##// END OF EJS Templates
fix: ENABLE_CRYPTFS -> UBOOT, SPLITFS, EXPANDROOT - cleanup
Jan Wagner -
r82:d0f91512d9ca
parent child
Show More
@@ -0,0 +1,31
1 logger -t "rc.firstboot" "Regenerating initramfs to remove encrypted root partition auto-expand"
2
3 KERNEL_VERSION=$(uname -r)
4 KERNEL_ARCH=$(uname -m)
5 INITRAMFS="/boot/firmware/initramfs-${KERNEL_VERSION}"
6 INITRAMFS_UBOOT="${INITRAMFS}.uboot"
7
8 # Extract kernel arch
9 case "${KERNEL_ARCH}" in
10 arm*) KERNEL_ARCH=arm ;;
11 esac
12
13 # Regenerate initramfs
14 if [ -r "${INITRAMFS}" ] ; then
15 rm -f /etc/initramfs-tools/scripts/init-premount/expand_encrypted_rootfs
16 rm -f /etc/initramfs-tools/scripts/local-premount/expand-premount
17 rm -f /etc/initramfs-tools/hooks/expand-tools
18 rm -f "${INITRAMFS}"
19 mkinitramfs -o "${INITRAMFS}" "${KERNEL_VERSION}"
20 fi
21
22 # Convert generated initramfs for U-Boot using mkimage
23 if [ -r "${INITRAMFS_UBOOT}" ] ; then
24 rm -f /etc/initramfs-tools/scripts/init-premount/expand_encrypted_rootfs
25 rm -f /etc/initramfs-tools/scripts/local-premount/expand-premount
26 rm -f /etc/initramfs-tools/hooks/expand-tools
27 rm -f "${INITRAMFS_UBOOT}"
28 mkinitramfs -o "${INITRAMFS}" "${KERNEL_VERSION}"
29 mkimage -A "${KERNEL_ARCH}" -T ramdisk -C none -n "initramfs-${KERNEL_VERSION}" -d "${INITRAMFS}" "${INITRAMFS_UBOOT}"
30 rm -f "${INITRAMFS}"
31 fi
@@ -0,0 +1,19
1 #!/bin/sh
2
3 set -e
4
5 # Check for cryptdevice variable
6 if [ -z "$cryptdevice" ] ; then
7 echo "unable to get cryptdevice variable (local-premount)"
8 exit 1
9 fi
10
11 if [ -n "$ROOT" ] ; then
12 # Resize encrypted root partition
13 cryptsetup resize "${ROOT}"
14 e2fsck -fp "${ROOT}"
15 resize2fs -f "${ROOT}"
16 e2fsck -fp "${ROOT}"
17 fi
18
19 exit 0
@@ -0,0 +1,19
1 #!/bin/sh
2
3 set -e
4
5 # Use initramfs utility functions
6 . /usr/share/initramfs-tools/hook-functions
7
8 # Add binaries required for resizing the filesystem
9 copy_exec /bin/grep /bin
10 copy_exec /usr/bin/awk /bin
11 copy_exec /usr/bin/cut /bin
12 copy_exec /usr/bin/tail /bin
13 copy_exec /sbin/fdisk /sbin
14 copy_exec /sbin/parted /sbin
15 copy_exec /sbin/e2fsck /sbin
16 copy_exec /sbin/resize2fs /sbin
17 copy_exec /sbin/partprobe /sbin
18
19 exit 0
@@ -0,0 +1,85
1 #!/bin/sh
2 # expand_encrypted_rootfs initramfs-tools boot script
3
4 # dependencies: grep awk cut tail fdisk parted e2fsck resize2fs
5
6 set -e
7
8 # Wait for USB devices to be ready
9 sleep 5
10
11 # Use initramfs utility functions
12 if [ -r "/scripts/functions" ] ; then
13 . /scripts/functions
14 fi
15
16 # Check for cryptdevice variable
17 if [ -z "$cryptdevice" ] ; then
18 echo "unable to get cryptdevice variable (init-premount)"
19 return 1
20 fi
21
22 # Detect root partition device
23 ROOT_PART=$(echo $cryptdevice | awk -F"/|:" '{ print $3 }')
24 if [ -z "$ROOT_PART" ] ; then
25 log_warning_msg "unable to detect encrypted root partition device (cryptdevice)"
26 return 1
27 fi
28
29 # Extract root device name
30 case "${ROOT_PART}" in
31 mmcblk0*) ROOT_DEV=mmcblk0 ;;
32 sda*) ROOT_DEV=sda ;;
33 esac
34
35 # Check detected root partition name
36 PART_NUM=$(echo ${ROOT_PART} | grep -o '[1-9][0-9]*$')
37 if [ "$PART_NUM" = "$ROOT_PART" ] ; then
38 log_warning_msg "$ROOT_PART is not an SD card. Don't know how to expand"
39 return 1
40 fi
41
42 # NOTE: the NOOBS partition layout confuses parted. For now, let's only
43 # agree to work with a sufficiently simple partition layout
44 if [ "$PART_NUM" -gt 2 ] ; then
45 log_warning_msg "Your partition layout is not currently supported by this tool."
46 return 1
47 fi
48
49 # Check if last partition number
50 LAST_PART_NUM=$(parted /dev/${ROOT_DEV} -ms unit s p | tail -n 1 | cut -f 1 -d:)
51 if [ $LAST_PART_NUM -ne $PART_NUM ]; then
52 log_warning_msg "$ROOT_PART is not the last partition. Don't know how to expand"
53 return 1
54 fi
55
56 # Get the starting offset of the root partition
57 PART_START=$(parted /dev/${ROOT_DEV} -ms unit s p | grep "^${PART_NUM}" | cut -f 2 -d: | sed 's/[^0-9]//g')
58 if [ -z "$PART_START" ] ; then
59 log_warning_msg "${ROOT_DEV} unable to get starting sector of the partition"
60 return 1
61 fi
62
63 # Get the possible last sector for the root partition
64 PART_LAST=$(fdisk -l /dev/${ROOT_DEV} | grep '^Disk.*sectors' | awk '{ print $7 - 1 }')
65 if [ -z "$PART_LAST" ] ; then
66 log_warning_msg "${ROOT_DEV} unable to get last sector of the partition"
67 return 1
68 fi
69
70 ### Since rc.local is run with "sh -e", let's add "|| true" to prevent premature exit
71 fdisk /dev/${ROOT_DEV} 2> /dev/null <<EOF2 || true
72 p
73 d
74 $PART_NUM
75 n
76 p
77 $PART_NUM
78 $PART_START
79 $PART_LAST
80 p
81 w
82 EOF2
83
84 partprobe
85 log_success_msg "Root partition successfully resized."
@@ -5,7 +5,7
5 5 ## Build dependencies
6 6 The following list of Debian packages must be installed on the build system because they are essentially required for the bootstrapping process. The script will check if all required packages are installed and missing packages will be installed automatically if confirmed by the user.
7 7
8 ```debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git-core```
8 ```debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git```
9 9
10 10 ## Command-line parameters
11 11 The script accepts certain command-line parameters to enable or disable specific OS features, services and configuration settings. These parameters are passed to the `rpi2-gen-image.sh` script via (simple) shell-variables. Unlike environment shell-variables (simple) shell-variables are defined at the beginning of the command-line call of the `rpi2-gen-image.sh` script.
@@ -226,7 +226,7 Remove all `locale` translation files.
226 226 #### Encrypted root partition:
227 227
228 228 ##### `ENABLE_CRYPTFS`=false
229 Enable full system encryption with dm-crypt. Setup a fully LUKS encrypted root partition (aes-xts-plain64:sha512) and generate required initramfs. The /boot directory will not be encrypted. This parameter will be ignored if `BUILD_KERNEL`=false. `ENABLE_CRYPTFS` is experimental. `ENABLE_UBOOT`, `ENABLE_SPLITFS`, `EXPANDROOT` and SSH-to-initramfs are currently not supported but will be soon - feel free to help.
229 Enable full system encryption with dm-crypt. Setup a fully LUKS encrypted root partition (aes-xts-plain64:sha512) and generate required initramfs. The /boot directory will not be encrypted. This parameter will be ignored if `BUILD_KERNEL`=false. `ENABLE_CRYPTFS` is experimental. SSH-to-initramfs is currently not supported but will be soon - feel free to help.
230 230
231 231 ##### `CRYPTFS_PASSWORD`=""
232 232 Set password of the encrypted root partition. This parameter is mandatory if `ENABLE_CRYPTFS`=true.
@@ -266,6 +266,7 All the required configuration files that will be copied to the generated OS ima
266 266 | `boot` | Boot and RPi2 configuration files |
267 267 | `dpkg` | Package Manager configuration |
268 268 | `firstboot` | Scripts that get executed on first boot |
269 | `initramfs` | Initramfs scripts |
269 270 | `iptables` | Firewall configuration files |
270 271 | `locales` | Locales configuration |
271 272 | `modules` | Kernel Modules configuration |
@@ -7,22 +7,22
7 7
8 8 # Base debootstrap (unpack only)
9 9 if [ "$ENABLE_MINBASE" = true ] ; then
10 http_proxy=${APT_PROXY} debootstrap --arch="${RELEASE_ARCH}" --foreign --variant=minbase --include="${APT_INCLUDES}" "${RELEASE}" "$R" "http://${APT_SERVER}/debian"
10 http_proxy=${APT_PROXY} debootstrap --arch="${RELEASE_ARCH}" --foreign --variant=minbase --include="${APT_INCLUDES}" "${RELEASE}" "${R}" "http://${APT_SERVER}/debian"
11 11 else
12 http_proxy=${APT_PROXY} debootstrap --arch="${RELEASE_ARCH}" --foreign --include="${APT_INCLUDES}" "${RELEASE}" "$R" "http://${APT_SERVER}/debian"
12 http_proxy=${APT_PROXY} debootstrap --arch="${RELEASE_ARCH}" --foreign --include="${APT_INCLUDES}" "${RELEASE}" "${R}" "http://${APT_SERVER}/debian"
13 13 fi
14 14
15 15 # Copy qemu emulator binary to chroot
16 16 install_exec "${QEMU_BINARY}" "${R}${QEMU_BINARY}"
17 17
18 18 # Copy debian-archive-keyring.pgp
19 mkdir -p "$R/usr/share/keyrings"
20 install_readonly /usr/share/keyrings/debian-archive-keyring.gpg "$R/usr/share/keyrings/debian-archive-keyring.gpg"
19 mkdir -p "${R}/usr/share/keyrings"
20 install_readonly /usr/share/keyrings/debian-archive-keyring.gpg "${R}/usr/share/keyrings/debian-archive-keyring.gpg"
21 21
22 22 # Complete the bootstrapping process
23 23 chroot_exec /debootstrap/debootstrap --second-stage
24 24
25 25 # Mount required filesystems
26 mount -t proc none "$R/proc"
27 mount -t sysfs none "$R/sys"
28 mount --bind /dev/pts "$R/dev/pts"
26 mount -t proc none "${R}/proc"
27 mount -t sysfs none "${R}/sys"
28 mount --bind /dev/pts "${R}/dev/pts"
@@ -7,28 +7,28
7 7
8 8 # Install and setup APT proxy configuration
9 9 if [ -z "$APT_PROXY" ] ; then
10 install_readonly files/apt/10proxy "$R/etc/apt/apt.conf.d/10proxy"
11 sed -i "s/\"\"/\"${APT_PROXY}\"/" "$R/etc/apt/apt.conf.d/10proxy"
10 install_readonly files/apt/10proxy "${ETCDIR}/apt/apt.conf.d/10proxy"
11 sed -i "s/\"\"/\"${APT_PROXY}\"/" "${ETCDIR}/apt/apt.conf.d/10proxy"
12 12 fi
13 13
14 14 if [ "$BUILD_KERNEL" = false ] ; then
15 15 # Install APT pinning configuration for flash-kernel package
16 install_readonly files/apt/flash-kernel "$R/etc/apt/preferences.d/flash-kernel"
16 install_readonly files/apt/flash-kernel "${ETCDIR}/apt/preferences.d/flash-kernel"
17 17
18 18 # Install APT sources.list
19 install_readonly files/apt/sources.list "$R/etc/apt/sources.list"
20 echo "deb https://repositories.collabora.co.uk/debian ${RELEASE} rpi2" >> "$R/etc/apt/sources.list"
19 install_readonly files/apt/sources.list "${ETCDIR}/apt/sources.list"
20 echo "deb https://repositories.collabora.co.uk/debian ${RELEASE} rpi2" >> "${ETCDIR}/apt/sources.list"
21 21
22 22 # Upgrade collabora package index and install collabora keyring
23 23 chroot_exec apt-get -qq -y update
24 24 chroot_exec apt-get -qq -y --force-yes install collabora-obs-archive-keyring
25 25 else # BUILD_KERNEL=true
26 26 # Install APT sources.list
27 install_readonly files/apt/sources.list "$R/etc/apt/sources.list"
27 install_readonly files/apt/sources.list "${ETCDIR}/apt/sources.list"
28 28
29 29 # Use specified APT server and release
30 sed -i "s/\/ftp.debian.org\//\/${APT_SERVER}\//" "$R/etc/apt/sources.list"
31 sed -i "s/ jessie/ ${RELEASE}/" "$R/etc/apt/sources.list"
30 sed -i "s/\/ftp.debian.org\//\/${APT_SERVER}\//" "${ETCDIR}/apt/sources.list"
31 sed -i "s/ jessie/ ${RELEASE}/" "${ETCDIR}/apt/sources.list"
32 32 fi
33 33
34 34 # Upgrade package index and update all installed packages and changed dependencies
@@ -6,7 +6,7
6 6 . ./functions.sh
7 7
8 8 # Install and setup timezone
9 echo ${TIMEZONE} > "$R/etc/timezone"
9 echo ${TIMEZONE} > "${ETCDIR}/timezone"
10 10 chroot_exec dpkg-reconfigure -f noninteractive tzdata
11 11
12 12 # Install and setup default locale and keyboard configuration
@@ -19,40 +19,40 if [ "$ENABLE_MINBASE" = false ] ; then
19 19 else
20 20 # en_US.UTF-8 should be available anyway : https://www.debian.org/doc/manuals/debian-reference/ch08.en.html#_the_reconfiguration_of_the_locale
21 21 chroot_exec echo "locales locales/locales_to_be_generated multiselect en_US.UTF-8 UTF-8, ${DEFLOCAL} UTF-8" | debconf-set-selections
22 sed -i "/en_US.UTF-8/s/^#//" "$R/etc/locale.gen"
22 sed -i "/en_US.UTF-8/s/^#//" "${ETCDIR}/locale.gen"
23 23 fi
24 24
25 sed -i "/${DEFLOCAL}/s/^#//" "$R/etc/locale.gen"
25 sed -i "/${DEFLOCAL}/s/^#//" "${ETCDIR}/locale.gen"
26 26 chroot_exec echo "locales locales/default_environment_locale select ${DEFLOCAL}" | debconf-set-selections
27 27 chroot_exec locale-gen
28 28 chroot_exec update-locale LANG="${DEFLOCAL}"
29 29
30 30 # Install and setup default keyboard configuration
31 31 if [ "$XKB_MODEL" != "" ] ; then
32 sed -i "s/^XKBMODEL.*/XKBMODEL=\"${XKB_MODEL}\"/" "$R/etc/default/keyboard"
32 sed -i "s/^XKBMODEL.*/XKBMODEL=\"${XKB_MODEL}\"/" "${ETCDIR}/default/keyboard"
33 33 fi
34 34 if [ "$XKB_LAYOUT" != "" ] ; then
35 sed -i "s/^XKBLAYOUT.*/XKBLAYOUT=\"${XKB_LAYOUT}\"/" "$R/etc/default/keyboard"
35 sed -i "s/^XKBLAYOUT.*/XKBLAYOUT=\"${XKB_LAYOUT}\"/" "${ETCDIR}/default/keyboard"
36 36 fi
37 37 if [ "$XKB_VARIANT" != "" ] ; then
38 sed -i "s/^XKBVARIANT.*/XKBVARIANT=\"${XKB_VARIANT}\"/" "$R/etc/default/keyboard"
38 sed -i "s/^XKBVARIANT.*/XKBVARIANT=\"${XKB_VARIANT}\"/" "${ETCDIR}/default/keyboard"
39 39 fi
40 40 if [ "$XKB_OPTIONS" != "" ] ; then
41 sed -i "s/^XKBOPTIONS.*/XKBOPTIONS=\"${XKB_OPTIONS}\"/" "$R/etc/default/keyboard"
41 sed -i "s/^XKBOPTIONS.*/XKBOPTIONS=\"${XKB_OPTIONS}\"/" "${ETCDIR}/default/keyboard"
42 42 fi
43 43 chroot_exec dpkg-reconfigure -f noninteractive keyboard-configuration
44 44
45 45 # Install and setup font console
46 46 case "${DEFLOCAL}" in
47 47 *UTF-8)
48 sed -i 's/^CHARMAP.*/CHARMAP="UTF-8"/' "$R/etc/default/console-setup"
48 sed -i 's/^CHARMAP.*/CHARMAP="UTF-8"/' "${ETCDIR}/default/console-setup"
49 49 ;;
50 50 *)
51 sed -i 's/^CHARMAP.*/CHARMAP="guess"/' "$R/etc/default/console-setup"
51 sed -i 's/^CHARMAP.*/CHARMAP="guess"/' "${ETCDIR}/default/console-setup"
52 52 ;;
53 53 esac
54 54 chroot_exec dpkg-reconfigure -f noninteractive console-setup
55 55 else # ENABLE_MINBASE=true
56 56 # Install POSIX default locale
57 install_readonly files/locales/locale "$R/etc/default/locale"
57 install_readonly files/locales/locale "${ETCDIR}/default/locale"
58 58 fi
@@ -8,7 +8,7
8 8 # Fetch and build latest raspberry kernel
9 9 if [ "$BUILD_KERNEL" = true ] ; then
10 10 # Setup source directory
11 mkdir -p "$R/usr/src"
11 mkdir -p "${R}/usr/src"
12 12
13 13 # Copy existing kernel sources into chroot directory
14 14 if [ -n "$KERNELSRC_DIR" ] && [ -d "$KERNELSRC_DIR" ] ; then
@@ -17,11 +17,11 if [ "$BUILD_KERNEL" = true ] ; then
17 17
18 18 # Clean the kernel sources
19 19 if [ "$KERNELSRC_CLEAN" = true ] && [ "$KERNELSRC_PREBUILT" = false ] ; then
20 make -C "$R/usr/src/linux" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" mrproper
20 make -C "${KERNELDIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" mrproper
21 21 fi
22 22 else # KERNELSRC_DIR=""
23 23 # Fetch current raspberrypi kernel sources
24 git -C "$R/usr/src" clone --depth=1 https://github.com/raspberrypi/linux
24 git -C "${R}/usr/src" clone --depth=1 https://github.com/raspberrypi/linux
25 25 fi
26 26
27 27 # Calculate optimal number of kernel building threads
@@ -33,7 +33,7 if [ "$BUILD_KERNEL" = true ] ; then
33 33 if [ "$KERNELSRC_PREBUILT" = false ] ; then
34 34 # Remove device, network and filesystem drivers from kernel configuration
35 35 if [ "$KERNEL_REDUCE" = true ] ; then
36 make -C "$R/usr/src/linux" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" "${KERNEL_DEFCONFIG}"
36 make -C "${KERNELDIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" "${KERNEL_DEFCONFIG}"
37 37 sed -i\
38 38 -e "s/\(^CONFIG_SND.*\=\).*/\1n/"\
39 39 -e "s/\(^CONFIG_SOUND.*\=\).*/\1n/"\
@@ -64,25 +64,25 if [ "$BUILD_KERNEL" = true ] ; then
64 64 -e "s/\(^CONFIG_TOUCHSCREEN.*\=\).*/\1n/"\
65 65 -e "s/\(^CONFIG_USB_GSPCA_.*\=\).*/\1n/"\
66 66 -e "s/\(^CONFIG_DRM.*\=\).*/\1n/"\
67 "$R/usr/src/linux/.config"
67 "${KERNELDIR}/.config"
68 68 fi
69 69
70 70 if [ "$KERNELSRC_CONFIG" = true ] ; then
71 71 # Load default raspberry kernel configuration
72 make -C "$R/usr/src/linux" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" "${KERNEL_DEFCONFIG}"
72 make -C "${KERNELDIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" "${KERNEL_DEFCONFIG}"
73 73
74 74 # Start menu-driven kernel configuration (interactive)
75 75 if [ "$KERNEL_MENUCONFIG" = true ] ; then
76 make -C "$R/usr/src/linux" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" menuconfig
76 make -C "${KERNELDIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" menuconfig
77 77 fi
78 78 fi
79 79
80 80 # Cross compile kernel and modules
81 make -C "$R/usr/src/linux" -j${KERNEL_THREADS} ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" zImage modules dtbs
81 make -C "${KERNELDIR}" -j${KERNEL_THREADS} ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" zImage modules dtbs
82 82 fi
83 83
84 84 # Check if kernel compilation was successful
85 if [ ! -r "$R/usr/src/linux/arch/${KERNEL_ARCH}/boot/zImage" ] ; then
85 if [ ! -r "${KERNELDIR}/arch/${KERNEL_ARCH}/boot/zImage" ] ; then
86 86 echo "error: kernel compilation failed! (zImage not found)"
87 87 cleanup
88 88 exit 1
@@ -90,50 +90,55 if [ "$BUILD_KERNEL" = true ] ; then
90 90
91 91 # Install kernel modules
92 92 if [ "$ENABLE_REDUCE" = true ] ; then
93 make -C "$R/usr/src/linux" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_MOD_STRIP=1 INSTALL_MOD_PATH=../../.. modules_install
93 make -C "${KERNELDIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_MOD_STRIP=1 INSTALL_MOD_PATH=../../.. modules_install
94 94 else
95 make -C "$R/usr/src/linux" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_MOD_PATH=../../.. modules_install
95 make -C "${KERNELDIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_MOD_PATH=../../.. modules_install
96 96
97 97 # Install kernel firmware
98 make -C "$R/usr/src/linux" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_FW_PATH=../../../lib firmware_install
98 make -C "${KERNELDIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_FW_PATH=../../../lib firmware_install
99 99 fi
100 100
101 101 # Install kernel headers
102 102 if [ "$KERNEL_HEADERS" = true ] && [ "$KERNEL_REDUCE" = false ] ; then
103 make -C "$R/usr/src/linux" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_HDR_PATH=../.. headers_install
103 make -C "${KERNELDIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_HDR_PATH=../.. headers_install
104 104 fi
105 105
106 106 # Prepare boot (firmware) directory
107 mkdir "$R/boot/firmware/"
107 mkdir "${BOOTDIR}"
108 108
109 109 # Get kernel release version
110 KERNEL_VERSION=`cat "$R/usr/src/linux/include/config/kernel.release"`
110 KERNEL_VERSION=`cat "${KERNELDIR}/include/config/kernel.release"`
111 111
112 112 # Copy kernel configuration file to the boot directory
113 install_readonly "$R/usr/src/linux/.config" "$R/boot/config-${KERNEL_VERSION}"
113 install_readonly "${KERNELDIR}/.config" "${R}/boot/config-${KERNEL_VERSION}"
114 114
115 115 # Copy dts and dtb device tree sources and binaries
116 mkdir "$R/boot/firmware/overlays/"
117 install_readonly "$R/usr/src/linux/arch/${KERNEL_ARCH}/boot/dts/"*.dtb "$R/boot/firmware/"
118 install_readonly "$R/usr/src/linux/arch/${KERNEL_ARCH}/boot/dts/overlays/"*.dtb* "$R/boot/firmware/overlays/"
119 install_readonly "$R/usr/src/linux/arch/${KERNEL_ARCH}/boot/dts/overlays/README" "$R/boot/firmware/overlays/README"
120
121 # Convert and copy zImage kernel to the boot directory
122 "$R/usr/src/linux/scripts/mkknlimg" "$R/usr/src/linux/arch/arm/boot/zImage" "$R/boot/firmware/kernel7.img"
116 mkdir "${BOOTDIR}/overlays"
117 install_readonly "${KERNELDIR}/arch/${KERNEL_ARCH}/boot/dts/"*.dtb "${BOOTDIR}/"
118 install_readonly "${KERNELDIR}/arch/${KERNEL_ARCH}/boot/dts/overlays/"*.dtb* "${BOOTDIR}/overlays/"
119 install_readonly "${KERNELDIR}/arch/${KERNEL_ARCH}/boot/dts/overlays/README" "${BOOTDIR}/overlays/README"
120
121 if [ "$ENABLE_UBOOT" = false ] ; then
122 # Convert and copy zImage kernel to the boot directory
123 "${KERNELDIR}/scripts/mkknlimg" "${KERNELDIR}/arch/${KERNEL_ARCH}/boot/zImage" "${BOOTDIR}/${KERNEL_IMAGE}"
124 else
125 # Copy zImage kernel to the boot directory
126 install_readonly "${KERNELDIR}/arch/${KERNEL_ARCH}/boot/zImage" "${BOOTDIR}/${KERNEL_IMAGE}"
127 fi
123 128
124 129 # Remove kernel sources
125 130 if [ "$KERNEL_REMOVESRC" = true ] ; then
126 rm -fr "$R/usr/src/linux"
131 rm -fr "${KERNELDIR}"
127 132 fi
128 133
129 134 # Install latest boot binaries from raspberry/firmware github
130 wget -q -O "$R/boot/firmware/bootcode.bin" https://github.com/raspberrypi/firmware/raw/master/boot/bootcode.bin
131 wget -q -O "$R/boot/firmware/fixup.dat" https://github.com/raspberrypi/firmware/raw/master/boot/fixup.dat
132 wget -q -O "$R/boot/firmware/fixup_cd.dat" https://github.com/raspberrypi/firmware/raw/master/boot/fixup_cd.dat
133 wget -q -O "$R/boot/firmware/fixup_x.dat" https://github.com/raspberrypi/firmware/raw/master/boot/fixup_x.dat
134 wget -q -O "$R/boot/firmware/start.elf" https://github.com/raspberrypi/firmware/raw/master/boot/start.elf
135 wget -q -O "$R/boot/firmware/start_cd.elf" https://github.com/raspberrypi/firmware/raw/master/boot/start_cd.elf
136 wget -q -O "$R/boot/firmware/start_x.elf" https://github.com/raspberrypi/firmware/raw/master/boot/start_x.elf
135 wget -q -O "${BOOTDIR}/bootcode.bin" https://github.com/raspberrypi/firmware/raw/master/boot/bootcode.bin
136 wget -q -O "${BOOTDIR}/fixup.dat" https://github.com/raspberrypi/firmware/raw/master/boot/fixup.dat
137 wget -q -O "${BOOTDIR}/fixup_cd.dat" https://github.com/raspberrypi/firmware/raw/master/boot/fixup_cd.dat
138 wget -q -O "${BOOTDIR}/fixup_x.dat" https://github.com/raspberrypi/firmware/raw/master/boot/fixup_x.dat
139 wget -q -O "${BOOTDIR}/start.elf" https://github.com/raspberrypi/firmware/raw/master/boot/start.elf
140 wget -q -O "${BOOTDIR}/start_cd.elf" https://github.com/raspberrypi/firmware/raw/master/boot/start_cd.elf
141 wget -q -O "${BOOTDIR}/start_x.elf" https://github.com/raspberrypi/firmware/raw/master/boot/start_x.elf
137 142
138 143 else # BUILD_KERNEL=false
139 144 # Kernel installation
@@ -143,14 +148,14 else # BUILD_KERNEL=false
143 148 chroot_exec apt-get -qq -y install flash-kernel
144 149
145 150 # Check if kernel installation was successful
146 VMLINUZ="$(ls -1 $R/boot/vmlinuz-* | sort | tail -n 1)"
151 VMLINUZ="$(ls -1 ${R}/boot/vmlinuz-* | sort | tail -n 1)"
147 152 if [ -z "$VMLINUZ" ] ; then
148 153 echo "error: kernel installation failed! (/boot/vmlinuz-* not found)"
149 154 cleanup
150 155 exit 1
151 156 fi
152 157 # Copy vmlinuz kernel to the boot directory
153 install_readonly "$VMLINUZ" "$R/boot/firmware/kernel7.img"
158 install_readonly "${VMLINUZ}" "${BOOTDIR}/${KERNEL_IMAGE}"
154 159 fi
155 160
156 161 # Setup firmware boot cmdline
@@ -160,6 +165,15 else
160 165 CMDLINE="dwc_otg.lpm_enable=0 root=/dev/mmcblk0p2 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline rootwait net.ifnames=1 console=tty1 ${CMDLINE}"
161 166 fi
162 167
168 # Add encrypted root partition to cmdline.txt
169 if [ "$ENABLE_CRYPTFS" = true ] ; then
170 if [ "$ENABLE_SPLITFS" = true ] ; then
171 CMDLINE=$(echo ${CMDLINE} | sed "s/sda1/mapper\/${CRYPTFS_MAPPING} cryptdevice=\/dev\/sda1:${CRYPTFS_MAPPING}/")
172 else
173 CMDLINE=$(echo ${CMDLINE} | sed "s/mmcblk0p2/mapper\/${CRYPTFS_MAPPING} cryptdevice=\/dev\/mmcblk0p2:${CRYPTFS_MAPPING}/")
174 fi
175 fi
176
163 177 # Add serial console support
164 178 if [ "$ENABLE_CONSOLE" = true ] ; then
165 179 CMDLINE="${CMDLINE} console=ttyAMA0,115200 kgdboc=ttyAMA0,115200"
@@ -171,69 +185,79 if [ "$ENABLE_IPV6" = false ] ; then
171 185 fi
172 186
173 187 # Install firmware boot cmdline
174 echo "${CMDLINE}" > "$R/boot/firmware/cmdline.txt"
175
176 # Add encrypted root partition to cmdline.txt
177 if [ "$ENABLE_CRYPTFS" = true ] ; then
178 sed -i "s/mmcblk0p2/mapper\/${CRYPTFS_MAPPING} cryptdevice=\/dev\/mmcblk0p2:${CRYPTFS_MAPPING}/" "$R/boot/firmware/cmdline.txt"
179 fi
188 echo "${CMDLINE}" > "${BOOTDIR}/cmdline.txt"
180 189
181 190 # Install firmware config
182 install_readonly files/boot/config.txt "$R/boot/firmware/config.txt"
191 install_readonly files/boot/config.txt "${BOOTDIR}/config.txt"
183 192
184 193 # Setup minimal GPU memory allocation size: 16MB (no X)
185 194 if [ "$ENABLE_MINGPU" = true ] ; then
186 echo "gpu_mem=16" >> "$R/boot/firmware/config.txt"
195 echo "gpu_mem=16" >> "${BOOTDIR}/config.txt"
187 196 fi
188 197
189 198 # Setup boot with initramfs
190 199 if [ "$ENABLE_INITRAMFS" = true ] ; then
191 echo "initramfs initramfs-${KERNEL_VERSION} followkernel" >> "$R/boot/firmware/config.txt"
200 echo "initramfs initramfs-${KERNEL_VERSION} followkernel" >> "${BOOTDIR}/config.txt"
192 201 fi
193 202
194 203 # Create firmware configuration and cmdline symlinks
195 ln -sf firmware/config.txt "$R/boot/config.txt"
196 ln -sf firmware/cmdline.txt "$R/boot/cmdline.txt"
204 ln -sf firmware/config.txt "${R}/boot/config.txt"
205 ln -sf firmware/cmdline.txt "${R}/boot/cmdline.txt"
197 206
198 207 # Install and setup kernel modules to load at boot
199 mkdir -p "$R/lib/modules-load.d/"
200 install_readonly files/modules/rpi2.conf "$R/lib/modules-load.d/rpi2.conf"
208 mkdir -p "${R}/lib/modules-load.d/"
209 install_readonly files/modules/rpi2.conf "${R}/lib/modules-load.d/rpi2.conf"
201 210
202 211 # Load hardware random module at boot
203 if [ "$ENABLE_HWRANDOM" = true ] ; then
204 sed -i "s/^# bcm2708_rng/bcm2708_rng/" "$R/lib/modules-load.d/rpi2.conf"
212 if [ "$ENABLE_HWRANDOM" = true ] && [ "$BUILD_KERNEL" = false ] ; then
213 sed -i "s/^# bcm2708_rng/bcm2708_rng/" "${R}/lib/modules-load.d/rpi2.conf"
205 214 fi
206 215
207 216 # Load sound module at boot
208 217 if [ "$ENABLE_SOUND" = true ] ; then
209 sed -i "s/^# snd_bcm2835/snd_bcm2835/" "$R/lib/modules-load.d/rpi2.conf"
218 sed -i "s/^# snd_bcm2835/snd_bcm2835/" "${R}/lib/modules-load.d/rpi2.conf"
210 219 fi
211 220
212 221 # Install kernel modules blacklist
213 mkdir -p "$R/etc/modprobe.d/"
214 install_readonly files/modules/raspi-blacklist.conf "$R/etc/modprobe.d/raspi-blacklist.conf"
222 mkdir -p "${ETCDIR}/modprobe.d/"
223 install_readonly files/modules/raspi-blacklist.conf "${ETCDIR}/modprobe.d/raspi-blacklist.conf"
215 224
216 225 # Install and setup fstab
217 install_readonly files/mount/fstab "$R/etc/fstab"
226 install_readonly files/mount/fstab "${ETCDIR}/fstab"
218 227
219 228 # Add usb/sda disk root partition to fstab
220 if [ "$ENABLE_SPLITFS" = true ] ; then
221 sed -i "s/mmcblk0p2/sda1/" "$R/etc/fstab"
229 if [ "$ENABLE_SPLITFS" = true ] && [ "$ENABLE_CRYPTFS" = false ] ; then
230 sed -i "s/mmcblk0p2/sda1/" "${ETCDIR}/fstab"
222 231 fi
223 232
224 233 # Add encrypted root partition to fstab and crypttab
225 234 if [ "$ENABLE_CRYPTFS" = true ] ; then
226 235 # Replace fstab root partition with encrypted partition mapping
227 sed -i "s/mmcblk0p2/mapper\/${CRYPTFS_MAPPING}/" "$R/etc/fstab"
236 sed -i "s/mmcblk0p2/mapper\/${CRYPTFS_MAPPING}/" "${ETCDIR}/fstab"
228 237
229 238 # Add encrypted partition to crypttab and fstab
230 install_readonly files/mount/crypttab "$R/etc/crypttab"
231 echo "${CRYPTFS_MAPPING} /dev/mmcblk0p2 none luks" >> "$R/etc/crypttab"
239 install_readonly files/mount/crypttab "${ETCDIR}/crypttab"
240 echo "${CRYPTFS_MAPPING} /dev/mmcblk0p2 none luks" >> "${ETCDIR}/crypttab"
241
242 if [ "$ENABLE_SPLITFS" = true ] ; then
243 # Add usb/sda disk to crypttab
244 sed -i "s/mmcblk0p2/sda1/" "${ETCDIR}/crypttab"
245 fi
232 246 fi
233 247
234 248 # Generate initramfs file
235 249 if [ "$ENABLE_INITRAMFS" = true ] ; then
236 250 if [ "$ENABLE_CRYPTFS" = true ] ; then
251 # Include initramfs scripts to auto expand encrypted root partition
252 if [ "$EXPANDROOT" = true ] ; then
253 install_exec files/initramfs/expand_encrypted_rootfs "${ETCDIR}/initramfs-tools/scripts/init-premount/expand_encrypted_rootfs"
254 install_exec files/initramfs/expand-premount "${ETCDIR}/initramfs-tools/scripts/local-premount/expand-premount"
255 install_exec files/initramfs/expand-tools "${ETCDIR}/initramfs-tools/hooks/expand-tools"
256 fi
257
258 # Disable SSHD inside initramfs
259 printf "#\n# DROPBEAR: [ y | n ]\n#\n\nDROPBEAR=n\n" >> "${ETCDIR}/initramfs-tools/initramfs.conf"
260
237 261 # Dummy mapping required by mkinitramfs
238 262 echo "0 1 crypt $(echo ${CRYPTFS_CIPHER} | cut -d ':' -f 1) ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff 0 7:0 4096" | chroot_exec dmsetup create "${CRYPTFS_MAPPING}"
239 263
@@ -249,4 +273,4 if [ "$ENABLE_INITRAMFS" = true ] ; then
249 273 fi
250 274
251 275 # Install sysctl.d configuration files
252 install_readonly files/sysctl.d/81-rpi-vm.conf "$R/etc/sysctl.d/81-rpi-vm.conf"
276 install_readonly files/sysctl.d/81-rpi-vm.conf "${ETCDIR}/sysctl.d/81-rpi-vm.conf"
@@ -6,37 +6,37
6 6 . ./functions.sh
7 7
8 8 # Install and setup hostname
9 install_readonly files/network/hostname "$R/etc/hostname"
10 sed -i "s/^rpi2-jessie/${HOSTNAME}/" "$R/etc/hostname"
9 install_readonly files/network/hostname "${ETCDIR}/hostname"
10 sed -i "s/^rpi2-jessie/${HOSTNAME}/" "${ETCDIR}/hostname"
11 11
12 12 # Install and setup hosts
13 install_readonly files/network/hosts "$R/etc/hosts"
14 sed -i "s/rpi2-jessie/${HOSTNAME}/" "$R/etc/hosts"
13 install_readonly files/network/hosts "${ETCDIR}/hosts"
14 sed -i "s/rpi2-jessie/${HOSTNAME}/" "${ETCDIR}/hosts"
15 15
16 16 # Setup hostname entry with static IP
17 17 if [ "$NET_ADDRESS" != "" ] ; then
18 18 NET_IP=$(echo "${NET_ADDRESS}" | cut -f 1 -d'/')
19 sed -i "s/^127.0.1.1/${NET_IP}/" "$R/etc/hosts"
19 sed -i "s/^127.0.1.1/${NET_IP}/" "${ETCDIR}/hosts"
20 20 fi
21 21
22 22 # Remove IPv6 hosts
23 23 if [ "$ENABLE_IPV6" = false ] ; then
24 sed -i -e "/::[1-9]/d" -e "/^$/d" "$R/etc/hosts"
24 sed -i -e "/::[1-9]/d" -e "/^$/d" "${ETCDIR}/hosts"
25 25 fi
26 26
27 27 # Install hint about network configuration
28 install_readonly files/network/interfaces "$R/etc/network/interfaces"
28 install_readonly files/network/interfaces "${ETCDIR}/network/interfaces"
29 29
30 30 # Install configuration for interface eth0
31 install_readonly files/network/eth.network "$R/etc/systemd/network/eth.network"
31 install_readonly files/network/eth.network "${ETCDIR}/systemd/network/eth.network"
32 32
33 33 if [ "$ENABLE_DHCP" = true ] ; then
34 34 # Enable DHCP configuration for interface eth0
35 sed -i -e "s/DHCP=.*/DHCP=yes/" -e "/DHCP/q" "$R/etc/systemd/network/eth.network"
35 sed -i -e "s/DHCP=.*/DHCP=yes/" -e "/DHCP/q" "${ETCDIR}/systemd/network/eth.network"
36 36
37 37 # Set DHCP configuration to IPv4 only
38 38 if [ "$ENABLE_IPV6" = false ] ; then
39 sed -i "s/DHCP=.*/DHCP=v4/" "$R/etc/systemd/network/eth.network"
39 sed -i "s/DHCP=.*/DHCP=v4/" "${ETCDIR}/systemd/network/eth.network"
40 40 fi
41 41
42 42 else # ENABLE_DHCP=false
@@ -50,23 +50,23 else # ENABLE_DHCP=false
50 50 -e "s|Domains=\$|Domains=${NET_DNS_DOMAINS}|"\
51 51 -e "0,/NTP=\$/ s|NTP=\$|NTP=${NET_NTP_1}|"\
52 52 -e "0,/NTP=\$/ s|NTP=\$|NTP=${NET_NTP_2}|"\
53 "$R/etc/systemd/network/eth.network"
53 "${ETCDIR}/systemd/network/eth.network"
54 54 fi
55 55
56 56 # Remove empty settings from network configuration
57 sed -i "/.*=\$/d" "$R/etc/systemd/network/eth.network"
57 sed -i "/.*=\$/d" "${ETCDIR}/systemd/network/eth.network"
58 58
59 59 # Enable systemd-networkd service
60 60 chroot_exec systemctl enable systemd-networkd
61 61
62 62 # Install host.conf resolver configuration
63 install_readonly files/network/host.conf "$R/etc/host.conf"
63 install_readonly files/network/host.conf "${ETCDIR}/host.conf"
64 64
65 65 # Enable network stack hardening
66 66 if [ "$ENABLE_HARDNET" = true ] ; then
67 67 # Install sysctl.d configuration files
68 install_readonly files/sysctl.d/82-rpi-net-hardening.conf "$R/etc/sysctl.d/82-rpi-net-hardening.conf"
68 install_readonly files/sysctl.d/82-rpi-net-hardening.conf "${ETCDIR}/sysctl.d/82-rpi-net-hardening.conf"
69 69
70 70 # Setup resolver warnings about spoofed addresses
71 sed -i "s/^# spoof warn/spoof warn/" "$R/etc/host.conf"
71 sed -i "s/^# spoof warn/spoof warn/" "${ETCDIR}/host.conf"
72 72 fi
@@ -7,16 +7,16
7 7
8 8 if [ "$ENABLE_IPTABLES" = true ] ; then
9 9 # Create iptables configuration directory
10 mkdir -p "$R/etc/iptables"
10 mkdir -p "${ETCDIR}/iptables"
11 11
12 12 # Install iptables systemd service
13 install_readonly files/iptables/iptables.service "$R/etc/systemd/system/iptables.service"
13 install_readonly files/iptables/iptables.service "${ETCDIR}/systemd/system/iptables.service"
14 14
15 15 # Install flush-table script called by iptables service
16 install_exec files/iptables/flush-iptables.sh "$R/etc/iptables/flush-iptables.sh"
16 install_exec files/iptables/flush-iptables.sh "${ETCDIR}/iptables/flush-iptables.sh"
17 17
18 18 # Install iptables rule file
19 install_readonly files/iptables/iptables.rules "$R/etc/iptables/iptables.rules"
19 install_readonly files/iptables/iptables.rules "${ETCDIR}/iptables/iptables.rules"
20 20
21 21 # Reload systemd configuration and enable iptables service
22 22 chroot_exec systemctl daemon-reload
@@ -24,12 +24,12 if [ "$ENABLE_IPTABLES" = true ] ; then
24 24
25 25 if [ "$ENABLE_IPV6" = true ] ; then
26 26 # Install ip6tables systemd service
27 install_readonly files/iptables/ip6tables.service "$R/etc/systemd/system/ip6tables.service"
27 install_readonly files/iptables/ip6tables.service "${ETCDIR}/systemd/system/ip6tables.service"
28 28
29 29 # Install ip6tables file
30 install_exec files/iptables/flush-ip6tables.sh "$R/etc/iptables/flush-ip6tables.sh"
30 install_exec files/iptables/flush-ip6tables.sh "${ETCDIR}/iptables/flush-ip6tables.sh"
31 31
32 install_readonly files/iptables/ip6tables.rules "$R/etc/iptables/ip6tables.rules"
32 install_readonly files/iptables/ip6tables.rules "${ETCDIR}/iptables/ip6tables.rules"
33 33
34 34 # Reload systemd configuration and enable iptables service
35 35 chroot_exec systemctl daemon-reload
@@ -39,6 +39,6 fi
39 39
40 40 if [ "$ENABLE_SSHD" = false ] ; then
41 41 # Remove SSHD related iptables rules
42 sed -i "/^#/! {/SSH/ s/^/# /}" "$R/etc/iptables/iptables.rules" 2> /dev/null
43 sed -i "/^#/! {/SSH/ s/^/# /}" "$R/etc/iptables/ip6tables.rules" 2> /dev/null
42 sed -i "/^#/! {/SSH/ s/^/# /}" "${ETCDIR}/iptables/iptables.rules" 2> /dev/null
43 sed -i "/^#/! {/SSH/ s/^/# /}" "${ETCDIR}/iptables/ip6tables.rules" 2> /dev/null
44 44 fi
@@ -19,7 +19,7 if [ "$ENABLE_ROOT" = true ] ; then
19 19 chroot_exec usermod -p "${ENCRYPTED_PASSWORD}" root
20 20
21 21 if [ "$ENABLE_ROOT_SSH" = true ] ; then
22 sed -i "s|[#]*PermitRootLogin.*|PermitRootLogin yes|g" "$R/etc/ssh/sshd_config"
22 sed -i "s|[#]*PermitRootLogin.*|PermitRootLogin yes|g" "${ETCDIR}/ssh/sshd_config"
23 23 fi
24 24 else
25 25 # Set no root password to disable root login
@@ -7,7 +7,7
7 7
8 8 # Disable rsyslog
9 9 if [ "$ENABLE_RSYSLOG" = false ] ; then
10 sed -i "s|[#]*ForwardToSyslog=yes|ForwardToSyslog=no|g" "$R/etc/systemd/journald.conf"
10 sed -i "s|[#]*ForwardToSyslog=yes|ForwardToSyslog=no|g" "${ETCDIR}/systemd/journald.conf"
11 11 chroot_exec systemctl disable rsyslog
12 12 chroot_exec apt-get -qq -y --force-yes purge rsyslog
13 13 fi
@@ -7,25 +7,61
7 7
8 8 # Install gcc/c++ build environment inside the chroot
9 9 if [ "$ENABLE_UBOOT" = true ] || [ "$ENABLE_FBTURBO" = true ] ; then
10 chroot_exec apt-get -q -y --force-yes --no-install-recommends install linux-compiler-gcc-4.9-arm g++ make bc
10 chroot_exec apt-get -q -y --force-yes --no-install-recommends install linux-compiler-gcc-4.8-arm g++ make bc
11 11 fi
12 12
13 13 # Fetch and build U-Boot bootloader
14 14 if [ "$ENABLE_UBOOT" = true ] ; then
15 15 # Fetch U-Boot bootloader sources
16 git -C "$R/tmp" clone git://git.denx.de/u-boot.git
16 git -C "${R}/tmp" clone git://git.denx.de/u-boot.git
17 17
18 18 # Build and install U-Boot inside chroot
19 chroot_exec make -C /tmp/u-boot/ rpi_2_defconfig all
19 chroot_exec make -C /tmp/u-boot/ ${UBOOT_CONFIG} all
20 20
21 21 # Copy compiled bootloader binary and set config.txt to load it
22 install_readonly "$R/tmp/u-boot/u-boot.bin" "$R/boot/firmware/u-boot.bin"
23 printf "\n# boot u-boot kernel\nkernel=u-boot.bin\n" >> "$R/boot/firmware/config.txt"
22 install_exec "${R}/tmp/u-boot/tools/mkimage" "${R}/usr/sbin/mkimage"
23 install_readonly "${R}/tmp/u-boot/u-boot.bin" "${BOOTDIR}/u-boot.bin"
24 printf "\n# boot u-boot kernel\nkernel=u-boot.bin\n" >> "${BOOTDIR}/config.txt"
24 25
25 26 # Install and setup U-Boot command file
26 install_readonly files/boot/uboot.mkimage "$R/boot/firmware/uboot.mkimage"
27 printf "# Set the kernel boot command line\nsetenv bootargs \"earlyprintk ${CMDLINE}\"\n\n$(cat $R/boot/firmware/uboot.mkimage)" > "$R/boot/firmware/uboot.mkimage"
27 install_readonly files/boot/uboot.mkimage "${BOOTDIR}/uboot.mkimage"
28 printf "# Set the kernel boot command line\nsetenv bootargs \"earlyprintk ${CMDLINE}\"\n\n$(cat ${BOOTDIR}/uboot.mkimage)" > "${BOOTDIR}/uboot.mkimage"
29
30 if [ "$ENABLE_INITRAMFS" = true ] ; then
31 # Convert generated initramfs for U-Boot using mkimage
32 chroot_exec /usr/sbin/mkimage -A "${KERNEL_ARCH}" -T ramdisk -C none -n "initramfs-${KERNEL_VERSION}" -d "/boot/firmware/initramfs-${KERNEL_VERSION}" "/boot/firmware/initramfs-${KERNEL_VERSION}.uboot"
33
34 # Remove original initramfs file
35 rm -f "${BOOTDIR}/initramfs-${KERNEL_VERSION}"
36
37 # Configure U-Boot to load generated initramfs
38 printf "# Set initramfs file\nsetenv initramfs initramfs-${KERNEL_VERSION}.uboot\n\n$(cat ${BOOTDIR}/uboot.mkimage)" > "${BOOTDIR}/uboot.mkimage"
39 printf "\nbootz \${kernel_addr_r} \${ramdisk_addr_r} \${fdt_addr_r}" >> "${BOOTDIR}/uboot.mkimage"
40 else # ENABLE_INITRAMFS=false
41 # Remove initramfs from U-Boot mkfile
42 sed -i '/.*initramfs.*/d' "${BOOTDIR}/uboot.mkimage"
43
44 if [ "$BUILD_KERNEL" = false ] ; then
45 # Remove dtbfile from U-Boot mkfile
46 sed -i '/.*dtbfile.*/d' "${BOOTDIR}/uboot.mkimage"
47 printf "\nbootz \${kernel_addr_r}" >> "${BOOTDIR}/uboot.mkimage"
48 else
49 printf "\nbootz \${kernel_addr_r} - \${fdt_addr_r}" >> "${BOOTDIR}/uboot.mkimage"
50 fi
51 fi
52
53 # Set mkfile to use dtb file
54 sed -i "s/^\(setenv dtbfile \).*/\1${DTB_FILE}/" "${BOOTDIR}/uboot.mkimage"
55
56 # Set mkfile to use kernel image
57 sed -i "s/^\(fatload mmc 0:1 \${kernel_addr_r} \).*/\1${KERNEL_IMAGE}/" "${BOOTDIR}/uboot.mkimage"
58
59 # Remove all leading blank lines
60 sed -i "/./,\$!d" "${BOOTDIR}/uboot.mkimage"
28 61
29 62 # Generate U-Boot bootloader image
30 chroot_exec /tmp/u-boot/tools/mkimage -A "${KERNEL_ARCH}" -O linux -T script -C none -a 0x00000000 -e 0x00000000 -n RPi2 -d /boot/firmware/uboot.mkimage /boot/firmware/boot.scr
63 chroot_exec /usr/sbin/mkimage -A "${KERNEL_ARCH}" -O linux -T script -C none -a 0x00000000 -e 0x00000000 -n RPi2 -d /boot/firmware/uboot.mkimage /boot/firmware/boot.scr
64
65 # Remove U-Boot sources
66 rm -fr "${R}/tmp/u-boot"
31 67 fi
@@ -7,7 +7,7
7 7
8 8 if [ "$ENABLE_FBTURBO" = true ] ; then
9 9 # Fetch fbturbo driver sources
10 git -C "$R/tmp" clone https://github.com/ssvb/xf86-video-fbturbo.git
10 git -C "${R}/tmp" clone https://github.com/ssvb/xf86-video-fbturbo.git
11 11
12 12 # Install Xorg build dependencies
13 13 chroot_exec apt-get -q -y --no-install-recommends install xorg-dev xutils-dev x11proto-dri2-dev libltdl-dev libtool automake libdrm-dev
@@ -22,7 +22,7 make install
22 22 EOF
23 23
24 24 # Install fbturbo driver Xorg configuration
25 install_readonly files/xorg/99-fbturbo.conf "$R/usr/share/X11/xorg.conf.d/99-fbturbo.conf"
25 install_readonly files/xorg/99-fbturbo.conf "${R}/usr/share/X11/xorg.conf.d/99-fbturbo.conf"
26 26
27 27 # Remove Xorg build dependencies
28 28 chroot_exec apt-get -qq -y --auto-remove purge xorg-dev xutils-dev x11proto-dri2-dev libltdl-dev libtool automake libdrm-dev
@@ -30,5 +30,5 fi
30 30
31 31 # Remove gcc/c++ build environment from the chroot
32 32 if [ "$ENABLE_UBOOT" = true ] || [ "$ENABLE_FBTURBO" = true ] ; then
33 chroot_exec apt-get -qq -y --auto-remove purge bc binutils cpp cpp-4.9 g++ g++-4.9 gcc gcc-4.9 libasan1 libatomic1 libc-dev-bin libc6-dev libcloog-isl4 libgcc-4.9-dev libgomp1 libisl10 libmpc3 libmpfr4 libstdc++-4.9-dev libubsan0 linux-compiler-gcc-4.9-arm linux-libc-dev make
33 chroot_exec apt-get -qq -y --auto-remove purge bc binutils cpp cpp-4.8 cpp-4.9 g++ g++-4.8 g++-4.9 gcc gcc-4.8 gcc-4.9 libasan1 libatomic1 libc-dev-bin libc6-dev libcloog-isl4 libgcc-4.8-dev libgcc-4.9-dev libgomp1 libisl10 libmpc3 libmpfr4 libstdc++-4.9-dev libubsan0 linux-compiler-gcc-4.8-arm linux-libc-dev make
34 34 fi
@@ -6,29 +6,34
6 6 . ./functions.sh
7 7
8 8 # Prepare rc.firstboot script
9 cat files/firstboot/10-begin.sh > "$R/etc/rc.firstboot"
9 cat files/firstboot/10-begin.sh > "${ETCDIR}/rc.firstboot"
10 10
11 11 # Ensure openssh server host keys are regenerated on first boot
12 12 if [ "$ENABLE_SSHD" = true ] ; then
13 cat files/firstboot/21-generate-ssh-keys.sh >> "$R/etc/rc.firstboot"
13 cat files/firstboot/21-generate-ssh-keys.sh >> "${ETCDIR}/rc.firstboot"
14 14 fi
15 15
16 16 # Prepare filesystem auto expand
17 17 if [ "$EXPANDROOT" = true ] ; then
18 cat files/firstboot/22-expandroot.sh >> "$R/etc/rc.firstboot"
18 if [ "$ENABLE_CRYPTFS" = false ] ; then
19 cat files/firstboot/22-expandroot.sh >> "${ETCDIR}/rc.firstboot"
20 else
21 # Regenerate initramfs to remove encrypted root partition auto expand
22 cat files/firstboot/23-regenerate-initramfs.sh >> "${ETCDIR}/rc.firstboot"
23 fi
19 24 fi
20 25
21 26 # Ensure that dbus machine-id exists
22 cat files/firstboot/23-generate-machineid.sh >> "$R/etc/rc.firstboot"
27 cat files/firstboot/24-generate-machineid.sh >> "${ETCDIR}/rc.firstboot"
23 28
24 29 # Create /etc/resolv.conf symlink
25 cat files/firstboot/24-create-resolv-symlink.sh >> "$R/etc/rc.firstboot"
30 cat files/firstboot/25-create-resolv-symlink.sh >> "${ETCDIR}/rc.firstboot"
26 31
27 32 # Finalize rc.firstboot script
28 cat files/firstboot/99-finish.sh >> "$R/etc/rc.firstboot"
29 chmod +x "$R/etc/rc.firstboot"
33 cat files/firstboot/99-finish.sh >> "${ETCDIR}/rc.firstboot"
34 chmod +x "${ETCDIR}/rc.firstboot"
30 35
31 36 # Add rc.firstboot script to rc.local
32 sed -i '/exit 0/d' "$R/etc/rc.local"
33 echo /etc/rc.firstboot >> "$R/etc/rc.local"
34 echo exit 0 >> "$R/etc/rc.local"
37 sed -i '/exit 0/d' "${ETCDIR}/rc.local"
38 echo /etc/rc.firstboot >> "${ETCDIR}/rc.local"
39 echo exit 0 >> "${ETCDIR}/rc.local"
@@ -10,33 +10,33 if [ "$ENABLE_REDUCE" = true ] ; then
10 10 if [ "$REDUCE_APT" = true ] ; then
11 11 # Install dpkg configuration file
12 12 if [ "$REDUCE_DOC" = true ] || [ "$REDUCE_MAN" = true ] ; then
13 install_readonly files/dpkg/01nodoc "$R/etc/dpkg/dpkg.cfg.d/01nodoc"
13 install_readonly files/dpkg/01nodoc "${ETCDIR}/dpkg/dpkg.cfg.d/01nodoc"
14 14 fi
15 15
16 16 # Install APT configuration files
17 install_readonly files/apt/02nocache "$R/etc/apt/apt.conf.d/02nocache"
18 install_readonly files/apt/03compress "$R/etc/apt/apt.conf.d/03compress"
19 install_readonly files/apt/04norecommends "$R/etc/apt/apt.conf.d/04norecommends"
17 install_readonly files/apt/02nocache "${ETCDIR}/apt/apt.conf.d/02nocache"
18 install_readonly files/apt/03compress "${ETCDIR}/apt/apt.conf.d/03compress"
19 install_readonly files/apt/04norecommends "${ETCDIR}/apt/apt.conf.d/04norecommends"
20 20
21 21 # Remove APT cache files
22 rm -fr "$R/var/cache/apt/pkgcache.bin"
23 rm -fr "$R/var/cache/apt/srcpkgcache.bin"
22 rm -fr "${R}/var/cache/apt/pkgcache.bin"
23 rm -fr "${R}/var/cache/apt/srcpkgcache.bin"
24 24 fi
25 25
26 26 # Remove all doc files
27 27 if [ "$REDUCE_DOC" = true ] ; then
28 find "$R/usr/share/doc" -depth -type f ! -name copyright | xargs rm || true
29 find "$R/usr/share/doc" -empty | xargs rmdir || true
28 find "${R}/usr/share/doc" -depth -type f ! -name copyright | xargs rm || true
29 find "${R}/usr/share/doc" -empty | xargs rmdir || true
30 30 fi
31 31
32 32 # Remove all man pages and info files
33 33 if [ "$REDUCE_MAN" = true ] ; then
34 rm -rf "$R/usr/share/man" "$R/usr/share/groff" "$R/usr/share/info" "$R/usr/share/lintian" "$R/usr/share/linda" "$R/var/cache/man"
34 rm -rf "${R}/usr/share/man" "${R}/usr/share/groff" "${R}/usr/share/info" "${R}/usr/share/lintian" "${R}/usr/share/linda" "${R}/var/cache/man"
35 35 fi
36 36
37 37 # Remove all locale translation files
38 38 if [ "$REDUCE_LOCALE" = true ] ; then
39 find "$R/usr/share/locale" -mindepth 1 -maxdepth 1 ! -name 'en' | xargs rm -r
39 find "${R}/usr/share/locale" -mindepth 1 -maxdepth 1 ! -name 'en' | xargs rm -r
40 40 fi
41 41
42 42 # Remove hwdb PCI device classes (experimental)
@@ -60,19 +60,19 if [ "$ENABLE_REDUCE" = true ] ; then
60 60
61 61 # Remove GPU kernels
62 62 if [ "$ENABLE_MINGPU" = true ] ; then
63 rm -f "$R/boot/firmware/start.elf"
64 rm -f "$R/boot/firmware/fixup.dat"
65 rm -f "$R/boot/firmware/start_x.elf"
66 rm -f "$R/boot/firmware/fixup_x.dat"
63 rm -f "${BOOTDIR}/start.elf"
64 rm -f "${BOOTDIR}/fixup.dat"
65 rm -f "${BOOTDIR}/start_x.elf"
66 rm -f "${BOOTDIR}/fixup_x.dat"
67 67 fi
68 68
69 69 # Remove kernel and initrd from /boot (already in /boot/firmware)
70 70 if [ "$BUILD_KERNEL" = false ] ; then
71 rm -r "$R/boot/vmlinuz--*"
72 rm -r "$R/boot/initrd.img-*"
71 rm -f "${R}/boot/vmlinuz-*"
72 rm -f "${R}/boot/initrd.img-*"
73 73 fi
74 74
75 75 # Clean APT list of repositories
76 rm -fr "$R/var/lib/apt/lists/*"
76 rm -fr "${R}/var/lib/apt/lists/*"
77 77 chroot_exec apt-get -qq -y update
78 78 fi
@@ -1,3 +1,6
1 # Set device tree fdtfile
2 setenv dtbfile bcm2709-rpi-2-b.dtb
3
1 4 # Tell Linux that it is booting on a Raspberry Pi2
2 5 setenv machid 0x00000c42
3 6
@@ -6,6 +9,7 saveenv
6 9
7 10 # Load the existing Linux kernel into RAM
8 11 fatload mmc 0:1 ${kernel_addr_r} kernel7.img
12 fatload mmc 0:1 ${fdt_addr_r} ${dtbfile}
13 fatload mmc 0:1 ${ramdisk_addr_r} ${initramfs}
9 14
10 15 # Boot the kernel we have just loaded
11 bootz ${kernel_addr_r}
@@ -1,8 +1,11
1 1 logger -t "rc.firstboot" "Generating SSH host keys"
2 2
3 3 if [ -d "/etc/ssh/" ] ; then
4 # Remove ssh host keys
4 5 rm -f /etc/ssh/ssh_host_*
5 6 systemctl stop sshd
7
8 # Regenerate ssh host keys
6 9 ssh-keygen -q -t rsa -N "" -f /etc/ssh/ssh_host_rsa_key
7 10 ssh-keygen -q -t dsa -N "" -f /etc/ssh/ssh_host_dsa_key
8 11 ssh-keygen -q -t ecdsa -N "" -f /etc/ssh/ssh_host_ecdsa_key
@@ -11,8 +14,11 if [ -d "/etc/ssh/" ] ; then
11 14 fi
12 15
13 16 if [ -d "/etc/dropbear/" ] ; then
17 # Remove ssh host keys
14 18 rm -f /etc/dropbear/dropbear_*
15 19 systemctl stop dropbear
20
21 # Regenerate ssh host keys
16 22 dropbearkey -t rsa -f /etc/dropbear/dropbear_rsa_host_key
17 23 dropbearkey -t dss -f /etc/dropbear/dropbear_dss_host_key
18 24 dropbearkey -t ecdsa -f /etc/dropbear/dropbear_ecdsa_host_key
@@ -1,10 +1,20
1 logger -t "rc.firstboot" "Expanding root"
1 logger -t "rc.firstboot" "Expanding root partition"
2
3 # Detect root partition device
2 4 ROOT_PART=$(mount | sed -n 's|^/dev/\(.*\) on / .*|\1|p')
3 PART_NUM=$(echo ${ROOT_PART} | grep -o '[1-9][0-9]*$')
5 if [ -z "$ROOT_PART" ] ; then
6 log_warning_msg "unable to detect root partition device"
7 return 1
8 fi
9
10 # Extract root device name
4 11 case "${ROOT_PART}" in
5 12 mmcblk0*) ROOT_DEV=mmcblk0 ;;
6 13 sda*) ROOT_DEV=sda ;;
7 14 esac
15
16 # Check detected root partition name
17 PART_NUM=$(echo ${ROOT_PART} | grep -o '[1-9][0-9]*$')
8 18 if [ "$PART_NUM" = "$ROOT_PART" ] ; then
9 19 logger -t "rc.firstboot" "$ROOT_PART is not an SD card. Don't know how to expand"
10 20 return 0
@@ -16,6 +26,8 if [ "$PART_NUM" -gt 2 ] ; then
16 26 logger -t "rc.firstboot" "Your partition layout is not currently supported by this tool."
17 27 return 0
18 28 fi
29
30 # Check if last partition number
19 31 LAST_PART_NUM=$(parted /dev/${ROOT_DEV} -ms unit s p | tail -n 1 | cut -f 1 -d:)
20 32 if [ $LAST_PART_NUM -ne $PART_NUM ]; then
21 33 logger -t "rc.firstboot" "$ROOT_PART is not the last partition. Don't know how to expand"
@@ -53,4 +65,4 EOF2
53 65 # Reload the partition table, resize root filesystem then remove resizing code from this file
54 66 partprobe &&
55 67 resize2fs /dev/${ROOT_PART} &&
56 logger -t "rc.firstboot" "Root partition successfuly resized."
68 logger -t "rc.firstboot" "Root partition successfully resized."
1 NO CONTENT: file renamed from files/firstboot/23-generate-machineid.sh to files/firstboot/24-generate-machineid.sh
1 NO CONTENT: file renamed from files/firstboot/24-create-resolv-symlink.sh to files/firstboot/25-create-resolv-symlink.sh
@@ -6,9 +6,9 cleanup (){
6 6
7 7 # Identify and kill all processes still using files
8 8 echo "killing processes using mount point ..."
9 fuser -k "$R"
9 fuser -k "${R}"
10 10 sleep 3
11 fuser -9 -k -v "$R"
11 fuser -9 -k -v "${R}"
12 12
13 13 # Clean up temporary .password file
14 14 if [ -r ".password" ] ; then
@@ -17,9 +17,9 cleanup (){
17 17
18 18 # Clean up all temporary mount points
19 19 echo "removing temporary mount points ..."
20 umount -l "$R/proc" 2> /dev/null
21 umount -l "$R/sys" 2> /dev/null
22 umount -l "$R/dev/pts" 2> /dev/null
20 umount -l "${R}/proc" 2> /dev/null
21 umount -l "${R}/sys" 2> /dev/null
22 umount -l "${R}/dev/pts" 2> /dev/null
23 23 umount "$BUILDDIR/mount/boot/firmware" 2> /dev/null
24 24 umount "$BUILDDIR/mount" 2> /dev/null
25 25 cryptsetup close "${CRYPTFS_MAPPING}" 2> /dev/null
@@ -30,7 +30,7 cleanup (){
30 30
31 31 chroot_exec() {
32 32 # Exec command in chroot
33 LANG=C LC_ALL=C DEBIAN_FRONTEND=noninteractive chroot $R $*
33 LANG=C LC_ALL=C DEBIAN_FRONTEND=noninteractive chroot ${R} $*
34 34 }
35 35
36 36 install_readonly() {
@@ -42,12 +42,20 RELEASE_ARCH=${RELEASE_ARCH:=armhf}
42 42 CROSS_COMPILE=${CROSS_COMPILE:=arm-linux-gnueabihf-}
43 43 COLLABORA_KERNEL=${COLLABORA_KERNEL:=3.18.0-trunk-rpi2}
44 44 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcm2709_defconfig}
45 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel7.img}
46 DTB_FILE=${DTB_FILE:=bcm2709-rpi-2-b.dtb}
47 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_2_defconfig}
45 48 QEMU_BINARY=${QEMU_BINARY:=/usr/bin/qemu-arm-static}
46 49
47 50 # Build directories
48 51 BASEDIR="$(pwd)/images/${RELEASE}"
49 52 BUILDDIR="${BASEDIR}/build"
53
54 # Chroot directories
50 55 R="${BUILDDIR}/chroot"
56 ETCDIR="${R}/etc"
57 BOOTDIR="${R}/boot/firmware"
58 KERNELDIR="${R}/usr/src/linux"
51 59
52 60 # General settings
53 61 HOSTNAME=${HOSTNAME:=rpi2-${RELEASE}}
@@ -239,7 +247,7 if [ -e "$BUILDDIR" ] ; then
239 247 fi
240 248
241 249 # Setup chroot directory
242 mkdir -p "$R"
250 mkdir -p "${R}"
243 251
244 252 # Check if build directory has enough of free disk space >512MB
245 253 if [ "$(df --output=avail ${BUILDDIR} | sed "1d")" -le "524288" ] ; then
@@ -354,7 +362,7 for SCRIPT in /chroot_scripts/* ; do
354 362 fi
355 363 done
356 364 EOF
357 rm -rf "$R/chroot_scripts"
365 rm -rf "${R}/chroot_scripts"
358 366 fi
359 367
360 368 # Remove apt-utils
@@ -362,8 +370,8 chroot_exec apt-get purge -qq -y --force-yes apt-utils
362 370
363 371 # Generate required machine-id
364 372 MACHINE_ID=$(dbus-uuidgen)
365 echo -n "${MACHINE_ID}" > "$R/var/lib/dbus/machine-id"
366 echo -n "${MACHINE_ID}" > "$R/etc/machine-id"
373 echo -n "${MACHINE_ID}" > "${R}/var/lib/dbus/machine-id"
374 echo -n "${MACHINE_ID}" > "${ETCDIR}/machine-id"
367 375
368 376 # APT Cleanup
369 377 chroot_exec apt-get -y clean
@@ -371,29 +379,29 chroot_exec apt-get -y autoclean
371 379 chroot_exec apt-get -y autoremove
372 380
373 381 # Unmount mounted filesystems
374 umount -l "$R/proc"
375 umount -l "$R/sys"
382 umount -l "${R}/proc"
383 umount -l "${R}/sys"
376 384
377 385 # Clean up directories
378 rm -rf "$R/run/*"
379 rm -rf "$R/tmp/*"
386 rm -rf "${R}/run/*"
387 rm -rf "${R}/tmp/*"
380 388
381 389 # Clean up files
382 rm -f "$R/etc/ssh/ssh_host_*"
383 rm -f "$R/etc/dropbear/dropbear_*"
384 rm -f "$R/etc/apt/sources.list.save"
385 rm -f "$R/etc/resolvconf/resolv.conf.d/original"
386 rm -f "$R/etc/*-"
387 rm -f "$R/root/.bash_history"
388 rm -f "$R/var/lib/urandom/random-seed"
389 rm -f "$R/etc/apt/apt.conf.d/10proxy"
390 rm -f "$R/etc/resolv.conf"
391 rm -f "$R/initrd.img"
392 rm -f "$R/vmlinuz"
390 rm -f "${ETCDIR}/ssh/ssh_host_*"
391 rm -f "${ETCDIR}/dropbear/dropbear_*"
392 rm -f "${ETCDIR}/apt/sources.list.save"
393 rm -f "${ETCDIR}/resolvconf/resolv.conf.d/original"
394 rm -f "${ETCDIR}/*-"
395 rm -f "${ETCDIR}/apt/apt.conf.d/10proxy"
396 rm -f "${ETCDIR}/resolv.conf"
397 rm -f "${R}/root/.bash_history"
398 rm -f "${R}/var/lib/urandom/random-seed"
399 rm -f "${R}/initrd.img"
400 rm -f "${R}/vmlinuz"
393 401 rm -f "${R}${QEMU_BINARY}"
394 402
395 403 # Calculate size of the chroot directory in KB
396 CHROOT_SIZE=$(expr `du -s "$R" | awk '{ print $1 }'`)
404 CHROOT_SIZE=$(expr `du -s "${R}" | awk '{ print $1 }'`)
397 405
398 406 # Calculate the amount of needed 512 Byte sectors
399 407 TABLE_SECTORS=$(expr 1 \* 1024 \* 1024 \/ 512)
@@ -482,7 +490,7 mkdir -p "$BUILDDIR/mount/boot/firmware"
482 490 mount "$FRMW_LOOP" "$BUILDDIR/mount/boot/firmware"
483 491
484 492 # Copy all files from the chroot to the loop device mount point directory
485 rsync -a "$R/" "$BUILDDIR/mount/"
493 rsync -a "${R}/" "$BUILDDIR/mount/"
486 494
487 495 # Unmount all temporary loop devices and mount points
488 496 cleanup
General Comments 0
Vous devez vous connecter pour laisser un commentaire. Se connecter maintenant