@@ -0,0 +1,31 | |||
|
1 | logger -t "rc.firstboot" "Regenerating initramfs to remove encrypted root partition auto-expand" | |
|
2 | ||
|
3 | KERNEL_VERSION=$(uname -r) | |
|
4 | KERNEL_ARCH=$(uname -m) | |
|
5 | INITRAMFS="/boot/firmware/initramfs-${KERNEL_VERSION}" | |
|
6 | INITRAMFS_UBOOT="${INITRAMFS}.uboot" | |
|
7 | ||
|
8 | # Extract kernel arch | |
|
9 | case "${KERNEL_ARCH}" in | |
|
10 | arm*) KERNEL_ARCH=arm ;; | |
|
11 | esac | |
|
12 | ||
|
13 | # Regenerate initramfs | |
|
14 | if [ -r "${INITRAMFS}" ] ; then | |
|
15 | rm -f /etc/initramfs-tools/scripts/init-premount/expand_encrypted_rootfs | |
|
16 | rm -f /etc/initramfs-tools/scripts/local-premount/expand-premount | |
|
17 | rm -f /etc/initramfs-tools/hooks/expand-tools | |
|
18 | rm -f "${INITRAMFS}" | |
|
19 | mkinitramfs -o "${INITRAMFS}" "${KERNEL_VERSION}" | |
|
20 | fi | |
|
21 | ||
|
22 | # Convert generated initramfs for U-Boot using mkimage | |
|
23 | if [ -r "${INITRAMFS_UBOOT}" ] ; then | |
|
24 | rm -f /etc/initramfs-tools/scripts/init-premount/expand_encrypted_rootfs | |
|
25 | rm -f /etc/initramfs-tools/scripts/local-premount/expand-premount | |
|
26 | rm -f /etc/initramfs-tools/hooks/expand-tools | |
|
27 | rm -f "${INITRAMFS_UBOOT}" | |
|
28 | mkinitramfs -o "${INITRAMFS}" "${KERNEL_VERSION}" | |
|
29 | mkimage -A "${KERNEL_ARCH}" -T ramdisk -C none -n "initramfs-${KERNEL_VERSION}" -d "${INITRAMFS}" "${INITRAMFS_UBOOT}" | |
|
30 | rm -f "${INITRAMFS}" | |
|
31 | fi |
@@ -0,0 +1,19 | |||
|
1 | #!/bin/sh | |
|
2 | ||
|
3 | set -e | |
|
4 | ||
|
5 | # Check for cryptdevice variable | |
|
6 | if [ -z "$cryptdevice" ] ; then | |
|
7 | echo "unable to get cryptdevice variable (local-premount)" | |
|
8 | exit 1 | |
|
9 | fi | |
|
10 | ||
|
11 | if [ -n "$ROOT" ] ; then | |
|
12 | # Resize encrypted root partition | |
|
13 | cryptsetup resize "${ROOT}" | |
|
14 | e2fsck -fp "${ROOT}" | |
|
15 | resize2fs -f "${ROOT}" | |
|
16 | e2fsck -fp "${ROOT}" | |
|
17 | fi | |
|
18 | ||
|
19 | exit 0 |
@@ -0,0 +1,19 | |||
|
1 | #!/bin/sh | |
|
2 | ||
|
3 | set -e | |
|
4 | ||
|
5 | # Use initramfs utility functions | |
|
6 | . /usr/share/initramfs-tools/hook-functions | |
|
7 | ||
|
8 | # Add binaries required for resizing the filesystem | |
|
9 | copy_exec /bin/grep /bin | |
|
10 | copy_exec /usr/bin/awk /bin | |
|
11 | copy_exec /usr/bin/cut /bin | |
|
12 | copy_exec /usr/bin/tail /bin | |
|
13 | copy_exec /sbin/fdisk /sbin | |
|
14 | copy_exec /sbin/parted /sbin | |
|
15 | copy_exec /sbin/e2fsck /sbin | |
|
16 | copy_exec /sbin/resize2fs /sbin | |
|
17 | copy_exec /sbin/partprobe /sbin | |
|
18 | ||
|
19 | exit 0 |
@@ -0,0 +1,85 | |||
|
1 | #!/bin/sh | |
|
2 | # expand_encrypted_rootfs initramfs-tools boot script | |
|
3 | ||
|
4 | # dependencies: grep awk cut tail fdisk parted e2fsck resize2fs | |
|
5 | ||
|
6 | set -e | |
|
7 | ||
|
8 | # Wait for USB devices to be ready | |
|
9 | sleep 5 | |
|
10 | ||
|
11 | # Use initramfs utility functions | |
|
12 | if [ -r "/scripts/functions" ] ; then | |
|
13 | . /scripts/functions | |
|
14 | fi | |
|
15 | ||
|
16 | # Check for cryptdevice variable | |
|
17 | if [ -z "$cryptdevice" ] ; then | |
|
18 | echo "unable to get cryptdevice variable (init-premount)" | |
|
19 | return 1 | |
|
20 | fi | |
|
21 | ||
|
22 | # Detect root partition device | |
|
23 | ROOT_PART=$(echo $cryptdevice | awk -F"/|:" '{ print $3 }') | |
|
24 | if [ -z "$ROOT_PART" ] ; then | |
|
25 | log_warning_msg "unable to detect encrypted root partition device (cryptdevice)" | |
|
26 | return 1 | |
|
27 | fi | |
|
28 | ||
|
29 | # Extract root device name | |
|
30 | case "${ROOT_PART}" in | |
|
31 | mmcblk0*) ROOT_DEV=mmcblk0 ;; | |
|
32 | sda*) ROOT_DEV=sda ;; | |
|
33 | esac | |
|
34 | ||
|
35 | # Check detected root partition name | |
|
36 | PART_NUM=$(echo ${ROOT_PART} | grep -o '[1-9][0-9]*$') | |
|
37 | if [ "$PART_NUM" = "$ROOT_PART" ] ; then | |
|
38 | log_warning_msg "$ROOT_PART is not an SD card. Don't know how to expand" | |
|
39 | return 1 | |
|
40 | fi | |
|
41 | ||
|
42 | # NOTE: the NOOBS partition layout confuses parted. For now, let's only | |
|
43 | # agree to work with a sufficiently simple partition layout | |
|
44 | if [ "$PART_NUM" -gt 2 ] ; then | |
|
45 | log_warning_msg "Your partition layout is not currently supported by this tool." | |
|
46 | return 1 | |
|
47 | fi | |
|
48 | ||
|
49 | # Check if last partition number | |
|
50 | LAST_PART_NUM=$(parted /dev/${ROOT_DEV} -ms unit s p | tail -n 1 | cut -f 1 -d:) | |
|
51 | if [ $LAST_PART_NUM -ne $PART_NUM ]; then | |
|
52 | log_warning_msg "$ROOT_PART is not the last partition. Don't know how to expand" | |
|
53 | return 1 | |
|
54 | fi | |
|
55 | ||
|
56 | # Get the starting offset of the root partition | |
|
57 | PART_START=$(parted /dev/${ROOT_DEV} -ms unit s p | grep "^${PART_NUM}" | cut -f 2 -d: | sed 's/[^0-9]//g') | |
|
58 | if [ -z "$PART_START" ] ; then | |
|
59 | log_warning_msg "${ROOT_DEV} unable to get starting sector of the partition" | |
|
60 | return 1 | |
|
61 | fi | |
|
62 | ||
|
63 | # Get the possible last sector for the root partition | |
|
64 | PART_LAST=$(fdisk -l /dev/${ROOT_DEV} | grep '^Disk.*sectors' | awk '{ print $7 - 1 }') | |
|
65 | if [ -z "$PART_LAST" ] ; then | |
|
66 | log_warning_msg "${ROOT_DEV} unable to get last sector of the partition" | |
|
67 | return 1 | |
|
68 | fi | |
|
69 | ||
|
70 | ### Since rc.local is run with "sh -e", let's add "|| true" to prevent premature exit | |
|
71 | fdisk /dev/${ROOT_DEV} 2> /dev/null <<EOF2 || true | |
|
72 | p | |
|
73 | d | |
|
74 | $PART_NUM | |
|
75 | n | |
|
76 | p | |
|
77 | $PART_NUM | |
|
78 | $PART_START | |
|
79 | $PART_LAST | |
|
80 | p | |
|
81 | w | |
|
82 | EOF2 | |
|
83 | ||
|
84 | partprobe | |
|
85 | log_success_msg "Root partition successfully resized." |
@@ -5,7 +5,7 | |||
|
5 | 5 | ## Build dependencies |
|
6 | 6 | The following list of Debian packages must be installed on the build system because they are essentially required for the bootstrapping process. The script will check if all required packages are installed and missing packages will be installed automatically if confirmed by the user. |
|
7 | 7 | |
|
8 |
```debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git |
|
|
8 | ```debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git``` | |
|
9 | 9 | |
|
10 | 10 | ## Command-line parameters |
|
11 | 11 | The script accepts certain command-line parameters to enable or disable specific OS features, services and configuration settings. These parameters are passed to the `rpi2-gen-image.sh` script via (simple) shell-variables. Unlike environment shell-variables (simple) shell-variables are defined at the beginning of the command-line call of the `rpi2-gen-image.sh` script. |
@@ -226,7 +226,7 Remove all `locale` translation files. | |||
|
226 | 226 | #### Encrypted root partition: |
|
227 | 227 | |
|
228 | 228 | ##### `ENABLE_CRYPTFS`=false |
|
229 |
Enable full system encryption with dm-crypt. Setup a fully LUKS encrypted root partition (aes-xts-plain64:sha512) and generate required initramfs. The /boot directory will not be encrypted. This parameter will be ignored if `BUILD_KERNEL`=false. `ENABLE_CRYPTFS` is experimental. |
|
|
229 | Enable full system encryption with dm-crypt. Setup a fully LUKS encrypted root partition (aes-xts-plain64:sha512) and generate required initramfs. The /boot directory will not be encrypted. This parameter will be ignored if `BUILD_KERNEL`=false. `ENABLE_CRYPTFS` is experimental. SSH-to-initramfs is currently not supported but will be soon - feel free to help. | |
|
230 | 230 | |
|
231 | 231 | ##### `CRYPTFS_PASSWORD`="" |
|
232 | 232 | Set password of the encrypted root partition. This parameter is mandatory if `ENABLE_CRYPTFS`=true. |
@@ -266,6 +266,7 All the required configuration files that will be copied to the generated OS ima | |||
|
266 | 266 | | `boot` | Boot and RPi2 configuration files | |
|
267 | 267 | | `dpkg` | Package Manager configuration | |
|
268 | 268 | | `firstboot` | Scripts that get executed on first boot | |
|
269 | | `initramfs` | Initramfs scripts | | |
|
269 | 270 | | `iptables` | Firewall configuration files | |
|
270 | 271 | | `locales` | Locales configuration | |
|
271 | 272 | | `modules` | Kernel Modules configuration | |
@@ -7,22 +7,22 | |||
|
7 | 7 | |
|
8 | 8 | # Base debootstrap (unpack only) |
|
9 | 9 | if [ "$ENABLE_MINBASE" = true ] ; then |
|
10 | http_proxy=${APT_PROXY} debootstrap --arch="${RELEASE_ARCH}" --foreign --variant=minbase --include="${APT_INCLUDES}" "${RELEASE}" "$R" "http://${APT_SERVER}/debian" | |
|
10 | http_proxy=${APT_PROXY} debootstrap --arch="${RELEASE_ARCH}" --foreign --variant=minbase --include="${APT_INCLUDES}" "${RELEASE}" "${R}" "http://${APT_SERVER}/debian" | |
|
11 | 11 | else |
|
12 | http_proxy=${APT_PROXY} debootstrap --arch="${RELEASE_ARCH}" --foreign --include="${APT_INCLUDES}" "${RELEASE}" "$R" "http://${APT_SERVER}/debian" | |
|
12 | http_proxy=${APT_PROXY} debootstrap --arch="${RELEASE_ARCH}" --foreign --include="${APT_INCLUDES}" "${RELEASE}" "${R}" "http://${APT_SERVER}/debian" | |
|
13 | 13 | fi |
|
14 | 14 | |
|
15 | 15 | # Copy qemu emulator binary to chroot |
|
16 | 16 | install_exec "${QEMU_BINARY}" "${R}${QEMU_BINARY}" |
|
17 | 17 | |
|
18 | 18 | # Copy debian-archive-keyring.pgp |
|
19 | mkdir -p "$R/usr/share/keyrings" | |
|
20 | install_readonly /usr/share/keyrings/debian-archive-keyring.gpg "$R/usr/share/keyrings/debian-archive-keyring.gpg" | |
|
19 | mkdir -p "${R}/usr/share/keyrings" | |
|
20 | install_readonly /usr/share/keyrings/debian-archive-keyring.gpg "${R}/usr/share/keyrings/debian-archive-keyring.gpg" | |
|
21 | 21 | |
|
22 | 22 | # Complete the bootstrapping process |
|
23 | 23 | chroot_exec /debootstrap/debootstrap --second-stage |
|
24 | 24 | |
|
25 | 25 | # Mount required filesystems |
|
26 | mount -t proc none "$R/proc" | |
|
27 | mount -t sysfs none "$R/sys" | |
|
28 | mount --bind /dev/pts "$R/dev/pts" | |
|
26 | mount -t proc none "${R}/proc" | |
|
27 | mount -t sysfs none "${R}/sys" | |
|
28 | mount --bind /dev/pts "${R}/dev/pts" |
@@ -7,28 +7,28 | |||
|
7 | 7 | |
|
8 | 8 | # Install and setup APT proxy configuration |
|
9 | 9 | if [ -z "$APT_PROXY" ] ; then |
|
10 |
install_readonly files/apt/10proxy "$ |
|
|
11 |
sed -i "s/\"\"/\"${APT_PROXY}\"/" "$ |
|
|
10 | install_readonly files/apt/10proxy "${ETCDIR}/apt/apt.conf.d/10proxy" | |
|
11 | sed -i "s/\"\"/\"${APT_PROXY}\"/" "${ETCDIR}/apt/apt.conf.d/10proxy" | |
|
12 | 12 | fi |
|
13 | 13 | |
|
14 | 14 | if [ "$BUILD_KERNEL" = false ] ; then |
|
15 | 15 | # Install APT pinning configuration for flash-kernel package |
|
16 |
install_readonly files/apt/flash-kernel "$ |
|
|
16 | install_readonly files/apt/flash-kernel "${ETCDIR}/apt/preferences.d/flash-kernel" | |
|
17 | 17 | |
|
18 | 18 | # Install APT sources.list |
|
19 |
install_readonly files/apt/sources.list "$ |
|
|
20 |
echo "deb https://repositories.collabora.co.uk/debian ${RELEASE} rpi2" >> "$ |
|
|
19 | install_readonly files/apt/sources.list "${ETCDIR}/apt/sources.list" | |
|
20 | echo "deb https://repositories.collabora.co.uk/debian ${RELEASE} rpi2" >> "${ETCDIR}/apt/sources.list" | |
|
21 | 21 | |
|
22 | 22 | # Upgrade collabora package index and install collabora keyring |
|
23 | 23 | chroot_exec apt-get -qq -y update |
|
24 | 24 | chroot_exec apt-get -qq -y --force-yes install collabora-obs-archive-keyring |
|
25 | 25 | else # BUILD_KERNEL=true |
|
26 | 26 | # Install APT sources.list |
|
27 |
install_readonly files/apt/sources.list "$ |
|
|
27 | install_readonly files/apt/sources.list "${ETCDIR}/apt/sources.list" | |
|
28 | 28 | |
|
29 | 29 | # Use specified APT server and release |
|
30 |
sed -i "s/\/ftp.debian.org\//\/${APT_SERVER}\//" "$ |
|
|
31 |
sed -i "s/ jessie/ ${RELEASE}/" "$ |
|
|
30 | sed -i "s/\/ftp.debian.org\//\/${APT_SERVER}\//" "${ETCDIR}/apt/sources.list" | |
|
31 | sed -i "s/ jessie/ ${RELEASE}/" "${ETCDIR}/apt/sources.list" | |
|
32 | 32 | fi |
|
33 | 33 | |
|
34 | 34 | # Upgrade package index and update all installed packages and changed dependencies |
@@ -6,7 +6,7 | |||
|
6 | 6 | . ./functions.sh |
|
7 | 7 | |
|
8 | 8 | # Install and setup timezone |
|
9 |
echo ${TIMEZONE} > "$ |
|
|
9 | echo ${TIMEZONE} > "${ETCDIR}/timezone" | |
|
10 | 10 | chroot_exec dpkg-reconfigure -f noninteractive tzdata |
|
11 | 11 | |
|
12 | 12 | # Install and setup default locale and keyboard configuration |
@@ -19,40 +19,40 if [ "$ENABLE_MINBASE" = false ] ; then | |||
|
19 | 19 | else |
|
20 | 20 | # en_US.UTF-8 should be available anyway : https://www.debian.org/doc/manuals/debian-reference/ch08.en.html#_the_reconfiguration_of_the_locale |
|
21 | 21 | chroot_exec echo "locales locales/locales_to_be_generated multiselect en_US.UTF-8 UTF-8, ${DEFLOCAL} UTF-8" | debconf-set-selections |
|
22 |
sed -i "/en_US.UTF-8/s/^#//" "$ |
|
|
22 | sed -i "/en_US.UTF-8/s/^#//" "${ETCDIR}/locale.gen" | |
|
23 | 23 | fi |
|
24 | 24 | |
|
25 |
sed -i "/${DEFLOCAL}/s/^#//" "$ |
|
|
25 | sed -i "/${DEFLOCAL}/s/^#//" "${ETCDIR}/locale.gen" | |
|
26 | 26 | chroot_exec echo "locales locales/default_environment_locale select ${DEFLOCAL}" | debconf-set-selections |
|
27 | 27 | chroot_exec locale-gen |
|
28 | 28 | chroot_exec update-locale LANG="${DEFLOCAL}" |
|
29 | 29 | |
|
30 | 30 | # Install and setup default keyboard configuration |
|
31 | 31 | if [ "$XKB_MODEL" != "" ] ; then |
|
32 |
sed -i "s/^XKBMODEL.*/XKBMODEL=\"${XKB_MODEL}\"/" "$ |
|
|
32 | sed -i "s/^XKBMODEL.*/XKBMODEL=\"${XKB_MODEL}\"/" "${ETCDIR}/default/keyboard" | |
|
33 | 33 | fi |
|
34 | 34 | if [ "$XKB_LAYOUT" != "" ] ; then |
|
35 |
sed -i "s/^XKBLAYOUT.*/XKBLAYOUT=\"${XKB_LAYOUT}\"/" "$ |
|
|
35 | sed -i "s/^XKBLAYOUT.*/XKBLAYOUT=\"${XKB_LAYOUT}\"/" "${ETCDIR}/default/keyboard" | |
|
36 | 36 | fi |
|
37 | 37 | if [ "$XKB_VARIANT" != "" ] ; then |
|
38 |
sed -i "s/^XKBVARIANT.*/XKBVARIANT=\"${XKB_VARIANT}\"/" "$ |
|
|
38 | sed -i "s/^XKBVARIANT.*/XKBVARIANT=\"${XKB_VARIANT}\"/" "${ETCDIR}/default/keyboard" | |
|
39 | 39 | fi |
|
40 | 40 | if [ "$XKB_OPTIONS" != "" ] ; then |
|
41 |
sed -i "s/^XKBOPTIONS.*/XKBOPTIONS=\"${XKB_OPTIONS}\"/" "$ |
|
|
41 | sed -i "s/^XKBOPTIONS.*/XKBOPTIONS=\"${XKB_OPTIONS}\"/" "${ETCDIR}/default/keyboard" | |
|
42 | 42 | fi |
|
43 | 43 | chroot_exec dpkg-reconfigure -f noninteractive keyboard-configuration |
|
44 | 44 | |
|
45 | 45 | # Install and setup font console |
|
46 | 46 | case "${DEFLOCAL}" in |
|
47 | 47 | *UTF-8) |
|
48 |
sed -i 's/^CHARMAP.*/CHARMAP="UTF-8"/' "$ |
|
|
48 | sed -i 's/^CHARMAP.*/CHARMAP="UTF-8"/' "${ETCDIR}/default/console-setup" | |
|
49 | 49 | ;; |
|
50 | 50 | *) |
|
51 |
sed -i 's/^CHARMAP.*/CHARMAP="guess"/' "$ |
|
|
51 | sed -i 's/^CHARMAP.*/CHARMAP="guess"/' "${ETCDIR}/default/console-setup" | |
|
52 | 52 | ;; |
|
53 | 53 | esac |
|
54 | 54 | chroot_exec dpkg-reconfigure -f noninteractive console-setup |
|
55 | 55 | else # ENABLE_MINBASE=true |
|
56 | 56 | # Install POSIX default locale |
|
57 |
install_readonly files/locales/locale "$ |
|
|
57 | install_readonly files/locales/locale "${ETCDIR}/default/locale" | |
|
58 | 58 | fi |
@@ -8,7 +8,7 | |||
|
8 | 8 | # Fetch and build latest raspberry kernel |
|
9 | 9 | if [ "$BUILD_KERNEL" = true ] ; then |
|
10 | 10 | # Setup source directory |
|
11 | mkdir -p "$R/usr/src" | |
|
11 | mkdir -p "${R}/usr/src" | |
|
12 | 12 | |
|
13 | 13 | # Copy existing kernel sources into chroot directory |
|
14 | 14 | if [ -n "$KERNELSRC_DIR" ] && [ -d "$KERNELSRC_DIR" ] ; then |
@@ -17,11 +17,11 if [ "$BUILD_KERNEL" = true ] ; then | |||
|
17 | 17 | |
|
18 | 18 | # Clean the kernel sources |
|
19 | 19 | if [ "$KERNELSRC_CLEAN" = true ] && [ "$KERNELSRC_PREBUILT" = false ] ; then |
|
20 |
make -C "$ |
|
|
20 | make -C "${KERNELDIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" mrproper | |
|
21 | 21 | fi |
|
22 | 22 | else # KERNELSRC_DIR="" |
|
23 | 23 | # Fetch current raspberrypi kernel sources |
|
24 | git -C "$R/usr/src" clone --depth=1 https://github.com/raspberrypi/linux | |
|
24 | git -C "${R}/usr/src" clone --depth=1 https://github.com/raspberrypi/linux | |
|
25 | 25 | fi |
|
26 | 26 | |
|
27 | 27 | # Calculate optimal number of kernel building threads |
@@ -33,7 +33,7 if [ "$BUILD_KERNEL" = true ] ; then | |||
|
33 | 33 | if [ "$KERNELSRC_PREBUILT" = false ] ; then |
|
34 | 34 | # Remove device, network and filesystem drivers from kernel configuration |
|
35 | 35 | if [ "$KERNEL_REDUCE" = true ] ; then |
|
36 |
make -C "$ |
|
|
36 | make -C "${KERNELDIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" "${KERNEL_DEFCONFIG}" | |
|
37 | 37 | sed -i\ |
|
38 | 38 | -e "s/\(^CONFIG_SND.*\=\).*/\1n/"\ |
|
39 | 39 | -e "s/\(^CONFIG_SOUND.*\=\).*/\1n/"\ |
@@ -64,25 +64,25 if [ "$BUILD_KERNEL" = true ] ; then | |||
|
64 | 64 | -e "s/\(^CONFIG_TOUCHSCREEN.*\=\).*/\1n/"\ |
|
65 | 65 | -e "s/\(^CONFIG_USB_GSPCA_.*\=\).*/\1n/"\ |
|
66 | 66 | -e "s/\(^CONFIG_DRM.*\=\).*/\1n/"\ |
|
67 |
"$ |
|
|
67 | "${KERNELDIR}/.config" | |
|
68 | 68 | fi |
|
69 | 69 | |
|
70 | 70 | if [ "$KERNELSRC_CONFIG" = true ] ; then |
|
71 | 71 | # Load default raspberry kernel configuration |
|
72 |
make -C "$ |
|
|
72 | make -C "${KERNELDIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" "${KERNEL_DEFCONFIG}" | |
|
73 | 73 | |
|
74 | 74 | # Start menu-driven kernel configuration (interactive) |
|
75 | 75 | if [ "$KERNEL_MENUCONFIG" = true ] ; then |
|
76 |
make -C "$ |
|
|
76 | make -C "${KERNELDIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" menuconfig | |
|
77 | 77 | fi |
|
78 | 78 | fi |
|
79 | 79 | |
|
80 | 80 | # Cross compile kernel and modules |
|
81 |
make -C "$ |
|
|
81 | make -C "${KERNELDIR}" -j${KERNEL_THREADS} ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" zImage modules dtbs | |
|
82 | 82 | fi |
|
83 | 83 | |
|
84 | 84 | # Check if kernel compilation was successful |
|
85 |
if [ ! -r "$ |
|
|
85 | if [ ! -r "${KERNELDIR}/arch/${KERNEL_ARCH}/boot/zImage" ] ; then | |
|
86 | 86 | echo "error: kernel compilation failed! (zImage not found)" |
|
87 | 87 | cleanup |
|
88 | 88 | exit 1 |
@@ -90,50 +90,55 if [ "$BUILD_KERNEL" = true ] ; then | |||
|
90 | 90 | |
|
91 | 91 | # Install kernel modules |
|
92 | 92 | if [ "$ENABLE_REDUCE" = true ] ; then |
|
93 |
make -C "$ |
|
|
93 | make -C "${KERNELDIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_MOD_STRIP=1 INSTALL_MOD_PATH=../../.. modules_install | |
|
94 | 94 | else |
|
95 |
make -C "$ |
|
|
95 | make -C "${KERNELDIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_MOD_PATH=../../.. modules_install | |
|
96 | 96 | |
|
97 | 97 | # Install kernel firmware |
|
98 |
make -C "$ |
|
|
98 | make -C "${KERNELDIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_FW_PATH=../../../lib firmware_install | |
|
99 | 99 | fi |
|
100 | 100 | |
|
101 | 101 | # Install kernel headers |
|
102 | 102 | if [ "$KERNEL_HEADERS" = true ] && [ "$KERNEL_REDUCE" = false ] ; then |
|
103 |
make -C "$ |
|
|
103 | make -C "${KERNELDIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_HDR_PATH=../.. headers_install | |
|
104 | 104 | fi |
|
105 | 105 | |
|
106 | 106 | # Prepare boot (firmware) directory |
|
107 | mkdir "$R/boot/firmware/" | |
|
107 | mkdir "${BOOTDIR}" | |
|
108 | 108 | |
|
109 | 109 | # Get kernel release version |
|
110 |
KERNEL_VERSION=`cat "$ |
|
|
110 | KERNEL_VERSION=`cat "${KERNELDIR}/include/config/kernel.release"` | |
|
111 | 111 | |
|
112 | 112 | # Copy kernel configuration file to the boot directory |
|
113 |
install_readonly "$ |
|
|
113 | install_readonly "${KERNELDIR}/.config" "${R}/boot/config-${KERNEL_VERSION}" | |
|
114 | 114 | |
|
115 | 115 | # Copy dts and dtb device tree sources and binaries |
|
116 |
mkdir "$ |
|
|
117 |
install_readonly "$ |
|
|
118 |
install_readonly "$ |
|
|
119 |
install_readonly "$ |
|
|
120 | ||
|
121 | # Convert and copy zImage kernel to the boot directory | |
|
122 | "$R/usr/src/linux/scripts/mkknlimg" "$R/usr/src/linux/arch/arm/boot/zImage" "$R/boot/firmware/kernel7.img" | |
|
116 | mkdir "${BOOTDIR}/overlays" | |
|
117 | install_readonly "${KERNELDIR}/arch/${KERNEL_ARCH}/boot/dts/"*.dtb "${BOOTDIR}/" | |
|
118 | install_readonly "${KERNELDIR}/arch/${KERNEL_ARCH}/boot/dts/overlays/"*.dtb* "${BOOTDIR}/overlays/" | |
|
119 | install_readonly "${KERNELDIR}/arch/${KERNEL_ARCH}/boot/dts/overlays/README" "${BOOTDIR}/overlays/README" | |
|
120 | ||
|
121 | if [ "$ENABLE_UBOOT" = false ] ; then | |
|
122 | # Convert and copy zImage kernel to the boot directory | |
|
123 | "${KERNELDIR}/scripts/mkknlimg" "${KERNELDIR}/arch/${KERNEL_ARCH}/boot/zImage" "${BOOTDIR}/${KERNEL_IMAGE}" | |
|
124 | else | |
|
125 | # Copy zImage kernel to the boot directory | |
|
126 | install_readonly "${KERNELDIR}/arch/${KERNEL_ARCH}/boot/zImage" "${BOOTDIR}/${KERNEL_IMAGE}" | |
|
127 | fi | |
|
123 | 128 | |
|
124 | 129 | # Remove kernel sources |
|
125 | 130 | if [ "$KERNEL_REMOVESRC" = true ] ; then |
|
126 | rm -fr "$R/usr/src/linux" | |
|
131 | rm -fr "${KERNELDIR}" | |
|
127 | 132 | fi |
|
128 | 133 | |
|
129 | 134 | # Install latest boot binaries from raspberry/firmware github |
|
130 |
wget -q -O "$ |
|
|
131 |
wget -q -O "$ |
|
|
132 |
wget -q -O "$ |
|
|
133 |
wget -q -O "$ |
|
|
134 |
wget -q -O "$ |
|
|
135 |
wget -q -O "$ |
|
|
136 |
wget -q -O "$ |
|
|
135 | wget -q -O "${BOOTDIR}/bootcode.bin" https://github.com/raspberrypi/firmware/raw/master/boot/bootcode.bin | |
|
136 | wget -q -O "${BOOTDIR}/fixup.dat" https://github.com/raspberrypi/firmware/raw/master/boot/fixup.dat | |
|
137 | wget -q -O "${BOOTDIR}/fixup_cd.dat" https://github.com/raspberrypi/firmware/raw/master/boot/fixup_cd.dat | |
|
138 | wget -q -O "${BOOTDIR}/fixup_x.dat" https://github.com/raspberrypi/firmware/raw/master/boot/fixup_x.dat | |
|
139 | wget -q -O "${BOOTDIR}/start.elf" https://github.com/raspberrypi/firmware/raw/master/boot/start.elf | |
|
140 | wget -q -O "${BOOTDIR}/start_cd.elf" https://github.com/raspberrypi/firmware/raw/master/boot/start_cd.elf | |
|
141 | wget -q -O "${BOOTDIR}/start_x.elf" https://github.com/raspberrypi/firmware/raw/master/boot/start_x.elf | |
|
137 | 142 | |
|
138 | 143 | else # BUILD_KERNEL=false |
|
139 | 144 | # Kernel installation |
@@ -143,14 +148,14 else # BUILD_KERNEL=false | |||
|
143 | 148 | chroot_exec apt-get -qq -y install flash-kernel |
|
144 | 149 | |
|
145 | 150 | # Check if kernel installation was successful |
|
146 | VMLINUZ="$(ls -1 $R/boot/vmlinuz-* | sort | tail -n 1)" | |
|
151 | VMLINUZ="$(ls -1 ${R}/boot/vmlinuz-* | sort | tail -n 1)" | |
|
147 | 152 | if [ -z "$VMLINUZ" ] ; then |
|
148 | 153 | echo "error: kernel installation failed! (/boot/vmlinuz-* not found)" |
|
149 | 154 | cleanup |
|
150 | 155 | exit 1 |
|
151 | 156 | fi |
|
152 | 157 | # Copy vmlinuz kernel to the boot directory |
|
153 | install_readonly "$VMLINUZ" "$R/boot/firmware/kernel7.img" | |
|
158 | install_readonly "${VMLINUZ}" "${BOOTDIR}/${KERNEL_IMAGE}" | |
|
154 | 159 | fi |
|
155 | 160 | |
|
156 | 161 | # Setup firmware boot cmdline |
@@ -160,6 +165,15 else | |||
|
160 | 165 | CMDLINE="dwc_otg.lpm_enable=0 root=/dev/mmcblk0p2 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline rootwait net.ifnames=1 console=tty1 ${CMDLINE}" |
|
161 | 166 | fi |
|
162 | 167 | |
|
168 | # Add encrypted root partition to cmdline.txt | |
|
169 | if [ "$ENABLE_CRYPTFS" = true ] ; then | |
|
170 | if [ "$ENABLE_SPLITFS" = true ] ; then | |
|
171 | CMDLINE=$(echo ${CMDLINE} | sed "s/sda1/mapper\/${CRYPTFS_MAPPING} cryptdevice=\/dev\/sda1:${CRYPTFS_MAPPING}/") | |
|
172 | else | |
|
173 | CMDLINE=$(echo ${CMDLINE} | sed "s/mmcblk0p2/mapper\/${CRYPTFS_MAPPING} cryptdevice=\/dev\/mmcblk0p2:${CRYPTFS_MAPPING}/") | |
|
174 | fi | |
|
175 | fi | |
|
176 | ||
|
163 | 177 | # Add serial console support |
|
164 | 178 | if [ "$ENABLE_CONSOLE" = true ] ; then |
|
165 | 179 | CMDLINE="${CMDLINE} console=ttyAMA0,115200 kgdboc=ttyAMA0,115200" |
@@ -171,69 +185,79 if [ "$ENABLE_IPV6" = false ] ; then | |||
|
171 | 185 | fi |
|
172 | 186 | |
|
173 | 187 | # Install firmware boot cmdline |
|
174 |
echo "${CMDLINE}" > "$ |
|
|
175 | ||
|
176 | # Add encrypted root partition to cmdline.txt | |
|
177 | if [ "$ENABLE_CRYPTFS" = true ] ; then | |
|
178 | sed -i "s/mmcblk0p2/mapper\/${CRYPTFS_MAPPING} cryptdevice=\/dev\/mmcblk0p2:${CRYPTFS_MAPPING}/" "$R/boot/firmware/cmdline.txt" | |
|
179 | fi | |
|
188 | echo "${CMDLINE}" > "${BOOTDIR}/cmdline.txt" | |
|
180 | 189 | |
|
181 | 190 | # Install firmware config |
|
182 |
install_readonly files/boot/config.txt "$ |
|
|
191 | install_readonly files/boot/config.txt "${BOOTDIR}/config.txt" | |
|
183 | 192 | |
|
184 | 193 | # Setup minimal GPU memory allocation size: 16MB (no X) |
|
185 | 194 | if [ "$ENABLE_MINGPU" = true ] ; then |
|
186 |
echo "gpu_mem=16" >> "$ |
|
|
195 | echo "gpu_mem=16" >> "${BOOTDIR}/config.txt" | |
|
187 | 196 | fi |
|
188 | 197 | |
|
189 | 198 | # Setup boot with initramfs |
|
190 | 199 | if [ "$ENABLE_INITRAMFS" = true ] ; then |
|
191 |
echo "initramfs initramfs-${KERNEL_VERSION} followkernel" >> "$ |
|
|
200 | echo "initramfs initramfs-${KERNEL_VERSION} followkernel" >> "${BOOTDIR}/config.txt" | |
|
192 | 201 | fi |
|
193 | 202 | |
|
194 | 203 | # Create firmware configuration and cmdline symlinks |
|
195 | ln -sf firmware/config.txt "$R/boot/config.txt" | |
|
196 | ln -sf firmware/cmdline.txt "$R/boot/cmdline.txt" | |
|
204 | ln -sf firmware/config.txt "${R}/boot/config.txt" | |
|
205 | ln -sf firmware/cmdline.txt "${R}/boot/cmdline.txt" | |
|
197 | 206 | |
|
198 | 207 | # Install and setup kernel modules to load at boot |
|
199 | mkdir -p "$R/lib/modules-load.d/" | |
|
200 | install_readonly files/modules/rpi2.conf "$R/lib/modules-load.d/rpi2.conf" | |
|
208 | mkdir -p "${R}/lib/modules-load.d/" | |
|
209 | install_readonly files/modules/rpi2.conf "${R}/lib/modules-load.d/rpi2.conf" | |
|
201 | 210 | |
|
202 | 211 | # Load hardware random module at boot |
|
203 | if [ "$ENABLE_HWRANDOM" = true ] ; then | |
|
204 | sed -i "s/^# bcm2708_rng/bcm2708_rng/" "$R/lib/modules-load.d/rpi2.conf" | |
|
212 | if [ "$ENABLE_HWRANDOM" = true ] && [ "$BUILD_KERNEL" = false ] ; then | |
|
213 | sed -i "s/^# bcm2708_rng/bcm2708_rng/" "${R}/lib/modules-load.d/rpi2.conf" | |
|
205 | 214 | fi |
|
206 | 215 | |
|
207 | 216 | # Load sound module at boot |
|
208 | 217 | if [ "$ENABLE_SOUND" = true ] ; then |
|
209 | sed -i "s/^# snd_bcm2835/snd_bcm2835/" "$R/lib/modules-load.d/rpi2.conf" | |
|
218 | sed -i "s/^# snd_bcm2835/snd_bcm2835/" "${R}/lib/modules-load.d/rpi2.conf" | |
|
210 | 219 | fi |
|
211 | 220 | |
|
212 | 221 | # Install kernel modules blacklist |
|
213 |
mkdir -p "$ |
|
|
214 |
install_readonly files/modules/raspi-blacklist.conf "$ |
|
|
222 | mkdir -p "${ETCDIR}/modprobe.d/" | |
|
223 | install_readonly files/modules/raspi-blacklist.conf "${ETCDIR}/modprobe.d/raspi-blacklist.conf" | |
|
215 | 224 | |
|
216 | 225 | # Install and setup fstab |
|
217 |
install_readonly files/mount/fstab "$ |
|
|
226 | install_readonly files/mount/fstab "${ETCDIR}/fstab" | |
|
218 | 227 | |
|
219 | 228 | # Add usb/sda disk root partition to fstab |
|
220 | if [ "$ENABLE_SPLITFS" = true ] ; then | |
|
221 |
sed -i "s/mmcblk0p2/sda1/" "$ |
|
|
229 | if [ "$ENABLE_SPLITFS" = true ] && [ "$ENABLE_CRYPTFS" = false ] ; then | |
|
230 | sed -i "s/mmcblk0p2/sda1/" "${ETCDIR}/fstab" | |
|
222 | 231 | fi |
|
223 | 232 | |
|
224 | 233 | # Add encrypted root partition to fstab and crypttab |
|
225 | 234 | if [ "$ENABLE_CRYPTFS" = true ] ; then |
|
226 | 235 | # Replace fstab root partition with encrypted partition mapping |
|
227 |
sed -i "s/mmcblk0p2/mapper\/${CRYPTFS_MAPPING}/" "$ |
|
|
236 | sed -i "s/mmcblk0p2/mapper\/${CRYPTFS_MAPPING}/" "${ETCDIR}/fstab" | |
|
228 | 237 | |
|
229 | 238 | # Add encrypted partition to crypttab and fstab |
|
230 |
install_readonly files/mount/crypttab "$ |
|
|
231 |
echo "${CRYPTFS_MAPPING} /dev/mmcblk0p2 none luks" >> "$ |
|
|
239 | install_readonly files/mount/crypttab "${ETCDIR}/crypttab" | |
|
240 | echo "${CRYPTFS_MAPPING} /dev/mmcblk0p2 none luks" >> "${ETCDIR}/crypttab" | |
|
241 | ||
|
242 | if [ "$ENABLE_SPLITFS" = true ] ; then | |
|
243 | # Add usb/sda disk to crypttab | |
|
244 | sed -i "s/mmcblk0p2/sda1/" "${ETCDIR}/crypttab" | |
|
245 | fi | |
|
232 | 246 | fi |
|
233 | 247 | |
|
234 | 248 | # Generate initramfs file |
|
235 | 249 | if [ "$ENABLE_INITRAMFS" = true ] ; then |
|
236 | 250 | if [ "$ENABLE_CRYPTFS" = true ] ; then |
|
251 | # Include initramfs scripts to auto expand encrypted root partition | |
|
252 | if [ "$EXPANDROOT" = true ] ; then | |
|
253 | install_exec files/initramfs/expand_encrypted_rootfs "${ETCDIR}/initramfs-tools/scripts/init-premount/expand_encrypted_rootfs" | |
|
254 | install_exec files/initramfs/expand-premount "${ETCDIR}/initramfs-tools/scripts/local-premount/expand-premount" | |
|
255 | install_exec files/initramfs/expand-tools "${ETCDIR}/initramfs-tools/hooks/expand-tools" | |
|
256 | fi | |
|
257 | ||
|
258 | # Disable SSHD inside initramfs | |
|
259 | printf "#\n# DROPBEAR: [ y | n ]\n#\n\nDROPBEAR=n\n" >> "${ETCDIR}/initramfs-tools/initramfs.conf" | |
|
260 | ||
|
237 | 261 | # Dummy mapping required by mkinitramfs |
|
238 | 262 | echo "0 1 crypt $(echo ${CRYPTFS_CIPHER} | cut -d ':' -f 1) ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff 0 7:0 4096" | chroot_exec dmsetup create "${CRYPTFS_MAPPING}" |
|
239 | 263 | |
@@ -249,4 +273,4 if [ "$ENABLE_INITRAMFS" = true ] ; then | |||
|
249 | 273 | fi |
|
250 | 274 | |
|
251 | 275 | # Install sysctl.d configuration files |
|
252 |
install_readonly files/sysctl.d/81-rpi-vm.conf "$ |
|
|
276 | install_readonly files/sysctl.d/81-rpi-vm.conf "${ETCDIR}/sysctl.d/81-rpi-vm.conf" |
@@ -6,37 +6,37 | |||
|
6 | 6 | . ./functions.sh |
|
7 | 7 | |
|
8 | 8 | # Install and setup hostname |
|
9 |
install_readonly files/network/hostname "$ |
|
|
10 |
sed -i "s/^rpi2-jessie/${HOSTNAME}/" "$ |
|
|
9 | install_readonly files/network/hostname "${ETCDIR}/hostname" | |
|
10 | sed -i "s/^rpi2-jessie/${HOSTNAME}/" "${ETCDIR}/hostname" | |
|
11 | 11 | |
|
12 | 12 | # Install and setup hosts |
|
13 |
install_readonly files/network/hosts "$ |
|
|
14 |
sed -i "s/rpi2-jessie/${HOSTNAME}/" "$ |
|
|
13 | install_readonly files/network/hosts "${ETCDIR}/hosts" | |
|
14 | sed -i "s/rpi2-jessie/${HOSTNAME}/" "${ETCDIR}/hosts" | |
|
15 | 15 | |
|
16 | 16 | # Setup hostname entry with static IP |
|
17 | 17 | if [ "$NET_ADDRESS" != "" ] ; then |
|
18 | 18 | NET_IP=$(echo "${NET_ADDRESS}" | cut -f 1 -d'/') |
|
19 |
sed -i "s/^127.0.1.1/${NET_IP}/" "$ |
|
|
19 | sed -i "s/^127.0.1.1/${NET_IP}/" "${ETCDIR}/hosts" | |
|
20 | 20 | fi |
|
21 | 21 | |
|
22 | 22 | # Remove IPv6 hosts |
|
23 | 23 | if [ "$ENABLE_IPV6" = false ] ; then |
|
24 |
sed -i -e "/::[1-9]/d" -e "/^$/d" "$ |
|
|
24 | sed -i -e "/::[1-9]/d" -e "/^$/d" "${ETCDIR}/hosts" | |
|
25 | 25 | fi |
|
26 | 26 | |
|
27 | 27 | # Install hint about network configuration |
|
28 |
install_readonly files/network/interfaces "$ |
|
|
28 | install_readonly files/network/interfaces "${ETCDIR}/network/interfaces" | |
|
29 | 29 | |
|
30 | 30 | # Install configuration for interface eth0 |
|
31 |
install_readonly files/network/eth.network "$ |
|
|
31 | install_readonly files/network/eth.network "${ETCDIR}/systemd/network/eth.network" | |
|
32 | 32 | |
|
33 | 33 | if [ "$ENABLE_DHCP" = true ] ; then |
|
34 | 34 | # Enable DHCP configuration for interface eth0 |
|
35 |
sed -i -e "s/DHCP=.*/DHCP=yes/" -e "/DHCP/q" "$ |
|
|
35 | sed -i -e "s/DHCP=.*/DHCP=yes/" -e "/DHCP/q" "${ETCDIR}/systemd/network/eth.network" | |
|
36 | 36 | |
|
37 | 37 | # Set DHCP configuration to IPv4 only |
|
38 | 38 | if [ "$ENABLE_IPV6" = false ] ; then |
|
39 |
sed -i "s/DHCP=.*/DHCP=v4/" "$ |
|
|
39 | sed -i "s/DHCP=.*/DHCP=v4/" "${ETCDIR}/systemd/network/eth.network" | |
|
40 | 40 | fi |
|
41 | 41 | |
|
42 | 42 | else # ENABLE_DHCP=false |
@@ -50,23 +50,23 else # ENABLE_DHCP=false | |||
|
50 | 50 | -e "s|Domains=\$|Domains=${NET_DNS_DOMAINS}|"\ |
|
51 | 51 | -e "0,/NTP=\$/ s|NTP=\$|NTP=${NET_NTP_1}|"\ |
|
52 | 52 | -e "0,/NTP=\$/ s|NTP=\$|NTP=${NET_NTP_2}|"\ |
|
53 |
"$ |
|
|
53 | "${ETCDIR}/systemd/network/eth.network" | |
|
54 | 54 | fi |
|
55 | 55 | |
|
56 | 56 | # Remove empty settings from network configuration |
|
57 |
sed -i "/.*=\$/d" "$ |
|
|
57 | sed -i "/.*=\$/d" "${ETCDIR}/systemd/network/eth.network" | |
|
58 | 58 | |
|
59 | 59 | # Enable systemd-networkd service |
|
60 | 60 | chroot_exec systemctl enable systemd-networkd |
|
61 | 61 | |
|
62 | 62 | # Install host.conf resolver configuration |
|
63 |
install_readonly files/network/host.conf "$ |
|
|
63 | install_readonly files/network/host.conf "${ETCDIR}/host.conf" | |
|
64 | 64 | |
|
65 | 65 | # Enable network stack hardening |
|
66 | 66 | if [ "$ENABLE_HARDNET" = true ] ; then |
|
67 | 67 | # Install sysctl.d configuration files |
|
68 |
install_readonly files/sysctl.d/82-rpi-net-hardening.conf "$ |
|
|
68 | install_readonly files/sysctl.d/82-rpi-net-hardening.conf "${ETCDIR}/sysctl.d/82-rpi-net-hardening.conf" | |
|
69 | 69 | |
|
70 | 70 | # Setup resolver warnings about spoofed addresses |
|
71 |
sed -i "s/^# spoof warn/spoof warn/" "$ |
|
|
71 | sed -i "s/^# spoof warn/spoof warn/" "${ETCDIR}/host.conf" | |
|
72 | 72 | fi |
@@ -7,16 +7,16 | |||
|
7 | 7 | |
|
8 | 8 | if [ "$ENABLE_IPTABLES" = true ] ; then |
|
9 | 9 | # Create iptables configuration directory |
|
10 |
mkdir -p "$ |
|
|
10 | mkdir -p "${ETCDIR}/iptables" | |
|
11 | 11 | |
|
12 | 12 | # Install iptables systemd service |
|
13 |
install_readonly files/iptables/iptables.service "$ |
|
|
13 | install_readonly files/iptables/iptables.service "${ETCDIR}/systemd/system/iptables.service" | |
|
14 | 14 | |
|
15 | 15 | # Install flush-table script called by iptables service |
|
16 |
install_exec files/iptables/flush-iptables.sh "$ |
|
|
16 | install_exec files/iptables/flush-iptables.sh "${ETCDIR}/iptables/flush-iptables.sh" | |
|
17 | 17 | |
|
18 | 18 | # Install iptables rule file |
|
19 |
install_readonly files/iptables/iptables.rules "$ |
|
|
19 | install_readonly files/iptables/iptables.rules "${ETCDIR}/iptables/iptables.rules" | |
|
20 | 20 | |
|
21 | 21 | # Reload systemd configuration and enable iptables service |
|
22 | 22 | chroot_exec systemctl daemon-reload |
@@ -24,12 +24,12 if [ "$ENABLE_IPTABLES" = true ] ; then | |||
|
24 | 24 | |
|
25 | 25 | if [ "$ENABLE_IPV6" = true ] ; then |
|
26 | 26 | # Install ip6tables systemd service |
|
27 |
install_readonly files/iptables/ip6tables.service "$ |
|
|
27 | install_readonly files/iptables/ip6tables.service "${ETCDIR}/systemd/system/ip6tables.service" | |
|
28 | 28 | |
|
29 | 29 | # Install ip6tables file |
|
30 |
install_exec files/iptables/flush-ip6tables.sh "$ |
|
|
30 | install_exec files/iptables/flush-ip6tables.sh "${ETCDIR}/iptables/flush-ip6tables.sh" | |
|
31 | 31 | |
|
32 |
install_readonly files/iptables/ip6tables.rules "$ |
|
|
32 | install_readonly files/iptables/ip6tables.rules "${ETCDIR}/iptables/ip6tables.rules" | |
|
33 | 33 | |
|
34 | 34 | # Reload systemd configuration and enable iptables service |
|
35 | 35 | chroot_exec systemctl daemon-reload |
@@ -39,6 +39,6 fi | |||
|
39 | 39 | |
|
40 | 40 | if [ "$ENABLE_SSHD" = false ] ; then |
|
41 | 41 | # Remove SSHD related iptables rules |
|
42 |
sed -i "/^#/! {/SSH/ s/^/# /}" "$ |
|
|
43 |
sed -i "/^#/! {/SSH/ s/^/# /}" "$ |
|
|
42 | sed -i "/^#/! {/SSH/ s/^/# /}" "${ETCDIR}/iptables/iptables.rules" 2> /dev/null | |
|
43 | sed -i "/^#/! {/SSH/ s/^/# /}" "${ETCDIR}/iptables/ip6tables.rules" 2> /dev/null | |
|
44 | 44 | fi |
@@ -19,7 +19,7 if [ "$ENABLE_ROOT" = true ] ; then | |||
|
19 | 19 | chroot_exec usermod -p "${ENCRYPTED_PASSWORD}" root |
|
20 | 20 | |
|
21 | 21 | if [ "$ENABLE_ROOT_SSH" = true ] ; then |
|
22 |
sed -i "s|[#]*PermitRootLogin.*|PermitRootLogin yes|g" "$ |
|
|
22 | sed -i "s|[#]*PermitRootLogin.*|PermitRootLogin yes|g" "${ETCDIR}/ssh/sshd_config" | |
|
23 | 23 | fi |
|
24 | 24 | else |
|
25 | 25 | # Set no root password to disable root login |
@@ -7,7 +7,7 | |||
|
7 | 7 | |
|
8 | 8 | # Disable rsyslog |
|
9 | 9 | if [ "$ENABLE_RSYSLOG" = false ] ; then |
|
10 |
sed -i "s|[#]*ForwardToSyslog=yes|ForwardToSyslog=no|g" "$ |
|
|
10 | sed -i "s|[#]*ForwardToSyslog=yes|ForwardToSyslog=no|g" "${ETCDIR}/systemd/journald.conf" | |
|
11 | 11 | chroot_exec systemctl disable rsyslog |
|
12 | 12 | chroot_exec apt-get -qq -y --force-yes purge rsyslog |
|
13 | 13 | fi |
@@ -7,25 +7,61 | |||
|
7 | 7 | |
|
8 | 8 | # Install gcc/c++ build environment inside the chroot |
|
9 | 9 | if [ "$ENABLE_UBOOT" = true ] || [ "$ENABLE_FBTURBO" = true ] ; then |
|
10 |
chroot_exec apt-get -q -y --force-yes --no-install-recommends install linux-compiler-gcc-4. |
|
|
10 | chroot_exec apt-get -q -y --force-yes --no-install-recommends install linux-compiler-gcc-4.8-arm g++ make bc | |
|
11 | 11 | fi |
|
12 | 12 | |
|
13 | 13 | # Fetch and build U-Boot bootloader |
|
14 | 14 | if [ "$ENABLE_UBOOT" = true ] ; then |
|
15 | 15 | # Fetch U-Boot bootloader sources |
|
16 | git -C "$R/tmp" clone git://git.denx.de/u-boot.git | |
|
16 | git -C "${R}/tmp" clone git://git.denx.de/u-boot.git | |
|
17 | 17 | |
|
18 | 18 | # Build and install U-Boot inside chroot |
|
19 |
chroot_exec make -C /tmp/u-boot/ |
|
|
19 | chroot_exec make -C /tmp/u-boot/ ${UBOOT_CONFIG} all | |
|
20 | 20 | |
|
21 | 21 | # Copy compiled bootloader binary and set config.txt to load it |
|
22 | install_readonly "$R/tmp/u-boot/u-boot.bin" "$R/boot/firmware/u-boot.bin" | |
|
23 | printf "\n# boot u-boot kernel\nkernel=u-boot.bin\n" >> "$R/boot/firmware/config.txt" | |
|
22 | install_exec "${R}/tmp/u-boot/tools/mkimage" "${R}/usr/sbin/mkimage" | |
|
23 | install_readonly "${R}/tmp/u-boot/u-boot.bin" "${BOOTDIR}/u-boot.bin" | |
|
24 | printf "\n# boot u-boot kernel\nkernel=u-boot.bin\n" >> "${BOOTDIR}/config.txt" | |
|
24 | 25 | |
|
25 | 26 | # Install and setup U-Boot command file |
|
26 |
install_readonly files/boot/uboot.mkimage "$ |
|
|
27 |
printf "# Set the kernel boot command line\nsetenv bootargs \"earlyprintk ${CMDLINE}\"\n\n$(cat $ |
|
|
27 | install_readonly files/boot/uboot.mkimage "${BOOTDIR}/uboot.mkimage" | |
|
28 | printf "# Set the kernel boot command line\nsetenv bootargs \"earlyprintk ${CMDLINE}\"\n\n$(cat ${BOOTDIR}/uboot.mkimage)" > "${BOOTDIR}/uboot.mkimage" | |
|
29 | ||
|
30 | if [ "$ENABLE_INITRAMFS" = true ] ; then | |
|
31 | # Convert generated initramfs for U-Boot using mkimage | |
|
32 | chroot_exec /usr/sbin/mkimage -A "${KERNEL_ARCH}" -T ramdisk -C none -n "initramfs-${KERNEL_VERSION}" -d "/boot/firmware/initramfs-${KERNEL_VERSION}" "/boot/firmware/initramfs-${KERNEL_VERSION}.uboot" | |
|
33 | ||
|
34 | # Remove original initramfs file | |
|
35 | rm -f "${BOOTDIR}/initramfs-${KERNEL_VERSION}" | |
|
36 | ||
|
37 | # Configure U-Boot to load generated initramfs | |
|
38 | printf "# Set initramfs file\nsetenv initramfs initramfs-${KERNEL_VERSION}.uboot\n\n$(cat ${BOOTDIR}/uboot.mkimage)" > "${BOOTDIR}/uboot.mkimage" | |
|
39 | printf "\nbootz \${kernel_addr_r} \${ramdisk_addr_r} \${fdt_addr_r}" >> "${BOOTDIR}/uboot.mkimage" | |
|
40 | else # ENABLE_INITRAMFS=false | |
|
41 | # Remove initramfs from U-Boot mkfile | |
|
42 | sed -i '/.*initramfs.*/d' "${BOOTDIR}/uboot.mkimage" | |
|
43 | ||
|
44 | if [ "$BUILD_KERNEL" = false ] ; then | |
|
45 | # Remove dtbfile from U-Boot mkfile | |
|
46 | sed -i '/.*dtbfile.*/d' "${BOOTDIR}/uboot.mkimage" | |
|
47 | printf "\nbootz \${kernel_addr_r}" >> "${BOOTDIR}/uboot.mkimage" | |
|
48 | else | |
|
49 | printf "\nbootz \${kernel_addr_r} - \${fdt_addr_r}" >> "${BOOTDIR}/uboot.mkimage" | |
|
50 | fi | |
|
51 | fi | |
|
52 | ||
|
53 | # Set mkfile to use dtb file | |
|
54 | sed -i "s/^\(setenv dtbfile \).*/\1${DTB_FILE}/" "${BOOTDIR}/uboot.mkimage" | |
|
55 | ||
|
56 | # Set mkfile to use kernel image | |
|
57 | sed -i "s/^\(fatload mmc 0:1 \${kernel_addr_r} \).*/\1${KERNEL_IMAGE}/" "${BOOTDIR}/uboot.mkimage" | |
|
58 | ||
|
59 | # Remove all leading blank lines | |
|
60 | sed -i "/./,\$!d" "${BOOTDIR}/uboot.mkimage" | |
|
28 | 61 | |
|
29 | 62 | # Generate U-Boot bootloader image |
|
30 |
chroot_exec / |
|
|
63 | chroot_exec /usr/sbin/mkimage -A "${KERNEL_ARCH}" -O linux -T script -C none -a 0x00000000 -e 0x00000000 -n RPi2 -d /boot/firmware/uboot.mkimage /boot/firmware/boot.scr | |
|
64 | ||
|
65 | # Remove U-Boot sources | |
|
66 | rm -fr "${R}/tmp/u-boot" | |
|
31 | 67 | fi |
@@ -7,7 +7,7 | |||
|
7 | 7 | |
|
8 | 8 | if [ "$ENABLE_FBTURBO" = true ] ; then |
|
9 | 9 | # Fetch fbturbo driver sources |
|
10 | git -C "$R/tmp" clone https://github.com/ssvb/xf86-video-fbturbo.git | |
|
10 | git -C "${R}/tmp" clone https://github.com/ssvb/xf86-video-fbturbo.git | |
|
11 | 11 | |
|
12 | 12 | # Install Xorg build dependencies |
|
13 | 13 | chroot_exec apt-get -q -y --no-install-recommends install xorg-dev xutils-dev x11proto-dri2-dev libltdl-dev libtool automake libdrm-dev |
@@ -22,7 +22,7 make install | |||
|
22 | 22 | EOF |
|
23 | 23 | |
|
24 | 24 | # Install fbturbo driver Xorg configuration |
|
25 | install_readonly files/xorg/99-fbturbo.conf "$R/usr/share/X11/xorg.conf.d/99-fbturbo.conf" | |
|
25 | install_readonly files/xorg/99-fbturbo.conf "${R}/usr/share/X11/xorg.conf.d/99-fbturbo.conf" | |
|
26 | 26 | |
|
27 | 27 | # Remove Xorg build dependencies |
|
28 | 28 | chroot_exec apt-get -qq -y --auto-remove purge xorg-dev xutils-dev x11proto-dri2-dev libltdl-dev libtool automake libdrm-dev |
@@ -30,5 +30,5 fi | |||
|
30 | 30 | |
|
31 | 31 | # Remove gcc/c++ build environment from the chroot |
|
32 | 32 | if [ "$ENABLE_UBOOT" = true ] || [ "$ENABLE_FBTURBO" = true ] ; then |
|
33 |
chroot_exec apt-get -qq -y --auto-remove purge bc binutils cpp cpp-4.9 g++ g++-4.9 gcc gcc-4.9 libasan1 libatomic1 libc-dev-bin libc6-dev libcloog-isl4 libgcc-4.9-dev libgomp1 libisl10 libmpc3 libmpfr4 libstdc++-4.9-dev libubsan0 linux-compiler-gcc-4. |
|
|
33 | chroot_exec apt-get -qq -y --auto-remove purge bc binutils cpp cpp-4.8 cpp-4.9 g++ g++-4.8 g++-4.9 gcc gcc-4.8 gcc-4.9 libasan1 libatomic1 libc-dev-bin libc6-dev libcloog-isl4 libgcc-4.8-dev libgcc-4.9-dev libgomp1 libisl10 libmpc3 libmpfr4 libstdc++-4.9-dev libubsan0 linux-compiler-gcc-4.8-arm linux-libc-dev make | |
|
34 | 34 | fi |
@@ -6,29 +6,34 | |||
|
6 | 6 | . ./functions.sh |
|
7 | 7 | |
|
8 | 8 | # Prepare rc.firstboot script |
|
9 |
cat files/firstboot/10-begin.sh > "$ |
|
|
9 | cat files/firstboot/10-begin.sh > "${ETCDIR}/rc.firstboot" | |
|
10 | 10 | |
|
11 | 11 | # Ensure openssh server host keys are regenerated on first boot |
|
12 | 12 | if [ "$ENABLE_SSHD" = true ] ; then |
|
13 |
cat files/firstboot/21-generate-ssh-keys.sh >> "$ |
|
|
13 | cat files/firstboot/21-generate-ssh-keys.sh >> "${ETCDIR}/rc.firstboot" | |
|
14 | 14 | fi |
|
15 | 15 | |
|
16 | 16 | # Prepare filesystem auto expand |
|
17 | 17 | if [ "$EXPANDROOT" = true ] ; then |
|
18 | cat files/firstboot/22-expandroot.sh >> "$R/etc/rc.firstboot" | |
|
18 | if [ "$ENABLE_CRYPTFS" = false ] ; then | |
|
19 | cat files/firstboot/22-expandroot.sh >> "${ETCDIR}/rc.firstboot" | |
|
20 | else | |
|
21 | # Regenerate initramfs to remove encrypted root partition auto expand | |
|
22 | cat files/firstboot/23-regenerate-initramfs.sh >> "${ETCDIR}/rc.firstboot" | |
|
23 | fi | |
|
19 | 24 | fi |
|
20 | 25 | |
|
21 | 26 | # Ensure that dbus machine-id exists |
|
22 |
cat files/firstboot/2 |
|
|
27 | cat files/firstboot/24-generate-machineid.sh >> "${ETCDIR}/rc.firstboot" | |
|
23 | 28 | |
|
24 | 29 | # Create /etc/resolv.conf symlink |
|
25 |
cat files/firstboot/2 |
|
|
30 | cat files/firstboot/25-create-resolv-symlink.sh >> "${ETCDIR}/rc.firstboot" | |
|
26 | 31 | |
|
27 | 32 | # Finalize rc.firstboot script |
|
28 |
cat files/firstboot/99-finish.sh >> "$ |
|
|
29 |
chmod +x "$ |
|
|
33 | cat files/firstboot/99-finish.sh >> "${ETCDIR}/rc.firstboot" | |
|
34 | chmod +x "${ETCDIR}/rc.firstboot" | |
|
30 | 35 | |
|
31 | 36 | # Add rc.firstboot script to rc.local |
|
32 |
sed -i '/exit 0/d' "$ |
|
|
33 |
echo /etc/rc.firstboot >> "$ |
|
|
34 |
echo exit 0 >> "$ |
|
|
37 | sed -i '/exit 0/d' "${ETCDIR}/rc.local" | |
|
38 | echo /etc/rc.firstboot >> "${ETCDIR}/rc.local" | |
|
39 | echo exit 0 >> "${ETCDIR}/rc.local" |
@@ -10,33 +10,33 if [ "$ENABLE_REDUCE" = true ] ; then | |||
|
10 | 10 | if [ "$REDUCE_APT" = true ] ; then |
|
11 | 11 | # Install dpkg configuration file |
|
12 | 12 | if [ "$REDUCE_DOC" = true ] || [ "$REDUCE_MAN" = true ] ; then |
|
13 |
install_readonly files/dpkg/01nodoc "$ |
|
|
13 | install_readonly files/dpkg/01nodoc "${ETCDIR}/dpkg/dpkg.cfg.d/01nodoc" | |
|
14 | 14 | fi |
|
15 | 15 | |
|
16 | 16 | # Install APT configuration files |
|
17 |
install_readonly files/apt/02nocache "$ |
|
|
18 |
install_readonly files/apt/03compress "$ |
|
|
19 |
install_readonly files/apt/04norecommends "$ |
|
|
17 | install_readonly files/apt/02nocache "${ETCDIR}/apt/apt.conf.d/02nocache" | |
|
18 | install_readonly files/apt/03compress "${ETCDIR}/apt/apt.conf.d/03compress" | |
|
19 | install_readonly files/apt/04norecommends "${ETCDIR}/apt/apt.conf.d/04norecommends" | |
|
20 | 20 | |
|
21 | 21 | # Remove APT cache files |
|
22 | rm -fr "$R/var/cache/apt/pkgcache.bin" | |
|
23 | rm -fr "$R/var/cache/apt/srcpkgcache.bin" | |
|
22 | rm -fr "${R}/var/cache/apt/pkgcache.bin" | |
|
23 | rm -fr "${R}/var/cache/apt/srcpkgcache.bin" | |
|
24 | 24 | fi |
|
25 | 25 | |
|
26 | 26 | # Remove all doc files |
|
27 | 27 | if [ "$REDUCE_DOC" = true ] ; then |
|
28 | find "$R/usr/share/doc" -depth -type f ! -name copyright | xargs rm || true | |
|
29 | find "$R/usr/share/doc" -empty | xargs rmdir || true | |
|
28 | find "${R}/usr/share/doc" -depth -type f ! -name copyright | xargs rm || true | |
|
29 | find "${R}/usr/share/doc" -empty | xargs rmdir || true | |
|
30 | 30 | fi |
|
31 | 31 | |
|
32 | 32 | # Remove all man pages and info files |
|
33 | 33 | if [ "$REDUCE_MAN" = true ] ; then |
|
34 | rm -rf "$R/usr/share/man" "$R/usr/share/groff" "$R/usr/share/info" "$R/usr/share/lintian" "$R/usr/share/linda" "$R/var/cache/man" | |
|
34 | rm -rf "${R}/usr/share/man" "${R}/usr/share/groff" "${R}/usr/share/info" "${R}/usr/share/lintian" "${R}/usr/share/linda" "${R}/var/cache/man" | |
|
35 | 35 | fi |
|
36 | 36 | |
|
37 | 37 | # Remove all locale translation files |
|
38 | 38 | if [ "$REDUCE_LOCALE" = true ] ; then |
|
39 | find "$R/usr/share/locale" -mindepth 1 -maxdepth 1 ! -name 'en' | xargs rm -r | |
|
39 | find "${R}/usr/share/locale" -mindepth 1 -maxdepth 1 ! -name 'en' | xargs rm -r | |
|
40 | 40 | fi |
|
41 | 41 | |
|
42 | 42 | # Remove hwdb PCI device classes (experimental) |
@@ -60,19 +60,19 if [ "$ENABLE_REDUCE" = true ] ; then | |||
|
60 | 60 | |
|
61 | 61 | # Remove GPU kernels |
|
62 | 62 | if [ "$ENABLE_MINGPU" = true ] ; then |
|
63 |
rm -f "$ |
|
|
64 |
rm -f "$ |
|
|
65 |
rm -f "$ |
|
|
66 |
rm -f "$ |
|
|
63 | rm -f "${BOOTDIR}/start.elf" | |
|
64 | rm -f "${BOOTDIR}/fixup.dat" | |
|
65 | rm -f "${BOOTDIR}/start_x.elf" | |
|
66 | rm -f "${BOOTDIR}/fixup_x.dat" | |
|
67 | 67 | fi |
|
68 | 68 | |
|
69 | 69 | # Remove kernel and initrd from /boot (already in /boot/firmware) |
|
70 | 70 | if [ "$BUILD_KERNEL" = false ] ; then |
|
71 |
rm - |
|
|
72 |
rm - |
|
|
71 | rm -f "${R}/boot/vmlinuz-*" | |
|
72 | rm -f "${R}/boot/initrd.img-*" | |
|
73 | 73 | fi |
|
74 | 74 | |
|
75 | 75 | # Clean APT list of repositories |
|
76 | rm -fr "$R/var/lib/apt/lists/*" | |
|
76 | rm -fr "${R}/var/lib/apt/lists/*" | |
|
77 | 77 | chroot_exec apt-get -qq -y update |
|
78 | 78 | fi |
@@ -1,3 +1,6 | |||
|
1 | # Set device tree fdtfile | |
|
2 | setenv dtbfile bcm2709-rpi-2-b.dtb | |
|
3 | ||
|
1 | 4 | # Tell Linux that it is booting on a Raspberry Pi2 |
|
2 | 5 | setenv machid 0x00000c42 |
|
3 | 6 | |
@@ -6,6 +9,7 saveenv | |||
|
6 | 9 | |
|
7 | 10 | # Load the existing Linux kernel into RAM |
|
8 | 11 | fatload mmc 0:1 ${kernel_addr_r} kernel7.img |
|
12 | fatload mmc 0:1 ${fdt_addr_r} ${dtbfile} | |
|
13 | fatload mmc 0:1 ${ramdisk_addr_r} ${initramfs} | |
|
9 | 14 | |
|
10 | 15 | # Boot the kernel we have just loaded |
|
11 | bootz ${kernel_addr_r} |
@@ -1,8 +1,11 | |||
|
1 | 1 | logger -t "rc.firstboot" "Generating SSH host keys" |
|
2 | 2 | |
|
3 | 3 | if [ -d "/etc/ssh/" ] ; then |
|
4 | # Remove ssh host keys | |
|
4 | 5 | rm -f /etc/ssh/ssh_host_* |
|
5 | 6 | systemctl stop sshd |
|
7 | ||
|
8 | # Regenerate ssh host keys | |
|
6 | 9 | ssh-keygen -q -t rsa -N "" -f /etc/ssh/ssh_host_rsa_key |
|
7 | 10 | ssh-keygen -q -t dsa -N "" -f /etc/ssh/ssh_host_dsa_key |
|
8 | 11 | ssh-keygen -q -t ecdsa -N "" -f /etc/ssh/ssh_host_ecdsa_key |
@@ -11,8 +14,11 if [ -d "/etc/ssh/" ] ; then | |||
|
11 | 14 | fi |
|
12 | 15 | |
|
13 | 16 | if [ -d "/etc/dropbear/" ] ; then |
|
17 | # Remove ssh host keys | |
|
14 | 18 | rm -f /etc/dropbear/dropbear_* |
|
15 | 19 | systemctl stop dropbear |
|
20 | ||
|
21 | # Regenerate ssh host keys | |
|
16 | 22 | dropbearkey -t rsa -f /etc/dropbear/dropbear_rsa_host_key |
|
17 | 23 | dropbearkey -t dss -f /etc/dropbear/dropbear_dss_host_key |
|
18 | 24 | dropbearkey -t ecdsa -f /etc/dropbear/dropbear_ecdsa_host_key |
@@ -1,10 +1,20 | |||
|
1 | logger -t "rc.firstboot" "Expanding root" | |
|
1 | logger -t "rc.firstboot" "Expanding root partition" | |
|
2 | ||
|
3 | # Detect root partition device | |
|
2 | 4 | ROOT_PART=$(mount | sed -n 's|^/dev/\(.*\) on / .*|\1|p') |
|
3 | PART_NUM=$(echo ${ROOT_PART} | grep -o '[1-9][0-9]*$') | |
|
5 | if [ -z "$ROOT_PART" ] ; then | |
|
6 | log_warning_msg "unable to detect root partition device" | |
|
7 | return 1 | |
|
8 | fi | |
|
9 | ||
|
10 | # Extract root device name | |
|
4 | 11 | case "${ROOT_PART}" in |
|
5 | 12 | mmcblk0*) ROOT_DEV=mmcblk0 ;; |
|
6 | 13 | sda*) ROOT_DEV=sda ;; |
|
7 | 14 | esac |
|
15 | ||
|
16 | # Check detected root partition name | |
|
17 | PART_NUM=$(echo ${ROOT_PART} | grep -o '[1-9][0-9]*$') | |
|
8 | 18 | if [ "$PART_NUM" = "$ROOT_PART" ] ; then |
|
9 | 19 | logger -t "rc.firstboot" "$ROOT_PART is not an SD card. Don't know how to expand" |
|
10 | 20 | return 0 |
@@ -16,6 +26,8 if [ "$PART_NUM" -gt 2 ] ; then | |||
|
16 | 26 | logger -t "rc.firstboot" "Your partition layout is not currently supported by this tool." |
|
17 | 27 | return 0 |
|
18 | 28 | fi |
|
29 | ||
|
30 | # Check if last partition number | |
|
19 | 31 | LAST_PART_NUM=$(parted /dev/${ROOT_DEV} -ms unit s p | tail -n 1 | cut -f 1 -d:) |
|
20 | 32 | if [ $LAST_PART_NUM -ne $PART_NUM ]; then |
|
21 | 33 | logger -t "rc.firstboot" "$ROOT_PART is not the last partition. Don't know how to expand" |
@@ -53,4 +65,4 EOF2 | |||
|
53 | 65 | # Reload the partition table, resize root filesystem then remove resizing code from this file |
|
54 | 66 | partprobe && |
|
55 | 67 | resize2fs /dev/${ROOT_PART} && |
|
56 | logger -t "rc.firstboot" "Root partition successfuly resized." | |
|
68 | logger -t "rc.firstboot" "Root partition successfully resized." |
|
1 | NO CONTENT: file renamed from files/firstboot/23-generate-machineid.sh to files/firstboot/24-generate-machineid.sh |
|
1 | NO CONTENT: file renamed from files/firstboot/24-create-resolv-symlink.sh to files/firstboot/25-create-resolv-symlink.sh |
@@ -6,9 +6,9 cleanup (){ | |||
|
6 | 6 | |
|
7 | 7 | # Identify and kill all processes still using files |
|
8 | 8 | echo "killing processes using mount point ..." |
|
9 | fuser -k "$R" | |
|
9 | fuser -k "${R}" | |
|
10 | 10 | sleep 3 |
|
11 | fuser -9 -k -v "$R" | |
|
11 | fuser -9 -k -v "${R}" | |
|
12 | 12 | |
|
13 | 13 | # Clean up temporary .password file |
|
14 | 14 | if [ -r ".password" ] ; then |
@@ -17,9 +17,9 cleanup (){ | |||
|
17 | 17 | |
|
18 | 18 | # Clean up all temporary mount points |
|
19 | 19 | echo "removing temporary mount points ..." |
|
20 | umount -l "$R/proc" 2> /dev/null | |
|
21 | umount -l "$R/sys" 2> /dev/null | |
|
22 | umount -l "$R/dev/pts" 2> /dev/null | |
|
20 | umount -l "${R}/proc" 2> /dev/null | |
|
21 | umount -l "${R}/sys" 2> /dev/null | |
|
22 | umount -l "${R}/dev/pts" 2> /dev/null | |
|
23 | 23 | umount "$BUILDDIR/mount/boot/firmware" 2> /dev/null |
|
24 | 24 | umount "$BUILDDIR/mount" 2> /dev/null |
|
25 | 25 | cryptsetup close "${CRYPTFS_MAPPING}" 2> /dev/null |
@@ -30,7 +30,7 cleanup (){ | |||
|
30 | 30 | |
|
31 | 31 | chroot_exec() { |
|
32 | 32 | # Exec command in chroot |
|
33 | LANG=C LC_ALL=C DEBIAN_FRONTEND=noninteractive chroot $R $* | |
|
33 | LANG=C LC_ALL=C DEBIAN_FRONTEND=noninteractive chroot ${R} $* | |
|
34 | 34 | } |
|
35 | 35 | |
|
36 | 36 | install_readonly() { |
@@ -42,12 +42,20 RELEASE_ARCH=${RELEASE_ARCH:=armhf} | |||
|
42 | 42 | CROSS_COMPILE=${CROSS_COMPILE:=arm-linux-gnueabihf-} |
|
43 | 43 | COLLABORA_KERNEL=${COLLABORA_KERNEL:=3.18.0-trunk-rpi2} |
|
44 | 44 | KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcm2709_defconfig} |
|
45 | KERNEL_IMAGE=${KERNEL_IMAGE:=kernel7.img} | |
|
46 | DTB_FILE=${DTB_FILE:=bcm2709-rpi-2-b.dtb} | |
|
47 | UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_2_defconfig} | |
|
45 | 48 | QEMU_BINARY=${QEMU_BINARY:=/usr/bin/qemu-arm-static} |
|
46 | 49 | |
|
47 | 50 | # Build directories |
|
48 | 51 | BASEDIR="$(pwd)/images/${RELEASE}" |
|
49 | 52 | BUILDDIR="${BASEDIR}/build" |
|
53 | ||
|
54 | # Chroot directories | |
|
50 | 55 | R="${BUILDDIR}/chroot" |
|
56 | ETCDIR="${R}/etc" | |
|
57 | BOOTDIR="${R}/boot/firmware" | |
|
58 | KERNELDIR="${R}/usr/src/linux" | |
|
51 | 59 | |
|
52 | 60 | # General settings |
|
53 | 61 | HOSTNAME=${HOSTNAME:=rpi2-${RELEASE}} |
@@ -239,7 +247,7 if [ -e "$BUILDDIR" ] ; then | |||
|
239 | 247 | fi |
|
240 | 248 | |
|
241 | 249 | # Setup chroot directory |
|
242 | mkdir -p "$R" | |
|
250 | mkdir -p "${R}" | |
|
243 | 251 | |
|
244 | 252 | # Check if build directory has enough of free disk space >512MB |
|
245 | 253 | if [ "$(df --output=avail ${BUILDDIR} | sed "1d")" -le "524288" ] ; then |
@@ -354,7 +362,7 for SCRIPT in /chroot_scripts/* ; do | |||
|
354 | 362 | fi |
|
355 | 363 | done |
|
356 | 364 | EOF |
|
357 | rm -rf "$R/chroot_scripts" | |
|
365 | rm -rf "${R}/chroot_scripts" | |
|
358 | 366 | fi |
|
359 | 367 | |
|
360 | 368 | # Remove apt-utils |
@@ -362,8 +370,8 chroot_exec apt-get purge -qq -y --force-yes apt-utils | |||
|
362 | 370 | |
|
363 | 371 | # Generate required machine-id |
|
364 | 372 | MACHINE_ID=$(dbus-uuidgen) |
|
365 | echo -n "${MACHINE_ID}" > "$R/var/lib/dbus/machine-id" | |
|
366 |
echo -n "${MACHINE_ID}" > "$ |
|
|
373 | echo -n "${MACHINE_ID}" > "${R}/var/lib/dbus/machine-id" | |
|
374 | echo -n "${MACHINE_ID}" > "${ETCDIR}/machine-id" | |
|
367 | 375 | |
|
368 | 376 | # APT Cleanup |
|
369 | 377 | chroot_exec apt-get -y clean |
@@ -371,29 +379,29 chroot_exec apt-get -y autoclean | |||
|
371 | 379 | chroot_exec apt-get -y autoremove |
|
372 | 380 | |
|
373 | 381 | # Unmount mounted filesystems |
|
374 | umount -l "$R/proc" | |
|
375 | umount -l "$R/sys" | |
|
382 | umount -l "${R}/proc" | |
|
383 | umount -l "${R}/sys" | |
|
376 | 384 | |
|
377 | 385 | # Clean up directories |
|
378 | rm -rf "$R/run/*" | |
|
379 | rm -rf "$R/tmp/*" | |
|
386 | rm -rf "${R}/run/*" | |
|
387 | rm -rf "${R}/tmp/*" | |
|
380 | 388 | |
|
381 | 389 | # Clean up files |
|
382 |
rm -f "$ |
|
|
383 |
rm -f "$ |
|
|
384 |
rm -f "$ |
|
|
385 |
rm -f "$ |
|
|
386 |
rm -f "$ |
|
|
387 | rm -f "$R/root/.bash_history" | |
|
388 | rm -f "$R/var/lib/urandom/random-seed" | |
|
389 | rm -f "$R/etc/apt/apt.conf.d/10proxy" | |
|
390 | rm -f "$R/etc/resolv.conf" | |
|
391 | rm -f "$R/initrd.img" | |
|
392 | rm -f "$R/vmlinuz" | |
|
390 | rm -f "${ETCDIR}/ssh/ssh_host_*" | |
|
391 | rm -f "${ETCDIR}/dropbear/dropbear_*" | |
|
392 | rm -f "${ETCDIR}/apt/sources.list.save" | |
|
393 | rm -f "${ETCDIR}/resolvconf/resolv.conf.d/original" | |
|
394 | rm -f "${ETCDIR}/*-" | |
|
395 | rm -f "${ETCDIR}/apt/apt.conf.d/10proxy" | |
|
396 | rm -f "${ETCDIR}/resolv.conf" | |
|
397 | rm -f "${R}/root/.bash_history" | |
|
398 | rm -f "${R}/var/lib/urandom/random-seed" | |
|
399 | rm -f "${R}/initrd.img" | |
|
400 | rm -f "${R}/vmlinuz" | |
|
393 | 401 | rm -f "${R}${QEMU_BINARY}" |
|
394 | 402 | |
|
395 | 403 | # Calculate size of the chroot directory in KB |
|
396 | CHROOT_SIZE=$(expr `du -s "$R" | awk '{ print $1 }'`) | |
|
404 | CHROOT_SIZE=$(expr `du -s "${R}" | awk '{ print $1 }'`) | |
|
397 | 405 | |
|
398 | 406 | # Calculate the amount of needed 512 Byte sectors |
|
399 | 407 | TABLE_SECTORS=$(expr 1 \* 1024 \* 1024 \/ 512) |
@@ -482,7 +490,7 mkdir -p "$BUILDDIR/mount/boot/firmware" | |||
|
482 | 490 | mount "$FRMW_LOOP" "$BUILDDIR/mount/boot/firmware" |
|
483 | 491 | |
|
484 | 492 | # Copy all files from the chroot to the loop device mount point directory |
|
485 | rsync -a "$R/" "$BUILDDIR/mount/" | |
|
493 | rsync -a "${R}/" "$BUILDDIR/mount/" | |
|
486 | 494 | |
|
487 | 495 | # Unmount all temporary loop devices and mount points |
|
488 | 496 | cleanup |
General Comments 0
Vous devez vous connecter pour laisser un commentaire.
Se connecter maintenant