##// END OF EJS Templates
merge avec master
vidal -
r219:d1ce055920e0
parent child
Show More
@@ -0,0 +1,4
1 # Configuration template file used by rpi23-gen-image.sh
2 RPI_MODEL=2
3 RELEASE=buster
4 BUILD_KERNEL=true
@@ -0,0 +1,4
1 # Configuration template file used by rpi23-gen-image.sh
2 RPI_MODEL=3
3 RELEASE=buster
4 BUILD_KERNEL=true
@@ -1,452 +1,454
1 # rpi23-gen-image
1 # rpi23-gen-image
2 ## Introduction
2 ## Introduction
3 `rpi23-gen-image.sh` is an advanced Debian Linux bootstrapping shell script for generating Debian OS images for Raspberry Pi 2 (RPi2) and Raspberry Pi 3 (RPi3) computers. The script at this time supports the bootstrapping of the Debian (armhf) releases `jessie` and `stretch`. This fork enables also `buster` release. Raspberry Pi 3 images are generated for 32-bit mode only. Raspberry Pi 3 64-bit images can be generated using custom configuration parameters (```templates/rpi3-stretch-arm64-4.11.y raspife3-buster-arm64```).
3
4 `rpi23-gen-image.sh` is an advanced Debian Linux bootstrapping shell script for generating Debian OS images for Raspberry Pi 2 (RPi2) and Raspberry Pi 3 (RPi3) computers. The script at this time supports the bootstrapping of the Debian (armhf) releases `jessie`, `stretch` and `buster`. Raspberry Pi 3 images are generated for 32-bit mode only. Raspberry Pi 3 64-bit images can be generated using custom configuration parameters (```templates/rpi3-stretch-arm64-4.11.y```).
5
4
6
5 ## Build dependencies
7 ## Build dependencies
6 The following list of Debian packages must be installed on the build system because they are essentially required for the bootstrapping process. The script will check if all required packages are installed and missing packages will be installed automatically if confirmed by the user.
8 The following list of Debian packages must be installed on the build system because they are essentially required for the bootstrapping process. The script will check if all required packages are installed and missing packages will be installed automatically if confirmed by the user.
7
9
8 ```debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git bc psmisc dbus sudo```
10 ```debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git bc psmisc dbus sudo```
9
11
10 It is recommended to configure the `rpi23-gen-image.sh` script to build and install the latest Raspberry Pi Linux kernel. For the RPi3 this is mandatory. Kernel compilation and linking will be performed on the build system using an ARM (armhf) cross-compiler toolchain.
12 It is recommended to configure the `rpi23-gen-image.sh` script to build and install the latest Raspberry Pi Linux kernel. For the RPi3 this is mandatory. Kernel compilation and linking will be performed on the build system using an ARM (armhf) cross-compiler toolchain.
11
13
12 The script has been tested using the default `crossbuild-essential-armhf` toolchain meta package on Debian Linux `jessie` and `stretch` build systems. Please check the [Debian CrossToolchains Wiki](https://wiki.debian.org/CrossToolchains) for further information.
14 The script has been tested using the default `crossbuild-essential-armhf` toolchain meta package on Debian Linux `jessie` and `stretch` build systems. Please check the [Debian CrossToolchains Wiki](https://wiki.debian.org/CrossToolchains) for further information.
13
15
14 If a Debian Linux `jessie` build system is used it will be required to add the [Debian Cross-toolchains repository](http://emdebian.org/tools/debian/) first:
16 If a Debian Linux `jessie` build system is used it will be required to add the [Debian Cross-toolchains repository](http://emdebian.org/tools/debian/) first:
15
17
16 ```
18 ```
17 echo "deb http://emdebian.org/tools/debian/ jessie main" > /etc/apt/sources.list.d/crosstools.list
19 echo "deb http://emdebian.org/tools/debian/ jessie main" > /etc/apt/sources.list.d/crosstools.list
18 sudo -u nobody wget -O - http://emdebian.org/tools/debian/emdebian-toolchain-archive.key | apt-key add -
20 sudo -u nobody wget -O - http://emdebian.org/tools/debian/emdebian-toolchain-archive.key | apt-key add -
19 dpkg --add-architecture armhf
21 dpkg --add-architecture armhf
20 apt-get update
22 apt-get update
21 ```
23 ```
22
24
23 ## Command-line parameters
25 ## Command-line parameters
24 The script accepts certain command-line parameters to enable or disable specific OS features, services and configuration settings. These parameters are passed to the `rpi23-gen-image.sh` script via (simple) shell-variables. Unlike environment shell-variables (simple) shell-variables are defined at the beginning of the command-line call of the `rpi23-gen-image.sh` script.
26 The script accepts certain command-line parameters to enable or disable specific OS features, services and configuration settings. These parameters are passed to the `rpi23-gen-image.sh` script via (simple) shell-variables. Unlike environment shell-variables (simple) shell-variables are defined at the beginning of the command-line call of the `rpi23-gen-image.sh` script.
25
27
26 ##### Command-line examples:
28 ##### Command-line examples:
27 ```shell
29 ```shell
28 ENABLE_UBOOT=true ./rpi23-gen-image.sh
30 ENABLE_UBOOT=true ./rpi23-gen-image.sh
29 ENABLE_CONSOLE=false ENABLE_IPV6=false ./rpi23-gen-image.sh
31 ENABLE_CONSOLE=false ENABLE_IPV6=false ./rpi23-gen-image.sh
30 ENABLE_WM=xfce4 ENABLE_FBTURBO=true ENABLE_MINBASE=true ./rpi23-gen-image.sh
32 ENABLE_WM=xfce4 ENABLE_FBTURBO=true ENABLE_MINBASE=true ./rpi23-gen-image.sh
31 ENABLE_HARDNET=true ENABLE_IPTABLES=true /rpi23-gen-image.sh
33 ENABLE_HARDNET=true ENABLE_IPTABLES=true /rpi23-gen-image.sh
32 APT_SERVER=ftp.de.debian.org APT_PROXY="http://127.0.0.1:3142/" ./rpi23-gen-image.sh
34 APT_SERVER=ftp.de.debian.org APT_PROXY="http://127.0.0.1:3142/" ./rpi23-gen-image.sh
33 ENABLE_MINBASE=true ./rpi23-gen-image.sh
35 ENABLE_MINBASE=true ./rpi23-gen-image.sh
34 BUILD_KERNEL=true ENABLE_MINBASE=true ENABLE_IPV6=false ./rpi23-gen-image.sh
36 BUILD_KERNEL=true ENABLE_MINBASE=true ENABLE_IPV6=false ./rpi23-gen-image.sh
35 BUILD_KERNEL=true KERNELSRC_DIR=/tmp/linux ./rpi23-gen-image.sh
37 BUILD_KERNEL=true KERNELSRC_DIR=/tmp/linux ./rpi23-gen-image.sh
36 ENABLE_MINBASE=true ENABLE_REDUCE=true ENABLE_MINGPU=true BUILD_KERNEL=true ./rpi23-gen-image.sh
38 ENABLE_MINBASE=true ENABLE_REDUCE=true ENABLE_MINGPU=true BUILD_KERNEL=true ./rpi23-gen-image.sh
37 ENABLE_CRYPTFS=true CRYPTFS_PASSWORD=changeme EXPANDROOT=false ENABLE_MINBASE=true ENABLE_REDUCE=true ENABLE_MINGPU=true BUILD_KERNEL=true ./rpi23-gen-image.sh
39 ENABLE_CRYPTFS=true CRYPTFS_PASSWORD=changeme EXPANDROOT=false ENABLE_MINBASE=true ENABLE_REDUCE=true ENABLE_MINGPU=true BUILD_KERNEL=true ./rpi23-gen-image.sh
38 RELEASE=stretch BUILD_KERNEL=true ./rpi23-gen-image.sh
40 RELEASE=stretch BUILD_KERNEL=true ./rpi23-gen-image.sh
39 RPI_MODEL=3 ENABLE_WIRELESS=true ENABLE_MINBASE=true BUILD_KERNEL=true ./rpi23-gen-image.sh
41 RPI_MODEL=3 ENABLE_WIRELESS=true ENABLE_MINBASE=true BUILD_KERNEL=true ./rpi23-gen-image.sh
40 RELEASE=stretch RPI_MODEL=3 ENABLE_WIRELESS=true ENABLE_MINBASE=true BUILD_KERNEL=true ./rpi23-gen-image.sh
42 RELEASE=stretch RPI_MODEL=3 ENABLE_WIRELESS=true ENABLE_MINBASE=true BUILD_KERNEL=true ./rpi23-gen-image.sh
41 ```
43 ```
42
44
43 ## Configuration template files
45 ## Configuration template files
44 To avoid long lists of command-line parameters and to help to store the favourite parameter configurations the `rpi23-gen-image.sh` script supports so called configuration template files (`CONFIG_TEMPLATE`=template). These are simple text files located in the `./templates` directory that contain the list of configuration parameters that will be used. New configuration template files can be added to the `./templates` directory.
46 To avoid long lists of command-line parameters and to help to store the favourite parameter configurations the `rpi23-gen-image.sh` script supports so called configuration template files (`CONFIG_TEMPLATE`=template). These are simple text files located in the `./templates` directory that contain the list of configuration parameters that will be used. New configuration template files can be added to the `./templates` directory.
45
47
46 ##### Command-line examples:
48 ##### Command-line examples:
47 ```shell
49 ```shell
48 CONFIG_TEMPLATE=rpi3stretch ./rpi23-gen-image.sh
50 CONFIG_TEMPLATE=rpi3stretch ./rpi23-gen-image.sh
49 CONFIG_TEMPLATE=rpi2stretch ./rpi23-gen-image.sh
51 CONFIG_TEMPLATE=rpi2stretch ./rpi23-gen-image.sh
50 ```
52 ```
51
53
52 ## Supported parameters and settings
54 ## Supported parameters and settings
53 #### APT settings:
55 #### APT settings:
54 ##### `APT_SERVER`="ftp.debian.org"
56 ##### `APT_SERVER`="ftp.debian.org"
55 Set Debian packages server address. Choose a server from the list of Debian worldwide [mirror sites](https://www.debian.org/mirror/list). Using a nearby server will probably speed-up all required downloads within the bootstrapping process.
57 Set Debian packages server address. Choose a server from the list of Debian worldwide [mirror sites](https://www.debian.org/mirror/list). Using a nearby server will probably speed-up all required downloads within the bootstrapping process.
56
58
57 ##### `APT_PROXY`=""
59 ##### `APT_PROXY`=""
58 Set Proxy server address. Using a local Proxy-Cache like `apt-cacher-ng` will speed-up the bootstrapping process because all required Debian packages will only be downloaded from the Debian mirror site once.
60 Set Proxy server address. Using a local Proxy-Cache like `apt-cacher-ng` will speed-up the bootstrapping process because all required Debian packages will only be downloaded from the Debian mirror site once.
59
61
60 ##### `APT_INCLUDES`=""
62 ##### `APT_INCLUDES`=""
61 A comma separated list of additional packages to be installed by debootstrap during bootstrapping.
63 A comma separated list of additional packages to be installed by debootstrap during bootstrapping.
62
64
63 ##### `APT_INCLUDES_LATE`=""
65 ##### `APT_INCLUDES_LATE`=""
64 A comma separated list of additional packages to be installed by apt after bootstrapping and after APT sources are set up. This is useful for packages with pre-depends, which debootstrap do not handle well.
66 A comma separated list of additional packages to be installed by apt after bootstrapping and after APT sources are set up. This is useful for packages with pre-depends, which debootstrap do not handle well.
65
67
66 ---
68 ---
67
69
68 #### General system settings:
70 #### General system settings:
69 ##### `RPI_MODEL`=2
71 ##### `RPI_MODEL`=2
70 Specifiy the target Raspberry Pi hardware model. The script at this time supports the Raspberry Pi models `2` and `3`. `BUILD_KERNEL`=true will automatically be set if the Raspberry Pi model `3` is used.
72 Specifiy the target Raspberry Pi hardware model. The script at this time supports the Raspberry Pi models `2` and `3`. `BUILD_KERNEL`=true will automatically be set if the Raspberry Pi model `3` is used.
71
73
72 ##### `RELEASE`="jessie"
74 ##### `RELEASE`="jessie"
73 Set the desired Debian release name. The script at this time supports the bootstrapping of the Debian releases "jessie" and "stretch". `BUILD_KERNEL`=true will automatically be set if the Debian release `stretch` is used.
75 Set the desired Debian release name. The script at this time supports the bootstrapping of the Debian releases "jessie", "stretch" and "buster". `BUILD_KERNEL`=true will automatically be set if the Debian releases `stretch` or `buster` are used.
74
76
75 ##### `RELEASE_ARCH`="armhf"
77 ##### `RELEASE_ARCH`="armhf"
76 Set the desired Debian release architecture.
78 Set the desired Debian release architecture.
77
79
78 ##### `HOSTNAME`="rpi$RPI_MODEL-$RELEASE"
80 ##### `HOSTNAME`="rpi$RPI_MODEL-$RELEASE"
79 Set system host name. It's recommended that the host name is unique in the corresponding subnet.
81 Set system host name. It's recommended that the host name is unique in the corresponding subnet.
80
82
81 ##### `PASSWORD`="raspberry"
83 ##### `PASSWORD`="raspberry"
82 Set system `root` password. It's **STRONGLY** recommended that you choose a custom password.
84 Set system `root` password. It's **STRONGLY** recommended that you choose a custom password.
83
85
84 ##### `USER_PASSWORD`="raspberry"
86 ##### `USER_PASSWORD`="raspberry"
85 Set password for the created non-root user `USER_NAME`=pi. Ignored if `ENABLE_USER`=false. It's **STRONGLY** recommended that you choose a custom password.
87 Set password for the created non-root user `USER_NAME`=pi. Ignored if `ENABLE_USER`=false. It's **STRONGLY** recommended that you choose a custom password.
86
88
87 ##### `DEFLOCAL`="en_US.UTF-8"
89 ##### `DEFLOCAL`="en_US.UTF-8"
88 Set default system locale. This setting can also be changed inside the running OS using the `dpkg-reconfigure locales` command. Please note that on using this parameter the script will automatically install the required packages `locales`, `keyboard-configuration` and `console-setup`.
90 Set default system locale. This setting can also be changed inside the running OS using the `dpkg-reconfigure locales` command. Please note that on using this parameter the script will automatically install the required packages `locales`, `keyboard-configuration` and `console-setup`.
89
91
90 ##### `TIMEZONE`="Europe/Berlin"
92 ##### `TIMEZONE`="Europe/Berlin"
91 Set default system timezone. All available timezones can be found in the `/usr/share/zoneinfo/` directory. This setting can also be changed inside the running OS using the `dpkg-reconfigure tzdata` command.
93 Set default system timezone. All available timezones can be found in the `/usr/share/zoneinfo/` directory. This setting can also be changed inside the running OS using the `dpkg-reconfigure tzdata` command.
92
94
93 ##### `EXPANDROOT`=true
95 ##### `EXPANDROOT`=true
94 Expand the root partition and filesystem automatically on first boot.
96 Expand the root partition and filesystem automatically on first boot.
95
97
96 ---
98 ---
97
99
98 #### Keyboard settings:
100 #### Keyboard settings:
99 These options are used to configure keyboard layout in `/etc/default/keyboard` for console and Xorg. These settings can also be changed inside the running OS using the `dpkg-reconfigure keyboard-configuration` command.
101 These options are used to configure keyboard layout in `/etc/default/keyboard` for console and Xorg. These settings can also be changed inside the running OS using the `dpkg-reconfigure keyboard-configuration` command.
100
102
101 ##### `XKB_MODEL`=""
103 ##### `XKB_MODEL`=""
102 Set the name of the model of your keyboard type.
104 Set the name of the model of your keyboard type.
103
105
104 ##### `XKB_LAYOUT`=""
106 ##### `XKB_LAYOUT`=""
105 Set the supported keyboard layout(s).
107 Set the supported keyboard layout(s).
106
108
107 ##### `XKB_VARIANT`=""
109 ##### `XKB_VARIANT`=""
108 Set the supported variant(s) of the keyboard layout(s).
110 Set the supported variant(s) of the keyboard layout(s).
109
111
110 ##### `XKB_OPTIONS`=""
112 ##### `XKB_OPTIONS`=""
111 Set extra xkb configuration options.
113 Set extra xkb configuration options.
112
114
113 ---
115 ---
114
116
115 #### Networking settings (DHCP):
117 #### Networking settings (DHCP):
116 This parameter is used to set up networking auto configuration in `/etc/systemd/network/eth.network`. The default location of network configuration files in the Debian `stretch` release was changed to `/lib/systemd/network`.`
118 This parameter is used to set up networking auto configuration in `/etc/systemd/network/eth.network`. The default location of network configuration files in the Debian `stretch` release was changed to `/lib/systemd/network`.`
117
119
118 ##### `ENABLE_DHCP`=true
120 ##### `ENABLE_DHCP`=true
119 Set the system to use DHCP. This requires an DHCP server.
121 Set the system to use DHCP. This requires an DHCP server.
120
122
121 ---
123 ---
122
124
123 #### Networking settings (static):
125 #### Networking settings (static):
124 These parameters are used to set up a static networking configuration in `/etc/systemd/network/eth.network`. The following static networking parameters are only supported if `ENABLE_DHCP` was set to `false`. The default location of network configuration files in the Debian `stretch` release was changed to `/lib/systemd/network`.
126 These parameters are used to set up a static networking configuration in `/etc/systemd/network/eth.network`. The following static networking parameters are only supported if `ENABLE_DHCP` was set to `false`. The default location of network configuration files in the Debian `stretch` release was changed to `/lib/systemd/network`.
125
127
126 ##### `NET_ADDRESS`=""
128 ##### `NET_ADDRESS`=""
127 Set a static IPv4 or IPv6 address and its prefix, separated by "/", eg. "192.169.0.3/24".
129 Set a static IPv4 or IPv6 address and its prefix, separated by "/", eg. "192.169.0.3/24".
128
130
129 ##### `NET_GATEWAY`=""
131 ##### `NET_GATEWAY`=""
130 Set the IP address for the default gateway.
132 Set the IP address for the default gateway.
131
133
132 ##### `NET_DNS_1`=""
134 ##### `NET_DNS_1`=""
133 Set the IP address for the first DNS server.
135 Set the IP address for the first DNS server.
134
136
135 ##### `NET_DNS_2`=""
137 ##### `NET_DNS_2`=""
136 Set the IP address for the second DNS server.
138 Set the IP address for the second DNS server.
137
139
138 ##### `NET_DNS_DOMAINS`=""
140 ##### `NET_DNS_DOMAINS`=""
139 Set the default DNS search domains to use for non fully qualified host names.
141 Set the default DNS search domains to use for non fully qualified host names.
140
142
141 ##### `NET_NTP_1`=""
143 ##### `NET_NTP_1`=""
142 Set the IP address for the first NTP server.
144 Set the IP address for the first NTP server.
143
145
144 ##### `NET_NTP_2`=""
146 ##### `NET_NTP_2`=""
145 Set the IP address for the second NTP server.
147 Set the IP address for the second NTP server.
146
148
147 ---
149 ---
148
150
149 #### Basic system features:
151 #### Basic system features:
150 ##### `ENABLE_CONSOLE`=true
152 ##### `ENABLE_CONSOLE`=true
151 Enable serial console interface. Recommended if no monitor or keyboard is connected to the RPi2/3. In case of problems fe. if the network (auto) configuration failed - the serial console can be used to access the system.
153 Enable serial console interface. Recommended if no monitor or keyboard is connected to the RPi2/3. In case of problems fe. if the network (auto) configuration failed - the serial console can be used to access the system.
152
154
153 ##### `ENABLE_I2C`=false
155 ##### `ENABLE_I2C`=false
154 Enable I2C interface on the RPi2/3. Please check the [RPi2/3 pinout diagrams](http://elinux.org/RPi_Low-level_peripherals) to connect the right GPIO pins.
156 Enable I2C interface on the RPi2/3. Please check the [RPi2/3 pinout diagrams](http://elinux.org/RPi_Low-level_peripherals) to connect the right GPIO pins.
155
157
156 ##### `ENABLE_SPI`=false
158 ##### `ENABLE_SPI`=false
157 Enable SPI interface on the RPi2/3. Please check the [RPi2/3 pinout diagrams](http://elinux.org/RPi_Low-level_peripherals) to connect the right GPIO pins.
159 Enable SPI interface on the RPi2/3. Please check the [RPi2/3 pinout diagrams](http://elinux.org/RPi_Low-level_peripherals) to connect the right GPIO pins.
158
160
159 ##### `ENABLE_IPV6`=true
161 ##### `ENABLE_IPV6`=true
160 Enable IPv6 support. The network interface configuration is managed via systemd-networkd.
162 Enable IPv6 support. The network interface configuration is managed via systemd-networkd.
161
163
162 ##### `ENABLE_SSHD`=true
164 ##### `ENABLE_SSHD`=true
163 Install and enable OpenSSH service. The default configuration of the service doesn't allow `root` to login. Please use the user `pi` instead and `su -` or `sudo` to execute commands as root.
165 Install and enable OpenSSH service. The default configuration of the service doesn't allow `root` to login. Please use the user `pi` instead and `su -` or `sudo` to execute commands as root.
164
166
165 ##### `ENABLE_NONFREE`=false
167 ##### `ENABLE_NONFREE`=false
166 Allow the installation of non-free Debian packages that do not comply with the DFSG. This is required to install closed-source firmware binary blobs.
168 Allow the installation of non-free Debian packages that do not comply with the DFSG. This is required to install closed-source firmware binary blobs.
167
169
168 ##### `ENABLE_WIRELESS`=false
170 ##### `ENABLE_WIRELESS`=false
169 Download and install the [closed-source firmware binary blob](https://github.com/RPi-Distro/firmware-nonfree/tree/master/brcm80211/brcm) that is required to run the internal wireless interface of the Raspberry Pi model `3`. This parameter is ignored if the specified `RPI_MODEL` is not `3`.
171 Download and install the [closed-source firmware binary blob](https://github.com/RPi-Distro/firmware-nonfree/tree/master/brcm80211/brcm) that is required to run the internal wireless interface of the Raspberry Pi model `3`. This parameter is ignored if the specified `RPI_MODEL` is not `3`.
170
172
171 ##### `ENABLE_RSYSLOG`=true
173 ##### `ENABLE_RSYSLOG`=true
172 If set to false, disable and uninstall rsyslog (so logs will be available only
174 If set to false, disable and uninstall rsyslog (so logs will be available only
173 in journal files)
175 in journal files)
174
176
175 ##### `ENABLE_SOUND`=true
177 ##### `ENABLE_SOUND`=true
176 Enable sound hardware and install Advanced Linux Sound Architecture.
178 Enable sound hardware and install Advanced Linux Sound Architecture.
177
179
178 ##### `ENABLE_HWRANDOM`=true
180 ##### `ENABLE_HWRANDOM`=true
179 Enable Hardware Random Number Generator. Strong random numbers are important for most network based communications that use encryption. It's recommended to be enabled.
181 Enable Hardware Random Number Generator. Strong random numbers are important for most network based communications that use encryption. It's recommended to be enabled.
180
182
181 ##### `ENABLE_MINGPU`=false
183 ##### `ENABLE_MINGPU`=false
182 Minimize the amount of shared memory reserved for the GPU. It doesn't seem to be possible to fully disable the GPU.
184 Minimize the amount of shared memory reserved for the GPU. It doesn't seem to be possible to fully disable the GPU.
183
185
184 ##### `ENABLE_DBUS`=true
186 ##### `ENABLE_DBUS`=true
185 Install and enable D-Bus message bus. Please note that systemd should work without D-bus but it's recommended to be enabled.
187 Install and enable D-Bus message bus. Please note that systemd should work without D-bus but it's recommended to be enabled.
186
188
187 ##### `ENABLE_XORG`=false
189 ##### `ENABLE_XORG`=false
188 Install Xorg open-source X Window System.
190 Install Xorg open-source X Window System.
189
191
190 ##### `ENABLE_WM`=""
192 ##### `ENABLE_WM`=""
191 Install a user defined window manager for the X Window System. To make sure all X related package dependencies are getting installed `ENABLE_XORG` will automatically get enabled if `ENABLE_WM` is used. The `rpi23-gen-image.sh` script has been tested with the following list of window managers: `blackbox`, `openbox`, `fluxbox`, `jwm`, `dwm`, `xfce4`, `awesome`.
193 Install a user defined window manager for the X Window System. To make sure all X related package dependencies are getting installed `ENABLE_XORG` will automatically get enabled if `ENABLE_WM` is used. The `rpi23-gen-image.sh` script has been tested with the following list of window managers: `blackbox`, `openbox`, `fluxbox`, `jwm`, `dwm`, `xfce4`, `awesome`.
192
194
193 ---
195 ---
194
196
195 #### Advanced system features:
197 #### Advanced system features:
196 ##### `ENABLE_MINBASE`=false
198 ##### `ENABLE_MINBASE`=false
197 Use debootstrap script variant `minbase` which only includes essential packages and apt. This will reduce the disk usage by about 65 MB.
199 Use debootstrap script variant `minbase` which only includes essential packages and apt. This will reduce the disk usage by about 65 MB.
198
200
199 ##### `ENABLE_REDUCE`=false
201 ##### `ENABLE_REDUCE`=false
200 Reduce the disk space usage by deleting packages and files. See `REDUCE_*` parameters for detailed information.
202 Reduce the disk space usage by deleting packages and files. See `REDUCE_*` parameters for detailed information.
201
203
202 ##### `ENABLE_UBOOT`=false
204 ##### `ENABLE_UBOOT`=false
203 Replace the default RPi2/3 second stage bootloader (bootcode.bin) with [U-Boot bootloader](http://git.denx.de/?p=u-boot.git;a=summary). U-Boot can boot images via the network using the BOOTP/TFTP protocol.
205 Replace the default RPi2/3 second stage bootloader (bootcode.bin) with [U-Boot bootloader](http://git.denx.de/?p=u-boot.git;a=summary). U-Boot can boot images via the network using the BOOTP/TFTP protocol.
204
206
205 ##### `UBOOTSRC_DIR`=""
207 ##### `UBOOTSRC_DIR`=""
206 Path to a directory (`u-boot`) of [U-Boot bootloader sources](http://git.denx.de/?p=u-boot.git;a=summary) that will be copied, configured, build and installed inside the chroot.
208 Path to a directory (`u-boot`) of [U-Boot bootloader sources](http://git.denx.de/?p=u-boot.git;a=summary) that will be copied, configured, build and installed inside the chroot.
207
209
208 ##### `ENABLE_FBTURBO`=false
210 ##### `ENABLE_FBTURBO`=false
209 Install and enable the [hardware accelerated Xorg video driver](https://github.com/ssvb/xf86-video-fbturbo) `fbturbo`. Please note that this driver is currently limited to hardware accelerated window moving and scrolling.
211 Install and enable the [hardware accelerated Xorg video driver](https://github.com/ssvb/xf86-video-fbturbo) `fbturbo`. Please note that this driver is currently limited to hardware accelerated window moving and scrolling.
210
212
211 ##### `FBTURBOSRC_DIR`=""
213 ##### `FBTURBOSRC_DIR`=""
212 Path to a directory (`xf86-video-fbturbo`) of [hardware accelerated Xorg video driver sources](https://github.com/ssvb/xf86-video-fbturbo) that will be copied, configured, build and installed inside the chroot.
214 Path to a directory (`xf86-video-fbturbo`) of [hardware accelerated Xorg video driver sources](https://github.com/ssvb/xf86-video-fbturbo) that will be copied, configured, build and installed inside the chroot.
213
215
214 ##### `ENABLE_IPTABLES`=false
216 ##### `ENABLE_IPTABLES`=false
215 Enable iptables IPv4/IPv6 firewall. Simplified ruleset: Allow all outgoing connections. Block all incoming connections except to OpenSSH service.
217 Enable iptables IPv4/IPv6 firewall. Simplified ruleset: Allow all outgoing connections. Block all incoming connections except to OpenSSH service.
216
218
217 ##### `ENABLE_USER`=true
219 ##### `ENABLE_USER`=true
218 Create non-root user with password `USER_PASSWORD`=raspberry. Unless overridden with `USER_NAME`=user, username will be `pi`.
220 Create non-root user with password `USER_PASSWORD`=raspberry. Unless overridden with `USER_NAME`=user, username will be `pi`.
219
221
220 ##### `USER_NAME`=pi
222 ##### `USER_NAME`=pi
221 Non-root user to create. Ignored if `ENABLE_USER`=false
223 Non-root user to create. Ignored if `ENABLE_USER`=false
222
224
223 ##### `ENABLE_ROOT`=false
225 ##### `ENABLE_ROOT`=false
224 Set root user password so root login will be enabled
226 Set root user password so root login will be enabled
225
227
226 ##### `ENABLE_HARDNET`=false
228 ##### `ENABLE_HARDNET`=false
227 Enable IPv4/IPv6 network stack hardening settings.
229 Enable IPv4/IPv6 network stack hardening settings.
228
230
229 ##### `ENABLE_SPLITFS`=false
231 ##### `ENABLE_SPLITFS`=false
230 Enable having root partition on an USB drive by creating two image files: one for the `/boot/firmware` mount point, and another for `/`.
232 Enable having root partition on an USB drive by creating two image files: one for the `/boot/firmware` mount point, and another for `/`.
231
233
232 ##### `CHROOT_SCRIPTS`=""
234 ##### `CHROOT_SCRIPTS`=""
233 Path to a directory with scripts that should be run in the chroot before the image is finally built. Every executable file in this directory is run in lexicographical order.
235 Path to a directory with scripts that should be run in the chroot before the image is finally built. Every executable file in this directory is run in lexicographical order.
234
236
235 ##### `ENABLE_INITRAMFS`=false
237 ##### `ENABLE_INITRAMFS`=false
236 Create an initramfs that that will be loaded during the Linux startup process. `ENABLE_INITRAMFS` will automatically get enabled if `ENABLE_CRYPTFS`=true. This parameter will be ignored if `BUILD_KERNEL`=false.
238 Create an initramfs that that will be loaded during the Linux startup process. `ENABLE_INITRAMFS` will automatically get enabled if `ENABLE_CRYPTFS`=true. This parameter will be ignored if `BUILD_KERNEL`=false.
237
239
238 ##### `ENABLE_IFNAMES`=true
240 ##### `ENABLE_IFNAMES`=true
239 Enable automatic assignment of predictable, stable network interface names for all local Ethernet, WLAN interfaces. This might create complex and long interface names. This parameter is only supported if the Debian release `stretch` is used.
241 Enable automatic assignment of predictable, stable network interface names for all local Ethernet, WLAN interfaces. This might create complex and long interface names. This parameter is only supported if the Debian releases `stretch` or `buster` are used.
240
242
241 ##### `DISABLE_UNDERVOLT_WARNINGS`=
243 ##### `DISABLE_UNDERVOLT_WARNINGS`=
242 Disable RPi2/3 under-voltage warnings and overlays. Setting the parameter to `1` will disable the warning overlay. Setting it to `2` will additionally allow RPi2/3 turbo mode when low-voltage is present.
244 Disable RPi2/3 under-voltage warnings and overlays. Setting the parameter to `1` will disable the warning overlay. Setting it to `2` will additionally allow RPi2/3 turbo mode when low-voltage is present.
243
245
244 ---
246 ---
245
247
246 #### SSH settings:
248 #### SSH settings:
247 ##### `SSH_ENABLE_ROOT`=false
249 ##### `SSH_ENABLE_ROOT`=false
248 Enable password root login via SSH. This may be a security risk with default password, use only in trusted environments. `ENABLE_ROOT` must be set to `true`.
250 Enable password root login via SSH. This may be a security risk with default password, use only in trusted environments. `ENABLE_ROOT` must be set to `true`.
249
251
250 ##### `SSH_DISABLE_PASSWORD_AUTH`=false
252 ##### `SSH_DISABLE_PASSWORD_AUTH`=false
251 Disable password based SSH authentication. Only public key based SSH (v2) authentication will be supported.
253 Disable password based SSH authentication. Only public key based SSH (v2) authentication will be supported.
252
254
253 ##### `SSH_LIMIT_USERS`=false
255 ##### `SSH_LIMIT_USERS`=false
254 Limit the users that are allowed to login via SSH. Only allow user `USER_NAME`=pi and root if `SSH_ENABLE_ROOT`=true to login. This parameter will be ignored if `dropbear` SSH is used (`REDUCE_SSHD`=true).
256 Limit the users that are allowed to login via SSH. Only allow user `USER_NAME`=pi and root if `SSH_ENABLE_ROOT`=true to login. This parameter will be ignored if `dropbear` SSH is used (`REDUCE_SSHD`=true).
255
257
256 ##### `SSH_ROOT_PUB_KEY`=""
258 ##### `SSH_ROOT_PUB_KEY`=""
257 Add SSH (v2) public key(s) from specified file to `authorized_keys` file to enable public key based SSH (v2) authentication of user `root`. The specified file can also contain multiple SSH (v2) public keys. SSH protocol version 1 is not supported. `ENABLE_ROOT` **and** `SSH_ENABLE_ROOT` must be set to `true`.
259 Add SSH (v2) public key(s) from specified file to `authorized_keys` file to enable public key based SSH (v2) authentication of user `root`. The specified file can also contain multiple SSH (v2) public keys. SSH protocol version 1 is not supported. `ENABLE_ROOT` **and** `SSH_ENABLE_ROOT` must be set to `true`.
258
260
259 ##### `SSH_USER_PUB_KEY`=""
261 ##### `SSH_USER_PUB_KEY`=""
260 Add SSH (v2) public key(s) from specified file to `authorized_keys` file to enable public key based SSH (v2) authentication of user `USER_NAME`=pi. The specified file can also contain multiple SSH (v2) public keys. SSH protocol version 1 is not supported.
262 Add SSH (v2) public key(s) from specified file to `authorized_keys` file to enable public key based SSH (v2) authentication of user `USER_NAME`=pi. The specified file can also contain multiple SSH (v2) public keys. SSH protocol version 1 is not supported.
261
263
262 ---
264 ---
263
265
264 #### Kernel compilation:
266 #### Kernel compilation:
265 ##### `BUILD_KERNEL`=false
267 ##### `BUILD_KERNEL`=false
266 Build and install the latest RPi2/3 Linux kernel. Currently only the default RPi2/3 kernel configuration is used. `BUILD_KERNEL`=true will automatically be set if the Raspberry Pi model `3` is used.
268 Build and install the latest RPi2/3 Linux kernel. Currently only the default RPi2/3 kernel configuration is used. `BUILD_KERNEL`=true will automatically be set if the Raspberry Pi model `3` is used.
267
269
268 ##### `CROSS_COMPILE`="arm-linux-gnueabihf-"
270 ##### `CROSS_COMPILE`="arm-linux-gnueabihf-"
269 This sets the cross compile enviornment for the compiler.
271 This sets the cross compile enviornment for the compiler.
270
272
271 ##### `KERNEL_ARCH`="arm"
273 ##### `KERNEL_ARCH`="arm"
272 This sets the kernel architecture for the compiler.
274 This sets the kernel architecture for the compiler.
273
275
274 ##### `KERNEL_IMAGE`="kernel7.img"
276 ##### `KERNEL_IMAGE`="kernel7.img"
275 Name of the image file in the boot partition. If not set, `KERNEL_IMAGE` will be set to "kernel8.img" automatically if building for arm64.
277 Name of the image file in the boot partition. If not set, `KERNEL_IMAGE` will be set to "kernel8.img" automatically if building for arm64.
276
278
277 ##### `KERNEL_BRANCH`=""
279 ##### `KERNEL_BRANCH`=""
278 Name of the requested branch from the GIT location for the RPi Kernel. Default is using the current default branch from the GIT site.
280 Name of the requested branch from the GIT location for the RPi Kernel. Default is using the current default branch from the GIT site.
279
281
280 ##### `QEMU_BINARY`="/usr/bin/qemu-arm-static"
282 ##### `QEMU_BINARY`="/usr/bin/qemu-arm-static"
281 Sets the QEMU enviornment for the Debian archive. If not set, `QEMU_BINARY` will be set to "/usr/bin/qemu-aarch64-static" automatically if building for arm64.
283 Sets the QEMU enviornment for the Debian archive. If not set, `QEMU_BINARY` will be set to "/usr/bin/qemu-aarch64-static" automatically if building for arm64.
282
284
283 ##### `KERNEL_DEFCONFIG`="bcm2709_defconfig"
285 ##### `KERNEL_DEFCONFIG`="bcm2709_defconfig"
284 Sets the default config for kernel compiling. If not set, `KERNEL_DEFCONFIG` will be set to "bcmrpi3\_defconfig" automatically if building for arm64.
286 Sets the default config for kernel compiling. If not set, `KERNEL_DEFCONFIG` will be set to "bcmrpi3\_defconfig" automatically if building for arm64.
285
287
286 ##### `KERNEL_REDUCE`=false
288 ##### `KERNEL_REDUCE`=false
287 Reduce the size of the generated kernel by removing unwanted device, network and filesystem drivers (experimental).
289 Reduce the size of the generated kernel by removing unwanted device, network and filesystem drivers (experimental).
288
290
289 ##### `KERNEL_THREADS`=1
291 ##### `KERNEL_THREADS`=1
290 Number of parallel kernel building threads. If the parameter is left untouched the script will automatically determine the number of CPU cores to set the number of parallel threads to speed the kernel compilation.
292 Number of parallel kernel building threads. If the parameter is left untouched the script will automatically determine the number of CPU cores to set the number of parallel threads to speed the kernel compilation.
291
293
292 ##### `KERNEL_HEADERS`=true
294 ##### `KERNEL_HEADERS`=true
293 Install kernel headers with built kernel.
295 Install kernel headers with built kernel.
294
296
295 ##### `KERNEL_MENUCONFIG`=false
297 ##### `KERNEL_MENUCONFIG`=false
296 Start `make menuconfig` interactive menu-driven kernel configuration. The script will continue after `make menuconfig` was terminated.
298 Start `make menuconfig` interactive menu-driven kernel configuration. The script will continue after `make menuconfig` was terminated.
297
299
298 ##### `KERNEL_REMOVESRC`=true
300 ##### `KERNEL_REMOVESRC`=true
299 Remove all kernel sources from the generated OS image after it was built and installed.
301 Remove all kernel sources from the generated OS image after it was built and installed.
300
302
301 ##### `KERNELSRC_DIR`=""
303 ##### `KERNELSRC_DIR`=""
302 Path to a directory (`linux`) of [RaspberryPi Linux kernel sources](https://github.com/raspberrypi/linux) that will be copied, configured, build and installed inside the chroot.
304 Path to a directory (`linux`) of [RaspberryPi Linux kernel sources](https://github.com/raspberrypi/linux) that will be copied, configured, build and installed inside the chroot.
303
305
304 ##### `KERNELSRC_CLEAN`=false
306 ##### `KERNELSRC_CLEAN`=false
305 Clean the existing kernel sources directory `KERNELSRC_DIR` (using `make mrproper`) after it was copied to the chroot and before the compilation of the kernel has started. This parameter will be ignored if no `KERNELSRC_DIR` was specified or if `KERNELSRC_PREBUILT`=true.
307 Clean the existing kernel sources directory `KERNELSRC_DIR` (using `make mrproper`) after it was copied to the chroot and before the compilation of the kernel has started. This parameter will be ignored if no `KERNELSRC_DIR` was specified or if `KERNELSRC_PREBUILT`=true.
306
308
307 ##### `KERNELSRC_CONFIG`=true
309 ##### `KERNELSRC_CONFIG`=true
308 Run `make bcm2709_defconfig` (and optional `make menuconfig`) to configure the kernel sources before building. This parameter is automatically set to `true` if no existing kernel sources directory was specified using `KERNELSRC_DIR`. This parameter is ignored if `KERNELSRC_PREBUILT`=true.
310 Run `make bcm2709_defconfig` (and optional `make menuconfig`) to configure the kernel sources before building. This parameter is automatically set to `true` if no existing kernel sources directory was specified using `KERNELSRC_DIR`. This parameter is ignored if `KERNELSRC_PREBUILT`=true.
309
311
310 ##### `KERNELSRC_USRCONFIG`=""
312 ##### `KERNELSRC_USRCONFIG`=""
311 Copy own config file to kernel `.config`. If `KERNEL_MENUCONFIG`=true then running after copy.
313 Copy own config file to kernel `.config`. If `KERNEL_MENUCONFIG`=true then running after copy.
312
314
313 ##### `KERNELSRC_PREBUILT`=false
315 ##### `KERNELSRC_PREBUILT`=false
314 With this parameter set to true the script expects the existing kernel sources directory to be already successfully cross-compiled. The parameters `KERNELSRC_CLEAN`, `KERNELSRC_CONFIG`, `KERNELSRC_USRCONFIG` and `KERNEL_MENUCONFIG` are ignored and no kernel compilation tasks are performed.
316 With this parameter set to true the script expects the existing kernel sources directory to be already successfully cross-compiled. The parameters `KERNELSRC_CLEAN`, `KERNELSRC_CONFIG`, `KERNELSRC_USRCONFIG` and `KERNEL_MENUCONFIG` are ignored and no kernel compilation tasks are performed.
315
317
316 ##### `RPI_FIRMWARE_DIR`=""
318 ##### `RPI_FIRMWARE_DIR`=""
317 The directory (`firmware`) containing a local copy of the firmware from the [RaspberryPi firmware project](https://github.com/raspberrypi/firmware). Default is to download the latest firmware directly from the project.
319 The directory (`firmware`) containing a local copy of the firmware from the [RaspberryPi firmware project](https://github.com/raspberrypi/firmware). Default is to download the latest firmware directly from the project.
318
320
319 ---
321 ---
320
322
321 #### Reduce disk usage:
323 #### Reduce disk usage:
322 The following list of parameters is ignored if `ENABLE_REDUCE`=false.
324 The following list of parameters is ignored if `ENABLE_REDUCE`=false.
323
325
324 ##### `REDUCE_APT`=true
326 ##### `REDUCE_APT`=true
325 Configure APT to use compressed package repository lists and no package caching files.
327 Configure APT to use compressed package repository lists and no package caching files.
326
328
327 ##### `REDUCE_DOC`=true
329 ##### `REDUCE_DOC`=true
328 Remove all doc files (harsh). Configure APT to not include doc files on future `apt-get` package installations.
330 Remove all doc files (harsh). Configure APT to not include doc files on future `apt-get` package installations.
329
331
330 ##### `REDUCE_MAN`=true
332 ##### `REDUCE_MAN`=true
331 Remove all man pages and info files (harsh). Configure APT to not include man pages on future `apt-get` package installations.
333 Remove all man pages and info files (harsh). Configure APT to not include man pages on future `apt-get` package installations.
332
334
333 ##### `REDUCE_VIM`=false
335 ##### `REDUCE_VIM`=false
334 Replace `vim-tiny` package by `levee` a tiny vim clone.
336 Replace `vim-tiny` package by `levee` a tiny vim clone.
335
337
336 ##### `REDUCE_BASH`=false
338 ##### `REDUCE_BASH`=false
337 Remove `bash` package and switch to `dash` shell (experimental).
339 Remove `bash` package and switch to `dash` shell (experimental).
338
340
339 ##### `REDUCE_HWDB`=true
341 ##### `REDUCE_HWDB`=true
340 Remove PCI related hwdb files (experimental).
342 Remove PCI related hwdb files (experimental).
341
343
342 ##### `REDUCE_SSHD`=true
344 ##### `REDUCE_SSHD`=true
343 Replace `openssh-server` with `dropbear`.
345 Replace `openssh-server` with `dropbear`.
344
346
345 ##### `REDUCE_LOCALE`=true
347 ##### `REDUCE_LOCALE`=true
346 Remove all `locale` translation files.
348 Remove all `locale` translation files.
347
349
348 ---
350 ---
349
351
350 #### Encrypted root partition:
352 #### Encrypted root partition:
351 ##### `ENABLE_CRYPTFS`=false
353 ##### `ENABLE_CRYPTFS`=false
352 Enable full system encryption with dm-crypt. Setup a fully LUKS encrypted root partition (aes-xts-plain64:sha512) and generate required initramfs. The /boot directory will not be encrypted. This parameter will be ignored if `BUILD_KERNEL`=false. `ENABLE_CRYPTFS` is experimental. SSH-to-initramfs is currently not supported but will be soon - feel free to help.
354 Enable full system encryption with dm-crypt. Setup a fully LUKS encrypted root partition (aes-xts-plain64:sha512) and generate required initramfs. The /boot directory will not be encrypted. This parameter will be ignored if `BUILD_KERNEL`=false. `ENABLE_CRYPTFS` is experimental. SSH-to-initramfs is currently not supported but will be soon - feel free to help.
353
355
354 ##### `CRYPTFS_PASSWORD`=""
356 ##### `CRYPTFS_PASSWORD`=""
355 Set password of the encrypted root partition. This parameter is mandatory if `ENABLE_CRYPTFS`=true.
357 Set password of the encrypted root partition. This parameter is mandatory if `ENABLE_CRYPTFS`=true.
356
358
357 ##### `CRYPTFS_MAPPING`="secure"
359 ##### `CRYPTFS_MAPPING`="secure"
358 Set name of dm-crypt managed device-mapper mapping.
360 Set name of dm-crypt managed device-mapper mapping.
359
361
360 ##### `CRYPTFS_CIPHER`="aes-xts-plain64:sha512"
362 ##### `CRYPTFS_CIPHER`="aes-xts-plain64:sha512"
361 Set cipher specification string. `aes-xts*` ciphers are strongly recommended.
363 Set cipher specification string. `aes-xts*` ciphers are strongly recommended.
362
364
363 ##### `CRYPTFS_XTSKEYSIZE`=512
365 ##### `CRYPTFS_XTSKEYSIZE`=512
364 Sets key size in bits. The argument has to be a multiple of 8.
366 Sets key size in bits. The argument has to be a multiple of 8.
365
367
366 ---
368 ---
367
369
368 #### Build settings:
370 #### Build settings:
369 ##### `BASEDIR`=$(pwd)/images/${RELEASE}
371 ##### `BASEDIR`=$(pwd)/images/${RELEASE}
370 Set a path to a working directory used by the script to generate an image.
372 Set a path to a working directory used by the script to generate an image.
371
373
372 ##### `IMAGE_NAME`=${BASEDIR}/${DATE}-${KERNEL_ARCH}-${KERNEL_BRANCH}-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}
374 ##### `IMAGE_NAME`=${BASEDIR}/${DATE}-${KERNEL_ARCH}-${KERNEL_BRANCH}-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}
373 Set a filename for the output file(s). Note: the script will create $IMAGE_NAME.img if `ENABLE_SPLITFS`=false or $IMAGE_NAME-frmw.img and $IMAGE_NAME-root.img if `ENABLE_SPLITFS`=true. Note 2: If the KERNEL_BRANCH is not set, the word "CURRENT" is used.
375 Set a filename for the output file(s). Note: the script will create $IMAGE_NAME.img if `ENABLE_SPLITFS`=false or $IMAGE_NAME-frmw.img and $IMAGE_NAME-root.img if `ENABLE_SPLITFS`=true. Note 2: If the KERNEL_BRANCH is not set, the word "CURRENT" is used.
374
376
375 ## Understanding the script
377 ## Understanding the script
376 The functions of this script that are required for the different stages of the bootstrapping are split up into single files located inside the `bootstrap.d` directory. During the bootstrapping every script in this directory gets executed in lexicographical order:
378 The functions of this script that are required for the different stages of the bootstrapping are split up into single files located inside the `bootstrap.d` directory. During the bootstrapping every script in this directory gets executed in lexicographical order:
377
379
378 | Script | Description |
380 | Script | Description |
379 | --- | --- |
381 | --- | --- |
380 | `10-bootstrap.sh` | Debootstrap basic system |
382 | `10-bootstrap.sh` | Debootstrap basic system |
381 | `11-apt.sh` | Setup APT repositories |
383 | `11-apt.sh` | Setup APT repositories |
382 | `12-locale.sh` | Setup Locales and keyboard settings |
384 | `12-locale.sh` | Setup Locales and keyboard settings |
383 | `13-kernel.sh` | Build and install RPi2/3 Kernel |
385 | `13-kernel.sh` | Build and install RPi2/3 Kernel |
384 | `14-fstab.sh` | Setup fstab and initramfs |
386 | `14-fstab.sh` | Setup fstab and initramfs |
385 | `15-rpi-config.sh` | Setup RPi2/3 config and cmdline |
387 | `15-rpi-config.sh` | Setup RPi2/3 config and cmdline |
386 | `20-networking.sh` | Setup Networking |
388 | `20-networking.sh` | Setup Networking |
387 | `21-firewall.sh` | Setup Firewall |
389 | `21-firewall.sh` | Setup Firewall |
388 | `30-security.sh` | Setup Users and Security settings |
390 | `30-security.sh` | Setup Users and Security settings |
389 | `31-logging.sh` | Setup Logging |
391 | `31-logging.sh` | Setup Logging |
390 | `32-sshd.sh` | Setup SSH and public keys |
392 | `32-sshd.sh` | Setup SSH and public keys |
391 | `41-uboot.sh` | Build and Setup U-Boot |
393 | `41-uboot.sh` | Build and Setup U-Boot |
392 | `42-fbturbo.sh` | Build and Setup fbturbo Xorg driver |
394 | `42-fbturbo.sh` | Build and Setup fbturbo Xorg driver |
393 | `50-firstboot.sh` | First boot actions |
395 | `50-firstboot.sh` | First boot actions |
394 | `99-reduce.sh` | Reduce the disk space usage |
396 | `99-reduce.sh` | Reduce the disk space usage |
395
397
396 All the required configuration files that will be copied to the generated OS image are located inside the `files` directory. It is not recommended to modify these configuration files manually.
398 All the required configuration files that will be copied to the generated OS image are located inside the `files` directory. It is not recommended to modify these configuration files manually.
397
399
398 | Directory | Description |
400 | Directory | Description |
399 | --- | --- |
401 | --- | --- |
400 | `apt` | APT management configuration files |
402 | `apt` | APT management configuration files |
401 | `boot` | Boot and RPi2/3 configuration files |
403 | `boot` | Boot and RPi2/3 configuration files |
402 | `dpkg` | Package Manager configuration |
404 | `dpkg` | Package Manager configuration |
403 | `etc` | Configuration files and rc scripts |
405 | `etc` | Configuration files and rc scripts |
404 | `firstboot` | Scripts that get executed on first boot |
406 | `firstboot` | Scripts that get executed on first boot |
405 | `initramfs` | Initramfs scripts |
407 | `initramfs` | Initramfs scripts |
406 | `iptables` | Firewall configuration files |
408 | `iptables` | Firewall configuration files |
407 | `locales` | Locales configuration |
409 | `locales` | Locales configuration |
408 | `modules` | Kernel Modules configuration |
410 | `modules` | Kernel Modules configuration |
409 | `mount` | Fstab configuration |
411 | `mount` | Fstab configuration |
410 | `network` | Networking configuration files |
412 | `network` | Networking configuration files |
411 | `sysctl.d` | Swapping and Network Hardening configuration |
413 | `sysctl.d` | Swapping and Network Hardening configuration |
412 | `xorg` | fbturbo Xorg driver configuration |
414 | `xorg` | fbturbo Xorg driver configuration |
413
415
414 ## Custom packages and scripts
416 ## Custom packages and scripts
415 Debian custom packages, i.e. those not in the debian repositories, can be installed by placing them in the `packages` directory. They are installed immediately after packages from the repositories are installed. Any dependencies listed in the custom packages will be downloaded automatically from the repositories. Do not list these custom packages in `APT_INCLUDES`.
417 Debian custom packages, i.e. those not in the debian repositories, can be installed by placing them in the `packages` directory. They are installed immediately after packages from the repositories are installed. Any dependencies listed in the custom packages will be downloaded automatically from the repositories. Do not list these custom packages in `APT_INCLUDES`.
416
418
417 Scripts in the custom.d directory will be executed after all other installation is complete but before the image is created.
419 Scripts in the custom.d directory will be executed after all other installation is complete but before the image is created.
418
420
419 ## Logging of the bootstrapping process
421 ## Logging of the bootstrapping process
420 All information related to the bootstrapping process and the commands executed by the `rpi23-gen-image.sh` script can easily be saved into a logfile. The common shell command `script` can be used for this purpose:
422 All information related to the bootstrapping process and the commands executed by the `rpi23-gen-image.sh` script can easily be saved into a logfile. The common shell command `script` can be used for this purpose:
421
423
422 ```shell
424 ```shell
423 script -c 'APT_SERVER=ftp.de.debian.org ./rpi23-gen-image.sh' ./build.log
425 script -c 'APT_SERVER=ftp.de.debian.org ./rpi23-gen-image.sh' ./build.log
424 ```
426 ```
425
427
426 ## Flashing the image file
428 ## Flashing the image file
427 After the image file was successfully created by the `rpi23-gen-image.sh` script it can be copied to the microSD card that will be used by the RPi2/3 computer. This can be performed by using the tools `bmaptool` or `dd`. Using `bmaptool` will probably speed-up the copy process because `bmaptool` copies more wisely than `dd`.
429 After the image file was successfully created by the `rpi23-gen-image.sh` script it can be copied to the microSD card that will be used by the RPi2/3 computer. This can be performed by using the tools `bmaptool` or `dd`. Using `bmaptool` will probably speed-up the copy process because `bmaptool` copies more wisely than `dd`.
428
430
429 ##### Flashing examples:
431 ##### Flashing examples:
430 ```shell
432 ```shell
431 bmaptool copy ./images/jessie/2017-01-23-rpi3-jessie.img /dev/mmcblk0
433 bmaptool copy ./images/jessie/2017-01-23-rpi3-jessie.img /dev/mmcblk0
432 dd bs=4M if=./images/jessie/2017-01-23-rpi3-jessie.img of=/dev/mmcblk0
434 dd bs=4M if=./images/jessie/2017-01-23-rpi3-jessie.img of=/dev/mmcblk0
433 ```
435 ```
434 If you have set `ENABLE_SPLITFS`, copy the `-frmw` image on the microSD card, then the `-root` one on the USB drive:
436 If you have set `ENABLE_SPLITFS`, copy the `-frmw` image on the microSD card, then the `-root` one on the USB drive:
435 ```shell
437 ```shell
436 bmaptool copy ./images/jessie/2017-01-23-rpi3-jessie-frmw.img /dev/mmcblk0
438 bmaptool copy ./images/jessie/2017-01-23-rpi3-jessie-frmw.img /dev/mmcblk0
437 bmaptool copy ./images/jessie/2017-01-23-rpi3-jessie-root.img /dev/sdc
439 bmaptool copy ./images/jessie/2017-01-23-rpi3-jessie-root.img /dev/sdc
438 ```
440 ```
439 ## Weekly image builds
441 ## Weekly image builds
440 The image files are provided by JRWR'S I/O PORT and are built once a Sunday at midnight UTC!
442 The image files are provided by JRWR'S I/O PORT and are built once a Sunday at midnight UTC!
441 * [Debian Stretch Raspberry Pi2/3 Weekly Image Builds](https://jrwr.io/doku.php?id=projects:debianpi)
443 * [Debian Stretch Raspberry Pi2/3 Weekly Image Builds](https://jrwr.io/doku.php?id=projects:debianpi)
442
444
443 ## External links and references
445 ## External links and references
444 * [Debian worldwide mirror sites](https://www.debian.org/mirror/list)
446 * [Debian worldwide mirror sites](https://www.debian.org/mirror/list)
445 * [Debian Raspberry Pi 2 Wiki](https://wiki.debian.org/RaspberryPi2)
447 * [Debian Raspberry Pi 2 Wiki](https://wiki.debian.org/RaspberryPi2)
446 * [Debian CrossToolchains Wiki](https://wiki.debian.org/CrossToolchains)
448 * [Debian CrossToolchains Wiki](https://wiki.debian.org/CrossToolchains)
447 * [Official Raspberry Pi Firmware on github](https://github.com/raspberrypi/firmware)
449 * [Official Raspberry Pi Firmware on github](https://github.com/raspberrypi/firmware)
448 * [Official Raspberry Pi Kernel on github](https://github.com/raspberrypi/linux)
450 * [Official Raspberry Pi Kernel on github](https://github.com/raspberrypi/linux)
449 * [U-BOOT git repository](http://git.denx.de/?p=u-boot.git;a=summary)
451 * [U-BOOT git repository](http://git.denx.de/?p=u-boot.git;a=summary)
450 * [Xorg DDX driver fbturbo](https://github.com/ssvb/xf86-video-fbturbo)
452 * [Xorg DDX driver fbturbo](https://github.com/ssvb/xf86-video-fbturbo)
451 * [RPi3 Wireless interface firmware](https://github.com/RPi-Distro/firmware-nonfree/tree/master/brcm80211/brcm)
453 * [RPi3 Wireless interface firmware](https://github.com/RPi-Distro/firmware-nonfree/tree/master/brcm80211/brcm)
452 * [Collabora RPi2 Kernel precompiled](https://repositories.collabora.co.uk/debian/)
454 * [Collabora RPi2 Kernel precompiled](https://repositories.collabora.co.uk/debian/)
@@ -1,151 +1,151
1 #
1 #
2 # Setup RPi2/3 config and cmdline
2 # Setup RPi2/3 config and cmdline
3 #
3 #
4
4
5 # Load utility functions
5 # Load utility functions
6 . ./functions.sh
6 . ./functions.sh
7
7
8 if [ "$BUILD_KERNEL" = true ] ; then
8 if [ "$BUILD_KERNEL" = true ] ; then
9 if [ -n "$RPI_FIRMWARE_DIR" ] && [ -d "$RPI_FIRMWARE_DIR" ] ; then
9 if [ -n "$RPI_FIRMWARE_DIR" ] && [ -d "$RPI_FIRMWARE_DIR" ] ; then
10 # Install boot binaries from local directory
10 # Install boot binaries from local directory
11 cp ${RPI_FIRMWARE_DIR}/boot/bootcode.bin ${BOOT_DIR}/bootcode.bin
11 cp ${RPI_FIRMWARE_DIR}/boot/bootcode.bin ${BOOT_DIR}/bootcode.bin
12 cp ${RPI_FIRMWARE_DIR}/boot/fixup.dat ${BOOT_DIR}/fixup.dat
12 cp ${RPI_FIRMWARE_DIR}/boot/fixup.dat ${BOOT_DIR}/fixup.dat
13 cp ${RPI_FIRMWARE_DIR}/boot/fixup_cd.dat ${BOOT_DIR}/fixup_cd.dat
13 cp ${RPI_FIRMWARE_DIR}/boot/fixup_cd.dat ${BOOT_DIR}/fixup_cd.dat
14 cp ${RPI_FIRMWARE_DIR}/boot/fixup_x.dat ${BOOT_DIR}/fixup_x.dat
14 cp ${RPI_FIRMWARE_DIR}/boot/fixup_x.dat ${BOOT_DIR}/fixup_x.dat
15 cp ${RPI_FIRMWARE_DIR}/boot/start.elf ${BOOT_DIR}/start.elf
15 cp ${RPI_FIRMWARE_DIR}/boot/start.elf ${BOOT_DIR}/start.elf
16 cp ${RPI_FIRMWARE_DIR}/boot/start_cd.elf ${BOOT_DIR}/start_cd.elf
16 cp ${RPI_FIRMWARE_DIR}/boot/start_cd.elf ${BOOT_DIR}/start_cd.elf
17 cp ${RPI_FIRMWARE_DIR}/boot/start_x.elf ${BOOT_DIR}/start_x.elf
17 cp ${RPI_FIRMWARE_DIR}/boot/start_x.elf ${BOOT_DIR}/start_x.elf
18 else
18 else
19 # Create temporary directory for boot binaries
19 # Create temporary directory for boot binaries
20 temp_dir=$(as_nobody mktemp -d)
20 temp_dir=$(as_nobody mktemp -d)
21
21
22 # Install latest boot binaries from raspberry/firmware github
22 # Install latest boot binaries from raspberry/firmware github
23 as_nobody wget -q -O "${temp_dir}/bootcode.bin" "${FIRMWARE_URL}/bootcode.bin"
23 as_nobody wget -q -O "${temp_dir}/bootcode.bin" "${FIRMWARE_URL}/bootcode.bin"
24 as_nobody wget -q -O "${temp_dir}/fixup.dat" "${FIRMWARE_URL}/fixup.dat"
24 as_nobody wget -q -O "${temp_dir}/fixup.dat" "${FIRMWARE_URL}/fixup.dat"
25 as_nobody wget -q -O "${temp_dir}/fixup_cd.dat" "${FIRMWARE_URL}/fixup_cd.dat"
25 as_nobody wget -q -O "${temp_dir}/fixup_cd.dat" "${FIRMWARE_URL}/fixup_cd.dat"
26 as_nobody wget -q -O "${temp_dir}/fixup_x.dat" "${FIRMWARE_URL}/fixup_x.dat"
26 as_nobody wget -q -O "${temp_dir}/fixup_x.dat" "${FIRMWARE_URL}/fixup_x.dat"
27 as_nobody wget -q -O "${temp_dir}/start.elf" "${FIRMWARE_URL}/start.elf"
27 as_nobody wget -q -O "${temp_dir}/start.elf" "${FIRMWARE_URL}/start.elf"
28 as_nobody wget -q -O "${temp_dir}/start_cd.elf" "${FIRMWARE_URL}/start_cd.elf"
28 as_nobody wget -q -O "${temp_dir}/start_cd.elf" "${FIRMWARE_URL}/start_cd.elf"
29 as_nobody wget -q -O "${temp_dir}/start_x.elf" "${FIRMWARE_URL}/start_x.elf"
29 as_nobody wget -q -O "${temp_dir}/start_x.elf" "${FIRMWARE_URL}/start_x.elf"
30
30
31 # Move downloaded boot binaries
31 # Move downloaded boot binaries
32 mv "${temp_dir}/"* "${BOOT_DIR}/"
32 mv "${temp_dir}/"* "${BOOT_DIR}/"
33
33
34 # Remove temporary directory for boot binaries
34 # Remove temporary directory for boot binaries
35 rm -fr "${temp_dir}"
35 rm -fr "${temp_dir}"
36
36
37 # Set permissions of the boot binaries
37 # Set permissions of the boot binaries
38 chown -R root:root "${BOOT_DIR}"
38 chown -R root:root "${BOOT_DIR}"
39 chmod -R 600 "${BOOT_DIR}"
39 chmod -R 600 "${BOOT_DIR}"
40 fi
40 fi
41 fi
41 fi
42
42
43 # Setup firmware boot cmdline
43 # Setup firmware boot cmdline
44 if [ "$ENABLE_SPLITFS" = true ] ; then
44 if [ "$ENABLE_SPLITFS" = true ] ; then
45 CMDLINE="dwc_otg.lpm_enable=0 root=/dev/sda1 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline rootwait console=tty1"
45 CMDLINE="dwc_otg.lpm_enable=0 root=/dev/sda1 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline rootwait console=tty1"
46 else
46 else
47 CMDLINE="dwc_otg.lpm_enable=0 root=/dev/mmcblk0p2 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline rootwait console=tty1"
47 CMDLINE="dwc_otg.lpm_enable=0 root=/dev/mmcblk0p2 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline rootwait console=tty1"
48 fi
48 fi
49
49
50 # Add encrypted root partition to cmdline.txt
50 # Add encrypted root partition to cmdline.txt
51 if [ "$ENABLE_CRYPTFS" = true ] ; then
51 if [ "$ENABLE_CRYPTFS" = true ] ; then
52 if [ "$ENABLE_SPLITFS" = true ] ; then
52 if [ "$ENABLE_SPLITFS" = true ] ; then
53 CMDLINE=$(echo ${CMDLINE} | sed "s/sda1/mapper\/${CRYPTFS_MAPPING} cryptdevice=\/dev\/sda1:${CRYPTFS_MAPPING}/")
53 CMDLINE=$(echo ${CMDLINE} | sed "s/sda1/mapper\/${CRYPTFS_MAPPING} cryptdevice=\/dev\/sda1:${CRYPTFS_MAPPING}/")
54 else
54 else
55 CMDLINE=$(echo ${CMDLINE} | sed "s/mmcblk0p2/mapper\/${CRYPTFS_MAPPING} cryptdevice=\/dev\/mmcblk0p2:${CRYPTFS_MAPPING}/")
55 CMDLINE=$(echo ${CMDLINE} | sed "s/mmcblk0p2/mapper\/${CRYPTFS_MAPPING} cryptdevice=\/dev\/mmcblk0p2:${CRYPTFS_MAPPING}/")
56 fi
56 fi
57 fi
57 fi
58
58
59 # Add serial console support
59 # Add serial console support
60 if [ "$ENABLE_CONSOLE" = true ] ; then
60 if [ "$ENABLE_CONSOLE" = true ] ; then
61 CMDLINE="${CMDLINE} console=ttyAMA0,115200 kgdboc=ttyAMA0,115200"
61 CMDLINE="${CMDLINE} console=ttyAMA0,115200 kgdboc=ttyAMA0,115200"
62 fi
62 fi
63
63
64 # Remove IPv6 networking support
64 # Remove IPv6 networking support
65 if [ "$ENABLE_IPV6" = false ] ; then
65 if [ "$ENABLE_IPV6" = false ] ; then
66 CMDLINE="${CMDLINE} ipv6.disable=1"
66 CMDLINE="${CMDLINE} ipv6.disable=1"
67 fi
67 fi
68
68
69 # Automatically assign predictable network interface names
69 # Automatically assign predictable network interface names
70 if [ "$ENABLE_IFNAMES" = false ] ; then
70 if [ "$ENABLE_IFNAMES" = false ] ; then
71 CMDLINE="${CMDLINE} net.ifnames=0"
71 CMDLINE="${CMDLINE} net.ifnames=0"
72 else
72 else
73 CMDLINE="${CMDLINE} net.ifnames=1"
73 CMDLINE="${CMDLINE} net.ifnames=1"
74 fi
74 fi
75
75
76 # Set init to systemd if required by Debian release stretch or buster
76 # Set init to systemd if required by Debian release
77 if [ "$RELEASE" = "stretch" ] || [ "$RELEASE" = "buster" ] ; then
77 if [ "$RELEASE" = "stretch" ] || [ "$RELEASE" = "buster" ] ; then
78 CMDLINE="${CMDLINE} init=/bin/systemd"
78 CMDLINE="${CMDLINE} init=/bin/systemd"
79 fi
79 fi
80
80
81 # Install firmware boot cmdline
81 # Install firmware boot cmdline
82 echo "${CMDLINE}" > "${BOOT_DIR}/cmdline.txt"
82 echo "${CMDLINE}" > "${BOOT_DIR}/cmdline.txt"
83
83
84 # Install firmware config
84 # Install firmware config
85 install_readonly files/boot/config.txt "${BOOT_DIR}/config.txt"
85 install_readonly files/boot/config.txt "${BOOT_DIR}/config.txt"
86
86
87 # Setup minimal GPU memory allocation size: 16MB (no X)
87 # Setup minimal GPU memory allocation size: 16MB (no X)
88 if [ "$ENABLE_MINGPU" = true ] ; then
88 if [ "$ENABLE_MINGPU" = true ] ; then
89 echo "gpu_mem=16" >> "${BOOT_DIR}/config.txt"
89 echo "gpu_mem=16" >> "${BOOT_DIR}/config.txt"
90 fi
90 fi
91
91
92 # Setup boot with initramfs
92 # Setup boot with initramfs
93 if [ "$ENABLE_INITRAMFS" = true ] ; then
93 if [ "$ENABLE_INITRAMFS" = true ] ; then
94 echo "initramfs initramfs-${KERNEL_VERSION} followkernel" >> "${BOOT_DIR}/config.txt"
94 echo "initramfs initramfs-${KERNEL_VERSION} followkernel" >> "${BOOT_DIR}/config.txt"
95 fi
95 fi
96
96
97 # Disable RPi3 Bluetooth and restore ttyAMA0 serial device
97 # Disable RPi3 Bluetooth and restore ttyAMA0 serial device
98 if [ "$RPI_MODEL" = 3 ] ; then
98 if [ "$RPI_MODEL" = 3 ] ; then
99 if [ "$ENABLE_CONSOLE" = true ] && [ "$ENABLE_UBOOT" = false ] ; then
99 if [ "$ENABLE_CONSOLE" = true ] && [ "$ENABLE_UBOOT" = false ] ; then
100 echo "dtoverlay=pi3-disable-bt" >> "${BOOT_DIR}/config.txt"
100 echo "dtoverlay=pi3-disable-bt" >> "${BOOT_DIR}/config.txt"
101 echo "enable_uart=1" >> "${BOOT_DIR}/config.txt"
101 echo "enable_uart=1" >> "${BOOT_DIR}/config.txt"
102 fi
102 fi
103 fi
103 fi
104
104
105 # Create firmware configuration and cmdline symlinks
105 # Create firmware configuration and cmdline symlinks
106 ln -sf firmware/config.txt "${R}/boot/config.txt"
106 ln -sf firmware/config.txt "${R}/boot/config.txt"
107 ln -sf firmware/cmdline.txt "${R}/boot/cmdline.txt"
107 ln -sf firmware/cmdline.txt "${R}/boot/cmdline.txt"
108
108
109 # Install and setup kernel modules to load at boot
109 # Install and setup kernel modules to load at boot
110 mkdir -p "${R}/lib/modules-load.d/"
110 mkdir -p "${R}/lib/modules-load.d/"
111 install_readonly files/modules/rpi2.conf "${R}/lib/modules-load.d/rpi2.conf"
111 install_readonly files/modules/rpi2.conf "${R}/lib/modules-load.d/rpi2.conf"
112
112
113 # Load hardware random module at boot
113 # Load hardware random module at boot
114 if [ "$ENABLE_HWRANDOM" = true ] && [ "$BUILD_KERNEL" = false ] ; then
114 if [ "$ENABLE_HWRANDOM" = true ] && [ "$BUILD_KERNEL" = false ] ; then
115 sed -i "s/^# bcm2708_rng/bcm2708_rng/" "${R}/lib/modules-load.d/rpi2.conf"
115 sed -i "s/^# bcm2708_rng/bcm2708_rng/" "${R}/lib/modules-load.d/rpi2.conf"
116 fi
116 fi
117
117
118 # Load sound module at boot
118 # Load sound module at boot
119 if [ "$ENABLE_SOUND" = true ] ; then
119 if [ "$ENABLE_SOUND" = true ] ; then
120 sed -i "s/^# snd_bcm2835/snd_bcm2835/" "${R}/lib/modules-load.d/rpi2.conf"
120 sed -i "s/^# snd_bcm2835/snd_bcm2835/" "${R}/lib/modules-load.d/rpi2.conf"
121 else
121 else
122 echo "dtparam=audio=off" >> "${BOOT_DIR}/config.txt"
122 echo "dtparam=audio=off" >> "${BOOT_DIR}/config.txt"
123 fi
123 fi
124
124
125 # Enable I2C interface
125 # Enable I2C interface
126 if [ "$ENABLE_I2C" = true ] ; then
126 if [ "$ENABLE_I2C" = true ] ; then
127 echo "dtparam=i2c_arm=on" >> "${BOOT_DIR}/config.txt"
127 echo "dtparam=i2c_arm=on" >> "${BOOT_DIR}/config.txt"
128 sed -i "s/^# i2c-bcm2708/i2c-bcm2708/" "${R}/lib/modules-load.d/rpi2.conf"
128 sed -i "s/^# i2c-bcm2708/i2c-bcm2708/" "${R}/lib/modules-load.d/rpi2.conf"
129 sed -i "s/^# i2c-dev/i2c-dev/" "${R}/lib/modules-load.d/rpi2.conf"
129 sed -i "s/^# i2c-dev/i2c-dev/" "${R}/lib/modules-load.d/rpi2.conf"
130 fi
130 fi
131
131
132 # Enable SPI interface
132 # Enable SPI interface
133 if [ "$ENABLE_SPI" = true ] ; then
133 if [ "$ENABLE_SPI" = true ] ; then
134 echo "dtparam=spi=on" >> "${BOOT_DIR}/config.txt"
134 echo "dtparam=spi=on" >> "${BOOT_DIR}/config.txt"
135 echo "spi-bcm2708" >> "${R}/lib/modules-load.d/rpi2.conf"
135 echo "spi-bcm2708" >> "${R}/lib/modules-load.d/rpi2.conf"
136 if [ "$RPI_MODEL" = 3 ] ; then
136 if [ "$RPI_MODEL" = 3 ] ; then
137 sed -i "s/spi-bcm2708/spi-bcm2835/" "${R}/lib/modules-load.d/rpi2.conf"
137 sed -i "s/spi-bcm2708/spi-bcm2835/" "${R}/lib/modules-load.d/rpi2.conf"
138 fi
138 fi
139 fi
139 fi
140
140
141 # Disable RPi2/3 under-voltage warnings
141 # Disable RPi2/3 under-voltage warnings
142 if [ ! -z "$DISABLE_UNDERVOLT_WARNINGS" ] ; then
142 if [ ! -z "$DISABLE_UNDERVOLT_WARNINGS" ] ; then
143 echo "avoid_warnings=${DISABLE_UNDERVOLT_WARNINGS}" >> "${BOOT_DIR}/config.txt"
143 echo "avoid_warnings=${DISABLE_UNDERVOLT_WARNINGS}" >> "${BOOT_DIR}/config.txt"
144 fi
144 fi
145
145
146 # Install kernel modules blacklist
146 # Install kernel modules blacklist
147 mkdir -p "${ETC_DIR}/modprobe.d/"
147 mkdir -p "${ETC_DIR}/modprobe.d/"
148 install_readonly files/modules/raspi-blacklist.conf "${ETC_DIR}/modprobe.d/raspi-blacklist.conf"
148 install_readonly files/modules/raspi-blacklist.conf "${ETC_DIR}/modprobe.d/raspi-blacklist.conf"
149
149
150 # Install sysctl.d configuration files
150 # Install sysctl.d configuration files
151 install_readonly files/sysctl.d/81-rpi-vm.conf "${ETC_DIR}/sysctl.d/81-rpi-vm.conf"
151 install_readonly files/sysctl.d/81-rpi-vm.conf "${ETC_DIR}/sysctl.d/81-rpi-vm.conf"
@@ -1,107 +1,107
1 #
1 #
2 # Setup Networking
2 # Setup Networking
3 #
3 #
4
4
5 # Load utility functions
5 # Load utility functions
6 . ./functions.sh
6 . ./functions.sh
7
7
8 # Install and setup hostname
8 # Install and setup hostname
9 install_readonly files/network/hostname "${ETC_DIR}/hostname"
9 install_readonly files/network/hostname "${ETC_DIR}/hostname"
10 sed -i "s/^rpi2-jessie/${HOSTNAME}/" "${ETC_DIR}/hostname"
10 sed -i "s/^rpi2-jessie/${HOSTNAME}/" "${ETC_DIR}/hostname"
11
11
12 # Install and setup hosts
12 # Install and setup hosts
13 install_readonly files/network/hosts "${ETC_DIR}/hosts"
13 install_readonly files/network/hosts "${ETC_DIR}/hosts"
14 sed -i "s/rpi2-jessie/${HOSTNAME}/" "${ETC_DIR}/hosts"
14 sed -i "s/rpi2-jessie/${HOSTNAME}/" "${ETC_DIR}/hosts"
15
15
16 # Setup hostname entry with static IP
16 # Setup hostname entry with static IP
17 if [ "$NET_ADDRESS" != "" ] ; then
17 if [ "$NET_ADDRESS" != "" ] ; then
18 NET_IP=$(echo "${NET_ADDRESS}" | cut -f 1 -d'/')
18 NET_IP=$(echo "${NET_ADDRESS}" | cut -f 1 -d'/')
19 sed -i "s/^127.0.1.1/${NET_IP}/" "${ETC_DIR}/hosts"
19 sed -i "s/^127.0.1.1/${NET_IP}/" "${ETC_DIR}/hosts"
20 fi
20 fi
21
21
22 # Remove IPv6 hosts
22 # Remove IPv6 hosts
23 if [ "$ENABLE_IPV6" = false ] ; then
23 if [ "$ENABLE_IPV6" = false ] ; then
24 sed -i -e "/::[1-9]/d" -e "/^$/d" "${ETC_DIR}/hosts"
24 sed -i -e "/::[1-9]/d" -e "/^$/d" "${ETC_DIR}/hosts"
25 fi
25 fi
26
26
27 # Install hint about network configuration
27 # Install hint about network configuration
28 install_readonly files/network/interfaces "${ETC_DIR}/network/interfaces"
28 install_readonly files/network/interfaces "${ETC_DIR}/network/interfaces"
29
29
30 # Install configuration for interface eth0
30 # Install configuration for interface eth0
31 install_readonly files/network/eth.network "${ETC_DIR}/systemd/network/eth.network"
31 install_readonly files/network/eth.network "${ETC_DIR}/systemd/network/eth.network"
32
32
33 if [ "$ENABLE_DHCP" = true ] ; then
33 if [ "$ENABLE_DHCP" = true ] ; then
34 # Enable DHCP configuration for interface eth0
34 # Enable DHCP configuration for interface eth0
35 sed -i -e "s/DHCP=.*/DHCP=yes/" -e "/DHCP/q" "${ETC_DIR}/systemd/network/eth.network"
35 sed -i -e "s/DHCP=.*/DHCP=yes/" -e "/DHCP/q" "${ETC_DIR}/systemd/network/eth.network"
36
36
37 # Set DHCP configuration to IPv4 only
37 # Set DHCP configuration to IPv4 only
38 if [ "$ENABLE_IPV6" = false ] ; then
38 if [ "$ENABLE_IPV6" = false ] ; then
39 sed -i "s/DHCP=.*/DHCP=v4/" "${ETC_DIR}/systemd/network/eth.network"
39 sed -i "s/DHCP=.*/DHCP=v4/" "${ETC_DIR}/systemd/network/eth.network"
40 fi
40 fi
41
41
42 else # ENABLE_DHCP=false
42 else # ENABLE_DHCP=false
43 # Set static network configuration for interface eth0
43 # Set static network configuration for interface eth0
44 sed -i\
44 sed -i\
45 -e "s|DHCP=.*|DHCP=no|"\
45 -e "s|DHCP=.*|DHCP=no|"\
46 -e "s|Address=\$|Address=${NET_ADDRESS}|"\
46 -e "s|Address=\$|Address=${NET_ADDRESS}|"\
47 -e "s|Gateway=\$|Gateway=${NET_GATEWAY}|"\
47 -e "s|Gateway=\$|Gateway=${NET_GATEWAY}|"\
48 -e "0,/DNS=\$/ s|DNS=\$|DNS=${NET_DNS_1}|"\
48 -e "0,/DNS=\$/ s|DNS=\$|DNS=${NET_DNS_1}|"\
49 -e "0,/DNS=\$/ s|DNS=\$|DNS=${NET_DNS_2}|"\
49 -e "0,/DNS=\$/ s|DNS=\$|DNS=${NET_DNS_2}|"\
50 -e "s|Domains=\$|Domains=${NET_DNS_DOMAINS}|"\
50 -e "s|Domains=\$|Domains=${NET_DNS_DOMAINS}|"\
51 -e "0,/NTP=\$/ s|NTP=\$|NTP=${NET_NTP_1}|"\
51 -e "0,/NTP=\$/ s|NTP=\$|NTP=${NET_NTP_1}|"\
52 -e "0,/NTP=\$/ s|NTP=\$|NTP=${NET_NTP_2}|"\
52 -e "0,/NTP=\$/ s|NTP=\$|NTP=${NET_NTP_2}|"\
53 "${ETC_DIR}/systemd/network/eth.network"
53 "${ETC_DIR}/systemd/network/eth.network"
54 fi
54 fi
55
55
56 # Remove empty settings from network configuration
56 # Remove empty settings from network configuration
57 sed -i "/.*=\$/d" "${ETC_DIR}/systemd/network/eth.network"
57 sed -i "/.*=\$/d" "${ETC_DIR}/systemd/network/eth.network"
58
58
59 # Move systemd network configuration if required by Debian release stretch or buster
59 # Move systemd network configuration if required by Debian release
60 if [ "$RELEASE" = "stretch" ] || [ "$RELEASE" = "buster" ] ; then
60 if [ "$RELEASE" = "stretch" ] || [ "$RELEASE" = "buster" ] ; then
61 mv -v "${ETC_DIR}/systemd/network/eth.network" "${LIB_DIR}/systemd/network/10-eth.network"
61 mv -v "${ETC_DIR}/systemd/network/eth.network" "${LIB_DIR}/systemd/network/10-eth.network"
62 rm -fr "${ETC_DIR}/systemd/network"
62 rm -fr "${ETC_DIR}/systemd/network"
63 fi
63 fi
64
64
65 # Enable systemd-networkd service
65 # Enable systemd-networkd service
66 chroot_exec systemctl enable systemd-networkd
66 chroot_exec systemctl enable systemd-networkd
67
67
68 # Install host.conf resolver configuration
68 # Install host.conf resolver configuration
69 install_readonly files/network/host.conf "${ETC_DIR}/host.conf"
69 install_readonly files/network/host.conf "${ETC_DIR}/host.conf"
70
70
71 # Enable network stack hardening
71 # Enable network stack hardening
72 if [ "$ENABLE_HARDNET" = true ] ; then
72 if [ "$ENABLE_HARDNET" = true ] ; then
73 # Install sysctl.d configuration files
73 # Install sysctl.d configuration files
74 install_readonly files/sysctl.d/82-rpi-net-hardening.conf "${ETC_DIR}/sysctl.d/82-rpi-net-hardening.conf"
74 install_readonly files/sysctl.d/82-rpi-net-hardening.conf "${ETC_DIR}/sysctl.d/82-rpi-net-hardening.conf"
75
75
76 # Setup resolver warnings about spoofed addresses
76 # Setup resolver warnings about spoofed addresses
77 sed -i "s/^# spoof warn/spoof warn/" "${ETC_DIR}/host.conf"
77 sed -i "s/^# spoof warn/spoof warn/" "${ETC_DIR}/host.conf"
78 fi
78 fi
79
79
80 # Enable time sync
80 # Enable time sync
81 if [ "NET_NTP_1" != "" ] ; then
81 if [ "NET_NTP_1" != "" ] ; then
82 chroot_exec systemctl enable systemd-timesyncd.service
82 chroot_exec systemctl enable systemd-timesyncd.service
83 fi
83 fi
84
84
85 # Download the firmware binary blob required to use the RPi3 wireless interface
85 # Download the firmware binary blob required to use the RPi3 wireless interface
86 if [ "$ENABLE_WIRELESS" = true ] ; then
86 if [ "$ENABLE_WIRELESS" = true ] ; then
87 if [ ! -d ${WLAN_FIRMWARE_DIR} ] ; then
87 if [ ! -d ${WLAN_FIRMWARE_DIR} ] ; then
88 mkdir -p ${WLAN_FIRMWARE_DIR}
88 mkdir -p ${WLAN_FIRMWARE_DIR}
89 fi
89 fi
90
90
91 # Create temporary directory for firmware binary blob
91 # Create temporary directory for firmware binary blob
92 temp_dir=$(as_nobody mktemp -d)
92 temp_dir=$(as_nobody mktemp -d)
93
93
94 # Fetch firmware binary blob
94 # Fetch firmware binary blob
95 as_nobody wget -q -O "${temp_dir}/brcmfmac43430-sdio.bin" "${WLAN_FIRMWARE_URL}/brcmfmac43430-sdio.bin"
95 as_nobody wget -q -O "${temp_dir}/brcmfmac43430-sdio.bin" "${WLAN_FIRMWARE_URL}/brcmfmac43430-sdio.bin"
96 as_nobody wget -q -O "${temp_dir}/brcmfmac43430-sdio.txt" "${WLAN_FIRMWARE_URL}/brcmfmac43430-sdio.txt"
96 as_nobody wget -q -O "${temp_dir}/brcmfmac43430-sdio.txt" "${WLAN_FIRMWARE_URL}/brcmfmac43430-sdio.txt"
97
97
98 # Move downloaded firmware binary blob
98 # Move downloaded firmware binary blob
99 mv "${temp_dir}/brcmfmac43430-sdio."* "${WLAN_FIRMWARE_DIR}/"
99 mv "${temp_dir}/brcmfmac43430-sdio."* "${WLAN_FIRMWARE_DIR}/"
100
100
101 # Remove temporary directory for firmware binary blob
101 # Remove temporary directory for firmware binary blob
102 rm -fr "${temp_dir}"
102 rm -fr "${temp_dir}"
103
103
104 # Set permissions of the firmware binary blob
104 # Set permissions of the firmware binary blob
105 chown root:root "${WLAN_FIRMWARE_DIR}/brcmfmac43430-sdio."*
105 chown root:root "${WLAN_FIRMWARE_DIR}/brcmfmac43430-sdio."*
106 chmod 600 "${WLAN_FIRMWARE_DIR}/brcmfmac43430-sdio."*
106 chmod 600 "${WLAN_FIRMWARE_DIR}/brcmfmac43430-sdio."*
107 fi
107 fi
@@ -1,49 +1,51
1 #
1 #
2 # Build and Setup fbturbo Xorg driver
2 # Build and Setup fbturbo Xorg driver
3 #
3 #
4
4
5 # Load utility functions
5 # Load utility functions
6 . ./functions.sh
6 . ./functions.sh
7
7
8 if [ "$ENABLE_FBTURBO" = true ] ; then
8 if [ "$ENABLE_FBTURBO" = true ] ; then
9 # Install c/c++ build environment inside the chroot
9 # Install c/c++ build environment inside the chroot
10 chroot_install_cc
10 chroot_install_cc
11
11
12 # Copy existing fbturbo sources into chroot directory
12 # Copy existing fbturbo sources into chroot directory
13 if [ -n "$FBTURBOSRC_DIR" ] && [ -d "$FBTURBOSRC_DIR" ] ; then
13 if [ -n "$FBTURBOSRC_DIR" ] && [ -d "$FBTURBOSRC_DIR" ] ; then
14 # Copy local fbturbo sources
14 # Copy local fbturbo sources
15 cp -r "${FBTURBOSRC_DIR}" "${R}/tmp"
15 cp -r "${FBTURBOSRC_DIR}" "${R}/tmp"
16 else
16 else
17 # Create temporary directory for fbturbo sources
17 # Create temporary directory for fbturbo sources
18 temp_dir=$(as_nobody mktemp -d)
18 temp_dir=$(as_nobody mktemp -d)
19
19
20 # Fetch fbturbo sources
20 # Fetch fbturbo sources
21 as_nobody git -C "${temp_dir}" clone "${FBTURBO_URL}"
21 as_nobody git -C "${temp_dir}" clone "${FBTURBO_URL}"
22
22
23 # Move downloaded fbturbo sources
23 # Move downloaded fbturbo sources
24 mv "${temp_dir}/xf86-video-fbturbo" "${R}/tmp/"
24 mv "${temp_dir}/xf86-video-fbturbo" "${R}/tmp/"
25
25
26 # Remove temporary directory for fbturbo sources
26 # Remove temporary directory for fbturbo sources
27 rm -fr "${temp_dir}"
27 rm -fr "${temp_dir}"
28 fi
28 fi
29
29
30 # Install Xorg build dependencies
30 # Install Xorg build dependencies
31 if [ "$RELEASE" = "jessie" ] || [ "$RELEASE" = "stretch" ] || [ "$RELEASE" = "buster" ] ; then
31 if [ "$RELEASE" = "jessie" ] || [ "$RELEASE" = "stretch" ] || [ "$RELEASE" = "buster" ] ; then
32 chroot_exec apt-get -q -y --no-install-recommends install xorg-dev xutils-dev x11proto-dri2-dev libltdl-dev libtool automake libdrm-dev
32 chroot_exec apt-get -q -y --no-install-recommends install xorg-dev xutils-dev x11proto-dri2-dev libltdl-dev libtool automake libdrm-dev
33 elif [ "$RELEASE" = "stretch" ] || [ "$RELEASE" = "buster" ] ; then
34 chroot_exec apt-get -q -y --no-install-recommends --allow-unauthenticated install xorg-dev xutils-dev x11proto-dri2-dev libltdl-dev libtool automake libdrm-dev
33 fi
35 fi
34
36
35 # Build and install fbturbo driver inside chroot
37 # Build and install fbturbo driver inside chroot
36 chroot_exec /bin/bash -x <<'EOF'
38 chroot_exec /bin/bash -x <<'EOF'
37 cd /tmp/xf86-video-fbturbo
39 cd /tmp/xf86-video-fbturbo
38 autoreconf -vi
40 autoreconf -vi
39 ./configure --prefix=/usr
41 ./configure --prefix=/usr
40 make
42 make
41 make install
43 make install
42 EOF
44 EOF
43
45
44 # Install fbturbo driver Xorg configuration
46 # Install fbturbo driver Xorg configuration
45 install_readonly files/xorg/99-fbturbo.conf "${R}/usr/share/X11/xorg.conf.d/99-fbturbo.conf"
47 install_readonly files/xorg/99-fbturbo.conf "${R}/usr/share/X11/xorg.conf.d/99-fbturbo.conf"
46
48
47 # Remove Xorg build dependencies
49 # Remove Xorg build dependencies
48 chroot_exec apt-get -qq -y --auto-remove purge xorg-dev xutils-dev x11proto-dri2-dev libltdl-dev libtool automake libdrm-dev
50 chroot_exec apt-get -qq -y --auto-remove purge xorg-dev xutils-dev x11proto-dri2-dev libltdl-dev libtool automake libdrm-dev
49 fi
51 fi
@@ -1,85 +1,85
1 #
1 #
2 # Reduce system disk usage
2 # Reduce system disk usage
3 #
3 #
4
4
5 # Load utility functions
5 # Load utility functions
6 . ./functions.sh
6 . ./functions.sh
7
7
8 # Reduce the image size by various operations
8 # Reduce the image size by various operations
9 if [ "$ENABLE_REDUCE" = true ] ; then
9 if [ "$ENABLE_REDUCE" = true ] ; then
10 if [ "$REDUCE_APT" = true ] ; then
10 if [ "$REDUCE_APT" = true ] ; then
11 # Install dpkg configuration file
11 # Install dpkg configuration file
12 if [ "$REDUCE_DOC" = true ] || [ "$REDUCE_MAN" = true ] ; then
12 if [ "$REDUCE_DOC" = true ] || [ "$REDUCE_MAN" = true ] ; then
13 install_readonly files/dpkg/01nodoc "${ETC_DIR}/dpkg/dpkg.cfg.d/01nodoc"
13 install_readonly files/dpkg/01nodoc "${ETC_DIR}/dpkg/dpkg.cfg.d/01nodoc"
14 fi
14 fi
15
15
16 # Install APT configuration files
16 # Install APT configuration files
17 install_readonly files/apt/02nocache "${ETC_DIR}/apt/apt.conf.d/02nocache"
17 install_readonly files/apt/02nocache "${ETC_DIR}/apt/apt.conf.d/02nocache"
18 install_readonly files/apt/03compress "${ETC_DIR}/apt/apt.conf.d/03compress"
18 install_readonly files/apt/03compress "${ETC_DIR}/apt/apt.conf.d/03compress"
19 install_readonly files/apt/04norecommends "${ETC_DIR}/apt/apt.conf.d/04norecommends"
19 install_readonly files/apt/04norecommends "${ETC_DIR}/apt/apt.conf.d/04norecommends"
20
20
21 # Remove APT cache files
21 # Remove APT cache files
22 rm -fr "${R}/var/cache/apt/pkgcache.bin"
22 rm -fr "${R}/var/cache/apt/pkgcache.bin"
23 rm -fr "${R}/var/cache/apt/srcpkgcache.bin"
23 rm -fr "${R}/var/cache/apt/srcpkgcache.bin"
24 fi
24 fi
25
25
26 # Remove all doc files
26 # Remove all doc files
27 if [ "$REDUCE_DOC" = true ] ; then
27 if [ "$REDUCE_DOC" = true ] ; then
28 find "${R}/usr/share/doc" -depth -type f ! -name copyright | xargs rm || true
28 find "${R}/usr/share/doc" -depth -type f ! -name copyright | xargs rm || true
29 find "${R}/usr/share/doc" -empty | xargs rmdir || true
29 find "${R}/usr/share/doc" -empty | xargs rmdir || true
30 fi
30 fi
31
31
32 # Remove all man pages and info files
32 # Remove all man pages and info files
33 if [ "$REDUCE_MAN" = true ] ; then
33 if [ "$REDUCE_MAN" = true ] ; then
34 rm -rf "${R}/usr/share/man" "${R}/usr/share/groff" "${R}/usr/share/info" "${R}/usr/share/lintian" "${R}/usr/share/linda" "${R}/var/cache/man"
34 rm -rf "${R}/usr/share/man" "${R}/usr/share/groff" "${R}/usr/share/info" "${R}/usr/share/lintian" "${R}/usr/share/linda" "${R}/var/cache/man"
35 fi
35 fi
36
36
37 # Remove all locale translation files
37 # Remove all locale translation files
38 if [ "$REDUCE_LOCALE" = true ] ; then
38 if [ "$REDUCE_LOCALE" = true ] ; then
39 find "${R}/usr/share/locale" -mindepth 1 -maxdepth 1 ! -name 'en' | xargs rm -r
39 find "${R}/usr/share/locale" -mindepth 1 -maxdepth 1 ! -name 'en' | xargs rm -r
40 fi
40 fi
41
41
42 # Remove hwdb PCI device classes (experimental)
42 # Remove hwdb PCI device classes (experimental)
43 if [ "$REDUCE_HWDB" = true ] ; then
43 if [ "$REDUCE_HWDB" = true ] ; then
44 rm -fr "/lib/udev/hwdb.d/20-pci-*"
44 rm -fr "/lib/udev/hwdb.d/20-pci-*"
45 fi
45 fi
46
46
47 # Replace bash shell by dash shell (experimental)
47 # Replace bash shell by dash shell (experimental)
48 if [ "$REDUCE_BASH" = true ] ; then
48 if [ "$REDUCE_BASH" = true ] ; then
49 if [ "$RELEASE" = "stretch" ] ; then
49 if [ "$RELEASE" = "stretch" ] || [ "$RELEASE" = "buster" ] ; then
50 echo "Yes, do as I say!" | chroot_exec apt-get purge -qq -y --allow-remove-essential bash
50 echo "Yes, do as I say!" | chroot_exec apt-get purge -qq -y --allow-remove-essential bash
51 else
51 else
52 echo "Yes, do as I say!" | chroot_exec apt-get purge -qq -y --force-yes bash
52 echo "Yes, do as I say!" | chroot_exec apt-get purge -qq -y --force-yes bash
53 fi
53 fi
54
54
55 chroot_exec update-alternatives --install /bin/bash bash /bin/dash 100
55 chroot_exec update-alternatives --install /bin/bash bash /bin/dash 100
56 fi
56 fi
57
57
58 # Remove sound utils and libraries
58 # Remove sound utils and libraries
59 if [ "$ENABLE_SOUND" = false ] ; then
59 if [ "$ENABLE_SOUND" = false ] ; then
60 chroot_exec apt-get -qq -y purge alsa-utils libsamplerate0 libasound2 libasound2-data
60 chroot_exec apt-get -qq -y purge alsa-utils libsamplerate0 libasound2 libasound2-data
61 fi
61 fi
62
62
63 # Re-install tools for managing kernel modules
63 # Re-install tools for managing kernel modules
64 if [ "$RELEASE" = "jessie" ] ; then
64 if [ "$RELEASE" = "jessie" ] ; then
65 chroot_exec apt-get -qq -y install module-init-tools
65 chroot_exec apt-get -qq -y install module-init-tools
66 fi
66 fi
67
67
68 # Remove GPU kernels
68 # Remove GPU kernels
69 if [ "$ENABLE_MINGPU" = true ] ; then
69 if [ "$ENABLE_MINGPU" = true ] ; then
70 rm -f "${BOOT_DIR}/start.elf"
70 rm -f "${BOOT_DIR}/start.elf"
71 rm -f "${BOOT_DIR}/fixup.dat"
71 rm -f "${BOOT_DIR}/fixup.dat"
72 rm -f "${BOOT_DIR}/start_x.elf"
72 rm -f "${BOOT_DIR}/start_x.elf"
73 rm -f "${BOOT_DIR}/fixup_x.dat"
73 rm -f "${BOOT_DIR}/fixup_x.dat"
74 fi
74 fi
75
75
76 # Remove kernel and initrd from /boot (already in /boot/firmware)
76 # Remove kernel and initrd from /boot (already in /boot/firmware)
77 if [ "$BUILD_KERNEL" = false ] ; then
77 if [ "$BUILD_KERNEL" = false ] ; then
78 rm -f "${R}/boot/vmlinuz-*"
78 rm -f "${R}/boot/vmlinuz-*"
79 rm -f "${R}/boot/initrd.img-*"
79 rm -f "${R}/boot/initrd.img-*"
80 fi
80 fi
81
81
82 # Clean APT list of repositories
82 # Clean APT list of repositories
83 rm -fr "${R}/var/lib/apt/lists/*"
83 rm -fr "${R}/var/lib/apt/lists/*"
84 chroot_exec apt-get -qq -y update
84 chroot_exec apt-get -qq -y update
85 fi
85 fi
@@ -1,79 +1,81
1 # This file contains utility functions used by rpi23-gen-image.sh
1 # This file contains utility functions used by rpi23-gen-image.sh
2
2
3 cleanup (){
3 cleanup (){
4 set +x
4 set +x
5 set +e
5 set +e
6
6
7 # Identify and kill all processes still using files
7 # Identify and kill all processes still using files
8 echo "killing processes using mount point ..."
8 echo "killing processes using mount point ..."
9 fuser -k "${R}"
9 fuser -k "${R}"
10 sleep 3
10 sleep 3
11 fuser -9 -k -v "${R}"
11 fuser -9 -k -v "${R}"
12
12
13 # Clean up temporary .password file
13 # Clean up temporary .password file
14 if [ -r ".password" ] ; then
14 if [ -r ".password" ] ; then
15 shred -zu .password
15 shred -zu .password
16 fi
16 fi
17
17
18 # Clean up all temporary mount points
18 # Clean up all temporary mount points
19 echo "removing temporary mount points ..."
19 echo "removing temporary mount points ..."
20 umount -l "${R}/proc" 2> /dev/null
20 umount -l "${R}/proc" 2> /dev/null
21 umount -l "${R}/sys" 2> /dev/null
21 umount -l "${R}/sys" 2> /dev/null
22 umount -l "${R}/dev/pts" 2> /dev/null
22 umount -l "${R}/dev/pts" 2> /dev/null
23 umount "$BUILDDIR/mount/boot/firmware" 2> /dev/null
23 umount "$BUILDDIR/mount/boot/firmware" 2> /dev/null
24 umount "$BUILDDIR/mount" 2> /dev/null
24 umount "$BUILDDIR/mount" 2> /dev/null
25 cryptsetup close "${CRYPTFS_MAPPING}" 2> /dev/null
25 cryptsetup close "${CRYPTFS_MAPPING}" 2> /dev/null
26 losetup -d "$ROOT_LOOP" 2> /dev/null
26 losetup -d "$ROOT_LOOP" 2> /dev/null
27 losetup -d "$FRMW_LOOP" 2> /dev/null
27 losetup -d "$FRMW_LOOP" 2> /dev/null
28 trap - 0 1 2 3 6
28 trap - 0 1 2 3 6
29 }
29 }
30
30
31 chroot_exec() {
31 chroot_exec() {
32 # Exec command in chroot
32 # Exec command in chroot
33 LANG=C LC_ALL=C DEBIAN_FRONTEND=noninteractive chroot ${R} $*
33 LANG=C LC_ALL=C DEBIAN_FRONTEND=noninteractive chroot ${R} $*
34 }
34 }
35
35
36 as_nobody() {
36 as_nobody() {
37 # Exec command as user nobody
37 # Exec command as user nobody
38 sudo -E -u nobody LANG=C LC_ALL=C $*
38 sudo -E -u nobody LANG=C LC_ALL=C $*
39 }
39 }
40
40
41 install_readonly() {
41 install_readonly() {
42 # Install file with user read-only permissions
42 # Install file with user read-only permissions
43 install -o root -g root -m 644 $*
43 install -o root -g root -m 644 $*
44 }
44 }
45
45
46 install_exec() {
46 install_exec() {
47 # Install file with root exec permissions
47 # Install file with root exec permissions
48 install -o root -g root -m 744 $*
48 install -o root -g root -m 744 $*
49 }
49 }
50
50
51 use_template () {
51 use_template () {
52 # Test if configuration template file exists
52 # Test if configuration template file exists
53 if [ ! -r "./templates/${CONFIG_TEMPLATE}" ] ; then
53 if [ ! -r "./templates/${CONFIG_TEMPLATE}" ] ; then
54 echo "error: configuration template ${CONFIG_TEMPLATE} not found"
54 echo "error: configuration template ${CONFIG_TEMPLATE} not found"
55 exit 1
55 exit 1
56 fi
56 fi
57
57
58 # Load template configuration parameters
58 # Load template configuration parameters
59 . "./templates/${CONFIG_TEMPLATE}"
59 . "./templates/${CONFIG_TEMPLATE}"
60 }
60 }
61
61
62 chroot_install_cc() {
62 chroot_install_cc() {
63 # Install c/c++ build environment inside the chroot
63 # Install c/c++ build environment inside the chroot
64 if [ -z "${COMPILER_PACKAGES}" ] ; then
64 if [ -z "${COMPILER_PACKAGES}" ] ; then
65 COMPILER_PACKAGES=$(chroot_exec apt-get -s install g++ make bc | grep "^Inst " | awk -v ORS=" " '{ print $2 }')
65 COMPILER_PACKAGES=$(chroot_exec apt-get -s install g++ make bc | grep "^Inst " | awk -v ORS=" " '{ print $2 }')
66
66
67 if [ "$RELEASE" = "jessie" ] || [ "$RELEASE" = "stretch" ] || [ "$RELEASE" = "buster" ] ; then
67 if [ "$RELEASE" = "jessie" ] || [ "$RELEASE" = "stretch" ] || [ "$RELEASE" = "buster" ] ; then
68 chroot_exec apt-get -q -y --no-install-recommends install ${COMPILER_PACKAGES}
68 chroot_exec apt-get -q -y --no-install-recommends install ${COMPILER_PACKAGES}
69 elif [ "$RELEASE" = "stretch" ] || [ "$RELEASE" = "buster" ] ; then
70 chroot_exec apt-get -q -y --allow-unauthenticated --no-install-recommends install ${COMPILER_PACKAGES}
69 fi
71 fi
70 fi
72 fi
71 }
73 }
72
74
73 chroot_remove_cc() {
75 chroot_remove_cc() {
74 # Remove c/c++ build environment from the chroot
76 # Remove c/c++ build environment from the chroot
75 if [ ! -z "${COMPILER_PACKAGES}" ] ; then
77 if [ ! -z "${COMPILER_PACKAGES}" ] ; then
76 chroot_exec apt-get -qq -y --auto-remove purge ${COMPILER_PACKAGES}
78 chroot_exec apt-get -qq -y --auto-remove purge ${COMPILER_PACKAGES}
77 COMPILER_PACKAGES=""
79 COMPILER_PACKAGES=""
78 fi
80 fi
79 }
81 }
@@ -1,659 +1,653
1 #!/bin/sh
1 #!/bin/sh
2
2
3 ########################################################################
3 ########################################################################
4 # rpi23-gen-image.sh 2015-2017
4 # rpi23-gen-image.sh 2015-2017
5 #
5 #
6 # Advanced Debian "jessie" and "stretch" bootstrap script for RPi2/3
6 # Advanced Debian "jessie", "stretch" and "buster" bootstrap script for RPi2/3
7 #
7 #
8 # This program is free software; you can redistribute it and/or
8 # This program is free software; you can redistribute it and/or
9 # modify it under the terms of the GNU General Public License
9 # modify it under the terms of the GNU General Public License
10 # as published by the Free Software Foundation; either version 2
10 # as published by the Free Software Foundation; either version 2
11 # of the License, or (at your option) any later version.
11 # of the License, or (at your option) any later version.
12 #
12 #
13 # Copyright (C) 2015 Jan Wagner <mail@jwagner.eu>
13 # Copyright (C) 2015 Jan Wagner <mail@jwagner.eu>
14 #
14 #
15 # Big thanks for patches and enhancements by 10+ github contributors!
15 # Big thanks for patches and enhancements by 20+ github contributors!
16 ########################################################################
16 ########################################################################
17
17
18 # Are we running as root?
18 # Are we running as root?
19 if [ "$(id -u)" -ne "0" ] ; then
19 if [ "$(id -u)" -ne "0" ] ; then
20 echo "error: this script must be executed with root privileges!"
20 echo "error: this script must be executed with root privileges!"
21 exit 1
21 exit 1
22 fi
22 fi
23
23
24 # Check if ./functions.sh script exists
24 # Check if ./functions.sh script exists
25 if [ ! -r "./functions.sh" ] ; then
25 if [ ! -r "./functions.sh" ] ; then
26 echo "error: './functions.sh' required script not found!"
26 echo "error: './functions.sh' required script not found!"
27 exit 1
27 exit 1
28 fi
28 fi
29
29
30 # Load utility functions
30 # Load utility functions
31 . ./functions.sh
31 . ./functions.sh
32
32
33 # Load parameters from configuration template file
33 # Load parameters from configuration template file
34 if [ ! -z "$CONFIG_TEMPLATE" ] ; then
34 if [ ! -z "$CONFIG_TEMPLATE" ] ; then
35 use_template
35 use_template
36 fi
36 fi
37
37
38 # Introduce settings
38 # Introduce settings
39 set -e
39 set -e
40 echo -n -e "\n#\n# RPi2/3 Bootstrap Settings\n#\n"
40 echo -n -e "\n#\n# RPi2/3 Bootstrap Settings\n#\n"
41 set -x
41 set -x
42
42
43 # Raspberry Pi model configuration
43 # Raspberry Pi model configuration
44 RPI_MODEL=${RPI_MODEL:=2}
44 RPI_MODEL=${RPI_MODEL:=2}
45 RPI2_DTB_FILE=${RPI2_DTB_FILE:=bcm2709-rpi-2-b.dtb}
45 RPI2_DTB_FILE=${RPI2_DTB_FILE:=bcm2709-rpi-2-b.dtb}
46 RPI2_UBOOT_CONFIG=${RPI2_UBOOT_CONFIG:=rpi_2_defconfig}
46 RPI2_UBOOT_CONFIG=${RPI2_UBOOT_CONFIG:=rpi_2_defconfig}
47 RPI3_DTB_FILE=${RPI3_DTB_FILE:=bcm2710-rpi-3-b.dtb}
47 RPI3_DTB_FILE=${RPI3_DTB_FILE:=bcm2710-rpi-3-b.dtb}
48 RPI3_UBOOT_CONFIG=${RPI3_UBOOT_CONFIG:=rpi_3_32b_defconfig}
48 RPI3_UBOOT_CONFIG=${RPI3_UBOOT_CONFIG:=rpi_3_32b_defconfig}
49
49
50 # Debian release
50 # Debian release
51 RELEASE=${RELEASE:=jessie}
51 RELEASE=${RELEASE:=jessie}
52 KERNEL_ARCH=${KERNEL_ARCH:=arm}
52 KERNEL_ARCH=${KERNEL_ARCH:=arm}
53 RELEASE_ARCH=${RELEASE_ARCH:=armhf}
53 RELEASE_ARCH=${RELEASE_ARCH:=armhf}
54 CROSS_COMPILE=${CROSS_COMPILE:=arm-linux-gnueabihf-}
54 CROSS_COMPILE=${CROSS_COMPILE:=arm-linux-gnueabihf-}
55 COLLABORA_KERNEL=${COLLABORA_KERNEL:=3.18.0-trunk-rpi2}
55 COLLABORA_KERNEL=${COLLABORA_KERNEL:=3.18.0-trunk-rpi2}
56 if [ "$KERNEL_ARCH" = "arm64" ] ; then
56 if [ "$KERNEL_ARCH" = "arm64" ] ; then
57 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcmrpi3_defconfig}
57 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcmrpi3_defconfig}
58 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel8.img}
58 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel8.img}
59 else
59 else
60 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcm2709_defconfig}
60 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcm2709_defconfig}
61 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel7.img}
61 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel7.img}
62 fi
62 fi
63 if [ "$RELEASE_ARCH" = "arm64" ] ; then
63 if [ "$RELEASE_ARCH" = "arm64" ] ; then
64 QEMU_BINARY=${QEMU_BINARY:=/usr/bin/qemu-aarch64-static}
64 QEMU_BINARY=${QEMU_BINARY:=/usr/bin/qemu-aarch64-static}
65 else
65 else
66 QEMU_BINARY=${QEMU_BINARY:=/usr/bin/qemu-arm-static}
66 QEMU_BINARY=${QEMU_BINARY:=/usr/bin/qemu-arm-static}
67 fi
67 fi
68 KERNEL_BRANCH=${KERNEL_BRANCH:=""}
68 KERNEL_BRANCH=${KERNEL_BRANCH:=""}
69
69
70 # URLs
70 # URLs
71 KERNEL_URL=${KERNEL_URL:=https://github.com/raspberrypi/linux}
71 KERNEL_URL=${KERNEL_URL:=https://github.com/raspberrypi/linux}
72 FIRMWARE_URL=${FIRMWARE_URL:=https://github.com/raspberrypi/firmware/raw/master/boot}
72 FIRMWARE_URL=${FIRMWARE_URL:=https://github.com/raspberrypi/firmware/raw/master/boot}
73 WLAN_FIRMWARE_URL=${WLAN_FIRMWARE_URL:=https://github.com/RPi-Distro/firmware-nonfree/raw/master/brcm80211/brcm}
73 WLAN_FIRMWARE_URL=${WLAN_FIRMWARE_URL:=https://github.com/RPi-Distro/firmware-nonfree/raw/master/brcm80211/brcm}
74 COLLABORA_URL=${COLLABORA_URL:=https://repositories.collabora.co.uk/debian}
74 COLLABORA_URL=${COLLABORA_URL:=https://repositories.collabora.co.uk/debian}
75 FBTURBO_URL=${FBTURBO_URL:=https://github.com/ssvb/xf86-video-fbturbo.git}
75 FBTURBO_URL=${FBTURBO_URL:=https://github.com/ssvb/xf86-video-fbturbo.git}
76 UBOOT_URL=${UBOOT_URL:=git://git.denx.de/u-boot.git}
76 UBOOT_URL=${UBOOT_URL:=git://git.denx.de/u-boot.git}
77
77
78 # Build directories
78 # Build directories
79 BASEDIR=${BASEDIR:=$(pwd)/images/${RELEASE}}
79 BASEDIR=${BASEDIR:=$(pwd)/images/${RELEASE}}
80 BUILDDIR="${BASEDIR}/build"
80 BUILDDIR="${BASEDIR}/build"
81
81
82 # Prepare date string for default image file name
82 # Prepare date string for default image file name
83 DATE="$(date +%Y-%m-%d)"
83 DATE="$(date +%Y-%m-%d)"
84 if [ -z "$KERNEL_BRANCH" ] ; then
84 if [ -z "$KERNEL_BRANCH" ] ; then
85 IMAGE_NAME=${IMAGE_NAME:=${BASEDIR}/${DATE}-${KERNEL_ARCH}-CURRENT-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}}
85 IMAGE_NAME=${IMAGE_NAME:=${BASEDIR}/${DATE}-${KERNEL_ARCH}-CURRENT-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}}
86 else
86 else
87 IMAGE_NAME=${IMAGE_NAME:=${BASEDIR}/${DATE}-${KERNEL_ARCH}-${KERNEL_BRANCH}-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}}
87 IMAGE_NAME=${IMAGE_NAME:=${BASEDIR}/${DATE}-${KERNEL_ARCH}-${KERNEL_BRANCH}-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}}
88 fi
88 fi
89
89
90 # Chroot directories
90 # Chroot directories
91 R="${BUILDDIR}/chroot"
91 R="${BUILDDIR}/chroot"
92 ETC_DIR="${R}/etc"
92 ETC_DIR="${R}/etc"
93 LIB_DIR="${R}/lib"
93 LIB_DIR="${R}/lib"
94 BOOT_DIR="${R}/boot/firmware"
94 BOOT_DIR="${R}/boot/firmware"
95 KERNEL_DIR="${R}/usr/src/linux"
95 KERNEL_DIR="${R}/usr/src/linux"
96 WLAN_FIRMWARE_DIR="${R}/lib/firmware/brcm"
96 WLAN_FIRMWARE_DIR="${R}/lib/firmware/brcm"
97
97
98 # Firmware directory: Blank if download from github
98 # Firmware directory: Blank if download from github
99 RPI_FIRMWARE_DIR=${RPI_FIRMWARE_DIR:=""}
99 RPI_FIRMWARE_DIR=${RPI_FIRMWARE_DIR:=""}
100
100
101 # General settings
101 # General settings
102 HOSTNAME=${HOSTNAME:=rpi${RPI_MODEL}-${RELEASE}}
102 HOSTNAME=${HOSTNAME:=rpi${RPI_MODEL}-${RELEASE}}
103 PASSWORD=${PASSWORD:=raspberry}
103 PASSWORD=${PASSWORD:=raspberry}
104 USER_PASSWORD=${USER_PASSWORD:=raspberry}
104 USER_PASSWORD=${USER_PASSWORD:=raspberry}
105 DEFLOCAL=${DEFLOCAL:="en_US.UTF-8"}
105 DEFLOCAL=${DEFLOCAL:="en_US.UTF-8"}
106 TIMEZONE=${TIMEZONE:="Europe/Berlin"}
106 TIMEZONE=${TIMEZONE:="Europe/Berlin"}
107 EXPANDROOT=${EXPANDROOT:=true}
107 EXPANDROOT=${EXPANDROOT:=true}
108
108
109 # Keyboard settings
109 # Keyboard settings
110 XKB_MODEL=${XKB_MODEL:=""}
110 XKB_MODEL=${XKB_MODEL:=""}
111 XKB_LAYOUT=${XKB_LAYOUT:=""}
111 XKB_LAYOUT=${XKB_LAYOUT:=""}
112 XKB_VARIANT=${XKB_VARIANT:=""}
112 XKB_VARIANT=${XKB_VARIANT:=""}
113 XKB_OPTIONS=${XKB_OPTIONS:=""}
113 XKB_OPTIONS=${XKB_OPTIONS:=""}
114
114
115 # Network settings (DHCP)
115 # Network settings (DHCP)
116 ENABLE_DHCP=${ENABLE_DHCP:=true}
116 ENABLE_DHCP=${ENABLE_DHCP:=true}
117
117
118 # Network settings (static)
118 # Network settings (static)
119 NET_ADDRESS=${NET_ADDRESS:=""}
119 NET_ADDRESS=${NET_ADDRESS:=""}
120 NET_GATEWAY=${NET_GATEWAY:=""}
120 NET_GATEWAY=${NET_GATEWAY:=""}
121 NET_DNS_1=${NET_DNS_1:=""}
121 NET_DNS_1=${NET_DNS_1:=""}
122 NET_DNS_2=${NET_DNS_2:=""}
122 NET_DNS_2=${NET_DNS_2:=""}
123 NET_DNS_DOMAINS=${NET_DNS_DOMAINS:=""}
123 NET_DNS_DOMAINS=${NET_DNS_DOMAINS:=""}
124 NET_NTP_1=${NET_NTP_1:=""}
124 NET_NTP_1=${NET_NTP_1:=""}
125 NET_NTP_2=${NET_NTP_2:=""}
125 NET_NTP_2=${NET_NTP_2:=""}
126
126
127 # APT settings
127 # APT settings
128 APT_PROXY=${APT_PROXY:=""}
128 APT_PROXY=${APT_PROXY:=""}
129 APT_SERVER=${APT_SERVER:="ftp.debian.org"}
129 APT_SERVER=${APT_SERVER:="ftp.debian.org"}
130
130
131 # Feature settings
131 # Feature settings
132 ENABLE_CONSOLE=${ENABLE_CONSOLE:=true}
132 ENABLE_CONSOLE=${ENABLE_CONSOLE:=true}
133 ENABLE_I2C=${ENABLE_I2C:=false}
133 ENABLE_I2C=${ENABLE_I2C:=false}
134 ENABLE_SPI=${ENABLE_SPI:=false}
134 ENABLE_SPI=${ENABLE_SPI:=false}
135 ENABLE_IPV6=${ENABLE_IPV6:=true}
135 ENABLE_IPV6=${ENABLE_IPV6:=true}
136 ENABLE_SSHD=${ENABLE_SSHD:=true}
136 ENABLE_SSHD=${ENABLE_SSHD:=true}
137 ENABLE_NONFREE=${ENABLE_NONFREE:=false}
137 ENABLE_NONFREE=${ENABLE_NONFREE:=false}
138 ENABLE_WIRELESS=${ENABLE_WIRELESS:=false}
138 ENABLE_WIRELESS=${ENABLE_WIRELESS:=false}
139 ENABLE_SOUND=${ENABLE_SOUND:=true}
139 ENABLE_SOUND=${ENABLE_SOUND:=true}
140 ENABLE_DBUS=${ENABLE_DBUS:=true}
140 ENABLE_DBUS=${ENABLE_DBUS:=true}
141 ENABLE_HWRANDOM=${ENABLE_HWRANDOM:=true}
141 ENABLE_HWRANDOM=${ENABLE_HWRANDOM:=true}
142 ENABLE_MINGPU=${ENABLE_MINGPU:=false}
142 ENABLE_MINGPU=${ENABLE_MINGPU:=false}
143 ENABLE_XORG=${ENABLE_XORG:=false}
143 ENABLE_XORG=${ENABLE_XORG:=false}
144 ENABLE_WM=${ENABLE_WM:=""}
144 ENABLE_WM=${ENABLE_WM:=""}
145 ENABLE_RSYSLOG=${ENABLE_RSYSLOG:=true}
145 ENABLE_RSYSLOG=${ENABLE_RSYSLOG:=true}
146 ENABLE_USER=${ENABLE_USER:=true}
146 ENABLE_USER=${ENABLE_USER:=true}
147 USER_NAME=${USER_NAME:="pi"}
147 USER_NAME=${USER_NAME:="pi"}
148 ENABLE_ROOT=${ENABLE_ROOT:=false}
148 ENABLE_ROOT=${ENABLE_ROOT:=false}
149
149
150 # SSH settings
150 # SSH settings
151 SSH_ENABLE_ROOT=${SSH_ENABLE_ROOT:=false}
151 SSH_ENABLE_ROOT=${SSH_ENABLE_ROOT:=false}
152 SSH_DISABLE_PASSWORD_AUTH=${SSH_DISABLE_PASSWORD_AUTH:=false}
152 SSH_DISABLE_PASSWORD_AUTH=${SSH_DISABLE_PASSWORD_AUTH:=false}
153 SSH_LIMIT_USERS=${SSH_LIMIT_USERS:=false}
153 SSH_LIMIT_USERS=${SSH_LIMIT_USERS:=false}
154 SSH_ROOT_PUB_KEY=${SSH_ROOT_PUB_KEY:=""}
154 SSH_ROOT_PUB_KEY=${SSH_ROOT_PUB_KEY:=""}
155 SSH_USER_PUB_KEY=${SSH_USER_PUB_KEY:=""}
155 SSH_USER_PUB_KEY=${SSH_USER_PUB_KEY:=""}
156
156
157 # Advanced settings
157 # Advanced settings
158 ENABLE_MINBASE=${ENABLE_MINBASE:=false}
158 ENABLE_MINBASE=${ENABLE_MINBASE:=false}
159 ENABLE_REDUCE=${ENABLE_REDUCE:=false}
159 ENABLE_REDUCE=${ENABLE_REDUCE:=false}
160 ENABLE_UBOOT=${ENABLE_UBOOT:=false}
160 ENABLE_UBOOT=${ENABLE_UBOOT:=false}
161 UBOOTSRC_DIR=${UBOOTSRC_DIR:=""}
161 UBOOTSRC_DIR=${UBOOTSRC_DIR:=""}
162 ENABLE_FBTURBO=${ENABLE_FBTURBO:=false}
162 ENABLE_FBTURBO=${ENABLE_FBTURBO:=false}
163 FBTURBOSRC_DIR=${FBTURBOSRC_DIR:=""}
163 FBTURBOSRC_DIR=${FBTURBOSRC_DIR:=""}
164 ENABLE_HARDNET=${ENABLE_HARDNET:=false}
164 ENABLE_HARDNET=${ENABLE_HARDNET:=false}
165 ENABLE_IPTABLES=${ENABLE_IPTABLES:=false}
165 ENABLE_IPTABLES=${ENABLE_IPTABLES:=false}
166 ENABLE_SPLITFS=${ENABLE_SPLITFS:=false}
166 ENABLE_SPLITFS=${ENABLE_SPLITFS:=false}
167 ENABLE_INITRAMFS=${ENABLE_INITRAMFS:=false}
167 ENABLE_INITRAMFS=${ENABLE_INITRAMFS:=false}
168 ENABLE_IFNAMES=${ENABLE_IFNAMES:=true}
168 ENABLE_IFNAMES=${ENABLE_IFNAMES:=true}
169 DISABLE_UNDERVOLT_WARNINGS=${DISABLE_UNDERVOLT_WARNINGS:=}
169 DISABLE_UNDERVOLT_WARNINGS=${DISABLE_UNDERVOLT_WARNINGS:=}
170
170
171 # Kernel compilation settings
171 # Kernel compilation settings
172 BUILD_KERNEL=${BUILD_KERNEL:=false}
172 BUILD_KERNEL=${BUILD_KERNEL:=false}
173 KERNEL_REDUCE=${KERNEL_REDUCE:=false}
173 KERNEL_REDUCE=${KERNEL_REDUCE:=false}
174 KERNEL_THREADS=${KERNEL_THREADS:=1}
174 KERNEL_THREADS=${KERNEL_THREADS:=1}
175 KERNEL_HEADERS=${KERNEL_HEADERS:=true}
175 KERNEL_HEADERS=${KERNEL_HEADERS:=true}
176 KERNEL_MENUCONFIG=${KERNEL_MENUCONFIG:=false}
176 KERNEL_MENUCONFIG=${KERNEL_MENUCONFIG:=false}
177 KERNEL_REMOVESRC=${KERNEL_REMOVESRC:=true}
177 KERNEL_REMOVESRC=${KERNEL_REMOVESRC:=true}
178 if [ "$KERNEL_ARCH" = "arm64" ] ; then
178 if [ "$KERNEL_ARCH" = "arm64" ] ; then
179 KERNEL_BIN_IMAGE=${KERNEL_BIN_IMAGE:="Image"}
179 KERNEL_BIN_IMAGE=${KERNEL_BIN_IMAGE:="Image"}
180 else
180 else
181 KERNEL_BIN_IMAGE=${KERNEL_BIN_IMAGE:="zImage"}
181 KERNEL_BIN_IMAGE=${KERNEL_BIN_IMAGE:="zImage"}
182 fi
182 fi
183
183
184 # Kernel compilation from source directory settings
184 # Kernel compilation from source directory settings
185 KERNELSRC_DIR=${KERNELSRC_DIR:=""}
185 KERNELSRC_DIR=${KERNELSRC_DIR:=""}
186 KERNELSRC_CLEAN=${KERNELSRC_CLEAN:=false}
186 KERNELSRC_CLEAN=${KERNELSRC_CLEAN:=false}
187 KERNELSRC_CONFIG=${KERNELSRC_CONFIG:=true}
187 KERNELSRC_CONFIG=${KERNELSRC_CONFIG:=true}
188 KERNELSRC_PREBUILT=${KERNELSRC_PREBUILT:=false}
188 KERNELSRC_PREBUILT=${KERNELSRC_PREBUILT:=false}
189
189
190 # Reduce disk usage settings
190 # Reduce disk usage settings
191 REDUCE_APT=${REDUCE_APT:=true}
191 REDUCE_APT=${REDUCE_APT:=true}
192 REDUCE_DOC=${REDUCE_DOC:=true}
192 REDUCE_DOC=${REDUCE_DOC:=true}
193 REDUCE_MAN=${REDUCE_MAN:=true}
193 REDUCE_MAN=${REDUCE_MAN:=true}
194 REDUCE_VIM=${REDUCE_VIM:=false}
194 REDUCE_VIM=${REDUCE_VIM:=false}
195 REDUCE_BASH=${REDUCE_BASH:=false}
195 REDUCE_BASH=${REDUCE_BASH:=false}
196 REDUCE_HWDB=${REDUCE_HWDB:=true}
196 REDUCE_HWDB=${REDUCE_HWDB:=true}
197 REDUCE_SSHD=${REDUCE_SSHD:=true}
197 REDUCE_SSHD=${REDUCE_SSHD:=true}
198 REDUCE_LOCALE=${REDUCE_LOCALE:=true}
198 REDUCE_LOCALE=${REDUCE_LOCALE:=true}
199
199
200 # Encrypted filesystem settings
200 # Encrypted filesystem settings
201 ENABLE_CRYPTFS=${ENABLE_CRYPTFS:=false}
201 ENABLE_CRYPTFS=${ENABLE_CRYPTFS:=false}
202 CRYPTFS_PASSWORD=${CRYPTFS_PASSWORD:=""}
202 CRYPTFS_PASSWORD=${CRYPTFS_PASSWORD:=""}
203 CRYPTFS_MAPPING=${CRYPTFS_MAPPING:="secure"}
203 CRYPTFS_MAPPING=${CRYPTFS_MAPPING:="secure"}
204 CRYPTFS_CIPHER=${CRYPTFS_CIPHER:="aes-xts-plain64:sha512"}
204 CRYPTFS_CIPHER=${CRYPTFS_CIPHER:="aes-xts-plain64:sha512"}
205 CRYPTFS_XTSKEYSIZE=${CRYPTFS_XTSKEYSIZE:=512}
205 CRYPTFS_XTSKEYSIZE=${CRYPTFS_XTSKEYSIZE:=512}
206
206
207 # Stop the Crypto Wars
207 # Stop the Crypto Wars
208 DISABLE_FBI=${DISABLE_FBI:=false}
208 DISABLE_FBI=${DISABLE_FBI:=false}
209
209
210 # Chroot scripts directory
210 # Chroot scripts directory
211 CHROOT_SCRIPTS=${CHROOT_SCRIPTS:=""}
211 CHROOT_SCRIPTS=${CHROOT_SCRIPTS:=""}
212
212
213 # Packages required in the chroot build environment
213 # Packages required in the chroot build environment
214 APT_INCLUDES=${APT_INCLUDES:=""}
214 APT_INCLUDES=${APT_INCLUDES:=""}
215 APT_INCLUDES="${APT_INCLUDES},apt-transport-https,apt-utils,ca-certificates,debian-archive-keyring,dialog,sudo,systemd,sysvinit-utils"
215 APT_INCLUDES="${APT_INCLUDES},apt-transport-https,apt-utils,ca-certificates,debian-archive-keyring,dialog,sudo,systemd,sysvinit-utils"
216
216
217 # Package apt-transport-https has been removed from Debian Buster release
218 # this induces qemu error 383 which does not prevent building an image
219 if [ "$RELEASE" = "buster" ] ; then
220 APT_INCLUDES="$(echo ${APT_INCLUDES} | sed "s/apt-transport-https,//")"
221 fi
222
223 # Packages required for bootstrapping
217 # Packages required for bootstrapping
224 REQUIRED_PACKAGES="debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git bc psmisc dbus sudo"
218 REQUIRED_PACKAGES="debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git bc psmisc dbus sudo"
225 MISSING_PACKAGES=""
219 MISSING_PACKAGES=""
226
220
227 # Packages installed for c/c++ build environment in chroot (keep empty)
221 # Packages installed for c/c++ build environment in chroot (keep empty)
228 COMPILER_PACKAGES=""
222 COMPILER_PACKAGES=""
229
223
230 set +x
224 set +x
231
225
232 # Set Raspberry Pi model specific configuration
226 # Set Raspberry Pi model specific configuration
233 if [ "$RPI_MODEL" = 2 ] ; then
227 if [ "$RPI_MODEL" = 2 ] ; then
234 DTB_FILE=${RPI2_DTB_FILE}
228 DTB_FILE=${RPI2_DTB_FILE}
235 UBOOT_CONFIG=${RPI2_UBOOT_CONFIG}
229 UBOOT_CONFIG=${RPI2_UBOOT_CONFIG}
236 elif [ "$RPI_MODEL" = 3 ] ; then
230 elif [ "$RPI_MODEL" = 3 ] ; then
237 DTB_FILE=${RPI3_DTB_FILE}
231 DTB_FILE=${RPI3_DTB_FILE}
238 UBOOT_CONFIG=${RPI3_UBOOT_CONFIG}
232 UBOOT_CONFIG=${RPI3_UBOOT_CONFIG}
239 BUILD_KERNEL=true
233 BUILD_KERNEL=true
240 else
234 else
241 echo "error: Raspberry Pi model ${RPI_MODEL} is not supported!"
235 echo "error: Raspberry Pi model ${RPI_MODEL} is not supported!"
242 exit 1
236 exit 1
243 fi
237 fi
244
238
245 # Check if the internal wireless interface is supported by the RPi model
239 # Check if the internal wireless interface is supported by the RPi model
246 if [ "$ENABLE_WIRELESS" = true ] && [ "$RPI_MODEL" != 3 ] ; then
240 if [ "$ENABLE_WIRELESS" = true ] && [ "$RPI_MODEL" != 3 ] ; then
247 echo "error: The selected Raspberry Pi model has no internal wireless interface"
241 echo "error: The selected Raspberry Pi model has no internal wireless interface"
248 exit 1
242 exit 1
249 fi
243 fi
250
244
251 # Check if DISABLE_UNDERVOLT_WARNINGS parameter value is supported
245 # Check if DISABLE_UNDERVOLT_WARNINGS parameter value is supported
252 if [ ! -z "$DISABLE_UNDERVOLT_WARNINGS" ] ; then
246 if [ ! -z "$DISABLE_UNDERVOLT_WARNINGS" ] ; then
253 if [ "$DISABLE_UNDERVOLT_WARNINGS" != 1 ] && [ "$DISABLE_UNDERVOLT_WARNINGS" != 2 ] ; then
247 if [ "$DISABLE_UNDERVOLT_WARNINGS" != 1 ] && [ "$DISABLE_UNDERVOLT_WARNINGS" != 2 ] ; then
254 echo "error: DISABLE_UNDERVOLT_WARNINGS=${DISABLE_UNDERVOLT_WARNINGS} is not supported"
248 echo "error: DISABLE_UNDERVOLT_WARNINGS=${DISABLE_UNDERVOLT_WARNINGS} is not supported"
255 exit 1
249 exit 1
256 fi
250 fi
257 fi
251 fi
258
252
259 # Build RPi2/3 Linux kernel if required by Debian release
253 # Build RPi2/3 Linux kernel if required by Debian release
260 if [ "$RELEASE" = "stretch" ] ; then
254 if [ "$RELEASE" = "stretch" ] || [ "$RELEASE" = "buster" ] ; then
261 BUILD_KERNEL=true
255 BUILD_KERNEL=true
262 fi
256 fi
263
257
264 # Add packages required for kernel cross compilation
258 # Add packages required for kernel cross compilation
265 if [ "$BUILD_KERNEL" = true ] ; then
259 if [ "$BUILD_KERNEL" = true ] ; then
266 if [ "$KERNEL_ARCH" = "arm" ] ; then
260 if [ "$KERNEL_ARCH" = "arm" ] ; then
267 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-armhf"
261 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-armhf"
268 else
262 else
269 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-arm64"
263 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-arm64"
270 fi
264 fi
271 fi
265 fi
272
266
273 # Add libncurses5 to enable kernel menuconfig
267 # Add libncurses5 to enable kernel menuconfig
274 if [ "$KERNEL_MENUCONFIG" = true ] ; then
268 if [ "$KERNEL_MENUCONFIG" = true ] ; then
275 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} libncurses5-dev"
269 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} libncurses5-dev"
276 fi
270 fi
277
271
278 # Stop the Crypto Wars
272 # Stop the Crypto Wars
279 if [ "$DISABLE_FBI" = true ] ; then
273 if [ "$DISABLE_FBI" = true ] ; then
280 ENABLE_CRYPTFS=true
274 ENABLE_CRYPTFS=true
281 fi
275 fi
282
276
283 # Add cryptsetup package to enable filesystem encryption
277 # Add cryptsetup package to enable filesystem encryption
284 if [ "$ENABLE_CRYPTFS" = true ] && [ "$BUILD_KERNEL" = true ] ; then
278 if [ "$ENABLE_CRYPTFS" = true ] && [ "$BUILD_KERNEL" = true ] ; then
285 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} cryptsetup"
279 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} cryptsetup"
286 APT_INCLUDES="${APT_INCLUDES},cryptsetup"
280 APT_INCLUDES="${APT_INCLUDES},cryptsetup"
287
281
288 if [ -z "$CRYPTFS_PASSWORD" ] ; then
282 if [ -z "$CRYPTFS_PASSWORD" ] ; then
289 echo "error: no password defined (CRYPTFS_PASSWORD)!"
283 echo "error: no password defined (CRYPTFS_PASSWORD)!"
290 exit 1
284 exit 1
291 fi
285 fi
292 ENABLE_INITRAMFS=true
286 ENABLE_INITRAMFS=true
293 fi
287 fi
294
288
295 # Add initramfs generation tools
289 # Add initramfs generation tools
296 if [ "$ENABLE_INITRAMFS" = true ] && [ "$BUILD_KERNEL" = true ] ; then
290 if [ "$ENABLE_INITRAMFS" = true ] && [ "$BUILD_KERNEL" = true ] ; then
297 APT_INCLUDES="${APT_INCLUDES},initramfs-tools"
291 APT_INCLUDES="${APT_INCLUDES},initramfs-tools"
298 fi
292 fi
299
293
300 # Add device-tree-compiler required for building the U-Boot bootloader
294 # Add device-tree-compiler required for building the U-Boot bootloader
301 if [ "$ENABLE_UBOOT" = true ] ; then
295 if [ "$ENABLE_UBOOT" = true ] ; then
302 APT_INCLUDES="${APT_INCLUDES},device-tree-compiler"
296 APT_INCLUDES="${APT_INCLUDES},device-tree-compiler"
303 fi
297 fi
304
298
305 # Check if root SSH (v2) public key file exists
299 # Check if root SSH (v2) public key file exists
306 if [ ! -z "$SSH_ROOT_PUB_KEY" ] ; then
300 if [ ! -z "$SSH_ROOT_PUB_KEY" ] ; then
307 if [ ! -f "$SSH_ROOT_PUB_KEY" ] ; then
301 if [ ! -f "$SSH_ROOT_PUB_KEY" ] ; then
308 echo "error: '$SSH_ROOT_PUB_KEY' specified SSH public key file not found (SSH_ROOT_PUB_KEY)!"
302 echo "error: '$SSH_ROOT_PUB_KEY' specified SSH public key file not found (SSH_ROOT_PUB_KEY)!"
309 exit 1
303 exit 1
310 fi
304 fi
311 fi
305 fi
312
306
313 # Check if $USER_NAME SSH (v2) public key file exists
307 # Check if $USER_NAME SSH (v2) public key file exists
314 if [ ! -z "$SSH_USER_PUB_KEY" ] ; then
308 if [ ! -z "$SSH_USER_PUB_KEY" ] ; then
315 if [ ! -f "$SSH_USER_PUB_KEY" ] ; then
309 if [ ! -f "$SSH_USER_PUB_KEY" ] ; then
316 echo "error: '$SSH_USER_PUB_KEY' specified SSH public key file not found (SSH_USER_PUB_KEY)!"
310 echo "error: '$SSH_USER_PUB_KEY' specified SSH public key file not found (SSH_USER_PUB_KEY)!"
317 exit 1
311 exit 1
318 fi
312 fi
319 fi
313 fi
320
314
321 # Check if all required packages are installed on the build system
315 # Check if all required packages are installed on the build system
322 for package in $REQUIRED_PACKAGES ; do
316 for package in $REQUIRED_PACKAGES ; do
323 if [ "`dpkg-query -W -f='${Status}' $package`" != "install ok installed" ] ; then
317 if [ "`dpkg-query -W -f='${Status}' $package`" != "install ok installed" ] ; then
324 MISSING_PACKAGES="${MISSING_PACKAGES} $package"
318 MISSING_PACKAGES="${MISSING_PACKAGES} $package"
325 fi
319 fi
326 done
320 done
327
321
328 # If there are missing packages ask confirmation for install, or exit
322 # If there are missing packages ask confirmation for install, or exit
329 if [ -n "$MISSING_PACKAGES" ] ; then
323 if [ -n "$MISSING_PACKAGES" ] ; then
330 echo "the following packages needed by this script are not installed:"
324 echo "the following packages needed by this script are not installed:"
331 echo "$MISSING_PACKAGES"
325 echo "$MISSING_PACKAGES"
332
326
333 echo -n "\ndo you want to install the missing packages right now? [y/n] "
327 echo -n "\ndo you want to install the missing packages right now? [y/n] "
334 read confirm
328 read confirm
335 [ "$confirm" != "y" ] && exit 1
329 [ "$confirm" != "y" ] && exit 1
336
330
337 # Make sure all missing required packages are installed
331 # Make sure all missing required packages are installed
338 apt-get -qq -y install ${MISSING_PACKAGES}
332 apt-get -qq -y install ${MISSING_PACKAGES}
339 fi
333 fi
340
334
341 # Check if ./bootstrap.d directory exists
335 # Check if ./bootstrap.d directory exists
342 if [ ! -d "./bootstrap.d/" ] ; then
336 if [ ! -d "./bootstrap.d/" ] ; then
343 echo "error: './bootstrap.d' required directory not found!"
337 echo "error: './bootstrap.d' required directory not found!"
344 exit 1
338 exit 1
345 fi
339 fi
346
340
347 # Check if ./files directory exists
341 # Check if ./files directory exists
348 if [ ! -d "./files/" ] ; then
342 if [ ! -d "./files/" ] ; then
349 echo "error: './files' required directory not found!"
343 echo "error: './files' required directory not found!"
350 exit 1
344 exit 1
351 fi
345 fi
352
346
353 # Check if specified KERNELSRC_DIR directory exists
347 # Check if specified KERNELSRC_DIR directory exists
354 if [ -n "$KERNELSRC_DIR" ] && [ ! -d "$KERNELSRC_DIR" ] ; then
348 if [ -n "$KERNELSRC_DIR" ] && [ ! -d "$KERNELSRC_DIR" ] ; then
355 echo "error: '${KERNELSRC_DIR}' specified directory not found (KERNELSRC_DIR)!"
349 echo "error: '${KERNELSRC_DIR}' specified directory not found (KERNELSRC_DIR)!"
356 exit 1
350 exit 1
357 fi
351 fi
358
352
359 # Check if specified UBOOTSRC_DIR directory exists
353 # Check if specified UBOOTSRC_DIR directory exists
360 if [ -n "$UBOOTSRC_DIR" ] && [ ! -d "$UBOOTSRC_DIR" ] ; then
354 if [ -n "$UBOOTSRC_DIR" ] && [ ! -d "$UBOOTSRC_DIR" ] ; then
361 echo "error: '${UBOOTSRC_DIR}' specified directory not found (UBOOTSRC_DIR)!"
355 echo "error: '${UBOOTSRC_DIR}' specified directory not found (UBOOTSRC_DIR)!"
362 exit 1
356 exit 1
363 fi
357 fi
364
358
365 # Check if specified FBTURBOSRC_DIR directory exists
359 # Check if specified FBTURBOSRC_DIR directory exists
366 if [ -n "$FBTURBOSRC_DIR" ] && [ ! -d "$FBTURBOSRC_DIR" ] ; then
360 if [ -n "$FBTURBOSRC_DIR" ] && [ ! -d "$FBTURBOSRC_DIR" ] ; then
367 echo "error: '${FBTURBOSRC_DIR}' specified directory not found (FBTURBOSRC_DIR)!"
361 echo "error: '${FBTURBOSRC_DIR}' specified directory not found (FBTURBOSRC_DIR)!"
368 exit 1
362 exit 1
369 fi
363 fi
370
364
371 # Check if specified CHROOT_SCRIPTS directory exists
365 # Check if specified CHROOT_SCRIPTS directory exists
372 if [ -n "$CHROOT_SCRIPTS" ] && [ ! -d "$CHROOT_SCRIPTS" ] ; then
366 if [ -n "$CHROOT_SCRIPTS" ] && [ ! -d "$CHROOT_SCRIPTS" ] ; then
373 echo "error: ${CHROOT_SCRIPTS} specified directory not found (CHROOT_SCRIPTS)!"
367 echo "error: ${CHROOT_SCRIPTS} specified directory not found (CHROOT_SCRIPTS)!"
374 exit 1
368 exit 1
375 fi
369 fi
376
370
377 # Check if specified device mapping already exists (will be used by cryptsetup)
371 # Check if specified device mapping already exists (will be used by cryptsetup)
378 if [ -r "/dev/mapping/${CRYPTFS_MAPPING}" ] ; then
372 if [ -r "/dev/mapping/${CRYPTFS_MAPPING}" ] ; then
379 echo "error: mapping /dev/mapping/${CRYPTFS_MAPPING} already exists, not proceeding"
373 echo "error: mapping /dev/mapping/${CRYPTFS_MAPPING} already exists, not proceeding"
380 exit 1
374 exit 1
381 fi
375 fi
382
376
383 # Don't clobber an old build
377 # Don't clobber an old build
384 if [ -e "$BUILDDIR" ] ; then
378 if [ -e "$BUILDDIR" ] ; then
385 echo "error: directory ${BUILDDIR} already exists, not proceeding"
379 echo "error: directory ${BUILDDIR} already exists, not proceeding"
386 exit 1
380 exit 1
387 fi
381 fi
388
382
389 # Setup chroot directory
383 # Setup chroot directory
390 mkdir -p "${R}"
384 mkdir -p "${R}"
391
385
392 # Check if build directory has enough of free disk space >512MB
386 # Check if build directory has enough of free disk space >512MB
393 if [ "$(df --output=avail ${BUILDDIR} | sed "1d")" -le "524288" ] ; then
387 if [ "$(df --output=avail ${BUILDDIR} | sed "1d")" -le "524288" ] ; then
394 echo "error: ${BUILDDIR} not enough space left to generate the output image!"
388 echo "error: ${BUILDDIR} not enough space left to generate the output image!"
395 exit 1
389 exit 1
396 fi
390 fi
397
391
398 set -x
392 set -x
399
393
400 # Call "cleanup" function on various signals and errors
394 # Call "cleanup" function on various signals and errors
401 trap cleanup 0 1 2 3 6
395 trap cleanup 0 1 2 3 6
402
396
403 # Add required packages for the minbase installation
397 # Add required packages for the minbase installation
404 if [ "$ENABLE_MINBASE" = true ] ; then
398 if [ "$ENABLE_MINBASE" = true ] ; then
405 APT_INCLUDES="${APT_INCLUDES},vim-tiny,netbase,net-tools,ifupdown"
399 APT_INCLUDES="${APT_INCLUDES},vim-tiny,netbase,net-tools,ifupdown"
406 fi
400 fi
407
401
408 # Add required locales packages
402 # Add required locales packages
409 if [ "$DEFLOCAL" != "en_US.UTF-8" ] ; then
403 if [ "$DEFLOCAL" != "en_US.UTF-8" ] ; then
410 APT_INCLUDES="${APT_INCLUDES},locales,keyboard-configuration,console-setup"
404 APT_INCLUDES="${APT_INCLUDES},locales,keyboard-configuration,console-setup"
411 fi
405 fi
412
406
413 # Add parted package, required to get partprobe utility
407 # Add parted package, required to get partprobe utility
414 if [ "$EXPANDROOT" = true ] ; then
408 if [ "$EXPANDROOT" = true ] ; then
415 APT_INCLUDES="${APT_INCLUDES},parted"
409 APT_INCLUDES="${APT_INCLUDES},parted"
416 fi
410 fi
417
411
418 # Add dbus package, recommended if using systemd
412 # Add dbus package, recommended if using systemd
419 if [ "$ENABLE_DBUS" = true ] ; then
413 if [ "$ENABLE_DBUS" = true ] ; then
420 APT_INCLUDES="${APT_INCLUDES},dbus"
414 APT_INCLUDES="${APT_INCLUDES},dbus"
421 fi
415 fi
422
416
423 # Add iptables IPv4/IPv6 package
417 # Add iptables IPv4/IPv6 package
424 if [ "$ENABLE_IPTABLES" = true ] ; then
418 if [ "$ENABLE_IPTABLES" = true ] ; then
425 APT_INCLUDES="${APT_INCLUDES},iptables"
419 APT_INCLUDES="${APT_INCLUDES},iptables"
426 fi
420 fi
427
421
428 # Add openssh server package
422 # Add openssh server package
429 if [ "$ENABLE_SSHD" = true ] ; then
423 if [ "$ENABLE_SSHD" = true ] ; then
430 APT_INCLUDES="${APT_INCLUDES},openssh-server"
424 APT_INCLUDES="${APT_INCLUDES},openssh-server"
431 fi
425 fi
432
426
433 # Add alsa-utils package
427 # Add alsa-utils package
434 if [ "$ENABLE_SOUND" = true ] ; then
428 if [ "$ENABLE_SOUND" = true ] ; then
435 APT_INCLUDES="${APT_INCLUDES},alsa-utils"
429 APT_INCLUDES="${APT_INCLUDES},alsa-utils"
436 fi
430 fi
437
431
438 # Add rng-tools package
432 # Add rng-tools package
439 if [ "$ENABLE_HWRANDOM" = true ] ; then
433 if [ "$ENABLE_HWRANDOM" = true ] ; then
440 APT_INCLUDES="${APT_INCLUDES},rng-tools"
434 APT_INCLUDES="${APT_INCLUDES},rng-tools"
441 fi
435 fi
442
436
443 # Add fbturbo video driver
437 # Add fbturbo video driver
444 if [ "$ENABLE_FBTURBO" = true ] ; then
438 if [ "$ENABLE_FBTURBO" = true ] ; then
445 # Enable xorg package dependencies
439 # Enable xorg package dependencies
446 ENABLE_XORG=true
440 ENABLE_XORG=true
447 fi
441 fi
448
442
449 # Add user defined window manager package
443 # Add user defined window manager package
450 if [ -n "$ENABLE_WM" ] ; then
444 if [ -n "$ENABLE_WM" ] ; then
451 APT_INCLUDES="${APT_INCLUDES},${ENABLE_WM}"
445 APT_INCLUDES="${APT_INCLUDES},${ENABLE_WM}"
452
446
453 # Enable xorg package dependencies
447 # Enable xorg package dependencies
454 ENABLE_XORG=true
448 ENABLE_XORG=true
455 fi
449 fi
456
450
457 # Add xorg package
451 # Add xorg package
458 if [ "$ENABLE_XORG" = true ] ; then
452 if [ "$ENABLE_XORG" = true ] ; then
459 APT_INCLUDES="${APT_INCLUDES},xorg"
453 APT_INCLUDES="${APT_INCLUDES},xorg"
460 fi
454 fi
461
455
462 # Replace selected packages with smaller clones
456 # Replace selected packages with smaller clones
463 if [ "$ENABLE_REDUCE" = true ] ; then
457 if [ "$ENABLE_REDUCE" = true ] ; then
464 # Add levee package instead of vim-tiny
458 # Add levee package instead of vim-tiny
465 if [ "$REDUCE_VIM" = true ] ; then
459 if [ "$REDUCE_VIM" = true ] ; then
466 APT_INCLUDES="$(echo ${APT_INCLUDES} | sed "s/vim-tiny/levee/")"
460 APT_INCLUDES="$(echo ${APT_INCLUDES} | sed "s/vim-tiny/levee/")"
467 fi
461 fi
468
462
469 # Add dropbear package instead of openssh-server
463 # Add dropbear package instead of openssh-server
470 if [ "$REDUCE_SSHD" = true ] ; then
464 if [ "$REDUCE_SSHD" = true ] ; then
471 APT_INCLUDES="$(echo ${APT_INCLUDES} | sed "s/openssh-server/dropbear/")"
465 APT_INCLUDES="$(echo ${APT_INCLUDES} | sed "s/openssh-server/dropbear/")"
472 fi
466 fi
473 fi
467 fi
474
468
475 # Configure kernel sources if no KERNELSRC_DIR
469 # Configure kernel sources if no KERNELSRC_DIR
476 if [ "$BUILD_KERNEL" = true ] && [ -z "$KERNELSRC_DIR" ] ; then
470 if [ "$BUILD_KERNEL" = true ] && [ -z "$KERNELSRC_DIR" ] ; then
477 KERNELSRC_CONFIG=true
471 KERNELSRC_CONFIG=true
478 fi
472 fi
479
473
480 # Configure reduced kernel
474 # Configure reduced kernel
481 if [ "$KERNEL_REDUCE" = true ] ; then
475 if [ "$KERNEL_REDUCE" = true ] ; then
482 KERNELSRC_CONFIG=false
476 KERNELSRC_CONFIG=false
483 fi
477 fi
484
478
485 # Execute bootstrap scripts
479 # Execute bootstrap scripts
486 for SCRIPT in bootstrap.d/*.sh; do
480 for SCRIPT in bootstrap.d/*.sh; do
487 head -n 3 "$SCRIPT"
481 head -n 3 "$SCRIPT"
488 . "$SCRIPT"
482 . "$SCRIPT"
489 done
483 done
490
484
491 ## Execute custom bootstrap scripts
485 ## Execute custom bootstrap scripts
492 if [ -d "custom.d" ] ; then
486 if [ -d "custom.d" ] ; then
493 for SCRIPT in custom.d/*.sh; do
487 for SCRIPT in custom.d/*.sh; do
494 . "$SCRIPT"
488 . "$SCRIPT"
495 done
489 done
496 fi
490 fi
497
491
498 # Execute custom scripts inside the chroot
492 # Execute custom scripts inside the chroot
499 if [ -n "$CHROOT_SCRIPTS" ] && [ -d "$CHROOT_SCRIPTS" ] ; then
493 if [ -n "$CHROOT_SCRIPTS" ] && [ -d "$CHROOT_SCRIPTS" ] ; then
500 cp -r "${CHROOT_SCRIPTS}" "${R}/chroot_scripts"
494 cp -r "${CHROOT_SCRIPTS}" "${R}/chroot_scripts"
501 chroot_exec /bin/bash -x <<'EOF'
495 chroot_exec /bin/bash -x <<'EOF'
502 for SCRIPT in /chroot_scripts/* ; do
496 for SCRIPT in /chroot_scripts/* ; do
503 if [ -f $SCRIPT -a -x $SCRIPT ] ; then
497 if [ -f $SCRIPT -a -x $SCRIPT ] ; then
504 $SCRIPT
498 $SCRIPT
505 fi
499 fi
506 done
500 done
507 EOF
501 EOF
508 rm -rf "${R}/chroot_scripts"
502 rm -rf "${R}/chroot_scripts"
509 fi
503 fi
510
504
511 # Remove c/c++ build environment from the chroot
505 # Remove c/c++ build environment from the chroot
512 chroot_remove_cc
506 chroot_remove_cc
513
507
514 # Remove apt-utils
508 # Remove apt-utils
515 if [ "$RELEASE" = "jessie" ] ; then
509 if [ "$RELEASE" = "jessie" ] ; then
516 chroot_exec apt-get purge -qq -y --force-yes apt-utils
510 chroot_exec apt-get purge -qq -y --force-yes apt-utils
517 fi
511 fi
518
512
519 # Generate required machine-id
513 # Generate required machine-id
520 MACHINE_ID=$(dbus-uuidgen)
514 MACHINE_ID=$(dbus-uuidgen)
521 echo -n "${MACHINE_ID}" > "${R}/var/lib/dbus/machine-id"
515 echo -n "${MACHINE_ID}" > "${R}/var/lib/dbus/machine-id"
522 echo -n "${MACHINE_ID}" > "${ETC_DIR}/machine-id"
516 echo -n "${MACHINE_ID}" > "${ETC_DIR}/machine-id"
523
517
524 # APT Cleanup
518 # APT Cleanup
525 chroot_exec apt-get -y clean
519 chroot_exec apt-get -y clean
526 chroot_exec apt-get -y autoclean
520 chroot_exec apt-get -y autoclean
527 chroot_exec apt-get -y autoremove
521 chroot_exec apt-get -y autoremove
528
522
529 # Unmount mounted filesystems
523 # Unmount mounted filesystems
530 umount -l "${R}/proc"
524 umount -l "${R}/proc"
531 umount -l "${R}/sys"
525 umount -l "${R}/sys"
532
526
533 # Clean up directories
527 # Clean up directories
534 rm -rf "${R}/run/*"
528 rm -rf "${R}/run/*"
535 rm -rf "${R}/tmp/*"
529 rm -rf "${R}/tmp/*"
536
530
537 # Clean up files
531 # Clean up files
538 rm -f "${ETC_DIR}/ssh/ssh_host_*"
532 rm -f "${ETC_DIR}/ssh/ssh_host_*"
539 rm -f "${ETC_DIR}/dropbear/dropbear_*"
533 rm -f "${ETC_DIR}/dropbear/dropbear_*"
540 rm -f "${ETC_DIR}/apt/sources.list.save"
534 rm -f "${ETC_DIR}/apt/sources.list.save"
541 rm -f "${ETC_DIR}/resolvconf/resolv.conf.d/original"
535 rm -f "${ETC_DIR}/resolvconf/resolv.conf.d/original"
542 rm -f "${ETC_DIR}/*-"
536 rm -f "${ETC_DIR}/*-"
543 rm -f "${ETC_DIR}/apt/apt.conf.d/10proxy"
537 rm -f "${ETC_DIR}/apt/apt.conf.d/10proxy"
544 rm -f "${ETC_DIR}/resolv.conf"
538 rm -f "${ETC_DIR}/resolv.conf"
545 rm -f "${R}/root/.bash_history"
539 rm -f "${R}/root/.bash_history"
546 rm -f "${R}/var/lib/urandom/random-seed"
540 rm -f "${R}/var/lib/urandom/random-seed"
547 rm -f "${R}/initrd.img"
541 rm -f "${R}/initrd.img"
548 rm -f "${R}/vmlinuz"
542 rm -f "${R}/vmlinuz"
549 rm -f "${R}${QEMU_BINARY}"
543 rm -f "${R}${QEMU_BINARY}"
550
544
551 # Calculate size of the chroot directory in KB
545 # Calculate size of the chroot directory in KB
552 CHROOT_SIZE=$(expr `du -s "${R}" | awk '{ print $1 }'`)
546 CHROOT_SIZE=$(expr `du -s "${R}" | awk '{ print $1 }'`)
553
547
554 # Calculate the amount of needed 512 Byte sectors
548 # Calculate the amount of needed 512 Byte sectors
555 TABLE_SECTORS=$(expr 1 \* 1024 \* 1024 \/ 512)
549 TABLE_SECTORS=$(expr 1 \* 1024 \* 1024 \/ 512)
556 FRMW_SECTORS=$(expr 64 \* 1024 \* 1024 \/ 512)
550 FRMW_SECTORS=$(expr 64 \* 1024 \* 1024 \/ 512)
557 ROOT_OFFSET=$(expr ${TABLE_SECTORS} + ${FRMW_SECTORS})
551 ROOT_OFFSET=$(expr ${TABLE_SECTORS} + ${FRMW_SECTORS})
558
552
559 # The root partition is EXT4
553 # The root partition is EXT4
560 # This means more space than the actual used space of the chroot is used.
554 # This means more space than the actual used space of the chroot is used.
561 # As overhead for journaling and reserved blocks 25% are added.
555 # As overhead for journaling and reserved blocks 25% are added.
562 ROOT_SECTORS=$(expr $(expr ${CHROOT_SIZE} + ${CHROOT_SIZE} \/ 100 \* 25) \* 1024 \/ 512)
556 ROOT_SECTORS=$(expr $(expr ${CHROOT_SIZE} + ${CHROOT_SIZE} \/ 100 \* 25) \* 1024 \/ 512)
563
557
564 # Calculate required image size in 512 Byte sectors
558 # Calculate required image size in 512 Byte sectors
565 IMAGE_SECTORS=$(expr ${TABLE_SECTORS} + ${FRMW_SECTORS} + ${ROOT_SECTORS})
559 IMAGE_SECTORS=$(expr ${TABLE_SECTORS} + ${FRMW_SECTORS} + ${ROOT_SECTORS})
566
560
567 # Prepare image file
561 # Prepare image file
568 if [ "$ENABLE_SPLITFS" = true ] ; then
562 if [ "$ENABLE_SPLITFS" = true ] ; then
569 dd if=/dev/zero of="$IMAGE_NAME-frmw.img" bs=512 count=${TABLE_SECTORS}
563 dd if=/dev/zero of="$IMAGE_NAME-frmw.img" bs=512 count=${TABLE_SECTORS}
570 dd if=/dev/zero of="$IMAGE_NAME-frmw.img" bs=512 count=0 seek=${FRMW_SECTORS}
564 dd if=/dev/zero of="$IMAGE_NAME-frmw.img" bs=512 count=0 seek=${FRMW_SECTORS}
571 dd if=/dev/zero of="$IMAGE_NAME-root.img" bs=512 count=${TABLE_SECTORS}
565 dd if=/dev/zero of="$IMAGE_NAME-root.img" bs=512 count=${TABLE_SECTORS}
572 dd if=/dev/zero of="$IMAGE_NAME-root.img" bs=512 count=0 seek=${ROOT_SECTORS}
566 dd if=/dev/zero of="$IMAGE_NAME-root.img" bs=512 count=0 seek=${ROOT_SECTORS}
573
567
574 # Write firmware/boot partition tables
568 # Write firmware/boot partition tables
575 sfdisk -q -L -uS -f "$IMAGE_NAME-frmw.img" 2> /dev/null <<EOM
569 sfdisk -q -L -uS -f "$IMAGE_NAME-frmw.img" 2> /dev/null <<EOM
576 ${TABLE_SECTORS},${FRMW_SECTORS},c,*
570 ${TABLE_SECTORS},${FRMW_SECTORS},c,*
577 EOM
571 EOM
578
572
579 # Write root partition table
573 # Write root partition table
580 sfdisk -q -L -uS -f "$IMAGE_NAME-root.img" 2> /dev/null <<EOM
574 sfdisk -q -L -uS -f "$IMAGE_NAME-root.img" 2> /dev/null <<EOM
581 ${TABLE_SECTORS},${ROOT_SECTORS},83
575 ${TABLE_SECTORS},${ROOT_SECTORS},83
582 EOM
576 EOM
583
577
584 # Setup temporary loop devices
578 # Setup temporary loop devices
585 FRMW_LOOP="$(losetup -o 1M --sizelimit 64M -f --show $IMAGE_NAME-frmw.img)"
579 FRMW_LOOP="$(losetup -o 1M --sizelimit 64M -f --show $IMAGE_NAME-frmw.img)"
586 ROOT_LOOP="$(losetup -o 1M -f --show $IMAGE_NAME-root.img)"
580 ROOT_LOOP="$(losetup -o 1M -f --show $IMAGE_NAME-root.img)"
587 else # ENABLE_SPLITFS=false
581 else # ENABLE_SPLITFS=false
588 dd if=/dev/zero of="$IMAGE_NAME.img" bs=512 count=${TABLE_SECTORS}
582 dd if=/dev/zero of="$IMAGE_NAME.img" bs=512 count=${TABLE_SECTORS}
589 dd if=/dev/zero of="$IMAGE_NAME.img" bs=512 count=0 seek=${IMAGE_SECTORS}
583 dd if=/dev/zero of="$IMAGE_NAME.img" bs=512 count=0 seek=${IMAGE_SECTORS}
590
584
591 # Write partition table
585 # Write partition table
592 sfdisk -q -L -uS -f "$IMAGE_NAME.img" 2> /dev/null <<EOM
586 sfdisk -q -L -uS -f "$IMAGE_NAME.img" 2> /dev/null <<EOM
593 ${TABLE_SECTORS},${FRMW_SECTORS},c,*
587 ${TABLE_SECTORS},${FRMW_SECTORS},c,*
594 ${ROOT_OFFSET},${ROOT_SECTORS},83
588 ${ROOT_OFFSET},${ROOT_SECTORS},83
595 EOM
589 EOM
596
590
597 # Setup temporary loop devices
591 # Setup temporary loop devices
598 FRMW_LOOP="$(losetup -o 1M --sizelimit 64M -f --show $IMAGE_NAME.img)"
592 FRMW_LOOP="$(losetup -o 1M --sizelimit 64M -f --show $IMAGE_NAME.img)"
599 ROOT_LOOP="$(losetup -o 65M -f --show $IMAGE_NAME.img)"
593 ROOT_LOOP="$(losetup -o 65M -f --show $IMAGE_NAME.img)"
600 fi
594 fi
601
595
602 if [ "$ENABLE_CRYPTFS" = true ] ; then
596 if [ "$ENABLE_CRYPTFS" = true ] ; then
603 # Create dummy ext4 fs
597 # Create dummy ext4 fs
604 mkfs.ext4 "$ROOT_LOOP"
598 mkfs.ext4 "$ROOT_LOOP"
605
599
606 # Setup password keyfile
600 # Setup password keyfile
607 touch .password
601 touch .password
608 chmod 600 .password
602 chmod 600 .password
609 echo -n ${CRYPTFS_PASSWORD} > .password
603 echo -n ${CRYPTFS_PASSWORD} > .password
610
604
611 # Initialize encrypted partition
605 # Initialize encrypted partition
612 echo "YES" | cryptsetup luksFormat "${ROOT_LOOP}" -c "${CRYPTFS_CIPHER}" -s "${CRYPTFS_XTSKEYSIZE}" .password
606 echo "YES" | cryptsetup luksFormat "${ROOT_LOOP}" -c "${CRYPTFS_CIPHER}" -s "${CRYPTFS_XTSKEYSIZE}" .password
613
607
614 # Open encrypted partition and setup mapping
608 # Open encrypted partition and setup mapping
615 cryptsetup luksOpen "${ROOT_LOOP}" -d .password "${CRYPTFS_MAPPING}"
609 cryptsetup luksOpen "${ROOT_LOOP}" -d .password "${CRYPTFS_MAPPING}"
616
610
617 # Secure delete password keyfile
611 # Secure delete password keyfile
618 shred -zu .password
612 shred -zu .password
619
613
620 # Update temporary loop device
614 # Update temporary loop device
621 ROOT_LOOP="/dev/mapper/${CRYPTFS_MAPPING}"
615 ROOT_LOOP="/dev/mapper/${CRYPTFS_MAPPING}"
622
616
623 # Wipe encrypted partition (encryption cipher is used for randomness)
617 # Wipe encrypted partition (encryption cipher is used for randomness)
624 dd if=/dev/zero of="${ROOT_LOOP}" bs=512 count=$(blockdev --getsz "${ROOT_LOOP}")
618 dd if=/dev/zero of="${ROOT_LOOP}" bs=512 count=$(blockdev --getsz "${ROOT_LOOP}")
625 fi
619 fi
626
620
627 # Build filesystems
621 # Build filesystems
628 mkfs.vfat "$FRMW_LOOP"
622 mkfs.vfat "$FRMW_LOOP"
629 mkfs.ext4 "$ROOT_LOOP"
623 mkfs.ext4 "$ROOT_LOOP"
630
624
631 # Mount the temporary loop devices
625 # Mount the temporary loop devices
632 mkdir -p "$BUILDDIR/mount"
626 mkdir -p "$BUILDDIR/mount"
633 mount "$ROOT_LOOP" "$BUILDDIR/mount"
627 mount "$ROOT_LOOP" "$BUILDDIR/mount"
634
628
635 mkdir -p "$BUILDDIR/mount/boot/firmware"
629 mkdir -p "$BUILDDIR/mount/boot/firmware"
636 mount "$FRMW_LOOP" "$BUILDDIR/mount/boot/firmware"
630 mount "$FRMW_LOOP" "$BUILDDIR/mount/boot/firmware"
637
631
638 # Copy all files from the chroot to the loop device mount point directory
632 # Copy all files from the chroot to the loop device mount point directory
639 rsync -a "${R}/" "$BUILDDIR/mount/"
633 rsync -a "${R}/" "$BUILDDIR/mount/"
640
634
641 # Unmount all temporary loop devices and mount points
635 # Unmount all temporary loop devices and mount points
642 cleanup
636 cleanup
643
637
644 # Create block map file(s) of image(s)
638 # Create block map file(s) of image(s)
645 if [ "$ENABLE_SPLITFS" = true ] ; then
639 if [ "$ENABLE_SPLITFS" = true ] ; then
646 # Create block map files for "bmaptool"
640 # Create block map files for "bmaptool"
647 bmaptool create -o "$IMAGE_NAME-frmw.bmap" "$IMAGE_NAME-frmw.img"
641 bmaptool create -o "$IMAGE_NAME-frmw.bmap" "$IMAGE_NAME-frmw.img"
648 bmaptool create -o "$IMAGE_NAME-root.bmap" "$IMAGE_NAME-root.img"
642 bmaptool create -o "$IMAGE_NAME-root.bmap" "$IMAGE_NAME-root.img"
649
643
650 # Image was successfully created
644 # Image was successfully created
651 echo "$IMAGE_NAME-frmw.img ($(expr \( ${TABLE_SECTORS} + ${FRMW_SECTORS} \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
645 echo "$IMAGE_NAME-frmw.img ($(expr \( ${TABLE_SECTORS} + ${FRMW_SECTORS} \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
652 echo "$IMAGE_NAME-root.img ($(expr \( ${TABLE_SECTORS} + ${ROOT_SECTORS} \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
646 echo "$IMAGE_NAME-root.img ($(expr \( ${TABLE_SECTORS} + ${ROOT_SECTORS} \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
653 else
647 else
654 # Create block map file for "bmaptool"
648 # Create block map file for "bmaptool"
655 bmaptool create -o "$IMAGE_NAME.bmap" "$IMAGE_NAME.img"
649 bmaptool create -o "$IMAGE_NAME.bmap" "$IMAGE_NAME.img"
656
650
657 # Image was successfully created
651 # Image was successfully created
658 echo "$IMAGE_NAME.img ($(expr \( ${TABLE_SECTORS} + ${FRMW_SECTORS} + ${ROOT_SECTORS} \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
652 echo "$IMAGE_NAME.img ($(expr \( ${TABLE_SECTORS} + ${FRMW_SECTORS} + ${ROOT_SECTORS} \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
659 fi
653 fi
General Comments 0
Vous devez vous connecter pour laisser un commentaire. Se connecter maintenant