##// END OF EJS Templates
fixes bullseye/testing renaming for chroot...
Unknown -
r668:dc3793318828
parent child
Show More
@@ -1,44 +1,44
1 #
1 #
2 # Setup APT repositories
2 # Setup APT repositories
3 #
3 #
4
4
5 # Load utility functions
5 # Load utility functions
6 . ./functions.sh
6 . ./functions.sh
7
7
8 # Install and setup APT proxy configuration
8 # Install and setup APT proxy configuration
9 if [ -z "$APT_PROXY" ] ; then
9 if [ -z "$APT_PROXY" ] ; then
10 install_readonly files/apt/10proxy "${ETC_DIR}/apt/apt.conf.d/10proxy"
10 install_readonly files/apt/10proxy "${ETC_DIR}/apt/apt.conf.d/10proxy"
11 sed -i "s/\"\"/\"${APT_PROXY}\"/" "${ETC_DIR}/apt/apt.conf.d/10proxy"
11 sed -i "s/\"\"/\"${APT_PROXY}\"/" "${ETC_DIR}/apt/apt.conf.d/10proxy"
12 fi
12 fi
13
13
14 # Install APT sources.list
14 # Install APT sources.list
15 install_readonly files/apt/sources.list "${ETC_DIR}/apt/sources.list"
15 install_readonly files/apt/sources.list "${ETC_DIR}/apt/sources.list"
16
16
17 # Use specified APT server and release
17 # Use specified APT server and release
18 sed -i "s/\/ftp.debian.org\//\/${APT_SERVER}\//" "${ETC_DIR}/apt/sources.list"
18 sed -i "s/\/ftp.debian.org\//\/${APT_SERVER}\//" "${ETC_DIR}/apt/sources.list"
19 if [ "$RELEASE" = "bullseye" ] || [ "$RELEASE" = "testing" ] ; then
19 if [ "$RELEASE" = "testing" ] ; then
20 sed -i "s,stretch\\/updates,testing-security," "${ETC_DIR}/apt/sources.list"
20 sed -i "s,stretch\\/updates,testing-security," "${ETC_DIR}/apt/sources.list"
21 else
21 else
22 sed -i "s/ stretch/ ${RELEASE}/" "${ETC_DIR}/apt/sources.list"
22 sed -i "s/ stretch/ ${RELEASE}/" "${ETC_DIR}/apt/sources.list"
23 fi
23 fi
24
24
25 # Upgrade package index and update all installed packages and changed dependencies
25 # Upgrade package index and update all installed packages and changed dependencies
26 chroot_exec apt-get -qq -y update
26 chroot_exec apt-get -qq -y update
27 chroot_exec apt-get -qq -y -u dist-upgrade
27 chroot_exec apt-get -qq -y -u dist-upgrade
28
28
29 # Install additional packages
29 # Install additional packages
30 if [ "$APT_INCLUDES_LATE" ] ; then
30 if [ "$APT_INCLUDES_LATE" ] ; then
31 chroot_exec apt-get -qq -y install $(echo "$APT_INCLUDES_LATE" |tr , ' ')
31 chroot_exec apt-get -qq -y install $(echo "$APT_INCLUDES_LATE" |tr , ' ')
32 fi
32 fi
33
33
34 # Install Debian custom packages
34 # Install Debian custom packages
35 if [ -d packages ] ; then
35 if [ -d packages ] ; then
36 for package in packages/*.deb ; do
36 for package in packages/*.deb ; do
37 cp "$package" "${R}"/tmp
37 cp "$package" "${R}"/tmp
38 chroot_exec dpkg --unpack /tmp/"$(basename "$package")"
38 chroot_exec dpkg --unpack /tmp/"$(basename "$package")"
39 done
39 done
40 fi
40 fi
41
41
42 chroot_exec apt-get -qq -y -f install
42 chroot_exec apt-get -qq -y -f install
43
43
44 chroot_exec apt-get -qq -y check
44 chroot_exec apt-get -qq -y check
@@ -1,865 +1,865
1 #
1 #
2 # Build and Setup RPi2/3 Kernel
2 # Build and Setup RPi2/3 Kernel
3 #
3 #
4
4
5 # Load utility functions
5 # Load utility functions
6 . ./functions.sh
6 . ./functions.sh
7
7
8 # Need to use kali kernel src if nexmon is enabled
8 # Need to use kali kernel src if nexmon is enabled
9 if [ "$ENABLE_NEXMON" = true ] ; then
9 if [ "$ENABLE_NEXMON" = true ] ; then
10 KERNEL_URL="${KALI_KERNEL_URL}"
10 KERNEL_URL="${KALI_KERNEL_URL}"
11 # Clear Branch and KernelSRC_DIR if using nexmon. Everyone will forget to clone kali kernel instead of nomrla kernel
11 # Clear Branch and KernelSRC_DIR if using nexmon. Everyone will forget to clone kali kernel instead of nomrla kernel
12 KERNEL_BRANCH=""
12 KERNEL_BRANCH=""
13 KERNELSRC_DIR=""
13 KERNELSRC_DIR=""
14 fi
14 fi
15
15
16 # Fetch and build latest raspberry kernel
16 # Fetch and build latest raspberry kernel
17 if [ "$BUILD_KERNEL" = true ] ; then
17 if [ "$BUILD_KERNEL" = true ] ; then
18 # Setup source directory
18 # Setup source directory
19 mkdir -p "${KERNEL_DIR}"
19 mkdir -p "${KERNEL_DIR}"
20
20
21 # Copy existing kernel sources into chroot directory
21 # Copy existing kernel sources into chroot directory
22 if [ -n "$KERNELSRC_DIR" ] && [ -d "$KERNELSRC_DIR" ] ; then
22 if [ -n "$KERNELSRC_DIR" ] && [ -d "$KERNELSRC_DIR" ] ; then
23 # Copy kernel sources and include hidden files
23 # Copy kernel sources and include hidden files
24 cp -r "${KERNELSRC_DIR}/". "${KERNEL_DIR}"
24 cp -r "${KERNELSRC_DIR}/". "${KERNEL_DIR}"
25
25
26 # Clean the kernel sources
26 # Clean the kernel sources
27 if [ "$KERNELSRC_CLEAN" = true ] && [ "$KERNELSRC_PREBUILT" = false ] ; then
27 if [ "$KERNELSRC_CLEAN" = true ] && [ "$KERNELSRC_PREBUILT" = false ] ; then
28 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" mrproper
28 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" mrproper
29 fi
29 fi
30 else # KERNELSRC_DIR=""
30 else # KERNELSRC_DIR=""
31 # Create temporary directory for kernel sources
31 # Create temporary directory for kernel sources
32 temp_dir=$(as_nobody mktemp -d)
32 temp_dir=$(as_nobody mktemp -d)
33
33
34 # Fetch current RPi2/3 kernel sources
34 # Fetch current RPi2/3 kernel sources
35 if [ -z "${KERNEL_BRANCH}" ] ; then
35 if [ -z "${KERNEL_BRANCH}" ] ; then
36 as_nobody -H git -C "${temp_dir}" clone --depth=1 "${KERNEL_URL}" linux
36 as_nobody -H git -C "${temp_dir}" clone --depth=1 "${KERNEL_URL}" linux
37 else
37 else
38 as_nobody -H git -C "${temp_dir}" clone --depth=1 --branch "${KERNEL_BRANCH}" "${KERNEL_URL}" linux
38 as_nobody -H git -C "${temp_dir}" clone --depth=1 --branch "${KERNEL_BRANCH}" "${KERNEL_URL}" linux
39 fi
39 fi
40
40
41 # Copy downloaded kernel sources
41 # Copy downloaded kernel sources
42 cp -r "${temp_dir}/linux/"* "${KERNEL_DIR}"
42 cp -r "${temp_dir}/linux/"* "${KERNEL_DIR}"
43
43
44 # Remove temporary directory for kernel sources
44 # Remove temporary directory for kernel sources
45 rm -fr "${temp_dir}"
45 rm -fr "${temp_dir}"
46
46
47 # Set permissions of the kernel sources
47 # Set permissions of the kernel sources
48 chown -R root:root "${R}/usr/src"
48 chown -R root:root "${R}/usr/src"
49 fi
49 fi
50
50
51 # Calculate optimal number of kernel building threads
51 # Calculate optimal number of kernel building threads
52 if [ "$KERNEL_THREADS" = "1" ] && [ -r /proc/cpuinfo ] ; then
52 if [ "$KERNEL_THREADS" = "1" ] && [ -r /proc/cpuinfo ] ; then
53 KERNEL_THREADS=$(grep -c processor /proc/cpuinfo)
53 KERNEL_THREADS=$(grep -c processor /proc/cpuinfo)
54 fi
54 fi
55
55
56 #Copy 32bit config to 64bit
56 #Copy 32bit config to 64bit
57 if [ "$ENABLE_QEMU" = true ] && [ "$KERNEL_ARCH" = arm64 ]; then
57 if [ "$ENABLE_QEMU" = true ] && [ "$KERNEL_ARCH" = arm64 ]; then
58 cp "${KERNEL_DIR}"/arch/arm/configs/vexpress_defconfig "${KERNEL_DIR}"/arch/arm64/configs/
58 cp "${KERNEL_DIR}"/arch/arm/configs/vexpress_defconfig "${KERNEL_DIR}"/arch/arm64/configs/
59 fi
59 fi
60
60
61 # Configure and build kernel
61 # Configure and build kernel
62 if [ "$KERNELSRC_PREBUILT" = false ] ; then
62 if [ "$KERNELSRC_PREBUILT" = false ] ; then
63 # Remove device, network and filesystem drivers from kernel configuration
63 # Remove device, network and filesystem drivers from kernel configuration
64 if [ "$KERNEL_REDUCE" = true ] ; then
64 if [ "$KERNEL_REDUCE" = true ] ; then
65 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" "${KERNEL_DEFCONFIG}"
65 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" "${KERNEL_DEFCONFIG}"
66 sed -i\
66 sed -i\
67 -e "s/\(^CONFIG_SND.*\=\).*/\1n/"\
67 -e "s/\(^CONFIG_SND.*\=\).*/\1n/"\
68 -e "s/\(^CONFIG_SOUND.*\=\).*/\1n/"\
68 -e "s/\(^CONFIG_SOUND.*\=\).*/\1n/"\
69 -e "s/\(^CONFIG_AC97.*\=\).*/\1n/"\
69 -e "s/\(^CONFIG_AC97.*\=\).*/\1n/"\
70 -e "s/\(^CONFIG_VIDEO_.*\=\).*/\1n/"\
70 -e "s/\(^CONFIG_VIDEO_.*\=\).*/\1n/"\
71 -e "s/\(^CONFIG_MEDIA_TUNER.*\=\).*/\1n/"\
71 -e "s/\(^CONFIG_MEDIA_TUNER.*\=\).*/\1n/"\
72 -e "s/\(^CONFIG_DVB.*\=\)[ym]/\1n/"\
72 -e "s/\(^CONFIG_DVB.*\=\)[ym]/\1n/"\
73 -e "s/\(^CONFIG_REISERFS.*\=\).*/\1n/"\
73 -e "s/\(^CONFIG_REISERFS.*\=\).*/\1n/"\
74 -e "s/\(^CONFIG_JFS.*\=\).*/\1n/"\
74 -e "s/\(^CONFIG_JFS.*\=\).*/\1n/"\
75 -e "s/\(^CONFIG_XFS.*\=\).*/\1n/"\
75 -e "s/\(^CONFIG_XFS.*\=\).*/\1n/"\
76 -e "s/\(^CONFIG_GFS2.*\=\).*/\1n/"\
76 -e "s/\(^CONFIG_GFS2.*\=\).*/\1n/"\
77 -e "s/\(^CONFIG_OCFS2.*\=\).*/\1n/"\
77 -e "s/\(^CONFIG_OCFS2.*\=\).*/\1n/"\
78 -e "s/\(^CONFIG_BTRFS.*\=\).*/\1n/"\
78 -e "s/\(^CONFIG_BTRFS.*\=\).*/\1n/"\
79 -e "s/\(^CONFIG_HFS.*\=\).*/\1n/"\
79 -e "s/\(^CONFIG_HFS.*\=\).*/\1n/"\
80 -e "s/\(^CONFIG_JFFS2.*\=\)[ym]/\1n/"\
80 -e "s/\(^CONFIG_JFFS2.*\=\)[ym]/\1n/"\
81 -e "s/\(^CONFIG_UBIFS.*\=\).*/\1n/"\
81 -e "s/\(^CONFIG_UBIFS.*\=\).*/\1n/"\
82 -e "s/\(^CONFIG_SQUASHFS.*\=\)[ym]/\1n/"\
82 -e "s/\(^CONFIG_SQUASHFS.*\=\)[ym]/\1n/"\
83 -e "s/\(^CONFIG_W1.*\=\)[ym]/\1n/"\
83 -e "s/\(^CONFIG_W1.*\=\)[ym]/\1n/"\
84 -e "s/\(^CONFIG_HAMRADIO.*\=\).*/\1n/"\
84 -e "s/\(^CONFIG_HAMRADIO.*\=\).*/\1n/"\
85 -e "s/\(^CONFIG_CAN.*\=\).*/\1n/"\
85 -e "s/\(^CONFIG_CAN.*\=\).*/\1n/"\
86 -e "s/\(^CONFIG_IRDA.*\=\).*/\1n/"\
86 -e "s/\(^CONFIG_IRDA.*\=\).*/\1n/"\
87 -e "s/\(^CONFIG_BT_.*\=\).*/\1n/"\
87 -e "s/\(^CONFIG_BT_.*\=\).*/\1n/"\
88 -e "s/\(^CONFIG_WIMAX.*\=\)[ym]/\1n/"\
88 -e "s/\(^CONFIG_WIMAX.*\=\)[ym]/\1n/"\
89 -e "s/\(^CONFIG_6LOWPAN.*\=\).*/\1n/"\
89 -e "s/\(^CONFIG_6LOWPAN.*\=\).*/\1n/"\
90 -e "s/\(^CONFIG_IEEE802154.*\=\).*/\1n/"\
90 -e "s/\(^CONFIG_IEEE802154.*\=\).*/\1n/"\
91 -e "s/\(^CONFIG_NFC.*\=\).*/\1n/"\
91 -e "s/\(^CONFIG_NFC.*\=\).*/\1n/"\
92 -e "s/\(^CONFIG_FB_TFT=.*\=\).*/\1n/"\
92 -e "s/\(^CONFIG_FB_TFT=.*\=\).*/\1n/"\
93 -e "s/\(^CONFIG_TOUCHSCREEN.*\=\).*/\1n/"\
93 -e "s/\(^CONFIG_TOUCHSCREEN.*\=\).*/\1n/"\
94 -e "s/\(^CONFIG_USB_GSPCA_.*\=\).*/\1n/"\
94 -e "s/\(^CONFIG_USB_GSPCA_.*\=\).*/\1n/"\
95 -e "s/\(^CONFIG_DRM.*\=\).*/\1n/"\
95 -e "s/\(^CONFIG_DRM.*\=\).*/\1n/"\
96 "${KERNEL_DIR}/.config"
96 "${KERNEL_DIR}/.config"
97 fi
97 fi
98
98
99 if [ "$KERNELSRC_CONFIG" = true ] ; then
99 if [ "$KERNELSRC_CONFIG" = true ] ; then
100 # Load default raspberry kernel configuration
100 # Load default raspberry kernel configuration
101 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" "${KERNEL_DEFCONFIG}"
101 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" "${KERNEL_DEFCONFIG}"
102
102
103 #Switch to KERNELSRC_DIR so we can use set_kernel_config
103 #Switch to KERNELSRC_DIR so we can use set_kernel_config
104 cd "${KERNEL_DIR}" || exit
104 cd "${KERNEL_DIR}" || exit
105
105
106 if [ "$KERNEL_ARCH" = arm64 ] ; then
106 if [ "$KERNEL_ARCH" = arm64 ] ; then
107 if [ "$KERNEL_ARCH" = arm64 ] && [ "$ENABLE_QEMU" = false ]; then
107 if [ "$KERNEL_ARCH" = arm64 ] && [ "$ENABLE_QEMU" = false ]; then
108 # Mask this temporarily during switch to rpi-4.19.y
108 # Mask this temporarily during switch to rpi-4.19.y
109 #Fix SD_DRIVER upstream and downstream mess in 64bit RPIdeb_config
109 #Fix SD_DRIVER upstream and downstream mess in 64bit RPIdeb_config
110 # use correct driver MMC_BCM2835_MMC instead of MMC_BCM2835_SDHOST - see https://www.raspberrypi.org/forums/viewtopic.php?t=210225
110 # use correct driver MMC_BCM2835_MMC instead of MMC_BCM2835_SDHOST - see https://www.raspberrypi.org/forums/viewtopic.php?t=210225
111 set_kernel_config CONFIG_MMC_BCM2835 n
111 #set_kernel_config CONFIG_MMC_BCM2835 n
112 set_kernel_config CONFIG_MMC_SDHCI_IPROC n
112 #set_kernel_config CONFIG_MMC_SDHCI_IPROC n
113 set_kernel_config CONFIG_USB_DWC2 n
113 #set_kernel_config CONFIG_USB_DWC2 n
114 sed -i "s|depends on MMC_BCM2835_MMC && MMC_BCM2835_DMA|depends on MMC_BCM2835_MMC|" "${KERNEL_DIR}"/drivers/mmc/host/Kconfig
114 #sed -i "s|depends on MMC_BCM2835_MMC && MMC_BCM2835_DMA|depends on MMC_BCM2835_MMC|" "${KERNEL_DIR}"/drivers/mmc/host/Kconfig
115
115
116 #VLAN got disabled without reason in arm64bit
116 #VLAN got disabled without reason in arm64bit
117 set_kernel_config CONFIG_IPVLAN m
117 set_kernel_config CONFIG_IPVLAN m
118 fi
118 fi
119
119
120 # enable ZSWAP see https://askubuntu.com/a/472227 or https://wiki.archlinux.org/index.php/zswap
120 # enable ZSWAP see https://askubuntu.com/a/472227 or https://wiki.archlinux.org/index.php/zswap
121 if [ "$KERNEL_ZSWAP" = true ] ; then
121 if [ "$KERNEL_ZSWAP" = true ] ; then
122 set_kernel_config CONFIG_ZPOOL y
122 set_kernel_config CONFIG_ZPOOL y
123 set_kernel_config CONFIG_ZSWAP y
123 set_kernel_config CONFIG_ZSWAP y
124 set_kernel_config CONFIG_ZBUD y
124 set_kernel_config CONFIG_ZBUD y
125 set_kernel_config CONFIG_Z3FOLD y
125 set_kernel_config CONFIG_Z3FOLD y
126 set_kernel_config CONFIG_ZSMALLOC y
126 set_kernel_config CONFIG_ZSMALLOC y
127 set_kernel_config CONFIG_PGTABLE_MAPPING y
127 set_kernel_config CONFIG_PGTABLE_MAPPING y
128 set_kernel_config CONFIG_LZO_COMPRESS y
128 set_kernel_config CONFIG_LZO_COMPRESS y
129 fi
129 fi
130
130
131 if [ RPI_MODEL = 4 ] ; then
131 if [ RPI_MODEL = 4 ] ; then
132 # Following are set in current 32-bit LPAE kernel
132 # Following are set in current 32-bit LPAE kernel
133 set_kernel_config CONFIG_CGROUP_PIDS y
133 set_kernel_config CONFIG_CGROUP_PIDS y
134 set_kernel_config CONFIG_NET_IPVTI m
134 set_kernel_config CONFIG_NET_IPVTI m
135 set_kernel_config CONFIG_NF_TABLES_SET m
135 set_kernel_config CONFIG_NF_TABLES_SET m
136 set_kernel_config CONFIG_NF_TABLES_INET y
136 set_kernel_config CONFIG_NF_TABLES_INET y
137 set_kernel_config CONFIG_NF_TABLES_NETDEV y
137 set_kernel_config CONFIG_NF_TABLES_NETDEV y
138 set_kernel_config CONFIG_NF_FLOW_TABLE m
138 set_kernel_config CONFIG_NF_FLOW_TABLE m
139 set_kernel_config CONFIG_NFT_FLOW_OFFLOAD m
139 set_kernel_config CONFIG_NFT_FLOW_OFFLOAD m
140 set_kernel_config CONFIG_NFT_CONNLIMIT m
140 set_kernel_config CONFIG_NFT_CONNLIMIT m
141 set_kernel_config CONFIG_NFT_TUNNEL m
141 set_kernel_config CONFIG_NFT_TUNNEL m
142 set_kernel_config CONFIG_NFT_OBJREF m
142 set_kernel_config CONFIG_NFT_OBJREF m
143 set_kernel_config CONFIG_NFT_FIB_IPV4 m
143 set_kernel_config CONFIG_NFT_FIB_IPV4 m
144 set_kernel_config CONFIG_NFT_FIB_IPV6 m
144 set_kernel_config CONFIG_NFT_FIB_IPV6 m
145 set_kernel_config CONFIG_NFT_FIB_INET m
145 set_kernel_config CONFIG_NFT_FIB_INET m
146 set_kernel_config CONFIG_NFT_SOCKET m
146 set_kernel_config CONFIG_NFT_SOCKET m
147 set_kernel_config CONFIG_NFT_OSF m
147 set_kernel_config CONFIG_NFT_OSF m
148 set_kernel_config CONFIG_NFT_TPROXY m
148 set_kernel_config CONFIG_NFT_TPROXY m
149 set_kernel_config CONFIG_NF_DUP_NETDEV m
149 set_kernel_config CONFIG_NF_DUP_NETDEV m
150 set_kernel_config CONFIG_NFT_DUP_NETDEV m
150 set_kernel_config CONFIG_NFT_DUP_NETDEV m
151 set_kernel_config CONFIG_NFT_FWD_NETDEV m
151 set_kernel_config CONFIG_NFT_FWD_NETDEV m
152 set_kernel_config CONFIG_NFT_FIB_NETDEV m
152 set_kernel_config CONFIG_NFT_FIB_NETDEV m
153 set_kernel_config CONFIG_NF_FLOW_TABLE_INET m
153 set_kernel_config CONFIG_NF_FLOW_TABLE_INET m
154 set_kernel_config CONFIG_NF_FLOW_TABLE m
154 set_kernel_config CONFIG_NF_FLOW_TABLE m
155 set_kernel_config CONFIG_NETFILTER_XT_MATCH_SOCKET m
155 set_kernel_config CONFIG_NETFILTER_XT_MATCH_SOCKET m
156 set_kernel_config CONFIG_NFT_CHAIN_ROUTE_IPV6 m
156 set_kernel_config CONFIG_NFT_CHAIN_ROUTE_IPV6 m
157 set_kernel_config CONFIG_NFT_CHAIN_NAT_IPV6 m
157 set_kernel_config CONFIG_NFT_CHAIN_NAT_IPV6 m
158 set_kernel_config CONFIG_NFT_MASQ_IPV6 m
158 set_kernel_config CONFIG_NFT_MASQ_IPV6 m
159 set_kernel_config CONFIG_NFT_REDIR_IPV6 m
159 set_kernel_config CONFIG_NFT_REDIR_IPV6 m
160 set_kernel_config CONFIG_NFT_REJECT_IPV6 m
160 set_kernel_config CONFIG_NFT_REJECT_IPV6 m
161 set_kernel_config CONFIG_NFT_DUP_IPV6 m
161 set_kernel_config CONFIG_NFT_DUP_IPV6 m
162 set_kernel_config CONFIG_NFT_FIB_IPV6 m
162 set_kernel_config CONFIG_NFT_FIB_IPV6 m
163 set_kernel_config CONFIG_NF_FLOW_TABLE_IPV6 m
163 set_kernel_config CONFIG_NF_FLOW_TABLE_IPV6 m
164 set_kernel_config CONFIG_NF_TABLES_BRIDGE m
164 set_kernel_config CONFIG_NF_TABLES_BRIDGE m
165 set_kernel_config CONFIG_NFT_BRIDGE_REJECT m
165 set_kernel_config CONFIG_NFT_BRIDGE_REJECT m
166 set_kernel_config CONFIG_NF_LOG_BRIDGE m
166 set_kernel_config CONFIG_NF_LOG_BRIDGE m
167 set_kernel_config CONFIG_MT76_CORE m
167 set_kernel_config CONFIG_MT76_CORE m
168 set_kernel_config CONFIG_MT76_LEDS m
168 set_kernel_config CONFIG_MT76_LEDS m
169 set_kernel_config CONFIG_MT76_USB m
169 set_kernel_config CONFIG_MT76_USB m
170 set_kernel_config CONFIG_MT76x2_COMMON m
170 set_kernel_config CONFIG_MT76x2_COMMON m
171 set_kernel_config CONFIG_MT76x0U m
171 set_kernel_config CONFIG_MT76x0U m
172 set_kernel_config CONFIG_MT76x2U m
172 set_kernel_config CONFIG_MT76x2U m
173 set_kernel_config CONFIG_TOUCHSCREEN_ILI210X m
173 set_kernel_config CONFIG_TOUCHSCREEN_ILI210X m
174 set_kernel_config CONFIG_BCM_VC_SM m
174 set_kernel_config CONFIG_BCM_VC_SM m
175 set_kernel_config CONFIG_BCM2835_SMI_DEV m
175 set_kernel_config CONFIG_BCM2835_SMI_DEV m
176 set_kernel_config CONFIG_RPIVID_MEM m
176 set_kernel_config CONFIG_RPIVID_MEM m
177 set_kernel_config CONFIG_HW_RANDOM_BCM2835 y
177 set_kernel_config CONFIG_HW_RANDOM_BCM2835 y
178 set_kernel_config CONFIG_TCG_TPM m
178 set_kernel_config CONFIG_TCG_TPM m
179 set_kernel_config CONFIG_HW_RANDOM_TPM y
179 set_kernel_config CONFIG_HW_RANDOM_TPM y
180 set_kernel_config CONFIG_TCG_TIS m
180 set_kernel_config CONFIG_TCG_TIS m
181 set_kernel_config CONFIG_TCG_TIS_SPI m
181 set_kernel_config CONFIG_TCG_TIS_SPI m
182 set_kernel_config CONFIG_I2C_MUX m
182 set_kernel_config CONFIG_I2C_MUX m
183 set_kernel_config CONFIG_I2C_MUX_GPMUX m
183 set_kernel_config CONFIG_I2C_MUX_GPMUX m
184 set_kernel_config CONFIG_I2C_MUX_PCA954x m
184 set_kernel_config CONFIG_I2C_MUX_PCA954x m
185 set_kernel_config CONFIG_SPI_GPIO m
185 set_kernel_config CONFIG_SPI_GPIO m
186 set_kernel_config CONFIG_BATTERY_MAX17040 m
186 set_kernel_config CONFIG_BATTERY_MAX17040 m
187 set_kernel_config CONFIG_SENSORS_GPIO_FAN m
187 set_kernel_config CONFIG_SENSORS_GPIO_FAN m
188 set_kernel_config CONFIG_SENSORS_RASPBERRYPI_HWMON m
188 set_kernel_config CONFIG_SENSORS_RASPBERRYPI_HWMON m
189 set_kernel_config CONFIG_BCM2835_THERMAL y
189 set_kernel_config CONFIG_BCM2835_THERMAL y
190 set_kernel_config CONFIG_RC_CORE y
190 set_kernel_config CONFIG_RC_CORE y
191 set_kernel_config CONFIG_RC_MAP y
191 set_kernel_config CONFIG_RC_MAP y
192 set_kernel_config CONFIG_LIRC y
192 set_kernel_config CONFIG_LIRC y
193 set_kernel_config CONFIG_RC_DECODERS y
193 set_kernel_config CONFIG_RC_DECODERS y
194 set_kernel_config CONFIG_IR_NEC_DECODER m
194 set_kernel_config CONFIG_IR_NEC_DECODER m
195 set_kernel_config CONFIG_IR_RC5_DECODER m
195 set_kernel_config CONFIG_IR_RC5_DECODER m
196 set_kernel_config CONFIG_IR_RC6_DECODER m
196 set_kernel_config CONFIG_IR_RC6_DECODER m
197 set_kernel_config CONFIG_IR_JVC_DECODER m
197 set_kernel_config CONFIG_IR_JVC_DECODER m
198 set_kernel_config CONFIG_IR_SONY_DECODER m
198 set_kernel_config CONFIG_IR_SONY_DECODER m
199 set_kernel_config CONFIG_IR_SANYO_DECODER m
199 set_kernel_config CONFIG_IR_SANYO_DECODER m
200 set_kernel_config CONFIG_IR_SHARP_DECODER m
200 set_kernel_config CONFIG_IR_SHARP_DECODER m
201 set_kernel_config CONFIG_IR_MCE_KBD_DECODER m
201 set_kernel_config CONFIG_IR_MCE_KBD_DECODER m
202 set_kernel_config CONFIG_IR_XMP_DECODER m
202 set_kernel_config CONFIG_IR_XMP_DECODER m
203 set_kernel_config CONFIG_IR_IMON_DECODER m
203 set_kernel_config CONFIG_IR_IMON_DECODER m
204 set_kernel_config CONFIG_RC_DEVICES y
204 set_kernel_config CONFIG_RC_DEVICES y
205 set_kernel_config CONFIG_RC_ATI_REMOTE m
205 set_kernel_config CONFIG_RC_ATI_REMOTE m
206 set_kernel_config CONFIG_IR_IMON m
206 set_kernel_config CONFIG_IR_IMON m
207 set_kernel_config CONFIG_IR_MCEUSB m
207 set_kernel_config CONFIG_IR_MCEUSB m
208 set_kernel_config CONFIG_IR_REDRAT3 m
208 set_kernel_config CONFIG_IR_REDRAT3 m
209 set_kernel_config CONFIG_IR_STREAMZAP m
209 set_kernel_config CONFIG_IR_STREAMZAP m
210 set_kernel_config CONFIG_IR_IGUANA m
210 set_kernel_config CONFIG_IR_IGUANA m
211 set_kernel_config CONFIG_IR_TTUSBIR m
211 set_kernel_config CONFIG_IR_TTUSBIR m
212 set_kernel_config CONFIG_RC_LOOPBACK m
212 set_kernel_config CONFIG_RC_LOOPBACK m
213 set_kernel_config CONFIG_IR_GPIO_CIR m
213 set_kernel_config CONFIG_IR_GPIO_CIR m
214 set_kernel_config CONFIG_IR_GPIO_TX m
214 set_kernel_config CONFIG_IR_GPIO_TX m
215 set_kernel_config CONFIG_IR_PWM_TX m
215 set_kernel_config CONFIG_IR_PWM_TX m
216 set_kernel_config CONFIG_VIDEO_V4L2_SUBDEV_API y
216 set_kernel_config CONFIG_VIDEO_V4L2_SUBDEV_API y
217 set_kernel_config CONFIG_VIDEO_AU0828_RC y
217 set_kernel_config CONFIG_VIDEO_AU0828_RC y
218 set_kernel_config CONFIG_VIDEO_CX231XX m
218 set_kernel_config CONFIG_VIDEO_CX231XX m
219 set_kernel_config CONFIG_VIDEO_CX231XX_RC y
219 set_kernel_config CONFIG_VIDEO_CX231XX_RC y
220 set_kernel_config CONFIG_VIDEO_CX231XX_ALSA m
220 set_kernel_config CONFIG_VIDEO_CX231XX_ALSA m
221 set_kernel_config CONFIG_VIDEO_CX231XX_DVB m
221 set_kernel_config CONFIG_VIDEO_CX231XX_DVB m
222 set_kernel_config CONFIG_VIDEO_TM6000 m
222 set_kernel_config CONFIG_VIDEO_TM6000 m
223 set_kernel_config CONFIG_VIDEO_TM6000_ALSA m
223 set_kernel_config CONFIG_VIDEO_TM6000_ALSA m
224 set_kernel_config CONFIG_VIDEO_TM6000_DVB m
224 set_kernel_config CONFIG_VIDEO_TM6000_DVB m
225 set_kernel_config CONFIG_DVB_USB m
225 set_kernel_config CONFIG_DVB_USB m
226 set_kernel_config CONFIG_DVB_USB_DIB3000MC m
226 set_kernel_config CONFIG_DVB_USB_DIB3000MC m
227 set_kernel_config CONFIG_DVB_USB_A800 m
227 set_kernel_config CONFIG_DVB_USB_A800 m
228 set_kernel_config CONFIG_DVB_USB_DIBUSB_MB m
228 set_kernel_config CONFIG_DVB_USB_DIBUSB_MB m
229 set_kernel_config CONFIG_DVB_USB_DIBUSB_MB_FAULTY y
229 set_kernel_config CONFIG_DVB_USB_DIBUSB_MB_FAULTY y
230 set_kernel_config CONFIG_DVB_USB_DIBUSB_MC m
230 set_kernel_config CONFIG_DVB_USB_DIBUSB_MC m
231 set_kernel_config CONFIG_DVB_USB_DIB0700 m
231 set_kernel_config CONFIG_DVB_USB_DIB0700 m
232 set_kernel_config CONFIG_DVB_USB_UMT_010 m
232 set_kernel_config CONFIG_DVB_USB_UMT_010 m
233 set_kernel_config CONFIG_DVB_USB_CXUSB m
233 set_kernel_config CONFIG_DVB_USB_CXUSB m
234 set_kernel_config CONFIG_DVB_USB_M920X m
234 set_kernel_config CONFIG_DVB_USB_M920X m
235 set_kernel_config CONFIG_DVB_USB_DIGITV m
235 set_kernel_config CONFIG_DVB_USB_DIGITV m
236 set_kernel_config CONFIG_DVB_USB_VP7045 m
236 set_kernel_config CONFIG_DVB_USB_VP7045 m
237 set_kernel_config CONFIG_DVB_USB_VP702X m
237 set_kernel_config CONFIG_DVB_USB_VP702X m
238 set_kernel_config CONFIG_DVB_USB_GP8PSK m
238 set_kernel_config CONFIG_DVB_USB_GP8PSK m
239 set_kernel_config CONFIG_DVB_USB_NOVA_T_USB2 m
239 set_kernel_config CONFIG_DVB_USB_NOVA_T_USB2 m
240 set_kernel_config CONFIG_DVB_USB_TTUSB2 m
240 set_kernel_config CONFIG_DVB_USB_TTUSB2 m
241 set_kernel_config CONFIG_DVB_USB_DTT200U m
241 set_kernel_config CONFIG_DVB_USB_DTT200U m
242 set_kernel_config CONFIG_DVB_USB_OPERA1 m
242 set_kernel_config CONFIG_DVB_USB_OPERA1 m
243 set_kernel_config CONFIG_DVB_USB_AF9005 m
243 set_kernel_config CONFIG_DVB_USB_AF9005 m
244 set_kernel_config CONFIG_DVB_USB_AF9005_REMOTE m
244 set_kernel_config CONFIG_DVB_USB_AF9005_REMOTE m
245 set_kernel_config CONFIG_DVB_USB_PCTV452E m
245 set_kernel_config CONFIG_DVB_USB_PCTV452E m
246 set_kernel_config CONFIG_DVB_USB_DW2102 m
246 set_kernel_config CONFIG_DVB_USB_DW2102 m
247 set_kernel_config CONFIG_DVB_USB_CINERGY_T2 m
247 set_kernel_config CONFIG_DVB_USB_CINERGY_T2 m
248 set_kernel_config CONFIG_DVB_USB_DTV5100 m
248 set_kernel_config CONFIG_DVB_USB_DTV5100 m
249 set_kernel_config CONFIG_DVB_USB_AZ6027 m
249 set_kernel_config CONFIG_DVB_USB_AZ6027 m
250 set_kernel_config CONFIG_DVB_USB_TECHNISAT_USB2 m
250 set_kernel_config CONFIG_DVB_USB_TECHNISAT_USB2 m
251 set_kernel_config CONFIG_DVB_USB_AF9015 m
251 set_kernel_config CONFIG_DVB_USB_AF9015 m
252 set_kernel_config CONFIG_DVB_USB_LME2510 m
252 set_kernel_config CONFIG_DVB_USB_LME2510 m
253 set_kernel_config CONFIG_DVB_USB_RTL28XXU m
253 set_kernel_config CONFIG_DVB_USB_RTL28XXU m
254 set_kernel_config CONFIG_VIDEO_EM28XX_RC m
254 set_kernel_config CONFIG_VIDEO_EM28XX_RC m
255 set_kernel_config CONFIG_SMS_SIANO_RC m
255 set_kernel_config CONFIG_SMS_SIANO_RC m
256 set_kernel_config CONFIG_VIDEO_IR_I2C m
256 set_kernel_config CONFIG_VIDEO_IR_I2C m
257 set_kernel_config CONFIG_VIDEO_ADV7180 m
257 set_kernel_config CONFIG_VIDEO_ADV7180 m
258 set_kernel_config CONFIG_VIDEO_TC358743 m
258 set_kernel_config CONFIG_VIDEO_TC358743 m
259 set_kernel_config CONFIG_VIDEO_OV5647 m
259 set_kernel_config CONFIG_VIDEO_OV5647 m
260 set_kernel_config CONFIG_DVB_M88DS3103 m
260 set_kernel_config CONFIG_DVB_M88DS3103 m
261 set_kernel_config CONFIG_DVB_AF9013 m
261 set_kernel_config CONFIG_DVB_AF9013 m
262 set_kernel_config CONFIG_DVB_RTL2830 m
262 set_kernel_config CONFIG_DVB_RTL2830 m
263 set_kernel_config CONFIG_DVB_RTL2832 m
263 set_kernel_config CONFIG_DVB_RTL2832 m
264 set_kernel_config CONFIG_DVB_SI2168 m
264 set_kernel_config CONFIG_DVB_SI2168 m
265 set_kernel_config CONFIG_DVB_GP8PSK_FE m
265 set_kernel_config CONFIG_DVB_GP8PSK_FE m
266 set_kernel_config CONFIG_DVB_USB m
266 set_kernel_config CONFIG_DVB_USB m
267 set_kernel_config CONFIG_DVB_LGDT3306A m
267 set_kernel_config CONFIG_DVB_LGDT3306A m
268 set_kernel_config CONFIG_FB_SIMPLE y
268 set_kernel_config CONFIG_FB_SIMPLE y
269 set_kernel_config CONFIG_SND_BCM2708_SOC_IQAUDIO_CODEC m
269 set_kernel_config CONFIG_SND_BCM2708_SOC_IQAUDIO_CODEC m
270 set_kernel_config CONFIG_SND_BCM2708_SOC_I_SABRE_Q2M m
270 set_kernel_config CONFIG_SND_BCM2708_SOC_I_SABRE_Q2M m
271 set_kernel_config CONFIG_SND_AUDIOSENSE_PI m
271 set_kernel_config CONFIG_SND_AUDIOSENSE_PI m
272 set_kernel_config CONFIG_SND_SOC_AD193X m
272 set_kernel_config CONFIG_SND_SOC_AD193X m
273 set_kernel_config CONFIG_SND_SOC_AD193X_SPI m
273 set_kernel_config CONFIG_SND_SOC_AD193X_SPI m
274 set_kernel_config CONFIG_SND_SOC_AD193X_I2C m
274 set_kernel_config CONFIG_SND_SOC_AD193X_I2C m
275 set_kernel_config CONFIG_SND_SOC_CS4265 m
275 set_kernel_config CONFIG_SND_SOC_CS4265 m
276 set_kernel_config CONFIG_SND_SOC_DA7213 m
276 set_kernel_config CONFIG_SND_SOC_DA7213 m
277 set_kernel_config CONFIG_SND_SOC_ICS43432 m
277 set_kernel_config CONFIG_SND_SOC_ICS43432 m
278 set_kernel_config CONFIG_SND_SOC_TLV320AIC32X4 m
278 set_kernel_config CONFIG_SND_SOC_TLV320AIC32X4 m
279 set_kernel_config CONFIG_SND_SOC_TLV320AIC32X4_I2C m
279 set_kernel_config CONFIG_SND_SOC_TLV320AIC32X4_I2C m
280 set_kernel_config CONFIG_SND_SOC_I_SABRE_CODEC m
280 set_kernel_config CONFIG_SND_SOC_I_SABRE_CODEC m
281 set_kernel_config CONFIG_HID_BIGBEN_FF m
281 set_kernel_config CONFIG_HID_BIGBEN_FF m
282 #set_kernel_config CONFIG_USB_XHCI_PLATFORM y
282 #set_kernel_config CONFIG_USB_XHCI_PLATFORM y
283 set_kernel_config CONFIG_USB_TMC m
283 set_kernel_config CONFIG_USB_TMC m
284 set_kernel_config CONFIG_USB_UAS y
284 set_kernel_config CONFIG_USB_UAS y
285 set_kernel_config CONFIG_USBIP_VUDC m
285 set_kernel_config CONFIG_USBIP_VUDC m
286 set_kernel_config CONFIG_USB_CONFIGFS m
286 set_kernel_config CONFIG_USB_CONFIGFS m
287 set_kernel_config CONFIG_USB_CONFIGFS_SERIAL y
287 set_kernel_config CONFIG_USB_CONFIGFS_SERIAL y
288 set_kernel_config CONFIG_USB_CONFIGFS_ACM y
288 set_kernel_config CONFIG_USB_CONFIGFS_ACM y
289 set_kernel_config CONFIG_USB_CONFIGFS_OBEX y
289 set_kernel_config CONFIG_USB_CONFIGFS_OBEX y
290 set_kernel_config CONFIG_USB_CONFIGFS_NCM y
290 set_kernel_config CONFIG_USB_CONFIGFS_NCM y
291 set_kernel_config CONFIG_USB_CONFIGFS_ECM y
291 set_kernel_config CONFIG_USB_CONFIGFS_ECM y
292 set_kernel_config CONFIG_USB_CONFIGFS_ECM_SUBSET y
292 set_kernel_config CONFIG_USB_CONFIGFS_ECM_SUBSET y
293 set_kernel_config CONFIG_USB_CONFIGFS_RNDIS y
293 set_kernel_config CONFIG_USB_CONFIGFS_RNDIS y
294 set_kernel_config CONFIG_USB_CONFIGFS_EEM y
294 set_kernel_config CONFIG_USB_CONFIGFS_EEM y
295 set_kernel_config CONFIG_USB_CONFIGFS_MASS_STORAGE y
295 set_kernel_config CONFIG_USB_CONFIGFS_MASS_STORAGE y
296 set_kernel_config CONFIG_USB_CONFIGFS_F_LB_SS y
296 set_kernel_config CONFIG_USB_CONFIGFS_F_LB_SS y
297 set_kernel_config CONFIG_USB_CONFIGFS_F_FS y
297 set_kernel_config CONFIG_USB_CONFIGFS_F_FS y
298 set_kernel_config CONFIG_USB_CONFIGFS_F_UAC1 y
298 set_kernel_config CONFIG_USB_CONFIGFS_F_UAC1 y
299 set_kernel_config CONFIG_USB_CONFIGFS_F_UAC2 y
299 set_kernel_config CONFIG_USB_CONFIGFS_F_UAC2 y
300 set_kernel_config CONFIG_USB_CONFIGFS_F_MIDI y
300 set_kernel_config CONFIG_USB_CONFIGFS_F_MIDI y
301 set_kernel_config CONFIG_USB_CONFIGFS_F_HID y
301 set_kernel_config CONFIG_USB_CONFIGFS_F_HID y
302 set_kernel_config CONFIG_USB_CONFIGFS_F_UVC y
302 set_kernel_config CONFIG_USB_CONFIGFS_F_UVC y
303 set_kernel_config CONFIG_USB_CONFIGFS_F_PRINTER y
303 set_kernel_config CONFIG_USB_CONFIGFS_F_PRINTER y
304 set_kernel_config CONFIG_LEDS_PCA963X m
304 set_kernel_config CONFIG_LEDS_PCA963X m
305 set_kernel_config CONFIG_LEDS_IS31FL32XX m
305 set_kernel_config CONFIG_LEDS_IS31FL32XX m
306 set_kernel_config CONFIG_LEDS_TRIGGER_NETDEV m
306 set_kernel_config CONFIG_LEDS_TRIGGER_NETDEV m
307 set_kernel_config CONFIG_RTC_DRV_RV3028 m
307 set_kernel_config CONFIG_RTC_DRV_RV3028 m
308 set_kernel_config CONFIG_AUXDISPLAY y
308 set_kernel_config CONFIG_AUXDISPLAY y
309 set_kernel_config CONFIG_HD44780 m
309 set_kernel_config CONFIG_HD44780 m
310 set_kernel_config CONFIG_FB_TFT_SH1106 m
310 set_kernel_config CONFIG_FB_TFT_SH1106 m
311 set_kernel_config CONFIG_VIDEO_CODEC_BCM2835 m
311 set_kernel_config CONFIG_VIDEO_CODEC_BCM2835 m
312 set_kernel_config CONFIG_BCM2835_POWER y
312 set_kernel_config CONFIG_BCM2835_POWER y
313 set_kernel_config CONFIG_INV_MPU6050_IIO m
313 set_kernel_config CONFIG_INV_MPU6050_IIO m
314 set_kernel_config CONFIG_INV_MPU6050_I2C m
314 set_kernel_config CONFIG_INV_MPU6050_I2C m
315 set_kernel_config CONFIG_SECURITYFS y
315 set_kernel_config CONFIG_SECURITYFS y
316
316
317 # Safer to build this in
317 # Safer to build this in
318 set_kernel_config CONFIG_BINFMT_MISC y
318 set_kernel_config CONFIG_BINFMT_MISC y
319
319
320 # pulseaudio wants a buffer of at least this size
320 # pulseaudio wants a buffer of at least this size
321 set_kernel_config CONFIG_SND_HDA_PREALLOC_SIZE 2048
321 set_kernel_config CONFIG_SND_HDA_PREALLOC_SIZE 2048
322
322
323 # PR#3063: enable 3D acceleration with 64-bit kernel on RPi4
323 # PR#3063: enable 3D acceleration with 64-bit kernel on RPi4
324 # set the appropriate kernel configs unlocked by this PR
324 # set the appropriate kernel configs unlocked by this PR
325 set_kernel_config CONFIG_ARCH_BCM y
325 set_kernel_config CONFIG_ARCH_BCM y
326 set_kernel_config CONFIG_ARCH_BCM2835 y
326 set_kernel_config CONFIG_ARCH_BCM2835 y
327 set_kernel_config CONFIG_DRM_V3D m
327 set_kernel_config CONFIG_DRM_V3D m
328 set_kernel_config CONFIG_DRM_VC4 m
328 set_kernel_config CONFIG_DRM_VC4 m
329 set_kernel_config CONFIG_DRM_VC4_HDMI_CEC y
329 set_kernel_config CONFIG_DRM_VC4_HDMI_CEC y
330
330
331 # PR#3144: add arm64 pcie bounce buffers; enables 4GiB on RPi4
331 # PR#3144: add arm64 pcie bounce buffers; enables 4GiB on RPi4
332 # required by PR#3144; should already be applied, but just to be safe
332 # required by PR#3144; should already be applied, but just to be safe
333 set_kernel_config CONFIG_PCIE_BRCMSTB y
333 set_kernel_config CONFIG_PCIE_BRCMSTB y
334 set_kernel_config CONFIG_BCM2835_MMC y
334 set_kernel_config CONFIG_BCM2835_MMC y
335
335
336 # Snap needs squashfs. The ubuntu eoan-preinstalled-server image at
336 # Snap needs squashfs. The ubuntu eoan-preinstalled-server image at
337 # http://cdimage.ubuntu.com/ubuntu-server/daily-preinstalled/current/ uses snap
337 # http://cdimage.ubuntu.com/ubuntu-server/daily-preinstalled/current/ uses snap
338 # during cloud-init setup at first boot. Without this the login accounts are not
338 # during cloud-init setup at first boot. Without this the login accounts are not
339 # created and the user can not login.
339 # created and the user can not login.
340 set_kernel_config CONFIG_SQUASHFS y
340 set_kernel_config CONFIG_SQUASHFS y
341
341
342 # Ceph support for Block Device (RBD) and Filesystem (FS)
342 # Ceph support for Block Device (RBD) and Filesystem (FS)
343 # https://docs.ceph.com/docs/master/
343 # https://docs.ceph.com/docs/master/
344 set_kernel_config CONFIG_CEPH_LIB m
344 set_kernel_config CONFIG_CEPH_LIB m
345 set_kernel_config CONFIG_CEPH_LIB_USE_DNS_RESOLVER y
345 set_kernel_config CONFIG_CEPH_LIB_USE_DNS_RESOLVER y
346 set_kernel_config CONFIG_CEPH_FS m
346 set_kernel_config CONFIG_CEPH_FS m
347 set_kernel_config CONFIG_CEPH_FSCACHE y
347 set_kernel_config CONFIG_CEPH_FSCACHE y
348 set_kernel_config CONFIG_CEPH_FS_POSIX_ACL y
348 set_kernel_config CONFIG_CEPH_FS_POSIX_ACL y
349 set_kernel_config CONFIG_BLK_DEV_RBD m
349 set_kernel_config CONFIG_BLK_DEV_RBD m
350
350
351 # enable basic KVM support; see https://www.raspberrypi.org/forums/viewtopic.php?f=63&t=210546&start=25#p1300453
351 # enable basic KVM support; see https://www.raspberrypi.org/forums/viewtopic.php?f=63&t=210546&start=25#p1300453
352 if [ "$KERNEL_VIRT" = true ] && { [ "$RPI_MODEL" = 2 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] || [ "$RPI_MODEL" = 4 ]; } ; then
352 if [ "$KERNEL_VIRT" = true ] && { [ "$RPI_MODEL" = 2 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] || [ "$RPI_MODEL" = 4 ]; } ; then
353 set_kernel_config CONFIG_HAVE_KVM y
353 set_kernel_config CONFIG_HAVE_KVM y
354 set_kernel_config CONFIG_HIGH_RES_TIMERS y
354 set_kernel_config CONFIG_HIGH_RES_TIMERS y
355 set_kernel_config CONFIG_HAVE_KVM_IRQCHIP y
355 set_kernel_config CONFIG_HAVE_KVM_IRQCHIP y
356 set_kernel_config CONFIG_HAVE_KVM_ARCH_TLB_FLUSH_ALL y
356 set_kernel_config CONFIG_HAVE_KVM_ARCH_TLB_FLUSH_ALL y
357 set_kernel_config CONFIG_HAVE_KVM_CPU_RELAX_INTERCEPT y
357 set_kernel_config CONFIG_HAVE_KVM_CPU_RELAX_INTERCEPT y
358 set_kernel_config CONFIG_HAVE_KVM_EVENTFD y
358 set_kernel_config CONFIG_HAVE_KVM_EVENTFD y
359 set_kernel_config CONFIG_HAVE_KVM_IRQFD y
359 set_kernel_config CONFIG_HAVE_KVM_IRQFD y
360 set_kernel_config CONFIG_HAVE_KVM_IRQ_ROUTING y
360 set_kernel_config CONFIG_HAVE_KVM_IRQ_ROUTING y
361 set_kernel_config CONFIG_HAVE_KVM_MSI y
361 set_kernel_config CONFIG_HAVE_KVM_MSI y
362 set_kernel_config CONFIG_KVM y
362 set_kernel_config CONFIG_KVM y
363 set_kernel_config CONFIG_KVM_ARM_HOST y
363 set_kernel_config CONFIG_KVM_ARM_HOST y
364 set_kernel_config CONFIG_KVM_ARM_PMU y
364 set_kernel_config CONFIG_KVM_ARM_PMU y
365 set_kernel_config CONFIG_KVM_COMPAT y
365 set_kernel_config CONFIG_KVM_COMPAT y
366 set_kernel_config CONFIG_KVM_GENERIC_DIRTYLOG_READ_PROTECT y
366 set_kernel_config CONFIG_KVM_GENERIC_DIRTYLOG_READ_PROTECT y
367 set_kernel_config CONFIG_KVM_MMIO y
367 set_kernel_config CONFIG_KVM_MMIO y
368 set_kernel_config CONFIG_KVM_VFIO y
368 set_kernel_config CONFIG_KVM_VFIO y
369 set_kernel_config CONFIG_KVM_MMU_AUDIT y
369 set_kernel_config CONFIG_KVM_MMU_AUDIT y
370 set_kernel_config CONFIG_VHOST m
370 set_kernel_config CONFIG_VHOST m
371 set_kernel_config CONFIG_VHOST_CROSS_ENDIAN_LEGACY y
371 set_kernel_config CONFIG_VHOST_CROSS_ENDIAN_LEGACY y
372 set_kernel_config CONFIG_VHOST_NET m
372 set_kernel_config CONFIG_VHOST_NET m
373 set_kernel_config CONFIG_VIRTUALIZATION y
373 set_kernel_config CONFIG_VIRTUALIZATION y
374 set_kernel_config CONFIG_SLAB_FREELIST_RANDOM=y
374 set_kernel_config CONFIG_SLAB_FREELIST_RANDOM=y
375 set_kernel_config CONFIG_SLAB_FREELIST_HARDENED=y
375 set_kernel_config CONFIG_SLAB_FREELIST_HARDENED=y
376 set_kernel_config CONFIG_MMU_NOTIFIER y
376 set_kernel_config CONFIG_MMU_NOTIFIER y
377
377
378 # erratum
378 # erratum
379 set_kernel_config ARM64_ERRATUM_834220 y
379 set_kernel_config ARM64_ERRATUM_834220 y
380
380
381 # https://sourceforge.net/p/kvm/mailman/message/18440797/
381 # https://sourceforge.net/p/kvm/mailman/message/18440797/
382 set_kernel_config CONFIG_PREEMPT_NOTIFIERS y
382 set_kernel_config CONFIG_PREEMPT_NOTIFIERS y
383 fi
383 fi
384
384
385 # enable apparmor,integrity audit,
385 # enable apparmor,integrity audit,
386 if [ "$KERNEL_SECURITY" = true ] ; then
386 if [ "$KERNEL_SECURITY" = true ] ; then
387
387
388 # security filesystem, security models and audit
388 # security filesystem, security models and audit
389 set_kernel_config CONFIG_SECURITYFS y
389 set_kernel_config CONFIG_SECURITYFS y
390 set_kernel_config CONFIG_SECURITY y
390 set_kernel_config CONFIG_SECURITY y
391 set_kernel_config CONFIG_AUDIT y
391 set_kernel_config CONFIG_AUDIT y
392
392
393 # harden strcpy and memcpy
393 # harden strcpy and memcpy
394 set_kernel_config CONFIG_HARDENED_USERCOPY y
394 set_kernel_config CONFIG_HARDENED_USERCOPY y
395 set_kernel_config CONFIG_HAVE_HARDENED_USERCOPY_ALLOCATOR y
395 set_kernel_config CONFIG_HAVE_HARDENED_USERCOPY_ALLOCATOR y
396 set_kernel_config CONFIG_FORTIFY_SOURCE y
396 set_kernel_config CONFIG_FORTIFY_SOURCE y
397
397
398 # integrity sub-system
398 # integrity sub-system
399 set_kernel_config CONFIG_INTEGRITY y
399 set_kernel_config CONFIG_INTEGRITY y
400 set_kernel_config CONFIG_INTEGRITY_ASYMMETRIC_KEYS y
400 set_kernel_config CONFIG_INTEGRITY_ASYMMETRIC_KEYS y
401 set_kernel_config CONFIG_INTEGRITY_AUDIT y
401 set_kernel_config CONFIG_INTEGRITY_AUDIT y
402 set_kernel_config CONFIG_INTEGRITY_SIGNATURE y
402 set_kernel_config CONFIG_INTEGRITY_SIGNATURE y
403 set_kernel_config CONFIG_INTEGRITY_TRUSTED_KEYRING y
403 set_kernel_config CONFIG_INTEGRITY_TRUSTED_KEYRING y
404
404
405 # This option provides support for retaining authentication tokens and access keys in the kernel.
405 # This option provides support for retaining authentication tokens and access keys in the kernel.
406 set_kernel_config CONFIG_KEYS y
406 set_kernel_config CONFIG_KEYS y
407 set_kernel_config CONFIG_KEYS_COMPAT y
407 set_kernel_config CONFIG_KEYS_COMPAT y
408
408
409 # Apparmor
409 # Apparmor
410 set_kernel_config CONFIG_SECURITY_APPARMOR_BOOTPARAM_VALUE 0
410 set_kernel_config CONFIG_SECURITY_APPARMOR_BOOTPARAM_VALUE 0
411 set_kernel_config CONFIG_SECURITY_APPARMOR_HASH_DEFAULT y
411 set_kernel_config CONFIG_SECURITY_APPARMOR_HASH_DEFAULT y
412 set_kernel_config CONFIG_DEFAULT_SECURITY_APPARMOR y
412 set_kernel_config CONFIG_DEFAULT_SECURITY_APPARMOR y
413 set_kernel_config CONFIG_SECURITY_APPARMOR y
413 set_kernel_config CONFIG_SECURITY_APPARMOR y
414 set_kernel_config CONFIG_SECURITY_APPARMOR_HASH y
414 set_kernel_config CONFIG_SECURITY_APPARMOR_HASH y
415 set_kernel_config CONFIG_DEFAULT_SECURITY "apparmor"
415 set_kernel_config CONFIG_DEFAULT_SECURITY "apparmor"
416
416
417 # restrictions on unprivileged users reading the kernel
417 # restrictions on unprivileged users reading the kernel
418 set_kernel_config CONFIG_SECURITY_DMESG_RESTRICT y
418 set_kernel_config CONFIG_SECURITY_DMESG_RESTRICT y
419
419
420 # network security hooks
420 # network security hooks
421 set_kernel_config CONFIG_SECURITY_NETWORK y
421 set_kernel_config CONFIG_SECURITY_NETWORK y
422 set_kernel_config CONFIG_SECURITY_NETWORK_XFRM y
422 set_kernel_config CONFIG_SECURITY_NETWORK_XFRM y
423 set_kernel_config CONFIG_SECURITY_PATH y
423 set_kernel_config CONFIG_SECURITY_PATH y
424 set_kernel_config CONFIG_SECURITY_YAMA n
424 set_kernel_config CONFIG_SECURITY_YAMA n
425
425
426 set_kernel_config CONFIG_SECURITY_SELINUX n
426 set_kernel_config CONFIG_SECURITY_SELINUX n
427 set_kernel_config CONFIG_SECURITY_SMACK n
427 set_kernel_config CONFIG_SECURITY_SMACK n
428 set_kernel_config CONFIG_SECURITY_TOMOYO n
428 set_kernel_config CONFIG_SECURITY_TOMOYO n
429 set_kernel_config CONFIG_SECURITY_APPARMOR_DEBUG n
429 set_kernel_config CONFIG_SECURITY_APPARMOR_DEBUG n
430 set_kernel_config CONFIG_SECURITY_LOADPIN n
430 set_kernel_config CONFIG_SECURITY_LOADPIN n
431 set_kernel_config CONFIG_HARDENED_USERCOPY_PAGESPAN n
431 set_kernel_config CONFIG_HARDENED_USERCOPY_PAGESPAN n
432 set_kernel_config CONFIG_IMA n
432 set_kernel_config CONFIG_IMA n
433 set_kernel_config CONFIG_EVM n
433 set_kernel_config CONFIG_EVM n
434 set_kernel_config CONFIG_FANOTIFY_ACCESS_PERMISSIONS y
434 set_kernel_config CONFIG_FANOTIFY_ACCESS_PERMISSIONS y
435 set_kernel_config CONFIG_NFSD_V4_SECURITY_LABEL y
435 set_kernel_config CONFIG_NFSD_V4_SECURITY_LABEL y
436 set_kernel_config CONFIG_PKCS7_MESSAGE_PARSER y
436 set_kernel_config CONFIG_PKCS7_MESSAGE_PARSER y
437 set_kernel_config CONFIG_SYSTEM_TRUSTED_KEYRING y
437 set_kernel_config CONFIG_SYSTEM_TRUSTED_KEYRING y
438 set_kernel_config CONFIG_SYSTEM_EXTRA_CERTIFICATE y
438 set_kernel_config CONFIG_SYSTEM_EXTRA_CERTIFICATE y
439 set_kernel_config CONFIG_SECONDARY_TRUSTED_KEYRING y
439 set_kernel_config CONFIG_SECONDARY_TRUSTED_KEYRING y
440 set_kernel_config CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY n
440 set_kernel_config CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY n
441 set_kernel_config CONFIG_SYSTEM_TRUSTED_KEYS m
441 set_kernel_config CONFIG_SYSTEM_TRUSTED_KEYS m
442 set_kernel_config CONFIG_SYSTEM_EXTRA_CERTIFICATE_SIZE 4096
442 set_kernel_config CONFIG_SYSTEM_EXTRA_CERTIFICATE_SIZE 4096
443
443
444 set_kernel_config CONFIG_ARM64_CRYPTO y
444 set_kernel_config CONFIG_ARM64_CRYPTO y
445 set_kernel_config CONFIG_CRYPTO_SHA256_ARM64 m
445 set_kernel_config CONFIG_CRYPTO_SHA256_ARM64 m
446 set_kernel_config CONFIG_CRYPTO_SHA512_ARM64 m
446 set_kernel_config CONFIG_CRYPTO_SHA512_ARM64 m
447 set_kernel_config CONFIG_CRYPTO_SHA1_ARM64_CE m
447 set_kernel_config CONFIG_CRYPTO_SHA1_ARM64_CE m
448 set_kernel_config CRYPTO_GHASH_ARM64_CE m
448 set_kernel_config CRYPTO_GHASH_ARM64_CE m
449 set_kernel_config CRYPTO_SHA2_ARM64_CE m
449 set_kernel_config CRYPTO_SHA2_ARM64_CE m
450 set_kernel_config CONFIG_CRYPTO_CRCT10DIF_ARM64_CE m
450 set_kernel_config CONFIG_CRYPTO_CRCT10DIF_ARM64_CE m
451 set_kernel_config CONFIG_CRYPTO_CRC32_ARM64_CE m
451 set_kernel_config CONFIG_CRYPTO_CRC32_ARM64_CE m
452 set_kernel_config CONFIG_CRYPTO_AES_ARM64 m
452 set_kernel_config CONFIG_CRYPTO_AES_ARM64 m
453 set_kernel_config CONFIG_CRYPTO_AES_ARM64_CE m
453 set_kernel_config CONFIG_CRYPTO_AES_ARM64_CE m
454 set_kernel_config CONFIG_CRYPTO_AES_ARM64_CE_CCM y
454 set_kernel_config CONFIG_CRYPTO_AES_ARM64_CE_CCM y
455 set_kernel_config CONFIG_CRYPTO_AES_ARM64_CE_BLK y
455 set_kernel_config CONFIG_CRYPTO_AES_ARM64_CE_BLK y
456 set_kernel_config CONFIG_CRYPTO_AES_ARM64_NEON_BLK m
456 set_kernel_config CONFIG_CRYPTO_AES_ARM64_NEON_BLK m
457 set_kernel_config CONFIG_CRYPTO_CHACHA20_NEON m
457 set_kernel_config CONFIG_CRYPTO_CHACHA20_NEON m
458 set_kernel_config CONFIG_CRYPTO_AES_ARM64_BS m
458 set_kernel_config CONFIG_CRYPTO_AES_ARM64_BS m
459 fi
459 fi
460
460
461 # Netfilter kernel support See https://github.com/raspberrypi/linux/issues/2177#issuecomment-354647406
461 # Netfilter kernel support See https://github.com/raspberrypi/linux/issues/2177#issuecomment-354647406
462 if [ "$KERNEL_NF" = true ] ; then
462 if [ "$KERNEL_NF" = true ] ; then
463 set_kernel_config CONFIG_IP_NF_SECURITY m
463 set_kernel_config CONFIG_IP_NF_SECURITY m
464 set_kernel_config CONFIG_NETLABEL y
464 set_kernel_config CONFIG_NETLABEL y
465 set_kernel_config CONFIG_IP6_NF_SECURITY m
465 set_kernel_config CONFIG_IP6_NF_SECURITY m
466 set_kernel_config CONFIG_IP_NF_TARGET_SYNPROXY m
466 set_kernel_config CONFIG_IP_NF_TARGET_SYNPROXY m
467 set_kernel_config CONFIG_NETFILTER_XT_TARGET_AUDIT m
467 set_kernel_config CONFIG_NETFILTER_XT_TARGET_AUDIT m
468 set_kernel_config CONFIG_NETFILTER_XT_MATCH_CGROUP m
468 set_kernel_config CONFIG_NETFILTER_XT_MATCH_CGROUP m
469 set_kernel_config CONFIG_NETFILTER_XT_MATCH_IPCOMP m
469 set_kernel_config CONFIG_NETFILTER_XT_MATCH_IPCOMP m
470 set_kernel_config CONFIG_NETFILTER_XT_MATCH_SOCKET m
470 set_kernel_config CONFIG_NETFILTER_XT_MATCH_SOCKET m
471 set_kernel_config CONFIG_NFT_FIB_INET m
471 set_kernel_config CONFIG_NFT_FIB_INET m
472 set_kernel_config CONFIG_NFT_FIB_IPV4 m
472 set_kernel_config CONFIG_NFT_FIB_IPV4 m
473 set_kernel_config CONFIG_NFT_FIB_IPV6 m
473 set_kernel_config CONFIG_NFT_FIB_IPV6 m
474 set_kernel_config CONFIG_NFT_FIB_NETDEV m
474 set_kernel_config CONFIG_NFT_FIB_NETDEV m
475 set_kernel_config CONFIG_NFT_OBJREF m
475 set_kernel_config CONFIG_NFT_OBJREF m
476 set_kernel_config CONFIG_NFT_RT m
476 set_kernel_config CONFIG_NFT_RT m
477 set_kernel_config CONFIG_NFT_SET_BITMAP m
477 set_kernel_config CONFIG_NFT_SET_BITMAP m
478 set_kernel_config CONFIG_NF_CONNTRACK_TIMEOUT y
478 set_kernel_config CONFIG_NF_CONNTRACK_TIMEOUT y
479 set_kernel_config CONFIG_NF_LOG_ARP m
479 set_kernel_config CONFIG_NF_LOG_ARP m
480 set_kernel_config CONFIG_NF_SOCKET_IPV4 m
480 set_kernel_config CONFIG_NF_SOCKET_IPV4 m
481 set_kernel_config CONFIG_NF_SOCKET_IPV6 m
481 set_kernel_config CONFIG_NF_SOCKET_IPV6 m
482 set_kernel_config CONFIG_BRIDGE_EBT_BROUTE m
482 set_kernel_config CONFIG_BRIDGE_EBT_BROUTE m
483 set_kernel_config CONFIG_BRIDGE_EBT_T_FILTER m
483 set_kernel_config CONFIG_BRIDGE_EBT_T_FILTER m
484 set_kernel_config CONFIG_BRIDGE_NF_EBTABLES m
484 set_kernel_config CONFIG_BRIDGE_NF_EBTABLES m
485 set_kernel_config CONFIG_IP6_NF_IPTABLES m
485 set_kernel_config CONFIG_IP6_NF_IPTABLES m
486 set_kernel_config CONFIG_IP6_NF_MATCH_AH m
486 set_kernel_config CONFIG_IP6_NF_MATCH_AH m
487 set_kernel_config CONFIG_IP6_NF_MATCH_EUI64 m
487 set_kernel_config CONFIG_IP6_NF_MATCH_EUI64 m
488 set_kernel_config CONFIG_IP6_NF_NAT m
488 set_kernel_config CONFIG_IP6_NF_NAT m
489 set_kernel_config CONFIG_IP6_NF_TARGET_MASQUERADE m
489 set_kernel_config CONFIG_IP6_NF_TARGET_MASQUERADE m
490 set_kernel_config CONFIG_IP6_NF_TARGET_NPT m
490 set_kernel_config CONFIG_IP6_NF_TARGET_NPT m
491 set_kernel_config CONFIG_IP_SET_BITMAP_IPMAC m
491 set_kernel_config CONFIG_IP_SET_BITMAP_IPMAC m
492 set_kernel_config CONFIG_IP_SET_BITMAP_PORT m
492 set_kernel_config CONFIG_IP_SET_BITMAP_PORT m
493 set_kernel_config CONFIG_IP_SET_HASH_IP m
493 set_kernel_config CONFIG_IP_SET_HASH_IP m
494 set_kernel_config CONFIG_IP_SET_HASH_IPMARK m
494 set_kernel_config CONFIG_IP_SET_HASH_IPMARK m
495 set_kernel_config CONFIG_IP_SET_HASH_IPPORT m
495 set_kernel_config CONFIG_IP_SET_HASH_IPPORT m
496 set_kernel_config CONFIG_IP_SET_HASH_IPPORTIP m
496 set_kernel_config CONFIG_IP_SET_HASH_IPPORTIP m
497 set_kernel_config CONFIG_IP_SET_HASH_IPPORTNET m
497 set_kernel_config CONFIG_IP_SET_HASH_IPPORTNET m
498 set_kernel_config CONFIG_IP_SET_HASH_MAC m
498 set_kernel_config CONFIG_IP_SET_HASH_MAC m
499 set_kernel_config CONFIG_IP_SET_HASH_NET m
499 set_kernel_config CONFIG_IP_SET_HASH_NET m
500 set_kernel_config CONFIG_IP_SET_HASH_NETIFACE m
500 set_kernel_config CONFIG_IP_SET_HASH_NETIFACE m
501 set_kernel_config CONFIG_IP_SET_HASH_NETNET m
501 set_kernel_config CONFIG_IP_SET_HASH_NETNET m
502 set_kernel_config CONFIG_IP_SET_HASH_NETPORT m
502 set_kernel_config CONFIG_IP_SET_HASH_NETPORT m
503 set_kernel_config CONFIG_IP_SET_HASH_NETPORTNET m
503 set_kernel_config CONFIG_IP_SET_HASH_NETPORTNET m
504 set_kernel_config CONFIG_IP_SET_LIST_SET m
504 set_kernel_config CONFIG_IP_SET_LIST_SET m
505 set_kernel_config CONFIG_NETFILTER_XTABLES m
505 set_kernel_config CONFIG_NETFILTER_XTABLES m
506 set_kernel_config CONFIG_NETFILTER_XTABLES m
506 set_kernel_config CONFIG_NETFILTER_XTABLES m
507 set_kernel_config CONFIG_NFT_BRIDGE_META m
507 set_kernel_config CONFIG_NFT_BRIDGE_META m
508 set_kernel_config CONFIG_NFT_BRIDGE_REJECT m
508 set_kernel_config CONFIG_NFT_BRIDGE_REJECT m
509 set_kernel_config CONFIG_NFT_CHAIN_NAT_IPV4 m
509 set_kernel_config CONFIG_NFT_CHAIN_NAT_IPV4 m
510 set_kernel_config CONFIG_NFT_CHAIN_NAT_IPV6 m
510 set_kernel_config CONFIG_NFT_CHAIN_NAT_IPV6 m
511 set_kernel_config CONFIG_NFT_CHAIN_ROUTE_IPV4 m
511 set_kernel_config CONFIG_NFT_CHAIN_ROUTE_IPV4 m
512 set_kernel_config CONFIG_NFT_CHAIN_ROUTE_IPV6 m
512 set_kernel_config CONFIG_NFT_CHAIN_ROUTE_IPV6 m
513 set_kernel_config CONFIG_NFT_COMPAT m
513 set_kernel_config CONFIG_NFT_COMPAT m
514 set_kernel_config CONFIG_NFT_COUNTER m
514 set_kernel_config CONFIG_NFT_COUNTER m
515 set_kernel_config CONFIG_NFT_CT m
515 set_kernel_config CONFIG_NFT_CT m
516 set_kernel_config CONFIG_NFT_DUP_IPV4 m
516 set_kernel_config CONFIG_NFT_DUP_IPV4 m
517 set_kernel_config CONFIG_NFT_DUP_IPV6 m
517 set_kernel_config CONFIG_NFT_DUP_IPV6 m
518 set_kernel_config CONFIG_NFT_DUP_NETDEV m
518 set_kernel_config CONFIG_NFT_DUP_NETDEV m
519 set_kernel_config CONFIG_NFT_EXTHDR m
519 set_kernel_config CONFIG_NFT_EXTHDR m
520 set_kernel_config CONFIG_NFT_FWD_NETDEV m
520 set_kernel_config CONFIG_NFT_FWD_NETDEV m
521 set_kernel_config CONFIG_NFT_HASH m
521 set_kernel_config CONFIG_NFT_HASH m
522 set_kernel_config CONFIG_NFT_LIMIT m
522 set_kernel_config CONFIG_NFT_LIMIT m
523 set_kernel_config CONFIG_NFT_LOG m
523 set_kernel_config CONFIG_NFT_LOG m
524 set_kernel_config CONFIG_NFT_MASQ m
524 set_kernel_config CONFIG_NFT_MASQ m
525 set_kernel_config CONFIG_NFT_MASQ_IPV4 m
525 set_kernel_config CONFIG_NFT_MASQ_IPV4 m
526 set_kernel_config CONFIG_NFT_MASQ_IPV6 m
526 set_kernel_config CONFIG_NFT_MASQ_IPV6 m
527 set_kernel_config CONFIG_NFT_META m
527 set_kernel_config CONFIG_NFT_META m
528 set_kernel_config CONFIG_NFT_NAT m
528 set_kernel_config CONFIG_NFT_NAT m
529 set_kernel_config CONFIG_NFT_NUMGEN m
529 set_kernel_config CONFIG_NFT_NUMGEN m
530 set_kernel_config CONFIG_NFT_QUEUE m
530 set_kernel_config CONFIG_NFT_QUEUE m
531 set_kernel_config CONFIG_NFT_QUOTA m
531 set_kernel_config CONFIG_NFT_QUOTA m
532 set_kernel_config CONFIG_NFT_REDIR m
532 set_kernel_config CONFIG_NFT_REDIR m
533 set_kernel_config CONFIG_NFT_REDIR_IPV4 m
533 set_kernel_config CONFIG_NFT_REDIR_IPV4 m
534 set_kernel_config CONFIG_NFT_REDIR_IPV6 m
534 set_kernel_config CONFIG_NFT_REDIR_IPV6 m
535 set_kernel_config CONFIG_NFT_REJECT m
535 set_kernel_config CONFIG_NFT_REJECT m
536 set_kernel_config CONFIG_NFT_REJECT_INET m
536 set_kernel_config CONFIG_NFT_REJECT_INET m
537 set_kernel_config CONFIG_NFT_REJECT_IPV4 m
537 set_kernel_config CONFIG_NFT_REJECT_IPV4 m
538 set_kernel_config CONFIG_NFT_REJECT_IPV6 m
538 set_kernel_config CONFIG_NFT_REJECT_IPV6 m
539 set_kernel_config CONFIG_NFT_SET_HASH m
539 set_kernel_config CONFIG_NFT_SET_HASH m
540 set_kernel_config CONFIG_NFT_SET_RBTREE m
540 set_kernel_config CONFIG_NFT_SET_RBTREE m
541 set_kernel_config CONFIG_NF_CONNTRACK_IPV4 m
541 set_kernel_config CONFIG_NF_CONNTRACK_IPV4 m
542 set_kernel_config CONFIG_NF_CONNTRACK_IPV6 m
542 set_kernel_config CONFIG_NF_CONNTRACK_IPV6 m
543 set_kernel_config CONFIG_NF_DEFRAG_IPV4 m
543 set_kernel_config CONFIG_NF_DEFRAG_IPV4 m
544 set_kernel_config CONFIG_NF_DEFRAG_IPV6 m
544 set_kernel_config CONFIG_NF_DEFRAG_IPV6 m
545 set_kernel_config CONFIG_NF_DUP_IPV4 m
545 set_kernel_config CONFIG_NF_DUP_IPV4 m
546 set_kernel_config CONFIG_NF_DUP_IPV6 m
546 set_kernel_config CONFIG_NF_DUP_IPV6 m
547 set_kernel_config CONFIG_NF_DUP_NETDEV m
547 set_kernel_config CONFIG_NF_DUP_NETDEV m
548 set_kernel_config CONFIG_NF_LOG_BRIDGE m
548 set_kernel_config CONFIG_NF_LOG_BRIDGE m
549 set_kernel_config CONFIG_NF_LOG_IPV4 m
549 set_kernel_config CONFIG_NF_LOG_IPV4 m
550 set_kernel_config CONFIG_NF_LOG_IPV6 m
550 set_kernel_config CONFIG_NF_LOG_IPV6 m
551 set_kernel_config CONFIG_NF_NAT_IPV4 m
551 set_kernel_config CONFIG_NF_NAT_IPV4 m
552 set_kernel_config CONFIG_NF_NAT_IPV6 m
552 set_kernel_config CONFIG_NF_NAT_IPV6 m
553 set_kernel_config CONFIG_NF_NAT_MASQUERADE_IPV4 y
553 set_kernel_config CONFIG_NF_NAT_MASQUERADE_IPV4 y
554 set_kernel_config CONFIG_NF_NAT_MASQUERADE_IPV6 y
554 set_kernel_config CONFIG_NF_NAT_MASQUERADE_IPV6 y
555 set_kernel_config CONFIG_NF_NAT_PPTP m
555 set_kernel_config CONFIG_NF_NAT_PPTP m
556 set_kernel_config CONFIG_NF_NAT_PROTO_GRE m
556 set_kernel_config CONFIG_NF_NAT_PROTO_GRE m
557 set_kernel_config CONFIG_NF_NAT_REDIRECT y
557 set_kernel_config CONFIG_NF_NAT_REDIRECT y
558 set_kernel_config CONFIG_NF_NAT_SIP m
558 set_kernel_config CONFIG_NF_NAT_SIP m
559 set_kernel_config CONFIG_NF_NAT_SNMP_BASIC m
559 set_kernel_config CONFIG_NF_NAT_SNMP_BASIC m
560 set_kernel_config CONFIG_NF_NAT_TFTP m
560 set_kernel_config CONFIG_NF_NAT_TFTP m
561 set_kernel_config CONFIG_NF_REJECT_IPV4 m
561 set_kernel_config CONFIG_NF_REJECT_IPV4 m
562 set_kernel_config CONFIG_NF_REJECT_IPV6 m
562 set_kernel_config CONFIG_NF_REJECT_IPV6 m
563 set_kernel_config CONFIG_NF_TABLES m
563 set_kernel_config CONFIG_NF_TABLES m
564 set_kernel_config CONFIG_NF_TABLES_ARP m
564 set_kernel_config CONFIG_NF_TABLES_ARP m
565 set_kernel_config CONFIG_NF_TABLES_BRIDGE m
565 set_kernel_config CONFIG_NF_TABLES_BRIDGE m
566 set_kernel_config CONFIG_NF_TABLES_INET m
566 set_kernel_config CONFIG_NF_TABLES_INET m
567 set_kernel_config CONFIG_NF_TABLES_IPV4 y
567 set_kernel_config CONFIG_NF_TABLES_IPV4 y
568 set_kernel_config CONFIG_NF_TABLES_IPV6 y
568 set_kernel_config CONFIG_NF_TABLES_IPV6 y
569 set_kernel_config CONFIG_NF_TABLES_NETDEV m
569 set_kernel_config CONFIG_NF_TABLES_NETDEV m
570 set_kernel_config CONFIG_NF_TABLES_SET m
570 set_kernel_config CONFIG_NF_TABLES_SET m
571 set_kernel_config CONFIG_NF_TABLES_INET y
571 set_kernel_config CONFIG_NF_TABLES_INET y
572 set_kernel_config CONFIG_NF_TABLES_NETDEV y
572 set_kernel_config CONFIG_NF_TABLES_NETDEV y
573 set_kernel_config CONFIG_NFT_CONNLIMIT m
573 set_kernel_config CONFIG_NFT_CONNLIMIT m
574 set_kernel_config CONFIG_NFT_TUNNEL m
574 set_kernel_config CONFIG_NFT_TUNNEL m
575 set_kernel_config CONFIG_NFT_SOCKET m
575 set_kernel_config CONFIG_NFT_SOCKET m
576 set_kernel_config CONFIG_NFT_TPROXY m
576 set_kernel_config CONFIG_NFT_TPROXY m
577 set_kernel_config CONFIG_NF_FLOW_TABLE m
577 set_kernel_config CONFIG_NF_FLOW_TABLE m
578 set_kernel_config CONFIG_NFT_FLOW_OFFLOAD m
578 set_kernel_config CONFIG_NFT_FLOW_OFFLOAD m
579 set_kernel_config CONFIG_NF_FLOW_TABLE_INET m
579 set_kernel_config CONFIG_NF_FLOW_TABLE_INET m
580 set_kernel_config CONFIG_NF_TABLES_ARP y
580 set_kernel_config CONFIG_NF_TABLES_ARP y
581 set_kernel_config CONFIG_NF_FLOW_TABLE_IPV4 y
581 set_kernel_config CONFIG_NF_FLOW_TABLE_IPV4 y
582 set_kernel_config CONFIG_NF_FLOW_TABLE_IPV6 y
582 set_kernel_config CONFIG_NF_FLOW_TABLE_IPV6 y
583 set_kernel_config CONFIG_NF_TABLES_BRIDGE y
583 set_kernel_config CONFIG_NF_TABLES_BRIDGE y
584 set_kernel_config CONFIG_NF_CT_NETLINK_TIMEOUT m
584 set_kernel_config CONFIG_NF_CT_NETLINK_TIMEOUT m
585 set_kernel_config CONFIG_NFT_OSF m
585 set_kernel_config CONFIG_NFT_OSF m
586
586
587 fi
587 fi
588
588
589 # Enables BPF syscall for systemd-journald see https://github.com/torvalds/linux/blob/master/init/Kconfig#L848 or https://groups.google.com/forum/#!topic/linux.gentoo.user/_2aSc_ztGpA
589 # Enables BPF syscall for systemd-journald see https://github.com/torvalds/linux/blob/master/init/Kconfig#L848 or https://groups.google.com/forum/#!topic/linux.gentoo.user/_2aSc_ztGpA
590 if [ "$KERNEL_BPF" = true ] ; then
590 if [ "$KERNEL_BPF" = true ] ; then
591 set_kernel_config CONFIG_BPF_SYSCALL y
591 set_kernel_config CONFIG_BPF_SYSCALL y
592 set_kernel_config CONFIG_BPF_EVENTS y
592 set_kernel_config CONFIG_BPF_EVENTS y
593 set_kernel_config CONFIG_BPF_STREAM_PARSER y
593 set_kernel_config CONFIG_BPF_STREAM_PARSER y
594 set_kernel_config CONFIG_CGROUP_BPF y
594 set_kernel_config CONFIG_CGROUP_BPF y
595 set_kernel_config CONFIG_XDP_SOCKETS y
595 set_kernel_config CONFIG_XDP_SOCKETS y
596 fi
596 fi
597
597
598 # KERNEL_DEFAULT_GOV was set by user
598 # KERNEL_DEFAULT_GOV was set by user
599 if [ "$KERNEL_DEFAULT_GOV" != powersave ] && [ -n "$KERNEL_DEFAULT_GOV" ] ; then
599 if [ "$KERNEL_DEFAULT_GOV" != powersave ] && [ -n "$KERNEL_DEFAULT_GOV" ] ; then
600
600
601 case "$KERNEL_DEFAULT_GOV" in
601 case "$KERNEL_DEFAULT_GOV" in
602 performance)
602 performance)
603 set_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_PERFORMANCE y
603 set_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_PERFORMANCE y
604 ;;
604 ;;
605 userspace)
605 userspace)
606 set_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_USERSPACE y
606 set_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_USERSPACE y
607 ;;
607 ;;
608 ondemand)
608 ondemand)
609 set_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_ONDEMAND y
609 set_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_ONDEMAND y
610 ;;
610 ;;
611 conservative)
611 conservative)
612 set_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_CONSERVATIVE y
612 set_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_CONSERVATIVE y
613 ;;
613 ;;
614 shedutil)
614 shedutil)
615 set_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_SCHEDUTIL y
615 set_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_SCHEDUTIL y
616 ;;
616 ;;
617 *)
617 *)
618 echo "error: unsupported default cpu governor"
618 echo "error: unsupported default cpu governor"
619 exit 1
619 exit 1
620 ;;
620 ;;
621 esac
621 esac
622
622
623 # unset previous default governor
623 # unset previous default governor
624 unset_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_POWERSAVE
624 unset_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_POWERSAVE
625 fi
625 fi
626
626
627 #Revert to previous directory
627 #Revert to previous directory
628 cd "${WORKDIR}" || exit
628 cd "${WORKDIR}" || exit
629
629
630 # Set kernel configuration parameters to enable qemu emulation
630 # Set kernel configuration parameters to enable qemu emulation
631 if [ "$ENABLE_QEMU" = true ] ; then
631 if [ "$ENABLE_QEMU" = true ] ; then
632 echo "CONFIG_FHANDLE=y" >> "${KERNEL_DIR}"/.config
632 echo "CONFIG_FHANDLE=y" >> "${KERNEL_DIR}"/.config
633 echo "CONFIG_LBDAF=y" >> "${KERNEL_DIR}"/.config
633 echo "CONFIG_LBDAF=y" >> "${KERNEL_DIR}"/.config
634
634
635 if [ "$ENABLE_CRYPTFS" = true ] ; then
635 if [ "$ENABLE_CRYPTFS" = true ] ; then
636 {
636 {
637 echo "CONFIG_EMBEDDED=y"
637 echo "CONFIG_EMBEDDED=y"
638 echo "CONFIG_EXPERT=y"
638 echo "CONFIG_EXPERT=y"
639 echo "CONFIG_DAX=y"
639 echo "CONFIG_DAX=y"
640 echo "CONFIG_MD=y"
640 echo "CONFIG_MD=y"
641 echo "CONFIG_BLK_DEV_MD=y"
641 echo "CONFIG_BLK_DEV_MD=y"
642 echo "CONFIG_MD_AUTODETECT=y"
642 echo "CONFIG_MD_AUTODETECT=y"
643 echo "CONFIG_BLK_DEV_DM=y"
643 echo "CONFIG_BLK_DEV_DM=y"
644 echo "CONFIG_BLK_DEV_DM_BUILTIN=y"
644 echo "CONFIG_BLK_DEV_DM_BUILTIN=y"
645 echo "CONFIG_DM_CRYPT=y"
645 echo "CONFIG_DM_CRYPT=y"
646 echo "CONFIG_CRYPTO_BLKCIPHER=y"
646 echo "CONFIG_CRYPTO_BLKCIPHER=y"
647 echo "CONFIG_CRYPTO_CBC=y"
647 echo "CONFIG_CRYPTO_CBC=y"
648 echo "CONFIG_CRYPTO_XTS=y"
648 echo "CONFIG_CRYPTO_XTS=y"
649 echo "CONFIG_CRYPTO_SHA512=y"
649 echo "CONFIG_CRYPTO_SHA512=y"
650 echo "CONFIG_CRYPTO_MANAGER=y"
650 echo "CONFIG_CRYPTO_MANAGER=y"
651 } >> "${KERNEL_DIR}"/.config
651 } >> "${KERNEL_DIR}"/.config
652 fi
652 fi
653 fi
653 fi
654
654
655 # Copy custom kernel configuration file
655 # Copy custom kernel configuration file
656 if [ -n "$KERNELSRC_USRCONFIG" ] ; then
656 if [ -n "$KERNELSRC_USRCONFIG" ] ; then
657 cp "$KERNELSRC_USRCONFIG" "${KERNEL_DIR}"/.config
657 cp "$KERNELSRC_USRCONFIG" "${KERNEL_DIR}"/.config
658 fi
658 fi
659
659
660 # Set kernel configuration parameters to their default values
660 # Set kernel configuration parameters to their default values
661 if [ "$KERNEL_OLDDEFCONFIG" = true ] ; then
661 if [ "$KERNEL_OLDDEFCONFIG" = true ] ; then
662 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" olddefconfig
662 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" olddefconfig
663 fi
663 fi
664
664
665 # Start menu-driven kernel configuration (interactive)
665 # Start menu-driven kernel configuration (interactive)
666 if [ "$KERNEL_MENUCONFIG" = true ] ; then
666 if [ "$KERNEL_MENUCONFIG" = true ] ; then
667 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" menuconfig
667 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" menuconfig
668 fi
668 fi
669 # end if "$KERNELSRC_CONFIG" = true
669 # end if "$KERNELSRC_CONFIG" = true
670 fi
670 fi
671
671
672 # Use ccache to cross compile the kernel
672 # Use ccache to cross compile the kernel
673 if [ "$KERNEL_CCACHE" = true ] ; then
673 if [ "$KERNEL_CCACHE" = true ] ; then
674 cc="ccache ${CROSS_COMPILE}gcc"
674 cc="ccache ${CROSS_COMPILE}gcc"
675 else
675 else
676 cc="${CROSS_COMPILE}gcc"
676 cc="${CROSS_COMPILE}gcc"
677 fi
677 fi
678
678
679 # Cross compile kernel and dtbs
679 # Cross compile kernel and dtbs
680 make -C "${KERNEL_DIR}" -j"${KERNEL_THREADS}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" CC="${cc}" "${KERNEL_BIN_IMAGE}" dtbs
680 make -C "${KERNEL_DIR}" -j"${KERNEL_THREADS}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" CC="${cc}" "${KERNEL_BIN_IMAGE}" dtbs
681
681
682 # Cross compile kernel modules
682 # Cross compile kernel modules
683 if grep -q "CONFIG_MODULES=y" "${KERNEL_DIR}/.config" ; then
683 if grep -q "CONFIG_MODULES=y" "${KERNEL_DIR}/.config" ; then
684 make -C "${KERNEL_DIR}" -j"${KERNEL_THREADS}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" CC="${cc}" modules
684 make -C "${KERNEL_DIR}" -j"${KERNEL_THREADS}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" CC="${cc}" modules
685 fi
685 fi
686 # end if "$KERNELSRC_PREBUILT" = false
686 # end if "$KERNELSRC_PREBUILT" = false
687 fi
687 fi
688
688
689 # Check if kernel compilation was successful
689 # Check if kernel compilation was successful
690 if [ ! -r "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/${KERNEL_BIN_IMAGE}" ] ; then
690 if [ ! -r "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/${KERNEL_BIN_IMAGE}" ] ; then
691 echo "error: kernel compilation failed! (kernel image not found)"
691 echo "error: kernel compilation failed! (kernel image not found)"
692 cleanup
692 cleanup
693 exit 1
693 exit 1
694 fi
694 fi
695
695
696 # Install kernel modules
696 # Install kernel modules
697 if [ "$ENABLE_REDUCE" = true ] ; then
697 if [ "$ENABLE_REDUCE" = true ] ; then
698 if grep -q "CONFIG_MODULES=y" "${KERNEL_DIR}/.config" ; then
698 if grep -q "CONFIG_MODULES=y" "${KERNEL_DIR}/.config" ; then
699 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_MOD_STRIP=1 INSTALL_MOD_PATH=../../.. modules_install
699 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_MOD_STRIP=1 INSTALL_MOD_PATH=../../.. modules_install
700 fi
700 fi
701 else
701 else
702 if grep -q "CONFIG_MODULES=y" "${KERNEL_DIR}/.config" ; then
702 if grep -q "CONFIG_MODULES=y" "${KERNEL_DIR}/.config" ; then
703 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_MOD_PATH=../../.. modules_install
703 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_MOD_PATH=../../.. modules_install
704 fi
704 fi
705
705
706 # Install kernel firmware
706 # Install kernel firmware
707 if grep -q "^firmware_install:" "${KERNEL_DIR}/Makefile" ; then
707 if grep -q "^firmware_install:" "${KERNEL_DIR}/Makefile" ; then
708 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_FW_PATH=../../../lib firmware_install
708 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_FW_PATH=../../../lib firmware_install
709 fi
709 fi
710 fi
710 fi
711
711
712 # Install kernel headers
712 # Install kernel headers
713 if [ "$KERNEL_HEADERS" = true ] && [ "$KERNEL_REDUCE" = false ] ; then
713 if [ "$KERNEL_HEADERS" = true ] && [ "$KERNEL_REDUCE" = false ] ; then
714 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_HDR_PATH=../.. headers_install
714 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_HDR_PATH=../.. headers_install
715 fi
715 fi
716
716
717 # Prepare boot (firmware) directory
717 # Prepare boot (firmware) directory
718 mkdir "${BOOT_DIR}"
718 mkdir "${BOOT_DIR}"
719
719
720 # Get kernel release version
720 # Get kernel release version
721 KERNEL_VERSION=$(cat "${KERNEL_DIR}/include/config/kernel.release")
721 KERNEL_VERSION=$(cat "${KERNEL_DIR}/include/config/kernel.release")
722
722
723 # Copy kernel configuration file to the boot directory
723 # Copy kernel configuration file to the boot directory
724 install_readonly "${KERNEL_DIR}/.config" "${R}/boot/config-${KERNEL_VERSION}"
724 install_readonly "${KERNEL_DIR}/.config" "${R}/boot/config-${KERNEL_VERSION}"
725
725
726 # Prepare device tree directory
726 # Prepare device tree directory
727 mkdir "${BOOT_DIR}/overlays"
727 mkdir "${BOOT_DIR}/overlays"
728
728
729 # Ensure the proper .dtb is located
729 # Ensure the proper .dtb is located
730 if [ "$KERNEL_ARCH" = "arm" ] ; then
730 if [ "$KERNEL_ARCH" = "arm" ] ; then
731 for dtb in "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/"*.dtb ; do
731 for dtb in "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/"*.dtb ; do
732 if [ -f "${dtb}" ] ; then
732 if [ -f "${dtb}" ] ; then
733 install_readonly "${dtb}" "${BOOT_DIR}/"
733 install_readonly "${dtb}" "${BOOT_DIR}/"
734 fi
734 fi
735 done
735 done
736 else
736 else
737 for dtb in "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/broadcom/"*.dtb ; do
737 for dtb in "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/broadcom/"*.dtb ; do
738 if [ -f "${dtb}" ] ; then
738 if [ -f "${dtb}" ] ; then
739 install_readonly "${dtb}" "${BOOT_DIR}/"
739 install_readonly "${dtb}" "${BOOT_DIR}/"
740 fi
740 fi
741 done
741 done
742 fi
742 fi
743
743
744 # Copy compiled dtb device tree files
744 # Copy compiled dtb device tree files
745 if [ -d "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays" ] ; then
745 if [ -d "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays" ] ; then
746 for dtb in "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays/"*.dtbo ; do
746 for dtb in "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays/"*.dtbo ; do
747 if [ -f "${dtb}" ] ; then
747 if [ -f "${dtb}" ] ; then
748 install_readonly "${dtb}" "${BOOT_DIR}/overlays/"
748 install_readonly "${dtb}" "${BOOT_DIR}/overlays/"
749 fi
749 fi
750 done
750 done
751
751
752 if [ -f "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays/README" ] ; then
752 if [ -f "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays/README" ] ; then
753 install_readonly "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays/README" "${BOOT_DIR}/overlays/README"
753 install_readonly "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays/README" "${BOOT_DIR}/overlays/README"
754 fi
754 fi
755 fi
755 fi
756
756
757 if [ "$ENABLE_UBOOT" = false ] ; then
757 if [ "$ENABLE_UBOOT" = false ] ; then
758 # Convert and copy kernel image to the boot directory
758 # Convert and copy kernel image to the boot directory
759 "${KERNEL_DIR}/scripts/mkknlimg" "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/${KERNEL_BIN_IMAGE}" "${BOOT_DIR}/${KERNEL_IMAGE}"
759 "${KERNEL_DIR}/scripts/mkknlimg" "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/${KERNEL_BIN_IMAGE}" "${BOOT_DIR}/${KERNEL_IMAGE}"
760 else
760 else
761 # Copy kernel image to the boot directory
761 # Copy kernel image to the boot directory
762 install_readonly "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/${KERNEL_BIN_IMAGE}" "${BOOT_DIR}/${KERNEL_IMAGE}"
762 install_readonly "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/${KERNEL_BIN_IMAGE}" "${BOOT_DIR}/${KERNEL_IMAGE}"
763 fi
763 fi
764
764
765 # Remove kernel sources
765 # Remove kernel sources
766 if [ "$KERNEL_REMOVESRC" = true ] ; then
766 if [ "$KERNEL_REMOVESRC" = true ] ; then
767 rm -fr "${KERNEL_DIR}"
767 rm -fr "${KERNEL_DIR}"
768 else
768 else
769 # Prepare compiled kernel modules
769 # Prepare compiled kernel modules
770 if grep -q "CONFIG_MODULES=y" "${KERNEL_DIR}/.config" ; then
770 if grep -q "CONFIG_MODULES=y" "${KERNEL_DIR}/.config" ; then
771 if grep -q "^modules_prepare:" "${KERNEL_DIR}/Makefile" ; then
771 if grep -q "^modules_prepare:" "${KERNEL_DIR}/Makefile" ; then
772 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" modules_prepare
772 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" modules_prepare
773 fi
773 fi
774
774
775 # Create symlinks for kernel modules
775 # Create symlinks for kernel modules
776 chroot_exec ln -sf /usr/src/linux "/lib/modules/${KERNEL_VERSION}/build"
776 chroot_exec ln -sf /usr/src/linux "/lib/modules/${KERNEL_VERSION}/build"
777 chroot_exec ln -sf /usr/src/linux "/lib/modules/${KERNEL_VERSION}/source"
777 chroot_exec ln -sf /usr/src/linux "/lib/modules/${KERNEL_VERSION}/source"
778 fi
778 fi
779 fi
779 fi
780
780
781 else # BUILD_KERNEL=false
781 else # BUILD_KERNEL=false
782 if [ "$SET_ARCH" = 64 ] ; then
782 if [ "$SET_ARCH" = 64 ] ; then
783 if [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then
783 if [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then
784 # Use Sakakis modified kernel if ZSWAP is active
784 # Use Sakakis modified kernel if ZSWAP is active
785 if [ "$KERNEL_ZSWAP" = true ] || [ "$KERNEL_VIRT" = true ] || [ "$KERNEL_NF" = true ] || [ "$KERNEL_BPF" = true ] ; then
785 if [ "$KERNEL_ZSWAP" = true ] || [ "$KERNEL_VIRT" = true ] || [ "$KERNEL_NF" = true ] || [ "$KERNEL_BPF" = true ] ; then
786 RPI3_64_KERNEL_URL="${RPI3_64_BIS_KERNEL_URL}"
786 RPI3_64_KERNEL_URL="${RPI3_64_BIS_KERNEL_URL}"
787 fi
787 fi
788
788
789 # Create temporary directory for dl
789 # Create temporary directory for dl
790 temp_dir=$(as_nobody mktemp -d)
790 temp_dir=$(as_nobody mktemp -d)
791
791
792 # Fetch kernel dl
792 # Fetch kernel dl
793 as_nobody wget -O "${temp_dir}"/kernel.tar.xz -c "$RPI3_64_KERNEL_URL"
793 as_nobody wget -O "${temp_dir}"/kernel.tar.xz -c "$RPI3_64_KERNEL_URL"
794 fi
794 fi
795 if [ "$SET_ARCH" = 64 ] && [ "$RPI_MODEL" = 4 ] ; then
795 if [ "$SET_ARCH" = 64 ] && [ "$RPI_MODEL" = 4 ] ; then
796 # Create temporary directory for dl
796 # Create temporary directory for dl
797 temp_dir=$(as_nobody mktemp -d)
797 temp_dir=$(as_nobody mktemp -d)
798
798
799 # Fetch kernel dl
799 # Fetch kernel dl
800 as_nobody wget -O "${temp_dir}"/kernel.tar.xz -c "$RPI4_64_KERNEL_URL"
800 as_nobody wget -O "${temp_dir}"/kernel.tar.xz -c "$RPI4_64_KERNEL_URL"
801 fi
801 fi
802
802
803 #extract download
803 #extract download
804 tar -xJf "${temp_dir}"/kernel.tar.xz -C "${temp_dir}"
804 tar -xJf "${temp_dir}"/kernel.tar.xz -C "${temp_dir}"
805
805
806 #move extracted kernel to /boot/firmware
806 #move extracted kernel to /boot/firmware
807 mkdir "${R}/boot/firmware"
807 mkdir "${R}/boot/firmware"
808 cp "${temp_dir}"/boot/* "${R}"/boot/firmware/
808 cp "${temp_dir}"/boot/* "${R}"/boot/firmware/
809 cp -r "${temp_dir}"/lib/* "${R}"/lib/
809 cp -r "${temp_dir}"/lib/* "${R}"/lib/
810
810
811 # Remove temporary directory for kernel sources
811 # Remove temporary directory for kernel sources
812 rm -fr "${temp_dir}"
812 rm -fr "${temp_dir}"
813
813
814 # Set permissions of the kernel sources
814 # Set permissions of the kernel sources
815 chown -R root:root "${R}/boot/firmware"
815 chown -R root:root "${R}/boot/firmware"
816 chown -R root:root "${R}/lib/modules"
816 chown -R root:root "${R}/lib/modules"
817 fi
817 fi
818
818
819 # Install Kernel from hypriot comptabile with all Raspberry PI (dunno if its compatible with RPI4 - better compile your own kernel)
819 # Install Kernel from hypriot comptabile with all Raspberry PI (dunno if its compatible with RPI4 - better compile your own kernel)
820 if [ "$SET_ARCH" = 32 ] && [ "$RPI_MODEL" != 4 ] ; then
820 if [ "$SET_ARCH" = 32 ] && [ "$RPI_MODEL" != 4 ] ; then
821 # Create temporary directory for dl
821 # Create temporary directory for dl
822 temp_dir=$(as_nobody mktemp -d)
822 temp_dir=$(as_nobody mktemp -d)
823
823
824 # Fetch kernel
824 # Fetch kernel
825 as_nobody wget -O "${temp_dir}"/kernel.deb -c "$RPI_32_KERNEL_URL"
825 as_nobody wget -O "${temp_dir}"/kernel.deb -c "$RPI_32_KERNEL_URL"
826
826
827 # Copy downloaded kernel package
827 # Copy downloaded kernel package
828 mv "${temp_dir}"/kernel.deb "${R}"/tmp/kernel.deb
828 mv "${temp_dir}"/kernel.deb "${R}"/tmp/kernel.deb
829
829
830 # Set permissions
830 # Set permissions
831 chown -R root:root "${R}"/tmp/kernel.deb
831 chown -R root:root "${R}"/tmp/kernel.deb
832
832
833 # Install kernel
833 # Install kernel
834 chroot_exec dpkg -i /tmp/kernel.deb
834 chroot_exec dpkg -i /tmp/kernel.deb
835
835
836 # move /boot to /boot/firmware to fit script env.
836 # move /boot to /boot/firmware to fit script env.
837 #mkdir "${BOOT_DIR}"
837 #mkdir "${BOOT_DIR}"
838 mkdir "${temp_dir}"/firmware
838 mkdir "${temp_dir}"/firmware
839 mv "${R}"/boot/* "${temp_dir}"/firmware/
839 mv "${R}"/boot/* "${temp_dir}"/firmware/
840 mv "${temp_dir}"/firmware "${R}"/boot/
840 mv "${temp_dir}"/firmware "${R}"/boot/
841
841
842 #same for kernel headers
842 #same for kernel headers
843 if [ "$KERNEL_HEADERS" = true ] ; then
843 if [ "$KERNEL_HEADERS" = true ] ; then
844 # Fetch kernel header
844 # Fetch kernel header
845 as_nobody wget -O "${temp_dir}"/kernel-header.deb -c "$RPI_32_KERNELHEADER_URL"
845 as_nobody wget -O "${temp_dir}"/kernel-header.deb -c "$RPI_32_KERNELHEADER_URL"
846 mv "${temp_dir}"/kernel-header.deb "${R}"/tmp/kernel-header.deb
846 mv "${temp_dir}"/kernel-header.deb "${R}"/tmp/kernel-header.deb
847 chown -R root:root "${R}"/tmp/kernel-header.deb
847 chown -R root:root "${R}"/tmp/kernel-header.deb
848 # Install kernel header
848 # Install kernel header
849 chroot_exec dpkg -i /tmp/kernel-header.deb
849 chroot_exec dpkg -i /tmp/kernel-header.deb
850 rm -f "${R}"/tmp/kernel-header.deb
850 rm -f "${R}"/tmp/kernel-header.deb
851 fi
851 fi
852
852
853 # Remove temporary directory and files
853 # Remove temporary directory and files
854 rm -fr "${temp_dir}"
854 rm -fr "${temp_dir}"
855 rm -f "${R}"/tmp/kernel.deb
855 rm -f "${R}"/tmp/kernel.deb
856 fi
856 fi
857
857
858 # Check if kernel installation was successful
858 # Check if kernel installation was successful
859 KERNEL="$(ls -1 "${R}"/boot/firmware/kernel* | sort | tail -n 1)"
859 KERNEL="$(ls -1 "${R}"/boot/firmware/kernel* | sort | tail -n 1)"
860 if [ -z "$KERNEL" ] ; then
860 if [ -z "$KERNEL" ] ; then
861 echo "error: kernel installation failed! (/boot/kernel* not found)"
861 echo "error: kernel installation failed! (/boot/kernel* not found)"
862 cleanup
862 cleanup
863 exit 1
863 exit 1
864 fi
864 fi
865 fi
865 fi
@@ -1,890 +1,892
1 #!/bin/sh
1 #!/bin/sh
2 ########################################################################
2 ########################################################################
3 # rpi23-gen-image.sh 2015-2017
3 # rpi23-gen-image.sh 2015-2017
4 #
4 #
5 # Advanced Debian "stretch" and "buster" bootstrap script for Raspberry Pi
5 # Advanced Debian "stretch" and "buster" bootstrap script for Raspberry Pi
6 #
6 #
7 # This program is free software; you can redistribute it and/or
7 # This program is free software; you can redistribute it and/or
8 # modify it under the terms of the GNU General Public License
8 # modify it under the terms of the GNU General Public License
9 # as published by the Free Software Foundation; either version 2
9 # as published by the Free Software Foundation; either version 2
10 # of the License, or (at your option) any later version.
10 # of the License, or (at your option) any later version.
11 #
11 #
12 # Copyright (C) 2015 Jan Wagner <mail@jwagner.eu>
12 # Copyright (C) 2015 Jan Wagner <mail@jwagner.eu>
13 #
13 #
14 # Big thanks for patches and enhancements by 20+ github contributors!
14 # Big thanks for patches and enhancements by 20+ github contributors!
15 ########################################################################
15 ########################################################################
16
16
17 # Are we running as root?
17 # Are we running as root?
18 if [ "$(id -u)" -ne "0" ] ; then
18 if [ "$(id -u)" -ne "0" ] ; then
19 echo "error: this script must be executed with root privileges!"
19 echo "error: this script must be executed with root privileges!"
20 exit 1
20 exit 1
21 fi
21 fi
22
22
23 # Check if ./functions.sh script exists
23 # Check if ./functions.sh script exists
24 if [ ! -r "./functions.sh" ] ; then
24 if [ ! -r "./functions.sh" ] ; then
25 echo "error: './functions.sh' required script not found!"
25 echo "error: './functions.sh' required script not found!"
26 exit 1
26 exit 1
27 fi
27 fi
28
28
29 # Load utility functions
29 # Load utility functions
30 . ./functions.sh
30 . ./functions.sh
31
31
32 # Load parameters from configuration template file
32 # Load parameters from configuration template file
33 if [ -n "$CONFIG_TEMPLATE" ] ; then
33 if [ -n "$CONFIG_TEMPLATE" ] ; then
34 use_template
34 use_template
35 fi
35 fi
36
36
37 # Introduce settings
37 # Introduce settings
38 set -e
38 set -e
39 echo -n -e "\n#\n# RPi 0/1/2/3 Bootstrap Settings\n#\n"
39 echo -n -e "\n#\n# RPi 0/1/2/3 Bootstrap Settings\n#\n"
40 set -x
40 set -x
41
41
42 # Raspberry Pi model configuration
42 # Raspberry Pi model configuration
43 RPI_MODEL=${RPI_MODEL:=2}
43 RPI_MODEL=${RPI_MODEL:=2}
44
44
45 # Debian release
45 # Debian release
46 RELEASE=${RELEASE:=buster}
46 RELEASE=${RELEASE:=buster}
47 if [ $RELEASE = "bullseye" ] ; then
48 RELEASE=testing
49 fi
47
50
48 # Kernel Branch
51 # Kernel Branch
49 KERNEL_BRANCH=${KERNEL_BRANCH:=""}
52 KERNEL_BRANCH=${KERNEL_BRANCH:=""}
50
53
51 # URLs
54 # URLs
52 KERNEL_URL=${KERNEL_URL:=https://github.com/raspberrypi/linux}
55 KERNEL_URL=${KERNEL_URL:=https://github.com/raspberrypi/linux}
53 FIRMWARE_URL=${FIRMWARE_URL:=https://github.com/raspberrypi/firmware/raw/master/boot}
56 FIRMWARE_URL=${FIRMWARE_URL:=https://github.com/raspberrypi/firmware/raw/master/boot}
54 WLAN_FIRMWARE_URL=${WLAN_FIRMWARE_URL:=https://github.com/RPi-Distro/firmware-nonfree/raw/master/brcm}
57 WLAN_FIRMWARE_URL=${WLAN_FIRMWARE_URL:=https://github.com/RPi-Distro/firmware-nonfree/raw/master/brcm}
55 COLLABORA_URL=${COLLABORA_URL:=https://repositories.collabora.co.uk/debian}
56 FBTURBO_URL=${FBTURBO_URL:=https://github.com/ssvb/xf86-video-fbturbo.git}
58 FBTURBO_URL=${FBTURBO_URL:=https://github.com/ssvb/xf86-video-fbturbo.git}
57 UBOOT_URL=${UBOOT_URL:=https://git.denx.de/u-boot.git}
59 UBOOT_URL=${UBOOT_URL:=https://git.denx.de/u-boot.git}
58 VIDEOCORE_URL=${VIDEOCORE_URL:=https://github.com/raspberrypi/userland}
60 VIDEOCORE_URL=${VIDEOCORE_URL:=https://github.com/raspberrypi/userland}
59 BLUETOOTH_URL=${BLUETOOTH_URL:=https://github.com/RPi-Distro/pi-bluetooth.git}
61 BLUETOOTH_URL=${BLUETOOTH_URL:=https://github.com/RPi-Distro/pi-bluetooth.git}
60 NEXMON_URL=${NEXMON_URL:=https://github.com/seemoo-lab/nexmon.git}
62 NEXMON_URL=${NEXMON_URL:=https://github.com/seemoo-lab/nexmon.git}
61 SYSTEMDSWAP_URL=${SYSTEMDSWAP_URL:=https://github.com/Nefelim4ag/systemd-swap.git}
63 SYSTEMDSWAP_URL=${SYSTEMDSWAP_URL:=https://github.com/Nefelim4ag/systemd-swap.git}
62
64
63 # Kernel deb packages for 32bit kernel
65 # Kernel deb packages for 32bit kernel
64 RPI_32_KERNEL_URL=${RPI_32_KERNEL_URL:=https://github.com/hypriot/rpi-kernel/releases/download/v4.14.34/raspberrypi-kernel_20180422-141901_armhf.deb}
66 RPI_32_KERNEL_URL=${RPI_32_KERNEL_URL:=https://github.com/hypriot/rpi-kernel/releases/download/v4.14.34/raspberrypi-kernel_20180422-141901_armhf.deb}
65 RPI_32_KERNELHEADER_URL=${RPI_32_KERNELHEADER_URL:=https://github.com/hypriot/rpi-kernel/releases/download/v4.14.34/raspberrypi-kernel-headers_20180422-141901_armhf.deb}
67 RPI_32_KERNELHEADER_URL=${RPI_32_KERNELHEADER_URL:=https://github.com/hypriot/rpi-kernel/releases/download/v4.14.34/raspberrypi-kernel-headers_20180422-141901_armhf.deb}
66 # Kernel has KVM and zswap enabled - use if KERNEL_* parameters and precompiled kernel are used
68 # Kernel has KVM and zswap enabled - use if KERNEL_* parameters and precompiled kernel are used
67 RPI3_64_BIS_KERNEL_URL=${RPI3_64_BIS_KERNEL_URL:=https://github.com/sakaki-/bcmrpi3-kernel-bis/releases/download/4.19.80.20191022/bcmrpi3-kernel-bis-4.19.80.20191022.tar.xz}
69 RPI3_64_BIS_KERNEL_URL=${RPI3_64_BIS_KERNEL_URL:=https://github.com/sakaki-/bcmrpi3-kernel-bis/releases/download/4.19.80.20191022/bcmrpi3-kernel-bis-4.19.80.20191022.tar.xz}
68 # Default precompiled 64bit kernel
70 # Default precompiled 64bit kernel
69 RPI3_64_DEF_KERNEL_URL=${RPI3_64_DEF_KERNEL_URL:=https://github.com/sakaki-/bcmrpi3-kernel/releases/download/4.19.80.20191022/bcmrpi3-kernel-4.19.80.20191022.tar.xz}
71 RPI3_64_DEF_KERNEL_URL=${RPI3_64_DEF_KERNEL_URL:=https://github.com/sakaki-/bcmrpi3-kernel/releases/download/4.19.80.20191022/bcmrpi3-kernel-4.19.80.20191022.tar.xz}
70 # Sakaki BIS Kernel RPI4 - https://github.com/sakaki-/bcm2711-kernel-bis
72 # Sakaki BIS Kernel RPI4 - https://github.com/sakaki-/bcm2711-kernel-bis
71 RPI4_64_BIS_KERNEL_URL=${RPI4_64_BIS_KERNEL_URL:=https://github.com/sakaki-/bcm2711-kernel-bis/releases/download/4.19.59.20190724/bcm2711-kernel-bis-4.19.59.20190724.tar.xz}
73 RPI4_64_BIS_KERNEL_URL=${RPI4_64_BIS_KERNEL_URL:=https://github.com/sakaki-/bcm2711-kernel-bis/releases/download/4.19.59.20190724/bcm2711-kernel-bis-4.19.59.20190724.tar.xz}
72 # Default precompiled 64bit kernel - https://github.com/sakaki-/bcm2711-kernel
74 # Default precompiled 64bit kernel - https://github.com/sakaki-/bcm2711-kernel
73 RPI4_64_DEF_KERNEL_URL=${RPI4_64_DEF_KERNEL_URL:=https://github.com/sakaki-/bcm2711-kernel-bis/releases/download/4.19.59.20190724/bcm2711-kernel-bis-4.19.59.20190724.tar.xz}
75 RPI4_64_DEF_KERNEL_URL=${RPI4_64_DEF_KERNEL_URL:=https://github.com/sakaki-/bcm2711-kernel-bis/releases/download/4.19.59.20190724/bcm2711-kernel-bis-4.19.59.20190724.tar.xz}
74 # Generic
76 # Generic
75 RPI3_64_KERNEL_URL=${RPI3_64_KERNEL_URL:=$RPI3_64_DEF_KERNEL_URL}
77 RPI3_64_KERNEL_URL=${RPI3_64_KERNEL_URL:=$RPI3_64_DEF_KERNEL_URL}
76 RPI4_64_KERNEL_URL=${RPI4_64_KERNEL_URL:=$RPI4_64_DEF_KERNEL_URL}
78 RPI4_64_KERNEL_URL=${RPI4_64_KERNEL_URL:=$RPI4_64_DEF_KERNEL_URL}
77 # Kali kernel src - used if ENABLE_NEXMON=true (they patch the wlan kernel modul)
79 # Kali kernel src - used if ENABLE_NEXMON=true (they patch the wlan kernel modul)
78 KALI_KERNEL_URL=${KALI_KERNEL_URL:=https://github.com/Re4son/re4son-raspberrypi-linux.git}
80 KALI_KERNEL_URL=${KALI_KERNEL_URL:=https://github.com/Re4son/re4son-raspberrypi-linux.git}
79
81
80 # Build directories
82 # Build directories
81 WORKDIR=$(pwd)
83 WORKDIR=$(pwd)
82 BASEDIR=${BASEDIR:=${WORKDIR}/images/${RELEASE}}
84 BASEDIR=${BASEDIR:=${WORKDIR}/images/${RELEASE}}
83 BUILDDIR="${BASEDIR}/build"
85 BUILDDIR="${BASEDIR}/build"
84
86
85 # Chroot directories
87 # Chroot directories
86 R="${BUILDDIR}/chroot"
88 R="${BUILDDIR}/chroot"
87 ETC_DIR="${R}/etc"
89 ETC_DIR="${R}/etc"
88 LIB_DIR="${R}/lib"
90 LIB_DIR="${R}/lib"
89 BOOT_DIR="${R}/boot/firmware"
91 BOOT_DIR="${R}/boot/firmware"
90 KERNEL_DIR="${R}/usr/src/linux"
92 KERNEL_DIR="${R}/usr/src/linux"
91 WLAN_FIRMWARE_DIR="${LIB_DIR}/firmware/brcm"
93 WLAN_FIRMWARE_DIR="${LIB_DIR}/firmware/brcm"
92 BLUETOOTH_FIRMWARE_DIR="${ETC_DIR}/firmware/bt"
94 BLUETOOTH_FIRMWARE_DIR="${ETC_DIR}/firmware/bt"
93
95
94 # Firmware directory: Blank if download from github
96 # Firmware directory: Blank if download from github
95 RPI_FIRMWARE_DIR=${RPI_FIRMWARE_DIR:=""}
97 RPI_FIRMWARE_DIR=${RPI_FIRMWARE_DIR:=""}
96
98
97 # General settings
99 # General settings
98 SET_ARCH=${SET_ARCH:=32}
100 SET_ARCH=${SET_ARCH:=32}
99 HOSTNAME=${HOSTNAME:=rpi${RPI_MODEL}-${RELEASE}}
101 HOSTNAME=${HOSTNAME:=rpi${RPI_MODEL}-${RELEASE}}
100 PASSWORD=${PASSWORD:=raspberry}
102 PASSWORD=${PASSWORD:=raspberry}
101 USER_PASSWORD=${USER_PASSWORD:=raspberry}
103 USER_PASSWORD=${USER_PASSWORD:=raspberry}
102 DEFLOCAL=${DEFLOCAL:="en_US.UTF-8"}
104 DEFLOCAL=${DEFLOCAL:="en_US.UTF-8"}
103 TIMEZONE=${TIMEZONE:="Europe/Berlin"}
105 TIMEZONE=${TIMEZONE:="Europe/Berlin"}
104 EXPANDROOT=${EXPANDROOT:=true}
106 EXPANDROOT=${EXPANDROOT:=true}
105 ENABLE_DPHYSSWAP=${ENABLE_DPHYSSWAP:=true}
107 ENABLE_DPHYSSWAP=${ENABLE_DPHYSSWAP:=true}
106
108
107 # Keyboard settings
109 # Keyboard settings
108 XKB_MODEL=${XKB_MODEL:=""}
110 XKB_MODEL=${XKB_MODEL:=""}
109 XKB_LAYOUT=${XKB_LAYOUT:=""}
111 XKB_LAYOUT=${XKB_LAYOUT:=""}
110 XKB_VARIANT=${XKB_VARIANT:=""}
112 XKB_VARIANT=${XKB_VARIANT:=""}
111 XKB_OPTIONS=${XKB_OPTIONS:=""}
113 XKB_OPTIONS=${XKB_OPTIONS:=""}
112
114
113 # Network settings (DHCP)
115 # Network settings (DHCP)
114 ENABLE_DHCP=${ENABLE_DHCP:=true}
116 ENABLE_DHCP=${ENABLE_DHCP:=true}
115
117
116 # Network settings (static)
118 # Network settings (static)
117 NET_ADDRESS=${NET_ADDRESS:=""}
119 NET_ADDRESS=${NET_ADDRESS:=""}
118 NET_GATEWAY=${NET_GATEWAY:=""}
120 NET_GATEWAY=${NET_GATEWAY:=""}
119 NET_DNS_1=${NET_DNS_1:=""}
121 NET_DNS_1=${NET_DNS_1:=""}
120 NET_DNS_2=${NET_DNS_2:=""}
122 NET_DNS_2=${NET_DNS_2:=""}
121 NET_DNS_DOMAINS=${NET_DNS_DOMAINS:=""}
123 NET_DNS_DOMAINS=${NET_DNS_DOMAINS:=""}
122 NET_NTP_1=${NET_NTP_1:=""}
124 NET_NTP_1=${NET_NTP_1:=""}
123 NET_NTP_2=${NET_NTP_2:=""}
125 NET_NTP_2=${NET_NTP_2:=""}
124
126
125 # APT settings
127 # APT settings
126 APT_PROXY=${APT_PROXY:=""}
128 APT_PROXY=${APT_PROXY:=""}
127 APT_SERVER=${APT_SERVER:="ftp.debian.org"}
129 APT_SERVER=${APT_SERVER:="ftp.debian.org"}
128 KEEP_APT_PROXY=${KEEP_APT_PROXY:=false}
130 KEEP_APT_PROXY=${KEEP_APT_PROXY:=false}
129
131
130 # Feature settings
132 # Feature settings
131 ENABLE_PRINTK=${ENABLE_PRINTK:=false}
133 ENABLE_PRINTK=${ENABLE_PRINTK:=false}
132 ENABLE_BLUETOOTH=${ENABLE_BLUETOOTH:=false}
134 ENABLE_BLUETOOTH=${ENABLE_BLUETOOTH:=false}
133 ENABLE_MINIUART_OVERLAY=${ENABLE_MINIUART_OVERLAY:=false}
135 ENABLE_MINIUART_OVERLAY=${ENABLE_MINIUART_OVERLAY:=false}
134 ENABLE_CONSOLE=${ENABLE_CONSOLE:=true}
136 ENABLE_CONSOLE=${ENABLE_CONSOLE:=true}
135 ENABLE_I2C=${ENABLE_I2C:=false}
137 ENABLE_I2C=${ENABLE_I2C:=false}
136 ENABLE_SPI=${ENABLE_SPI:=false}
138 ENABLE_SPI=${ENABLE_SPI:=false}
137 ENABLE_IPV6=${ENABLE_IPV6:=true}
139 ENABLE_IPV6=${ENABLE_IPV6:=true}
138 ENABLE_SSHD=${ENABLE_SSHD:=true}
140 ENABLE_SSHD=${ENABLE_SSHD:=true}
139 ENABLE_NONFREE=${ENABLE_NONFREE:=false}
141 ENABLE_NONFREE=${ENABLE_NONFREE:=false}
140 ENABLE_WIRELESS=${ENABLE_WIRELESS:=false}
142 ENABLE_WIRELESS=${ENABLE_WIRELESS:=false}
141 ENABLE_SOUND=${ENABLE_SOUND:=true}
143 ENABLE_SOUND=${ENABLE_SOUND:=true}
142 ENABLE_DBUS=${ENABLE_DBUS:=true}
144 ENABLE_DBUS=${ENABLE_DBUS:=true}
143 ENABLE_HWRANDOM=${ENABLE_HWRANDOM:=true}
145 ENABLE_HWRANDOM=${ENABLE_HWRANDOM:=true}
144 ENABLE_MINGPU=${ENABLE_MINGPU:=false}
146 ENABLE_MINGPU=${ENABLE_MINGPU:=false}
145 ENABLE_XORG=${ENABLE_XORG:=false}
147 ENABLE_XORG=${ENABLE_XORG:=false}
146 ENABLE_WM=${ENABLE_WM:=""}
148 ENABLE_WM=${ENABLE_WM:=""}
147 ENABLE_RSYSLOG=${ENABLE_RSYSLOG:=true}
149 ENABLE_RSYSLOG=${ENABLE_RSYSLOG:=true}
148 ENABLE_USER=${ENABLE_USER:=true}
150 ENABLE_USER=${ENABLE_USER:=true}
149 USER_NAME=${USER_NAME:="pi"}
151 USER_NAME=${USER_NAME:="pi"}
150 ENABLE_ROOT=${ENABLE_ROOT:=false}
152 ENABLE_ROOT=${ENABLE_ROOT:=false}
151 ENABLE_QEMU=${ENABLE_QEMU:=false}
153 ENABLE_QEMU=${ENABLE_QEMU:=false}
152 ENABLE_SYSVINIT=${ENABLE_SYSVINIT:=false}
154 ENABLE_SYSVINIT=${ENABLE_SYSVINIT:=false}
153
155
154 # SSH settings
156 # SSH settings
155 SSH_ENABLE_ROOT=${SSH_ENABLE_ROOT:=false}
157 SSH_ENABLE_ROOT=${SSH_ENABLE_ROOT:=false}
156 SSH_DISABLE_PASSWORD_AUTH=${SSH_DISABLE_PASSWORD_AUTH:=false}
158 SSH_DISABLE_PASSWORD_AUTH=${SSH_DISABLE_PASSWORD_AUTH:=false}
157 SSH_LIMIT_USERS=${SSH_LIMIT_USERS:=false}
159 SSH_LIMIT_USERS=${SSH_LIMIT_USERS:=false}
158 SSH_ROOT_PUB_KEY=${SSH_ROOT_PUB_KEY:=""}
160 SSH_ROOT_PUB_KEY=${SSH_ROOT_PUB_KEY:=""}
159 SSH_USER_PUB_KEY=${SSH_USER_PUB_KEY:=""}
161 SSH_USER_PUB_KEY=${SSH_USER_PUB_KEY:=""}
160
162
161 # Advanced settings
163 # Advanced settings
162 ENABLE_SYSTEMDSWAP=${ENABLE_SYSTEMDSWAP:=false}
164 ENABLE_SYSTEMDSWAP=${ENABLE_SYSTEMDSWAP:=false}
163 ENABLE_MINBASE=${ENABLE_MINBASE:=false}
165 ENABLE_MINBASE=${ENABLE_MINBASE:=false}
164 ENABLE_REDUCE=${ENABLE_REDUCE:=false}
166 ENABLE_REDUCE=${ENABLE_REDUCE:=false}
165 ENABLE_UBOOT=${ENABLE_UBOOT:=false}
167 ENABLE_UBOOT=${ENABLE_UBOOT:=false}
166 UBOOTSRC_DIR=${UBOOTSRC_DIR:=""}
168 UBOOTSRC_DIR=${UBOOTSRC_DIR:=""}
167 ENABLE_USBBOOT=${ENABLE_USBBOOT=false}
169 ENABLE_USBBOOT=${ENABLE_USBBOOT=false}
168 ENABLE_FBTURBO=${ENABLE_FBTURBO:=false}
170 ENABLE_FBTURBO=${ENABLE_FBTURBO:=false}
169 ENABLE_VIDEOCORE=${ENABLE_VIDEOCORE:=false}
171 ENABLE_VIDEOCORE=${ENABLE_VIDEOCORE:=false}
170 ENABLE_NEXMON=${ENABLE_NEXMON:=false}
172 ENABLE_NEXMON=${ENABLE_NEXMON:=false}
171 VIDEOCORESRC_DIR=${VIDEOCORESRC_DIR:=""}
173 VIDEOCORESRC_DIR=${VIDEOCORESRC_DIR:=""}
172 FBTURBOSRC_DIR=${FBTURBOSRC_DIR:=""}
174 FBTURBOSRC_DIR=${FBTURBOSRC_DIR:=""}
173 NEXMONSRC_DIR=${NEXMONSRC_DIR:=""}
175 NEXMONSRC_DIR=${NEXMONSRC_DIR:=""}
174 ENABLE_HARDNET=${ENABLE_HARDNET:=false}
176 ENABLE_HARDNET=${ENABLE_HARDNET:=false}
175 ENABLE_IPTABLES=${ENABLE_IPTABLES:=false}
177 ENABLE_IPTABLES=${ENABLE_IPTABLES:=false}
176 ENABLE_SPLITFS=${ENABLE_SPLITFS:=false}
178 ENABLE_SPLITFS=${ENABLE_SPLITFS:=false}
177 ENABLE_INITRAMFS=${ENABLE_INITRAMFS:=false}
179 ENABLE_INITRAMFS=${ENABLE_INITRAMFS:=false}
178 ENABLE_IFNAMES=${ENABLE_IFNAMES:=true}
180 ENABLE_IFNAMES=${ENABLE_IFNAMES:=true}
179 ENABLE_SPLASH=${ENABLE_SPLASH:=true}
181 ENABLE_SPLASH=${ENABLE_SPLASH:=true}
180 ENABLE_LOGO=${ENABLE_LOGO:=true}
182 ENABLE_LOGO=${ENABLE_LOGO:=true}
181 ENABLE_SILENT_BOOT=${ENABLE_SILENT_BOOT=false}
183 ENABLE_SILENT_BOOT=${ENABLE_SILENT_BOOT=false}
182 DISABLE_UNDERVOLT_WARNINGS=${DISABLE_UNDERVOLT_WARNINGS:=}
184 DISABLE_UNDERVOLT_WARNINGS=${DISABLE_UNDERVOLT_WARNINGS:=}
183
185
184 # Kernel compilation settings
186 # Kernel compilation settings
185 BUILD_KERNEL=${BUILD_KERNEL:=true}
187 BUILD_KERNEL=${BUILD_KERNEL:=true}
186 KERNEL_REDUCE=${KERNEL_REDUCE:=false}
188 KERNEL_REDUCE=${KERNEL_REDUCE:=false}
187 KERNEL_THREADS=${KERNEL_THREADS:=1}
189 KERNEL_THREADS=${KERNEL_THREADS:=1}
188 KERNEL_HEADERS=${KERNEL_HEADERS:=true}
190 KERNEL_HEADERS=${KERNEL_HEADERS:=true}
189 KERNEL_MENUCONFIG=${KERNEL_MENUCONFIG:=false}
191 KERNEL_MENUCONFIG=${KERNEL_MENUCONFIG:=false}
190 KERNEL_REMOVESRC=${KERNEL_REMOVESRC:=true}
192 KERNEL_REMOVESRC=${KERNEL_REMOVESRC:=true}
191 KERNEL_OLDDEFCONFIG=${KERNEL_OLDDEFCONFIG:=false}
193 KERNEL_OLDDEFCONFIG=${KERNEL_OLDDEFCONFIG:=false}
192 KERNEL_CCACHE=${KERNEL_CCACHE:=false}
194 KERNEL_CCACHE=${KERNEL_CCACHE:=false}
193 KERNEL_ZSWAP=${KERNEL_ZSWAP:=false}
195 KERNEL_ZSWAP=${KERNEL_ZSWAP:=false}
194 KERNEL_VIRT=${KERNEL_VIRT:=false}
196 KERNEL_VIRT=${KERNEL_VIRT:=false}
195 KERNEL_BPF=${KERNEL_BPF:=false}
197 KERNEL_BPF=${KERNEL_BPF:=false}
196 KERNEL_DEFAULT_GOV=${KERNEL_DEFAULT_GOV:=ondemand}
198 KERNEL_DEFAULT_GOV=${KERNEL_DEFAULT_GOV:=ondemand}
197 KERNEL_SECURITY=${KERNEL_SECURITY:=false}
199 KERNEL_SECURITY=${KERNEL_SECURITY:=false}
198 KERNEL_NF=${KERNEL_NF:=false}
200 KERNEL_NF=${KERNEL_NF:=false}
199
201
200 # Kernel compilation from source directory settings
202 # Kernel compilation from source directory settings
201 KERNELSRC_DIR=${KERNELSRC_DIR:=""}
203 KERNELSRC_DIR=${KERNELSRC_DIR:=""}
202 KERNELSRC_CLEAN=${KERNELSRC_CLEAN:=false}
204 KERNELSRC_CLEAN=${KERNELSRC_CLEAN:=false}
203 KERNELSRC_CONFIG=${KERNELSRC_CONFIG:=true}
205 KERNELSRC_CONFIG=${KERNELSRC_CONFIG:=true}
204 KERNELSRC_PREBUILT=${KERNELSRC_PREBUILT:=false}
206 KERNELSRC_PREBUILT=${KERNELSRC_PREBUILT:=false}
205
207
206 # Reduce disk usage settings
208 # Reduce disk usage settings
207 REDUCE_APT=${REDUCE_APT:=true}
209 REDUCE_APT=${REDUCE_APT:=true}
208 REDUCE_DOC=${REDUCE_DOC:=true}
210 REDUCE_DOC=${REDUCE_DOC:=true}
209 REDUCE_MAN=${REDUCE_MAN:=true}
211 REDUCE_MAN=${REDUCE_MAN:=true}
210 REDUCE_VIM=${REDUCE_VIM:=false}
212 REDUCE_VIM=${REDUCE_VIM:=false}
211 REDUCE_BASH=${REDUCE_BASH:=false}
213 REDUCE_BASH=${REDUCE_BASH:=false}
212 REDUCE_HWDB=${REDUCE_HWDB:=true}
214 REDUCE_HWDB=${REDUCE_HWDB:=true}
213 REDUCE_SSHD=${REDUCE_SSHD:=true}
215 REDUCE_SSHD=${REDUCE_SSHD:=true}
214 REDUCE_LOCALE=${REDUCE_LOCALE:=true}
216 REDUCE_LOCALE=${REDUCE_LOCALE:=true}
215
217
216 # Encrypted filesystem settings
218 # Encrypted filesystem settings
217 ENABLE_CRYPTFS=${ENABLE_CRYPTFS:=false}
219 ENABLE_CRYPTFS=${ENABLE_CRYPTFS:=false}
218 CRYPTFS_PASSWORD=${CRYPTFS_PASSWORD:=""}
220 CRYPTFS_PASSWORD=${CRYPTFS_PASSWORD:=""}
219 CRYPTFS_MAPPING=${CRYPTFS_MAPPING:="secure"}
221 CRYPTFS_MAPPING=${CRYPTFS_MAPPING:="secure"}
220 CRYPTFS_CIPHER=${CRYPTFS_CIPHER:="aes-xts-plain64:sha512"}
222 CRYPTFS_CIPHER=${CRYPTFS_CIPHER:="aes-xts-plain64:sha512"}
221 CRYPTFS_XTSKEYSIZE=${CRYPTFS_XTSKEYSIZE:=512}
223 CRYPTFS_XTSKEYSIZE=${CRYPTFS_XTSKEYSIZE:=512}
222 #Dropbear-initramfs supports unlocking encrypted filesystem via SSH on bootup
224 #Dropbear-initramfs supports unlocking encrypted filesystem via SSH on bootup
223 CRYPTFS_DROPBEAR=${CRYPTFS_DROPBEAR:=false}
225 CRYPTFS_DROPBEAR=${CRYPTFS_DROPBEAR:=false}
224 #Provide your own Dropbear Public RSA-OpenSSH Key otherwise it will be generated
226 #Provide your own Dropbear Public RSA-OpenSSH Key otherwise it will be generated
225 CRYPTFS_DROPBEAR_PUBKEY=${CRYPTFS_DROPBEAR_PUBKEY:=""}
227 CRYPTFS_DROPBEAR_PUBKEY=${CRYPTFS_DROPBEAR_PUBKEY:=""}
226
228
227 # Chroot scripts directory
229 # Chroot scripts directory
228 CHROOT_SCRIPTS=${CHROOT_SCRIPTS:=""}
230 CHROOT_SCRIPTS=${CHROOT_SCRIPTS:=""}
229
231
230 # Packages required in the chroot build environment
232 # Packages required in the chroot build environment
231 APT_INCLUDES=${APT_INCLUDES:=""}
233 APT_INCLUDES=${APT_INCLUDES:=""}
232 APT_INCLUDES="${APT_INCLUDES},flex,bison,libssl-dev,apt-transport-https,apt-utils,ca-certificates,debian-archive-keyring,dialog,sudo,systemd,sysvinit-utils,locales,keyboard-configuration,console-setup,libnss-systemd"
234 APT_INCLUDES="${APT_INCLUDES},flex,bison,libssl-dev,apt-transport-https,apt-utils,ca-certificates,debian-archive-keyring,dialog,sudo,systemd,sysvinit-utils,locales,keyboard-configuration,console-setup,libnss-systemd"
233
235
234 # Packages to exclude from chroot build environment
236 # Packages to exclude from chroot build environment
235 APT_EXCLUDES=${APT_EXCLUDES:=""}
237 APT_EXCLUDES=${APT_EXCLUDES:=""}
236
238
237 # Packages required for bootstrapping
239 # Packages required for bootstrapping
238 REQUIRED_PACKAGES="debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git bc psmisc dbus sudo"
240 REQUIRED_PACKAGES="debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git bc psmisc dbus sudo"
239 MISSING_PACKAGES=""
241 MISSING_PACKAGES=""
240
242
241 # Packages installed for c/c++ build environment in chroot (keep empty)
243 # Packages installed for c/c++ build environment in chroot (keep empty)
242 COMPILER_PACKAGES=""
244 COMPILER_PACKAGES=""
243
245
244 # Check if apt-cacher-ng has port 3142 open and set APT_PROXY
246 # Check if apt-cacher-ng has port 3142 open and set APT_PROXY
245 APT_CACHER_RUNNING=$(lsof -i :3142 | cut -d ' ' -f3 | uniq | sed '/^\s*$/d')
247 APT_CACHER_RUNNING=$(lsof -i :3142 | cut -d ' ' -f3 | uniq | sed '/^\s*$/d')
246 if [ "${APT_CACHER_RUNNING}" = "apt-cacher-ng" ] ; then
248 if [ "${APT_CACHER_RUNNING}" = "apt-cacher-ng" ] ; then
247 APT_PROXY=http://127.0.0.1:3142/
249 APT_PROXY=http://127.0.0.1:3142/
248 fi
250 fi
249
251
250 # Setup architecture specific settings
252 # Setup architecture specific settings
251 if [ -n "$SET_ARCH" ] ; then
253 if [ -n "$SET_ARCH" ] ; then
252 # 64-bit configuration
254 # 64-bit configuration
253 if [ "$SET_ARCH" = 64 ] ; then
255 if [ "$SET_ARCH" = 64 ] ; then
254 # General 64-bit depended settings
256 # General 64-bit depended settings
255 QEMU_BINARY=${QEMU_BINARY:=/usr/bin/qemu-aarch64-static}
257 QEMU_BINARY=${QEMU_BINARY:=/usr/bin/qemu-aarch64-static}
256 KERNEL_ARCH=${KERNEL_ARCH:=arm64}
258 KERNEL_ARCH=${KERNEL_ARCH:=arm64}
257 KERNEL_BIN_IMAGE=${KERNEL_BIN_IMAGE:="Image"}
259 KERNEL_BIN_IMAGE=${KERNEL_BIN_IMAGE:="Image"}
258
260
259 # Raspberry Pi model specific settings
261 # Raspberry Pi model specific settings
260 if [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] || [ "$RPI_MODEL" = 4 ] ; then
262 if [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] || [ "$RPI_MODEL" = 4 ] ; then
261 if [ "$RPI_MODEL" != 4 ] ; then
263 if [ "$RPI_MODEL" != 4 ] ; then
262 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcmrpi3_defconfig}
264 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcmrpi3_defconfig}
263 else
265 else
264 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcm2711_defconfig}
266 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcm2711_defconfig}
265 fi
267 fi
266
268
267 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-arm64"
269 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-arm64"
268 RELEASE_ARCH=${RELEASE_ARCH:=arm64}
270 RELEASE_ARCH=${RELEASE_ARCH:=arm64}
269 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel8.img}
271 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel8.img}
270 CROSS_COMPILE=${CROSS_COMPILE:=aarch64-linux-gnu-}
272 CROSS_COMPILE=${CROSS_COMPILE:=aarch64-linux-gnu-}
271 else
273 else
272 echo "error: Only Raspberry PI 3, 3B+ and 4 support 64-bit"
274 echo "error: Only Raspberry PI 3, 3B+ and 4 support 64-bit"
273 exit 1
275 exit 1
274 fi
276 fi
275 fi
277 fi
276
278
277 # 32-bit configuration
279 # 32-bit configuration
278 if [ "$SET_ARCH" = 32 ] ; then
280 if [ "$SET_ARCH" = 32 ] ; then
279 # General 32-bit dependend settings
281 # General 32-bit dependend settings
280 QEMU_BINARY=${QEMU_BINARY:=/usr/bin/qemu-arm-static}
282 QEMU_BINARY=${QEMU_BINARY:=/usr/bin/qemu-arm-static}
281 KERNEL_ARCH=${KERNEL_ARCH:=arm}
283 KERNEL_ARCH=${KERNEL_ARCH:=arm}
282 KERNEL_BIN_IMAGE=${KERNEL_BIN_IMAGE:="zImage"}
284 KERNEL_BIN_IMAGE=${KERNEL_BIN_IMAGE:="zImage"}
283
285
284 # Raspberry Pi model specific settings
286 # Raspberry Pi model specific settings
285 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 1 ] || [ "$RPI_MODEL" = 1P ] ; then
287 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 1 ] || [ "$RPI_MODEL" = 1P ] ; then
286 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-armel"
288 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-armel"
287 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcmrpi_defconfig}
289 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcmrpi_defconfig}
288 RELEASE_ARCH=${RELEASE_ARCH:=armel}
290 RELEASE_ARCH=${RELEASE_ARCH:=armel}
289 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel.img}
291 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel.img}
290 CROSS_COMPILE=${CROSS_COMPILE:=arm-linux-gnueabi-}
292 CROSS_COMPILE=${CROSS_COMPILE:=arm-linux-gnueabi-}
291 fi
293 fi
292
294
293 # Raspberry Pi model specific settings
295 # Raspberry Pi model specific settings
294 if [ "$RPI_MODEL" = 2 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] || [ "$RPI_MODEL" = 4 ] ; then
296 if [ "$RPI_MODEL" = 2 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] || [ "$RPI_MODEL" = 4 ] ; then
295 if [ "$RPI_MODEL" != 4 ] ; then
297 if [ "$RPI_MODEL" != 4 ] ; then
296 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcm2709_defconfig}
298 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcm2709_defconfig}
297 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel7.img}
299 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel7.img}
298 else
300 else
299 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcm2711_defconfig}
301 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcm2711_defconfig}
300 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel7l.img}
302 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel7l.img}
301 fi
303 fi
302
304
303 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-armhf"
305 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-armhf"
304 RELEASE_ARCH=${RELEASE_ARCH:=armhf}
306 RELEASE_ARCH=${RELEASE_ARCH:=armhf}
305
307
306 CROSS_COMPILE=${CROSS_COMPILE:=arm-linux-gnueabihf-}
308 CROSS_COMPILE=${CROSS_COMPILE:=arm-linux-gnueabihf-}
307 fi
309 fi
308 fi
310 fi
309 # SET_ARCH not set
311 # SET_ARCH not set
310 else
312 else
311 echo "error: Please set '32' or '64' as value for SET_ARCH"
313 echo "error: Please set '32' or '64' as value for SET_ARCH"
312 exit 1
314 exit 1
313 fi
315 fi
314 # Device specific configuration and U-Boot configuration
316 # Device specific configuration and U-Boot configuration
315 case "$RPI_MODEL" in
317 case "$RPI_MODEL" in
316 0)
318 0)
317 DTB_FILE=${DTB_FILE:=bcm2708-rpi-0-w.dtb}
319 DTB_FILE=${DTB_FILE:=bcm2708-rpi-0-w.dtb}
318 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_defconfig}
320 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_defconfig}
319 ;;
321 ;;
320 1)
322 1)
321 DTB_FILE=${DTB_FILE:=bcm2708-rpi-b.dtb}
323 DTB_FILE=${DTB_FILE:=bcm2708-rpi-b.dtb}
322 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_defconfig}
324 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_defconfig}
323 ;;
325 ;;
324 1P)
326 1P)
325 DTB_FILE=${DTB_FILE:=bcm2708-rpi-b-plus.dtb}
327 DTB_FILE=${DTB_FILE:=bcm2708-rpi-b-plus.dtb}
326 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_defconfig}
328 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_defconfig}
327 ;;
329 ;;
328 2)
330 2)
329 DTB_FILE=${DTB_FILE:=bcm2709-rpi-2-b.dtb}
331 DTB_FILE=${DTB_FILE:=bcm2709-rpi-2-b.dtb}
330 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_2_defconfig}
332 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_2_defconfig}
331 ;;
333 ;;
332 3)
334 3)
333 DTB_FILE=${DTB_FILE:=bcm2710-rpi-3-b.dtb}
335 DTB_FILE=${DTB_FILE:=bcm2710-rpi-3-b.dtb}
334 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_3_defconfig}
336 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_3_defconfig}
335 ;;
337 ;;
336 3P)
338 3P)
337 DTB_FILE=${DTB_FILE:=bcm2710-rpi-3-b.dtb}
339 DTB_FILE=${DTB_FILE:=bcm2710-rpi-3-b.dtb}
338 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_3_defconfig}
340 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_3_defconfig}
339 ;;
341 ;;
340 4)
342 4)
341 DTB_FILE=${DTB_FILE:=bcm2711-rpi-4-b.dtb}
343 DTB_FILE=${DTB_FILE:=bcm2711-rpi-4-b.dtb}
342 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_4_defconfig}
344 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_4_defconfig}
343 ;;
345 ;;
344 *)
346 *)
345 echo "error: Raspberry Pi model $RPI_MODEL is not supported!"
347 echo "error: Raspberry Pi model $RPI_MODEL is not supported!"
346 exit 1
348 exit 1
347 ;;
349 ;;
348 esac
350 esac
349
351
350 # Raspberry PI 0,3,3P with Bluetooth and Wifi onboard
352 # Raspberry PI 0,3,3P with Bluetooth and Wifi onboard
351 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] || [ "$RPI_MODEL" = 4 ] ; then
353 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] || [ "$RPI_MODEL" = 4 ] ; then
352 # Include bluetooth packages on supported boards
354 # Include bluetooth packages on supported boards
353 if [ "$ENABLE_BLUETOOTH" = true ] ; then
355 if [ "$ENABLE_BLUETOOTH" = true ] ; then
354 APT_INCLUDES="${APT_INCLUDES},bluetooth,bluez"
356 APT_INCLUDES="${APT_INCLUDES},bluetooth,bluez"
355 fi
357 fi
356 if [ "$ENABLE_WIRELESS" = true ] ; then
358 if [ "$ENABLE_WIRELESS" = true ] ; then
357 APT_INCLUDES="${APT_INCLUDES},wireless-tools,crda,wireless-regdb"
359 APT_INCLUDES="${APT_INCLUDES},wireless-tools,crda,wireless-regdb"
358 fi
360 fi
359 else # Raspberry PI 1,1P,2 without Wifi and bluetooth onboard
361 else # Raspberry PI 1,1P,2 without Wifi and bluetooth onboard
360 # Check if the internal wireless interface is not supported by the RPi model
362 # Check if the internal wireless interface is not supported by the RPi model
361 if [ "$ENABLE_WIRELESS" = true ] || [ "$ENABLE_BLUETOOTH" = true ]; then
363 if [ "$ENABLE_WIRELESS" = true ] || [ "$ENABLE_BLUETOOTH" = true ]; then
362 echo "error: The selected Raspberry Pi model has no integrated interface for wireless or bluetooth"
364 echo "error: The selected Raspberry Pi model has no integrated interface for wireless or bluetooth"
363 exit 1
365 exit 1
364 fi
366 fi
365 fi
367 fi
366
368
367 if [ "$BUILD_KERNEL" = false ] && [ "$ENABLE_NEXMON" = true ]; then
369 if [ "$BUILD_KERNEL" = false ] && [ "$ENABLE_NEXMON" = true ]; then
368 echo "error: You have to compile kernel sources, if you want to enable nexmon"
370 echo "error: You have to compile kernel sources, if you want to enable nexmon"
369 exit 1
371 exit 1
370 fi
372 fi
371
373
372 # Prepare date string for default image file name
374 # Prepare date string for default image file name
373 DATE="$(date +%Y-%m-%d)"
375 DATE="$(date +%Y-%m-%d)"
374 if [ -z "$KERNEL_BRANCH" ] ; then
376 if [ -z "$KERNEL_BRANCH" ] ; then
375 IMAGE_NAME=${IMAGE_NAME:=${BASEDIR}/${DATE}-${KERNEL_ARCH}-CURRENT-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}}
377 IMAGE_NAME=${IMAGE_NAME:=${BASEDIR}/${DATE}-${KERNEL_ARCH}-CURRENT-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}}
376 else
378 else
377 IMAGE_NAME=${IMAGE_NAME:=${BASEDIR}/${DATE}-${KERNEL_ARCH}-${KERNEL_BRANCH}-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}}
379 IMAGE_NAME=${IMAGE_NAME:=${BASEDIR}/${DATE}-${KERNEL_ARCH}-${KERNEL_BRANCH}-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}}
378 fi
380 fi
379
381
380 # Check if DISABLE_UNDERVOLT_WARNINGS parameter value is supported
382 # Check if DISABLE_UNDERVOLT_WARNINGS parameter value is supported
381 if [ -n "$DISABLE_UNDERVOLT_WARNINGS" ] ; then
383 if [ -n "$DISABLE_UNDERVOLT_WARNINGS" ] ; then
382 if [ "$DISABLE_UNDERVOLT_WARNINGS" != 1 ] && [ "$DISABLE_UNDERVOLT_WARNINGS" != 2 ] ; then
384 if [ "$DISABLE_UNDERVOLT_WARNINGS" != 1 ] && [ "$DISABLE_UNDERVOLT_WARNINGS" != 2 ] ; then
383 echo "error: DISABLE_UNDERVOLT_WARNINGS=${DISABLE_UNDERVOLT_WARNINGS} is not supported"
385 echo "error: DISABLE_UNDERVOLT_WARNINGS=${DISABLE_UNDERVOLT_WARNINGS} is not supported"
384 exit 1
386 exit 1
385 fi
387 fi
386 fi
388 fi
387
389
388 # Add cmake to compile videocore sources
390 # Add cmake to compile videocore sources
389 if [ "$ENABLE_VIDEOCORE" = true ] ; then
391 if [ "$ENABLE_VIDEOCORE" = true ] ; then
390 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} cmake"
392 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} cmake"
391 fi
393 fi
392
394
393 # Add deps for nexmon
395 # Add deps for nexmon
394 if [ "$ENABLE_NEXMON" = true ] ; then
396 if [ "$ENABLE_NEXMON" = true ] ; then
395 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} libgmp3-dev gawk qpdf make autoconf automake build-essential libtool"
397 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} libgmp3-dev gawk qpdf make autoconf automake build-essential libtool"
396 fi
398 fi
397
399
398 # Add libncurses5 to enable kernel menuconfig
400 # Add libncurses5 to enable kernel menuconfig
399 if [ "$KERNEL_MENUCONFIG" = true ] ; then
401 if [ "$KERNEL_MENUCONFIG" = true ] ; then
400 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} libncurses-dev"
402 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} libncurses-dev"
401 fi
403 fi
402
404
403 # Add ccache compiler cache for (faster) kernel cross (re)compilation
405 # Add ccache compiler cache for (faster) kernel cross (re)compilation
404 if [ "$KERNEL_CCACHE" = true ] ; then
406 if [ "$KERNEL_CCACHE" = true ] ; then
405 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} ccache"
407 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} ccache"
406 fi
408 fi
407
409
408 # Add cryptsetup package to enable filesystem encryption
410 # Add cryptsetup package to enable filesystem encryption
409 if [ "$ENABLE_CRYPTFS" = true ] && [ "$BUILD_KERNEL" = true ] ; then
411 if [ "$ENABLE_CRYPTFS" = true ] && [ "$BUILD_KERNEL" = true ] ; then
410 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} cryptsetup"
412 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} cryptsetup"
411 APT_INCLUDES="${APT_INCLUDES},cryptsetup,busybox,console-setup"
413 APT_INCLUDES="${APT_INCLUDES},cryptsetup,busybox,console-setup"
412
414
413 # If cryptfs,dropbear and initramfs are enabled include dropbear-initramfs package
415 # If cryptfs,dropbear and initramfs are enabled include dropbear-initramfs package
414 if [ "$CRYPTFS_DROPBEAR" = true ] && [ "$ENABLE_INITRAMFS" = true ]; then
416 if [ "$CRYPTFS_DROPBEAR" = true ] && [ "$ENABLE_INITRAMFS" = true ]; then
415 APT_INCLUDES="${APT_INCLUDES},dropbear-initramfs"
417 APT_INCLUDES="${APT_INCLUDES},dropbear-initramfs"
416 fi
418 fi
417
419
418 if [ -z "$CRYPTFS_PASSWORD" ] ; then
420 if [ -z "$CRYPTFS_PASSWORD" ] ; then
419 echo "error: no password defined (CRYPTFS_PASSWORD)!"
421 echo "error: no password defined (CRYPTFS_PASSWORD)!"
420 exit 1
422 exit 1
421 fi
423 fi
422 ENABLE_INITRAMFS=true
424 ENABLE_INITRAMFS=true
423 fi
425 fi
424
426
425 # Add initramfs generation tools
427 # Add initramfs generation tools
426 if [ "$ENABLE_INITRAMFS" = true ] && [ "$BUILD_KERNEL" = true ] ; then
428 if [ "$ENABLE_INITRAMFS" = true ] && [ "$BUILD_KERNEL" = true ] ; then
427 APT_INCLUDES="${APT_INCLUDES},initramfs-tools"
429 APT_INCLUDES="${APT_INCLUDES},initramfs-tools"
428 fi
430 fi
429
431
430 # Add device-tree-compiler required for building the U-Boot bootloader
432 # Add device-tree-compiler required for building the U-Boot bootloader
431 if [ "$ENABLE_UBOOT" = true ] ; then
433 if [ "$ENABLE_UBOOT" = true ] ; then
432 APT_INCLUDES="${APT_INCLUDES},device-tree-compiler,bison,flex,bc"
434 APT_INCLUDES="${APT_INCLUDES},device-tree-compiler,bison,flex,bc"
433 fi
435 fi
434
436
435 if [ "$ENABLE_USBBOOT" = true ] ; then
437 if [ "$ENABLE_USBBOOT" = true ] ; then
436 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 1P ] || [ "$RPI_MODEL" = 1 ] || [ "$RPI_MODEL" = 2 ]; then
438 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 1P ] || [ "$RPI_MODEL" = 1 ] || [ "$RPI_MODEL" = 2 ]; then
437 echo "error: Booting from USB alone is only supported by Raspberry Pi 3 and 3P"
439 echo "error: Booting from USB alone is only supported by Raspberry Pi 3 and 3P"
438 exit 1
440 exit 1
439 fi
441 fi
440 fi
442 fi
441
443
442 # Check if root SSH (v2) public key file exists
444 # Check if root SSH (v2) public key file exists
443 if [ -n "$SSH_ROOT_PUB_KEY" ] ; then
445 if [ -n "$SSH_ROOT_PUB_KEY" ] ; then
444 if [ ! -f "$SSH_ROOT_PUB_KEY" ] ; then
446 if [ ! -f "$SSH_ROOT_PUB_KEY" ] ; then
445 echo "error: '$SSH_ROOT_PUB_KEY' specified SSH public key file not found (SSH_ROOT_PUB_KEY)!"
447 echo "error: '$SSH_ROOT_PUB_KEY' specified SSH public key file not found (SSH_ROOT_PUB_KEY)!"
446 exit 1
448 exit 1
447 fi
449 fi
448 fi
450 fi
449
451
450 # Check if $USER_NAME SSH (v2) public key file exists
452 # Check if $USER_NAME SSH (v2) public key file exists
451 if [ -n "$SSH_USER_PUB_KEY" ] ; then
453 if [ -n "$SSH_USER_PUB_KEY" ] ; then
452 if [ ! -f "$SSH_USER_PUB_KEY" ] ; then
454 if [ ! -f "$SSH_USER_PUB_KEY" ] ; then
453 echo "error: '$SSH_USER_PUB_KEY' specified SSH public key file not found (SSH_USER_PUB_KEY)!"
455 echo "error: '$SSH_USER_PUB_KEY' specified SSH public key file not found (SSH_USER_PUB_KEY)!"
454 exit 1
456 exit 1
455 fi
457 fi
456 fi
458 fi
457
459
458 if [ "$ENABLE_NEXMON" = true ] && [ -n "$KERNEL_BRANCH" ] ; then
460 if [ "$ENABLE_NEXMON" = true ] && [ -n "$KERNEL_BRANCH" ] ; then
459 echo "error: Please unset KERNEL_BRANCH if using ENABLE_NEXMON"
461 echo "error: Please unset KERNEL_BRANCH if using ENABLE_NEXMON"
460 exit 1
462 exit 1
461 fi
463 fi
462
464
463 # Check if all required packages are installed on the build system
465 # Check if all required packages are installed on the build system
464 for package in $REQUIRED_PACKAGES ; do
466 for package in $REQUIRED_PACKAGES ; do
465 if [ "$(dpkg-query -W -f='${Status}' "$package")" != "install ok installed" ] ; then
467 if [ "$(dpkg-query -W -f='${Status}' "$package")" != "install ok installed" ] ; then
466 MISSING_PACKAGES="${MISSING_PACKAGES} $package"
468 MISSING_PACKAGES="${MISSING_PACKAGES} $package"
467 fi
469 fi
468 done
470 done
469
471
470 # If there are missing packages ask confirmation for install, or exit
472 # If there are missing packages ask confirmation for install, or exit
471 if [ -n "$MISSING_PACKAGES" ] ; then
473 if [ -n "$MISSING_PACKAGES" ] ; then
472 echo "the following packages needed by this script are not installed:"
474 echo "the following packages needed by this script are not installed:"
473 echo "$MISSING_PACKAGES"
475 echo "$MISSING_PACKAGES"
474
476
475 printf "\ndo you want to install the missing packages right now? [y/n] "
477 printf "\ndo you want to install the missing packages right now? [y/n] "
476 read -r confirm
478 read -r confirm
477 [ "$confirm" != "y" ] && exit 1
479 [ "$confirm" != "y" ] && exit 1
478
480
479 # Make sure all missing required packages are installed
481 # Make sure all missing required packages are installed
480 apt-get update && apt-get -qq -y install `echo "${MISSING_PACKAGES}" | sed "s/ //"`
482 apt-get update && apt-get -qq -y install `echo "${MISSING_PACKAGES}" | sed "s/ //"`
481 fi
483 fi
482
484
483 # Check if ./bootstrap.d directory exists
485 # Check if ./bootstrap.d directory exists
484 if [ ! -d "./bootstrap.d/" ] ; then
486 if [ ! -d "./bootstrap.d/" ] ; then
485 echo "error: './bootstrap.d' required directory not found!"
487 echo "error: './bootstrap.d' required directory not found!"
486 exit 1
488 exit 1
487 fi
489 fi
488
490
489 # Check if ./files directory exists
491 # Check if ./files directory exists
490 if [ ! -d "./files/" ] ; then
492 if [ ! -d "./files/" ] ; then
491 echo "error: './files' required directory not found!"
493 echo "error: './files' required directory not found!"
492 exit 1
494 exit 1
493 fi
495 fi
494
496
495 # Check if specified KERNELSRC_DIR directory exists
497 # Check if specified KERNELSRC_DIR directory exists
496 if [ -n "$KERNELSRC_DIR" ] && [ ! -d "$KERNELSRC_DIR" ] ; then
498 if [ -n "$KERNELSRC_DIR" ] && [ ! -d "$KERNELSRC_DIR" ] ; then
497 echo "error: '${KERNELSRC_DIR}' specified directory not found (KERNELSRC_DIR)!"
499 echo "error: '${KERNELSRC_DIR}' specified directory not found (KERNELSRC_DIR)!"
498 exit 1
500 exit 1
499 fi
501 fi
500
502
501 # Check if specified UBOOTSRC_DIR directory exists
503 # Check if specified UBOOTSRC_DIR directory exists
502 if [ -n "$UBOOTSRC_DIR" ] && [ ! -d "$UBOOTSRC_DIR" ] ; then
504 if [ -n "$UBOOTSRC_DIR" ] && [ ! -d "$UBOOTSRC_DIR" ] ; then
503 echo "error: '${UBOOTSRC_DIR}' specified directory not found (UBOOTSRC_DIR)!"
505 echo "error: '${UBOOTSRC_DIR}' specified directory not found (UBOOTSRC_DIR)!"
504 exit 1
506 exit 1
505 fi
507 fi
506
508
507 # Check if specified VIDEOCORESRC_DIR directory exists
509 # Check if specified VIDEOCORESRC_DIR directory exists
508 if [ -n "$VIDEOCORESRC_DIR" ] && [ ! -d "$VIDEOCORESRC_DIR" ] ; then
510 if [ -n "$VIDEOCORESRC_DIR" ] && [ ! -d "$VIDEOCORESRC_DIR" ] ; then
509 echo "error: '${VIDEOCORESRC_DIR}' specified directory not found (VIDEOCORESRC_DIR)!"
511 echo "error: '${VIDEOCORESRC_DIR}' specified directory not found (VIDEOCORESRC_DIR)!"
510 exit 1
512 exit 1
511 fi
513 fi
512
514
513 # Check if specified FBTURBOSRC_DIR directory exists
515 # Check if specified FBTURBOSRC_DIR directory exists
514 if [ -n "$FBTURBOSRC_DIR" ] && [ ! -d "$FBTURBOSRC_DIR" ] ; then
516 if [ -n "$FBTURBOSRC_DIR" ] && [ ! -d "$FBTURBOSRC_DIR" ] ; then
515 echo "error: '${FBTURBOSRC_DIR}' specified directory not found (FBTURBOSRC_DIR)!"
517 echo "error: '${FBTURBOSRC_DIR}' specified directory not found (FBTURBOSRC_DIR)!"
516 exit 1
518 exit 1
517 fi
519 fi
518
520
519 # Check if specified NEXMONSRC_DIR directory exists
521 # Check if specified NEXMONSRC_DIR directory exists
520 if [ -n "$NEXMONSRC_DIR" ] && [ ! -d "$NEXMONSRC_DIR" ] ; then
522 if [ -n "$NEXMONSRC_DIR" ] && [ ! -d "$NEXMONSRC_DIR" ] ; then
521 echo "error: '${NEXMONSRC_DIR}' specified directory not found (NEXMONSRC_DIR)!"
523 echo "error: '${NEXMONSRC_DIR}' specified directory not found (NEXMONSRC_DIR)!"
522 exit 1
524 exit 1
523 fi
525 fi
524
526
525 # Check if specified CHROOT_SCRIPTS directory exists
527 # Check if specified CHROOT_SCRIPTS directory exists
526 if [ -n "$CHROOT_SCRIPTS" ] && [ ! -d "$CHROOT_SCRIPTS" ] ; then
528 if [ -n "$CHROOT_SCRIPTS" ] && [ ! -d "$CHROOT_SCRIPTS" ] ; then
527 echo "error: ${CHROOT_SCRIPTS} specified directory not found (CHROOT_SCRIPTS)!"
529 echo "error: ${CHROOT_SCRIPTS} specified directory not found (CHROOT_SCRIPTS)!"
528 exit 1
530 exit 1
529 fi
531 fi
530
532
531 # Check if specified device mapping already exists (will be used by cryptsetup)
533 # Check if specified device mapping already exists (will be used by cryptsetup)
532 if [ -r "/dev/mapping/${CRYPTFS_MAPPING}" ] ; then
534 if [ -r "/dev/mapping/${CRYPTFS_MAPPING}" ] ; then
533 echo "error: mapping /dev/mapping/${CRYPTFS_MAPPING} already exists, not proceeding"
535 echo "error: mapping /dev/mapping/${CRYPTFS_MAPPING} already exists, not proceeding"
534 exit 1
536 exit 1
535 fi
537 fi
536
538
537 # Don't clobber an old build
539 # Don't clobber an old build
538 if [ -e "$BUILDDIR" ] ; then
540 if [ -e "$BUILDDIR" ] ; then
539 echo "error: directory ${BUILDDIR} already exists, not proceeding"
541 echo "error: directory ${BUILDDIR} already exists, not proceeding"
540 exit 1
542 exit 1
541 fi
543 fi
542
544
543 # Setup chroot directory
545 # Setup chroot directory
544 mkdir -p "${R}"
546 mkdir -p "${R}"
545
547
546 # Check if build directory has enough of free disk space >512MB
548 # Check if build directory has enough of free disk space >512MB
547 if [ "$(df --output=avail "${BUILDDIR}" | sed "1d")" -le "524288" ] ; then
549 if [ "$(df --output=avail "${BUILDDIR}" | sed "1d")" -le "524288" ] ; then
548 echo "error: ${BUILDDIR} not enough space left to generate the output image!"
550 echo "error: ${BUILDDIR} not enough space left to generate the output image!"
549 exit 1
551 exit 1
550 fi
552 fi
551
553
552 set -x
554 set -x
553
555
554 # Call "cleanup" function on various signals and errors
556 # Call "cleanup" function on various signals and errors
555 trap cleanup 0 1 2 3 6
557 trap cleanup 0 1 2 3 6
556
558
557 # Add required packages for the minbase installation
559 # Add required packages for the minbase installation
558 if [ "$ENABLE_MINBASE" = true ] ; then
560 if [ "$ENABLE_MINBASE" = true ] ; then
559 APT_INCLUDES="${APT_INCLUDES},vim-tiny,netbase,net-tools,ifupdown"
561 APT_INCLUDES="${APT_INCLUDES},vim-tiny,netbase,net-tools,ifupdown"
560 fi
562 fi
561
563
562 # Add parted package, required to get partprobe utility
564 # Add parted package, required to get partprobe utility
563 if [ "$EXPANDROOT" = true ] ; then
565 if [ "$EXPANDROOT" = true ] ; then
564 APT_INCLUDES="${APT_INCLUDES},parted"
566 APT_INCLUDES="${APT_INCLUDES},parted"
565 fi
567 fi
566
568
567 # Add dphys-swapfile package, required to enable swap
569 # Add dphys-swapfile package, required to enable swap
568 if [ "$ENABLE_DPHYSSWAP" = true ] ; then
570 if [ "$ENABLE_DPHYSSWAP" = true ] ; then
569 APT_INCLUDES="${APT_INCLUDES},dphys-swapfile"
571 APT_INCLUDES="${APT_INCLUDES},dphys-swapfile"
570 fi
572 fi
571
573
572 # Add dbus package, recommended if using systemd
574 # Add dbus package, recommended if using systemd
573 if [ "$ENABLE_DBUS" = true ] ; then
575 if [ "$ENABLE_DBUS" = true ] ; then
574 APT_INCLUDES="${APT_INCLUDES},dbus"
576 APT_INCLUDES="${APT_INCLUDES},dbus"
575 fi
577 fi
576
578
577 # Add iptables IPv4/IPv6 package
579 # Add iptables IPv4/IPv6 package
578 if [ "$ENABLE_IPTABLES" = true ] ; then
580 if [ "$ENABLE_IPTABLES" = true ] ; then
579 APT_INCLUDES="${APT_INCLUDES},iptables,iptables-persistent"
581 APT_INCLUDES="${APT_INCLUDES},iptables,iptables-persistent"
580 fi
582 fi
581 # Add apparmor for KERNEL_SECURITY
583 # Add apparmor for KERNEL_SECURITY
582 if [ "$KERNEL_SECURITY" = true ] ; then
584 if [ "$KERNEL_SECURITY" = true ] ; then
583 APT_INCLUDES="${APT_INCLUDES},apparmor,apparmor-utils,apparmor-profiles,apparmor-profiles-extra,libapparmor-perl"
585 APT_INCLUDES="${APT_INCLUDES},apparmor,apparmor-utils,apparmor-profiles,apparmor-profiles-extra,libapparmor-perl"
584 fi
586 fi
585
587
586 # Add openssh server package
588 # Add openssh server package
587 if [ "$ENABLE_SSHD" = true ] ; then
589 if [ "$ENABLE_SSHD" = true ] ; then
588 APT_INCLUDES="${APT_INCLUDES},openssh-server"
590 APT_INCLUDES="${APT_INCLUDES},openssh-server"
589 fi
591 fi
590
592
591 # Add alsa-utils package
593 # Add alsa-utils package
592 if [ "$ENABLE_SOUND" = true ] ; then
594 if [ "$ENABLE_SOUND" = true ] ; then
593 APT_INCLUDES="${APT_INCLUDES},alsa-utils"
595 APT_INCLUDES="${APT_INCLUDES},alsa-utils"
594 fi
596 fi
595
597
596 # Add rng-tools package
598 # Add rng-tools package
597 if [ "$ENABLE_HWRANDOM" = true ] ; then
599 if [ "$ENABLE_HWRANDOM" = true ] ; then
598 APT_INCLUDES="${APT_INCLUDES},rng-tools"
600 APT_INCLUDES="${APT_INCLUDES},rng-tools"
599 fi
601 fi
600
602
601 # Add fbturbo video driver
603 # Add fbturbo video driver
602 if [ "$ENABLE_FBTURBO" = true ] ; then
604 if [ "$ENABLE_FBTURBO" = true ] ; then
603 # Enable xorg package dependencies
605 # Enable xorg package dependencies
604 ENABLE_XORG=true
606 ENABLE_XORG=true
605 fi
607 fi
606
608
607 # Add user defined window manager package
609 # Add user defined window manager package
608 if [ -n "$ENABLE_WM" ] ; then
610 if [ -n "$ENABLE_WM" ] ; then
609 APT_INCLUDES="${APT_INCLUDES},${ENABLE_WM}"
611 APT_INCLUDES="${APT_INCLUDES},${ENABLE_WM}"
610
612
611 # Enable xorg package dependencies
613 # Enable xorg package dependencies
612 ENABLE_XORG=true
614 ENABLE_XORG=true
613 fi
615 fi
614
616
615 # Add xorg package
617 # Add xorg package
616 if [ "$ENABLE_XORG" = true ] ; then
618 if [ "$ENABLE_XORG" = true ] ; then
617 APT_INCLUDES="${APT_INCLUDES},xorg,dbus-x11"
619 APT_INCLUDES="${APT_INCLUDES},xorg,dbus-x11"
618 fi
620 fi
619
621
620 # Replace selected packages with smaller clones
622 # Replace selected packages with smaller clones
621 if [ "$ENABLE_REDUCE" = true ] ; then
623 if [ "$ENABLE_REDUCE" = true ] ; then
622 # Add levee package instead of vim-tiny
624 # Add levee package instead of vim-tiny
623 if [ "$REDUCE_VIM" = true ] ; then
625 if [ "$REDUCE_VIM" = true ] ; then
624 APT_INCLUDES="$(echo ${APT_INCLUDES} | sed "s/vim-tiny/levee/")"
626 APT_INCLUDES="$(echo ${APT_INCLUDES} | sed "s/vim-tiny/levee/")"
625 fi
627 fi
626
628
627 # Add dropbear package instead of openssh-server
629 # Add dropbear package instead of openssh-server
628 if [ "$REDUCE_SSHD" = true ] ; then
630 if [ "$REDUCE_SSHD" = true ] ; then
629 APT_INCLUDES="$(echo "${APT_INCLUDES}" | sed "s/openssh-server/dropbear/")"
631 APT_INCLUDES="$(echo "${APT_INCLUDES}" | sed "s/openssh-server/dropbear/")"
630 fi
632 fi
631 fi
633 fi
632
634
633 # Configure systemd-sysv exclude to make halt/reboot/shutdown scripts available
635 # Configure systemd-sysv exclude to make halt/reboot/shutdown scripts available
634 if [ "$ENABLE_SYSVINIT" = false ] ; then
636 if [ "$ENABLE_SYSVINIT" = false ] ; then
635 APT_EXCLUDES="--exclude=${APT_EXCLUDES},init,systemd-sysv"
637 APT_EXCLUDES="--exclude=${APT_EXCLUDES},init,systemd-sysv"
636 fi
638 fi
637
639
638 # Configure kernel sources if no KERNELSRC_DIR
640 # Configure kernel sources if no KERNELSRC_DIR
639 if [ "$BUILD_KERNEL" = true ] && [ -z "$KERNELSRC_DIR" ] ; then
641 if [ "$BUILD_KERNEL" = true ] && [ -z "$KERNELSRC_DIR" ] ; then
640 KERNELSRC_CONFIG=true
642 KERNELSRC_CONFIG=true
641 fi
643 fi
642
644
643 # Configure reduced kernel
645 # Configure reduced kernel
644 if [ "$KERNEL_REDUCE" = true ] ; then
646 if [ "$KERNEL_REDUCE" = true ] ; then
645 KERNELSRC_CONFIG=false
647 KERNELSRC_CONFIG=false
646 fi
648 fi
647
649
648 # Configure qemu compatible kernel
650 # Configure qemu compatible kernel
649 if [ "$ENABLE_QEMU" = true ] ; then
651 if [ "$ENABLE_QEMU" = true ] ; then
650 DTB_FILE=vexpress-v2p-ca15_a7.dtb
652 DTB_FILE=vexpress-v2p-ca15_a7.dtb
651 UBOOT_CONFIG=vexpress_ca15_tc2_defconfig
653 UBOOT_CONFIG=vexpress_ca15_tc2_defconfig
652 KERNEL_DEFCONFIG="vexpress_defconfig"
654 KERNEL_DEFCONFIG="vexpress_defconfig"
653 if [ "$KERNEL_MENUCONFIG" = false ] ; then
655 if [ "$KERNEL_MENUCONFIG" = false ] ; then
654 KERNEL_OLDDEFCONFIG=true
656 KERNEL_OLDDEFCONFIG=true
655 fi
657 fi
656 fi
658 fi
657
659
658 # Execute bootstrap scripts
660 # Execute bootstrap scripts
659 for SCRIPT in bootstrap.d/*.sh; do
661 for SCRIPT in bootstrap.d/*.sh; do
660 head -n 3 "$SCRIPT"
662 head -n 3 "$SCRIPT"
661 . "$SCRIPT"
663 . "$SCRIPT"
662 done
664 done
663
665
664 ## Execute custom bootstrap scripts
666 ## Execute custom bootstrap scripts
665 if [ -d "custom.d" ] ; then
667 if [ -d "custom.d" ] ; then
666 for SCRIPT in custom.d/*.sh; do
668 for SCRIPT in custom.d/*.sh; do
667 . "$SCRIPT"
669 . "$SCRIPT"
668 done
670 done
669 fi
671 fi
670
672
671 # Execute custom scripts inside the chroot
673 # Execute custom scripts inside the chroot
672 if [ -n "$CHROOT_SCRIPTS" ] && [ -d "$CHROOT_SCRIPTS" ] ; then
674 if [ -n "$CHROOT_SCRIPTS" ] && [ -d "$CHROOT_SCRIPTS" ] ; then
673 cp -r "${CHROOT_SCRIPTS}" "${R}/chroot_scripts"
675 cp -r "${CHROOT_SCRIPTS}" "${R}/chroot_scripts"
674 chroot_exec /bin/bash -x <<'EOF'
676 chroot_exec /bin/bash -x <<'EOF'
675 for SCRIPT in /chroot_scripts/* ; do
677 for SCRIPT in /chroot_scripts/* ; do
676 if [ -f $SCRIPT -a -x $SCRIPT ] ; then
678 if [ -f $SCRIPT -a -x $SCRIPT ] ; then
677 $SCRIPT
679 $SCRIPT
678 fi
680 fi
679 done
681 done
680 EOF
682 EOF
681 rm -rf "${R}/chroot_scripts"
683 rm -rf "${R}/chroot_scripts"
682 fi
684 fi
683
685
684 # Remove c/c++ build environment from the chroot
686 # Remove c/c++ build environment from the chroot
685 chroot_remove_cc
687 chroot_remove_cc
686
688
687 # Generate required machine-id
689 # Generate required machine-id
688 MACHINE_ID=$(dbus-uuidgen)
690 MACHINE_ID=$(dbus-uuidgen)
689 echo -n "${MACHINE_ID}" > "${R}/var/lib/dbus/machine-id"
691 echo -n "${MACHINE_ID}" > "${R}/var/lib/dbus/machine-id"
690 echo -n "${MACHINE_ID}" > "${ETC_DIR}/machine-id"
692 echo -n "${MACHINE_ID}" > "${ETC_DIR}/machine-id"
691
693
692 # APT Cleanup
694 # APT Cleanup
693 chroot_exec apt-get -y clean
695 chroot_exec apt-get -y clean
694 chroot_exec apt-get -y autoclean
696 chroot_exec apt-get -y autoclean
695 chroot_exec apt-get -y autoremove
697 chroot_exec apt-get -y autoremove
696
698
697 # Unmount mounted filesystems
699 # Unmount mounted filesystems
698 umount -l "${R}/proc"
700 umount -l "${R}/proc"
699 umount -l "${R}/sys"
701 umount -l "${R}/sys"
700
702
701 # Clean up directories
703 # Clean up directories
702 rm -rf "${R}/run/*"
704 rm -rf "${R}/run/*"
703 rm -rf "${R}/tmp/*"
705 rm -rf "${R}/tmp/*"
704
706
705 # Clean up APT proxy settings
707 # Clean up APT proxy settings
706 if [ "$KEEP_APT_PROXY" = false ] ; then
708 if [ "$KEEP_APT_PROXY" = false ] ; then
707 rm -f "${ETC_DIR}/apt/apt.conf.d/10proxy"
709 rm -f "${ETC_DIR}/apt/apt.conf.d/10proxy"
708 fi
710 fi
709
711
710 # Clean up files
712 # Clean up files
711 rm -f "${ETC_DIR}/ssh/ssh_host_*"
713 rm -f "${ETC_DIR}/ssh/ssh_host_*"
712 rm -f "${ETC_DIR}/dropbear/dropbear_*"
714 rm -f "${ETC_DIR}/dropbear/dropbear_*"
713 rm -f "${ETC_DIR}/apt/sources.list.save"
715 rm -f "${ETC_DIR}/apt/sources.list.save"
714 rm -f "${ETC_DIR}/resolvconf/resolv.conf.d/original"
716 rm -f "${ETC_DIR}/resolvconf/resolv.conf.d/original"
715 rm -f "${ETC_DIR}/*-"
717 rm -f "${ETC_DIR}/*-"
716 rm -f "${ETC_DIR}/resolv.conf"
718 rm -f "${ETC_DIR}/resolv.conf"
717 rm -f "${R}/root/.bash_history"
719 rm -f "${R}/root/.bash_history"
718 rm -f "${R}/var/lib/urandom/random-seed"
720 rm -f "${R}/var/lib/urandom/random-seed"
719 rm -f "${R}/initrd.img"
721 rm -f "${R}/initrd.img"
720 rm -f "${R}/vmlinuz"
722 rm -f "${R}/vmlinuz"
721 rm -f "${R}${QEMU_BINARY}"
723 rm -f "${R}${QEMU_BINARY}"
722
724
723 if [ "$ENABLE_QEMU" = true ] ; then
725 if [ "$ENABLE_QEMU" = true ] ; then
724 # Setup QEMU directory
726 # Setup QEMU directory
725 mkdir "${BASEDIR}/qemu"
727 mkdir "${BASEDIR}/qemu"
726
728
727 # Copy kernel image to QEMU directory
729 # Copy kernel image to QEMU directory
728 install_readonly "${BOOT_DIR}/${KERNEL_IMAGE}" "${BASEDIR}/qemu/${KERNEL_IMAGE}"
730 install_readonly "${BOOT_DIR}/${KERNEL_IMAGE}" "${BASEDIR}/qemu/${KERNEL_IMAGE}"
729
731
730 # Copy kernel config to QEMU directory
732 # Copy kernel config to QEMU directory
731 install_readonly "${R}/boot/config-${KERNEL_VERSION}" "${BASEDIR}/qemu/config-${KERNEL_VERSION}"
733 install_readonly "${R}/boot/config-${KERNEL_VERSION}" "${BASEDIR}/qemu/config-${KERNEL_VERSION}"
732
734
733 # Copy kernel dtbs to QEMU directory
735 # Copy kernel dtbs to QEMU directory
734 for dtb in "${BOOT_DIR}/"*.dtb ; do
736 for dtb in "${BOOT_DIR}/"*.dtb ; do
735 if [ -f "${dtb}" ] ; then
737 if [ -f "${dtb}" ] ; then
736 install_readonly "${dtb}" "${BASEDIR}/qemu/"
738 install_readonly "${dtb}" "${BASEDIR}/qemu/"
737 fi
739 fi
738 done
740 done
739
741
740 # Copy kernel overlays to QEMU directory
742 # Copy kernel overlays to QEMU directory
741 if [ -d "${BOOT_DIR}/overlays" ] ; then
743 if [ -d "${BOOT_DIR}/overlays" ] ; then
742 # Setup overlays dtbs directory
744 # Setup overlays dtbs directory
743 mkdir "${BASEDIR}/qemu/overlays"
745 mkdir "${BASEDIR}/qemu/overlays"
744
746
745 for dtb in "${BOOT_DIR}/overlays/"*.dtbo ; do
747 for dtb in "${BOOT_DIR}/overlays/"*.dtbo ; do
746 if [ -f "${dtb}" ] ; then
748 if [ -f "${dtb}" ] ; then
747 install_readonly "${dtb}" "${BASEDIR}/qemu/overlays/"
749 install_readonly "${dtb}" "${BASEDIR}/qemu/overlays/"
748 fi
750 fi
749 done
751 done
750 fi
752 fi
751
753
752 # Copy u-boot files to QEMU directory
754 # Copy u-boot files to QEMU directory
753 if [ "$ENABLE_UBOOT" = true ] ; then
755 if [ "$ENABLE_UBOOT" = true ] ; then
754 if [ -f "${BOOT_DIR}/u-boot.bin" ] ; then
756 if [ -f "${BOOT_DIR}/u-boot.bin" ] ; then
755 install_readonly "${BOOT_DIR}/u-boot.bin" "${BASEDIR}/qemu/u-boot.bin"
757 install_readonly "${BOOT_DIR}/u-boot.bin" "${BASEDIR}/qemu/u-boot.bin"
756 fi
758 fi
757 if [ -f "${BOOT_DIR}/uboot.mkimage" ] ; then
759 if [ -f "${BOOT_DIR}/uboot.mkimage" ] ; then
758 install_readonly "${BOOT_DIR}/uboot.mkimage" "${BASEDIR}/qemu/uboot.mkimage"
760 install_readonly "${BOOT_DIR}/uboot.mkimage" "${BASEDIR}/qemu/uboot.mkimage"
759 fi
761 fi
760 if [ -f "${BOOT_DIR}/boot.scr" ] ; then
762 if [ -f "${BOOT_DIR}/boot.scr" ] ; then
761 install_readonly "${BOOT_DIR}/boot.scr" "${BASEDIR}/qemu/boot.scr"
763 install_readonly "${BOOT_DIR}/boot.scr" "${BASEDIR}/qemu/boot.scr"
762 fi
764 fi
763 fi
765 fi
764
766
765 # Copy initramfs to QEMU directory
767 # Copy initramfs to QEMU directory
766 if [ -f "${BOOT_DIR}/initramfs-${KERNEL_VERSION}" ] ; then
768 if [ -f "${BOOT_DIR}/initramfs-${KERNEL_VERSION}" ] ; then
767 install_readonly "${BOOT_DIR}/initramfs-${KERNEL_VERSION}" "${BASEDIR}/qemu/initramfs-${KERNEL_VERSION}"
769 install_readonly "${BOOT_DIR}/initramfs-${KERNEL_VERSION}" "${BASEDIR}/qemu/initramfs-${KERNEL_VERSION}"
768 fi
770 fi
769 fi
771 fi
770
772
771 # Calculate size of the chroot directory in KB
773 # Calculate size of the chroot directory in KB
772 CHROOT_SIZE=$(expr "$(du -s "${R}" | awk '{ print $1 }')")
774 CHROOT_SIZE=$(expr "$(du -s "${R}" | awk '{ print $1 }')")
773
775
774 # Calculate the amount of needed 512 Byte sectors
776 # Calculate the amount of needed 512 Byte sectors
775 TABLE_SECTORS=$(expr 1 \* 1024 \* 1024 \/ 512)
777 TABLE_SECTORS=$(expr 1 \* 1024 \* 1024 \/ 512)
776 FRMW_SECTORS=$(expr 64 \* 1024 \* 1024 \/ 512)
778 FRMW_SECTORS=$(expr 64 \* 1024 \* 1024 \/ 512)
777 ROOT_OFFSET=$(expr "${TABLE_SECTORS}" + "${FRMW_SECTORS}")
779 ROOT_OFFSET=$(expr "${TABLE_SECTORS}" + "${FRMW_SECTORS}")
778
780
779 # The root partition is EXT4
781 # The root partition is EXT4
780 # This means more space than the actual used space of the chroot is used.
782 # This means more space than the actual used space of the chroot is used.
781 # As overhead for journaling and reserved blocks 35% are added.
783 # As overhead for journaling and reserved blocks 35% are added.
782 ROOT_SECTORS=$(expr "$(expr "${CHROOT_SIZE}" + "${CHROOT_SIZE}" \/ 100 \* 35)" \* 1024 \/ 512)
784 ROOT_SECTORS=$(expr "$(expr "${CHROOT_SIZE}" + "${CHROOT_SIZE}" \/ 100 \* 35)" \* 1024 \/ 512)
783
785
784 # Calculate required image size in 512 Byte sectors
786 # Calculate required image size in 512 Byte sectors
785 IMAGE_SECTORS=$(expr "${TABLE_SECTORS}" + "${FRMW_SECTORS}" + "${ROOT_SECTORS}")
787 IMAGE_SECTORS=$(expr "${TABLE_SECTORS}" + "${FRMW_SECTORS}" + "${ROOT_SECTORS}")
786
788
787 # Prepare image file
789 # Prepare image file
788 if [ "$ENABLE_SPLITFS" = true ] ; then
790 if [ "$ENABLE_SPLITFS" = true ] ; then
789 dd if=/dev/zero of="$IMAGE_NAME-frmw.img" bs=512 count="${TABLE_SECTORS}"
791 dd if=/dev/zero of="$IMAGE_NAME-frmw.img" bs=512 count="${TABLE_SECTORS}"
790 dd if=/dev/zero of="$IMAGE_NAME-frmw.img" bs=512 count=0 seek="${FRMW_SECTORS}"
792 dd if=/dev/zero of="$IMAGE_NAME-frmw.img" bs=512 count=0 seek="${FRMW_SECTORS}"
791 dd if=/dev/zero of="$IMAGE_NAME-root.img" bs=512 count="${TABLE_SECTORS}"
793 dd if=/dev/zero of="$IMAGE_NAME-root.img" bs=512 count="${TABLE_SECTORS}"
792 dd if=/dev/zero of="$IMAGE_NAME-root.img" bs=512 count=0 seek="${ROOT_SECTORS}"
794 dd if=/dev/zero of="$IMAGE_NAME-root.img" bs=512 count=0 seek="${ROOT_SECTORS}"
793
795
794 # Write firmware/boot partition tables
796 # Write firmware/boot partition tables
795 sfdisk -q -L -uS -f "$IMAGE_NAME-frmw.img" 2> /dev/null <<EOM
797 sfdisk -q -L -uS -f "$IMAGE_NAME-frmw.img" 2> /dev/null <<EOM
796 ${TABLE_SECTORS},${FRMW_SECTORS},c,*
798 ${TABLE_SECTORS},${FRMW_SECTORS},c,*
797 EOM
799 EOM
798
800
799 # Write root partition table
801 # Write root partition table
800 sfdisk -q -L -uS -f "$IMAGE_NAME-root.img" 2> /dev/null <<EOM
802 sfdisk -q -L -uS -f "$IMAGE_NAME-root.img" 2> /dev/null <<EOM
801 ${TABLE_SECTORS},${ROOT_SECTORS},83
803 ${TABLE_SECTORS},${ROOT_SECTORS},83
802 EOM
804 EOM
803
805
804 # Setup temporary loop devices
806 # Setup temporary loop devices
805 FRMW_LOOP="$(losetup -o 1M --sizelimit 64M -f --show "$IMAGE_NAME"-frmw.img)"
807 FRMW_LOOP="$(losetup -o 1M --sizelimit 64M -f --show "$IMAGE_NAME"-frmw.img)"
806 ROOT_LOOP="$(losetup -o 1M -f --show "$IMAGE_NAME"-root.img)"
808 ROOT_LOOP="$(losetup -o 1M -f --show "$IMAGE_NAME"-root.img)"
807 else # ENABLE_SPLITFS=false
809 else # ENABLE_SPLITFS=false
808 dd if=/dev/zero of="$IMAGE_NAME.img" bs=512 count="${TABLE_SECTORS}"
810 dd if=/dev/zero of="$IMAGE_NAME.img" bs=512 count="${TABLE_SECTORS}"
809 dd if=/dev/zero of="$IMAGE_NAME.img" bs=512 count=0 seek="${IMAGE_SECTORS}"
811 dd if=/dev/zero of="$IMAGE_NAME.img" bs=512 count=0 seek="${IMAGE_SECTORS}"
810
812
811 # Write partition table
813 # Write partition table
812 sfdisk -q -L -uS -f "$IMAGE_NAME.img" 2> /dev/null <<EOM
814 sfdisk -q -L -uS -f "$IMAGE_NAME.img" 2> /dev/null <<EOM
813 ${TABLE_SECTORS},${FRMW_SECTORS},c,*
815 ${TABLE_SECTORS},${FRMW_SECTORS},c,*
814 ${ROOT_OFFSET},${ROOT_SECTORS},83
816 ${ROOT_OFFSET},${ROOT_SECTORS},83
815 EOM
817 EOM
816
818
817 # Setup temporary loop devices
819 # Setup temporary loop devices
818 FRMW_LOOP="$(losetup -o 1M --sizelimit 64M -f --show "$IMAGE_NAME".img)"
820 FRMW_LOOP="$(losetup -o 1M --sizelimit 64M -f --show "$IMAGE_NAME".img)"
819 ROOT_LOOP="$(losetup -o 65M -f --show "$IMAGE_NAME".img)"
821 ROOT_LOOP="$(losetup -o 65M -f --show "$IMAGE_NAME".img)"
820 fi
822 fi
821
823
822 if [ "$ENABLE_CRYPTFS" = true ] ; then
824 if [ "$ENABLE_CRYPTFS" = true ] ; then
823 # Create dummy ext4 fs
825 # Create dummy ext4 fs
824 mkfs.ext4 "$ROOT_LOOP"
826 mkfs.ext4 "$ROOT_LOOP"
825
827
826 # Setup password keyfile
828 # Setup password keyfile
827 touch .password
829 touch .password
828 chmod 600 .password
830 chmod 600 .password
829 echo -n ${CRYPTFS_PASSWORD} > .password
831 echo -n ${CRYPTFS_PASSWORD} > .password
830
832
831 # Initialize encrypted partition
833 # Initialize encrypted partition
832 echo "YES" | cryptsetup luksFormat "${ROOT_LOOP}" -c "${CRYPTFS_CIPHER}" -s "${CRYPTFS_XTSKEYSIZE}" .password
834 echo "YES" | cryptsetup luksFormat "${ROOT_LOOP}" -c "${CRYPTFS_CIPHER}" -s "${CRYPTFS_XTSKEYSIZE}" .password
833
835
834 # Open encrypted partition and setup mapping
836 # Open encrypted partition and setup mapping
835 cryptsetup luksOpen "${ROOT_LOOP}" -d .password "${CRYPTFS_MAPPING}"
837 cryptsetup luksOpen "${ROOT_LOOP}" -d .password "${CRYPTFS_MAPPING}"
836
838
837 # Secure delete password keyfile
839 # Secure delete password keyfile
838 shred -zu .password
840 shred -zu .password
839
841
840 # Update temporary loop device
842 # Update temporary loop device
841 ROOT_LOOP="/dev/mapper/${CRYPTFS_MAPPING}"
843 ROOT_LOOP="/dev/mapper/${CRYPTFS_MAPPING}"
842
844
843 # Wipe encrypted partition (encryption cipher is used for randomness)
845 # Wipe encrypted partition (encryption cipher is used for randomness)
844 dd if=/dev/zero of="${ROOT_LOOP}" bs=512 count="$(blockdev --getsz "${ROOT_LOOP}")"
846 dd if=/dev/zero of="${ROOT_LOOP}" bs=512 count="$(blockdev --getsz "${ROOT_LOOP}")"
845 fi
847 fi
846
848
847 # Build filesystems
849 # Build filesystems
848 mkfs.vfat "$FRMW_LOOP"
850 mkfs.vfat "$FRMW_LOOP"
849 mkfs.ext4 "$ROOT_LOOP"
851 mkfs.ext4 "$ROOT_LOOP"
850
852
851 # Mount the temporary loop devices
853 # Mount the temporary loop devices
852 mkdir -p "$BUILDDIR/mount"
854 mkdir -p "$BUILDDIR/mount"
853 mount "$ROOT_LOOP" "$BUILDDIR/mount"
855 mount "$ROOT_LOOP" "$BUILDDIR/mount"
854
856
855 mkdir -p "$BUILDDIR/mount/boot/firmware"
857 mkdir -p "$BUILDDIR/mount/boot/firmware"
856 mount "$FRMW_LOOP" "$BUILDDIR/mount/boot/firmware"
858 mount "$FRMW_LOOP" "$BUILDDIR/mount/boot/firmware"
857
859
858 # Copy all files from the chroot to the loop device mount point directory
860 # Copy all files from the chroot to the loop device mount point directory
859 rsync -a "${R}/" "$BUILDDIR/mount/"
861 rsync -a "${R}/" "$BUILDDIR/mount/"
860
862
861 # Unmount all temporary loop devices and mount points
863 # Unmount all temporary loop devices and mount points
862 cleanup
864 cleanup
863
865
864 # Create block map file(s) of image(s)
866 # Create block map file(s) of image(s)
865 if [ "$ENABLE_SPLITFS" = true ] ; then
867 if [ "$ENABLE_SPLITFS" = true ] ; then
866 # Create block map files for "bmaptool"
868 # Create block map files for "bmaptool"
867 bmaptool create -o "$IMAGE_NAME-frmw.bmap" "$IMAGE_NAME-frmw.img"
869 bmaptool create -o "$IMAGE_NAME-frmw.bmap" "$IMAGE_NAME-frmw.img"
868 bmaptool create -o "$IMAGE_NAME-root.bmap" "$IMAGE_NAME-root.img"
870 bmaptool create -o "$IMAGE_NAME-root.bmap" "$IMAGE_NAME-root.img"
869
871
870 # Image was successfully created
872 # Image was successfully created
871 echo "$IMAGE_NAME-frmw.img ($(expr \( "${TABLE_SECTORS}" + "${FRMW_SECTORS}" \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
873 echo "$IMAGE_NAME-frmw.img ($(expr \( "${TABLE_SECTORS}" + "${FRMW_SECTORS}" \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
872 echo "$IMAGE_NAME-root.img ($(expr \( "${TABLE_SECTORS}" + "${ROOT_SECTORS}" \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
874 echo "$IMAGE_NAME-root.img ($(expr \( "${TABLE_SECTORS}" + "${ROOT_SECTORS}" \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
873 else
875 else
874 # Create block map file for "bmaptool"
876 # Create block map file for "bmaptool"
875 bmaptool create -o "$IMAGE_NAME.bmap" "$IMAGE_NAME.img"
877 bmaptool create -o "$IMAGE_NAME.bmap" "$IMAGE_NAME.img"
876
878
877 # Image was successfully created
879 # Image was successfully created
878 echo "$IMAGE_NAME.img ($(expr \( "${TABLE_SECTORS}" + "${FRMW_SECTORS}" + "${ROOT_SECTORS}" \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
880 echo "$IMAGE_NAME.img ($(expr \( "${TABLE_SECTORS}" + "${FRMW_SECTORS}" + "${ROOT_SECTORS}" \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
879
881
880 # Create qemu qcow2 image
882 # Create qemu qcow2 image
881 if [ "$ENABLE_QEMU" = true ] ; then
883 if [ "$ENABLE_QEMU" = true ] ; then
882 QEMU_IMAGE=${QEMU_IMAGE:=${BASEDIR}/qemu/${DATE}-${KERNEL_ARCH}-CURRENT-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}}
884 QEMU_IMAGE=${QEMU_IMAGE:=${BASEDIR}/qemu/${DATE}-${KERNEL_ARCH}-CURRENT-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}}
883 QEMU_SIZE=16G
885 QEMU_SIZE=16G
884
886
885 qemu-img convert -f raw -O qcow2 "$IMAGE_NAME".img "$QEMU_IMAGE".qcow2
887 qemu-img convert -f raw -O qcow2 "$IMAGE_NAME".img "$QEMU_IMAGE".qcow2
886 qemu-img resize "$QEMU_IMAGE".qcow2 $QEMU_SIZE
888 qemu-img resize "$QEMU_IMAGE".qcow2 $QEMU_SIZE
887
889
888 echo "$QEMU_IMAGE.qcow2 ($QEMU_SIZE)" ": successfully created"
890 echo "$QEMU_IMAGE.qcow2 ($QEMU_SIZE)" ": successfully created"
889 fi
891 fi
890 fi
892 fi
General Comments 0
Vous devez vous connecter pour laisser un commentaire. Se connecter maintenant