##// END OF EJS Templates
Raspi2-3_GenImage
RSS

Cloner depuis https://github.com/drtyhlpr/rpi23-gen-image.git

Merge pull request #11 from drtyhlpr/testing...
burnbabyburn -
r565:d3e5933b04da Fusion
parent child
Show More
Show file before | Show file after | Hide comments
@@ -0,0 +1,97
1 #!/bin/sh
2 #
3 # Build and Setup nexmon with monitor mode patch
4 #
5
6 # Load utility functions
7 . ./functions.sh
8
9 if [ "$ENABLE_NEXMON" = true ] && [ "$ENABLE_WIRELESS" = true ]; then
10 # Copy existing nexmon sources into chroot directory
11 if [ -n "$NEXMONSRC_DIR" ] && [ -d "$NEXMONSRC_DIR" ] ; then
12 # Copy local U-Boot sources
13 cp -r "${NEXMONSRC_DIR}" "${R}/tmp"
14 else
15 # Create temporary directory for nexmon sources
16 temp_dir=$(as_nobody mktemp -d)
17
18 # Fetch nexmon sources
19 as_nobody git -C "${temp_dir}" clone "${NEXMON_URL}"
20
21 # Copy downloaded nexmon sources
22 mv "${temp_dir}/nexmon" "${R}"/tmp/
23
24 # Set permissions of the nexmon sources
25 chown -R root:root "${R}"/tmp/nexmon
26
27 # Remove temporary directory for nexmon sources
28 rm -fr "${temp_dir}"
29 fi
30
31 # Set script Root
32 export NEXMON_ROOT="${R}"/tmp/nexmon
33
34 # Build nexmon firmware outside the build system, if we can.
35 cd "${NEXMON_ROOT}" || exit
36
37 # Make ancient isl build
38 cd buildtools/isl-0.10 || exit
39 ./configure
40 make
41 cd ../.. || exit
42
43 # Disable statistics
44 touch DISABLE_STATISTICS
45
46 # Setup Enviroment: see https://github.com/NoobieDog/nexmon/blob/master/setup_env.sh
47 export KERNEL="${KERNEL_IMAGE}"
48 export ARCH=arm
49 export SUBARCH=arm
50 export CC="${NEXMON_ROOT}"/buildtools/gcc-arm-none-eabi-5_4-2016q2-linux-x86/bin/arm-none-eabi-
51 export CC="${CC}"gcc
52 export CCPLUGIN="${NEXMON_ROOT}"/buildtools/gcc-nexmon-plugin/nexmon.so
53 export ZLIBFLATE="zlib-flate -compress"
54 export Q=@
55 export NEXMON_SETUP_ENV=1
56 export HOSTUNAME=$(uname -s)
57 export PLATFORMUNAME=$(uname -m)
58
59 # Make nexmon
60 make
61
62 # build patches
63 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 3 ] ; then
64 cd "${NEXMON_ROOT}"/patches/bcm43430a1/7_45_41_46/nexmon || exit
65 sed -i -e 's/all:.*/all: $(RAM_FILE)/g' ${NEXMON_ROOT}/patches/bcm43430a1/7_45_41_46/nexmon/Makefile
66 make clean
67
68 # We do this so we don't have to install the ancient isl version into /usr/local/lib on systems.
69 LD_LIBRARY_PATH="${NEXMON_ROOT}"/buildtools/isl-0.10/.libs make ARCH="${KERNEL_ARCH}" CC="${NEXMON_ROOT}"/buildtools/gcc-arm-none-eabi-5_4-2016q2-linux-x86/bin/arm-none-eabi-
70
71 # copy RPi0W & RPi3 firmware
72 mv "${WLAN_FIRMWARE_DIR}"/brcmfmac43430-sdio.bin "${WLAN_FIRMWARE_DIR}"/brcmfmac43430-sdio.org.bin
73 cp "${NEXMON_ROOT}"/patches/bcm43430a1/7_45_41_46/nexmon/brcmfmac43430-sdio.bin "${WLAN_FIRMWARE_DIR}"/brcmfmac43430-sdio.nexmon.bin
74 cp -f "${NEXMON_ROOT}"/patches/bcm43430a1/7_45_41_46/nexmon/brcmfmac43430-sdio.bin "${WLAN_FIRMWARE_DIR}"/brcmfmac43430-sdio.bin
75 fi
76
77 if [ "$RPI_MODEL" = 3P ] ; then
78 cd "${NEXMON_ROOT}"/patches/bcm43455c0/7_45_154/nexmon || exit
79 sed -i -e 's/all:.*/all: $(RAM_FILE)/g' ${NEXMON_ROOT}/patches/bcm43455c0/7_45_154/nexmon/Makefile
80 make clean
81
82 # We do this so we don't have to install the ancient isl version into /usr/local/lib on systems.
83 LD_LIBRARY_PATH=${NEXMON_ROOT}/buildtools/isl-0.10/.libs make ARCH="${KERNEL_ARCH}" CC="${NEXMON_ROOT}"/buildtools/gcc-arm-none-eabi-5_4-2016q2-linux-x86/bin/arm-none-eabi-
84
85 # RPi3B+ firmware
86 mv "${WLAN_FIRMWARE_DIR}"/brcmfmac43455-sdio.bin "${WLAN_FIRMWARE_DIR}"/brcmfmac43455-sdio.org.bin
87 cp "${NEXMON_ROOT}"/patches/bcm43455c0/7_45_154/nexmon/brcmfmac43455-sdio.bin "${WLAN_FIRMWARE_DIR}"/brcmfmac43455-sdio.nexmon.bin
88 cp -f "${NEXMON_ROOT}"/patches/bcm43455c0/7_45_154/nexmon/brcmfmac43455-sdio.bin "${WLAN_FIRMWARE_DIR}"/brcmfmac43455-sdio.bin
89 fi
90
91 #Revert to previous directory
92 cd "${WORKDIR}" || exit
93
94 # Remove nexmon sources
95 rm -fr "${NEXMON_ROOT}"
96
97 fi
Show file before | Show file after | Hide comments
@@ -0,0 +1,45
1 #!/bin/sh
2
3 PREREQ="dropbear"
4
5 prereqs() {
6 echo "$PREREQ"
7 }
8
9 case "$1" in
10 prereqs)
11 prereqs
12 exit 0
13 ;;
14 esac
15
16 . "${CONFDIR}/initramfs.conf"
17 . /usr/share/initramfs-tools/hook-functions
18
19 if [ "${DROPBEAR}" != "n" ] && [ -r "/etc/crypttab" ] ; then
20 cat > "${DESTDIR}/bin/unlock" << EOF
21 #!/bin/sh
22 if PATH=/lib/unlock:/bin:/sbin /scripts/local-top/cryptroot; then
23 kill \`ps | grep cryptroot | grep -v "grep" | awk '{print \$1}'\`
24 # following line kill the remote shell right after the passphrase has
25 # been entered.
26 kill -9 \`ps | grep "\-sh" | grep -v "grep" | awk '{print \$1}'\`
27 exit 0
28 fi
29 exit 1
30 EOF
31
32 chmod 755 "${DESTDIR}/bin/unlock"
33
34 mkdir -p "${DESTDIR}/lib/unlock"
35 cat > "${DESTDIR}/lib/unlock/plymouth" << EOF
36 #!/bin/sh
37 [ "\$1" == "--ping" ] && exit 1
38 /bin/plymouth "\$@"
39 EOF
40
41 chmod 755 "${DESTDIR}/lib/unlock/plymouth"
42
43 echo To unlock root-partition run "unlock" >> ${DESTDIR}/etc/motd
44
45 fi No newline at end of file
Show file before | Show file after | Hide comments
@@ -48,6 +48,9 Set Debian packages server address. Choose a server from the list of Debian worl
48 48 ##### `APT_PROXY`=""
49 49 Set Proxy server address. Using a local Proxy-Cache like `apt-cacher-ng` will speed-up the bootstrapping process because all required Debian packages will only be downloaded from the Debian mirror site once. If `apt-cacher-ng` is running on default `http://127.0.0.1:3142` it is autodetected and you don't need to set this.
50 50
51 ##### `KEEP_APT_PROXY`=false
52 Keep the APT_PROXY settings used in the bootsrapping process in the generated image.
53
51 54 ##### `APT_INCLUDES`=""
52 55 A comma-separated list of additional packages to be installed by debootstrap during bootstrapping.
53 56
@@ -210,6 +213,9 Support for halt,init,poweroff,reboot,runlevel,shutdown,telinit commands
210 213 ---
211 214
212 215 #### Advanced system features:
216 ##### `ENABLE_SYSTEMDSWAP`=false
217 Enables [Systemd-swap service](https://github.com/Nefelim4ag/systemd-swap). Usefull if `KERNEL_ZSWAP` is enabled.
218
213 219 ##### `ENABLE_MINBASE`=false
214 220 Use debootstrap script variant `minbase` which only includes essential packages and apt. This will reduce the disk usage by about 65 MB.
215 221
@@ -234,6 +240,12 Install and enable the [ARM side libraries for interfacing to Raspberry Pi GPU](
234 240 ##### `VIDEOCORESRC_DIR`=""
235 241 Path to a directory (`userland`) of [ARM side libraries for interfacing to Raspberry Pi GPU](https://github.com/raspberrypi/userland) that will be copied, configured, build and installed inside the chroot.
236 242
243 ##### `ENABLE_NEXMON`=false
244 Install and enable the [Source code for a C-based firmware patching framework for Broadcom/Cypress WiFi chips that enables you to write your own firmware patches, for example, to enable monitor mode with radiotap headers and frame injection](https://github.com/seemoo-lab/nexmon.git).
245
246 ##### `NEXMONSRC_DIR`=""
247 Path to a directory (`nexmon`) of [Source code for ARM side libraries for interfacing to Raspberry Pi GPU](https://github.com/raspberrypi/userland) that will be copied, configured, build and installed inside the chroot.
248
237 249 ##### `ENABLE_IPTABLES`=false
238 250 Enable iptables IPv4/IPv6 firewall. Simplified ruleset: Allow all outgoing connections. Block all incoming connections except to OpenSSH service.
239 251
@@ -261,6 +273,15 Create an initramfs that that will be loaded during the Linux startup process. `
261 273 ##### `ENABLE_IFNAMES`=true
262 274 Enable automatic assignment of predictable, stable network interface names for all local Ethernet, WLAN interfaces. This might create complex and long interface names.
263 275
276 ##### `ENABLE_SPLASH`=true
277 Enable default Raspberry Pi boot up rainbow splash screen.
278
279 ##### `ENABLE_LOGO`=true
280 Enable default Raspberry Pi console logo (image of four raspberries in the top left corner).
281
282 ##### `ENABLE_SILENT_BOOT`=false
283 Set the verbosity of console messages shown during boot up to a strict minimum.
284
264 285 ##### `DISABLE_UNDERVOLT_WARNINGS`=
265 286 Disable RPi2/3 under-voltage warnings and overlays. Setting the parameter to `1` will disable the warning overlay. Setting it to `2` will additionally allow RPi2/3 turbo mode when low-voltage is present.
266 287
@@ -345,6 +366,23 With this parameter set to true the script expects the existing kernel sources d
345 366 ##### `RPI_FIRMWARE_DIR`=""
346 367 The directory (`firmware`) containing a local copy of the firmware from the [RaspberryPi firmware project](https://github.com/raspberrypi/firmware). Default is to download the latest firmware directly from the project.
347 368
369 ##### `KERNEL_DEFAULT_GOV`="ONDEMAND"
370 Set the default cpu governor at kernel compilation. Supported values are: PERFORMANCE POWERSAVE USERSPACE ONDEMAND CONSERVATIVE SCHEDUTIL
371
372 ##### `KERNEL_NF`=false
373 Enable Netfilter modules as kernel modules
374
375 ##### `KERNEL_VIRT`=false
376 Enable Kernel KVM support (/dev/kvm)
377
378 ##### `KERNEL_ZSWAP`=false
379 Enable Kernel Zswap support. Best use on high RAM load and mediocre CPU load usecases
380
381 ##### `KERNEL_BPF`=true
382 Allow attaching eBPF programs to a cgroup using the bpf syscall (CONFIG_BPF_SYSCALL CONFIG_CGROUP_BPF) [systemd compilations about it - File /lib/systemd/system/systemd-journald.server:36 configures an IP firewall (IPAddressDeny=all), but the local system does not support BPF/cgroup based firewalls]
383
384 ##### `KERNEL_SECURITY`=false
385 Enables Apparmor, integrity subsystem, auditing
348 386 ---
349 387
350 388 #### Reduce disk usage:
@@ -392,6 +430,12 Set cipher specification string. `aes-xts*` ciphers are strongly recommended.
392 430 ##### `CRYPTFS_XTSKEYSIZE`=512
393 431 Sets key size in bits. The argument has to be a multiple of 8.
394 432
433 ##### `CRYPTFS_DROPBEAR`=false
434 Enable Dropbear Initramfs support
435
436 ##### `CRYPTFS_DROPBEAR_PUBKEY`=""
437 Provide path to dropbear Public RSA-OpenSSH Key
438
395 439 ---
396 440
397 441 #### Build settings:
Show file before | Show file after | Hide comments
@@ -11,6 +11,13 if [ -z "$APT_PROXY" ] ; then
11 11 sed -i "s/\"\"/\"${APT_PROXY}\"/" "${ETC_DIR}/apt/apt.conf.d/10proxy"
12 12 fi
13 13
14 # Install APT sources.list
15 install_readonly files/apt/sources.list "${ETC_DIR}/apt/sources.list"
16
17 # Use specified APT server and release
18 sed -i "s/\/ftp.debian.org\//\/${APT_SERVER}\//" "${ETC_DIR}/apt/sources.list"
19 sed -i "s/ stretch/ ${RELEASE}/" "${ETC_DIR}/apt/sources.list"
20
14 21 # Upgrade package index and update all installed packages and changed dependencies
15 22 chroot_exec apt-get -qq -y update
16 23 chroot_exec apt-get -qq -y -u dist-upgrade
Show file before | Show file after | Hide comments
@@ -5,6 +5,14
5 5 # Load utility functions
6 6 . ./functions.sh
7 7
8 # Need to use kali kernel src if nexmon is enabled
9 if [ "$ENABLE_NEXMON" = true ] ; then
10 KERNEL_URL="${KALI_KERNEL_URL}"
11 # Clear Branch and KernelSRC_DIR if using nexmon. Everyone will forget to clone kali kernel instead of nomrla kernel
12 KERNEL_BRANCH=""
13 KERNELSRC_DIR=""
14 fi
15
8 16 # Fetch and build latest raspberry kernel
9 17 if [ "$BUILD_KERNEL" = true ] ; then
10 18 # Setup source directory
@@ -87,6 +95,283 if [ "$BUILD_KERNEL" = true ] ; then
87 95 # Load default raspberry kernel configuration
88 96 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" "${KERNEL_DEFCONFIG}"
89 97
98 #Switch to KERNELSRC_DIR so we can use set_kernel_config
99 cd "${KERNEL_DIR}" || exit
100
101 # enable ZSWAP see https://askubuntu.com/a/472227 or https://wiki.archlinux.org/index.php/zswap
102 if [ "$KERNEL_ZSWAP" = true ] ; then
103 set_kernel_config CONFIG_ZPOOL y
104 set_kernel_config CONFIG_ZSWAP y
105 set_kernel_config CONFIG_ZBUD y
106 set_kernel_config CONFIG_Z3FOLD y
107 set_kernel_config CONFIG_ZSMALLOC y
108 set_kernel_config CONFIG_PGTABLE_MAPPING y
109 set_kernel_config CONFIG_LZO_COMPRESS y
110 fi
111
112 # enable basic KVM support; see https://www.raspberrypi.org/forums/viewtopic.php?f=63&t=210546&start=25#p1300453
113 if [ "$KERNEL_VIRT" = true ] && { [ "$RPI_MODEL" = 2 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; } ; then
114 set_kernel_config CONFIG_HAVE_KVM_IRQCHIP y
115 set_kernel_config CONFIG_HAVE_KVM_ARCH_TLB_FLUSH_ALL y
116 set_kernel_config CONFIG_HAVE_KVM_CPU_RELAX_INTERCEPT y
117 set_kernel_config CONFIG_HAVE_KVM_EVENTFD y
118 set_kernel_config CONFIG_HAVE_KVM_IRQFD y
119 set_kernel_config CONFIG_HAVE_KVM_IRQ_ROUTING y
120 set_kernel_config CONFIG_HAVE_KVM_MSI y
121 set_kernel_config CONFIG_KVM y
122 set_kernel_config CONFIG_KVM_ARM_HOST y
123 set_kernel_config CONFIG_KVM_ARM_PMU y
124 set_kernel_config CONFIG_KVM_COMPAT y
125 set_kernel_config CONFIG_KVM_GENERIC_DIRTYLOG_READ_PROTECT y
126 set_kernel_config CONFIG_KVM_MMIO y
127 set_kernel_config CONFIG_KVM_VFIO y
128 set_kernel_config CONFIG_VHOST m
129 set_kernel_config CONFIG_VHOST_CROSS_ENDIAN_LEGACY y
130 set_kernel_config CONFIG_VHOST_NET m
131 set_kernel_config CONFIG_VIRTUALIZATION y
132
133 set_kernel_config CONFIG_MMU_NOTIFIER y
134
135 # erratum
136 set_kernel_config ARM64_ERRATUM_834220 y
137
138 # https://sourceforge.net/p/kvm/mailman/message/18440797/
139 set_kernel_config CONFIG_PREEMPT_NOTIFIERS y
140 fi
141
142 # enable apparmor,integrity audit,
143 if [ "$KERNEL_SECURITY" = true ] ; then
144
145 # security filesystem, security models and audit
146 set_kernel_config CONFIG_SECURITYFS y
147 set_kernel_config CONFIG_SECURITY y
148 set_kernel_config CONFIG_AUDIT y
149
150 # harden strcpy and memcpy
151 set_kernel_config CONFIG_HARDENED_USERCOPY=y
152 set_kernel_config CONFIG_HAVE_HARDENED_USERCOPY_ALLOCATOR=y
153 set_kernel_config CONFIG_FORTIFY_SOURCE=y
154
155 # integrity sub-system
156 set_kernel_config CONFIG_INTEGRITY=y
157 set_kernel_config CONFIG_INTEGRITY_ASYMMETRIC_KEYS=y
158 set_kernel_config CONFIG_INTEGRITY_AUDIT=y
159 set_kernel_config CONFIG_INTEGRITY_SIGNATURE=y
160 set_kernel_config CONFIG_INTEGRITY_TRUSTED_KEYRING=y
161
162 # This option provides support for retaining authentication tokens and access keys in the kernel.
163 set_kernel_config CONFIG_KEYS=y
164 set_kernel_config CONFIG_KEYS_COMPAT=y
165
166 # Apparmor
167 set_kernel_config CONFIG_SECURITY_APPARMOR_BOOTPARAM_VALUE 0
168 set_kernel_config CONFIG_SECURITY_APPARMOR_HASH_DEFAULT y
169 set_kernel_config CONFIG_DEFAULT_SECURITY_APPARMOR y
170 set_kernel_config CONFIG_SECURITY_APPARMOR y
171 set_kernel_config CONFIG_SECURITY_APPARMOR_HASH y
172 set_kernel_config CONFIG_DEFAULT_SECURITY "apparmor"
173
174 # restrictions on unprivileged users reading the kernel
175 set_kernel_config CONFIG_SECURITY_DMESG_RESTRICT=y
176
177 # network security hooks
178 set_kernel_config CONFIG_SECURITY_NETWORK y
179 set_kernel_config CONFIG_SECURITY_NETWORK_XFRM=y
180 set_kernel_config CONFIG_SECURITY_PATH=y
181 set_kernel_config CONFIG_SECURITY_YAMA=y
182
183 # New Options
184 if [ "$KERNEL_NF" = true ] ; then
185 set_kernel_config CONFIG_IP_NF_SECURITY m
186 set_kernel_config CONFIG_NETLABEL y
187 set_kernel_config CONFIG_IP6_NF_SECURITY m
188 fi
189 set_kernel_config CONFIG_SECURITY_SELINUX n
190 set_kernel_config CONFIG_SECURITY_SMACK n
191 set_kernel_config CONFIG_SECURITY_TOMOYO n
192 set_kernel_config CONFIG_SECURITY_APPARMOR_DEBUG n
193 set_kernel_config CONFIG_SECURITY_LOADPIN n
194 set_kernel_config CONFIG_HARDENED_USERCOPY_PAGESPAN n
195 set_kernel_config CONFIG_IMA n
196 set_kernel_config CONFIG_EVM n
197 set_kernel_config CONFIG_FANOTIFY_ACCESS_PERMISSIONS y
198 set_kernel_config CONFIG_NFSD_V4_SECURITY_LABEL y
199 set_kernel_config CONFIG_PKCS7_MESSAGE_PARSER y
200 set_kernel_config CONFIG_SYSTEM_TRUSTED_KEYRING y
201 set_kernel_config CONFIG_SYSTEM_TRUSTED_KEYS y
202 set_kernel_config CONFIG_SYSTEM_EXTRA_CERTIFICATE y
203 set_kernel_config CONFIG_SECONDARY_TRUSTED_KEYRING y
204 set_kernel_config CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY n
205 set_kernel_config CONFIG_SYSTEM_TRUSTED_KEYS m
206 set_kernel_config CONFIG_SYSTEM_EXTRA_CERTIFICATE_SIZE 4096
207
208 set_kernel_config CONFIG_ARM64_CRYPTO y
209 set_kernel_config CONFIG_CRYPTO_SHA256_ARM64 m
210 set_kernel_config CONFIG_CRYPTO_SHA512_ARM64 m
211 set_kernel_config CONFIG_CRYPTO_SHA1_ARM64_CE m
212 set_kernel_config CRYPTO_GHASH_ARM64_CE m
213 set_kernel_config CRYPTO_SHA2_ARM64_CE m
214 set_kernel_config CONFIG_CRYPTO_CRCT10DIF_ARM64_CE m
215 set_kernel_config CONFIG_CRYPTO_CRC32_ARM64_CE m
216 set_kernel_config CONFIG_CRYPTO_AES_ARM64 m
217 set_kernel_config CONFIG_CRYPTO_AES_ARM64_CE m
218 set_kernel_config CONFIG_CRYPTO_AES_ARM64_CE_CCM y
219 set_kernel_config CONFIG_CRYPTO_AES_ARM64_CE_BLK y
220 set_kernel_config CONFIG_CRYPTO_AES_ARM64_NEON_BLK m
221 set_kernel_config CONFIG_CRYPTO_CHACHA20_NEON m
222 set_kernel_config CONFIG_CRYPTO_AES_ARM64_BS m
223 set_kernel_config SYSTEM_TRUSTED_KEYS
224 fi
225
226 # Netfilter kernel support See https://github.com/raspberrypi/linux/issues/2177#issuecomment-354647406
227 if [ "$KERNEL_NF" = true ] ; then
228 set_kernel_config CONFIG_IP_NF_TARGET_SYNPROXY m
229 set_kernel_config CONFIG_NETFILTER_XT_TARGET_AUDIT m
230 set_kernel_config CONFIG_NETFILTER_XT_MATCH_CGROUP m
231 set_kernel_config CONFIG_NETFILTER_XT_MATCH_IPCOMP m
232 set_kernel_config CONFIG_NETFILTER_XT_MATCH_SOCKET m
233 set_kernel_config CONFIG_NFT_FIB_INET m
234 set_kernel_config CONFIG_NFT_FIB_IPV4 m
235 set_kernel_config CONFIG_NFT_FIB_IPV6 m
236 set_kernel_config CONFIG_NFT_FIB_NETDEV m
237 set_kernel_config CONFIG_NFT_OBJREF m
238 set_kernel_config CONFIG_NFT_RT m
239 set_kernel_config CONFIG_NFT_SET_BITMAP m
240 set_kernel_config CONFIG_NF_CONNTRACK_TIMEOUT y
241 set_kernel_config CONFIG_NF_LOG_ARP m
242 set_kernel_config CONFIG_NF_SOCKET_IPV4 m
243 set_kernel_config CONFIG_NF_SOCKET_IPV6 m
244 set_kernel_config CONFIG_BRIDGE_EBT_BROUTE m
245 set_kernel_config CONFIG_BRIDGE_EBT_T_FILTER m
246 set_kernel_config CONFIG_BRIDGE_NF_EBTABLES m
247 set_kernel_config CONFIG_IP6_NF_IPTABLES m
248 set_kernel_config CONFIG_IP6_NF_MATCH_AH m
249 set_kernel_config CONFIG_IP6_NF_MATCH_EUI64 m
250 set_kernel_config CONFIG_IP6_NF_NAT m
251 set_kernel_config CONFIG_IP6_NF_TARGET_MASQUERADE m
252 set_kernel_config CONFIG_IP6_NF_TARGET_NPT m
253 set_kernel_config CONFIG_IP_NF_SECURITY m
254 set_kernel_config CONFIG_IP_SET_BITMAP_IPMAC m
255 set_kernel_config CONFIG_IP_SET_BITMAP_PORT m
256 set_kernel_config CONFIG_IP_SET_HASH_IP m
257 set_kernel_config CONFIG_IP_SET_HASH_IPMARK m
258 set_kernel_config CONFIG_IP_SET_HASH_IPPORT m
259 set_kernel_config CONFIG_IP_SET_HASH_IPPORTIP m
260 set_kernel_config CONFIG_IP_SET_HASH_IPPORTNET m
261 set_kernel_config CONFIG_IP_SET_HASH_MAC m
262 set_kernel_config CONFIG_IP_SET_HASH_NET m
263 set_kernel_config CONFIG_IP_SET_HASH_NETIFACE m
264 set_kernel_config CONFIG_IP_SET_HASH_NETNET m
265 set_kernel_config CONFIG_IP_SET_HASH_NETPORT m
266 set_kernel_config CONFIG_IP_SET_HASH_NETPORTNET m
267 set_kernel_config CONFIG_IP_SET_LIST_SET m
268 set_kernel_config CONFIG_NETFILTER_XTABLES m
269 set_kernel_config CONFIG_NETFILTER_XTABLES m
270 set_kernel_config CONFIG_NFT_BRIDGE_META m
271 set_kernel_config CONFIG_NFT_BRIDGE_REJECT m
272 set_kernel_config CONFIG_NFT_CHAIN_NAT_IPV4 m
273 set_kernel_config CONFIG_NFT_CHAIN_NAT_IPV6 m
274 set_kernel_config CONFIG_NFT_CHAIN_ROUTE_IPV4 m
275 set_kernel_config CONFIG_NFT_CHAIN_ROUTE_IPV6 m
276 set_kernel_config CONFIG_NFT_COMPAT m
277 set_kernel_config CONFIG_NFT_COUNTER m
278 set_kernel_config CONFIG_NFT_CT m
279 set_kernel_config CONFIG_NFT_DUP_IPV4 m
280 set_kernel_config CONFIG_NFT_DUP_IPV6 m
281 set_kernel_config CONFIG_NFT_DUP_NETDEV m
282 set_kernel_config CONFIG_NFT_EXTHDR m
283 set_kernel_config CONFIG_NFT_FWD_NETDEV m
284 set_kernel_config CONFIG_NFT_HASH m
285 set_kernel_config CONFIG_NFT_LIMIT m
286 set_kernel_config CONFIG_NFT_LOG m
287 set_kernel_config CONFIG_NFT_MASQ m
288 set_kernel_config CONFIG_NFT_MASQ_IPV4 m
289 set_kernel_config CONFIG_NFT_MASQ_IPV6 m
290 set_kernel_config CONFIG_NFT_META m
291 set_kernel_config CONFIG_NFT_NAT m
292 set_kernel_config CONFIG_NFT_NUMGEN m
293 set_kernel_config CONFIG_NFT_QUEUE m
294 set_kernel_config CONFIG_NFT_QUOTA m
295 set_kernel_config CONFIG_NFT_REDIR m
296 set_kernel_config CONFIG_NFT_REDIR_IPV4 m
297 set_kernel_config CONFIG_NFT_REDIR_IPV6 m
298 set_kernel_config CONFIG_NFT_REJECT m
299 set_kernel_config CONFIG_NFT_REJECT_INET m
300 set_kernel_config CONFIG_NFT_REJECT_IPV4 m
301 set_kernel_config CONFIG_NFT_REJECT_IPV6 m
302 set_kernel_config CONFIG_NFT_SET_HASH m
303 set_kernel_config CONFIG_NFT_SET_RBTREE m
304 set_kernel_config CONFIG_NF_CONNTRACK_IPV4 m
305 set_kernel_config CONFIG_NF_CONNTRACK_IPV6 m
306 set_kernel_config CONFIG_NF_DEFRAG_IPV4 m
307 set_kernel_config CONFIG_NF_DEFRAG_IPV6 m
308 set_kernel_config CONFIG_NF_DUP_IPV4 m
309 set_kernel_config CONFIG_NF_DUP_IPV6 m
310 set_kernel_config CONFIG_NF_DUP_NETDEV m
311 set_kernel_config CONFIG_NF_LOG_BRIDGE m
312 set_kernel_config CONFIG_NF_LOG_IPV4 m
313 set_kernel_config CONFIG_NF_LOG_IPV6 m
314 set_kernel_config CONFIG_NF_NAT_IPV4 m
315 set_kernel_config CONFIG_NF_NAT_IPV6 m
316 set_kernel_config CONFIG_NF_NAT_MASQUERADE_IPV4 m
317 set_kernel_config CONFIG_NF_NAT_MASQUERADE_IPV6 m
318 set_kernel_config CONFIG_NF_NAT_PPTP m
319 set_kernel_config CONFIG_NF_NAT_PROTO_GRE m
320 set_kernel_config CONFIG_NF_NAT_REDIRECT m
321 set_kernel_config CONFIG_NF_NAT_SIP m
322 set_kernel_config CONFIG_NF_NAT_SNMP_BASIC m
323 set_kernel_config CONFIG_NF_NAT_TFTP m
324 set_kernel_config CONFIG_NF_REJECT_IPV4 m
325 set_kernel_config CONFIG_NF_REJECT_IPV6 m
326 set_kernel_config CONFIG_NF_TABLES m
327 set_kernel_config CONFIG_NF_TABLES_ARP m
328 set_kernel_config CONFIG_NF_TABLES_BRIDGE m
329 set_kernel_config CONFIG_NF_TABLES_INET m
330 set_kernel_config CONFIG_NF_TABLES_IPV4 m
331 set_kernel_config CONFIG_NF_TABLES_IPV6 m
332 set_kernel_config CONFIG_NF_TABLES_NETDEV m
333 fi
334
335 # Enables BPF syscall for systemd-journald see https://github.com/torvalds/linux/blob/master/init/Kconfig#L848 or https://groups.google.com/forum/#!topic/linux.gentoo.user/_2aSc_ztGpA
336 if [ "$KERNEL_BPF" = true ] ; then
337 set_kernel_config CONFIG_BPF_SYSCALL y
338 set_kernel_config CONFIG_BPF_EVENTS y
339 set_kernel_config CONFIG_BPF_STREAM_PARSER y
340 set_kernel_config CONFIG_CGROUP_BPF y
341 fi
342
343 # KERNEL_DEFAULT_GOV was set by user
344 if [ "$KERNEL_DEFAULT_GOV" != powersave ] && [ -n "$KERNEL_DEFAULT_GOV" ] ; then
345
346 case "$KERNEL_DEFAULT_GOV" in
347 performance)
348 set_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_PERFORMANCE y
349 ;;
350 userspace)
351 set_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_USERSPACE y
352 ;;
353 ondemand)
354 set_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_ONDEMAND y
355 ;;
356 conservative)
357 set_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_CONSERVATIVE y
358 ;;
359 shedutil)
360 set_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_SCHEDUTIL y
361 ;;
362 *)
363 echo "error: unsupported default cpu governor"
364 exit 1
365 ;;
366 esac
367
368 # unset previous default governor
369 unset_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_POWERSAVE
370 fi
371
372 #Revert to previous directory
373 cd "${WORKDIR}" || exit
374
90 375 # Set kernel configuration parameters to enable qemu emulation
91 376 if [ "$ENABLE_QEMU" = true ] ; then
92 377 echo "CONFIG_FHANDLE=y" >> "${KERNEL_DIR}"/.config
@@ -126,6 +411,7 if [ "$BUILD_KERNEL" = true ] ; then
126 411 if [ "$KERNEL_MENUCONFIG" = true ] ; then
127 412 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" menuconfig
128 413 fi
414 # end if "$KERNELSRC_CONFIG" = true
129 415 fi
130 416
131 417 # Use ccache to cross compile the kernel
@@ -142,6 +428,7 if [ "$BUILD_KERNEL" = true ] ; then
142 428 if grep -q "CONFIG_MODULES=y" "${KERNEL_DIR}/.config" ; then
143 429 make -C "${KERNEL_DIR}" -j"${KERNEL_THREADS}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" CC="${cc}" modules
144 430 fi
431 # end if "$KERNELSRC_PREBUILT" = false
145 432 fi
146 433
147 434 # Check if kernel compilation was successful
@@ -237,19 +524,79 if [ "$BUILD_KERNEL" = true ] ; then
237 524 fi
238 525
239 526 else # BUILD_KERNEL=false
240 # Kernel installation
241 chroot_exec apt-get -qq -y --no-install-recommends install linux-image-"${COLLABORA_KERNEL}" raspberrypi-bootloader-nokernel
527 if [ "$SET_ARCH" = 64 ] && { [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; } ; then
528
529 # Use Sakakis modified kernel if ZSWAP is active
530 if [ "$KERNEL_ZSWAP" = true ] || [ "$KERNEL_VIRT" = true ] || [ "$KERNEL_NF" = true ] || [ "$KERNEL_BPF" = true ] ; then
531 RPI3_64_KERNEL_URL="${RPI3_64_BIS_KERNEL_URL}"
532 fi
533
534 # Create temporary directory for dl
535 temp_dir=$(as_nobody mktemp -d)
536
537 # Fetch kernel dl
538 as_nobody wget -O "${temp_dir}"/kernel.tar.xz -c "$RPI3_64_KERNEL_URL"
539
540 #extract download
541 tar -xJf "${temp_dir}"/kernel.tar.xz -C "${temp_dir}"
542
543 #move extracted kernel to /boot/firmware
544 mkdir "${R}/boot/firmware"
545 cp "${temp_dir}"/boot/* "${R}"/boot/firmware/
546 cp -r "${temp_dir}"/lib/* "${R}"/lib/
547
548 # Remove temporary directory for kernel sources
549 rm -fr "${temp_dir}"
550
551 # Set permissions of the kernel sources
552 chown -R root:root "${R}/boot/firmware"
553 chown -R root:root "${R}/lib/modules"
554 fi
555
556 # Install Kernel from hypriot comptabile with all Raspberry PI
557 if [ "$SET_ARCH" = 32 ] ; then
558 # Create temporary directory for dl
559 temp_dir=$(as_nobody mktemp -d)
560
561 # Fetch kernel
562 as_nobody wget -O "${temp_dir}"/kernel.deb -c "$RPI_32_KERNEL_URL"
242 563
243 # Install flash-kernel last so it doesn't try (and fail) to detect the platform in the chroot
244 chroot_exec apt-get -qq -y install flash-kernel
564 # Copy downloaded U-Boot sources
565 mv "${temp_dir}"/kernel.deb "${R}"/tmp/kernel.deb
566
567 # Set permissions
568 chown -R root:root "${R}"/tmp/kernel.deb
569
570 # Install kernel
571 chroot_exec dpkg -i /tmp/kernel.deb
572
573 # move /boot to /boot/firmware to fit script env.
574 #mkdir "${BOOT_DIR}"
575 mkdir "${temp_dir}"/firmware
576 mv "${R}"/boot/* "${temp_dir}"/firmware/
577 mv "${temp_dir}"/firmware "${R}"/boot/
578
579 #same for kernel headers
580 if [ "$KERNEL_HEADERS" = true ] ; then
581 # Fetch kernel header
582 as_nobody wget -O "${temp_dir}"/kernel-header.deb -c "$RPI_32_KERNELHEADER_URL"
583 mv "${temp_dir}"/kernel-header.deb "${R}"/tmp/kernel-header.deb
584 chown -R root:root "${R}"/tmp/kernel-header.deb
585 # Install kernel header
586 chroot_exec dpkg -i /tmp/kernel-header.deb
587 rm -f "${R}"/tmp/kernel-header.deb
588 fi
589
590 # Remove temporary directory and files
591 rm -fr "${temp_dir}"
592 rm -f "${R}"/tmp/kernel.deb
593 fi
245 594
246 595 # Check if kernel installation was successful
247 VMLINUZ="$(ls -1 "${R}"/boot/vmlinuz-* | sort | tail -n 1)"
248 if [ -z "$VMLINUZ" ] ; then
249 echo "error: kernel installation failed! (/boot/vmlinuz-* not found)"
596 KERNEL="$(ls -1 "${R}"/boot/firmware/kernel* | sort | tail -n 1)"
597 if [ -z "$KERNEL" ] ; then
598 echo "error: kernel installation failed! (/boot/kernel* not found)"
250 599 cleanup
251 600 exit 1
252 601 fi
253 # Copy vmlinuz kernel to the boot directory
254 install_readonly "${VMLINUZ}" "${BOOT_DIR}/${KERNEL_IMAGE}"
255 602 fi
Show file before | Show file after | Hide comments
@@ -8,6 +8,11
8 8 # Install and setup fstab
9 9 install_readonly files/mount/fstab "${ETC_DIR}/fstab"
10 10
11 if [ "$ENABLE_UBOOTUSB" = true ] ; then
12 sed -i "s/mmcblk0p1/sda1/" "${ETC_DIR}/fstab"
13 sed -i "s/mmcblk0p2/sda2/" "${ETC_DIR}/fstab"
14 fi
15
11 16 # Add usb/sda disk root partition to fstab
12 17 if [ "$ENABLE_SPLITFS" = true ] && [ "$ENABLE_CRYPTFS" = false ] ; then
13 18 sed -i "s/mmcblk0p2/sda1/" "${ETC_DIR}/fstab"
@@ -29,7 +34,7 if [ "$ENABLE_CRYPTFS" = true ] ; then
29 34 fi
30 35
31 36 # Generate initramfs file
32 if [ "$BUILD_KERNEL" = true ] && [ "$ENABLE_INITRAMFS" = true ] ; then
37 if [ "$ENABLE_INITRAMFS" = true ] ; then
33 38 if [ "$ENABLE_CRYPTFS" = true ] ; then
34 39 # Include initramfs scripts to auto expand encrypted root partition
35 40 if [ "$EXPANDROOT" = true ] ; then
@@ -38,8 +43,43 if [ "$BUILD_KERNEL" = true ] && [ "$ENABLE_INITRAMFS" = true ] ; then
38 43 install_exec files/initramfs/expand-tools "${ETC_DIR}/initramfs-tools/hooks/expand-tools"
39 44 fi
40 45
41 # Disable SSHD inside initramfs
42 printf "#\n# DROPBEAR: [ y | n ]\n#\n\nDROPBEAR=n\n" >> "${ETC_DIR}/initramfs-tools/initramfs.conf"
46 if [ "$CRYPTFS_DROPBEAR" = true ]; then
47 if [ -n "$CRYPTFS_DROPBEAR_PUBKEY" ] && [ -f "$CRYPTFS_DROPBEAR_PUBKEY" ] ; then
48 install_readonly "${CRYPTFS_DROPBEAR_PUBKEY}" "${ETC_DIR}"/dropbear-initramfs/id_rsa.pub
49 cat "${ETC_DIR}"/dropbear-initramfs/id_rsa.pub >> "${ETC_DIR}"/dropbear-initramfs/authorized_keys
50 else
51 # Create key
52 chroot_exec /usr/bin/dropbearkey -t rsa -f /etc/dropbear-initramfs/id_rsa.dropbear
53
54 # Convert dropbear key to openssh key
55 chroot_exec /usr/lib/dropbear/dropbearconvert dropbear openssh /etc/dropbear-initramfs/id_rsa.dropbear /etc/dropbear-initramfs/id_rsa
56
57 # Get Public Key Part
58 chroot_exec /usr/bin/dropbearkey -y -f /etc/dropbear-initramfs/id_rsa.dropbear | chroot_exec tee /etc/dropbear-initramfs/id_rsa.pub
59
60 # Delete unwanted lines
61 sed -i '/Public/d' "${ETC_DIR}"/dropbear-initramfs/id_rsa.pub
62 sed -i '/Fingerprint/d' "${ETC_DIR}"/dropbear-initramfs/id_rsa.pub
63
64 # Trust the new key
65 cat "${ETC_DIR}"/dropbear-initramfs/id_rsa.pub > "${ETC_DIR}"/dropbear-initramfs/authorized_keys
66
67 # Save Keys - convert with putty from rsa/openssh to puttkey
68 cp -f "${ETC_DIR}"/dropbear-initramfs/id_rsa "${BASEDIR}"/dropbear_initramfs_key.rsa
69
70 # Get unlock script
71 install_exec files/initramfs/crypt_unlock.sh "${ETC_DIR}"/initramfs-tools/hooks/crypt_unlock.sh
72
73 # Enable Dropbear inside initramfs
74 printf "#\n# DROPBEAR: [ y | n ]\n#\n\nDROPBEAR=y\n" >> "${ETC_DIR}/initramfs-tools/initramfs.conf"
75
76 # Enable Dropbear inside initramfs
77 sed -i "54 i sleep 5" "${R}"/usr/share/initramfs-tools/scripts/init-premount/dropbear
78 fi
79 else
80 # Disable SSHD inside initramfs
81 printf "#\n# DROPBEAR: [ y | n ]\n#\n\nDROPBEAR=n\n" >> "${ETC_DIR}/initramfs-tools/initramfs.conf"
82 fi
43 83
44 84 # Add cryptsetup modules to initramfs
45 85 printf "#\n# CRYPTSETUP: [ y | n ]\n#\n\nCRYPTSETUP=y\n" >> "${ETC_DIR}/initramfs-tools/conf-hook"
Show file before | Show file after | Hide comments
@@ -5,39 +5,37
5 5 # Load utility functions
6 6 . ./functions.sh
7 7
8 if [ "$BUILD_KERNEL" = true ] ; then
9 if [ -n "$RPI_FIRMWARE_DIR" ] && [ -d "$RPI_FIRMWARE_DIR" ] ; then
10 # Install boot binaries from local directory
11 cp "${RPI_FIRMWARE_DIR}"/boot/bootcode.bin "${BOOT_DIR}"/bootcode.bin
12 cp "${RPI_FIRMWARE_DIR}"/boot/fixup.dat "${BOOT_DIR}"/fixup.dat
13 cp "${RPI_FIRMWARE_DIR}"/boot/fixup_cd.dat "${BOOT_DIR}"/fixup_cd.dat
14 cp "${RPI_FIRMWARE_DIR}"/boot/fixup_x.dat "${BOOT_DIR}"/fixup_x.dat
15 cp "${RPI_FIRMWARE_DIR}"/boot/start.elf "${BOOT_DIR}"/start.elf
16 cp "${RPI_FIRMWARE_DIR}"/boot/start_cd.elf "${BOOT_DIR}"/start_cd.elf
17 cp "${RPI_FIRMWARE_DIR}"/boot/start_x.elf "${BOOT_DIR}"/start_x.elf
18 else
19 # Create temporary directory for boot binaries
20 temp_dir=$(as_nobody mktemp -d)
21
22 # Install latest boot binaries from raspberry/firmware github
23 as_nobody wget -q -O "${temp_dir}/bootcode.bin" "${FIRMWARE_URL}/bootcode.bin"
24 as_nobody wget -q -O "${temp_dir}/fixup.dat" "${FIRMWARE_URL}/fixup.dat"
25 as_nobody wget -q -O "${temp_dir}/fixup_cd.dat" "${FIRMWARE_URL}/fixup_cd.dat"
26 as_nobody wget -q -O "${temp_dir}/fixup_x.dat" "${FIRMWARE_URL}/fixup_x.dat"
27 as_nobody wget -q -O "${temp_dir}/start.elf" "${FIRMWARE_URL}/start.elf"
28 as_nobody wget -q -O "${temp_dir}/start_cd.elf" "${FIRMWARE_URL}/start_cd.elf"
29 as_nobody wget -q -O "${temp_dir}/start_x.elf" "${FIRMWARE_URL}/start_x.elf"
30
31 # Move downloaded boot binaries
32 mv "${temp_dir}/"* "${BOOT_DIR}/"
33
34 # Remove temporary directory for boot binaries
35 rm -fr "${temp_dir}"
36
37 # Set permissions of the boot binaries
38 chown -R root:root "${BOOT_DIR}"
39 chmod -R 600 "${BOOT_DIR}"
40 fi
8 if [ -n "$RPI_FIRMWARE_DIR" ] && [ -d "$RPI_FIRMWARE_DIR" ] ; then
9 # Install boot binaries from local directory
10 cp "${RPI_FIRMWARE_DIR}"/boot/bootcode.bin "${BOOT_DIR}"/bootcode.bin
11 cp "${RPI_FIRMWARE_DIR}"/boot/fixup.dat "${BOOT_DIR}"/fixup.dat
12 cp "${RPI_FIRMWARE_DIR}"/boot/fixup_cd.dat "${BOOT_DIR}"/fixup_cd.dat
13 cp "${RPI_FIRMWARE_DIR}"/boot/fixup_x.dat "${BOOT_DIR}"/fixup_x.dat
14 cp "${RPI_FIRMWARE_DIR}"/boot/start.elf "${BOOT_DIR}"/start.elf
15 cp "${RPI_FIRMWARE_DIR}"/boot/start_cd.elf "${BOOT_DIR}"/start_cd.elf
16 cp "${RPI_FIRMWARE_DIR}"/boot/start_x.elf "${BOOT_DIR}"/start_x.elf
17 else
18 # Create temporary directory for boot binaries
19 temp_dir=$(as_nobody mktemp -d)
20
21 # Install latest boot binaries from raspberry/firmware github
22 as_nobody wget -q -O "${temp_dir}/bootcode.bin" "${FIRMWARE_URL}/bootcode.bin"
23 as_nobody wget -q -O "${temp_dir}/fixup.dat" "${FIRMWARE_URL}/fixup.dat"
24 as_nobody wget -q -O "${temp_dir}/fixup_cd.dat" "${FIRMWARE_URL}/fixup_cd.dat"
25 as_nobody wget -q -O "${temp_dir}/fixup_x.dat" "${FIRMWARE_URL}/fixup_x.dat"
26 as_nobody wget -q -O "${temp_dir}/start.elf" "${FIRMWARE_URL}/start.elf"
27 as_nobody wget -q -O "${temp_dir}/start_cd.elf" "${FIRMWARE_URL}/start_cd.elf"
28 as_nobody wget -q -O "${temp_dir}/start_x.elf" "${FIRMWARE_URL}/start_x.elf"
29
30 # Move downloaded boot binaries
31 mv "${temp_dir}/"* "${BOOT_DIR}/"
32
33 # Remove temporary directory for boot binaries
34 rm -fr "${temp_dir}"
35
36 # Set permissions of the boot binaries
37 chown -R root:root "${BOOT_DIR}"
38 chmod -R 600 "${BOOT_DIR}"
41 39 fi
42 40
43 41 # Setup firmware boot cmdline
@@ -56,23 +54,53 if [ "$ENABLE_CRYPTFS" = true ] ; then
56 54 fi
57 55 fi
58 56
59 #locks cpu at max frequency
60 if [ "$ENABLE_TURBO" = true ] ; then
61 echo "force_turbo=1" >> "${BOOT_DIR}/config.txt"
62 fi
63
57 # Enable Kernel messages on standard output
64 58 if [ "$ENABLE_PRINTK" = true ] ; then
65 59 install_readonly files/sysctl.d/83-rpi-printk.conf "${ETC_DIR}/sysctl.d/83-rpi-printk.conf"
66 60 fi
67 61
68 # Install udev rule for serial alias
62 # Install udev rule for serial alias - serial0 = console serial1=bluetooth
69 63 install_readonly files/etc/99-com.rules "${LIB_DIR}/udev/rules.d/99-com.rules"
70 64
65 # Remove IPv6 networking support
66 if [ "$ENABLE_IPV6" = false ] ; then
67 CMDLINE="${CMDLINE} ipv6.disable=1"
68 fi
69
70 # Automatically assign predictable network interface names
71 if [ "$ENABLE_IFNAMES" = false ] ; then
72 CMDLINE="${CMDLINE} net.ifnames=0"
73 else
74 CMDLINE="${CMDLINE} net.ifnames=1"
75 fi
76
77 # Disable Raspberry Pi console logo
78 if [ "$ENABLE_LOGO" = false ] ; then
79 CMDLINE="${CMDLINE} logo.nologo"
80 fi
81
82 # Strictly limit verbosity of boot up console messages
83 if [ "$ENABLE_SILENT_BOOT" = true ] ; then
84 CMDLINE="${CMDLINE} quiet loglevel=0 rd.systemd.show_status=auto rd.udev.log_priority=0"
85 fi
86
87 # Install firmware config
88 install_readonly files/boot/config.txt "${BOOT_DIR}/config.txt"
89
90 # Disable Raspberry Pi console logo
91 if [ "$ENABLE_SLASH" = false ] ; then
92 echo "disable_splash=1" >> "${BOOT_DIR}/config.txt"
93 fi
94
95 # Locks CPU frequency at maximum
96 if [ "$ENABLE_TURBO" = true ] ; then
97 echo "force_turbo=1" >> "${BOOT_DIR}/config.txt"
98 # helps to avoid sdcard corruption when force_turbo is enabled.
99 echo "boot_delay=1" >> "${BOOT_DIR}/config.txt"
100 fi
101
71 102 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then
72
73 # RPI0,3,3P Use default ttyS0 (mini-UART)as serial interface
74 SET_SERIAL="ttyS0"
75
103
76 104 # Bluetooth enabled
77 105 if [ "$ENABLE_BLUETOOTH" = true ] ; then
78 106 # Create temporary directory for Bluetooth sources
@@ -95,6 +123,10 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then
95 123 install_readonly "${R}/tmp/pi-bluetooth/usr/bin/btuart" "${R}/usr/bin/btuart"
96 124 install_readonly "${R}/tmp/pi-bluetooth/usr/bin/bthelper" "${R}/usr/bin/bthelper"
97 125
126 # make scripts executable
127 chmod +x "${R}/usr/bin/bthelper"
128 chmod +x "${R}/usr/bin/btuart"
129
98 130 # Install bluetooth udev rule
99 131 install_readonly "${R}/tmp/pi-bluetooth/lib/udev/rules.d/90-pi-bluetooth.rules" "${LIB_DIR}/udev/rules.d/90-pi-bluetooth.rules"
100 132
@@ -104,13 +136,13 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then
104 136 install_readonly "${R}/tmp/pi-bluetooth/BCM43430A1.hcd" "${BLUETOOTH_FIRMWARE_DIR}/LICENCE.broadcom_bcm43xx"
105 137 install_readonly "${R}/tmp/pi-bluetooth/debian/pi-bluetooth.bthelper@.service" "${ETC_DIR}/systemd/system/pi-bluetooth.bthelper@.service"
106 138 install_readonly "${R}/tmp/pi-bluetooth/debian/pi-bluetooth.hciuart.service" "${ETC_DIR}/systemd/system/pi-bluetooth.hciuart.service"
107
108 # Remove temporary directory
139
140 # Remove temporary directories
109 141 rm -fr "${temp_dir}"
110
142 rm -fr "${R}"/tmp/pi-bluetooth
143
111 144 # Switch Pi3 Bluetooth function to use the mini-UART (ttyS0) and restore UART0/ttyAMA0 over GPIOs 14 & 15. Slow Bluetooth and slow cpu. Use /dev/ttyS0 instead of /dev/ttyAMA0
112 145 if [ "$ENABLE_MINIUART_OVERLAY" = true ] ; then
113 SET_SERIAL="ttyAMA0"
114 146
115 147 # set overlay to swap ttyAMA0 and ttyS0
116 148 echo "dtoverlay=pi3-miniuart-bt" >> "${BOOT_DIR}/config.txt"
@@ -119,23 +151,15 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then
119 151 if [ "$ENABLE_TURBO" = false ] ; then
120 152 echo "core_freq=250" >> "${BOOT_DIR}/config.txt"
121 153 fi
122
123 # Activate services
124 chroot_exec systemctl enable pi-bluetooth.hciuart.service
125 #chroot_exec systemctl enable pi-bluetooth.bthelper@.service
126 else
127 chroot_exec systemctl enable pi-bluetooth.hciuart.service
128 #chroot_exec systemctl enable pi-bluetooth.bthelper@.service
129 154 fi
130
155
156 # Activate services
157 chroot_exec systemctl enable pi-bluetooth.hciuart.service
158
131 159 else # if ENABLE_BLUETOOTH = false
132 160 # set overlay to disable bluetooth
133 161 echo "dtoverlay=pi3-disable-bt" >> "${BOOT_DIR}/config.txt"
134 162 fi # ENABLE_BLUETOOTH end
135
136 else
137 # RPI1,1P,2 Use default ttyAMA0 (full UART) as serial interface
138 SET_SERIAL="ttyAMA0"
139 163 fi
140 164
141 165 # may need sudo systemctl disable hciuart
@@ -143,33 +167,60 if [ "$ENABLE_CONSOLE" = true ] ; then
143 167 echo "enable_uart=1" >> "${BOOT_DIR}/config.txt"
144 168 # add string to cmdline
145 169 CMDLINE="${CMDLINE} console=serial0,115200"
146
170
147 171 # Enable serial console systemd style
148 chroot_exec systemctl enable serial-getty\@"$SET_SERIAL".service
172 chroot_exec systemctl enable serial-getty\@serial0.service
149 173 else
150 174 echo "enable_uart=0" >> "${BOOT_DIR}/config.txt"
175
151 176 # disable serial console systemd style
152 177 chroot_exec systemctl disable serial-getty\@"$SET_SERIAL".service
153 178 fi
154 179
155 # Remove IPv6 networking support
156 if [ "$ENABLE_IPV6" = false ] ; then
157 CMDLINE="${CMDLINE} ipv6.disable=1"
158 fi
180 if [ "$ENABLE_SYSTEMDSWAP" = true ] ; then
181 # Create temporary directory for systemd-swap sources
182 temp_dir=$(as_nobody mktemp -d)
159 183
160 # Automatically assign predictable network interface names
161 if [ "$ENABLE_IFNAMES" = false ] ; then
162 CMDLINE="${CMDLINE} net.ifnames=0"
184 # Fetch systemd-swap sources
185 as_nobody git -C "${temp_dir}" clone "${SYSTEMDSWAP_URL}"
186
187 # Copy downloaded systemd-swap sources
188 mv "${temp_dir}/systemd-swap" "${R}/tmp/"
189
190 # Set permissions of the systemd-swap sources
191 chown -R root:root "${R}/tmp/systemd-swap"
192
193 # Remove temporary directory for systemd-swap sources
194 rm -fr "${temp_dir}"
195
196 # Change into downloaded src dir
197 cd "${R}/tmp/systemd-swap" || exit
198
199 # Build package
200 . ./package.sh debian
201
202 # Install package
203 chroot_exec dpkg -i /tmp/systemd-swap/systemd-swap-*any.deb
204
205 # Enable service
206 chroot_exec systemctl enable systemd-swap
207
208 # Change back into script root dir
209 cd "${WORKDIR}" || exit
163 210 else
164 CMDLINE="${CMDLINE} net.ifnames=1"
211 # Enable ZSWAP in cmdline if systemd-swap is not used
212 if [ "$KERNEL_ZSWAP" = true ] ; then
213 CMDLINE="${CMDLINE} zswap.enabled=1 zswap.max_pool_percent=25 zswap.compressor=lz4"
214 fi
215 fi
216
217 if [ "$KERNEL_SECURITY" = true ] ; then
218 CMDLINE="${CMDLINE} apparmor=1 security=apparmor"
165 219 fi
166 220
167 221 # Install firmware boot cmdline
168 222 echo "${CMDLINE}" > "${BOOT_DIR}/cmdline.txt"
169 223
170 # Install firmware config
171 install_readonly files/boot/config.txt "${BOOT_DIR}/config.txt"
172
173 224 # Setup minimal GPU memory allocation size: 16MB (no X)
174 225 if [ "$ENABLE_MINGPU" = true ] ; then
175 226 echo "gpu_mem=16" >> "${BOOT_DIR}/config.txt"
Show file before | Show file after | Hide comments
@@ -57,6 +57,20 else # ENABLE_DHCP=false
57 57 -e "0,/NTP=\$/ s|NTP=\$|NTP=${NET_NTP_1}|"\
58 58 -e "0,/NTP=\$/ s|NTP=\$|NTP=${NET_NTP_2}|"\
59 59 "${ETC_DIR}/systemd/network/eth.network"
60
61 if [ "$CRYPTFS_DROPBEAR" = true ] ; then
62 # Get cdir from NET_ADDRESS e.g. 24
63 cdir=$(${NET_ADDRESS} | cut -d '/' -f2)
64
65 # Convert cdir ro netmask e.g. 24 to 255.255.255.0
66 NET_MASK=$(cdr2mask "$cdir")
67
68 # Write static ip settings to "${ETC_DIR}"/initramfs-tools/initramfs.conf
69 sed -i "\$aIP=${NET_ADDRESS}::${NET_GATEWAY}:${NET_MASK}:${HOSTNAME}:" "${ETC_DIR}"/initramfs-tools/initramfs.conf
70
71 # Regenerate initramfs
72 chroot_exec mkinitramfs -o "/boot/firmware/initramfs-${KERNEL_VERSION}" "${KERNEL_VERSION}"
73 fi
60 74 fi
61 75
62 76 # Remove empty settings from network configuration
Show file before | Show file after | Hide comments
@@ -9,9 +9,10 if [ "$ENABLE_IPTABLES" = true ] ; then
9 9 # Create iptables configuration directory
10 10 mkdir -p "${ETC_DIR}/iptables"
11 11
12 # make sure iptables-legacy is the used alternatives
13 #iptables-save and -restore are slaves of iptables and thus are set accordingly
14 chroot_exec update-alternatives --verbose --set iptables /usr/sbin/iptables-legacy
12 if [ "$KERNEL_NF" = false ] ; then
13 #iptables-save and -restore are slaves of iptables and thus are set accordingly
14 chroot_exec update-alternatives --verbose --set iptables /usr/sbin/iptables-legacy
15 fi
15 16
16 17 # Install iptables systemd service
17 18 install_readonly files/iptables/iptables.service "${ETC_DIR}/systemd/system/iptables.service"
@@ -27,6 +28,11 if [ "$ENABLE_IPTABLES" = true ] ; then
27 28 chroot_exec systemctl enable iptables.service
28 29
29 30 if [ "$ENABLE_IPV6" = true ] ; then
31 if [ "$KERNEL_NF" = false ] ; then
32 #iptables-save and -restore are slaves of iptables and thus are set accordingly
33 chroot_exec update-alternatives --verbose --set ip6tables /usr/sbin/ip6tables-legacy
34 fi
35
30 36 # Install ip6tables systemd service
31 37 install_readonly files/iptables/ip6tables.service "${ETC_DIR}/systemd/system/ip6tables.service"
32 38
Show file before | Show file after | Hide comments
@@ -22,8 +22,3 else
22 22 # Set no root password to disable root login
23 23 chroot_exec usermod -p \'!\' root
24 24 fi
25
26 # Enable serial console systemd style
27 if [ "$ENABLE_CONSOLE" = true ] ; then
28 chroot_exec systemctl enable serial-getty\@ttyAMA0.service
29 fi
Show file before | Show file after | Hide comments
@@ -77,6 +77,11 if [ "$ENABLE_UBOOT" = true ] ; then
77 77 #in 64bit uboot booti is used instead of bootz [like in KERNEL_BIN_IMAGE=zImage (armv7)|| Image(armv8)]
78 78 sed -i "s|bootz|booti|g" "${BOOT_DIR}/uboot.mkimage"
79 79 fi
80
81 # instead of sd, boot from usb device
82 if [ "$ENABLE_UBOOTUSB" = true ] ; then
83 sed -i "s|mmc|usb|g" "${BOOT_DIR}/uboot.mkimage"
84 fi
80 85
81 86 # Set mkfile to use the correct dtb file
82 87 sed -i "s|bcm2709-rpi-2-b.dtb|${DTB_FILE}|" "${BOOT_DIR}/uboot.mkimage"
Show file before | Show file after | Hide comments
@@ -50,4 +50,7 if [ "$ENABLE_VIDEOCORE" = true ] ; then
50 50
51 51 #back to root of scriptdir
52 52 cd "${WORKDIR}"
53
54 # Remove videocore sources
55 rm -fr "${R}"/tmp/userland/
53 56 fi
Show file before | Show file after | Hide comments
@@ -1,8 +1,8
1 deb http://ftp.debian.org/debian jessie main contrib
2 #deb-src http://ftp.debian.org/debian jessie main contrib
1 deb http://ftp.debian.org/debian stretch main contrib
2 #deb-src http://ftp.debian.org/debian stretch main contrib
3 3
4 deb http://ftp.debian.org/debian/ jessie-updates main contrib
5 #deb-src http://ftp.debian.org/debian/ jessie-updates main contrib
4 deb http://ftp.debian.org/debian/ stretch-updates main contrib
5 #deb-src http://ftp.debian.org/debian/ stretch-updates main contrib
6 6
7 deb http://security.debian.org/ jessie/updates main contrib
8 #deb-src http://security.debian.org/ jessie/updates main contrib
7 deb http://security.debian.org/ stretch/updates main contrib
8 #deb-src http://security.debian.org/ stretch/updates main contrib
Show file before | Show file after | Hide comments
@@ -66,3 +66,11 EOF2
66 66 partprobe &&
67 67 resize2fs /dev/${ROOT_PART} &&
68 68 logger -t "rc.firstboot" "Root partition successfully resized."
69
70 # Restart dphys-swapfile service if it exists
71 if systemctl list-units | grep -q dphys-swapfile ; then
72 if systemctl is-enabled dphys-swapfile ; then
73 logger -t "rc.firstboot" "Restarting dphys-swapfile"
74 systemctl restart dphys-swapfile
75 fi
76 fi
Show file before | Show file after | Hide comments
@@ -8,6 +8,7 INITRAMFS_UBOOT="${INITRAMFS}.uboot"
8 8 # Extract kernel arch
9 9 case "${KERNEL_ARCH}" in
10 10 arm*) KERNEL_ARCH=arm ;;
11 aarch64) KERNEL_ARCH=arm64 ;;
11 12 esac
12 13
13 14 # Regenerate initramfs
Show file before | Show file after | Hide comments
@@ -3,6 +3,17
3 3 cleanup (){
4 4 set +x
5 5 set +e
6
7 # Remove exports from nexmon
8 unset KERNEL
9 unset ARCH
10 unset SUBARCH
11 unset CCPLUGIN
12 unset ZLIBFLATE
13 unset Q
14 unset NEXMON_SETUP_ENV
15 unset HOSTUNAME
16 unset PLATFORMUNAME
6 17
7 18 # Identify and kill all processes still using files
8 19 echo "killing processes using mount point ..."
@@ -63,15 +74,43 chroot_install_cc() {
63 74 # Install c/c++ build environment inside the chroot
64 75 if [ -z "${COMPILER_PACKAGES}" ] ; then
65 76 COMPILER_PACKAGES=$(chroot_exec apt-get -s install g++ make bc | grep "^Inst " | awk -v ORS=" " '{ print $2 }')
66 # Install COMPILER_PACKAGES in chroot
67 chroot_exec apt-get -q -y --allow-unauthenticated --no-install-recommends install "${COMPILER_PACKAGES}"
77 # Install COMPILER_PACKAGES in chroot - NEVER do "${COMPILER_PACKAGES}" -> breaks uboot
78 chroot_exec apt-get -q -y --allow-unauthenticated --no-install-recommends install ${COMPILER_PACKAGES}
68 79 fi
69 80 }
70 81
71 82 chroot_remove_cc() {
72 83 # Remove c/c++ build environment from the chroot
73 84 if [ -n "${COMPILER_PACKAGES}" ] ; then
74 chroot_exec apt-get -qq -y --auto-remove purge "${COMPILER_PACKAGES}"
85 chroot_exec apt-get -qq -y --auto-remove purge ${COMPILER_PACKAGES}
75 86 COMPILER_PACKAGES=""
76 87 fi
77 88 }
89
90 # https://serverfault.com/a/682849 - converts e.g. /24 to 255.255.255.0
91 cdr2mask ()
92 {
93 # Number of args to shift, 255..255, first non-255 byte, zeroes
94 set -- $(( 5 - ($1 / 8) )) 255 255 255 255 $(( (255 << (8 - ($1 % 8))) & 255 )) 0 0 0
95 [ $1 -gt 1 ] && shift $1 || shift
96 echo ${1-0}.${2-0}.${3-0}.${4-0}
97 }
98
99 # GPL v2.0 - #https://github.com/sakaki-/bcmrpi3-kernel-bis/blob/master/conform_config.sh
100 set_kernel_config() {
101 # flag as $1, value to set as $2, config must exist at "./.config"
102 TGT="CONFIG_${1#CONFIG_}"
103 REP="${2}"
104 if grep -q "^${TGT}[^_]" .config; then
105 sed -i "s/^\(${TGT}=.*\|# ${TGT} is not set\)/${TGT}=${REP}/" .config
106 else
107 echo "${TGT}"="${2}" >> .config
108 fi
109 }
110
111 # unset kernel config parameter
112 unset_kernel_config() {
113 # unsets flag with the value of $1, config must exist at "./.config"
114 TGT="CONFIG_${1#CONFIG_}"
115 sed -i "s/^${TGT}=.*/# ${TGT} is not set/" .config
116 } No newline at end of file
Show file before | Show file after | Hide comments
@@ -57,6 +57,20 FBTURBO_URL=${FBTURBO_URL:=https://github.com/ssvb/xf86-video-fbturbo.git}
57 57 UBOOT_URL=${UBOOT_URL:=https://git.denx.de/u-boot.git}
58 58 VIDEOCORE_URL=${VIDEOCORE_URL:=https://github.com/raspberrypi/userland}
59 59 BLUETOOTH_URL=${BLUETOOTH_URL:=https://github.com/RPi-Distro/pi-bluetooth.git}
60 NEXMON_URL=${NEXMON_URL:=https://github.com/seemoo-lab/nexmon.git}
61 SYSTEMDSWAP_URL=${SYSTEMDSWAP_URL:=https://github.com/Nefelim4ag/systemd-swap.git}
62
63 # Kernel deb packages for 32bit kernel
64 RPI_32_KERNEL_URL=${RPI_32_KERNEL_URL:=https://github.com/hypriot/rpi-kernel/releases/download/v4.14.34/raspberrypi-kernel_20180422-141901_armhf.deb}
65 RPI_32_KERNELHEADER_URL=${RPI_32_KERNELHEADER_URL:=https://github.com/hypriot/rpi-kernel/releases/download/v4.14.34/raspberrypi-kernel-headers_20180422-141901_armhf.deb}
66 # Kernel has KVM and zswap enabled - use if KERNEL_* parameters and precompiled kernel are used
67 RPI3_64_BIS_KERNEL_URL=${RPI3_64_BIS_KERNEL_URL:=https://github.com/sakaki-/bcmrpi3-kernel-bis/releases/download/4.14.80.20181113/bcmrpi3-kernel-bis-4.14.80.20181113.tar.xz}
68 # Default precompiled 64bit kernel
69 RPI3_64_DEF_KERNEL_URL=${RPI3_64_DEF_KERNEL_URL:=https://github.com/sakaki-/bcmrpi3-kernel/releases/download/4.14.80.20181113/bcmrpi3-kernel-4.14.80.20181113.tar.xz}
70 # Generic
71 RPI3_64_KERNEL_URL=${RPI3_64_KERNEL_URL:=$RPI3_64_DEF_KERNEL_URL}
72 # Kali kernel src - used if ENABLE_NEXMON=true (they patch the wlan kernel modul)
73 KALI_KERNEL_URL=${KALI_KERNEL_URL:=https://github.com/Re4son/re4son-raspberrypi-linux.git}
60 74
61 75 # Build directories
62 76 WORKDIR=$(pwd)
@@ -105,6 +119,7 NET_NTP_2=${NET_NTP_2:=""}
105 119 # APT settings
106 120 APT_PROXY=${APT_PROXY:=""}
107 121 APT_SERVER=${APT_SERVER:="ftp.debian.org"}
122 KEEP_APT_PROXY=${KEEP_APT_PROXY:=false}
108 123
109 124 # Feature settings
110 125 ENABLE_PRINTK=${ENABLE_PRINTK:=false}
@@ -138,19 +153,26 SSH_ROOT_PUB_KEY=${SSH_ROOT_PUB_KEY:=""}
138 153 SSH_USER_PUB_KEY=${SSH_USER_PUB_KEY:=""}
139 154
140 155 # Advanced settings
156 ENABLE_SYSTEMDSWAP=${ENABLE_SYSTEMDSWAP:=false}
141 157 ENABLE_MINBASE=${ENABLE_MINBASE:=false}
142 158 ENABLE_REDUCE=${ENABLE_REDUCE:=false}
143 159 ENABLE_UBOOT=${ENABLE_UBOOT:=false}
144 160 UBOOTSRC_DIR=${UBOOTSRC_DIR:=""}
161 ENABLE_UBOOTUSB=${ENABLE_UBOOTUSB=false}
145 162 ENABLE_FBTURBO=${ENABLE_FBTURBO:=false}
146 163 ENABLE_VIDEOCORE=${ENABLE_VIDEOCORE:=false}
164 ENABLE_NEXMON=${ENABLE_NEXMON:=false}
147 165 VIDEOCORESRC_DIR=${VIDEOCORESRC_DIR:=""}
148 166 FBTURBOSRC_DIR=${FBTURBOSRC_DIR:=""}
167 NEXMONSRC_DIR=${NEXMONSRC_DIR:=""}
149 168 ENABLE_HARDNET=${ENABLE_HARDNET:=false}
150 169 ENABLE_IPTABLES=${ENABLE_IPTABLES:=false}
151 170 ENABLE_SPLITFS=${ENABLE_SPLITFS:=false}
152 171 ENABLE_INITRAMFS=${ENABLE_INITRAMFS:=false}
153 172 ENABLE_IFNAMES=${ENABLE_IFNAMES:=true}
173 ENABLE_SPLASH=${ENABLE_SPLASH:=true}
174 ENABLE_LOGO=${ENABLE_LOGO:=true}
175 ENABLE_SILENT_BOOT=${ENABLE_SILENT_BOOT=false}
154 176 DISABLE_UNDERVOLT_WARNINGS=${DISABLE_UNDERVOLT_WARNINGS:=}
155 177
156 178 # Kernel compilation settings
@@ -162,6 +184,12 KERNEL_MENUCONFIG=${KERNEL_MENUCONFIG:=false}
162 184 KERNEL_REMOVESRC=${KERNEL_REMOVESRC:=true}
163 185 KERNEL_OLDDEFCONFIG=${KERNEL_OLDDEFCONFIG:=false}
164 186 KERNEL_CCACHE=${KERNEL_CCACHE:=false}
187 KERNEL_ZSWAP=${KERNEL_ZSWAP:=false}
188 KERNEL_VIRT=${KERNEL_VIRT:=false}
189 KERNEL_BPF=${KERNEL_BPF:=false}
190 KERNEL_DEFAULT_GOV=${KERNEL_DEFAULT_GOV:=powersave}
191 KERNEL_SECURITY=${KERNEL_SECURITY:=false}
192 KERNEL_NF=${KERNEL_NF:=false}
165 193
166 194 # Kernel compilation from source directory settings
167 195 KERNELSRC_DIR=${KERNELSRC_DIR:=""}
@@ -185,6 +213,10 CRYPTFS_PASSWORD=${CRYPTFS_PASSWORD:=""}
185 213 CRYPTFS_MAPPING=${CRYPTFS_MAPPING:="secure"}
186 214 CRYPTFS_CIPHER=${CRYPTFS_CIPHER:="aes-xts-plain64:sha512"}
187 215 CRYPTFS_XTSKEYSIZE=${CRYPTFS_XTSKEYSIZE:=512}
216 #Dropbear-initramfs supports unlocking encrypted filesystem via SSH on bootup
217 CRYPTFS_DROPBEAR=${CRYPTFS_DROPBEAR:=false}
218 #Provide your own Dropbear Public RSA-OpenSSH Key otherwise it will be generated
219 CRYPTFS_DROPBEAR_PUBKEY=${CRYPTFS_DROPBEAR_PUBKEY:=""}
188 220
189 221 # Chroot scripts directory
190 222 CHROOT_SCRIPTS=${CHROOT_SCRIPTS:=""}
@@ -203,11 +235,9 MISSING_PACKAGES=""
203 235 # Packages installed for c/c++ build environment in chroot (keep empty)
204 236 COMPILER_PACKAGES=""
205 237
206 set +x
207
208 #Check if apt-cacher-ng has port 3142 open and set APT_PROXY
209 APT_CACHER_RUNNING=$(lsof -i :3142 | grep apt-cacher-ng | cut -d ' ' -f3 | uniq)
210 if [ -n "${APT_CACHER_RUNNING}" ] ; then
238 # Check if apt-cacher-ng has port 3142 open and set APT_PROXY
239 APT_CACHER_RUNNING=$(lsof -i :3142 | cut -d ' ' -f3 | uniq | sed '/^\s*$/d')
240 if [ "${APT_CACHER_RUNNING}" = "apt-cacher-ng" ] ; then
211 241 APT_PROXY=http://127.0.0.1:3142/
212 242 fi
213 243
@@ -258,7 +288,7 if [ -n "$SET_ARCH" ] ; then
258 288 CROSS_COMPILE=${CROSS_COMPILE:=arm-linux-gnueabihf-}
259 289 fi
260 290 fi
261 #SET_ARCH not set
291 # SET_ARCH not set
262 292 else
263 293 echo "error: Please set '32' or '64' as value for SET_ARCH"
264 294 exit 1
@@ -295,12 +325,26 case "$RPI_MODEL" in
295 325 ;;
296 326 esac
297 327
328 if [ "$ENABLE_UBOOTUSB" = true ] ; then
329 if [ "$ENABLE_UBOOT" = false ] ; then
330 echo "error: Enabling UBOOTUSB requires u-boot to be enabled"
331 exit 1
332 fi
333 if [ "$RPI_MODEL" != 3 ] || [ "$RPI_MODEL" != 3P ] ; then
334 echo "error: Enabling UBOOTUSB requires Raspberry 3"
335 exit 1
336 fi
337 fi
338
298 339 # Raspberry PI 0,3,3P with Bluetooth and Wifi onboard
299 340 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then
300 341 # Include bluetooth packages on supported boards
301 if [ "$ENABLE_BLUETOOTH" = true ] && [ "$ENABLE_CONSOLE" = false ]; then
342 if [ "$ENABLE_BLUETOOTH" = true ] ; then
302 343 APT_INCLUDES="${APT_INCLUDES},bluetooth,bluez"
303 344 fi
345 if [ "$ENABLE_WIRELESS" = true ] ; then
346 APT_INCLUDES="${APT_INCLUDES},wireless-tools,crda,wireless-regdb"
347 fi
304 348 else # Raspberry PI 1,1P,2 without Wifi and bluetooth onboard
305 349 # Check if the internal wireless interface is not supported by the RPi model
306 350 if [ "$ENABLE_WIRELESS" = true ] || [ "$ENABLE_BLUETOOTH" = true ]; then
@@ -309,6 +353,11 else # Raspberry PI 1,1P,2 without Wifi and bluetooth onboard
309 353 fi
310 354 fi
311 355
356 if [ "$BUILD_KERNEL" = false ] && [ "$ENABLE_NEXMON" = true ]; then
357 echo "error: You have to compile kernel sources, if you want to enable nexmon"
358 exit 1
359 fi
360
312 361 # Prepare date string for default image file name
313 362 DATE="$(date +%Y-%m-%d)"
314 363 if [ -z "$KERNEL_BRANCH" ] ; then
@@ -330,6 +379,11 if [ "$ENABLE_VIDEOCORE" = true ] ; then
330 379 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} cmake"
331 380 fi
332 381
382 # Add deps for nexmon
383 if [ "$ENABLE_NEXMON" = true ] ; then
384 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} libgmp3-dev gawk qpdf bison flex make autoconf automake build-essential libtool"
385 fi
386
333 387 # Add libncurses5 to enable kernel menuconfig
334 388 if [ "$KERNEL_MENUCONFIG" = true ] ; then
335 389 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} libncurses-dev"
@@ -345,6 +399,11 if [ "$ENABLE_CRYPTFS" = true ] && [ "$BUILD_KERNEL" = true ] ; then
345 399 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} cryptsetup"
346 400 APT_INCLUDES="${APT_INCLUDES},cryptsetup,busybox,console-setup"
347 401
402 # If cryptfs,dropbear and initramfs are enabled include dropbear-initramfs package
403 if [ "$CRYPTFS_DROPBEAR" = true ] && [ "$ENABLE_INITRAMFS" = true ]; then
404 APT_INCLUDES="${APT_INCLUDES},dropbear-initramfs"
405 fi
406
348 407 if [ -z "$CRYPTFS_PASSWORD" ] ; then
349 408 echo "error: no password defined (CRYPTFS_PASSWORD)!"
350 409 exit 1
@@ -362,14 +421,6 if [ "$ENABLE_UBOOT" = true ] ; then
362 421 APT_INCLUDES="${APT_INCLUDES},device-tree-compiler,bison,flex,bc"
363 422 fi
364 423
365 if [ "$ENABLE_BLUETOOTH" = true ] ; then
366 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then
367 if [ "$ENABLE_CONSOLE" = false ] ; then
368 APT_INCLUDES="${APT_INCLUDES},bluetooth,bluez"
369 fi
370 fi
371 fi
372
373 424 # Check if root SSH (v2) public key file exists
374 425 if [ -n "$SSH_ROOT_PUB_KEY" ] ; then
375 426 if [ ! -f "$SSH_ROOT_PUB_KEY" ] ; then
@@ -386,6 +437,11 if [ -n "$SSH_USER_PUB_KEY" ] ; then
386 437 fi
387 438 fi
388 439
440 if [ "$ENABLE_NEXMON" = true ] && [ -n "$KERNEL_BRANCH" ] ; then
441 echo "error: Please unset KERNEL_BRANCH if using ENABLE_NEXMON"
442 exit 1
443 fi
444
389 445 # Check if all required packages are installed on the build system
390 446 for package in $REQUIRED_PACKAGES ; do
391 447 if [ "$(dpkg-query -W -f='${Status}' "$package")" != "install ok installed" ] ; then
@@ -442,6 +498,12 if [ -n "$FBTURBOSRC_DIR" ] && [ ! -d "$FBTURBOSRC_DIR" ] ; then
442 498 exit 1
443 499 fi
444 500
501 # Check if specified NEXMONSRC_DIR directory exists
502 if [ -n "$NEXMONSRC_DIR" ] && [ ! -d "$NEXMONSRC_DIR" ] ; then
503 echo "error: '${NEXMONSRC_DIR}' specified directory not found (NEXMONSRC_DIR)!"
504 exit 1
505 fi
506
445 507 # Check if specified CHROOT_SCRIPTS directory exists
446 508 if [ -n "$CHROOT_SCRIPTS" ] && [ ! -d "$CHROOT_SCRIPTS" ] ; then
447 509 echo "error: ${CHROOT_SCRIPTS} specified directory not found (CHROOT_SCRIPTS)!"
@@ -493,6 +555,10 fi
493 555 if [ "$ENABLE_IPTABLES" = true ] ; then
494 556 APT_INCLUDES="${APT_INCLUDES},iptables,iptables-persistent"
495 557 fi
558 # Add apparmor for KERNEL_SECURITY
559 if [ "$KERNEL_SECURITY" = true ] ; then
560 APT_INCLUDES="${APT_INCLUDES},apparmor,apparmor-utils,apparmor-profiles,apparmor-profiles-extra,libapparmor-perl"
561 fi
496 562
497 563 # Add openssh server package
498 564 if [ "$ENABLE_SSHD" = true ] ; then
@@ -546,16 +612,6 if [ "$ENABLE_SYSVINIT" = false ] ; then
546 612 APT_EXCLUDES="--exclude=${APT_EXCLUDES},init,systemd-sysv"
547 613 fi
548 614
549 # Check if kernel is getting compiled
550 if [ "$BUILD_KERNEL" = false ] ; then
551 echo "Downloading precompiled kernel"
552 echo "error: not configured"
553 exit 1;
554 # BUILD_KERNEL=true
555 else
556 echo "No precompiled kernel repositories were added"
557 fi
558
559 615 # Configure kernel sources if no KERNELSRC_DIR
560 616 if [ "$BUILD_KERNEL" = true ] && [ -z "$KERNELSRC_DIR" ] ; then
561 617 KERNELSRC_CONFIG=true
@@ -623,13 +679,17 umount -l "${R}/sys"
623 679 rm -rf "${R}/run/*"
624 680 rm -rf "${R}/tmp/*"
625 681
682 # Clean up APT proxy settings
683 if [ "$KEEP_APT_PROXY" = false ] ; then
684 rm -f "${ETC_DIR}/apt/apt.conf.d/10proxy"
685 fi
686
626 687 # Clean up files
627 688 rm -f "${ETC_DIR}/ssh/ssh_host_*"
628 689 rm -f "${ETC_DIR}/dropbear/dropbear_*"
629 690 rm -f "${ETC_DIR}/apt/sources.list.save"
630 691 rm -f "${ETC_DIR}/resolvconf/resolv.conf.d/original"
631 692 rm -f "${ETC_DIR}/*-"
632 rm -f "${ETC_DIR}/apt/apt.conf.d/10proxy"
633 693 rm -f "${ETC_DIR}/resolv.conf"
634 694 rm -f "${R}/root/.bash_history"
635 695 rm -f "${R}/var/lib/urandom/random-seed"
General Comments 0
Vous devez vous connecter pour laisser un commentaire. Se connecter maintenant