDOM`=true
57 84 Enable Hardware Random Number Generator. Strong random numbers are important for most network based communications that use encryption. It's recommended to be enabled.
58 85
59 86 ##### `ENABLE_MINGPU`=false
60 87 Minimize the amount of shared memory reserved for the GPU. It doesn't seem to be possible to fully disable the GPU.
61 88
62 89 ##### `ENABLE_DBUS`=true
63 90 Install and enable D-Bus message bus. Please note that systemd should work without D-bus but it's recommended to be enabled.
64 91
65 92 ##### `ENABLE_XORG`=false
66 93 Install Xorg open-source X Window System.
67 94
68 95 ##### `ENABLE_WM`=""
69 96 Install a user defined window manager for the X Window System. To make sure all X related package dependencies are getting installed `ENABLE_XORG` will automatically get enabled if `ENABLE_WM` is used. The `rpi2-gen-image.sh` script has been tested with the following list of window managers: `blackbox`, `openbox`, `fluxbox`, `jwm`, `dwm`, `xfce4`, `awesome`.
70 97
71 98 #### Advanced sytem features:
72 99 ##### `ENABLE_MINBASE`=false
73 100 Use debootstrap script variant `minbase` which only includes essential packages and apt. This will reduce the disk usage by about 65 MB.
74 101
75 102 ##### `ENABLE_UBOOT`=false
76 103 Replace default RPi2 second stage bootloader (bootcode.bin) with U-Boot bootloader. U-Boot can boot images via the network using the BOOTP/TFTP protocol.
77 104
78 105 ##### `ENABLE_FBTURBO`=false
79 106 Install and enable the hardware accelerated Xorg video driver `fbturbo`. Please note that this driver is currently limited to hardware accelerated window moving and scrolling.
80 107
81 108 ##### `ENABLE_IPTABLES`=false
82 109 Enable iptables IPv4/IPv6 firewall. Simplified ruleset: Allow all outgoing connections. Block all incoming connections except to OpenSSH service.
83 110
84 111 ##### `ENABLE_HARDNET`=false
85 112 Enable IPv4/IPv6 network stack hardening settings.
86 113
87 114 ## Logging of the bootstrapping process
88 115 All information related to the bootstrapping process and the commands executed by the `rpi2-gen-image.sh` script can easily be saved into a logfile. The common shell command `script` can be used for this purpose:
89 116
90 117 ```shell
91 118 script -c 'APT_SERVER=ftp.de.debian.org ./rpi2-gen-image.sh' ./build.log
92 119 ```
93 120
94 121 ## Flashing the image file
95 122 After the image file was successfully created by the `rpi2-gen-image.sh` script it can be copied to the microSD card that will be used by the RPi2 computer. This can be performed by using the tools `bmaptool` or `dd`. Using `bmaptool` will probably speed-up the copy process because `bmaptool` copies more wisely than `dd`.
96 123
97 124 #####Flashing examples:
98 125 ```shell
99 126 bmaptool copy ./images/jessie/2015-12-13-debian-jessie.img /dev/mmcblk0
100 127 dd bs=4M if=./images/jessie/2015-12-13-debian-jessie.img of=/dev/mmcblk0
101 128 ```
Show file before | Show file after | Hide comments
@@ -1,846 +1,879
1 1 #!/bin/sh
2 2
3 3 ########################################################################
4 4 # rpi2-gen-image.sh ver2a 12/2015
5 5 #
6 6 # Advanced debian "jessie" bootstrap script for RPi2
7 7 #
8 8 # This program is free software; you can redistribute it and/or
9 9 # modify it under the terms of the GNU General Public License
10 10 # as published by the Free Software Foundation; either version 2
11 11 # of the License, or (at your option) any later version.
12 12 #
13 13 # some parts based on rpi2-build-image:
14 14 # Copyright (C) 2015 Ryan Finnie <ryan@finnie.org>
15 15 # Copyright (C) 2015 Luca Falavigna <dktrkranz@debian.org>
16 16 ########################################################################
17 17
18 18 # Clean up all temporary mount points
19 19 cleanup (){
20 20 set +x
21 21 set +e
22 22 echo "removing temporary mount points ..."
23 23 umount -l $R/proc 2> /dev/null
24 24 umount -l $R/sys 2> /dev/null
25 25 umount -l $R/dev/pts 2> /dev/null
26 26 umount "$BUILDDIR/mount/boot/firmware" 2> /dev/null
27 27 umount "$BUILDDIR/mount" 2> /dev/null
28 28 losetup -d "$EXT4_LOOP" 2> /dev/null
29 29 losetup -d "$VFAT_LOOP" 2> /dev/null
30 30 trap - 0 1 2 3 6
31 31 }
32 32
33 33 set -e
34 34 set -x
35 35
36 36 # Debian release
37 37 RELEASE=${RELEASE:=jessie}
38 38
39 39 # Build settings
40 40 BASEDIR=./images/${RELEASE}
41 41 BUILDDIR=${BASEDIR}/build
42 42
43 43 # General settings
44 44 HOSTNAME=${HOSTNAME:=rpi2-${RELEASE}}
45 45 PASSWORD=${PASSWORD:=raspberry}
46 46 DEFLOCAL=${DEFLOCAL:="en_US.UTF-8"}
47 47 TIMEZONE=${TIMEZONE:="Europe/Berlin"}
48 48
49 # Network settings
50 ENABLE_DHCP=${ENABLE_DHCP:=true}
51 # NET_* settings are ignored when ENABLE_DHCP=true
52 # NET_ADDRESS is an IPv4 or IPv6 address and its prefix, separated by "/"
53 NET_ADDRESS=${NET_ADDRESS:=""}
54 NET_GATEWAY=${NET_GATEWAY:=""}
55 NET_DNS_1=${NET_DNS_1:=""}
56 NET_DNS_2=${NET_DNS_2:=""}
57 NET_DNS_DOMAINS=${NET_DNS_DOMAINS:=""}
58 NET_NTP_1=${NET_NTP_1:=""}
59 NET_NTP_2=${NET_NTP_2:=""}
60
49 61 # APT settings
50 62 APT_PROXY=${APT_PROXY:=""}
51 63 APT_SERVER=${APT_SERVER:="ftp.debian.org"}
52 64
53 65 # Feature settings
54 66 ENABLE_CONSOLE=${ENABLE_CONSOLE:=true}
55 67 ENABLE_IPV6=${ENABLE_IPV6:=true}
56 68 ENABLE_SSHD=${ENABLE_SSHD:=true}
57 69 ENABLE_SOUND=${ENABLE_SOUND:=true}
58 70 ENABLE_DBUS=${ENABLE_DBUS:=true}
59 71 ENABLE_HWRANDOM=${ENABLE_HWRANDOM:=true}
60 72 ENABLE_MINGPU=${ENABLE_MINGPU:=false}
61 73 ENABLE_XORG=${ENABLE_XORG:=false}
62 74 ENABLE_WM=${ENABLE_WM:=""}
63 75
64 76 # Advanced settings
65 77 ENABLE_MINBASE=${ENABLE_MINBASE:=false}
66 78 ENABLE_UBOOT=${ENABLE_UBOOT:=false}
67 79 ENABLE_FBTURBO=${ENABLE_FBTURBO:=false}
68 80 ENABLE_HARDNET=${ENABLE_HARDNET:=false}
69 81 ENABLE_IPTABLES=${ENABLE_IPTABLES:=false}
70 82
71 83 # Image chroot path
72 84 R=${BUILDDIR}/chroot
73 85
74 86 # Packages required for bootstrapping
75 87 REQUIRED_PACKAGES="debootstrap debian-archive-keyring qemu-user-static dosfstools rsync bmap-tools whois git-core"
76 88
77 89 # Missing packages that need to be installed
78 90 MISSING_PACKAGES=""
79 91
80 92 # Packages required in the chroot build environment
81 93 APT_INCLUDES="apt-transport-https,ca-certificates,debian-archive-keyring,dialog,sudo"
82 94
83 95 set +x
84 96
85 97 # Are we running as root?
86 98 if [ "$(id -u)" -ne "0" ] ; then
87 99 echo "this script must be executed with root privileges"
88 100 exit 1
89 101 fi
90 102
91 103 # Check if all required packages are installed
92 104 for package in $REQUIRED_PACKAGES ; do
93 105 if [ "`dpkg-query -W -f='${Status}' $package`" != "install ok installed" ] ; then
94 106 MISSING_PACKAGES="$MISSING_PACKAGES $package"
95 107 fi
96 108 done
97 109
98 110 # Ask if missing packages should get installed right now
99 111 if [ -n "$MISSING_PACKAGES" ] ; then
100 112 echo "the following packages needed by this script are not installed:"
101 113 echo "$MISSING_PACKAGES"
102 114
103 115 echo -n "\ndo you want to install the missing packages right now? [y/n] "
104 116 read confirm
105 117 if [ "$confirm" != "y" ] ; then
106 118 exit 1
107 119 fi
108 120 fi
109 121
110 122 # Make sure all required packages are installed
111 123 apt-get -qq -y install ${REQUIRED_PACKAGES}
112 124
113 125 # Don't clobber an old build
114 126 if [ -e "$BUILDDIR" ]; then
115 127 echo "directory $BUILDDIR already exists, not proceeding"
116 128 exit 1
117 129 fi
118 130
119 131 set -x
120 132
121 133 # Call "cleanup" function on various signals and errors
122 134 trap cleanup 0 1 2 3 6
123 135
124 136 # Set up chroot directory
125 137 mkdir -p $R
126 138
127 139 # Add required packages for the minbase installation
128 140 if [ "$ENABLE_MINBASE" = true ] ; then
129 141 APT_INCLUDES="${APT_INCLUDES},vim-tiny,netbase,net-tools"
130 142 else
131 143 APT_INCLUDES="${APT_INCLUDES},locales"
132 144 fi
133 145
134 146 # Add dbus package, recommended if using systemd
135 147 if [ "$ENABLE_DBUS" = true ] ; then
136 148 APT_INCLUDES="${APT_INCLUDES},dbus"
137 149 fi
138 150
139 151 # Add iptables IPv4/IPv6 package
140 152 if [ "$ENABLE_IPTABLES" = true ] ; then
141 153 APT_INCLUDES="${APT_INCLUDES},iptables"
142 154 fi
143 155
144 156 # Add openssh server package
145 157 if [ "$ENABLE_SSHD" = true ] ; then
146 158 APT_INCLUDES="${APT_INCLUDES},openssh-server"
147 159 fi
148 160
149 161 # Add alsa-utils package
150 162 if [ "$ENABLE_SOUND" = true ] ; then
151 163 APT_INCLUDES="${APT_INCLUDES},alsa-utils"
152 164 fi
153 165
154 166 # Add rng-tools package
155 167 if [ "$ENABLE_HWRANDOM" = true ] ; then
156 168 APT_INCLUDES="${APT_INCLUDES},rng-tools"
157 169 fi
158 170
159 171 # Add fbturbo video driver
160 172 if [ "$ENABLE_FBTURBO" = true ] ; then
161 173 # Enable xorg package dependencies
162 174 ENABLE_XORG=true
163 175 fi
164 176
165 177 # Add user defined window manager package
166 178 if [ -n "$ENABLE_WM" ] ; then
167 179 APT_INCLUDES="${APT_INCLUDES},${ENABLE_WM}"
168 180
169 181 # Enable xorg package dependencies
170 182 ENABLE_XORG=true
171 183 fi
172 184
173 185 # Add xorg package
174 186 if [ "$ENABLE_XORG" = true ] ; then
175 187 APT_INCLUDES="${APT_INCLUDES},xorg"
176 188 fi
177 189
178 190 # Set empty proxy string
179 191 if [ -z "$APT_PROXY" ] ; then
180 192 APT_PROXY="http://"
181 193 fi
182 194
183 195 # Base debootstrap (unpack only)
184 196 if [ "$ENABLE_MINBASE" = true ] ; then
185 197 debootstrap --arch=armhf --variant=minbase --foreign --include=${APT_INCLUDES} $RELEASE $R ${APT_PROXY}${APT_SERVER}/debian
186 198 else
187 199 debootstrap --arch=armhf --foreign --include=${APT_INCLUDES} $RELEASE $R ${APT_PROXY}${APT_SERVER}/debian
188 200 fi
189 201
190 202 # Copy qemu emulator binary to chroot
191 203 cp /usr/bin/qemu-arm-static $R/usr/bin
192 204
193 205 # Copy debian-archive-keyring.pgp
194 206 chroot $R mkdir -p /usr/share/keyrings
195 207 cp /usr/share/keyrings/debian-archive-keyring.gpg $R/usr/share/keyrings/debian-archive-keyring.gpg
196 208
197 209 # Complete the bootstrapping process
198 210 chroot $R /debootstrap/debootstrap --second-stage
199 211
200 212 # Mount required filesystems
201 213 mount -t proc none $R/proc
202 214 mount -t sysfs none $R/sys
203 215 mount --bind /dev/pts $R/dev/pts
204 216
205 217 # Use proxy inside chroot
206 218 if [ -z "$APT_PROXY" ] ; then
207 219 echo "Acquire::http::Proxy \"$APT_PROXY\"" >> $R/etc/apt/apt.conf.d/10proxy
208 220 fi
209 221
210 222 # Pin package flash-kernel to repositories.collabora.co.uk
211 223 cat <<EOM >$R/etc/apt/preferences.d/flash-kernel
212 224 Package: flash-kernel
213 225 Pin: origin repositories.collabora.co.uk
214 226 Pin-Priority: 1000
215 227 EOM
216 228
217 229 # Set up timezone
218 230 echo ${TIMEZONE} >$R/etc/timezone
219 231 LANG=C chroot $R dpkg-reconfigure -f noninteractive tzdata
220 232
221 233 # Set up default locales to "en_US.UTF-8" default
222 234 if [ "$ENABLE_MINBASE" = false ] ; then
223 235 LANG=C chroot $R sed -i "/${DEFLOCAL}/s/^#//" /etc/locale.gen
224 236 LANG=C chroot $R locale-gen ${DEFLOCAL}
225 237 fi
226 238
227 239 # Upgrade collabora package index and install collabora keyring
228 240 echo "deb https://repositories.collabora.co.uk/debian ${RELEASE} rpi2" >$R/etc/apt/sources.list
229 241 LANG=C chroot $R apt-get -qq -y update
230 242 LANG=C chroot $R apt-get -qq -y --force-yes install collabora-obs-archive-keyring
231 243
232 244 # Set up initial sources.list
233 245 cat <<EOM >$R/etc/apt/sources.list
234 246 deb http://${APT_SERVER}/debian ${RELEASE} main contrib
235 247 #deb-src http://${APT_SERVER}/debian ${RELEASE} main contrib
236 248
237 249 deb http://${APT_SERVER}/debian/ ${RELEASE}-updates main contrib
238 250 #deb-src http://${APT_SERVER}/debian/ ${RELEASE}-updates main contrib
239 251
240 252 deb http://security.debian.org/ ${RELEASE}/updates main contrib
241 253 #deb-src http://security.debian.org/ ${RELEASE}/updates main contrib
242 254
243 255 deb https://repositories.collabora.co.uk/debian ${RELEASE} rpi2
244 256 EOM
245 257
246 258 # Upgrade package index and update all installed packages and changed dependencies
247 259 LANG=C chroot $R apt-get -qq -y update
248 260 LANG=C chroot $R apt-get -qq -y -u dist-upgrade
249 261
250 262 # Kernel installation
251 263 # Install flash-kernel last so it doesn't try (and fail) to detect the platform in the chroot
252 264 LANG=C chroot $R apt-get -qq -y --no-install-recommends install linux-image-3.18.0-trunk-rpi2
253 265 LANG=C chroot $R apt-get -qq -y install flash-kernel
254 266
255 267 VMLINUZ="$(ls -1 $R/boot/vmlinuz-* | sort | tail -n 1)"
256 268 [ -z "$VMLINUZ" ] && exit 1
257 269 mkdir -p $R/boot/firmware
258 270
259 271 # required boot binaries from raspberry/firmware github (commit: "kernel: Bump to 3.18.10")
260 272 wget -q -O $R/boot/firmware/bootcode.bin https://github.com/raspberrypi/firmware/raw/cd355a9dd4f1f4de2e79b0c8e102840885cdf1de/boot/bootcode.bin
261 273 wget -q -O $R/boot/firmware/fixup_cd.dat https://github.com/raspberrypi/firmware/raw/cd355a9dd4f1f4de2e79b0c8e102840885cdf1de/boot/fixup_cd.dat
262 274 wget -q -O $R/boot/firmware/fixup.dat https://github.com/raspberrypi/firmware/raw/cd355a9dd4f1f4de2e79b0c8e102840885cdf1de/boot/fixup.dat
263 275 wget -q -O $R/boot/firmware/fixup_x.dat https://github.com/raspberrypi/firmware/raw/cd355a9dd4f1f4de2e79b0c8e102840885cdf1de/boot/fixup_x.dat
264 276 wget -q -O $R/boot/firmware/start_cd.elf https://github.com/raspberrypi/firmware/raw/cd355a9dd4f1f4de2e79b0c8e102840885cdf1de/boot/start_cd.elf
265 277 wget -q -O $R/boot/firmware/start.elf https://github.com/raspberrypi/firmware/raw/cd355a9dd4f1f4de2e79b0c8e102840885cdf1de/boot/start.elf
266 278 wget -q -O $R/boot/firmware/start_x.elf https://github.com/raspberrypi/firmware/raw/cd355a9dd4f1f4de2e79b0c8e102840885cdf1de/boot/start_x.elf
267 279 cp $VMLINUZ $R/boot/firmware/kernel7.img
268 280
269 281 # Set up IPv4 hosts
270 282 echo ${HOSTNAME} >$R/etc/hostname
271 283 cat <<EOM >$R/etc/hosts
272 284 127.0.0.1 localhost
273 285 127.0.1.1 ${HOSTNAME}
274 286 EOM
287 if [ "$NET_ADDRESS" != "" ] ; then
288 NET_IP=$(echo ${NET_ADDRESS} | cut -f 1 -d'/')
289 sed -i "s/^127.0.1.1/${NET_IP}/" $R/etc/hosts
290 fi
275 291
276 292 # Set up IPv6 hosts
277 293 if [ "$ENABLE_IPV6" = true ] ; then
278 294 cat <<EOM >>$R/etc/hosts
279 295
280 296 ::1 localhost ip6-localhost ip6-loopback
281 297 ff02::1 ip6-allnodes
282 298 ff02::2 ip6-allrouters
283 299 EOM
284 300 fi
285 301
286 302 # Place hint about network configuration
287 303 cat <<EOM >$R/etc/network/interfaces
288 304 # Debian switched to systemd-networkd configuration files.
289 305 # please configure your networks in '/etc/systemd/network/'
290 306 EOM
291 307
308 if [ "$ENABLE_DHCP" = true ] ; then
292 309 # Enable systemd-networkd DHCP configuration for interface eth0
293 310 cat <<EOM >$R/etc/systemd/network/eth.network
294 311 [Match]
295 312 Name=eth0
296 313
297 314 [Network]
298 315 DHCP=yes
299 316 EOM
300 317
301 318 # Set DHCP configuration to IPv4 only
302 319 if [ "$ENABLE_IPV6" = false ] ; then
303 sed -i "s/=yes/=v4/" $R/etc/systemd/network/eth.network
320 sed -i "s/^DHCP=yes/DHCP=v4/" $R/etc/systemd/network/eth.network
321 fi
322 else # ENABLE_DHCP=false
323 cat <<EOM >$R/etc/systemd/network/eth.network
324 [Match]
325 Name=eth0
326
327 [Network]
328 DHCP=no
329 Address=${NET_ADDRESS}
330 Gateway=${NET_GATEWAY}
331 DNS=${NET_DNS_1}
332 DNS=${NET_DNS_2}
333 Domains=${NET_DNS_DOMAINS}
334 NTP=${NET_NTP_1}
335 NTP=${NET_NTP_2}
336 EOM
304 337 fi
305 338
306 339 # Enable systemd-networkd service
307 340 LANG=C chroot $R systemctl enable systemd-networkd
308 341
309 342 # Generate crypt(3) password string
310 343 ENCRYPTED_PASSWORD=`mkpasswd -m sha-512 ${PASSWORD}`
311 344
312 345 # Set up default user
313 346 LANG=C chroot $R adduser --gecos "Raspberry PI user" --add_extra_groups --disabled-password pi
314 347 LANG=C chroot $R usermod -a -G sudo -p "${ENCRYPTED_PASSWORD}" pi
315 348
316 349 # Set up root password
317 350 LANG=C chroot $R usermod -p "${ENCRYPTED_PASSWORD}" root
318 351
319 352 # Set up firmware boot cmdline
320 353 CMDLINE="dwc_otg.lpm_enable=0 root=/dev/mmcblk0p2 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline rootwait net.ifnames=1 console=tty1"
321 354
322 355 # Set up serial console support (if requested)
323 356 if [ "$ENABLE_CONSOLE" = true ] ; then
324 357 CMDLINE="${CMDLINE} console=ttyAMA0,115200 kgdboc=ttyAMA0,115200"
325 358 fi
326 359
327 360 # Set up IPv6 networking support
328 361 if [ "$ENABLE_IPV6" = false ] ; then
329 362 CMDLINE="${CMDLINE} ipv6.disable=1"
330 363 fi
331 364
332 365 echo "${CMDLINE}" >$R/boot/firmware/cmdline.txt
333 366
334 367 # Set up firmware config
335 368 cat <<EOM >$R/boot/firmware/config.txt
336 369 # For more options and information see
337 370 # http://www.raspberrypi.org/documentation/configuration/config-txt.md
338 371 # Some settings may impact device functionality. See link above for details
339 372
340 373 # uncomment if you get no picture on HDMI for a default "safe" mode
341 374 #hdmi_safe=1
342 375
343 376 # uncomment this if your display has a black border of unused pixels visible
344 377 # and your display can output without overscan
345 378 #disable_overscan=1
346 379
347 380 # uncomment the following to adjust overscan. Use positive numbers if console
348 381 # goes off screen, and negative if there is too much border
349 382 #overscan_left=16
350 383 #overscan_right=16
351 384 #overscan_top=16
352 385 #overscan_bottom=16
353 386
354 387 # uncomment to force a console size. By default it will be display's size minus
355 388 # overscan.
356 389 #framebuffer_width=1280
357 390 #framebuffer_height=720
358 391
359 392 # uncomment if hdmi display is not detected and composite is being output
360 393 #hdmi_force_hotplug=1
361 394
362 395 # uncomment to force a specific HDMI mode (this will force VGA)
363 396 #hdmi_group=1
364 397 #hdmi_mode=1
365 398
366 399 # uncomment to force a HDMI mode rather than DVI. This can make audio work in
367 400 # DMT (computer monitor) modes
368 401 #hdmi_drive=2
369 402
370 403 # uncomment to increase signal to HDMI, if you have interference, blanking, or
371 404 # no display
372 405 #config_hdmi_boost=4
373 406
374 407 # uncomment for composite PAL
375 408 #sdtv_mode=2
376 409
377 410 # uncomment to overclock the arm. 700 MHz is the default.
378 411 #arm_freq=800
379 412 EOM
380 413
381 414 # Load snd_bcm2835 kernel module at boot time
382 415 if [ "$ENABLE_SOUND" = true ] ; then
383 416 echo "snd_bcm2835" >>$R/etc/modules
384 417 fi
385 418
386 419 # Set smallest possible GPU memory allocation size: 16MB (no X)
387 420 if [ "$ENABLE_MINGPU" = true ] ; then
388 421 echo "gpu_mem=16" >>$R/boot/firmware/config.txt
389 422 fi
390 423
391 424 # Create symlinks
392 425 ln -sf firmware/config.txt $R/boot/config.txt
393 426 ln -sf firmware/cmdline.txt $R/boot/cmdline.txt
394 427
395 428 # Prepare modules-load.d directory
396 429 mkdir -p $R/lib/modules-load.d/
397 430
398 431 # Load random module on boot
399 432 if [ "$ENABLE_HWRANDOM" = true ] ; then
400 433 cat <<EOM >$R/lib/modules-load.d/rpi2.conf
401 434 bcm2708_rng
402 435 EOM
403 436 fi
404 437
405 438 # Prepare modprobe.d directory
406 439 mkdir -p $R/etc/modprobe.d/
407 440
408 441 # Blacklist sound modules
409 442 cat <<EOM >$R/etc/modprobe.d/raspi-blacklist.conf
410 443 blacklist snd_soc_core
411 444 blacklist snd_pcm
412 445 blacklist snd_pcm_dmaengine
413 446 blacklist snd_timer
414 447 blacklist snd_compress
415 448 blacklist snd_soc_pcm512x_i2c
416 449 blacklist snd_soc_pcm512x
417 450 blacklist snd_soc_tas5713
418 451 blacklist snd_soc_wm8804
419 452 EOM
420 453
421 454 # Create default fstab
422 455 cat <<EOM >$R/etc/fstab
423 456 /dev/mmcblk0p2 / ext4 noatime,nodiratime,errors=remount-ro,discard,data=writeback,commit=100 0 1
424 457 /dev/mmcblk0p1 /boot/firmware vfat defaults,noatime,nodiratime 0 2
425 458 EOM
426 459
427 460 # Avoid swapping and increase cache sizes
428 461 cat <<EOM >>$R/etc/sysctl.d/99-sysctl.conf
429 462
430 463 # Avoid swapping and increase cache sizes
431 464 vm.swappiness=1
432 465 vm.dirty_background_ratio=20
433 466 vm.dirty_ratio=40
434 467 vm.dirty_writeback_centisecs=500
435 468 vm.dirty_expire_centisecs=6000
436 469 EOM
437 470
438 471 # Enable network stack hardening
439 472 if [ "$ENABLE_HARDNET" = true ] ; then
440 473 cat <<EOM >>$R/etc/sysctl.d/99-sysctl.conf
441 474
442 475 # Enable network stack hardening
443 476 net.ipv4.tcp_timestamps=0
444 477 net.ipv4.tcp_syncookies=1
445 478 net.ipv4.conf.all.rp_filter=1
446 479 net.ipv4.conf.all.accept_redirects=0
447 480 net.ipv4.conf.all.send_redirects=0
448 481 net.ipv4.conf.all.accept_source_route=0
449 482 net.ipv4.conf.default.rp_filter=1
450 483 net.ipv4.conf.default.accept_redirects=0
451 484 net.ipv4.conf.default.send_redirects=0
452 485 net.ipv4.conf.default.accept_source_route=0
453 486 net.ipv4.conf.lo.accept_redirects=0
454 487 net.ipv4.conf.lo.send_redirects=0
455 488 net.ipv4.conf.lo.accept_source_route=0
456 489 net.ipv4.conf.eth0.accept_redirects=0
457 490 net.ipv4.conf.eth0.send_redirects=0
458 491 net.ipv4.conf.eth0.accept_source_route=0
459 492 net.ipv4.icmp_echo_ignore_broadcasts=1
460 493 net.ipv4.icmp_ignore_bogus_error_responses=1
461 494
462 495 net.ipv6.conf.all.accept_redirects=0
463 496 net.ipv6.conf.all.accept_source_route=0
464 497 net.ipv6.conf.all.router_solicitations=0
465 498 net.ipv6.conf.all.accept_ra_rtr_pref=0
466 499 net.ipv6.conf.all.accept_ra_pinfo=0
467 500 net.ipv6.conf.all.accept_ra_defrtr=0
468 501 net.ipv6.conf.all.autoconf=0
469 502 net.ipv6.conf.all.dad_transmits=0
470 503 net.ipv6.conf.all.max_addresses=1
471 504
472 505 net.ipv6.conf.default.accept_redirects=0
473 506 net.ipv6.conf.default.accept_source_route=0
474 507 net.ipv6.conf.default.router_solicitations=0
475 508 net.ipv6.conf.default.accept_ra_rtr_pref=0
476 509 net.ipv6.conf.default.accept_ra_pinfo=0
477 510 net.ipv6.conf.default.accept_ra_defrtr=0
478 511 net.ipv6.conf.default.autoconf=0
479 512 net.ipv6.conf.default.dad_transmits=0
480 513 net.ipv6.conf.default.max_addresses=1
481 514
482 515 net.ipv6.conf.lo.accept_redirects=0
483 516 net.ipv6.conf.lo.accept_source_route=0
484 517 net.ipv6.conf.lo.router_solicitations=0
485 518 net.ipv6.conf.lo.accept_ra_rtr_pref=0
486 519 net.ipv6.conf.lo.accept_ra_pinfo=0
487 520 net.ipv6.conf.lo.accept_ra_defrtr=0
488 521 net.ipv6.conf.lo.autoconf=0
489 522 net.ipv6.conf.lo.dad_transmits=0
490 523 net.ipv6.conf.lo.max_addresses=1
491 524
492 525 net.ipv6.conf.eth0.accept_redirects=0
493 526 net.ipv6.conf.eth0.accept_source_route=0
494 527 net.ipv6.conf.eth0.router_solicitations=0
495 528 net.ipv6.conf.eth0.accept_ra_rtr_pref=0
496 529 net.ipv6.conf.eth0.accept_ra_pinfo=0
497 530 net.ipv6.conf.eth0.accept_ra_defrtr=0
498 531 net.ipv6.conf.eth0.autoconf=0
499 532 net.ipv6.conf.eth0.dad_transmits=0
500 533 net.ipv6.conf.eth0.max_addresses=1
501 534 EOM
502 535
503 536 # Enable resolver warnings about spoofed addresses
504 537 cat <<EOM >>$R/etc/host.conf
505 538 spoof warn
506 539 EOM
507 540 fi
508 541
509 542 # Regenerate openssh server host keys
510 543 if [ "$ENABLE_SSHD" = true ] ; then
511 544 rm -fr $R/etc/ssh/ssh_host_*
512 545 LANG=C chroot $R dpkg-reconfigure openssh-server
513 546 fi
514 547
515 548 # Enable serial console systemd style
516 549 if [ "$ENABLE_CONSOLE" = true ] ; then
517 550 LANG=C chroot $R systemctl enable serial-getty\@ttyAMA0.service
518 551 fi
519 552
520 553 # Enable firewall based on iptables started by systemd service
521 554 if [ "$ENABLE_IPTABLES" = true ] ; then
522 555 # Create iptables configuration directory
523 556 mkdir -p "$R/etc/iptables"
524 557
525 558 # Create iptables systemd service
526 559 cat <<EOM >$R/etc/systemd/system/iptables.service
527 560 [Unit]
528 561 Description=Packet Filtering Framework
529 562 DefaultDependencies=no
530 563 After=systemd-sysctl.service
531 564 Before=sysinit.target
532 565 [Service]
533 566 Type=oneshot
534 567 ExecStart=/sbin/iptables-restore /etc/iptables/iptables.rules
535 568 ExecReload=/sbin/iptables-restore /etc/iptables/iptables.rules
536 569 ExecStop=/etc/iptables/flush-iptables.sh
537 570 RemainAfterExit=yes
538 571 [Install]
539 572 WantedBy=multi-user.target
540 573 EOM
541 574
542 575 # Create flush-table script called by iptables service
543 576 cat <<EOM >$R/etc/iptables/flush-iptables.sh
544 577 #!/bin/sh
545 578 iptables -F
546 579 iptables -X
547 580 iptables -t nat -F
548 581 iptables -t nat -X
549 582 iptables -t mangle -F
550 583 iptables -t mangle -X
551 584 iptables -P INPUT ACCEPT
552 585 iptables -P FORWARD ACCEPT
553 586 iptables -P OUTPUT ACCEPT
554 587 EOM
555 588
556 589 # Create iptables rule file
557 590 cat <<EOM >$R/etc/iptables/iptables.rules
558 591 *filter
559 592 :INPUT DROP [0:0]
560 593 :FORWARD DROP [0:0]
561 594 :OUTPUT ACCEPT [0:0]
562 595 :TCP - [0:0]
563 596 :UDP - [0:0]
564 597 :SSH - [0:0]
565 598
566 599 # Rate limit ping requests
567 600 -A INPUT -p icmp --icmp-type echo-request -m limit --limit 30/min --limit-burst 8 -j ACCEPT
568 601 -A INPUT -p icmp --icmp-type echo-request -j DROP
569 602
570 603 # Accept established connections
571 604 -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
572 605
573 606 # Accept all traffic on loopback interface
574 607 -A INPUT -i lo -j ACCEPT
575 608
576 609 # Drop packets declared invalid
577 610 -A INPUT -m conntrack --ctstate INVALID -j DROP
578 611
579 612 # SSH rate limiting
580 613 -A INPUT -p tcp --dport ssh -m conntrack --ctstate NEW -j SSH
581 614 -A SSH -m recent --name sshbf --rttl --rcheck --hitcount 3 --seconds 10 -j DROP
582 615 -A SSH -m recent --name sshbf --rttl --rcheck --hitcount 20 --seconds 1800 -j DROP
583 616 -A SSH -m recent --name sshbf --set -j ACCEPT
584 617
585 618 # Send TCP and UDP connections to their respective rules chain
586 619 -A INPUT -p udp -m conntrack --ctstate NEW -j UDP
587 620 -A INPUT -p tcp --syn -m conntrack --ctstate NEW -j TCP
588 621
589 622 # Reject dropped packets with a RFC compliant responce
590 623 -A INPUT -p udp -j REJECT --reject-with icmp-port-unreachable
591 624 -A INPUT -p tcp -j REJECT --reject-with tcp-rst
592 625 -A INPUT -j REJECT --reject-with icmp-proto-unreachable
593 626
594 627 ## TCP PORT RULES
595 628 # -A TCP -p tcp -j LOG
596 629
597 630 ## UDP PORT RULES
598 631 # -A UDP -p udp -j LOG
599 632
600 633 COMMIT
601 634 EOM
602 635
603 636 # Reload systemd configuration and enable iptables service
604 637 LANG=C chroot $R systemctl daemon-reload
605 638 LANG=C chroot $R systemctl enable iptables.service
606 639
607 640 if [ "$ENABLE_IPV6" = true ] ; then
608 641 # Create ip6tables systemd service
609 642 cat <<EOM >$R/etc/systemd/system/ip6tables.service
610 643 [Unit]
611 644 Description=Packet Filtering Framework
612 645 DefaultDependencies=no
613 646 After=systemd-sysctl.service
614 647 Before=sysinit.target
615 648 [Service]
616 649 Type=oneshot
617 650 ExecStart=/sbin/ip6tables-restore /etc/iptables/ip6tables.rules
618 651 ExecReload=/sbin/ip6tables-restore /etc/iptables/ip6tables.rules
619 652 ExecStop=/etc/iptables/flush-ip6tables.sh
620 653 RemainAfterExit=yes
621 654 [Install]
622 655 WantedBy=multi-user.target
623 656 EOM
624 657
625 658 # Create ip6tables file
626 659 cat <<EOM >$R/etc/iptables/flush-ip6tables.sh
627 660 #!/bin/sh
628 661 ip6tables -F
629 662 ip6tables -X
630 663 ip6tables -Z
631 664 for table in $(</proc/net/ip6_tables_names)
632 665 do
633 666 ip6tables -t \$table -F
634 667 ip6tables -t \$table -X
635 668 ip6tables -t \$table -Z
636 669 done
637 670 ip6tables -P INPUT ACCEPT
638 671 ip6tables -P OUTPUT ACCEPT
639 672 ip6tables -P FORWARD ACCEPT
640 673 EOM
641 674
642 675 # Create ip6tables rule file
643 676 cat <<EOM >$R/etc/iptables/ip6tables.rules
644 677 *filter
645 678 :INPUT DROP [0:0]
646 679 :FORWARD DROP [0:0]
647 680 :OUTPUT ACCEPT [0:0]
648 681 :TCP - [0:0]
649 682 :UDP - [0:0]
650 683 :SSH - [0:0]
651 684
652 685 # Drop packets with RH0 headers
653 686 -A INPUT -m rt --rt-type 0 -j DROP
654 687 -A OUTPUT -m rt --rt-type 0 -j DROP
655 688 -A FORWARD -m rt --rt-type 0 -j DROP
656 689
657 690 # Rate limit ping requests
658 691 -A INPUT -p icmpv6 --icmpv6-type echo-request -m limit --limit 30/min --limit-burst 8 -j ACCEPT
659 692 -A INPUT -p icmpv6 --icmpv6-type echo-request -j DROP
660 693
661 694 # Accept established connections
662 695 -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
663 696
664 697 # Accept all traffic on loopback interface
665 698 -A INPUT -i lo -j ACCEPT
666 699
667 700 # Drop packets declared invalid
668 701 -A INPUT -m conntrack --ctstate INVALID -j DROP
669 702
670 703 # SSH rate limiting
671 704 -A INPUT -p tcp --dport ssh -m conntrack --ctstate NEW -j SSH
672 705 -A SSH -m recent --name sshbf --rttl --rcheck --hitcount 3 --seconds 10 -j DROP
673 706 -A SSH -m recent --name sshbf --rttl --rcheck --hitcount 20 --seconds 1800 -j DROP
674 707 -A SSH -m recent --name sshbf --set -j ACCEPT
675 708
676 709 # Send TCP and UDP connections to their respective rules chain
677 710 -A INPUT -p udp -m conntrack --ctstate NEW -j UDP
678 711 -A INPUT -p tcp --syn -m conntrack --ctstate NEW -j TCP
679 712
680 713 # Reject dropped packets with a RFC compliant responce
681 714 -A INPUT -p udp -j REJECT --reject-with icmp6-adm-prohibited
682 715 -A INPUT -p tcp -j REJECT --reject-with icmp6-adm-prohibited
683 716 -A INPUT -j REJECT --reject-with icmp6-adm-prohibited
684 717
685 718 ## TCP PORT RULES
686 719 # -A TCP -p tcp -j LOG
687 720
688 721 ## UDP PORT RULES
689 722 # -A UDP -p udp -j LOG
690 723
691 724 COMMIT
692 725 EOM
693 726
694 727 # Reload systemd configuration and enable iptables service
695 728 LANG=C chroot $R systemctl daemon-reload
696 729 LANG=C chroot $R systemctl enable ip6tables.service
697 730 fi
698 731 fi
699 732
700 733 # Remove SSHD related iptables rules
701 734 if [ "$ENABLE_SSHD" = false ] ; then
702 735 sed -e '/^#/! {/SSH/ s/^/# /}' -i $R/etc/iptables/iptables.rules 2> /dev/null
703 736 sed -e '/^#/! {/SSH/ s/^/# /}' -i $R/etc/iptables/ip6tables.rules 2> /dev/null
704 737 fi
705 738
706 739 # Install gcc/c++ build environment inside the chroot
707 740 if [ "$ENABLE_UBOOT" = true ] || [ "$ENABLE_FBTURBO" = true ]; then
708 741 LANG=C chroot $R apt-get install -q -y --force-yes --no-install-recommends linux-compiler-gcc-4.9-arm g++ make bc
709 742 fi
710 743
711 744 # Fetch and build U-Boot bootloader
712 745 if [ "$ENABLE_UBOOT" = true ] ; then
713 746 # Fetch U-Boot bootloader sources
714 747 git -C $R/tmp clone git://git.denx.de/u-boot.git
715 748
716 749 # Build and install U-Boot inside chroot
717 750 LANG=C chroot $R make -C /tmp/u-boot/ rpi_2_defconfig all
718 751
719 752 # Copy compiled bootloader binary and set config.txt to load it
720 753 cp $R/tmp/u-boot/u-boot.bin $R/boot/firmware/
721 754 printf "\n# boot u-boot kernel\nkernel=u-boot.bin\n" >> $R/boot/firmware/config.txt
722 755
723 756 # Set U-Boot command file
724 757 cat <<EOM >$R/boot/firmware/uboot.mkimage
725 758 # Tell Linux that it is booting on a Raspberry Pi2
726 759 setenv machid 0x00000c42
727 760
728 761 # Set the kernel boot command line
729 762 setenv bootargs "earlyprintk ${CMDLINE}"
730 763
731 764 # Save these changes to u-boot's environment
732 765 saveenv
733 766
734 767 # Load the existing Linux kernel into RAM
735 768 fatload mmc 0:1 \${kernel_addr_r} kernel7.img
736 769
737 770 # Boot the kernel we have just loaded
738 771 bootz \${kernel_addr_r}
739 772 EOM
740 773
741 774 # Generate U-Boot image from command file
742 775 LANG=C chroot $R mkimage -A arm -O linux -T script -C none -a 0x00000000 -e 0x00000000 -n "RPi2 Boot Script" -d /boot/firmware/uboot.mkimage /boot/firmware/boot.scr
743 776 fi
744 777
745 778 # Fetch and build fbturbo Xorg driver
746 779 if [ "$ENABLE_FBTURBO" = true ] ; then
747 780 # Fetch fbturbo driver sources
748 781 git -C $R/tmp clone https://github.com/ssvb/xf86-video-fbturbo.git
749 782
750 783 # Install Xorg build dependencies
751 784 LANG=C chroot $R apt-get install -q -y --no-install-recommends xorg-dev xutils-dev x11proto-dri2-dev libltdl-dev libtool automake libdrm-dev
752 785
753 786 # Build and install fbturbo driver inside chroot
754 787 LANG=C chroot $R /bin/bash -c "cd /tmp/xf86-video-fbturbo; autoreconf -vi; ./configure --prefix=/usr; make; make install"
755 788
756 789 # Add fbturbo driver to Xorg configuration
757 790 cat <<EOM >$R/usr/share/X11/xorg.conf.d/99-fbturbo.conf
758 791 Section "Device"
759 792 Identifier "Allwinner A10/A13 FBDEV"
760 793 Driver "fbturbo"
761 794 Option "fbdev" "/dev/fb0"
762 795 Option "SwapbuffersWait" "true"
763 796 EndSection
764 797 EOM
765 798
766 799 # Remove Xorg build dependencies
767 800 LANG=C chroot $R apt-get -q -y purge --auto-remove xorg-dev xutils-dev x11proto-dri2-dev libltdl-dev libtool automake libdrm-dev
768 801 fi
769 802
770 803 # Remove gcc/c++ build environment from the chroot
771 804 if [ "$ENABLE_UBOOT" = true ] || [ "$ENABLE_FBTURBO" = true ]; then
772 805 LANG=C chroot $R apt-get -y -q purge --auto-remove bc binutils cpp cpp-4.9 g++ g++-4.9 gcc gcc-4.9 libasan1 libatomic1 libc-dev-bin libc6-dev libcloog-isl4 libgcc-4.9-dev libgomp1 libisl10 libmpc3 libmpfr4 libstdc++-4.9-dev libubsan0 linux-compiler-gcc-4.9-arm linux-libc-dev make
773 806 fi
774 807
775 808 # Clean cached downloads
776 809 LANG=C chroot $R apt-get -y clean
777 810 LANG=C chroot $R apt-get -y autoclean
778 811 LANG=C chroot $R apt-get -y autoremove
779 812
780 813 # Unmount mounted filesystems
781 814 umount -l $R/proc
782 815 umount -l $R/sys
783 816
784 817 # Clean up files
785 818 rm -f $R/etc/apt/sources.list.save
786 819 rm -f $R/etc/resolvconf/resolv.conf.d/original
787 820 rm -rf $R/run
788 821 mkdir -p $R/run
789 822 rm -f $R/etc/*-
790 823 rm -f $R/root/.bash_history
791 824 rm -rf $R/tmp/*
792 825 rm -f $R/var/lib/urandom/random-seed
793 826 [ -L $R/var/lib/dbus/machine-id ] || rm -f $R/var/lib/dbus/machine-id
794 827 rm -f $R/etc/machine-id
795 828 rm -fr $R/etc/apt/apt.conf.d/10proxy
796 829
797 830 # Calculate size of the chroot directory
798 831 CHROOT_SIZE=$(expr `du -s $R | awk '{ print $1 }'` / 1024)
799 832
800 833 # Calculate required image size
801 834 IMAGE_SIZE=`expr $(expr ${CHROOT_SIZE} / 1024 + 1) \* 1024`
802 835
803 836 # Calculate number of sectors for the partition
804 837 IMAGE_SECTORS=`expr $(expr ${IMAGE_SIZE} \* 1048576) / 512 - 133120`
805 838
806 839 # Prepare date string for image file name
807 840 DATE="$(date +%Y-%m-%d)"
808 841
809 842 # Prepare image file
810 843 dd if=/dev/zero of="$BASEDIR/${DATE}-debian-${RELEASE}.img" bs=1M count=1
811 844 dd if=/dev/zero of="$BASEDIR/${DATE}-debian-${RELEASE}.img" bs=1M count=0 seek=${IMAGE_SIZE}
812 845
813 846 # Write partition table
814 847 sfdisk -q -L -f "$BASEDIR/${DATE}-debian-${RELEASE}.img" <<EOM
815 848 unit: sectors
816 849
817 850 1 : start= 2048, size= 131072, Id= c, bootable
818 851 2 : start= 133120, size= ${IMAGE_SECTORS}, Id=83
819 852 3 : start= 0, size= 0, Id= 0
820 853 4 : start= 0, size= 0, Id= 0
821 854 EOM
822 855
823 856 # Set up temporary loop devices and build filesystems
824 857 VFAT_LOOP="$(losetup -o 1M --sizelimit 64M -f --show $BASEDIR/${DATE}-debian-${RELEASE}.img)"
825 858 EXT4_LOOP="$(losetup -o 65M --sizelimit `expr ${IMAGE_SIZE} - 64`M -f --show $BASEDIR/${DATE}-debian-${RELEASE}.img)"
826 859 mkfs.vfat "$VFAT_LOOP"
827 860 mkfs.ext4 "$EXT4_LOOP"
828 861
829 862 # Mount the temporary loop devices
830 863 mkdir -p "$BUILDDIR/mount"
831 864 mount "$EXT4_LOOP" "$BUILDDIR/mount"
832 865
833 866 mkdir -p "$BUILDDIR/mount/boot/firmware"
834 867 mount "$VFAT_LOOP" "$BUILDDIR/mount/boot/firmware"
835 868
836 869 # Copy all files from the chroot to the loop device mount point directory
837 870 rsync -a "$R/" "$BUILDDIR/mount/"
838 871
839 872 # Unmount all temporary loop devices and mount points
840 873 cleanup
841 874
842 875 # (optinal) create block map file for "bmaptool"
843 876 bmaptool create -o "$BASEDIR/${DATE}-debian-${RELEASE}.bmap" "$BASEDIR/${DATE}-debian-${RELEASE}.img"
844 877
845 878 # Image was successfully created
846 879 echo "$BASEDIR/${DATE}-debian-${RELEASE}.img (${IMAGE_SIZE})" ": successfully created"
General Comments 0
Vous devez vous connecter pour laisser un commentaire. Se connecter maintenant