##// END OF EJS Templates
Raspi2-3_GenImage
RSS

Cloner depuis https://github.com/drtyhlpr/rpi23-gen-image.git

Merge pull request #11 from drtyhlpr/testing...
burnbabyburn -
r565:d3e5933b04da Fusion
parent child
Show More
Show file before | Show file after | Hide comments
@@ -0,0 +1,97
1 #!/bin/sh
2 #
3 # Build and Setup nexmon with monitor mode patch
4 #
5
6 # Load utility functions
7 . ./functions.sh
8
9 if [ "$ENABLE_NEXMON" = true ] && [ "$ENABLE_WIRELESS" = true ]; then
10 # Copy existing nexmon sources into chroot directory
11 if [ -n "$NEXMONSRC_DIR" ] && [ -d "$NEXMONSRC_DIR" ] ; then
12 # Copy local U-Boot sources
13 cp -r "${NEXMONSRC_DIR}" "${R}/tmp"
14 else
15 # Create temporary directory for nexmon sources
16 temp_dir=$(as_nobody mktemp -d)
17
18 # Fetch nexmon sources
19 as_nobody git -C "${temp_dir}" clone "${NEXMON_URL}"
20
21 # Copy downloaded nexmon sources
22 mv "${temp_dir}/nexmon" "${R}"/tmp/
23
24 # Set permissions of the nexmon sources
25 chown -R root:root "${R}"/tmp/nexmon
26
27 # Remove temporary directory for nexmon sources
28 rm -fr "${temp_dir}"
29 fi
30
31 # Set script Root
32 export NEXMON_ROOT="${R}"/tmp/nexmon
33
34 # Build nexmon firmware outside the build system, if we can.
35 cd "${NEXMON_ROOT}" || exit
36
37 # Make ancient isl build
38 cd buildtools/isl-0.10 || exit
39 ./configure
40 make
41 cd ../.. || exit
42
43 # Disable statistics
44 touch DISABLE_STATISTICS
45
46 # Setup Enviroment: see https://github.com/NoobieDog/nexmon/blob/master/setup_env.sh
47 export KERNEL="${KERNEL_IMAGE}"
48 export ARCH=arm
49 export SUBARCH=arm
50 export CC="${NEXMON_ROOT}"/buildtools/gcc-arm-none-eabi-5_4-2016q2-linux-x86/bin/arm-none-eabi-
51 export CC="${CC}"gcc
52 export CCPLUGIN="${NEXMON_ROOT}"/buildtools/gcc-nexmon-plugin/nexmon.so
53 export ZLIBFLATE="zlib-flate -compress"
54 export Q=@
55 export NEXMON_SETUP_ENV=1
56 export HOSTUNAME=$(uname -s)
57 export PLATFORMUNAME=$(uname -m)
58
59 # Make nexmon
60 make
61
62 # build patches
63 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 3 ] ; then
64 cd "${NEXMON_ROOT}"/patches/bcm43430a1/7_45_41_46/nexmon || exit
65 sed -i -e 's/all:.*/all: $(RAM_FILE)/g' ${NEXMON_ROOT}/patches/bcm43430a1/7_45_41_46/nexmon/Makefile
66 make clean
67
68 # We do this so we don't have to install the ancient isl version into /usr/local/lib on systems.
69 LD_LIBRARY_PATH="${NEXMON_ROOT}"/buildtools/isl-0.10/.libs make ARCH="${KERNEL_ARCH}" CC="${NEXMON_ROOT}"/buildtools/gcc-arm-none-eabi-5_4-2016q2-linux-x86/bin/arm-none-eabi-
70
71 # copy RPi0W & RPi3 firmware
72 mv "${WLAN_FIRMWARE_DIR}"/brcmfmac43430-sdio.bin "${WLAN_FIRMWARE_DIR}"/brcmfmac43430-sdio.org.bin
73 cp "${NEXMON_ROOT}"/patches/bcm43430a1/7_45_41_46/nexmon/brcmfmac43430-sdio.bin "${WLAN_FIRMWARE_DIR}"/brcmfmac43430-sdio.nexmon.bin
74 cp -f "${NEXMON_ROOT}"/patches/bcm43430a1/7_45_41_46/nexmon/brcmfmac43430-sdio.bin "${WLAN_FIRMWARE_DIR}"/brcmfmac43430-sdio.bin
75 fi
76
77 if [ "$RPI_MODEL" = 3P ] ; then
78 cd "${NEXMON_ROOT}"/patches/bcm43455c0/7_45_154/nexmon || exit
79 sed -i -e 's/all:.*/all: $(RAM_FILE)/g' ${NEXMON_ROOT}/patches/bcm43455c0/7_45_154/nexmon/Makefile
80 make clean
81
82 # We do this so we don't have to install the ancient isl version into /usr/local/lib on systems.
83 LD_LIBRARY_PATH=${NEXMON_ROOT}/buildtools/isl-0.10/.libs make ARCH="${KERNEL_ARCH}" CC="${NEXMON_ROOT}"/buildtools/gcc-arm-none-eabi-5_4-2016q2-linux-x86/bin/arm-none-eabi-
84
85 # RPi3B+ firmware
86 mv "${WLAN_FIRMWARE_DIR}"/brcmfmac43455-sdio.bin "${WLAN_FIRMWARE_DIR}"/brcmfmac43455-sdio.org.bin
87 cp "${NEXMON_ROOT}"/patches/bcm43455c0/7_45_154/nexmon/brcmfmac43455-sdio.bin "${WLAN_FIRMWARE_DIR}"/brcmfmac43455-sdio.nexmon.bin
88 cp -f "${NEXMON_ROOT}"/patches/bcm43455c0/7_45_154/nexmon/brcmfmac43455-sdio.bin "${WLAN_FIRMWARE_DIR}"/brcmfmac43455-sdio.bin
89 fi
90
91 #Revert to previous directory
92 cd "${WORKDIR}" || exit
93
94 # Remove nexmon sources
95 rm -fr "${NEXMON_ROOT}"
96
97 fi
Show file before | Show file after | Hide comments
@@ -0,0 +1,45
1 #!/bin/sh
2
3 PREREQ="dropbear"
4
5 prereqs() {
6 echo "$PREREQ"
7 }
8
9 case "$1" in
10 prereqs)
11 prereqs
12 exit 0
13 ;;
14 esac
15
16 . "${CONFDIR}/initramfs.conf"
17 . /usr/share/initramfs-tools/hook-functions
18
19 if [ "${DROPBEAR}" != "n" ] && [ -r "/etc/crypttab" ] ; then
20 cat > "${DESTDIR}/bin/unlock" << EOF
21 #!/bin/sh
22 if PATH=/lib/unlock:/bin:/sbin /scripts/local-top/cryptroot; then
23 kill \`ps | grep cryptroot | grep -v "grep" | awk '{print \$1}'\`
24 # following line kill the remote shell right after the passphrase has
25 # been entered.
26 kill -9 \`ps | grep "\-sh" | grep -v "grep" | awk '{print \$1}'\`
27 exit 0
28 fi
29 exit 1
30 EOF
31
32 chmod 755 "${DESTDIR}/bin/unlock"
33
34 mkdir -p "${DESTDIR}/lib/unlock"
35 cat > "${DESTDIR}/lib/unlock/plymouth" << EOF
36 #!/bin/sh
37 [ "\$1" == "--ping" ] && exit 1
38 /bin/plymouth "\$@"
39 EOF
40
41 chmod 755 "${DESTDIR}/lib/unlock/plymouth"
42
43 echo To unlock root-partition run "unlock" >> ${DESTDIR}/etc/motd
44
45 fi No newline at end of file
Show file before | Show file after | Hide comments
@@ -48,6 +48,9 Set Debian packages server address. Choose a server from the list of Debian worl
48 ##### `APT_PROXY`=""
48 ##### `APT_PROXY`=""
49 Set Proxy server address. Using a local Proxy-Cache like `apt-cacher-ng` will speed-up the bootstrapping process because all required Debian packages will only be downloaded from the Debian mirror site once. If `apt-cacher-ng` is running on default `http://127.0.0.1:3142` it is autodetected and you don't need to set this.
49 Set Proxy server address. Using a local Proxy-Cache like `apt-cacher-ng` will speed-up the bootstrapping process because all required Debian packages will only be downloaded from the Debian mirror site once. If `apt-cacher-ng` is running on default `http://127.0.0.1:3142` it is autodetected and you don't need to set this.
50
50
51 ##### `KEEP_APT_PROXY`=false
52 Keep the APT_PROXY settings used in the bootsrapping process in the generated image.
53
51 ##### `APT_INCLUDES`=""
54 ##### `APT_INCLUDES`=""
52 A comma-separated list of additional packages to be installed by debootstrap during bootstrapping.
55 A comma-separated list of additional packages to be installed by debootstrap during bootstrapping.
53
56
@@ -210,6 +213,9 Support for halt,init,poweroff,reboot,runlevel,shutdown,telinit commands
210 ---
213 ---
211
214
212 #### Advanced system features:
215 #### Advanced system features:
216 ##### `ENABLE_SYSTEMDSWAP`=false
217 Enables [Systemd-swap service](https://github.com/Nefelim4ag/systemd-swap). Usefull if `KERNEL_ZSWAP` is enabled.
218
213 ##### `ENABLE_MINBASE`=false
219 ##### `ENABLE_MINBASE`=false
214 Use debootstrap script variant `minbase` which only includes essential packages and apt. This will reduce the disk usage by about 65 MB.
220 Use debootstrap script variant `minbase` which only includes essential packages and apt. This will reduce the disk usage by about 65 MB.
215
221
@@ -234,6 +240,12 Install and enable the [ARM side libraries for interfacing to Raspberry Pi GPU](
234 ##### `VIDEOCORESRC_DIR`=""
240 ##### `VIDEOCORESRC_DIR`=""
235 Path to a directory (`userland`) of [ARM side libraries for interfacing to Raspberry Pi GPU](https://github.com/raspberrypi/userland) that will be copied, configured, build and installed inside the chroot.
241 Path to a directory (`userland`) of [ARM side libraries for interfacing to Raspberry Pi GPU](https://github.com/raspberrypi/userland) that will be copied, configured, build and installed inside the chroot.
236
242
243 ##### `ENABLE_NEXMON`=false
244 Install and enable the [Source code for a C-based firmware patching framework for Broadcom/Cypress WiFi chips that enables you to write your own firmware patches, for example, to enable monitor mode with radiotap headers and frame injection](https://github.com/seemoo-lab/nexmon.git).
245
246 ##### `NEXMONSRC_DIR`=""
247 Path to a directory (`nexmon`) of [Source code for ARM side libraries for interfacing to Raspberry Pi GPU](https://github.com/raspberrypi/userland) that will be copied, configured, build and installed inside the chroot.
248
237 ##### `ENABLE_IPTABLES`=false
249 ##### `ENABLE_IPTABLES`=false
238 Enable iptables IPv4/IPv6 firewall. Simplified ruleset: Allow all outgoing connections. Block all incoming connections except to OpenSSH service.
250 Enable iptables IPv4/IPv6 firewall. Simplified ruleset: Allow all outgoing connections. Block all incoming connections except to OpenSSH service.
239
251
@@ -261,6 +273,15 Create an initramfs that that will be loaded during the Linux startup process. `
261 ##### `ENABLE_IFNAMES`=true
273 ##### `ENABLE_IFNAMES`=true
262 Enable automatic assignment of predictable, stable network interface names for all local Ethernet, WLAN interfaces. This might create complex and long interface names.
274 Enable automatic assignment of predictable, stable network interface names for all local Ethernet, WLAN interfaces. This might create complex and long interface names.
263
275
276 ##### `ENABLE_SPLASH`=true
277 Enable default Raspberry Pi boot up rainbow splash screen.
278
279 ##### `ENABLE_LOGO`=true
280 Enable default Raspberry Pi console logo (image of four raspberries in the top left corner).
281
282 ##### `ENABLE_SILENT_BOOT`=false
283 Set the verbosity of console messages shown during boot up to a strict minimum.
284
264 ##### `DISABLE_UNDERVOLT_WARNINGS`=
285 ##### `DISABLE_UNDERVOLT_WARNINGS`=
265 Disable RPi2/3 under-voltage warnings and overlays. Setting the parameter to `1` will disable the warning overlay. Setting it to `2` will additionally allow RPi2/3 turbo mode when low-voltage is present.
286 Disable RPi2/3 under-voltage warnings and overlays. Setting the parameter to `1` will disable the warning overlay. Setting it to `2` will additionally allow RPi2/3 turbo mode when low-voltage is present.
266
287
@@ -345,6 +366,23 With this parameter set to true the script expects the existing kernel sources d
345 ##### `RPI_FIRMWARE_DIR`=""
366 ##### `RPI_FIRMWARE_DIR`=""
346 The directory (`firmware`) containing a local copy of the firmware from the [RaspberryPi firmware project](https://github.com/raspberrypi/firmware). Default is to download the latest firmware directly from the project.
367 The directory (`firmware`) containing a local copy of the firmware from the [RaspberryPi firmware project](https://github.com/raspberrypi/firmware). Default is to download the latest firmware directly from the project.
347
368
369 ##### `KERNEL_DEFAULT_GOV`="ONDEMAND"
370 Set the default cpu governor at kernel compilation. Supported values are: PERFORMANCE POWERSAVE USERSPACE ONDEMAND CONSERVATIVE SCHEDUTIL
371
372 ##### `KERNEL_NF`=false
373 Enable Netfilter modules as kernel modules
374
375 ##### `KERNEL_VIRT`=false
376 Enable Kernel KVM support (/dev/kvm)
377
378 ##### `KERNEL_ZSWAP`=false
379 Enable Kernel Zswap support. Best use on high RAM load and mediocre CPU load usecases
380
381 ##### `KERNEL_BPF`=true
382 Allow attaching eBPF programs to a cgroup using the bpf syscall (CONFIG_BPF_SYSCALL CONFIG_CGROUP_BPF) [systemd compilations about it - File /lib/systemd/system/systemd-journald.server:36 configures an IP firewall (IPAddressDeny=all), but the local system does not support BPF/cgroup based firewalls]
383
384 ##### `KERNEL_SECURITY`=false
385 Enables Apparmor, integrity subsystem, auditing
348 ---
386 ---
349
387
350 #### Reduce disk usage:
388 #### Reduce disk usage:
@@ -392,6 +430,12 Set cipher specification string. `aes-xts*` ciphers are strongly recommended.
392 ##### `CRYPTFS_XTSKEYSIZE`=512
430 ##### `CRYPTFS_XTSKEYSIZE`=512
393 Sets key size in bits. The argument has to be a multiple of 8.
431 Sets key size in bits. The argument has to be a multiple of 8.
394
432
433 ##### `CRYPTFS_DROPBEAR`=false
434 Enable Dropbear Initramfs support
435
436 ##### `CRYPTFS_DROPBEAR_PUBKEY`=""
437 Provide path to dropbear Public RSA-OpenSSH Key
438
395 ---
439 ---
396
440
397 #### Build settings:
441 #### Build settings:
Show file before | Show file after | Hide comments
@@ -11,6 +11,13 if [ -z "$APT_PROXY" ] ; then
11 sed -i "s/\"\"/\"${APT_PROXY}\"/" "${ETC_DIR}/apt/apt.conf.d/10proxy"
11 sed -i "s/\"\"/\"${APT_PROXY}\"/" "${ETC_DIR}/apt/apt.conf.d/10proxy"
12 fi
12 fi
13
13
14 # Install APT sources.list
15 install_readonly files/apt/sources.list "${ETC_DIR}/apt/sources.list"
16
17 # Use specified APT server and release
18 sed -i "s/\/ftp.debian.org\//\/${APT_SERVER}\//" "${ETC_DIR}/apt/sources.list"
19 sed -i "s/ stretch/ ${RELEASE}/" "${ETC_DIR}/apt/sources.list"
20
14 # Upgrade package index and update all installed packages and changed dependencies
21 # Upgrade package index and update all installed packages and changed dependencies
15 chroot_exec apt-get -qq -y update
22 chroot_exec apt-get -qq -y update
16 chroot_exec apt-get -qq -y -u dist-upgrade
23 chroot_exec apt-get -qq -y -u dist-upgrade
Show file before | Show file after | Hide comments
@@ -5,6 +5,14
5 # Load utility functions
5 # Load utility functions
6 . ./functions.sh
6 . ./functions.sh
7
7
8 # Need to use kali kernel src if nexmon is enabled
9 if [ "$ENABLE_NEXMON" = true ] ; then
10 KERNEL_URL="${KALI_KERNEL_URL}"
11 # Clear Branch and KernelSRC_DIR if using nexmon. Everyone will forget to clone kali kernel instead of nomrla kernel
12 KERNEL_BRANCH=""
13 KERNELSRC_DIR=""
14 fi
15
8 # Fetch and build latest raspberry kernel
16 # Fetch and build latest raspberry kernel
9 if [ "$BUILD_KERNEL" = true ] ; then
17 if [ "$BUILD_KERNEL" = true ] ; then
10 # Setup source directory
18 # Setup source directory
@@ -87,6 +95,283 if [ "$BUILD_KERNEL" = true ] ; then
87 # Load default raspberry kernel configuration
95 # Load default raspberry kernel configuration
88 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" "${KERNEL_DEFCONFIG}"
96 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" "${KERNEL_DEFCONFIG}"
89
97
98 #Switch to KERNELSRC_DIR so we can use set_kernel_config
99 cd "${KERNEL_DIR}" || exit
100
101 # enable ZSWAP see https://askubuntu.com/a/472227 or https://wiki.archlinux.org/index.php/zswap
102 if [ "$KERNEL_ZSWAP" = true ] ; then
103 set_kernel_config CONFIG_ZPOOL y
104 set_kernel_config CONFIG_ZSWAP y
105 set_kernel_config CONFIG_ZBUD y
106 set_kernel_config CONFIG_Z3FOLD y
107 set_kernel_config CONFIG_ZSMALLOC y
108 set_kernel_config CONFIG_PGTABLE_MAPPING y
109 set_kernel_config CONFIG_LZO_COMPRESS y
110 fi
111
112 # enable basic KVM support; see https://www.raspberrypi.org/forums/viewtopic.php?f=63&t=210546&start=25#p1300453
113 if [ "$KERNEL_VIRT" = true ] && { [ "$RPI_MODEL" = 2 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; } ; then
114 set_kernel_config CONFIG_HAVE_KVM_IRQCHIP y
115 set_kernel_config CONFIG_HAVE_KVM_ARCH_TLB_FLUSH_ALL y
116 set_kernel_config CONFIG_HAVE_KVM_CPU_RELAX_INTERCEPT y
117 set_kernel_config CONFIG_HAVE_KVM_EVENTFD y
118 set_kernel_config CONFIG_HAVE_KVM_IRQFD y
119 set_kernel_config CONFIG_HAVE_KVM_IRQ_ROUTING y
120 set_kernel_config CONFIG_HAVE_KVM_MSI y
121 set_kernel_config CONFIG_KVM y
122 set_kernel_config CONFIG_KVM_ARM_HOST y
123 set_kernel_config CONFIG_KVM_ARM_PMU y
124 set_kernel_config CONFIG_KVM_COMPAT y
125 set_kernel_config CONFIG_KVM_GENERIC_DIRTYLOG_READ_PROTECT y
126 set_kernel_config CONFIG_KVM_MMIO y
127 set_kernel_config CONFIG_KVM_VFIO y
128 set_kernel_config CONFIG_VHOST m
129 set_kernel_config CONFIG_VHOST_CROSS_ENDIAN_LEGACY y
130 set_kernel_config CONFIG_VHOST_NET m
131 set_kernel_config CONFIG_VIRTUALIZATION y
132
133 set_kernel_config CONFIG_MMU_NOTIFIER y
134
135 # erratum
136 set_kernel_config ARM64_ERRATUM_834220 y
137
138 # https://sourceforge.net/p/kvm/mailman/message/18440797/
139 set_kernel_config CONFIG_PREEMPT_NOTIFIERS y
140 fi
141
142 # enable apparmor,integrity audit,
143 if [ "$KERNEL_SECURITY" = true ] ; then
144
145 # security filesystem, security models and audit
146 set_kernel_config CONFIG_SECURITYFS y
147 set_kernel_config CONFIG_SECURITY y
148 set_kernel_config CONFIG_AUDIT y
149
150 # harden strcpy and memcpy
151 set_kernel_config CONFIG_HARDENED_USERCOPY=y
152 set_kernel_config CONFIG_HAVE_HARDENED_USERCOPY_ALLOCATOR=y
153 set_kernel_config CONFIG_FORTIFY_SOURCE=y
154
155 # integrity sub-system
156 set_kernel_config CONFIG_INTEGRITY=y
157 set_kernel_config CONFIG_INTEGRITY_ASYMMETRIC_KEYS=y
158 set_kernel_config CONFIG_INTEGRITY_AUDIT=y
159 set_kernel_config CONFIG_INTEGRITY_SIGNATURE=y
160 set_kernel_config CONFIG_INTEGRITY_TRUSTED_KEYRING=y
161
162 # This option provides support for retaining authentication tokens and access keys in the kernel.
163 set_kernel_config CONFIG_KEYS=y
164 set_kernel_config CONFIG_KEYS_COMPAT=y
165
166 # Apparmor
167 set_kernel_config CONFIG_SECURITY_APPARMOR_BOOTPARAM_VALUE 0
168 set_kernel_config CONFIG_SECURITY_APPARMOR_HASH_DEFAULT y
169 set_kernel_config CONFIG_DEFAULT_SECURITY_APPARMOR y
170 set_kernel_config CONFIG_SECURITY_APPARMOR y
171 set_kernel_config CONFIG_SECURITY_APPARMOR_HASH y
172 set_kernel_config CONFIG_DEFAULT_SECURITY "apparmor"
173
174 # restrictions on unprivileged users reading the kernel
175 set_kernel_config CONFIG_SECURITY_DMESG_RESTRICT=y
176
177 # network security hooks
178 set_kernel_config CONFIG_SECURITY_NETWORK y
179 set_kernel_config CONFIG_SECURITY_NETWORK_XFRM=y
180 set_kernel_config CONFIG_SECURITY_PATH=y
181 set_kernel_config CONFIG_SECURITY_YAMA=y
182
183 # New Options
184 if [ "$KERNEL_NF" = true ] ; then
185 set_kernel_config CONFIG_IP_NF_SECURITY m
186 set_kernel_config CONFIG_NETLABEL y
187 set_kernel_config CONFIG_IP6_NF_SECURITY m
188 fi
189 set_kernel_config CONFIG_SECURITY_SELINUX n
190 set_kernel_config CONFIG_SECURITY_SMACK n
191 set_kernel_config CONFIG_SECURITY_TOMOYO n
192 set_kernel_config CONFIG_SECURITY_APPARMOR_DEBUG n
193 set_kernel_config CONFIG_SECURITY_LOADPIN n
194 set_kernel_config CONFIG_HARDENED_USERCOPY_PAGESPAN n
195 set_kernel_config CONFIG_IMA n
196 set_kernel_config CONFIG_EVM n
197 set_kernel_config CONFIG_FANOTIFY_ACCESS_PERMISSIONS y
198 set_kernel_config CONFIG_NFSD_V4_SECURITY_LABEL y
199 set_kernel_config CONFIG_PKCS7_MESSAGE_PARSER y
200 set_kernel_config CONFIG_SYSTEM_TRUSTED_KEYRING y
201 set_kernel_config CONFIG_SYSTEM_TRUSTED_KEYS y
202 set_kernel_config CONFIG_SYSTEM_EXTRA_CERTIFICATE y
203 set_kernel_config CONFIG_SECONDARY_TRUSTED_KEYRING y
204 set_kernel_config CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY n
205 set_kernel_config CONFIG_SYSTEM_TRUSTED_KEYS m
206 set_kernel_config CONFIG_SYSTEM_EXTRA_CERTIFICATE_SIZE 4096
207
208 set_kernel_config CONFIG_ARM64_CRYPTO y
209 set_kernel_config CONFIG_CRYPTO_SHA256_ARM64 m
210 set_kernel_config CONFIG_CRYPTO_SHA512_ARM64 m
211 set_kernel_config CONFIG_CRYPTO_SHA1_ARM64_CE m
212 set_kernel_config CRYPTO_GHASH_ARM64_CE m
213 set_kernel_config CRYPTO_SHA2_ARM64_CE m
214 set_kernel_config CONFIG_CRYPTO_CRCT10DIF_ARM64_CE m
215 set_kernel_config CONFIG_CRYPTO_CRC32_ARM64_CE m
216 set_kernel_config CONFIG_CRYPTO_AES_ARM64 m
217 set_kernel_config CONFIG_CRYPTO_AES_ARM64_CE m
218 set_kernel_config CONFIG_CRYPTO_AES_ARM64_CE_CCM y
219 set_kernel_config CONFIG_CRYPTO_AES_ARM64_CE_BLK y
220 set_kernel_config CONFIG_CRYPTO_AES_ARM64_NEON_BLK m
221 set_kernel_config CONFIG_CRYPTO_CHACHA20_NEON m
222 set_kernel_config CONFIG_CRYPTO_AES_ARM64_BS m
223 set_kernel_config SYSTEM_TRUSTED_KEYS
224 fi
225
226 # Netfilter kernel support See https://github.com/raspberrypi/linux/issues/2177#issuecomment-354647406
227 if [ "$KERNEL_NF" = true ] ; then
228 set_kernel_config CONFIG_IP_NF_TARGET_SYNPROXY m
229 set_kernel_config CONFIG_NETFILTER_XT_TARGET_AUDIT m
230 set_kernel_config CONFIG_NETFILTER_XT_MATCH_CGROUP m
231 set_kernel_config CONFIG_NETFILTER_XT_MATCH_IPCOMP m
232 set_kernel_config CONFIG_NETFILTER_XT_MATCH_SOCKET m
233 set_kernel_config CONFIG_NFT_FIB_INET m
234 set_kernel_config CONFIG_NFT_FIB_IPV4 m
235 set_kernel_config CONFIG_NFT_FIB_IPV6 m
236 set_kernel_config CONFIG_NFT_FIB_NETDEV m
237 set_kernel_config CONFIG_NFT_OBJREF m
238 set_kernel_config CONFIG_NFT_RT m
239 set_kernel_config CONFIG_NFT_SET_BITMAP m
240 set_kernel_config CONFIG_NF_CONNTRACK_TIMEOUT y
241 set_kernel_config CONFIG_NF_LOG_ARP m
242 set_kernel_config CONFIG_NF_SOCKET_IPV4 m
243 set_kernel_config CONFIG_NF_SOCKET_IPV6 m
244 set_kernel_config CONFIG_BRIDGE_EBT_BROUTE m
245 set_kernel_config CONFIG_BRIDGE_EBT_T_FILTER m
246 set_kernel_config CONFIG_BRIDGE_NF_EBTABLES m
247 set_kernel_config CONFIG_IP6_NF_IPTABLES m
248 set_kernel_config CONFIG_IP6_NF_MATCH_AH m
249 set_kernel_config CONFIG_IP6_NF_MATCH_EUI64 m
250 set_kernel_config CONFIG_IP6_NF_NAT m
251 set_kernel_config CONFIG_IP6_NF_TARGET_MASQUERADE m
252 set_kernel_config CONFIG_IP6_NF_TARGET_NPT m
253 set_kernel_config CONFIG_IP_NF_SECURITY m
254 set_kernel_config CONFIG_IP_SET_BITMAP_IPMAC m
255 set_kernel_config CONFIG_IP_SET_BITMAP_PORT m
256 set_kernel_config CONFIG_IP_SET_HASH_IP m
257 set_kernel_config CONFIG_IP_SET_HASH_IPMARK m
258 set_kernel_config CONFIG_IP_SET_HASH_IPPORT m
259 set_kernel_config CONFIG_IP_SET_HASH_IPPORTIP m
260 set_kernel_config CONFIG_IP_SET_HASH_IPPORTNET m
261 set_kernel_config CONFIG_IP_SET_HASH_MAC m
262 set_kernel_config CONFIG_IP_SET_HASH_NET m
263 set_kernel_config CONFIG_IP_SET_HASH_NETIFACE m
264 set_kernel_config CONFIG_IP_SET_HASH_NETNET m
265 set_kernel_config CONFIG_IP_SET_HASH_NETPORT m
266 set_kernel_config CONFIG_IP_SET_HASH_NETPORTNET m
267 set_kernel_config CONFIG_IP_SET_LIST_SET m
268 set_kernel_config CONFIG_NETFILTER_XTABLES m
269 set_kernel_config CONFIG_NETFILTER_XTABLES m
270 set_kernel_config CONFIG_NFT_BRIDGE_META m
271 set_kernel_config CONFIG_NFT_BRIDGE_REJECT m
272 set_kernel_config CONFIG_NFT_CHAIN_NAT_IPV4 m
273 set_kernel_config CONFIG_NFT_CHAIN_NAT_IPV6 m
274 set_kernel_config CONFIG_NFT_CHAIN_ROUTE_IPV4 m
275 set_kernel_config CONFIG_NFT_CHAIN_ROUTE_IPV6 m
276 set_kernel_config CONFIG_NFT_COMPAT m
277 set_kernel_config CONFIG_NFT_COUNTER m
278 set_kernel_config CONFIG_NFT_CT m
279 set_kernel_config CONFIG_NFT_DUP_IPV4 m
280 set_kernel_config CONFIG_NFT_DUP_IPV6 m
281 set_kernel_config CONFIG_NFT_DUP_NETDEV m
282 set_kernel_config CONFIG_NFT_EXTHDR m
283 set_kernel_config CONFIG_NFT_FWD_NETDEV m
284 set_kernel_config CONFIG_NFT_HASH m
285 set_kernel_config CONFIG_NFT_LIMIT m
286 set_kernel_config CONFIG_NFT_LOG m
287 set_kernel_config CONFIG_NFT_MASQ m
288 set_kernel_config CONFIG_NFT_MASQ_IPV4 m
289 set_kernel_config CONFIG_NFT_MASQ_IPV6 m
290 set_kernel_config CONFIG_NFT_META m
291 set_kernel_config CONFIG_NFT_NAT m
292 set_kernel_config CONFIG_NFT_NUMGEN m
293 set_kernel_config CONFIG_NFT_QUEUE m
294 set_kernel_config CONFIG_NFT_QUOTA m
295 set_kernel_config CONFIG_NFT_REDIR m
296 set_kernel_config CONFIG_NFT_REDIR_IPV4 m
297 set_kernel_config CONFIG_NFT_REDIR_IPV6 m
298 set_kernel_config CONFIG_NFT_REJECT m
299 set_kernel_config CONFIG_NFT_REJECT_INET m
300 set_kernel_config CONFIG_NFT_REJECT_IPV4 m
301 set_kernel_config CONFIG_NFT_REJECT_IPV6 m
302 set_kernel_config CONFIG_NFT_SET_HASH m
303 set_kernel_config CONFIG_NFT_SET_RBTREE m
304 set_kernel_config CONFIG_NF_CONNTRACK_IPV4 m
305 set_kernel_config CONFIG_NF_CONNTRACK_IPV6 m
306 set_kernel_config CONFIG_NF_DEFRAG_IPV4 m
307 set_kernel_config CONFIG_NF_DEFRAG_IPV6 m
308 set_kernel_config CONFIG_NF_DUP_IPV4 m
309 set_kernel_config CONFIG_NF_DUP_IPV6 m
310 set_kernel_config CONFIG_NF_DUP_NETDEV m
311 set_kernel_config CONFIG_NF_LOG_BRIDGE m
312 set_kernel_config CONFIG_NF_LOG_IPV4 m
313 set_kernel_config CONFIG_NF_LOG_IPV6 m
314 set_kernel_config CONFIG_NF_NAT_IPV4 m
315 set_kernel_config CONFIG_NF_NAT_IPV6 m
316 set_kernel_config CONFIG_NF_NAT_MASQUERADE_IPV4 m
317 set_kernel_config CONFIG_NF_NAT_MASQUERADE_IPV6 m
318 set_kernel_config CONFIG_NF_NAT_PPTP m
319 set_kernel_config CONFIG_NF_NAT_PROTO_GRE m
320 set_kernel_config CONFIG_NF_NAT_REDIRECT m
321 set_kernel_config CONFIG_NF_NAT_SIP m
322 set_kernel_config CONFIG_NF_NAT_SNMP_BASIC m
323 set_kernel_config CONFIG_NF_NAT_TFTP m
324 set_kernel_config CONFIG_NF_REJECT_IPV4 m
325 set_kernel_config CONFIG_NF_REJECT_IPV6 m
326 set_kernel_config CONFIG_NF_TABLES m
327 set_kernel_config CONFIG_NF_TABLES_ARP m
328 set_kernel_config CONFIG_NF_TABLES_BRIDGE m
329 set_kernel_config CONFIG_NF_TABLES_INET m
330 set_kernel_config CONFIG_NF_TABLES_IPV4 m
331 set_kernel_config CONFIG_NF_TABLES_IPV6 m
332 set_kernel_config CONFIG_NF_TABLES_NETDEV m
333 fi
334
335 # Enables BPF syscall for systemd-journald see https://github.com/torvalds/linux/blob/master/init/Kconfig#L848 or https://groups.google.com/forum/#!topic/linux.gentoo.user/_2aSc_ztGpA
336 if [ "$KERNEL_BPF" = true ] ; then
337 set_kernel_config CONFIG_BPF_SYSCALL y
338 set_kernel_config CONFIG_BPF_EVENTS y
339 set_kernel_config CONFIG_BPF_STREAM_PARSER y
340 set_kernel_config CONFIG_CGROUP_BPF y
341 fi
342
343 # KERNEL_DEFAULT_GOV was set by user
344 if [ "$KERNEL_DEFAULT_GOV" != powersave ] && [ -n "$KERNEL_DEFAULT_GOV" ] ; then
345
346 case "$KERNEL_DEFAULT_GOV" in
347 performance)
348 set_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_PERFORMANCE y
349 ;;
350 userspace)
351 set_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_USERSPACE y
352 ;;
353 ondemand)
354 set_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_ONDEMAND y
355 ;;
356 conservative)
357 set_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_CONSERVATIVE y
358 ;;
359 shedutil)
360 set_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_SCHEDUTIL y
361 ;;
362 *)
363 echo "error: unsupported default cpu governor"
364 exit 1
365 ;;
366 esac
367
368 # unset previous default governor
369 unset_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_POWERSAVE
370 fi
371
372 #Revert to previous directory
373 cd "${WORKDIR}" || exit
374
90 # Set kernel configuration parameters to enable qemu emulation
375 # Set kernel configuration parameters to enable qemu emulation
91 if [ "$ENABLE_QEMU" = true ] ; then
376 if [ "$ENABLE_QEMU" = true ] ; then
92 echo "CONFIG_FHANDLE=y" >> "${KERNEL_DIR}"/.config
377 echo "CONFIG_FHANDLE=y" >> "${KERNEL_DIR}"/.config
@@ -126,6 +411,7 if [ "$BUILD_KERNEL" = true ] ; then
126 if [ "$KERNEL_MENUCONFIG" = true ] ; then
411 if [ "$KERNEL_MENUCONFIG" = true ] ; then
127 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" menuconfig
412 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" menuconfig
128 fi
413 fi
414 # end if "$KERNELSRC_CONFIG" = true
129 fi
415 fi
130
416
131 # Use ccache to cross compile the kernel
417 # Use ccache to cross compile the kernel
@@ -142,6 +428,7 if [ "$BUILD_KERNEL" = true ] ; then
142 if grep -q "CONFIG_MODULES=y" "${KERNEL_DIR}/.config" ; then
428 if grep -q "CONFIG_MODULES=y" "${KERNEL_DIR}/.config" ; then
143 make -C "${KERNEL_DIR}" -j"${KERNEL_THREADS}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" CC="${cc}" modules
429 make -C "${KERNEL_DIR}" -j"${KERNEL_THREADS}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" CC="${cc}" modules
144 fi
430 fi
431 # end if "$KERNELSRC_PREBUILT" = false
145 fi
432 fi
146
433
147 # Check if kernel compilation was successful
434 # Check if kernel compilation was successful
@@ -237,19 +524,79 if [ "$BUILD_KERNEL" = true ] ; then
237 fi
524 fi
238
525
239 else # BUILD_KERNEL=false
526 else # BUILD_KERNEL=false
240 # Kernel installation
527 if [ "$SET_ARCH" = 64 ] && { [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; } ; then
241 chroot_exec apt-get -qq -y --no-install-recommends install linux-image-"${COLLABORA_KERNEL}" raspberrypi-bootloader-nokernel
528
529 # Use Sakakis modified kernel if ZSWAP is active
530 if [ "$KERNEL_ZSWAP" = true ] || [ "$KERNEL_VIRT" = true ] || [ "$KERNEL_NF" = true ] || [ "$KERNEL_BPF" = true ] ; then
531 RPI3_64_KERNEL_URL="${RPI3_64_BIS_KERNEL_URL}"
532 fi
533
534 # Create temporary directory for dl
535 temp_dir=$(as_nobody mktemp -d)
536
537 # Fetch kernel dl
538 as_nobody wget -O "${temp_dir}"/kernel.tar.xz -c "$RPI3_64_KERNEL_URL"
539
540 #extract download
541 tar -xJf "${temp_dir}"/kernel.tar.xz -C "${temp_dir}"
542
543 #move extracted kernel to /boot/firmware
544 mkdir "${R}/boot/firmware"
545 cp "${temp_dir}"/boot/* "${R}"/boot/firmware/
546 cp -r "${temp_dir}"/lib/* "${R}"/lib/
547
548 # Remove temporary directory for kernel sources
549 rm -fr "${temp_dir}"
550
551 # Set permissions of the kernel sources
552 chown -R root:root "${R}/boot/firmware"
553 chown -R root:root "${R}/lib/modules"
554 fi
555
556 # Install Kernel from hypriot comptabile with all Raspberry PI
557 if [ "$SET_ARCH" = 32 ] ; then
558 # Create temporary directory for dl
559 temp_dir=$(as_nobody mktemp -d)
560
561 # Fetch kernel
562 as_nobody wget -O "${temp_dir}"/kernel.deb -c "$RPI_32_KERNEL_URL"
242
563
243 # Install flash-kernel last so it doesn't try (and fail) to detect the platform in the chroot
564 # Copy downloaded U-Boot sources
244 chroot_exec apt-get -qq -y install flash-kernel
565 mv "${temp_dir}"/kernel.deb "${R}"/tmp/kernel.deb
566
567 # Set permissions
568 chown -R root:root "${R}"/tmp/kernel.deb
569
570 # Install kernel
571 chroot_exec dpkg -i /tmp/kernel.deb
572
573 # move /boot to /boot/firmware to fit script env.
574 #mkdir "${BOOT_DIR}"
575 mkdir "${temp_dir}"/firmware
576 mv "${R}"/boot/* "${temp_dir}"/firmware/
577 mv "${temp_dir}"/firmware "${R}"/boot/
578
579 #same for kernel headers
580 if [ "$KERNEL_HEADERS" = true ] ; then
581 # Fetch kernel header
582 as_nobody wget -O "${temp_dir}"/kernel-header.deb -c "$RPI_32_KERNELHEADER_URL"
583 mv "${temp_dir}"/kernel-header.deb "${R}"/tmp/kernel-header.deb
584 chown -R root:root "${R}"/tmp/kernel-header.deb
585 # Install kernel header
586 chroot_exec dpkg -i /tmp/kernel-header.deb
587 rm -f "${R}"/tmp/kernel-header.deb
588 fi
589
590 # Remove temporary directory and files
591 rm -fr "${temp_dir}"
592 rm -f "${R}"/tmp/kernel.deb
593 fi
245
594
246 # Check if kernel installation was successful
595 # Check if kernel installation was successful
247 VMLINUZ="$(ls -1 "${R}"/boot/vmlinuz-* | sort | tail -n 1)"
596 KERNEL="$(ls -1 "${R}"/boot/firmware/kernel* | sort | tail -n 1)"
248 if [ -z "$VMLINUZ" ] ; then
597 if [ -z "$KERNEL" ] ; then
249 echo "error: kernel installation failed! (/boot/vmlinuz-* not found)"
598 echo "error: kernel installation failed! (/boot/kernel* not found)"
250 cleanup
599 cleanup
251 exit 1
600 exit 1
252 fi
601 fi
253 # Copy vmlinuz kernel to the boot directory
254 install_readonly "${VMLINUZ}" "${BOOT_DIR}/${KERNEL_IMAGE}"
255 fi
602 fi
Show file before | Show file after | Hide comments
@@ -8,6 +8,11
8 # Install and setup fstab
8 # Install and setup fstab
9 install_readonly files/mount/fstab "${ETC_DIR}/fstab"
9 install_readonly files/mount/fstab "${ETC_DIR}/fstab"
10
10
11 if [ "$ENABLE_UBOOTUSB" = true ] ; then
12 sed -i "s/mmcblk0p1/sda1/" "${ETC_DIR}/fstab"
13 sed -i "s/mmcblk0p2/sda2/" "${ETC_DIR}/fstab"
14 fi
15
11 # Add usb/sda disk root partition to fstab
16 # Add usb/sda disk root partition to fstab
12 if [ "$ENABLE_SPLITFS" = true ] && [ "$ENABLE_CRYPTFS" = false ] ; then
17 if [ "$ENABLE_SPLITFS" = true ] && [ "$ENABLE_CRYPTFS" = false ] ; then
13 sed -i "s/mmcblk0p2/sda1/" "${ETC_DIR}/fstab"
18 sed -i "s/mmcblk0p2/sda1/" "${ETC_DIR}/fstab"
@@ -29,7 +34,7 if [ "$ENABLE_CRYPTFS" = true ] ; then
29 fi
34 fi
30
35
31 # Generate initramfs file
36 # Generate initramfs file
32 if [ "$BUILD_KERNEL" = true ] && [ "$ENABLE_INITRAMFS" = true ] ; then
37 if [ "$ENABLE_INITRAMFS" = true ] ; then
33 if [ "$ENABLE_CRYPTFS" = true ] ; then
38 if [ "$ENABLE_CRYPTFS" = true ] ; then
34 # Include initramfs scripts to auto expand encrypted root partition
39 # Include initramfs scripts to auto expand encrypted root partition
35 if [ "$EXPANDROOT" = true ] ; then
40 if [ "$EXPANDROOT" = true ] ; then
@@ -38,8 +43,43 if [ "$BUILD_KERNEL" = true ] && [ "$ENABLE_INITRAMFS" = true ] ; then
38 install_exec files/initramfs/expand-tools "${ETC_DIR}/initramfs-tools/hooks/expand-tools"
43 install_exec files/initramfs/expand-tools "${ETC_DIR}/initramfs-tools/hooks/expand-tools"
39 fi
44 fi
40
45
41 # Disable SSHD inside initramfs
46 if [ "$CRYPTFS_DROPBEAR" = true ]; then
42 printf "#\n# DROPBEAR: [ y | n ]\n#\n\nDROPBEAR=n\n" >> "${ETC_DIR}/initramfs-tools/initramfs.conf"
47 if [ -n "$CRYPTFS_DROPBEAR_PUBKEY" ] && [ -f "$CRYPTFS_DROPBEAR_PUBKEY" ] ; then
48 install_readonly "${CRYPTFS_DROPBEAR_PUBKEY}" "${ETC_DIR}"/dropbear-initramfs/id_rsa.pub
49 cat "${ETC_DIR}"/dropbear-initramfs/id_rsa.pub >> "${ETC_DIR}"/dropbear-initramfs/authorized_keys
50 else
51 # Create key
52 chroot_exec /usr/bin/dropbearkey -t rsa -f /etc/dropbear-initramfs/id_rsa.dropbear
53
54 # Convert dropbear key to openssh key
55 chroot_exec /usr/lib/dropbear/dropbearconvert dropbear openssh /etc/dropbear-initramfs/id_rsa.dropbear /etc/dropbear-initramfs/id_rsa
56
57 # Get Public Key Part
58 chroot_exec /usr/bin/dropbearkey -y -f /etc/dropbear-initramfs/id_rsa.dropbear | chroot_exec tee /etc/dropbear-initramfs/id_rsa.pub
59
60 # Delete unwanted lines
61 sed -i '/Public/d' "${ETC_DIR}"/dropbear-initramfs/id_rsa.pub
62 sed -i '/Fingerprint/d' "${ETC_DIR}"/dropbear-initramfs/id_rsa.pub
63
64 # Trust the new key
65 cat "${ETC_DIR}"/dropbear-initramfs/id_rsa.pub > "${ETC_DIR}"/dropbear-initramfs/authorized_keys
66
67 # Save Keys - convert with putty from rsa/openssh to puttkey
68 cp -f "${ETC_DIR}"/dropbear-initramfs/id_rsa "${BASEDIR}"/dropbear_initramfs_key.rsa
69
70 # Get unlock script
71 install_exec files/initramfs/crypt_unlock.sh "${ETC_DIR}"/initramfs-tools/hooks/crypt_unlock.sh
72
73 # Enable Dropbear inside initramfs
74 printf "#\n# DROPBEAR: [ y | n ]\n#\n\nDROPBEAR=y\n" >> "${ETC_DIR}/initramfs-tools/initramfs.conf"
75
76 # Enable Dropbear inside initramfs
77 sed -i "54 i sleep 5" "${R}"/usr/share/initramfs-tools/scripts/init-premount/dropbear
78 fi
79 else
80 # Disable SSHD inside initramfs
81 printf "#\n# DROPBEAR: [ y | n ]\n#\n\nDROPBEAR=n\n" >> "${ETC_DIR}/initramfs-tools/initramfs.conf"
82 fi
43
83
44 # Add cryptsetup modules to initramfs
84 # Add cryptsetup modules to initramfs
45 printf "#\n# CRYPTSETUP: [ y | n ]\n#\n\nCRYPTSETUP=y\n" >> "${ETC_DIR}/initramfs-tools/conf-hook"
85 printf "#\n# CRYPTSETUP: [ y | n ]\n#\n\nCRYPTSETUP=y\n" >> "${ETC_DIR}/initramfs-tools/conf-hook"
Show file before | Show file after | Hide comments
@@ -5,39 +5,37
5 # Load utility functions
5 # Load utility functions
6 . ./functions.sh
6 . ./functions.sh
7
7
8 if [ "$BUILD_KERNEL" = true ] ; then
8 if [ -n "$RPI_FIRMWARE_DIR" ] && [ -d "$RPI_FIRMWARE_DIR" ] ; then
9 if [ -n "$RPI_FIRMWARE_DIR" ] && [ -d "$RPI_FIRMWARE_DIR" ] ; then
9 # Install boot binaries from local directory
10 # Install boot binaries from local directory
10 cp "${RPI_FIRMWARE_DIR}"/boot/bootcode.bin "${BOOT_DIR}"/bootcode.bin
11 cp "${RPI_FIRMWARE_DIR}"/boot/bootcode.bin "${BOOT_DIR}"/bootcode.bin
11 cp "${RPI_FIRMWARE_DIR}"/boot/fixup.dat "${BOOT_DIR}"/fixup.dat
12 cp "${RPI_FIRMWARE_DIR}"/boot/fixup.dat "${BOOT_DIR}"/fixup.dat
12 cp "${RPI_FIRMWARE_DIR}"/boot/fixup_cd.dat "${BOOT_DIR}"/fixup_cd.dat
13 cp "${RPI_FIRMWARE_DIR}"/boot/fixup_cd.dat "${BOOT_DIR}"/fixup_cd.dat
13 cp "${RPI_FIRMWARE_DIR}"/boot/fixup_x.dat "${BOOT_DIR}"/fixup_x.dat
14 cp "${RPI_FIRMWARE_DIR}"/boot/fixup_x.dat "${BOOT_DIR}"/fixup_x.dat
14 cp "${RPI_FIRMWARE_DIR}"/boot/start.elf "${BOOT_DIR}"/start.elf
15 cp "${RPI_FIRMWARE_DIR}"/boot/start.elf "${BOOT_DIR}"/start.elf
15 cp "${RPI_FIRMWARE_DIR}"/boot/start_cd.elf "${BOOT_DIR}"/start_cd.elf
16 cp "${RPI_FIRMWARE_DIR}"/boot/start_cd.elf "${BOOT_DIR}"/start_cd.elf
16 cp "${RPI_FIRMWARE_DIR}"/boot/start_x.elf "${BOOT_DIR}"/start_x.elf
17 cp "${RPI_FIRMWARE_DIR}"/boot/start_x.elf "${BOOT_DIR}"/start_x.elf
17 else
18 else
18 # Create temporary directory for boot binaries
19 # Create temporary directory for boot binaries
19 temp_dir=$(as_nobody mktemp -d)
20 temp_dir=$(as_nobody mktemp -d)
20
21
21 # Install latest boot binaries from raspberry/firmware github
22 # Install latest boot binaries from raspberry/firmware github
22 as_nobody wget -q -O "${temp_dir}/bootcode.bin" "${FIRMWARE_URL}/bootcode.bin"
23 as_nobody wget -q -O "${temp_dir}/bootcode.bin" "${FIRMWARE_URL}/bootcode.bin"
23 as_nobody wget -q -O "${temp_dir}/fixup.dat" "${FIRMWARE_URL}/fixup.dat"
24 as_nobody wget -q -O "${temp_dir}/fixup.dat" "${FIRMWARE_URL}/fixup.dat"
24 as_nobody wget -q -O "${temp_dir}/fixup_cd.dat" "${FIRMWARE_URL}/fixup_cd.dat"
25 as_nobody wget -q -O "${temp_dir}/fixup_cd.dat" "${FIRMWARE_URL}/fixup_cd.dat"
25 as_nobody wget -q -O "${temp_dir}/fixup_x.dat" "${FIRMWARE_URL}/fixup_x.dat"
26 as_nobody wget -q -O "${temp_dir}/fixup_x.dat" "${FIRMWARE_URL}/fixup_x.dat"
26 as_nobody wget -q -O "${temp_dir}/start.elf" "${FIRMWARE_URL}/start.elf"
27 as_nobody wget -q -O "${temp_dir}/start.elf" "${FIRMWARE_URL}/start.elf"
27 as_nobody wget -q -O "${temp_dir}/start_cd.elf" "${FIRMWARE_URL}/start_cd.elf"
28 as_nobody wget -q -O "${temp_dir}/start_cd.elf" "${FIRMWARE_URL}/start_cd.elf"
28 as_nobody wget -q -O "${temp_dir}/start_x.elf" "${FIRMWARE_URL}/start_x.elf"
29 as_nobody wget -q -O "${temp_dir}/start_x.elf" "${FIRMWARE_URL}/start_x.elf"
29
30
30 # Move downloaded boot binaries
31 # Move downloaded boot binaries
31 mv "${temp_dir}/"* "${BOOT_DIR}/"
32 mv "${temp_dir}/"* "${BOOT_DIR}/"
32
33
33 # Remove temporary directory for boot binaries
34 # Remove temporary directory for boot binaries
34 rm -fr "${temp_dir}"
35 rm -fr "${temp_dir}"
35
36
36 # Set permissions of the boot binaries
37 # Set permissions of the boot binaries
37 chown -R root:root "${BOOT_DIR}"
38 chown -R root:root "${BOOT_DIR}"
38 chmod -R 600 "${BOOT_DIR}"
39 chmod -R 600 "${BOOT_DIR}"
40 fi
41 fi
39 fi
42
40
43 # Setup firmware boot cmdline
41 # Setup firmware boot cmdline
@@ -56,23 +54,53 if [ "$ENABLE_CRYPTFS" = true ] ; then
56 fi
54 fi
57 fi
55 fi
58
56
59 #locks cpu at max frequency
57 # Enable Kernel messages on standard output
60 if [ "$ENABLE_TURBO" = true ] ; then
61 echo "force_turbo=1" >> "${BOOT_DIR}/config.txt"
62 fi
63
64 if [ "$ENABLE_PRINTK" = true ] ; then
58 if [ "$ENABLE_PRINTK" = true ] ; then
65 install_readonly files/sysctl.d/83-rpi-printk.conf "${ETC_DIR}/sysctl.d/83-rpi-printk.conf"
59 install_readonly files/sysctl.d/83-rpi-printk.conf "${ETC_DIR}/sysctl.d/83-rpi-printk.conf"
66 fi
60 fi
67
61
68 # Install udev rule for serial alias
62 # Install udev rule for serial alias - serial0 = console serial1=bluetooth
69 install_readonly files/etc/99-com.rules "${LIB_DIR}/udev/rules.d/99-com.rules"
63 install_readonly files/etc/99-com.rules "${LIB_DIR}/udev/rules.d/99-com.rules"
70
64
65 # Remove IPv6 networking support
66 if [ "$ENABLE_IPV6" = false ] ; then
67 CMDLINE="${CMDLINE} ipv6.disable=1"
68 fi
69
70 # Automatically assign predictable network interface names
71 if [ "$ENABLE_IFNAMES" = false ] ; then
72 CMDLINE="${CMDLINE} net.ifnames=0"
73 else
74 CMDLINE="${CMDLINE} net.ifnames=1"
75 fi
76
77 # Disable Raspberry Pi console logo
78 if [ "$ENABLE_LOGO" = false ] ; then
79 CMDLINE="${CMDLINE} logo.nologo"
80 fi
81
82 # Strictly limit verbosity of boot up console messages
83 if [ "$ENABLE_SILENT_BOOT" = true ] ; then
84 CMDLINE="${CMDLINE} quiet loglevel=0 rd.systemd.show_status=auto rd.udev.log_priority=0"
85 fi
86
87 # Install firmware config
88 install_readonly files/boot/config.txt "${BOOT_DIR}/config.txt"
89
90 # Disable Raspberry Pi console logo
91 if [ "$ENABLE_SLASH" = false ] ; then
92 echo "disable_splash=1" >> "${BOOT_DIR}/config.txt"
93 fi
94
95 # Locks CPU frequency at maximum
96 if [ "$ENABLE_TURBO" = true ] ; then
97 echo "force_turbo=1" >> "${BOOT_DIR}/config.txt"
98 # helps to avoid sdcard corruption when force_turbo is enabled.
99 echo "boot_delay=1" >> "${BOOT_DIR}/config.txt"
100 fi
101
71 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then
102 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then
72
103
73 # RPI0,3,3P Use default ttyS0 (mini-UART)as serial interface
74 SET_SERIAL="ttyS0"
75
76 # Bluetooth enabled
104 # Bluetooth enabled
77 if [ "$ENABLE_BLUETOOTH" = true ] ; then
105 if [ "$ENABLE_BLUETOOTH" = true ] ; then
78 # Create temporary directory for Bluetooth sources
106 # Create temporary directory for Bluetooth sources
@@ -95,6 +123,10 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then
95 install_readonly "${R}/tmp/pi-bluetooth/usr/bin/btuart" "${R}/usr/bin/btuart"
123 install_readonly "${R}/tmp/pi-bluetooth/usr/bin/btuart" "${R}/usr/bin/btuart"
96 install_readonly "${R}/tmp/pi-bluetooth/usr/bin/bthelper" "${R}/usr/bin/bthelper"
124 install_readonly "${R}/tmp/pi-bluetooth/usr/bin/bthelper" "${R}/usr/bin/bthelper"
97
125
126 # make scripts executable
127 chmod +x "${R}/usr/bin/bthelper"
128 chmod +x "${R}/usr/bin/btuart"
129
98 # Install bluetooth udev rule
130 # Install bluetooth udev rule
99 install_readonly "${R}/tmp/pi-bluetooth/lib/udev/rules.d/90-pi-bluetooth.rules" "${LIB_DIR}/udev/rules.d/90-pi-bluetooth.rules"
131 install_readonly "${R}/tmp/pi-bluetooth/lib/udev/rules.d/90-pi-bluetooth.rules" "${LIB_DIR}/udev/rules.d/90-pi-bluetooth.rules"
100
132
@@ -104,13 +136,13 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then
104 install_readonly "${R}/tmp/pi-bluetooth/BCM43430A1.hcd" "${BLUETOOTH_FIRMWARE_DIR}/LICENCE.broadcom_bcm43xx"
136 install_readonly "${R}/tmp/pi-bluetooth/BCM43430A1.hcd" "${BLUETOOTH_FIRMWARE_DIR}/LICENCE.broadcom_bcm43xx"
105 install_readonly "${R}/tmp/pi-bluetooth/debian/pi-bluetooth.bthelper@.service" "${ETC_DIR}/systemd/system/pi-bluetooth.bthelper@.service"
137 install_readonly "${R}/tmp/pi-bluetooth/debian/pi-bluetooth.bthelper@.service" "${ETC_DIR}/systemd/system/pi-bluetooth.bthelper@.service"
106 install_readonly "${R}/tmp/pi-bluetooth/debian/pi-bluetooth.hciuart.service" "${ETC_DIR}/systemd/system/pi-bluetooth.hciuart.service"
138 install_readonly "${R}/tmp/pi-bluetooth/debian/pi-bluetooth.hciuart.service" "${ETC_DIR}/systemd/system/pi-bluetooth.hciuart.service"
107
139
108 # Remove temporary directory
140 # Remove temporary directories
109 rm -fr "${temp_dir}"
141 rm -fr "${temp_dir}"
110
142 rm -fr "${R}"/tmp/pi-bluetooth
143
111 # Switch Pi3 Bluetooth function to use the mini-UART (ttyS0) and restore UART0/ttyAMA0 over GPIOs 14 & 15. Slow Bluetooth and slow cpu. Use /dev/ttyS0 instead of /dev/ttyAMA0
144 # Switch Pi3 Bluetooth function to use the mini-UART (ttyS0) and restore UART0/ttyAMA0 over GPIOs 14 & 15. Slow Bluetooth and slow cpu. Use /dev/ttyS0 instead of /dev/ttyAMA0
112 if [ "$ENABLE_MINIUART_OVERLAY" = true ] ; then
145 if [ "$ENABLE_MINIUART_OVERLAY" = true ] ; then
113 SET_SERIAL="ttyAMA0"
114
146
115 # set overlay to swap ttyAMA0 and ttyS0
147 # set overlay to swap ttyAMA0 and ttyS0
116 echo "dtoverlay=pi3-miniuart-bt" >> "${BOOT_DIR}/config.txt"
148 echo "dtoverlay=pi3-miniuart-bt" >> "${BOOT_DIR}/config.txt"
@@ -119,23 +151,15 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then
119 if [ "$ENABLE_TURBO" = false ] ; then
151 if [ "$ENABLE_TURBO" = false ] ; then
120 echo "core_freq=250" >> "${BOOT_DIR}/config.txt"
152 echo "core_freq=250" >> "${BOOT_DIR}/config.txt"
121 fi
153 fi
122
123 # Activate services
124 chroot_exec systemctl enable pi-bluetooth.hciuart.service
125 #chroot_exec systemctl enable pi-bluetooth.bthelper@.service
126 else
127 chroot_exec systemctl enable pi-bluetooth.hciuart.service
128 #chroot_exec systemctl enable pi-bluetooth.bthelper@.service
129 fi
154 fi
130
155
156 # Activate services
157 chroot_exec systemctl enable pi-bluetooth.hciuart.service
158
131 else # if ENABLE_BLUETOOTH = false
159 else # if ENABLE_BLUETOOTH = false
132 # set overlay to disable bluetooth
160 # set overlay to disable bluetooth
133 echo "dtoverlay=pi3-disable-bt" >> "${BOOT_DIR}/config.txt"
161 echo "dtoverlay=pi3-disable-bt" >> "${BOOT_DIR}/config.txt"
134 fi # ENABLE_BLUETOOTH end
162 fi # ENABLE_BLUETOOTH end
135
136 else
137 # RPI1,1P,2 Use default ttyAMA0 (full UART) as serial interface
138 SET_SERIAL="ttyAMA0"
139 fi
163 fi
140
164
141 # may need sudo systemctl disable hciuart
165 # may need sudo systemctl disable hciuart
@@ -143,33 +167,60 if [ "$ENABLE_CONSOLE" = true ] ; then
143 echo "enable_uart=1" >> "${BOOT_DIR}/config.txt"
167 echo "enable_uart=1" >> "${BOOT_DIR}/config.txt"
144 # add string to cmdline
168 # add string to cmdline
145 CMDLINE="${CMDLINE} console=serial0,115200"
169 CMDLINE="${CMDLINE} console=serial0,115200"
146
170
147 # Enable serial console systemd style
171 # Enable serial console systemd style
148 chroot_exec systemctl enable serial-getty\@"$SET_SERIAL".service
172 chroot_exec systemctl enable serial-getty\@serial0.service
149 else
173 else
150 echo "enable_uart=0" >> "${BOOT_DIR}/config.txt"
174 echo "enable_uart=0" >> "${BOOT_DIR}/config.txt"
175
151 # disable serial console systemd style
176 # disable serial console systemd style
152 chroot_exec systemctl disable serial-getty\@"$SET_SERIAL".service
177 chroot_exec systemctl disable serial-getty\@"$SET_SERIAL".service
153 fi
178 fi
154
179
155 # Remove IPv6 networking support
180 if [ "$ENABLE_SYSTEMDSWAP" = true ] ; then
156 if [ "$ENABLE_IPV6" = false ] ; then
181 # Create temporary directory for systemd-swap sources
157 CMDLINE="${CMDLINE} ipv6.disable=1"
182 temp_dir=$(as_nobody mktemp -d)
158 fi
159
183
160 # Automatically assign predictable network interface names
184 # Fetch systemd-swap sources
161 if [ "$ENABLE_IFNAMES" = false ] ; then
185 as_nobody git -C "${temp_dir}" clone "${SYSTEMDSWAP_URL}"
162 CMDLINE="${CMDLINE} net.ifnames=0"
186
187 # Copy downloaded systemd-swap sources
188 mv "${temp_dir}/systemd-swap" "${R}/tmp/"
189
190 # Set permissions of the systemd-swap sources
191 chown -R root:root "${R}/tmp/systemd-swap"
192
193 # Remove temporary directory for systemd-swap sources
194 rm -fr "${temp_dir}"
195
196 # Change into downloaded src dir
197 cd "${R}/tmp/systemd-swap" || exit
198
199 # Build package
200 . ./package.sh debian
201
202 # Install package
203 chroot_exec dpkg -i /tmp/systemd-swap/systemd-swap-*any.deb
204
205 # Enable service
206 chroot_exec systemctl enable systemd-swap
207
208 # Change back into script root dir
209 cd "${WORKDIR}" || exit
163 else
210 else
164 CMDLINE="${CMDLINE} net.ifnames=1"
211 # Enable ZSWAP in cmdline if systemd-swap is not used
212 if [ "$KERNEL_ZSWAP" = true ] ; then
213 CMDLINE="${CMDLINE} zswap.enabled=1 zswap.max_pool_percent=25 zswap.compressor=lz4"
214 fi
215 fi
216
217 if [ "$KERNEL_SECURITY" = true ] ; then
218 CMDLINE="${CMDLINE} apparmor=1 security=apparmor"
165 fi
219 fi
166
220
167 # Install firmware boot cmdline
221 # Install firmware boot cmdline
168 echo "${CMDLINE}" > "${BOOT_DIR}/cmdline.txt"
222 echo "${CMDLINE}" > "${BOOT_DIR}/cmdline.txt"
169
223
170 # Install firmware config
171 install_readonly files/boot/config.txt "${BOOT_DIR}/config.txt"
172
173 # Setup minimal GPU memory allocation size: 16MB (no X)
224 # Setup minimal GPU memory allocation size: 16MB (no X)
174 if [ "$ENABLE_MINGPU" = true ] ; then
225 if [ "$ENABLE_MINGPU" = true ] ; then
175 echo "gpu_mem=16" >> "${BOOT_DIR}/config.txt"
226 echo "gpu_mem=16" >> "${BOOT_DIR}/config.txt"
Show file before | Show file after | Hide comments
@@ -57,6 +57,20 else # ENABLE_DHCP=false
57 -e "0,/NTP=\$/ s|NTP=\$|NTP=${NET_NTP_1}|"\
57 -e "0,/NTP=\$/ s|NTP=\$|NTP=${NET_NTP_1}|"\
58 -e "0,/NTP=\$/ s|NTP=\$|NTP=${NET_NTP_2}|"\
58 -e "0,/NTP=\$/ s|NTP=\$|NTP=${NET_NTP_2}|"\
59 "${ETC_DIR}/systemd/network/eth.network"
59 "${ETC_DIR}/systemd/network/eth.network"
60
61 if [ "$CRYPTFS_DROPBEAR" = true ] ; then
62 # Get cdir from NET_ADDRESS e.g. 24
63 cdir=$(${NET_ADDRESS} | cut -d '/' -f2)
64
65 # Convert cdir ro netmask e.g. 24 to 255.255.255.0
66 NET_MASK=$(cdr2mask "$cdir")
67
68 # Write static ip settings to "${ETC_DIR}"/initramfs-tools/initramfs.conf
69 sed -i "\$aIP=${NET_ADDRESS}::${NET_GATEWAY}:${NET_MASK}:${HOSTNAME}:" "${ETC_DIR}"/initramfs-tools/initramfs.conf
70
71 # Regenerate initramfs
72 chroot_exec mkinitramfs -o "/boot/firmware/initramfs-${KERNEL_VERSION}" "${KERNEL_VERSION}"
73 fi
60 fi
74 fi
61
75
62 # Remove empty settings from network configuration
76 # Remove empty settings from network configuration
Show file before | Show file after | Hide comments
@@ -9,9 +9,10 if [ "$ENABLE_IPTABLES" = true ] ; then
9 # Create iptables configuration directory
9 # Create iptables configuration directory
10 mkdir -p "${ETC_DIR}/iptables"
10 mkdir -p "${ETC_DIR}/iptables"
11
11
12 # make sure iptables-legacy is the used alternatives
12 if [ "$KERNEL_NF" = false ] ; then
13 #iptables-save and -restore are slaves of iptables and thus are set accordingly
13 #iptables-save and -restore are slaves of iptables and thus are set accordingly
14 chroot_exec update-alternatives --verbose --set iptables /usr/sbin/iptables-legacy
14 chroot_exec update-alternatives --verbose --set iptables /usr/sbin/iptables-legacy
15 fi
15
16
16 # Install iptables systemd service
17 # Install iptables systemd service
17 install_readonly files/iptables/iptables.service "${ETC_DIR}/systemd/system/iptables.service"
18 install_readonly files/iptables/iptables.service "${ETC_DIR}/systemd/system/iptables.service"
@@ -27,6 +28,11 if [ "$ENABLE_IPTABLES" = true ] ; then
27 chroot_exec systemctl enable iptables.service
28 chroot_exec systemctl enable iptables.service
28
29
29 if [ "$ENABLE_IPV6" = true ] ; then
30 if [ "$ENABLE_IPV6" = true ] ; then
31 if [ "$KERNEL_NF" = false ] ; then
32 #iptables-save and -restore are slaves of iptables and thus are set accordingly
33 chroot_exec update-alternatives --verbose --set ip6tables /usr/sbin/ip6tables-legacy
34 fi
35
30 # Install ip6tables systemd service
36 # Install ip6tables systemd service
31 install_readonly files/iptables/ip6tables.service "${ETC_DIR}/systemd/system/ip6tables.service"
37 install_readonly files/iptables/ip6tables.service "${ETC_DIR}/systemd/system/ip6tables.service"
32
38
Show file before | Show file after | Hide comments
@@ -22,8 +22,3 else
22 # Set no root password to disable root login
22 # Set no root password to disable root login
23 chroot_exec usermod -p \'!\' root
23 chroot_exec usermod -p \'!\' root
24 fi
24 fi
25
26 # Enable serial console systemd style
27 if [ "$ENABLE_CONSOLE" = true ] ; then
28 chroot_exec systemctl enable serial-getty\@ttyAMA0.service
29 fi
Show file before | Show file after | Hide comments
@@ -77,6 +77,11 if [ "$ENABLE_UBOOT" = true ] ; then
77 #in 64bit uboot booti is used instead of bootz [like in KERNEL_BIN_IMAGE=zImage (armv7)|| Image(armv8)]
77 #in 64bit uboot booti is used instead of bootz [like in KERNEL_BIN_IMAGE=zImage (armv7)|| Image(armv8)]
78 sed -i "s|bootz|booti|g" "${BOOT_DIR}/uboot.mkimage"
78 sed -i "s|bootz|booti|g" "${BOOT_DIR}/uboot.mkimage"
79 fi
79 fi
80
81 # instead of sd, boot from usb device
82 if [ "$ENABLE_UBOOTUSB" = true ] ; then
83 sed -i "s|mmc|usb|g" "${BOOT_DIR}/uboot.mkimage"
84 fi
80
85
81 # Set mkfile to use the correct dtb file
86 # Set mkfile to use the correct dtb file
82 sed -i "s|bcm2709-rpi-2-b.dtb|${DTB_FILE}|" "${BOOT_DIR}/uboot.mkimage"
87 sed -i "s|bcm2709-rpi-2-b.dtb|${DTB_FILE}|" "${BOOT_DIR}/uboot.mkimage"
Show file before | Show file after | Hide comments
@@ -50,4 +50,7 if [ "$ENABLE_VIDEOCORE" = true ] ; then
50
50
51 #back to root of scriptdir
51 #back to root of scriptdir
52 cd "${WORKDIR}"
52 cd "${WORKDIR}"
53
54 # Remove videocore sources
55 rm -fr "${R}"/tmp/userland/
53 fi
56 fi
Show file before | Show file after | Hide comments
@@ -1,8 +1,8
1 deb http://ftp.debian.org/debian jessie main contrib
1 deb http://ftp.debian.org/debian stretch main contrib
2 #deb-src http://ftp.debian.org/debian jessie main contrib
2 #deb-src http://ftp.debian.org/debian stretch main contrib
3
3
4 deb http://ftp.debian.org/debian/ jessie-updates main contrib
4 deb http://ftp.debian.org/debian/ stretch-updates main contrib
5 #deb-src http://ftp.debian.org/debian/ jessie-updates main contrib
5 #deb-src http://ftp.debian.org/debian/ stretch-updates main contrib
6
6
7 deb http://security.debian.org/ jessie/updates main contrib
7 deb http://security.debian.org/ stretch/updates main contrib
8 #deb-src http://security.debian.org/ jessie/updates main contrib
8 #deb-src http://security.debian.org/ stretch/updates main contrib
Show file before | Show file after | Hide comments
@@ -66,3 +66,11 EOF2
66 partprobe &&
66 partprobe &&
67 resize2fs /dev/${ROOT_PART} &&
67 resize2fs /dev/${ROOT_PART} &&
68 logger -t "rc.firstboot" "Root partition successfully resized."
68 logger -t "rc.firstboot" "Root partition successfully resized."
69
70 # Restart dphys-swapfile service if it exists
71 if systemctl list-units | grep -q dphys-swapfile ; then
72 if systemctl is-enabled dphys-swapfile ; then
73 logger -t "rc.firstboot" "Restarting dphys-swapfile"
74 systemctl restart dphys-swapfile
75 fi
76 fi
Show file before | Show file after | Hide comments
@@ -8,6 +8,7 INITRAMFS_UBOOT="${INITRAMFS}.uboot"
8 # Extract kernel arch
8 # Extract kernel arch
9 case "${KERNEL_ARCH}" in
9 case "${KERNEL_ARCH}" in
10 arm*) KERNEL_ARCH=arm ;;
10 arm*) KERNEL_ARCH=arm ;;
11 aarch64) KERNEL_ARCH=arm64 ;;
11 esac
12 esac
12
13
13 # Regenerate initramfs
14 # Regenerate initramfs
Show file before | Show file after | Hide comments
@@ -3,6 +3,17
3 cleanup (){
3 cleanup (){
4 set +x
4 set +x
5 set +e
5 set +e
6
7 # Remove exports from nexmon
8 unset KERNEL
9 unset ARCH
10 unset SUBARCH
11 unset CCPLUGIN
12 unset ZLIBFLATE
13 unset Q
14 unset NEXMON_SETUP_ENV
15 unset HOSTUNAME
16 unset PLATFORMUNAME
6
17
7 # Identify and kill all processes still using files
18 # Identify and kill all processes still using files
8 echo "killing processes using mount point ..."
19 echo "killing processes using mount point ..."
@@ -63,15 +74,43 chroot_install_cc() {
63 # Install c/c++ build environment inside the chroot
74 # Install c/c++ build environment inside the chroot
64 if [ -z "${COMPILER_PACKAGES}" ] ; then
75 if [ -z "${COMPILER_PACKAGES}" ] ; then
65 COMPILER_PACKAGES=$(chroot_exec apt-get -s install g++ make bc | grep "^Inst " | awk -v ORS=" " '{ print $2 }')
76 COMPILER_PACKAGES=$(chroot_exec apt-get -s install g++ make bc | grep "^Inst " | awk -v ORS=" " '{ print $2 }')
66 # Install COMPILER_PACKAGES in chroot
77 # Install COMPILER_PACKAGES in chroot - NEVER do "${COMPILER_PACKAGES}" -> breaks uboot
67 chroot_exec apt-get -q -y --allow-unauthenticated --no-install-recommends install "${COMPILER_PACKAGES}"
78 chroot_exec apt-get -q -y --allow-unauthenticated --no-install-recommends install ${COMPILER_PACKAGES}
68 fi
79 fi
69 }
80 }
70
81
71 chroot_remove_cc() {
82 chroot_remove_cc() {
72 # Remove c/c++ build environment from the chroot
83 # Remove c/c++ build environment from the chroot
73 if [ -n "${COMPILER_PACKAGES}" ] ; then
84 if [ -n "${COMPILER_PACKAGES}" ] ; then
74 chroot_exec apt-get -qq -y --auto-remove purge "${COMPILER_PACKAGES}"
85 chroot_exec apt-get -qq -y --auto-remove purge ${COMPILER_PACKAGES}
75 COMPILER_PACKAGES=""
86 COMPILER_PACKAGES=""
76 fi
87 fi
77 }
88 }
89
90 # https://serverfault.com/a/682849 - converts e.g. /24 to 255.255.255.0
91 cdr2mask ()
92 {
93 # Number of args to shift, 255..255, first non-255 byte, zeroes
94 set -- $(( 5 - ($1 / 8) )) 255 255 255 255 $(( (255 << (8 - ($1 % 8))) & 255 )) 0 0 0
95 [ $1 -gt 1 ] && shift $1 || shift
96 echo ${1-0}.${2-0}.${3-0}.${4-0}
97 }
98
99 # GPL v2.0 - #https://github.com/sakaki-/bcmrpi3-kernel-bis/blob/master/conform_config.sh
100 set_kernel_config() {
101 # flag as $1, value to set as $2, config must exist at "./.config"
102 TGT="CONFIG_${1#CONFIG_}"
103 REP="${2}"
104 if grep -q "^${TGT}[^_]" .config; then
105 sed -i "s/^\(${TGT}=.*\|# ${TGT} is not set\)/${TGT}=${REP}/" .config
106 else
107 echo "${TGT}"="${2}" >> .config
108 fi
109 }
110
111 # unset kernel config parameter
112 unset_kernel_config() {
113 # unsets flag with the value of $1, config must exist at "./.config"
114 TGT="CONFIG_${1#CONFIG_}"
115 sed -i "s/^${TGT}=.*/# ${TGT} is not set/" .config
116 } No newline at end of file
Show file before | Show file after | Hide comments
@@ -57,6 +57,20 FBTURBO_URL=${FBTURBO_URL:=https://github.com/ssvb/xf86-video-fbturbo.git}
57 UBOOT_URL=${UBOOT_URL:=https://git.denx.de/u-boot.git}
57 UBOOT_URL=${UBOOT_URL:=https://git.denx.de/u-boot.git}
58 VIDEOCORE_URL=${VIDEOCORE_URL:=https://github.com/raspberrypi/userland}
58 VIDEOCORE_URL=${VIDEOCORE_URL:=https://github.com/raspberrypi/userland}
59 BLUETOOTH_URL=${BLUETOOTH_URL:=https://github.com/RPi-Distro/pi-bluetooth.git}
59 BLUETOOTH_URL=${BLUETOOTH_URL:=https://github.com/RPi-Distro/pi-bluetooth.git}
60 NEXMON_URL=${NEXMON_URL:=https://github.com/seemoo-lab/nexmon.git}
61 SYSTEMDSWAP_URL=${SYSTEMDSWAP_URL:=https://github.com/Nefelim4ag/systemd-swap.git}
62
63 # Kernel deb packages for 32bit kernel
64 RPI_32_KERNEL_URL=${RPI_32_KERNEL_URL:=https://github.com/hypriot/rpi-kernel/releases/download/v4.14.34/raspberrypi-kernel_20180422-141901_armhf.deb}
65 RPI_32_KERNELHEADER_URL=${RPI_32_KERNELHEADER_URL:=https://github.com/hypriot/rpi-kernel/releases/download/v4.14.34/raspberrypi-kernel-headers_20180422-141901_armhf.deb}
66 # Kernel has KVM and zswap enabled - use if KERNEL_* parameters and precompiled kernel are used
67 RPI3_64_BIS_KERNEL_URL=${RPI3_64_BIS_KERNEL_URL:=https://github.com/sakaki-/bcmrpi3-kernel-bis/releases/download/4.14.80.20181113/bcmrpi3-kernel-bis-4.14.80.20181113.tar.xz}
68 # Default precompiled 64bit kernel
69 RPI3_64_DEF_KERNEL_URL=${RPI3_64_DEF_KERNEL_URL:=https://github.com/sakaki-/bcmrpi3-kernel/releases/download/4.14.80.20181113/bcmrpi3-kernel-4.14.80.20181113.tar.xz}
70 # Generic
71 RPI3_64_KERNEL_URL=${RPI3_64_KERNEL_URL:=$RPI3_64_DEF_KERNEL_URL}
72 # Kali kernel src - used if ENABLE_NEXMON=true (they patch the wlan kernel modul)
73 KALI_KERNEL_URL=${KALI_KERNEL_URL:=https://github.com/Re4son/re4son-raspberrypi-linux.git}
60
74
61 # Build directories
75 # Build directories
62 WORKDIR=$(pwd)
76 WORKDIR=$(pwd)
@@ -105,6 +119,7 NET_NTP_2=${NET_NTP_2:=""}
105 # APT settings
119 # APT settings
106 APT_PROXY=${APT_PROXY:=""}
120 APT_PROXY=${APT_PROXY:=""}
107 APT_SERVER=${APT_SERVER:="ftp.debian.org"}
121 APT_SERVER=${APT_SERVER:="ftp.debian.org"}
122 KEEP_APT_PROXY=${KEEP_APT_PROXY:=false}
108
123
109 # Feature settings
124 # Feature settings
110 ENABLE_PRINTK=${ENABLE_PRINTK:=false}
125 ENABLE_PRINTK=${ENABLE_PRINTK:=false}
@@ -138,19 +153,26 SSH_ROOT_PUB_KEY=${SSH_ROOT_PUB_KEY:=""}
138 SSH_USER_PUB_KEY=${SSH_USER_PUB_KEY:=""}
153 SSH_USER_PUB_KEY=${SSH_USER_PUB_KEY:=""}
139
154
140 # Advanced settings
155 # Advanced settings
156 ENABLE_SYSTEMDSWAP=${ENABLE_SYSTEMDSWAP:=false}
141 ENABLE_MINBASE=${ENABLE_MINBASE:=false}
157 ENABLE_MINBASE=${ENABLE_MINBASE:=false}
142 ENABLE_REDUCE=${ENABLE_REDUCE:=false}
158 ENABLE_REDUCE=${ENABLE_REDUCE:=false}
143 ENABLE_UBOOT=${ENABLE_UBOOT:=false}
159 ENABLE_UBOOT=${ENABLE_UBOOT:=false}
144 UBOOTSRC_DIR=${UBOOTSRC_DIR:=""}
160 UBOOTSRC_DIR=${UBOOTSRC_DIR:=""}
161 ENABLE_UBOOTUSB=${ENABLE_UBOOTUSB=false}
145 ENABLE_FBTURBO=${ENABLE_FBTURBO:=false}
162 ENABLE_FBTURBO=${ENABLE_FBTURBO:=false}
146 ENABLE_VIDEOCORE=${ENABLE_VIDEOCORE:=false}
163 ENABLE_VIDEOCORE=${ENABLE_VIDEOCORE:=false}
164 ENABLE_NEXMON=${ENABLE_NEXMON:=false}
147 VIDEOCORESRC_DIR=${VIDEOCORESRC_DIR:=""}
165 VIDEOCORESRC_DIR=${VIDEOCORESRC_DIR:=""}
148 FBTURBOSRC_DIR=${FBTURBOSRC_DIR:=""}
166 FBTURBOSRC_DIR=${FBTURBOSRC_DIR:=""}
167 NEXMONSRC_DIR=${NEXMONSRC_DIR:=""}
149 ENABLE_HARDNET=${ENABLE_HARDNET:=false}
168 ENABLE_HARDNET=${ENABLE_HARDNET:=false}
150 ENABLE_IPTABLES=${ENABLE_IPTABLES:=false}
169 ENABLE_IPTABLES=${ENABLE_IPTABLES:=false}
151 ENABLE_SPLITFS=${ENABLE_SPLITFS:=false}
170 ENABLE_SPLITFS=${ENABLE_SPLITFS:=false}
152 ENABLE_INITRAMFS=${ENABLE_INITRAMFS:=false}
171 ENABLE_INITRAMFS=${ENABLE_INITRAMFS:=false}
153 ENABLE_IFNAMES=${ENABLE_IFNAMES:=true}
172 ENABLE_IFNAMES=${ENABLE_IFNAMES:=true}
173 ENABLE_SPLASH=${ENABLE_SPLASH:=true}
174 ENABLE_LOGO=${ENABLE_LOGO:=true}
175 ENABLE_SILENT_BOOT=${ENABLE_SILENT_BOOT=false}
154 DISABLE_UNDERVOLT_WARNINGS=${DISABLE_UNDERVOLT_WARNINGS:=}
176 DISABLE_UNDERVOLT_WARNINGS=${DISABLE_UNDERVOLT_WARNINGS:=}
155
177
156 # Kernel compilation settings
178 # Kernel compilation settings
@@ -162,6 +184,12 KERNEL_MENUCONFIG=${KERNEL_MENUCONFIG:=false}
162 KERNEL_REMOVESRC=${KERNEL_REMOVESRC:=true}
184 KERNEL_REMOVESRC=${KERNEL_REMOVESRC:=true}
163 KERNEL_OLDDEFCONFIG=${KERNEL_OLDDEFCONFIG:=false}
185 KERNEL_OLDDEFCONFIG=${KERNEL_OLDDEFCONFIG:=false}
164 KERNEL_CCACHE=${KERNEL_CCACHE:=false}
186 KERNEL_CCACHE=${KERNEL_CCACHE:=false}
187 KERNEL_ZSWAP=${KERNEL_ZSWAP:=false}
188 KERNEL_VIRT=${KERNEL_VIRT:=false}
189 KERNEL_BPF=${KERNEL_BPF:=false}
190 KERNEL_DEFAULT_GOV=${KERNEL_DEFAULT_GOV:=powersave}
191 KERNEL_SECURITY=${KERNEL_SECURITY:=false}
192 KERNEL_NF=${KERNEL_NF:=false}
165
193
166 # Kernel compilation from source directory settings
194 # Kernel compilation from source directory settings
167 KERNELSRC_DIR=${KERNELSRC_DIR:=""}
195 KERNELSRC_DIR=${KERNELSRC_DIR:=""}
@@ -185,6 +213,10 CRYPTFS_PASSWORD=${CRYPTFS_PASSWORD:=""}
185 CRYPTFS_MAPPING=${CRYPTFS_MAPPING:="secure"}
213 CRYPTFS_MAPPING=${CRYPTFS_MAPPING:="secure"}
186 CRYPTFS_CIPHER=${CRYPTFS_CIPHER:="aes-xts-plain64:sha512"}
214 CRYPTFS_CIPHER=${CRYPTFS_CIPHER:="aes-xts-plain64:sha512"}
187 CRYPTFS_XTSKEYSIZE=${CRYPTFS_XTSKEYSIZE:=512}
215 CRYPTFS_XTSKEYSIZE=${CRYPTFS_XTSKEYSIZE:=512}
216 #Dropbear-initramfs supports unlocking encrypted filesystem via SSH on bootup
217 CRYPTFS_DROPBEAR=${CRYPTFS_DROPBEAR:=false}
218 #Provide your own Dropbear Public RSA-OpenSSH Key otherwise it will be generated
219 CRYPTFS_DROPBEAR_PUBKEY=${CRYPTFS_DROPBEAR_PUBKEY:=""}
188
220
189 # Chroot scripts directory
221 # Chroot scripts directory
190 CHROOT_SCRIPTS=${CHROOT_SCRIPTS:=""}
222 CHROOT_SCRIPTS=${CHROOT_SCRIPTS:=""}
@@ -203,11 +235,9 MISSING_PACKAGES=""
203 # Packages installed for c/c++ build environment in chroot (keep empty)
235 # Packages installed for c/c++ build environment in chroot (keep empty)
204 COMPILER_PACKAGES=""
236 COMPILER_PACKAGES=""
205
237
206 set +x
238 # Check if apt-cacher-ng has port 3142 open and set APT_PROXY
207
239 APT_CACHER_RUNNING=$(lsof -i :3142 | cut -d ' ' -f3 | uniq | sed '/^\s*$/d')
208 #Check if apt-cacher-ng has port 3142 open and set APT_PROXY
240 if [ "${APT_CACHER_RUNNING}" = "apt-cacher-ng" ] ; then
209 APT_CACHER_RUNNING=$(lsof -i :3142 | grep apt-cacher-ng | cut -d ' ' -f3 | uniq)
210 if [ -n "${APT_CACHER_RUNNING}" ] ; then
211 APT_PROXY=http://127.0.0.1:3142/
241 APT_PROXY=http://127.0.0.1:3142/
212 fi
242 fi
213
243
@@ -258,7 +288,7 if [ -n "$SET_ARCH" ] ; then
258 CROSS_COMPILE=${CROSS_COMPILE:=arm-linux-gnueabihf-}
288 CROSS_COMPILE=${CROSS_COMPILE:=arm-linux-gnueabihf-}
259 fi
289 fi
260 fi
290 fi
261 #SET_ARCH not set
291 # SET_ARCH not set
262 else
292 else
263 echo "error: Please set '32' or '64' as value for SET_ARCH"
293 echo "error: Please set '32' or '64' as value for SET_ARCH"
264 exit 1
294 exit 1
@@ -295,12 +325,26 case "$RPI_MODEL" in
295 ;;
325 ;;
296 esac
326 esac
297
327
328 if [ "$ENABLE_UBOOTUSB" = true ] ; then
329 if [ "$ENABLE_UBOOT" = false ] ; then
330 echo "error: Enabling UBOOTUSB requires u-boot to be enabled"
331 exit 1
332 fi
333 if [ "$RPI_MODEL" != 3 ] || [ "$RPI_MODEL" != 3P ] ; then
334 echo "error: Enabling UBOOTUSB requires Raspberry 3"
335 exit 1
336 fi
337 fi
338
298 # Raspberry PI 0,3,3P with Bluetooth and Wifi onboard
339 # Raspberry PI 0,3,3P with Bluetooth and Wifi onboard
299 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then
340 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then
300 # Include bluetooth packages on supported boards
341 # Include bluetooth packages on supported boards
301 if [ "$ENABLE_BLUETOOTH" = true ] && [ "$ENABLE_CONSOLE" = false ]; then
342 if [ "$ENABLE_BLUETOOTH" = true ] ; then
302 APT_INCLUDES="${APT_INCLUDES},bluetooth,bluez"
343 APT_INCLUDES="${APT_INCLUDES},bluetooth,bluez"
303 fi
344 fi
345 if [ "$ENABLE_WIRELESS" = true ] ; then
346 APT_INCLUDES="${APT_INCLUDES},wireless-tools,crda,wireless-regdb"
347 fi
304 else # Raspberry PI 1,1P,2 without Wifi and bluetooth onboard
348 else # Raspberry PI 1,1P,2 without Wifi and bluetooth onboard
305 # Check if the internal wireless interface is not supported by the RPi model
349 # Check if the internal wireless interface is not supported by the RPi model
306 if [ "$ENABLE_WIRELESS" = true ] || [ "$ENABLE_BLUETOOTH" = true ]; then
350 if [ "$ENABLE_WIRELESS" = true ] || [ "$ENABLE_BLUETOOTH" = true ]; then
@@ -309,6 +353,11 else # Raspberry PI 1,1P,2 without Wifi and bluetooth onboard
309 fi
353 fi
310 fi
354 fi
311
355
356 if [ "$BUILD_KERNEL" = false ] && [ "$ENABLE_NEXMON" = true ]; then
357 echo "error: You have to compile kernel sources, if you want to enable nexmon"
358 exit 1
359 fi
360
312 # Prepare date string for default image file name
361 # Prepare date string for default image file name
313 DATE="$(date +%Y-%m-%d)"
362 DATE="$(date +%Y-%m-%d)"
314 if [ -z "$KERNEL_BRANCH" ] ; then
363 if [ -z "$KERNEL_BRANCH" ] ; then
@@ -330,6 +379,11 if [ "$ENABLE_VIDEOCORE" = true ] ; then
330 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} cmake"
379 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} cmake"
331 fi
380 fi
332
381
382 # Add deps for nexmon
383 if [ "$ENABLE_NEXMON" = true ] ; then
384 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} libgmp3-dev gawk qpdf bison flex make autoconf automake build-essential libtool"
385 fi
386
333 # Add libncurses5 to enable kernel menuconfig
387 # Add libncurses5 to enable kernel menuconfig
334 if [ "$KERNEL_MENUCONFIG" = true ] ; then
388 if [ "$KERNEL_MENUCONFIG" = true ] ; then
335 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} libncurses-dev"
389 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} libncurses-dev"
@@ -345,6 +399,11 if [ "$ENABLE_CRYPTFS" = true ] && [ "$BUILD_KERNEL" = true ] ; then
345 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} cryptsetup"
399 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} cryptsetup"
346 APT_INCLUDES="${APT_INCLUDES},cryptsetup,busybox,console-setup"
400 APT_INCLUDES="${APT_INCLUDES},cryptsetup,busybox,console-setup"
347
401
402 # If cryptfs,dropbear and initramfs are enabled include dropbear-initramfs package
403 if [ "$CRYPTFS_DROPBEAR" = true ] && [ "$ENABLE_INITRAMFS" = true ]; then
404 APT_INCLUDES="${APT_INCLUDES},dropbear-initramfs"
405 fi
406
348 if [ -z "$CRYPTFS_PASSWORD" ] ; then
407 if [ -z "$CRYPTFS_PASSWORD" ] ; then
349 echo "error: no password defined (CRYPTFS_PASSWORD)!"
408 echo "error: no password defined (CRYPTFS_PASSWORD)!"
350 exit 1
409 exit 1
@@ -362,14 +421,6 if [ "$ENABLE_UBOOT" = true ] ; then
362 APT_INCLUDES="${APT_INCLUDES},device-tree-compiler,bison,flex,bc"
421 APT_INCLUDES="${APT_INCLUDES},device-tree-compiler,bison,flex,bc"
363 fi
422 fi
364
423
365 if [ "$ENABLE_BLUETOOTH" = true ] ; then
366 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then
367 if [ "$ENABLE_CONSOLE" = false ] ; then
368 APT_INCLUDES="${APT_INCLUDES},bluetooth,bluez"
369 fi
370 fi
371 fi
372
373 # Check if root SSH (v2) public key file exists
424 # Check if root SSH (v2) public key file exists
374 if [ -n "$SSH_ROOT_PUB_KEY" ] ; then
425 if [ -n "$SSH_ROOT_PUB_KEY" ] ; then
375 if [ ! -f "$SSH_ROOT_PUB_KEY" ] ; then
426 if [ ! -f "$SSH_ROOT_PUB_KEY" ] ; then
@@ -386,6 +437,11 if [ -n "$SSH_USER_PUB_KEY" ] ; then
386 fi
437 fi
387 fi
438 fi
388
439
440 if [ "$ENABLE_NEXMON" = true ] && [ -n "$KERNEL_BRANCH" ] ; then
441 echo "error: Please unset KERNEL_BRANCH if using ENABLE_NEXMON"
442 exit 1
443 fi
444
389 # Check if all required packages are installed on the build system
445 # Check if all required packages are installed on the build system
390 for package in $REQUIRED_PACKAGES ; do
446 for package in $REQUIRED_PACKAGES ; do
391 if [ "$(dpkg-query -W -f='${Status}' "$package")" != "install ok installed" ] ; then
447 if [ "$(dpkg-query -W -f='${Status}' "$package")" != "install ok installed" ] ; then
@@ -442,6 +498,12 if [ -n "$FBTURBOSRC_DIR" ] && [ ! -d "$FBTURBOSRC_DIR" ] ; then
442 exit 1
498 exit 1
443 fi
499 fi
444
500
501 # Check if specified NEXMONSRC_DIR directory exists
502 if [ -n "$NEXMONSRC_DIR" ] && [ ! -d "$NEXMONSRC_DIR" ] ; then
503 echo "error: '${NEXMONSRC_DIR}' specified directory not found (NEXMONSRC_DIR)!"
504 exit 1
505 fi
506
445 # Check if specified CHROOT_SCRIPTS directory exists
507 # Check if specified CHROOT_SCRIPTS directory exists
446 if [ -n "$CHROOT_SCRIPTS" ] && [ ! -d "$CHROOT_SCRIPTS" ] ; then
508 if [ -n "$CHROOT_SCRIPTS" ] && [ ! -d "$CHROOT_SCRIPTS" ] ; then
447 echo "error: ${CHROOT_SCRIPTS} specified directory not found (CHROOT_SCRIPTS)!"
509 echo "error: ${CHROOT_SCRIPTS} specified directory not found (CHROOT_SCRIPTS)!"
@@ -493,6 +555,10 fi
493 if [ "$ENABLE_IPTABLES" = true ] ; then
555 if [ "$ENABLE_IPTABLES" = true ] ; then
494 APT_INCLUDES="${APT_INCLUDES},iptables,iptables-persistent"
556 APT_INCLUDES="${APT_INCLUDES},iptables,iptables-persistent"
495 fi
557 fi
558 # Add apparmor for KERNEL_SECURITY
559 if [ "$KERNEL_SECURITY" = true ] ; then
560 APT_INCLUDES="${APT_INCLUDES},apparmor,apparmor-utils,apparmor-profiles,apparmor-profiles-extra,libapparmor-perl"
561 fi
496
562
497 # Add openssh server package
563 # Add openssh server package
498 if [ "$ENABLE_SSHD" = true ] ; then
564 if [ "$ENABLE_SSHD" = true ] ; then
@@ -546,16 +612,6 if [ "$ENABLE_SYSVINIT" = false ] ; then
546 APT_EXCLUDES="--exclude=${APT_EXCLUDES},init,systemd-sysv"
612 APT_EXCLUDES="--exclude=${APT_EXCLUDES},init,systemd-sysv"
547 fi
613 fi
548
614
549 # Check if kernel is getting compiled
550 if [ "$BUILD_KERNEL" = false ] ; then
551 echo "Downloading precompiled kernel"
552 echo "error: not configured"
553 exit 1;
554 # BUILD_KERNEL=true
555 else
556 echo "No precompiled kernel repositories were added"
557 fi
558
559 # Configure kernel sources if no KERNELSRC_DIR
615 # Configure kernel sources if no KERNELSRC_DIR
560 if [ "$BUILD_KERNEL" = true ] && [ -z "$KERNELSRC_DIR" ] ; then
616 if [ "$BUILD_KERNEL" = true ] && [ -z "$KERNELSRC_DIR" ] ; then
561 KERNELSRC_CONFIG=true
617 KERNELSRC_CONFIG=true
@@ -623,13 +679,17 umount -l "${R}/sys"
623 rm -rf "${R}/run/*"
679 rm -rf "${R}/run/*"
624 rm -rf "${R}/tmp/*"
680 rm -rf "${R}/tmp/*"
625
681
682 # Clean up APT proxy settings
683 if [ "$KEEP_APT_PROXY" = false ] ; then
684 rm -f "${ETC_DIR}/apt/apt.conf.d/10proxy"
685 fi
686
626 # Clean up files
687 # Clean up files
627 rm -f "${ETC_DIR}/ssh/ssh_host_*"
688 rm -f "${ETC_DIR}/ssh/ssh_host_*"
628 rm -f "${ETC_DIR}/dropbear/dropbear_*"
689 rm -f "${ETC_DIR}/dropbear/dropbear_*"
629 rm -f "${ETC_DIR}/apt/sources.list.save"
690 rm -f "${ETC_DIR}/apt/sources.list.save"
630 rm -f "${ETC_DIR}/resolvconf/resolv.conf.d/original"
691 rm -f "${ETC_DIR}/resolvconf/resolv.conf.d/original"
631 rm -f "${ETC_DIR}/*-"
692 rm -f "${ETC_DIR}/*-"
632 rm -f "${ETC_DIR}/apt/apt.conf.d/10proxy"
633 rm -f "${ETC_DIR}/resolv.conf"
693 rm -f "${ETC_DIR}/resolv.conf"
634 rm -f "${R}/root/.bash_history"
694 rm -f "${R}/root/.bash_history"
635 rm -f "${R}/var/lib/urandom/random-seed"
695 rm -f "${R}/var/lib/urandom/random-seed"
General Comments 0
Vous devez vous connecter pour laisser un commentaire. Se connecter maintenant