Raspi2-3_GenImage Commit - r82:d0f91512d9ca · Collaboration Tremplin des Sciences

fix: ENABLE_CRYPTFS -> UBOOT, SPLITFS, EXPANDROOT - cleanup

Jan Wagner -

r82:d0f91512d9ca

parent child

Context file:

r82:d0f91512d9ca

Expand all files

files/firstboot/23-regenerate-initramfs.sh created 644 +31 0

@@ -0,0 +1,31
	1	logger -t "rc.firstboot" "Regenerating initramfs to remove encrypted root partition auto-expand"
	2
	3	KERNEL_VERSION=$(uname -r)
	4	KERNEL_ARCH=$(uname -m)
	5	INITRAMFS="/boot/firmware/initramfs-${KERNEL_VERSION}"
	6	INITRAMFS_UBOOT="${INITRAMFS}.uboot"
	7
	8	# Extract kernel arch
	9	case "${KERNEL_ARCH}" in
	10	arm*) KERNEL_ARCH=arm ;;
	11	esac
	12
	13	# Regenerate initramfs
	14	if [ -r "${INITRAMFS}" ] ; then
	15	rm -f /etc/initramfs-tools/scripts/init-premount/expand_encrypted_rootfs
	16	rm -f /etc/initramfs-tools/scripts/local-premount/expand-premount
	17	rm -f /etc/initramfs-tools/hooks/expand-tools
	18	rm -f "${INITRAMFS}"
	19	mkinitramfs -o "${INITRAMFS}" "${KERNEL_VERSION}"
	20	fi
	21
	22	# Convert generated initramfs for U-Boot using mkimage
	23	if [ -r "${INITRAMFS_UBOOT}" ] ; then
	24	rm -f /etc/initramfs-tools/scripts/init-premount/expand_encrypted_rootfs
	25	rm -f /etc/initramfs-tools/scripts/local-premount/expand-premount
	26	rm -f /etc/initramfs-tools/hooks/expand-tools
	27	rm -f "${INITRAMFS_UBOOT}"
	28	mkinitramfs -o "${INITRAMFS}" "${KERNEL_VERSION}"
	29	mkimage -A "${KERNEL_ARCH}" -T ramdisk -C none -n "initramfs-${KERNEL_VERSION}" -d "${INITRAMFS}" "${INITRAMFS_UBOOT}"
	30	rm -f "${INITRAMFS}"
	31	fi

files/initramfs/expand-premount created 755 +19 0

@@ -0,0 +1,19
	1	#!/bin/sh
	2
	3	set -e
	4
	5	# Check for cryptdevice variable
	6	if [ -z "$cryptdevice" ] ; then
	7	echo "unable to get cryptdevice variable (local-premount)"
	8	exit 1
	9	fi
	10
	11	if [ -n "$ROOT" ] ; then
	12	# Resize encrypted root partition
	13	cryptsetup resize "${ROOT}"
	14	e2fsck -fp "${ROOT}"
	15	resize2fs -f "${ROOT}"
	16	e2fsck -fp "${ROOT}"
	17	fi
	18
	19	exit 0

files/initramfs/expand-tools created 755 +19 0

@@ -0,0 +1,19
	1	#!/bin/sh
	2
	3	set -e
	4
	5	# Use initramfs utility functions
	6	. /usr/share/initramfs-tools/hook-functions
	7
	8	# Add binaries required for resizing the filesystem
	9	copy_exec /bin/grep /bin
	10	copy_exec /usr/bin/awk /bin
	11	copy_exec /usr/bin/cut /bin
	12	copy_exec /usr/bin/tail /bin
	13	copy_exec /sbin/fdisk /sbin
	14	copy_exec /sbin/parted /sbin
	15	copy_exec /sbin/e2fsck /sbin
	16	copy_exec /sbin/resize2fs /sbin
	17	copy_exec /sbin/partprobe /sbin
	18
	19	exit 0

files/initramfs/expand_encrypted_rootfs created 644 +85 0

@@ -0,0 +1,85
	1	#!/bin/sh
	2	# expand_encrypted_rootfs initramfs-tools boot script
	3
	4	# dependencies: grep awk cut tail fdisk parted e2fsck resize2fs
	5
	6	set -e
	7
	8	# Wait for USB devices to be ready
	9	sleep 5
	10
	11	# Use initramfs utility functions
	12	if [ -r "/scripts/functions" ] ; then
	13	. /scripts/functions
	14	fi
	15
	16	# Check for cryptdevice variable
	17	if [ -z "$cryptdevice" ] ; then
	18	echo "unable to get cryptdevice variable (init-premount)"
	19	return 1
	20	fi
	21
	22	# Detect root partition device
	23	ROOT_PART=$(echo $cryptdevice \| awk -F"/\|:" '{ print $3 }')
	24	if [ -z "$ROOT_PART" ] ; then
	25	log_warning_msg "unable to detect encrypted root partition device (cryptdevice)"
	26	return 1
	27	fi
	28
	29	# Extract root device name
	30	case "${ROOT_PART}" in
	31	mmcblk0*) ROOT_DEV=mmcblk0 ;;
	32	sda*) ROOT_DEV=sda ;;
	33	esac
	34
	35	# Check detected root partition name
	36	PART_NUM=$(echo ${ROOT_PART} \| grep -o '[1-9][0-9]*$')
	37	if [ "$PART_NUM" = "$ROOT_PART" ] ; then
	38	log_warning_msg "$ROOT_PART is not an SD card. Don't know how to expand"
	39	return 1
	40	fi
	41
	42	# NOTE: the NOOBS partition layout confuses parted. For now, let's only
	43	# agree to work with a sufficiently simple partition layout
	44	if [ "$PART_NUM" -gt 2 ] ; then
	45	log_warning_msg "Your partition layout is not currently supported by this tool."
	46	return 1
	47	fi
	48
	49	# Check if last partition number
	50	LAST_PART_NUM=$(parted /dev/${ROOT_DEV} -ms unit s p \| tail -n 1 \| cut -f 1 -d:)
	51	if [ $LAST_PART_NUM -ne $PART_NUM ]; then
	52	log_warning_msg "$ROOT_PART is not the last partition. Don't know how to expand"
	53	return 1
	54	fi
	55
	56	# Get the starting offset of the root partition
	57	PART_START=$(parted /dev/${ROOT_DEV} -ms unit s p \| grep "^${PART_NUM}" \| cut -f 2 -d: \| sed 's/[^0-9]//g')
	58	if [ -z "$PART_START" ] ; then
	59	log_warning_msg "${ROOT_DEV} unable to get starting sector of the partition"
	60	return 1
	61	fi
	62
	63	# Get the possible last sector for the root partition
	64	PART_LAST=$(fdisk -l /dev/${ROOT_DEV} \| grep '^Disk.*sectors' \| awk '{ print $7 - 1 }')
	65	if [ -z "$PART_LAST" ] ; then
	66	log_warning_msg "${ROOT_DEV} unable to get last sector of the partition"
	67	return 1
	68	fi
	69
	70	### Since rc.local is run with "sh -e", let's add "\|\| true" to prevent premature exit
	71	fdisk /dev/${ROOT_DEV} 2> /dev/null <<EOF2 \|\| true
	72	p
	73	d
	74	$PART_NUM
	75	n
	76	p
	77	$PART_NUM
	78	$PART_START
	79	$PART_LAST
	80	p
	81	w
	82	EOF2
	83
	84	partprobe
	85	log_success_msg "Root partition successfully resized."

README.md +3 -2

             ## Build dependencies
             The following list of Debian packages must be installed on the build system because they are essentially required for the bootstrapping process. The script will check if all required packages are installed and missing packages will be installed automatically if confirmed by the user.
-              ```debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git-core```
+              ```debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git```
             ## Command-line parameters
             The script accepts certain command-line parameters to enable or disable specific OS features, services and configuration settings. These parameters are passed to the `rpi2-gen-image.sh` script via (simple) shell-variables. Unlike environment shell-variables (simple) shell-variables are defined at the beginning of the command-line call of the `rpi2-gen-image.sh` script.
             #### Encrypted root partition:
             ##### `ENABLE_CRYPTFS`=false
-            Enable full system encryption with dm-crypt. Setup a fully LUKS encrypted root partition (aes-xts-plain64:sha512) and generate required initramfs. The /boot directory will not be encrypted. This parameter will be ignored if `BUILD_KERNEL`=false. `ENABLE_CRYPTFS` is experimental. `ENABLE_UBOOT`, `ENABLE_SPLITFS`, `EXPANDROOT` and SSH-to-initramfs are currently not supported but will be soon - feel free to help.
+            Enable full system encryption with dm-crypt. Setup a fully LUKS encrypted root partition (aes-xts-plain64:sha512) and generate required initramfs. The /boot directory will not be encrypted. This parameter will be ignored if `BUILD_KERNEL`=false. `ENABLE_CRYPTFS` is experimental. SSH-to-initramfs is currently not supported but will be soon - feel free to help.
             ##### `CRYPTFS_PASSWORD`=""
             Set password of the encrypted root partition. This parameter is mandatory if `ENABLE_CRYPTFS`=true.
             | `boot` | Boot and RPi2 configuration files |
             | `dpkg` | Package Manager configuration |
             | `firstboot` | Scripts that get executed on first boot  |
+            | `initramfs` | Initramfs scripts |
             | `iptables` | Firewall configuration files |
             | `locales` | Locales configuration |
             | `modules` | Kernel Modules configuration |

bootstrap.d/10-bootstrap.sh +7 -7

             # Base debootstrap (unpack only)
             if [ "$ENABLE_MINBASE" = true ] ; then
-              http_proxy=${APT_PROXY} debootstrap --arch="${RELEASE_ARCH}" --foreign --variant=minbase --include="${APT_INCLUDES}" "${RELEASE}" "$R" "http://${APT_SERVER}/debian"
+              http_proxy=${APT_PROXY} debootstrap --arch="${RELEASE_ARCH}" --foreign --variant=minbase --include="${APT_INCLUDES}" "${RELEASE}" "${R}" "http://${APT_SERVER}/debian"
             else
-              http_proxy=${APT_PROXY} debootstrap --arch="${RELEASE_ARCH}" --foreign --include="${APT_INCLUDES}" "${RELEASE}" "$R" "http://${APT_SERVER}/debian"
+              http_proxy=${APT_PROXY} debootstrap --arch="${RELEASE_ARCH}" --foreign --include="${APT_INCLUDES}" "${RELEASE}" "${R}" "http://${APT_SERVER}/debian"
             fi
             # Copy qemu emulator binary to chroot
             install_exec "${QEMU_BINARY}" "${R}${QEMU_BINARY}"
             # Copy debian-archive-keyring.pgp
-            mkdir -p "$R/usr/share/keyrings"
+            mkdir -p "${R}/usr/share/keyrings"
-            install_readonly /usr/share/keyrings/debian-archive-keyring.gpg "$R/usr/share/keyrings/debian-archive-keyring.gpg"
+            install_readonly /usr/share/keyrings/debian-archive-keyring.gpg "${R}/usr/share/keyrings/debian-archive-keyring.gpg"
             # Complete the bootstrapping process
             chroot_exec /debootstrap/debootstrap --second-stage
             # Mount required filesystems
-            mount -t proc none "$R/proc"
+            mount -t proc none "${R}/proc"
-            mount -t sysfs none "$R/sys"
+            mount -t sysfs none "${R}/sys"
-            mount --bind /dev/pts "$R/dev/pts"
+            mount --bind /dev/pts "${R}/dev/pts"

bootstrap.d/11-apt.sh +8 -8

             # Install and setup APT proxy configuration
             if [ -z "$APT_PROXY" ] ; then
-              install_readonly files/apt/10proxy "$R/etc/apt/apt.conf.d/10proxy"
+              install_readonly files/apt/10proxy "${ETCDIR}/apt/apt.conf.d/10proxy"
-              sed -i "s/\"\"/\"${APT_PROXY}\"/" "$R/etc/apt/apt.conf.d/10proxy"
+              sed -i "s/\"\"/\"${APT_PROXY}\"/" "${ETCDIR}/apt/apt.conf.d/10proxy"
             fi
             if [ "$BUILD_KERNEL" = false ] ; then
               # Install APT pinning configuration for flash-kernel package
-              install_readonly files/apt/flash-kernel "$R/etc/apt/preferences.d/flash-kernel"
+              install_readonly files/apt/flash-kernel "${ETCDIR}/apt/preferences.d/flash-kernel"
               # Install APT sources.list
-              install_readonly files/apt/sources.list "$R/etc/apt/sources.list"
+              install_readonly files/apt/sources.list "${ETCDIR}/apt/sources.list"
-              echo "deb https://repositories.collabora.co.uk/debian ${RELEASE} rpi2" >> "$R/etc/apt/sources.list"
+              echo "deb https://repositories.collabora.co.uk/debian ${RELEASE} rpi2" >> "${ETCDIR}/apt/sources.list"
               # Upgrade collabora package index and install collabora keyring
               chroot_exec apt-get -qq -y update
               chroot_exec apt-get -qq -y --force-yes install collabora-obs-archive-keyring
             else # BUILD_KERNEL=true
               # Install APT sources.list
-              install_readonly files/apt/sources.list "$R/etc/apt/sources.list"
+              install_readonly files/apt/sources.list "${ETCDIR}/apt/sources.list"
               # Use specified APT server and release
-              sed -i "s/\/ftp.debian.org\//\/${APT_SERVER}\//" "$R/etc/apt/sources.list"
+              sed -i "s/\/ftp.debian.org\//\/${APT_SERVER}\//" "${ETCDIR}/apt/sources.list"
-              sed -i "s/ jessie/ ${RELEASE}/" "$R/etc/apt/sources.list"
+              sed -i "s/ jessie/ ${RELEASE}/" "${ETCDIR}/apt/sources.list"
             fi
             # Upgrade package index and update all installed packages and changed dependencies

bootstrap.d/12-locale.sh +10 -10

             . ./functions.sh
             # Install and setup timezone
-            echo ${TIMEZONE} > "$R/etc/timezone"
+            echo ${TIMEZONE} > "${ETCDIR}/timezone"
             chroot_exec dpkg-reconfigure -f noninteractive tzdata
             # Install and setup default locale and keyboard configuration
               else
                 # en_US.UTF-8 should be available anyway : https://www.debian.org/doc/manuals/debian-reference/ch08.en.html#_the_reconfiguration_of_the_locale
                 chroot_exec echo "locales locales/locales_to_be_generated multiselect en_US.UTF-8 UTF-8, ${DEFLOCAL} UTF-8" | debconf-set-selections
-                sed -i "/en_US.UTF-8/s/^#//" "$R/etc/locale.gen"
+                sed -i "/en_US.UTF-8/s/^#//" "${ETCDIR}/locale.gen"
               fi
-              sed -i "/${DEFLOCAL}/s/^#//" "$R/etc/locale.gen"
+              sed -i "/${DEFLOCAL}/s/^#//" "${ETCDIR}/locale.gen"
               chroot_exec echo "locales locales/default_environment_locale select ${DEFLOCAL}" | debconf-set-selections
               chroot_exec locale-gen
               chroot_exec update-locale LANG="${DEFLOCAL}"
               # Install and setup default keyboard configuration
               if [ "$XKB_MODEL" != "" ] ; then
-                sed -i "s/^XKBMODEL.*/XKBMODEL=\"${XKB_MODEL}\"/" "$R/etc/default/keyboard"
+                sed -i "s/^XKBMODEL.*/XKBMODEL=\"${XKB_MODEL}\"/" "${ETCDIR}/default/keyboard"
               fi
               if [ "$XKB_LAYOUT" != "" ] ; then
-                sed -i "s/^XKBLAYOUT.*/XKBLAYOUT=\"${XKB_LAYOUT}\"/" "$R/etc/default/keyboard"
+                sed -i "s/^XKBLAYOUT.*/XKBLAYOUT=\"${XKB_LAYOUT}\"/" "${ETCDIR}/default/keyboard"
               fi
               if [ "$XKB_VARIANT" != "" ] ; then
-                sed -i "s/^XKBVARIANT.*/XKBVARIANT=\"${XKB_VARIANT}\"/" "$R/etc/default/keyboard"
+                sed -i "s/^XKBVARIANT.*/XKBVARIANT=\"${XKB_VARIANT}\"/" "${ETCDIR}/default/keyboard"
               fi
               if [ "$XKB_OPTIONS" != "" ] ; then
-                sed -i "s/^XKBOPTIONS.*/XKBOPTIONS=\"${XKB_OPTIONS}\"/" "$R/etc/default/keyboard"
+                sed -i "s/^XKBOPTIONS.*/XKBOPTIONS=\"${XKB_OPTIONS}\"/" "${ETCDIR}/default/keyboard"
               fi
               chroot_exec dpkg-reconfigure -f noninteractive keyboard-configuration
               # Install and setup font console
               case "${DEFLOCAL}" in
                 *UTF-8)
-                  sed -i 's/^CHARMAP.*/CHARMAP="UTF-8"/' "$R/etc/default/console-setup"
+                  sed -i 's/^CHARMAP.*/CHARMAP="UTF-8"/' "${ETCDIR}/default/console-setup"
                   ;;
                 *)
-                  sed -i 's/^CHARMAP.*/CHARMAP="guess"/' "$R/etc/default/console-setup"
+                  sed -i 's/^CHARMAP.*/CHARMAP="guess"/' "${ETCDIR}/default/console-setup"
                   ;;
               esac
               chroot_exec dpkg-reconfigure -f noninteractive console-setup
             else # ENABLE_MINBASE=true
               # Install POSIX default locale
-              install_readonly files/locales/locale "$R/etc/default/locale"
+              install_readonly files/locales/locale "${ETCDIR}/default/locale"
             fi

bootstrap.d/13-kernel.sh +80 -56

             # Fetch and build latest raspberry kernel
             if [ "$BUILD_KERNEL" = true ] ; then
               # Setup source directory
-              mkdir -p "$R/usr/src"
+              mkdir -p "${R}/usr/src"
               # Copy existing kernel sources into chroot directory
               if [ -n "$KERNELSRC_DIR" ] && [ -d "$KERNELSRC_DIR" ] ; then
                 # Clean the kernel sources
                 if [ "$KERNELSRC_CLEAN" = true ] && [ "$KERNELSRC_PREBUILT" = false ] ; then
-                  make -C "$R/usr/src/linux" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" mrproper
+                  make -C "${KERNELDIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" mrproper
                 fi
               else # KERNELSRC_DIR=""
                 # Fetch current raspberrypi kernel sources
-                git -C "$R/usr/src" clone --depth=1 https://github.com/raspberrypi/linux
+                git -C "${R}/usr/src" clone --depth=1 https://github.com/raspberrypi/linux
               fi
               # Calculate optimal number of kernel building threads
               if [ "$KERNELSRC_PREBUILT" = false ] ; then
                 # Remove device, network and filesystem drivers from kernel configuration
                 if [ "$KERNEL_REDUCE" = true ] ; then
-                  make -C "$R/usr/src/linux" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" "${KERNEL_DEFCONFIG}"
+                  make -C "${KERNELDIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" "${KERNEL_DEFCONFIG}"
                   sed -i\
                   -e "s/\(^CONFIG_SND.*\=\).*/\1n/"\
                   -e "s/\(^CONFIG_SOUND.*\=\).*/\1n/"\
                   -e "s/\(^CONFIG_TOUCHSCREEN.*\=\).*/\1n/"\
                   -e "s/\(^CONFIG_USB_GSPCA_.*\=\).*/\1n/"\
                   -e "s/\(^CONFIG_DRM.*\=\).*/\1n/"\
-                  "$R/usr/src/linux/.config"
+                  "${KERNELDIR}/.config"
                 fi
                 if [ "$KERNELSRC_CONFIG" = true ] ; then
                   # Load default raspberry kernel configuration
-                  make -C "$R/usr/src/linux" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" "${KERNEL_DEFCONFIG}"
+                  make -C "${KERNELDIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" "${KERNEL_DEFCONFIG}"
                   # Start menu-driven kernel configuration (interactive)
                   if [ "$KERNEL_MENUCONFIG" = true ] ; then
-                    make -C "$R/usr/src/linux" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" menuconfig
+                    make -C "${KERNELDIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" menuconfig
                   fi
                 fi
                 # Cross compile kernel and modules
-                make -C "$R/usr/src/linux" -j${KERNEL_THREADS} ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" zImage modules dtbs
+                make -C "${KERNELDIR}" -j${KERNEL_THREADS} ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" zImage modules dtbs
               fi
               # Check if kernel compilation was successful
-              if [ ! -r "$R/usr/src/linux/arch/${KERNEL_ARCH}/boot/zImage" ] ; then
+              if [ ! -r "${KERNELDIR}/arch/${KERNEL_ARCH}/boot/zImage" ] ; then
                 echo "error: kernel compilation failed! (zImage not found)"
                 cleanup
                 exit 1
               # Install kernel modules
               if [ "$ENABLE_REDUCE" = true ] ; then
-                make -C "$R/usr/src/linux" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_MOD_STRIP=1 INSTALL_MOD_PATH=../../.. modules_install
+                make -C "${KERNELDIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_MOD_STRIP=1 INSTALL_MOD_PATH=../../.. modules_install
               else
-                make -C "$R/usr/src/linux" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_MOD_PATH=../../.. modules_install
+                make -C "${KERNELDIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_MOD_PATH=../../.. modules_install
                 # Install kernel firmware
-                make -C "$R/usr/src/linux" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_FW_PATH=../../../lib firmware_install
+                make -C "${KERNELDIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_FW_PATH=../../../lib firmware_install
               fi
               # Install kernel headers
               if [ "$KERNEL_HEADERS" = true ] && [ "$KERNEL_REDUCE" = false ] ; then
-                make -C "$R/usr/src/linux" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_HDR_PATH=../.. headers_install
+                make -C "${KERNELDIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_HDR_PATH=../.. headers_install
               fi
               # Prepare boot (firmware) directory
-              mkdir "$R/boot/firmware/"
+              mkdir "${BOOTDIR}"
               # Get kernel release version
-              KERNEL_VERSION=`cat "$R/usr/src/linux/include/config/kernel.release"`
+              KERNEL_VERSION=`cat "${KERNELDIR}/include/config/kernel.release"`
               # Copy kernel configuration file to the boot directory
-              install_readonly "$R/usr/src/linux/.config" "$R/boot/config-${KERNEL_VERSION}"
+              install_readonly "${KERNELDIR}/.config" "${R}/boot/config-${KERNEL_VERSION}"
               # Copy dts and dtb device tree sources and binaries
-              mkdir "$R/boot/firmware/overlays/"
+              mkdir "${BOOTDIR}/overlays"
-              install_readonly "$R/usr/src/linux/arch/${KERNEL_ARCH}/boot/dts/"*.dtb "$R/boot/firmware/"
+              install_readonly "${KERNELDIR}/arch/${KERNEL_ARCH}/boot/dts/"*.dtb "${BOOTDIR}/"
-              install_readonly "$R/usr/src/linux/arch/${KERNEL_ARCH}/boot/dts/overlays/"*.dtb* "$R/boot/firmware/overlays/"
+              install_readonly "${KERNELDIR}/arch/${KERNEL_ARCH}/boot/dts/overlays/"*.dtb* "${BOOTDIR}/overlays/"
-              install_readonly "$R/usr/src/linux/arch/${KERNEL_ARCH}/boot/dts/overlays/README" "$R/boot/firmware/overlays/README"
+              install_readonly "${KERNELDIR}/arch/${KERNEL_ARCH}/boot/dts/overlays/README" "${BOOTDIR}/overlays/README"
+              if [ "$ENABLE_UBOOT" = false ] ; then
                 # Convert and copy zImage kernel to the boot directory
-              "$R/usr/src/linux/scripts/mkknlimg" "$R/usr/src/linux/arch/arm/boot/zImage" "$R/boot/firmware/kernel7.img"
+                "${KERNELDIR}/scripts/mkknlimg" "${KERNELDIR}/arch/${KERNEL_ARCH}/boot/zImage" "${BOOTDIR}/${KERNEL_IMAGE}"
+              else
+                # Copy zImage kernel to the boot directory
+                install_readonly "${KERNELDIR}/arch/${KERNEL_ARCH}/boot/zImage" "${BOOTDIR}/${KERNEL_IMAGE}"
+              fi
               # Remove kernel sources
               if [ "$KERNEL_REMOVESRC" = true ] ; then
-                rm -fr "$R/usr/src/linux"
+                rm -fr "${KERNELDIR}"
               fi
               # Install latest boot binaries from raspberry/firmware github
-              wget -q -O "$R/boot/firmware/bootcode.bin" https://github.com/raspberrypi/firmware/raw/master/boot/bootcode.bin
+              wget -q -O "${BOOTDIR}/bootcode.bin" https://github.com/raspberrypi/firmware/raw/master/boot/bootcode.bin
-              wget -q -O "$R/boot/firmware/fixup.dat" https://github.com/raspberrypi/firmware/raw/master/boot/fixup.dat
+              wget -q -O "${BOOTDIR}/fixup.dat" https://github.com/raspberrypi/firmware/raw/master/boot/fixup.dat
-              wget -q -O "$R/boot/firmware/fixup_cd.dat" https://github.com/raspberrypi/firmware/raw/master/boot/fixup_cd.dat
+              wget -q -O "${BOOTDIR}/fixup_cd.dat" https://github.com/raspberrypi/firmware/raw/master/boot/fixup_cd.dat
-              wget -q -O "$R/boot/firmware/fixup_x.dat" https://github.com/raspberrypi/firmware/raw/master/boot/fixup_x.dat
+              wget -q -O "${BOOTDIR}/fixup_x.dat" https://github.com/raspberrypi/firmware/raw/master/boot/fixup_x.dat
-              wget -q -O "$R/boot/firmware/start.elf" https://github.com/raspberrypi/firmware/raw/master/boot/start.elf
+              wget -q -O "${BOOTDIR}/start.elf" https://github.com/raspberrypi/firmware/raw/master/boot/start.elf
-              wget -q -O "$R/boot/firmware/start_cd.elf" https://github.com/raspberrypi/firmware/raw/master/boot/start_cd.elf
+              wget -q -O "${BOOTDIR}/start_cd.elf" https://github.com/raspberrypi/firmware/raw/master/boot/start_cd.elf
-              wget -q -O "$R/boot/firmware/start_x.elf" https://github.com/raspberrypi/firmware/raw/master/boot/start_x.elf
+              wget -q -O "${BOOTDIR}/start_x.elf" https://github.com/raspberrypi/firmware/raw/master/boot/start_x.elf
             else # BUILD_KERNEL=false
               # Kernel installation
               chroot_exec apt-get -qq -y install flash-kernel
               # Check if kernel installation was successful
-              VMLINUZ="$(ls -1 $R/boot/vmlinuz-* | sort | tail -n 1)"
+              VMLINUZ="$(ls -1 ${R}/boot/vmlinuz-* | sort | tail -n 1)"
               if [ -z "$VMLINUZ" ] ; then
                 echo "error: kernel installation failed! (/boot/vmlinuz-* not found)"
                 cleanup
                 exit 1
               fi
               # Copy vmlinuz kernel to the boot directory
-              install_readonly "$VMLINUZ" "$R/boot/firmware/kernel7.img"
+              install_readonly "${VMLINUZ}" "${BOOTDIR}/${KERNEL_IMAGE}"
             fi
             # Setup firmware boot cmdline
               CMDLINE="dwc_otg.lpm_enable=0 root=/dev/mmcblk0p2 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline rootwait net.ifnames=1 console=tty1 ${CMDLINE}"
             fi
+            # Add encrypted root partition to cmdline.txt
+            if [ "$ENABLE_CRYPTFS" = true ] ; then
+              if [ "$ENABLE_SPLITFS" = true ] ; then
+                CMDLINE=$(echo ${CMDLINE} | sed "s/sda1/mapper\/${CRYPTFS_MAPPING} cryptdevice=\/dev\/sda1:${CRYPTFS_MAPPING}/")
+              else
+                CMDLINE=$(echo ${CMDLINE} | sed "s/mmcblk0p2/mapper\/${CRYPTFS_MAPPING} cryptdevice=\/dev\/mmcblk0p2:${CRYPTFS_MAPPING}/")
+              fi
+            fi
             # Add serial console support
             if [ "$ENABLE_CONSOLE" = true ] ; then
               CMDLINE="${CMDLINE} console=ttyAMA0,115200 kgdboc=ttyAMA0,115200"
             fi
             # Install firmware boot cmdline
-            echo "${CMDLINE}" > "$R/boot/firmware/cmdline.txt"
+            echo "${CMDLINE}" > "${BOOTDIR}/cmdline.txt"
-            # Add encrypted root partition to cmdline.txt
-            if [ "$ENABLE_CRYPTFS" = true ] ; then
-                sed -i "s/mmcblk0p2/mapper\/${CRYPTFS_MAPPING} cryptdevice=\/dev\/mmcblk0p2:${CRYPTFS_MAPPING}/" "$R/boot/firmware/cmdline.txt"
-            fi
             # Install firmware config
-            install_readonly files/boot/config.txt "$R/boot/firmware/config.txt"
+            install_readonly files/boot/config.txt "${BOOTDIR}/config.txt"
             # Setup minimal GPU memory allocation size: 16MB (no X)
             if [ "$ENABLE_MINGPU" = true ] ; then
-              echo "gpu_mem=16" >> "$R/boot/firmware/config.txt"
+              echo "gpu_mem=16" >> "${BOOTDIR}/config.txt"
             fi
             # Setup boot with initramfs
             if [ "$ENABLE_INITRAMFS" = true ] ; then
-              echo "initramfs initramfs-${KERNEL_VERSION} followkernel" >> "$R/boot/firmware/config.txt"
+              echo "initramfs initramfs-${KERNEL_VERSION} followkernel" >> "${BOOTDIR}/config.txt"
             fi
             # Create firmware configuration and cmdline symlinks
-            ln -sf firmware/config.txt "$R/boot/config.txt"
+            ln -sf firmware/config.txt "${R}/boot/config.txt"
-            ln -sf firmware/cmdline.txt "$R/boot/cmdline.txt"
+            ln -sf firmware/cmdline.txt "${R}/boot/cmdline.txt"
             # Install and setup kernel modules to load at boot
-            mkdir -p "$R/lib/modules-load.d/"
+            mkdir -p "${R}/lib/modules-load.d/"
-            install_readonly files/modules/rpi2.conf "$R/lib/modules-load.d/rpi2.conf"
+            install_readonly files/modules/rpi2.conf "${R}/lib/modules-load.d/rpi2.conf"
             # Load hardware random module at boot
-            if [ "$ENABLE_HWRANDOM" = true ] ; then
+            if [ "$ENABLE_HWRANDOM" = true ] && [ "$BUILD_KERNEL" = false ] ; then
-              sed -i "s/^# bcm2708_rng/bcm2708_rng/" "$R/lib/modules-load.d/rpi2.conf"
+              sed -i "s/^# bcm2708_rng/bcm2708_rng/" "${R}/lib/modules-load.d/rpi2.conf"
             fi
             # Load sound module at boot
             if [ "$ENABLE_SOUND" = true ] ; then
-              sed -i "s/^# snd_bcm2835/snd_bcm2835/" "$R/lib/modules-load.d/rpi2.conf"
+              sed -i "s/^# snd_bcm2835/snd_bcm2835/" "${R}/lib/modules-load.d/rpi2.conf"
             fi
             # Install kernel modules blacklist
-            mkdir -p "$R/etc/modprobe.d/"
+            mkdir -p "${ETCDIR}/modprobe.d/"
-            install_readonly files/modules/raspi-blacklist.conf "$R/etc/modprobe.d/raspi-blacklist.conf"
+            install_readonly files/modules/raspi-blacklist.conf "${ETCDIR}/modprobe.d/raspi-blacklist.conf"
             # Install and setup fstab
-            install_readonly files/mount/fstab "$R/etc/fstab"
+            install_readonly files/mount/fstab "${ETCDIR}/fstab"
             # Add usb/sda disk root partition to fstab
-            if [ "$ENABLE_SPLITFS" = true ] ; then
+            if [ "$ENABLE_SPLITFS" = true ] && [ "$ENABLE_CRYPTFS" = false ] ; then
-              sed -i "s/mmcblk0p2/sda1/" "$R/etc/fstab"
+              sed -i "s/mmcblk0p2/sda1/" "${ETCDIR}/fstab"
             fi
             # Add encrypted root partition to fstab and crypttab
             if [ "$ENABLE_CRYPTFS" = true ] ; then
               # Replace fstab root partition with encrypted partition mapping
-              sed -i "s/mmcblk0p2/mapper\/${CRYPTFS_MAPPING}/" "$R/etc/fstab"
+              sed -i "s/mmcblk0p2/mapper\/${CRYPTFS_MAPPING}/" "${ETCDIR}/fstab"
               # Add encrypted partition to crypttab and fstab
-              install_readonly files/mount/crypttab "$R/etc/crypttab"
+              install_readonly files/mount/crypttab "${ETCDIR}/crypttab"
-              echo "${CRYPTFS_MAPPING} /dev/mmcblk0p2 none luks" >> "$R/etc/crypttab"
+              echo "${CRYPTFS_MAPPING} /dev/mmcblk0p2 none luks" >> "${ETCDIR}/crypttab"
+              if [ "$ENABLE_SPLITFS" = true ] ; then
+                # Add usb/sda disk to crypttab
+                sed -i "s/mmcblk0p2/sda1/" "${ETCDIR}/crypttab"
+              fi
             fi
             # Generate initramfs file
             if [ "$ENABLE_INITRAMFS" = true ] ; then
               if [ "$ENABLE_CRYPTFS" = true ] ; then
+                # Include initramfs scripts to auto expand encrypted root partition
+                if [ "$EXPANDROOT" = true ] ; then
+                  install_exec files/initramfs/expand_encrypted_rootfs "${ETCDIR}/initramfs-tools/scripts/init-premount/expand_encrypted_rootfs"
+                  install_exec files/initramfs/expand-premount "${ETCDIR}/initramfs-tools/scripts/local-premount/expand-premount"
+                  install_exec files/initramfs/expand-tools "${ETCDIR}/initramfs-tools/hooks/expand-tools"
+                fi
+                # Disable SSHD inside initramfs
+                printf "#\n# DROPBEAR: [ y | n ]\n#\n\nDROPBEAR=n\n" >> "${ETCDIR}/initramfs-tools/initramfs.conf"
                 # Dummy mapping required by mkinitramfs
                 echo "0 1 crypt $(echo ${CRYPTFS_CIPHER} | cut -d ':' -f 1) ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff 0 7:0 4096" | chroot_exec dmsetup create "${CRYPTFS_MAPPING}"
             fi
             # Install sysctl.d configuration files
-            install_readonly files/sysctl.d/81-rpi-vm.conf "$R/etc/sysctl.d/81-rpi-vm.conf"
+            install_readonly files/sysctl.d/81-rpi-vm.conf "${ETCDIR}/sysctl.d/81-rpi-vm.conf"

bootstrap.d/20-networking.sh +15 -15

             . ./functions.sh
             # Install and setup hostname
-            install_readonly files/network/hostname "$R/etc/hostname"
+            install_readonly files/network/hostname "${ETCDIR}/hostname"
-            sed -i "s/^rpi2-jessie/${HOSTNAME}/" "$R/etc/hostname"
+            sed -i "s/^rpi2-jessie/${HOSTNAME}/" "${ETCDIR}/hostname"
             # Install and setup hosts
-            install_readonly files/network/hosts "$R/etc/hosts"
+            install_readonly files/network/hosts "${ETCDIR}/hosts"
-            sed -i "s/rpi2-jessie/${HOSTNAME}/" "$R/etc/hosts"
+            sed -i "s/rpi2-jessie/${HOSTNAME}/" "${ETCDIR}/hosts"
             # Setup hostname entry with static IP
             if [ "$NET_ADDRESS" != "" ] ; then
               NET_IP=$(echo "${NET_ADDRESS}" | cut -f 1 -d'/')
-              sed -i "s/^127.0.1.1/${NET_IP}/" "$R/etc/hosts"
+              sed -i "s/^127.0.1.1/${NET_IP}/" "${ETCDIR}/hosts"
             fi
             # Remove IPv6 hosts
             if [ "$ENABLE_IPV6" = false ] ; then
-              sed -i -e "/::[1-9]/d" -e "/^$/d" "$R/etc/hosts"
+              sed -i -e "/::[1-9]/d" -e "/^$/d" "${ETCDIR}/hosts"
             fi
             # Install hint about network configuration
-            install_readonly files/network/interfaces "$R/etc/network/interfaces"
+            install_readonly files/network/interfaces "${ETCDIR}/network/interfaces"
             # Install configuration for interface eth0
-            install_readonly files/network/eth.network "$R/etc/systemd/network/eth.network"
+            install_readonly files/network/eth.network "${ETCDIR}/systemd/network/eth.network"
             if [ "$ENABLE_DHCP" = true ] ; then
               # Enable DHCP configuration for interface eth0
-              sed -i -e "s/DHCP=.*/DHCP=yes/" -e "/DHCP/q" "$R/etc/systemd/network/eth.network"
+              sed -i -e "s/DHCP=.*/DHCP=yes/" -e "/DHCP/q" "${ETCDIR}/systemd/network/eth.network"
               # Set DHCP configuration to IPv4 only
               if [ "$ENABLE_IPV6" = false ] ; then
-                sed -i "s/DHCP=.*/DHCP=v4/" "$R/etc/systemd/network/eth.network"
+                sed -i "s/DHCP=.*/DHCP=v4/" "${ETCDIR}/systemd/network/eth.network"
               fi
             else # ENABLE_DHCP=false
               -e "s|Domains=\$|Domains=${NET_DNS_DOMAINS}|"\
               -e "0,/NTP=\$/ s|NTP=\$|NTP=${NET_NTP_1}|"\
               -e "0,/NTP=\$/ s|NTP=\$|NTP=${NET_NTP_2}|"\
-              "$R/etc/systemd/network/eth.network"
+              "${ETCDIR}/systemd/network/eth.network"
             fi
             # Remove empty settings from network configuration
-            sed -i "/.*=\$/d" "$R/etc/systemd/network/eth.network"
+            sed -i "/.*=\$/d" "${ETCDIR}/systemd/network/eth.network"
             # Enable systemd-networkd service
             chroot_exec systemctl enable systemd-networkd
             # Install host.conf resolver configuration
-            install_readonly files/network/host.conf "$R/etc/host.conf"
+            install_readonly files/network/host.conf "${ETCDIR}/host.conf"
             # Enable network stack hardening
             if [ "$ENABLE_HARDNET" = true ] ; then
               # Install sysctl.d configuration files
-              install_readonly files/sysctl.d/82-rpi-net-hardening.conf "$R/etc/sysctl.d/82-rpi-net-hardening.conf"
+              install_readonly files/sysctl.d/82-rpi-net-hardening.conf "${ETCDIR}/sysctl.d/82-rpi-net-hardening.conf"
               # Setup resolver warnings about spoofed addresses
-              sed -i "s/^# spoof warn/spoof warn/" "$R/etc/host.conf"
+              sed -i "s/^# spoof warn/spoof warn/" "${ETCDIR}/host.conf"
             fi

bootstrap.d/21-firewall.sh +9 -9

             if [ "$ENABLE_IPTABLES" = true ] ; then
               # Create iptables configuration directory
-              mkdir -p "$R/etc/iptables"
+              mkdir -p "${ETCDIR}/iptables"
               # Install iptables systemd service
-              install_readonly files/iptables/iptables.service "$R/etc/systemd/system/iptables.service"
+              install_readonly files/iptables/iptables.service "${ETCDIR}/systemd/system/iptables.service"
               # Install flush-table script called by iptables service
-              install_exec files/iptables/flush-iptables.sh "$R/etc/iptables/flush-iptables.sh"
+              install_exec files/iptables/flush-iptables.sh "${ETCDIR}/iptables/flush-iptables.sh"
               # Install iptables rule file
-              install_readonly files/iptables/iptables.rules "$R/etc/iptables/iptables.rules"
+              install_readonly files/iptables/iptables.rules "${ETCDIR}/iptables/iptables.rules"
               # Reload systemd configuration and enable iptables service
               chroot_exec systemctl daemon-reload
               if [ "$ENABLE_IPV6" = true ] ; then
                 # Install ip6tables systemd service
-                install_readonly files/iptables/ip6tables.service "$R/etc/systemd/system/ip6tables.service"
+                install_readonly files/iptables/ip6tables.service "${ETCDIR}/systemd/system/ip6tables.service"
                 # Install ip6tables file
-                install_exec files/iptables/flush-ip6tables.sh "$R/etc/iptables/flush-ip6tables.sh"
+                install_exec files/iptables/flush-ip6tables.sh "${ETCDIR}/iptables/flush-ip6tables.sh"
-                install_readonly files/iptables/ip6tables.rules "$R/etc/iptables/ip6tables.rules"
+                install_readonly files/iptables/ip6tables.rules "${ETCDIR}/iptables/ip6tables.rules"
                 # Reload systemd configuration and enable iptables service
                 chroot_exec systemctl daemon-reload
             if [ "$ENABLE_SSHD" = false ] ; then
              # Remove SSHD related iptables rules
-             sed -i "/^#/! {/SSH/ s/^/# /}" "$R/etc/iptables/iptables.rules" 2> /dev/null
+             sed -i "/^#/! {/SSH/ s/^/# /}" "${ETCDIR}/iptables/iptables.rules" 2> /dev/null
-             sed -i "/^#/! {/SSH/ s/^/# /}" "$R/etc/iptables/ip6tables.rules" 2> /dev/null
+             sed -i "/^#/! {/SSH/ s/^/# /}" "${ETCDIR}/iptables/ip6tables.rules" 2> /dev/null
             fi

bootstrap.d/30-security.sh +1 -1

               chroot_exec usermod -p "${ENCRYPTED_PASSWORD}" root
               if [ "$ENABLE_ROOT_SSH" = true ] ; then
-                sed -i "s|[#]*PermitRootLogin.*|PermitRootLogin yes|g" "$R/etc/ssh/sshd_config"
+                sed -i "s|[#]*PermitRootLogin.*|PermitRootLogin yes|g" "${ETCDIR}/ssh/sshd_config"
               fi
             else
               # Set no root password to disable root login

bootstrap.d/31-logging.sh +1 -1

             # Disable rsyslog
             if [ "$ENABLE_RSYSLOG" = false ] ; then
-              sed -i "s|[#]*ForwardToSyslog=yes|ForwardToSyslog=no|g" "$R/etc/systemd/journald.conf"
+              sed -i "s|[#]*ForwardToSyslog=yes|ForwardToSyslog=no|g" "${ETCDIR}/systemd/journald.conf"
               chroot_exec systemctl disable rsyslog
               chroot_exec apt-get -qq -y --force-yes purge rsyslog
             fi

bootstrap.d/41-uboot.sh +44 -8

@@ -7,25 +7,61
7		7
8	# Install gcc/c++ build environment inside the chroot	8	# Install gcc/c++ build environment inside the chroot
9	if [ "$ENABLE_UBOOT" = true ] \|\| [ "$ENABLE_FBTURBO" = true ] ; then	9	if [ "$ENABLE_UBOOT" = true ] \|\| [ "$ENABLE_FBTURBO" = true ] ; then
10	chroot_exec apt-get -q -y --force-yes --no-install-recommends install linux-compiler-gcc-4.9-arm g++ make bc	10	chroot_exec apt-get -q -y --force-yes --no-install-recommends install linux-compiler-gcc-4.8-arm g++ make bc
11	fi	11	fi
12		12
13	# Fetch and build U-Boot bootloader	13	# Fetch and build U-Boot bootloader
14	if [ "$ENABLE_UBOOT" = true ] ; then	14	if [ "$ENABLE_UBOOT" = true ] ; then
15	# Fetch U-Boot bootloader sources	15	# Fetch U-Boot bootloader sources
16	git -C "$R/tmp" clone git://git.denx.de/u-boot.git	16	git -C "${R}/tmp" clone git://git.denx.de/u-boot.git
17		17
18	# Build and install U-Boot inside chroot	18	# Build and install U-Boot inside chroot
19	chroot_exec make -C /tmp/u-boot/ ~~rpi_2_defconfig~~ all	19	chroot_exec make -C /tmp/u-boot/ ${UBOOT_CONFIG} all
20		20
21	# Copy compiled bootloader binary and set config.txt to load it	21	# Copy compiled bootloader binary and set config.txt to load it
22	install_readonly "$R/tmp/u-boot/u-boot.bin" "$R/boot/firmware/u-boot.bin"	22	install_exec "${R}/tmp/u-boot/tools/mkimage" "${R}/usr/sbin/mkimage"
23	printf "\n# boot u-boot kernel\nkernel=u-boot.bin\n" >> "$R/boot/firmware/config.txt"	23	install_readonly "${R}/tmp/u-boot/u-boot.bin" "${BOOTDIR}/u-boot.bin"
		24	printf "\n# boot u-boot kernel\nkernel=u-boot.bin\n" >> "${BOOTDIR}/config.txt"
24		25
25	# Install and setup U-Boot command file	26	# Install and setup U-Boot command file
26	install_readonly files/boot/uboot.mkimage "$R~~/boot/firmware~~/uboot.mkimage"	27	install_readonly files/boot/uboot.mkimage "${BOOTDIR}/uboot.mkimage"
27	printf "# Set the kernel boot command line\nsetenv bootargs \"earlyprintk ${CMDLINE}\"\n\n$(cat $R~~/boot/firmware~~/uboot.mkimage)" > "$R~~/boot/firmware~~/uboot.mkimage"	28	printf "# Set the kernel boot command line\nsetenv bootargs \"earlyprintk ${CMDLINE}\"\n\n$(cat ${BOOTDIR}/uboot.mkimage)" > "${BOOTDIR}/uboot.mkimage"
		29
		30	if [ "$ENABLE_INITRAMFS" = true ] ; then
		31	# Convert generated initramfs for U-Boot using mkimage
		32	chroot_exec /usr/sbin/mkimage -A "${KERNEL_ARCH}" -T ramdisk -C none -n "initramfs-${KERNEL_VERSION}" -d "/boot/firmware/initramfs-${KERNEL_VERSION}" "/boot/firmware/initramfs-${KERNEL_VERSION}.uboot"
		33
		34	# Remove original initramfs file
		35	rm -f "${BOOTDIR}/initramfs-${KERNEL_VERSION}"
		36
		37	# Configure U-Boot to load generated initramfs
		38	printf "# Set initramfs file\nsetenv initramfs initramfs-${KERNEL_VERSION}.uboot\n\n$(cat ${BOOTDIR}/uboot.mkimage)" > "${BOOTDIR}/uboot.mkimage"
		39	printf "\nbootz \${kernel_addr_r} \${ramdisk_addr_r} \${fdt_addr_r}" >> "${BOOTDIR}/uboot.mkimage"
		40	else # ENABLE_INITRAMFS=false
		41	# Remove initramfs from U-Boot mkfile
		42	sed -i '/.initramfs./d' "${BOOTDIR}/uboot.mkimage"
		43
		44	if [ "$BUILD_KERNEL" = false ] ; then
		45	# Remove dtbfile from U-Boot mkfile
		46	sed -i '/.dtbfile./d' "${BOOTDIR}/uboot.mkimage"
		47	printf "\nbootz \${kernel_addr_r}" >> "${BOOTDIR}/uboot.mkimage"
		48	else
		49	printf "\nbootz \${kernel_addr_r} - \${fdt_addr_r}" >> "${BOOTDIR}/uboot.mkimage"
		50	fi
		51	fi
		52
		53	# Set mkfile to use dtb file
		54	sed -i "s/^$setenv dtbfile $.*/\1${DTB_FILE}/" "${BOOTDIR}/uboot.mkimage"
		55
		56	# Set mkfile to use kernel image
		57	sed -i "s/^$fatload mmc 0:1 \${kernel_addr_r} $.*/\1${KERNEL_IMAGE}/" "${BOOTDIR}/uboot.mkimage"
		58
		59	# Remove all leading blank lines
		60	sed -i "/./,\$!d" "${BOOTDIR}/uboot.mkimage"
28		61
29	# Generate U-Boot bootloader image	62	# Generate U-Boot bootloader image
30	chroot_exec /~~tmp/u-boot/tools~~/mkimage -A "${KERNEL_ARCH}" -O linux -T script -C none -a 0x00000000 -e 0x00000000 -n RPi2 -d /boot/firmware/uboot.mkimage /boot/firmware/boot.scr	63	chroot_exec /usr/sbin/mkimage -A "${KERNEL_ARCH}" -O linux -T script -C none -a 0x00000000 -e 0x00000000 -n RPi2 -d /boot/firmware/uboot.mkimage /boot/firmware/boot.scr
		64
		65	# Remove U-Boot sources
		66	rm -fr "${R}/tmp/u-boot"
31	fi	67	fi

bootstrap.d/42-fbturbo.sh +3 -3

             if [ "$ENABLE_FBTURBO" = true ] ; then
               # Fetch fbturbo driver sources
-              git -C "$R/tmp" clone https://github.com/ssvb/xf86-video-fbturbo.git
+              git -C "${R}/tmp" clone https://github.com/ssvb/xf86-video-fbturbo.git
               # Install Xorg build dependencies
               chroot_exec apt-get -q -y --no-install-recommends install xorg-dev xutils-dev x11proto-dri2-dev libltdl-dev libtool automake libdrm-dev
             EOF
               # Install fbturbo driver Xorg configuration
-              install_readonly files/xorg/99-fbturbo.conf "$R/usr/share/X11/xorg.conf.d/99-fbturbo.conf"
+              install_readonly files/xorg/99-fbturbo.conf "${R}/usr/share/X11/xorg.conf.d/99-fbturbo.conf"
               # Remove Xorg build dependencies
               chroot_exec apt-get -qq -y --auto-remove purge xorg-dev xutils-dev x11proto-dri2-dev libltdl-dev libtool automake libdrm-dev
             # Remove gcc/c++ build environment from the chroot
             if [ "$ENABLE_UBOOT" = true ] || [ "$ENABLE_FBTURBO" = true ] ; then
-              chroot_exec apt-get -qq -y --auto-remove purge bc binutils cpp cpp-4.9 g++ g++-4.9 gcc gcc-4.9 libasan1 libatomic1 libc-dev-bin libc6-dev libcloog-isl4 libgcc-4.9-dev libgomp1 libisl10 libmpc3 libmpfr4 libstdc++-4.9-dev libubsan0 linux-compiler-gcc-4.9-arm linux-libc-dev make
+              chroot_exec apt-get -qq -y --auto-remove purge bc binutils cpp cpp-4.8 cpp-4.9 g++ g++-4.8 g++-4.9 gcc gcc-4.8 gcc-4.9 libasan1 libatomic1 libc-dev-bin libc6-dev libcloog-isl4 libgcc-4.8-dev libgcc-4.9-dev libgomp1 libisl10 libmpc3 libmpfr4 libstdc++-4.9-dev libubsan0 linux-compiler-gcc-4.8-arm linux-libc-dev make
             fi

bootstrap.d/50-firstboot.sh +15 -10

             . ./functions.sh
             # Prepare rc.firstboot script
-            cat files/firstboot/10-begin.sh > "$R/etc/rc.firstboot"
+            cat files/firstboot/10-begin.sh > "${ETCDIR}/rc.firstboot"
             # Ensure openssh server host keys are regenerated on first boot
             if [ "$ENABLE_SSHD" = true ] ; then
-              cat files/firstboot/21-generate-ssh-keys.sh >> "$R/etc/rc.firstboot"
+              cat files/firstboot/21-generate-ssh-keys.sh >> "${ETCDIR}/rc.firstboot"
             fi
             # Prepare filesystem auto expand
             if [ "$EXPANDROOT" = true ] ; then
-              cat files/firstboot/22-expandroot.sh >> "$R/etc/rc.firstboot"
+              if [ "$ENABLE_CRYPTFS" = false ] ; then
+                cat files/firstboot/22-expandroot.sh >> "${ETCDIR}/rc.firstboot"
+              else
+                # Regenerate initramfs to remove encrypted root partition auto expand
+                cat files/firstboot/23-regenerate-initramfs.sh >> "${ETCDIR}/rc.firstboot"
+              fi
             fi
             # Ensure that dbus machine-id exists
-            cat files/firstboot/23-generate-machineid.sh >> "$R/etc/rc.firstboot"
+            cat files/firstboot/24-generate-machineid.sh >> "${ETCDIR}/rc.firstboot"
             # Create /etc/resolv.conf symlink
-            cat files/firstboot/24-create-resolv-symlink.sh >> "$R/etc/rc.firstboot"
+            cat files/firstboot/25-create-resolv-symlink.sh >> "${ETCDIR}/rc.firstboot"
             # Finalize rc.firstboot script
-            cat files/firstboot/99-finish.sh >> "$R/etc/rc.firstboot"
+            cat files/firstboot/99-finish.sh >> "${ETCDIR}/rc.firstboot"
-            chmod +x "$R/etc/rc.firstboot"
+            chmod +x "${ETCDIR}/rc.firstboot"
             # Add rc.firstboot script to rc.local
-            sed -i '/exit 0/d' "$R/etc/rc.local"
+            sed -i '/exit 0/d' "${ETCDIR}/rc.local"
-            echo /etc/rc.firstboot >> "$R/etc/rc.local"
+            echo /etc/rc.firstboot >> "${ETCDIR}/rc.local"
-            echo exit 0 >> "$R/etc/rc.local"
+            echo exit 0 >> "${ETCDIR}/rc.local"

bootstrap.d/99-reduce.sh +17 -17

               if [ "$REDUCE_APT" = true ] ; then
                 # Install dpkg configuration file
                 if [ "$REDUCE_DOC" = true ] || [ "$REDUCE_MAN" = true ] ; then
-                  install_readonly files/dpkg/01nodoc "$R/etc/dpkg/dpkg.cfg.d/01nodoc"
+                  install_readonly files/dpkg/01nodoc "${ETCDIR}/dpkg/dpkg.cfg.d/01nodoc"
                 fi
                 # Install APT configuration files
-                install_readonly files/apt/02nocache "$R/etc/apt/apt.conf.d/02nocache"
+                install_readonly files/apt/02nocache "${ETCDIR}/apt/apt.conf.d/02nocache"
-                install_readonly files/apt/03compress "$R/etc/apt/apt.conf.d/03compress"
+                install_readonly files/apt/03compress "${ETCDIR}/apt/apt.conf.d/03compress"
-                install_readonly files/apt/04norecommends "$R/etc/apt/apt.conf.d/04norecommends"
+                install_readonly files/apt/04norecommends "${ETCDIR}/apt/apt.conf.d/04norecommends"
                 # Remove APT cache files
-                rm -fr "$R/var/cache/apt/pkgcache.bin"
+                rm -fr "${R}/var/cache/apt/pkgcache.bin"
-                rm -fr "$R/var/cache/apt/srcpkgcache.bin"
+                rm -fr "${R}/var/cache/apt/srcpkgcache.bin"
               fi
               # Remove all doc files
               if [ "$REDUCE_DOC" = true ] ; then
-                find "$R/usr/share/doc" -depth -type f ! -name copyright | xargs rm || true
+                find "${R}/usr/share/doc" -depth -type f ! -name copyright | xargs rm || true
-                find "$R/usr/share/doc" -empty | xargs rmdir || true
+                find "${R}/usr/share/doc" -empty | xargs rmdir || true
               fi
               # Remove all man pages and info files
               if [ "$REDUCE_MAN" = true ] ; then
-                rm -rf "$R/usr/share/man" "$R/usr/share/groff" "$R/usr/share/info" "$R/usr/share/lintian" "$R/usr/share/linda" "$R/var/cache/man"
+                rm -rf "${R}/usr/share/man" "${R}/usr/share/groff" "${R}/usr/share/info" "${R}/usr/share/lintian" "${R}/usr/share/linda" "${R}/var/cache/man"
               fi
               # Remove all locale translation files
               if [ "$REDUCE_LOCALE" = true ] ; then
-                find "$R/usr/share/locale" -mindepth 1 -maxdepth 1 ! -name 'en' | xargs rm -r
+                find "${R}/usr/share/locale" -mindepth 1 -maxdepth 1 ! -name 'en' | xargs rm -r
               fi
               # Remove hwdb PCI device classes (experimental)
               # Remove GPU kernels
               if [ "$ENABLE_MINGPU" = true ] ; then
-                rm -f "$R/boot/firmware/start.elf"
+                rm -f "${BOOTDIR}/start.elf"
-                rm -f "$R/boot/firmware/fixup.dat"
+                rm -f "${BOOTDIR}/fixup.dat"
-                rm -f "$R/boot/firmware/start_x.elf"
+                rm -f "${BOOTDIR}/start_x.elf"
-                rm -f "$R/boot/firmware/fixup_x.dat"
+                rm -f "${BOOTDIR}/fixup_x.dat"
               fi
               # Remove kernel and initrd from /boot (already in /boot/firmware)
               if [ "$BUILD_KERNEL" = false ] ; then
-                rm -r "$R/boot/vmlinuz--*"
+                rm -f "${R}/boot/vmlinuz-*"
-                rm -r "$R/boot/initrd.img-*"
+                rm -f "${R}/boot/initrd.img-*"
               fi
               # Clean APT list of repositories
-              rm -fr "$R/var/lib/apt/lists/*"
+              rm -fr "${R}/var/lib/apt/lists/*"
               chroot_exec apt-get -qq -y update
             fi

files/boot/uboot.mkimage +5 -1

+            # Set device tree fdtfile
+            setenv dtbfile bcm2709-rpi-2-b.dtb
             # Tell Linux that it is booting on a Raspberry Pi2
             setenv machid 0x00000c42
             # Load the existing Linux kernel into RAM
             fatload mmc 0:1 ${kernel_addr_r} kernel7.img
+            fatload mmc 0:1 ${fdt_addr_r} ${dtbfile}
+            fatload mmc 0:1 ${ramdisk_addr_r} ${initramfs}
             # Boot the kernel we have just loaded
-            bootz ${kernel_addr_r}

files/firstboot/21-generate-ssh-keys.sh +6 0

             logger -t "rc.firstboot" "Generating SSH host keys"
             if [ -d "/etc/ssh/" ] ; then
+              # Remove ssh host keys
               rm -f /etc/ssh/ssh_host_*
               systemctl stop sshd
+              # Regenerate ssh host keys
               ssh-keygen -q -t rsa -N "" -f /etc/ssh/ssh_host_rsa_key
               ssh-keygen -q -t dsa -N "" -f /etc/ssh/ssh_host_dsa_key
               ssh-keygen -q -t ecdsa -N "" -f /etc/ssh/ssh_host_ecdsa_key
             fi
             if [ -d "/etc/dropbear/" ] ; then
+              # Remove ssh host keys
               rm -f /etc/dropbear/dropbear_*
               systemctl stop dropbear
+              # Regenerate ssh host keys
               dropbearkey -t rsa -f /etc/dropbear/dropbear_rsa_host_key
               dropbearkey -t dss -f /etc/dropbear/dropbear_dss_host_key
               dropbearkey -t ecdsa -f /etc/dropbear/dropbear_ecdsa_host_key

files/firstboot/22-expandroot.sh +15 -3

-            logger -t "rc.firstboot" "Expanding root"
+            logger -t "rc.firstboot" "Expanding root partition"
+            # Detect root partition device
             ROOT_PART=$(mount | sed -n 's|^/dev/\(.*\) on / .*|\1|p')
-            PART_NUM=$(echo ${ROOT_PART} | grep -o '[1-9][0-9]*$')
+            if [ -z "$ROOT_PART" ] ; then
+              log_warning_msg "unable to detect root partition device"
+              return 1
+            fi
+            # Extract root device name
             case "${ROOT_PART}" in
               mmcblk0*) ROOT_DEV=mmcblk0 ;;
               sda*)     ROOT_DEV=sda ;;
             esac
+            # Check detected root partition name
+            PART_NUM=$(echo ${ROOT_PART} | grep -o '[1-9][0-9]*$')
             if [ "$PART_NUM" = "$ROOT_PART" ] ; then
               logger -t "rc.firstboot" "$ROOT_PART is not an SD card. Don't know how to expand"
               return 0
               logger -t "rc.firstboot" "Your partition layout is not currently supported by this tool."
               return 0
             fi
+            # Check if last partition number
             LAST_PART_NUM=$(parted /dev/${ROOT_DEV} -ms unit s p | tail -n 1 | cut -f 1 -d:)
             if [ $LAST_PART_NUM -ne $PART_NUM ]; then
               logger -t "rc.firstboot" "$ROOT_PART is not the last partition. Don't know how to expand"
             # Reload the partition table, resize root filesystem then remove resizing code from this file
             partprobe &&
               resize2fs /dev/${ROOT_PART} &&
-              logger -t "rc.firstboot" "Root partition successfuly resized."
+              logger -t "rc.firstboot" "Root partition successfully resized."

files/firstboot/24-generate-machineid.sh ~~files/firstboot/23-generate-machineid.sh~~ renamed 0 0

NO CONTENT: file renamed from files/firstboot/23-generate-machineid.sh to files/firstboot/24-generate-machineid.sh

files/firstboot/25-create-resolv-symlink.sh ~~files/firstboot/24-create-resolv-symlink.sh~~ renamed 0 0

NO CONTENT: file renamed from files/firstboot/24-create-resolv-symlink.sh to files/firstboot/25-create-resolv-symlink.sh

functions.sh +6 -6

               # Identify and kill all processes still using files
               echo "killing processes using mount point ..."
-              fuser -k "$R"
+              fuser -k "${R}"
               sleep 3
-              fuser -9 -k -v "$R"
+              fuser -9 -k -v "${R}"
               # Clean up temporary .password file
               if [ -r ".password" ] ; then
               # Clean up all temporary mount points
               echo "removing temporary mount points ..."
-              umount -l "$R/proc" 2> /dev/null
+              umount -l "${R}/proc" 2> /dev/null
-              umount -l "$R/sys" 2> /dev/null
+              umount -l "${R}/sys" 2> /dev/null
-              umount -l "$R/dev/pts" 2> /dev/null
+              umount -l "${R}/dev/pts" 2> /dev/null
               umount "$BUILDDIR/mount/boot/firmware" 2> /dev/null
               umount "$BUILDDIR/mount" 2> /dev/null
               cryptsetup close "${CRYPTFS_MAPPING}" 2> /dev/null
             chroot_exec() {
               # Exec command in chroot
-              LANG=C LC_ALL=C DEBIAN_FRONTEND=noninteractive chroot $R $*
+              LANG=C LC_ALL=C DEBIAN_FRONTEND=noninteractive chroot ${R} $*
             }
             install_readonly() {

rpi2-gen-image.sh +29 -21

             CROSS_COMPILE=${CROSS_COMPILE:=arm-linux-gnueabihf-}
             COLLABORA_KERNEL=${COLLABORA_KERNEL:=3.18.0-trunk-rpi2}
             KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcm2709_defconfig}
+            KERNEL_IMAGE=${KERNEL_IMAGE:=kernel7.img}
+            DTB_FILE=${DTB_FILE:=bcm2709-rpi-2-b.dtb}
+            UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_2_defconfig}
             QEMU_BINARY=${QEMU_BINARY:=/usr/bin/qemu-arm-static}
             # Build directories
             BASEDIR="$(pwd)/images/${RELEASE}"
             BUILDDIR="${BASEDIR}/build"
+            # Chroot directories
             R="${BUILDDIR}/chroot"
+            ETCDIR="${R}/etc"
+            BOOTDIR="${R}/boot/firmware"
+            KERNELDIR="${R}/usr/src/linux"
             # General settings
             HOSTNAME=${HOSTNAME:=rpi2-${RELEASE}}
             fi
             # Setup chroot directory
-            mkdir -p "$R"
+            mkdir -p "${R}"
             # Check if build directory has enough of free disk space >512MB
             if [ "$(df --output=avail ${BUILDDIR} | sed "1d")" -le "524288" ] ; then
               fi
             done
             EOF
-              rm -rf "$R/chroot_scripts"
+              rm -rf "${R}/chroot_scripts"
             fi
             # Remove apt-utils
             # Generate required machine-id
             MACHINE_ID=$(dbus-uuidgen)
-            echo -n "${MACHINE_ID}" > "$R/var/lib/dbus/machine-id"
+            echo -n "${MACHINE_ID}" > "${R}/var/lib/dbus/machine-id"
-            echo -n "${MACHINE_ID}" > "$R/etc/machine-id"
+            echo -n "${MACHINE_ID}" > "${ETCDIR}/machine-id"
             # APT Cleanup
             chroot_exec apt-get -y clean
             chroot_exec apt-get -y autoremove
             # Unmount mounted filesystems
-            umount -l "$R/proc"
+            umount -l "${R}/proc"
-            umount -l "$R/sys"
+            umount -l "${R}/sys"
             # Clean up directories
-            rm -rf "$R/run/*"
+            rm -rf "${R}/run/*"
-            rm -rf "$R/tmp/*"
+            rm -rf "${R}/tmp/*"
             # Clean up files
-            rm -f "$R/etc/ssh/ssh_host_*"
+            rm -f "${ETCDIR}/ssh/ssh_host_*"
-            rm -f "$R/etc/dropbear/dropbear_*"
+            rm -f "${ETCDIR}/dropbear/dropbear_*"
-            rm -f "$R/etc/apt/sources.list.save"
+            rm -f "${ETCDIR}/apt/sources.list.save"
-            rm -f "$R/etc/resolvconf/resolv.conf.d/original"
+            rm -f "${ETCDIR}/resolvconf/resolv.conf.d/original"
-            rm -f "$R/etc/*-"
+            rm -f "${ETCDIR}/*-"
-            rm -f "$R/root/.bash_history"
+            rm -f "${ETCDIR}/apt/apt.conf.d/10proxy"
-            rm -f "$R/var/lib/urandom/random-seed"
+            rm -f "${ETCDIR}/resolv.conf"
-            rm -f "$R/etc/apt/apt.conf.d/10proxy"
+            rm -f "${R}/root/.bash_history"
-            rm -f "$R/etc/resolv.conf"
+            rm -f "${R}/var/lib/urandom/random-seed"
-            rm -f "$R/initrd.img"
+            rm -f "${R}/initrd.img"
-            rm -f "$R/vmlinuz"
+            rm -f "${R}/vmlinuz"
             rm -f "${R}${QEMU_BINARY}"
             # Calculate size of the chroot directory in KB
-            CHROOT_SIZE=$(expr `du -s "$R" | awk '{ print $1 }'`)
+            CHROOT_SIZE=$(expr `du -s "${R}" | awk '{ print $1 }'`)
             # Calculate the amount of needed 512 Byte sectors
             TABLE_SECTORS=$(expr 1 \* 1024 \* 1024 \/ 512)
             mount "$FRMW_LOOP" "$BUILDDIR/mount/boot/firmware"
             # Copy all files from the chroot to the loop device mount point directory
-            rsync -a "$R/" "$BUILDDIR/mount/"
+            rsync -a "${R}/" "$BUILDDIR/mount/"
             # Unmount all temporary loop devices and mount points
             cleanup

General Comments 0

Écrire
Preview

Vous devez vous connecter pour laisser un commentaire. Se connecter maintenant

No TODOs yet

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Dépôts
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages