##// END OF EJS Templates
fix: ENABLE_CRYPTFS -> UBOOT, SPLITFS, EXPANDROOT - cleanup
Jan Wagner -
r82:d0f91512d9ca
parent child
Show More
@@ -0,0 +1,31
1 logger -t "rc.firstboot" "Regenerating initramfs to remove encrypted root partition auto-expand"
2
3 KERNEL_VERSION=$(uname -r)
4 KERNEL_ARCH=$(uname -m)
5 INITRAMFS="/boot/firmware/initramfs-${KERNEL_VERSION}"
6 INITRAMFS_UBOOT="${INITRAMFS}.uboot"
7
8 # Extract kernel arch
9 case "${KERNEL_ARCH}" in
10 arm*) KERNEL_ARCH=arm ;;
11 esac
12
13 # Regenerate initramfs
14 if [ -r "${INITRAMFS}" ] ; then
15 rm -f /etc/initramfs-tools/scripts/init-premount/expand_encrypted_rootfs
16 rm -f /etc/initramfs-tools/scripts/local-premount/expand-premount
17 rm -f /etc/initramfs-tools/hooks/expand-tools
18 rm -f "${INITRAMFS}"
19 mkinitramfs -o "${INITRAMFS}" "${KERNEL_VERSION}"
20 fi
21
22 # Convert generated initramfs for U-Boot using mkimage
23 if [ -r "${INITRAMFS_UBOOT}" ] ; then
24 rm -f /etc/initramfs-tools/scripts/init-premount/expand_encrypted_rootfs
25 rm -f /etc/initramfs-tools/scripts/local-premount/expand-premount
26 rm -f /etc/initramfs-tools/hooks/expand-tools
27 rm -f "${INITRAMFS_UBOOT}"
28 mkinitramfs -o "${INITRAMFS}" "${KERNEL_VERSION}"
29 mkimage -A "${KERNEL_ARCH}" -T ramdisk -C none -n "initramfs-${KERNEL_VERSION}" -d "${INITRAMFS}" "${INITRAMFS_UBOOT}"
30 rm -f "${INITRAMFS}"
31 fi
@@ -0,0 +1,19
1 #!/bin/sh
2
3 set -e
4
5 # Check for cryptdevice variable
6 if [ -z "$cryptdevice" ] ; then
7 echo "unable to get cryptdevice variable (local-premount)"
8 exit 1
9 fi
10
11 if [ -n "$ROOT" ] ; then
12 # Resize encrypted root partition
13 cryptsetup resize "${ROOT}"
14 e2fsck -fp "${ROOT}"
15 resize2fs -f "${ROOT}"
16 e2fsck -fp "${ROOT}"
17 fi
18
19 exit 0
@@ -0,0 +1,19
1 #!/bin/sh
2
3 set -e
4
5 # Use initramfs utility functions
6 . /usr/share/initramfs-tools/hook-functions
7
8 # Add binaries required for resizing the filesystem
9 copy_exec /bin/grep /bin
10 copy_exec /usr/bin/awk /bin
11 copy_exec /usr/bin/cut /bin
12 copy_exec /usr/bin/tail /bin
13 copy_exec /sbin/fdisk /sbin
14 copy_exec /sbin/parted /sbin
15 copy_exec /sbin/e2fsck /sbin
16 copy_exec /sbin/resize2fs /sbin
17 copy_exec /sbin/partprobe /sbin
18
19 exit 0
@@ -0,0 +1,85
1 #!/bin/sh
2 # expand_encrypted_rootfs initramfs-tools boot script
3
4 # dependencies: grep awk cut tail fdisk parted e2fsck resize2fs
5
6 set -e
7
8 # Wait for USB devices to be ready
9 sleep 5
10
11 # Use initramfs utility functions
12 if [ -r "/scripts/functions" ] ; then
13 . /scripts/functions
14 fi
15
16 # Check for cryptdevice variable
17 if [ -z "$cryptdevice" ] ; then
18 echo "unable to get cryptdevice variable (init-premount)"
19 return 1
20 fi
21
22 # Detect root partition device
23 ROOT_PART=$(echo $cryptdevice | awk -F"/|:" '{ print $3 }')
24 if [ -z "$ROOT_PART" ] ; then
25 log_warning_msg "unable to detect encrypted root partition device (cryptdevice)"
26 return 1
27 fi
28
29 # Extract root device name
30 case "${ROOT_PART}" in
31 mmcblk0*) ROOT_DEV=mmcblk0 ;;
32 sda*) ROOT_DEV=sda ;;
33 esac
34
35 # Check detected root partition name
36 PART_NUM=$(echo ${ROOT_PART} | grep -o '[1-9][0-9]*$')
37 if [ "$PART_NUM" = "$ROOT_PART" ] ; then
38 log_warning_msg "$ROOT_PART is not an SD card. Don't know how to expand"
39 return 1
40 fi
41
42 # NOTE: the NOOBS partition layout confuses parted. For now, let's only
43 # agree to work with a sufficiently simple partition layout
44 if [ "$PART_NUM" -gt 2 ] ; then
45 log_warning_msg "Your partition layout is not currently supported by this tool."
46 return 1
47 fi
48
49 # Check if last partition number
50 LAST_PART_NUM=$(parted /dev/${ROOT_DEV} -ms unit s p | tail -n 1 | cut -f 1 -d:)
51 if [ $LAST_PART_NUM -ne $PART_NUM ]; then
52 log_warning_msg "$ROOT_PART is not the last partition. Don't know how to expand"
53 return 1
54 fi
55
56 # Get the starting offset of the root partition
57 PART_START=$(parted /dev/${ROOT_DEV} -ms unit s p | grep "^${PART_NUM}" | cut -f 2 -d: | sed 's/[^0-9]//g')
58 if [ -z "$PART_START" ] ; then
59 log_warning_msg "${ROOT_DEV} unable to get starting sector of the partition"
60 return 1
61 fi
62
63 # Get the possible last sector for the root partition
64 PART_LAST=$(fdisk -l /dev/${ROOT_DEV} | grep '^Disk.*sectors' | awk '{ print $7 - 1 }')
65 if [ -z "$PART_LAST" ] ; then
66 log_warning_msg "${ROOT_DEV} unable to get last sector of the partition"
67 return 1
68 fi
69
70 ### Since rc.local is run with "sh -e", let's add "|| true" to prevent premature exit
71 fdisk /dev/${ROOT_DEV} 2> /dev/null <<EOF2 || true
72 p
73 d
74 $PART_NUM
75 n
76 p
77 $PART_NUM
78 $PART_START
79 $PART_LAST
80 p
81 w
82 EOF2
83
84 partprobe
85 log_success_msg "Root partition successfully resized."
@@ -5,7 +5,7
5 ## Build dependencies
5 ## Build dependencies
6 The following list of Debian packages must be installed on the build system because they are essentially required for the bootstrapping process. The script will check if all required packages are installed and missing packages will be installed automatically if confirmed by the user.
6 The following list of Debian packages must be installed on the build system because they are essentially required for the bootstrapping process. The script will check if all required packages are installed and missing packages will be installed automatically if confirmed by the user.
7
7
8 ```debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git-core```
8 ```debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git```
9
9
10 ## Command-line parameters
10 ## Command-line parameters
11 The script accepts certain command-line parameters to enable or disable specific OS features, services and configuration settings. These parameters are passed to the `rpi2-gen-image.sh` script via (simple) shell-variables. Unlike environment shell-variables (simple) shell-variables are defined at the beginning of the command-line call of the `rpi2-gen-image.sh` script.
11 The script accepts certain command-line parameters to enable or disable specific OS features, services and configuration settings. These parameters are passed to the `rpi2-gen-image.sh` script via (simple) shell-variables. Unlike environment shell-variables (simple) shell-variables are defined at the beginning of the command-line call of the `rpi2-gen-image.sh` script.
@@ -226,7 +226,7 Remove all `locale` translation files.
226 #### Encrypted root partition:
226 #### Encrypted root partition:
227
227
228 ##### `ENABLE_CRYPTFS`=false
228 ##### `ENABLE_CRYPTFS`=false
229 Enable full system encryption with dm-crypt. Setup a fully LUKS encrypted root partition (aes-xts-plain64:sha512) and generate required initramfs. The /boot directory will not be encrypted. This parameter will be ignored if `BUILD_KERNEL`=false. `ENABLE_CRYPTFS` is experimental. `ENABLE_UBOOT`, `ENABLE_SPLITFS`, `EXPANDROOT` and SSH-to-initramfs are currently not supported but will be soon - feel free to help.
229 Enable full system encryption with dm-crypt. Setup a fully LUKS encrypted root partition (aes-xts-plain64:sha512) and generate required initramfs. The /boot directory will not be encrypted. This parameter will be ignored if `BUILD_KERNEL`=false. `ENABLE_CRYPTFS` is experimental. SSH-to-initramfs is currently not supported but will be soon - feel free to help.
230
230
231 ##### `CRYPTFS_PASSWORD`=""
231 ##### `CRYPTFS_PASSWORD`=""
232 Set password of the encrypted root partition. This parameter is mandatory if `ENABLE_CRYPTFS`=true.
232 Set password of the encrypted root partition. This parameter is mandatory if `ENABLE_CRYPTFS`=true.
@@ -266,6 +266,7 All the required configuration files that will be copied to the generated OS ima
266 | `boot` | Boot and RPi2 configuration files |
266 | `boot` | Boot and RPi2 configuration files |
267 | `dpkg` | Package Manager configuration |
267 | `dpkg` | Package Manager configuration |
268 | `firstboot` | Scripts that get executed on first boot |
268 | `firstboot` | Scripts that get executed on first boot |
269 | `initramfs` | Initramfs scripts |
269 | `iptables` | Firewall configuration files |
270 | `iptables` | Firewall configuration files |
270 | `locales` | Locales configuration |
271 | `locales` | Locales configuration |
271 | `modules` | Kernel Modules configuration |
272 | `modules` | Kernel Modules configuration |
@@ -7,22 +7,22
7
7
8 # Base debootstrap (unpack only)
8 # Base debootstrap (unpack only)
9 if [ "$ENABLE_MINBASE" = true ] ; then
9 if [ "$ENABLE_MINBASE" = true ] ; then
10 http_proxy=${APT_PROXY} debootstrap --arch="${RELEASE_ARCH}" --foreign --variant=minbase --include="${APT_INCLUDES}" "${RELEASE}" "$R" "http://${APT_SERVER}/debian"
10 http_proxy=${APT_PROXY} debootstrap --arch="${RELEASE_ARCH}" --foreign --variant=minbase --include="${APT_INCLUDES}" "${RELEASE}" "${R}" "http://${APT_SERVER}/debian"
11 else
11 else
12 http_proxy=${APT_PROXY} debootstrap --arch="${RELEASE_ARCH}" --foreign --include="${APT_INCLUDES}" "${RELEASE}" "$R" "http://${APT_SERVER}/debian"
12 http_proxy=${APT_PROXY} debootstrap --arch="${RELEASE_ARCH}" --foreign --include="${APT_INCLUDES}" "${RELEASE}" "${R}" "http://${APT_SERVER}/debian"
13 fi
13 fi
14
14
15 # Copy qemu emulator binary to chroot
15 # Copy qemu emulator binary to chroot
16 install_exec "${QEMU_BINARY}" "${R}${QEMU_BINARY}"
16 install_exec "${QEMU_BINARY}" "${R}${QEMU_BINARY}"
17
17
18 # Copy debian-archive-keyring.pgp
18 # Copy debian-archive-keyring.pgp
19 mkdir -p "$R/usr/share/keyrings"
19 mkdir -p "${R}/usr/share/keyrings"
20 install_readonly /usr/share/keyrings/debian-archive-keyring.gpg "$R/usr/share/keyrings/debian-archive-keyring.gpg"
20 install_readonly /usr/share/keyrings/debian-archive-keyring.gpg "${R}/usr/share/keyrings/debian-archive-keyring.gpg"
21
21
22 # Complete the bootstrapping process
22 # Complete the bootstrapping process
23 chroot_exec /debootstrap/debootstrap --second-stage
23 chroot_exec /debootstrap/debootstrap --second-stage
24
24
25 # Mount required filesystems
25 # Mount required filesystems
26 mount -t proc none "$R/proc"
26 mount -t proc none "${R}/proc"
27 mount -t sysfs none "$R/sys"
27 mount -t sysfs none "${R}/sys"
28 mount --bind /dev/pts "$R/dev/pts"
28 mount --bind /dev/pts "${R}/dev/pts"
@@ -7,28 +7,28
7
7
8 # Install and setup APT proxy configuration
8 # Install and setup APT proxy configuration
9 if [ -z "$APT_PROXY" ] ; then
9 if [ -z "$APT_PROXY" ] ; then
10 install_readonly files/apt/10proxy "$R/etc/apt/apt.conf.d/10proxy"
10 install_readonly files/apt/10proxy "${ETCDIR}/apt/apt.conf.d/10proxy"
11 sed -i "s/\"\"/\"${APT_PROXY}\"/" "$R/etc/apt/apt.conf.d/10proxy"
11 sed -i "s/\"\"/\"${APT_PROXY}\"/" "${ETCDIR}/apt/apt.conf.d/10proxy"
12 fi
12 fi
13
13
14 if [ "$BUILD_KERNEL" = false ] ; then
14 if [ "$BUILD_KERNEL" = false ] ; then
15 # Install APT pinning configuration for flash-kernel package
15 # Install APT pinning configuration for flash-kernel package
16 install_readonly files/apt/flash-kernel "$R/etc/apt/preferences.d/flash-kernel"
16 install_readonly files/apt/flash-kernel "${ETCDIR}/apt/preferences.d/flash-kernel"
17
17
18 # Install APT sources.list
18 # Install APT sources.list
19 install_readonly files/apt/sources.list "$R/etc/apt/sources.list"
19 install_readonly files/apt/sources.list "${ETCDIR}/apt/sources.list"
20 echo "deb https://repositories.collabora.co.uk/debian ${RELEASE} rpi2" >> "$R/etc/apt/sources.list"
20 echo "deb https://repositories.collabora.co.uk/debian ${RELEASE} rpi2" >> "${ETCDIR}/apt/sources.list"
21
21
22 # Upgrade collabora package index and install collabora keyring
22 # Upgrade collabora package index and install collabora keyring
23 chroot_exec apt-get -qq -y update
23 chroot_exec apt-get -qq -y update
24 chroot_exec apt-get -qq -y --force-yes install collabora-obs-archive-keyring
24 chroot_exec apt-get -qq -y --force-yes install collabora-obs-archive-keyring
25 else # BUILD_KERNEL=true
25 else # BUILD_KERNEL=true
26 # Install APT sources.list
26 # Install APT sources.list
27 install_readonly files/apt/sources.list "$R/etc/apt/sources.list"
27 install_readonly files/apt/sources.list "${ETCDIR}/apt/sources.list"
28
28
29 # Use specified APT server and release
29 # Use specified APT server and release
30 sed -i "s/\/ftp.debian.org\//\/${APT_SERVER}\//" "$R/etc/apt/sources.list"
30 sed -i "s/\/ftp.debian.org\//\/${APT_SERVER}\//" "${ETCDIR}/apt/sources.list"
31 sed -i "s/ jessie/ ${RELEASE}/" "$R/etc/apt/sources.list"
31 sed -i "s/ jessie/ ${RELEASE}/" "${ETCDIR}/apt/sources.list"
32 fi
32 fi
33
33
34 # Upgrade package index and update all installed packages and changed dependencies
34 # Upgrade package index and update all installed packages and changed dependencies
@@ -6,7 +6,7
6 . ./functions.sh
6 . ./functions.sh
7
7
8 # Install and setup timezone
8 # Install and setup timezone
9 echo ${TIMEZONE} > "$R/etc/timezone"
9 echo ${TIMEZONE} > "${ETCDIR}/timezone"
10 chroot_exec dpkg-reconfigure -f noninteractive tzdata
10 chroot_exec dpkg-reconfigure -f noninteractive tzdata
11
11
12 # Install and setup default locale and keyboard configuration
12 # Install and setup default locale and keyboard configuration
@@ -19,40 +19,40 if [ "$ENABLE_MINBASE" = false ] ; then
19 else
19 else
20 # en_US.UTF-8 should be available anyway : https://www.debian.org/doc/manuals/debian-reference/ch08.en.html#_the_reconfiguration_of_the_locale
20 # en_US.UTF-8 should be available anyway : https://www.debian.org/doc/manuals/debian-reference/ch08.en.html#_the_reconfiguration_of_the_locale
21 chroot_exec echo "locales locales/locales_to_be_generated multiselect en_US.UTF-8 UTF-8, ${DEFLOCAL} UTF-8" | debconf-set-selections
21 chroot_exec echo "locales locales/locales_to_be_generated multiselect en_US.UTF-8 UTF-8, ${DEFLOCAL} UTF-8" | debconf-set-selections
22 sed -i "/en_US.UTF-8/s/^#//" "$R/etc/locale.gen"
22 sed -i "/en_US.UTF-8/s/^#//" "${ETCDIR}/locale.gen"
23 fi
23 fi
24
24
25 sed -i "/${DEFLOCAL}/s/^#//" "$R/etc/locale.gen"
25 sed -i "/${DEFLOCAL}/s/^#//" "${ETCDIR}/locale.gen"
26 chroot_exec echo "locales locales/default_environment_locale select ${DEFLOCAL}" | debconf-set-selections
26 chroot_exec echo "locales locales/default_environment_locale select ${DEFLOCAL}" | debconf-set-selections
27 chroot_exec locale-gen
27 chroot_exec locale-gen
28 chroot_exec update-locale LANG="${DEFLOCAL}"
28 chroot_exec update-locale LANG="${DEFLOCAL}"
29
29
30 # Install and setup default keyboard configuration
30 # Install and setup default keyboard configuration
31 if [ "$XKB_MODEL" != "" ] ; then
31 if [ "$XKB_MODEL" != "" ] ; then
32 sed -i "s/^XKBMODEL.*/XKBMODEL=\"${XKB_MODEL}\"/" "$R/etc/default/keyboard"
32 sed -i "s/^XKBMODEL.*/XKBMODEL=\"${XKB_MODEL}\"/" "${ETCDIR}/default/keyboard"
33 fi
33 fi
34 if [ "$XKB_LAYOUT" != "" ] ; then
34 if [ "$XKB_LAYOUT" != "" ] ; then
35 sed -i "s/^XKBLAYOUT.*/XKBLAYOUT=\"${XKB_LAYOUT}\"/" "$R/etc/default/keyboard"
35 sed -i "s/^XKBLAYOUT.*/XKBLAYOUT=\"${XKB_LAYOUT}\"/" "${ETCDIR}/default/keyboard"
36 fi
36 fi
37 if [ "$XKB_VARIANT" != "" ] ; then
37 if [ "$XKB_VARIANT" != "" ] ; then
38 sed -i "s/^XKBVARIANT.*/XKBVARIANT=\"${XKB_VARIANT}\"/" "$R/etc/default/keyboard"
38 sed -i "s/^XKBVARIANT.*/XKBVARIANT=\"${XKB_VARIANT}\"/" "${ETCDIR}/default/keyboard"
39 fi
39 fi
40 if [ "$XKB_OPTIONS" != "" ] ; then
40 if [ "$XKB_OPTIONS" != "" ] ; then
41 sed -i "s/^XKBOPTIONS.*/XKBOPTIONS=\"${XKB_OPTIONS}\"/" "$R/etc/default/keyboard"
41 sed -i "s/^XKBOPTIONS.*/XKBOPTIONS=\"${XKB_OPTIONS}\"/" "${ETCDIR}/default/keyboard"
42 fi
42 fi
43 chroot_exec dpkg-reconfigure -f noninteractive keyboard-configuration
43 chroot_exec dpkg-reconfigure -f noninteractive keyboard-configuration
44
44
45 # Install and setup font console
45 # Install and setup font console
46 case "${DEFLOCAL}" in
46 case "${DEFLOCAL}" in
47 *UTF-8)
47 *UTF-8)
48 sed -i 's/^CHARMAP.*/CHARMAP="UTF-8"/' "$R/etc/default/console-setup"
48 sed -i 's/^CHARMAP.*/CHARMAP="UTF-8"/' "${ETCDIR}/default/console-setup"
49 ;;
49 ;;
50 *)
50 *)
51 sed -i 's/^CHARMAP.*/CHARMAP="guess"/' "$R/etc/default/console-setup"
51 sed -i 's/^CHARMAP.*/CHARMAP="guess"/' "${ETCDIR}/default/console-setup"
52 ;;
52 ;;
53 esac
53 esac
54 chroot_exec dpkg-reconfigure -f noninteractive console-setup
54 chroot_exec dpkg-reconfigure -f noninteractive console-setup
55 else # ENABLE_MINBASE=true
55 else # ENABLE_MINBASE=true
56 # Install POSIX default locale
56 # Install POSIX default locale
57 install_readonly files/locales/locale "$R/etc/default/locale"
57 install_readonly files/locales/locale "${ETCDIR}/default/locale"
58 fi
58 fi
@@ -8,7 +8,7
8 # Fetch and build latest raspberry kernel
8 # Fetch and build latest raspberry kernel
9 if [ "$BUILD_KERNEL" = true ] ; then
9 if [ "$BUILD_KERNEL" = true ] ; then
10 # Setup source directory
10 # Setup source directory
11 mkdir -p "$R/usr/src"
11 mkdir -p "${R}/usr/src"
12
12
13 # Copy existing kernel sources into chroot directory
13 # Copy existing kernel sources into chroot directory
14 if [ -n "$KERNELSRC_DIR" ] && [ -d "$KERNELSRC_DIR" ] ; then
14 if [ -n "$KERNELSRC_DIR" ] && [ -d "$KERNELSRC_DIR" ] ; then
@@ -17,11 +17,11 if [ "$BUILD_KERNEL" = true ] ; then
17
17
18 # Clean the kernel sources
18 # Clean the kernel sources
19 if [ "$KERNELSRC_CLEAN" = true ] && [ "$KERNELSRC_PREBUILT" = false ] ; then
19 if [ "$KERNELSRC_CLEAN" = true ] && [ "$KERNELSRC_PREBUILT" = false ] ; then
20 make -C "$R/usr/src/linux" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" mrproper
20 make -C "${KERNELDIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" mrproper
21 fi
21 fi
22 else # KERNELSRC_DIR=""
22 else # KERNELSRC_DIR=""
23 # Fetch current raspberrypi kernel sources
23 # Fetch current raspberrypi kernel sources
24 git -C "$R/usr/src" clone --depth=1 https://github.com/raspberrypi/linux
24 git -C "${R}/usr/src" clone --depth=1 https://github.com/raspberrypi/linux
25 fi
25 fi
26
26
27 # Calculate optimal number of kernel building threads
27 # Calculate optimal number of kernel building threads
@@ -33,7 +33,7 if [ "$BUILD_KERNEL" = true ] ; then
33 if [ "$KERNELSRC_PREBUILT" = false ] ; then
33 if [ "$KERNELSRC_PREBUILT" = false ] ; then
34 # Remove device, network and filesystem drivers from kernel configuration
34 # Remove device, network and filesystem drivers from kernel configuration
35 if [ "$KERNEL_REDUCE" = true ] ; then
35 if [ "$KERNEL_REDUCE" = true ] ; then
36 make -C "$R/usr/src/linux" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" "${KERNEL_DEFCONFIG}"
36 make -C "${KERNELDIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" "${KERNEL_DEFCONFIG}"
37 sed -i\
37 sed -i\
38 -e "s/\(^CONFIG_SND.*\=\).*/\1n/"\
38 -e "s/\(^CONFIG_SND.*\=\).*/\1n/"\
39 -e "s/\(^CONFIG_SOUND.*\=\).*/\1n/"\
39 -e "s/\(^CONFIG_SOUND.*\=\).*/\1n/"\
@@ -64,25 +64,25 if [ "$BUILD_KERNEL" = true ] ; then
64 -e "s/\(^CONFIG_TOUCHSCREEN.*\=\).*/\1n/"\
64 -e "s/\(^CONFIG_TOUCHSCREEN.*\=\).*/\1n/"\
65 -e "s/\(^CONFIG_USB_GSPCA_.*\=\).*/\1n/"\
65 -e "s/\(^CONFIG_USB_GSPCA_.*\=\).*/\1n/"\
66 -e "s/\(^CONFIG_DRM.*\=\).*/\1n/"\
66 -e "s/\(^CONFIG_DRM.*\=\).*/\1n/"\
67 "$R/usr/src/linux/.config"
67 "${KERNELDIR}/.config"
68 fi
68 fi
69
69
70 if [ "$KERNELSRC_CONFIG" = true ] ; then
70 if [ "$KERNELSRC_CONFIG" = true ] ; then
71 # Load default raspberry kernel configuration
71 # Load default raspberry kernel configuration
72 make -C "$R/usr/src/linux" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" "${KERNEL_DEFCONFIG}"
72 make -C "${KERNELDIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" "${KERNEL_DEFCONFIG}"
73
73
74 # Start menu-driven kernel configuration (interactive)
74 # Start menu-driven kernel configuration (interactive)
75 if [ "$KERNEL_MENUCONFIG" = true ] ; then
75 if [ "$KERNEL_MENUCONFIG" = true ] ; then
76 make -C "$R/usr/src/linux" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" menuconfig
76 make -C "${KERNELDIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" menuconfig
77 fi
77 fi
78 fi
78 fi
79
79
80 # Cross compile kernel and modules
80 # Cross compile kernel and modules
81 make -C "$R/usr/src/linux" -j${KERNEL_THREADS} ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" zImage modules dtbs
81 make -C "${KERNELDIR}" -j${KERNEL_THREADS} ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" zImage modules dtbs
82 fi
82 fi
83
83
84 # Check if kernel compilation was successful
84 # Check if kernel compilation was successful
85 if [ ! -r "$R/usr/src/linux/arch/${KERNEL_ARCH}/boot/zImage" ] ; then
85 if [ ! -r "${KERNELDIR}/arch/${KERNEL_ARCH}/boot/zImage" ] ; then
86 echo "error: kernel compilation failed! (zImage not found)"
86 echo "error: kernel compilation failed! (zImage not found)"
87 cleanup
87 cleanup
88 exit 1
88 exit 1
@@ -90,50 +90,55 if [ "$BUILD_KERNEL" = true ] ; then
90
90
91 # Install kernel modules
91 # Install kernel modules
92 if [ "$ENABLE_REDUCE" = true ] ; then
92 if [ "$ENABLE_REDUCE" = true ] ; then
93 make -C "$R/usr/src/linux" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_MOD_STRIP=1 INSTALL_MOD_PATH=../../.. modules_install
93 make -C "${KERNELDIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_MOD_STRIP=1 INSTALL_MOD_PATH=../../.. modules_install
94 else
94 else
95 make -C "$R/usr/src/linux" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_MOD_PATH=../../.. modules_install
95 make -C "${KERNELDIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_MOD_PATH=../../.. modules_install
96
96
97 # Install kernel firmware
97 # Install kernel firmware
98 make -C "$R/usr/src/linux" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_FW_PATH=../../../lib firmware_install
98 make -C "${KERNELDIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_FW_PATH=../../../lib firmware_install
99 fi
99 fi
100
100
101 # Install kernel headers
101 # Install kernel headers
102 if [ "$KERNEL_HEADERS" = true ] && [ "$KERNEL_REDUCE" = false ] ; then
102 if [ "$KERNEL_HEADERS" = true ] && [ "$KERNEL_REDUCE" = false ] ; then
103 make -C "$R/usr/src/linux" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_HDR_PATH=../.. headers_install
103 make -C "${KERNELDIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_HDR_PATH=../.. headers_install
104 fi
104 fi
105
105
106 # Prepare boot (firmware) directory
106 # Prepare boot (firmware) directory
107 mkdir "$R/boot/firmware/"
107 mkdir "${BOOTDIR}"
108
108
109 # Get kernel release version
109 # Get kernel release version
110 KERNEL_VERSION=`cat "$R/usr/src/linux/include/config/kernel.release"`
110 KERNEL_VERSION=`cat "${KERNELDIR}/include/config/kernel.release"`
111
111
112 # Copy kernel configuration file to the boot directory
112 # Copy kernel configuration file to the boot directory
113 install_readonly "$R/usr/src/linux/.config" "$R/boot/config-${KERNEL_VERSION}"
113 install_readonly "${KERNELDIR}/.config" "${R}/boot/config-${KERNEL_VERSION}"
114
114
115 # Copy dts and dtb device tree sources and binaries
115 # Copy dts and dtb device tree sources and binaries
116 mkdir "$R/boot/firmware/overlays/"
116 mkdir "${BOOTDIR}/overlays"
117 install_readonly "$R/usr/src/linux/arch/${KERNEL_ARCH}/boot/dts/"*.dtb "$R/boot/firmware/"
117 install_readonly "${KERNELDIR}/arch/${KERNEL_ARCH}/boot/dts/"*.dtb "${BOOTDIR}/"
118 install_readonly "$R/usr/src/linux/arch/${KERNEL_ARCH}/boot/dts/overlays/"*.dtb* "$R/boot/firmware/overlays/"
118 install_readonly "${KERNELDIR}/arch/${KERNEL_ARCH}/boot/dts/overlays/"*.dtb* "${BOOTDIR}/overlays/"
119 install_readonly "$R/usr/src/linux/arch/${KERNEL_ARCH}/boot/dts/overlays/README" "$R/boot/firmware/overlays/README"
119 install_readonly "${KERNELDIR}/arch/${KERNEL_ARCH}/boot/dts/overlays/README" "${BOOTDIR}/overlays/README"
120
120
121 if [ "$ENABLE_UBOOT" = false ] ; then
121 # Convert and copy zImage kernel to the boot directory
122 # Convert and copy zImage kernel to the boot directory
122 "$R/usr/src/linux/scripts/mkknlimg" "$R/usr/src/linux/arch/arm/boot/zImage" "$R/boot/firmware/kernel7.img"
123 "${KERNELDIR}/scripts/mkknlimg" "${KERNELDIR}/arch/${KERNEL_ARCH}/boot/zImage" "${BOOTDIR}/${KERNEL_IMAGE}"
124 else
125 # Copy zImage kernel to the boot directory
126 install_readonly "${KERNELDIR}/arch/${KERNEL_ARCH}/boot/zImage" "${BOOTDIR}/${KERNEL_IMAGE}"
127 fi
123
128
124 # Remove kernel sources
129 # Remove kernel sources
125 if [ "$KERNEL_REMOVESRC" = true ] ; then
130 if [ "$KERNEL_REMOVESRC" = true ] ; then
126 rm -fr "$R/usr/src/linux"
131 rm -fr "${KERNELDIR}"
127 fi
132 fi
128
133
129 # Install latest boot binaries from raspberry/firmware github
134 # Install latest boot binaries from raspberry/firmware github
130 wget -q -O "$R/boot/firmware/bootcode.bin" https://github.com/raspberrypi/firmware/raw/master/boot/bootcode.bin
135 wget -q -O "${BOOTDIR}/bootcode.bin" https://github.com/raspberrypi/firmware/raw/master/boot/bootcode.bin
131 wget -q -O "$R/boot/firmware/fixup.dat" https://github.com/raspberrypi/firmware/raw/master/boot/fixup.dat
136 wget -q -O "${BOOTDIR}/fixup.dat" https://github.com/raspberrypi/firmware/raw/master/boot/fixup.dat
132 wget -q -O "$R/boot/firmware/fixup_cd.dat" https://github.com/raspberrypi/firmware/raw/master/boot/fixup_cd.dat
137 wget -q -O "${BOOTDIR}/fixup_cd.dat" https://github.com/raspberrypi/firmware/raw/master/boot/fixup_cd.dat
133 wget -q -O "$R/boot/firmware/fixup_x.dat" https://github.com/raspberrypi/firmware/raw/master/boot/fixup_x.dat
138 wget -q -O "${BOOTDIR}/fixup_x.dat" https://github.com/raspberrypi/firmware/raw/master/boot/fixup_x.dat
134 wget -q -O "$R/boot/firmware/start.elf" https://github.com/raspberrypi/firmware/raw/master/boot/start.elf
139 wget -q -O "${BOOTDIR}/start.elf" https://github.com/raspberrypi/firmware/raw/master/boot/start.elf
135 wget -q -O "$R/boot/firmware/start_cd.elf" https://github.com/raspberrypi/firmware/raw/master/boot/start_cd.elf
140 wget -q -O "${BOOTDIR}/start_cd.elf" https://github.com/raspberrypi/firmware/raw/master/boot/start_cd.elf
136 wget -q -O "$R/boot/firmware/start_x.elf" https://github.com/raspberrypi/firmware/raw/master/boot/start_x.elf
141 wget -q -O "${BOOTDIR}/start_x.elf" https://github.com/raspberrypi/firmware/raw/master/boot/start_x.elf
137
142
138 else # BUILD_KERNEL=false
143 else # BUILD_KERNEL=false
139 # Kernel installation
144 # Kernel installation
@@ -143,14 +148,14 else # BUILD_KERNEL=false
143 chroot_exec apt-get -qq -y install flash-kernel
148 chroot_exec apt-get -qq -y install flash-kernel
144
149
145 # Check if kernel installation was successful
150 # Check if kernel installation was successful
146 VMLINUZ="$(ls -1 $R/boot/vmlinuz-* | sort | tail -n 1)"
151 VMLINUZ="$(ls -1 ${R}/boot/vmlinuz-* | sort | tail -n 1)"
147 if [ -z "$VMLINUZ" ] ; then
152 if [ -z "$VMLINUZ" ] ; then
148 echo "error: kernel installation failed! (/boot/vmlinuz-* not found)"
153 echo "error: kernel installation failed! (/boot/vmlinuz-* not found)"
149 cleanup
154 cleanup
150 exit 1
155 exit 1
151 fi
156 fi
152 # Copy vmlinuz kernel to the boot directory
157 # Copy vmlinuz kernel to the boot directory
153 install_readonly "$VMLINUZ" "$R/boot/firmware/kernel7.img"
158 install_readonly "${VMLINUZ}" "${BOOTDIR}/${KERNEL_IMAGE}"
154 fi
159 fi
155
160
156 # Setup firmware boot cmdline
161 # Setup firmware boot cmdline
@@ -160,6 +165,15 else
160 CMDLINE="dwc_otg.lpm_enable=0 root=/dev/mmcblk0p2 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline rootwait net.ifnames=1 console=tty1 ${CMDLINE}"
165 CMDLINE="dwc_otg.lpm_enable=0 root=/dev/mmcblk0p2 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline rootwait net.ifnames=1 console=tty1 ${CMDLINE}"
161 fi
166 fi
162
167
168 # Add encrypted root partition to cmdline.txt
169 if [ "$ENABLE_CRYPTFS" = true ] ; then
170 if [ "$ENABLE_SPLITFS" = true ] ; then
171 CMDLINE=$(echo ${CMDLINE} | sed "s/sda1/mapper\/${CRYPTFS_MAPPING} cryptdevice=\/dev\/sda1:${CRYPTFS_MAPPING}/")
172 else
173 CMDLINE=$(echo ${CMDLINE} | sed "s/mmcblk0p2/mapper\/${CRYPTFS_MAPPING} cryptdevice=\/dev\/mmcblk0p2:${CRYPTFS_MAPPING}/")
174 fi
175 fi
176
163 # Add serial console support
177 # Add serial console support
164 if [ "$ENABLE_CONSOLE" = true ] ; then
178 if [ "$ENABLE_CONSOLE" = true ] ; then
165 CMDLINE="${CMDLINE} console=ttyAMA0,115200 kgdboc=ttyAMA0,115200"
179 CMDLINE="${CMDLINE} console=ttyAMA0,115200 kgdboc=ttyAMA0,115200"
@@ -171,69 +185,79 if [ "$ENABLE_IPV6" = false ] ; then
171 fi
185 fi
172
186
173 # Install firmware boot cmdline
187 # Install firmware boot cmdline
174 echo "${CMDLINE}" > "$R/boot/firmware/cmdline.txt"
188 echo "${CMDLINE}" > "${BOOTDIR}/cmdline.txt"
175
176 # Add encrypted root partition to cmdline.txt
177 if [ "$ENABLE_CRYPTFS" = true ] ; then
178 sed -i "s/mmcblk0p2/mapper\/${CRYPTFS_MAPPING} cryptdevice=\/dev\/mmcblk0p2:${CRYPTFS_MAPPING}/" "$R/boot/firmware/cmdline.txt"
179 fi
180
189
181 # Install firmware config
190 # Install firmware config
182 install_readonly files/boot/config.txt "$R/boot/firmware/config.txt"
191 install_readonly files/boot/config.txt "${BOOTDIR}/config.txt"
183
192
184 # Setup minimal GPU memory allocation size: 16MB (no X)
193 # Setup minimal GPU memory allocation size: 16MB (no X)
185 if [ "$ENABLE_MINGPU" = true ] ; then
194 if [ "$ENABLE_MINGPU" = true ] ; then
186 echo "gpu_mem=16" >> "$R/boot/firmware/config.txt"
195 echo "gpu_mem=16" >> "${BOOTDIR}/config.txt"
187 fi
196 fi
188
197
189 # Setup boot with initramfs
198 # Setup boot with initramfs
190 if [ "$ENABLE_INITRAMFS" = true ] ; then
199 if [ "$ENABLE_INITRAMFS" = true ] ; then
191 echo "initramfs initramfs-${KERNEL_VERSION} followkernel" >> "$R/boot/firmware/config.txt"
200 echo "initramfs initramfs-${KERNEL_VERSION} followkernel" >> "${BOOTDIR}/config.txt"
192 fi
201 fi
193
202
194 # Create firmware configuration and cmdline symlinks
203 # Create firmware configuration and cmdline symlinks
195 ln -sf firmware/config.txt "$R/boot/config.txt"
204 ln -sf firmware/config.txt "${R}/boot/config.txt"
196 ln -sf firmware/cmdline.txt "$R/boot/cmdline.txt"
205 ln -sf firmware/cmdline.txt "${R}/boot/cmdline.txt"
197
206
198 # Install and setup kernel modules to load at boot
207 # Install and setup kernel modules to load at boot
199 mkdir -p "$R/lib/modules-load.d/"
208 mkdir -p "${R}/lib/modules-load.d/"
200 install_readonly files/modules/rpi2.conf "$R/lib/modules-load.d/rpi2.conf"
209 install_readonly files/modules/rpi2.conf "${R}/lib/modules-load.d/rpi2.conf"
201
210
202 # Load hardware random module at boot
211 # Load hardware random module at boot
203 if [ "$ENABLE_HWRANDOM" = true ] ; then
212 if [ "$ENABLE_HWRANDOM" = true ] && [ "$BUILD_KERNEL" = false ] ; then
204 sed -i "s/^# bcm2708_rng/bcm2708_rng/" "$R/lib/modules-load.d/rpi2.conf"
213 sed -i "s/^# bcm2708_rng/bcm2708_rng/" "${R}/lib/modules-load.d/rpi2.conf"
205 fi
214 fi
206
215
207 # Load sound module at boot
216 # Load sound module at boot
208 if [ "$ENABLE_SOUND" = true ] ; then
217 if [ "$ENABLE_SOUND" = true ] ; then
209 sed -i "s/^# snd_bcm2835/snd_bcm2835/" "$R/lib/modules-load.d/rpi2.conf"
218 sed -i "s/^# snd_bcm2835/snd_bcm2835/" "${R}/lib/modules-load.d/rpi2.conf"
210 fi
219 fi
211
220
212 # Install kernel modules blacklist
221 # Install kernel modules blacklist
213 mkdir -p "$R/etc/modprobe.d/"
222 mkdir -p "${ETCDIR}/modprobe.d/"
214 install_readonly files/modules/raspi-blacklist.conf "$R/etc/modprobe.d/raspi-blacklist.conf"
223 install_readonly files/modules/raspi-blacklist.conf "${ETCDIR}/modprobe.d/raspi-blacklist.conf"
215
224
216 # Install and setup fstab
225 # Install and setup fstab
217 install_readonly files/mount/fstab "$R/etc/fstab"
226 install_readonly files/mount/fstab "${ETCDIR}/fstab"
218
227
219 # Add usb/sda disk root partition to fstab
228 # Add usb/sda disk root partition to fstab
220 if [ "$ENABLE_SPLITFS" = true ] ; then
229 if [ "$ENABLE_SPLITFS" = true ] && [ "$ENABLE_CRYPTFS" = false ] ; then
221 sed -i "s/mmcblk0p2/sda1/" "$R/etc/fstab"
230 sed -i "s/mmcblk0p2/sda1/" "${ETCDIR}/fstab"
222 fi
231 fi
223
232
224 # Add encrypted root partition to fstab and crypttab
233 # Add encrypted root partition to fstab and crypttab
225 if [ "$ENABLE_CRYPTFS" = true ] ; then
234 if [ "$ENABLE_CRYPTFS" = true ] ; then
226 # Replace fstab root partition with encrypted partition mapping
235 # Replace fstab root partition with encrypted partition mapping
227 sed -i "s/mmcblk0p2/mapper\/${CRYPTFS_MAPPING}/" "$R/etc/fstab"
236 sed -i "s/mmcblk0p2/mapper\/${CRYPTFS_MAPPING}/" "${ETCDIR}/fstab"
228
237
229 # Add encrypted partition to crypttab and fstab
238 # Add encrypted partition to crypttab and fstab
230 install_readonly files/mount/crypttab "$R/etc/crypttab"
239 install_readonly files/mount/crypttab "${ETCDIR}/crypttab"
231 echo "${CRYPTFS_MAPPING} /dev/mmcblk0p2 none luks" >> "$R/etc/crypttab"
240 echo "${CRYPTFS_MAPPING} /dev/mmcblk0p2 none luks" >> "${ETCDIR}/crypttab"
241
242 if [ "$ENABLE_SPLITFS" = true ] ; then
243 # Add usb/sda disk to crypttab
244 sed -i "s/mmcblk0p2/sda1/" "${ETCDIR}/crypttab"
245 fi
232 fi
246 fi
233
247
234 # Generate initramfs file
248 # Generate initramfs file
235 if [ "$ENABLE_INITRAMFS" = true ] ; then
249 if [ "$ENABLE_INITRAMFS" = true ] ; then
236 if [ "$ENABLE_CRYPTFS" = true ] ; then
250 if [ "$ENABLE_CRYPTFS" = true ] ; then
251 # Include initramfs scripts to auto expand encrypted root partition
252 if [ "$EXPANDROOT" = true ] ; then
253 install_exec files/initramfs/expand_encrypted_rootfs "${ETCDIR}/initramfs-tools/scripts/init-premount/expand_encrypted_rootfs"
254 install_exec files/initramfs/expand-premount "${ETCDIR}/initramfs-tools/scripts/local-premount/expand-premount"
255 install_exec files/initramfs/expand-tools "${ETCDIR}/initramfs-tools/hooks/expand-tools"
256 fi
257
258 # Disable SSHD inside initramfs
259 printf "#\n# DROPBEAR: [ y | n ]\n#\n\nDROPBEAR=n\n" >> "${ETCDIR}/initramfs-tools/initramfs.conf"
260
237 # Dummy mapping required by mkinitramfs
261 # Dummy mapping required by mkinitramfs
238 echo "0 1 crypt $(echo ${CRYPTFS_CIPHER} | cut -d ':' -f 1) ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff 0 7:0 4096" | chroot_exec dmsetup create "${CRYPTFS_MAPPING}"
262 echo "0 1 crypt $(echo ${CRYPTFS_CIPHER} | cut -d ':' -f 1) ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff 0 7:0 4096" | chroot_exec dmsetup create "${CRYPTFS_MAPPING}"
239
263
@@ -249,4 +273,4 if [ "$ENABLE_INITRAMFS" = true ] ; then
249 fi
273 fi
250
274
251 # Install sysctl.d configuration files
275 # Install sysctl.d configuration files
252 install_readonly files/sysctl.d/81-rpi-vm.conf "$R/etc/sysctl.d/81-rpi-vm.conf"
276 install_readonly files/sysctl.d/81-rpi-vm.conf "${ETCDIR}/sysctl.d/81-rpi-vm.conf"
@@ -6,37 +6,37
6 . ./functions.sh
6 . ./functions.sh
7
7
8 # Install and setup hostname
8 # Install and setup hostname
9 install_readonly files/network/hostname "$R/etc/hostname"
9 install_readonly files/network/hostname "${ETCDIR}/hostname"
10 sed -i "s/^rpi2-jessie/${HOSTNAME}/" "$R/etc/hostname"
10 sed -i "s/^rpi2-jessie/${HOSTNAME}/" "${ETCDIR}/hostname"
11
11
12 # Install and setup hosts
12 # Install and setup hosts
13 install_readonly files/network/hosts "$R/etc/hosts"
13 install_readonly files/network/hosts "${ETCDIR}/hosts"
14 sed -i "s/rpi2-jessie/${HOSTNAME}/" "$R/etc/hosts"
14 sed -i "s/rpi2-jessie/${HOSTNAME}/" "${ETCDIR}/hosts"
15
15
16 # Setup hostname entry with static IP
16 # Setup hostname entry with static IP
17 if [ "$NET_ADDRESS" != "" ] ; then
17 if [ "$NET_ADDRESS" != "" ] ; then
18 NET_IP=$(echo "${NET_ADDRESS}" | cut -f 1 -d'/')
18 NET_IP=$(echo "${NET_ADDRESS}" | cut -f 1 -d'/')
19 sed -i "s/^127.0.1.1/${NET_IP}/" "$R/etc/hosts"
19 sed -i "s/^127.0.1.1/${NET_IP}/" "${ETCDIR}/hosts"
20 fi
20 fi
21
21
22 # Remove IPv6 hosts
22 # Remove IPv6 hosts
23 if [ "$ENABLE_IPV6" = false ] ; then
23 if [ "$ENABLE_IPV6" = false ] ; then
24 sed -i -e "/::[1-9]/d" -e "/^$/d" "$R/etc/hosts"
24 sed -i -e "/::[1-9]/d" -e "/^$/d" "${ETCDIR}/hosts"
25 fi
25 fi
26
26
27 # Install hint about network configuration
27 # Install hint about network configuration
28 install_readonly files/network/interfaces "$R/etc/network/interfaces"
28 install_readonly files/network/interfaces "${ETCDIR}/network/interfaces"
29
29
30 # Install configuration for interface eth0
30 # Install configuration for interface eth0
31 install_readonly files/network/eth.network "$R/etc/systemd/network/eth.network"
31 install_readonly files/network/eth.network "${ETCDIR}/systemd/network/eth.network"
32
32
33 if [ "$ENABLE_DHCP" = true ] ; then
33 if [ "$ENABLE_DHCP" = true ] ; then
34 # Enable DHCP configuration for interface eth0
34 # Enable DHCP configuration for interface eth0
35 sed -i -e "s/DHCP=.*/DHCP=yes/" -e "/DHCP/q" "$R/etc/systemd/network/eth.network"
35 sed -i -e "s/DHCP=.*/DHCP=yes/" -e "/DHCP/q" "${ETCDIR}/systemd/network/eth.network"
36
36
37 # Set DHCP configuration to IPv4 only
37 # Set DHCP configuration to IPv4 only
38 if [ "$ENABLE_IPV6" = false ] ; then
38 if [ "$ENABLE_IPV6" = false ] ; then
39 sed -i "s/DHCP=.*/DHCP=v4/" "$R/etc/systemd/network/eth.network"
39 sed -i "s/DHCP=.*/DHCP=v4/" "${ETCDIR}/systemd/network/eth.network"
40 fi
40 fi
41
41
42 else # ENABLE_DHCP=false
42 else # ENABLE_DHCP=false
@@ -50,23 +50,23 else # ENABLE_DHCP=false
50 -e "s|Domains=\$|Domains=${NET_DNS_DOMAINS}|"\
50 -e "s|Domains=\$|Domains=${NET_DNS_DOMAINS}|"\
51 -e "0,/NTP=\$/ s|NTP=\$|NTP=${NET_NTP_1}|"\
51 -e "0,/NTP=\$/ s|NTP=\$|NTP=${NET_NTP_1}|"\
52 -e "0,/NTP=\$/ s|NTP=\$|NTP=${NET_NTP_2}|"\
52 -e "0,/NTP=\$/ s|NTP=\$|NTP=${NET_NTP_2}|"\
53 "$R/etc/systemd/network/eth.network"
53 "${ETCDIR}/systemd/network/eth.network"
54 fi
54 fi
55
55
56 # Remove empty settings from network configuration
56 # Remove empty settings from network configuration
57 sed -i "/.*=\$/d" "$R/etc/systemd/network/eth.network"
57 sed -i "/.*=\$/d" "${ETCDIR}/systemd/network/eth.network"
58
58
59 # Enable systemd-networkd service
59 # Enable systemd-networkd service
60 chroot_exec systemctl enable systemd-networkd
60 chroot_exec systemctl enable systemd-networkd
61
61
62 # Install host.conf resolver configuration
62 # Install host.conf resolver configuration
63 install_readonly files/network/host.conf "$R/etc/host.conf"
63 install_readonly files/network/host.conf "${ETCDIR}/host.conf"
64
64
65 # Enable network stack hardening
65 # Enable network stack hardening
66 if [ "$ENABLE_HARDNET" = true ] ; then
66 if [ "$ENABLE_HARDNET" = true ] ; then
67 # Install sysctl.d configuration files
67 # Install sysctl.d configuration files
68 install_readonly files/sysctl.d/82-rpi-net-hardening.conf "$R/etc/sysctl.d/82-rpi-net-hardening.conf"
68 install_readonly files/sysctl.d/82-rpi-net-hardening.conf "${ETCDIR}/sysctl.d/82-rpi-net-hardening.conf"
69
69
70 # Setup resolver warnings about spoofed addresses
70 # Setup resolver warnings about spoofed addresses
71 sed -i "s/^# spoof warn/spoof warn/" "$R/etc/host.conf"
71 sed -i "s/^# spoof warn/spoof warn/" "${ETCDIR}/host.conf"
72 fi
72 fi
@@ -7,16 +7,16
7
7
8 if [ "$ENABLE_IPTABLES" = true ] ; then
8 if [ "$ENABLE_IPTABLES" = true ] ; then
9 # Create iptables configuration directory
9 # Create iptables configuration directory
10 mkdir -p "$R/etc/iptables"
10 mkdir -p "${ETCDIR}/iptables"
11
11
12 # Install iptables systemd service
12 # Install iptables systemd service
13 install_readonly files/iptables/iptables.service "$R/etc/systemd/system/iptables.service"
13 install_readonly files/iptables/iptables.service "${ETCDIR}/systemd/system/iptables.service"
14
14
15 # Install flush-table script called by iptables service
15 # Install flush-table script called by iptables service
16 install_exec files/iptables/flush-iptables.sh "$R/etc/iptables/flush-iptables.sh"
16 install_exec files/iptables/flush-iptables.sh "${ETCDIR}/iptables/flush-iptables.sh"
17
17
18 # Install iptables rule file
18 # Install iptables rule file
19 install_readonly files/iptables/iptables.rules "$R/etc/iptables/iptables.rules"
19 install_readonly files/iptables/iptables.rules "${ETCDIR}/iptables/iptables.rules"
20
20
21 # Reload systemd configuration and enable iptables service
21 # Reload systemd configuration and enable iptables service
22 chroot_exec systemctl daemon-reload
22 chroot_exec systemctl daemon-reload
@@ -24,12 +24,12 if [ "$ENABLE_IPTABLES" = true ] ; then
24
24
25 if [ "$ENABLE_IPV6" = true ] ; then
25 if [ "$ENABLE_IPV6" = true ] ; then
26 # Install ip6tables systemd service
26 # Install ip6tables systemd service
27 install_readonly files/iptables/ip6tables.service "$R/etc/systemd/system/ip6tables.service"
27 install_readonly files/iptables/ip6tables.service "${ETCDIR}/systemd/system/ip6tables.service"
28
28
29 # Install ip6tables file
29 # Install ip6tables file
30 install_exec files/iptables/flush-ip6tables.sh "$R/etc/iptables/flush-ip6tables.sh"
30 install_exec files/iptables/flush-ip6tables.sh "${ETCDIR}/iptables/flush-ip6tables.sh"
31
31
32 install_readonly files/iptables/ip6tables.rules "$R/etc/iptables/ip6tables.rules"
32 install_readonly files/iptables/ip6tables.rules "${ETCDIR}/iptables/ip6tables.rules"
33
33
34 # Reload systemd configuration and enable iptables service
34 # Reload systemd configuration and enable iptables service
35 chroot_exec systemctl daemon-reload
35 chroot_exec systemctl daemon-reload
@@ -39,6 +39,6 fi
39
39
40 if [ "$ENABLE_SSHD" = false ] ; then
40 if [ "$ENABLE_SSHD" = false ] ; then
41 # Remove SSHD related iptables rules
41 # Remove SSHD related iptables rules
42 sed -i "/^#/! {/SSH/ s/^/# /}" "$R/etc/iptables/iptables.rules" 2> /dev/null
42 sed -i "/^#/! {/SSH/ s/^/# /}" "${ETCDIR}/iptables/iptables.rules" 2> /dev/null
43 sed -i "/^#/! {/SSH/ s/^/# /}" "$R/etc/iptables/ip6tables.rules" 2> /dev/null
43 sed -i "/^#/! {/SSH/ s/^/# /}" "${ETCDIR}/iptables/ip6tables.rules" 2> /dev/null
44 fi
44 fi
@@ -19,7 +19,7 if [ "$ENABLE_ROOT" = true ] ; then
19 chroot_exec usermod -p "${ENCRYPTED_PASSWORD}" root
19 chroot_exec usermod -p "${ENCRYPTED_PASSWORD}" root
20
20
21 if [ "$ENABLE_ROOT_SSH" = true ] ; then
21 if [ "$ENABLE_ROOT_SSH" = true ] ; then
22 sed -i "s|[#]*PermitRootLogin.*|PermitRootLogin yes|g" "$R/etc/ssh/sshd_config"
22 sed -i "s|[#]*PermitRootLogin.*|PermitRootLogin yes|g" "${ETCDIR}/ssh/sshd_config"
23 fi
23 fi
24 else
24 else
25 # Set no root password to disable root login
25 # Set no root password to disable root login
@@ -7,7 +7,7
7
7
8 # Disable rsyslog
8 # Disable rsyslog
9 if [ "$ENABLE_RSYSLOG" = false ] ; then
9 if [ "$ENABLE_RSYSLOG" = false ] ; then
10 sed -i "s|[#]*ForwardToSyslog=yes|ForwardToSyslog=no|g" "$R/etc/systemd/journald.conf"
10 sed -i "s|[#]*ForwardToSyslog=yes|ForwardToSyslog=no|g" "${ETCDIR}/systemd/journald.conf"
11 chroot_exec systemctl disable rsyslog
11 chroot_exec systemctl disable rsyslog
12 chroot_exec apt-get -qq -y --force-yes purge rsyslog
12 chroot_exec apt-get -qq -y --force-yes purge rsyslog
13 fi
13 fi
@@ -7,25 +7,61
7
7
8 # Install gcc/c++ build environment inside the chroot
8 # Install gcc/c++ build environment inside the chroot
9 if [ "$ENABLE_UBOOT" = true ] || [ "$ENABLE_FBTURBO" = true ] ; then
9 if [ "$ENABLE_UBOOT" = true ] || [ "$ENABLE_FBTURBO" = true ] ; then
10 chroot_exec apt-get -q -y --force-yes --no-install-recommends install linux-compiler-gcc-4.9-arm g++ make bc
10 chroot_exec apt-get -q -y --force-yes --no-install-recommends install linux-compiler-gcc-4.8-arm g++ make bc
11 fi
11 fi
12
12
13 # Fetch and build U-Boot bootloader
13 # Fetch and build U-Boot bootloader
14 if [ "$ENABLE_UBOOT" = true ] ; then
14 if [ "$ENABLE_UBOOT" = true ] ; then
15 # Fetch U-Boot bootloader sources
15 # Fetch U-Boot bootloader sources
16 git -C "$R/tmp" clone git://git.denx.de/u-boot.git
16 git -C "${R}/tmp" clone git://git.denx.de/u-boot.git
17
17
18 # Build and install U-Boot inside chroot
18 # Build and install U-Boot inside chroot
19 chroot_exec make -C /tmp/u-boot/ rpi_2_defconfig all
19 chroot_exec make -C /tmp/u-boot/ ${UBOOT_CONFIG} all
20
20
21 # Copy compiled bootloader binary and set config.txt to load it
21 # Copy compiled bootloader binary and set config.txt to load it
22 install_readonly "$R/tmp/u-boot/u-boot.bin" "$R/boot/firmware/u-boot.bin"
22 install_exec "${R}/tmp/u-boot/tools/mkimage" "${R}/usr/sbin/mkimage"
23 printf "\n# boot u-boot kernel\nkernel=u-boot.bin\n" >> "$R/boot/firmware/config.txt"
23 install_readonly "${R}/tmp/u-boot/u-boot.bin" "${BOOTDIR}/u-boot.bin"
24 printf "\n# boot u-boot kernel\nkernel=u-boot.bin\n" >> "${BOOTDIR}/config.txt"
24
25
25 # Install and setup U-Boot command file
26 # Install and setup U-Boot command file
26 install_readonly files/boot/uboot.mkimage "$R/boot/firmware/uboot.mkimage"
27 install_readonly files/boot/uboot.mkimage "${BOOTDIR}/uboot.mkimage"
27 printf "# Set the kernel boot command line\nsetenv bootargs \"earlyprintk ${CMDLINE}\"\n\n$(cat $R/boot/firmware/uboot.mkimage)" > "$R/boot/firmware/uboot.mkimage"
28 printf "# Set the kernel boot command line\nsetenv bootargs \"earlyprintk ${CMDLINE}\"\n\n$(cat ${BOOTDIR}/uboot.mkimage)" > "${BOOTDIR}/uboot.mkimage"
29
30 if [ "$ENABLE_INITRAMFS" = true ] ; then
31 # Convert generated initramfs for U-Boot using mkimage
32 chroot_exec /usr/sbin/mkimage -A "${KERNEL_ARCH}" -T ramdisk -C none -n "initramfs-${KERNEL_VERSION}" -d "/boot/firmware/initramfs-${KERNEL_VERSION}" "/boot/firmware/initramfs-${KERNEL_VERSION}.uboot"
33
34 # Remove original initramfs file
35 rm -f "${BOOTDIR}/initramfs-${KERNEL_VERSION}"
36
37 # Configure U-Boot to load generated initramfs
38 printf "# Set initramfs file\nsetenv initramfs initramfs-${KERNEL_VERSION}.uboot\n\n$(cat ${BOOTDIR}/uboot.mkimage)" > "${BOOTDIR}/uboot.mkimage"
39 printf "\nbootz \${kernel_addr_r} \${ramdisk_addr_r} \${fdt_addr_r}" >> "${BOOTDIR}/uboot.mkimage"
40 else # ENABLE_INITRAMFS=false
41 # Remove initramfs from U-Boot mkfile
42 sed -i '/.*initramfs.*/d' "${BOOTDIR}/uboot.mkimage"
43
44 if [ "$BUILD_KERNEL" = false ] ; then
45 # Remove dtbfile from U-Boot mkfile
46 sed -i '/.*dtbfile.*/d' "${BOOTDIR}/uboot.mkimage"
47 printf "\nbootz \${kernel_addr_r}" >> "${BOOTDIR}/uboot.mkimage"
48 else
49 printf "\nbootz \${kernel_addr_r} - \${fdt_addr_r}" >> "${BOOTDIR}/uboot.mkimage"
50 fi
51 fi
52
53 # Set mkfile to use dtb file
54 sed -i "s/^\(setenv dtbfile \).*/\1${DTB_FILE}/" "${BOOTDIR}/uboot.mkimage"
55
56 # Set mkfile to use kernel image
57 sed -i "s/^\(fatload mmc 0:1 \${kernel_addr_r} \).*/\1${KERNEL_IMAGE}/" "${BOOTDIR}/uboot.mkimage"
58
59 # Remove all leading blank lines
60 sed -i "/./,\$!d" "${BOOTDIR}/uboot.mkimage"
28
61
29 # Generate U-Boot bootloader image
62 # Generate U-Boot bootloader image
30 chroot_exec /tmp/u-boot/tools/mkimage -A "${KERNEL_ARCH}" -O linux -T script -C none -a 0x00000000 -e 0x00000000 -n RPi2 -d /boot/firmware/uboot.mkimage /boot/firmware/boot.scr
63 chroot_exec /usr/sbin/mkimage -A "${KERNEL_ARCH}" -O linux -T script -C none -a 0x00000000 -e 0x00000000 -n RPi2 -d /boot/firmware/uboot.mkimage /boot/firmware/boot.scr
64
65 # Remove U-Boot sources
66 rm -fr "${R}/tmp/u-boot"
31 fi
67 fi
@@ -7,7 +7,7
7
7
8 if [ "$ENABLE_FBTURBO" = true ] ; then
8 if [ "$ENABLE_FBTURBO" = true ] ; then
9 # Fetch fbturbo driver sources
9 # Fetch fbturbo driver sources
10 git -C "$R/tmp" clone https://github.com/ssvb/xf86-video-fbturbo.git
10 git -C "${R}/tmp" clone https://github.com/ssvb/xf86-video-fbturbo.git
11
11
12 # Install Xorg build dependencies
12 # Install Xorg build dependencies
13 chroot_exec apt-get -q -y --no-install-recommends install xorg-dev xutils-dev x11proto-dri2-dev libltdl-dev libtool automake libdrm-dev
13 chroot_exec apt-get -q -y --no-install-recommends install xorg-dev xutils-dev x11proto-dri2-dev libltdl-dev libtool automake libdrm-dev
@@ -22,7 +22,7 make install
22 EOF
22 EOF
23
23
24 # Install fbturbo driver Xorg configuration
24 # Install fbturbo driver Xorg configuration
25 install_readonly files/xorg/99-fbturbo.conf "$R/usr/share/X11/xorg.conf.d/99-fbturbo.conf"
25 install_readonly files/xorg/99-fbturbo.conf "${R}/usr/share/X11/xorg.conf.d/99-fbturbo.conf"
26
26
27 # Remove Xorg build dependencies
27 # Remove Xorg build dependencies
28 chroot_exec apt-get -qq -y --auto-remove purge xorg-dev xutils-dev x11proto-dri2-dev libltdl-dev libtool automake libdrm-dev
28 chroot_exec apt-get -qq -y --auto-remove purge xorg-dev xutils-dev x11proto-dri2-dev libltdl-dev libtool automake libdrm-dev
@@ -30,5 +30,5 fi
30
30
31 # Remove gcc/c++ build environment from the chroot
31 # Remove gcc/c++ build environment from the chroot
32 if [ "$ENABLE_UBOOT" = true ] || [ "$ENABLE_FBTURBO" = true ] ; then
32 if [ "$ENABLE_UBOOT" = true ] || [ "$ENABLE_FBTURBO" = true ] ; then
33 chroot_exec apt-get -qq -y --auto-remove purge bc binutils cpp cpp-4.9 g++ g++-4.9 gcc gcc-4.9 libasan1 libatomic1 libc-dev-bin libc6-dev libcloog-isl4 libgcc-4.9-dev libgomp1 libisl10 libmpc3 libmpfr4 libstdc++-4.9-dev libubsan0 linux-compiler-gcc-4.9-arm linux-libc-dev make
33 chroot_exec apt-get -qq -y --auto-remove purge bc binutils cpp cpp-4.8 cpp-4.9 g++ g++-4.8 g++-4.9 gcc gcc-4.8 gcc-4.9 libasan1 libatomic1 libc-dev-bin libc6-dev libcloog-isl4 libgcc-4.8-dev libgcc-4.9-dev libgomp1 libisl10 libmpc3 libmpfr4 libstdc++-4.9-dev libubsan0 linux-compiler-gcc-4.8-arm linux-libc-dev make
34 fi
34 fi
@@ -6,29 +6,34
6 . ./functions.sh
6 . ./functions.sh
7
7
8 # Prepare rc.firstboot script
8 # Prepare rc.firstboot script
9 cat files/firstboot/10-begin.sh > "$R/etc/rc.firstboot"
9 cat files/firstboot/10-begin.sh > "${ETCDIR}/rc.firstboot"
10
10
11 # Ensure openssh server host keys are regenerated on first boot
11 # Ensure openssh server host keys are regenerated on first boot
12 if [ "$ENABLE_SSHD" = true ] ; then
12 if [ "$ENABLE_SSHD" = true ] ; then
13 cat files/firstboot/21-generate-ssh-keys.sh >> "$R/etc/rc.firstboot"
13 cat files/firstboot/21-generate-ssh-keys.sh >> "${ETCDIR}/rc.firstboot"
14 fi
14 fi
15
15
16 # Prepare filesystem auto expand
16 # Prepare filesystem auto expand
17 if [ "$EXPANDROOT" = true ] ; then
17 if [ "$EXPANDROOT" = true ] ; then
18 cat files/firstboot/22-expandroot.sh >> "$R/etc/rc.firstboot"
18 if [ "$ENABLE_CRYPTFS" = false ] ; then
19 cat files/firstboot/22-expandroot.sh >> "${ETCDIR}/rc.firstboot"
20 else
21 # Regenerate initramfs to remove encrypted root partition auto expand
22 cat files/firstboot/23-regenerate-initramfs.sh >> "${ETCDIR}/rc.firstboot"
23 fi
19 fi
24 fi
20
25
21 # Ensure that dbus machine-id exists
26 # Ensure that dbus machine-id exists
22 cat files/firstboot/23-generate-machineid.sh >> "$R/etc/rc.firstboot"
27 cat files/firstboot/24-generate-machineid.sh >> "${ETCDIR}/rc.firstboot"
23
28
24 # Create /etc/resolv.conf symlink
29 # Create /etc/resolv.conf symlink
25 cat files/firstboot/24-create-resolv-symlink.sh >> "$R/etc/rc.firstboot"
30 cat files/firstboot/25-create-resolv-symlink.sh >> "${ETCDIR}/rc.firstboot"
26
31
27 # Finalize rc.firstboot script
32 # Finalize rc.firstboot script
28 cat files/firstboot/99-finish.sh >> "$R/etc/rc.firstboot"
33 cat files/firstboot/99-finish.sh >> "${ETCDIR}/rc.firstboot"
29 chmod +x "$R/etc/rc.firstboot"
34 chmod +x "${ETCDIR}/rc.firstboot"
30
35
31 # Add rc.firstboot script to rc.local
36 # Add rc.firstboot script to rc.local
32 sed -i '/exit 0/d' "$R/etc/rc.local"
37 sed -i '/exit 0/d' "${ETCDIR}/rc.local"
33 echo /etc/rc.firstboot >> "$R/etc/rc.local"
38 echo /etc/rc.firstboot >> "${ETCDIR}/rc.local"
34 echo exit 0 >> "$R/etc/rc.local"
39 echo exit 0 >> "${ETCDIR}/rc.local"
@@ -10,33 +10,33 if [ "$ENABLE_REDUCE" = true ] ; then
10 if [ "$REDUCE_APT" = true ] ; then
10 if [ "$REDUCE_APT" = true ] ; then
11 # Install dpkg configuration file
11 # Install dpkg configuration file
12 if [ "$REDUCE_DOC" = true ] || [ "$REDUCE_MAN" = true ] ; then
12 if [ "$REDUCE_DOC" = true ] || [ "$REDUCE_MAN" = true ] ; then
13 install_readonly files/dpkg/01nodoc "$R/etc/dpkg/dpkg.cfg.d/01nodoc"
13 install_readonly files/dpkg/01nodoc "${ETCDIR}/dpkg/dpkg.cfg.d/01nodoc"
14 fi
14 fi
15
15
16 # Install APT configuration files
16 # Install APT configuration files
17 install_readonly files/apt/02nocache "$R/etc/apt/apt.conf.d/02nocache"
17 install_readonly files/apt/02nocache "${ETCDIR}/apt/apt.conf.d/02nocache"
18 install_readonly files/apt/03compress "$R/etc/apt/apt.conf.d/03compress"
18 install_readonly files/apt/03compress "${ETCDIR}/apt/apt.conf.d/03compress"
19 install_readonly files/apt/04norecommends "$R/etc/apt/apt.conf.d/04norecommends"
19 install_readonly files/apt/04norecommends "${ETCDIR}/apt/apt.conf.d/04norecommends"
20
20
21 # Remove APT cache files
21 # Remove APT cache files
22 rm -fr "$R/var/cache/apt/pkgcache.bin"
22 rm -fr "${R}/var/cache/apt/pkgcache.bin"
23 rm -fr "$R/var/cache/apt/srcpkgcache.bin"
23 rm -fr "${R}/var/cache/apt/srcpkgcache.bin"
24 fi
24 fi
25
25
26 # Remove all doc files
26 # Remove all doc files
27 if [ "$REDUCE_DOC" = true ] ; then
27 if [ "$REDUCE_DOC" = true ] ; then
28 find "$R/usr/share/doc" -depth -type f ! -name copyright | xargs rm || true
28 find "${R}/usr/share/doc" -depth -type f ! -name copyright | xargs rm || true
29 find "$R/usr/share/doc" -empty | xargs rmdir || true
29 find "${R}/usr/share/doc" -empty | xargs rmdir || true
30 fi
30 fi
31
31
32 # Remove all man pages and info files
32 # Remove all man pages and info files
33 if [ "$REDUCE_MAN" = true ] ; then
33 if [ "$REDUCE_MAN" = true ] ; then
34 rm -rf "$R/usr/share/man" "$R/usr/share/groff" "$R/usr/share/info" "$R/usr/share/lintian" "$R/usr/share/linda" "$R/var/cache/man"
34 rm -rf "${R}/usr/share/man" "${R}/usr/share/groff" "${R}/usr/share/info" "${R}/usr/share/lintian" "${R}/usr/share/linda" "${R}/var/cache/man"
35 fi
35 fi
36
36
37 # Remove all locale translation files
37 # Remove all locale translation files
38 if [ "$REDUCE_LOCALE" = true ] ; then
38 if [ "$REDUCE_LOCALE" = true ] ; then
39 find "$R/usr/share/locale" -mindepth 1 -maxdepth 1 ! -name 'en' | xargs rm -r
39 find "${R}/usr/share/locale" -mindepth 1 -maxdepth 1 ! -name 'en' | xargs rm -r
40 fi
40 fi
41
41
42 # Remove hwdb PCI device classes (experimental)
42 # Remove hwdb PCI device classes (experimental)
@@ -60,19 +60,19 if [ "$ENABLE_REDUCE" = true ] ; then
60
60
61 # Remove GPU kernels
61 # Remove GPU kernels
62 if [ "$ENABLE_MINGPU" = true ] ; then
62 if [ "$ENABLE_MINGPU" = true ] ; then
63 rm -f "$R/boot/firmware/start.elf"
63 rm -f "${BOOTDIR}/start.elf"
64 rm -f "$R/boot/firmware/fixup.dat"
64 rm -f "${BOOTDIR}/fixup.dat"
65 rm -f "$R/boot/firmware/start_x.elf"
65 rm -f "${BOOTDIR}/start_x.elf"
66 rm -f "$R/boot/firmware/fixup_x.dat"
66 rm -f "${BOOTDIR}/fixup_x.dat"
67 fi
67 fi
68
68
69 # Remove kernel and initrd from /boot (already in /boot/firmware)
69 # Remove kernel and initrd from /boot (already in /boot/firmware)
70 if [ "$BUILD_KERNEL" = false ] ; then
70 if [ "$BUILD_KERNEL" = false ] ; then
71 rm -r "$R/boot/vmlinuz--*"
71 rm -f "${R}/boot/vmlinuz-*"
72 rm -r "$R/boot/initrd.img-*"
72 rm -f "${R}/boot/initrd.img-*"
73 fi
73 fi
74
74
75 # Clean APT list of repositories
75 # Clean APT list of repositories
76 rm -fr "$R/var/lib/apt/lists/*"
76 rm -fr "${R}/var/lib/apt/lists/*"
77 chroot_exec apt-get -qq -y update
77 chroot_exec apt-get -qq -y update
78 fi
78 fi
@@ -1,3 +1,6
1 # Set device tree fdtfile
2 setenv dtbfile bcm2709-rpi-2-b.dtb
3
1 # Tell Linux that it is booting on a Raspberry Pi2
4 # Tell Linux that it is booting on a Raspberry Pi2
2 setenv machid 0x00000c42
5 setenv machid 0x00000c42
3
6
@@ -6,6 +9,7 saveenv
6
9
7 # Load the existing Linux kernel into RAM
10 # Load the existing Linux kernel into RAM
8 fatload mmc 0:1 ${kernel_addr_r} kernel7.img
11 fatload mmc 0:1 ${kernel_addr_r} kernel7.img
12 fatload mmc 0:1 ${fdt_addr_r} ${dtbfile}
13 fatload mmc 0:1 ${ramdisk_addr_r} ${initramfs}
9
14
10 # Boot the kernel we have just loaded
15 # Boot the kernel we have just loaded
11 bootz ${kernel_addr_r}
@@ -1,8 +1,11
1 logger -t "rc.firstboot" "Generating SSH host keys"
1 logger -t "rc.firstboot" "Generating SSH host keys"
2
2
3 if [ -d "/etc/ssh/" ] ; then
3 if [ -d "/etc/ssh/" ] ; then
4 # Remove ssh host keys
4 rm -f /etc/ssh/ssh_host_*
5 rm -f /etc/ssh/ssh_host_*
5 systemctl stop sshd
6 systemctl stop sshd
7
8 # Regenerate ssh host keys
6 ssh-keygen -q -t rsa -N "" -f /etc/ssh/ssh_host_rsa_key
9 ssh-keygen -q -t rsa -N "" -f /etc/ssh/ssh_host_rsa_key
7 ssh-keygen -q -t dsa -N "" -f /etc/ssh/ssh_host_dsa_key
10 ssh-keygen -q -t dsa -N "" -f /etc/ssh/ssh_host_dsa_key
8 ssh-keygen -q -t ecdsa -N "" -f /etc/ssh/ssh_host_ecdsa_key
11 ssh-keygen -q -t ecdsa -N "" -f /etc/ssh/ssh_host_ecdsa_key
@@ -11,8 +14,11 if [ -d "/etc/ssh/" ] ; then
11 fi
14 fi
12
15
13 if [ -d "/etc/dropbear/" ] ; then
16 if [ -d "/etc/dropbear/" ] ; then
17 # Remove ssh host keys
14 rm -f /etc/dropbear/dropbear_*
18 rm -f /etc/dropbear/dropbear_*
15 systemctl stop dropbear
19 systemctl stop dropbear
20
21 # Regenerate ssh host keys
16 dropbearkey -t rsa -f /etc/dropbear/dropbear_rsa_host_key
22 dropbearkey -t rsa -f /etc/dropbear/dropbear_rsa_host_key
17 dropbearkey -t dss -f /etc/dropbear/dropbear_dss_host_key
23 dropbearkey -t dss -f /etc/dropbear/dropbear_dss_host_key
18 dropbearkey -t ecdsa -f /etc/dropbear/dropbear_ecdsa_host_key
24 dropbearkey -t ecdsa -f /etc/dropbear/dropbear_ecdsa_host_key
@@ -1,10 +1,20
1 logger -t "rc.firstboot" "Expanding root"
1 logger -t "rc.firstboot" "Expanding root partition"
2
3 # Detect root partition device
2 ROOT_PART=$(mount | sed -n 's|^/dev/\(.*\) on / .*|\1|p')
4 ROOT_PART=$(mount | sed -n 's|^/dev/\(.*\) on / .*|\1|p')
3 PART_NUM=$(echo ${ROOT_PART} | grep -o '[1-9][0-9]*$')
5 if [ -z "$ROOT_PART" ] ; then
6 log_warning_msg "unable to detect root partition device"
7 return 1
8 fi
9
10 # Extract root device name
4 case "${ROOT_PART}" in
11 case "${ROOT_PART}" in
5 mmcblk0*) ROOT_DEV=mmcblk0 ;;
12 mmcblk0*) ROOT_DEV=mmcblk0 ;;
6 sda*) ROOT_DEV=sda ;;
13 sda*) ROOT_DEV=sda ;;
7 esac
14 esac
15
16 # Check detected root partition name
17 PART_NUM=$(echo ${ROOT_PART} | grep -o '[1-9][0-9]*$')
8 if [ "$PART_NUM" = "$ROOT_PART" ] ; then
18 if [ "$PART_NUM" = "$ROOT_PART" ] ; then
9 logger -t "rc.firstboot" "$ROOT_PART is not an SD card. Don't know how to expand"
19 logger -t "rc.firstboot" "$ROOT_PART is not an SD card. Don't know how to expand"
10 return 0
20 return 0
@@ -16,6 +26,8 if [ "$PART_NUM" -gt 2 ] ; then
16 logger -t "rc.firstboot" "Your partition layout is not currently supported by this tool."
26 logger -t "rc.firstboot" "Your partition layout is not currently supported by this tool."
17 return 0
27 return 0
18 fi
28 fi
29
30 # Check if last partition number
19 LAST_PART_NUM=$(parted /dev/${ROOT_DEV} -ms unit s p | tail -n 1 | cut -f 1 -d:)
31 LAST_PART_NUM=$(parted /dev/${ROOT_DEV} -ms unit s p | tail -n 1 | cut -f 1 -d:)
20 if [ $LAST_PART_NUM -ne $PART_NUM ]; then
32 if [ $LAST_PART_NUM -ne $PART_NUM ]; then
21 logger -t "rc.firstboot" "$ROOT_PART is not the last partition. Don't know how to expand"
33 logger -t "rc.firstboot" "$ROOT_PART is not the last partition. Don't know how to expand"
@@ -53,4 +65,4 EOF2
53 # Reload the partition table, resize root filesystem then remove resizing code from this file
65 # Reload the partition table, resize root filesystem then remove resizing code from this file
54 partprobe &&
66 partprobe &&
55 resize2fs /dev/${ROOT_PART} &&
67 resize2fs /dev/${ROOT_PART} &&
56 logger -t "rc.firstboot" "Root partition successfuly resized."
68 logger -t "rc.firstboot" "Root partition successfully resized."
1 NO CONTENT: file renamed from files/firstboot/23-generate-machineid.sh to files/firstboot/24-generate-machineid.sh
NO CONTENT: file renamed from files/firstboot/23-generate-machineid.sh to files/firstboot/24-generate-machineid.sh
1 NO CONTENT: file renamed from files/firstboot/24-create-resolv-symlink.sh to files/firstboot/25-create-resolv-symlink.sh
NO CONTENT: file renamed from files/firstboot/24-create-resolv-symlink.sh to files/firstboot/25-create-resolv-symlink.sh
@@ -6,9 +6,9 cleanup (){
6
6
7 # Identify and kill all processes still using files
7 # Identify and kill all processes still using files
8 echo "killing processes using mount point ..."
8 echo "killing processes using mount point ..."
9 fuser -k "$R"
9 fuser -k "${R}"
10 sleep 3
10 sleep 3
11 fuser -9 -k -v "$R"
11 fuser -9 -k -v "${R}"
12
12
13 # Clean up temporary .password file
13 # Clean up temporary .password file
14 if [ -r ".password" ] ; then
14 if [ -r ".password" ] ; then
@@ -17,9 +17,9 cleanup (){
17
17
18 # Clean up all temporary mount points
18 # Clean up all temporary mount points
19 echo "removing temporary mount points ..."
19 echo "removing temporary mount points ..."
20 umount -l "$R/proc" 2> /dev/null
20 umount -l "${R}/proc" 2> /dev/null
21 umount -l "$R/sys" 2> /dev/null
21 umount -l "${R}/sys" 2> /dev/null
22 umount -l "$R/dev/pts" 2> /dev/null
22 umount -l "${R}/dev/pts" 2> /dev/null
23 umount "$BUILDDIR/mount/boot/firmware" 2> /dev/null
23 umount "$BUILDDIR/mount/boot/firmware" 2> /dev/null
24 umount "$BUILDDIR/mount" 2> /dev/null
24 umount "$BUILDDIR/mount" 2> /dev/null
25 cryptsetup close "${CRYPTFS_MAPPING}" 2> /dev/null
25 cryptsetup close "${CRYPTFS_MAPPING}" 2> /dev/null
@@ -30,7 +30,7 cleanup (){
30
30
31 chroot_exec() {
31 chroot_exec() {
32 # Exec command in chroot
32 # Exec command in chroot
33 LANG=C LC_ALL=C DEBIAN_FRONTEND=noninteractive chroot $R $*
33 LANG=C LC_ALL=C DEBIAN_FRONTEND=noninteractive chroot ${R} $*
34 }
34 }
35
35
36 install_readonly() {
36 install_readonly() {
@@ -42,12 +42,20 RELEASE_ARCH=${RELEASE_ARCH:=armhf}
42 CROSS_COMPILE=${CROSS_COMPILE:=arm-linux-gnueabihf-}
42 CROSS_COMPILE=${CROSS_COMPILE:=arm-linux-gnueabihf-}
43 COLLABORA_KERNEL=${COLLABORA_KERNEL:=3.18.0-trunk-rpi2}
43 COLLABORA_KERNEL=${COLLABORA_KERNEL:=3.18.0-trunk-rpi2}
44 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcm2709_defconfig}
44 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcm2709_defconfig}
45 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel7.img}
46 DTB_FILE=${DTB_FILE:=bcm2709-rpi-2-b.dtb}
47 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_2_defconfig}
45 QEMU_BINARY=${QEMU_BINARY:=/usr/bin/qemu-arm-static}
48 QEMU_BINARY=${QEMU_BINARY:=/usr/bin/qemu-arm-static}
46
49
47 # Build directories
50 # Build directories
48 BASEDIR="$(pwd)/images/${RELEASE}"
51 BASEDIR="$(pwd)/images/${RELEASE}"
49 BUILDDIR="${BASEDIR}/build"
52 BUILDDIR="${BASEDIR}/build"
53
54 # Chroot directories
50 R="${BUILDDIR}/chroot"
55 R="${BUILDDIR}/chroot"
56 ETCDIR="${R}/etc"
57 BOOTDIR="${R}/boot/firmware"
58 KERNELDIR="${R}/usr/src/linux"
51
59
52 # General settings
60 # General settings
53 HOSTNAME=${HOSTNAME:=rpi2-${RELEASE}}
61 HOSTNAME=${HOSTNAME:=rpi2-${RELEASE}}
@@ -239,7 +247,7 if [ -e "$BUILDDIR" ] ; then
239 fi
247 fi
240
248
241 # Setup chroot directory
249 # Setup chroot directory
242 mkdir -p "$R"
250 mkdir -p "${R}"
243
251
244 # Check if build directory has enough of free disk space >512MB
252 # Check if build directory has enough of free disk space >512MB
245 if [ "$(df --output=avail ${BUILDDIR} | sed "1d")" -le "524288" ] ; then
253 if [ "$(df --output=avail ${BUILDDIR} | sed "1d")" -le "524288" ] ; then
@@ -354,7 +362,7 for SCRIPT in /chroot_scripts/* ; do
354 fi
362 fi
355 done
363 done
356 EOF
364 EOF
357 rm -rf "$R/chroot_scripts"
365 rm -rf "${R}/chroot_scripts"
358 fi
366 fi
359
367
360 # Remove apt-utils
368 # Remove apt-utils
@@ -362,8 +370,8 chroot_exec apt-get purge -qq -y --force-yes apt-utils
362
370
363 # Generate required machine-id
371 # Generate required machine-id
364 MACHINE_ID=$(dbus-uuidgen)
372 MACHINE_ID=$(dbus-uuidgen)
365 echo -n "${MACHINE_ID}" > "$R/var/lib/dbus/machine-id"
373 echo -n "${MACHINE_ID}" > "${R}/var/lib/dbus/machine-id"
366 echo -n "${MACHINE_ID}" > "$R/etc/machine-id"
374 echo -n "${MACHINE_ID}" > "${ETCDIR}/machine-id"
367
375
368 # APT Cleanup
376 # APT Cleanup
369 chroot_exec apt-get -y clean
377 chroot_exec apt-get -y clean
@@ -371,29 +379,29 chroot_exec apt-get -y autoclean
371 chroot_exec apt-get -y autoremove
379 chroot_exec apt-get -y autoremove
372
380
373 # Unmount mounted filesystems
381 # Unmount mounted filesystems
374 umount -l "$R/proc"
382 umount -l "${R}/proc"
375 umount -l "$R/sys"
383 umount -l "${R}/sys"
376
384
377 # Clean up directories
385 # Clean up directories
378 rm -rf "$R/run/*"
386 rm -rf "${R}/run/*"
379 rm -rf "$R/tmp/*"
387 rm -rf "${R}/tmp/*"
380
388
381 # Clean up files
389 # Clean up files
382 rm -f "$R/etc/ssh/ssh_host_*"
390 rm -f "${ETCDIR}/ssh/ssh_host_*"
383 rm -f "$R/etc/dropbear/dropbear_*"
391 rm -f "${ETCDIR}/dropbear/dropbear_*"
384 rm -f "$R/etc/apt/sources.list.save"
392 rm -f "${ETCDIR}/apt/sources.list.save"
385 rm -f "$R/etc/resolvconf/resolv.conf.d/original"
393 rm -f "${ETCDIR}/resolvconf/resolv.conf.d/original"
386 rm -f "$R/etc/*-"
394 rm -f "${ETCDIR}/*-"
387 rm -f "$R/root/.bash_history"
395 rm -f "${ETCDIR}/apt/apt.conf.d/10proxy"
388 rm -f "$R/var/lib/urandom/random-seed"
396 rm -f "${ETCDIR}/resolv.conf"
389 rm -f "$R/etc/apt/apt.conf.d/10proxy"
397 rm -f "${R}/root/.bash_history"
390 rm -f "$R/etc/resolv.conf"
398 rm -f "${R}/var/lib/urandom/random-seed"
391 rm -f "$R/initrd.img"
399 rm -f "${R}/initrd.img"
392 rm -f "$R/vmlinuz"
400 rm -f "${R}/vmlinuz"
393 rm -f "${R}${QEMU_BINARY}"
401 rm -f "${R}${QEMU_BINARY}"
394
402
395 # Calculate size of the chroot directory in KB
403 # Calculate size of the chroot directory in KB
396 CHROOT_SIZE=$(expr `du -s "$R" | awk '{ print $1 }'`)
404 CHROOT_SIZE=$(expr `du -s "${R}" | awk '{ print $1 }'`)
397
405
398 # Calculate the amount of needed 512 Byte sectors
406 # Calculate the amount of needed 512 Byte sectors
399 TABLE_SECTORS=$(expr 1 \* 1024 \* 1024 \/ 512)
407 TABLE_SECTORS=$(expr 1 \* 1024 \* 1024 \/ 512)
@@ -482,7 +490,7 mkdir -p "$BUILDDIR/mount/boot/firmware"
482 mount "$FRMW_LOOP" "$BUILDDIR/mount/boot/firmware"
490 mount "$FRMW_LOOP" "$BUILDDIR/mount/boot/firmware"
483
491
484 # Copy all files from the chroot to the loop device mount point directory
492 # Copy all files from the chroot to the loop device mount point directory
485 rsync -a "$R/" "$BUILDDIR/mount/"
493 rsync -a "${R}/" "$BUILDDIR/mount/"
486
494
487 # Unmount all temporary loop devices and mount points
495 # Unmount all temporary loop devices and mount points
488 cleanup
496 cleanup
General Comments 0
Vous devez vous connecter pour laisser un commentaire. Se connecter maintenant