Raspi2-3_GenImage Commit - r82:d0f91512d9ca · Collaboration Tremplin des Sciences

fix: ENABLE_CRYPTFS -> UBOOT, SPLITFS, EXPANDROOT - cleanup

Jan Wagner -

r82:d0f91512d9ca

parent child

Context file:

r82:d0f91512d9ca

Expand all files

files/firstboot/23-regenerate-initramfs.sh created 644 +31 0

			@@ -0,0 +1,31
		1	logger -t "rc.firstboot" "Regenerating initramfs to remove encrypted root partition auto-expand"
		2
		3	KERNEL_VERSION=$(uname -r)
		4	KERNEL_ARCH=$(uname -m)
		5	INITRAMFS="/boot/firmware/initramfs-${KERNEL_VERSION}"
		6	INITRAMFS_UBOOT="${INITRAMFS}.uboot"
		7
		8	# Extract kernel arch
		9	case "${KERNEL_ARCH}" in
		10	arm*) KERNEL_ARCH=arm ;;
		11	esac
		12
		13	# Regenerate initramfs
		14	if [ -r "${INITRAMFS}" ] ; then
		15	rm -f /etc/initramfs-tools/scripts/init-premount/expand_encrypted_rootfs
		16	rm -f /etc/initramfs-tools/scripts/local-premount/expand-premount
		17	rm -f /etc/initramfs-tools/hooks/expand-tools
		18	rm -f "${INITRAMFS}"
		19	mkinitramfs -o "${INITRAMFS}" "${KERNEL_VERSION}"
		20	fi
		21
		22	# Convert generated initramfs for U-Boot using mkimage
		23	if [ -r "${INITRAMFS_UBOOT}" ] ; then
		24	rm -f /etc/initramfs-tools/scripts/init-premount/expand_encrypted_rootfs
		25	rm -f /etc/initramfs-tools/scripts/local-premount/expand-premount
		26	rm -f /etc/initramfs-tools/hooks/expand-tools
		27	rm -f "${INITRAMFS_UBOOT}"
		28	mkinitramfs -o "${INITRAMFS}" "${KERNEL_VERSION}"
		29	mkimage -A "${KERNEL_ARCH}" -T ramdisk -C none -n "initramfs-${KERNEL_VERSION}" -d "${INITRAMFS}" "${INITRAMFS_UBOOT}"
		30	rm -f "${INITRAMFS}"
		31	fi

files/initramfs/expand-premount created 755 +19 0

			@@ -0,0 +1,19
		1	#!/bin/sh
		2
		3	set -e
		4
		5	# Check for cryptdevice variable
		6	if [ -z "$cryptdevice" ] ; then
		7	echo "unable to get cryptdevice variable (local-premount)"
		8	exit 1
		9	fi
		10
		11	if [ -n "$ROOT" ] ; then
		12	# Resize encrypted root partition
		13	cryptsetup resize "${ROOT}"
		14	e2fsck -fp "${ROOT}"
		15	resize2fs -f "${ROOT}"
		16	e2fsck -fp "${ROOT}"
		17	fi
		18
		19	exit 0

files/initramfs/expand-tools created 755 +19 0

			@@ -0,0 +1,19
		1	#!/bin/sh
		2
		3	set -e
		4
		5	# Use initramfs utility functions
		6	. /usr/share/initramfs-tools/hook-functions
		7
		8	# Add binaries required for resizing the filesystem
		9	copy_exec /bin/grep /bin
		10	copy_exec /usr/bin/awk /bin
		11	copy_exec /usr/bin/cut /bin
		12	copy_exec /usr/bin/tail /bin
		13	copy_exec /sbin/fdisk /sbin
		14	copy_exec /sbin/parted /sbin
		15	copy_exec /sbin/e2fsck /sbin
		16	copy_exec /sbin/resize2fs /sbin
		17	copy_exec /sbin/partprobe /sbin
		18
		19	exit 0

files/initramfs/expand_encrypted_rootfs created 644 +85 0

			@@ -0,0 +1,85
		1	#!/bin/sh
		2	# expand_encrypted_rootfs initramfs-tools boot script
		3
		4	# dependencies: grep awk cut tail fdisk parted e2fsck resize2fs
		5
		6	set -e
		7
		8	# Wait for USB devices to be ready
		9	sleep 5
		10
		11	# Use initramfs utility functions
		12	if [ -r "/scripts/functions" ] ; then
		13	. /scripts/functions
		14	fi
		15
		16	# Check for cryptdevice variable
		17	if [ -z "$cryptdevice" ] ; then
		18	echo "unable to get cryptdevice variable (init-premount)"
		19	return 1
		20	fi
		21
		22	# Detect root partition device
		23	ROOT_PART=$(echo $cryptdevice \| awk -F"/\|:" '{ print $3 }')
		24	if [ -z "$ROOT_PART" ] ; then
		25	log_warning_msg "unable to detect encrypted root partition device (cryptdevice)"
		26	return 1
		27	fi
		28
		29	# Extract root device name
		30	case "${ROOT_PART}" in
		31	mmcblk0*) ROOT_DEV=mmcblk0 ;;
		32	sda*) ROOT_DEV=sda ;;
		33	esac
		34
		35	# Check detected root partition name
		36	PART_NUM=$(echo ${ROOT_PART} \| grep -o '[1-9][0-9]*$')
		37	if [ "$PART_NUM" = "$ROOT_PART" ] ; then
		38	log_warning_msg "$ROOT_PART is not an SD card. Don't know how to expand"
		39	return 1
		40	fi
		41
		42	# NOTE: the NOOBS partition layout confuses parted. For now, let's only
		43	# agree to work with a sufficiently simple partition layout
		44	if [ "$PART_NUM" -gt 2 ] ; then
		45	log_warning_msg "Your partition layout is not currently supported by this tool."
		46	return 1
		47	fi
		48
		49	# Check if last partition number
		50	LAST_PART_NUM=$(parted /dev/${ROOT_DEV} -ms unit s p \| tail -n 1 \| cut -f 1 -d:)
		51	if [ $LAST_PART_NUM -ne $PART_NUM ]; then
		52	log_warning_msg "$ROOT_PART is not the last partition. Don't know how to expand"
		53	return 1
		54	fi
		55
		56	# Get the starting offset of the root partition
		57	PART_START=$(parted /dev/${ROOT_DEV} -ms unit s p \| grep "^${PART_NUM}" \| cut -f 2 -d: \| sed 's/[^0-9]//g')
		58	if [ -z "$PART_START" ] ; then
		59	log_warning_msg "${ROOT_DEV} unable to get starting sector of the partition"
		60	return 1
		61	fi
		62
		63	# Get the possible last sector for the root partition
		64	PART_LAST=$(fdisk -l /dev/${ROOT_DEV} \| grep '^Disk.*sectors' \| awk '{ print $7 - 1 }')
		65	if [ -z "$PART_LAST" ] ; then
		66	log_warning_msg "${ROOT_DEV} unable to get last sector of the partition"
		67	return 1
		68	fi
		69
		70	### Since rc.local is run with "sh -e", let's add "\|\| true" to prevent premature exit
		71	fdisk /dev/${ROOT_DEV} 2> /dev/null <<EOF2 \|\| true
		72	p
		73	d
		74	$PART_NUM
		75	n
		76	p
		77	$PART_NUM
		78	$PART_START
		79	$PART_LAST
		80	p
		81	w
		82	EOF2
		83
		84	partprobe
		85	log_success_msg "Root partition successfully resized."

README.md +3 -2

              ## Build dependencies
              The following list of Debian packages must be installed on the build system because they are essentially required for the bootstrapping process. The script will check if all required packages are installed and missing packages will be installed automatically if confirmed by the user.
-               ```debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git-core```
+               ```debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git```
              ## Command-line parameters
              The script accepts certain command-line parameters to enable or disable specific OS features, services and configuration settings. These parameters are passed to the `rpi2-gen-image.sh` script via (simple) shell-variables. Unlike environment shell-variables (simple) shell-variables are defined at the beginning of the command-line call of the `rpi2-gen-image.sh` script.
              #### Encrypted root partition:
              ##### `ENABLE_CRYPTFS`=false
-             Enable full system encryption with dm-crypt. Setup a fully LUKS encrypted root partition (aes-xts-plain64:sha512) and generate required initramfs. The /boot directory will not be encrypted. This parameter will be ignored if `BUILD_KERNEL`=false. `ENABLE_CRYPTFS` is experimental. `ENABLE_UBOOT`, `ENABLE_SPLITFS`, `EXPANDROOT` and SSH-to-initramfs are currently not supported but will be soon - feel free to help.
+             Enable full system encryption with dm-crypt. Setup a fully LUKS encrypted root partition (aes-xts-plain64:sha512) and generate required initramfs. The /boot directory will not be encrypted. This parameter will be ignored if `BUILD_KERNEL`=false. `ENABLE_CRYPTFS` is experimental. SSH-to-initramfs is currently not supported but will be soon - feel free to help.
              ##### `CRYPTFS_PASSWORD`=""
              Set password of the encrypted root partition. This parameter is mandatory if `ENABLE_CRYPTFS`=true.
              | `boot` | Boot and RPi2 configuration files |
              | `dpkg` | Package Manager configuration |
              | `firstboot` | Scripts that get executed on first boot  |
+             | `initramfs` | Initramfs scripts |
              | `iptables` | Firewall configuration files |
              | `locales` | Locales configuration |
              | `modules` | Kernel Modules configuration |

bootstrap.d/10-bootstrap.sh +7 -7

              # Base debootstrap (unpack only)
              if [ "$ENABLE_MINBASE" = true ] ; then
-               http_proxy=${APT_PROXY} debootstrap --arch="${RELEASE_ARCH}" --foreign --variant=minbase --include="${APT_INCLUDES}" "${RELEASE}" "$R" "http://${APT_SERVER}/debian"
+               http_proxy=${APT_PROXY} debootstrap --arch="${RELEASE_ARCH}" --foreign --variant=minbase --include="${APT_INCLUDES}" "${RELEASE}" "${R}" "http://${APT_SERVER}/debian"
              else
-               http_proxy=${APT_PROXY} debootstrap --arch="${RELEASE_ARCH}" --foreign --include="${APT_INCLUDES}" "${RELEASE}" "$R" "http://${APT_SERVER}/debian"
+               http_proxy=${APT_PROXY} debootstrap --arch="${RELEASE_ARCH}" --foreign --include="${APT_INCLUDES}" "${RELEASE}" "${R}" "http://${APT_SERVER}/debian"
              fi
              # Copy qemu emulator binary to chroot
              install_exec "${QEMU_BINARY}" "${R}${QEMU_BINARY}"
              # Copy debian-archive-keyring.pgp
-             mkdir -p "$R/usr/share/keyrings"
-             install_readonly /usr/share/keyrings/debian-archive-keyring.gpg "$R/usr/share/keyrings/debian-archive-keyring.gpg"
+             mkdir -p "${R}/usr/share/keyrings"
+             install_readonly /usr/share/keyrings/debian-archive-keyring.gpg "${R}/usr/share/keyrings/debian-archive-keyring.gpg"
              # Complete the bootstrapping process
              chroot_exec /debootstrap/debootstrap --second-stage
              # Mount required filesystems
-             mount -t proc none "$R/proc"
-             mount -t sysfs none "$R/sys"
-             mount --bind /dev/pts "$R/dev/pts"
+             mount -t proc none "${R}/proc"
+             mount -t sysfs none "${R}/sys"
+             mount --bind /dev/pts "${R}/dev/pts"

bootstrap.d/11-apt.sh +8 -8

              # Install and setup APT proxy configuration
              if [ -z "$APT_PROXY" ] ; then
-               install_readonly files/apt/10proxy "$R/etc/apt/apt.conf.d/10proxy"
-               sed -i "s/\"\"/\"${APT_PROXY}\"/" "$R/etc/apt/apt.conf.d/10proxy"
+               install_readonly files/apt/10proxy "${ETCDIR}/apt/apt.conf.d/10proxy"
+               sed -i "s/\"\"/\"${APT_PROXY}\"/" "${ETCDIR}/apt/apt.conf.d/10proxy"
              fi
              if [ "$BUILD_KERNEL" = false ] ; then
                # Install APT pinning configuration for flash-kernel package
-               install_readonly files/apt/flash-kernel "$R/etc/apt/preferences.d/flash-kernel"
+               install_readonly files/apt/flash-kernel "${ETCDIR}/apt/preferences.d/flash-kernel"
                # Install APT sources.list
-               install_readonly files/apt/sources.list "$R/etc/apt/sources.list"
-               echo "deb https://repositories.collabora.co.uk/debian ${RELEASE} rpi2" >> "$R/etc/apt/sources.list"
+               install_readonly files/apt/sources.list "${ETCDIR}/apt/sources.list"
+               echo "deb https://repositories.collabora.co.uk/debian ${RELEASE} rpi2" >> "${ETCDIR}/apt/sources.list"
                # Upgrade collabora package index and install collabora keyring
                chroot_exec apt-get -qq -y update
                chroot_exec apt-get -qq -y --force-yes install collabora-obs-archive-keyring
              else # BUILD_KERNEL=true
                # Install APT sources.list
-               install_readonly files/apt/sources.list "$R/etc/apt/sources.list"
+               install_readonly files/apt/sources.list "${ETCDIR}/apt/sources.list"
                # Use specified APT server and release
-               sed -i "s/\/ftp.debian.org\//\/${APT_SERVER}\//" "$R/etc/apt/sources.list"
-               sed -i "s/ jessie/ ${RELEASE}/" "$R/etc/apt/sources.list"
+               sed -i "s/\/ftp.debian.org\//\/${APT_SERVER}\//" "${ETCDIR}/apt/sources.list"
+               sed -i "s/ jessie/ ${RELEASE}/" "${ETCDIR}/apt/sources.list"
              fi
              # Upgrade package index and update all installed packages and changed dependencies

bootstrap.d/12-locale.sh +10 -10

              . ./functions.sh
              # Install and setup timezone
-             echo ${TIMEZONE} > "$R/etc/timezone"
+             echo ${TIMEZONE} > "${ETCDIR}/timezone"
              chroot_exec dpkg-reconfigure -f noninteractive tzdata
              # Install and setup default locale and keyboard configuration
                else
                  # en_US.UTF-8 should be available anyway : https://www.debian.org/doc/manuals/debian-reference/ch08.en.html#_the_reconfiguration_of_the_locale
                  chroot_exec echo "locales locales/locales_to_be_generated multiselect en_US.UTF-8 UTF-8, ${DEFLOCAL} UTF-8" | debconf-set-selections
-                 sed -i "/en_US.UTF-8/s/^#//" "$R/etc/locale.gen"
+                 sed -i "/en_US.UTF-8/s/^#//" "${ETCDIR}/locale.gen"
                fi
-               sed -i "/${DEFLOCAL}/s/^#//" "$R/etc/locale.gen"
+               sed -i "/${DEFLOCAL}/s/^#//" "${ETCDIR}/locale.gen"
                chroot_exec echo "locales locales/default_environment_locale select ${DEFLOCAL}" | debconf-set-selections
                chroot_exec locale-gen
                chroot_exec update-locale LANG="${DEFLOCAL}"
                # Install and setup default keyboard configuration
                if [ "$XKB_MODEL" != "" ] ; then
-                 sed -i "s/^XKBMODEL.*/XKBMODEL=\"${XKB_MODEL}\"/" "$R/etc/default/keyboard"
+                 sed -i "s/^XKBMODEL.*/XKBMODEL=\"${XKB_MODEL}\"/" "${ETCDIR}/default/keyboard"
                fi
                if [ "$XKB_LAYOUT" != "" ] ; then
-                 sed -i "s/^XKBLAYOUT.*/XKBLAYOUT=\"${XKB_LAYOUT}\"/" "$R/etc/default/keyboard"
+                 sed -i "s/^XKBLAYOUT.*/XKBLAYOUT=\"${XKB_LAYOUT}\"/" "${ETCDIR}/default/keyboard"
                fi
                if [ "$XKB_VARIANT" != "" ] ; then
-                 sed -i "s/^XKBVARIANT.*/XKBVARIANT=\"${XKB_VARIANT}\"/" "$R/etc/default/keyboard"
+                 sed -i "s/^XKBVARIANT.*/XKBVARIANT=\"${XKB_VARIANT}\"/" "${ETCDIR}/default/keyboard"
                fi
                if [ "$XKB_OPTIONS" != "" ] ; then
-                 sed -i "s/^XKBOPTIONS.*/XKBOPTIONS=\"${XKB_OPTIONS}\"/" "$R/etc/default/keyboard"
+                 sed -i "s/^XKBOPTIONS.*/XKBOPTIONS=\"${XKB_OPTIONS}\"/" "${ETCDIR}/default/keyboard"
                fi
                chroot_exec dpkg-reconfigure -f noninteractive keyboard-configuration
                # Install and setup font console
                case "${DEFLOCAL}" in
                  *UTF-8)
-                   sed -i 's/^CHARMAP.*/CHARMAP="UTF-8"/' "$R/etc/default/console-setup"
+                   sed -i 's/^CHARMAP.*/CHARMAP="UTF-8"/' "${ETCDIR}/default/console-setup"
                    ;;
                  *)
-                   sed -i 's/^CHARMAP.*/CHARMAP="guess"/' "$R/etc/default/console-setup"
+                   sed -i 's/^CHARMAP.*/CHARMAP="guess"/' "${ETCDIR}/default/console-setup"
                    ;;
                esac
                chroot_exec dpkg-reconfigure -f noninteractive console-setup
              else # ENABLE_MINBASE=true
                # Install POSIX default locale
-               install_readonly files/locales/locale "$R/etc/default/locale"
+               install_readonly files/locales/locale "${ETCDIR}/default/locale"
              fi

bootstrap.d/13-kernel.sh +82 -58

              # Fetch and build latest raspberry kernel
              if [ "$BUILD_KERNEL" = true ] ; then
                # Setup source directory
-               mkdir -p "$R/usr/src"
+               mkdir -p "${R}/usr/src"
                # Copy existing kernel sources into chroot directory
                if [ -n "$KERNELSRC_DIR" ] && [ -d "$KERNELSRC_DIR" ] ; then
                  # Clean the kernel sources
                  if [ "$KERNELSRC_CLEAN" = true ] && [ "$KERNELSRC_PREBUILT" = false ] ; then
-                   make -C "$R/usr/src/linux" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" mrproper
+                   make -C "${KERNELDIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" mrproper
                  fi
                else # KERNELSRC_DIR=""
                  # Fetch current raspberrypi kernel sources
-                 git -C "$R/usr/src" clone --depth=1 https://github.com/raspberrypi/linux
+                 git -C "${R}/usr/src" clone --depth=1 https://github.com/raspberrypi/linux
                fi
                # Calculate optimal number of kernel building threads
                if [ "$KERNELSRC_PREBUILT" = false ] ; then
                  # Remove device, network and filesystem drivers from kernel configuration
                  if [ "$KERNEL_REDUCE" = true ] ; then
-                   make -C "$R/usr/src/linux" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" "${KERNEL_DEFCONFIG}"
+                   make -C "${KERNELDIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" "${KERNEL_DEFCONFIG}"
                    sed -i\
                    -e "s/\(^CONFIG_SND.*\=\).*/\1n/"\
                    -e "s/\(^CONFIG_SOUND.*\=\).*/\1n/"\
                    -e "s/\(^CONFIG_TOUCHSCREEN.*\=\).*/\1n/"\
                    -e "s/\(^CONFIG_USB_GSPCA_.*\=\).*/\1n/"\
                    -e "s/\(^CONFIG_DRM.*\=\).*/\1n/"\
-                   "$R/usr/src/linux/.config"
+                   "${KERNELDIR}/.config"
                  fi
                  if [ "$KERNELSRC_CONFIG" = true ] ; then
                    # Load default raspberry kernel configuration
-                   make -C "$R/usr/src/linux" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" "${KERNEL_DEFCONFIG}"
+                   make -C "${KERNELDIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" "${KERNEL_DEFCONFIG}"
                    # Start menu-driven kernel configuration (interactive)
                    if [ "$KERNEL_MENUCONFIG" = true ] ; then
-                     make -C "$R/usr/src/linux" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" menuconfig
+                     make -C "${KERNELDIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" menuconfig
                    fi
                  fi
                  # Cross compile kernel and modules
-                 make -C "$R/usr/src/linux" -j${KERNEL_THREADS} ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" zImage modules dtbs
+                 make -C "${KERNELDIR}" -j${KERNEL_THREADS} ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" zImage modules dtbs
                fi
                # Check if kernel compilation was successful
-               if [ ! -r "$R/usr/src/linux/arch/${KERNEL_ARCH}/boot/zImage" ] ; then
+               if [ ! -r "${KERNELDIR}/arch/${KERNEL_ARCH}/boot/zImage" ] ; then
                  echo "error: kernel compilation failed! (zImage not found)"
                  cleanup
                  exit 1
                # Install kernel modules
                if [ "$ENABLE_REDUCE" = true ] ; then
-                 make -C "$R/usr/src/linux" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_MOD_STRIP=1 INSTALL_MOD_PATH=../../.. modules_install
+                 make -C "${KERNELDIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_MOD_STRIP=1 INSTALL_MOD_PATH=../../.. modules_install
                else
-                 make -C "$R/usr/src/linux" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_MOD_PATH=../../.. modules_install
+                 make -C "${KERNELDIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_MOD_PATH=../../.. modules_install
                  # Install kernel firmware
-                 make -C "$R/usr/src/linux" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_FW_PATH=../../../lib firmware_install
+                 make -C "${KERNELDIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_FW_PATH=../../../lib firmware_install
                fi
                # Install kernel headers
                if [ "$KERNEL_HEADERS" = true ] && [ "$KERNEL_REDUCE" = false ] ; then
-                 make -C "$R/usr/src/linux" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_HDR_PATH=../.. headers_install
+                 make -C "${KERNELDIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_HDR_PATH=../.. headers_install
                fi
                # Prepare boot (firmware) directory
-               mkdir "$R/boot/firmware/"
+               mkdir "${BOOTDIR}"
                # Get kernel release version
-               KERNEL_VERSION=`cat "$R/usr/src/linux/include/config/kernel.release"`
+               KERNEL_VERSION=`cat "${KERNELDIR}/include/config/kernel.release"`
                # Copy kernel configuration file to the boot directory
-               install_readonly "$R/usr/src/linux/.config" "$R/boot/config-${KERNEL_VERSION}"
+               install_readonly "${KERNELDIR}/.config" "${R}/boot/config-${KERNEL_VERSION}"
                # Copy dts and dtb device tree sources and binaries
-               mkdir "$R/boot/firmware/overlays/"
-               install_readonly "$R/usr/src/linux/arch/${KERNEL_ARCH}/boot/dts/"*.dtb "$R/boot/firmware/"
-               install_readonly "$R/usr/src/linux/arch/${KERNEL_ARCH}/boot/dts/overlays/"*.dtb* "$R/boot/firmware/overlays/"
-               install_readonly "$R/usr/src/linux/arch/${KERNEL_ARCH}/boot/dts/overlays/README" "$R/boot/firmware/overlays/README"
-               # Convert and copy zImage kernel to the boot directory
-               "$R/usr/src/linux/scripts/mkknlimg" "$R/usr/src/linux/arch/arm/boot/zImage" "$R/boot/firmware/kernel7.img"
+               mkdir "${BOOTDIR}/overlays"
+               install_readonly "${KERNELDIR}/arch/${KERNEL_ARCH}/boot/dts/"*.dtb "${BOOTDIR}/"
+               install_readonly "${KERNELDIR}/arch/${KERNEL_ARCH}/boot/dts/overlays/"*.dtb* "${BOOTDIR}/overlays/"
+               install_readonly "${KERNELDIR}/arch/${KERNEL_ARCH}/boot/dts/overlays/README" "${BOOTDIR}/overlays/README"
+               if [ "$ENABLE_UBOOT" = false ] ; then
+                 # Convert and copy zImage kernel to the boot directory
+                 "${KERNELDIR}/scripts/mkknlimg" "${KERNELDIR}/arch/${KERNEL_ARCH}/boot/zImage" "${BOOTDIR}/${KERNEL_IMAGE}"
+               else
+                 # Copy zImage kernel to the boot directory
+                 install_readonly "${KERNELDIR}/arch/${KERNEL_ARCH}/boot/zImage" "${BOOTDIR}/${KERNEL_IMAGE}"
+               fi
                # Remove kernel sources
                if [ "$KERNEL_REMOVESRC" = true ] ; then
-                 rm -fr "$R/usr/src/linux"
+                 rm -fr "${KERNELDIR}"
                fi
                # Install latest boot binaries from raspberry/firmware github
-               wget -q -O "$R/boot/firmware/bootcode.bin" https://github.com/raspberrypi/firmware/raw/master/boot/bootcode.bin
-               wget -q -O "$R/boot/firmware/fixup.dat" https://github.com/raspberrypi/firmware/raw/master/boot/fixup.dat
-               wget -q -O "$R/boot/firmware/fixup_cd.dat" https://github.com/raspberrypi/firmware/raw/master/boot/fixup_cd.dat
-               wget -q -O "$R/boot/firmware/fixup_x.dat" https://github.com/raspberrypi/firmware/raw/master/boot/fixup_x.dat
-               wget -q -O "$R/boot/firmware/start.elf" https://github.com/raspberrypi/firmware/raw/master/boot/start.elf
-               wget -q -O "$R/boot/firmware/start_cd.elf" https://github.com/raspberrypi/firmware/raw/master/boot/start_cd.elf
-               wget -q -O "$R/boot/firmware/start_x.elf" https://github.com/raspberrypi/firmware/raw/master/boot/start_x.elf
+               wget -q -O "${BOOTDIR}/bootcode.bin" https://github.com/raspberrypi/firmware/raw/master/boot/bootcode.bin
+               wget -q -O "${BOOTDIR}/fixup.dat" https://github.com/raspberrypi/firmware/raw/master/boot/fixup.dat
+               wget -q -O "${BOOTDIR}/fixup_cd.dat" https://github.com/raspberrypi/firmware/raw/master/boot/fixup_cd.dat
+               wget -q -O "${BOOTDIR}/fixup_x.dat" https://github.com/raspberrypi/firmware/raw/master/boot/fixup_x.dat
+               wget -q -O "${BOOTDIR}/start.elf" https://github.com/raspberrypi/firmware/raw/master/boot/start.elf
+               wget -q -O "${BOOTDIR}/start_cd.elf" https://github.com/raspberrypi/firmware/raw/master/boot/start_cd.elf
+               wget -q -O "${BOOTDIR}/start_x.elf" https://github.com/raspberrypi/firmware/raw/master/boot/start_x.elf
              else # BUILD_KERNEL=false
                # Kernel installation
                chroot_exec apt-get -qq -y install flash-kernel
                # Check if kernel installation was successful
-               VMLINUZ="$(ls -1 $R/boot/vmlinuz-* | sort | tail -n 1)"
+               VMLINUZ="$(ls -1 ${R}/boot/vmlinuz-* | sort | tail -n 1)"
                if [ -z "$VMLINUZ" ] ; then
                  echo "error: kernel installation failed! (/boot/vmlinuz-* not found)"
                  cleanup
                  exit 1
                fi
                # Copy vmlinuz kernel to the boot directory
-               install_readonly "$VMLINUZ" "$R/boot/firmware/kernel7.img"
+               install_readonly "${VMLINUZ}" "${BOOTDIR}/${KERNEL_IMAGE}"
              fi
              # Setup firmware boot cmdline
                CMDLINE="dwc_otg.lpm_enable=0 root=/dev/mmcblk0p2 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline rootwait net.ifnames=1 console=tty1 ${CMDLINE}"
              fi
+             # Add encrypted root partition to cmdline.txt
+             if [ "$ENABLE_CRYPTFS" = true ] ; then
+               if [ "$ENABLE_SPLITFS" = true ] ; then
+                 CMDLINE=$(echo ${CMDLINE} | sed "s/sda1/mapper\/${CRYPTFS_MAPPING} cryptdevice=\/dev\/sda1:${CRYPTFS_MAPPING}/")
+               else
+                 CMDLINE=$(echo ${CMDLINE} | sed "s/mmcblk0p2/mapper\/${CRYPTFS_MAPPING} cryptdevice=\/dev\/mmcblk0p2:${CRYPTFS_MAPPING}/")
+               fi
+             fi
              # Add serial console support
              if [ "$ENABLE_CONSOLE" = true ] ; then
                CMDLINE="${CMDLINE} console=ttyAMA0,115200 kgdboc=ttyAMA0,115200"
              fi
              # Install firmware boot cmdline
-             echo "${CMDLINE}" > "$R/boot/firmware/cmdline.txt"
-             # Add encrypted root partition to cmdline.txt
-             if [ "$ENABLE_CRYPTFS" = true ] ; then
-                 sed -i "s/mmcblk0p2/mapper\/${CRYPTFS_MAPPING} cryptdevice=\/dev\/mmcblk0p2:${CRYPTFS_MAPPING}/" "$R/boot/firmware/cmdline.txt"
-             fi
+             echo "${CMDLINE}" > "${BOOTDIR}/cmdline.txt"
              # Install firmware config
-             install_readonly files/boot/config.txt "$R/boot/firmware/config.txt"
+             install_readonly files/boot/config.txt "${BOOTDIR}/config.txt"
              # Setup minimal GPU memory allocation size: 16MB (no X)
              if [ "$ENABLE_MINGPU" = true ] ; then
-               echo "gpu_mem=16" >> "$R/boot/firmware/config.txt"
+               echo "gpu_mem=16" >> "${BOOTDIR}/config.txt"
              fi
              # Setup boot with initramfs
              if [ "$ENABLE_INITRAMFS" = true ] ; then
-               echo "initramfs initramfs-${KERNEL_VERSION} followkernel" >> "$R/boot/firmware/config.txt"
+               echo "initramfs initramfs-${KERNEL_VERSION} followkernel" >> "${BOOTDIR}/config.txt"
              fi
              # Create firmware configuration and cmdline symlinks
-             ln -sf firmware/config.txt "$R/boot/config.txt"
-             ln -sf firmware/cmdline.txt "$R/boot/cmdline.txt"
+             ln -sf firmware/config.txt "${R}/boot/config.txt"
+             ln -sf firmware/cmdline.txt "${R}/boot/cmdline.txt"
              # Install and setup kernel modules to load at boot
-             mkdir -p "$R/lib/modules-load.d/"
-             install_readonly files/modules/rpi2.conf "$R/lib/modules-load.d/rpi2.conf"
+             mkdir -p "${R}/lib/modules-load.d/"
+             install_readonly files/modules/rpi2.conf "${R}/lib/modules-load.d/rpi2.conf"
              # Load hardware random module at boot
-             if [ "$ENABLE_HWRANDOM" = true ] ; then
-               sed -i "s/^# bcm2708_rng/bcm2708_rng/" "$R/lib/modules-load.d/rpi2.conf"
+             if [ "$ENABLE_HWRANDOM" = true ] && [ "$BUILD_KERNEL" = false ] ; then
+               sed -i "s/^# bcm2708_rng/bcm2708_rng/" "${R}/lib/modules-load.d/rpi2.conf"
              fi
              # Load sound module at boot
              if [ "$ENABLE_SOUND" = true ] ; then
-               sed -i "s/^# snd_bcm2835/snd_bcm2835/" "$R/lib/modules-load.d/rpi2.conf"
+               sed -i "s/^# snd_bcm2835/snd_bcm2835/" "${R}/lib/modules-load.d/rpi2.conf"
              fi
              # Install kernel modules blacklist
-             mkdir -p "$R/etc/modprobe.d/"
-             install_readonly files/modules/raspi-blacklist.conf "$R/etc/modprobe.d/raspi-blacklist.conf"
+             mkdir -p "${ETCDIR}/modprobe.d/"
+             install_readonly files/modules/raspi-blacklist.conf "${ETCDIR}/modprobe.d/raspi-blacklist.conf"
              # Install and setup fstab
-             install_readonly files/mount/fstab "$R/etc/fstab"
+             install_readonly files/mount/fstab "${ETCDIR}/fstab"
              # Add usb/sda disk root partition to fstab
-             if [ "$ENABLE_SPLITFS" = true ] ; then
-               sed -i "s/mmcblk0p2/sda1/" "$R/etc/fstab"
+             if [ "$ENABLE_SPLITFS" = true ] && [ "$ENABLE_CRYPTFS" = false ] ; then
+               sed -i "s/mmcblk0p2/sda1/" "${ETCDIR}/fstab"
              fi
              # Add encrypted root partition to fstab and crypttab
              if [ "$ENABLE_CRYPTFS" = true ] ; then
                # Replace fstab root partition with encrypted partition mapping
-               sed -i "s/mmcblk0p2/mapper\/${CRYPTFS_MAPPING}/" "$R/etc/fstab"
+               sed -i "s/mmcblk0p2/mapper\/${CRYPTFS_MAPPING}/" "${ETCDIR}/fstab"
                # Add encrypted partition to crypttab and fstab
-               install_readonly files/mount/crypttab "$R/etc/crypttab"
-               echo "${CRYPTFS_MAPPING} /dev/mmcblk0p2 none luks" >> "$R/etc/crypttab"
+               install_readonly files/mount/crypttab "${ETCDIR}/crypttab"
+               echo "${CRYPTFS_MAPPING} /dev/mmcblk0p2 none luks" >> "${ETCDIR}/crypttab"
+               if [ "$ENABLE_SPLITFS" = true ] ; then
+                 # Add usb/sda disk to crypttab
+                 sed -i "s/mmcblk0p2/sda1/" "${ETCDIR}/crypttab"
+               fi
              fi
              # Generate initramfs file
              if [ "$ENABLE_INITRAMFS" = true ] ; then
                if [ "$ENABLE_CRYPTFS" = true ] ; then
+                 # Include initramfs scripts to auto expand encrypted root partition
+                 if [ "$EXPANDROOT" = true ] ; then
+                   install_exec files/initramfs/expand_encrypted_rootfs "${ETCDIR}/initramfs-tools/scripts/init-premount/expand_encrypted_rootfs"
+                   install_exec files/initramfs/expand-premount "${ETCDIR}/initramfs-tools/scripts/local-premount/expand-premount"
+                   install_exec files/initramfs/expand-tools "${ETCDIR}/initramfs-tools/hooks/expand-tools"
+                 fi
+                 # Disable SSHD inside initramfs
+                 printf "#\n# DROPBEAR: [ y | n ]\n#\n\nDROPBEAR=n\n" >> "${ETCDIR}/initramfs-tools/initramfs.conf"
                  # Dummy mapping required by mkinitramfs
                  echo "0 1 crypt $(echo ${CRYPTFS_CIPHER} | cut -d ':' -f 1) ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff 0 7:0 4096" | chroot_exec dmsetup create "${CRYPTFS_MAPPING}"
              fi
              # Install sysctl.d configuration files
-             install_readonly files/sysctl.d/81-rpi-vm.conf "$R/etc/sysctl.d/81-rpi-vm.conf"
+             install_readonly files/sysctl.d/81-rpi-vm.conf "${ETCDIR}/sysctl.d/81-rpi-vm.conf"

bootstrap.d/20-networking.sh +15 -15

              . ./functions.sh
              # Install and setup hostname
-             install_readonly files/network/hostname "$R/etc/hostname"
-             sed -i "s/^rpi2-jessie/${HOSTNAME}/" "$R/etc/hostname"
+             install_readonly files/network/hostname "${ETCDIR}/hostname"
+             sed -i "s/^rpi2-jessie/${HOSTNAME}/" "${ETCDIR}/hostname"
              # Install and setup hosts
-             install_readonly files/network/hosts "$R/etc/hosts"
-             sed -i "s/rpi2-jessie/${HOSTNAME}/" "$R/etc/hosts"
+             install_readonly files/network/hosts "${ETCDIR}/hosts"
+             sed -i "s/rpi2-jessie/${HOSTNAME}/" "${ETCDIR}/hosts"
              # Setup hostname entry with static IP
              if [ "$NET_ADDRESS" != "" ] ; then
                NET_IP=$(echo "${NET_ADDRESS}" | cut -f 1 -d'/')
-               sed -i "s/^127.0.1.1/${NET_IP}/" "$R/etc/hosts"
+               sed -i "s/^127.0.1.1/${NET_IP}/" "${ETCDIR}/hosts"
              fi
              # Remove IPv6 hosts
              if [ "$ENABLE_IPV6" = false ] ; then
-               sed -i -e "/::[1-9]/d" -e "/^$/d" "$R/etc/hosts"
+               sed -i -e "/::[1-9]/d" -e "/^$/d" "${ETCDIR}/hosts"
              fi
              # Install hint about network configuration
-             install_readonly files/network/interfaces "$R/etc/network/interfaces"
+             install_readonly files/network/interfaces "${ETCDIR}/network/interfaces"
              # Install configuration for interface eth0
-             install_readonly files/network/eth.network "$R/etc/systemd/network/eth.network"
+             install_readonly files/network/eth.network "${ETCDIR}/systemd/network/eth.network"
              if [ "$ENABLE_DHCP" = true ] ; then
                # Enable DHCP configuration for interface eth0
-               sed -i -e "s/DHCP=.*/DHCP=yes/" -e "/DHCP/q" "$R/etc/systemd/network/eth.network"
+               sed -i -e "s/DHCP=.*/DHCP=yes/" -e "/DHCP/q" "${ETCDIR}/systemd/network/eth.network"
                # Set DHCP configuration to IPv4 only
                if [ "$ENABLE_IPV6" = false ] ; then
-                 sed -i "s/DHCP=.*/DHCP=v4/" "$R/etc/systemd/network/eth.network"
+                 sed -i "s/DHCP=.*/DHCP=v4/" "${ETCDIR}/systemd/network/eth.network"
                fi
              else # ENABLE_DHCP=false
                -e "s|Domains=\$|Domains=${NET_DNS_DOMAINS}|"\
                -e "0,/NTP=\$/ s|NTP=\$|NTP=${NET_NTP_1}|"\
                -e "0,/NTP=\$/ s|NTP=\$|NTP=${NET_NTP_2}|"\
-               "$R/etc/systemd/network/eth.network"
+               "${ETCDIR}/systemd/network/eth.network"
              fi
              # Remove empty settings from network configuration
-             sed -i "/.*=\$/d" "$R/etc/systemd/network/eth.network"
+             sed -i "/.*=\$/d" "${ETCDIR}/systemd/network/eth.network"
              # Enable systemd-networkd service
              chroot_exec systemctl enable systemd-networkd
              # Install host.conf resolver configuration
-             install_readonly files/network/host.conf "$R/etc/host.conf"
+             install_readonly files/network/host.conf "${ETCDIR}/host.conf"
              # Enable network stack hardening
              if [ "$ENABLE_HARDNET" = true ] ; then
                # Install sysctl.d configuration files
-               install_readonly files/sysctl.d/82-rpi-net-hardening.conf "$R/etc/sysctl.d/82-rpi-net-hardening.conf"
+               install_readonly files/sysctl.d/82-rpi-net-hardening.conf "${ETCDIR}/sysctl.d/82-rpi-net-hardening.conf"
                # Setup resolver warnings about spoofed addresses
-               sed -i "s/^# spoof warn/spoof warn/" "$R/etc/host.conf"
+               sed -i "s/^# spoof warn/spoof warn/" "${ETCDIR}/host.conf"
              fi

bootstrap.d/21-firewall.sh +9 -9

              if [ "$ENABLE_IPTABLES" = true ] ; then
                # Create iptables configuration directory
-               mkdir -p "$R/etc/iptables"
+               mkdir -p "${ETCDIR}/iptables"
                # Install iptables systemd service
-               install_readonly files/iptables/iptables.service "$R/etc/systemd/system/iptables.service"
+               install_readonly files/iptables/iptables.service "${ETCDIR}/systemd/system/iptables.service"
                # Install flush-table script called by iptables service
-               install_exec files/iptables/flush-iptables.sh "$R/etc/iptables/flush-iptables.sh"
+               install_exec files/iptables/flush-iptables.sh "${ETCDIR}/iptables/flush-iptables.sh"
                # Install iptables rule file
-               install_readonly files/iptables/iptables.rules "$R/etc/iptables/iptables.rules"
+               install_readonly files/iptables/iptables.rules "${ETCDIR}/iptables/iptables.rules"
                # Reload systemd configuration and enable iptables service
                chroot_exec systemctl daemon-reload
                if [ "$ENABLE_IPV6" = true ] ; then
                  # Install ip6tables systemd service
-                 install_readonly files/iptables/ip6tables.service "$R/etc/systemd/system/ip6tables.service"
+                 install_readonly files/iptables/ip6tables.service "${ETCDIR}/systemd/system/ip6tables.service"
                  # Install ip6tables file
-                 install_exec files/iptables/flush-ip6tables.sh "$R/etc/iptables/flush-ip6tables.sh"
+                 install_exec files/iptables/flush-ip6tables.sh "${ETCDIR}/iptables/flush-ip6tables.sh"
-                 install_readonly files/iptables/ip6tables.rules "$R/etc/iptables/ip6tables.rules"
+                 install_readonly files/iptables/ip6tables.rules "${ETCDIR}/iptables/ip6tables.rules"
                  # Reload systemd configuration and enable iptables service
                  chroot_exec systemctl daemon-reload
              if [ "$ENABLE_SSHD" = false ] ; then
               # Remove SSHD related iptables rules
-              sed -i "/^#/! {/SSH/ s/^/# /}" "$R/etc/iptables/iptables.rules" 2> /dev/null
-              sed -i "/^#/! {/SSH/ s/^/# /}" "$R/etc/iptables/ip6tables.rules" 2> /dev/null
+              sed -i "/^#/! {/SSH/ s/^/# /}" "${ETCDIR}/iptables/iptables.rules" 2> /dev/null
+              sed -i "/^#/! {/SSH/ s/^/# /}" "${ETCDIR}/iptables/ip6tables.rules" 2> /dev/null
              fi

bootstrap.d/30-security.sh +1 -1

                chroot_exec usermod -p "${ENCRYPTED_PASSWORD}" root
                if [ "$ENABLE_ROOT_SSH" = true ] ; then
-                 sed -i "s|[#]*PermitRootLogin.*|PermitRootLogin yes|g" "$R/etc/ssh/sshd_config"
+                 sed -i "s|[#]*PermitRootLogin.*|PermitRootLogin yes|g" "${ETCDIR}/ssh/sshd_config"
                fi
              else
                # Set no root password to disable root login

bootstrap.d/31-logging.sh +1 -1

              # Disable rsyslog
              if [ "$ENABLE_RSYSLOG" = false ] ; then
-               sed -i "s|[#]*ForwardToSyslog=yes|ForwardToSyslog=no|g" "$R/etc/systemd/journald.conf"
+               sed -i "s|[#]*ForwardToSyslog=yes|ForwardToSyslog=no|g" "${ETCDIR}/systemd/journald.conf"
                chroot_exec systemctl disable rsyslog
                chroot_exec apt-get -qq -y --force-yes purge rsyslog
              fi

bootstrap.d/41-uboot.sh +44 -8

              # Install gcc/c++ build environment inside the chroot
              if [ "$ENABLE_UBOOT" = true ] || [ "$ENABLE_FBTURBO" = true ] ; then
-               chroot_exec apt-get -q -y --force-yes --no-install-recommends install linux-compiler-gcc-4.9-arm g++ make bc
+               chroot_exec apt-get -q -y --force-yes --no-install-recommends install linux-compiler-gcc-4.8-arm g++ make bc
              fi
              # Fetch and build U-Boot bootloader
              if [ "$ENABLE_UBOOT" = true ] ; then
                # Fetch U-Boot bootloader sources
-               git -C "$R/tmp" clone git://git.denx.de/u-boot.git
+               git -C "${R}/tmp" clone git://git.denx.de/u-boot.git
                # Build and install U-Boot inside chroot
-               chroot_exec make -C /tmp/u-boot/ rpi_2_defconfig all
+               chroot_exec make -C /tmp/u-boot/ ${UBOOT_CONFIG} all
                # Copy compiled bootloader binary and set config.txt to load it
-               install_readonly "$R/tmp/u-boot/u-boot.bin" "$R/boot/firmware/u-boot.bin"
-               printf "\n# boot u-boot kernel\nkernel=u-boot.bin\n" >> "$R/boot/firmware/config.txt"
+               install_exec "${R}/tmp/u-boot/tools/mkimage" "${R}/usr/sbin/mkimage"
+               install_readonly "${R}/tmp/u-boot/u-boot.bin" "${BOOTDIR}/u-boot.bin"
+               printf "\n# boot u-boot kernel\nkernel=u-boot.bin\n" >> "${BOOTDIR}/config.txt"
                # Install and setup U-Boot command file
-               install_readonly files/boot/uboot.mkimage "$R/boot/firmware/uboot.mkimage"
-               printf "# Set the kernel boot command line\nsetenv bootargs \"earlyprintk ${CMDLINE}\"\n\n$(cat $R/boot/firmware/uboot.mkimage)" > "$R/boot/firmware/uboot.mkimage"
+               install_readonly files/boot/uboot.mkimage "${BOOTDIR}/uboot.mkimage"
+               printf "# Set the kernel boot command line\nsetenv bootargs \"earlyprintk ${CMDLINE}\"\n\n$(cat ${BOOTDIR}/uboot.mkimage)" > "${BOOTDIR}/uboot.mkimage"
+               if [ "$ENABLE_INITRAMFS" = true ] ; then
+                 # Convert generated initramfs for U-Boot using mkimage
+                 chroot_exec /usr/sbin/mkimage -A "${KERNEL_ARCH}" -T ramdisk -C none -n "initramfs-${KERNEL_VERSION}" -d "/boot/firmware/initramfs-${KERNEL_VERSION}" "/boot/firmware/initramfs-${KERNEL_VERSION}.uboot"
+                 # Remove original initramfs file
+                 rm -f "${BOOTDIR}/initramfs-${KERNEL_VERSION}"
+                 # Configure U-Boot to load generated initramfs
+                 printf "# Set initramfs file\nsetenv initramfs initramfs-${KERNEL_VERSION}.uboot\n\n$(cat ${BOOTDIR}/uboot.mkimage)" > "${BOOTDIR}/uboot.mkimage"
+                 printf "\nbootz \${kernel_addr_r} \${ramdisk_addr_r} \${fdt_addr_r}" >> "${BOOTDIR}/uboot.mkimage"
+               else # ENABLE_INITRAMFS=false
+                 # Remove initramfs from U-Boot mkfile
+                 sed -i '/.*initramfs.*/d' "${BOOTDIR}/uboot.mkimage"
+                 if [ "$BUILD_KERNEL" = false ] ; then
+                   # Remove dtbfile from U-Boot mkfile
+                   sed -i '/.*dtbfile.*/d' "${BOOTDIR}/uboot.mkimage"
+                   printf "\nbootz \${kernel_addr_r}" >> "${BOOTDIR}/uboot.mkimage"
+                 else
+                   printf "\nbootz \${kernel_addr_r} - \${fdt_addr_r}" >> "${BOOTDIR}/uboot.mkimage"
+                 fi
+               fi
+               # Set mkfile to use dtb file
+               sed -i "s/^\(setenv dtbfile \).*/\1${DTB_FILE}/" "${BOOTDIR}/uboot.mkimage"
+               # Set mkfile to use kernel image
+               sed -i "s/^\(fatload mmc 0:1 \${kernel_addr_r} \).*/\1${KERNEL_IMAGE}/" "${BOOTDIR}/uboot.mkimage"
+               # Remove all leading blank lines
+               sed -i "/./,\$!d" "${BOOTDIR}/uboot.mkimage"
                # Generate U-Boot bootloader image
-               chroot_exec /tmp/u-boot/tools/mkimage -A "${KERNEL_ARCH}" -O linux -T script -C none -a 0x00000000 -e 0x00000000 -n RPi2 -d /boot/firmware/uboot.mkimage /boot/firmware/boot.scr
+               chroot_exec /usr/sbin/mkimage -A "${KERNEL_ARCH}" -O linux -T script -C none -a 0x00000000 -e 0x00000000 -n RPi2 -d /boot/firmware/uboot.mkimage /boot/firmware/boot.scr
+               # Remove U-Boot sources
+               rm -fr "${R}/tmp/u-boot"
              fi

bootstrap.d/42-fbturbo.sh +3 -3

              if [ "$ENABLE_FBTURBO" = true ] ; then
                # Fetch fbturbo driver sources
-               git -C "$R/tmp" clone https://github.com/ssvb/xf86-video-fbturbo.git
+               git -C "${R}/tmp" clone https://github.com/ssvb/xf86-video-fbturbo.git
                # Install Xorg build dependencies
                chroot_exec apt-get -q -y --no-install-recommends install xorg-dev xutils-dev x11proto-dri2-dev libltdl-dev libtool automake libdrm-dev
              EOF
                # Install fbturbo driver Xorg configuration
-               install_readonly files/xorg/99-fbturbo.conf "$R/usr/share/X11/xorg.conf.d/99-fbturbo.conf"
+               install_readonly files/xorg/99-fbturbo.conf "${R}/usr/share/X11/xorg.conf.d/99-fbturbo.conf"
                # Remove Xorg build dependencies
                chroot_exec apt-get -qq -y --auto-remove purge xorg-dev xutils-dev x11proto-dri2-dev libltdl-dev libtool automake libdrm-dev
              # Remove gcc/c++ build environment from the chroot
              if [ "$ENABLE_UBOOT" = true ] || [ "$ENABLE_FBTURBO" = true ] ; then
-               chroot_exec apt-get -qq -y --auto-remove purge bc binutils cpp cpp-4.9 g++ g++-4.9 gcc gcc-4.9 libasan1 libatomic1 libc-dev-bin libc6-dev libcloog-isl4 libgcc-4.9-dev libgomp1 libisl10 libmpc3 libmpfr4 libstdc++-4.9-dev libubsan0 linux-compiler-gcc-4.9-arm linux-libc-dev make
+               chroot_exec apt-get -qq -y --auto-remove purge bc binutils cpp cpp-4.8 cpp-4.9 g++ g++-4.8 g++-4.9 gcc gcc-4.8 gcc-4.9 libasan1 libatomic1 libc-dev-bin libc6-dev libcloog-isl4 libgcc-4.8-dev libgcc-4.9-dev libgomp1 libisl10 libmpc3 libmpfr4 libstdc++-4.9-dev libubsan0 linux-compiler-gcc-4.8-arm linux-libc-dev make
              fi

bootstrap.d/50-firstboot.sh +15 -10

              . ./functions.sh
              # Prepare rc.firstboot script
-             cat files/firstboot/10-begin.sh > "$R/etc/rc.firstboot"
+             cat files/firstboot/10-begin.sh > "${ETCDIR}/rc.firstboot"
              # Ensure openssh server host keys are regenerated on first boot
              if [ "$ENABLE_SSHD" = true ] ; then
-               cat files/firstboot/21-generate-ssh-keys.sh >> "$R/etc/rc.firstboot"
+               cat files/firstboot/21-generate-ssh-keys.sh >> "${ETCDIR}/rc.firstboot"
              fi
              # Prepare filesystem auto expand
              if [ "$EXPANDROOT" = true ] ; then
-               cat files/firstboot/22-expandroot.sh >> "$R/etc/rc.firstboot"
+               if [ "$ENABLE_CRYPTFS" = false ] ; then
+                 cat files/firstboot/22-expandroot.sh >> "${ETCDIR}/rc.firstboot"
+               else
+                 # Regenerate initramfs to remove encrypted root partition auto expand
+                 cat files/firstboot/23-regenerate-initramfs.sh >> "${ETCDIR}/rc.firstboot"
+               fi
              fi
              # Ensure that dbus machine-id exists
-             cat files/firstboot/23-generate-machineid.sh >> "$R/etc/rc.firstboot"
+             cat files/firstboot/24-generate-machineid.sh >> "${ETCDIR}/rc.firstboot"
              # Create /etc/resolv.conf symlink
-             cat files/firstboot/24-create-resolv-symlink.sh >> "$R/etc/rc.firstboot"
+             cat files/firstboot/25-create-resolv-symlink.sh >> "${ETCDIR}/rc.firstboot"
              # Finalize rc.firstboot script
-             cat files/firstboot/99-finish.sh >> "$R/etc/rc.firstboot"
-             chmod +x "$R/etc/rc.firstboot"
+             cat files/firstboot/99-finish.sh >> "${ETCDIR}/rc.firstboot"
+             chmod +x "${ETCDIR}/rc.firstboot"
              # Add rc.firstboot script to rc.local
-             sed -i '/exit 0/d' "$R/etc/rc.local"
-             echo /etc/rc.firstboot >> "$R/etc/rc.local"
-             echo exit 0 >> "$R/etc/rc.local"
+             sed -i '/exit 0/d' "${ETCDIR}/rc.local"
+             echo /etc/rc.firstboot >> "${ETCDIR}/rc.local"
+             echo exit 0 >> "${ETCDIR}/rc.local"

bootstrap.d/99-reduce.sh +17 -17

                if [ "$REDUCE_APT" = true ] ; then
                  # Install dpkg configuration file
                  if [ "$REDUCE_DOC" = true ] || [ "$REDUCE_MAN" = true ] ; then
-                   install_readonly files/dpkg/01nodoc "$R/etc/dpkg/dpkg.cfg.d/01nodoc"
+                   install_readonly files/dpkg/01nodoc "${ETCDIR}/dpkg/dpkg.cfg.d/01nodoc"
                  fi
                  # Install APT configuration files
-                 install_readonly files/apt/02nocache "$R/etc/apt/apt.conf.d/02nocache"
-                 install_readonly files/apt/03compress "$R/etc/apt/apt.conf.d/03compress"
-                 install_readonly files/apt/04norecommends "$R/etc/apt/apt.conf.d/04norecommends"
+                 install_readonly files/apt/02nocache "${ETCDIR}/apt/apt.conf.d/02nocache"
+                 install_readonly files/apt/03compress "${ETCDIR}/apt/apt.conf.d/03compress"
+                 install_readonly files/apt/04norecommends "${ETCDIR}/apt/apt.conf.d/04norecommends"
                  # Remove APT cache files
-                 rm -fr "$R/var/cache/apt/pkgcache.bin"
-                 rm -fr "$R/var/cache/apt/srcpkgcache.bin"
+                 rm -fr "${R}/var/cache/apt/pkgcache.bin"
+                 rm -fr "${R}/var/cache/apt/srcpkgcache.bin"
                fi
                # Remove all doc files
                if [ "$REDUCE_DOC" = true ] ; then
-                 find "$R/usr/share/doc" -depth -type f ! -name copyright | xargs rm || true
-                 find "$R/usr/share/doc" -empty | xargs rmdir || true
+                 find "${R}/usr/share/doc" -depth -type f ! -name copyright | xargs rm || true
+                 find "${R}/usr/share/doc" -empty | xargs rmdir || true
                fi
                # Remove all man pages and info files
                if [ "$REDUCE_MAN" = true ] ; then
-                 rm -rf "$R/usr/share/man" "$R/usr/share/groff" "$R/usr/share/info" "$R/usr/share/lintian" "$R/usr/share/linda" "$R/var/cache/man"
+                 rm -rf "${R}/usr/share/man" "${R}/usr/share/groff" "${R}/usr/share/info" "${R}/usr/share/lintian" "${R}/usr/share/linda" "${R}/var/cache/man"
                fi
                # Remove all locale translation files
                if [ "$REDUCE_LOCALE" = true ] ; then
-                 find "$R/usr/share/locale" -mindepth 1 -maxdepth 1 ! -name 'en' | xargs rm -r
+                 find "${R}/usr/share/locale" -mindepth 1 -maxdepth 1 ! -name 'en' | xargs rm -r
                fi
                # Remove hwdb PCI device classes (experimental)
                # Remove GPU kernels
                if [ "$ENABLE_MINGPU" = true ] ; then
-                 rm -f "$R/boot/firmware/start.elf"
-                 rm -f "$R/boot/firmware/fixup.dat"
-                 rm -f "$R/boot/firmware/start_x.elf"
-                 rm -f "$R/boot/firmware/fixup_x.dat"
+                 rm -f "${BOOTDIR}/start.elf"
+                 rm -f "${BOOTDIR}/fixup.dat"
+                 rm -f "${BOOTDIR}/start_x.elf"
+                 rm -f "${BOOTDIR}/fixup_x.dat"
                fi
                # Remove kernel and initrd from /boot (already in /boot/firmware)
                if [ "$BUILD_KERNEL" = false ] ; then
-                 rm -r "$R/boot/vmlinuz--*"
-                 rm -r "$R/boot/initrd.img-*"
+                 rm -f "${R}/boot/vmlinuz-*"
+                 rm -f "${R}/boot/initrd.img-*"
                fi
                # Clean APT list of repositories
-               rm -fr "$R/var/lib/apt/lists/*"
+               rm -fr "${R}/var/lib/apt/lists/*"
                chroot_exec apt-get -qq -y update
              fi

files/boot/uboot.mkimage +5 -1

+             # Set device tree fdtfile
+             setenv dtbfile bcm2709-rpi-2-b.dtb
              # Tell Linux that it is booting on a Raspberry Pi2
              setenv machid 0x00000c42
              # Load the existing Linux kernel into RAM
              fatload mmc 0:1 ${kernel_addr_r} kernel7.img
+             fatload mmc 0:1 ${fdt_addr_r} ${dtbfile}
+             fatload mmc 0:1 ${ramdisk_addr_r} ${initramfs}
              # Boot the kernel we have just loaded
-             bootz ${kernel_addr_r}

files/firstboot/21-generate-ssh-keys.sh +6 0

              logger -t "rc.firstboot" "Generating SSH host keys"
              if [ -d "/etc/ssh/" ] ; then
+               # Remove ssh host keys
                rm -f /etc/ssh/ssh_host_*
                systemctl stop sshd
+               # Regenerate ssh host keys
                ssh-keygen -q -t rsa -N "" -f /etc/ssh/ssh_host_rsa_key
                ssh-keygen -q -t dsa -N "" -f /etc/ssh/ssh_host_dsa_key
                ssh-keygen -q -t ecdsa -N "" -f /etc/ssh/ssh_host_ecdsa_key
              fi
              if [ -d "/etc/dropbear/" ] ; then
+               # Remove ssh host keys
                rm -f /etc/dropbear/dropbear_*
                systemctl stop dropbear
+               # Regenerate ssh host keys
                dropbearkey -t rsa -f /etc/dropbear/dropbear_rsa_host_key
                dropbearkey -t dss -f /etc/dropbear/dropbear_dss_host_key
                dropbearkey -t ecdsa -f /etc/dropbear/dropbear_ecdsa_host_key

files/firstboot/22-expandroot.sh +15 -3

-             logger -t "rc.firstboot" "Expanding root"
+             logger -t "rc.firstboot" "Expanding root partition"
+             # Detect root partition device
              ROOT_PART=$(mount | sed -n 's|^/dev/\(.*\) on / .*|\1|p')
-             PART_NUM=$(echo ${ROOT_PART} | grep -o '[1-9][0-9]*$')
+             if [ -z "$ROOT_PART" ] ; then
+               log_warning_msg "unable to detect root partition device"
+               return 1
+             fi
+             # Extract root device name
              case "${ROOT_PART}" in
                mmcblk0*) ROOT_DEV=mmcblk0 ;;
                sda*)     ROOT_DEV=sda ;;
              esac
+             # Check detected root partition name
+             PART_NUM=$(echo ${ROOT_PART} | grep -o '[1-9][0-9]*$')
              if [ "$PART_NUM" = "$ROOT_PART" ] ; then
                logger -t "rc.firstboot" "$ROOT_PART is not an SD card. Don't know how to expand"
                return 0
                logger -t "rc.firstboot" "Your partition layout is not currently supported by this tool."
                return 0
              fi
+             # Check if last partition number
              LAST_PART_NUM=$(parted /dev/${ROOT_DEV} -ms unit s p | tail -n 1 | cut -f 1 -d:)
              if [ $LAST_PART_NUM -ne $PART_NUM ]; then
                logger -t "rc.firstboot" "$ROOT_PART is not the last partition. Don't know how to expand"
              # Reload the partition table, resize root filesystem then remove resizing code from this file
              partprobe &&
                resize2fs /dev/${ROOT_PART} &&
-               logger -t "rc.firstboot" "Root partition successfuly resized."
+               logger -t "rc.firstboot" "Root partition successfully resized."

files/firstboot/24-generate-machineid.sh ~~files/firstboot/23-generate-machineid.sh~~ renamed 0 0

NO CONTENT: file renamed from files/firstboot/23-generate-machineid.sh to files/firstboot/24-generate-machineid.sh

files/firstboot/25-create-resolv-symlink.sh ~~files/firstboot/24-create-resolv-symlink.sh~~ renamed 0 0

NO CONTENT: file renamed from files/firstboot/24-create-resolv-symlink.sh to files/firstboot/25-create-resolv-symlink.sh

functions.sh +6 -6

                # Identify and kill all processes still using files
                echo "killing processes using mount point ..."
-               fuser -k "$R"
+               fuser -k "${R}"
                sleep 3
-               fuser -9 -k -v "$R"
+               fuser -9 -k -v "${R}"
                # Clean up temporary .password file
                if [ -r ".password" ] ; then
                # Clean up all temporary mount points
                echo "removing temporary mount points ..."
-               umount -l "$R/proc" 2> /dev/null
-               umount -l "$R/sys" 2> /dev/null
-               umount -l "$R/dev/pts" 2> /dev/null
+               umount -l "${R}/proc" 2> /dev/null
+               umount -l "${R}/sys" 2> /dev/null
+               umount -l "${R}/dev/pts" 2> /dev/null
                umount "$BUILDDIR/mount/boot/firmware" 2> /dev/null
                umount "$BUILDDIR/mount" 2> /dev/null
                cryptsetup close "${CRYPTFS_MAPPING}" 2> /dev/null
              chroot_exec() {
                # Exec command in chroot
-               LANG=C LC_ALL=C DEBIAN_FRONTEND=noninteractive chroot $R $*
+               LANG=C LC_ALL=C DEBIAN_FRONTEND=noninteractive chroot ${R} $*
              }
              install_readonly() {

rpi2-gen-image.sh +29 -21

              CROSS_COMPILE=${CROSS_COMPILE:=arm-linux-gnueabihf-}
              COLLABORA_KERNEL=${COLLABORA_KERNEL:=3.18.0-trunk-rpi2}
              KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcm2709_defconfig}
+             KERNEL_IMAGE=${KERNEL_IMAGE:=kernel7.img}
+             DTB_FILE=${DTB_FILE:=bcm2709-rpi-2-b.dtb}
+             UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_2_defconfig}
              QEMU_BINARY=${QEMU_BINARY:=/usr/bin/qemu-arm-static}
              # Build directories
              BASEDIR="$(pwd)/images/${RELEASE}"
              BUILDDIR="${BASEDIR}/build"
+             # Chroot directories
              R="${BUILDDIR}/chroot"
+             ETCDIR="${R}/etc"
+             BOOTDIR="${R}/boot/firmware"
+             KERNELDIR="${R}/usr/src/linux"
              # General settings
              HOSTNAME=${HOSTNAME:=rpi2-${RELEASE}}
              fi
              # Setup chroot directory
-             mkdir -p "$R"
+             mkdir -p "${R}"
              # Check if build directory has enough of free disk space >512MB
              if [ "$(df --output=avail ${BUILDDIR} | sed "1d")" -le "524288" ] ; then
                fi
              done
              EOF
-               rm -rf "$R/chroot_scripts"
+               rm -rf "${R}/chroot_scripts"
              fi
              # Remove apt-utils
              # Generate required machine-id
              MACHINE_ID=$(dbus-uuidgen)
-             echo -n "${MACHINE_ID}" > "$R/var/lib/dbus/machine-id"
-             echo -n "${MACHINE_ID}" > "$R/etc/machine-id"
+             echo -n "${MACHINE_ID}" > "${R}/var/lib/dbus/machine-id"
+             echo -n "${MACHINE_ID}" > "${ETCDIR}/machine-id"
              # APT Cleanup
              chroot_exec apt-get -y clean
              chroot_exec apt-get -y autoremove
              # Unmount mounted filesystems
-             umount -l "$R/proc"
-             umount -l "$R/sys"
+             umount -l "${R}/proc"
+             umount -l "${R}/sys"
              # Clean up directories
-             rm -rf "$R/run/*"
-             rm -rf "$R/tmp/*"
+             rm -rf "${R}/run/*"
+             rm -rf "${R}/tmp/*"
              # Clean up files
-             rm -f "$R/etc/ssh/ssh_host_*"
-             rm -f "$R/etc/dropbear/dropbear_*"
-             rm -f "$R/etc/apt/sources.list.save"
-             rm -f "$R/etc/resolvconf/resolv.conf.d/original"
-             rm -f "$R/etc/*-"
-             rm -f "$R/root/.bash_history"
-             rm -f "$R/var/lib/urandom/random-seed"
-             rm -f "$R/etc/apt/apt.conf.d/10proxy"
-             rm -f "$R/etc/resolv.conf"
-             rm -f "$R/initrd.img"
-             rm -f "$R/vmlinuz"
+             rm -f "${ETCDIR}/ssh/ssh_host_*"
+             rm -f "${ETCDIR}/dropbear/dropbear_*"
+             rm -f "${ETCDIR}/apt/sources.list.save"
+             rm -f "${ETCDIR}/resolvconf/resolv.conf.d/original"
+             rm -f "${ETCDIR}/*-"
+             rm -f "${ETCDIR}/apt/apt.conf.d/10proxy"
+             rm -f "${ETCDIR}/resolv.conf"
+             rm -f "${R}/root/.bash_history"
+             rm -f "${R}/var/lib/urandom/random-seed"
+             rm -f "${R}/initrd.img"
+             rm -f "${R}/vmlinuz"
              rm -f "${R}${QEMU_BINARY}"
              # Calculate size of the chroot directory in KB
-             CHROOT_SIZE=$(expr `du -s "$R" | awk '{ print $1 }'`)
+             CHROOT_SIZE=$(expr `du -s "${R}" | awk '{ print $1 }'`)
              # Calculate the amount of needed 512 Byte sectors
              TABLE_SECTORS=$(expr 1 \* 1024 \* 1024 \/ 512)
              mount "$FRMW_LOOP" "$BUILDDIR/mount/boot/firmware"
              # Copy all files from the chroot to the loop device mount point directory
-             rsync -a "$R/" "$BUILDDIR/mount/"
+             rsync -a "${R}/" "$BUILDDIR/mount/"
              # Unmount all temporary loop devices and mount points
              cleanup

General Comments 0

Écrire
Preview

Vous devez vous connecter pour laisser un commentaire. Se connecter maintenant

No TODOs yet

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Dépôts
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages