##// END OF EJS Templates
Raspi2-3_GenImage
RSS

Cloner depuis https://github.com/drtyhlpr/rpi23-gen-image.git

merge avec master
vidal -
r219:d1ce055920e0
parent child
Show More
Show file before | Show file after | Hide comments
@@ -0,0 +1,4
1 # Configuration template file used by rpi23-gen-image.sh
2 RPI_MODEL=2
3 RELEASE=buster
4 BUILD_KERNEL=true
Show file before | Show file after | Hide comments
@@ -0,0 +1,4
1 # Configuration template file used by rpi23-gen-image.sh
2 RPI_MODEL=3
3 RELEASE=buster
4 BUILD_KERNEL=true
Show file before | Show file after | Hide comments
@@ -1,452 +1,454
1 1 # rpi23-gen-image
2 2 ## Introduction
3 `rpi23-gen-image.sh` is an advanced Debian Linux bootstrapping shell script for generating Debian OS images for Raspberry Pi 2 (RPi2) and Raspberry Pi 3 (RPi3) computers. The script at this time supports the bootstrapping of the Debian (armhf) releases `jessie` and `stretch`. This fork enables also `buster` release. Raspberry Pi 3 images are generated for 32-bit mode only. Raspberry Pi 3 64-bit images can be generated using custom configuration parameters (```templates/rpi3-stretch-arm64-4.11.y raspife3-buster-arm64```).
3
4 `rpi23-gen-image.sh` is an advanced Debian Linux bootstrapping shell script for generating Debian OS images for Raspberry Pi 2 (RPi2) and Raspberry Pi 3 (RPi3) computers. The script at this time supports the bootstrapping of the Debian (armhf) releases `jessie`, `stretch` and `buster`. Raspberry Pi 3 images are generated for 32-bit mode only. Raspberry Pi 3 64-bit images can be generated using custom configuration parameters (```templates/rpi3-stretch-arm64-4.11.y```).
5
4 6
5 7 ## Build dependencies
6 8 The following list of Debian packages must be installed on the build system because they are essentially required for the bootstrapping process. The script will check if all required packages are installed and missing packages will be installed automatically if confirmed by the user.
7 9
8 10 ```debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git bc psmisc dbus sudo```
9 11
10 12 It is recommended to configure the `rpi23-gen-image.sh` script to build and install the latest Raspberry Pi Linux kernel. For the RPi3 this is mandatory. Kernel compilation and linking will be performed on the build system using an ARM (armhf) cross-compiler toolchain.
11 13
12 14 The script has been tested using the default `crossbuild-essential-armhf` toolchain meta package on Debian Linux `jessie` and `stretch` build systems. Please check the [Debian CrossToolchains Wiki](https://wiki.debian.org/CrossToolchains) for further information.
13 15
14 16 If a Debian Linux `jessie` build system is used it will be required to add the [Debian Cross-toolchains repository](http://emdebian.org/tools/debian/) first:
15 17
16 18 ```
17 19 echo "deb http://emdebian.org/tools/debian/ jessie main" > /etc/apt/sources.list.d/crosstools.list
18 20 sudo -u nobody wget -O - http://emdebian.org/tools/debian/emdebian-toolchain-archive.key | apt-key add -
19 21 dpkg --add-architecture armhf
20 22 apt-get update
21 23 ```
22 24
23 25 ## Command-line parameters
24 26 The script accepts certain command-line parameters to enable or disable specific OS features, services and configuration settings. These parameters are passed to the `rpi23-gen-image.sh` script via (simple) shell-variables. Unlike environment shell-variables (simple) shell-variables are defined at the beginning of the command-line call of the `rpi23-gen-image.sh` script.
25 27
26 28 ##### Command-line examples:
27 29 ```shell
28 30 ENABLE_UBOOT=true ./rpi23-gen-image.sh
29 31 ENABLE_CONSOLE=false ENABLE_IPV6=false ./rpi23-gen-image.sh
30 32 ENABLE_WM=xfce4 ENABLE_FBTURBO=true ENABLE_MINBASE=true ./rpi23-gen-image.sh
31 33 ENABLE_HARDNET=true ENABLE_IPTABLES=true /rpi23-gen-image.sh
32 34 APT_SERVER=ftp.de.debian.org APT_PROXY="http://127.0.0.1:3142/" ./rpi23-gen-image.sh
33 35 ENABLE_MINBASE=true ./rpi23-gen-image.sh
34 36 BUILD_KERNEL=true ENABLE_MINBASE=true ENABLE_IPV6=false ./rpi23-gen-image.sh
35 37 BUILD_KERNEL=true KERNELSRC_DIR=/tmp/linux ./rpi23-gen-image.sh
36 38 ENABLE_MINBASE=true ENABLE_REDUCE=true ENABLE_MINGPU=true BUILD_KERNEL=true ./rpi23-gen-image.sh
37 39 ENABLE_CRYPTFS=true CRYPTFS_PASSWORD=changeme EXPANDROOT=false ENABLE_MINBASE=true ENABLE_REDUCE=true ENABLE_MINGPU=true BUILD_KERNEL=true ./rpi23-gen-image.sh
38 40 RELEASE=stretch BUILD_KERNEL=true ./rpi23-gen-image.sh
39 41 RPI_MODEL=3 ENABLE_WIRELESS=true ENABLE_MINBASE=true BUILD_KERNEL=true ./rpi23-gen-image.sh
40 42 RELEASE=stretch RPI_MODEL=3 ENABLE_WIRELESS=true ENABLE_MINBASE=true BUILD_KERNEL=true ./rpi23-gen-image.sh
41 43 ```
42 44
43 45 ## Configuration template files
44 46 To avoid long lists of command-line parameters and to help to store the favourite parameter configurations the `rpi23-gen-image.sh` script supports so called configuration template files (`CONFIG_TEMPLATE`=template). These are simple text files located in the `./templates` directory that contain the list of configuration parameters that will be used. New configuration template files can be added to the `./templates` directory.
45 47
46 48 ##### Command-line examples:
47 49 ```shell
48 50 CONFIG_TEMPLATE=rpi3stretch ./rpi23-gen-image.sh
49 51 CONFIG_TEMPLATE=rpi2stretch ./rpi23-gen-image.sh
50 52 ```
51 53
52 54 ## Supported parameters and settings
53 55 #### APT settings:
54 56 ##### `APT_SERVER`="ftp.debian.org"
55 57 Set Debian packages server address. Choose a server from the list of Debian worldwide [mirror sites](https://www.debian.org/mirror/list). Using a nearby server will probably speed-up all required downloads within the bootstrapping process.
56 58
57 59 ##### `APT_PROXY`=""
58 60 Set Proxy server address. Using a local Proxy-Cache like `apt-cacher-ng` will speed-up the bootstrapping process because all required Debian packages will only be downloaded from the Debian mirror site once.
59 61
60 62 ##### `APT_INCLUDES`=""
61 63 A comma separated list of additional packages to be installed by debootstrap during bootstrapping.
62 64
63 65 ##### `APT_INCLUDES_LATE`=""
64 66 A comma separated list of additional packages to be installed by apt after bootstrapping and after APT sources are set up. This is useful for packages with pre-depends, which debootstrap do not handle well.
65 67
66 68 ---
67 69
68 70 #### General system settings:
69 71 ##### `RPI_MODEL`=2
70 72 Specifiy the target Raspberry Pi hardware model. The script at this time supports the Raspberry Pi models `2` and `3`. `BUILD_KERNEL`=true will automatically be set if the Raspberry Pi model `3` is used.
71 73
72 74 ##### `RELEASE`="jessie"
73 Set the desired Debian release name. The script at this time supports the bootstrapping of the Debian releases "jessie" and "stretch". `BUILD_KERNEL`=true will automatically be set if the Debian release `stretch` is used.
75 Set the desired Debian release name. The script at this time supports the bootstrapping of the Debian releases "jessie", "stretch" and "buster". `BUILD_KERNEL`=true will automatically be set if the Debian releases `stretch` or `buster` are used.
74 76
75 77 ##### `RELEASE_ARCH`="armhf"
76 78 Set the desired Debian release architecture.
77 79
78 80 ##### `HOSTNAME`="rpi$RPI_MODEL-$RELEASE"
79 81 Set system host name. It's recommended that the host name is unique in the corresponding subnet.
80 82
81 83 ##### `PASSWORD`="raspberry"
82 84 Set system `root` password. It's **STRONGLY** recommended that you choose a custom password.
83 85
84 86 ##### `USER_PASSWORD`="raspberry"
85 87 Set password for the created non-root user `USER_NAME`=pi. Ignored if `ENABLE_USER`=false. It's **STRONGLY** recommended that you choose a custom password.
86 88
87 89 ##### `DEFLOCAL`="en_US.UTF-8"
88 90 Set default system locale. This setting can also be changed inside the running OS using the `dpkg-reconfigure locales` command. Please note that on using this parameter the script will automatically install the required packages `locales`, `keyboard-configuration` and `console-setup`.
89 91
90 92 ##### `TIMEZONE`="Europe/Berlin"
91 93 Set default system timezone. All available timezones can be found in the `/usr/share/zoneinfo/` directory. This setting can also be changed inside the running OS using the `dpkg-reconfigure tzdata` command.
92 94
93 95 ##### `EXPANDROOT`=true
94 96 Expand the root partition and filesystem automatically on first boot.
95 97
96 98 ---
97 99
98 100 #### Keyboard settings:
99 101 These options are used to configure keyboard layout in `/etc/default/keyboard` for console and Xorg. These settings can also be changed inside the running OS using the `dpkg-reconfigure keyboard-configuration` command.
100 102
101 103 ##### `XKB_MODEL`=""
102 104 Set the name of the model of your keyboard type.
103 105
104 106 ##### `XKB_LAYOUT`=""
105 107 Set the supported keyboard layout(s).
106 108
107 109 ##### `XKB_VARIANT`=""
108 110 Set the supported variant(s) of the keyboard layout(s).
109 111
110 112 ##### `XKB_OPTIONS`=""
111 113 Set extra xkb configuration options.
112 114
113 115 ---
114 116
115 117 #### Networking settings (DHCP):
116 118 This parameter is used to set up networking auto configuration in `/etc/systemd/network/eth.network`. The default location of network configuration files in the Debian `stretch` release was changed to `/lib/systemd/network`.`
117 119
118 120 ##### `ENABLE_DHCP`=true
119 121 Set the system to use DHCP. This requires an DHCP server.
120 122
121 123 ---
122 124
123 125 #### Networking settings (static):
124 126 These parameters are used to set up a static networking configuration in `/etc/systemd/network/eth.network`. The following static networking parameters are only supported if `ENABLE_DHCP` was set to `false`. The default location of network configuration files in the Debian `stretch` release was changed to `/lib/systemd/network`.
125 127
126 128 ##### `NET_ADDRESS`=""
127 129 Set a static IPv4 or IPv6 address and its prefix, separated by "/", eg. "192.169.0.3/24".
128 130
129 131 ##### `NET_GATEWAY`=""
130 132 Set the IP address for the default gateway.
131 133
132 134 ##### `NET_DNS_1`=""
133 135 Set the IP address for the first DNS server.
134 136
135 137 ##### `NET_DNS_2`=""
136 138 Set the IP address for the second DNS server.
137 139
138 140 ##### `NET_DNS_DOMAINS`=""
139 141 Set the default DNS search domains to use for non fully qualified host names.
140 142
141 143 ##### `NET_NTP_1`=""
142 144 Set the IP address for the first NTP server.
143 145
144 146 ##### `NET_NTP_2`=""
145 147 Set the IP address for the second NTP server.
146 148
147 149 ---
148 150
149 151 #### Basic system features:
150 152 ##### `ENABLE_CONSOLE`=true
151 153 Enable serial console interface. Recommended if no monitor or keyboard is connected to the RPi2/3. In case of problems fe. if the network (auto) configuration failed - the serial console can be used to access the system.
152 154
153 155 ##### `ENABLE_I2C`=false
154 156 Enable I2C interface on the RPi2/3. Please check the [RPi2/3 pinout diagrams](http://elinux.org/RPi_Low-level_peripherals) to connect the right GPIO pins.
155 157
156 158 ##### `ENABLE_SPI`=false
157 159 Enable SPI interface on the RPi2/3. Please check the [RPi2/3 pinout diagrams](http://elinux.org/RPi_Low-level_peripherals) to connect the right GPIO pins.
158 160
159 161 ##### `ENABLE_IPV6`=true
160 162 Enable IPv6 support. The network interface configuration is managed via systemd-networkd.
161 163
162 164 ##### `ENABLE_SSHD`=true
163 165 Install and enable OpenSSH service. The default configuration of the service doesn't allow `root` to login. Please use the user `pi` instead and `su -` or `sudo` to execute commands as root.
164 166
165 167 ##### `ENABLE_NONFREE`=false
166 168 Allow the installation of non-free Debian packages that do not comply with the DFSG. This is required to install closed-source firmware binary blobs.
167 169
168 170 ##### `ENABLE_WIRELESS`=false
169 171 Download and install the [closed-source firmware binary blob](https://github.com/RPi-Distro/firmware-nonfree/tree/master/brcm80211/brcm) that is required to run the internal wireless interface of the Raspberry Pi model `3`. This parameter is ignored if the specified `RPI_MODEL` is not `3`.
170 172
171 173 ##### `ENABLE_RSYSLOG`=true
172 174 If set to false, disable and uninstall rsyslog (so logs will be available only
173 175 in journal files)
174 176
175 177 ##### `ENABLE_SOUND`=true
176 178 Enable sound hardware and install Advanced Linux Sound Architecture.
177 179
178 180 ##### `ENABLE_HWRANDOM`=true
179 181 Enable Hardware Random Number Generator. Strong random numbers are important for most network based communications that use encryption. It's recommended to be enabled.
180 182
181 183 ##### `ENABLE_MINGPU`=false
182 184 Minimize the amount of shared memory reserved for the GPU. It doesn't seem to be possible to fully disable the GPU.
183 185
184 186 ##### `ENABLE_DBUS`=true
185 187 Install and enable D-Bus message bus. Please note that systemd should work without D-bus but it's recommended to be enabled.
186 188
187 189 ##### `ENABLE_XORG`=false
188 190 Install Xorg open-source X Window System.
189 191
190 192 ##### `ENABLE_WM`=""
191 193 Install a user defined window manager for the X Window System. To make sure all X related package dependencies are getting installed `ENABLE_XORG` will automatically get enabled if `ENABLE_WM` is used. The `rpi23-gen-image.sh` script has been tested with the following list of window managers: `blackbox`, `openbox`, `fluxbox`, `jwm`, `dwm`, `xfce4`, `awesome`.
192 194
193 195 ---
194 196
195 197 #### Advanced system features:
196 198 ##### `ENABLE_MINBASE`=false
197 199 Use debootstrap script variant `minbase` which only includes essential packages and apt. This will reduce the disk usage by about 65 MB.
198 200
199 201 ##### `ENABLE_REDUCE`=false
200 202 Reduce the disk space usage by deleting packages and files. See `REDUCE_*` parameters for detailed information.
201 203
202 204 ##### `ENABLE_UBOOT`=false
203 205 Replace the default RPi2/3 second stage bootloader (bootcode.bin) with [U-Boot bootloader](http://git.denx.de/?p=u-boot.git;a=summary). U-Boot can boot images via the network using the BOOTP/TFTP protocol.
204 206
205 207 ##### `UBOOTSRC_DIR`=""
206 208 Path to a directory (`u-boot`) of [U-Boot bootloader sources](http://git.denx.de/?p=u-boot.git;a=summary) that will be copied, configured, build and installed inside the chroot.
207 209
208 210 ##### `ENABLE_FBTURBO`=false
209 211 Install and enable the [hardware accelerated Xorg video driver](https://github.com/ssvb/xf86-video-fbturbo) `fbturbo`. Please note that this driver is currently limited to hardware accelerated window moving and scrolling.
210 212
211 213 ##### `FBTURBOSRC_DIR`=""
212 214 Path to a directory (`xf86-video-fbturbo`) of [hardware accelerated Xorg video driver sources](https://github.com/ssvb/xf86-video-fbturbo) that will be copied, configured, build and installed inside the chroot.
213 215
214 216 ##### `ENABLE_IPTABLES`=false
215 217 Enable iptables IPv4/IPv6 firewall. Simplified ruleset: Allow all outgoing connections. Block all incoming connections except to OpenSSH service.
216 218
217 219 ##### `ENABLE_USER`=true
218 220 Create non-root user with password `USER_PASSWORD`=raspberry. Unless overridden with `USER_NAME`=user, username will be `pi`.
219 221
220 222 ##### `USER_NAME`=pi
221 223 Non-root user to create. Ignored if `ENABLE_USER`=false
222 224
223 225 ##### `ENABLE_ROOT`=false
224 226 Set root user password so root login will be enabled
225 227
226 228 ##### `ENABLE_HARDNET`=false
227 229 Enable IPv4/IPv6 network stack hardening settings.
228 230
229 231 ##### `ENABLE_SPLITFS`=false
230 232 Enable having root partition on an USB drive by creating two image files: one for the `/boot/firmware` mount point, and another for `/`.
231 233
232 234 ##### `CHROOT_SCRIPTS`=""
233 235 Path to a directory with scripts that should be run in the chroot before the image is finally built. Every executable file in this directory is run in lexicographical order.
234 236
235 237 ##### `ENABLE_INITRAMFS`=false
236 238 Create an initramfs that that will be loaded during the Linux startup process. `ENABLE_INITRAMFS` will automatically get enabled if `ENABLE_CRYPTFS`=true. This parameter will be ignored if `BUILD_KERNEL`=false.
237 239
238 240 ##### `ENABLE_IFNAMES`=true
239 Enable automatic assignment of predictable, stable network interface names for all local Ethernet, WLAN interfaces. This might create complex and long interface names. This parameter is only supported if the Debian release `stretch` is used.
241 Enable automatic assignment of predictable, stable network interface names for all local Ethernet, WLAN interfaces. This might create complex and long interface names. This parameter is only supported if the Debian releases `stretch` or `buster` are used.
240 242
241 243 ##### `DISABLE_UNDERVOLT_WARNINGS`=
242 244 Disable RPi2/3 under-voltage warnings and overlays. Setting the parameter to `1` will disable the warning overlay. Setting it to `2` will additionally allow RPi2/3 turbo mode when low-voltage is present.
243 245
244 246 ---
245 247
246 248 #### SSH settings:
247 249 ##### `SSH_ENABLE_ROOT`=false
248 250 Enable password root login via SSH. This may be a security risk with default password, use only in trusted environments. `ENABLE_ROOT` must be set to `true`.
249 251
250 252 ##### `SSH_DISABLE_PASSWORD_AUTH`=false
251 253 Disable password based SSH authentication. Only public key based SSH (v2) authentication will be supported.
252 254
253 255 ##### `SSH_LIMIT_USERS`=false
254 256 Limit the users that are allowed to login via SSH. Only allow user `USER_NAME`=pi and root if `SSH_ENABLE_ROOT`=true to login. This parameter will be ignored if `dropbear` SSH is used (`REDUCE_SSHD`=true).
255 257
256 258 ##### `SSH_ROOT_PUB_KEY`=""
257 259 Add SSH (v2) public key(s) from specified file to `authorized_keys` file to enable public key based SSH (v2) authentication of user `root`. The specified file can also contain multiple SSH (v2) public keys. SSH protocol version 1 is not supported. `ENABLE_ROOT` **and** `SSH_ENABLE_ROOT` must be set to `true`.
258 260
259 261 ##### `SSH_USER_PUB_KEY`=""
260 262 Add SSH (v2) public key(s) from specified file to `authorized_keys` file to enable public key based SSH (v2) authentication of user `USER_NAME`=pi. The specified file can also contain multiple SSH (v2) public keys. SSH protocol version 1 is not supported.
261 263
262 264 ---
263 265
264 266 #### Kernel compilation:
265 267 ##### `BUILD_KERNEL`=false
266 268 Build and install the latest RPi2/3 Linux kernel. Currently only the default RPi2/3 kernel configuration is used. `BUILD_KERNEL`=true will automatically be set if the Raspberry Pi model `3` is used.
267 269
268 270 ##### `CROSS_COMPILE`="arm-linux-gnueabihf-"
269 271 This sets the cross compile enviornment for the compiler.
270 272
271 273 ##### `KERNEL_ARCH`="arm"
272 274 This sets the kernel architecture for the compiler.
273 275
274 276 ##### `KERNEL_IMAGE`="kernel7.img"
275 277 Name of the image file in the boot partition. If not set, `KERNEL_IMAGE` will be set to "kernel8.img" automatically if building for arm64.
276 278
277 279 ##### `KERNEL_BRANCH`=""
278 280 Name of the requested branch from the GIT location for the RPi Kernel. Default is using the current default branch from the GIT site.
279 281
280 282 ##### `QEMU_BINARY`="/usr/bin/qemu-arm-static"
281 283 Sets the QEMU enviornment for the Debian archive. If not set, `QEMU_BINARY` will be set to "/usr/bin/qemu-aarch64-static" automatically if building for arm64.
282 284
283 285 ##### `KERNEL_DEFCONFIG`="bcm2709_defconfig"
284 286 Sets the default config for kernel compiling. If not set, `KERNEL_DEFCONFIG` will be set to "bcmrpi3\_defconfig" automatically if building for arm64.
285 287
286 288 ##### `KERNEL_REDUCE`=false
287 289 Reduce the size of the generated kernel by removing unwanted device, network and filesystem drivers (experimental).
288 290
289 291 ##### `KERNEL_THREADS`=1
290 292 Number of parallel kernel building threads. If the parameter is left untouched the script will automatically determine the number of CPU cores to set the number of parallel threads to speed the kernel compilation.
291 293
292 294 ##### `KERNEL_HEADERS`=true
293 295 Install kernel headers with built kernel.
294 296
295 297 ##### `KERNEL_MENUCONFIG`=false
296 298 Start `make menuconfig` interactive menu-driven kernel configuration. The script will continue after `make menuconfig` was terminated.
297 299
298 300 ##### `KERNEL_REMOVESRC`=true
299 301 Remove all kernel sources from the generated OS image after it was built and installed.
300 302
301 303 ##### `KERNELSRC_DIR`=""
302 304 Path to a directory (`linux`) of [RaspberryPi Linux kernel sources](https://github.com/raspberrypi/linux) that will be copied, configured, build and installed inside the chroot.
303 305
304 306 ##### `KERNELSRC_CLEAN`=false
305 307 Clean the existing kernel sources directory `KERNELSRC_DIR` (using `make mrproper`) after it was copied to the chroot and before the compilation of the kernel has started. This parameter will be ignored if no `KERNELSRC_DIR` was specified or if `KERNELSRC_PREBUILT`=true.
306 308
307 309 ##### `KERNELSRC_CONFIG`=true
308 310 Run `make bcm2709_defconfig` (and optional `make menuconfig`) to configure the kernel sources before building. This parameter is automatically set to `true` if no existing kernel sources directory was specified using `KERNELSRC_DIR`. This parameter is ignored if `KERNELSRC_PREBUILT`=true.
309 311
310 312 ##### `KERNELSRC_USRCONFIG`=""
311 313 Copy own config file to kernel `.config`. If `KERNEL_MENUCONFIG`=true then running after copy.
312 314
313 315 ##### `KERNELSRC_PREBUILT`=false
314 316 With this parameter set to true the script expects the existing kernel sources directory to be already successfully cross-compiled. The parameters `KERNELSRC_CLEAN`, `KERNELSRC_CONFIG`, `KERNELSRC_USRCONFIG` and `KERNEL_MENUCONFIG` are ignored and no kernel compilation tasks are performed.
315 317
316 318 ##### `RPI_FIRMWARE_DIR`=""
317 319 The directory (`firmware`) containing a local copy of the firmware from the [RaspberryPi firmware project](https://github.com/raspberrypi/firmware). Default is to download the latest firmware directly from the project.
318 320
319 321 ---
320 322
321 323 #### Reduce disk usage:
322 324 The following list of parameters is ignored if `ENABLE_REDUCE`=false.
323 325
324 326 ##### `REDUCE_APT`=true
325 327 Configure APT to use compressed package repository lists and no package caching files.
326 328
327 329 ##### `REDUCE_DOC`=true
328 330 Remove all doc files (harsh). Configure APT to not include doc files on future `apt-get` package installations.
329 331
330 332 ##### `REDUCE_MAN`=true
331 333 Remove all man pages and info files (harsh). Configure APT to not include man pages on future `apt-get` package installations.
332 334
333 335 ##### `REDUCE_VIM`=false
334 336 Replace `vim-tiny` package by `levee` a tiny vim clone.
335 337
336 338 ##### `REDUCE_BASH`=false
337 339 Remove `bash` package and switch to `dash` shell (experimental).
338 340
339 341 ##### `REDUCE_HWDB`=true
340 342 Remove PCI related hwdb files (experimental).
341 343
342 344 ##### `REDUCE_SSHD`=true
343 345 Replace `openssh-server` with `dropbear`.
344 346
345 347 ##### `REDUCE_LOCALE`=true
346 348 Remove all `locale` translation files.
347 349
348 350 ---
349 351
350 352 #### Encrypted root partition:
351 353 ##### `ENABLE_CRYPTFS`=false
352 354 Enable full system encryption with dm-crypt. Setup a fully LUKS encrypted root partition (aes-xts-plain64:sha512) and generate required initramfs. The /boot directory will not be encrypted. This parameter will be ignored if `BUILD_KERNEL`=false. `ENABLE_CRYPTFS` is experimental. SSH-to-initramfs is currently not supported but will be soon - feel free to help.
353 355
354 356 ##### `CRYPTFS_PASSWORD`=""
355 357 Set password of the encrypted root partition. This parameter is mandatory if `ENABLE_CRYPTFS`=true.
356 358
357 359 ##### `CRYPTFS_MAPPING`="secure"
358 360 Set name of dm-crypt managed device-mapper mapping.
359 361
360 362 ##### `CRYPTFS_CIPHER`="aes-xts-plain64:sha512"
361 363 Set cipher specification string. `aes-xts*` ciphers are strongly recommended.
362 364
363 365 ##### `CRYPTFS_XTSKEYSIZE`=512
364 366 Sets key size in bits. The argument has to be a multiple of 8.
365 367
366 368 ---
367 369
368 370 #### Build settings:
369 371 ##### `BASEDIR`=$(pwd)/images/${RELEASE}
370 372 Set a path to a working directory used by the script to generate an image.
371 373
372 374 ##### `IMAGE_NAME`=${BASEDIR}/${DATE}-${KERNEL_ARCH}-${KERNEL_BRANCH}-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}
373 375 Set a filename for the output file(s). Note: the script will create $IMAGE_NAME.img if `ENABLE_SPLITFS`=false or $IMAGE_NAME-frmw.img and $IMAGE_NAME-root.img if `ENABLE_SPLITFS`=true. Note 2: If the KERNEL_BRANCH is not set, the word "CURRENT" is used.
374 376
375 377 ## Understanding the script
376 378 The functions of this script that are required for the different stages of the bootstrapping are split up into single files located inside the `bootstrap.d` directory. During the bootstrapping every script in this directory gets executed in lexicographical order:
377 379
378 380 | Script | Description |
379 381 | --- | --- |
380 382 | `10-bootstrap.sh` | Debootstrap basic system |
381 383 | `11-apt.sh` | Setup APT repositories |
382 384 | `12-locale.sh` | Setup Locales and keyboard settings |
383 385 | `13-kernel.sh` | Build and install RPi2/3 Kernel |
384 386 | `14-fstab.sh` | Setup fstab and initramfs |
385 387 | `15-rpi-config.sh` | Setup RPi2/3 config and cmdline |
386 388 | `20-networking.sh` | Setup Networking |
387 389 | `21-firewall.sh` | Setup Firewall |
388 390 | `30-security.sh` | Setup Users and Security settings |
389 391 | `31-logging.sh` | Setup Logging |
390 392 | `32-sshd.sh` | Setup SSH and public keys |
391 393 | `41-uboot.sh` | Build and Setup U-Boot |
392 394 | `42-fbturbo.sh` | Build and Setup fbturbo Xorg driver |
393 395 | `50-firstboot.sh` | First boot actions |
394 396 | `99-reduce.sh` | Reduce the disk space usage |
395 397
396 398 All the required configuration files that will be copied to the generated OS image are located inside the `files` directory. It is not recommended to modify these configuration files manually.
397 399
398 400 | Directory | Description |
399 401 | --- | --- |
400 402 | `apt` | APT management configuration files |
401 403 | `boot` | Boot and RPi2/3 configuration files |
402 404 | `dpkg` | Package Manager configuration |
403 405 | `etc` | Configuration files and rc scripts |
404 406 | `firstboot` | Scripts that get executed on first boot |
405 407 | `initramfs` | Initramfs scripts |
406 408 | `iptables` | Firewall configuration files |
407 409 | `locales` | Locales configuration |
408 410 | `modules` | Kernel Modules configuration |
409 411 | `mount` | Fstab configuration |
410 412 | `network` | Networking configuration files |
411 413 | `sysctl.d` | Swapping and Network Hardening configuration |
412 414 | `xorg` | fbturbo Xorg driver configuration |
413 415
414 416 ## Custom packages and scripts
415 417 Debian custom packages, i.e. those not in the debian repositories, can be installed by placing them in the `packages` directory. They are installed immediately after packages from the repositories are installed. Any dependencies listed in the custom packages will be downloaded automatically from the repositories. Do not list these custom packages in `APT_INCLUDES`.
416 418
417 419 Scripts in the custom.d directory will be executed after all other installation is complete but before the image is created.
418 420
419 421 ## Logging of the bootstrapping process
420 422 All information related to the bootstrapping process and the commands executed by the `rpi23-gen-image.sh` script can easily be saved into a logfile. The common shell command `script` can be used for this purpose:
421 423
422 424 ```shell
423 425 script -c 'APT_SERVER=ftp.de.debian.org ./rpi23-gen-image.sh' ./build.log
424 426 ```
425 427
426 428 ## Flashing the image file
427 429 After the image file was successfully created by the `rpi23-gen-image.sh` script it can be copied to the microSD card that will be used by the RPi2/3 computer. This can be performed by using the tools `bmaptool` or `dd`. Using `bmaptool` will probably speed-up the copy process because `bmaptool` copies more wisely than `dd`.
428 430
429 431 ##### Flashing examples:
430 432 ```shell
431 433 bmaptool copy ./images/jessie/2017-01-23-rpi3-jessie.img /dev/mmcblk0
432 434 dd bs=4M if=./images/jessie/2017-01-23-rpi3-jessie.img of=/dev/mmcblk0
433 435 ```
434 436 If you have set `ENABLE_SPLITFS`, copy the `-frmw` image on the microSD card, then the `-root` one on the USB drive:
435 437 ```shell
436 438 bmaptool copy ./images/jessie/2017-01-23-rpi3-jessie-frmw.img /dev/mmcblk0
437 439 bmaptool copy ./images/jessie/2017-01-23-rpi3-jessie-root.img /dev/sdc
438 440 ```
439 441 ## Weekly image builds
440 442 The image files are provided by JRWR'S I/O PORT and are built once a Sunday at midnight UTC!
441 443 * [Debian Stretch Raspberry Pi2/3 Weekly Image Builds](https://jrwr.io/doku.php?id=projects:debianpi)
442 444
443 445 ## External links and references
444 446 * [Debian worldwide mirror sites](https://www.debian.org/mirror/list)
445 447 * [Debian Raspberry Pi 2 Wiki](https://wiki.debian.org/RaspberryPi2)
446 448 * [Debian CrossToolchains Wiki](https://wiki.debian.org/CrossToolchains)
447 449 * [Official Raspberry Pi Firmware on github](https://github.com/raspberrypi/firmware)
448 450 * [Official Raspberry Pi Kernel on github](https://github.com/raspberrypi/linux)
449 451 * [U-BOOT git repository](http://git.denx.de/?p=u-boot.git;a=summary)
450 452 * [Xorg DDX driver fbturbo](https://github.com/ssvb/xf86-video-fbturbo)
451 453 * [RPi3 Wireless interface firmware](https://github.com/RPi-Distro/firmware-nonfree/tree/master/brcm80211/brcm)
452 454 * [Collabora RPi2 Kernel precompiled](https://repositories.collabora.co.uk/debian/)
Show file before | Show file after | Hide comments
@@ -1,151 +1,151
1 1 #
2 2 # Setup RPi2/3 config and cmdline
3 3 #
4 4
5 5 # Load utility functions
6 6 . ./functions.sh
7 7
8 8 if [ "$BUILD_KERNEL" = true ] ; then
9 9 if [ -n "$RPI_FIRMWARE_DIR" ] && [ -d "$RPI_FIRMWARE_DIR" ] ; then
10 10 # Install boot binaries from local directory
11 11 cp ${RPI_FIRMWARE_DIR}/boot/bootcode.bin ${BOOT_DIR}/bootcode.bin
12 12 cp ${RPI_FIRMWARE_DIR}/boot/fixup.dat ${BOOT_DIR}/fixup.dat
13 13 cp ${RPI_FIRMWARE_DIR}/boot/fixup_cd.dat ${BOOT_DIR}/fixup_cd.dat
14 14 cp ${RPI_FIRMWARE_DIR}/boot/fixup_x.dat ${BOOT_DIR}/fixup_x.dat
15 15 cp ${RPI_FIRMWARE_DIR}/boot/start.elf ${BOOT_DIR}/start.elf
16 16 cp ${RPI_FIRMWARE_DIR}/boot/start_cd.elf ${BOOT_DIR}/start_cd.elf
17 17 cp ${RPI_FIRMWARE_DIR}/boot/start_x.elf ${BOOT_DIR}/start_x.elf
18 18 else
19 19 # Create temporary directory for boot binaries
20 20 temp_dir=$(as_nobody mktemp -d)
21 21
22 22 # Install latest boot binaries from raspberry/firmware github
23 23 as_nobody wget -q -O "${temp_dir}/bootcode.bin" "${FIRMWARE_URL}/bootcode.bin"
24 24 as_nobody wget -q -O "${temp_dir}/fixup.dat" "${FIRMWARE_URL}/fixup.dat"
25 25 as_nobody wget -q -O "${temp_dir}/fixup_cd.dat" "${FIRMWARE_URL}/fixup_cd.dat"
26 26 as_nobody wget -q -O "${temp_dir}/fixup_x.dat" "${FIRMWARE_URL}/fixup_x.dat"
27 27 as_nobody wget -q -O "${temp_dir}/start.elf" "${FIRMWARE_URL}/start.elf"
28 28 as_nobody wget -q -O "${temp_dir}/start_cd.elf" "${FIRMWARE_URL}/start_cd.elf"
29 29 as_nobody wget -q -O "${temp_dir}/start_x.elf" "${FIRMWARE_URL}/start_x.elf"
30 30
31 31 # Move downloaded boot binaries
32 32 mv "${temp_dir}/"* "${BOOT_DIR}/"
33 33
34 34 # Remove temporary directory for boot binaries
35 35 rm -fr "${temp_dir}"
36 36
37 37 # Set permissions of the boot binaries
38 38 chown -R root:root "${BOOT_DIR}"
39 39 chmod -R 600 "${BOOT_DIR}"
40 40 fi
41 41 fi
42 42
43 43 # Setup firmware boot cmdline
44 44 if [ "$ENABLE_SPLITFS" = true ] ; then
45 45 CMDLINE="dwc_otg.lpm_enable=0 root=/dev/sda1 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline rootwait console=tty1"
46 46 else
47 47 CMDLINE="dwc_otg.lpm_enable=0 root=/dev/mmcblk0p2 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline rootwait console=tty1"
48 48 fi
49 49
50 50 # Add encrypted root partition to cmdline.txt
51 51 if [ "$ENABLE_CRYPTFS" = true ] ; then
52 52 if [ "$ENABLE_SPLITFS" = true ] ; then
53 53 CMDLINE=$(echo ${CMDLINE} | sed "s/sda1/mapper\/${CRYPTFS_MAPPING} cryptdevice=\/dev\/sda1:${CRYPTFS_MAPPING}/")
54 54 else
55 55 CMDLINE=$(echo ${CMDLINE} | sed "s/mmcblk0p2/mapper\/${CRYPTFS_MAPPING} cryptdevice=\/dev\/mmcblk0p2:${CRYPTFS_MAPPING}/")
56 56 fi
57 57 fi
58 58
59 59 # Add serial console support
60 60 if [ "$ENABLE_CONSOLE" = true ] ; then
61 61 CMDLINE="${CMDLINE} console=ttyAMA0,115200 kgdboc=ttyAMA0,115200"
62 62 fi
63 63
64 64 # Remove IPv6 networking support
65 65 if [ "$ENABLE_IPV6" = false ] ; then
66 66 CMDLINE="${CMDLINE} ipv6.disable=1"
67 67 fi
68 68
69 69 # Automatically assign predictable network interface names
70 70 if [ "$ENABLE_IFNAMES" = false ] ; then
71 71 CMDLINE="${CMDLINE} net.ifnames=0"
72 72 else
73 73 CMDLINE="${CMDLINE} net.ifnames=1"
74 74 fi
75 75
76 # Set init to systemd if required by Debian release stretch or buster
76 # Set init to systemd if required by Debian release
77 77 if [ "$RELEASE" = "stretch" ] || [ "$RELEASE" = "buster" ] ; then
78 78 CMDLINE="${CMDLINE} init=/bin/systemd"
79 79 fi
80 80
81 81 # Install firmware boot cmdline
82 82 echo "${CMDLINE}" > "${BOOT_DIR}/cmdline.txt"
83 83
84 84 # Install firmware config
85 85 install_readonly files/boot/config.txt "${BOOT_DIR}/config.txt"
86 86
87 87 # Setup minimal GPU memory allocation size: 16MB (no X)
88 88 if [ "$ENABLE_MINGPU" = true ] ; then
89 89 echo "gpu_mem=16" >> "${BOOT_DIR}/config.txt"
90 90 fi
91 91
92 92 # Setup boot with initramfs
93 93 if [ "$ENABLE_INITRAMFS" = true ] ; then
94 94 echo "initramfs initramfs-${KERNEL_VERSION} followkernel" >> "${BOOT_DIR}/config.txt"
95 95 fi
96 96
97 97 # Disable RPi3 Bluetooth and restore ttyAMA0 serial device
98 98 if [ "$RPI_MODEL" = 3 ] ; then
99 99 if [ "$ENABLE_CONSOLE" = true ] && [ "$ENABLE_UBOOT" = false ] ; then
100 100 echo "dtoverlay=pi3-disable-bt" >> "${BOOT_DIR}/config.txt"
101 101 echo "enable_uart=1" >> "${BOOT_DIR}/config.txt"
102 102 fi
103 103 fi
104 104
105 105 # Create firmware configuration and cmdline symlinks
106 106 ln -sf firmware/config.txt "${R}/boot/config.txt"
107 107 ln -sf firmware/cmdline.txt "${R}/boot/cmdline.txt"
108 108
109 109 # Install and setup kernel modules to load at boot
110 110 mkdir -p "${R}/lib/modules-load.d/"
111 111 install_readonly files/modules/rpi2.conf "${R}/lib/modules-load.d/rpi2.conf"
112 112
113 113 # Load hardware random module at boot
114 114 if [ "$ENABLE_HWRANDOM" = true ] && [ "$BUILD_KERNEL" = false ] ; then
115 115 sed -i "s/^# bcm2708_rng/bcm2708_rng/" "${R}/lib/modules-load.d/rpi2.conf"
116 116 fi
117 117
118 118 # Load sound module at boot
119 119 if [ "$ENABLE_SOUND" = true ] ; then
120 120 sed -i "s/^# snd_bcm2835/snd_bcm2835/" "${R}/lib/modules-load.d/rpi2.conf"
121 121 else
122 122 echo "dtparam=audio=off" >> "${BOOT_DIR}/config.txt"
123 123 fi
124 124
125 125 # Enable I2C interface
126 126 if [ "$ENABLE_I2C" = true ] ; then
127 127 echo "dtparam=i2c_arm=on" >> "${BOOT_DIR}/config.txt"
128 128 sed -i "s/^# i2c-bcm2708/i2c-bcm2708/" "${R}/lib/modules-load.d/rpi2.conf"
129 129 sed -i "s/^# i2c-dev/i2c-dev/" "${R}/lib/modules-load.d/rpi2.conf"
130 130 fi
131 131
132 132 # Enable SPI interface
133 133 if [ "$ENABLE_SPI" = true ] ; then
134 134 echo "dtparam=spi=on" >> "${BOOT_DIR}/config.txt"
135 135 echo "spi-bcm2708" >> "${R}/lib/modules-load.d/rpi2.conf"
136 136 if [ "$RPI_MODEL" = 3 ] ; then
137 137 sed -i "s/spi-bcm2708/spi-bcm2835/" "${R}/lib/modules-load.d/rpi2.conf"
138 138 fi
139 139 fi
140 140
141 141 # Disable RPi2/3 under-voltage warnings
142 142 if [ ! -z "$DISABLE_UNDERVOLT_WARNINGS" ] ; then
143 143 echo "avoid_warnings=${DISABLE_UNDERVOLT_WARNINGS}" >> "${BOOT_DIR}/config.txt"
144 144 fi
145 145
146 146 # Install kernel modules blacklist
147 147 mkdir -p "${ETC_DIR}/modprobe.d/"
148 148 install_readonly files/modules/raspi-blacklist.conf "${ETC_DIR}/modprobe.d/raspi-blacklist.conf"
149 149
150 150 # Install sysctl.d configuration files
151 151 install_readonly files/sysctl.d/81-rpi-vm.conf "${ETC_DIR}/sysctl.d/81-rpi-vm.conf"
Show file before | Show file after | Hide comments
@@ -1,107 +1,107
1 1 #
2 2 # Setup Networking
3 3 #
4 4
5 5 # Load utility functions
6 6 . ./functions.sh
7 7
8 8 # Install and setup hostname
9 9 install_readonly files/network/hostname "${ETC_DIR}/hostname"
10 10 sed -i "s/^rpi2-jessie/${HOSTNAME}/" "${ETC_DIR}/hostname"
11 11
12 12 # Install and setup hosts
13 13 install_readonly files/network/hosts "${ETC_DIR}/hosts"
14 14 sed -i "s/rpi2-jessie/${HOSTNAME}/" "${ETC_DIR}/hosts"
15 15
16 16 # Setup hostname entry with static IP
17 17 if [ "$NET_ADDRESS" != "" ] ; then
18 18 NET_IP=$(echo "${NET_ADDRESS}" | cut -f 1 -d'/')
19 19 sed -i "s/^127.0.1.1/${NET_IP}/" "${ETC_DIR}/hosts"
20 20 fi
21 21
22 22 # Remove IPv6 hosts
23 23 if [ "$ENABLE_IPV6" = false ] ; then
24 24 sed -i -e "/::[1-9]/d" -e "/^$/d" "${ETC_DIR}/hosts"
25 25 fi
26 26
27 27 # Install hint about network configuration
28 28 install_readonly files/network/interfaces "${ETC_DIR}/network/interfaces"
29 29
30 30 # Install configuration for interface eth0
31 31 install_readonly files/network/eth.network "${ETC_DIR}/systemd/network/eth.network"
32 32
33 33 if [ "$ENABLE_DHCP" = true ] ; then
34 34 # Enable DHCP configuration for interface eth0
35 35 sed -i -e "s/DHCP=.*/DHCP=yes/" -e "/DHCP/q" "${ETC_DIR}/systemd/network/eth.network"
36 36
37 37 # Set DHCP configuration to IPv4 only
38 38 if [ "$ENABLE_IPV6" = false ] ; then
39 39 sed -i "s/DHCP=.*/DHCP=v4/" "${ETC_DIR}/systemd/network/eth.network"
40 40 fi
41 41
42 42 else # ENABLE_DHCP=false
43 43 # Set static network configuration for interface eth0
44 44 sed -i\
45 45 -e "s|DHCP=.*|DHCP=no|"\
46 46 -e "s|Address=\$|Address=${NET_ADDRESS}|"\
47 47 -e "s|Gateway=\$|Gateway=${NET_GATEWAY}|"\
48 48 -e "0,/DNS=\$/ s|DNS=\$|DNS=${NET_DNS_1}|"\
49 49 -e "0,/DNS=\$/ s|DNS=\$|DNS=${NET_DNS_2}|"\
50 50 -e "s|Domains=\$|Domains=${NET_DNS_DOMAINS}|"\
51 51 -e "0,/NTP=\$/ s|NTP=\$|NTP=${NET_NTP_1}|"\
52 52 -e "0,/NTP=\$/ s|NTP=\$|NTP=${NET_NTP_2}|"\
53 53 "${ETC_DIR}/systemd/network/eth.network"
54 54 fi
55 55
56 56 # Remove empty settings from network configuration
57 57 sed -i "/.*=\$/d" "${ETC_DIR}/systemd/network/eth.network"
58 58
59 # Move systemd network configuration if required by Debian release stretch or buster
59 # Move systemd network configuration if required by Debian release
60 60 if [ "$RELEASE" = "stretch" ] || [ "$RELEASE" = "buster" ] ; then
61 61 mv -v "${ETC_DIR}/systemd/network/eth.network" "${LIB_DIR}/systemd/network/10-eth.network"
62 62 rm -fr "${ETC_DIR}/systemd/network"
63 63 fi
64 64
65 65 # Enable systemd-networkd service
66 66 chroot_exec systemctl enable systemd-networkd
67 67
68 68 # Install host.conf resolver configuration
69 69 install_readonly files/network/host.conf "${ETC_DIR}/host.conf"
70 70
71 71 # Enable network stack hardening
72 72 if [ "$ENABLE_HARDNET" = true ] ; then
73 73 # Install sysctl.d configuration files
74 74 install_readonly files/sysctl.d/82-rpi-net-hardening.conf "${ETC_DIR}/sysctl.d/82-rpi-net-hardening.conf"
75 75
76 76 # Setup resolver warnings about spoofed addresses
77 77 sed -i "s/^# spoof warn/spoof warn/" "${ETC_DIR}/host.conf"
78 78 fi
79 79
80 80 # Enable time sync
81 81 if [ "NET_NTP_1" != "" ] ; then
82 82 chroot_exec systemctl enable systemd-timesyncd.service
83 83 fi
84 84
85 85 # Download the firmware binary blob required to use the RPi3 wireless interface
86 86 if [ "$ENABLE_WIRELESS" = true ] ; then
87 87 if [ ! -d ${WLAN_FIRMWARE_DIR} ] ; then
88 88 mkdir -p ${WLAN_FIRMWARE_DIR}
89 89 fi
90 90
91 91 # Create temporary directory for firmware binary blob
92 92 temp_dir=$(as_nobody mktemp -d)
93 93
94 94 # Fetch firmware binary blob
95 95 as_nobody wget -q -O "${temp_dir}/brcmfmac43430-sdio.bin" "${WLAN_FIRMWARE_URL}/brcmfmac43430-sdio.bin"
96 96 as_nobody wget -q -O "${temp_dir}/brcmfmac43430-sdio.txt" "${WLAN_FIRMWARE_URL}/brcmfmac43430-sdio.txt"
97 97
98 98 # Move downloaded firmware binary blob
99 99 mv "${temp_dir}/brcmfmac43430-sdio."* "${WLAN_FIRMWARE_DIR}/"
100 100
101 101 # Remove temporary directory for firmware binary blob
102 102 rm -fr "${temp_dir}"
103 103
104 104 # Set permissions of the firmware binary blob
105 105 chown root:root "${WLAN_FIRMWARE_DIR}/brcmfmac43430-sdio."*
106 106 chmod 600 "${WLAN_FIRMWARE_DIR}/brcmfmac43430-sdio."*
107 107 fi
Show file before | Show file after | Hide comments
@@ -1,49 +1,51
1 1 #
2 2 # Build and Setup fbturbo Xorg driver
3 3 #
4 4
5 5 # Load utility functions
6 6 . ./functions.sh
7 7
8 8 if [ "$ENABLE_FBTURBO" = true ] ; then
9 9 # Install c/c++ build environment inside the chroot
10 10 chroot_install_cc
11 11
12 12 # Copy existing fbturbo sources into chroot directory
13 13 if [ -n "$FBTURBOSRC_DIR" ] && [ -d "$FBTURBOSRC_DIR" ] ; then
14 14 # Copy local fbturbo sources
15 15 cp -r "${FBTURBOSRC_DIR}" "${R}/tmp"
16 16 else
17 17 # Create temporary directory for fbturbo sources
18 18 temp_dir=$(as_nobody mktemp -d)
19 19
20 20 # Fetch fbturbo sources
21 21 as_nobody git -C "${temp_dir}" clone "${FBTURBO_URL}"
22 22
23 23 # Move downloaded fbturbo sources
24 24 mv "${temp_dir}/xf86-video-fbturbo" "${R}/tmp/"
25 25
26 26 # Remove temporary directory for fbturbo sources
27 27 rm -fr "${temp_dir}"
28 28 fi
29 29
30 30 # Install Xorg build dependencies
31 31 if [ "$RELEASE" = "jessie" ] || [ "$RELEASE" = "stretch" ] || [ "$RELEASE" = "buster" ] ; then
32 32 chroot_exec apt-get -q -y --no-install-recommends install xorg-dev xutils-dev x11proto-dri2-dev libltdl-dev libtool automake libdrm-dev
33 elif [ "$RELEASE" = "stretch" ] || [ "$RELEASE" = "buster" ] ; then
34 chroot_exec apt-get -q -y --no-install-recommends --allow-unauthenticated install xorg-dev xutils-dev x11proto-dri2-dev libltdl-dev libtool automake libdrm-dev
33 35 fi
34 36
35 37 # Build and install fbturbo driver inside chroot
36 38 chroot_exec /bin/bash -x <<'EOF'
37 39 cd /tmp/xf86-video-fbturbo
38 40 autoreconf -vi
39 41 ./configure --prefix=/usr
40 42 make
41 43 make install
42 44 EOF
43 45
44 46 # Install fbturbo driver Xorg configuration
45 47 install_readonly files/xorg/99-fbturbo.conf "${R}/usr/share/X11/xorg.conf.d/99-fbturbo.conf"
46 48
47 49 # Remove Xorg build dependencies
48 50 chroot_exec apt-get -qq -y --auto-remove purge xorg-dev xutils-dev x11proto-dri2-dev libltdl-dev libtool automake libdrm-dev
49 51 fi
Show file before | Show file after | Hide comments
@@ -1,85 +1,85
1 1 #
2 2 # Reduce system disk usage
3 3 #
4 4
5 5 # Load utility functions
6 6 . ./functions.sh
7 7
8 8 # Reduce the image size by various operations
9 9 if [ "$ENABLE_REDUCE" = true ] ; then
10 10 if [ "$REDUCE_APT" = true ] ; then
11 11 # Install dpkg configuration file
12 12 if [ "$REDUCE_DOC" = true ] || [ "$REDUCE_MAN" = true ] ; then
13 13 install_readonly files/dpkg/01nodoc "${ETC_DIR}/dpkg/dpkg.cfg.d/01nodoc"
14 14 fi
15 15
16 16 # Install APT configuration files
17 17 install_readonly files/apt/02nocache "${ETC_DIR}/apt/apt.conf.d/02nocache"
18 18 install_readonly files/apt/03compress "${ETC_DIR}/apt/apt.conf.d/03compress"
19 19 install_readonly files/apt/04norecommends "${ETC_DIR}/apt/apt.conf.d/04norecommends"
20 20
21 21 # Remove APT cache files
22 22 rm -fr "${R}/var/cache/apt/pkgcache.bin"
23 23 rm -fr "${R}/var/cache/apt/srcpkgcache.bin"
24 24 fi
25 25
26 26 # Remove all doc files
27 27 if [ "$REDUCE_DOC" = true ] ; then
28 28 find "${R}/usr/share/doc" -depth -type f ! -name copyright | xargs rm || true
29 29 find "${R}/usr/share/doc" -empty | xargs rmdir || true
30 30 fi
31 31
32 32 # Remove all man pages and info files
33 33 if [ "$REDUCE_MAN" = true ] ; then
34 34 rm -rf "${R}/usr/share/man" "${R}/usr/share/groff" "${R}/usr/share/info" "${R}/usr/share/lintian" "${R}/usr/share/linda" "${R}/var/cache/man"
35 35 fi
36 36
37 37 # Remove all locale translation files
38 38 if [ "$REDUCE_LOCALE" = true ] ; then
39 39 find "${R}/usr/share/locale" -mindepth 1 -maxdepth 1 ! -name 'en' | xargs rm -r
40 40 fi
41 41
42 42 # Remove hwdb PCI device classes (experimental)
43 43 if [ "$REDUCE_HWDB" = true ] ; then
44 44 rm -fr "/lib/udev/hwdb.d/20-pci-*"
45 45 fi
46 46
47 47 # Replace bash shell by dash shell (experimental)
48 48 if [ "$REDUCE_BASH" = true ] ; then
49 if [ "$RELEASE" = "stretch" ] ; then
49 if [ "$RELEASE" = "stretch" ] || [ "$RELEASE" = "buster" ] ; then
50 50 echo "Yes, do as I say!" | chroot_exec apt-get purge -qq -y --allow-remove-essential bash
51 51 else
52 52 echo "Yes, do as I say!" | chroot_exec apt-get purge -qq -y --force-yes bash
53 53 fi
54 54
55 55 chroot_exec update-alternatives --install /bin/bash bash /bin/dash 100
56 56 fi
57 57
58 58 # Remove sound utils and libraries
59 59 if [ "$ENABLE_SOUND" = false ] ; then
60 60 chroot_exec apt-get -qq -y purge alsa-utils libsamplerate0 libasound2 libasound2-data
61 61 fi
62 62
63 63 # Re-install tools for managing kernel modules
64 64 if [ "$RELEASE" = "jessie" ] ; then
65 65 chroot_exec apt-get -qq -y install module-init-tools
66 66 fi
67 67
68 68 # Remove GPU kernels
69 69 if [ "$ENABLE_MINGPU" = true ] ; then
70 70 rm -f "${BOOT_DIR}/start.elf"
71 71 rm -f "${BOOT_DIR}/fixup.dat"
72 72 rm -f "${BOOT_DIR}/start_x.elf"
73 73 rm -f "${BOOT_DIR}/fixup_x.dat"
74 74 fi
75 75
76 76 # Remove kernel and initrd from /boot (already in /boot/firmware)
77 77 if [ "$BUILD_KERNEL" = false ] ; then
78 78 rm -f "${R}/boot/vmlinuz-*"
79 79 rm -f "${R}/boot/initrd.img-*"
80 80 fi
81 81
82 82 # Clean APT list of repositories
83 83 rm -fr "${R}/var/lib/apt/lists/*"
84 84 chroot_exec apt-get -qq -y update
85 85 fi
Show file before | Show file after | Hide comments
@@ -1,79 +1,81
1 1 # This file contains utility functions used by rpi23-gen-image.sh
2 2
3 3 cleanup (){
4 4 set +x
5 5 set +e
6 6
7 7 # Identify and kill all processes still using files
8 8 echo "killing processes using mount point ..."
9 9 fuser -k "${R}"
10 10 sleep 3
11 11 fuser -9 -k -v "${R}"
12 12
13 13 # Clean up temporary .password file
14 14 if [ -r ".password" ] ; then
15 15 shred -zu .password
16 16 fi
17 17
18 18 # Clean up all temporary mount points
19 19 echo "removing temporary mount points ..."
20 20 umount -l "${R}/proc" 2> /dev/null
21 21 umount -l "${R}/sys" 2> /dev/null
22 22 umount -l "${R}/dev/pts" 2> /dev/null
23 23 umount "$BUILDDIR/mount/boot/firmware" 2> /dev/null
24 24 umount "$BUILDDIR/mount" 2> /dev/null
25 25 cryptsetup close "${CRYPTFS_MAPPING}" 2> /dev/null
26 26 losetup -d "$ROOT_LOOP" 2> /dev/null
27 27 losetup -d "$FRMW_LOOP" 2> /dev/null
28 28 trap - 0 1 2 3 6
29 29 }
30 30
31 31 chroot_exec() {
32 32 # Exec command in chroot
33 33 LANG=C LC_ALL=C DEBIAN_FRONTEND=noninteractive chroot ${R} $*
34 34 }
35 35
36 36 as_nobody() {
37 37 # Exec command as user nobody
38 38 sudo -E -u nobody LANG=C LC_ALL=C $*
39 39 }
40 40
41 41 install_readonly() {
42 42 # Install file with user read-only permissions
43 43 install -o root -g root -m 644 $*
44 44 }
45 45
46 46 install_exec() {
47 47 # Install file with root exec permissions
48 48 install -o root -g root -m 744 $*
49 49 }
50 50
51 51 use_template () {
52 52 # Test if configuration template file exists
53 53 if [ ! -r "./templates/${CONFIG_TEMPLATE}" ] ; then
54 54 echo "error: configuration template ${CONFIG_TEMPLATE} not found"
55 55 exit 1
56 56 fi
57 57
58 58 # Load template configuration parameters
59 59 . "./templates/${CONFIG_TEMPLATE}"
60 60 }
61 61
62 62 chroot_install_cc() {
63 63 # Install c/c++ build environment inside the chroot
64 64 if [ -z "${COMPILER_PACKAGES}" ] ; then
65 65 COMPILER_PACKAGES=$(chroot_exec apt-get -s install g++ make bc | grep "^Inst " | awk -v ORS=" " '{ print $2 }')
66 66
67 67 if [ "$RELEASE" = "jessie" ] || [ "$RELEASE" = "stretch" ] || [ "$RELEASE" = "buster" ] ; then
68 68 chroot_exec apt-get -q -y --no-install-recommends install ${COMPILER_PACKAGES}
69 elif [ "$RELEASE" = "stretch" ] || [ "$RELEASE" = "buster" ] ; then
70 chroot_exec apt-get -q -y --allow-unauthenticated --no-install-recommends install ${COMPILER_PACKAGES}
69 71 fi
70 72 fi
71 73 }
72 74
73 75 chroot_remove_cc() {
74 76 # Remove c/c++ build environment from the chroot
75 77 if [ ! -z "${COMPILER_PACKAGES}" ] ; then
76 78 chroot_exec apt-get -qq -y --auto-remove purge ${COMPILER_PACKAGES}
77 79 COMPILER_PACKAGES=""
78 80 fi
79 81 }
Show file before | Show file after | Hide comments
@@ -1,659 +1,653
1 1 #!/bin/sh
2 2
3 3 ########################################################################
4 4 # rpi23-gen-image.sh 2015-2017
5 5 #
6 # Advanced Debian "jessie" and "stretch" bootstrap script for RPi2/3
6 # Advanced Debian "jessie", "stretch" and "buster" bootstrap script for RPi2/3
7 7 #
8 8 # This program is free software; you can redistribute it and/or
9 9 # modify it under the terms of the GNU General Public License
10 10 # as published by the Free Software Foundation; either version 2
11 11 # of the License, or (at your option) any later version.
12 12 #
13 13 # Copyright (C) 2015 Jan Wagner <mail@jwagner.eu>
14 14 #
15 # Big thanks for patches and enhancements by 10+ github contributors!
15 # Big thanks for patches and enhancements by 20+ github contributors!
16 16 ########################################################################
17 17
18 18 # Are we running as root?
19 19 if [ "$(id -u)" -ne "0" ] ; then
20 20 echo "error: this script must be executed with root privileges!"
21 21 exit 1
22 22 fi
23 23
24 24 # Check if ./functions.sh script exists
25 25 if [ ! -r "./functions.sh" ] ; then
26 26 echo "error: './functions.sh' required script not found!"
27 27 exit 1
28 28 fi
29 29
30 30 # Load utility functions
31 31 . ./functions.sh
32 32
33 33 # Load parameters from configuration template file
34 34 if [ ! -z "$CONFIG_TEMPLATE" ] ; then
35 35 use_template
36 36 fi
37 37
38 38 # Introduce settings
39 39 set -e
40 40 echo -n -e "\n#\n# RPi2/3 Bootstrap Settings\n#\n"
41 41 set -x
42 42
43 43 # Raspberry Pi model configuration
44 44 RPI_MODEL=${RPI_MODEL:=2}
45 45 RPI2_DTB_FILE=${RPI2_DTB_FILE:=bcm2709-rpi-2-b.dtb}
46 46 RPI2_UBOOT_CONFIG=${RPI2_UBOOT_CONFIG:=rpi_2_defconfig}
47 47 RPI3_DTB_FILE=${RPI3_DTB_FILE:=bcm2710-rpi-3-b.dtb}
48 48 RPI3_UBOOT_CONFIG=${RPI3_UBOOT_CONFIG:=rpi_3_32b_defconfig}
49 49
50 50 # Debian release
51 51 RELEASE=${RELEASE:=jessie}
52 52 KERNEL_ARCH=${KERNEL_ARCH:=arm}
53 53 RELEASE_ARCH=${RELEASE_ARCH:=armhf}
54 54 CROSS_COMPILE=${CROSS_COMPILE:=arm-linux-gnueabihf-}
55 55 COLLABORA_KERNEL=${COLLABORA_KERNEL:=3.18.0-trunk-rpi2}
56 56 if [ "$KERNEL_ARCH" = "arm64" ] ; then
57 57 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcmrpi3_defconfig}
58 58 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel8.img}
59 59 else
60 60 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcm2709_defconfig}
61 61 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel7.img}
62 62 fi
63 63 if [ "$RELEASE_ARCH" = "arm64" ] ; then
64 64 QEMU_BINARY=${QEMU_BINARY:=/usr/bin/qemu-aarch64-static}
65 65 else
66 66 QEMU_BINARY=${QEMU_BINARY:=/usr/bin/qemu-arm-static}
67 67 fi
68 68 KERNEL_BRANCH=${KERNEL_BRANCH:=""}
69 69
70 70 # URLs
71 71 KERNEL_URL=${KERNEL_URL:=https://github.com/raspberrypi/linux}
72 72 FIRMWARE_URL=${FIRMWARE_URL:=https://github.com/raspberrypi/firmware/raw/master/boot}
73 73 WLAN_FIRMWARE_URL=${WLAN_FIRMWARE_URL:=https://github.com/RPi-Distro/firmware-nonfree/raw/master/brcm80211/brcm}
74 74 COLLABORA_URL=${COLLABORA_URL:=https://repositories.collabora.co.uk/debian}
75 75 FBTURBO_URL=${FBTURBO_URL:=https://github.com/ssvb/xf86-video-fbturbo.git}
76 76 UBOOT_URL=${UBOOT_URL:=git://git.denx.de/u-boot.git}
77 77
78 78 # Build directories
79 79 BASEDIR=${BASEDIR:=$(pwd)/images/${RELEASE}}
80 80 BUILDDIR="${BASEDIR}/build"
81 81
82 82 # Prepare date string for default image file name
83 83 DATE="$(date +%Y-%m-%d)"
84 84 if [ -z "$KERNEL_BRANCH" ] ; then
85 85 IMAGE_NAME=${IMAGE_NAME:=${BASEDIR}/${DATE}-${KERNEL_ARCH}-CURRENT-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}}
86 86 else
87 87 IMAGE_NAME=${IMAGE_NAME:=${BASEDIR}/${DATE}-${KERNEL_ARCH}-${KERNEL_BRANCH}-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}}
88 88 fi
89 89
90 90 # Chroot directories
91 91 R="${BUILDDIR}/chroot"
92 92 ETC_DIR="${R}/etc"
93 93 LIB_DIR="${R}/lib"
94 94 BOOT_DIR="${R}/boot/firmware"
95 95 KERNEL_DIR="${R}/usr/src/linux"
96 96 WLAN_FIRMWARE_DIR="${R}/lib/firmware/brcm"
97 97
98 98 # Firmware directory: Blank if download from github
99 99 RPI_FIRMWARE_DIR=${RPI_FIRMWARE_DIR:=""}
100 100
101 101 # General settings
102 102 HOSTNAME=${HOSTNAME:=rpi${RPI_MODEL}-${RELEASE}}
103 103 PASSWORD=${PASSWORD:=raspberry}
104 104 USER_PASSWORD=${USER_PASSWORD:=raspberry}
105 105 DEFLOCAL=${DEFLOCAL:="en_US.UTF-8"}
106 106 TIMEZONE=${TIMEZONE:="Europe/Berlin"}
107 107 EXPANDROOT=${EXPANDROOT:=true}
108 108
109 109 # Keyboard settings
110 110 XKB_MODEL=${XKB_MODEL:=""}
111 111 XKB_LAYOUT=${XKB_LAYOUT:=""}
112 112 XKB_VARIANT=${XKB_VARIANT:=""}
113 113 XKB_OPTIONS=${XKB_OPTIONS:=""}
114 114
115 115 # Network settings (DHCP)
116 116 ENABLE_DHCP=${ENABLE_DHCP:=true}
117 117
118 118 # Network settings (static)
119 119 NET_ADDRESS=${NET_ADDRESS:=""}
120 120 NET_GATEWAY=${NET_GATEWAY:=""}
121 121 NET_DNS_1=${NET_DNS_1:=""}
122 122 NET_DNS_2=${NET_DNS_2:=""}
123 123 NET_DNS_DOMAINS=${NET_DNS_DOMAINS:=""}
124 124 NET_NTP_1=${NET_NTP_1:=""}
125 125 NET_NTP_2=${NET_NTP_2:=""}
126 126
127 127 # APT settings
128 128 APT_PROXY=${APT_PROXY:=""}
129 129 APT_SERVER=${APT_SERVER:="ftp.debian.org"}
130 130
131 131 # Feature settings
132 132 ENABLE_CONSOLE=${ENABLE_CONSOLE:=true}
133 133 ENABLE_I2C=${ENABLE_I2C:=false}
134 134 ENABLE_SPI=${ENABLE_SPI:=false}
135 135 ENABLE_IPV6=${ENABLE_IPV6:=true}
136 136 ENABLE_SSHD=${ENABLE_SSHD:=true}
137 137 ENABLE_NONFREE=${ENABLE_NONFREE:=false}
138 138 ENABLE_WIRELESS=${ENABLE_WIRELESS:=false}
139 139 ENABLE_SOUND=${ENABLE_SOUND:=true}
140 140 ENABLE_DBUS=${ENABLE_DBUS:=true}
141 141 ENABLE_HWRANDOM=${ENABLE_HWRANDOM:=true}
142 142 ENABLE_MINGPU=${ENABLE_MINGPU:=false}
143 143 ENABLE_XORG=${ENABLE_XORG:=false}
144 144 ENABLE_WM=${ENABLE_WM:=""}
145 145 ENABLE_RSYSLOG=${ENABLE_RSYSLOG:=true}
146 146 ENABLE_USER=${ENABLE_USER:=true}
147 147 USER_NAME=${USER_NAME:="pi"}
148 148 ENABLE_ROOT=${ENABLE_ROOT:=false}
149 149
150 150 # SSH settings
151 151 SSH_ENABLE_ROOT=${SSH_ENABLE_ROOT:=false}
152 152 SSH_DISABLE_PASSWORD_AUTH=${SSH_DISABLE_PASSWORD_AUTH:=false}
153 153 SSH_LIMIT_USERS=${SSH_LIMIT_USERS:=false}
154 154 SSH_ROOT_PUB_KEY=${SSH_ROOT_PUB_KEY:=""}
155 155 SSH_USER_PUB_KEY=${SSH_USER_PUB_KEY:=""}
156 156
157 157 # Advanced settings
158 158 ENABLE_MINBASE=${ENABLE_MINBASE:=false}
159 159 ENABLE_REDUCE=${ENABLE_REDUCE:=false}
160 160 ENABLE_UBOOT=${ENABLE_UBOOT:=false}
161 161 UBOOTSRC_DIR=${UBOOTSRC_DIR:=""}
162 162 ENABLE_FBTURBO=${ENABLE_FBTURBO:=false}
163 163 FBTURBOSRC_DIR=${FBTURBOSRC_DIR:=""}
164 164 ENABLE_HARDNET=${ENABLE_HARDNET:=false}
165 165 ENABLE_IPTABLES=${ENABLE_IPTABLES:=false}
166 166 ENABLE_SPLITFS=${ENABLE_SPLITFS:=false}
167 167 ENABLE_INITRAMFS=${ENABLE_INITRAMFS:=false}
168 168 ENABLE_IFNAMES=${ENABLE_IFNAMES:=true}
169 169 DISABLE_UNDERVOLT_WARNINGS=${DISABLE_UNDERVOLT_WARNINGS:=}
170 170
171 171 # Kernel compilation settings
172 172 BUILD_KERNEL=${BUILD_KERNEL:=false}
173 173 KERNEL_REDUCE=${KERNEL_REDUCE:=false}
174 174 KERNEL_THREADS=${KERNEL_THREADS:=1}
175 175 KERNEL_HEADERS=${KERNEL_HEADERS:=true}
176 176 KERNEL_MENUCONFIG=${KERNEL_MENUCONFIG:=false}
177 177 KERNEL_REMOVESRC=${KERNEL_REMOVESRC:=true}
178 178 if [ "$KERNEL_ARCH" = "arm64" ] ; then
179 179 KERNEL_BIN_IMAGE=${KERNEL_BIN_IMAGE:="Image"}
180 180 else
181 181 KERNEL_BIN_IMAGE=${KERNEL_BIN_IMAGE:="zImage"}
182 182 fi
183 183
184 184 # Kernel compilation from source directory settings
185 185 KERNELSRC_DIR=${KERNELSRC_DIR:=""}
186 186 KERNELSRC_CLEAN=${KERNELSRC_CLEAN:=false}
187 187 KERNELSRC_CONFIG=${KERNELSRC_CONFIG:=true}
188 188 KERNELSRC_PREBUILT=${KERNELSRC_PREBUILT:=false}
189 189
190 190 # Reduce disk usage settings
191 191 REDUCE_APT=${REDUCE_APT:=true}
192 192 REDUCE_DOC=${REDUCE_DOC:=true}
193 193 REDUCE_MAN=${REDUCE_MAN:=true}
194 194 REDUCE_VIM=${REDUCE_VIM:=false}
195 195 REDUCE_BASH=${REDUCE_BASH:=false}
196 196 REDUCE_HWDB=${REDUCE_HWDB:=true}
197 197 REDUCE_SSHD=${REDUCE_SSHD:=true}
198 198 REDUCE_LOCALE=${REDUCE_LOCALE:=true}
199 199
200 200 # Encrypted filesystem settings
201 201 ENABLE_CRYPTFS=${ENABLE_CRYPTFS:=false}
202 202 CRYPTFS_PASSWORD=${CRYPTFS_PASSWORD:=""}
203 203 CRYPTFS_MAPPING=${CRYPTFS_MAPPING:="secure"}
204 204 CRYPTFS_CIPHER=${CRYPTFS_CIPHER:="aes-xts-plain64:sha512"}
205 205 CRYPTFS_XTSKEYSIZE=${CRYPTFS_XTSKEYSIZE:=512}
206 206
207 207 # Stop the Crypto Wars
208 208 DISABLE_FBI=${DISABLE_FBI:=false}
209 209
210 210 # Chroot scripts directory
211 211 CHROOT_SCRIPTS=${CHROOT_SCRIPTS:=""}
212 212
213 213 # Packages required in the chroot build environment
214 214 APT_INCLUDES=${APT_INCLUDES:=""}
215 215 APT_INCLUDES="${APT_INCLUDES},apt-transport-https,apt-utils,ca-certificates,debian-archive-keyring,dialog,sudo,systemd,sysvinit-utils"
216 216
217 # Package apt-transport-https has been removed from Debian Buster release
218 # this induces qemu error 383 which does not prevent building an image
219 if [ "$RELEASE" = "buster" ] ; then
220 APT_INCLUDES="$(echo ${APT_INCLUDES} | sed "s/apt-transport-https,//")"
221 fi
222
223 217 # Packages required for bootstrapping
224 218 REQUIRED_PACKAGES="debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git bc psmisc dbus sudo"
225 219 MISSING_PACKAGES=""
226 220
227 221 # Packages installed for c/c++ build environment in chroot (keep empty)
228 222 COMPILER_PACKAGES=""
229 223
230 224 set +x
231 225
232 226 # Set Raspberry Pi model specific configuration
233 227 if [ "$RPI_MODEL" = 2 ] ; then
234 228 DTB_FILE=${RPI2_DTB_FILE}
235 229 UBOOT_CONFIG=${RPI2_UBOOT_CONFIG}
236 230 elif [ "$RPI_MODEL" = 3 ] ; then
237 231 DTB_FILE=${RPI3_DTB_FILE}
238 232 UBOOT_CONFIG=${RPI3_UBOOT_CONFIG}
239 233 BUILD_KERNEL=true
240 234 else
241 235 echo "error: Raspberry Pi model ${RPI_MODEL} is not supported!"
242 236 exit 1
243 237 fi
244 238
245 239 # Check if the internal wireless interface is supported by the RPi model
246 240 if [ "$ENABLE_WIRELESS" = true ] && [ "$RPI_MODEL" != 3 ] ; then
247 241 echo "error: The selected Raspberry Pi model has no internal wireless interface"
248 242 exit 1
249 243 fi
250 244
251 245 # Check if DISABLE_UNDERVOLT_WARNINGS parameter value is supported
252 246 if [ ! -z "$DISABLE_UNDERVOLT_WARNINGS" ] ; then
253 247 if [ "$DISABLE_UNDERVOLT_WARNINGS" != 1 ] && [ "$DISABLE_UNDERVOLT_WARNINGS" != 2 ] ; then
254 248 echo "error: DISABLE_UNDERVOLT_WARNINGS=${DISABLE_UNDERVOLT_WARNINGS} is not supported"
255 249 exit 1
256 250 fi
257 251 fi
258 252
259 253 # Build RPi2/3 Linux kernel if required by Debian release
260 if [ "$RELEASE" = "stretch" ] ; then
254 if [ "$RELEASE" = "stretch" ] || [ "$RELEASE" = "buster" ] ; then
261 255 BUILD_KERNEL=true
262 256 fi
263 257
264 258 # Add packages required for kernel cross compilation
265 259 if [ "$BUILD_KERNEL" = true ] ; then
266 260 if [ "$KERNEL_ARCH" = "arm" ] ; then
267 261 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-armhf"
268 262 else
269 263 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-arm64"
270 264 fi
271 265 fi
272 266
273 267 # Add libncurses5 to enable kernel menuconfig
274 268 if [ "$KERNEL_MENUCONFIG" = true ] ; then
275 269 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} libncurses5-dev"
276 270 fi
277 271
278 272 # Stop the Crypto Wars
279 273 if [ "$DISABLE_FBI" = true ] ; then
280 274 ENABLE_CRYPTFS=true
281 275 fi
282 276
283 277 # Add cryptsetup package to enable filesystem encryption
284 278 if [ "$ENABLE_CRYPTFS" = true ] && [ "$BUILD_KERNEL" = true ] ; then
285 279 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} cryptsetup"
286 280 APT_INCLUDES="${APT_INCLUDES},cryptsetup"
287 281
288 282 if [ -z "$CRYPTFS_PASSWORD" ] ; then
289 283 echo "error: no password defined (CRYPTFS_PASSWORD)!"
290 284 exit 1
291 285 fi
292 286 ENABLE_INITRAMFS=true
293 287 fi
294 288
295 289 # Add initramfs generation tools
296 290 if [ "$ENABLE_INITRAMFS" = true ] && [ "$BUILD_KERNEL" = true ] ; then
297 291 APT_INCLUDES="${APT_INCLUDES},initramfs-tools"
298 292 fi
299 293
300 294 # Add device-tree-compiler required for building the U-Boot bootloader
301 295 if [ "$ENABLE_UBOOT" = true ] ; then
302 296 APT_INCLUDES="${APT_INCLUDES},device-tree-compiler"
303 297 fi
304 298
305 299 # Check if root SSH (v2) public key file exists
306 300 if [ ! -z "$SSH_ROOT_PUB_KEY" ] ; then
307 301 if [ ! -f "$SSH_ROOT_PUB_KEY" ] ; then
308 302 echo "error: '$SSH_ROOT_PUB_KEY' specified SSH public key file not found (SSH_ROOT_PUB_KEY)!"
309 303 exit 1
310 304 fi
311 305 fi
312 306
313 307 # Check if $USER_NAME SSH (v2) public key file exists
314 308 if [ ! -z "$SSH_USER_PUB_KEY" ] ; then
315 309 if [ ! -f "$SSH_USER_PUB_KEY" ] ; then
316 310 echo "error: '$SSH_USER_PUB_KEY' specified SSH public key file not found (SSH_USER_PUB_KEY)!"
317 311 exit 1
318 312 fi
319 313 fi
320 314
321 315 # Check if all required packages are installed on the build system
322 316 for package in $REQUIRED_PACKAGES ; do
323 317 if [ "`dpkg-query -W -f='${Status}' $package`" != "install ok installed" ] ; then
324 318 MISSING_PACKAGES="${MISSING_PACKAGES} $package"
325 319 fi
326 320 done
327 321
328 322 # If there are missing packages ask confirmation for install, or exit
329 323 if [ -n "$MISSING_PACKAGES" ] ; then
330 324 echo "the following packages needed by this script are not installed:"
331 325 echo "$MISSING_PACKAGES"
332 326
333 327 echo -n "\ndo you want to install the missing packages right now? [y/n] "
334 328 read confirm
335 329 [ "$confirm" != "y" ] && exit 1
336 330
337 331 # Make sure all missing required packages are installed
338 332 apt-get -qq -y install ${MISSING_PACKAGES}
339 333 fi
340 334
341 335 # Check if ./bootstrap.d directory exists
342 336 if [ ! -d "./bootstrap.d/" ] ; then
343 337 echo "error: './bootstrap.d' required directory not found!"
344 338 exit 1
345 339 fi
346 340
347 341 # Check if ./files directory exists
348 342 if [ ! -d "./files/" ] ; then
349 343 echo "error: './files' required directory not found!"
350 344 exit 1
351 345 fi
352 346
353 347 # Check if specified KERNELSRC_DIR directory exists
354 348 if [ -n "$KERNELSRC_DIR" ] && [ ! -d "$KERNELSRC_DIR" ] ; then
355 349 echo "error: '${KERNELSRC_DIR}' specified directory not found (KERNELSRC_DIR)!"
356 350 exit 1
357 351 fi
358 352
359 353 # Check if specified UBOOTSRC_DIR directory exists
360 354 if [ -n "$UBOOTSRC_DIR" ] && [ ! -d "$UBOOTSRC_DIR" ] ; then
361 355 echo "error: '${UBOOTSRC_DIR}' specified directory not found (UBOOTSRC_DIR)!"
362 356 exit 1
363 357 fi
364 358
365 359 # Check if specified FBTURBOSRC_DIR directory exists
366 360 if [ -n "$FBTURBOSRC_DIR" ] && [ ! -d "$FBTURBOSRC_DIR" ] ; then
367 361 echo "error: '${FBTURBOSRC_DIR}' specified directory not found (FBTURBOSRC_DIR)!"
368 362 exit 1
369 363 fi
370 364
371 365 # Check if specified CHROOT_SCRIPTS directory exists
372 366 if [ -n "$CHROOT_SCRIPTS" ] && [ ! -d "$CHROOT_SCRIPTS" ] ; then
373 367 echo "error: ${CHROOT_SCRIPTS} specified directory not found (CHROOT_SCRIPTS)!"
374 368 exit 1
375 369 fi
376 370
377 371 # Check if specified device mapping already exists (will be used by cryptsetup)
378 372 if [ -r "/dev/mapping/${CRYPTFS_MAPPING}" ] ; then
379 373 echo "error: mapping /dev/mapping/${CRYPTFS_MAPPING} already exists, not proceeding"
380 374 exit 1
381 375 fi
382 376
383 377 # Don't clobber an old build
384 378 if [ -e "$BUILDDIR" ] ; then
385 379 echo "error: directory ${BUILDDIR} already exists, not proceeding"
386 380 exit 1
387 381 fi
388 382
389 383 # Setup chroot directory
390 384 mkdir -p "${R}"
391 385
392 386 # Check if build directory has enough of free disk space >512MB
393 387 if [ "$(df --output=avail ${BUILDDIR} | sed "1d")" -le "524288" ] ; then
394 388 echo "error: ${BUILDDIR} not enough space left to generate the output image!"
395 389 exit 1
396 390 fi
397 391
398 392 set -x
399 393
400 394 # Call "cleanup" function on various signals and errors
401 395 trap cleanup 0 1 2 3 6
402 396
403 397 # Add required packages for the minbase installation
404 398 if [ "$ENABLE_MINBASE" = true ] ; then
405 399 APT_INCLUDES="${APT_INCLUDES},vim-tiny,netbase,net-tools,ifupdown"
406 400 fi
407 401
408 402 # Add required locales packages
409 403 if [ "$DEFLOCAL" != "en_US.UTF-8" ] ; then
410 404 APT_INCLUDES="${APT_INCLUDES},locales,keyboard-configuration,console-setup"
411 405 fi
412 406
413 407 # Add parted package, required to get partprobe utility
414 408 if [ "$EXPANDROOT" = true ] ; then
415 409 APT_INCLUDES="${APT_INCLUDES},parted"
416 410 fi
417 411
418 412 # Add dbus package, recommended if using systemd
419 413 if [ "$ENABLE_DBUS" = true ] ; then
420 414 APT_INCLUDES="${APT_INCLUDES},dbus"
421 415 fi
422 416
423 417 # Add iptables IPv4/IPv6 package
424 418 if [ "$ENABLE_IPTABLES" = true ] ; then
425 419 APT_INCLUDES="${APT_INCLUDES},iptables"
426 420 fi
427 421
428 422 # Add openssh server package
429 423 if [ "$ENABLE_SSHD" = true ] ; then
430 424 APT_INCLUDES="${APT_INCLUDES},openssh-server"
431 425 fi
432 426
433 427 # Add alsa-utils package
434 428 if [ "$ENABLE_SOUND" = true ] ; then
435 429 APT_INCLUDES="${APT_INCLUDES},alsa-utils"
436 430 fi
437 431
438 432 # Add rng-tools package
439 433 if [ "$ENABLE_HWRANDOM" = true ] ; then
440 434 APT_INCLUDES="${APT_INCLUDES},rng-tools"
441 435 fi
442 436
443 437 # Add fbturbo video driver
444 438 if [ "$ENABLE_FBTURBO" = true ] ; then
445 439 # Enable xorg package dependencies
446 440 ENABLE_XORG=true
447 441 fi
448 442
449 443 # Add user defined window manager package
450 444 if [ -n "$ENABLE_WM" ] ; then
451 445 APT_INCLUDES="${APT_INCLUDES},${ENABLE_WM}"
452 446
453 447 # Enable xorg package dependencies
454 448 ENABLE_XORG=true
455 449 fi
456 450
457 451 # Add xorg package
458 452 if [ "$ENABLE_XORG" = true ] ; then
459 453 APT_INCLUDES="${APT_INCLUDES},xorg"
460 454 fi
461 455
462 456 # Replace selected packages with smaller clones
463 457 if [ "$ENABLE_REDUCE" = true ] ; then
464 458 # Add levee package instead of vim-tiny
465 459 if [ "$REDUCE_VIM" = true ] ; then
466 460 APT_INCLUDES="$(echo ${APT_INCLUDES} | sed "s/vim-tiny/levee/")"
467 461 fi
468 462
469 463 # Add dropbear package instead of openssh-server
470 464 if [ "$REDUCE_SSHD" = true ] ; then
471 465 APT_INCLUDES="$(echo ${APT_INCLUDES} | sed "s/openssh-server/dropbear/")"
472 466 fi
473 467 fi
474 468
475 469 # Configure kernel sources if no KERNELSRC_DIR
476 470 if [ "$BUILD_KERNEL" = true ] && [ -z "$KERNELSRC_DIR" ] ; then
477 471 KERNELSRC_CONFIG=true
478 472 fi
479 473
480 474 # Configure reduced kernel
481 475 if [ "$KERNEL_REDUCE" = true ] ; then
482 476 KERNELSRC_CONFIG=false
483 477 fi
484 478
485 479 # Execute bootstrap scripts
486 480 for SCRIPT in bootstrap.d/*.sh; do
487 481 head -n 3 "$SCRIPT"
488 482 . "$SCRIPT"
489 483 done
490 484
491 485 ## Execute custom bootstrap scripts
492 486 if [ -d "custom.d" ] ; then
493 487 for SCRIPT in custom.d/*.sh; do
494 488 . "$SCRIPT"
495 489 done
496 490 fi
497 491
498 492 # Execute custom scripts inside the chroot
499 493 if [ -n "$CHROOT_SCRIPTS" ] && [ -d "$CHROOT_SCRIPTS" ] ; then
500 494 cp -r "${CHROOT_SCRIPTS}" "${R}/chroot_scripts"
501 495 chroot_exec /bin/bash -x <<'EOF'
502 496 for SCRIPT in /chroot_scripts/* ; do
503 497 if [ -f $SCRIPT -a -x $SCRIPT ] ; then
504 498 $SCRIPT
505 499 fi
506 500 done
507 501 EOF
508 502 rm -rf "${R}/chroot_scripts"
509 503 fi
510 504
511 505 # Remove c/c++ build environment from the chroot
512 506 chroot_remove_cc
513 507
514 508 # Remove apt-utils
515 509 if [ "$RELEASE" = "jessie" ] ; then
516 510 chroot_exec apt-get purge -qq -y --force-yes apt-utils
517 511 fi
518 512
519 513 # Generate required machine-id
520 514 MACHINE_ID=$(dbus-uuidgen)
521 515 echo -n "${MACHINE_ID}" > "${R}/var/lib/dbus/machine-id"
522 516 echo -n "${MACHINE_ID}" > "${ETC_DIR}/machine-id"
523 517
524 518 # APT Cleanup
525 519 chroot_exec apt-get -y clean
526 520 chroot_exec apt-get -y autoclean
527 521 chroot_exec apt-get -y autoremove
528 522
529 523 # Unmount mounted filesystems
530 524 umount -l "${R}/proc"
531 525 umount -l "${R}/sys"
532 526
533 527 # Clean up directories
534 528 rm -rf "${R}/run/*"
535 529 rm -rf "${R}/tmp/*"
536 530
537 531 # Clean up files
538 532 rm -f "${ETC_DIR}/ssh/ssh_host_*"
539 533 rm -f "${ETC_DIR}/dropbear/dropbear_*"
540 534 rm -f "${ETC_DIR}/apt/sources.list.save"
541 535 rm -f "${ETC_DIR}/resolvconf/resolv.conf.d/original"
542 536 rm -f "${ETC_DIR}/*-"
543 537 rm -f "${ETC_DIR}/apt/apt.conf.d/10proxy"
544 538 rm -f "${ETC_DIR}/resolv.conf"
545 539 rm -f "${R}/root/.bash_history"
546 540 rm -f "${R}/var/lib/urandom/random-seed"
547 541 rm -f "${R}/initrd.img"
548 542 rm -f "${R}/vmlinuz"
549 543 rm -f "${R}${QEMU_BINARY}"
550 544
551 545 # Calculate size of the chroot directory in KB
552 546 CHROOT_SIZE=$(expr `du -s "${R}" | awk '{ print $1 }'`)
553 547
554 548 # Calculate the amount of needed 512 Byte sectors
555 549 TABLE_SECTORS=$(expr 1 \* 1024 \* 1024 \/ 512)
556 550 FRMW_SECTORS=$(expr 64 \* 1024 \* 1024 \/ 512)
557 551 ROOT_OFFSET=$(expr ${TABLE_SECTORS} + ${FRMW_SECTORS})
558 552
559 553 # The root partition is EXT4
560 554 # This means more space than the actual used space of the chroot is used.
561 555 # As overhead for journaling and reserved blocks 25% are added.
562 556 ROOT_SECTORS=$(expr $(expr ${CHROOT_SIZE} + ${CHROOT_SIZE} \/ 100 \* 25) \* 1024 \/ 512)
563 557
564 558 # Calculate required image size in 512 Byte sectors
565 559 IMAGE_SECTORS=$(expr ${TABLE_SECTORS} + ${FRMW_SECTORS} + ${ROOT_SECTORS})
566 560
567 561 # Prepare image file
568 562 if [ "$ENABLE_SPLITFS" = true ] ; then
569 563 dd if=/dev/zero of="$IMAGE_NAME-frmw.img" bs=512 count=${TABLE_SECTORS}
570 564 dd if=/dev/zero of="$IMAGE_NAME-frmw.img" bs=512 count=0 seek=${FRMW_SECTORS}
571 565 dd if=/dev/zero of="$IMAGE_NAME-root.img" bs=512 count=${TABLE_SECTORS}
572 566 dd if=/dev/zero of="$IMAGE_NAME-root.img" bs=512 count=0 seek=${ROOT_SECTORS}
573 567
574 568 # Write firmware/boot partition tables
575 569 sfdisk -q -L -uS -f "$IMAGE_NAME-frmw.img" 2> /dev/null <<EOM
576 570 ${TABLE_SECTORS},${FRMW_SECTORS},c,*
577 571 EOM
578 572
579 573 # Write root partition table
580 574 sfdisk -q -L -uS -f "$IMAGE_NAME-root.img" 2> /dev/null <<EOM
581 575 ${TABLE_SECTORS},${ROOT_SECTORS},83
582 576 EOM
583 577
584 578 # Setup temporary loop devices
585 579 FRMW_LOOP="$(losetup -o 1M --sizelimit 64M -f --show $IMAGE_NAME-frmw.img)"
586 580 ROOT_LOOP="$(losetup -o 1M -f --show $IMAGE_NAME-root.img)"
587 581 else # ENABLE_SPLITFS=false
588 582 dd if=/dev/zero of="$IMAGE_NAME.img" bs=512 count=${TABLE_SECTORS}
589 583 dd if=/dev/zero of="$IMAGE_NAME.img" bs=512 count=0 seek=${IMAGE_SECTORS}
590 584
591 585 # Write partition table
592 586 sfdisk -q -L -uS -f "$IMAGE_NAME.img" 2> /dev/null <<EOM
593 587 ${TABLE_SECTORS},${FRMW_SECTORS},c,*
594 588 ${ROOT_OFFSET},${ROOT_SECTORS},83
595 589 EOM
596 590
597 591 # Setup temporary loop devices
598 592 FRMW_LOOP="$(losetup -o 1M --sizelimit 64M -f --show $IMAGE_NAME.img)"
599 593 ROOT_LOOP="$(losetup -o 65M -f --show $IMAGE_NAME.img)"
600 594 fi
601 595
602 596 if [ "$ENABLE_CRYPTFS" = true ] ; then
603 597 # Create dummy ext4 fs
604 598 mkfs.ext4 "$ROOT_LOOP"
605 599
606 600 # Setup password keyfile
607 601 touch .password
608 602 chmod 600 .password
609 603 echo -n ${CRYPTFS_PASSWORD} > .password
610 604
611 605 # Initialize encrypted partition
612 606 echo "YES" | cryptsetup luksFormat "${ROOT_LOOP}" -c "${CRYPTFS_CIPHER}" -s "${CRYPTFS_XTSKEYSIZE}" .password
613 607
614 608 # Open encrypted partition and setup mapping
615 609 cryptsetup luksOpen "${ROOT_LOOP}" -d .password "${CRYPTFS_MAPPING}"
616 610
617 611 # Secure delete password keyfile
618 612 shred -zu .password
619 613
620 614 # Update temporary loop device
621 615 ROOT_LOOP="/dev/mapper/${CRYPTFS_MAPPING}"
622 616
623 617 # Wipe encrypted partition (encryption cipher is used for randomness)
624 618 dd if=/dev/zero of="${ROOT_LOOP}" bs=512 count=$(blockdev --getsz "${ROOT_LOOP}")
625 619 fi
626 620
627 621 # Build filesystems
628 622 mkfs.vfat "$FRMW_LOOP"
629 623 mkfs.ext4 "$ROOT_LOOP"
630 624
631 625 # Mount the temporary loop devices
632 626 mkdir -p "$BUILDDIR/mount"
633 627 mount "$ROOT_LOOP" "$BUILDDIR/mount"
634 628
635 629 mkdir -p "$BUILDDIR/mount/boot/firmware"
636 630 mount "$FRMW_LOOP" "$BUILDDIR/mount/boot/firmware"
637 631
638 632 # Copy all files from the chroot to the loop device mount point directory
639 633 rsync -a "${R}/" "$BUILDDIR/mount/"
640 634
641 635 # Unmount all temporary loop devices and mount points
642 636 cleanup
643 637
644 638 # Create block map file(s) of image(s)
645 639 if [ "$ENABLE_SPLITFS" = true ] ; then
646 640 # Create block map files for "bmaptool"
647 641 bmaptool create -o "$IMAGE_NAME-frmw.bmap" "$IMAGE_NAME-frmw.img"
648 642 bmaptool create -o "$IMAGE_NAME-root.bmap" "$IMAGE_NAME-root.img"
649 643
650 644 # Image was successfully created
651 645 echo "$IMAGE_NAME-frmw.img ($(expr \( ${TABLE_SECTORS} + ${FRMW_SECTORS} \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
652 646 echo "$IMAGE_NAME-root.img ($(expr \( ${TABLE_SECTORS} + ${ROOT_SECTORS} \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
653 647 else
654 648 # Create block map file for "bmaptool"
655 649 bmaptool create -o "$IMAGE_NAME.bmap" "$IMAGE_NAME.img"
656 650
657 651 # Image was successfully created
658 652 echo "$IMAGE_NAME.img ($(expr \( ${TABLE_SECTORS} + ${FRMW_SECTORS} + ${ROOT_SECTORS} \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
659 653 fi
General Comments 0
Vous devez vous connecter pour laisser un commentaire. Se connecter maintenant