##// END OF EJS Templates
Raspi2-3_GenImage
RSS

Cloner depuis https://github.com/drtyhlpr/rpi23-gen-image.git

missing notation
Unknown -
r734:d93fbcaf7a92
parent child
Show More
Show file before | Show file after | Hide comments
@@ -1,403 +1,403
1 1 # rpi23-gen-image
2 2 ## Introduction
3 3 `rpi23-gen-image.sh` is an advanced Debian Linux bootstrapping shell script for generating Debian OS images for all Raspberry Pi computers. The script at this time supports the bootstrapping of the Debian (armhf/armel) releases `stretch` and `buster`. Raspberry Pi 0/1/2/3/4 images are generated for 32-bit mode only. Raspberry Pi 3 supports 64-bit images that can be generated using custom configuration parameters (```templates/rpi3-stretch-arm64-4.14.y```).
4 4
5 5 ## Build dependencies
6 6 The following list of Debian packages must be installed on the build system because they are essentially required for the bootstrapping process. The script will check if all required packages are installed and missing packages will be installed automatically if confirmed by the user.
7 7
8 8 ```debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git bc psmisc dbus sudo```
9 9
10 10 It is recommended to configure the `rpi23-gen-image.sh` script to build and install the latest Raspberry Pi Linux kernel. For the Raspberry 3 this is mandatory. Kernel compilation and linking will be performed on the build system using an ARM (armhf/armel/aarch64) cross-compiler toolchain.
11 11
12 12 The script has been tested using the default `crossbuild-essential-armhf` and `crossbuild-essential-armel` toolchain meta packages on Debian Linux `stretch` build systems. Please check the [Debian CrossToolchains Wiki](https://wiki.debian.org/CrossToolchains) for further information.
13 13
14 14 ## Command-line parameters
15 15 The script accepts certain command-line parameters to enable or disable specific OS features, services and configuration settings. These parameters are passed to the `rpi23-gen-image.sh` script via (simple) shell-variables. Unlike environment shell-variables (simple) shell-variables are defined at the beginning of the command-line call of the `rpi23-gen-image.sh` script.
16 16
17 17 ##### Command-line examples:
18 18 ```shell
19 19 ENABLE_UBOOT=true ./rpi23-gen-image.sh
20 20 ENABLE_CONSOLE=false ENABLE_IPV6=false ./rpi23-gen-image.sh
21 21 ENABLE_WM=xfce4 ENABLE_FBTURBO=true ENABLE_MINBASE=true ./rpi23-gen-image.sh
22 22 ENABLE_HARDNET=true ENABLE_IPTABLES=true /rpi23-gen-image.sh
23 23 APT_SERVER=ftp.de.debian.org APT_PROXY="http://127.0.0.1:3142/" ./rpi23-gen-image.sh
24 24 ENABLE_MINBASE=true ./rpi23-gen-image.sh
25 25 BUILD_KERNEL=true ENABLE_MINBASE=true ENABLE_IPV6=false ./rpi23-gen-image.sh
26 26 BUILD_KERNEL=true KERNELSRC_DIR=/tmp/linux ./rpi23-gen-image.sh
27 27 ENABLE_MINBASE=true ENABLE_REDUCE=true ENABLE_MINGPU=true BUILD_KERNEL=true ./rpi23-gen-image.sh
28 28 ENABLE_CRYPTFS=true CRYPTFS_PASSWORD=changeme EXPANDROOT=false ENABLE_MINBASE=true ENABLE_REDUCE=true ENABLE_MINGPU=true BUILD_KERNEL=true ./rpi23-gen-image.sh
29 29 RELEASE=buster BUILD_KERNEL=true ./rpi23-gen-image.sh
30 30 RPI_MODEL=3 ENABLE_WIRELESS=true ENABLE_MINBASE=true BUILD_KERNEL=true ./rpi23-gen-image.sh
31 31 RELEASE=buster RPI_MODEL=3 ENABLE_WIRELESS=true ENABLE_MINBASE=true BUILD_KERNEL=true ./rpi23-gen-image.sh
32 32 ```
33 33
34 34 ## Configuration template files
35 35 To avoid long lists of command-line parameters and to help to store the favourite parameter configurations the `rpi23-gen-image.sh` script supports so called configuration template files (`CONFIG_TEMPLATE`=template). These are simple text files located in the `./templates` directory that contain the list of configuration parameters that will be used. New configuration template files can be added to the `./templates` directory.
36 36
37 37 ##### Command-line examples:
38 38 ```shell
39 39 CONFIG_TEMPLATE=rpi3stretch ./rpi23-gen-image.sh
40 40 CONFIG_TEMPLATE=rpi2stretch ./rpi23-gen-image.sh
41 41 ```
42 42
43 43 ## Working with the your template:
44 44 * **A Pipe ("|") represents a logical OR**
45 45 * **A valuetype of boolean represents the options true or false**
46 46 * **Values without a default are required if you want do use that feature. It is possible that not every feature has a (working) sanity check.**
47 47 * **If it's not working as expected, search your option in all the files in this repository (With e.g.grep or notepad++).**
48 48 * **Check if your missing a required option while looking at the code**
49 49
50 50 ## Supported parameters and settings
51 51
52 52 #### APT settings:
53 53 |Option|Value|default value|value format|desciption|
54 54 |---|---|---|---|---|
55 |APT_SERVER|string|ftp.debian.org|URL|Set Debian packages server address. Choose a server from the list of Debian worldwide [mirror sites](https://www.debian.org/mirror/list). Using a nearby server will probably speed-up all required downloads within the bootstrapping process.|
56 |APT_PROXY|string||URL|Set Proxy server address. Using a local Proxy-Cache like `apt-cacher-ng` will speed-up the bootstrapping process because all required Debian packages will only be downloaded from the Debian mirror site once. If `apt-cacher-ng` is running on default `http://127.0.0.1:3142` it is autodetected and you don't need to set this.|
55 |APT_SERVER|string|ftp.debian.org|`URL`|Set Debian packages server address. Choose a server from the list of Debian worldwide [mirror sites](https://www.debian.org/mirror/list). Using a nearby server will probably speed-up all required downloads within the bootstrapping process.|
56 |APT_PROXY|string||`URL`|Set Proxy server address. Using a local Proxy-Cache like `apt-cacher-ng` will speed-up the bootstrapping process because all required Debian packages will only be downloaded from the Debian mirror site once. If `apt-cacher-ng` is running on default `http://127.0.0.1:3142` it is autodetected and you don't need to set this.|
57 57 |KEEP_APT_PROXY|boolean|false|`true`\|`false`|true=Keep the APT_PROXY settings used in the bootsrapping process in the generated image|
58 58 |APT_INCLUDES|string list||`packageA`,`packageB`,...|A comma-separated list of additional packages to be installed by debootstrap during bootstrapping.|
59 59 |APT_INCLUDES_LATE|string list||`packageA`,`packageB`,...|A comma-separated list of additional packages to be installed by apt after bootstrapping and after APT sources are set up. This is useful for packages with pre-depends, which debootstrap do not handle well.|
60 60 |APT_EXCLUDES|string list||`packageA`,`packageB`,...|A comma-separated list of packages to exclude. Use carefully|
61 61 ---
62 62
63 63 #### General system settings:
64 64 |Option|Value|default value|value format|desciption|
65 65 |---|---|---|---|---|
66 66 |SET_ARCH|integer|32|`32`\|`64`|Set Architecture to default 32bit. If you want to compile 64-bit (RPI3/RPI3+/RPI4) set it to `64`. This option will set every needed cross-compiler or board specific option for a successful build.|
67 67 |RPI_MODEL|string|3P|`0`\|`1`\|`1P`\|`2`\|`3`\|`3P`\|`4`|Set Architecture. This option will set most build options accordingly. Specify the target Raspberry Pi hardware model.|
68 68 |RELEASE|string|buster|`jessie`\|`buster`\|`stretch`<br>\|`bullseye`\|`testing`\|`stable`<br>\|`oldstable`|Set the desired Debian release name. The script at this time supports the bootstrapping of the Debian releases `stretch` and `buster`.|
69 |HOSTNAME|string|RPI_MODEL-RELEASE(e.g. RPI3-buster)|SomeImageName|Set system hostname. It's recommended that the hostname is unique in the corresponding subnet.|
70 |DEFLOCAL|string|en_US.UTF-8|Locale|Set default system locale. This setting can also be changed inside the running OS using the `dpkg-reconfigure locales` command. Please note that on using this parameter the script will automatically install the required packages `locales`, `keyboard-configuration` and `console-setup`.|
71 |TIMEZONE|string|Europe/Berlin|Timezone|Set default system timezone. All available timezones can be found in the `/usr/share/zoneinfo/` directory. This setting can also be changed inside the running OS using the `dpkg-reconfigure tzdata` command.|
69 |HOSTNAME|string|RPI_MODEL-RELEASE(e.g. RPI3-buster)|`SomeImageName.img`|Set system hostname. It's recommended that the hostname is unique in the corresponding subnet.|
70 |DEFLOCAL|string|en_US.UTF-8|`Locale.Charset`|Set default system locale. This setting can also be changed inside the running OS using the `dpkg-reconfigure locales` command. Please note that on using this parameter the script will automatically install the required packages `locales`, `keyboard-configuration` and `console-setup`.|
71 |TIMEZONE|string|Europe/Berlin|`Timezone`|Set default system timezone. All available timezones can be found in the `/usr/share/zoneinfo/` directory. This setting can also be changed inside the running OS using the `dpkg-reconfigure tzdata` command.|
72 72 |EXPANDROOT|boolean|true|`true`\|`false`|true=Expand the root partition and filesystem automatically on first boot|
73 73
74 74 ---
75 75
76 76 #### User settings:
77 77 |Option|Value|default value|desciption|
78 78 |---|---|---|---|
79 79 |ENABLE_ROOT|boolean|false|true=root login if ROOT_PASSWORD is set|
80 80 |ROOT_PASSWORD|string|raspberry|Set password for `root` user. It's **STRONGLY** recommended that you choose a custom password.|
81 81 |ENABLE_USER|boolean|true|true=Create non-root user with password `USER_PASSWORD` and username `USER_NAME`|
82 82 |USER_NAME|string|pi|Set username for non-root user, if `ENABLE_USER` is true|
83 83 |USER_PASSWORD|string|raspberry|Set password for non-root user, if `ENABLE_USER` is true. It's **STRONGLY** recommended that you choose a custom password.|
84 84
85 85 ---
86 86
87 87 #### Keyboard settings:
88 88
89 89 These options are used to configure keyboard layout in `/etc/default/keyboard` for console and Xorg. These settings can also be changed inside the running OS using the `dpkg-reconfigure keyboard-configuration` command.
90 90
91 91 |Option|Value|default value|value format|desciption|
92 92 |---|---|---|---|---|
93 93 |XKB_MODEL|string||`pc104`|Set the name of the model of your keyboard type|
94 94 |XKB_LAYOUT|string||`us`|Set the supported keyboard layout(s)|
95 95 |XKB_VARIANT|string||`basic`|Set the supported variant(s) of the keyboard layout(s)|
96 96 |XKB_OPTIONS|string||`grp:alt_shift_toggle`|Set extra xkb configuration options|
97 97
98 98 ---
99 99
100 100 #### Networking settings:
101 101 ethernet setting go to `/etc/systemd/network/eth0.network`.
102 102 wifi settings go to `/etc/systemd/network/wlan0.network`.
103 103
104 104 The default location of network configuration files in the Debian `stretch` release was changed to `/lib/systemd/network`.`
105 105
106 106 |Option|Value|default value|desciption|
107 107 |---|---|---|---|
108 108 |ENABLE_IPV6|boolean|true|true=Enable IPv6 support via systemd-networkd|
109 109 |ENABLE_WIRELESS|boolean|false|true=Download and install the [closed-source firmware binary blob](https://github.com/RPi-Distro/firmware-nonfree/raw/master/brcm) that is required to run the internal wireless interface of the Raspberry Pi model `3`. This parameter is ignored if the specified `RPI_MODEL` is not `0`,`3`,`3P`,`4`|
110 110 |ENABLE_IPTABLES|boolean|false|true=Enable iptables IPv4/IPv6 firewall. Simplified ruleset: Allow all outgoing connections. Block all incoming connections except to OpenSSH service.|
111 111 |ENABLE_HARDNET|boolean|false|true=Enable IPv4/IPv6 network stack hardening settings|
112 112 |ENABLE_IFNAMES|boolean|true|true=creates complex and long interface names like e.g. encx8945924. Enable automatic assignment of predictable, stable network interface names for all NICs|
113 113
114 114 ---
115 115
116 116 #### Networking settings (DHCP):
117 117
118 118
119 119 |Option|Value|default value|desciption|
120 120 |---|---|---|---|
121 121 |ENABLE_ETH_DHCP|boolean|true|Set the system to use DHCP on wired interface. This requires an DHCP server|
122 122 |ENABLE_WIFI_DHCP|boolean|true|Set the system to use DHCP on wifi interface. This requires an DHCP server. Requires ENABLE_WIRELESS|
123 123
124 124 ---
125 125
126 126 #### Networking settings (ethernet static):
127 127 The following static networking parameters are only supported if `ENABLE_ETH_DHCP` was set to `false`.
128 128
129 129 |Option|Value|value format|desciption|
130 130 |---|---|---|---|
131 131 |NET_ETH_ADDRESS|string|`CIDR`|static IPv4 or IPv6 address and its prefix, separated by "/", eg. "192.169.0.3/24"|
132 132 |NET_ETH_GATEWAY|string|`IP`|default gateway|
133 133 |NET_ETH_DNS_1|string|`IP`|first DNS server|
134 134 |NET_ETH_DNS_2|string|`IP`|second DNS server|
135 135 |NET_ETH_DNS_DOMAINS|string|`example.local`|default DNS search domains to use for non fully qualified hostnames|
136 136 |NET_ETH_NTP_1|string|`IP`|first NTP server|
137 137 |NET_ETH_NTP_2|string|`IP`|second NTP server|
138 138
139 139 ---
140 140
141 141 #### Networking settings (WIFI):
142 142
143 143 |Option|Value|value format|desciption|
144 144 |---|---|---|---|
145 145 |NET_WIFI_SSID|string|`yourwifiname`|WIFI SSID|
146 146 |NET_WIFI_PSK|string|`yourwifikeytojoinnetwork`|WPA/WPA2 PSK|
147 147
148 148 ---
149 149
150 150 #### Networking settings (WIFI static):
151 151 The following static networking parameters are only supported if `ENABLE_WIFI_DHCP` was set to `false`.
152 152
153 153 |Option|Value|value format|desciption|
154 154 |---|---|---|---|
155 155 |NET_WIFI_ADDRESS|string|`CIDR`|static IPv4 or IPv6 address and its prefix, separated by "/", eg. "192.169.0.3/24"|
156 156 |NET_WIFI_GATEWAY|string|`IP`|default gateway|
157 157 |NET_WIFI_DNS_1|string|`IP`|first DNS server|
158 158 |NET_WIFI_DNS_2|string|`IP`|second DNS server|
159 |NET_WIFI_DNS_DOMAINS|string|example.local|default DNS search domains to use for non fully qualified hostnames|
159 |NET_WIFI_DNS_DOMAINS|string|`example.local`|default DNS search domains to use for non fully qualified hostnames|
160 160 |NET_WIFI_NTP_1|string|`IP`|first NTP server|
161 161 |NET_WIFI_NTP_2|string|`IP`|second NTP server|
162 162
163 163 ---
164 164
165 165 #### Basic system features:
166 166
167 167 |Option|Value|default value|value format|desciption|
168 168 |---|---|---|---|---|
169 169 |ENABLE_CONSOLE|boolean|false|`true`\|`false`|true=Enable serial console interface.Recommended if no monitor or keyboard is connected to the RPi2/3. In case of problems fe. if the network (auto) configuration failed - the serial console can be used to access the system. On RPI `0` `3` `3P` the CPU speed is locked at lowest speed.|
170 170 |ENABLE_PRINTK|boolean|false|`true`\|`false`|true=Enables printing kernel messages to konsole. printk is `3 4 1 3` as in raspbian|
171 171 |ENABLE_BLUETOOTH|boolean|false|`true`\|`false`|true=Enable onboard Bluetooth interface on the RPi0/3/3P. See: [Configuring the GPIO serial port on Raspbian jessie and stretch](https://spellfoundry.com/2016/05/29/configuring-gpio-serial-port-raspbian-jessie-including-pi-3/)|
172 172 |ENABLE_MINIUART_OVERLAY|boolean|false|`true`\|`false`|true=Enable Bluetooth to use this. Adds overlay to swap UART0 with UART1. Enabling (slower) Bluetooth and full speed serial console. - RPI `0` `3` `3P` have a fast `hardware UART0` (ttyAMA0) and a `mini UART1` (ttyS0)! RPI `1` `1P` `2` only have a `hardware UART0`. `UART0` is considered better, because is faster and more stable than `mini UART1`. By default the Bluetooth modem is mapped to the `hardware UART0` and `mini UART` is used for console. The `mini UART` is a problem for the serial console, because its baudrate depends on the CPU frequency, which is changing on runtime. Resulting in a volatile baudrate and thus in an unusable serial console.|
173 173 |ENABLE_TURBO|boolean|false|`true`\|`false`|true=Enable Turbo mode. This setting locks cpu at the highest frequency. As setting ENABLE_CONSOLE=true locks RPI to lowest CPU speed, this is can be used additionally to lock cpu hat max speed. Need a good power supply and probably cooling for the Raspberry PI|
174 174 |ENABLE_I2C|boolean|true|`true`\|`false`|true=Enable I2C interface on the RPi 0/1/2/3. Please check the [RPi 0/1/2/3 pinout diagrams](https://elinux.org/RPi_Low-level_peripherals) to connect the right GPIO pins|
175 175 |ENABLE_SPI|boolean|true|`true`\|`false`|true=Enable SPI interface on the RPi 0/1/2/3. Please check the [RPi 0/1/2/3 pinout diagrams](https://elinux.org/RPi_Low-level_peripherals) to connect the right GPIO pins|
176 176 |SSH_ENABLE|boolean|true|`true`\|`false`|Install and enable OpenSSH service. The default configuration of the service doesn't allow `root` to login. Please use the user `pi` instead and `su -` or `sudo` to execute commands as root|
177 177 |ENABLE_NONFREE|boolean|false|`true`\|`false`|true=enable non-free\|false=disable non free. Edits /etc/apt/sources.list in your resulting image|
178 178 |ENABLE_RSYSLOG|boolean|false|`true`\|`false`|true=keep rsyslog\|false=remove rsyslog. If rsyslog is removed (false), logs will be available only in journal files)|
179 179 |ENABLE_SOUND|boolean|false|`true`\|`false`|true=Enable sound\|false=Disable sound|
180 180 |ENABLE_HWRANDOM|boolean|true|`true`\|`false`|true=Enable Hardware Random Number Generator(RNG)\|false=Disable Hardware RNG\|Strong random numbers are important for most network-based communications that use encryption. It's recommended to be enabled|
181 181 |ENABLE_MINGPU|boolean|false|`true`\|`false`|true=GPU 16MB RAM\|false=64MB RAM\|Minimize the amount of shared memory reserved for the GPU. It doesn't seem to be possible to fully disable the GPU. Also removes start.elf,fixup.dat,start_x.elf,fixup_x.dat form /boot|
182 182 |ENABLE_XORG|boolean|false|`true`\|`false`|true=Install Xorg X Window System|\false=install no Xorg|
183 183 |ENABLE_WM|string||`blackbox`, `openbox`, `fluxbox`,<br> `jwm`, `dwm`, `xfce4`, `awesome`|Install a user-defined window manager for the X Window System. To make sure all X related package dependencies are getting installed `ENABLE_XORG` will automatically set true if `ENABLE_WM` is used|
184 184 |ENABLE_SYSVINIT|boolean|false|`true`\|`false`|true=Support for halt,init,poweroff,reboot,runlevel,shutdown,init commands\|false=use systemd commands|
185 185 |ENABLE_SPLASH|boolean|true|`true`\|`false`|true=Enable default Raspberry Pi boot up rainbow splash screen|
186 186 |ENABLE_LOGO|boolean|true|`true`\|`false`|true=Enable default Raspberry Pi console logo (image of four raspberries in the top left corner)|
187 187 |ENABLE_SILENT_BOOT|boolean|false|`true`\|`false`|true=Set the verbosity of console messages shown during boot up to a strict minimum|
188 188 |DISABLE_UNDERVOLT_WARNINGS|integer||`1`\|`2`|Unset to keep default behaviour. Setting the parameter to `1` will disable the warning overlay. Setting it to `2` will additionally allow RPi2/3 turbo mode when low-voltage is present|
189 189
190 190 ---
191 191
192 192 #### Advanced system features:
193 193
194 194 |Option|Value|default value|value format|desciption|
195 195 |---|---|---|---|---|
196 196 |ENABLE_DPHYSSWAP|boolean|true|`true`\|`false`|Enable swap. The size of the swapfile is chosen relative to the size of the root partition. It'll use the `dphys-swapfile` package for that|
197 197 |ENABLE_SYSTEMDSWAP|boolean|false|`true`\|`false`|Enables [Systemd-swap service](https://github.com/Nefelim4ag/systemd-swap). Usefull if `KERNEL_ZSWAP` is enabled|
198 198 |ENABLE_QEMU|boolean|false|`true`\|`false`|Generate kernel (`vexpress_defconfig`), file system image (`qcow2`) and DTB files that can be used for QEMU full system emulation (`vexpress-A15`). The output files are stored in the `$(pwd)/images/qemu` directory. You can find more information about running the generated image in the QEMU section of this readme file|
199 199 |QEMU_BINARY|string||`FullPathToQemuBinaryFile`|Sets the QEMU enviornment for the Debian archive. **Set by RPI_MODEL**|
200 200 |ENABLE_KEYGEN|boolean|false|`true`\|`false`|Recover your lost codec license|
201 201 |ENABLE_MINBASE|boolean|false|`true`\|`false`|Use debootstrap script variant `minbase` which only includes essential packages and apt. This will reduce the disk usage by about 65 MB|
202 202 |ENABLE_SPLITFS|boolean|false|`true`\|`false`|Enable having root partition on an USB drive by creating two image files: one for the `/boot/firmware` mount point, and another for `/`|
203 203 |ENABLE_INITRAMFS|boolean|false|`true`\|`false`|Create an initramfs that that will be loaded during the Linux startup process. `ENABLE_INITRAMFS` will automatically get enabled if `ENABLE_CRYPTFS`=true. This parameter will be ignored if `BUILD_KERNEL`=false|
204 204 |ENABLE_DBUS|boolean|true|`true`\|`false`|Install and enable D-Bus message bus. Please note that systemd should work without D-bus but it's recommended to be enabled|
205 205 |ENABLE_USBBOOT|boolean|false|`true`\|`false`|true=prepare image for usbboot. use with `ENABLE_SPLTFS`=true|
206 206 |CHROOT_SCRIPTS|string||`FullPathToScriptFolder`|Full path to a directory with scripts that should be run in the chroot before the image is finally built. Every executable file in this directory is run in lexicographical order|
207 207 |ENABLE_UBOOT|boolean|false|`true`\|`false`|Replace the default RPi 0/1/2/3 second stage bootloader (bootcode.bin) with [U-Boot bootloader](https://git.denx.de/?p=u-boot.git;a=summary). U-Boot can boot images via the network using the BOOTP/TFTP protocol. RPI4 needs tbd|
208 208 |UBOOTSRC_DIR|string||`FullPathToUBootFolder`|Full path to a directory named `u-boot` of [U-Boot bootloader sources](https://git.denx.de/?p=u-boot.git;a=summary) that will be copied, configured, build and installed inside the chroot|
209 209 |ENABLE_FBTURBO|boolean|false|`true`\|`false`|Install and enable the [hardware accelerated Xorg video driver](https://github.com/ssvb/xf86-video-fbturbo) `fbturbo`. Please note that this driver is currently limited to hardware accelerated window moving and scrolling|
210 210 |FBTURBOSRC_DIR|string||`FullPathToFbTurboFolder`|Full path to a directory named `xf86-video-fbturbo` of [hardware accelerated Xorg video driver sources](https://github.com/ssvb/xf86-video-fbturbo) that will be copied, configured, build and installed inside the chroot|
211 211 |ENABLE_VIDEOCORE|boolean|false|`true`\|`false`|Install and enable the [ARM side libraries for interfacing to Raspberry Pi GPU](https://github.com/raspberrypi/userland) `vcgencmd`. Please note that this driver is currently limited to hardware accelerated window moving and scrolling|
212 212 |VIDEOCORESRC_DIR|string||`FullPathToVideoSrcFolder`|Full path to a directory named `userland` of [ARM side libraries for interfacing to Raspberry Pi GPU](https://github.com/raspberrypi/userland) that will be copied, configured, build and installed inside the chroot|
213 213 |ENABLE_NEXMON|boolean|false|`true`\|`false`|Install and enable the source code for a C-based firmware patching framework for Broadcom/Cypress WiFi chips that enables you to write your own firmware patches, for example, to enable monitor mode with radiotap headers and frame injection](https://github.com/seemoo-lab/nexmon.git)|
214 214 |NEXMONSRC_DIR|string||`FullPathToNexmonFolder`|Full path to a directory named `nexmon` of [Source code for ARM side libraries for interfacing to Raspberry Pi GPU](https://github.com/raspberrypi/userland) that will be copied, configured, build and installed inside the chroot|
215 215
216 216 ---
217 217
218 218 #### SSH settings:
219 219
220 220 |Option|Value|default value|value format|desciption|
221 221 |---|---|---|---|---|
222 222 |SSH_ENABLE_ROOT|boolean|false|`true`\|`false`|Enable password-based root login via SSH. This may be a security risk with the default password set, use only in trusted environments. `ENABLE_ROOT` must be set to `true`|
223 223 |SSH_DISABLE_PASSWORD_AUTH|boolean|false|`true`\|`false`|Disable password-based SSH authentication. Only public key based SSH (v2) authentication will be supported|
224 224 |SSH_LIMIT_USERS|boolean|false|`true`\|`false`|Limit the users that are allowed to login via SSH. Only allow user `USER_NAME`=pi and root if `SSH_ENABLE_ROOT`=true to login. This parameter will be ignored if `dropbear` SSH is used (`REDUCE_SSHD`=true)|
225 225 |SSH_ROOT_PUB_KEY|string||`PathToYourROOT`<br>`RSAPublicKeyFile`|Full path to file. Add SSH (v2) public key(s) from specified file to `authorized_keys` file to enable public key based SSH (v2) authentication of user `root`. The specified file can also contain multiple SSH (v2) public keys. SSH protocol version 1 is not supported. `ENABLE_ROOT` **and** `SSH_ENABLE_ROOT` must be set to `true`|
226 226 |SSH_USER_PUB_KEY|string||`PathToYourUSER`<br>`RSAPublicKeyFile`|Full path to file. Add SSH (v2) public key(s) from specified file to `authorized_keys` file to enable public key based SSH (v2) authentication of user `USER_NAME`=pi. The specified file can also contain multiple SSH (v2) public keys. SSH protocol version 1 is not supported|
227 227
228 228 ---
229 229
230 230 #### Kernel settings:
231 231
232 232 |Option|Value|default value|value format|desciption|
233 233 |---|---|---|---|---|
234 234 |BUILD_KERNEL||true|`true`\|`false`|Build and install the latest RPi 0/1/2/3/4 Linux kernel. The default RPi 0/1/2/3/ kernel configuration is used most of the time. ENABLE_NEXMON - Changes Kernel Source to [https://github.com/Re4son/](Kali Linux Kernel) Precompiled 32bit kernel for RPI0/1/2/3 by [https://github.com/hypriot/](hypriot) Precompiled 64bit kernel for RPI3/4 by [https://github.com/sakaki-/](sakaki)|
235 235 |CROSS_COMPILE|string|||This sets the cross-compile environment for the compiler. Set by RPI_MODEL|
236 236 |KERNEL_ARCH|string|||This sets the kernel architecture for the compiler. Set by RPI_MODEL|
237 237 |KERNEL_IMAGE|string|||Name of the image file in the boot partition. Set by RPI_MODEL|
238 238 |KERNEL_BRANCH|string|||Name of the requested branch from the GIT location for the RPi Kernel. Default is using the current default branch from the GIT site|
239 239 |KERNEL_DEFCONFIG|string|||Sets the default config for kernel compiling. Set by RPI_MODEL|
240 240 |KERNEL_THREADS|integer|1|`1`\|`2`\|`3`\|...|Number of threads to build the kernel. If not set, the script will automatically determine the maximum number of CPU cores to speed up kernel compilation|
241 241 |KERNEL_HEADERS|boolean|true|`true`\|`false`|Install kernel headers with the built kernel|
242 242 |KERNEL_MENUCONFIG|boolean|false|`true`\|`false`|Start `make menuconfig` interactive menu-driven kernel configuration. The script will continue after `make menuconfig` was terminated|
243 243 |KERNEL_OLDDEFCONFIG|boolean|false|`true`\|`false`|Run `make olddefconfig` to automatically set all new kernel configuration options to their recommended default values|
244 244 |KERNEL_CCACHE|boolean|false|`true`\|`false`|Compile the kernel using ccache. This speeds up kernel recompilation by caching previous compilations and detecting when the same compilation is being done again|
245 245 |KERNEL_REMOVESRC|boolean|true|`true`\|`false`|Remove all kernel sources from the generated OS image after it was built and installed|
246 246 |KERNELSRC_DIR|string||`FullPathToKernelSrcDir`|Full path to a directory named `linux` of [RaspberryPi Linux kernel sources](https://github.com/raspberrypi/linux) that will be copied, configured, build and installed inside the chroot|
247 247 |KERNELSRC_CLEAN|boolean|false|`true`\|`false`|Clean the existing kernel sources directory `KERNELSRC_DIR` (using `make mrproper`) after it was copied to the chroot and before the compilation of the kernel has started. This parameter will be ignored if no `KERNELSRC_DIR` was specified or if `KERNELSRC_PREBUILT`=true|
248 248 |KERNELSRC_CONFIG|boolean|true|`true`\|`false`|true=enable custom kernel options. This parameter is automatically set to `true` if no existing kernel sources directory was specified using `KERNELSRC_DIR`. This parameter is ignored if `KERNELSRC_PREBUILT`=true|
249 249 |KERNELSRC_USRCONFIG|string||`FullPathToUserKernel.config`|Copy own config file to kernel `.config`. If `KERNEL_MENUCONFIG`=true then running after copy|
250 250 |KERNELSRC_PREBUILT|boolean|false|`true`\|`false`|With this parameter set to true the script expects the existing kernel sources directory to be already successfully cross-compiled. The parameters `KERNELSRC_CLEAN`, `KERNELSRC_CONFIG`, `KERNELSRC_USRCONFIG` and `KERNEL_MENUCONFIG` are ignored and no kernel compilation tasks are performed|
251 251 |RPI_FIRMWARE_DIR|string||`FullPathToFolder`|Full path to a directory named `firmware`, containing a local copy of the firmware from the [RaspberryPi firmware project](https://github.com/raspberrypi/firmware). Default is to download the latest firmware directly from the project|
252 252 |KERNEL_DEFAULT_GOV|string|ondemand|`performance`\|`powersave`<br>\|`userspace`\|`ondemand`<br>\|`conservative`\|`schedutil`|Set the default cpu governor at kernel compilation|
253 253 |KERNEL_NF|boolean|false|`true`\|`false`|Enable Netfilter modules as kernel modules. You want that for iptables|
254 254 |KERNEL_VIRT|boolean|false|`true`\|`false`|Enable Kernel KVM support (/dev/kvm)|
255 255 |KERNEL_ZSWAP|boolean|false|`true`\|`false`|Enable Kernel Zswap support. Best use on high RAM load and mediocre CPU load usecases|
256 256 |KERNEL_BPF|boolean|true|`true`\|`false`|Allow attaching eBPF programs to a cgroup using the bpf syscall (CONFIG_BPF_SYSCALL CONFIG_CGROUP_BPF) [systemd wants it - File /lib/systemd/system/systemd-journald.server:36 configures an IP firewall (IPAddressDeny=all), but the local system does not support BPF/cgroup based firewalls]|
257 257 |KERNEL_SECURITY|boolean|false|`true`\|`false`|Enables Apparmor, integrity subsystem, auditing|
258 258 |KERNEL_BTRFS|boolean|false|`true`\|`false`|enable btrfs kernel support|
259 259 |KERNEL_POEHAT|boolean|false|`true`\|`false`|enable Enable RPI POE HAT fan kernel support|
260 260 |KERNEL_NSPAWN|boolean|false|`true`\|`false`|Enable per-interface network priority control - for systemd-nspawn|
261 261 |KERNEL_DHKEY|boolean|true|`true`\|`false`|Diffie-Hellman operations on retained keys - required for >keyutils-1.6|
262 262
263 263 ---
264 264
265 265 #### Reduce disk usage:
266 266 The following list of parameters is ignored if `ENABLE_REDUCE`=false.
267 267
268 268 |Option|Value|default value|value format|desciption|
269 269 |---|---|---|---|---|
270 270 |ENABLE_REDUCE|boolean|false|`true`\|`false`|Reduce the disk space usage by deleting packages and files. See `REDUCE_*` parameters for detailed information|
271 271 |REDUCE_APT|boolean|true|`true`\|`false`|Configure APT to use compressed package repository lists and no package caching files|
272 272 |REDUCE_DOC|boolean|false|`true`\|`false`|Remove all doc files (harsh). Configure APT to not include doc files on future `apt-get` package installations|
273 273 |REDUCE_MAN|boolean|false|`true`\|`false`|Remove all man pages and info files (harsh). Configure APT to not include man pages on future `apt-get` package installations|
274 274 |REDUCE_VIM|boolean|false|`true`\|`false`|Replace `vim-tiny` package by `levee` a tiny vim clone|
275 275 |REDUCE_BASH|boolean|false|`true`\|`false`|Remove `bash` package and switch to `dash` shell (experimental)|
276 276 |REDUCE_HWDB|boolean|false|`true`\|`false`|Remove PCI related hwdb files (experimental)|
277 277 |REDUCE_SSHD|boolean|false|`true`\|`false`|Replace `openssh-server` with `dropbear`|
278 278 |REDUCE_LOCALE|boolean|false|`true`\|`false`|Remove all `locale` translation files|
279 279 |REDUCE_KERNEL|boolean|false|`true`\|`false`|Reduce the size of the generated kernel by removing unwanted devices, network and filesystem drivers (experimental)|
280 280 ---
281 281
282 282 #### Encrypted root partition:
283 283 #### On first boot, you will be asked to enter you password several time
284 284 #### See cryptsetup options for a more information about opttion values(https://wiki.archlinux.org/index.php/Dm-crypt/Device_encryption)
285 285
286 286 |Option|Value|default value|value format|desciption|
287 287 |---|---|---|---|---|
288 288 |ENABLE_CRYPTFS|boolean|false|`true`\|`false`|Enable full system encryption with dm-crypt. Setup a fully LUKS encrypted root partition (aes-xts-plain64:sha512) and generate required initramfs. The /boot directory will not be encrypted. This parameter will be ignored if `BUILD_KERNEL`=false. `ENABLE_CRYPTFS` is experimental|
289 289 |CRYPTFS_PASSWORD|string||`YourPasswordToUnlockCrypto`|Set password of the encrypted root partition. This parameter is mandatory if `ENABLE_CRYPTFS`=true|
290 |CRYPTFS_MAPPING|string|secure|YourDmName|crypsetup device-mapper name|
290 |CRYPTFS_MAPPING|string|secure|`YourDevMNapperName`|crypsetup device-mapper name|
291 291 |CRYPTFS_CIPHER|string|aes-xts-plain64|`aes-cbc-essiv:sha256`|cryptsetup cipher `aes-xts*` ciphers are strongly recommended|
292 292 |CRYPTFS_HASH|string|sha256|`sha256`\|`sha512`|cryptsetup hash algorithm|
293 293 |CRYPTFS_XTSKEYSIZE|integer|256|`256`\|`512`||Sets key size in bits. The argument has to be a multiple of 8|
294 294 |CRYPTFS_DROPBEAR|boolean|false|`true`\|`false`|true=Enable Dropbear Initramfs support\|false=disable dropbear|
295 295 |CRYPTFS_DROPBEAR_PUBKEY|string||`PathToYourPublicDropbearKeyFile`|Full path to dropbear Public RSA-OpenSSH Key|
296 296
297 297 ---
298 298
299 299 #### Build settings:
300 300 |Option|Value|default value|value format|desciption|
301 301 |---|---|---|---|---|
302 302 |BASEDIR|string||`FullPathToScriptRootDir`|If unset start from scriptroot or set to Full path to rpi123-gen-image directory|
303 303 |IMAGE_NAME|string||`YourImageName`|if unset creates a name after this template: rpi`RPI_MODEL`-`RELEASE`-`RELEASE_ARCH`|
304 304
305 305 ---
306 306
307 307 ## Understanding the script
308 308 The functions of this script that are required for the different stages of the bootstrapping are split up into single files located inside the `bootstrap.d` directory. During the bootstrapping every script in this directory gets executed in lexicographical order:
309 309
310 310 | Script | Description |
311 311 | --- | --- |
312 312 | `10-bootstrap.sh` | Debootstrap basic system |
313 313 | `11-apt.sh` | Setup APT repositories |
314 314 | `12-locale.sh` | Setup Locales and keyboard settings |
315 315 | `13-kernel.sh` | Build and install RPi 0/1/2/3 Kernel |
316 316 | `14-fstab.sh` | Setup fstab and initramfs |
317 317 | `15-rpi-config.sh` | Setup RPi 0/1/2/3 config and cmdline |
318 318 | `20-networking.sh` | Setup Networking |
319 319 | `21-firewall.sh` | Setup Firewall |
320 320 | `30-security.sh` | Setup Users and Security settings |
321 321 | `31-logging.sh` | Setup Logging |
322 322 | `32-sshd.sh` | Setup SSH and public keys |
323 323 | `41-uboot.sh` | Build and Setup U-Boot |
324 324 | `42-fbturbo.sh` | Build and Setup fbturbo Xorg driver |
325 325 | `43-videocore.sh` | Build and Setup videocore libraries |
326 326 | `50-firstboot.sh` | First boot actions |
327 327 | `99-reduce.sh` | Reduce the disk space usage |
328 328
329 329 All the required configuration files that will be copied to the generated OS image are located inside the `files` directory. It is not recommended to modify these configuration files manually.
330 330
331 331 | Directory | Description |
332 332 | --- | --- |
333 333 | `apt` | APT management configuration files |
334 334 | `boot` | Boot and RPi 0/1/2/3 configuration files |
335 335 | `dpkg` | Package Manager configuration |
336 336 | `etc` | Configuration files and rc scripts |
337 337 | `firstboot` | Scripts that get executed on first boot |
338 338 | `initramfs` | Initramfs scripts |
339 339 | `iptables` | Firewall configuration files |
340 340 | `locales` | Locales configuration |
341 341 | `modules` | Kernel Modules configuration |
342 342 | `mount` | Fstab configuration |
343 343 | `network` | Networking configuration files |
344 344 | `sysctl.d` | Swapping and Network Hardening configuration |
345 345 | `xorg` | fbturbo Xorg driver configuration |
346 346
347 347 ## Custom packages and scripts
348 348 Debian custom packages, i.e. those not in the debian repositories, can be installed by placing them in the `packages` directory. They are installed immediately after packages from the repositories are installed. Any dependencies listed in the custom packages will be downloaded automatically from the repositories. Do not list these custom packages in `APT_INCLUDES`.
349 349
350 350 Scripts in the custom.d directory will be executed after all other installation is complete but before the image is created.
351 351
352 352 ## Logging of the bootstrapping process
353 353 All information related to the bootstrapping process and the commands executed by the `rpi23-gen-image.sh` script can easily be saved into a logfile. The common shell command `script` can be used for this purpose:
354 354
355 355 ```shell
356 356 script -c 'APT_SERVER=ftp.de.debian.org ./rpi23-gen-image.sh' ./build.log
357 357 ```
358 358
359 359 ## Flashing the image file
360 360 After the image file was successfully created by the `rpi23-gen-image.sh` script it can be copied to the microSD card that will be used by the RPi 0/1/2/3 computer. This can be performed by using the tools `bmaptool` or `dd`. Using `bmaptool` will probably speed-up the copy process because `bmaptool` copies more wisely than `dd`.
361 361
362 362 ##### Flashing examples:
363 363 ```shell
364 364 bmaptool copy ./images/buster/2017-01-23-rpi3-buster.img /dev/mmcblk0
365 365 dd bs=4M if=./images/buster/2017-01-23-rpi3-buster.img of=/dev/mmcblk0
366 366 ```
367 367 If you have set `ENABLE_SPLITFS`, copy the `-frmw` image on the microSD card, then the `-root` one on the USB drive:
368 368 ```shell
369 369 bmaptool copy ./images/buster/2017-01-23-rpi3-buster-frmw.img /dev/mmcblk0
370 370 bmaptool copy ./images/buster/2017-01-23-rpi3-buster-root.img /dev/sdc
371 371 ```
372 372
373 373 ## QEMU emulation
374 374 Start QEMU full system emulation:
375 375 ```shell
376 376 qemu-system-arm -m 2048M -M vexpress-a15 -cpu cortex-a15 -kernel kernel7.img -no-reboot -dtb vexpress-v2p-ca15_a7.dtb -sd ${IMAGE_NAME}.qcow2 -append "root=/dev/mmcblk0p2 rw rootfstype=ext4 console=tty1"
377 377 ```
378 378
379 379 Start QEMU full system emulation and output to console:
380 380 ```shell
381 381 qemu-system-arm -m 2048M -M vexpress-a15 -cpu cortex-a15 -kernel kernel7.img -no-reboot -dtb vexpress-v2p-ca15_a7.dtb -sd ${IMAGE_NAME}.qcow2 -append "root=/dev/mmcblk0p2 rw rootfstype=ext4 console=ttyAMA0,115200 init=/bin/systemd" -serial stdio
382 382 ```
383 383
384 384 Start QEMU full system emulation with SMP and output to console:
385 385 ```shell
386 386 qemu-system-arm -m 2048M -M vexpress-a15 -cpu cortex-a15 -smp cpus=2,maxcpus=2 -kernel kernel7.img -no-reboot -dtb vexpress-v2p-ca15_a7.dtb -sd ${IMAGE_NAME}.qcow2 -append "root=/dev/mmcblk0p2 rw rootfstype=ext4 console=ttyAMA0,115200 init=/bin/systemd" -serial stdio
387 387 ```
388 388
389 389 Start QEMU full system emulation with cryptfs, initramfs and output to console:
390 390 ```shell
391 391 qemu-system-arm -m 2048M -M vexpress-a15 -cpu cortex-a15 -kernel kernel7.img -no-reboot -dtb vexpress-v2p-ca15_a7.dtb -sd ${IMAGE_NAME}.qcow2 -initrd "initramfs-${KERNEL_VERSION}" -append "root=/dev/mapper/secure cryptdevice=/dev/mmcblk0p2:secure rw rootfstype=ext4 console=ttyAMA0,115200 init=/bin/systemd" -serial stdio
392 392 ```
393 393
394 394 ## External links and references
395 395 * [Debian worldwide mirror sites](https://www.debian.org/mirror/list)
396 396 * [Debian Raspberry Pi 2 Wiki](https://wiki.debian.org/RaspberryPi2)
397 397 * [Debian CrossToolchains Wiki](https://wiki.debian.org/CrossToolchains)
398 398 * [Official Raspberry Pi Firmware on github](https://github.com/raspberrypi/firmware)
399 399 * [Official Raspberry Pi Kernel on github](https://github.com/raspberrypi/linux)
400 400 * [U-BOOT git repository](https://git.denx.de/?p=u-boot.git;a=summary)
401 401 * [Xorg DDX driver fbturbo](https://github.com/ssvb/xf86-video-fbturbo)
402 402 * [RPi3 Wireless interface firmware](https://github.com/RPi-Distro/firmware-nonfree/tree/master/brcm)
403 403 * [Collabora RPi2 Kernel precompiled](https://repositories.collabora.co.uk/debian/)
General Comments 0
Vous devez vous connecter pour laisser un commentaire. Se connecter maintenant