##// END OF EJS Templates
Refactor: split bootstrap actions and allow custom
Filip Pytloun -
r56:ea1f8911cd69
parent child
Show More
@@ -0,0 +1,3
1 images
2 custom.d
3 *.swp
@@ -0,0 +1,27
1 #
2 # Debootstrap basic system
3 #
4
5 . ./functions.sh
6
7 # Base debootstrap (unpack only)
8 if [ "$ENABLE_MINBASE" = true ] ; then
9 http_proxy=${APT_PROXY} debootstrap --arch=armhf --variant=minbase --foreign --include=${APT_INCLUDES} $RELEASE $R http://${APT_SERVER}/debian
10 else
11 http_proxy=${APT_PROXY} debootstrap --arch=armhf --foreign --include=${APT_INCLUDES} $RELEASE $R http://${APT_SERVER}/debian
12 fi
13
14 # Copy qemu emulator binary to chroot
15 cp /usr/bin/qemu-arm-static $R/usr/bin
16
17 # Copy debian-archive-keyring.pgp
18 mkdir -p $R/usr/share/keyrings
19 cp /usr/share/keyrings/debian-archive-keyring.gpg $R/usr/share/keyrings/debian-archive-keyring.gpg
20
21 # Complete the bootstrapping process
22 chroot_exec /debootstrap/debootstrap --second-stage
23
24 # Mount required filesystems
25 mount -t proc none $R/proc
26 mount -t sysfs none $R/sys
27 mount --bind /dev/pts $R/dev/pts
@@ -0,0 +1,40
1 #
2 # Setup APT repositories
3 #
4
5 . ./functions.sh
6
7 # Use proxy inside chroot
8 if [ -z "$APT_PROXY" ] ; then
9 echo "Acquire::http::Proxy \"$APT_PROXY\";" >> $R/etc/apt/apt.conf.d/10proxy
10 fi
11
12 # Pin package flash-kernel to repositories.collabora.co.uk
13 cat <<EOM >$R/etc/apt/preferences.d/flash-kernel
14 Package: flash-kernel
15 Pin: origin repositories.collabora.co.uk
16 Pin-Priority: 1000
17 EOM
18
19 # Upgrade collabora package index and install collabora keyring
20 echo "deb https://repositories.collabora.co.uk/debian ${RELEASE} rpi2" >$R/etc/apt/sources.list
21 chroot_exec apt-get -qq -y update
22 chroot_exec apt-get -qq -y --force-yes install collabora-obs-archive-keyring
23
24 # Set up initial sources.list
25 cat <<EOM >$R/etc/apt/sources.list
26 deb http://${APT_SERVER}/debian ${RELEASE} main contrib
27 #deb-src http://${APT_SERVER}/debian ${RELEASE} main contrib
28
29 deb http://${APT_SERVER}/debian/ ${RELEASE}-updates main contrib
30 #deb-src http://${APT_SERVER}/debian/ ${RELEASE}-updates main contrib
31
32 deb http://security.debian.org/ ${RELEASE}/updates main contrib
33 #deb-src http://security.debian.org/ ${RELEASE}/updates main contrib
34
35 deb https://repositories.collabora.co.uk/debian ${RELEASE} rpi2
36 EOM
37
38 # Upgrade package index and update all installed packages and changed dependencies
39 chroot_exec apt-get -qq -y update
40 chroot_exec apt-get -qq -y -u dist-upgrade
@@ -0,0 +1,52
1 #
2 # Setup locales and keyboard settings
3 #
4
5 . ./functions.sh
6
7 # Set up timezone
8 echo ${TIMEZONE} >$R/etc/timezone
9 chroot_exec dpkg-reconfigure -f noninteractive tzdata
10
11 # Set up default locale and keyboard configuration
12 if [ "$ENABLE_MINBASE" = false ] ; then
13 # Set locale choice in debconf db, even though dpkg-reconfigure ignores and overwrites them due to some bug
14 # https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=684134 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=685957
15 # ... so we have to set locales manually
16 if [ "$DEFLOCAL" = "en_US.UTF-8" ] ; then
17 chroot_exec echo "locales locales/locales_to_be_generated multiselect ${DEFLOCAL} UTF-8" | debconf-set-selections
18 else
19 # en_US.UTF-8 should be available anyway : https://www.debian.org/doc/manuals/debian-reference/ch08.en.html#_the_reconfiguration_of_the_locale
20 chroot_exec echo "locales locales/locales_to_be_generated multiselect en_US.UTF-8 UTF-8, ${DEFLOCAL} UTF-8" | debconf-set-selections
21 chroot_exec sed -i "/en_US.UTF-8/s/^#//" /etc/locale.gen
22 fi
23 chroot_exec sed -i "/${DEFLOCAL}/s/^#//" /etc/locale.gen
24 chroot_exec echo "locales locales/default_environment_locale select ${DEFLOCAL}" | debconf-set-selections
25 chroot_exec locale-gen
26 chroot_exec update-locale LANG=${DEFLOCAL}
27
28 # Keyboard configuration, if requested
29 if [ "$XKBMODEL" != "" ] ; then
30 chroot_exec sed -i "s/^XKBMODEL.*/XKBMODEL=\"${XKBMODEL}\"/" /etc/default/keyboard
31 fi
32 if [ "$XKBLAYOUT" != "" ] ; then
33 chroot_exec sed -i "s/^XKBLAYOUT.*/XKBLAYOUT=\"${XKBLAYOUT}\"/" /etc/default/keyboard
34 fi
35 if [ "$XKBVARIANT" != "" ] ; then
36 chroot_exec sed -i "s/^XKBVARIANT.*/XKBVARIANT=\"${XKBVARIANT}\"/" /etc/default/keyboard
37 fi
38 if [ "$XKBOPTIONS" != "" ] ; then
39 chroot_exec sed -i "s/^XKBOPTIONS.*/XKBOPTIONS=\"${XKBOPTIONS}\"/" /etc/default/keyboard
40 fi
41 chroot_exec dpkg-reconfigure -f noninteractive keyboard-configuration
42 # Set up font console
43 case "${DEFLOCAL}" in
44 *UTF-8)
45 chroot_exec sed -i 's/^CHARMAP.*/CHARMAP="UTF-8"/' /etc/default/console-setup
46 ;;
47 *)
48 chroot_exec sed -i 's/^CHARMAP.*/CHARMAP="guess"/' /etc/default/console-setup
49 ;;
50 esac
51 chroot_exec dpkg-reconfigure -f noninteractive console-setup
52 fi
@@ -0,0 +1,97
1 #
2 # Kernel installation
3 #
4
5 . ./functions.sh
6
7 # Fetch and build latest raspberry kernel
8 if [ "$BUILD_KERNEL" = true ] ; then
9 # Fetch current raspberrypi kernel sources
10 git -C $R/tmp clone --depth=1 https://github.com/raspberrypi/linux
11
12 # Load default raspberry kernel configuration
13 make -C $R/tmp/linux ARCH=arm CROSS_COMPILE=arm-linux-gnueabihf- bcm2709_defconfig
14
15 # Cross compile kernel and modules
16 make -C $R/tmp/linux -j 8 ARCH=arm CROSS_COMPILE=arm-linux-gnueabihf- zImage modules dtbs
17
18 # Install kernel modules
19 make -C $R/tmp/linux ARCH=arm CROSS_COMPILE=arm-linux-gnueabihf- INSTALL_MOD_PATH=../.. modules_install
20
21 # Copy and rename compiled kernel to boot directory
22 mkdir $R/boot/firmware/
23 $R/tmp/linux/scripts/mkknlimg $R/tmp/linux/arch/arm/boot/zImage $R/boot/firmware/kernel7.img
24
25 # Copy dts and dtb device definitions
26 mkdir $R/boot/firmware/overlays/
27 cp $R/tmp/linux/arch/arm/boot/dts/*.dtb $R/boot/firmware/
28 cp $R/tmp/linux/arch/arm/boot/dts/overlays/*.dtb* $R/boot/firmware/overlays/
29 cp $R/tmp/linux/arch/arm/boot/dts/overlays/README $R/boot/firmware/overlays/
30
31 # Install raspberry bootloader and flash-kernel
32 chroot_exec apt-get -qq -y --no-install-recommends install raspberrypi-bootloader-nokernel
33 else
34 # Kernel installation
35 chroot_exec apt-get -qq -y --no-install-recommends install linux-image-${KERNEL} raspberrypi-bootloader-nokernel
36
37 # Install flash-kernel last so it doesn't try (and fail) to detect the platform in the chroot
38 chroot_exec apt-get -qq -y install flash-kernel
39
40 VMLINUZ="$(ls -1 $R/boot/vmlinuz-* | sort | tail -n 1)"
41 [ -z "$VMLINUZ" ] && exit 1
42 cp $VMLINUZ $R/boot/firmware/kernel7.img
43 fi
44
45 # Set up firmware boot cmdline
46 CMDLINE="dwc_otg.lpm_enable=0 root=/dev/mmcblk0p2 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline rootwait net.ifnames=1 console=tty1"
47
48 # Set up serial console support (if requested)
49 if [ "$ENABLE_CONSOLE" = true ] ; then
50 CMDLINE="${CMDLINE} console=ttyAMA0,115200 kgdboc=ttyAMA0,115200"
51 fi
52
53 # Set up IPv6 networking support
54 if [ "$ENABLE_IPV6" = false ] ; then
55 CMDLINE="${CMDLINE} ipv6.disable=1"
56 fi
57
58 echo "${CMDLINE}" >$R/boot/firmware/cmdline.txt
59
60 # Set up firmware config
61 install -o root -g root -m 644 files/config.txt $R/boot/firmware/config.txt
62
63 # Load snd_bcm2835 kernel module at boot time
64 if [ "$ENABLE_SOUND" = true ] ; then
65 echo "snd_bcm2835" >>$R/etc/modules
66 fi
67
68 # Set smallest possible GPU memory allocation size: 16MB (no X)
69 if [ "$ENABLE_MINGPU" = true ] ; then
70 echo "gpu_mem=16" >>$R/boot/firmware/config.txt
71 fi
72
73 # Create symlinks
74 ln -sf firmware/config.txt $R/boot/config.txt
75 ln -sf firmware/cmdline.txt $R/boot/cmdline.txt
76
77 # Prepare modules-load.d directory
78 mkdir -p $R/lib/modules-load.d/
79
80 # Load random module on boot
81 if [ "$ENABLE_HWRANDOM" = true ] ; then
82 cat <<EOM >$R/lib/modules-load.d/rpi2.conf
83 bcm2708_rng
84 EOM
85 fi
86
87 # Prepare modprobe.d directory
88 mkdir -p $R/etc/modprobe.d/
89
90 # Blacklist sound modules
91 install -o root -g root -m 644 files/modprobe.d/raspi-blacklist.conf $R/etc/modprobe.d/raspi-blacklist.conf
92
93 # Create default fstab
94 install -o root -g root -m 644 files/fstab $R/etc/fstab
95
96 # Avoid swapping and increase cache sizes
97 install -o root -g root -m 644 files/sysctl.d/81-rpi-vm.conf $R/etc/sysctl.d/81-rpi-vm.conf
@@ -0,0 +1,78
1 #
2 # Setup networking
3 #
4
5 . ./functions.sh
6
7 # Set up IPv4 hosts
8 echo ${HOSTNAME} >$R/etc/hostname
9 cat <<EOM >$R/etc/hosts
10 127.0.0.1 localhost
11 127.0.1.1 ${HOSTNAME}
12 EOM
13
14 if [ "$NET_ADDRESS" != "" ] ; then
15 NET_IP=$(echo ${NET_ADDRESS} | cut -f 1 -d'/')
16 sed -i "s/^127.0.1.1/${NET_IP}/" $R/etc/hosts
17 fi
18
19 # Set up IPv6 hosts
20 if [ "$ENABLE_IPV6" = true ] ; then
21 cat <<EOM >>$R/etc/hosts
22
23 ::1 localhost ip6-localhost ip6-loopback
24 ff02::1 ip6-allnodes
25 ff02::2 ip6-allrouters
26 EOM
27 fi
28
29 # Place hint about network configuration
30 cat <<EOM >$R/etc/network/interfaces
31 # Debian switched to systemd-networkd configuration files.
32 # please configure your networks in '/etc/systemd/network/'
33 source /etc/interfaces.d/*.conf
34 EOM
35
36 if [ "$ENABLE_DHCP" = true ] ; then
37 # Enable systemd-networkd DHCP configuration for interface eth0
38 cat <<EOM >$R/etc/systemd/network/eth.network
39 [Match]
40 Name=eth0
41
42 [Network]
43 DHCP=yes
44 EOM
45
46 # Set DHCP configuration to IPv4 only
47 if [ "$ENABLE_IPV6" = false ] ; then
48 sed -i "s/^DHCP=yes/DHCP=v4/" $R/etc/systemd/network/eth.network
49 fi
50 else # ENABLE_DHCP=false
51 cat <<EOM >$R/etc/systemd/network/eth.network
52 [Match]
53 Name=eth0
54
55 [Network]
56 DHCP=no
57 Address=${NET_ADDRESS}
58 Gateway=${NET_GATEWAY}
59 DNS=${NET_DNS_1}
60 DNS=${NET_DNS_2}
61 Domains=${NET_DNS_DOMAINS}
62 NTP=${NET_NTP_1}
63 NTP=${NET_NTP_2}
64 EOM
65 fi
66
67 # Enable systemd-networkd service
68 chroot_exec systemctl enable systemd-networkd
69
70 # Enable network stack hardening
71 if [ "$ENABLE_HARDNET" = true ] ; then
72 install -o root -g root -m 644 files/sysctl.d/81-rpi-net-hardening.conf $R/etc/sysctl.d/81-rpi-net-hardening.conf
73
74 # Enable resolver warnings about spoofed addresses
75 cat <<EOM >>$R/etc/host.conf
76 spoof warn
77 EOM
78 fi
@@ -0,0 +1,43
1 #
2 # Enable firewall based on iptables started by systemd service
3 #
4
5 . ./functions.sh
6
7 if [ "$ENABLE_IPTABLES" = true ] ; then
8 # Create iptables configuration directory
9 mkdir -p "$R/etc/iptables"
10
11 # Create iptables systemd service
12 install -o root -g root -m 644 files/iptables/iptables.service $R/etc/systemd/system/iptables.service
13
14 # Create flush-table script called by iptables service
15 install -o root -g root -m 755 files/iptables/flush-iptables.sh $R/etc/iptables/flush-iptables.sh
16
17 # Create iptables rule file
18 install -o root -g root -m 644 files/iptables/iptables.rules $R/etc/iptables/iptables.rules
19
20 # Reload systemd configuration and enable iptables service
21 chroot_exec systemctl daemon-reload
22 chroot_exec systemctl enable iptables.service
23
24 if [ "$ENABLE_IPV6" = true ] ; then
25 # Create ip6tables systemd service
26 install -o root -g root -m 644 files/iptables/ip6tables.service $R/etc/systemd/system/ip6tables.service
27
28 # Create ip6tables file
29 install -o root -g root -m 755 files/iptables/flush-ip6tables.sh $R/etc/iptables/flush-ip6tables.sh
30
31 install -o root -g root -m 644 files/iptables/ip6tables.rules $R/etc/iptables/ip6tables.rules
32
33 # Reload systemd configuration and enable iptables service
34 chroot_exec systemctl daemon-reload
35 chroot_exec systemctl enable ip6tables.service
36 fi
37 fi
38
39 # Remove SSHD related iptables rules
40 if [ "$ENABLE_SSHD" = false ] ; then
41 sed -e '/^#/! {/SSH/ s/^/# /}' -i $R/etc/iptables/iptables.rules 2> /dev/null
42 sed -e '/^#/! {/SSH/ s/^/# /}' -i $R/etc/iptables/ip6tables.rules 2> /dev/null
43 fi
@@ -0,0 +1,30
1 #
2 # Setup users and security settings
3 #
4
5 . ./functions.sh
6
7 # Generate crypt(3) password string
8 ENCRYPTED_PASSWORD=`mkpasswd -m sha-512 ${PASSWORD}`
9
10 # Set up default user
11 if [ "$ENABLE_USER" = true ] ; then
12 chroot_exec adduser --gecos pi --add_extra_groups --disabled-password pi
13 chroot_exec usermod -a -G sudo -p "${ENCRYPTED_PASSWORD}" pi
14 fi
15
16 # Set up root password or not
17 if [ "$ENABLE_ROOT" = true ]; then
18 chroot_exec usermod -p "${ENCRYPTED_PASSWORD}" root
19
20 if [ "$ENABLE_ROOT_SSH" = true ]; then
21 sed -i 's|[#]*PermitRootLogin.*|PermitRootLogin yes|g' $R/etc/ssh/sshd_config
22 fi
23 else
24 chroot_exec usermod -p \'!\' root
25 fi
26
27 # Enable serial console systemd style
28 if [ "$ENABLE_CONSOLE" = true ] ; then
29 chroot_exec systemctl enable serial-getty\@ttyAMA0.service
30 fi
@@ -0,0 +1,12
1 #
2 # Setup logging
3 #
4
5 . ./functions.sh
6
7 # Disable rsyslog
8 if [ "$ENABLE_RSYSLOG" = false ]; then
9 sed -i 's|[#]*ForwardToSyslog=yes|ForwardToSyslog=no|g' $R/etc/systemd/journald.conf
10 chroot_exec systemctl disable rsyslog
11 chroot_exec apt-get purge -q -y --force-yes rsyslog
12 fi
@@ -0,0 +1,44
1 #
2 # Setup Uboot
3 #
4
5 . ./functions.sh
6
7 # Install gcc/c++ build environment inside the chroot
8 if [ "$ENABLE_UBOOT" = true ] || [ "$ENABLE_FBTURBO" = true ]; then
9 chroot_exec apt-get install -q -y --force-yes --no-install-recommends linux-compiler-gcc-4.9-arm g++ make bc
10 fi
11
12 # Fetch and build U-Boot bootloader
13 if [ "$ENABLE_UBOOT" = true ] ; then
14 # Fetch U-Boot bootloader sources
15 git -C $R/tmp clone git://git.denx.de/u-boot.git
16
17 # Build and install U-Boot inside chroot
18 chroot_exec make -C /tmp/u-boot/ rpi_2_defconfig all
19
20 # Copy compiled bootloader binary and set config.txt to load it
21 cp $R/tmp/u-boot/u-boot.bin $R/boot/firmware/
22 printf "\n# boot u-boot kernel\nkernel=u-boot.bin\n" >> $R/boot/firmware/config.txt
23
24 # Set U-Boot command file
25 cat <<EOM >$R/boot/firmware/uboot.mkimage
26 # Tell Linux that it is booting on a Raspberry Pi2
27 setenv machid 0x00000c42
28
29 # Set the kernel boot command line
30 setenv bootargs "earlyprintk ${CMDLINE}"
31
32 # Save these changes to u-boot's environment
33 saveenv
34
35 # Load the existing Linux kernel into RAM
36 fatload mmc 0:1 \${kernel_addr_r} kernel7.img
37
38 # Boot the kernel we have just loaded
39 bootz \${kernel_addr_r}
40 EOM
41
42 # Generate U-Boot image from command file
43 chroot_exec mkimage -A arm -O linux -T script -C none -a 0x00000000 -e 0x00000000 -n "RPi2 Boot Script" -d /boot/firmware/uboot.mkimage /boot/firmware/boot.scr
44 fi
@@ -0,0 +1,34
1 #
2 # Fetch and build fbturbo Xorg driver
3 #
4
5 . ./functions.sh
6
7 if [ "$ENABLE_FBTURBO" = true ] ; then
8 # Fetch fbturbo driver sources
9 git -C $R/tmp clone https://github.com/ssvb/xf86-video-fbturbo.git
10
11 # Install Xorg build dependencies
12 chroot_exec apt-get install -q -y --no-install-recommends xorg-dev xutils-dev x11proto-dri2-dev libltdl-dev libtool automake libdrm-dev
13
14 # Build and install fbturbo driver inside chroot
15 chroot_exec /bin/bash -c "cd /tmp/xf86-video-fbturbo; autoreconf -vi; ./configure --prefix=/usr; make; make install"
16
17 # Add fbturbo driver to Xorg configuration
18 cat <<EOM >$R/usr/share/X11/xorg.conf.d/99-fbturbo.conf
19 Section "Device"
20 Identifier "Allwinner A10/A13 FBDEV"
21 Driver "fbturbo"
22 Option "fbdev" "/dev/fb0"
23 Option "SwapbuffersWait" "true"
24 EndSection
25 EOM
26
27 # Remove Xorg build dependencies
28 chroot_exec apt-get -q -y purge --auto-remove xorg-dev xutils-dev x11proto-dri2-dev libltdl-dev libtool automake libdrm-dev
29 fi
30
31 # Remove gcc/c++ build environment from the chroot
32 if [ "$ENABLE_UBOOT" = true ] || [ "$ENABLE_FBTURBO" = true ]; then
33 chroot_exec apt-get -y -q purge --auto-remove bc binutils cpp cpp-4.9 g++ g++-4.9 gcc gcc-4.9 libasan1 libatomic1 libc-dev-bin libc6-dev libcloog-isl4 libgcc-4.9-dev libgomp1 libisl10 libmpc3 libmpfr4 libstdc++-4.9-dev libubsan0 linux-compiler-gcc-4.9-arm linux-libc-dev make
34 fi
@@ -0,0 +1,24
1 #
2 # First boot actions
3 #
4
5 . ./functions.sh
6
7 cat files/firstboot/10-begin.sh > $R/etc/rc.firstboot
8
9 # Ensure openssh server host keys are regenerated on first boot
10 if [ "$ENABLE_SSHD" = true ] ; then
11 cat files/firstboot/21-generate-ssh-keys.sh >> $R/etc/rc.firstboot
12 rm -f $R/etc/ssh/ssh_host_*
13 fi
14
15 if [ "$EXPANDROOT" = true ] ; then
16 cat files/firstboot/22-expandroot.sh >> $R/etc/rc.firstboot
17 fi
18
19 cat files/firstboot/99-finish.sh >> $R/etc/rc.firstboot
20 chmod +x $R/etc/rc.firstboot
21
22 sed -i '/exit 0/d' $R/etc/rc.local
23 echo /etc/rc.firstboot >> $R/etc/rc.local
24 echo exit 0 >> $R/etc/rc.local
@@ -0,0 +1,19
1 cleanup (){
2 # Clean up all temporary mount points
3 set +x
4 set +e
5 echo "removing temporary mount points ..."
6 umount -l $R/proc 2> /dev/null
7 umount -l $R/sys 2> /dev/null
8 umount -l $R/dev/pts 2> /dev/null
9 umount "$BUILDDIR/mount/boot/firmware" 2> /dev/null
10 umount "$BUILDDIR/mount" 2> /dev/null
11 losetup -d "$EXT4_LOOP" 2> /dev/null
12 losetup -d "$VFAT_LOOP" 2> /dev/null
13 trap - 0 1 2 3 6
14 }
15
16 chroot_exec() {
17 # Exec command in chroot
18 LANG=C LC_ALL=C chroot $R $*
19 }
@@ -15,25 +15,7
15 15 # Copyright (C) 2015 Luca Falavigna <dktrkranz@debian.org>
16 16 ########################################################################
17 17
18 # Clean up all temporary mount points
19 cleanup (){
20 set +x
21 set +e
22 echo "removing temporary mount points ..."
23 umount -l $R/proc 2> /dev/null
24 umount -l $R/sys 2> /dev/null
25 umount -l $R/dev/pts 2> /dev/null
26 umount "$BUILDDIR/mount/boot/firmware" 2> /dev/null
27 umount "$BUILDDIR/mount" 2> /dev/null
28 losetup -d "$EXT4_LOOP" 2> /dev/null
29 losetup -d "$VFAT_LOOP" 2> /dev/null
30 trap - 0 1 2 3 6
31 }
32
33 # Exec command in chroot
34 chroot_exec() {
35 LANG=C LC_ALL=C chroot $R $*
36 }
18 source ./functions.sh
37 19
38 20 set -e
39 21 set -x
@@ -43,7 +25,7 RELEASE=${RELEASE:=jessie}
43 25 KERNEL=${KERNEL:=3.18.0-trunk-rpi2}
44 26
45 27 # Build settings
46 BASEDIR=./images/${RELEASE}
28 BASEDIR=$(pwd)/images/${RELEASE}
47 29 BUILDDIR=${BASEDIR}/build
48 30
49 31 # General settings
@@ -221,437 +203,14 if [ "$ENABLE_XORG" = true ] ; then
221 203 APT_INCLUDES="${APT_INCLUDES},xorg"
222 204 fi
223 205
224 # Base debootstrap (unpack only)
225 if [ "$ENABLE_MINBASE" = true ] ; then
226 http_proxy=${APT_PROXY} debootstrap --arch=armhf --variant=minbase --foreign --include=${APT_INCLUDES} $RELEASE $R http://${APT_SERVER}/debian
227 else
228 http_proxy=${APT_PROXY} debootstrap --arch=armhf --foreign --include=${APT_INCLUDES} $RELEASE $R http://${APT_SERVER}/debian
229 fi
230
231 # Copy qemu emulator binary to chroot
232 cp /usr/bin/qemu-arm-static $R/usr/bin
233
234 # Copy debian-archive-keyring.pgp
235 chroot $R mkdir -p /usr/share/keyrings
236 cp /usr/share/keyrings/debian-archive-keyring.gpg $R/usr/share/keyrings/debian-archive-keyring.gpg
237
238 # Complete the bootstrapping process
239 chroot $R /debootstrap/debootstrap --second-stage
240
241 # Mount required filesystems
242 mount -t proc none $R/proc
243 mount -t sysfs none $R/sys
244 mount --bind /dev/pts $R/dev/pts
245
246 # Use proxy inside chroot
247 if [ -z "$APT_PROXY" ] ; then
248 echo "Acquire::http::Proxy \"$APT_PROXY\";" >> $R/etc/apt/apt.conf.d/10proxy
249 fi
250
251 # Pin package flash-kernel to repositories.collabora.co.uk
252 cat <<EOM >$R/etc/apt/preferences.d/flash-kernel
253 Package: flash-kernel
254 Pin: origin repositories.collabora.co.uk
255 Pin-Priority: 1000
256 EOM
257
258 # Set up timezone
259 echo ${TIMEZONE} >$R/etc/timezone
260 chroot_exec dpkg-reconfigure -f noninteractive tzdata
261
262 # Upgrade collabora package index and install collabora keyring
263 echo "deb https://repositories.collabora.co.uk/debian ${RELEASE} rpi2" >$R/etc/apt/sources.list
264 chroot_exec apt-get -qq -y update
265 chroot_exec apt-get -qq -y --force-yes install collabora-obs-archive-keyring
266
267 # Set up initial sources.list
268 cat <<EOM >$R/etc/apt/sources.list
269 deb http://${APT_SERVER}/debian ${RELEASE} main contrib
270 #deb-src http://${APT_SERVER}/debian ${RELEASE} main contrib
271
272 deb http://${APT_SERVER}/debian/ ${RELEASE}-updates main contrib
273 #deb-src http://${APT_SERVER}/debian/ ${RELEASE}-updates main contrib
274
275 deb http://security.debian.org/ ${RELEASE}/updates main contrib
276 #deb-src http://security.debian.org/ ${RELEASE}/updates main contrib
277
278 deb https://repositories.collabora.co.uk/debian ${RELEASE} rpi2
279 EOM
280
281 # Upgrade package index and update all installed packages and changed dependencies
282 chroot_exec apt-get -qq -y update
283 chroot_exec apt-get -qq -y -u dist-upgrade
284
285 # Set up default locale and keyboard configuration
286 if [ "$ENABLE_MINBASE" = false ] ; then
287 # Set locale choice in debconf db, even though dpkg-reconfigure ignores and overwrites them due to some bug
288 # https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=684134 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=685957
289 # ... so we have to set locales manually
290 if [ "$DEFLOCAL" = "en_US.UTF-8" ] ; then
291 chroot_exec echo "locales locales/locales_to_be_generated multiselect ${DEFLOCAL} UTF-8" | debconf-set-selections
292 else
293 # en_US.UTF-8 should be available anyway : https://www.debian.org/doc/manuals/debian-reference/ch08.en.html#_the_reconfiguration_of_the_locale
294 chroot_exec echo "locales locales/locales_to_be_generated multiselect en_US.UTF-8 UTF-8, ${DEFLOCAL} UTF-8" | debconf-set-selections
295 chroot_exec sed -i "/en_US.UTF-8/s/^#//" /etc/locale.gen
296 fi
297 chroot_exec sed -i "/${DEFLOCAL}/s/^#//" /etc/locale.gen
298 chroot_exec echo "locales locales/default_environment_locale select ${DEFLOCAL}" | debconf-set-selections
299 chroot_exec locale-gen
300 chroot_exec update-locale LANG=${DEFLOCAL}
301
302 # Keyboard configuration, if requested
303 if [ "$XKBMODEL" != "" ] ; then
304 chroot_exec sed -i "s/^XKBMODEL.*/XKBMODEL=\"${XKBMODEL}\"/" /etc/default/keyboard
305 fi
306 if [ "$XKBLAYOUT" != "" ] ; then
307 chroot_exec sed -i "s/^XKBLAYOUT.*/XKBLAYOUT=\"${XKBLAYOUT}\"/" /etc/default/keyboard
308 fi
309 if [ "$XKBVARIANT" != "" ] ; then
310 chroot_exec sed -i "s/^XKBVARIANT.*/XKBVARIANT=\"${XKBVARIANT}\"/" /etc/default/keyboard
311 fi
312 if [ "$XKBOPTIONS" != "" ] ; then
313 chroot_exec sed -i "s/^XKBOPTIONS.*/XKBOPTIONS=\"${XKBOPTIONS}\"/" /etc/default/keyboard
314 fi
315 chroot_exec dpkg-reconfigure -f noninteractive keyboard-configuration
316 # Set up font console
317 case "${DEFLOCAL}" in
318 *UTF-8)
319 chroot_exec sed -i 's/^CHARMAP.*/CHARMAP="UTF-8"/' /etc/default/console-setup
320 ;;
321 *)
322 chroot_exec sed -i 's/^CHARMAP.*/CHARMAP="guess"/' /etc/default/console-setup
323 ;;
324 esac
325 chroot_exec dpkg-reconfigure -f noninteractive console-setup
326 fi
327
328 # Fetch and build latest raspberry kernel
329 if [ "$BUILD_KERNEL" = true ] ; then
330 # Fetch current raspberrypi kernel sources
331 git -C $R/tmp clone --depth=1 https://github.com/raspberrypi/linux
332
333 # Load default raspberry kernel configuration
334 make -C $R/tmp/linux ARCH=arm CROSS_COMPILE=arm-linux-gnueabihf- bcm2709_defconfig
335
336 # Cross compile kernel and modules
337 make -C $R/tmp/linux -j 8 ARCH=arm CROSS_COMPILE=arm-linux-gnueabihf- zImage modules dtbs
338
339 # Install kernel modules
340 make -C $R/tmp/linux ARCH=arm CROSS_COMPILE=arm-linux-gnueabihf- INSTALL_MOD_PATH=../.. modules_install
341
342 # Copy and rename compiled kernel to boot directory
343 mkdir $R/boot/firmware/
344 $R/tmp/linux/scripts/mkknlimg $R/tmp/linux/arch/arm/boot/zImage $R/boot/firmware/kernel7.img
345
346 # Copy dts and dtb device definitions
347 mkdir $R/boot/firmware/overlays/
348 cp $R/tmp/linux/arch/arm/boot/dts/*.dtb $R/boot/firmware/
349 cp $R/tmp/linux/arch/arm/boot/dts/overlays/*.dtb* $R/boot/firmware/overlays/
350 cp $R/tmp/linux/arch/arm/boot/dts/overlays/README $R/boot/firmware/overlays/
351
352 # Install raspberry bootloader and flash-kernel
353 chroot_exec apt-get -qq -y --no-install-recommends install raspberrypi-bootloader-nokernel
354 else
355 # Kernel installation
356 chroot_exec apt-get -qq -y --no-install-recommends install linux-image-${KERNEL} raspberrypi-bootloader-nokernel
357
358 # Install flash-kernel last so it doesn't try (and fail) to detect the platform in the chroot
359 chroot_exec apt-get -qq -y install flash-kernel
360
361 VMLINUZ="$(ls -1 $R/boot/vmlinuz-* | sort | tail -n 1)"
362 [ -z "$VMLINUZ" ] && exit 1
363 cp $VMLINUZ $R/boot/firmware/kernel7.img
364 fi
365
366 # Set up IPv4 hosts
367 echo ${HOSTNAME} >$R/etc/hostname
368 cat <<EOM >$R/etc/hosts
369 127.0.0.1 localhost
370 127.0.1.1 ${HOSTNAME}
371 EOM
372 if [ "$NET_ADDRESS" != "" ] ; then
373 NET_IP=$(echo ${NET_ADDRESS} | cut -f 1 -d'/')
374 sed -i "s/^127.0.1.1/${NET_IP}/" $R/etc/hosts
375 fi
376
377 # Set up IPv6 hosts
378 if [ "$ENABLE_IPV6" = true ] ; then
379 cat <<EOM >>$R/etc/hosts
380
381 ::1 localhost ip6-localhost ip6-loopback
382 ff02::1 ip6-allnodes
383 ff02::2 ip6-allrouters
384 EOM
385 fi
386
387 # Place hint about network configuration
388 cat <<EOM >$R/etc/network/interfaces
389 # Debian switched to systemd-networkd configuration files.
390 # please configure your networks in '/etc/systemd/network/'
391 EOM
392
393 if [ "$ENABLE_DHCP" = true ] ; then
394 # Enable systemd-networkd DHCP configuration for interface eth0
395 cat <<EOM >$R/etc/systemd/network/eth.network
396 [Match]
397 Name=eth0
398
399 [Network]
400 DHCP=yes
401 EOM
402
403 # Set DHCP configuration to IPv4 only
404 if [ "$ENABLE_IPV6" = false ] ; then
405 sed -i "s/^DHCP=yes/DHCP=v4/" $R/etc/systemd/network/eth.network
406 fi
407 else # ENABLE_DHCP=false
408 cat <<EOM >$R/etc/systemd/network/eth.network
409 [Match]
410 Name=eth0
411
412 [Network]
413 DHCP=no
414 Address=${NET_ADDRESS}
415 Gateway=${NET_GATEWAY}
416 DNS=${NET_DNS_1}
417 DNS=${NET_DNS_2}
418 Domains=${NET_DNS_DOMAINS}
419 NTP=${NET_NTP_1}
420 NTP=${NET_NTP_2}
421 EOM
422 fi
423
424 # Enable systemd-networkd service
425 chroot_exec systemctl enable systemd-networkd
426
427 # Generate crypt(3) password string
428 ENCRYPTED_PASSWORD=`mkpasswd -m sha-512 ${PASSWORD}`
429
430 # Set up default user
431 if [ "$ENABLE_USER" = true ] ; then
432 chroot_exec adduser --gecos pi --add_extra_groups --disabled-password pi
433 chroot_exec usermod -a -G sudo -p "${ENCRYPTED_PASSWORD}" pi
434 fi
435
436 # Set up root password or not
437 if [ "$ENABLE_ROOT" = true ]; then
438 chroot_exec usermod -p "${ENCRYPTED_PASSWORD}" root
439
440 if [ "$ENABLE_ROOT_SSH" = true ]; then
441 sed -i 's|[#]*PermitRootLogin.*|PermitRootLogin yes|g' $R/etc/ssh/sshd_config
442 fi
443 else
444 chroot_exec usermod -p \'!\' root
445 fi
446
447 # Set up firmware boot cmdline
448 CMDLINE="dwc_otg.lpm_enable=0 root=/dev/mmcblk0p2 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline rootwait net.ifnames=1 console=tty1"
449
450 # Set up serial console support (if requested)
451 if [ "$ENABLE_CONSOLE" = true ] ; then
452 CMDLINE="${CMDLINE} console=ttyAMA0,115200 kgdboc=ttyAMA0,115200"
453 fi
454
455 # Set up IPv6 networking support
456 if [ "$ENABLE_IPV6" = false ] ; then
457 CMDLINE="${CMDLINE} ipv6.disable=1"
458 fi
459
460 echo "${CMDLINE}" >$R/boot/firmware/cmdline.txt
461
462 # Set up firmware config
463 install -o root -g root -m 644 files/config.txt $R/boot/firmware/config.txt
464
465 # Load snd_bcm2835 kernel module at boot time
466 if [ "$ENABLE_SOUND" = true ] ; then
467 echo "snd_bcm2835" >>$R/etc/modules
468 fi
469
470 # Set smallest possible GPU memory allocation size: 16MB (no X)
471 if [ "$ENABLE_MINGPU" = true ] ; then
472 echo "gpu_mem=16" >>$R/boot/firmware/config.txt
473 fi
474
475 # Create symlinks
476 ln -sf firmware/config.txt $R/boot/config.txt
477 ln -sf firmware/cmdline.txt $R/boot/cmdline.txt
478
479 # Prepare modules-load.d directory
480 mkdir -p $R/lib/modules-load.d/
481
482 # Load random module on boot
483 if [ "$ENABLE_HWRANDOM" = true ] ; then
484 cat <<EOM >$R/lib/modules-load.d/rpi2.conf
485 bcm2708_rng
486 EOM
487 fi
488
489 # Prepare modprobe.d directory
490 mkdir -p $R/etc/modprobe.d/
491
492 # Blacklist sound modules
493 install -o root -g root -m 644 files/modprobe.d/raspi-blacklist.conf $R/etc/modprobe.d/raspi-blacklist.conf
494
495 # Create default fstab
496 install -o root -g root -m 644 files/fstab $R/etc/fstab
497
498 # Avoid swapping and increase cache sizes
499 install -o root -g root -m 644 files/sysctl.d/81-rpi-vm.conf $R/etc/sysctl.d/81-rpi-vm.conf
500
501 # Enable network stack hardening
502 if [ "$ENABLE_HARDNET" = true ] ; then
503 install -o root -g root -m 644 files/sysctl.d/81-rpi-net-hardening.conf $R/etc/sysctl.d/81-rpi-net-hardening.conf
504
505 # Enable resolver warnings about spoofed addresses
506 cat <<EOM >>$R/etc/host.conf
507 spoof warn
508 EOM
509 fi
510
511 # First boot actions
512 cat files/firstboot/10-begin.sh > $R/etc/rc.firstboot
513
514 # Ensure openssh server host keys are regenerated on first boot
515 if [ "$ENABLE_SSHD" = true ] ; then
516 cat files/firstboot/21-generate-ssh-keys.sh >> $R/etc/rc.firstboot
517 rm -f $R/etc/ssh/ssh_host_*
518 fi
519
520 if [ "$EXPANDROOT" = true ] ; then
521 cat files/firstboot/22-expandroot.sh >> $R/etc/rc.firstboot
522 fi
523
524 cat files/firstboot/99-finish.sh >> $R/etc/rc.firstboot
525 chmod +x $R/etc/rc.firstboot
526
527 sed -i '/exit 0/d' $R/etc/rc.local
528 echo /etc/rc.firstboot >> $R/etc/rc.local
529 echo exit 0 >> $R/etc/rc.local
530
531 # Disable rsyslog
532 if [ "$ENABLE_RSYSLOG" = false ]; then
533 sed -i 's|[#]*ForwardToSyslog=yes|ForwardToSyslog=no|g' $R/etc/systemd/journald.conf
534 chroot_exec systemctl disable rsyslog
535 chroot_exec apt-get purge -q -y --force-yes rsyslog
536 fi
537
538 # Enable serial console systemd style
539 if [ "$ENABLE_CONSOLE" = true ] ; then
540 chroot_exec systemctl enable serial-getty\@ttyAMA0.service
541 fi
542
543 # Enable firewall based on iptables started by systemd service
544 if [ "$ENABLE_IPTABLES" = true ] ; then
545 # Create iptables configuration directory
546 mkdir -p "$R/etc/iptables"
547
548 # Create iptables systemd service
549 install -o root -g root -m 644 files/iptables/iptables.service $R/etc/systemd/system/iptables.service
550
551 # Create flush-table script called by iptables service
552 install -o root -g root -m 755 files/iptables/flush-iptables.sh $R/etc/iptables/flush-iptables.sh
553
554 # Create iptables rule file
555 install -o root -g root -m 644 files/iptables/iptables.rules $R/etc/iptables/iptables.rules
556
557 # Reload systemd configuration and enable iptables service
558 chroot_exec systemctl daemon-reload
559 chroot_exec systemctl enable iptables.service
560
561 if [ "$ENABLE_IPV6" = true ] ; then
562 # Create ip6tables systemd service
563 install -o root -g root -m 644 files/iptables/ip6tables.service $R/etc/systemd/system/ip6tables.service
564
565 # Create ip6tables file
566 install -o root -g root -m 755 files/iptables/flush-ip6tables.sh $R/etc/iptables/flush-ip6tables.sh
567
568 install -o root -g root -m 644 files/iptables/ip6tables.rules $R/etc/iptables/ip6tables.rules
569
570 # Reload systemd configuration and enable iptables service
571 chroot_exec systemctl daemon-reload
572 chroot_exec systemctl enable ip6tables.service
573 fi
574 fi
575
576 # Remove SSHD related iptables rules
577 if [ "$ENABLE_SSHD" = false ] ; then
578 sed -e '/^#/! {/SSH/ s/^/# /}' -i $R/etc/iptables/iptables.rules 2> /dev/null
579 sed -e '/^#/! {/SSH/ s/^/# /}' -i $R/etc/iptables/ip6tables.rules 2> /dev/null
580 fi
581
582 # Install gcc/c++ build environment inside the chroot
583 if [ "$ENABLE_UBOOT" = true ] || [ "$ENABLE_FBTURBO" = true ]; then
584 chroot_exec apt-get install -q -y --force-yes --no-install-recommends linux-compiler-gcc-4.9-arm g++ make bc
585 fi
586
587 # Fetch and build U-Boot bootloader
588 if [ "$ENABLE_UBOOT" = true ] ; then
589 # Fetch U-Boot bootloader sources
590 git -C $R/tmp clone git://git.denx.de/u-boot.git
591
592 # Build and install U-Boot inside chroot
593 chroot_exec make -C /tmp/u-boot/ rpi_2_defconfig all
594
595 # Copy compiled bootloader binary and set config.txt to load it
596 cp $R/tmp/u-boot/u-boot.bin $R/boot/firmware/
597 printf "\n# boot u-boot kernel\nkernel=u-boot.bin\n" >> $R/boot/firmware/config.txt
598
599 # Set U-Boot command file
600 cat <<EOM >$R/boot/firmware/uboot.mkimage
601 # Tell Linux that it is booting on a Raspberry Pi2
602 setenv machid 0x00000c42
603
604 # Set the kernel boot command line
605 setenv bootargs "earlyprintk ${CMDLINE}"
606
607 # Save these changes to u-boot's environment
608 saveenv
609
610 # Load the existing Linux kernel into RAM
611 fatload mmc 0:1 \${kernel_addr_r} kernel7.img
612
613 # Boot the kernel we have just loaded
614 bootz \${kernel_addr_r}
615 EOM
616
617 # Generate U-Boot image from command file
618 chroot_exec mkimage -A arm -O linux -T script -C none -a 0x00000000 -e 0x00000000 -n "RPi2 Boot Script" -d /boot/firmware/uboot.mkimage /boot/firmware/boot.scr
619 fi
620
621 # Fetch and build fbturbo Xorg driver
622 if [ "$ENABLE_FBTURBO" = true ] ; then
623 # Fetch fbturbo driver sources
624 git -C $R/tmp clone https://github.com/ssvb/xf86-video-fbturbo.git
625
626 # Install Xorg build dependencies
627 chroot_exec apt-get install -q -y --no-install-recommends xorg-dev xutils-dev x11proto-dri2-dev libltdl-dev libtool automake libdrm-dev
628
629 # Build and install fbturbo driver inside chroot
630 chroot_exec /bin/bash -c "cd /tmp/xf86-video-fbturbo; autoreconf -vi; ./configure --prefix=/usr; make; make install"
631
632 # Add fbturbo driver to Xorg configuration
633 cat <<EOM >$R/usr/share/X11/xorg.conf.d/99-fbturbo.conf
634 Section "Device"
635 Identifier "Allwinner A10/A13 FBDEV"
636 Driver "fbturbo"
637 Option "fbdev" "/dev/fb0"
638 Option "SwapbuffersWait" "true"
639 EndSection
640 EOM
641
642 # Remove Xorg build dependencies
643 chroot_exec apt-get -q -y purge --auto-remove xorg-dev xutils-dev x11proto-dri2-dev libltdl-dev libtool automake libdrm-dev
644 fi
645
646 # Remove gcc/c++ build environment from the chroot
647 if [ "$ENABLE_UBOOT" = true ] || [ "$ENABLE_FBTURBO" = true ]; then
648 chroot_exec apt-get -y -q purge --auto-remove bc binutils cpp cpp-4.9 g++ g++-4.9 gcc gcc-4.9 libasan1 libatomic1 libc-dev-bin libc6-dev libcloog-isl4 libgcc-4.9-dev libgomp1 libisl10 libmpc3 libmpfr4 libstdc++-4.9-dev libubsan0 linux-compiler-gcc-4.9-arm linux-libc-dev make
649 fi
206 ## Main bootstrap
207 for i in bootstrap.d/*.sh; do
208 . $i
209 done
650 210
651 # Clean cached downloads
652 chroot_exec apt-get -y clean
653 chroot_exec apt-get -y autoclean
654 chroot_exec apt-get -y autoremove
211 for i in custom.d/*.sh; do
212 . $i
213 done
655 214
656 215 # Invoke custom scripts
657 216 if [ -n "${CHROOT_SCRIPTS}" ]; then
@@ -660,6 +219,11 if [ -n "${CHROOT_SCRIPTS}" ]; then
660 219 rm -rf "${R}/chroot_scripts"
661 220 fi
662 221
222 ## Cleanup
223 chroot_exec apt-get -y clean
224 chroot_exec apt-get -y autoclean
225 chroot_exec apt-get -y autoremove
226
663 227 # Unmount mounted filesystems
664 228 umount -l $R/proc
665 229 umount -l $R/sys
General Comments 0
Vous devez vous connecter pour laisser un commentaire. Se connecter maintenant