##// END OF EJS Templates
Merge branch 'vknecht-master'
Jan Wagner -
r69:da643e7838f2 Fusion
parent child
Show More
@@ -150,6 +150,9 password, use only in trusted environments.
150 ##### `ENABLE_HARDNET`=false
150 ##### `ENABLE_HARDNET`=false
151 Enable IPv4/IPv6 network stack hardening settings.
151 Enable IPv4/IPv6 network stack hardening settings.
152
152
153 ##### `ENABLE_SPLITFS`=false
154 Enable having root partition on an USB drive by creating two image files: one for the `/boot/firmware` mount point, and another for `/`.
155
153 ##### `CHROOT_SCRIPTS`=""
156 ##### `CHROOT_SCRIPTS`=""
154 Path to a directory with scripts that should be run in the chroot before the image is finally built. Every executable file in this direcory is run in lexicographical order.
157 Path to a directory with scripts that should be run in the chroot before the image is finally built. Every executable file in this direcory is run in lexicographical order.
155
158
@@ -212,3 +215,8 After the image file was successfully created by the `rpi2-gen-image.sh` script
212 bmaptool copy ./images/jessie/2015-12-13-debian-jessie.img /dev/mmcblk0
215 bmaptool copy ./images/jessie/2015-12-13-debian-jessie.img /dev/mmcblk0
213 dd bs=4M if=./images/jessie/2015-12-13-debian-jessie.img of=/dev/mmcblk0
216 dd bs=4M if=./images/jessie/2015-12-13-debian-jessie.img of=/dev/mmcblk0
214 ```
217 ```
218 If you have set `ENABLE_SPLITFS`, copy the `-frmw` image on the microSD card, then the `-root` one on the USB drive:
219 ```shell
220 bmaptool copy ./images/jessie/2015-12-13-debian-jessie-frmw.img /dev/mmcblk0
221 bmaptool copy ./images/jessie/2015-12-13-debian-jessie-root.img /dev/sdc
222 ```
@@ -61,7 +61,11 else
61 fi
61 fi
62
62
63 # Set up firmware boot cmdline
63 # Set up firmware boot cmdline
64 CMDLINE="dwc_otg.lpm_enable=0 root=/dev/mmcblk0p2 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline rootwait net.ifnames=1 console=tty1 ${CMDLINE}"
64 if [ "$ENABLE_SPLITFS" = true ] ; then
65 CMDLINE="dwc_otg.lpm_enable=0 root=/dev/sda1 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline rootwait net.ifnames=1 console=tty1 ${CMDLINE}"
66 else
67 CMDLINE="dwc_otg.lpm_enable=0 root=/dev/mmcblk0p2 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline rootwait net.ifnames=1 console=tty1 ${CMDLINE}"
68 fi
65
69
66 # Set up serial console support (if requested)
70 # Set up serial console support (if requested)
67 if [ "$ENABLE_CONSOLE" = true ] ; then
71 if [ "$ENABLE_CONSOLE" = true ] ; then
@@ -110,6 +114,9 install_readonly files/modprobe.d/raspi-blacklist.conf $R/etc/modprobe.d/raspi-b
110
114
111 # Create default fstab
115 # Create default fstab
112 install_readonly files/mount/fstab $R/etc/fstab
116 install_readonly files/mount/fstab $R/etc/fstab
117 if [ "$ENABLE_SPLITFS" = true ] ; then
118 sed -i 's/mmcblk0p2/sda1/' $R/etc/fstab
119 fi
113
120
114 # Avoid swapping and increase cache sizes
121 # Avoid swapping and increase cache sizes
115 install_readonly files/sysctl.d/81-rpi-vm.conf $R/etc/sysctl.d/81-rpi-vm.conf
122 install_readonly files/sysctl.d/81-rpi-vm.conf $R/etc/sysctl.d/81-rpi-vm.conf
@@ -60,7 +60,7 chroot_exec systemctl enable systemd-networkd
60
60
61 # Enable network stack hardening
61 # Enable network stack hardening
62 if [ "$ENABLE_HARDNET" = true ] ; then
62 if [ "$ENABLE_HARDNET" = true ] ; then
63 install_readonly files/sysctl.d/81-rpi-net-hardening.conf $R/etc/sysctl.d/81-rpi-net-hardening.conf
63 install_readonly files/sysctl.d/82-rpi-net-hardening.conf $R/etc/sysctl.d/82-rpi-net-hardening.conf
64
64
65 # Enable resolver warnings about spoofed addresses
65 # Enable resolver warnings about spoofed addresses
66 cat <<EOM >>$R/etc/host.conf
66 cat <<EOM >>$R/etc/host.conf
@@ -17,8 +17,8 cleanup (){
17 umount -l $R/dev/pts 2> /dev/null
17 umount -l $R/dev/pts 2> /dev/null
18 umount "$BUILDDIR/mount/boot/firmware" 2> /dev/null
18 umount "$BUILDDIR/mount/boot/firmware" 2> /dev/null
19 umount "$BUILDDIR/mount" 2> /dev/null
19 umount "$BUILDDIR/mount" 2> /dev/null
20 losetup -d "$EXT4_LOOP" 2> /dev/null
20 losetup -d "$ROOT_LOOP" 2> /dev/null
21 losetup -d "$VFAT_LOOP" 2> /dev/null
21 losetup -d "$FRMW_LOOP" 2> /dev/null
22 trap - 0 1 2 3 6
22 trap - 0 1 2 3 6
23 }
23 }
24
24
@@ -81,6 +81,7 ENABLE_UBOOT=${ENABLE_UBOOT:=false}
81 ENABLE_FBTURBO=${ENABLE_FBTURBO:=false}
81 ENABLE_FBTURBO=${ENABLE_FBTURBO:=false}
82 ENABLE_HARDNET=${ENABLE_HARDNET:=false}
82 ENABLE_HARDNET=${ENABLE_HARDNET:=false}
83 ENABLE_IPTABLES=${ENABLE_IPTABLES:=false}
83 ENABLE_IPTABLES=${ENABLE_IPTABLES:=false}
84 ENABLE_SPLITFS=${ENABLE_SPLITFS:=false}
84
85
85 # Kernel compilation settings
86 # Kernel compilation settings
86 BUILD_KERNEL=${BUILD_KERNEL:=false}
87 BUILD_KERNEL=${BUILD_KERNEL:=false}
@@ -259,8 +260,8 CHROOT_SIZE=$(expr `du -s $R | awk '{ print $1 }'`)
259
260
260 # Calculate the amount of needed 512 Byte sectors
261 # Calculate the amount of needed 512 Byte sectors
261 TABLE_SECTORS=$(expr 1 \* 1024 \* 1024 \/ 512)
262 TABLE_SECTORS=$(expr 1 \* 1024 \* 1024 \/ 512)
262 BOOT_SECTORS=$(expr 64 \* 1024 \* 1024 \/ 512)
263 FRMW_SECTORS=$(expr 64 \* 1024 \* 1024 \/ 512)
263 ROOT_OFFSET=$(expr ${TABLE_SECTORS} + ${BOOT_SECTORS})
264 ROOT_OFFSET=$(expr ${TABLE_SECTORS} + ${FRMW_SECTORS})
264
265
265 # The root partition is EXT4
266 # The root partition is EXT4
266 # This means more space than the actual used space of the chroot is used.
267 # This means more space than the actual used space of the chroot is used.
@@ -268,37 +269,64 ROOT_OFFSET=$(expr ${TABLE_SECTORS} + ${BOOT_SECTORS})
268 ROOT_SECTORS=$(expr $(expr ${CHROOT_SIZE} + ${CHROOT_SIZE} \/ 100 \* 20) \* 1024 \/ 512)
269 ROOT_SECTORS=$(expr $(expr ${CHROOT_SIZE} + ${CHROOT_SIZE} \/ 100 \* 20) \* 1024 \/ 512)
269
270
270 # Calculate required image size in 512 Byte sectors
271 # Calculate required image size in 512 Byte sectors
271 IMAGE_SECTORS=$(expr ${TABLE_SECTORS} + ${BOOT_SECTORS} + ${ROOT_SECTORS})
272 IMAGE_SECTORS=$(expr ${TABLE_SECTORS} + ${FRMW_SECTORS} + ${ROOT_SECTORS})
272
273
273 # Prepare date string for image file name
274 # Prepare date string for image file name
274 DATE="$(date +%Y-%m-%d)"
275 DATE="$(date +%Y-%m-%d)"
275
276
276 # Prepare image file
277 # Prepare image file
277 dd if=/dev/zero of="$BASEDIR/${DATE}-debian-${RELEASE}.img" bs=512 count=${TABLE_SECTORS}
278 if [ "$ENABLE_SPLITFS" = true ] ; then
278 dd if=/dev/zero of="$BASEDIR/${DATE}-debian-${RELEASE}.img" bs=512 count=0 seek=${IMAGE_SECTORS}
279 dd if=/dev/zero of="$BASEDIR/${DATE}-debian-${RELEASE}-frmw.img" bs=512 count=${TABLE_SECTORS}
280 dd if=/dev/zero of="$BASEDIR/${DATE}-debian-${RELEASE}-frmw.img" bs=512 count=0 seek=${FRMW_SECTORS}
281 dd if=/dev/zero of="$BASEDIR/${DATE}-debian-${RELEASE}-root.img" bs=512 count=${TABLE_SECTORS}
282 dd if=/dev/zero of="$BASEDIR/${DATE}-debian-${RELEASE}-root.img" bs=512 count=0 seek=${ROOT_SECTORS}
283 # Write partition tables
284 sfdisk -q -L -f "$BASEDIR/${DATE}-debian-${RELEASE}-frmw.img" <<EOM
285 unit: sectors
279
286
280 # Write partition table
287 1 : start= ${TABLE_SECTORS}, size= ${FRMW_SECTORS}, Id= c, bootable
281 sfdisk -q -f "$BASEDIR/${DATE}-debian-${RELEASE}.img" <<EOM
288 2 : start= 0, size= 0, Id= 0
289 3 : start= 0, size= 0, Id= 0
290 4 : start= 0, size= 0, Id= 0
291 EOM
292 sfdisk -q -L -f "$BASEDIR/${DATE}-debian-${RELEASE}-root.img" <<EOM
293 unit: sectors
294
295 1 : start= ${TABLE_SECTORS}, size= ${ROOT_SECTORS}, Id=83
296 2 : start= 0, size= 0, Id= 0
297 3 : start= 0, size= 0, Id= 0
298 4 : start= 0, size= 0, Id= 0
299 EOM
300 # Set up temporary loop devices
301 FRMW_LOOP="$(losetup -o 1M --sizelimit 64M -f --show $BASEDIR/${DATE}-debian-${RELEASE}-frmw.img)"
302 ROOT_LOOP="$(losetup -o 1M -f --show $BASEDIR/${DATE}-debian-${RELEASE}-root.img)"
303 else
304 dd if=/dev/zero of="$BASEDIR/${DATE}-debian-${RELEASE}.img" bs=512 count=${TABLE_SECTORS}
305 dd if=/dev/zero of="$BASEDIR/${DATE}-debian-${RELEASE}.img" bs=512 count=0 seek=${IMAGE_SECTORS}
306 # Write partition table
307 sfdisk -q -f "$BASEDIR/${DATE}-debian-${RELEASE}.img" <<EOM
282 unit: sectors
308 unit: sectors
283
309
284 1 : start= ${TABLE_SECTORS}, size= ${BOOT_SECTORS}, Id= c, bootable
310 1 : start= ${TABLE_SECTORS}, size= ${FRMW_SECTORS}, Id= c, bootable
285 2 : start= ${ROOT_OFFSET}, size= ${ROOT_SECTORS}, Id=83
311 2 : start= ${ROOT_OFFSET}, size= ${ROOT_SECTORS}, Id=83
286 3 : start= 0, size= 0, Id= 0
312 3 : start= 0, size= 0, Id= 0
287 4 : start= 0, size= 0, Id= 0
313 4 : start= 0, size= 0, Id= 0
288 EOM
314 EOM
315 # Set up temporary loop devices
316 FRMW_LOOP="$(losetup -o 1M --sizelimit 64M -f --show $BASEDIR/${DATE}-debian-${RELEASE}.img)"
317 ROOT_LOOP="$(losetup -o 65M -f --show $BASEDIR/${DATE}-debian-${RELEASE}.img)"
318 fi
289
319
290 # Set up temporary loop devices and build filesystems
320 # Build filesystems
291 VFAT_LOOP="$(losetup -o 1M --sizelimit 64M -f --show $BASEDIR/${DATE}-debian-${RELEASE}.img)"
321 mkfs.vfat "$FRMW_LOOP"
292 EXT4_LOOP="$(losetup -o 65M -f --show $BASEDIR/${DATE}-debian-${RELEASE}.img)"
322 mkfs.ext4 "$ROOT_LOOP"
293 mkfs.vfat "$VFAT_LOOP"
294 mkfs.ext4 "$EXT4_LOOP"
295
323
296 # Mount the temporary loop devices
324 # Mount the temporary loop devices
297 mkdir -p "$BUILDDIR/mount"
325 mkdir -p "$BUILDDIR/mount"
298 mount "$EXT4_LOOP" "$BUILDDIR/mount"
326 mount "$ROOT_LOOP" "$BUILDDIR/mount"
299
327
300 mkdir -p "$BUILDDIR/mount/boot/firmware"
328 mkdir -p "$BUILDDIR/mount/boot/firmware"
301 mount "$VFAT_LOOP" "$BUILDDIR/mount/boot/firmware"
329 mount "$FRMW_LOOP" "$BUILDDIR/mount/boot/firmware"
302
330
303 # Copy all files from the chroot to the loop device mount point directory
331 # Copy all files from the chroot to the loop device mount point directory
304 rsync -a "$R/" "$BUILDDIR/mount/"
332 rsync -a "$R/" "$BUILDDIR/mount/"
@@ -306,8 +334,19 rsync -a "$R/" "$BUILDDIR/mount/"
306 # Unmount all temporary loop devices and mount points
334 # Unmount all temporary loop devices and mount points
307 cleanup
335 cleanup
308
336
309 # Create block map file for "bmaptool"
337 # Create block map file(s) of image(s)
310 bmaptool create -o "$BASEDIR/${DATE}-debian-${RELEASE}.bmap" "$BASEDIR/${DATE}-debian-${RELEASE}.img"
338 if [ "$ENABLE_SPLITFS" = true ] ; then
339 # Create block map files for "bmaptool"
340 bmaptool create -o "$BASEDIR/${DATE}-debian-${RELEASE}-frmw.bmap" "$BASEDIR/${DATE}-debian-${RELEASE}-frmw.img"
341 bmaptool create -o "$BASEDIR/${DATE}-debian-${RELEASE}-root.bmap" "$BASEDIR/${DATE}-debian-${RELEASE}-root.img"
311
342
312 # Image was successfully created
343 # Image was successfully created
313 echo "$BASEDIR/${DATE}-debian-${RELEASE}.img (${IMAGE_SIZE})" ": successfully created"
344 echo "$BASEDIR/${DATE}-debian-${RELEASE}-frmw.img ($(expr ${TABLE_SECTORS} + ${FRMW_SECTORS} \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
345 echo "$BASEDIR/${DATE}-debian-${RELEASE}-root.img ($(expr ${TABLE_SECTORS} + ${ROOT_SECTORS} \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
346 else
347 # Create block map file for "bmaptool"
348 bmaptool create -o "$BASEDIR/${DATE}-debian-${RELEASE}.bmap" "$BASEDIR/${DATE}-debian-${RELEASE}.img"
349
350 # Image was successfully created
351 echo "$BASEDIR/${DATE}-debian-${RELEASE}.img ($(expr ${TABLE_SECTORS} + ${FRMW_SECTORS} + ${ROOT_SECTORS} \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
352 fi
General Comments 0
Vous devez vous connecter pour laisser un commentaire. Se connecter maintenant