##// END OF EJS Templates
Merge pull request #72 from denismosolov/image-name...
drtyhlpr -
r140:efc5a8fb5f7a Fusion
parent child
Show More
@@ -1,412 +1,421
1 # rpi23-gen-image
1 # rpi23-gen-image
2 ## Introduction
2 ## Introduction
3 `rpi23-gen-image.sh` is an advanced Debian Linux bootstrapping shell script for generating Debian OS images for Raspberry Pi 2 (RPi2) and Raspberry Pi 3 (RPi3) computers. The script at this time supports the bootstrapping of the Debian (armhf) releases `jessie` and `stretch`. Raspberry Pi 3 images are currently generated for 32-bit mode only.
3 `rpi23-gen-image.sh` is an advanced Debian Linux bootstrapping shell script for generating Debian OS images for Raspberry Pi 2 (RPi2) and Raspberry Pi 3 (RPi3) computers. The script at this time supports the bootstrapping of the Debian (armhf) releases `jessie` and `stretch`. Raspberry Pi 3 images are currently generated for 32-bit mode only.
4
4
5 ## Build dependencies
5 ## Build dependencies
6 The following list of Debian packages must be installed on the build system because they are essentially required for the bootstrapping process. The script will check if all required packages are installed and missing packages will be installed automatically if confirmed by the user.
6 The following list of Debian packages must be installed on the build system because they are essentially required for the bootstrapping process. The script will check if all required packages are installed and missing packages will be installed automatically if confirmed by the user.
7
7
8 ```debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git bc psmisc dbus```
8 ```debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git bc psmisc dbus```
9
9
10 It is recommended to configure the `rpi23-gen-image.sh` script to build and install the latest Raspberry Pi Linux kernel. For the RPi3 this is mandetory. Kernel compilation and linking will be performed on the build system using an ARM (armhf) cross-compiler toolchain.
10 It is recommended to configure the `rpi23-gen-image.sh` script to build and install the latest Raspberry Pi Linux kernel. For the RPi3 this is mandetory. Kernel compilation and linking will be performed on the build system using an ARM (armhf) cross-compiler toolchain.
11
11
12 The script has been tested using the default `crossbuild-essential-armhf` toolchain meta package on Debian Linux `jessie` and `stretch` build systems. Please check the [Debian CrossToolchains Wiki](https://wiki.debian.org/CrossToolchains) for further information.
12 The script has been tested using the default `crossbuild-essential-armhf` toolchain meta package on Debian Linux `jessie` and `stretch` build systems. Please check the [Debian CrossToolchains Wiki](https://wiki.debian.org/CrossToolchains) for further information.
13
13
14 If a Debian Linux `jessie` build system is used it will be required to add the [Debian Cross-toolchains repository](http://emdebian.org/tools/debian/) first:
14 If a Debian Linux `jessie` build system is used it will be required to add the [Debian Cross-toolchains repository](http://emdebian.org/tools/debian/) first:
15
15
16 ```
16 ```
17 echo "deb http://emdebian.org/tools/debian/ jessie main" > /etc/apt/sources.list.d/crosstools.list
17 echo "deb http://emdebian.org/tools/debian/ jessie main" > /etc/apt/sources.list.d/crosstools.list
18 sudo -u nobody wget -O - http://emdebian.org/tools/debian/emdebian-toolchain-archive.key | apt-key add -
18 sudo -u nobody wget -O - http://emdebian.org/tools/debian/emdebian-toolchain-archive.key | apt-key add -
19 dpkg --add-architecture armhf
19 dpkg --add-architecture armhf
20 apt-get update
20 apt-get update
21 ```
21 ```
22
22
23 ## Command-line parameters
23 ## Command-line parameters
24 The script accepts certain command-line parameters to enable or disable specific OS features, services and configuration settings. These parameters are passed to the `rpi23-gen-image.sh` script via (simple) shell-variables. Unlike environment shell-variables (simple) shell-variables are defined at the beginning of the command-line call of the `rpi23-gen-image.sh` script.
24 The script accepts certain command-line parameters to enable or disable specific OS features, services and configuration settings. These parameters are passed to the `rpi23-gen-image.sh` script via (simple) shell-variables. Unlike environment shell-variables (simple) shell-variables are defined at the beginning of the command-line call of the `rpi23-gen-image.sh` script.
25
25
26 #####Command-line examples:
26 #####Command-line examples:
27 ```shell
27 ```shell
28 ENABLE_UBOOT=true ./rpi23-gen-image.sh
28 ENABLE_UBOOT=true ./rpi23-gen-image.sh
29 ENABLE_CONSOLE=false ENABLE_IPV6=false ./rpi23-gen-image.sh
29 ENABLE_CONSOLE=false ENABLE_IPV6=false ./rpi23-gen-image.sh
30 ENABLE_WM=xfce4 ENABLE_FBTURBO=true ENABLE_MINBASE=true ./rpi23-gen-image.sh
30 ENABLE_WM=xfce4 ENABLE_FBTURBO=true ENABLE_MINBASE=true ./rpi23-gen-image.sh
31 ENABLE_HARDNET=true ENABLE_IPTABLES=true /rpi23-gen-image.sh
31 ENABLE_HARDNET=true ENABLE_IPTABLES=true /rpi23-gen-image.sh
32 APT_SERVER=ftp.de.debian.org APT_PROXY="http://127.0.0.1:3142/" ./rpi23-gen-image.sh
32 APT_SERVER=ftp.de.debian.org APT_PROXY="http://127.0.0.1:3142/" ./rpi23-gen-image.sh
33 ENABLE_MINBASE=true ./rpi23-gen-image.sh
33 ENABLE_MINBASE=true ./rpi23-gen-image.sh
34 BUILD_KERNEL=true ENABLE_MINBASE=true ENABLE_IPV6=false ./rpi23-gen-image.sh
34 BUILD_KERNEL=true ENABLE_MINBASE=true ENABLE_IPV6=false ./rpi23-gen-image.sh
35 BUILD_KERNEL=true KERNELSRC_DIR=/tmp/linux ./rpi23-gen-image.sh
35 BUILD_KERNEL=true KERNELSRC_DIR=/tmp/linux ./rpi23-gen-image.sh
36 ENABLE_MINBASE=true ENABLE_REDUCE=true ENABLE_MINGPU=true BUILD_KERNEL=true ./rpi23-gen-image.sh
36 ENABLE_MINBASE=true ENABLE_REDUCE=true ENABLE_MINGPU=true BUILD_KERNEL=true ./rpi23-gen-image.sh
37 ENABLE_CRYPTFS=true CRYPTFS_PASSWORD=changeme EXPANDROOT=false ENABLE_MINBASE=true ENABLE_REDUCE=true ENABLE_MINGPU=true BUILD_KERNEL=true ./rpi23-gen-image.sh
37 ENABLE_CRYPTFS=true CRYPTFS_PASSWORD=changeme EXPANDROOT=false ENABLE_MINBASE=true ENABLE_REDUCE=true ENABLE_MINGPU=true BUILD_KERNEL=true ./rpi23-gen-image.sh
38 RELEASE=stretch BUILD_KERNEL=true ./rpi23-gen-image.sh
38 RELEASE=stretch BUILD_KERNEL=true ./rpi23-gen-image.sh
39 RPI_MODEL=3 ENABLE_WIRELESS=true ENABLE_MINBASE=true BUILD_KERNEL=true ./rpi23-gen-image.sh
39 RPI_MODEL=3 ENABLE_WIRELESS=true ENABLE_MINBASE=true BUILD_KERNEL=true ./rpi23-gen-image.sh
40 RELEASE=stretch RPI_MODEL=3 ENABLE_WIRELESS=true ENABLE_MINBASE=true BUILD_KERNEL=true ./rpi23-gen-image.sh
40 RELEASE=stretch RPI_MODEL=3 ENABLE_WIRELESS=true ENABLE_MINBASE=true BUILD_KERNEL=true ./rpi23-gen-image.sh
41 ```
41 ```
42
42
43 ## Configuration template files
43 ## Configuration template files
44 To avoid long lists of command-line parameters and to help to store the favourite parameter configurations the `rpi23-gen-image.sh` script supports so called configuration template files (`CONFIG_TEMPLATE`=template). These are simple text files located in the `./templates` directory that contain the list of configuration parameters that will be used. New configuration template files can be added to the `./templates` directory.
44 To avoid long lists of command-line parameters and to help to store the favourite parameter configurations the `rpi23-gen-image.sh` script supports so called configuration template files (`CONFIG_TEMPLATE`=template). These are simple text files located in the `./templates` directory that contain the list of configuration parameters that will be used. New configuration template files can be added to the `./templates` directory.
45
45
46 #####Command-line examples:
46 #####Command-line examples:
47 ```shell
47 ```shell
48 CONFIG_TEMPLATE=rpi3stretch ./rpi23-gen-image.sh
48 CONFIG_TEMPLATE=rpi3stretch ./rpi23-gen-image.sh
49 CONFIG_TEMPLATE=rpi2stretch ./rpi23-gen-image.sh
49 CONFIG_TEMPLATE=rpi2stretch ./rpi23-gen-image.sh
50 ```
50 ```
51
51
52 ## Supported parameters and settings
52 ## Supported parameters and settings
53 #### APT settings:
53 #### APT settings:
54 ##### `APT_SERVER`="ftp.debian.org"
54 ##### `APT_SERVER`="ftp.debian.org"
55 Set Debian packages server address. Choose a server from the list of Debian worldwide [mirror sites](https://www.debian.org/mirror/list). Using a nearby server will probably speed-up all required downloads within the bootstrapping process.
55 Set Debian packages server address. Choose a server from the list of Debian worldwide [mirror sites](https://www.debian.org/mirror/list). Using a nearby server will probably speed-up all required downloads within the bootstrapping process.
56
56
57 ##### `APT_PROXY`=""
57 ##### `APT_PROXY`=""
58 Set Proxy server address. Using a local Proxy-Cache like `apt-cacher-ng` will speed-up the bootstrapping process because all required Debian packages will only be downloaded from the Debian mirror site once.
58 Set Proxy server address. Using a local Proxy-Cache like `apt-cacher-ng` will speed-up the bootstrapping process because all required Debian packages will only be downloaded from the Debian mirror site once.
59
59
60 ##### `APT_INCLUDES`=""
60 ##### `APT_INCLUDES`=""
61 A comma separated list of additional packages to be installed during bootstrapping.
61 A comma separated list of additional packages to be installed during bootstrapping.
62
62
63 ---
63 ---
64
64
65 #### General system settings:
65 #### General system settings:
66 ##### `RPI_MODEL`=2
66 ##### `RPI_MODEL`=2
67 Specifiy the target Raspberry Pi hardware model. The script at this time supports the Raspberry Pi models `2` and `3`. `BUILD_KERNEL`=true will automatically be set if the Raspberry Pi model `3` is used.
67 Specifiy the target Raspberry Pi hardware model. The script at this time supports the Raspberry Pi models `2` and `3`. `BUILD_KERNEL`=true will automatically be set if the Raspberry Pi model `3` is used.
68
68
69 ##### `RELEASE`="jessie"
69 ##### `RELEASE`="jessie"
70 Set the desired Debian release name. The script at this time supports the bootstrapping of the Debian releases "jessie" and "stretch". `BUILD_KERNEL`=true will automatically be set if the Debian release `stretch` is used.
70 Set the desired Debian release name. The script at this time supports the bootstrapping of the Debian releases "jessie" and "stretch". `BUILD_KERNEL`=true will automatically be set if the Debian release `stretch` is used.
71
71
72 ##### `HOSTNAME`="rpi$RPI_MODEL-$RELEASE"
72 ##### `HOSTNAME`="rpi$RPI_MODEL-$RELEASE"
73 Set system host name. It's recommended that the host name is unique in the corresponding subnet.
73 Set system host name. It's recommended that the host name is unique in the corresponding subnet.
74
74
75 ##### `PASSWORD`="raspberry"
75 ##### `PASSWORD`="raspberry"
76 Set system `root` password. It's **STRONGLY** recommended that you choose a custom password.
76 Set system `root` password. It's **STRONGLY** recommended that you choose a custom password.
77
77
78 ##### `USER_PASSWORD`="raspberry"
78 ##### `USER_PASSWORD`="raspberry"
79 Set password for the created non-root user `USER_NAME`=pi. Ignored if `ENABLE_USER`=false. It's **STRONGLY** recommended that you choose a custom password.
79 Set password for the created non-root user `USER_NAME`=pi. Ignored if `ENABLE_USER`=false. It's **STRONGLY** recommended that you choose a custom password.
80
80
81 ##### `DEFLOCAL`="en_US.UTF-8"
81 ##### `DEFLOCAL`="en_US.UTF-8"
82 Set default system locale. This setting can also be changed inside the running OS using the `dpkg-reconfigure locales` command. Please note that on using this parameter the script will automatically install the required packages `locales`, `keyboard-configuration` and `console-setup`.
82 Set default system locale. This setting can also be changed inside the running OS using the `dpkg-reconfigure locales` command. Please note that on using this parameter the script will automatically install the required packages `locales`, `keyboard-configuration` and `console-setup`.
83
83
84 ##### `TIMEZONE`="Europe/Berlin"
84 ##### `TIMEZONE`="Europe/Berlin"
85 Set default system timezone. All available timezones can be found in the `/usr/share/zoneinfo/` directory. This setting can also be changed inside the running OS using the `dpkg-reconfigure tzdata` command.
85 Set default system timezone. All available timezones can be found in the `/usr/share/zoneinfo/` directory. This setting can also be changed inside the running OS using the `dpkg-reconfigure tzdata` command.
86
86
87 ##### `EXPANDROOT`=true
87 ##### `EXPANDROOT`=true
88 Expand the root partition and filesystem automatically on first boot.
88 Expand the root partition and filesystem automatically on first boot.
89
89
90 ---
90 ---
91
91
92 #### Keyboard settings:
92 #### Keyboard settings:
93 These options are used to configure keyboard layout in `/etc/default/keyboard` for console and Xorg. These settings can also be changed inside the running OS using the `dpkg-reconfigure keyboard-configuration` command.
93 These options are used to configure keyboard layout in `/etc/default/keyboard` for console and Xorg. These settings can also be changed inside the running OS using the `dpkg-reconfigure keyboard-configuration` command.
94
94
95 ##### `XKB_MODEL`=""
95 ##### `XKB_MODEL`=""
96 Set the name of the model of your keyboard type.
96 Set the name of the model of your keyboard type.
97
97
98 ##### `XKB_LAYOUT`=""
98 ##### `XKB_LAYOUT`=""
99 Set the supported keyboard layout(s).
99 Set the supported keyboard layout(s).
100
100
101 ##### `XKB_VARIANT`=""
101 ##### `XKB_VARIANT`=""
102 Set the supported variant(s) of the keyboard layout(s).
102 Set the supported variant(s) of the keyboard layout(s).
103
103
104 ##### `XKB_OPTIONS`=""
104 ##### `XKB_OPTIONS`=""
105 Set extra xkb configuration options.
105 Set extra xkb configuration options.
106
106
107 ---
107 ---
108
108
109 #### Networking settings (DHCP):
109 #### Networking settings (DHCP):
110 This parameter is used to set up networking auto configuration in `/etc/systemd/network/eth.network`. The default location of network configuration files in the Debian `stretch` release was changed to `/lib/systemd/network`.`
110 This parameter is used to set up networking auto configuration in `/etc/systemd/network/eth.network`. The default location of network configuration files in the Debian `stretch` release was changed to `/lib/systemd/network`.`
111
111
112 #####`ENABLE_DHCP`=true
112 #####`ENABLE_DHCP`=true
113 Set the system to use DHCP. This requires an DHCP server.
113 Set the system to use DHCP. This requires an DHCP server.
114
114
115 ---
115 ---
116
116
117 #### Networking settings (static):
117 #### Networking settings (static):
118 These parameters are used to set up a static networking configuration in `/etc/systemd/network/eth.network`. The following static networking parameters are only supported if `ENABLE_DHCP` was set to `false`. The default location of network configuration files in the Debian `stretch` release was changed to `/lib/systemd/network`.
118 These parameters are used to set up a static networking configuration in `/etc/systemd/network/eth.network`. The following static networking parameters are only supported if `ENABLE_DHCP` was set to `false`. The default location of network configuration files in the Debian `stretch` release was changed to `/lib/systemd/network`.
119
119
120 #####`NET_ADDRESS`=""
120 #####`NET_ADDRESS`=""
121 Set a static IPv4 or IPv6 address and its prefix, separated by "/", eg. "192.169.0.3/24".
121 Set a static IPv4 or IPv6 address and its prefix, separated by "/", eg. "192.169.0.3/24".
122
122
123 #####`NET_GATEWAY`=""
123 #####`NET_GATEWAY`=""
124 Set the IP address for the default gateway.
124 Set the IP address for the default gateway.
125
125
126 #####`NET_DNS_1`=""
126 #####`NET_DNS_1`=""
127 Set the IP address for the first DNS server.
127 Set the IP address for the first DNS server.
128
128
129 #####`NET_DNS_2`=""
129 #####`NET_DNS_2`=""
130 Set the IP address for the second DNS server.
130 Set the IP address for the second DNS server.
131
131
132 #####`NET_DNS_DOMAINS`=""
132 #####`NET_DNS_DOMAINS`=""
133 Set the default DNS search domains to use for non fully qualified host names.
133 Set the default DNS search domains to use for non fully qualified host names.
134
134
135 #####`NET_NTP_1`=""
135 #####`NET_NTP_1`=""
136 Set the IP address for the first NTP server.
136 Set the IP address for the first NTP server.
137
137
138 #####`NET_NTP_2`=""
138 #####`NET_NTP_2`=""
139 Set the IP address for the second NTP server.
139 Set the IP address for the second NTP server.
140
140
141 ---
141 ---
142
142
143 #### Basic system features:
143 #### Basic system features:
144 ##### `ENABLE_CONSOLE`=true
144 ##### `ENABLE_CONSOLE`=true
145 Enable serial console interface. Recommended if no monitor or keyboard is connected to the RPi2/3. In case of problems fe. if the network (auto) configuration failed - the serial console can be used to access the system.
145 Enable serial console interface. Recommended if no monitor or keyboard is connected to the RPi2/3. In case of problems fe. if the network (auto) configuration failed - the serial console can be used to access the system.
146
146
147 ##### `ENABLE_I2C`=false
147 ##### `ENABLE_I2C`=false
148 Enable I2C interface on the RPi2/3. Please check the [RPi2/3 pinout diagrams](http://elinux.org/RPi_Low-level_peripherals) to connect the right GPIO pins.
148 Enable I2C interface on the RPi2/3. Please check the [RPi2/3 pinout diagrams](http://elinux.org/RPi_Low-level_peripherals) to connect the right GPIO pins.
149
149
150 ##### `ENABLE_SPI`=false
150 ##### `ENABLE_SPI`=false
151 Enable SPI interface on the RPi2/3. Please check the [RPi2/3 pinout diagrams](http://elinux.org/RPi_Low-level_peripherals) to connect the right GPIO pins.
151 Enable SPI interface on the RPi2/3. Please check the [RPi2/3 pinout diagrams](http://elinux.org/RPi_Low-level_peripherals) to connect the right GPIO pins.
152
152
153 ##### `ENABLE_IPV6`=true
153 ##### `ENABLE_IPV6`=true
154 Enable IPv6 support. The network interface configuration is managed via systemd-networkd.
154 Enable IPv6 support. The network interface configuration is managed via systemd-networkd.
155
155
156 ##### `ENABLE_SSHD`=true
156 ##### `ENABLE_SSHD`=true
157 Install and enable OpenSSH service. The default configuration of the service doesn't allow `root` to login. Please use the user `pi` instead and `su -` or `sudo` to execute commands as root.
157 Install and enable OpenSSH service. The default configuration of the service doesn't allow `root` to login. Please use the user `pi` instead and `su -` or `sudo` to execute commands as root.
158
158
159 ##### `ENABLE_NONFREE`=false
159 ##### `ENABLE_NONFREE`=false
160 Allow the installation of non-free Debian packages that do not comply with the DFSG. This is required to install closed-source firmware binary blobs.
160 Allow the installation of non-free Debian packages that do not comply with the DFSG. This is required to install closed-source firmware binary blobs.
161
161
162 ##### `ENABLE_WIRELESS`=false
162 ##### `ENABLE_WIRELESS`=false
163 Download and install the [closed-source firmware binary blob](https://github.com/RPi-Distro/firmware-nonfree/tree/master/brcm80211/brcm) that is required to run the internal wireless interface of the Raspberry Pi model `3`. This parameter is ignored if the specified `RPI_MODEL` is not `3`.
163 Download and install the [closed-source firmware binary blob](https://github.com/RPi-Distro/firmware-nonfree/tree/master/brcm80211/brcm) that is required to run the internal wireless interface of the Raspberry Pi model `3`. This parameter is ignored if the specified `RPI_MODEL` is not `3`.
164
164
165 ##### `ENABLE_RSYSLOG`=true
165 ##### `ENABLE_RSYSLOG`=true
166 If set to false, disable and uninstall rsyslog (so logs will be available only
166 If set to false, disable and uninstall rsyslog (so logs will be available only
167 in journal files)
167 in journal files)
168
168
169 ##### `ENABLE_SOUND`=true
169 ##### `ENABLE_SOUND`=true
170 Enable sound hardware and install Advanced Linux Sound Architecture.
170 Enable sound hardware and install Advanced Linux Sound Architecture.
171
171
172 ##### `ENABLE_HWRANDOM`=true
172 ##### `ENABLE_HWRANDOM`=true
173 Enable Hardware Random Number Generator. Strong random numbers are important for most network based communications that use encryption. It's recommended to be enabled.
173 Enable Hardware Random Number Generator. Strong random numbers are important for most network based communications that use encryption. It's recommended to be enabled.
174
174
175 ##### `ENABLE_MINGPU`=false
175 ##### `ENABLE_MINGPU`=false
176 Minimize the amount of shared memory reserved for the GPU. It doesn't seem to be possible to fully disable the GPU.
176 Minimize the amount of shared memory reserved for the GPU. It doesn't seem to be possible to fully disable the GPU.
177
177
178 ##### `ENABLE_DBUS`=true
178 ##### `ENABLE_DBUS`=true
179 Install and enable D-Bus message bus. Please note that systemd should work without D-bus but it's recommended to be enabled.
179 Install and enable D-Bus message bus. Please note that systemd should work without D-bus but it's recommended to be enabled.
180
180
181 ##### `ENABLE_XORG`=false
181 ##### `ENABLE_XORG`=false
182 Install Xorg open-source X Window System.
182 Install Xorg open-source X Window System.
183
183
184 ##### `ENABLE_WM`=""
184 ##### `ENABLE_WM`=""
185 Install a user defined window manager for the X Window System. To make sure all X related package dependencies are getting installed `ENABLE_XORG` will automatically get enabled if `ENABLE_WM` is used. The `rpi23-gen-image.sh` script has been tested with the following list of window managers: `blackbox`, `openbox`, `fluxbox`, `jwm`, `dwm`, `xfce4`, `awesome`.
185 Install a user defined window manager for the X Window System. To make sure all X related package dependencies are getting installed `ENABLE_XORG` will automatically get enabled if `ENABLE_WM` is used. The `rpi23-gen-image.sh` script has been tested with the following list of window managers: `blackbox`, `openbox`, `fluxbox`, `jwm`, `dwm`, `xfce4`, `awesome`.
186
186
187 ---
187 ---
188
188
189 #### Advanced system features:
189 #### Advanced system features:
190 ##### `ENABLE_MINBASE`=false
190 ##### `ENABLE_MINBASE`=false
191 Use debootstrap script variant `minbase` which only includes essential packages and apt. This will reduce the disk usage by about 65 MB.
191 Use debootstrap script variant `minbase` which only includes essential packages and apt. This will reduce the disk usage by about 65 MB.
192
192
193 ##### `ENABLE_REDUCE`=false
193 ##### `ENABLE_REDUCE`=false
194 Reduce the disk space usage by deleting packages and files. See `REDUCE_*` parameters for detailed information.
194 Reduce the disk space usage by deleting packages and files. See `REDUCE_*` parameters for detailed information.
195
195
196 ##### `ENABLE_UBOOT`=false
196 ##### `ENABLE_UBOOT`=false
197 Replace the default RPi2/3 second stage bootloader (bootcode.bin) with [U-Boot bootloader](http://git.denx.de/?p=u-boot.git;a=summary). U-Boot can boot images via the network using the BOOTP/TFTP protocol.
197 Replace the default RPi2/3 second stage bootloader (bootcode.bin) with [U-Boot bootloader](http://git.denx.de/?p=u-boot.git;a=summary). U-Boot can boot images via the network using the BOOTP/TFTP protocol.
198
198
199 ##### `UBOOTSRC_DIR`=""
199 ##### `UBOOTSRC_DIR`=""
200 Path to a directory of [U-Boot bootloader sources](http://git.denx.de/?p=u-boot.git;a=summary) that will be copied, configured, build and installed inside the chroot.
200 Path to a directory of [U-Boot bootloader sources](http://git.denx.de/?p=u-boot.git;a=summary) that will be copied, configured, build and installed inside the chroot.
201
201
202 ##### `ENABLE_FBTURBO`=false
202 ##### `ENABLE_FBTURBO`=false
203 Install and enable the [hardware accelerated Xorg video driver](https://github.com/ssvb/xf86-video-fbturbo) `fbturbo`. Please note that this driver is currently limited to hardware accelerated window moving and scrolling.
203 Install and enable the [hardware accelerated Xorg video driver](https://github.com/ssvb/xf86-video-fbturbo) `fbturbo`. Please note that this driver is currently limited to hardware accelerated window moving and scrolling.
204
204
205 ##### `ENABLE_IPTABLES`=false
205 ##### `ENABLE_IPTABLES`=false
206 Enable iptables IPv4/IPv6 firewall. Simplified ruleset: Allow all outgoing connections. Block all incoming connections except to OpenSSH service.
206 Enable iptables IPv4/IPv6 firewall. Simplified ruleset: Allow all outgoing connections. Block all incoming connections except to OpenSSH service.
207
207
208 ##### `ENABLE_USER`=true
208 ##### `ENABLE_USER`=true
209 Create non-root user with password `USER_PASSWORD`=raspberry. Unless overridden with `USER_NAME`=user, username will be `pi`.
209 Create non-root user with password `USER_PASSWORD`=raspberry. Unless overridden with `USER_NAME`=user, username will be `pi`.
210
210
211 ##### `USER_NAME`=pi
211 ##### `USER_NAME`=pi
212 Non-root user to create. Ignored if `ENABLE_USER`=false
212 Non-root user to create. Ignored if `ENABLE_USER`=false
213
213
214 ##### `ENABLE_ROOT`=false
214 ##### `ENABLE_ROOT`=false
215 Set root user password so root login will be enabled
215 Set root user password so root login will be enabled
216
216
217 ##### `ENABLE_HARDNET`=false
217 ##### `ENABLE_HARDNET`=false
218 Enable IPv4/IPv6 network stack hardening settings.
218 Enable IPv4/IPv6 network stack hardening settings.
219
219
220 ##### `ENABLE_SPLITFS`=false
220 ##### `ENABLE_SPLITFS`=false
221 Enable having root partition on an USB drive by creating two image files: one for the `/boot/firmware` mount point, and another for `/`.
221 Enable having root partition on an USB drive by creating two image files: one for the `/boot/firmware` mount point, and another for `/`.
222
222
223 ##### `CHROOT_SCRIPTS`=""
223 ##### `CHROOT_SCRIPTS`=""
224 Path to a directory with scripts that should be run in the chroot before the image is finally built. Every executable file in this directory is run in lexicographical order.
224 Path to a directory with scripts that should be run in the chroot before the image is finally built. Every executable file in this directory is run in lexicographical order.
225
225
226 ##### `ENABLE_INITRAMFS`=false
226 ##### `ENABLE_INITRAMFS`=false
227 Create an initramfs that that will be loaded during the Linux startup process. `ENABLE_INITRAMFS` will automatically get enabled if `ENABLE_CRYPTFS`=true. This parameter will be ignored if `BUILD_KERNEL`=false.
227 Create an initramfs that that will be loaded during the Linux startup process. `ENABLE_INITRAMFS` will automatically get enabled if `ENABLE_CRYPTFS`=true. This parameter will be ignored if `BUILD_KERNEL`=false.
228
228
229 ##### `ENABLE_IFNAMES`=true
229 ##### `ENABLE_IFNAMES`=true
230 Enable automatic assignment of predictable, stable network interface names for all local Ethernet, WLAN interfaces. This might create complex and long interface names. This parameter is only supported if the Debian release `stretch` is used.
230 Enable automatic assignment of predictable, stable network interface names for all local Ethernet, WLAN interfaces. This might create complex and long interface names. This parameter is only supported if the Debian release `stretch` is used.
231
231
232 ##### `DISABLE_UNDERVOLT_WARNINGS`=
232 ##### `DISABLE_UNDERVOLT_WARNINGS`=
233 Disable RPi2/3 under-voltage warnings and overlays. Setting the parameter to `1` will disable the warning overlay. Setting it to `2` will additionally allow RPi2/3 turbo mode when low-voltage is present.
233 Disable RPi2/3 under-voltage warnings and overlays. Setting the parameter to `1` will disable the warning overlay. Setting it to `2` will additionally allow RPi2/3 turbo mode when low-voltage is present.
234
234
235 ---
235 ---
236
236
237 #### SSH settings:
237 #### SSH settings:
238 ##### `SSH_ENABLE_ROOT`=false
238 ##### `SSH_ENABLE_ROOT`=false
239 Enable password root login via SSH. This may be a security risk with default password, use only in trusted environments. `ENABLE_ROOT` must be set to `true`.
239 Enable password root login via SSH. This may be a security risk with default password, use only in trusted environments. `ENABLE_ROOT` must be set to `true`.
240
240
241 ##### `SSH_DISABLE_PASSWORD_AUTH`=false
241 ##### `SSH_DISABLE_PASSWORD_AUTH`=false
242 Disable password based SSH authentication. Only public key based SSH (v2) authentication will be supported.
242 Disable password based SSH authentication. Only public key based SSH (v2) authentication will be supported.
243
243
244 ##### `SSH_LIMIT_USERS`=false
244 ##### `SSH_LIMIT_USERS`=false
245 Limit the users that are allowed to login via SSH. Only allow user `USER_NAME`=pi and root if `SSH_ENABLE_ROOT`=true to login.
245 Limit the users that are allowed to login via SSH. Only allow user `USER_NAME`=pi and root if `SSH_ENABLE_ROOT`=true to login.
246
246
247 ##### `SSH_ROOT_PUB_KEY`=""
247 ##### `SSH_ROOT_PUB_KEY`=""
248 Add SSH (v2) public key(s) from specified file to `authorized_keys` file to enable public key based SSH (v2) authentication of user `root`. The specified file can also contain multiple SSH (v2) public keys. SSH protocol version 1 is not supported. `ENABLE_ROOT` **and** `SSH_ENABLE_ROOT` must be set to `true`.
248 Add SSH (v2) public key(s) from specified file to `authorized_keys` file to enable public key based SSH (v2) authentication of user `root`. The specified file can also contain multiple SSH (v2) public keys. SSH protocol version 1 is not supported. `ENABLE_ROOT` **and** `SSH_ENABLE_ROOT` must be set to `true`.
249
249
250 ##### `SSH_USER_PUB_KEY`=""
250 ##### `SSH_USER_PUB_KEY`=""
251 Add SSH (v2) public key(s) from specified file to `authorized_keys` file to enable public key based SSH (v2) authentication of user `USER_NAME`=pi. The specified file can also contain multiple SSH (v2) public keys. SSH protocol version 1 is not supported.
251 Add SSH (v2) public key(s) from specified file to `authorized_keys` file to enable public key based SSH (v2) authentication of user `USER_NAME`=pi. The specified file can also contain multiple SSH (v2) public keys. SSH protocol version 1 is not supported.
252
252
253 ---
253 ---
254
254
255 #### Kernel compilation:
255 #### Kernel compilation:
256 ##### `BUILD_KERNEL`=false
256 ##### `BUILD_KERNEL`=false
257 Build and install the latest RPi2/3 Linux kernel. Currently only the default RPi2/3 kernel configuration is used. `BUILD_KERNEL`=true will automatically be set if the Raspberry Pi model `3` is used.
257 Build and install the latest RPi2/3 Linux kernel. Currently only the default RPi2/3 kernel configuration is used. `BUILD_KERNEL`=true will automatically be set if the Raspberry Pi model `3` is used.
258
258
259 ##### `KERNEL_REDUCE`=false
259 ##### `KERNEL_REDUCE`=false
260 Reduce the size of the generated kernel by removing unwanted device, network and filesystem drivers (experimental).
260 Reduce the size of the generated kernel by removing unwanted device, network and filesystem drivers (experimental).
261
261
262 ##### `KERNEL_THREADS`=1
262 ##### `KERNEL_THREADS`=1
263 Number of parallel kernel building threads. If the parameter is left untouched the script will automatically determine the number of CPU cores to set the number of parallel threads to speed the kernel compilation.
263 Number of parallel kernel building threads. If the parameter is left untouched the script will automatically determine the number of CPU cores to set the number of parallel threads to speed the kernel compilation.
264
264
265 ##### `KERNEL_HEADERS`=true
265 ##### `KERNEL_HEADERS`=true
266 Install kernel headers with built kernel.
266 Install kernel headers with built kernel.
267
267
268 ##### `KERNEL_MENUCONFIG`=false
268 ##### `KERNEL_MENUCONFIG`=false
269 Start `make menuconfig` interactive menu-driven kernel configuration. The script will continue after `make menuconfig` was terminated.
269 Start `make menuconfig` interactive menu-driven kernel configuration. The script will continue after `make menuconfig` was terminated.
270
270
271 ##### `KERNEL_REMOVESRC`=true
271 ##### `KERNEL_REMOVESRC`=true
272 Remove all kernel sources from the generated OS image after it was built and installed.
272 Remove all kernel sources from the generated OS image after it was built and installed.
273
273
274 ##### `KERNELSRC_DIR`=""
274 ##### `KERNELSRC_DIR`=""
275 Path to a directory of [RaspberryPi Linux kernel sources](https://github.com/raspberrypi/linux) that will be copied, configured, build and installed inside the chroot.
275 Path to a directory of [RaspberryPi Linux kernel sources](https://github.com/raspberrypi/linux) that will be copied, configured, build and installed inside the chroot.
276
276
277 ##### `KERNELSRC_CLEAN`=false
277 ##### `KERNELSRC_CLEAN`=false
278 Clean the existing kernel sources directory `KERNELSRC_DIR` (using `make mrproper`) after it was copied to the chroot and before the compilation of the kernel has started. This parameter will be ignored if no `KERNELSRC_DIR` was specified or if `KERNELSRC_PREBUILT`=true.
278 Clean the existing kernel sources directory `KERNELSRC_DIR` (using `make mrproper`) after it was copied to the chroot and before the compilation of the kernel has started. This parameter will be ignored if no `KERNELSRC_DIR` was specified or if `KERNELSRC_PREBUILT`=true.
279
279
280 ##### `KERNELSRC_CONFIG`=true
280 ##### `KERNELSRC_CONFIG`=true
281 Run `make bcm2709_defconfig` (and optional `make menuconfig`) to configure the kernel sources before building. This parameter is automatically set to `true` if no existing kernel sources directory was specified using `KERNELSRC_DIR`. This parameter is ignored if `KERNELSRC_PREBUILT`=true.
281 Run `make bcm2709_defconfig` (and optional `make menuconfig`) to configure the kernel sources before building. This parameter is automatically set to `true` if no existing kernel sources directory was specified using `KERNELSRC_DIR`. This parameter is ignored if `KERNELSRC_PREBUILT`=true.
282
282
283 ##### `KERNELSRC_USRCONFIG`=""
283 ##### `KERNELSRC_USRCONFIG`=""
284 Copy own config file to kernel `.config`. If `KERNEL_MENUCONFIG`=true then running after copy.
284 Copy own config file to kernel `.config`. If `KERNEL_MENUCONFIG`=true then running after copy.
285
285
286 ##### `KERNELSRC_PREBUILT`=false
286 ##### `KERNELSRC_PREBUILT`=false
287 With this parameter set to true the script expects the existing kernel sources directory to be already successfully cross-compiled. The parameters `KERNELSRC_CLEAN`, `KERNELSRC_CONFIG`, `KERNELSRC_USRCONFIG` and `KERNEL_MENUCONFIG` are ignored and no kernel compilation tasks are performed.
287 With this parameter set to true the script expects the existing kernel sources directory to be already successfully cross-compiled. The parameters `KERNELSRC_CLEAN`, `KERNELSRC_CONFIG`, `KERNELSRC_USRCONFIG` and `KERNEL_MENUCONFIG` are ignored and no kernel compilation tasks are performed.
288
288
289 ##### `RPI_FIRMWARE_DIR`=""
289 ##### `RPI_FIRMWARE_DIR`=""
290 The directory containing a local copy of the firmware from the [RaspberryPi firmware project](https://github.com/raspberrypi/firmware). Default is to download the latest firmware directly from the project.
290 The directory containing a local copy of the firmware from the [RaspberryPi firmware project](https://github.com/raspberrypi/firmware). Default is to download the latest firmware directly from the project.
291
291
292 ---
292 ---
293
293
294 #### Reduce disk usage:
294 #### Reduce disk usage:
295 The following list of parameters is ignored if `ENABLE_REDUCE`=false.
295 The following list of parameters is ignored if `ENABLE_REDUCE`=false.
296
296
297 ##### `REDUCE_APT`=true
297 ##### `REDUCE_APT`=true
298 Configure APT to use compressed package repository lists and no package caching files.
298 Configure APT to use compressed package repository lists and no package caching files.
299
299
300 ##### `REDUCE_DOC`=true
300 ##### `REDUCE_DOC`=true
301 Remove all doc files (harsh). Configure APT to not include doc files on future `apt-get` package installations.
301 Remove all doc files (harsh). Configure APT to not include doc files on future `apt-get` package installations.
302
302
303 ##### `REDUCE_MAN`=true
303 ##### `REDUCE_MAN`=true
304 Remove all man pages and info files (harsh). Configure APT to not include man pages on future `apt-get` package installations.
304 Remove all man pages and info files (harsh). Configure APT to not include man pages on future `apt-get` package installations.
305
305
306 ##### `REDUCE_VIM`=false
306 ##### `REDUCE_VIM`=false
307 Replace `vim-tiny` package by `levee` a tiny vim clone.
307 Replace `vim-tiny` package by `levee` a tiny vim clone.
308
308
309 ##### `REDUCE_BASH`=false
309 ##### `REDUCE_BASH`=false
310 Remove `bash` package and switch to `dash` shell (experimental).
310 Remove `bash` package and switch to `dash` shell (experimental).
311
311
312 ##### `REDUCE_HWDB`=true
312 ##### `REDUCE_HWDB`=true
313 Remove PCI related hwdb files (experimental).
313 Remove PCI related hwdb files (experimental).
314
314
315 ##### `REDUCE_SSHD`=true
315 ##### `REDUCE_SSHD`=true
316 Replace `openssh-server` with `dropbear`.
316 Replace `openssh-server` with `dropbear`.
317
317
318 ##### `REDUCE_LOCALE`=true
318 ##### `REDUCE_LOCALE`=true
319 Remove all `locale` translation files.
319 Remove all `locale` translation files.
320
320
321 ---
321 ---
322
322
323 #### Encrypted root partition:
323 #### Encrypted root partition:
324 ##### `ENABLE_CRYPTFS`=false
324 ##### `ENABLE_CRYPTFS`=false
325 Enable full system encryption with dm-crypt. Setup a fully LUKS encrypted root partition (aes-xts-plain64:sha512) and generate required initramfs. The /boot directory will not be encrypted. This parameter will be ignored if `BUILD_KERNEL`=false. `ENABLE_CRYPTFS` is experimental. SSH-to-initramfs is currently not supported but will be soon - feel free to help.
325 Enable full system encryption with dm-crypt. Setup a fully LUKS encrypted root partition (aes-xts-plain64:sha512) and generate required initramfs. The /boot directory will not be encrypted. This parameter will be ignored if `BUILD_KERNEL`=false. `ENABLE_CRYPTFS` is experimental. SSH-to-initramfs is currently not supported but will be soon - feel free to help.
326
326
327 ##### `CRYPTFS_PASSWORD`=""
327 ##### `CRYPTFS_PASSWORD`=""
328 Set password of the encrypted root partition. This parameter is mandatory if `ENABLE_CRYPTFS`=true.
328 Set password of the encrypted root partition. This parameter is mandatory if `ENABLE_CRYPTFS`=true.
329
329
330 ##### `CRYPTFS_MAPPING`="secure"
330 ##### `CRYPTFS_MAPPING`="secure"
331 Set name of dm-crypt managed device-mapper mapping.
331 Set name of dm-crypt managed device-mapper mapping.
332
332
333 ##### `CRYPTFS_CIPHER`="aes-xts-plain64:sha512"
333 ##### `CRYPTFS_CIPHER`="aes-xts-plain64:sha512"
334 Set cipher specification string. `aes-xts*` ciphers are strongly recommended.
334 Set cipher specification string. `aes-xts*` ciphers are strongly recommended.
335
335
336 ##### `CRYPTFS_XTSKEYSIZE`=512
336 ##### `CRYPTFS_XTSKEYSIZE`=512
337 Sets key size in bits. The argument has to be a multiple of 8.
337 Sets key size in bits. The argument has to be a multiple of 8.
338
338
339 ---
340
341 #### Build settings:
342 ##### `BASEDIR`=$(pwd)/images/${RELEASE}
343 Set a path to a working directory used by the script to generate an image.
344
345 ##### `IMAGE_NAME`=${BASEDIR}/${DATE}-rpi${RPI_MODEL}-${RELEASE}
346 Set a filename for the output file(s). Note: the script will create $IMAGE_NAME.img if `ENABLE_SPLITFS`=false or $IMAGE_NAME-frmw.img and $IMAGE_NAME-root.img if `ENABLE_SPLITFS`=true.
347
339 ## Understanding the script
348 ## Understanding the script
340 The functions of this script that are required for the different stages of the bootstrapping are split up into single files located inside the `bootstrap.d` directory. During the bootstrapping every script in this directory gets executed in lexicographical order:
349 The functions of this script that are required for the different stages of the bootstrapping are split up into single files located inside the `bootstrap.d` directory. During the bootstrapping every script in this directory gets executed in lexicographical order:
341
350
342 | Script | Description |
351 | Script | Description |
343 | --- | --- |
352 | --- | --- |
344 | `10-bootstrap.sh` | Debootstrap basic system |
353 | `10-bootstrap.sh` | Debootstrap basic system |
345 | `11-apt.sh` | Setup APT repositories |
354 | `11-apt.sh` | Setup APT repositories |
346 | `12-locale.sh` | Setup Locales and keyboard settings |
355 | `12-locale.sh` | Setup Locales and keyboard settings |
347 | `13-kernel.sh` | Build and install RPi2/3 Kernel |
356 | `13-kernel.sh` | Build and install RPi2/3 Kernel |
348 | `14-rpi-config.sh` | Setup RPi2/3 config and cmdline |
357 | `14-rpi-config.sh` | Setup RPi2/3 config and cmdline |
349 | `20-networking.sh` | Setup Networking |
358 | `20-networking.sh` | Setup Networking |
350 | `21-firewall.sh` | Setup Firewall |
359 | `21-firewall.sh` | Setup Firewall |
351 | `30-security.sh` | Setup Users and Security settings |
360 | `30-security.sh` | Setup Users and Security settings |
352 | `31-logging.sh` | Setup Logging |
361 | `31-logging.sh` | Setup Logging |
353 | `32-sshd.sh` | Setup SSH and public keys |
362 | `32-sshd.sh` | Setup SSH and public keys |
354 | `41-uboot.sh` | Build and Setup U-Boot |
363 | `41-uboot.sh` | Build and Setup U-Boot |
355 | `42-fbturbo.sh` | Build and Setup fbturbo Xorg driver |
364 | `42-fbturbo.sh` | Build and Setup fbturbo Xorg driver |
356 | `50-firstboot.sh` | First boot actions |
365 | `50-firstboot.sh` | First boot actions |
357 | `99-reduce.sh` | Reduce the disk space usage |
366 | `99-reduce.sh` | Reduce the disk space usage |
358
367
359 All the required configuration files that will be copied to the generated OS image are located inside the `files` directory. It is not recommended to modify these configuration files manually.
368 All the required configuration files that will be copied to the generated OS image are located inside the `files` directory. It is not recommended to modify these configuration files manually.
360
369
361 | Directory | Description |
370 | Directory | Description |
362 | --- | --- |
371 | --- | --- |
363 | `apt` | APT management configuration files |
372 | `apt` | APT management configuration files |
364 | `boot` | Boot and RPi2/3 configuration files |
373 | `boot` | Boot and RPi2/3 configuration files |
365 | `dpkg` | Package Manager configuration |
374 | `dpkg` | Package Manager configuration |
366 | `etc` | Configuration files and rc scripts |
375 | `etc` | Configuration files and rc scripts |
367 | `firstboot` | Scripts that get executed on first boot |
376 | `firstboot` | Scripts that get executed on first boot |
368 | `initramfs` | Initramfs scripts |
377 | `initramfs` | Initramfs scripts |
369 | `iptables` | Firewall configuration files |
378 | `iptables` | Firewall configuration files |
370 | `locales` | Locales configuration |
379 | `locales` | Locales configuration |
371 | `modules` | Kernel Modules configuration |
380 | `modules` | Kernel Modules configuration |
372 | `mount` | Fstab configuration |
381 | `mount` | Fstab configuration |
373 | `network` | Networking configuration files |
382 | `network` | Networking configuration files |
374 | `sysctl.d` | Swapping and Network Hardening configuration |
383 | `sysctl.d` | Swapping and Network Hardening configuration |
375 | `xorg` | fbturbo Xorg driver configuration |
384 | `xorg` | fbturbo Xorg driver configuration |
376
385
377 ## Custom packages and scripts
386 ## Custom packages and scripts
378 Debian custom packages, i.e. those not in the debian repositories, can be installed by placing them in the `packages` directory. They are installed immediately after packages from the repositories are installed. Any dependencies listed in the custom packages will be downloaded automatically from the repositories. Do not list these custom packages in `APT_INCLUDES`.
387 Debian custom packages, i.e. those not in the debian repositories, can be installed by placing them in the `packages` directory. They are installed immediately after packages from the repositories are installed. Any dependencies listed in the custom packages will be downloaded automatically from the repositories. Do not list these custom packages in `APT_INCLUDES`.
379
388
380 Scripts in the custom.d directory will be executed after all other installation is complete but before the image is created.
389 Scripts in the custom.d directory will be executed after all other installation is complete but before the image is created.
381
390
382 ## Logging of the bootstrapping process
391 ## Logging of the bootstrapping process
383 All information related to the bootstrapping process and the commands executed by the `rpi23-gen-image.sh` script can easily be saved into a logfile. The common shell command `script` can be used for this purpose:
392 All information related to the bootstrapping process and the commands executed by the `rpi23-gen-image.sh` script can easily be saved into a logfile. The common shell command `script` can be used for this purpose:
384
393
385 ```shell
394 ```shell
386 script -c 'APT_SERVER=ftp.de.debian.org ./rpi23-gen-image.sh' ./build.log
395 script -c 'APT_SERVER=ftp.de.debian.org ./rpi23-gen-image.sh' ./build.log
387 ```
396 ```
388
397
389 ## Flashing the image file
398 ## Flashing the image file
390 After the image file was successfully created by the `rpi23-gen-image.sh` script it can be copied to the microSD card that will be used by the RPi2/3 computer. This can be performed by using the tools `bmaptool` or `dd`. Using `bmaptool` will probably speed-up the copy process because `bmaptool` copies more wisely than `dd`.
399 After the image file was successfully created by the `rpi23-gen-image.sh` script it can be copied to the microSD card that will be used by the RPi2/3 computer. This can be performed by using the tools `bmaptool` or `dd`. Using `bmaptool` will probably speed-up the copy process because `bmaptool` copies more wisely than `dd`.
391
400
392 #####Flashing examples:
401 #####Flashing examples:
393 ```shell
402 ```shell
394 bmaptool copy ./images/jessie/2017-01-23-rpi3-jessie.img /dev/mmcblk0
403 bmaptool copy ./images/jessie/2017-01-23-rpi3-jessie.img /dev/mmcblk0
395 dd bs=4M if=./images/jessie/2017-01-23-rpi3-jessie.img of=/dev/mmcblk0
404 dd bs=4M if=./images/jessie/2017-01-23-rpi3-jessie.img of=/dev/mmcblk0
396 ```
405 ```
397 If you have set `ENABLE_SPLITFS`, copy the `-frmw` image on the microSD card, then the `-root` one on the USB drive:
406 If you have set `ENABLE_SPLITFS`, copy the `-frmw` image on the microSD card, then the `-root` one on the USB drive:
398 ```shell
407 ```shell
399 bmaptool copy ./images/jessie/2017-01-23-rpi3-jessie-frmw.img /dev/mmcblk0
408 bmaptool copy ./images/jessie/2017-01-23-rpi3-jessie-frmw.img /dev/mmcblk0
400 bmaptool copy ./images/jessie/2017-01-23-rpi3-jessie-root.img /dev/sdc
409 bmaptool copy ./images/jessie/2017-01-23-rpi3-jessie-root.img /dev/sdc
401 ```
410 ```
402
411
403 ## External links and references
412 ## External links and references
404 * [Debian worldwide mirror sites](https://www.debian.org/mirror/list)
413 * [Debian worldwide mirror sites](https://www.debian.org/mirror/list)
405 * [Debian Raspberry Pi 2 Wiki](https://wiki.debian.org/RaspberryPi2)
414 * [Debian Raspberry Pi 2 Wiki](https://wiki.debian.org/RaspberryPi2)
406 * [Debian CrossToolchains Wiki](https://wiki.debian.org/CrossToolchains)
415 * [Debian CrossToolchains Wiki](https://wiki.debian.org/CrossToolchains)
407 * [Official Raspberry Pi Firmware on github](https://github.com/raspberrypi/firmware)
416 * [Official Raspberry Pi Firmware on github](https://github.com/raspberrypi/firmware)
408 * [Official Raspberry Pi Kernel on github](https://github.com/raspberrypi/linux)
417 * [Official Raspberry Pi Kernel on github](https://github.com/raspberrypi/linux)
409 * [U-BOOT git repository](http://git.denx.de/?p=u-boot.git;a=summary)
418 * [U-BOOT git repository](http://git.denx.de/?p=u-boot.git;a=summary)
410 * [Xorg DDX driver fbturbo](https://github.com/ssvb/xf86-video-fbturbo)
419 * [Xorg DDX driver fbturbo](https://github.com/ssvb/xf86-video-fbturbo)
411 * [RPi3 Wireless interface firmware](https://github.com/RPi-Distro/firmware-nonfree/tree/master/brcm80211/brcm)
420 * [RPi3 Wireless interface firmware](https://github.com/RPi-Distro/firmware-nonfree/tree/master/brcm80211/brcm)
412 * [Collabora RPi2 Kernel precompiled](https://repositories.collabora.co.uk/debian/)
421 * [Collabora RPi2 Kernel precompiled](https://repositories.collabora.co.uk/debian/)
@@ -1,621 +1,621
1 #!/bin/sh
1 #!/bin/sh
2
2
3 ########################################################################
3 ########################################################################
4 # rpi23-gen-image.sh 2015-2017
4 # rpi23-gen-image.sh 2015-2017
5 #
5 #
6 # Advanced Debian "jessie" and "stretch" bootstrap script for RPi2/3
6 # Advanced Debian "jessie" and "stretch" bootstrap script for RPi2/3
7 #
7 #
8 # This program is free software; you can redistribute it and/or
8 # This program is free software; you can redistribute it and/or
9 # modify it under the terms of the GNU General Public License
9 # modify it under the terms of the GNU General Public License
10 # as published by the Free Software Foundation; either version 2
10 # as published by the Free Software Foundation; either version 2
11 # of the License, or (at your option) any later version.
11 # of the License, or (at your option) any later version.
12 #
12 #
13 # Copyright (C) 2015 Jan Wagner <mail@jwagner.eu>
13 # Copyright (C) 2015 Jan Wagner <mail@jwagner.eu>
14 #
14 #
15 # Big thanks for patches and enhancements by 10+ github contributors!
15 # Big thanks for patches and enhancements by 10+ github contributors!
16 ########################################################################
16 ########################################################################
17
17
18 # Are we running as root?
18 # Are we running as root?
19 if [ "$(id -u)" -ne "0" ] ; then
19 if [ "$(id -u)" -ne "0" ] ; then
20 echo "error: this script must be executed with root privileges!"
20 echo "error: this script must be executed with root privileges!"
21 exit 1
21 exit 1
22 fi
22 fi
23
23
24 # Check if ./functions.sh script exists
24 # Check if ./functions.sh script exists
25 if [ ! -r "./functions.sh" ] ; then
25 if [ ! -r "./functions.sh" ] ; then
26 echo "error: './functions.sh' required script not found!"
26 echo "error: './functions.sh' required script not found!"
27 exit 1
27 exit 1
28 fi
28 fi
29
29
30 # Load utility functions
30 # Load utility functions
31 . ./functions.sh
31 . ./functions.sh
32
32
33 # Load parameters from configuration template file
33 # Load parameters from configuration template file
34 if [ ! -z "$CONFIG_TEMPLATE" ] ; then
34 if [ ! -z "$CONFIG_TEMPLATE" ] ; then
35 use_template
35 use_template
36 fi
36 fi
37
37
38 # Introduce settings
38 # Introduce settings
39 set -e
39 set -e
40 echo -n -e "\n#\n# RPi2/3 Bootstrap Settings\n#\n"
40 echo -n -e "\n#\n# RPi2/3 Bootstrap Settings\n#\n"
41 set -x
41 set -x
42
42
43 # Raspberry Pi model configuration
43 # Raspberry Pi model configuration
44 RPI_MODEL=${RPI_MODEL:=2}
44 RPI_MODEL=${RPI_MODEL:=2}
45 RPI2_DTB_FILE=${RPI2_DTB_FILE:=bcm2709-rpi-2-b.dtb}
45 RPI2_DTB_FILE=${RPI2_DTB_FILE:=bcm2709-rpi-2-b.dtb}
46 RPI2_UBOOT_CONFIG=${RPI2_UBOOT_CONFIG:=rpi_2_defconfig}
46 RPI2_UBOOT_CONFIG=${RPI2_UBOOT_CONFIG:=rpi_2_defconfig}
47 RPI3_DTB_FILE=${RPI3_DTB_FILE:=bcm2710-rpi-3-b.dtb}
47 RPI3_DTB_FILE=${RPI3_DTB_FILE:=bcm2710-rpi-3-b.dtb}
48 RPI3_UBOOT_CONFIG=${RPI3_UBOOT_CONFIG:=rpi_3_32b_defconfig}
48 RPI3_UBOOT_CONFIG=${RPI3_UBOOT_CONFIG:=rpi_3_32b_defconfig}
49
49
50 # Debian release
50 # Debian release
51 RELEASE=${RELEASE:=jessie}
51 RELEASE=${RELEASE:=jessie}
52 KERNEL_ARCH=${KERNEL_ARCH:=arm}
52 KERNEL_ARCH=${KERNEL_ARCH:=arm}
53 RELEASE_ARCH=${RELEASE_ARCH:=armhf}
53 RELEASE_ARCH=${RELEASE_ARCH:=armhf}
54 CROSS_COMPILE=${CROSS_COMPILE:=arm-linux-gnueabihf-}
54 CROSS_COMPILE=${CROSS_COMPILE:=arm-linux-gnueabihf-}
55 COLLABORA_KERNEL=${COLLABORA_KERNEL:=3.18.0-trunk-rpi2}
55 COLLABORA_KERNEL=${COLLABORA_KERNEL:=3.18.0-trunk-rpi2}
56 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcm2709_defconfig}
56 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcm2709_defconfig}
57 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel7.img}
57 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel7.img}
58 QEMU_BINARY=${QEMU_BINARY:=/usr/bin/qemu-arm-static}
58 QEMU_BINARY=${QEMU_BINARY:=/usr/bin/qemu-arm-static}
59
59
60 # URLs
60 # URLs
61 KERNEL_URL=${KERNEL_URL:=https://github.com/raspberrypi/linux}
61 KERNEL_URL=${KERNEL_URL:=https://github.com/raspberrypi/linux}
62 FIRMWARE_URL=${FIRMWARE_URL:=https://github.com/raspberrypi/firmware/raw/master/boot}
62 FIRMWARE_URL=${FIRMWARE_URL:=https://github.com/raspberrypi/firmware/raw/master/boot}
63 WLAN_FIRMWARE_URL=${WLAN_FIRMWARE_URL:=https://github.com/RPi-Distro/firmware-nonfree/raw/master/brcm80211/brcm}
63 WLAN_FIRMWARE_URL=${WLAN_FIRMWARE_URL:=https://github.com/RPi-Distro/firmware-nonfree/raw/master/brcm80211/brcm}
64 COLLABORA_URL=${COLLABORA_URL:=https://repositories.collabora.co.uk/debian}
64 COLLABORA_URL=${COLLABORA_URL:=https://repositories.collabora.co.uk/debian}
65 FBTURBO_URL=${FBTURBO_URL:=https://github.com/ssvb/xf86-video-fbturbo.git}
65 FBTURBO_URL=${FBTURBO_URL:=https://github.com/ssvb/xf86-video-fbturbo.git}
66 UBOOT_URL=${UBOOT_URL:=git://git.denx.de/u-boot.git}
66 UBOOT_URL=${UBOOT_URL:=git://git.denx.de/u-boot.git}
67
67
68 # Build directories
68 # Build directories
69 BASEDIR="$(pwd)/images/${RELEASE}"
69 BASEDIR=${BASEDIR:=$(pwd)/images/${RELEASE}}
70 BUILDDIR="${BASEDIR}/build"
70 BUILDDIR="${BASEDIR}/build"
71 # Prepare date string for default image file name
72 DATE="$(date +%Y-%m-%d)"
73 IMAGE_NAME=${IMAGE_NAME:=${BASEDIR}/${DATE}-rpi${RPI_MODEL}-${RELEASE}}
71
74
72 # Chroot directories
75 # Chroot directories
73 R="${BUILDDIR}/chroot"
76 R="${BUILDDIR}/chroot"
74 ETC_DIR="${R}/etc"
77 ETC_DIR="${R}/etc"
75 LIB_DIR="${R}/lib"
78 LIB_DIR="${R}/lib"
76 BOOT_DIR="${R}/boot/firmware"
79 BOOT_DIR="${R}/boot/firmware"
77 KERNEL_DIR="${R}/usr/src/linux"
80 KERNEL_DIR="${R}/usr/src/linux"
78 WLAN_FIRMWARE_DIR="${R}/lib/firmware/brcm"
81 WLAN_FIRMWARE_DIR="${R}/lib/firmware/brcm"
79
82
80 # Firmware directory: Blank if download from github
83 # Firmware directory: Blank if download from github
81 RPI_FIRMWARE_DIR=${RPI_FIRMWARE_DIR:=""}
84 RPI_FIRMWARE_DIR=${RPI_FIRMWARE_DIR:=""}
82
85
83 # General settings
86 # General settings
84 HOSTNAME=${HOSTNAME:=rpi${RPI_MODEL}-${RELEASE}}
87 HOSTNAME=${HOSTNAME:=rpi${RPI_MODEL}-${RELEASE}}
85 PASSWORD=${PASSWORD:=raspberry}
88 PASSWORD=${PASSWORD:=raspberry}
86 USER_PASSWORD=${USER_PASSWORD:=raspberry}
89 USER_PASSWORD=${USER_PASSWORD:=raspberry}
87 DEFLOCAL=${DEFLOCAL:="en_US.UTF-8"}
90 DEFLOCAL=${DEFLOCAL:="en_US.UTF-8"}
88 TIMEZONE=${TIMEZONE:="Europe/Berlin"}
91 TIMEZONE=${TIMEZONE:="Europe/Berlin"}
89 EXPANDROOT=${EXPANDROOT:=true}
92 EXPANDROOT=${EXPANDROOT:=true}
90
93
91 # Keyboard settings
94 # Keyboard settings
92 XKB_MODEL=${XKB_MODEL:=""}
95 XKB_MODEL=${XKB_MODEL:=""}
93 XKB_LAYOUT=${XKB_LAYOUT:=""}
96 XKB_LAYOUT=${XKB_LAYOUT:=""}
94 XKB_VARIANT=${XKB_VARIANT:=""}
97 XKB_VARIANT=${XKB_VARIANT:=""}
95 XKB_OPTIONS=${XKB_OPTIONS:=""}
98 XKB_OPTIONS=${XKB_OPTIONS:=""}
96
99
97 # Network settings (DHCP)
100 # Network settings (DHCP)
98 ENABLE_DHCP=${ENABLE_DHCP:=true}
101 ENABLE_DHCP=${ENABLE_DHCP:=true}
99
102
100 # Network settings (static)
103 # Network settings (static)
101 NET_ADDRESS=${NET_ADDRESS:=""}
104 NET_ADDRESS=${NET_ADDRESS:=""}
102 NET_GATEWAY=${NET_GATEWAY:=""}
105 NET_GATEWAY=${NET_GATEWAY:=""}
103 NET_DNS_1=${NET_DNS_1:=""}
106 NET_DNS_1=${NET_DNS_1:=""}
104 NET_DNS_2=${NET_DNS_2:=""}
107 NET_DNS_2=${NET_DNS_2:=""}
105 NET_DNS_DOMAINS=${NET_DNS_DOMAINS:=""}
108 NET_DNS_DOMAINS=${NET_DNS_DOMAINS:=""}
106 NET_NTP_1=${NET_NTP_1:=""}
109 NET_NTP_1=${NET_NTP_1:=""}
107 NET_NTP_2=${NET_NTP_2:=""}
110 NET_NTP_2=${NET_NTP_2:=""}
108
111
109 # APT settings
112 # APT settings
110 APT_PROXY=${APT_PROXY:=""}
113 APT_PROXY=${APT_PROXY:=""}
111 APT_SERVER=${APT_SERVER:="ftp.debian.org"}
114 APT_SERVER=${APT_SERVER:="ftp.debian.org"}
112
115
113 # Feature settings
116 # Feature settings
114 ENABLE_CONSOLE=${ENABLE_CONSOLE:=true}
117 ENABLE_CONSOLE=${ENABLE_CONSOLE:=true}
115 ENABLE_I2C=${ENABLE_I2C:=false}
118 ENABLE_I2C=${ENABLE_I2C:=false}
116 ENABLE_SPI=${ENABLE_SPI:=false}
119 ENABLE_SPI=${ENABLE_SPI:=false}
117 ENABLE_IPV6=${ENABLE_IPV6:=true}
120 ENABLE_IPV6=${ENABLE_IPV6:=true}
118 ENABLE_SSHD=${ENABLE_SSHD:=true}
121 ENABLE_SSHD=${ENABLE_SSHD:=true}
119 ENABLE_NONFREE=${ENABLE_NONFREE:=false}
122 ENABLE_NONFREE=${ENABLE_NONFREE:=false}
120 ENABLE_WIRELESS=${ENABLE_WIRELESS:=false}
123 ENABLE_WIRELESS=${ENABLE_WIRELESS:=false}
121 ENABLE_SOUND=${ENABLE_SOUND:=true}
124 ENABLE_SOUND=${ENABLE_SOUND:=true}
122 ENABLE_DBUS=${ENABLE_DBUS:=true}
125 ENABLE_DBUS=${ENABLE_DBUS:=true}
123 ENABLE_HWRANDOM=${ENABLE_HWRANDOM:=true}
126 ENABLE_HWRANDOM=${ENABLE_HWRANDOM:=true}
124 ENABLE_MINGPU=${ENABLE_MINGPU:=false}
127 ENABLE_MINGPU=${ENABLE_MINGPU:=false}
125 ENABLE_XORG=${ENABLE_XORG:=false}
128 ENABLE_XORG=${ENABLE_XORG:=false}
126 ENABLE_WM=${ENABLE_WM:=""}
129 ENABLE_WM=${ENABLE_WM:=""}
127 ENABLE_RSYSLOG=${ENABLE_RSYSLOG:=true}
130 ENABLE_RSYSLOG=${ENABLE_RSYSLOG:=true}
128 ENABLE_USER=${ENABLE_USER:=true}
131 ENABLE_USER=${ENABLE_USER:=true}
129 USER_NAME=${USER_NAME:="pi"}
132 USER_NAME=${USER_NAME:="pi"}
130 ENABLE_ROOT=${ENABLE_ROOT:=false}
133 ENABLE_ROOT=${ENABLE_ROOT:=false}
131
134
132 # SSH settings
135 # SSH settings
133 SSH_ENABLE_ROOT=${SSH_ENABLE_ROOT:=false}
136 SSH_ENABLE_ROOT=${SSH_ENABLE_ROOT:=false}
134 SSH_DISABLE_PASSWORD_AUTH=${SSH_DISABLE_PASSWORD_AUTH:=false}
137 SSH_DISABLE_PASSWORD_AUTH=${SSH_DISABLE_PASSWORD_AUTH:=false}
135 SSH_LIMIT_USERS=${SSH_LIMIT_USERS:=false}
138 SSH_LIMIT_USERS=${SSH_LIMIT_USERS:=false}
136 SSH_ROOT_PUB_KEY=${SSH_ROOT_PUB_KEY:=""}
139 SSH_ROOT_PUB_KEY=${SSH_ROOT_PUB_KEY:=""}
137 SSH_USER_PUB_KEY=${SSH_USER_PUB_KEY:=""}
140 SSH_USER_PUB_KEY=${SSH_USER_PUB_KEY:=""}
138
141
139 # Advanced settings
142 # Advanced settings
140 ENABLE_MINBASE=${ENABLE_MINBASE:=false}
143 ENABLE_MINBASE=${ENABLE_MINBASE:=false}
141 ENABLE_REDUCE=${ENABLE_REDUCE:=false}
144 ENABLE_REDUCE=${ENABLE_REDUCE:=false}
142 ENABLE_UBOOT=${ENABLE_UBOOT:=false}
145 ENABLE_UBOOT=${ENABLE_UBOOT:=false}
143 UBOOTSRC_DIR=${UBOOTSRC_DIR:=""}
146 UBOOTSRC_DIR=${UBOOTSRC_DIR:=""}
144 ENABLE_FBTURBO=${ENABLE_FBTURBO:=false}
147 ENABLE_FBTURBO=${ENABLE_FBTURBO:=false}
145 ENABLE_HARDNET=${ENABLE_HARDNET:=false}
148 ENABLE_HARDNET=${ENABLE_HARDNET:=false}
146 ENABLE_IPTABLES=${ENABLE_IPTABLES:=false}
149 ENABLE_IPTABLES=${ENABLE_IPTABLES:=false}
147 ENABLE_SPLITFS=${ENABLE_SPLITFS:=false}
150 ENABLE_SPLITFS=${ENABLE_SPLITFS:=false}
148 ENABLE_INITRAMFS=${ENABLE_INITRAMFS:=false}
151 ENABLE_INITRAMFS=${ENABLE_INITRAMFS:=false}
149 ENABLE_IFNAMES=${ENABLE_IFNAMES:=true}
152 ENABLE_IFNAMES=${ENABLE_IFNAMES:=true}
150 DISABLE_UNDERVOLT_WARNINGS=${DISABLE_UNDERVOLT_WARNINGS:=}
153 DISABLE_UNDERVOLT_WARNINGS=${DISABLE_UNDERVOLT_WARNINGS:=}
151
154
152 # Kernel compilation settings
155 # Kernel compilation settings
153 BUILD_KERNEL=${BUILD_KERNEL:=false}
156 BUILD_KERNEL=${BUILD_KERNEL:=false}
154 KERNEL_REDUCE=${KERNEL_REDUCE:=false}
157 KERNEL_REDUCE=${KERNEL_REDUCE:=false}
155 KERNEL_THREADS=${KERNEL_THREADS:=1}
158 KERNEL_THREADS=${KERNEL_THREADS:=1}
156 KERNEL_HEADERS=${KERNEL_HEADERS:=true}
159 KERNEL_HEADERS=${KERNEL_HEADERS:=true}
157 KERNEL_MENUCONFIG=${KERNEL_MENUCONFIG:=false}
160 KERNEL_MENUCONFIG=${KERNEL_MENUCONFIG:=false}
158 KERNEL_REMOVESRC=${KERNEL_REMOVESRC:=true}
161 KERNEL_REMOVESRC=${KERNEL_REMOVESRC:=true}
159
162
160 # Kernel compilation from source directory settings
163 # Kernel compilation from source directory settings
161 KERNELSRC_DIR=${KERNELSRC_DIR:=""}
164 KERNELSRC_DIR=${KERNELSRC_DIR:=""}
162 KERNELSRC_CLEAN=${KERNELSRC_CLEAN:=false}
165 KERNELSRC_CLEAN=${KERNELSRC_CLEAN:=false}
163 KERNELSRC_CONFIG=${KERNELSRC_CONFIG:=true}
166 KERNELSRC_CONFIG=${KERNELSRC_CONFIG:=true}
164 KERNELSRC_PREBUILT=${KERNELSRC_PREBUILT:=false}
167 KERNELSRC_PREBUILT=${KERNELSRC_PREBUILT:=false}
165
168
166 # Reduce disk usage settings
169 # Reduce disk usage settings
167 REDUCE_APT=${REDUCE_APT:=true}
170 REDUCE_APT=${REDUCE_APT:=true}
168 REDUCE_DOC=${REDUCE_DOC:=true}
171 REDUCE_DOC=${REDUCE_DOC:=true}
169 REDUCE_MAN=${REDUCE_MAN:=true}
172 REDUCE_MAN=${REDUCE_MAN:=true}
170 REDUCE_VIM=${REDUCE_VIM:=false}
173 REDUCE_VIM=${REDUCE_VIM:=false}
171 REDUCE_BASH=${REDUCE_BASH:=false}
174 REDUCE_BASH=${REDUCE_BASH:=false}
172 REDUCE_HWDB=${REDUCE_HWDB:=true}
175 REDUCE_HWDB=${REDUCE_HWDB:=true}
173 REDUCE_SSHD=${REDUCE_SSHD:=true}
176 REDUCE_SSHD=${REDUCE_SSHD:=true}
174 REDUCE_LOCALE=${REDUCE_LOCALE:=true}
177 REDUCE_LOCALE=${REDUCE_LOCALE:=true}
175
178
176 # Encrypted filesystem settings
179 # Encrypted filesystem settings
177 ENABLE_CRYPTFS=${ENABLE_CRYPTFS:=false}
180 ENABLE_CRYPTFS=${ENABLE_CRYPTFS:=false}
178 CRYPTFS_PASSWORD=${CRYPTFS_PASSWORD:=""}
181 CRYPTFS_PASSWORD=${CRYPTFS_PASSWORD:=""}
179 CRYPTFS_MAPPING=${CRYPTFS_MAPPING:="secure"}
182 CRYPTFS_MAPPING=${CRYPTFS_MAPPING:="secure"}
180 CRYPTFS_CIPHER=${CRYPTFS_CIPHER:="aes-xts-plain64:sha512"}
183 CRYPTFS_CIPHER=${CRYPTFS_CIPHER:="aes-xts-plain64:sha512"}
181 CRYPTFS_XTSKEYSIZE=${CRYPTFS_XTSKEYSIZE:=512}
184 CRYPTFS_XTSKEYSIZE=${CRYPTFS_XTSKEYSIZE:=512}
182
185
183 # Stop the Crypto Wars
186 # Stop the Crypto Wars
184 DISABLE_FBI=${DISABLE_FBI:=false}
187 DISABLE_FBI=${DISABLE_FBI:=false}
185
188
186 # Chroot scripts directory
189 # Chroot scripts directory
187 CHROOT_SCRIPTS=${CHROOT_SCRIPTS:=""}
190 CHROOT_SCRIPTS=${CHROOT_SCRIPTS:=""}
188
191
189 # Packages required in the chroot build environment
192 # Packages required in the chroot build environment
190 APT_INCLUDES=${APT_INCLUDES:=""}
193 APT_INCLUDES=${APT_INCLUDES:=""}
191 APT_INCLUDES="${APT_INCLUDES},apt-transport-https,apt-utils,ca-certificates,debian-archive-keyring,dialog,sudo,systemd,sysvinit-utils"
194 APT_INCLUDES="${APT_INCLUDES},apt-transport-https,apt-utils,ca-certificates,debian-archive-keyring,dialog,sudo,systemd,sysvinit-utils"
192
195
193 # Packages required for bootstrapping
196 # Packages required for bootstrapping
194 REQUIRED_PACKAGES="debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git bc psmisc dbus"
197 REQUIRED_PACKAGES="debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git bc psmisc dbus"
195 MISSING_PACKAGES=""
198 MISSING_PACKAGES=""
196
199
197 set +x
200 set +x
198
201
199 # Set Raspberry Pi model specific configuration
202 # Set Raspberry Pi model specific configuration
200 if [ "$RPI_MODEL" = 2 ] ; then
203 if [ "$RPI_MODEL" = 2 ] ; then
201 DTB_FILE=${RPI2_DTB_FILE}
204 DTB_FILE=${RPI2_DTB_FILE}
202 UBOOT_CONFIG=${RPI2_UBOOT_CONFIG}
205 UBOOT_CONFIG=${RPI2_UBOOT_CONFIG}
203 elif [ "$RPI_MODEL" = 3 ] ; then
206 elif [ "$RPI_MODEL" = 3 ] ; then
204 DTB_FILE=${RPI3_DTB_FILE}
207 DTB_FILE=${RPI3_DTB_FILE}
205 UBOOT_CONFIG=${RPI3_UBOOT_CONFIG}
208 UBOOT_CONFIG=${RPI3_UBOOT_CONFIG}
206 BUILD_KERNEL=true
209 BUILD_KERNEL=true
207 else
210 else
208 echo "error: Raspberry Pi model ${RPI_MODEL} is not supported!"
211 echo "error: Raspberry Pi model ${RPI_MODEL} is not supported!"
209 exit 1
212 exit 1
210 fi
213 fi
211
214
212 # Check if the internal wireless interface is supported by the RPi model
215 # Check if the internal wireless interface is supported by the RPi model
213 if [ "$ENABLE_WIRELESS" = true ] && [ "$RPI_MODEL" != 3 ] ; then
216 if [ "$ENABLE_WIRELESS" = true ] && [ "$RPI_MODEL" != 3 ] ; then
214 echo "error: The selected Raspberry Pi model has no internal wireless interface"
217 echo "error: The selected Raspberry Pi model has no internal wireless interface"
215 exit 1
218 exit 1
216 fi
219 fi
217
220
218 # Check if DISABLE_UNDERVOLT_WARNINGS parameter value is supported
221 # Check if DISABLE_UNDERVOLT_WARNINGS parameter value is supported
219 if [ ! -z "$DISABLE_UNDERVOLT_WARNINGS" ] ; then
222 if [ ! -z "$DISABLE_UNDERVOLT_WARNINGS" ] ; then
220 if [ "$DISABLE_UNDERVOLT_WARNINGS" != 1 ] && [ "$DISABLE_UNDERVOLT_WARNINGS" != 2 ] ; then
223 if [ "$DISABLE_UNDERVOLT_WARNINGS" != 1 ] && [ "$DISABLE_UNDERVOLT_WARNINGS" != 2 ] ; then
221 echo "error: DISABLE_UNDERVOLT_WARNINGS=${DISABLE_UNDERVOLT_WARNINGS} is not supported"
224 echo "error: DISABLE_UNDERVOLT_WARNINGS=${DISABLE_UNDERVOLT_WARNINGS} is not supported"
222 exit 1
225 exit 1
223 fi
226 fi
224 fi
227 fi
225
228
226 # Set compiler packages and build RPi2/3 Linux kernel if required by Debian release
229 # Set compiler packages and build RPi2/3 Linux kernel if required by Debian release
227 if [ "$RELEASE" = "jessie" ] ; then
230 if [ "$RELEASE" = "jessie" ] ; then
228 COMPILER_PACKAGES="linux-compiler-gcc-4.8-arm g++ make bc"
231 COMPILER_PACKAGES="linux-compiler-gcc-4.8-arm g++ make bc"
229 elif [ "$RELEASE" = "stretch" ] ; then
232 elif [ "$RELEASE" = "stretch" ] ; then
230 COMPILER_PACKAGES="g++ make bc"
233 COMPILER_PACKAGES="g++ make bc"
231 BUILD_KERNEL=true
234 BUILD_KERNEL=true
232 else
235 else
233 echo "error: Debian release ${RELEASE} is not supported!"
236 echo "error: Debian release ${RELEASE} is not supported!"
234 exit 1
237 exit 1
235 fi
238 fi
236
239
237 # Add packages required for kernel cross compilation
240 # Add packages required for kernel cross compilation
238 if [ "$BUILD_KERNEL" = true ] ; then
241 if [ "$BUILD_KERNEL" = true ] ; then
239 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-armhf"
242 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-armhf"
240 fi
243 fi
241
244
242 # Add libncurses5 to enable kernel menuconfig
245 # Add libncurses5 to enable kernel menuconfig
243 if [ "$KERNEL_MENUCONFIG" = true ] ; then
246 if [ "$KERNEL_MENUCONFIG" = true ] ; then
244 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} libncurses5-dev"
247 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} libncurses5-dev"
245 fi
248 fi
246
249
247 # Stop the Crypto Wars
250 # Stop the Crypto Wars
248 if [ "$DISABLE_FBI" = true ] ; then
251 if [ "$DISABLE_FBI" = true ] ; then
249 ENABLE_CRYPTFS=true
252 ENABLE_CRYPTFS=true
250 fi
253 fi
251
254
252 # Add cryptsetup package to enable filesystem encryption
255 # Add cryptsetup package to enable filesystem encryption
253 if [ "$ENABLE_CRYPTFS" = true ] && [ "$BUILD_KERNEL" = true ] ; then
256 if [ "$ENABLE_CRYPTFS" = true ] && [ "$BUILD_KERNEL" = true ] ; then
254 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} cryptsetup"
257 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} cryptsetup"
255 APT_INCLUDES="${APT_INCLUDES},cryptsetup"
258 APT_INCLUDES="${APT_INCLUDES},cryptsetup"
256
259
257 if [ -z "$CRYPTFS_PASSWORD" ] ; then
260 if [ -z "$CRYPTFS_PASSWORD" ] ; then
258 echo "error: no password defined (CRYPTFS_PASSWORD)!"
261 echo "error: no password defined (CRYPTFS_PASSWORD)!"
259 exit 1
262 exit 1
260 fi
263 fi
261 ENABLE_INITRAMFS=true
264 ENABLE_INITRAMFS=true
262 fi
265 fi
263
266
264 # Add initramfs generation tools
267 # Add initramfs generation tools
265 if [ "$ENABLE_INITRAMFS" = true ] && [ "$BUILD_KERNEL" = true ] ; then
268 if [ "$ENABLE_INITRAMFS" = true ] && [ "$BUILD_KERNEL" = true ] ; then
266 APT_INCLUDES="${APT_INCLUDES},initramfs-tools"
269 APT_INCLUDES="${APT_INCLUDES},initramfs-tools"
267 fi
270 fi
268
271
269 # Add device-tree-compiler required for building the U-Boot bootloader
272 # Add device-tree-compiler required for building the U-Boot bootloader
270 if [ "$ENABLE_UBOOT" = true ] ; then
273 if [ "$ENABLE_UBOOT" = true ] ; then
271 APT_INCLUDES="${APT_INCLUDES},device-tree-compiler"
274 APT_INCLUDES="${APT_INCLUDES},device-tree-compiler"
272 fi
275 fi
273
276
274 # Check if root SSH (v2) public key file exists
277 # Check if root SSH (v2) public key file exists
275 if [ ! -z "$SSH_ROOT_PUB_KEY" ] ; then
278 if [ ! -z "$SSH_ROOT_PUB_KEY" ] ; then
276 if [ ! -f "$SSH_ROOT_PUB_KEY" ] ; then
279 if [ ! -f "$SSH_ROOT_PUB_KEY" ] ; then
277 echo "error: '$SSH_ROOT_PUB_KEY' specified SSH public key file not found (SSH_ROOT_PUB_KEY)!"
280 echo "error: '$SSH_ROOT_PUB_KEY' specified SSH public key file not found (SSH_ROOT_PUB_KEY)!"
278 exit 1
281 exit 1
279 fi
282 fi
280 fi
283 fi
281
284
282 # Check if $USER_NAME SSH (v2) public key file exists
285 # Check if $USER_NAME SSH (v2) public key file exists
283 if [ ! -z "$SSH_USER_PUB_KEY" ] ; then
286 if [ ! -z "$SSH_USER_PUB_KEY" ] ; then
284 if [ ! -f "$SSH_USER_PUB_KEY" ] ; then
287 if [ ! -f "$SSH_USER_PUB_KEY" ] ; then
285 echo "error: '$SSH_USER_PUB_KEY' specified SSH public key file not found (SSH_USER_PUB_KEY)!"
288 echo "error: '$SSH_USER_PUB_KEY' specified SSH public key file not found (SSH_USER_PUB_KEY)!"
286 exit 1
289 exit 1
287 fi
290 fi
288 fi
291 fi
289
292
290 # Check if all required packages are installed on the build system
293 # Check if all required packages are installed on the build system
291 for package in $REQUIRED_PACKAGES ; do
294 for package in $REQUIRED_PACKAGES ; do
292 if [ "`dpkg-query -W -f='${Status}' $package`" != "install ok installed" ] ; then
295 if [ "`dpkg-query -W -f='${Status}' $package`" != "install ok installed" ] ; then
293 MISSING_PACKAGES="${MISSING_PACKAGES} $package"
296 MISSING_PACKAGES="${MISSING_PACKAGES} $package"
294 fi
297 fi
295 done
298 done
296
299
297 # If there are missing packages ask confirmation for install, or exit
300 # If there are missing packages ask confirmation for install, or exit
298 if [ -n "$MISSING_PACKAGES" ] ; then
301 if [ -n "$MISSING_PACKAGES" ] ; then
299 echo "the following packages needed by this script are not installed:"
302 echo "the following packages needed by this script are not installed:"
300 echo "$MISSING_PACKAGES"
303 echo "$MISSING_PACKAGES"
301
304
302 echo -n "\ndo you want to install the missing packages right now? [y/n] "
305 echo -n "\ndo you want to install the missing packages right now? [y/n] "
303 read confirm
306 read confirm
304 [ "$confirm" != "y" ] && exit 1
307 [ "$confirm" != "y" ] && exit 1
305
308
306 # Make sure all missing required packages are installed
309 # Make sure all missing required packages are installed
307 apt-get -qq -y install ${MISSING_PACKAGES}
310 apt-get -qq -y install ${MISSING_PACKAGES}
308 fi
311 fi
309
312
310 # Check if ./bootstrap.d directory exists
313 # Check if ./bootstrap.d directory exists
311 if [ ! -d "./bootstrap.d/" ] ; then
314 if [ ! -d "./bootstrap.d/" ] ; then
312 echo "error: './bootstrap.d' required directory not found!"
315 echo "error: './bootstrap.d' required directory not found!"
313 exit 1
316 exit 1
314 fi
317 fi
315
318
316 # Check if ./files directory exists
319 # Check if ./files directory exists
317 if [ ! -d "./files/" ] ; then
320 if [ ! -d "./files/" ] ; then
318 echo "error: './files' required directory not found!"
321 echo "error: './files' required directory not found!"
319 exit 1
322 exit 1
320 fi
323 fi
321
324
322 # Check if specified KERNELSRC_DIR directory exists
325 # Check if specified KERNELSRC_DIR directory exists
323 if [ -n "$KERNELSRC_DIR" ] && [ ! -d "$KERNELSRC_DIR" ] ; then
326 if [ -n "$KERNELSRC_DIR" ] && [ ! -d "$KERNELSRC_DIR" ] ; then
324 echo "error: '${KERNELSRC_DIR}' specified directory not found (KERNELSRC_DIR)!"
327 echo "error: '${KERNELSRC_DIR}' specified directory not found (KERNELSRC_DIR)!"
325 exit 1
328 exit 1
326 fi
329 fi
327
330
328 # Check if specified UBOOTSRC_DIR directory exists
331 # Check if specified UBOOTSRC_DIR directory exists
329 if [ -n "$UBOOTSRC_DIR" ] && [ ! -d "$UBOOTSRC_DIR" ] ; then
332 if [ -n "$UBOOTSRC_DIR" ] && [ ! -d "$UBOOTSRC_DIR" ] ; then
330 echo "error: '${UBOOTSRC_DIR}' specified directory not found (UBOOTSRC_DIR)!"
333 echo "error: '${UBOOTSRC_DIR}' specified directory not found (UBOOTSRC_DIR)!"
331 exit 1
334 exit 1
332 fi
335 fi
333
336
334 # Check if specified CHROOT_SCRIPTS directory exists
337 # Check if specified CHROOT_SCRIPTS directory exists
335 if [ -n "$CHROOT_SCRIPTS" ] && [ ! -d "$CHROOT_SCRIPTS" ] ; then
338 if [ -n "$CHROOT_SCRIPTS" ] && [ ! -d "$CHROOT_SCRIPTS" ] ; then
336 echo "error: ${CHROOT_SCRIPTS} specified directory not found (CHROOT_SCRIPTS)!"
339 echo "error: ${CHROOT_SCRIPTS} specified directory not found (CHROOT_SCRIPTS)!"
337 exit 1
340 exit 1
338 fi
341 fi
339
342
340 # Check if specified device mapping already exists (will be used by cryptsetup)
343 # Check if specified device mapping already exists (will be used by cryptsetup)
341 if [ -r "/dev/mapping/${CRYPTFS_MAPPING}" ] ; then
344 if [ -r "/dev/mapping/${CRYPTFS_MAPPING}" ] ; then
342 echo "error: mapping /dev/mapping/${CRYPTFS_MAPPING} already exists, not proceeding"
345 echo "error: mapping /dev/mapping/${CRYPTFS_MAPPING} already exists, not proceeding"
343 exit 1
346 exit 1
344 fi
347 fi
345
348
346 # Don't clobber an old build
349 # Don't clobber an old build
347 if [ -e "$BUILDDIR" ] ; then
350 if [ -e "$BUILDDIR" ] ; then
348 echo "error: directory ${BUILDDIR} already exists, not proceeding"
351 echo "error: directory ${BUILDDIR} already exists, not proceeding"
349 exit 1
352 exit 1
350 fi
353 fi
351
354
352 # Setup chroot directory
355 # Setup chroot directory
353 mkdir -p "${R}"
356 mkdir -p "${R}"
354
357
355 # Check if build directory has enough of free disk space >512MB
358 # Check if build directory has enough of free disk space >512MB
356 if [ "$(df --output=avail ${BUILDDIR} | sed "1d")" -le "524288" ] ; then
359 if [ "$(df --output=avail ${BUILDDIR} | sed "1d")" -le "524288" ] ; then
357 echo "error: ${BUILDDIR} not enough space left to generate the output image!"
360 echo "error: ${BUILDDIR} not enough space left to generate the output image!"
358 exit 1
361 exit 1
359 fi
362 fi
360
363
361 set -x
364 set -x
362
365
363 # Call "cleanup" function on various signals and errors
366 # Call "cleanup" function on various signals and errors
364 trap cleanup 0 1 2 3 6
367 trap cleanup 0 1 2 3 6
365
368
366 # Add required packages for the minbase installation
369 # Add required packages for the minbase installation
367 if [ "$ENABLE_MINBASE" = true ] ; then
370 if [ "$ENABLE_MINBASE" = true ] ; then
368 APT_INCLUDES="${APT_INCLUDES},vim-tiny,netbase,net-tools,ifupdown"
371 APT_INCLUDES="${APT_INCLUDES},vim-tiny,netbase,net-tools,ifupdown"
369 fi
372 fi
370
373
371 # Add required locales packages
374 # Add required locales packages
372 if [ "$DEFLOCAL" != "en_US.UTF-8" ] ; then
375 if [ "$DEFLOCAL" != "en_US.UTF-8" ] ; then
373 APT_INCLUDES="${APT_INCLUDES},locales,keyboard-configuration,console-setup"
376 APT_INCLUDES="${APT_INCLUDES},locales,keyboard-configuration,console-setup"
374 fi
377 fi
375
378
376 # Add parted package, required to get partprobe utility
379 # Add parted package, required to get partprobe utility
377 if [ "$EXPANDROOT" = true ] ; then
380 if [ "$EXPANDROOT" = true ] ; then
378 APT_INCLUDES="${APT_INCLUDES},parted"
381 APT_INCLUDES="${APT_INCLUDES},parted"
379 fi
382 fi
380
383
381 # Add dbus package, recommended if using systemd
384 # Add dbus package, recommended if using systemd
382 if [ "$ENABLE_DBUS" = true ] ; then
385 if [ "$ENABLE_DBUS" = true ] ; then
383 APT_INCLUDES="${APT_INCLUDES},dbus"
386 APT_INCLUDES="${APT_INCLUDES},dbus"
384 fi
387 fi
385
388
386 # Add iptables IPv4/IPv6 package
389 # Add iptables IPv4/IPv6 package
387 if [ "$ENABLE_IPTABLES" = true ] ; then
390 if [ "$ENABLE_IPTABLES" = true ] ; then
388 APT_INCLUDES="${APT_INCLUDES},iptables"
391 APT_INCLUDES="${APT_INCLUDES},iptables"
389 fi
392 fi
390
393
391 # Add openssh server package
394 # Add openssh server package
392 if [ "$ENABLE_SSHD" = true ] ; then
395 if [ "$ENABLE_SSHD" = true ] ; then
393 APT_INCLUDES="${APT_INCLUDES},openssh-server"
396 APT_INCLUDES="${APT_INCLUDES},openssh-server"
394 fi
397 fi
395
398
396 # Add alsa-utils package
399 # Add alsa-utils package
397 if [ "$ENABLE_SOUND" = true ] ; then
400 if [ "$ENABLE_SOUND" = true ] ; then
398 APT_INCLUDES="${APT_INCLUDES},alsa-utils"
401 APT_INCLUDES="${APT_INCLUDES},alsa-utils"
399 fi
402 fi
400
403
401 # Add rng-tools package
404 # Add rng-tools package
402 if [ "$ENABLE_HWRANDOM" = true ] ; then
405 if [ "$ENABLE_HWRANDOM" = true ] ; then
403 APT_INCLUDES="${APT_INCLUDES},rng-tools"
406 APT_INCLUDES="${APT_INCLUDES},rng-tools"
404 fi
407 fi
405
408
406 # Add fbturbo video driver
409 # Add fbturbo video driver
407 if [ "$ENABLE_FBTURBO" = true ] ; then
410 if [ "$ENABLE_FBTURBO" = true ] ; then
408 # Enable xorg package dependencies
411 # Enable xorg package dependencies
409 ENABLE_XORG=true
412 ENABLE_XORG=true
410 fi
413 fi
411
414
412 # Add user defined window manager package
415 # Add user defined window manager package
413 if [ -n "$ENABLE_WM" ] ; then
416 if [ -n "$ENABLE_WM" ] ; then
414 APT_INCLUDES="${APT_INCLUDES},${ENABLE_WM}"
417 APT_INCLUDES="${APT_INCLUDES},${ENABLE_WM}"
415
418
416 # Enable xorg package dependencies
419 # Enable xorg package dependencies
417 ENABLE_XORG=true
420 ENABLE_XORG=true
418 fi
421 fi
419
422
420 # Add xorg package
423 # Add xorg package
421 if [ "$ENABLE_XORG" = true ] ; then
424 if [ "$ENABLE_XORG" = true ] ; then
422 APT_INCLUDES="${APT_INCLUDES},xorg"
425 APT_INCLUDES="${APT_INCLUDES},xorg"
423 fi
426 fi
424
427
425 # Replace selected packages with smaller clones
428 # Replace selected packages with smaller clones
426 if [ "$ENABLE_REDUCE" = true ] ; then
429 if [ "$ENABLE_REDUCE" = true ] ; then
427 # Add levee package instead of vim-tiny
430 # Add levee package instead of vim-tiny
428 if [ "$REDUCE_VIM" = true ] ; then
431 if [ "$REDUCE_VIM" = true ] ; then
429 APT_INCLUDES="$(echo ${APT_INCLUDES} | sed "s/vim-tiny/levee/")"
432 APT_INCLUDES="$(echo ${APT_INCLUDES} | sed "s/vim-tiny/levee/")"
430 fi
433 fi
431
434
432 # Add dropbear package instead of openssh-server
435 # Add dropbear package instead of openssh-server
433 if [ "$REDUCE_SSHD" = true ] ; then
436 if [ "$REDUCE_SSHD" = true ] ; then
434 APT_INCLUDES="$(echo ${APT_INCLUDES} | sed "s/openssh-server/dropbear/")"
437 APT_INCLUDES="$(echo ${APT_INCLUDES} | sed "s/openssh-server/dropbear/")"
435 fi
438 fi
436 fi
439 fi
437
440
438 # Configure kernel sources if no KERNELSRC_DIR
441 # Configure kernel sources if no KERNELSRC_DIR
439 if [ "$BUILD_KERNEL" = true ] && [ -z "$KERNELSRC_DIR" ] ; then
442 if [ "$BUILD_KERNEL" = true ] && [ -z "$KERNELSRC_DIR" ] ; then
440 KERNELSRC_CONFIG=true
443 KERNELSRC_CONFIG=true
441 fi
444 fi
442
445
443 # Configure reduced kernel
446 # Configure reduced kernel
444 if [ "$KERNEL_REDUCE" = true ] ; then
447 if [ "$KERNEL_REDUCE" = true ] ; then
445 KERNELSRC_CONFIG=false
448 KERNELSRC_CONFIG=false
446 fi
449 fi
447
450
448 # Execute bootstrap scripts
451 # Execute bootstrap scripts
449 for SCRIPT in bootstrap.d/*.sh; do
452 for SCRIPT in bootstrap.d/*.sh; do
450 head -n 3 "$SCRIPT"
453 head -n 3 "$SCRIPT"
451 . "$SCRIPT"
454 . "$SCRIPT"
452 done
455 done
453
456
454 ## Execute custom bootstrap scripts
457 ## Execute custom bootstrap scripts
455 if [ -d "custom.d" ] ; then
458 if [ -d "custom.d" ] ; then
456 for SCRIPT in custom.d/*.sh; do
459 for SCRIPT in custom.d/*.sh; do
457 . "$SCRIPT"
460 . "$SCRIPT"
458 done
461 done
459 fi
462 fi
460
463
461 # Execute custom scripts inside the chroot
464 # Execute custom scripts inside the chroot
462 if [ -n "$CHROOT_SCRIPTS" ] && [ -d "$CHROOT_SCRIPTS" ] ; then
465 if [ -n "$CHROOT_SCRIPTS" ] && [ -d "$CHROOT_SCRIPTS" ] ; then
463 cp -r "${CHROOT_SCRIPTS}" "${R}/chroot_scripts"
466 cp -r "${CHROOT_SCRIPTS}" "${R}/chroot_scripts"
464 chroot_exec /bin/bash -x <<'EOF'
467 chroot_exec /bin/bash -x <<'EOF'
465 for SCRIPT in /chroot_scripts/* ; do
468 for SCRIPT in /chroot_scripts/* ; do
466 if [ -f $SCRIPT -a -x $SCRIPT ] ; then
469 if [ -f $SCRIPT -a -x $SCRIPT ] ; then
467 $SCRIPT
470 $SCRIPT
468 fi
471 fi
469 done
472 done
470 EOF
473 EOF
471 rm -rf "${R}/chroot_scripts"
474 rm -rf "${R}/chroot_scripts"
472 fi
475 fi
473
476
474 # Remove apt-utils
477 # Remove apt-utils
475 if [ "$RELEASE" = "jessie" ] ; then
478 if [ "$RELEASE" = "jessie" ] ; then
476 chroot_exec apt-get purge -qq -y --force-yes apt-utils
479 chroot_exec apt-get purge -qq -y --force-yes apt-utils
477 fi
480 fi
478
481
479 # Generate required machine-id
482 # Generate required machine-id
480 MACHINE_ID=$(dbus-uuidgen)
483 MACHINE_ID=$(dbus-uuidgen)
481 echo -n "${MACHINE_ID}" > "${R}/var/lib/dbus/machine-id"
484 echo -n "${MACHINE_ID}" > "${R}/var/lib/dbus/machine-id"
482 echo -n "${MACHINE_ID}" > "${ETC_DIR}/machine-id"
485 echo -n "${MACHINE_ID}" > "${ETC_DIR}/machine-id"
483
486
484 # APT Cleanup
487 # APT Cleanup
485 chroot_exec apt-get -y clean
488 chroot_exec apt-get -y clean
486 chroot_exec apt-get -y autoclean
489 chroot_exec apt-get -y autoclean
487 chroot_exec apt-get -y autoremove
490 chroot_exec apt-get -y autoremove
488
491
489 # Unmount mounted filesystems
492 # Unmount mounted filesystems
490 umount -l "${R}/proc"
493 umount -l "${R}/proc"
491 umount -l "${R}/sys"
494 umount -l "${R}/sys"
492
495
493 # Clean up directories
496 # Clean up directories
494 rm -rf "${R}/run/*"
497 rm -rf "${R}/run/*"
495 rm -rf "${R}/tmp/*"
498 rm -rf "${R}/tmp/*"
496
499
497 # Clean up files
500 # Clean up files
498 rm -f "${ETC_DIR}/ssh/ssh_host_*"
501 rm -f "${ETC_DIR}/ssh/ssh_host_*"
499 rm -f "${ETC_DIR}/dropbear/dropbear_*"
502 rm -f "${ETC_DIR}/dropbear/dropbear_*"
500 rm -f "${ETC_DIR}/apt/sources.list.save"
503 rm -f "${ETC_DIR}/apt/sources.list.save"
501 rm -f "${ETC_DIR}/resolvconf/resolv.conf.d/original"
504 rm -f "${ETC_DIR}/resolvconf/resolv.conf.d/original"
502 rm -f "${ETC_DIR}/*-"
505 rm -f "${ETC_DIR}/*-"
503 rm -f "${ETC_DIR}/apt/apt.conf.d/10proxy"
506 rm -f "${ETC_DIR}/apt/apt.conf.d/10proxy"
504 rm -f "${ETC_DIR}/resolv.conf"
507 rm -f "${ETC_DIR}/resolv.conf"
505 rm -f "${R}/root/.bash_history"
508 rm -f "${R}/root/.bash_history"
506 rm -f "${R}/var/lib/urandom/random-seed"
509 rm -f "${R}/var/lib/urandom/random-seed"
507 rm -f "${R}/initrd.img"
510 rm -f "${R}/initrd.img"
508 rm -f "${R}/vmlinuz"
511 rm -f "${R}/vmlinuz"
509 rm -f "${R}${QEMU_BINARY}"
512 rm -f "${R}${QEMU_BINARY}"
510
513
511 # Calculate size of the chroot directory in KB
514 # Calculate size of the chroot directory in KB
512 CHROOT_SIZE=$(expr `du -s "${R}" | awk '{ print $1 }'`)
515 CHROOT_SIZE=$(expr `du -s "${R}" | awk '{ print $1 }'`)
513
516
514 # Calculate the amount of needed 512 Byte sectors
517 # Calculate the amount of needed 512 Byte sectors
515 TABLE_SECTORS=$(expr 1 \* 1024 \* 1024 \/ 512)
518 TABLE_SECTORS=$(expr 1 \* 1024 \* 1024 \/ 512)
516 FRMW_SECTORS=$(expr 64 \* 1024 \* 1024 \/ 512)
519 FRMW_SECTORS=$(expr 64 \* 1024 \* 1024 \/ 512)
517 ROOT_OFFSET=$(expr ${TABLE_SECTORS} + ${FRMW_SECTORS})
520 ROOT_OFFSET=$(expr ${TABLE_SECTORS} + ${FRMW_SECTORS})
518
521
519 # The root partition is EXT4
522 # The root partition is EXT4
520 # This means more space than the actual used space of the chroot is used.
523 # This means more space than the actual used space of the chroot is used.
521 # As overhead for journaling and reserved blocks 25% are added.
524 # As overhead for journaling and reserved blocks 25% are added.
522 ROOT_SECTORS=$(expr $(expr ${CHROOT_SIZE} + ${CHROOT_SIZE} \/ 100 \* 25) \* 1024 \/ 512)
525 ROOT_SECTORS=$(expr $(expr ${CHROOT_SIZE} + ${CHROOT_SIZE} \/ 100 \* 25) \* 1024 \/ 512)
523
526
524 # Calculate required image size in 512 Byte sectors
527 # Calculate required image size in 512 Byte sectors
525 IMAGE_SECTORS=$(expr ${TABLE_SECTORS} + ${FRMW_SECTORS} + ${ROOT_SECTORS})
528 IMAGE_SECTORS=$(expr ${TABLE_SECTORS} + ${FRMW_SECTORS} + ${ROOT_SECTORS})
526
529
527 # Prepare date string for image file name
528 DATE="$(date +%Y-%m-%d)"
529
530 # Prepare image file
530 # Prepare image file
531 if [ "$ENABLE_SPLITFS" = true ] ; then
531 if [ "$ENABLE_SPLITFS" = true ] ; then
532 dd if=/dev/zero of="$BASEDIR/${DATE}-rpi${RPI_MODEL}-${RELEASE}-frmw.img" bs=512 count=${TABLE_SECTORS}
532 dd if=/dev/zero of="$IMAGE_NAME-frmw.img" bs=512 count=${TABLE_SECTORS}
533 dd if=/dev/zero of="$BASEDIR/${DATE}-rpi${RPI_MODEL}-${RELEASE}-frmw.img" bs=512 count=0 seek=${FRMW_SECTORS}
533 dd if=/dev/zero of="$IMAGE_NAME-frmw.img" bs=512 count=0 seek=${FRMW_SECTORS}
534 dd if=/dev/zero of="$BASEDIR/${DATE}-rpi${RPI_MODEL}-${RELEASE}-root.img" bs=512 count=${TABLE_SECTORS}
534 dd if=/dev/zero of="$IMAGE_NAME-root.img" bs=512 count=${TABLE_SECTORS}
535 dd if=/dev/zero of="$BASEDIR/${DATE}-rpi${RPI_MODEL}-${RELEASE}-root.img" bs=512 count=0 seek=${ROOT_SECTORS}
535 dd if=/dev/zero of="$IMAGE_NAME-root.img" bs=512 count=0 seek=${ROOT_SECTORS}
536
536
537 # Write firmware/boot partition tables
537 # Write firmware/boot partition tables
538 sfdisk -q -L -uS -f "$BASEDIR/${DATE}-rpi${RPI_MODEL}-${RELEASE}-frmw.img" 2> /dev/null <<EOM
538 sfdisk -q -L -uS -f "$IMAGE_NAME-frmw.img" 2> /dev/null <<EOM
539 ${TABLE_SECTORS},${FRMW_SECTORS},c,*
539 ${TABLE_SECTORS},${FRMW_SECTORS},c,*
540 EOM
540 EOM
541
541
542 # Write root partition table
542 # Write root partition table
543 sfdisk -q -L -uS -f "$BASEDIR/${DATE}-rpi${RPI_MODEL}-${RELEASE}-root.img" 2> /dev/null <<EOM
543 sfdisk -q -L -uS -f "$IMAGE_NAME-root.img" 2> /dev/null <<EOM
544 ${TABLE_SECTORS},${ROOT_SECTORS},83
544 ${TABLE_SECTORS},${ROOT_SECTORS},83
545 EOM
545 EOM
546
546
547 # Setup temporary loop devices
547 # Setup temporary loop devices
548 FRMW_LOOP="$(losetup -o 1M --sizelimit 64M -f --show $BASEDIR/${DATE}-rpi${RPI_MODEL}-${RELEASE}-frmw.img)"
548 FRMW_LOOP="$(losetup -o 1M --sizelimit 64M -f --show $IMAGE_NAME-frmw.img)"
549 ROOT_LOOP="$(losetup -o 1M -f --show $BASEDIR/${DATE}-rpi${RPI_MODEL}-${RELEASE}-root.img)"
549 ROOT_LOOP="$(losetup -o 1M -f --show $IMAGE_NAME-root.img)"
550 else # ENABLE_SPLITFS=false
550 else # ENABLE_SPLITFS=false
551 dd if=/dev/zero of="$BASEDIR/${DATE}-rpi${RPI_MODEL}-${RELEASE}.img" bs=512 count=${TABLE_SECTORS}
551 dd if=/dev/zero of="$IMAGE_NAME.img" bs=512 count=${TABLE_SECTORS}
552 dd if=/dev/zero of="$BASEDIR/${DATE}-rpi${RPI_MODEL}-${RELEASE}.img" bs=512 count=0 seek=${IMAGE_SECTORS}
552 dd if=/dev/zero of="$IMAGE_NAME.img" bs=512 count=0 seek=${IMAGE_SECTORS}
553
553
554 # Write partition table
554 # Write partition table
555 sfdisk -q -L -uS -f "$BASEDIR/${DATE}-rpi${RPI_MODEL}-${RELEASE}.img" 2> /dev/null <<EOM
555 sfdisk -q -L -uS -f "$IMAGE_NAME.img" 2> /dev/null <<EOM
556 ${TABLE_SECTORS},${FRMW_SECTORS},c,*
556 ${TABLE_SECTORS},${FRMW_SECTORS},c,*
557 ${ROOT_OFFSET},${ROOT_SECTORS},83
557 ${ROOT_OFFSET},${ROOT_SECTORS},83
558 EOM
558 EOM
559
559
560 # Setup temporary loop devices
560 # Setup temporary loop devices
561 FRMW_LOOP="$(losetup -o 1M --sizelimit 64M -f --show $BASEDIR/${DATE}-rpi${RPI_MODEL}-${RELEASE}.img)"
561 FRMW_LOOP="$(losetup -o 1M --sizelimit 64M -f --show $IMAGE_NAME.img)"
562 ROOT_LOOP="$(losetup -o 65M -f --show $BASEDIR/${DATE}-rpi${RPI_MODEL}-${RELEASE}.img)"
562 ROOT_LOOP="$(losetup -o 65M -f --show $IMAGE_NAME.img)"
563 fi
563 fi
564
564
565 if [ "$ENABLE_CRYPTFS" = true ] ; then
565 if [ "$ENABLE_CRYPTFS" = true ] ; then
566 # Create dummy ext4 fs
566 # Create dummy ext4 fs
567 mkfs.ext4 "$ROOT_LOOP"
567 mkfs.ext4 "$ROOT_LOOP"
568
568
569 # Setup password keyfile
569 # Setup password keyfile
570 echo -n ${CRYPTFS_PASSWORD} > .password
570 echo -n ${CRYPTFS_PASSWORD} > .password
571 chmod 600 .password
571 chmod 600 .password
572
572
573 # Initialize encrypted partition
573 # Initialize encrypted partition
574 echo "YES" | cryptsetup luksFormat "${ROOT_LOOP}" -c "${CRYPTFS_CIPHER}" -s "${CRYPTFS_XTSKEYSIZE}" .password
574 echo "YES" | cryptsetup luksFormat "${ROOT_LOOP}" -c "${CRYPTFS_CIPHER}" -s "${CRYPTFS_XTSKEYSIZE}" .password
575
575
576 # Open encrypted partition and setup mapping
576 # Open encrypted partition and setup mapping
577 cryptsetup luksOpen "${ROOT_LOOP}" -d .password "${CRYPTFS_MAPPING}"
577 cryptsetup luksOpen "${ROOT_LOOP}" -d .password "${CRYPTFS_MAPPING}"
578
578
579 # Secure delete password keyfile
579 # Secure delete password keyfile
580 shred -zu .password
580 shred -zu .password
581
581
582 # Update temporary loop device
582 # Update temporary loop device
583 ROOT_LOOP="/dev/mapper/${CRYPTFS_MAPPING}"
583 ROOT_LOOP="/dev/mapper/${CRYPTFS_MAPPING}"
584
584
585 # Wipe encrypted partition (encryption cipher is used for randomness)
585 # Wipe encrypted partition (encryption cipher is used for randomness)
586 dd if=/dev/zero of="${ROOT_LOOP}" bs=512 count=$(blockdev --getsz "${ROOT_LOOP}")
586 dd if=/dev/zero of="${ROOT_LOOP}" bs=512 count=$(blockdev --getsz "${ROOT_LOOP}")
587 fi
587 fi
588
588
589 # Build filesystems
589 # Build filesystems
590 mkfs.vfat "$FRMW_LOOP"
590 mkfs.vfat "$FRMW_LOOP"
591 mkfs.ext4 "$ROOT_LOOP"
591 mkfs.ext4 "$ROOT_LOOP"
592
592
593 # Mount the temporary loop devices
593 # Mount the temporary loop devices
594 mkdir -p "$BUILDDIR/mount"
594 mkdir -p "$BUILDDIR/mount"
595 mount "$ROOT_LOOP" "$BUILDDIR/mount"
595 mount "$ROOT_LOOP" "$BUILDDIR/mount"
596
596
597 mkdir -p "$BUILDDIR/mount/boot/firmware"
597 mkdir -p "$BUILDDIR/mount/boot/firmware"
598 mount "$FRMW_LOOP" "$BUILDDIR/mount/boot/firmware"
598 mount "$FRMW_LOOP" "$BUILDDIR/mount/boot/firmware"
599
599
600 # Copy all files from the chroot to the loop device mount point directory
600 # Copy all files from the chroot to the loop device mount point directory
601 rsync -a "${R}/" "$BUILDDIR/mount/"
601 rsync -a "${R}/" "$BUILDDIR/mount/"
602
602
603 # Unmount all temporary loop devices and mount points
603 # Unmount all temporary loop devices and mount points
604 cleanup
604 cleanup
605
605
606 # Create block map file(s) of image(s)
606 # Create block map file(s) of image(s)
607 if [ "$ENABLE_SPLITFS" = true ] ; then
607 if [ "$ENABLE_SPLITFS" = true ] ; then
608 # Create block map files for "bmaptool"
608 # Create block map files for "bmaptool"
609 bmaptool create -o "$BASEDIR/${DATE}-rpi${RPI_MODEL}-${RELEASE}-frmw.bmap" "$BASEDIR/${DATE}-rpi${RPI_MODEL}-${RELEASE}-frmw.img"
609 bmaptool create -o "$IMAGE_NAME-frmw.bmap" "$IMAGE_NAME-frmw.img"
610 bmaptool create -o "$BASEDIR/${DATE}-rpi${RPI_MODEL}-${RELEASE}-root.bmap" "$BASEDIR/${DATE}-rpi${RPI_MODEL}-${RELEASE}-root.img"
610 bmaptool create -o "$IMAGE_NAME-root.bmap" "$IMAGE_NAME-root.img"
611
611
612 # Image was successfully created
612 # Image was successfully created
613 echo "$BASEDIR/${DATE}-rpi${RPI_MODEL}-${RELEASE}-frmw.img ($(expr \( ${TABLE_SECTORS} + ${FRMW_SECTORS} \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
613 echo "$IMAGE_NAME-frmw.img ($(expr \( ${TABLE_SECTORS} + ${FRMW_SECTORS} \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
614 echo "$BASEDIR/${DATE}-rpi${RPI_MODEL}-${RELEASE}-root.img ($(expr \( ${TABLE_SECTORS} + ${ROOT_SECTORS} \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
614 echo "$IMAGE_NAME-root.img ($(expr \( ${TABLE_SECTORS} + ${ROOT_SECTORS} \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
615 else
615 else
616 # Create block map file for "bmaptool"
616 # Create block map file for "bmaptool"
617 bmaptool create -o "$BASEDIR/${DATE}-rpi${RPI_MODEL}-${RELEASE}.bmap" "$BASEDIR/${DATE}-rpi${RPI_MODEL}-${RELEASE}.img"
617 bmaptool create -o "$IMAGE_NAME.bmap" "$IMAGE_NAME.img"
618
618
619 # Image was successfully created
619 # Image was successfully created
620 echo "$BASEDIR/${DATE}-rpi${RPI_MODEL}-${RELEASE}.img ($(expr \( ${TABLE_SECTORS} + ${FRMW_SECTORS} + ${ROOT_SECTORS} \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
620 echo "$IMAGE_NAME.img ($(expr \( ${TABLE_SECTORS} + ${FRMW_SECTORS} + ${ROOT_SECTORS} \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
621 fi
621 fi
General Comments 0
Vous devez vous connecter pour laisser un commentaire. Se connecter maintenant