##// END OF EJS Templates
Fixes for Debian stretch release support
drtyhlpr -
r93:d975bb85d0ff
parent child
Show More
@@ -1,317 +1,318
1 1 # rpi2-gen-image
2 2 ## Introduction
3 3 `rpi2-gen-image.sh` is an advanced Debian Linux bootstrapping shell script for generating Debian OS images for the Raspberry 2 (RPi2) computer. The script at this time supports the bootstrapping of the Debian releases "jessie" and "stretch".
4 4
5 5 ## Build dependencies
6 6 The following list of Debian packages must be installed on the build system because they are essentially required for the bootstrapping process. The script will check if all required packages are installed and missing packages will be installed automatically if confirmed by the user.
7 7
8 8 ```debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git```
9 9
10 10 ## Command-line parameters
11 11 The script accepts certain command-line parameters to enable or disable specific OS features, services and configuration settings. These parameters are passed to the `rpi2-gen-image.sh` script via (simple) shell-variables. Unlike environment shell-variables (simple) shell-variables are defined at the beginning of the command-line call of the `rpi2-gen-image.sh` script.
12 12
13 13 #####Command-line examples:
14 14 ```shell
15 15 ENABLE_UBOOT=true ./rpi2-gen-image.sh
16 16 ENABLE_CONSOLE=false ENABLE_IPV6=false ./rpi2-gen-image.sh
17 17 ENABLE_WM=xfce4 ENABLE_FBTURBO=true ENABLE_MINBASE=true ./rpi2-gen-image.sh
18 18 ENABLE_HARDNET=true ENABLE_IPTABLES=true /rpi2-gen-image.sh
19 19 APT_SERVER=ftp.de.debian.org APT_PROXY="http://127.0.0.1:3142/" ./rpi2-gen-image.sh
20 20 ENABLE_MINBASE=true ./rpi2-gen-image.sh
21 21 BUILD_KERNEL=true ENABLE_MINBASE=true ENABLE_IPV6=false ./rpi2-gen-image.sh
22 22 BUILD_KERNEL=true KERNELSRC_DIR=/tmp/linux ./rpi2-gen-image.sh
23 23 ENABLE_MINBASE=true ENABLE_REDUCE=true ENABLE_MINGPU=true BUILD_KERNEL=true ./rpi2-gen-image.sh
24 24 ENABLE_CRYPTFS=true CRYPTFS_PASSWORD=changeme EXPANDROOT=false ENABLE_MINBASE=true ENABLE_REDUCE=true ENABLE_MINGPU=true BUILD_KERNEL=true ./rpi2-gen-image.sh
25 25 RELEASE=stretch BUILD_KERNEL=true ./rpi2-gen-image.sh
26 26 ```
27 27
28 28 #### APT settings:
29 29 ##### `APT_SERVER`="ftp.debian.org"
30 30 Set Debian packages server address. Choose a server from the list of Debian worldwide [mirror sites](https://www.debian.org/mirror/list). Using a nearby server will probably speed-up all required downloads within the bootstrapping process.
31 31
32 32 ##### `APT_PROXY`=""
33 33 Set Proxy server address. Using a local Proxy-Cache like `apt-cacher-ng` will speed-up the bootstrapping process because all required Debian packages will only be downloaded from the Debian mirror site once.
34 34
35 35 ##### `APT_INCLUDES`=""
36 36 A comma separated list of additional packages to be installed during bootstrapping.
37 37
38 38 #### General system settings:
39 39 ##### `RELEASE`="jessie"
40 40 Set the desired Debian release name. The script at this time supports the bootstrapping of the Debian releases "jessie" and "stretch". `BUILD_KERNEL`=true will automatically be set if the Debian release `stretch` is used.
41 41
42 42 ##### `HOSTNAME`="rpi2-jessie"
43 43 Set system host name. It's recommended that the host name is unique in the corresponding subnet.
44 44
45 45 ##### `PASSWORD`="raspberry"
46 46 Set system `root` password. The same password is used for the created user `pi`. It's **STRONGLY** recommended that you choose a custom password.
47 47
48 48 ##### `DEFLOCAL`="en_US.UTF-8"
49 49 Set default system locale. This setting can also be changed inside the running OS using the `dpkg-reconfigure locales` command. Please note that on using this parameter the script will automatically install the required packages `locales`, `keyboard-configuration` and `console-setup`.
50 50
51 51 ##### `TIMEZONE`="Europe/Berlin"
52 52 Set default system timezone. All available timezones can be found in the `/usr/share/zoneinfo/` directory. This setting can also be changed inside the running OS using the `dpkg-reconfigure tzdata` command.
53 53
54 54 ##### `EXPANDROOT`=true
55 55 Expand the root partition and filesystem automatically on first boot.
56 56
57 57 #### Keyboard settings:
58 58 These options are used to configure keyboard layout in `/etc/default/keyboard` for console and Xorg. These settings can also be changed inside the running OS using the `dpkg-reconfigure keyboard-configuration` command.
59 59
60 60 ##### `XKB_MODEL`=""
61 61 Set the name of the model of your keyboard type.
62 62
63 63 ##### `XKB_LAYOUT`=""
64 64 Set the supported keyboard layout(s).
65 65
66 66 ##### `XKB_VARIANT`=""
67 67 Set the supported variant(s) of the keyboard layout(s).
68 68
69 69 ##### `XKB_OPTIONS`=""
70 70 Set extra xkb configuration options.
71 71
72 72 #### Networking settings (DHCP):
73 This parameter is used to set up networking auto configuration in `/etc/systemd/network/eth.network`.
73 This parameter is used to set up networking auto configuration in `/etc/systemd/network/eth.network`. The default location of network configuration files in the Debian `stretch` release was changed to `/lib/systemd/network`.`
74 74
75 75 #####`ENABLE_DHCP`=true
76 76 Set the system to use DHCP. This requires an DHCP server.
77 77
78 78 #### Networking settings (static):
79 These parameters are used to set up a static networking configuration in /etc/systemd/network/eth.network. The following static networking parameters are only supported if `ENABLE_DHCP` was set to `false`.
79 These parameters are used to set up a static networking configuration in `/etc/systemd/network/eth.network`. The following static networking parameters are only supported if `ENABLE_DHCP` was set to `false`. The default location of network configuration files in the Debian `stretch` release was changed to `/lib/systemd/network`.
80 80
81 81 #####`NET_ADDRESS`=""
82 82 Set a static IPv4 or IPv6 address and its prefix, separated by "/", eg. "192.169.0.3/24".
83 83
84 84 #####`NET_GATEWAY`=""
85 85 Set the IP address for the default gateway.
86 86
87 87 #####`NET_DNS_1`=""
88 88 Set the IP address for the first DNS server.
89 89
90 90 #####`NET_DNS_2`=""
91 91 Set the IP address for the second DNS server.
92 92
93 93 #####`NET_DNS_DOMAINS`=""
94 94 Set the default DNS search domains to use for non fully qualified host names.
95 95
96 96 #####`NET_NTP_1`=""
97 97 Set the IP address for the first NTP server.
98 98
99 99 #####`NET_NTP_2`=""
100 100 Set the IP address for the second NTP server.
101 101
102 102 #### Basic system features:
103 103 ##### `ENABLE_CONSOLE`=true
104 104 Enable serial console interface. Recommended if no monitor or keyboard is connected to the RPi2. In case of problems fe. if the network (auto) configuration failed - the serial console can be used to access the system.
105 105
106 106 ##### `ENABLE_IPV6`=true
107 107 Enable IPv6 support. The network interface configuration is managed via systemd-networkd.
108 108
109 109 ##### `ENABLE_SSHD`=true
110 110 Install and enable OpenSSH service. The default configuration of the service doesn't allow `root` to login. Please use the user `pi` instead and `su -` or `sudo` to execute commands as root.
111 111
112 112 ##### `ENABLE_NONFREE`=false
113 113 Allow the installation of non-free Debian packages that do not comply with the DFSG. This is required to install closed-source firmware binary blobs.
114 114
115 115 ##### `ENABLE_RSYSLOG`=true
116 116 If set to false, disable and uninstall rsyslog (so logs will be available only
117 117 in journal files)
118 118
119 119 ##### `ENABLE_SOUND`=true
120 120 Enable sound hardware and install Advanced Linux Sound Architecture.
121 121
122 122 ##### `ENABLE_HWRANDOM`=true
123 123 Enable Hardware Random Number Generator. Strong random numbers are important for most network based communications that use encryption. It's recommended to be enabled.
124 124
125 125 ##### `ENABLE_MINGPU`=false
126 126 Minimize the amount of shared memory reserved for the GPU. It doesn't seem to be possible to fully disable the GPU.
127 127
128 128 ##### `ENABLE_DBUS`=true
129 129 Install and enable D-Bus message bus. Please note that systemd should work without D-bus but it's recommended to be enabled.
130 130
131 131 ##### `ENABLE_XORG`=false
132 132 Install Xorg open-source X Window System.
133 133
134 134 ##### `ENABLE_WM`=""
135 135 Install a user defined window manager for the X Window System. To make sure all X related package dependencies are getting installed `ENABLE_XORG` will automatically get enabled if `ENABLE_WM` is used. The `rpi2-gen-image.sh` script has been tested with the following list of window managers: `blackbox`, `openbox`, `fluxbox`, `jwm`, `dwm`, `xfce4`, `awesome`.
136 136
137 137 #### Advanced system features:
138 138 ##### `ENABLE_MINBASE`=false
139 139 Use debootstrap script variant `minbase` which only includes essential packages and apt. This will reduce the disk usage by about 65 MB.
140 140
141 141 ##### `ENABLE_REDUCE`=false
142 142 Reduce the disk space usage by deleting packages and files. See `REDUCE_*` parameters for detailed information.
143 143
144 144 ##### `ENABLE_UBOOT`=false
145 145 Replace default RPi2 second stage bootloader (bootcode.bin) with U-Boot bootloader. U-Boot can boot images via the network using the BOOTP/TFTP protocol.
146 146
147 147 ##### `ENABLE_FBTURBO`=false
148 148 Install and enable the hardware accelerated Xorg video driver `fbturbo`. Please note that this driver is currently limited to hardware accelerated window moving and scrolling.
149 149
150 150 ##### `ENABLE_IPTABLES`=false
151 151 Enable iptables IPv4/IPv6 firewall. Simplified ruleset: Allow all outgoing connections. Block all incoming connections except to OpenSSH service.
152 152
153 153 ##### `ENABLE_USER`=true
154 154 Create non-root user with password raspberry. Unless overridden with `USER_NAME`=user, username will be `pi`.
155 155
156 156 ##### `USER_NAME`=pi
157 157 Non-root user to create. Ignored if `ENABLE_USER`=false
158 158
159 159 ##### `ENABLE_ROOT`=true
160 160 Set root user password so root login will be enabled
161 161
162 162 ##### `ENABLE_ROOT_SSH`=true
163 163 Enable password root login via SSH. May be a security risk with default
164 164 password, use only in trusted environments.
165 165
166 166 ##### `ENABLE_HARDNET`=false
167 167 Enable IPv4/IPv6 network stack hardening settings.
168 168
169 169 ##### `ENABLE_SPLITFS`=false
170 170 Enable having root partition on an USB drive by creating two image files: one for the `/boot/firmware` mount point, and another for `/`.
171 171
172 172 ##### `CHROOT_SCRIPTS`=""
173 173 Path to a directory with scripts that should be run in the chroot before the image is finally built. Every executable file in this directory is run in lexicographical order.
174 174
175 175 ##### `ENABLE_INITRAMFS`=false
176 176 Create an initramfs that that will be loaded during the Linux startup process. `ENABLE_INITRAMFS` will automatically get enabled if `ENABLE_CRYPTFS`=true. This parameter will be ignored if `BUILD_KERNEL`=false.
177 177
178 178 ##### `ENABLE_IFNAMES`=true
179 179 Enable automatic assignment of predictable, stable network interface names for all local Ethernet, WLAN interfaces. This might create complex and long interface names. This parameter is only supported if the Debian release `stretch` is used.
180 180
181 181 #### Kernel compilation:
182 182 ##### `BUILD_KERNEL`=false
183 183 Build and install the latest RPi2 Linux kernel. Currently only the default RPi2 kernel configuration is used.
184 184
185 185 ##### `KERNEL_REDUCE`=false
186 186 Reduce the size of the generated kernel by removing unwanted device, network and filesystem drivers (experimental).
187 187
188 188 ##### `KERNEL_THREADS`=1
189 189 Number of parallel kernel building threads. If the parameter is left untouched the script will automatically determine the number of CPU cores to set the number of parallel threads to speed the kernel compilation.
190 190
191 191 ##### `KERNEL_HEADERS`=true
192 192 Install kernel headers with built kernel.
193 193
194 194 ##### `KERNEL_MENUCONFIG`=false
195 195 Start `make menuconfig` interactive menu-driven kernel configuration. The script will continue after `make menuconfig` was terminated.
196 196
197 197 ##### `KERNEL_REMOVESRC`=true
198 198 Remove all kernel sources from the generated OS image after it was built and installed.
199 199
200 200 ##### `KERNELSRC_DIR`=""
201 201 Path to a directory of [RaspberryPi Linux kernel sources](https://github.com/raspberrypi/linux) that will be copied, configured, build and installed inside the chroot.
202 202
203 203 ##### `KERNELSRC_CLEAN`=false
204 204 Clean the existing kernel sources directory `KERNELSRC_DIR` (using `make mrproper`) after it was copied to the chroot and before the compilation of the kernel has started. This parameter will be ignored if no `KERNELSRC_DIR` was specified or if `KERNELSRC_PREBUILT`=true.
205 205
206 206 ##### `KERNELSRC_CONFIG`=true
207 207 Run `make bcm2709_defconfig` (and optional `make menuconfig`) to configure the kernel sources before building. This parameter is automatically set to `true` if no existing kernel sources directory was specified using `KERNELSRC_DIR`. This parameter is ignored if `KERNELSRC_PREBUILT`=true.
208 208
209 209 ##### `KERNELSRC_PREBUILT`=false
210 210 With this parameter set to true the script expects the existing kernel sources directory to be already successfully cross-compiled. The parameters `KERNELSRC_CLEAN`, `KERNELSRC_CONFIG` and `KERNEL_MENUCONFIG` are ignored and no kernel compilation tasks are performed.
211 211
212 212 ##### `FIRMWAREDIR`=""
213 213 The directory containing a local copy of the firmware from the [RaspberryPi firmware project](https://github.com/raspberrypi/firmware). Default is to download the latest firmware directly from the project.
214 214
215 215 #### Reduce disk usage:
216 216 The following list of parameters is ignored if `ENABLE_REDUCE`=false.
217 217
218 218 ##### `REDUCE_APT`=true
219 219 Configure APT to use compressed package repository lists and no package caching files.
220 220
221 221 ##### `REDUCE_DOC`=true
222 222 Remove all doc files (harsh). Configure APT to not include doc files on future `apt-get` package installations.
223 223
224 224 ##### `REDUCE_MAN`=true
225 225 Remove all man pages and info files (harsh). Configure APT to not include man pages on future `apt-get` package installations.
226 226
227 227 ##### `REDUCE_VIM`=false
228 228 Replace `vim-tiny` package by `levee` a tiny vim clone.
229 229
230 230 ##### `REDUCE_BASH`=false
231 231 Remove `bash` package and switch to `dash` shell (experimental).
232 232
233 233 ##### `REDUCE_HWDB`=true
234 234 Remove PCI related hwdb files (experimental).
235 235
236 236 ##### `REDUCE_SSHD`=true
237 237 Replace `openssh-server` with `dropbear`.
238 238
239 239 ##### `REDUCE_LOCALE`=true
240 240 Remove all `locale` translation files.
241 241
242 242 #### Encrypted root partition:
243 243
244 244 ##### `ENABLE_CRYPTFS`=false
245 245 Enable full system encryption with dm-crypt. Setup a fully LUKS encrypted root partition (aes-xts-plain64:sha512) and generate required initramfs. The /boot directory will not be encrypted. This parameter will be ignored if `BUILD_KERNEL`=false. `ENABLE_CRYPTFS` is experimental. SSH-to-initramfs is currently not supported but will be soon - feel free to help.
246 246
247 247 ##### `CRYPTFS_PASSWORD`=""
248 248 Set password of the encrypted root partition. This parameter is mandatory if `ENABLE_CRYPTFS`=true.
249 249
250 250 ##### `CRYPTFS_MAPPING`="secure"
251 251 Set name of dm-crypt managed device-mapper mapping.
252 252
253 253 ##### `CRYPTFS_CIPHER`="aes-xts-plain64:sha512"
254 254 Set cipher specification string. `aes-xts*` ciphers are strongly recommended.
255 255
256 256 ##### `CRYPTFS_XTSKEYSIZE`=512
257 257 Sets key size in bits. The argument has to be a multiple of 8.
258 258
259 259 ## Understanding the script
260 260 The functions of this script that are required for the different stages of the bootstrapping are split up into single files located inside the `bootstrap.d` directory. During the bootstrapping every script in this directory gets executed in lexicographical order:
261 261
262 262 | Script | Description |
263 263 | --- | --- |
264 264 | `10-bootstrap.sh` | Debootstrap basic system |
265 265 | `11-apt.sh` | Setup APT repositories |
266 266 | `12-locale.sh` | Setup Locales and keyboard settings |
267 267 | `13-kernel.sh` | Build and install RPi2 Kernel |
268 268 | `20-networking.sh` | Setup Networking |
269 269 | `21-firewall.sh` | Setup Firewall |
270 270 | `30-security.sh` | Setup Users and Security settings |
271 271 | `31-logging.sh` | Setup Logging |
272 272 | `41-uboot.sh` | Build and Setup U-Boot |
273 273 | `42-fbturbo.sh` | Build and Setup fbturbo Xorg driver |
274 274 | `50-firstboot.sh` | First boot actions |
275 275 | `99-reduce.sh` | Reduce the disk space usage |
276 276
277 277 All the required configuration files that will be copied to the generated OS image are located inside the `files` directory. It is not recommended to modify these configuration files manually.
278 278
279 279 | Directory | Description |
280 280 | --- | --- |
281 281 | `apt` | APT management configuration files |
282 282 | `boot` | Boot and RPi2 configuration files |
283 283 | `dpkg` | Package Manager configuration |
284 | `etc` | Configuration files and rc scripts |
284 285 | `firstboot` | Scripts that get executed on first boot |
285 286 | `initramfs` | Initramfs scripts |
286 287 | `iptables` | Firewall configuration files |
287 288 | `locales` | Locales configuration |
288 289 | `modules` | Kernel Modules configuration |
289 290 | `mount` | Fstab configuration |
290 291 | `network` | Networking configuration files |
291 292 | `sysctl.d` | Swapping and Network Hardening configuration |
292 293 | `xorg` | fbturbo Xorg driver configuration |
293 294
294 295 Debian custom packages, i.e. those not in the debian repositories, can be installed by placing them in the `packages` directory. They are installed immediately after packages from the repositories are installed. Any dependencies listed in the custom packages will be downloaded automatically from the repositories. Do not list these custom packages in `APT_INCLUDES`.
295 296
296 297 Scripts in the custom.d directory will be executed after all other installation is complete but before the image is created.
297 298
298 299 ## Logging of the bootstrapping process
299 300 All information related to the bootstrapping process and the commands executed by the `rpi2-gen-image.sh` script can easily be saved into a logfile. The common shell command `script` can be used for this purpose:
300 301
301 302 ```shell
302 303 script -c 'APT_SERVER=ftp.de.debian.org ./rpi2-gen-image.sh' ./build.log
303 304 ```
304 305
305 306 ## Flashing the image file
306 307 After the image file was successfully created by the `rpi2-gen-image.sh` script it can be copied to the microSD card that will be used by the RPi2 computer. This can be performed by using the tools `bmaptool` or `dd`. Using `bmaptool` will probably speed-up the copy process because `bmaptool` copies more wisely than `dd`.
307 308
308 309 #####Flashing examples:
309 310 ```shell
310 311 bmaptool copy ./images/jessie/2015-12-13-debian-jessie.img /dev/mmcblk0
311 312 dd bs=4M if=./images/jessie/2015-12-13-debian-jessie.img of=/dev/mmcblk0
312 313 ```
313 314 If you have set `ENABLE_SPLITFS`, copy the `-frmw` image on the microSD card, then the `-root` one on the USB drive:
314 315 ```shell
315 316 bmaptool copy ./images/jessie/2015-12-13-debian-jessie-frmw.img /dev/mmcblk0
316 317 bmaptool copy ./images/jessie/2015-12-13-debian-jessie-root.img /dev/sdc
317 318 ```
@@ -1,67 +1,68
1 1 #
2 2 # Build and Setup U-Boot
3 3 #
4 4
5 5 # Load utility functions
6 6 . ./functions.sh
7 7
8 8 # Install gcc/c++ build environment inside the chroot
9 9 if [ "$ENABLE_UBOOT" = true ] || [ "$ENABLE_FBTURBO" = true ] ; then
10 chroot_exec apt-get -q -y --force-yes --no-install-recommends install linux-compiler-gcc-4.8-arm g++ make bc
10 COMPILER_PACKAGES=$(chroot_exec apt-get -s install ${COMPILER_PACKAGES} | grep "^Inst " | awk -v ORS=" " '{ print $2 }')
11 chroot_exec apt-get -q -y --force-yes --no-install-recommends install ${COMPILER_PACKAGES}
11 12 fi
12 13
13 14 # Fetch and build U-Boot bootloader
14 15 if [ "$ENABLE_UBOOT" = true ] ; then
15 16 # Fetch U-Boot bootloader sources
16 17 git -C "${R}/tmp" clone "${UBOOT_URL}"
17 18
18 19 # Build and install U-Boot inside chroot
19 20 chroot_exec make -C /tmp/u-boot/ ${UBOOT_CONFIG} all
20 21
21 22 # Copy compiled bootloader binary and set config.txt to load it
22 23 install_exec "${R}/tmp/u-boot/tools/mkimage" "${R}/usr/sbin/mkimage"
23 24 install_readonly "${R}/tmp/u-boot/u-boot.bin" "${BOOTDIR}/u-boot.bin"
24 25 printf "\n# boot u-boot kernel\nkernel=u-boot.bin\n" >> "${BOOTDIR}/config.txt"
25 26
26 27 # Install and setup U-Boot command file
27 28 install_readonly files/boot/uboot.mkimage "${BOOTDIR}/uboot.mkimage"
28 29 printf "# Set the kernel boot command line\nsetenv bootargs \"earlyprintk ${CMDLINE}\"\n\n$(cat ${BOOTDIR}/uboot.mkimage)" > "${BOOTDIR}/uboot.mkimage"
29 30
30 31 if [ "$ENABLE_INITRAMFS" = true ] ; then
31 32 # Convert generated initramfs for U-Boot using mkimage
32 33 chroot_exec /usr/sbin/mkimage -A "${KERNEL_ARCH}" -T ramdisk -C none -n "initramfs-${KERNEL_VERSION}" -d "/boot/firmware/initramfs-${KERNEL_VERSION}" "/boot/firmware/initramfs-${KERNEL_VERSION}.uboot"
33 34
34 35 # Remove original initramfs file
35 36 rm -f "${BOOTDIR}/initramfs-${KERNEL_VERSION}"
36 37
37 38 # Configure U-Boot to load generated initramfs
38 39 printf "# Set initramfs file\nsetenv initramfs initramfs-${KERNEL_VERSION}.uboot\n\n$(cat ${BOOTDIR}/uboot.mkimage)" > "${BOOTDIR}/uboot.mkimage"
39 40 printf "\nbootz \${kernel_addr_r} \${ramdisk_addr_r} \${fdt_addr_r}" >> "${BOOTDIR}/uboot.mkimage"
40 41 else # ENABLE_INITRAMFS=false
41 42 # Remove initramfs from U-Boot mkfile
42 43 sed -i '/.*initramfs.*/d' "${BOOTDIR}/uboot.mkimage"
43 44
44 45 if [ "$BUILD_KERNEL" = false ] ; then
45 46 # Remove dtbfile from U-Boot mkfile
46 47 sed -i '/.*dtbfile.*/d' "${BOOTDIR}/uboot.mkimage"
47 48 printf "\nbootz \${kernel_addr_r}" >> "${BOOTDIR}/uboot.mkimage"
48 49 else
49 50 printf "\nbootz \${kernel_addr_r} - \${fdt_addr_r}" >> "${BOOTDIR}/uboot.mkimage"
50 51 fi
51 52 fi
52 53
53 54 # Set mkfile to use dtb file
54 55 sed -i "s/^\(setenv dtbfile \).*/\1${DTB_FILE}/" "${BOOTDIR}/uboot.mkimage"
55 56
56 57 # Set mkfile to use kernel image
57 58 sed -i "s/^\(fatload mmc 0:1 \${kernel_addr_r} \).*/\1${KERNEL_IMAGE}/" "${BOOTDIR}/uboot.mkimage"
58 59
59 60 # Remove all leading blank lines
60 61 sed -i "/./,\$!d" "${BOOTDIR}/uboot.mkimage"
61 62
62 63 # Generate U-Boot bootloader image
63 64 chroot_exec /usr/sbin/mkimage -A "${KERNEL_ARCH}" -O linux -T script -C none -a 0x00000000 -e 0x00000000 -n RPi2 -d /boot/firmware/uboot.mkimage /boot/firmware/boot.scr
64 65
65 66 # Remove U-Boot sources
66 67 rm -fr "${R}/tmp/u-boot"
67 68 fi
@@ -1,34 +1,34
1 1 #
2 2 # Build and Setup fbturbo Xorg driver
3 3 #
4 4
5 5 # Load utility functions
6 6 . ./functions.sh
7 7
8 8 if [ "$ENABLE_FBTURBO" = true ] ; then
9 9 # Fetch fbturbo driver sources
10 10 git -C "${R}/tmp" clone "${FBTURBO_URL}"
11 11
12 12 # Install Xorg build dependencies
13 chroot_exec apt-get -q -y --no-install-recommends install xorg-dev xutils-dev x11proto-dri2-dev libltdl-dev libtool automake libdrm-dev
13 chroot_exec apt-get -q -y --force-yes --no-install-recommends install xorg-dev xutils-dev x11proto-dri2-dev libltdl-dev libtool automake libdrm-dev
14 14
15 15 # Build and install fbturbo driver inside chroot
16 16 chroot_exec /bin/bash -x <<'EOF'
17 17 cd /tmp/xf86-video-fbturbo
18 18 autoreconf -vi
19 19 ./configure --prefix=/usr
20 20 make
21 21 make install
22 22 EOF
23 23
24 24 # Install fbturbo driver Xorg configuration
25 25 install_readonly files/xorg/99-fbturbo.conf "${R}/usr/share/X11/xorg.conf.d/99-fbturbo.conf"
26 26
27 27 # Remove Xorg build dependencies
28 28 chroot_exec apt-get -qq -y --auto-remove purge xorg-dev xutils-dev x11proto-dri2-dev libltdl-dev libtool automake libdrm-dev
29 29 fi
30 30
31 31 # Remove gcc/c++ build environment from the chroot
32 32 if [ "$ENABLE_UBOOT" = true ] || [ "$ENABLE_FBTURBO" = true ] ; then
33 chroot_exec apt-get -qq -y --auto-remove purge bc binutils cpp cpp-4.8 cpp-4.9 g++ g++-4.8 g++-4.9 gcc gcc-4.8 gcc-4.9 libasan1 libatomic1 libc-dev-bin libc6-dev libcloog-isl4 libgcc-4.8-dev libgcc-4.9-dev libgomp1 libisl10 libmpc3 libmpfr4 libstdc++-4.9-dev libubsan0 linux-compiler-gcc-4.8-arm linux-libc-dev make
33 chroot_exec apt-get -qq -y --auto-remove purge ${COMPILER_PACKAGES}
34 34 fi
@@ -1,78 +1,80
1 1 #
2 2 # Reduce system disk usage
3 3 #
4 4
5 5 # Load utility functions
6 6 . ./functions.sh
7 7
8 8 # Reduce the image size by various operations
9 9 if [ "$ENABLE_REDUCE" = true ] ; then
10 10 if [ "$REDUCE_APT" = true ] ; then
11 11 # Install dpkg configuration file
12 12 if [ "$REDUCE_DOC" = true ] || [ "$REDUCE_MAN" = true ] ; then
13 13 install_readonly files/dpkg/01nodoc "${ETCDIR}/dpkg/dpkg.cfg.d/01nodoc"
14 14 fi
15 15
16 16 # Install APT configuration files
17 17 install_readonly files/apt/02nocache "${ETCDIR}/apt/apt.conf.d/02nocache"
18 18 install_readonly files/apt/03compress "${ETCDIR}/apt/apt.conf.d/03compress"
19 19 install_readonly files/apt/04norecommends "${ETCDIR}/apt/apt.conf.d/04norecommends"
20 20
21 21 # Remove APT cache files
22 22 rm -fr "${R}/var/cache/apt/pkgcache.bin"
23 23 rm -fr "${R}/var/cache/apt/srcpkgcache.bin"
24 24 fi
25 25
26 26 # Remove all doc files
27 27 if [ "$REDUCE_DOC" = true ] ; then
28 28 find "${R}/usr/share/doc" -depth -type f ! -name copyright | xargs rm || true
29 29 find "${R}/usr/share/doc" -empty | xargs rmdir || true
30 30 fi
31 31
32 32 # Remove all man pages and info files
33 33 if [ "$REDUCE_MAN" = true ] ; then
34 34 rm -rf "${R}/usr/share/man" "${R}/usr/share/groff" "${R}/usr/share/info" "${R}/usr/share/lintian" "${R}/usr/share/linda" "${R}/var/cache/man"
35 35 fi
36 36
37 37 # Remove all locale translation files
38 38 if [ "$REDUCE_LOCALE" = true ] ; then
39 39 find "${R}/usr/share/locale" -mindepth 1 -maxdepth 1 ! -name 'en' | xargs rm -r
40 40 fi
41 41
42 42 # Remove hwdb PCI device classes (experimental)
43 43 if [ "$REDUCE_HWDB" = true ] ; then
44 44 rm -fr "/lib/udev/hwdb.d/20-pci-*"
45 45 fi
46 46
47 47 # Replace bash shell by dash shell (experimental)
48 48 if [ "$REDUCE_BASH" = true ] ; then
49 49 echo "Yes, do as I say!" | chroot_exec apt-get purge -qq -y --force-yes bash
50 50 chroot_exec update-alternatives --install /bin/bash bash /bin/dash 100
51 51 fi
52 52
53 53 # Remove sound utils and libraries
54 54 if [ "$ENABLE_SOUND" = false ] ; then
55 55 chroot_exec apt-get -qq -y --force-yes purge alsa-utils libsamplerate0 libasound2 libasound2-data
56 56 fi
57 57
58 58 # Re-install tools for managing kernel moduless
59 if [ "$RELEASE" = "jessie" ] ; then
59 60 chroot_exec apt-get -qq -y --force-yes install module-init-tools
61 fi
60 62
61 63 # Remove GPU kernels
62 64 if [ "$ENABLE_MINGPU" = true ] ; then
63 65 rm -f "${BOOTDIR}/start.elf"
64 66 rm -f "${BOOTDIR}/fixup.dat"
65 67 rm -f "${BOOTDIR}/start_x.elf"
66 68 rm -f "${BOOTDIR}/fixup_x.dat"
67 69 fi
68 70
69 71 # Remove kernel and initrd from /boot (already in /boot/firmware)
70 72 if [ "$BUILD_KERNEL" = false ] ; then
71 73 rm -f "${R}/boot/vmlinuz-*"
72 74 rm -f "${R}/boot/initrd.img-*"
73 75 fi
74 76
75 77 # Clean APT list of repositories
76 78 rm -fr "${R}/var/lib/apt/lists/*"
77 79 chroot_exec apt-get -qq -y update
78 80 fi
@@ -1,535 +1,541
1 1 #!/bin/sh
2 2
3 3 ########################################################################
4 4 # rpi2-gen-image.sh 2015-2016
5 5 #
6 6 # Advanced Debian "jessie" and "stretch" bootstrap script for RPi2
7 7 #
8 8 # This program is free software; you can redistribute it and/or
9 9 # modify it under the terms of the GNU General Public License
10 10 # as published by the Free Software Foundation; either version 2
11 11 # of the License, or (at your option) any later version.
12 12 #
13 13 # Copyright (C) 2015 Jan Wagner <mail@jwagner.eu>
14 14 #
15 15 # Big thanks for patches and enhancements by 10+ github contributors!
16 16 ########################################################################
17 17
18 18 # Are we running as root?
19 19 if [ "$(id -u)" -ne "0" ] ; then
20 20 echo "error: this script must be executed with root privileges!"
21 21 exit 1
22 22 fi
23 23
24 24 # Check if ./functions.sh script exists
25 25 if [ ! -r "./functions.sh" ] ; then
26 26 echo "error: './functions.sh' required script not found!"
27 27 exit 1
28 28 fi
29 29
30 30 # Load utility functions
31 31 . ./functions.sh
32 32
33 33 # Introduce settings
34 34 set -e
35 35 echo -n -e "\n#\n# RPi2 Bootstrap Settings\n#\n"
36 36 set -x
37 37
38 38 # Debian release
39 39 RELEASE=${RELEASE:=jessie}
40 40 KERNEL_ARCH=${KERNEL_ARCH:=arm}
41 41 RELEASE_ARCH=${RELEASE_ARCH:=armhf}
42 42 CROSS_COMPILE=${CROSS_COMPILE:=arm-linux-gnueabihf-}
43 43 COLLABORA_KERNEL=${COLLABORA_KERNEL:=3.18.0-trunk-rpi2}
44 44 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcm2709_defconfig}
45 45 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel7.img}
46 46 DTB_FILE=${DTB_FILE:=bcm2709-rpi-2-b.dtb}
47 47 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_2_defconfig}
48 48 QEMU_BINARY=${QEMU_BINARY:=/usr/bin/qemu-arm-static}
49 49
50 50 # URLs
51 51 KERNEL_URL=${KERNEL_URL:=https://github.com/raspberrypi/linux}
52 52 FIRMWARE_URL=${FIRMWARE_URL:=https://github.com/raspberrypi/firmware/raw/master/boot}
53 53 COLLABORA_URL=${COLLABORA_URL:=https://repositories.collabora.co.uk/debian}
54 54 FBTURBO_URL=${FBTURBO_URL:=https://github.com/ssvb/xf86-video-fbturbo.git}
55 55 UBOOT_URL=${UBOOT_URL:=git://git.denx.de/u-boot.git}
56 56
57 57 # Build directories
58 58 BASEDIR="$(pwd)/images/${RELEASE}"
59 59 BUILDDIR="${BASEDIR}/build"
60 60
61 61 # Chroot directories
62 62 R="${BUILDDIR}/chroot"
63 63 ETCDIR="${R}/etc"
64 64 LIBDIR="${R}/lib"
65 65 BOOTDIR="${R}/boot/firmware"
66 66 KERNELDIR="${R}/usr/src/linux"
67 67
68 68 # Firmware directory: Blank if download from github
69 69 FIRMWAREDIR=${FIRMWAREDIR:=""}
70 70
71 # Packages for gcc/c++ inside the chroot
72 COMPILER_PACKAGES=${COMPILER_PACKAGES:="linux-compiler-gcc-4.8-arm g++ make bc"}
73
71 74 # General settings
72 75 HOSTNAME=${HOSTNAME:=rpi2-${RELEASE}}
73 76 PASSWORD=${PASSWORD:=raspberry}
74 77 DEFLOCAL=${DEFLOCAL:="en_US.UTF-8"}
75 78 TIMEZONE=${TIMEZONE:="Europe/Berlin"}
76 79 EXPANDROOT=${EXPANDROOT:=true}
77 80
78 81 # Keyboard settings
79 82 XKB_MODEL=${XKB_MODEL:=""}
80 83 XKB_LAYOUT=${XKB_LAYOUT:=""}
81 84 XKB_VARIANT=${XKB_VARIANT:=""}
82 85 XKB_OPTIONS=${XKB_OPTIONS:=""}
83 86
84 87 # Network settings (DHCP)
85 88 ENABLE_DHCP=${ENABLE_DHCP:=true}
86 89
87 90 # Network settings (static)
88 91 NET_ADDRESS=${NET_ADDRESS:=""}
89 92 NET_GATEWAY=${NET_GATEWAY:=""}
90 93 NET_DNS_1=${NET_DNS_1:=""}
91 94 NET_DNS_2=${NET_DNS_2:=""}
92 95 NET_DNS_DOMAINS=${NET_DNS_DOMAINS:=""}
93 96 NET_NTP_1=${NET_NTP_1:=""}
94 97 NET_NTP_2=${NET_NTP_2:=""}
95 98
96 99 # APT settings
97 100 APT_PROXY=${APT_PROXY:=""}
98 101 APT_SERVER=${APT_SERVER:="ftp.debian.org"}
99 102
100 103 # Feature settings
101 104 ENABLE_CONSOLE=${ENABLE_CONSOLE:=true}
102 105 ENABLE_IPV6=${ENABLE_IPV6:=true}
103 106 ENABLE_SSHD=${ENABLE_SSHD:=true}
104 107 ENABLE_NONFREE=${ENABLE_NONFREE:=false}
105 108 ENABLE_SOUND=${ENABLE_SOUND:=true}
106 109 ENABLE_DBUS=${ENABLE_DBUS:=true}
107 110 ENABLE_HWRANDOM=${ENABLE_HWRANDOM:=true}
108 111 ENABLE_MINGPU=${ENABLE_MINGPU:=false}
109 112 ENABLE_XORG=${ENABLE_XORG:=false}
110 113 ENABLE_WM=${ENABLE_WM:=""}
111 114 ENABLE_RSYSLOG=${ENABLE_RSYSLOG:=true}
112 115 ENABLE_USER=${ENABLE_USER:=true}
113 116 USER_NAME=${USER_NAME:="pi"}
114 117 ENABLE_ROOT=${ENABLE_ROOT:=false}
115 118 ENABLE_ROOT_SSH=${ENABLE_ROOT_SSH:=false}
116 119
117 120 # Advanced settings
118 121 ENABLE_MINBASE=${ENABLE_MINBASE:=false}
119 122 ENABLE_REDUCE=${ENABLE_REDUCE:=false}
120 123 ENABLE_UBOOT=${ENABLE_UBOOT:=false}
121 124 ENABLE_FBTURBO=${ENABLE_FBTURBO:=false}
122 125 ENABLE_HARDNET=${ENABLE_HARDNET:=false}
123 126 ENABLE_IPTABLES=${ENABLE_IPTABLES:=false}
124 127 ENABLE_SPLITFS=${ENABLE_SPLITFS:=false}
125 128 ENABLE_INITRAMFS=${ENABLE_INITRAMFS:=false}
126 129 ENABLE_IFNAMES=${ENABLE_IFNAMES:=true}
127 130
128 131 # Kernel compilation settings
129 132 BUILD_KERNEL=${BUILD_KERNEL:=false}
130 133 KERNEL_REDUCE=${KERNEL_REDUCE:=false}
131 134 KERNEL_THREADS=${KERNEL_THREADS:=1}
132 135 KERNEL_HEADERS=${KERNEL_HEADERS:=true}
133 136 KERNEL_MENUCONFIG=${KERNEL_MENUCONFIG:=false}
134 137 KERNEL_REMOVESRC=${KERNEL_REMOVESRC:=true}
135 138
136 139 # Kernel compilation from source directory settings
137 140 KERNELSRC_DIR=${KERNELSRC_DIR:=""}
138 141 KERNELSRC_CLEAN=${KERNELSRC_CLEAN:=false}
139 142 KERNELSRC_CONFIG=${KERNELSRC_CONFIG:=true}
140 143 KERNELSRC_PREBUILT=${KERNELSRC_PREBUILT:=false}
141 144
142 145 # Reduce disk usage settings
143 146 REDUCE_APT=${REDUCE_APT:=true}
144 147 REDUCE_DOC=${REDUCE_DOC:=true}
145 148 REDUCE_MAN=${REDUCE_MAN:=true}
146 149 REDUCE_VIM=${REDUCE_VIM:=false}
147 150 REDUCE_BASH=${REDUCE_BASH:=false}
148 151 REDUCE_HWDB=${REDUCE_HWDB:=true}
149 152 REDUCE_SSHD=${REDUCE_SSHD:=true}
150 153 REDUCE_LOCALE=${REDUCE_LOCALE:=true}
151 154
152 155 # Encrypted filesystem settings
153 156 ENABLE_CRYPTFS=${ENABLE_CRYPTFS:=false}
154 157 CRYPTFS_PASSWORD=${CRYPTFS_PASSWORD:=""}
155 158 CRYPTFS_MAPPING=${CRYPTFS_MAPPING:="secure"}
156 159 CRYPTFS_CIPHER=${CRYPTFS_CIPHER:="aes-xts-plain64:sha512"}
157 160 CRYPTFS_XTSKEYSIZE=${CRYPTFS_XTSKEYSIZE:=512}
158 161
159 162 # Stop the Crypto Wars
160 163 DISABLE_FBI=${DISABLE_FBI:=false}
161 164
162 165 # Chroot scripts directory
163 166 CHROOT_SCRIPTS=${CHROOT_SCRIPTS:=""}
164 167
165 168 # Packages required in the chroot build environment
166 169 APT_INCLUDES=${APT_INCLUDES:=""}
167 170 APT_INCLUDES="${APT_INCLUDES},apt-transport-https,apt-utils,ca-certificates,debian-archive-keyring,dialog,sudo,systemd,sysvinit-utils"
168 171
169 172 # Packages required for bootstrapping
170 173 REQUIRED_PACKAGES="debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git"
171 174 MISSING_PACKAGES=""
172 175
173 176 set +x
174 177
175 178 # Build latest RPi2 Linux kernel if required by Debian release
176 179 if [ "$RELEASE" = "stretch" ] ; then
177 180 BUILD_KERNEL=true
181 COMPILER_PACKAGES=$(echo $COMPILER_PACKAGES | sed s/-4.8-arm/-5-arm/)
178 182 fi
179 183
180 184 # Add packages required for kernel cross compilation
181 185 if [ "$BUILD_KERNEL" = true ] ; then
182 186 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-armhf"
183 187 fi
184 188
185 189 # Add libncurses5 to enable kernel menuconfig
186 190 if [ "$KERNEL_MENUCONFIG" = true ] ; then
187 191 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} libncurses5-dev"
188 192 fi
189 193
190 194 # Stop the Crypto Wars
191 195 if [ "$DISABLE_FBI" = true ] ; then
192 196 ENABLE_CRYPTFS=true
193 197 fi
194 198
195 199 # Add cryptsetup package to enable filesystem encryption
196 200 if [ "$ENABLE_CRYPTFS" = true ] && [ "$BUILD_KERNEL" = true ] ; then
197 201 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} cryptsetup"
198 202 APT_INCLUDES="${APT_INCLUDES},cryptsetup"
199 203
200 204 if [ -z "$CRYPTFS_PASSWORD" ] ; then
201 205 echo "error: no password defined (CRYPTFS_PASSWORD)!"
202 206 exit 1
203 207 fi
204 208 ENABLE_INITRAMFS=true
205 209 fi
206 210
207 211 # Add initramfs generation tools
208 212 if [ "$ENABLE_INITRAMFS" = true ] && [ "$BUILD_KERNEL" = true ] ; then
209 213 APT_INCLUDES="${APT_INCLUDES},initramfs-tools"
210 214 fi
211 215
212 216 # Check if all required packages are installed on the build system
213 217 for package in $REQUIRED_PACKAGES ; do
214 218 if [ "`dpkg-query -W -f='${Status}' $package`" != "install ok installed" ] ; then
215 219 MISSING_PACKAGES="${MISSING_PACKAGES} $package"
216 220 fi
217 221 done
218 222
219 223 # Ask if missing packages should get installed right now
220 224 if [ -n "$MISSING_PACKAGES" ] ; then
221 225 echo "the following packages needed by this script are not installed:"
222 226 echo "$MISSING_PACKAGES"
223 227
224 228 echo -n "\ndo you want to install the missing packages right now? [y/n] "
225 229 read confirm
226 230 [ "$confirm" != "y" ] && exit 1
227 231 fi
228 232
229 233 # Make sure all required packages are installed
230 234 apt-get -qq -y install ${REQUIRED_PACKAGES}
231 235
232 236 # Check if ./bootstrap.d directory exists
233 237 if [ ! -d "./bootstrap.d/" ] ; then
234 238 echo "error: './bootstrap.d' required directory not found!"
235 239 exit 1
236 240 fi
237 241
238 242 # Check if ./files directory exists
239 243 if [ ! -d "./files/" ] ; then
240 244 echo "error: './files' required directory not found!"
241 245 exit 1
242 246 fi
243 247
244 248 # Check if specified KERNELSRC_DIR directory exists
245 249 if [ -n "$KERNELSRC_DIR" ] && [ ! -d "$KERNELSRC_DIR" ] ; then
246 250 echo "error: '${KERNELSRC_DIR}' specified directory not found (KERNELSRC_DIR)!"
247 251 exit 1
248 252 fi
249 253
250 254 # Check if specified CHROOT_SCRIPTS directory exists
251 255 if [ -n "$CHROOT_SCRIPTS" ] && [ ! -d "$CHROOT_SCRIPTS" ] ; then
252 256 echo "error: ${CHROOT_SCRIPTS} specified directory not found (CHROOT_SCRIPTS)!"
253 257 exit 1
254 258 fi
255 259
256 260 # Check if specified device mapping already exists (will be used by cryptsetup)
257 261 if [ -r "/dev/mapping/${CRYPTFS_MAPPING}" ] ; then
258 262 echo "error: mapping /dev/mapping/${CRYPTFS_MAPPING} already exists, not proceeding"
259 263 exit 1
260 264 fi
261 265
262 266 # Don't clobber an old build
263 267 if [ -e "$BUILDDIR" ] ; then
264 268 echo "error: directory ${BUILDDIR} already exists, not proceeding"
265 269 exit 1
266 270 fi
267 271
268 272 # Setup chroot directory
269 273 mkdir -p "${R}"
270 274
271 275 # Check if build directory has enough of free disk space >512MB
272 276 if [ "$(df --output=avail ${BUILDDIR} | sed "1d")" -le "524288" ] ; then
273 277 echo "error: ${BUILDDIR} not enough space left to generate the output image!"
274 278 exit 1
275 279 fi
276 280
277 281 set -x
278 282
279 283 # Call "cleanup" function on various signals and errors
280 284 trap cleanup 0 1 2 3 6
281 285
282 286 # Add required packages for the minbase installation
283 287 if [ "$ENABLE_MINBASE" = true ] ; then
284 288 APT_INCLUDES="${APT_INCLUDES},vim-tiny,netbase,net-tools,ifupdown"
285 289 fi
286 290
287 291 # Add required locales packages
288 292 if [ "$DEFLOCAL" != "en_US.UTF-8" ] ; then
289 293 APT_INCLUDES="${APT_INCLUDES},locales,keyboard-configuration,console-setup"
290 294 fi
291 295
292 296 # Add parted package, required to get partprobe utility
293 297 if [ "$EXPANDROOT" = true ] ; then
294 298 APT_INCLUDES="${APT_INCLUDES},parted"
295 299 fi
296 300
297 301 # Add dbus package, recommended if using systemd
298 302 if [ "$ENABLE_DBUS" = true ] ; then
299 303 APT_INCLUDES="${APT_INCLUDES},dbus"
300 304 fi
301 305
302 306 # Add iptables IPv4/IPv6 package
303 307 if [ "$ENABLE_IPTABLES" = true ] ; then
304 308 APT_INCLUDES="${APT_INCLUDES},iptables"
305 309 fi
306 310
307 311 # Add openssh server package
308 312 if [ "$ENABLE_SSHD" = true ] ; then
309 313 APT_INCLUDES="${APT_INCLUDES},openssh-server"
310 314 fi
311 315
312 316 # Add alsa-utils package
313 317 if [ "$ENABLE_SOUND" = true ] ; then
314 318 APT_INCLUDES="${APT_INCLUDES},alsa-utils"
315 319 fi
316 320
317 321 # Add rng-tools package
318 322 if [ "$ENABLE_HWRANDOM" = true ] ; then
319 323 APT_INCLUDES="${APT_INCLUDES},rng-tools"
320 324 fi
321 325
322 326 # Add fbturbo video driver
323 327 if [ "$ENABLE_FBTURBO" = true ] ; then
324 328 # Enable xorg package dependencies
325 329 ENABLE_XORG=true
326 330 fi
327 331
328 332 # Add user defined window manager package
329 333 if [ -n "$ENABLE_WM" ] ; then
330 334 APT_INCLUDES="${APT_INCLUDES},${ENABLE_WM}"
331 335
332 336 # Enable xorg package dependencies
333 337 ENABLE_XORG=true
334 338 fi
335 339
336 340 # Add xorg package
337 341 if [ "$ENABLE_XORG" = true ] ; then
338 342 APT_INCLUDES="${APT_INCLUDES},xorg"
339 343 fi
340 344
341 345 # Replace selected packages with smaller clones
342 346 if [ "$ENABLE_REDUCE" = true ] ; then
343 347 # Add levee package instead of vim-tiny
344 348 if [ "$REDUCE_VIM" = true ] ; then
345 349 APT_INCLUDES="$(echo ${APT_INCLUDES} | sed "s/vim-tiny/levee/")"
346 350 fi
347 351
348 352 # Add dropbear package instead of openssh-server
349 353 if [ "$REDUCE_SSHD" = true ] ; then
350 354 APT_INCLUDES="$(echo ${APT_INCLUDES} | sed "s/openssh-server/dropbear/")"
351 355 fi
352 356 fi
353 357
354 358 # Configure kernel sources if no KERNELSRC_DIR
355 359 if [ "$BUILD_KERNEL" = true ] && [ -z "$KERNELSRC_DIR" ] ; then
356 360 KERNELSRC_CONFIG=true
357 361 fi
358 362
359 363 # Configure reduced kernel
360 364 if [ "$KERNEL_REDUCE" = true ] ; then
361 365 KERNELSRC_CONFIG=false
362 366 fi
363 367
364 368 # Execute bootstrap scripts
365 369 for SCRIPT in bootstrap.d/*.sh; do
366 370 head -n 3 "$SCRIPT"
367 371 . "$SCRIPT"
368 372 done
369 373
370 374 ## Execute custom bootstrap scripts
371 375 if [ -d "custom.d" ] ; then
372 376 for SCRIPT in custom.d/*.sh; do
373 377 . "$SCRIPT"
374 378 done
375 379 fi
376 380
377 381 # Execute custom scripts inside the chroot
378 382 if [ -n "$CHROOT_SCRIPTS" ] && [ -d "$CHROOT_SCRIPTS" ] ; then
379 383 cp -r "${CHROOT_SCRIPTS}" "${R}/chroot_scripts"
380 384 chroot_exec /bin/bash -x <<'EOF'
381 385 for SCRIPT in /chroot_scripts/* ; do
382 386 if [ -f $SCRIPT -a -x $SCRIPT ] ; then
383 387 $SCRIPT
384 388 fi
385 389 done
386 390 EOF
387 391 rm -rf "${R}/chroot_scripts"
388 392 fi
389 393
390 394 # Remove apt-utils
395 if [ "$RELEASE" = "jessie" ] ; then
391 396 chroot_exec apt-get purge -qq -y --force-yes apt-utils
397 fi
392 398
393 399 # Generate required machine-id
394 400 MACHINE_ID=$(dbus-uuidgen)
395 401 echo -n "${MACHINE_ID}" > "${R}/var/lib/dbus/machine-id"
396 402 echo -n "${MACHINE_ID}" > "${ETCDIR}/machine-id"
397 403
398 404 # APT Cleanup
399 405 chroot_exec apt-get -y clean
400 406 chroot_exec apt-get -y autoclean
401 407 chroot_exec apt-get -y autoremove
402 408
403 409 # Unmount mounted filesystems
404 410 umount -l "${R}/proc"
405 411 umount -l "${R}/sys"
406 412
407 413 # Clean up directories
408 414 rm -rf "${R}/run/*"
409 415 rm -rf "${R}/tmp/*"
410 416
411 417 # Clean up files
412 418 rm -f "${ETCDIR}/ssh/ssh_host_*"
413 419 rm -f "${ETCDIR}/dropbear/dropbear_*"
414 420 rm -f "${ETCDIR}/apt/sources.list.save"
415 421 rm -f "${ETCDIR}/resolvconf/resolv.conf.d/original"
416 422 rm -f "${ETCDIR}/*-"
417 423 rm -f "${ETCDIR}/apt/apt.conf.d/10proxy"
418 424 rm -f "${ETCDIR}/resolv.conf"
419 425 rm -f "${R}/root/.bash_history"
420 426 rm -f "${R}/var/lib/urandom/random-seed"
421 427 rm -f "${R}/initrd.img"
422 428 rm -f "${R}/vmlinuz"
423 429 rm -f "${R}${QEMU_BINARY}"
424 430
425 431 # Calculate size of the chroot directory in KB
426 432 CHROOT_SIZE=$(expr `du -s "${R}" | awk '{ print $1 }'`)
427 433
428 434 # Calculate the amount of needed 512 Byte sectors
429 435 TABLE_SECTORS=$(expr 1 \* 1024 \* 1024 \/ 512)
430 436 FRMW_SECTORS=$(expr 64 \* 1024 \* 1024 \/ 512)
431 437 ROOT_OFFSET=$(expr ${TABLE_SECTORS} + ${FRMW_SECTORS})
432 438
433 439 # The root partition is EXT4
434 440 # This means more space than the actual used space of the chroot is used.
435 # As overhead for journaling and reserved blocks 20% are added.
436 ROOT_SECTORS=$(expr $(expr ${CHROOT_SIZE} + ${CHROOT_SIZE} \/ 100 \* 20) \* 1024 \/ 512)
441 # As overhead for journaling and reserved blocks 25% are added.
442 ROOT_SECTORS=$(expr $(expr ${CHROOT_SIZE} + ${CHROOT_SIZE} \/ 100 \* 25) \* 1024 \/ 512)
437 443
438 444 # Calculate required image size in 512 Byte sectors
439 445 IMAGE_SECTORS=$(expr ${TABLE_SECTORS} + ${FRMW_SECTORS} + ${ROOT_SECTORS})
440 446
441 447 # Prepare date string for image file name
442 448 DATE="$(date +%Y-%m-%d)"
443 449
444 450 # Prepare image file
445 451 if [ "$ENABLE_SPLITFS" = true ] ; then
446 452 dd if=/dev/zero of="$BASEDIR/${DATE}-debian-${RELEASE}-frmw.img" bs=512 count=${TABLE_SECTORS}
447 453 dd if=/dev/zero of="$BASEDIR/${DATE}-debian-${RELEASE}-frmw.img" bs=512 count=0 seek=${FRMW_SECTORS}
448 454 dd if=/dev/zero of="$BASEDIR/${DATE}-debian-${RELEASE}-root.img" bs=512 count=${TABLE_SECTORS}
449 455 dd if=/dev/zero of="$BASEDIR/${DATE}-debian-${RELEASE}-root.img" bs=512 count=0 seek=${ROOT_SECTORS}
450 456
451 457 # Write firmware/boot partition tables
452 458 sfdisk -q -L -uS -f "$BASEDIR/${DATE}-debian-${RELEASE}-frmw.img" 2> /dev/null <<EOM
453 459 ${TABLE_SECTORS},${FRMW_SECTORS},c,*
454 460 EOM
455 461
456 462 # Write root partition table
457 463 sfdisk -q -L -uS -f "$BASEDIR/${DATE}-debian-${RELEASE}-root.img" 2> /dev/null <<EOM
458 464 ${TABLE_SECTORS},${ROOT_SECTORS},83
459 465 EOM
460 466
461 467 # Setup temporary loop devices
462 468 FRMW_LOOP="$(losetup -o 1M --sizelimit 64M -f --show $BASEDIR/${DATE}-debian-${RELEASE}-frmw.img)"
463 469 ROOT_LOOP="$(losetup -o 1M -f --show $BASEDIR/${DATE}-debian-${RELEASE}-root.img)"
464 470 else # ENABLE_SPLITFS=false
465 471 dd if=/dev/zero of="$BASEDIR/${DATE}-debian-${RELEASE}.img" bs=512 count=${TABLE_SECTORS}
466 472 dd if=/dev/zero of="$BASEDIR/${DATE}-debian-${RELEASE}.img" bs=512 count=0 seek=${IMAGE_SECTORS}
467 473
468 474 # Write partition table
469 475 sfdisk -q -L -uS -f "$BASEDIR/${DATE}-debian-${RELEASE}.img" 2> /dev/null <<EOM
470 476 ${TABLE_SECTORS},${FRMW_SECTORS},c,*
471 477 ${ROOT_OFFSET},${ROOT_SECTORS},83
472 478 EOM
473 479
474 480 # Setup temporary loop devices
475 481 FRMW_LOOP="$(losetup -o 1M --sizelimit 64M -f --show $BASEDIR/${DATE}-debian-${RELEASE}.img)"
476 482 ROOT_LOOP="$(losetup -o 65M -f --show $BASEDIR/${DATE}-debian-${RELEASE}.img)"
477 483 fi
478 484
479 485 if [ "$ENABLE_CRYPTFS" = true ] ; then
480 486 # Create dummy ext4 fs
481 487 mkfs.ext4 "$ROOT_LOOP"
482 488
483 489 # Setup password keyfile
484 490 echo -n ${CRYPTFS_PASSWORD} > .password
485 491 chmod 600 .password
486 492
487 493 # Initialize encrypted partition
488 494 echo "YES" | cryptsetup luksFormat "${ROOT_LOOP}" -c "${CRYPTFS_CIPHER}" -s "${CRYPTFS_XTSKEYSIZE}" .password
489 495
490 496 # Open encrypted partition and setup mapping
491 497 cryptsetup luksOpen "${ROOT_LOOP}" -d .password "${CRYPTFS_MAPPING}"
492 498
493 499 # Secure delete password keyfile
494 500 shred -zu .password
495 501
496 502 # Update temporary loop device
497 503 ROOT_LOOP="/dev/mapper/${CRYPTFS_MAPPING}"
498 504
499 505 # Wipe encrypted partition (encryption cipher is used for randomness)
500 506 dd if=/dev/zero of="${ROOT_LOOP}" bs=512 count=$(blockdev --getsz "${ROOT_LOOP}")
501 507 fi
502 508
503 509 # Build filesystems
504 510 mkfs.vfat "$FRMW_LOOP"
505 511 mkfs.ext4 "$ROOT_LOOP"
506 512
507 513 # Mount the temporary loop devices
508 514 mkdir -p "$BUILDDIR/mount"
509 515 mount "$ROOT_LOOP" "$BUILDDIR/mount"
510 516
511 517 mkdir -p "$BUILDDIR/mount/boot/firmware"
512 518 mount "$FRMW_LOOP" "$BUILDDIR/mount/boot/firmware"
513 519
514 520 # Copy all files from the chroot to the loop device mount point directory
515 521 rsync -a "${R}/" "$BUILDDIR/mount/"
516 522
517 523 # Unmount all temporary loop devices and mount points
518 524 cleanup
519 525
520 526 # Create block map file(s) of image(s)
521 527 if [ "$ENABLE_SPLITFS" = true ] ; then
522 528 # Create block map files for "bmaptool"
523 529 bmaptool create -o "$BASEDIR/${DATE}-debian-${RELEASE}-frmw.bmap" "$BASEDIR/${DATE}-debian-${RELEASE}-frmw.img"
524 530 bmaptool create -o "$BASEDIR/${DATE}-debian-${RELEASE}-root.bmap" "$BASEDIR/${DATE}-debian-${RELEASE}-root.img"
525 531
526 532 # Image was successfully created
527 533 echo "$BASEDIR/${DATE}-debian-${RELEASE}-frmw.img ($(expr \( ${TABLE_SECTORS} + ${FRMW_SECTORS} \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
528 534 echo "$BASEDIR/${DATE}-debian-${RELEASE}-root.img ($(expr \( ${TABLE_SECTORS} + ${ROOT_SECTORS} \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
529 535 else
530 536 # Create block map file for "bmaptool"
531 537 bmaptool create -o "$BASEDIR/${DATE}-debian-${RELEASE}.bmap" "$BASEDIR/${DATE}-debian-${RELEASE}.img"
532 538
533 539 # Image was successfully created
534 540 echo "$BASEDIR/${DATE}-debian-${RELEASE}.img ($(expr \( ${TABLE_SECTORS} + ${FRMW_SECTORS} + ${ROOT_SECTORS} \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
535 541 fi
General Comments 0
Vous devez vous connecter pour laisser un commentaire. Se connecter maintenant