##// END OF EJS Templates
Raspi2-3_GenImage
RSS

Cloner depuis https://github.com/drtyhlpr/rpi23-gen-image.git

Refactor: split bootstrap actions and allow custom
Filip Pytloun -
r56:ea1f8911cd69
parent child
Show More
Show file before | Show file after | Hide comments
@@ -0,0 +1,3
1 images
2 custom.d
3 *.swp
Show file before | Show file after | Hide comments
@@ -0,0 +1,27
1 #
2 # Debootstrap basic system
3 #
4
5 . ./functions.sh
6
7 # Base debootstrap (unpack only)
8 if [ "$ENABLE_MINBASE" = true ] ; then
9 http_proxy=${APT_PROXY} debootstrap --arch=armhf --variant=minbase --foreign --include=${APT_INCLUDES} $RELEASE $R http://${APT_SERVER}/debian
10 else
11 http_proxy=${APT_PROXY} debootstrap --arch=armhf --foreign --include=${APT_INCLUDES} $RELEASE $R http://${APT_SERVER}/debian
12 fi
13
14 # Copy qemu emulator binary to chroot
15 cp /usr/bin/qemu-arm-static $R/usr/bin
16
17 # Copy debian-archive-keyring.pgp
18 mkdir -p $R/usr/share/keyrings
19 cp /usr/share/keyrings/debian-archive-keyring.gpg $R/usr/share/keyrings/debian-archive-keyring.gpg
20
21 # Complete the bootstrapping process
22 chroot_exec /debootstrap/debootstrap --second-stage
23
24 # Mount required filesystems
25 mount -t proc none $R/proc
26 mount -t sysfs none $R/sys
27 mount --bind /dev/pts $R/dev/pts
Show file before | Show file after | Hide comments
@@ -0,0 +1,40
1 #
2 # Setup APT repositories
3 #
4
5 . ./functions.sh
6
7 # Use proxy inside chroot
8 if [ -z "$APT_PROXY" ] ; then
9 echo "Acquire::http::Proxy \"$APT_PROXY\";" >> $R/etc/apt/apt.conf.d/10proxy
10 fi
11
12 # Pin package flash-kernel to repositories.collabora.co.uk
13 cat <<EOM >$R/etc/apt/preferences.d/flash-kernel
14 Package: flash-kernel
15 Pin: origin repositories.collabora.co.uk
16 Pin-Priority: 1000
17 EOM
18
19 # Upgrade collabora package index and install collabora keyring
20 echo "deb https://repositories.collabora.co.uk/debian ${RELEASE} rpi2" >$R/etc/apt/sources.list
21 chroot_exec apt-get -qq -y update
22 chroot_exec apt-get -qq -y --force-yes install collabora-obs-archive-keyring
23
24 # Set up initial sources.list
25 cat <<EOM >$R/etc/apt/sources.list
26 deb http://${APT_SERVER}/debian ${RELEASE} main contrib
27 #deb-src http://${APT_SERVER}/debian ${RELEASE} main contrib
28
29 deb http://${APT_SERVER}/debian/ ${RELEASE}-updates main contrib
30 #deb-src http://${APT_SERVER}/debian/ ${RELEASE}-updates main contrib
31
32 deb http://security.debian.org/ ${RELEASE}/updates main contrib
33 #deb-src http://security.debian.org/ ${RELEASE}/updates main contrib
34
35 deb https://repositories.collabora.co.uk/debian ${RELEASE} rpi2
36 EOM
37
38 # Upgrade package index and update all installed packages and changed dependencies
39 chroot_exec apt-get -qq -y update
40 chroot_exec apt-get -qq -y -u dist-upgrade
Show file before | Show file after | Hide comments
@@ -0,0 +1,52
1 #
2 # Setup locales and keyboard settings
3 #
4
5 . ./functions.sh
6
7 # Set up timezone
8 echo ${TIMEZONE} >$R/etc/timezone
9 chroot_exec dpkg-reconfigure -f noninteractive tzdata
10
11 # Set up default locale and keyboard configuration
12 if [ "$ENABLE_MINBASE" = false ] ; then
13 # Set locale choice in debconf db, even though dpkg-reconfigure ignores and overwrites them due to some bug
14 # https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=684134 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=685957
15 # ... so we have to set locales manually
16 if [ "$DEFLOCAL" = "en_US.UTF-8" ] ; then
17 chroot_exec echo "locales locales/locales_to_be_generated multiselect ${DEFLOCAL} UTF-8" | debconf-set-selections
18 else
19 # en_US.UTF-8 should be available anyway : https://www.debian.org/doc/manuals/debian-reference/ch08.en.html#_the_reconfiguration_of_the_locale
20 chroot_exec echo "locales locales/locales_to_be_generated multiselect en_US.UTF-8 UTF-8, ${DEFLOCAL} UTF-8" | debconf-set-selections
21 chroot_exec sed -i "/en_US.UTF-8/s/^#//" /etc/locale.gen
22 fi
23 chroot_exec sed -i "/${DEFLOCAL}/s/^#//" /etc/locale.gen
24 chroot_exec echo "locales locales/default_environment_locale select ${DEFLOCAL}" | debconf-set-selections
25 chroot_exec locale-gen
26 chroot_exec update-locale LANG=${DEFLOCAL}
27
28 # Keyboard configuration, if requested
29 if [ "$XKBMODEL" != "" ] ; then
30 chroot_exec sed -i "s/^XKBMODEL.*/XKBMODEL=\"${XKBMODEL}\"/" /etc/default/keyboard
31 fi
32 if [ "$XKBLAYOUT" != "" ] ; then
33 chroot_exec sed -i "s/^XKBLAYOUT.*/XKBLAYOUT=\"${XKBLAYOUT}\"/" /etc/default/keyboard
34 fi
35 if [ "$XKBVARIANT" != "" ] ; then
36 chroot_exec sed -i "s/^XKBVARIANT.*/XKBVARIANT=\"${XKBVARIANT}\"/" /etc/default/keyboard
37 fi
38 if [ "$XKBOPTIONS" != "" ] ; then
39 chroot_exec sed -i "s/^XKBOPTIONS.*/XKBOPTIONS=\"${XKBOPTIONS}\"/" /etc/default/keyboard
40 fi
41 chroot_exec dpkg-reconfigure -f noninteractive keyboard-configuration
42 # Set up font console
43 case "${DEFLOCAL}" in
44 *UTF-8)
45 chroot_exec sed -i 's/^CHARMAP.*/CHARMAP="UTF-8"/' /etc/default/console-setup
46 ;;
47 *)
48 chroot_exec sed -i 's/^CHARMAP.*/CHARMAP="guess"/' /etc/default/console-setup
49 ;;
50 esac
51 chroot_exec dpkg-reconfigure -f noninteractive console-setup
52 fi
Show file before | Show file after | Hide comments
@@ -0,0 +1,97
1 #
2 # Kernel installation
3 #
4
5 . ./functions.sh
6
7 # Fetch and build latest raspberry kernel
8 if [ "$BUILD_KERNEL" = true ] ; then
9 # Fetch current raspberrypi kernel sources
10 git -C $R/tmp clone --depth=1 https://github.com/raspberrypi/linux
11
12 # Load default raspberry kernel configuration
13 make -C $R/tmp/linux ARCH=arm CROSS_COMPILE=arm-linux-gnueabihf- bcm2709_defconfig
14
15 # Cross compile kernel and modules
16 make -C $R/tmp/linux -j 8 ARCH=arm CROSS_COMPILE=arm-linux-gnueabihf- zImage modules dtbs
17
18 # Install kernel modules
19 make -C $R/tmp/linux ARCH=arm CROSS_COMPILE=arm-linux-gnueabihf- INSTALL_MOD_PATH=../.. modules_install
20
21 # Copy and rename compiled kernel to boot directory
22 mkdir $R/boot/firmware/
23 $R/tmp/linux/scripts/mkknlimg $R/tmp/linux/arch/arm/boot/zImage $R/boot/firmware/kernel7.img
24
25 # Copy dts and dtb device definitions
26 mkdir $R/boot/firmware/overlays/
27 cp $R/tmp/linux/arch/arm/boot/dts/*.dtb $R/boot/firmware/
28 cp $R/tmp/linux/arch/arm/boot/dts/overlays/*.dtb* $R/boot/firmware/overlays/
29 cp $R/tmp/linux/arch/arm/boot/dts/overlays/README $R/boot/firmware/overlays/
30
31 # Install raspberry bootloader and flash-kernel
32 chroot_exec apt-get -qq -y --no-install-recommends install raspberrypi-bootloader-nokernel
33 else
34 # Kernel installation
35 chroot_exec apt-get -qq -y --no-install-recommends install linux-image-${KERNEL} raspberrypi-bootloader-nokernel
36
37 # Install flash-kernel last so it doesn't try (and fail) to detect the platform in the chroot
38 chroot_exec apt-get -qq -y install flash-kernel
39
40 VMLINUZ="$(ls -1 $R/boot/vmlinuz-* | sort | tail -n 1)"
41 [ -z "$VMLINUZ" ] && exit 1
42 cp $VMLINUZ $R/boot/firmware/kernel7.img
43 fi
44
45 # Set up firmware boot cmdline
46 CMDLINE="dwc_otg.lpm_enable=0 root=/dev/mmcblk0p2 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline rootwait net.ifnames=1 console=tty1"
47
48 # Set up serial console support (if requested)
49 if [ "$ENABLE_CONSOLE" = true ] ; then
50 CMDLINE="${CMDLINE} console=ttyAMA0,115200 kgdboc=ttyAMA0,115200"
51 fi
52
53 # Set up IPv6 networking support
54 if [ "$ENABLE_IPV6" = false ] ; then
55 CMDLINE="${CMDLINE} ipv6.disable=1"
56 fi
57
58 echo "${CMDLINE}" >$R/boot/firmware/cmdline.txt
59
60 # Set up firmware config
61 install -o root -g root -m 644 files/config.txt $R/boot/firmware/config.txt
62
63 # Load snd_bcm2835 kernel module at boot time
64 if [ "$ENABLE_SOUND" = true ] ; then
65 echo "snd_bcm2835" >>$R/etc/modules
66 fi
67
68 # Set smallest possible GPU memory allocation size: 16MB (no X)
69 if [ "$ENABLE_MINGPU" = true ] ; then
70 echo "gpu_mem=16" >>$R/boot/firmware/config.txt
71 fi
72
73 # Create symlinks
74 ln -sf firmware/config.txt $R/boot/config.txt
75 ln -sf firmware/cmdline.txt $R/boot/cmdline.txt
76
77 # Prepare modules-load.d directory
78 mkdir -p $R/lib/modules-load.d/
79
80 # Load random module on boot
81 if [ "$ENABLE_HWRANDOM" = true ] ; then
82 cat <<EOM >$R/lib/modules-load.d/rpi2.conf
83 bcm2708_rng
84 EOM
85 fi
86
87 # Prepare modprobe.d directory
88 mkdir -p $R/etc/modprobe.d/
89
90 # Blacklist sound modules
91 install -o root -g root -m 644 files/modprobe.d/raspi-blacklist.conf $R/etc/modprobe.d/raspi-blacklist.conf
92
93 # Create default fstab
94 install -o root -g root -m 644 files/fstab $R/etc/fstab
95
96 # Avoid swapping and increase cache sizes
97 install -o root -g root -m 644 files/sysctl.d/81-rpi-vm.conf $R/etc/sysctl.d/81-rpi-vm.conf
Show file before | Show file after | Hide comments
@@ -0,0 +1,78
1 #
2 # Setup networking
3 #
4
5 . ./functions.sh
6
7 # Set up IPv4 hosts
8 echo ${HOSTNAME} >$R/etc/hostname
9 cat <<EOM >$R/etc/hosts
10 127.0.0.1 localhost
11 127.0.1.1 ${HOSTNAME}
12 EOM
13
14 if [ "$NET_ADDRESS" != "" ] ; then
15 NET_IP=$(echo ${NET_ADDRESS} | cut -f 1 -d'/')
16 sed -i "s/^127.0.1.1/${NET_IP}/" $R/etc/hosts
17 fi
18
19 # Set up IPv6 hosts
20 if [ "$ENABLE_IPV6" = true ] ; then
21 cat <<EOM >>$R/etc/hosts
22
23 ::1 localhost ip6-localhost ip6-loopback
24 ff02::1 ip6-allnodes
25 ff02::2 ip6-allrouters
26 EOM
27 fi
28
29 # Place hint about network configuration
30 cat <<EOM >$R/etc/network/interfaces
31 # Debian switched to systemd-networkd configuration files.
32 # please configure your networks in '/etc/systemd/network/'
33 source /etc/interfaces.d/*.conf
34 EOM
35
36 if [ "$ENABLE_DHCP" = true ] ; then
37 # Enable systemd-networkd DHCP configuration for interface eth0
38 cat <<EOM >$R/etc/systemd/network/eth.network
39 [Match]
40 Name=eth0
41
42 [Network]
43 DHCP=yes
44 EOM
45
46 # Set DHCP configuration to IPv4 only
47 if [ "$ENABLE_IPV6" = false ] ; then
48 sed -i "s/^DHCP=yes/DHCP=v4/" $R/etc/systemd/network/eth.network
49 fi
50 else # ENABLE_DHCP=false
51 cat <<EOM >$R/etc/systemd/network/eth.network
52 [Match]
53 Name=eth0
54
55 [Network]
56 DHCP=no
57 Address=${NET_ADDRESS}
58 Gateway=${NET_GATEWAY}
59 DNS=${NET_DNS_1}
60 DNS=${NET_DNS_2}
61 Domains=${NET_DNS_DOMAINS}
62 NTP=${NET_NTP_1}
63 NTP=${NET_NTP_2}
64 EOM
65 fi
66
67 # Enable systemd-networkd service
68 chroot_exec systemctl enable systemd-networkd
69
70 # Enable network stack hardening
71 if [ "$ENABLE_HARDNET" = true ] ; then
72 install -o root -g root -m 644 files/sysctl.d/81-rpi-net-hardening.conf $R/etc/sysctl.d/81-rpi-net-hardening.conf
73
74 # Enable resolver warnings about spoofed addresses
75 cat <<EOM >>$R/etc/host.conf
76 spoof warn
77 EOM
78 fi
Show file before | Show file after | Hide comments
@@ -0,0 +1,43
1 #
2 # Enable firewall based on iptables started by systemd service
3 #
4
5 . ./functions.sh
6
7 if [ "$ENABLE_IPTABLES" = true ] ; then
8 # Create iptables configuration directory
9 mkdir -p "$R/etc/iptables"
10
11 # Create iptables systemd service
12 install -o root -g root -m 644 files/iptables/iptables.service $R/etc/systemd/system/iptables.service
13
14 # Create flush-table script called by iptables service
15 install -o root -g root -m 755 files/iptables/flush-iptables.sh $R/etc/iptables/flush-iptables.sh
16
17 # Create iptables rule file
18 install -o root -g root -m 644 files/iptables/iptables.rules $R/etc/iptables/iptables.rules
19
20 # Reload systemd configuration and enable iptables service
21 chroot_exec systemctl daemon-reload
22 chroot_exec systemctl enable iptables.service
23
24 if [ "$ENABLE_IPV6" = true ] ; then
25 # Create ip6tables systemd service
26 install -o root -g root -m 644 files/iptables/ip6tables.service $R/etc/systemd/system/ip6tables.service
27
28 # Create ip6tables file
29 install -o root -g root -m 755 files/iptables/flush-ip6tables.sh $R/etc/iptables/flush-ip6tables.sh
30
31 install -o root -g root -m 644 files/iptables/ip6tables.rules $R/etc/iptables/ip6tables.rules
32
33 # Reload systemd configuration and enable iptables service
34 chroot_exec systemctl daemon-reload
35 chroot_exec systemctl enable ip6tables.service
36 fi
37 fi
38
39 # Remove SSHD related iptables rules
40 if [ "$ENABLE_SSHD" = false ] ; then
41 sed -e '/^#/! {/SSH/ s/^/# /}' -i $R/etc/iptables/iptables.rules 2> /dev/null
42 sed -e '/^#/! {/SSH/ s/^/# /}' -i $R/etc/iptables/ip6tables.rules 2> /dev/null
43 fi
Show file before | Show file after | Hide comments
@@ -0,0 +1,30
1 #
2 # Setup users and security settings
3 #
4
5 . ./functions.sh
6
7 # Generate crypt(3) password string
8 ENCRYPTED_PASSWORD=`mkpasswd -m sha-512 ${PASSWORD}`
9
10 # Set up default user
11 if [ "$ENABLE_USER" = true ] ; then
12 chroot_exec adduser --gecos pi --add_extra_groups --disabled-password pi
13 chroot_exec usermod -a -G sudo -p "${ENCRYPTED_PASSWORD}" pi
14 fi
15
16 # Set up root password or not
17 if [ "$ENABLE_ROOT" = true ]; then
18 chroot_exec usermod -p "${ENCRYPTED_PASSWORD}" root
19
20 if [ "$ENABLE_ROOT_SSH" = true ]; then
21 sed -i 's|[#]*PermitRootLogin.*|PermitRootLogin yes|g' $R/etc/ssh/sshd_config
22 fi
23 else
24 chroot_exec usermod -p \'!\' root
25 fi
26
27 # Enable serial console systemd style
28 if [ "$ENABLE_CONSOLE" = true ] ; then
29 chroot_exec systemctl enable serial-getty\@ttyAMA0.service
30 fi
Show file before | Show file after | Hide comments
@@ -0,0 +1,12
1 #
2 # Setup logging
3 #
4
5 . ./functions.sh
6
7 # Disable rsyslog
8 if [ "$ENABLE_RSYSLOG" = false ]; then
9 sed -i 's|[#]*ForwardToSyslog=yes|ForwardToSyslog=no|g' $R/etc/systemd/journald.conf
10 chroot_exec systemctl disable rsyslog
11 chroot_exec apt-get purge -q -y --force-yes rsyslog
12 fi
Show file before | Show file after | Hide comments
@@ -0,0 +1,44
1 #
2 # Setup Uboot
3 #
4
5 . ./functions.sh
6
7 # Install gcc/c++ build environment inside the chroot
8 if [ "$ENABLE_UBOOT" = true ] || [ "$ENABLE_FBTURBO" = true ]; then
9 chroot_exec apt-get install -q -y --force-yes --no-install-recommends linux-compiler-gcc-4.9-arm g++ make bc
10 fi
11
12 # Fetch and build U-Boot bootloader
13 if [ "$ENABLE_UBOOT" = true ] ; then
14 # Fetch U-Boot bootloader sources
15 git -C $R/tmp clone git://git.denx.de/u-boot.git
16
17 # Build and install U-Boot inside chroot
18 chroot_exec make -C /tmp/u-boot/ rpi_2_defconfig all
19
20 # Copy compiled bootloader binary and set config.txt to load it
21 cp $R/tmp/u-boot/u-boot.bin $R/boot/firmware/
22 printf "\n# boot u-boot kernel\nkernel=u-boot.bin\n" >> $R/boot/firmware/config.txt
23
24 # Set U-Boot command file
25 cat <<EOM >$R/boot/firmware/uboot.mkimage
26 # Tell Linux that it is booting on a Raspberry Pi2
27 setenv machid 0x00000c42
28
29 # Set the kernel boot command line
30 setenv bootargs "earlyprintk ${CMDLINE}"
31
32 # Save these changes to u-boot's environment
33 saveenv
34
35 # Load the existing Linux kernel into RAM
36 fatload mmc 0:1 \${kernel_addr_r} kernel7.img
37
38 # Boot the kernel we have just loaded
39 bootz \${kernel_addr_r}
40 EOM
41
42 # Generate U-Boot image from command file
43 chroot_exec mkimage -A arm -O linux -T script -C none -a 0x00000000 -e 0x00000000 -n "RPi2 Boot Script" -d /boot/firmware/uboot.mkimage /boot/firmware/boot.scr
44 fi
Show file before | Show file after | Hide comments
@@ -0,0 +1,34
1 #
2 # Fetch and build fbturbo Xorg driver
3 #
4
5 . ./functions.sh
6
7 if [ "$ENABLE_FBTURBO" = true ] ; then
8 # Fetch fbturbo driver sources
9 git -C $R/tmp clone https://github.com/ssvb/xf86-video-fbturbo.git
10
11 # Install Xorg build dependencies
12 chroot_exec apt-get install -q -y --no-install-recommends xorg-dev xutils-dev x11proto-dri2-dev libltdl-dev libtool automake libdrm-dev
13
14 # Build and install fbturbo driver inside chroot
15 chroot_exec /bin/bash -c "cd /tmp/xf86-video-fbturbo; autoreconf -vi; ./configure --prefix=/usr; make; make install"
16
17 # Add fbturbo driver to Xorg configuration
18 cat <<EOM >$R/usr/share/X11/xorg.conf.d/99-fbturbo.conf
19 Section "Device"
20 Identifier "Allwinner A10/A13 FBDEV"
21 Driver "fbturbo"
22 Option "fbdev" "/dev/fb0"
23 Option "SwapbuffersWait" "true"
24 EndSection
25 EOM
26
27 # Remove Xorg build dependencies
28 chroot_exec apt-get -q -y purge --auto-remove xorg-dev xutils-dev x11proto-dri2-dev libltdl-dev libtool automake libdrm-dev
29 fi
30
31 # Remove gcc/c++ build environment from the chroot
32 if [ "$ENABLE_UBOOT" = true ] || [ "$ENABLE_FBTURBO" = true ]; then
33 chroot_exec apt-get -y -q purge --auto-remove bc binutils cpp cpp-4.9 g++ g++-4.9 gcc gcc-4.9 libasan1 libatomic1 libc-dev-bin libc6-dev libcloog-isl4 libgcc-4.9-dev libgomp1 libisl10 libmpc3 libmpfr4 libstdc++-4.9-dev libubsan0 linux-compiler-gcc-4.9-arm linux-libc-dev make
34 fi
Show file before | Show file after | Hide comments
@@ -0,0 +1,24
1 #
2 # First boot actions
3 #
4
5 . ./functions.sh
6
7 cat files/firstboot/10-begin.sh > $R/etc/rc.firstboot
8
9 # Ensure openssh server host keys are regenerated on first boot
10 if [ "$ENABLE_SSHD" = true ] ; then
11 cat files/firstboot/21-generate-ssh-keys.sh >> $R/etc/rc.firstboot
12 rm -f $R/etc/ssh/ssh_host_*
13 fi
14
15 if [ "$EXPANDROOT" = true ] ; then
16 cat files/firstboot/22-expandroot.sh >> $R/etc/rc.firstboot
17 fi
18
19 cat files/firstboot/99-finish.sh >> $R/etc/rc.firstboot
20 chmod +x $R/etc/rc.firstboot
21
22 sed -i '/exit 0/d' $R/etc/rc.local
23 echo /etc/rc.firstboot >> $R/etc/rc.local
24 echo exit 0 >> $R/etc/rc.local
Show file before | Show file after | Hide comments
@@ -0,0 +1,19
1 cleanup (){
2 # Clean up all temporary mount points
3 set +x
4 set +e
5 echo "removing temporary mount points ..."
6 umount -l $R/proc 2> /dev/null
7 umount -l $R/sys 2> /dev/null
8 umount -l $R/dev/pts 2> /dev/null
9 umount "$BUILDDIR/mount/boot/firmware" 2> /dev/null
10 umount "$BUILDDIR/mount" 2> /dev/null
11 losetup -d "$EXT4_LOOP" 2> /dev/null
12 losetup -d "$VFAT_LOOP" 2> /dev/null
13 trap - 0 1 2 3 6
14 }
15
16 chroot_exec() {
17 # Exec command in chroot
18 LANG=C LC_ALL=C chroot $R $*
19 }
Show file before | Show file after | Hide comments
@@ -1,736 +1,300
1 1 #!/bin/sh
2 2
3 3 ########################################################################
4 4 # rpi2-gen-image.sh ver2a 12/2015
5 5 #
6 6 # Advanced debian "jessie" bootstrap script for RPi2
7 7 #
8 8 # This program is free software; you can redistribute it and/or
9 9 # modify it under the terms of the GNU General Public License
10 10 # as published by the Free Software Foundation; either version 2
11 11 # of the License, or (at your option) any later version.
12 12 #
13 13 # some parts based on rpi2-build-image:
14 14 # Copyright (C) 2015 Ryan Finnie <ryan@finnie.org>
15 15 # Copyright (C) 2015 Luca Falavigna <dktrkranz@debian.org>
16 16 ########################################################################
17 17
18 # Clean up all temporary mount points
19 cleanup (){
20 set +x
21 set +e
22 echo "removing temporary mount points ..."
23 umount -l $R/proc 2> /dev/null
24 umount -l $R/sys 2> /dev/null
25 umount -l $R/dev/pts 2> /dev/null
26 umount "$BUILDDIR/mount/boot/firmware" 2> /dev/null
27 umount "$BUILDDIR/mount" 2> /dev/null
28 losetup -d "$EXT4_LOOP" 2> /dev/null
29 losetup -d "$VFAT_LOOP" 2> /dev/null
30 trap - 0 1 2 3 6
31 }
32
33 # Exec command in chroot
34 chroot_exec() {
35 LANG=C LC_ALL=C chroot $R $*
36 }
18 source ./functions.sh
37 19
38 20 set -e
39 21 set -x
40 22
41 23 # Debian release
42 24 RELEASE=${RELEASE:=jessie}
43 25 KERNEL=${KERNEL:=3.18.0-trunk-rpi2}
44 26
45 27 # Build settings
46 BASEDIR=./images/${RELEASE}
28 BASEDIR=$(pwd)/images/${RELEASE}
47 29 BUILDDIR=${BASEDIR}/build
48 30
49 31 # General settings
50 32 HOSTNAME=${HOSTNAME:=rpi2-${RELEASE}}
51 33 PASSWORD=${PASSWORD:=raspberry}
52 34 DEFLOCAL=${DEFLOCAL:="en_US.UTF-8"}
53 35 TIMEZONE=${TIMEZONE:="Europe/Berlin"}
54 36 XKBMODEL=${XKBMODEL:=""}
55 37 XKBLAYOUT=${XKBLAYOUT:=""}
56 38 XKBVARIANT=${XKBVARIANT:=""}
57 39 XKBOPTIONS=${XKBOPTIONS:=""}
58 40 EXPANDROOT=${EXPANDROOT:=true}
59 41
60 42 # Network settings
61 43 ENABLE_DHCP=${ENABLE_DHCP:=true}
62 44 # NET_* settings are ignored when ENABLE_DHCP=true
63 45 # NET_ADDRESS is an IPv4 or IPv6 address and its prefix, separated by "/"
64 46 NET_ADDRESS=${NET_ADDRESS:=""}
65 47 NET_GATEWAY=${NET_GATEWAY:=""}
66 48 NET_DNS_1=${NET_DNS_1:=""}
67 49 NET_DNS_2=${NET_DNS_2:=""}
68 50 NET_DNS_DOMAINS=${NET_DNS_DOMAINS:=""}
69 51 NET_NTP_1=${NET_NTP_1:=""}
70 52 NET_NTP_2=${NET_NTP_2:=""}
71 53
72 54 # APT settings
73 55 APT_PROXY=${APT_PROXY:=""}
74 56 APT_SERVER=${APT_SERVER:="ftp.debian.org"}
75 57
76 58 # Feature settings
77 59 ENABLE_CONSOLE=${ENABLE_CONSOLE:=true}
78 60 ENABLE_IPV6=${ENABLE_IPV6:=true}
79 61 ENABLE_SSHD=${ENABLE_SSHD:=true}
80 62 ENABLE_SOUND=${ENABLE_SOUND:=true}
81 63 ENABLE_DBUS=${ENABLE_DBUS:=true}
82 64 ENABLE_HWRANDOM=${ENABLE_HWRANDOM:=true}
83 65 ENABLE_MINGPU=${ENABLE_MINGPU:=false}
84 66 ENABLE_XORG=${ENABLE_XORG:=false}
85 67 ENABLE_WM=${ENABLE_WM:=""}
86 68 ENABLE_RSYSLOG=${ENABLE_RSYSLOG:=true}
87 69 ENABLE_USER=${ENABLE_USER:=true}
88 70 ENABLE_ROOT=${ENABLE_ROOT:=false}
89 71 ENABLE_ROOT_SSH=${ENABLE_ROOT_SSH:=false}
90 72
91 73 # Advanced settings
92 74 ENABLE_MINBASE=${ENABLE_MINBASE:=false}
93 75 ENABLE_UBOOT=${ENABLE_UBOOT:=false}
94 76 ENABLE_FBTURBO=${ENABLE_FBTURBO:=false}
95 77 ENABLE_HARDNET=${ENABLE_HARDNET:=false}
96 78 ENABLE_IPTABLES=${ENABLE_IPTABLES:=false}
97 79
98 80 # Kernel compilation settings
99 81 BUILD_KERNEL=${BUILD_KERNEL:=false}
100 82
101 83 # Image chroot path
102 84 R=${BUILDDIR}/chroot
103 85 CHROOT_SCRIPTS=${CHROOT_SCRIPTS:=""}
104 86
105 87 # Packages required for bootstrapping
106 88 REQUIRED_PACKAGES="debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git-core"
107 89
108 90 # Missing packages that need to be installed
109 91 MISSING_PACKAGES=""
110 92
111 93 # Packages required in the chroot build environment
112 94 APT_INCLUDES=${APT_INCLUDES:=""}
113 95 APT_INCLUDES="${APT_INCLUDES},apt-transport-https,ca-certificates,debian-archive-keyring,dialog,sudo"
114 96
115 97 set +x
116 98
117 99 # Are we running as root?
118 100 if [ "$(id -u)" -ne "0" ] ; then
119 101 echo "this script must be executed with root privileges"
120 102 exit 1
121 103 fi
122 104
123 105 # Add packages required for kernel cross compilation
124 106 if [ "$BUILD_KERNEL" = true ] ; then
125 107 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-armhf"
126 108 fi
127 109
128 110 # Check if all required packages are installed
129 111 for package in $REQUIRED_PACKAGES ; do
130 112 if [ "`dpkg-query -W -f='${Status}' $package`" != "install ok installed" ] ; then
131 113 MISSING_PACKAGES="$MISSING_PACKAGES $package"
132 114 fi
133 115 done
134 116
135 117 # Ask if missing packages should get installed right now
136 118 if [ -n "$MISSING_PACKAGES" ] ; then
137 119 echo "the following packages needed by this script are not installed:"
138 120 echo "$MISSING_PACKAGES"
139 121
140 122 echo -n "\ndo you want to install the missing packages right now? [y/n] "
141 123 read confirm
142 124 if [ "$confirm" != "y" ] ; then
143 125 exit 1
144 126 fi
145 127 fi
146 128
147 129 # Make sure all required packages are installed
148 130 apt-get -qq -y install ${REQUIRED_PACKAGES}
149 131
150 132 # Don't clobber an old build
151 133 if [ -e "$BUILDDIR" ]; then
152 134 echo "directory $BUILDDIR already exists, not proceeding"
153 135 exit 1
154 136 fi
155 137
156 138 set -x
157 139
158 140 # Call "cleanup" function on various signals and errors
159 141 trap cleanup 0 1 2 3 6
160 142
161 143 # Set up chroot directory
162 144 mkdir -p $R
163 145
164 146 # Add required packages for the minbase installation
165 147 if [ "$ENABLE_MINBASE" = true ] ; then
166 148 APT_INCLUDES="${APT_INCLUDES},vim-tiny,netbase,net-tools"
167 149 else
168 150 APT_INCLUDES="${APT_INCLUDES},locales,keyboard-configuration,console-setup"
169 151 fi
170 152
171 153 # Add parted package, required to get partprobe utility
172 154 if [ "$EXPANDROOT" = true ] ; then
173 155 APT_INCLUDES="${APT_INCLUDES},parted"
174 156 fi
175 157
176 158 # Add dbus package, recommended if using systemd
177 159 if [ "$ENABLE_DBUS" = true ] ; then
178 160 APT_INCLUDES="${APT_INCLUDES},dbus"
179 161 fi
180 162
181 163 # Add iptables IPv4/IPv6 package
182 164 if [ "$ENABLE_IPTABLES" = true ] ; then
183 165 APT_INCLUDES="${APT_INCLUDES},iptables"
184 166 fi
185 167
186 168 # Add openssh server package
187 169 if [ "$ENABLE_SSHD" = true ] ; then
188 170 APT_INCLUDES="${APT_INCLUDES},openssh-server"
189 171 fi
190 172
191 173 # Add alsa-utils package
192 174 if [ "$ENABLE_SOUND" = true ] ; then
193 175 APT_INCLUDES="${APT_INCLUDES},alsa-utils"
194 176 fi
195 177
196 178 # Add rng-tools package
197 179 if [ "$ENABLE_HWRANDOM" = true ] ; then
198 180 APT_INCLUDES="${APT_INCLUDES},rng-tools"
199 181 fi
200 182
201 183 if [ "$ENABLE_USER" = true ]; then
202 184 APT_INCLUDES="${APT_INCLUDES},sudo"
203 185 fi
204 186
205 187 # Add fbturbo video driver
206 188 if [ "$ENABLE_FBTURBO" = true ] ; then
207 189 # Enable xorg package dependencies
208 190 ENABLE_XORG=true
209 191 fi
210 192
211 193 # Add user defined window manager package
212 194 if [ -n "$ENABLE_WM" ] ; then
213 195 APT_INCLUDES="${APT_INCLUDES},${ENABLE_WM}"
214 196
215 197 # Enable xorg package dependencies
216 198 ENABLE_XORG=true
217 199 fi
218 200
219 201 # Add xorg package
220 202 if [ "$ENABLE_XORG" = true ] ; then
221 203 APT_INCLUDES="${APT_INCLUDES},xorg"
222 204 fi
223 205
224 # Base debootstrap (unpack only)
225 if [ "$ENABLE_MINBASE" = true ] ; then
226 http_proxy=${APT_PROXY} debootstrap --arch=armhf --variant=minbase --foreign --include=${APT_INCLUDES} $RELEASE $R http://${APT_SERVER}/debian
227 else
228 http_proxy=${APT_PROXY} debootstrap --arch=armhf --foreign --include=${APT_INCLUDES} $RELEASE $R http://${APT_SERVER}/debian
229 fi
230
231 # Copy qemu emulator binary to chroot
232 cp /usr/bin/qemu-arm-static $R/usr/bin
233
234 # Copy debian-archive-keyring.pgp
235 chroot $R mkdir -p /usr/share/keyrings
236 cp /usr/share/keyrings/debian-archive-keyring.gpg $R/usr/share/keyrings/debian-archive-keyring.gpg
237
238 # Complete the bootstrapping process
239 chroot $R /debootstrap/debootstrap --second-stage
240
241 # Mount required filesystems
242 mount -t proc none $R/proc
243 mount -t sysfs none $R/sys
244 mount --bind /dev/pts $R/dev/pts
245
246 # Use proxy inside chroot
247 if [ -z "$APT_PROXY" ] ; then
248 echo "Acquire::http::Proxy \"$APT_PROXY\";" >> $R/etc/apt/apt.conf.d/10proxy
249 fi
250
251 # Pin package flash-kernel to repositories.collabora.co.uk
252 cat <<EOM >$R/etc/apt/preferences.d/flash-kernel
253 Package: flash-kernel
254 Pin: origin repositories.collabora.co.uk
255 Pin-Priority: 1000
256 EOM
257
258 # Set up timezone
259 echo ${TIMEZONE} >$R/etc/timezone
260 chroot_exec dpkg-reconfigure -f noninteractive tzdata
261
262 # Upgrade collabora package index and install collabora keyring
263 echo "deb https://repositories.collabora.co.uk/debian ${RELEASE} rpi2" >$R/etc/apt/sources.list
264 chroot_exec apt-get -qq -y update
265 chroot_exec apt-get -qq -y --force-yes install collabora-obs-archive-keyring
266
267 # Set up initial sources.list
268 cat <<EOM >$R/etc/apt/sources.list
269 deb http://${APT_SERVER}/debian ${RELEASE} main contrib
270 #deb-src http://${APT_SERVER}/debian ${RELEASE} main contrib
271
272 deb http://${APT_SERVER}/debian/ ${RELEASE}-updates main contrib
273 #deb-src http://${APT_SERVER}/debian/ ${RELEASE}-updates main contrib
274
275 deb http://security.debian.org/ ${RELEASE}/updates main contrib
276 #deb-src http://security.debian.org/ ${RELEASE}/updates main contrib
277
278 deb https://repositories.collabora.co.uk/debian ${RELEASE} rpi2
279 EOM
280
281 # Upgrade package index and update all installed packages and changed dependencies
282 chroot_exec apt-get -qq -y update
283 chroot_exec apt-get -qq -y -u dist-upgrade
284
285 # Set up default locale and keyboard configuration
286 if [ "$ENABLE_MINBASE" = false ] ; then
287 # Set locale choice in debconf db, even though dpkg-reconfigure ignores and overwrites them due to some bug
288 # https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=684134 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=685957
289 # ... so we have to set locales manually
290 if [ "$DEFLOCAL" = "en_US.UTF-8" ] ; then
291 chroot_exec echo "locales locales/locales_to_be_generated multiselect ${DEFLOCAL} UTF-8" | debconf-set-selections
292 else
293 # en_US.UTF-8 should be available anyway : https://www.debian.org/doc/manuals/debian-reference/ch08.en.html#_the_reconfiguration_of_the_locale
294 chroot_exec echo "locales locales/locales_to_be_generated multiselect en_US.UTF-8 UTF-8, ${DEFLOCAL} UTF-8" | debconf-set-selections
295 chroot_exec sed -i "/en_US.UTF-8/s/^#//" /etc/locale.gen
296 fi
297 chroot_exec sed -i "/${DEFLOCAL}/s/^#//" /etc/locale.gen
298 chroot_exec echo "locales locales/default_environment_locale select ${DEFLOCAL}" | debconf-set-selections
299 chroot_exec locale-gen
300 chroot_exec update-locale LANG=${DEFLOCAL}
301
302 # Keyboard configuration, if requested
303 if [ "$XKBMODEL" != "" ] ; then
304 chroot_exec sed -i "s/^XKBMODEL.*/XKBMODEL=\"${XKBMODEL}\"/" /etc/default/keyboard
305 fi
306 if [ "$XKBLAYOUT" != "" ] ; then
307 chroot_exec sed -i "s/^XKBLAYOUT.*/XKBLAYOUT=\"${XKBLAYOUT}\"/" /etc/default/keyboard
308 fi
309 if [ "$XKBVARIANT" != "" ] ; then
310 chroot_exec sed -i "s/^XKBVARIANT.*/XKBVARIANT=\"${XKBVARIANT}\"/" /etc/default/keyboard
311 fi
312 if [ "$XKBOPTIONS" != "" ] ; then
313 chroot_exec sed -i "s/^XKBOPTIONS.*/XKBOPTIONS=\"${XKBOPTIONS}\"/" /etc/default/keyboard
314 fi
315 chroot_exec dpkg-reconfigure -f noninteractive keyboard-configuration
316 # Set up font console
317 case "${DEFLOCAL}" in
318 *UTF-8)
319 chroot_exec sed -i 's/^CHARMAP.*/CHARMAP="UTF-8"/' /etc/default/console-setup
320 ;;
321 *)
322 chroot_exec sed -i 's/^CHARMAP.*/CHARMAP="guess"/' /etc/default/console-setup
323 ;;
324 esac
325 chroot_exec dpkg-reconfigure -f noninteractive console-setup
326 fi
327
328 # Fetch and build latest raspberry kernel
329 if [ "$BUILD_KERNEL" = true ] ; then
330 # Fetch current raspberrypi kernel sources
331 git -C $R/tmp clone --depth=1 https://github.com/raspberrypi/linux
332
333 # Load default raspberry kernel configuration
334 make -C $R/tmp/linux ARCH=arm CROSS_COMPILE=arm-linux-gnueabihf- bcm2709_defconfig
335
336 # Cross compile kernel and modules
337 make -C $R/tmp/linux -j 8 ARCH=arm CROSS_COMPILE=arm-linux-gnueabihf- zImage modules dtbs
338
339 # Install kernel modules
340 make -C $R/tmp/linux ARCH=arm CROSS_COMPILE=arm-linux-gnueabihf- INSTALL_MOD_PATH=../.. modules_install
341
342 # Copy and rename compiled kernel to boot directory
343 mkdir $R/boot/firmware/
344 $R/tmp/linux/scripts/mkknlimg $R/tmp/linux/arch/arm/boot/zImage $R/boot/firmware/kernel7.img
345
346 # Copy dts and dtb device definitions
347 mkdir $R/boot/firmware/overlays/
348 cp $R/tmp/linux/arch/arm/boot/dts/*.dtb $R/boot/firmware/
349 cp $R/tmp/linux/arch/arm/boot/dts/overlays/*.dtb* $R/boot/firmware/overlays/
350 cp $R/tmp/linux/arch/arm/boot/dts/overlays/README $R/boot/firmware/overlays/
351
352 # Install raspberry bootloader and flash-kernel
353 chroot_exec apt-get -qq -y --no-install-recommends install raspberrypi-bootloader-nokernel
354 else
355 # Kernel installation
356 chroot_exec apt-get -qq -y --no-install-recommends install linux-image-${KERNEL} raspberrypi-bootloader-nokernel
357
358 # Install flash-kernel last so it doesn't try (and fail) to detect the platform in the chroot
359 chroot_exec apt-get -qq -y install flash-kernel
360
361 VMLINUZ="$(ls -1 $R/boot/vmlinuz-* | sort | tail -n 1)"
362 [ -z "$VMLINUZ" ] && exit 1
363 cp $VMLINUZ $R/boot/firmware/kernel7.img
364 fi
365
366 # Set up IPv4 hosts
367 echo ${HOSTNAME} >$R/etc/hostname
368 cat <<EOM >$R/etc/hosts
369 127.0.0.1 localhost
370 127.0.1.1 ${HOSTNAME}
371 EOM
372 if [ "$NET_ADDRESS" != "" ] ; then
373 NET_IP=$(echo ${NET_ADDRESS} | cut -f 1 -d'/')
374 sed -i "s/^127.0.1.1/${NET_IP}/" $R/etc/hosts
375 fi
376
377 # Set up IPv6 hosts
378 if [ "$ENABLE_IPV6" = true ] ; then
379 cat <<EOM >>$R/etc/hosts
380
381 ::1 localhost ip6-localhost ip6-loopback
382 ff02::1 ip6-allnodes
383 ff02::2 ip6-allrouters
384 EOM
385 fi
386
387 # Place hint about network configuration
388 cat <<EOM >$R/etc/network/interfaces
389 # Debian switched to systemd-networkd configuration files.
390 # please configure your networks in '/etc/systemd/network/'
391 EOM
392
393 if [ "$ENABLE_DHCP" = true ] ; then
394 # Enable systemd-networkd DHCP configuration for interface eth0
395 cat <<EOM >$R/etc/systemd/network/eth.network
396 [Match]
397 Name=eth0
398
399 [Network]
400 DHCP=yes
401 EOM
402
403 # Set DHCP configuration to IPv4 only
404 if [ "$ENABLE_IPV6" = false ] ; then
405 sed -i "s/^DHCP=yes/DHCP=v4/" $R/etc/systemd/network/eth.network
406 fi
407 else # ENABLE_DHCP=false
408 cat <<EOM >$R/etc/systemd/network/eth.network
409 [Match]
410 Name=eth0
411
412 [Network]
413 DHCP=no
414 Address=${NET_ADDRESS}
415 Gateway=${NET_GATEWAY}
416 DNS=${NET_DNS_1}
417 DNS=${NET_DNS_2}
418 Domains=${NET_DNS_DOMAINS}
419 NTP=${NET_NTP_1}
420 NTP=${NET_NTP_2}
421 EOM
422 fi
423
424 # Enable systemd-networkd service
425 chroot_exec systemctl enable systemd-networkd
426
427 # Generate crypt(3) password string
428 ENCRYPTED_PASSWORD=`mkpasswd -m sha-512 ${PASSWORD}`
429
430 # Set up default user
431 if [ "$ENABLE_USER" = true ] ; then
432 chroot_exec adduser --gecos pi --add_extra_groups --disabled-password pi
433 chroot_exec usermod -a -G sudo -p "${ENCRYPTED_PASSWORD}" pi
434 fi
435
436 # Set up root password or not
437 if [ "$ENABLE_ROOT" = true ]; then
438 chroot_exec usermod -p "${ENCRYPTED_PASSWORD}" root
439
440 if [ "$ENABLE_ROOT_SSH" = true ]; then
441 sed -i 's|[#]*PermitRootLogin.*|PermitRootLogin yes|g' $R/etc/ssh/sshd_config
442 fi
443 else
444 chroot_exec usermod -p \'!\' root
445 fi
446
447 # Set up firmware boot cmdline
448 CMDLINE="dwc_otg.lpm_enable=0 root=/dev/mmcblk0p2 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline rootwait net.ifnames=1 console=tty1"
449
450 # Set up serial console support (if requested)
451 if [ "$ENABLE_CONSOLE" = true ] ; then
452 CMDLINE="${CMDLINE} console=ttyAMA0,115200 kgdboc=ttyAMA0,115200"
453 fi
454
455 # Set up IPv6 networking support
456 if [ "$ENABLE_IPV6" = false ] ; then
457 CMDLINE="${CMDLINE} ipv6.disable=1"
458 fi
459
460 echo "${CMDLINE}" >$R/boot/firmware/cmdline.txt
461
462 # Set up firmware config
463 install -o root -g root -m 644 files/config.txt $R/boot/firmware/config.txt
464
465 # Load snd_bcm2835 kernel module at boot time
466 if [ "$ENABLE_SOUND" = true ] ; then
467 echo "snd_bcm2835" >>$R/etc/modules
468 fi
469
470 # Set smallest possible GPU memory allocation size: 16MB (no X)
471 if [ "$ENABLE_MINGPU" = true ] ; then
472 echo "gpu_mem=16" >>$R/boot/firmware/config.txt
473 fi
474
475 # Create symlinks
476 ln -sf firmware/config.txt $R/boot/config.txt
477 ln -sf firmware/cmdline.txt $R/boot/cmdline.txt
478
479 # Prepare modules-load.d directory
480 mkdir -p $R/lib/modules-load.d/
481
482 # Load random module on boot
483 if [ "$ENABLE_HWRANDOM" = true ] ; then
484 cat <<EOM >$R/lib/modules-load.d/rpi2.conf
485 bcm2708_rng
486 EOM
487 fi
488
489 # Prepare modprobe.d directory
490 mkdir -p $R/etc/modprobe.d/
491
492 # Blacklist sound modules
493 install -o root -g root -m 644 files/modprobe.d/raspi-blacklist.conf $R/etc/modprobe.d/raspi-blacklist.conf
494
495 # Create default fstab
496 install -o root -g root -m 644 files/fstab $R/etc/fstab
497
498 # Avoid swapping and increase cache sizes
499 install -o root -g root -m 644 files/sysctl.d/81-rpi-vm.conf $R/etc/sysctl.d/81-rpi-vm.conf
500
501 # Enable network stack hardening
502 if [ "$ENABLE_HARDNET" = true ] ; then
503 install -o root -g root -m 644 files/sysctl.d/81-rpi-net-hardening.conf $R/etc/sysctl.d/81-rpi-net-hardening.conf
504
505 # Enable resolver warnings about spoofed addresses
506 cat <<EOM >>$R/etc/host.conf
507 spoof warn
508 EOM
509 fi
510
511 # First boot actions
512 cat files/firstboot/10-begin.sh > $R/etc/rc.firstboot
513
514 # Ensure openssh server host keys are regenerated on first boot
515 if [ "$ENABLE_SSHD" = true ] ; then
516 cat files/firstboot/21-generate-ssh-keys.sh >> $R/etc/rc.firstboot
517 rm -f $R/etc/ssh/ssh_host_*
518 fi
519
520 if [ "$EXPANDROOT" = true ] ; then
521 cat files/firstboot/22-expandroot.sh >> $R/etc/rc.firstboot
522 fi
523
524 cat files/firstboot/99-finish.sh >> $R/etc/rc.firstboot
525 chmod +x $R/etc/rc.firstboot
526
527 sed -i '/exit 0/d' $R/etc/rc.local
528 echo /etc/rc.firstboot >> $R/etc/rc.local
529 echo exit 0 >> $R/etc/rc.local
530
531 # Disable rsyslog
532 if [ "$ENABLE_RSYSLOG" = false ]; then
533 sed -i 's|[#]*ForwardToSyslog=yes|ForwardToSyslog=no|g' $R/etc/systemd/journald.conf
534 chroot_exec systemctl disable rsyslog
535 chroot_exec apt-get purge -q -y --force-yes rsyslog
536 fi
537
538 # Enable serial console systemd style
539 if [ "$ENABLE_CONSOLE" = true ] ; then
540 chroot_exec systemctl enable serial-getty\@ttyAMA0.service
541 fi
542
543 # Enable firewall based on iptables started by systemd service
544 if [ "$ENABLE_IPTABLES" = true ] ; then
545 # Create iptables configuration directory
546 mkdir -p "$R/etc/iptables"
547
548 # Create iptables systemd service
549 install -o root -g root -m 644 files/iptables/iptables.service $R/etc/systemd/system/iptables.service
550
551 # Create flush-table script called by iptables service
552 install -o root -g root -m 755 files/iptables/flush-iptables.sh $R/etc/iptables/flush-iptables.sh
553
554 # Create iptables rule file
555 install -o root -g root -m 644 files/iptables/iptables.rules $R/etc/iptables/iptables.rules
556
557 # Reload systemd configuration and enable iptables service
558 chroot_exec systemctl daemon-reload
559 chroot_exec systemctl enable iptables.service
560
561 if [ "$ENABLE_IPV6" = true ] ; then
562 # Create ip6tables systemd service
563 install -o root -g root -m 644 files/iptables/ip6tables.service $R/etc/systemd/system/ip6tables.service
564
565 # Create ip6tables file
566 install -o root -g root -m 755 files/iptables/flush-ip6tables.sh $R/etc/iptables/flush-ip6tables.sh
567
568 install -o root -g root -m 644 files/iptables/ip6tables.rules $R/etc/iptables/ip6tables.rules
569
570 # Reload systemd configuration and enable iptables service
571 chroot_exec systemctl daemon-reload
572 chroot_exec systemctl enable ip6tables.service
573 fi
574 fi
575
576 # Remove SSHD related iptables rules
577 if [ "$ENABLE_SSHD" = false ] ; then
578 sed -e '/^#/! {/SSH/ s/^/# /}' -i $R/etc/iptables/iptables.rules 2> /dev/null
579 sed -e '/^#/! {/SSH/ s/^/# /}' -i $R/etc/iptables/ip6tables.rules 2> /dev/null
580 fi
581
582 # Install gcc/c++ build environment inside the chroot
583 if [ "$ENABLE_UBOOT" = true ] || [ "$ENABLE_FBTURBO" = true ]; then
584 chroot_exec apt-get install -q -y --force-yes --no-install-recommends linux-compiler-gcc-4.9-arm g++ make bc
585 fi
586
587 # Fetch and build U-Boot bootloader
588 if [ "$ENABLE_UBOOT" = true ] ; then
589 # Fetch U-Boot bootloader sources
590 git -C $R/tmp clone git://git.denx.de/u-boot.git
591
592 # Build and install U-Boot inside chroot
593 chroot_exec make -C /tmp/u-boot/ rpi_2_defconfig all
594
595 # Copy compiled bootloader binary and set config.txt to load it
596 cp $R/tmp/u-boot/u-boot.bin $R/boot/firmware/
597 printf "\n# boot u-boot kernel\nkernel=u-boot.bin\n" >> $R/boot/firmware/config.txt
598
599 # Set U-Boot command file
600 cat <<EOM >$R/boot/firmware/uboot.mkimage
601 # Tell Linux that it is booting on a Raspberry Pi2
602 setenv machid 0x00000c42
603
604 # Set the kernel boot command line
605 setenv bootargs "earlyprintk ${CMDLINE}"
606
607 # Save these changes to u-boot's environment
608 saveenv
609
610 # Load the existing Linux kernel into RAM
611 fatload mmc 0:1 \${kernel_addr_r} kernel7.img
612
613 # Boot the kernel we have just loaded
614 bootz \${kernel_addr_r}
615 EOM
616
617 # Generate U-Boot image from command file
618 chroot_exec mkimage -A arm -O linux -T script -C none -a 0x00000000 -e 0x00000000 -n "RPi2 Boot Script" -d /boot/firmware/uboot.mkimage /boot/firmware/boot.scr
619 fi
620
621 # Fetch and build fbturbo Xorg driver
622 if [ "$ENABLE_FBTURBO" = true ] ; then
623 # Fetch fbturbo driver sources
624 git -C $R/tmp clone https://github.com/ssvb/xf86-video-fbturbo.git
625
626 # Install Xorg build dependencies
627 chroot_exec apt-get install -q -y --no-install-recommends xorg-dev xutils-dev x11proto-dri2-dev libltdl-dev libtool automake libdrm-dev
628
629 # Build and install fbturbo driver inside chroot
630 chroot_exec /bin/bash -c "cd /tmp/xf86-video-fbturbo; autoreconf -vi; ./configure --prefix=/usr; make; make install"
631
632 # Add fbturbo driver to Xorg configuration
633 cat <<EOM >$R/usr/share/X11/xorg.conf.d/99-fbturbo.conf
634 Section "Device"
635 Identifier "Allwinner A10/A13 FBDEV"
636 Driver "fbturbo"
637 Option "fbdev" "/dev/fb0"
638 Option "SwapbuffersWait" "true"
639 EndSection
640 EOM
641
642 # Remove Xorg build dependencies
643 chroot_exec apt-get -q -y purge --auto-remove xorg-dev xutils-dev x11proto-dri2-dev libltdl-dev libtool automake libdrm-dev
644 fi
645
646 # Remove gcc/c++ build environment from the chroot
647 if [ "$ENABLE_UBOOT" = true ] || [ "$ENABLE_FBTURBO" = true ]; then
648 chroot_exec apt-get -y -q purge --auto-remove bc binutils cpp cpp-4.9 g++ g++-4.9 gcc gcc-4.9 libasan1 libatomic1 libc-dev-bin libc6-dev libcloog-isl4 libgcc-4.9-dev libgomp1 libisl10 libmpc3 libmpfr4 libstdc++-4.9-dev libubsan0 linux-compiler-gcc-4.9-arm linux-libc-dev make
649 fi
206 ## Main bootstrap
207 for i in bootstrap.d/*.sh; do
208 . $i
209 done
650 210
651 # Clean cached downloads
652 chroot_exec apt-get -y clean
653 chroot_exec apt-get -y autoclean
654 chroot_exec apt-get -y autoremove
211 for i in custom.d/*.sh; do
212 . $i
213 done
655 214
656 215 # Invoke custom scripts
657 216 if [ -n "${CHROOT_SCRIPTS}" ]; then
658 217 cp -r "${CHROOT_SCRIPTS}" "${R}/chroot_scripts"
659 218 LANG=C chroot $R bash -c 'for SCRIPT in /chroot_scripts/*; do if [ -f $SCRIPT -a -x $SCRIPT ]; then $SCRIPT; fi done;'
660 219 rm -rf "${R}/chroot_scripts"
661 220 fi
662 221
222 ## Cleanup
223 chroot_exec apt-get -y clean
224 chroot_exec apt-get -y autoclean
225 chroot_exec apt-get -y autoremove
226
663 227 # Unmount mounted filesystems
664 228 umount -l $R/proc
665 229 umount -l $R/sys
666 230
667 231 # Clean up files
668 232 rm -f $R/etc/apt/sources.list.save
669 233 rm -f $R/etc/resolvconf/resolv.conf.d/original
670 234 rm -rf $R/run
671 235 mkdir -p $R/run
672 236 rm -f $R/etc/*-
673 237 rm -f $R/root/.bash_history
674 238 rm -rf $R/tmp/*
675 239 rm -f $R/var/lib/urandom/random-seed
676 240 [ -L $R/var/lib/dbus/machine-id ] || rm -f $R/var/lib/dbus/machine-id
677 241 rm -f $R/etc/machine-id
678 242 rm -fr $R/etc/apt/apt.conf.d/10proxy
679 243
680 244 # Calculate size of the chroot directory in KB
681 245 CHROOT_SIZE=$(expr `du -s $R | awk '{ print $1 }'`)
682 246
683 247 # Calculate the amount of needed 512 Byte sectors
684 248 TABLE_SECTORS=$(expr 1 \* 1024 \* 1024 \/ 512)
685 249 BOOT_SECTORS=$(expr 64 \* 1024 \* 1024 \/ 512)
686 250 ROOT_OFFSET=$(expr ${TABLE_SECTORS} + ${BOOT_SECTORS})
687 251
688 252 # The root partition is EXT4
689 253 # This means more space than the actual used space of the chroot is used.
690 254 # As overhead for journaling and reserved blocks 20% are added.
691 255 ROOT_SECTORS=$(expr $(expr ${CHROOT_SIZE} + ${CHROOT_SIZE} \/ 100 \* 20) \* 1024 \/ 512)
692 256
693 257 # Calculate required image size in 512 Byte sectors
694 258 IMAGE_SECTORS=$(expr ${TABLE_SECTORS} + ${BOOT_SECTORS} + ${ROOT_SECTORS})
695 259
696 260 # Prepare date string for image file name
697 261 DATE="$(date +%Y-%m-%d)"
698 262
699 263 # Prepare image file
700 264 dd if=/dev/zero of="$BASEDIR/${DATE}-debian-${RELEASE}.img" bs=512 count=${TABLE_SECTORS}
701 265 dd if=/dev/zero of="$BASEDIR/${DATE}-debian-${RELEASE}.img" bs=512 count=0 seek=${IMAGE_SECTORS}
702 266
703 267 # Write partition table
704 268 sfdisk -q -f "$BASEDIR/${DATE}-debian-${RELEASE}.img" <<EOM
705 269 unit: sectors
706 270
707 271 1 : start= ${TABLE_SECTORS}, size= ${BOOT_SECTORS}, Id= c, bootable
708 272 2 : start= ${ROOT_OFFSET}, size= ${ROOT_SECTORS}, Id=83
709 273 3 : start= 0, size= 0, Id= 0
710 274 4 : start= 0, size= 0, Id= 0
711 275 EOM
712 276
713 277 # Set up temporary loop devices and build filesystems
714 278 VFAT_LOOP="$(losetup -o 1M --sizelimit 64M -f --show $BASEDIR/${DATE}-debian-${RELEASE}.img)"
715 279 EXT4_LOOP="$(losetup -o 65M -f --show $BASEDIR/${DATE}-debian-${RELEASE}.img)"
716 280 mkfs.vfat "$VFAT_LOOP"
717 281 mkfs.ext4 "$EXT4_LOOP"
718 282
719 283 # Mount the temporary loop devices
720 284 mkdir -p "$BUILDDIR/mount"
721 285 mount "$EXT4_LOOP" "$BUILDDIR/mount"
722 286
723 287 mkdir -p "$BUILDDIR/mount/boot/firmware"
724 288 mount "$VFAT_LOOP" "$BUILDDIR/mount/boot/firmware"
725 289
726 290 # Copy all files from the chroot to the loop device mount point directory
727 291 rsync -a "$R/" "$BUILDDIR/mount/"
728 292
729 293 # Unmount all temporary loop devices and mount points
730 294 cleanup
731 295
732 296 # (optinal) create block map file for "bmaptool"
733 297 bmaptool create -o "$BASEDIR/${DATE}-debian-${RELEASE}.bmap" "$BASEDIR/${DATE}-debian-${RELEASE}.img"
734 298
735 299 # Image was successfully created
736 300 echo "$BASEDIR/${DATE}-debian-${RELEASE}.img (${IMAGE_SIZE})" ": successfully created"
General Comments 0
Vous devez vous connecter pour laisser un commentaire. Se connecter maintenant