##// END OF EJS Templates
Merge pull request #11 from drtyhlpr/testing...
burnbabyburn -
r565:d3e5933b04da Fusion
parent child
Show More
@@ -0,0 +1,97
1 #!/bin/sh
2 #
3 # Build and Setup nexmon with monitor mode patch
4 #
5
6 # Load utility functions
7 . ./functions.sh
8
9 if [ "$ENABLE_NEXMON" = true ] && [ "$ENABLE_WIRELESS" = true ]; then
10 # Copy existing nexmon sources into chroot directory
11 if [ -n "$NEXMONSRC_DIR" ] && [ -d "$NEXMONSRC_DIR" ] ; then
12 # Copy local U-Boot sources
13 cp -r "${NEXMONSRC_DIR}" "${R}/tmp"
14 else
15 # Create temporary directory for nexmon sources
16 temp_dir=$(as_nobody mktemp -d)
17
18 # Fetch nexmon sources
19 as_nobody git -C "${temp_dir}" clone "${NEXMON_URL}"
20
21 # Copy downloaded nexmon sources
22 mv "${temp_dir}/nexmon" "${R}"/tmp/
23
24 # Set permissions of the nexmon sources
25 chown -R root:root "${R}"/tmp/nexmon
26
27 # Remove temporary directory for nexmon sources
28 rm -fr "${temp_dir}"
29 fi
30
31 # Set script Root
32 export NEXMON_ROOT="${R}"/tmp/nexmon
33
34 # Build nexmon firmware outside the build system, if we can.
35 cd "${NEXMON_ROOT}" || exit
36
37 # Make ancient isl build
38 cd buildtools/isl-0.10 || exit
39 ./configure
40 make
41 cd ../.. || exit
42
43 # Disable statistics
44 touch DISABLE_STATISTICS
45
46 # Setup Enviroment: see https://github.com/NoobieDog/nexmon/blob/master/setup_env.sh
47 export KERNEL="${KERNEL_IMAGE}"
48 export ARCH=arm
49 export SUBARCH=arm
50 export CC="${NEXMON_ROOT}"/buildtools/gcc-arm-none-eabi-5_4-2016q2-linux-x86/bin/arm-none-eabi-
51 export CC="${CC}"gcc
52 export CCPLUGIN="${NEXMON_ROOT}"/buildtools/gcc-nexmon-plugin/nexmon.so
53 export ZLIBFLATE="zlib-flate -compress"
54 export Q=@
55 export NEXMON_SETUP_ENV=1
56 export HOSTUNAME=$(uname -s)
57 export PLATFORMUNAME=$(uname -m)
58
59 # Make nexmon
60 make
61
62 # build patches
63 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 3 ] ; then
64 cd "${NEXMON_ROOT}"/patches/bcm43430a1/7_45_41_46/nexmon || exit
65 sed -i -e 's/all:.*/all: $(RAM_FILE)/g' ${NEXMON_ROOT}/patches/bcm43430a1/7_45_41_46/nexmon/Makefile
66 make clean
67
68 # We do this so we don't have to install the ancient isl version into /usr/local/lib on systems.
69 LD_LIBRARY_PATH="${NEXMON_ROOT}"/buildtools/isl-0.10/.libs make ARCH="${KERNEL_ARCH}" CC="${NEXMON_ROOT}"/buildtools/gcc-arm-none-eabi-5_4-2016q2-linux-x86/bin/arm-none-eabi-
70
71 # copy RPi0W & RPi3 firmware
72 mv "${WLAN_FIRMWARE_DIR}"/brcmfmac43430-sdio.bin "${WLAN_FIRMWARE_DIR}"/brcmfmac43430-sdio.org.bin
73 cp "${NEXMON_ROOT}"/patches/bcm43430a1/7_45_41_46/nexmon/brcmfmac43430-sdio.bin "${WLAN_FIRMWARE_DIR}"/brcmfmac43430-sdio.nexmon.bin
74 cp -f "${NEXMON_ROOT}"/patches/bcm43430a1/7_45_41_46/nexmon/brcmfmac43430-sdio.bin "${WLAN_FIRMWARE_DIR}"/brcmfmac43430-sdio.bin
75 fi
76
77 if [ "$RPI_MODEL" = 3P ] ; then
78 cd "${NEXMON_ROOT}"/patches/bcm43455c0/7_45_154/nexmon || exit
79 sed -i -e 's/all:.*/all: $(RAM_FILE)/g' ${NEXMON_ROOT}/patches/bcm43455c0/7_45_154/nexmon/Makefile
80 make clean
81
82 # We do this so we don't have to install the ancient isl version into /usr/local/lib on systems.
83 LD_LIBRARY_PATH=${NEXMON_ROOT}/buildtools/isl-0.10/.libs make ARCH="${KERNEL_ARCH}" CC="${NEXMON_ROOT}"/buildtools/gcc-arm-none-eabi-5_4-2016q2-linux-x86/bin/arm-none-eabi-
84
85 # RPi3B+ firmware
86 mv "${WLAN_FIRMWARE_DIR}"/brcmfmac43455-sdio.bin "${WLAN_FIRMWARE_DIR}"/brcmfmac43455-sdio.org.bin
87 cp "${NEXMON_ROOT}"/patches/bcm43455c0/7_45_154/nexmon/brcmfmac43455-sdio.bin "${WLAN_FIRMWARE_DIR}"/brcmfmac43455-sdio.nexmon.bin
88 cp -f "${NEXMON_ROOT}"/patches/bcm43455c0/7_45_154/nexmon/brcmfmac43455-sdio.bin "${WLAN_FIRMWARE_DIR}"/brcmfmac43455-sdio.bin
89 fi
90
91 #Revert to previous directory
92 cd "${WORKDIR}" || exit
93
94 # Remove nexmon sources
95 rm -fr "${NEXMON_ROOT}"
96
97 fi
@@ -0,0 +1,45
1 #!/bin/sh
2
3 PREREQ="dropbear"
4
5 prereqs() {
6 echo "$PREREQ"
7 }
8
9 case "$1" in
10 prereqs)
11 prereqs
12 exit 0
13 ;;
14 esac
15
16 . "${CONFDIR}/initramfs.conf"
17 . /usr/share/initramfs-tools/hook-functions
18
19 if [ "${DROPBEAR}" != "n" ] && [ -r "/etc/crypttab" ] ; then
20 cat > "${DESTDIR}/bin/unlock" << EOF
21 #!/bin/sh
22 if PATH=/lib/unlock:/bin:/sbin /scripts/local-top/cryptroot; then
23 kill \`ps | grep cryptroot | grep -v "grep" | awk '{print \$1}'\`
24 # following line kill the remote shell right after the passphrase has
25 # been entered.
26 kill -9 \`ps | grep "\-sh" | grep -v "grep" | awk '{print \$1}'\`
27 exit 0
28 fi
29 exit 1
30 EOF
31
32 chmod 755 "${DESTDIR}/bin/unlock"
33
34 mkdir -p "${DESTDIR}/lib/unlock"
35 cat > "${DESTDIR}/lib/unlock/plymouth" << EOF
36 #!/bin/sh
37 [ "\$1" == "--ping" ] && exit 1
38 /bin/plymouth "\$@"
39 EOF
40
41 chmod 755 "${DESTDIR}/lib/unlock/plymouth"
42
43 echo To unlock root-partition run "unlock" >> ${DESTDIR}/etc/motd
44
45 fi No newline at end of file
@@ -1,500 +1,544
1 1 # rpi23-gen-image
2 2 ## Introduction
3 3 `rpi23-gen-image.sh` is an advanced Debian Linux bootstrapping shell script for generating Debian OS images for all Raspberry Pi computers. The script at this time supports the bootstrapping of the Debian (armhf/armel) releases `stretch` and `buster`. Raspberry Pi 0/1/2/3 images are generated for 32-bit mode only. Raspberry Pi 3 supports 64-bit images that can be generated using custom configuration parameters (```templates/rpi3-stretch-arm64-4.14.y```).
4 4
5 5 ## Build dependencies
6 6 The following list of Debian packages must be installed on the build system because they are essentially required for the bootstrapping process. The script will check if all required packages are installed and missing packages will be installed automatically if confirmed by the user.
7 7
8 8 ```debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git bc psmisc dbus sudo```
9 9
10 10 It is recommended to configure the `rpi23-gen-image.sh` script to build and install the latest Raspberry Pi Linux kernel. For the Raspberry 3 this is mandatory. Kernel compilation and linking will be performed on the build system using an ARM (armhf/armel) cross-compiler toolchain.
11 11
12 12 The script has been tested using the default `crossbuild-essential-armhf` and `crossbuild-essential-armel` toolchain meta packages on Debian Linux `stretch` build systems. Please check the [Debian CrossToolchains Wiki](https://wiki.debian.org/CrossToolchains) for further information.
13 13
14 14 ## Command-line parameters
15 15 The script accepts certain command-line parameters to enable or disable specific OS features, services and configuration settings. These parameters are passed to the `rpi23-gen-image.sh` script via (simple) shell-variables. Unlike environment shell-variables (simple) shell-variables are defined at the beginning of the command-line call of the `rpi23-gen-image.sh` script.
16 16
17 17 ##### Command-line examples:
18 18 ```shell
19 19 ENABLE_UBOOT=true ./rpi23-gen-image.sh
20 20 ENABLE_CONSOLE=false ENABLE_IPV6=false ./rpi23-gen-image.sh
21 21 ENABLE_WM=xfce4 ENABLE_FBTURBO=true ENABLE_MINBASE=true ./rpi23-gen-image.sh
22 22 ENABLE_HARDNET=true ENABLE_IPTABLES=true /rpi23-gen-image.sh
23 23 APT_SERVER=ftp.de.debian.org APT_PROXY="http://127.0.0.1:3142/" ./rpi23-gen-image.sh
24 24 ENABLE_MINBASE=true ./rpi23-gen-image.sh
25 25 BUILD_KERNEL=true ENABLE_MINBASE=true ENABLE_IPV6=false ./rpi23-gen-image.sh
26 26 BUILD_KERNEL=true KERNELSRC_DIR=/tmp/linux ./rpi23-gen-image.sh
27 27 ENABLE_MINBASE=true ENABLE_REDUCE=true ENABLE_MINGPU=true BUILD_KERNEL=true ./rpi23-gen-image.sh
28 28 ENABLE_CRYPTFS=true CRYPTFS_PASSWORD=changeme EXPANDROOT=false ENABLE_MINBASE=true ENABLE_REDUCE=true ENABLE_MINGPU=true BUILD_KERNEL=true ./rpi23-gen-image.sh
29 29 RELEASE=stretch BUILD_KERNEL=true ./rpi23-gen-image.sh
30 30 RPI_MODEL=3 ENABLE_WIRELESS=true ENABLE_MINBASE=true BUILD_KERNEL=true ./rpi23-gen-image.sh
31 31 RELEASE=stretch RPI_MODEL=3 ENABLE_WIRELESS=true ENABLE_MINBASE=true BUILD_KERNEL=true ./rpi23-gen-image.sh
32 32 ```
33 33
34 34 ## Configuration template files
35 35 To avoid long lists of command-line parameters and to help to store the favourite parameter configurations the `rpi23-gen-image.sh` script supports so called configuration template files (`CONFIG_TEMPLATE`=template). These are simple text files located in the `./templates` directory that contain the list of configuration parameters that will be used. New configuration template files can be added to the `./templates` directory.
36 36
37 37 ##### Command-line examples:
38 38 ```shell
39 39 CONFIG_TEMPLATE=rpi3stretch ./rpi23-gen-image.sh
40 40 CONFIG_TEMPLATE=rpi2stretch ./rpi23-gen-image.sh
41 41 ```
42 42
43 43 ## Supported parameters and settings
44 44 #### APT settings:
45 45 ##### `APT_SERVER`="ftp.debian.org"
46 46 Set Debian packages server address. Choose a server from the list of Debian worldwide [mirror sites](https://www.debian.org/mirror/list). Using a nearby server will probably speed-up all required downloads within the bootstrapping process.
47 47
48 48 ##### `APT_PROXY`=""
49 49 Set Proxy server address. Using a local Proxy-Cache like `apt-cacher-ng` will speed-up the bootstrapping process because all required Debian packages will only be downloaded from the Debian mirror site once. If `apt-cacher-ng` is running on default `http://127.0.0.1:3142` it is autodetected and you don't need to set this.
50 50
51 ##### `KEEP_APT_PROXY`=false
52 Keep the APT_PROXY settings used in the bootsrapping process in the generated image.
53
51 54 ##### `APT_INCLUDES`=""
52 55 A comma-separated list of additional packages to be installed by debootstrap during bootstrapping.
53 56
54 57 ##### `APT_INCLUDES_LATE`=""
55 58 A comma-separated list of additional packages to be installed by apt after bootstrapping and after APT sources are set up. This is useful for packages with pre-depends, which debootstrap do not handle well.
56 59
57 60 ---
58 61
59 62 #### General system settings:
60 63 ##### `SET_ARCH`=32
61 64 Set Architecture to default 32bit. If you want to compile 64-bit (RPI3 or RPI3+) set it to `64`. This option will set every needed cross-compiler or board specific option for a successful build.
62 65
63 66 ##### `RPI_MODEL`=2
64 67 Specify the target Raspberry Pi hardware model. The script at this time supports the following Raspberry Pi models:
65 68 - `0` = Raspberry Pi 0 and Raspberry Pi 0 W
66 69 - `1` = Raspberry Pi 1 model A and B
67 70 - `1P` = Raspberry Pi 1 model B+ and A+
68 71 - `2` = Raspberry Pi 2 model B
69 72 - `3` = Raspberry Pi 3 model B
70 73 - `3P` = Raspberry Pi 3 model B+
71 74
72 75 ##### `RELEASE`="buster"
73 76 Set the desired Debian release name. The script at this time supports the bootstrapping of the Debian releases `stretch` and `buster`.
74 77
75 78 ##### `RELEASE_ARCH`="armhf"
76 79 Set the desired Debian release architecture.
77 80
78 81 ##### `HOSTNAME`="rpi$RPI_MODEL-$RELEASE"
79 82 Set system hostname. It's recommended that the hostname is unique in the corresponding subnet.
80 83
81 84 ##### `PASSWORD`="raspberry"
82 85 Set system `root` password. It's **STRONGLY** recommended that you choose a custom password.
83 86
84 87 ##### `USER_PASSWORD`="raspberry"
85 88 Set password for the created non-root user `USER_NAME`=pi. Ignored if `ENABLE_USER`=false. It's **STRONGLY** recommended that you choose a custom password.
86 89
87 90 ##### `DEFLOCAL`="en_US.UTF-8"
88 91 Set default system locale. This setting can also be changed inside the running OS using the `dpkg-reconfigure locales` command. Please note that on using this parameter the script will automatically install the required packages `locales`, `keyboard-configuration` and `console-setup`.
89 92
90 93 ##### `TIMEZONE`="Europe/Berlin"
91 94 Set default system timezone. All available timezones can be found in the `/usr/share/zoneinfo/` directory. This setting can also be changed inside the running OS using the `dpkg-reconfigure tzdata` command.
92 95
93 96 ##### `EXPANDROOT`=true
94 97 Expand the root partition and filesystem automatically on first boot.
95 98
96 99 ##### `ENABLE_QEMU`=false
97 100 Generate kernel (`vexpress_defconfig`), file system image (`qcow2`) and DTB files that can be used for QEMU full system emulation (`vexpress-A15`). The output files are stored in the `$(pwd)/images/qemu` directory. You can find more information about running the generated image in the QEMU section of this readme file.
98 101
99 102 ---
100 103
101 104 #### Keyboard settings:
102 105 These options are used to configure keyboard layout in `/etc/default/keyboard` for console and Xorg. These settings can also be changed inside the running OS using the `dpkg-reconfigure keyboard-configuration` command.
103 106
104 107 ##### `XKB_MODEL`=""
105 108 Set the name of the model of your keyboard type.
106 109
107 110 ##### `XKB_LAYOUT`=""
108 111 Set the supported keyboard layout(s).
109 112
110 113 ##### `XKB_VARIANT`=""
111 114 Set the supported variant(s) of the keyboard layout(s).
112 115
113 116 ##### `XKB_OPTIONS`=""
114 117 Set extra xkb configuration options.
115 118
116 119 ---
117 120
118 121 #### Networking settings (DHCP):
119 122 This parameter is used to set up networking auto-configuration in `/etc/systemd/network/eth.network`. The default location of network configuration files in the Debian `stretch` release was changed to `/lib/systemd/network`.`
120 123
121 124 ##### `ENABLE_DHCP`=true
122 125 Set the system to use DHCP. This requires an DHCP server.
123 126
124 127 ---
125 128
126 129 #### Networking settings (static):
127 130 These parameters are used to set up a static networking configuration in `/etc/systemd/network/eth.network`. The following static networking parameters are only supported if `ENABLE_DHCP` was set to `false`. The default location of network configuration files in the Debian `stretch` release was changed to `/lib/systemd/network`.
128 131
129 132 ##### `NET_ADDRESS`=""
130 133 Set a static IPv4 or IPv6 address and its prefix, separated by "/", eg. "192.169.0.3/24".
131 134
132 135 ##### `NET_GATEWAY`=""
133 136 Set the IP address for the default gateway.
134 137
135 138 ##### `NET_DNS_1`=""
136 139 Set the IP address for the first DNS server.
137 140
138 141 ##### `NET_DNS_2`=""
139 142 Set the IP address for the second DNS server.
140 143
141 144 ##### `NET_DNS_DOMAINS`=""
142 145 Set the default DNS search domains to use for non fully qualified hostnames.
143 146
144 147 ##### `NET_NTP_1`=""
145 148 Set the IP address for the first NTP server.
146 149
147 150 ##### `NET_NTP_2`=""
148 151 Set the IP address for the second NTP server.
149 152
150 153 ---
151 154
152 155 #### Basic system features:
153 156 ##### `ENABLE_CONSOLE`=true
154 157 Enable serial console interface. Recommended if no monitor or keyboard is connected to the RPi2/3. In case of problems fe. if the network (auto) configuration failed - the serial console can be used to access the system. On RPI `0` `3` `3P` the CPU speed is locked at lowest speed.
155 158
156 159 ##### `ENABLE_PRINTK`=false
157 160 Enables printing kernel messages to konsole. printk is `3 4 1 3` as in raspbian.
158 161
159 162 ##### `ENABLE_BLUETOOTH`=false
160 163 Enable onboard Bluetooth interface on the RPi0/3/3P. See: [Configuring the GPIO serial port on Raspbian jessie and stretch](https://spellfoundry.com/2016/05/29/configuring-gpio-serial-port-raspbian-jessie-including-pi-3/).
161 164
162 165 ##### `ENABLE_MINIUART_OVERLAY`=false
163 166 Enable Bluetooth to use this. Adds overlay to swap UART0 with UART1. Enabling (slower) Bluetooth and full speed serial console. - RPI `0` `3` `3P` have a fast `hardware UART0` (ttyAMA0) and a `mini UART1` (ttyS0)! RPI `1` `1P` `2` only have a `hardware UART0`. `UART0` is considered better, because is faster and more stable than `mini UART1`. By default the Bluetooth modem is mapped to the `hardware UART0` and `mini UART` is used for console. The `mini UART` is a problem for the serial console, because its baudrate depends on the CPU frequency, which is changing on runtime. Resulting in a volatile baudrate and thus in an unusable serial console.
164 167
165 168 ##### `ENABLE_TURBO`=false
166 169 Enable Turbo mode. This setting locks cpu at the highest frequency. As setting ENABLE_CONSOLE=true locks RPI to lowest CPU speed, this is can be used additionally to lock cpu hat max speed. Need a good power supply and probably cooling for the Raspberry PI.
167 170
168 171 ##### `ENABLE_I2C`=false
169 172 Enable I2C interface on the RPi 0/1/2/3. Please check the [RPi 0/1/2/3 pinout diagrams](https://elinux.org/RPi_Low-level_peripherals) to connect the right GPIO pins.
170 173
171 174 ##### `ENABLE_SPI`=false
172 175 Enable SPI interface on the RPi 0/1/2/3. Please check the [RPi 0/1/2/3 pinout diagrams](https://elinux.org/RPi_Low-level_peripherals) to connect the right GPIO pins.
173 176
174 177 ##### `ENABLE_IPV6`=true
175 178 Enable IPv6 support. The network interface configuration is managed via systemd-networkd.
176 179
177 180 ##### `ENABLE_SSHD`=true
178 181 Install and enable OpenSSH service. The default configuration of the service doesn't allow `root` to login. Please use the user `pi` instead and `su -` or `sudo` to execute commands as root.
179 182
180 183 ##### `ENABLE_NONFREE`=false
181 184 Allow the installation of non-free Debian packages that do not comply with the DFSG. This is required to install closed-source firmware binary blobs.
182 185
183 186 ##### `ENABLE_WIRELESS`=false
184 187 Download and install the [closed-source firmware binary blob](https://github.com/RPi-Distro/firmware-nonfree/raw/master/brcm) that is required to run the internal wireless interface of the Raspberry Pi model `3`. This parameter is ignored if the specified `RPI_MODEL` is not `3`.
185 188
186 189 ##### `ENABLE_RSYSLOG`=true
187 190 If set to false, disable and uninstall rsyslog (so logs will be available only in journal files)
188 191
189 192 ##### `ENABLE_SOUND`=true
190 193 Enable sound hardware and install Advanced Linux Sound Architecture.
191 194
192 195 ##### `ENABLE_HWRANDOM`=true
193 196 Enable Hardware Random Number Generator. Strong random numbers are important for most network-based communications that use encryption. It's recommended to be enabled.
194 197
195 198 ##### `ENABLE_MINGPU`=false
196 199 Minimize the amount of shared memory reserved for the GPU. It doesn't seem to be possible to fully disable the GPU.
197 200
198 201 ##### `ENABLE_DBUS`=true
199 202 Install and enable D-Bus message bus. Please note that systemd should work without D-bus but it's recommended to be enabled.
200 203
201 204 ##### `ENABLE_XORG`=false
202 205 Install Xorg open-source X Window System.
203 206
204 207 ##### `ENABLE_WM`=""
205 208 Install a user-defined window manager for the X Window System. To make sure all X related package dependencies are getting installed `ENABLE_XORG` will automatically get enabled if `ENABLE_WM` is used. The `rpi23-gen-image.sh` script has been tested with the following list of window managers: `blackbox`, `openbox`, `fluxbox`, `jwm`, `dwm`, `xfce4`, `awesome`.
206 209
207 210 ##### `ENABLE_SYSVINIT`=false
208 211 Support for halt,init,poweroff,reboot,runlevel,shutdown,telinit commands
209 212
210 213 ---
211 214
212 215 #### Advanced system features:
216 ##### `ENABLE_SYSTEMDSWAP`=false
217 Enables [Systemd-swap service](https://github.com/Nefelim4ag/systemd-swap). Usefull if `KERNEL_ZSWAP` is enabled.
218
213 219 ##### `ENABLE_MINBASE`=false
214 220 Use debootstrap script variant `minbase` which only includes essential packages and apt. This will reduce the disk usage by about 65 MB.
215 221
216 222 ##### `ENABLE_REDUCE`=false
217 223 Reduce the disk space usage by deleting packages and files. See `REDUCE_*` parameters for detailed information.
218 224
219 225 ##### `ENABLE_UBOOT`=false
220 226 Replace the default RPi 0/1/2/3 second stage bootloader (bootcode.bin) with [U-Boot bootloader](https://git.denx.de/?p=u-boot.git;a=summary). U-Boot can boot images via the network using the BOOTP/TFTP protocol.
221 227
222 228 ##### `UBOOTSRC_DIR`=""
223 229 Path to a directory (`u-boot`) of [U-Boot bootloader sources](https://git.denx.de/?p=u-boot.git;a=summary) that will be copied, configured, build and installed inside the chroot.
224 230
225 231 ##### `ENABLE_FBTURBO`=false
226 232 Install and enable the [hardware accelerated Xorg video driver](https://github.com/ssvb/xf86-video-fbturbo) `fbturbo`. Please note that this driver is currently limited to hardware accelerated window moving and scrolling.
227 233
228 234 ##### `FBTURBOSRC_DIR`=""
229 235 Path to a directory (`xf86-video-fbturbo`) of [hardware accelerated Xorg video driver sources](https://github.com/ssvb/xf86-video-fbturbo) that will be copied, configured, build and installed inside the chroot.
230 236
231 237 ##### `ENABLE_VIDEOCORE`=false
232 238 Install and enable the [ARM side libraries for interfacing to Raspberry Pi GPU](https://github.com/raspberrypi/userland) `vcgencmd`. Please note that this driver is currently limited to hardware accelerated window moving and scrolling.
233 239
234 240 ##### `VIDEOCORESRC_DIR`=""
235 241 Path to a directory (`userland`) of [ARM side libraries for interfacing to Raspberry Pi GPU](https://github.com/raspberrypi/userland) that will be copied, configured, build and installed inside the chroot.
236 242
243 ##### `ENABLE_NEXMON`=false
244 Install and enable the [Source code for a C-based firmware patching framework for Broadcom/Cypress WiFi chips that enables you to write your own firmware patches, for example, to enable monitor mode with radiotap headers and frame injection](https://github.com/seemoo-lab/nexmon.git).
245
246 ##### `NEXMONSRC_DIR`=""
247 Path to a directory (`nexmon`) of [Source code for ARM side libraries for interfacing to Raspberry Pi GPU](https://github.com/raspberrypi/userland) that will be copied, configured, build and installed inside the chroot.
248
237 249 ##### `ENABLE_IPTABLES`=false
238 250 Enable iptables IPv4/IPv6 firewall. Simplified ruleset: Allow all outgoing connections. Block all incoming connections except to OpenSSH service.
239 251
240 252 ##### `ENABLE_USER`=true
241 253 Create non-root user with password `USER_PASSWORD`=raspberry. Unless overridden with `USER_NAME`=user, the username will be `pi`.
242 254
243 255 ##### `USER_NAME`=pi
244 256 Non-root user to create. Ignored if `ENABLE_USER`=false
245 257
246 258 ##### `ENABLE_ROOT`=false
247 259 Set root user password so root login will be enabled
248 260
249 261 ##### `ENABLE_HARDNET`=false
250 262 Enable IPv4/IPv6 network stack hardening settings.
251 263
252 264 ##### `ENABLE_SPLITFS`=false
253 265 Enable having root partition on an USB drive by creating two image files: one for the `/boot/firmware` mount point, and another for `/`.
254 266
255 267 ##### `CHROOT_SCRIPTS`=""
256 268 Path to a directory with scripts that should be run in the chroot before the image is finally built. Every executable file in this directory is run in lexicographical order.
257 269
258 270 ##### `ENABLE_INITRAMFS`=false
259 271 Create an initramfs that that will be loaded during the Linux startup process. `ENABLE_INITRAMFS` will automatically get enabled if `ENABLE_CRYPTFS`=true. This parameter will be ignored if `BUILD_KERNEL`=false.
260 272
261 273 ##### `ENABLE_IFNAMES`=true
262 274 Enable automatic assignment of predictable, stable network interface names for all local Ethernet, WLAN interfaces. This might create complex and long interface names.
263 275
276 ##### `ENABLE_SPLASH`=true
277 Enable default Raspberry Pi boot up rainbow splash screen.
278
279 ##### `ENABLE_LOGO`=true
280 Enable default Raspberry Pi console logo (image of four raspberries in the top left corner).
281
282 ##### `ENABLE_SILENT_BOOT`=false
283 Set the verbosity of console messages shown during boot up to a strict minimum.
284
264 285 ##### `DISABLE_UNDERVOLT_WARNINGS`=
265 286 Disable RPi2/3 under-voltage warnings and overlays. Setting the parameter to `1` will disable the warning overlay. Setting it to `2` will additionally allow RPi2/3 turbo mode when low-voltage is present.
266 287
267 288 ---
268 289
269 290 #### SSH settings:
270 291 ##### `SSH_ENABLE_ROOT`=false
271 292 Enable password-based root login via SSH. This may be a security risk with the default password set, use only in trusted environments. `ENABLE_ROOT` must be set to `true`.
272 293
273 294 ##### `SSH_DISABLE_PASSWORD_AUTH`=false
274 295 Disable password-based SSH authentication. Only public key based SSH (v2) authentication will be supported.
275 296
276 297 ##### `SSH_LIMIT_USERS`=false
277 298 Limit the users that are allowed to login via SSH. Only allow user `USER_NAME`=pi and root if `SSH_ENABLE_ROOT`=true to login. This parameter will be ignored if `dropbear` SSH is used (`REDUCE_SSHD`=true).
278 299
279 300 ##### `SSH_ROOT_PUB_KEY`=""
280 301 Add SSH (v2) public key(s) from specified file to `authorized_keys` file to enable public key based SSH (v2) authentication of user `root`. The specified file can also contain multiple SSH (v2) public keys. SSH protocol version 1 is not supported. `ENABLE_ROOT` **and** `SSH_ENABLE_ROOT` must be set to `true`.
281 302
282 303 ##### `SSH_USER_PUB_KEY`=""
283 304 Add SSH (v2) public key(s) from specified file to `authorized_keys` file to enable public key based SSH (v2) authentication of user `USER_NAME`=pi. The specified file can also contain multiple SSH (v2) public keys. SSH protocol version 1 is not supported.
284 305
285 306 ---
286 307
287 308 #### Kernel compilation:
288 309 ##### `BUILD_KERNEL`=true
289 310 Build and install the latest RPi 0/1/2/3 Linux kernel. Currently only the default RPi 0/1/2/3 kernel configuration is used.
290 311
291 312 ##### `CROSS_COMPILE`="arm-linux-gnueabihf-"
292 313 This sets the cross-compile environment for the compiler.
293 314
294 315 ##### `KERNEL_ARCH`="arm"
295 316 This sets the kernel architecture for the compiler.
296 317
297 318 ##### `KERNEL_IMAGE`="kernel7.img"
298 319 Name of the image file in the boot partition. If not set, `KERNEL_IMAGE` will be set to "kernel8.img" automatically if building for arm64.
299 320
300 321 ##### `KERNEL_BRANCH`=""
301 322 Name of the requested branch from the GIT location for the RPi Kernel. Default is using the current default branch from the GIT site.
302 323
303 324 ##### `QEMU_BINARY`="/usr/bin/qemu-arm-static"
304 325 Sets the QEMU enviornment for the Debian archive. If not set, `QEMU_BINARY` will be set to "/usr/bin/qemu-aarch64-static" automatically if building for arm64.
305 326
306 327 ##### `KERNEL_DEFCONFIG`="bcm2709_defconfig"
307 328 Sets the default config for kernel compiling. If not set, `KERNEL_DEFCONFIG` will be set to "bcmrpi3\_defconfig" automatically if building for arm64.
308 329
309 330 ##### `KERNEL_REDUCE`=false
310 331 Reduce the size of the generated kernel by removing unwanted devices, network and filesystem drivers (experimental).
311 332
312 333 ##### `KERNEL_THREADS`=1
313 334 Number of parallel kernel building threads. If the parameter is left untouched the script will automatically determine the number of CPU cores to set the number of parallel threads to speed the kernel compilation.
314 335
315 336 ##### `KERNEL_HEADERS`=true
316 337 Install kernel headers with the built kernel.
317 338
318 339 ##### `KERNEL_MENUCONFIG`=false
319 340 Start `make menuconfig` interactive menu-driven kernel configuration. The script will continue after `make menuconfig` was terminated.
320 341
321 342 ##### `KERNEL_OLDDEFCONFIG`=false
322 343 Run `make olddefconfig` to automatically set all new kernel configuration options to their recommended default values.
323 344
324 345 ##### `KERNEL_CCACHE`=false
325 346 Compile the kernel using ccache. This speeds up kernel recompilation by caching previous compilations and detecting when the same compilation is being done again.
326 347
327 348 ##### `KERNEL_REMOVESRC`=true
328 349 Remove all kernel sources from the generated OS image after it was built and installed.
329 350
330 351 ##### `KERNELSRC_DIR`=""
331 352 Path to a directory (`linux`) of [RaspberryPi Linux kernel sources](https://github.com/raspberrypi/linux) that will be copied, configured, build and installed inside the chroot.
332 353
333 354 ##### `KERNELSRC_CLEAN`=false
334 355 Clean the existing kernel sources directory `KERNELSRC_DIR` (using `make mrproper`) after it was copied to the chroot and before the compilation of the kernel has started. This parameter will be ignored if no `KERNELSRC_DIR` was specified or if `KERNELSRC_PREBUILT`=true.
335 356
336 357 ##### `KERNELSRC_CONFIG`=true
337 358 Run `make bcm2709_defconfig` (and optional `make menuconfig`) to configure the kernel sources before building. This parameter is automatically set to `true` if no existing kernel sources directory was specified using `KERNELSRC_DIR`. This parameter is ignored if `KERNELSRC_PREBUILT`=true.
338 359
339 360 ##### `KERNELSRC_USRCONFIG`=""
340 361 Copy own config file to kernel `.config`. If `KERNEL_MENUCONFIG`=true then running after copy.
341 362
342 363 ##### `KERNELSRC_PREBUILT`=false
343 364 With this parameter set to true the script expects the existing kernel sources directory to be already successfully cross-compiled. The parameters `KERNELSRC_CLEAN`, `KERNELSRC_CONFIG`, `KERNELSRC_USRCONFIG` and `KERNEL_MENUCONFIG` are ignored and no kernel compilation tasks are performed.
344 365
345 366 ##### `RPI_FIRMWARE_DIR`=""
346 367 The directory (`firmware`) containing a local copy of the firmware from the [RaspberryPi firmware project](https://github.com/raspberrypi/firmware). Default is to download the latest firmware directly from the project.
347 368
369 ##### `KERNEL_DEFAULT_GOV`="ONDEMAND"
370 Set the default cpu governor at kernel compilation. Supported values are: PERFORMANCE POWERSAVE USERSPACE ONDEMAND CONSERVATIVE SCHEDUTIL
371
372 ##### `KERNEL_NF`=false
373 Enable Netfilter modules as kernel modules
374
375 ##### `KERNEL_VIRT`=false
376 Enable Kernel KVM support (/dev/kvm)
377
378 ##### `KERNEL_ZSWAP`=false
379 Enable Kernel Zswap support. Best use on high RAM load and mediocre CPU load usecases
380
381 ##### `KERNEL_BPF`=true
382 Allow attaching eBPF programs to a cgroup using the bpf syscall (CONFIG_BPF_SYSCALL CONFIG_CGROUP_BPF) [systemd compilations about it - File /lib/systemd/system/systemd-journald.server:36 configures an IP firewall (IPAddressDeny=all), but the local system does not support BPF/cgroup based firewalls]
383
384 ##### `KERNEL_SECURITY`=false
385 Enables Apparmor, integrity subsystem, auditing
348 386 ---
349 387
350 388 #### Reduce disk usage:
351 389 The following list of parameters is ignored if `ENABLE_REDUCE`=false.
352 390
353 391 ##### `REDUCE_APT`=true
354 392 Configure APT to use compressed package repository lists and no package caching files.
355 393
356 394 ##### `REDUCE_DOC`=true
357 395 Remove all doc files (harsh). Configure APT to not include doc files on future `apt-get` package installations.
358 396
359 397 ##### `REDUCE_MAN`=true
360 398 Remove all man pages and info files (harsh). Configure APT to not include man pages on future `apt-get` package installations.
361 399
362 400 ##### `REDUCE_VIM`=false
363 401 Replace `vim-tiny` package by `levee` a tiny vim clone.
364 402
365 403 ##### `REDUCE_BASH`=false
366 404 Remove `bash` package and switch to `dash` shell (experimental).
367 405
368 406 ##### `REDUCE_HWDB`=true
369 407 Remove PCI related hwdb files (experimental).
370 408
371 409 ##### `REDUCE_SSHD`=true
372 410 Replace `openssh-server` with `dropbear`.
373 411
374 412 ##### `REDUCE_LOCALE`=true
375 413 Remove all `locale` translation files.
376 414
377 415 ---
378 416
379 417 #### Encrypted root partition:
380 418 ##### `ENABLE_CRYPTFS`=false
381 419 Enable full system encryption with dm-crypt. Setup a fully LUKS encrypted root partition (aes-xts-plain64:sha512) and generate required initramfs. The /boot directory will not be encrypted. This parameter will be ignored if `BUILD_KERNEL`=false. `ENABLE_CRYPTFS` is experimental. SSH-to-initramfs is currently not supported but will be soon - feel free to help.
382 420
383 421 ##### `CRYPTFS_PASSWORD`=""
384 422 Set password of the encrypted root partition. This parameter is mandatory if `ENABLE_CRYPTFS`=true.
385 423
386 424 ##### `CRYPTFS_MAPPING`="secure"
387 425 Set name of dm-crypt managed device-mapper mapping.
388 426
389 427 ##### `CRYPTFS_CIPHER`="aes-xts-plain64:sha512"
390 428 Set cipher specification string. `aes-xts*` ciphers are strongly recommended.
391 429
392 430 ##### `CRYPTFS_XTSKEYSIZE`=512
393 431 Sets key size in bits. The argument has to be a multiple of 8.
394 432
433 ##### `CRYPTFS_DROPBEAR`=false
434 Enable Dropbear Initramfs support
435
436 ##### `CRYPTFS_DROPBEAR_PUBKEY`=""
437 Provide path to dropbear Public RSA-OpenSSH Key
438
395 439 ---
396 440
397 441 #### Build settings:
398 442 ##### `BASEDIR`=$(pwd)/images/${RELEASE}
399 443 Set a path to a working directory used by the script to generate an image.
400 444
401 445 ##### `IMAGE_NAME`=${BASEDIR}/${DATE}-${KERNEL_ARCH}-${KERNEL_BRANCH}-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}
402 446 Set a filename for the output file(s). Note: the script will create $IMAGE_NAME.img if `ENABLE_SPLITFS`=false or $IMAGE_NAME-frmw.img and $IMAGE_NAME-root.img if `ENABLE_SPLITFS`=true. Note 2: If the KERNEL_BRANCH is not set, the word "CURRENT" is used.
403 447
404 448 ## Understanding the script
405 449 The functions of this script that are required for the different stages of the bootstrapping are split up into single files located inside the `bootstrap.d` directory. During the bootstrapping every script in this directory gets executed in lexicographical order:
406 450
407 451 | Script | Description |
408 452 | --- | --- |
409 453 | `10-bootstrap.sh` | Debootstrap basic system |
410 454 | `11-apt.sh` | Setup APT repositories |
411 455 | `12-locale.sh` | Setup Locales and keyboard settings |
412 456 | `13-kernel.sh` | Build and install RPi 0/1/2/3 Kernel |
413 457 | `14-fstab.sh` | Setup fstab and initramfs |
414 458 | `15-rpi-config.sh` | Setup RPi 0/1/2/3 config and cmdline |
415 459 | `20-networking.sh` | Setup Networking |
416 460 | `21-firewall.sh` | Setup Firewall |
417 461 | `30-security.sh` | Setup Users and Security settings |
418 462 | `31-logging.sh` | Setup Logging |
419 463 | `32-sshd.sh` | Setup SSH and public keys |
420 464 | `41-uboot.sh` | Build and Setup U-Boot |
421 465 | `42-fbturbo.sh` | Build and Setup fbturbo Xorg driver |
422 466 | `43-videocore.sh` | Build and Setup videocore libraries |
423 467 | `50-firstboot.sh` | First boot actions |
424 468 | `99-reduce.sh` | Reduce the disk space usage |
425 469
426 470 All the required configuration files that will be copied to the generated OS image are located inside the `files` directory. It is not recommended to modify these configuration files manually.
427 471
428 472 | Directory | Description |
429 473 | --- | --- |
430 474 | `apt` | APT management configuration files |
431 475 | `boot` | Boot and RPi 0/1/2/3 configuration files |
432 476 | `dpkg` | Package Manager configuration |
433 477 | `etc` | Configuration files and rc scripts |
434 478 | `firstboot` | Scripts that get executed on first boot |
435 479 | `initramfs` | Initramfs scripts |
436 480 | `iptables` | Firewall configuration files |
437 481 | `locales` | Locales configuration |
438 482 | `modules` | Kernel Modules configuration |
439 483 | `mount` | Fstab configuration |
440 484 | `network` | Networking configuration files |
441 485 | `sysctl.d` | Swapping and Network Hardening configuration |
442 486 | `xorg` | fbturbo Xorg driver configuration |
443 487
444 488 ## Custom packages and scripts
445 489 Debian custom packages, i.e. those not in the debian repositories, can be installed by placing them in the `packages` directory. They are installed immediately after packages from the repositories are installed. Any dependencies listed in the custom packages will be downloaded automatically from the repositories. Do not list these custom packages in `APT_INCLUDES`.
446 490
447 491 Scripts in the custom.d directory will be executed after all other installation is complete but before the image is created.
448 492
449 493 ## Logging of the bootstrapping process
450 494 All information related to the bootstrapping process and the commands executed by the `rpi23-gen-image.sh` script can easily be saved into a logfile. The common shell command `script` can be used for this purpose:
451 495
452 496 ```shell
453 497 script -c 'APT_SERVER=ftp.de.debian.org ./rpi23-gen-image.sh' ./build.log
454 498 ```
455 499
456 500 ## Flashing the image file
457 501 After the image file was successfully created by the `rpi23-gen-image.sh` script it can be copied to the microSD card that will be used by the RPi 0/1/2/3 computer. This can be performed by using the tools `bmaptool` or `dd`. Using `bmaptool` will probably speed-up the copy process because `bmaptool` copies more wisely than `dd`.
458 502
459 503 ##### Flashing examples:
460 504 ```shell
461 505 bmaptool copy ./images/buster/2017-01-23-rpi3-buster.img /dev/mmcblk0
462 506 dd bs=4M if=./images/buster/2017-01-23-rpi3-buster.img of=/dev/mmcblk0
463 507 ```
464 508 If you have set `ENABLE_SPLITFS`, copy the `-frmw` image on the microSD card, then the `-root` one on the USB drive:
465 509 ```shell
466 510 bmaptool copy ./images/buster/2017-01-23-rpi3-buster-frmw.img /dev/mmcblk0
467 511 bmaptool copy ./images/buster/2017-01-23-rpi3-buster-root.img /dev/sdc
468 512 ```
469 513
470 514 ## QEMU emulation
471 515 Start QEMU full system emulation:
472 516 ```shell
473 517 qemu-system-arm -m 2048M -M vexpress-a15 -cpu cortex-a15 -kernel kernel7.img -no-reboot -dtb vexpress-v2p-ca15_a7.dtb -sd ${IMAGE_NAME}.qcow2 -append "root=/dev/mmcblk0p2 rw rootfstype=ext4 console=tty1"
474 518 ```
475 519
476 520 Start QEMU full system emulation and output to console:
477 521 ```shell
478 522 qemu-system-arm -m 2048M -M vexpress-a15 -cpu cortex-a15 -kernel kernel7.img -no-reboot -dtb vexpress-v2p-ca15_a7.dtb -sd ${IMAGE_NAME}.qcow2 -append "root=/dev/mmcblk0p2 rw rootfstype=ext4 console=ttyAMA0,115200 init=/bin/systemd" -serial stdio
479 523 ```
480 524
481 525 Start QEMU full system emulation with SMP and output to console:
482 526 ```shell
483 527 qemu-system-arm -m 2048M -M vexpress-a15 -cpu cortex-a15 -smp cpus=2,maxcpus=2 -kernel kernel7.img -no-reboot -dtb vexpress-v2p-ca15_a7.dtb -sd ${IMAGE_NAME}.qcow2 -append "root=/dev/mmcblk0p2 rw rootfstype=ext4 console=ttyAMA0,115200 init=/bin/systemd" -serial stdio
484 528 ```
485 529
486 530 Start QEMU full system emulation with cryptfs, initramfs and output to console:
487 531 ```shell
488 532 qemu-system-arm -m 2048M -M vexpress-a15 -cpu cortex-a15 -kernel kernel7.img -no-reboot -dtb vexpress-v2p-ca15_a7.dtb -sd ${IMAGE_NAME}.qcow2 -initrd "initramfs-${KERNEL_VERSION}" -append "root=/dev/mapper/secure cryptdevice=/dev/mmcblk0p2:secure rw rootfstype=ext4 console=ttyAMA0,115200 init=/bin/systemd" -serial stdio
489 533 ```
490 534
491 535 ## External links and references
492 536 * [Debian worldwide mirror sites](https://www.debian.org/mirror/list)
493 537 * [Debian Raspberry Pi 2 Wiki](https://wiki.debian.org/RaspberryPi2)
494 538 * [Debian CrossToolchains Wiki](https://wiki.debian.org/CrossToolchains)
495 539 * [Official Raspberry Pi Firmware on github](https://github.com/raspberrypi/firmware)
496 540 * [Official Raspberry Pi Kernel on github](https://github.com/raspberrypi/linux)
497 541 * [U-BOOT git repository](https://git.denx.de/?p=u-boot.git;a=summary)
498 542 * [Xorg DDX driver fbturbo](https://github.com/ssvb/xf86-video-fbturbo)
499 543 * [RPi3 Wireless interface firmware](https://github.com/RPi-Distro/firmware-nonfree/tree/master/brcm80211/brcm)
500 544 * [Collabora RPi2 Kernel precompiled](https://repositories.collabora.co.uk/debian/)
@@ -1,33 +1,40
1 1 #
2 2 # Setup APT repositories
3 3 #
4 4
5 5 # Load utility functions
6 6 . ./functions.sh
7 7
8 8 # Install and setup APT proxy configuration
9 9 if [ -z "$APT_PROXY" ] ; then
10 10 install_readonly files/apt/10proxy "${ETC_DIR}/apt/apt.conf.d/10proxy"
11 11 sed -i "s/\"\"/\"${APT_PROXY}\"/" "${ETC_DIR}/apt/apt.conf.d/10proxy"
12 12 fi
13 13
14 # Install APT sources.list
15 install_readonly files/apt/sources.list "${ETC_DIR}/apt/sources.list"
16
17 # Use specified APT server and release
18 sed -i "s/\/ftp.debian.org\//\/${APT_SERVER}\//" "${ETC_DIR}/apt/sources.list"
19 sed -i "s/ stretch/ ${RELEASE}/" "${ETC_DIR}/apt/sources.list"
20
14 21 # Upgrade package index and update all installed packages and changed dependencies
15 22 chroot_exec apt-get -qq -y update
16 23 chroot_exec apt-get -qq -y -u dist-upgrade
17 24
18 25 # Install additional packages
19 26 if [ "$APT_INCLUDES_LATE" ] ; then
20 27 chroot_exec apt-get -qq -y install "$(echo "$APT_INCLUDES_LATE" |tr , ' ')"
21 28 fi
22 29
23 30 # Install Debian custom packages
24 31 if [ -d packages ] ; then
25 32 for package in packages/*.deb ; do
26 33 cp "$package" "${R}"/tmp
27 34 chroot_exec dpkg --unpack /tmp/"$(basename "$package")"
28 35 done
29 36 fi
30 37
31 38 chroot_exec apt-get -qq -y -f install
32 39
33 40 chroot_exec apt-get -qq -y check
@@ -1,255 +1,602
1 1 #
2 2 # Build and Setup RPi2/3 Kernel
3 3 #
4 4
5 5 # Load utility functions
6 6 . ./functions.sh
7 7
8 # Need to use kali kernel src if nexmon is enabled
9 if [ "$ENABLE_NEXMON" = true ] ; then
10 KERNEL_URL="${KALI_KERNEL_URL}"
11 # Clear Branch and KernelSRC_DIR if using nexmon. Everyone will forget to clone kali kernel instead of nomrla kernel
12 KERNEL_BRANCH=""
13 KERNELSRC_DIR=""
14 fi
15
8 16 # Fetch and build latest raspberry kernel
9 17 if [ "$BUILD_KERNEL" = true ] ; then
10 18 # Setup source directory
11 19 mkdir -p "${KERNEL_DIR}"
12 20
13 21 # Copy existing kernel sources into chroot directory
14 22 if [ -n "$KERNELSRC_DIR" ] && [ -d "$KERNELSRC_DIR" ] ; then
15 23 # Copy kernel sources and include hidden files
16 24 cp -r "${KERNELSRC_DIR}/". "${KERNEL_DIR}"
17 25
18 26 # Clean the kernel sources
19 27 if [ "$KERNELSRC_CLEAN" = true ] && [ "$KERNELSRC_PREBUILT" = false ] ; then
20 28 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" mrproper
21 29 fi
22 30 else # KERNELSRC_DIR=""
23 31 # Create temporary directory for kernel sources
24 32 temp_dir=$(as_nobody mktemp -d)
25 33
26 34 # Fetch current RPi2/3 kernel sources
27 35 if [ -z "${KERNEL_BRANCH}" ] ; then
28 36 as_nobody -H git -C "${temp_dir}" clone --depth=1 "${KERNEL_URL}" linux
29 37 else
30 38 as_nobody -H git -C "${temp_dir}" clone --depth=1 --branch "${KERNEL_BRANCH}" "${KERNEL_URL}" linux
31 39 fi
32 40
33 41 # Copy downloaded kernel sources
34 42 cp -r "${temp_dir}/linux/"* "${KERNEL_DIR}"
35 43
36 44 # Remove temporary directory for kernel sources
37 45 rm -fr "${temp_dir}"
38 46
39 47 # Set permissions of the kernel sources
40 48 chown -R root:root "${R}/usr/src"
41 49 fi
42 50
43 51 # Calculate optimal number of kernel building threads
44 52 if [ "$KERNEL_THREADS" = "1" ] && [ -r /proc/cpuinfo ] ; then
45 53 KERNEL_THREADS=$(grep -c processor /proc/cpuinfo)
46 54 fi
47 55
48 56 # Configure and build kernel
49 57 if [ "$KERNELSRC_PREBUILT" = false ] ; then
50 58 # Remove device, network and filesystem drivers from kernel configuration
51 59 if [ "$KERNEL_REDUCE" = true ] ; then
52 60 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" "${KERNEL_DEFCONFIG}"
53 61 sed -i\
54 62 -e "s/\(^CONFIG_SND.*\=\).*/\1n/"\
55 63 -e "s/\(^CONFIG_SOUND.*\=\).*/\1n/"\
56 64 -e "s/\(^CONFIG_AC97.*\=\).*/\1n/"\
57 65 -e "s/\(^CONFIG_VIDEO_.*\=\).*/\1n/"\
58 66 -e "s/\(^CONFIG_MEDIA_TUNER.*\=\).*/\1n/"\
59 67 -e "s/\(^CONFIG_DVB.*\=\)[ym]/\1n/"\
60 68 -e "s/\(^CONFIG_REISERFS.*\=\).*/\1n/"\
61 69 -e "s/\(^CONFIG_JFS.*\=\).*/\1n/"\
62 70 -e "s/\(^CONFIG_XFS.*\=\).*/\1n/"\
63 71 -e "s/\(^CONFIG_GFS2.*\=\).*/\1n/"\
64 72 -e "s/\(^CONFIG_OCFS2.*\=\).*/\1n/"\
65 73 -e "s/\(^CONFIG_BTRFS.*\=\).*/\1n/"\
66 74 -e "s/\(^CONFIG_HFS.*\=\).*/\1n/"\
67 75 -e "s/\(^CONFIG_JFFS2.*\=\)[ym]/\1n/"\
68 76 -e "s/\(^CONFIG_UBIFS.*\=\).*/\1n/"\
69 77 -e "s/\(^CONFIG_SQUASHFS.*\=\)[ym]/\1n/"\
70 78 -e "s/\(^CONFIG_W1.*\=\)[ym]/\1n/"\
71 79 -e "s/\(^CONFIG_HAMRADIO.*\=\).*/\1n/"\
72 80 -e "s/\(^CONFIG_CAN.*\=\).*/\1n/"\
73 81 -e "s/\(^CONFIG_IRDA.*\=\).*/\1n/"\
74 82 -e "s/\(^CONFIG_BT_.*\=\).*/\1n/"\
75 83 -e "s/\(^CONFIG_WIMAX.*\=\)[ym]/\1n/"\
76 84 -e "s/\(^CONFIG_6LOWPAN.*\=\).*/\1n/"\
77 85 -e "s/\(^CONFIG_IEEE802154.*\=\).*/\1n/"\
78 86 -e "s/\(^CONFIG_NFC.*\=\).*/\1n/"\
79 87 -e "s/\(^CONFIG_FB_TFT=.*\=\).*/\1n/"\
80 88 -e "s/\(^CONFIG_TOUCHSCREEN.*\=\).*/\1n/"\
81 89 -e "s/\(^CONFIG_USB_GSPCA_.*\=\).*/\1n/"\
82 90 -e "s/\(^CONFIG_DRM.*\=\).*/\1n/"\
83 91 "${KERNEL_DIR}/.config"
84 92 fi
85 93
86 94 if [ "$KERNELSRC_CONFIG" = true ] ; then
87 95 # Load default raspberry kernel configuration
88 96 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" "${KERNEL_DEFCONFIG}"
89 97
98 #Switch to KERNELSRC_DIR so we can use set_kernel_config
99 cd "${KERNEL_DIR}" || exit
100
101 # enable ZSWAP see https://askubuntu.com/a/472227 or https://wiki.archlinux.org/index.php/zswap
102 if [ "$KERNEL_ZSWAP" = true ] ; then
103 set_kernel_config CONFIG_ZPOOL y
104 set_kernel_config CONFIG_ZSWAP y
105 set_kernel_config CONFIG_ZBUD y
106 set_kernel_config CONFIG_Z3FOLD y
107 set_kernel_config CONFIG_ZSMALLOC y
108 set_kernel_config CONFIG_PGTABLE_MAPPING y
109 set_kernel_config CONFIG_LZO_COMPRESS y
110 fi
111
112 # enable basic KVM support; see https://www.raspberrypi.org/forums/viewtopic.php?f=63&t=210546&start=25#p1300453
113 if [ "$KERNEL_VIRT" = true ] && { [ "$RPI_MODEL" = 2 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; } ; then
114 set_kernel_config CONFIG_HAVE_KVM_IRQCHIP y
115 set_kernel_config CONFIG_HAVE_KVM_ARCH_TLB_FLUSH_ALL y
116 set_kernel_config CONFIG_HAVE_KVM_CPU_RELAX_INTERCEPT y
117 set_kernel_config CONFIG_HAVE_KVM_EVENTFD y
118 set_kernel_config CONFIG_HAVE_KVM_IRQFD y
119 set_kernel_config CONFIG_HAVE_KVM_IRQ_ROUTING y
120 set_kernel_config CONFIG_HAVE_KVM_MSI y
121 set_kernel_config CONFIG_KVM y
122 set_kernel_config CONFIG_KVM_ARM_HOST y
123 set_kernel_config CONFIG_KVM_ARM_PMU y
124 set_kernel_config CONFIG_KVM_COMPAT y
125 set_kernel_config CONFIG_KVM_GENERIC_DIRTYLOG_READ_PROTECT y
126 set_kernel_config CONFIG_KVM_MMIO y
127 set_kernel_config CONFIG_KVM_VFIO y
128 set_kernel_config CONFIG_VHOST m
129 set_kernel_config CONFIG_VHOST_CROSS_ENDIAN_LEGACY y
130 set_kernel_config CONFIG_VHOST_NET m
131 set_kernel_config CONFIG_VIRTUALIZATION y
132
133 set_kernel_config CONFIG_MMU_NOTIFIER y
134
135 # erratum
136 set_kernel_config ARM64_ERRATUM_834220 y
137
138 # https://sourceforge.net/p/kvm/mailman/message/18440797/
139 set_kernel_config CONFIG_PREEMPT_NOTIFIERS y
140 fi
141
142 # enable apparmor,integrity audit,
143 if [ "$KERNEL_SECURITY" = true ] ; then
144
145 # security filesystem, security models and audit
146 set_kernel_config CONFIG_SECURITYFS y
147 set_kernel_config CONFIG_SECURITY y
148 set_kernel_config CONFIG_AUDIT y
149
150 # harden strcpy and memcpy
151 set_kernel_config CONFIG_HARDENED_USERCOPY=y
152 set_kernel_config CONFIG_HAVE_HARDENED_USERCOPY_ALLOCATOR=y
153 set_kernel_config CONFIG_FORTIFY_SOURCE=y
154
155 # integrity sub-system
156 set_kernel_config CONFIG_INTEGRITY=y
157 set_kernel_config CONFIG_INTEGRITY_ASYMMETRIC_KEYS=y
158 set_kernel_config CONFIG_INTEGRITY_AUDIT=y
159 set_kernel_config CONFIG_INTEGRITY_SIGNATURE=y
160 set_kernel_config CONFIG_INTEGRITY_TRUSTED_KEYRING=y
161
162 # This option provides support for retaining authentication tokens and access keys in the kernel.
163 set_kernel_config CONFIG_KEYS=y
164 set_kernel_config CONFIG_KEYS_COMPAT=y
165
166 # Apparmor
167 set_kernel_config CONFIG_SECURITY_APPARMOR_BOOTPARAM_VALUE 0
168 set_kernel_config CONFIG_SECURITY_APPARMOR_HASH_DEFAULT y
169 set_kernel_config CONFIG_DEFAULT_SECURITY_APPARMOR y
170 set_kernel_config CONFIG_SECURITY_APPARMOR y
171 set_kernel_config CONFIG_SECURITY_APPARMOR_HASH y
172 set_kernel_config CONFIG_DEFAULT_SECURITY "apparmor"
173
174 # restrictions on unprivileged users reading the kernel
175 set_kernel_config CONFIG_SECURITY_DMESG_RESTRICT=y
176
177 # network security hooks
178 set_kernel_config CONFIG_SECURITY_NETWORK y
179 set_kernel_config CONFIG_SECURITY_NETWORK_XFRM=y
180 set_kernel_config CONFIG_SECURITY_PATH=y
181 set_kernel_config CONFIG_SECURITY_YAMA=y
182
183 # New Options
184 if [ "$KERNEL_NF" = true ] ; then
185 set_kernel_config CONFIG_IP_NF_SECURITY m
186 set_kernel_config CONFIG_NETLABEL y
187 set_kernel_config CONFIG_IP6_NF_SECURITY m
188 fi
189 set_kernel_config CONFIG_SECURITY_SELINUX n
190 set_kernel_config CONFIG_SECURITY_SMACK n
191 set_kernel_config CONFIG_SECURITY_TOMOYO n
192 set_kernel_config CONFIG_SECURITY_APPARMOR_DEBUG n
193 set_kernel_config CONFIG_SECURITY_LOADPIN n
194 set_kernel_config CONFIG_HARDENED_USERCOPY_PAGESPAN n
195 set_kernel_config CONFIG_IMA n
196 set_kernel_config CONFIG_EVM n
197 set_kernel_config CONFIG_FANOTIFY_ACCESS_PERMISSIONS y
198 set_kernel_config CONFIG_NFSD_V4_SECURITY_LABEL y
199 set_kernel_config CONFIG_PKCS7_MESSAGE_PARSER y
200 set_kernel_config CONFIG_SYSTEM_TRUSTED_KEYRING y
201 set_kernel_config CONFIG_SYSTEM_TRUSTED_KEYS y
202 set_kernel_config CONFIG_SYSTEM_EXTRA_CERTIFICATE y
203 set_kernel_config CONFIG_SECONDARY_TRUSTED_KEYRING y
204 set_kernel_config CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY n
205 set_kernel_config CONFIG_SYSTEM_TRUSTED_KEYS m
206 set_kernel_config CONFIG_SYSTEM_EXTRA_CERTIFICATE_SIZE 4096
207
208 set_kernel_config CONFIG_ARM64_CRYPTO y
209 set_kernel_config CONFIG_CRYPTO_SHA256_ARM64 m
210 set_kernel_config CONFIG_CRYPTO_SHA512_ARM64 m
211 set_kernel_config CONFIG_CRYPTO_SHA1_ARM64_CE m
212 set_kernel_config CRYPTO_GHASH_ARM64_CE m
213 set_kernel_config CRYPTO_SHA2_ARM64_CE m
214 set_kernel_config CONFIG_CRYPTO_CRCT10DIF_ARM64_CE m
215 set_kernel_config CONFIG_CRYPTO_CRC32_ARM64_CE m
216 set_kernel_config CONFIG_CRYPTO_AES_ARM64 m
217 set_kernel_config CONFIG_CRYPTO_AES_ARM64_CE m
218 set_kernel_config CONFIG_CRYPTO_AES_ARM64_CE_CCM y
219 set_kernel_config CONFIG_CRYPTO_AES_ARM64_CE_BLK y
220 set_kernel_config CONFIG_CRYPTO_AES_ARM64_NEON_BLK m
221 set_kernel_config CONFIG_CRYPTO_CHACHA20_NEON m
222 set_kernel_config CONFIG_CRYPTO_AES_ARM64_BS m
223 set_kernel_config SYSTEM_TRUSTED_KEYS
224 fi
225
226 # Netfilter kernel support See https://github.com/raspberrypi/linux/issues/2177#issuecomment-354647406
227 if [ "$KERNEL_NF" = true ] ; then
228 set_kernel_config CONFIG_IP_NF_TARGET_SYNPROXY m
229 set_kernel_config CONFIG_NETFILTER_XT_TARGET_AUDIT m
230 set_kernel_config CONFIG_NETFILTER_XT_MATCH_CGROUP m
231 set_kernel_config CONFIG_NETFILTER_XT_MATCH_IPCOMP m
232 set_kernel_config CONFIG_NETFILTER_XT_MATCH_SOCKET m
233 set_kernel_config CONFIG_NFT_FIB_INET m
234 set_kernel_config CONFIG_NFT_FIB_IPV4 m
235 set_kernel_config CONFIG_NFT_FIB_IPV6 m
236 set_kernel_config CONFIG_NFT_FIB_NETDEV m
237 set_kernel_config CONFIG_NFT_OBJREF m
238 set_kernel_config CONFIG_NFT_RT m
239 set_kernel_config CONFIG_NFT_SET_BITMAP m
240 set_kernel_config CONFIG_NF_CONNTRACK_TIMEOUT y
241 set_kernel_config CONFIG_NF_LOG_ARP m
242 set_kernel_config CONFIG_NF_SOCKET_IPV4 m
243 set_kernel_config CONFIG_NF_SOCKET_IPV6 m
244 set_kernel_config CONFIG_BRIDGE_EBT_BROUTE m
245 set_kernel_config CONFIG_BRIDGE_EBT_T_FILTER m
246 set_kernel_config CONFIG_BRIDGE_NF_EBTABLES m
247 set_kernel_config CONFIG_IP6_NF_IPTABLES m
248 set_kernel_config CONFIG_IP6_NF_MATCH_AH m
249 set_kernel_config CONFIG_IP6_NF_MATCH_EUI64 m
250 set_kernel_config CONFIG_IP6_NF_NAT m
251 set_kernel_config CONFIG_IP6_NF_TARGET_MASQUERADE m
252 set_kernel_config CONFIG_IP6_NF_TARGET_NPT m
253 set_kernel_config CONFIG_IP_NF_SECURITY m
254 set_kernel_config CONFIG_IP_SET_BITMAP_IPMAC m
255 set_kernel_config CONFIG_IP_SET_BITMAP_PORT m
256 set_kernel_config CONFIG_IP_SET_HASH_IP m
257 set_kernel_config CONFIG_IP_SET_HASH_IPMARK m
258 set_kernel_config CONFIG_IP_SET_HASH_IPPORT m
259 set_kernel_config CONFIG_IP_SET_HASH_IPPORTIP m
260 set_kernel_config CONFIG_IP_SET_HASH_IPPORTNET m
261 set_kernel_config CONFIG_IP_SET_HASH_MAC m
262 set_kernel_config CONFIG_IP_SET_HASH_NET m
263 set_kernel_config CONFIG_IP_SET_HASH_NETIFACE m
264 set_kernel_config CONFIG_IP_SET_HASH_NETNET m
265 set_kernel_config CONFIG_IP_SET_HASH_NETPORT m
266 set_kernel_config CONFIG_IP_SET_HASH_NETPORTNET m
267 set_kernel_config CONFIG_IP_SET_LIST_SET m
268 set_kernel_config CONFIG_NETFILTER_XTABLES m
269 set_kernel_config CONFIG_NETFILTER_XTABLES m
270 set_kernel_config CONFIG_NFT_BRIDGE_META m
271 set_kernel_config CONFIG_NFT_BRIDGE_REJECT m
272 set_kernel_config CONFIG_NFT_CHAIN_NAT_IPV4 m
273 set_kernel_config CONFIG_NFT_CHAIN_NAT_IPV6 m
274 set_kernel_config CONFIG_NFT_CHAIN_ROUTE_IPV4 m
275 set_kernel_config CONFIG_NFT_CHAIN_ROUTE_IPV6 m
276 set_kernel_config CONFIG_NFT_COMPAT m
277 set_kernel_config CONFIG_NFT_COUNTER m
278 set_kernel_config CONFIG_NFT_CT m
279 set_kernel_config CONFIG_NFT_DUP_IPV4 m
280 set_kernel_config CONFIG_NFT_DUP_IPV6 m
281 set_kernel_config CONFIG_NFT_DUP_NETDEV m
282 set_kernel_config CONFIG_NFT_EXTHDR m
283 set_kernel_config CONFIG_NFT_FWD_NETDEV m
284 set_kernel_config CONFIG_NFT_HASH m
285 set_kernel_config CONFIG_NFT_LIMIT m
286 set_kernel_config CONFIG_NFT_LOG m
287 set_kernel_config CONFIG_NFT_MASQ m
288 set_kernel_config CONFIG_NFT_MASQ_IPV4 m
289 set_kernel_config CONFIG_NFT_MASQ_IPV6 m
290 set_kernel_config CONFIG_NFT_META m
291 set_kernel_config CONFIG_NFT_NAT m
292 set_kernel_config CONFIG_NFT_NUMGEN m
293 set_kernel_config CONFIG_NFT_QUEUE m
294 set_kernel_config CONFIG_NFT_QUOTA m
295 set_kernel_config CONFIG_NFT_REDIR m
296 set_kernel_config CONFIG_NFT_REDIR_IPV4 m
297 set_kernel_config CONFIG_NFT_REDIR_IPV6 m
298 set_kernel_config CONFIG_NFT_REJECT m
299 set_kernel_config CONFIG_NFT_REJECT_INET m
300 set_kernel_config CONFIG_NFT_REJECT_IPV4 m
301 set_kernel_config CONFIG_NFT_REJECT_IPV6 m
302 set_kernel_config CONFIG_NFT_SET_HASH m
303 set_kernel_config CONFIG_NFT_SET_RBTREE m
304 set_kernel_config CONFIG_NF_CONNTRACK_IPV4 m
305 set_kernel_config CONFIG_NF_CONNTRACK_IPV6 m
306 set_kernel_config CONFIG_NF_DEFRAG_IPV4 m
307 set_kernel_config CONFIG_NF_DEFRAG_IPV6 m
308 set_kernel_config CONFIG_NF_DUP_IPV4 m
309 set_kernel_config CONFIG_NF_DUP_IPV6 m
310 set_kernel_config CONFIG_NF_DUP_NETDEV m
311 set_kernel_config CONFIG_NF_LOG_BRIDGE m
312 set_kernel_config CONFIG_NF_LOG_IPV4 m
313 set_kernel_config CONFIG_NF_LOG_IPV6 m
314 set_kernel_config CONFIG_NF_NAT_IPV4 m
315 set_kernel_config CONFIG_NF_NAT_IPV6 m
316 set_kernel_config CONFIG_NF_NAT_MASQUERADE_IPV4 m
317 set_kernel_config CONFIG_NF_NAT_MASQUERADE_IPV6 m
318 set_kernel_config CONFIG_NF_NAT_PPTP m
319 set_kernel_config CONFIG_NF_NAT_PROTO_GRE m
320 set_kernel_config CONFIG_NF_NAT_REDIRECT m
321 set_kernel_config CONFIG_NF_NAT_SIP m
322 set_kernel_config CONFIG_NF_NAT_SNMP_BASIC m
323 set_kernel_config CONFIG_NF_NAT_TFTP m
324 set_kernel_config CONFIG_NF_REJECT_IPV4 m
325 set_kernel_config CONFIG_NF_REJECT_IPV6 m
326 set_kernel_config CONFIG_NF_TABLES m
327 set_kernel_config CONFIG_NF_TABLES_ARP m
328 set_kernel_config CONFIG_NF_TABLES_BRIDGE m
329 set_kernel_config CONFIG_NF_TABLES_INET m
330 set_kernel_config CONFIG_NF_TABLES_IPV4 m
331 set_kernel_config CONFIG_NF_TABLES_IPV6 m
332 set_kernel_config CONFIG_NF_TABLES_NETDEV m
333 fi
334
335 # Enables BPF syscall for systemd-journald see https://github.com/torvalds/linux/blob/master/init/Kconfig#L848 or https://groups.google.com/forum/#!topic/linux.gentoo.user/_2aSc_ztGpA
336 if [ "$KERNEL_BPF" = true ] ; then
337 set_kernel_config CONFIG_BPF_SYSCALL y
338 set_kernel_config CONFIG_BPF_EVENTS y
339 set_kernel_config CONFIG_BPF_STREAM_PARSER y
340 set_kernel_config CONFIG_CGROUP_BPF y
341 fi
342
343 # KERNEL_DEFAULT_GOV was set by user
344 if [ "$KERNEL_DEFAULT_GOV" != powersave ] && [ -n "$KERNEL_DEFAULT_GOV" ] ; then
345
346 case "$KERNEL_DEFAULT_GOV" in
347 performance)
348 set_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_PERFORMANCE y
349 ;;
350 userspace)
351 set_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_USERSPACE y
352 ;;
353 ondemand)
354 set_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_ONDEMAND y
355 ;;
356 conservative)
357 set_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_CONSERVATIVE y
358 ;;
359 shedutil)
360 set_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_SCHEDUTIL y
361 ;;
362 *)
363 echo "error: unsupported default cpu governor"
364 exit 1
365 ;;
366 esac
367
368 # unset previous default governor
369 unset_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_POWERSAVE
370 fi
371
372 #Revert to previous directory
373 cd "${WORKDIR}" || exit
374
90 375 # Set kernel configuration parameters to enable qemu emulation
91 376 if [ "$ENABLE_QEMU" = true ] ; then
92 377 echo "CONFIG_FHANDLE=y" >> "${KERNEL_DIR}"/.config
93 378 echo "CONFIG_LBDAF=y" >> "${KERNEL_DIR}"/.config
94 379
95 380 if [ "$ENABLE_CRYPTFS" = true ] ; then
96 381 {
97 382 echo "CONFIG_EMBEDDED=y"
98 383 echo "CONFIG_EXPERT=y"
99 384 echo "CONFIG_DAX=y"
100 385 echo "CONFIG_MD=y"
101 386 echo "CONFIG_BLK_DEV_MD=y"
102 387 echo "CONFIG_MD_AUTODETECT=y"
103 388 echo "CONFIG_BLK_DEV_DM=y"
104 389 echo "CONFIG_BLK_DEV_DM_BUILTIN=y"
105 390 echo "CONFIG_DM_CRYPT=y"
106 391 echo "CONFIG_CRYPTO_BLKCIPHER=y"
107 392 echo "CONFIG_CRYPTO_CBC=y"
108 393 echo "CONFIG_CRYPTO_XTS=y"
109 394 echo "CONFIG_CRYPTO_SHA512=y"
110 395 echo "CONFIG_CRYPTO_MANAGER=y"
111 396 } >> "${KERNEL_DIR}"/.config
112 397 fi
113 398 fi
114 399
115 400 # Copy custom kernel configuration file
116 401 if [ -n "$KERNELSRC_USRCONFIG" ] ; then
117 402 cp "$KERNELSRC_USRCONFIG" "${KERNEL_DIR}"/.config
118 403 fi
119 404
120 405 # Set kernel configuration parameters to their default values
121 406 if [ "$KERNEL_OLDDEFCONFIG" = true ] ; then
122 407 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" olddefconfig
123 408 fi
124 409
125 410 # Start menu-driven kernel configuration (interactive)
126 411 if [ "$KERNEL_MENUCONFIG" = true ] ; then
127 412 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" menuconfig
128 413 fi
414 # end if "$KERNELSRC_CONFIG" = true
129 415 fi
130 416
131 417 # Use ccache to cross compile the kernel
132 418 if [ "$KERNEL_CCACHE" = true ] ; then
133 419 cc="ccache ${CROSS_COMPILE}gcc"
134 420 else
135 421 cc="${CROSS_COMPILE}gcc"
136 422 fi
137 423
138 424 # Cross compile kernel and dtbs
139 425 make -C "${KERNEL_DIR}" -j"${KERNEL_THREADS}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" CC="${cc}" "${KERNEL_BIN_IMAGE}" dtbs
140 426
141 427 # Cross compile kernel modules
142 428 if grep -q "CONFIG_MODULES=y" "${KERNEL_DIR}/.config" ; then
143 429 make -C "${KERNEL_DIR}" -j"${KERNEL_THREADS}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" CC="${cc}" modules
144 430 fi
431 # end if "$KERNELSRC_PREBUILT" = false
145 432 fi
146 433
147 434 # Check if kernel compilation was successful
148 435 if [ ! -r "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/${KERNEL_BIN_IMAGE}" ] ; then
149 436 echo "error: kernel compilation failed! (kernel image not found)"
150 437 cleanup
151 438 exit 1
152 439 fi
153 440
154 441 # Install kernel modules
155 442 if [ "$ENABLE_REDUCE" = true ] ; then
156 443 if grep -q "CONFIG_MODULES=y" "${KERNEL_DIR}/.config" ; then
157 444 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_MOD_STRIP=1 INSTALL_MOD_PATH=../../.. modules_install
158 445 fi
159 446 else
160 447 if grep -q "CONFIG_MODULES=y" "${KERNEL_DIR}/.config" ; then
161 448 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_MOD_PATH=../../.. modules_install
162 449 fi
163 450
164 451 # Install kernel firmware
165 452 if grep -q "^firmware_install:" "${KERNEL_DIR}/Makefile" ; then
166 453 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_FW_PATH=../../../lib firmware_install
167 454 fi
168 455 fi
169 456
170 457 # Install kernel headers
171 458 if [ "$KERNEL_HEADERS" = true ] && [ "$KERNEL_REDUCE" = false ] ; then
172 459 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_HDR_PATH=../.. headers_install
173 460 fi
174 461
175 462 # Prepare boot (firmware) directory
176 463 mkdir "${BOOT_DIR}"
177 464
178 465 # Get kernel release version
179 466 KERNEL_VERSION=$(cat "${KERNEL_DIR}/include/config/kernel.release")
180 467
181 468 # Copy kernel configuration file to the boot directory
182 469 install_readonly "${KERNEL_DIR}/.config" "${R}/boot/config-${KERNEL_VERSION}"
183 470
184 471 # Prepare device tree directory
185 472 mkdir "${BOOT_DIR}/overlays"
186 473
187 474 # Ensure the proper .dtb is located
188 475 if [ "$KERNEL_ARCH" = "arm" ] ; then
189 476 for dtb in "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/"*.dtb ; do
190 477 if [ -f "${dtb}" ] ; then
191 478 install_readonly "${dtb}" "${BOOT_DIR}/"
192 479 fi
193 480 done
194 481 else
195 482 for dtb in "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/broadcom/"*.dtb ; do
196 483 if [ -f "${dtb}" ] ; then
197 484 install_readonly "${dtb}" "${BOOT_DIR}/"
198 485 fi
199 486 done
200 487 fi
201 488
202 489 # Copy compiled dtb device tree files
203 490 if [ -d "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays" ] ; then
204 491 for dtb in "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays/"*.dtb ; do
205 492 if [ -f "${dtb}" ] ; then
206 493 install_readonly "${dtb}" "${BOOT_DIR}/overlays/"
207 494 fi
208 495 done
209 496
210 497 if [ -f "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays/README" ] ; then
211 498 install_readonly "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays/README" "${BOOT_DIR}/overlays/README"
212 499 fi
213 500 fi
214 501
215 502 if [ "$ENABLE_UBOOT" = false ] ; then
216 503 # Convert and copy kernel image to the boot directory
217 504 "${KERNEL_DIR}/scripts/mkknlimg" "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/${KERNEL_BIN_IMAGE}" "${BOOT_DIR}/${KERNEL_IMAGE}"
218 505 else
219 506 # Copy kernel image to the boot directory
220 507 install_readonly "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/${KERNEL_BIN_IMAGE}" "${BOOT_DIR}/${KERNEL_IMAGE}"
221 508 fi
222 509
223 510 # Remove kernel sources
224 511 if [ "$KERNEL_REMOVESRC" = true ] ; then
225 512 rm -fr "${KERNEL_DIR}"
226 513 else
227 514 # Prepare compiled kernel modules
228 515 if grep -q "CONFIG_MODULES=y" "${KERNEL_DIR}/.config" ; then
229 516 if grep -q "^modules_prepare:" "${KERNEL_DIR}/Makefile" ; then
230 517 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" modules_prepare
231 518 fi
232 519
233 520 # Create symlinks for kernel modules
234 521 chroot_exec ln -sf /usr/src/linux "/lib/modules/${KERNEL_VERSION}/build"
235 522 chroot_exec ln -sf /usr/src/linux "/lib/modules/${KERNEL_VERSION}/source"
236 523 fi
237 524 fi
238 525
239 526 else # BUILD_KERNEL=false
240 # Kernel installation
241 chroot_exec apt-get -qq -y --no-install-recommends install linux-image-"${COLLABORA_KERNEL}" raspberrypi-bootloader-nokernel
527 if [ "$SET_ARCH" = 64 ] && { [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; } ; then
528
529 # Use Sakakis modified kernel if ZSWAP is active
530 if [ "$KERNEL_ZSWAP" = true ] || [ "$KERNEL_VIRT" = true ] || [ "$KERNEL_NF" = true ] || [ "$KERNEL_BPF" = true ] ; then
531 RPI3_64_KERNEL_URL="${RPI3_64_BIS_KERNEL_URL}"
532 fi
533
534 # Create temporary directory for dl
535 temp_dir=$(as_nobody mktemp -d)
536
537 # Fetch kernel dl
538 as_nobody wget -O "${temp_dir}"/kernel.tar.xz -c "$RPI3_64_KERNEL_URL"
242 539
243 # Install flash-kernel last so it doesn't try (and fail) to detect the platform in the chroot
244 chroot_exec apt-get -qq -y install flash-kernel
540 #extract download
541 tar -xJf "${temp_dir}"/kernel.tar.xz -C "${temp_dir}"
542
543 #move extracted kernel to /boot/firmware
544 mkdir "${R}/boot/firmware"
545 cp "${temp_dir}"/boot/* "${R}"/boot/firmware/
546 cp -r "${temp_dir}"/lib/* "${R}"/lib/
547
548 # Remove temporary directory for kernel sources
549 rm -fr "${temp_dir}"
550
551 # Set permissions of the kernel sources
552 chown -R root:root "${R}/boot/firmware"
553 chown -R root:root "${R}/lib/modules"
554 fi
555
556 # Install Kernel from hypriot comptabile with all Raspberry PI
557 if [ "$SET_ARCH" = 32 ] ; then
558 # Create temporary directory for dl
559 temp_dir=$(as_nobody mktemp -d)
560
561 # Fetch kernel
562 as_nobody wget -O "${temp_dir}"/kernel.deb -c "$RPI_32_KERNEL_URL"
563
564 # Copy downloaded U-Boot sources
565 mv "${temp_dir}"/kernel.deb "${R}"/tmp/kernel.deb
566
567 # Set permissions
568 chown -R root:root "${R}"/tmp/kernel.deb
569
570 # Install kernel
571 chroot_exec dpkg -i /tmp/kernel.deb
572
573 # move /boot to /boot/firmware to fit script env.
574 #mkdir "${BOOT_DIR}"
575 mkdir "${temp_dir}"/firmware
576 mv "${R}"/boot/* "${temp_dir}"/firmware/
577 mv "${temp_dir}"/firmware "${R}"/boot/
578
579 #same for kernel headers
580 if [ "$KERNEL_HEADERS" = true ] ; then
581 # Fetch kernel header
582 as_nobody wget -O "${temp_dir}"/kernel-header.deb -c "$RPI_32_KERNELHEADER_URL"
583 mv "${temp_dir}"/kernel-header.deb "${R}"/tmp/kernel-header.deb
584 chown -R root:root "${R}"/tmp/kernel-header.deb
585 # Install kernel header
586 chroot_exec dpkg -i /tmp/kernel-header.deb
587 rm -f "${R}"/tmp/kernel-header.deb
588 fi
589
590 # Remove temporary directory and files
591 rm -fr "${temp_dir}"
592 rm -f "${R}"/tmp/kernel.deb
593 fi
245 594
246 595 # Check if kernel installation was successful
247 VMLINUZ="$(ls -1 "${R}"/boot/vmlinuz-* | sort | tail -n 1)"
248 if [ -z "$VMLINUZ" ] ; then
249 echo "error: kernel installation failed! (/boot/vmlinuz-* not found)"
596 KERNEL="$(ls -1 "${R}"/boot/firmware/kernel* | sort | tail -n 1)"
597 if [ -z "$KERNEL" ] ; then
598 echo "error: kernel installation failed! (/boot/kernel* not found)"
250 599 cleanup
251 600 exit 1
252 601 fi
253 # Copy vmlinuz kernel to the boot directory
254 install_readonly "${VMLINUZ}" "${BOOT_DIR}/${KERNEL_IMAGE}"
255 602 fi
@@ -1,59 +1,99
1 1 #
2 2 # Setup fstab and initramfs
3 3 #
4 4
5 5 # Load utility functions
6 6 . ./functions.sh
7 7
8 8 # Install and setup fstab
9 9 install_readonly files/mount/fstab "${ETC_DIR}/fstab"
10 10
11 if [ "$ENABLE_UBOOTUSB" = true ] ; then
12 sed -i "s/mmcblk0p1/sda1/" "${ETC_DIR}/fstab"
13 sed -i "s/mmcblk0p2/sda2/" "${ETC_DIR}/fstab"
14 fi
15
11 16 # Add usb/sda disk root partition to fstab
12 17 if [ "$ENABLE_SPLITFS" = true ] && [ "$ENABLE_CRYPTFS" = false ] ; then
13 18 sed -i "s/mmcblk0p2/sda1/" "${ETC_DIR}/fstab"
14 19 fi
15 20
16 21 # Add encrypted root partition to fstab and crypttab
17 22 if [ "$ENABLE_CRYPTFS" = true ] ; then
18 23 # Replace fstab root partition with encrypted partition mapping
19 24 sed -i "s/mmcblk0p2/mapper\/${CRYPTFS_MAPPING}/" "${ETC_DIR}/fstab"
20 25
21 26 # Add encrypted partition to crypttab and fstab
22 27 install_readonly files/mount/crypttab "${ETC_DIR}/crypttab"
23 28 echo "${CRYPTFS_MAPPING} /dev/mmcblk0p2 none luks,initramfs" >> "${ETC_DIR}/crypttab"
24 29
25 30 if [ "$ENABLE_SPLITFS" = true ] ; then
26 31 # Add usb/sda disk to crypttab
27 32 sed -i "s/mmcblk0p2/sda1/" "${ETC_DIR}/crypttab"
28 33 fi
29 34 fi
30 35
31 36 # Generate initramfs file
32 if [ "$BUILD_KERNEL" = true ] && [ "$ENABLE_INITRAMFS" = true ] ; then
37 if [ "$ENABLE_INITRAMFS" = true ] ; then
33 38 if [ "$ENABLE_CRYPTFS" = true ] ; then
34 39 # Include initramfs scripts to auto expand encrypted root partition
35 40 if [ "$EXPANDROOT" = true ] ; then
36 41 install_exec files/initramfs/expand_encrypted_rootfs "${ETC_DIR}/initramfs-tools/scripts/init-premount/expand_encrypted_rootfs"
37 42 install_exec files/initramfs/expand-premount "${ETC_DIR}/initramfs-tools/scripts/local-premount/expand-premount"
38 43 install_exec files/initramfs/expand-tools "${ETC_DIR}/initramfs-tools/hooks/expand-tools"
39 44 fi
40 45
46 if [ "$CRYPTFS_DROPBEAR" = true ]; then
47 if [ -n "$CRYPTFS_DROPBEAR_PUBKEY" ] && [ -f "$CRYPTFS_DROPBEAR_PUBKEY" ] ; then
48 install_readonly "${CRYPTFS_DROPBEAR_PUBKEY}" "${ETC_DIR}"/dropbear-initramfs/id_rsa.pub
49 cat "${ETC_DIR}"/dropbear-initramfs/id_rsa.pub >> "${ETC_DIR}"/dropbear-initramfs/authorized_keys
50 else
51 # Create key
52 chroot_exec /usr/bin/dropbearkey -t rsa -f /etc/dropbear-initramfs/id_rsa.dropbear
53
54 # Convert dropbear key to openssh key
55 chroot_exec /usr/lib/dropbear/dropbearconvert dropbear openssh /etc/dropbear-initramfs/id_rsa.dropbear /etc/dropbear-initramfs/id_rsa
56
57 # Get Public Key Part
58 chroot_exec /usr/bin/dropbearkey -y -f /etc/dropbear-initramfs/id_rsa.dropbear | chroot_exec tee /etc/dropbear-initramfs/id_rsa.pub
59
60 # Delete unwanted lines
61 sed -i '/Public/d' "${ETC_DIR}"/dropbear-initramfs/id_rsa.pub
62 sed -i '/Fingerprint/d' "${ETC_DIR}"/dropbear-initramfs/id_rsa.pub
63
64 # Trust the new key
65 cat "${ETC_DIR}"/dropbear-initramfs/id_rsa.pub > "${ETC_DIR}"/dropbear-initramfs/authorized_keys
66
67 # Save Keys - convert with putty from rsa/openssh to puttkey
68 cp -f "${ETC_DIR}"/dropbear-initramfs/id_rsa "${BASEDIR}"/dropbear_initramfs_key.rsa
69
70 # Get unlock script
71 install_exec files/initramfs/crypt_unlock.sh "${ETC_DIR}"/initramfs-tools/hooks/crypt_unlock.sh
72
73 # Enable Dropbear inside initramfs
74 printf "#\n# DROPBEAR: [ y | n ]\n#\n\nDROPBEAR=y\n" >> "${ETC_DIR}/initramfs-tools/initramfs.conf"
75
76 # Enable Dropbear inside initramfs
77 sed -i "54 i sleep 5" "${R}"/usr/share/initramfs-tools/scripts/init-premount/dropbear
78 fi
79 else
41 80 # Disable SSHD inside initramfs
42 81 printf "#\n# DROPBEAR: [ y | n ]\n#\n\nDROPBEAR=n\n" >> "${ETC_DIR}/initramfs-tools/initramfs.conf"
82 fi
43 83
44 84 # Add cryptsetup modules to initramfs
45 85 printf "#\n# CRYPTSETUP: [ y | n ]\n#\n\nCRYPTSETUP=y\n" >> "${ETC_DIR}/initramfs-tools/conf-hook"
46 86
47 87 # Dummy mapping required by mkinitramfs
48 88 echo "0 1 crypt $(echo "${CRYPTFS_CIPHER}" | cut -d ':' -f 1) ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff 0 7:0 4096" | chroot_exec dmsetup create "${CRYPTFS_MAPPING}"
49 89
50 90 # Generate initramfs with encrypted root partition support
51 91 chroot_exec mkinitramfs -o "/boot/firmware/initramfs-${KERNEL_VERSION}" "${KERNEL_VERSION}"
52 92
53 93 # Remove dummy mapping
54 94 chroot_exec cryptsetup close "${CRYPTFS_MAPPING}"
55 95 else
56 96 # Generate initramfs without encrypted root partition support
57 97 chroot_exec mkinitramfs -o "/boot/firmware/initramfs-${KERNEL_VERSION}" "${KERNEL_VERSION}"
58 98 fi
59 99 fi
@@ -1,229 +1,280
1 1 #
2 2 # Setup RPi2/3 config and cmdline
3 3 #
4 4
5 5 # Load utility functions
6 6 . ./functions.sh
7 7
8 if [ "$BUILD_KERNEL" = true ] ; then
9 8 if [ -n "$RPI_FIRMWARE_DIR" ] && [ -d "$RPI_FIRMWARE_DIR" ] ; then
10 9 # Install boot binaries from local directory
11 10 cp "${RPI_FIRMWARE_DIR}"/boot/bootcode.bin "${BOOT_DIR}"/bootcode.bin
12 11 cp "${RPI_FIRMWARE_DIR}"/boot/fixup.dat "${BOOT_DIR}"/fixup.dat
13 12 cp "${RPI_FIRMWARE_DIR}"/boot/fixup_cd.dat "${BOOT_DIR}"/fixup_cd.dat
14 13 cp "${RPI_FIRMWARE_DIR}"/boot/fixup_x.dat "${BOOT_DIR}"/fixup_x.dat
15 14 cp "${RPI_FIRMWARE_DIR}"/boot/start.elf "${BOOT_DIR}"/start.elf
16 15 cp "${RPI_FIRMWARE_DIR}"/boot/start_cd.elf "${BOOT_DIR}"/start_cd.elf
17 16 cp "${RPI_FIRMWARE_DIR}"/boot/start_x.elf "${BOOT_DIR}"/start_x.elf
18 17 else
19 18 # Create temporary directory for boot binaries
20 19 temp_dir=$(as_nobody mktemp -d)
21 20
22 21 # Install latest boot binaries from raspberry/firmware github
23 22 as_nobody wget -q -O "${temp_dir}/bootcode.bin" "${FIRMWARE_URL}/bootcode.bin"
24 23 as_nobody wget -q -O "${temp_dir}/fixup.dat" "${FIRMWARE_URL}/fixup.dat"
25 24 as_nobody wget -q -O "${temp_dir}/fixup_cd.dat" "${FIRMWARE_URL}/fixup_cd.dat"
26 25 as_nobody wget -q -O "${temp_dir}/fixup_x.dat" "${FIRMWARE_URL}/fixup_x.dat"
27 26 as_nobody wget -q -O "${temp_dir}/start.elf" "${FIRMWARE_URL}/start.elf"
28 27 as_nobody wget -q -O "${temp_dir}/start_cd.elf" "${FIRMWARE_URL}/start_cd.elf"
29 28 as_nobody wget -q -O "${temp_dir}/start_x.elf" "${FIRMWARE_URL}/start_x.elf"
30 29
31 30 # Move downloaded boot binaries
32 31 mv "${temp_dir}/"* "${BOOT_DIR}/"
33 32
34 33 # Remove temporary directory for boot binaries
35 34 rm -fr "${temp_dir}"
36 35
37 36 # Set permissions of the boot binaries
38 37 chown -R root:root "${BOOT_DIR}"
39 38 chmod -R 600 "${BOOT_DIR}"
40 39 fi
41 fi
42 40
43 41 # Setup firmware boot cmdline
44 42 if [ "$ENABLE_SPLITFS" = true ] ; then
45 43 CMDLINE="dwc_otg.lpm_enable=0 root=/dev/sda1 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline rootwait console=tty1 init=/bin/systemd"
46 44 else
47 45 CMDLINE="dwc_otg.lpm_enable=0 root=/dev/mmcblk0p2 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline rootwait console=tty1 init=/bin/systemd"
48 46 fi
49 47
50 48 # Add encrypted root partition to cmdline.txt
51 49 if [ "$ENABLE_CRYPTFS" = true ] ; then
52 50 if [ "$ENABLE_SPLITFS" = true ] ; then
53 51 CMDLINE=$(echo "${CMDLINE}" | sed "s/sda1/mapper\/${CRYPTFS_MAPPING} cryptdevice=\/dev\/sda1:${CRYPTFS_MAPPING}/")
54 52 else
55 53 CMDLINE=$(echo "${CMDLINE}" | sed "s/mmcblk0p2/mapper\/${CRYPTFS_MAPPING} cryptdevice=\/dev\/mmcblk0p2:${CRYPTFS_MAPPING}/")
56 54 fi
57 55 fi
58 56
59 #locks cpu at max frequency
60 if [ "$ENABLE_TURBO" = true ] ; then
61 echo "force_turbo=1" >> "${BOOT_DIR}/config.txt"
62 fi
63
57 # Enable Kernel messages on standard output
64 58 if [ "$ENABLE_PRINTK" = true ] ; then
65 59 install_readonly files/sysctl.d/83-rpi-printk.conf "${ETC_DIR}/sysctl.d/83-rpi-printk.conf"
66 60 fi
67 61
68 # Install udev rule for serial alias
62 # Install udev rule for serial alias - serial0 = console serial1=bluetooth
69 63 install_readonly files/etc/99-com.rules "${LIB_DIR}/udev/rules.d/99-com.rules"
70 64
71 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then
65 # Remove IPv6 networking support
66 if [ "$ENABLE_IPV6" = false ] ; then
67 CMDLINE="${CMDLINE} ipv6.disable=1"
68 fi
69
70 # Automatically assign predictable network interface names
71 if [ "$ENABLE_IFNAMES" = false ] ; then
72 CMDLINE="${CMDLINE} net.ifnames=0"
73 else
74 CMDLINE="${CMDLINE} net.ifnames=1"
75 fi
76
77 # Disable Raspberry Pi console logo
78 if [ "$ENABLE_LOGO" = false ] ; then
79 CMDLINE="${CMDLINE} logo.nologo"
80 fi
81
82 # Strictly limit verbosity of boot up console messages
83 if [ "$ENABLE_SILENT_BOOT" = true ] ; then
84 CMDLINE="${CMDLINE} quiet loglevel=0 rd.systemd.show_status=auto rd.udev.log_priority=0"
85 fi
86
87 # Install firmware config
88 install_readonly files/boot/config.txt "${BOOT_DIR}/config.txt"
72 89
73 # RPI0,3,3P Use default ttyS0 (mini-UART)as serial interface
74 SET_SERIAL="ttyS0"
90 # Disable Raspberry Pi console logo
91 if [ "$ENABLE_SLASH" = false ] ; then
92 echo "disable_splash=1" >> "${BOOT_DIR}/config.txt"
93 fi
94
95 # Locks CPU frequency at maximum
96 if [ "$ENABLE_TURBO" = true ] ; then
97 echo "force_turbo=1" >> "${BOOT_DIR}/config.txt"
98 # helps to avoid sdcard corruption when force_turbo is enabled.
99 echo "boot_delay=1" >> "${BOOT_DIR}/config.txt"
100 fi
101
102 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then
75 103
76 104 # Bluetooth enabled
77 105 if [ "$ENABLE_BLUETOOTH" = true ] ; then
78 106 # Create temporary directory for Bluetooth sources
79 107 temp_dir=$(as_nobody mktemp -d)
80 108
81 109 # Fetch Bluetooth sources
82 110 as_nobody git -C "${temp_dir}" clone "${BLUETOOTH_URL}"
83 111
84 112 # Copy downloaded sources
85 113 mv "${temp_dir}/pi-bluetooth" "${R}/tmp/"
86 114
87 115 # Bluetooth firmware from arch aur https://aur.archlinux.org/packages/pi-bluetooth/
88 116 as_nobody wget -q -O "${R}/tmp/pi-bluetooth/LICENCE.broadcom_bcm43xx" https://aur.archlinux.org/cgit/aur.git/plain/LICENCE.broadcom_bcm43xx?h=pi-bluetooth
89 117 as_nobody wget -q -O "${R}/tmp/pi-bluetooth/BCM43430A1.hcd" https://aur.archlinux.org/cgit/aur.git/plain/BCM43430A1.hcd?h=pi-bluetooth
90 118
91 119 # Set permissions
92 120 chown -R root:root "${R}/tmp/pi-bluetooth"
93 121
94 122 # Install tools
95 123 install_readonly "${R}/tmp/pi-bluetooth/usr/bin/btuart" "${R}/usr/bin/btuart"
96 124 install_readonly "${R}/tmp/pi-bluetooth/usr/bin/bthelper" "${R}/usr/bin/bthelper"
97 125
126 # make scripts executable
127 chmod +x "${R}/usr/bin/bthelper"
128 chmod +x "${R}/usr/bin/btuart"
129
98 130 # Install bluetooth udev rule
99 131 install_readonly "${R}/tmp/pi-bluetooth/lib/udev/rules.d/90-pi-bluetooth.rules" "${LIB_DIR}/udev/rules.d/90-pi-bluetooth.rules"
100 132
101 133 # Install Firmware Flash file and apropiate licence
102 134 mkdir -p "$BLUETOOTH_FIRMWARE_DIR"
103 135 install_readonly "${R}/tmp/pi-bluetooth/LICENCE.broadcom_bcm43xx" "${BLUETOOTH_FIRMWARE_DIR}/LICENCE.broadcom_bcm43xx"
104 136 install_readonly "${R}/tmp/pi-bluetooth/BCM43430A1.hcd" "${BLUETOOTH_FIRMWARE_DIR}/LICENCE.broadcom_bcm43xx"
105 137 install_readonly "${R}/tmp/pi-bluetooth/debian/pi-bluetooth.bthelper@.service" "${ETC_DIR}/systemd/system/pi-bluetooth.bthelper@.service"
106 138 install_readonly "${R}/tmp/pi-bluetooth/debian/pi-bluetooth.hciuart.service" "${ETC_DIR}/systemd/system/pi-bluetooth.hciuart.service"
107 139
108 # Remove temporary directory
140 # Remove temporary directories
109 141 rm -fr "${temp_dir}"
142 rm -fr "${R}"/tmp/pi-bluetooth
110 143
111 144 # Switch Pi3 Bluetooth function to use the mini-UART (ttyS0) and restore UART0/ttyAMA0 over GPIOs 14 & 15. Slow Bluetooth and slow cpu. Use /dev/ttyS0 instead of /dev/ttyAMA0
112 145 if [ "$ENABLE_MINIUART_OVERLAY" = true ] ; then
113 SET_SERIAL="ttyAMA0"
114 146
115 147 # set overlay to swap ttyAMA0 and ttyS0
116 148 echo "dtoverlay=pi3-miniuart-bt" >> "${BOOT_DIR}/config.txt"
117 149
118 150 # if force_turbo didn't lock cpu at high speed, lock it at low speed (XOR logic) or miniuart will be broken
119 151 if [ "$ENABLE_TURBO" = false ] ; then
120 152 echo "core_freq=250" >> "${BOOT_DIR}/config.txt"
121 153 fi
154 fi
122 155
123 156 # Activate services
124 157 chroot_exec systemctl enable pi-bluetooth.hciuart.service
125 #chroot_exec systemctl enable pi-bluetooth.bthelper@.service
126 else
127 chroot_exec systemctl enable pi-bluetooth.hciuart.service
128 #chroot_exec systemctl enable pi-bluetooth.bthelper@.service
129 fi
130 158
131 159 else # if ENABLE_BLUETOOTH = false
132 160 # set overlay to disable bluetooth
133 161 echo "dtoverlay=pi3-disable-bt" >> "${BOOT_DIR}/config.txt"
134 162 fi # ENABLE_BLUETOOTH end
135
136 else
137 # RPI1,1P,2 Use default ttyAMA0 (full UART) as serial interface
138 SET_SERIAL="ttyAMA0"
139 163 fi
140 164
141 165 # may need sudo systemctl disable hciuart
142 166 if [ "$ENABLE_CONSOLE" = true ] ; then
143 167 echo "enable_uart=1" >> "${BOOT_DIR}/config.txt"
144 168 # add string to cmdline
145 169 CMDLINE="${CMDLINE} console=serial0,115200"
146 170
147 171 # Enable serial console systemd style
148 chroot_exec systemctl enable serial-getty\@"$SET_SERIAL".service
172 chroot_exec systemctl enable serial-getty\@serial0.service
149 173 else
150 174 echo "enable_uart=0" >> "${BOOT_DIR}/config.txt"
175
151 176 # disable serial console systemd style
152 177 chroot_exec systemctl disable serial-getty\@"$SET_SERIAL".service
153 178 fi
154 179
155 # Remove IPv6 networking support
156 if [ "$ENABLE_IPV6" = false ] ; then
157 CMDLINE="${CMDLINE} ipv6.disable=1"
158 fi
180 if [ "$ENABLE_SYSTEMDSWAP" = true ] ; then
181 # Create temporary directory for systemd-swap sources
182 temp_dir=$(as_nobody mktemp -d)
159 183
160 # Automatically assign predictable network interface names
161 if [ "$ENABLE_IFNAMES" = false ] ; then
162 CMDLINE="${CMDLINE} net.ifnames=0"
184 # Fetch systemd-swap sources
185 as_nobody git -C "${temp_dir}" clone "${SYSTEMDSWAP_URL}"
186
187 # Copy downloaded systemd-swap sources
188 mv "${temp_dir}/systemd-swap" "${R}/tmp/"
189
190 # Set permissions of the systemd-swap sources
191 chown -R root:root "${R}/tmp/systemd-swap"
192
193 # Remove temporary directory for systemd-swap sources
194 rm -fr "${temp_dir}"
195
196 # Change into downloaded src dir
197 cd "${R}/tmp/systemd-swap" || exit
198
199 # Build package
200 . ./package.sh debian
201
202 # Install package
203 chroot_exec dpkg -i /tmp/systemd-swap/systemd-swap-*any.deb
204
205 # Enable service
206 chroot_exec systemctl enable systemd-swap
207
208 # Change back into script root dir
209 cd "${WORKDIR}" || exit
163 210 else
164 CMDLINE="${CMDLINE} net.ifnames=1"
211 # Enable ZSWAP in cmdline if systemd-swap is not used
212 if [ "$KERNEL_ZSWAP" = true ] ; then
213 CMDLINE="${CMDLINE} zswap.enabled=1 zswap.max_pool_percent=25 zswap.compressor=lz4"
214 fi
215 fi
216
217 if [ "$KERNEL_SECURITY" = true ] ; then
218 CMDLINE="${CMDLINE} apparmor=1 security=apparmor"
165 219 fi
166 220
167 221 # Install firmware boot cmdline
168 222 echo "${CMDLINE}" > "${BOOT_DIR}/cmdline.txt"
169 223
170 # Install firmware config
171 install_readonly files/boot/config.txt "${BOOT_DIR}/config.txt"
172
173 224 # Setup minimal GPU memory allocation size: 16MB (no X)
174 225 if [ "$ENABLE_MINGPU" = true ] ; then
175 226 echo "gpu_mem=16" >> "${BOOT_DIR}/config.txt"
176 227 fi
177 228
178 229 # Setup boot with initramfs
179 230 if [ "$ENABLE_INITRAMFS" = true ] ; then
180 231 echo "initramfs initramfs-${KERNEL_VERSION} followkernel" >> "${BOOT_DIR}/config.txt"
181 232 fi
182 233
183 234 # Create firmware configuration and cmdline symlinks
184 235 ln -sf firmware/config.txt "${R}/boot/config.txt"
185 236 ln -sf firmware/cmdline.txt "${R}/boot/cmdline.txt"
186 237
187 238 # Install and setup kernel modules to load at boot
188 239 mkdir -p "${LIB_DIR}/modules-load.d/"
189 240 install_readonly files/modules/rpi2.conf "${LIB_DIR}/modules-load.d/rpi2.conf"
190 241
191 242 # Load hardware random module at boot
192 243 if [ "$ENABLE_HWRANDOM" = true ] && [ "$BUILD_KERNEL" = false ] ; then
193 244 sed -i "s/^# bcm2708_rng/bcm2708_rng/" "${LIB_DIR}/modules-load.d/rpi2.conf"
194 245 fi
195 246
196 247 # Load sound module at boot
197 248 if [ "$ENABLE_SOUND" = true ] ; then
198 249 sed -i "s/^# snd_bcm2835/snd_bcm2835/" "${LIB_DIR}/modules-load.d/rpi2.conf"
199 250 else
200 251 echo "dtparam=audio=off" >> "${BOOT_DIR}/config.txt"
201 252 fi
202 253
203 254 # Enable I2C interface
204 255 if [ "$ENABLE_I2C" = true ] ; then
205 256 echo "dtparam=i2c_arm=on" >> "${BOOT_DIR}/config.txt"
206 257 sed -i "s/^# i2c-bcm2708/i2c-bcm2708/" "${LIB_DIR}/modules-load.d/rpi2.conf"
207 258 sed -i "s/^# i2c-dev/i2c-dev/" "${LIB_DIR}/modules-load.d/rpi2.conf"
208 259 fi
209 260
210 261 # Enable SPI interface
211 262 if [ "$ENABLE_SPI" = true ] ; then
212 263 echo "dtparam=spi=on" >> "${BOOT_DIR}/config.txt"
213 264 echo "spi-bcm2708" >> "${LIB_DIR}/modules-load.d/rpi2.conf"
214 265 if [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ]; then
215 266 sed -i "s/spi-bcm2708/spi-bcm2835/" "${LIB_DIR}/modules-load.d/rpi2.conf"
216 267 fi
217 268 fi
218 269
219 270 # Disable RPi2/3 under-voltage warnings
220 271 if [ -n "$DISABLE_UNDERVOLT_WARNINGS" ] ; then
221 272 echo "avoid_warnings=${DISABLE_UNDERVOLT_WARNINGS}" >> "${BOOT_DIR}/config.txt"
222 273 fi
223 274
224 275 # Install kernel modules blacklist
225 276 mkdir -p "${ETC_DIR}/modprobe.d/"
226 277 install_readonly files/modules/raspi-blacklist.conf "${ETC_DIR}/modprobe.d/raspi-blacklist.conf"
227 278
228 279 # Install sysctl.d configuration files
229 280 install_readonly files/sysctl.d/81-rpi-vm.conf "${ETC_DIR}/sysctl.d/81-rpi-vm.conf"
@@ -1,132 +1,146
1 1 #
2 2 # Setup Networking
3 3 #
4 4
5 5 # Load utility functions
6 6 . ./functions.sh
7 7
8 8 # Install and setup hostname
9 9 install_readonly files/network/hostname "${ETC_DIR}/hostname"
10 10 sed -i "s/^RaspberryPI/${HOSTNAME}/" "${ETC_DIR}/hostname"
11 11
12 12 # Install and setup hosts
13 13 install_readonly files/network/hosts "${ETC_DIR}/hosts"
14 14 sed -i "s/RaspberryPI/${HOSTNAME}/" "${ETC_DIR}/hosts"
15 15
16 16 # Setup hostname entry with static IP
17 17 if [ "$NET_ADDRESS" != "" ] ; then
18 18 NET_IP=$(echo "${NET_ADDRESS}" | cut -f 1 -d'/')
19 19 sed -i "s/^127.0.1.1/${NET_IP}/" "${ETC_DIR}/hosts"
20 20 fi
21 21
22 22 # Remove IPv6 hosts
23 23 if [ "$ENABLE_IPV6" = false ] ; then
24 24 sed -i -e "/::[1-9]/d" -e "/^$/d" "${ETC_DIR}/hosts"
25 25 fi
26 26
27 27 # Install hint about network configuration
28 28 install_readonly files/network/interfaces "${ETC_DIR}/network/interfaces"
29 29
30 30 # Install configuration for interface eth0
31 31 install_readonly files/network/eth.network "${ETC_DIR}/systemd/network/eth.network"
32 32
33 33 # Install configuration for interface wl*
34 34 install_readonly files/network/wlan.network "${ETC_DIR}/systemd/network/wlan.network"
35 35
36 36 #always with dhcp since wpa_supplicant integration is missing
37 37 sed -i -e "s/DHCP=.*/DHCP=yes/" -e "/DHCP/q" "${ETC_DIR}/systemd/network/wlan.network"
38 38
39 39 if [ "$ENABLE_DHCP" = true ] ; then
40 40 # Enable DHCP configuration for interface eth0
41 41 sed -i -e "s/DHCP=.*/DHCP=yes/" -e "/DHCP/q" "${ETC_DIR}/systemd/network/eth.network"
42 42
43 43 # Set DHCP configuration to IPv4 only
44 44 if [ "$ENABLE_IPV6" = false ] ; then
45 45 sed -i "s/DHCP=.*/DHCP=v4/" "${ETC_DIR}/systemd/network/eth.network"
46 46 fi
47 47
48 48 else # ENABLE_DHCP=false
49 49 # Set static network configuration for interface eth0
50 50 sed -i\
51 51 -e "s|DHCP=.*|DHCP=no|"\
52 52 -e "s|Address=\$|Address=${NET_ADDRESS}|"\
53 53 -e "s|Gateway=\$|Gateway=${NET_GATEWAY}|"\
54 54 -e "0,/DNS=\$/ s|DNS=\$|DNS=${NET_DNS_1}|"\
55 55 -e "0,/DNS=\$/ s|DNS=\$|DNS=${NET_DNS_2}|"\
56 56 -e "s|Domains=\$|Domains=${NET_DNS_DOMAINS}|"\
57 57 -e "0,/NTP=\$/ s|NTP=\$|NTP=${NET_NTP_1}|"\
58 58 -e "0,/NTP=\$/ s|NTP=\$|NTP=${NET_NTP_2}|"\
59 59 "${ETC_DIR}/systemd/network/eth.network"
60
61 if [ "$CRYPTFS_DROPBEAR" = true ] ; then
62 # Get cdir from NET_ADDRESS e.g. 24
63 cdir=$(${NET_ADDRESS} | cut -d '/' -f2)
64
65 # Convert cdir ro netmask e.g. 24 to 255.255.255.0
66 NET_MASK=$(cdr2mask "$cdir")
67
68 # Write static ip settings to "${ETC_DIR}"/initramfs-tools/initramfs.conf
69 sed -i "\$aIP=${NET_ADDRESS}::${NET_GATEWAY}:${NET_MASK}:${HOSTNAME}:" "${ETC_DIR}"/initramfs-tools/initramfs.conf
70
71 # Regenerate initramfs
72 chroot_exec mkinitramfs -o "/boot/firmware/initramfs-${KERNEL_VERSION}" "${KERNEL_VERSION}"
73 fi
60 74 fi
61 75
62 76 # Remove empty settings from network configuration
63 77 sed -i "/.*=\$/d" "${ETC_DIR}/systemd/network/eth.network"
64 78 # Remove empty settings from wlan configuration
65 79 sed -i "/.*=\$/d" "${ETC_DIR}/systemd/network/wlan.network"
66 80
67 81 # Move systemd network configuration if required by Debian release
68 82 mv -v "${ETC_DIR}/systemd/network/eth.network" "${LIB_DIR}/systemd/network/10-eth.network"
69 83 # If WLAN is enabled copy wlan configuration too
70 84 if [ "$ENABLE_WIRELESS" = true ] ; then
71 85 mv -v "${ETC_DIR}/systemd/network/wlan.network" "${LIB_DIR}/systemd/network/11-wlan.network"
72 86 fi
73 87 rm -fr "${ETC_DIR}/systemd/network"
74 88
75 89 # Enable systemd-networkd service
76 90 chroot_exec systemctl enable systemd-networkd
77 91
78 92 # Install host.conf resolver configuration
79 93 install_readonly files/network/host.conf "${ETC_DIR}/host.conf"
80 94
81 95 # Enable network stack hardening
82 96 if [ "$ENABLE_HARDNET" = true ] ; then
83 97 # Install sysctl.d configuration files
84 98 install_readonly files/sysctl.d/82-rpi-net-hardening.conf "${ETC_DIR}/sysctl.d/82-rpi-net-hardening.conf"
85 99
86 100 # Setup resolver warnings about spoofed addresses
87 101 sed -i "s/^# spoof warn/spoof warn/" "${ETC_DIR}/host.conf"
88 102 fi
89 103
90 104 # Enable time sync
91 105 if [ "$NET_NTP_1" != "" ] ; then
92 106 chroot_exec systemctl enable systemd-timesyncd.service
93 107 fi
94 108
95 109 # Download the firmware binary blob required to use the RPi3 wireless interface
96 110 if [ "$ENABLE_WIRELESS" = true ] ; then
97 111 if [ ! -d "${WLAN_FIRMWARE_DIR}" ] ; then
98 112 mkdir -p "${WLAN_FIRMWARE_DIR}"
99 113 fi
100 114
101 115 # Create temporary directory for firmware binary blob
102 116 temp_dir=$(as_nobody mktemp -d)
103 117
104 118 # Fetch firmware binary blob for RPI3B+
105 119 if [ "$RPI_MODEL" = 3P ] ; then
106 120 # Fetch firmware binary blob for RPi3P
107 121 as_nobody wget -q -O "${temp_dir}/brcmfmac43455-sdio.bin" "${WLAN_FIRMWARE_URL}/brcmfmac43455-sdio.bin"
108 122 as_nobody wget -q -O "${temp_dir}/brcmfmac43455-sdio.txt" "${WLAN_FIRMWARE_URL}/brcmfmac43455-sdio.txt"
109 123 as_nobody wget -q -O "${temp_dir}/brcmfmac43455-sdio.clm_blob" "${WLAN_FIRMWARE_URL}/brcmfmac43455-sdio.clm_blob"
110 124
111 125 # Move downloaded firmware binary blob
112 126 mv "${temp_dir}/brcmfmac43455-sdio."* "${WLAN_FIRMWARE_DIR}/"
113 127
114 128 # Set permissions of the firmware binary blob
115 129 chown root:root "${WLAN_FIRMWARE_DIR}/brcmfmac43455-sdio."*
116 130 chmod 600 "${WLAN_FIRMWARE_DIR}/brcmfmac43455-sdio."*
117 131 elif [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 0 ] ; then
118 132 # Fetch firmware binary blob for RPi3
119 133 as_nobody wget -q -O "${temp_dir}/brcmfmac43430-sdio.bin" "${WLAN_FIRMWARE_URL}/brcmfmac43430-sdio.bin"
120 134 as_nobody wget -q -O "${temp_dir}/brcmfmac43430-sdio.txt" "${WLAN_FIRMWARE_URL}/brcmfmac43430-sdio.txt"
121 135
122 136 # Move downloaded firmware binary blob
123 137 mv "${temp_dir}/brcmfmac43430-sdio."* "${WLAN_FIRMWARE_DIR}/"
124 138
125 139 # Set permissions of the firmware binary blob
126 140 chown root:root "${WLAN_FIRMWARE_DIR}/brcmfmac43430-sdio."*
127 141 chmod 600 "${WLAN_FIRMWARE_DIR}/brcmfmac43430-sdio."*
128 142 fi
129 143
130 144 # Remove temporary directory for firmware binary blob
131 145 rm -fr "${temp_dir}"
132 146 fi
@@ -1,48 +1,54
1 1 #
2 2 # Setup Firewall
3 3 #
4 4
5 5 # Load utility functions
6 6 . ./functions.sh
7 7
8 8 if [ "$ENABLE_IPTABLES" = true ] ; then
9 9 # Create iptables configuration directory
10 10 mkdir -p "${ETC_DIR}/iptables"
11 11
12 # make sure iptables-legacy is the used alternatives
12 if [ "$KERNEL_NF" = false ] ; then
13 13 #iptables-save and -restore are slaves of iptables and thus are set accordingly
14 14 chroot_exec update-alternatives --verbose --set iptables /usr/sbin/iptables-legacy
15 fi
15 16
16 17 # Install iptables systemd service
17 18 install_readonly files/iptables/iptables.service "${ETC_DIR}/systemd/system/iptables.service"
18 19
19 20 # Install flush-table script called by iptables service
20 21 install_exec files/iptables/flush-iptables.sh "${ETC_DIR}/iptables/flush-iptables.sh"
21 22
22 23 # Install iptables rule file
23 24 install_readonly files/iptables/iptables.rules "${ETC_DIR}/iptables/iptables.rules"
24 25
25 26 # Reload systemd configuration and enable iptables service
26 27 chroot_exec systemctl daemon-reload
27 28 chroot_exec systemctl enable iptables.service
28 29
29 30 if [ "$ENABLE_IPV6" = true ] ; then
31 if [ "$KERNEL_NF" = false ] ; then
32 #iptables-save and -restore are slaves of iptables and thus are set accordingly
33 chroot_exec update-alternatives --verbose --set ip6tables /usr/sbin/ip6tables-legacy
34 fi
35
30 36 # Install ip6tables systemd service
31 37 install_readonly files/iptables/ip6tables.service "${ETC_DIR}/systemd/system/ip6tables.service"
32 38
33 39 # Install ip6tables file
34 40 install_exec files/iptables/flush-ip6tables.sh "${ETC_DIR}/iptables/flush-ip6tables.sh"
35 41
36 42 install_readonly files/iptables/ip6tables.rules "${ETC_DIR}/iptables/ip6tables.rules"
37 43
38 44 # Reload systemd configuration and enable iptables service
39 45 chroot_exec systemctl daemon-reload
40 46 chroot_exec systemctl enable ip6tables.service
41 47 fi
42 48
43 49 if [ "$ENABLE_SSHD" = false ] ; then
44 50 # Remove SSHD related iptables rules
45 51 sed -i "/^#/! {/SSH/ s/^/# /}" "${ETC_DIR}/iptables/iptables.rules" 2> /dev/null
46 52 sed -i "/^#/! {/SSH/ s/^/# /}" "${ETC_DIR}/iptables/ip6tables.rules" 2> /dev/null
47 53 fi
48 54 fi
@@ -1,29 +1,24
1 1 #
2 2 # Setup users and security settings
3 3 #
4 4
5 5 # Load utility functions
6 6 . ./functions.sh
7 7
8 8 # Generate crypt(3) password string
9 9 ENCRYPTED_PASSWORD=$(mkpasswd -m sha-512 "${PASSWORD}")
10 10 ENCRYPTED_USER_PASSWORD=$(mkpasswd -m sha-512 "${USER_PASSWORD}")
11 11
12 12 # Setup default user
13 13 if [ "$ENABLE_USER" = true ] ; then
14 14 chroot_exec adduser --gecos "$USER_NAME" --add_extra_groups --disabled-password "$USER_NAME"
15 15 chroot_exec usermod -a -G sudo -p "${ENCRYPTED_USER_PASSWORD}" "$USER_NAME"
16 16 fi
17 17
18 18 # Setup root password or not
19 19 if [ "$ENABLE_ROOT" = true ] ; then
20 20 chroot_exec usermod -p "${ENCRYPTED_PASSWORD}" root
21 21 else
22 22 # Set no root password to disable root login
23 23 chroot_exec usermod -p \'!\' root
24 24 fi
25
26 # Enable serial console systemd style
27 if [ "$ENABLE_CONSOLE" = true ] ; then
28 chroot_exec systemctl enable serial-getty\@ttyAMA0.service
29 fi
@@ -1,100 +1,105
1 1 #
2 2 # Build and Setup U-Boot
3 3 #
4 4
5 5 # Load utility functions
6 6 . ./functions.sh
7 7
8 8 # Fetch and build U-Boot bootloader
9 9 if [ "$ENABLE_UBOOT" = true ] ; then
10 10 # Install c/c++ build environment inside the chroot
11 11 chroot_install_cc
12 12
13 13 # Copy existing U-Boot sources into chroot directory
14 14 if [ -n "$UBOOTSRC_DIR" ] && [ -d "$UBOOTSRC_DIR" ] ; then
15 15 # Copy local U-Boot sources
16 16 cp -r "${UBOOTSRC_DIR}" "${R}/tmp"
17 17 else
18 18 # Create temporary directory for U-Boot sources
19 19 temp_dir=$(as_nobody mktemp -d)
20 20
21 21 # Fetch U-Boot sources
22 22 as_nobody git -C "${temp_dir}" clone "${UBOOT_URL}"
23 23
24 24 # Copy downloaded U-Boot sources
25 25 mv "${temp_dir}/u-boot" "${R}/tmp/"
26 26
27 27 # Set permissions of the U-Boot sources
28 28 chown -R root:root "${R}/tmp/u-boot"
29 29
30 30 # Remove temporary directory for U-Boot sources
31 31 rm -fr "${temp_dir}"
32 32 fi
33 33
34 34 # Build and install U-Boot inside chroot
35 35 chroot_exec make -j"${KERNEL_THREADS}" -C /tmp/u-boot/ "${UBOOT_CONFIG}" all
36 36
37 37 # Copy compiled bootloader binary and set config.txt to load it
38 38 install_exec "${R}/tmp/u-boot/tools/mkimage" "${R}/usr/sbin/mkimage"
39 39 install_readonly "${R}/tmp/u-boot/u-boot.bin" "${BOOT_DIR}/u-boot.bin"
40 40 printf "\n# boot u-boot kernel\nkernel=u-boot.bin\n" >> "${BOOT_DIR}/config.txt"
41 41
42 42 # Install and setup U-Boot command file
43 43 install_readonly files/boot/uboot.mkimage "${BOOT_DIR}/uboot.mkimage"
44 44 printf "# Set the kernel boot command line\nsetenv bootargs \"earlyprintk ${CMDLINE}\"\n\n$(cat "${BOOT_DIR}"/uboot.mkimage)" > "${BOOT_DIR}/uboot.mkimage"
45 45
46 46 if [ "$ENABLE_INITRAMFS" = true ] ; then
47 47 # Convert generated initramfs for U-Boot using mkimage
48 48 chroot_exec /usr/sbin/mkimage -A "${KERNEL_ARCH}" -T ramdisk -C none -n "initramfs-${KERNEL_VERSION}" -d "/boot/firmware/initramfs-${KERNEL_VERSION}" "/boot/firmware/initramfs-${KERNEL_VERSION}.uboot"
49 49
50 50 # Remove original initramfs file
51 51 rm -f "${BOOT_DIR}/initramfs-${KERNEL_VERSION}"
52 52
53 53 # Configure U-Boot to load generated initramfs
54 54 printf "# Set initramfs file\nsetenv initramfs initramfs-${KERNEL_VERSION}.uboot\n\n$(cat "${BOOT_DIR}"/uboot.mkimage)" > "${BOOT_DIR}/uboot.mkimage"
55 55 printf "\nbootz \${kernel_addr_r} \${ramdisk_addr_r} \${fdt_addr_r}" >> "${BOOT_DIR}/uboot.mkimage"
56 56 else # ENABLE_INITRAMFS=false
57 57 # Remove initramfs from U-Boot mkfile
58 58 sed -i '/.*initramfs.*/d' "${BOOT_DIR}/uboot.mkimage"
59 59
60 60 if [ "$BUILD_KERNEL" = false ] ; then
61 61 # Remove dtbfile from U-Boot mkfile
62 62 sed -i '/.*dtbfile.*/d' "${BOOT_DIR}/uboot.mkimage"
63 63 printf "\nbootz \${kernel_addr_r}" >> "${BOOT_DIR}/uboot.mkimage"
64 64 else
65 65 printf "\nbootz \${kernel_addr_r} - \${fdt_addr_r}" >> "${BOOT_DIR}/uboot.mkimage"
66 66 fi
67 67 fi
68 68
69 69 if [ "$SET_ARCH" = 64 ] ; then
70 70 echo "Setting up config.txt to boot 64bit uboot"
71 71 {
72 72 printf "\n# 64bit-mode"
73 73 printf "\n# arm_control=0x200 is deprecated https://www.raspberrypi.org/documentation/configuration/config-txt/misc.md"
74 74 printf "\narm_64bit=1"
75 75 } >> "${BOOT_DIR}/config.txt"
76 76
77 77 #in 64bit uboot booti is used instead of bootz [like in KERNEL_BIN_IMAGE=zImage (armv7)|| Image(armv8)]
78 78 sed -i "s|bootz|booti|g" "${BOOT_DIR}/uboot.mkimage"
79 79 fi
80 80
81 # instead of sd, boot from usb device
82 if [ "$ENABLE_UBOOTUSB" = true ] ; then
83 sed -i "s|mmc|usb|g" "${BOOT_DIR}/uboot.mkimage"
84 fi
85
81 86 # Set mkfile to use the correct dtb file
82 87 sed -i "s|bcm2709-rpi-2-b.dtb|${DTB_FILE}|" "${BOOT_DIR}/uboot.mkimage"
83 88
84 89 # Set mkfile to use the correct mach id
85 90 if [ "$ENABLE_QEMU" = true ] ; then
86 91 sed -i "s/^\(setenv machid \).*/\10x000008e0/" "${BOOT_DIR}/uboot.mkimage"
87 92 fi
88 93
89 94 # Set mkfile to use kernel image
90 95 sed -i "s|kernel7.img|${KERNEL_IMAGE}|" "${BOOT_DIR}/uboot.mkimage"
91 96
92 97 # Remove all leading blank lines
93 98 sed -i "/./,\$!d" "${BOOT_DIR}/uboot.mkimage"
94 99
95 100 # Generate U-Boot bootloader image
96 101 chroot_exec /usr/sbin/mkimage -A "${KERNEL_ARCH}" -O linux -T script -C none -a 0x00000000 -e 0x00000000 -n "RPi${RPI_MODEL}" -d /boot/firmware/uboot.mkimage /boot/firmware/boot.scr
97 102
98 103 # Remove U-Boot sources
99 104 rm -fr "${R}/tmp/u-boot"
100 105 fi
@@ -1,53 +1,56
1 1 #
2 2 # Setup videocore - Raspberry Userland
3 3 #
4 4
5 5 # Load utility functions
6 6 . ./functions.sh
7 7
8 8 if [ "$ENABLE_VIDEOCORE" = true ] ; then
9 9 # Copy existing videocore sources into chroot directory
10 10 if [ -n "$VIDEOCORESRC_DIR" ] && [ -d "$VIDEOCORESRC_DIR" ] ; then
11 11 # Copy local videocore sources
12 12 cp -r "${VIDEOCORESRC_DIR}" "${R}/tmp/userland"
13 13 else
14 14 # Create temporary directory for videocore sources
15 15 temp_dir=$(as_nobody mktemp -d)
16 16
17 17 # Fetch videocore sources
18 18 as_nobody git -C "${temp_dir}" clone "${VIDEOCORE_URL}"
19 19
20 20 # Copy downloaded videocore sources
21 21 mv "${temp_dir}/userland" "${R}/tmp/"
22 22
23 23 # Set permissions of the U-Boot sources
24 24 chown -R root:root "${R}/tmp/userland"
25 25
26 26 # Remove temporary directory for U-Boot sources
27 27 rm -fr "${temp_dir}"
28 28 fi
29 29
30 30 # Create build dir
31 31 mkdir "${R}"/tmp/userland/build
32 32
33 33 # push us to build directory
34 34 cd "${R}"/tmp/userland/build
35 35
36 36 if [ "$RELEASE_ARCH" = "arm64" ] ; then
37 37 cmake -DCMAKE_SYSTEM_NAME=Linux -DCMAKE_BUILD_TYPE=release -DARM64=ON -DCMAKE_C_COMPILER=aarch64-linux-gnu-gcc -DCMAKE_CXX_COMPILER=aarch64-linux-gnu-g++ -DCMAKE_ASM_COMPILER=aarch64-linux-gnu-gcc -DCMAKE_C_FLAGS="${CMAKE_C_FLAGS} -U_FORTIFY_SOURCE" -DCMAKE_ASM_FLAGS="${CMAKE_ASM_FLAGS} -c" -DVIDEOCORE_BUILD_DIR="${R}" "${R}/tmp/userland"
38 38 fi
39 39
40 40 if [ "$RELEASE_ARCH" = "armel" ] ; then
41 41 cmake -DCMAKE_SYSTEM_NAME=Linux -DCMAKE_BUILD_TYPE=release -DCMAKE_C_COMPILER=arm-linux-gnueabi-gcc -DCMAKE_CXX_COMPILER=arm-linux-gnueabi-g++ -DCMAKE_ASM_COMPILER=arm-linux-gnueabi-gcc -DCMAKE_C_FLAGS="${CMAKE_C_FLAGS} -U_FORTIFY_SOURCE" -DCMAKE_ASM_FLAGS="${CMAKE_ASM_FLAGS} -c" -DCMAKE_SYSTEM_PROCESSOR="arm" -DVIDEOCORE_BUILD_DIR="${R}" "${R}/tmp/userland"
42 42 fi
43 43
44 44 if [ "$RELEASE_ARCH" = "armhf" ] ; then
45 45 cmake -DCMAKE_SYSTEM_NAME=Linux -DCMAKE_BUILD_TYPE=release -DCMAKE_TOOLCHAIN_FILE="${R}"/tmp/userland/makefiles/cmake/toolchains/arm-linux-gnueabihf.cmake -DVIDEOCORE_BUILD_DIR="${R}" "${R}/tmp/userland"
46 46 fi
47 47
48 48 #build userland
49 49 make -j "$(nproc)"
50 50
51 51 #back to root of scriptdir
52 52 cd "${WORKDIR}"
53
54 # Remove videocore sources
55 rm -fr "${R}"/tmp/userland/
53 56 fi
@@ -1,8 +1,8
1 deb http://ftp.debian.org/debian jessie main contrib
2 #deb-src http://ftp.debian.org/debian jessie main contrib
1 deb http://ftp.debian.org/debian stretch main contrib
2 #deb-src http://ftp.debian.org/debian stretch main contrib
3 3
4 deb http://ftp.debian.org/debian/ jessie-updates main contrib
5 #deb-src http://ftp.debian.org/debian/ jessie-updates main contrib
4 deb http://ftp.debian.org/debian/ stretch-updates main contrib
5 #deb-src http://ftp.debian.org/debian/ stretch-updates main contrib
6 6
7 deb http://security.debian.org/ jessie/updates main contrib
8 #deb-src http://security.debian.org/ jessie/updates main contrib
7 deb http://security.debian.org/ stretch/updates main contrib
8 #deb-src http://security.debian.org/ stretch/updates main contrib
@@ -1,68 +1,76
1 1 logger -t "rc.firstboot" "Expanding root partition"
2 2
3 3 # Detect root partition device
4 4 ROOT_PART=$(mount | sed -n 's|^/dev/\(.*\) on / .*|\1|p')
5 5 if [ -z "$ROOT_PART" ] ; then
6 6 log_warning_msg "unable to detect root partition device"
7 7 return 1
8 8 fi
9 9
10 10 # Extract root device name
11 11 case "${ROOT_PART}" in
12 12 mmcblk0*) ROOT_DEV=mmcblk0 ;;
13 13 sda*) ROOT_DEV=sda ;;
14 14 esac
15 15
16 16 # Check detected root partition name
17 17 PART_NUM=$(echo ${ROOT_PART} | grep -o '[1-9][0-9]*$')
18 18 if [ "$PART_NUM" = "$ROOT_PART" ] ; then
19 19 logger -t "rc.firstboot" "$ROOT_PART is not an SD card. Don't know how to expand"
20 20 return 0
21 21 fi
22 22
23 23 # NOTE: the NOOBS partition layout confuses parted. For now, let's only
24 24 # agree to work with a sufficiently simple partition layout
25 25 if [ "$PART_NUM" -gt 2 ] ; then
26 26 logger -t "rc.firstboot" "Your partition layout is not currently supported by this tool."
27 27 return 0
28 28 fi
29 29
30 30 # Check if last partition number
31 31 LAST_PART_NUM=$(parted /dev/${ROOT_DEV} -ms unit s p | tail -n 1 | cut -f 1 -d:)
32 32 if [ $LAST_PART_NUM -ne $PART_NUM ]; then
33 33 logger -t "rc.firstboot" "$ROOT_PART is not the last partition. Don't know how to expand"
34 34 return 0
35 35 fi
36 36
37 37 # Get the starting offset of the root partition
38 38 PART_START=$(parted /dev/${ROOT_DEV} -ms unit s p | grep "^${PART_NUM}" | cut -f 2 -d: | sed 's/[^0-9]//g')
39 39 if [ -z "$PART_START" ] ; then
40 40 logger -t "rc.firstboot" "${ROOT_DEV} unable to get starting sector of the partition"
41 41 return 1
42 42 fi
43 43
44 44 # Get the possible last sector for the root partition
45 45 PART_LAST=$(fdisk -l /dev/${ROOT_DEV} | grep '^Disk.*sectors' | awk '{ print $7 - 1 }')
46 46 if [ -z "$PART_LAST" ] ; then
47 47 logger -t "rc.firstboot" "${ROOT_DEV} unable to get last sector of the partition"
48 48 return 1
49 49 fi
50 50
51 51 ### Since rc.local is run with "sh -e", let's add "|| true" to prevent premature exit
52 52 fdisk /dev/${ROOT_DEV} <<EOF2 || true
53 53 p
54 54 d
55 55 $PART_NUM
56 56 n
57 57 p
58 58 $PART_NUM
59 59 $PART_START
60 60 $PART_LAST
61 61 p
62 62 w
63 63 EOF2
64 64
65 65 # Reload the partition table, resize root filesystem then remove resizing code from this file
66 66 partprobe &&
67 67 resize2fs /dev/${ROOT_PART} &&
68 68 logger -t "rc.firstboot" "Root partition successfully resized."
69
70 # Restart dphys-swapfile service if it exists
71 if systemctl list-units | grep -q dphys-swapfile ; then
72 if systemctl is-enabled dphys-swapfile ; then
73 logger -t "rc.firstboot" "Restarting dphys-swapfile"
74 systemctl restart dphys-swapfile
75 fi
76 fi
@@ -1,31 +1,32
1 1 logger -t "rc.firstboot" "Regenerating initramfs to remove encrypted root partition auto-expand"
2 2
3 3 KERNEL_VERSION=$(uname -r)
4 4 KERNEL_ARCH=$(uname -m)
5 5 INITRAMFS="/boot/firmware/initramfs-${KERNEL_VERSION}"
6 6 INITRAMFS_UBOOT="${INITRAMFS}.uboot"
7 7
8 8 # Extract kernel arch
9 9 case "${KERNEL_ARCH}" in
10 10 arm*) KERNEL_ARCH=arm ;;
11 aarch64) KERNEL_ARCH=arm64 ;;
11 12 esac
12 13
13 14 # Regenerate initramfs
14 15 if [ -r "${INITRAMFS}" ] ; then
15 16 rm -f /etc/initramfs-tools/scripts/init-premount/expand_encrypted_rootfs
16 17 rm -f /etc/initramfs-tools/scripts/local-premount/expand-premount
17 18 rm -f /etc/initramfs-tools/hooks/expand-tools
18 19 rm -f "${INITRAMFS}"
19 20 mkinitramfs -o "${INITRAMFS}" "${KERNEL_VERSION}"
20 21 fi
21 22
22 23 # Convert generated initramfs for U-Boot using mkimage
23 24 if [ -r "${INITRAMFS_UBOOT}" ] ; then
24 25 rm -f /etc/initramfs-tools/scripts/init-premount/expand_encrypted_rootfs
25 26 rm -f /etc/initramfs-tools/scripts/local-premount/expand-premount
26 27 rm -f /etc/initramfs-tools/hooks/expand-tools
27 28 rm -f "${INITRAMFS_UBOOT}"
28 29 mkinitramfs -o "${INITRAMFS}" "${KERNEL_VERSION}"
29 30 mkimage -A "${KERNEL_ARCH}" -T ramdisk -C none -n "initramfs-${KERNEL_VERSION}" -d "${INITRAMFS}" "${INITRAMFS_UBOOT}"
30 31 rm -f "${INITRAMFS}"
31 32 fi
@@ -1,77 +1,116
1 1 # This file contains utility functions used by rpi23-gen-image.sh
2 2
3 3 cleanup (){
4 4 set +x
5 5 set +e
6 6
7 # Remove exports from nexmon
8 unset KERNEL
9 unset ARCH
10 unset SUBARCH
11 unset CCPLUGIN
12 unset ZLIBFLATE
13 unset Q
14 unset NEXMON_SETUP_ENV
15 unset HOSTUNAME
16 unset PLATFORMUNAME
17
7 18 # Identify and kill all processes still using files
8 19 echo "killing processes using mount point ..."
9 20 fuser -k "${R}"
10 21 sleep 3
11 22 fuser -9 -k -v "${R}"
12 23
13 24 # Clean up temporary .password file
14 25 if [ -r ".password" ] ; then
15 26 shred -zu .password
16 27 fi
17 28
18 29 # Clean up all temporary mount points
19 30 echo "removing temporary mount points ..."
20 31 umount -l "${R}/proc" 2> /dev/null
21 32 umount -l "${R}/sys" 2> /dev/null
22 33 umount -l "${R}/dev/pts" 2> /dev/null
23 34 umount "$BUILDDIR/mount/boot/firmware" 2> /dev/null
24 35 umount "$BUILDDIR/mount" 2> /dev/null
25 36 cryptsetup close "${CRYPTFS_MAPPING}" 2> /dev/null
26 37 losetup -d "$ROOT_LOOP" 2> /dev/null
27 38 losetup -d "$FRMW_LOOP" 2> /dev/null
28 39 trap - 0 1 2 3 6
29 40 }
30 41
31 42 chroot_exec() {
32 43 # Exec command in chroot
33 44 LANG=C LC_ALL=C DEBIAN_FRONTEND=noninteractive chroot "${R}" "$@"
34 45 }
35 46
36 47 as_nobody() {
37 48 # Exec command as user nobody
38 49 sudo -E -u nobody LANG=C LC_ALL=C "$@"
39 50 }
40 51
41 52 install_readonly() {
42 53 # Install file with user read-only permissions
43 54 install -o root -g root -m 644 "$@"
44 55 }
45 56
46 57 install_exec() {
47 58 # Install file with root exec permissions
48 59 install -o root -g root -m 744 "$@"
49 60 }
50 61
51 62 use_template () {
52 63 # Test if configuration template file exists
53 64 if [ ! -r "./templates/${CONFIG_TEMPLATE}" ] ; then
54 65 echo "error: configuration template ${CONFIG_TEMPLATE} not found"
55 66 exit 1
56 67 fi
57 68
58 69 # Load template configuration parameters
59 70 . "./templates/${CONFIG_TEMPLATE}"
60 71 }
61 72
62 73 chroot_install_cc() {
63 74 # Install c/c++ build environment inside the chroot
64 75 if [ -z "${COMPILER_PACKAGES}" ] ; then
65 76 COMPILER_PACKAGES=$(chroot_exec apt-get -s install g++ make bc | grep "^Inst " | awk -v ORS=" " '{ print $2 }')
66 # Install COMPILER_PACKAGES in chroot
67 chroot_exec apt-get -q -y --allow-unauthenticated --no-install-recommends install "${COMPILER_PACKAGES}"
77 # Install COMPILER_PACKAGES in chroot - NEVER do "${COMPILER_PACKAGES}" -> breaks uboot
78 chroot_exec apt-get -q -y --allow-unauthenticated --no-install-recommends install ${COMPILER_PACKAGES}
68 79 fi
69 80 }
70 81
71 82 chroot_remove_cc() {
72 83 # Remove c/c++ build environment from the chroot
73 84 if [ -n "${COMPILER_PACKAGES}" ] ; then
74 chroot_exec apt-get -qq -y --auto-remove purge "${COMPILER_PACKAGES}"
85 chroot_exec apt-get -qq -y --auto-remove purge ${COMPILER_PACKAGES}
75 86 COMPILER_PACKAGES=""
76 87 fi
77 88 }
89
90 # https://serverfault.com/a/682849 - converts e.g. /24 to 255.255.255.0
91 cdr2mask ()
92 {
93 # Number of args to shift, 255..255, first non-255 byte, zeroes
94 set -- $(( 5 - ($1 / 8) )) 255 255 255 255 $(( (255 << (8 - ($1 % 8))) & 255 )) 0 0 0
95 [ $1 -gt 1 ] && shift $1 || shift
96 echo ${1-0}.${2-0}.${3-0}.${4-0}
97 }
98
99 # GPL v2.0 - #https://github.com/sakaki-/bcmrpi3-kernel-bis/blob/master/conform_config.sh
100 set_kernel_config() {
101 # flag as $1, value to set as $2, config must exist at "./.config"
102 TGT="CONFIG_${1#CONFIG_}"
103 REP="${2}"
104 if grep -q "^${TGT}[^_]" .config; then
105 sed -i "s/^\(${TGT}=.*\|# ${TGT} is not set\)/${TGT}=${REP}/" .config
106 else
107 echo "${TGT}"="${2}" >> .config
108 fi
109 }
110
111 # unset kernel config parameter
112 unset_kernel_config() {
113 # unsets flag with the value of $1, config must exist at "./.config"
114 TGT="CONFIG_${1#CONFIG_}"
115 sed -i "s/^${TGT}=.*/# ${TGT} is not set/" .config
116 } No newline at end of file
@@ -1,807 +1,867
1 1 #!/bin/sh
2 2 ########################################################################
3 3 # rpi23-gen-image.sh 2015-2017
4 4 #
5 5 # Advanced Debian "stretch" and "buster" bootstrap script for Raspberry Pi
6 6 #
7 7 # This program is free software; you can redistribute it and/or
8 8 # modify it under the terms of the GNU General Public License
9 9 # as published by the Free Software Foundation; either version 2
10 10 # of the License, or (at your option) any later version.
11 11 #
12 12 # Copyright (C) 2015 Jan Wagner <mail@jwagner.eu>
13 13 #
14 14 # Big thanks for patches and enhancements by 20+ github contributors!
15 15 ########################################################################
16 16
17 17 # Are we running as root?
18 18 if [ "$(id -u)" -ne "0" ] ; then
19 19 echo "error: this script must be executed with root privileges!"
20 20 exit 1
21 21 fi
22 22
23 23 # Check if ./functions.sh script exists
24 24 if [ ! -r "./functions.sh" ] ; then
25 25 echo "error: './functions.sh' required script not found!"
26 26 exit 1
27 27 fi
28 28
29 29 # Load utility functions
30 30 . ./functions.sh
31 31
32 32 # Load parameters from configuration template file
33 33 if [ -n "$CONFIG_TEMPLATE" ] ; then
34 34 use_template
35 35 fi
36 36
37 37 # Introduce settings
38 38 set -e
39 39 echo -n -e "\n#\n# RPi 0/1/2/3 Bootstrap Settings\n#\n"
40 40 set -x
41 41
42 42 # Raspberry Pi model configuration
43 43 RPI_MODEL=${RPI_MODEL:=2}
44 44
45 45 # Debian release
46 46 RELEASE=${RELEASE:=buster}
47 47
48 48 # Kernel Branch
49 49 KERNEL_BRANCH=${KERNEL_BRANCH:=""}
50 50
51 51 # URLs
52 52 KERNEL_URL=${KERNEL_URL:=https://github.com/raspberrypi/linux}
53 53 FIRMWARE_URL=${FIRMWARE_URL:=https://github.com/raspberrypi/firmware/raw/master/boot}
54 54 WLAN_FIRMWARE_URL=${WLAN_FIRMWARE_URL:=https://github.com/RPi-Distro/firmware-nonfree/raw/master/brcm}
55 55 COLLABORA_URL=${COLLABORA_URL:=https://repositories.collabora.co.uk/debian}
56 56 FBTURBO_URL=${FBTURBO_URL:=https://github.com/ssvb/xf86-video-fbturbo.git}
57 57 UBOOT_URL=${UBOOT_URL:=https://git.denx.de/u-boot.git}
58 58 VIDEOCORE_URL=${VIDEOCORE_URL:=https://github.com/raspberrypi/userland}
59 59 BLUETOOTH_URL=${BLUETOOTH_URL:=https://github.com/RPi-Distro/pi-bluetooth.git}
60 NEXMON_URL=${NEXMON_URL:=https://github.com/seemoo-lab/nexmon.git}
61 SYSTEMDSWAP_URL=${SYSTEMDSWAP_URL:=https://github.com/Nefelim4ag/systemd-swap.git}
62
63 # Kernel deb packages for 32bit kernel
64 RPI_32_KERNEL_URL=${RPI_32_KERNEL_URL:=https://github.com/hypriot/rpi-kernel/releases/download/v4.14.34/raspberrypi-kernel_20180422-141901_armhf.deb}
65 RPI_32_KERNELHEADER_URL=${RPI_32_KERNELHEADER_URL:=https://github.com/hypriot/rpi-kernel/releases/download/v4.14.34/raspberrypi-kernel-headers_20180422-141901_armhf.deb}
66 # Kernel has KVM and zswap enabled - use if KERNEL_* parameters and precompiled kernel are used
67 RPI3_64_BIS_KERNEL_URL=${RPI3_64_BIS_KERNEL_URL:=https://github.com/sakaki-/bcmrpi3-kernel-bis/releases/download/4.14.80.20181113/bcmrpi3-kernel-bis-4.14.80.20181113.tar.xz}
68 # Default precompiled 64bit kernel
69 RPI3_64_DEF_KERNEL_URL=${RPI3_64_DEF_KERNEL_URL:=https://github.com/sakaki-/bcmrpi3-kernel/releases/download/4.14.80.20181113/bcmrpi3-kernel-4.14.80.20181113.tar.xz}
70 # Generic
71 RPI3_64_KERNEL_URL=${RPI3_64_KERNEL_URL:=$RPI3_64_DEF_KERNEL_URL}
72 # Kali kernel src - used if ENABLE_NEXMON=true (they patch the wlan kernel modul)
73 KALI_KERNEL_URL=${KALI_KERNEL_URL:=https://github.com/Re4son/re4son-raspberrypi-linux.git}
60 74
61 75 # Build directories
62 76 WORKDIR=$(pwd)
63 77 BASEDIR=${BASEDIR:=${WORKDIR}/images/${RELEASE}}
64 78 BUILDDIR="${BASEDIR}/build"
65 79
66 80 # Chroot directories
67 81 R="${BUILDDIR}/chroot"
68 82 ETC_DIR="${R}/etc"
69 83 LIB_DIR="${R}/lib"
70 84 BOOT_DIR="${R}/boot/firmware"
71 85 KERNEL_DIR="${R}/usr/src/linux"
72 86 WLAN_FIRMWARE_DIR="${LIB_DIR}/firmware/brcm"
73 87 BLUETOOTH_FIRMWARE_DIR="${ETC_DIR}/firmware/bt"
74 88
75 89 # Firmware directory: Blank if download from github
76 90 RPI_FIRMWARE_DIR=${RPI_FIRMWARE_DIR:=""}
77 91
78 92 # General settings
79 93 SET_ARCH=${SET_ARCH:=32}
80 94 HOSTNAME=${HOSTNAME:=rpi${RPI_MODEL}-${RELEASE}}
81 95 PASSWORD=${PASSWORD:=raspberry}
82 96 USER_PASSWORD=${USER_PASSWORD:=raspberry}
83 97 DEFLOCAL=${DEFLOCAL:="en_US.UTF-8"}
84 98 TIMEZONE=${TIMEZONE:="Europe/Berlin"}
85 99 EXPANDROOT=${EXPANDROOT:=true}
86 100
87 101 # Keyboard settings
88 102 XKB_MODEL=${XKB_MODEL:=""}
89 103 XKB_LAYOUT=${XKB_LAYOUT:=""}
90 104 XKB_VARIANT=${XKB_VARIANT:=""}
91 105 XKB_OPTIONS=${XKB_OPTIONS:=""}
92 106
93 107 # Network settings (DHCP)
94 108 ENABLE_DHCP=${ENABLE_DHCP:=true}
95 109
96 110 # Network settings (static)
97 111 NET_ADDRESS=${NET_ADDRESS:=""}
98 112 NET_GATEWAY=${NET_GATEWAY:=""}
99 113 NET_DNS_1=${NET_DNS_1:=""}
100 114 NET_DNS_2=${NET_DNS_2:=""}
101 115 NET_DNS_DOMAINS=${NET_DNS_DOMAINS:=""}
102 116 NET_NTP_1=${NET_NTP_1:=""}
103 117 NET_NTP_2=${NET_NTP_2:=""}
104 118
105 119 # APT settings
106 120 APT_PROXY=${APT_PROXY:=""}
107 121 APT_SERVER=${APT_SERVER:="ftp.debian.org"}
122 KEEP_APT_PROXY=${KEEP_APT_PROXY:=false}
108 123
109 124 # Feature settings
110 125 ENABLE_PRINTK=${ENABLE_PRINTK:=false}
111 126 ENABLE_BLUETOOTH=${ENABLE_BLUETOOTH:=false}
112 127 ENABLE_MINIUART_OVERLAY=${ENABLE_MINIUART_OVERLAY:=false}
113 128 ENABLE_CONSOLE=${ENABLE_CONSOLE:=true}
114 129 ENABLE_I2C=${ENABLE_I2C:=false}
115 130 ENABLE_SPI=${ENABLE_SPI:=false}
116 131 ENABLE_IPV6=${ENABLE_IPV6:=true}
117 132 ENABLE_SSHD=${ENABLE_SSHD:=true}
118 133 ENABLE_NONFREE=${ENABLE_NONFREE:=false}
119 134 ENABLE_WIRELESS=${ENABLE_WIRELESS:=false}
120 135 ENABLE_SOUND=${ENABLE_SOUND:=true}
121 136 ENABLE_DBUS=${ENABLE_DBUS:=true}
122 137 ENABLE_HWRANDOM=${ENABLE_HWRANDOM:=true}
123 138 ENABLE_MINGPU=${ENABLE_MINGPU:=false}
124 139 ENABLE_XORG=${ENABLE_XORG:=false}
125 140 ENABLE_WM=${ENABLE_WM:=""}
126 141 ENABLE_RSYSLOG=${ENABLE_RSYSLOG:=true}
127 142 ENABLE_USER=${ENABLE_USER:=true}
128 143 USER_NAME=${USER_NAME:="pi"}
129 144 ENABLE_ROOT=${ENABLE_ROOT:=false}
130 145 ENABLE_QEMU=${ENABLE_QEMU:=false}
131 146 ENABLE_SYSVINIT=${ENABLE_SYSVINIT:=false}
132 147
133 148 # SSH settings
134 149 SSH_ENABLE_ROOT=${SSH_ENABLE_ROOT:=false}
135 150 SSH_DISABLE_PASSWORD_AUTH=${SSH_DISABLE_PASSWORD_AUTH:=false}
136 151 SSH_LIMIT_USERS=${SSH_LIMIT_USERS:=false}
137 152 SSH_ROOT_PUB_KEY=${SSH_ROOT_PUB_KEY:=""}
138 153 SSH_USER_PUB_KEY=${SSH_USER_PUB_KEY:=""}
139 154
140 155 # Advanced settings
156 ENABLE_SYSTEMDSWAP=${ENABLE_SYSTEMDSWAP:=false}
141 157 ENABLE_MINBASE=${ENABLE_MINBASE:=false}
142 158 ENABLE_REDUCE=${ENABLE_REDUCE:=false}
143 159 ENABLE_UBOOT=${ENABLE_UBOOT:=false}
144 160 UBOOTSRC_DIR=${UBOOTSRC_DIR:=""}
161 ENABLE_UBOOTUSB=${ENABLE_UBOOTUSB=false}
145 162 ENABLE_FBTURBO=${ENABLE_FBTURBO:=false}
146 163 ENABLE_VIDEOCORE=${ENABLE_VIDEOCORE:=false}
164 ENABLE_NEXMON=${ENABLE_NEXMON:=false}
147 165 VIDEOCORESRC_DIR=${VIDEOCORESRC_DIR:=""}
148 166 FBTURBOSRC_DIR=${FBTURBOSRC_DIR:=""}
167 NEXMONSRC_DIR=${NEXMONSRC_DIR:=""}
149 168 ENABLE_HARDNET=${ENABLE_HARDNET:=false}
150 169 ENABLE_IPTABLES=${ENABLE_IPTABLES:=false}
151 170 ENABLE_SPLITFS=${ENABLE_SPLITFS:=false}
152 171 ENABLE_INITRAMFS=${ENABLE_INITRAMFS:=false}
153 172 ENABLE_IFNAMES=${ENABLE_IFNAMES:=true}
173 ENABLE_SPLASH=${ENABLE_SPLASH:=true}
174 ENABLE_LOGO=${ENABLE_LOGO:=true}
175 ENABLE_SILENT_BOOT=${ENABLE_SILENT_BOOT=false}
154 176 DISABLE_UNDERVOLT_WARNINGS=${DISABLE_UNDERVOLT_WARNINGS:=}
155 177
156 178 # Kernel compilation settings
157 179 BUILD_KERNEL=${BUILD_KERNEL:=true}
158 180 KERNEL_REDUCE=${KERNEL_REDUCE:=false}
159 181 KERNEL_THREADS=${KERNEL_THREADS:=1}
160 182 KERNEL_HEADERS=${KERNEL_HEADERS:=true}
161 183 KERNEL_MENUCONFIG=${KERNEL_MENUCONFIG:=false}
162 184 KERNEL_REMOVESRC=${KERNEL_REMOVESRC:=true}
163 185 KERNEL_OLDDEFCONFIG=${KERNEL_OLDDEFCONFIG:=false}
164 186 KERNEL_CCACHE=${KERNEL_CCACHE:=false}
187 KERNEL_ZSWAP=${KERNEL_ZSWAP:=false}
188 KERNEL_VIRT=${KERNEL_VIRT:=false}
189 KERNEL_BPF=${KERNEL_BPF:=false}
190 KERNEL_DEFAULT_GOV=${KERNEL_DEFAULT_GOV:=powersave}
191 KERNEL_SECURITY=${KERNEL_SECURITY:=false}
192 KERNEL_NF=${KERNEL_NF:=false}
165 193
166 194 # Kernel compilation from source directory settings
167 195 KERNELSRC_DIR=${KERNELSRC_DIR:=""}
168 196 KERNELSRC_CLEAN=${KERNELSRC_CLEAN:=false}
169 197 KERNELSRC_CONFIG=${KERNELSRC_CONFIG:=true}
170 198 KERNELSRC_PREBUILT=${KERNELSRC_PREBUILT:=false}
171 199
172 200 # Reduce disk usage settings
173 201 REDUCE_APT=${REDUCE_APT:=true}
174 202 REDUCE_DOC=${REDUCE_DOC:=true}
175 203 REDUCE_MAN=${REDUCE_MAN:=true}
176 204 REDUCE_VIM=${REDUCE_VIM:=false}
177 205 REDUCE_BASH=${REDUCE_BASH:=false}
178 206 REDUCE_HWDB=${REDUCE_HWDB:=true}
179 207 REDUCE_SSHD=${REDUCE_SSHD:=true}
180 208 REDUCE_LOCALE=${REDUCE_LOCALE:=true}
181 209
182 210 # Encrypted filesystem settings
183 211 ENABLE_CRYPTFS=${ENABLE_CRYPTFS:=false}
184 212 CRYPTFS_PASSWORD=${CRYPTFS_PASSWORD:=""}
185 213 CRYPTFS_MAPPING=${CRYPTFS_MAPPING:="secure"}
186 214 CRYPTFS_CIPHER=${CRYPTFS_CIPHER:="aes-xts-plain64:sha512"}
187 215 CRYPTFS_XTSKEYSIZE=${CRYPTFS_XTSKEYSIZE:=512}
216 #Dropbear-initramfs supports unlocking encrypted filesystem via SSH on bootup
217 CRYPTFS_DROPBEAR=${CRYPTFS_DROPBEAR:=false}
218 #Provide your own Dropbear Public RSA-OpenSSH Key otherwise it will be generated
219 CRYPTFS_DROPBEAR_PUBKEY=${CRYPTFS_DROPBEAR_PUBKEY:=""}
188 220
189 221 # Chroot scripts directory
190 222 CHROOT_SCRIPTS=${CHROOT_SCRIPTS:=""}
191 223
192 224 # Packages required in the chroot build environment
193 225 APT_INCLUDES=${APT_INCLUDES:=""}
194 226 APT_INCLUDES="${APT_INCLUDES},apt-transport-https,apt-utils,ca-certificates,debian-archive-keyring,dialog,sudo,systemd,sysvinit-utils,locales,keyboard-configuration,console-setup,libnss-systemd"
195 227
196 228 # Packages to exclude from chroot build environment
197 229 APT_EXCLUDES=${APT_EXCLUDES:=""}
198 230
199 231 # Packages required for bootstrapping
200 232 REQUIRED_PACKAGES="debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git bc psmisc dbus sudo"
201 233 MISSING_PACKAGES=""
202 234
203 235 # Packages installed for c/c++ build environment in chroot (keep empty)
204 236 COMPILER_PACKAGES=""
205 237
206 set +x
207
208 238 #Check if apt-cacher-ng has port 3142 open and set APT_PROXY
209 APT_CACHER_RUNNING=$(lsof -i :3142 | grep apt-cacher-ng | cut -d ' ' -f3 | uniq)
210 if [ -n "${APT_CACHER_RUNNING}" ] ; then
239 APT_CACHER_RUNNING=$(lsof -i :3142 | cut -d ' ' -f3 | uniq | sed '/^\s*$/d')
240 if [ "${APT_CACHER_RUNNING}" = "apt-cacher-ng" ] ; then
211 241 APT_PROXY=http://127.0.0.1:3142/
212 242 fi
213 243
214 244 # Setup architecture specific settings
215 245 if [ -n "$SET_ARCH" ] ; then
216 246 # 64-bit configuration
217 247 if [ "$SET_ARCH" = 64 ] ; then
218 248 # General 64-bit depended settings
219 249 QEMU_BINARY=${QEMU_BINARY:=/usr/bin/qemu-aarch64-static}
220 250 KERNEL_ARCH=${KERNEL_ARCH:=arm64}
221 251 KERNEL_BIN_IMAGE=${KERNEL_BIN_IMAGE:="Image"}
222 252
223 253 # Raspberry Pi model specific settings
224 254 if [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then
225 255 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-arm64"
226 256 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcmrpi3_defconfig}
227 257 RELEASE_ARCH=${RELEASE_ARCH:=arm64}
228 258 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel8.img}
229 259 CROSS_COMPILE=${CROSS_COMPILE:=aarch64-linux-gnu-}
230 260 else
231 261 echo "error: Only Raspberry PI 3 and 3B+ support 64-bit"
232 262 exit 1
233 263 fi
234 264 fi
235 265
236 266 # 32-bit configuration
237 267 if [ "$SET_ARCH" = 32 ] ; then
238 268 # General 32-bit dependend settings
239 269 QEMU_BINARY=${QEMU_BINARY:=/usr/bin/qemu-arm-static}
240 270 KERNEL_ARCH=${KERNEL_ARCH:=arm}
241 271 KERNEL_BIN_IMAGE=${KERNEL_BIN_IMAGE:="zImage"}
242 272
243 273 # Raspberry Pi model specific settings
244 274 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 1 ] || [ "$RPI_MODEL" = 1P ] ; then
245 275 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-armel"
246 276 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcmrpi_defconfig}
247 277 RELEASE_ARCH=${RELEASE_ARCH:=armel}
248 278 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel.img}
249 279 CROSS_COMPILE=${CROSS_COMPILE:=arm-linux-gnueabi-}
250 280 fi
251 281
252 282 # Raspberry Pi model specific settings
253 283 if [ "$RPI_MODEL" = 2 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then
254 284 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-armhf"
255 285 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcm2709_defconfig}
256 286 RELEASE_ARCH=${RELEASE_ARCH:=armhf}
257 287 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel7.img}
258 288 CROSS_COMPILE=${CROSS_COMPILE:=arm-linux-gnueabihf-}
259 289 fi
260 290 fi
261 291 #SET_ARCH not set
262 292 else
263 293 echo "error: Please set '32' or '64' as value for SET_ARCH"
264 294 exit 1
265 295 fi
266 296 # Device specific configuration and U-Boot configuration
267 297 case "$RPI_MODEL" in
268 298 0)
269 299 DTB_FILE=${DTB_FILE:=bcm2708-rpi-0-w.dtb}
270 300 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_defconfig}
271 301 ;;
272 302 1)
273 303 DTB_FILE=${DTB_FILE:=bcm2708-rpi-b.dtb}
274 304 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_defconfig}
275 305 ;;
276 306 1P)
277 307 DTB_FILE=${DTB_FILE:=bcm2708-rpi-b-plus.dtb}
278 308 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_defconfig}
279 309 ;;
280 310 2)
281 311 DTB_FILE=${DTB_FILE:=bcm2709-rpi-2-b.dtb}
282 312 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_2_defconfig}
283 313 ;;
284 314 3)
285 315 DTB_FILE=${DTB_FILE:=bcm2710-rpi-3-b.dtb}
286 316 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_3_defconfig}
287 317 ;;
288 318 3P)
289 319 DTB_FILE=${DTB_FILE:=bcm2710-rpi-3-b.dtb}
290 320 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_3_defconfig}
291 321 ;;
292 322 *)
293 323 echo "error: Raspberry Pi model $RPI_MODEL is not supported!"
294 324 exit 1
295 325 ;;
296 326 esac
297 327
328 if [ "$ENABLE_UBOOTUSB" = true ] ; then
329 if [ "$ENABLE_UBOOT" = false ] ; then
330 echo "error: Enabling UBOOTUSB requires u-boot to be enabled"
331 exit 1
332 fi
333 if [ "$RPI_MODEL" != 3 ] || [ "$RPI_MODEL" != 3P ] ; then
334 echo "error: Enabling UBOOTUSB requires Raspberry 3"
335 exit 1
336 fi
337 fi
338
298 339 # Raspberry PI 0,3,3P with Bluetooth and Wifi onboard
299 340 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then
300 341 # Include bluetooth packages on supported boards
301 if [ "$ENABLE_BLUETOOTH" = true ] && [ "$ENABLE_CONSOLE" = false ]; then
342 if [ "$ENABLE_BLUETOOTH" = true ] ; then
302 343 APT_INCLUDES="${APT_INCLUDES},bluetooth,bluez"
303 344 fi
345 if [ "$ENABLE_WIRELESS" = true ] ; then
346 APT_INCLUDES="${APT_INCLUDES},wireless-tools,crda,wireless-regdb"
347 fi
304 348 else # Raspberry PI 1,1P,2 without Wifi and bluetooth onboard
305 349 # Check if the internal wireless interface is not supported by the RPi model
306 350 if [ "$ENABLE_WIRELESS" = true ] || [ "$ENABLE_BLUETOOTH" = true ]; then
307 351 echo "error: The selected Raspberry Pi model has no integrated interface for wireless or bluetooth"
308 352 exit 1
309 353 fi
310 354 fi
311 355
356 if [ "$BUILD_KERNEL" = false ] && [ "$ENABLE_NEXMON" = true ]; then
357 echo "error: You have to compile kernel sources, if you want to enable nexmon"
358 exit 1
359 fi
360
312 361 # Prepare date string for default image file name
313 362 DATE="$(date +%Y-%m-%d)"
314 363 if [ -z "$KERNEL_BRANCH" ] ; then
315 364 IMAGE_NAME=${IMAGE_NAME:=${BASEDIR}/${DATE}-${KERNEL_ARCH}-CURRENT-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}}
316 365 else
317 366 IMAGE_NAME=${IMAGE_NAME:=${BASEDIR}/${DATE}-${KERNEL_ARCH}-${KERNEL_BRANCH}-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}}
318 367 fi
319 368
320 369 # Check if DISABLE_UNDERVOLT_WARNINGS parameter value is supported
321 370 if [ -n "$DISABLE_UNDERVOLT_WARNINGS" ] ; then
322 371 if [ "$DISABLE_UNDERVOLT_WARNINGS" != 1 ] && [ "$DISABLE_UNDERVOLT_WARNINGS" != 2 ] ; then
323 372 echo "error: DISABLE_UNDERVOLT_WARNINGS=${DISABLE_UNDERVOLT_WARNINGS} is not supported"
324 373 exit 1
325 374 fi
326 375 fi
327 376
328 377 # Add cmake to compile videocore sources
329 378 if [ "$ENABLE_VIDEOCORE" = true ] ; then
330 379 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} cmake"
331 380 fi
332 381
382 # Add deps for nexmon
383 if [ "$ENABLE_NEXMON" = true ] ; then
384 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} libgmp3-dev gawk qpdf bison flex make autoconf automake build-essential libtool"
385 fi
386
333 387 # Add libncurses5 to enable kernel menuconfig
334 388 if [ "$KERNEL_MENUCONFIG" = true ] ; then
335 389 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} libncurses-dev"
336 390 fi
337 391
338 392 # Add ccache compiler cache for (faster) kernel cross (re)compilation
339 393 if [ "$KERNEL_CCACHE" = true ] ; then
340 394 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} ccache"
341 395 fi
342 396
343 397 # Add cryptsetup package to enable filesystem encryption
344 398 if [ "$ENABLE_CRYPTFS" = true ] && [ "$BUILD_KERNEL" = true ] ; then
345 399 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} cryptsetup"
346 400 APT_INCLUDES="${APT_INCLUDES},cryptsetup,busybox,console-setup"
347 401
402 # If cryptfs,dropbear and initramfs are enabled include dropbear-initramfs package
403 if [ "$CRYPTFS_DROPBEAR" = true ] && [ "$ENABLE_INITRAMFS" = true ]; then
404 APT_INCLUDES="${APT_INCLUDES},dropbear-initramfs"
405 fi
406
348 407 if [ -z "$CRYPTFS_PASSWORD" ] ; then
349 408 echo "error: no password defined (CRYPTFS_PASSWORD)!"
350 409 exit 1
351 410 fi
352 411 ENABLE_INITRAMFS=true
353 412 fi
354 413
355 414 # Add initramfs generation tools
356 415 if [ "$ENABLE_INITRAMFS" = true ] && [ "$BUILD_KERNEL" = true ] ; then
357 416 APT_INCLUDES="${APT_INCLUDES},initramfs-tools"
358 417 fi
359 418
360 419 # Add device-tree-compiler required for building the U-Boot bootloader
361 420 if [ "$ENABLE_UBOOT" = true ] ; then
362 421 APT_INCLUDES="${APT_INCLUDES},device-tree-compiler,bison,flex,bc"
363 422 fi
364 423
365 if [ "$ENABLE_BLUETOOTH" = true ] ; then
366 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then
367 if [ "$ENABLE_CONSOLE" = false ] ; then
368 APT_INCLUDES="${APT_INCLUDES},bluetooth,bluez"
369 fi
370 fi
371 fi
372
373 424 # Check if root SSH (v2) public key file exists
374 425 if [ -n "$SSH_ROOT_PUB_KEY" ] ; then
375 426 if [ ! -f "$SSH_ROOT_PUB_KEY" ] ; then
376 427 echo "error: '$SSH_ROOT_PUB_KEY' specified SSH public key file not found (SSH_ROOT_PUB_KEY)!"
377 428 exit 1
378 429 fi
379 430 fi
380 431
381 432 # Check if $USER_NAME SSH (v2) public key file exists
382 433 if [ -n "$SSH_USER_PUB_KEY" ] ; then
383 434 if [ ! -f "$SSH_USER_PUB_KEY" ] ; then
384 435 echo "error: '$SSH_USER_PUB_KEY' specified SSH public key file not found (SSH_USER_PUB_KEY)!"
385 436 exit 1
386 437 fi
387 438 fi
388 439
440 if [ "$ENABLE_NEXMON" = true ] && [ -n "$KERNEL_BRANCH" ] ; then
441 echo "error: Please unset KERNEL_BRANCH if using ENABLE_NEXMON"
442 exit 1
443 fi
444
389 445 # Check if all required packages are installed on the build system
390 446 for package in $REQUIRED_PACKAGES ; do
391 447 if [ "$(dpkg-query -W -f='${Status}' "$package")" != "install ok installed" ] ; then
392 448 MISSING_PACKAGES="${MISSING_PACKAGES} $package"
393 449 fi
394 450 done
395 451
396 452 # If there are missing packages ask confirmation for install, or exit
397 453 if [ -n "$MISSING_PACKAGES" ] ; then
398 454 echo "the following packages needed by this script are not installed:"
399 455 echo "$MISSING_PACKAGES"
400 456
401 457 printf "\ndo you want to install the missing packages right now? [y/n] "
402 458 read -r confirm
403 459 [ "$confirm" != "y" ] && exit 1
404 460
405 461 # Make sure all missing required packages are installed
406 462 apt-get -qq -y install `echo "${MISSING_PACKAGES}" | sed "s/ //"`
407 463 fi
408 464
409 465 # Check if ./bootstrap.d directory exists
410 466 if [ ! -d "./bootstrap.d/" ] ; then
411 467 echo "error: './bootstrap.d' required directory not found!"
412 468 exit 1
413 469 fi
414 470
415 471 # Check if ./files directory exists
416 472 if [ ! -d "./files/" ] ; then
417 473 echo "error: './files' required directory not found!"
418 474 exit 1
419 475 fi
420 476
421 477 # Check if specified KERNELSRC_DIR directory exists
422 478 if [ -n "$KERNELSRC_DIR" ] && [ ! -d "$KERNELSRC_DIR" ] ; then
423 479 echo "error: '${KERNELSRC_DIR}' specified directory not found (KERNELSRC_DIR)!"
424 480 exit 1
425 481 fi
426 482
427 483 # Check if specified UBOOTSRC_DIR directory exists
428 484 if [ -n "$UBOOTSRC_DIR" ] && [ ! -d "$UBOOTSRC_DIR" ] ; then
429 485 echo "error: '${UBOOTSRC_DIR}' specified directory not found (UBOOTSRC_DIR)!"
430 486 exit 1
431 487 fi
432 488
433 489 # Check if specified VIDEOCORESRC_DIR directory exists
434 490 if [ -n "$VIDEOCORESRC_DIR" ] && [ ! -d "$VIDEOCORESRC_DIR" ] ; then
435 491 echo "error: '${VIDEOCORESRC_DIR}' specified directory not found (VIDEOCORESRC_DIR)!"
436 492 exit 1
437 493 fi
438 494
439 495 # Check if specified FBTURBOSRC_DIR directory exists
440 496 if [ -n "$FBTURBOSRC_DIR" ] && [ ! -d "$FBTURBOSRC_DIR" ] ; then
441 497 echo "error: '${FBTURBOSRC_DIR}' specified directory not found (FBTURBOSRC_DIR)!"
442 498 exit 1
443 499 fi
444 500
501 # Check if specified NEXMONSRC_DIR directory exists
502 if [ -n "$NEXMONSRC_DIR" ] && [ ! -d "$NEXMONSRC_DIR" ] ; then
503 echo "error: '${NEXMONSRC_DIR}' specified directory not found (NEXMONSRC_DIR)!"
504 exit 1
505 fi
506
445 507 # Check if specified CHROOT_SCRIPTS directory exists
446 508 if [ -n "$CHROOT_SCRIPTS" ] && [ ! -d "$CHROOT_SCRIPTS" ] ; then
447 509 echo "error: ${CHROOT_SCRIPTS} specified directory not found (CHROOT_SCRIPTS)!"
448 510 exit 1
449 511 fi
450 512
451 513 # Check if specified device mapping already exists (will be used by cryptsetup)
452 514 if [ -r "/dev/mapping/${CRYPTFS_MAPPING}" ] ; then
453 515 echo "error: mapping /dev/mapping/${CRYPTFS_MAPPING} already exists, not proceeding"
454 516 exit 1
455 517 fi
456 518
457 519 # Don't clobber an old build
458 520 if [ -e "$BUILDDIR" ] ; then
459 521 echo "error: directory ${BUILDDIR} already exists, not proceeding"
460 522 exit 1
461 523 fi
462 524
463 525 # Setup chroot directory
464 526 mkdir -p "${R}"
465 527
466 528 # Check if build directory has enough of free disk space >512MB
467 529 if [ "$(df --output=avail "${BUILDDIR}" | sed "1d")" -le "524288" ] ; then
468 530 echo "error: ${BUILDDIR} not enough space left to generate the output image!"
469 531 exit 1
470 532 fi
471 533
472 534 set -x
473 535
474 536 # Call "cleanup" function on various signals and errors
475 537 trap cleanup 0 1 2 3 6
476 538
477 539 # Add required packages for the minbase installation
478 540 if [ "$ENABLE_MINBASE" = true ] ; then
479 541 APT_INCLUDES="${APT_INCLUDES},vim-tiny,netbase,net-tools,ifupdown"
480 542 fi
481 543
482 544 # Add parted package, required to get partprobe utility
483 545 if [ "$EXPANDROOT" = true ] ; then
484 546 APT_INCLUDES="${APT_INCLUDES},parted"
485 547 fi
486 548
487 549 # Add dbus package, recommended if using systemd
488 550 if [ "$ENABLE_DBUS" = true ] ; then
489 551 APT_INCLUDES="${APT_INCLUDES},dbus"
490 552 fi
491 553
492 554 # Add iptables IPv4/IPv6 package
493 555 if [ "$ENABLE_IPTABLES" = true ] ; then
494 556 APT_INCLUDES="${APT_INCLUDES},iptables,iptables-persistent"
495 557 fi
558 # Add apparmor for KERNEL_SECURITY
559 if [ "$KERNEL_SECURITY" = true ] ; then
560 APT_INCLUDES="${APT_INCLUDES},apparmor,apparmor-utils,apparmor-profiles,apparmor-profiles-extra,libapparmor-perl"
561 fi
496 562
497 563 # Add openssh server package
498 564 if [ "$ENABLE_SSHD" = true ] ; then
499 565 APT_INCLUDES="${APT_INCLUDES},openssh-server"
500 566 fi
501 567
502 568 # Add alsa-utils package
503 569 if [ "$ENABLE_SOUND" = true ] ; then
504 570 APT_INCLUDES="${APT_INCLUDES},alsa-utils"
505 571 fi
506 572
507 573 # Add rng-tools package
508 574 if [ "$ENABLE_HWRANDOM" = true ] ; then
509 575 APT_INCLUDES="${APT_INCLUDES},rng-tools"
510 576 fi
511 577
512 578 # Add fbturbo video driver
513 579 if [ "$ENABLE_FBTURBO" = true ] ; then
514 580 # Enable xorg package dependencies
515 581 ENABLE_XORG=true
516 582 fi
517 583
518 584 # Add user defined window manager package
519 585 if [ -n "$ENABLE_WM" ] ; then
520 586 APT_INCLUDES="${APT_INCLUDES},${ENABLE_WM}"
521 587
522 588 # Enable xorg package dependencies
523 589 ENABLE_XORG=true
524 590 fi
525 591
526 592 # Add xorg package
527 593 if [ "$ENABLE_XORG" = true ] ; then
528 594 APT_INCLUDES="${APT_INCLUDES},xorg,dbus-x11"
529 595 fi
530 596
531 597 # Replace selected packages with smaller clones
532 598 if [ "$ENABLE_REDUCE" = true ] ; then
533 599 # Add levee package instead of vim-tiny
534 600 if [ "$REDUCE_VIM" = true ] ; then
535 601 APT_INCLUDES="$(echo ${APT_INCLUDES} | sed "s/vim-tiny/levee/")"
536 602 fi
537 603
538 604 # Add dropbear package instead of openssh-server
539 605 if [ "$REDUCE_SSHD" = true ] ; then
540 606 APT_INCLUDES="$(echo "${APT_INCLUDES}" | sed "s/openssh-server/dropbear/")"
541 607 fi
542 608 fi
543 609
544 610 # Configure systemd-sysv exclude to make halt/reboot/shutdown scripts available
545 611 if [ "$ENABLE_SYSVINIT" = false ] ; then
546 612 APT_EXCLUDES="--exclude=${APT_EXCLUDES},init,systemd-sysv"
547 613 fi
548 614
549 # Check if kernel is getting compiled
550 if [ "$BUILD_KERNEL" = false ] ; then
551 echo "Downloading precompiled kernel"
552 echo "error: not configured"
553 exit 1;
554 # BUILD_KERNEL=true
555 else
556 echo "No precompiled kernel repositories were added"
557 fi
558
559 615 # Configure kernel sources if no KERNELSRC_DIR
560 616 if [ "$BUILD_KERNEL" = true ] && [ -z "$KERNELSRC_DIR" ] ; then
561 617 KERNELSRC_CONFIG=true
562 618 fi
563 619
564 620 # Configure reduced kernel
565 621 if [ "$KERNEL_REDUCE" = true ] ; then
566 622 KERNELSRC_CONFIG=false
567 623 fi
568 624
569 625 # Configure qemu compatible kernel
570 626 if [ "$ENABLE_QEMU" = true ] ; then
571 627 DTB_FILE=vexpress-v2p-ca15_a7.dtb
572 628 UBOOT_CONFIG=vexpress_ca15_tc2_defconfig
573 629 KERNEL_DEFCONFIG="vexpress_defconfig"
574 630 if [ "$KERNEL_MENUCONFIG" = false ] ; then
575 631 KERNEL_OLDDEFCONFIG=true
576 632 fi
577 633 fi
578 634
579 635 # Execute bootstrap scripts
580 636 for SCRIPT in bootstrap.d/*.sh; do
581 637 head -n 3 "$SCRIPT"
582 638 . "$SCRIPT"
583 639 done
584 640
585 641 ## Execute custom bootstrap scripts
586 642 if [ -d "custom.d" ] ; then
587 643 for SCRIPT in custom.d/*.sh; do
588 644 . "$SCRIPT"
589 645 done
590 646 fi
591 647
592 648 # Execute custom scripts inside the chroot
593 649 if [ -n "$CHROOT_SCRIPTS" ] && [ -d "$CHROOT_SCRIPTS" ] ; then
594 650 cp -r "${CHROOT_SCRIPTS}" "${R}/chroot_scripts"
595 651 chroot_exec /bin/bash -x <<'EOF'
596 652 for SCRIPT in /chroot_scripts/* ; do
597 653 if [ -f $SCRIPT -a -x $SCRIPT ] ; then
598 654 $SCRIPT
599 655 fi
600 656 done
601 657 EOF
602 658 rm -rf "${R}/chroot_scripts"
603 659 fi
604 660
605 661 # Remove c/c++ build environment from the chroot
606 662 chroot_remove_cc
607 663
608 664 # Generate required machine-id
609 665 MACHINE_ID=$(dbus-uuidgen)
610 666 echo -n "${MACHINE_ID}" > "${R}/var/lib/dbus/machine-id"
611 667 echo -n "${MACHINE_ID}" > "${ETC_DIR}/machine-id"
612 668
613 669 # APT Cleanup
614 670 chroot_exec apt-get -y clean
615 671 chroot_exec apt-get -y autoclean
616 672 chroot_exec apt-get -y autoremove
617 673
618 674 # Unmount mounted filesystems
619 675 umount -l "${R}/proc"
620 676 umount -l "${R}/sys"
621 677
622 678 # Clean up directories
623 679 rm -rf "${R}/run/*"
624 680 rm -rf "${R}/tmp/*"
625 681
682 # Clean up APT proxy settings
683 if [ "$KEEP_APT_PROXY" = false ] ; then
684 rm -f "${ETC_DIR}/apt/apt.conf.d/10proxy"
685 fi
686
626 687 # Clean up files
627 688 rm -f "${ETC_DIR}/ssh/ssh_host_*"
628 689 rm -f "${ETC_DIR}/dropbear/dropbear_*"
629 690 rm -f "${ETC_DIR}/apt/sources.list.save"
630 691 rm -f "${ETC_DIR}/resolvconf/resolv.conf.d/original"
631 692 rm -f "${ETC_DIR}/*-"
632 rm -f "${ETC_DIR}/apt/apt.conf.d/10proxy"
633 693 rm -f "${ETC_DIR}/resolv.conf"
634 694 rm -f "${R}/root/.bash_history"
635 695 rm -f "${R}/var/lib/urandom/random-seed"
636 696 rm -f "${R}/initrd.img"
637 697 rm -f "${R}/vmlinuz"
638 698 rm -f "${R}${QEMU_BINARY}"
639 699
640 700 if [ "$ENABLE_QEMU" = true ] ; then
641 701 # Setup QEMU directory
642 702 mkdir "${BASEDIR}/qemu"
643 703
644 704 # Copy kernel image to QEMU directory
645 705 install_readonly "${BOOT_DIR}/${KERNEL_IMAGE}" "${BASEDIR}/qemu/${KERNEL_IMAGE}"
646 706
647 707 # Copy kernel config to QEMU directory
648 708 install_readonly "${R}/boot/config-${KERNEL_VERSION}" "${BASEDIR}/qemu/config-${KERNEL_VERSION}"
649 709
650 710 # Copy kernel dtbs to QEMU directory
651 711 for dtb in "${BOOT_DIR}/"*.dtb ; do
652 712 if [ -f "${dtb}" ] ; then
653 713 install_readonly "${dtb}" "${BASEDIR}/qemu/"
654 714 fi
655 715 done
656 716
657 717 # Copy kernel overlays to QEMU directory
658 718 if [ -d "${BOOT_DIR}/overlays" ] ; then
659 719 # Setup overlays dtbs directory
660 720 mkdir "${BASEDIR}/qemu/overlays"
661 721
662 722 for dtb in "${BOOT_DIR}/overlays/"*.dtb ; do
663 723 if [ -f "${dtb}" ] ; then
664 724 install_readonly "${dtb}" "${BASEDIR}/qemu/overlays/"
665 725 fi
666 726 done
667 727 fi
668 728
669 729 # Copy u-boot files to QEMU directory
670 730 if [ "$ENABLE_UBOOT" = true ] ; then
671 731 if [ -f "${BOOT_DIR}/u-boot.bin" ] ; then
672 732 install_readonly "${BOOT_DIR}/u-boot.bin" "${BASEDIR}/qemu/u-boot.bin"
673 733 fi
674 734 if [ -f "${BOOT_DIR}/uboot.mkimage" ] ; then
675 735 install_readonly "${BOOT_DIR}/uboot.mkimage" "${BASEDIR}/qemu/uboot.mkimage"
676 736 fi
677 737 if [ -f "${BOOT_DIR}/boot.scr" ] ; then
678 738 install_readonly "${BOOT_DIR}/boot.scr" "${BASEDIR}/qemu/boot.scr"
679 739 fi
680 740 fi
681 741
682 742 # Copy initramfs to QEMU directory
683 743 if [ -f "${BOOT_DIR}/initramfs-${KERNEL_VERSION}" ] ; then
684 744 install_readonly "${BOOT_DIR}/initramfs-${KERNEL_VERSION}" "${BASEDIR}/qemu/initramfs-${KERNEL_VERSION}"
685 745 fi
686 746 fi
687 747
688 748 # Calculate size of the chroot directory in KB
689 749 CHROOT_SIZE=$(expr "$(du -s "${R}" | awk '{ print $1 }')")
690 750
691 751 # Calculate the amount of needed 512 Byte sectors
692 752 TABLE_SECTORS=$(expr 1 \* 1024 \* 1024 \/ 512)
693 753 FRMW_SECTORS=$(expr 64 \* 1024 \* 1024 \/ 512)
694 754 ROOT_OFFSET=$(expr "${TABLE_SECTORS}" + "${FRMW_SECTORS}")
695 755
696 756 # The root partition is EXT4
697 757 # This means more space than the actual used space of the chroot is used.
698 758 # As overhead for journaling and reserved blocks 35% are added.
699 759 ROOT_SECTORS=$(expr "$(expr "${CHROOT_SIZE}" + "${CHROOT_SIZE}" \/ 100 \* 35)" \* 1024 \/ 512)
700 760
701 761 # Calculate required image size in 512 Byte sectors
702 762 IMAGE_SECTORS=$(expr "${TABLE_SECTORS}" + "${FRMW_SECTORS}" + "${ROOT_SECTORS}")
703 763
704 764 # Prepare image file
705 765 if [ "$ENABLE_SPLITFS" = true ] ; then
706 766 dd if=/dev/zero of="$IMAGE_NAME-frmw.img" bs=512 count="${TABLE_SECTORS}"
707 767 dd if=/dev/zero of="$IMAGE_NAME-frmw.img" bs=512 count=0 seek="${FRMW_SECTORS}"
708 768 dd if=/dev/zero of="$IMAGE_NAME-root.img" bs=512 count="${TABLE_SECTORS}"
709 769 dd if=/dev/zero of="$IMAGE_NAME-root.img" bs=512 count=0 seek="${ROOT_SECTORS}"
710 770
711 771 # Write firmware/boot partition tables
712 772 sfdisk -q -L -uS -f "$IMAGE_NAME-frmw.img" 2> /dev/null <<EOM
713 773 ${TABLE_SECTORS},${FRMW_SECTORS},c,*
714 774 EOM
715 775
716 776 # Write root partition table
717 777 sfdisk -q -L -uS -f "$IMAGE_NAME-root.img" 2> /dev/null <<EOM
718 778 ${TABLE_SECTORS},${ROOT_SECTORS},83
719 779 EOM
720 780
721 781 # Setup temporary loop devices
722 782 FRMW_LOOP="$(losetup -o 1M --sizelimit 64M -f --show "$IMAGE_NAME"-frmw.img)"
723 783 ROOT_LOOP="$(losetup -o 1M -f --show "$IMAGE_NAME"-root.img)"
724 784 else # ENABLE_SPLITFS=false
725 785 dd if=/dev/zero of="$IMAGE_NAME.img" bs=512 count="${TABLE_SECTORS}"
726 786 dd if=/dev/zero of="$IMAGE_NAME.img" bs=512 count=0 seek="${IMAGE_SECTORS}"
727 787
728 788 # Write partition table
729 789 sfdisk -q -L -uS -f "$IMAGE_NAME.img" 2> /dev/null <<EOM
730 790 ${TABLE_SECTORS},${FRMW_SECTORS},c,*
731 791 ${ROOT_OFFSET},${ROOT_SECTORS},83
732 792 EOM
733 793
734 794 # Setup temporary loop devices
735 795 FRMW_LOOP="$(losetup -o 1M --sizelimit 64M -f --show "$IMAGE_NAME".img)"
736 796 ROOT_LOOP="$(losetup -o 65M -f --show "$IMAGE_NAME".img)"
737 797 fi
738 798
739 799 if [ "$ENABLE_CRYPTFS" = true ] ; then
740 800 # Create dummy ext4 fs
741 801 mkfs.ext4 "$ROOT_LOOP"
742 802
743 803 # Setup password keyfile
744 804 touch .password
745 805 chmod 600 .password
746 806 echo -n ${CRYPTFS_PASSWORD} > .password
747 807
748 808 # Initialize encrypted partition
749 809 echo "YES" | cryptsetup luksFormat "${ROOT_LOOP}" -c "${CRYPTFS_CIPHER}" -s "${CRYPTFS_XTSKEYSIZE}" .password
750 810
751 811 # Open encrypted partition and setup mapping
752 812 cryptsetup luksOpen "${ROOT_LOOP}" -d .password "${CRYPTFS_MAPPING}"
753 813
754 814 # Secure delete password keyfile
755 815 shred -zu .password
756 816
757 817 # Update temporary loop device
758 818 ROOT_LOOP="/dev/mapper/${CRYPTFS_MAPPING}"
759 819
760 820 # Wipe encrypted partition (encryption cipher is used for randomness)
761 821 dd if=/dev/zero of="${ROOT_LOOP}" bs=512 count="$(blockdev --getsz "${ROOT_LOOP}")"
762 822 fi
763 823
764 824 # Build filesystems
765 825 mkfs.vfat "$FRMW_LOOP"
766 826 mkfs.ext4 "$ROOT_LOOP"
767 827
768 828 # Mount the temporary loop devices
769 829 mkdir -p "$BUILDDIR/mount"
770 830 mount "$ROOT_LOOP" "$BUILDDIR/mount"
771 831
772 832 mkdir -p "$BUILDDIR/mount/boot/firmware"
773 833 mount "$FRMW_LOOP" "$BUILDDIR/mount/boot/firmware"
774 834
775 835 # Copy all files from the chroot to the loop device mount point directory
776 836 rsync -a "${R}/" "$BUILDDIR/mount/"
777 837
778 838 # Unmount all temporary loop devices and mount points
779 839 cleanup
780 840
781 841 # Create block map file(s) of image(s)
782 842 if [ "$ENABLE_SPLITFS" = true ] ; then
783 843 # Create block map files for "bmaptool"
784 844 bmaptool create -o "$IMAGE_NAME-frmw.bmap" "$IMAGE_NAME-frmw.img"
785 845 bmaptool create -o "$IMAGE_NAME-root.bmap" "$IMAGE_NAME-root.img"
786 846
787 847 # Image was successfully created
788 848 echo "$IMAGE_NAME-frmw.img ($(expr \( "${TABLE_SECTORS}" + "${FRMW_SECTORS}" \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
789 849 echo "$IMAGE_NAME-root.img ($(expr \( "${TABLE_SECTORS}" + "${ROOT_SECTORS}" \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
790 850 else
791 851 # Create block map file for "bmaptool"
792 852 bmaptool create -o "$IMAGE_NAME.bmap" "$IMAGE_NAME.img"
793 853
794 854 # Image was successfully created
795 855 echo "$IMAGE_NAME.img ($(expr \( "${TABLE_SECTORS}" + "${FRMW_SECTORS}" + "${ROOT_SECTORS}" \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
796 856
797 857 # Create qemu qcow2 image
798 858 if [ "$ENABLE_QEMU" = true ] ; then
799 859 QEMU_IMAGE=${QEMU_IMAGE:=${BASEDIR}/qemu/${DATE}-${KERNEL_ARCH}-CURRENT-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}}
800 860 QEMU_SIZE=16G
801 861
802 862 qemu-img convert -f raw -O qcow2 "$IMAGE_NAME".img "$QEMU_IMAGE".qcow2
803 863 qemu-img resize "$QEMU_IMAGE".qcow2 $QEMU_SIZE
804 864
805 865 echo "$QEMU_IMAGE.qcow2 ($QEMU_SIZE)" ": successfully created"
806 866 fi
807 867 fi
General Comments 0
Vous devez vous connecter pour laisser un commentaire. Se connecter maintenant