##// END OF EJS Templates
Raspi2-3_GenImage
RSS

Cloner depuis https://github.com/drtyhlpr/rpi23-gen-image.git

fixes bullseye/testing renaming for chroot...
Unknown -
r668:dc3793318828
parent child
Show More
Show file before | Show file after | Hide comments
@@ -1,44 +1,44
1 1 #
2 2 # Setup APT repositories
3 3 #
4 4
5 5 # Load utility functions
6 6 . ./functions.sh
7 7
8 8 # Install and setup APT proxy configuration
9 9 if [ -z "$APT_PROXY" ] ; then
10 10 install_readonly files/apt/10proxy "${ETC_DIR}/apt/apt.conf.d/10proxy"
11 11 sed -i "s/\"\"/\"${APT_PROXY}\"/" "${ETC_DIR}/apt/apt.conf.d/10proxy"
12 12 fi
13 13
14 14 # Install APT sources.list
15 15 install_readonly files/apt/sources.list "${ETC_DIR}/apt/sources.list"
16 16
17 17 # Use specified APT server and release
18 18 sed -i "s/\/ftp.debian.org\//\/${APT_SERVER}\//" "${ETC_DIR}/apt/sources.list"
19 if [ "$RELEASE" = "bullseye" ] || [ "$RELEASE" = "testing" ] ; then
19 if [ "$RELEASE" = "testing" ] ; then
20 20 sed -i "s,stretch\\/updates,testing-security," "${ETC_DIR}/apt/sources.list"
21 21 else
22 22 sed -i "s/ stretch/ ${RELEASE}/" "${ETC_DIR}/apt/sources.list"
23 23 fi
24 24
25 25 # Upgrade package index and update all installed packages and changed dependencies
26 26 chroot_exec apt-get -qq -y update
27 27 chroot_exec apt-get -qq -y -u dist-upgrade
28 28
29 29 # Install additional packages
30 30 if [ "$APT_INCLUDES_LATE" ] ; then
31 31 chroot_exec apt-get -qq -y install $(echo "$APT_INCLUDES_LATE" |tr , ' ')
32 32 fi
33 33
34 34 # Install Debian custom packages
35 35 if [ -d packages ] ; then
36 36 for package in packages/*.deb ; do
37 37 cp "$package" "${R}"/tmp
38 38 chroot_exec dpkg --unpack /tmp/"$(basename "$package")"
39 39 done
40 40 fi
41 41
42 42 chroot_exec apt-get -qq -y -f install
43 43
44 44 chroot_exec apt-get -qq -y check
Show file before | Show file after | Hide comments
@@ -1,865 +1,865
1 1 #
2 2 # Build and Setup RPi2/3 Kernel
3 3 #
4 4
5 5 # Load utility functions
6 6 . ./functions.sh
7 7
8 8 # Need to use kali kernel src if nexmon is enabled
9 9 if [ "$ENABLE_NEXMON" = true ] ; then
10 10 KERNEL_URL="${KALI_KERNEL_URL}"
11 11 # Clear Branch and KernelSRC_DIR if using nexmon. Everyone will forget to clone kali kernel instead of nomrla kernel
12 12 KERNEL_BRANCH=""
13 13 KERNELSRC_DIR=""
14 14 fi
15 15
16 16 # Fetch and build latest raspberry kernel
17 17 if [ "$BUILD_KERNEL" = true ] ; then
18 18 # Setup source directory
19 19 mkdir -p "${KERNEL_DIR}"
20 20
21 21 # Copy existing kernel sources into chroot directory
22 22 if [ -n "$KERNELSRC_DIR" ] && [ -d "$KERNELSRC_DIR" ] ; then
23 23 # Copy kernel sources and include hidden files
24 24 cp -r "${KERNELSRC_DIR}/". "${KERNEL_DIR}"
25 25
26 26 # Clean the kernel sources
27 27 if [ "$KERNELSRC_CLEAN" = true ] && [ "$KERNELSRC_PREBUILT" = false ] ; then
28 28 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" mrproper
29 29 fi
30 30 else # KERNELSRC_DIR=""
31 31 # Create temporary directory for kernel sources
32 32 temp_dir=$(as_nobody mktemp -d)
33 33
34 34 # Fetch current RPi2/3 kernel sources
35 35 if [ -z "${KERNEL_BRANCH}" ] ; then
36 36 as_nobody -H git -C "${temp_dir}" clone --depth=1 "${KERNEL_URL}" linux
37 37 else
38 38 as_nobody -H git -C "${temp_dir}" clone --depth=1 --branch "${KERNEL_BRANCH}" "${KERNEL_URL}" linux
39 39 fi
40 40
41 41 # Copy downloaded kernel sources
42 42 cp -r "${temp_dir}/linux/"* "${KERNEL_DIR}"
43 43
44 44 # Remove temporary directory for kernel sources
45 45 rm -fr "${temp_dir}"
46 46
47 47 # Set permissions of the kernel sources
48 48 chown -R root:root "${R}/usr/src"
49 49 fi
50 50
51 51 # Calculate optimal number of kernel building threads
52 52 if [ "$KERNEL_THREADS" = "1" ] && [ -r /proc/cpuinfo ] ; then
53 53 KERNEL_THREADS=$(grep -c processor /proc/cpuinfo)
54 54 fi
55 55
56 56 #Copy 32bit config to 64bit
57 57 if [ "$ENABLE_QEMU" = true ] && [ "$KERNEL_ARCH" = arm64 ]; then
58 58 cp "${KERNEL_DIR}"/arch/arm/configs/vexpress_defconfig "${KERNEL_DIR}"/arch/arm64/configs/
59 59 fi
60 60
61 61 # Configure and build kernel
62 62 if [ "$KERNELSRC_PREBUILT" = false ] ; then
63 63 # Remove device, network and filesystem drivers from kernel configuration
64 64 if [ "$KERNEL_REDUCE" = true ] ; then
65 65 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" "${KERNEL_DEFCONFIG}"
66 66 sed -i\
67 67 -e "s/\(^CONFIG_SND.*\=\).*/\1n/"\
68 68 -e "s/\(^CONFIG_SOUND.*\=\).*/\1n/"\
69 69 -e "s/\(^CONFIG_AC97.*\=\).*/\1n/"\
70 70 -e "s/\(^CONFIG_VIDEO_.*\=\).*/\1n/"\
71 71 -e "s/\(^CONFIG_MEDIA_TUNER.*\=\).*/\1n/"\
72 72 -e "s/\(^CONFIG_DVB.*\=\)[ym]/\1n/"\
73 73 -e "s/\(^CONFIG_REISERFS.*\=\).*/\1n/"\
74 74 -e "s/\(^CONFIG_JFS.*\=\).*/\1n/"\
75 75 -e "s/\(^CONFIG_XFS.*\=\).*/\1n/"\
76 76 -e "s/\(^CONFIG_GFS2.*\=\).*/\1n/"\
77 77 -e "s/\(^CONFIG_OCFS2.*\=\).*/\1n/"\
78 78 -e "s/\(^CONFIG_BTRFS.*\=\).*/\1n/"\
79 79 -e "s/\(^CONFIG_HFS.*\=\).*/\1n/"\
80 80 -e "s/\(^CONFIG_JFFS2.*\=\)[ym]/\1n/"\
81 81 -e "s/\(^CONFIG_UBIFS.*\=\).*/\1n/"\
82 82 -e "s/\(^CONFIG_SQUASHFS.*\=\)[ym]/\1n/"\
83 83 -e "s/\(^CONFIG_W1.*\=\)[ym]/\1n/"\
84 84 -e "s/\(^CONFIG_HAMRADIO.*\=\).*/\1n/"\
85 85 -e "s/\(^CONFIG_CAN.*\=\).*/\1n/"\
86 86 -e "s/\(^CONFIG_IRDA.*\=\).*/\1n/"\
87 87 -e "s/\(^CONFIG_BT_.*\=\).*/\1n/"\
88 88 -e "s/\(^CONFIG_WIMAX.*\=\)[ym]/\1n/"\
89 89 -e "s/\(^CONFIG_6LOWPAN.*\=\).*/\1n/"\
90 90 -e "s/\(^CONFIG_IEEE802154.*\=\).*/\1n/"\
91 91 -e "s/\(^CONFIG_NFC.*\=\).*/\1n/"\
92 92 -e "s/\(^CONFIG_FB_TFT=.*\=\).*/\1n/"\
93 93 -e "s/\(^CONFIG_TOUCHSCREEN.*\=\).*/\1n/"\
94 94 -e "s/\(^CONFIG_USB_GSPCA_.*\=\).*/\1n/"\
95 95 -e "s/\(^CONFIG_DRM.*\=\).*/\1n/"\
96 96 "${KERNEL_DIR}/.config"
97 97 fi
98 98
99 99 if [ "$KERNELSRC_CONFIG" = true ] ; then
100 100 # Load default raspberry kernel configuration
101 101 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" "${KERNEL_DEFCONFIG}"
102 102
103 103 #Switch to KERNELSRC_DIR so we can use set_kernel_config
104 104 cd "${KERNEL_DIR}" || exit
105 105
106 106 if [ "$KERNEL_ARCH" = arm64 ] ; then
107 107 if [ "$KERNEL_ARCH" = arm64 ] && [ "$ENABLE_QEMU" = false ]; then
108 108 # Mask this temporarily during switch to rpi-4.19.y
109 109 #Fix SD_DRIVER upstream and downstream mess in 64bit RPIdeb_config
110 110 # use correct driver MMC_BCM2835_MMC instead of MMC_BCM2835_SDHOST - see https://www.raspberrypi.org/forums/viewtopic.php?t=210225
111 set_kernel_config CONFIG_MMC_BCM2835 n
112 set_kernel_config CONFIG_MMC_SDHCI_IPROC n
113 set_kernel_config CONFIG_USB_DWC2 n
114 sed -i "s|depends on MMC_BCM2835_MMC && MMC_BCM2835_DMA|depends on MMC_BCM2835_MMC|" "${KERNEL_DIR}"/drivers/mmc/host/Kconfig
111 #set_kernel_config CONFIG_MMC_BCM2835 n
112 #set_kernel_config CONFIG_MMC_SDHCI_IPROC n
113 #set_kernel_config CONFIG_USB_DWC2 n
114 #sed -i "s|depends on MMC_BCM2835_MMC && MMC_BCM2835_DMA|depends on MMC_BCM2835_MMC|" "${KERNEL_DIR}"/drivers/mmc/host/Kconfig
115 115
116 116 #VLAN got disabled without reason in arm64bit
117 117 set_kernel_config CONFIG_IPVLAN m
118 118 fi
119 119
120 120 # enable ZSWAP see https://askubuntu.com/a/472227 or https://wiki.archlinux.org/index.php/zswap
121 121 if [ "$KERNEL_ZSWAP" = true ] ; then
122 122 set_kernel_config CONFIG_ZPOOL y
123 123 set_kernel_config CONFIG_ZSWAP y
124 124 set_kernel_config CONFIG_ZBUD y
125 125 set_kernel_config CONFIG_Z3FOLD y
126 126 set_kernel_config CONFIG_ZSMALLOC y
127 127 set_kernel_config CONFIG_PGTABLE_MAPPING y
128 128 set_kernel_config CONFIG_LZO_COMPRESS y
129 129 fi
130 130
131 131 if [ RPI_MODEL = 4 ] ; then
132 132 # Following are set in current 32-bit LPAE kernel
133 133 set_kernel_config CONFIG_CGROUP_PIDS y
134 134 set_kernel_config CONFIG_NET_IPVTI m
135 135 set_kernel_config CONFIG_NF_TABLES_SET m
136 136 set_kernel_config CONFIG_NF_TABLES_INET y
137 137 set_kernel_config CONFIG_NF_TABLES_NETDEV y
138 138 set_kernel_config CONFIG_NF_FLOW_TABLE m
139 139 set_kernel_config CONFIG_NFT_FLOW_OFFLOAD m
140 140 set_kernel_config CONFIG_NFT_CONNLIMIT m
141 141 set_kernel_config CONFIG_NFT_TUNNEL m
142 142 set_kernel_config CONFIG_NFT_OBJREF m
143 143 set_kernel_config CONFIG_NFT_FIB_IPV4 m
144 144 set_kernel_config CONFIG_NFT_FIB_IPV6 m
145 145 set_kernel_config CONFIG_NFT_FIB_INET m
146 146 set_kernel_config CONFIG_NFT_SOCKET m
147 147 set_kernel_config CONFIG_NFT_OSF m
148 148 set_kernel_config CONFIG_NFT_TPROXY m
149 149 set_kernel_config CONFIG_NF_DUP_NETDEV m
150 150 set_kernel_config CONFIG_NFT_DUP_NETDEV m
151 151 set_kernel_config CONFIG_NFT_FWD_NETDEV m
152 152 set_kernel_config CONFIG_NFT_FIB_NETDEV m
153 153 set_kernel_config CONFIG_NF_FLOW_TABLE_INET m
154 154 set_kernel_config CONFIG_NF_FLOW_TABLE m
155 155 set_kernel_config CONFIG_NETFILTER_XT_MATCH_SOCKET m
156 156 set_kernel_config CONFIG_NFT_CHAIN_ROUTE_IPV6 m
157 157 set_kernel_config CONFIG_NFT_CHAIN_NAT_IPV6 m
158 158 set_kernel_config CONFIG_NFT_MASQ_IPV6 m
159 159 set_kernel_config CONFIG_NFT_REDIR_IPV6 m
160 160 set_kernel_config CONFIG_NFT_REJECT_IPV6 m
161 161 set_kernel_config CONFIG_NFT_DUP_IPV6 m
162 162 set_kernel_config CONFIG_NFT_FIB_IPV6 m
163 163 set_kernel_config CONFIG_NF_FLOW_TABLE_IPV6 m
164 164 set_kernel_config CONFIG_NF_TABLES_BRIDGE m
165 165 set_kernel_config CONFIG_NFT_BRIDGE_REJECT m
166 166 set_kernel_config CONFIG_NF_LOG_BRIDGE m
167 167 set_kernel_config CONFIG_MT76_CORE m
168 168 set_kernel_config CONFIG_MT76_LEDS m
169 169 set_kernel_config CONFIG_MT76_USB m
170 170 set_kernel_config CONFIG_MT76x2_COMMON m
171 171 set_kernel_config CONFIG_MT76x0U m
172 172 set_kernel_config CONFIG_MT76x2U m
173 173 set_kernel_config CONFIG_TOUCHSCREEN_ILI210X m
174 174 set_kernel_config CONFIG_BCM_VC_SM m
175 175 set_kernel_config CONFIG_BCM2835_SMI_DEV m
176 176 set_kernel_config CONFIG_RPIVID_MEM m
177 177 set_kernel_config CONFIG_HW_RANDOM_BCM2835 y
178 178 set_kernel_config CONFIG_TCG_TPM m
179 179 set_kernel_config CONFIG_HW_RANDOM_TPM y
180 180 set_kernel_config CONFIG_TCG_TIS m
181 181 set_kernel_config CONFIG_TCG_TIS_SPI m
182 182 set_kernel_config CONFIG_I2C_MUX m
183 183 set_kernel_config CONFIG_I2C_MUX_GPMUX m
184 184 set_kernel_config CONFIG_I2C_MUX_PCA954x m
185 185 set_kernel_config CONFIG_SPI_GPIO m
186 186 set_kernel_config CONFIG_BATTERY_MAX17040 m
187 187 set_kernel_config CONFIG_SENSORS_GPIO_FAN m
188 188 set_kernel_config CONFIG_SENSORS_RASPBERRYPI_HWMON m
189 189 set_kernel_config CONFIG_BCM2835_THERMAL y
190 190 set_kernel_config CONFIG_RC_CORE y
191 191 set_kernel_config CONFIG_RC_MAP y
192 192 set_kernel_config CONFIG_LIRC y
193 193 set_kernel_config CONFIG_RC_DECODERS y
194 194 set_kernel_config CONFIG_IR_NEC_DECODER m
195 195 set_kernel_config CONFIG_IR_RC5_DECODER m
196 196 set_kernel_config CONFIG_IR_RC6_DECODER m
197 197 set_kernel_config CONFIG_IR_JVC_DECODER m
198 198 set_kernel_config CONFIG_IR_SONY_DECODER m
199 199 set_kernel_config CONFIG_IR_SANYO_DECODER m
200 200 set_kernel_config CONFIG_IR_SHARP_DECODER m
201 201 set_kernel_config CONFIG_IR_MCE_KBD_DECODER m
202 202 set_kernel_config CONFIG_IR_XMP_DECODER m
203 203 set_kernel_config CONFIG_IR_IMON_DECODER m
204 204 set_kernel_config CONFIG_RC_DEVICES y
205 205 set_kernel_config CONFIG_RC_ATI_REMOTE m
206 206 set_kernel_config CONFIG_IR_IMON m
207 207 set_kernel_config CONFIG_IR_MCEUSB m
208 208 set_kernel_config CONFIG_IR_REDRAT3 m
209 209 set_kernel_config CONFIG_IR_STREAMZAP m
210 210 set_kernel_config CONFIG_IR_IGUANA m
211 211 set_kernel_config CONFIG_IR_TTUSBIR m
212 212 set_kernel_config CONFIG_RC_LOOPBACK m
213 213 set_kernel_config CONFIG_IR_GPIO_CIR m
214 214 set_kernel_config CONFIG_IR_GPIO_TX m
215 215 set_kernel_config CONFIG_IR_PWM_TX m
216 216 set_kernel_config CONFIG_VIDEO_V4L2_SUBDEV_API y
217 217 set_kernel_config CONFIG_VIDEO_AU0828_RC y
218 218 set_kernel_config CONFIG_VIDEO_CX231XX m
219 219 set_kernel_config CONFIG_VIDEO_CX231XX_RC y
220 220 set_kernel_config CONFIG_VIDEO_CX231XX_ALSA m
221 221 set_kernel_config CONFIG_VIDEO_CX231XX_DVB m
222 222 set_kernel_config CONFIG_VIDEO_TM6000 m
223 223 set_kernel_config CONFIG_VIDEO_TM6000_ALSA m
224 224 set_kernel_config CONFIG_VIDEO_TM6000_DVB m
225 225 set_kernel_config CONFIG_DVB_USB m
226 226 set_kernel_config CONFIG_DVB_USB_DIB3000MC m
227 227 set_kernel_config CONFIG_DVB_USB_A800 m
228 228 set_kernel_config CONFIG_DVB_USB_DIBUSB_MB m
229 229 set_kernel_config CONFIG_DVB_USB_DIBUSB_MB_FAULTY y
230 230 set_kernel_config CONFIG_DVB_USB_DIBUSB_MC m
231 231 set_kernel_config CONFIG_DVB_USB_DIB0700 m
232 232 set_kernel_config CONFIG_DVB_USB_UMT_010 m
233 233 set_kernel_config CONFIG_DVB_USB_CXUSB m
234 234 set_kernel_config CONFIG_DVB_USB_M920X m
235 235 set_kernel_config CONFIG_DVB_USB_DIGITV m
236 236 set_kernel_config CONFIG_DVB_USB_VP7045 m
237 237 set_kernel_config CONFIG_DVB_USB_VP702X m
238 238 set_kernel_config CONFIG_DVB_USB_GP8PSK m
239 239 set_kernel_config CONFIG_DVB_USB_NOVA_T_USB2 m
240 240 set_kernel_config CONFIG_DVB_USB_TTUSB2 m
241 241 set_kernel_config CONFIG_DVB_USB_DTT200U m
242 242 set_kernel_config CONFIG_DVB_USB_OPERA1 m
243 243 set_kernel_config CONFIG_DVB_USB_AF9005 m
244 244 set_kernel_config CONFIG_DVB_USB_AF9005_REMOTE m
245 245 set_kernel_config CONFIG_DVB_USB_PCTV452E m
246 246 set_kernel_config CONFIG_DVB_USB_DW2102 m
247 247 set_kernel_config CONFIG_DVB_USB_CINERGY_T2 m
248 248 set_kernel_config CONFIG_DVB_USB_DTV5100 m
249 249 set_kernel_config CONFIG_DVB_USB_AZ6027 m
250 250 set_kernel_config CONFIG_DVB_USB_TECHNISAT_USB2 m
251 251 set_kernel_config CONFIG_DVB_USB_AF9015 m
252 252 set_kernel_config CONFIG_DVB_USB_LME2510 m
253 253 set_kernel_config CONFIG_DVB_USB_RTL28XXU m
254 254 set_kernel_config CONFIG_VIDEO_EM28XX_RC m
255 255 set_kernel_config CONFIG_SMS_SIANO_RC m
256 256 set_kernel_config CONFIG_VIDEO_IR_I2C m
257 257 set_kernel_config CONFIG_VIDEO_ADV7180 m
258 258 set_kernel_config CONFIG_VIDEO_TC358743 m
259 259 set_kernel_config CONFIG_VIDEO_OV5647 m
260 260 set_kernel_config CONFIG_DVB_M88DS3103 m
261 261 set_kernel_config CONFIG_DVB_AF9013 m
262 262 set_kernel_config CONFIG_DVB_RTL2830 m
263 263 set_kernel_config CONFIG_DVB_RTL2832 m
264 264 set_kernel_config CONFIG_DVB_SI2168 m
265 265 set_kernel_config CONFIG_DVB_GP8PSK_FE m
266 266 set_kernel_config CONFIG_DVB_USB m
267 267 set_kernel_config CONFIG_DVB_LGDT3306A m
268 268 set_kernel_config CONFIG_FB_SIMPLE y
269 269 set_kernel_config CONFIG_SND_BCM2708_SOC_IQAUDIO_CODEC m
270 270 set_kernel_config CONFIG_SND_BCM2708_SOC_I_SABRE_Q2M m
271 271 set_kernel_config CONFIG_SND_AUDIOSENSE_PI m
272 272 set_kernel_config CONFIG_SND_SOC_AD193X m
273 273 set_kernel_config CONFIG_SND_SOC_AD193X_SPI m
274 274 set_kernel_config CONFIG_SND_SOC_AD193X_I2C m
275 275 set_kernel_config CONFIG_SND_SOC_CS4265 m
276 276 set_kernel_config CONFIG_SND_SOC_DA7213 m
277 277 set_kernel_config CONFIG_SND_SOC_ICS43432 m
278 278 set_kernel_config CONFIG_SND_SOC_TLV320AIC32X4 m
279 279 set_kernel_config CONFIG_SND_SOC_TLV320AIC32X4_I2C m
280 280 set_kernel_config CONFIG_SND_SOC_I_SABRE_CODEC m
281 281 set_kernel_config CONFIG_HID_BIGBEN_FF m
282 282 #set_kernel_config CONFIG_USB_XHCI_PLATFORM y
283 283 set_kernel_config CONFIG_USB_TMC m
284 284 set_kernel_config CONFIG_USB_UAS y
285 285 set_kernel_config CONFIG_USBIP_VUDC m
286 286 set_kernel_config CONFIG_USB_CONFIGFS m
287 287 set_kernel_config CONFIG_USB_CONFIGFS_SERIAL y
288 288 set_kernel_config CONFIG_USB_CONFIGFS_ACM y
289 289 set_kernel_config CONFIG_USB_CONFIGFS_OBEX y
290 290 set_kernel_config CONFIG_USB_CONFIGFS_NCM y
291 291 set_kernel_config CONFIG_USB_CONFIGFS_ECM y
292 292 set_kernel_config CONFIG_USB_CONFIGFS_ECM_SUBSET y
293 293 set_kernel_config CONFIG_USB_CONFIGFS_RNDIS y
294 294 set_kernel_config CONFIG_USB_CONFIGFS_EEM y
295 295 set_kernel_config CONFIG_USB_CONFIGFS_MASS_STORAGE y
296 296 set_kernel_config CONFIG_USB_CONFIGFS_F_LB_SS y
297 297 set_kernel_config CONFIG_USB_CONFIGFS_F_FS y
298 298 set_kernel_config CONFIG_USB_CONFIGFS_F_UAC1 y
299 299 set_kernel_config CONFIG_USB_CONFIGFS_F_UAC2 y
300 300 set_kernel_config CONFIG_USB_CONFIGFS_F_MIDI y
301 301 set_kernel_config CONFIG_USB_CONFIGFS_F_HID y
302 302 set_kernel_config CONFIG_USB_CONFIGFS_F_UVC y
303 303 set_kernel_config CONFIG_USB_CONFIGFS_F_PRINTER y
304 304 set_kernel_config CONFIG_LEDS_PCA963X m
305 305 set_kernel_config CONFIG_LEDS_IS31FL32XX m
306 306 set_kernel_config CONFIG_LEDS_TRIGGER_NETDEV m
307 307 set_kernel_config CONFIG_RTC_DRV_RV3028 m
308 308 set_kernel_config CONFIG_AUXDISPLAY y
309 309 set_kernel_config CONFIG_HD44780 m
310 310 set_kernel_config CONFIG_FB_TFT_SH1106 m
311 311 set_kernel_config CONFIG_VIDEO_CODEC_BCM2835 m
312 312 set_kernel_config CONFIG_BCM2835_POWER y
313 313 set_kernel_config CONFIG_INV_MPU6050_IIO m
314 314 set_kernel_config CONFIG_INV_MPU6050_I2C m
315 315 set_kernel_config CONFIG_SECURITYFS y
316 316
317 317 # Safer to build this in
318 318 set_kernel_config CONFIG_BINFMT_MISC y
319 319
320 320 # pulseaudio wants a buffer of at least this size
321 321 set_kernel_config CONFIG_SND_HDA_PREALLOC_SIZE 2048
322 322
323 323 # PR#3063: enable 3D acceleration with 64-bit kernel on RPi4
324 324 # set the appropriate kernel configs unlocked by this PR
325 325 set_kernel_config CONFIG_ARCH_BCM y
326 326 set_kernel_config CONFIG_ARCH_BCM2835 y
327 327 set_kernel_config CONFIG_DRM_V3D m
328 328 set_kernel_config CONFIG_DRM_VC4 m
329 329 set_kernel_config CONFIG_DRM_VC4_HDMI_CEC y
330 330
331 331 # PR#3144: add arm64 pcie bounce buffers; enables 4GiB on RPi4
332 332 # required by PR#3144; should already be applied, but just to be safe
333 333 set_kernel_config CONFIG_PCIE_BRCMSTB y
334 334 set_kernel_config CONFIG_BCM2835_MMC y
335 335
336 336 # Snap needs squashfs. The ubuntu eoan-preinstalled-server image at
337 337 # http://cdimage.ubuntu.com/ubuntu-server/daily-preinstalled/current/ uses snap
338 338 # during cloud-init setup at first boot. Without this the login accounts are not
339 339 # created and the user can not login.
340 340 set_kernel_config CONFIG_SQUASHFS y
341 341
342 342 # Ceph support for Block Device (RBD) and Filesystem (FS)
343 343 # https://docs.ceph.com/docs/master/
344 344 set_kernel_config CONFIG_CEPH_LIB m
345 345 set_kernel_config CONFIG_CEPH_LIB_USE_DNS_RESOLVER y
346 346 set_kernel_config CONFIG_CEPH_FS m
347 347 set_kernel_config CONFIG_CEPH_FSCACHE y
348 348 set_kernel_config CONFIG_CEPH_FS_POSIX_ACL y
349 349 set_kernel_config CONFIG_BLK_DEV_RBD m
350 350
351 351 # enable basic KVM support; see https://www.raspberrypi.org/forums/viewtopic.php?f=63&t=210546&start=25#p1300453
352 352 if [ "$KERNEL_VIRT" = true ] && { [ "$RPI_MODEL" = 2 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] || [ "$RPI_MODEL" = 4 ]; } ; then
353 353 set_kernel_config CONFIG_HAVE_KVM y
354 354 set_kernel_config CONFIG_HIGH_RES_TIMERS y
355 355 set_kernel_config CONFIG_HAVE_KVM_IRQCHIP y
356 356 set_kernel_config CONFIG_HAVE_KVM_ARCH_TLB_FLUSH_ALL y
357 357 set_kernel_config CONFIG_HAVE_KVM_CPU_RELAX_INTERCEPT y
358 358 set_kernel_config CONFIG_HAVE_KVM_EVENTFD y
359 359 set_kernel_config CONFIG_HAVE_KVM_IRQFD y
360 360 set_kernel_config CONFIG_HAVE_KVM_IRQ_ROUTING y
361 361 set_kernel_config CONFIG_HAVE_KVM_MSI y
362 362 set_kernel_config CONFIG_KVM y
363 363 set_kernel_config CONFIG_KVM_ARM_HOST y
364 364 set_kernel_config CONFIG_KVM_ARM_PMU y
365 365 set_kernel_config CONFIG_KVM_COMPAT y
366 366 set_kernel_config CONFIG_KVM_GENERIC_DIRTYLOG_READ_PROTECT y
367 367 set_kernel_config CONFIG_KVM_MMIO y
368 368 set_kernel_config CONFIG_KVM_VFIO y
369 369 set_kernel_config CONFIG_KVM_MMU_AUDIT y
370 370 set_kernel_config CONFIG_VHOST m
371 371 set_kernel_config CONFIG_VHOST_CROSS_ENDIAN_LEGACY y
372 372 set_kernel_config CONFIG_VHOST_NET m
373 373 set_kernel_config CONFIG_VIRTUALIZATION y
374 374 set_kernel_config CONFIG_SLAB_FREELIST_RANDOM=y
375 375 set_kernel_config CONFIG_SLAB_FREELIST_HARDENED=y
376 376 set_kernel_config CONFIG_MMU_NOTIFIER y
377 377
378 378 # erratum
379 379 set_kernel_config ARM64_ERRATUM_834220 y
380 380
381 381 # https://sourceforge.net/p/kvm/mailman/message/18440797/
382 382 set_kernel_config CONFIG_PREEMPT_NOTIFIERS y
383 383 fi
384 384
385 385 # enable apparmor,integrity audit,
386 386 if [ "$KERNEL_SECURITY" = true ] ; then
387 387
388 388 # security filesystem, security models and audit
389 389 set_kernel_config CONFIG_SECURITYFS y
390 390 set_kernel_config CONFIG_SECURITY y
391 391 set_kernel_config CONFIG_AUDIT y
392 392
393 393 # harden strcpy and memcpy
394 394 set_kernel_config CONFIG_HARDENED_USERCOPY y
395 395 set_kernel_config CONFIG_HAVE_HARDENED_USERCOPY_ALLOCATOR y
396 396 set_kernel_config CONFIG_FORTIFY_SOURCE y
397 397
398 398 # integrity sub-system
399 399 set_kernel_config CONFIG_INTEGRITY y
400 400 set_kernel_config CONFIG_INTEGRITY_ASYMMETRIC_KEYS y
401 401 set_kernel_config CONFIG_INTEGRITY_AUDIT y
402 402 set_kernel_config CONFIG_INTEGRITY_SIGNATURE y
403 403 set_kernel_config CONFIG_INTEGRITY_TRUSTED_KEYRING y
404 404
405 405 # This option provides support for retaining authentication tokens and access keys in the kernel.
406 406 set_kernel_config CONFIG_KEYS y
407 407 set_kernel_config CONFIG_KEYS_COMPAT y
408 408
409 409 # Apparmor
410 410 set_kernel_config CONFIG_SECURITY_APPARMOR_BOOTPARAM_VALUE 0
411 411 set_kernel_config CONFIG_SECURITY_APPARMOR_HASH_DEFAULT y
412 412 set_kernel_config CONFIG_DEFAULT_SECURITY_APPARMOR y
413 413 set_kernel_config CONFIG_SECURITY_APPARMOR y
414 414 set_kernel_config CONFIG_SECURITY_APPARMOR_HASH y
415 415 set_kernel_config CONFIG_DEFAULT_SECURITY "apparmor"
416 416
417 417 # restrictions on unprivileged users reading the kernel
418 418 set_kernel_config CONFIG_SECURITY_DMESG_RESTRICT y
419 419
420 420 # network security hooks
421 421 set_kernel_config CONFIG_SECURITY_NETWORK y
422 422 set_kernel_config CONFIG_SECURITY_NETWORK_XFRM y
423 423 set_kernel_config CONFIG_SECURITY_PATH y
424 424 set_kernel_config CONFIG_SECURITY_YAMA n
425 425
426 426 set_kernel_config CONFIG_SECURITY_SELINUX n
427 427 set_kernel_config CONFIG_SECURITY_SMACK n
428 428 set_kernel_config CONFIG_SECURITY_TOMOYO n
429 429 set_kernel_config CONFIG_SECURITY_APPARMOR_DEBUG n
430 430 set_kernel_config CONFIG_SECURITY_LOADPIN n
431 431 set_kernel_config CONFIG_HARDENED_USERCOPY_PAGESPAN n
432 432 set_kernel_config CONFIG_IMA n
433 433 set_kernel_config CONFIG_EVM n
434 434 set_kernel_config CONFIG_FANOTIFY_ACCESS_PERMISSIONS y
435 435 set_kernel_config CONFIG_NFSD_V4_SECURITY_LABEL y
436 436 set_kernel_config CONFIG_PKCS7_MESSAGE_PARSER y
437 437 set_kernel_config CONFIG_SYSTEM_TRUSTED_KEYRING y
438 438 set_kernel_config CONFIG_SYSTEM_EXTRA_CERTIFICATE y
439 439 set_kernel_config CONFIG_SECONDARY_TRUSTED_KEYRING y
440 440 set_kernel_config CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY n
441 441 set_kernel_config CONFIG_SYSTEM_TRUSTED_KEYS m
442 442 set_kernel_config CONFIG_SYSTEM_EXTRA_CERTIFICATE_SIZE 4096
443 443
444 444 set_kernel_config CONFIG_ARM64_CRYPTO y
445 445 set_kernel_config CONFIG_CRYPTO_SHA256_ARM64 m
446 446 set_kernel_config CONFIG_CRYPTO_SHA512_ARM64 m
447 447 set_kernel_config CONFIG_CRYPTO_SHA1_ARM64_CE m
448 448 set_kernel_config CRYPTO_GHASH_ARM64_CE m
449 449 set_kernel_config CRYPTO_SHA2_ARM64_CE m
450 450 set_kernel_config CONFIG_CRYPTO_CRCT10DIF_ARM64_CE m
451 451 set_kernel_config CONFIG_CRYPTO_CRC32_ARM64_CE m
452 452 set_kernel_config CONFIG_CRYPTO_AES_ARM64 m
453 453 set_kernel_config CONFIG_CRYPTO_AES_ARM64_CE m
454 454 set_kernel_config CONFIG_CRYPTO_AES_ARM64_CE_CCM y
455 455 set_kernel_config CONFIG_CRYPTO_AES_ARM64_CE_BLK y
456 456 set_kernel_config CONFIG_CRYPTO_AES_ARM64_NEON_BLK m
457 457 set_kernel_config CONFIG_CRYPTO_CHACHA20_NEON m
458 458 set_kernel_config CONFIG_CRYPTO_AES_ARM64_BS m
459 459 fi
460 460
461 461 # Netfilter kernel support See https://github.com/raspberrypi/linux/issues/2177#issuecomment-354647406
462 462 if [ "$KERNEL_NF" = true ] ; then
463 463 set_kernel_config CONFIG_IP_NF_SECURITY m
464 464 set_kernel_config CONFIG_NETLABEL y
465 465 set_kernel_config CONFIG_IP6_NF_SECURITY m
466 466 set_kernel_config CONFIG_IP_NF_TARGET_SYNPROXY m
467 467 set_kernel_config CONFIG_NETFILTER_XT_TARGET_AUDIT m
468 468 set_kernel_config CONFIG_NETFILTER_XT_MATCH_CGROUP m
469 469 set_kernel_config CONFIG_NETFILTER_XT_MATCH_IPCOMP m
470 470 set_kernel_config CONFIG_NETFILTER_XT_MATCH_SOCKET m
471 471 set_kernel_config CONFIG_NFT_FIB_INET m
472 472 set_kernel_config CONFIG_NFT_FIB_IPV4 m
473 473 set_kernel_config CONFIG_NFT_FIB_IPV6 m
474 474 set_kernel_config CONFIG_NFT_FIB_NETDEV m
475 475 set_kernel_config CONFIG_NFT_OBJREF m
476 476 set_kernel_config CONFIG_NFT_RT m
477 477 set_kernel_config CONFIG_NFT_SET_BITMAP m
478 478 set_kernel_config CONFIG_NF_CONNTRACK_TIMEOUT y
479 479 set_kernel_config CONFIG_NF_LOG_ARP m
480 480 set_kernel_config CONFIG_NF_SOCKET_IPV4 m
481 481 set_kernel_config CONFIG_NF_SOCKET_IPV6 m
482 482 set_kernel_config CONFIG_BRIDGE_EBT_BROUTE m
483 483 set_kernel_config CONFIG_BRIDGE_EBT_T_FILTER m
484 484 set_kernel_config CONFIG_BRIDGE_NF_EBTABLES m
485 485 set_kernel_config CONFIG_IP6_NF_IPTABLES m
486 486 set_kernel_config CONFIG_IP6_NF_MATCH_AH m
487 487 set_kernel_config CONFIG_IP6_NF_MATCH_EUI64 m
488 488 set_kernel_config CONFIG_IP6_NF_NAT m
489 489 set_kernel_config CONFIG_IP6_NF_TARGET_MASQUERADE m
490 490 set_kernel_config CONFIG_IP6_NF_TARGET_NPT m
491 491 set_kernel_config CONFIG_IP_SET_BITMAP_IPMAC m
492 492 set_kernel_config CONFIG_IP_SET_BITMAP_PORT m
493 493 set_kernel_config CONFIG_IP_SET_HASH_IP m
494 494 set_kernel_config CONFIG_IP_SET_HASH_IPMARK m
495 495 set_kernel_config CONFIG_IP_SET_HASH_IPPORT m
496 496 set_kernel_config CONFIG_IP_SET_HASH_IPPORTIP m
497 497 set_kernel_config CONFIG_IP_SET_HASH_IPPORTNET m
498 498 set_kernel_config CONFIG_IP_SET_HASH_MAC m
499 499 set_kernel_config CONFIG_IP_SET_HASH_NET m
500 500 set_kernel_config CONFIG_IP_SET_HASH_NETIFACE m
501 501 set_kernel_config CONFIG_IP_SET_HASH_NETNET m
502 502 set_kernel_config CONFIG_IP_SET_HASH_NETPORT m
503 503 set_kernel_config CONFIG_IP_SET_HASH_NETPORTNET m
504 504 set_kernel_config CONFIG_IP_SET_LIST_SET m
505 505 set_kernel_config CONFIG_NETFILTER_XTABLES m
506 506 set_kernel_config CONFIG_NETFILTER_XTABLES m
507 507 set_kernel_config CONFIG_NFT_BRIDGE_META m
508 508 set_kernel_config CONFIG_NFT_BRIDGE_REJECT m
509 509 set_kernel_config CONFIG_NFT_CHAIN_NAT_IPV4 m
510 510 set_kernel_config CONFIG_NFT_CHAIN_NAT_IPV6 m
511 511 set_kernel_config CONFIG_NFT_CHAIN_ROUTE_IPV4 m
512 512 set_kernel_config CONFIG_NFT_CHAIN_ROUTE_IPV6 m
513 513 set_kernel_config CONFIG_NFT_COMPAT m
514 514 set_kernel_config CONFIG_NFT_COUNTER m
515 515 set_kernel_config CONFIG_NFT_CT m
516 516 set_kernel_config CONFIG_NFT_DUP_IPV4 m
517 517 set_kernel_config CONFIG_NFT_DUP_IPV6 m
518 518 set_kernel_config CONFIG_NFT_DUP_NETDEV m
519 519 set_kernel_config CONFIG_NFT_EXTHDR m
520 520 set_kernel_config CONFIG_NFT_FWD_NETDEV m
521 521 set_kernel_config CONFIG_NFT_HASH m
522 522 set_kernel_config CONFIG_NFT_LIMIT m
523 523 set_kernel_config CONFIG_NFT_LOG m
524 524 set_kernel_config CONFIG_NFT_MASQ m
525 525 set_kernel_config CONFIG_NFT_MASQ_IPV4 m
526 526 set_kernel_config CONFIG_NFT_MASQ_IPV6 m
527 527 set_kernel_config CONFIG_NFT_META m
528 528 set_kernel_config CONFIG_NFT_NAT m
529 529 set_kernel_config CONFIG_NFT_NUMGEN m
530 530 set_kernel_config CONFIG_NFT_QUEUE m
531 531 set_kernel_config CONFIG_NFT_QUOTA m
532 532 set_kernel_config CONFIG_NFT_REDIR m
533 533 set_kernel_config CONFIG_NFT_REDIR_IPV4 m
534 534 set_kernel_config CONFIG_NFT_REDIR_IPV6 m
535 535 set_kernel_config CONFIG_NFT_REJECT m
536 536 set_kernel_config CONFIG_NFT_REJECT_INET m
537 537 set_kernel_config CONFIG_NFT_REJECT_IPV4 m
538 538 set_kernel_config CONFIG_NFT_REJECT_IPV6 m
539 539 set_kernel_config CONFIG_NFT_SET_HASH m
540 540 set_kernel_config CONFIG_NFT_SET_RBTREE m
541 541 set_kernel_config CONFIG_NF_CONNTRACK_IPV4 m
542 542 set_kernel_config CONFIG_NF_CONNTRACK_IPV6 m
543 543 set_kernel_config CONFIG_NF_DEFRAG_IPV4 m
544 544 set_kernel_config CONFIG_NF_DEFRAG_IPV6 m
545 545 set_kernel_config CONFIG_NF_DUP_IPV4 m
546 546 set_kernel_config CONFIG_NF_DUP_IPV6 m
547 547 set_kernel_config CONFIG_NF_DUP_NETDEV m
548 548 set_kernel_config CONFIG_NF_LOG_BRIDGE m
549 549 set_kernel_config CONFIG_NF_LOG_IPV4 m
550 550 set_kernel_config CONFIG_NF_LOG_IPV6 m
551 551 set_kernel_config CONFIG_NF_NAT_IPV4 m
552 552 set_kernel_config CONFIG_NF_NAT_IPV6 m
553 553 set_kernel_config CONFIG_NF_NAT_MASQUERADE_IPV4 y
554 554 set_kernel_config CONFIG_NF_NAT_MASQUERADE_IPV6 y
555 555 set_kernel_config CONFIG_NF_NAT_PPTP m
556 556 set_kernel_config CONFIG_NF_NAT_PROTO_GRE m
557 557 set_kernel_config CONFIG_NF_NAT_REDIRECT y
558 558 set_kernel_config CONFIG_NF_NAT_SIP m
559 559 set_kernel_config CONFIG_NF_NAT_SNMP_BASIC m
560 560 set_kernel_config CONFIG_NF_NAT_TFTP m
561 561 set_kernel_config CONFIG_NF_REJECT_IPV4 m
562 562 set_kernel_config CONFIG_NF_REJECT_IPV6 m
563 563 set_kernel_config CONFIG_NF_TABLES m
564 564 set_kernel_config CONFIG_NF_TABLES_ARP m
565 565 set_kernel_config CONFIG_NF_TABLES_BRIDGE m
566 566 set_kernel_config CONFIG_NF_TABLES_INET m
567 567 set_kernel_config CONFIG_NF_TABLES_IPV4 y
568 568 set_kernel_config CONFIG_NF_TABLES_IPV6 y
569 569 set_kernel_config CONFIG_NF_TABLES_NETDEV m
570 570 set_kernel_config CONFIG_NF_TABLES_SET m
571 571 set_kernel_config CONFIG_NF_TABLES_INET y
572 572 set_kernel_config CONFIG_NF_TABLES_NETDEV y
573 573 set_kernel_config CONFIG_NFT_CONNLIMIT m
574 574 set_kernel_config CONFIG_NFT_TUNNEL m
575 575 set_kernel_config CONFIG_NFT_SOCKET m
576 576 set_kernel_config CONFIG_NFT_TPROXY m
577 577 set_kernel_config CONFIG_NF_FLOW_TABLE m
578 578 set_kernel_config CONFIG_NFT_FLOW_OFFLOAD m
579 579 set_kernel_config CONFIG_NF_FLOW_TABLE_INET m
580 580 set_kernel_config CONFIG_NF_TABLES_ARP y
581 581 set_kernel_config CONFIG_NF_FLOW_TABLE_IPV4 y
582 582 set_kernel_config CONFIG_NF_FLOW_TABLE_IPV6 y
583 583 set_kernel_config CONFIG_NF_TABLES_BRIDGE y
584 584 set_kernel_config CONFIG_NF_CT_NETLINK_TIMEOUT m
585 585 set_kernel_config CONFIG_NFT_OSF m
586 586
587 587 fi
588 588
589 589 # Enables BPF syscall for systemd-journald see https://github.com/torvalds/linux/blob/master/init/Kconfig#L848 or https://groups.google.com/forum/#!topic/linux.gentoo.user/_2aSc_ztGpA
590 590 if [ "$KERNEL_BPF" = true ] ; then
591 591 set_kernel_config CONFIG_BPF_SYSCALL y
592 592 set_kernel_config CONFIG_BPF_EVENTS y
593 593 set_kernel_config CONFIG_BPF_STREAM_PARSER y
594 594 set_kernel_config CONFIG_CGROUP_BPF y
595 595 set_kernel_config CONFIG_XDP_SOCKETS y
596 596 fi
597 597
598 598 # KERNEL_DEFAULT_GOV was set by user
599 599 if [ "$KERNEL_DEFAULT_GOV" != powersave ] && [ -n "$KERNEL_DEFAULT_GOV" ] ; then
600 600
601 601 case "$KERNEL_DEFAULT_GOV" in
602 602 performance)
603 603 set_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_PERFORMANCE y
604 604 ;;
605 605 userspace)
606 606 set_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_USERSPACE y
607 607 ;;
608 608 ondemand)
609 609 set_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_ONDEMAND y
610 610 ;;
611 611 conservative)
612 612 set_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_CONSERVATIVE y
613 613 ;;
614 614 shedutil)
615 615 set_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_SCHEDUTIL y
616 616 ;;
617 617 *)
618 618 echo "error: unsupported default cpu governor"
619 619 exit 1
620 620 ;;
621 621 esac
622 622
623 623 # unset previous default governor
624 624 unset_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_POWERSAVE
625 625 fi
626 626
627 627 #Revert to previous directory
628 628 cd "${WORKDIR}" || exit
629 629
630 630 # Set kernel configuration parameters to enable qemu emulation
631 631 if [ "$ENABLE_QEMU" = true ] ; then
632 632 echo "CONFIG_FHANDLE=y" >> "${KERNEL_DIR}"/.config
633 633 echo "CONFIG_LBDAF=y" >> "${KERNEL_DIR}"/.config
634 634
635 635 if [ "$ENABLE_CRYPTFS" = true ] ; then
636 636 {
637 637 echo "CONFIG_EMBEDDED=y"
638 638 echo "CONFIG_EXPERT=y"
639 639 echo "CONFIG_DAX=y"
640 640 echo "CONFIG_MD=y"
641 641 echo "CONFIG_BLK_DEV_MD=y"
642 642 echo "CONFIG_MD_AUTODETECT=y"
643 643 echo "CONFIG_BLK_DEV_DM=y"
644 644 echo "CONFIG_BLK_DEV_DM_BUILTIN=y"
645 645 echo "CONFIG_DM_CRYPT=y"
646 646 echo "CONFIG_CRYPTO_BLKCIPHER=y"
647 647 echo "CONFIG_CRYPTO_CBC=y"
648 648 echo "CONFIG_CRYPTO_XTS=y"
649 649 echo "CONFIG_CRYPTO_SHA512=y"
650 650 echo "CONFIG_CRYPTO_MANAGER=y"
651 651 } >> "${KERNEL_DIR}"/.config
652 652 fi
653 653 fi
654 654
655 655 # Copy custom kernel configuration file
656 656 if [ -n "$KERNELSRC_USRCONFIG" ] ; then
657 657 cp "$KERNELSRC_USRCONFIG" "${KERNEL_DIR}"/.config
658 658 fi
659 659
660 660 # Set kernel configuration parameters to their default values
661 661 if [ "$KERNEL_OLDDEFCONFIG" = true ] ; then
662 662 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" olddefconfig
663 663 fi
664 664
665 665 # Start menu-driven kernel configuration (interactive)
666 666 if [ "$KERNEL_MENUCONFIG" = true ] ; then
667 667 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" menuconfig
668 668 fi
669 669 # end if "$KERNELSRC_CONFIG" = true
670 670 fi
671 671
672 672 # Use ccache to cross compile the kernel
673 673 if [ "$KERNEL_CCACHE" = true ] ; then
674 674 cc="ccache ${CROSS_COMPILE}gcc"
675 675 else
676 676 cc="${CROSS_COMPILE}gcc"
677 677 fi
678 678
679 679 # Cross compile kernel and dtbs
680 680 make -C "${KERNEL_DIR}" -j"${KERNEL_THREADS}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" CC="${cc}" "${KERNEL_BIN_IMAGE}" dtbs
681 681
682 682 # Cross compile kernel modules
683 683 if grep -q "CONFIG_MODULES=y" "${KERNEL_DIR}/.config" ; then
684 684 make -C "${KERNEL_DIR}" -j"${KERNEL_THREADS}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" CC="${cc}" modules
685 685 fi
686 686 # end if "$KERNELSRC_PREBUILT" = false
687 687 fi
688 688
689 689 # Check if kernel compilation was successful
690 690 if [ ! -r "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/${KERNEL_BIN_IMAGE}" ] ; then
691 691 echo "error: kernel compilation failed! (kernel image not found)"
692 692 cleanup
693 693 exit 1
694 694 fi
695 695
696 696 # Install kernel modules
697 697 if [ "$ENABLE_REDUCE" = true ] ; then
698 698 if grep -q "CONFIG_MODULES=y" "${KERNEL_DIR}/.config" ; then
699 699 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_MOD_STRIP=1 INSTALL_MOD_PATH=../../.. modules_install
700 700 fi
701 701 else
702 702 if grep -q "CONFIG_MODULES=y" "${KERNEL_DIR}/.config" ; then
703 703 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_MOD_PATH=../../.. modules_install
704 704 fi
705 705
706 706 # Install kernel firmware
707 707 if grep -q "^firmware_install:" "${KERNEL_DIR}/Makefile" ; then
708 708 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_FW_PATH=../../../lib firmware_install
709 709 fi
710 710 fi
711 711
712 712 # Install kernel headers
713 713 if [ "$KERNEL_HEADERS" = true ] && [ "$KERNEL_REDUCE" = false ] ; then
714 714 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_HDR_PATH=../.. headers_install
715 715 fi
716 716
717 717 # Prepare boot (firmware) directory
718 718 mkdir "${BOOT_DIR}"
719 719
720 720 # Get kernel release version
721 721 KERNEL_VERSION=$(cat "${KERNEL_DIR}/include/config/kernel.release")
722 722
723 723 # Copy kernel configuration file to the boot directory
724 724 install_readonly "${KERNEL_DIR}/.config" "${R}/boot/config-${KERNEL_VERSION}"
725 725
726 726 # Prepare device tree directory
727 727 mkdir "${BOOT_DIR}/overlays"
728 728
729 729 # Ensure the proper .dtb is located
730 730 if [ "$KERNEL_ARCH" = "arm" ] ; then
731 731 for dtb in "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/"*.dtb ; do
732 732 if [ -f "${dtb}" ] ; then
733 733 install_readonly "${dtb}" "${BOOT_DIR}/"
734 734 fi
735 735 done
736 736 else
737 737 for dtb in "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/broadcom/"*.dtb ; do
738 738 if [ -f "${dtb}" ] ; then
739 739 install_readonly "${dtb}" "${BOOT_DIR}/"
740 740 fi
741 741 done
742 742 fi
743 743
744 744 # Copy compiled dtb device tree files
745 745 if [ -d "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays" ] ; then
746 746 for dtb in "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays/"*.dtbo ; do
747 747 if [ -f "${dtb}" ] ; then
748 748 install_readonly "${dtb}" "${BOOT_DIR}/overlays/"
749 749 fi
750 750 done
751 751
752 752 if [ -f "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays/README" ] ; then
753 753 install_readonly "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays/README" "${BOOT_DIR}/overlays/README"
754 754 fi
755 755 fi
756 756
757 757 if [ "$ENABLE_UBOOT" = false ] ; then
758 758 # Convert and copy kernel image to the boot directory
759 759 "${KERNEL_DIR}/scripts/mkknlimg" "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/${KERNEL_BIN_IMAGE}" "${BOOT_DIR}/${KERNEL_IMAGE}"
760 760 else
761 761 # Copy kernel image to the boot directory
762 762 install_readonly "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/${KERNEL_BIN_IMAGE}" "${BOOT_DIR}/${KERNEL_IMAGE}"
763 763 fi
764 764
765 765 # Remove kernel sources
766 766 if [ "$KERNEL_REMOVESRC" = true ] ; then
767 767 rm -fr "${KERNEL_DIR}"
768 768 else
769 769 # Prepare compiled kernel modules
770 770 if grep -q "CONFIG_MODULES=y" "${KERNEL_DIR}/.config" ; then
771 771 if grep -q "^modules_prepare:" "${KERNEL_DIR}/Makefile" ; then
772 772 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" modules_prepare
773 773 fi
774 774
775 775 # Create symlinks for kernel modules
776 776 chroot_exec ln -sf /usr/src/linux "/lib/modules/${KERNEL_VERSION}/build"
777 777 chroot_exec ln -sf /usr/src/linux "/lib/modules/${KERNEL_VERSION}/source"
778 778 fi
779 779 fi
780 780
781 781 else # BUILD_KERNEL=false
782 782 if [ "$SET_ARCH" = 64 ] ; then
783 783 if [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then
784 784 # Use Sakakis modified kernel if ZSWAP is active
785 785 if [ "$KERNEL_ZSWAP" = true ] || [ "$KERNEL_VIRT" = true ] || [ "$KERNEL_NF" = true ] || [ "$KERNEL_BPF" = true ] ; then
786 786 RPI3_64_KERNEL_URL="${RPI3_64_BIS_KERNEL_URL}"
787 787 fi
788 788
789 789 # Create temporary directory for dl
790 790 temp_dir=$(as_nobody mktemp -d)
791 791
792 792 # Fetch kernel dl
793 793 as_nobody wget -O "${temp_dir}"/kernel.tar.xz -c "$RPI3_64_KERNEL_URL"
794 794 fi
795 795 if [ "$SET_ARCH" = 64 ] && [ "$RPI_MODEL" = 4 ] ; then
796 796 # Create temporary directory for dl
797 797 temp_dir=$(as_nobody mktemp -d)
798 798
799 799 # Fetch kernel dl
800 800 as_nobody wget -O "${temp_dir}"/kernel.tar.xz -c "$RPI4_64_KERNEL_URL"
801 801 fi
802 802
803 803 #extract download
804 804 tar -xJf "${temp_dir}"/kernel.tar.xz -C "${temp_dir}"
805 805
806 806 #move extracted kernel to /boot/firmware
807 807 mkdir "${R}/boot/firmware"
808 808 cp "${temp_dir}"/boot/* "${R}"/boot/firmware/
809 809 cp -r "${temp_dir}"/lib/* "${R}"/lib/
810 810
811 811 # Remove temporary directory for kernel sources
812 812 rm -fr "${temp_dir}"
813 813
814 814 # Set permissions of the kernel sources
815 815 chown -R root:root "${R}/boot/firmware"
816 816 chown -R root:root "${R}/lib/modules"
817 817 fi
818 818
819 819 # Install Kernel from hypriot comptabile with all Raspberry PI (dunno if its compatible with RPI4 - better compile your own kernel)
820 820 if [ "$SET_ARCH" = 32 ] && [ "$RPI_MODEL" != 4 ] ; then
821 821 # Create temporary directory for dl
822 822 temp_dir=$(as_nobody mktemp -d)
823 823
824 824 # Fetch kernel
825 825 as_nobody wget -O "${temp_dir}"/kernel.deb -c "$RPI_32_KERNEL_URL"
826 826
827 827 # Copy downloaded kernel package
828 828 mv "${temp_dir}"/kernel.deb "${R}"/tmp/kernel.deb
829 829
830 830 # Set permissions
831 831 chown -R root:root "${R}"/tmp/kernel.deb
832 832
833 833 # Install kernel
834 834 chroot_exec dpkg -i /tmp/kernel.deb
835 835
836 836 # move /boot to /boot/firmware to fit script env.
837 837 #mkdir "${BOOT_DIR}"
838 838 mkdir "${temp_dir}"/firmware
839 839 mv "${R}"/boot/* "${temp_dir}"/firmware/
840 840 mv "${temp_dir}"/firmware "${R}"/boot/
841 841
842 842 #same for kernel headers
843 843 if [ "$KERNEL_HEADERS" = true ] ; then
844 844 # Fetch kernel header
845 845 as_nobody wget -O "${temp_dir}"/kernel-header.deb -c "$RPI_32_KERNELHEADER_URL"
846 846 mv "${temp_dir}"/kernel-header.deb "${R}"/tmp/kernel-header.deb
847 847 chown -R root:root "${R}"/tmp/kernel-header.deb
848 848 # Install kernel header
849 849 chroot_exec dpkg -i /tmp/kernel-header.deb
850 850 rm -f "${R}"/tmp/kernel-header.deb
851 851 fi
852 852
853 853 # Remove temporary directory and files
854 854 rm -fr "${temp_dir}"
855 855 rm -f "${R}"/tmp/kernel.deb
856 856 fi
857 857
858 858 # Check if kernel installation was successful
859 859 KERNEL="$(ls -1 "${R}"/boot/firmware/kernel* | sort | tail -n 1)"
860 860 if [ -z "$KERNEL" ] ; then
861 861 echo "error: kernel installation failed! (/boot/kernel* not found)"
862 862 cleanup
863 863 exit 1
864 864 fi
865 865 fi
Show file before | Show file after | Hide comments
@@ -1,890 +1,892
1 1 #!/bin/sh
2 2 ########################################################################
3 3 # rpi23-gen-image.sh 2015-2017
4 4 #
5 5 # Advanced Debian "stretch" and "buster" bootstrap script for Raspberry Pi
6 6 #
7 7 # This program is free software; you can redistribute it and/or
8 8 # modify it under the terms of the GNU General Public License
9 9 # as published by the Free Software Foundation; either version 2
10 10 # of the License, or (at your option) any later version.
11 11 #
12 12 # Copyright (C) 2015 Jan Wagner <mail@jwagner.eu>
13 13 #
14 14 # Big thanks for patches and enhancements by 20+ github contributors!
15 15 ########################################################################
16 16
17 17 # Are we running as root?
18 18 if [ "$(id -u)" -ne "0" ] ; then
19 19 echo "error: this script must be executed with root privileges!"
20 20 exit 1
21 21 fi
22 22
23 23 # Check if ./functions.sh script exists
24 24 if [ ! -r "./functions.sh" ] ; then
25 25 echo "error: './functions.sh' required script not found!"
26 26 exit 1
27 27 fi
28 28
29 29 # Load utility functions
30 30 . ./functions.sh
31 31
32 32 # Load parameters from configuration template file
33 33 if [ -n "$CONFIG_TEMPLATE" ] ; then
34 34 use_template
35 35 fi
36 36
37 37 # Introduce settings
38 38 set -e
39 39 echo -n -e "\n#\n# RPi 0/1/2/3 Bootstrap Settings\n#\n"
40 40 set -x
41 41
42 42 # Raspberry Pi model configuration
43 43 RPI_MODEL=${RPI_MODEL:=2}
44 44
45 45 # Debian release
46 46 RELEASE=${RELEASE:=buster}
47 if [ $RELEASE = "bullseye" ] ; then
48 RELEASE=testing
49 fi
47 50
48 51 # Kernel Branch
49 52 KERNEL_BRANCH=${KERNEL_BRANCH:=""}
50 53
51 54 # URLs
52 55 KERNEL_URL=${KERNEL_URL:=https://github.com/raspberrypi/linux}
53 56 FIRMWARE_URL=${FIRMWARE_URL:=https://github.com/raspberrypi/firmware/raw/master/boot}
54 57 WLAN_FIRMWARE_URL=${WLAN_FIRMWARE_URL:=https://github.com/RPi-Distro/firmware-nonfree/raw/master/brcm}
55 COLLABORA_URL=${COLLABORA_URL:=https://repositories.collabora.co.uk/debian}
56 58 FBTURBO_URL=${FBTURBO_URL:=https://github.com/ssvb/xf86-video-fbturbo.git}
57 59 UBOOT_URL=${UBOOT_URL:=https://git.denx.de/u-boot.git}
58 60 VIDEOCORE_URL=${VIDEOCORE_URL:=https://github.com/raspberrypi/userland}
59 61 BLUETOOTH_URL=${BLUETOOTH_URL:=https://github.com/RPi-Distro/pi-bluetooth.git}
60 62 NEXMON_URL=${NEXMON_URL:=https://github.com/seemoo-lab/nexmon.git}
61 63 SYSTEMDSWAP_URL=${SYSTEMDSWAP_URL:=https://github.com/Nefelim4ag/systemd-swap.git}
62 64
63 65 # Kernel deb packages for 32bit kernel
64 66 RPI_32_KERNEL_URL=${RPI_32_KERNEL_URL:=https://github.com/hypriot/rpi-kernel/releases/download/v4.14.34/raspberrypi-kernel_20180422-141901_armhf.deb}
65 67 RPI_32_KERNELHEADER_URL=${RPI_32_KERNELHEADER_URL:=https://github.com/hypriot/rpi-kernel/releases/download/v4.14.34/raspberrypi-kernel-headers_20180422-141901_armhf.deb}
66 68 # Kernel has KVM and zswap enabled - use if KERNEL_* parameters and precompiled kernel are used
67 69 RPI3_64_BIS_KERNEL_URL=${RPI3_64_BIS_KERNEL_URL:=https://github.com/sakaki-/bcmrpi3-kernel-bis/releases/download/4.19.80.20191022/bcmrpi3-kernel-bis-4.19.80.20191022.tar.xz}
68 70 # Default precompiled 64bit kernel
69 71 RPI3_64_DEF_KERNEL_URL=${RPI3_64_DEF_KERNEL_URL:=https://github.com/sakaki-/bcmrpi3-kernel/releases/download/4.19.80.20191022/bcmrpi3-kernel-4.19.80.20191022.tar.xz}
70 72 # Sakaki BIS Kernel RPI4 - https://github.com/sakaki-/bcm2711-kernel-bis
71 73 RPI4_64_BIS_KERNEL_URL=${RPI4_64_BIS_KERNEL_URL:=https://github.com/sakaki-/bcm2711-kernel-bis/releases/download/4.19.59.20190724/bcm2711-kernel-bis-4.19.59.20190724.tar.xz}
72 74 # Default precompiled 64bit kernel - https://github.com/sakaki-/bcm2711-kernel
73 75 RPI4_64_DEF_KERNEL_URL=${RPI4_64_DEF_KERNEL_URL:=https://github.com/sakaki-/bcm2711-kernel-bis/releases/download/4.19.59.20190724/bcm2711-kernel-bis-4.19.59.20190724.tar.xz}
74 76 # Generic
75 77 RPI3_64_KERNEL_URL=${RPI3_64_KERNEL_URL:=$RPI3_64_DEF_KERNEL_URL}
76 78 RPI4_64_KERNEL_URL=${RPI4_64_KERNEL_URL:=$RPI4_64_DEF_KERNEL_URL}
77 79 # Kali kernel src - used if ENABLE_NEXMON=true (they patch the wlan kernel modul)
78 80 KALI_KERNEL_URL=${KALI_KERNEL_URL:=https://github.com/Re4son/re4son-raspberrypi-linux.git}
79 81
80 82 # Build directories
81 83 WORKDIR=$(pwd)
82 84 BASEDIR=${BASEDIR:=${WORKDIR}/images/${RELEASE}}
83 85 BUILDDIR="${BASEDIR}/build"
84 86
85 87 # Chroot directories
86 88 R="${BUILDDIR}/chroot"
87 89 ETC_DIR="${R}/etc"
88 90 LIB_DIR="${R}/lib"
89 91 BOOT_DIR="${R}/boot/firmware"
90 92 KERNEL_DIR="${R}/usr/src/linux"
91 93 WLAN_FIRMWARE_DIR="${LIB_DIR}/firmware/brcm"
92 94 BLUETOOTH_FIRMWARE_DIR="${ETC_DIR}/firmware/bt"
93 95
94 96 # Firmware directory: Blank if download from github
95 97 RPI_FIRMWARE_DIR=${RPI_FIRMWARE_DIR:=""}
96 98
97 99 # General settings
98 100 SET_ARCH=${SET_ARCH:=32}
99 101 HOSTNAME=${HOSTNAME:=rpi${RPI_MODEL}-${RELEASE}}
100 102 PASSWORD=${PASSWORD:=raspberry}
101 103 USER_PASSWORD=${USER_PASSWORD:=raspberry}
102 104 DEFLOCAL=${DEFLOCAL:="en_US.UTF-8"}
103 105 TIMEZONE=${TIMEZONE:="Europe/Berlin"}
104 106 EXPANDROOT=${EXPANDROOT:=true}
105 107 ENABLE_DPHYSSWAP=${ENABLE_DPHYSSWAP:=true}
106 108
107 109 # Keyboard settings
108 110 XKB_MODEL=${XKB_MODEL:=""}
109 111 XKB_LAYOUT=${XKB_LAYOUT:=""}
110 112 XKB_VARIANT=${XKB_VARIANT:=""}
111 113 XKB_OPTIONS=${XKB_OPTIONS:=""}
112 114
113 115 # Network settings (DHCP)
114 116 ENABLE_DHCP=${ENABLE_DHCP:=true}
115 117
116 118 # Network settings (static)
117 119 NET_ADDRESS=${NET_ADDRESS:=""}
118 120 NET_GATEWAY=${NET_GATEWAY:=""}
119 121 NET_DNS_1=${NET_DNS_1:=""}
120 122 NET_DNS_2=${NET_DNS_2:=""}
121 123 NET_DNS_DOMAINS=${NET_DNS_DOMAINS:=""}
122 124 NET_NTP_1=${NET_NTP_1:=""}
123 125 NET_NTP_2=${NET_NTP_2:=""}
124 126
125 127 # APT settings
126 128 APT_PROXY=${APT_PROXY:=""}
127 129 APT_SERVER=${APT_SERVER:="ftp.debian.org"}
128 130 KEEP_APT_PROXY=${KEEP_APT_PROXY:=false}
129 131
130 132 # Feature settings
131 133 ENABLE_PRINTK=${ENABLE_PRINTK:=false}
132 134 ENABLE_BLUETOOTH=${ENABLE_BLUETOOTH:=false}
133 135 ENABLE_MINIUART_OVERLAY=${ENABLE_MINIUART_OVERLAY:=false}
134 136 ENABLE_CONSOLE=${ENABLE_CONSOLE:=true}
135 137 ENABLE_I2C=${ENABLE_I2C:=false}
136 138 ENABLE_SPI=${ENABLE_SPI:=false}
137 139 ENABLE_IPV6=${ENABLE_IPV6:=true}
138 140 ENABLE_SSHD=${ENABLE_SSHD:=true}
139 141 ENABLE_NONFREE=${ENABLE_NONFREE:=false}
140 142 ENABLE_WIRELESS=${ENABLE_WIRELESS:=false}
141 143 ENABLE_SOUND=${ENABLE_SOUND:=true}
142 144 ENABLE_DBUS=${ENABLE_DBUS:=true}
143 145 ENABLE_HWRANDOM=${ENABLE_HWRANDOM:=true}
144 146 ENABLE_MINGPU=${ENABLE_MINGPU:=false}
145 147 ENABLE_XORG=${ENABLE_XORG:=false}
146 148 ENABLE_WM=${ENABLE_WM:=""}
147 149 ENABLE_RSYSLOG=${ENABLE_RSYSLOG:=true}
148 150 ENABLE_USER=${ENABLE_USER:=true}
149 151 USER_NAME=${USER_NAME:="pi"}
150 152 ENABLE_ROOT=${ENABLE_ROOT:=false}
151 153 ENABLE_QEMU=${ENABLE_QEMU:=false}
152 154 ENABLE_SYSVINIT=${ENABLE_SYSVINIT:=false}
153 155
154 156 # SSH settings
155 157 SSH_ENABLE_ROOT=${SSH_ENABLE_ROOT:=false}
156 158 SSH_DISABLE_PASSWORD_AUTH=${SSH_DISABLE_PASSWORD_AUTH:=false}
157 159 SSH_LIMIT_USERS=${SSH_LIMIT_USERS:=false}
158 160 SSH_ROOT_PUB_KEY=${SSH_ROOT_PUB_KEY:=""}
159 161 SSH_USER_PUB_KEY=${SSH_USER_PUB_KEY:=""}
160 162
161 163 # Advanced settings
162 164 ENABLE_SYSTEMDSWAP=${ENABLE_SYSTEMDSWAP:=false}
163 165 ENABLE_MINBASE=${ENABLE_MINBASE:=false}
164 166 ENABLE_REDUCE=${ENABLE_REDUCE:=false}
165 167 ENABLE_UBOOT=${ENABLE_UBOOT:=false}
166 168 UBOOTSRC_DIR=${UBOOTSRC_DIR:=""}
167 169 ENABLE_USBBOOT=${ENABLE_USBBOOT=false}
168 170 ENABLE_FBTURBO=${ENABLE_FBTURBO:=false}
169 171 ENABLE_VIDEOCORE=${ENABLE_VIDEOCORE:=false}
170 172 ENABLE_NEXMON=${ENABLE_NEXMON:=false}
171 173 VIDEOCORESRC_DIR=${VIDEOCORESRC_DIR:=""}
172 174 FBTURBOSRC_DIR=${FBTURBOSRC_DIR:=""}
173 175 NEXMONSRC_DIR=${NEXMONSRC_DIR:=""}
174 176 ENABLE_HARDNET=${ENABLE_HARDNET:=false}
175 177 ENABLE_IPTABLES=${ENABLE_IPTABLES:=false}
176 178 ENABLE_SPLITFS=${ENABLE_SPLITFS:=false}
177 179 ENABLE_INITRAMFS=${ENABLE_INITRAMFS:=false}
178 180 ENABLE_IFNAMES=${ENABLE_IFNAMES:=true}
179 181 ENABLE_SPLASH=${ENABLE_SPLASH:=true}
180 182 ENABLE_LOGO=${ENABLE_LOGO:=true}
181 183 ENABLE_SILENT_BOOT=${ENABLE_SILENT_BOOT=false}
182 184 DISABLE_UNDERVOLT_WARNINGS=${DISABLE_UNDERVOLT_WARNINGS:=}
183 185
184 186 # Kernel compilation settings
185 187 BUILD_KERNEL=${BUILD_KERNEL:=true}
186 188 KERNEL_REDUCE=${KERNEL_REDUCE:=false}
187 189 KERNEL_THREADS=${KERNEL_THREADS:=1}
188 190 KERNEL_HEADERS=${KERNEL_HEADERS:=true}
189 191 KERNEL_MENUCONFIG=${KERNEL_MENUCONFIG:=false}
190 192 KERNEL_REMOVESRC=${KERNEL_REMOVESRC:=true}
191 193 KERNEL_OLDDEFCONFIG=${KERNEL_OLDDEFCONFIG:=false}
192 194 KERNEL_CCACHE=${KERNEL_CCACHE:=false}
193 195 KERNEL_ZSWAP=${KERNEL_ZSWAP:=false}
194 196 KERNEL_VIRT=${KERNEL_VIRT:=false}
195 197 KERNEL_BPF=${KERNEL_BPF:=false}
196 198 KERNEL_DEFAULT_GOV=${KERNEL_DEFAULT_GOV:=ondemand}
197 199 KERNEL_SECURITY=${KERNEL_SECURITY:=false}
198 200 KERNEL_NF=${KERNEL_NF:=false}
199 201
200 202 # Kernel compilation from source directory settings
201 203 KERNELSRC_DIR=${KERNELSRC_DIR:=""}
202 204 KERNELSRC_CLEAN=${KERNELSRC_CLEAN:=false}
203 205 KERNELSRC_CONFIG=${KERNELSRC_CONFIG:=true}
204 206 KERNELSRC_PREBUILT=${KERNELSRC_PREBUILT:=false}
205 207
206 208 # Reduce disk usage settings
207 209 REDUCE_APT=${REDUCE_APT:=true}
208 210 REDUCE_DOC=${REDUCE_DOC:=true}
209 211 REDUCE_MAN=${REDUCE_MAN:=true}
210 212 REDUCE_VIM=${REDUCE_VIM:=false}
211 213 REDUCE_BASH=${REDUCE_BASH:=false}
212 214 REDUCE_HWDB=${REDUCE_HWDB:=true}
213 215 REDUCE_SSHD=${REDUCE_SSHD:=true}
214 216 REDUCE_LOCALE=${REDUCE_LOCALE:=true}
215 217
216 218 # Encrypted filesystem settings
217 219 ENABLE_CRYPTFS=${ENABLE_CRYPTFS:=false}
218 220 CRYPTFS_PASSWORD=${CRYPTFS_PASSWORD:=""}
219 221 CRYPTFS_MAPPING=${CRYPTFS_MAPPING:="secure"}
220 222 CRYPTFS_CIPHER=${CRYPTFS_CIPHER:="aes-xts-plain64:sha512"}
221 223 CRYPTFS_XTSKEYSIZE=${CRYPTFS_XTSKEYSIZE:=512}
222 224 #Dropbear-initramfs supports unlocking encrypted filesystem via SSH on bootup
223 225 CRYPTFS_DROPBEAR=${CRYPTFS_DROPBEAR:=false}
224 226 #Provide your own Dropbear Public RSA-OpenSSH Key otherwise it will be generated
225 227 CRYPTFS_DROPBEAR_PUBKEY=${CRYPTFS_DROPBEAR_PUBKEY:=""}
226 228
227 229 # Chroot scripts directory
228 230 CHROOT_SCRIPTS=${CHROOT_SCRIPTS:=""}
229 231
230 232 # Packages required in the chroot build environment
231 233 APT_INCLUDES=${APT_INCLUDES:=""}
232 234 APT_INCLUDES="${APT_INCLUDES},flex,bison,libssl-dev,apt-transport-https,apt-utils,ca-certificates,debian-archive-keyring,dialog,sudo,systemd,sysvinit-utils,locales,keyboard-configuration,console-setup,libnss-systemd"
233 235
234 236 # Packages to exclude from chroot build environment
235 237 APT_EXCLUDES=${APT_EXCLUDES:=""}
236 238
237 239 # Packages required for bootstrapping
238 240 REQUIRED_PACKAGES="debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git bc psmisc dbus sudo"
239 241 MISSING_PACKAGES=""
240 242
241 243 # Packages installed for c/c++ build environment in chroot (keep empty)
242 244 COMPILER_PACKAGES=""
243 245
244 246 # Check if apt-cacher-ng has port 3142 open and set APT_PROXY
245 247 APT_CACHER_RUNNING=$(lsof -i :3142 | cut -d ' ' -f3 | uniq | sed '/^\s*$/d')
246 248 if [ "${APT_CACHER_RUNNING}" = "apt-cacher-ng" ] ; then
247 249 APT_PROXY=http://127.0.0.1:3142/
248 250 fi
249 251
250 252 # Setup architecture specific settings
251 253 if [ -n "$SET_ARCH" ] ; then
252 254 # 64-bit configuration
253 255 if [ "$SET_ARCH" = 64 ] ; then
254 256 # General 64-bit depended settings
255 257 QEMU_BINARY=${QEMU_BINARY:=/usr/bin/qemu-aarch64-static}
256 258 KERNEL_ARCH=${KERNEL_ARCH:=arm64}
257 259 KERNEL_BIN_IMAGE=${KERNEL_BIN_IMAGE:="Image"}
258 260
259 261 # Raspberry Pi model specific settings
260 262 if [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] || [ "$RPI_MODEL" = 4 ] ; then
261 263 if [ "$RPI_MODEL" != 4 ] ; then
262 264 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcmrpi3_defconfig}
263 265 else
264 266 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcm2711_defconfig}
265 267 fi
266 268
267 269 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-arm64"
268 270 RELEASE_ARCH=${RELEASE_ARCH:=arm64}
269 271 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel8.img}
270 272 CROSS_COMPILE=${CROSS_COMPILE:=aarch64-linux-gnu-}
271 273 else
272 274 echo "error: Only Raspberry PI 3, 3B+ and 4 support 64-bit"
273 275 exit 1
274 276 fi
275 277 fi
276 278
277 279 # 32-bit configuration
278 280 if [ "$SET_ARCH" = 32 ] ; then
279 281 # General 32-bit dependend settings
280 282 QEMU_BINARY=${QEMU_BINARY:=/usr/bin/qemu-arm-static}
281 283 KERNEL_ARCH=${KERNEL_ARCH:=arm}
282 284 KERNEL_BIN_IMAGE=${KERNEL_BIN_IMAGE:="zImage"}
283 285
284 286 # Raspberry Pi model specific settings
285 287 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 1 ] || [ "$RPI_MODEL" = 1P ] ; then
286 288 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-armel"
287 289 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcmrpi_defconfig}
288 290 RELEASE_ARCH=${RELEASE_ARCH:=armel}
289 291 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel.img}
290 292 CROSS_COMPILE=${CROSS_COMPILE:=arm-linux-gnueabi-}
291 293 fi
292 294
293 295 # Raspberry Pi model specific settings
294 296 if [ "$RPI_MODEL" = 2 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] || [ "$RPI_MODEL" = 4 ] ; then
295 297 if [ "$RPI_MODEL" != 4 ] ; then
296 298 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcm2709_defconfig}
297 299 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel7.img}
298 300 else
299 301 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcm2711_defconfig}
300 302 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel7l.img}
301 303 fi
302 304
303 305 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-armhf"
304 306 RELEASE_ARCH=${RELEASE_ARCH:=armhf}
305 307
306 308 CROSS_COMPILE=${CROSS_COMPILE:=arm-linux-gnueabihf-}
307 309 fi
308 310 fi
309 311 # SET_ARCH not set
310 312 else
311 313 echo "error: Please set '32' or '64' as value for SET_ARCH"
312 314 exit 1
313 315 fi
314 316 # Device specific configuration and U-Boot configuration
315 317 case "$RPI_MODEL" in
316 318 0)
317 319 DTB_FILE=${DTB_FILE:=bcm2708-rpi-0-w.dtb}
318 320 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_defconfig}
319 321 ;;
320 322 1)
321 323 DTB_FILE=${DTB_FILE:=bcm2708-rpi-b.dtb}
322 324 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_defconfig}
323 325 ;;
324 326 1P)
325 327 DTB_FILE=${DTB_FILE:=bcm2708-rpi-b-plus.dtb}
326 328 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_defconfig}
327 329 ;;
328 330 2)
329 331 DTB_FILE=${DTB_FILE:=bcm2709-rpi-2-b.dtb}
330 332 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_2_defconfig}
331 333 ;;
332 334 3)
333 335 DTB_FILE=${DTB_FILE:=bcm2710-rpi-3-b.dtb}
334 336 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_3_defconfig}
335 337 ;;
336 338 3P)
337 339 DTB_FILE=${DTB_FILE:=bcm2710-rpi-3-b.dtb}
338 340 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_3_defconfig}
339 341 ;;
340 342 4)
341 343 DTB_FILE=${DTB_FILE:=bcm2711-rpi-4-b.dtb}
342 344 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_4_defconfig}
343 345 ;;
344 346 *)
345 347 echo "error: Raspberry Pi model $RPI_MODEL is not supported!"
346 348 exit 1
347 349 ;;
348 350 esac
349 351
350 352 # Raspberry PI 0,3,3P with Bluetooth and Wifi onboard
351 353 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] || [ "$RPI_MODEL" = 4 ] ; then
352 354 # Include bluetooth packages on supported boards
353 355 if [ "$ENABLE_BLUETOOTH" = true ] ; then
354 356 APT_INCLUDES="${APT_INCLUDES},bluetooth,bluez"
355 357 fi
356 358 if [ "$ENABLE_WIRELESS" = true ] ; then
357 359 APT_INCLUDES="${APT_INCLUDES},wireless-tools,crda,wireless-regdb"
358 360 fi
359 361 else # Raspberry PI 1,1P,2 without Wifi and bluetooth onboard
360 362 # Check if the internal wireless interface is not supported by the RPi model
361 363 if [ "$ENABLE_WIRELESS" = true ] || [ "$ENABLE_BLUETOOTH" = true ]; then
362 364 echo "error: The selected Raspberry Pi model has no integrated interface for wireless or bluetooth"
363 365 exit 1
364 366 fi
365 367 fi
366 368
367 369 if [ "$BUILD_KERNEL" = false ] && [ "$ENABLE_NEXMON" = true ]; then
368 370 echo "error: You have to compile kernel sources, if you want to enable nexmon"
369 371 exit 1
370 372 fi
371 373
372 374 # Prepare date string for default image file name
373 375 DATE="$(date +%Y-%m-%d)"
374 376 if [ -z "$KERNEL_BRANCH" ] ; then
375 377 IMAGE_NAME=${IMAGE_NAME:=${BASEDIR}/${DATE}-${KERNEL_ARCH}-CURRENT-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}}
376 378 else
377 379 IMAGE_NAME=${IMAGE_NAME:=${BASEDIR}/${DATE}-${KERNEL_ARCH}-${KERNEL_BRANCH}-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}}
378 380 fi
379 381
380 382 # Check if DISABLE_UNDERVOLT_WARNINGS parameter value is supported
381 383 if [ -n "$DISABLE_UNDERVOLT_WARNINGS" ] ; then
382 384 if [ "$DISABLE_UNDERVOLT_WARNINGS" != 1 ] && [ "$DISABLE_UNDERVOLT_WARNINGS" != 2 ] ; then
383 385 echo "error: DISABLE_UNDERVOLT_WARNINGS=${DISABLE_UNDERVOLT_WARNINGS} is not supported"
384 386 exit 1
385 387 fi
386 388 fi
387 389
388 390 # Add cmake to compile videocore sources
389 391 if [ "$ENABLE_VIDEOCORE" = true ] ; then
390 392 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} cmake"
391 393 fi
392 394
393 395 # Add deps for nexmon
394 396 if [ "$ENABLE_NEXMON" = true ] ; then
395 397 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} libgmp3-dev gawk qpdf make autoconf automake build-essential libtool"
396 398 fi
397 399
398 400 # Add libncurses5 to enable kernel menuconfig
399 401 if [ "$KERNEL_MENUCONFIG" = true ] ; then
400 402 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} libncurses-dev"
401 403 fi
402 404
403 405 # Add ccache compiler cache for (faster) kernel cross (re)compilation
404 406 if [ "$KERNEL_CCACHE" = true ] ; then
405 407 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} ccache"
406 408 fi
407 409
408 410 # Add cryptsetup package to enable filesystem encryption
409 411 if [ "$ENABLE_CRYPTFS" = true ] && [ "$BUILD_KERNEL" = true ] ; then
410 412 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} cryptsetup"
411 413 APT_INCLUDES="${APT_INCLUDES},cryptsetup,busybox,console-setup"
412 414
413 415 # If cryptfs,dropbear and initramfs are enabled include dropbear-initramfs package
414 416 if [ "$CRYPTFS_DROPBEAR" = true ] && [ "$ENABLE_INITRAMFS" = true ]; then
415 417 APT_INCLUDES="${APT_INCLUDES},dropbear-initramfs"
416 418 fi
417 419
418 420 if [ -z "$CRYPTFS_PASSWORD" ] ; then
419 421 echo "error: no password defined (CRYPTFS_PASSWORD)!"
420 422 exit 1
421 423 fi
422 424 ENABLE_INITRAMFS=true
423 425 fi
424 426
425 427 # Add initramfs generation tools
426 428 if [ "$ENABLE_INITRAMFS" = true ] && [ "$BUILD_KERNEL" = true ] ; then
427 429 APT_INCLUDES="${APT_INCLUDES},initramfs-tools"
428 430 fi
429 431
430 432 # Add device-tree-compiler required for building the U-Boot bootloader
431 433 if [ "$ENABLE_UBOOT" = true ] ; then
432 434 APT_INCLUDES="${APT_INCLUDES},device-tree-compiler,bison,flex,bc"
433 435 fi
434 436
435 437 if [ "$ENABLE_USBBOOT" = true ] ; then
436 438 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 1P ] || [ "$RPI_MODEL" = 1 ] || [ "$RPI_MODEL" = 2 ]; then
437 439 echo "error: Booting from USB alone is only supported by Raspberry Pi 3 and 3P"
438 440 exit 1
439 441 fi
440 442 fi
441 443
442 444 # Check if root SSH (v2) public key file exists
443 445 if [ -n "$SSH_ROOT_PUB_KEY" ] ; then
444 446 if [ ! -f "$SSH_ROOT_PUB_KEY" ] ; then
445 447 echo "error: '$SSH_ROOT_PUB_KEY' specified SSH public key file not found (SSH_ROOT_PUB_KEY)!"
446 448 exit 1
447 449 fi
448 450 fi
449 451
450 452 # Check if $USER_NAME SSH (v2) public key file exists
451 453 if [ -n "$SSH_USER_PUB_KEY" ] ; then
452 454 if [ ! -f "$SSH_USER_PUB_KEY" ] ; then
453 455 echo "error: '$SSH_USER_PUB_KEY' specified SSH public key file not found (SSH_USER_PUB_KEY)!"
454 456 exit 1
455 457 fi
456 458 fi
457 459
458 460 if [ "$ENABLE_NEXMON" = true ] && [ -n "$KERNEL_BRANCH" ] ; then
459 461 echo "error: Please unset KERNEL_BRANCH if using ENABLE_NEXMON"
460 462 exit 1
461 463 fi
462 464
463 465 # Check if all required packages are installed on the build system
464 466 for package in $REQUIRED_PACKAGES ; do
465 467 if [ "$(dpkg-query -W -f='${Status}' "$package")" != "install ok installed" ] ; then
466 468 MISSING_PACKAGES="${MISSING_PACKAGES} $package"
467 469 fi
468 470 done
469 471
470 472 # If there are missing packages ask confirmation for install, or exit
471 473 if [ -n "$MISSING_PACKAGES" ] ; then
472 474 echo "the following packages needed by this script are not installed:"
473 475 echo "$MISSING_PACKAGES"
474 476
475 477 printf "\ndo you want to install the missing packages right now? [y/n] "
476 478 read -r confirm
477 479 [ "$confirm" != "y" ] && exit 1
478 480
479 481 # Make sure all missing required packages are installed
480 482 apt-get update && apt-get -qq -y install `echo "${MISSING_PACKAGES}" | sed "s/ //"`
481 483 fi
482 484
483 485 # Check if ./bootstrap.d directory exists
484 486 if [ ! -d "./bootstrap.d/" ] ; then
485 487 echo "error: './bootstrap.d' required directory not found!"
486 488 exit 1
487 489 fi
488 490
489 491 # Check if ./files directory exists
490 492 if [ ! -d "./files/" ] ; then
491 493 echo "error: './files' required directory not found!"
492 494 exit 1
493 495 fi
494 496
495 497 # Check if specified KERNELSRC_DIR directory exists
496 498 if [ -n "$KERNELSRC_DIR" ] && [ ! -d "$KERNELSRC_DIR" ] ; then
497 499 echo "error: '${KERNELSRC_DIR}' specified directory not found (KERNELSRC_DIR)!"
498 500 exit 1
499 501 fi
500 502
501 503 # Check if specified UBOOTSRC_DIR directory exists
502 504 if [ -n "$UBOOTSRC_DIR" ] && [ ! -d "$UBOOTSRC_DIR" ] ; then
503 505 echo "error: '${UBOOTSRC_DIR}' specified directory not found (UBOOTSRC_DIR)!"
504 506 exit 1
505 507 fi
506 508
507 509 # Check if specified VIDEOCORESRC_DIR directory exists
508 510 if [ -n "$VIDEOCORESRC_DIR" ] && [ ! -d "$VIDEOCORESRC_DIR" ] ; then
509 511 echo "error: '${VIDEOCORESRC_DIR}' specified directory not found (VIDEOCORESRC_DIR)!"
510 512 exit 1
511 513 fi
512 514
513 515 # Check if specified FBTURBOSRC_DIR directory exists
514 516 if [ -n "$FBTURBOSRC_DIR" ] && [ ! -d "$FBTURBOSRC_DIR" ] ; then
515 517 echo "error: '${FBTURBOSRC_DIR}' specified directory not found (FBTURBOSRC_DIR)!"
516 518 exit 1
517 519 fi
518 520
519 521 # Check if specified NEXMONSRC_DIR directory exists
520 522 if [ -n "$NEXMONSRC_DIR" ] && [ ! -d "$NEXMONSRC_DIR" ] ; then
521 523 echo "error: '${NEXMONSRC_DIR}' specified directory not found (NEXMONSRC_DIR)!"
522 524 exit 1
523 525 fi
524 526
525 527 # Check if specified CHROOT_SCRIPTS directory exists
526 528 if [ -n "$CHROOT_SCRIPTS" ] && [ ! -d "$CHROOT_SCRIPTS" ] ; then
527 529 echo "error: ${CHROOT_SCRIPTS} specified directory not found (CHROOT_SCRIPTS)!"
528 530 exit 1
529 531 fi
530 532
531 533 # Check if specified device mapping already exists (will be used by cryptsetup)
532 534 if [ -r "/dev/mapping/${CRYPTFS_MAPPING}" ] ; then
533 535 echo "error: mapping /dev/mapping/${CRYPTFS_MAPPING} already exists, not proceeding"
534 536 exit 1
535 537 fi
536 538
537 539 # Don't clobber an old build
538 540 if [ -e "$BUILDDIR" ] ; then
539 541 echo "error: directory ${BUILDDIR} already exists, not proceeding"
540 542 exit 1
541 543 fi
542 544
543 545 # Setup chroot directory
544 546 mkdir -p "${R}"
545 547
546 548 # Check if build directory has enough of free disk space >512MB
547 549 if [ "$(df --output=avail "${BUILDDIR}" | sed "1d")" -le "524288" ] ; then
548 550 echo "error: ${BUILDDIR} not enough space left to generate the output image!"
549 551 exit 1
550 552 fi
551 553
552 554 set -x
553 555
554 556 # Call "cleanup" function on various signals and errors
555 557 trap cleanup 0 1 2 3 6
556 558
557 559 # Add required packages for the minbase installation
558 560 if [ "$ENABLE_MINBASE" = true ] ; then
559 561 APT_INCLUDES="${APT_INCLUDES},vim-tiny,netbase,net-tools,ifupdown"
560 562 fi
561 563
562 564 # Add parted package, required to get partprobe utility
563 565 if [ "$EXPANDROOT" = true ] ; then
564 566 APT_INCLUDES="${APT_INCLUDES},parted"
565 567 fi
566 568
567 569 # Add dphys-swapfile package, required to enable swap
568 570 if [ "$ENABLE_DPHYSSWAP" = true ] ; then
569 571 APT_INCLUDES="${APT_INCLUDES},dphys-swapfile"
570 572 fi
571 573
572 574 # Add dbus package, recommended if using systemd
573 575 if [ "$ENABLE_DBUS" = true ] ; then
574 576 APT_INCLUDES="${APT_INCLUDES},dbus"
575 577 fi
576 578
577 579 # Add iptables IPv4/IPv6 package
578 580 if [ "$ENABLE_IPTABLES" = true ] ; then
579 581 APT_INCLUDES="${APT_INCLUDES},iptables,iptables-persistent"
580 582 fi
581 583 # Add apparmor for KERNEL_SECURITY
582 584 if [ "$KERNEL_SECURITY" = true ] ; then
583 585 APT_INCLUDES="${APT_INCLUDES},apparmor,apparmor-utils,apparmor-profiles,apparmor-profiles-extra,libapparmor-perl"
584 586 fi
585 587
586 588 # Add openssh server package
587 589 if [ "$ENABLE_SSHD" = true ] ; then
588 590 APT_INCLUDES="${APT_INCLUDES},openssh-server"
589 591 fi
590 592
591 593 # Add alsa-utils package
592 594 if [ "$ENABLE_SOUND" = true ] ; then
593 595 APT_INCLUDES="${APT_INCLUDES},alsa-utils"
594 596 fi
595 597
596 598 # Add rng-tools package
597 599 if [ "$ENABLE_HWRANDOM" = true ] ; then
598 600 APT_INCLUDES="${APT_INCLUDES},rng-tools"
599 601 fi
600 602
601 603 # Add fbturbo video driver
602 604 if [ "$ENABLE_FBTURBO" = true ] ; then
603 605 # Enable xorg package dependencies
604 606 ENABLE_XORG=true
605 607 fi
606 608
607 609 # Add user defined window manager package
608 610 if [ -n "$ENABLE_WM" ] ; then
609 611 APT_INCLUDES="${APT_INCLUDES},${ENABLE_WM}"
610 612
611 613 # Enable xorg package dependencies
612 614 ENABLE_XORG=true
613 615 fi
614 616
615 617 # Add xorg package
616 618 if [ "$ENABLE_XORG" = true ] ; then
617 619 APT_INCLUDES="${APT_INCLUDES},xorg,dbus-x11"
618 620 fi
619 621
620 622 # Replace selected packages with smaller clones
621 623 if [ "$ENABLE_REDUCE" = true ] ; then
622 624 # Add levee package instead of vim-tiny
623 625 if [ "$REDUCE_VIM" = true ] ; then
624 626 APT_INCLUDES="$(echo ${APT_INCLUDES} | sed "s/vim-tiny/levee/")"
625 627 fi
626 628
627 629 # Add dropbear package instead of openssh-server
628 630 if [ "$REDUCE_SSHD" = true ] ; then
629 631 APT_INCLUDES="$(echo "${APT_INCLUDES}" | sed "s/openssh-server/dropbear/")"
630 632 fi
631 633 fi
632 634
633 635 # Configure systemd-sysv exclude to make halt/reboot/shutdown scripts available
634 636 if [ "$ENABLE_SYSVINIT" = false ] ; then
635 637 APT_EXCLUDES="--exclude=${APT_EXCLUDES},init,systemd-sysv"
636 638 fi
637 639
638 640 # Configure kernel sources if no KERNELSRC_DIR
639 641 if [ "$BUILD_KERNEL" = true ] && [ -z "$KERNELSRC_DIR" ] ; then
640 642 KERNELSRC_CONFIG=true
641 643 fi
642 644
643 645 # Configure reduced kernel
644 646 if [ "$KERNEL_REDUCE" = true ] ; then
645 647 KERNELSRC_CONFIG=false
646 648 fi
647 649
648 650 # Configure qemu compatible kernel
649 651 if [ "$ENABLE_QEMU" = true ] ; then
650 652 DTB_FILE=vexpress-v2p-ca15_a7.dtb
651 653 UBOOT_CONFIG=vexpress_ca15_tc2_defconfig
652 654 KERNEL_DEFCONFIG="vexpress_defconfig"
653 655 if [ "$KERNEL_MENUCONFIG" = false ] ; then
654 656 KERNEL_OLDDEFCONFIG=true
655 657 fi
656 658 fi
657 659
658 660 # Execute bootstrap scripts
659 661 for SCRIPT in bootstrap.d/*.sh; do
660 662 head -n 3 "$SCRIPT"
661 663 . "$SCRIPT"
662 664 done
663 665
664 666 ## Execute custom bootstrap scripts
665 667 if [ -d "custom.d" ] ; then
666 668 for SCRIPT in custom.d/*.sh; do
667 669 . "$SCRIPT"
668 670 done
669 671 fi
670 672
671 673 # Execute custom scripts inside the chroot
672 674 if [ -n "$CHROOT_SCRIPTS" ] && [ -d "$CHROOT_SCRIPTS" ] ; then
673 675 cp -r "${CHROOT_SCRIPTS}" "${R}/chroot_scripts"
674 676 chroot_exec /bin/bash -x <<'EOF'
675 677 for SCRIPT in /chroot_scripts/* ; do
676 678 if [ -f $SCRIPT -a -x $SCRIPT ] ; then
677 679 $SCRIPT
678 680 fi
679 681 done
680 682 EOF
681 683 rm -rf "${R}/chroot_scripts"
682 684 fi
683 685
684 686 # Remove c/c++ build environment from the chroot
685 687 chroot_remove_cc
686 688
687 689 # Generate required machine-id
688 690 MACHINE_ID=$(dbus-uuidgen)
689 691 echo -n "${MACHINE_ID}" > "${R}/var/lib/dbus/machine-id"
690 692 echo -n "${MACHINE_ID}" > "${ETC_DIR}/machine-id"
691 693
692 694 # APT Cleanup
693 695 chroot_exec apt-get -y clean
694 696 chroot_exec apt-get -y autoclean
695 697 chroot_exec apt-get -y autoremove
696 698
697 699 # Unmount mounted filesystems
698 700 umount -l "${R}/proc"
699 701 umount -l "${R}/sys"
700 702
701 703 # Clean up directories
702 704 rm -rf "${R}/run/*"
703 705 rm -rf "${R}/tmp/*"
704 706
705 707 # Clean up APT proxy settings
706 708 if [ "$KEEP_APT_PROXY" = false ] ; then
707 709 rm -f "${ETC_DIR}/apt/apt.conf.d/10proxy"
708 710 fi
709 711
710 712 # Clean up files
711 713 rm -f "${ETC_DIR}/ssh/ssh_host_*"
712 714 rm -f "${ETC_DIR}/dropbear/dropbear_*"
713 715 rm -f "${ETC_DIR}/apt/sources.list.save"
714 716 rm -f "${ETC_DIR}/resolvconf/resolv.conf.d/original"
715 717 rm -f "${ETC_DIR}/*-"
716 718 rm -f "${ETC_DIR}/resolv.conf"
717 719 rm -f "${R}/root/.bash_history"
718 720 rm -f "${R}/var/lib/urandom/random-seed"
719 721 rm -f "${R}/initrd.img"
720 722 rm -f "${R}/vmlinuz"
721 723 rm -f "${R}${QEMU_BINARY}"
722 724
723 725 if [ "$ENABLE_QEMU" = true ] ; then
724 726 # Setup QEMU directory
725 727 mkdir "${BASEDIR}/qemu"
726 728
727 729 # Copy kernel image to QEMU directory
728 730 install_readonly "${BOOT_DIR}/${KERNEL_IMAGE}" "${BASEDIR}/qemu/${KERNEL_IMAGE}"
729 731
730 732 # Copy kernel config to QEMU directory
731 733 install_readonly "${R}/boot/config-${KERNEL_VERSION}" "${BASEDIR}/qemu/config-${KERNEL_VERSION}"
732 734
733 735 # Copy kernel dtbs to QEMU directory
734 736 for dtb in "${BOOT_DIR}/"*.dtb ; do
735 737 if [ -f "${dtb}" ] ; then
736 738 install_readonly "${dtb}" "${BASEDIR}/qemu/"
737 739 fi
738 740 done
739 741
740 742 # Copy kernel overlays to QEMU directory
741 743 if [ -d "${BOOT_DIR}/overlays" ] ; then
742 744 # Setup overlays dtbs directory
743 745 mkdir "${BASEDIR}/qemu/overlays"
744 746
745 747 for dtb in "${BOOT_DIR}/overlays/"*.dtbo ; do
746 748 if [ -f "${dtb}" ] ; then
747 749 install_readonly "${dtb}" "${BASEDIR}/qemu/overlays/"
748 750 fi
749 751 done
750 752 fi
751 753
752 754 # Copy u-boot files to QEMU directory
753 755 if [ "$ENABLE_UBOOT" = true ] ; then
754 756 if [ -f "${BOOT_DIR}/u-boot.bin" ] ; then
755 757 install_readonly "${BOOT_DIR}/u-boot.bin" "${BASEDIR}/qemu/u-boot.bin"
756 758 fi
757 759 if [ -f "${BOOT_DIR}/uboot.mkimage" ] ; then
758 760 install_readonly "${BOOT_DIR}/uboot.mkimage" "${BASEDIR}/qemu/uboot.mkimage"
759 761 fi
760 762 if [ -f "${BOOT_DIR}/boot.scr" ] ; then
761 763 install_readonly "${BOOT_DIR}/boot.scr" "${BASEDIR}/qemu/boot.scr"
762 764 fi
763 765 fi
764 766
765 767 # Copy initramfs to QEMU directory
766 768 if [ -f "${BOOT_DIR}/initramfs-${KERNEL_VERSION}" ] ; then
767 769 install_readonly "${BOOT_DIR}/initramfs-${KERNEL_VERSION}" "${BASEDIR}/qemu/initramfs-${KERNEL_VERSION}"
768 770 fi
769 771 fi
770 772
771 773 # Calculate size of the chroot directory in KB
772 774 CHROOT_SIZE=$(expr "$(du -s "${R}" | awk '{ print $1 }')")
773 775
774 776 # Calculate the amount of needed 512 Byte sectors
775 777 TABLE_SECTORS=$(expr 1 \* 1024 \* 1024 \/ 512)
776 778 FRMW_SECTORS=$(expr 64 \* 1024 \* 1024 \/ 512)
777 779 ROOT_OFFSET=$(expr "${TABLE_SECTORS}" + "${FRMW_SECTORS}")
778 780
779 781 # The root partition is EXT4
780 782 # This means more space than the actual used space of the chroot is used.
781 783 # As overhead for journaling and reserved blocks 35% are added.
782 784 ROOT_SECTORS=$(expr "$(expr "${CHROOT_SIZE}" + "${CHROOT_SIZE}" \/ 100 \* 35)" \* 1024 \/ 512)
783 785
784 786 # Calculate required image size in 512 Byte sectors
785 787 IMAGE_SECTORS=$(expr "${TABLE_SECTORS}" + "${FRMW_SECTORS}" + "${ROOT_SECTORS}")
786 788
787 789 # Prepare image file
788 790 if [ "$ENABLE_SPLITFS" = true ] ; then
789 791 dd if=/dev/zero of="$IMAGE_NAME-frmw.img" bs=512 count="${TABLE_SECTORS}"
790 792 dd if=/dev/zero of="$IMAGE_NAME-frmw.img" bs=512 count=0 seek="${FRMW_SECTORS}"
791 793 dd if=/dev/zero of="$IMAGE_NAME-root.img" bs=512 count="${TABLE_SECTORS}"
792 794 dd if=/dev/zero of="$IMAGE_NAME-root.img" bs=512 count=0 seek="${ROOT_SECTORS}"
793 795
794 796 # Write firmware/boot partition tables
795 797 sfdisk -q -L -uS -f "$IMAGE_NAME-frmw.img" 2> /dev/null <<EOM
796 798 ${TABLE_SECTORS},${FRMW_SECTORS},c,*
797 799 EOM
798 800
799 801 # Write root partition table
800 802 sfdisk -q -L -uS -f "$IMAGE_NAME-root.img" 2> /dev/null <<EOM
801 803 ${TABLE_SECTORS},${ROOT_SECTORS},83
802 804 EOM
803 805
804 806 # Setup temporary loop devices
805 807 FRMW_LOOP="$(losetup -o 1M --sizelimit 64M -f --show "$IMAGE_NAME"-frmw.img)"
806 808 ROOT_LOOP="$(losetup -o 1M -f --show "$IMAGE_NAME"-root.img)"
807 809 else # ENABLE_SPLITFS=false
808 810 dd if=/dev/zero of="$IMAGE_NAME.img" bs=512 count="${TABLE_SECTORS}"
809 811 dd if=/dev/zero of="$IMAGE_NAME.img" bs=512 count=0 seek="${IMAGE_SECTORS}"
810 812
811 813 # Write partition table
812 814 sfdisk -q -L -uS -f "$IMAGE_NAME.img" 2> /dev/null <<EOM
813 815 ${TABLE_SECTORS},${FRMW_SECTORS},c,*
814 816 ${ROOT_OFFSET},${ROOT_SECTORS},83
815 817 EOM
816 818
817 819 # Setup temporary loop devices
818 820 FRMW_LOOP="$(losetup -o 1M --sizelimit 64M -f --show "$IMAGE_NAME".img)"
819 821 ROOT_LOOP="$(losetup -o 65M -f --show "$IMAGE_NAME".img)"
820 822 fi
821 823
822 824 if [ "$ENABLE_CRYPTFS" = true ] ; then
823 825 # Create dummy ext4 fs
824 826 mkfs.ext4 "$ROOT_LOOP"
825 827
826 828 # Setup password keyfile
827 829 touch .password
828 830 chmod 600 .password
829 831 echo -n ${CRYPTFS_PASSWORD} > .password
830 832
831 833 # Initialize encrypted partition
832 834 echo "YES" | cryptsetup luksFormat "${ROOT_LOOP}" -c "${CRYPTFS_CIPHER}" -s "${CRYPTFS_XTSKEYSIZE}" .password
833 835
834 836 # Open encrypted partition and setup mapping
835 837 cryptsetup luksOpen "${ROOT_LOOP}" -d .password "${CRYPTFS_MAPPING}"
836 838
837 839 # Secure delete password keyfile
838 840 shred -zu .password
839 841
840 842 # Update temporary loop device
841 843 ROOT_LOOP="/dev/mapper/${CRYPTFS_MAPPING}"
842 844
843 845 # Wipe encrypted partition (encryption cipher is used for randomness)
844 846 dd if=/dev/zero of="${ROOT_LOOP}" bs=512 count="$(blockdev --getsz "${ROOT_LOOP}")"
845 847 fi
846 848
847 849 # Build filesystems
848 850 mkfs.vfat "$FRMW_LOOP"
849 851 mkfs.ext4 "$ROOT_LOOP"
850 852
851 853 # Mount the temporary loop devices
852 854 mkdir -p "$BUILDDIR/mount"
853 855 mount "$ROOT_LOOP" "$BUILDDIR/mount"
854 856
855 857 mkdir -p "$BUILDDIR/mount/boot/firmware"
856 858 mount "$FRMW_LOOP" "$BUILDDIR/mount/boot/firmware"
857 859
858 860 # Copy all files from the chroot to the loop device mount point directory
859 861 rsync -a "${R}/" "$BUILDDIR/mount/"
860 862
861 863 # Unmount all temporary loop devices and mount points
862 864 cleanup
863 865
864 866 # Create block map file(s) of image(s)
865 867 if [ "$ENABLE_SPLITFS" = true ] ; then
866 868 # Create block map files for "bmaptool"
867 869 bmaptool create -o "$IMAGE_NAME-frmw.bmap" "$IMAGE_NAME-frmw.img"
868 870 bmaptool create -o "$IMAGE_NAME-root.bmap" "$IMAGE_NAME-root.img"
869 871
870 872 # Image was successfully created
871 873 echo "$IMAGE_NAME-frmw.img ($(expr \( "${TABLE_SECTORS}" + "${FRMW_SECTORS}" \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
872 874 echo "$IMAGE_NAME-root.img ($(expr \( "${TABLE_SECTORS}" + "${ROOT_SECTORS}" \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
873 875 else
874 876 # Create block map file for "bmaptool"
875 877 bmaptool create -o "$IMAGE_NAME.bmap" "$IMAGE_NAME.img"
876 878
877 879 # Image was successfully created
878 880 echo "$IMAGE_NAME.img ($(expr \( "${TABLE_SECTORS}" + "${FRMW_SECTORS}" + "${ROOT_SECTORS}" \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
879 881
880 882 # Create qemu qcow2 image
881 883 if [ "$ENABLE_QEMU" = true ] ; then
882 884 QEMU_IMAGE=${QEMU_IMAGE:=${BASEDIR}/qemu/${DATE}-${KERNEL_ARCH}-CURRENT-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}}
883 885 QEMU_SIZE=16G
884 886
885 887 qemu-img convert -f raw -O qcow2 "$IMAGE_NAME".img "$QEMU_IMAGE".qcow2
886 888 qemu-img resize "$QEMU_IMAGE".qcow2 $QEMU_SIZE
887 889
888 890 echo "$QEMU_IMAGE.qcow2 ($QEMU_SIZE)" ": successfully created"
889 891 fi
890 892 fi
General Comments 0
Vous devez vous connecter pour laisser un commentaire. Se connecter maintenant